From aa5ab2dc7526f5530545c9dfe3f9314ad5f5acaa Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Sat, 20 Jul 2024 16:41:26 +0800
Subject: [PATCH 01/43] Fix UI issue for China region

---
 eslzArm/eslz-portal.json | 22 +++++++++++-----------
 eslzArm/eslzArm.json     |  4 +++-
 2 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/eslzArm/eslz-portal.json b/eslzArm/eslz-portal.json
index 047668d1f5..7615ad60ec 100644
--- a/eslzArm/eslz-portal.json
+++ b/eslzArm/eslz-portal.json
@@ -278,7 +278,7 @@
                                 {
                                     "name": "cuaSettingsInfo",
                                     "type": "Microsoft.Common.InfoBox",
-                                    "visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]",
+                                    "visible": true,
                                     "options": {
                                         "text": "Microsoft can identify the deployments of the Azure Resource Manager templates with the deployed Azure resources. Microsoft collects this information to provide the best experiences with their products and to operate their business. The telemetry is collected through customer usage attribution. The data is collected and governed by Microsoft's privacy policies, located at the trust center. Visit this link to find out more.",
                                         "uri": "https://github.com/Azure/Enterprise-Scale/wiki/Deploying-Enterprise-Scale-CustomerUsage",
@@ -288,9 +288,9 @@
                                 {
                                     "name": "telemetryOptOut",
                                     "type": "Microsoft.Common.OptionsGroup",
-                                    "visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]",
+                                    "visible": true,
                                     "label": "Customer Usage Selection Options",
-                                    "defaultValue": "[if(equals(steps('basics').cloudEnvironment.selection, 'AzureCloud'), 'Enabled', 'Disabled')]",
+                                    "defaultValue": "['Enabled']",
                                     "constraints": {
                                         "allowedValues": [
                                             {
@@ -306,7 +306,7 @@
                                     }
                                 }
                             ],
-                            "visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]"
+                            "visible": true
                         }
                     ]
                 },
@@ -4759,7 +4759,7 @@
                                     "visible": true
                                 }
                             ],
-                            "visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]"
+                            "visible": true
                         },
                         {
                             "name": "corpOnlineSettingsInfo",
@@ -4975,7 +4975,7 @@
                                     "visible": true
                                 }
                             ],
-                            "visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]"
+                            "visible": true
                         },
                         {
                             "name": "onlineSection",
@@ -5021,7 +5021,7 @@
                                     }
                                 }
                             ],
-                            "visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]"
+                            "visible": true
                         }
                     ]
                 },
@@ -7380,7 +7380,7 @@
                                 {
                                     "name": "decommSettingsInfo",
                                     "type": "Microsoft.Common.InfoBox",
-                                    "visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]",
+                                    "visible": true,
                                     "options": {
                                         "text": "The following policies will be enabled: <ul><li>Deny the deployment of new resources<li>Deploy an auto VM shutdown policy at UTC 00:00</ul>",
                                         "uri": "https://aka.ms/alz/policies",
@@ -7412,7 +7412,7 @@
                                     "visible": true
                                 }
                             ],
-                            "visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]"
+                            "visible": true
                         },
                         {
                             "name": "sandboxSection",
@@ -7422,7 +7422,7 @@
                                 {
                                     "name": "sandboxSettingsInfo",
                                     "type": "Microsoft.Common.InfoBox",
-                                    "visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]",
+                                    "visible": true,
                                     "options": {
                                         "text": "The following policies will be enabled: <ul><li>Deny vNET peering across subscriptions<li>Deny the deployment of vWAN/ER/VPN gateways</ul>",
                                         "uri": "https://aka.ms/alz/policies",
@@ -7454,7 +7454,7 @@
                                     "visible": true
                                 }
                             ],
-                            "visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]"
+                            "visible": true
                         }
                     ]
                 },
diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json
index 2c25864a30..0233736be1 100644
--- a/eslzArm/eslzArm.json
+++ b/eslzArm/eslzArm.json
@@ -1577,7 +1577,9 @@
         // Declaring all required deployment uri's used for deployments of composite ARM templates for ESLZ
         "azPrivateDnsPolicyAssignmentMapping": {
             "https://management.azure.com/": "managementGroupTemplates/policyAssignments/DINE-PrivateDNSZonesPolicyAssignment.json",
-            "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/gov/fairfaxDINE-PrivateDNSZonesPolicyAssignment.json"
+            "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/gov/fairfaxDINE-PrivateDNSZonesPolicyAssignment.json",
+            "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcDINE-MDFCConfigPolicyAssignment.json"
+
         },
         "azPrivateDnsPolicyAssignment": "[variables('azPrivateDnsPolicyAssignmentMapping')[environment().resourceManager]]",
         "deploymentUris": {

From 3422598fa7da4df0df477d1d5562bcba26265859 Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Sat, 20 Jul 2024 16:41:44 +0800
Subject: [PATCH 02/43] Fix UI issue for China region

---
 .../wiki/media/ALZ Policy Assignments v2.xlsx | Bin 49917 -> 146432 bytes
 ...e Scale - PolicyDefinitionAssignments.xlsx | Bin 63169 -> 162816 bytes
 .../media/North Star process visuals.pptx     | Bin 1159971 -> 1277440 bytes
 .../media/NorthStar Networking images.pptx    | Bin 102409 -> 200192 bytes
 4 files changed, 0 insertions(+), 0 deletions(-)

diff --git a/docs/wiki/media/ALZ Policy Assignments v2.xlsx b/docs/wiki/media/ALZ Policy Assignments v2.xlsx
index ef277d5bea41a5236c971165936a8ba25363e0f7..a41ca1256a56e75079be075755932bb37546f8af 100644
GIT binary patch
literal 146432
zcmeF%b8szPyCCq`=817)+qP}nwr$(C?c~JHiBIh0#I}>!?|0{`x;0gE=gyx~HEY+e
zdUf~ees-^C?XKOJn?>F&Y{cFJ`d<nk5Gc^sH#88$e_9R-s006d9tjA@`hU)UeSd%d
zd$9wc;s^j(^#9BM13mBw_>Q)KeEpMKFaU6Xe{v2900jUI00RIE00#gMfB=9902l&5
z$N(q+r~qgH=l~c1m;gTjumG?DZ~$-t@Br`u2mlBHhyaKIegcpHkOGhakONQvPy$c^
zPy^5a&;rl_&;u|4Faj_EFaxjvumZ3Fumf-aZ~|}va0BoF@B;7w@B;_{2m%NJ2m^=!
zhysWKhyzFfNCHR!NCU_K$O6a#$O9+<C;}(}C<CYfr~;?~r~_yKXaZ;fXanc~=mO{g
z=mQu47y=jp7z3C9m;#sqm;+b<SOQo9{PP?8hdrQf_n+qf$=^Sm0n1zfTmjqw+yOiQ
zJOR7_ya9Xwd;$Cb`~d<0lz{939~VF_L;?GC0do4+7JwE1&4K|KF@W&@D!~7TZ5ZUB
zH9%I^fo%Zo0zm$w@jp?G{}t5%5Zx5e2MT~bF$SDl3;})cPjCF!g%}6~_@7<<`#b#C
zt^Z@~KkcFB{-X{7$hsjQvLPUY4*!a53iMB3{&&j{z!~x1vBCZ~8~yvZ|2_TB&C~$L
z=mdyp3CO}fdHugFNPy%2cl>{*|K08X8O#3^?xFvfy5s3d>8%Wpeb>2MGyCO9?T=&<
zK?eiID~bY#p+$spZEYHl{Xn{M``%J+In^HpX<S}deyTII(CeJr+bNR$`7O*iHB=}Y
zynJA~j($OLe3Wen8zvC12?{k<2by_xCT{IyQ*VK%(Z!^pR1A8`_*qPxoyaJA@-JWp
zn^d{Y+0bdJlcT6TvWBqs_S+V;$;tHy1F8?S+?3cKCIfrwnZo)OMFTHI`hRf8>A)cI
z9D!$EX>H7WO_yn@e;{mbQuLt-DZtT+>(%-$e=UpmznF`{h1eln1WD#sSa{DxDJf{D
zW^f3nNV>snzn|bRs%ecy=_m}N3RwwM{ds&^Y8fD=Nv|s?z~CKU%8HrYKeezNO`62U
zl{wnOxE!o*ul$B7U}AMP#A-f<1p~JYz#e@HYDNC5Y^J*dElQ3ZBa<=xjHq}`pPAE!
z$lwG-n2dyWc|_l;OV&0y+>-{Erkv;)wyD+(=`V3fb#-7y*%bVHe;uw`Y;d%4C$~rY
zCTV<4NmwglAuD-ez!UPaCEuL%G74{PwPfHHYj4dkyzqYXVP%a*fp3h3s0V2{m|;cV
zKDm}nF0ljpPd;JrZkudhygZ+ut&zh<`&%O4VKE+TCo1WUCU4#u#aHph=vsbNt5S7C
zs5qGPry6ESzPtnx@7-(Ql1ZK99ijiB6(JQ5u}Bwk4tLfJ^Ccd6Uf|P(G1YIE4M<ju
zMdU(BTh?(b`q*W$Lm~YKOUl+TClZAt0STj=KWQ9Pb{)EH2<7i0n@iol=h;K7)6O9>
zM%6nJtQDPeK0)Fqs+^`l)B5e*M`eS(p32e^a$U-U)KT|gt~yCQ=yA~kYnv}5VeSQu
z2X&H;wvMLog~ag8^0o;ChrE)TyVloDSecL+N$FNcaorapee`>e6Jegv@<$~J?Otou
z>h>bHs8HW!VQq*k)ky~v&0(E|T9RnHTAfuxgvb%}Wmy&al_XbQz--l%txwSN&D%{m
z-Xo;u{MJ*drb@s}<Lry?tbYB$*s^8!=8v(j&oy;K&j={QkQq2dc5wH1K8MNP5)5=T
z&ZRi2w(mDFruLaE%ToB9s+m&hXZ<ARABW*HV1P1KPB(y&93Lon11qlw*3&4R{m>+L
z%396CWOfZ!W^DK6?E6x8Vl(jd#7Od|f72u1UfpdZEn(*tm;E?sG9@Wv2LW&VVV$Kx
z>6{#EOynT6wgGaZg7|hiP`pPw@0;|?=~r0UEBp;wN@NG{-P3kM%4=#HNluAXnvbc*
zoVC_l%1>6s>Mf20zLss6L6VQhpNxdDYcLsUQ3W@t%?h)3T6n!cY$JTQE$sL-D@*pt
z>Ke?mxu>i{ZvwmQMQV?!on4|ztPNty&4#h_aBPSgzu-#DQ2JvF7hZ#{V|LmFsM%+X
zzPBqpqN5=-g{t%)Nm%7M?riSN<))VmfjxEKo~t@#tU5y?$K3r9F8Gn<?;X(=1WTzc
z<m?4CQ0>;{Asp_O?TX+YvG^I?_f|pQ>XNlTUHmW@xS*q1$YTAzUY;MpxjC0&b_czk
z^_Fr$7>a@ts&L8LbCH$tx?;8E)b~iPwOg9kNL`}UAaGigr-6zr#IrgGG)6S+lY5Vx
z8csp$b4+@8nJ#mKzO1MXqchvwYozN!sMT6EkvP;(U|`Ggc||OD*YieLGT?SD9h6s{
zkGr2zO)6cns!;k%qJ+*N2GF<@4h3CbT0=()!wY2OE?tIQ$S=6IVzp_7jT&<j$tuw?
zGisE?Ao&|V4y_6*iqUC>mxR-Vhp+|K&vdqv2{<}j4=}gMX|JaL<Y?~sGmgrp^OV3k
z0XfML<~EF!E>!3_ivAuj;w$KYo5>Ag)Q}R6{&8K-MfNvhx;f~=Pj^7=euA7YuUdi#
zGS|z;Jp#n!CMxDb59^6PEZ6ZaS*DdeLZQIhI4t@tADyAcDkuE@XHbf7-d`HWkl!#7
zzj4K3n13ut!~wG;c#R9xXOI-+aW~qga(TMZZg{vmg$K-*uXjK%(1Zl?j%LzcygVOs
zI9w$p>wz$PC5MMn0_%-ulW2k}zseLMsV*iI9>4FEL2=QGH4cQRvE;uJljrHznQALT
z&{?k}92;x%HBz2AkBVaXfj{Dp+u1Dm<mG16rUZp8LQzRiaqn1JL4Oh#CkM8ohs5Sh
zp`5PEI(-Gl$HiODJ1_J2$;0QCY`Q3N?=oiLv|WS5Ak7#ssTk>RYo)cjF??29T-k9s
zLj$j<ZlQ>Ok`t7V^)_NPZSAsA;3oDGXk>4T{q?Z=eNs>S)>t7XD_hH9f0b7>olSGE
z7<EEw_Vzb0ZIVL&uZwj!%{gT0#Gk>zMp?FZPW`P*DKf~2q=pCuI|UUwOYTlT9p40E
zs~wce;acU*EqY4)NjI-f6}IUNZJhqvt8rfc_ekbA35^M%1jm4z(#bzp0puzOBsu(J
zudS=cq9Mc1wX$X0ac^jLw^;XmF6Gt{RA?FlbV9pfAJjoTqqojr&{1rN3O*x>1K4in
z8So^17M5E|QWh~-g(EXymx1$x!n}Ncl`)B|4}uZ2__Jq%YB<zQ@QzU^5Oaz!RVpDB
zD9j+%yr}~XAYF2SNau~@W$@uyi0kcpW0uYn2nEwdJ$A99J<$Z=2X*aO_KA@9*yh<9
z)lNIP!9xA<=X~Q89ud+D@2_$C4A=59GCR_he0qi{nwRH%j#)H28+_S_>zB@;#=IP@
z!$?2G9{E5&Pen*1-fnpR+%5LKxrZ|@NWfRj*M@9+@1uYC{dM?#1fAHe1_x!<q}DTD
z8qe(Usec88kBKgPEZeP$V)SD~8O{hp#mx;mFGm8e8%mmye_@(Fz?d8cZh%-xomYbY
z5&k+S-O`k9v=e=W9*TLFmK~fp$$y%=*bW|U_x71ZyZaGd(6OBpZRpN}C^e53Dt#KU
zyOOpBRo**W2-rY7uozFgw}D!l0LL$X;uCv7$C+TzSn^peXNE9UwF0ycLiD&IlU-wC
zyNfZ9U2zr1gV2jqRFdbEzNV$0cL!n0Tu8iJ{}wqA4Gj(%u38`Aw?|}MOA}JEi7niG
z=MjQIr>}_D@L&Oi(e-IW6Kj8lxb+(gm(gBXb4|u7IM2^J`=oM&DMR&cg`#KesLAzT
zfnwp%&E!2pQsq>x+S^@_;jk!Q*qd5Pj`ax`YMDSwE>_!mA_nTZ7@)7uHEP&_L*Bk_
z%!*h=y(Lc1hbAU<6wKub>`vLtB2>AfJUc^Yv5*aBuY4#}%>r7}6uF1}V;Hx1=~{HQ
zufMmnBV*F5Yo)4vWccfm&;tfD4EKN30`mq623{*$n$ANcgmpM$4Q(+Pmk$u#cFnWi
z03%QNJk%PlzIVi>fy)TPxh<)w^8|#KoNp7$?o4Y~%TdF3uVUe`x>SWa(p@gHyYWP#
zI(Coze79dn3M}Tzhf=l_u@Z6nh?0?$$UzEmU({)|D7GMc>`@eHMjfn9HU7NGKVy;8
z??*Gy$Tw8!#B5;n)tXkr`K@uH@AbWX)nBmOY>_A5%@Bg5;o_U$%2}U0H>m!qX+ae8
zKBh?hIQ2!vwR2?jfg?R^LDL@_?dMCLpSA^)tZMZLclhrA6$wgdOjjh#Vv^fgTgh@u
zWTr-`nyZCO-mbfy2#p6G3Pt<E1d%Ff@PW6h=UJT(s<YhwF}wJ}G-(4(T(Fy9G6`J$
z>|uezM}hi=5o6vvvB8@?oSzK0hA@H+53+3E$BE^=n_=$YUF#{*X2YKF7)uKAm^e3Y
z`zAHgr4?K%36Vve#TEL7%9nvPgWB;M9B44py3s`d+nAs?_i!w1rKAPcD7%xkN9TtW
z8#j&>M)FXC1|HiwsVQ0{`i?8oE_{NNL^po$N#1bnm;%a=g7}jN?2`P~POpCbREu*Y
z94$ME!{iD9E+rR5Hb~wWQ&D3>2aFnRPsq3;&YmJ~6ItUIvn16fR?6IueiuCJYuEw_
zzF)fWv`xZ?$O7izat1Q@YPk};JW$V&7)nZU2WlkY(ZFj|;}I9+!c>$UxMK_{eG2ep
zo|CfKZ;}EclH->517ts~Ek<cXVAjyfZ#|@p2Ln|{5usEnff7QImbt&Il-v<WNfE<H
z+m)O#B2X9Tb|R+6*9_x|R9D+A213BT%B>dnN*ep-6FR(7t|--4l1rss--jxa<5lpj
z<rEy*DW1_obt7^zZ--$(elJ&_?x<TPd{)pHQLY1H=V0m~XemP_ajx6^kmY`nLh`}b
z`v$SVY$Q77zVQouj;S$RKz)=@(*KFk$nSWi<t=XEp4uu-sPx2ktv^KXY6a&gQSnPG
zOI{%9>f+Lv-yhSbj-qOOnjeF%@>l#+Dg(oZjA#0QJY{)C4N`%Q#`fL=K>+z?B(kqH
z0w|@er1Jd>Oj+*2FV%P@-DLm4HR2kGV-X1cawwxKK}AUMkf(-rS~;bRBif$lBlSn#
z({5#L{dC6dFy;YR5G{&7icb+$Gmu4K{aY%tg!k(=hFJwnxl@V<x_cLPT}RzMt;$0$
zdqT&7B8kRlqe<&p)7d2EYwuU0QKL11$C3lbr7e5-+0Uny#E_``U<4e{fi93TV`o&D
z*Lotqd@ku%7bwl{T9t^03_7&@Qr7P2gr;U?7<FH0SJU#<0=<U$P<u^)msG!rKGKFV
zPgiad(FxcWcE%<Sd}&a78zq0fOLd^PaA+$xN|(bX8xV}Q(1DfK)f`|Qe7}}OHUE88
zqNlYhqv44-SH7MPPn^wRP)3vMN99DEDOD3qW!7=dXAwH#2|?)dx*^x6a|6pI>G#4{
zfbqNCkD_J~%R*uH5@bvN@;J>5VD<a#3RZki;v~RWkC#Fc9mB=#D^_h8Dlt{A+K47I
z3Ds-m;sie-ye{_qUOJkYz}<Zr)q!~FYh@~)V5J&mJ%0q}dEmU5FGy(%c)H3{jX^<>
zg67O&B+jXJf~N9I%1ka_0p8tpE1-*9WK+9#_;@g^HrAqP5-E|WrxG>i7vNnhe`(E_
z@~4X~JaZ_XACO5*taboeSd-aS1zd^hPuP|!_eJZf{9YZSqar$V&d`+n%YUnm-#i8R
zOSD>y*ZEC$7K%YW0e2z`y6#h)%z-t2(cPd+^<j2u*HB2L&fWF(G`pOCJM8)BTM79B
z=9gb24jgpnuwD-Ior6S``&GBkP3`zm09yPw*^5W6(lX4e`0vE9Fm?lZ1fjK2t|^2I
zqovJI{LAmpbX+E#Kcau+DZe>P%E7w_ZF*1}hq2!**2JBD;j!ONenu8V2#}YLZTc2<
zgEsP}L*l67gRJGGMz->UA;AV|b0R(yV1f!&*Om*CNeVVpU`Yw>cfhpJ)W&Wc|AO_d
zpz<qYn?PT|y9+Ka5O*>^me2M&Ehc4UgoTNBp^6G3%&-MM;CxDZ{yiz<vv@v(N|rL6
zeLStHu7iNd;}>?-l-SI;w4QW!y>n*8nn{Ngux|lIe_Vudx7|DCSVKOeQ9t2FuycZ?
zBeJL`avxz-Ekw+vsoef2**jl4*=;F$_>2@wYPCLV`W-69y*J-*Q0D`!>ml#V871M6
zFs=DSn|M{l=DzuQc{X^^fW4s8Dcj%bW%u$IO2hOh8?<o&%Smb#!Gm(Pf4CkAV=~Q8
zT(0VE2R&9eAw2ww-jK7<+QEEi*tb!UKWFD&yEn0y2)xU&so-osVQEtzRA2mOuFlUE
zm9r{M-+nTdTAedQ!_Gj<cb>)*dVgho+?eN}M{5K%Ni%txkRBXLm(d;B(YH<e{#iAS
zzW)e#x9;vXy=;jm6H}W$33KGobz?Xm1@AJA$t3R}LON1D*zh+p8Ug)rSC$ydyc12}
zb<ZI@zo@c3vZO6g2ZSAP<twbzDMm+W?+8U~JfTy?@49pHeUFD}Za4*Q0pjVg$BnA~
zD>cpgkFMS(8KMLtP#O+`mJ(xRT$g;6#hxoaqO3ya)lcOTq?iSMy+M(MRYX!EA0I`}
zOhHJ+wP=)Bu~~8}KAr6|+{p=wde%~Y1yJ$Y%2C_$sP(~JASPm%#%o7TU;7V=l%(|K
zDuy`LesaIErhOYO=dGPj8}1au<D|w`cXgjOuXSU4B?(+@k}?U9msn5L5KI1jPl~x?
zt4$kq?Dgb_PyDV#D?G*;2MM}9x}|w9K29UCW2f5;0{?s!V?90AHRg#u+7+=SNV3$K
znhp~iw)-%FVNCn`FNr)l36p-%cGDJ=yAheVQeAUqsWWR@hX>?Save)(fnxE}O)9z%
z)i&Ds0MpK=0UQ-(GL<<H{~7PNf_C_gY;m&5+Zl{2!^j(V0&`|tIb6-p$y<APJFeFm
z$lB6l8RWras-P=+g6KnjWlzx}wo6(4>>uu37o4a%)+8tQt|U!j(0@JG3gEx3PufY_
z0@h<i&)bTemA1GOP)Fc$qD&zl+&6xQPSb5UEt+z;m0{toN$wtI7g$X&ue2#jy#ElV
zDD2kJ=WEKiVj_%VWD=@rBKSbXRIU*elD2DS<<!pito{2d9mhIRCdFpxYyXeCW4?+U
zX!s8z8Lb9(t~>i|KD>0_Wf?O_-ATh0X+p)o4g|R=4}MQHc9Vez@aCvJ9Cy!y@cGnV
zxi{dj-hUm-gg=lURp84H8AiK|_qCYd_YI{q)SA_DJ&_3Z#Uw>CY0rWs!(}=?^tD0Z
zbH?r<pc#kD=r}+TUPuY~pG$qh;eUtjI#wk5aS+jdy}$OhP-%aMQ_UYp8E#y5{f!Ou
z;k<)(j#`1+%p?dwy(T*#3E1=~JVsp!P#O;_lJXeQPrVdJNreB!5<|<EYoAfs^=Hq-
zg{qQ#1jnjEgl}BK(SYXpo0aAwMG&&Mk@&^AjG@Y3fgJ9KyydNE6M}f8m}+vBXse2%
z?pDgUBg>k-H}eb%Tdt~=ZjG}k6;N^uzW~OPQ7cD%lxn9!N`e6Cw`UbO`+OhE-6fQf
z=&o(z(s||7_%(iz4p;QsJbIx=(W~F4m90vF6G%T%_~@IB>F+d4kxDXs&L@aLV$zfG
zBzX~_V=TSKa$-ds2%7cY*9-Y-0mU21>gIhv&+IB~n2>fP4UTLc;q$JgI$0a*WJg|e
z7sBcq=|B4wa8cH@&5`UB7-pWBi9ir-i5mE45tcmN3rYfOyvIxwVmFmveFyd_AS>1v
zb}#S0laF`km)Z7lvcY6IDei)t?!N8rGrSgw%rN_)Dto+CS7b{4!~UqOHyuI&r=e<?
zaVh~RpIZp2!O%R@#_p=<PIQmTW-yp(Mh=#OKe^veHFx#Pc($g&pynTOX%WuF9_1-1
zzhnF|;Vp%Y-QbKuull(3_lzI?X?40!&JP+`?6EA&k%wkdt#dJK@1dt>S5>8iuqM(D
z(mGMWbSSKy;JEfIoM_s2daT$xpUEY7I=|WIz}{dT$XM}9Sww2&Eu-qM&m>oFS-=z=
zrbM#=;bicGP}=laeA5>n#Pv$Fy)yo$wzG}tIT1L5?{U5E30SDf8|qsXJNhL*XMa;W
zGX9snbo-ChVk2X`S<W?;IijE>G17N-V>57&d?6M737J25#k(1?`lm^Res`R3<;gWU
z7m@9&gzwTrQ50%K4<WsE6+~d8^Cd9Fyn`w3`p3OegXg`z6Zl}Swo8~$8^^kF(FZ9#
z;6h<1;tQw&vOs2Dwz}P)9Q4mt4oM7}cLJZGpfb@z46h$MEIW%m3m=*;HiXs1HnM-=
z=vkI0c)X`x5pKgA$(Y>Tk44>SD@%3{?$AJ7W}`nwmQ-^Kr+dcGd<ae|jcj3#b8s*&
z347R-g61;qGlJdaS$O*-u$PL<-RI7?W}Vg0Ua!%>qR1Ox8!(*7hNKaPa9323Ji7!6
z<P9aOzq~3CBP;!s=|e6TnbU6kqZoBAZYN^@qA5&(<nrzsE~4NND<-LWqJgXEDp!H9
zfJ8qfDYoUcHe=yuQ^Y?i3VjGwiM7$G^*>=i4vJ<(>KvNLj2*k><b(LrOk5Tgn<A7~
z>RRJsEt1~Ell1Ff(N`y-h@4!PpRf?M9dSBHUgvxmM-?G3{Q8oYqFHbu#YLvPR4wzP
zoik-t>gLNuEVw6d1MlB-;-s?}#5)c+u4n@F-S^Lrcx5^jhJt8_NR7Se99Ek<dP|cO
zKNN$@%Ww$G9sNn`MB9Q+u);M@+PY|>b_}m0(H1!Rw*qf0A`ftvIxtJ6a9mI_CO-cb
zDre|7XZi*yqiAtG{BukP=H7%fL~_jEM#xp)V;zW%+S9t*TcnH)L^Ib7)2e&;&7_Bn
za|2YnjK;tCX&C{ThZniC@W&ADJA8`K9)#YQQPzG1D#9UwcuqG6bf3fN%}k}ci%;Z^
zlY@zc26`O!cO}>%P}PR_ub$hoJ|JFy-STh5&G1SoP-x867?GF4`VzfJCQzbuRF$B;
zXAhEg5XzVCU*LGjH!_8tf7tyV{u1u(<k^xFS#`0}55w0p&GJq+N%^M3x^LauadwAj
zSv*a<`mEg4ZsF!n<ncf0ks|}Ccb<nD9ouslN$Io$-TSqUllvD!YOApLKvodb|0n0x
zkW&J;Eq*Mq@as$NxqF6N-tm+kRQ(-R>?{v#dMsWI7~n3brW^I;yVzs9#WJPVmxq-2
zR&41teRDUASeBx&$v7|Popk>?a+GOkX61<=ga#>+g+K?js^Jp#muZLtFpdTXYD{4i
z2!xjgMWs!}FIk{s8X0tD@dB(p2bvMVOYFTGAQ01G(^<AN8mI<tb&A|<y`v%5Iz3;M
z<;2iuiT39L;c>8-FqHFi_tZj(T@Lua+eH`h;`gc}Ta0GkC{Cb<p2X^nj?+IQJ2@V2
z;&Ga)WR*`B&*VblqA-^%9|p{qm*0_8fXzU^3Q{u;lxAE+k+B-ts|PShEs@g3&|BNU
zlRz6CxGHRuusE(cVMx_e-s2LAd`zL*$+$M+SCmhSAVR$575d_xO-&^P**mUOThDp|
z&7iy8hZ6Jx<{0o!MU1r>CL-9I1r@hc_gHW6#4b2%kF-2JSf6lrF%={z#;}b3ur^?Y
z9l_DTDb3~Kl!-(H`cs*&aCes8!CITmFCzoV@A5v|kR*8>z=WZ+DN%3hLF>^(c%ir6
z&2!2_b$!0c@IZ<L@`-$Xpjzb1ng?_{Oj{i?J;f?zanC3c-hzZ1R}P29nKA-_>PBP_
z?KCl*qu=3!2}?kf)HuuEA=qqwK@B%B8NhZ@h!|E*ll{>Z3D8XECpz|N&Gp_yxcFP3
zwiDm+m6YHc%)i>K(b(^`Hls$R66(Eu;-~jM?ye*m$~HRIjGA(I(sJ<Jmb_<G^OTsI
z(SfTG{*$xoEh2bt>ZY5oFpjgU{Jr=%|Jiv0FN8fj=<?0OQT>#_yHVJ>%=DAv_+^g^
zEfkCCSvG%GpfoKSvSByG$KB_HOns+g?FY53#duz3O>PIR83ZrU=(B+N9nsu5Z|2?r
zANeJHVKTvC+}d59*t4(M*>u;8+DuY;I;pmDgCrTY?d2WQRV@`y>h0n=OA=mnq&Z3h
zi=khvsYNydM{c!DaEf;RQwSv!%Nq;`F5qz%;yD&0Bjm=fzODEABGC`fAIrR6PlRf)
z?^qy5Kuq^uy2<SKIHE~UddRAEdu^)V5FxyHb7QHKUrFJsy2&U+B%Sx{jh>A(Zx1>Y
z*vOqxV!(YAtT{v%NKMJpEm)T*JkOex<dytZt4PgmdZ&IA1zL4MsK4`#Z;yz>-pjKY
z$_9ht`E7{Hv_+woTvJ7NZp0O@oA&;!rgUabQfIO<EFKpvu!r9Td}~m1Ms+S9+HAO-
z;{A{anpVmZw4zg;bTGxh;CE9i7@!drGnc2dQO3nvXb9&~oS$Pmr8i}tC}{UMkC&yY
zw6m--ld0tsHC@SjnhHKwKPqq!Z*&jKr_YCGM-WuZOQL`}Qm@pcd0-?$G3RVYo_X2n
zP9)P)FjVqgR<Ei6U!J@FF*(2Yo}K5jt%eKe#UZG9q6h0n!BwT2@HNY`y5A=`tl@gZ
z=$=K%8R$w5pcD-a`=*k!Jmnz#uZ=x(IYBZ9W>rqd@kESOp8MK+9QPo@bO=+pe2E#t
zYFJI#KL<8N(S5tm?o-$6I!syA964j4|5_nehJt!q$A!J6smIqNTEcvQ$4R`&%XC@?
zqrT4><(ZN1*<l_+nEye9`@EW}-dwyit)zo^#FDcSuhuNKkzQ}JK{~7^AWGjue$W!$
zfWslls&kQx&6k-(Y2yxYVyc~A<q=#8#o__B9g7wfO7)~6w2*y8sR|k#J7Tdm$eO|7
zhCd0&0daz}YxdMD3=&E2XNa0YoT~gWEAQ?E`x05fvlA>}m7U~dQKPG?T`qEa?_?Vt
z(_taU#waM__A@_Fy8z<kY-t8?#(Nmf>`y(^ZRRY$6pF1EZcO)*9KC#s?KkG!Iaq0k
zw&fLH{X@wA^v&>YN^$)t!3BeWdXUs0o|bowI9H0@M)y-e7}nL1BU|zFhJF*9Nfkqm
z_SqmHA2yV7VHF%2KC*O~vzGsJ%LHR><D5NoU;!xpdmN>QL@AR(t~0@{P@fQepl6>m
z3hv?Y;%FR%C-a+*xQG;@e~g4Sz9zGFo=PPSa+j?<<f9e$2Q;1)aWLC<M^gnhnd-n*
zEkx8f1KA~U1E^~A)H$gO2&?fX|2?CA4FnVN;u)1@A8I%HI|T7m>WE)GmQXhOlwpXd
zV?D1gwH{9k(F3qmU^65HEG=f>C`1_uy1}O{*A}0D?F@s>HP8g80^Z$Odk*jw+R!fi
zB9_ezto73<OG+Cj5KhMOe1uhE-wW`~QT9jygOefc6P_Q<ejbj~$w>oR2umDfQ^awB
zr53W<g{hG98o^VikR&}ZiH7rKcDUR@#j;qpbgmJ0xaVoIyVFNTVSK>@+)RmBT90sa
z4+YH^>1~$AD4D7a(<k%S1@{3??o!^NLvKnZm4V|K!iQyC?xS%-Y(5XNd3b%tn*)LT
z%r{8hGZ_cP<H)o79C)xo=yAJLEYg#7#h<#W{S?to2V>x&wy}&ZdWL6?hJh1>wkrC`
zfwH{tDtHfJa+*F{MlwY|!<#?wLIQ40kny4c2r6<t!&Rcxx0<#RxPF!#b!Z{lEpwR|
zJ!$(hU>jhXRUHh)9Ooz7$gP#ZW1-SOkftkKh;>P3l(L==QU<nUnzUgBjv|u4_M9Q-
z`Gs`|?@hr|9ndp|;*Y^IRr>gigzLQxo>6bAqR-)eO|Osxc4l2nZmL4<-4d>O&ZeNp
z0}f=&fwgtN$^s{rK~B4PdycOd$bGwf5K6K#uj%K18r4K&j}MZL4Uj*VX5Aa@xd}A7
z1!euwF(JY(5Q&rbWfY~H8Ks6&C0V1$-lg)@HG4{tJ}cJWoV3@=ETJSdeW4Q9eq{=P
znYW2kke1$I13GsiBJp6^v9U&~8sIpzZghOnTvdOA8Hijr*5p+sCRmO}&Ebqs$=Cw&
z^=1gN`$lvgZPIDq!6K}A+@x54eThwDg$g`FH<t0je>(rA<Au?3=}y~|tdvJbxTrZZ
z_UhAFaZ%IkA~`rF$e_UU3`?daysvI|MSgweqHe#7BdRv*z$oFC$La$od!XMS3vbGW
zZk)j}AfCcfjsZ;TQd#?UM84Mb3QBX;#o1v5z0A6lV_KTwbbnU*LFb^fj?oioZf6mZ
zAyI5;x)1|S%QsKs&v(B)8H=pIx^&xTMQYe3M{{@(fsgGr9`R5elu}g-yhI=~wFC4^
z*Qihn6Y8{wz&S^e!X4ycFImVNp{A5hzV$$2TXB|Xk>?Y)mK{T|DoEQ!Mxkx8(I?5c
z04}F={_Zx*Yd{LS9T$xO(cM8Qy@M5hpev1kKPAu_9NQLxJTTF=CKYTY;oOfdVfpq-
zqX)dd%cY_0iy7Pz3bI`{dd7ZXK{3?)>2tl21!-*Nll8_w8n3(S%sn0=h0aCU;uv4?
zj}Kx{<!l=J#^R%50^Tdc?_#>EO*Njz1ThoP6bgI^?fl*;8V2ik8@lN0&uwdw($5Eo
zZ({3v?9zx2R_i92kZdv(1#iP3yOR`ml&LM#fv^TLGc?4&nYx!uiA|dn^{QW3CL=W1
zw0^47uurZPKWX7WFOh`;c9W8QM=^K&uL6o%BKEUksF%rKqaW>`1Uo)DK>1$p_Cqfz
zEef@f7c6#$--8gYSX~V8%r6CCcG0YVh{P$t>-J`DE7?VH733is&|*n?K{%@hn}+5m
zUx!RV2W*$l?d^mp#gmJ;XPv`yv;@If{=gv$S`0qF8=6@szU^y2Mzkuz=kDY&$+4}r
zt@SQEh0F#TTvaJe%Tr}g$iO(~6EHi{Je?v?9}MfA$q0y^x~M<*F()lKdwo^9vka3(
zz;zXPI1%J6{sQWK_s2xQ6y`3!SO7;;enE^7*Wnshv9|AQGsHoc6k-#NAx1DM_q<m3
zU&xL*-nMJ}CNnLh8-djX19hjW8p8TwDN_+QXg}#!_Rz;jsA)K=6QIyM{cX@QKZcJL
zZne^@y;sm;%lw22OH{e|Hn1Jxb{C$NvgNG6v&+<pqoVYFrep$j3}&~Z@`!_IE6^Y+
zAey=O(_iC$Bx;vrHGdeai@Ll;8FR%tFin_9<@Y>tiQ_&3s7o0Erk8X8vE`zDZ~1+#
zQ!lL8OJ|-7z9tXSiarJZA6?19d)ioFK6nM<+{;|KkIVZ``=(GXDxeV*a1(L%inJ}=
zZNebdsK}Ym$84y4{Av2V(kPw^j1F>$Fy8!@SPhI<?xrJ<PNQD@*uV0hJIkN#{QO+C
zzKKUxtUr4ZamVqx(G5UYuIR+?aICMuo335&jv%?J1RWQOzuFPPIe%-bkO~mEzXKy-
z`oih#Q+&5QlXJEFy+%jK$nJoZ#~713u1eZ=7a$K=X9nJ%cyHmT2<6Bu5Au-HosRfB
zds)c^<5&4u-b#}O&it*1UL6utZ7;zbnx{KC)vc=hMX5*YFIb6`=}L7I)S`hCA-?D!
z8J2`LEKhR)@oEQBi=1eL#J{wVsM-ooKKZl7qxXj)8du^BNxw?9gfD^VU4>maBF1q;
z%hLF;)DmrKMs+8Pg^?1YQ<8TnUKoEul`}$L911ey?Bj&NoVRlBWQc&e+fr_a$3$*B
zp`xBIpDmLhJEPfD8>tt^lUOeBPvjB?6<Lpx8BJ6tbK%T`dyBxX1O~nZ?XL1zV#<vk
ziz>FibJ6YeD4)NR6KLnECXx(BJ_{SFWjBpL>)w_m27J>zlY_VG!lbgGzN?ih6|AGH
zW0QXH8*&G0`U|L-D(zSzMQEcLSG+@bY~P%)#%ghO0LyUdm+@iA{}P8VLHe}(^+?<0
zJXw%%=syC27D_$~G2IKiEZRJ%d(_RUlwJk@;#s*NAhd%HEmBAdgIMpDn7FU+@s}hS
zq8N@!pF(baMiSz>Uka^J#DBoBz>192*-8y2q}K7qI@V=(RCDc!ce?2rGaRN?rk)}w
zoDi$ivtitXmf1M3*oB14qSdv=O*sET71mqn8}~dLa1EE<`@jxM@9~pexzWjiV@J7!
z1%y1iB^N@zhMbl5m({|;IZKKNn&4SpcyJL*trFAyvMmA9@;#-8Wb3!f>Ctco^b@3*
zdJRVqE2i@CCsM@PN^K|+<r<}-vsQH%A)FU2?!aj2?}Whl!{BZVsc)qTlf20nl64?B
z;b&6oVZs9JHH%2qjfUaIyI-=SA}z=kfWOP@euE7#mHJQESeq}LLJ)4@{y9TJ-AW8n
zcU3ftf3C}9fXFy#fU8lv?l{_LI8b|OXVVN|M1TX93;MN8EHe6q^@`iK#@dDB$qSak
z^(+QZ`tz*>m{Xw=K0Y*_$^zx;h8T&HAksE1spq3{R?Pysc7dm;kwAlFM+$#7QcAq>
zvLu<6$j_kGhQrE?ue<3=LT~)i!fCg*c4>TH>FnBN^RtKke*JQXa~{BNzP@vsLyOI+
zzeNfzaTRB(n+{fsK6N(Uaniti-Vj1br{tN2U;H8_qVMW1Prym(Q=@`-mmiQU?|h+_
zm}vsuV6r8MC=rybS35;-`W@W~#W+Bazf*QLx8X!tWiX5r3#w?@)VFoM-OL|_BHXUP
zU0$O>F?A)c7Wl;}F#7KN<Xz;!P^h;NYNQ*o0E;wRg8vR1BDUU1PE_q)Vopf9_H;4V
zY?2TxfDDvMv)9kMAbC)bF!T}RRB!we#@v9*aJtx%!|0Is#KD^5^x=~<*M*Q&^@HxF
zM5ZPU@9qkY#VlX&c(bGAJ){5;9oTPoKwVeAE&gG<MsT8GgxaO+y2=72AHhaxd=s2d
zhJ$S65cj#ke3L|%4e_b9VmGE}kL9YF-W24JSIFgA6opE#xg}eraaHfb@vSsQIs-2+
z`h<gWJz>V0$2o|`(R39*AI*=RZQ1k)6GkPLkWD*Nn5JMiI=}O8_<=35JO80yX>0}U
z(!#RS?1^|u3ft0PPsh{anHw5-kE2Q6{<706YY|Qq{F3SlkeKIC@6F|icCwqf`3I+D
z+;#tIgcWTXwz_0`atD`%Y4;(WoMW|h+-o0rVu2R7vfB=KOueOapN6j31=uorLP{_X
zl20FI>F^^Re$&Gi^yU#(w+95pbk+$@>ftsT)d5}7!mvTpZ~!Ink~4L&Z_M?rsKXd}
zF^9a?>~4lgT0`#obUG#v5_JoR-BrXpv+d=YG{r55t>iJS=WwJv4OjXCKcaH2X*;*8
zb=*+>36G>F9PUl7_NM}KEN$<)=ZZkgUP$u`6_m0;11coh%pCCSr^A5Ue$bhjPqVNH
z9bL00F$Pd`Kc9YA8}@ZlQHa{h{3FTXDbn9`0^+1u+9uhLM`=`(-9p8{_?eILd+l^p
zQ*aDM#4C#>_lel0fV93rdd8Jc(bu#&pift3HmGazEHKkGY0m-!L$-Z-ZpF=EY(39d
zP&=MmvmL$$UwL)OVhJs5zRZ?Tyq`LJHGAs6WZc1^&d~?&USXw6l-#2V#qYb!>vm04
zbl%_a(K(for@dO2t_Ms<&7#NKYOng`?W|^oGI=T8!Jdmy+%$Hp`Dq{aJk^R><rno^
z>8M6)+rEl?DFc^$gWwVGg%2fc%F@1y-(;x^zK{Y3+$iNq+f`LxOIm9U{XGf^bor&W
zfCLBd8@fch_OOZH51?rHo~tmaj028`2yB!IqQEHA=oNjo-0~-{k$yXCWBY&>O7&xQ
z?<t~SD)yOf_wg~ErW+Vrr*P^HKZ+I<8XO=aP16?BUQgrV&)S9zSC6TnKn-p{e_zM&
zY^wcW3>6FeI$@W(z8P!j*<Gn54W3OnglFsXCt`)se{XUH?PQ*GxBOU6wN41omVPTc
zNeYhMPQ#*IovF2kq>GotmmW}bD&B=LVvK-DKpT!uPGNPrzShppQWzX)4t-GZpWiBf
z$^zS&cI;^1GAGFXs$*9HW+I=FE<*rsoqY*FbA=(ohKE&2P?FL+@(gM8ZxZ}rpj(fE
z`oOv5VLzRLD3mq$8jv5X!X!qx2|I4b)Fyp5=}sLGJL?um=R8Zs7q1N~^N83jC0W!+
z2v*CTHBxp+nK`!KbzEXHF}4=tDN84Rj8L&}_6~TBvGb>w&WwvB%)~2hnWfR*p$t45
zei#e)ncq)y5=W8@L6_=!{bR-q;&@TKgG|}uOI*gT`g-Xvg|Ox)Ta*{*pHG()?!s^g
zUv<XD89!F}nC}Q4tQTT0+9xlA8&ubxBi?a%noCa@FHA1VuMrfFwMBYtVGoI?g6)-<
zX=JHJoNgc6QjjcXv0T~qfL*_3BP~FW3TH;--vv4Lo+r{<G-AtpBj4NY3O-CIgw_wW
zK4#uhnE~&35I2WztESc|7WlCodkb;0>+T0RK^`9Kyd_t;r!)6q^?^F@cD@_5<c5U*
z*|G=L7I^OL-ZGfdVUpo5wGw#@UVe#+`rd0eH>WO&?npr8T<&=kk0`I$!YaI4hCV)U
zql#)Ujtbg~WF=Qg4?B)nAWu|v=2~*$y9m{@svTE;)46&;8eiTb2r-u*A&p=h^uP05
zy=S%Unow)C727eyF_8z{Eq_-!_Thx)(NDH9t9uTVwVpa5RuITjWOH<g@tkRdlRy;j
zxD<1*O!~PnHJo+}H}4Yf-8?&%z<TsbZ;ULJLAcNtZ3jKYH9;uL@7nAXv-z<-HejBk
zzS>np1{@qHW2caJVIb$t*NkT`EaNwu<tjk-8Jed0Q=2xB9$`G9BIMxo{mERXpK}Jr
zT9%5-#@xR$zA}{nJRQ4Nh`VPrpRBri_0~j-_R0wCIkh4X@{50pO~?Z8$NAoEOcgDL
z{RLLRwu{RvAB%+#QKO!HFIlUbl-J((O1;$iGn`JKNxwch7NRjFgy0+R(QsXg(Tt?|
ze7a`b)!lQ+l}nYNBus>4j>I-$j=$^MQHbSh(&T;OXRZ+*wn6k-%AS%90-nnv{>y9$
z;t}lZl&4;JOYN`@H>xn~6gWi(l4UxuxE8|E@OGxxV4d>0NMpMoGc)C)falGjU^y}0
z7;F=w)93h9_5dBBkvoqjL_05cV5TMx1!%gbNa)o|aPHxdP?I0zXW|)032yqPQV*+F
ze9-T?%J~x#Eu?3k$V;zX@Ht`GS$oy)k8z5?N!_-=>$P??=?=ZpJ^r~;x-}=*=)I0P
z)L@V0-K_$!2p_U6Lz$x$-%HDCMCD5Dhvrwp%+b@p^!`b4mT|_ugP6FK6Rp&Qzd+%$
zK6R%CZOk^^rFbC4#o;Z93S1FZh^7Lq9Na=I?o3SJ2o)>cUJh@})0fvaCx*R4rsL$m
z#_*3U>>=nkGZ_!DZYEQI4Rt@>J%v^Hsic@j_f-&ay=p3?ipuh>Kh`N<esTeA*qD1#
zqtejnJ1;w+j8_pv%uX6y$-;kvd&Tc_3DI5|c0711TRue{#HUkF=9>IbhFGh>*h~G=
z+i4H(eF-4G^FF)D<m{p%b$C#YtB>k_)rbEG{dD?M(c~f8KPtr{)M5=`dP9k(+8;y~
z9UB$8w7~DEIejV0J>T2t{c2>xSyjD0=L1JjK$b`3e79ypm`}?!9b%N8Y9$Lj!sQ<Q
zG~TsCBq?3ceViN+6{}n%SELp$?p7pogMgF=6X~RMUm~X8Bb4;qab|*jQ1O(iqomH4
zWwGq}xZ+h=l#aR!9gFObuFo@`ZJ2h~65DltmhK`~kt;d>OTBOkI9h`#z@|!OkwEfe
z2G@BqmVX2zlx0h0q7^Yq0Q=qkx4yHA1;ldx*Of+VHQB*&8ht7+L|`1kNp-G*c{n*S
z@kl!7?B*PKeOp(Hq(`x>sZ3TvMHi9Nypy2;f+mYkL|+9id1>Cd41AttVCC7lHAbf{
zk#7Eiv;ni(O645BYZ61tEzSYCM>+cC7@YhFm@g&d<Ja$2!Yqsc8%YVEuvW^T9mgZ@
z*RO+Ne{GZCGWJp>4{DFsQ{bc;4-%9G4Fd%O+I#4LEA2XWR-6ma#EO~aMagqqaTjf5
z8Jtm?j*QQIdf4ctK1*!LJhA%GZKNUxtaq(098S161#MF#uFd5<AgC?FB<xy&3*Uj=
z>EfJFVR}2+6?#uZwZBwBD8+a^3Q#-=Jy$y|GJiJ93=Bp$fIlBIS*M^!1XU=wwC|x;
zpTf))Y~AI@%f}<Z(&aTs+j^8T%_QOYk}-&$e*hl|U*f1&PF@z~;K$1xCV37gt*Xbo
zJMk~O$yTe@v60qf3-O^~Zv+rJuGEbIUHMpb&$&eEPHDVO4+(Qp$eg9aB#95<7*U8i
zQYCaI%;Dm%aIx|IAuGkR;8%*4N5Vp5HO!*M)ed2lqs09ffe8rQI}DB|?yP@!+o*k&
z3RLbHe-=|@?!q+Ur+P?3xVP*A(SZvmv~IQ<{|FwBChlPtdJuz&BY2CoNs|4gk@WCO
z?J#4je#o|h(W`)_`_zLma#re?L2_QMNk*vQOS?43Jm6;#XiUdieJn9By)ayYcteLd
zGEdsPlwEZ(hM4qpGzwXRs@KN$?mdvMvaVr4BOOFBgfK$=d!+>ibw5jZXr2c`%6MZw
z8IDc|iMyQ6>cxa#8v0;2w1^omq@XXgPFh5M+v~K)mIMpjVy|`$IVV8@-=^e2o^Gee
z4p&iGw-u6)m<^uc7ZbPuYi-pty~NJ>l-0%<Ou@d-2XIhO_LOUx1;;naPSy;Wy!FHb
ze1A4Ja1cMe!}z(n7ViG+Z=o7zX3%CSTjAn|7Lex*D`>W~c_A!qIA!|OTayCaHAAyH
zNF@hCeyFakRm=KGFNqSOkt9U4odv%Tt(p`YT4J(2DVo0+kDgzo0a%h(Uqgq7w!clU
zwuI&LJTnoa`A}<f7Sf3ljF8>nuD<H$XDiQ)k;v%2g_~neNaMFSg2z+EQ}k!4MxA<D
z0?uo0XEWg%42a;!D}tk)uBxM-`v`&Eo(GObL{`6Bz>!hJYYSjKP`S4&Cp9!X3(a0Z
z#xrSG0@?>JCS3=o<%2q~FV&-R3$lV2RCWEEE{<}Dc}h+jpfiK~KcueGbZ#G8m=f@E
zAs-1#?7G%~FnjGZpsNPb;yRi%y|pFxoPI=7SU5$;-RN{BkK#bMBPM!DAe@bN7A6Ku
zP2x-mBnY*CIHXlG2E=I29+bT?Bl>($Tfj1r4fwzqF%@o|Mp+#!7^#ol_~d~k|N3wl
z?HCXh4@=i^ZV~e|FiKc&!)~!RJ%ij73XOku83nTDCn02=@ot&MkYjPCWLN>dk=4mZ
zaIE-~Sasz=NJo=eZ4{l$GI)@i-79>|;uWW;>tC%kr3YM1f89qTZ%Gjv+pLJxOW>-D
z<uHS(`H0#;?ihWuiJM84wL}H?r>4bqKix)N9tkASYf=J6+^KDxBh5swg8={am@uD}
zYa(%}WpCX;ZAspAP>jE2F!L~>_Uu!GvfX%u);FuPlapVM<UX?Qn0nc!Jb3z=q$RpY
z{+EL<g=qbImr~mS*me!`Xx9aXxkbBSjj*RdL(uzq%3t~HZ$up+S(_x`U)e464oicp
z%Rx*j7JSRXwZ*1`jO6U#>-63nI`8?$3QbK0t6-)d{6dzRg!iO^?Iait*ws}u8#NVw
zgCiWq-|vgRLoAV0Um;(b$I1)T&^262qU>$2!xW~BF-bFjCKw8IywhBMJY6J8a{Qfl
zn~%V7+kYdR?#sEf##d$Tmk2s@=o<!qte0ubu&9Q!z<XX42}5o0jcY<3#==?8_?i8t
ziJM}e53DJy=q0+kfbaNwJ-KgX%<fcckrwf6UU0g9=tzZiO&ld;HHoN_`UM9vU#*o|
zd)<XCH>(Sio=iEIsdo@Z2t^eb@o*)sn-A0PQvjPel8}K$S{4grjm`9?^=doDaN6LL
z$Ol5s&=;;WgA>iJhn_#j1Z0B345=9N{%!Y$nS&rc>x7U;(xQ{(B9=af-^bmmldpNv
zuRdbsiQB0rn&Uh5R7i2Sa%SO<a{}`#{<_R1%7VgH#X035@*Q|(*GUo7fPM$#EWw6B
z3h@4p#Icv;Ch?msS`Oq<X!BGfMTg1bbU(b?yR+g&yF6>&se*q;g9y~mQaw)cRk#oI
z6ebtUKaCfzgmS_}(HQ6Y6;Lyw>WtP!>QGLch;Qc2nY~&0Oe7v3$W5kQ#y{6dSZrO{
z4ACaBVbSpUCL<9Izv&ih@78M@Q;AKVnA38j+bpDW=<&c)l~EjZLEA@vBt{Cn5q=l-
zS=x6c?*^bs=4rnE(VAwd`@;Y35EEYGw-~sqsMcI|C~~k<97EZ|6X4}7$QMq>2>RBh
zX_F`Qn)zdiSUE`PQCJZ^8}xhe$A-dyP9RtQ6lE#RU!PpYw#xeO?ms<Fw6N$4Dp^-*
z5~f`od6#Mxc0C|`4u2gv{80tBt`3@kc#JfJP|T}f?@(GOPom||mM4}34Fe(k&Zf3W
zA~aTdWk)<#(9!wKp;dR5QQ)#8>HH8Y5=YEYz!fH(ILM}=XBc(``dt$~Rc0r+=CPHb
z)Ej9(P_wQfpRTAtB>TBQ(O+IXX3_3?22ieaEF{_vn{8T&)|H-tiKO7-eTPxC7>6Eg
z&h)iM*&Hq0=y$kIft?$N;`v_f;q}jx>^6GGjuadB2KKUS;MWu4$Uc2@K83HFC6@=*
zKIesW6!IHk>%Mcj%J5lu#s^XP4_bPeI<={gA!DmJyd5voeDC=88^3FGD9lzkm|fMb
zTQB{=d=bU@?;^5{b#AWsCZO0~7$lT<@V$$*w384PUgzW3jr4scLd8$;>Rx8g#S;l=
zhq9O)3b*!&q~{nKQch}}Kx*o6M($<dk^O$*3h+8Gw?;_|ikeA@v!nb}2va^33vsMz
z4y%N@FY~NgMidhp+5rDq{f7!m>DN2`ki$<JZ7M|gg5_;QGHR|#H~6$d<-P;JHHG1(
zvDaUsOqXnXd{!fjgOd(z{lGzXL9mqyC|Z;0*gCQ?NY@eXRhXf!CKy$lOLx1ZN$R!S
zs2a_cK;!q3@vS0SgysTQgacd}@=b`TpDY~Uo~0r#z1=u{=tg?;#?GjCc7Ze^B02G*
z-JJ6CQOq~TWR;k=PoFQ%ttNQ0>p~1<@)%ID%``$f7f|%Dmj3!ykZgI^bn7MftyE`=
zv2{oFvzHe3j~hC4-r{()%l0c|$+dM>%%ryx{y~dzlw_uoX}l%Ca8Y}@#%wHV{dTB8
zpi0-EW{eopT4>}{Ve@&Xu327T(>qG*@K|N!z~J@u=!)ME+(d>h%J&i|2_8Ur{?{y3
zHZTt~@}gqkefK&c;H)Qjo)t8|OS)k=<@9u8Ru5FX39H5oM$uKF|HdLpH&}gwT`gY=
zNubRFT{X_pTdM#b+$b`m$bph`JR)sP$X+L4#Z)ecT{WCLkl&X4%8XF(Cumy0O<5}4
zx+^~JPGTfB=o+ey$+WYc_ZKiJ-%-zv)H1S2$N!Ouy^dQ@q|JvkHzG6Q7N1*d2`qC}
z!;W|6wmpBmU8MHi4|)AOVJA$$ZYM+4f(&?wy=6tGzh34!wD3R$BOOm>8B#%NDA{!I
zOd=JS1){w*J9txxhmK(^DV??ks~62E65$%P!{LWBHmSkGS7~sRiNK-JH?0~0Lfo%u
z&(k9H?J8Vp(!>?aHCK>C$hZzmzAK3*0T!Ut1dPN`vFI0Pfp9T}<dZ_oU6h%#)z-88
zt^5TAwmQ|%+s!u6^w&p`w~+f+_zF|n=#PNyjToBx;YbO&)bQGFte_1wrTqqS#UEN#
z%%k){mbZC<U(#@e-TdVtVx0LLg1<z4S3bpZQ+whLq3v8WmJ`^p3-XIRq+4drMh(g|
zC+rX(FDtR@-3zltqXu`ukYMPUeY=I<nOTFN%-?k0o1?zv#{AlRRrSqonz6sg&7T<Y
z6nh|>hqxDrOkIV0i%IHx7yYbw?8v_t=Klu(EkM%0?Lkt2Q$VQAaspUrJZ>f}7BNw*
zC{L~33D37^?2_>S4yb84v_l_)kr3Gy9?(Jl`)G2CNoO0;Cnssha9IJj00D(cOB2I%
zyTQHH5Y#0I1~VT&Qm=*HD6Y|{o`wTl{o4z$tG*(k%$s*3_j~oDck?{3!jDVJtsOnH
z9fJc?<|vcgkG+JGOES3F3QfuqgTwcybcGx&r=mt6EedfqT8M@yF9&@3NQwdAfaY6V
zrhDWvty_X7bQrt3gJ=+o`w}J?FSWB>rnfjmf5zMME&FlCIMnr)!gbV}LxhLv9EDe;
z)lc(hDQfRKs)b+XqDgN36|}l}>RCuI^x>f4HMczO@QKZpzX?qv>i4Z~g=SNKnFjM9
zz0QCBlB+D&ocuWX6jjdPsUo)KB;_6^OVucgFaLaJd>b`ZDLYNFJt#QJ=_5SO_4Fg3
z_G*dIlWwH~EQ%b;-g0GhRte)h!W#)m<YqZUMG4R9)~<Bk-0PklQ#Cr$tq{jnLt1Hz
zxOGuU!k}n#w);U3{J&HLQ;&h6agqJ@yBtLuoJs%8jJyf|^#WRFfY(FvIup%?b#Wvi
za6SKp+IqjJ-A=#m6IT9pj0R%C)#SmPgcX8>k9T&Bo6+gK9j3j99>(6p(58?FXX7pZ
zx4=_^JyQ_!lv%Rx)w7&lfEAaeHhQqXTT~w#LL(P|;~QNf^C#|=zjQu;hcs;z$EKH1
zWX`#I)|K&i6p5*8A^f78pF$M<%LUVU6{+X!yj;{gf@>Y&8sy-})OG^N{zeQtpb2Tp
zj$$FgSz%#o8YV~XJ#cY{0cCG0Z!=bs$N0tT7=hpyH-;X+sN|NWDrxJt)~fGwv~vE?
zAi+l9Z+P_U1Cdjp;tckyYqpjm&3<{M{Ra@IKms{~MwM257GmF0FU`QsJx3z&jL~DX
z2Wet3hxH}1C-t7j7dM5>!1m^Q&Xz?Mq^Di$JTc~8>02F++m&$z!^nk2{<apsE8X76
zcAxw!A<A~ej!c2R^<-|N_7uKHbJT(w*QI1)b5%|2pp)TwPpsB2otr{)p~Nh^vxy(=
zS$g+veEa!_t%j)fJE{@`K_ooBpOr?(Hx7FaqjZ-<iJnMNghuj(VpDqNg9#bZ?kvE&
zZe2*cR%Ja?Ozfl?DOX+pt4(-T(K^s;F&60t9}jxU-Tz#DMBHQ1e04Qq!U&WvaL~Ax
zkZYa}drPhnF7tHr;np~b7I)u58_s%=lkDG*OkZ(9a0D5Lg0_k_{NOExxIb&e>r4*}
zcsg~iY+}Qm#d|iK!Cc3&FU|q6_Df*6ycqzx&fG$a$$@>o(!wY5gqVHX+qWTja)&me
z{6yf{*kXa^rf0A|X!dvLoZ*%p`o_7$;K<Am@fWC0cy1qIBX|2ue}zV0ceGlMzE*fk
zj$qBe4-sf%a;X*5N3D1LJdD`U&=P#N2_!D-$4zWNao>i)L#ZH0<UcR#wcKw!G{IA8
z*l2^IBeL6LwA*^}h(qc&DXUjgr=}c%czw2vk_*3u3caa-&jU}1JviHkD>-i4WOB!8
zWX61BncB^7+d$82oszTWEz9f3tndjWbWFmC-9uD}{tXVN8=q^0cLW79A(D;ca+E=8
zcADkQUAv}G0;MK|lS@`*eX9X`e6?j>vZf#~e7?+fm4@jj%a%ix^PM>3l~R?h>(uWq
zfo^5Uod~E2Z#LLj#maqJZ>iZ6cirFuqa<^v;VF~_xj##&bP<q_i#}K}ypRRqb$yCn
z3uBf{gOGF1zPMJq+<Tp;vi$!VEj#&#SW{(*GQFR&rjw=~_eXf?h~p2+rp$67-Nlem
zEThrqV#3@VKo*EDIxF4N4WI9V*I+=^k76pNE%0F6v;Py$XV8)XF#;rfjet+2h_^}Z
z>9_^`j9!xa0Xxso;$kvj`r+hC&kVP`P7)ycw;X2pw`?BO29f^<S}Tzrj)iV)R-Mc^
z?<2>x`2J_PY`7xG^91av=4!Z~Ha2YI8~?WWt9sslCX-%Z?_8%A!;Tw%=8gP1!Jwk}
zM}H-8$ORjhlTK?Dup5w7N&SCs?vx9VLa09<QG9MTYLnk)+>h7vq|_2gr{$qlZm2K>
zL8+n~Lj08N`tq0!xnFX4#$#Yp3RrEC)XdLO8N>}O#E@-C8vywI-q)A%rAf1*6EO|S
z+bj?$MCumby0eGAw^V9;HK|xzi~$Ggg~Q*E$s<V?L)zEVPPuFnL+WQx8ANN{zR5j}
z>_46i)^Sb`z75a0PS-d8iXcv>(iiBLz222N#_HonQs5G~!u9TAXehwDYf0)6U8v1Z
z9Hkac03F=h)Yy2u?{ozu56i|zj^Pp!U^n(DBRH3qJ^k(C4U}>DcNm0DVvEr<kka4=
zdfT$@fxhRg6j#yNto|}9umm-hNYPB3ytKdwGjH~(CE<-zGiD@G99z!GU4k8+=3<R}
za*7W&g0L^IlfBBW`>lDedf7b8#)wVh`(}%aV@ovOEkbe_rH=Dv4Z<5!mnD%6TF(cQ
zyR`%}=+{nfV6I&NkZ?A6Ui&ZO8L-Z^(iR{OY45&H5=*b+&YdjPM$~$Cq-M;uNqsK;
z*{0X)Fy_en;mb+a34OKW*im}S@!z7X>c$F>*Ml?7+;xbT>%S!JwNTy<Wb3qL{-uLQ
zF;OZg5}_i9-O1tvcTIeN%HW8P$5DUA7Skxpp~k34xnZ3V%cB_!ya?d>Gd|>N{{|`#
z>JDm@kFzo<O8?o$B!k48N|%0ct<d%^Zs{?>8dQd3$iv_Z7DA}Lnls~haPKi)k%JD+
zO}o4Kq9r=42%vI>lXjFMz`9l_AywrBZwJG3)NcO-k6U@OwUfPWfH+S=lvra-)BZ^s
za5R0MS}5k){s><4ys2*gYXkDQu~X+T{^&6h&0o%9ph0cR)HG4jU@@>-rXHB^o1?l3
zG=|j9lLVPVAsDF)<R`bfWm^dM7uV2Kk@<AlMW#`c&7d*97H4ZPjxo5_9p(DBq3%_M
zU^0k2kcyp)F6gDfa}V*;wfAYo(Brpn5T@r<bG2^pR@$kdzmbTxKLX+wP@vn6_-G7M
z8&3X3GfbF)d_i*zHZhx+Z!|R)q-b_afqZ}T(c$gG<|&bvAooriRl_Ltf{bssk0k3M
zg4Nu}TXEFUmtnWa51~(=1=li)&{-r8&_HaQ@M9%nzMt{H)}Mm~_|HV*Y@<64l_N;7
zf<GgnPDV7yLB{Gc&HkYIM0ceR-XOF!fPaA|88SPKqRaCbpKDO>pNeNhaOY^F%8T=w
z*P*iZhl$U~6SEldwj*f__#X$c9qX|a676TosaPGAG!B7CtUg9~<1S4X8fRHx5geK4
zU}bPXx5zUNjC11wDwc`I#!zcy4t7>cSCgGJ5d+|px+1Am7^EwW9#?_bRL{PHv?3Jy
zQ%fFlU`?#_SD4SuTy!TYi(^L(<oy(6`zk|q{7F+8I;kf^KH~wt`>sg_=-%A;8sm+-
z0?;xvM3OU5s@}vQgJB3^A@_FPcJa5LTeHVS&jf+=0pOc>>c(dfKPF>>4HO0}{hwYU
zs&+!2v?%kCACdIXqmHeszi3D$^E0VZGkhJIvG<4zhfsc7t-Wo+xLV3B2#_eT7Q4j5
z{1XntU_tnsTo)$Y1Y<yTh-YHfBD`1bBai;LNJBn9AJg#Nd_Yl)p+UzdIflV<H+KkX
zF+1@ES#m>QRFaa%h8}*5ud`2ZEyw%-8cYe18SxFH6z`Zq@-Q8Qd|9I2e{<v>2nyKr
zqm@_2{pUOxIlyy)86?4wY(RImS?v!Hk^q~*wYtAse6?G-<qk2b;{5xe2P1<#s-d#L
zFbrXSQ{t3V$C*T5I7~iCZRb>Ks4UTGg^(-M$3iEHBgiqXlbPL1faJjpk`!@lc%v?H
zW{*u?n`UNsb>4c`meaYjI0QM%W}PS8N^I0%U&@igHGEQ)|3n34`&sJ?mS)*^p!>_8
zu(s9&u^1*#%*U_VvvClcI%&hZ>i9O#9At$<dU;L?D@uv=x3wgQkd&iG&LUzoe$#V$
z>{D|=hO(DTE?ari?47r(kh3?a*ARI;Ta<@F-G@9<-Ht8PZKTWqrjMnl5_ib|*|OTr
zwT{xPPw}FhRSw)Xv%1TpvIz)#W-<I)QKRv2!{rPMz3K(eL<=J1aK;0DwamUx-pJI$
zd-`@fzz2%Ql;uchjze?<`q~G}vpt8TEQiw+Ne<+b&PHq|NxBfMnHldXq+XcK>f<&h
zkVh}PQ=eBFf+YPMSK1LV9&r1vzxK8Q<EDm;Plt>?2s2-1v@&D~(z{yw;!dy`z*^Fr
zQ-T3U7{UggZ944zx{*dgm|oCMnDUh)lrj(e5PohN9<3ww6-gaOqI@ub)jNhWO~6Za
zVn<;;-+8bYIlBsZSZdc&RNI62{np92yLtMF8(^M3-IvwOUmE!1yB96os~f1hw+ro3
zy)}k+x4I_-bSubUhNHMTN-9FdvS~*c_o+)aEsy6#X<54a$q311t2<l&?FGvqRNu%-
z%W2U~P?!?e-oA<-p!jA+8-ryY{U<c)9Ipt~n3&b-cqgD00iU{Q%_Zw(HP(s4XlK+f
z=lY+hBw+hFEc9XZwFQ>Z!%o7!G;Gq~kXz+MSr8l{nWnMuR=lt$d<A~e4?SExpVPF~
zf${WIi$RiI<d(7Og+Nz+4POAmSk<{C&J5FbXovt^!rcdN=YVZY3Xrj$`3v*2wMtV-
z(?h|SnJo#>g<LP_Cq;8e5zN;S0On0GZDq&z#=Fh!<t@}@g7VZ!Y-B}Bz?Y~5fdUIv
zrRAMI)vomEqXC+JHGt<QEbQY2?^S@y{y9S8g|n=zUg36t@MB`jJ5>Z&o2=!TYM;kh
z@KAGV=A8p|MyH@Wf*S0kx+B$~^dc&rMJ>gkR)DQ*MPniNy{;r3A^gRCrgbN^rjAoV
z<=dX|WDA(dR|k5|wSBtQ;{{X4)5PguSjdxBB2F}^vm#-`l&Z$bLr6Q7(irR)>J`sj
z<T<|(D(p^SA{f%3q!o|ql)5TPiWGXSEechEJRP;dbd(@XLK+yoX`8lZ3;XXUi7@s~
zW7V)LZ|0%9eJ*TObSw-Kdw|+{()-8TLN<`S;k9%f3j8q12I*Aw`TIn=?4T~v1#`n^
zv5WwI9<k!rhPOn)*XL(xarZrZ&B<|qe04m{*W$0&Uq52en$exGU8I3xuW!rR0A)PA
zbepARtj$Xu`}gCGWrFQ7xZ%cq*B^`=+)_7i^CkC3Yk6m~2{Au<Z}xCA`FKUs(4!PX
z1<4jRso*;_aiGNlX0C~4IxiZL*F1hVS56@&bwX(9y%obyjB@{@Z`w!?uG2HQN`-c=
zrRmvxAH5L$I|>^deuwmC((q`-<)Z5ttveGU-ddrkQ{oBwW9AYwYR5gKrPq;#nu*7!
zu`$*YATMI>oTgkb`b;WX9FZR#o(U=_r*3xFr#Hq`30bC__MOo2$m&CoV(+_5zBvNJ
zW{59KCEN!gtO~Iaw<Z9G++5_|b&xZn8wQGNx<*D59E6?_QAR~kaT(+Lx9Kb2HX(3#
z%G>Nh(A;n(+|HJp>UnO1=?nl>>n)k0%b|g8eCs;;@B=g70QN(fUXu-1LLv$>3)KrB
z7v7ADeb#`SWD=lnnYy<}&Eaj}>r&fu#`DNje5-|b&#ZfSgTzF?J4CroG<Ju<)wxFw
zpk@Nrj>;sM6o0caRr-loYC4rC6w)VU8nh`1Q&qZ{{Je%5^h30j7MjnOLo_jpxm1ta
z8-tCxh*6e1b5M*p`pGMl)3;{F1ZlQA4a5|c_u8cO7wk77Sg|eLWvaJ=Iysr})!)F=
zHGw+DwOF?|NTUT~O2Lx_ij-@bk;Jy5&{}$mt>4(TqfEtFnoH)6qhia}uD`DBQ;#;_
zPKKN$sEuG;-4w4+5SK*%_rgP;_ii@8J`Ymf$DKa1KfnOvZ-4-lF*!F<d#*&Y!WL2j
zSlV06;b}`rmB9`xckyf@yW`Nr5?n<0Unqaa?hT0`#990*^})Z6b+J5{r`I{#P_I$A
zel43BP4U8=cVG9JGX8Sd!oaZ4wi8Msq_Ys}WZqhSej3;MEeD754jR9Qxe6*8S%3!B
z%Tz*EPQ6BA?=wRhE#*+#Rv$bb)}x<6WRAU9S>GSgEec0n(q$88TDmF-o8k$Xk=!!&
z9baRaoh9EeS!BN(P($d>8=6{z*nn1`j9N5y?g&D?GK6r$__oB*t@q~H2uAUCa=4nG
z)(Uet+us=SUlj0o++s*~f|$$c+}+^3qIvvF4YD3au7{n)d{=FTyrQaKQD+anB1q3#
z<ud2f<z)N882PE*zA!MLtIdk>`ADI<|Fl^6mm);W$tdRvpn!`P#Hg~smMaN04mmqC
zEUP>vb|3>UKf(y#nf?e>(~&ehZh-17<3hWgn&hg{)V{vAY4t%TNf`N=&6(X;0<&!`
zYeU{zz>#$I$Q3j!N7otHkg@B($#J{4$0W`UwC^oBS^keOo0FhM3INb!d{{?H!?`>|
zC_N>Vf<A1C2xky=A@Wn`hD@}y^sM~m=)7XPn116lW0Zun5f&BYE?acK0hf2&=1Rer
z*I|Ui9zU;LzCexdEzW9ZX*}$OOCekF#=ozE&i&Ljfg}n$2vjO(;YMz}i68{nDQker
zEQi)2sBN|@;0DcZ6E?@raz`dCtGkpD9Q-Y;#vijXhsKh;Mw?L7Rjc=3F`1MlyCSEh
zP}ELdZgo@b^Nhw(2E}B>y)07hi~Z_nZMOo1UM-fyWJ3kVPkZIIlSYiW|NUbUL4-o`
zaxs~84dO<7tXsP-_<Q!3Ia;#V)>0jp14;i-9{mngIhRMpp~ob({kq;oA_Y@`=%}q{
zv>mvrYzqz>FRwLw&1#oHZ2#x=Sl42&&O1wC=C;kQkQjrgZ8wKMJqVyJcV^%Tvs<Uh
zv3e_d9%>8PHWqND6Ao2<%o?YigPZkpyk{#J<IkBv_|8yjd|HgdM<&TsNagYuvYoJv
zd87c=qE&l<-2?JI%{%BhWc_A-9g&WB+^!(NU?SZ&zP2*!g(X`HdsER7r-+UaxPF=Z
z!39~O8_Ww}fe8I4$@}MGxR%y>I$cd`{rnFq{1=2Da}C#>A%tzPQ@Dk??cRr_5=47Z
zOaIu^Q*B14gx$WoGxmV&Iv6Yu&~Ir{z38LdSHj6YaCK(nN{bkl?!Cym!N04@b^vAS
z@26nAT55<72hd(k6;bK^$!xft#qaL8aB!Zsl`n4tcWSiTnJ~z$qM;R7Su;XxKIjBF
z4(vLs9c|A`i0<-?q;P(cF#1^}*i9BrR68@dd9>8jk3uMZS#qs`AYjfoA@EuTd${3@
zETF_4!}<@!<Mvy5u^KXM(kOfOCcUo8?M&^TWap!v0pVxY(#JYFF478F5^H7&5~eU#
zM66zZ+~(;TNf0Xl(Tt)UAsO8mGegyWp#@3S-_EU-HqANy(WM9iFW(NGWIY5Wk9AuX
zKft7;9}vc6Eq!;xq4YEPT2*djk^WP_Z`{#R4uU<r%_O}Kk9H+3d!m%7;lLmvbytp|
z|Jn1UGke88{b+3GGZL%h+XpoPuEkakL75PoaBMz&UfQkHY5_&f$P|eg;k`$P3KHg7
zCN_`?Jz|VRTR7&NFr!Vrv1Jy^HeGknrOo>OM1&#_-~FPcqW%n&$`E^Gj4mo{26^MA
zdZSn8>op&@7wP0Dr&(0a{7UsKwO2<~3sX#EmGmsv;f!SW=v&O~ti7U1FNm+PbjO}<
zbqu;?b=Ssn{b=TP-X#TW_55@GvHmn7aA;kH;a^_5hx`iV?4)&t9&&tBX2~I&D$2(&
zePsK<DB=L_z0=oBD%7dRI%|`-p2;m?1J@)rw<4ES9lm&HOYxk^3=f3P<UJw!wt!d4
zHp$}Fh!PYPNqAnVl0}aIHMG9!Zi709jz=t@m;&a7>(xl0$mG7I+Gc$6M@)&(BCnw{
z-7^_DAd4Y%1>EEj&5LXGQz8F$>ILkovk+X7H5TA2YIkZ?Pt@c{Z2bDK+u`Z)rhRTR
zurGos>LpLb3+xwjau4yG1iD@!c5TCmhRZrGGc{cjYL>*}8SXRW1b|6eryznRH4VHc
z|GBM+j>K`(=4}LYQ4#Lv1;=Q^E4Itm%^Dn@bCP_$`@%eW@+Ahl(*RX41Hl5xVS#9Y
zI{Svk2vPp4Q#z0J(uhhu12gS|h0fe>qg0T7E1ByTX(HH4q1<g_Y@gAz{JkBzQ&6SL
zpyb6?E_eRTYWE<&`;HZRPFAMZ3^<=wvkYyUTiAfrmf2y44&Gz}>@JaUiebz<sX&TU
zoW&CR2ahT9VcLfNPF~D;y@Lu&4ES7v=u14}6z^DN31OW}D}QtP-&6E6h_H^49!H~2
zd8b}<UIhFoBk951EJ1&2$O&wyhVCnH=t%QckMPF340u~l*hQrB*@0%F^nM37*>RJ0
z*w(pDSAa*tPa;i-I~Wid0x2z7i8^Ct3IX2xGu>|Z@bZ7=c=tR?W$1m2onVB+*>X{w
z=s=itm+7gK5#N1<$3nd{?MPly@<-^_$C1l8N&c+G-{y>`1I;E$Gi$G?x>bUduCmhM
zW^&uso?HBaJgG^T5vGsXkHOK6BZpgvhHjMZjAekA{ldGv{7#a;HA4|(eNUuQ26v(%
zfSb4xjR2IEM}2Zio*;-qqaWFYK2l4A=N0|i2o@xj<do|J8e(~xrBAI;JG*~?`rb_%
zHOY$a*7rTJ)pUMW1BAdGdJ;peBkQ^I2qecL5n&ycap=zj5fb8&@))-Sw||Y_{|(d=
zra$j`ie9(N*fiV)R+Pi7o(5TINIyMt-YHie_(fOw<R@Fw6`EPpf(OX}v;cF>4ZHQ-
zPU$<Uu<eQ>pGS)KspOIVc5H~OonP>a5nDUJa|dl!jv#!p|ICPsG6wc7c<&PIi0Y<4
zi2088DOCG{xy4nFuAAB--|Pd4P-H)Lc8iMfYYZZ44=QS6d^!;oBu<g5_|O)S0L%S=
z$YkHp@9!OJooMhLjP7rEWrq%CE#~HxdJq~t{6eQ~)$zj<t(Bh`!d3Z+<s6vlgq2UG
zdij0Mbaw?p$|#rMkhOPZsOwD5QMd2b^OFT>zcZ0bodteE|9$}C22TPO@8sgzgqI`F
z@f>&POE#@eZzu0l;%pmef@=PML1W)^+z28ok+}Wn7z_?ljAAz?PhAl*=1Zj=?52uK
z&*?smAphfLu|I{7(bGJ#Azs6-=2Rcjv_(NJ9$p~t#1ynW?jhr>4U0shLnMB1@Pu*H
zI3FO2MJqE|cMneffdw@MW}%OZ#fT3M${2umPOj0Esgz(qWK5du=76LRe-+pp7nl&`
z{+q47O9eXEP<b`}XTLYd<CD>{@I9?EP1KfI&K3TQ7?GJwPNq%`6YmwLaB+@ayyoM>
zKnDT?#x5qt<tpXVoSSMY!|m)T)w!pF$7sW(x1{VHaK+16Du0B^1IAOf@tM%9#}Qix
z$({O^UV`F!)VF;qm#2lqerMvd+zx_zPRzy+qSb9PDVl40%)2ZeYi;$SZEv~$=~J)K
zr_06*OS2Y43S}Mwq++z&8E1Q?XbV%wW0UeFljQoAW~Ce)P^ge-PsGF9M)-vX+8L?`
z8}}(WV-u1?F^W%4`p(ard)#x%2=C`*hI~Mkzxw&vTq84siD<wN@Sui`Nd(m(1F+0D
z=;p+2!zdcU2hL8H;k<J$poSHu;mUQxit-aK3$}p}6N=_o>+Lt~?&9&Cgz|7Ikv0UQ
zt818sF+rwLiiME|`@?F<4^IWmh=igsmIQ960BFun-W+ebZalXb6RYMleSk%Mlnf!R
z;sCWnzZMgZ)=Md)r$iL@VqP4Dp;5!5efKa{ycjwAUbH;EeGHYQ!8BXp@>tdf!-)le
zInd;m%yeWOTgW7Y4{Qod#J^8qmcmsCtE&&I&mcvk@}+tvUq#Z{_)nd)F0N_+No2+i
z3B)6)!c#**^Ex1Ys!`_nDU7;|MsMXwX#0Q)_;Gx1jmJ>jX`$8m`|MFH|A?WwIuAr7
z-Hdk?*w<3Ylf!&tNtpFT^_t7$35UE1sETwaFL#et2@kyzArFCUmiQe3M{If&W<Deh
z=|%^v61F+^6JJ-ldh^g<zId%tx9dLlPTHz1zPjA#nyre6JPXIe0Zw)X@efsZ(kIaK
zftVJvuYHq6zC>91(&>2JgjOF<7hUdKUA*Des1lIbBF3K@cmV&Iz&OCSgV_TZ^d#DP
zu`;u{0g;7?_rF-|%@z-P)^FEDdDezbfE~P+L<oOc4So@>a9{iE9%RGtzgYMh8<gTr
z<O&h)z=CZ3JS8u#ludE1nn5W{AT-c`O?u#IYNoyQA})Y1sYNUu2xJGa3VQVZ`Rv%}
zK~@T3OA5^n2VJc;Q;B@sm4|0gx3a1@uyD$Xh$3|W)c!N_zkzh4&zY=HTLwWrj*$@P
z8K^_YN#uPb%&oHw?EG}@JV`bCH0&(F@ck&ftz>4!vI#f^{f{H-29p$_>4FHlj+3PF
zE9_KJCLddEX}-QRg{UQ)jc}XGsaY9hZBN`7M7~pyR*jO%RC7LIJMv#EUE(Q%vsTRF
z)HdG3*$}#+pd_4}*1CAZ@`Qb`?b>&sxOo~M{F4o(%H;!M*{5%Jw0QJRA*rvgZi*F&
zbBe>e0j3NtQ#tOI!d!>B=;+DFClu<q@8LG>8?1^Z&$mwj_e`e@dK!)qeO0990U3`!
z!M99&PcZ@o_Gb5O7Q^fx%{g308Z1g-tCetcq@8$tFhiyR3(DVs5~uuADY+=ayI!oX
zEu99O=qULwW<br#P`0X+husTvZ#OT)F=5^{)MdE4fIO(_SD`PtIB13GoUSLdS;W4w
zw^jgR^KKFb!?k?V<1EMD7z11RukQmf=4MG~*GW173}yCHx5d@YDcW!AUi)k#h-^x~
znAL<+)V66c)s><~yFjkMciu5sc(`)P8Qrq_B9?ScLTbxB(^^|{zal+e5Y2|-uDcuA
zpBEfxKvFl<TrpT9)-s0Rm#bFUc1icCm$F<Kq>BT)#rVOpanwaim*Sn$9V=fpHdji~
z_rt?;@Icx){Xrj*cnX2=E)t@1-|pzY;+L#XVo2iKA-{w!7||&Ekl71aJy6l!iLMWL
zsxzph`@7!S>NolNjv1VD_S;q(HLeV-y^eT9XrOsOdzhxTecTmDc!n_AW?^CWbR1Yz
zeDf2DpTeHBjcmIwDHIYj__KZEU|NzYlTI4vqb3C(lWZjF&Kvg;W0!H(lJY+&NAyg_
zhn99hdoDvM^WHFkw?=Ht1_U!nw{fYlu-A6~y+uAvxC1JE)lU~wEXYBh_wxW{8Yd3W
z3fx2segI~S1c`AUK<Wfeu7n)I_56bhd9W5P1Lt~0;59cnK@O8u1n@Lj{4s1N8Y>8g
z0fGgS(BNrJXOnGSg$!4EB>1$ww)FY5)r!G(s9<Z4j6*~v@Mqd=E~2Y=mfRz(a;Pzf
zD)t3{Zu;9p`HpzMX|E|yD1^NnH}I!+$j}clCp$uB=Bu(mOt0P%CenB9wbBZu7#mTP
z(a6|`R$tzSevMGw83R<(w>(-TvRR{X#uJ0GVe{u!qshiqfMaVIy^r1;p;-x>4YAEU
zW(nsS3;HZ8LyS_&*nT|D(!YYHgYqVhuFX}+3gZ`=&&k^dCVh50y!?eFHLU3Vo!d)5
z^Pe)&Bv5CVuJsE)!A)QwKugs~$um*9;uWuwuP{vCT{`|zBhxC|-IX1|lMP{@(Qk8M
z2Q491f=hSFa>2unCI|rlxOko)`A9U5p+Ev+Km#13R*an3s5W@@h~8ftAIea>$n8}`
z$HH&Kws%GxXJ`0^-(=KhH&WANGrPtWd<zkI`jriX$#Hyh8TC#vb*4$IN_NZ5gLbD6
z2kMGO8!)%CByY@B{`~}su2iB(J3X!jqOyOuvyLC@jsUfw`*{9H%<k(9L)p1yLA3Kr
z+*)3_gb)7S3nFsw6$<f09GP8a5-z2xXaF+<jYqEKxCx!;24o7mMgXyTfL(f)X^evO
z#Jwh7qSl!OP>lHr6%lyW8ACCIgOplO)IA!)0h2znmokLO14OKNtyxF*NFRcKZ=~KB
zg_yqrh*^LQv?vOaO2vEh<*UxUJFd86hcmS#-G?|%CUj+cYBdf{tTy8aVb({HtG@{=
zon1v!I=rM&CCP-pl_Np6rK4Mtop&5|Oji2H(Y^s6I<cNK#?>y>w86FL|NQ^*1$f)p
zeLE3dMJFI(g%qV0Sn*OHFK8b@h3t>763T|BC)h1bkflHXK_Z*-sgL92_<5%TYG9Vo
zT<|!y9VeI%z!HYaFu-jPX6~iTtx54x4>$+jSOI76#c<n!SBJH49($TW`Az25E$me{
z2LZw_G68A(#%j-7a&@ja<+EFR<u<S3msOF8bDqYn5a|hav2rxoFraO|{iWBuE1xQG
zAkO%@(;ntD)CZ=-(i~AuS$<=DJ`|G5LfNco8C2HEa3}cPgeR>u4X+nY7?jaNAx<Kw
z`&PG-nSgYNWn7~2g7Fa)Y~M!E-UN3(=KSSt0^wC||9~FYC6|5rLlXi*D53mQUC2n+
z=XaB)XY-)-gT#4!D35Fa&%P?mlp_V3M$J)!x+}$w$qjZnKj&fk_*t}*mE>6h>V{&U
zD)I!?e&uU|=YjGtFI?LSNG`EPx*kzk@8??^vw?<V=SqKdTw{o{$%oR|kJ5pG2%9vD
z-Bi^~^Az+n$6y*`JaZYX#K(-75{&RRlnhG>0A$8QNER-0R$t13L##*44hK)aAyy`^
zLH0osP&FNeKbpd>Y(EwfiQBp_SL#xOAvv+^wc=buy%B%mdmjkS-<sxTbTA*rf9%gj
zR!}GPJRiJp#9yuniymVW<v{$ZnjP<R4_L+>6(pos4C4pcSkY<er?KyHO|-DPdMS0J
znJ=BAg2m!mEiy~=6^}rfoMna@Ll6yfaf-xCLp$Nk_4VLJ8Wb1QZL{0&E*c#CgVFDd
zDC~Y|1d1Ot=l2=y%G~06>&aE1S&KJ}TSPB*wZka01_jh7V)W$xSk^EC*%JPAtBd(G
z@u<ykb?M$rY-(4&wnnB^wmBkR#!GM|eIC!H@AAER<V{}0I7)w~QSem&gKN(&<gA11
zhN~I1_uazqzU2@q%H*Hgiy&x`iXdHeTc<&KD*-Hcb<DBWf&}Nt-J4EAnG#7{tz^!8
z6O3`@YGUn)1g)7z98Eoje;<^Ky*GL1EjedR-N^1yoLpFKPy%R4jt#S%CmrCSp~g>^
z5Ia^(rP;4=SFCdD;tGiY(IS*TK+Oe{Wnfi%Rn5z)Mx%}yU6$*KNT6<(n&YKSsF;_v
z-z*Xf&`1vH-fI1^%Ri0YfUAwUF%|a?M@Zx2p&r#1y%4{_Cp8_8Cmp1)no9o1^Uy^M
zVnPy4X>6g}Fj>P@Q~^x2L@&d(VVPWaD|*XimYy42$)$c4nV+=>DFczyjilNfxtOd*
z0qW@2AP7534w|K5UmxB`heI4Xl>YjdUhpr#gPQ)F(Neb>Du#!JK-Q$!9-_q63P;ey
zP(fMRjuP{cabjt<k=z(O>Kp&MWk_MuDf~lF@#nHO>_4ji3YywhyPn9_pF!NTMS*Qn
zbZ23%l}9=?CTI#rbW(FfjHpa!3}##z8P*kic*ke8tO-S1UE(yD);^@R45J%jrAqM|
zb)s{6f(Qm#{f*-<e!Z9uiP!=3IB<Xy$<7X~NpZGQrAXH=f;OdEG*H0B7Y43dl%Hkz
z&qFJzz$#XpSSqj9h0G`Z=U^VvXdWcKDu#}F*2p+Fq+H8%>-(c^FA<TDgQjj3qoS?O
z)B4wj@7@xC0~SfN?&hteoXvf9I~QAAe4}?-dyCYw`IT&`#Z87!2xppM<<!ip<F|*F
zzp^#OEf44im(pr69YuxWo&K_{)LG9NUo5`aP*|41XlG}Re@?YH0{WWsa9YC^xz%+e
z=wR55$gd(EK|VO&TB4!vr~E$3IAbv*MhkKU2>32J*)lKxWoa4o-V!FB*D|>d+;Ej5
z<*$9%mcHI<jL7}cE=&FA`tC&H^zZQoZrj?w-`=>b8@YGUY_^ZL?DXp*IK?+-vW-YK
z3jm_ae772v574WCC&zzLA`TvqVf=yYt(&MIBxE}9Cwm(ZPvSU@oqIeKqm;pRzn4W9
zgCs{!+lHl^sVndm4Tre{YP23Cf@~Y2#rTiKxRL`d>u$ZdlLuGsK5CXmY#6)G9Y-2C
z4{1ShtxxByam%A%Y~0RZ5pX%OzJ5Z3bsXwHFJ?o1_n2eE)Z%Au`ul##ORN*C!0q}{
zV*rQaBoc+NC(Dg9sxp1~6%=`9m8!A7l%&Hb|JDPcF48lzxLFLHK&<yxTP#|{Lo}F_
zkm{G=Kvy?@HHlekeAYC%n@M*?N(2_XFt7p8h>0Az!;wGf<F#Cn>*qS4#wXRCBX%j}
zR?feEIpVMsa89jinbzD(igl#KwI_NAj>{Z66=!Ut4n{@5Yw&-Jc{o%ZQ$1*_WxhtQ
z&}Oai<)s4CSBvKcn3`0~27EmJ0aDJEL+ccJ`NMtr`32`_j{5gifDT?sh;Z9QFB_}7
zJo_;7vRYTcWh_a&6~cx!wcZ3{^RgaVF+b0Tit%r~IGteoRrE|SiWr=ua){oMfWYv@
z&s(IzUP;^PhX{?3V!PFks(ebkd43G9W(i%Mu_i(f<xhFWXguGKsY>R|1p%WmAzm^6
zrydKS^?)5)6%Kn#^pcJqJ-zvI7&i1^E_pD`ZR?m9GJ0fq+bgJcJJ_*r3G2iOM>e#O
zQ6>qhG!;YNEbeH;t=HscN&eMf%)@5*Qe%98{t8jj32Lg3QPUu8V*SlWtvSghY&f~c
z-rw!z0T8L#Fl;c6W1i-i<94z__+6Jd1X*>E^b7*IH<#uW3Q{AftK@&grjbw<-~Ebp
z?5CPR$aF={-p9>oTE|ZZlB0kbBEJesNs8aygMo%SYK$`#C;}rD&4t&TmB=axx;(vK
zF0`#cx*TrmY^dkgVoAu?MU>4qdU@t1`&@wY(P<@j54DNo^e=A&UU9w8rv^Q*0^=Rv
zv702-@Qoj8Cl^^Ne&15NpQ{Kcv!;uVGV^x>vaFe|ues-?3L$VL&rP`Fx)#T9-HgFV
zk-rGYrXfg|5{Ey(X5iWN=wqO>DgN}2F&FDgueQ0#TfOV-7;4qNMf+`@CMKi^>$kE9
z#eLuSd)`u;P^3lprR!+kbw~5T!Ag<;ZP$VH!5gYv;5N02;1*pIphYPs8dzd-cqQjm
zqU#K|c%F+0%5Dx)@TSnmB6Oa)@bNzj%9f=Ta_MJp^Fo=Wom{Uffu&yMaLNrYqe_f{
z%?#&sg&DIwX3c%9Se}9G_{=`nvnCyBZr}HBeH7OPuxv^21g@N_M8YWl%DD&o&5gdx
zC~m*GSHKC&a?krAX<^5**IQF94ug>{D{;ZE6KYOvM*G!Q%{Kz=LZI86$-sn({Lw4P
zc$?vNIzOcTE!pIOf=Mu6#dLN&07m9rt{`C>jxcY4Fbi!LTf#)f>4CS`Cx3Tsj%v$y
z1*Ltw6ye<p8<oQg%+8?zh%J4@Hn!D-#dy2p9?d^IRNB^5)Dw6tTI|-=<xv1EoFhNS
z;NTPROy8pguo!Ui!gyb>@s@ErX1O4yHHb8DJTZJA7jRg~Vug{$Mo!R<c~JBp205bN
zqzu}R62uy91X&^V;|Pa{FKT{|&zvj_nt9m!Z*$BGgh*nT*Z)(ek4xmHj1y@H-I}!|
zD*`Zj1jFli4Ug|}MA$%|*9zW~XSIr$s5U!EnmooWYKbpQS=-#rUqS`LWV)dn5V{Jq
zG05{+&@NZ5o1E<4aoZUAC^bEJqj>rVJhP~%9O7jQ7H>8jf2Y3jp-q|&EF0-If9u=J
z1xdMRwHr9ERct&@TCHL23wR~>@Cl!s)rQN|cxfWzUae(8xDhn|y1&k()NW;Lq>!09
zJ1aDHvy?+;dUEvk@k<D1CvIoO)YHX;`4&9&71{CffVkb|K5au|dj{kC*&M8vd%Wv6
zW4Q}DM82lk5BTT`TGuD3dg#omW3MX6o)~XOAU3Xy#n^n2FAaGP@1zXE+z*p#JrrnE
znO#m~EFeIPL@{S*K+i*J7$(4#V72JoRi*%~DHX`0Yey!()*N==SnPlursgU4#UxIc
zycm_S<CFUh*%1yl4-7vbO1XzW+!`Men(!N=_3lKz;S%0T^;ln_lnS4jryJb&E$Wd~
zt>-u2T|RF)yQB`^$^}7ZTF0dX`Rnfx?mvp?R<Vu~eyTTmd)QL%cy{VC_Ojb5K%>sj
z&$(Hydt@a5GsZx6yAOYs<~wM|2l%c7*jMo(>&XEr-EB#^f+}B9gEc7?M%&YUhsJB<
zE#WC{7(v5{@@qB0my9wJT+tIDo7R2aeZR4X*f`0iWMQZ<GI6^U^3R+PA?H?tpCm$s
zdqk^Ctz-GUhV;Y1l=2xwu3)m_^fH2HQ=CjYIWJ;uY>6u(X{WV>+Cu)$(|&fnjft9Z
ztA@<ur=r8Ebf{u-zz-+*KN#H}+v0e|j)o9<gxn}>Qi;j-D3o-iS$Chfr`(ra(yK^g
zk&$USqYt*>(aA+1vuVAtx|i?fsh=@f&^<PFI)vKO7=rf@R>?&+Q|&P`i}!Oetnzq}
z`<pW9z%Ar@weo_RWJ)3dJqn#kHwgrbfOj`>r*yFf>%K{n;pCh|W@Nt+(sA__f|%I=
zyhp$7fhcmNP+)$ZbbIuEB=R{KPO90C%7bpEXbJ+I(myx96VY)o<Za96Q{R`{PzI;V
z;F*(<H(mSr%l=e<M2T(XmoaH#q!=RRd%$Pmwd}oN4C2QH)%^~pWFr*8mmg5XEDi3i
z+uWMLOP;iU@|uwvc0)=p8E@OrF5y^ONh_8Q>?-704{Du%@>f4_cq2uNwDFa}7Vx%|
zsV;w$siv%Bs*JLTH+lD&{pd58z56(XdP#K=BS({_z<2H~VzP9sI?{b39S7>(F&!Xn
zHd%4x#XiCyG;O*JM>*{*+3hKF*o}J^mxSVU7V*w<Z080!@ktABC9U|^tM;adQwOp&
z{VpNsnr(R#?K~%OqyG@WIcYCK47TjWb=gXp7g`ZzOZkTpgNIv&d(#hrb=3nN!ks}4
zxJ6*=utd0@_nmHe3g%0~3JU5n@N_e&9vQNzo{TT!oikJCs?ENGa4XV9j)iA1G6us(
z#<3=G_OmCsp{kCI9uf?%2Q*X!B(h(@d5woOHdRRUw=;BCP5*u1_r`z#XQlsbP;<C9
zdy%pD!@$y;cLp_v_GpQHQ&h6m{Kei=D?pn4K_XYWB@!`B5)6gEOb2;;_NrQ*cf`OX
zAvZ#7pdOts6|V<jlesASYfPQY>ZA=5qrvbpOZbFSQw%s2-C@hY2?vHB(CePos(wUV
z>`z7$Z(I6Bi<l|c%MbFE72<3cL=l(%OcIKBjTwlV%;wXx5biS-7Q_{knE=rZY<}c2
zWCvjTe^!ytQHq`wH#F5IT%%)Yg%Mk6iDl(e0)N9_=_CyLL;9Fx&Q7-xfoLdhUP6v4
z_>dlP(aTYLmC(|q&hF^BOrC{eOqDpLtAU^9H#sUb&6#x%QCC6imK9i0=1U!b&HWjh
zqrbfcV%&xzsjYjJeVy8ly9-Nn+lHzf>*ucm81K%>i%Fdm3L)U(Jf;N+!jY4tMSd>S
z{Xs+{1}Td*!yGc1ef*}!X^oOeQMojET$#d=TiT#pfzFhhMVq*wmUHAQ*n=!p-JnGr
zHU|h~uYkVOETAAV6c!cMH3Jlp3mZQ9jQiYx2quitH25TAzK3)7R~$6g@L4MO@cQ2R
zIP$Q{r9Y{YG+4Hok0=buJasAOTKC}1K7UIz5wC9WQw<(j;j7Ma$%AHa?YLQ|9<4V2
zEMjvWmYyKWHcfiu3K6VM@4)gXX})pW{EA5~eQ&lARmMT3REWN?o1aQsiM{KcR-F<q
z<G7ed;enYtBrACv7ZHT3Y`V*o@qj%k4(ZWIAk1}dC~l2Y^q-^%O)0p4Y3z(|`WyCJ
z#A~rL0Rx_uuBVM(R{D|ArK7(jP)V2nC;byhRlNSVqHy`UJtwvkCDaPaTUj1dYEqcy
zw|$?OC9HrjX+nS${mR|uQXjp?K9kc&T!S#WwHQ%bI(iCJ6WTA<`7}3m0mxb9MZHde
z=m{}SiW<UxHF=jwNgP*sM$W!+X5lRqiGDqh%9b$9p4drf7w=7fiAfl9aQaReluuE3
zAhE3|G`sNO%i%OjH$FB4_Mr4(SM66u4!@Vcb>#|PvGan2N}^FNTdQ+r{yA^By{z-1
zyjcHxF1;fJjcfcUQ{(TPoCaL4s;NaOyQh$5VR6y6)DBpsMll*Rd@qHH{n68Oawm;g
z_Ts+|p2C+NoF4ljP$Y@;$qPwDH@c(R=1_fvD1=ylvgV)^dzyo-sABdtF$Ll2iXIPR
z@-bS}-*P6eo*ua;ezBm2>kUGo^z1B8RFRz|sdk@Gq>Px9N{&<vtUL7PB@NsS@Yb$g
zIutVk2=_cztkf&k69zA~iNcUIQgA~}Z#Q;CoCgrboWN@pGYW0Z!Q(vEWe*6#M&(Xm
zcmJK&JE5C4a!qi&wd;(>6DYr!i=}w1HY&%fWviC{lTvCdD%_DDuMCT#-^0G3dlx*a
zmjBQ^%H!OKa*9nGpa-^V7ppq2oP!8vOWwk+WvobLRUYXz8e<xHPD*Qg2+e+LkW@<B
z=U*Gdgmb|%6cb@xP*qsWWTA?QVivaGg`IxK1NEDy<ym8#e^tdVpR4mCQJ0hAFSA5e
za7K)b#kAu!Uw4MGc)LB?%olEk__>eJ6-<#}_WPi1OI@eF=zo^6AzHUNj=k_xQS9Su
z>)f4@dVo2z%;UY@%??4cS$Q>l<;u~q(Q3oe_3cjQgfayAe>OS7QT+_5#}Yb(htom=
zAO`W{vuvR<pC)>@)Q}1yg34pRZr6=MUDqKhH=39RqS`Erw68>wBv7*8=%Q;qLsA8E
zGv#b~@3frf0#YKNz&+6LV<WQJ`oJC}Ex#?_%#CZlpMRMF%gNGFK=^*5fI>BcnEYhM
zI}sh?A?d8G(6@u8QN?IvsN%h3R+R0)2U^)q$TU&#8gmAhzOfkm=xvY1Alq)vk;l4=
zK2Pm2Qa3=Abs{QR07mQdscVSH9i_dliDMp0O6zt=0pibuAS4ZILeR-dEhmRfw1lRD
z+E|u}jp^TFB@l_Q-XdA5)h<S{9<b}Wxea3v_%D_&#bm__4pWew!86{x+@#Dxta$aQ
z{ipnwm5W-08X2dH$%EX^=cd(~6fgUdC91C+6g=yDMnX_e(*Fqxou|Xggca|<WjJoa
zKN1xAysRd8U66vpYIDXWiU=>dKB|}jSOms{R%G;Z^1TsaYeL$ABpX<NUo<y-Ru?o_
zA0-gshV2UIIAo_rr|n4BeSX+lXMX-(76E3!eEeWV95Wt^BqRZj#AXqWx<<y^rfmOB
zHvKlh0yK{HLl^)aXcUHy33_iwu%%)PIAex+08>8-3h4ojmD?d9#_EtLYF%c@W2)Wc
z=kB3>)c$c}!b1Yk)-%x-yB|1=71b*7;++OD!2Y;e*C~UHTyKc@NM0D2#nqn3gpeWQ
z-J(0A=!-!r!@aa1>>yV%0h^uhAX55NCPB6Fz+$akIuP^d*KDY@`z+@s>eN%?28;2C
zK`94Ed#he!_nAD&-p?iLnT=|yo<Z*3BxcL_7LALNp<Lm>0d2!u@1-O>M3BOx^|~pM
z{k<8RR|iLR`|LuZTac5vS4ajA6^is&)48w?Bu(afuc)WE2LwD%MsJ3zCTaXPq+1L8
zcX1~l4j-B|<tP2JX`id0w|^@e=n8!!O!GB#a6j{PtqSf(LJ)a0<cNYPd@D_7JUkgl
zQED6$Fi+bhw))flF7)dy8{28c6V_f_I|FS7{g0l3Xyog&3hRlTI7YE8%`jtSw9Z`2
z5r~DV7?T(03^a^q0|!&P7C;abA&@mJp;i>t&t)d|MDs+yHg3*PVGgmcTW&?OV>JVi
z|8E&O&A&iCL0Kh(oIx;2uI{*C^gqP-%!yYCbiE2>(960+F6}#rc&Ck?1*^eXzB@GH
z+YAO_->Z{X^6urla8PES98r5#SF+YC;+qUH);xdyMDF%kZcZH>>y@q``I87mq3qW?
z2q6;EW^32%gGKJO$hb}h?j>2s$+tnM(Uq2aqSW3QiM$=^@M>dQPzYthFs`Jw`>4s4
z?q<A#4-v&dDdnxEzNdsqK$f5pQIa|QQq(H8^4?d+<azR8=tWJuZE?12769SUMK3in
zz3paPuA#GyS7W_aOV<H%jJ4pEr&tp6^Tn?b7x3kD-5hCnL0@cjOU$DkDEw075P4z}
zNEmAbTH%>;T8L2PHmNe?973+Fk@Jhyy#MBAUz&`9VwfL+#v$fAE!F94aXIZ7eCAu=
z)G(7|VfHABNpRh40dnC&>TrOSVeh>I%NIw=h(4=VoyC`LQt-%yyB!Kji8}$ffrl?m
zIqvy#%croZ?#Pyq((me~>^AakhFXbFDGlVb<(Zp_BviJtFvdBwi}6&E`HV;ti9XAz
zf>v~~VZ2iY>+O+FpcLt7naMZ^1&>VRuo7((%EZEmqzj=9zcLz#{Um@|HTRa^AR{2g
zz_8Z28<Q0?SIC*$3mO2B%C*E4A~D#cl_Qj4<72C0Y&(*uHd^o+)xQ*vL!U%r?D}%%
zM(*|IZUh98@!N2-jO24ibJ(IjQ@orxt+6sIONpNj;<;-k@T_pbW#zE?eZv+?M}&Ht
zTe5r5p#1Pxj}~)3+4BZ|s+nOFvzN)Uzsz2vhU_PL78RNdenU*%r9=p`;a+IjfYoQL
zSYmtTu+)KRNsZl)fTWu0>|eFx`_(IXFUYd%FZQf(O}KZapQgy{<VUv`V6N}ZpwoX(
zG&}D5o*HOdm(!A`Hv7=Ps>=F!g?6&dtJBSpaeU??V5T3si?$-b|JuYhO|vla>3_qg
z`|ABfB4>DWZ1J4fnilV|;|MK+XK6%IZ#Imo4%EC?9giaU4%kY^;nL5`@7W|#!>_9)
zNR{y-cJPt!A=#L^WVE>NHbFIk&^q?)Lfu??f!eVa{y5PMB*27?v2|i>U3f{9|6Oqu
z<j3Z!IhhfR$pJrh4=a%nN<nm~92Ze$YPxUTQ2cMncK!kdlN%-`>6xUtVS7745t;^~
zT8^GwIS>ERzmyU5RU0UU<moN7i$5+v)}+dZj8LJ*3#R$r2pBC=LY6*{kky)Y>nq5~
zMqg>S<G^D*<`RHYmhV<bO;x{sZF7na`!b>rrUXI_z4}Aq=UIj;YE>K@qPgxxidTKG
zLX*cWM~CA+mn*Y&h&#=}jpGo+7YbzbK1a<i#?BIecZLmuv(vx>K(DNpdK_fRT)R&L
zb@#TnI?eKCtZt{uEKQv7-^go%1n$oaw|PIa{~@zBGC$|_D7CV#pXD{+xdyaj%2H``
zHKQ_dgAGNAi}9Yna<Jp~P=TO~_At>Wu>CdPjg3>OG>l6&A|B~`-0nY?l4RiZb^%1t
zAguoi!B0MIOED0|RRoM5sw{V?zM9)gn6PkVr!UaI16(6LX1m6<c5PDu7jm$mp1`{-
ztEzCo$e10ZS{oAU4Ft;a%j0te45TV`b^Ah#2JwRBy2~1zWI0T#Q$WgF33hr@uBK$C
z`Bz+t`6Xrkfqf3F#anyiU{RCu!${MaWekWsn@->MjegHFOh5>SDxtT1*zqO6BE+bo
zgs~TvlL1aAO1V?Oy%b~T1bK7lM$}62B!jAK(f~g|z`sgzdrvV9uBHx^gD6Dmg}s%Z
zUPgEr4j3P{`gZUUcO~FVtN-Y-68ivaB<m3TtAWx;&BFvBBICl<IF4(?&K%QhfW^4{
zAlbFv{*Mm_y6>8z`}CS?P1R(%n&*E1rl7f;7a3xWh&}jJetP-Mq>VYP(Z~1@RlxU(
zIE$i2ofPo;tC$vXKArb4veAZT?D((`8<6mc`(LQ>^>hG!wRJUJ$MhrLM2_E*yHS;I
z3$@64j9HB)c|Y|=Vuh(pda%yTz`4XrC|F_=1fFnQ-4JrWiHHbPGXU=?d*xC?w)9Jv
zNJ}ZE>`^8*E&oQX<OL0ZHw3kqApPA*Vb;cGM+*P;Dtyx?x197!Mq!(G!AJ`}yi5Hk
z(-^yP165^#(-Q*>t{AQRS}aw*9<JGV3m;3WTr;pc(s_W6Dc{#^TpYjD6)a@CEi`4G
zqA*s}9&NmM0Xys?m;mW8-aUQctU>Z4ML^gyDB>MWvEx=7*ebAH6=LB<p**LW;8qy_
z^V4&natUGeo17iiZYgM9R=M3w3|c5hXxxz)9YC6%cv6d&0OfY{daP-xwAYPfX$sHr
z-NX^09ayFF$OLBm@GCR)uA^arfwd%pSFW%o|Msd*jTpF7JveHuRsAh_0*I*(Ir?F?
zMUm^wie(k~Nu7f(VN8&{s1(SE1M{?%vo$)9*}k^RrqD^oc)JyJZfJo$s)&gHuD7YP
za9auyKc(j{=<>zxAA=O*auz%ekJhX#y}oc4>6DZXX?M$^#j*O$Spg~aX?BJRe~!-t
z#sjGZlO`<Xb&A$>Z>c?K!<*Fs=9BREF;|&Lkw2iPw45J`-~k=&5BWWUKxNcBJ$!Pv
zie=US(!D4CB|~SUSFRF|^u+*@WUu1Tkz#-w!Ygsja;`70&aTF&pNgR-(wNNLyzmn7
z4>8a%`(@zWm@K%_h8d{)pg6QHxNL=Gy2q9cve6&p;m=9`8C#rXXV3_)L!l{s5EEU{
zF=tB{=0g2V(or4lrm0c&VEegx^PU<5gAXVZ>G5NNSB2ljsSNX4A>z*fM56lzS;DU1
z`?`wKp%=p7LERYNuH(y{0h#HoP#2#!YlUn9>XD0d4?<$?5_U6P5t4PBAu20*|MA~`
zGilL#<QIj7tFy{|Kr=T<xbPG|vKA#lPP!mCLoi_PT*>WGu`}gsi2BXWx^blTF8kjl
zuXg-AlNTi5D|E!W;^oZ&(H(*qbh@$0N;_-I43hb!R*$Dv1GRP2Wa+{%b7fB5?1Fx%
zhuk_;AE8J*)QrBhLid(b3wTj?KR-0|G_P*FO{dmO279OZbA59JGbDk#a>-N+;}H~C
z<1l@aKdmh&u9LB1brAKabBpwzn})RyFqp(C-p&e6x|5`FdgywvK%u%ShN(#DQT)l6
zHn(VRGQKPs0112@?-p{0dU+4hbyx4H^lUP>ojkP4(q6O0aa==y05{D-m`cA_DBiiJ
zPHt>PjU<n`J^mNMxk^ulb}LBAwq33Z1`jGp{tt05JW3+wp8%I6N*BELFg9;<oIo$?
zot4GeZycF8m{UY$c0^pYpqL{K$dvu7DIvN7qc-o)cpCS2GeWgzKb8edAo}Yt@=}hB
zEe+9c5|Ccz2>p$d^Xp-BJwWO#Qep5Z4M1<BNDM<|Zq_bxiLanOZO?aMedopE1u`*k
z16r~V6_uIA!luqZb9wPF6d$F4nCOPIe2icj1j=Gqr_ZZGw*{`HwY#wRVyq-2Y3ZLK
z17HJ);LhrvxOM_4@-Uz6pI~gd=?jQ#*h2(iZ-YV=&lc>uLU1pVTzcIshhnPHTfn*U
zjs00}KTZQDwtfxsgX~yqn|f(Fgala6tMI^~GP2*^EQE4UlFN*YkX8z!o)60a=C?Y?
zT5GzY7&_Ooc%=3+yBsI;i}6X#6(!i`IuD3<5^&L|9X9z@)kXuv=F~>Zuw3W=0yIlb
ztGp))+i6NY@&+$IH@a*x)1kh`3j|daPDOW5{G0Grq*(nYKNDA`CrjUle7Vb+mqkQ?
z%N<Q<=XIseK120gW2LxIGWCj`co^-WepLqCI|(54gnTBS5A^N?Ue=bap8-!x$FMvG
zMIhV4jTSix=)M@81tt23A8;lpAU*+AJb-2Z-?EfHe3L#Kfj4#2-4(M1-!}k$GJ=tQ
znEr4n(>tCB_hRX5TGZm4=+}ZMTJZ0^m<lwQ4-377)HkCd{8Hxm$BrI%CeqNvv%yID
z<(1aS*;lOZ#U!Me%wMMOAOgR68gS-u8jO^nS<Hpb^Gkq(V%Fc<PA{cRR<-iUQghq*
z3OnT!wEw|F#ke*{2hGsTuhhq*07wCAyI~C59Cu#*z|ZYB^D**+^BAtt)(1A7W;&v)
z_Qin>aY7l9VZZ*-ji=xL6c#;~uLyCmPJp)LdBC{o5*Y3RSTRFN0TOU;^y!#^UNX!M
z>NxEI$r)QWM9Yg_XQu`|u#-kQuv%-7!0Q}|PH3a|4LlGX2yzz~IEcT?w6Y#k`Hxef
zKfqbF$l*B}d1E8qDGmex>E}bk{wFU7OH|i{C-14n)M9S9y?P&whl>J@W-Js(`71|u
z+U*`!J`)qXo%P4V?-s0VvxVQ5;24(q&gV$l{;)-HO+5NYok^#KILFj7EYfpn=c&54
zoe&BDTH0IK9TBEl(GuAiQ}zxU=<-}lB{9M5*PlLoNQm6aLi&V3i%Nu#ASXpjXpFYo
zhOMQn=XO-%YK0r}KL+!%<0+Oq8sK-}MQYXYaKw=+)(EGX?36>>5IGq?Y-WG4+2Z=F
zh#Q)o?%f*U8<ks;gH(r9NLZo^ToT0QPtwhNFPqmwfdImdUBT3|yhvmUkbZnu)hA$I
z-nc<2tLhAm0v(x#dY^C<J80#oqx^~jVaO#kS*43JnQYM+STSpp13mvca8PtwlDoVA
zcc5o^f#^#kiv-4d0xkg-2Tsj!62oN~76(KETM+{00&8ysB9KAMG&In+CH~Z}uDR+4
zwdX$^qflx+<09kbb_3jgIKp&1Dt6UzT-gBb8iC`96bL~|HRT~t&Y1Dfclf_v{47X6
z@WBtx0FaH&cRv|t|K;(CeHBoF%%8V?nC&wPW3A4~Qk<tFyDRl+)D~0Bq|WLQjq%J<
zoc(XgK(Pr=UthLsa4`1UVr{~5MIX`R-V{U|X9APB{bfB<RUXLGs95H8)&U9OQ}jIP
zk_>33i=7ZulqhtuFh1l42jYnfB3R9_Lc&5}bZf<vm;PI4Q8-Aza@TdkM~;MX4+8Qw
z3JKwDPX%b+wJ0&;KlJ*xV!9UtGl*6s94;&Z$~D<7V*C0>so;gZj1QFy7wa2!z34Py
zv|zW|Z3;{&D|Kz`r~w4V8mC1xb4r-IC%OGMU}SW*2>=+e(T`&`CUWBfYY)ICqQot`
z9IZfzUQ?AFA2_t0_Z{k!#gx^kbFeZw^5W*y!P+6cnJ|n!-ZWsO8l%HqfMqBTKmAHz
zGnaxyBP%6RHVlcEm{w8@(bYAAg^km~nNKo&id9Qwp=cSGs5TS5(C`LlE<zlg0t|?A
z-!k$&A-IP-P$m_9!gy+jaQJ{%Fgnma8w9lNXh9WD9CEJ8rpH#@EF7Kk5zyD#h8GhB
zIZajM0n*(65PZ=d<igyDydBT^RW)(0bnX~0#Lt60ed`V}k;$lfOiwFeCI%iPIp7%`
z^K8L)6ec77K*;X0pZDo%gp87JZ$40N#1`5{RL+@VzJIl<2opVB!{+1_4TCF3;l328
zcUzww%+;Lb_a+*XoOWP7km=sk9ymv|TMk>~DZ{Zr*(cHBsrv|iheznMNA1w`snoZw
z2;%8R=-Pt9o}QqegeKzrs7|9S$96(M%(qy01$T0a&ZE{NRIPZOsNX)75<FnMXw~^4
zHCyXp(s$Pv9Cxd18bbz2iby-GM0%)2N<RzuXhZ_opCSj6{u>Re4A>A0Gz<DHN5D9s
zX)4iHFFhA(@Nd-og&i2RtWn)kVn4>Zql#USQ34->-@tYbB$L-3JVFK*Xsp{aqrpTL
z<>eGwiDKO?%VW_N&P9eX8JzY{F9~VBFZ%;1`G_Hg@WW(cq*9ppr4ztUiMuvLgXu)%
zYX*%h+0rPa3rl9*RcE7Wn|_8?`fc3!jIAjZZCxF5q8l1|4z^LagV8o{opz)MwV}HD
zrvYzfpM3!y6H((CLb#jTO#;aeU!;`EXa|7eH;D+BwQ@7uTSeGO5au?0R<}~2uw1D8
z@Dc7TJXnx#ek~w&w^UZDMK4&v7@;b$6N(luxW$!h21AXH`&J-Q<{FDfJ}ES|MNwr4
znRo!9{cYG!@8tj~@dm%xLC*FoNJO5(9b=-hTj7Ltq`k(aSMMvK>ejnq->>yE@38dR
zHyc6Y>R}h;#kHIE^c5pybB<4qX&7C6E%<#IZ9daukbrtLW2+vSIhrLCj@zqoi>9+U
zZY3CjLbol|QXex<UmETp9w`Mol96_r+Lf~TgsloDT39kH1kRvC_Y$DRH55_goh8r-
zNf}s}%frcR-oDRY`&W-}P5wyW8_w_$@4L}aa>BNSTH-(TjI*)sSyDyG%j-XQWf_%z
zQKWq=Ihh8{5JfQi9enMmt5wZb*-qc!Hl9!qT!MRTMer#M`4pqBcttf{fnV(%^r3C_
zFM$3~LI2rvd~&oggXRCzWU5TD_WfA4yPHt5@>$y)dzJAX6d`SJ*@eaFQl=e30vE8c
zMhoAg@$!Ri4t5Y!XI*>I58qd}P>nF`2{={8Uhz@M>vsp1bK6hP`keK;Nr+}Ou81w|
zQ*quF?gLPRf*Ub>F!zC?(lR?VW*oN4W0_?V_Qbr-bkRCQ<jVn|cN4iu=CbzLh;k(M
zmXIcpN)g#xb5mS#cc6rcm=$w><dWjMhbHcj!RyxwHq~?V>1stKUi2ThHI00EFh`zb
zInd=-<a)8(N9-hqTWI9Rk|>%U`w&9XqmNt(I@{rO!D0h^X|v=@?xpE2CQ)G*+GVxV
zmF><x2&@#&sHu#9{Ie~b@f8+d)FInR)VFKVwrSc5cn*7^ZK+#9Wo;37)8cXO9(RvG
zdk{CH<OU_h?h)gXVq()T`P#sBhNHcS^_w8ouZnicdp!UiJl_Wt-69#F9mYp8nRvSw
z-4g4t7ug~bS$ieNWB|-=|KV2>ODPM!D~pNL5w%YNPh_e(gsd>%;^oKVwVRUsqYX%o
zMa2%;6##n4UVOfk=$H#EPi`Vz-v)XjB4j?$WC=ufr8vxaF>MdsKe_TyFFSP#D`HTD
zBAm{1>+~7C<V^jyi^KBvC(|JW4%Arl9=9(zc@VK9xk$u$62=X)(=&l=A&gbKm>^np
zZ%aTxDekb`k#2;I+o{0!{;c!*mb8)*aJI41SxwKgg*+#;G7DR@fy8^`qQzbIFnlo~
zs8!6YUHNi~oNO80vD~l-#V<vAHCy@4;iBj<<}Vn8HUOlEo!?0&GUGBdf06w<$S*Sh
z6IHL7SCEoibL8Q>cagYWTMN%B9Cs~smkzF&YTf_r(0X@c<x%WoZKr>!yz);<&$!In
zR$z#x9o!jRI+bgehE~)H(Ew7Qeb|q~LpBRnDAiIwTR~#0II6xAfKl~ry%oF_z7yZW
z39|*joOs+3CO~kwq<Bfn4-p$$iNBq2LpLzdx1(s0KEj}40P<<9;k^nFqdQW0nZPQC
zIr+uGcz%I*is1lrJZ=~Gli(%#IDRt>8R?{Rl#`cJH^TTOpUK=XMip>-{9Gl$-)+Kw
zUBpYZ98EcsvAcR}Ij=BmDPd`O2T7rjP4-eNc=oFXlis<$a;pd+K&F=7rot<AVxCJD
z(~39DFl{O)pa6juV~$Q#!~$8IK27iB&L^BXyUVAvdO)o5`*Oty?{lLMYUs(>kT|Dn
zM&q95wpJe(dR1>zMRG@Xle7k#WYAxku@db_@$@ajud=Kz0A|s_)rRU3Pq)|l1E=z(
zuHkWupiDC>vWRYjO>~FLx(qS&ZVs{HAXB%S9XHnbP7UG_i8eBeP|Ey}$wJCg0UD9S
z>i9Zl^fqN-__+<+nWMr=w&$GcmCh$iU64F*fr<o_#tGLfRw@&rhz*P%L;HG(;=m)T
zY^o}F&)XF}hvR(Q)p6mRXOv@l^3hCdnJyp-F`pQh^&oygw|<wx6xI`KdOMSw(G$#d
zhIM4x&ddCr(p<+pdX5s5fVcA<D``*4F!s(4(R;2NbytYRl;qL3rY#dpW5`K~{I&mc
zYzSWRB&=D0zXYOhp>P(71-o3)2djmbL&u!j#l2Cq;ONnniXscX$O+Xf`OTSSLe(@E
z(!=-+F*F+|Kvf@q^x3;@l4==O;yvpvss+tB11uiS))+H`j<X3Y!c1v~4`8un=)Z4l
zgEZ$Kt_a%6J7vLFp4qH>dPU-gNny1?JiU-_)(J~<Md1z4v3DYC67WVoiv5ziiI@QT
zAYbO5T7o_q1gmO0JmS39+Jzn89R>wnqhmnaZH#nB8wvDfE*45G9c%?MBUYE=@$rw2
zo2bi$v=qVxEyU}cLk`<*#s*OrLpRmrh4R8qCF;bf4BEm<2kjrX#!Eddo%)i4=?fd^
zkGUn({bfF#QsjP~@HTad9U+SPv>M*vk8ae=!vR~RfAk^{%_V?J2!-F10-oBNl*|TO
z*@H`#6S~;V696edGL{~G<FC5kwpI>qbxIPx<^nK<?4wG=p1w*Rco<*E?b-hBWHzM#
zu5C&S`^vtk21~stZfu`4G?RT_)V`+Fx0>)+qemECpjb`UH}9MNVr7&!)e9}Q_K=6@
zN={%V&fmF%PcPruNr81J`jRu@_n=Xpzo&pH5r1RDzQ!!jK~Pj*e!kU4>Z>m!+VCSA
z6IkQD$7;JHErx&Z`<}{*>KJ)Xy{_FicI?oh@c0^Ggz}a9J+fMuzZcOXRa6T00(6$d
zsE^w2Fuw{!1V2=i>oNjH$f7f;tFwASw7szk|CrjM^S9s-^Gck>-%*xlx(3t`#B&yK
zSjy{CQH^C2`S<{2pTN_KFNQ85nK^??@)dI)lF5%&u7!5Y(pSk!q@)9(X0z_=H-N}t
zA`Yp@lEJ8cBO#A6p|zSIL3lec6RB`dknxR|`@`7EB#maC1-VqOdl<6^?v|;hAtMs}
z*5wTKFAyGws~>2p@zG{@znD5U?@!Ww;z&@53i(D<2XYWTd)uw_3oI=UAi*N1A2#)-
z`%#3_o|D2L-)63@lxDrgf~6e48XsBbenWhQ@<LH0;qVA5pbL_9w*f(@NbfxFCu&c+
zMtyA>XZL(lx|~-{6%!VuNde}~V?ap8FJCW;N>--D5t&iK)=2dC&DZE?M{BwXX5Lmp
z;(zFk^bhmNAHdEeFrZ1#K%6)Z&?8h$juHDW9f&8Y$sOWY!<k!4G-nErmG9+rz+oV(
z+)&r?1J-^v?inLL%c{9YLd`@L_y=i^0^`HY@7rJ$n7-I!BWBEV)neFOb%*l<=1(g+
zlV+yB1xz52U!>nZKd(EyZC+yWQ{K`ZrgIrlh$6~%C2kHzw5!6LEH|rmF;vVgLOH_b
zwbZa_jZK@%wUiBuVsoYb@MPEr1SErm(w3=~cTE@;jF3+6i28ZMyQt$8q6a=E2pc@c
z69EJB3}VFrN!s_XyCKHwe3eOhw`nrvBjiyZY3{m%iCf3OF+&u7yeQdN*~4_NnFx)5
z&eEL<N#)!Qe^EHb6Xr;-Aq;&Tl`09oqi~IREim@3qP~`<X`ae=#@#6l@xz{vMes_G
z&5YBVp>;kRqG}7ko6j8eD)x;5M)~3s%!-x<#2`YJX1CM4t2vsr&4K7RYG}$ezCcO&
z`GO$Ap9of8{4nSaskRhmByh`@e-gcpf{hhLcUu#Rp|Ea<;w-MDf|(M{KG3H~&C3J=
z+CXM+S1`zv;-^&E1a9+`)CCr{UrB=smjB3WL5iw<EkJ#%O$jx7c4XQe-smH}FYw^2
z*k*5AY#*?+LxEPAqHnZGE_1NV!S$UvlDGEYX|bZOVOHMy`91Qn3M?G9#L)IS28x?H
zC6eDb(L{bNQgnyDfeBp_)GUuwuKZ+<&M^JQZQ_5Iz1@73sOLI#!1k0=i$L3Rmjb9r
z_^`l5q_=nd)61dzT_daH4tC&;`fkN;UnJuZJ9>;K*gV&Ub0DlZt$`}{{1AgPpX%zq
zngNXk*Ro32f;=8GmyW^obaMn8xm-glNQ_bJ-)#LF;zzAK+va_>ayc8@Zpdomj7wTl
zLRaMvn<yK^tp-vBACOKauF?kH=ZJA(i2=Gg$m$fea8+cY-ton0)-rD9xK9FLGe&Zw
zKIzYO0<m0UY;TkOCmRXc5y0%?AHslKm^Mf%O%i(yk@L0$2QhMOmG*{n1%HJY@Vt2?
z-i=(bFXJs#R9WQZT4vAL+a!Sbh;oT#KQA;MdJ{c~^aLxX%jI1|fd5bV>j`*1OY`eD
zGYT^B6bYuK`$18f0|=(kQ68;1W;H<UvP|MpT}VIS{UIdB(LlPuPxEQxT<!ih8~(Cx
z=~}*`{wXm+<bBp#(Z>7YsQ?pgZwNv)C4qA+C9F&cyQIG-*78T2%;_<ROoQ@k-7l5o
zL1|?@bhKv)nH8BEYcs7KS>X|D-Hz@Q?ZaWasF%U^aB)i+r((jDaFAAJppoy|ndu{t
zzuE&uPe%*@FpU$IFRry^+@&dLC&6Ez@VKMUy}5n#v3j=dX5HvU<Y<_ZLLa7n$D3z-
z<8&j4UrO09IBUF5(?^Y^A=*3bY^r8mQYvMSHw-I514JxRgJrF)tLANf-oMmCENv+K
z@60Nb)fxo7Sdto(p?vk{?OvO=9XzWkl<v!%yaBTzU>cC)4k4lSHT1#!5k=NU%|Xk9
zWO|&iVt~9VXAl2LijZbbxYi(3JsAHACHeNX#^Q`prfSw3Zd)Yku@t7y=7YYDb7^E6
zeR1`Xt?<=ZZE5}E%6BYHzU&>RHXcSCpWYjh)?)bQJ+fNGio4g(Aw~eh1777c=q+p=
zbrtrk<q_|Kv9aosT?QZVl4@<+-bB{+vnK;eW$L|x2v8y{LmGYK__d8xyWc@R7Gv20
zOIq!nQtJdodc=HSoP{QFA>`8NXzBBY?i1aKOqHE%1x5)-1BW3ED3PU^q?bPW;An4o
zq{5(|NA{+u{K}`jH$}g#CrSh8Iz2&drPVg}`h!-~unrt9I6Y()PN`$uZ~?k{v*c}l
zCeN0-Cj+|seRbWm;INmTNj#@)uW011%GCrM-gLb<vEb};;C&Sx`=%rLiN&xPEnp#l
zV7k0xapze17@oWU(M%kV4y4Eo7-XA~N>Ow*J;#n7zbx}65wNyIOM+t&txOze)M<aB
z(*-n_0Ha-LULaeQdzf*qVeL>!IH_fVCq|pvODzxorh2$DFdPuT09=tQkmg%*Er9t)
zJ(eNL(Q=mN;<$ns&v51iDu{hl^+`l?sjkAlK`$PhVQ8G3T15)F8eqRKO03hgUY~xp
z5=awZ%uhPd*Ez~peFkHb;3}*`3?)#?O)?;e)P`p~CIPbFiPEjK@9EPhVcm>A>m$cR
zjl2ckw4pmYWt_3R3^+|0cvT#wZ8h|MF`k_HtI<eO?UKX#;gvkTE10cf!3B$7tZcYZ
z^O}5vcuqWJNWPtoqw3S~Q!tmrh@NXV36>a8-<=rp;PnJwI1Y*PSZ_3&=ir`%o`NZr
z<%4<u-C#WqvikrWQ)4j{S-D*N(0&SmTH$OfL_iM~Y0%or?QTiy-w8x~KRZi~c1Y3?
zA1{Ru&zv>ZIMr|EB)j;qe(bD4bWzOonsFk|{ppi0YZ1J=OHC9ib`xJbuM?TpE^14n
z=E0PKJXwQN1ZryqRMc=J3^^8^KgV9=4QNq%WgQXMP;rT*chyds7GFxAIwF8=_*Zmw
zJ?WX*!6pNgY7?B9T|DzrQ8aS?x?33$-srJ-94*Ih$mCp5zht93?7x5()7#W!AKGMy
z4{w*sNM9d1V79*i7F>`<KC!Qc%ez)+wB1p{2HRr`P<SGya5rxqY$LS?wl`)rYQSBK
z*Co0;xYR=1$@j-q(=N?-qdeJa55;LrG>Y<K8ef5X0IJE!5AxA`@N-HnEz+N`8OVip
zvvJ>!<0B9EI`3F%5})MnR*B76e)Rd9JF>&6dBeS9#>GJWb+YEe`e3@JnDs!Jd|%=L
z_EL?Yi3DGoY$MU*R68`ja}!X&vjMERo>i44@vd*_<L#1cR8?eT{lnK15U{`<&xmW7
zMSzqvaL79>WoiN;9`Gdl8wY&pmuR*AqueE0Q;hVc(>ZV*dEFtLL}8#fnJ<cpwS(Nk
zUPG1f{FCtYw;t17>|NwX_$ARFpm1~6;yV4ct1`S@eK$Jfv3QNXK1!gx?NZ#LQ$!7C
z6<Y<^A(re~*e!RftAOQBztJ)PqD%^BYUZ!UE!m-;`-y97W8YhT%QOin&V9qbb*?mf
zveqA@kRLvTR@!PbOzsd|I3HcC2#@Q^AGiSwQB{kK6P44o59efwW;+A!XnHxtvbOC~
zv{<Eoy*5H1p9S6h_+p$you*LWHw$|HPJ#j&73?A0x`!?3!kmb%*BjCR-y^QC1CJMB
zfttEi{Bz}#-RzCat~{F645Yfy=31g+iB)YKkPUZ9`4cSdm<xk^DvVy>J|1UoJKuC$
z@OLXG&f}>@IA2%Mg6CZa(p9F*FR}wLHD3hWKrGRfdC^$R4JqDmq0@WZReZHxIvLHB
z<gS+0_p5K{A=4^X0NsKa5HS{8g0!LOeCt!H!ls#)^qz;*Lfyi8c0*+Q)1qrhu<#M&
zwkrKYbCpy`Vp0%jwwNw~e8)`X4Zj1a$3Q3TIuUW|?KP}Wmg+$EWeA{?KR=5B3`}lG
z6Ye&ZB5qL{pR8I2ZAAY1OlH6qGC}3(-}_sjLU35K?UVpKOZd`j>-8+9;h002x3R}R
zo0=t64wT;PnN9z)s0VV~6-Vbu#?zzR*h@^r*?ev?-+hozmu4W+Uky<{gExXw5w5FB
z^$E?*FcyPH|DNPULH)E;0+W@w6UCQF=%4D2@uK(YFOdp$NzSZg32k;S1*2I^&%aLS
zhOM#2K&WYe2llydS6!IV^m>+2>Y2TEcXzq`eylX4NM!!j{&$Q7(rDHG#c0^U#kM52
zRb?#LbfXh9TX0R<<&U+in%Mq}=Yr^~d-k$<{QHLv9eI<HhZXFcxME6NT~LWjhJGz6
zm;#b9!#Uzx#=mk%NZ~E>8>t9iOm}SBpGyW*PB^ji#G0{YZ0K)(wdhE^+84lFn!6A#
zZ!UNbWBj8n^ofBfL@^|^PhP%HbW)B!rz+bjFPvTJ;*6x`-{OEq<>_~IXB}SCP`Q@K
zbRM^FuWPr=OLFJ6?wo(jP^O<dCAZCa6;nZMAxPLxJ_n8|)m?0q)KgQ^ZsWloCm>!`
zo6x!za7@gne@V4j+@J9{m3wW_flcku;kaB!cf$tA5INLTggDk^0kc#Xxj%M6P<mGO
zd`lMr8%kkW3{+?2RqB4)5<bCWZJUb<g8HEKAhJ(A7|=R(pccvA+9GpSr>$1RdTA;Y
z+>C`mi+U9yX;+%XmOblQUxl5BTWSRzH8GPvcS59ZkQ#J$0fSliIFWHywC|3%fqDm?
z&g|l4S?`Pn=cKv?ep)Kz7Dt+ZnTY`=zDGsJ!st1%rGHr6=YKP0N3*aRACviU7#^Og
zE^-QnR+YAJBVW0AdQH5kWJKIa++kt8sUqU5|AIJ|`Q^d$!k;NH^~baEADlqTFbBkj
z@bjkt>DPfuRY(_Q)%Y+6QpR8F;gBAgE%ro$C`qZp%eZ;rp(^&)A`S6oeC0;CLfY!j
zHlc~uYki8Hn%y`K4Ju`Z@7c5>;-5k!=WB(S&K+GW(!WbIzR}(otMtH};tb%RC5mLL
z6P9v%>>!CW^_xjIGMQZfFV6%6A-347lL^Uhh7KXQ&)<A4W1rEF!KjD2Y&vLkWUfmU
z#*?r#?W(`I1Vl)?OMLq{7I98U=-km0Oc)O<_*tM(xFqQB!(DHut*A|D+;4v`Yr28^
zY_ImNzg46AA>w-As6{I}u)~{>?83zGT*Tz)c7i|&!S{(tE?4gz+!)3kWo-s9CZ!x^
zw!x<AtbC_qu;b^(YMlFcyXc*qFZ*n3{--PMX#pSVvS*J0S6p>|tqJOic7V_ZezeCg
zBMDz>L)EXL9L7M<n51jJ;JI@akW+7<Yv7W+9YEd&Y+vLAlf4)A64w+BVHJ(YaP7MI
zwN}0qQ%gUr6&t?bQz7YRU#44@#=sa}D}x2-mnLI5|HjmVFae2<D}xLH#OMl4;WPrA
zwB8-^j9|ARC7;L4Efn5<LEpnEq1w4&lQ^mn^Pr7zc_qVi5oLHVICPi1LO$RseLoP6
zCxmLN{JJ&>t^l=d;)Mry(VA{i?vq9bJ!3HHrETJ>013EO>T`j*=Xg7vj^vI%hncO`
zTh-wEV|)K;!kdv*7;J3hR9c4kS8>Vq<GE~r*-XV=rvD~z(WQ;#X!#6lXigV_WNcF}
z$ln?2<t!FKzIjF-EN$VP@BS911aPvZCJ@QOOa0>-ME_9=-%OyL{WZrg$kO%j5}jwa
z)LvHnP``XPcK_+Z{frLZNz+&!r$hY+bVaM0&Jz)T<RY*a=5h98m#?-oKdv!qWg9}W
z`T=u2?wE~=6vrN(Bu3zKISP|1O$m^hCsa8;Su$F!XizbK4s0r&1yvLM5+f*i`u^+H
zG?Y?+SR$2fo~3aJ-YKXW79y-nT$JTvMQ2F7FJSmOc|pUD6QEz3eH+1sEbdp74k(`f
z)T?WSdl8!!u4z2I6~YTN6kwk3I-LbFWSCV6|GBjelJz;5bE9<7j<LAI8IkJWWKqp!
z?Pqe(Mp9He?|9@qkzi(%{U<gfS%}$=QC+6wkd|%KTJOFE7p>eOb5XAe0y{C`Ef@#)
zO|34kq)`6>^`VLz8#)CNjFQ<5)uoDYb|gp|UpqEV=uuZ`n(4hTy<d%UI(}phfgqhl
zLSKfzzwh<J!GeoaMI-m1El0N5#xT~OS=~Q*Tkx(SuPi+IXX9lH>F^UGB7(O$B31qn
z4U?86B=E1UAjEzny6W1;7_q74?-5WW-2u~s6y|)hhUcb8J4Zz8{JPm1pMlykG4BbD
zL;A{*GZ*;`oVP_sL?_Ie&5M>x&9P9lyu*)!N(2vHC4g?#UKw!^^C2k7wWjHiEi=BS
zVbk7K{o`yObYLK;1nk)I!q#1K3~m2FOUAc?VsnnF?IQ4`V9T~o;y;5wh2LS<;|*5V
zNnfM&2`fEn1sDLQ|4Ufoabrytc;acX&<=;VH0ib|!w?pAbLTG>DC%RBy5dBJgM*?k
zh%9;-JS$xL;^o~5>nRHe^|?ZTk(sj8YBMk)Z!JM9tIh%7DbI>I@dlpurVBx<)EdlN
zucdEj_}}}KJMXR1nda+y*lHhETSbP>n5eC~e*L=`3uUVT9+){s<D+%lX1I8N66)87
z?}yZb6CuhL(UWbitBI<uh>SLY{Qy33H!7MgU}MKA1W3g*z0qN#pR;ybiBbvR1XDNL
zzC+pkCm4T|E@~{Ldu;XWiI0^mQF&fFj9kq#3W;0`kG9-dCE4ClOQi!JwW!(tqMvfF
z9R1oZr%Q2BD1tk#tH^|c_=z&%<(Lzz!D9`ieuPm|W}%Q-@O}ho2R|*rX%zK|g8t~A
zE!T?x&!%88n>&5_wJTXnTR>m2sN5jhog?xQDu~%CJ3Oh(rwC!<IhOML|HukGd)J8i
zS4}8_%&H=a9s=;2Wq=*abb|5O8QxTmuxEcDV{Xi15P}q!{uwRr(+yL|USo=W!lis7
zy1-=uha6SyAlThHtdO4|U0Og1rJBb>>Ou^KVh<gy%|sct1uNh3DnJ0v%zu*@*IRv4
zcKAUKF`|z<0*h=hTJU_ye`@7PIbg^!+54!F{VCZ5w(_r#XUp1sC9GRJjre1xVt(zE
zgT!Exxd;TcbL*_I{VR1DnGu4}B#9rnXSNH4(Fqo<lrwg$kY*sb3v}a8#=Rb5%;X$1
zx9@0W&_Q_tGCDW35-pL%8NV|(MT&s$!CncgCTTx{@ms<wUAS*o5q*^LEKG$`vVSK`
zhy)uQwAvZZTrih>VS(w0g}`VUQ)NkP;TD`yK}7LgJfPtZL`oJipx7m|`2fgOxsu0L
znB8x1hDp$-KJn96vz36(s@B2OY$H6O4#?U?kmC9=F+0)WXTu{mm7f28t(cA8MAQ@*
zluQt&xUZ;t_;$363iH0p?zvnVed;&sV%ACh-oIEw&Q&RSf7Ewxi8r9+Hd4}r^;mm`
zG!-$aw}qQ(`3QQAQp)Ehr<vL71!1Uv5b^Jlps1EJH-sgGU!4c}(b(WDcXs_xApP)T
zEzx&hC7XqjZ6>GhqM7e|ISl2Oy#nTKthLl!Xlbu0{Lr&~Rm7Jd^>gZ5Oi!cN{MHoV
zZs&AwXB&=cj?b;U?fuQDhL?vNPj;I2D8VdVHlgNngzaXWuv-I?os|)e4ocDeVehVb
z`PUqA2Gc~H{7}OW1EX^F&oP#L9_O}n1o9Tb`hcOcbW_cj$-KFz8?slvy(}(%s;>$R
zgh4}8Bc#u!hiW*E5G8Ycnw!=lFPBi6;y0q>=~G0rqVdm{W{O9b{z7TCMj}Hl*_y5t
zu3GSn@X9L?N}+`L*up6IGb@I##16{wr(#QUB0?UKeD?V0qv9u4Zams_Wr!K%)a;70
zY{}yn_fyq9JwUnya=iSi=EcLU_}&3FgL)NUrB(s2bIrk3JfI89q^6iOaqu6}eMh|L
zsk?RxV)HWRnf%GWxqp(oQt??nqnYJJbI7$8T}B{0=g?`1&Xp@YLY&9>OByX<2?}Xd
ze0>PZvOFyBx~A)7E^J5C+puH6<F@;f02bp=V=J<R#)===yjk!2F-2$_0hYvu64CXc
zI=+B-)H`$wr+U-%9jJ^F3uO^wQ3QVo?oa!o)LiGn)VcLXi~yrb7Hjlam-N`HrZ!Pq
zX&XH7yg_!7A2nlRHiOiJJt`iLh0r@$)~2B5rLGV%P%fO4N<UIUk)+u-;H@`|W1PfK
zlK&CAe@!W_B$XcR9>0g>05Bb0ACC#c9FvLxfqT?eCx<+T*O^hl6FNYBnA5hIifh-e
zqp1_YJjlmbhAmf`0yYX$hkw-s#~MJ?!g*t|$pBftkd4_Mnw%18+oT~EeR3Q=rr-dQ
zrZO{OwCtp*Kk|%ty7B{#VI#^DN!W#=(4!|aK_)s`>`%EZ{v%~9aC02PPPB;W+^af#
zm3^(PZs;ih-KB!|2<zrag78LR$a&c;(vaO)abcK@BpCawsXYEeGR?ohtp{~jj1T{+
zC#NK{aw&jCJISnGxjZmjl*Hx$)>R5)?LrfUM(kgH=Ze1H%hK3Q05Znq_sAHYqfcZ1
zl)3#Qb$$+g|6x21|L`=s4v6e%c&{hO{DY&=N2~@UaH)i9f>|t75ReRT{`n+5ce+%8
zmStbrqP$GjZC9T1`et9PmhL8a{h(8_Th#7mc&pnc%@5(08%>o;DXZ6{7)Gx#8)Q1Z
zzMJyJ4*1Ptqq6t>g_1p*#BlR3dycI(ozC)r#g?VW@&jO!s;sgF5qmBU*}5bNjo5Tm
zyNHb25|(>run5cR-j3W^o5%c6P_?o{C1yQl@0cl^P7avMX0b}CPFj+r!_A*!Rskf;
z(mX?*%s<KexaEVUpzuJcBY%7$nN)calA|NDoo)~PVR<+a;E;>n`6u@`BNrhfGzTjS
z{c{XG%=HRh2z^eEc_dLlqpo6VIselGrdNlbdVOT@*|h4qXTx!_&|KaUC@b;iKT#`M
z)LnF|WeXeMIAe7YXxzupqU!Q=9WM76O3d{(NRk7>)9`r4@6|tnKhYVr9|qZ<ioF)J
zF$Bhl;GY6+#W!G(?s?t;jqa<A6M-qbW{$q@kOGH@u|XyFtaV|d>`$7dQEn_<X=D{2
zv~Ue%&wvbwR`Y%`F1nLGI|aRI76uXX8ln40Y>N~vmv3qMyLuB1EUUEV6r@A@(_Cnr
zWyS6Rn8HX~WR!V&kZba%m%c@XO|2nb@jkxD;cHN;Q7+WZ%}COHAowF(MX)+upkbaJ
z_9lt-4`4w0HQVE?O4|BduQir0(`pnA8Cc68-$o03f5@2D#Vzbi)?ZPy`6Q|;ThoOx
zeXLE*!i`mnpMy(^FHEgDa97bs()gJ^5^s`eFyK`-A4qu|I&u#Ni8@0!S$Yn<9sJk`
zo8YP++%MAa*KpwryX3skz=1uHGT5P}{j+19Al?Ua%r8{+SeYqykM&>|mKLy#QkHCC
zDh~<dv15plIDIaCeO#rSfcH+k`2v*#`;>Fj;RkxYRl4eyoPy&VGkB)d1&x}yg_spi
z)b%f6oCFT9ip%9Q$J177URjSGJsZk23aJ@EseXdf_b4WK{l)zT)RdOYZBgTEFs?$P
z(yF!|@||;=)r|AYEU&R`MF16=DF6NMUCdjp?Ufa~pskE%(T4%L9N>oHuO#Es^Y_E)
z!nW~rt1!Mui;Au_cxJEKiwRZ056i%fo2M!sp%gx8CJ#VWF9lWOThaI>r!A9<?KGYb
zr#9=+grH7UY>HXk1?9!!#zBWJ^Xg%S(3!gmc-Qf{m49&O8iDgG_X0?I@aWt75k^Vx
znRzfZAEp=(tcuiHw!N3u;qGOp_V`D{c<~5gNCOfMKI3ZeV`6%Y$kq8N;{v8sB{bw)
z1xmt4*JFS=dR0pB71)YkFa9KRW^O3JwoPdOYVKe@?d6k)i@#gY1nnlY9j&o!fP!)o
z0#h_#paCdRmO`c^z&wqyzg2SyH}oHbDb@0qfaomfz5pB(&~6e8RUMqlMalo^-gXAk
z$bN#%rMYFYv-Z@{am&I^dD^GpH+3a+6ep+N@ddbdKZLO&GA`lcN+%`@MnGlYh5`q=
z=iq`dB%W&a)aJ<)CO6w;7PwJc!9U9EaC5SK?0es+^oJa#xt3ze{MEx4U~Y^J*D`g>
zZ-?dxylcbE%)?U3A6|LF;LZ=yeDs38oz;j-9mHf9Dkcd^w(DK=Hf_^lfD@cc#3tux
zksbHwvXZR`AyUC$1&UH{dT)FkgT!11>9wi%;_eq&EX6nOYOucjHF(<3wqe`v4|Mc2
zP|tXm<=&3uGxk1DKXM7y5XVwGrAX*^6C;38xd37bh@yCfU2xr^rjHBy%x{ndd?k?Q
zhw4nAi`xJ4L2`-it*9)zxF1YGs)6zg2$U^kNvsDvOF)fx4hEC4NELp=y98)Obp$`@
z=P@(}59!u!I{A7LwD)U~W^jMsW0UO*D?kj`wjo5vx3#SIhlWlp1=HIc_>Kx&O^j4D
zustx#$0`RlNz_oZzxpBDKm!npW;DG_9U7oxYTO(II=RhzL3(qq;io<fTEWqc<m3&&
z_B52Pzc!-%wI*!jA+u<J?vJdl<mL!uDg38dHh@JdXm&}gla;$PNIXb9BF@ox0<VAB
zl9>10relE|1`PL;6l#$=c~uV(-MMrG!=?m%<NQ(&2C0{8=q5Mn#uwk6ju1+g_DhOP
zD}oc3pw7WRrYN_Csg)`eoMOa@Wx8wn#tIM<8_*4ZO^IY1qUOPY-+Bv=PJTI~wHIfe
z;y}2Ho-1vT#3gt$Mf|yoCogLv)*)|mBU?A=YEh`g=p=hXP$*SnTumLz|1T0()*#3l
zW}UAjac2bu{WuZdnXhjku~ZjG+9#~sK=|o+=3O%1VwMf$^y+Ix;pwfC$^?GjEdB5u
zE270m()B~(ZaF5wY`%O480+H#1Kuh!!aE7Ymi5L><FG?6=6r%Ubxc;RPMZ{<nUoxP
z3FT4|NKD>@4#h!4Iz=re8*_K1A(~YDwHgWj1OzG`N<x=76komCEX4{<Uf_%Ty74Xg
zu%w_+tTrL||Evki7z4*E4y}CEi0H|B8SMy2l(YQ%$`uEIifZL7YDS$8(AgUPJ|Iqg
z)QAgd0m4^Sdr#&I=(-h0TLzJG#}hN5a_r-hbMw8+ps()?;O5)w?4Am&gall4Szz>c
z!fz+H?qH<Rtwr1ptZo`eT`4*-yP21P<HHO~rWRrrHq(XSx2sS^pkR~0UIU`@1lWGp
z03QcoSjCdPe7bMQ2JOpZrZyUZpzs^pfe4U>w(d@$u@4!`XyE`|`;TN*nA^lK<M^1m
z-yBL-BJH#IOml2e4OeWZGPmRcG;GG`i3^}w-j9I=&-5U_Xd2aTq9fmd__Ey{BUhaX
zNg^AuL2I_KSXJJXRC=;7%O3R)!(l%qJ-p*gO6?#6lRE|x^App>jBA4oMA4r3U8oJ=
zpdzB>sjSB_tA$yMNjgqzRl_R__;CPhZmd|5+=7?XTQHJZUp1GlqcNHc)w@MZp@G;P
zm0NT@zoHr4>@vVQILkU+^YZawgegy~B*uTHuJ;D8-rAYkZsN1bzBN_EDm-0}ECpLA
zQk)yCcxxpX;n`hj*tep;5Z<3zU}VwtvvZeC{@@TOjLye#FGBlijc97`X5;U^-z&R|
zNbX*t5vRPZ1)JApzBD&SjD?;J_-d{HVh90~@xe|Hrd+SHD(r!op^XqW?q2K!d%Fm1
ztkyOpQQ0E=kGK$e9^6H!d*8!WQ|O#)HG7kEjZ4l?%E6yq6}!zZSkvd%UA{}=5{gc6
z&76S49B+j5t&QF|N!+Aw4>BwpfFpc-#Z0{%;W$6+EE20fFTtz)_oW6qg-Ho)Sj~~(
z)VB_D#L@p{m9{B7QddG+XLN9=oQ(M5buQ(eb+l5r3!Q-vt>DpCa(#FL=p1IP^9foU
zeIw_!?MKwr;F^Q<Om>i1jc6j<L7^F}^k`o3_5Z#r<*MhC^+(p#OBO{zn@|<tW=mC>
z@Q@Ar5xm6|Vco4TSYNVWt*PC^1rR`CC7!>RFa^Y(XP=29I?NSeF-z;Kqyx}qcQo;M
z@ThNl!<|mc$FFgH>ob1yW)!~CCh9d$jVxW<O0sQHT%o){l+QrQI+NpJ4yJ5Fjm#$q
zGw&iC6m2~u{&v)2V;;=}{!%6|PDlG1>N!Y~NB;c?tYMR1--_anBuWGK1G2v_;QV|T
z+_jH{&aEw%ML}IeUXB(qGh9138G<Kil<huDs>;N9NxR(QN$*g?DQg;VcWOD!pCq#P
zx|4Vp_tMv!KHnxQKvGR={odeiZVt7I050<2^RW%3v?{i5=KwO%8&g?(=EwRg@nsxm
zp-M@RiLx~E(<yOs5IbXWJ%Rh;Wx%FQlu1p1^MC@}i((jC^7Eho|KFE?L2twJkw5B9
zT+J!TKJt9iHg<h_e&8%A`EMy|6+<h3ieXa&xs=*nf7l=rPy}LUrI*j8IMdFCemp||
zYLHLwJOcvPFfT*DBKRc+_C`6>DoTp8=DnhKAxuXkV4(Y(7$+G73roI0c&g}qkC5^A
z&Mt}0jN~qyrm99@1h5eO*#6yJZA4dAEs(C6!MS4{xutdt@L+q;kTryAvwPk@FK(Ei
z)4`mvBt)CjS3?apzlHa5HCM__*)Y65xOf7|+LJ2uEk>~7tF>V^{W%8s%&UfdiN|qR
zG{Mz4R466x&G1@qHY*b_R=ooM+*R^yQC7T`4<iiX^*V6Vsq#=Q8BMsAU{#;nVa_0h
ze>$23w-lt1#M*(WAhv91as`bDp)bc3S;X67i%1-ZRZjLPj6Ee8glC@gao7!(Hb1Jy
z+#4uHGTxhAO>)4M*l^vNHDz3wOUR$2;YV_#U^eV26=pgc;Y6`SAUz-40&cpmA11rT
z*XN5V-Ec8e-LB!Q)PP$z?t8N|GS?>GqcG$l5Wd)4KHN6KDNh)8%cibsp57}<D#}dp
zzn9Y^ZSZ^~*GXP(630pD=8G5L_x9U;-aBZUk2&9tSbV*3Pg|_1j`H7OBy{h0Ei}X>
zEsNJ%b~%jtf#+*?p%12tcY=agw*fogx|KtF3H~MkghZUYlI$U%Pa4Evts`KoM|@i$
z<RJ}kiqy?ynvbQz-TxO5C0h-`S8BWp%PA_8D;xzQ(ktn&@o>*^*<Wzlb`M6ZiQIp&
zg67wCKL)?w=$iW{y1ROig15hXo_k^2?#|u3VAD9uon3aZXdupvXt$E@Kc986ZS)y&
zS$7CBOB2<J$#WiMQC!DCa>XRkM89sATm!i_8a;u@9%+obxi6rm{}yt}KcT5X&?(GE
zdX;x67ihS9F`u#%OP*z{I>cu-ZA1GWv~=L7#u0y;%Zo~&qp?VCYw)3`hvC)DrisUv
zhnMRuQbUDoy1`X~$m9|%fy+V7ERD6GE)d)mQUD}9UhXoDNE?f`mzH&!M3&ca^F<{t
zZLvbZ_VCqbL}_=P5t0!@Q^&O66;2+?f4WM&nj0Yy!R&|KF*#!LSSf44UDnLAz@6ug
z3ND5!mi02I3TS}HyFB}wy0WAdC=}**;?0~wvxtpwitLmm*in_UuGm9(v1UdS2@mXr
ziboScA6m+T2{U?6*JO|Jm%HErI(t~1p_VW-(vOR%l8Y>wM~`Q#{E_+?o>Q-4MZ<gq
zO!X}kVC=?kFBL&#-;~Bfz6o^bm|aE}(qs2;PzHxu1`x0iwGK4ly|L)~7*10IE{&QR
zs5qBu%Cq2zO-E`#)v`bi;3Vk<0eA4t5%1T-cXy4&V8q0+gfr<tCMcu<XO!JyFjisM
z_Kb^|{Co<wFP@K7QSO-E?0g>N#*G1@l!@VqEw2*MrPuSeFt%`TMBbJc$$-RQ9-;Ef
z1<DUyMe<`EiSa`Hh%of!TDZHJrY@!c$}M7UtJ0%06yJGm$SSPeim=FBZpZ)jepzqz
zWY7gaK|z-Il!F2d0CXcdD3`k#<YRoD4`7`*TFN|GX6Ery`pdGrCjj#S1w{&E^Qz9T
zH61tm-c~k3G7FyCEUt)7#N?`ux`2b(MOD<y>~UxV<h(-WPk|cm*VQ~xL!56z!ozAJ
z9gwwsWz&v>Q0@W#6-N4%Lz-bnRe+w<R{qujZpnni3&2svU$gc5zad%)SQ~o@;@~xD
z4p#C)mjIwh&aw&f#Rpj;9kd^ic>tQZ1jOv|YMr0JxvGYs7EE_@rVpIZ|DqlwE7l^m
zAKf>zVr)*iM6{FDKP)evBekz&!f(|>uc(4cXxlU0)i9KG6UJsb_(;dukLDRLcl=lm
z+IWD+5vlgmE}|0{<=<%6rwu9r87s4WAv&6o<;9YSsU+wWC{Ef&j7yTiEeghKO*k^x
zVdgpG-||KX^hb<p<@GH4f&QlK7g7h?#1JC*V}c|^luP=iTn-boL^lVSY&w8<zKuNp
zb^R1V=$N>Er#El>bU-_lWDeD%;w}S!!5z9^(w)hJ?tcEADqpGbm0;ky@Pc%=pIp~U
z+prx~+Eukl0lx3<Cuu>UG*Z3ySco}K6z7Hnf7_!~Ncrnk0WvB#%Sw&l$XvgUqaH;|
z_vU22G#=9K`4oZzwHV|6mzx8x<%`dUnSilf4inK2HYQeBZlwOt4HAf2NF4ED4Gh2W
zT&%~Pqi}q0e|4R{IACC*zFT$4exp6udZ6Pq8icrs>R&Dt*1ZJxFL)`o2$#-sJi&i(
zSfo?J8F)C`ZRd{8gS1{ykpOflo=V)YP(f{5(Np9x6psOEa``yD-mCk-tbev%S<Hd-
zXft=0M8U4cWqSlI%0b?d9vOD6`{y8Pl1X^0N2L%80_a}SVm&>q0(ZqhO^w%K3;UFS
zW=G;(C(S%6f)0Eawyk^xBm;w}{>n<)uF<miW2UupHd;H=I}Dm4C1=LJkS@LOjg<!c
z^B<M=l3LRoguu<GdPz)BQ<i%=4C|jfw8rogxVvLa8ku)5V1$R*_l+xHff1H*%Iv)d
zxZ6a&@SOmmcL*W04WWgY6ZIBC7Ryz(Y|EA`7g#{mO_F6xE;1cLC)A~PSOQD$z4uNi
z3B4_4si6f3CGgGx!e#H~?sM-~p6~tMdv%_lRXw8_&HUTUk(ckX%^h#w_4eA((*5OI
zu04NpX`daxf1%CYzv#o>dv|WI`~DB*UicRLTEN?%Ui%}u$*0>def#bGR}Bew&i@7{
zwfn!@>c{V~;Mlt^nC0E~&<~r<-|xuqD>vYezPuHjd?Zsm@GangZXSHc>^SfCn?9v#
z-9Ii={r4X^eq!XU>o+~*hYQXh-Afe@XdZhN_vRn3-lZB}>^*S${-wl`{_+ntEJzPs
zrr2AomapHk;mxr(FV!DC@z5DF_MF%Ja`#2a+n$YH{Pv>qM;G0`MteKq>&i}lw%)}4
zdbRq_bE`Y&9F)3jGOy$xyy)=#zDRw({E7D_ewP1ijSY6Y*LzMf?)l)O^-sU~uFv|P
z&YynB_7|;p-nx%nez$hY+5PCg`#<#1O_TE<FUMm`u5KQ?+MS=@`hh!l#>-dlmb&dG
z>eP>qe|+1;u`^yh^iQ?zPri80%uQ!L4x=}Bhj;Xs?Og3m+>*U!{cqpA_Wm{heEAcv
zAGsLW<mmkD4Q6k**Vt>bKK}0Ii<Z4UdB)7kPJD8&^&`U<3%R9LheIzs@7zE7M^B!)
z%W7->wBN(knVY}+_=5MHJNR>U-}(UNhDTmK=+$*Tz~-UvobsTx)r)`j?!3>ueC_Q@
zcg+8O*^lcD27kZz%h|7<d}DdOxb30a?7M@w)djCgtGs^Tx7!RHuiV*l?;X%f_T6^1
z4K6+Z^B*StbX;xqYaW@gq<`_fOO&l1YRq`%=JkI#>aL4VSai&{AKX7@mv;89GoIM^
zq9ae%jxXdk-#c$TxZkeCWou7;`GhS_{cgv-*Z%yeZNJ#3besK$Gq^41On?3CSGK%o
z@WtZGPuTgO%yqne#*_Puy?Oc6&nDi)U3>PfXVx#-{i^aF-)(;1gu=F~Uc2D=S?pnh
z+HsFk?_aU}==b(J`P2fp^r4;3oiZhU*!C~%x#XB1mYsTQCHcbbr+@x{wC}nLPu_Lf
z^$$0fK6=>(YoFEn+lBkw_UL`jTzB@}FHG}|o%do_|B|&H-|e=U#a-uY6ij+Rkv@L+
zSo5?4e0kjk8(#g!P8Up0KDse`^R4`cSMGHA7BAfM(xUg)ox9APy4q<=TgoTjzE5v`
z!k^qjsD*bOc-Z`-D?6Wv|K+)ZUyDvS=&2c}ZOL7*G<U$9wGi%-se3I6&R+l9{DNmo
znQbmyKJm%T_POWgHxHP8-CXIR;;u(0Pv%<s>09FZ4o?!o4#ynv#@5Tfn=%8PzV4eR
zPMvr6$-5jne~&PI;E9i-@FQzHa>YlNeRS1cC+s=<gO}|mc6$0{?t}cHoBZXt?RU~Q
zpF+tOe|Y*fPahIoq(8OVQU`l+FLi45t9e&ly?y<1`|OvyH=JzENS(LkhG)`f_`WUP
zobu|_`Hd~OYmTnZcxSVPUv0MGF-wlV^68fzyC+z!@xe~-n=eq8@3S-&x$R{2xpRWG
ze*EmT$G^PH_=9m~=E#Td`M}?7(Vvfd<L>hZYu@u}do6yO&(FH|?t_zQ?SjSYygB)-
zTfe^UkeRz(zwxW*Z1#F_(UOy&whsDnY~deQRlhy#xz8S6`_n@cfA~sWcz5xs?Y_8j
z(iDCfOW3VP&is7C&psHey2-tdG25rfsb@@FU}%#ze=huo@6#t<i#~VbuJ#kd``<fm
z=Y<bWymGDU&66)NUU;c}#_Nzj<)$eoKD_+H+#F@?T{ab0y`K1J(pwWBzj}wm?|p8#
z<AD#%e0lq+_ujYPrsov!t3DXc+uZBDu&lktS+6XtKC<c4mwyZ1xwqMRFWx8Ieyp+c
z!yoVXF}3Axhj0JJO&4zQ@U8dULgY$+cze%d*Iw_k&9)Pktl_hZ(6!e+;%%b7^uQ<X
zc;VX0O}Aav-~RnCKbkbJjvbomU$Xf1zxQ^Wxb?}0VjI1G>;m_!!qdh3wp^9IWX?r9
z*Wa7`>1nc2yqO`Z^;e$Aej_fe{HT9*?e6rtub(`B{!3Ha;Kj-Mlaueg{NVFv-(I}q
z<=e`ibT)&xpL)!vFRyduvRAZ?j`-xxDT_bcc-qacT(<n;X*ZTte(tG%deu5`;uZY|
z`R5n!vWl?lXFGqw>~KrkTd>8})q`(;a5kDaey6dSr%%53*>~aQK8<7d-twDgPMq+;
zU#D3+zIWOlYtG$Zr}FKW{P6g)3)0EeSIZyi=+n&g&D*w>w*Cq|DzeAdi#I=Z+7kYZ
z;^K8qpk!vpOE%eh^9eUy@XGzC9Qcx5IOYBiH#xGh(G%697d-I%?XmqPy#Dfu2UD-G
zA6&W?>#QzszFX8<^!Go{T5|C|i`U!Yh0)75Q<bYWcGmytmCIkd3Eg&|Juink_kW^X
zdivkCotc_<W$%d6`Fl@UxP121d28Q%)55bJzHt3VtzF(-`{i42yZ)K?7u@u9;i^AS
z59Z$ek^5%xt&_$5lMkSWz5nT7H$Cp1zl<)~M%#YIaoQ)f&1bmpKVO=&sCnD>>pp@!
zw8}=<6f#I&J^j=p@Ds(OzrLfg?YVcp@aD{y&b#Q)ACA9bc+}WVN4LK^;+va~uHU}n
zmlvJ?+R|^I5Rcq@PGfKV(I@8IcFnW-A6Bj0{>UZ=jpm*E%_gT_anmIdwMS)#`#QI5
zf8gRzrrdhK$)2;`?Rz}8(;AEJ+vBRQgUwjs$&ZM?^;>s=pS`(%+l~M5;aAn`Uf4dJ
zLv}vq=w0q993EeF^-Sqct8aDd)!TpnhJG%3r%iwT!qfVOx3@E&tn<vG)gOgMZ~Udc
z6)tVW?LFzV*FO65LCBTwm#EwCe*LXyo_Y16$&KShb??kE*N)v8ojddOnF;ymV|Lr~
z%yX7qK4D>Pmo@HxY3Y4WZ*$A#`(3-faL<BQ`q(pwl0Ev})7SmsPdiOG3=BP;@>Hst
z-|dDgi5suIdfv4+J@i=XP=3a<TW<K{6R)0lBk}Cwwa&Tq#j8`t&bwyS>pok~E<rP!
zVaH!{*eZ9-nEK8=U*3D><xih;9`8&&?ck>;?KzJ==!YMtbne{sJ>iCB!j_pWXZ^I^
zzRh<JyqnEGc;$A|NsG?!82i1+F8T3<AKtj;x^H%WRL#V`|I<OI&wuGf5TbmlcgXiw
zzwx&NABEU&Pdt>)p7W<y@7QMFnK!+nZtaDaU3B*|r@k=%kLNvle0<)f$K5*ftep-!
z=E&E>$JQ==@uExCx9&W4ANn@%dp<W#pBlPx)!kk=X5#UCKWlF!ZFG2NN8&?tkMfCg
zs%Jkmqjd5Wi+6hK$=5Tl*y+Q!vX))pU-Llp-d$#H^ZLxEW(Hr*U&Y+6#NPK-t?|lv
zuRQbAXQ%)0*3O5Ya>x1~UVWIh`qP<b=iPGQCCjH@aLS_kcLL2_z3tgo@3`w5f7<Ws
z$gFcOy<oRbFN?@Kp7f0EWfwg(w%3wP-}wQ*j;>(IeIMNXiOZj#bH(!qe0bn?hyLZg
zh;cCel(Xc+ZN`?=YJXe&^1|&Oc<t|hc&hsLhIfDU#wL56ap+I<+g}}0)qmLQmh&bY
zD{j5fjr%4SpM2?5e$%M9<cN3vcIx}pTh4#(o;<zf4$oFjUi~)c;)7nB|5D?er||9Y
z_1_W>KKAHSlPCW0GWwLT;J~T%%{TmJMr6KPnX&5*S06Ir_D7d(cH8FfWsKqmPv5YH
z@$8b5-`Z!^)azH>Z=V-m{*rp_YU9B3?s-z3c*MJ_OAi`n?7G&Z4R$ds;*5`<Z7qOS
z-{Gj!CY|;58&j5jxbXHx6?xfKsSkGF<9+gzACfz~nY?)Cy=&inbJz##53aTs|G>O@
zBYfT4>s+_b6$_Vc_wJ$dmDhLJ@A9d^`AeRAWNhu-d!Ht-*i~oK?|*&nmw&(Lqv(Ab
z){gyl-tHHdFZ}TddCv5|oIU#+;V5YK#m6r@ul*qxwPwksu~(M8^!yH+g{$0TZq^>H
z8>eslz#Y}6D(l~}>o+?eQGDsH1MfKC&i#&ke3JzytSjz%X7{YyTAimB?6~!eSyyDw
zNSt^0KF`ix{Vj5rWlYli=#vkRJL5h4tY^`O>CaF7^5FT@@;OW9{a}SAo=bi;HT>L5
zU)+7&>ObCcdo1NHzG{}}y!pU^cPYmnaONiO=RREne`f0gHaes9;8AxR-#5S6^W+74
zK69X2|MKxkSZwuVaQw`7+vK`0ZCu6NvtxTdzyJJqKRDN3=k9vXy<xS#dT+mU-Qj<K
z>G=b;`Yw6K(bpUsnKbK<a}VnDhD3LxHUC=4zW(B(zf3xie5roOwU2JG-FEXnx-)nr
zb^nsTfAe7b5@MA}+s%Iny0>@pTi2|QexBYEYyR-@an2ey&Ji#D;EQ+fe)YR2Zd4Y&
z^30tNCEv^al@!*g(+6BX@A%k#UtV%vWXY$mxsQEu?l~V#I{K$~cHZf<H=e!a%Sz^>
z@6xwi^l5ng&vx|=#`igD&KsK@x0B=FT7Sd*cIO}Oz59@X^wR~{)U)57*cJ|Wqiq~^
z?Mai~c=5|Qr(L#tN4#<ICr22U+`LP9|8rhC?Yte#7jOH>-Z!-EZozk#=B7;EJN3aa
z8+8^QaAjNF=Y|DeTt0YSA)!q?PCsU=r*E0$Pz(LZ8>6AkX8)Bvc+)Ls?*>oY>y@n@
zeRuf}mHYU;H@acflO`j}kGlK4ox(T%_46yv-SOSWpS%B!MR$b`s~)lL!Oc}e2ho#W
zq#l2B-OtWh)IV%{a=p)9x^^1+jrC+~@ol+<SInzF_2RpQ^*&th)J2c4&1aWVTOY9F
zr<ifU*bL_8Rcc}PwhxfVy^RIKTh6}l&KCE??4vf^>Z<DwtX}fB`>+4#!ZUt~ta4*A
zotYMVa=|U=6{#QF$dvi(S~tbd`Yij%!uG-Eymt8qQ;zQJu|Ylg+9mgH@`uY#dYw7#
zDP{IgJFa$SM7XvVzIwt*55IR&<-=!;61(4_)mdu#(6>%r?Xdecedx-!%h&B2I`p*X
z);N2vea0?tiKl6Ie{;q5uK(c0OAq|x%~PH{eCMw(etybM&WoqdIqviR#8ZL*YCQbP
zgWq@8+-qiQkDbn3zI-8jUu4D+N4+l|Y|sA7jN3okF|a1=S>6Af$6vd4%A)qwUmtpw
z{MjjQCUR?iyy%|8Qir~J((e6<pWpr1r!&@4FIwl_T{~+)3m#j_J}oyQ?Rm(-JAAtJ
z&V@^-y!QV08=bmoc+vIm6t0-8J$gRY*s!+d=;g!C-R{^kv7Oyb+V{{0e|7X%^2-Oj
zm6@{XZf8zeW8;(VJ8}MbuU-6M`m~R`n@(S&b&o-Rf8KugOy={sZOO$Cy|K|Xn`FcY
zfA(R|uA;vBD4*ClIqxJicKE5QjQ+UOa&FFrm(G3ni?6?&f<8!Z-3m?H{f%39%)g&I
z#9hj+Ghvq{2VVZdi?@DxY30(Rc6P3(mN6&JSnbXY?mqXH6aK!IihOfU=qa{QSp4?#
zE6e1!_g;JS?Jup_d1@nj_pvj+g&&TE7vyr=J$l#e^EUmGn6I64#{K(lzU6k`-R>>_
z;M@zpSpAN<&>0)7`7pl&H+RGLPup<4^`4$SYv#H4DZPOe*G+}|cDA&|!UNuYboA~E
z7i_!cg!k%yM3$vKBj5b^Id;|of8Te%b34y`y&4OPlOxmK-QtwuX=^OBr##0U`rd*|
zzjv>RytZolnY}l<^zXASC(b#_|KjxF#M3Gp-u(Pu_+6iPP}}3D`T+;uvs~Qqq=CKG
zI>yE7<J(T&K^my*Gn16}XCJxaoo}pn(BZdy|KvvLNh*{2TE0}C@xuCNJ-5+U@1%GB
z`qX`|r?ffg;*!sgbkFW=dG`kR#6QpI!EaRG9g~lME=BfzY>TnO9@+o+eI9+a`Vq6=
zkLO-C<@)Z@Pxc88oAlX>>QkA0Ux*(2&PMCpa@z8l&&~S7jKum+ES`G9Ey*?Bx{A8`
zyJ=(VE?>hx>-_g$z9f^M`0e+@i&F<bef?XTUUSvH&{vbUf<yF#Te>^c-dKELXHEI8
zf_vTVljj_K<^fkew~eZtSUGO-6V0^`!dT<zQ<l8t9Tz&`$Ma9gE<Jc}YwG6Y_0QgY
z+;{WmPTZ*Sr)3wcZD+P!ZO<{}q_dlk(Oa)lycm1RSg`wHW1J#yy7aEkzVcoTgsawi
zAHD3DpU$}DyKwaQH|=*{S!bSf$eS-+^U~c*x7^}|ja4FX<M}`RH07r6*52y+b>1=`
znXusl<SG7UuOGwLz8WpK?z%O0W1c;vo!ILtY|=L;nrDCYmqhG`!y|{yy?WQj=4@R*
zXTjmyeEG=2-A~{34<+Qb7`fj`^U9O<p`OiTwm4v?=5@~?a^j}H?H>rAEn9l*e*VT+
zO}YKR$D-u&Z4Nu+_+8y+ACOMjBzn{hMti}`)oz%Q_D^{FsiWy1Hv2ZR$=pX*op{Qb
z@7!NOp5!i@b6)lF3B)Chws7C%k8iA;TAlDe%YVxnm<US!<4-^RwCb<x@$J>Y_8NdS
z0c-tw931|i<^RAMm;;_~W<q0vHlaJAJ;4K*6Z{FYCPcuN1GW@!&Y56<v$G~d!QS{0
zae@mzHE`6MFy4Mv05<>2%Xk|b|NcI|uEA=;G(ZgGI(|<9$jb*g=@W#X^K6078rYu+
zu8B@4fP4SvEC2aE!Nvc<vLgR~m7WCdLjm{Wfx2mfZToj=&H3Zdwx;!suGeTgyG=)C
z!PBQ1j@H&2PHng8J>MLor%&^I#nBb3?HIdF4-9YmALq`|EY+HADXL-d4bPtj5^=oQ
z;|F(}UiW=>HUxQE-LMsJmfg_0ZLe+mv$VDiwN10384wDiFl0AeemsSY;VZi0E7O0U
z?6iiy+w^@IQ`HTOA;%B}#m8`sV#a7gH^&&1z!liUh<~oD3@EGnyAuBE%`GOZGI3mX
zOahE|kAHpjFK1T)tNO1O{&W5usOj-~{?9F2O_(@wJl}D7H7>VSw!qo7%B#Hi^28PE
z-(T~8w+-zA%0Hg}iskod|3}-affMwvC;z!^{g=!CbG?t}Ki-yCwyY@kiuLcW;la~Z
zL4UF){MYhbk;bOKmVaDNjNikG<Ns<s-d3>jP7jv<sQ&-CUVgd$-+%4`q{n!^<ICFr
z{^YOwE6TlM{rk&S2XdtgWSkA^VO-k$SC@_dFFgM)$mE*huNClL&2S~x|5Ey2K38)3
zUmk)9V*hc8rKpwx1O_sFnr-;?HrNz@7Ft~$h_8lkaO2X1LQRIIRUp$y6B)x11qc#E
zQO8i7(sUR>bQPySYF)!__s3HMvJjd(2l_`@H}@azrwsPSYk~*t3$zY30RwF!J|PUY
zqZ7s^z!S&`2-qK+fP*tE*dGIZhXqIRpU+0X77C6=!DsmAGX&V%f5Lb!E7NNk(ALLw
zm<||Uk88DYEwZxqHhy0#81J(a{vUj1<H`N+upA6-;t;^0fO&w!0EYvP02~Q83UD;w
z7{IZB`GDg9#{*6PoCr7xa5CV}fKvdc0!{;*4mbmFCg3c<*?@BZ=K{_HoDaAFa3SC#
zz+V6t0~P=-0bC0BE8sG~<$x;yR|2jATn)Gea4q0E!1aI|05<||0^AI^1#m0iHo)zG
zI{<eA?gHEmxCd}A;6A|pfCm5%0v-Z940r_aDBv-`<A5gsPXe9-JPlX~cn0t+;5oqa
zfJK1CfENHS0$u{V40r|bD&RH1>wq@^Zvx%|{0;Cn;2prbfcF4@2fPpX0PrE;Bf!Ui
zPXJ2*p8`Gud=B^m@Fid=;48q_fNucH0N(<>1AGto0k9nKBj9I2JrT5Tz$$=M0jmKf
z0agdB0RTT{K4C4u+JJQc>jKsTtPj`#upwY0z{Y@00Gk3P12zLp0c;MK3fKa$C15MS
zxPS3K%l|$#PzG%QJeL38$lsON+rXMGcQgDiHuP@Or~lp>M}bYu=AxBpe&7P*JF~);
zo>pko>b^JaXZ!hg-@t(VK6ef$ip5w|;xe(hz|h9WU}_AZBp9EKp>v?$otzVmiID;)
zNV&q?IXN~Ji%8(h(G{7AV~HXc{axz6C5B2UG8-kP&)pYBOdK;9W=vHX4X9KD8B=ME
z0J}O#Xs8Bbh`v9_G&*-qHVp2EkAU<M7{g|d?@o)f9kZbuj^9wMX=Bs=t$eYeZ#cT4
z&t7qhTrN8;3Y>&#4R4xeDW2Cb8-_j&I40BFZre9B-_U3ME`fN@vZhH5+n5%!U8@}!
zhBs|ST#D`d^H-d<GiLmDTvMEBhTiaZ0jl4%f?cMW?e0M7u1LM%__L-J46Wfdz@1JT
zzq;rAn&~vH?SMP=rwtl@eVSi4rgg`k%(Q0D^T8cziVys%S-Y-12l~1AbD$N~46P{G
zc-{Z}On!R?|5pFeLS{@fy1+dff2#lf!OYzkp>-WGOl6G3P;3k*6nIS4b!H4#b%I7!
z9nnqg_qG39{jRv3a5P$oiQ=z077P6Jx#RAe2mCjjHZ>R|G^WwGI)>wl28<<@8dGqM
zFbq>C6b+fxwY^!6GD}hPuKlxrxA(x-ygAUX=>p?vMR|oH%X5)*tTJ~_m`~&ioRrMW
zEr?-o?Qgqtgm3}03Mp2Y<|sC3?=JWqoQ5`L3|-)RIzFfbIm{Phzw=PRvoUH$7XuxI
zBnXU}1O0pj$oRLk=KfQ%c3baRJ#Qt+sfuTi__)b90@<T5PEVg(L884xsT0nUDGz3q
zRyOFx^Py1C$YlydD~oo)^v;GeGCQ8`XVV=A4p~x5k7w<iSw=Ip80)k(m#q*Z0k_Mg
zP*c@|Dm7?CA~`~&bK-!D$DF!agc7P3#3H3ilC7qibc-({B}56O`koatc{7oy*_~vi
zCJ_+R<rPkjb3MH#`w1^vDm3MK9EowQW`mFPL@JJ_(?Q>{J7U|=c%F=#CD+FyDL7=d
z!$qQA9_65Z*@t8a3Rz8FiHI5$kI8jDJXEoSq4q}7fNMo+oo*6}#KjupHF3yHaR{N7
zhj|_)T+h}zeoC}uDV2zkr9qs5qje@*t)+=byE3wJ1s|nSi3B-Jlw!EluhE%YBM(*L
zq+#`qAqj_f+ij(f3i@3;5o3`eXeSjuCdc?+Tf{HDVNCudU;$*4V)ek20&$D+zn|^(
zfAKXjUHt7Ug^V~2{TE-6fK%c4V?PVPUo!d6`VZqi!-^gq<wU8#u|)~UFCoWefq?y`
zNBr95cn}S7JYy`Zb$Sipr~qj(_H#E}S$Bs`oB$mU9>Zu1bV<xG#u!+^#|+@SV8DaX
zOoRA+cL(BQ+AkG0EdtuRZ*>3P?e`Gqte`X?bhI)F0Ij4hR&wYcst2fnuHqQ}*ng>>
z7@UnWBoiKsgkcah!gX>i90oxo0)Z(6rIC0nj{cujPX)s?x?RN@;~cZSa$ON6*f0*G
z$QVjR$uS&_z++(yMaOWM#A9fjLBcHjYo+`Pt)R4&S+)lOt@oSWHhxvr|Ji5$ivc1O
zxNL+I!n_FN^NQ_h<Kn#QfO3pS{}51+e`pOEaqNFI;{RyG|GpYAmJI_dDw|+AX@$+^
z848GejkSzmtUvB8{CflG-&r&?LQbFCYu7``UKD87%wPx)Dzu&Qi3l5Qi{WM%84jF=
z(RbiF-5S}|To219oB3D;yd|txr!3F0RRynB26&@D_j=7*zoZn)ti`4x#Zf%nHAyim
z2Ki1gl^+<)sGJZ-zLij+Y)q_^#a=uW_?jhEtTIM7rC!j9Ll_+&GMsF3-8NtEQdShn
zwzyG<rrc1=at9SYt4p<_T)<)|DcCxLr<023VsN!31O<=FBaNJ09ApY+E14U4B+t=F
zPC~Lum8T1ChtHa%PElrUWNYn6mBzeuzv<QdQoW?nqQkU%VO&5`Y@$R;gS?TAW_hx1
z^@b&vZ@Wa%GSX-x7EdERs~nHlorD9kg6s@h$=FB`7&3;-ysQ#xvr^V^SxpF-Fhb~D
z*%Nv(PAZdPRc5-K@fTnbnA^v+gwSrL@O&F;AcHzmt2e_c*<-r{w=LHL$Zrk{$wtcy
z)#<^o97M2wEen3@J=z*UX)5FvUE8vVOh!sq(E$>rve}|RI&chD+Ir?6EUMo(l(}>M
zg+=tgy&?6RZdhSdMSnX2G)E~{NUu;5EA@~xQiD~7qQ+<i*2i#C2Og3EoEl6qND9#i
z)uhc|wcc;83h+R}(XbQ-374|5-`uj_rC)SB7x;tY9_Y^|=g+=f&{LdIU2$r=|HF{i
z3X|)%<e^_vh5juc=$CSYi&8R{mAFV)ibcoo;O9ZGn4@(A7r3`$zc~G4<8JWuxuZ5x
z4(Zi8XUjzh736Tbs0%SHRjD8$G0t}~d8egH&4eE5moT~9Ra~v)<My!R`9ZAhdrq>4
zBA(kUbivTtAi=df2kWtD%|c1Ol&LZuC&qVLp;pZ9hn&EdY?6zxa1a}zR;H>Cc>x=g
ztv=N5kx++YG>B{i+m)4Jv*R~((6NSff>Y5joTy}nZN;Ls!hmwiP^TLuNwO9sfn&oZ
zLVXdT8bxCOLBo>9az>%n395RwPWp5$G3urVfe}yJ_K4@YnZRi0=&l#*^{ZMf-qiC@
zhb)IXH40aXUDKiLB3q4zkz#bDd0n;W1-6a!>IpFzqz$`Qbo!|_6XQj~B|TTp$g*x}
z#WWl#L_=6{n0DJ7Zsah$nIJ+qnl?g0;0JJ)aIl(Tbt7_BQn0LFEf8tMDbO+9aoKV%
z1_cNu4jC!k3r7d81=k0_IWF~JI)I@Dl|#HDRkXv!n(P((wfF$<OU>jc6M-XUMoN`9
z+7^>E)5qiSTq2(F-F_amSlj9b4j0EYjDeczf`Fw-0v3pFzz;N<g<>5YYE}jT)i$JP
z#BW!zpjWPGourN_3|44%2yTE&v1U4)V7dqyNJ=!1CmJ=uc1^J@7ZX_;vP(_FYiE7A
zR94Gb!N|1hayLc}iE^gfgt%fJ7Kg<?lOU;%CngiMSTx02**u+XIzk8Q;3FLA2St8p
zI_XS80Ied07RrsJUcowy<(X9{Q&r?pvsGxeFskQQM2=>$tRZP^2%@_#71W`69@3j5
zypi|H3fTo-WfRL{DO<ym9kB~_q9L(lh6@$B2<M}fSS?yn6WyUY?1l2(1gKWfb)~wm
zk-*n&dZR#ZxOBA2)U=wAvE7bZO*Y~^QRtu=lF#Rci54-eR3U4q^AM@#0>4n^69|$*
zGk7VSM8kE8Bgn8qS!@XzU|e3UiFnbD&<!0EQ)0yNWjhi>sSqPY)$*ta_a(NWB~oe0
z0D%b?a#_mA2O*hP1w9+C_tL{?Dof^|k;03H!zPOTir5#?NJR7{KB?IGmQtot-AcVr
z<z#kX7`aM@&gE4hXyr>oFI;0fdM6<;eTq%FL@th~PCGAWv5-|F8&TXWmjWf|;$dh&
zXB@#LM}-jFcFT;cDtxV6&&uHrBXwz{V5ucBuXCfITrYS@(Ji)+bi17}X|5e8<&==?
z6y!Wo(xh6q3rEdLDCM9G6Y~?P2p1=XxZ1W8N`dr6qk%zTW@x6<mPrc9V%Cdk80_dH
zH{3%U(habxVOX&|W$THWAS?ZvLiR>cfoB2~s%z$mN|Z+Rx>;@pHB6{QimGEoFs$d&
zDn076EkpI1d^1_(xVp#0Xjh1%Oi-#9<J_?4#Gz)d&~e<3<+v^gn^bdNrO7*jlW!GE
zL&8o+U9(C>`CiR$bDHPXd;MfQMHPc|b?DT~x^8xZJXYqS5xh$!vJ@wEFy9CWIBb+G
zOxI--JSA@A4WU{Y)x=~viimQzTPxN|x<n=8ElwBgVwUmTY^pj!Jb6TrSR*p3BYd(L
zkH-h4Aa7%Mwoz-URz#OGVNDKEV9NcV2`57`QH*H0xZEC6bd)oBoamb6PNHrXjJDa$
zB(VxwuqmiwS8Ey07Im3x6kA=ohlhr8(84OYY<#5G!$O(@Q7{lo5nKq4RSZ2A=M)y!
zGPoJ_%SIbD!lp?FNR}P|iPuV2(_se+@!fD>GLTMoaaOV!SBNHMg|~S@4iPn(Widy_
zMnl=M6JlG*D{!k!^)(|QmXjTosxd;|6wqqD1&4d-s8}sl`h_f-vj>TAQgWIC4<f&0
zN&)jcoKe^CQgV1m#8mKFo*<qK!EP==q8%5spupqGBx++J)s_hwk@PN+aS5|+<f`3X
ztWuFYwH>08JlR%4T*i>8PO4rfabl<xwM+};+qK?MsW(ED2=_Qu?bVtws3rIgAIr$~
zKI2jup_g#oQWS@Rl8~^gNi^n-K>j|FRtAO0Ky)imrk!IVwMZl0p`2VELg-8<>lA4s
zj`NyI)RIv;1J!$BC!Xu4%rvQo`7-NK2`J&FDu!6C8KGFV)q^UqoHX*eMp&?Lj)4Ry
zkJBFGX3f4GD>=Sjk%kSKE{NTB+(b*|N~~I8!@SmRb5XulO~gE+n-hpIW{(OG%}V6R
zKovI9NyZ(k*b-XGuu^UgTjh4i12!@o4+{cb%qAGePelS*YK5|HGil?hMkZ<vfr3?v
zwhIjF`bro?AmMUZu&Gfekqnq{vNjy>w%WE3xKr2hd`as@%hep=SKw?rhl>ih8?ulA
zq044H2bZ*Xs>3&nqd*%P5SHpTipA1^&Bw6%h}GD5xm*a$LQE?_o=GR8L%P}a1qFdK
zl`=(VN8v^XbLc{}?|Zb`K^viBDP61A+sRH<(&X}R;9)#c=LMD|gsiS4!dWlkrkNze
zx1}hPh*wJiXt8BPu6IgEJlak7Mqx8NNV_Z{h^-Q9c>U%`Wd_xDOesrA4Y7($+(?Ep
z*-9_nNbpX9=@iuApcZ#}P7rHGk_tMKhB3_SG(6TUCM>ar4=rkhltQ*@_aj}>t)_BA
zqAw;Y&Om8u-SnsxlEPL`!fo7c7l&DyO_r=mvgk*W^^%zFv>HuTWCztk&k!*-ulhM8
z1Lu2jx{0Q!NTXFA^+_oVyU|(}PbkBll<Gm~U{sH!h<Zowb1|!eK{B3ZMtTlXA&ydd
zqF;hg#%Z`np$8)w-Bn7J5#__Q%o3429&$>4kZZ(ry_+F~OesjnwR|ioYC<N16l@(L
z5|Cobc^xC`F@-Cra$O90At&Ai^~|*kVsC)ZX<co&eWVy_#WTFx8f1uJx{~O0)2bYe
ztJ&hvlrxqk$Ba1PHL?)yr1e^+Gi-}39OvrppuyDoWSdrlXkvtqTo_72&4waGI9Op3
zjqHS71kYfxbk!X)C}NcBLyD+#>9RD;0bwL1)A52&<xoAJEJ&RkPRC-AR5M9AOe+%Z
z+CY1mWyNWgb(zeV150x)+AXu4!LZ)X=yui9V@#ULg=$?|>9}aosW%u_5bIJ_=;<Y{
z+5l<^L0fLRmxHQ2;x{rKvd?2s5b?|mXxhURYGz_ouY|U;<e(RCQHn0Z248IQ{3sQ5
z{CK+LR`EP7hO%vom3`PMh3l0}Dx#)f!%eGps$doZs4B_nL|+nWBd$~|S21<Oz-|UL
zBN9;gl*b{xc%nxLxE^Y`ZY?E4d1NTLEZ&MH_`oj{I8lb}D1zDHSgKgma<zOT5Ta<6
z>4}CK>Bv&dh$d@zFEz}tVlpX3I>V;OHAT!OaV0FrwGP?RQg}N=#QX*%mYa4+=|MuP
zm>zg6p?RS=iZ??>GaAj94Ylfq%x)Ysw=&8TnI7D%n{+xHM=D_*kB_{3J2`NxF;u}D
zI7X`(KI(h68K;l{8mKwBTP+Qhj)v6TS|T3LbP&j__Rw_1rn;3pqYG5AUaFyxWl$<v
zOQ0m2<U4A*>t)MOnq~}+jh0F%In)zyn5MhYXf@OmT0pzTda+@lubPs9^r>dwYu8fs
zMjoS)zScGi(Lio$sX|lfFtnC%0*31k)no(h^r}b|v+Q!VmxxnIifxpgM3Bh1QWkZw
zI&0;O0$IxRGCiGE8Jo{{8@(dx)yt)vVU}4$B6>wXo9vFDq#W(n)xc(pUAXL04XMwK
zqQHfA)C%hQ*=Pfm>I1f{X(DWDPCmgIaiGeqDlmczqXL|2jB3$hI1m~oJpv;_k*xDU
z2H1RkJU0x5My*<Cn6EYI7}QD9wvxiUIG1XN=#|RvP%x6h!y+d|(+Zjxrqo(Pl}e1s
z4zPHbqV#Br?j=m6#<g-umxz)DUvGD!gL*tivf&yix8MMi)<d|e#p~%IONl;T1l~j~
zY4d5V13V!y+8TyBFdW8^M7qf$PBj(JLKach6@|>;2_ZCy4K=tbphgGjrmPAjDq^RT
zP#U9T9?7*;RuuzbFqAaUGHaRa0IH`%QSHm=mLKH`S%SzXyKs%<yl}Rjj2HT7m#I)q
zJKdC<G1L@M3y5*7!K8;WZdpyZt0x3+(2EVaNraE(&;%}&`8JbF1{ymY`jQvbTd>K%
z=_pGfLaeR;&kiI2+*-0-5!o0{Q5LYj25M{63x$gn&|q<*$aibWSV?T9(ke?v5)r48
zM{5zfr8ta~grh-R))@kIN*;pN4YcChx~lX$hS$Zawi)J$P(L0^v)No3$#Rxn%Z2J}
zJZh_8<g=P6fHqO19dszL9Mx|PhN7awEFLt9d9=`Sa+w$qtoe*V;MuC9>hYp0s`W&+
zI5M$Pt_?>M-BO{|XNv=ckEdimHE`l|wXItc@a%$714ye_)sSjD?{yI~V$f+8NmTku
z!+>~rsI_7c9YP&HL&II*fQWqArdkawM0ImakXNFEL{=p594)s<n(Ow9;=m9KLj+63
z8bW|z<wn0=AiEXEtoc>Z?8<Gu)Q0pT(Fzh=nCk1pO1NK0_jApG4k1K8B-w1suj=hI
z-wBm~9mKj=DibeJxT`dCYA|A?W(@`67#4UkQVUm^_#iLCFe=I_X}4XU!D`7)N$H2!
ztnQ;|zZ@YYL!(Avi6OZ<nG<SYcuOs~Eaz%^({Bk7rctCTHW+4@FZPEcvJ$NjOex;b
z`%zRXl(PL%%Tj$_2{o%yuTCOSDIVxe1cuXYxj6KibQoje2|q-*$%fLZ<-BBDG~2p~
z^%H8X7LKM#7wvRfElDau{Y*@#+My)mbzAXl6_H1Xrut<kM$=81O|^h=9?dIOQm;a;
z)Jbv>)(%-gMJ5~<j|O%!D=|X3AeF=t+oaQVEgVmk;*MS#1|h$Oz)GRir(*qLxfp}t
z9!AIFR?QYb4d&1Y7(dnry4lzDL^bb*n(c^0Q@sR5YWe6O1?;0@JDG^PVy&CU!)6nO
zyGjnKVV)y#Jl%<dUmtHola@g?Dix!b(@ItnxR(u*<GoV5((l1O-$<ZTn;Qy5l&S{9
zXuP6AiZO~(^^PLfLQ-9=Nnjwhji#h#CXx>-wZIMAsYI=<CjyioL{g?Sv|>SAaC_-U
zvY<DKo;2#C(SQMW*eZ7<EIBAb$uu`Y?aY9Icm-am{Tg1G{}ii%z8X~hpeI%<W<o*h
zR-?!!{H&RPM|s9!@wmw(%BW*=iWtPpL5-#)J<ucdh$w+~dA4F<OijfbZd8sJBk9(l
z9T7RUpkbAKH0Y5^Dioteq{*;}WCLc0b-7nbv}G)S#gUB5Ws~8wT-mX@zL4<+yf^aI
zcn(Q{;dRZhQAbQd<x0|M*Qz>Unnq>>biNcanOLIR^~0lh2yUr0Fv#CUa}Zhxhic_W
zBUJ=OP)@@Hr2^p`8Ziky!wyrxc#VY&3bNp0w+*!ki7A<-lwImMqr@m^Sw@o;z$}6x
zH|%&qh*w4+N}jU>H?P%9&f}U58%9F|my7_zv6*x=sz#K{WU-YullgQ5Pqk4Kr{g6x
zkt@S+6HaSxBn*6*uH+hUNsqgFtV!rL80H622B80-8Xp7UmbNr-d0rqCmu+SdHdAD?
z)s7oUxXi#&qRpC?3*a`R!d0x0(sC|{ikm{C>9mq!P%yk|FV=3hlTyL7t2kM-i^;IA
zSpkN7KA+4u-2w|Eji58isfk{q%2X_eXTltBu?F4Mqs2ValcAREiWoFhAwrUdVz(f-
zXtN_p^<F{Y%@~{y>_S$H2y`b<p;V<O;%JJ<%N;xjkcfqW(T<fpzd}3NZD|$Jh1zNn
z7tB#1PD4^jsQNr8Zy57ns2h}|yynI{GX+_4q0*$|Ap~JlH3L?-Qi#n{+CY<W5Lz_^
z8R;MiRo0ktf|7}$AaF=ttmdHb08U`dN>a3&Ns(xJG+b%WB4lD#sakg!OX6x-!i0u!
ztw2^99>?ZAvkPIcRA_{wEkf<0K4TgEbf)Y;5EAGuJQO4>qR{GDl0QNag-=y#j7-*v
zR5FN<AkeqEO@=@cG%^wmrWz^<O*a~@3`Jbv6L>Btr4!+t8F3mJ-9&9ouaZQvSdUao
z16}TCSRvljz`#u3PPI^uv@|Z8Bj{>H$Ksi2m=c@yRw7m7#YnmuxAA7w=6bXvvC)7k
zi!z@_Tqv3CB!WsEJp2^Z^{Z|r1qL6;QajwktG-|0E72C&O&eA@C=E1el+E*Cz&~8p
zxnwV6^C+Yn2_TFT><BmQEH;dqsZ_Py0$Pxx+Z>in;w`rU?A>NGU(ofA597@w)NSR2
z0c6!k)h$vQqn8>%i4$a_4HOz(*C5CYNE|ZsLO-j)PQPSYO`OaR5}9Hz8Vq|;&uY|b
zQD@+S#LA58BuhrGfN*(R_L8y+6wt7Ofk`x7qEXE@a&9>im3n5Pl+=e(c#wnJc$IBb
zB5<u?7pgsOKs5M%3LfO?9s*k;oK?)>NU3`^SM*vU7&j;>rHBRvJ*yMudkIx7ifEX~
zbppqgY0FE-=ut63aqb|Fi7eGjHJCnDuGjtEu%?BQL{q2pSRj^^REi&nLOPNK;k#72
zVh=j)K`7nGM+uCF%Nf1{LdKC!q0w_qvt@B%kLIenoT{)a9qM@bc(|1nB&8&0*`CtK
zcvMn}LFrMX=gW~)jev%gjxcN$$`Lwnm}XcR*70(<Omr|glQFE3nsi3Bret_RLbJnk
zwl`w<5mYX!hSaH&RE5fRRHvdkB+-p!GZhsnVQ8}7%oT}nv==Jrz+Z$SK?cMNyiv)O
zan>c%dcB9nA~Kk9A=+*;J5Yfj(o*rlNG_<|76p50pRBNkt0W|)P&AW6OwEXN3+BpI
z2s8s2nB2GzqN$-!0*}<GQiAT$z!2zUl?0Zn5_~sHWBqhb1)a<2jEEr(wHsv{&U5YF
zsBVW`RjrlHaaSZ-?#W8o>FWZ_0n=oq_6wz#%D$Hi@@}BU`vk;NNf?H6ajDsI8W`cm
zqF5+GbSgd=iCIbeLHljA2x9Pl9++xQh0(LXi9=L8$dG;+Slr=w2?dkrvZ&Sx=Te-~
z<;@mo2n`HG*)cj4u?67iwG|&vgFf6HLVSkS0@z^-&VcMhjTj$}bif3taH*5=a2<~b
zP9<3dUSeJC=ORv8A(JRhL>ePx#8}m|oh^4u(Q?NNX{JDO7U9PtY2L%D{Z0wR<5)o2
zK@Fj-l0{IM#6(h^bg4bEX%8ymc($7?WTQc-)(+<|*`m~_*Gg;lPz{*_W5{H)(RvXl
zQn(*d3SkDS^%US_4PtaDJ4^;-sA5Z%W=9^>V9M{3St~~-yTxp#oI-`Nl<!!2DU@mE
zx-!EQYQVqlhlHr^q`_Me#Y88-2tj2)%ATP^Ld|Uknv_m-jR@$&3T*}>A(;VobFoV2
zIyI~w8H79auoaGXni$en7(SZHbfs>y9qan}a4Ies;dF-K5IxT33b<J1tDR`U^hqH`
zcT;$e9^{H_WymsW3Sp@%hy&5#fnyliluGMd5wS6Ekk3_GcsIvcV$Z;8T&)S7WLs$Z
zlHytEdTfAGw!}tctSp;>kH-golJEK{&sF7GE{+Zf8s}iF8yz~Snh;ezNTgS8f7Ie!
zT#fTMtL1nYAJU_+A9jWV8`I=Mqcq5*hRp=qieq7>2+a2SAYm6}L03v41TQxdv3Qt{
z^vO}XRL_a5mBJ;v-zOV39*%JJHYqzq!*pUL&+UOglR5%1&f+K{c(D+XF2`YqV|yT)
zoKnPr7f&{U<RK{oCr~964}}Fe9ne5;p$tT6oM*9^6$9f1VvaL=6}D6^`}Kh&7MW(Y
z9oF4ekhhFMnbXJR379kIT1G~+J0-?f8)Qdp31;0EKo@Iq5fGyGa~4&o!X*n91q-b>
z5{YE`N{|eNJ&A&Xx)5o39%OY|i40bZ4f8R??zA|?!6JG)mtzMMFE){W!O>&ZfV4)#
z6dg+EjJ(dL;^ffA#YV2CXXBx&({#mZUSpA<%$xOCs?v%e6vY-S(Nn67KOBO2QXv}`
z#Bfw=XG1{&&9(?GXHx%t^pBRp>Qy;C5R)UXsTS~PI}fXJoJA^DgkxG*LhV-hph3}6
z#NySouIVAo>Rai8hs$_}>QF{=D5L{}?`NV`xRlA8r9jUcqpD5x!<iK3G{q8>6oISd
zQ<+%QPUX@gU^sUjACGX{u*ND;oGPN-l-Mq0ayg<k$Xhysl<BU)YJ4FeDN#+AkV>?!
zdxn{dWI^<ft_GFp0Hp-DFNn#gMGy)ljd&@<dsJyC`C<jcXG=pd6fQ>_OfF+)27Eq6
zYbhU#7b}(*jcAo&t;*^HL5_C>Tw`4;E@36B?;CNvUT5<{xEu1wcw1`Ks-h7ix>Ts`
zc1y8Hrp1+D32FHp1ee-fKWcz+&m^r9<w7ds21>1($CwcV1p9#JU_MsvtC2pP0OK;I
z%Twqm8tXR0$!Z(H!x}y+%L*3Mt58oNsfJs@3Q5=$>KR~eX6#fdERF_gFf|wFY`s}U
z>mF7#h82#;4M*u%JgyBwZmUHawu}$cimReXkMFqYJQGUf^HJSvmC~(jQO<K6DN;*u
zwfIWMkJ8yr&jM{fYqo5&nnT%g5G%Moj3!b<SR5L8Sc3|!j0wgrvwkR#c8s>vbo92Z
zxnMYsOZ6kLHbOmzCV=(t5DA^>j&R_msgA}+RTp?6Wz#QWxSApV``9lACJ(b2s|DAy
zy;Q$Vn+^^~;zcQofL{bbx+Aw7FeM}q(LREg@?ypA4c&%@6yi-@ZkxI2s0M6^d>v^C
zhOOaZ-iidhQkCMJJWD8L&^=@(MQY95C>dhS>X6ggf}AS#dZ5`?5y8{UmD+FeK&*&E
z#~6B{kR~@l6R(RB85tBZJQ%YzYMctSB1EH<&!AEp4}d+2n>i0v1wsw+;GZKYlr7YK
znd|pJAT<+B$z0p&f^mB~Cgi(N7p)2kp<>krn7%aZga@jfz*<h%REa_(51bS(nxSQt
zuOb8yuHsDzv&&Htb`vqn1)7Cu=v;QlB6M`*f>3zB8s>;{iOn>JnP^0h%6_O+toOs!
zelraD^+XjeBb7)+ZS-lYLGaCr1IFyTAeLWDm$gc4W%DnrL=CtD!+P2Y)qSbPfVpVp
z5tFSjHrxmLCTfhNP(M}8vO!B6(oRU0;|*a@ra&miW~oBEuHx~iKVpaF20|b>Q!aIj
zRez=NBh|>(^t6)Ec{?{66&n1IXCOna+6fbtGmS82K|m(5Nw<*(BUO=Ms1KQiEC|Qt
zB&*j~uwf~YjA2Hl(D!0(jH}3O2WeGu76|EeSuAZdMzJCsuVERP`R~(y(rTCO#w<C>
z^b~%;MgkPk%xbL|NtV6bpv-iv4id}uq70YeIS_6x_>4K^gdP~wt(#q7GfVogSd2tU
zc|HUMJlkR#Zpy;TI54fc{IJ(oRSfb6ji8t`iqfD_=kPih9gkOa15L8ol!Ru`8jIRe
zDk4*?R!4w70@`S0^0&eO(>z~GH>)H}mi@R>P|5`^RIWC3p<4`?E@$GAq0ooYF*+><
zqfn`nuZ;A(6c0-!rIW9BOf7}ha6B3H{IpPF5;`oFqn)x4b4GZZAXwOImAeVGp5{mv
zhRcL)fYxELgJe0S`Jo6@&ESC+FQ7uI3frj>ogGSb*YJjBL&^tPJyfU^v#tD~XB&3S
zbu%#~64KOsc2FrKlt_WeV(~(rOI5>t3gWzkgr-||xo+0Lj0mrvAQ``JhOh{q%Iicy
z0RPU@Y$Pc=EL#Xw(PFSAR7OfTsZ=wqRN0FMNiaKuhB23{mYXp!eWS0I@Ls3oMlrnl
z|8@MTlWO@i9c#7dG>BvSgk2wwMsSr3T7INdYHE>gh)kQL)<}yGFD1fu4yoXZ9&g9w
zVQ5%r5OJmGLv#rW6=AyAf#s@@BwOG=rdp*2Hq6E{Zc8eMn^4-b!K4Jf)yp=FVqEEE
zJU{R1!`e#im!bm3ZIg*u$0QR-E{f4`!4zPmiK-%KFM}+V6-XMWmt?xYCj*m^izN<X
zO<xDPB<Uv_@qVqC!!pUZ!IzzK69KQ)DA-6@kcU0Q0MVKt3uKzqA7rwukE1N?wuf-9
zLJ2?w^<#aEA!Hj&ld2X2E^3q^;1k6Ro9keSz^BMj$MdwzFrKm$5QS=hS%6(wqnlK-
zSCM(a0)cHr?)DV}cs)(u8-_v4VL{9`Lsft&kQ@LLsfdNhVl{<&rfo#U5UlrTgw40S
zPSC3)!M|h$qhia<#q4T0WtssrYSuEo7{Dst4I!wEM+^iRMJ$-%V!WQuMclF+NtW{9
zg|4GIn0?HriK^rE^l;L0b>N<rVaE+JRK~>Pj1#K|HKu4OBo5pzrx+Rz8NJ{WIoIj>
zO%HW@Aar4NZNJQ>>U=_{5+jNjmNLM_il>A&&&CEmSuBv@dOwusZO}hP)m*bV9?z=N
z<fsaKmOkFEV*P$4o=70YMu;Rtc#yG*jYi3j49!8FiS$GLYK!Sweceu@LNd{gvb~CG
zh=$Mftwf4Nph}~VD?}6}gVxgl<2QN<Fcd3$X2p?5Dxbl4a+r$;wYZ-If$Wvp53~zL
zcv8Y}5XDD286A~H6|Mwb!AXunjg+Al!VNGhF`<%{-(z*U=YmOq1|hqK!N5?yp){;c
zhUoJGlFLPvAuQ$TemfnG`bgD42UIHJq`VU3&`Hmfq&zO?a-zYTb}KKKIB&ZRc%|`2
zYNg{ha=*!qI*4f&D`8nxq2>Uq2JJB3s&_m;B%u&Uxtny%5uUElPAsT*u$ntW?0%B=
zM#B*=YVm{_?X<Ia-V3MO`Ba`&+6<#4`r;sv{ug`avE;atW!n$J09p;91tAD6W&jB-
z2uX;qf8OI4gKo2~TU{CX18Eja5^z6f@3kJF)k5(PI^YD?x3l_%9C+Aa+@lHC?o*tF
zHODxqdz|qUlsNPv4kVrCMdBS@^bxG@eJ3A2tzn;7{k+y=Swg2t?2?HdEt5*&@iiwn
zIg~Xi<U@wC4fRDZvH$V@&)C^3`n)Xz9v0FFteLv%5S2bR{_GeqjRTh+TEE~6T!Fiv
z=KuYxyC5)K)WG&(N2oTu7FXZ&`QAuaJ<mk~VRel86vYK`)kEq(_O91N-Jq5N>z7P(
zFBfYJMDTME)1><hL>t1epx-N|rJA|)0$u-CB<Ur89y3x8=7>G!aC?+WKzR8SMdFYc
z3zi^~rX1TmboTqj6<;!W&N>NohdP3ft^5Y*snXX!cYaC(@c@ruz$IFj9%-*3)meP|
zoajUqs|>RPOuH{c27i*($~gjFVrBr@SH|<uNnr3!X4#j1eDsw(+=__NzU)Dg>5rTr
z5{=#oUDuPRtb!Pu{zikUPAltPYJJA?#)chEF<}+QA^gMm*E%*}YfCzEE2-!@2I`8X
zdwzi9I7uM=_e5$x%8Q%l$i{D0q6r@)U2u(HCR|iOHfqgRFiXDJ?x`v1Ab%Oc4;<{x
zkk`H=!_{vQN5ntQpZ^E>X;sMIXQ=2onBXa9qB!wOMBS`~R4z;1fJLXAj_X289PmYX
zz>8gH5~(R5KV)YRJcEp9tAW)yh(CI_(Ga0oSt;=dwsk^JoV+3^n3TJYn`K{q&-}1M
z?N!d%LV7J)7~LXTXwQbOQ(kW}S^?+DP>M{@oneUQANl^RRg`+;vv#c)gpB%&!&X$R
zMC<`pK$3W>JR6i#D?6F-`0e|<d-BTslt^LNLEzncd}=nTe*69oWUUY|F(C(wzz~wt
zZ#PZA>GId??;<f$uJ2<qOG`lz4Gxr*azJ=ZLmL>q73mHIEdGK7Xlxv4|8WRYIpXST
zQ(ryE6^)%dh2aOt6d_DXN4E??KyZKjhu@zTfeQ?kf<dtYNh+`@jwp61PYgtAAOftA
zou0Q5P<23RSV_be1(Mkt*v)?tj&GkQ%fi3s{nNGxjVw8Zt_jv{@pF9mTu~u~P&v=T
zBus8)KdDLUfQ0<do!?;;1p`fLD0a-gvw_4wLu}7Z(N`2U+}N5X0Pw;AiMoCaUG;mc
zt!y%jiOylcWkmy)=o{Es7PcBpb8^2FP)xxEH+Z2zM3FXY2mm<8#dB15SQn}%^TuxJ
zt6PE$;yx$L>iCAfd>;%bH9v21(7qudP%>H(?t(o2%+};`+d!)EiJ=NA6QXW4c$Xm8
z$G+pc{T{x5<ow1JBAwd`2<(P~MH$K*q;_@q5Ko0fAG_q>R?S!RcPjDw_ncoU6O?(@
zZH&i`9~)5YOJA1Z(__%m>1`f0J$_VHox9J|e$;r4-@}2j_$o4BG6aD_wDrsPS9}0H
z9|qM<q>5{CesvYod)e=qpBy&!;+_|`gq~=}Rpc;lxM@(K9;f$amTBtY<GDo@Lj;jI
zNj&kM^u`xA0DPL3Y5i`0;`b-7SP2p-==tU_KY<Dybxe?|OVKU^xSMmTEci(#c!+*8
zE00mR-VR-)?1TjEF~^zmQ&&OWpxe<v_MY%qfQ-)8xPN5+aR@oa43aUL@(20Wm}&6J
zH{Du&;~Qve*Buy2tB{6)_A*X_v?^qFm)koQDu2aGeNY|bbZSQf^g?OqDE6{4<N=YE
zt&s9(V|-V9q!M~)@U`gw>HEJQ=U1(oeLpw`dZ!>;_}V&<JN6?>%xem<winYlAOu?P
zs$33gaz?C7#JBux*P(LCwXnXR<uokNH4C}@k`h~H)0m88=#R{QRhR>2p5|e>&JNF2
zSgFY4lc*2CAjFG4weaUMsUS^SK=xXt%~%F)acr(2^k1a$kp$wD6*1;0plCWR$U#mT
z3Kv(Gv_ivrY9YvE(BDgN7(uW;U~&8)Ew3iF*c!e{iE9OZ69%`o&gvHI`hbs=YE!8D
zesk0Gc9VM#ZCvqpYrVsze8?k2F3bMt+qYD@3?v;i!(B<&@dikoz*Jl{DQ1nCa=%?#
zuG)@P&5sj=w@3}1|Kt9Q=Pc}Uli5MtkZUIM!F3H6#1<xT%(4$nS=$UW!j4-LA8e+g
z3MT*<B4s-|kxR{02HZ~)a7-{{Qgm-taZc7_C$SyS#!{`Y=d}>SU%7Almc}^<p&7FE
zjJ{TAX&|hu6{<+?Blq%N8uC6mf~sGeW`kn3UJ2n6N6}c}u$X={&`Y608-K>(2gGzm
zG@jM2E43K3KL9`GiH|{k$Cgf`Bbh*UXY#FVRLq)Jw4Qttj$|H%cA{{Wp6IxAZ%@+u
zoJS+($Nb@V_BH+jG#GJv*ou=3+@@($7v+s<Ck=hQK?%gz-g>Z!(a5~8Pp&tzp-bbw
zqeEYfPXH&#DliZqFjU$q+n?8o3QIlb&!>rU`}KJ7Z=@=SEBWRuN+fx{ChD_>61<cw
zrt62s^B4(~+}jsYHr}AGkJ)V1*G4X#dh>Tp!B)XXug3UsfAcTNf6Q}<8^>40N~<KU
z?ahN$lJ=HEY%9U-MFy~nUfwtS(bp06)BIl$l+hkAhix%X&=)Q{1l74XYOK#|3|Gyd
zNuxkPL1L>Z=$xVWoF&&9Nh*GzVOD`Y{$r`m2&%xUUXY#lN8oI=+5h$*{`MdK_8<QC
zAO7|q{`MdK_8<QCAO7|q{`MdK$^PBn{=?t?!{7eH|8jrxZ~x(M|KV@{;eWY5^SA%-
zxBu|J&+qu#fB4&f_}hQ@+kg1K-+ve+ly^C$+I)5ix{B=D!mUTVLl|PmzF~@Y&MNgn
z;;Ufa=5U}eSI_geE6uF;#AWy4oAV4s%^vqI?ebffLM*XhTxDs9{907-A-!A~VxkU^
zANd9U6aG}2fd!ISwlN7v%Klb`4B&F+0BGJ6j<m*|r9P2V1pGUUc)HID`nI@Zb=Y&<
z*gynSn*LP$3eYoK)J=s-JS!G)XGBoZNdO+Dprc3nGZ`A)7YG1F$XwNT0{mr~BYh^b
zmll5_zoA{h68EKCxul9Rq3XEPe?dbm1Uwo6ez<|aT9c92FY(1tzlVPkSpr}Jag^=N
z!QNSflnf}(1r&?xEei<`{((S%P_<Nk@q6-1Xj&pi9f03~rhx6_NK^*@0#33?0pNLi
zk|{Mig{Hsu`}uqL74!Z2_HB)suXM#DqQiOwYgp3g?KRdBVtSU1SQ0CsTPgbQ$zKyZ
zmUrUeAvJXYX$;#Fw1BSE`zX1BGcE75C4j?9KeLMc9{vFR&<xnEj^nlkHgsUQj`8ES
z=Qr$Mo`3uw@LyE)&DO{F>O$`8XC4NKbNJK#J@20%^Rt!3%P2PEeq)x<?hvpDMdI{}
z`eOjGCilU@Yo&czn_Ahm=x*9N^IjPf-v=O|B>XkM2^3J6fNw}&)+`yVz)dbRQ*RJ9
ze)R7^d#55kjkeV34ru%i|9yXl`eT0seMy6~rudpazoVRhis&ckplX$T0iRs;BPcM*
z?MdH>R!7+;$a59yy;uWacEAlg77z=twt46o^wJwXcZJ?V&k#d~c@cTQ6g&9X9<f-m
zB+M(TOogmBQU{)1C`dX0scg9WDMuIfE(%8}G=wGl1KISN_d$o;2%?r@>0LceOQF$7
zFW`EZM#Ocl_fD$!<s;4SIloK*{o9<%iS%x+0Y$(<f}WHjZUAG{0#p_FdW`(5i&;}r
z=AMPTpc3w*?$MyHB=x4|lM4g~0hfd{Kok;`JMZ=V@j*l9L7{;*h$AdFA6RkamvKKz
z%;XnEtzUdOEbrhrso46FKlUR(Vg)eB`WxnDQa~o@cbrXwoOs~UjG>+W^Kn~QA6Lrw
znJ|S;96fGp^pOoF&hMzX9iaYWh4Q}pfMGD>QzcXVC$%QoWlHtEp2p=n^?QWO687Ho
zJC+atxb-BA7@+oq%GS}G?xe0hxjukWI?H_j#&s(<_Mz%0LpXxM&ILd<rrR-H{z(3f
z<n)bW#NSm`!pAv{7_Lgqt3QO7e)wl)tfHl;rDsS}Tkoj0LH7%IRi>yz_tTQc@E3i5
z&Hz~z6;*CVkIyOs@#*(@$S1nYvTb2y0qCd^>v!F}O_7H<RHRE!$PuGM`*cK#ixupf
zx2<K&icrX{s#YouH1Z#wf8IsJC!Pxdbk?cWl5`mY{xjW=kvpAKsSF&>z#zj7KAF#Y
za74dDC1`;pqLF-jr9t!OHv8x0;*TXQ4VVXlO<c+{ku`6Vs25;-SbX#KLOWnl@E~?Q
z&IfVuSY{QRY6A{Pv@xHkq=$Vc=Ey=^R=o*d{2rp-cwl@4h@bFO2>O^{?@w-_>KX~Q
zzrL=TcVqK81E0-L{LO!Geg&i^5QL-&9Rhfo`}Ko5`^3guN`SCQ%vQ|`0U%8Uzp~Yz
z>n3tJ88P%eG+Uv_M46g?5r3*gx;l6=0MnJ%x|u7~q<qloA>@qC1RN85Z0vIh>O(J@
zZv@^>;{qH~ja0{`w(3Fu72#qe&DYllnB}C}%sb1xGR=K|S}Z_rT}|iVoi5IBBpLa|
zEOc~mPPL02%bT6Dq5eJnS%e4N`i6N0$j(fisJqGQ{S;Q~_4tl;opYdIV*_YsDWLx2
z$MXZIF(ISjqyiJ(yvhJdN<jI&mLEz^98Wp{A|{!QxIrP7KapP#p|AS#WI(6NdSD8m
z+3Z-t=ht>FTVCYi(|B~fuDrw=ko_;=$1wVsAvo>J^8ERN@^{+XZ^ig-DwvUf*cWgW
zGwDJDB5NxCH2-G~>NfVvleUvDKdymT2Nk_vfR_e1Q$WhQiPno~4ilWM6$87vCNn;x
zuX;|KE4aWqvlgTYn&mn}h0CjW`tsh0Pp8g=+RL1lM7cbffCTUP5%X<2Xdb|`)dz?4
zCpnTLIH~`0{IE^a74NJ9@MeME4e>ad(DJ@%>7c5&UkW(>mWllmG3txNyvtI+ya0+D
z-wYn6jIJ#^c_O!YH_F$r?9DvSJ971%{UiCc2ezwE|Kk!|FFpGh7W5Pgpwg^U0C<6r
zo(FI!noHOA)BK+K-<9h3{8TUu8u7;_J}g?dt9As+vn)BwO?QfGw!vdh1Bm%w^Za9O
zDUR={G`VDJWMm5}a{%I*U+(XCgv9fOPTzW8UJW=88y{E8?cc+npjGud^6PN&$64^#
z8`1Mah^k8rg0FgeC=k~{wk32IhX0=Xw|xTl<B{vD^D=>xdVC8J!*$`ay&C946)t<p
z7&B>4Js5tEzrzChJ~vEf7x-Z#23VJ*00J8H$#b>&cwggZJ!OketXnRB`}|WFEQhc;
zjOXGVt!*MIj`s8Y?eCwwkXbi;9`n;a8ToNIFIHrEf5BhF6DKqvKk>;yDR$oaMfnGg
zP7e;&1i+;?$%0SC6Net$FZU<?n7^0K$2fwcynl2M+QV7vgR#<Y@{j$vf4awT5yz+g
zZH-enYl^S=smwlmk{v>#t29w5r0eEv7kz&Ze+{TZ21CkKFO=8ngoW?Oq*d<6-W{T=
zfx_=slTGbL-0Sv7@-He3C&g@{YTJHeO?r)xO;iJ8xc4)=%6oh)cG;yk_I*}H;a@|D
zGS0;*Kmv-Ptk~08<@BZ&N1N>layH~E7&m;Lf8_UP{0!ozbOK|_x>$UGmLBuyMU9ox
zWQvtbv6#g|7HDVX7Wgo-VqEwVPQMTmTf8@K;{Nh6MLt2SaT(GmBhh~E01+MwdV_O6
zUn!QcXSN~t<XHdV{*#~k8>U(S>tQ|lntRnKg~Cq{1Vp1W?v7*=q=k)=iu?wmu@*o_
znIy5K`OTj8=`uzU<+~W2dcn#o4dcGzgaz>ey9d_G|7`w!8wzN`Ywnkr1M+^_=4A8D
zu^kx!G(+!-peOopN%d0$`M||LmnfcE!4WsV|0cq5>){cU#X5D_LDATkoTHua{o(iQ
zU&dnVPCXN?ytGWb?Z>Gb!Y8`g)E3OA9O_SBFTYFunvpkS2+Cdu0D@26z-3LM@IX8G
z+4IX1DI$=feO#oOkIO-{C4gFu+*;xkf&3a<HrfAPsS}F>i@V<NeHnzBIrux@|0VO^
ze>Xq8W?6GXlF1JUR}Ps1^4IemF|!C~<q7=Kvlm}(+}dOYE2Dtuv+<UnKE_)0tJt*H
z7c-Z=CacL4=Dv!*+iX%V^!NDpe$H>#2Yd=yE~3J+neWYs;Ait*{yG1iyTx}@SjDxY
zLe@QaHqnC=$TJ{%8h3O_dzf+Q(`K<C`*Hry{p1h524<Khl?DD#+}`gY4*RbqmayxW
zXJbFa%rR1idT&MdY-A;}qTwp-KEu@(IrC3-BU)5_f}zu(x1(T>Xq;M#!|3c~AE_|%
zS7qt1B841Q+y6O#7qA7p-I~aTX_k1h3#-=q!Ggtz<s!>kZ~Pu(;>fZ40*vs#=J_k;
zWoOOfED<E0>Eoj$=tg*1OMN4hRB*a0k|BIFfaLf5?emMldr|GVZQqH#7Uyb<%l~L3
zbIHSC#<U0g5_7xq!(}(WD1Q!2N+?6cH>Vg${Wd~P)GI)r``!NQt1m>{%5ox~ajpMm
z0wsCM{mbX){l~0O**F<wbBXQSw$5a3+iyQV$Ueb*zOy}c<*R;wAD(!H`Y-ZdXTZ=J
zMp@^|6Z(C=^iu{$(Sr&)@3E?{i84&rcOvn1#=!IYTl_6Q^3R>A4Q#QpDo3Wb#NXv{
z)hOe)zkd|GE`!i#9__uBythi~(}A5|-XHwAzwvB79S6NHR=x$QHwbR-lI8d0=YIB2
znBGJ(Aj-<<&n+#n4{|b)Zv39}%a8o97l~#Ed0#nkF%ED8R*93v*lY~S$_;`GK^ngY
zK?JAr^4t3x2#T!eI~UjzkF{Y==)$Cp_n+tw_#gD=1iWLW{#{CD#rNxL+e(Klu#cqs
zf{ZReN?%9QKtCjp6935WPfF<(?M~cR<UI$U#VldFojTETyr1gADeoSB_hn3>Zi2Nc
z7>`g#3}ZRG$+r{Ci$jkRTh}kAwjbmW4*NUJCriz@UiS_uGfw$@x7hMFsX+Ws?~e`C
zk)3+z!a2w`bI!VLv5NUT4iN4{7F^Qn^DegXMruPwhmbTC!>J!|IB0f`au==sp8bo4
zI>0#TNjdcB?bm&`55G!Q<E89R`!y!EO%;q(xRmBA8B_Tb+EdBVadbfD7`K{N_>xt8
zd8Eo}@9Y9){jy64`Fr{=B)+7k7gcwJ-@ZkVDV6HI&*tL3gpbt?Js-JZnj+%Irk27{
zFQ3r%g8fD6_x>))9kH0y$tbk0?sA=_w>Gb4X9*AV`MK;oflLQ7Kif>Z0nH47e30Ka
z5=;v&Ks?r2ctrn^`%|qfedDb>0@Rk=uvEVt4FC;ntM*ylQuFladZr7Bdyl^7bZkP_
z;I5CbUq6Y}#ZwKoebApGc?8uwB{EHCtvy=5$p7_Y{xW$z8D|&{5Zb4GH4o(PO^n$;
z=bz~EkU_^bUYE@oCZQ@LAq2J%uiUAW-ZCsLVX0vJ@4E-C_8;c|Yy=JQEH9d!THI#~
zTgvO~l)j8Gpl0&9lO+541Xkb#-@dz_2lnu~Yzgp&`%<w{G-l>iad76t7gH<}bRwP#
zVT{geS=p<Wj58&x6rnPSv568g=^bB{hR<_Xcwti)RF5u1Hc4P7U*ZBO&@uF+5x@Ph
zKmE`7?~ot@j%&{5)3q{>w9C#k#GvnUj<92->ywEaQtpeTcu|ZwF7gERFo8d<h^Jp!
z9-7M^`Tm#6c*2WM`?w9-0~J>>y93+G4DZpyV^@&)#Fd^oB;N|yV17&g_vifadv%i1
z=RB8D>}Z!>dTu<g-#$Mbkp)q=8zYL1kZB^+Vh8$UzlWbSQ#fSDYgFSPOH*xByT3<A
z??JSyYdkq!o<PAh_;vev!sWACh0797nFjSqm>*|rr2f<UyFczPi%){?DpwOpj2(l4
zVz};tcd1&arJaj0UL4Q+so`XLAHOI6*FDwIMP|3cgb3Z9ivJG1q|qt1<J$h6NY_(3
zOdYWz@VWdRepU$;#)OpnN4v1y@h|`^TuGq1^^9`G4bPdw$;wyXP0{T4_^*G=U#pZ#
zpM2Xu*${;I>c&MablC5C|J0J6bOK7#yxV(gma^Lke3&1(*KN8<__T^ziEqw;Y#RHQ
z_b=HYJ9-f+gD0g;>xDq<&Pv5^=NGng==E9E$|An7?`}iZyLYoTs<(S6JnAkj`dS7A
zNycBa|NXK50tTBS#<;dKEuXyUnprEukMhsmfB)V7#Zh<@Q3#fqHA8C{QgD=HDF_Or
z&ed36c9iI!YvnC7skwj7zqo{lmw4w`oGS#q!j=QzD$oDt@_U+SGGT6{C`ocD(farh
ziymUS9G7#M#m_*jxyx5}L^ho;^1+T3RWdZTlT8Hb|DM?Vp6}0OJ#t&)bv%gUNk1G<
zEhLP4K#n=UO*g)~G<b8ZKnjUea*X2zI6876BJ)xFa^QM`knmCw$a+-7_#TL9oWB*}
z{*nB#ANf(w?i=N;{MyD+PR(ZBb!RIc&{L}yMw$5RWF4r-p;Mr8+Ksi+Cy-fe-dNrY
z#SDqH#5=m^BUs=2PCk5E!#=V4d9BB?gie##B@;bbCY8eDYff--C}77bA2O6}s4uG1
z3$XJTLPPLHJV(8HiunqA4E%4NUtuzV(Cjv<dU}5zwJAKmSiPyX@OUAFTxc!5G;*%!
zNQ@&?^Aa=&J1Owl=rwIxZ;oq4ojS8}Dk1B>!>YiQ0g!6`$o@wsNZVI{0RHMF^qhfv
z{X>jP9z4YFg7Y0js5}lLSHd?#xsG6N9IS_^JLPO<!}392hAnZt^kH@tLUx6uP<0rt
z{v5_f7pQOv0{EIEV=b5#GC_{g&UfMmUvU#9Vn)H(Uit6IFFc4z58kjNA?+vqyes32
zvvn8Z;`sQ6tTHL>^5Ax;HmaYW|1_<!eAL_@A7CqKj=<_q8~vjFy?Bzy`_Uy<)o;0f
zc6b;JTJ=G)!arvp_1L+H&Fbj05&M_$Z@=wq9WP~bK>Itl9&EN~`Xv1{zi&81dGGAT
zChR?L+-{mxhhsm^|HsUb%haFf=$Rw=-FtdbuFkO7_y`b`%IeG6m|rzXgTl|Ar&L{w
z-_2k{L*qs;4hW%AT7#H&si#;^r`+AcjH(@haF)~)*}MRDsWJr>MRza|csFN_H7i{k
zb?mwFdk{<ZgbR4j@1lR$!EjDJq=lCH&-u@P=KoDEw<GMt)7T(#J{*%g-%_@5HJgE;
zfrRQd2~iL4vdMU}aM^V<J>|YMtgVWVJ-Q*T%SuGO^{Y_q_AMb?Fm&flx=-ODwT(&-
zT-c*@@{*ALncNwtW~tff@hV?x1m0%|{^Q@@B9GT3a9|X<_)~#IZ+Uu4E%_dF1loK9
zTWh#7BnW0c{xKQ<`~ILG_iynp=Rcz$o9%I&-F9<tOk%++`sO&Y{e52vTvkoxZO<V|
zDMG@35&t9tY+fx?;@ab9RVN`$IAURUz(lqD-m_cO*y?;Hu%x`9Ke9h40=V>I*O^3W
zN-)-T2Ep?K3`xm^c(<woNS?cHO>gV-Ej-d+<m+uee4MCo$Pi?M|3&;Uh<gtt$4Hx2
ztb21k)51Qs+#X-*p;n?8tbT36D3(2H_V@6|psNvJBr#3%uD)ULJd==Rq~FdT+ni5I
z#ksFyQLvFr9)6y-EVmDrE7Z(Ox`Qqcj>@RqpnuQ)E<ZNaWEUN_U-L>r?pS6F#Itdk
zybNZN9RtC-ZI=&lk^DXHA5+{$PGqVF8dP^r$Y7sW5+BiV-|u-th*pIcKw>!HzM_87
z{qM*8x@SD9U_>F~8WBI@Uh`O3dHl=!Ltf$p>{@uJ{DGeZT{EWd?rhk^Um~4TRtn59
z-(803Kr8$AoL}5zPF8n)>p^shD)WHKbKomFgFgx6NMBo+j#!srpXcXazW<eU6EI04
zb5{4As+}}`Uw-t9@<%`KfAtqP3NMLC1e&|u8b_M*kr2N;Kky1IgRfb4g@uqw<PXoP
zuNVJ%XH@OC?-3utq~HsXEsrG&yG^qD#ued?Ls#LU+sgYO{zQIrUa=A+Qqc3wVSWM?
zIO>>|4ZJE{_A176sx0_PCU}T`GsEO;J^zku3S12r_K?oc7Tt8#F|Y1@%~*WFM<m?V
zsSLj-zfVZo_q!>PjfN;M<p`=pvwY#MqMaZ?ya-|#w+T;8WiC-4AUtyTw{WGQuN~u1
zoyA=G?=uJlA#w}|z6`!&n@R8gNPmpV>RKqmLiAP$&sWZUc4sRQssR>CnS06)5x{$@
z`fB3Of_~2~rSQi?tF`bJ3?T#rU>KhuUp0{XrC^%jo7m8eScHJg^<9<_ElNVSf~h-a
z7h#9b)nub)mIUwhftOh{eX<|@1ApZHkSluq^HpWb_&!qZ3L;hYk421yg(Q;bkXz>l
zp-c7Hg6qfgL-|NI{X!JyE58mGw%`r5JM#DB@3vTbb#;kp!}NYU3piRIs88RW+1A+^
z&sw(=IUwmhJ-Gds^k+&T#Wo8<PB)tk=z3$RKe`P~yGZ2B&)6W@r;<SjUJuTX^MB`F
zvRj1e`LgNz1^QV^kI_(lKwrtwpO!b?1r-{ODGQO!hXM2ErSbIvC73IyfzC-hHh7VT
z;z{;ZQW0sEfHlF#m_t>?m_*&<k=>!28}6muf8;m)^*7Whyk`{MObPC)NcpTy8|KVG
z*E#P76HBNkwBg;RSiRywaV8pRpZ7zO!Osnvx{fM_kT@UNlw;^_fWDH$LW<*v?-f8q
zJ1YnsZT5vq*D6`Q-!=DqfW+fS_}}LQBT`a4ta<N07G#y(P^LD<$Cu<z8-gi1kh-0K
zZt;TM&MbrP&;8lI{svh%p)U;ViHgSAe!qV+{I9=(ch+)&am05UPVC5h!M4BthELah
zd5!sKxTO-^)a1h4{`EKf^*10fITUuU_xz#8`fG!J?oa*oH~jTC{P+B|fBg+Vy?_4t
z8-kRv=L)ZdgPUuv=j6HlF~9!T-w>Xb*>^~7?fUn_lp}!%fBg+V`NRME8-y=)f1=v<
z_+BUc;rpeUzy5~5{)SiRHW4VKo~^=nGR}d};s>q|1(Xk;?<|5)B5o8({_Agu8R_XP
z@Peh!jLh-0+1m4*xg#GGyc?G?C*8(*m)Ku_!&x2<D}14E+ObRjeGd=psVX0l-;=!X
zijDpDiq4~O^4H&xEmJ0zZA|JT=5JNV)KZqet-2|Iz&q|N^@*gSiW(U4be|RUZE?ry
zu;;k3fhhWa{S60M6w!__7Xml5jjjP53|vr!Yw)e)gZTQbdYb|wl&X-w&rs2G?idv_
zQJnZCqM#KDsa%%20gFyK9oK~h!W)164Y=_B*fxLAhS#EBcYI6zLG|~kGtk2>oVTIN
z)Hx7dV^?oWhSIT}ywrK|=oK5~pXqPt0E~%i=TT~|-r`@7&4BqBGZ>z&<;x;-m)q%u
z^OzWzs5x5Zyghg=+!?1VojdC1OhJ9-LFH^?6Hl%%sYaNm9H;nu&5%1<++dQ?hF?+#
zZ1U6OjmxIU(Oz43ie3Su!XuRjq7?^iXGWhFFFN+Xwga7D)tZ$nslCh9>19i&M8Dw&
z6@9p!NVm;360xI}N72VubiDlAa*VYZx%jQAyEzyb{4Nv)qZR%p%E7`<vDCHT;q21)
z0%i&K+iEBqY*O~x+a@$agze#@^NDXbR_ytJyCP8IMIrz~dO470_e#IW*hM~5J2Is{
zWkdq+4U+P3p0<X3V8E}hC@ei^-dcbT_<A^Y(h-ZT_1<3Kl~%P1Cx4#p=4WgFsHKCT
z2cH*0JPykXkY_+((O5Qpo$|1<<sbWdtoE|wv0t{Qxjl*f-g4PS^-9*{Ts8>)Wg7@_
zGB>wz<9Q7DfAjpqF+ZH2mwXQiCdT))?(6eeNQ=I>@bAgL)hbH8@magp3qnQ^(ZN<!
ztX`<`nP#q<$#!qJD%L5_di<jPw96Lbn`+F({DPHp%vlStl!|SR@n$(E5YP2cZ7b$u
zsi9x)KThQ)A76%;PoRYqms@}nxe1abW!G!m%4q33)Dxa(pm}v<uCtzg7KIkSXN|ei
zY9_&tTiCZy&?^!?llggeZY(g@$hKT|)<n$3<cx==S@d_Vj(64i#rjlU1IJkV%^Eix
z2YKPoDMcr=HRofJj}*B`pzxog5ss<f)(%Kc+@a_lN(C%jW^iBY9Zey@Pt@aG@0cWn
z1o8HUskM$A6scai?B1c9FCC4nkBv(BV#*XhbAwVn@!a&74$<Ni1~Fn}ENMka7AQt_
z=x&Ikmt$Dx85{dj%CqB*yP99}<(A0dWWR_X4xRPzfP2;}S7JAHH-s;z{O$Z_Tcmpr
zW~@wdy;V0Ewo}9H^UL`QKk_@UE*|T3hQ5xxi}*=@F!2i~zv%t*Bfq13N0n2{VCUax
z0+8kG@QNZqv0BfZf0&}F5;DNqaUraIe|i5!D7~*!;Lp6KaG>9-gZeE}^>6RL{Pz97
zD?~cC70?l+!J-Uh{(5;j_QKi}0PS+`4ov=Z+pY(<tzX_hgbR(@z46m!nKz>trRN$}
zv@F4WZln#7KqA#z@3!FsCI`Q#|H4BYiOCd5pd$X_yrN#|4pDjn2!;X2X5w3ckrwdb
zxUa7mMYUKRIbR42Ju|(#CN1_y_E(3HW6U5KqbYxoZ;hD-uY6Ow&W_{P5fOY=O8)(J
zix2bt(I2UTiGz*WnEKdH;^Z@`RO%Vr#Ow298cL5|*~jf|*^?=rat_4|cJVrQaqXMB
z631f#Wxkl5Ml~vS7uB30T-7kYIsZ&>sWcX{Nv+17VnOuxQi;^}>2rsTe2A295&@~2
z!A*DVARFVWgEKm_qe$-|R#u*OR<DB=tesa-bd*KH3%>S#=8Rp*^T5M6(w?tz3YmUY
zCFTwUTAL0T_jtP18}^IGb-nFp^@3EgeKQVzc^xvXL?w-H_g!=&&ueeOPo9W}B%kgn
z7QvWC^EKRG$_+y{J)rGrCF@Db8G+_=AMC}0)aU?UBW7A{C3%^cOqnB9QC0OaK7D%5
zwG#Xn*7u`MBA1*V@iY{|zM_Z1*`+WxCRl9@uXjq3DoE6((eVzyCjXS%m&@$mLGLh)
z>R%dYTKv1`R}77l?(qzRHEgT^IW=B-T2}GI8D`pGb}0+z)q*aJVG{@OCUwbcKegPK
zn9>q}MOBh&&!g078$AACEN$sV1RuWH`HK9$<@KoKAdB>%qT7z*P6zVKnL0kUUIeS2
zY^57*O5&i~kGs)>W!wls)6R;|M1l^mMfX0gY1?FXIQ<(%V`eG%m*HL%?d6XMO~m@W
z7Nsp%7IiS`m52vMKaua#Q^lSnGupomA2L=tI{nQ{c#n@x58`66VQsTC55v)!m%ib0
zko2o4yppp@`8W75<oQXw_^FqDJnFw&Arp1Y|Ljls_$8X_2Q87`r*M@gX2;Rwqmme}
zAJDWP4d|0IxAQ$AZ6qs9mnb;ogI*avvIVZh1Q{bX%>@l<ztaAE8K{v!RClgqeR!}c
zJk}}0k6?n7ZW%(sHM%)^kPw$cuR}L(=NIt{Xn=pywU}-6Irduoi!Q<zKny8rM6`xf
zql4$gbx1z)CH^J;9{d>Ii(hVL5X}v|0tQ_`BFPRRZ@GK4=mnMjIeb@(NITo&L{~4A
zd4^o(oI}mt$>%LD=1%LHhf6Y4OJ4^Urxc|=nl!`!Q*ojja)|l!c%<r{iCpn<VPYCc
zs8@9}<xM<VQS7xoPc>4Ugyy#j2m7xD=h4*WjkA@M+uv;~f*;2c624Z7DB#7}oJ@Pk
zu^Qu{)o$O0(>mT$w4DTNMwDi<g8X^N`XoHZfZv*aq7taGc5D<^#hH%RNAzNKD7&X;
z?A0py0zSFwM^Ipr+d-X4v^vT*+ZR%(_hJn<6u}KU77$wnNgjFzz4V69U7`2TGsKW#
zUPK-+#ST8UM=X{s3G>P-^Z(1gAyt<e3h&*b%3?;f2zr1%*q#-G_k-4QC-2#cJf8Us
zyT8XDQ(-^kFGevVUaVcKl@K^kSTb5arv7jDFY4WBf0#Vasq!@=<_BLpO8D*k<J)xK
zK#0y9e1mDRhkD$VJRiS@KiUtC=P^=yRp5D5Hr}AGkJ+5!ioK%&QmF0HbFA8Hsa}5%
zKm6zYb0%t*>oKKe1ci|k1oH5W{I~m$+yJ1C4XT|;71!eY>MEx9vVRGG(07Q?w!OkA
zht7GHgfUDF^5gx1&Y(8+_nJaQAF!=j6hR(S9D-H!J)>nABwU#1aC_kC_2G!Fp4ScX
zF&O;Ii#nD!@kp3ay6PFPrV|~$Dzo0_ZFnzPDaH9?5zfjzK9272*#{dtOAd!ga<g}S
z<HF1Jsd)tr2dP=W;lF5ZDL~{3H$(RK%#VN0uT_Dd#;bkA?A*_&WbGoWnTFP|4|ikB
zQ+w_?S=HqNir~Me|NUeCWl%*}(x>$qJa**7P(BByTkId?Zz*VLr36Yp=s=&HkBU~k
zJF>_~??XXH+YrO2`ju!rbw59ypCLc(8Nr@kfbIjn{Wn41;Qd07eC=yOlzRkWuHrTn
zdTb%E$U7i{B7NEqgdQO!-&onRPP?D$JA?{&95`wT*fEA6BfIB7xBKVhysA=LwYC`$
z3_2!C@b$d~G-kRY;}{spol<ok4WWOql3?U0SL_%;{@wh_bu(083v+n{ZLayYb7faj
zHt9!$<us$`3ubwXfy3@0+=Y{e!)FeYzJGd)8+J@N`+mK<nNdoJa}BQb5}wR_<*=UY
z9)ank6VAkSp+b)<{Ezt+_oFV|EAb}ylLy4Jyj_`r{pgu)2H<sa_=>>G75UC<lGaj(
z`_N5VMut$7*Q)}_v<TuI`gOcQVk_RoGel=p$-@^LD|ASn&nK{6dMPOM9*BasiRull
z>XGfrAW6e`aEbR(T90h+Yn4To@QG9|l{BmNLw|+si|@mXM;J!0cSk^%(vxoY4}Smu
z&GRQc{i#3s+xcNprt8MxJs*N~yO91!hGYI5(4%og5;u_8G-eRl6lS;Ce^36yQHTwm
zcnDGmp{65+*%{0S2$4*|?UXbYi^0E-JqP9F;uq~7SK>{8;Z34~vxHRVfDJZ2GD^h=
zQfO}UX8ZIpSn(2x@h|eX;OHk~4N*52e`!Aw5QcKP{4BVK$!h3Z=53eoQX`#3xBQpz
zJN{4RF9(7XwE9DZBiWRr6s^+^=Wu?@gc01rbCn?S5zEM^@%!(&|NhKRE1`jSdYt$I
z42{dhtd7*|lKwsZf*<*nq0FO6FKBFsEBTTdS3@(t&>Q*V{dz;M{@Xv?l?aKMp8qBD
z_kZ{P$9V#|&`QZ4zpGNOkbnXh`b<kC31+87h>v!g1|!jD*~CJ5A}W)Uv8$WYl~t*O
zvp35?!eMBLA;sTZ_%ccX&g_#xW49<REvKd*l;B>(9fu%y^q<X-`3lJE#@3M`!Rdb_
zl{dTGg#OF(t3Ub+<-oU4flkonp5lv*(96TV=<k`I{Or$~6sezji6NV}W}Q6Bi1)O6
z#W&?NGLCq&Jxx(~i{S=ELH*^@Z_B}3t)xhdCPI=oU#4$JqfN%1kCxUjf=B#Hr22>c
zQ?FDY&T!U`5vn)8Vqr^)Z`MlK0r>))oLJmG^wm>~zdG+^MkoyB=6S?)97qFCgPA~1
z$l`YMXWXD9O0aRX1nCyu=qumiQDT@j<n@kbMA69$t9m~&^KA_FeY=fu8Z2Cd>7bNY
zXf_<)!(b=Qt5fqhsvr16XQZeSUL@{!l|HzZg#3(l$=~@Kzes(kvU_G6yl`RYt4#mS
z-+1Kz<If0iY7*B=cCn|PB7=T2*6G(%v7Tk)JD2r_+$69%=Kzzhp_(RB$^__@JJyl7
zN+!7M@A0q9AachrQr9sL`EWLJsL%UGQtIk9A&T0UumCAdNxhnf2OGY^4K|t(*<1cd
z;R&5?1Cm6+1~U;11qc(&NSHoVszZppiyHj2By;Ngm}}w3I>1+Cbi36Qft>B;x;fMP
ztbWX|1Q`$FM2a+*l!DqK&LD32M9>xlDw&6OShV$|7=X7>AFiQZB^d^h2J_|icDzL0
zlt%tmfsLE0To~~fx9B_D+yRZB;kly)XuDk&c&7Q^!?gH~z<6Z(oXDQgPk=!CN<d&m
zhQO`@r@^I(MGS*Znp6zhj4RhhQ}?{CFY}c3J_9MJrZ>|Cc`+^B?n!7oduM{saQS8h
zu*S99dUC+r!#9&?(g~=ts0TPA1vo?nsgAAXP>3D~RqPDPJKZ{8d!oMg{<?#%w51{C
z^s>C*yRFR4yO5k%AQTG;p+M1F=n+<vjJE>-*>NbSk;78yUF$+%Jjirh_cy2Z(;L*|
zVq}~ylQv62W=E;MDmLgdiU75@F@VmKeY+cJPvf$+D>m&Qr&BJ&7V~;-C~sQ1Y4VIr
zP;ry>=f~isW1|9>;_5Ht7z6MV-KpKS|HT8V8R||~xc?I06#sq`Sy9lSfhf{L4zmxM
zCfbDmcK^F^ZCA)L6RRH=yEVHKg8ji-CS!Q#hKU;>ge6~<ys4nb7lHrtVLzwlg}QQU
zgrCwDndt++_2+qr#QmnkJN9xUxqi?7ie)q9>m8T>Kq!LZ!N8vrT;I;>7jocX2UL_z
zxOSi7EUbU7Kg8JCEBd@G10ELA2&|d9>JXJaH~#Dx(8dCn9$LTPYxU{wr}_UNp}fl}
z)#kHH&{bsD7H$oG-6tofA&w?eJZ7O;;p#c#G2=c_*{|aUQ*v3oapcg3Ll+q<g<)wg
z?nz5?Dy#3$;wi~hCi4^_6O;P2zV~Tjr`7&VTgRz#0h=?2L=T<<Vh89mj+D<81*n}t
ztUF5O_n&+IOuh3IWkpBl=-Oj2F-^M>FR)gP#)&#&7|Y>JzMWuR9Lx;AZXq+LPtf{D
zQbDvchv<Hq;dQQtd*l_dE~5|%>vHGc%s#Cjt02RvC|Cq`nyl$(ll&S_)V9U!M0|(&
zejc2-p=p5~v@VSL8o?u@uBHEfa({a_+Tc7q4;)K_f~Scd4?RI1INaW)VFB4(n&r6U
zX3DbsJ@@y|GXl4X$c;hP!Q72HxHxpICJ(#DSS?3AC%rDW<>IkZzsNt~2h<UQYp8pz
zb(ovakf<PImpf_Dmo-a9D{zww&D6VMh)4epw0A1v(`ZYb?yO5c6c>qbMbzW(cUXGG
zsNL%cS26bT)CaKjh09U}RrL0O=k7;;Ec%iLX-)Ape||?f0l?f(&_VxP{!l982`@hF
z<2GpT)gNMZ2R8RirU{mur}R=$7aGiv|E%*b&rdzU{geGleg~Eg3NdMOqoNuA+xM4_
zSUTXuHzatQ`yDr0a^Kv)h(DiLN&aBw?qrbMcUsoT?n&(a_ILjFcm8|*ogeq#m-)W%
zVRuSXwbg||2|2yA?|%+IWbPl8Bj1&>jE1b|)kM0m;LWC19!~)?Nnv~fNp$-J7h%l%
zz}6wdYPRf$Ji+!CJVw&%`LI8=uBGS6zXuCT*a`k(CRXv-;Ojz2^RF5OeHhS&`H3GN
zJtL-&by@a@_nrGYoEF51l$Ik6pSm-7K5P%0+Cja<|Czs2nrs!z=@Tmr$L?Hs-e{Y|
z?`I;Pk<X47B2H3CEycZat}>x7(~~pEMq=s^V!_Z*D;(8nn~)k<CV2otQQ{)TJqD7l
zw054#d(+K~LL>5OH7bPJ_s5`wQ~G@DW~&~3&tBY6)au!4;;Wfo_0?`%RpZPDzPb0i
zKBLjb5Zc5+_o8?~;y%dnbDs;;I!gKJQo>~1&-MH90wwIJ=9v2zl;No0${B_@1niS6
zD^Nn`J%fU+IcK{X*9n)2Cyqh2Hi@;Cd@MV)yVmW^*LSB^V|L-S9V|&R$vwGv&S{g=
zm~7LOZx}385#7;m5$_<cN>>7toEQVMg&|<EJ58EYXy!mjfj0&c)FlXj!Gu%_z5P1t
zP(~k-p=ogX+FYO==2t8m-~au;zeS$gT6D-35$L<fa=b^b^!0L0pz?_1n?X<USa|in
z+9qshzp>b#eA`Z1cK1Z3)aFtYWNP@f%jIbX!4=cY91%5+_M9?RkVhKMG9H@h`&#ZM
zNr}xd$>I2<r`pXG**~z)mpZ7LHIwoxyA2P#wq<zi+h;lOSu?LfwG}!F<>7T0r=Sf$
zCWPsqG>|>fromSk{1C`Gml&IL>hfy=ok18~yzKF5xEXL_csfxDBZh>2h*g1QtJl*6
z-WZu#zi0y@T;fstOR3N@{_MXj_omud7oWk>V+xeI@1)#bI{i&vw8@jK!A=j**m|lT
z<Vptd@|m;&XtYn+BGRh`cI^?ARX(;Q%zdBktnZ4E2oEUST6`!6;q80l5FZdX@!}(G
znaJBq(#I;xiy?`Li*pt-Yv7t1g3hkFuz1GKxcmkeds=XF)J4w}F`X3&qrOVS!kV#L
zaXDmOhIO$CutgNRf5%Z>J(<zjDV}v40h!4NXSWue!s=~ssdv$Pz%ujOn^;IaCe~`2
zfR)hMkRfp@CQ98M7UX~#DKm4)AC9xq!=mvDPo_ukNMUpMl3&vOl0u9cIP-g;UGA}n
zV69aH+#l4OQ>?g77IOu%Rj{DfQ-cX|_dQ%S$WFF>?s0qdP-O(ZExz0#-nmZ30yOU2
zp3~xY7?1)$pz{jrX?zzTlnnkOI~G~AC?dq3hPe<Q%F2^PTCMl&fV!`H<a)vP>`?h*
zS6HeNDE(pw-b!+#fm)GO!3dAYn<Vnz^>dzt2Hahq!L`*>sFX+vQ!F>vC}=^WsSgb?
z;%UQe{Fogd$A{-8@BLZ@jc2hkJG_w3)Y)DD^#;P;2$md8T&o1FP{>{5<rDW%t1Rk|
z)<UcT!FpFZSsqm?sIT*d8|`hnA19Km+OxKF*pvePZR{&fyjjpM#Egu-QPi5OSUDtS
zm|w<bpZ~A5>)Le{$)fWqN1jLPTnr{k=U5_{U@$rPjT}q{oAC8hJw57l`=zDf1*t^U
zt^ie3?Y-7g`ASJZRO8(zWxS>1u3GMuarL<9k=H46<x~}$(EtY6#qb=<qNQ>eAw%4|
zo5(6vO?%r<8~dQ%Y1Z0#(ldY~39z9-Cm;$4ptil+XE0$6NmMl!5R@P2jPo~l7lcjH
zhK21t5LY_03?*oK=!yx_KQq7}6cvaQ^zfSvmCno}_SomDTfd)KnA@_CJl8oH`oI<j
ziu65U_H)UwYk)!yuJZuLwj$rpW{Pxpn7k(GxI?*Fz$1m8knFA&1y0)QkkcvZMYqy+
znS0C|UeJ&8D0-~a&&0FA^Zr)Ez|{pgCUO%wWiT4KVppLyg10Seh6`Vp)MeLR*S4es
zd(3y42roYo^$z#+QdAOow>s9Fe08v5`dPf5)zgh@QaIu=A97m}KUg4}1K;g2W^vSP
zKv$ARFn1fi^Ea&$&f{QM^GO&;`wU>APv<NcC0)_#VyP)mfu~J>m~(32gvSiTmBvm@
zs*1uQY?1=5#({q@$~B480H31Epv1z(qjx*|{wX2q&XjNmOh|*tI!o<`s(?Q^Yr%@+
zs^%WRwhG%OHi{XN+TAt#dsPHHtDNk&=8z)Qsl(3ND!B(%dmi3%T&LEkwg`dI#8V{m
zmGNd|ogN9#ni$6(E$6s|G$I`pt^)fqsvwcLd5#-1TPcO&EX+O6`XCobF2JNLW_{rG
z!7hg2?Az7>uFTlvV|8oP8%klDFfTQOWmh?q^SWcPWtb_02$+~#(xy$OVtVWECk-9n
z0f~$&4{K4jLlFzKU%^@e87rGcHLsU^w|40(qMxkY^w2`}xv`T8KpNX;#5CR(VDFT>
z9P)R06%5>W0L$L%9y&?yt@%49#oa3m6qAlRR|A(T%UD&I@5S}WMCxF8Z$iye(|xEV
zA9c%WH0$gMPaqM-AWLDq<$k5u@dg%0#og=C*|?i})3bRnCYa1@OoMAl%limV(XeQz
za=>A|Y_7pe9?~&vv|F843uIcQ*gC2Oaf8;n!?HJzW<l!&qeB97A4&;M=Q(rt#|VQI
zn(E@>j-e=sCORXD*iJCv=*I`!y>&1dER3-;>CM8YO$l2HnWien1VNW$DKCAPBN_gI
zmhE*zOOmN02OI8;4c;6V5DcOg-@7`ZA8D_9@NL#m!4-pc$N7S2#}@fJh(V`qp5thn
zzI^?Z^wEY*`h8H#c<iPwn}4X5q_aQFba<6xYBm$SgkwtgeO<=kTz2i@qfEXJw60q^
z&q`N`JzVDTmHs1Z68CE<3eE7!;X-9mlAbC26Alsd6O9S#lT4HBlR_{wJY{F>gkk@v
zd^>H!c9xPqSs{>&BFQNGB=HRXMBxw^fWzn$Nr*T(!Eh3x#NS$h7>x@qUzQ}?Y1=XR
z%NHjJyk&#lR0PeGY*D>fB8^};$o^Z(mrk3s%G<p8zb=luq-^tf>(j&K%cT{E|44!0
z)-Q?QhiM+c{cxFHV+KSQKYvaCg8uv5<qP_)u%EL=;gsU&;bSUyFp!`Yhl_~--{jZ=
zapBER5<3>hw5Z+`zx0dzU~wPtTbeKO)*$5a{kx5yTV-1G2Z%qm{tbV+@Q+`{;P>YJ
zwFQ5v#t9`47Xj=QvO*Kp^@twh{@CqW5n2zI_Nudw<0)WJFmd;I&N8D*>)J?Y^p?E}
zh4%0FCJ#DjR)!~mM|k&)z>=)i;Aa`&n&jL4y4NvjOEw~Q*VW3qHf_K$oVU-%lo)0d
z4^};bEy8%Z8GvM<>8Vr!-<*BRqLb4}h6c7w0XJbYje|*ydd=w*e`(I^7@SX)1U{fL
zeSzo-2DX?@6n)4VTl~?koO9pp%1>m}c%fb}8E@Di&Na5-{CQKa$Ce`{4OPHN7*nph
zArnl~aMU0<P*A`sDd5TGIr$u~AuO}|rlG=C+s&C1nnVbhsXYzAwUWQLBS2Mox^fD9
j!JH`1ji&m}7WsltpjYVcKaANQUP{OxRps)p|MT@90e3!h

literal 49917
zcmeFXb9ZLJx9=O<d}7<SosMnWwr$(CZQEvt9lMiG((z6I_P%%Qd&jx2;GFfxTH{%x
zYSyZnHRreL`IN#BP%tzg2p}jRARr<j%sXk|4PYRk;qRZQKu{psBKCGJrgkp+DxMCe
z&bss-wl;)CU?7wQKp@}c|IhWm@d(VQZAWc0BKb1>A&AlYQFDbMP38Dhh)MaUsX_bf
zas+$Z%0+}_liXilb26;SquCnQLf^*5a*m6;c+tYKwY98cSaPddS|`O>v7owlsjhY;
zep|k|y@(K^e83|-b%Q9f`gj^MdRteJTB)U2+GXY-H$}zWB2b!Op)_$!0yc-=m<Dvk
z+Coup?$qAo8n5^l)-%AU^KSsW4ICyx`}wopq%@CW&))oHB{eV+Ko^vv@P4iml9XkS
zwM+c?GFEnhEHt8^Ld3*+3dz+dhGQZJLtGfa=@VvypK!GeGZ!+<m>3(I;?KTlCh>z&
z#d4q?SvS7oYCP}F2+@tVwBZU&v~|Qgyv_X&yV&>ZUtY%_UA*wjYjZZ%mO|a$I~0E(
zOp;z)9nFY7UYYMC@zTE{<JP|<A<MbNGV_;}lMM4Dfqu^s=6d6pEtF^QL{!*u<^o-B
zg1^W5N=x(-Jw27PDY0x_o`K3fe?V>hGBk-DH#Vujg=Cds2tLOyOCOMguN3nUg8+xS
zhpk!gaf|gIn`?17V=}c3kSupgp0{5%&T-*qI!P(-!*uk4|H%=<?}d?<dP!nzm6aTg
z@K#r&5PQ6PYRde9Zx*0)LNjrX_&t}uzCeK#{$B}U2zTCy={q4ff&u}-ekTNdCsP||
z2Ks;Z|C0#*H;(@Q(e;|;S!qxvB%uB7eV&k?-J5j+5iZ-&P~hN+uRzNtZXB$WA*8EM
z*Rs`Om>1L=#z~V$*;ve(wl#+JfFg4B2S-JxFuA1f1n@F_=;t!5DYK6TaMF076X(y)
z%a_et6r4&oD)%+vijHQxRl08%7Tqii)ku&?m&b;|P|^!i^GKkvP*gGXq#Jt1_1T)9
zJgGV{tfS}Dw(<3Q5$FsZ1%p9>k^+|CH_?>jULV3h(vo3QC(XZi`ze8@IXmj8@CZ6#
zg+-~93?rqcux!yu(@ZU<`ACDlBpAaDdBtO45Lw3H$?HJiX70SckYMrtjN#jGBUwk+
z<zfPpe<w1c?$0jXqo_d_sV0(Et*mv#P2SWWV@<#!+Qmx-%>kV&%oYQ3i%7iqM!D?%
zzl<<TQ$lwTFd!gH7$Bg3G3a5#;BN0^ZDen6{ZDRd)NJjy*^xf^4Zeg>LH;BYE8b!p
zqBW5f4kisb^qAnmfyIc9i;^mmoNov%eDxKZaLM&z=y4B|k7Dxq+}v~)&-2?=DR~p?
zD5xR2x>%iKS30XLyc$+~F-^xPtcQ%a2L4b>F8q`U`TYI9u0OXHBe2WzQ~@kV7xt<&
zMb0dn$RHIuN@XnxPXjwfLu)ueAhYNY1lvd|s#a>Loo26=vE~(y^xK$m!$`<Esli7z
zQOk`mCq)Cqx3MJlY_aMc&;j!>u4;T#V+C}Wm!`tsUeKj>yf`W{%h|^;cm;po0v}$F
zC}1LF{7f;pG^mI^%Y|w~BoDlGB}uRmPm5Z}LBE0fy3a|vesmOB1-Q|0{K~C)$4mQy
z39HE$7a^=wqe14p&9&H#%dXAOr?Zf<<36|Qu;l+GEmpPCiUOO7p^{`&0m*1$eQy?2
zpS2j3)?fu0czt>DA~%PM02<+|BRynIJDIVHQqorX+1zB+IQ|2Ic&+T{7X28^36d1-
zL@@dRYA+f(?T78?bRmD-iSiO7lYAhUJtz7|$DE_o3HbD=k1WA?4>9=Y10UO=$oUr}
z-=R+DFc_u_Yxk-B4zP{qinSeaC&WDFB-!5&YylxO!nJ`0*(F#97N?tw9Er0VGH1v(
z0<XG6GDoA1NlHeDU?D3~DeQ7XUh#?cz96Qb@lIjtPMz=#LHHN+q7Me=F!rzLCSo*N
zJxd;qZ3H5Zd#oQ@>ZT3UrW`3Xqt$3D3fn)Ix(qH0Z#4LWa{O<`A({$U>$X?5wI)ip
zm>mesyE^4V_-O-~?}G)&P}<R33qMh~gJ<G*Mj8}x0XG26F-l;>kigs+)cMIIMoX$p
z@0_hF=$~79)!L=w>He0eYD@2$(V+#1t<;giZy{s)Hkegy)Gbpl`z-jC#V=xkDYX&-
z8VCWL-h_8OppE`O%m*W!9#|V!dTv^tk56bOLe@$ZE8v$;;@UX3?54W8yQV6o#zAC#
z<3SZMVWb^5@S<I9C1OG=;AQ##f8+GI)d>7}BIOla?%$xfS)S*-pAQQDkRaR!-G2-}
zR|b#_bomUit+t-C2&Umtk0-|Vpfz0=3M(X_I@NMEK-3wQ#+i2<46qBYH^w$*Z&YHI
zNO9k*2v=%zzY5$`wJC^wJl1Q_Go`b{JxKgrW+aP74v`cSPDS4DmUlY}C7A|}vI}D#
z76V=QoN$L{n8aleoaB6LQg51iALX%+TCmw8*QhHPsk+#TBUv@u-rPAV%HFWLk!_4A
zi)1!=dx~e*3w|Wya&mTaJ{tRdTD`fN=*_Uaxnt{gb@JCLWn}y|zI^%bH0?*Tz|gyT
zxErv#Esb(>`s9ni|1w>?D|?obeG9T5I1msv5ESrty7(_m{+~(X|JG;V?}hqz+5f$-
zo)p<1BaBF4w?SWpM|R6@uDYhny%7!Sx`Wn|<peg#DKj-&{`O~utqmhT&dC^2@B0v0
zGB*kQTyT5?hsUr7mpBcP0jAMoDnY(Edbe)0!bxQbwQPhMh!Y4e*R!AST2i0LYqH^q
z>P(axvMYSfaa9m>Ol^1oe`T$5vX=$bp5zN!ntjbAo6fiD!TU@z7g{jq@u9c;*EycA
zdfVwH#XF-_vEV`)3?1Esn$MM5%+xv%6xz6QT6-uL3~!UM`emE6l9#rd7&ahTR%4hK
zhi2$O-a6eZR?*~Ioh*a=rBuV9)J=Nm;8qufp5zDAsO9m@QW0A(4YaV=HHHw!42KAj
zr{^DA$@(meorpvPa|Qx=YkAp@Q7<;uC;k7+Nv7U<S7c291T<3*1O)gl@!y){Y+-8Z
z;>_@$2h%@s%1P0+-(o}yyQR1m5bdLgM5Q2#Xt65Xsk$!GdUmwMg{&cWG|N_EzwW=?
zAQ}i^6(ZZu81bC*^xaK9f3#NiX3()D+6FNc5XHC8q!sI?U1+a=E@rxKDYTWc-n<8~
z?G#^EzulANP~y8pKOF-Vu7+)4F3ScBG^5#7xSoz{cPLM)Duno~GA-a4wLHhSx*&uZ
zX0@oWP?XQ8a0WD0f&FrxT!XilMO5r5gSc3ySv(J1YjAdeSDnAK8!=f1HX^bzY(t3Z
z36sT7t5tDP48Bp9p?uIo_aXi}CW7t$L8?rWk))+I2I;i0?n5nrcpuQjcdqiK36KF9
z)eo`V2S)F$CC$0gTm;7GM^3vjeCk*+p_>Bv=$jnk?VP@mK+fEYmE_Hizt>EPl}r)y
z6h1t{knmqvZ9!Wwte#Ttp<aN`^O1H&(~->$?1SxFl(3#(7)7n;V!=%^IKtZWJxR^{
z-9^7Zr_&IoEBRuR?-RgBbaZAh-FvMJX)EA+MlO{ok%`Rkj{JmfK@^)9TiTV$=uoM2
zk7=)~O5aJhF8sCgQ{+{Nzl71~wS3uRose>ahFcHu;${bokGlQ{U3cA#{F0!EwHhS$
zgOuo;^T&e2ZS+r{BcskHs|fl1m0DYhW4AfBU{ByxKO1FcO;7^AUh$1i$nIrzOb$Mt
zDIeUEMpNtNR#YJG4Xt6|tEOLg<rD$BxWI>TND_Xy5{5Cw&RF{>;{lv1iTY~blx|=V
zJRk^&;Vx-NlxswU2x1}W=)iT3|K1L!<BPQ!3*v_8Y#@2qcT*E0s3HkWH)Z7Pt@wP`
zXB-enXG0I(@wOi{T0nUTF+eGkSPOXgjPJeMEwtq2cX_q|d75nnJ-+(D{I`$!&$Q0T
zy^h<SKo-*<&46qeWsquafH&D_6Tepm#07pdUmA>WlG+nQ(#CH*<5z0GrjBsd5WALV
zsiw=Gd`#c&^?%9e`}=+T{j4YW@_bki4?j7Wo$l}Zd~tfW?`JFj`h8I7>+x{C#~|SU
z{`+NI-{0qhi>W{V)7Yci&*NdQ?CbTq-T#xp*Z<||WB!*w{jM7#!Ja=4_}jR3z_0#(
z+^@&m`0D4|&(FV~JMDydITlVvE=9AEN22Md`8j9Khs~%Wa#uMTrz6d%**P0LjkA%%
zGQ9jfo*$!G<KsCmApH{#eTVK6WctUvR_T+TOST(mt~_|`=kHz^P6+aHti;zE;wXf~
zUlf9(U-JPI1Oo_2FR&gEqMu+-EK78wiT#1YF>uR!UIH~)&3&2l<AAas-M-y)E6e8%
zmtCBTHb>GDMn_7hj8!otwQA_5N%}UBG14N2EiGnc`c}=0hgq3Loa2P#a?U!}aa(%2
z*K*^!>f@1Z>H2=8;(pCXGQ}4P0L=%e#C%uCOcgvBk{Lg<w2PMBDi)Uhm2+*bRE7j|
zP6lvIPxz93E7h9%Wyf`Nmm<6)VQ~X5O@U;VG6TZu(fk&4KyKXo6OUvmiZDQP_L(J#
ziWAB?BXb&NX*2K3js-kEH+0?LO{2#-H?F&`0JZj~g1F#OSQ0MN2VqoQe1OF^aKsZ{
zz}W>S$uy68^)Uy@=%^#;kj=V%ygxvFeQeoq-PN&Zk<6gR0EMxOo!cl>Eb|C+8@M<W
zT(Ufsjb%Ll>*sxIlMb#~8RcA~e?!$~ik)_OaNUnzqRW=qdV{0}D%cV-*i)qFJ)q*H
zg^WtaZ<&)>QF4d>D$F*P_Lrjy;JNAIQgHVY0T(@!NO-;Qd>lncfhvmb=aR%ye?Rv=
zVrbW!^;&plBo)(7Jp6mh(euCi0!JvzK=YshN){l44^xtiLcVMYU(j0dS0-?c{W{NY
z3lVWTwO03h04;HfyOKqbYbq?#k@xkG7FM!Yop((zl2G>`f+_a|+23<%R%@NJi<v6O
zoYy+hfIy)vS?(b`V2V5Oc)@-2ppwcPA%NAo^RN*@8pxARl@l>T=FL8!Cy#Jb>pC1N
zWj)yq1~}D~7`AAGhSd}jB*CoKy#$*Q*<=-LH$WAY(fVb_Ey1RmgPglCw#^y%m^yP-
z-BOJ8NK6GFw(J<%jXJX&yOT>@05)j@ARcomGI4XSav&wt+>Y3P3y8bkzKkujbuEHF
zQ)gq_W=V*xhUZ4eZad?Yfy4+2YV2ew{8v+l(urY(w%mj~MMO^lZ6YMAu%^JJm4Br4
z1Eoqg-`=THp`6M6CE(YJcuG1SLE|cty+s;F>UYgV9Wulf4K77y@2Z1@YSF-&$c)0r
z;ckx>=ZMP=8^{BBx4}hg=DmXrjXalXOBx@LTT@N{ETdDljS54Ke}mX<oY-0b4iVF3
z%OlOMQ7o6}k`*PH+1cJy%J@u}HF}q>u3;wpvmgcWs19ut^l6|0L|Qf!Qz!-<i>z60
zhlqh0ro>M)N3ox>>8IZr#)m_l^oc+S^|33WxFgkjIRrrac}k{;(@F@)7$0o3(Hk`<
zp7v}WN#chC!OT+l0t_#hvdzTyOaxRYwN~$WhtK1MDv80C+GW|duQq2R0p4aj-k{Ua
z?WzQR5`kBZbl^)E#2}`<dgWn?f}?u%vpEq+RVRgAh>y{y>dRq~<y3C;Cx?rlBQYZr
z^+^GZz?c9U@~KifFh;X;Mciw`pvfpHj3g1pW1}gZ2%M<NQ-}45%r;e=qS^oyK|L8Z
z974*>NtI?u5RlD>D9+2Cj1_dmGaVUovIltTOnAp&1^(qr=Z$g<fF{-$3_0+xQI!J`
z!JO8g2W}%4@)9v^E`zkuQngM0X+S38HLmVaafdC)(a+eu42DvOT^$-^GdD76(~mfO
zW;qzuioI+Zm(o4jW;MI8Ng)&VpZ&0Ig}Iv2v+=eWQUe|Gc;jWd<0dl1x$!7yKsU>*
zjG9c@;!FzL6kG&O7bL-uE{XY!r|q;1$QT=lvS2%h0{x?I;P0D3=gezt$29D7ZYQX+
z8stoPw%QKF?K)%|{)IMc8=3;J1b0MqGf?tnU9XfGEk{o49g2o{LC<HxP;aP;pHa!{
z3d>P%4Yf26%CIr6o~GnNxarV8p}HA_=zUj2PigzFS(w`PXFHpWn!p*{@#*bcZ6`e|
z9B#^f-78M81?_<C@~H?yH@zf52Fj30o9zUP?D8oPUgDcoEbyt^gq%$TR3KS#*Ab#I
zuJNfbLIaYa0hjoc>28Q47SDn)7|M+5-QfmN?qxS}w}#wxC5dmSUBO-@oJMtI20A43
z$JyftJ}uq>I%-k_wD`Yd^QQPSO2xGoUy)=qN$&BpqI#=y<@eeSftyoR4gY05dXx^}
ztwTk6-J1Z%MBa6^X93Y18PXj&G#O3Odps))p8SXJacsMYa5w#SDYhpr1L;I*9OqFJ
zd(NC@?wUawHs3{ZiNO^1&N+_@e@?gf9B<V%kYkF}K!<ok{on=EoCE>M;>%eWgAwUE
ze})Xn^*}I{wP>1%807BD#x*wA1LY&XaE?S}D_D#*7!R@x2`51{Ndvu$T+o9hj_(TQ
zf>Oy?-Xz4Is-?q9qt7m^Oa!*u?7@9H|5SNA05JD{44VSTglkm;9%CkYGUPq@JeDt(
zGr?q&`6>1pl7ePAk2{wOzo$3bpd3^;O=>1srw*9|NKMv2mPV$ugYatshTH`H3Pf`a
zxwit2jOQfD@_|P7aXSZ%PB=nNK<XC4f6N!jLN;N7Cs+OkN@(|Rv0VGr`LM8&_j^K3
zEvhCwi-U`YpszR2Ku}*(NcG#dol5u<Z@kiG92GFPz;YFun&ljjQ+5h%*1W{%sTY&p
z6&|%V+;xoWAj=!@Ro}6ksW6bCkRg-KA5c@mnBay2d@OwauoW;RoCvJQ#PP^DV@&}Z
zb30reh$7U57!PoLh-mcnfT~msN!aoP*4+!oRM4bqBC<-Uav<_@f^hMv3Pch7r1l=g
zfRZsI11Aq=KLt!kTOqV;gky$(C><a2_k7CjeNUd2g_oSYjp=iwiSJ3z;DSB}O0JBE
zNVttB73gw1!e8(ceqC1&7@dIb(LD=s*^#Vp0I9(}mq?-dd&H;9jh4S-WGygB^JSpa
zwQX*&EL<+PXF^Ty^ycTEh2fH2NuJk`1TQ2u1z|~kWzm?Oq_dXN>z_h|w|JBZl6~J1
zbz4xM1FoWWF;|Po7jsdECiu!dFPVrYogtT6Wb^8YZgfQ6S!|-Fj5c9q6~<iZqJBu!
zl$zSL9DZh4=3WYP@rVT>wxr&JD(IJ8)j-Uc$&UawVI4&;n-3{oV4A*umW}YObJB@e
ziU(JZj4|Cx28cB-%b228=+Z!)O6X=_xovg{yTC{A;5uIg;+|krI54hLpw!=U1bN)C
z;vT*XzsyS=reLs-Ruz~`@>E(i1KDLO_=XzfyOB990XC$-xMO#}%w?P6fGBDBOe{y0
zi;Hwya;;tb<;X8+!nZqh@MP)?dGwi67&G-jUUkMdn3L})#D0Yl4V7md@B^hG4#<*=
zu7HpRtNap-VfW6EiH0JgN-z&;*@mUmzjeV86*R46{vulIKEyEx<%Esxn*&o=KA-#i
zr@z9g8;EEU>9cr(ZCi$fT*bbEopPuBx$nvznFmPBD=IPZ&rjSZKo|j&Krw!s#6pB$
zxO$;`f)piVA8|>R)9^8}je{oCXP*Hgg5#Q(KE_@tY{#&<PowfUW_=^@Uatl>Ufjj`
z-Pn+TJ4}Xc`Rz&+!8-HNIw<M3#cQ#YnLi;k%YD3uM_yA=K2Q|}6gpdCd@OH=5PZHq
z?tF&I!v^3m34T*l@Fo}&GH@~e^(aZ_&z9~fGhm^DTSvDf3Uw9OLBQx}rTX_vQQ4cg
z9F!NveKZ#`)%<6iNG08@!1pMjg0F!5B-<J>V8~&#P?N4!M}kdevG!NT+yIy;;jU=5
ztW6>gN|<iUqo#a_JBq7c#!ym36ahMmFdQLCwkw7uCS{bQ+ZV+tP$@K32*!foVnjP)
zVl3N75Mn#*ci7+rA_BYY2temNve1O;EkkUBCKor#%*tp<=ltisU{mV4Zz^}Vl?9X~
z-4&FZG{=s^v*7EfKM~%pegY-*MJ53`@zM04%ap~hQf8h*Pugs|f=$t=tOYZ;NT-)*
zRrf2sP>r8+zAS~(mk+eGS)vi?%28$e#e)I7SHY6coum``O73D3UBVF0-to#9TsFik
zC-f^f=DOYdM=zi<*7QLB1+kjMNJX#kB>TnNa_KpSC``-h3vq#u?usubu&zEP)pvg;
z!zwer*3q{G0~Q(7<3~2$5ffmwezU`nHNWI1oex39%zh2(<bQ!upFyX)DbDkJ<g{*6
zw3Q+QvcCc~{cP;>zJR|w@{TKQ_8>sU!pE0s$GIVqbNS#e2+nt~M1SE~p5N>iKln&W
zAbjc%wX*de`-W!<%-LU5nb0tkHlOi=>!)AeF4^5btGRV?Df<P(6CUvUg@7pc+qBr=
z<HGlcY`)7+$|yRyxTK4Kb@6{eswn({kTCbXhxt=n$o8!84CoP`tXZs0S%yCH$FB7o
z<ODv7Qsd-KnK|*7Hj7FsE`IR;pY_U%S@6`W{@L?~1+%jKgq%RHb#P(Kocl_dK_iop
z$d?l<_)iza>>XUzj?U0dzs@U?@{Uf=Xt<CnT3-kV*PDmt2Ti!Yl$n>4-*J7(C_r@c
zzs^(W+jvb@SKu;l)c!h2o5kupb<}+?edsZ+WE+W+bBJ)52g93)l4r1Sn9VB~P39B|
z{}Sd>z23Zk5x)BWXV3Yc+laQcJ<d4#2TfSu)Aq)LUx{P1XPe!{N<}ut8KyBoGX_p1
znk03l@}K_anxhFC$4JS;uFzmX6{DNuncmYp=bPj8*;PMfwbQpQ-?rM}>eD>mM|khg
zEB)>II<=4L(=RhkMPybIVNa<NgE%k>&PlFlwA91R<u6|Um+ks_e!aEp7pspCyZeV(
z@4l1yeA|BPJ-fHA@$Bd7onz03->VPJAD>RotJCQMpMQTvpOlw<71}*l=U+UHcHQW+
z3+UR-sqc)hdbR4ay{#g;KEHf<WL_M<oRD}XOOrY_<Es(q<y<q&Q6!G<_h5=4YXuP}
z;fM#N27wWjnrx;FUGGc?h*eW865o>*nFd>g`8kx7=aMv`@-;5Ojdb-b%BYCocq0iI
zt)$?fc$|n@<ww#HA*)*?%>k&%@?-a84>99o{hda1tV(MtMAeLuS(QsxZOLL6bhk6-
z+FUvaSerRrWWl9Yl!#+lM^0#=k9m(3;6@MTA!f@Ir%{XCn(BMb!7E#gBf798mr49q
ze=N7<qW7NNN?e1l6Qu}eOoUFDa5idTqR=67gHzbbG%GrrJlL95qZYNPs?2H$SwtTm
z_DGDa`4LLPufh3N=P0c!e$~}?->9~CcG$E%#&^%YuFsAh+s|D#_`B-L_M?2N_w46)
zW)0Q**Hz6wzsvVPe-4Wfd(7)8ykmWhJsP)HBbt9DpWbhu%E9Ph)3`b&cI-RqNG&$D
z;RzXf;D@N@yuE0PsQ%o=uKI99_k#>sBbeN-#$bGWz5Xa+&XJf;REe`*@i__AAOln6
zD)dk-iaB|?OOR|o$W$Koc3%aNo!nD@Yo1-r^XcXRk|vjtn;};c1sQR!i!i1}F3y}K
zhEzP_Rk){8+ETV!dunkFCKI_0z(xRA+8&o++OkBXJ@u~Yv%l?t5_{OE&woPlt<ReJ
z(*my_gA{ING%^+Qd0<66aZ9WE$jr@_W7=J?_Xc$R_|x8l&%Rxk)N|8D!0_z9!+yDA
z<=;=7;<hGM2xZQTWQj_WmMNICy11Ytjq(6abCx2wKWd5oHcf_%cP1+-co^eg+7!4!
zN&9<+Go8#;YW7)=$rkErQO7)pZq2PCvX4mDHERNcZ`Bfv#bKS(klH<ESHK`D34IqQ
zDOY5CZ35v3IN6q>JeR7)sSP{D2wvEe#S#m&wo(I*6_#ZUNQR`Tq%tzddPEn3R@C4Q
z;x@)Lz%-PS>bD|j>IkHX<WlJok}!yO2BJ62(G^<V@&-4YQc$8Rg2@k85LR=G#4HTa
zu;(q-lWF3GZ)Y;3Nfbcxsm~E5NNqCNkqjbwl2#bVGVhlrGNqyQvYUNw4cziy1}abJ
z6^E<AfV-_DOt2&IEwN*mZa?}Y)KpjDn`lEDo0~;~nf-Pb2R0-LjVkB~=+sK{$wBnq
zO5dcikw4SxvI5?26M+J)FR5*nxFYmTX%B<f&$#9z4SLSkTsN}04V=gGJegpou!&Ev
z$Z5<Y%}%i8_k>cMjEJItO-gAvlxzzW_MK}}KHF6;5mTG<!Vk2qfB=F`LhTpK#sIoh
zu(_9-HQ#QLZC17@P;RxSGcUO%3L{0z;si}CY%Nn#t#YC1XYBS81iKYz&KYgGCdz+*
z?Y#19lRD>w4Pcuhsep-%^2kJIO4L?MS`EXulv2i<mLnRiSzdKiFg%4wIII$!?hZuV
zawK|_+Zx<4*v3o_L5$q*)$AkV``Zb*ev+xoT8tc8<6s*|ZUldZ8a*nSD#UumJDlPU
zI4Rcr9Rk!S-rA7|A+1-u)djpRE*t)eDbtQ;9WMVloZj6ADSAiNG9$wO^5~3MN5@z%
za+D{yOt?Cpb_Eag!!kS5VBxpsOi)Qqo5`nzp~H+;kLsg+_KB|Eb9(lwS3i%zwxZ>A
zF6rhE7soWX-ylw717e5N5M?Hr@vm{i9W_L+Zr!hio9an@z7n5}n(M(8z0_lr4c5hU
z6K-pf`|3FW`p&~XlhPZku6&zCOPpiam!j1SU}lMg!Ij1D-GN9X)KaT><kmK|E1yE*
zQn*ZNI6ElybcOgQ1{qU=722Aen*{BcrO0tS2JA!UVV9aquB9Z64s2@J6GHrAViopk
zw;^L~_aZzhc`|59W?1$dU-U$_MI?HIJ_^TXX^l^T#Qn(}dd^UGtwoJpN7%uTxHOPY
z(C7w<4Fvi~tI1Uuip-E(4ooW1MU89+O)Xsp+-$)j^;iu|#se}4`{Oc!Z1(AVuhW+D
zHdT@LH?!`dz;=72Osftsl(yd9k;la^JO<cs4kj2W1&N0>a)~0N$p#SAo#3Hzp+6R%
zx0aaRzg3%U+h?!7#Q7)-eAaey3*5;r^hT{=F)3#(B{7Th!r>3;8j@iElQ@1Jt>z98
z%o3f(f11~if1MMMs&X!3hKmHifeuj=0q=-nM0wy@wN^OV5n;`H=^0j5!VeP2=J|2$
zy3cmmb9`|NIw9}NZ~<=vE2mk12>?<`sTD;m!N3JP@h8h6zyw0sDe1zuir!j-?FwKO
z&1-G6g}vhhYA)pVGzydn3&$FUND77HCxK6gz>g!EGQA3GWpw7l`9g;lb-bJMPwHR4
zlcg26|Ii<XTK8t#@&c(P<g(HhP9t+-=tM=~-ljZmDvP{%XixJT*Qnw$o-q#wnwcO3
zr5RR$sUqdX*4^%-?mCXA0fs0^YCH0;c_gH6hC3kC6U`}z!Q$qy>X#*)<O4O=xTh`4
zwBu|<%(wRJYd?u8H)kQedZvcZT7Sj~qr^y*#EEqT8nF^NYWM)S1>Z)Kg-TCl539)t
z<(w9k!909`9TFi9@(U0@NEbbrNQY6$CAOloIaaRx{^I4EPgnd+$b+C`^7LM9y<6+o
zj~&~(eT&;ev-YotV?Wo%S7?^A+1JlV9vmemY#HgH>;$xA@o;{r4se<3#$^0KGxkw#
z$Ea*kS7S!H!jV`xfDVJCI6XIW3xr#ALr)?ks(f?^kn7`!^&LfKFJ$Bt<#>s%la!GX
zf4#kg{M*AM!%tXWA4~)U&L&Dm8j_v>?H|E|DW_2B5*qw5o*P0B=o4j0aydo?yx^QF
zg%+MeNXL{LD0sT!`9P~E*nwUSeEuPHvZH~Vqk=%g!2&!MhuBf?H3i;u75IiVp(x<M
zDmMmx^}WAi4B?<?NB-m}nLvrdfL)@D{px_{AAW!Lo01(JGA@O5D1n1ogyWVmcW{7y
z7eRJ_V@mzQq+nK)ss3pb<x>pb0M_|%`ip$}71UF`U7)7xHGC`Qb{@e)DR47p5>BzD
zz<)R%v_2SBmvn!DF?Mh_5&Ac4tAtyZ#f(O|<~jl_NA<_}8<9lfeiXWeULvqNuKBgE
zVF;FkN|g?R%kCU5`Y$@WiO{28*G&DEYqQ~AitFJ&H?itqnK`v)c1z*%I*`u@!DP~?
z$t~ktMl6M=Lyrz^2kN~?xSjjhrOY~qmz3lLdB9Oeh<zh}{H;Ya*5+M8E|-hYsUTq%
z3SZj_TrkwpUb3*eRuBpUkURAn=APT1peg6?-a~zXhJggL5mzRV0>ME;2m?9Q<IX>H
zv$|h65M^4xxo}kn85EXDFaj<$7ZLVF@Z2N_cU(yjlz2Tz!LzuSv5_dTfK*InQN|EA
zDai|W%!%&i;AvN|DqAzGTHy~G29e-I-Iv!el9lGV%bwsst3laFoC6Z5N(j3p;KtE3
zh8YqKRQOM940&e!19*5eU?)fWlps)s7=L2Z;R8+?k?t6b9}RW_xBvo3>;MukBEwy;
zV1y`Fd|BG@3%!|)drC!vKQqNKS?uzi2>~v+IQF2bV0j??LeblR(>#l^vU5+{5Cupx
z==LT_B6KGLS$$^E`U9_tiX>F_1%p-ImTI1cW(9(46JrBkLAaPVZ>44g_kD;VZ9CHO
z@WPKkZKI?Bm2k0&Y0e5-4LWFOzf}t{gY~I_Dn2C$WyeYks|x7=eRoM5D~Wttg$y=C
zjfsXhuAS__=hU70;F;v%B`ac0ag+W*6i64|9;jO8u-?H=*4yUF$}Rw33fWfmFO&@`
z?7wxmX*jhTF)P0E0itv#Ds--o1qf&l3bR9omE%F1-HwLjK#)o(XFX_qLb#JfR2gw~
zQz-cc0|~l3n~8PS3CL(4XtP2{iw;DbTEIHdptMWWWEuxZVtzV7KL8V=f6=6+FpS!S
z%Sbd?#g=~yr~L)%Ddm)1My;tJ#1233Uakm(YdOZ#0jB#agwd%ZNVMOEuCR~XuOOyj
zF9<9o{{W^xH*1{O*NoGpAo1Dqbk*-Ia;SOT_jS`0zU^;t&oihr1(cg(gl!21L7m`w
zCs{lW3?-T1iCuV$b}Ov=mx>MuPQ!^|@Q^7nfGt3m77;1vbh3eL3?TWFH+I1t#k`RH
zJp}^@5_x+hpoVb#!x<u+#6krmibMIzGSF-Wvp$c#v5|l_@m1au7{;%8Yz|zis6gkh
zMFI>YD+;z+C%xV_i94gMk=1|f1Xw0WYy2IoAoJNOln@yM=wlr-QMmzl=9Gx|QfdCH
zi~_R^uFXK9p9FLI0$hXoab%kTQeHG={F#=o`K0H!nGy^n6)=)gQZJuiLF_B#zcDm}
z<P{_8Qg^8k0`_&6mZ&(3f4){hO2WMjh^9o%2vOixu%ifrVI1KgIcwfX-XguEE5=i_
z?y?#BS3qFGr_l=fU}#liq$CK7Ec6!9{}Mx-baxpFFqH58><o$VTecCXS?e}m*QfT7
z(~lYT={@s*c<^(6v3iH*+_rmqn;o66pR-zCzy1qT$zj9ZP+_mPzb*9Zt*`p6dfGhu
z8fNKv>xb{-J4zb6nf}{3e;=S<_RszJ?9<zhX6@VF=YMeK|MyrX!sA_385R&wZ{+_k
zplALsK(GG~(2wp>T=R(fQA8S3Ac<B`mTI-~$t-{J;*0}VJLYVb1(f+d?__{ct7a9T
zd}q&o@48zlGj~W;NQNPe%50DWM)5$44tmpOs)hL5_+n_78e`c>tDOiCyihUshj;=r
zZ`-_UH7HD=!bb2d?sd81iThfGnXoQ&c%8}?#hF3%=13cBFq)5i6+AM>9I>cLh+HUT
zXLu3y)T2Y8hg_6c9-)|uOwcbk8f~5hw0?;44A0$Gk~&q`h}N1?9xqB5w0wSBY}<{l
zus*~LW_(<@9u$w{!kDiQSu(QDMKyJLFejJ$_qGq-DUz}IlJ*b%&_Pz_Loqkdo`R%j
z&7t$mR2_q(+=eT-%eZM7_a@o}f*xsOr~CtCDNGkp=sAgJE-CTq)hJ%tWmZkP!+r~X
z8Zw!VOKQd<>ID#afpRplhfKr;d8((URc?o_4`S+eG*{gMGI1fyh1RwCojD3hT+rnx
ztvh;ZU{Fuw4?7sFuj^`B-_SE1BmVB1aHn|wC4E_isHkhJ_LWBl&93i-uVL1b4YS;$
z!*%wqKZ;YctAqU_(#78%ndx7_4Y(k1ZNf`zqpt8if8kQD>_jIBcszFUHzqkp9Oby%
zT*v8?8p3aDmaFRHyyqf;9v;9J@&uC-5=hB8JJW!TAK(@S#r(2i&o)p6y+Ps_!d<?J
z(He;$B<gQl@}@kXEmX?BN6IliP#24%vA}`gm1kh?j)DUZUh+S$g(u&y4Fvt{aHzv1
z-l?=30A5nU(oC_<>Wkl~UB2gzs}L(wr|j(lffEsP3Gc<@`?&D`!`gEWoVM99LiNdh
zK}v!pC0)y9Wuhle808Zu&&qtYY(_TQK3}J!)YBd2%!3^2%kmL0P~z=IM}sQd68L|;
zK1zJP|9S|2-s}JPIC-n*I6s;F<<I~1!ufTX?(&+iZ{L;8q5t{z_t!Q-exL8xuZMV+
zhqrTq?e^|$j<1q~hjjhVkN)?^-_z>?rvmo7PaFih{#@X1>&^i$xA719U#|_GUpMuL
zw|l<OMz^BWk&BUaq)n*4Qa&z5l#%jsHa`ycN9suNb2{iEi&5RlnCM16X0uQ2X?OP0
zXYB7{Z5Z<Z?$jJL=QO*8=1}akwX5#PrRTc(^}%+A_o7Ob;9W{Wh#q}GMVx&>BY6TL
z1Wcgb0Y&hFjDw%AA5O3^(oH<Q*C1}ocAaUTF^@Cqc6GPAr}}W~y6Iw4EY<ofB?4Y5
zumGxKiE_<R;z{;bK>tWPYb%DChP89`WGkbp<H<K^&#K<3xn8w$@4D&YmU9XAc_3lB
z&ownqsuD3QIYB1YzXTRna;1!691qp3UWTul8{(~GadD#QALQKrK}ES_{R761ef6DN
z*IieLqN~;?0XakH!rW~P4bG(5tAuXw%<ZUKU_gPIC?wI!PbWcmu$FOosHcW-=lZyl
z4lRcVc7E`tkJ~x7?jLB+m7yddWG*z3kP(O|dPGLD<pEmk14XKhgKf&|<d*FRuf!PN
zUUx++pRT(+6s3@2SxdZ%I0sQw!IbdwTtf_yg!Tgx&1?A;RO5PnER~H>QZ@aPyT@wj
z-`4>sysjxPB;7_r97itj;7XuDBVa%yj#eCnU<^si%fKsPSf206XLfF`b)@RqQU9xn
zB`#+h17^l88BU|A1xY0%gn=^|u!yo<N5c~@S4|Sj$_$J$YPl?Pb>-8xwX@v%E_wvQ
z%J$N0%RkI<LYc&s`~w++9ui9N2w;_>0LiK~rh+1Z^(H286?G}y$T3qJ0N`Pjq0Sii
zyfvRh{Ef>1B9oaP<QFwv^xGpHV$l=uAt@^K;n@+Y<C>V=!X`yVm*^2IYmJ5Sjuj9o
zyi&|K1|{ebF&hAZGXsMsz>OPOu^=~7d>XIzQny`kkBE5HmH4!95Lw#w5;&nG-@_)5
zSxD`E08POd3bHu~GGC@?9~jhf8cCrrIm<{{&^31=1n^n~nRr1CMrcX#pYnov^817t
zasyW`Sg^sK{ECFGzljwx<(1~k11`7|R~76DFT_QHOyB0r${;9}NvFx7OsE$P?tAeJ
z8hEm^2^VT#;gKs;CV$>9IeIMG$(m5K%*eU&9N>0c9dwyAqtY&-Pa#dFNseU5v1ZK5
z85m^9p-F-XjN#2j7oOr*U#<XP&Zx4NcEBlh@<nfiyRNIoc3y_0B@iw@cSEcKnBh)@
z**f5m%9l?bfD$Osc3PoZ1;vCdTl0)sC<?oFOp|CriMtE+o-WKpKu`^=so4avh&!eC
zr8T%04cfTQ{)^sg6zt4)ZxH1kI`>>v9jZSCG38CfT6}|hU4F^VjeO&2D>dKSM(`=H
z%^0z;V7m*D;<Cp;h;6NJaBsucDi|u!*QlhyjcVBnLhEifnQ5U=<t#s#0#dfDda?mx
z8bCW4(MYG$e`&WMhX<mWbf8<!g}mS()%15-Iq9+5uR|p?C&Fsy(twFRvY$fyQV%pa
zQjr7%z(PzJ$BsNQ(eeNkQ?}2P(TZG%#R;x#JJGF<jeL4Jb-|V)egp54o8|S*+29gR
zWv3S*yGW+9)0Pp@B()<tE{oQiKcWJvdi9>ADGq&fsaC9T{`%Zl$j8(<L?%+vff~c=
z81QEPG~Td+1$LZSE%shRAkHApbh#wX@M2DcU2L$s@WH#m9`y4wC;lEc@dp#D1|mYa
z^-LKgNlZDk2{$GX>SQTmSzz6y^CA;2hD7*9;uMC_N6z6sP;qxNoD8@a3guu#U`Mwu
zo*yw!E+ZB{FlV?kSE#dtDk)Gik?8Pp8HRO9H0JiUW>$cX=ZL;Zy{3dj@Ma_LKT?mA
zg$K-~fu(Scp}DFpUJWZoFB+}T2j^axqgd{Ibs+;WW_r&#X%f^}a|CQW2^KRe<F_Tm
z!Bh5E$2E2$z=CV@BKrHF0hY5~H+OQNW9$Ih!ZIam+H2i_$Me4NKUBX4E`K?JCZkKj
zjH5+Prf<_N?m#NEUDs$Gz%01S$C?4pnSt+CI#}Z!(7jd+Iu51chM3f$EV!!HLs4Hy
zlsUJaTHB#^!pF3A%*KcXNR9;1d9bG0u_2S}U4t@d-33u4Nl}y<R86iVKP)g(<<?hQ
z9({^7-2j7Nr2sc2Nql4aE|P0}!UR`DkM%7+Fqhu%a{%;cSV(ljFEBroC$TQ^U;ll1
zCiWF1_K$8zqZV(%u_VjR{37&r6RnIc@z7^R_5LwXvEKS$x+DfJdufMI|2pbJ>kkQf
zBhd{Bm}Z&$Rnzu+u5X&@u!gM*wYJ>g0vml-#3BVdF5tOO*gY|)Gr5XU7}u2fo7Z~)
zwhk9H)NXj=qQUZi%nOWYgi3nlP-b*VhTb9(x1#arpMF#LpOqxL>zQyd)<=%Ki3YT;
zBZjor!{>Rcmhfh^i@i6b;L7V2cX)onB>MlD{m<&_h5s(CLjw45?a)QQcPAEebj6e*
z{EygITB~Rv2rv=7G;Omvo#@^BUIixVOn)PO_;Gv-+UbA1J{Qcft3=xuxK>QMjRI$(
zS-M(x^uBg>$OS4@OK&?Qw4FEg4L=4*cRz+s0b;_{ssYb|@dr8L(LZ2c{sIU__ddn8
zfT^fcHspO59eqe`H%HA0Y0#{kJHiL-l!K4a;A^1bC__Um$7%s)*sX%8p3-XiX%IPk
zJjm@SWx~rp>ki0fA3{^n=@>1G+eBc$eP;tQ<}x(6;sG?F#S2%$rzdE-xlGPbaB;+n
zwl<usM8_cdM!kD~j;kXFZ_8S!^&Olv$L>ecfzJ(#&@d3rrIZP7UdR;+Q*yD8D(Y2t
z_`;Q8>9b)Fx4;=Ds4CwLI2G>m2GM6ZFw*$~bt)LRYEU2tN*B8HvlnzJm<Y1gWQRe3
zf@GMS-f0!cB;*Z~i0|+kUE$&jTcHt^xakS5&mVm2OO#CnMk%&VL|_iEE`O^a7U7pz
zL>LJYXGSSn2HaMTF`?}os8;T9bU$z9{UKM+L2BRdOPAIykU7#72R@;K(zmdL)(v_N
z46Y1=PRL0p5%Tdk!d18oKlTm;RB8VhrkM?YaAo_4?l}sG6w1HHe!2W$0TjWk78I=M
zPhk9-cCL1TaK&y`&zJ}zC>Ii)D}vgE)Yjq$R|l)76kh}eB?)Q&lUR(bl*{&#+jkf|
zBcMr=3Wygpxi6^CfmF>)9tpEvtsyk1d^7o_bx-lA5{0n?6)J35|I!FRCMhCo#xWXr
zQ;t@FFcn`a=ct8isouE=T*E(vzeMstBDUn-!y?EpJ6H&IIes4J!h;0ykW(bsMF0p~
z)74wzz$*)=lD3_Uv2b{rTemb^zJOF{Ph_zFmPo-eG;pQTvo>`BB9Gk}9v~BVa0sPh
z-h!q=g>v44E+rFj)){4OjTmh?<Pyl%|46VjTLv;`M&38WcY*;umxl*qmA6b!=ejP3
z0I8xWH5*yo>)u>)1ocdM0@}PiWn=6NeAyWAu`)n_pAiB5USX6OTr4GgEbOD&?)aVY
zM&e5Mmb^hF!cF}*!RO2%L*8j4od6YIvSTP{+O3quSJ0)tC#bT|u^rT02=hi%xOg=2
zhfRTIF8t0GQN^a;YN*ZwklAzK6)#XKpKflp`RMI_7r+1dKDhti=U98REbVb7(cfvp
z0*<zu-}rMLA^3LqBAYK`kxzl1qM0P(M{7i3NKNZ;kNV5Sn@STorAZSJOrVNvoTKXZ
z6jkf{t>@aSy&Rk9F3m5Qd$?iVj}hO`HtR3bPoqCq7yCWdWYofvSA-IiekvcA7UVR`
zC|W0izCABS-}dwLanf8SkKU)x9-US{`_RSZ)#}IDxBKn<ntdBRxhm=OaCPa~$+Ok#
z^Z0$fTz)!xTK1)}wmo{<<kv^LjX8VTygFIbtwD>qE!M2-Lz|uL|C>0qIe8VlSIV`d
zLkl4qaX!AioT5EJn<1!rk|kBr6qzbwfa-Nh!ZxTztS|N*R*OXl_9$F%8gdivW53co
zmtu7?FQ*BVYmXyr+DP-)&7rzX*nqBBWffN?60R!s!7ng6&N(47f%rYSyXoQmb+3d{
z8ahi`vdTc7`!Q>jArBhvW$o3Uqxrsg#&~#4=5Tj7@<L*AY6qaJG8q#iHt#!N{oHVV
z)pY7hP#0N7QcU_2?YqjqqRiCV-7H?a|MI~y(`Y9z!eritl<kX&6Iqb**Ms*%3P?oh
zmv{SJL1r9vD2Q8Az*ZXJHHBGQ$!b?5mRa*`cc#I+D{kvV&L|TrmIip$@+Q?xsT{bE
zb*2REH!ET)uTTb#mwte?s{10#GE_Docy6<Svhm$r>TR}N=Ug4j)o7k@Gg3eanU)l(
zt3*l{87QY_{F!WKjmL)e!?Py+OjhhBjy|X*T`TH_UbGhNB}ljnZWh_Is(&=C@!w0A
zeXi2Z&11W~FQ2t~**^Jm<xXL`(br{T-k*5DQ8bp{Sr(@6Z)?qg{6?`0=KmWB?DoYu
ztp2yZ4!>LPUx#;p&$<r3o08!si%xTPr6>?QHO3!vPI1iU{MO?ob=U8eh17NO@W-D=
z%0Em!h3x0GXCl|_Z__}G&1Q0B6v;`89DyekM5c-aIWKl!ULZ)z@K$bNZ+ASS9mT&i
zY~s~VwO=ipc`8-rxS2<g4M|E5GyZZR3Dd~d7@_rL#s6wib!wAe?8<BPb71|04}Qi}
znnM%hwaFfAqq)cPV7t6005s_B{`Zgng7b&Yt8*TRQg2xbUzpJnimsZGpmrizT<o#8
zR_%z?&RroWa#0Vi+GU-Bp4(+~^R@o^tW)#GO#)1vi&-aeGFwDM65yy)j+BPX$`(Lf
znkUQV89mIGg|TB~SF!n}i#E8z95Xvw95bFJTY!tatU-M#d&sZqh=1-vdMANe0IhV&
zjV89Ipw0`BnI<KalnuU%O>cvm-`D}dp<-SVLj56F69RcftsT|nHpX(>qWsVx<Z736
zxY%P3qRoUPbHce13*o4^rKC(sVi?c`Cq6m27g{T{#yXwXgIa*iq^e?>9^q-Y5KlaB
z*{42bNpt%4t)q>G3NR%d4?!t6q!DuqAc@9tk-HmXe%ly-z8!gdpuG^BSAAnCG`D6@
zmTF?)%?07~tG%RZYQ!Rm&5nP&j5z#O<Qbc#McV4F+fA@7@IrArMyBp^w7^5%WpkE&
zuE1zWQVG;b+gzxyiZ&3!jG}ZZYBpJgD|g0+ppQbf-p3IMv<~!22+iupc_3a(eB|2w
z0nS5jIH8CCa5uu(GydP7iI#D^&O^^eaISS$EfA1mh0L!a1`47=t4NAejVUMSm0*!w
z=eBQ1edQ6bjJ**rWfP@};;M@VauTu-xYHKaxspz8k}I`by@<$vy8hIn=DgxNNfwF(
zlL?vwj5C%(Etjk8W$N(*_CMffxis4Nj*|8H)AwfEXa_>rB)fx3@IJD^=E255S-7ia
zWJ^Qy1==c;(BB%2b~6vbI~txrH5?bSd^n(taucd<Q*ho@?cdCb?uejvw}<0PAO+k{
zHx>qaV>u}xslj$3K8~?uxJ$V>%@)up7vCFYu};p!c{S1R#oIaaAhdQ1zQN`An2p4i
zq}^6r`!FWt;WpkjD3T8>(?f#1-^<Tj<KPtYpQIi!K|-`V$CRSs17ycmE4nC7c~TYU
zk{FQpKPb9BZI^qdr$234HS9QeQ1U6%2lLCg&zMGQN~<7N#he$I1W#F9$8$dqe^*sH
zVL&=b^?NMYuSdtvwkf=x<9+mKrD3h4p6m|B&tZ234Q4)pkP&B0wYscr@-o<#8LQw<
zVAHK3Byc4`Xp388%OH>uS6bJmmAZ>%I&oaFh0|rah}9gP&4cXi|MptKYI8wDhc(lq
zi@_gdLq>{MgMFw5+G}mPv=OQOLuZ0LL17~<FUHaJJZzxtPlijbGNwTjGS2=Da?_Qn
zijc(j$i}CnA%sbWeA2sIA>NS8DR9iO4GlW)5>X3;22HPkvqd0;+#LNzp~)L)5-{m%
z3ty8sjgy7y>KbDmg*B}`LRH6k_wvU+7JEGTZ^Rn%IuS&xIAG{I&nE{O@mHM^?_@MB
zySp<<4o<X?i5+ngZ3zXATH#1b)KTa&s;_%YE6S?$c(a7({DbQACJE-UUHk1YC~#g2
zb>4fq1U8xElG?)tSxI97@o@CQ&YE(qY2xC;pm+1)dV3(B7AP-!f#C%HWhw^Z`MdBg
zQ9r3Gyg<%ii~+G@ngj)9!SUo8VYd$+<@_UODtJa;k8BGh-vG18UcLVYK;dd@0$vjr
zUqw4m?6eu=75n{{S`ND6y!z2fV8YuSgzbugR!qDbBfJ^m&t$b$x<<YIXw2nI8dMjh
zL^h4s%0(`)=z<6~By|~*!sJ#s9AdjGK2Ijw(BkeVlP=V`x6!mdnOuU#K-uZptDltz
z>T7WMh_&EcgP<uo0oYTI8+;uDdvo5(UQ-pv{ApR|oS41T4zS!gO|}iQMp4R^qPK5#
z!^Do`bazaEGAwTJF_Iq3mM4RTb+LFi`k3erZ)tm(uuDsl=f)NKmx*k|^6mEOM>mm2
zFIVaMbd9Xx&ArAYBN#UJc@>@`Mr?3ya2!;yRRA%ZarudA)A!D_xV~*q>nPB{H%=T%
zV}RHRkVY%K61|05(N$%A8RPIU9lm(g9eGnsao}UzJ$2kqH_uV}^<%SU&d}2S(5m_4
zVbjgA>u-!VQ1$Un1dpM}H6v_lz&i8;N-zB(S-VaXE}D`VfBj3XUVD7*h>UR~gQ0~w
zp+ZCNLPyAzg$3O^#<^&*TUwqLBt9(^kXzmWKABedk^xDFvtjen;Lfk0*s>?tBSc<U
z5g+yIg{y=lvq2R1j9cm<D2ehqs2?<zR+!2)C(2p!Y&&Nld|ajZOPmhdpk{-db)DFF
zrqF)o)JN_s_`?lN>~qPyo|iB~{0Ja`yi+5_BOHh-eTS`Yj_J5792Ep))!#g{4$_HK
zkd0?o5#yOSX4*kc=X+dKD{Jtqa+H!?1$vu`Kad!dEKSmYMuI`O5#u-^p`+~xfvheh
zk~}*<v>4DQXW>c+k0m#@Ejo?(r>;hTzUzK`DaR)MwyX_Nv4cC_5x*S)SDPt(Yq&If
z%2cO$(CjU5=kg!N^n%KBiN#XSN-G^MEgyX{3g0p{a}1V3Zo>8jZC9Ka-%6a35`u(e
znC&^kBl{(rfmlLNPt<RjHXH7wmBxdLOr>aCAHicHOtfHtC3zNsXJVvLXo{TljZhEO
zgb5_+^+5f0Krdx{XsTlrRAp7chv51(l8rZ_jLXTBq(EYR<vB993a<o`6N_&waC0Ex
zj8z*$V7T$1ji4MU{Yi6g>(^3|VK4(@j0JO5g1$p?u(a_E9=wJF9lQY-N!%^AD~EO>
z%(S3$;bI^Z?7dk;Z&-J3!XpIml*5&DTORG8%@cX(pbXnh1V2*=P(Q%9kNY%qMQz6X
z^405=5f}(0Cvirwu5AmH{J%JR2OwLTZf&q_+qP}nwr$&e+O}=;w2jlYecHCI>G%C^
z+<*QXGcm|rxg#TXW<@?(wR2T1JnOJX-2jL6(gR%%GT_~W*WBs&PS0&s@7-}=sD4Fh
zZ6BnPfMS`<bEK*IjGFs$=wa&s6Y4~^@vC0LE?0Mpg3D-TB)g;Q(E0J+&GqTWx-&Fe
z+p@8Ax}rW(aysGV6QajbtwvC$PVd0(?6d7|>h1Sr)2v5uO0T(CRm2>xS-y42V&>O1
z@w&HQ^*M3WmVEjApGW-vY1_H5a)!1;007ug`@gmAF#pH4^DhBQ=ry!2c#*euYTWOL
zMw^D<D_zQsC#{4-jll*bNlwMLE8M&W=zz_718<Y4?=1h~gkyN~H4gFG7zNva@MGez
zR+*H-O|+BaiS-=95smfKCPiBM*%0i9`j<CTKP4}7tLYlx;ANEZ7PmZO8;vPa*4*`b
zG&8Ca(&n4W*3}EvGE@3QSU4a4{=`T$*kGOQ0R>f341c8y0#9r3@FUpfo$W;<d$LTE
z=N*!z&VemcsVl(Wh%xnPc#$|`cgMC>ESoF}&lw`goaV6V0PY+mr@h-IiGh};DyF;y
z`~CN}ub9&ert0&ypYDbd!L0m|cEI|I{l_#3FXK>phP&j3W2notY18n9G_%{$#kW*Y
z%<R*J&DgJ+JJTQOZE?3uglkl~bPEsoT9eX%+<#RME%Z=N5)Nhzqi>A1*k|ec<&UOT
zPv0Di7HhLSLV5TIVC*^0xdsXlVtt0Pz$6%(9`XROj;o4|_oyE(J*4WdvR*pfr1a*5
zjs43P*y&oDLy(a@5m8oL#r5=Z+YDz@<2RwXX_R3Zc1|VcaOqE|ysq{olUwK%1iBbt
zKH@<PB5|Wt@17Zi#Xj?cH&0R!$W4z*EV0B4-+GWzd(?$+QV4H>nBE0aqnW~sXvp+X
z5=Q0u>N8`d!iy3~o;5@CW$jV-Oi<OHbF<gVgE=Vo-Ba4OGyW6r_^<D2c9yQ)J_kZ@
z9nuRxi^Quq76;&RA?+!KAX^{L6wPq|#nq*HVsom7DigLJCQP8bY)RCnNy7N;+voi~
zb(ep4FRuUR$NS;R`FM?9t$+7-o7?xhTCHA>e|N1@>r+*l|KF$2{f)fu(3$g*<G8Dl
zH7@;bT>iJPuai74U00Rod+X<gZTmIH`}fPXSBwZ`WI8e`G9MWbvb%H+=HD?9(8!(X
z<r%9ZA_IejWLjjA+`mtmeC6HKm}H)>>bJ<}H~Cp5T;<&%PtE=W5UFB80s$^f0|Bnl
z0Re7W1^jY|5fEs93O#7lJRv(RY;uPw_01wT_xxVmZ(`mxuu=iaI2u-v6(mS^3ouv*
z1!^otgDA~Ggh#IECcJNYKXol?vgf>{n^+b#>UfUho#sZyn^%McF*7t6G~5zJxnKb5
zM<YhKU<B$Xa~3Y_qIb#IRMsu^KXY8qxM3KoWI@6xXo{jpcN23;FK-qQ*cKyTNLa^a
zlK1A5Ew<=zx5ep<HvO*?a~2m#5eFcSa}(p;(}Ddtr9+tP6v!u9$3{BztqiBQ4lC>M
z{&(65!soRhK&XfqYkx#|nT0IT6$#2%iQzgs!vhySLnjw{bknbNvGe4g!?1^QW0JZ<
z+_@n^$kbBAgs?cv5~Q&z79^6y*1r>ETitW7kvnT%klzQtC`Xx8mLv(<j3tQ$2{_6y
z3pi;D1$>u)0^Y1J)^=kLLnn_P><mZt8p^!JZZxuAaZ#2f8S9BFP=H;LK!jmM8IpZj
z(L9UzaBr_gc}0i%_4t?)fS{-TLW-Y79ppNCz@YpZb5Vl1(ua{jfT4D14BqT@pE+_E
zq1(G~gfGI-kwFcz^))$yx<G&HKqgz-NevxQf`U+YCxC=eKq&eR2G&Tm*A^(UBjAlB
z2%`qD7+W-@>M%s2+62<JW!^s*Eehu5z)b~W_S9B@6B>6YLIx2kicp#aCD;YuOw=C_
z7FeL>Vq7SsVI}&f7fa3>$D32_R|fADttgI3pn(QpP=u=S?rDI52jk9fxHhaf$0I15
z)YSds>}q3e_xwW*h9;b{41!@I?GlViKt{AhlNvwz@+2`v72pd?cxhGwnVJ&l-~Gm*
z!GwoHeE^^%2<ib4B3KZmeT~wL81!IN2((}q4r%B?$2_&h10zff15tvRkVZ6Uf*vYJ
zg3+Q;0R|R~2r#HXotvLZgugZ~?WJg<0J8+t1Q?nyiZgbCcSW?xFx<e5XtZF`cc~1(
zTGcLJ`0j@cTC5}4MgE{@Pp{x`i=_U_SnILjD6JFu2UHsb%(6y|XpBS`Gu}%%her$(
zQvwL|GsPFDHxCcmHK`<EKZ*yFp+TU51Yo}cV)^eI7a@iwVkO7?^!0=cY6ZCvY<&VK
zZySv`-VMc{#X_RD{jbHsi$X=X296S~*#bW+R)krU<o>zV$~l8jJf2|_U-760rNN|C
zcYy(1kb#Dv9B|YG!-ZJ&e-9%$RDk!`*tMyE3}d1`JMQt|;R|>-gi{4HBy^%gahS{k
z4Iw>fQUz9zVdTGt4E}}<(#K8PL>oJr>3JAS<0E|`<g6iJ#s0P=-Qm!#1nS>$lZYNd
z3isZN#!A3|k*^#wa8co9a)wNuuIy$QNu^>)-zQ|rem6UbrBy&cSP9teP=^cs(hz8(
zObIxdKw=xE(_Tl046{k---++8PrytG1cV|&n&=B?Lt8XxB4JROJ?5oCsDb=LIMZVt
znP$2h55Jjt=ON1QVoc9NoqMB#Mgb8nx-+K%@+h_#4}+%J!<y{LEp#7yU{)nf6UZ=@
zsu~be=&X=LUPrKwi<wVA+@BT_*`EZ32|nJ4hVV@CxU8Uhi9xY!SedQ?ZkR&LRbPa{
z1p(2ESk(mx1@#BM-h|*~SedCw9LZipR<fIQt2m}el<Os=s_BEXmxl*zf_^C|uzpGn
zDR3MLsIaFP$dGrmKVQfiP?2|3;Dz%qgeVsZH2&b>A69I*>(G%zuJEiaplcS@;*25u
zUf@HC>Y!acO}NlU0)pkA|CAALbN~_Vc!?Ln)|x|m9(3H;BSAirJ*#SQ;#mOkZ#W~C
zO7KT96?mB6a8w9OK@78pO1!@U{MsbPLqLak$0P-`KYS+oK!Bau7|?;0vD1h9n%u#9
z_r~*>#|DgN-FWQ6Kn5YvOOwgGGdZz`J22AM`&htAyP1<63?pbiLtxAAUk-Jq5y*L_
zK!md!1KR()!*j5GDL?5O{C}%AFErQeu-6bjQHA>sYN|UIH?!wJ+^zcrhY|J&0Plz%
zoV1N-l0eoPh{0c<RTh}tv~9?fC8m_~L1iTud37f$oGbmi+V#_>E{$I8-WTHZYxQlU
z{2iaPvb$Hiv|P~5vsQ5Vz2|6K&Ntq^_AbmYmN(RokMa5ad^G(lJK;^4Y4}p6CQLD>
z&*jgTE(^Q$Y0w7>@zC(cpU(BO%NlxgHwR`aA`#Rl{2V{;%sl+PpZ4;y)ZO<LzvmMe
zOML)J3xQ3De$~i;)aHz<m6I@iy<hm?*JS6D9*~P<p*=o2HRGaPqJ1@WJWaek`T5);
zc&RCAOu?AI0G>z-7^Djt?x;eDiISQZ?1OM^4pZje>n;1PaGz*M8`_wHqshWAyEY#+
zV5n_`y`;e4HA?IRlYFEj(n#YJt8$G^!icd)>C4_MbY}zgDs|J?S_)7S1A5!_D}w$)
zSjU_@n>P4F=rzX-kw@Y%#;L!9;-Lygp`KPk!JuZ2(wG0wIK|MSMWFQ#3@T&wKGtbL
z+bAP3*3!Dp?w9vyG49~<zc0BoeU7ID1%h<5ApJ-C_GB-odU#>}^Ep7xN@{3*Ml`6f
z>a!=M0<^9hO{LAS=lFqWli?W2AykSBg>fnmip1sFRJPHMKY_!7?#Qz)!17?1_0)w|
zBq+;D%NreG9mFq{!V4@lDLH?mSkP0EicwTDmE8xE2_)o0h^xv|Bm+-bpfejGt-L|3
zv`yx^68f+x%PYA>1+TrRp0_f4tdo_k(9if?OgHqJs-Dlil)u_^Y5moE^}oMb9tMVD
z!~EmFz!m3?aj+NS{15l*EWf}%k>7?0A!=Ww#qjsJ-A3%tR@i&T+V>{fljeQ}a3UfH
zjXHrHq^3)O2HOx><ro>vO`FG*uB1tdxjr9g{U|u$)7)WU+g8%NAFc!8*(k%!iv5ph
zHF6Mm9DC)3KvIu4()^h%D*nU{JRiG2E}1>z>CuNZ6l8R<8<D!Uqk#pZ8{;Gabj%Vk
z79K24=>2}>kTa+8Zz6dS16Lr}-eL`g`)a|kQ*#IITDyt}fQk{%!Lg9ujQGP;&*MBw
z*xna@272UKypX^({CxUg#J$|MCA7^6c4CpKr48cJP~p8+U)%WRiM@pTYiB&SM-iTD
zWs23RX<jM<5QL11A%Qkn$`i>c@p#-DCUU0Cwvyx}qF6!isY+IxfPQ1@)9YoTRL>6G
zTQ)#Pod&$n5DR9pdvKh@8;HX?{V<Wc>AoXLehJvW>BDms<-5_Fw(Jl5IsiHi&=FP8
z{UT9%v@8&#)_YEF`Z&m!Mb7=p6>N&is3ZWhTyac7Xajm|Y4vnD>~p^*t3DWuW-nKq
zF-lA`t*gDduy!_>O*#oCCF;YUCAmx@9Ao&?IkIaVQ%QCtM_{bfKI~}=31&jy@YL7q
zn-`V&8)Ft&CZ!7%HxhKoUZNC|MNuRW*>dSR#V0%Y@CY0tq?oW19t3MAhl2tFOI5~G
zRhX?AF>M)ESpJ{gz3tLl#0j$oc~PQ<<aCvNQ8-nTjLX*QzDvgwB9PkCtCr_PC;L!}
zi6ubX%6vkyhfLCvSuiMxQUMa;Eb-L}Sy^!)PLZ|w3Oku(S9L+TIl(Kmw53>TL+)X8
zqi|fWx#WWQz7XgPrjiW?u4@rW=ZGbJ>^798ZfH>DBD&=HV2s8!tX9KGs)cm5n_@P3
z9??x{UWO&~d4{F{UeMuDbv#!_2;bw1VoUs#FJ+eHV04ICf@anvHrb^RTJ(w>QIZ%_
zft{acko`QxxOkheVedQeY@-QuQd8uNErKe+sBYB68^@e4N=PNanx9{CNCiBu<~eKK
zhOCWA4B<D1e7!C~)@3_bkq1no_GMx&{!bJKN9xvsVbwgVn!^c~77PKbTA}*9o0fHG
zB|{0e&yf{3K>w0DrY}>XLs;$veq!+GoLCwaLJGlVDfL}FBX)j{<oGh@)qEEUnldF%
z>Q>Uiu(obCLEWK_JOWgWmCgpVK~4N>vxWDwCkgL{*8u{E`q6{b-j4J0JQ?nz_8q27
zu@^b%2_eZqU(5#L6)LMy_H|1IBf<y<uwGT@yz+vYv~p`RZ%IrBT5_rmJFWejzMJDr
zS_?1&Pnag(!L<AFRY^<>mJaE<>F-U6Qgi&K;^PO|_y!}k1o^jViQJCj-;Z+lqx%z~
z=MA;nN2aZMw5bDIjc`r_O7nbhOc~IHZepEQz1rT4SZbl=dOqNfizE@^S;gOP8mCT;
zFADIW^I5Go&r1y#1*L`=3|G0c8ceUMPXan-eb%;JD5w?ducpn}UL=mu;_EdC%DjtH
zW^+9of3lY7-v=Lsh1061nJA$cFO?|<+2Vc8u-cR-6P@nCj$w1MxquxXdYpltE;~EB
zO^J#qW1HU8bAcl0JR`~G^IOT1vI=-}zT_mz#0;XZ9kpj5$9w7626TPjOJVTUv)thU
zrFUtoaPUK}Ev|`|e%<3S6`86+R2Pz-#FEXF&4{f$y1uq=>CmTcpm!d=V|sJWAK4Lp
zy?SZX&<|4+&6=^oR6Y0hbWpmgv+YwWF@0KzYOl@EpHLpXLO6OWkKZi(C#vy(>L_ka
zIx(uj003UG{^1G!mmtc;!qnE3{@?F^xuGsJ<$s6^QF`H5-4R^eX(v)?!CfOYS~hB@
z&{!;g0*4}6Ruu{b<}9NN`)2XLVKA0qJ7HFB!wj_p&{j*{S=P90aA)i4#g$r0(oY*&
z1nDaR#0vd<ynMd57Y?b#A)DbCXCS4$-S!iWwK-rlMdmGMdb-&wUt3b3lf}XtP@XS1
zr!T3q@ckSxZNo9hR|7vSdjh=NXhd2R>y8O&iawAg9H3^%qRA!tX!DkdW3K==gO_zj
zELV_4ls2RkflPkXvp8#6&<(;+P09%qA@O&*k|=e?MM0q=2R>YI6s>TGmuq$e{%*ea
zPPn!x094D4#E*4-sJ~A7bc>E%IzRgjB;^6iHAZ4|UbW|y0Z>96pcXoTM;xJSAdBf&
zEbTpkM;@tPkUo#NX8aIbDm_5wAGEDs5;g*j)lR76hrO*mwnOw&dVnl_ymNY1?AW<b
z-=I*G6Y;8@uRVgk)B^N`$fEU_|7-|uSkmuMqgeP`a^9gLr$#PZPzbtX;sXi*Q6iBv
z5AqBkqXgQ5MaMBV*T9s}gn5s+zQrE1?ADz(J$xr>HU%jD(AYrTH<ONqr-Wsj6q@^k
zs9Yi)EZyhn@%mfg^82`b+^p=2$Hn4*6+)`I=?b4Vb)6r=>wn#EnlEq5_xiuSSTpm{
z?|;9%-f#QAkHest?nK$=e!O0cMcMbhoR5rvy`YKjGx@*|(Fl@tcuY?8RguKWwsm79
zFxd%E3{eWUx+jZU)6#{oqd0<o-r^`CFY(nzTIV4{Sb(wBO<$?4{*8H+K>)rH%U1aX
z%p&dXfR&Yhr%DQYJvCqPy6K}fyeV`t`)~$Of~pH=jtL@eM1(om_U8~zv_e2R+sJUt
z`~tujc*Gr|BHT4AIQ!6ssG585jMyl76c1CK#=Q9yOHzRLUU^YBVd|-8$$Zh}43Mvy
zs2>=Cm7zDxQZ!n9P9}d)#0j2sXNj7>HzIhB%>9^$W<Ruj=f+JYgEiVAHw*3wGVDIp
zVp{;ABid@a^u9RqAP^_rVoM}i)h7rSgi(qK*)8oCZR(akFTX)Fk#!g(vQL&OuE<sp
zo`P3p$1`MY`Mb(YuWTu*oSGY9-elVtG-H+5ZnhkPTvV_^#1f<=Jy7c;aXca&(DQiO
zPrF*@rzN^WN40G_<-+7}ZH!m2n2fUJd!PquO);(h*j726q#Sh*x%jKoNbYt@XX%*J
zq|^c=s?t#*XSd;X!l;b~Nfea*P~!482XY<~;`J~EFuY}Xs&giKaanuHZyYI~=4vfX
zpTHI?MM#yK$~7BrQG9S&3ZxC1`3YDH2Umaa%Rw5=8txp`?N*XHuBD1IS9BPO26Ho^
zd6lUHNiwZ6hB+Q=WLU}PNu8H(brk5@ezav#z$ob&fm0K~{-s7<Pl6qYXiP;MN#0X7
z{{r2LZ0C8GR}aR>dNr37_9(pwximJ_&pgEk^I3it1!y`sWL}pFGisljlahmG?Cc=`
zDVrww#(^a-Rg7aJK&Gbba10jO5%^54XD_!EXWk7c#pOow+1mlr!~oI51_Ut|sDXL~
z2VAf%k}VS+bl~KXbr}^3Dw~v2tI_;)i?*H4>l|qHw<Yg=pa<0@_*@wWig7IJnsUY{
zAc4{4X?vf_7WKZn&?%6kPDhs+tOd;85P{uXU^*LZ#Ib@%I}bnbY9gX86dSc=2O>|D
zg5NwoDz}n##F<0oqexK{gu*$YRq4GZ;+v<=<uV{`t=uWs?&@Vu+?%Ofd)$1goT=So
z6_sT)N;e)<%J168?~J4wBqo#3cZQ5@U<n`3JDIX%B!j?c(+3J#@^zf4&O)h2jAI6P
z1MCh=sgx1=aW0C8Q|Z4FUe6<wmG%}w3n$Q<OOlOEFqYekm5gbM-nD>qd$4jx8_zOB
zjHGeKvLT%TAIZZyi3YVfX=rQ7>r2eb`aXzIpja&_%W0+RoTZvT(XH~er0B#Tv*q!s
z929ELTpkOGraP%Mi#6mix+e{z0yT!f9&1WI6oX@~h2nAg!o9>qYs+TD8PWo+RN>oQ
zJ%Tx$NT6l{sjY`4XL_zZv}^hv12gx%2ehizoUD3Um#S?&^%@x;u%`2``F{N+-z(ld
zz2+fKFPQV(WwG*|a!edbzfl@Z?0CxPFw*h8wQMV;=R*U`Yu|nZFG{$6XKh_NTh;<z
zsdMGd$zQhPy6m%bS)V$(39!Yrawt1*$(b%+e&hmh+f<u!7k9vZ@tei@1DF{EF4_>n
ze7>qB0SHpXvHtOY3a<E}-~G1`0;t#j>5uy1xBsW2{71OinwnS|(p%aZnwv7xSvi=R
zf3JS;03b+-Ns0jg0s;aU{CohuHvohIfB*siIsU5vg986kz(7ENLBYYm!T+fckkF72
z5Ks`{;83toP|z?x1soC%9u@}fpY}f|`Dge)qkaw;2ylphdi;MY-+cgx5I@YHP{4ph
z06>U<z=(j~g8=vd0Dz!Bv;Akn|5X5ifI&dPex?Kk{nMct;b;25z(7Bf1qJz`BnI^T
z`5gcR5fq7#Q4kDS(GZ--5rrurp#Xwd=yyM=(%cORvyoFEBorDt1|}9M894<d6$>jH
zI|nD1u!yLbxP+vXvWlvjx`w8fv5BdfxrL>bvx}>nyN9P&P;f|SSa?KaVp4KSYFc_m
zW?@lrNoiSmMP)-{Q*%peTYJZ!fx)5Sk<qd7`Gv)$<(1X7_1(SwgTtfalhd=?yZeX7
zr{|Z~w|{T}0s#L9)_)`WAGi>IZ~^^X0}$|kZ~+3j|5RW^5Kux!FeE`ma6?CABBlTc
z6rqHI-~Eup%t|+?Mox23Xe2DVq__V-`xn{&J79tTzmWYmu>XZ?9RLOx@aN(IBLeUP
ze0+Ta1nKx6a(x2;^I!3Q1C&3N>91U(D1d*j{qKbBW-4*}+dp9$IB);}u>ZMvon1U_
zOr8HR8BMB7+i!3n^w7_K6P(nZAWm3!Ca!bE&H`-~3jC1cbk8E0BJT?4pQv0JeZRv=
zj-@Veu_ekX;@db5X1s<n-^1o~Sz@|g{k93;sle6)sSWZZl=`Dy@qWnmOjf%<F(@qp
zI#SU&6!T8z{U|<PPCLYI9i0M9=8@E4U2>Lj%|3+1yr>h7<?NvhITjySqVp<C%SeS?
zGgyuf+P`WZ?y#bj{(BFH7-p<f_7XL4Ng{!?K*TnNcExb$VjvPaA{8aSWfuZf4m;NL
zpsB&#sF?r7usFUDF{J~bv!|R&X$OB-?z18;vYWL2gGJi#0(?&JqQ<ANB!T{xcka}=
zG1y*XT4f)_XaKd?ncV3j3!W5Wgm~q*W;;@e9Hmc>SG4cr_}!!S$_!F(V-jh~j<<8Z
zxtzV*$Pjz(x%zV0Rto8q`!SwkeDJy$VR?LPpcVkS*dN3Jw~>^1X_?1bC`O@HH7v`3
zid;Kv;&|zx5w7}e?Cx_!^?>D<JRjPy9+)0<=<~iM>70D~JIE0^icM8X5Y<9ZO(58k
z`U6gy?5kHdZQ(DDhaTDBHFu+DsX|+fAz;vLj>*K5cv1&h{k-)?R8z>Il)!~lljh}K
zsl}Ua6e&S|GfBx=DF+c($0sav3m{iO>5^J4;E4xTNskC^m>hr@gG)<t{^vPPYXNj+
zucDeyUECe}DnWZd?=$3O+fw}9`VR4^CAz+2#*&-z#GtcGJAT_$q=~-@m5zqRT>9@z
zf3t7>ekg-b%{A@;4Va+vN)*}@LhocdUj|NWs)HB`3gU$M@X8j{$btEUH-zv+3g+_p
zD0n+jC|Rxr#@eRYBhIw{V%;r_*;eh(77>@hYMvBmA7`GiM69X$_kF&R=JP5+plMzI
zJ^E_><@A6fcT|imS%!5is0Np{`^*<;u5!9o;$ViGdlt$3!D~_<^pUfv%0IJRcilX(
zU;K^%%Tsm<yA3n|H$2|2ur~L*h@Pq99j~;$IC%SU5=2tV4nj59Ix;66TAe?iD@Wc-
zY8EgB76mV!Z--*zQ-j$)rAH(ypj8;mM0XF$w!CArTW0g~UcZe58|?Mk&6n(12ot%Y
z)BmfS+=pX1KA?=B&A~ZX-<(+T?8}+=+qt7{n%Ev`l6>m~X=IBfm%huxg;k&C&JqDs
z{Tr_KZl-NC%O8&c=g(Yqfx~8+ZawZxRyU0+I5hOO4i3N*!aEBV`1Kyc&D{jSgP1YP
zE!qCW>cl>SR<!v2IY%7$>OQ&N3ot*-r9L<;UoPbzhGen4Dn4OhN)pJ_IFQ}vjGJfw
z^M?Oe|NiGY8uDAfDCW=m8ItXPi!o;lLnl)cWfvz)JM(`xgah4kr;XvnuU^%6IOVV3
z*6Nr@qDn|9`!6W8<8ai8)vToNB-+{)gbc+90RX_i5)aEbXBy;N^q*nuKm=e-*EpMB
zlaeKk7#21c((35F9-n8T1pZcX+!o!8n0s^Qm<xs29lY*-jF_vZ+2`~#CloV1m>`6l
zjhH`Ec|JX_e1F;3C6b_eu*vxOxaE{i;JdjaKWovNG$7NehTEGdcEwYEVa~WGnN}C4
z=}@Q81#a4vIoEf_`@P7t%~8qRZhiSZXJ~|c;ZwU-^PjnL&FJ+?eXP{YuMCjf9`6c;
zRHV0Q=<)D-KkqHsy}d2beda$EIkzjE>&Gol!hfQSpvda$Z_!)F;nXFvXkGMZz6zd&
zJ%S>$KczM8y{VHoW;iW8%5T4(%2!oT;2zcBFY0l9Fg^6eEq)goIi7{FpHD;&s0=|L
zzA~xq38O4+F)K|FbfBB}V2ew#NQ1`K3c*hVknVAWtKpsCO@F*nrOIyLBj?;q*+Pph
zySvz+DM!Q$63knZPK(*ci54o&+U9nljE#4rF|Bo#k-D9P<@%p{Q)BL&zAU?=;;CIx
zJuP^zyHIVSoD1TGymdwIsZ8!!6zHdk?XhG=8BzqjFS;W;q7Si;DRsa$2%uoiOcy;I
zH0Bjc#<cF=BZp1r$GIVb_IT?v*d0F?Pe0U*(dACiGaWz5mCt9&oU`V@Q$?u#uF6iJ
zKX&Cbaa&L~Oy1csGCH9XNZ3tNt-gU=XmFdJu;xdU=EHTA_MqW{Y^*0DiU>CoqD#vM
zj*8Y~XTu&qMwDF1iRJ|yn{-1GaUKOpZ&t9Bq3NG7vB0x4T$UqdW<o+4k!jhDM0KUX
za6%fl1h|cL5G};`0~;}AX*2kM;UzW1`e=e-==T7o_2fmkzy4@uyT7<JMQW!yJo(64
zA8|1psUf&Rwi<Xu#Jp0L1xYsx8d*eu_+^AiF<<5q_~AD+9)tF>XpBZ44^}R7$cn?b
z-Q9LM532h8F3$u6S^cXkfji1X-LJo4VJOxBF-Z{VHl#G>B&H@u6gftZQe7}}%*3%4
z_g1<Ii7t5L{`U+^+lY_}DnV8J?p_!@X!2j7P^a2pc%o`V0Ptti6RKIt{-}HsADY=e
z1DO<X>bZG6C?CCvZyuClenNq}tm9V>cf(R@+H3Fig$zy=>J0N^XJ7l8m-DS(sVL7i
z_+`bu=<}eOeYM9LyPy#OzF9OW=QBQ|B88XrWGvc8o;WqB#b;&hx+H2QR6;k;^aKcZ
zU=uAmeu=Rq(T2U)weicLs2z3Ag$ZByGm-CBL*dG-X;<A2gJccs)=^-!7*u(dR0CBB
zvsAMi8;s}1=S(#)-1}LIW~&FM7%jvGic9c+@*=!3XdobQqhKbiIO9snSRO&?XnY}z
ze_aZ!>&?%ImJ_I(5Ez(UY5rY2RtY)Cm>(hWKhP7vyI(L&p!@*xk%^q_5}Cc;jl2qX
zq==Ot(GvbETGfZFTzxD0mo5>cH#Apyw&`H2gUYgn8-Io@sVptmt!M2GWR}C#TmEZv
zHe_FH3u%+VJB{LbH#%V~%@8@(H4%mGBT$Vd`BzD2N&D7CtA(+G6DCtxLUURV=c`_%
zZE`b=3{-__!lg<J6*^DvY-(p=X|}*-rN9n<edZL_Uj$U}79|3CNm*!KXT;IuKQ)it
zdDn0&{NsKdQM94;MKsjs{NoQ$I!aFkqE0!Rxu((BSEX$gZ62AtMT#tl=x@#)RmgDY
z`<b*X{BxCrjm)pq2RML)M&lb48kY76x@cbd2Vw#7ls@0swsrU(x3M15d;%aNEAXxu
zk-pu*w$dL>M-?7=!8ghBA^M&P+AARD;bG>_=PF#@{8+u8Lk0WVkV6X!uF#IFw8_5r
zht32ua(ML3p{|$1SbQZqgksB#0WO@`<hZ+gR6|Sx2vv2YBLM9Sf06#E=z`*2_5Ths
zvwuXZ2Q2@>4&OI^nybFMZOA6m-g=UK_n8E1HGEnn_UEgKIF$%l&+JgxiS{Q*)~+pu
zI2?R2%0WF0M}Ss3Q1H7V@`ig#A_Q$2zX&&%Gt4Pp6^Pj<Kknu5`hDwk;%U%r%hP(w
zg7y&D37i8AE>hKG?FpSGkZmmsjy^f4c0HQaOaPbDD?=ce3QE7zMx<3zV?Cgr*@e79
zr7`cz2qm#IKWSzVO>zO2b<o`8Te*;8Q66^>DF~zImb;o!W@}*}IR9r|wxCd5+NsaV
z5oAa+6VDky`ev4-lN`xz8#fSy9q7b0FMuzi?T{fJ4+ykMahFS7PGW?(keQyGJp5yD
z9nPShrAH7;w55j`+7%&4z#X$K=wT((i^=g~-Fm%ilwBr+c4^F=unaUv-qD9>z3$hq
zb2y|^^x3~V`XZDbHv))*ho>MS@5Uj&a)97s1ZBv|1ky8%aY6*tpin506O(3Rt}(St
z)%jDyfvh-=53}}N6)oasFjp%>FKn$WMRvAt_Vx~Z4t5~m+%7bXWVa)b&}b%5GUYWE
zVK6LeZ+T!<1)j~raW$+fPNQ4FN)M{Gbl>~jQ1^}WTor-*IX;ZjA=S$6qyRXhGf396
z-sLeetq->lW=9o(iE}T2y`bvN%5BlN?M`6aWTJdos7G!=aRmR6I0{k2*-5fuI}3w}
zCg{N@VFK8}85X9`Qts0oMhn_ljjmEGA6AKo7%8i2VR}h}Zvv1>Ph2nhOQ0)?ym^(Z
zAYpKw&J^D|!j0;x(<=M%a{y9si1<vmaSMkr{31&Y7upf!*VWUL`E{>D8rd@TJ=l*F
zA3(%<gJu`0SfzZUn80Yj8DR*NzPrW`_<bx05C}(*$dp1Flh2+2DNJyE>WNHlLJ3Zw
z5`K$Ib4ueg10AoRQ2!c%E<QneAViLg^n!o$m1F(wPH`3r-Je-97nNb*g^m1y+@G)3
z&@#<WJyt)BnT{|9KzCD*6H|B+e|fy5GL(<aVWb572R8mv2+!d&dQj|B!In0t!D?f4
z3?rsX0M98Mbq8u*B_23+YPppk|BJ^n;ksZg9L^rbuodu2yXA`jlLlgnNYE_7XzQD6
z>4i<8jz?|FC2PuA2GuKl72vdncXCu6Cc|VcPs#z9k|A;(b8+P-a|^c%>xp$o?)ft%
zA$b}BV+VKJJEz_}j01l%#(-aA<Hqhf$czTUxLzB59c603grEk9Asp(DPl*R^>=<%k
zn{&vruR#J7T6Wzp^fZ#r9g?yRo-KTeSO`o@_43|8*W^<YT8TE(HYo__vZy8y1i(*-
z*sUmQOnNiwP`*VYNl4sZMYBT?Fgx~y-<Tr5x}ApEx3O$0Zc6b$^)wYHpkTk%?-qtA
zh}O?95DV8t5G$??a(2=Q{PC5W1v&RKfWAx)GG1dU!7$(SVQv7S;bRr+1r+NGVZfU7
zSPf>c?7^I{HzTA^M~FJ0WgiOtgTW0|un11C!3%1#0uqN9Qi&E+4MDheZ`>h_3etdB
z!C^U6<31EObEAoF`;bL>WY?t@w`~$5mt06mQ3alpZKiHLh@RX#xV?ACJ<GBQ2D|TE
z0s+@%Fm_Al63KREWK>RFsYD#m9XBP7w%QllooG1JIdJurJ*hu`E&MsiW=mINvs<4L
zuzOk-@0*bLoIxf@Kgvhi_6c$wvAdE%muBs3H9>Gr)YiQecb?nxT3MOq-3Z)m*FpJ1
zgi;cL1+7TcpcIaB+V6qNG&tV|_YIK3Xmiyg_Uq{z3CJapc_%@riM6O#E}J4^<R|x<
z7R--xGVgqWSkm{K0>+<E^)i5Jqi89B1W_C@;Wj7AGCu)K4hu*MbS4spqqqh1*<bQC
zOf7IKY&sV)*{f(8LQ+(<g0)}{(?&e|Unq7BfQUTH<>*RsP7sdB#fp__fJw!*vIG<T
zZ#g{Hu~88ZFghuSddP~&`X#K0sKuo93}D(}?V5jvEJi8NR-YqYW0tzTc_>@{IAl$O
zhd_fzxYBa672QX?%m;&}HiD<JOveK{;aOZ}+lW4Dh13W+Y0;}vP!QNh5gIj`H;SA;
zVXP4+MUdYThce?IBB{GCisjVM_q`*GRckdHf%<OZIwqvfIEZ#{mA`F3qHM6db@?Gn
z?Z&%HH^cw3aurY=-&+<UraE_Z!6o9+wyj5OI@lG*O*PMh_|ezZjT)69^i5!A5L^c2
zqix*)(-ZZ-OediJaVA}+`Wvb*cC)u-+=v`XC2pUncu;FqyWU#RB3nJl;nv}kM^bdk
z9{#~%VyNINfWfr^1H(~OZkYs88(b|qd$^hb!}QtNa*)^ej&))_%JoY8;yl_RTF%S!
ziAn&e>S_ih+@%c&ABXsx1syo8=_v<ZBLX>@On<;|JX@!xUWwnhnw0X$^p{GI+BjL<
zk*dCaCI3E373Ir*y=;)-p;Ob{07?z99q~&L!{xefa(~+9Ums<kW<7xU^mMV)BQL9R
zvX*1}ZGR3isgnowGAWrV>68-k2y`(*e|NH3@1j$4=RA(<;YEKUq1<E&lUR$0IU>X5
zcx53ay<>}eCQz!U7#%Cm@)XqOV;hQ#gAc!!$p*4}Z62S1zr#VG@34o+u*ds<$A*Oy
zbAemT^^NBg<Zt<S@bNe90}|=D_-pSQnEP&3j4sh$*D|RVL5Z^RkSMjRTPV=SuB73v
z5v-VJn$;@kZp>Zj`IK@5imLSIO*)ja<4PD`gB!nf&SQs8&FuUHqs}a3piI*W6q;7a
z?HBN9*i{p%Gnni!dQ-du73|8oO`TlFVrUO%W41~Rq(I0V<)^)H&wH_A=yRZ1p^&}h
zIqJwNnLeKuZhW2(2Chb;oEb-GyOW-^Bd3N@8v?h(;8_c!ZWcaSo_L*GZJm4bP`nzY
zaOvz7TO7nQQjYUN?e$qq%rFM1d2i(Mymc{LHxPniG)Db!lS<~ojiK-Bx82?I4s5uE
z2ftProm{8~wLOQBc^pJ{#W}r4A_`mXeodjvgqdh}htxfhlZX{^U#b><+CH|cjV^d#
zo*(iZ2-l(>qkx`52F+FlPfor|UYQrh6fMUOAn8++5pDdiHAwI^^OCYtaLT)42KDqG
zasN;&qPw&KqE)Jk&!N4rThu^wg-W>~oyD1}8(Q*mr<#YZ$zBiv^ze;nU7ORYFJf7y
z&G!fqLBBPXAKyacf<@@El%|mAZ;A0Wc@?cMA5*!rs3KzB^FEU~a+lrmttplihJvEz
z+(EbRL@@`GjftsFP>eYzXk<~x%H7vog)1BI>TvW^7QC@3T$4U_l*U9Vn(+h^V01ib
zDOIUd5XM4LkCM_Y<R4;LcbGo36uFKi94&SV4zD&7C{NoKs)TD8m@1o;D^O`S?vd!4
z--~($_>CXXzEL)s*O*lIA108t)}GL516G@A#59UVSk4>Wx7>ob)&*hV&E;kkn6uVh
z_0qd!9{T%@R?cf>8aASWK$-oa#kQ=PnXh4669Ovv1XZ)Kq@=X{8`&4f6BE+<X6TYY
znv74#9%uIPX3gwqJ?*r+qCIio2JW4$Z%=+;Yp#oKm8db!QHNBy353L3=mqyMX+{fQ
zgSugpcV~~xR#*}y+tM=RTF3qAxzIFMl{>wH^dZd;S5$4KJ*g1b-)x)EM)s-aUvagZ
zU%74MKP5w#+kKPv#5fT&(lR2|)L&{G__8znN1v8TW;Amw3)%p3K%~Rqv*N%^RlHxO
z9XDa&$k)Ui%_0-zNXQjT+KI&I>TAZe$`F(W<&$Ve{GG6ECZ&^f3&s@`(m?VG)Q>XO
zc&G-r-WWYRdEPp?XGYOY7US>jOEeDpS+?La*dzsa_rRR6PWIpG76AY)%V&wF&BV?7
zfo)kwgv)jUfdSbzdovfkf$!f9xv;|QSNRw+vwLT#StaZn$PLxZPL8&mAu*l`0YVD1
zPFqqC-JCvKK))vud60)|3(^ihhSjSxcOA6po>d47ho&*L3}Un`dl?P+r$8$V0a%9~
z(phO*+;UMrl0S5T?|5M1dADqvSJzT+!&tG)57T*95*ca2eAz|~;DB32w%2&VOK&#F
z){4S<bYkW3D2!>mZ8fh_X51u6&&u<O=z~!pt&$?iqDknbm{L;7UKg~S%aJ2fE2F^E
z6?)7c#MH;LY#rL!A(9>gS6Rf<l5o#6t4Q&!xYR3c-#BrYU=W(ETdAs2z91R(y}En6
z7}><lD_&Fv8rcWBhPC*^tT^=$&2)R`WjZYFc-gKO<JM#H*PaM4T>8R-ech?*8q+$%
z^xG@8+j5*jRYuvVixWIe0NQ1PS5whxMiP0<3pveL9;T0sS$@A1q-sWyu46IcyN)OJ
zEMk>mY#Pw}W0$AfKAlo%v{cA9h&B=o{Dq(UMa?swcsm=jD=7ae1Cyn1j?(yQYk4m3
z>Pl^--_e#bQ&T3v<6|!kq~WD~x<KxuP8VImewfF*>rG{+f2wOL>HXr$siz*esv&U;
z3I%`-P$C(eJKsg6b39~Gj5vPc!Uc+#qS-He7KgIs+{`SVnrdUbymPx}PgD>>C4Y7t
z3P?s|i1@j<?vV}xucV;vk0DRtvR?QUx}94SSYP4Deraqz`}8QLm@WZHzRKB+O)vBn
z2jCou<Unz7B?v->IOR?(fz~e9*Hyf3j`0oNX`jjE^2x?}j+JQi+#lJ?I+8c<!sl!d
zT&v+dppre_V&MPy!xF)d-h8-VS`N&i=DZ$hDFR0X34ysZPLUbuxLVqfuh0Bc<XNK>
zIt%oL6yY4PhKAsy0cQC3*(+zwg(00YC&T;T0Ui!~+NJa<drPlu;}P!puduy;lz~)8
zUq{6_@%1`c1ylF9=ErjQ<wlu_YnT!q4AWU(Y~xkY@=mZkFoNu{M@-xBwwNJibMXde
zq1Tx{95wt*s5VEvsQ{LIEpk2uur`75rSX^62FoChMk$?kr4tF@<j7t<iCyO9>X%W6
z-uBC(L~3kk8ah4b_jPNMKTe)rjGP}gZl3<<err?}d)fZ}HXUEK4^E!XxSz8tpC30L
z<|mt{zn3egpFf?-+0{wsqp+ScH~|ryJKCDW1g^&`1|v9+4SECtp53W{7*1NK_EqZ1
zkxI|Bm2}l};&5`{AU4!<59=I`qX)+&?qx;p!s8Qf*|wwibUu3yC;0nSzCXidJ9vY+
zt0-qx2naM;LjD^L=Ba1!Z>S4o^i=Sq#96n({w|Z|;tOe3_hvT9##jK~q!j^GSFoU-
zhtm1er>73NUVjFM0~OhvPruf4sl!WGFJNqf9Uvu-hMvp&B>CoWgv*L5t(_E0Ro+fB
zVR^H5)FiRQGb=~9GG!r~cAQusCpuf|#GqmZOBk>jUSfwO7ns@O^uU9eIz&gIXiF`!
zqb$K~qO4-V@KI6ufKyhA(*+wRbKk^NN#%t@`vhpKGC&D?vBw?#B}TS9CW?eQSXB|0
zQ5o6okwv+S2<7%a`O;V%lC<h9&ow8liLA;sQ{5Su2?mQ<=^s9iO!9HxVLCM5V&7QG
zUNPRM%@2v+Hy^lK&mAlV3`o^<E`a&jN?*GT4Y<ruR^5f{OZ-qC6ST|gG{MI0D{8|5
zf*fTYFpCy&a-MC}vL+3AfaT{p%N46nAB<6m26%Q3=Ez)dl17rk@gchOP8RJ?8@0-n
z9Ud2v1FNnLh{&m()iAtd-)jKs!H09K)byHEymqa*6k9ip;FC*_xEXH;f3&a)z2F`7
z(+dLs22CARw9_0Sj#PkI4bpN+RJ<0jB)UnAT^!#CTHOb;Pc~-D<k~gM(B0!MZx$#i
zZP=Vu4c(uo{UxY~)9}HjL*F7C+XH4AA1Y8Wfmi*z2RTngb7($5<0e?iNah|c{+7G9
z-*UQYE6ej1b9mZ)&P1+p(f|n3oJq+mmD=)?7iGC5vlQi`I=}|w8~x@5-U~%T*5Mm8
zHMoDb%Lb5ydN_K&axWBsS_s07OupAdyEe<gkb2A%Mwi8FY4L-d+m{a}#r#Z;;cAaw
zAmR>}ARQZaHyvT%Fys5~xJ*ov7ysA3!h`dXa?4|%mJmS`$?*cX?w#C&iDssYtg)%f
z8lyb>`O{BabY!EM6P=CoYaC4S`KE$@Uq0CI^1)|#i&3U-bxjJTI-QWHLISqAf9zvP
z(ds?0x}D+zDkXfANKr$KJ-&{pGrMLgBTs-B?p(3`oiQUt7Cj9r=U{AYf2er)IDfA4
z=mJfoqd-SjaV5fPyzhNcTGN+)I20`V{rAi%ZFOM|_o{}q%zZfa*B5Ys_>%YYEsRP_
zSne{u-$xR1XGBvr?W;%W<87*P?W^V+GG<1Rta1PiATu+kyN4@SpyAO5YTRB+mG>tz
zFDU>@?%9QBcYiK(O62dwSY`|yx9oxbej5jtbNq^{08oKjkSlsN=f#xnAWidaMP(qj
zvOd|^rw#%4_pteMs<rdW=iUjk@sP(@hxfaB=GAj<ad2hOF3%azm{>D8_jTS2_um7t
z$9`G1wodJWb)R~@{0{v!(>oSt59aT><_zbs+5K}{a{=xg=U!Gbc&6Su62ms<!2Z{g
z$2a-hz^i3&IsJfSO@QZFc$Za{#}aF!vn!y^t0Ol4T-+RIow4WR!WTs=&hca?oV;t7
zj~x<F58!T|fSV^%FFvpK@+`pt9@g&brw_4kyd#&c1Wn?0+X+tkT#eIB=U4KZL3%5p
zkRf<4asiwzc3(I%9a{|u8FpnG?pzY>57s;Ko_L92TwyjM%z$nfJz)`FYaWMP*j)Gd
zZ5x3{^(*`5P8b8A*%*b8D|89WL(N|09xM0DbL@S1n3epBJy@Gc>_NGGmfud9pfgjT
z!I3wZ6x^6Q@KYyfm>1~&wW9J?${(%2vChTAMuNYKM$kkQ)CU@Wy8@NQgbw9VjW*UE
zB&sRZg9^JTe!RW?Uz?H;_v(5j!2tl41poku|6^4CC*A0O<%9fB{?Y%H74qNgqX#<H
z_BgGmpL+S<f*J&$Zp}XM8DeZIV{%Jk5eRFv@$^9WY4eMn%uyMd8+Ucrx?^!M=LFP3
zSxgWl5E`^1cUPqJGrY&qJ)UoF?LWaT1FKJ)bJ6$>Yk+RQ<!#-4S-fBOI9J#DIbP{r
zMYnh7F3?8S7Rdd-7TEds{>VRw@5^>#!CNHT@nmkwES#Oc`b4w0J?tCy{)ych`>cOJ
z?#8J-rpDKQwa$hfp7dG8Gk!WSH^$2@DOz(#ZOg{(YSW!t?B(;wbH=`HiaRHDTR=Zb
z-=38iD7@60%lB&=KJ{BoK>IwJ$`bybCVyineZqwc!<BRXwp*fK_jo^DakghPFJW3e
z0inPp^~eC`u+A_g${1!3V_$H(W!c4uGwRiO1^i}w+SLDWdRzfLI<-I^e@Wr_lHw`5
zrk|4O{n~E-77nu6S~Ub!zl)z+IikNR#a%zo+BVU9blif+zxB+c@SfR{<8bj~%=#9}
zwJcIiF~@`DLd4}r!=zZm(wPL(Kv60ww{f%U_1rQARiD~F_B{4{-Td;>$PK9=oUvVz
zqg|?7;jqKKG{;S;48OTthqt`BGz#|LyX^h&V%#)+Gfa?r7LQQ5@gn9OS}N=fi7N2D
zBoAJ=rr#y+7#mIuuJjt<(JONcOxyGtd?1ef%zV1_n2%e4ud2{(xxTtO3rtTb=QtWV
zs=TV*{p%h~$>#1S87$k4NM^z#IYH>*k}osRr}Z|ckyJA=UcdlKXf5RV{oVOA!Kxu$
zVpEKf;R>j-3}lmvR=q!6OcoW~MPl+9Hqqdza?pjf9*gjoR4$8{-S5v#SlIo{*82x5
zKaB0ObX#5ILTd=1-0#ki30Hy#_;0(iEI;1<=Y7}y)T%b8I~rfPH9;c~2i0WAYOC@R
z$1!ZW--cUgB9m2pZrWomR0TJZKn<gma(Vq_!+~;@kc3(pCRAfKsH1k&a<(eN1en1#
zJQP)^AgDm~Bqvct5v2#YJE}V!H5@fDG_!ai;nTmMWCEF$gwdwC*YX{rQw|!T3|eu^
z9+o`}3CME=E69Xq=>V<d7K0cfomGJhswgD$&^PYS4_)Tq7a(TB{2<M<eq65YC4HK8
z$;h1O5`|_7+48aCb~5&U>5-%v$;5OVBj7D-Rz}`#+=46kMGROQ?SIAkF>WUB+(ja4
zFMynKNFhj)D@1b$Pz!?<6{(VqT6EC>R;W7U=no$fF_7sd5lD%}_ltsVS;J?5B3gQ5
zQ${*?qBd>YZ$zqyxo9O@c*OSwq7Ya}BX49dS>)IzA?xyJU8kM={ke&XWqH^Nx)-_%
z<7e4WlZ?E%CcD^lCcEJVm%P{4LmgBm2X~o)lz(_HgboOMN4~umtlTvFQ#OIadW8?%
z?^7LKy4bodWZ|T&tS*Gq^2<kvhbNU7qa;m+h^=V)H4FF9@UqC1nMnxQv8@=CZkh^6
z2WKrJ#tNA<=Al$4L;d2-V|(8r<r0FIOeNzKK;5>^0<JRNpWg=ENo4cfjDHI$f|_kX
z#bR!2puqe+a+#MT;Zz-k;AELcXr%3;A~aAL5_mNRc1e|pw<z04+$u9txd=`pV}`|G
z`)de+hl8%-Tiz`T)ScWBoHdJj{>K}tooytjF=DmZCc@R}z{4R~PdW@e5r%J~PpRRV
zW^ZeDo{oAITx;D@Pkj~QBoZ5tTxFDkmqiRgz-;vwD<$A9M!zM@q#>lEPL{beMNxB#
zL=5fkZz?C)eh{Ml;)uaX#d?~w6Wr$8ipYf20SWpiY)Aph&0pe)KXHd%IE{)-X*&jb
z*mY9c%%Id9#UhEZh4uZcB6|Puos2d?KD*C;Q7yqyx4o$_;!Op$O8+b|nr9<bsSczF
znOPB7QZ!NF5($G#CA$=YRAB{1e?p>Lev6W889#p^i4yiGfo{}}5!((AF=QMJO)!os
za5i|MiNw=<Z81t!<SubzDh1@9F(D@>7;58waG3lQggN6qnbh*j4kQ2FT!)Zyjh7!y
zIQqGO+b#4peV(i3Qj%%uphY>ASTz2|MpDl?Lt;ov_0SS(7Uj0LSe$<Dz!>bXI=y;C
zR}pCj3o3JX9J=Y})As$sF}VOYTPvwt?YfPucFEC2VX=Kh3>gVsd{=cU4N|I$X$q*2
zfQ-mq64IE6g~wJSNc#j-EuUmST<EcTwmY$(UGAahP9qxXLNQ&UED;;tsH7mD{@Ia4
zZ+$F{oE~|aGxFb0<DWRUcB3N~?cTOx@iU?CmSW>qTpj^uAE(z=r1efC5$qKEa81HO
zLtz}s0pf%rx*&)`#Xv2rRH-+4-QQa+W$~W2P=EI|drWOZ*L*P%sKKs(=qIYD`tHQ?
zm_%NXhNc9a#I{O9N60pfBf@lPI*ds2#-0qaBN2+oVTOu9-atqs=!;QM=sEvDkN>V{
z+t^YbZN}7odH@)>-Wgjo*Tu0@Ux?~=H-5J^yLp}Y!tPJ{{_#Hi{vp`?-`%?ur~Ae9
ze;n^ing1Uo@xS!X|4QOTZC!h8b~ImogYO{1eBVx_-mr^h$a#)audF7qoE8Cn7(bo$
z#uT&Q3`L~lmFICg<ks^hCPG>a3Ho^fl4}Q#>-J+D-`AH*E6)e4u-})R`<Qu+Yl#2K
zVNag--6iMx#v;c%-MfjNf&Des*v65#uh%&G-jR~L6Y+i3PQ18(<Z!O8?7~~rkWsXH
z+ueSbzOlHv6MyxG2!7ba(E5n}2Pqwhu^HoET;rz`cw@Yr()~4u%pW=2-J!Rz=+FPJ
z94?N_LUmi<b*8DcC^lSk>z)0P!-J=8|0Rdp{g071qbq#F2D%0;ceiWaO|k3veY)$}
z8g>%H{^zzlRad%n_e`nx6ruKgaTzRpoYpubzE_N`tC}rGioz!;fW}#V!u+zRF)PVR
zC_<ei1L_E+yx}KhAA=6&w1=5&MFet*lz*g2X^3)MNg#Jh6}2ETEvf{;H3+7%kI18p
zGaGfF6kVZMYr^ko>gZG#BsB*N9s0y<1{*t9YDL@*nGp7|;r!0=^B`c{tMv}}&HS`^
z?AQFYf^_fFCCj>Rem7>m$Ju>70rT+qeH8jV|9`ail|gYeUAMRs+}*<9?(Q%^a0?dP
z-Gc=P4#Ay3aCZqBEJ$#7cL<W;7Pyl<Uwuh<@><pXb?<wsrl_eyuj$jh&hGBrYwsp?
zHb}zKndQluxxnF?cyhQk^<bmt!*<+t5~rGQcna@2^X0^m<L!ADd*^AEeuu?-`D$(~
z{$AiDs{TTqimb~y#~U}`aNJh?Q<o(BH(gf6_79S6>E%Fw>wV;E3x8)qs*qd^05+8-
z9xE<U8LNoohKWd@nz$E^;5+fIfZQ`mXgCCH%zUKhW(%9*c~YO#m{Afl4nVetl(OOY
ztahSh{aXu)tO8c1UPj&s4WBeUFRe7IpPD?3Ea|v?DDr7N6!SDpZp$YT8F@GsW9YDU
zawxk!yr{n{KLoBCSkW!UY0aCLX(3-WyGQK(p{UfU2(+O6Z$5)%x;QlGDOA9$MB2!B
zV5zkS-v)fl|1>!v(}!$}0ubnYjq!7o09TEPJL(LPx1{DKn4j_K#F>Q3blw=5oQk6A
zm{QkB`5GzF(Qc!HnnwWp?8m@BX%VPFby!R;n#*|8;od9p-5lP47daqL)<W#~%@bIf
z)D2MeDf&WuxnxHxn|L+@{Z$QZ`E3m#erz6?OGNohLZX~3S(u@bJ?7@r9FlHMQcpX5
z+3+cT;OH}Fi1??f$0ko!OHC3(jqz6qv5$_b{Sg~|8=5CtiZPGWJHnRrpDEb49#r^N
zu-Ts+^2Dp-DM8cR%#7}SjwBghUD$$KSv`;PsiE(XszzXcK)YFk;kp~Ok(686n6-mD
zd82UaaAPY_S8}lw`9x9K=_2f4My%Pyci3TG8I*<F-&auoZf`zQDBQ!mIST!>jttBU
z10Hn_-2fD%EG6BGe&R<NFv40HU&><*Trz<UCgpZZox#di)gv%CX3u{C9UL$1sT4+I
zkL)1XgPYIJYSUT9?7*CF4q~EL!-^+GwOhvfkiK&H%27!Zq*#%@o`CA-XxS*>n&@Zi
z=Glz`BPd26RlA8UJw<Qxj-`>8i|eS)a|~IvxpZVGNMBM`Me;!5q(edkrgHGI&m}qM
z)a4ZtAa8qNNIUvv&hHhk$bC6<*An%gddj5K6d9}aOj{CG`TOw5o9lmL7di(>37;Jd
z3*Ap!;$MJb<xltUy)TvhoWZOHFF;9)of<+39F#<UiYIXrEAyg|VC9BKF&3(e`6Iey
zDMI?yCI2~3iU(*QpzNIQ3-p$4$KskgrrVzQK5U8V^aK=z@mZQO6iIdjM5i~9o6ujq
z0<T5)-!})1fN&;tcqK=<a}zbOMw(0qWN6xki?%7Yl!b!~9vkUTQx+N|#l?sz^dX*D
zswiKCcv?;<Nz*GmVenHYfWI{MLq)}qX*5=OLC(%kGMiaBfWRnt1$8m)a>RW+jaOA?
zBQTn&SoL9@yb(0B^F!kHBP`3Ei))*RfgJz5>1gZUytPZRi(4|(=t&Bjdj}=GPpvT0
zM!Q!@XPVb&%%hp+w^dfw6CHug>KL6KQ&PNECG$RX-w(Eqvnfd`;F<N7byDb&guKsm
zGIS+?@>(Zh=%^k|AU)G17)ys8_DjtXuN^#cp&<CokWX%2800s3S}%{2I~ql!xCQk6
zLQaxJ;(P9@tFAUH;%^|q{NKl?LcgqgPmpxn0kll~rz^!DDQtd>PY2Jntu`bveVERK
zpt>$>*2fmvC(1DrT_9+dP&q9Sy;+=ij7qAgC_a7SZTrysto~DdehFMNQr;|6^=LX9
zZ_@RL<Ez8Hg6_NBC;Rz@{bQtj`2iFFZ>%s!Ui>>Rr)OuYg%&n=2Q9P)?3!Y1+yd7Z
zY41r4Y_+`#Q?LfM;WTK{#$HU<4;%+~^^CkQNZYW4r&<nGYprC^o1R!3ztQFkB+F4n
z{+wim^z4J?=`MK$%(;Z{E!StN=l3`BY7v3K4qF<CfCZwbL2Noj88}-EjFz8iYNG}?
zcTc~4`&Q*$3BDqs%`fb&Bg$8cGGM89b$&V`hD@ls&7Jjzty42vTsTC$zwi_{on4uD
zWWM{3U3f$4!*hBYWFbzq>$ke}zR6<NQfX!Ec2~_@2ZU|S^cy3-@4xXe`g1k8Gj~X@
zo1K1~w$_z1dkE9LC|DY)xDvx+ercBZyik^p1j#L!XM^TrBOtuKz4k-EwnX0uaPS4n
zX6f1a%em#rdh0M(f=vxu);i;Qd_zof^h0C{(U;HYqu$__73I?xE^Y_QZ!;3hUERku
z#_5i+rKAA4QhF83KTY);Xg611+>{~>6a%XG>|RcP9_Lw$9U_0vA}$7T9t1Z6IY!>g
z&(%>JA@;27sLCjj$`v1vsE|!54i|~4bJesCMiRn}(@{!nbiWdMu{$7i*%#cc+Ug~?
zea7=-2{2PgYGLo7J!^_8vKeuh7``126#g@wsM&|TJG^57zmf-IUbCXDns>9YMZ+Oe
z%BW<<&*<%e$<;w(s{T?F1p)&fPk3s^LsuDMp|PrLb0~whGo-uOw!F62RhEb&=$*f=
zf_8UmmaJu!^<ep9&9$2wJ8=_FE#-Rx-zKU}V1FPJQk!t=^O{Zz7nJ9PXTFXFw~9)p
z&|L2TkP~iw1Te}N!<2BrngR}0S^xr+-Diymov(&NM~Tx^jfDw?Nr%bT3I?~d_?ah;
z*E=>-9F8OR+-jT0a5;Oo>B46yv3D3K@E4|=n!db8Zv3EoPBRftvr<p(jhop<eO$td
zJwbdcTZYJzl{-nO=q*M{@AWiP<%wdO;_~&Pm6TB?bAHd4`Z<qQM}SnUez>c8*>lIa
zvrtluqAZGvcIMpD9&ySFQZ%CLKDhG;3QKg}R4Gh%Zs*C40GSWIC#f!V3$R2~;Qnqo
zIXc@Zt6^w%;3I05uW-$f#=)Z5lNh7waiZjrFORFt<51`H-U(5VaSySgLlmPzq!6<3
zJQIyqR+WCI%;WH)yC?uQ&TPxfuCQ=m_`R#AQtG56q_2cT(o~MQSJi=2aemO@`{rBj
z59B*8b)-03rrgl2lDtJ(S|!;SI@z4N<ki^m@G+I<>8dyF*?s)dyA)-VenhS$wA>zB
zs~u}_oI8CJtdU-m(&<CAacmW$jMh=<^0E2+Q>$v3_;Seihh;EYj;t33n=cbzN8Cm=
z&8X=v&SCdmouu9c`Qq+zsLP#Hx|5;aDNi2u4>M)8R_rfS#IJt|7wS*H`;lAs@!a~`
zK2A^@$h$=ax=Z|*m+P;f*1sHFKSNu8n61}Q17Q#>s1ld{52%)Q#S4K*;}%@3tFEIc
zfY^QK+Eda`NH>=-ixJGs15HVuPdEsVe9(l_!^1^HnD|f$o!J>Rp_5K`wjsrfFp(Ho
zD*a(`xFbGKed$J=;-sySm0$+~5VoIB5LfM{2w>r11W(JccorWHVq@$PX!Y3495O$c
zwqNyNQs<Cn%Au^^Ne|r#@jZ*1@QS!ua4Pf#j9zcs3il_LK+ufUIGpu+ddORY_kyov
z5M+WL?C)lKWL2uR6ZF{hSYTk(e?7WANF?rT;;3Tc?EGCV&h+Rz3!|Zh?SbkLa8VIg
zfUW9qH~$IdqO(#iox?6tT+xzRO0Fw#{52(8g9D4RGF-%`XmRm8|0{e!=_E$o3-Bga
zvTj)WoSl5O*~F}fRmrQPt>%>x0UoZ)XfIB3FOe`PyhA$27XJZ$QJs%GCB=rTkol40
z=@)0zi#YRX=#wov(zK8_JF~P&d++=4H4w?>9Lx7q6K}C(jT%l&Qct)D(}?sR;y&$q
z9WibYR@6=H-yU}5JiI;0olR$IAYR1^Tt}m2zAiWQICt{*;=9VN48M9KHu?1l??Wsv
zz7CgSK<In(YV{mE&5csD3F9SWRkLz7yV3V49AmWAcE)FNE0y%l8vtZBtj2Fj$v0yn
za05sX69I9O2I-flfY3Ewy;U1$2zP@-B)4#UF|*uknE6l4GKa>f_iye$ELmdh?ga@n
z-tKjpUsI8_nd2WeZK|Gy3*2t*&-LcjOn*h0F8xYO>!yQHa*|M`am`y+a3b;L9{zTa
z(RCJ5)oibNrO<XYdj!x$e5ry2caO7Y&y<0-@U&M@a`W=~HLrq8bvg%L_A3A>LI}hk
z{tRZfGyGqo0qcKh@c$kScxS5FTtU`=2oy(#0R{jwa&dCDv(dD%X0mWLvH20*Pnt~$
z26#sbV$napN@EqQHkdI#wgE?V6K!a!F|3nfRk8xxZ4K-sJbc2S>nSPoWZJyn+CC`t
zo8nwtFrKCvEVFAASm^K@hV;xOVro6ZHt#s^Ins8NPMzK?wz`{#-C>~&aA2Xc*11hY
zqPgZULW4<H9efJeAyJ?LV{7=#3bL=CKgqf?_hka+?Yn4=L7G&z(XZ}<p!~xIzKK`|
zGfRh2IGh}uPffsAREh70moyJsfL$pXRb>dD3}?C1{0S)bQkOdnMAMGq)jaw2b=myO
za~Tt5+x5-_4#YncBQVx(w|f-%!rIAD85Aj+hgA*~p>m8i9njI5=q0uz))g1ety2f>
z)zv)2rL>|p2k9d4dX`K`QsI{Oeih(|chr&*G0~N!&0TkfmXOKPk;y}(vSi#z%+b<j
ztEUWvM4#qB=@DAg&OyE);JO}5Z>w_2@hiAZvywi2xlDN95XN2jY8fwWmg0dc^Dqfo
z&-^qN<M!zC;B>Uv4AdEaH}1k5y?sDXcbbAcO1OXPPDMvMd#C@XPjh2Cthz`sdyWIX
zp>#A);abUAJa5VmT<)2Dp<yORA&zW0@Z!KXGppG-C+Uzf6UBGsa@ncThfB;=UC`Xj
zDtd&uFFv7s>OwOhX-8m_6j5nb9cj22UlVq^<hI#_0J|)NTzqGWj5aP0@$ImfN<dVQ
zZE6b*ZNow(#JE>4Spj!2lvB|A^rP9Xdko`G^H1dpMMyRpgaLhecxa}!s+?GSJCPwW
zHx!P#1$ma~{CFl5<hX2<3ZIr+Qo&2}`IBZ8iV<fV!(2~plETNvn^&8-<A%KmblN2)
zSX_c7GqbM>)xdU16m9sp!e$lD&;<}k%1*S+a@@LX96xR90Om!gR+w|+W&32bMSGaZ
zs{16=61j{LVk<p90gThxq*DMdsGK0EijsF7MLat0r&V?XHF72_5O)kk-;va0o=vT2
zdV_l7@BP&J+K?g|)PoD4&);9W9}c~L_qDTr!}p|<85O$1e>{$1cXXZI4?$@QqK7*y
zuXN^wkz|D!R>Uv<WriuSD`krd;gl2+@Z@a=h8aG8-du6gQ1~_=*i>2G6U-rwnvMZF
zNy~i_6pbLqdHa!!mf!VDokd-TrtUcIL4c}0i$F8q)Fh8i&5(%<*&QjdoyZI|i9gPR
zPA{VH6`$?$9|@UgdtQA4x}yMUhJQfF|LAFrqeZM<GouC`2j0Ve(lv6iGEu@QL-1r^
zIKy8zMox~P+!$BBSs~c7SQtRE3-VYoDxL_|%BJJ47@IyIlhJ}wU(Y?vGqtNQ(y8u?
ztBlhe6&<3lR&nyxkiX}KN6#4TNNE>0cqb-w$#Dzpy;l@`Z{xKaq?mEi+c3~fe$;Di
zzEFjGQhH~qB)srq!-^B5Olr6_y#p?D6@il;i<bf*?Y34JpE#Pch@`o$m5Qxn3vRbO
z)R`(Ua(s>m@TI#nPn&oENXiBiV^N_aU)I=HW<S}UNtdm~<UVVJSTS<%Neg@MJGj|~
z9|9#!`vY+xH={Hl5y8OV1^+~xA1m#DmpBL7pPd#s(I1vm?okMr%u=(j;-3P0tK#?+
z;-0GTwcaNB36HL)kYl0OZtX2T_#nPI4u(>;03FM5nuXo1OOGAy{Y|~Xhxb5qD~8en
zRqAt!4@)KuWoH$R_~mCUN$;t*-_CBZ^63br;>FL7JQQrdCLTmXptO~mv6%$-Kg{Ue
zKp*zKbS2ubhBdw`n}5$W^Lg%$d1h@z$1M?YfMZ27=-jlCc_*pKqtU&Y{k(DQLvt;*
z&HM_`BI&TATqZ2;g~GLIIl4bUDH=V7x_bb+(L8Q(-5tgMq_>ec*?zVTsq2)!)<JH@
z6-ieA`Nx&jKwJ7G%}Y}R03%Q%x!g<}cu6NO+xUDuT=!KRcck}Azm2!pw?3~z>yt-p
zY@`4us1ncRF`#pZQajBvU!B1tOZTVfE2l!GMZ`K^-1L&@5h>eI<thV!NAM=Wu}5e@
z$Wb^=&%^2HLXBqm<XJm~ZouJN<BM!%bOtDipOX&MEm74I_SPiTv-Q4_r(Z~+Q7T4^
z3mupE8ccSN`W(7L7Ctj0gE1o_oV(EsI9ccG?aqW$Il4%e;Opjl)D!4c>4y<9&H(Ha
zd_rC<fFGD!xpY2QRTUVrR{~|XU2M^$>4KAyGk@V#)gJUF@kt>l9Ss;nOC>`ur`m#x
z%~WknmOnJ3YK!K4-%QLNzN^P#hb;-UYA7X26HUH4u6$B>{ABO038&I{Tr_h<$NQ>`
zDWnQiRNHAmO4#j4pcu72o4xMV&eN#%dtYI+rkz3Ag!3<=2AY)&vy>n8N0M88NcCRX
z%ACN>+=%&Pt-(NzNk!B^Svv@RKFCSBA_DH2!;oDNEzB?=VvL;ex3KKUN^!}pa8(-6
zd&$T|OcC+wkcGWZGT@fEiPC6$mVL_?D(#;f`~lH*&?Q1+aY3pw()XRSCzfY5VZ;<e
zbIh_3WYf2FQK%SoRS7rb0;1Q|@u0p8QgjX`mS(r;O~Q-xeL9kvER<4z?=g97G#F)_
z{^eN4S>Zj`7=xet&ZmClEV5bOYeHyLr4~BZ5lE<+8x=yBt7{d!V@e60{=?HDD$_*n
zJvm!=;1}0gVTKw|bW78*T4YbQ+fm5X3WHF0=GJm358XXa8IOnuc}7Ee0&{JrF5`4F
z_na;Ui3yo8f<7DO30v9v1qtS6t8M~X`m_F~7?B)Q^;J1>q-CSVbh3~;_o&@O6Ph;{
z@Kl(DOIXH3GDw0(+|@v8!vKF`_-59@C`3WjIFn<*bLbe**=lnT)$agsVzuyOxAYT|
zOwyNRFR`aYefARer|H(`=_0Ly)EC-M;U?**2)=|<hAINC`rtM2`HlI=iVD!-Wyqqo
z%SGniVQxalJ^zNTLN40eV2NCPVPl;1KE;m^t#~__);ncq_w#9_a#Ow2q#BS@UCV7#
zI4^<fjAkovvwElPZX|Q*0m*o6>)b(MB|`+8x@CZr=!~ExO6e*c<n}$#-#4rShAY#J
zGV^Q&L{;NurM!WA&_0x&l+R0aZq<;-Bw7b7WAzT)=nYj;)Jb-15q(Yyu~*Z$9(vM0
z!A~V#BI&%TPqXEgAn1*mU-xtnIajSs+v9CvwWyLwLUun;qE3(QKA6iE!B0>)5qnb9
zGW7_L+OQ!JCAYZli`>*1n%_}Cof7i;%?CsV;$AE(F|g$&^nUYgSq-i#v%<tf^eO6r
z#{P`Lax*69cPCto;#{L7lot!!29)<OTKR1(s@AAP(mJ{lZ;VQCQwThZ#F9R~&LD^u
zZYx2%QYo~~Sbtr$YMDGrwmNl9TygXQ_E42DksmX#RnU{6`oO8?$ktJj3tUM{V;T^{
z-6}8&WdP(4>|H9ixcK^jjZ;0!X)dGc*-wGMCY_9(sD}7Z_qv!?O>$e|oWVI2E}@=s
zJRc)nlDm<ZXLxeIuw}1-sBVEW;Z3Q7!Mg$T*I`W`nWV(d^X2m1#uSOgeS#Zehu43j
zK0lNXWTTh}X3RmG-$QRpKPz6AD?#9VHT;Z9!>04)*z-%^(B*v;kxQ9_CQY$WtK}vy
zLlc<*hn^=mSK-3fQdeZ|eAT0+Ua{@vv$3~Du_I$*m_ia}>;n6eOB2jxwQQ`E=O_4U
zx-a+i-vofqwhW$z-=_#Ln$KuOzys?N+6n}FYF`<@6W^-99?fipo)l*;p_k|!gP>vB
z!g}II`^ryrglEtd34Y%qDM$nXtmimn_am2c`)8Z=!l$k;czYzlKHk3hyvz9XXc3#k
zrG{w~n|-NAq2*401OX1)QRL%{4|!Tlh%buQTOp8NfHaRP*87!$^>D%T#J0r46ekS*
ztv8{N@vWupCLsNupyb390TL+g#9vUJG@w-*%4U9F)71Lpq`r$(3ioD=&YT=EW}vvL
znFBAmL>u5Tw%Y%SlD~{p12=Urs?1~6dk{8#PphE!m9>w5Y(dX*8+dZDH)$QQl#6+s
z6hk?kbU`JmU<gz+(AgKk(j<WH^Bh&r3*J%L;xybOz5e8;-nVSVq*3W|X77q@;4VCI
z9XL`IQ&<RUdBGc|1~o0J3(Xe2F;LCVvrA&p_QVm%O}<Hh`FOu7N0Yyv#X}kt5Z0(?
z>q<hc6U1;M-w^J$)`P?v$;M~=0B>}s2(j%8`9%meix2M1nT8s9Rz#m$V`7y(17DoR
zBmf`U_DHSaT2NNBTn5FeF;Q8*ZM1G*cUqua@s=0-A>WG)2J;SzSpUk9VcEUF;gX^{
zbj~lkhhF2nS{}DO!dmny;{+ZO88gjN-yrza1Ht^_<Tm0^7tU&Uu}5XcUdsn$-|(%*
zlT=oAC5!q<-UdeUo2jLwX`C%wVTKo58y-tZ;iD|<k~?cyrd^E=j+E$okVekLXN?`|
zP{Fp2W4kk#DC-?3;1MW_oRO@`5NH|r8_h$D`Bh#SBpliLdzo3fP>rTJpJS-45l~bD
zswZ9r9ag=6Do1wn;B_FnN*}3q#Qlx*mVMza?FA<&<=_0~*}fX&>;^7ew;&w-4maGy
z)c&fTDCUycYEwZU1cu$F;IoXVabO?0YhqNQFM%n%2a+baP^`8GLk=L{E2F|)IRYCC
zCBg6Es9uB?l^A*+9b84Jc$7gY+xk6ODEcihjCf5e9S|737w8CU_f7!mB$P%JIvI?-
zHYy9>&w>=%uq^h_fSLG2Y*n4n&#Pe%LBw5~wfX96u;3UJ{mgQpdl-JRfItC8b(PK)
zI23`9m(#_blXaE7R&)9xr4wfNA_Jig=bn%B5Jp%s#o&5r<`Y5^TE3~bF?|Uiw(Ru;
z_o&as{B^j705|Y3VQakGD=wBzYTopx(TM>D&|ek{lkshnAcwneL8+_vpI5Obs834t
z7IpaG-@eFfrYM4}MxdV6#w(vKCBh8qt>;z5Vhxo<=b{t#IN_SnNV34+0Mp61#CC+e
z;lFP1(-=13?wQ`V-|pGBv>}1=(q6`~kN?63oos@N7~gjJsZRStQrb8RuSM*_PJHZ=
ze8znZRh|rDf+#&fb{uPsB}u39d^1y*^J#nV)R?IX2Xc?Y?%0sH)_ifS@x+-*!j`;?
znrO`q4}C`tbFzM@0{TVQTXofV2X7u~6x8mq@``sRZA_(RO-9p!W9gr2>De-y7~h%r
zHq;#PSSS&``Pvj9C6I!}_j&K5{p>{OT5SPFmxBUz&?&J3ea~FJp0gyw3Y{QU&QnUn
zJg}XES5gUIFC!|JY&qNrySVy7W<^DNEOxYA`l1$rjAlH#73bfQZ_j=IxF`ev@cd&h
z=uSImQ|lkBRsN$1c5S@A)x!4^xnXagNFG;P&m|@(7dSgW1Y-41i|Aur^Rm=XQhXZf
znRUxNaE&OZnOmWDvN__pB>uK}8m>?rb=1)`yo-?M;7>j}&i-~;ZMW+X#tD;$$(iD1
zPL}BWyYQ{g8at7ER<Ch}2@o}iRWbFP*F4lTb_WQW7<YpT+(p8XcD&S#KFsT^d$qnO
z@jpo|`&<D)nC9(kKsanA8HRIkL;*I;BE9SCoz|rC0vx_cu0N!llzf9wOU*8W8)H<d
z;Z`g)V384g<Tlz=u*E)a-fYHL95>B9aifWUZvKU|v_0H{k390C<LKfPEaZ-Dsv`)x
z?6^JV)84q}f{hf)QGD;3eF(~2x)dBKmD`Nn%1F$&q_umw$-}_F4(GM#qZ%A4;8R3!
zk8lxNjPxBH!)IyeY>A4rHLCReCtId6T1wS~Y{PiNDScl=^D$+cUS!Kl46|KahO$SM
z>LN0@GOO%B!cwE`@qLu~y6<cSvv!GLM%9QmZB<z!oWk*qiH@X^I3Sv&D}Lll-7DWw
zSK2s(+HXi26!2%K{cmy|fIbCd0cuCay<ejt*k9D`hR$)uQD5(=E1bu*4WAJFaRF9)
z8fJ11x+4Z63g}dJFk?F-c@t*?V*_UcCOHE`6Kfe;Q@ig8m{g+&EW4OdC49ThnFf^K
zYI4>?E@6$UwFyTl(T`GSPK+ww949nex+Nhxal35~NFfbDUaUJkhqL1w7iOKian|nR
z<E52RQKTvneO4K*0NAV^e!9yHokynQ-H|V<obtwzj9}f{urwJto7U#cbcBk}TK)|^
z-wrbKSm+xG-!|gc8p0-6v?n+V?#<CmGl+Q^FGaRS-&!!`=FU4l6S4BZ?^U7By%vl}
zc%q2HZ9%@8XytXAuxvAR3C9F$gK8VEJR@(`YcZ0LL!pt1z=ylwVCy2Jn)(TzY^|oZ
zI{GGx$k2!IEOm~z=3!xm<d1E28)-LF2x=!LkaH0Y3=SOBRzF-&Oh$H&Cg0nLG#d&W
z@D7x{?Emx2OS!{#ff=b4WmX8ciLW{~Pdo5q_k7l@0TB#kchC}hnEd2?EGdi2-DTY2
zN0}hQS5L^Vug<PMb`O0huhu{s<8C%KRIWr~;I=t1{X{%-c}<-tp{!oguccFsP0>uV
z(x&|?X%*rgZrF%4fJIi06Zl28p6Vp_6i&NTEuHeUd^a_Yr34KU!4XzVA@YfZlFnCr
z84HOpx7Up%cyoTrUDA7QS^Mzp_NA4QvN7SItJL%cg&S$e-djjo1eV^Zd!(1?+Fgo-
zW4Gp#FDBUIOs5B=Z=fH}zt~Jgr4lT7K=<_r!pH>C(&OAY%fD~9J&h0+dx@kB4ngaf
zr9(4Ye9(;0b9B3GlvQ&Fz0d<qq;e|}f5RaO*Q0XN=XXaQGnx=~7VUHK>D>pLfsr*l
zn+q2+fVZ;3CCWQbrqz-?btCs<OpDziLh+p8SOG`oQ_X9h=G*EIW?Qw%&z#6k4C}E)
zhj*$Q?w2B6##ZJyDE9-}AJ}~Q!b_Z|yQOHh9esw~DFL_0YOe`!=0yY}l-gPn$1h5y
z$Btf5H*hKM(COVn|H&6~!XGi)4&rV-h~B8b(%Zn^{=e-0`AVn94S?7U+CGK8L4mrg
zH|B#w2ryjbWoVIBgmhJA=S#$w5vNpMW%i${IPL>t7Rhif4Ta;F5o2l;6dNPEvkyP@
zVu|8`EYY>J&iK;2aXE)G%nV2?9@mm~N9?QE+)*$*)<qV?6_!ND#?X7MSdjzg0-n&x
zlgD7fx<iN6ckZ!SJ!szGdQ${JkZnS!FKLhPLPgr_oV3rg+XdrZgWaWRqwCg48>134
zt%)&G-LEPBy`*O_BjUk=j2KO}gEHz8_*ooRRzg)sPdT@_T4&;GlYAf)S}V-QC#qbv
zt*pd(=ABL8MCoSc_oK6k>EG1hh@N#4Y(-Z4RW?;G^DLM|b_`?=3mJl=DvGO)!j5b=
zxLT(nHuB;`voIV$y+j4dp+!B7e<f7ida_2eK9zhmIC^@)ot6e$@5Vl!XoD(m+Z;%~
zz);_oh+}k+<%gp8k?!SKmk`&@a(HX-+(N&M(?hLONojwF%1l6=i&~krY*t4T%LUr;
zeonJGxLzVJa+p{af37oZ*Ld)&*)c(H8FGD##--N<_p9smik!h`66-eE&7-&X1pVDx
z{CeHaUOCAjdP3=UAV1^ZUDtGwS6Q?m)}w>A7%+Zi{a;&0|0VuU;^)TbS_Lp;1|7rR
zqL5v3_L_4tSboh3)I);#>`KD^JWJ+dZn?=p8&kCl2~P9e5&ARt<x3tJb!rdcI9&M(
zwXko{FDO;Z()3(td=_n5;3$k5Ew4oAV%BSz-4k^6sV;MfKbm_QM2i99)?4ekVo_C&
z12;|Adiv#`3jl4GTn<8P7d~Jolt(E8WC88SMNvJLd&rsGcf;DxE-LyYXPo#>Yxz*h
zZ4<rPM+y__?Ue77tE!7}nWM@##!ow#TDU{(1VX^fMF!;4EA(0Lw|g-uy7N@pFyu!_
zK63K}mu<eC{c4-9;Oc>!5lK|@+Dk}Z`5}cw=R~%wRC|HG&c<i66FwdCl`nw`b|5sO
zCfWq5qtM`6gIzIH8%Igs&r%-***rm}^Y0XM7UFr?32H_Fh-Snfiv8S_{7atkzgv?(
z)EWPsMEu3L*CQPul?oEfYV#^z{NmeTchs0YcP;Fe(1z7IXI8du3zbyB%>}js9sL0d
z{PlhAl2B*qQSzJ$`=}}hAmYtS5-CWbo#QEN%<#z8w=~&))T{^1TiF6@)_L?_H!(`G
z#W|TnbKg!MJVi>R1L6)CzauP-XN}_3a;u}*chR+TzPAy+G$<CcBPF?knY>N`o;+|O
z2e@5H9APu}lc3EnX##XQy$0hO`Z%KiFfA|K-=`KYA~so__xdjV(a`85Qj>T63l{v8
zzW<j6|H}f<vIE2d&#dDY&id&W%)rnIS-ee7NyJusDH%DV0ZpLAicfw4HVhw7bcKl{
z*fV(wnawi{hEok0Atz_KcdY&T?7RxH+tA3)EX;h>4=LES)zZhlUOCbIBveg_oFG|z
zT+hlC17-k=D#C<S@rgPxMe1#7^E}#leYuc}563%iHnkaoKHWBOmzTM*cWv@rt3<?~
z7{GJx(6W{~Mc2@`kL5zctxrP?+Yy7zth5t6MczmH+*W-1<1EYb6e8ze(cq`T^uIKC
zOap@-G;sb-g8=}D2C&WeQVxTL1DgAqf6+kTI}Of*R~m{*=m`OMyQ$ciPo-3(m)m#t
zu3A7em@w7=ny>mJ1+Q65_^w*!F@8m7Eh(nttPI&~oj$;hNF?Y_-Z#!iFPp4(e_M82
zPkdf)qwmtl@uGokiW?8GG3m#v>nQJIJ;4tfY_~a#7I%k{wUiRLuA#GnXi{FyK-?{i
z8Zk31t8xr2aCURlw)W$=sPBqBa0muaR&E$DIM6eZf#G}sg3p3Rgf7t6?*~!*erb!@
zfi!Hk&ibkz_9jlc-=`su0Xhjs3|T+`4xm8?WO07E&_EuazlN3{Bg*4~7AB-_5TJjt
z0O_E=Z_EC?oIsJX?$%7-BV-Nj?5zIut9L3MdEaG*J|K33QndbZWrHdKD*V?E{|fQP
zN@&!5$+iNmvj;1_d#8TAU_tqx|ECiF6Q=t!K=<*ZJURaomJjk<w1z%LDFo@n{($ns
z!ahcMd~WH_+Ps$fBg&5#^fAiglSO`_05pG~JU(aSFMxlXz5OQuwEho(zvXg&T!qIe
zw0|OW8vH=`nNa(2(Z@M=e-<4y`K##T47`sK9*0{0M8J9V1L0o<UOxtW95MD2Fe~_<
z0R9|A9|Jy?`2PeHdGk*If12aRfRA;zKLNkR{s8<ZD%{6dkA<v1v998NU_Fwt{!!NY
z?}I)h{5zmOM3Rp|e;3*PtS1;4OfuM?BzKPiewTIq3NV%O7~rSK>oLmjqN86?ywe_|
z{PDH_UCi?<fNA<;fFITPBg*d*mS0io-#$k9quu!3PyZ_bdeLKmAJzCH%40|FPaLk2
zf8y4C+^E0%IDdkGDpL9b=68?h<Kn;jkbW&L3bOP6>oENvkJ97PzpurAEzMp1OX;60
z^Tz<cue5#zNUQy|DgU(YdW`k^eEnCftolD={bR%P`=swztipyrWBqD#pg~cy-&c;r
OVBDa&LPgW}Z~q5-iR?E3

diff --git a/docs/wiki/media/Enterprise Scale - PolicyDefinitionAssignments.xlsx b/docs/wiki/media/Enterprise Scale - PolicyDefinitionAssignments.xlsx
index 59ca08d267b5ee683de1afe1f072f3a80e821c15..2621d04ef81f3571b1f9b05a05468450cb61f3ef 100644
GIT binary patch
literal 162816
zcmeF%V~lOV+bH-pPTRI^+qT_(+O}=m#%b#`PTRI^+jjTt|9$V9+)OevcRo%smHbi*
zRqI(*Po>s}y=P~Tb_?sV_kjLSg&znM==%p62;zUa4hlF1{_k@{AfTB4dH((L^Yh=A
zodE}l0Dw#XfBFBw4159JF%FQg|Kt`7036^yIfn#*0)Phi1pos83jhZI4}bswSOP#u
z0LTC+0H^?H0O$Z10GI$+0N4OH0Js2n0Qdj|0E7TU0K@<!0Hgq90OSA^0F(e!0Mr09
z0JH#f0Q3M10E_@k0L%a^0IUFP0PFx90Gt3^0NemP0K5Qv0Q>*~0D=HQ0Kxzw0HOe5
z0O9}=0FnSw0MY<50I~pb0P+9|0Ez%g0LlO=0IC3L0O|l50Ga?=0NMaL0J;Er0Qvw1
z0EPfY0KWl@0Zaf)0n7l*0W1J40jvP50c-$l0qg+m0UQ7v0h|C_0REFpS3vCs;11vc
z;0fRb;0@pd;0xdf;13W0pbU7DJ)k!sVB~gy+UbAv0NnWBEa-q0^WV!H`2VR7_^JlT
z>N;>Npj`mSe>MJ3RO9~<)d3LQ6fg&hfH^S+jMoS-2mhIk|NBA=1Ooh@NB#FZ{NK0!
zue<+g4~6(&Zwmp)x)C6<5g>yO|0A*~(0}%@|J{NK*b)CbHrW4Fr~f%_p#QG_mv-ua
zF**SvS^~20pS=FREr@{e|9AZV)c?Ev|Ff3=Q*<H!YaR+F>Jme9Nu@TXsTtrDvZ0j{
z!L}QGWdsGDzqDB=&)N5`<^O6W&3;tcKcdH8esc{X+ZMZM?-eu4phN!?wgojRxXbkm
zVM<id^jfFsUa*a(;zw<)pl3$tO}JIt`X@Z0wjhtoW*MggYdTe0OCwb?-81V)ACkd6
zbt`XS6{#3at|?wneR(O{)Fyd59NShzR6sJ+tJp3P+i{GRA;b%#$-EXkIfW+i)q9h^
zEwSgEXeqnv3+rwd=#E{nS*6&$9_+*{vx2+QgmGNFEEl$W+iWQ$Ga9q#=f8nTO>T#i
z&MIyvKUTl5O+>Md_$u=lW8hOdxL^i`iVj|nCZ8E9sMKqP1%%l+wwM(!eQ~E?_ya^^
z;5@uD_NmG`Z>Mn|0lhWa70nwp<nyM(9+i9-XNdN}FcW{_ph}?)b10PKs((jhdrVzH
zET4|<xUjIKbefXX*u&aYP^HT01SuIxlHjN%p&}!o_%%r{rr5jfkNyyWpld)z{pF6G
zU4qD_&~z5Z)Tk-JUnZepRw1Vp*`2ed)N#+iC(%33E~uQl*37h=>X&9U+AH+T`;h-o
zn`trdV3n#s=UL{`9o+qQ5K|2G(b{r?XeD+w!?c>&K_SM^HvJB`YIG!ym$U55mLO7r
z8l%!OPB%FuSgkMcJlx?@eg5gzHX8RYzm3g9+3mkEEQg>$%0=Vu0I=#^#j{K|^Ic;#
z-5Vi+A?~o10iyc3t(|mF2<!FDVCs|zEXIn|v~nVSm=G|mjj$|~YO6AL#&5F)*thl&
z8IO78dEc?Ko;uiH1U^kf+W4|zxN+)LF_U@G{x|%kH%vae6Y66cy$xoRwaq+nwG+(z
z7ukyCO4(n372bUqK^)=pL{6bBia}xM&)%USmSPK=Y%8mxkmC!Tb;*+)(yhOG7p57Q
zQ{fx^oQN>aNGAB1f`+r}jsB#AF^B$&?#~;bE1mKUpNvu4E&X-=(A`l3|2N$ointVS
zLAh!vNnbVLZpqN02)n+T?pUJP{`u7te>;#(+08Cp0@9*0qC#XS+yJU>6N=A|^$W(7
zwn-#Uk&>Ye9QfwY!!dr|D(Si`NVOx%jnO}JHJ?$=W_x9hw7=+N1gfx9D7eeaw-bR|
zw%{cD%y(piKB%04>WFL_lak;u#os%>IaFfw*|?1=i9Pk0x>|_P6&8Ax+sAs065}e2
zyswhE_ahPv5h^~|=53Z<rpAM;E8X8@7A15n`mG1ZIgRGHICc|(U63hr>E5ePRBYt7
zNN7I6Jz)Hjr<G@XOsvN2y^cqk)JjdFi^+eclsjwV`){RQpBX*zjSa95jC2JV`E@;W
zYliLm76TnA)x!qiZk;d2b7N3-RAw_tNHx9XbNmxHa8ADJwl8VpYx(cL)_<>fw>%gS
zfXl<#KOlHpW3XfCuW&bHh<;voKXj9&ILlo+{p2Zv7!fsMsy8$F{Xyoy($FO#g$p^B
zb%77Y_6R6Dw1AOR-*%~NOV8_cmWE`h!tUHuP_fY0*HC4zSg(b5)bO~2><bq;1Lmda
zkiD~xa>NY!ISyRumf&uLHH7!*CKf_*D>jCp#O1p*>&Xs~rR?&HQ++vgGI@-b)|ptN
z^yn|ilYa)v+;**kwwWwL3a^-mp6G4cev?~ZvET33`<3ppZpK9gwte(=<4+*8aK&%o
zPHcWtzO*iur8@}zRFW+AK8#{|wmsY_my1%9vIMPZq%KK5yxa>bNLfX6?FT_@94SMI
zF}xIbGi76+K7vb51h@)b&lzo2xV|!2B+!xzrIsCaT4tpi`)iC>IjxOfC0>f#-BbMi
ztWHEz)_nzO-+?U);g4z5GciJMpm_B9++FSuN~CZs(F`kg=o~WHtlPjzE!6C5NO<p8
zN`eZCM(7x)ngw5cgdJ)jzG(6bgkj!=H_1GsE-5!;$IxOn=E@fQTgmsH53B?w#amBs
zIQH(UC%Jb8ug|2fXHll%F2o0IE}h)V-?VhPpI*%nEMbZT32XYE@ng`Hb3~?RvBJd7
z9N@{)EyA2Xx?+-g1?nFv2->tzi|O$v3h#O081}T!hAOagRDvchveAAix$@BY(Cy4)
z4)L+`^1Hv<b1>D1EoE6dOfq5gYv8>{`DnCF8pX9fV)eo+c!r|BTWb98PGS@0AN{P5
zRW`8P`VioUVR4DTd(mjB9HGVrjdf(WYGe+L^g*Qoa0sL@B8vvbBsw*5?<g5NgC1mP
z%Y~J+P=;S0`*kE@KZ`buMYA-0_4J%l2M=LXA_mM(EmqnSZ1}6j-$9#k6Fxefkr<_6
zU{QQG=$pbW*<it^yQl2y6uMJ;Sm~J#$QXJ_*;c2X#^-T;aGEIwA9L<VgEr7@M7dhm
z@nizzE%ArSqr}~5@?i=G%*UK@CvK&<mv7W~s%K38g!8A6Ww}#iCt0v=d|NdOZon!^
zLtxXnEkG=O|Hzs+C;e<7v^lCBJ7>OHmt@5IJ$3P5zhE|#5dXcqi1T0n+?Ix<>fAn<
z84c}5-~1$7`!1z7T9jW@Qr5CB2$c=##RZE865f{n)HJs-TR^6yW(#dNj?9wtscb8?
zAV;CS!Xs_N%kWQ`p8WE_%z{Z90gd#dKI93_HD$~7j}NRO=mGh>=P|j08k&0b@V4`J
zIG(t2$(NH;3s<6x-#<0S{g~W_)MrU&q+!Ep>6ly{R0XO4qdz5WNdMFOj60p*a`hAZ
z8N=#jm;w?A4<$&=+kIkiJ{B`zw)5oOx3&`g`RFAQEeC7qOAj2*Fm=U5pYVoQ!d$WQ
zT?vvjkB1@ao}g@albazZ5rsfXM_)~<^d_00brEI&YznWGx|GyPVpPdX%DKLbjmkdz
zr<jk0x9mbouw<ttep1o)r}Ry1*V1t+;>b&hD#ZaI`8y-E2@|!!WLVt@?U2RfZ5Ll5
zw`Hq+F{-7Dx*zmV^noLE`q`vNDCCIbko31|wu!wA8sOUj)d9<e65Jj}7@RqK+{6-c
z&ZbRNsbeGx&ZzE>D@Hh)5{XUr`uKDiNGsU8lyMvg>hoKlSeC`V+m{;|CcU@vFW7Ua
z9Mf1Cd31BLDAa*A+Ncjk-lNKQQ<+H9+0qfL!_Rug`X!F)b1&=FrL>1n9xkP{7V2%>
zj3&6XeuY!0LSq6j)aNz^DI!E?l)+NIWLq_F_Z{>D!v>B8g0ZISzWT;;ZtRfV$}Wx#
z@P^5CDOx8Xx4gAO_H^l_X#7jRl&QDUSM`bTV20r(>RTP>7^PD|4D0@TiSSsg@fj3d
zw076Pr=mkLO$XtWF<Ov(7a>>C2<e<+)Dw?1BX~3md4~s6B1R%wb+)gm0798q&AmS3
zQt(bX^B(AI19K(1dWO18bDFrD;ZKazgKu0pT}i$%7eZ$p)uuwU%IEm7j^oT3UpO$A
z1MX%rPlu=wtjrMgJ{HAxJu%Ixm9k-o5vJmfiEOLe?WYH=L6`PSP<F9?+QP;s5YaoT
zE5va5HY5slnqB*9Yn&$U>>7*qoK??40I}Uv*l}BCm?|6`%$;w=7bpL(*ny%ZiyFvQ
zM{d?a&onl+Bsa3u5{eJYsSrQg;Y~k9rBCsfkY8B!hVO{BN^PPB=b)h=k*?VY^|5)8
z;hM9oU}ZkVy%0t-KSJ!ef3e>Mm-s-%He{A(BYagfPk5~ztOZ3p!?7l*2~HQADQnaZ
z>OM}CRhG*9NEPqGl-nZGrutSF7~*_EZ*P?6i{J8eFkdYRu|SKBxYn!EPxqN(O^f=j
z2?#3eNKoFF(M;gQYEFO-Zj+7hM1JuUJPvZAuYbXc4IxFnqv!>dmMj&CZv1?O^h=^q
z8Xf#fAh>r9-Z9s?_y`z)s6V9$w=%FiQ$4k=g|J|tgD|fqlh)(3KY;ujj!HdTKW=zv
z_hna8Ann9`{OelY4q1?(&v}o~`a=^RN>-R;Ks{g*WU`K2%%`1P&jgFU2FLK`A<cG8
z|Ba9=qm<<R))b5q+Z5`_MTRoz$Qfe)t(##%%s$DTQ4@%OfN1ZBg`;VyjRFCCY#!;5
zbxNg)lDxWnIt>R|{%a33hp6>R`iV^AwCz~(jF8+PIR^WxvhY{Nztea#i%b!k1}zl<
zV(B-mIEZwzLyhy3prof~Wo-6$(7t)>T-rGeW9{W`-IIRaHZ;iLlqfI$zr~A_&1Q;R
zS!oJ2V5R#Xb|KJi&AxHm%ire((y^NL@O*JH!4b)8P+%j8d6{NFlYvj&Nw}Tfb0+gC
zf3a}Ai<)IFu`xUg@7k_vLX#>~;)N|q478$(MtO_$xUksP`i!ezfo>BmWIacA)5_;R
zY&l;fDq<=7Zg8gX?xC|Mfp@uGt|81rz$yohF(Ar$%pLOiC%*Bx#zSsXJ4cDLs%i1O
zV?DG6Rrhx?jJ`w#U<vrZz0vb7h%qy~s_ddO|MeSd5QLT4^v{2`Acd}{!ljN@t`heP
z(h1@$a1Ve)KlL`<6^7DKUu9oF+SN#&12+~w(l%q%8aYhwl5Q}}Q03qx3xC{T=1+`F
zTXtobRzk#ecUcnPR%^SO!q5+Mi#p-?;?yCFa5;?K{H^j;J+nuyc9wuV04ttoIZvU|
zF`CPtFK0Np6A)(M*y;A9e|!E=?yLl77j9RD=5lJB#s=S`?P@)`2~wDktQG^?+%mxA
z(Ka2^nmZo0UkUJGdo$-aaLe7dg$Mckv_Z-GEL6ett~3N9#J>P)JlNF0%?=yG0cV8d
z>q}AIBUqu+l-H&kxp)<~<F%7RVuAJLU1#uOPLu5a$rBw_a5ooSP#`oX*uEmV;6K(_
z03q>@dk<#XL7?fq*XBtOeJI*<3)%$YZq<}<JGFGjuo(HLAFO(`KyDFjIOVK75bg~f
z#WD$G??km|4kPaynOY$1H)m3wA!MsC8X?dn<1pKecYmUCBq;&v-y}Bitj}1m9zUxy
zSF}bi#z`A3Pt8aRlUvv|N`~D0r%!2=&k(xK#JVF01a5>eR;w`Y%sckDVP%N^Rh#~R
z#^xi2W7Wz4rrnJo`CaKBO+t8(NI;GyRtU%n_U`O8?zAM{{MTtY%O(8Ncwc}RnSmmz
zByEh;_R8kBC>C@F!LF`XGe1P;Kj3MiTtmH~*((N}r_cK_3|SDrfsBWqbf<iT&hMs_
z6&2r&yV~elRd*DY-W_&%ted!P9q$dINm<fjm~Qu}YmY-2UtF!p@>@Jhx7-K#zA7PD
zB7C;-^-uCgUuM@>dN{FTh|Z9P+HLmHT>KraUqJmvN*!#s9D56BZ8Ntp5ADFA*Yzcq
z&f<3zC}~eKSg)CFASdEeWzR|=a2=u}V9E62ECj?prEvf1uY33w9lvz`YK%t(OzTqw
zRCk(()%AX?WoDYD4*#SF3{E<Y^i#3KZH31n6Nr7^I!+Iw$jYk{*i&RqzVFPrVLfU+
z$ZQ!y(LaRtalt;^4owHw#RlT|TAwciYhEM$^Bur;>sUl&f#RfvCzc8w4Ey9zgN8^D
zkq;t!SmcI37Z+0<v`J+k)!9W_3PS@kMX<=kz+Xi*qE!Z-H8a0iKWreWQmomS6tF|*
z&QlM4`n=1NyyZ+=t+53ePQ}#(lZ518g}v*qQ|j_Zp!gYyA+&Q2z`sJ^7@)vta{ik#
z+1aald8xFPjSIP_>NRA~(P-EQMcms&xIeA<NMZd)MK>p!zv=ES!_%tD0mfzNz{j0x
zN~h?$S&T>ZVlU*4F)=cn-TsP4M0qu2f;(~e03Q))W3f%)FrNo4^PU3i1=S`r6*ZF=
z_vt|p7Z!idI<elpQORog*nYWA5|v!)4H7KpA0Ivs_Qzko7Z2LuMd!zFQR^5n7N<dQ
zP>1S!#SdWLrKOk#s);4*wT^bxX5<UEUT@UdB6>EF4-`!}sFdyN=gQa-8b|uBfb+O4
z;MG{~?LQ-9tA4SuUfr0Xuo%NP*{C1f>CqdTO1##-bG@#4wO0^CtJnc-y``9j;Q}{5
zLZu4OFX5Es|FnH_Ef^UK0?0kYldf)M`5GSwgqFNY`FCTuQi`Xf-&NTl$A&&7a*UEy
z3I0L3tVVmHFLjk3|27-oxa}=QW~7Vc`;@VnV=Jj>Tdq=|6LScnrdWWbJLZsN*LGp!
z;cz%K-#pj;;AzmRflXiL+dY*!G*<)zd`^t)d)zOW!LO|3A4K>iNdrGX+C{9)k9s_+
z*gs^dQnpY3I{llvXW?ztxahoeZCKRTuAK#^?}&OKtt>TJ^QV=VB{0msO$tb9@bkxU
zIH$hx9SBzg6X+dj@v}CGW0WUcb&Eu#tz`l}6|6l8-W^F&F{T%oXnTG^4XXUOJ<o3{
zab3b}vO$tt7v9L#ZV%0EAs+F{YE{M66zSKWpbA$vGc(MizrntIVG>vI`P2ww`g%cz
zGnfG8q`EEd4or|dvas|}Z~qz`_c5>%E8yv|XJrM(3De-pOh=t^@g`S|0CqGp2?#@_
zH}^g6sbTzug3z^EK&eLVS%43oTC&xh>@ll@n4iMc@YHt~nmK?`e$avOEMfZ6E6eng
zbz5U5JeUbrvL`A_RiDvZ)(0^{i?+vjP=g71Peh1@f7;meTGu|4yOpU`S;{B^wxU)}
z#dW-j+7bvNipRS3`xtY+623XNp&YMi%v~kqhh(cj(hkc&5#n!R8S&Vy0^uS7s9@Y-
zfQT)M_}If(krI!$Yr1S*%ExU^sxrYxzJ^Fe<37WA@B`tA^HzVxBe?FNk9)a(N%`-G
zL>c9aaN(l*KVEGJcp8)Fg4530^Ej~~o52|VDJNfth9waqT$1ji!$j$@z5Qj)M{a3P
zyk>cqQ}I>)P07~0z=MJ3Jq?gn&))W9mgooUt7EW1dZe~qG=0^m?Tl}MK`1Z>?Y~yI
z*{NuNVGclNA}BLqxI_{?b6~9<kW9#z-?@%D3m>d5>%c`^@*?O?r@JE-Ff*(c!s8C<
z%x4IVw>hAF3HvT0nh@>P#cnvxbo@O_-a6Jhk&P_<!VZ&WLOp7*q1OoxI{&r-H|WF2
zH7C;VFnZRbIINM<CAAYG0()#F5HoF{mo0G)TA8#K@mI)O2T!Ij<hwRwUesD-H*0U;
zXAz@o=uz>ielszIY6uz5)A>p4XYTzvDB7?*Ka}KcZ5zm)HI06<TsO?1zL#q)Tqxi7
z#3t#B$0*kY`9vG<3l;b}tBS5$9qCX*yNnrP2{t_kUB?E;5frBeom0M5g$8lt>l(91
ziVmuX^fm{rtPC7m|1Hw<Vdb_AS>+2OCb0XI``Ao#RKCiHgdp<)w@8+)#CKvnPlg|i
zWsX&5)K(GBE{jHxY{<h|nx2=g{OtV-a+9PtXN_;zLoh(&&r|ok5#xGm*E^?Gz?%U5
zQ}+1hu^Klzj%oqeGiO*~B5S8U*G?8`60h2%bp5UOj3<HV)`xGrR3wL1y{!ux`9xOv
z!tEbcB2)C5m90Z&wW~CVS+3VLXT8#XEx|yWu5@umeGa}i|6wz+*4qz(6e8bp9zsmZ
zRsFcKhogaUAgN(cFeQ27_;==j6=-lm>8w8fUZ`76dSER2jw@Jg#3H6;ab|($2><g&
zR_O1O6@I4d9DJOpE8?3OpogbxV@0*n5L+f%Dxx8W4tCL-`#GEnf}M38l+e;vQ7Lzu
zxcjx=v^53+>kC>Dw}H;@kCBq5mC5GXJKSP$uaB*6ze=ffY~4cYpr2?|pnG~3B)8Q1
z@a#=}VG@7G8h3eIdUW8KoAQGfnYpeCw5-95qa4xcis!^#)m?*5aeLD;#!LC@%+kZs
z=swZheYcrS@dR0U>leM3LxYXsGkEEfLF*et7|w|Z%8Inj_A<O{*5Q??v|=y!zt^&H
zX4Nb`(>LA?i97^43Z9~^rF(@kTou-jxs-;=@gGMSjv(AC(^VjeUy;XInd(SQ$<f!>
z{vzHQjrAdI^pa~Z!|Vn+npy&@de%*P!A#ug{rVZF)|O!xt6>4k?%`r}39c>{0N&}{
zdRu#+sX}seuQA!|;dRQgx#+<X2+x)A<`nrYilk>E;P9}2k)L{KmCh&j`L#HVLu~~U
zQ*J$f|K8oFmn*OQ0e*Kw@YerMB|pmT>tQ|c+emuyT~Q?PN8ZPn&qhG7)XxpxBj-Gx
z-c|9s-oYO6QHUsZ1I3%c?=c$oY3k+0&=BE%7q27TJ*yZF2_)8jLPPKseSs}LEBmN*
zf%0){<}9GEzb2L^0<Y(;+4r6@<)nbrcjf%&9SnMC>X)`(W{8niH&v!zlOSP8D`x}(
za7GEGXj>=RJp5L$DQ(dZdGPG)Bru`XX-xB<t%GjN#H?M|#`c*QDO-Lq2T_dqGBHY+
zjU)FT(cs=+sO}Aa>P9A09RF>=<#Q{aoKx!x3Z26@4{bCA)(*41Qu)g1p|boyRbMi)
z2_6pWF`Ju)BK)(D=RGq8Mr~&kfRw()p0?gkHI9Zz6|^5#klEnfk#UlM!0qhkWp~Bo
z>DY3)BvMS-sXF`pVpfkMJ!{D=c)%>-9@x!>Ae6e@&v57Nc34z(nwu&dm#{{-3!(e)
zTX9Mx6L%VqW~SX~`#pe2E4(f~J+sm2@LH?99_51XHR3E356r%k)lN}<Re_~r_E(KO
zIEKp42|E<9PI4zU(1r+y^_|?pInZRTQi}mjtb=Yi?0g0~9475o!l<=ViEedH^r6v3
z&D|R45oSU&aPXo5<S@5Jl)JKQ6vI7;6p{WnDgVhAI2KY5bS_iO!Kel5qj~^r`3lYv
z-FzweeJvCxP;LW)<^jD4(0kXB)*A-t?OLQezqb=OFq7Fny?zu0z5q-!AwqMqN(*^t
z?frHrsqZ`S@6-y-14wKACMppxv&Qc+*}vW+f4Tg@4Nr-&8{rQ6^!A(LXX$swgr;zo
zSslpJMs%K)4l9?pk^?TI9)ta>L{1z6sBVaZq=psm$)*knN`H+#?&+UTORur_-P4=|
zO+bdXtr4i@vB8^hW_I?I6Y}->$l8~X8|+_S{gIB(vpq4mnE_=N9pCd`wpzF$oZD6+
zVg=v(g>oN|#@7>GndQ*<?!lGlyRzS3uU1iwV`A*=JO359#oI>SOay`K?y3<k9O+Sv
z?v>ojA%qD`%i>+P1><Pg{?^r+|FyhO!WJZqPe<WjXb3B}$mNropv{Q$T<@+E1#K%g
zet*zLmunHRX0DcbY-n+3d1GNix&OxB_zU7(u+Mm4WyiPn{pC<;zud%xl|wneGtCRi
zb%<-;dXmbinP;k^uq6`Y$w}7JEUq;{hoe>WdG|#ZEV)^xGOK77yeN}9ROq&y<j)ij
z?S~y<#Eij>Qrsi+U~P*X_PCyFnz3$UmYL=n$c|#E3Z+S$>a%Sz6Y=1d`tn7a`<jwk
zfUy{H`MH>#ZXWW)$Vs}ABig2}7Bb3;3;9t^EAm=m(!5_Vxd_eAVn*<9<8Pso=9fTM
zvSu=wMP8KpkBye9drbKylLl#MnRb8U;rrna*}I7vi63g%Uze^CEK>1eglxAD=Kdbn
zXYL6C3+)Tt0||vfxrLj-*g?m-FVRKx=);KbT0F92frScoT0B5C=<P|{Di&ZfG*Tr@
z4x=v~7P0krYA%<bG`hg!&clUm)x{l}G<1kM9o`{*+2K(p(ja%DXE75pzqRl~8NJ^4
z+p&F6&}bJ6^l-$Zu>V?zjHfqVB%a*C-5#8T#q2PaQQEa5fE@R%<r$6km6Dn;oqJ{G
zAEYZJ{)A^6|AsFRvFrim%7ZZ<d$;?$=)fc6WHQ72)heDNWv+oQ@Ti5-)|gQG7FIuc
zg4XD~zgaL8WO$U)+v#;M^2|;);m$5k&8z)K``45TRa{PFpgMK)mS{wC%H8A}F^TI8
zK`zAGcCPZGK&;_SW_iwKt{2B+G=twIw#rYx&D)(ic%$wN{>F{}O7*pmIlmHJIm{eK
zNuH1Vf)!<t%pm^tRMSSr<LE|naFqA;r#`lY;hY^pTCy!CVFb^pq;Kex!1#noDb^4w
zUHC#e(03O-(|VaerN0l~?P834(;3;?Li>R7&}WmOO5QUUWf9e2q}bna{~X`lT4T!V
z5n)+6B(iH$)^Adjj+yP!?BT4WCazuXw4f?j9KW_v`27rCeQal7<s!o4Q+R${o*@sh
z)8p&qG-=0l7~gOaYQ}4@k}Nu_nxK-Gpw5F9ndz^cikxy+UA`SP_|nL+T72fh$v=!N
za;BWWl$An=IlO+QM}3>_DgGgaSIos<UT_8<-{-DN_Xv^?A{kw>j!P@meYm?ecl5iW
znu3Q!0o_j$*21@>eK%qLOl#)GI1?|&hEZdX{-|}aYVWqy#@pdibQhG`Gw<!`hII7b
z&|g@fhX4}mcE$a-x&orPC19sQnhrU|s_+HVXJf4EriwL@K<|vG+@F!jS0Ec`aE`(e
zs$G@({V7y*DG8t8VPAVTKXWYnhP7YsBp&Vi>X#+hE^O6N@fb~0KEF!bg)xO+no+*y
z@%kZ9r$lw0#;O&vzS$k?d(3I+R3}`svq5#7x+e05z4ePEqid+Wa=MiKr-o!@)do{c
zhX%RPDHWO6*$;i_ROm`zt81BC(Z=&ah8wg$jY+MN&P$G!$`<^6NYGi6=c#BoAj)6A
zqrlRa9b66J1^k=SnxMoR9Qe3;z(menb3PA^O43oy5jf8uA+y$21I{ZQb@%>Pw)ys-
zmEY!0-0Ga-vj38JD3CxBo+>VUH>E*E_pNFa3%d>XZoz80=k`2z8r#=C(5o^ch9p%r
z=oKzWX_~yyk^^P52bi-kpz_?a(DX`3m}Wx{-Hz+32=nl@<_<MJdR}~IsQjUqWCu(}
zklm>VPs2+N#7qJnhIM*W-&{X7Q-D#qoxJD7Xjzila~ZTLez<9(Hs8(eUA3-oW*7UH
z#G9xMA7C7zdUnYkVi-2Fiao{M*B9}UtxP<is37wL;qik14OP77H9OV^d3MHw{fSJz
zXO_8J;V9EaBA9C68)=A6(ES<%!Rmm3_0nPUnxrbZn1IR0lf$aBKEy8WJ04hoOE6h=
z^_vb;{rSAL>tdi5{+Wp9e|Q$(0ne1}-3B|KmIOlHH8_&NF-i`>#ezk77IjX+NEVJH
z5U|X&O)0AT<|0W8oOA-A!1R+ujxr)Q@CfvpwPY_ws*PQRCZK_}ATd0CV@jeIzI5(J
zWl9r2^xqZ9yx1Q&$O5r#Y=1nEl{S8K(jMs59-B(#^4`N(xfp4jO>V6VhNsvZL4-E5
z9u^ugEK@qy>+ouNFv&;hm6wAOq95L|d>2!?+7xsy7iYwRE1b)?>iN+SszD?lgMfNi
z-%YJZxY22vg9MdEz)e9s(9lT6<5pb0YRXB4jw7S9&Yy_y!?-sr>2M-J$UMJVmM^ur
z5SR~6u91oBh4j-C1IdBIOVr*<${G=*gm%>36oRWgoo#R3ikVR$VM}Dc49=`;L(hXx
zKj)9PESb_Mif+|T3Bk_#wO<Q$P|U&QQ{j{zJ@@q44`xwJ@+(A;Ld`bY#WSHbco2As
zxM0^B@A&;MZ{@}8?;Cg|e)ZM3jPu`w1=cU3MC$}QhE15mb^6qsVoE~Y|5_#%wDVf_
zHYOzHlZNprr_0BXw+)^xd%N+%(eNeumavU7iNo}tpCpIK#6<67^Amd1l=hO4iWi#u
zp_K~apb8~M*}Jq2DnyZjAQ424Ej7BL4akqkkoG~<YNib3`Y7c2TD!dMbUsQfB_AqE
zPG$Wy0+e;kt|Y~ol~bSO?Bso+<L!+CZ6u#rjPOz%#ghm0uZSEPa(uLg_s-8Bd0!U!
z`#{r*d3^GuShlY<H9^9XevTZJWI4@D$0pIZF~Scc4TekxL|$^-!HfPfo`Vgv6gmIf
zB6puvR2Lv5xEXt$oO#`@w2cL!?XW&8QztYIU7*{M)K<)}DNtG!LTeET0!fzN`a1DE
zOuCa?X834%I6kwp9#E@@w?mC7Zyr3lzTdRKvTu}ya}JcC57bktes<i2eqx*2i#Jiy
z<uoc%1$w_XtT}PuF{0h%*5+1zpb)uz^5#4*D9ggHZ164I9EL8y(gaq?M)8#hN|^JP
z?~fql-#}ZzQMG|^!a>Zqb>C!VZykYLF_Kw(=ZGbdKB<ziL?qh~(onNp+bdrgVXVs@
z3dw~7?m9CCBJ*b~bAb`2$_n_zXFmJgw<jUgkE_zJAqa~Dt|w>fMRNIR4W3Z2tOTFP
zr~i+Ae;d8@lu4{boJbV11<nl!f+{BT#ufo_;3K_OGwh<F`p=ItzMkuje+*qnEw7!X
zp`pUwI=!{o`WQtzQ=*Aw4~tw5IwEXhHV>%562dd5&+&`dD)sA@6x^NA5WAfw8rMF!
z=P~}&PB13NU!1Li!Gm*V5{<5P;kxcB_g4NFH%`AYh2gPseFt1^n502<5Mt>Ig`ABU
z`P|}){`9drCN<jw31Yr>ks>}liRZBPclwIzqbq+67rTZaz}AKbuSzAoHiFb(yzy?=
z(3>Lv9n4sotH*5J*X2;RN=G|-mGE0@D;UC5Wi4y|7W3dMa{B$D-tN1>7Wm&UxfnX?
zj9@3WIc66w*EE~!yM!h$El!uul#Y?G@K?!BSqlak&AJfpVj%fj>o3XJ+kexTb<*(k
zbs@S2@I-xqtd@v5j>*NdDZNHp>eFDl?6v)^{T{g9$O1U>=g_$OutV#dx0nydP@AJw
zVC2AyWUo$J&4K0gCg4JGH|hH4anZMl>md*NXu=~1LL8#>!F(SNx}1wGTqN;<HFsc7
z8H_*G8^Wxkun7H?p{U-O&T^hR1<<%pFMs8pikwAFK2E3D<?_ruFM7;<`U5f@?>i2|
zfCI7`xP!G=V}f19*=4VFpmW(~$qKMbPRu4*m&Cpfl+1wZZD{4VD1B4blmnN5=I6fL
z3&&As+;gizm@VP%CEmV9n&dlD#ZZil31|=8Z@mnG`l$FBy$fT04Stk9d^ya{I!9?R
z{yQG3g7ZcmAa9kcY#zWQEwTte;D`-xujsarX19Ez`SCbn*PuZ6bbq8&JxcImD6hGB
zgkE41ak`~(D?7GOUZ09I8&%XthKtyT&Lye>DX)phcb%E&@R|508Hqi<i<i?5N(_uN
zc<pri4W+0tZw($+8&AcXWptqHS4|i&iEWF!C8;L7>yQZS6+&Oi606#*MrMM=s8|17
z123$6B-g4lgOI^vqfEFR>9sFj)R}<8`ui_UXKrLwl1ZZXig5Q3tcvf=c(QJP3WTxl
zpjE_(NkYS&4|&AQcpFLW5p8Y}*DVtS&m!Ex7YCBwO=Ya%N%9;?LSy0P9OSz*{7kkw
z(i)@N4iK9OX9IyiY*k+g*o0N;Sd9ZK;W8T9??F~pX5|)#gSzx=#*x%Jxx8k}TOgcH
zwYNd;e;=7*@b?13z!ZxJfZue{UXDoA)Dh_3du1?7FnNe4W=+J)x$lEdV!hvh!h$N5
zIS!ASe^vYg@2(N`C?(UO6gf)-w}rTlmK54?#E`yO-0=VRJwn1RUD)R|1mi$FMZ;RO
zTIR&&Z}x5VqB|p32Uc|TJ+CoXdbjPIud|JQ8#_Q6_?*;>TS~Fxkd!=z--XiYnG*Yp
zWkBm}CFTtTPF~UpSrYjJfw+;B&z{3?(GBhIu|QyRXp*H#<kZ}&Q$@`f%C<)>%T5n{
zc=Az%<B(cU)#X9SXDXL818sz!#b&$6=Uq8F1BTYs(UJNX!I<1^rs~`4JPpOsG6b&+
z|7OluC|aqp#=pSk%53ba-R1AEz&{ciPFrRPSt(iiZLsQZdLG+^zgx0EtzRnm4q3RK
zqQCzpuW6J#9ZfDA7ogd1Kz2i`qwQ|JAAjd8Zr@|<l4Z?Kb3pXjLAaK>MUsZNiER5$
zTzGK^A4I<t;utr$Xg8llUAh$1*MZa(5H2rpszn#2XmhKOSccxjcTyt{Qd*vvHv5t{
zC`XLegvqT#R>ORn-Bwhj!`Ef5bD1dYkZp1WTrjgcJ36;a=FI}bYyLEWb7*jwA9g75
zIemEJt(WyuX4(HZqlBG_c9wm2cPSI@X~Rss`4_>doFqm_$%0)8B-U@6bK>MX01J(n
z%7;cWkVd>W*qHE|(yF@cGkf|br!IyH6ec>F<9kg>R^Ml{2jWKKohKA|HX(5|KQo4{
zZpBDLSbS|+dRR3=eE3{3I>Mc`{2-67Vm)6n<XTV}%$>6`b`6APFV9xa{=P=MKTjt8
zTtcXk4!50xi!G0Ud$zanvi-BWUcX-QLE^&G1@7z330<G<yXf^u(ETJHDzhy!$C!$_
zdn1S5(eaqE8dS|)mjNeR=K+3wC{cekt(RX&3-l!Csr=7AcSJPO8|E{w@tY0#lUeOu
zQ5#p@kea-wmbD(9>Z8W(PeNp8zeB%Ycb6$def!j6I>Tyvga3VZE?b5?lO7^Fu80@S
zrx^xNNrr|yBe3PxRCDKU3v#HGZ+F7BjByX6!oTU@zNQ?;EYi>5H3iPJm{|yac!}qb
zvK_o+4=r}B;e-J!Z0FlF|N1cUPo~C7u4A@zrnEGaC@`bmv62T=(Jgx&Fp-*Ql^MHM
zbgRkY4ewOasDxB+>j>xxv^U!CmK~I&Ny$P<qtwC8w?yiOC3KAH5{&LRur0<0t>DMH
z#@pq;AvAp+>CQp{=v`i99teYRX*awMzarX;cQcKNPd`j+?Gdt<rNv$6KygsC7SUBI
z6QAtop-_ek*xe4b1NW>0!85W8-jfkpJ2%ZNhVb(nuuqunh|ih{`3v_tCdEPu%F?{o
zo2>Ye#cjRd5i#{EUW6vMxfjoPpgj$SMi(uDL=h(bPAf(4AL#l^O&LG4bk$W0siRaj
z5aiMS=xv33W_{Q7i@YJm)Bc&`9b9Nf<NQ4zfb;?+cv+M!@(Aa@-lc6;T@2~DEmuq)
z{=&{M%D$o&VBoPj$nV)DuT~Ps<R`q=HsUGK>NwIb#b#9Y2gQudKLI#HkUZ(0feO^O
zE+N!sP8d`uprf=?)+1i+ZN~&H@29^T$@sA&DM=yE?(bdB%vc!LtvgMe8x6O?p5wYW
zx^GJLk$BFAiX(=+;n;`INM`X;{!9>Mt~{*oHiJ~g22V0995ut0LG9CJipH~0O19cg
zmDNS10uuwUl0ZJ;3#VlJfTP>kNJi^W%<OolyjGSDEJ<2xX=XLHW4U~ZkrXDw>tN%l
zW<)T>BuPU}OG9B$N}&Fm2imeSocDY60PDjDb9gWjYq}FY&HA^#w=cMSvNVc{DI^a1
zicP~e7=bs=*_30QM^Ju!wz};D&Q*2IM?n1a=ASqLnLZdrck%`bXoeLdRIa1syC1T9
zU{B`uGE*FVW;i+JJ?JO(KT#4T7AqFkV(43gX`W0xvrkE+an$ip-!-HJ&KC0_V40oe
zAK)VB>RL*>Q4ni^JgCRHbdS*(5JxsSjc7f!_A5VV>p|S+%`611`9R26(&Yx`XGFyX
zUOp~djLI>$<T7)QbolrS>1|sJIWXI+&BTA6ZWo|}t!-H-9g5pUTS!=_vt}V|4KdEF
zgJm>?Cb5RYoyN?;C*t=|&*SbB3=M^rwR4RFAhkZKTyl6TEtj#LIBq*ySaGA;@yZM}
zuJ#@W&8s~rp0Ze_?!-uTWc0H6Q6+)U9h32t_PAT~(6odj%V){s5WOM~yB0ulb#iQ*
ze$jvVw<4Ki@2eNIDkv@DVk6&VbTZdym@^V;cvvroA1cSQMl4Zz<Q>2X39=e8V{1Hm
z(2zi=Rs~jj#J^SdM~ogmo$w!UJAy)xcEIQrVoSBInsn%)z2gPKh3ApV|Bm0$&;$pE
z!A~qd<KLx7zcPfep<k_K<}x}e|DaI$VZ?7ao;P;O=|vl90a|%CM!9qL@l4^sA1kDk
zjW_7fGg1o&n~^}Ke5bg*1N-gl%>BnyU5pw}#?Ie68b^b1FyZh$VMyFj`8ES?-*(}v
zgUp4^Rw7Z^j1}LU<xLM$+)lc}&hvv6iE#i1Lg%MSrLrvU_f|K({%Vw;z_eaaI|t{V
zocI(t_W?!wRAE(>VzbZU1})xhRqF$VRvJQjodZ$17=ajhpVOY%R*Okf*3l=72LAUe
z;WBn3?3()S>W&)z_**S%w3HoUh~FBt>=nVe8Rowo^Y<Ite+P)5loQ(D{X!51?*-C)
zF4eCy0NE@IjQ{(kuvyB_%hmCWEg#3VD*QQ6C@gvI=a5^my!76_e;P6@$fK0LU(C0|
zDSby((JAHyli8DXc^)e@nH0X_58vu?8HGezGiUGGGxiT>yGA*y-F6(_+Pcp<d)d?u
zZYf26Ms7{SooZya$DzryVEq(Mg8>+y>uB`yb7|e@4B{Ho?Q952tXTOrYoTAL!j32p
zp`@#pO}(M|nk`cQ-DqgD>??86HM2rp+PX)*{R+o4q^$mcMX7`jibhT3jp{22c$=CQ
zA<X5>Q{9uAPkFwL;+Vs}$u&b5@|O-T@ZT1%N6u1Btai<>Ob@F1Q79`mg87?QsP@Wo
ze(^IP0#4CL%qPT5pF#;}=Lg<5&o&7*cd}R<nO!Q&dWi>nsg6KUWHis~>CwBs?4_qZ
zh%zy*f5=7`OB(A*E@`HJ%7rzsJm<TLwOJtONW$@r0v2YEsdP<Cnjuh7Xm`j=CSlZ?
z7uNbjH5+_Psw>_9>9;+usS}{NR%0eIGiMM##-k))_qlWIQ+jIhfRNRENBYM~C3h&K
zK_z?W1w-L25b}1qn4Tz>*zb75XIFnq3O3=ZlnSeK+P}oc30%*a;T5{zq;W!;_^XsD
z+KGwLX6R2R0uvV%Hn~%4Qe9#O@de<$c?d0QQbi#(Rz@u;Et8B|^C7J)Irw^MMxsJz
z*m7<-%FKR@HiB3vBSdN9MXnJy<Q5Mt{n{3O1m*7xI{I5j7->a^R77s(pSEUXep!nA
zZ_Z<|@Zq%99<ioOFeXH?=soW>9Id}yH8$kY)Xs6GzXN<61lZ$cat==KtG1h#?P^#d
zH(sW^RoXL7WB915fD*C4XgSY<J$Y1Fwa&KgJJkpdr;#G_hpFswWr^9kwa4>I@~~i3
zR?EAF(HRwrXg7f)N6<0H0TosWH?nHYDhbmrX1|<qhAF{@8?{bx&1=h<WL}|lp!@a4
z)`Ol}2MHu*q0`ON=#AbS$IZS&yz+Y|bbNg5Aw|5P;#uXdL+s$h$U$Cd8ssr#kiGf9
zX~$OW;ZhW+DiJ+Nt>f`gPPce=?()cA1zSPpmXmLp2`oPdhV{N-I%|}{Vqm$4ikZ$m
zZr(JG^6Jdw8yG=^Yy9_<r91@c%-hn5f6$Sxyd==|M1w3L*WHq%i^rK~aN6neY4*9}
z(z<$$^&P`m^7rz3jS@x-`-mK)jf&b#)e$f4(JMyp(%7!rKtHR%<_4T)=o9DGm|E#c
zpBoSe|IUgZmD@yYTfdo`fImO6YKbIY8?=Cs`v0`-9OU+%j%DVg&Ecd2Cs^HG`-!bf
ze0q&%l(eex4njg>7dXx)jyhM?5ZVrX*l>P6%-XMb?IY&ufBr_!G3$%lVHCEUxfzwZ
z=IgE1bQ;TyfQ7rKfj6@vHqJcMYHJ-c4U9SNru>x~L8*#>cO>GvkeP5}nbllCK@7V7
z5>}+MDlj)!yW)dbmU^6h@E3dJ2O8uiv(p8WNe9i!`uq(WB%MR_h}H%);*a$E+t2Q7
z$#$?SdUlLhvbdrv{zS1kZLV>s$$1kIS?4Xm>t2jUr=Xww#yThY@o+!Z&vC4p8^5>P
z4Ae|PbBH5{D>5pyVyYh6pJd5zXlg-4n-gNQ=lU9g0LaCN>2;?wPVVWM3QXslSPD$R
zR-^=TxEb$zlAxu$kwp0mgrq#Sn^&)!ezi5cN4Ij|dn|k2zLwbggg!qdYN$T3`X>j2
z%|EfIB=QlxtfY6XFC80sdOKj_G+xt61P50fTM!1>DL>%LwLaFo?lUKXP$xxa9I|K@
zd0k7d=gkzu)4rf``L|Bxt~T3N)$)VjnT_DX;t5|ZcxR4C3Jrxi$oRV}9PN5q<)B+d
z>F#kPn;=2S6fqyNf5ePGEY$T;mi<WSEwNCBG`ZG6&p^lrwxv=~|1vs<&cecXjoo^C
za_I4Yk9+GQtOu}u@W>?6=$U>LUnU%5O=nZtcJaHZsAZ)t<sNaGs%B$`Ms@a$Gp})r
zKBo?N{4BB$6pn__Jg^J5p^!n{33>m%%!`)P%}|3AFF1ZEYG}gR|AlfegBjwoou=(v
zXgt^pStHg?3yJT0eaEJrlQ@QhLx%3KvFp_L4d*&GnS?`5%k$3-Lrk8cCbnFVHUKY>
z1EIZq+lx>Hw?6|(yp_q}*ow+E>Dl-NHe^~Fjjki@32Oq!6dRgsPwNBTres8dLM60?
zw>_}$qWP=p0i;1@5@Sh?+2Rc%n5I1NoWMJ^E_1PbeS=9V+T=d2YVG1oMlj_tovAfi
z8-~!-m<jQ7Ovu5>E*2R~^of^1WYCJao4oSgK6f%AS!t|V28YxPJAO+^oh2>&K;c{F
zwra)ra}M{D3*!6QWov8r=hx|(TKgwH`e3ztJ3}Big*fcDav#)k4(ie&Rb3;mTM`Ud
z{8T86$Kf$J7j}XC8vaNuNjDWMe$MpHJIz7ZC7Nl0*in@+s8KAIPYteVS>Zzd=OfW_
z7l+?83h+gi#wTSr#V(037%?T`tgnASdgXm_W4++h0xbikt+34Bv)nKhylT{Yug)ME
zmmuuATm*Z>3e^0A`HcN1nIJpm7Z{ZKpq4gxWA(~AiROmeaQ>rzVfCxyI`iGH;4IBS
z#PL0$4CPrsk`LG5ccR2#NB=AY@}*UlYPldK|9-+G=Y?(cRNkA2ZK&B}V7t-IojVxa
z4j~mLQlxPHUd7IVZJpkZ2oOfNQJ_H2Grrv!XPu;kv7i|f*QqaXsdFmrc7gxnL21Zg
z1s!LYGpMI{T)KpH!|Ul>$D>H77J$EabbxSF7|k5CI<oCu)2W9q(nY_Q|MbO>&J)ev
zNmOq<6tQ1Z<`!Rh-x>2q(;)7sKnC6vaaRpzde`gdPV@9W#A91s`jLVjR|66eK~CsC
zU#cXx2$$F>vuTjmNZzy~+90AtPB+}ekrPfXNaxz{C?{N<mtcXTFuY}^U#bY2@0V6y
zB{XLKe8`3Y*j*FnX`)G8UBF~}c(^40CvT|)by8~{&{?P=8K$a%^o2-@L#bB>6YMUL
zl7=P={XO3+RHrEA$Vf<kI?C{G7-@$c5PmjBZfA9eX#|(DLF>>_y{j&vN6{lG8<L<C
zkL!TRw~%~85R9PV+tXJczGrM2V3%`8pZh(@x#*ga=v~p&LD-z57Im?*Mtm3?gfwWe
z3Ftf+@6MHNW+EW%{8%Zq@_3_bLi^*vYx~lS&_zbs?oNrC5BDat<1IuNK1#IsZ%l=H
zTPJ>#Jwo4d`@}vZ_tQrXLg7&*MQJ`zo#e1)12v}tb#9W8rw(-CRFRi`fyLSPGvBwb
zL%pothv!X4XF?oOqL-kS3uS@P?*J<sS`^&0DjPXgPMg&0@ZfR}R_a)8I9go?OOzFs
z-B{?BWAdEg$c1dq^R4QU<(n)I0iwlO*4itaZF)BM+d&)?^ZM{I@QasLN}exQyWwTR
z!c-rptZGv5P7IXIS4^qjkBTuBlo%<h_C~2A$j0eRDPCsJt}fsPSOO5Xfv71d#=pzh
z<>>MCU{=Q}REF36Bnev8UqSX7XvMkDl2>?`f4d?gUFVmq?M%w?^hytz<TBsPKm~a?
zx!N!+rSNUf{bE7o@m7u;@2kQGt7LD@63yKL)$9?hH6_UzJw2RH6r(9$$mt*;;yp}=
zLWQ_<k@S&e9O~bMnb!C?9_RZ7VZCusp0Q?nAw<KoNA;%zmbnRzC2o-8QXDiBEy~|P
zyg{=P3jU{xcz$fj2Pq)8KJGD%iqQ0nmS|YQaBnDq*cmo@n*d^XYBEW#4A#M??sCYG
zJC3~HVetD)o`tC9_v)8H{pDy;>w(Pi*MYN5u`e|51yVFEnxFjgbf85te-uopyekr@
zKjX{>I1GZf{$y=DLR{F|)GTOK(CJd_+w!>8TQU#%y60}^7*)i&!n)FkBvQ;WTXz+Z
zc2?F)T$<Z}r{H$)4|XAh?P*uGJG!$5>npGwyw~VNCfWKbou`@8@svi0cA0G5aHYw;
zVxs*T9nJVBu9}r{OvmQ#PcfmY9IIc&3G0Eat+1ylC$Qjh61O4EATm7HgeZ%;e^|Q|
zicWC#E6<pip~Y1wKh&_s)7YahnLO=YE`&Rb>(~<x(Zr@eUHF@;r@4N{XOhc;VKMWf
z<H}e4lZ!^IWR6>Le5qamlA>ye8Xu#KGj<%jd^HVd^>))}TeD)TL+3?{xC0{h#s#@P
z_sh*u=aV7NV;tU~In3+M`RVAGPWCzR6M7z!aGo*|TzLa}$R@nUw^%!oT>Y3G+97CD
zvdX^=Ei3y#`K6J`14G2uB3tu@QjFQ9b@G!|V8OQsbNGQJSA?UxmYtVZxEL;K#Mz1C
z+VP{itG?8QFf4<oAsH+2%-%$f^!|ib_|i=@o)y_AOtS~AmlGP2bsk*Y&5;xY52N?}
zn(E823WpxK+(6H$0miB5+U`q#xhJ^U#_0)O2$b;-5R)jxFw};Ka+aSVE)VJbB!0_T
zjiS#$j3w%Ptz#F6j9BC!?=)qpSU;Yil(`D4`dq^d`WHPR;YhQzM6bG)r%}8@45X^i
zISbMo@O87RXY9Y_6J6}F$$OwDl9%L^g1HP1Fi{x|2#2jx7~4JK7CuTo7xX?+8IgtB
z2yZED?pEFq3NgPakD~-P{S#?{e<LcJgR)>IRM$4N*4f+$${UwUnYLIy>Dk0;+C5Fq
zO!#sh3|$69vbOQhR#^n9&iDl-1!+7p$1VRgV92P4ALKDd-m;l;eDpP(@ui+z&~zwA
zo``<UbB2@S`D4Xe8_W#p=(vPa4VfqT)m%pf_z&BnqKU~!C9?bgL*Q5Rup03=XzO>r
z4!R15@byr7<AzoNcC5qJ#)$a=O^AQ_yfBr!5s>0?)Z#xCWfg>b*7Q(0EwWI(*Bl>y
zCA^hx4Ck>Tg~<gySpCtOi}`QqRSN@kM<Eh@G=B`biGL~vO=vJz1h2&RdyI&y`U?+n
z1V_ev@c6gCJ3U^a;8Mc?oA#7dq_6Fu&M$pd!t)#7tR4<^Y+!;^BrkZ%V_o(B1b*Tz
zJWGY+ZKD9EnHZmcDA#;Gj{iWu=wmvMlgXEp_Vf9HcU<jS4X35dw!q%WMtNH4Z42uv
zWorV9u`E%C$}9hbjGZ?*Rw!&X;Smz&1PGMGlnFr@M#gPg&tS$r6Aax522PAde<=I2
z{~rK7K*GOu&hIH&_&so+tm&=WH=7wRKk|?`m`xIamzbHfPz9H{d*+^Esb7Awh8O_?
z8ffR%8X_av2rRk7C;~+cKs)Zs5jn6Gz_9B6Cc54`nKx@hNhxOizk_a5Eb`?HGzQ9r
zH1{4cJOI$<52ldRSd$RGw9xl_?;V<8!VMyN7=?LZ8Z3e*_Q#}sW_M~R&{QHYpvwkB
zkHMI=T$nn9^H><QOzpl<u<()FIE$Smv_kdhNXa|QwQoe94k@W!OSH~*r;<EQGHcvv
z`nJZFky#C{$M;q-xxN@MAH4tm+5oR8E+&3Tl|LkMs|{v=Tw=1@)`4P3y!m|ztJM~l
zizZ3^!=}MDS|nfho|v0?e1BLzx8T@u&S$Po&jFd)4(@zzsiTfQ^&t@6_)fKP<b(AH
zFoPNj6E_EM$+pWOtWk?u`F3#>HcgMc&wnW9(b~ubI1swT-fAxgGAiW@4-(XV5SE0p
z%JmEm|E9lN)EQ2+TP`$T^dkY+<Vk0xpcyP!h2&^1*YbkyK`qLfoBMr<5+%w``5z#o
zD{5ZS+0`0v^=*{U@2R9Bbb#C8c1~qt#G|SW@}tF^r4uPU8bhsPaP16+&{Wv@8(ZH0
zJ7iLjn(-m1SE=5^d$n=HY<{c@!(n_8%G@L`ZHkL9DrbB^v$|G(d75td1)^6yXbR4D
zIZFiFjuu`FJv;3(ui9@W>{-o!8?dX0*uq6Vat$B8e8Pmo%8nk8XHX$Z*VTva6On*2
zrS@|B^yT3H!DHsT4L&L*l{!QKFM0O(=zt~%ZqPJk-iSbR64pishI}ms6JBdRRk3dc
z>_L;&F8UnGjWkgr7@(r1-{^+g#wwO_3LqEhaTDCQ0@msMg|yf}S?I0|p4&(%0}he`
zHPWmUIf~-}KvvDSUG`7*+XzjE%qdQP>e}esO@iMUS>721s)P<7wOKm?sO@%q#S{gA
z_ezfL0?oV}Qt36adJGFZzl4cNFamoPbT93+aMPmEl4wiuOV?ZtW#r#wJEva}u~-){
z9LhMJcQ=&p5sAPJjkdk>yN)9T3qJj_RvrjxBYCGpoUz0U40b)AgKlxgD!5YXQo6Al
zGt<Q_4v&fMy1vnT;OQ;cNwEtG8n!DdAKyJq@G6fJ)U%T|E?hF9WkKJQ_QjoxD`rL%
z%v3h{S40oEdD-afAE+1&;OK7!8(>>4>%uQuJ#%3g;jNe@vF4lp#ON-!ld7xcMISW*
zJdo<Dq!ew|mk<EoyMUiq1<;7Mxwai_2%G&Z0rBTH3y+Fxn@vIKEnq;2^n01Z2)^20
z6N-K8237Zlf1WsWt1toUse26*qmJPp|D&Q;^?FtJlti3<5&ZlDLO`T$#Lg9`t1u6R
z1*x+_3sV}y#AW0>2<zR(bq-gcRK42q&EiQp{xvKCwpDJF$7*zcUQE8KND!kgXNS(=
z3~ABowc8ACH1}<7C>?%wAT^=>dt!va<4JKXJ>i(J&^R*lbsW#swNMOnIc5ag8~3}9
z$`p{AELY}IK)47l-n`|(Z+mDZ4LDfRKT>x-*RPM0)TRmy=av+foIpcJI##31qZU-&
zmU|_1B)`_^XU1z1chj_E(%JCj470~m;p*}V%-F`IMHq3WTeZ<HpQxre0_U8C4^hx+
zz`^A1qITDaUTZvG@ZMhfOL?_xqV6gx*Fe-5plU<oYIP(><JXH(HvYaI6y8O=?OyS9
zyR9=^nNSNF+S`}DBdE^KyOpmz8|UIrXXzlH=bh%fKCg)=$Cau?ghwuYgaTF}NKKD?
z;={?n4j-~l0{$p3tAn)*dojaAl~u2{^sqT#a22pv_qa7%#v|BdX@BNstswRMZY#TC
zGk9*^qK24_9f#%;Bxb2Ft!lQ6b3uD)yP|Aobjo(~p5g5I`+`vBBZA_)T+)0{e?V;x
zM`4HkG4>t-y8aYz)mUIE!?<bH+Qu2w6RLWqsRSCOELPaw9VyO>N<Si!F0r^<rNaJp
zu(f?uz5iyX4wsKTfFsifOS@#GmXH3Ls2{~FPZ4s>JMVk~nGf{M%y2P2XFKmhl_ab@
zByP#nP9QEyx-Z*v(Axlnoq;!4G+icRd9i}ZnV-)|bv>HLnVL`OwLmv#32?uh81e<=
zZm;-wh=(vA+1JoD5sB}YyOY_kDL0DY8v<(;0Xj39z6(FoLRfPsN0ho&aq<s8ckEd{
z4)Sod7)%WOK&jI(T@wx>v;wm;J4gGu=gcVKJ|*>1(*~~E`xyr>;vv#|_IYtic-jm-
z(r(qkCFdeIY6%U4LN-Xmx&BZ39GKgWzHWT(n=5)avMbpk5kN4g5cuMEE>CX|B^aF+
zecDB?sC~sIc=8R7y*D6@bMXxmR78l&qGuJhetn^j1&JfMhnxZ(E_@E87=$z&LAZ%2
z8vv_XvE60-i)$*fzS26(%g0~+v1ja7*`Rb?5*-5gn#J06vsE-IQ5g1E_kVOxRZz_2
zIOdjpk|OYyg|8T78aR#%R7<F7^+#!%3%T<J(Vl$fcqY%`0HVeO$!$d#Z4Zm~o&mQ~
z0D?N`Ty0mv`>d{ir*dKs-y?V|S;sGwku^#6ZUt0tNX05+G>DKU4^{U}+}hJW`wL;u
zzs}~DE#3y6se)*zbomiw3>(Ah-Rg=7rZ}I*Am+9I){sJ!xfOwRE9^XNHV6}k*3Yga
z6uDgZx5`Rg$SGA^`M@8~gZ}<`dYkUtX%XaRL*c9tEhVQND0}?6)6(y_XM5SH#BWBG
z@U-$7`Cr;W*YMH;dd`sI{g-Kw5i2kb%r1>e@GA5b6%<aAPH<I0%C5%TAL%v2$edGS
z=@5-C9U&dggB$R%i4J*U{YMjy9iSvSs3$c1E@Zwc(@{LZG4BgPG~hZHG}<nGQJ<PX
zp^kJwi{k8=W$OhW8j9I%&3W#YpSRkzI);zo04P~}oC^HNd(^$mZW=n>7%H{c4Y`S%
zLqEtCGTYVm?$L@_#kZfGc|WyiS@_22hzI-{UI~q<IH;2V3RhG$?_q%ZlvCIBYhU3;
zhcQ>wo)v|T7Qx}$zI=D=#Bj6a6zCklQYI|rH*aryHh=^?cd$}$H!m<W;6q!L_@HoI
zgB?Bfkxpx9UrZIDKj{{=2|vR6t3*yL@oOCaK&sxC{PzQKQJsn8&L1Rg!p|FJb^b%H
z)+ZJB)A9{+v{JZsx%4h#PHNGzEA&c!%nu;QoeaB4GUxw59w@!0t9Gk$8?DIAY73;$
z^utyR-4Id;HWQ0(`GMhe;mM9n*aHE<RKKv>)h4ZnE`sVPv2=vC%gzjYPp#^Ug*wI&
zKt`wGpE&o#ScRrLfMGPjOZWt7!P=mG^+G@segcDNATEd9__D@~LiQTxZ_i5UhPkVP
z>yp{mT@<?>wQ7*rZi@Bdyh%_9P!X6qawwo7gHFKESk1!M;_O1Fja{C62C)kQ$}5S^
z5ett>rrt*Scm@}T@j0BvHv(Fuy#rjgGpexF%31zZ8x@t1y1lzL#hkKmZgiS3i1Z7i
z7a}lf%=VfTgr>E}`{66s_it!iVGT2M!!g7svJS{WU>xIw&TB_0%Y-K+A)jhtivciM
z$MD#lg{V4=n)LhyP{uESSrBqt!&davdtpw*bAzR&<iGg;KG;RGy{D~Slp@BQ6AQkG
z*3r5}S}waIkr*bT7YFYdbR#h^By^$G%2B`2EhiygMhAhJC1G#|0*)MHO9KNAO$2`=
z%uk1<jyZ%j;oJ+#(t>F#pjQB#(d05(Db8Fw(7j#pxJh~ge{+=_l(>F{SPM{;E#%vH
z$WDtsDzplXzS4Wostro249dp%ss$2Y)B>oJrehwvp6rmr;Exw%M|{URSNj}+Fz-$m
zt>%=-Zu0^t#U<tqnrXTo#j=TrT_6Hr>Fi%g8X~%~cjs`W$=f=s&9gGJ%Xda1iOQAz
z5~*>3_9R!ZrTAA~S7_|8u?d0(|Hb_)@_S->KTV0*Wxy1uIo*Yysg=@*N3**kwAWVi
z$lYmqDPpN`V$`luP93SWg<-N|+%9hvN=}8OIP)3HSf8&q{A9co3pas%rV<p@VeY&5
z^tV2?VfPho+_k`$ZPU^QaJI~Ux6O5g%_HjQVcM5(RrI~yh{Ni1T0*h9<tA|8Dkf2j
z7do}Z1n!F(N%z%9l<mI=jIS-Z&JdWFPdNOXrVRK<K<bVppEnziJ`G%vD94mnM~sh~
z&BQ)<(x<L&2A;n?LWDdMbWVx=CjD0p@KE>`+h)fD3oF|PEs`2tCyQ!9qICXQ{w~OW
z;HS%0s$c$gnnNlRd?cNYCsbzOwzn0M^VdCVb{IGRIwHq?TCxaE93CVP?rXLB7|<Rg
zg`jbB+y9uOC=Lr0?mXOGRb9m-V^Z*kjCuV(p5#mlge+W|c|I9DX4OYqwI}8c^!qB#
zGQ~iB%p%tG|Izpm6x_mk?3?}do7nTPX|hP8ZpIL3=m!#GAf;r2Kw$+I9QZ?w$JOzS
zZU(gPst7Jz)TJQAcgfm5vshm`(t-pm6A{|r|2_=&Ihb8K=a{FS+c_Y%Md@3zw0o)m
zF7yv0ah&YO)ek_$Fz1&&wga|<c$X99(13D0A^L50&2>yu9Y&KL*(UQ_uwqY}Jwq>5
zs?P$q#@=vFRR}ANM|V9Nfoi9Eb2C`#5fu{TTyxcqS<^g`aY7+S4;>TeWoXctBkxqk
zfq?_Y@Mf+#p3_`Z^W5HjlH=ILA6f>c*g!Gs1;r3lHkXc&9iqtP7_2Nz&B}Zdx~&R!
z+;|ODUI4^M>qQzg70MJH0J<v?Lj(K>^#hCU?+X_xmwud?wn{S-^oSgUqIry<ER$)V
z%)TubLhElyBL%uZ<bVcpyUq(`)vZgIH}Ft*;uSzEJokwt2l_LYjZv51eMDf&4SK`1
zC1e7iu|~DL%Qm1>nlzUoaqdRcHAFOq2PB+}q|Wn!$|OC_BE11=h~o0-nBHTtjoZ8a
z{^4oC!}>Vc#9lB6Z~J<hCFOD=MASe)^9lzn(MSLUqO(e$9!+ckJK(7XlMFuN$Y|z=
zDE$wRj79G6o*pq`E^UMjuOu{pgC&%bF>;n*%<l$qlb4jB4Ci)9U<yTf8+M96a6-H~
zQv4gNn$@)V*sb-@xJ8ChO^IzZty{li8*%)^R=C;ZO8_lY2(he&t?s8lJ&2IH$|hsl
zsuxerbP~XAB0rcvvt1G5!v1@5n=%u=YaPifw`s(#z{CLU9$4{4;3BSzSmIAO3KL%S
zrO4X5ZDbv{&`Avu1zkcs-#f={WjvXuHUN8sr2gZb_`0NAW$}1Zcg7zj8kU4H2p~%9
z%iK4oC4p#<?ZV)ttM-MYYSk_Kuk&GC;fS&ZSlfu)+tHC!Kul8g7zw;kGG*tep&i^k
z@8|-VX#^n`9Znb4Aj|UNqHB0Md~U-b8gpQul}9QWAj8T5YAL`4j&(U=*Q)lKyx?Iv
z`APR9g9S&eQ-$Tdr}5hNyQol#E}o;LYS%dm)SXkp(-QotWH=k?yYJFBnW`1g&i9Q{
zw?rw*@IP6_3<B+XiPj=QBU}*FHQW3YPm`DChIXy~ff(ajSldr;v}Sn#yH_PGI*^I+
z!uv3=i84W0<FEy?1G+t48)x<1$M@(d(syL3gB&j<+QTno{^@XKPX$^qgUE}L&aFk8
zZ}C^rp+wC{Enk!WMRcaYJkOf7%;;&d*&EkQRCV3*lNb>mNLoQ)NF)Z^PYllI5^yoB
z*4UQi_N*(X;6_b?_V`Z4(btsDCwgUU4k!cGkv`>PGj@TDIn63g=Ry}*RMEfNOT!A$
z!*m@tCFnPqIUm~bDSyVmZSDiKID&`pBXFA<fsaSdBT`Hc|Lk~te3uPkiz+<?=dBFS
z>%sJ7;dCBV3C4KL$m5i7Ui{UA1wfb(Y-!;Wc!~tZjVy9rPCV(Z7f&tjGMBlvbl9n-
zeBt64Ms+bDM6O`tt<px}iwt<-3dPcsAqnbKS;fjGN1V;7#=EhQw0e+0NE~86Xpcp^
z0#Z28i9!kZiJQt{es&3@$BrRjSLK^9ZS*!s{m@LL85f?v!YW1?t!c*VlL5`*!;m}?
zWW6<Bvbmg!kl0?}Czu_OQcZk&#E*C6H++MEkV_bEq(!a_Q^8RWL0QnrPKrl7k%aci
zS}0@xtzD+S>xZM^%}_$%5^agV?(877NJpuqc)JpF^WedqcyZNc8>Yi~A%!UzpY9;^
zEgpd_k+ut;Vdr)R^sKClCW0*~So-%7-Q%u5^{gB^MILPsPcHw$?AVQpv@2kjFJ4zC
ze_bVxoo4A=O8BQeUM}tI@F)f1e7Tl;rz#mlts-IzD5&CKQ|Aaj8H;EA7K=mXq}?>;
zXO&wP4XymwT;Z?@ZWBqQ#%Y9M+tylc-ORn67WVOf2&7UB1EBMdDuvATwE}1-oEX$8
z!V70sko7GC5gv2YcsObbdp?S1-K)#J@{G)g@8DkJzJ8{3fcqzaL0~HW!jW>g2I&NM
zV(0%u5WOP9K@~uk0~Dn^rT<*V@{@~P@QE5#%Ig(0oEQWW*$>(VE~3qx&%`&j;jp|u
zNCus|Qi?>~GvV^P9Uo2;+6ab{9GkRoOx*O+Uuuwz$N%$jqSS{-S5LoPD))XU;Zc4g
zK2#<;syp#z=8;>EJc)5gh=tsW%)lnaw5Vit;APQd1oS;pEX^1bwb|3gW7WXuNAAgD
zl<6ufQa*%LZi~fjr4m7ui}g>##I*IjQ0;?Crxs<&YL?r5vz~XQep^bPg3eD0VB+_m
z#*gk?vU{QJPXB{+K%bjApP_hXQ2Gdhck7FZ&H#BsA|3TL2w;&U-T>i6Ds9PPIksN@
zA>uS4pz)m!C1a5yj$tjilXhvoukV80UIM+%Pit@@?Ym|IE00sQ*jZ%2h%-@&ES732
z`cLl`eV6R6&sz4<m)y%Bd-b!?@Un5-Pg0nJ$Tu(%t9gXzn}XqZhH9<*2eybho7Gwk
zOtgP^49jP2T@}suuQ%K&NT}3AS_6&UPhi+>Gou(?zmYB*={VNCa#f|N^0TS>+Vm@K
zudLZMpjRGmO@z(CTK@7TEpJuDD%>%fvU&Q0ga`FTGWmwJgO0F@2MMBL;&ec2^z=_?
zwFhS~v(%P3tJr=eR<MPpCDud{4X_X5r8Jl4Uix^%m<<T>GG0?~jhGYS+*Oplq#Q=v
z_CELHuIX5LHrUQYPM1aXRFF)7(xEKYc~s(%gcOY?){iutKZ-3ppERCa{?;*Gt&P-1
zyx7sfxjpNY`@)u9S#L(?F!DXu+MnQ2e+O`wLYr0MFTVi*+J@ExRN1aw2gnp6OSW`_
zta8p@dN`OG1*t3ak3>`b6^EpLtDS$EjT`EtAn%3XDy;dFzX*9&7&<Zdo|8f{ZO06J
zNpd-HrUey6#5Nj|Le5=DikUY{6bjE^+#94N4BFrhsjiThy<uQCi#&Jif(A94zvmO9
zrUNg2A^I51nUu<)%c}7MlJ=cx*cQnO$4f#W(YM5LEAiHts=#n6$u~71Mc$q`9>E(Z
zxQY&xgBh)R8eMTxy`GkW`V4O~4S9~FTG~XhoyL%)s0A*V9B#t#$Wq$U5RT824+j_b
zT1G_3ESloftr-NEScw?V)th?4kE0Zc+IJ!A*d#?n-D$4wu4<>kgo2kF$+}#BKCJ?W
z+Q-0#&)<PgQWpO$RBCB!AUdG4PImSaBz!~$<V6!+U^)gtP^(07ep$Ey?2QD|2)@+A
zStZ1<I2Pq?R-N3|A5T`+x(QUMm-bdL5nVQs!&WK_tLKuIF?gFWCJ~vyTZ|KQNI7@l
z#}r2oI(IMQ)nQ)2o#tRr%O5XgS>;tuYZzqJ+@)mdWcn3fE6xU~r?V8V7?^K~zqQij
zsZO<9mkP?p&B~w`q4`Cj(`&%+N4QGa9W@u`M_80jqgnR;NCoGGRj9_}MCjH+?rhLS
z91ZOqAW&?~&kFRp1R}4)0XPP3^Ea>HW8eBC6*O;^H;}fL=}J^7KevVXTevqEQv-U<
zBxOFqKNEwDXmbR>a@&Hp?uypV60hx!T8KS~19$fYdr)jDkn{$n1$kYT9j&VCXbhOI
zp)EQ+&rC=G)4zxqy=vF4JmSUYli}^?+t0J!vfuO<(^r0Z>Rr%xFzyI>Ki4)HfMn)p
zve32^A`R<AQUP~vzY>w?dDA|C&K!~goia7ggu@!L>HMo#O_#G4(|^bpGdx6BNv!0E
zam(=MaRom$PDv}M3KBU5*$_{4OhkL)AuFE`@M`wE;L7iZv_g(q3Do-u&$q-|2qGlr
zD0t2vq-XEwOGl{Qwp?$XdcN<6hd_Q#Y3^Bo;g2POy5-cm$=eMHkaGr#h&m!jS5k2I
zzsDmln{Bi_3CD<dhz?ayR$L5S@F2(<d;gOkdr@&igi0vX<=%1%NkBM+?`N6-NxH&{
zQ!A4Q`8N=1*BWVpt8kvSD_23SNE24Z>m{${4DRZ<t(4=)IbP7|1)E^8=wJ*1-iy_A
z9+*+ay3GEaM|I9M%HYw>qdZXW^(E+%U#yKLJQxB?ihDteN__MONd|w9y#2#G)YEVu
zGpzcsUR7mKr(GyNpO<5fc6A}{T5j<nTHVfarI$+#;m<|xnW-lJHK#>Z(}h?|{WtfF
zr5<BIxJk`_&x=7H=1}q5tU@B5SA_Ugwi0b?sqCa>YVt5O<fGbF^rxzY@Ph<-|3myB
z7DK1cMvNWWF*{*HU9LUW7;y6L>IKz!w&s<S@_~NnP8L~qV0`<JxO~f;Ckeqz9MfC<
zPfQy&K=8heu=g!cLieYk_NAHx$fNe-Ub1aO_tYKz0NU5xP)!NsG>G`4twiF(_m^IE
z{irGzW{An7EGfqrVPY@8%KQC3-ACvsc9kjjz%;6K!pbAW>ur_-8eQaZY|-FmwZDtb
zD{pjv$Y1>KhMM}v4s;M}lobh{3nI}e!NdIF(|ZU6OfByT3Hm<R5?@G%P_c@=(#i);
zy*qL}#qKT#kOMf$729Q&Vkh(-;}Q{ZWKzjR&K8MMdYZ#ja98E6ae-g8kHnasuE;WX
z_|$2~i0BzDfCs6YVVBusHz{V~T)Vu+fvC8B)>3Y8r=v~tUY$}`BjXPo#TO_xO5hh~
zfC0TZ4yk7Pj)iBd1H@SzYtN{TlBW&Qcn;}fV@+O*V?cQHrah84gudd;mw6-i@KF_&
z5Y!E>gtMRSibAgp(kP6Wy8^5{<jCC7!tDhBep_1~+)Ht-WYo69ZrL50w2S}df81+p
zg}{W;?{#+aT~g^}Ct{iH1{M{x+88hg;1`q}rn9VTTyAJJ_Ucx5v=SZ#`(M<l3aEZ7
zzBY_JchmM=H0KBTo(^^vdD5TkgbMBTvy<Xm&a8TpoM`@vulbF&{m{`vxEpb^Uz2@+
z7o~Q9b?2LPkCZ)5pzy-n4z=bT2HIO?M<c_b?RZ5~@6WmVHW3aPD;hOdhJu7w6ghs@
z9-nN<mjdi~%2&@@{lADaS}_M^R7lJ2+i))CZt!|?2_fBE<yL0S#bxVbWusImA^fyz
zWBGr^4OodMD5WR}b@5qt2pe#?E>)Fl5Z9j%W(e?4&vt0Yta>L3=lk&`lF34<=Sb|Z
zOrd=y3~-W{#}?mf=C~Mu2m5NhZxTIVND3@oTV*te>~-WM--U`5mKs3h-mmWG8p+dS
z{LQxBYwEdy4k+g*%8K$3Y|-bMG$9l!dCo*j<nU&_zUjNi>RFeQy9xP*cU@9ORx)AP
zyVJFcOsgfarFaIpEpihA&}v4BI38#$3rM$$*0l<QLv`NRKtNxx+s9wttQ(d;<^W*X
z7aHze>%Q3fGraOjSw1MbBcReOEwHaBB-71G>v4Iy1|<!Oy0t>M)uHFw)W@cJUXdbB
zsMDm!4CTj#Q!qH-a<-%)h~;Xm5}5nv@gk`Nm>MU;TWL^Ik~*yHIG_${fOLKh1aiOa
zu9l<vYeV2!Cl`@!jvdo?LOa(ggGmkhzm&IopNxAes}8YTJ&{rS{@h0i89r9tD$d*f
zk8d?S8K1-Wfm?S4Bp+o2xeu@bK1T-Jp9P7SRE>H`qvEtEr5B5TR5#bR54!8x>i9jB
zw9DFF<l;)~QS;(xWZQU{trblK5G#RnSJ~qyAIpRwq51@Ym`pPW&r6Me8eS$(w|dTq
zWZ7)<i`H24T@tmhorf-qmj+(E60n`!bKx@E7`!g<tWq26B>d)!1fNGhsE9A@M`_A?
z?ETDk0l()fz@4ptX|Z!pNUA#x??0Ry%y@n{iFBW}qDVUS?#zIMR-vw(%{`yyLNQ69
z%r$uC$Wd3CCA#gKtKG>7=uPhS4#vjQEtt{L1jpyV3&q}??Cq54uU>D=;M>uwJ`$(D
z*GSR6la#X~^d+__2JD_bf{_nGo-v1rqIvsCuh^%6O!LnSXTAk%p(4m;?Gf*F=w4L^
z%1K?9w$n%GJWL=jM?D#YJTS@W>vv)-j`9h4u3B)gR#3mS6gELxruXeF=rUED$Dv6O
z6vf@x_I_r1_ANB)zH1$TrU>*OlV5d7z-S^FEKqc_8}wU)gp(1K)l&WYr1iEWCl+=%
zCGER(irHR9rMc(^X|L78UWB24@w3P)E2t-MV?JloCajVje|7G;6ibl-&`@MB?pla(
zLHP%gHCa$4(dfAc@VlmHVgw8<kS43$_b=S5lFz(3{zH40=?g@%DDZ?R;Z85qL3b%I
zJkOflfz+PAL3lL;=TA!`(CnA_;v3}{!$LTWV2)iGk^lx6L^)g7TRCQv6gw7!&ax}j
zW_hW50g5@%d2ddy+srTE;e9nmb!!_cY)IxfL`3zljh5n82`MYg2=`HH9g3KC=TQj=
zXmSx2fL(d}r{?`s+@zoW86sITQ00k`i9O*WRd<QkhBo!tZGP@98869`Hw>$=ECTij
zLk^vN<$G7{Zyff6U~YwpHy;46(H#wx&f?qSUl%&|UE4VcYcPWqKe!~-Q`5Ae1ysPF
zE=6*3f#c^8cM{?YDNi^8?MZMO=Rjy*FhKfUusM=~X=L5;JmoC2sd6DTDw_QqidE<G
z&SL`bJ?LXqX;@a^*c7`A`2oTT^r0na-yHfPDN)gex!!buu)~GfTYe{TRp`xYh0+b&
z95WLx9$k?t!;QLmMA&0hCnl+KZqR>sGH$IBO)64zr&H*K^ybIY66<j7zxA&qOW@EP
z!dag#s&v4Ek=%wl4G4|=#pvFN?Z7@Wkt<g~(XaqzVhEvCPMZx!%!7f$LP~;X3b*CN
zYi^G|%tI5Ek+>BaKEwk!I*Yfei7)r*xWItmGbS^(J)`bBKzHJ<9o;4r1LzO%Igwlc
zjxppN!il5A%Zxu_-QaGYk_APtrE)ph><MZmlOSL?LT7RqSp63?y`VN^SBR8)N<e6~
zzXwKb$U#LKURXcZVYL20Oy_o=I?M8a@}fd^u-yVhs&$KjzU}6an%OMfP7MCXJxl8)
z#><(?p#C25It_3>;-7(Sx`60qh4wO8t<~D>ynbC$PN=&;FX&#^X0wesfwO8E(8j+k
zju?ez&~vY{lC0Ra+4)#Y`ZaK_is)se0mIwt%OJx9?ziEj=IA7GGG&;#vmWA`Z}EmZ
z6$Yvyh$}V=hRZAs+-q#0?>E9u$40JDs8vT?)w_C1(=+r&D^e0Eh=*Ym{{oX~>T4RI
z%KOqSO+sQ$9Eu05#$?IJb{zB`pQwa~by9up9BS)KK=>Nad=vj?&UQVzm3}F;5OKTd
zLOkcgZKr{<?oxMM6bxsKYY@!QHjZdOn(8yXC3xS&{Uc98kP=4GUb-X(g%;YEXB&iP
zvWC*qUlD9e6+-CaoAzZF+!Q(eKtxWiT`vImFSLG;yeuQgM;?hD8}fnXAPZwu7h7Ge
z@9e1{R)_n(Qv#rIgJMhlYKsf2=y(HvYQ?j0=bh)T!;cM`&yFUm{u<Y?Vd_F3)T86l
z3daP*P(RD)EQorw(+H6{JkR-^cU9B@6=LzQrk<f=KX6}3uA3j<XS`tuyBInBwvSW4
z4iq0G14dC@@^HMti^bal)l>|RWpG%wFp-=(*J|!%U=K<fVf~K~at&lYTM~%By9)Mq
zw*GKJ4^A9mJ^BdqBC62fYWC|Cmf(&oGX_CM3=qi)3Ogh5KT9;yj-uZwSFqQGEyQ8=
zX2_|9c&F=sTr&+ezi=w<^0dW=XBe)*WJ-_cPdd1Zcc&wX(b4jk{1zG!Rv%%%oCW`$
zDB-^-UrnfnJ%#4cy`yf{WU_$@d!a3{d^GeMM4cRvTFu0L%avAn4s<l|j27#1vra8)
zaItbt!>E`9PoFuENAPkb?L<l4tomg-9kU3`H3+VT_P*}O18l;sdev?VxbEwUt9E@^
zu_%RFkiLLtwW+*98&UNs^l||tOC-C^tLk1ZX5^AY&yI(GE$b~{GI%AV;qve6bLb|8
z-aGMu--Zbln1&JzC>7YC#!^&iLDXFzv8JV22n|1bx+8$5A~il~B^g@Dw}+}cF?X(a
zxZYuj8SGc&@!gcG`8dF>?sOkF3+{O+pKJc8f>P)AMoEB_+!Ha$y0@dar5(4q-5|6_
z`~Umtm%K?ZcERA3tu)RWk2jrId>miRti;wL;7L!})HtV++qO~Xl{+yZ@D7>}*KLGi
zI$sK@0MYbF?`($lFB{Q=^lX9;qHPpQ^*@9J7LMJ{UVXxs8qlyE0tLeFcPi|Tg#!|%
zO{kAK<Vw;hn!7`39oNiA9F$K_g$G?S$x?x!)8Jr16i)LXx4)Y=X={G7-gG6pz+nx^
zTY#1x<HJ4;F^}FURRgdHn*rVLmy^0^QfHUbMkxFex91_~gxr!Q^pTI$N<upaR*Yi#
z(nsb^h|kCMw4Sd1qjE*@14R;-o1kzuZCTwu{NbdfPbf|-J%N8%N*I2{A~@&?FrCcM
z+iJvah`L30d6%Cn7BarEr_pSCr;pY~F77<aTlG)Rqm;WeRzDfWE~bwSVbi7cpU+@w
z_|+4IyYE#T&*s1aXsuiylhGy<Yu%xDj%WJL`zqbygWd%Xtqw0mhSnREBG54xPm*xC
zq2DPC753e`ZV)&jI$XI)&^%=WMwkvqNhnib`euhx7o5Z&$D=eM{OX;TTNFxfuF3&K
z(hka)LM@gaV3tYd78!-@#<wcs=mTYcQS!3A!?uN2c#jJ<hwW&dIB#77Y5gC1)IL(E
zw;FyZW#c0c>#aqz1_j_c6{TQhIdCmiOY%fZ4tO98_Y*rg5K~0ce^cto0sL*%9rZF|
zItrO+sI_cxw=p1JWu~v~FUP!!*>(S>?uD<|ac-+dL27*Pl+=@oEXM3hq51#iJ+|tv
z6#wF2VWa{s=)(M?eL&KNlV{d(&^ct%)uCeuPM9_EXED{1mQ+<gab(n{t+A^D6hW>2
zQWDq9S#YD>&A11TJ@oOiTm-^(Ge%2Rt#yM)d6p!pMOI9`y{AvblSg&|K$6pb<Gg!6
z2)D0jyTLr?zlLT7S8mm|Ug33<VT>ctN&ul(0{yp8$<7gsT9xC~k}z#$ECdJ>Y&kQC
znA{9XB#ZI`-#avtUFJ*a?Dv~Rw@xG%f`=46TCR38>#`~to@4DEP$o}$w$~6IC{jef
zvfB#0qF(QkLe&3;L@EtqjC*T|iu>E6H_t~Zifywa(C=&IEZREoEta#~Eg?~`NFO*G
z9rW4{n%gDBCMLz0{k!6Leil14f>A5O7H;ptP%0QzR99pQ%~YKcbTHo$fro)2T-%L|
zBd4iev{5IF+?9oKx<9uI9<sb%<*<Ylh$IRiS;YAP<FMJv_gZ(bQ3-&}ZL#dmT~LW6
zJ&*4FS-s0I#%DEf?SRiQ#n|RwTK90N7Wt540(NqD31iWNPLoPook4S#AI-t4OrCVM
zwm&JTlxNoQ$)jJlsQbCyeuLRw=k&@iO4zy{R2JmuWF!U~Zp_FnvmgPI@|TgF2kW<Z
zp^yFW6PSSIc0EH7uvPQVTBa3$c(e9^Z1k4oN{`@8JR({pG+*tcb;*~lK_PLMB9P5$
z&GXAJii>*>TM76TyLNuy-END8T?E0*oZ;|3@AIsDu6i@9X#wkNCm=Z{+zA%RPQ~`n
z*zArb|4=Ik8+JpxVL}_HfJFg=iJ%pdj{Y<0`P|^1{UkO&+kv-H{+&o4ReE+v7SVHu
ziFzX?NGwyWon{IT_gv)Hv_JG7W~=}r&(p<P24X(l6*lH}fcu0VOv0Ezxyp}%ef9Am
zZtxUwWs-gGeVRRX6M^WcA|sZDXI%|^j;%anb0(y(Yq;L`gZyU=4J!q6jS}>2FY-2o
z<uLs=Lv_bYAltP+4%2{UYt|q)5iWiX&k(cQE%h2L?hUQ!V;zUAw3MNUuw4sFvFzK!
zjcfy-|5I5An<1Z>AErr`4v+qX-x<H{&ePXR9HO5>h1~H$V#gY<GhD|cDEeDJHy0tb
zO$SoGjQIMZ61K1*(sgLY&c$#POS$4J`~wz9q9)%e0%3W($ZKJ76@mS^t{MqLC-P{u
zkzRP<G7fGg2zse2tp)AaFYZ<vRC$MVErvLoRk!d@A~PuvrLxa~`MAfFCMq;2omCr}
zzvRV8^<XVQx8-<u^iT?9I(5g6WiQ>d=0mY4wXUeqYLp8T>>QM+&%WFeh2^aR8aLtk
zg`ZD|YvyHP-oBZ=odEDdPdkHcy{QrTcg$!g8$1fh{7F>a7d^HDVR&`#vVg&~Fs{-}
z{9?8ft7{)gkSfK{yX`YTy&<UtBvhM{azxpDP9`&i7@ZG5>GjYt7lnekvcU=w^;{2>
z9yu2vbh;*j<!dKaP^!U?1Y70Up{&P_?V8Pd;b_;t(O-x(r)WoHPAK>xw9Pu51(^6i
zkdHuYKUzrOS%2dlE*rSHr*T2RWt)$7Zg6PgkO0N*8*Ow*%YMo0UI{25R<6Wm1)5f_
z+<rOtE`-0ux$I?N5KnmamIa?Hg4v~Qo!1AR5O+sowg7{mFRN(_uYaoh`;(~>k_|&!
zR5^0C`k){X4SRuUFREv5jb(G=QrUeyw~YbQQA6FdLdI)THT4-1nKAI<RLCb{T!=!F
zxW)11gHC)2Fb_onFm|vjJJ;U3Ro9>l122Vo`+;s}%1A&>lI047;`CnQl(VQSs>T+`
zAS(#F8akPWR<)Xhplr;qwZ45=?ox~Bm8vy2_h8(Q9qPFRAblutPg|%#PP7A|)6}tY
zUU6tN3e~A%%a_3xOs&{N<m4Dl{Um94y>?v6RD*X%dvIzPq!cAj4&s*duQxL)RtzCR
z;OecqFC9?}mxCp(0lJaXxVqh+e&NOWb9WLy#MI}lR8ZOQ#x|czMSxa*b#r}?iUBjh
z<D*HngVvTCiH+be!Zezr%^VXl^x~4o87dB<hAi==WD%Hot7nTajtm{0s{LS%f8&G*
zU2$+!)~MvrRR*ws9?94Q&LjVyD7A{-i&~d#_bUe0&-Po>tu^K6D8@l*xnqr<=63p7
z2nCg|>6wQ(bd>uQkm`yldSu<8OA$O0o>$Vk<R@G;It|=N%6mIRQgAF=*M+{xK(id5
zj4S$skB_L!n8Hk-mjoA+U{&<(0;ydSrGf~%@wi~*7T(08Zz5?X9*a!q3=2<AAI1T<
zE`}M2PaLUzWq!m%PS7Qc5Gzwe+Aa7aP?QH6W{A}u5UK$TXq}KI-^3SPkRLV#MxF89
zxIw2H`rUO7PtOmEWI{^JI(ACQX(%e%>TT;}y(I~K+riB+C_XjokJ?dW=uw$(HdX1k
z!0LTRtexe3CUm@vf`SpF9SR4j?P7aZ1Nb>?NBS?Zp<iZZ)}0~$W3?A(X3L;iLoI<(
z7x-k-R(=2aXOlC;ewK_vw9RfKKVDNMRLZk4{n$;;cBQj1n2lzz1a4+HjX`+_9qRm&
zh_4}D%3^{38Nlp-R^q#M{a9QEmR1Sj{brT{d1}l3S29Zp50|eio7vN*BG+iBp4~VC
z#Uf8%A@8ZU+lo%$W=WBNdawNdw3fDJ+c|T6y;D~)V(sRaX@FXRe=aj><;Al7Un~4}
zPsngXo6)%5x*{N$0Dznvo7^rq(k%;B>4ZWo5S2$(K<#f_VWS;?6xt!`M?*uyOm*>x
zZv&U7d3odXzZpK1<%;IgHB~+U6wcx`lIQCW3vIe~0cA@e$y*g+VDRG36=f}rUopf0
zGiBjdo}|CI59lJWsyh$fZ4R{eGoZTj3=Q}SL2C2xfD@})tNgCs_;W}e`e9h{Lr&0V
z3z^dWBfy40+9I9Gv$w!Gb4Gs7A(9@*fo>YWvj${p+X(`SYy`YTInrIK{xQ=7{W7Y0
zoMVYfe-@B_i+UI(QtpfMHG30ELPaBGHefn_yU>OeXq>Npr}Qtt%^M(?_>#>Y2$OHd
z@$pAJCD(y;!@l7Oa)JU#TN8)aR+(DvgFHwEnYp;2SD6@lF`a8@HRP$%&s*Nm#Ync(
zUf9CsJ2xlN+W`w$+h9~d_G0XW0Sz1djO`A_;evp5>DW*WnJ;GkYT1;lhPF@o7$*0N
z(ix_hj=YHYzy2y(`6s>3K`JZ|+7x3?DY#_vW%D)9mR=TBe(tFo&xTg(qkp%y`;{*+
zlw9~T{S(vOc|!}Q1A*N6Zy3kPE`cdDrnj${Ca{=*$OmVAEevD$%>I-d{WTwlXfAl<
z*;Q;WZh+V8JMFC}6&9j+lQQ`VW}?9*LLsdIeZ=$W3F0`+2Z&3*Vw>M(oZOBpJFO-r
z*q`^X1zF*r(>WSIr&}AQq%dqxYXpDuQg1w;B9T*VbE(-uQTt9&Z<g~EyQuaCflaY|
zD1z;-7we~0vd(<Y?&!}mYwWqi#vX%wf4PK+Fi&c!IWT81T9_@2|L4q$f$w_-ML~!i
zNIeGPRm6I|kwwoD*s+oI_v&`fA=~5U0!WR#DzA1wtlFdJ*5OF{G}rSWr>sd`K!EII
zCz@$=43SQ^3<*nai~p(#uuj7o&$No_3}kNR!#J7^0xTgf3i*Fl8o8pzz4nZI)WO~z
zU!&RLbYzMQ9GX5|SnbLWaXj@}K~+L_NUJzw-SHm2xsBNu+xW?D_?~RDD%#Pldk*e%
z1H_>Tkt`hIyYSHx$>2%?QWe7E2xGu1gop{gzc>it1uSn7?X#$D<t#`Zp4v1x-LjiG
zVI25g^pYArRv$1a(#H!d>gAmW->*kTdh;&Ojc~MRU+J!j#-T5Ucf6q`{TY^!k{@v&
zolxGNL<pK2S3H!-j`-C0sU>pc1P+ORDByu6>Kd}R>crAJqoiao^uJ2ke14&6q$Iq3
z;_0?_%8#&1Y9xh~ZiJJzB{XJT9EFChKPz3BxeR|3SR026m<P}xi{Lgvk`@^J6N#|i
z7qgwREFn)3l<t9`>J_QSM1wS4HyA@)Hsc4jNs#jbPv6*ylQ09B7=+#8kBSKTpw;<5
zvCaPqJQ)w`E$YpMoyg{4bWnRrGjIGoy2kPmioM2Tv9uVc4%wR0i3A+g1jToyjxf7R
zl4`k2f$Dx06&|me#RGe8S|u`;%PuqPk)Pf6s3jIIV$;%I8V!dDJ#e6FN}UXSdM!lk
zCG;k#y{h~Pn{WArWqd{eXbMB|rpgeVZ9J1L%U>Z^tmMJsQFN4oTBkuuE}5z@KXFBH
zg2Hu?2uPC|OFv@2mnB<~WB^TMt_WzF)8vIrNf2XMKzBk18fIeh*d<}A%*V9m+h~5(
zn0SBXQR%q%G`Egf``7o(X1!PU3xXl=esuqYqihCR$mQS`t~6td7`VugkT)9J6LQtD
zz|rOjohxoHwxx0Ts7En%B}t??^j5P0-OJ}Qc}~syIPl_MwvHuEM?phUS>1dbZ!8BQ
z(!*VPsihuVM-<DnXg92U<KK%a-J2{vzcTDu{#(#W_H`{kAt)B22r+zTVK||*7X?hV
zI8VTh_1&eY>kh0O<y@=Y#=HA@?r+G!(BThryS`41n8clI)yn5JW>M)mbO9IrOk-Ae
z)NzDfL{HnM*rA4^t9D;4Je_S|tlulREu)?oS5eLnXZCXs3#mRE<v{|3#a-OSul(*p
zhd6LQ6^3d_!xw#{F!_S<lmQf6)y`1wv)Ze$EY7q}VROJGe_2l#S={GE#3C|>J92k`
zzf7Mpf+;1=Xv87A?_?=<4ELZ*BaHy5j|4$MIUs(&F?L&6F%=jIpP8OLlvk9&{lA$P
zP1>`ZhWsee7n8R5aL=$?6_3T1)Y?2gxmad*7Fhr`Z@d`n$T2rI(Lm&3^F&`nyyLt_
z-8QIn#q4<fuK0KP=-E+c>K;;JVG{8Y`#VpRX^Ls?W}|e2meT(OfNMa%3k);K0scf3
z6J8A-a)4dTq^w9ieZ_DZxLLw@XZE;`@?o0|P}!;ai`}rJvAFGae$|ib3tJ{aD#?0C
zBzqzl=RP`FXAQ)*%DXn!qt3cQ_j1iQe;rsbZy;2W9RqpN6iEEA8;O}>SS0eN8fSOW
zn#_qwgVTIA==?RRJ;~u7zeQCYl((_&odOr(!iQ1%1BU8uyI1xfn}SW`^0^&o@gNd^
zkg?T2UH52&Uq9?WDTgO@B4dq*GyIOi0wfieKjKKL0wN)XbM8>U8tK2%(`-~q-K+fp
zFlZmPFa_9bNBGn%It5M*m*!JkSgV<E4F?OAc~ztYMmYaMRJLy#^Y4U^`Q=TUIbx9M
z+OtIaX=96nLKBmI!B?qzqIu5ul-vf#TWX~lV=1a1`qVO5$t=s0G8tywpz7y6Kj+Db
z|9C3pj)Xp4`oGB-ML#g9dYzMeYM#oS$)^27IZsxb+xR@}j8+)-5!EvY6S5h!#HwTZ
zU7}Gcpm862;K{Yrw%0^fLEd5#)|WvI!jQ`aJIxB`gRsT3uv6XR8t8PdWtzZV6A*2)
zWpABIHi$ggvx8}vy5NN4Uls2NnLR_ztFqVX;TFi**l)WAYl$?OUr}&qF%RYCn5>`;
z$HGVzxC#U6rnclofU<YzuCaZK{}O+L@5W{9AB#Upb9eJu@Q51vNse(*Y(#ARW4FjX
zE9I&7nGg49x^nE+r-}%nr7>4Im0_Ej%Pu~=UVjgDNp)!UcqpPe176m?<f1-+pWa{b
zvb7w9LrZxBLapuU|It>pyyDlf7QS&=YV^-Uo)EVbDXjwzS>Tqh;SUd?BFjsIghPjj
zC`rfVc-Z*me<<uns20u|1Lx_@+)qXE9s==`e^BeDW>2D&f$_5vhFyRV0!HIgb4K!*
zenF4mI6#kcr}pn2{lH0A2nWz^9A3ak(bTuC((qFd*P5*m?LDs!9^hlkm>^&@ZLI-j
zA~(UGp2B7m+7%8dP(19b?{VpPg&sP`gW7MlgC|KM4RE{@%=C~+N#dLE&u1a)xs1tW
zhpoat`vATN+0SgYcA)i<Y2fC<P<M4Q<&hdEkC?=9L__`+x`K6RUWe<TM`ImcmiH_p
z4w3|ogUyf?6bSe17iz_>la%AJi%&AIQ6}y0x#3J1nKV8`FK1E=AG~$4|L77obaUYy
z!_H2UR!~Pa2G|2rmJj&Y+z-Eb14Q@le50QV^t1XeO>S~n0S-rtZ+zx6c1KMrO(WPy
zDRC}ZyQ52;Jk@m;#mVdEudjg_J17lw)Y`Kq)mQf3Z|7DY%NCvFT;8NE^9Eiw?J1I?
zx?1|S1Uh=sQgoe=&UzYZ!aBYmW@qSFkitD8bAbP4ofU;lH)dAxBgkFdN>}N2mPm#m
zypY5N3b@Z6yt#1Pc0ZD|oH$2YF@_tj^HOa$+o{0MwtnVc7m>wX_Yc6UBc<$XPi~YB
zun){AkgUqZ;2!0v)99ASg-a6=kJ>wDpUj=%r2ds5DAyRkC<B7VosCeICB&O$k`&ux
z`th6cC%d6NNLEh(PyI9y2hIrw*lue7m)1T`bUBHR@|(=zChF;r1-G#n<6zA<%K_w?
zHLqV5*rb6Mb%3Z&_`E7L6fy@CwG`5QRU;fp=qLoy3J{3uHLaNv4w%=!I@|h0eWQt6
zxk3DTkp54E;L6ns>LN|cExv>EJp!=(K|Cd{r<j+`c5y3gbG<pQW#@AW3OqtrJWNr`
zO09RYoar<+EY>p@+3>vtBi|pz-uUj!ZhP;9>xXTb&_7A(etIbr4Q$n{VAM@)SCPCG
zX#>wmTNyFZozfjKCiP<zD$pMEAb(zq0bu6<El6D+BFKGxHbNI|<JbA%eSVyL#7%%<
zVgI^$lXw-5RT%qxs{IatWd-T@x_Y2~XZ^w?ua!lpuEb!;mFRZ`%7dU7sJx;5<-K-+
zK{@HRaV#SvI#`sDLjP02wJ?W8{pj#b^73tFtwEG#m6kv?2t>p3qEZvrdK-_BUZHHo
zyMEQj_i*>%gBN4(_I~n%vR1nH$*;hDia0RnI!kxwy|01XSZ~c8;lvUW#3%LOAF^P8
zHP_GGlT~{EYtj!Lrr&)a*>#$}hnQoW_P6Q&f647aGn&S0Vs7{uvQbN*6)_(b>!L9G
zHZa!U?X?TDrD_B5O?>(!rQ&lB?qX88qZG6c_`0qMJ~!kmSZ)DB8pa>dJn-;Wjc8N3
zj|OXnH@0fwDY8!mHSlPtd39s6)n4(s;xp<0#$A%V6(rL2#vmQz_8^|KJl$I1I6+ry
zqFDRUlLG=?)2DYj0^g6*1K_GhFB4FPihk)Q_%|909fB5&Dv78GlN@H?3-Of|K;xcs
z&g&QVJPxPV6GT%Xyk{P<#m_ND2i!n1`pkqn-Rz0NU>NLZQ#xv-H5I)YLCYG0P4Z>l
zLz*l5HH`Cm>Z^<<<=8ef2>B`hcn}VT4l2KgD`|ldkBxz0LMYg%t*xqd70ySN!Z1H`
z&@FfRR<1be^<*|&P>dL>Xoh)CVx1CdyHmZ++5u>Dd8G_jaq{lk$88i9(%E>Q=fl)q
z3;}fN5qp)Zspf9fIs<R?9j4N+c=SCE+_YTj^w+zo65m6!USptw3)g`B@9(=#Mbddt
zJE?$+hJ{Z983oS}qiA4*?D=MgycXF{oPPafu&i~b4YJvG{KtbzpkfvKJ%c|I_z%zK
zClky0fruS}{_5{=okaN$&^aPoV{!jxNIe126LyOCwh~Blss>F1`Qba6i-%GJuTp-R
z+zsf}Fd!<%D(zXzr0b3btitYLwvQvg0sOSaJWt;VGxniMCSNq!QhMiQHcvT!r*3J-
z-T$;s0^XfK!O(KX6zWh|!>ORPj3J0ozZrqYn|VvX?*uiG%*=23#j_Bxb-|2~coRuT
z_WqE^y5Q`%F_4t8JI-W$hI7gx9!Fkf@&S=~st=~MwP0{L9(UC}5mQ$uVT2hrg!^4M
z?6;nERn;G8dmLTuO&R&G61gof9wqGXf)7Y3k<H~#`p3W)^d*3Fz|JGHLEtw8X+)q3
z$|$iom{<jUuW1ClImO5uop4pyhvZY`Gl+(C!SY-;$7JjQE0j1|<t*7=c8Hv{JQpDG
z`<cL#p9<r5WcpI_b(5HV&t*F;bag9>;MLuNC&PZW^DBmQ%Zy6bVv*aKCRKvJ5vX?P
z>8Jl0cqm5M`tg5u&tUtw>;JCZzH19BNA`>x@mdA{LOg{kT<{6<0Jhk}HWcu9DF|TU
zo~U2@ShOFL(h+#I5r$r0ITM2RT6;4wuS*lm!q{HxBfX1?DAlnA(+FiELm~2*$xnrJ
zdUP3LFHVj#a@qCZXtna~rWr-)NJp@$!8)i8lwF>j6^J-we<R24;kT5FoDT1`sV!s>
zt)7*F=;zRJ?+?_1{4t`gafEvgpQA?0OrDB*Xxac6?GRzg{;B76yxT{wtM6dEh?Kbd
zkqSLons8?lsUCkN5ZmsxzCw>0p`;D8q9iZ3e<hjxjan#vYWJc=yPv5_Nl=83ZlAC3
zf7!JT+$M~e0jeMFihAV4XC`&h05w3$zX=v_7Kpp3Gl&QOp5OPWSr#%IF>I?<2m+rg
zvTQD{v8o}~E(QZ;$k2hfjiy759=8y@YMLy72$!4DfMB@x`JNn}zx<r-*_+O&EE`6%
z&r(9)gqzct3ksmH<G`r)VDupX#m99)WwW_!;?Od)5TBdS{1=!nuZ?gZd|BONWSVoF
zP%)+8_T?kMu<>R2s^VRoirSk{aExu&rHW%fG9SNEK#Kup$6-Q|e`H2n1Zj5<8S8pF
zfs&Jv-RwY0HNz$6!J5-Ux4iO@tW<mn5T{VjOSVq@vNvu~h<T`|*Hm%CA)~fU=3>nA
zMfvG)El#3@E3Up_VrYdwxTMaFw<FOrLx!@CRM|ZT6zwf`cF|uH@7e~(nDmpAUEBJO
z<_$&L2AKKdc3Af|+6a)^482WWY0<Ax`2W9s=ii&M@9dnDZEZ-6a&|jxp~U5w)=w|U
z(Ir^stbYMEIg125g=6@JQp&K^t;{EGm>tzg4C3PqvJsxtrU;~#06HA=1B@%T+X}{Z
zm$<foybHm7sR`4&SjHK#mCW;hVoSH8yiYb<w+U-yJyAhA+It4xUQlo{hKek?@DKJZ
z<51+dRy|``vKXM;bsoTI-4pOWW$G7Rlz6caHXs)A4r70eHz@9Dr!9_~t?L=_#H4M3
zLqLdVaM*63*h?sS(Z`JYm6X8DS9A`_K%SeG#)#%y>1EAsP{!Zu%R;|uejMytxmLxA
zkJf|wSIsI4$jw+4AA78m{kSqH6_^zic&F5dS*h!yeOe>Wr|hE2gj^GRs&kh^9!FDd
zra2`8pzkIhmZK=<{owS2=3`1i$*cjA73f9%+Vl?>6acEQtxOmU%IBcWJuyS9ZYzdX
z|8w->!=5F2AW=Sa%ime8LpA5-aOm!91L_riq#Lp^J#^zv{>!%yFIZNUX`A<^Jl_av
zBOPq{?9|IS0{+C#9&=&Ztw)F?I~R?+v1Y03tX!k_d9AEnSDh?_n$NCB8>QT?itGKu
z1O_)g970b0u;Y^1yhB3gr}GCxVh6?9I-7Kt(rYVGJ-<#?^8(~8A?kKrL~H<KT%THu
z553T2dQ1@(BYYxHWq24hV88skhfnEW;3R!A#LOBq0k+S`dy@A5c7TG0D}^53$*n&@
z+0PQ2En4cF_TmHKfb!q2VAzYfxdjvesA>)bDeo%kyH{|1BCIq-dzfPf##EbX>pk$q
zr)Cgmsl#K0aOSwmCuiXKfm?!^=r@B9Lhod&!wOUSg94$1$k{pZ0f~IgA)AWDeN4IQ
z>id50ms3GMZ%%)L0^x1D3THz`0AX+!FXLF;UyrT<-y3Q{vndgXKTu`1B78jz4qlf_
zO06ORm~WB3joA4z4XhM{NeUYAjlo<EMZB~{AeO*dGr>tiQt2|`-{;#*bCy425$7J4
zy`Z03FpNndOLueYi0R@~8r%F!N}cWel;GnjruDUUa)_ASD!Ccoe5>BeRP<bnAZjL8
zXoLqgSHbpeOG%L#AzPLhMxiy-%&QnMwzO;BH87>*6#VI+a%Xf1pvF18CqD&qI~N4T
z!Fq5pMM~?{&_&@uy-m$|0(&#aBvlz-;7hYEJxqG`bjS8Rui~hZH+XE;{etI>65w(Q
zq%19^zXMe$;9YbZl%{&HMd4A~%|eWn2rbqX>i=KYjX`K0e>;C4B0ny=iTp@YH~ji`
zV}<v|*NkwyP(x1z-y`5-yTMt!U%JG?gq&INHUdVehinU>_{D_nwX<^j*GEYdcC>t5
z0e>uXIUC|a40nZ7(C9nW7TV=){dmLtRDT$KqO)o}szLBlr!8NLV~RC8Y&y@lw8oNW
zeWkhZCKX^mh;u_<hF0st`R-!<PaB?qNOCWF5<$e92~gs;K8*4RiP?E~Sg=xxu29d|
zR<s{Cwi6JpC50)65@n+IIDe^WTAk$TZ6J+&R~2I9$C$qc1Jri_+Fe2unVa6wCeWz)
z!_GAV{>L%qea}t8AvQ$AA*NPLVlh%V*=5AR2n5WwP6HCg1DxgwxD>CYkn7v4ncMtO
zmO)^%Oj4{#M}dpLhTp>Z0E49@t#`(#HOsj(J*u`hxT%?06tJ(s?ydOKjxU(mjxB`g
z5shsYXfY0WRj7eo%W;NrT~L!+?^f2Y`^;hz=iRm`pJe+RP~(ZK&{Z5%U{BGUkZEvy
zjn?HC6xCe0HFw_HG^}%m(cZmVn%vG$N5*1wa6s)A<1TE5X+<^y#~eA#P(!&)!R#?X
zOCn`llo{n~(>-oTXgR(z<?GEb&l1jrdQkL>8TI55jxJNshD8tKt-no=Cg}o>zYs};
zB)H*xHkK~LNHieB%C&g*;qzEt@;hrj<!|gkPzWWm`@2dK8#+2W3d0=xjF^6i7~Byt
z7k<?GbdJs%!mTI`EJ5CAFHz#8294aBKx&S;#rqLyLbfL2DC5yT6~%5rNzc?Y-Lyci
zO7lxiFHNMqEzjJqmMx@O{?BL`bBc6|1JK{y<MN-EXSFweUe0L(TtYH=9mhLBl~T_j
zVnAm58c|628@6f$N;WzFq)PG)OJyO&KI25scg*Q*h^3Tr-eSW{a;f*{f|!~F3O?U_
zB-N@}v6_et{P$(h<VLB^J;B`a2>6&r&X#VDEiz>LQUV0Hn3^@-aLOpOj!wbJH!E(+
zi~lIbCRgk_-O?Yd*A|B{RD}&qLnYYgxm5(;HIG(9b{4t(BbDni@e%*Sjaz(LJF_bg
zr++x1tWRv>7|saNE$|(F`Ow28BljpFo(-`%J@H$7^9%tXAYOC)!6ji^GMhU9##P&`
z;VF*W`f1)C`5n-)mg{b}SC?EL-4N$f9>2TfZ2nhgiNcZRS!@hN(ON26pCQQVt#t8#
zP%{%yak}+e)f-YHKq2SeIBB$16G<S{?esqEn&Sm^|6BLXXK|>v$o*tXZ`{}N_f<<?
zoBO>R%Ii=pF^s*B{Lg)Tav0R!8>aT!Q=u_JkOy)af;>c!YLFMyRz8>*Jt(wAJ|$S^
zqSFDX1VLUp!fAHQCk%F)^+eo&tSBHKGXZ__c;Nwn<yuwj^74-~8WdVbm`@Ceyfqzg
zmvhJu3@^X9k=BPR{V{?|fB~mgYWb=o4Gc9XTL1}1MjcNCDWpOdFwuV1X~3Kyg&7vm
za_5mGnnGqY9CS-nE{{KQfyP(5?jbO=2DXqa>E<YzOshBe#CuMtVvamWNP-M8#`*qV
z$LKn`J^#wTn}?3u9W3|^1dVxq{*SeBH}u`P>>6`_$ae-&4-@{7vgUnQTfahs5gh*L
zH(j|V1Ys7*jA(LzffZ;gr3p5fWbcU1iD3iU?q7y65Ftg?D)95n(aV&h%rp|!=!mhL
z+F(HtZ~){mlxTB*1$J8cse^T$1RW~mnYoR3BJMLvl8y_KU1+}MZWUC9Th`s}_A_5P
zSHnO`*sNGB%sREwc!=}-9KbK!BUEt8+O*W_Y@TP-fq2lOc?Q02*Cv0Cfpq)F_mT`w
z0%bi?_z6&4^rkpnJKnP>DL#f=s?!e5!A`9_=B1<Ha$7WFs)}IHqL=NhC%O`?Nmw`g
zc&T8R-b>?^bAHr=F$JsIpQ8LD87oEy<W1z^R&UH;pz$f}T$#%{HeC_l#Vg#B)hAdC
zZMYBT6_;zWhtj^7f|FPCqO=-Ztf<DE@Z*QHu=6(}5RD$}OY_I7z={Tvx3b`&-!@D=
z=Bf;jb3@G=F5w~A<)Gq`Hvm|4eM#!)8z)MyK(o;OZ(d3PYn&HdwR6}<mCQo1d%Jy?
z*1)*K4`clY6eCtabu51IPHrQ#f};O0gyvl?BL8C89H;{cZM8mVhx7aef}VVd{TBK0
zzTc<z%;BT76Ps{QT!bt;_Rkms=zG;DgB+fofd4R?*v%gWBl%mlS>C9l-0sNJB$sDM
z|C?*v$O!RCg(=;qFp-T+SI!s`>t&feRi=PAlVzgGaM}L%^pBhx?uN`5RKY=O%<&KX
z4zIz$78!YDqm!d1OH!KHM5Dg?mn{uWoG&gSk~c$i3Kba)P#TGgM?*nkBD*^O3%#w_
zu(Zh0bM0Rj1F$I@HhVFtUaj1K0Pc=!?GIlm4LA0;2PgMChCDberx04BI|#HtJ5-CL
z45qoo;*q@EY-o6vycM%+InCS-e(s(oU$xJmD*3gLW^Aavl-nw_Uh)lG<Vk!Id<VGu
z3mB`TWGSV-GV(^uFQE3|AT48}izkk(z{i?PL8K_}z@H4lv`Ky50JMv)WVh90f_I?X
zI4#-GQcH^b%<6x3S+M1t%_j<1`kt-3r-Ht%LLBNlPOb3Ce&vowV9sjE<*>KopyUY@
zoX$sRUh!3PbiakCciHE$w^V$pJAvhJWI1RU=+O<S4o+)Vn>txHzh?8Zh5|{c1wW4o
zi9IycKey#h6|{@YyIXX41u<}~0XaDNl&cQ!OCC313B=yBY-fHXy^u*Ea@s`?#I1Gx
z(}$A3tK{EBL26fJCu!3Al|>4iOpi?~KBZEqN=+XAZHxr+dz7g?M(|B+8S2w|!0dhj
zoQ7O4h>Hoi3K(@V-ds~@80i08Le>+a&jqW?(bE*S4O;+}erO>Rdq(c2`FdFjql@7h
z=aIYi<&M?K=}yhcjSyK_OL5G()E3wfuw{q(f&vO^xd$^bNWrt{%~^Zifrv>9lR>!G
z1;8JoH6CA}VyS)&zvR4Nd1*vltI=n_leSAO&x^q1(O%gm(=m^yM0gmNJQ%Hfi8<s}
zjCOK8gu_?xHzD9j2Oq=*?-*=Di<IS6JdfENCs(F-$V3%N5#RA1mtMV~>yQ?m5;J`=
zG9|~InTUs{lmGbHeUe8opQ<Mw2%cJ!A|(uDev<63S;3Rw!gmIm!A*DkEx0XYuaE3@
zn@oPZ51mw<OSq%#?rRr947_$d!zstiP<0eEOq-*pJz7{`GDu=Yt4bQK-UHoR>+^8l
zZFYUL$D2;!xkIWI%rb+RYEM;7wm1Ph$RZ#!1VoJp<U70&Izw#mSn-akrG;O~zoiUp
zzm9OMy+5FLmcKt13YERf@bMG(_>2H5<lR+zi8nqMVXR`ZpgB5ziVoESo~6;mO}}lQ
zh%;VRn}`+!w7rIH{zzq+lo6dQ^XjsP%X0Cn5ieCzQ<VpX%4_&U*~(vtTY2V25SO!C
zESHp?2QDpOc6z7X22w78Ol)Jl7x-3u(Q>@p<o%G^cy|foR7+}8UsBU}B_0L<Ehu3`
z=&IlA+2a|xDi_l{1%Ec{P7YYfdV5WCt{?xLH-H5v>$~exGjLK2fFz+A%<LeGW6v}p
zARzFVt+R68>eY)&KQA&_B>0vne`ZEwh-p0#;Nf5JEpe5~ZEz%H>b|QN>>XGFKG&Bz
zE#SlcVro49J=?sTYe#ZfhGWJDAJ)MqbS&Bxvlcixq51w^z*-_V6~sD`@=iLfOYss*
z{y`UG!AVhS9ZOl=haNSOP|_w~0HM0KPrjxk4)3Uk0q?hcJ+i+Hn;kI}afC`;@YB9z
zE$JAS<X~H2Bb?~OYsqgBGiSjM_Rn!IGL>aK{xQFtOyceLN-a56Hz0q}TA>Ijo`^}e
zft)IwqYvwO+TPI;Y1ymI;GdiaTPsYASz!l?h(XxxAKA1r;cskK3WO?l*G{5%SYkQH
zcfF0Q$i-{^KQu<Lhj?e=Dp6LM^63^y+h}reDz>P=1Eu!cOr8Jt01wIL$@NGSV#uz3
z=wMj8#wv0hqL;JL{H#GIrBVOof_-X4TCU}Je!`#FyrNhED{*Z<S7f7_QkQMX)MDUK
zJdJpY;jNziv%^32{mRDn&~h_mi};X=-Eh8!G^ggqSa5oSng`!3`E8E_v{wn0@3hOB
z-KbtvCqYV4kzpia1sz!&Z11WDTIR2Ut`b~lXR$;O4Tziik!fvK#%afTX8mN_dAG5N
z1an+7&WboyD?<$;7%{fB6{#ty`4|2t$J{S|h%LLVPYjuX!vX!^a?hb!RlKJilbs$`
z7Xt>n*>(4E5|+FJ=jO@$q%m4m+fnXxyJc<&(AvrdMXd%7rx-Wz{B1O3NH{_p^Y0z5
zcf^zasz%>&mZ>Z!q3;)gH8{e{f!O|89V9tx(x8R}!J)-6>Qak@hVhhHhUK_sz{xzg
z?3O0~8`FtKiLWU`S?vYq?h#5DD$o^+En4Z<9q>`|O%~UJBT0)w(0<;Ps@FUBpU4f`
zH>=i~RW<9?$5>ebh0;9py$l?ShX0Xd7?DC!Hh}V0k#Vf=D<nQV_DWGR{r}Z8ok2gX
zNEVz_uQ;F4VeVw5n=N;}gxjuB{gqflW0r@9P-pugiyMVrwAu}KXcQITY^>$qyu=q|
zQ&frmJ<nXA)a`zp$vmG?)oMZkq?nUk*!tP4g=_~CD@_QHNFq>{kx^~tY{I66A>n=S
z0pDCvmr7c_s=bFjvuHr#yf)*>jZ2SE__ui)Wh)o2vgP@*p-fj>8P5Dc2=TP)O-t^A
z$<$9HXB*V)AH^w_CQVn32RSaiyarq&$LqlkhY(v^2Ewd({yS&)GRb`8_#40tzTn|>
zr^%k>^q1OW$)CXMfSQbmrU`Km%Qjm-mv+Oh;Wk*Eyd)Qp!@{r2M|<E2x1X<HIrKTO
zt^upOT|J5D#W6!DgSyl>fMz}$wsMQrbh6pVn`hn6+3JX)6|iDdyvCu6eq&7X`_&^M
z`yJ{kT}85k;I<iuOr8FPy<6Al%>5H7a=M?<fozd8U~UKTJ-GvEXf0RG0@q7j(!WJz
zb=Ek}>&Xqs_{O83Eg~`R<or5b*8>~q1CU;sk+EY^P^x=2p&$Oyg?BKk(&g5d5m=Ro
z(`15eUQF*F_sm>j3%W-^*miMZSKs>0_GuUQJ%q%=0-f7t0wP)%V?Hc<0-X)Ka7eAq
zWM3gL1q9J$15D>1d-+c}C?Zw6Sm=QbZT`xYl<Mse#He!zbr?xZ9}CFKd>t!X$s>B=
z=DTr>?8R(3Udb+Q>s!zSOU+(Kd6t~%_!C6qmGLw;0E*iVWh!FKgOtG9Zj1X&I8f}u
z<~?x8G`Gj<ELp{UaON(nXd@I-aAI;<Tvg_G?8+c<fxBa{fx4=m&FQ9JCYtJ86vUGu
z=ir~nk(vX!qZ(jt_l^SP3y26O?x-<y&%~(<5+D)?-zRxn7eDJgF+3F&w@86|vRk}P
z{NmWkc00RQe3T6$L<;HD5yG;P_FoM`WsGg%#ZBklz>*wcmJO;N((A6_qVoocyvyA#
zt^dz_Ww4#452a&@N#xTEv?QB2FM8*=*x)wo9LgBS&)~g$zl%Wabk+)+v93yM|3SU0
z1sbG%Ccft+3Yh3re~J81dY0!#O6++a(%$-IC1D3GBF!@=52R%X){f{hy#}RJ=-lQP
zeQ7MH{JJlvG4W_MU|??x`{765q{T~@G<#lQ)E^XF6!7p90BA6lgf?F9huD?`NW!XQ
z_9^;l?T39bq=x|Rb~ZHQTin0YLyl(dtgP~FH4dF$z1C&1E1Zyr8-GFhTRtSWc{y?E
z<}2(sL+C~^$M>sgr;7`0mZMypGbNbbm9&VMfoiP5*P2KLGC&mO(d{xk=%@qgar8g>
z_+89g@w!EmM<>{5+tmzaWmAR}*3V-Tkyy$Z93v}nABL$S<z-`I*8JN-NO{_v|LV1*
ze8mz(na$amxr;GMtfC3#NyLyKFlFy$2)o*Je@Zl?lXJH_r(H3dg0g;HkMJkZPv!xa
zzc^3yCfelo`~$-Yz?S`5Q10Ls3NdO+#XUyaA(c05m6#^TKufDHxsl<wO}?@h`ZYI7
z9y|SeLp(q`Aj-lEc6}S2&$xM-N7bldRT5lh`L*h6SU1rlL;%~&#BA;37V2rYb%2FI
zy9d7HjR8{?pOW91M^hE3SOKCHdb0r<3n+IxdJ2ux*#66RuCG!kAYZlO)aG!S+gK=~
zB~`~CayD%EokDpEKK>48gNgEe$gzHHG9XYdZi7q@SifH_*KEh2B&Eki1*tKZ3#oi}
zX1)XntSoDlf(zxha9SbQUftY+u?y|5D*1$61KkcojCmML)NGX08N6Fp=RslqGJz;o
zon~%Lk~aKI8+d#fPzp+~-_u-k$WGv*Zn^%o`x)wp$)M?G$&~d9eBlf$Pr6f|nDJLB
z?}E^Ebl2ZB6AgF#q{<QZYEGb*!#PF2@3WNq$PCD%5dOJwG?uNnF3MhDkOg52l%5e=
zi=9lv_qNy(v41iit$9HEzlJKBaKr=>*JL=4Oi98fv+iT9)urX5+<7Dp6SRxjOBx3<
zv=*!~l<A3<t(z{c-Kpt(0dA){Hd}J1nE>&ZRN-_vXKf^)d0PnC0^VVFs!<MBOr_p*
zb1Y@EmP(rGYQa`HF${z_sj+=+S6&%?o-+4L$f44stdj^Nsb31pVnE0kJ;dWv-3<Ip
zx{v;;0lIM<V^|8W4?UsZQ1hsOWEx}?6^L(8DvA1^O5mOlO>#wm_%`})jgVZWt!Y1?
ztM2i{(PPM|mlnuRjE!3$8!yk#!u}`LHd5%$G}*qydAoTI+ACtk@tj^8`wuI<uc~7$
zWldvTsxGL9iJV1cr7Qv)-FYolss=zjgVK7PcT;Rw)dnLwIkvX-alTv${y`Mr(T^Oe
zej)&=;rBWG(nsMhwJ6NzU@o0{F^MITO8sMr1aFygnm(1nwMJd?y!`wSofKJwA!Ns@
zg>ZsExnKP*z^6W&>M_{?k@Z#_R^9?t{9{PWMiQ0XQ8|zC1Ec#tWH*&a3>yu{wAg$%
zn&qYKG5aROf-OFFbfLi16x!A&#Ex9{wa52qGYRG&P97wN2gm4|R5?7^q?fX@8Be=t
zrO)MC?!XGnB6Bo~o0pK&Pa>bqT?mKeC+iasZsbMS;(G}zrQX?mb-~?(x>1q}zh~2h
zGo5g5-JX2DbdOQqk@XkS$s1!oQi~%4-xFBD_4l?(ps7MCa%Cu4z6^vB!9)3uO3}=|
z*}8K58Lo*5WyMjlxURK_pu=_H1IuA$RX7fsr6hAsNyJBk$s*oSWD1ItCzuX?WTdvn
z>hTi*LB)7>>-y7^W)~%p5*#bFFw?!=fXXu!DS~oSL?nnaqAF6KvEG8iNuImpC!Df&
z?OC%9eOi$apdS-<Ezxb_V}YX|96{pF*zYLMDvEPZE=<F)8|6pB@zv`PnA1p0SwfMa
zibsAFF3J`~#+Ou)dH36Y?$Sa|Ecxyr;gnn*|63|VX|V}Wf=D>?n2s|XCQ{G>6>S5+
z^}xCUp*Bg8zuBKOZxsIAF9gz{BuBl=wv_9!G@Qml5Yt!Je<vRQSagq8Nx~^R_lp}X
z#JaMwS(@Vp|L2!r$MVcv6QCz32Zp+EV7Gthu8DPked^!5umJ)4h*%FH$SwS}02rHs
zDcK<3Tp~Dziid0b-WvOpRpHteV9z>ioJ79CMM-}wRk`lG$Y`z}LC%~X-jJ+cl~u>^
zPs_DGA$rwOk@%lwm&jIHAT>xKC2CoCnasCyz()^o%0w{(uelJH&Wk9!VBT&6XWisQ
z?85kp8E$RBydYAZLT^DHhWVPqKz47=mj_AL!k=O@6wAKFT2h%<(G;24*QFjd0-5B#
z+}?&9NtFx_S9_sIZBb0%h1fW~V@1rI2#RWq+JL<4Bs4ern|8sdVcRbZFDR7McV~T8
zx!<jGik;JXvXL&bn3hnfz2)bWceQnLU<z9XGyS0I07?v#Ss_3#)rcE^#68o+vD1nC
zoR|3ATgsWK96DmL%!>=v0~&f+aZqx4V10SZ2l}nw-+fuY?<)C>vG?5Yc!`!CuRab8
zr#hX{TmvhAk+G4!QX8sj^h4PEduWY*rx<H1_V|>talN4vZUPKJb%r*mWcZdRc2RqJ
zK1+~|mXiVbD>1z<P5_aWxU0I5&@E&ox<3rhRk%6%+4r#9n!*n^jZ4{R0srM9%eAM9
zCxRj{j{4Bx1EzD!iLlbVNIo}YNII@gWZaCkMB=u=LAQ3xJW(<QZ@_dpFgH&Jdj6+0
zS$MKP4Y~@g^dmME$pE^BE0|q!PkK9YN9oP1eY${`b+rKKuV%>I5m`mW=B!(VU^?%p
zutW2e0C6P$OcLP=e&udkdx<T}uQICUzCSj-lO^zWlKHX_i`))gK?bh=N`Q7Jvd1uE
zw8MHG0O^Im2TCg#Lxu8(meP1*oS2Nbb>Agfmy!ybHH2{(qV%y1rlB6f#OZNN(fSAC
z=hIkTHPVeUsJxZQ%yTogc;QoB*qDMaYYZkMHkQ+t1y4u$V0eSx37eaoq5W_1!2$lq
z(@;9%F1rRJXFQ<vQL4WRks>G6h#uiRKxL*scA<Oy3B(X9RwgMXcYGd;D*)Z%X+XRt
zVLg6Hne%Rnz+&YL%s3Nz!)np|6SpCs#u?bhu$O8msw2E?^s1JiTE{V^@=`SYf<8N(
zm-><sZ<8~9UA_-j1N0`{DYiPits<FPu(-!~2`9Gk@*7n%d`Fv?;x*)%a0A?C?MpR=
zBF*&9*ln+9>VO2vGqSf#-i^}>YV$f#IKE3NM&W6TaH87uf>5EV-yZ<Y1v1ih!8YGi
zwiL1bmd^%*>LfaSo|{0w3b~wcvpk%~avP8D{!NJ5kjVces<OW$|Ht|9t)<E>N==n#
zpYNEk0iJ@Gi**Wyvm^qI*eVL$l7;N>4B}R^9Kxm&c+}(7;}}>tx0_tbL#5-@X{V@l
z=lj8@qoI_ryh)md5PccuavGA6TpsLl6X&T5*KR|eLu%)5Fb=52b9#pAXkz7&7c@sc
zi?=(SlP!ZF8v=LV!;ly1l@k}fGS%8&(|52kk`v&}h0Y&D{k^ydGlt*NopKfK|Falh
z7mU?<*$3(U$omyde7vbT(LNwB?WT@3`UWq$f><rtGTQ?V6~c@dow?n7x>c#Keu885
zYFf<#g5S)tgu0Xmx51+SF#RSyltswq<@l55@j_7HXy1!QhdeRTOe=6QV7yfJ%w48o
zN~zpG!f6u7j%_DihoxCA>)1G~x<iY0xPpC!KhhBG$G%&nfon@AMlfD9!=#&c=19rW
z@*4sonZC}n*J8Hta6-73&=_m}sBTf?Y0x*G&d@<mM^hu*LcGJzEgD{jdzC#UkX-8E
z4d}JJxlgq*sH4E>?>4mT*7=S!_O7Ykcq(d<{IlG<G#l&RasW<V&4asU3={Re^sO!}
zpaM}_`W@f~E%E!BT-#~6EL|DE8=~ypz%zp(^dBRl&%>TrX}HxtCs*can8*(uX<vKr
zr;pPox$yh;#Na5_#T>By0b?qGH6WkbvW&{K1p&B%7H8-=d-{0)4(}Z(jNK#$pK1+E
zxs5cKP?IR9?v8QHja&AYdWm5r4<3^mPjMe6qbW&e($a!D*o_#BEqC>%zWG4)FshR*
zlRa$SC12(;k3Btn{v)xdZ)7$tH&~tEx%=ai0feR0r(9=69M{eCA`&+w!M8Hi8Rp0k
zJ$xVK@DvjtSjfZd=Z7DJB6@RYMU8Crw|dj`PYu60hOzBT7Q3T)+X;d+-8>s*)TP{m
z$1n`ubr-h(TX0A>WBr~B<F@Oq!*?6VT(kT^XD+R9XheJJfgIqp@Vc@Z_8E1?edyM=
zAI`_U*Z=aFS~hCw!uw#5r2H@E<nGv_HwXv!{`+!hJdbT;;mNQsyGCPY|MDrblCbVB
zay&!gj_g($;P!mS)HDz;lV+iFpHB5;cmFEeprP^Lp$MZ_h{h?Gf86br5W=F#S%}?4
zQ9Rho^3a(Y;7_NNmv;;yS56~Z5ab3j#1e>VYEeMOU+&%X^A;<TdQ&0K|1&G?6-T%g
z)X7R^_}*&OUB!MB=bRh<C}nddq6!lE5`;Mtte$G=dcBD4`z_4DL)PAqO0zDd2q90v
z_`)phL2yT1%RryQ=rN5LbtY*nDyS&`?-_$Anf1=wTWwp~B|aIVEL)kn^ICgsH%**$
zw5!1G@aB1{4qb@}j&tYbTq2_ChAGwR-<<)Ma;#$feME0Y*S1}}XhzZyxg$JMZe0t4
zd42IyJ#c@5rDIT_JMh4LG&LlwR|y3Dxp6820vPKKcv^qHTI|<?&*flkQcB>n`00Wm
z*_IL$a>lORAkg=TZIGQF#uuMVIV=ckX!=4;1YMJ*WeF!Z-=ix#yd0+uCe^oJGJl~#
zJXxBi+Y0*G^0Y(IPU98zG(U~QICZG<L<}gkAWVR^q!uQf1tLa<N^1^C{)*aR80sSs
zcRTdZN0j5(oh(_;S`s;bV*Ee1)s&ZBS*IseIL|cPLUKuI^e*1qmsf)_<Eq(Q+Ws27
zT7R={K~^KETN}^S_|??$k}7f;_(3NcgLeQivhY($OT!o5>a%ag3Hhi`H*%&)WM9oD
z=cF+EHIICw_GORxAbRr@Gh2v_D^9xb_3H8n#*K4KDqrF^?wx9xl2aLRD8D;iH|jO9
zvBPsb6r-DvT>5B9jFN#)#Sg%16m#%Aar5!CXd{b8g2-4e254v+vK2*IOS=+AGLEi8
zuDOo4ZPN23DtzOsb$Pa>=paCbKM33A=T-@q!0pXR3acFqAz(&EC2R*#z@BP1Liu07
zgz*W<u#|#U3;95yedyhy2->~1^kMdJ3MTE<ZW*Jl`eQ5Zjpn%zXz#_Ff@G6w#yp{g
z^If%+Q_|?0Me=Qh=B0zo#3WNemGo(p@XJILz@G#JvzKCE{AsO1T|bfS%Nh7N|3UGO
zb)WFWF-Bgmx<=6$Y3yHWS7&@+w^)*KO&m|D>7tyP;|>Q!vSRv488;uc$T>S&HcfI8
z%{T)|L|XMl5I!<8tPg=L_X-v<L^la-^)omVSd#6&fPBDp*-NnSa>(;08AZ=yzl}1V
zr_=u+%a8@j>jMH*^Wd?oKxl$gWlUN**oiPvi|8>Y!Z(UDxK+w|$5t>K)~sQ^;Uy_l
zav+Z~%+kfRpg@wo)-L$KM5!4xI*_U}X98ATT1rvtpDIr9&~R(_#m$oYf~AEB6paU1
zkhZi+E7|(;-wjhKq(jkXGJFku81;034Z0*JzYMPSA~k&dL-&b92I|<M69~H3+4dFm
zvmC)?>G&B>g)mi2<$&s7;##s|I;rwsxGr(8r)sZG09IlGK_tXFQpw3jBV0X;GX#g#
zK)_u+B11Tu`6MxLfloWOhfixJ_8XF~aH$^sM$Y%;wE+Q`il}D$WeO<oXp?+Wtb!1H
zh0H=o)Uk4c-qf`Q?qtm0h}4XqEiGxuUG!g?ac{cqw*d1bN$LX`Sta?@Zz|Ik<{WO4
z*G2=OgpHnuUD}LNxeS$ZEDq2kq5^(<K=dR@kleC5(1$aPti0#qpXR`7gSntL>}B4{
zK3&yh{A80vW7(gDVthgv*PP6&8qLJtuSerwsRLIG*gN4eayslIC{NXMfr39fwQ+o|
zF?3Z7LqQ3PBeKuD(6;6uJA!<HKb)ME9HPF^snyO0S*KhTZkPQ1QSBm=DLr-EdzqMJ
z*`Biu5>=6p!#m?_j3e5`9cpIM8#FHnNxZa~_pQ?x5^tpip4V!j2&47KHXFxPsa1vq
z+k*;OSY3EGC^0gJCjpw1TEB6QtOS2&1Iv!j*V0=)YyCISo$=J?ax)L31q?m!G0kv>
zH<Djw%XWQN1MvtK_f|InQ(g}s{zzdbOlAv;UnM{{fTftz21v<eguWa=FfxWg92qxZ
zSRsHX9jDelTq?;U!$&t*>2C#cdzFh%PqsDx+vtRu+r>ReM;B<%B>NhdHuELr!cc6j
z#1WW+{<F3-9&Mf`gLE9*aI86+9)<d9P_5Bv{m3~lo0D9k7qtWz^<h_9KmjEGG{Cz7
z4x86xOSd75y_jHtD)g7N)lVq`-kGh9P_cm;!muk}Ql=~7aK|~C2H)p2Ja0V35UrPg
zyiiIjSR!k|UrtCI`PrY^6C6?fdd&n+_LIOerjJRUm&bKfFQ_kX-A;s*Jq|IWdzjcU
zqEU%4;RG%igB|=hk=Hnqe=EeZ2|p3~up8>+NFJ-c$3EG5&urU7ojAUXNU)s<1yPN5
zu{~~tx{9iMXRt|=%^ZXqczg2>DXG3L(oCh>LitsWhhxUx=yla2KFP+;sEi(=&DczK
zm$OCM@F;Kv4-BBCB*D2o3=GQ$#JvM>aIE5-4YQF7fA4s#qr!GAu`}n1OS~}O494^f
zA1w{*`s{yw-L|RI%3l2r@&x854jwlucF9xWy;LGL)1eI3sy4=iQ|Ez|w-lb9zlNs9
zkS(TAWviVdkH$;>=I`Cdk2p`um16BYF-$ea;6fxjJ*TtwQy4~6k{?J(ydUV>o!+c;
zi%MO(bXdEr_pZgq=ELbXY&-PtGD-1#M7+Y=LD`BfC%~>USI1<<qadSmZ0*3aM#MQ0
zWvcO<dkvl7<R#8KyR~j2_Qv3MOQ3p2K4z79`Afr6!f%XR@J>5=TWfrs@Y`D54q5E1
z#=&s41p@B398BM{6|A>>L_^Gfu1cRvBjFzYsq9{hqB75dg35{4ESgZxRrI{eLe1Il
z@M3zn=pqMidldStgDbirPs1!9<?5Z|EEJOr%l-ruAe3Be&<v0>|1FzAMAxV(g>;<}
zV;hZKtzR<Qrd(WgnNn0F+b*Pf*FEY1h>F)zUDF+Vv}cz_a;o>^IC!v3=iouDcKJ!N
zs?mcREw<l$zL(6WQ^>UZ9rv!`^d>wV|LwYLtM)S-FY>@Qa!aeYuB@CGu0y-Y(=EWo
zx_MWFoziMaLD>O;q4As@uqE09P)WhdoXhdLYBZSl;WIk=FZZaqiP`$@%-h8c+$!Cc
z_MNyh-EBMF7&aWHZmyXsU*%0XUfvdW_`ml}BqE7qB>L}ggPJkt2&C;zt)nMxa&`g=
zoWKQ778d%;x1_wf@bQl1c~@#|II#(4Y>LD^$5i(PhBnoL3-M#7XY2+9kiVZ|c7oWh
z3Ba-0BXY1*x2F$ey_=MTH&8w%K8*PrzFi?qwlAO%gbty+&(zVLp(wpWwLS4nDqFZ+
zt3z!utTLm_O|}a%u^oz>x%_RMXfTES&8MU75E3QxuQi+~gUO)aVq{T$F|yrmacI4J
zwi&lcSTBnjUP2y;&lZOrU`?pG7PSmSR4ZC?wOrDf+jof4;2X>^XWDheyS9E7j1CF~
zcIiGWTE^4(Kq~nsdMX=Oo`5nrDAhZ-9IoR;hBO@P9F4dHPc>%VERxA^bK3V8+_k*i
zo0@V~LuvPtrF~q7m!9asq&f_m@ePAa!%tLsryrz<q-k9io8*qf;K$m3qwE&}*3n4;
z!M)|^#%^$TT3nIghwWV(X_2BK|0cvuQ7utD6*!;=4ddZBg=HN97xuBkncmgs`&@yG
z3C!mUw#@^a(=TXk4-eW#?%Gar-NRlZ%}ArUyf40gIMc1$t0g5b6Odzx{Zl)g=4Qx<
zrE3zWrFw;TiV;RCzEi`RlddA3n6LC^2wt(YxeX`h!~JugJwnnC@Uv=b<N5-3yiGC~
z*OOtx`K-r>7em-RMVloC-Ow%gVw=H#zP)iLY;VO&?Ifnuupkh}AC6nNgnAobJA#4*
zwV@7atHNrv{Og&8kLaki^kx(dz;6%PwgY5>xi!R@)@@ysI<*)eB54m#`sTYck66GJ
z3Ye<t+h|-$M1f(Zjw{+rk#mn{j5buM_&k<P(qizi6mj}YS@={A=7*w|#EIG}(uvDn
zN54=9GyIrwm%zB)>-q1O=>qjkzHkeIpW?QDLcXj@Ka_x@YL*jPxt5J;8dc?X;2zPO
zDqM!j2vQ5IJpc83^F(eicKC^5?t+x~bd$``sz%CT0l+ubtgYl8np(~vJw%AqU|cga
zQNad+^vy5rQSLGToet;A{?H{VV9!g9d2)zMiwB<yDrZfNeW2g$uVg9qv>L&wbB(8o
zH38LY{^oHMU}jGUy?RuLJO6QNG@V4b^VsD9Yl#}q;BdF!dYT9_!vBTKuatWgi!#Sm
zVN^crtzA!rOH*cmN86$pt{9@xB7-L8tkL1<%{<nRVXQ0|xGkj(FuML(_5>4k(R(8E
z6sasjhrn#Pz==jMdql4Jq30;?hdGRk<u{zzLnEuycZPe(;}){-nv>Aw&iK9vH6mf^
z^~>^uOG^xtEKm4q|H8znUXr^pklA&;T>sloI#p5|?Y)q+7fCaiIm;a&*jOtNazmEf
z4#cB2VA(Qt1t?rj3yj8^J`L0KG<Y7QLz=p(b|FCDklUJiywCZep{$)IPjS^so>U*<
zoE6L(yQ2#yx`m<l*R=K{WwaCEdNVkyz5fpIeh!2}3HA7=?FK;hTKgfW!;7iAf!io}
zm}FgTgn&0HS;*<bc-R(;H8ZrLXpsiBQTggpok*qT-sfk7#g`@GBW}(NqLN2zoH@g#
zKzJ}hlCWF%C7No9ySVz#6NyCNjd)Kc0Id)H{Vmh{3R5y@NN;T--QwcUw!^g>+~!D<
z@l}+J{%E_nx8zBBQiuQ*&F=W$mE24?YG1899+wd`SI>}qCH<2M@Ha9C|8J*MlVXa}
zL1Ym8Om(FeGfhXb6G%Z>yF`Ua=m^k)FrRIDQ>tt!gS~@pIvODCf`z#5UR|6nXj{<j
z)_(m-Smu^ZP4NCAVk9vF1ltwHG??T#B_p`#jGr(%N0_xe5;o#-d1yjJOvosCqYiga
z95X0LfF4`#OK8hJ1bzsD#Y8Myh2PX)P(_mw=XMemWhD$?qqvKkI7WEhymRAe_ZNPV
zf`O{@_ENbi_OozQa=>S6ygx3u1Is7y8R;n>(H00C{k?1v(~0B>(pujjtNkilZE-IW
z0p7Qx!-F>crYzl)Xk8&!^c*^c<nk_zJ)}47ecr~0IAX~)E0j$dx;CduWnCjVxDimc
zC|K2h2zBL2R|^Sw>**;?MNZ3tvSTG7$v@Zhsi;<=|9MN{dI=}ts}2djVR<~!4aYyF
zW4X&62Em$k$Bs<w=Iw=>;^|AyP2mZej69j=9JW(hdx>AUv^|<+kNMHM?gi}DzXpC!
zeE`V!zf$K<|637)ya)V8VQ+|REpI)b|1Ni95nY2x(DVOD7Q}=UTS${WzoPYVEVw<s
zv4msB9trBuBt24P50JKyM>-puvR<MwBE3Vjr0EvfSZcV=Y<$DhQz~_tUnv_2)$_&s
z1PMAZh4A%jqjk*j?Gx_Py%i>S$B)l94HI3h^f#oE%v^yD2w+rGA>9Muiqg?t8Bnx*
zzgwD>GN$$?uRU7ChDkD#j;)iU-F)g#E~=eDWY!X*s^rvRI_!75HGo4S)b-$e-KMNb
z6p}U~<}ZyA49m)aLsiW(O=^~p?Y5uKc(d+l9Abt=w{hd_9txV%ze(-JY3afylarw_
zQtG^HJn&?&!;o0Zt1)8QhGcbs9YM~x33LV#Z3iM0?ZT8q^)OTLhbA4eqRP~OT}F#B
zDIJFsnd+$p$DbU|t0-Rq?0md3deKfj8J{TzCt5Z&Hrfb43vc(gk}L`VxBTmnx=IDE
z1K>tg{vXtRz5QK}kXldSHsU^c*@!EXbmRXOelc@7a(X65YVtV}MhJuS=XtCy*zl*<
zV(}Z{$^#~~kTA7pcPsOkskdaQ3{g^7Mm<C<+{UfxAU!IsBNhLm$U3wSlVNd#Sw;E(
z(DALvpiqAC)A)uPdO&il4l6v8HXB<SGX#W!53p2G@*>nhT(m8Cp*voG3ylRW8{DEF
z!MgAH7KNU6xas1kQuwy2mZKTwE{=KCZr?f~F>#CV-#Q3x5q%Bd#br{eW1X|8d$AFD
z9Y=)3<vpmjM9^9D)CI*50AZq*>Yowe&e%1uTylil>}8wjqUF0+$1<N+@y1Q`ql{4H
zE*l@sb;0nlg_%u{koxgN$d@>(;0t=6+5a8k0^aT93nr2Cm1=KlnjMSFZs9*Ey?y4f
zQw=M-U?Wkc@<ZD`9WD8(QHT{;_Urk;U{UQ9l;Bq0`=u4Ke$2f~)j!|huz;4S6V}17
zlb=f7Bd`aU&yHu-vKV)Bu*X{4`8DL|PsTe|s1oxU?mI)w5o-<e2Z8jS(04d{WGFY=
z{(aPzqf5UqwhPvhwm3Z^^dUavc_a#3oHsls*66bi9fZMyTbLw;_cBmy@cj?1CM0$r
z+dU};D>ZyhJ5aAz!hn86w2ywlByO~XdU5DscS4HwOcM<LpzkTevm@x*U6tf^52@Pk
zfUj)5fW53f6k2m>R;6HVD1YfkxP(d3eQkZ4rQw+9<Td_eB8}u5{c-v?8ip_mq`70^
zp~}l`6U7Ghk41C-1?GZ$m}&iSfS#<dw&HuwFP`B<$uZa1=HNyhS^uxLC1n$?Bt>^z
z@=BbNa)T1S+?RvL3}w*U6VK94QOitucDO)!UF%+|a8=&4>bC+}03y&rnlWfxMu#Gs
z1*fBM03qsvx>R#p<>9#(UGj%516o-MrkkJwXyGGO>0&7fzy%als|UIt?GkaCt<`-Z
z2zIYGlHDki1b=1vipMv<lB7vbk6NP&K!&dwEq9?C*9#Izpd0n?V*Z(F!MEj<e;A#C
z7I?A79=(t}7SmE0T6sB30_tw*^wp);+AAVZ^|dhVHDhgG&lo1PIY;k`DcA#CTZ#u%
z<>Z5XzyAC}rr6dL6HaPChu4hM2fZ<nB2nqqB0HybkhAcsI|kREZ9zWPFi+<9ohCu0
z`kaCQ4eX(6$2eg{-<t;4UtQ`0)O}I?-WxBdC%>N8y3l0N(ab8A|7}CV?wcjFUzTDO
zVLE941Ky+^C@f~i*jn&W%bOh2cW^SHT5#pHqtFd9njp%z=f16LY+5XlEGWeR(E?$N
zb0U_au3BC`6U!S*C0MN>`cfZm?tB3ke3&VV62GO(zJPGdr!##m7yV`r`D$M>-c{G?
zcfL7y>X+eypItTZZ5_l-QCb7Gt_R{$xx<Lh1ehA^U+r4nD==KaertP}c~L5qs>Y!W
z>Z2hk-12GFW3_Pw>&MB~!{R2as`mtZe<4p~b_so6q*RCSSZIXHNc87hxYD(FGbmGA
zS?as?#A+)}h9=PYna93@@v&i1T=mIBhZVe5h81FvjQuFsv1Gv?@C^I-N1oXZw??3f
z7WjE9mOO|X?q2q?|G#Y0m(|{?rkhTmG<UY{U04vOSH!GMVIZex2Y-BZKP$(J9NG75
znwW#trZAi}p|(41Fgsw6(G&PZxa9ilX{@cB<~Pd;9-C4yZicMkyOn(aJDb5VUe<Ha
zg7cGFh$#`4c|2$5pMC(}+5B^;kI%dy7kyc<d0~y#l4K!Em$vrgPqX>jWJ$e^>XFWV
z`2bFv8p!308MEnIUKk|+cz37J(YYII{7$XRF3*%=9kAJHj6i=U&Gy+&H-BY}XYdbp
z<wLs*S~3NMnVhNWI2>jM#vU=?ynN!#cTqAMg^*v~#GWxZ=YT0+T09W{0{94Tb+k^A
zLvY+(J;em)Yly-EhuXFyvp|yU7r;Uz*_%oz@NhbExG@2Q-9B#72St@D*9lc7qg%z0
zeEyUHxZ(1uI8W?eJ=78!GrhoO8L^*Uv>M3Zw4GYDADSwNzxLK-+Z(Z}5%B}UbdVtd
z0~QiwECj`F%LLVvMWaR6pZ@!h<B|M2iIt#+`qMb0{8m4mP1EFryE&$~zOA^CkS7Jy
zgDaqFLMQyxos3FtB!w947fbOav9`t48ex+9hX_C1Tn<29C3h+Ae}p@}`VuZ-#wE-$
zoNz(~Dih?J`j`AGU3isu&%-6N5lDjiNoG3V;(Yv=AB5Ml7teg5K41Y=u}IybbF_Km
zoY-AaqW>?AAwMdvSso&w#Zs;VHumgwsj(f}icpCP{$U(W?p_CGD}bgRkBM>RAjMEQ
z-Rs2!{?Bhk8e6Lm_VEiuJNCmB@;6p?|BDsdH|_qC5KqupVTw#k;y;b`4FgrssYUJ~
z%=(b0Keo$$=*QVY4r?L_M2*B}oK%2Kt`nJ|n;vEYMosCNc?rSTE0M`ENAecJ#_q%{
z?@2eD>aw8}CN^2nWs5byl|tCJiVovNRrasV4}wW{Hc(T?sRtKOPLwB-;Bc!+Fk;aW
zD=t~vDg>j~NjNuoQzA9LFZzpN{w_O_9NP~M#$;}p9?lKRuCv;zwz>(87L`wi6B`z#
ziHsc@Xm8!+h(F5krfrpmus#tvpDN9nnZF7#fv|yoqdNtNq;`uKT&-$RHK@fVAdNuI
zUlB~P#zoz8P4MU%J_(|xIdsBq2k^9OaxfJq5FK#HSWqC3FMEF<#WS1`2?Gc@l&u>p
z8ovk>o`?`saHH&!nRg6bggdHJ^qP&b<oGW-w|TVVC$x=67Um(GS+=QZkqNjSahj1B
zD{m~!)<iA^c5#v7#bPBK(pc8dhywF(ZzdfTp2kl8t|e7ds)mG{k!<dsK<j>~bnxTe
zR&0U!f5WyyBpVGo@Y+6L9uUK$l4y1PX?HpvQ3pRpCsfS*<<rYp6Tu<-&EC7d|IIca
zX>&aayb^<}f+s1M<+{_E`otS}b9e#8s=DOR#6E)}wC78R-$oXXv1LLOxx)&rhyAh*
zZCId_6v4R$LVU4Wc+P}Imf7dqO`>Th6DWU+3K}dzGgKg-iDJ3z1*J9a5*4&$$E$wq
zg>BUfj<z2)iLy%11^cpWAylXF8#JlJS&uSM>?i+|MIqMcw$iJ0aUm?J)^0@(^*-Xf
zgae%47&h(6tyhs$V7Yab96=wWGXB^s4C9)vl4cd=H|iF~IZ(pl+_ax<@w@Oby0snb
zb<?}!5|ew4rha@SAM+`z@eV1HWTm!^KyiWZ+=3MOJ<C2(VJ0TYu*?EJ;$JW9a$VmV
z2%C$~(mNKdI_yyfA_BmgIJ!bsAlA8mBvWDNqGpGP!$#_@WuEzp!>FqCR$xgFf%1R$
z@=c6Py9Hz&F#9X-+)G|5TC<UI0C9!DF?zyOgnomeHvaEyJ5?oCpAB>(3qm7}638T7
z2+K=?Gbu_VaJlXMJtm7t64-FSCF&;<(@~2pIcJApqMEslAm&JwF)0Rr0AI5Tk6_P<
z%ctSI&UEbW<4rMa@Q)42reQ%vY-nKyv|*T33sp5ig85Cj`>BSdhno4(U$Wsr)Svzq
ziC#kc1CU(z`m~eFh57B4ki=<J#mZ5L);J{+<(V1qGz-$)oj;X?UZ<JEs4`-z&@`3w
z#8<Td^MB6OEif*0aFJrH;HbpBszi@D!MX&c_VxlO7{b>g28tSKCz@&}9OvG2y+?mX
zS~@s6_e?YZ=JjeOpI|#Me&3`9!dg?i{JR|-?A#~?ueHHB=puSqsze9b3o66S-Q)>K
z)EOEEIZKA2PYnK1unuk!+Jq$C)tq5gianILJLH16OKPJ{eVe+M6g<qo;Nct7v-(T>
z&<JNDiX)AX?@vu3xUkml*Zna}il^bL!|uq{@WL{YMO!!^Sp*UzZ*hoQ!Z(-?olu_g
zguM;@ca&6F&uVt_U*VZ!|2b#h%XoNR2YtBhku_;;%7@mG1BEmI4Q$t*&{DIU{?{1+
zJoI-X2(YFE5O57)nv>#!6N%bb{oWFmHSq`sS%`*Z(T9#K*^(r(B~r5SFUocBu+KO8
z0QYUzn|Aui{jLwy`ppV)C)JNc6{UXfa{2;_yUt|cZ+vf@LFfD=YDQY{$&eo+a^!!<
z4Sq4eh!55ce9fA$6E-8DYvGH4lU_j_zJ4f!OxQMG(TBYuvxZLW6aVmBFbtmO`npM~
z$n=DwYbMc-pj1XOrGEy3P~hB3%dg|R=Ik^UE};t|V|zS=WNhd>z%~)L$kj@Y*yQX_
ztw*ST+9<^b7rcRe@m9<1ICU{HVE6^t!h(DOjJ47g06mz&_L7FWTcCUF7Le`pK(Ur{
ziV=))4^z;Z$AN@?^nr1DaHQ;V&AVx#y)#h~qO(lhLzwPNw+7(0ZQIyw+qS;8?cQzg
zwr$(CZQHhO{_mNc!F^pxCK)BERMmQxR@}<bAx{T^|5ZO3FGY9RX^qNbQ)bMugwRqm
z_uBz)06sWAS52^W;e<;)ueeDZFLjmt1!m$YJuO>@&V!<Gj~aJ;_zn4bdZXE#EZ$Y)
z_EEw?_sbUJ+jFM?jE{mlU+M18KE`r>h-xNFy5(HqKaQq47lbi4aR~llhNOtzxK=~l
zRP~%+>2x93izl3wLY*P?(zd>g4o3*XEjKpQE8oxI#>+DFr!*0x{5}viVsw$H(_J~U
zey@MWS_d0htmtwnY(J}?#`OIUNR?7V@Crr|Yg#KvrVIo})}CRW@j;&B)&`TZ_S&L4
z6osmI`eK<F@JOsf`rt@=lM3FpB)+oN@lOO51vF$1V(~y$0uns9YNwfT5|g#=srdsn
z%nwpc`;a4N!+GYn4rFF8VH?mELB<w*##JA2Uk#<rHq4N$9&CfW=$t+6&YyoJpIT3_
zsdGO(_JU=lbNyxpzzpdID3uLrsDxkOAolz}E%fg**E?51`fzBKO4>_-IRP_@kuqP_
zWICbxI)k@*CzHZ8PG@&xn9}PVbOn3|2dMPHAnoH7ms3nI=n`a`wZZBoRX3h7Ul}xq
zB*jtkfOc*_um@QtAn80IePqOIZZD+{E}&(O6#{wdPqgnE`9{J!?f7_qbrGcaA9x5@
z=f)k;c{z>r+dO^?iugvkps^ihO-!@ZGOSQ$;a}Nau^$#UAtAp$f{D<I+WcvYFA{&i
z;MY!73n0xO2@|Y~NyVQnUyd}Ai<6ziFCob|oK?jJL$H!yC-jv3{3>WegKN*K4d&=b
z=vcE}e4!>fv#t2ALgU}k5_inBjvZHFGRP^HLJ6jeoT(jGt6px;lA{6hEkyHD=MhAL
z0*J|Di;+GcV;I3=w)1*Pi-X>^M0n*#2hJJpS6zo?PvJ?Dm6%NG4Yf)GNVNg~oz}d-
z^%-_TopCt{#HFsB>2;h}l<qA*A5&^YbOh5Z@Y|NY-gn^A5kF_pi!^tfkWw&hAFxgZ
z34sWzRrJo8&|TB*<y&kfjyo=+Aduq_O06x_px4S$8?rM;@~X}(o{Zd@K<>_<X#cfr
zhdMLWw>KQS>%>BB{UBc;^GUDD1RsDQk_=9+6)y^U!D+6;Yu@(ap*LOUF9$F1?sX$Y
z2?;KGuqs><r6xCJs`jex3U$3~Vl!A{HFN=ij*}WUV$wRstKbylirz8YM)3PLaJ?`(
z6(Q-`itcZg4tov4Gne`N4wU`Y;%)XKxZdVJgf=-<nbT_L74(XG^%;9M;wLk7`z8d`
z<O3S3NCSK!oTBQ^waA1bk#}qk?C@y$r~<vcq9F;r5H$bS)NwZkNz~z6inybfrJvcb
zG4NLVP)fU_&b0gOrnk|%c<$6yiH{ctnKUlaLORhB<aH0tKl%2c`dyCAi7F7+`uBx}
zklSlZI}9kG8Ry%f)@X?`H`ElwkIS<zrICp-!Er>Z+r|&d9FOv!4umD`5H>?8y*z#Z
z2ro6_K``FgD3T2EPdXS0Ij^)&d2u4*f2hZJih>M3>g{Bs>!KTnl8o<!E%RLDoSGV&
z{=wCY!LLNFlHRNd7IBS%R*rtNAWKnykasTokzHjJz#FcFR}g<&BaNAV9)ci>z%A(*
zSUqE0)oi2eM)?btXCA@N@ab}|H$T4bum>%v6xhCr4$e*%izQ$<N?K*Ml3NE6f3RI%
z%6i*_^18^g%2NNObQTlDxH6Ie5BIxF1eOSn4e%h;AgIi&ALe|nUfpDv!Oc{(MMm{T
z6@=V?Vy(wi3c2~7uQ@uMGM{a!2emqEl=tp);reEZ@A#rWT=L?YT*lj6e-)F|+4(?g
zGqmzOiGFM6N?xvv<fu@0p!~-~y`NfxAfx5t<Ak4bHBL;1=z#;|O`~YnmhMEw!GC@;
z9Tdm^cH~eYPI_0({;6g2Ctfj&O{OJqN~ae0t!Msx(WH^}JV%_RblP9ai&F+{@;oVp
zO1(lWBa>ycc$et`M4EzWAvkoa96$eaJy~|b3P*#i!}X|3NlE`CO2lOSQN6zZ7ndql
z1_NAC{$Ig%z7Swm=Q8z02v^o}I03I{vR6Y(+R=>U6;|l4fM8XRc`^2b#XPuPr?@S%
zufu2Lwu^>%AkA+r?SCK(i5^!YV2uCe%_;>f;aha)#0-eosZtW{d!j+{d1$qsDTiMT
z<b1}oE_x|WkV9Dbnho&HVni2c7Q=XQH`>tKn9@|Pi7~>}45ajh+K2IoOd}1EIYyW^
z^6y9mgIwyz`HB-t2290^pIWLfc@o44t6^Li{qidJFDWDTI{)HuKjvmFn0GxU5{>pS
z2iB0OYD2)I!qL)zGb|DnZTA`TC_OAz{!O*O9)e;ihG8xu!!ESv5i$6Y=MCM?+GM{7
z5S+aKP4VMv;i5q1o@l?qSo)eHd5L#D!@2k&^Tn(Fhq9Zea|pB361fe1wb!24_x#-I
zBlO7ISrG5)%)))0B-4x#$=u#BdV>W&vJ#ETM~C+DGtiD+#A9}0v=6-&UGv8xo+uHL
z5D=lobf&9)LP4nf4le99S>FpyKPgD`jy1ECxGdVi!W|a+Y`ow_K+VV_@v9A@4=s-Q
zLZjTWhB1~MTdPFHM0}c0%Vg7N6l+;95d+!p3g&B3waCdYUi>DSeaXJ(HXIrx7XKA(
zytVo$QEu(S$t&Wbsg(O<B$R!%ot|rGr6NSuLPL{1>u|$#V(!Y}!XMUYkbmsurPAr`
zcR^&>$ILP!PM?g?!RNA9KYgyr8tcbrmZV(kpOgGc&_oz7%$Iz(pOb){fXn+XQB5mA
zkzj-ifeaG&cB=wJW(<5MtJ=5a1t0zyU_&TYfZM>X&i4w*u+?XTH@w>JH(s^B`xgVq
zK7YG5g2tuR`hdYSLaLVp?AsTogRDvSB9IIOVMZ_rIQtI!^R{O7&}RN$-)eOnT0^#p
z^HPTNk$b|ZQ>6m_Z#Wsn9*8++uWezOrfk7eNB_4pOnGGuC}^8_XmjLC>!)qFb8O<k
z(^zhusUEBgciXs@`opnwOn&|*e?vWux#Tu!<}Q)T4;Uh{l)FgflINSz4B5bn5$s4B
zrr^c>QAWshkQAR8@|QSb#d1HpiX=z(O?K8k`NA9FItMGebygix*40eL6<Hmp8=5Y8
z4=+uIKuLCO%iX{>rXlpshh*<b5M1zF?;ow{OK_}|m`6dZM|H?WqB0VV*Hb{!WDTY#
z!5&OQGkyg`pCMN>Q~0QMCgZeHG{oD87Q<L@8#*j!A*ZOt-|{$>`)6zZ*0!%H0lk}O
zV7y`fRDW5NnF8UpKDw$&o9|kT^OW59SkCM^bK$Po=@E+6SEth^;A{FoBQA*FuguBm
zYVT&FK1nVHLK1F9u@-{`5?wmD3G6dg8lY|)uNdiey;w}0BEJ5k2Gc*?>F7L@9HbCZ
z)S1{*n`;vP!RVKzaUZSU4rwib<$^TMR}5JO``^MMr7=hiVRjp!I%lf-D;0M|IHJcz
zp&jf7T=@?$h?+MXZ&SzOM5b1&Lz*HRD_RVpzmxkcl7xr=50lyrX#_`R%kZ^&2Wj}!
zoO?4PRI5-@BT^k>%z;7=oqw-4!I{mD@^#4m8=s}c+iIzzgkHi{NN;EX0;<I-SaSx$
zTOm`q-#k5`-m&WDO8?oW&wQOMY7TPcf*b0a!lV;O{ZUFJxZSgOi#{-YQBMz4*`RFy
zZ+UkSS1+40w?nDxs4h7%RKM8|%rJ7)3@zC(QAj>Lht8%HhazkuM4@#yXDno6)ok`;
zZ|spkdXN&`JK*fYYnzT8I1NTnj;7!Ln#C+2#S!PWs1XH41o%X1LxvrJlR+SpWPe_;
zMFGg#OE9thFLe>Rpm~MiIu?hjECThBL<#6)qmpTs7CSeQtBs7nEF+>@2!F4yTcQ*f
z2B(Otf8$~p3+-_l>|d$3b2{+y-ps2}QGTttGpRz`!rCKHe9IXNGyXfaN!H7hIGiUY
zqG#su!uxpeE*B)A4wWHvFm{f}vP^OPqHG5o+GKC|H)95psNm9)@YR^BSrf->o0CFg
zTJrNfD}8WI^}%+Y%JB~-s`(n}^LBJnu8vcG@Wz4)JWq2yKl6#abri3qtTG<4hg_$x
zP8xSM1eF8HJ-SMQWW`C&ZpnsYq^!*orNUkLS%D*j`RRrLbf^_a6oED4x77}#f?cX$
zs^i@+JtE0@hw<I0#N^x%SXOiiR^|JT>44+XOYE?B1WZEoDC-4E2LfO|&_Sai^5=5B
zAka=lL25P}feg<!Aczv@!b>HQBzvYlWY%s3hb$9>-m<&ASp$f4RJ@ik#C3lEgPVcD
z*(bo?4nA_8?8XWUMG1{uOu~|bz6$cZA){mgQSIp-S^4{s-d`{VA;1$$V?9vFUaiNx
zZE(&v{mb#<#RjYpC2iJwu){=6*6nQ$JQhpVrxo9a?yIXWs(PyD%C%gvuC3E)&Kyf_
zVDzIN7L(<axMg?l?8o?T6NTPylpA4FL*8Av`+~7z`;>%XrWOKtd6=>U^>07ln+PNN
zBr;lF#L|?EbTYLKa8os<#gZ^*OvPG4RJWYKElQPaK$>Cx>+mGftQpV^c7pHHu)UJH
zL;tP>8AE1WGOT19=ax@I7QtF7u18COfeXD=NG+Zf)YES~V$O8tsolzn&3i+QLE)Ck
z?N3MBlyZ}CE!?P`O($)*rFZ!AUpS~e86C5=4-*ZWyxM_V+?xpEoqMM(siMyijp#p~
zYE-N;489LnOkM6{6u}@jGik^u8m#7|Sb>!%{Mp8?J!~yInd-_aTe42Vr(4Cn<CT48
z!jP?8S(2UL;R^k;_*I#Oa@x0(#YnD_%Nv-a!>0NA%x1-U^-Fo7Eus&;jApP`t$1Bn
z2rn24%jz8%-gdJ#Pq@hAFpKGv`C<6IFe@J6fCAn|3AM0LCC|ufj}=V;BQD5)jW6PW
z{4Z0r<o^ut5-2dVB)Ay#)J-_fyXGeBr4K?lp!)8rdk=T>YD0#Hm<O#xCT86!5mkL9
zr1#dB5AmPxzIr=TutZ@K7NQ3Bo21nzGa-CW23&QD4ov{_2x*dhf!dVL#TX3b;%qF6
zM!3STdQwR}AL1MC!G^Gzbf@qqAI6%_&oH$@VQF5j?5+HsK2@eq`=t0l5F|I}R1)<K
zfuF$m^WUmq=fDII_Qx#CuDJKnH;Q~eW`>#(YH?Ke<wvHgXUw`Nl@GZ5%lE)-1~@qQ
zl+GObA-ZX2Q?{pKlf;=y9xPnjBgL)nis7<zgwss@GlB4#g(crH@|GXrPETBU$f^ye
z)1^}j7;=CT4=bkILFVnHVFW93My>Qh&jG0ZG~LPgn+`xjKLX9J#h!U^v*)G=_F}<Q
zGFrDN%GquXd8$fg|7@w%*@v_?7>l@L5{pVjv(dhHL6N&Q&KC-c{?TUk1f$QJL~`1y
zhO3st!sI^*6DTeAOAg+%d%nmP*kHrq2e1)o<G+&q8+z8{({F2IH8;H(<zn=S{i8jQ
zZ6h81hIg1)?2=|S?gC$63~J>VT>S%G{^)}7ebX5h;k|0-_krQZ@EX8eAriPAna0WY
z%4$r_sATvwbW(ddNe1P1e*f+vwo{5AyF{0ozd!iYd>Ndg9V)2u|Cp85y%nX6<tv(I
z5{fnH^%7Qo2VaZ+d7*x~_JENVV1IP4=Uaf;u#xgyZMge$l)cSl>B5qCjg7j?$W!IW
zv@r~Xa|XC~Gh74o{_cAQHFBs<Cnf25JvWHi_|v2_J%P)9|HnbJMh|t3qSQ3Id1B3u
zlz0Ej_`WepUUFsvce~17*hnx3W@0F9j}=D(jy7`0J;FbcM%I-C;V+w^>$OAU;1h6~
zrPgn&;b9x)$o7b@VUq!6V?Bq0=pN<4sd`xpzZ0nx10BNGu9D99plL_xK50OOYuiPE
zb!Eu*&Ojr~^?O<qsC&vR0xk!)xAX;T7E`Li8_QGY>0d0@)RS~wh&@k!K`S(t0rqh)
zX^yNHzs*ul5;ttdp$#SpmMNba_s@^1nCVKt1F!{EIBN40pBHBnr0|uEEV>AdRyFKZ
zDow%$zXQZm0cF}u?hcP7OGv2PxAX9Wiy71hMENOAX319A1I|IzupQpFJ<FurShJip
z%}H*Fm5Dk=6JIc;bUo9tDLjjrOh~OS6H|x5Gmcvw7o_{Khl%*({s>myIXnoe$&9~$
z`&O!un93@4xU~yS_{6zxMN)vn{ye8~vYId#ccRDWOEJS%D?sI*IfB#wWG7r5-_7c8
zG*0!T`*I%jLoUcgaEkIg>Q5`mE5^d-x$R#pA6?+DDV}ORFNLuMEIahnM}T*6is(L@
zUEB2sou}ONPPOgJf}Jn?C!R3-oUPoW5HXrr=+a9;bwSEzG>?T^+#}hvZfKf@Vtxqv
zl9U7+`BE?NRj;F@Al`C?DZi>UsS~u8P)h^7J6>njH@_Sfb_7}7)P#f`-a7m-n)lf2
zugyka^XTirs;pW7o+NI|o_ze`Xa()2=%pw}@{pMF8o=UnTJ7=zN)yLzZ|Gde+Tt%&
zM);{>u1f4J2i5*er0rLXE5f8KAdSGIQso?=kcv_R?<%KXi77(x!1JRF%Ti$st?I@>
z#~$3zoCM;_C8SGJ;ttiv9{%J3wRjHS%~u3-kf%>$c|kM1$uy$oVnhlK<mZM1V!~F_
zuF8u$cSk?kd(brbjV;vC_A8Dz7|T}~dEnd>V3llKIY6j_T}`|UwW<}=*VL@?RJ(4!
zSip3`OWeM8r-FT7=5-;qc~83P5YEUy(i{9{U{}@=bD#B3hjT;?mB+g(I&l4A1^Z#X
z3ZaU<&J4Nh5^(_Z+QcrYDs3M+AqV^?a$E0o4->D~d24|^1$_TCCX9k@yk@@M%<`u8
zj^}Lr?flu^=B95M7Lt{vJaa29;OeWFg0H>-@mr4BJ$NpDb&1Fue<%IP<;R#+D$XsU
zHlb6MCPs(}6|3`Ea_ea4$v3;`l-3yzt1W7Q2B;Or(|M_M%eOff$}4GA-~LEUsJ1B_
z5l_BSRg}8=2q>$)khN*qVD+X|SD1Dd!@>_Mcd;8uW{~2^O;9YxLG;B1--4w=&l%P?
zsusvUIIU%d6_|^dYP*?$gf4@+KljG&@ape4bCyj9R}t~sGeU>yG#ByFc4DK=gmbu-
z-6o=-ln5@}C5pDrp5h#!znQO+-ZnaByXf#NF*SSZ+Xm+cgyhuU;r-z>N%Es2LVl=8
z;tPr%6{hI5P*lhiRkwBw46toGrSU)w{%`a(g=5g&`3vrpG!?<eLIcF0b?vw9RQ6m`
zwc$?u5#`m+HVMzX<}!I|!a9pB6=Sw4ekc>4hK}&&c7Mg-N(2q+iL|c%gtsiur{nQx
zoL$k9ne+sqbUwoLsPkOzejT+@yuYzeQWVJ&9J~i=e;3@#lj4hx9DwS@ur^n9A)}U&
z(#teWw^8lpTZ;BR=+7N<-NwOfW4vgZ+|;0p$H5L*7p#1BUwoAu&7`HLX~T)|9#Fe|
ze7gqfkL3X+!Z}KlftRa=U+)t#8V{Ux9XlwrT^=zS$KR@>375~C&WugYfNl^DfyL*I
zqD*B>Bv%;N#_@<qob*wl^MM~7ZmYbN>UZdNjgA(KV+b{4Qbkhr5pebjeoFq5$#I7|
zzn^ilAX>8WK5+_~R#z~q_q)YuA%Ci_*c^;VDk#_l#GrzZJ}tu|Wu0}ZXQJ<N#jcn2
zKYoyG{1NFRV#<ZCVhK(KUw}Y*6lL+Ss!MH|Yfc=U7m@;WN?roK)})3duTw_7?p=3|
zynzks@G2L&S-{70db&%057ptCRaW<Oc=Z?;W#Q4q6!>WlX%abXJ{rftwqg3P_FMh?
zx%bE`FtzZ*R?%Y?-OE~Giv1J`!2Vkx_0nsrme!kd#nwFA1QO8-63->LThC_kW2B&7
zcoE;y*|gd_lo)3cp)5B>xMu5KoBrq|ePqP7N6+SOnArV~uqzB#_P;XuCdwVkv;eR&
zQw&&NJXl5d&g3z?v*#q_JhjP$CYiwLJsG?j&y}))#r)c_s!l34X`gqx^t@zD`SP)d
zCz%VPx5r5QumkHX8>NtUOmHL%wAacUfz!g{(Ub$m>V4r)1kzAMu1O7%6U~H?xcEi+
ztdy0E#=>mkUJq2JHI<nM|7oX51M9NEpx?#m@61c#y^tb{v4pL#t0LKX-|D>;Pbw=k
zVTn|M?O48qu`4EY(r><rE632<E_x{Mfp}@Bg2X#YnEvmbQ4CQ}SL(9QkYm>Klnn`i
zMqG`AmlCx``I!<NctCSUMn+UiO<WA_^4&^Zh+eZ)yoa#g0kbx&Q^X8`nLnVDl15iQ
zU;Iva6A^NY=T(AiR3o?8);k~iJ>FoWeN8J+^R)KXN%!QhHVELjsmAQ}p`al@r6(DJ
zt|GjXMiO0@3?A`0><Zr2bvtfD=fSp*Jbx*2;T3Ju6yttLK=>^v&IWCLoDk}u8wWE#
z=b8J0gBFgmXtl8KR~yfI&4m)6{nqNA-T%do*FT@eGkO0L()2X+DT5SPOL`6237#T&
zWgZRqBhTF|ptgj7AbeiIO}3;I_U^#(aHO@O->B+<!a3IrwKB=3Nn+s7MMY%_h;~<H
zCw|9JBc7FP*+KFb`$64+@f?mS)JZ(Rq8qAkk)X3$r)RG!e+yD7sdTPpm$=O66_>X9
zIZz%i`%_+JR$$FU6^vOH6G9uNXWzGrR;XrBMIG^GKlcIQN(#|(>U|sDtQO7oP?Mey
zXB_ay2~(dg#Xv?<sT+-YH9_~*I7HV^Q6ge<TLz<6lb`NeRF{76iZO@?x_mQ@0V~@`
z1B=b;o)QKG2K2@rZHGAM^B+Si_W{K}`(8-q1M8zKPjH@DoZ;gnNl6lo0wmJa0Qeb-
zi3P@g!EH4MJ|^Xb{8^r%6fJuWo}mvncqQN9okJD9lOtsw4V?YKNVzvX4x+SBljbrR
z$+OFy9P*$k2ss*s`if0`S4Q8E!6xsY;Dahiw=GW?cwCsiN+54*U+SURckhbyVEDtE
znbwtU2Wf>10ULN9cyDa?*=qtHEm=m(_RS+thDUTcEpM`epxp&|O2~#d(XXobtn353
z9=Y2%4q0UmYE-l#wR#qTy%V~UZ)V5=%rTa99tqe$od>@R6k}lZIOur7>j)B}aW2oE
z12n*QT(0d1JRDgHt&xPdYW!&4g<y}IaF_dgUr9Mh{1?Z7Ao^>ZO}2p=-n(hXC1wK%
z%9UJbVzi6kQESR7vQlCqlH2w=xx<+UT{+L1^#>go;$v2<U@Q11_E{77m_tR1T|Txy
zKW`dNMd^OaBrp;ySspYs*C{w3_!M=F1f&h322!J0iZX>YT^Ax_V#Vlo&PzzFq1#G|
z+J%y%?F)$Z8{>hZ1bD}G9)x7MSNy4Fq*DnxhAv<TO1(1hG)O&ZY+nIIw!8(k^_*xt
zsua?884NoJkPgw6BzJ)$<=ByU&g{ZwJmzEwx#V9lH0fwts52vt3y5UlaCO8VU`E)7
zoya_x4PL*i+8C$QD2>rwYyT)k!fSRrx8RSVD2`KF9YX`A#31oL>86w3=v#%#JAAL(
zZl8w3<Zp@f{$M}2Zpcz9f{;=yvB?2}9HZ$d+aYPqPsIdC)^xo}3N{*Pmn`1C@fCh)
zR)j(+;BvAHoY1&q@wN%A9kcV&aZdLgS}Xs%&vOI`)ATCOv78uDD8ea^yfz~*Rj1N6
z{3=<*oNt3EjOG5QR2r)nLV9^?4wgB>`_xc2epaI3Xnb-{k|Ev5s>y%r{7cNxdrRb<
zT{a^_U1)P@huGyn`Wmj8>y2D=6R++%GM~?!p2=BCzjA*CXGeE-Fbe07D0>KP`|}?s
zEJ!Tu1DV?A@Dkr*$ZhjqjGuq{2Lr^&W{o)R<2`4;OcBEvta+=!1yZE;GnhPY?3?^I
zD>Hf)DKBs)?BZf!UKTsq=y0}a1@bh-SY+w12a1~>1K0{cv}>uOk$<L0>qMoHNqWS1
zu1qP+wH(Xcab)tHGjw+2>bV^5KIwtSF<Tc-D4lwNW!NAUIQgS%iZSH0au1pa=RI6u
zQwF(#s-^I6p+g7ccZL#fKu>TNvYg5A)+Q&{`DaJeCN*Kyt!JqI?KF$BNSt`0L_`nC
zxtq&OuO;%f`TYF(Zmpj66OVL!5F_^*VEgEeMcI2EpN<#@TI<ihyKL0n@NR0I&=N;3
z4?~pKZ>mupO-eKK=h!_!^<f|C9hS|(Xp&R?L#OyEw1Oo5Hcy6O;NPoep!x3cR(YJ$
z=0b_cxNxyW31+bnx^?P5_6!lZzIDZP!BgVGL10N;bf$KaP4k>dgXj*HC8hD^YEf^s
z=`X+mash2u_*aS`hz%_A5R;rj<7T(dwFjqlD{<w_m+N>2t+fn}9GXJ&yBIK-4as;9
zo|e{TFMHBWNdEyRFUyFf-qu?8;}6l?2q&NKf0Wmk(0RYQ|Eb}43tqNe8w^T>ab4-o
zi^ynL6y2T}lXyh&dmn2}>cw2j_RtXD+F(i8BU)4Vsl%b0jMI2cABOpqGPj!w-N}w0
zA`sq5i_!+4i>m9ob_%sxy9PNBf!zS#cU8gB16K4j`m#Z^$bZ@(p^!4tLfKd2FJg1v
z&LM2nvzE0#&L_aqc)@$U4yO_gJ4|<P&Nsi2G{mtzgEajla^kBN{#swJ7(xAh>mB@$
zeK_k&w<>#lw>!`D++pGs-8tipBk?|-fX5%w_k4zwY__u4ypZK*=>B{C6v*ipHQQS;
zM(R;=W5R(<CI$7K84jhKSbqCE()!Co-`6Gef{6b35n|-SgZmaTKa3TMM)B>CBoV_s
z%^v53op&{4F&8w=MxNY-&bUor>l@+QG`bwlr;?n;t0gi3(cjEj#xxqj8d1dTTA(yC
z$v-;^{dR1xcMX!s?AR@TBBRyFNZAvdI-{^UX{-NnlvDWWyBl$VVP-*T%@s?`Xp2);
zsZm;eZs_5r_F8SP3?hs4<eQt0s0my_^NXMplD-rL+lf&C+BTL}d!(SG!x(j68sB|Y
zFB()V7lEKZGxiz%;16bQi1R1RRMLuMkhHI2gn?W1RJ`=)kGtXewd_Su*y?~t96YmI
zUt<=l#qd!Vk3f#jzl2<J34Un4%8U{F%m?M3%7KszEU*0NWz~J3xID0#WT&7cXwgB9
z9t(S-CgBQi2P%<yV&OJ>d0(}rvuPdyOHiyOP>K+lv>odKO#wJ-_B>HqRQ@*-@1F61
z-?-=9`AT|MWP@wgd(ceRx}kAaH^0ND>kMR*6@6FhioG`NKe5w_-r#yg-ypNll6fuj
z)`Oj}gJ;~iQ0ZV!WZki*8<ffU`4R0OHhnj`GN^GD-EXX3idzK<kj9POGGPVyqnuGy
zDzk<|f|16^Q<z#HuGV@58&%%;nsm5S)kwB=pybN~`5G&2Fo#JhGw<T=h*4+FWUQr$
zF!E9>3w$5XB(M^)ffDCp5k+o=`)(o@>SXuiBfuSLbXlw~T5ZhW*<ZkYPlcdaKfH?g
zXD8_1?y^P|Rz7M3{JEul9v9|^m)mKrEEYQir!F++4P9q!+-Lza4MEF)E<@XA9bPtL
z9HiO~fJ9GkGUEhSUvX4bf?!}^`$MDX!2fcm=8;<F*e*YPy!^Qm7k0vs`AnwGxcqT&
zdQbk=`;e6MYbe^8bWX;2)ps11wmYv2O?*>qFj=M~ZR{7$n?;6viDJ+0LCLrq6Vv`(
zxmxWQcli-mSHZ!KVJZ!B%C;XaELo)2ZwxXt$(?mhEuAlOn9TLvkZubXG2VgVR2|I&
zRPf8_)_U-#p`pjrQd$6YVq$k*H9?1gfT1>cg~j|0t_Ih}2%yaMIIk>~W8Jo$M$lgh
zaMzJ4h|=U$HR|NM9226~{bFG%1qy6?gxPg^I(a3j<pL|}`+ikIV$C^(CPwWZiTVcw
z1QY-e2oMAi3=jek3J?Ym4iEtl3Gnm#`}=?50LQWa@BABZEfH{@1dt4n0+0%j29OSr
z0gwrh1&|Gp1CR@l2apd?08j`}1W*i60#FK222c)A0Z<801yBu815gW42T%{t0MH1~
z1kelsSTq4@1!x0k2j~Fk1n2_j2Iv9k1?U6l2N(bt1Q-Gs1{eVt1sDSu2bchu1egMt
z2ABbu1(*Yv2Uq}D1Xu!C23P@D1y}=E2iO4E1lR)D2G{}E1=s`F2RHyY1ULdX1~>sY
z1vmpZ2e<&Z1h@jY2DkyZ1-Jva2Y3K@1b6~?26zE@1$YB^2lxQ^1o#5@2KWK^1popD
z0utiGqqzIUjLXu_o2{rmCy8>MwCEnpO8je1fMYCe{7aIR`%hc&Mdm-os%oL8Ux@}h
z!rt5769%--P;<n-=Fo5GpS<5n8F|#>>D?3ByH*Z*#&NZcbKJL~?<PGFUSwrqQ7`IY
zwQ8E~KCO+-vyA>0bPp#N3F(OQ=*Q8EEOJIAO{}*_MLw+i6r$|3HOgS3%Z`^j+5pX^
z>F+gknc08^gkrkT>iBJ^Ptopp&=HX=?^1Pylcu)94vj(mZFL4uJDT_Kt)_j=8+vK_
z@NYb#Xvx(Vm07)qvB^nXax2S>=$OTJFOg<~dX+8m67%Z0+>L+2V&Qy99|}V;^0t0d
zftA_L?Rtl<LbO^ai{MmhtSZ{J-t==fRNENUR4Cf$7b78!6Rf8Zy{F_BJF!?cK?7<J
zjtr6!Cf^lKPr9@@D6#9ES9Y>hwU+-CK00{OuMdKqrx?IV)E*A*#{>0JHQP9V9q|xT
z`Zq7|IS(_!x<Qm#;fU%{IbTJ<r@Aw9+X(bLUTgr1dJ!s9EG5tIr`IGLR{^5KyML}#
zlsxok2+}RK9PDx!BiP!Tw3*d^4zmjbiS=Z2(x7$eM>}SxEqU)wK}nyy!ka@mBIx(G
zRWhmq6?&O7AIx~h$-Q%oDx2w}N9(BaZ7ia5Udo4B4Vb}YN34p&`(L_*QVj(NK^zB4
zQx?2j?Pv!;loc%{iC2pVPnA{iI-4-Oh!!ba5e{UbHBZ~1LuszuPd=sEK4qC@dc+&&
zYb-?;zJio<h0}>v{!pW755Mx$Aycsmab4n7$ZZv@unH-a7|`fiyIkA&<o+zM`lJ+-
z&`zKQw-Q_}oK0_K>q3bjUD%TuV=7qJxD)c*#eO=#X;3_+`xX-U4U-2k{$4}9@Wvqd
zb%ihw5N3+@cZ6)WIYWu5Lml)QtRGMD3LA}1&d`4z;gpUpdXd<AJT0V)>pWa6URWOn
z`jEwR`ffxnv6?JpF3NW{&4%6@N@Ih5ut;uFA{U)wn=BUn6#qRnHm)s8c7bS>=nzWZ
zu^|Wk2?9F~uc#cD1C3sK3RIkEpN_TsFRrxY8$W(>tkpzu+wz5rLB~>a!uCSCy*L0a
zh;}Z*lP5H$LVyA!6_Gl@nvXjV?ow^M!0XLED9FcOGFFgj435J{P|6`u5gfeCEb(4k
zoM~!gy!KH%W7E0+4`9oi_K>7%Q7N;v;xX(gShKV~_VaL4de!1nXXE~U`At!7(-SMA
zqZv69)1o7W6g`f{Vts{iYXj(}=1Zn0tdo{;pW9i|(7=3R=c4;}YK@jcc#nY>UBrB7
zBVW?5wodh!Mou4A0j=LmDUH>k9%)bEkYqob^dZ5P#fYKZ$j(EkTEj_AX5N}}&z`qT
z`X=9J0CF_}<5)mwdKqx&w!v0>6H6_jur}2kCRr{0pSGKQR=C~mNnJ))qa5Z->A_gP
zJ4`<9!ylP=v9X8ll?tfJ^nw153`$C7NCsBq%Y?i_b(rx(v0CXUc(7F@j@w-1uz80X
zJV!gkSGO3TXW#OyQ>ULq)YAG1v7ANR2i)w~-hvV_l9nM2o~|Wm_OneFr#3#1i4V@1
zV%x74S!mN249xlqX+c!oIF)EX@1Xy@<CaC*7X2}E;&3*n$hO9;N5cr=l~At-21F)r
z&3<jkEO|gMT1SosEAjbNH04H}(L9C+NK>%sb~-Rj(zppa_H#RQ<G@uF*tfts#IA3H
zCjMZ2(@t}?{0(4RuMh7mixKzv_=O75lMGW5TuO79amwPOQT0xr|0)a^>#^;ygdvCk
zC+(nvOcvExE;MotvU5u!u?*9eiC{}7?5BB$#mV0(GF+Im`(aa0JOOUGP}13`1y(|A
z3zsOgiJ+n30#d>6loF{*_Jk@SDf!MCk#Q{lCKZB;<7DzW0@XNBkJD-=F|WbHe|W(E
zkd7HNi%J5M{go^XpQJt@(|Vt1b}i?Xmuys2Uo#xpovjngeVn=hS$lkFSD+>eBCYZG
z7d<03sFSYM_`BH{qZD6U0vj7>t<bcHMb@YU-+c!H1HNtWN%u60N>!)+cA3Jrc`taQ
zAMf>*Y%NOxhEZJwr_-e?JH-&S^=BK8OF+@*G_e6gaZUt|z}NORyECg3IJ9Bjh5`8d
z!cmC(3L5PvQvsKe)7dUdNkcc8624Z>LEuJ%9YmluE>&g}X_QLyuBBF&HaRYioR6u$
zELixch9E#*`2#d(XPh9wNeCB#*q`I#Few-W6!tCHEb;9)=f5xzkr>|BxxcGZf(bMr
zR!xv(R>@^9)U+0CB>v><M~qyy?BNk8vpue^s%cgGdRPL2DnJD+qRi?daUXd!-9Sok
z`wRnm|G_V)e4n~=E7pO+bzHFSBdn`i=>(AiC9)_NP0zW7!^eke%fm5OQLwrQipJpa
zSz$^YSKmYXAY2DwDAGQGrIl7qN2q>$j=o!yU)_tpNkU7Xyt`LgM8^f%ZXP!@)eYpW
zUyDlos1(|?dy$CWr38#|Kvh_In#d+xq|!Gi=(5rymi|e9thv?<QTuh*Q?mlU2tApS
zn-MbR>!5@@A0TmGC{GaKsBGxAMC?M6FXqQM9rtTKB!ibHkoMIf1Cpxe&G1Cpsih=-
z@GX&$tKc?VSTjJRvTh!xG7#X<mh#Qs_gIqOkT6|`AMm<;w|F?;!(r)NQ4O856Dqyh
zw<tf2m5EVNjgZFC`SdI_!;_$D1Rs~}Sw*gc2Az8=m*sz9DIK;JnFW>1rA&Wx;CN+9
zIX@aOirQAgAEs;-8-~0)c24HJ74QwgwV;?`XaE8a=33wTJ|S8>DPu=w4jcCQJ*^Rh
z9At8ZU`>12_FcRMk?Twxr!ajQQWT;x0NYCq`J?ESi{mzVqQq=DN04S}<vs}c+1VRp
z`Z@;#|M$@gDO6AmE{4P6)bEHDYhfDERhmCuR-wf<jcP=&Vz$yJMqWo}_lo264@mFB
zw5BC%^fgf<R1@c<mvTCt_LOh-xx}zJEeG7YBPiWV-b41j6~!rM=#`h+e>OqJQ%c7R
zC-m{2aN)_#g%?Vz%=jNjDf%lhE+!2{s5@9}2e&i`SJta9+W&NR3U>e_uPT@`AF5td
z!g^jpcBO)I5)R4^Lr-mTyx>zV<-cTj`(}OjY3De2y0H(6!w#&alrYcq{Kc3XCkQlZ
zgV%?Lec~z?$#dm!siK_gH6|k~Yy}2-8CVU#Fz!8fACSfGVCFRROz)^YY{py7%uMjz
zmq6o`a*rbj*zcr_9|^Z-I8U#cgS&Xc5U67)cT^H}y#(s=b*eW=_7y@5tSm&vSZHM$
zUj=oAoeaL%Hq_JH1mZKIxUkd8p*voU?#4pt2S?)0!nOXe1VaPpvs~n~eM%T>hUtG=
zb*TRkVdg!eONzG=)r;7?NaL3Be=WRYUK>iENjRyf_vTO9J57O7=dyr5pUd@gY$B(K
z*dCV*g=*mk?5Vqjvm@Qo+1*Jbsm`&-839W{Tg%Hjz0^8<66^4m=l&-zTL3<|DdN(S
z3@-`)obXjtl$>#s8tBXxFm<dIBAQ@2LV8i_?V~{a1*xx?QI6q<fhF>mgN_d^jaCYx
zb?&6Z%_=M6CpS_-*Zxh{?4wqg{n4<!6~xdG4@cu{&=GbOw9k2m4PrmSrvs)11yLm=
zEeJkpq?+GhpJ&69SMPlK3}qnK@ejXb4dt7_7g<)1i6aBap^%Pv^l?lEUV?=L9?l5J
zp%4-VDlvb^_{U5MafEJbyBj~P<8fVGi7lj?BSTcG>dWCMHtT&>QV|0@cJ2w(HXiQ}
z_1}A$Wf0eJD|)*I)?}vDy7srZ@!DtC`a%n<GuZ8j@9@?!jOTsVUyOwSC98`r8SFjo
z@sJqiVP`-glv_O2nEt2K<{fJ|sEqUN)|tX@^yR)OQ&*5SwcfuJ3>j{JI4gwNlJGZ?
z@R)*H9KTieZNpi2kx=Uq+)rYvzQ1`f7h%9uTu=i3dIIe!Q)l-KV^ZOB&Ga1b_&$UV
zRxU;vVy|);SXNEp*8c*y^VB6trW*t1f-02sd9?0S^B!I?_pg^n3}#dYUHX>n!bVc^
z>0@=*Cuhn7hg6C$qN%4~k*!9QeFuIgi6N3XZ5EE8{M?Mll}7_E%ssvxJ!zY=W(cEo
z7<a)`d#O#JzA(T1z%cVcCs#qTqQSR*e^FMJ7ZHdN`0M{VA95w3R(P4J;XqAcb%Js_
z_pDMd-)ok@B$yd3hTNaRl{{{a0bXo2sw2Ep|G-BrSt`*j7^sVs(WUU?JKjH;rx5E4
zv}J!t*lu=7uBJRfK%_xUUz`&zh}@h}O@o{S$|}R59z8vAeO3eT$qBHQ-)awdN)1MD
zd1zptEnR_$fU1?SQQh1)75;9CdwL+G+|kT$N$rLJ(-<?O+xC%cZ^}p{d>S*-l0fw`
zv|ttYr$tvbkA;!0ZxzvHf$`>Dw;d&^;D=*A-QnBeev4jbuas4}(eXMoMl2HcuNo#|
zyWrrr)Mjo3avse5X=xwDK@Nj2tVsAN{Y-H={2SNG_BTJ23%=3uk^l%(JjuXajyV%w
z`<M4<C{TBSA*w7nfhx(k*f68d{_*Ujml?2|E9m}uEB|Qg{&%gv(y)YToc&jlirDbO
z_RQz###Na5P{&YA1GkN%1ZdJLB9#wo9+Us^m>!E1jmQ0IzROAQGk?!wqG=Dv^(0y+
z^~qBC+1@`d(T`vqjiz~pNn*C(f#sC~D0?|<oC}{4(|(g%K9468>R%EI_A+Rm1q4=K
zISBHBnc%aBt})aoSj#7~)fK}wBvI1jG9cVqL0raSrXLdc%$LKG)gW!*3HYMA1dgKj
zwQB~vU~D<*+C~7eUi_+}@yd_!{OFAJgnvj8X9)C8^|hA;xFf*ItwFEc-mel9C4j~6
z9L3#qln`8`<cV@IoYl)<kLpO9?)wbNL<|RSp1OG-6SpKD3aa^UT?oocb)cO7TZrA2
zF|f-0F}k}X#B98R9?|{*qAym>CdB5?Afg?!h%AD&Oaw&=u?A*ME)F@Q6Exh^%nGg*
zFhX8`zz>f2GsA0w@GiXQb){autv~*L_^w!6NkfVvp=i;v0Bod1Yccd)OL!HnDGDGT
zG0loq0Xc-*def}vAvm=UA^XtS)gC9eu8Msen{%6szn%-V(;U{hd_#T1eo`aabu0lr
zkj4`Rf*9sq*+oB5fa&7Ub*-G~g{-u~byVdY*no^AfS{)?SeH|~lG=znAti9ZLAPsR
z$el80o;Vwm+47LlIsew&FWtB!m3trBKmsQ3QT0vfOD_4HdoCA#a(wl!W4L|zx{3El
z=I<T6<ko-T_8C41JoVoGCkH~svEvH`VQhLd@b8v{@|vQ5O86*hzR~6(WS_W$M-q8u
zndlhf8;_iXl0aQz4Ndfr@tlBQZNl=P8x+}2N)`oDK)(o=lMcO%#9+<b&kJJs5;U}a
z0Qo5q;LWCu7(QHz9eybWFA$85jir_Dh=H(;vML{&?ZdF3DMdc33=pYmkwhrGV;J1w
z3*-_{PTHaE_%}Rie_d;d4ac{bqt;0TUpp?*u|%!@%a&Wf3d0vo1v@nRFvT>+%X2Zs
zN^{u{$vwW41i$9~1OH#7f09r}7%JJ}yqU{G90X}nQ@3AgdBdv;O}Ns={8j!1l6_=<
zTlu9a8>rvv!g217;jp4JNmkw6<9?T_L%hO&N~`qRg!V1%as>_j4CYt*Xj|e|K(I@+
z<wJ77{G33bO46{{A4BuHw%Ceg{pdDe$WLV^*7=XSuBX;7T>eBvCm-Z{!|Xl5r{y3i
z*vO7BNY(~YFPF;RqDdw&&En1P*5@RiHA$a|B6bAcJHJvM4LpMFApSWee66)d1TR-e
zY18zH@X9_`&U*nb8w$>TuUHAKK2)`Vb-h{-d({Fwuori1hv7Z=hJ6goxG6hoeWkQ_
zn=o7kSqpyM&@8{jq}KbH|Hwj9Lsdm)FV%#tUGZU{I06reS-xe06(17#s^)Lt+A7Ce
zw6DBBO&o&Pr~+#I`kMX!n{stU{6{hFl>MGrz<zOEd5vvhePS<b115M%uuN}H%5;W|
zErgdLSDfnPQs1N4lKu;U<4*?nX-dzHTrW|?T%Vtm?<WIaJ?S@iO7hfyDX=A^lsSd}
zjwF~qlH<>4=0ePu(G~B~7E)wfQixdf-<4*pNTTbJVQPd7D$;6`C4wmq)Wk{fg10!W
z{l0kmTJ_6>3F(0}3__xcsDRm^C+`<CQgUr^0v(!^EbNly5VfC9Gh)m2A$)DNoUFB$
zVLT5mEhA?;<y?IEGS85Aof18@i6-2*!O%^<R=zK6hRB0Y1%pvyd$7WP*7>70Cn_tI
zT6ZWuoCsZmiDYXo*-XxXl!*L+i=&{immXjd34JEok^6rPEH$|LgHZhr5&j{Eq+gA|
z*Y~~M3ynDm1n&3|p+(AR5*ZaG4|C9-IzAceimw>|;^KW-&gVnG)bc!i*N%w~@(z>{
zt;9P-|EV~!@?fz!!XD=IMq0Ua;cv+{%4FCw;Cc@?K2n;u^77`SbiWKSwr4I<>X7y_
z`Ghdj18lbI7~|?I9<j2%zRv1FFuQky*A!M?oz5kCEB>8iB~ZV&?5t(>%$<JEE17a9
zt+&|d0e6C@-`kpMhA}{LCulO8Kg2ZFlRFb(ktX%iymIhzy_u4=SPaMeZ{nXC`%chg
z6><Kt@>&J!<1@Jv?|Jz_iUdRYMb~*iF4^96X{Ua>IWpaJapq6XhI^FSR^^JcGA>Nc
z0?9fOH1y4X!5e_q$DX8NJMu+hqgthTgD2bCD)v?|gdY^`B4@v#f#RML(-+nry=W!l
zpo%YFf`>3=RwdTRR{?FEq&80-B`9Q&8Xemg&Z3W{{n4&T9O%PcZ{D0+KQd6`V8ezx
zjMmg(cmL*?P0IA<A_Pf!aSmFuL~#Gr#&=f1&^=IqVHfPx<P~QYl)w;h+w)JGVi_Wo
z$oHA5)?H)q+t36Efc*Cc`OM6{DFQKFLjHs5`tH_{wqfVCK9uB+SCFZpnwtP-U1=td
z2Af7rY)-~6FH>g{)q{(x<=M|^KnuP>DhLtQidGq2Kif}H|DA731!Ad612cZ)Fcfr=
zr>2+*5`HH8BFBuWdn4^b2r0uMj-QW4bu~)R3}WZOm6hZ}DtNZIkv@lgjeV{RHQX(L
ze{RmoB7I=!+?_7IBf{5~Yu<%76@0BWf`ho)?Abk5qVF`PCi?YR^EGdgIue-;4wk_z
z4Mc<m4?#T!fnu)hM7B-=N%?S3(p>Dhw|}XpSZG0XH9?1Y3XI!7_?4GJyH|VXnHw;N
zJ__OH<&4$tvi;v+YIO;jG_X)$#5m!9;%=sBj8^vlL4efi*exvmNYlwMYhc2S?b@cf
z79j5_8tJpR<camE%x3FrluwjnQ^^r@r-2?OYsL@T=(2HW;l;6I9%V9aaO)`xw<R-P
zlxdrxkYu5Bs2$qlzVu9K_H!q4b{_oMBJKiak@;`3|4S6M<>nCM2^QoKO)=xt=t;se
zC~*t$)lb`c^Nj3dT(`61lvHU+o8L`))jAPllk$NXSdOE~0Ap;7@;x~W7jxA*`mZhR
zKanuZVux<%OGP7)7W?1n$(2cCxu;F$RB((TUyMfbvDpP(c9ZrL7Yz4elT&S$xaAJ$
zr&4k}Dr$|;2ijNNBGmu%E;plkhF}|x$QF>9pZk?r8OY+R$bVaD8%xf=bpDH!6f`_H
zvIpLZWlT)v=V%ay6t?T>GFeNd9D$<fwXmrBu;8CpwuPh$J*CBl?Rs~n%IqWh4*6uM
z;yjyC)|;hU{I9*|#Oc`q?+DbGSyog#%UDRlh~Me~6F<xA=@h#T(PMdsJqEKqC{}4{
z%y%grZq-;?&ps6WP615$uDBnzxkcxxOZrdb;ulgon=+)$>EpkT1Z%zP%BV*(NUu%M
znh`P8zg+U%D@9*kb`;n{WnsbSFkjD1-3QCSwucd}3Z;ck$N2WqL7Ncx@=c#RZAhgk
zeHVH~I~!OCTnb5SzM?{`Vo6LMpoM~wjrzr+Ln`{#f4pEm@>`5jl+Tn**#9w<*Gt{+
zQem-`DfCm2S;C?-rY)(nw1b*Q(9`{M$%&>mpEhj__{rQd7kFhrZ>9~1-=4DFIGG^3
z{ZoPC$Y)hm?sl!qm}laH8(98yUooxowTH!dNsM-n`FfL?g~cV`e<w8DUW)lIr!5BD
zplzn}+C2TQp8Aes72GNHx-d68J)AX%Lk$=S4z_1Hy>3t;;n!B{*EBt-ZJdT+IA9@?
zk1L;e*K>|Pm*qy%K;XdJ!Az4YExiIX;jmM}U<pr?wKRL;B8<G<FMMZ{$_85@5UGas
zgYmuP&BSF<m=e-J7NsvjTx0YKo`pv9LH=p82QI(VvbehAT43HF*#W&f9!4}CMx!2*
zRIIC+b4jM8?#`{Jc<!twMchzg!h<DUq2!CC5GU`t;@gzUU_<;c_x-Vr$^d+#T;k-G
z=*IIgM8=ncmsJ^+NX&zv3hI<MO3A};qlwi-?nsqhmaQVHJ@4+)pEiSa@xXv?+ME{}
z794mk-HujfyVGC037!ls^SJ;e18ib&Lj`<>A!LibMoC$bfN$eT^`mt<YMIZVzS$xR
z_Og7GXXpO2WS?k%&=l(GKHW_kMsis85<S<^?l0j!%grPk+Ux$2;#np^UT(j&6rOf=
zaf37NO{?!hG`5S&a@6yxiI8Ab<0t-3AQMn0*f!?|(jmBG@S5tpkcd@dXC%!Vj1qq8
zw{9pzhz*2$Zo=Kv3XFF~S;R!0%^2*iSKC2V7#n-C(@n-T)VlCPg<gDt@&kr>50ZM}
z=U*6daj|1DZ|A$?&Ato^^}1wiu)oCu_g*QDyXe|WX0}YBkkbd_oETeZPA|889G2|N
z4rS6gBZ0wwx;m%4iX?HFygPx$N>c#=bf?riR4HCC5MxjV7laSmD#g^26Ay9~vBHvl
zsBOy{M+0_fmBl)LvsMWB+U-z0vLx(U^b&G5&#%Cj$2;(tO^PY4*+Q`TM;7)e3v>~3
z=h~1)k%{${1jWkq<nv;W3YFdXR#fjk+xjQR7}g!Nl8gtzU%a5y;26|}nB=#Fh}qmY
z5TmA~rqIaiH7;uZ!k^l1BFfC3o5~J$$VKx-Zm+;`cLYGNr6g&ZHeyA1njZ~`3cK@o
zmj0I`wvy-Paxmia&=OzvwS&>UuBpRGbg_&~S5Y}pjsTn|Jcfg-&c%McbZ&8+Wd$|D
zu7cJ>d0A;!FwdDBZ>?-Kp1dtFfgE}oMJzO9+wc{IO_kaQ$vNo+Ek~#MycZKP)(jt|
z0w&3;dne5|v;Ge`jP*JwOJ7YvPzt)<G^&@4L*wb5>t=^K0dEaNE;W^2YsDH;|Chi(
zu}bhSY5fU%;KNBUxl|O^gdx~x3+MLn&3g!=?W;S3W`*jGgDJ=%?q}43;iSXr>c5H0
zKq(|>Tpfj`3A@!;Lh=C%kN4Sq)@64?6LXsjKO{cpTu7hLA{Q(9eookaxv{Q8>QvNF
zSF}ie?ue{-^6Zs8{BUf`m#3qMYvSc0OKSzS6=*DNv$inO6tOh(wyh4y-`S(XUIz$D
zY^Nb|VcZOkZWy37@qD7<Q^r-fwz{}9xYynPvG*R}Zd2LXaHye%7J3MW&~Z*=S+XRj
zfi20s$X2zfs+KKFmMzJR-b?5ZW`Lo07+`=<L+HH?eKPbO+E51wZTR*9!ewT1=ehHj
z=l}liUY+N)s(0UOy=$$l<0rP-Zm+u;Ysz`+{^{|>)3$!<i5-9YyUcAjMHaoX*-aO$
zC3b4p)6yG{J-GGWGv^%q;qYqeUUl2=FX^4~VDTA!-a!X%eaq5gqifoy9(dk)Q?hfz
z_&HPe#?KY*j6Qt3{#bVQetV@>xnM2uX7TS2$L~A+;&px~(eE9}FF5y|gI7If#>T&`
zCXCa+e`(J)c5@q@w#VITt?J+PLRQ>vt=k?vV%`@=EI4h~3(w)vqfdCND_{DXeHKRa
zhi7B+?j63e?7rHholoB4m=|_h_YwHjgYKpNu;BeUU*GlT^>*q1cJh^1&UvSj-afWu
z#|8Hvd4TZBoYLI2&V-x$Uvzb}I6K!qb9|fd5vQ4JyU^l|j@ody-g6QBka-t6m;Ywd
z_hQR#A0)QD@wUVz)3*Gsd;PSNHsmEZdH9m0@9t0DkXZfB@ynk$_ngNoy9wmg8!x={
zY2~(W((cX2ztG)cqg9tYR=K8hx^m|+vyS`b)!X~V8^tYeIB35YpIiIh`!BlXly|P&
z{JqTSubAE&Pj3E#^bo$~7wD2rKAZV9v(3)8K5+8!%ZNKZ-J*K#Z%)emHaiCjjD0^V
z*B<@h<Tc;F@ap-g=o6n`yT{hsp7qDWCY^oeDTg=5&fMbK==Mi_0@2qNT01%I4ZoPa
z!5(iOlI|RF%|_RRUSW2r|8UNW=x<gl4)&bgUT`8aYHwY-bFaT0ea92d=<4*s!4;Et
zf3Q6%8vpa_&%FQsWNeLd|9VjG>Q6R#=GC1iPmWV}?a+K-y?tMPGg&$0l%r=mr@u|%
z$C0a@H*5X({`|(0?cO-BJZY7)Bj+4_+>$TGzJ2j-dgDi~y6#wPkK>QU7r%Piv1_3P
ze3y9;A^h#`Zy$@ye0aNW4mje$H;;Jd_Ki<?>+tz#{n|%wee~LGGk?3OKlzGXHtp2c
z{7c{e>h6oayKvg0cYgZ*DxW_7)eYPCDl=v)>uqr9TU)iZ`y_nb?d7L7M?;^LB>oBJ
zgBjU%#ACO~_s0+1<d5^khmQH}vdsn`%$XD}&kR*Bj=s6>eSiLPabvyfo<)T}UHtNI
zRy%&dJ+nT0{fEmgPag+8c!Gb#)tg+1-}?GDudVsR>+j6G|CMznDdQgp`ev7>H|4im
z-TG|F_h;@d4=%X#%^SWv{z&zhna4kH>XNw!tp9ss`_PvsfBh}H`<IGw1-$RlDgAfU
z>3=wT%5-(FFL!!mgZq}Ox0X0Har+gI?$i5LKIM~&2`#wr&+DA{*H6O(R-9gdmQR~`
z`G*V79zk2<(_8b7+IQB)Q;v9Py{oTS$35+g{oYBWy#AfS7M-WpK5~n@u93x?A8Rgt
zXrrB`2nRfjKC|yFXYIY^q0cufXROKI@$xFi5HIedUUlI{yWezEaVC8K{s%vQV)4~0
zPXFWb)aj>FCvU!I@1sjUzV*rJb9Y=O{_&aDDD<+2KYDxP(%~=i^nq7KD-X~o?R?cu
zlXf|9!Hv7z^Cop<=lJ&?c<Frmed6OQ#m)D60nNL~bKu=;>zrKt?h<a>Evg^A`tl$B
zyDqt`{QCY|Z@*vWEBj~*|B$}9Icd||!WUuZ{9rrv_dle5zw@QD=W@5~Z|;5X5#Rl8
z;TnfOe(>)$U;o_D2Dd#@d-1O4`v-mVVCv@mKVAGy^>+HR^)7jE-d?|*{o>jCT>tHi
zW~Va$htuXAu;mN(4zC}VJZRB-Pd|V96E|;}+TyL)*E?Qw+amnL8TR3CY=+);$btn&
zKm0xRSm>MBI{9bsKGj|0r15>0&pNU9-9dAgwwc6Zt39&lZui*wdy}6&%spZG+aFEZ
z#ysmXbFasQv%JLhTXRqB*IWCYoBwe4I*(U2I`@Y!&(DXy-=nwrsn?!-$nyR6d+fVY
z4kYpKHeYbY)CCV!PAeSz{vDIQy#DE?zPcB=W8s4Ms&6#T{_9KIZT;5c4_~q{^TB2(
z9k6tK;lWd{<G-A9@~8Vqk6pUT)JgZC)S@@ddwY{#E$<}SF(hw1@t1op?l1NCy<yr%
zZ+@`g^<n?xKYaY<L+jr}?GP{@tnt;xvAx=dz4?|BJN$vAr+$0<Zj+QfFW>aJElzlC
z*8Tj<N8=kvkH}}T>nwPE>Or6XkXzG#Xti}8Zk)aMUe|5CICb0ROTKvQn4PIXwQ=Dp
zuYG^~(R)mL?d_Y!rl((g6h7##(ZN^Tf7w_?J#GAhGg1fd_t0tW<-5JP`g-pj2fY!U
zyZ8X=hMOZdzP2s+vBx7expAlWlQ*n?^t->g_=GKXetoUwl^4&yWX5Uy<j(ewJXhFA
zUv}NHZ+Cd$qp$Y7Dk8qH{rtCgO<w-lUSEED#$oqdc-5g0w!`f2&cAv3K2shU=O^F0
zgkPS0Yv;QrZ*b2=VffP17H*mNdXH}(`DD8**I$3{jZS!a!%_D;=gj=%&Z7Gd$X_t!
z&HZ0m1mFH$kKIXLy7dR-{V(i1CB7_m=yBhYbHV?7J8_3=bI2gF+6A-UJnGIH@k`2o
zczMhEt)D&l!Pu#16Bo=u%)h<an|yBRszslFd)}j~-G9}RXnoc7PTUuHezEoPyY92I
z*Qo#XyMw2m96Eb5=%{@zAMA183&|rjZD&MZ^Q+<5wqH$)YF{*Vo_g0c{tNe<_ThcY
zb~^9mt@fJt+3HKq3T<}hYX|tXt<OAd%Z+z8rb%c2@#_;0DgE}tPwzf=3}U{SDSx$I
z{;qfKT{82fFlMa%{<1S_yW?}e+v&ml_1>`$?D70Q-#)nRf+yEMcJbd9j=dqx?fz*I
zHyS_j(fq9&tXDOg9}wRpKV0;EX8Ma4)}L5(ZhGGbkd2>$?!DoHz1}(L@Mpg~McwY=
z^S0~%e%XFgH#l(ql(RoL_<m{6#CJ14IG8`hSo@HN<{$t30aIi1&*Os4whTSIZ0X_G
zemsX;dVhF}=RUiBt6S=8Z?+dZWBN<yEx)>??r;ykczDNavpzid$ZIZteamIj?)>9@
z?=Sg{3nN!tebJo{tXp{gnFEfx^a|&Rhelh!x#RO29t7UKy=b?OZkQpicFSt-uRde{
zt#5GjkDqX>XHa|IRo}3_`+bX_-teG?G<)q$7cTkh_J3IL*fVGSFbQrw^Eh?VydAfz
zKh@akidW{Zez<t+OVa#2w)Cj?)R!;Co;v)Rn=*%toxIH*m#u1=UvEBs)M<O{cJLO*
z&02NO_s(jsdl|Os!&~wfPn~}3_*PrpdhPnB-JU#exA)7lHzq<;roZ!>HO9Xu*57SW
z`m@?CSAPHbJ<}gMki25)Re!5~{+zn3^|vMM!25h^;ehJgvo^d4ZM<^u!X@(?gYuM@
zU)lFX{DQS*;&{?o^V{Pec<9Y_m)_={RDSP>r#Agap7Z#}e~I1n9x^ujtz9=+BlO)5
z-{17u81}{q8_b<0fAUHD(nAg#PevC&9k=<?{bzl+@&1d>Irtd=^=o?{Uj82Y;o@me
z|K-g27q78h^`kovee}VTPu5Pn_4ix1%w4|T@7BX!-1zR-p1C_cb=%}gOFs41dca@%
z(6=vq?7dgcfA;ZP?r*-i%L^Cnx_BD8_r<54L9f63Gk?ts@Uu?4d6y^mJ!RcLeS3TF
zk7r01eR1ob4>@7hpQqoPnd@D==#C4sN6&lp?Ro3p!ObZ~A6Q=f=Cd1}4F9K9Z#;8@
zc>%rK@9%wQ+B2Qp+|FEFUbOd`Um?Sz@7)0WAn8fRt;1m7Ys?Az9lg$HYX9AbA9(`V
z_q^~AYj4gkJMW6w&n~}r(${@kF}T_m=UkJi9q`cZM|`$?kB2UMbEfga1&_Ub{c|e+
zo9m{;mb_m{*B+aC^3;z$eC|ejK}0(LnN`2N;?h&Mz3hma9^G>Oj_r#V{T|}xUi;Br
z=WTQ8QPXe1*L`Sg%9T$n3~xF2y;pbTp1uF=jn=Hq-TJ;KUpZr~7f+mg+k>nBmi^i}
z`^k^)z5DiymyKUYzgItat5>(WcKL6eC)b($a%8o;ZzwLjd)3|7+48cpuYKnFoz`tE
ztbP8*!dn*I)>|vW<+nU>ytl?D$62pmw&N9VJ)mP#p8ptY?7hkxCq0!}(DvqS_2xZz
z;T!&(D_1+<xPu@48o51YUbXq9>ffF`?S)R|{hL?ME`9WV<qzfG>^$}H<2PCryZyss
zZ;b5lZTqtgpV{cJ7Y_Jp&5uv+Zgl>%>vnzReeIFEu6uL#-;TOq$&&Kt*H!x3a|hk?
z;Q4QU`_7@o?mc(!z59(X4W6m)Hf^iM4(E+MddHPFq>Ud=pSIK9>pvA^6#O1#yt2uS
zn;nb)@yNrLJXh^lZ$Fv)>y)*3$o{Fl>Ftv$xv^WEH=e$C$90#V|H!LTiNiw6L%;Je
zW|!MyuWWXg4XuCjqPd4H-XwPESM#<!G`v*sray!zmwJC5n?LQO^p$_@N#@zD4+pD%
zG<NN2OoRXSw$lc;9?+V#B=d*p&Fv{~C7(O`y!`Bo3p-qS^qZHww8vxIg@-kA(>_@E
z?n|d^Qa@m6<>Sn(ZPEI!@QZ&r^Zu>({@WJfE|;DE$dYBNo=)j&E=cc``EZAQH(2t`
zs@pzsS>?d(?)k$v^S`dR`@jcIzHRr{ZfBOQbMM2eE<SiP^`;XhuYOnPp$E6z=GONn
z{r+w)yN7?lBfCF#&4Ka(h<T59Tjrg)N3M7EtA`zP?+YhvdEU*^(v!Yg<F;*_ZB~7+
zGw;0B%=BJY-*M4tZ!BE)K=Z5bFWvssZ%Q}q{rv9^Y!<GY`oX5e?r6%o<k+2f;mOyW
zvu_;82QK*5oH2Q?uXmn##Z!9|ciU?$-eRLoHl6bF4ck$~8~1JS>|dr|b<f{k-{#CS
zu1GGPzWVl;KP;?s(l%r3EnR)_PG7&><?o)e;HhBYRA%GjC!P8FyQL$Jy!eCF)i;kk
z_7dnscivaQjM_bm{YB@0a>nsr-go1i+aJDkha28`e*cBn-L>}oYmZ$#hdSf0CwzE1
zVLblny(h#bb$3m#zsrI7C$@Qd+xPc6e9A?qFQv|W?uw1}-r+WW=H_=-RPywVK0A5c
z1C7S-Vz*uY2IYhpxA*e9@1_>?4xRG&!&mjYUqAfd@)xdu@49P$w?TXZ_S7@BTYb~N
zTol`Qja9DO{pjO6Z=G;%YA@@ujyC^|$}Q*qZnW(IyS(}8li#h&Ec(Lv?$yg5ei!)?
z`Qmj$RklCAzT-oOopt;d-FX-7yZ;?KO>(DB|MZK~b~=Nf>|9e@bKgS-m9tO0aD&$#
z+56PD@4Ix12R^ReeV*Zce6m%Vv)i((=8k`}=$?xoIrWqIhivfpC*BVCe|pG+l^y3g
zA0P1D{SWWH$KvME@E!MdBF~-j?$URzemwW8@JTydI`W7o);Tl9toJ!|*}^Z@y<nrA
zkGSQ6^&Z`AmAAgyI!G*6@4Wqsi|6i>yiNXerw>nEdf<-r#=a-sd(Q0i#}Br|lkVB|
ziDxZENX<BEny`50-22w7@BHfRbDwE9zTfzJeT@swc6V7mXQP`F`+RldL0=vB+RowU
zP7SswFFN|3<+F~wcKp35o8I89Gq3j0Z%>NtVho->aZl>zRi>tQE3=<J`P|zQbKTL|
zOE$dbMraN+`;LPvYu&!C^?@~g)634?`jhR4dpjqcc<4>r)vj4|z+bk1ZnwQIt{!wd
z`_bU|_~nN@{rmMco_{x|E}2!mb3DA&lx;V;=)3hUK7N(0R-Jy+;qNTG@}|LRFYWft
z_P2hzUiBF7cU<IwN9Qa*uzPoJY3Y=2CY|ivG5Vo%X6;&TV{47>8*lIa?GD~2>a$OO
zzRAOHJy7W_dtr^wKi}b#>s~ur+u_s4vqwMiOfY?_bKCQK%=bU|;rWmDePHds9CkkR
z-RHAIp@knWIarN7FsHC(aKz%qcIV%^{_FO$H$HXC&D)0OtT*!rUB38)`<DOtk5_0%
z*?WGl>!$Dh>5JdpJihU8=clj3|2kxTzhJ8)510S61s~q;oyZ?={Pdmf{KfgR-j$|g
zPdR<N<mb)&*4%L0<d&<u^3mN@zI*F7@i};pM<i<YZaclZ^D|$bk7RDS|L%`Y>ZTu=
zyyxp14vZ&^+TPEId;Mj9da?}Vc8;(10(a+i$QxfCRaxz^J@@})i}0DU^ZAoo{P{Df
zd{=s$Jw5Z?#t%&w4P)8on=U!u{$e<G)n)#)V-Gm=hU+8ObGLu_>~0;Y_Q9>+F*kg@
z=!8Z~D_nNnpZ=P;`MxQ*_VHfR^c%LBihY=PJAZP0?#$+y&#pH2=7S;^?D_Opd!KXv
zdEGrWI{dr)E-n1<l6=M;uWUVUlWlIKpZ#Eu7f*gJk|iFjy^ofT@pqlI+T1;NxaWfF
zzWI3jjW1Qx=~d4v9KU>x$9MQ@>3LfnvB4QHvTMHZ%#7Op4<9o1q=4J}ua9kU+{=G@
ze!XvxJ@C9+@4dIa?2_x3Zu?m8)%VxF^&R?>r>;NZkk-p<%y?0|c*s6^$~5BM^;u-j
zfmfaUe)Neoy|)hf=&O0^q4zAk+WFwj<9EF1=+Y7Qbj-n4tuVig{M~f$E71>p_Q|t<
zSpJ)Lj$5rYw)#gQ_W7+BefHGXubp)8p-)N#`Q_#6)2H1TdEo0~|6DKm2c_;@_{hn7
zwBOB0doFmTaQgYH#ptJRy7Q$U9$V`F{to7-O%J_ls}Z}(67{YF8&5Z{vd-!3GbOT+
zORcqvYi{)L5ldg)>bwWw)$iZ!s`JL|W2i6fix++S%`<!K`~HGO$hs5D!T)Fb@7Dt0
z6@VY#>samQ{lxnnYl7p+0BZrP{quEj`G2<m16yD&=-<Mm#w2x8cT#(j2VhL{C(W8f
zf+GhU$>5$dNe6dlO`^cr#1(du3qDnF)th*Q<QIU$e|wu4V-soY_wyd?CXE5mAlHd9
z4MAQ$$Vr>T{FtW&KI`CoH}DKKsRGLW&rkkyIl;sK$+jZ@f0Z5w${~aDc%W_C;Mo3E
zT61?F*sZai-t`)7XWk5WR(Qsk?x=08;ne5N2z+Clm@(%0vZKkZwxiFRG1R>oyU(Ai
zwv^WFmaOQle8cm{Kq8Jed*b4}8K&>MvmwY+P2HBgS$0G1w!OCD&r;hq)HaNUszZ@*
zBn;UNH$Ra=LHA`%_T?GBPIj!J&6}}*%uqBPiDBcg96`rX6_1S*x@L^WB2iQh8%Xq@
z+o}NS>i(*R|N3yNNvp0hAv@Lpn3x{_`sttUt_pVM&kz1{{u$8H6Ycz8+onxgWtEA1
zC*;+H+*;|j#!_+Br7x^9X~q6m5B=XALo-4BC-Psh{VM7I^l)`>hxqyKKaZ_{yZ%46
z`$YZ|V|k_9ih8fu|LUPU=xqher`Du@FW(hOO#Qk36MABz3@fhxtNp}SK_(_W*#5Kj
z|L1o3>G^;BoC&1IM7|T-I{$cc#rcYQuh_4+4)$vTxzYtP&Iau;A#MKMZR7t7{eLRR
z<PZGM4e;+~xRU38s{K!&E4lqIFNLGg11BVwth96>FyI+uw(gs4aLE2Bw7MD)UkzW+
zOh^+vV#EkS0Wu9U;Bgd|fgpipWjvzcsuqS}O+j&xT35H*y@}L-EQIFIh5laF&Huad
zNZ@RuCGr6K1FeHkLco|vPKtwLYSQ?m@FZ*!49>?Vq2NveoR5RKlK@xIAMcXjC<3lh
z;4}W?ohUdvaMDCBE7NNQFxDq@m<BMhpU`R(T4ZJ8ZK7N&FfnH*{Xf`e6UqJWu&n|r
zxGKPE0ILJ60k9^(WPr5*)&^JyU|oRq0M-YX0<ZzVh5#D@Yz(joz*K-u0X75J9AFE8
zEdjOy*cxCOz%~HW0k#Dg1K18=2Eg_JI{@qmuoJ+}0J{L}3a}eM2w*0_IKV6b2p|jq
z14IBO<OvE81;7As00JNeFdJYFz+8X{e)~V$f3(2=-{#*+_!eMOQn!%*i9^ksG2_>4
zECM)DqC{24{GkiTS78O08mlzwrtgjY$e(`o4FvGF`ExTY%hME>DbVu)(L%?=_&AJn
zVRSYUnG5~u=3I(q$x4RdN|pI@ONlH^a^TC<ip<#Y6rZ7fmHID<MYsq&I})8SfB!IS
zpokuejVnq_1tL|4#}z`2f>RBPsu4Aez}kTzQ)>R)VjPqwPlEK}FoMjUI2|L~j?vI`
z$8X53vGKA0s2@G>bw|^+*(-{eDHX>kKoY_4<BX{-+4CAkL)XRtF&%TeZC_V?U7Pi*
z1d>6kHO4h;eT=r<R(q)H-q<clj^6dhuQ+XIT>s^|Dm!Dk*6?Qn(eJi~Gslc}w=Z{B
zq~37+Sz{GlZMY3k(y@uB1Lx;V$JDk1O6rgG8@@T_oBCLHqG!gMf#-t~s<IDw^{hGT
z%!Pie{#<B9GeavXHqrJ!_Q@}O@E`3@RSM&*-Ual0qF4X1W9IJ<6PgC=hCGfT5o8>V
z%HeTE(_-VOqD6^_qQRP>{<`&lY2OvaiBnXCX4#)}<SY3Z^C#%L2lzWm7-|?KG_De;
zGLE9M3Y4XSkISeU)pbLQ$|^joYkRXCd6q0|UHeCVzi;1Gy}8iO=>p}sqP`5D$Y;nL
zU7bHSo==r387^IzUt#0m*<ViQGVux+6&zg|b7UKgcQ;U44Ru@}xWM*se9#C&JkQg=
zvQR+Z=ykn|fQf=dqX<41tgHf0fQ)}hYyLkaYqzza6?iL2PLVwwLnkQ12xK1#qr{B)
zRhSA=Vkch2vR*hLTg73JEQdnFMyXJVTE$40YV;e<$mn>QU(9u!aHz#uTC!-D3@K8m
z(+Q`ox`}FZ#Gtk$hMI~ttl|9zNtU84QDXa<B<+|A52X}uNRwhUov3A-gq7!E5tc*Q
zp4Xy{ypc-P?M}K{=b})oo0l^}G81TZ!B2UVSZNAo5~ed&vymqQ7EhwN+_2}^9k#8j
z`8<|1MAt{iY&c}J<9yVVMkS~x`H;Xtp;j|5ldK9QX~E3L2MUtXm0-m6GZtCzbkh)-
zWa}}ni9$v;14k8UP|io9u4k(qKg-$zmrc=_*iXj7lo>15>bWS{u8vxziXXwVsT4Ly
zi8RXf>O`T`C_~jGrnh?f01L<G&0A?#LBAR&EKTxYoK*9)K<9rR5kJj_ap5O}704#J
z6@Z=scI(97k9_T4e2vZVzkH=qV8<f=;wu~=m5x9DqX7IVlm9AzoZyTrW;B&yxk@I%
zb3lGErA!eB*q>&^&r>cBtYOE~$Kz@zXaJ%Lq{aA;({N?eJ#3&+F!93U2!VhpiRk)x
zEG(nrIv}qIV6dv8M}Ixtf%q8vslmobFy4K=`~U8|hrnb7wE?b!l}P|-C2g^iOMllq
zKn-+dNB777t#*o`iDV3m#mC8b7<dg(4I7WgffFGLhjBPUz)3n8`9G_jD!QR}yK-wh
z;~4Fg>k2BGh@;^MJRZR*Y#fb{;qf>UiHxIR45cH<7#vT8e{Ph2p%r9Ho@ILw(0ae<
zZT)9e{a@|#p9lz3$rQ;96VJ0iKCd_)n-J$+2h?N2`vZfD{M~3Mu;c%u5&uUc{`b|0
zbTJNCR56vva4R^Qr^~?eF>dL@@!o{B@Q(!P9~cb*V>9Mci6Uz!LWQ(%Hi&SjR;6Sp
zQxQ}&fGS?s)500M+2$FF>+vvBVZ{Ly4oYNa$go8ksn<=i-w=k4XjI{PY(^%Fsa~m_
z!D5(L#oAF*O*7FVE`=2_T1)o}xF5u#3K2vz?QoJPa1ky{mfPT^1&yqB(PGn$S@n=j
zXkN6QKznA_xB6_cfgq)zFaqkXY{KOpCsZv%W2sV3f*1*sQ*o`Hi0biXyjOEf%@{?>
zi4ZR&rBE5pFd?MJsF~c*Nh@-q7T~x#9F!{MFgl8s+_K(PnmwiCC(#Z#ANX<D54#4_
z>LnwlHqfFp(Y3H1Q<OxJ3HP}?P9%n-j!;6)gwQJ_i-lMkCfFg4@<b$29@HVyU>Gu=
zuBxJt8+bvloMfQ{Vsp((uYk8itWC&;ctg`fJk<d_QE%hfpcHbfxXA}im!?v&h#{t0
zs@SteYP8R1a8srb8bv~3#3<F9On^xhoz+~K_EjB^B})R<&N&4rGN221C!5L*p*SP|
z9i#g7K$$=HUofKo?TOScx?u&WqJFsoG>2HK<W?w&m0CzRipaVQ12u;#6I1}1piCMu
zt|PLlDhPtf8uqi+`^8iN7D$|mb8(QcSfqb3%YKzU?|3e-2PZ7hA1UXLw%st0oslU!
z^*#PB<gtQs{gOQNbE?pP<OBUwk2uez=^~dQ;~Y&*l;Fo82<@odp$p90@t=(T@d-0{
z#{6!;(=^%&+s%sG5XnN6%NemkCn@DbSb}PU5v|4=p<%uwMp7ZC&S8BqK_>|nLt=Q|
z^vdB>TkGUhuB(Rz$#g&ONi~iwlrpZ@RSJB+Z_!rPO)?R=ImE-Vfi>MsK*H@x+D{eY
z(P1Z1lX1*<%WN@JQ?rS5xGhsnS+4cN62}Zis7o5PfN!G^QABuGAdwuOEts@#_sDQu
zQZzf!FAHd{+d-R#l5?`7l35`PC0b!QvdfgSUNeQnl4yxd4r}FpH7{f%K_jeGAU$7J
z+^Ap&h)QMxi&qK0L>1Z{dC(X_dATbwMFXN3J(>(Tc_G7=Lis9{$4dy?OjFzl81cD8
z5SXHp(5x;MYjh1rZ=f+zEDediAzCfOp#mW-DG)TwYOS;<4f8^&AFcLiMjQGiBW2bp
zMP$46VBid#Kt<$sq1xyNQY}5w({`Hab@<{i&xQ@VRBC3sZYk|(%_?ojl|qPwWyV+Y
zDnd(9mh4qXy;c$P@l4Ry@?DBD2_Ol(e4gbDp~_>BD7I6yF-nQyG){-$zGTU!uQ6mL
zgeW2q%R|TJyT0SatSnQ2XeDX2^$O_?f?A7i^SN##9JEC?<RjrcCC3wXB-$xkq)&``
zf*?bkbkHv4qVkB>#dfU~YsN{DYL;pilxzvPRyzk*bPTGw@my>)8r6l6n8tEVrhy`{
zl-e^yv_|=98)-lhk{9_Zr^!T2v+asoLJ2F0<88%vx{795DSM>qVHKi+4xF-loXU&_
zRtp|9Xo*&bNwt#kOI=$FC%H(&unSJ2$hlo7E{(hz67mwEp~?39pb1NkkFsUIQ*Jv{
zD^`d*8Kq#5PMQF7A{)!{IkARX2@{WWhHa-q7#7mwwK80ZW!buvE89k`j1`JT8#5I;
zBG(&@Oe&T$&B2Hg>-|w2?+<MeD6nd0I2<s8wli$xGeo2<6k6d3-)2&z#6f8-5mY2d
z7)IG}zR&k?Ob9nwGuG>b+oWsP&3H2s?G1dns-^mr=ut34jDWqK$k+OKS*X$ApQVwq
zgr#E1!~pmO3UoDUG@Tf#jI?2hmsvYpD#~nRm@P{dWwm>vZ&n-eLCz+91W{{+lxkL^
zwwj8=L?fEd(QR8y;YNDY;=EG6iMRuebLtJ%74jpWfwGODsSFgd+!U)#*3GNgkZ!}C
zl;#jJ##nx-&9n$kz(XjW^M_bIfchpd?jt>}9xBVDu0n*0Xq+c)8E8yy)T{co8!vUE
zgNVutdMX*W6%Qj5NHcENnHn1z^wK?*R{dlk#=W+Shm>FlXL5}gMwxm!SHSgRd(?Mp
z11=g5!X?KmWdb*yaj{sP>gagS7)A5xRymR!1$`OT3mLX-HiMCiwENlisNHZg-BPm}
zE%#BXAB%SK8A_x*E|h}tL9G&_8M)WVC8~Wbmy_WV8z?^0EyeL7<!0Pgrm2_tO4h@Q
zT71Cqoake6w>^NFpd@2(a_ASk4F!*vLtGp&n`F1)Xf?0auS%?F<C2b*8!lUB1t?j=
z;RMVfwYZ!qw=(H^0@sle#A@Y~O?CxT2**Z(B%)BwB8Acb%c5L>l{qP&OC(A*?z9GS
zMMnv{l}*?!CF$Y)2%%PMtx_+SATb@+QNQf<P0CDn&6cBU6}8@KL<llL<|8Q4Dmh&w
zj%Ui9Or+}7s!oqh=dv<Y7ZcC`2tgWfBU<m3GmuaT$s;81jB45l4f?3stx{UVPgVlo
zQK*;;bvl_ehA=&jj}O@}k#OV)uO`G|Gm}8_xa8mtlt-oNsFJ32g=7-3d``|uK_O(8
zEia@dsUj^76>H#DZ7PX&#U`f{LyfAZFi)g{MwE@#8`&g>av>Ql2rL%Rz2s0;;8>(;
zXIf1P5U)}!+Rf)twr8NJIPSx(pj(Y$1rF#xnC;R$B?=WkQKc18CF`ZWNZ@9N1e_;A
z;FOza$6^sgwFU-6#G=K#G)S<nTU5g%SR8bcZZqmun&Aqa7Az;FxKe14@>G~@HBs2p
zTqm2%mkcw)35M%ZF~t}ubcNO|NgJf2VLdBxyjbVr9kS7a!{w3CDB2B52vwP4f~<I?
z9yPjhcxWVIt`?CyWkxr3tw^AqVY(E`wTA4l+v&L(I_RYRXf5uEdZE^<!tS68+!Fny
zlkO4CR;!)wHW{qOQ3<h1=d*f48uXI=W{icZ!_hDjNo$7OA8H65PV>2VTrydzriMBN
zD?t@RsKxM5fHen|%pl09g-A~KJ))WERI_e`vsAPdH=<>-*iO_KLywd^oFH`;>Q>u+
zT9lKmXwL_Ys8=~F+{A1x*NnANjf6#(2MM6M6Pl+sRRt9VqsG?4x-&?ag^n1@4f{03
zW2~R44~m&Qof+ieYGFvIz82y*lJOvt58_3M7cI9=8HQC%3L=JNIjBbTN<}Bd!r4KE
z2g~riW~iXZYNHRjUy4@c3`S|u0u@U&V{Ng3wgp}iqPeogwA!hP#ny=&62**U3jE4h
zyBF&h>PaLg46_&l7aH==?eUgi(B=M6fjcS$9BxX};<;!x6lWZ`BPvXmh1CJ64B<v2
z%EX$zBBOG2vFyY+rl0FUZnGP-YN?7*U?sTj6f&OHV<ICCt3hx$ma?MiaLBt>-K(c@
zt?nB2G(SosZl7rC^%2>x#Z;;j9<^hDAvI~VE5%J+bn-*nQ8J2;;`ta}sCz~}<uwD{
z4CU=&2jY2;N_W{tB^jp~ksJvHFP(FQu4@pDupu`TO-P%=rj#Jc1w0apbbxz=;7ZwK
zDaP1lG-SiM%+Qd?R66CvM?@n6hDMXgP>E2p-b4M7%(Yx8mxRfN(NjQ_oc8HLn&u%a
zTvSIi<SKfqp6kcdB3xGsoleoxJ<C#kOXz~EMg*6wz+#kehe|>6VL^=c@^qt+ibzsK
z4fTTr=T)U##5G$ck<F15G$@GqB#_`?g-w;wAaIdXwGda5_Q1!hgg&g}JUMDIVv7t4
zWh33|OC}Jfm`8;|1_@PJF%$xF2*rvyCQ)uFfFSvqI5DirAt8n5+6<JWT*`=yoEXdv
zlg+S`x7&&IAkg`8UoO#BvuO7lT(62`#d5QR15TD_Dt(Hj>-C^JET`mTITwLbxfY*m
z6@*+G@pXbzy6w7{adSwRcH?xXjKs5YBMK#PJz0?<pw+@$3TrkvL`7Y-?6&BZY1C5r
zI#DLOl7QuNXouIhfh1~u4D*NmpdS??Lsu@BM5WMIK_H-n<jo<9h6#?ZHypm2tY&&H
zTu=iw(T0mk7;oT|&jFf8a&C%FGFe@T8G1Y^#5J;0iPL$}D0B>zOQ;2vZ8q$D7S9%o
zJW;`mW_pws5k+Z4R1}KXm4;f9S+(TYF|xsB(tW|IMM_vNWuZmd#YSR;lJd>|h#Ig#
zSWCAARflteqU&hi7f3o;3R@hjg{6uaii@@`6#A83oU&X58)mzeh6RO27SEF;AZPrb
zTmt$uik9OoBpMjN%I{~*WUP{l>g^CWU@~<ijM`9v82VJ&j|DYDXgEmF9}vZ$?wcWv
zZ}4r4?2tCWhxig-K!@pWI^j3sjl3wC&9oC4v?~eJ#}$HUqrk#OEWJ0#_->ukNTbZ-
z%|Z$$<g$!q>3YgeWul^Qc;yQC`38ZMjf7RJdr`Yn1{}u9)v=<}izf0~nr|=&4Y5^o
zkVe!_F*@=zrI^u&EyYJXJDoE_z=(?aT%{5(XPUH}@>)`|n@HznoNZ?mt&Muoq!Wf}
zVi=+&mLPL*K4Ljo74(_!)S3ycGeFo;IIPyK0xvi#mEUb)P|%>7+19CSf+(cgm1dr9
zRcp}}%`+(nr^RFz1cuTmO~hhsJl3aeIZgUavsM;yEJjvSu~Ikf7e|)eOVG_SK?gB4
zf?^rY;>s<dOc)gdqu~(Aqy{CEG4fqBU-LnDg*PH*g*GTh=i1q-6SVV0&Z!HG>Cq9a
z?4-jqrnTZ~OwB8$il@P)Ol?rjF*&?%Bs|ir*RYykP(x<GN*)a&x7aXhWzAHlfD`>p
z3JwunQZ%#4QJ*YF3982D71b&gB8U+d!^s>OEmfpcxDHneUXUYFieOQQrj!+<GZ4sp
z$tN>3Yjw(bB}-=9VxithQiwXlhwUihnVzFXf_kmh53<c%rRdf$GF47+#cV3p!doe@
z1JqV6)Dm_kk&p?j3+S|tXb>HvvQ8Qg3o#^D72zUQs0R$uYsG*gn+XYg87Hfb1z}J(
zjdTLPFiI<<OhJidg}MOwHq%6ybc*d2A_M`W8Z~gEP*gHHQe<H2mDW&cC?!efQ}qn(
zd8tmnSH?nSZdmh0olr$pEN8m7Kp^>HJ6SM{CgWF(K9{sO&abu**=LAoi{f%^)`gPQ
zVa2M2Fp=w{q%ImnaS(HRo(f7Dvg@s+1K5L#hTuppO^7j-j3-7pN^0o5VCX`mD`Ppg
z&`ktwBqt6@U9yb=3Yu4~=5x7{Ril)S+}5y)qYRs1me5^}b&$A-paaXc&|#gai(R+T
z4C+BaMK~E2Z8&K#u9Obv;=t*K5G6$F(um;Jn_8*a)-$!HRkJl$3B!;)AU(G&2@$4a
zbd5oaj5TVbY!Oy$J^*e5q|>3XAU+6KSLw<q-K>YQL8u*zV9{YB1!tQH9%_Yi!>p=j
zHBvHTwp3$F!$`BpbW(|AD1~rZ(Zkh&0wzGwq(&GJO08NiqK8YB0hcH{l^SM^;%wgF
z*e=|)3P=S+qMT;TEC`fKAZcb4Be--dQlW}vU?X>9Ln9r5Y*Ot3`;}^N366uTijcL4
zY_i4_^)3}EYgQ0zR*eFkKpK+b5ZNpU+pDUUjwJhH+(ju3@tbZhok$DrXlS!75M#AU
z?HXxTyG5=$iU>M8j1HJqEL3o-DZkQb;mHo{WQRy22B++VXb;3%JC=i~IxG1?uIy=j
zq*`Rt^#&ae*RTK!8be&GDV+$TH|c(#j`5vAG7h(Rr7VJmbK-5vOZG~rTsOf=++L}V
zm1V}zd?Z_tAc)a9Hr&Xl4KFGbv~nI!1Dne1_oetS6_!RZq-ST!c`hrMK|3X}avGA-
z;K$)Bu}*Txiv4z-R&6l8Yj7XrDobdSqmWS>{PL`_QvSM9`)Q!jR=ro$(=8?=sXeMY
z^ef>`Eu!0Ca+z4p;8dq-MZ_RxR=P}6by=V8l!kepN~PUo!fiMiPO(@{?UtB2Nmp<*
zjQYOAOPOrd@5SroMl4{m9Izn!ag-Ul$pI2eCz+()$@t+KQmi6o)Ewbhi&7h5KOJp0
z+d~<%<AvTJUYFv0OSDr7B0sdkS}lhpBL%BvG#Ws7HnMGosHwv+pJ|gCn;>x~Dwt7{
zZOP3>lkZolI7#Lt132O8gG4sbc3Lu~+hNHvTe(4f1f*tvB<3^$%kcw~jg6Y!dI%VX
zqau;3MMiXi_JMCQ7e&KDLnS1FsF-y!0KVq9(h`L**^DT|`iKd295GLp8;~x+#Y)&L
zXTnSZNyU(n2skgC>oR(Gn2`8(+OAkkK~|GCl8px~-lpxY0892zfKy^shgF9NkyTSS
zc_bT@TU0w}^Lm~12!RwK)2b+TC^zJzaIX?^N?4>Ci9$-d*-UaloJ{fzLk;zEG1d^W
zZnheV7h@6-L1DL-gfI@4F{@t(262|H=BOlMYBDdyeF9>NO}NU0j6~9l!d)$n$B2<8
zB>GwgD%V?ezD5@rXqY!`wI0)&gw{{gyL2(8r6|3YAb?GVq{1uhzeX|Vqn=w!WX)QF
z3AZW8a|MYqnz<J3HLWIVQ~f}1)N#Ml$I-kof*VYV?Nb3e1cF2K^+reQ`_6zOkODi9
z3_&1<0}N7~L97?8J9)GhtD{z*4?}noV=Hx$Yf)%-Q1J-Qj}TQu1Ffnzn1LOyV3jsk
z9`R|W5OK=`tfaY2OMoG#u7_dZ%a_YOa4JZx^e_fARiqDR4cG{e0yEnt!hC|j`%*RR
z<OsFgs>e(cX<+3v*-P3k)C_8k6p6cCR5Xi8$AC#AT8O5rAm$Q|5R46>c_6%%a^DTf
z;plK6R|zAKc_kCc+IBQ$X_-<wA;?O`wui-**%Oi#ln`{ADW}r)P(tcAd(9kQs)JQT
zS~pbXrL>lfdu$F&C8JVBhfK@&(7~W6^-Xld`dW%?Iwo7qQi6;Gg-*>f>=s-Sirp|@
zlUO0!5OYW~rExvob%sdYN)1FN;IhTIGi=8!%{Fo-L`9M*yJK|NP_`J;s}5BRC#<HM
zRhnW7*r#n)W{SzUQ6iF&Vs_X|)7dIhE&FI-CHmb#4X|L`uA21#lS9ciSE(VfvJ(O;
z*di&Ql!`qn+5<jTKa>g=a)#}fR8O>-G;X(2!(yZ61{F8WQf6Ne?P1pSnzgC|S9qOC
zN^UcpFj1y15E&dDg2|DVG)ac+BoHTT8CX3Xy(fjmQlS}Dlu|+Ez=L`r+?6Wzb`<4p
zvJ8tp-ptvxbkx<j7AMD&DIwfqtF4BQ4jdjwIyJ&avk6aV;?|HWXNe9|OV>c#7=0l6
z+>V3!Y%&^PAt*zLPBqiya$MYEYAG*7I#o8>h4XgWA_jm4b<LiZ>sT4tAB=jj3Rn_E
zCpsl7<5UNOvWTT)<rozX3Ak)E1v1+yRFXlh6h$ows0)raQ&0zM$-u>LTYX(A$1)(U
zgk~+NBjR;tSi~GLJjjrVRu<TON=U2INZXdw0t^RDBqjj=iWN4C2pYiBXy^uI8jqIi
zecg<Js96d)2u-4rf$IH|l`EH+N*eEwLrYAA)pR6Ej5>kowUkkz26wV(jqg>9)+j>{
zQ+iX$F_~7R*<?8_617qxt=S~2byRF{q$WhNN=59@RLE@6z(eQ9^_G^E+-N-}An9td
ztES;(!Xazzq<}Up3=0rD2}D=TQ3osKFGU;+vC&>Yw^51C*|?7mE6sE!tn<7!q*HJT
zCp|=pV_jcd>G(106~pwy2&a^gf{2PdRV@>JW~hdlB8huk&j}K--UwI)co|K1Se;Fn
zc?zwzD_${6qp9A+x-6V+w18yqgiMVJD84^XJ=5@fDLSGDZYxy@VS2XCl-ZmmCxv0Z
zhDf#=>$N-D5YJg=QAD``9LH%KxA_>|>{#`*3+5rFR~bPYL=rNRh*iq9zAYyNJrgYj
zT|a782YjT46of&Htb<TS5u$t;8x&!=nn5@{)UyHwH*=-rfOG>~FId&Vu$XQo)2f;9
zD?z_og!`oqE;I)r;9T>XRa;gpxe~6UYEo!dX$h<u1k!2bkCH*M6_3zNfg+qDH7W<7
zpi#VTC<Jg@l)|M1W;s^9%JxI49Ia4nrIhFnL#7l8x81Up>GaxC8Lz{If|SolcwPvp
zgMwVESVrJ9s#LjF8*wAq=!A-SK~L&v)f?6FwM-3o2D6qQH3TdoG$Iv5$6zhnP?4l4
zSNhJNI4p(&tkMF?IOQZo(MD@raiE43J`0yohcQuEk^zM+#KfVLFLi~u>=ZG6ln7B;
zRip^J!)P!I2v~|R6Ri%Euh3*n>j|MUt_%ZLbQ9UETS(hshD`^MPS%p>O7$0KMv-bH
zk*%jjOx+ioxI`jFNYX}dQ6BkWQwX(jwC6&JNZHiFniZ#5CQEq5LA@>uZ7GYmy)0ad
zG7Sk0LSD3{)ua~G9*Q*<&mtOPW)Tq6Q?Xv(?ZxBmT#O|F^{4EPTgfF^D}ex4P?*o@
zB*f6T5Kyt|Fhm9dS3{9bwCV{ar{eC=5u<3oE_R$;gk%&f#ItavU8_|hY-x~%18c~O
zE~k&6NWWEPLj6dUf$BO!lUBNz;2mHZ#=6ONRY8nmt($ZBju*pvnWV<n^;)V-4BWm5
zj6)I=*eWaglAtSDiLcd6To@W7G}}mGNlvw+BwuP^W(AAqMgu;pgi=77DQGv#Ibtj=
zt9ZB8RGe4<7G#1jeLMqfUxLX-!Rn?gZ(FS<R#SSSDRM)Y0Lv>C&e9770q*oGU5>}Q
zw62onWQ#AxN9`K%-$(x>dg*LF=$D!Tp2iwt9>fU!b~`(iqX^UznuOw4;zF^SjX-WF
zk>!e1*GPIP;NWM<Qr$8UUt+6HaUj^1nk6{3X><dtrlQ!u9SAKqNbw_8DyCpk<4f5Q
zs;62Jpx;J};I+VV3b>qdN8ruBzEMZSWF5+Onux~Ni?vEGQ?ALqVYm|SNeXOOr3lgO
z2%R#^%3LDqQ(+VDA$7Z=7g4>chC*%`$@uw7sET3*JFrk)ixlf@HQ|lWywC;_Q-5TD
z#gQ>i^l&XB7#$D}#*DsZWh5<Ki^s#wp^>N5Y9`f^lS2(thMK5zXe*TObxWco3Q;4f
z=F<hPNT%Xsx*c_MB@9*jUA7+{q<v9MmPR8unsBg^-&T;0i3Av~l){WxCDMAmYx#Ck
zaOGhwU2umk4<uVHXJuPGI_S4^@d8_DS%awDRo!Hn0im!wDwEk_CQFupR*ZFOl|E0%
ze54erD;)5`8fJaap#-i(=Ic->fve?QSq&#yJ>ShoJkji^W-+K_i$f0$#WR(3ugNtc
zk(I`eT4*n+wp}uj>k>}e_u_?SM__`q-Z$Gg6G@dggq0dmFVl>(jHHD6nLbm=$D>kS
zb45<haKKyW^>SET1hm}~>Y<oqW2GW$mDJu4MyrFaoOfLemp$#j4}Zy~L10m717}f$
zBGFC-vKr}>(XvOS@X)P{*o+%Wb%#MMot5b>?RBbU5DiN=a(1?D01ar4uzaPefd4T*
zNXuTxh*pC<<5J0Dr6?nACupYm5E|`vc_|l;1Yl`+f&$SJJypmBISsZ4PHtuV4RYXg
zRDi-Ahm2=EoNML1WD;kx-C8ON!rl!7f~&cK-HD<>Bhl~~6hx4R89nDfoe?dGHABXj
z)~Hs3aHAC&lv*m2PDDwCkC)gE+ePfQ*<jN=olE12%b9L9<g-kJYIeIxKLC0bM~NUE
z%XCLVwZ$ZZUI&DcL#*OkDn=n@L54ydrW$VtO|MzZboj7ohIFOlrD}!HsGLK!{t#=n
z=?I%hkO);T)QkOyMD*kV5>Js{8G*yqV$@2HU>{NyZe{B)I+<_>X$)HyZ6__@_pLLb
zA@F+_Lxm2{4ohq?S7pd3mZJi&mcLi`Ax6v)wS2q;g6m+3y9@)T8bU@4ni;8sd{T=6
z3qGG-ssG56+-xdQEAdRDmrRX@Lqr*vF(eD31Q{q*O{CqFSp@zkl^Dq_3P_WP6%r&V
zq$hArOty<YEL%A-!nlaT`Vp0Y$Y`E1TM#8%7?lN?rmF?TF{79#{r4F^SgGE}y-tZP
zreb0pFH{T3mSk$2k&{WMm`XQ!S*?drj-rP?s{kq{S0j8(z^I;9AYexWQC>bQgaot(
zSV$%kM2S4f7lfkI)Vr<5Kui`#fs@k|r%5K{4v3LwV!dv(k{42DtCg;0aM}?u5D1f7
zMVx^YQiwx1Ra>e21y&gW+g?XwJ0qk+)CD+~hyuUsDCHz-{;-^Pg{+zFz?u;CT3V%L
zr+q04F?Bm5wS^*xq-V=mzLQM1<6S0MZuQU_4MJ`WuT|2Nu;z{e-!2A51k0cU9<Rqu
zfg1G*$D)jCi<McCu|^hEg+pBo&7&D9(TXWmh7n|gjOhinUB!@$Q%ai!mI)dfozqLT
zghe@;2Vy4Rove@*ws;WrkfM@lfm$?W-06GSGO!o)A{KzaUX@2mnCij-SeB9OxI@3*
zjD&h1rpU`Fk=LxI$7+gOXeB#5;z2Pl%LA`W(WW3Y?GNH^VpJBgXyAd#E2sXy_Fp+5
z0Du%~Risk)7$H$+avWYwfzU{<MW~405SeTR=LssJjMCtzx~Uk4r1f??H>_uRwR|KH
zDah$pl#(VR<q~8R5TUH5StbmelF3ws;vk}d)|?C@RiU&R2LhHdfU5wp%LXGNv4Ou*
z{?cx;T|J)@%WPFFbFmy4X*ogYBPh@w`AjqucI!mmX}3#2t(HP0Ld2@gf#t<<%X4!z
zp)0jJj+(C#WvDo!Jpq9Qqu}X1Bnwv7g{s+MC=XRjS+I(g2@Q11swS;yIg}%Kg~{i&
zUJ8W6TAI{u616(5TQVIkz=_eQFe*qT*i9sh#ZcBMa3vgL`*hW909QoC$ay`AYU=$^
zt(}SK0}B*|P8kh|j5k=|D^^D!&QEn9FBpIqj|#l)q)_06s=*kDs51%D?CDO#BrS^K
zYgID}Vqs0y3ry8&jwmbX8@7N{;YPZWFXDr`ZQ~kY^{7q(PBCpiX#)Myr8TgS7rc6c
zdLa;PgJ~GNzumzK8izOSz^|xXPDbrepJuFn5v}$+sEde7N_CYW4rP#zrf_sUlj5DM
zH|T{7-e^e>+fg%dd*qk+pwCMlVf&WSk|{C^K|;NolDojP$)s{&sNp1$jEQ!PP`6Og
zzzVu<J0uk?9P&ewLSsUoP}5e{FUO-fH`mkUMk<@p%4P81FoISo1xyn-6UvlIfhR_y
zDT(QsU>O#imYlAg$(z28R5`&di#-V@BV5+k;%Ycs$~c}QRs5C8|6v<$2>rZSX3D0H
zn|?Q67;!`btWay|j!nUms?|lmZ}5Cd%>wtk)F^S?4z5>4AP;SAlvIs!JJGIEMjzL7
zkJCgOxEc{44)b;hWt*m2?kEA$%%%!zvl6XTkW5+O6)!i^z|w~RUb+8qrSY3MlpU3c
za6TB6LOKc}F(t!o`cz$av(Ze7_87BarurZnU6+Yo8${u9U;!za>te}p2`zF|ayU$e
zhOhw!WXk4iY1~EacsM1hVItySz2^U7@4eL=SF)|!2ZBLpVFCo9wFW#WLTf>QPya_>
z_omUt>3vRDmRnyLl`JL@vDTbpxJXn-hp6eOorB8@^dX|QuZFa2rBbry7_1tq8GRio
z;}SJt>2aozc!s&l{1n$bryl-0y)QOx=cj_|xi1{`!?$e4>PvK%5xYs-7nqoPN2v%O
zm4y-6Imw^z|9W$t;n6mbEm|SSg6Q_VclSn75SLI9$J+YH;|;sp5ALV=|06GNb#;nT
z9KXVHIcWXJ>sxtTy^J_7X7z^i<v&}>h+n$U`7daP!8B{~KDvc|K6Ny3;<%~XlA&xT
zez@FaCcgJkcr-1L_8m^G>XNB{dhXKTY_AKd8n<@pl33EE7R~3u0<A^)00Dv~^NwMC
z<~A=`f~RrYWX>MBJ_<wl*vPfh|KRy4_pEp|>6ztv2XjDv=}RbmRjW*wci$JpRCfUe
zwu5x+B^fm{N~Y4<=n0xarspSb#arVb>83z9!Q%(K+(84vilaYqerOb7%pv6qJ3^=$
z&h5j?I%_fEsT#XfuX*<>zVYt+W^_^kJSg8hNM`Bzeql03QnMJD=9Yp#OS8JyG2!d%
z_89O@4oUS~EHkuykxa=qa`(9<$7WBLa097h>rN*I3qU^8&%i)6T<QG<7LX_t5&RA=
zjz7(x+n>(wKj){J0<(N%1+i`+BHOcpfa4{33Ydf1tRd6m{lUa1H-k9uSPt|Uj2)!B
z8;bn)J<^vEG<@1Enl`A2Zx`(CqaLZi{1<=qI&AKA_(=@|XSnj|O6BjFA2ygc@3O}%
zAWCSCGw2QL;2_{`?mgGMa&09@77jJD8LIS0zJEIet+d=a3tnmB7g3o6D0-I)3^t?s
z!z`Pp@ctw=79<}2+xK@kC)yxG64#6>k)RJVKdmnMMf1}i_jlW|Z|AQ2Q~^ETa%5)O
zn*h0_U$ehcz8{;1q(MXw1O*{9;~^a$9Y*C!W6G=Hxssi(b^;NQ>znt|36Cyxgm>s|
z+GFKV&;~LqFOgp_EjQVl#rWh6RtW#)_a|fV^|BpPj|hr40j|PE99F1|y(5s>Pj~j?
zCUIk}A;?!)!FsougQpm1Q~|?RAn-i}{hs&FsC5tPj=SYEr~cUQvurIOsGA*e!=#|V
ziNYi^%X|qQ)BoK0o$L>s2NCZX*>#t#5;q^d;$w_CKm_SA-YBw(0W6Kk0E2t4fV4fJ
z=_Ttp6Y^zUnu<0+>Oo7U_sg|#ou9#F7jzOJvf5^$DkP3M-a5HXnG(`pu}GUz3^bHa
z^qbS`aYFCL!E8Mw`Rm%N&!Kj2LawjT-u&Uc;~-n4g1qyyP~s<64}@a~&#^kcmx*N6
zBh=4o1!w&~aDFp{6fy-Jy}#Lh5Me@Ud9YY~sBElpxf;E2=uG)?05}r;_ncqa8-K&i
zX#|Z=ha|K%vqdOdA_#8Ne)m%YXMV6~pt@D#qln7ijeM?L?%yC)4evsTO22-8CHaTJ
z&Y?XoGxhDfL4~aR_smal%LMU7iA;m0OT`=Kxtm0`??prj=yP#fe}Z0$o7k*AfNkb?
zNb5NWGq+;%vmVc>{4@8T=!iezqo<_|t|5;S3|hCa*uFrKVCmKkY=e2+IYi{DQD-}u
zSrgnO{JcLMnGAFqCrSRWoru>?jEx^I$X<5dm-r*|kJ#&rs^3$!*~Bm41l+?RaJbpf
z&nZm)j^efC_(uC--h2DS<&Wr&LWcC&8Y#qv8z6P!2j8g5GT@{vH^u{viZ)2-mU%uy
z&gpFU@sJNOxp@S&{@eF|KhCe}6BSwQiU7P~;RXQf@Nx~x1k(D1-FJ~`T9<2(DaKi)
zJ$ig8j-e)TkhmPqwnN0|_DNI-6IF0BX0jVUJnxqWqUwKQ{wuYO9Lo|c-lwm~y$pVH
zjL%9*6szS?r|QN+Szp<{<WE2A*LzDl;X^^=-kp*A%KMA=X!8+BH<AXN`hMdq?N8k1
zx@@6dLF|>~^$HEtI#(*v&IOy<bY@*pMe;S+>R!QFE>cOY`$pN&)qV;RfY;DC2>Vs(
z@_ST!knH0?k7WpHmwHwcd&%IMBlXLEcL581@an85xr3`t#!=5g=U(ExYxZJ_<aX;G
z6-ea8$p~~@K7QPv&G!o>ULB@>Tb!+5C1jWy$mt9BGt{z={F2YC1>cAA%%4$1171rf
zzn1eZ8}!58<_v-a1@#o$?GeX>RVbwfigUX0Y#pdXZykbP4d;NM>40u8+N7TAciU$_
z0O2Z-oHJF^{%+gc*wBYGC`A%LgxUDs&V=HrGaAZNN%6iuzlR2zg}h0=hW6{&()Z+w
z*3H-J0-OQ#rIp&u<|-YgBV-bT9BapL)?n=v77t%}fMsR@J|mE@{6N{G+B1;1<eww4
zdZPxay+7p-=dA&0XEYQUKakoh01ps0E_qydKTXiUut^TV0`w$m2jJ4W=Or)WiZDXk
z%20@YTj_<opHge6AXK25rJz)u5v(QHz73#B9r=Who{j@@r~aVCE2#4#CPNNyt$f;<
z5JQCC!Oyqaq7ItSi$q(opQbZ38GRRw!}F>VO0$HFW$ZT}|G2;T&*VRF>1OqqT5MH$
zxGq+~(l;9lyz9NSvcO>wdwf|o{DP}Q{L}p3*L@E`yQZ(i{Y{xvX*SbK`;amx$WHaB
zc}cdI{jfk8m{!y8;|4)w8=gP!R5FPEojGQ&we@k4Jk_WU4iz#FveJM14}bd)fBO%A
z`wxHn4}bd)fBO%A`wxHn4}bd)|78E}Z~x(M|KV@{;eWWl`M3Y@xBu|B|L{NDpZVK=
z_}hQ@pXYb{?LYkOKm6@K{Ov#d-|s)rHeNYgP&l8Vt<=PNIHJEck#9OldC<CqLZ$}z
ze#)ZW7U*e?fEE7X8_)&}W#xPbpwc6gNm*C@2?AAqFgbd_iKm744h=|A7fUzNn^9Jp
zA^<nz2Yx~N@AId?8VxLORl9PRheB!@%gbc%Q8l*7srhB<wqxKPKeDI%F=mL}wfW7V
zjQsAP%X{-YgQAKa_Zf(c`gV`2!VKuB?@7#!L$Z-(E^Opr_=-fK1aVx%5Z-+$dVm6D
ztjGKL>3P6A`SbV<xC=Py`7VhQF=YR0+;Nfs>S4>5#ve@+e*7A}$~YpkV`qO4|Kxr{
z7J$@rGb_UwsQjU&LTxg!e|d`&A<ua%n+9N;=DJV6C%<&Paaq_9lcYV4o&-jm#TXDz
zK4N&o9U(63F=EgXguK)L9)1N*v67e*H@0aWpx!ghz!Y0WK%^)h99{CxOIDNY+f1hL
zi}Kgx+-$)D%V*vJDkPxYtA6DHte61}jcJ*Q*J%D2T`*vc{vQ57<=qR@l`X7U9`l&S
z4Fv#-U!ULj?fJ)lpZ}th+rzZ*sow;-*rGvz25Pl`&->@c{Oqpb9flB1u4A_7nq7Yw
zaZLW6{+KM%d3R7OX++z5QR0)tO0<FW2IrBpY+Rj1G7u6?**?0|OH+rJK8hC(bi1j9
ze&8vG8aNaQG29$<wMHn^nlEYp`~Hsm$NmPvI8g9r)cI3A0k4U0Db6XscZxbkFzNF6
zV8Z8?EJvwLRlItTnn!sfHS>eqE&&-L^k{+L*gGMNC^m17`0G>J0|Hp-OSb?qi5zz|
z0{8|HO8R&jTC3mU6;6^@2KYVzTxDtX!&PY{RJ<!&Nzm(fbOU^958zb`(cx*HJN%KB
z5ry7gM~2#Pt-@$A2I94hRedeL=lnw9Un+3~Se6`va9=ak0%-Q#H>-aDx=1d_Gz*jh
z4)M%2IQ`;kQES8LA8`qQ`r=(4A_FgrT`!nqJ`f4rHd~y4%B5%}fy<^h!o!wFMEl|z
zzC27I_DOWq*f>BpVi@i#gMQ|Z{m73XP}VD(r1*TJkhI>2k9=LvePN(@9K0=cAXxA0
zpFBrOF;c`ygQn8;Y9XE_?U}`y*Bj8-RVS95&pR8x=0b`$kj`CWIE{7hG8O9Sl_w{p
zu}xh8^TJWlc^2zhGfR*w=LwT3NKdMsM1h}h1gau0CW!s;J;$DLji$Xl#4V)NaFzHY
z`8RWaFe#vSYtctZ>fLnk&lLraEs17YlGFfa__yih71Z;xdR$1xjx$fk`2Yi;33_?m
z@A>{%8=u7<0mqNR3MqM!m0alD2D&KQac{vMwvXmoCPr_zp#;#D%+(MAV`0rv11^j}
zzp%noi^b$K9`eB{wAOk{|Lyr_K7Ci3OGcjpIF$%%^Rdt8QPljaaMi^<zV(;2Y7x&O
z5zJ$tVpgagG{n`)k<mAKWbpvp4bH!K|L`N{9;QPz=EVif^Yjj@XeXsf?nHnOouP{$
z4Y$Ghs`(NCvWe)<&m_CFO?_7Ut5p)c3>Qpwe4gT)CnQ#l=K_USo9K^p@N>Zud!s!k
z5q_xoh{t+bA^x{&@c-@km407ctoYAHgwHbxF);wn%hW836Zb7cOQkP*sC*nbw6q2)
zin91|NpdFQxh{3J`1(EksR#1b%V?xcEvFos4f}hUJ{is$E(h7xOlDCv*4!o6*=U17
z&WAd^h?pNeAeO_$svmp(8eAUWUfUpw!?v%7;?~2tODw(K0GN_FUZA>l>H{!EHM}DS
z{v0XFS{R4>{FHtFd-}7r%2$(sKdGSzx=TaTGiX=C8EGpIkK<0W8*Q>&mB+mHe|r84
z`swq{&P5Wj5{3u(m|Cq+$3${QSK0OsOms4z8~p<yIR8X`eKMdbIdJhR&-Ii<{%3w2
zDAWNNO<e<JZ&D6w>-Hq`+Qk0|KPK=4Y$`)TM)-SVB&b^*Mg$&%CNE~%eWIxkv5Vq>
z#@+Sv{2xm>ph*1MPrc;g*=^tpI3t3y#n4SeW>VB3)JRqEXzB*dFXa?Vgvw$I@vG^#
zP94zxistBx<F$-nbyt-aRR&Fh16z^=u(?}Nbe2%dt3;T5X~QazsESYGbt^A7v*Aqr
z{B!)UeQjHjn3hjaWAq4cWEYAYJpA!F9q?!0$~+Cgf|pPEAX6mk070Y;h??`tIoNfg
z^9@8VjEOU-Sq;hvc<?U%#V+KJ<k#NscFwXCUb5kC_b0nP>i+l_A?QoG@^qu(O9a}<
zr&%D-@0tHKXV#Ay<WJQEbdP|o6ePP{0>U^DXf>+-uV46y+CJ@AfSby1dH%&lxP|z%
z&;`j!-WzV2ZQ+^UGr#%S-|@t+3N?<yYrTNrR!;8c{QHae6R){#N6onwGa2CUJKD~b
z$Tx=<n++Fd`j{QegVx!~Kuh=6+`nrz#)%uw({@O9VEln!dFWcLgJ`X-2A!HNB~84D
z2E2QJkH16bJJyFD_)BK>(kJsp++%M`-XC-}tJ}TE3*|)uFUwW<_4Ci#XuW789(om&
zuOJ4d=qU_;`}?PhGg~<x{A+VJ{HC_?lWPEOi|IQ3$_PV(me27naq>Wak^iNl$;`=t
zxH(jvDbp%l($<jq<^H4}^Y_Ka8`titHZ(4WA$@=y1Snnpp7YDk`=_X|IHPW@AbcI~
zeSNQ=xJ>}2f5zAH?Mt$Ja5WjJAJM;m4}a|hZqoi0*;Vnvdf6QhGb&c)Q^xQ%hNe>8
zdW#$LdzxhZkK|u)GEg~DY|DaS2H)p9+9$?TgT0V@(<_juqt<<eJcX3m1c2VxL2o9r
z6dJsoiH8aE^Rd|N@B;35tE=q_hZ49jfN%Ow^iKsMA|*f#ul1|^l+5a4poY-DTi4T}
z@+_FjLrene_Ck+k_XNfh{j$zjAEOl^YH9_BS0b=^BD|JGNa>hdw@A`3|FthP0q`fU
zS@^cBNHwW9{+Ihte(rC~mYVM|$NHr`T}o@V58|zz&54@G8zCZ$tP7PUjV@$w3F`ya
z>N9bfg7s>b<I3~1uw8Whj%wbyU1S2s`k~Bb{$I|&ZxauS2NaOk+2`k#zMhCi`w61D
ztSyjVm;`piR@&qy8EK~WX?Gh+ReP>sQ<$d+h871@y<D2|Ww72$KYl@H0A*bNp8X4~
zPKefRxO2i92J661aO@ZSv|rEf!z0EsFT^^6fhe|*1t0`niDP2&UMS(EI=$0{3ID<t
z&wegp54jrR!c)SV$vld%9f`#Lv4-vim+OatX~TWai2;zvBC-=!PlV7}!r7n55AT5f
z1HC&h&q@D90<+gXo;bA0rX%R<s~I85mpUv19$@!09}sZQZ#@a?A|RpLIt{d4ixHPI
zpuv&7JTxk=jxWsPe~*9f=lpgsQYi6F*mowpD)uql@CoJmKj+^=fsgXM#~uhZjmN-#
z;DE-FCp2q?b&SE#rsdm{uW5Al;m7&^kN!}7BAVs>nyn|*+;Rj-cXKzz&Pg!49>ADI
zF&wwEmO^RE>Ih^&L#FH+1)j*#R$_fTlx)p8_hZeZDB-WzRWHb^unus!_=c+vM{k_h
z02|`H{d4{<D#h{ZNYzb<i-$tIQ@Yr*iqQqu1NQmoPE%zd15A~a26*az%k%fuBIsj#
z>OAaz%;3h-phFvd#K{mvcaZeiCd#hV2cBgAGIajx`T2?x3Hs<&SrtD3Lkss|=1c!F
zELyYNv|1e7sY&TFfko8s;eYeNDjceM0!gF;V~qUB)asG{bI-s3lm6@K&|{;`)((e}
z(oR3Fl14i5%jf5MRZ7{*kTUcn0aX>KyFHW~fBX3XhYJ^npMCNimhm(lGhT7#^LzSV
zEWrxa32{%BmwIzl>ot5)VniE@H|gD0Zbfw+r8F*A{>%C2Kxh-g2mx}`vJllmsOq#T
z^uPW6qlhB>%+AlHy;f5{D20}uKrZ{c`-4CBH%`AUv*SE(OPJB84By>H;nCldpZnQA
zk-rF%&|}RQq<J1r2sjKAdiy=+mmm3IJ?4G9IQ}9*t&LQQk+dkILD{IKij4?&18sL)
z_V>p1`fu-V<kDbh3eq;Q4(Q8#8j<Rg|Ly*X=i+YJsqtqzx{SI4jq#P*C)vqFZ5C2X
z$i8e^Lm_$Y{zra)0%v#7Qs`X*On~d}q`%+O;pvp3yoJUd-|>s_j)Kr4Pkg>s)VV#~
zqflN!NT!TS62aeP;ImM$rAr;2qPbAQbu$R3rKg$Cx1%~a{^1UM=!pOJ{#ZNdCZ)DD
z@0`J8enp;30zCEZQ47JaTml4qH~vl!D7q<pW!gPr%7B5U2+Sy3kZ;w0&;A8R{l}o}
zBf3@W#)&n%yAMGu+^%|Yz%pSDdLCcYQy!9s6$jR9RmP_IEXXu^>$S+Lc23;uG?6EJ
zKZi|_-r@rwL4HyH<+&Ixp_#9Yc`^*pKo-=R7i`C|+XIFY3X_~EV1Vd+4mmH0Qz%=k
zNO7WFoivz&cQeonvV+;BpWj`>_`53FKpm4@`%AcvEa!=tGo*#K3XAuvCG?`Hs`sq)
zh%z`=Y#0B?{V5M79ozf@rNo{ycb?J`3bNKG-#MOo$@2r0M+pN(Fv4HI=VM6wOeuGs
zTm0{fw_Xo5Z9{3v74w)~WooK>z6|(-{vQ9=kNHa^ftVvlZ3(>`nYD;**B;|P$S>GC
z?V#wHNJh(h6O|4KJ*Huwi;H>Gj3g5}j_|FgKq#90IRD?g1MP3pAqhUJ9s~KxEdK+r
zL9P+{?306;2bF|tt*@$eq)o1=H7JMWBXk#Ld|8Pre3+q9hSSi-%3Jsmv0lbFfL;1f
zvCQV;45<8N))#?fZl;}<qTF}is83t!nDnZ_76QGR@@14MF13N9@8nRFe)wa5`k(XP
zwVX^+*jM<XyySsZ$eoR+vY#*De!nQflNt?3s2k#=M{@1|%Tm3_fw{(q@!IEBI92D5
zeE)k<%I+VCf%QSDyn&@gic;>+J6D^p5ig6>hn?5lM*!3tzdL`dTc<b5D@syVowq2t
zEJ#8yzkPmM&Nd!t$@c(7^)HWqUyRSI_V1aWdW%bVEsCa!&N4+xE5p}T%k$o7O-4E6
zUDB-Sd?U*{5ppW1<3PXQEiGCcHmQV`)c@`M-5>Xt&!Na40Ln3+dMUo5H+H=0P$=H}
z1<4Jx374mk56OjtEdD+DzY1;r6E52Xfk!*!nGZ@G+|bOPD@p`$ET5$NQU<%$7_a@F
z{pDoE+K>gHOnh~Z#S6p+6|4KXZbkS}Nc$m5%C2*wvH8R=@?T2@du5X)i75ZX7w6G6
zl308hzq{UI!;2pMT)oJF%!d9w?;kSB&ae)>8=;?JoOxZT>j84JA!2FL6>ABBKMUdY
zVYzbt<^9X<kds<S!XtIsI@mt7A<J$5%lU=G<a#9=313~zM6Hq?O=tlYs{4#V(S&fY
z)a+wQ9QI|czv%q(WB&zWo$mFDMfvU4&`hbR-4ep%_xKm9?7CfQ<0quNps8;jYeA)2
zI$C`#5`5EjJd7g`tZ}yJAM`Jdh(rVrcp0CpvQb{IZGu4kbNM}-J|sq7zd_tv!f`J6
z;z4ePiP&qc-QeB{weIdH&;?BHR{!N#QY`iHHY%lx)Pd6cqVLbDO}@G`4oZY9D<rrD
z$v8uLCgV*Vrg37*ng?uvSx!2{+-Xo0c;7#+mw287{Me)LYZy-wN&A?s3jAbg1MgpG
z^GEW>e&k0b#SuLCE_;DEsDMP?&b()%re^B6P2!Y;#qU2{g<B%L=rF9U!4gzY4r^%s
zgEhXFYM8ssPjSt2>fwVHz{RHR{8Ugq_l2W=_?FFBeTmL8VmE2~a<aiYN=5jnER4v`
zNgi`JbBZ$S(g0hobUeyuB9Q;f^Q%fI&6oUf5&UZfaF?(z-D+|Q%-jt3=Hbo>LKKfp
zb;u(n2-QeQhH3}G>sEhHJ@z%LKr#7vX#{UUwbs$n_{#3?kL-W!Z#a9EMe9`7cMJHr
zZhfk0M=q>e9nQ+=BNX$g>Oe(%Mu^*ekNI7WZ|`G0glnsEF~#9WSiss*s~fY#;ut<O
zckR<!O&>rj4h1Bc<kOG@g+S5Rc^&OHw=|I8ueUlVmE|AIpZ{;?FYTnCdgIlSZ56td
z02&~aUlcZ481oQsP5cbUh!vhlhDbl2A5^AFqxfvNklvK6DhVkG*>S0{gQNgY)7oMh
zL|fNxAA~=WA7g-~4I@oxQ7EtglDo!1RY@Z_tmY?b=Dc16%Q7-2TjJ|K!oT&xjC45F
zub<hK%7SQ50{Iz#oZr*wu)eGY__M1^U_*iv>QDOP{2yenn^%djh7FLVT>7SPW%l6l
zA^L3qO!B*#(vGcK8&cUlWcB_j>qzVbUDh_Q2Y*5=@gnc9$93Jz0oIb)V-WLhna>V_
zQ%KI@)us2%GkaVSBHiW?O|g=FJUI~3mnYcH`h^t#trw5nw&WUnxaq@$qT!$Opa0DN
z+Z#_*LWpqsmr_3K)DzK><VHTLVK8Zrd?Pz;+}zKh@P7}#?#KNb{mc2!^!R8Q=O9%3
zX&5*9HpZr;o@SPRz8~l8;5WHG35IGHD*Z+LlL&fpnc*Gh>+@E*x3f5dy7)QQZ@XeT
z%R<e}W9fqmPX5UL;8+gy7>phCFS;1{?R%szBgp)4*9f#G)Dymp;f&`q%4G9>)b(1u
zr3!YQ&mpAog|E}!!yh}Acoow9sbR|NdSo#E?By4(9qoIb+V(s6c!MYiT`0Nsi}+(N
z8t?_AiFtnE$D33rV{N{l-^1_tnLnn}Wq<}1Rb@&>MvvFvv%Iq8OHK?^8UzD8v66--
z6e;b$XMguX>{`?AqY}pWp$V~d2E@^ttMzRmRmnJ4$^@c*&j$(rp7)Q*f9GAeAW(Xr
z#d<r~Pk!u~3n>N&jgGtlb6q<tSsRMxZ_lrvt$eUdhD}||8X+2LVx<HCv*6xy4T67L
zDKGI*Gn=7G*0c-t0WvtRV)+t}zQH%B)BoG~6F2^bo6`sypAJcAZDxy5cI|#ZWr*x^
z)vi>bbL7mNBMrOOge<twlWlT1>Ws^Iy8em$gP+eYkPe}~Q-DyKSNgSD;zWUNbG#th
zN%0ZqTC9$L;nE(T%rD>nzQemn%BH&@((IJSh54viX1{&^`=-Qzd~?^`mzIrvJ507_
z`?u!@c#1{Q7gUHA<{`(eHqVGlUemdi@XOz7Us?4h3@Y>w?Zvyndll1I>3eO$?UFdS
z<TL(}{AP5-pYYMsQU=$MM+pY4TUcyglHV-dy5aeU$DKn&E-;UIkEvS{<@;==murmB
zI-p7|@Ngt_Ps764_qQwYcC&+Dl;3alEfJpqJJq{Jp}~Ij=`^G52uRNY|8>!tX4a-c
z1^CU82xt~nrnWh^cpVbY5wcSYnhyt1fG0+>%IHDR+SAwnNPo=9L|>^V9(;qD@S7Fp
zd|7l6VnHwA-SK2OAh?3txhsbR3<f#0Nx=w|zKMjk87cj0YwRdpg$(|L1gJ0(aWdwu
zuq2}Ql{1bC&a5`~O#3RW!p0Ts3V|BjZi;zXS8dXq{OBL}GyO$wg{xf29>f?Vy2}hJ
z0-R`m^58LHUAJMN_i4bMje^O+kLL$ZLs)#Zg9}O_&!^?|iM!=5;)f)AbIet!-fEnR
z0ivspwx2WiSpiO^)X->dCU`DSN8^tFNPi{}3R3DpGr^|khx3?K`0Z4K9FJ1^epUO>
zTb0`Q!6wn(kMsXHnd;`Kvzo_&)=GurY<V`!_7RmjlU=9QiP6zre!I@7xShHi4QO5{
ztaL6~8id~3c`-;x=ZeNM)wBoo?I>MZInZNpmDlsLX866^H(yK7=0|?hUw^}-vbwAH
z-9@BpJ`1+BnX-nbPsNaxr)hLwW=WinPp9C#3RM{Znce@|AT500nV`u0fH*3*RXc|T
zx71c3KM899+cOSFG42hASlN-z)@x9-aPq2eQ2NO|H58`-tzyO49zTVAnxCAy(&Mym
ztllnxbx0-ft56mynjYpx4YA2B`=fvIufKtpCIaoCAc~-pqr6a<jKBT{`y$O^w)y~h
zj8zFEb;|$sH?ZS9F<mjd)%wAsf;cSi<*&ctufL%V`0s}vJN_N_Zt8~CUw^|^zqdUi
zzOQTUMF%2FrTXh{`1k#_fBg+Vynp`s8{~-60w}-qG;zB3F*Y&(V}AXwzu~9;&|iPU
z5B~7K{)STlJ!b1)bXjO4k|K%v$6tTLUw;E)q=2zo2hc>}=ltMMyDs3OV|mw7=*_sQ
zDh(!(H2>>wFx|ynu>s7XT*-f_5|zzfJ;%`QS`FW>tFVLp_LutWZ?IVc=uXZuZA3*b
zY<qg|M{kOKOCmBPn<ilYp@bM&=U;z=c15acSMKsqNG)S|ne08P#x^-MzX0UYF>sF`
z*;D=)GsN!N{N_+bes|F2y?LJb>u-<-$vPL`xHT7k52o2F>ugG6(Z;WV&2;FAq}HBm
zImQ&2<s&O_lnN2qo((k8Qt}iq2eny4rpNn(iBE10>-?|3!8aSSc1TwJUcQn+q9Ys`
zzAD}rf~{3ftx21W%+Z*7VB)MC*feb^1dE}HKXiTjXZjm#N`b?>%tk6+_dt!OL$I~z
z+cT93a!w_EL-OA66{&}Aq?hc|#woWgFP4*tgSW<1^Z3LU2F)yw*VX6-=?(Tbm_Y+h
z%<79J#GMRT%3<4j$>d?Ufo|mt1P7;sa<FVssvs`<v}ddOW>pkOu|lyQNrl30t~!&<
z+llep>h}%5E+hKX_}ASF@!5{G8!LQ}Vu!vY-FxT}GcZ=zPa+poHA59^#liyskMYK;
zPP{_v@Z_?6NQjt9m}=YATj{<V7vN4$$}OQMJ%EaB_8>S8t*l~W7(*QIXqjN>Lj*>1
zlUecYF^1r;l<)fHFQkxa*45l^yNaU_h6A2>#+AdFuOK!)S~Z?V>GEE6CcGofTmv>8
z4buN|5MRV0PY;V#ATEpaB3*O+^3a^u6CBzC$fmOU$NnCU)kF<m!#$rj@GcQ;JKZVi
z)dUu!oKlHjtJ=esik_J9h>GvOdH%uXAI{HhF(#Ll31^8^<OM7^F1-@$@5#S)2wG{m
zbr!tR#4n;U2?)ANrf~SzJ2Q{7)e_&!I5=z7-_xHajAD9XJcZeJJaA^rAMbM;TRe5P
z_KWJLF|K8_j_ap}e>;B<GVspK&l|zxYfZIzCaH8Qe%#-mg}QWdx?kUuahO$maf{i>
zBQSi~At^C7!^2QOrCl35K`#@$u@aNOyNI25&#y%wLFm)&)eYUJ%xp$3DFz3=`X!_)
z>o&+SgfIEY^~#;;8B|m+Y#O3mN06h%n83*44z3LhKal8q&xie@2)p`}HEKkm81F+(
zJMyFYn4M~ymLpNi^X@_p&Lxzfzspf?efHH8WKr<MKVz^dm0!15wwbCaHmjsQ_e$Xr
z1ANT2F6`9|)!n6_5AyNb4{z#>)G43y7xBYyz%C4X))9Aw`PiC@N51;~?fmE2$VA?`
zUzHDg`ir%XEtpyVm-82X=66ITd`UqleS!s#$c{2RpFMxi`{!qV2U`lp`Wip-#~zdv
z=k8d*V}iUgjhY&LUbIBL1=ILYDD%tvFEuzh*7-h~L^eHitJOWk*5}{efBEhE{~@H1
zDd_0^&Gv%`6H?0yg$DqK1#Zx8M!J$CDd$uQ_4Ld8hp9m5XvD;{j`rw#MAL|$Y-{i8
zQOiDqi}g&jCZU!{fD8V6`Y%i4vLA=@k$GX-_L=&|T6I@akmnaDd1YO|pRH(C=BY`>
z?UxU?&`2Uv67zFHn-nj9WPcTVeNpv$sy3SdQ&|G$aFCm1)imXyKW%EPN=_3)t@)gs
zAN`S*L=0}}aEmCgH=x~U&T(q9az_2qy{JAEa6PjZhNDfFOd(<NoCIU+5%Nq2&?no%
zIC<g(Gr}DbVO@O>yP0p{U`f=_i?`7v^Wn^r%h#VE{NLuUY)5S`iy~zJ7R3f*^}yQ}
z>mKsB&`5K)$*6uhNE*H+Br6d9B)|OP5i(u!qRP100@3dwQHYl~#emzp#@jBE^wAAW
z87{VW1aVYd`*Ve*524K~9@d61zLDpf&<QC{p9YN5*6_f!5W_S3Geap%+*caY?<4gy
z8C8aX5W7M)B`!$+x93+6O!Hn*PU_=16TT09XR24B@e@f=&LNe5G*={iHtW{%YfW~!
zh{DW+9MayE5+8J8YQ1C-wPG9!=Dg0EY0nhWECN|y$~fYAMHi8S+ph-RaPpe3pq~%X
z|K^b)BG1A%l`me3J-Un}061;^{ap}SoWEtSf8G@q0{V-xv{>O+M&g{ZouuatJ1pq)
zBk#^c>2(Pf+jUcqBX%CHsS~RPr!?>~&LL>FF?rV<D8@;BI6Ay6P@{5VZu{a|FhR&?
z|Gp6{XS{Hu3ORT$CZv(?PtnOyAtfvexA$A)^H>)9RJecir?{C0Yh3M=vIfr_d8xPx
z9}n%W%B!P7C<Dbk>w*}}yrM&kAECz12=88pNSZ_D9HU;lzQGK%ETxVL<!BgVlrw7}
zK>c=9ZYwY&4eR*BsTzMg`?HDf*mT7+vffkP`V-##9)7`)#p@Ca&DIQJ-51`obE%B9
za}^a|Qp5CQyclY<0%dIWAMy7DPE^)J47a|ez5#8--6c3yz}D_U$4l0d*~6bxFJ#=~
z^~klfsP>38W!+QaYIx8A;}w&b#F@d$7cMlts(B*!RL&K3DUxgpw&(a!ITijh2w_{|
z&u!D+b`!pin>)3K*OC;FI@x`CuGf?BM}!!;cXKV9CraL#D|xCfLa<asinq@%Gu~9*
zt>y^5Z;X(d57McyQ}%BQ(1hBk6kU#zb|O^9O1Ay{B+&~&Z9054+Z$m13ErMQcol1%
zCwGpr^Uk*NcZxbkFzNF6V8Z8?EJvwLRlItTnn!sfHS>eqE&&-L^k|73^-c&Qip`rN
z{`!>mfUtbGbPGc)a@+w0$Fqh|(*G&{h90J#4b94h()%tW^pvs?w>-{%ee%1fhoMQ1
zzPRf<ZhwzIhLeBDU$hEj_WQoN^O310EI&_34DsLYUsRbREKb60p7kcvRG|a|Fuwe9
z{&9t*SJpJ^g-x%*c(@jNPZstge~w3ATB*%!uF_#TLM8#aN7^x*b^3zC;^8Zg?%Ngh
zB!hC@2g)AR4)|v~{~U?c8#Q5WFNm1I1V0|qtV<oZ!gBzs+Zu4%K|_)81F5|NGG^Gg
z<Z<EsG$DPqNe;mR^dxF0FW~NZ$;-GRjL-suU5I{L>4m(XQfsIP9IIw2C{<?!Yl+|U
z;6Q2Q6Fz!6PG5k%suHgy7$KVsIlQ&<X=g$V5qbwd-)f6GXhJU%ZN+|?&d{W_A|In9
zVH!r%iQB6Q`>*+X`r|+EpJk~=FWy0!73!tJB9D$a=D+(F$v+Hs4()lFK_$)`RLIKz
zBmBX<bqL47WIOY-P5l-*zZ}TV_Xm*^AQAHlW25pbs}tL(`7irWzBUa|otFufxP(5;
z_uTG$Rn7__i?7Y9n_B$9omZvwIR%ehRej~DuA~5)xZ&}_eGAZyyhq&=2S1Uh86Vh>
zX>%U+sO*Zp2yecp6sgUtfADEX@`@&{QmkiVO_0Bd|NL`)t?=Gz`Wy{WYW*~?VBF(h
z_wHt36`#gHJQ<MuS?Dw}7RvAGfB)EjF~awmjYh{YoA0tblxgmR_y_r0S@NWghgyco
z7sjBN=bh-=`Wo5oFhmw%YRm+qw_;O>X!_&%ncqeyQ;6dYD#M6BHw_-JyG}C;)xW97
zra7@?+?RN$5z2Q$!x~D--{e}(CQ~JeV#QBRDK(HHNt`NzQI1TUeL}x4{k4}Vq7pb9
zG&vp7v{P5lV+l+)>%#zkwrF-&Ukh5sP<z_Vql^&4foofafkj7Tuy2^&Gor3mx!zpl
zPtxFYmY(LqfGO<J`@?Hk10)*m01?BuMDme_o^f5)KBgRY&riqXm(_ElgJ<}tJ3xbm
z)Y~VJ(?Lg*L}QeAWB?l{cnA9we9PkR(l(eTP-Z2DSc8e^kb&n@c#s~FlHI4m5>|0z
zl^3wONd1W2>4#;sNNhoGPT0V_pkOJ6{uTlEDddM;^_8Ez4C`@g^^jLg(b5ILTdyyJ
zDMY?ZIGV}cm<a!vUug_=$G17*lse%oc;X-197O!PRr}Z0cC9<`pQCIlYF|DSuD!oV
zV~OsEKis>U`*1ItrTFaQ#nYJXUeP-U==&lc`FJrWQH>gYG8Nu^eE2~Lr0Z0n*Yo&#
zIUBw0C>_5G@Tr!Kbq%aTI+JIAeaX_%`G@{wYVR4vM!j@1o}r*0M0q1`__y=temg(R
zvlV)=5-9=Q(l>AvIy0D$?XEx^B=nH!aE#^FQ$4n`lHZg6u;d<XTh}X4q7$J4>;>Wq
z4;$}U1gMfZ;qv04x(C~SX#YL?N6U8AE)|0NlVH)1Gv~AvH>Gy95#rv3u+)p92A_Gg
zOIQ6K|D2s9U+<f~7s$|pQYi6w`zBf<CpStf-A=p%5)B&E!GPAfP?{VQ!qoYUmvI}=
zL4sbwpP0X#?l5sF1uL*x!9LoSljmnXS#|<Dk7qg+{IJZ9D!3ho{hs^p&;G3C<E)-f
zt*<hF+CuLe>~~6NYI0M{5ZJd#3#g&or}R={E4Fw1=l~n$N|rZH4RKu^|LyxT?vxbm
z_?T@#Nn{gh(2niXq}(ZiJ^G-fv)y3>BUaGI3~`EQ@atRH#MT3}xv1)D>_0Mp|KHyK
z6l8W6Vd?#U(^U{WjKY9;6S*eop79jfCm@E*s!0N3+UkBlsA>;$!Tf#^f*VP5pEB(C
z_#3?7`PxpEWJ7Rl-+~HaqJcDjd45&-$zS;Hhp!3Wv-5T384}m~NF*iw?fJXC%Sj%q
z_4ENPR?JREyS0YA_;6iAWwvZ$qC>zaix;2!_v}A+B<<7?wPtK|cQmITPeQZmzw@^b
zwJqk$5Sg%|^jH`AsQx>DtJwb^e+H~<_!xm!64!7!;(Fk#x2zz2Kbca`r<la#(UfZ4
zwT`BEsim249X}S^d$SQR8tdTh_xM-F!vd3^B*vU-vjWbxRF8^9w06{<&atuyEybaH
znn$y*q+b=!c$id9lX_S3nP}({@{jT3WM+|Kw)uGLSYYRpYr(P-3!=k&54ypVQMRJ^
zA?0kWUi>?9Dr~UdR){gz{$qY+YTdQe)X;Y0(DoRWeNbu;d@!&9b2OQd;klx<ahgm}
z3o)T5Ml*4HbsI}{+pH$R8coZXYk;QtFut!Xz>wgrZ{>+8^gDxM<%YCJY%027SkP5=
zT`Y8j4XL!BS(;XyqJ-sr5lt<fRIjoFi$ERWzF+;TM<z0Jf?+@kSQnTS>3&}E+;sHi
zyw&aG`L_H($s{xXO2l;AOMEwvC)>C@_RYWkknzi7J1(M*bblB{9JKfnghXJ*0{MWm
z9MSsO@w}hJHNh)fn}cXq-nCyaOWof?fW=57IhsLT)i6*6-JSfRBjO*)Pp>HmN2F+6
z2U)B45{tcHwnN}*d!nAQ7i<nIraW$A<m^A5AMOchf{#|)mR*-ry|0@7_2}QTzk<au
zhiPD!I$IZs>gW(P9kp|Cd4WDe)b`bomaSAu)*SzH{UKa$&NDpP2C_vf95Y$B=e@f(
zih{U=ia6HRM;>q3-F|RC&Hrf|uN*EYoX^l!YGOSc(O;WuitfSX5+o#hNPOUDF>Nsi
zf;&bwo3BEM`Y8B3psT^t5*XGi&-HdC>e32fRqamH>gj*{X>JT|*4AQhrpL#)!j;?+
z3i2vc*-bLtl#A7KI?y-quE^e6P6mb}j*mp_{^y=Q#-%gOM%^7N22vq<u4Q#Y_<XIX
zb9=f+p}c~SKt%xtJ=9#PV>VCaAzx#%;)LP!fS0+~!Qj?@_()%JFRXO^V(MHOsvv4i
zZ(XP|4grsOD854ewkK|i`S*t^%FQdn0Yp8qb0xF^!rivc?Ik;~RuT38llxl)Nh&G8
zy^_etX9|5;z51{ZB&8=5F2((}9n5GD$0kZ(TXo~nxPqa}723<&_j+_m{$HNo{PF%y
zW>51fn=gU1ipo|_8HJpvzbn`O+9Y;m+yrASEZ_jmLH(Zmy_Tl~TwCb;`Nm|~Gimn$
zi!Alh)ZwL%;)OSJlS(KMh38NMhaw?{n}e>_2!&enCGE@ey>KVfb-EDiFjEo{?j4ww
zz^coJJQl0l=h}=#vL*MA{#b%>py17@^QU?O-zDKvoKt@Px%{CQrR@HJ7+4>a${Sc}
zq$mX+9YA*Y(gZ2X!Gr7hBIvF5m*=O}>XmSu$Tbo?y_fPHIvH}_zkPpsljse>m$zfM
zLf1L5?T_*JMf~~E;#do0@Utk2fG>>2=#sGh_ILjFcM^%13$OQ5Mi2wIcjLa<@oV%c
zY)R-HSGX-`sqX%9|6QS>6PB?ia^nVKDI1S)G^lg@*Z8wgsO5=jy0&>EyOg1`j4kiW
z??H@q3bZT<(vLb&2IyBAmCPSGb&S0LhlZR$k3>(Tmw!6Otu$UP0z<j@c{3}KykBET
zdWw_w24y`mAR>8CeDWhdeok?oK<)u2;o!k`C_K!L{{~?}KkQO)0wi=+d2Hgcs`8Kg
z9nUwK7+m1}wRbWmN2L<23>e|#LD4utCBP9nGQjR<;)^S_wczgSPG!|aE)XWNKk{7h
z8g0wMM^J*fuHH|2HYDE{TCmo)DC{WgJ?idLJq|^+!x8|fGO-sF_F|Z){wcrO^2zat
z2kjh9XYY`Ql|VQO`R3$qqP}lsa1V6E9*yoE0_rrh@AAMfww$0b;fyA7(#TL}QktGS
zK<;bQNkt=vl1p#()-6~rgJSzV?<6r@FSU!WcLP2en5Xt9;5Z{b(*@iY;t950AB*FA
zNIA;mxN+$%LeJ&la0TL^2VchW>;Yp!F$T=OM7BlGr?-n=dkx!Y_f*;rf`{|bRnt4+
zP5B<V;tU-rtRMe-FB$hj%j#{%ttvQ2d!<<dYF47-eQ&s;{{5f7Bli=x%7UDqDV0Y}
zGOaJ-Jx$Cx=uY8|@WeRJk>VmOHs^!uZ<FgRKIbg;tZ3GQ51A_+1&hD2B#hm`ui*cX
z%Y1QdBx#^g3~-tJc1=fY8DvSGNQz^JF(~UWN%GBJa!^*$y}S00C(BD|=~4)Fi);6Z
zffIpQW?)}3$@Ycrw&)i&wnB-dZ=H(;>tM{Ldr^n!9QIeclDics+iMW-YTb;AQfU-G
zqFXwMO#M8fO^-#1D&a!M!AbFKkC1*id4mq4v>Z<Q{6^;k?{7UU69e5V@c)7$NbL&a
z_VmuffFq`d@;sPCE6LOwB;!}-z$ncYu}XY6HSavotN0}BEgeNtec)k$ffti_k{Ll|
zwjgSlG~wfMgWrtJ*TPwSbBVPC8EWbGs;d1`eyvhcDrkIztbGfv-NUh)fp|rFo=cG&
zTHiN+e>Ar`obAyZ`h;-m`51G8cY@&9Z~uY5wQrkT-R|Z&>9h;mhRxML)1AEz9bvww
zENj>%LU(p2EtC>(J6hoTt#kP`m}<Zpi8zW=qvn!I!1?1zJ&}8<`VH<#df2%6dL`P2
zdTY&IJ>DvzM2+joCt89JPKOe$tC<QCp|Q<(PpTzcMHK|^>g+r4jz|T$@j1aGC49Uk
z6ejoN^NhPRWCE3IO*v&RVDF>tX2!`QQu-)CDHD;$aPVBwFgyDpBnHtaxYigKm`lWD
z3(k?C!WTIy(NE3IUDF%O(cCBmb3ty%Mal1io=wu{z+@}VV@!AD(EH@2S-l&g?Td7L
zv^gRpVO~J$MZIM(#SmG~CdsX<yEr1VK=i96K5hS+Cirb0eV#JfcfGI9^=yd_UEBin
zt8D?Q>1A2tUGvuQNe(xwj|ppkg_H0Qi#jIobkVa$;&lfjWBtrubi#I`e6xc#9>5xb
zV0ZkKxGzoR<m*x3QKlU4=f}`?^nB+*`-#WiGRl|X(}J#i_w0)=!?a3#z=*2#c`j{^
z=MF3QrQHuc@$75baL=`GxLCJoM{F7JZ}dhWcGng*Q}U48Xw6Y@65AhP8^6EnFx#-r
zYF`|)m@6$F(B3lh3mHevnTy!cUg|kH^#5z^%ywPHu`t|^vX#D!_92ikNqa{!^9*4Q
zcMyg!ham~@^zG`?s;aKjHzhTf7I=Aizy|yKS9Va)plqa=5HJV?-?asP;w+B}3yz_s
zK)OpUCIER>7M=_B;0)76BB8~5=W=K4gmEFYCiz<;Jt|nl&dp^=A}5__YN3ddOT_7f
z&lq-SYq`;0pvId>YtX~1I(sPu%Z{kfQmnqnlBf&%O?~Z$L)+}%;$4UR=-Rc4P-8MX
zodP(Xi>rr1O}0Lr9lS1Jtg)9j)@YQ)Lg)<$8(8msR?x(JfpwtJ9l~9R3RZC|kr<37
z<pwzh#^9#ZF6-zJ0NF0vU{s~6CgpOn#uX0l^pUkor$3#xt8*<>r<@tJ?j&Av1*#SC
zdr;jd?$rc+$zqn%YL<WZsFD#{+N#>E?TZBWJC}wOX_Mo8LR)(n9wW`rP(I+HH(jQ-
z(x89{Qr+{>os=@XMLr{1BDbH|GE`fN>-4#25swK>%Jf@gTJf@CxZ<Fw^qTiIr>JRm
z(R#~u%Z*81RFA_zGOx~*z1WJkX<Ecaxf3kk#}rq=Zbrd)qjIotuUN%9qnYs(Zl-#?
z`*d@7`Uk5+7&lwn*2pevQjVG+4knDp*-KkBWbOFqOXZzQL!ei&FODTRx(mpe?e6-x
z2AsWs-X+K-z7;Mmk7)Whsr`c^S^k*x1zJogV@#3GFC)O8wZ{{(usw0Se2=#`l5`F8
zbg_c-Dr-Y861}KZGJy*T|7D`23M4#F-<?D~u9&RON<HL7<*bdD1SWQ^3`iVBL&$TO
zjn|#fW|Ibbi;G_5X;_;_IIv#KPRVmmN4I|6vZFl4_6D7hSmb3EP*qh#dexL|wIZCw
zq{}+z+EybBW{&d1n0b+Hm~7#MG!M3#4HdG(0?O>^qpmzSI0WB!cvAN_e96rUQ_$AO
zDJ#Hn188Y4%;RYZ8EobHs0zsHgzX(7sX42KcnCpEF`}&ea$9JAX{wMOq*fOSqJ`oq
zY1Vbm#g#ytrRISJr0A&B6@jlg?<t02xesx{v1%#ss%Bl_Q092{f`g>C<4yM_fH?!J
z@Z7XFmoEf(uEZOz%mSC^IN*Zw*DpyQUEF5hJH5P({RCxaf9Q^Eu|Mo=c$Q;kw-b2B
zV+J0Nro6>-*>}5-GX35G%W^E9l?9pIo#*kH{Vi)U_cIp_Fub-q(|M9+N1FIVW9;;K
zx{>rJm8JP7jp3*GkRR~_j{mLv-K>i{h^haV6%xy7ic0cNipbH=6B<JUXq<dvDG6CK
z6it&8`9G~7jLBWkUydvq!1ZkY{KY|j#&Kb7YNBb&uB4wG31Bz@AOAh&%K|pgd6&2U
zQ^mJFExQ6PFSFhG%Lkgre`MXy#P8iS!+&AL?mRumJicY0KhwXEf8TfhLVnNe*GH3h
z%81kMV=6b;kgycHb9zhVdBtQrTP1ex4SzA(2%v^MrT7@V;)&3g3{8X~pT7UF@vB$1
z13oO3b^eKd`sk0}+TaiO{_4SBig7qmyE9W<P~6)iC>5{42J+b*Q3ZKm>134qz$OBb
zw8R+-Sf)dc*(5Hml(9`|%Neq&z5zYo1a)ykpAaHac|aY4bY>i?l@`Aog`pgZ$_=>)
zz!@VZi5J}c6j&u1rFLL_3S*pNczcqI=#P?NR$O*5;G5Ar#;TsY@<|en%Zurf5o0?6
z@7(4ZovxU@1zV6AHUnXX#<HGhQuz0%lyAywSbF9joVp5dk7k1Fc7HY9FsJ9}II@Dn
zHc-H^b78bz0xh2`>D*q=j4aIf-Rz@swnYhx{Na|6_owCuEL_htCEx{f<@xt~kI9#s
yh50ID*XJ10AY-DbL+gW+oiJRL4jX10fkT=L{r>(_oBgR%BH^fO=YRa4uYUpI#AI9m

literal 63169
zcmeFY1y?1>vNnvnJB_<H?(Xh1?(WdIySr=S(v7>jyE_|qcc+1mnK}16ch;Hn3+`L1
zR_(PjqcS5RBc6=Rj8c#W1w#XZ0D=Mn0wMxZhtF-G0RaLcKmh_m1%d+661KB-GO=~i
zQ*pO9an$+hW@Am54+cV+3-n3!|E~Yb8W>O0vs-0A8`z{c=N9qF3bSZ(o)b9|ZsN5~
zmMZG_awtUm+ph6=3vf9|Ri8m=fg(Ky3mh=@yq>uC#nYujnaLCAFn9*MW%ws4=!7iQ
zT`S>Z<YnR%>8<~9f@DD+q36|}$NR&CbxqS2Gj4^qU@6iWrW9|L0Amgg?3bzXC}r9$
z@uuRGYj`ctjvsPWl<Zu72#E?-anENo<;$ueX8?pQTZt5*#IxdO9h+}RrWI&Ez`=?T
zTYnE38>-Uu<gs{_DR4b50@HYdBPESjpdKAv5Q5Q;qk7EF`QNR}5R{F6HwL>+u71Z$
zc@GfwKG-kCAA0K_+ZKUdp>y1ZR95F+mwXv&o|sLO_0cV~VqwhJX3RreGyA<8%NrdU
z*-z-~t=LR5v@gN25gWAIC&9rN6SQkdiktI}D&Cz9$I^-5Yg`~R1{$%h16uW3FRy*W
zypI7v@PMKOV9&RiM0Zr!0RQoQaRfNqs>vR#u^-Hwr_gpmv3}s=5o66~Mu4Y7UiPMN
zjVNZGS?q&DDe*3X<i3A_KW3h^V@HD5_aT;qRkDghNq+ZjS3-7{CT9MF{ADOUV{hTR
zJ^8b2Fl@+t-K*fEHqD_HLDWkTDLU|c1@j_ej&e+X1Aa5%R&yA40~S{gLwh`;8P*1G
zC^MX$1|GJ34}l%XnzH@$TL=&B*69rDYiXIUQ$Kuok37&kH$GXCPDf@E1c051V%%bF
zBmDy$2<YPj6iDH37=x<YX#xTa1hn}HA+Vnqqvv2^?MVOikLUlxmjBC$@^9J86J(`9
z8IeLR13rkxJGcSV#Ix4)qDQjEZ@`S{Z~E-%afPjKk79yOd5!oUKdM}_-P7+)YYW^8
zkUU*bQbeHxewfa+srE|0H8(>dCpw5lpGoxk6I+*_mfbT)Q}5?3-}6P3@8k!4CHwHh
zau!z|2;gnew%|}tcEHlSlR_*d(@x&U3)%dlFu^h~DFMap2%69L)c)Mg#x7fBG3H@6
zQba-%S1d9ar|}fGB6M=gny;EyMA}pBGkP30`bumBicg{WmUDDzHKU{?Mi!g_nsxAe
z#sOa6UMT8_>bsUM=5@%>&V=|=-IjhN|B<nV*Jx60iXCNgqxR)f3IFLb@RseKr(i%p
zTnIowh@TX0*7UA+4pxSCc2<8($>nNRcKK3R?>-5)1nP#hIh1hh{`0mfxmHT-vggO-
zuSMy-zY=@5upzAG&U`mruR>OptvnMj(#AY}HzE%=G2DyCq3JDpxTv|9Rf4MvC8#o;
z=6!9ACX|zv^iy`q^$QF55|!Rut{?Rd<-vWuC?mwdv8rne<bu<{TXo5m6LxRP(~u!3
zb^{L8yA$N^90sA~#;Ayhr<~>(w0Vb;N~95heGy{~d5WQ-BMV2NQKiX$7_0le>?ci*
zvNrL!Bevn*4p|nHiSmJBAhHzfw3wDsyQ9F7mv220f!1LTD`McjYd?uY@QgQ*a&RFf
z&jn$cFk+Z>YwA&Z>+>@?1-WQfbKLd3a;$JsI8qxm&qTBl%#W^LIW&#OU0c{f<$g0F
z13L7M%dDH3P@$h3Vj*#rKB9JGd-Zq3E|K}hq#Z$76i|rQ06(@9erA1Txmacn@w0fP
z5$;>pa`$rv4Hfn-HEI*k9;@dt+|s?Q_y(B16SE*kU%(wKIZ!A~8((BghO4h8P;WBM
zjh!f`e?N$qf5lb5q#wbk6>YK9KwS}}v_uP?$SBo;v8qC2e-<GJ{e9ZaZ*EcsT)qS)
zf)VbLTDd$W#MjX{IkzmKQRk2x6V+3Ar`<jkF5pd$c)7VAE9tS6%~yOdQ1|M=tA;HY
zFT`G&uwAGrqSBbs!m>gFf#o>oDHQzNS4@7FRqsCgdIq*Q)3)K+-;_}-fQts5O^d$1
z-|&O>>=H2A;m0rx3C`jT{+B&7Nc4*o!%);2whM0G>1ZN!Fh>p1LNlU?#czd-t#rCV
zg^cUzHpRP&dS=62lX#M~%twl9pCmOjd7M??M}piobodrR`7Nl6@fL2hQ7dU5J5jmP
z0|v>N_Q~bIvJ$m^11%Lo7thxfbaGI#>~=2A{TRMw!QpGDGziH+CmOo<UUF`;t;pF>
zsQx;VYyPIHo+SpV3Zv_f_N#0f*mx!-hCL7ON+4n<5KU4zQ^Z?Ce5H=5U4@B>A}(A@
zXr7Se5xUB!LkhImCP*W+7mFl!3(K;RsT3bUR49BS4)D4sJbop@7QbY14q=n^&^9UQ
zf5pH50<Y<+cM%2!JkfBhB5_rbf6k?|NaU|6f-Pxc5eUSpTE<Yp!`DuWdepp>w#ySz
z`b)Qbz{}!Z6DsQzes<}(nlVddjJjId2BN#y6ETzv*U=tU#ON-CZ&A^9Ccm;;BMiI~
z^2k^;pl;?%a5ZBQRX-55zsI#Rfs0;OeJdS}xhUP8hNNG&j%1aAEzM<f<^~&_-!vM#
zJ|qWV)IrXXn6&R$PDFP)LaWm^gVKJrk}__cr7Zqj%W-YaSit9E)GxX?N^SNPZ3$jA
zhCgI)SFkx?5%&2Vw)oJ&?b%c_O<YGo3)~1AbqKBQ(Tx=rNCjoM7)%WBx%9Op7H%#z
zIh3~l8`TNB3^tl3Ol`C+;L2tqj8?pkcXOTxz|_!*mk~b~VhV6H4o&6<4frs^stnE2
ze|r_OgeHk>-sf-!6W@sYj+n}TGQTbk>76<HfLmpzo|}(Xfb~*mXWo%*WhIBDC5IFI
zHXPnGDs?+VfGf(|QB1C`!caT{U7-tkgI(pqp1Hd}SZaPLBi|!S`PP~5bGidn9y<Hp
zId;9yP5<BvXBX-`<-Xuo6u4g(65NR}HbC%?xR}0uJK*pcN_>L`0{Q|31^kJNe?=4j
z8y){AvH<>EwS3b4-@e*YWUcxb;6g3~-$J)ucZ&61b1e{Y0(F}ZTv%f=g2-K}*KFP%
zQR$>LDK!zu#YfaV+{mPL%Y9C$UqC{OSW6^!;={VlGn2{X2Zj#rF9b!7l1Efb;0t$v
zC{@P*nFBZ~qjO}mqYxw!h79Pzj}wVWzhHl%4>ke|Q)r!9?vFUNSSM|i;O@DxWJtT>
z3)9jYik;G;+h!@gPvqr|e+)GOY)ZBVPQ2j<^(2XSzXOA-e1*)3C~$WmXY_}0&mu|>
z3Yzx3YkV(sqLaWKTcnXjWQ{~kIsmldVE}a&Sm;p3QlQFZzQ)bo`L&qAvLa|wemg!C
zN-j<m`)J{a$VK8M#jZ;j54~8Yie$ELt45^y#lj22YL+Z1Bo!F!5ZB=;9*Eoa-eK>^
zQs;llVpIezHD~r-OG2MVhHXoc$FEYa0?@Iq<>V{|T?+A@jujk=WQDl9*80xo$V~wt
z6*M`XBRyYB#>~mvr~gNb^-ovoulStFZ{UD{us$jNHIqA<o0vE`(*OCx_{Ws~Lro{P
zfDO&NYW`#ErdA%znjwgCBtpPkd^NsQj=#{`F)T3`SSC6#y?*s$!)h2ZF=)l9&`ZEN
z$MK?L=*jf=bHngV%orEyet$P8K%iY_fQe=abvJes)zLgxv&Lb>LGdQM=CI+~{bd(%
z7n3OG6#ftfSV%)YDq3k_xc0=U4^|aXWI!5A16qRtyvf04A$iYwg_hbOa=FnAot7pV
z!+`X%2dV5^%8hy<ARx6AJf6o4=58soyfoHa)B{nwXYaO=Nm)?^sAl*^<{U=>6#e+f
zKnG?7gR}oFLMJ6(4VoUr?oeXxx6gozaS2+3dI>P0R>i^T6(~)$x`$9}%*R)(GtGoc
zCY^3(wC6NZ8F}?RxC1Ywac=)(r;!;pEx9OP-ZO+g$`~0y<Y6(lqv^pobcv*4j?&o#
z?-$6;sAIQu!C+?<iJOIfsB7~O(7ucq9MHG)>(o}q=z0Q7A)Zrz$gLXS`~yz;24<wd
zD!f>?Z22gPv%sGpwhH&G0-6-#7x&2g7CgVpM5H?n0orfmx<1=09tHY+&7d$f7LHLV
zuW3tE%_zf=2n)?6!@yvCit)$i;FX3|6OYo3Dw*NPa3RZ%HnBib6%VTxgkRSerO<pE
zl<i5XMJ<g7WonMqBQU{YfQMTRJwCRPlgejU&Sv(Mh9yhYf<3USaiIDauTE{Hw0Rm`
zkbGe5fcO~&&MUFZedom?I^aZlZudmC9~qkMux-t5!^$YwB~K`SHYIx!C|9QHP*PNS
zW(skaB)&fuosMX>$~|(T%L<w@xFCdaHLW<Y@he4|u78v8CdEwg;3r?>I(AVA732`&
z8X)Ga@%OxxCtIwGZQ&tlY?%+l6RHZm>UEh|Z0TEWcHY7<Lp^znJM#8!60FXKclJnR
zST*AHGPt~)Ki)d|%5uIEJ8^qW`Q_vlZ*OrCGvBkZFxz=_=rQm9tjz0f0X5t715|UW
z)9-;k9$=K`y<z)+p6ag3*9ZFMw2m*!e15B4D2vL(NUT^{d#}pY1fgl_oLtB2q`Z(o
z6*C{wSKB&EF&9(tVlQN3!mQ+2l>1m3ZwNcj$$EH;^=cd=Yi(rRia=y40L_ZGbREk0
zgD@P^XO3bZxKY9Lr2JgDkUPsE7T;HlbMyN5ocs$dhXoIuYuLG;+sK-uOwLokQy(E)
zXeT#&B57E7j)>sVG@yU08R0s$%KL|2Zd*{?jG8%v^Q((B+EE+|;5&#iYP#)KuxXeP
z;4UQl5K?X@4(Us<7EvI{W{`FY*9gtg`ShI245}Nq1!Q8Y#iKA&-^dyqPpnX#P@cv$
zt|7`&WIm}($mCi}1#mfF=4x1~aS_j|%Fh&HNx8KH1wLGOEe|`s1%4#-C{P2A{3@Tc
zHwKRsxKkGK;bNLUNgBw9{ynrWi2XT-J8i4`ZkQHiY#Z!`poRP%52Vt*4?FscLs=U;
zb>l&-Ol4hdh)7k2DbxuOz-I*iC{RwNRrIDO9X2m_j&s9i>k>Hh0c@25v?54h2#2zE
z(0j*HD=(r)&TI7DUl%$bjVW*%L8}TyNiszcW?zCm^TuGMQU0ed&D_U7LR`ZYXRXU8
zyxA!JSBPW!bJd~^u-zR-_C}2JMY^+<Zchw351vSf1HVB6Yw55w_MnX-<;v&51be+a
zPBE^PUvNtAfUd5)nJiI06IRWko}J%#zwvI$^0Gl#FJ9l2EjWF4nmt=OpELb<wtac*
zqN^G`F66F!kT0`ov%4tf&#-+Ndn5R;f34v4I@ZlN;9$glSYN-}ck}8<pJ=_8uG4Z}
zI=8B0A9nOyu829{N6ax>Kh4wN&5~$4r_G+aU9oLgk)Oi0MKE%xpPI^a7CwKmSvre7
zBn>rf<I1>qrO#Zt;04(7lCRr3KixcdG}yXUkq`WwaB=+oU5YE~Y>~aoXQL@};b+Cn
z8?Thw>BwW?GX<M(!eif$cU@eICJlnsN^d^h%<;P0jH2I`suQZGe2Me?)UrvF2op=u
z9e%>4Pmgp|qc7UmakS4_BR72MygH$oO%rqLcl?}ms2*-%RT#0(PRWypPT$ZKzu#je
zuQ)ubQ;ghfHyyv7&kbrDlvz5MXI~a0&P>#n7T3K3l!4!j=DbdS<WLMf+)qv1*4Q>`
zp=xLB17P0f8}+P@st$%76YH%SCsr3n3tt~SSAFTIYTeDe4Id9518L=hf2a2CmALD6
z*u?tUbiI|Vc=>Q<=p^cziRD(rW&R|Xcd}B>IB;8%G`+0^R7e`W^RC#O;WHOCy!fy;
z(5&&`>5a=jJEshO)5Rd4_*u;Tm7VR>sn+K-=KLb(@YmdzSK5Q9?Ao*`>6H3bxjNE_
zp+gCJ&hbMs@uZ*w2665Rl1s;=8E2KCaH_A8<A)|h;haTzKl?crET|3~Imo{224^Lm
zBn)_UR*`igOrl^D@X`&w+mA56_m5AKIhKlR;;B70g+2iKp8`w5FPu%**;*ORHhdmT
z9KKE~kC#wN%PSVAuRvO5p7#`U|75sdOz(R4Aow|Oepa>uWOX})+rVE>we&HRH{sK4
z&X{~k{`>jCU9SZCA~h}b4Mv^`U#B_@xg1yqi4=$g3=_zdpP$C`Gz!xoz!TZASg^+u
z(<qV@(`Xjc<-4o0+F&k0Wd$AC&+<FzPXcr*<vjg{NO-ebCveO|&5+37x3@OdroW|R
z?Yn04N~c&0K5J_<NicU00bdcOT<;yx2M-6!7<xJ)!cwCl7J+U~8m+nq!~*euA#el7
zR3f1Al&9D<iNluz8wWR3Tj`hGpGoWjcGau`LKhCo(^#t^;?S3RD-G5xZ9K8Mv~hUL
zQvtaVi_}tnH?4eh4%!vVE@-(!B8VO#6Al~sY^j(Pz|kw6>OU6!rDH<zfcEifCX3s0
zqVY4xxRqn6HAzN2k@L$jvoJ>P;5@<Z!B`iES=ZB^Zwew7!)nik!yI^B;$`HSj0FV8
z?>-Jo4$tP)1&*sTueK`H5c_Y9@fjT89p(34N=BXpJ6akk$q6#8ehr3k3c=eG!61xS
zztY8xuMVLo#$t+BV*AoA+|LKNTiQ6num8vkqU1(|6-l2a%k3n`Y7=|QL&G_@S#5|w
z$pufW6{-AbG*k)e+pfN3CVf!YFtH%LO$j`T*(UIno=BkMaNYSZwy60+`$o%OT^L${
z3cT5xhRz>{dmYLyPuuKWJ@Ry%3@7a5kGc}@=JDIq?t826mtK5}I~&DG<;wFlAt<>@
zu=eS6wEm|{I~yNf<pUk@R4x0fL-c(v+pdUyQgq$>Y~b2m7)=^JpLJO!{fkQq5jrZC
zz?I7{Ur&~LJ*qaSj2>NnqIl{FLpOi6HL&5T*p-r7Nzhi&^1lj0<GW9d1Z{X-a9qhA
zIzv$Gi!in#Ixh1!P7}cHopIJLFCs3z(a8jYG4^gc5PwyDBNx=!6!W|!vl2NR$A;2p
zEFfHAE+7?*UKe}41V_%gH8TbpTiC(NI{eBAeX`EB>X~Zp)0dYE_NyE<6=x!Sf{xL7
zr$tmIAfqYTB}C)Emo+e51G)QVPuNzk1nl1IRvOc_WsS!<4Jc(Sc&&3EqG7AwCODj<
z<%?8za?y@M0q3I!;ZTjdi~^$El{+cBCmy+95$^cJIsWkXGxymnum%I1bCu33Pjqs9
zX-)}@nAogk3W{H-6j##;{L+<wwCljYPVnS+*1=_=z}z^~xA47n=lI&7q7SS(u5Z}u
z0F)z!mn{>5)fne|c)PRcvp6ZRr3D>m#n(B2%LN9Hdq*|*--YxPzY2a%yAC9>{fm(b
zpkW_QL0;a0&auniPJeaR1VZ?_4|eZ$%WY$J$<c9U2u>~2o#GHjTizY~<`7^SfX3Bi
zM32e&KczsI<GkJ!@EI`HcU#sq)gb?pMb(e}kdISPSr8_R`#{+r0kvBR;Q&LG!ID}c
zuowh~S365Y-5&<Ex(JsPmZn?FX%hhbNerPZ*qZ}-%m7Tg$H3GC;@6=X2QCZFw%Wqw
zMLlf*qCVQQwg%&OmWs-PZam$RwfU5lB^wH@PX+1dNCQ->CpWDUCwM5=jDGal!oI$(
zEx5qL7<2{<)6p7L6Ug6${_HD@8(lTG7tERpa-<hVOcq>YT1CGAl13sJ{TBnU)~H}@
zb%3I>AO;Kivbi`y4$NQrY5HG<G5?nKQ?B8FKja!73HsaX_<z0rXYawdVh5@~)k`Zk
zxh36V+z$W2r^C@2_J8n+kj1_G_fa&b9?o+-T>BSC?0=1zEI6mrh4#O7ip7e)C#dWn
zjbBcP`8P4${}2<8vlm7s&5v%MP(!`vR|z5F=lIo=i2uXuduV^7%!T@sGF0o2Ar(R(
z`PBRJskP`|ZT<&K;7%6-e^P!9{-@~1T|aV5a{VSJ)KpIYK0+`@YdZ~!e;*<Lx0C&9
z*Z#5sE*T(c&NQt*82wlGe`gf!4>?`-plB2fKpK+*jSavHiUWwvsjFvVaQXhn7XDor
zh<p8|<bN3?<sSz5=|6v3>Hja1$$t^)A@eN;*B1OQo-(z7<363DH~@vK$*oA`@205G
zng#exz_*-Q^Dj?s0vSK|1TKgB)S#1|HKQ+}cJVKp{?q*a)#2Z@{U<H`ko(g8?>3Q7
zXe+`pe{nQrk|rDqKLpsBOv~sOcrxykBz;1?_BhJ)@^cJ@&lvZw{Z!jcbi^zqlOh4X
z(FH^CM=y$cn3E&6)e_J51))zh4|v4mBDQRwsS45o#JErQZ}UDCl3$OV&JOP9y~*+`
zfU7YYe?DwU?hn>28Q3qO1s+PFEtiu4Dn{3fe`*i@0K+mj$5VH?GT@~l+NBcS_f7j#
z0VNQQu&h8In1Af(C#fjL1TY|Vz#Ic(P*EEC8IxG;43U#(=L#i@HQB6|o@V<%<|`4#
zT><CaZpduna1D$tcNEoR_7(K=MsM%`0uy!IGnZ_Zi)+#(JY0g6=%mKSUf|p(7pz0{
zjhW@B8qPt-G5iA3gyz}PW(r?5v|SD!8lB7aT$adVx3p1jfD6A242yaO1gNb$TCFj#
zTl}6W%C^=}XOV}GABQ8C0DC58yZnti#56wo!IM9w&0^osmu<_0a|E_}Q#YWPcPfzO
z&pI5tg5^hud9lQK5C9it$6{=+hH;;FM}={hr;@ggk|mR&#FsH8drS3B<w-^RIyw|I
zzv|FJ=p944r)cU4F!8VUBjG-%&W76Dm>%U6*zdK5KX2}Bg31rLgYx*GjQXdnz9}gw
zq`9VfgK<OOYVw?3l(a~Rqew1fzx5pG3sOQnf-_co2NWuZA)D%Vp@Sw{YPls-3L{{)
zl8l;DU@o0_^w=l27r^5*Ez7P|?bs?qV7TT@I>*lX{^MGOqh1)?0~83z4CcSCRha)=
ztEAX`9(E%QZOX5@hW*Yal@lTiQ)rmB^kyv4e7suafG8*bZk#!5yXv~R0u7Cb7htPY
zf_m}veDS+!YPT$v*fl#{MLUVAw=x!2RVn`3AwAzt@6tnfk5YCtYA@fI%EJUkN0!eA
z%Pz=EiDs}KG)Sq)yvUjLhDTJboNyE!ou;Q2sh04I?*6QDvN35LKeYq>)!Q-+6uqJ>
z)`%mPVa-<31egwH`8=yg?GN)Xy$ZLY#`=KlK$<WwO*LNX2pA;CY{xgtykV-NBOeVI
z$pg;4w*V5MEKF!$V6WbDmWS7ZbQrlJ1;acYLQm)Mp<@c&9pu%7m|K3>Koa>{Gh2*m
zVem^>=tnKp>7HKK-W?3nQ8IC>?4qMoUsrEt=^cPBid<+1Wizw~dk@3eeV<00Hbppp
z+Rmmq(<DcE^~h+vb$q@RPiu5MJGR!F*P(TROEw<KPz#d$pgrQ;)8GR4O-G%BSDf4+
zhH=&@z2R;6^}bZ#14$F2L54HFNfmQ3B@~>1?K1o49#k6AJ2yBxH#nG(?pgD8x^5BW
z)jClO2|of5vzgT9cVSTk9U8g_f(A@mbyn~QYbpj?s<$yJ1s!Ssn!KRv{iI)c-OCF0
zM`CYCdU1%xwj|+NgGg;|as7Qg&!X5YNLWqB-LoP+CTJW@)|3qI!iotYAiF6j&4NF)
zRWaaxT2^4VnR6Us4we;}HSmyR$P6l3<8sgmXq6HloDGmrR$*(kEC@C6sjl^Pg>j$s
zsTPE|*x0jzIF)Uk9!esS8C_ztp#&q2ugbv(yb&n(by_+ApI?A%ZiE0NdRpKa@f(p>
zS!`XR1NApK)|o?I2UoI@FLCT1qu!dzK(r2jlXkb1IjS9Sg)0vpS2Erq?yxWxnzL)J
zp&Qu2M;p8BIkxU?t%*kN24>{c%ehu8$0C4KCVR?t+n4?zVBl~CMnu@*HTiLYjW`cZ
zcU0YO@H45k-Fd0R)v_T#EAar0Yf>m_)rq{$qY7P{N{SKP#POa<Cy!YAA$^#PJ~^>2
z_?*`sVzia_`74i=VtR}*qH<ndnf0cseT`vtc%Bwfn&i>Bbf34ehYlxtNt)LlzkvhC
zbkN@P_SpoLXmXq;N~J+(yv5uNUtNV%=IIn@ye6kgxvX%%JyZRr%Z9&Aa~3x));aq3
z8_0h;2<=@)nNa%NK8^l71^qAEr!0SMpK8UPup#+;Zl5CU;{{~VgxNd!iLQrAiLdKs
z%QEQOp!{q!aMil+a{aLdCghS#NM}Wn{cK8p>&}zy>p7)#DidtX6Klhgy^Jw|+G+Gm
z)cEn_%^YDZO`UKlG3xjQK%la^iNXKD;=8-^4WH^82H_r4W2_W9^HBUqys1cxyP%``
zieo%7c<j#Bu#iG6O>*sgPom_OanQa?FaxSL!;{YxO6$Q0RY6Os0GMnz$j5#>`fRR=
zBtdgj*pf1%l$$D0e@c;zcT#R+GFjcB@Fe(3G14RVjf7zb>{H*BV|4n>TUJpNS%7q>
znvsADb<Sm94wrH$DeJ8F?+*RALnseZE`NA5pK-FiCG}=tM*=WdONO_W{<D6Unm0Q%
zx*8ntZdx>+Xr3iNR7zeKE;z7mW&1SXDe;QmlW~)AxH@JO#fbp0Ideu;n>EnBH<c6B
zIa1bAH2e@;%%X^9O$eC1TXT3X1<%=D07EjN%0-sUUrw(y&lqIO)x5c!6*K8Bp`$&R
zSW^ci1-%oM<E<wum-_75bt$-TP&1rHdqb%(n>4<vE2jgA_S`MsH|#>o1B1P5Vb6KO
zQ;KaE;dD;m07{IkcSkt-{R#91R+LKEWCB-J9TFnUe7^}Dfqe6K!$iWOCmhD}?2Lra
z_iLC%#)1#Qj9Kp<P=vk>e%{K5*%e*556wWN$71*rrB4Y_SPcg(7U)0JO>f7vXCy~Y
z$&e8h)TfA)G(C&W%ediYgeDhAd6uJL{FFxl0fFR+0^0Ll(e4)>ZpxLW2equxqdkLW
zezEO8gO#5jQi7#E$Nr^HaXt=>e<y^9))EVrgCh+Az%(4EDlg+OeT9p&kss1L1IiH6
zd=%00eno1~r_IZ#*wW_;#5TW>Xv&Z9KDum=#lCm?;r^p^BW1u#7ENOu+_!Ek4*aLF
zpwn1@sld-#2k{&g+o@1Tk{Qj-hA+Rmfxc<<p5B7InqU0bPLkMyJZgZxdR!HGjMw)Q
zY!-vd|59Dw+O7-N0T@`A$oFh(?$ogUO>2;2i}7|rsQ+`ro5J<x8QE-S#=|~M@aCj?
zE#+_wpQ#L==~PoJr;1BfUPm(r3~HncRsl1lYObhZbsM~*{60?O^Il?dcGJ-`aD69C
zfb5;qJil5kJR_<*A*!o1Ik{@BFJ9jk-1jErsaSxS%B-(l5;k2BHq{xM-*&d}RuXbj
z^Y~WOc~FR9E51+)`A3&uvDZpz@R;c0YYS}K=2ZMjl~l8wzokWztkI!M=ay~UY9IUH
zHP*aPZtW!BqEFFds;s|Y><Rdi?Q}a>6glZVEL~}cE(8ce!bh}E>$t91e+RFqbLZ;4
zPZWyxi&=w^)=m$Fy@37pvzJ;zZ~*odGOEvg6g=>2XS?2@OHVLL5LGq%Tq^c;JI(9&
zX79o~NMtEZX#V43f*xSSE}Oy{gdU6j?YvG2`uBgtA^Y?;bg4h$hR=h?|AIrTf8vm;
zmR%VKl8>In2j~v(8W9p%$*Oj}xBBssc8-ocN||5$Im>zFL)WF5FrkHKX`#{_@Zjyl
zz-AP0hkK>eX*kS?8*iQWP#vA-VY~jli|NNxCw@^Q8F~q<(oM$X87B34=5vm(45BvA
zC|=Phh!CCGgItN}PAk*qOoT)zdwqy$pQtFB?!aPlbZ#Mo*tcVd?9^s-gNAitnSL@X
zuQ~%xof|K`8O;X5fD{oTpBAHNp8RjmWcKLDv9G2{x23@Spfu?ojJb{9_7h)iCcxb(
z;~(n?;@3Pdo?x$FV{OMD*|VurV81?#aSFHq(l(28TGFL&@Q-cYF?*ikX^v3ma5x0O
zb6`heJ<IihVELg_?(|!=4QtH?#@}5Tb&JN@0B-egDW{6{qXCK-FV~dtsCN5Big6W}
z?{$ZB0S2MYswugd>E5UEsx{}6KSTKWv3Z9R&7|k9{cpu9nnQ8q>76&rb#S<RkW~fQ
zjrB^aeqUjl0J1<HNhrk9JaQ-o#u7$x!9e3szcg{uZzFwFL>$Wj3l7)CL#qB-A4izx
zLR2YbozrhjzAV~Vs8T&Xwf8WZU&Ip5#`4wod%*@Bp6s6bK{&EAjfiv?Y+HZ;eiMem
zHRFtRWlHRS#-Ox$J*1HkLyt&$EI=6hJR}#D)dgd+mM7psX>e5NgW^7dF52V83@wPS
z7+@8d;EWXqI=BGX4HTgJd1deXeLW>N<XSp^*o*q9r&k6T-9-2<=z(IHSor>qT_x6#
zMYpoTwgFp)P{1sFO8%Dcq4)xIm3j#Ar~`KTW`5w6*9mNJ2cJ>WQ(*W0LMA<n2J`3W
zHBv;4b~e?U<Jdw86WoS8h|YI+6m=d_MxaJXuR`t5JBzCCakn2|7oP$H@w-@6#9O?>
z_u?qMg<F~Q_K3QyRyxQ`JX`pP{j_ErT^inW=NNkUnE4EPw{;!fJ2&g$ly}+wl!aO9
z<H2#=yGHY&y2CAvYcY9aX3OSYH{Q;3`<mQby5a_Sd2KvBt~EQAbDT0Fc=XL>e)|~J
z{Q!gB%*?)V+h&CT25?_gZ<+Ad-f`=q*bjOUN{fB3Dnu}Xj%i;!Rmg*G?34o07n<4M
z{~Wg`SJk`1eEJ{OXWH_A@jtdd{qLLBA4#e{IrSg<&v*_*{z%Bwm6`<P-%h_y4Sw&o
zL@{e@aawqPjmbiR(m^g2sZN|a<bK?pS<m}CK9w90P1mnFHSCw7R?@9R{k{8Ii)v8F
zLZzG#nLzfGPUXe^{@bD+^G4DJYYqxaDtRk<@!J_kgsr-uikeC}7%A$X5&Np*XT;th
zBzo~w32=q!mDXnNzrjF=H~CT9k_!k(ZY7VWrTB8DhND|Tq9tgT_ZhLTs^Wb{?3AiJ
zhc7D$hAPufJ~}Xxs+>>WS0F+&g1u9rKV4Ofy1Hgm?5TrM(l0>jlmWjN-}0E9pls4M
zUVKrbF*y>>n<clxM?caeb(ig*DQY($M_%C5p;M!pcx11nmkGo+7&KkTb@yBX{MpY%
z#zx9_zrF-M*R#W~Ykbh-$0{LUv*{9z)Pl*kyCEBz@zmbmCf0Ru0Z5c%Xo#}m>=7-s
z^%ZE%=FuRCtIw9B_T2-_e1OQ_00|kq3S97q&+o%s^<=*Z6-SwBC+^v6K6;-#3i9*<
zY@sUCSHtEGIhD~OP?B6d7geYo2>pFk?B{e8RQBTZq0X~^dVq2tRiZ0<jKE`yIhEB@
z`Yhy{$yfyu1*u{!s%^iY_iojohcqBxKp0Hj_WZ_y_e)FxT~tG$Z;kIO0W~P#p~#35
zS2{zU=WZ^iHY^Us1g(O%xRa9zL{gH9p6?IyhoVJd1J7|a;=dE0M3@!d27V9&??2TZ
z_;7S44e5h7;<tpVShRq}ZR}a$<gf>9wS#-u*ndZO*!bS7a;EX4k{dWw-ryMiYkPCV
z<m!<q*n!O*F<2zVNsi&P6r}O9i~QErNa7Z8>0H^-88w$(9ws#BQ2SWWd_n%#orv-k
zHR7dq6-u*oo8Q1<wb}5tm=BsNrnqo2nb7bZ-d=!i+2Pz20~P%w=)73^>D!RU_+y)3
zY9+?!;g4=`mVOBdgxvvMXXwhH`2>6T7ei*XeQ!(15VpsK&p4Why3zED`!wOi(wxPn
zT<6^Pqs#+2g3t8Ze@H0oMA}Yx{fwg}kpHXyu>avd{pwbBI~-_lowM(u!vw0#vjRJD
zK|?5FL5-_Ybs35T+_Mq%<Q#G7q>~&We5$XTkE;m&g)+(cr8Es-nSIwaQw`qqyRnZJ
zhSpT{hAGcbu5`xJw8mo`TF*xh2l>nbVnh;+q|jr(V)4!W`Q&`wOuUAk9t~wn82pH6
zyy`KC3DQlGD=nlVzK&Ty<cLK56cI?Q8YezXqFqRx?XRaBV^&5nlVFZ=!$H6h{Vp-3
z-YjWB&I0`t8acO1eaOAWNV<>BiE4Y3-JQbN0s$?OBYYr`SXAsw%vUw+UE}!f_RAV!
zq227h9Qcopb%xT95eW-i2i0l`C;yfCj2t;%a|BrwRT=ri%?Jo?@}B_pFU>z|<r9O}
zBgQro@8w8ushL`|z3RhL`Cfh!EWg3>^x;u(IC8}}GoHa|M{%cc^9~6=@>CaZbeS{h
z4sKQdNba%ND=6X3*al{zFhUpb9k{FHaI+hB(`I<k@v(>ARTog44hmsnf&+=A%bFp*
zR@@Sj_)sXk!ho8HxW0Oec@q-7!nCEe5Mc{%Hgxr!c5A?>*7@<(z61%2j$qOpSxBaL
zdOdpwUIT>m%CfL#O&dvhPnY*{r%3(vmzlGT-O)oe9a%Uewz;3?w2*dx0s;1RF%s=t
z>9u-k#Zx!Y0OVA{R9%}~7CfJ4_QX8#0?ZF&L2{$X3pgmzC)0S;mYQpcRf^q@k<WvJ
zemSybaRep-Ct%pFERKuiwO)r1GSX=zIMfOTmnt>L390ETpuKyVDCk*g@7$6OKIn&;
z?d6!I>7PW)+&}t!%vmSW2bWV|GK3i!ZXXOun~6-PkqU^M8T$q`Eyj@<nNl>lDSDh4
zD;GXXSsB0DhRvjr80zx^BICD0u-b^kgij1J6bl)}`|tFK#R6~)e}rJcmqc3hzsVTI
zgvDc8S!I$gi--0cvw^A$GeoJ`RQrH3&tYk0ku<CaZU5p_A!*_TOXKstgZ>p$a2N|b
z0K&06m<-WW6CQvE#g+&Ljc_Q+0)4hAk@10lHxD`yZ_8y;$L-yYAu?V2F?U#XsCHRt
z7kHXEmI=tbb@jgm#y$cSy4*aqb8_sJlma(qTekz(jy7UWIGnX+!DN{@G`Q|&n;V*P
zXH=_FW68&5BH+3dC2E9lTe+^@cfpMa%?dUP#*-1|_<7FYz-xtHE7J|mU*(jHH(?N)
zqvPPOYtS$@SKGKckthNWp3-jKFgD-{_}cmULHkZ2Ax$LD`W`Y~zpNF1bRoV1n2jAY
zaWK3~Rg;*A9W23<AR&E&_Q}Pa)lQecWD9j&%gH_SEud2<380G`ak7Htbh0s0>7ZLT
zUn{0)Rouu6wRM{)lg<8KwJ-KTVVm@3cP=KyRGVKbvFcfKX>}|@lFTs^&gB1#b4G#?
zBps_W1vM~-L-C=j0X0>cA+M3bg_lmpO%efp*cuF@_K{RPc*nx^c$q|Foi}v`5=N(B
z=37D~vP#QUFtcKcT4@CeSmP6f_pBrq{3ubcQL&~%OJP!#3cM;75nxyfx^G?Y{)Ed8
z!a1AzcAVFXX_6@AgVYP%EI58z0$n5S*j^`8Lnr;dT02G88>$c-Re|MP)9Pu)Unm*G
z1e=K%B7Y1*BB6ar#oB>{f^&cAnj}eI!G{4q(Bec5oM1l+R?ZN3H`*9_j6Rhsu+#@M
z{r5ix{5_aRopPTwgM@#481-k~mXo=OjS2mq&p%VP&NL<>aoEwiFkkrL99@62?#7aB
zY)x4wu9F&PCE+$So++v_GbOa+pn{Nb-YZcS7NrW=@g~g*fWmj&#X^(T9}~<_Oe~XB
z?2~3%OKG~mM~c69{QUWt?c;IlbUoXV<{_R2+nbQ0*Qs#B`y*;OjdU)>*XlE`)=OR@
zDGJ#H+V&Zi_O~=3$HxKLW&~<z8T47iIxmGlk`q9UF#r`3-`s7=;lD{9H6+nXl7lgX
zix;?&hCx%LRDng3@T41HsNm_%L_~51pDg9;S<)`Q%@{8PA4R#TR$4=rSF_t!D-;%d
zq;!Etw0dKZ&B%?v<2n0CiGt!|{!I3Eh}lGsF{4T@vJaslY@7SR)FPwrr9R_$bKGM&
zO9&OH=~<))`b&H0{`5_=t8w-xusKUWa&hA_*J-kCoB_PT%R*k8+U2(~jE!kMow^ph
z(%9goTovEy5CXW?Em7DiK`K7&zR)bwpJt~^xoCP?eM{2kx(ZEqRth4L4$UE7gBvVe
zTUODHdyisJH{b#VI})g-6yxB_&Xkm8)QQ>mHKQ(=_<;OClt?9aMh4*Ir=e<_BPltz
z`T=BfP$+gGDCGLhDpc@N-=3=Y{NIa7A{rT(3X^s8!_{$=9^4H3M`Rj*)8sC&6Vhk%
zdcI#B--dSa`raKq_vzKPG*C<1LXs&fUo6DxeZ0M4Zs>KrU!7dDAJ0=<_x5-FejZEh
z`ncx0uijZhr|<N>xj9b6-1NRbl#j(*1>oYPT@i)XTvcuxU6Mx{_#?bt1M_F~GYIu3
z2p}K1{JIz$2GP|bJn40=KJNwKst<y<^K@CQv=UsmkjA7}iPeCw8AZ8ZxpHllW{h23
z*=NhFC*HP%w}nr~TU~sWDhGNzWX@IFQCf+vHaUQgKnXAA=$TdSsu7ODD{B)D+h5{k
z+L5Uazq>%H3JjYg6L!!iQ~FvjY#27yYeE>bdNZ+MQ`Ps&YJu0wn8e_d4+fvGlKsIk
z^RJ3$N}M8$tazP~#(PW-zCGgPmGq<{9uZWxFGjRM(g$3j_g@6NVBmHUUh#GM*%G83
zj%HgTv6$m|U6!L2cpO({5{CPI$PtJ{<6Q$KF}-3}xJ7t{aTRJA*P5Ukd*4ino5A-i
zGm<F6UQ8zOYTBdHI|wkH0;(fTR(Tqi8z#b;xw&pjl2_ZXl%1jmu{@jj9Mz`{n8yxV
zX4HuFlkv`^%4votzuo`P2R2D4wOXWdNQI&?dAv@tsW!9w9^i&S8IHVJ`20m=T}p>z
z|A&f4Rt$pd7Awd;!CvGX)e`s-Lqc1Z<Y_dNhFPiy#)X%TJ&liD-H^WC2Jd+%7`B%s
zHsM3l!vvC|RRE7c2oww)=6XOF`n$GBR+*;tMN;N+CL1CsnwV+_YT{n>z*KlG#c$V9
zd{<yc2=G{~>(?Z%OiGhO5&t^qM*><a5A*D`Zu^9C$3^#Vj=Bp^AFrjRbGm$0CX-g_
zx0-|Z5BGwW>Fr+rqvV%2N7?f2HT%p&Nf%?_18qXC-eB!BQIHJ30E(>?EtbHO#7`Nl
zX|!ueBy_vq$@wXmR%55(G=)vpyMIK;+^e`Tljj;0hC0)r=S)|;%H6ufM$gHawUoDJ
zl)!=~JiAe8M+>J)6(4ExUT##(pZXlBxN4+AP_E2j8OWI8C^};)>LCcB>6!)UuB5Ba
zIH}JloTTPyihbXQVX#3*ciVs167ARz6<iezF~v<fG(!JbpWYr-2{V~4=8?!;k`An3
zNY6|d>!iHW`rX~q*`l;Vw2+P@%Be1zVU{5PbDNfXBIQ+Mur)n&o=LvNum#6~`6L<<
z*-Dg{qS>FETzR^m+xEG^5~_)sgvII^^$4qP$qk}~WL^t1U%A-@TQb}B$<-hQ8?!c4
zB#BEqQEn81F+R;Rsh>`d&NmsJWd=9jhDOZ~iBEGkLx6@L^E;9g_plpN4~a#{I+kL#
z9D)C~a;5!y>A)slIq3>+ZwEniYzHXUAv<!Rx;i}#WK6hUWT3;z1fzduHG2I1v+Iuj
zsQFTR#4Kl03<+1Hf=hmyadt0jc;)zvJPiSs{7Obo-sxAKv{KNA4*7L<f`w5>2#W)=
z;sNTDd8fqVQ0_hWvK!&~TIwR(H#s_oN~^Ce2q+8gQtjLG-jSd^40Ji;OtKp7a(xkX
zb&7y`W?CpX`FXY{8)q>N-s?&V{^6`~O=khxQ>m<{m(jKM1ye{@e;yBeUyh$jM+!oA
zsU(yyvpB;^Z2FOFi5k&Ro9&zwbRRxc){yH`%XCR!47!k10+sTR8_R-SuvEw1s<ls?
zsS&sI;}x|L=1yOLwGF04T`a1GmcCx>?$b>KBS%Kc=#67GY`^SuYOi>GzeFa?dTkiZ
z)v$4~3^r}xr3CAcE0{i8<O<fU(7J^8Sg)SJ<+<u0fk#+fuvIu^hiPzV(t@%iGw~_V
z_yw6P#r>-Z=Pmb*kj6-VpUT^~6X?;ht?}bCMgKoPfQpd&T*rS-yQ81AB!5l6f28>T
zD{cC(oc}-n{JHD)XU2bde2)~UAe_MGH)ITZ7vqfz$j8?7#CN6lptCDy7hATbX(Bbg
zmlE{0RBqR332~|7wd>v!iO+?^j5VRjHr+^}^P>1X?ReRj_}yW|t{i0Kh!iNx4NdF-
z%nXIoxG2WR5;P3N0!tq!xn2q82-);zmlqY&`HYkv6Szx`I4$;x4w^3P>91*~o9>ja
zw(tk`qt3URXY-GY)5<Ue%r&|i+i0<<-w0Fu=K~uKBYyM^s%qFT@v43t$4eU*-AI+*
zPuDWE9<@Yz8O6r?lCJN7p0j@n{-3I8H5Vu&`uxyR85al${x8)yI=Ne$IR3GIJJZmz
z1F)g_5LAB<9<9#|q*&pkL~_M6f>>bEVppqa=39S7J62Soc3t+}BqCc;+VMOq?tV!K
zV{w1V0t^W|Jn_l@x(*VR;<%MP9A$$a7s5woyPe?24^W+AQ3_WNqBL7(Pvv0UjP-f9
zNE;;^cyx>^0wz{J$#kT`1Ray=<CIhI7{E;Hp=ZQ|PMAhxrqO|l%2$z<`nA96vLuCM
zU`k{V7ZeI58Rs^RQ4vQ0OFELIK%A<XVnMpSwHx)_zZfm|Kn^lk?7}J7YA;_?<grto
zf+%l`Ds~@zxWNrK5veN((DZ@<vy>okW08P6Rl6Q?(ZZpqG=%aLPWhN#U@)F86CGzJ
z6TsY)stM>J+0|3e^$FZ?ST;}dVa-Mg#viH|>x)zV3J2W@I(Lj8f}$POES4k#uGnXo
zgw#sgs<V){t`j2-g{9}L2_pe)#`2?7(XMf^rQY1q-nN9-q`?t-;sI-o@6Ztb(xuaY
z^!TVvdp^MqtKpmV{bNRKU6OJV-&DT~-Lca}QJh!MEIMX0^=Y0F3)pOudNt4&vFA^x
z6PRS)dK8MnZ!)`+$t~LTXn;=9MVifugnCGf2!5${m|^{*ge%QZMp)PKLjMf%F4vOO
z-BMs6G9AS%g6^xre8Ox%5I{G?zK`1&6;TZpX&*zfd3Lf~H;)pHj*tN^5d$=<vK;`6
zORA}*jB^VjAy@azs9O=`URarm_+tSEl87eX%@@fI`XjRZd#R)ze6frkVIGpQN7d}Z
zRCAB0yLB}!G|Drw66OioH+q#E0sein_%~5dxF(wf$Xj-KrfEaL)SNow2+>?v#g2@N
zZ*a}F(X3V#00PSN8n7}hn5|=I*8pi;DILmFy7^KowIfZnI(Sm&_G~fy%WumomG-P{
ze&v>(wHa1~$9IT~&oHCp%qJ+<=qGq|j+wL5T^h%R!J{?Y*S3l4ExBhG*v4h!D=5#h
zne)9GctE+?^!b1^N5M{^q+fx4tK9b?*+Ud$S~Yue!hy4)z?H;J_B+p8U7l7z;#&HU
z*DXJ(lqqVnHY^FKyGE+xWWoDV&TbR<riAg^?m2>XyZy>|p1DCix==aDTk^*ze%DLZ
zu=ZIip;2EfbQ&n&^OYJlEc59Wu4tG)pA!kiu&x}&U2)`~TkZG9jOG%TIiij?R)9Gi
zSKFLG2@uUwVA(d3PVQf7_d2Jw_Mh5?S7zum`h$6Te-Lhq-Mj+3`{SwW3`wDs;$cq~
z6<>?y4uHBf)9%rV;<Vlc8P=&9u%DcMGqL<7O}6<PJ?1F@<w1P~fmlBSnHpMop}5n>
zgYU48I?ZBYxdD3WM6Vlp{}iSRk_@8WbrE~2!FrG(t)a3pFXq{V?p-ZK3WeTIk=ic2
zH6f(tSliDQk%v&Uqp~u68{(DS8C9{S0^$yI0a0sV_V@!yZGiLj`MVbHsP-+?>>=iO
zwI7e#lI<xjr$<T#EDPZRAd>I8>Iv$GxtDSDmzVn6QReBTJO{A`NRc|{Nes{T649rF
zmseGtFI+m{sLfYw!CHJzcE$lu2mI{2u5Tl<Ta6wM%}XcsHA^R+yOLw4+OZUgxpr+2
z_gxK`xoYhnN02le_?%gSQrpQANuw!SmrLHA8dhjm4e`J(c%GZ*s{}klw%|4Z3+L8f
zODE0%U79Og*V*$ZyY}ufgGV_pidwoMD%~GwZgzx{0S3aqyuP{r+JKb{I6xpPA4Oe!
zVYR;__(v?oT1#&+K?ed7GzJ1f`xlm)8#tI4D?2$@*qZ$XsXC{Q0FHzYpKp)+xo+Q@
z63eD*e```?8ml#)MX@!C8*#cUR2+he2r;pvl@L*K%Ta&4zI_3r;v<WXVSX&l$oLXz
z?o=>i&ho-)_x|F3Q0Iv(Ne{Q7xn5xt8Qu-8L!Z{!z^9wF8j6v~h^T!L>hEU73uEzi
zzuxsehC^ipu`JNpaIxd|-Z~dQnU(gv1$|P~k3Nwh;~L9XY%b=9ctG2YT$tN|t4m`O
zA{X-oIEG`dC{kC$17a(N7TCrm?Dultl@<Q_jgI(@Humeb?8{KZ-Uj+$ILvsGNuki8
z+(%gopT}ZhBZu8IyH06{FX|v<uzlQ|%T+0tBTuQ}J;}Loi>FnKypNc@9&d;=Pz6tN
zw8Z7p9u~Y%*gt)L$;UwLKn0R@%Dvf-d!IJhZCVc3({HkCNf@V06)QHUVW!?*a98C9
zTy;XVkFzCFPH(2dnW@D(DoUHx(pyf8V&P1hVe88F6|84YZEh~J>v~~+HGD00)ih?L
zbT`J@_taEc_Qa2bd>@8`EAxBST&2tyz=u1ZWANBQ#tWC?2_({r(KqO>>~QPxcA3oL
zrvGK=mnIX0YNl#=&pR^IX<t#>OiBIqm5>C+?13;$6fLYd0VT?C?R!wro)JS}buE~m
zB*U2Nih4C8!Z5|Qs;ogQhS7NT&4Z9?x%)-va^Osjx0h0OARm*L@sI(MXAiNqgv*V4
zOk!W9kPE6<&fX91e5j`dss2}9NmmD^TAtDDPCE{t5tVR4__ebmK#X=&5vseR68cRe
zGqP9vuFK<jVBmFjN0TQ<V^3Ll$7U8Te&?4<TUfKl#zcj@sbw1qBv`;<Q<gj0hUeG2
zJsYzFPDRQ-NtukVN*Q6Vx`Z9aI#E+pI!|`+IxQtssNzy>V(5T8jb{^NXf~8d;+q|D
z7dUhhVpYhyg#eg`-^Lv0z*Ev+T+MW^*dYn3L+B`eXl(8OMi})5S8z3Rwfoqb3avUx
zoqc?ozu>HKMP!=l{ZeDVLJMVb#+guoXS1oNBH6kleNTbAylog|<crdLI}N)-O?E$g
zhn0e$ggFp*i;RW0?#Ur&@_cvTmGVtauflK2o=$yNbjimrZG7)gN0hPN*8zOn@gk%7
zk$4tfJp~0d12F-dF@jgS{3){StB69(QIzpJzL?>TcQMgNbt^#Yb-g0%BB!a*j+@)l
zX+R(LyQRgbG3o-967#`fs#x4t%+3t>ZhE>O&Fb3mAf<i^1kg2KJesid4i|xtVROgr
z2hkjD-Rz?oSC}o5V|L2aCMUNqw)+oWJwqQhwzsn<5c^{~Jdd^*<OV$_AKcv0?v-r0
z#Y}Cy>sB8Td4{vbZtt|eJZ!kYwfTmStM_gO@~tvhEBikho9Ul@bE7gfpsnngD+}8-
z7FHXY5o)jJfFJRK=a&M8`eIRuWpCN*9bQ9B7(@QTzJkSz+E~8hfD;m@EkO}WsKIft
zu)1*Z*f+xf;vaF&8YtHR#h!h6$~m^f<DN!ijUE4PDeEABso9CzDUWXrZ|Fiuf8Y+F
z3~-|poyJY-OuGsuFuO2G=-r)uyq7`~uuwaQ$4oe>)4jB{6IPAhDjtgUsm^jj@oXzA
zmhfwZMq0t<h;i@y;lcMLV+;h9F&p;1e26+R=#FIDFSjkbRoWgy=}d~yn(~V?jn&RB
z(%y8qVyM=eNnB!)jFCN#W))&nS4TOn;6VX?ZBx_hc~fc%o2REHt2x;f0ftYkI}7^t
z@uh7pTHuRKKv(6H3f?lvc1Re?$3!b_80j%ex$8~tz=4uXVqk^M)(>czsB}vr$!Oy;
zO1i?O(x@-aAL}2#uZKH1-Z`kpDDdp)*!NqGacp3-_Es64MnNGPo3YbS@1lIZYFvnc
zTP4GW`**IduacVpc)KU}zC9_uVaIGvffhjfDKMgT$q+a!Pq<5{7eSb7>S^vCdyyKd
z%hd-rBa+^o^t}7H=A^_=@;Wrr^Fb7*wbmODj~3)^KBbOG)pJZm@GoDi)lk&qTbEo`
zG@-r$hpYc=as(^6Zjh3wY1V~fP95N4<avJ5Rtjq~MJ19UNJK{oOMSkT{{Pr}$KXu3
zZd<gIj&0kvZ6_Vuw%K9Fw%sv1wmP<L+eQcX>3+|?=iKwY_w2o^&abb&RHc&C^DAr3
zIma4v%r#bSE3$9JC#u8`dSCef_DM2d<I{?`u1tV7<HOA_060xN2={-<f90q5Veg2*
zqP}U}LB80Py)cdR@PDq>w0rD)Wg@@KjzRZ0xuB-oh5~a(fPd-VbR(B@`&E6q0=|Ck
z?fJ!7Z+SPsX7B>4xUH^hSLOk}F@j-m+j?SKiOYBL=!VXRtx4(nkoig0A+GMD@3a+;
zg}dnPM5Y4zs}ggwsiLnKF6s%TSbju7=B?kCewdAb``fXZntly1I<lqEWSHKAVW(hO
zp02*uwU;o-@(^^+T2ptQWh*c<wI)+@J&IrV6=ngsVQM$7UOKJCCosm2m`|A~P6G)l
zEKST`TNXlt>-sN1*L+EerN%i2QdbD0%=aTW0=4j~{Il~jAIp;mGicz!thn4X9E>q*
zPL{vpFwSad8=PfrJ%go`kYi>N)B`_RzRd`Jzeh<+b!S$e7jL#b<kKEa+7$U}7~z!d
z6%EP*O_*5Vvr(Dqi7KnI8HrEGD@j@^LDC_Ck{wKBe-6L+0P#NFd9@uxQQ8v}2!Z0;
z(Si)Ldluksym&Wcre7D3`-MjP;gdLTKtx#FY+{S0sz_R5Z-&?0w~Zw5$wy3U_=A2e
z6UJb(%RNU55#{sXL1MvOrC(eI<SAn?$q+Qttb!BvblZin0`bmU&gBE~kN7JcUq~->
z;$SS)AOh;>qIt+CjNp5I25;`*jhc196CV(efxrtEGS_ZZ2MWd2$v?zMEoy)+ti|Jk
z4y`fvf1(H{V?6|IzeKXirXHlg=;~qCBmw(X+E~ZPSW19FL?L0Qn?^%O0f)IpUU|fI
z7&oYOCDC2;KJ8{a{k(g$SU2zrG<W&_NNNnx^umIa+Qi5TmS{k_nNq~ohhRjqcEv&e
z1$|2aM~uM>%L#-ldJD?&#=F3sp+eqH6x37*CBQ)Gt&rH=5wi!oqlytq8G=4)=9pkz
zMIAej8<Ipw0VzCDILR!)>MVK_-B1~&j_F&a$h=yK7A{CW#3G^_AMF9#-NC&FZcD!d
zHELZs4a>0m&#zR0V!BR^&KdN>z2`boqyUMFOw;7?D{52W$Iu!}9%$)&G&ic;jJjv3
zY=C{r^axu3=fFamHRsx30Naqt6FlJ&go3`*j(~PVgP_kd%bxN0H0?5+r?&(nd8{OZ
z!ZjPVi41#?FxfSDZv(U55O+IvaeTKEKHFwAJZT6k=ltSuPe{MIDCAFYWK-)pY~y3;
zFX@<?!v$$Xu&#}SMjRX=Y3m4Y_I?$icZ5<>*@l%iQ}j;Ukxd<hr2A{JY{od(OD$G)
zpiuT6EiC+rgKrTl2#=N;AjV`@>%dMNqHEo4;++C6C0?*EAg`1&YG%Y$!m`P%m>lD3
z>xYc|qJ9jKQuG7!5|FW&L&@%wPvnBGGQ;7^pP0LM%4P>-B204Tb(J!RzL1;Oyd-!&
zWo(FNL+2MQGb+VK3OK$0U<=_P-J#0#l(S+&akhGuU@{ND)E{B|?)XEK@FQ|gmXe-Q
zxPTA{E1pt*IJ#p<!`(fB4ZUY?dr54XtlH-4eJx~JL_=pBp;(_b`6S3;Hw!ONEs{xF
zGq>Dxql#}et;zd#oCmtav(Lbhd;c|g-W)QXG}lHIx_s5iPZ&<Du&>{x1V|FHP;p;L
z&Sha!iRL9SIYaU0WS}5+)7{^zfUUjcPP1a5LI7jk%!p1)!-kBWIwybO%s!1W88VJ*
zv?S<E4<>r`yDFv*^4?*?w&zX(Wm}{wvoGXh0WJnn93K}}=GZ`w%P8f~Q}a&@+*s8h
z?VyVdTKQ){8UY$@bi<f4+Pm6N<blkkD{(DYcEDxcE9bFo**s!o?!BwGil3q>f2vB0
ziR6vDcu-O#PG=4hcM~7}SdS3s<=f}fzrv%H!uvkIn$g|^R03R9Sy_OX2eoE*M8+s!
z)BJX-@lkTDIo$9IWF2<#Dr}O{!4re1ttQPrPH$O&8Fa&T`Vh85KT!1-_8PgzPccR!
zjk;udLfCfa#|HJ6B=-D8HXQQ-0-GTp|KeLwyk_HIHe(SlrfZz>X+_7Ill-EN??XjJ
zm}5mEwB|$PIqV5SpGV`*ez6@%PaMyW%E^;82vo{PV|~SjmPnIA>wj<h>ZKE)b!nH~
zcU16FHvZ;8JWx<5>O7LKIOTyH*PA-G%GFnwPl{LqWbPhd6$buh4YHKp2ZPdGvL%9r
zJ^%fe+&Ct)0i?3Yaxuf}b!dt7lK{f_1ucaEZz|byU%%{JDK%A*aJu4c3&&7y!81}@
z$6>y%C?Zr)t*K(GWAsr=wc!SJQ{M{A!mpqh2rzt4KBSnhNJ^4YMr9eXiX-I?r0sIi
z;EJmlQDQKkBq5QeEzq~UMt+uN{CZhia41XfUvvK!ahSR;9v+GQihD2K|Lv=%0>pM4
zJSz-XVJ$tczv6vFb$1WFsH<Aycp4U%Ha`N;US)n>VA~R`)Mc=ZBqw#zPhwd+1yMT-
zK3x5u$p!v!&szbIo-pY8=s1swi{GZwpCX6g3Y+&MlmL<oef4Q*le`T$6PGd9Ioc0`
zgDLT(h|kn1bpkwd<6CP%L%KgxNlf%W7h|8IYePAp0!m9QC754SxZ0^WQ0OFc%IFJ4
z$whG$`ta3mgvEtw1PsxM8Onx+Zg<oZL?ua&Ddsp8>>*K;6SoCu^3Lc~2#MCLsB+~^
zuq<fx0z-yjY9k>fj{Jz<0?*zll9hM2Px3H9<>vKdb4vw?Lju^elTfY4puYmqS{Mg(
z8uL5g@(4O4jN~d}=c$eLK$5B*EB5!?=q9>{mT4q?Qp89df+K-YFk#FXjL}jy7~Rw6
zz)OQ?{iMktsZ5Y4BIT1wqzg3?PIQdRU(5ft|3!;Jjjl45DCiZ>B{4A%gi#c7?JnBH
z8UB<o{vKK7c4)CFYc(31%h5^$Jsi@Go2VL{!Z{b@`zl<HXDnPVCKWO|qK`IJ9XdTG
zTFIsV9Y<%((`$6NnfKFsK22xZ8WGU$J6iE+zzByO_XpcU3$-ox9<)r|s4aJg`O7Kr
z<R<Y86wiSGX&(uA3ei5D)(^txY~qBy7J}HWq(EyDdmZ66UfCIAuF*$i4ip0HAZ22y
zr_8DBG6oVwj|uWDKDJ_iL1R3^N@&WCvicI|cHiJZj69!c@K?j&4-RPjvI&QMhC({~
z8?9P-ov}1l>oLws+Y$15e*?=S-_LyWiN1C|r~8f!$w9}Xp5{~Zn|>!JO0}`N?g4zI
zSgjBzrUi5;n*3<=mG)$_&e+Bk$y^9qMXthW1xvP_jVNXAHq*+GEtuR8&5TGT$ze_7
zv6#(7t#O_24Z5?9Nv*WCC2H%tqpd&2hZz|}6=R=;L0?BE^Ua5}Xtd_f#G@r%&L)=-
zurX9T3?vF0NECxbO`atMo$0~R)4>N!a_O259OrxpdxtWvk7@|kt<aV0-Y;uYQ9N!F
z;=pw%NjT<9J+zuKoNcLQ9@$eCi0sE9nas?X<EiF`Vzx0TxgfA;AeEwiCL88aDV~Od
zvmL6rymhbic7jO9+a`|uLex@I^x@P{G*(9Ct2dAorp+9dWx?DHPv_S@7AxWMn=a&*
z!r+sivZ2ajy<7r`4jebWO0O98N=O|~%P5#gwU{{&gIPDFqCewu>xaBI(eMn~+gMer
zrc~xeFALA5f%&Q<)sB8`sW>Sd>U}}jh35C9D4wf9S&_Z3)$)=}ji@1!tZJ;-i8QZ8
za)H(QB-LjNqCS2g1G#h1mWD>hRuge?oonecT_9gBANQ;DwWwCPfzDg=qK|&pS8=pN
z#TJKE12H3*_yY}x)97XnWnJ%Nte6)HhMrxpcm>Pa&(6KOsP#?Nqx2}Y+FG}o({}zs
zpVyKnYj&@Ym4##+iLF>ru%h@IOq+iU`uo61l-k-;@4Vg2QOSn5@;+z@16Qp{&!o4Q
z)BM1A?3<l;Tk{BX6qqPt5)Hd&2Z}zlp<K54y`eHj@YD@Mf%0PmSk(Z}nG{TM*8}~^
zRMnR1#OvrFVa(;qm<@rI>4)*j!Ad$V>Qz#zRPn{ry$wvtaV7C~nVQK>)5&IvArX=D
z14>hWwUGB{^Ei85?Xk83`++RxF7x*hj{=ph0s@#)sS_+IxNzTKx9-g~`4+Z$Se3;*
zTPGrFGYX_qup0euAf*%zi8L9PX|7*Me%XKKYL=_wLDb1H^FG0T0)whn;nqTBXSi2p
z0G1;r9FY^HE^St%eM`P0bS*aWJRcsDxn7$i($CmKWaUo5{9$_N?s{>u_fpVW&N@Eu
zE_di*+d8|$pp+d1W@Qmskp`1u_SJSJp?&`WxFd6W*+RCwGg7_j;I`I>ChZv0ysCP)
zwi1}VDMqQ}p3Tt&PGsEZ`&zo~Eq3lFEs}}}Egjj74~nh^3j-b7<Aop8wlh(*$BomC
z{I;%mCqas~-H{NlwWjRn^5wuKg_$HQxJ7=xMFWq;)@e6Z4^n3rI5^IO4;$1h`0E+X
zArJ0M4%UZB_5+?FZL6MbtMuWsrfs}O?}%j)6Q9NV=AM|RBjNjVB-@}tk{kMH&V!}C
z%0@%8);64CITE;-F&0Nc*W;`3N{5$H&IP<RjA(g7Cy2;P7FKU~XA&3t5iR=nXh38r
zb?B}<^rdQA7|<ZSXgJJ^)2F79V5%BELMtov7QK3JtB{IQHik_`U#YCRnI1!=);mvv
zuOFk-7^7?{-UNj6(Jx25V^w!e!Ah{6$n$B<`)SdJCA$a_I<GxRz)m0An8%jGY9EZp
zdI@<J%uqq893rwNE)FnA`IWwbe4Qxo8_Kx@X7qc<+|k3+>>H(rF$2%KZbN$)()-ff
z{LMF5_30$#2!-uCo?|54)b3Ee12W$&0V0%Rh>v{7b<jJ|TS{-J&lv^HHMa_p`NuDo
zcj&bUWb0I-3XzEzf_@2pw4C$us@9^C0_x!R>@sA){ei%dH*3zSvc4&7)vN~)dga!2
z({#2v<HA59IBIV5G*u2!3@eRbYgR2`iy~|Bvf_!Pl5gV&gc?8iKFB3C7x2kuU!_xD
z>7kg&PryU%S%u?u9dPTd{G<fq!I}K(lldSocv(h^C(KVE7P8yaPFX*pXoQkH=Rqxv
zXFmX$ybG#$AvSuX<@3gf2lbD2qD^Bg+fqWN37cb;p?*<SeF@)8X43Wl8drcy8D#kt
z(?m2Q{@a|xJZ(%8mujm!rwaH7bgbJyJBCI<cj7Js+Ohws`uAt%_dnD>OMuUn0Kn%e
zVA|VtMHnMrj=pfpYSG*8lp@T62wR%=d~-5Cr4Yq+SyDpi3%o@`r(Axk{sF>pkC0k!
zte5rYd$dlt)h0K2nrKaSF(GJnV|Df_`f}cAxe)|-!Wt?RL+AjB7lz<BzXT&(WW{4=
z#xHVG>7EIh{4IC@e+|n7U*_C2#`zx&v2N!`bKA)y2VKiGr~ZSocZZOY*%b^s(Zp!E
zqrBmum6xcUA)4qK43oTQ0QJw2p!+q9Xn%@_`Rh?yNc+N|0Drvc!?y$Me-i(!_~C!`
z0#-)oKhs73OmqHOnZTHCz{((qTz-2ESn?zx4`~D$Z3z_kVe<l1)}AbSmNaE6efv0H
z!xn@WGT3ggGW*C=N>77>tg&<oh7$k9yFh>Y&2_oM&(LA6jS^AQouIdL)pkWKGjk3p
zhOw>;%@8_Yf)A_Lr*FAN4zo0#FlkvbiZu1?bsdx?q{xG5zv**pkdlrk^#01F;5uFl
z-N&U|F9L6N!bfJ@UJPV{G)ebOFws4MS_3suzyE?&<HY0(F;eOe)`-LP-`1CZ7eFQK
z7a#vi+VG#7VgC^w{~v7_<zG}A=C)yy?*6ZY$DaYV{|Jxp9tITA$ItJ=?w$z?K`_Ef
z>_p8fho22!R=`$MVjof7JnL{we(vwvPwum2{NgFaHie6$nQH|O+A~5oufFnJq3sf^
z;W$}Cfu!Y$HJGLAO#dt=ClxjrtBwj?6Qn@$hVdslq9IFT`3{yP!#o&<pChoRD#|Qv
zZuG$G>E#+OY4*I;0=Re;HQvvnz43W$^SdS_ZYBdIIb-$t@+3HiM9**h3<Xc!9<r^x
z;XsOP#zt=+09SGT9vp`?Y+yTp6;K424gVhp2mV+R{aJzb_}>Zg|CWyU?%$=uXzFy~
zf0mBZKcyq_oXHg_{%ThE#`2Bv%SmXOFbQ<S4*|mGB~UDyc00Wby#H8+%vgi<jg1Oj
z2S-J`YYe1vA;Lz6@B(t9r5FzG1xCUoIsDtRf`Z@c(1AV0qH?c);|5j_U9{qic2m>_
z-oRVP^z7z(_G{~!^QAYEL`@9Cp$!sxYX5hF975#?=SR?_p5l#vc+By8%=!LRLV}6*
zx7wG+L?^ZPqBcNZG?O)610MjBi+^9Dz`nTf|5E-i|DGuL$NT~P7tNoFPH!UwzyN(X
zz|IQbi2vKI&&bZ!*2Ku!!p`=O8aS7%^LxM|_!9h%A3>xB__MjUFKHZf7~sw@;|lFM
zl=BiO?KGP~gtFvH1mj&-O86?-HzE#;ue;okGaeorw^ukfJNGVaK-^TQ$UH$4eZhV=
znk<p@N>7Wwp!yLgWZi|?{AW=vO8u*f>3v#CKo9E|$Yg->yH%jnG~LXS3r|pO!qP*d
z9dAttjiu{7lBA_w;^W0CDdx`y9BsJkHG4RCC^8%FjYKqw7FXfs^Ugy}of-|k`sRZQ
zYUOljI1&zf898<&%RR}q`r?H)RU`|A1!ZF}O4FcK6b0a94aGYTz5rvk9OLf#u@)Jd
zg64ZSp6k6oz7>RaPzieA819AmgvRGe#On2#;BjYTCwH4cEF`)v2cOHtlVv9?@VwR(
zI>ICT?4a)iuiFGt2&eUsZc#;GQJ#-?@$Od&?NY-x2f7RQSA!qy0M4;>#_W1N<tJQp
zB3wX*xa(vt2Sbo(jh$n#cz<t%m6<;%(4{Y2x(N^!b*(2zzk8OWPk-iyv}G57+LWv@
zf=xO;^At4`scc-|I}b*?4RhK651_6|VwKhNc}njey_HtL4j!1U%4rnJ;Xm8HI&W`Z
zNMx@EGHr;K8ZUXla(x0yPh45Bo=4G5N+I=u_xU`ZV`sLN6Jqiav~btc+Q2Aqx*?3+
zEVpN*O?2iCW}enZ;bar3otY?j_N;QTE1q}W7d-DN?A*=KX7PP+7k40=Z0CDSPOt}s
zH%fyWyh~DBQQR&DsEI)<2fR*VP-BEYM?~fnt#GE9xB~vbZVwE(eM1(1L&{+O7ud(<
zgq%-a+OHIjA9#+~W}+y@sE!E?LOw_)6b=rN)iE~UgOCpqMnjt{rt)?8xx7g3nz`aK
zJQ>%a7YgkM`fW~hY6d3Yaca41k(N$azv!fxR>cfZ#Y7EP<@R30xn6E|6JquRhb#zj
z3qGt<KlkTj{DNLPzaP0>qhZ7it4;wO8WaqRr+8F|7Z1|uvrQA-K#XMW8IFH&D=UuK
zzh0UJ=Dyfn4je2DDY;zhn7f1iM`#XA4j~-_98Kl{$wU5E{@4SAbY~MsB@<`o--<f@
z|MoW{ouP&8nYy$zumZ}vmrOe0OyfMwD#~*S0R+qD4)oxN0Kzn|AcR!@&mjKqE*bAJ
zUElGi8%1R|aqDEnrDS0<Kf4`lI9=Rwn@zm2MA7U(^aOaj*90IKTN8;@%AAv)(5O|A
zD-5tsXneU^&LsmSBs&ehg`_{FYp`K7K!vyB12_;Z$und;qfMqoNcw^@b7f_VW)=>w
zFV-_hcI9IX&O791bp%6AV|>BkT8HMEisTqMW7K|vVk;>_Q;5W3@M*1lU-1R*&XFZC
zA<az5A9NtaAKFJw%NK4^njDwj;@%Ct70cy+?>U~D5zQGw3}|s&Yuul;c!-hV$@IoI
z$Qf!_Ps=7<oucb^?pR~9JP9=sUA&uZ-n3&4{fy!;(#Ai|&EK2e)9BBf%+u4p-mwQF
zlu*dp`>P9JVD!NMowfL$P9L7{q=UwvvA|+EC}S6x;=2_rkv~P_vXldyFbv4SH-W&{
z3ZZ1G=2P4j%cS;m|5h?i?Es#KssfNwZ|GsY01~_IZo8lTrG+hA%Ut#8Wu2u}SSgy$
z^|bUEZ}dYEoBF{R5Eu|J1Y6GwXcoWTPo*KvKTr}qv}DL=>x+QBR<5Nl&fWem1q9Q-
z1L9vfAU=m%p3MTzX61kh#{V&K<7{9Em|mp+^W)FCG*em2E|UZ0uS?YH+lEG06ba!O
zYH@7kDj9rgbi0xjpcxIa-1%i69pDno$HvMk-T|Kv+n#asx;SCHuOu~#BR7JFRdB!*
z-As$`dfB{uClwIECZIczJEk46@d}|g*Iu6o8_@ARF$J1jSFfgjIUtMv@JtM_S2In-
z>O70W4GdBHh0roBRpS(+`0_nwhNEbjAQ4V2aD3_wYKY*>cQ%xZIkKlbrcCX<SwE<I
z%ElJIzNW6s#=W|`d*^Zs{1=p$d=~4(*&C{#sA-p4mRBJoVO&zq9L_i-)CU=w_W-bt
zCAh}tqIH?u-IRF5l>!a_m1JZQCe^%JNen41-K{diX508GgWUd42Pey&d_K*;P6O=a
zc#i}vFMITh*Onr7`T5_5N8Z?Iu8U*^1{{MQ2N4B6ate4iCXWS|-KX0Ct)4dVTg)ON
zIJ+PHd$4L9DQr(bJIg|<Nhstt-@+>fLaW=wR5Xn#NGs^v`BsNJgQv&2I2w+N1>16&
z6CPF>J_n1AY3kj4cj9}Z%uU~8iHX2Sa=|86Wbl_7K}uBdP$E^)XiOCnNKn-`mi_dy
z*nY6cz=63Z_0Xmjnw34QVSbxZU$LEf$RjK}%*4=to7O1A*;`<7<8KVhnIH6?)X3{z
zdbsRCot0+YG}Kx`+*R=T;lemae<9gKN<lFmIL;C-Wg1NZNe#9NvZULLE7x~^I&)x$
z$kQP#tHby(afV}(!g3d<XOL1HM)--cQhh9;Xd>Yx689x%sqnM{>#bH8eZo)2@XHn&
zSDIaXt6V&bFpo4gL(YCEV>DuPMrIwAEu?|j9rMqTkE&x8HyAMk11SBk24Cn(Bp@nc
zuJSm~4!hOiNWL=0URdyKJ{!^7-EZ)Gr-!aXx!jYJ{fyHYkhML+)fIiy&MSRxcU{I}
zml|SEvX*O)J(guP>%^Kps}Z#31vpIp{RBSw&F%9f04CP~pW^)mlMXH>jvmT?Wy1gb
z{ZBeXCg|B^{Evrs)P2Z*CJKZ}m63r|(yOSroEYt=LaX0)Ef+zhKdhTctQPu9c=kTN
zyk6|%G<R}BMeBB}7a2$IiUuM|lu?mo;C#4K1yDy;5Z4lEOAa}}qitGu`n0^ye>=_@
z`u6z-!oq2dt9a4C+ydHvDQJekyI55W;V`BMvXV`JY89BHyVp)3G0>kO>`P!n?#E}u
zzSlEnfuyOvn$Npq_r%b|f{SiZ%BD+HgW|~Kmq*(k!03@!CMxG>cxYv<rYL0G0~Y36
zNwDuQ9Fl?JmoadWB<%#z?R^*uq@?nPmuo5;qWtrdT5e<bK6Vkcp-pYx)l&H+>S7uw
z#wKxK8nuymtF>#FJM;LF5{Js1Us;J>DFBV{OKyixPL}R5-aJMg<ua^FbV<$$ZSZ}t
zt8ynznXHOGBX`nNe!Rg|SWH@E)Q#bPXVcdr**+TZR(opKVcJT%Z*-p7cP|P7v*J5z
ze=IWG3tn;!cQbTm?A`|99GSUA*+Up3R-ea&s>{4X8uVQ*W`Q<kC4Z}UIf>``B_B{2
zd`$Q{%x#=9cYUMtp39NXJJaWm>?P+49G3qL>HXKX+=UNS$NqI`<1^sM^!HGZgD_M&
z1k^)3uz#$Fe^_d!vQEq_1A>?M4!?-cBdKfV(vKe@ne@jb0ua$=C`gYJL}395Lezb}
zW(hbQGZ7#=rQ?m<%-n4Wr)nXM*PRyZ7^^mjEl{z=Z6gasZJT*9ZlGvG*aNlYqXVvA
zBci_wRN3lwHsg&>Mm^-VVK*Kb;QWfZgr5(v9o-&zXbsSFU1->ch`HFn|5`ly)qU!#
zHFge|;8|1Q@sxkHMY%7Kh4iDz=I%(NH)r}}5#z4IfRL`1jqN4(DVd6vv;9VQP**qn
z1*W?dl^J*&cGah`rnaooJLagsXE|Ty1lBL|+rEbV<TO(zC$zvu@V0e1o$nCDNo2}}
zsllRt8ga}OhLVhvl(I$&_SwTZL#HEX!P3RoZM(%AY(-o?W%m=#rXX>jZ!DSbWIeoo
zE%I}9tP+X#6~!WX+%jE8^XB@lTe-DoSO?bPj+(mLb@{qiZ*KDdJ3HxIh-;;q&Q1J6
z-erM_66(I?`58t-VM?Q*9_McqH!Tz@63hwdOY~vN`F)P<S0i@&$VHn&gkf&#Jk9+w
zB@-v=dt<l=rV?Z~r3t7h3w3oQXRku$G)JTdLO4jpiW?Z2hL_)af6FnV#}{NYG4^{}
z8b9r!G>c<S+L+L>+k&5%`$){$1L~59TRf2<MkKomJ#^;ZeZPCN(^GMuA2;fv3NDJs
zh<l~;s)Qd3No7ixGK?CAk&c2)gpCLzifD&D34z?v6V(=vs++(sE-mAu*&{|kgi4k`
z;8?^OekY1W5WNCwWRBOX7XD}foeiptuVcMA%H$a~>7y8Cpcf(tk<stgN7f)@PV$G$
zEI{9z`rv5AqcVG;Bq~3f#`5%<z}pA*hnSYZ%#zcjq!FEP=&My$5cQCF0_DETiMhBh
z3^)x~5|C1(W5{NCGE3p-IoRrTx4yG!s*3@*=^yT3>tuM3Zok1C(?ntqkTNUD9j=_-
zXjqKgK<JvgTL{w>O%xt0!)6Dry#m7j?}=eEz<a#{sF5guTkHSF8u=$hA`^6e`#uC;
zlArUdcfu1U#`t4VNrWzBl$E8rYG57)s^2bJ7ZasFY?>uZe*;#$+;Q^CzCG|x2pJ66
zI>L=Kkt*WAgkc1hR2kmm>)&h=b&iR15lIfDhNQIZ-Wl9qq=)aqVmMDe;~<EMW$SNn
z`ieN1yg(3&O94CMMr8ux@NWK4GY=+VVfBgJod*l9xQ0MxC%PKpju}C4Y*I{I8B!K!
zm2pDb)7XIIXvcy+39?Mli(&XK5N?vUS$~eAoQnObT3rP-e`+>$%<%Ii%@eYHJVeX}
z4i1K-yBv-Owt+}eqCi&Ht#Z*4dQYcl@9VZ3Q@UBNVPhDZC|mSE!aP^&<c&u?maJL1
z3tRS~#ydFi42KF%2UKWvxcT_%q1f3^XV}Y{m_v14Y9(Dtbg9;jb@Uzo6<zQCWnHLd
zrt5&DAMaq+dO5SnW@%kQCO;P>db&Y7n7uY=F|KC5s$m@~@|-`)+mms&JfHFQ4+YIJ
z^<z7*Fm^k@d*Iw&xDvKgOqgc~_miAfTndUc5x9{{OjH~cbWm+yEZjXQ_B76WzwK)E
zCdAC^ml|+MTteoorN2Lcv^9yRV_arWE<Rw){tW&2DAu7uFZ5;9olEuw?ET-P;=fNY
zng7iv{+0OzyY1lqB%pxg{4<~U)56SDmbF{uK<Gd}@<nhr6H(MlL@b^%L(J8oS-G2$
z?jCU#st~c1ENf5zJeC!gI8eF^iq@e)Jn3n-(LQ~j(K`jcS>Q5qM4P7u0{VwhyrFrw
zS}}@$yA`?=v8!Lp%XdB+A3s%F)b%<y`Lw=bGac}_O9rF!NC3Y5V~m2eeHoh@0zT$}
z&pAKI@DQ)yP8gp_XvQ8vDj(H=+4%$97~!GHqAv?mY<pg9p4wNtTAsl<W7X5<timz^
zj*VmKi2SL$^Ao<ZSroIUFR1?a<x3TEJ@Wzw^L=(!EhqnQA7pCp9sr?e60PHDOFPKn
zH=n)=SMb-6g~CzNHOy{6oj7fkvOq#tL4FGWrUk>eSU;q{-1I@5DD~u(ILC!@9f|7T
zc)!-WtX#8GK(t9m0Uh1Bh$bd@<CXMm&!7#cz0PyPAA5{}Kj0SmmYZS4=rLQiA&t!=
z?j8>tE*)P)D(58SFh&&Yk!C+etlB4;UYi<lc4Z1HZSrC<MRzn-@P<YzP;IVp8bM9~
z|L|Zgg~lw!JmH{q4K^q`yOlSAm1$A|bVOBkizbs+@6Wj~{oVK8+()F_qEmI)#|>Jw
z*vt`a<&4uNqo#GwA+nCm%0YVp<&cH6Icq+ah0;kkXIkh(Y89t_&PkU~!i;Q{wwCT>
zi0;@=i#sX@8Be_a6J-0agLXhFQy8)g1Tl|PIz{Q^V92|Qxc5k}sH;yH??-<SSvk>w
zUq|$}4jU#0{$U2{jL0HUz`J9aEuY?E&SqRxqkLL2pt*<WYm}aDGJ|8nOC*etw#lfa
zmb{gB;u(TxOXNmEYm?FUG2dXSZ$2!(&f^9ss7n9^qQmX^Lt*u<L(re}zEfgs*9o)^
zy8GM>>TaBLc!=m-m{4}6aI?Zzdx4YBQk}kH?LWIGuW(=IvEZkIJCS&?9=}vI9G6O&
zx~USffBYj(T5rjB|ChMLpH%qYxP(9k86j1v5O#g1vdX+gOp+0u{`iM!29^1WTaN4k
z9jeF)cIV=u8~x$W`*A`0JE#FBQm4!bq(}ip6~^Vgr(aH(l?=7fL*e$MgoC{5UUkne
z`!8zXMZRR7a6`le;|`~px`Q=^v=D}7QUP~anwWx_{OM$kE1ycOp|?O{=;MtMp?gU9
zkQV%Xz=%ShmybiKzK0ok4y2ueqlx+dxWq1%0dNWM1iFo>Z4Z#YxP&PlS~-AAh;bK<
zF8!p2eh0}U>B)Bk2Ny%~5y$ap=?kTz{Kn;b*g0~Ylyh=e$$bFdRoBlpT<eTixGah}
z-jw!Ozoa83S+jz=>QOUlTgQ(PH&N<%MMco_n@r$y)qp!$|0WZ{E%HU_6e&`z)9d0p
zJ&pM<$#r5-sq(M-NmgAzRx3&?2PC)TC9q3qk{rzjo77$_beLBoU$wZ7{qghhpcdL!
zpSNTIFu7!ldfB(N13WleyKe!-1ab?a>Jr>TV&)OO+jVA??lxvA_ab?JlF8+%_M1x}
zydUA#I-NMblldxVPUBe^wnOrfbNd%a=JtK~Hs`nDOMTot$*;Zws@?w$aAf&6IQ}bx
zW0*f9_YR<HT>djS{^gvS_~kb^_Fsa&;DW4UzU5PlgepxHfPk2zN052aVWi20CP~mr
zHn4^JJmL=9?vU}JbYP&d-d<%4vbVlh<G&o0JL+oHMc0+HL?<4fsb&niyiR&YnBzPX
zjH^B@l(=}w^S#^OzOTE)!gqw{u0FZEqVzONA#L)O3cgTtQ+>8`U4Ui!neQp{dX%{K
zLSEQ2MedOvZydYQCmu9E^%gxuu-*mew{b@@9f7Z(+N;;^m>;P&#Q;nLEO9S&>fQRk
zTz7a9^BqlS*tu;(^&z#b9?NwYjM?wZsqt#v5~;j?NAp+!rt8odBsFiHXZd&oz*V!k
zWuHa{QF|#>AH#BPd|aZw>TYm6zJu}Jr(OrE$P@pK?mNAUq7eES&o^^06aSd}$_FEQ
zc;7d%Ql&PRv2c~oZtdEKZw4T5A7uM*k9BeO)&Xa4X1~rahJ6D31b7;mBx*L-f!(k+
zwMQwJR38Ofj<hd5>MI67_cfvzCNX+!6o^%eK(1Q}ISGlXMjpg7*Kj`f+wj8<h-YQV
zr1HM(dtK9JcvH&_m;fgPheNSC&k|_Qfhb5Z=GiEyw98U=TQS%&VHI(G1%4C9KOE%v
zn$|d9wmD%W*uNaRPu&bk#2@k#)U2RXQQ4Lvk^)2wJCf1TsyhOSd4x0a2^!=MpOBB*
zj(m~U8r>lG1_n&eKP}+>EL5M;EJHS0U1^*FRh(r~I<Wy071n@sdzl*Jh`%Q^<xJc7
zTMu*c4iYq<*|v-30p^54_BG5!c2OuJ7#}O`ZlWqS*%LL|5q}NECMR#O$upfc5=wT>
zUW$4$?60&$EE$AKgwO&FPy>`$l%B2PanS{~MD)ZC!*B1zqnnM3>x5W^0Yd^a2IF)H
zg3p)=Y{;aenpr~L;Ws)QcP9&HXOdpa_4`)|D<>8uTLI9c3zmnyHBK6B&u95wPApZX
zpK?&Vf(V<O=4+0hS-gQ-o&k40|6U}&!PM|f0Jz2Uf7W~ZlO4Z#C7}2AKX@fMh=c@c
zlJfJXN_If+ZDoHi^|Sgdc%3XN%X!yiu&J~t(K%es?jz^mCG`cqoPR$1R4`@QwmI7%
z1c?f1f=h5$Ct5eI*Z`6S(hm~jX7B)fwjBQTk28VCs=Xl~&OjDS+X@>%^UeITe`=bg
zV5?kVJ;4I53vRmVXG+=6`k?T;&pfc821qe~HQz)&j#m7rrjbUYBbis>X(B;%_!kr{
zx>SO{a7j&?fAD^T7HeQCt7Qg<R#9PuO2ExmDcO$l@a2(1+MaqI_D>GP4<+3sjx32s
zDsgec8-*daEz4-SNacQAIk=|UJaiL`J5%i@nwZsZqd(}jO)Cg7&mf=9dx}CluAl;|
z;^~PYvKjqVEQcc)1AAB#VMcM8NLQ5zO?tj}!Cd3BD(O9{K?|y_;AK>3)A^}9Lwe<a
z=oY<%B^6APL!-+soW2e8vo6-56uC`s$}HZ^1jnWrdroFChDOec?zJ2YnHWbV0l0=&
za)+NnR*}65-e!E8{Xi+WsixdZ`N>}L*K0M{V9SM<A@Xv1+tL)X`?{UThZ52i-t{0O
zvdBWSzz?6==^6OKM;N|2wtx1N{O@x~)_=q0zcO4Nb**#^0^l;^pW*T^gJ0!oTYxs@
z4KVlxdS37LgLO}o1O+RQSXG%f&Y=#umZ<>sTwt>iD}VQ-kCmN~EUTo_y=u7Re8kH+
z9d(1>MetUgu(E2TXd$3bENbGmfz!HMv<Z<$0idNE+(HR07iG+b&fEK{NvvByIKk=@
zZ7ckCbC}WQX1T%(w5Kwd>%&46)6W@PLtkg9i`NcC1Du`2SRTAWHgnOX$hS$q$eA}@
zTnD?se3%zGc&<z|8kDHFgBSgZjPjK{aCF}0GyW^^M<}nkj=GJDUQoY&*RI8muPR1D
zM#X%m8tG;wXXrII<TNGHmyMyoMXNHmmtC0T1-4e-AT69^>T3H@sX6JOdn`v1=+0ZK
zD3}}r4>qKU;VqTPyjs&P_#`jyyT_zs^0FQV1+(8@Hv{C(n@UF5XoaU8lbVW&^*@*?
z-CDCm1FK;jukg=PGCY5QjtNf97iRjO-ytMM=o0a;_B11?WGH2#x&%>HLHw|Y+a)t1
zrPflIO7{}Ip0~s|2(e({J2^M*L1QFPx765;km|2ce4s#<W>!oL+zK?qnevF1UU68P
z3Z4@kR#$|IwP3<}QD^mgRcY`D%R7AMstjId4b{s`s+;mZ&9Q*A8EHqxaick9Few-?
zA@<7%)BGux67dp=cB8fuGqO5-PxV6R`;5l#JDj7S>6os}acrtE%La7P*v+}kSwgi{
zKJi58yKko|{F<8GC7Sb-`D)EK!6ir^budtMOAhEwO?1LO9w9ziHi^{5XMq1R4_dC*
z<sBo9@Llk${f#F#&CB8Dea;QjDAYGCK`j|bX$PGGPC2asiGFNBbI$?zXX-a_?xS}U
z?^w7CeCuCDpf@dnPeJ#u`G|Hs7V?XxcKFlD!|MK*^KxH^n@4-?omZZ#(_QfrNFPGH
zP}9XJ{m`Iv$BcO!$aqE3X%~ckbpB&kP4zK{W*YFx{C|dte^TIo!$g6E8^k2#QK9+`
zWrcZ*lq4fK{c-#;HkGOR555c*Eh?l^w<nygNzQiqwRL<D@v2-{rP`m@G(7-JL`{(W
z*2QlZ07GmPRso@g1jXam{a8MkbK!HJ8)8;_=!YYe4&1chI?BLO4=Ok&<3gZQtg4A{
z8r=#hTl`JA2(;Qig#9l;DkiWn7ylbXp6`Q>K+;jD34lc6iUCL@9X?iR{bt!ua9nco
zdf)7yp!u4ZDywM$L1jNMgNCCWuq@q8Ht=H-L^zy1s&h%Vu?>eufr-lsKrGj@Ldt&n
z03h)!jr%qFPy^5Gl!hYT5tk;<9B;451ck(cDQ1?0{*XNaKp{8E&X1DBpA-sCpRSf7
zc#n*FJ<fJ8N39CWq4z7}T^-%TD>hvfKYBEXLA8H#NSogr(rM*{2EZX%Qvn=u$zfB=
zYhwc-NI5j#&7eIA!FyQEBxJ=*C`VSroR{x(VCcv=a0o^-J&NKfxdZ2al?Bq7Gh4iS
zmh3Vp+BI&bnXDQ%O6hiZ2ZNcfxUKop=+^Y3;^UHdg>vG^&sC&t(G5}-BTPK-!?!-a
z{8Gw}v%S3X{T~|&|9x0w`!_89E5o93-$5`dpgL#+!Ug#g#U~>dCuchwbsKAX3uhCX
zKgVQ(Jd#foxdZ?y`~Un^5I_2R7G2br)ZC7GqPHgMT)vhH;JpRB4l0T___>j!Kr-{y
z`<%@iK}hS!7R_lA=SL#lqzyCIH<uEX0bt)TvD^YW1zaZAf{}<NrZ2LF6>R#D-BB-r
zj$y;<vc^agSry+=C+rk7&z(g(=V%vIf{>n!dEh*tNu&h*eHE5aom`(FPg*A~i#i)a
z2+^)m?r#sG&c8d7BnHML#`(5Im(7UD^IoB~BP63NC8-*_?5bxcYvO6i*P}_{=%?N|
zhnP00s1qhqucw2B^ak0=>o&%~$G_xltoth1H&pAhQ0)|3&|fepEEz|hA!1C<vL;fn
z>3{K-{bElUJZ{y38Ii{kNyg~z(46B@=Yilc%}3KAisKLQnJ~Zq748=NapwT&!(#GM
zWw7fb;T2#^^LPFNb8e%}0N4#mz;0mtZ8zi{?EvE2@44Oo@|MIg0v-rQ2znIy2$=pc
z<cg~W=iqO}9$T4+)=G85iKfm)O!-~@Ws^FA&f<7RZjjqy)6-4UZu1T!tD7sRh-jFI
z3=tzNi)k>to#&E*Jnpu~*-+#&Dx*Xrz$n+{P&MnS$D_XbF*koo{`<vhcssjfT)hd>
zEQ{^{i|3MqrkRUuT}7u|Z6oCj&ohBSH5<?_6_Y!EC5DsZC)zb&a)#|1@$w+}89dB~
zj`*oO9t(!-LWfLd52%M1l^A2@!xkBS!OI`}IOoRm@aUBVq9Gl65_5WB=+$8K2j@%1
z!YHSx96j$qDn)~mPX<NkXA0_eKiSON`>$h+*&(2j%j_d=*Q>TU=$*2Y1x8<Er>)cM
zN8mlgBbdPB$c1hUIpOQ<4m0lOA8q*nYyS7$5VC9NQ~`Wq1K15jz=QP0c1C};05CS}
zX!6%Kfc*O%dO%SKjMtOy{XN72+9f>fneo2t9N73dX*(d`8+N!IVasWmELObvqMhA}
zZG&+4;9lmhQO=Zt(fpEj`l+G{li)l85j+XiTSYX?6&tm8V2=UCVG9-MA$e#p+S}7|
zz(ZS>u-H1(Q;i_IobfDyr7*Y^Dj-I^a0DfgnZjHSdRBs!+$X@)BYfsS9B{qZG(Q#P
zX!~)e)QAzYVl$&8?n}$@eqshgfk;@{qli2WS_wkm9tu>+WaiaZI%df^6kAV#IXL6X
za$;o^L8cePY~P4KxxC%2sohI2pN9jDC`~}j3fNTMic^hy!nR&<Wq@Vvgss@r<_-K<
zpLry`YGd1USow<GbeCN8)O5DwowN<Kl?^Q(Ol7uD+Ty$PLmn^0;V6WeKieihP=qjT
ze6w|t{-CY8H;BXJDTU)Pzn`s@^fs_hX$Ld*v4x&r;vL}o_xD)j&20Kg1c*al0DVFD
zUt`h0-u~aA_&<RuQ+f0E+it(#h#(yClvJl?BTTT&qZajtrL9kRIp9LCK3R(M7OC#?
zIV^xRFq%3)KjZd(TzBJNx^I*h1YMBK7dPla4*@baU@BG1zw+_$yrzV~am;csVTtU)
zZNB32_=u*hpzO{AK}QI5&9{$Ihsz%dV?|lJAF3Qqz}B)aDAo}rn=JIhCT0UQkL2sS
zCh({ApCD+X(E3>|h@<+{m79i`o#Ux~Aw`r~T`2e?xz>-wbo#xUFQqWvpI9Yltgw0@
z4JUwJ3n*Mvhn#qUGBhfw`4(fHTpCo3p(s#tBIz^QIsX!_J^g{d^eK|+b~W&~0Wi6D
z63(igtuXE@7IB0A$~~;GAMjRq4V6+MY|jQ~by}ZujSxXuavGMS&R1@zp4Gu)9hj=S
zUq+yZ{4ceuw)7NXqKmI^GBhb4ze7ofL9I1;b<^S@7Wyu$6do*?&rD@nDjE@cO~RQs
zrbo&uICelEBnSxZbGM|FH<-p0zZvDTx=0<&T@kGFWcj5#jjQ?OP4>xJOt5ATN(04-
z9T+>@h9TD*6cEtc7UrdKD-zGgj?ND(+`cu1wvL3WE5sdpj2%nE+C^kf@8>Gw9lJI^
z@4;R*ByaWeq;2Up`(PKRJj~8DEXbUgx#`i3!-~7>%=CUq{?QT?`OvDf^ANB;?W4Ib
zIAGO<w`?_*1Lv!Vm+qN<2j20-RAe>%Y&8AuNY(`ilE3FwU%7S3BcR6X07kTs|JS_w
z>mc;+)cT*P)t)39vC4oDd>Ql(zT37FM>DD@QM*@1!(u|XjQ16?mUjcgdU;7IUH+j<
z&7e)Ewi-R<j*M|9%S<d^Ex%1k<*T@LTOONH4&2YjsR9?()Z&_tW*x+1&#ZZ}SrZ%k
zvz(gSOR^mPD7=-{?gg|Z54j#^BVRikW*C3Eb)&+zZ_wE2!>5fi3pT68xf8cU{i0cT
zR4i=zpNJ&jvnm0P%Ou_E-35!Usxg(%LhC$wd)ne$7~hG%p6w^m*4BJjA&#R*KoIpL
zTgp*PVJdtNhm`olW^|jBPM70d)q-Q%Y395yrDu16@2cnGzfX54a~jJ`WP}jNOeq<!
zAjKeQT%ZghQ`A;CEg6<J>RaDi`@FpDT5AK(0k!dvzm;^3Pubg<n9;NI#%es~NNN&~
zOz9}aG0&->Ode?BkPcL+(X*R@((Q@<&GkF2ZbLfIXW&eRnjrU~Cxj=0BBAQow`NH1
zxs>+|>?-Ozdh_b}eOU@oy%7t`Eb(@1R6GU3r07tgSX*UxnF8l>3`dlfgYSwbWF~zb
zdi%q9!wjpH?B(aSQLcJ=Uq0@(UL{tEIv|_sX3^P~bC034aG*Wk?cAz#6DF;8TlMMR
zpDu*9K_=jU49Pe-+#-?*K_^O)>MWY`wq?R8G!?HEocx=74Q~GNj_QA(K(havK>jNe
z$lwi|``?nw%zxHi`g5H-GC}Ki4GG$WeuEdfjNa9X4|Yku;41o68)zbpA3+pjqoAWL
zscR_p;Yr%|T_aOqvjQ{APV8{2?N`Fq5p2DI)B%Sk&F@jZe&dAQsw$J}?jdy|>Yk)P
z9C-b!w~O77wjAE0?Iavdf{<9U!ODhpHW*kNL4-PaT#3cfB(%QPd|RPe3xXsIpo%Sn
zcI_WRf~kGT2GmC%0wB};FLb$5&V9ASyJK*_=bf9rL@BS>CG93etD4n+WOx77UJClF
zy|f%X%{6y5(9VxX9%g^^_FHm6?~A`g6jPRjoNML&q7tpdK0m(tFox?>IdbGsw>&6_
zSeZbu&QH=^+$<4LGB#tP_@j<U&eurfYx&4Db<9=1#NzdK3%dA}(qH{0cquitk-~Ua
z*GB<Be@XRY?00_&Ah`hgOP{P(q*pF}OD=!<OB!95P<pP?VC_s3NxCaIX19MN7c%yo
ztUr=VKA^!Q8)?rW99{cF;|cVqy)-}AbT_P_$1v-_q@6<Ev`4pQaSHsqyYziB`HNj?
zUEK>{-1##X!a3gMP8uOo48+HqNkZ|Zl&`S6+Ugr%zyA)U9f5|#u>iPO1$_U#mGEcU
z{lCgvt)sc&dKeHutNdpYXpg3LSiV6i>;n&QgcnvU-q7K1;(-f(OZ=K`iswqw?t(Kf
zjw^MO)s1Y1#Z$OkmNFi3KoMf9DC_yjA%UEl7Boe}eQtsAn+)5pK0+!U*Q*ALhHiD8
z8H}?4Wj#jTHtzX3PVKsJ6G_5X0z5mxMRI(9^bhSpXn`kg+l_xbGu#nodE5a$`2tvm
z{~wnA-}-NjW5<6tP6983Is>NHlYJHYVH<_9xMQs>a@7c{jJ_4JYI4>mc6yq8mGaay
z4au@wvivY8Is%JkSxGmM93iTP^0cX9ZEMfki5J}~Jl_vQvowu6&ln6TE7qa!Ac=vS
zz>`5i;~I0)s;iRQBbv+>@$x!uye^`Mc1XipQAc?;Sk0=HeWvNuK$&9elOGqmJj6XL
z5Mzi(%IpSn5-=-(pV8rj3s9ZP(}Yo<yk$YvrUkOw81GAOn7q8FhH<7}w2YYjpb(=D
z2@Lpxf+d&l%#aVa-Q-VQ&u9O72;)^L7|D+M@mb@39Xb7<t$JnIA*Ff&ufOdv{8Q-s
z83O*VhR&H5z$CpH$wyEBBOv$ITKYzX?F7wYCL0;x8fQJTeyci#f_tlsq!K4}=G!HF
zLZ?wnQVia2xC$I*GH%b2dCGp4;RZfApDj5=dCT6)%H|UFl*&2hyK)q_6lMLkzRIp%
z!FUUL-M`C70Pp^Vr=Yu+9$ROTC-IG@{f_!(NUY0%<Hk>>L*?n=!8AVueAd6~z|nA0
z#?xYgUxwC+txh%KQEfJ6;jW`2b&_8_g6bSUt)75}Mpxfcm;=s&V9xZ1us_Ij>_Gzh
zxFiUsnj{_rw1E6Q$8-RSEgaJF!kBaNfwh&L+CqHnxwXGq5$hoJ=mM*J=H#Nf^<4)-
z_X<O^A~e1yN=Rf~7KYIQrgc+(DhBebHU=KzkRUK7Xq=K59##(pgy4(3d=Kg^HK9;z
z6v+0=YL4$$r>zODWGQ3{FCrm4D0qZm*hh3OJ!wj6W0(iJp3ssQZYk{$>3P{AYO~g#
zjddcqm8gVQlWdi^ni>m8tK2%bEvOlhljO(rvrj4N<pl0z+oPkSPbOTZ+X>2fCa;ed
zO4fd*2XO7b+PVv|WA+1JGY$G4DM*0wI~lTzOAD&kqik2pgLpOKrY&o-qD-Ae@s?ME
zm^FW(fzZ+fp6~OJr`p~f8`{c|Gg}$wabk^U4m%rHCEre4a*LX?H5@Qon-0o$_yq~w
za^pE`$PlxpbEU{BHch#$h=_gBCdv<984#n#(4``9SKW#ah!jivo?wR<_~XneP5k7;
zZAkn}xJOYfa(nD)k+l*V;j)dhMU`9M_oHutlUoaJVZs66@*nJx`3Tn2b5_4NBwrC7
z91sKGCv)>Z2s*n=qn&%+iC#0FNJN;l`4p?Dp|5nXyq?dL>^%-O@jyg#A3YBgz1k;%
z6~(`4ws?1T^eDDQw-=p)AG=QED4+2=Ng#hdvfYv>T}`UBhEt2v?~2{+aQ<b0qge`z
zIf*>0+@(gN#w&fMl3w*P25mc?B~e%#p(sK6iOkU3_`931D}^JWn^#0^c_c;5-X`T4
zw{AA^MDg+03I-4mERJc87w~2+wD0fHpb}>$8=6>;6ewFZi}K<@FfbLI3$AkGQT~k}
zJ9J~Kpmw1%Isw3%N}Gh>6l~=3kn)S7TIeTn6|wdd@Y>Fir-LLT<{qijI~@5*z_6N^
zrMn0v`pj%w{v>yC*tf@I+NM{rAKHpCbcEaT8l~z5Hi+OJ-31F>OoBW5_-&eD6(><M
z9;2M4q9sCGqxYaLefHkoo%6NoU&C6NhF_>o<8VaGO!{BWP=Z?Ll|K4%x;$SkN=BI;
zza^h%KC;x>hkF-Vx=r+Dh{;VQaCJRjFor3A9EK{Plq>p}e$~96Rf-xHZ7p;7<#4A`
z*?8Lw!ytk`TE={0Amg$F%{oU-v*@HgooBf&@`I>6CtS|{<a<8y9Dj6t8L!X};!mwF
zsR~&N@Tl`)zBuC44+1T&$%hR}q%>%LqTIAyDRy2V+H#It6<-ij2OQvW`4B%O&l=43
z#N^534sL~}l_-dB!73Xp&lDhB{MGAyp}u!{5-JZ0IMSzQJ?5oqCt!q^IgdomQ69j4
z-v#-R%oEScAfSfX=j!*x@somiC5e|4I0ex7TMg=F!sVt=myV#9KA*jWL(9-+ErjNm
zV%TTu9@2Yjw}i){Rx-wKQ9l@5k6_=5o%9p>jM-mM2MB_iT@=A;<CJH56OaPc#=&5{
z-FoC*%h!!tKcSTwN>0u6lc$K*y+FDFWu2r?oYR2sIWmL!y=s@yq}HgKD#$<=r+7qZ
zKM@-TLM?pGC&EXlz}2^xuxC~HrZJ`Vv)5|3G&VAPH=9}VbD>c&Qak!HsGr>_(<`g+
z`#UIwsejRYZvD0*TsrRbZErr}eM>BY8`LK*&QBO3-^*E!^@*pE*ehyG_AdQ9P`3t&
zzP*rnCIDr+fvL+F)pR#{pjhEN*AJlu<mO<gZuvHrA=~Ic?QX`F@RG`x0)_7nurCpQ
zN>l31#60M;zrtu|!*_9xCtAO<qN#FEGNI_Ta>N!*WQbl|jM1agGj?c*t&Sg7dfT6?
z%peni(>3CBGc}MVtHlERp_&oSDUe;Z7a&Aubx>X87XSrW{+LK0_oZ;ynG-iDnLp{R
z_6cWlUs}L6{)RQFNN#daz{MY`i7S|@$ljdTU@K>9P=54h$P86XcxN1MOydW!x~>>S
z^vDP_3lh40ln;#I|I^-iM>Vx={~q-qHbg)~X;A^e1}a@jR73;>L<FQpq}R|Plte*A
zx`Ol)DT4GSy+ovh9(w2j0)!r^0YZ|O!?|y$T+X@o{r7%j{I+8N8N>C-oNImeUTv>A
z>!G|z)-$(z^B<eI7R4l~aj<TwGQM8AQ1B8R#&?EG*J7S;`0-1gl1m1@+7A=buhDuq
zv<!C<q95P9?iJepu*+Ac7LJsjvhPlP<)xN>F~?83bEk1A^s$j-P_mg@!@cV)p&>=`
zZii@Z91P-4Km6!Z)A6%Cg*W;-&Z8~WXk2AJ$^2nEz+_IBki+<zaISC}1&n99o-m=|
z$_SMEJdywqFLjtW;p#Ctwn3^-%Y8d&(YV4??9+PFmX2#|Ea@(})8YmjF0TKYKsigd
z45uXex$Bp31IOm5z-y8t9~7L_+mi@49?-cys?J<@ns=!Es9gHd{tq|(xhO?LLiX43
zHBxieW#>d~Hbr)V++xp@_sww}w&CHnQNk^3zJ##&ah;R&i8rl>EM>L$dFK@LmS`%%
z5Qwtsi8#Y!7f@R?MLyyuWo*a7?abTr-^f&29_;m@xo%88_=?GP?4?5eabv9krbSac
zZ)(p2boAtSBP}(R#0p4YAX-@C@?^oK+hs$ArV)7V;*WDng~IwWKTMsU4orT!3p~l^
zB=k5UBja|#Wn}vB%G<XY&k7@Hv!diJZy>@rk50vZRn%Ny+GbJ-z6J@PzKoz#`ut|p
z83Fbaso~*UkE0I^ZY|Yp*D0jEaV6vpxb^sGHx+WJobZ*7JFDU$ev^Y>_d*;`t_xv$
zaxN}~$JsS&Q!jY#bbU+y73SyWUqVkj)ttqfSuS4r`uO;j+{cVlw@yl8I4*$G-+YW4
z5V?Tup{TnNS@#`nM$%*Czfo6yL-&7i<*&@RPg`uM)2d3=8Q_shp^I{Jcez#WRK29J
zVdR-Ddu)9B!WBOOg`%7OWDhM(OS)k7(^Y;~7hBsG9^)cay;wc9`YeR5F-mjuKbE!9
zba#7}gmM*We>~<Xloiu{!qTs}Ik6>xfN%G5#H7=d)0Ny083ms)oEenw6<cbx?x6wq
zHEaa=CVL$jX~;00;tF5!Vtw$M#}G4fpzTONHHr0obv_75Z>x;3sH{fEZwzssIkxR$
zzkcJaq;k=HRZ+Ks1%}NqFWS-hJ~p#H@`-Qv3JvBpt71N^bY$S&3#Mu6$;?*=jB51U
zi|#W%AFLObCO;BKt@@jkwkI<=HeHNkJ}O`H<jR+8^VhcDcqh)@9qv`6Hvl7sg9#uu
z+*)miY)#_x&m*Z;#c(n?Tw|U$)LN~czyJEOZN-5eaB{&=MUxCaJH~0LVW-qf7<m57
zANp}($znxIl?63Qud80iX<1y#WJ5BhMHPOn(`HkDB+;gQH$d^>`%?z3HJ2ZWZTKA5
z5jqL=dvU(M?H1aV+|dNsus-$SVvdAh{wIys5Eb!uqtF-8a#GyRt=NpiJ`Hz$f(K}3
z;G~#fe({;iqB%{i=aSNFxV#A9*QE1DBejF%A{<+3FXufx<}Y`w;6;O5jG6q`yuRp-
z2NFVqnzY~*`LxZno+Xn=`-EF+4W&Fu-=x}^uQgw+EokLtW7f|1=USGfw1V0#++q{r
zlW>BwpWnwFIiPgS=skSuQ|009q~~&qp&2<mz$9O?nfsJZrWn)}q7sEt&6nk2m^c^4
z=y&n3#EbLQr<u%HSV|umM|22dFY?MSbN~xMu_`4)W99jIo{bAlBxLuI@qpnn-09J6
zo3xy_MUV$W`T_dO$vU(7s^jn@V#$4dTN3%*oCCcw!numw(ksv3cmsG}JIuw!ZfH21
zot)S|2~u=Oen=yAZuO0NI`D7iSN~5_g0CNSt%m=#=<onv;Q7HsvW{JJ;Os&AkD_lX
zn^)Y>J)wa-X1dfx2NOPCo`Jk7ndtmzN7G=Lt+j;!4sXdD#psNC_Gc4mK6cpT7PD+S
zsbde)_SyHY+`anceb<cj`bL|Dm8#BCsq^5s@I&V|S*u_MHdofNb1Vw9(Yz|RBA&-g
z)5@3~t;Ma&IW^6-@#=Tu`G52^xAY%djAK_llK+A(bm(!&ryZmUdsDn%Tf|JxJgxQD
zC?0<KQ2rP9AB`G}HXq2IhAdS8@0h_OR?Wj^L8XlbXKkEu_Y$XkYO3=7K;jnPbu>dN
zVsp9Aub`gFV_AiB=#)&;iX2nHm*_U4kWd5zVK&s4;ryi%G+svF11WNx{HSNC^pzTc
z{C=rRi`PHNSnkO|0d3ivZ4(Ds>8<PyZjD`=PHHUFidB!0v$$u(u^ebLc<Hi0vsA4~
zn1f2Uc=E+<;{8FozMQfN-Dh7M6MT|=*O(`K+}1O?xm_!w3*#zr4VQ1QCfrK)1!>CI
zNk0&fAzlWJS<wKyT&{)L->N;Rb@j-Jmga~$!$;7x&Q~8c%#q{orG%fK2E4N!90-%D
z=yfDb<`!=6yWBwk;XWR6m4-(6@qvAo8+H%G{MU2FcnfuI)!+t_+NJ61`Q2yj#H?Fe
z4-+hGW3l><!jZ3RZK)?R30n#(8G0_~D)J<zL3dx;b4Dwgq&`Xa<RM`w<ia1oH)-EZ
z5;Zq<#}n=JN-qzeX+MU3lldKS3?_K`IEDYj{3^KIQA50EoqMF}N?iX4@w@)G);MCV
z$5nb2_y)#G){eTo)6)xoQvd}YPkTfB4zBXj-AumSz9#xPVy&T+6g<;*GyFyteEIup
zGP}B;yo-$<C1`dV#sZx|fZq6g|FU#qei4*p{1o0X^%azUSW!k}#5H3XaU8Sen2A%7
z+xpzO!jL@n_<Chuyj8eET3=_XlJrpU5+YMBOc0pqZZ%r1%p!VB_l<m!een%5t<*)l
zAGxnCzUaGS;*)2Oqs`tpt2w4yCB`L2Qc{lvY{Tv%)ZJG;-AFofcQ)AEy@R-Vg{X&-
zUxR4$YX$KxWA6|E^%Se3!0m{2q4YHF+a5&x*F3GWOgOWr6G@5*TCo`uZ5D=FA_jhB
zzVNCHk68DN)HK$$*0(tk$A{cEM#Z(d!-e$IXB;2(pnHI^?xvM_Jac?K-v_?GQIzT$
zvYOZkZ5Ds(acONhrs3P$<|`RshPBp=Ibdg)q&rdDq;+OdLVrM03Et}gypIO=YEX|l
z^*(#j#+URpOKg0{pKOpBXj4^|M4-I$9dZZjVy={zd@6`M)@_OPZfHnI*t{e|>2gdf
zuTGa_-6r!iM`&m%FP`hIx@<r3K<{i9#=euR?p2f;+Dv_EAN(D`tp-d6Gf!ZXOK+qT
z+MixjJ>&d2$AhoD`1w;x=Vq*ig7fmk6OLz(mHDpNj9R)gu^dl&p)|ELH}~-Y#!tuf
zBA2w^pnWH#r&m1gDKVlx9X^*C5NUr9<(2X%o!*dxYi91<3_@#Qb>aei4I~#g$U-mD
zsRSIECsvXxGy)>lE7F)!vjLtm#^-`oGazl#y$s>B%BmBnAhJMuNNx`+tWNfej9MG9
zAzwE3(2r#`sdJ3HywXJigQ9ZdaWlGVA#q=NGTg*?gSmCvdxE{zC#w?#(&3u*@fqUo
zJmg1yx~uNV)=ao(*^*r){^tFU1%<fqbs_kqF>R4WKjy$6fFw^1Y4zSJ<#31W+bZkU
zYT%1UH=}!W113gtr0scPq5uKzlxNOTv++k`iO%80pKj&K)xKMLG!uV4+$%E%t}$0?
zNlGlSUFW(ruAplD#WaCrBy?`TNw8UL?ZoQmqzDy@(<qA*=Oxf<!bYp#ror0DUXM7o
z60I;#r&AN6G~?A9q8Y356VGsd2~@`Z$Qd2fx|(yp>0@((#`RXUl#8U`r}ql3&!(3z
z^=9#yeiO7hUO839E6p-FQCzL+H>VJLo!OEv^ixI&VNF{UBA$fDi3(V4LqAbI$k0t3
z;70MT7L}fvnejT&{;pQi(n@U#6tJOCbVOlCsd9&x-1?49-0@;FLmjJejrV9-pQKp%
zimucY?vYKhpvxM@TTSeeW#*+a!8O;ql<#p%^wA4dwt;ik!@jt>dptw?_EtOVZ+$)!
z<QIucdY3TRN6d70l|=_TP2C5smdm6_2F6RQkADfjaWU8+rd6_tEa=zeZ11Mci~0hp
z4iIh56rCiOFXg1$bX%Hfqh~x!$HnGDn8Pdhp;GgN?<oV>76(_8O0Ky_vHM<eRH?d^
zc;+H2{E-fWMNiJzH-+x5%EGAmSxg44zm;WMQ18ZhOTo2;uL>3^n^|9SwFNOV_&k2M
z(?!lB1DadDNm(h&HMp;e35@do+maRqu=`JKX1z2E;qEW=@PZj7Tu+Cx%*D^pQQrBq
zWV|Z-p`?mWmow|@)=etScmneW@v2pP)-)KnEt0uSur7|zxWBn}KBgrJqJS?rNq$;^
z3}j}pUu#YgnId%xsn4aUjp%EZNm?EfvRBtaKb`isyj%D(ti&CjUt}!(y%fOW`swq<
z?dnWu!pocs(&}mfh|JeUouWD5lI^>p+<<5k=iZVWionzMn6|Ve^S31-R}%SSTzmV#
zshNTAE;fkXvX=XNZGQ1)uW*W4LcLgDkyn*#=GC6EL<a~IJ+lJwer-_Ve7fvdc3A2_
zYX&a5YCg&85qRO;BDT1}Af{4K8+G2tRBkrMJWlgyY{pSehxP}JA7^fNaW;rqF-o~<
zA_TuE7hXyhSYN1G;+oICsvAFk^j5gebRC){T;V7xwR?w=qL_he_<HW^2YYFv`sYV;
z2uzY|-Q>cnbzKd#tK7JMTdk75q{a}up6|g_aC5xSte7oZYuwWLfO8`=PP$j<qXSe{
zWu;*m9?r|#dV1M&Rdl4$0BUv_Se}|!s^$d+)Agll{ur&c+SIawh@i|AOwxugzZ5H6
zbIm|s<l5X8OV#?&SL&UBFz1j%%3pOqBW>Q#%kBz%bf}84Bw?+gQryWXTj$K1N`gKI
zMk|(~C$nVY@a?sCv+il4_k06I`y`!4CD$8O)m~){X-W8|MgqR%h;)K9M>MQzz~KfW
zi)ktO-*!CC(4r^46&N>$W!D1b7=$9DK}<+wJuzuiyLjDBzw(}~&AZX0xuFtrWnsR<
zXDf`gjkMM|7E%`h;}ov#lu4Pk2H0ofWkrikm5C|vzWb|Rp`BUL8jX`CLBV|X$Gtoh
zDox`-T_E=j9X#rbu_jWUl!T<_-&r3HT3U=fLz{~VTqTxon3oUd>nLRQU+t9H;FG^Z
z3tm4-D)_QJ8*XABMvi`hNL&_(`e>$cyGP8$v?K6AEruohRUkr3lC?foTe_{WoYh7o
zyfx6oCZV^Rdjjp9aBpbKXs|wb=_axNoEKV1qv%tXPJ3_PbrL6wR+JGU$Y8DOx|bQy
zHC?Phx#9YZ&GgI%OS9^Qbd#@kjhg2h+M*Pu6r^Qm&HD-NhiyD{FsW<tq_I31hWgwK
zRgxFjTzU^Nh;q9;mDT^Kr>kuKn0sP7pPI)xhjTE;$I6bN24_wJ>k~Sy<a;ydbX7Yp
zLEkm=jbsKy7zUj*wb15}<$i(t9`)=7S60Re;gZWiCG2YDnfTU+OXM@O$u793gtzx8
zDMdTli=|pN55bx#*E<nuxc>3{Ih*;>_in)-uM9-p?kH?Lym3Ra9GKzWuA!@e;aex9
znQv$Fy{G)xFc3*TzSAKo*_T7t>GVnaR<6}dE!M?LU9|vlZxEe*xbN=QVxvxxOt@Fj
z<H4X4@`_%p=x1RAL!+6~B2~^=IB35+&}P0F9FCipO3q3u>Bo-D&Lx_^M9d7CHzO}e
zbM-a=Ghh!@9}Silr0Vofb=BI1Q=&Ao1R}2-t=jH#^UCp9fHAD^fc2%-&c$xWcWt`$
z^oqoC*KPycwKT|~%iuwsTefWV9|jvL2h^w`F_zz(XJxF}tGU?<Ma!7bRVQ^eliBqT
zWWO3&iLx}xopzxyJ$2Qj-#3}`f-y?ei%Z|D_R9-G<4HiaKl~g!Cz+D9eur?|sy}Tp
z^ZvGpTvfe}x2Z!K%F9c$XFE^TQQAwfD8b_CBY&4UOS6(0Tf`>YXY52Zu-1}&fxR}#
zN*)`l|G4vOwCs>s-@0@GSZe(n`cP1!WK~ccNO&YfGcg-NdWc1v$9EpNgT_g?%vUV}
zGbV`sP_a6qn{rQpK(iu8PNC|H)Hi^+HFuc#@P%~r`bq57en{|r1`o9Cx>-NrL?%P0
z4YH?Lj)bb-xr55K?8C>tb<RbVmj>1ckuDiQbVUk9liL!x3lL`THz~QuW<*}mTd#??
zqerl~J4RVqTRztMEQr1!WY*K;S14+ZCzU7fV)DBZ*$oA==DWB29@QkMizejxC%r0o
z&^{~p<dpl;qvPKcyQ&R@Z*IHXSU<z7Y>vwiFEPWOj<;5l;(Agwb2u%Pl82s_A$n}2
z#ZHW+j>@LJ!YFNzS|W@90VgV-2IN1w1w`76%*dB@_zK_G)U=U)S*<%{^6`<tr>z%+
zsQfM8hR3}G=eCHW%Vaa3CGJjIul~b%lnxbZ`qm+O>>*SkAtnBqd#BS}>WGopVDYjR
zE5KAZDPN7(48X?A^lo7JlNj{facq*&)2E~9qZT9bRw+AQ^tR(kll~3IZdrFW9A7ic
zEzjG|XWH82A9SxuTj_f`n$&jH+TEnvAs*A;6EkI^aXoQVISf8C7kDU(FE9Y2+q<%L
zs?9fMv$m8!1K!sw_-t<2)(yQ9Z+|n<%(MENstbcmZj!@AN$v{djgtfsm9uC$QU`;h
zCIEXQBln6#ovjOq`_xu(Z&YN~+?tS6B4@VnBw$<TDVX|>uRx=AWZ1KUb9^$e{-Q$Y
zT~%dZqj*9<4k-EoQyQIwUOr@YBTJcGwV!wn)8pH>l4b9H(NbULIVFdht7lZp#@SG-
z=}N7lj3G7-C+lI53-DlDGnmDDcLFa!xnla7Jzs=)d+M4u(oR~BI5j2TC%p=mE8-xE
zIlgr^RP`Kq;?b`!LBX$)a}@RaglaPuAD~z@D1kB`wE7wPbuWMgloLKG=OoN}C}Z-U
z$S<B;zXWUv<y;8Li?}vV(ZK5Kf3!bF?c&kOONo5;rZ+FliJOc;<*I0Nwdrt=A`EfW
zk6{H^`F7A?0&mBw-t(gjS%`%PXDQFTuVf%%mze;tXT<jyL#ay$RwIY25;9mU$NZ`7
zr*cz8b2o<`fCg8Ww*yjJ&eP?yzJOzgeO=x_0ywxty$(rUUkz|xy@xU!xWj<yam(p<
z$FKITM_!#bdq9H%7e^zjZBJ%mI)c5tJW-HiFimBU8MK>HU0sn-v|6ylZ5D;5OGVv)
z<*7q}+htAO4~&|oHF^YFaRHI*e^~v2g|;`}rIeY^I4;iD9Q&BfwQ)OguBs#CL!7b|
zD^6<Jo&$hW5hD?@Ac)W8;1-+7!`rXt0UBY%LVB45e=EsigF@T2K`4k&fm;n7d|CZQ
z`H0dT1$bk+a_1w`OiE*pM$oDXX^0*3LAS@(d0ex=L}mRABwE01T>UIve~0_5*_z~}
zmIkmDw%vvvKOTl@G(e{%L1%GpsnCtfjp)s7gC}4~&SwT^ajr>+NEdA4YmZf1t@@Cz
zZnI*KRIOacG914)l?YD@A!tH0!=#OMjffB79V~0Z+@08+Y0uM{s(lbYnf7Y$)oYXd
z?!_(aXx5J8XujGcPLhQdD#+5)kb#{M4S{KS#fj$F+Q9n*626tcVrgE7ZNyi@96b&d
zWU5m%loLkI!TRY;@nY7tO2xp>Rs9T6sz2Dhsz)}<dbX#D<9S?!i)kIIomZoC<9zc&
zOn0`b`GOFv#iNFZD**!6R5B+}dG6NAU`fRZy{<PzPY1Y=n92`vIks-T@>3C3b2A3;
z076&@U`=#GbwN&l)b2^2MWxuhT9!<f>Ia$b;}lQN^Z0&-Jcbji@m}Ea;aYOBAat3F
zZ^UYwekD-C?u-4)@CXu5noivJwgDL$;vX)`Yc0>U{5Jv&$(yB+Vy}x4N*jeUfF=jc
z9zliM9j@=OtxD6dY#c$GZf4$Wh_4V&zp}8tosYY~+7Ec{Y8>w+d^^Hm((C>FOh=n%
zO+ti?lwpV=CV=Awtiu8{;Ub-Py~EFwe&xbYb=|U<#k}mm20M;T70T7_AIzD>Pku=^
zC~UP@+(4VA;H;pzK^ZDXN?czJbG(^QD^q?w!QQr|{0?fVzaI}BS$7^?WT-JvyCuO1
z0*f1Y>Z_oOn(N@J&KVvO)7vK;&i5Y=kvqD09|}nKk{6tR^qyG&tV4)x>`ddDx+Avk
zc<Gpz1@^K>l`6d#lCZcCDN$h}tzWQygm{+&T?e`BF1CSk+7i#u#$1Cf30LRoJ|`HF
z1bO>Dn{FLYO#I^Y<VjARsvJYMa384y5IFq_S=4T(0=gqu6hW6mCmp#S8ZWjuXKnVd
z>!{d!)=zR1E5$`s&)p9SoG6=I33R@68TP3p95z&(a1rFqVNCXxd7azHSW-~{j_Gx6
z=aIw%27EPn89F@fCWw12BzqgMY|gtS8cAa+4Yt=yq5fPoNA-o^2}3_{tHpft<wp!o
z)`7(4)d?;KI$~MYJDaY$ugMxoGhk`Fm@8HljK~kRX|bt2{b@cWYs-Kj`F6nfGWDoj
zBU9jXYpf$fpL2<Ce)}r4>?U+a%Gf~FvHj@x9vpAff%b2{6&*_NaoKJ~=Y5w98ZvX|
zZ3SzBy{q#r*Pa865vLb|P;)GK`p4-#j+>ufgDp(Sz}zj&2Bm1S-^Fb>mYEG9%HmhG
z*E#?TKJ7O8HMZvllH1p8Hf3@24wxxAT#=0JMagSe+G{)x2faGh?_l5sC_`vTGN95b
zb2Pfgl_WWTkUu|VbbDljHhaane$!9-D@5OK?di;%fdOAj)0Fe7dqm6p(n4ujrHiM%
zK<<Dm#$x?J!iFx`Llr`bF{m_|U-&#}7gIUXd;5KFJ35=>&um!&t|IA$tfmZ{B(hiX
zCiJ9@A@Yq3Giew9P?>CMKQ0ag^}72d_|h9abKgja9}n(#3@e6@YDzrM&Nq@CT0LL1
zGhF52aVAP+)F{rr!R6DSHz#|*AM@PXCpTZ(F2c4TdU%}u)l}Ask#CFZwjtBQrNa(f
zbkmpPn76mgoT{I7^1I)t&>arOiyr{8zH6@%r(0d+*?41HasnsShTHM^c8+J6w($C5
zARH`$<(R;Q$GJLP<-5z{ZL#5{Hj{>4gCY5pEzAP-Og&4G5_TsCT1%XE<njo#aSU9{
z(471=YR2J^*v+eOT_M$&Wu~?ru3?D{N9NJ<a}=H>-mR)`PwSB6%L*Gr2y+Bqd*YoZ
z#x)}+qP+@-NO{=9!(`@Z1>CCGMy3U^&s|1U$4=9}j2iUDH<xeO@x%|I1K{lsZtp$0
ziV}>Fi<7nh2668j3|l9?N9|=;3X{cUzOsN$k1wsPn|Fw32ur%nl%!N0^8%s)p_|==
zj{%FQ>s`dm!Yau!0o=Ac2SL(}#9a*=ar+P=)D@c-iS-ppLMTWXRm0pdq%gQT7K6pT
z_H<A=)mNB8;?VQRL8oD7>43SzwsbjuqzJg{8`9lX30qtEn3RwOVAcd0zOW-yusT6F
zSbg)mvr)+bzV4u^32B1<$aszfdVN)SkXGjU_p3$78e=4LIq<=x*mnt=@{t0qO6AvB
zUbe<iPj#P>%h1v2;KHE!#R2;lu?0XIQM=Gh1xB&@DN9L2A#_5t+y46!tfq`?y)Z1p
z37aVmVXRFaa|QrWOSC}NarrxjVpw@Ud_H(X8JS22D?kR9ju@a0^yk(uf3E>#FdK*w
z#rtni?&hsmtEP~~?7pGAVQE#tKFF(Hr#6iVkw3hGu$O;;*GO09rQBI@%VQ)7)o-SA
zP-9nm#8o?3{Bqp@&g93Td(i5)wKl#KvZeSi2RK$E_>#S)_VUmYYn1bFC4fwN^yJ_$
zvCPzD<VV?ay-{zND`m43e(&43Q>bKB6FOu)pkKHuz{OjB-ZMv6%=0WRe=~IgbjLH1
zWe6AOhY@-kFnzn<WQXM)<vuKrY)|$uCpo6$+~7xyf|0tRfqaUpntBi+E(v7-4T60_
z?j_E;SAMzWZndTyA!qC8=b<o<ScYm~>vA3CoZG}2=>#LE*N&%&=dzh4#%dl$v8&%S
zk|#HEQQkJb+(f=6Sp*B6B%fTuotiLZ@;XxamdKk7z$?6+F2%Ob(=(>Je_(ZdYjlh}
zJmb2lHV#Bdn7@`yIF)m@vc)nPSP8g@kockEI|rAq!pw!d$A)(Qcvm(okM{x~qV<;K
z$<N_P#2*x=g_~u=_``@{LCEq42a45LYyhY^cdd}v?F~1B4eRR#EUlRmunq8NDdwuN
z5i4crm-}`uFc6`ZH}~E)<d5YOcfS|l>tyaqsUu^V8IDyPayhzFu{?As=0{AQm>n)N
z=|k!9O=lDvId0Q#69O0eF<D2!)0Y6?$oL8L+6x5VsNuV-Gj8cF;zOEoJz5Qt1cDSJ
z1!*Hm*KqRf;*~npzzNwYH~$bx{AXAfR((?3U&a0?sFr%z*71PgnT@oOiO&PB5v{Pu
z&ASo;v#Vp5qU6;)wfibK(zedTnU;@Y#V_uFhEMh>SKdPwrqwev;yQ6L@^!o~U@AG$
zYTDhYx9hYTN%!Be$4H+vN8q&Ib>F+@dn%1Pm~sexH|I1V*(w+wg{nn~FbpBDTZCYF
zxKu}BpbE+oyLgL>y|IG?abVJVc$9GqZYOgx;eBaxog>Qrhqm31$&ylNjS|j2zeaZ2
zJ|8Sn5~T&vvkuXM2cz1tFMNE7{iXe?Z`m%uYVX09T|NMOkX{z7su6MTn%w4$ZMdnq
z+nxO)3EL7!?6(V%D7+{%1gYE31S=OAEkahzo`%E4IVb7(umFfh<Kbu#h6Bs`QcIXO
zn+gyvSGyY!hTF&rB_Q8zb3dhXAwyg4l`0rtH;xO_;kZJ6?JU(DT5~b`rxIrVNUw!U
zCq<SY*CZAPun&w7XLS27zpJ<>6~K>an8zCtzzxihxQ7#z;)Z2~1_-aK4r~G{PnM6z
zLitw9-;dw$@XU7L&f%BoO+fHYF3wE47G2mnpb{f46(^{oQ)zIkE-;;Avc8Z9U$#WV
zrSS7mPD5<p#nvAgAGX&h%o8K8d*ir1c#UFX@!EP;?WRr79>!gp&;n)HPB`7o#g<8{
zu$FN)jVbL|HLxt-6I=(D$u-s<6Nqy&0P(80;Yu6Sc8VKq|A6hp)!IAFI=tZsYFqA>
z&T%~r7S;7cv9HR`fjm`1!thX<Y5{kdEdGQ7+#9>Cntt<OI7Pn-!zC7FEx2>Sfk|Q#
zYX5_p>%EeP(lvqEhMGTK=56xwH+Ub&%u%mS>npY1u-Pypi|2%Ib7LhK3aa9<^l9sS
zTThn>7OaGG5|IfdugIY7Iuh_KGzFLV5)g}T4Utk=^{BTnEuzB!-)&A<EcYf$9p(~@
zzcw{8le>uh3~P1&;0(Xx={8XZ?b~n(jfD#tke?G_H+CLkkRz6ts_~w80Jn>FXcOof
zR%!1qKay7U#!e4Tu_)>S264w{M_~o})u)mkP2jrVm8p;&EJA0;XsyTE-q}$v9cK@<
ziZeos71V>3TUtKAS<R#c+hqVN;@y+<AvpDR?||lZ3I}B?e}@m?;X%9??9=$x2<7k7
zh?NJo=m0mx7Y2xYNQ*PhOitD~l{yfQuOIT<Rh^yuEm60IknY0a;JDUYv<&$&xwWj)
z0}P2ozPW_)V4|?aUxh&-QP|6Lk%BzL+Zw_gA8<m;QW0Ef4mw@z9CvP=1aYZ~dq|Bh
zxV)4aUG<n@$li)@tT?yv0y$8LkU{5?kGM6*JO&;hgcC!cqOgEdlrqaw1C(ss`~W`J
z3`gpa!Rv|wBRR((;jaUFKJd)Gs{ec;<atM~`)VN+vGthsn1f#N=zBAgqU0vCHcWQM
z3HdqH3|#a9Ty09;N?>)ov1z_ycoBhGJ2!E}8%tB6z$G&=DXtH$Ey`sVSR*J&wKWQK
z9(6sL!z6Wixvy~IEwGF7+1Q>eC`Sq(e|xAsW+$Etm{1vKNLn}zM1Y{@7-jNV5K@`;
z-v*?yV*@uTMaJ1ZntX^UO!uG~Az^GKKpP8C51Syczwofo$<#K)%l_=TSy0#QMqK)u
zAevHxa+C3aA8L*rhsr(IuHmE~61NpYoOI6Z|EAh%QMoB`c_qlR$j4un6is?z8RR95
zD_XQe&UDr-PVey4X>f{`O;H1HqXXP4Bw$ytc><D_OrR5~@ulgLYUddq7s3>;2EQ&{
zDY@=uyJMVDkixfI(<y}nC3;kT#b!tg+-;i<!N~`$_>O@bY!cMfEw$K2P2{i@1K`g^
zRYeaB7DAV)2YE}{A~)79ZOISk^Bde+z9FSzvRyhlb93}M1o*?lkVM!KWPKZAyCk-=
zjqgQ_SDs%>1BJ8<$&b71Vn<}=ExW+H*D)&@L1L4YD7<8B$&V0wv8Yny>}J_}I+O1c
zG$0+Aa0y}dcyXlp6$^X2E@GKb_15?4mJIhn65F#6$<CW<>t0p%H_ysIps|j+d{$?W
z$0<USJj+SGz@zX+4`DErCs^{)w5)O5X_4TGtyg~7QLd0u{<7-9!=QkoGU_m3>QS+?
zQ6_5sfdlDW99(%DYHeq~f<aO)DFcY_oadz{K(PBBh$K)u>?Hi~d~Ua(49OX*UlIS3
z#6X^y>e+EwZ-6FC0QGqb;bi%(Hag;+VPJyu?E+mMg4kjoHU-4xQarjtFtfqPs$5w(
zq)>%(rci=X-Cic3lckr$2e@`P3#O{Jt)^YM$s2x7k~^&}+pVh=hJqJi?5me7VDr}z
z>{z(?EPDj=mR{d0+=Cr&KCEl~#DSNR>}T-O2zC_cVI;5Zx6nxj(uB)_71X9HOvb~Y
z(iZ#nx%z^PiUOBbg4E~vIr)i(NcN2mmVuArC7V|D;i@I`#z8)uE4M|F9!*$P(*WQA
zg?u6S{;+KXJj_g*50Br<!mg+)Ggt))eni1hw_q#clrgJO{}MbxPx4kpF*3brHR=;4
z?zrlyakcUmqb>^c!cq*fW_5Lge@Si0H-<$%(iVIS%69>5wb@>NPfxyG!Vi2l9>WOp
zF9kyMU?^AUd7`=o(Ys0%a&L4FF-U<PccXdH|B7f=x!9oOIcc~)?|3K#Xtum~u$>=G
zlnEF`XTqKY1Ibbjg=nc05DrT21+7@r05>evZFJU?3n~D7ITliEv{n6$<-z>(mAJG7
z;<zGW>qM#3LiSkMx00~5>v%Dw^riJeaVXhwUH4nq)as(bW+R!PTkOf#S=mf9Qy}V3
z;9)uB1FEhg-+FJKl+nqZ*eH@xeS8LjEB!{sL7Y8fh$bvWwy$biNh4u6W^fS$p#_G<
zntAKGQpy4%-QFq;&m^|PRx9(sO<D>GM>Ycypgc(zINYj!=d1%{bE_}?6WldT{^ROS
zvkrrd1J@LZmQs`W9%cD{V<!cm%|mdPfI(2sNF*;L=k^pm4?Yyz+ob-z5~p{e4NQ14
zKW$`+Fd;C9?7$_bSlvG!hW7&9b&KD8{thS<%*v4NgqDW^9qQK{?Or634)ATnz&yU)
z<$UKcsWB=Hli3lyTHq!nyt8e~4qX{3Mrg^T5!JPvxE{*H$R@J+KqtlLHlQiNSGn?c
zfb!FL&Mo<MZ*0(yCXMw2TMvfuy{o;3uC(Z*`gMyJY?mq%6kE*t{V^WdAa9soZlMo=
zj@?qVcc)+(0TuNWCCAINv2qCpNZBvJ?Yi>gwU@iN@ZZ))Oou&-g5cY)9^lltM<?PZ
zzp1W<<!TT6ZEPh(QL5Tomav1qUL2*bB-k0+kxsyEwYI(#&^!d|Sz%6m8M>tw7J|lF
z2xEum2g6y1HW5LM{*ReQOS>k3oQs0)%Sv1t9`7V;%52id(@<rFL~chekmV169#kjc
z%Le37=%T)5Bl}=Wr8CfR<;vI9WZNlF49KovxQlM{5J3#6*ahoYo-&jM=99IHpaYD8
z`GO0=4V~V3b&Ze-0UqqDgp|on#Z|l&4#0$hZ*Elb<A>UFBl)I)uYf+Su`8Nn>t`}j
zeQxdaQGm9sPFb#Sae?$O7$Za@!)C>{C^Dppx(V(1btIdv*2{oFhm=Xjl9uF*aY$OH
zBPW~Xw}-kq*G+7l5<4oHhBQmJ(x(m#FTgO!`n1gx^Y4-NufRS5O3Mk0JO0c3)iSWd
z?7kD(J6nyL%r!ad?r|y0A4_HB+FG+V4q*i0F(a>?MZ74Clj0k83y0P8Dy~6VC6QW+
zL#*hcj7!)v^vI2^k;(2=H^VwtQ;ed_km6y=1pEw6&>vWPn{j|$=3)pTE?)iX^s<aP
z2qH6fG~3=P0xf1mCZs?a<Eaa9N~qXJDG~mCm>FhZeHOGU&eexF`jml5)nD9)ixBMg
zWDyIPKr51McY^pnkH1H;Q?wSg)3!rU_1|49U`eVg#*sw~I^FBcEhGA90wc*=x3L)^
z(HWrsx{{&I-t;gF;FdPPC0%7BFQdMs@`J(acu3F0A64~mPLGesZp9F#E%e%|&4$+K
zlU!@3cMSQKXA2yITFM)UWkD?iZxOQEtL(&;yn#ZT$b%;J5Q>X3Dh!rjuYzC}vemtX
zZ)zaCNuVon=a23f+GYd^N)ElE6Uxa48G#Oh3Wh#_vxyQe>b8VuPu8wBE0lQD;UwI`
zPocQ$bb}^LCV<FoKiHF1hzC<h)Q*7~SgQZ_>5#C^PRRAaMITOvE?rN94GqZ7B)ML7
z34}O>zsZ%xi}W&+#w?*A>BP)3z2l`^(<dDSkj~7=+s6%ZV5_thomG8`6CY0E#EA^}
z5Vbb?>7%4qAiH2bQvcS?!3*tHT(}Fd823#5t5!Q~8%@jwL!Z)ebUf!(+`*$DzzB#@
z=9~S2nrg;vI36qL)+3(4hsMengv|HCMB!k7G{(KnwLGaTk_#<`M}<VfB@4pdIBxQT
zuiHPXQE(v3SlchZr5Bsrx-FHknR=}<+a*rLB?i5CPmQD2R9d7dZIWQ4TY`%Hp>A|t
ze1Xt@br@L1gTiidK{$vbpfdPboV8EOQ2Y{KL=V<SW@hWDfHFexs45#uP#r2Sfm@j`
zl6s=#GW~74N#Y98ZAKXwImgMsIo@MNk9;U2jI8i!nR{K)4i%6{bb#r|WH{E|mA4P?
zLKR9QKEnBoLkRkv?xH&mC;i_ftkYL+y=wnlbI27#9-Y{Ro<6x#wY&rf!mAS0#{yA{
zb<5)O@pc>*ki~{ua4T0B7b|i;jBc*KBdAH-2EkUkBn*jI-{C||zr<NJ<bMt3Ti~sT
z0VapCi@jx+5<$$U;DQ>{M<;#JvB4oosD9`pL#X6QMqp_7+c+fRpuu}zCRpkzJ|?MC
zkb3CXv9X$p=X4W#)%;`+*cj06GevhbhH<q*1l|`Euhhc^8EO<dYEXGPU=_ojgIT^j
zW`CA}ON^JEftIU^xMS6{aq>!t%6#c1sK;vQVcZZTeu=eRrn!U$>XtzdEfvAvb0>=d
zT<w7~%(WwRi+*EP+TcbUQsU^m`$xe-*rv{eSHpZgB`_bqY=w1aFbH7%ez(<JO8IN6
z4{DU08>NNgZcw0XIfXY0Y4(Z>47l-ujJ4-$>;iTy+PIJQrCz!AFvT|v@gwmvDj*kz
zzrc4Gn|A9VFc8|*okc#IkjCWs1*gvdan?q2^_FCB(FU-wW@FF$Ikpv#=Bz=glqbaL
zrsUD(A^JTK8!IkgNw<W`yLIja!83aIJv_Fb-lP2R{A{r$LY!A6l=Ts(J>^6c*cPG}
zH~q+kh7Jo?B8`HizShw`ulBjxz##hFo*VBd^U6nMFn+@RFjqaIWJ;HGL}Hm`HG3mK
zRhy*$gF+k9=dUV@8pRK)=6e9QzIyftmROfMWf_en48Ttjio-DX>cA5sFNw`ug50z6
zXS3zwNw)qrJ7kZhw8++2-Pt@<S%!zx=fIJw9>qrFDTCGdULMDgUVysJRz(X#R03gT
zoiH@Tr~*L4Zz2Ft;Q?%YDd3v@?NEEguEhyfdPKCD*M!-RFA`rrtFAP*DZt$di0Bxl
zO|;$+$zohYe%<SVW{CW%7XLgn0h6l^ML-ITq%0c5@XTGPtBoiz;#(<5?pFLlCJ^^j
zW_vPjI*l0c-V8gu?bX(Bptz}g<{SPG*yU@l;&5ZGw_YUJFC=eVgZ=?I(lk)xSk<6q
z(GGJnw$J;4^*GHEPcr*trs_0KR|qamS4w8MouPx;czT8`<Y9>p9SHh_8q&~|?7I&%
zQ=EJn=ef+jM%?UN69ssY9Cxa)6?q;n&{KNL57%x2{gRJiv|Y<rTTa*?Yl_rS)8;#4
z_GR!LaB=x<sxw=^a^*Dw(S>NySgS@o4?q|0d9@>a7~`@+n01bOK?lu-F5ouPopW3#
znK#8qMLWKOiy<ShFU}M^8dM0tk*`1#*h}O$B)N=MDld+u8Wf^Z=2ayGfUy`w3Qlzi
z@uc@QxzF<u2_HEeGF7;t6pZ&mY~lv&Z0gizHl#Kc%VEJS?QdI_#JFz8`7o8-B!D5g
zrR~|c)w_t648jytfI1+0$+4~IHb$pS7v-u_g5;g{NRWSV3bG>u9i7@bhj@UP-a1DY
zjs8Sg?N}_Wt8$gT6bT0zB}{FFjdF)Pq~LVL0h!v>uOtFs8`?V~v83Bg6>?H1CqQz`
zRkoj9?V%1ij@67_Oo+hBb8!SaQqn6W@uI@inEHV_Xlb$#A0>T8c(L!|<%CMT<AmEV
zhnUj|QSMtIVV})<Wio_>rQZCwc+q<}zdhJ=t*3Y}FRO41?}EX=JDYma<=$7Idt>r|
zaR(@!3@&3aI-(gag8qkem4yW^@f(DnRP^g%hMI!Nx{tMeSBzs>uOFZ22{a6BxQ{Ls
zFGzKqQIfrNB7JGbOQnG{<gj45c3(|3_gyt8bRccJQhiG+38wP3?--`19W&7#GpOeY
zfp0J|!W2CRv;aY~z&wHHTV`twV(Zf%zp$~;H9{Zv6=^RoXgcd<94<J2<3&h4&ber+
z{YQ{VQEm>Q;RK84RsZ1ijfhgQ<YJQAKwK%;?1HlaN>x`zdrtZW`!qxEjnobNmk8?1
zBB`O`uCT5lOyDZ7^p<=NxwA+q+$%LkRj$5#ka%8zF+k|YV)GnVXRK~g&I^u<?pwj}
zIg1&sbVaj~ZrJ570_zy#anSZw+Gw;I5x=I}htHlXMUPNlcHK96uiC}CwlmZ-5V!yS
zT<!nUYrV!H(tk$3dP}%R_9@eki0`*Jea*Kg=Ynix=sm3qE&1QN&M64I>7p1!t5~FA
z%dn#%b88l<ld=-IoequNCzwolHwH(=EA=HEUe?hWdfZIZ;JEfZeN^gc6>#I?5kN<}
z(&I~h$2oDIr+)M<`r}sOoQ+ZC@=x+s9-XXs`yr_{;2OA}xg{3-FsUf$RzmIB@17|=
zEo$e+)#Jj0kO$%!FC<l{aU8y`5#VsM`EYq#fpoaiS24V)w|m<vk(6;57Gm|aeikP1
zK*^WO_r0R<*B~2%*MP`#=K7sL_p6xo?ENF(?$k4r|BQ7aOs&N~Puo({-2N*GAIQPP
z`qxx^|4I?vc8q$|`ZeAge`>?F%l*`c)T(!58gqxTW;f`DcubS~OT>`Jyh{c+H)7+H
z+*Om^)W&MG>C0O0ycfwiXPq{#0~hr;#nCA$ep`vn^u?Fv^^DSvcQ-lhfo^B~UTDh#
zl7am7scA>GZ>x$*WFKd45Pquy5q4d8Xj5pN_C55#6svk1JN@|Z<oUUQv`LCJy4WW%
zSqSB4y~CKurFzUUsN@3^i>$nw&&L1}K_`K3{HNx7Ue4En`<|8Qv8GS`kG}7o9oWbB
zC(`d8staCRyRv?u&xz<`!&I35tM5B&Ty)Dx->M4Pif<jd+gDm%lKocKd4S`N-F;o`
z*fonNzwxJ8T3g|V183h=j21pT-NIIWmZWxBlryNY3sTTzp?CIX>dmjs$&lwtmXRhN
zED<O8tD};#L|zw+dVev6hf)glyVu^fw?E<@*yO$^&3DZ44dE5lccs64UsFlN++``-
zp40K%*Z0+<{Cxk>_uczvKi^sIr&tJHbPM06u_`Cki24oiZ!EUudym<;_>xTd1Ton2
z2B%A1HEVTD&o{DZ5sG{5vQ;vrj|7`ram4Y`GvEAJ@9+U+{w*rFbY42(etuSBKquhi
zi|)>M*W&qN;~L&D8nMY{O2tSPr-*77s~fhzoCvtwUi8*32Yo(+Iw+;KyKvQ??f&6k
z?XLc&<p26!D1utk{Ab?}lHPtxr`F0Ls^(AqrFkPmYa>~6LkrtKL-;raEB`6-2Lx}|
zBZVav^9&c2j~`38!*HrApPnZy^k`Cv7<=Y%eR?5$EE4U+fUo1^9=dZZBk7M<#`nM$
zkL{}Bv^-A539k>*-lJ7Do*A4<x;Yr#{pGr!^?A)3sluEo#zIMGz1K%Chv~jENULnP
zyK-8MAa(H)-dI0Ea<-6Wu;Ja8v1c0Rtp)OF$5&`1e6|6Noftr@*yh7N5T67Z4BEFz
zlXY1l|6`NxhHc%iNonQ&CpT%p%5l_x^nLg6+kU?Pe|{?){Ii^$fD-QCsfysI%9)EA
zl<H?t&c7bve}?AVjWDt6`uU{)jY3GRESlG-8vlbgPaGbr7?b=s9N+GC>cgy?_L)k*
z(y=0^TSD~~>M{J=8)sCnUR$_%bc>ua0{ot}6g8kO-0@U|KQP!GAb$vm!}p#!9S~F%
ze>v$D->rp;sU+!f>(AGgCz&&o?u*{=ONsAWxO5`os^Zxe<4+t}A8&=+)^;u8o^#d*
zJCSYf5DYV9!RG<nhkLf76;~*t^ggbea!Y4!Gy@n1N1pNPefMnrSlTEW!hg8(xm!t0
z#_;iSt92x7WZ&$OdJ%jVYyX1^e)eVmtAal@u&V-UFcqo_JQDHGoj`FLHx&K4mCj9y
zJ~&>*Ca>_wsO6cW1qPa$cIL38;ysL@h_6RfFTIe5|6x%L`eVt-qsY#0TWjn2hw5J#
zfzABQ$6lTAb*Zw1+7&;Ea9i=yP`k(;b-&BN%7yuG3kz?c$*spHH5H@f<FhIT8P|(*
zfX+~nPhLVAX!b^Z!~tjbl+Yc7a_tx=SJU+a$<!gu$oG5WOw;&BegW32?_PX6{?^P&
zH{9cHNf4BnOQN3e{r9js9;*kF|C0=UcI*EugS|2^+?9dTpE79Sr^<k?f=%AO^+n6G
zxo3aLK>AM^tove0GXU2(_|MJ6oH>0-Uj5<dH{9%IB~=F9##)NzW8Nox$1S>HW0s!<
zmYHs4X7GsSy_>A+TR0OK!QLD-XPnBE-BaKepG_?0S}(Q%IhTn%FBR$)KgW;ld39Ug
zK^bb@Ek)-Go@{3f+hI-|iGDMorH46gl2dS<tNzZZKy;syI-XW~ZF>nZ&aj^hPSml5
z{wEpi#s>c1KH)C~?Ea+o3IBQ;{3U~rH~)vr;I+(+Gyic|^iv0~Lw=pzJ(2q#H_AV7
z@H#b>{9zhua44D!G|%Wi6<wvqLI5!R87FG*r7H`zbuzJa0zHM;nK<hIIq-k1^gDpr
zpxWdhbyS6+La3eYFPAa(u=!u3tKA!DZ$Wy?N{@N!f4O~<hK727{&Gdq?ar}X!46h0
zz+kKWzBPJ$wcdgHtr|yZXxM%!N<))-Vz=;LU;Ha#Un5>cKdH;68nHqxb@n%oA=M`8
zME_5Mqq&KRlcV77uiZi7URR2KNEEnG2{vkbDfdtBOW7S{?4^i*m8Es3#{4rowwLnb
z{JxakK58%Jdp}d#6RJl+RQrGT=o8PrlwE1>rPxJRuqgg%3$=cKr|@6im$Ex&+Di$~
z{pxy*N;yl_+V7Mv*Y>6C&OY{1s!xrF5~&_NWZX-c5!{y|wx42ZSWi`}P=(b%t;^qq
zeokbU;$&`OV<NcwbKgexSJ4FzQYF$%l^yqQQi+n<YsO#d+ZD{u$>d(Y%FXX&UZ4(8
z)H!Hqs1d4vxeBFsfsRfPYZJ%)oH;ujU1ma!cYoLTuQcdC%Tn(BRn*+j!NgeI$-%<b
zY+pjq@oLTiYO#O!CgRyYc=L05xYrviAOo?M3cUAk)sv_F55V2F+V|FcXon{3U*BJK
z{sH*&Nxj!XNt;_rHTznK()|bE&uQUaATD3@@B|h3g!<_FT@jsn{{Z|s!`KUaUH8F%
zf0x(v{{i@OthyJNRqbVTih2Y3Qy)&$2mCJ=19g3b`gk(}+uE8KIaz>h_f^T>*t9<Z
zsxNlS+ffDPWa6N1;^g$F(ggQ>zWHaQ+Py~oJ@h$M&QzoJK=yvVwIB45zvV(VwH-45
z71QUZrS_(~(0{Gi?*7{M{zkoWJ@jj4*q;O!i(P`fvxx)bso@LiJt_F}?|oS+M_#Do
zsMc^%V_;KzfM2dxR{v(rzMa9|eC|IHF}D9;&AzO^ukbv(UDki7@ZFr?ds}gDCh4CB
z);Ro|i@OTlOW2!=_b1`I^FO$_FYE7JY;*l@T-?p<y4S$H`9OafI12eU7x(Q(_hwK0
zNm!vSIa8(nQ%ApQYG2mhySM}WZ(Q8X#<$nSy*b=|8c6@@-(1|ckKdaN>nGvx>wj=@
zU)JBd$o%%dad9`Z(q0#T&&TuAJQ^CFcQpHD=h+K5@mmU+UjYSvdjUTa%Iu~5p8Dih
z%AEijntw}#vbXr}*(!c5-Wv2v@qgv6*jxJdnEbz%=K1hT>7Nn$_X7UDWuAWgZ(3$I
zWcgm`-ayws?J|k@2kGoPNc=ri@=p>C4LE9VBklXh{yhZouYhOKdjY$xyf5YVu)Duf
zGGg{p_I+0GjZOCx(U81bC%^V%`_{zovA%wmr=clL-D|?GBm3I%dn~A5DWhNZQuci!
z|GxG7D<H3DFJRY<eJOjlUVm~ndVj5szXsetJNJD@lzaCwf5KM!{sy*NH~Yf&ZVvv0
zEusGgw(H@(u)Vu&KVftIyRhH(-uB){dpEUymad@=@u|JczclkpCH?)ZWbZD~PgoUo
zXu2=#?<WPnZ@c_N(a@ApW19c-Cd^(he_y=+m4z7DpY`{R_xlR)udD{l{;a=myWf`)
se`U3e@6Y=CDazipsGqbR?B7)WuP|EbaFd1xNc}fNohx@t{`u+u04hNP=Kufz

diff --git a/docs/wiki/media/North Star process visuals.pptx b/docs/wiki/media/North Star process visuals.pptx
index d535bf27bb5adb28b1149f46797e96a22181f931..2ee8b574d3f1680b4a81e079f5729881bdf5ed20 100644
GIT binary patch
literal 1277440
zcmeF$V~{M-7AWYpZQHhO+jjTq)8^^Zwr$(CZQHi(K8>mSUfhTm6EQPye$2nw5np6h
z<=%T$?zJi-vubV@c`v^nXCLVQ)C7P)fxdsBfgt{u_t60R!2f-X1Ox;R{XbuS|NQ*?
z_ibmu&J%zupyLaGI|vZa8-NEW5YPvJCm0aWCxACN5YRV(?|%Y70s%P!JODUD0mcKM
z0Okfv`~SE9k5}LeFh3$-tpTY40;B~9kdptAb3iJ90BHaM90Gy?fCYd9fCoSTKm-7k
z01z?&3IHm=f9eAr00RIM01E&c00#gU01p5kfB=9HfCzvXfCPXPfDC{ffC7LLfC_*b
zfChjTfDV8jfB}FJfC+#ZfCYdRfDM2hfCGRNfD3>dfCqpVfDeElKmb4xKnOq>Km<S(
zKny?}KmtG#Kng$_Kn6e-Kn_42KmkAzKnXw@Km|Y*Kn*}0Km$M%Knp+{KnFk<Ko3A4
zzyQDyzzDz?zy!b)zzo0~zyiP$zzX0OfHlBx02=^X06PGC00#g^04D$!fdAyu6|i*!
za0mDU-~sR#z!Sg=z#G5^z!$&|Km{<9Jzz8u;LPm+Tc`gq0&w7evta-#=D#Hh{Qoc}
z4(3b~WNiZ&0Z>$aApf)Tf1;ZHkEjlS=;nYmPy(!pDd2pK0c-G|)%d?}BtRg*|C#E)
zpW*+$_y0WlpZ-vH|Eb*n)VdfTk_&(;U_Jj6*&OIU*RcQHh6T7H{x>$*|HYvHp7(#Z
z|7$l5Ks+Zv#9x3c{3oyfZyOTe{Qn#OKimJ^@&Bpi|Foj3|G5sQeNwp9WEs2JAcO09
zRcTFomX-Lfg1ej~<rS~%$8Y3&<CD|ufnQv6(bIGeTRL~lx%^c$CU#p~;O)zUxcvCR
zx3n)?!eWa>Kpe<m=jNTG5D2e%1kM?2RX#3QNP`y&0*ws%YaIQ+gxeivwfJZK?3U(Z
z&d($R9ysYMQK$VKyb9$6Vt2;EEY(UYK0J_xZ8TP6PAi(!kqb<yR&c*YZmqejAfcz*
z5dMt;7k=aPeB=g+7I9vfI-!q#3DFyd+zObjdFZuP9)szeeN)ZkoxE~N@>J)s!+-+=
zx&Qs1$kQ}y3$6vnxZXCK2C@EDr5LQZ9eWs(blWyl3q%;^6PB?hQBo-QS)X0~0t)R3
zE)*}3ZokcuaHq^6&%|i*U6zkV_$MK^NA)Z_Czu>#waWqh)@kYWss4p*i`kzy=h;4O
z(y9Dsg_9Zk!HdT|!X&#nQG##EVHF!O{i<On%fl%~pppB76uo}!GDzX^)uWyQcN&3b
zA8wjB-Ao0W+)rDM{yf$Ks>c$JWY?<$vPWj=sxQA<!gajw(qZPQK0z@Q!l;F-Ga59m
zum)T3WNxRO6I-E={)3v#GkJk#kSNA|Z1v}E1ieXFB?k#^uWPEC!!)l0a)R-Dc9sYV
z9v^~jJ|g?#S{-^ir!%D1;26yNTr(^_?<Iuj8N^rS%e7CdUQW{^FuC;K8#Rb-VALwc
zOI1;}Etso7V-Qc#UV#0<U+_^fekR~1*lj-OdWSEVXe)O6q;OZmrhl67lU@{%j0O%+
z@s*?aS{oblyR%dUbROOYEGgPA4PnRd0u<+ojvoxXywh^wdXfvAg!^DLm(oUD^aNj~
z{RQ(8t98}<I>ZM%(zt3arIX%kC=yoQAf-8u%NA=Pmq~KV+e&;+oeZtZ)JIO#;WZ=H
zSR5JMECL?p>Uy<a+;>vZ#jwLHXRb%~Al$YT5W`2%Z)(_0stM5VGKSqw+9Yq}C4E;_
z;)_OqdXd?r7o6$8eFqHp%n`kpMQMVu!|lWL$Cf%%0;;sT#6^lKwr0cX60}a>*H<$!
z_C_2B!M~idFVwb!`GI^!`DXGusd3Y|<t2j+)dmk%HmaF;TCH`G*YC;>>{&emoyaJ8
zS8gvb(r+NyZa31_Z82*O0;bIw!TL$HSGu(I|2a|w^z}PQIPS;s5q<n@-1}4|Loh9o
zaY|_E=sq{<0zJT6$v`3h<vSx}D@Pct+%|UO@vs`z(y)XsIzhi_T6kzHdx0{}hK+X2
za$HyGok3^Xz@UVWs_?ZrA#17nBE{Ry;L%a@5uduPrew+7Z}K$=c#uqsib62j&Wy8v
z8e=<!P2)uF{a15k9=5|5d-_>xo0<!nkCmD<yRH6n8}8opDma6_NIg;P4~hN$-8HS=
zff;cGX1H?vBsA~c@-+vd@)A2*u=V*<`4M}V+pizoX@cTB&}&~$K%+lYNs=j^OEgcW
z7$@Z~T6CUI^4%TfXmhFh%F&~-%G_F{4ZQYh?O~An@hXt-Bo;K;C9*OQiLq_-#nrCo
z0los3tH!ZMmTG)F{|wi5!(vg&%sEbLF1%tml)0oFaFHQV6~P5-+3gl;wVU~TqdK;E
zp-aC;5jiV>exX{fIp9G6?4AQA(I#PAF}k2xyGha*vRXG=B9X-Qg){a##VpCOcs}pz
zw$F-dgB84TA-%Fi0Pjx4v*<vFiZym1FFa6q&YA>6!|OVa={WE&PGy{G1rs_BIX*!R
zXm8-cRyLtTr?$l?@dv$UpED!J4jh~!hyL)cXvI2;awXsoSzNd38Y<C~uBUZbmj$An
z$WLDlavhe67u-=(Chr?>?bx871824drvJo(z<Gu~(TF4BoaR^gWfMn3Fb)QdfwVcx
zd;j8nk3B~<OShDdm>qFJj)HeeR<)l^SpJvV!HhrcZE&GLrryV=1f_yjcE|VaEY*vU
z5w=LTv0-KRoUvBP<mY*i!?(2N6-KRlTKZoQ)|%W$d?{7ExHsDjbU#j?c2hEocXVYT
z4lB4C*@3^=7C(i%;rN}enXH=vt_@{*D4sITVy0gjNAwa~9y*1<D&Je+bWvjZ^MNbB
z^{q8tJCh?d>x{%fwf@Gb>KrD5j9Kt;T-j-yXPq&1c-Uz1iikG6M_vBzcUe4M&BBUL
z!wZuTu~|TI?Hrw)CWk|?svBe;ZMH=Ah%9%KOO$im#3K*?`_^kFwDR$KH}`db<`U=!
zNw{3pk7nz7=YH&CaLNW6%a@`Hb9B_IJF;DLl1&ix`J1>+xTaM$bng*j4FdfbgJoIE
zZRSQbuZ#t=z(wcbn1`X*9-K=D+_l%}VWM6WXDU#ct~e0Ehivk+dX(SpF@K|}Ul$y|
zFU(MYBrJ7B<Z*_N=by?b1y(83vUGv5c%OvTqxF{u*d#4Y6+WJG^v>_)9BKs7>>I>U
z7SKB1H!^pu#v9{5k$%Td(?H%kiL{WYFIrK)%=_PAdOe4r8ZFE%A^v9s0*$JSZe6rc
zb#NihI+dqfa(<fMykJUwaycJ!Q5{NapSaX$$7wD9On=8MsQ=kOC3#DN>35c>d`v4+
zF|>x@#VM2>mj$={yGmP-@NO-R=eP;x8Ca1Ls%P=<LpnZlb}?#tB6~xwc`CuSfc_o&
zmj~;Gu^8@^1)q`Fr-t-DdK>7{ZggQR<1pQWJ9wCJjJK}xAQhudYS^WmgVP;tTx|Q~
zB>x9qEM$!l(^sm8d20ilX2lkiu_4T9?Ju@^UXZ9wX?5|nc6OS!-LuG6ONTI)bLJod
zO5-xB^QB+$70CrMjD0lbFB!03hx-Ex94%{O>(1@Yo(_kmO|g4W8q0*fmjUUBer8d`
zFcJL99(Xhmk{U)tn6qN*2<i1=Soa@bkXow9>(o;7;|^{}2a#BNC%wmer2XA*Z^vL1
z*lQ|$nB@JCle{kAQFYn(Poh`V+@!dm^LxGB-4KP4=4iX`JwYGdJ6ssdKv;snHu6L0
zL$dq-vR`xpzMsY&;5E)b8Iat%WldYC)QVZ!Ps%`i%?q-lz!EC+DQ6qi-oMxgE<V{g
zd=;0YSZ#!yj(`L$0>w+$rY^pNn6liZu`E|kPGVP__yy38YP>HJ4ZnX~toUWdqq$!s
zp7oj!f>)zh!fn(9Vm0UoWuS1hQZSKC74!C(i#OFEg?u>En7`+oH&BP=X)BK^zTe;8
zyb?6Zy-X{z=o^NmoK0Xa?}B#-v7%PI*7?yz>u;VXf<|4CB{vPTaNs%Dd)axO(;pdQ
z1V{Nz3P*P-VF;>kIG*HU!}4}5I!*k->-(EbOD+LTeJq#_mb33bUvUNtDSLFvQBCS_
zuAKe5*L0<m;CF%z6b{R48q)y1?IfG^Z)e0tro%}Z@#7O|zt|d?kIK^=Bzw%)fgF&i
z=ENC#PI#06;QD|h=kNm-A-s{RnN5?$pt#}BX47*Ns&x>%D&=lH_a$GxQQs_a$hxQF
zpBSMR<HJI6ymj;w#4uim(5hw|0lVl_Hjk}TLU0%L9G-uUH)ke>2Ua-B$vm$tMJ+%f
zU9qf0j*PBMdM@YPC3s}s#W)aNT}dOspD068srDeA0jRy~a>)s1rwo5#P2Q%;I0QGQ
z^@7UTF~Yq3YHFYjC90gX^wq~wSrale(usJaxnxf+4$g&BZc&sN&>5x{wSDUow~~k$
ze6yHF2yYPMwhczurp8ELY9$_^ydA-~bRiqh{wj>gzNQ<{M_zp76e`LMM^PY0fa2G(
zMY|O{F5sEon+_({Jb0OCsh0W*tvsDb5wE$2E)iS#IGyB4j5(w;lFGDO=&6z%(YF*X
z_POAaH2q6dVNW0VH;$UzH?Jm7rw#?XbW04mzWV*8tbs5aOi&dQ4tpb=&hAO0Q>k=l
zv3Dwo<eO+F<Qcuf+Hvzbc+q6>1{omW#C-EzZlEhHN@LDo@Hkhktu`VQqkY1}jMVJv
zN?$L^L^~XJd~r8Z^(5xCB7m(L5|)cz%&Jy*$hqWzp?kYD%D^JWB2>sko6qT<Z;IVy
zUd`n0ilBz+h^Ib<37(^Tk?Ur<Lu=IhASLw31*dK4G;e5AFes=baDHwz&vUvALRC0E
zN0^_<;+6K>4Jm@GYis{V1V(N{y9N4afrT#WvM9HBC)<id6%;)3Qsy>`RA<meu^^|w
zpPmXCkG3{_D)x*NI@ej_)Wh;^_;N3bXSX6)=ubC{?CWpAujxDi%9PozNE`9tR@zbp
z?TJ)6|7$v_L7LB?k>fAt7iGLNc~N!rlE>MF-s6MWU9d_Z?_bxHn2)*$b?yF@*``H|
z{Ni%6=`Qp(ydSmTr@G<_t5j0_A7p~h2Uv9OOeHOgeuH)wN*63bvaR8*3@^?@`A9l8
zDlJ07#R<P<z*Xh1()RD`AKrDU>namuX-tm@8M{DW&@ujiJUzBoePdksjgnTFz1|O(
zU)(#a_E+XB^kz_Y1Q~vsLwhglHIlPY#S*TgBw2jcOQIkwgT9Pr+@vXvrRs86WnU0}
zwIrG~xk}CQl0u~Q<hyf&GGhv@&_&6CC4OffmBKgqjl@@uH;#j<<9Y4!D9F&`n;>6F
zh1FZC&V=la|ExKWRr>ka5fH4edhq)9hFx&3IXJ6UO))T}L96G9Gg8ZpA;cgP{<H8S
z=Ed~L=Vm>JvE$ww5RH}pz58>V&+kDwlBHLhKPD#7Og!K$Hm8<OQX%s?(U$lA1nZ>G
zYK0e4sBN4}Lue>yz_ZoN<Q#a|c~Zf$S^-X{eL$TcH*>X{nfb-b5mBgrgoRV6%<$b?
z_oNW$BL$KZW)$N|LIC@M#nz}r8TEI7{I1&@VQmGPYRn53uF};{31MXo@o;$@tFp-F
z?`pL`=LeinF;sX}Q(gL}WZsyYAAF$kWycl2n}G&3s68b@dqkuYtgO$603=?glZN3m
z#&DjFpmREbStZ}5WJeec2noFlUzHxB@~*KWR}hzO*7+lTI*xt3pFSDht0O7kAycj7
zqNd7hSV$Q^e-sVQ-X~}eTsdKo&e@kpM|*Fi=c!QPH-*T9WXnP?oKFR{_<OXbEPe+Z
z$rc7F0iQ<{zq)vYStK<xa3&cQ)(VBUe4fzd3{w<i;Lf<NgQnd>x=QpZ%2MiMf^om6
z7?bIfPZEDf0O{SvB%b0Hp7!H-rD3yxe$`RyTEg@%(;iYRBAUca6RNl_!NU@q13!2=
zFAODfIH@wSockM)ibL(k^T3ws<)15i<?GDS`g;Z1XBgN{pKpnC#2(lboJVfY138Qn
z1I=Hvs`o~D>#&h3>*$uXD|lH7o3?l>(%tfwtXjd?vD?Xu%q&HvN9gLyO?22q28=y_
zx?E>rQZ<))s@8S<7RNp0a0e@>RAg<K9Rp~ImGEp}U_(<sH?$?jk;{#%!=s{?vQ3Pw
zahNu?KvVOX0~X$}rz6d>GvgYK%%Y1pJ(_%-vaL8#S|&CtU&eD<^{g-MS2PP7>@7OS
zq$HybgRzg*KTqc7nO<s4>GpF2$7Yy04;<r)W6qx^ymkp>BKAimd9>yWuQA9Is|@54
ztgg!cTCqSFyFv{<xR<GpDS<r^V?=HF38d)={yr5Y@Xx%ewhrRdY2vg!FlTmZXWwdC
z2(6a4*1lspXzbLlMqK^+ef#dY5Yyr%3UO+O|F@*={cK#%Nl_QfFz50nle+iK2^o2F
zViBU(lyI6hTAc2{@E6)CmHyh@jZv#mAjVZu*yAT&3T^;PSUKBmN{mP^$(7Hwtv%Mh
zh7`2PTnhD^Smi_5W`-z&{fFd${>V*5k3hJ9S@I5uizaszH2erALSKNMGjH&s_JOG;
zO%n`sT{7mVtIaEn78uWGWBdxc?v2+@fNLhQPAK1S&_r-IZ5;SA)0c}6%Xq*0N@F*v
z?X0z)AtQujV1BS+I$yo)3I^JSJi(TS#C?Tsej{D=s-PFcNGR7E5GRK>;p>FeVv9en
zb=vHfy^&m+r%mIp8AL?}H%<wxjOB_0ih3{O&+-rsz7ti~W?<NMmJH;n@syo4&zx}Z
z7Ru)9##+j>Em%(o;Icm8bC2;QXR0E+?bvsA_wLe*E=!Et#NsY(NkW~e*!Rm;3ygbo
zD)DBKk#}h8gXdG^(Kngze4pE_=?oq;rwDnJ!IXTXQMm|&wWnWN`S%}yN3|>hWGFM*
z%ZE<EG0tMR?NY(k)zh-!Fi$#j<ed=ySI3Kxo$m7_`#@?*AdfEQ?jJ8465<!eR55g)
zpzX;^tUip4bOVTvO-jXuk8_(t<?Tb6oVH|(!qFdk^D={CW5c8j;HVwDgV?JUS>sN?
zCEH)Ch%wAh^q_TQWgj`#!L4`0Z_v-PzG|WYvZSs36vxHV$ly#Dou2b;czGt|j~&tw
zNzr%}>qo~(+2tb=T$GF!fzxn<{)VI)bTv>Bg6z7Z#n?eQDuxquRrPT3?oP4K3?@T5
z+Y%&E?XUi4maUaN<6(O}gOe(K>j`!4K%0CV^U@5mvge`ruXBi7iB=00MyJDRo<C2h
zGR^hjJgbd1OV5ar9M^6>wB0`Shtl^q>8^WAFo*owg?7RLEV!TnXH1X5o?3(WM(?&r
zCJ#v-t0@@1^~4UGgfh6DP!4K-cd0<F8zKTK<n0{22t5Jd%j53X`E<}~m$dx?csWVC
z`GT7R#u~(=W7Kbm)Dn5=*SY5U;$M)cdB~!}b;C>`(kG2Hhuw6aL_Y~5U_=?z2B5w!
ziA|sD{}2buf>5$Xpo^^#8dxh^4DgL4)ET8&rfPW|HHPXN<0;3ZKR&)`qIc6<QhE!Q
z`C5Lp3Pe(0TV=C9*AanS?zS~Sle&=E%{43#twgWxjy45l)>e_lcX>r)4N0=<x1cDH
zTptdQ>KFVqIsUep?Ptjt3T<Ux$;M_1iL#HqyL|aR0YMQA4>?{Il;V5x0E1_@jaa5i
z(~C9=-2=mA{>PFeNH1GkHj~g=p)#VM8XP81fo%C*=tN#v)L~~(-7#r|zPTTjLZK2A
zEbmtU20u~RKnhJcoNT#E=e5?8C4s%dn#NUI&J^}%jDtTb9?IYuH31WHW`q)On`PFU
zVeU8f&r=`@R9L>tfWXoGy6s}*>~7o7anO^xEt=4zm3KFwnAkWTVe<ahhi61##0Z}J
z8=O3DI3w{Eh(a=$t)FY+($=2{na1U7L1O{O?{QB<NB{7;;0(98$MV^4V%f{T@X?Bh
zHF5bwRi?AZeQ9tpC8<$!)MOR>F!)0}57-&EGV-is{Kw(1CF5x_8l>2h{e<9%pzpBz
zW#e_K?m`#!@C}RDdgs~J6+bnmHL54EpiusgJ89v{$)(j<+E=+^=l0}ehyISDvK$Py
zQ>i6#?gjbDCUR7c;rVKT);=s<f(EnUZ~bR$uvio<VkljQi|X4IOv$X(@))<EJP^aD
zyl5yfegzB#b{JHg`UWl%+1OA~VZtOw>~^CA2iBeLpd@tiexPEsY`SEnp}n2<aM$vM
znGYR{K;X2t5NN^<4o-rDp)XXMxlhJp@^;QuU?{0A)cex^!oxYZFzL)#6Q}N?rzSC?
zn~^sDHqCZA)EX0+m+iS7O~@)jopqEhY8^*#P`@4bvhqmiL8QRe(Qgf}vCf+O?yjBk
zfvrM-MtCmYib-L#`^x=N#u2J8oc+<g8_ZHs)2PmRR7~!h-f9gWu2Hhb>9vr_LPDNT
zFDzAf|Ed3hrUP*RLD>(n8%vMnmI+$GM6)YvZmeyZ5&%s!3gB3yC#c+w9{O+`172*@
zS?F<@#B|Ib!O#q6;cXZ(%Ze*p!{i&vzxeY85p)oO!$ez0n^+2JaiOnweb&M2N4a4?
z<l>&=W`8}ie<u6P-AciaF!u!?J)G!Wb>02@dY!nftFx?YJ`N&0#6Ai}_-vSB#q#B}
z2MQF~M3z$W{Z2OeOx+3_eP-u0q-w4|x6$cgbHITb_?e9kHlQsNgY&`sv+vegfK1gO
zk(R>$rv>AW6)=hC8~sS(_;HTIZsVei#_@3PBRCf$(O$>7<w5rjPR$EV;gr5OU6@Dy
z1y6A!(@UB52_LdI-Qm#~ox<U+9SgK_jJBuz27X^&UnDq+$=k5*hUYulK8Vx4uh9^5
zx0<@RJ!p|ko`=xFSb$|u5FKw;)(P7IPi{X!nsM2%5#{3;P)*{N((9QUY6RoeY8Px%
zSc1{1>Uv@U`MXenp8-dID~WgU?3~`@LhC|qP!@qJ=XPrwDWuGu(DH=)FzMY=q=e;T
z6v1=DLY=i0_ig5KM(V=1Tu-obj>&h~wE1?3nX$B{ys&ZNnzuu$#7~<IBvyb#6CSq4
zr)bQ!->H82eMkR}OgUt8yyTpp0uE|i+O}F{IuNdF6dnEkgeACtRP|dHzo&`KXlUrF
zP?|HwM|%(vGOTI!T4ns?OkNA$_K4hkaa+4SgiK^}IvZbBEbC$R^F*H!*&RL`+6LdT
z|ACVS8b+Ai3Xz`F5=)778JC2`Hh#*0QJc0{b;IPJTxqIcHm(G+r^Qr$1AGFNKeJP_
z`+eU9M1muRHGOdE`|$CsdL{+rrH4zT?4<Q%T_jLP**H*76MxxIT->a4RhPRg3gB`c
zG#^ri?`GD7eCsAU<Boc9ai-q7rt@ErH}d$9!g@mGzXJYb9zMK1X4G6|BTnYmE!Jp^
z5NCvc!DAK0Y&K!(B_E2bJ9WAuEZw?Yow+Q9^XPTwh_zor`|+<lYWm;Dby%x(g*wkm
zu<0VyDCs+n)R4`OY-X#)WL59`g6N3S;?ZE_BSPD*n_9+|XpYJj*V)kk(aUgoBl&{S
zxP}4A=kFG>_)`$SqG}fDsfS5Db3{#hzRpD~XZ0r;=t6lXzm$6aHYED@3NlYMVhaxz
zu}}OE3Gd+Rks2+K_s1HD(d=(8vT$-@CmE{7UIACmt9@5QB&0bjbqU(mf~Vyop$&uf
z(w$IlE^wa-!k1S1W^9|_rmyhI!nP#DuKL@MK2hd42|WoC$#5i7>BF?V4^@d&zxmIb
zS!`EfrV;r_R|CeQAjn)D_c3js^gm%_Igq+^GiF~c*b^gvsc)RXMj7e|?xARG(9O-e
z?NVR_6imh)6J&(W(P%rxQ$?Y7oh<}()phxr1z8S5GXZh#58Xr}Fxu5P0o_;+d<NeH
zt2u|^fK^>ra$!&@-qe<)H4At@$Uk|`2C*pPU@csCqc%p^uRM(u+RHCLUAQdcD{<6*
zM0<#+mIsNR;)ZN0MM;tPvT(d{di6XU#P})Hd6jf-+dF6(qo4JFhlY1tF6RZcV?_@j
z);|}T=BBHX4;HJ|8v8(qCJbYo<35uiLwTjahh%zr!q}<Jvz*N@B~qaMi`R@^>?UbD
zymc1a()WhN+iqa(zXY(D7Y&=E9e6+#;vfPB#tJ!@NgA%Vz;p#%+wqN_-#{4CyflBl
zAO8L8V-UUBA;L-ef&oEiAe_z`2k%nlw*H>cyhA>Ps+OkjTs#u2#Dtn^M(U!*f@zT1
z-%adGq^Z=FN6(AgrK!IbQaKynP1Wcaa>UCXWXBscj+F^}@2r}wQ<{HF-p<6}MNtnJ
z&~2v5X1edht=isr`@0jldtjT@OE=xMk)s_c={t8LSId}Sx-4mVOv$QO28CB@sj0C*
zBXgtM4%fLbL(R8IcD#hZ4#g?9t}#HMc)mwCs(7880GeF}8E~K&8Dw$1g5nNZ#n}Z}
zoVVxuk~#BRPt``C{9Y@}`Gbb%rppaoz%)~1@Kp)zg0qNTvS;hzE}zLa%u%bpURw<p
z2WwzL<RLN~1Fl}RrjR@KRV{~cb`mG^H=XIc4%M}cORXo1pMWDoPXSJ}9ewu-J~>D0
z?2LRHDT2YBgb1((q!Z1#%1Nyj@IF^z)98{({jzN050Hxb)~>SsTfu<`srUpBZ=wJQ
zI8cs6ER1Pt^t+|D&QJW-BccUJ2815q9{a`abQAA^u46BctK4s^R{)_IW4StFI{>H7
zjrXnTsF<d)&WLtj-X}v<eU3>|EZ%B$)A_TfjoC(cL*p^(J?$&x2<6v$f;avSlkt8~
zrO4N*<LRfOBJg_zR~WTqG$WBCdg35Lt`l<q@x4;pcJz?XtGrnV_s}|yUsRiOYM9#s
z^nqClnJcQM<7U9wG8VEJFe#fxG%#q*cJXDSxmd7K6$!_QP)f&PXV&b;gx}xaV(n#|
z6(vvlkvi$A{zeg?K85z>|9XE1Gl@~K`H;_+4tybVMj;O6k`D3V`ApD4-^^?XSRf+b
z{@U3~(o-<q1<i|tlNC}Pt!GT-#mLf#ttX!crS!uCW3jjl*-+8U%SHwwpd2eo>+jlF
zXY@bAv4rc|GAnHSbNdmP<EOKnI8>w`fwsmi6hDffo^PKc7fDa^V@{~3>$k-tGsn%w
zkCpE};hr4DakI%A;mZ3#UCt{-N9$VK$R^LdmMt&XGU5WF_o5yz3LAFlQPqFQ^L7ff
ziR5jt76vc5PbXJ~M&`$~^&Lq1{RT^Uo5&jNp%--Rv+uZ@^V=HL5yef?K$4{OP=M5z
zfHNiuJM(<H@#kj{n>?c`f!0&>izvR*T@1z>(z`~je*s(JlZiyt#`I_qp+6gr4#%Iv
z9C5dVJp<HtP{7Ju**#?~0vTG+Q9S&X1%Hl^!Ji*BvLB8{K>9?D>8*(ub3VMf7vgD7
z;N6ldLpGT+(wan%C&69#*Tzto2LjtBB{<k@Zq5%ZEJkc=3Ae8JmE4+{m^ghg@XgT@
z(7;>UJ(Jc;VF9zt4DnKkS(hz`%SC6q<tSv58lN+vHN*o10hHOo883kW3AI1zB4^ho
z93K|=w`WOt;vq?Ddyc(&x67cY6T7Aq%23|C8dUo`vL9yo&twl1i^v%a+4Bl=sRK_s
z$mj?2i_2qxXkN+O#YG?4)}@n$RgMbdjUtBcZ`>H}g6KL1``L}Ym<&XD!5egOS~RDP
z3k(pdhN(I8=1v3p@zU-w1fH~8`G>ll-7#P{5`HLJC*Etdu=E!*T$el8$wdl{TwL5t
z!HLIqQXv@F>-RaUQJcR-$hp6CJr!;Wf8rM@U|4fpBhF_QjW38nrguqOzJn`|ow%eW
z>iG{)1J656cU?PK9a^v^KdICXZRvt_!@yevf4p_%<Hd?^R~6}gUs5XF`pl|_a0jBb
zkR_punkS3@=^(T)ZHqLX>>T29(fON4%=tPa<P)3Fe=5!^wjNT?*~-KIq;ImPy`A&J
zfa{5wucH$swI$`R_ZZ6I&TseqC}wpCsKxVvE~;^eNo+n2JO$LbZ7=H&t)usiUKq8D
z$m3rzKHUHMJ>qA>a%9OzCTVwD&$!5w`PRyjS=7{Swka*cQy&c)*0ReGDsuQwSZ1&2
z@|;5Cvx~T>%oXmTyBt@J2QOb^Q{7Mk)1XqZp(>(iu$5J9$9O{*%7D-hmx{1o=c0X|
zpl66$ijir#shY()ML8bzfn(*|a&jnqdq^2vw__zd@@WJ$S1H!!;+}L7p14oVnumH`
z>4oavlCcyn)+EpSg$sf!(Zgr&u=-{G5-`b1`jSI7<;wqM^wzb(?jgm$h<aE>u2em)
zU(xz%^qxzF<o+c(tIyi!#qaB8u+3lsmik4S;$~pwQoer)_K{JPZAWF|%}2PF_S@3}
zyUX6^$Z{wLa!UV|ekGV7D{{;7GVg%oBr6dn>Lv7BFnP?ihvm2PF}o@IL9|eK+#4p_
z><*~5Q8*O&h$4DgdzAInm9I>K0U49<yS()KXT*#)bDf=lv@}&ZoXGs97CSo&twV!h
zMcQs%kAvzekudY(NYe?kfMS}5WjiI0Px_90!uH#dR6<ny!SdfSLn<tkOCc0;UUs$-
zf@gXc*|5V>kdo)_7~m+)q5(4xL#ZmlMMJ$L@Y6}PKuMke@iy(LbSc{iiEK6ks><r0
z?te~p3_bP|g3F&c86CN!3T;;~JdKbyKm5qBaZ$?QPf$Z)CR6wE*=%KZF|v^1{yz#W
zjrs`R?5hb!p#6utmMjf>^R5!0WK4%vGHo+6jI+~zDbare)b}x&5ge5I??w%5EX-4h
zokb#n*t}a5x+I1Mv6<BHvMaYi?zI<HdLy+8WbHC1wftU;@jS|s$yF+wPDK?1F!39a
zgLEn8mUvwFvxuomGa$_bj7o;+IPTJJ&6z;;&_aOW)~;nT`k_30F^zh%Eg)?YJlGcV
zyvUi3!7YHOGd;Pq-*BIy+h!WX=`;m5+B$*M$eaVwCB0#SRpIX<G5J-z{+aW^DW7+g
zTqktwHFZVgxOg_)ET?=E?8OISpRQ7LeyQz{;~TS*7BW3_F)Un+j}AdQr%8zrP_RpM
z0n6|?tvX<A($P#KD7<7;Ppr9(U#^B;t<oSX*R;J5KsY$U${i^oCOz(V;wXJf8Ao@}
z!}~?nrD}eP8pOH0)f=3;5-Y84t1>PcK}D!d!8EpcFpZTl#No$Yj}#Fc`V4%CW?EE>
zvi!9n-6tA{!#EmP_obPW_!Mn5Dq!ppO?S+*?8DR3m~7O9YlH$xKao?CGQce0G3t9y
z4$mB}dxJ@<3Vkv*<J~B{x6ck7a7K|73Y8MfVO-j}jiD1y>4-0}(&M}FnkmcA^$QZL
z&;mWc)QHnEWpHp9C`Xxw$)YdD{-oZZJ<3c&Om9<ce%no%^eX@_+g*Zh{X$6P;`FS~
zW)!#Vi{xK5!XH@!ql5RrQ5GSZ<-UX2vYBmF4JYyI*o=8s8KAlm9*LVP=8daKYQ|Mg
z0{K_2%NYzk(7v5}3WH6{IWe`hns?z)A2_^r9}r{`%oXOkn3G#Ar&cX72_>0{oa+Ay
ztp`IIVz>qD;x~74x&U_J%JzM2K3!#PUNW}l%f8VL$K`T+!b7)8JAnS?vb{3Ig*yy&
zdK4Bxhz#cz!KN#tkM>ZuOS6io;~u|6^>@MDPLxp=2Dngcoi77<bpi61xeX;SvxTy;
zk94Q|ec3t?(NlRXaKlh$bcg<fQWex{#PqD;U|Mv`J2kn(x<woJSxil>cp*PId+rz!
z3`xlRZ%5<piO5>0!W(wPA3+7e{(W`davC<flDEGftZBnAe8uH9-&b~vL^QnCUPFN}
zGVLeF(QZCV2S+z<@k+<6cTU35)eXdfEiocIAj62AC@h+>O5kpW89-gM-Ig$F)9es>
zAxPMKKn;S3`Uu@zU`>8+Luhs!R?<A2!vO{8e6=i*r)2Z5%{q6&CigAjY+Zj6IOd#p
zSAZp{R<d@`O*14^+3xO3p^4;lUfHy%(5!mw!IdF?-|38q60K3h-2dz7l(e<QNRz6*
z@$mfvUoBd9vK_u@9>y#C)y06=rQHg~ctzPyy8T0zCU!Y|{1MyK`u?hQ-xop$YTNwh
zFfTttcP*ygpYShhkSI!19jBh*!cYVW%D2SK69uf=!s;C-6ihC|#H+*L?S+tTkm!5e
zpI~2c&t)VM5^ygQ_B;DoP)-yga?pv_sBdMl^)9P>4C;3pYS<Jv)F#gDQAed1DY&dv
z-d9<h2ah%D`EniEx(X@f;RYCdf4arV`b(MMI2<^yP@dd+_9NuHvUf-L+3#Ty0k!ga
ziC-(%e-TJb6)E$#Q6OiS)eO9h&_ePGwo>Z%FlF4bLfHbt4fN(V*msZ~@9YkOUTa<5
z^*8RKs5#7Xf>+M1aUck=n1@JFQd1VL_upu#IX|Z4TFHa4MGiKI?quAD-uQ_Qc!U)j
zf`2n4@|q3oUWuh_lw@gm2fp@bClbifnUJXo?wR|o%xw3<=H`vU3XeNHcV9tbo2V&u
z!Tk$W3J*r~ey2tHJ92L4d~678`CUbLAB^ShRpn2(`v8U1fA{1sm^%fujQolUfoq9t
zw1i&-;f{P0he|D7u9kxV%$B-Tx1fAv+7lg6`$rafyDOzT!42tmb6l$bMy)?37*ii{
zJX~6;k#KVWBo8<mN=<qL`e6LBpmrC<dhk*%Lg)%CU){pm2JJ>7z9cTiD2%UK(2Vac
zV+Ez|4PN4QFo}FIRAy8rKI~QL=H~UKa>3H;)6i?@3EzyAQjihM4S0*vEas5ZbV|A2
zoDx>ldI?`o{}|~{^=SpHyfwQ7*cQDgm=UZ%YvWH{4_s~)GZ=6Mh!2abHAldX)#ry=
z)4P|T2Z*^-2|=Q~Qlir(lJr(diTJ?p7(bn-pAL=btBEh^`zA|EPm%NmGI7IS%vpTq
z&W&QL9u36x?fEJ7cLcDTK6KCr9XcA`6*NG<l9m`WR?{!tceV!OR+ooSf(dxMA)U`#
z)jwN6S%&_kGuUlxLfXl%Y8#Pt&%UV4uGDUF3eNBd#{<6Y>}KK33Qu3MX_AVvGmC{A
zn~J-ozjeelpM_cN9Xw*=(VU~`#2zR~`2##|fm&9|aBn1%66<s1_uJTd4$>BuaUW!6
zakt|TzQ9AF&_K|F@G=hLo|?}2=T=CY`+T)`P~@LmT%{6(gg$iyPIgKf(&e57D##|a
zregv=&%%RiQ)Zt@BVprdsLz)w#O$9g#zbX$9doDW-}I$NF>F^zyAWR8|Cm~4SDRth
zzL+NY1fSJ(`<(3Xmm&Q)#>axhfEEeb1RABH#h(N9YoB!gFkSe<ImB{%ANsC%8+B`>
z6K<Hw#q7%7r|?OysV#~}k3%DK7aM^Q9a5>TgqW$1|H)|#sJ<;5+r1qPN$pa@odvPy
zr4xBrA*3iQW>+MVA&rEz^^ho>FDV3m$O{w?i=gVQ?HIzNdWG|Q$k)l99|?Dhh%my_
z6>IcfteK@L(e>e>Kpo$qb8u<84aW*E-Fx{Jy~b2_2QG&u9KYYIWjA*~HRrMHv57;6
zvuUe9b3!ya@?N`iCI3UQ%L$>NssVk7ics53gi<aNu-&FIP~1$yAX`zlJ!O_3^+<(=
ziAZD^XJ$tz(3gLjEw~Ovpk)!iwa8Ar3B)X+&`;`Cp<d3f)pv|K0E9<st@M;xSjZeJ
zi26s5vHJKrsRL39-SHK?YA(#uHDmu5B5QJpV5vCKYG_BRHL+mL5jXFIvxbv_Ah}Bl
zDY`hmKxgJ{$)n{!ZT#$bSgo->N(p9k>08Pp_xTWV{{k+9bM=(^(b5>`d}bv2+ipPw
zGcP^uoOJ}E;i@cGtW<epBYI);Upipk<m`Zq@Wf_R6Ci1|Q-%~g$zkgLrx`5DwS^tA
zzmIrbPrTA%PdIbErevtPO)q?gu|#l~u{F~|rG%LpL86SLvv{wDTjfWWWWOIP{c=dW
zDHovW5Z&GozXNsdI^b_%4sM@<{0Kd{VlJ;c;Ge)5+O7634+cI(CUE;?7@nT@U594K
z!3M+R(~J!zLb@!ou^;}4)dsmg#G*eb!1}<W%TxWP;h#c9hMA$18)ZQZO%qDp3N<qu
zpYsl>kplr%&FGE1vVkZ)-B5<|%6N0O<fACN%W=>d9l7z%_a(5AD>1kya6u39L;P3p
z_5HUgB8~Wg2xdUg{E6#4lyB3JfTFIvFCK+ir1EC6t2P^i0bDQny_2HRk^+VRf*$pU
zeu%(~=XX&WVa2B6b1I6KHuwNTi+DUEMB@26VcF38RD(RKB_uWS^3s8XV9G!A!jlb*
z90xo+iKP$Lp5oTI4&eU$;0K0^a{5hSy?qePTN`qXO!?r{I;Gt2`p{vRX~bG7kEYfq
zoJeHV@bfRulMZ1qF$cZs5$`3cUn^-M{S&%2?(nxqlZ)X?HE%q7P)s5I!H~rth^HfM
z9Hi883QYKt)4QjXM@wNwycg#yY!FS%%8y=L@l5RvmTvZE$&BP_>(kZ?gCII(q{|BA
z)HFd7`G2xzC>sMy+FY1P65{EHh>Pj}oMt7t<SgOuTA8SA$y~tR>9DggZ8PZ!Gu_ZM
zeo;Az2Iyf$+!XmbEPCn<OH=+x%`rKy4HM9Sk^Sm~)J=lXuq&_+>8u&G?2(G!Iow}b
zC3Axs$lENFV_mAiaUxa0@3JA(lPF=OR+a!B>JL*$PT$xpGMY(W@#%d7)m<iq2vi&u
zQtI_w+o*(=<ZM+hbTpV~o-~t|-SgN6tzpXka4+f*`?iANSs>W!LJo%H)}Tm!uuVJT
z9;4sK1~#+km=g6?(?EtXx^r`@=@R7cZ{gHRITco$kfUDIx_q{B25aI!{yk+30~bW-
zI$4r-b4^5Gx|0q*%;su7?`4juRe1F)E#hN()BeG8tH_^<iu6(?4I9!E;xn^Gsq1vX
z+>&T?KKgCEJVc>og~_2qVZUL&Y4}_M_|#3Ebpp@ERQ9K3dEUZoGaKD`=*&&%u$<EK
z$=h%bCUiuIrpKA^)E4!kOA1rPBktK`3rqrVrL`b|7~)GPeVQ=O<JRtIZAmns)g;+C
zzoS0PY@z_o1x`7S!*9%=N+j!|w;_G#?v}=^flLQEl4MV|K<}oxK&82=1D6SC{aVO3
zbeey9Hf{0*pD-WKhWS%h0%tmKrw1L_-LdLVAPwW*CxP`IzR!WEr?i93<RQdnL#9^E
zlf6EjY>K;dV%fQ=O&1+JhJ9a$90G!r-N-;S2p=5%D;CZaXFLg~!lGPP<6-m;sga{f
z?FpiSd81Kqf<~jEmmTIzBjlpW$t^c|*{6bwP3b_9=QS5Q3Hw_C3E3P0WU#)CwH#QZ
zvspO#^m5`QpV`n1?WU#$^bc!1(zz~Vj~lnPk<3N8U$HT!f@GnuHz|5Xd+i^NF#)jW
z^?^)uq=3_-@PHZ52ygs(Z`>QDW#G0b<fPiN#6`H_AB{D)T~(`Nlh&=<leol8lUv%Y
za+4TWM8$r`X^`_VQbF;#AzbCF{#!1<zt#H1-$O>^RI3rljh7V^ud~C9gmzjNxzGyL
z*D>x2K<+hfrciJADM@X;bp{{{VFcJRX{nKNN4lJ&)k#vb)|(fN4H6!eV;xWyfE!4p
zQl)MTL1YLPJBYDLpW7R%G5iUmsK5oz1eK2!5uO*1Dhp9d(up~hhKgvLb)ULoO;PT#
z$q=OW7rmjC<XqRmc@=AVp_a@ayK4U`D0`kN3*op@8}tYP^En#0i~J4`REMdG^WMh6
z7=IhhvInwOyDFgEVUlOnBhv0_YN{KNnH!0%`v{yAo^ylYJm=35#q3ho<_sPM25zGy
zao&RqWs-IUJ+a*ENZ-H+>i{}EuYkkpM2c4rhN!@Q>kOxRwAKQ+s@RU{Z5okp49T=r
z5ViN(oc}1VY{PS=fq)&N_myyRB@bC#zYwV?zSqYSPvH{uM|-fqaYh7yt{M!F*vAn5
zDnS;N>gk?~Ey&1z2~5APrzS)>)O`CQot?qSLtuqC-zzh$$u5(46O5cAb|N0;qlsR+
z2ztKJ&I{n{^wYvOz0$yUB|LIaj?aYS!;tW5q#G?*y*+o!ukU339wwI$7l6Hjt|7vR
zyU7-BRg?F);ZtVTH_r$$8f|wup{mO6Cvy|wpKtCb)PN*e=3-|{EuUELa%Mr$mCvMp
zyN)+Kc>TTrnsC4#MH<VX2UEczBK2~%L7{xZ?a$FI8G?ccS0MLih@~>EoOnLy;_mj1
zndsOvHUY6q*}uIXT%M)a!3`w|CL<%0e^?;jBV6kGE*8i5;lM$CxdReMVyR`Hv!_hj
zNA&PZ+k5kBPm98ubl&4rJ$g-yQta4*$3^k@C52(CXvhyPf40+pkoC(q?gL}##>csA
zoOXU~5t#j49eyh`5JQc_>{n3)v5px?Ps@>E?ZnyrhDo)M;l8>k7rQ`dk2*_FzeYrY
zwclbUrlaP|ZJevMW)7wh=wDL_R-tF3o8n4Grv=&c2t4tlyHS`Kg&f;f4D6`866;4R
zBK%&BXVc|I@6<A10g7wS%RE)=&|?t(a*wFaO9b-pLZI$FtwuU!>$8WEy{t~TctzKs
zn9@!ZKHEBLm}kW#sZmON6{3o9raHO<&2we)fL$Q1xHJ@K{s-#eJht*w9_N|uI`Y%=
zCeAy$JhC$XKK>uw?4#n7$*>X?rb>PF1-h$LLj{ODVQ*PA+7$_wFb+gfM~B~|{F(l3
zhiYQ^QV-iFUji|+%-7qxzT`6F*N!#)Tk!iE(?>+d?Z9n0?iOb(Cb%#n`_6q0dsODN
z-=pWMtH;000y{Bk`fuMKP7hXabVb<V*FxK!3W{psqw7C_!?ZkDL1#?rcZfYeJhTkD
z3kwQZu{7(y$uI;Y#P}tls5Ru(X}&)+$3&nyYzu_!b;-EjF}r}I^Oy%xRS)lgA@otp
zxK7V_G6k1isJd)PXt`+;`BF6SRw!ex2R3;AsB#2ay$kf)yN@&6g~zr3WEp9X`O%?P
zv~91P&3kaF!Pe<My!=F={`C7CU{#P_z}I6%AkrHt+rXO!!`td)oH8mob+QA;5*$VA
zr7^k|8!D%q`p5rVitt!EEHDNOK1K$v2i1p=bm_HL->xk?tW&wf54B~BzsRs5Wm1|?
zR=xD5ZV;>UFOxPjU2lg|z~{&gBg;cf^xuYNh*93aHEs%1Gs%EJ)OF3BS@tY(D%()5
z$k}Q?6UmHTp#Y~cE5YRr)asmEuGI$w&yQ(h*yT2gEMTvG)j@g=2!4?%_I#)kK7O^c
z&9cKM#_hM>Yln;N|6y<?SBmvPC;D1x!3QA&ZAFV}9|$Ttvxba!`b|}lH89V5_LLM5
z2ZJ&JWX^Bwh`0gzh)Pi^Uuv%!^^|K4w=i6Xdr9Z$8u|65lg^olBS094Gu=;vl$Q%b
zs^_ee`{N(H@EF9s_4s;^1h)&HNs;~#eIdJnI9ncPM%J?iS{A*#@$|v#9{8^Yh)?eJ
ziD<*ONqT(zmk}Ow<#P{ek4cacyg;tgcZ%2Pos13I3If#GW#CRxt_*oj-ASx0PPZe9
z_Ti&&2dTUS+OCy;y(-XH^9@NM=^gaE?PPlWWpez;acFuWSg<*UZa@O`8MDWuy^##F
z_`T**V4ZLFY*w0|*5J3};0$BDG>s%5@B;o7EC>9C$KGMFE_!d_)?!TMZ<C-`Vx$ss
zQXszc8CGR<*K6iuOQv1!xuNFA^YHDKt7paOeDzMbdY&JUB@zUu-*hIzJMjuN_3bie
z&2Xpo-u^AN_kA=lhsT6EJJl|KeL6kCx|!}PyBS4V%*!{kOu~`~CWmU>r08|Qt+xi(
za~gp0F-YTmCBLaC?QmO#DE#oF)HEB)-z0qNI1!n5fmpNrne}3B_m6?6?g?0<<O_xt
z_aDnl8U-5R(^O$dHu9Xzf&80$#D{d57@!>sWxGY_fnWGdsi{BeU%}~+ywA(AGmPUT
zWdHG%?+<%b44C09zo5vu2M$GX@<KMw4AD?T-0jI4ULcrAMq;oIZdDV&u(bN?C6=g8
zZIm}-bl=_u9DYM7ap>`xWc2rx8Qu2=N<5)5(;dT$TyTwRjL1(=4$ZWV5r48HQ5F@t
zzu||+DnRw4sQC#;80dV+2OEf>4E(L%hwC9pVE>H%+epNQ%ai*mxy3%uxqD)vr(@ja
z+r=yALMB312w_lAUuNwC_$fnUebrpY$Y3T$mVBL395l1t_6eL~yUZ)tyw#pgFGRVa
zk1uHmF}DjNpeBW4oSpgKNwACqVuM*)v8=$B>h_)KS1(os7sdgj4@oTkwID7N=bKs7
z&emlBJt$U3YIUa6X4A*vE+mIt#nb^d25lmw5fsk@IjREj{<~#Y#3fia5wzMPxB+?&
zNkI7Cm|E?G;EvP2Ht?4_h1^y$OlmxQ1H!e<WM^sD7S>;+ap!aoqjI^~B?B=dt&x%s
zJxh1Iq%Q;@J3=O!T#xn!>QLfs_A0As{uG!*c_L&Q^V87R-xuf+j{|M6#Sgg7!|^Ky
zse)q&qWpP{aYG8=_A95vj@u2ekNy+=T7S_u0*bk9`m|<e<dB^nYAK8~<FE9qMw=63
zW#X#aVFF;kG?}uG*Gm&Aie4A!RhI3^J&OBqhw6|H)DnafQ-URmQy^U+yg;<^r!I8}
z!N|m&=3JnP(L?!g(mfsG>G%KoP2*L9DDwr`Z=u?w<(|qtFcH~`YnLx}wklFE>v+A9
zAgL`7<EG1gB4^Ku6|@ByY3K<Phc?sZg;HL7_Nt}x{~mAKGkzVw8ZjTV2;6(*tg$FU
z1xBxE1GaD!vu4Y$J6xjbJN%nbhiLsEMWz7XbWWa{n-nZ$^Y*kMVn1|B_iGbB;n%R2
znmd&_i(*<L8yc&o7om~NuR&Y5@X1z)`rE=WSPja(mmp5Q4ZUHRw}htIRTqrFHPy!L
z_W%>29QUd%&ot8Gf@;igEvzX$5E-lN^Wvl;S5sjR^7K+T^CfD9(I`zx{4``8+U-+C
zouu&mseZC&Uv;T1$5}Sh4}O6IH}7i^4)Z>=`mY1xo}n6MUt@w{R@w^Iyx;&jO0tSa
zJ=DK8E!s4)YA>k@q#*vyrIwY${s?CnD7+>F6t7)}Xm<JO_F{f}R$?d@z~CBN0)A+e
zQiU?bHjf><)H0PYolOgp6tI{|152oa@-BC+(Y!7{{*_fM<84|`Iqm9}47iwVfg?S}
zYXt57jYoWlT$y(SEwL|;B;m$r?jso0Ge6RPqV*adc4RjF;c(AFPJR-=qPHIrU0eTH
z37@NWoovK;RbRUU`cB9gTD9~zFtKaNXhNR%*}j#EDf~kaGHUW=<tw7_W+AAHnV1+d
zC37WtebimgPLAPtxVA<Z<F?9_hyG;C?<uxRd791N6~eHXi9CsCJWt_#Nof^r2*QPy
z;jyM!euf%1@y{vg<0S+ciOkai?@?=)9qsEiIzZd%K#fUqVxd}eeQHz(LE!(!XbM8H
z@*Ct&XIL$89~_qslm&lAwU^#))DYza;^eF2tpuNoy1@DK4-Le$Ui^aNACyC`Z^q?-
z-&$0<R>KjVZ*awu0Zacd{H!8}D<fj!$87WJ{R6QVYZ({ezol`S!TMH{(WCgF2a2*&
z{@C&ER7UET$05XigmtkmLkP6DeWW8i)S)~Ptiew=k~47A_yDeaHg?b8^C$*QvAK%3
zyU2yRUIIv&u^2aVwZVS<m{93IVZ99R`e82&PjCD2lZk`ySA-NKpAHBlInuziRk<d;
zJBSz=8LWc36!g=o<oyut+w<OaE)B{c&xLSROjJQ6uu0nU^@=CIFwUd}m<1{E69g;m
z@jA#6DE1d%=ZL5=^UlGo_OyDBdrA(QGjWm^*YfLvrZ}Mt-gU+w{)B|vpAnjV_<#t5
z+~+c98wo>|o7{SmxDoO1a^w=(rID+F5>qV@|2T=ksMM3OEjy_R_FeadZm8yyuJ^5w
zm2>4M8|rS#o0AY<FQFU5x@p(RN$!vS9{@Z+!@o2X0O$^aPW;E9V{s-yKa&|vzlyCC
z<a+t^J;kirEaA+E(&nM1zQLgY!xX+t#u7QieGc6@YuhZ<$I;Ap$*44Ah5#5GKlX@!
zK!Z*p^EKQ45S}cY@LOH&taz1}RexAzQ3PPlYg}r<u=XBKHK-$<=)vVPX|8B%h~f&E
z4O^-z!R9Wr)I9?2ykjRviqyykxBxZ6!wlO-yo%ld)+c868RGVMjefNokwrz6Df_YQ
znOxUiZoJ@0{$U`AzPXXDom|e6UHQj`DRjut_U0v9Kd#k&6kan8n&0TSW{(Rc5#wlj
zO*Nh=a1QS-aXRXvfLb=yMUz_db_vnoxv<k=!dY0DOXLDz!K5xsv5lfTFoY*l6Qi2l
zlmJPB%DCc8Gqketn0*7OKx<DRn>*n#w5}dhD$L$ndFHq|)s9?`h;H%5+L;&}!OGSL
zg1_Uyd&2<<KPiIf+BIwCc_T{R-fVHz;&f!DLbM<Ie`Jy%f}f=7RMJy+%G2)axA;xD
zEy|W~P3JAS^ncUmXtz=dh@6Xbs%N3C8~N`RTK>(q5aASzN7}KQ223o@&G$tEO3)ni
zw_H5<G$<6h9mS$TYVHi>Kt1n&GdV{wivMm3mX~j#tQ-97_3Mb4>p3!qQ8(ES5pYbn
zu6{-S{L3T63+Nhm?5s=TD7Tf&dfj!0xiiPz$GKV(^K)YZYsQDj^$;gH)0=uBQaX0c
zoC24Q>UUrsGH~Pm=r^YSHfzWxw{5Hu;OMld0b?SdWQx;XvHK28_<D8%@A&q?4RsF;
zLm~DV__0jp_{rJ$lH-L_Z3#u?2uJbCmKlJFRxDwZ9|K7{t^<!Q={*3l&&|ig0`69q
zVwk^8z&K+8MVkEC7C;u$d8%yU`1@1AHpZF2Ur)8G?$A+qf;O=NbTr^W`G;h@%q}=5
z2EqPpc~iJ$c0MHU)AQHVT!ce&5>h)8^Rt{v4daB`Z7CDfxwkA-i}${pYn9^ziAU$}
z1NF~6LTAt9wGxv3O2M!=gaO|GMaieVCMH|ZH6z}(leEo=M|pV8Q*KXuGjNG=h(S^}
zlZMmggJ*i5M#Bo-@~K;U8OQy7QJ*fnH1;>0$H&YBuwZr!Jwe>WpUL7w94JN}`{xf1
z=0`FPv%dX;tl-RiO^!blf-;W=1Jhol1mb&^_W&u(!@Fw$urc~0A4;&GNPUtv9yMxr
zj=oO>LqaG~!L_lv0y~Pl(&3TZoq8~C4dyJJmHzj7?R<kqa+3@M2!lnyyx@i{I!y$u
z>)Pe@gd%i&Zl<kFOORi_`NEUG*((ucC%gf1WM*N|aU8jGD14rb^9=4?KBZ>Bi*WEl
z{3x2+ztPuJI9(GiQ44Q3SOObRaIi{aD$Ms9bbez(6hnP?*I7HG423XIBHJ~%wD%*u
z5Lt@C<2uxfQmvPQ>V1=?6*R=6kt-qo?<O(Ez1*eFf{k5Br#w=3b(WPX1j{FV8V;i2
z9fBpN&-i*4Lzr5J1r4=A6ZTbqhorfaV%_I7vmr+z>6SM;$&etVU{%@quNRJd8@Dig
zTnj{Ia=5A>2VE(8zzr2iLF|k@qhJFebpq}Y%JynfWamoku3;BX`x9q@u4McFBKy+z
zek{0Rt>lj%?UwOY*G10O{C_BB0Wk$}D=;<fx`lY8%L&Z@r#HoU;=)bsonAa$>jLQL
z(ADt;F8^}_`hO&|K^H%TP|v}n)kkpxQI;T3nLY+QLxfDpovqLAr$X$Hdd~Ev8aZsx
z2b?@ejVfbP4SyZhliH6ER(d4*TzqW8fkd-&^iaTav|lfpFi<=+jL5GhwKV>*Z<&|k
zFtCV9J0p*~9o8PKBVJC=Sjyxsew!CBe(HI1B#<p*%@?F6>mJG%G`8s2Zu3J(DP?{@
zAA~x41UYJ*25u^z(~}>nRw7ok?3?PzMnUR@{>Xv-Z8uzMDO>lZD5Vz`;)ff%Yeyu5
zX;Y=Dt}nVut!(kz7%=DzuS*)sb5Z`OF{vp~RpBnpbJYBAebw?&nr%;sAM&Z7<m)b<
zD7_l5{jXI@!A~783`{Mdn+^FZZ%fIyQn8G`VmIG*qELCpIMW0dq>?5(?_i~lR7iZ(
z%3=9JG_oF#kXP0c_@=Ei^LD{8^GQM2El1!ok`Y%JpY*p733yT40DsQ)YSOq!))uCx
z%0+=xNj>7*cOI2YB<|AT0R<n>yUg{3oPDL9#$QGYPh7VZlE(!=ZdUac`~Q%ue)BHt
zjR&Is5)<Q@45>Yp0?;>(jo>8&j2G{YUoQ%pagJ#__JCBL7(|Hk!UE#b2Ej(zNo(HT
z8FIapz5{p&4~W!|u%KWrM(;_T@tR!cn_U#8&u<0P+oTi^ax24{;b63zhlCdo2^XiN
z^Z(~TTDdNR>FJGzq4eO0T!frW*{7G9vXibY&QTs&*T?2bjjKN77y1Rohj6xR1OaUb
z7S*5@ZliCfDl&6QwqC)ITn<r#Dk7bT8JnL6<g`$_j4i9moGMc(6MG`ocuJuysZs5j
zT1?U^+AOk$!I28*k^iZO>^T$y)$TBgliW=|t|J#MFXJ_gHZB!l&7I=`VV8BAmerWf
z0t~S7(Ie14l0(-PG+k+7PHD+i(=f5U{bbTNjlCm@Isg1)$_@Jsn+SuO7X!Yef{D1u
z8t9ydTLNdRh^T|T(ffHzdd(ONwk_78L{-Qi0fXjdvf-hYFJXb6rxInh;u<x!{w=||
zS)!CotAA?RGNDkwv)0{*b1T@%zlEg*zD2-G=<0-`pxdd`!@-Xfi|wR0RNS~{K_N2g
zACR9Cq@Cq$*?4p-mEb>+?biGI#m(x;+rFfw4c&ZMa3=5w`BsgntrfZAb$BvDeb-lx
z_;%Sw5%_K2udAhhZT{*&*oMm5Q>WzqVX8&s<vYuP_*L_g$zqpC)JdTxLXHUqEEXt8
zGRJwnxdCQhW_v3)aGrmm+^JSex|Hakudxpk^^9??B=i^Q>`1Uc-0=mJWt)|A#>Unc
z&-5iSck^H;$xK#NP>KxGH5}rdlS<}WCUHeb=}t}wb@#AYLOP)q?iw?b{^xWJ@X2tu
z_t@@ZC}G!wYMDX^-yb|DLR~|DURuC=&d#q5_SL}Mk+j~==8C_c=tN}{ByQc8aY(lL
z#Iftth-=I2kPYf;o;nZ&A;)_aRP@g%svjgLsI02w`Foc{y|ILLCn~i+y%heBt^k$T
zXVdbg_MA9tX}6RK^_1^iDHfYvpYFf#GSS)W08QnVF)&TgJA!z0o(AVF0nhrlrE7_~
z1*Ac|!d<)V0v~k}g46t7(={3QCDIhhEklw^x^7$(6t6NOu@Y3z5I|k}FU$UZ$_~a|
zkVjFA9D6w|F^)7Ym?GT<lT1}MdK|hbR9nXTF)%qm0ybi}<L-f#q`-Cqn$=`dGjNe=
z&H@kW6ihRO>mNODFvjK+H!i$zP<WIQkWfcaR!n&*&(5U6Raq;@Q=5|dFKM&xg`eEm
z9i$ZD;lmey@s2}tbuXkA^11z(Wf)Z6j(~ZW0h9k|2(?p@Ws6jao5)AOPU$r#!|5e+
zOKxA^a=G77hTL#f?QF?jJddBVg@rbfe3dIj?I%EusRZk@+5Q~TnYN4+IfEnZxlyiM
z7<IR&3!{SlkZy?ICk)<il@BFL`KGw8hJNgiSMsiyTwDDKrZ=g>)1s>9ZNzgs3}HzJ
z>!$s?U`#GY7b@uv{mebxF+PIImxDJ?CQOjYfdY;6!f%P%bQK=w)%p9ED+w?`(!TQH
zYf)gyi^4FP*0-4g+muHJMrCmkvzj7VcG+rhwC=KyI@D%Yq4vU%?oF!yO;%6vJ~Sba
zDCRyONg;C!V31P=*tCn};J%t-mnqdAnssFwReh(CO#F>b-4EZ5{<cuDFqYs_P|o;L
zab*Ui(uL57EL%}$4w;l1|1$SYmK1K>IW$e#h^znT{z0rsK3~Oqt9n?n-qvoRe_k=1
zRRAA3HO?@RE*od3Lcy)5Y+(@QE@rAl$_P5!{XEp89-`I%cc=qlD~Ps+qbRJqt5U@>
z+_GZhH1D6bHX8)rMO$I@;-Q^184|+1i4F8#Vb!GO>`E7!#9`>9<XPIkE5_mcf3$m+
z!bphEbIJ3VF*^+D>XJfsuCBQc34c7)&g6TRyaHR6@Rx%ZLv5EqW(3Puf;AUlgXXSj
zD~RI=O2HK2mjRmtQzn$Q<;(h^Wz{ZPnlG*R+x+Zi$X1`jluWQlIiX#{6Z;q#@pyK2
zj6RT&KkNo^zcq)|F@8`0>7MInpO^NrVz)(AiPrgkt#%}bu&fa7J96JX5lV!3xyz=b
zHswZuv&sFY)AX+;HDfdpDu#W2+=vHaUQ*$GQD7}x@Kp+{dD5CH&{EVA4@L0LHZ!1L
zUrmh;+0Et%Hgs0zACzJ?FT4V#SUNt^8U4_mA}YKSCK977=^;SMrSkFi(EU~tC0x(N
zSxHojm&zRfxOXD(_ZMXDHed+hRT`5&HNLfLIw?231Ge4j3%?+}$wMQ0J$|RALkdxm
zs6fwOn2vep>&x#Ej^q;$$Yy_!ryI+BC}N*ja|t60gBLn6gSoQ=jaWF*(b9VuGOuq9
z5{K|E{4Qjs+tO{a3l3s}xsPlCfjm&{4ug&jH3b<is8DKd1p_*vrb}|+a@-Bz&mDbx
zoh5uW<-Fd&rKs1tEVIE&3-87*9ed&`H{c$~L<#Y1Q-hQ)O{tg`DYWx(!FlJ+zm}x#
zV}Q*L%p7^Y5ZW}JQ7WR#h_~55Pl~|m;G@$hejjx1cH%Fg&q(j5y<@Y9v)-}%ZCb!Y
zHO}s3(1p2%sWVsNN|E_F($RPDoxF7X?u+a&kB3G5&Al(uPxB)IYs3=<Fn$IR#qx$h
zJ6}u%+2)i0_4dma2=aQO93I*dYSFMsE7_-Ui*LMEE!PF(;v&XGKnKyD^lr;%HW&~*
z)~*-%J(oSEWS~NekIkE=QJfrh(K+{E_ikl_UKiuR$u$Ty<d74}rKay7ZhS23LIGRq
zi7wPV#D$`Jk1uU<rXhc^4<^nKbLdWBg<qMCFU*en-Z&h}4H*HFVZ4*k$_OTAdh(VO
z)GrLB;m4X2FgV+6a0|`Qu%tc3T{W5c)_Kmrc2y}*wE=_J|J4ejH?Wfhjto5>*Ia;j
z@%(V`yGmrv;=aiV1aL+b$(lyD99AM#Z&obmHxL7SUi!w~+4V2#0jMC2?m_VYf_R&^
zw9Xxn2jJ<_Ru+`(dTvAs8Y=L~<sui(L?VEu{0M6(kI2lQ*`P{Rpp$2@YJRn8H_TvX
z1&Z=7FL0-XW@kSSB+!vwQeum(Uf@E7p=g|3lvvfl@5(iSo1wRwe^Gh@Hd~dmq4iIB
z7nwtD@z;_mQx6d^S)gv((q?c5q5RxzM&-A_Tn23MPFHQx5F?oM(p_j*8dgfjVo%)Q
zVwX4$qZ|YmuCt;F=?nA-yWT&s>;QMLa|2xVm4qB4^f|~$b!r7#XN(8VCrr7z91m0(
zeZS|qF$u&PTG~_S_u4as&lE#KF;Q70sp!{j+4&;9Ehe<Pt1Wwqp#4Hx#anP+6Bq0`
z9&9cU5)eY{fXX&J*eT;{ZHwY0cnm2lzxo4gusT|ET7JHfQg~_uXvZCWT#ovHgdg7Z
z&mPt?S6?9TJ-;@mIg<h=c&Az0T1ZmF0^L!o=xPf<fFy0cr6N6Sw9WDvvQr{oBi|CO
z)6kfHJ*3P;Ili=SVxcxPrE)hcq$l7jW|Zco=i26IM|}&Bs>w0Lp(Sz@8-SN|X%pTS
zoorYvVOg06*fX-st}e}O^Yc!a00rYK$~9+ZP2<e6DZhjwPPs@nX_J+Ie6LeR4rSLM
z3Tl@Ol$`fED^l>W4!5z`Pg4XiM!o$=W%&8<83PG^@Tkn77{w-xn2Q9~4(LcLI|SO4
z5Q}oCY!1V8UZrdz8uO-b7jDR(nKAj%20O$LAV)gt|5q&y>HSL&K|~w>sgscCe5EGX
zxcOJ|Pi++*)pxM@n0NhepFQ6-$`5!KCBeqZdffb}hT_=tQ|Se7OL+*;E6*Gf07eaE
z0){k}hTyWiKzZjqh_?59{l3wQva!+To*h|<g^`7gMSqCF*)^L0FvT?L!-tL%T=cH^
zy&Yk<GZ}_^EyYmpJAf?gzw#3#OqGmLV#tekZB;#1-B|k(REnBMrTZth7|F?_e?Jpu
z8b8PtoXlU<1u(^tO;*QTV`A3%NsYSYUPia8NB?S>-tU)We8+zX@`vAT_(2taj3~00
z&eYT9xG}l|2hGzZCUq)qzCDQN3tG1C(OPI8_g3Y4k(*6uCMfXQvt|<gAkGs2GE(^4
zmR-ktgB-P1d|Lfc6Htx#Za^*Bn_pVCYu!XSqQzPHq<D$72C$H#v+*3UK^C%=@@NG#
zSgw0-*@Q@6!BkNS@3XypJKQ!oD*2?+ts=a0uC!HhwX?&gzy`=b4TD7pUuafl*1tnu
zzU`bmDezQmVO1LyD}aXhTfg<Hx`oTw1go0%u6Zeej46$$5(7G0A)JyG4|XeL9ogY@
z<FBaNZT6N#;Q%p0d;hE!+Y+o~LrW<3hru#=B|-MnIY!r_Y)M_i613$lp5!qvf}ksB
zkS!xid<mFD@2=D#L{>`zm()v@w4*x}!U2?yLFuE%b5Y^kF?}5^^6+-@)zyYQ(L=E1
z--0j~DSB7o5D4u5S#08RB3)7i@sKDewMBe`m2Qu6=&Tvq(MTF-!Cfpb1&xvKRZB8)
z!N(QTaa8%m+pJw_s)E@&{OlErRaNI-g^JwIKB63FPJL;ZY)XC~N%T@jj*QLG@IlRZ
zLH1`6Q|v6)i8Q9YUVJM3qfrizcr^!xx=+FZMCg07qB$n+VRU$&ZsU2Hvr3XM+*6E@
zf(Ef_Sjb6c+t?(&$eZ^f$kZ4WE~~B3z~TCdFbsM&WhARjtq*B~&J@w(+cU!uN6jtm
z`Z{;)iKV2X^TUukDG4skXAWAvc7i{(Po;1APNHL3KxF}P;@!o~2dtNntad6`Hl_+)
z<$X_jXXL%()g!mhS=LXEp^}@{j5qp$w3-jE4-rq>Cu}66k$U<<38YWe06mQKk5SAl
zY9}o(?8Ps2_$~fjVmM0RV*chacpdRJtv#wQ0vSscpEeHz0$x!AW1KNPy?a4=ZfHva
z5i(}{wHv@~I**!Ki0a)#Zdt_>FE9-ft$dGI$33<PptP%<Il~bnJLEcN5|Mp6G4gR=
zYm$>X6S{pFv;qNwP<2cp{4AfHc#@Zy$u}9l*lH4;8U=9rke^T#Ei&~e`vik-Qan5(
zxcNsuh|6QgC7M601O5v2g0km&YFvHNIu)f(gDo6-@7LwI<s6B}xf-$Ry1IrLm=<v#
z(4mN4i#)>X#TW|~D>JXUiOF>I0!XF9QC)or+=u{zjFbZj60_ouDpmqZgyyiyu)vt&
zzKut2P{W?{Q2)Vwb=7FkmRL8lru`9f7V%##Fbl3*<@NzbVutx{ozyZtKA-h0t_4!s
zU_mIsMg(H!7sH)LTkz^6-CNi@vXU4YaUXJ743`C2Zs7%$<q+CFldRb~wO_d6l;ih`
z3;ez=_z1BxG*%wrFQ!mM@n4M(9hTi{m|#Qx4R;^P1?uj2xw<DDj!<5VplD$ddF3sX
z3?*_0AcPaW&donb9PQ^0!0U@*<19fWuS6>Iq8cF4({8~bqTp4Zg-mx=*sW<3njNrT
zix7c?e?4X*fI2&LL&EM0zF%aFA6RwC?BrXh9lfZ_fghdu=|E3XBlb^_(fgKhzmDaF
z8_>YyxeLVKuX4oCVIvly!4oaBv3#!@uHVBC3}56l>!2h}*%DFrU4;-^@ALCx0Sr@+
zLoa0v{tial|2=nqT86B%J4j4#*87UR-gT4P&ZT}c{iC9*lBAVDt6JQzDBjUGjJSG+
z(pru-6hw>4;YvW`YsAurDYhOSzWo;~qAIf9vCd8PMvMVPm;tC!9YEl*5l+z@gzaXy
zM#16{ERKU$7pCEBxh!><uAXyV#|f<I5V2RyqB2(~r2p&cXhaRI3IJNguEL?JMC3$i
zD)i^Fw%AVRZ}LDvkSZ6bdC<WNNI)GZN$;}>dJnlozQ78@CO!FusIGQR8dWNBx$HS-
zn%xIW57df3oj$}7k&QMq>2aZV#=Rp4hd{+ZjX8z4$7ODA?c}x5b+XoC4i!SA7tt3B
zDlW);ZI7_{I&aR0BB<^|XzAvA4eW)Mi~r$5;eu#mCWYP6r-O(T*jelEUv3qn_`XGc
z%pD^g*aI5wGL{Un>e5MB#^*3;hlh||S)}`16}T}t-ak=Ngwe6$^4jcyKe<NSJBpx1
zl;$6Gd{Nr}v+|~U?-0a|0w_QXg~^b{uRjqoHnx=K7u)ojrjv?K_c;ueT#0J!DlNI!
zhJ>tkieBrq1@tn1PdrwMSX&&n#?J_TB5Xe_02NIA4Y#_s{+NZP!aR}l0r9bEiN2@9
zWZQl&`YSG&j2W8Qvg)Sm$PVoM-3YH~Mw<~T4w6lR7h-_$T9l(-<lhg>xUe9Z?z!2)
z+g9TB&qh<|Grs>rRY5=ewTSC{`A(y({S{V0au5`qd*~K1@W6Y?++Qbq3FI@fQd@+N
z0sC3=>2E0wYiBpD<2l8+UeE44-J||Dc*;gC*?)wBwJqCQ`qt}dZuJU=O;I@;BVPtt
zw6vE89d`eRrW}5@Oc6N6^ntL9<Fhhg5KsV>6I;TVKRIEk6UJRhlUmB9M~0g!L~KzJ
zIEQYcxsu~Kp{q$XJs&ZP_q5s5^MGBU1D<E>s62J6L)b29>pN`WuHV<0WuMH#G-?v#
zt*#Ug-oAu;Y;4>#mJ_^zkhNS%2rskS>>ph~#ZPzE=F=u4uHFE9NoytDwj9mBEdk-K
z|3gf=8(}#}R+U}9;+~btauQmONGMO{to#4LvTLR>clc)l9jV9FvRqV8*e1?T%Q-kl
zA2RlVTEHD#s}0$y=%m>Eod+f1!7pok_j9i<+WZ%DL06bB$o{&6gp1C}Zs;I#@k9~n
z6#S{ka`V)JDzT*Nb}k6>hcM{*=}l&In2RDVYApw}g@z-{#`Zb0rRq=kLapY|J{m6X
zquDn4R#Y(UfVw5BTvWr~fTKTfYT65ZUhP7QRm-)3p9C7GXK15(ef-~?=#>)N_XGCP
zO#5#jxmDS-9`Rq#Q4v<!CNf-Dkb|g*_jc5rmn$mA(V;1~i`Cb-MOIQROnp~q?zn}z
zL6&{PrOH1&{w5gWs5QcD_?@XGAK0o9v#4S|GU#~85eorh2=H>E8)!@JM_X9DY@R_=
zq<}8KL(6!DI2u(6dcHVQhEj8j)hX+}ev^5NJDDPJr=0k?W(W-py;<3!90G?u2?u}k
z1HJX!#kRy5T@Ht3XI<0suTI*LGHX&!PCyP<l|6-+X+-E<FUj3fpG^3a<V(3@3+|7t
z4Ys+NJaI2I*d~5H=BsqIw*htKCai)PQ6mEX$&GZcjaxJY*2Ibne|!V)pLCWORt{!@
z&N>(MlOQB9793hKU|4j?W;EDSVxFq4vEvW&L9#b;dj=wVK1AZVduO9fc<(&r)7-#b
z$p&l7Oeim3{7;>c8Cz{fV4JHw=G!7Ur_OIePZyxq6!0L_poHbyFEQL4jwmByVvQ7)
z^ggJ;t}xE5vyaLFpBg(ZiGlOhe}Yne*aF+k9+KHC;=M8Icq4Fk>W*1R*Dmi%txt<S
z?Et{b?VAqRqUwe85}vrm*?!2f=R?kX?g^faJ$EK?ny0DHm-tRkC>Q>SI=jkV0)Mx9
z{@W+PjV6oiPGi&%Fm*=>o$|0|Ve8H5lzp$rvX>ZDX)ps5T0-U>3r)hCc`cvcv3lXL
zLp9u@yx#GuWiwl>y-<q!)i@$R1j(FnN;16(m(h0swqAJyLT98xY*vkkcE6!NL{K3t
zwY1w{OrW4DvCg@>(_T<cH@(dbgL7+og4_f@L<;~D>WB0C$>IU{_D>E)-!^pj+RMP*
zCRO0}IWAE)^Lr4dOW+VYgqU0P6m3)tK$P~Y*@KcMt@1qS!hZ=2R=sTjOK5ZL?Owzm
zfSqEX0hBNM_?I!yUvDGIpdBlmy$M}8g<@R44{XF>8tScV{t;De4YM5H`|bqB)&Zea
z^*Q1%SJ{-kd`(vvN^T7zHYZMqc6Lvr1x@RL;C>%j4jH>)RWMA~z~!p3GJ{wf6bBKV
zn7~}iL`ZtsS64)tQ?5<oUJnWy^76@ow%<Wg?B=+A1m`hKtuf0rWfF;Bcm$;<`4G={
z2%Zd-f3%oj7ygICGc^zzWmBVuTCD1ciklRY$U_*}e=9VOLgUPlDx%UKChqI|w^t>5
zSrw@ZUoAD6u>UtpJDTeVTSHJr2Bh?Og-##OByk>}4m{o3zGh9w8N;h{A-M|=G;<n>
zMY%4I0-_rg1mgZdIfk}qMEN1MgW4yr9`XsVoZT{Z^UP<Qh|o1qvrz7z0W8wRXi1YH
zT`v-EkO$A}?soa5n^6r(lou#~Z36qf(86i=ON8ETB6Q~`JB&uMyRC2jjM{{<lOW6u
z*B+Ek&_RWtN<c6)r<aqS`NRI@sW|nNdB~j1y*Z6-HC$tQ>vS+p;gq^JQ#Px5hf25~
zWR`<(&64Aqoe-_I0UEEcyxa!Fd|*Z<Og%O6y6dTwR%BNNH$EjM*wEB7{4A)B1?HA^
zp+Q3T<`xN2aNNd8LJg#cFIxCaP0d7+mz9+#W~(oCmKr}r6~78+o<mM&Dt0EuYwVDj
z#fn64gpJNv&xE>43v1a0qqX?kbRv9!xvAio0Sf`HV`4}Ih7_rFE!VG1bM-i%Z>0>l
znDk9CJ^2#f1$!45;Np}@HW{NCXL4SHVv37oJshAtSYZ-2qE^f*C#@o1>PN~O!Di9S
zUP{CTXeO+^6yN!p3N?YT!S|J>Vvl@du7{oC6>;m5YdnDk;3llTCR2tX9#5&XW(B@$
zcj0?r=<lC*M&u(+RGQ$~*fhu)in>58q^m&Kq$}T62E*r~yzh}OGRFRmo|(Z)j9?$L
z5qu;g!e`J4Q@CcWgYQBQao(-lGPNi%yq1&|9%@W0UG??n^dtNberHSYQicKaU#%<h
z)0}7>hj<8Tc>>%?Hft}};Iro;0r3F|J~J$_=^wK?fIo{M=vM=^{a$v&N+8UJ9L?rt
zDFMvK^Hke|3KeEf44J-T(?8OHOgvB`%>xPtj<WgejKUHLhlu+I+5dS;#^}h?Ws^p*
z1~y#=!=1l{l`*JEdY2AlE3*LO?}?c`uARb!QHFT2uX9gzw9>)eWZE9_y462=e<OBo
zBH5k+fcEEc=|hFuXGpmxCu!VbA3i3HVbTGZCRi4lZH1anS9>Jp%QEaSNa`z%y{^F<
z?GQK|2=Lnbq=zF{J2V^gCRF_A@_)<Mj-$YL6Hw9K3bW;M9;4Ej!a)ZR(WQ`&9h6d>
zK=g>@DMlTK-cHR~1Q%-3N`GLzk?NshW|yP`oWDqbK~Vpk<vQgz4v22pRZxDM+UJ1~
z%PR6!;9Qvjm;KzSy-tnRsh4A+@Y_VS`H3!cCxU&}^+59HVy&QH2@8R-Ho#Fw5rdw2
z8;K(#v)oPpy2orMGg_K-*UC~$n!4i*fEv!8saVL$b*$KFEB0T@7N?r>oq=#9V=HVr
zbSt=UudoC!<Y{YHhSuyyC$03lc6UmMO{P9YpwwpZ>_*dR`_iGbbLqT>4K?*WgIQ?b
zl9se_=j<<tXv*)0m4)+ysitmhF-9`<Z&E3-0N_E`bh}7JSl+`+?V#z>i=r#gF!mK^
z7-0k|R-qbHq@HzbCe@^@j*SJLulif8yqBR}8m#f71t)ljG9tLc@wf|N7}oP2V9j0r
zonAQDuw$7C`zKriQ@$M0*odkKZC9h3_h{`G3^RQuME-ZljKKX)pXK+K?)Bb<dX#q0
zE=U=$yk#NrL(U<0vo*uu`IXB2Uud2m2z!Foi)K=Nc<X~%T#tT+V2n&mzoMod=;k2C
zSF6DNo<dF%5@_e)!q?Zw2S;ss6soTI3GHy-SNmruPm%NOjM!_rwZe>cpg#!AdDOZ9
z#flvP-WgRn%4R{9Oq*!!A-atv5g+J3U!*2*F=e*R3hu0@j~6V~FGJJ0_9&LYyrGQv
zJ~}OKS#fU!*{q0Oi_jg2V6QEhPf98iE{Kp06do{A)i~<Z$r?yegoPG`25jMq*3E-w
zx=Qyu5)VpAdi=>}K@?E{Z^V?A2L*Ass38w<j$v4dy)fwcbzaH{{9VeY#PEZ(66Aq6
z^$+h98$ENSl(0BEXN9Vk1EUp<&F?i;bY?>g!`d-f1u4T$stZ<Wvh5-p^XpZR5sV^u
zolS5->of^g2<*?&13Vy6qC_w#67f-Va6+i}<DeyD3&hV8lqR@m=;>AMiD2@LD`|V@
zijU$sV27i~=8KmxEA4D+%<}v$x<uM!PvE!`&E%18mtbYz5XC61=|haD$7z-@D58X4
zm@H2lXbho~YV|cy^m&fI0depVj+beTx@3?pWg`ViC}1V+QUUd~D<{_hKhaEsUPQU>
zk#^uPHf^{z^HqjeRy1Tp_}+5hXC6(Ff}#~n`_Zk^u78VRI0;gOJPCGnyYO!NAI)3P
zo?*lpK4Y^GfRG!BGb!*TWmICpJ_g*{9kzoTA_knuMnRmM!X#kub<Lv*8UgFXxIbJL
zq~r)RLH1+VL?JlSGK5OXaIf{q8_rH=7aag%4kcsA%&K2BHJiijQyW`AUBnWob!s_K
zHu)>1zZuAxY6%5j2WbMFY~bgX<1m35yMYr<B{iZ=vohT6KQb!N5CMc<dH#x2$cTzQ
zIg-YKCa+Z$G?S{%fow%W`)h|VoI6(_Jq)*3qe}PS!o!aZ3Nfj6<IC9O{Z~Ka_&gPV
z3wy+N8PFmZ-@|8*A`>w?T+?&R{l3r`!4z0AVpBWh-f%SZZ!tD~l_~TfIYYXKgewA}
z*zW$~W!bTAY)rUGItN*5ZC2|HaP-}HAUy!s<cQhBKP|`A?1-lk_J4JaZ*d#SPAYY^
zw&xOyBDb*dsMHgkv=3LvvP;W24F%YL3j;Ig%$sc6@a!Mwsb)m5k<xw|b-5KtLHvw(
z!d*h=Y+bQjYd2IMd(ZbS!p@Y-g~w~94(~fN0ZygO>%4%G6usqm1ynM08RW3Ogn`j2
z3wRmFeN|GiwnXK)Y>k<pR;My?jvs9Y?gvHZldl<({|sC*VzR4g@8c$ut=gM1n2z8T
z(0h3&!sdjrN27_dCinCdtlaC1BE2q*C7-^|KnBo!%uNcRM(S?~4?K@(1iH6F(rlV&
z+C7=>x>ghe@jH4qU%kQF024I}XSPH6rFIXZJT0xTP!hJx_7NSM8+|zcac<!pdOIvc
zJ#JiG8=!qOP|V3+xh9KGLJlKc<r*jd43~k-Y_ApDY#uBx7i0k@GL_~_G#Xpspj$>+
z1I0Di$Nv;tE~9qM8~p22JEV^<<J+vNc|QHMXAre6op6&zd5iKXKfjnZ=vJ1ujV<Lg
z6T<D%(|Y`gs8TF$%pB!m-7i{f2F)%|?HkQpj;a~^=nU3cFpSsFqC`x{GZH+TZTu$@
zWrv`bhGPML@=&sL0c`>inR=^GZT6a4(UdQ0p`V_Ao_Ezzs{2WXU$(%&J@VCUNWBR+
z^z%ESxgM9Vl@N4{*AuBxCQRP5g&l|k!F)sbZpZwoBap*n`sPJ0U-ZMI%``rY6>)S#
zv(&Ig$O45M%jE8G%t6$^%87w;@axvt?*wTS2EYK_S9@<t4a;C;nc_E00Svj0oj9Sn
za30^CJ@;7xK-23Wj#AJRGgJxcfjh1iui)yzO<$Lyn>o>V?c<Boe*kmo?{0okg|$nm
z5H&w(9v90W(!+i8Wc&{~*RrdH{w<Xo+b|ASkWz4NEU7JY(-yDwcX9-hoW?Gg3Vy=F
z=pG;GjbzU@_ItEs##oI=?p2CXN`{S4j?Ubkjz{rdd!5(p7tKYnP@RR0U1geUc(BQF
zeN$nKE@u2|$R{|A4B}MflDEFj595$0)L?e{@8V(85?N*T*MwnqkHh(WSTK9M<MLZ;
ze1vFw(Vk`{3@a`v>U~5QPg>tMklUq}{VfV=JbrQ6+*QB|Bt<y|q{J}?)FLO0RkEUq
z*Lj%Z4X@q!qM&$|L(Nn%s5HvjQV)mhSq@g}SQ;Z`E*0q^;hldAm@X+KkX--4*_`_v
z*R$@VI1W7w;N8jE+9l<_kLPsn;pH4r)?I1#Ase82McqnAp>&i_lVnYdX8d*izH9}l
zXhI9*O?HtKWJg_>UQTKTyaKp$i<o=?HNbSoF9#iD4)>&tAxL_$a}g#Lk8kt>P*r$%
z<BZOEa;o~sys8j%E%+e5N@u{6kjgdGa0r<~!_(N}5~@VY>|H+hsDG`+n-`p5mGi29
zza+S>RMg^8lK$EX0ttf?u=3q5StmIP3Z*+a2gjP`u|;&AQYkRF<cPX^xbG(6!CqRu
zs|J}OHn~{Ow_wZftWPhOjH~qB$$~W$^sUlx3}EQQ?8lH^LwL8v=RK0Bz4lfv>jfQY
zDWreo0u?>aKhI8X{rg*mu{>7=?O~3<XHW2q2HjUo(TIVd;}d+3y7@nIs91}c#`V{~
z6C-=e`)3s&ob>CGMV~*KY4wY3qgZEiYu249vOu(CflEUTy1+$2Au-b<NYTp#$VVhK
zBCs^c(9ECM$qt(bTZ4+AnLpW57!e(vZ_Z7Og=uvqLi_aukhKO8*18~twlZ|bHR`-@
z&)5@+P<2sH7i?nU*H^T=^qfuadb0SI9P??cbbZJv8)9Y22Y}F%iW$GzAj&L<BkSor
zzJs>0`>;y{`LW8rR!!X{EvIMwnZikK)Pvj^J(3~My{K%{=RT*G*m;s5Ed+|_=4dQy
zqg-l=5BT{|2Zyrd4b16w2o%v{<Er;rsEr0A_2|Din2&Z2&QdnWy&vj6HL9@k5A3_s
zjavFoXOT<PDNDPG%&2@@n6I_{GhZ3(&_JyhilgTJ6H(ru^8`ayy4wm@v!(K~aV~`|
zMiFI0Ou@(ms#i%V8!u`bg6vsm4{;}QJ=-_yNObxmfBAdy6R0b5oze?o`0Tx^TLrz^
z;i1dw`Yop@^Usdv=#Zl91E@Y^+>F@@a8H2k=grK|0q80bnQKG(KfDM;1`gWTa3C)S
zPC55PUoiso!}#!HR*<IpdL*WMc5%VU=dj;~WR{<;k^S=?%adiDH+=Q8K|088OYQh<
zr^#{m{>jtDv=}18)~Qs%hlDFn$ZUu0Ig8k%jfxyC1pXi{ih$O5+<e6%z21;cm%8;6
zIz@0N5g^%X=8x%C*Lm$P;n~cxoADH&r~L|w?S>zVdG3Pma@UV{@n<1rWDObkbdxEJ
zxZ<prLKF)2_hp_aI{5#I+`K|+qIEeK4=T`32VGLc+kYR+#TO3RGI8|_n?3ebv1xzt
ze<y)(hAQ`oJJHC-qycSV7ktH9F*_3T`*(P$SLtt#8mByr{Wnl12MznV=ikD`D96E8
zE7@eO=zc`8;@1GcK)|)#v63e1{W}#ez&Q_+nt#axh(Ws*jX{dw*=ai;O7ErD1?$7Y
z;lNXy2nCvzpwCfw=1b8j+VSMzNE#VKd4E{ww1Uh$s9?ELyN@&dC$f@V6BsW!Q#^(%
z&<{>CKc9x(p#RD?(a$*2H(wap1!u)VrpMBijBH@fn0ML=+H`Utg}VA5@`HP>O>&{)
zLi-(4Dv<+Y3L+D9u~=|82_hIHXfcnz#v_|L+00YvcIFI@MDRn$A3Lg3-j)?CNA1GK
zo%??v5V?KMw?mUywTQ*r7SjB~R3{J`zG&KRy%-NYv=KJ^TTyDm#u+Xi!2QIV&N6J;
z&@^=F%23pj|Lru&#K-U#I>92*Fo9FL_&}VA+{p(MxjpI(6hh+EQ#v23#^|<Ak2n)=
z*2w2JDW6p@v>2Lky(N{kDYm~Z{yuyw$P(d<+fsYIUJ!(ee+q^Qxz^dH+M>Woto{Fd
z0UfPO2wcmuP)j}%eou1x0Mpt%l5Yy+S40sg>yu|J)IOg%cQE<7S|4-QOsge13euA(
zDEswk5I3Hq@0Np!W+~@Sy_8~@Uyc2n-D_hG;94luk>FC#uL^mHD-4D<%=Z6tm^RtK
zFbe>`dtX8F{oCtI2xgf2${z@d4-`Q?F+DG~Z{WzUF^K=np>TXi{s-XR7(aLhD7snm
zWcTY!Mr$Harh!dTBL$NV)a9yFxY$>fn}dkZ)=zp0oh2EBUY!RYW09E($Wg!yLTFAU
z)h1Lrfn0sz&;gF+nC2&Prbf>6eLA&>L{=|(v>?#SIIL(J@hK+Hr5x0JpXHd|fBy_2
zX4_Y|(vR?xVFv@-{S(J>_G=I;{OG=CO%)Xd!Hs`%ifSNS2Plg*NsnxO?W2IalebKJ
z#>-dP%ib~bPJy(kbQ~V0rTha)#Mt#*X;2XuSB_)vqJap*oN&doMRp>2^t$edUcyS}
z##FHB6`1QRoLJbT20s(y9C2y{i{b~F5H3Ym**_{X`DO4Ns)-O_SHZX174G2&Ro-If
z33n9(gC|;fyRu+VUg(dlw-S^>N<Pc2t=EA~M!h-BgzvOEku)D_GXp+K%roQxA~A4}
zu%TgZ?b8|$C_PGcZ>xDmX9ISJUt!=nqERz!z`Dea9N<3;TZ;xTU)zX?iJ`SW7UXvJ
zI=lN9$&7d*6kEvbyp&SX@dVB-lK_VbdUd)K${q}JMZLvlrPod2s)8!|bokz~r^Pve
zM9@!r8fx#gB6v6=D<iw`uFyi3u}G|6tMiEzHP5FL&btA4;-DDCYLKzdamZE7*!`<`
zWVJ32^8erbFK)##5XjB`$#I7A={=j@XEku|yfywPkha=j=}DIt@WEvvYuH-t2Txb2
zO#P7Sr2r6rHx@2q1d5})RfTqA5ngD$6nGb(Tdi~{{=w%-w9U#>Q{!3-G(fb``|NLM
zR@Fa6AYE45{Hw+xoVB{U>^A`Sm&yYAC;o)n<(W;YsTu4?iCtO8*N496vaJTMCBE;=
zSIM+D(d}q>i5^v<^TytOUVH}k;5yJ$&TPH&spJlu;QPeOQOhYlt~0aM`rHq&w9<e1
zyaq(cgJBOfw?{L2dbD&6L>2vqJi|@icjbC}#2(-cnQ3SA7i1SN9e0F~;4rU<yn0eB
zrd8sbP`8WuE+K0p-QdyCI<>Os?Gd(=eRpdc`|CDP0N}h@w}MDWN^N;q=V2o7fIoQ}
zTOx&Q>so=H^iFpi^cuwc=RBhp7^<V22gxW8h^RBkSM|xlNjEI3vYC15+8(pMzi@{~
zIDAVE-qKOPC$F3G7<M~H$OeaQ@@?4s`UM4~F1Jdxw9|F1cg;#=T|yH%l;)*NrWQOI
zwe;M<;3J*YPU&ir(?6Qx-|y5mWod4#uP&~e2L^mi;w>ND!Y7bJ;F(vmI>&qEeVmRM
z&)o$MP!XN#*RO|<V_xyDuI5kfO5fB%KJ!D2YVVzbNi*kcd7+0~uPEa=U%gD#g%E)j
z8i!ZA%87ewA|eeIW23Q0c(=e^ZCt0@QJ7FE@>Ue{F6c1{cA~wN&=YS`qlDp-A`5hA
zvXx+7aN$2WjuT!-N=)b|HmeU<@>bP(^mw6=Id<Sb(+x&KdSD5_F+&s{9)BT5!aH`8
z>k$h*=E1A~As9{CUqW81o5PLvR<)VS`4(Z@{TJ3J<&@~@BFUo86AaY|%}x}!ZjA$`
zHt}G1*X~tMGn}7jnY*(z|0%X3S=l5f*vQ6i2+0N$96!cLV5?u-V;Nck{RBoa5$4JY
zvpS}lwk|0U&}dN!46y}Ym<widjk1%{E&i2aVpi6qxBlJG?X7Lh4l>@_b>~nZFaO>F
zS3X%#+NDv9uIkF)#{~$V&LVVAWRx<>Oiebi^Q<1kU_!hsF`L~ldsHh-UOT{XWA?Jb
z1c1<I3E177u_WS;osQINj_3h2D{0!X+?&_yHCQ>O!>=sQyeN0^?g&voj}_`bcZo9f
zy)DyIeUi&|@shn{cE2Aie}5LJhI}qPqef(@!Hx7^P%UMJ-fsVU$HknE`0gr+Qh>Hi
zAbkU~Iom8O`+C`m6>eYJ?}S5%;_dK6kBIo%unhLDpI9UY!qFxDlkS)=a&Za3xbe3z
z@p+@$hh`#+H<r1U*~=N#e^oPTzQ;8Hh8@NgD^Wa-dL<%-w;;?mt?i0~|MaqO)s8Id
zgF=Pgn3C#nhC+%NA`eH4YLpAFWg?Kgi1;a1Nu>xf%wDwBdrkVhNfDxOlocaijiOcm
zldqS6`S;&sO_=&3R)63;v54do?6gMd_Ybn_tAs34&O$}&>{o*u?Rl$vB*n!eGZ>kX
zf{e9GpKo9RlV3-@gGA<7%H`H;zxhUQA~|SL4>=@g)L}7sM9O7iEwn{yA(O&W8V(2q
zmHT0A*>*yhD=CG#<{b$(MI;Wb#x^m|&9ES5P(wgR6oh`ak(x<=#W6oLG!;Ct#CKS*
zRYR_I_K|g!QM8ZX0PECS5u|Z5_##OiQW%M1&umpi@i)e;2_8ycoMH3pgrD~J4-FUP
zU*|sQa-u`;{zm9!(CW3PF68<24|#&bDS5}7;qAV3+tWZ6SY$wZw6(pqZZfyhh(6Sc
ztH^uQA#$uy!L=X|-xD5cC`V6I0b+5RuHRib?FCsBVih-}7j&AXATYV~H9`ai?;FqM
z5^OTo4}rldSdhQPS1BB+#*)k9{acf>JlN2!F>GZ3lDYi?fVX#}ZltpAxp5NpvbYU2
zX_0}b2iK@cVh1@Z%p^)w6=Ba+_0VDRE@<ayKTL!Gk~bPqJRAd6D9!h#2IIHh6S~05
zo;T3Y?;bh635(1V*KMpeVNzly<?{sHr|Vdc<0uk-i@*!7Jq>S>UFn;l7|G>Kjg9Di
z;QBPrhia@*)RIWU_iUT>^e+dT<Z@1}5`*z02m#yK(O+NA>&OB80#fKw<CdC2`q0W1
zRWln^X&oG~YeJs9sh3(n&>yC?_WgN6aS)382zwYi++sJqG=zQJ2afPYmK<Mt|1+lp
zZ^S0_G{Th4=THsOp*^7v-1Eq)%MK@=_yMj2qt|OE(Qju(8p&<9h!VJ5T0<Ox*OO9t
zPp4IB<Hudu%z|*g)NK*WDK3<=8-K|%|FQr+yF*i@=-@)pah1YbW}xA3zK7lIbitD2
zy+Ie<Q95K6zr7OB)5Z-?v>>+aTjj^f){K<-b4ziT59cMX$aPlUm9jkgGfu6HKo?=i
zuNz+e$kwTeO6zQLM~{nA@f83Eu-0#uD(N@`lNNHL>Fq#|rL)6q(iqffW0|v_+&_Re
zYOyVD`D_y#)s^N!q!r3fjR1Nidx=%JmNW2?mt<;X3gIIcw6mC{5xxv>G^AmXW?Sfr
zmSu+!n9Xdj!|Pd}PuW-I9R$15M;+E>LP=CB=&k#($|GX=ws1A9F}y(bojB|MeL!zQ
zY7wr-bcRXTmNwUD>qs%>6wzSZ9Y~3_V}P|c=-rC)RmNM>+i*wH7w-oGuKXt|elM<F
zunm5BoM^1c_veZkO5?<3^Lg*D|8v2|Q#O68iG`cL|23WUB>6>!&lEQ+stAjYoH_zd
z(nTu>#T>Qmksqa3U}<==ml1%#3ilMp^+by>`^z{jhHi}gBi04GB%jgOgsQZQ+rUvO
z14OIJyD(sN_S2q+be*_x0x0pg!v3aO(Z>ylJP$gt?6@v>-4d%Bj8+LIsR?@bD`R;m
zKzvD8&sT0QPh?0`q+X!j!g9=;QEywn>kF~OM$F>Z;4)oNGsxfb73>@Gij(3tEe3ua
zX9%z}VFhw$vrCTV#rcNF9VE%9{^@S3L~|$iax<613@a<2rMv09tdco(_BI^<JJ5x?
z@|Jq>r%#A|BGGM#^=W6Gi|?>E>Z?6KRYXAT*4+$-1{KIorsi5FT@EaIlETGJ2YsAD
zjD^59Qi+wpX!z*-f<*nO1m+2V1^l^DhIuc})CjNWy+BwbzZ+v1ZLT0d+8^j;tGGlb
zUdW~urQ74nH^ebnVc}erj_^`Dkl)6fC0Z?-A#@Y(*Mxr*BkMjt&F#?;!Z9=~u9=o|
z%KtF_%=4FIu?<@@!k|@KiT9iH5ILbH2052F8K0iW^WVcrClb{P0??Q2{>SYiI=;e~
z`s-fXZZ_KXXQnFg0*e>;G2U4iLsxWVz`J&jCrF@gTGvAMuP@stjUvps9_Ch(w2LEe
zt#%h8+35X5$eSOcW>7Ip*i#TePHlMvFOVH(?05u{`IHfb0mYQ^bo$_8v~(O%ldoqs
zY+`5BB~lvMD#fhmgo=LIoaG9L^fAF!f9q0vOH=^^T{6&L@vY>al)VS!$M-jUZz?HA
zPX#1)?%>P%3u8io6qy1A2@=r63R_^1weP0Y>K$f8z%w@}z+`gsX6urmo)g)VsiUg;
z(Uf4L0@6-ZIMHiGFdceR2-D+3DD4`b!eZU6B!4*}uRBs0eW=izJZ1Vm$)lt};}NMm
z^MunIr@rafjwYCGDd;Z)es(`f9m$8X2mazFsB@Ue;wMF)BDkc9pS|}SLTy_|_86cS
zY9y^c2<2U36-<2PqJ9b7I)z6=pI&l%592Vevps=?`QIowehHLvN`=*z<P1MuAmWn0
zxm_^Y0^Od_RB!}mH0N2*O$k&CjFGVMsBs%f@{VG%JMqkaX8$+$Z^KO_00@A-$)xa~
zLXyo$-qc7Oi@jn7B105Qi`nMV%L4^-eSWB)i!?+cY8aJ@G8I8?(o$-qO|%tQQW9gq
zJkw=CU0)kz)tD%U$D2X<P*uz0_yO^2(lrlE;Wp6sT%09urhHzr1=>5nF9>%_$5J7=
zDt5^%tw%Od_{Eba)K0*1SV&L=2ZmiY90!Pnnb<z&BWI>#bz%*K^7J8r1}DQXCMp>9
zE{B%z#cqP0XjYqudqb>4=ZdZcARu^|@w*WgS{<*#XHS(BAV0LDr%>oV*XbG6(zrz(
zW@7g6Xj3`|atVsX5_v%l)m(dTpUf<qy8L{+ilY-K{$w|XsKG<4V2kTzYy=dF7$aH#
zGBw$T?eJ#fM@K|%LrvD#kDh|a>1{3Zfs)?QTm?eI9tNZalO9!o;c^#q#(`BZ!;+rh
zbCN1S(1U%*1uBFJsA$n3e=*l>)}7$8MByp}EHjtKTXzKWLnN#hW!7tcS7_PZ{Dd2^
z))TRZ6voc$a(%vf`4+F=j0wFopYCiB!^UoiHB(>BVp%N~334|UTYAxabG9+dE4>hG
zzE)mrc3W(uGYMJ(1AvVZlU1~0n*%b9Oy_G)Gf=u59e`>>;F7iHR3u9~n(LRg8kKi%
zb7{!|UqZV8{M>6{bBa2&-O39#IH-$FHJx@kJRHDB3+1Ld+-DDIiAm6n$kz9$;t3z-
z(+H$aee12U#N*zSR=rh#`=73ZdU(z3WR)r*m(UMc(E$RAB^7Trml>r)NyzMCymbZn
z-@a{bESQ3Il1M;_PdUGQnWl<ga*L-(-T8lY-6Y`23RSi?J!AQC_y9r1z9#NA5TNa)
zX@!`jiWQ6RQbAa5%c63Tf<E6DTQCYNQokIR;cZ}d^6;ND<B>}?D<LMxw>Y!uzt?b5
zczY9OqkaNQh#nGV5Z?NTFM4B(g*HhRbE+8BAsgj=`#x)s(Ld;@R<le!?}>q1*5Kgi
zE0^1A?lB}yg`#$7q~N!@%P61(4t<r@f%#d>HQ<3n*XIA~yv%*SRDs30FWYO$w3@q=
ztnKD7VE+=9TYY($-aa}Y7CalL-VTIcu8HP{oeQO_?-c>^8hJ9`lBvuJ!x+-UPXjiz
zLxL*+xK{~zl$6p#0@9>i2-s71OAM}Gh0@(uxA^J<a>(;3hl)FoHH!dOK&Zb2xtsLE
z=xuZ?IGB7yBs-HBN<vmvEHN%fmfDTJOyF=H=Qb0$K&v{qlZe6B+)<G3@(LCibVe2G
z|3GW2JLBflA;^A<cP-|y?0r@w${I>f^tQu_26PvtoMuR3*Ea{K-X$sDUM2jY{1v<G
z1pKCB$ff>DempjanDeA(SXljdR(rsb+a2E!rz@w}96_{G@6sHdseXf%pKy0%O(R)N
z#T0Tuc9`My*cA2N<W+Th4|aCc@*4zT&jSnc3;BVl0D3RxFS`QlBGS&6<1joJ)0OL5
z{e*RbG>Aga#&5G3OHV^W{*plGPNDAm0*O8O_p^b~YXz$YT<z92>NNPg`C!Y7Rg<N$
zEHx!SfHDbb7JdE?GAr~(N;tQafQ8W%&JiJ3y7*fIiz4cf;V&=Acb<%e(6Y6<CF9_(
z;Urf?ZTQ0zvk5m~A7ziw$*#GBF2!eFithF1a>19UR8)n=`SH_wL}_wQv8na#(LI%e
z{UY>G1;Ae^qxsCZcxt>2n>ah_A4mgN6KR)htim9kIXh$e5NVKVWiX~3oT?J2Pxt|I
z8CUYHJb3fJz)T*i-zR%h1Z>S85}bav%UV^SN6-N~7iYA-o`@%WkcIA7_^4K>U5a}-
z32k#QrP5rc{)LW}kqjbaNVr3RqD>KL%pPKf3VC8bJTo;Dv03Ph2~eN3#^BGdOh<9|
zOS_lBDUC+@m2Xozt4+?-6$1-8kuJ#1J3TXxK&n7Y;a&w<qJY+MPK7|ga*HQdycAGN
z4+ChQ#Lk6(I$N*5XtiuK!!?oBBukTy9+z1CVNb3}N45ClpL=@*7|%7Nmh-YXJTg8r
z62tJ50u=y1oeph89;T$NnGVX9VE0#eUQ(L%I1w++l}#Jg>EyJrq!88d<)=c=`*j$O
zwcv6;3GX8jMo2*MUf(XZ_T|X~XhVF3l}u@Wai;j2Sk=beBU>(>jLP(eTR7T@C-~aj
z>gfd!!KpmHT!)x9NsFl7I_~TQA`t~>zYtL2wF*Yy4Zuw%`F4oo<mN=fw%?L5<M~!z
zdz^^RQlt3i@<r)Ue?%qx?EYbov`jc)-D+P5KrGTpn{y5WBOW5e(CC!{{+t(5RQkhZ
zwpm1Oa49%0mS7V9>@gJJc|%!+fa=aS2@zqy?7YOFVb3|%v~X*}eZ)HGb8t6MGkeyF
z^dwatN1-yBCipktEU3uP0_VD~YBW3-?QIHR)afLNV_j`?vx-d4$X^vQ7?-crM|2l3
zOq<b<7V1keTh41g0QJx&kg6k(!nFRu6q0_pBk1^q$a>#MctZ{$h{HMFe6mM1nM$o;
zX;)PpWLrG#f7aw2*SQdRgvL>)Zy7K-B6*O5<f0x9TX_aKT5AWXMAaU~U`F1K6V05!
zeycYRktoZI?e{(jnm^J|6jxW#?jO06ZoV!HkKc;94PB{>9krm@FThy(ZoEr9WLs@3
z6}RoVb}}6zDmJuEku1}DPf+?NSHb~$z|(gmD-`nJLvxBsy*$%rgwI!E4L+XQiLf_E
zKinI{D)WQqMFu`bOhtBb=q&Puoph7^tYc6H0{aKRyn2+rMd$(?7jai%uR52MX8&c_
z(g?C@OdKKgYmUlgB!%w`dS7*#wvch#hLzo>75?}8GuhfFERYi@i)S^gHG23=EzoM&
z-z#RAfH-FBnAiWJCe0JLgKq&AbQB93f}Du{#h17uOH=|uKpIJ)ky-cvLEY~RKJ+UN
zk2A4r9nReh7_LK4U;VN;UI6anNrGb?gE?==F*f=ib_p`H22o~bh(mZy8)4h)vw2lv
zX1*gh+TeX?6Qf%?(2<`{A$JAIHK7_E_J6Q9WiykrNQU9IEj!}&9ez8i==_-#lP>K+
zs~j^pL69C)Avg8&&BQ3dk#c;4C_gG;)csYV$VpVt*`Gt5!ATMB*|TO|=fx@Y(xrFz
zAr5z=G20sBKUh#JWDk@)7oD(B+8{`aa4;wMRRJUYl8c&7#bkUO{*<tN5Z<a=u^%zK
zaD}IK_)ho9_^LYkv`yrFZdI%<!w0;j!HjySx80MqUW$3G{#n`LAb23q$gl^xGonRz
z7oaEf-836jw=IkYfZAfW5UYDuJ9#vCI=yx!n?E^rb>MdVzOPH}Yjz$!u&Tc(r;8|L
z(G3v1PS)<Tm1QdNjIf9~7JxZqf>8OM<|f2Mlux-YHy24Ej^<<3DZJ#|?zWr68rS?{
zg>U_=?l8^i4?snZF+52VC2}8e(uA!UN0F4;k1rDJCwrK2Q9O6(t(B|0_;987WC2*y
zskY7~8VRNH2E)uksuVxbzE%`_wU_fF6jq(TmIp>EHQ~HljK!YpHeOMf|8y7e+I^H3
z%de`LELn-CHG@oQarr7HAiPC1T<V7)b0pKsclL->$)2;KU!G~1%;Ka_u9jq0C}#MQ
zE!977yJq&++KJfm?wCN@!TY1~AE(H--oKNAe8wFk-(6l;XDzN}XW}FmCGNB(`ALx$
z$!%@ec?7o?YP#sb;&Zk>QReU(H$soVfUuHQ-T7%$NS`vDJ}z;yU?UTm%4T)qu9Q_N
zs|J7M3NZ%9jbjwy^RN<}acPpHyuc%-TNj)^0>-6R5+QAY%ZOo#T|Bm`RCrImgsJVs
zzimWggfOqZ-1-vbO%|j3;BF%XlLHJCIyW=<+3nCyBZy%(J09-igw)-*FmtyeS3|%T
z?p?ba94boFS@XO6h&fE1Cl;RZiW74cqosQGJheEzF(2Gmy5Mp@2fm|QY~q~JS6@k|
zxARt>Q^Xf3>I!%1CmP2ukenER*kDw0L5mG?roZU(sJ&@b@@$1Tc;+iGYh}&PHWzf>
z`B-hfja9y|7Oz79HCm2imwE8;ncf%3fTnX_<+u7DHom&tMjybBH6&JCA-g;+<asOQ
z+jcVQEjjTivCUElfB-mv0xwNRN7kMmqH?j1Y#I9Um>bQSLiO=avT3DQ|3!B&EN2W$
z=Y8J2*m)W_{5{>$`uR1E;9t~M4wH}PL2F;k7~A3LSdWnp&*ctf=C~X+7{_S9ZNA8|
ztkx<j+RsO3+FFwIIl$-a&TB47{JtOMhmdmw%^&=iwiZZ;b<m+)Fy7o0x^evnyZ(Q7
z?{qI#HlC?z^RO^zn}*QONPpc9L>R=jd4?7|^m7e+65zE@S!cGlv79qqsC`_Ra0iT%
z#X!nYIop2$qtxK+!*dU>co{@b((QD;8@Xi~=5I(s>q3kEyuRN%)}@~ln*8aE)Far<
zGGNrbngGU>1dWLaif5f)lvl#%ucimoBKe>vMS|<?Me8rpA~R=(iJxF`R);r{utqAU
zCLc>|9}%+VtH|<2%O=S<XkO2-*9>9T2efdB)<uZ;c5EYq?h$~1j7Qp9K&!GMUusST
z9@6j|W9~!nDBkpjA=(MN&rXFzsU5$D;8akSH&cQj;vR-SD!C0tfL{Rd<O-BC;~FuD
zob0&0;pn+R*-~p?jU)fEy9gU#b8TO6VT!`_wN6fq(anptom{P)NP5DdynQRl?V$QG
z=0~{#8Cyk17h~fkm2FXyP!8`wP8pFQWX`j%ixyu`PNb_XM589gan71pY>{wXY2cNS
zmRBJg3UFdd`>&A2LKW;oZzZdD;)Vcw9oz_vXi*8|uaP6J$}zK*GbtntK+3N_yCa|N
zw1gJVK8D$7e`yM*1*%S~^%0@uNx|T_w3qz4bilO={ts3am4J+nii}Sf?1C0dC1oTK
z4(JoIzD$A?YKw?ga~uY~T~=+G(8r$xXf^~!8wyuktnpmYa2HJ*Vev;*BzF3}dHS(|
zA>hYbbGPIlA}iqAnt1tz0_j-dDpYi8@aeQRN=uwegjCYtBT~QC&|oISgw7AcUKKKs
zqiqSLK*u%N&`Fwba)y4jJe#qwil6@S@%Iqe^6I9FSoiA75i%+N-A(zgW_sz~R>AJR
zh#4E$S$VEi$O#)u=0jn4)U*O=3-jVCtbU3uWvyI?yg!3y8EUOV@2o!{nZaEu0lOqx
zjVl;Rq*zeSHbpjI|5bZ0ci<S$&r)nJb*(ZN1@!Lum7|9sA0UX5$MgWLS6A$e*}TC9
zCOu1r*y76J5ZW_Ulo|P3(K!Fm`N-ccq6@P)17Z9Ku$Om~!6rBat6+c|>ajOmOr7hB
z9s)lqmI{M;T!&t<lRg{<E@g^dITbliu|NO`keYh?>Je4J0q(6A6d+YZLNpR&p;#!M
z+N!%0-_==N?c<@e?(YiC?~3nipG{z$jd?yS)>6Q{o5GRLv$gysr_e_5h2j3CsS)l1
z=Ub1H@`XHsEJIPv_xu^;e%TNY#x}K95Bygim1TDz!7!^5Ds?`WuY5PPeY7s#?u@f|
zqEfQFCmdt*)hTqQd*SVP4)ty!R&GJ6C}6I{RSB^NAFyD=@v%fm4vTr0o879Q*_MFz
zpqbN|y89Dw^4jT7nvgu^jmRk5{Khq4nUP-a`6%y}+5ne@1yCRKlCX9)IzTqVJb)Dv
ze9F15WrC#ZH~GzKrUu>nJ!II?evu3|k@lV^7)Pn<q99KE+iXS)-Kp5p%@mcqT-jA>
znzV~0Vt_R?7sh#E*X<3KE=<=`k0}aWm6`AnXXBJ>si%peFVT84u0+b%8%is3Lcm*l
ze9f<WCjW$A64qKFW{!b5wLIR7gOAPE3GjI_-|(^A>cYCDk+5?`w;9r_^_b-6hIRjo
z5>&HPiOTUXAgHiak~usK>73GPC|sFzJsAJ^^-ep#x%X>1Q0MPt>z&v}Y_Ere_0==l
z|Np~e*94gJx9e1ka3NbOJYJV2e4mvxvO8rJjK2O$>$f3;{#5<$Q^TR?8c1YDuAvOi
z;!Ye}Xo4?eEtecQS47^(7bv6(7l=Ut<tlOPKOAIVF2?;ihWkmka0qiy3e%?_#i#yk
zf0gIbyya_-rN%)=0+yp>F+NtOV=l*SJSbc<W$;J%VGWtF!mSNb?vNH}UMUhrEg5PH
z5u>?lIic<NMh2~%l4A2e(i@!VDJoWtq92B$+fld~wb(vlahxXtF8!!*Lrr^#$?zT`
zPV4Fm=b)$<s+cevVG>3m!Da9xn#z~~43qu0U@X5NrPRkwQ4q$P1!5@ID!t4a>7&b?
z^HTczSIQ1|H{<T8{o^cH+zPGew*?LzX3SM3>tE3LU*%(9ms&52x$T;XgzXNi3KqhO
zdPkm%4As1AF-@=wLOHPRAB|_fp879{1neD15jBObEM+GOG+nFf&H;&H2N(uyPvk#y
zUgdbW-AUGv99MsRc}_iRQbQQvjHp+R!@w=TlL4-^?;&1K?=!+}=v{yUv_U{-H9zpZ
zR1~O_M_1(9C_Sf9B8)rIg#j5xu2{Vj^=Bw+B$)+*tL=WJSYwm9;rF5bnjPG?ZKrpd
z=PFJ_GPpx{D;7w%rv6o8g#h=LpOsD5T?xc(h1@Z6ndz*yx_3!fInR^qfF785W$oWN
zl8P%b@vOrT?orAk35Z>Rn$fgCf`aXrHy>ybemtHhpLrxb>>WsE!ait-w2!r(Mz>>9
z(rjV9Sr~jR{;6A%<>8%1`x>JZ8)%kbg6LUY;9+W>T3ZOB)5U(`liIZo!VzQ9b`RT1
z|I~$@CguseB&FU(i_ZJc5*91U=O6M}To*9t?suF*oUm%B<&hXYY5Hd<8(8Dl<(j+v
z#O>-k0)W-VNaU)<3cP5nk5m&?ZIhXCIbQS{6GL0F{<{F}kjIh~WjeO;t<VToY^FBT
z&aFgWCHgJM^YR}0#5)aKhOq_A!^)vxZpBFSQ!(Vdi|s9Az7~9cdL%B_yhe8WKa$1m
z!JrGU!QwS<+D;2cPfd{^LQo!+MDUYL!mzFhP{2LM9$lXD8P8GC6`}P)t`Zd`x%bwS
z$(v+Sv^2YC)r^$vE_J-~(*n4bsjA{FQ;H}NF34XeId_L%7FkS|uA{fiEGX{knHYt3
zqgsich2gwubgngN?wYB!7ozr=k0F#s%iHZ44oX3p9Lv~Wyb}NNEf><P9Ow`{fF*d=
z9CGSg{0bsx@#AeDm|nQC|7NBv%A(S2<fm7B0<z0lH+I{QtiNRM=$xlxC!5d0sAqLk
z7b)J7JPE%zj)}xrl<GIkRK??0MG!XWl5=*%I~)C)GeeE@sVLNQd51vPoqM>KnU$ge
zdCYSuQ6TB{h+4JNFd1Qfk915O2->1TV|2KtT!?A4whxeczCt0aA&>!g^CfoKgi+(C
zYrn8`0_mcz%67u_M)<7$O5Rq9GQEzQ6eW3hT&eY{Rqgly9x4p?M0~L>?c8Kv<^<=3
z3BtAUN!wo8Gqc&IIQ<zVjSbIpMe4o`7vOBi&L|-P^2SD-Q~Anrq8CgDu!u^qT>_Ix
zU{K&}H(N_RTyk|bhR$#ja$Wta5vl>{1_l`>9)qd|pH|pPVul!@B|TclY;(|*H{9{+
zzw;FMvp*>Nxg1uAVXAn9WSn+^J3+5boP_>Zj6h7b6?Vb<GOv?8i9tiO-`qsTsHd?K
z8>q472-=q?;*iNBx*7&O?X>N!tc*KFg{2>U@j<*OZ7Ek_p<zFvYPI}_<8)_-aZK6p
z0Os_^FqHwd{?9J{&GNJsao5>;SqD^Kw!KASkzKk+9#wqE7$Od%{++NV?S2|$fEOW2
z>q|Y^iJD&0N$dZ$Q4sP%yKg=}ubf{2D*2n?k_YKXS<(FU(!o@m{k$U}Bj29*gt&VA
z?lKriAmk!i<q^6kA?KXl=f?a4+V9ly@z1P6SCVq@T#{h3^Q2m6;UoBeRbr=?a#6ir
zG(xU>nd-%@H_r6OcBTLq)Hu5mbW1fB*J4O%&qhhcM+*n40jaVl4a~O3Y?_t8%0QdC
z05RnPzp(+|iK(S!O776`=SEYy?K;GI>H6zrhcU~j70i^r!bgJvS1^bW$51#ch<knG
zLkz7fSz?W)ywI%e=6av8sB-*VV6|nW@S^xtEFs{W6Iap7DzFml!_z4Y+x`}U`yIIb
z+Ps2jkg5uX1R!0-8`LjKH#0vJ=HbH|7y53HzOyx9P)TlVdajj?)&;;Z%;<`Fv(4VX
z0Zz8k-gVLCh|h|5=Si+s4;h_lFesO5;In2#O3Vx#v4l|Ug{Oo<x5BG*dE+^LZh77;
zBX~sS2lCCRGI?Tl+|LB1?IKFEOj2g)ww=o;$?R|yu7<yI;KBSTlT~mbT6N%~y+y!C
z=WOV394k2QZ-k|8<yzl~w`B)LKU+fV&NlB5E&vl!JZXF}>*-qz=9S$a9s?X>J6<D4
zZx593di%}xky#8s1q8{_tXD<cGMi26;~$v_q#p@_VD_6joe5n`mJv{>IkK64$?wjv
zGfgE#UUx(Mu||pFytVmvr>c*AoDlv7(X{mgkj*63<*_e&7}X7Z_Uo@foC!}!TkB_Q
zZalg?AgQq2THJu4@R?GM`4@qEEimQJT*`FpUGj-cq&S<xh0U24S2R{~UYu%*#ZAd7
zwQ}91#sf~xYBx-hqHqX-{)$uVzrd;3U&XX1udI&6alOkUFBKc^u;T3}A5v-_1!<x=
zNCgU~%lC?NYMq=Oxbx)cE6J)qO1T-^{y3kBzHek+FX!dp(<8d-@yeHaIB5(8=cWi7
z?1gwwTv#XtMz^5e9{&RKZMKJOyL__pOZs*q(s)+iRdy*HnH66b!qW|Rnz8h21j{uM
zrkmPAFvd7D7O#_RS*nC(N2yDvPH24)SaWgYR+IEh!6SCBIR;f_cyv;%=i3j$#A(#Z
zGa1$W0Ms>j(}`M#;%KS4P~`Q%7ti8_7Lmj~#Bz8iw;eL8Pj5qR{F675{|5y#m=$f*
z{Y=N^7ySF|PweSPJQW+xP{-0Jh5ejTVE3#UxlJuq-1J%ziBL4-%5JAfv+ouTpETTP
zZYYaVdWZnT0ldQht3u;pd}1pszN|3bxY4Kx9>@Qp3Q?no2LKdZ&Z!L01hxI_eTGP+
z-)dU~u-Ysh`AA=nX(N~XDz5)SF4vEFPrK$}%K5?_it-zRH4H*&`M_aaw<FYrmSae|
zWh%K+F`=~INB=A8kX~HX<qX2ojoc(|uKt?6I43keC8PQrr8DGwh&Uq=D!u9%`(jnG
z1iz)FA=r&*8JC_KeSDHOLb81Hk^-PKx_)He7h|58ZhUH2h<f)4E!J<<PFxNpf3nmz
zIa0WuQ@gXO#*auEH;;_aYk%P)X&`*g-YylgF2*AEIFFqh4m#Wexm9SS4(NIagp+fd
zdjD+InS`GeWgr!3)k#Tiv~`M%9sg)$sIV6Xs&853*SP8NXhH>Xb<gkA$Kbu+QQQhJ
z?jLj7)2JBb6oJapGNOSg%YasZPo#S7z(XWOff<@&4E-~gi|j1P2cf*BboA}`@)!~L
zfuX9c!v*{N)yeGzbh3`s=IINqG9EC}8I?&e+o1<#R3`41&3e11gNjk`-&V`_@208}
zR;@S)aMm$7+l*z??B{)Uj@5yUu55Z>c4Hc1_sllx;oP{`-0Wy$>U&7VbisbKdAYkg
zdK4b8ZDYT64ST)$!Ew)}Ni5;D+(Gwk@zgce>ax6(fHIQ4Yx-&D{^UJ2i6h{4&PF(4
z`CQ3Bsx>A@!~KiXe%-1*PzU<m1K+&DBj`g}6OhDi`}n=3Lra@hg;?c=5c=B+mZ!^=
zK*VQr7Z^WFhaqzB4eo<jftF;tMM^PC4mh(T^G(AV=xJ{Y%<Cwt9o;$aVn(5bC85Ld
zo6Ej9KXw%JurZC-e@QEvNL(7UI*@-+2vCXo#%~~jeB%JH%fbSohDx<mV?1-N_If?~
zLf*EH08INCY_>>yvei8nw{I%RWKf;dOgLLjBbMY+-q)LTYTY=fO?%>!Hwuchw!-os
zF`L61`H4QS{xjpcbS&)nwGN42^0`+rJdNK63o723#wD`KdQVoQofX*z;}>MLmF-$&
z{c+~u8uXY&OMPPxXF)L7+W_R<=oTPGhuR#beMN&DL^}h+_F05XMZ|=XX{)0fdVIkK
z7;(;b1Qh@0cCqdUQ25DMw9|+tL69)EN2YR+w>d|9sE(y!&*X3}F>|89wVuk}=L1Pj
z>tkokcl72J)rduQ(dtQ>gpQ9(-)6V9Lv@31SfcZu$!QuGpa{GU)YaUX#%MxfSjs)J
zaj&9D(09ooQKK??mHGze8(9J#VW@NVb!cAQ6Al-k`tw6@Wbym^%9yKfR`SFS)a_;u
zdB?_u%PM!lY%oYd<u3BjZcz&j|A%<qKBu5hn8@i7rh0wpAr1R3Y;0y-L@Hbjv0y#J
z6^>#>%$XLcxlHgY2ukbPIho&~52MO|5mqkyLkgxtnQF3k!yz!s_-@hV9f6IVllRCW
ztEGQ(Riar|fd%wmNg6idVd*+m<-{-SR|QLwbKL)oe@a735o<O7@-qn7TM}XLF@mgm
zbw>59_fc&E1b>5k7<p5%s+Y3#Hya8>?blnbrL>GR!eK8UT_^e7wuqJSvTtyyQ1DVQ
zkqHzgG|+@JfU)APmt4@ou%g@CDd)6@=fYa<5pZ16?1kKZ#5-n<^lV|Ci4IDV%vDpB
z%Md{Qz&Z+fhpzt^ha5t#c^~HAi!h{p(hMQ4h>a~v6pE{u>)ZPPdAhJcrzVM?QhhB=
zy;7;j@0_H+@li-3IkE?nuL}+WMiM6TImg)u;Y;Nw$#|7&^L9$zX#uW2TfO%HV?!c{
zPor1{O<u*p$HW}c_uKc%#X=6HP}g6K(WPyH6GnmWbM``}>*&0c5ijwC_TP)^yVnH%
zoGKUZXRxcF+df5+Yt?#nOd;DC-v&cb*|mgi2iH+h-e_;hdE|ti;$o~%42^D##L*N-
z;84%X{svpAn8sjOwgvI(f+~}VAgo9S?;^VqYi5PjsIhS49$$iM;86$Y$+7)=#MtXc
z9Tp3bovtFE)_b@35i$wok@Sw5mL_4#4)``sz!~gonSceCF?iGxqIb9ex`8ty@D0(x
zv``5oUFsT2ovz>4qC&VaU$pAqUl@55*~5=&67?_6DH%7#j6H_A-Q++mz#~7K^f|h=
zRR*>|nKk#V!#mg>Y+)^2i$DROTE3Y4P#-0aHp;tj96}UOf&L$uB)YkH09W!Kj57yr
zy}E$v6_V8$Zwx7hzliCG{ia9ew|kd#Qwd^-^Wn-+8lMdtE*OcY^8ppLp*p-5ne37*
zy|kx=mWBpfV|N=tw4MN)O_@^KC+B?t7Htf*!{tkiu87=7BA)=)X=KN75Bdqq#gJ)V
z*&BSl5Mgbi`FKOGBsD^n(DxXq42*dpR7ct#ejPsb!?=q-(RxTtX22FQXNtRDk|TO0
z@;}%BXXVJ&UiMN0RvG>_pkjH*LSJ`DYERBFt`$f)zpxf=t8yK<^|x26d^iKIAA0{y
zncT8V1L($iNGfMK5%<9l9O@f~4R2X8y2u87>Hx?xukIH!5rcoxM-tTR%r@a}!V~07
zP@#K2hxMWRheCni3KVE;Vhw3gc^VfaD=SKT1jyS8jJQ?q07$RT8V5)Y!7_8H+>rWc
z4mzLK_=H%C4#KchCfQwZ@6oY<{FBcJ=bi<z=m<A?o%aH#$)%@{vaM@5CAxO|pUN6c
z^a-&qQ&UZ4RnGTP6bx<YOO-a*;tRc+*vXU<)z1e7eRBZLe$*qRaA{mnS~zAE6$)`X
zG3ocERJ*Jmn+o}(B8)Kc#5@6#^a}}KSDpZlu$|#Q;APgPg$^uzS(wCWEJgq~K($-t
zZF}y?P#l82a_{6$%sKIv(^mD*C4-I5qk$ZjkFt^`r{=dO{$ybftb3*@z4fa$Y2G)v
zWQwg;@th=>s8ta`$QaPR(CfPiTlXrw9h;YhOp8FZmo|I_M9S+?AejEC*-nFry^=Ws
zx?MFGO)7j3uK_{I=K?>{T-f9vt?ao_KBW%AKH4}zLQEh_`eb67BtJ6OKcFqgExCLn
z@qC0j+xa)lUrWG)A<_+eFmJ1QA#b4hE7cTi2<t1*GHPG?O3c|iym3<hm!<ux)>R4w
zH+F>msjlyYFx6sx;=i5~J!p?U(jB)>3n`ZjQS6;x*~@M<lv&|ww?!pMwIPTh2E0UZ
zUb2J+@vf}0`mVsBC~3>Y_?fDt;@KCC=9#vJkZNK?bbA$m2%UU2yK;u}k+hnEshwC3
zDw-)r6irf7<*}EQ_x=w^-&Ro~ku9LEf(JXgtTtsKCpX)Uk<;RonvRSx>ozd{J!SH=
zXH)lxK`9f7hDR?;|H<2LO9!%ni|KeqDM22LBzY!<J?GmOv0%$(^_)yUp`En&y+5c9
zX=y+*`<Pb<H&P(jO$>&YYYTonM}14c4#l!^Qoe-0Ku-~pCE*~+c5$*Wdv>xY@Aayj
zolJ|+`M*u~__TlG?!tMDo9yG7re@;4bQLQ==$G~u%KOFHQr>+nz0*F+o-{D&p@8aw
z9Ba|HNIbv!7ncO?=$TllM6l9PkJlV*uHh)x+}O3b*SG&kee#dqgMv)F%R*AX-u9zY
z{q+%axg%s-GZ7gm&0BA}f`TJiIFC%UmsLAT@|G8*>FM#{jY<70<$Mj!Tw|qK5hvPM
zf|;drc`VlkY=7jJq273;XQrWO3o1-ukawsSO#akXrX2w=`ZbVyc00J#JzJfzS|5yt
zKZeY7-pH#ojbts}zhj-!e5xW59)Q7<M`4fcz%#Uw^9wrD_OuC3@|hEBS5n6}f;c#O
zHa*Oe2DaD%U2q-sH!V$CcmUF2M~b;f9N}bWhv=*@sNO`Q^qd%HKL5r}`p&1jA&R^?
zII4+CA$Dr8*+(_BgkuM%!2OW*eKZ`4!JclJVOSmh0?|^j?1{6=VL3UuboJB<cr!+(
zmPR7B8%w&z>K_$B5R6W=x+QledJP+F-x5<p^URU`sYj|z?hOlgZ*&Bt_E9D_ek@2b
ztdyr%)aJ}&qLLepXwHGe*zb6^mQ1*>7K1h*BGefv!4V^Kn)PH+j2uI3XAsm5HV7HT
zZ4J_Yr&fh@(%ioUYP1ijYwcYb%3IRCiQpX5?6W7DKTO?CSL0-^PuW0BYH}Qw5d-$<
zppwH-D}Er(2oq4%9VArrpLA5CSAHP5rWynFP&{TCUmzJ<)o;`YEpb)4sfer1BjNuu
zPo6Zi+daQ^>F9lAW5o&m6x>S8?_CG+e%uqZqFfg}Dp2DnqCf7KfX@pwY7|5g9h6kb
z#O&lI9lL~g>C;vQnzB6uK<qpS_(52%{YYX^9x4SeHQ)ajVApGKU&>VXz_^+4JHfTv
zT8)rHz5wJ!r#W1GgQv+%UAL=gtFRZ+u8QbyndJQ!F@9#!@L<fajrR?)l>NeeKT}9-
zzR9VGnQ}%S;wopCWW$m{J6cX4x+mIcFBtBBp5;q4=YS>wF4cirQ!AN&c-v~fj}zic
zHDyxjbVJ2ID}!j)*2ff-TGR$FA35hs$f1^YJMKle&(i)A)l0+@rBTM<TVk_Yh&s>E
z@7qsPOYc#fHy^}d+pGLQE^W_kLk4BWBd?=?=ZLQt-eh)JQ9*HK#9&e9K&NC;4|TBu
z*~JQLXF8N8yznQaVw0_X<eUbbM$xCgwtJ@|)Fwyda5cXXd+BI}=M>*}YL10dyJDCb
z->L@kUoNofbEj<sN2*zVOyq*v%RO(53-B{*Vr)-^oRY)>zfUlNJManYxb^}>b>(Oo
z^b#K%B+frRb~>^LJKNqfn84b$Ua46%ZprCXR;r1HsFYUhY2p!4J>)7EHj-Y95Gu{+
zi^}OaSpA1Y@D9cnXW=v}<{8@3ZQl<cHE`0NmHm1glS7IJ$B(1>Dt^kODaiIFG6IRz
zu6hwfl&Qctt+KpnLmN*s#kR!N-Y6r~j`=MQ=>%mna@`sJ-+MKa3VO^}w54^XY?2Nx
zc7Lj!4QFGmRENp;emF)1x4LV`<QXsj85Yquc_)9vG=Zt+dWU$v@@P*`l}f?rX!}J2
zCP}>zu9{>J8g^$acXIVJsz714n+)~OI1R|{J{uW@8xHIscFIQ?MdXKzE|y6{fBE0U
zC}-i(`s?@jG0?B!PHpq%L2#t|Q|0t<kXMcy31;EMmv(gUEpLEVc#CYXYBRmyI$cpf
zXqCX&zWDQ(n=f{zE17FA+s}j$)-%2@mbi3RVzZ%i(!t$%mjS|B7PWLSu?A48qiwo+
zKVi9q7vm8Cndb1D%aMhctdtM8m`AT7`C9Je$mS$qND{QCY|`o_G+SAj7fEsYV|P{K
z<Qn{UFEYv~@r{6*!Ix=?JM&2V8)*EpAbMXEdVuU6s@<=3HaK%wmpKoD83EW)sib$O
zr#RhXLra$gQu1S;k(R!R0pG&<F}+B0`F6!u<3|CetF5zHyH(dGv)!eP9>x?EmDx}F
z^$mWN{MzT4><O>h6Ivi&FBA<MK)U!-+T(L7@%Nu8s<a2Z?x}MIH2zB<>y}IhGvepQ
zi4aEegf;a$ZQ!iUkuV`@wGga6Mjo8?yGf`zWl678S{vJ2&1YW+r$b#63zV0!JwgN=
z9T8aCh=uiKOs6)4yV6cXjyA@16<OH<j|^GV)?T1rCK*KE>pRfADd0#CaayW`6@A5K
z8-cc%GENK5iymw<o|rxrFvx99AP-q@YId?T6KPMEZ_Vp9=wY}BXtgT4q5mVckS<MO
z!PcG7iur4l1AD@BwShK@989zIU?F{Q2?^z+p_FIJ(wFdq6u7-Eyh0*c<5pirc+o1R
z<1X+pFOC8AruF<IwCN;$VM=YmdXzty#f82Q43k?5*^FWyq5t-i%3(4!u4U>B%V2fa
z38DsvIYdNxvkJ^Gj8vdgDOA{Ze}blTG4KCR`7KFrpxc8FD~>NR*!l>MtrZ))ypVAg
z4%f5V53(t^!;RvW2unMwNUu%i$1u^bab&$W<PlbcFvJ@H*R<mru1Cxq*C%?5Yy^4q
zH`XprkQf8#5}#XH$ug2SJ@3;xI*k8v{(Wv}+IBW<3p|;PxK#~OLYn~p>{xk8ui6Yk
zH?div^otbL5RlykWaXZ)+Tw-$bLglOA@N5Y5VH4&96FBhw<`z@dERb|TA|<Lzjh}b
ziYv4NhJ#(rowVarI0?CE9DCO9*L7CPilAmRS7EQV889kDI0GL@&=1K{Z-;w~b~m=V
zF|$p8h>0|VPmbe#mw99dE7ki(T%{53gZBsHC2{^tFQR+lK7hk@qWyN7sY65VkyxIE
zJ089N$Jy`3D&Q@I+~hiogjCrybqmK5k{ECGGae=)@yWORhewi-=)g|QzF<-GY1U^Y
ztakjycT=%e<G*RJ6rE&dn_?q<SJn>*UQP1G#yIx5YRzn>bG~rX<LQtE);HATsGN#c
zIW6$-q0RRyxmnJP_erwWpG@b|F}Fi=9OgaEFSgcrF#JgwRe{_e&j-Vl%jE2QxG;j2
z?K<n2|BzuNHF^`?Cfa4E1KPU&tAGwFQV|NBZ{}3=fqqH~31sf_Po+-2OHC0OkA}G5
z`O@SrRt6GA^FHDHhdLWT!?+k)*R8F9OPPShXB(1)ZL^pCk>=}je~76vT$wF+FQ_L5
zhrAaRb80XQsM%2&G_BSwAJ8>6bkBB{@a~}vYOz^I*>jpMH9uO*w`N7y4x%`zB)a2v
z*emR>_awOAV`j01Di+$F#T)eQG4`22K^AwWdbj0NN#GK}SPk|6)S1EvL~O@D>-Az%
zu;4dGtx#hm2%W*`Y$Bom_SBA#P@@zj5Y?B{u!ItW%AsfoBN&e3c=#@1Oe1GE$m#%U
zFcI%*2lCZsLav<5vjRNIGSU{-TBC1roxS|kElPC+XiJOPkwDJ{veVNsqJOymX;k?V
zG4<`H`Qfdr3f2t~spUddiMK~p3QwT<frdLZ*9w_PHUJsb0#7+EV1_7>IT7Y*5Is%9
z(Y`ru%~EUg@UbfBuiJxdPtbf7c>T4pq)3Q}j$fdY9~ew{4-}PWn-)Dd?RCUnhmvd>
zcRSj9K4+fuV<hOk0JArMn%yn7nRAvp9Q#@zIP65YJvP1tyJvkSzA`IADv8y;MC_hM
z6;ewN@Thm@*)IxNd_l~z==<hR)eMavQKnL?@7EaN5iFZNmm?@U5wY}&>FVuHiqvO9
zoSleJ`sTM}@TiKik(_aFY;*gPF)%%$1IzCuB$cQm$B$>!c%|afGPf3XuiDZUe<oqT
zT^Z}lzsePPiuhAmvbpZ59_V<oLC!JgB>ja#Ze18t;d4JQQ?by&)JQ%&V1>;%3Q~tS
zl{gIS>I8o~OOH}>-y*iyj+<4Qq6Dd74g;mK_{G<7E&3*5zaZ=a&w9hWx%LJk3GNya
zrJ_&iCQ8J{ox;Gb8rJTp!LdlVB5<(ZnKhxyqoyI+Ebm_D?j(kBzdxjRq~ZbL`)}JT
z&4Qh4>OP8~aDDkf8$LImPI8lbV0ht%gF}&FDQbAFhZs`1qa*}nZVgT7mrwQcGW<+X
z+ZpM8tB-(USVsM~TM*vefx<z?(|L2;v6LO5v<TQ$$QRLKjB22$93C^h8)6=?S9T#E
zGD|*&GDzV^%0(7v%q?cn%^+JIfnn*zwvK4coujc_?^#&C1<C666SqbIa9Qd3Bw)4d
zVp3Hvjfx8v`c@j_oEDAqN{R0g(V;yEd|Cp*<$>U9zt>igdbx$4#8utxu9mg>L@!3c
ztOsD^2Es3a*s?acB;N?6(sgA_Ih3zO^4Beh9c|KOk331~v8X(~!*;Q>2?$+h;|7%<
zNF@^qdoSn8z?JwE;QSVZ3%Sjkot=Ri@J#{>DI1UjL%QF3c22A6O`7qoz(*j7;uU?V
z0?-53<ElQzqv@k`66Bkcc<9Qs!pSTz6H6)1ktwQuK&btYay8Vo6e|7%xmK@puYgZb
zK-4VsB1oIlW!z_JaEOku6h0hkR^!^J&9;wng-MaiZ|2|5L4s7Jok-OqQ3TJf_6juK
zf1LI<ny~pA@l}A|fhok`=2I<G3G3rNBxnU#?-Ds-C=N5~EV6iaIRkWkJs`{DN@iPg
z8~yU;6AULq=g-=<)6S0Um)3{b_rPN>yCC4RB{m$rBnaUG`np|Py6alx73+Qig8Y3&
zDrg%s9cD5$y&!!5*2d+9fP<{6xV<J}OwIxXh~yWOL>4H#N_N5fA9-XmFjnOAYOTnG
zNJN2&9A&<9!V($^o8vfTRw+6R_tQokfc#Rv`rVF_X5Hfj7^!3Z2Ve6ARG=I^{pR&p
zF)Mt`w)b<~Pn%M2e<dw=r6#demdopS4#IY})tztjl+34N;18l2Tp3}DZc%y>eO2^S
z1GT2y$41T7;3&R`l3pMS3uRqkn`zlByFj`*WTL}LsVuONVF4VRlY|R>H>6=_3UXH`
z%C{)(3u<z+(+^;fT(XeY_fcKh#6<sD5ro;01zo5Sy}CyQ`H*k)_nhyoy`{pd1YY%!
zDj<1rpH<pDe+x?}Oj&wP1ontofdUsASY}K`t{n3j2rS)wcN?3})O9npkFr7k{OJ1U
zJO%xikHqhvp%T>L$Xk+g<b&KG-joQXfOzm=VA^$?{er*<2qi3b7klT%{MGrf(Mkef
zlVNj^Wc(TRL`HU0yh$jwjFeK<Xnds<?)sWeJ~tkDY@G_B5u0dCe)awc#BJmK7$5t-
zT|*<T>xWJPAogByR7{)goKLlR@YJg_E!9ebVWT3j-Erzl+6l_N;bH@p&TWAQ><c7i
zh$m8Q5{Ft=K{NvwnF{NeF>%#fz&y80KIiZ}i)8<>#+I&9_NQw`Ys*`&gI6A#azDYM
zVfAet6G?8f!Y*dCF8Lt-8|hEBAzQUzE<Cc;Ht_*zA^y2My%&GjUX@!M^`-&m(LoNI
zwMMUx$wlx#{qw@t@J)d!84xqa7?ID7@W2Xd>bXbz+j_5Czf90~dP<hKAJeXRybten
zZt~PG>BQCOn>+rs_a5L(_8<r~+Q1BF_TeB5{T?yB+a_r2Q&$|qTGLQ&Nw~)`&Hr;Q
zf?{<cPl!zDm$Ek9jMR8VwX9a^*|Ne!sm>2id!fo38-|cZ`&%kkxJ~^g;ObSf8%}bA
z%VpFc#t20>h0)vzoKp<7e?$2`6D)-uv0TeYnL|Kq)6N3Z<}6}l$lhNH$|D&9wlB&{
zHtEr~IdzbDOlTr$eBN80YcN|6$TZ$Lz%m#PCo&qB!JH3`=obdOD^29VUWCwzM0BwM
zt4T%!$y&WBxVYE-b#;maLh1JJE#m-O?f|^cge>72{Q~eX#ULJem!7b4)l+<-Pf7@F
zI2!*`wI6FBGSnbAUD&ba{4kOvPy;D6&_V^Fe!Zcof?PuN$haP7Pe3nLVXhGgH9;jY
z(b@pp=IQCr?u|ak_ErwVBEr$j4?@v5jarDf5JJGHj=ui1rtUhtBKn2*;qgHglit~k
zIigG5EcTNM23qbtKu2(!Wvd(&p`O!h;el)hrT#QFlWNEb#^^q_)vDuE4bxu5q?c%S
z=u>@xZ7Nw%+LzJ$XY6lX9ejJF7zb<J^$uh{LJD?HHZvnAMm~*_#~L#^=CJMHLxZ$z
zH7%o#f4m4p*jfmv4LT}c0HSn@Zni~_kk8jN8*>%e+EIhzng@nLR%p_0&-vj|G(AL@
zO)R4Bks!_JpTT&MnI6|2+9;-h_=ZkJR4xc(F(7n68-&j_Wp{j&#9O(GRhou6h$!Yq
z>Q$d@GI>q*e4c}5k-p#vE!l}(<+5*|Vi?CTP6(2ct$Dy)<bM1aAARIs6z0caD_fIE
zt>Z@f$aL-pB3C8=PIA{DfNKQzN2z&r6ySGae4YW;hiyb%EU?3`?~0{x7Z{I7gKFHh
zCk(?nV?cDV9*rCyl=~12V>A53O7K;#+TSx$OBr+^;&rjYdHT(wbB&<(_gGzW*ROS^
zARpllfX6BRB?nreb3<)`J|AB~z`_Fg6^q)4NJ7tNza`z!F{$Jz^?XsJtNHKM$V3x7
zS`t(Bd(NW|^w(zyhvO8sBbyhcx8DH#$pR`v1F>Tu#oy3wlGOISR4x+*U%J`t3;l7K
zR1Zd0I?|xI;lVgpUx756-D#6Quu}@BRn@awLz)#%hIW$JN4{gIDh^%nzn8pQgY+K6
zJwK(pwoe_Bru|1>%LoPDJD5qqyd>m>$~`>l23|ux`f{~znk7&^>Vm&<{DWsi%I6P7
zs)M1w=b-h&R~E1bw#sw+6dRSWEYL1@27=_n<fsy_cCMoWA9Z%5(V~5fjgm>1RX2Sx
zf`8{8RhhqMz%ns8TbtOIj2LP5PUxFe-N6FFwmdXt!cRw@?8J7oa?rizL-FboRP#Lm
zHpi5!q>DS>qCxz13^rEH38gs(zxz(L<H@<$n7fe6p$&s&c73;OU_a>~#<){1yVYIZ
zcrfLvrS*XvlS5)_fOd3V780<y37#2RBqt`H7L6@9!Pv;uVxmIu?6OIx0Dt0L-{nok
z)rPZ)w&LVRO?BJ<J~!GK@Hy(}F({`nrKgV9y(ju9fQN(SKwopd^6*#)$(KWXv(=H2
zx(Ap&QqZEZ!g3a@MWa>D%qlAFpF+6TEjc>4w<VZ~`Z7*_T|rKI)kVZ!0H6b>zhm0U
zRqZ3Bs>Ie-U-VXh@A>HPkLmx_9W}%&F%EQSFiy+{{o7pT;UFp96iXFBQx^!5b;5_&
zO{)t4(y+qGlDqG)KxFzcd}(j~iH8N7cN<zdyh&S`Tej9<(9|e?qk!Mo-`A;6oIK}l
z_mwGVBB3^9r%+p9pk6(25QC{;6S@5BrsI4s#xX3pjbrRp{BSGQj8GI&hNS%lR(!fl
zz~yr#;2d_}x`07#HQo4VE<q0F>#D4{6){gFkZSUVcz39DZO{y@2V8@>+i+BVK2g_h
zEPhCHR9X)y&WS=P`FKC6ZP&v3WEz8m{+Pe2lc!fwvOJbEXb(7#u~bofCv+YM@M+bL
zMpM6<$m;;#M0%JJ2nm`J6u)0vJ_u$EnZg=?ZH-S=#7sFgQv-610sEuN%-u9Ev|s$&
z-cINamHC63#}%iUP2h1MKpMNka=!5ZO>xSnf>qi%!(b8PNI)%oWS8gdB@U%MP@qz?
zsdyNzjl*|2<62%5R@fn(B3_^u2sTA{aSk;*_OF851f2Kjk<+XcUBu~^&|Q&_i{yEr
zoX0w;qGz|lNfHbJa&r)xe+7$B++!<Emv{1+VS4X)+0x_yOQ=$l@&sX}K^9#Ua!iC#
z85z_9D+z@Wv|v@(?YVu!2+li|kVIx=()=F?AfN8SU0~CHM|Lgfj4qY-?60R~_4_Z7
zLsD=Wt(WLG6mfYZmX56<)CNS`vwrf+0q~UYVU1!ty;0l9&$>VG&K5BAQ&*ua9bzWw
z4Q2Y``m8*LZvsb2ZiI@sn~?ub5w$vv7__(LzLEQ)PofYUqAgX`G5=M7N9>!1h?+3#
zIwv988AX{L&2J&)l*0=~{2^o>>VQJv&=s^j<FPD!s#?9r9vT>6Urz)zC~s2x9MLV`
zp3*gEbH6-Uw7H-~dX(X==aA-dK>!eVJ?s8g9Quu-0x_CeGS&e45fyKCPMfEhi7;BG
zid%bf=n-=vGeWe19WveZ@d=K#zVkH*ZveKxq~BNdbQS^0X#J5>f?ez&284JzBAl3m
zthuf1RehDTCcm(kQh?tNUoyR2_flRxwisgh^7gh=(Ew-8k6sIl2W9Wz&Ji`b1h-WO
z!KSkReTeeTES{7<-q`lUy6(EP#SvtyOx@bN6z@JCoJlCveU#0n81M%tO7wFcI$y89
zXm44g1|Y_WV&ozFU6uAn62^SE<?Wv8=|`yL(5bwtD`1Y>k;Ev)N}HqFTQ;jH(Au!@
z9~m-n``_cU(@2%hbrE*XY76YZuz7bLi&OVVU`_z7)$NTJ|9S-*G@}^`s;e%7s*US9
zMOf(OX{&VJ3gvI>VcYl|W+UnT)$cY2RePiEClg=Tz}Ribys|>+98|lelD7LIQ02f+
z{EWS12PwIvdwWmL63?2%*x-y!h=a9)J^xo{LfRNul2CRu6H<356wL018h&3(Ehc;5
zX_3p?H7<-bsTuSrkn-o<rX5|$U&7z&pRgu|VlEd?ezON3Du%|<mq-<hzDqz(A9yU0
zkBy>**{rR~FC{+s|3qr^)VljFdUW#eBnM`_{gFK^ubXYl(Z9$$wMor;Rs*688;aL!
z&%z^i!p%(=Qjb*;4gA#B-Buk;0-Zn_oMCMWruf%`ST_rw9k;&{-H+Q^5DrNxY2Tyf
z65?C3@z4q}w{dEI-sY`l`LhBR?c&U<qFn<`^9tq1wPt!@n<I@Xk79o%6NGx?+D%S7
z$-*n*Mu>MIgOL2iRWT>9u*`yEGek}Kay*9gXnZP7q`N2&y-ui?xTEk86KP8)Zf}Jh
zsjJhMAQlXJRXQ8;xlTdEY41lc$os6`(MT|Q*pHu&pVL_mtL^wYuA*RZB~?HBC>J#n
z81%1n(ZBX9P3BKEgef#iDiwyt-FZ_;Lm-$*h{8Pk!>sX6Dpg(RY(0WY9~O^_*yP!1
zPSMKXb^{On2bg~Nn24~<UM&Ap(lM!pQ84!(13|?e+o7q&B$}LN8G|l@;Y>o=eN|?=
z5QBn4V03dxjAnoM-%0jswAdr}sp5M;^}hKu3*ZwEbE|19bV*4EX*)E7EXIqsd-gGA
z(24uku`@#lo-Ynw&q*1|<9J)O&3cZ3GQCGQb@EkIx8{R85qO<~JI4Izv9s}rM(|G@
zaZ5>vMr=+siPA>iPRWDBtQZnH$~gsPD2~9Uzr}){S{sccGgMkcqKhC>FnO;6XkS-?
zRDf?m?<QWN6`=7ZgqC<i8o2g7QHTi)-6fvw0CVAkECx4|#Y&dZX6rdBClx_IQ#BRM
z=Ddpv2-W&EGlcey(U}?y>AyW3d66(>y-2{_m0G+@Gs^~lF6lrKvOxP-+qzVqpKs`=
zd?+rP6lUzy@b&sdOk=~gw)H<!8oEuSOg#{w4MP;u32rcM4gIuUvd%&*&pO4{8??V(
zM``4%0)f&5zAEDcc1KCP?*@7w>)n#(azqhXbguDzTwO}k!g_bwdf?!Cz8_)Lz>yQ9
zC<{LE682==K_iOYRNW(i?aG_cTc23pG~cm;nrk$1H;)wk=dQ<72$n=QxB{}@h0J=Q
z>P5KIKurP#J^2CJ0icQTYmi^EJcC`>r4D(7=&6O<&l=;`kyh_9BuYOJ3GN)94*Y$b
z?l~kjt&(H9(DL;4S?>vw#OQ^XqX9AeS!UaXl~WVV1$zRWu)Qrlk%xoMhHomwN-`Ev
zR2=kMj2O(NX1=FtzY!}AJG|wppJ<k_vj#kz+g_EA%$V+--3`@69}279#!GUwh$<8B
zqmOZbC|~P+VPTjm5fynMZK<{Z?$vM*q6ELv{hwjIrh@v|JM;Nx%(2t;wG`lr``<B0
zw=42#)D@;qhA(*vPr#QjmI3Al?sERigYRv^<#4<`Y>uXFC{43DdzgSU(gj|)OBL*X
zJY63ic-{ZqH819<u@vNhBgT6?9(?B??QW95WhF%4$iH+v;gR6-n9Gu6*p&eoZd~M%
z+Rth_*aXcjuJz(zvgs-v|8<X6a|zn0c3rOA!6Tw1sp_FZiN};EkYzVvmAM~QTgO|Q
z5Heer`+F1}v@sam<~tZ?0AP3}kgWPF#8JB=DcCGLc?n=FfSM~UeeH_au!z)<<b5A0
zECZE`UYJ$urij30YjpDN;~%bi_m6B5LHh{a-47Dw-dg>!`weVE(#jJ4zI3f>gc!2=
zfwW|==Ml<@!?(MIgXgz!y<`AC@Z~<B$Q<d}=cR&S+h{dx&}*xvpjhn&rJQcVQB;0v
zZ&ZC<B{j8X{LV;0Wyx4+7qeCkG)IN9v0g`_b8T1yYds^U-m&<h_ZC+p2GSwA$RG()
zxCaqMX2R!;8~R#!b*FfsR4ZbO^ffR9N$8cXt}KQqT1yPw<8mcR6b0bewr$(C?Hk*+
zZBA_4b|$v1iESJA{P?P$psTv8_FgL#y6h&OlADnIuQ2(CM+m9UH92g-$RO`nC5bY4
zDYi&z{+`WoTc2E~on`V&gK35c?X@GF<u=P+;wU!+0(@&%xEtLh$au!2E?<&wfHRTG
zYO68xg-maRf!f%!C=d|yMZaC|gu_h#L@n=iEG{_Ee_{$pe-p<S#n}#6_Cl#JRClN*
z3ibWJ&@f#3?etp^_d?q23(OXlH%gw`Kl_e@1#ikTp2!UTrl%AQOV{2>vF_Tn>4cj%
zc(JE_DK}PU_F8RnB;I#hh3+1#jfVCSRXGiOw4<z&TKse^OllUK0EPG%&jd=bfdqa7
z?-{+Ze6<Q1a*M-Sk+_e4_*ddEu4%lNK4OMQf?Cv|L)utUL3cZ4oAbHid<9NwqCIg>
zWmxQaP!Ja5Lj6*QXWUeMUNOAjSEgnwL<Ri=!DS@^8gKK8_M3#v&=^3zn7>zcSkZ7-
zcw7qVMvM8}Xqu0vlrqt=d7>4^6)19wyC3R@&I6)Q{}9q(_FB?0v5VOYT`kw;MAB|6
z0s}eMmgLP~k|W_W$wWD2PQeEP6@E@Jl=EkT6{M&^_m|k2Y_hFyYGyj>MxX_J4CJw?
zR)knf;mIqtYtuWPMYzk*K=_%rV}W?l5;e&v-i=}^q})-Anp$?rpZw4c`xh3O_Ag3x
zs#tP*L1=)^ge&mggB{sxn@el&=86orByqd)H-WMRM(h8rkuWguyV6m^nF4PY)kk(o
zzwl6zCV!}Rvs)uf5}Wm!9Cn)mwn(~!(80Uz0?<jUqQ}ZY7VclFCu7QKQK>5y6!1xL
z8jDU-eN~;|4!w0F=`Pr1ej*c48U%RFny9y1946}(ROV;n^04fGrlw(a1Qm$LEkSM0
zoi=rhf%qKy%}XeX3$s93Q4_e16ve6tyG7&?00UF{M&?A&3vm$#eRX=Mz?cb8g&jK&
zX6-XXX$dI;V0_L5oMh`hi9|oM`S;oP*)y^y_>axut3w<zl?$4#y`!Em7USUi+s7K5
zHd^hrm%D6(ThCIcY(!8DC?%yKR!YS>n8=j<5@?(W6mrESid&@9R$csc$W=!kD%Ws@
z1^B4o_}c8mHlIqK=aq=j!a~#M{4`Dq9r-J8T(ILaA>A_(zw-Z_KrgzzeLRZ_Z%{59
z4bNQZ-@{6?avhZDIfpy672;Q?nd{&9s1?e^Tj~;f5>eP^P2B8Ny~DKRZegf~GeT31
zbY`y2is295=k?dw_ULQ}EoLFeqj}?%Re|iNpHv0W8q!45Ezs2eEQ$*7rG4JnMKz&3
zh=c5^y;)Z%xi`Hnl~n{3+Y?~!)KoOogARuy+WzI0+Cbyt7686IX>_@#xv4Zy;;cM~
z9&|1u_1Qqw5PrX|c~+kxtzNPnt-z1vtn;Gf-V=<4WVjjA?wh++n1~G2L;8<<ko$Ml
z@?SbFSA<wt;C-^(GCu^75w1%G4k({w&?_CCX1f}`ycLb;ioE&(a0MP5qM-W%*UJ03
zJ=L@eL||2weO`3ti})6_9Fl9j=Qz61zX{~*Ut^YX^f+Ia|N1sF+o=d$qvaWVm5vP@
zg8fdC<@js&K?`(RMmcfxeGI(H)qrdLzaJiH^q&7~&4JXAQh5{_T6xuN%a!nq`Hq~*
z{>Zvf=za6nk4qLnURvWS26vF@qy|i-o5j>FV%%fPec_EpU1WG%yOJGeyo`OrXJ4Az
z#nQ}kT(Q`W%P6@mt@K7`;RUz7z}{IDOKX5@&Ltd2*N)sjKccRC5f0jkA;8qveWRNg
zxfmTgQh870hzxDMn<E84dW)5@+~_Ui*cG~C@OFT}vRIy>nxfPA^Q*~ZHm`~M9YOk#
zB<0ee2QSjx4U-(W+Jm8zX`>f18aciY!Fna8(Y0g%(Tv(<3YNH*kZ}drv2flMP|SQ<
z{LALf#1@LV*=vDr$0WrXi=U^r1r57pfcj!Bt$CARrK&iusPhXCbwC~ztQet#U$=b_
z8hFZis@Mo|IAi=Bq};=yUlj82xN`h9qo;Q8433(1<wce4P&GF4k^sLJeW>36y^-tY
z1M!TUQIvtVS%kfzobup33u}yZ;3_Hu)3cnkO_np%=C^_HzIK|5@Lr!5IoAy?WQHSH
z{JpxvY|6JS4qu9R2NVAwt!TSluPiH9TyvSCJFYH6B4ydSD_%Zk1!lP991ie=oUR>1
zA45H(c()a&i(o)X%@A*k&oqkJB&)ZBtc?yCcu=MOg44lz=?w|W{WFsM3F4w$k<}lb
z2$Q%nyT?$$66S?(!VGSVDPNzV78uKaahQX0l@EM~S~O!y%(oogO$5GxKcTE=_m1HH
zu1&OaDqQD>H|2s@bjFr<Lb_u&RQQ+K02}!%&+~xqqD|FFuW;w89oAT*nU)AQ-YFe)
zo`TEOSN6sbuRg|#cGKe2f5_pVc0d+SBZH*NJfM>N7dx29tS!o;3Q?<>Asxg+ZL&OG
zJq-8;Hl-v8ZdriNs2YBI|2C{^3s4YPdfeK~hT-ur!fOVa-H%WqgiO0l_d^Q2e^GoG
zbL1bL(*LhG3?fO^c~F(ve=3I~Hj1`A-hW=u5Ow7?$fvYpI-FldN(-Av&l^#-wI|ft
z=MFN`>k(<p)NeJ-f<gMd>Ki-Icyo$HV?)*J3ceH+&UgaV|NUkppq8}0zH4!T<d>on
za=BVp#SrQ2aavE|BF4~ZptmVL8CX*RA-)NB>8OAR{#$Z_xyLzFW!*F$xYLP8$@sG{
zpRwx!>~X?){xb_+PRclGxe+g`*{l9($W7;?F&^!m7J(-4Ub=ge&PP$rr>vAtgi`DK
z%A(b^J|JNhS36!yfz|wt-j1fB;J;^(<p#qKkm5Gff!~MM81+iK@UD(YuYwi=cVvyl
zFcD68@<p`pPkZM_|I86(SBZt<a$BI0Srqh7AX1%eo;Ds9Tgz@14f{%5c&AxZ@wILp
zZpfcW|IB;2cnk@IIkB02S)?<ff=8$!znDdf%o4Ftx-Ca4Xrc+4Cj2U;lVD@j+7O4X
zf@0n)*nns(XUkT(FqKj;o(BeZqE7w|X@jMJ$80xfpM<<0QNyHeP|COUF+FEy#^LDF
znb~wIr1Me=D08*OTLJvMeh0I=2h=H~bLsLEOHimxPoae95cF|_{AX+1_(|1hrK|c+
zLLY8n72<sL{~iotsWPD1JP%`r&h!p74M4F#Y3nE@?C%$xb-e>Pq>D<=%EX^@AnElB
zG$Z}L9*ISZDwnN^xagxcPz@YlbBBYdbIkC-4Xlm$7vy(0HQX?n)3}DY)`|shGw_6F
z?R}Lnc-!d<Dp9Gf#p`eLnM*=_OB()SV+;qg6QLzs|9QWHz#i<NlCm4I!Ogg9{dXY_
z?&68CXmi5N*+~|0NV$SoEC~EM{IrA?z0=0gjr)#(PYwn?rn%a&>$r5jqH1{TWqwp5
zn1b$#0GtBPz+n>-J%dJ3<+aCjM)ffQPto!^^mlfjSQ+ACG=Vm6ijbu;uKBvGdDB`k
zdaXNtyTR<xm7|Q=Lh+|Umqmpli;r}KBg9ka(k3NC|D?jQ5wlp_p5|Cy1ByORf2N(@
z)v~xXt?FAToG!xbKqkNl4a;;nIYu$)KkYPySgx=0zcV?-Xa;1FAei=QMrnj>$Kcyl
zqgY<HywWn@u<=uiX{dG){~knsjJ_(uU)@4vc4Fswu5UK2V}yFVkTeRzqurRXV7rh5
zx5^!RvlQ!ZrJnT3`DQ)soR5bcIZbY$VZ_+QT%Hup7Hf|h7Ah%zeQa+3j>nCBma*`%
zB6$b+L3?37k2LX}&&m>#`2+deQ5boJYmnDHxS7c4%)a;j1bB&>p=YwDnR=;bGWRaS
z|6CG<`MJc&LNNLOld|D72{3$a1bjl>%x^pCy7{&s^m15g6}Rfv24$p?nhQGC5?4{N
zUfpM>ba2x>S#lYLLYUCNbA{ekn+3SRd-NeeR|zhV$b+7)t`k6?yn1{KqwYz1XCA*<
zDHi_262}5DaSLc_(6y4LQ6|Iz)I(;VqSz)P*1}#c{3K^8WJ;b$pMLRmv|74EI>Fur
z4UjWjZ*f5iDMGZ0lktYS(!Q@cK0h0H`1L#!1|lK8=U7NM+M=y|2p^ID&9r{urgt+I
z{du2|E=}BpDchnV=}E6H3drdNs)_T9A)VT$$gkUpAoRDrkefF?Eb`t<y5|PvmAU7$
zlNI{a=izw{z-Na|Ci}O;5XIEidtWPZ$*%X1sQKG~yNWC;1=bJaC)R|Pq*a=#aFZol
zPRPCOzZ>&MUnU-s>UQ@uA=O~p`aX7V4<vA1S$$AJ(e0~|YY$8N>fJER=aiLH6yNNz
zkQ@wR4B_iEn!*mbBlDV#iJb1H`flYL<HHFVIJo)?So?(hfSQY7$<1=zYlu<v_IoZ6
zOrgrjkPSj0XUI?>@!FFSoEKLw7dm==8p%J;tvvjN7JqmPzL^0ekQf$E+(H+*?ESg_
zct4gpG7;SX-j4L|3UJb=wwi*PdYe_7c3V3b<jNQ>Zm9TvW>Nla^SfCVU(K}HE4h3#
zV@hUrQniveY6dn>TNU~M!7bhb!Bm}zE~8o(9#LFu(Hg?x`%w}fmQVpAaTY>Yw1AF!
zjpii${IsOk8Ec{{yKKMv<3L<<)EU^vp(|QGF!Jobd{iYUgue7sR~353fW&3wt9pEP
zf9SUUNdK)+mnyT#z`hw|VSfpQ4C04ntkH%@N(=0r$!roIO0}e!6A1HwhP1{+rL;;N
zvTta$>acE0!cR!8cL8;naCId0<`(TftHEu8k#NBTT%!Jwn?4+jGn?c)QfX7jciKQh
z)vqAbC|=QGqtTukN@-%*+fDSWr;AsKvE=h~hMr1TyVZ^{i&N@w%D(s$&(LolA1N(9
zbevZtEa7sg0LEAb$y;)WbEe6l-&MD|^80QWh*^9ba16!^iRz=8fVQlhB6Di0h^*ps
zA(r58H4)(?zpI7nuqT3lP4h%UoV}Wru_$&yX~d1)^z+y2-vlYG_y4YTd6&{}*9z!4
z57c5_O(T|d(M%Cul&@yxkx0i&@)ipZQ@Y7eUg|?~&e=|k{Wpc4Ebg%kK-B+G_Aoq`
z2}ms%aT#I=!SZSv3n%6A5;y{Z)mXizn+)*R_+FOCB8aH&tG?B)k=1wX5mKsDXPJ|`
z{+AJNG<%hhkR-$)5r_Pj!S~|owz0{vXOqiHSWO6#D1`d()v73`>UHG6??#&k%&o1W
zaVxK_oU$u+e-}#X&uvb+3}yr}k_FqwfgrLlzI9Q7>@1B<)vWa5eKU^*7y7EZaE>Dd
z(j<RGgh3Q};9&E(GFlg~_yF=GS&J+859EL3PSLTsacT`4o~1~e*+4u7MoV=2FhO{$
z<0)3D&p&p%48qT0=$a(X1V-k>iVSBSXM!6_w@C$3D&_R#supr;?sx{cL5iDv8j@{e
zG}M7`_}OJrKJ8-*)3c&HYZ6vl=va}umhPUsXsZRi(GPL6H=_{+a%X?iU_@#>msElu
z^H3lRfO7Pgwt)+UD~shx&?(ESTjTN*sG!{Oj`iLf(w)TNMruNu+ajE!CdUrKsA$yb
z_~!PE#WQS)?jspC#wE||8U%lZLNE`l+Q^0q<9`?1{9I$D{R`3)ljoa^aS^f@{etjR
z%34QX9gVbp@Pq_hgWmn5U_6dN)DPK1hx8be3R)Z;wI3Av`W?~wg?;}-!YqYCXA2Om
z!L5fL$$zz~TP$l-Me|rFo9i7@d9*KT3FaLcm`E>~?!zRw2=l=pT#Xu7ET1FOI<8q}
z-U!hCUFp}n00rxS0dHGc_^LszBPKV3`dhWj4vs}(0+fLtIjAt0)y*pHllRe!s&;>!
zyQ{M=Z0IX&-*c{sMPrDH)G!=J-IXGWOgVv!tXnotpaT)xPG#{N{K6c;97R!Sgv_L+
zJBHo3W|aN%Q2(F5(d^_yqaoH>d70(#8<L>thwpxD*GbL289SS5=BbZuTC3!-o@<}%
zRZMB?@dgSN^Hy6^2VpqNxDz9&A{R@*rzW*b3GlFu{8CGxek^AmkRxC9+8%XcS49>m
z>>5@1VR==ud@?URc?Ixu-V>9Q<!|fE(d+1L%2!YHZuqr+4jsmbf5^Cs6>v2Lf_&V&
zdf^Vs&p5e;QTTG_p!NHSf83-vum=j$u__(sWK$9YdS*n+4Pybg@>-HB?IM*oE!k6S
zlpNRj2`vK_NEdG#u7R4SI@2MSHCK{vi}{POE^nNxe}JK4f{T1NM^nCgsbSi3UVy{-
z&3}j(KGuAP$J|4Q!UvNR==MXD{~W27S)Ih9YusWzmL9d4HM}Vv)p=XR?asJ&(pKf|
zmWzj<3Gp;?d@HT?FzT2#rtlYuGpN#SxYUW0jc-?)0_&qtRf487RCc1jrbc5#NLCf&
zqBwt$>J(rcE6_M`plJRwYZyay5FC!L4at+j?Js0^-U|G-CToglYx(JgSEAh4{#u5&
z@-k}lm+Bm^!?szTsG2%)1?~wTeuMI?x~#PH%P+#c)9G6%AG8x#yNo}I461mpgJD0&
ziW`Pkz<X+BX|<~W4LC&KRLyURi|MvFLTyAHoJ?s2*jbAiTB)g#unl(qlmjxdB#MoA
zN7|h?=!^5=t$eagitWm3^)2SZiDh4xSUxJH@brH+&Ll(i0`C*CZr!$O=Itd0_$vE7
zf%rzDSL$D0Dl)nKajA~x7YIYg2vhftZ6PMQ7;`O^v);NDP&#by{G6?eC8pPRr?y#1
z*Xl|OaRP=JQ;0k6gdck2FiUhWMqzclg6eurqSkXic|0Sg3qdEeJK!YExEl_`3w)Qq
zRpnbnzm#j48`J;F^P+N#Z{#;HmOiJE$vF*Bhk(JWm|02kU*rTwj4Zj>KamB?zUW$i
zoHc-k1yjF2kcqj2x0ybcz2DPOZsgNtZB$eZ+X3Yp0@>bh#Vm$ot3{rB;2q7#o!=iD
z@)h4sD#+K79>b0ubR*Abwy;gXli=seIX`9ObP?9@O~zP8Ei3&Id~j7mHB^yRY==PP
z%nsM*>|&#vaj{t+MM700VZ6P(Vx`$<YH*wl<8y-z*}VyzQ?{ioL}2$ASMjdVH%bTH
zw4}0kO<lX+0X>3#6d1&%o2UTcXL84xgB^K1mc~ab7AsA2qrQ!)gC1?1i!$VfHd?gU
zs;(Oio3{C9{b3F5?Zjbj;ba7yluxaS>>TEB3-K3_S&<#uECKXkHNG|*dp$}J>l8vT
zM<c5><@~4E8}ExafhUO4CKWkoWYA@ByOjNF5E*jLh)q#ll=%p^o4@z=OAP40wnxqv
zK0m|#;XjSgkybCx4<&QEqJzh|K$rvJ_bsG^B&atC%;L(2smq|It|8!z#pv=(yT4mc
zEvg8Ap&XYZ4JwE~U*Hp;#GTgIT5Q~#U_ISPfaMT2lIz_+v}D5yBz*iQ7sow=pf4b3
zci4haQ)o1jW-!EJWK4RHW@EY7PoDpdC3aUZu$K_4z=t1C-I4?Yx0%uH7pn1(?p$F&
zfM6WNR?JpPlp`jD8@(hR?$(d-DS|*~PMEDqwGN9p40d_X3#_2c<`gTPPZs)eiN5?2
z<-llKxKs9}K&$JFRMXoI^qid~On){^gQwxSOc}O><lu5#KpC4Ur)MUVHDfqrgR3ET
zUts>@R_C7MamHhheUo->@F0<4>8g^oJ=*s<77AI~T-km*z%7OD|D6W=9zs;BNwbZT
zAa$Ztx5!L(A9~~b*ib}P3v17e;PTe*L7BJTRdb!vpKbD`iXK=!N^WIXQ$o!b(~&m3
zzrXe>6X>I_+Vkd_&sAHLH4}Wv30PlAss=*Uhk0yWrVFMl&9{;Be(N&d)v6&ipqqz-
zPImBUg~E2*!a{6%nK%)Dm}THj>@$7fW*FC)W<S94z9u=N*F~4#W>gy2_Pf{THM@)C
zZ{n$q6^{K3I9l7+bJ^4W{^oW61O!rRD-L{J+}-xW)y;a!j0(pSiX5pbZ2vn928IYC
z=@^-7Lp%}WL~SciDFCx3V*j)gK`I?lBjCryR^}zckfMeHMLG@3DKgGXQt7!7U=gO+
zP8RsFFW8#?P|tJkBE#rfFWcHA+^}9wDf}l<4fz~5Vs2U{=3i+*23M{~Izc--5$}Co
zoukg`de(m}b&ciKGYJz=k28PPigCsJGBFZF&#iIvqv-aStN@D~T72jN>;$i~3riEQ
z<|GZCe~M)fBq6|{wsku&HvoGFH1ehtynTpAOY0EO4_A>mo&es&(D@tJ@VL2M<Bod2
zLK4LIq?;=>SS98|ZZ5Uo0%v4SP0+tR35i-jJ@HB&pbf21{$J9>qmyI|2wKi+ty&0N
z_j(Qp9zK~DAz#1M?G!CH)5;(Af{1FEX=W?<I#x5+2W?59Cl*}2(@yH`$ZwZ;%mu6p
zTQNid%MDN2iB4(w>WT!@MWj2X_d(H~3}w51G`aIMWT$vvAn1l_8}W~oD8pB2dN+KH
z#%bqB3dH)GJn2=WTUte7P6zW=;IC!mGEmbZReEycL208+DRFmhOvaG!w1lHt$0*DU
zv!trsFVt;_G9lU_<2HU?Iy*?kjBF1#_QM$k%fMgto0F{b5ZY`Hzjh8^un)_nqBc+D
zhTzEK{?#tiUYYJ5EmcW{6%{o)<FYiM*WJF}6&Z-dYd(_-bP;>~1T?3=TCzv=gz&bh
zJ2g4)0gWFcX=t{$SQO$jcK8q|UQbQgCdT4{CN%bQEqB5p!=x$>e>brSGm<G<l9Cx<
z(iC2Fl1LYp4`?YZyp_58F@~Z2?2-m~wzLxtQ|)iaT?TXuu8H_H_=?c?oG-L%b~`Qx
zBr=38LB#FPfTv`5mIrPJP^oZ<kE5uAFPWKIeSo<lmg0=U`#j?AI+PvVBg#r9j0X@(
z=+cQxC@VtvI_wjn`1u)Hj9zmq|EkO}D(6EJe(B|R*Xgv%c>kwtY7@OJB^xn+^I$y6
zXh}B7?s@rmVx3&ygyy>&HlJ_p1jT!%)uA+<rWlkSB!b5={%oxwJ;a>amE!pR6dd}3
z*iyTy$rj$M&o>Pnp5~yWArhqE?qyUd{U{iMJ-8jDS`}WSn$Q4V6jh7P$QaGm2EwpO
zgS`ivh4Fb`oe5vfADh5czn3|}o5cAeee>G203kUuZ5f>63lYn`8BeL-s`s4Z9=5SC
zQ!>)}OB2lIOD0>@>Dep(h2egp!fecJy*if9rREjEy?<#CReG+%^QH818dNl+RjXdn
zxgQh`%A_`qVg%3jTk{9#QrdDfMEI~teBBh$zgA<r19!aydJ;|STroPJy&U%Et`JV<
zb%Up!JIOQFu_PD&Qzj8K1YyhvmY5udnmU(o;J*P)mKma7ySMjBQJpU<`|~asYT~sE
z@t`FW;qP`~mWx2*vpQ&?zgXS)&IFlWA(10x1)G|uj4F-o9;9pxpKjFZs5zfRSQ+a3
z#}arwcxgX|%5&`nQ3q0`4yJ^o=}o-{-HZ}x6JddOAO*ppW)=#j_05gBX;lomWsW3y
z^LED~oPH|n{PHT_Lc%~(87_3kd(gaEca=E$EjHM5e3-&mj6f$5pky#heObBb`LBOx
zP(Tuyah+^U|9pz^3w5Wbv*cD|)yS{<V!{YEf_!RCUK6q>;oq15{S&En=4oBXN;{`6
zueo%@uqeTZ8uGf=1<AL_Tz9ub*vSHp7;meGU8H78=&Pzo?uIZ<p|g}iTVEs!J2qbj
ztvNd!Z8M|t4C^4?fd6lO`aHeIc+*Y4yQND7F-C*wZ#1;Z!`Rcy%M&rStX>x&u)<da
zkHM(3IR3hgIu+em3^EH@eDGxvQVIuj?M=_2Xc#_f#gI+2(^?KZsP<s#Z{$IW6m%kt
z9`6xX7lXNt+8`tjkLCc>zUdtbKWSzGA7Ri2;otMAS~WZ^|MYWZM5R`XK<eXAyp+FY
z>{_<Bjq13fERv;KlUEfVZIaq`rb?&Zx@4weNW@$GVOL40iq=D3g3zx6(vK4F!b1GF
zmHg5-mHD1z+;P)a9Yk0{^iLYK@8U`nV(j4jKAqELolsQWpBjzY|7K^=5E>gsFWt+e
zN!USbys+`|K8=43rM4!wIi!1sHaE{D3)B<WXv}2M^h9Z8q$<J<X2*br)E|!(<mpr0
z4hkV>V?Q>g;3ZgHR6`SxQw+^db`J5+15i?}(WzZ->e*7E$|02EGzaN{Bm$RzIdg!}
zgC)JYx;U`Hr8{R(_^RQDF~{#2h)P%qNHDe0eOZB9)2mb9J<jS)238f!aNR1f_3`!v
z9eZ*&r(Mpb#SWO@o^@Xk-93Z}kWwfG!V#vs>(&X5ZTSNP&@gBlx5jp=SWv*z*gs)(
z@0+GM5q;!9(v??_Hjlk{lj2pDp<K*#{CEl}!H$VBZ~nm;r{OGlg;AJkn|6)W{B(=G
z6NBFRRb5SncPuKjJB0Yf>cNEIKt#I^w5Rztj!dOF=IWylVIh*FE5CLdd|^0UXk(sQ
zJ<M?4iY3Ylr03leVQ_G3vSJ~PioY?mZsEzcU{jrGL<}Gbxqa0+fFBAR!&xQw{KtNk
z8(GFEIFtNbx!WVP93(OK5b(tF==p#x22|VzKaSH%g`p8>($%l=6!&Lo@0D{x+gzyu
z4#a`TX;wpP`+*nMAGAH`C0E81{k#GG(K=6F?%9ddHwV2h#@nGPx7v$nPPPWF0h)Rh
z=5Ygm9Yeu6P>x^Ss=6m;Y_*JOshhhSWYAF*FEqU3F%GPkLJxA!*uT`!Id+(2aFg!y
zo`F-i-0L=5X^dt}JW+ye8{PBFaLxo`d@bZ2wxd2kypXHX#F_w!f#{KI%7%yRfg*mW
z%(7He^{W76?sjW=IQ_DFvxIo1_Jfw`(vSYhMUFFheFatS@7=+O&VcUG<VyVQP*#!U
zoAdp@9%vF~;ht%>z1;;tYpWzTyG_|7?3`hkP{QJ}u7r{8iHoe4y;@u!($EZ&`2-=N
zAV1Z*dGb&UWQBUS`MzlKau$EOq|Nry@z9PxD4jMIwSIv%y*wKw$Uv)l&GbUaqK#)u
zCyhn^uvnQ7*w$j*l02A6rvH=+WWf9Jpwtj{#95B|-`?(I!wk55V4hmRv2b1Hu$)fa
zqC7#h2C}Ii7l@rVheNcBreu|i##M+e;}r}|AZ49=!ts-EGtEBWRb4DYBy&nop&2F9
z;t<~~@)H8%bBJj{833;&ObY2rZ0e!zG*mX%oP?qJ_%K7Tr=oizgWv4_QvqFv3yAL#
zz;-HdHtHX(@WzLOh`RK-`&wR75BduDtW1tt!R)vf0;*TZrVx{&7R($l#sH*Sx$eM?
zQPGow(b8E9jbD2ig8{+3?tW3@9W&LyqDN!r?r60cxoadKN`iRlK&y$V!1!Zy7GvJ1
zzf47E-KACQ7ysC$^L3JQ4t1P@|7Led2lA&Zb3GQt!}N|mW~aVIP7DML=439`W4sN(
zXhrK#FX{Z<`r7h{yug@p=VPdIHqr72RT<dX-gMtW{~hcvkoKvZo39c<x6FmB1~UWw
zW-V!!vq5ktfy0rfL8i<t*-w@C!{9%SDY6yFn+Ut?Wf_Z-xzhrZfjQ7d@#0y~qmVE)
z3wb6)b1f)Uwd&>=$YK*D`yNQcpzO<eN_U{IoHk@Ji^7+&_Zg7Cbt1pSIck=jEvY>~
zay#?xvi>hA$o28)s7(*w1%Ctk(y-lnbwgrQQClOX*_EyJgD-Se*X_UkRS7LzCFn@*
z>yG@?k({>;k?1rH{M+1lqPGTE^2@U2P8L{AIM$|vP|VK6GOFb{2D8@JgGDe}o@)p)
zKW2h<M9P)cgD9%1hLPWD?3ENocG#<FQ!>o9c1v64ARsGv7md8wB-=*Ki%?o)O2&XU
z?=Ng7iSR4!oT?}Cz3Ztm^d9n$E$Ju<Cf(uH^!<*y5bK#_Y~Av8c@QN_^AfjDw;&)O
zpkROyfKY%ifN+2afJlHSfM|difLMSyfOvoefJA^KfIk4q04V^e0BHc}02u(809gRp
z0674;0C@oU00jVr07U@B03`sW0A&E>02Kh00963h05t%$0CfQM01W_*08IeR04)Hm
z0Br#60386G09^px06hS`0DS;|0r~+300seu0EPiZ07e1E0LB3(044#Z0Hy(E0A>N^
z0OkP}02Tq30G0t(09FCk0M-FE05$=(0JZ`C0qg+m0_*|o0~`Px0vrJx1DpVy0-OPy
z16%-H0$c%H1Ka@I0^9-I13Umc0z3nJ|Nj2I0M1u{H-LA54}edAFMw}=AAnx~AYdRM
zMs7ixQT<6wk5_u21ieh3-#S7^V)mkqbtwvAw%bOf@)|ga#Y+!ZEc<{9wNN8HhJxgM
z7K}I_b8!0GKQ1LQS(~B9<HcqMlKl{KKlX9QLR?ETMT%W1*L2iG&o&`hFA^45^qu>8
zC%U5sz`by!JLdEGWf_PXE%vG#@|4?AWmxsV(cTqr#%wHGlWRb|Adu52#&%Xr_hEaO
zypkc-xHmnGjd5jHytuy{uXRe#aA1KtEW=h0M^3yr28e4{_d{Tvf;X*!e90@pxrNWj
zH`Dd-rrjG$b37ZF!OSV`ZJS6CeeQ)xwuQkc=`4SpZ%ObeTzdkeKDT4s&&mHhq1gt5
zMboZAiz@Un^tHbu$kWfX85J?4r;>=vHGKTk3+pE^46H??$@&aEmPq(?M{6_Bg)|H=
zzcr1omOG%!@Q!)T2rnb~8P%3u?W1vh?0z1MqM2A&^{^IkkI?O&Y7p|&<&%2Ew>In6
zdYXS+nG;rsEQ+sNhFy~?8XdF5z;;lyDOqALPZ%#ih(e4GW#iJls1wB7;y-;#neRpD
zRze42xV2+*CbgrPm!+TH%AB2dJXMU*M_*N|pO?p(K=5>Cy9s;&;kl=TDpN$19T53T
z=iRm&h?Z-9cA3BhG-B+4V^E+6%<tCj`!4v$ebM3)+(AtxW0xF|^<zsaE5EL1z{HCV
z$A)sG&{yLOgr_Nc+CLIOo@X-sHhoSf#agiSN_~&9-tmiS_3+Avm2d7uJpPkof*aZ}
zIID2pWrH}Qy&;#bZ@sXrCATP0g<HqL?31YZlWvrMxxX8r6Gs}wB%X&x6wz-1uKTo+
ztKg-^<mJmZnzfa3w9FS)23D;#XqQxZTJdd@l<5+pmY0yv<LFfbZPZIBH}E{?ppEP*
z4eWD8@!#A7iXR9xid>(t{bmf0ps#otiGt$8HzjVqVh6FIxuF5<E4c{UjQs)L32wpQ
zw$z>-Xu<F>)1Te~`_14*YWgs%EX(T%g9i3pbX-1HnyN(STml+g{Wyb2EB4Gv2wdM)
zY=O2_!TU0J#c1CJli@6jpAw&j3O)jcd7=X)K#y`euVKkj5XFWk`y#s_*nQ`I6o>h4
zh<;D6x1GFW<F->`ogLA0nMEh#E_g?utVjnaC9O@ni`u;UivxVfumJ@h0~F9Y2{Kz{
zid}3Gd$jBywww-{g8}*)ZsaBsRnlUd#(kEp;>%N7Lj6BFKNaLO{T3R>hq}oBRxwEi
z-Rg<YvZT(M5hb2ehnnmD7~(GlztCk37EO&bzODQG)I=(fqb@Ecgh`DMoUU0-o}m}J
zCQfHHg0#Dn&=w*3<q2Kw=zJ`+;d|Q03qMf6ot|MS6@D%r5F+HphCq*+lnPQRKPjFX
zlTdq1jy_Az^M6NtutZ|#sPftTF3vaX?m}fpc`&XpsZLCX%U~JJ(^L@8{fLA56Z+FP
zbo)H8k-t;aP>6ol57D32&qQ2Z00sbxJX^NiODqljUEQ@>sU}F~L#RuST=}Fn)V(W9
zR^W0DC<D_RZpSqWchrjEjt{xw7j%~9P9AgJ#G#6YV0IL8-1a>3=sHD!6~RznLL$l5
zuFy3pJ*Vz1)zFL_Rv7a{L2BcJY@GOgF;@A2YSTkcysxt)`$<K0v$&lEe;OsL5F)lV
zQbK=K%J0s}Pcmw(p@=2<O`@OND_feMDGU|&nGwMcNh5ya+HT`94rb|YuRuSHIgaCs
zDlZsC%sUmSo~L&2#xk+TVsTyrgqLi=x_~^=k4LbLo!Ac|SHE)F(c4FZ<zFYNc!$7t
z!h29-Ks@A9f)okXlFC6vE0hkvuvDTg5J!R++_^d8JeR2fb(9B56n2NgvNIwJz(uJ_
z15R;ReAShw*?de4IO=ah&u<>(@s?@(JIqC&^Cq*VQ;{~6c1B+sj;ujE|0Qk)3gAXL
z7`-H$1F1BJr`C7*rt3fe8yMGotZzPXG&~FBA%I`i8XE}j&dEMMeOQ3nyZ|K^n!8B4
zlEYcv^#+z4!!jxKU&bDyA%1uYFyt7ixoA;BXz*T^BrsK_MUYg~GGG1HL=}^$Em9aa
z$-+uc{BvZ4kJM;{T*7Xo>VzeRahPHjkX|SJu*8jrC=Sd)P(@woBBh5|p;<%9TMJYi
zT%ygc0wF69RBr!4^qKVog_baF1`_O9?;MuWbaDC*(((RQr&Hk``?MovyD<kzNm3R0
zogv1xxdBk%eh;RFvC-9E(>Z$5#GK}w99CeP4w96XL}#e!Y`a&knV(-RzAeB=RUct}
zrfdkwnenUCOLA9Iv5cfg!mbezGy&`qrSO;maXdFGoR@COk=_!l8Xk)Igg6e*PV{+k
zjANSAG<id0pephnu%iyBsqw<iX|Xaoin1S%+lPo(BBaV|%cZ<#>bj2c+Up#>jdqL<
zS64FV@B0M(#u?z3G$<bzx?SJ4y-$6IBdzjj+ysBmv08}#5kJ(tQr-zGaU;`SqAk2{
z!wLgCoY|ohleLTq@sfz$IRpLcFR<XChOWL(I5GTbD<DY1Qp~Q%c!^(8gI|iJ-?LwE
z<rB{VUX_Zc;|bA0Dmmp+#A6J)`25K&(eU3)nFDNDYdcl`k2Vv~)WNfjG;sV;FnbYu
z&^2kN!4rxj+^ZvF9*jo;MI&Jf>BXcbo6w)k*G%_|B^~(Tnf2Q5Mr%Sv<@X51wT#_2
zC^U0D%YLJh=T)+_cW;5{?=GH+VU~Z1MSR}$BF9NQ6kq|enjk8eQ&?{;@;8><;d_(k
z*dFt-pO)l7WVt|vW(p*->*ABamRW@M`~?SIhP!!Ja44#Bz1;lzy2WBZB8fYfDI(PW
z<xtV=FY<1_9eamG91c-LnwaBvBScX2IV-{&{DrpkeM<Pxbo<AxPz#p@W!fWNRAOCl
zuM4U}X6#rO7G@fvs`yYn2tRa(kk%I1fi_b^=om{$@-`(ki*ze&JgqV(?o!xi@iqUm
z>1+&D&%@KFlOdTeNhkptWd<9e+2V&aI+!erXlJ@=za#;P!=(aqr0jMkau@M+11{}%
zttH_z!Q<Eurf0Up8ugEa_Atq@khma3S4C!CU+u$g(|n_#*v6DoAWI;%V`>sja)3U0
zLmddO1E=Dje*EtG<xL>$r4D9zQP7Na2WwXLtjjQ@HJ%UN(`om%IYsW<57{BMr7e)7
zOJ9luWQGOL1EI(2dt1T_DZs^3#@Y7rB~1dC$4ZB9;(i-HDpoe>iw{?5+CN0n0<Y{<
z{6iUVflwb#%axnMS=nR+voLocL+R1GQ1xA0bmEym!J+8sWMLyTOTW#mm23WwvnU$n
zG0H=Tg1;^+!C0%Km49T;)!t1a_-iQ{<{x%;=}X0BKI4<iM?&8qwH)2)*FqgD_fY}D
z3tF`c4(>sGd4~mj9Nq>Yzwqh!%&_fv3^wDC_vmz~I9DPUmelncFR-6YfR}i|X}1iu
zpR-woWjrwQkXcyuq2~CJ9%C>PEIDa{+Bdo~oie__VmUs?pVq0u>W|_ff+-i4f(u@A
zD{WsBf4%^)-EcR{|GbeJq<T&&Wvgsp6Th)HQzgYX27<0*`ZR!Yak)dU>7}<?5A<8z
zcFz9g?Z4%QW|67dh_jCh&gY2V>P7c~YoZ}@%A%xsK0Cw6UzcwJX=zun*p}Jc6?*)f
zZ7Lzw#kc==I&At_Btq2m^>fZ0ffxe+vy<}hC`N>)>7Yh~o4{=GIYi}_JOx`~)h{-s
zN!e;l;C1;)IHQ9ed~3mcl)vl2sq$T+X^sn?cx>)3$iQei$n`UX`=~D4JKoj*P;_MZ
z(h?u!uL%#j7m;5(V)vhz=}K?}0lGpoLzF0qH7|9UK_^Z!F;2sY4hkzb1kZ%Tf&WHb
zHycrCB3?wv*nNxUd-RLx?mOx8!7~Zv?#)0L=kEj0u3J5stvGOm2S(7-=M(`IvxuyA
zo+Ae5+~Ml4D=RhKQ-YywB8LvRL1|IA%Dk&e(SLG+3<V4tKIp+iIV>1X1V}2StvS6y
z|4eXKmoXLE^jz}9ka+%sAkHC99fVQ@PJ}b~ZxY@Eq<{kZ#MH*1K);DeZfV_jtG0XM
zV>fw7wvY}Bo&PrBW19%X&{w|sX%=}mWJR_1t{!y;OyKh2=FK;^l8H{f_?^667>vra
zVRZ(l<XBpA4i){qag|M_16qf8r@q?iyz=C!wA0tIx8#iSyMG*}yMU`B@(b3i@ib>~
zy;)Wq8tn<{H#tW6h&7T29dRHE0aaGuS0BH}e)U*Nj-zuPy@rnciTyy(!IH7e-_B{I
zS7nqEc~Ej%i}<N$yM0wIZF|Jyn2TaVham!OorOaE4v&Ybx)(exE^V$h@>ULvQ-D;f
z%5-ip+%pj*-NR;=AG)>Pm^3;_MLsRtzJ_HQ9=ku^2cn7F8d$(6S$Ka{$?*A)(yl*s
z3Om?e*WuzM-xD_{2?p8<_wu8D1N%p$n(v5i{OdoIiX*IhH=T@*)L*PB=9HVsdL?h6
zI&veNpfmB0n~@WiH}d}!!K`f)`j34xW04yjNYr~3F^X_uz4>Y&qDr$WnFgV?xim9z
zhkER0(YWCLd<6;e8#|=wItU34uf6P5JjJlT!Qi6FTExlPe&o`r+KNR^Kz<z-pl^#o
z<b>jayAH|Xy$kvCMjQsjHZG#0gMZd1#U2oRRi2pc_e3c|x}Eev{o&ZK=$Sp?{prp|
z4Ube;SX1qVQcznKpk`^TJ+XaLCl{*a+&Y!ROWd7;{6fS;{(?ADSU3X0f(jH=y2~s0
z-YjViBzr&Oa{ls=5Mm7RVbH^EiHjY)F9{CIZe<Bi5J7}o>y>3?*(t1gCrhdlU&~<7
zR;UCUZw>D2{=x~i+Tr4sDr~^t%)mGbm8|I<6f?Mmkky6C?>(FFKh18%Q;9L2mf(a<
z3S*{IV+6zu(CI-saJLPoCX&rKC6^z<6sjEvTWzc+R@H-qcUtAbg5!fA+QbBr8k<eH
zP-F^k<?4y7clTMKcwJ3ILXuZU*cx7POL#Nt#?QT)X-jx6hYt{U{umE=xsaDn+VJaS
z7f<pzkxyF;+{})=&y4b~`7#peZXAUBQ*SkJJo7S8MX(EzoxrwM-U~`t@VsZJ@${PP
zSop3p0l(c;IM)$o3X<;VK`ke4<r6ozQZnCk$BR`V%UTbdSFkV@!^c(6s)Mann!4%N
z8h;paywqOnRmjqCxj(Tc*3-@jj6jaIQGyAU6)w&+B!K;iv)|2si4y<nk8v~L0oBhP
z+1R?IN2O0fqd08nq?N-rB>;7XW@O?+gnzEc&DXL9H!SqD2<5Y06`OUq-kR#&D$5Q_
zNWld^hy7a~RHKDi#dw9eJmKo5!J9#2Hh|-MYwiZ|Q<y<RdD5qqPipUvybaRa+P0PA
zIoJ4o`}A<uOsnv4maML50ctr7Isn{wz5$weZ8DXWIQg!^!nlH4Xc?otn7h;UpXqOk
z^1Qr)YS04v)oLaoT8v@rH82HGQuCnq0JO@7psG8okP=R)IHHrAN*M3kcRHj-WQGg;
zda=h>cF*=coyL51SA=@FC$*5mjDx8V{0#D_4jJ7sgI?@Y=HrvQkPYt!@FuOH4*f3j
zP^l5ekNd@U=>XCKsTq_*-;&jHw-u16DoyHYRZwkQm;Vyc#Ie0#=9tZsZ2;B~B^8>c
z9D0<YIBhlqvw0s*)<t^v$cMr>-~80zvle?eEhD(@x~YPG%}3~*7;o_EzWrO_aa%7z
z7m+TWyKFg8ZsVnk1%XpZGLZn4bzp@?A;&$o^Z?EB>k;xS*1GQ(>znTK7?AfKjEo-s
zvnj&>f!aIg{kBs-^WS#JP$H$<L9=hpbNWH>nY&e<9088)=}%BN%8n+|He|fla9|FR
zwgsq@`W2*W0W@dTX72~DD`55A(xy_^%AScbQw{TRf*24}T2u~rx#-8OnfU0fP7i09
z3Sk1!?|2ozU27o%rnKNkY%<s}_$5rt_-@bX627Q$eA%~EEpx|(m+8g~BVl^*V@%MZ
z&Ci?AeAAdVr6}DfCyT{TQD=3kjaEHVN6calEwr7A=7-fXd#K_xuMc;tQ)2EzhfqOZ
zE9Xb~Enl1O&!+SJV2*jso$Qt7%z*H3G<B4FF;^Wy8<;aQ8u`2C{iG_-$v-+2;BYvN
z*v7Crc!o21HR>wKwP|s+>t7|kywtZ(Nqi^D0^rJtB-x9U;Z6`&Vbo!>z(t4Vqi5LK
zUbc(YF8Rt{v|IJllWJmczi1aY`6|X1G_;(q=#VI_mRMp%Sk+d5mK>#FlsO4)_lD#;
zWFwg*eU^z|SdRvlgjPCI_Yd0#k<jSBkZ0}eU}hjOH|foc<kRGiR6MWNJDgJFj?6Ut
z1$i?&6S=8hb4ovmM%NT!fr~wH5ZXwUr2pmR9;OmyvMP{OO@WCU`MKU#Blr*M>2*lh
z8N_Tz^Vb0nxs+f8L12}Cqw$1t)2lA0O1HM@)`fI}Xf}mJObO_MT3(9Ti<OVv<$4ZR
zz-b#7Ucdqcn%_m!CLIWC&dcVHB+&2ohIKUi!EX%RLvWyb5A`~Sw4P4}r8sdg9o1wk
zhxoSuZz0Hr`tux)2KeTG>aZ!c<VWfMdDo=fQliA6J{_Ize}t<STJ>^}s;%37`6Dx(
z9Wxz{8yGj;T920LQ~r^#ZaRD82)_Q-I>{zmx${Pp0GlZF9*f-jwWQndT^J<mQF^u-
zQpHF>*3qaik(k7>RaJ2b(l!~LN1n1o(88sBLCGnxx`_q4>v;DsWc~z;bCI?18fV4`
zN>7QIg=qL2=G&wGarr?5l9*NL&z0RiIegWoDwh<(1Z~(|zJ_qCE{`Dy+sx~>U(FZ7
zoUS}+F*P$QyKG)ephY9`1!XZ*A#{M;4=x_=E})evi>G6avK5HpxMc+hv0jLQ#fG+n
zyV$2K%Of;cR1Q~{&LebQY7J>{M)Q2)*&=7tii_<J96@}3u3WlGfPXQC-Y&L-mT1Dk
zCb}vO>6;n0i@eby<~Io&@c2H(cz|+tOyU{VfBNVNBzeiv0^`#=7V{8<z{qr+!8bz-
zTfln2n&QR*9pR;$`!-ZY*s!(riQh$2{#(eGh}HFzRz6f2B1Cv{9qUov{gr`-hTzU4
z(`U{kOp#2;1d?`6j#}Yaf^Kpg_JRqNwZTz_u<MmQ@nx8u6|c_YEGcvZ$-01rc*`)+
z5^D)eQ_j8?UZr%X32h?ox1!?j+kK5tAute_v{1aPI1P<K-3fsn+KxsPo+Wb5C3m^e
z4)b(VI`{XNv?u=yK|pnegX*&C90K<_d@hKa3!%b{9JL^&hpg!KUyRGZS>BcJ3}Xig
zE%B%5pWAm9Y2}M(=`O>g0*;4upcX68yaesqD8cyC3ljA#c}-*4fXXbLR`ZnWFsuLM
z_v-$E_wzh)yy2uoS=ul^z&dTwMTnfi%j`+O%bT8z4<T(JM%PN71bT|b6q#t}%ujZT
z%AHrzbhqLkjl%p;m!%bX`2E^rqu9bV!JE4!Y^4fx@47CdR2VELJM1UCO<gf}Z1H1V
zCjzfD@(oeUFxTCXjYpm?uf7>u_POWVz4n6td&_)j=|YouliWSKn}V7S+~nHd_&&8N
z2tyfQCgK4?N}a83`eg9(_nw4-%fhoyzg~cwMZA%7TV}JzXGyHXxkcZ*>>XFM@k2zi
z>H@`{Kt@55_YiD9cyNM+)KKm%Jzb_hg|ZXiJ&vZhT8n2<3x!y=Hs1-$%%THw64<*b
zzqd^o%*{7;fTg@-5GKSO>w<3CKc*W(Sy#Z@K>xW(*R)L<{K*zHDbvSpND=+Z7*Ko4
z{x7#49a^^oCYL4RtRQIUDl#Hz@tjawCgPaD_nQPig)%<-4gnTf$dZ>6HT7TN^m*sJ
zX;mzm5b&Qvnb7;}i)`9t3FTgm^gsenMIJ@P7`}teRdJzyV}8<;UaZ$PA?ISse@H6%
z392?qC=VBCf%us-R7RB5$Z$t>9cW?)I2PkyTtl|o7phy)Ng!@3J=j;FSXlR7Dofgk
z#PgDijs2~67-@0V`6cQ2uQCkvrJ?*@?~Lx_ktAh<UdcNBQxD&o8^tUMJ_h4(3@?=v
zdwm6E@HKM0aL3cEhc|!bpw|GIeg<*mWYRz6Cz_Y%arlk(rg60M<sNf>eNg}UtHJe2
zVk@1s3xMuOEo+cd!+*r(bj~ePr<0>5fnX8{#HmO}BFSL_5Pnr;gGn#XN=3S}jh2(?
zOtg?wTRejbHuoE;{#$GDi)KS(hdQM`&KGOl<D=1{PiR*PE!K}s%5)MrDcZXVhDrp5
z_lWbf6(#@M&cQH+<8ad|_^rD40AtPY(TdGabCwC+spC)OEnbAk^=RQ@xiR`{S?TEL
zV-%n5Qr)KNJ)>H7h<pH*9G9*aIhctyCtJCOQiI<wz^^m=rk>D#PDV_Q{Wet)MUQ(v
z1~-L22P=Kpo|RmVuLTm%=J>*+z{8@Nru00;{9~-A0e#gEq(DmquJX>0xySA!3L&ca
z3xbWQ`BDIRD<#H#N{EGK|0$Dg>?So3)A!%f2s;9o_<z+LQAl+gZE}8nxvXcUDYDhF
z`tJ!ZiGb|BvQh>rq|1)vq)*diEJ=BOBqg#uSJc%U84Kc3-O(k(x`-bQ;ay7(PN{9{
zP0_C<LN`#t=ql%HC^0ldhc$_c>IWPjDEWv*7j6RPnN^yoyhpq=BA!hApJ0t8J(B<S
zd0zv_CRry_0`Q5$HJ*4i!bLZDD=N*HSayl!(mZd2$WN<-M$afBi`bqn05RJhOC170
zf+Jd8wWVe)1i~<7P0g(Q=V046py}B%#yoCO$oyPGpR`>8IItGOzcc^b&p+@c%-Xy4
z28aitqV{&@&X&Xv4;wfBdamS+WTjbopOw^l{^K5e=z>a?U6{6~v^cobHe~<{F9MN$
zzWrBGhQ4{L3swrJWo{C2ZM%}LvU|I#MIN<+Au2j%NyDhHVMvRk%}JCcG3M~;r;y5R
z30rwljf&m|{$c|Mbf08Fi2re45hzQFTrwWv{PR!C-v4@rqeZRkXWW?!Tm`jE*70Xa
zDUeg2fxfJq0~NTLZkTZFgHq6mPwrOzhbMV&u$C!4V{$h-*#79bfbByqUF#}F{k5oM
zHdplMT5Llv3<`vyKQaT+B&Om#D-Wi*c@Bg^ot5RM(>&<?k}l1Fd@Rn>^ulLMFE66h
zGFbU1FtvVE(WHG3{zPv><%S`J@32YXKm31;`!x%gLi_o8hsW_&ZBpcD&5)|%h&lWI
z@3z6PItwIwmBW9%BU3TgpYBLrN4K*2f!8>tuY8s}o5m}@y`0nhZ;z+N-=>TTupP8J
zK1NX)7RU0WlO1Ym&lafjibCw`8^bdw%>{zj5j;V;F9!*PU$d*s|G@7^y6Q{7to{)k
z05`R5Alum(U1!IgYU;6Z_F~A)4>YNjlyZ84Hi&jbukz(HGmgEa7sgi1IGM#mhS!8E
zD&eP;iMr=x*s+yVjqmuB^rQMKDj<VVAsh6mxhc{Q+2iH7lKP6VFG4%-Z(`7s8*M|6
zXK#jo_;-7ar}StY<AKes3euIe?opU0%kl*w)@B65;t9iZRn@TX6SoMbk>9<X$BvBo
ze*ir|!oM{*ja91zRDt_ELgB?)Nr>m)GYn9b8&&=qL%Y?3x*9Uv11P=px!Jpe7Kq@B
zC6=c|+vzM&6f}w|iZ$eMDahR|>;PSK`^I82sUP?*9oAN%vyDg{jjrM)%$b;!Bl11Y
zIF;-I$oafn+7_0~!bH)juUQ{YOaYaKmm1mT5c$2ntIDBIH7wPFpp)iw!!6Qe+fdUO
z5;B$<!y_j(dtC`MQYxTeNxV`qokp;IK1$~|Euna%lJ<Lc8=SyZQiHaURva8z%SFjV
zB86|fVlMzn-_Hp2ce?Ik)~tk5Pi=Rh(W<K^4<9p(M5I@?Kzc?OmOL@mjO83C(M<r1
zWy*fP(yMb{3mrcHhHXpA7{jor8^N#g%^DlpNL5%h;4rEKqM6UQ^RD&Xw7fv>6;^};
zrlk*guB$7UsR|%34&#&WkWcZYG)yoXD}D8K>=fNHelgYu5|&QuGyLt)c8jT6>X2dj
zCPwmqkw5BeMOxv_`;r|c0n<0f@_RW>RVC4K{tlY^L=+uFoN%;v?t%@Cd}HUzJ^2Q4
z-3HgUqH~zX0gdSz(&dvk{(vG$rS?;$r20JR<tjpPGvl~YnnnvZ*1}2VB4fvg!}%Yg
zc1Q;u5L0o%yFXhoBM?qDT*6K<VztrVytT!d?!{eU)(mBnrtFrq&;ot-8=ZT8!hI~e
z_aF;UddgJ&*3Y>GvXH#|FrgNsMT<c(WcY9XD*wTU@fWH)MdB>%u(F;rn+E!4y;|7S
zqz!wG*Z>mMIK5@;D@w*L|Av(Skp|X(Z9HgT`fT}~1xtc6zhN`LFu)$0Uppb(k~znN
z!8Cf%p;jCJSd{^8?pZb2ofOBN$<tdn(Ap}9fe>LzUW<s3vK5QWWf!So_TAqHdg~d^
z5FUT)88rr|+Wr^-%Wf#8+M14JuroQ5KEQF=7&-iJZ0r?W7Gz-$_9q8`7GBoghNu_L
zDzu}gg&z7W64rA7eN$(@$;8#gNihh84^h8C84VZmOM(?DT)KNyqfXZOX~c078Jzy5
z<!FCj=xGHA;tgtW<DU2C1$%-D#^Pxlu0omm<ul6(0k*`4ONOuqvSEj>UUi85rqf>t
z9^OBDVxK&L7nmoNzr1Y-I_NeC(6of-#IKdW7RU>BpRB1RferieO}wo>&fOss;8daK
zI!%fhJL;%#gq`A;Z1~=Hyv>7%dBkSkplmoamnc?$)WO2|C^)pmtgy-)@iU<=>elv5
z_sYSq|HUFuIq%q(Sj}u7J;G?|!26)B9Hb7ZU!rs>wWDi&QuFlWy1Y$SQlbTS98CWv
z*eWiO`ZamX)QHPtI66+JY;YQ#UBAt7EZ<Hp4u=Pq_vxE!TpE3N!XkMZ<pP&8HlvZL
zGEKzBGEGQ3*Y=n-YuAvxty1e?DP)mekU4m$6zG46!x<^a9vLeqkWH>VW*2D;1W@P%
z&{qrJN3T*d0gVC@^9hi-zaxT|EDBs`406zXxbmSyY0b3+2VLRM%zo-}A=gc0c$bpJ
zsGC<L;*32AQiqu-68%VN0%gM(Vi?IPcYzjBIe@5K{fre{qWwXllUQRuc2r!w+K{c8
zR?N6aa!pseO4-7iaGQm^=-~l#(My86&N<==L~AP+?X4IBxDlD4p5s^==$YW|ofeud
z(S5d@b}DP6`O3lHg*lxI=xC4fkq~#jvN;^Evw2%F=nLH!FaZeso>8=g6+k<g1=zb5
zt$xAFB==?dMKG15OZmfql)pV8upOB2E>#7;SS|u65w8x#VCZh9XhEx9v#GBbIaW!{
zKcRv&RyXt8Vyx0Ei)AVW@>c>%2rJe>mXYW(^}DCNn6$H%$}4?*JbO!xb>3OnDpXA!
zZMU5tLf%0n@i+#G|Cjyno~uqRZFaAXgnOAqbV*xeLYBFv-xDxGG<xm$MWE8>ZT-JT
zATl&j<9yQfsPoWor9p3pc&0y%GqRLD)zd*+f(m6Wz>uaugbNN!Q$Vt}$h}NAl7XRG
z;>Idq9u4ckd{nl21GAKq7zxKV4=?;^skl9_IU_myh%A<7x{=n{Vx;H`Ky222$e3#+
z|HOBx+(2#-p)Ia24cCuY{i~8Ao{-8chPy~MGEWDW83wL7s%pzs$O*f*WDr)d-?qVq
zWd_74G+d$iJMI?TduUU4q4CHoBLPc0V8O_i_=JqWkVP(25SY#_Rhx=}!`99DZy3Y9
z<~&)SkKm9?Q6T{k`Y!3lqLDcO?3{AQptQEvOle_rmBK=FTNRYbKi>P19noLJAbUw)
zulTzlELIqLf-KuGJG%r9k*#SawzJ!ky?R_&!CJ4QrZVh0Axi3ZtY1;^V(j?WE{REi
z-r1cnq~j}Y^B?%8>U@eMw@#+PBv0ZXmu|VtxFd#(7F_U9G@KsFT7@6UU!A;*`!}u2
ztVTN?OtI0wD|p46D0O^>W{Rk!>>)G2kM=@ghsHvBZG0Q<R9VbB)rCMWLYTkX^;x8I
z!7LE9-gMPVLjqMu`Kid8JbSFJ-tzeY=|It`EznD0O|zACpgo*{>xfCS4B^_9#I-*v
z7Cq0ae^4hSKK;YDTVq}Vs-F}>0~>6K6mSY9KkZjhiyDXzE>1sgr{^`t2D~zTLOCE^
zj`A>%k+$B(7TilLDfN}XJsxYh949*$8Ef0{W%R%cxQ}vqS{N5B*V!DWTmz)^ycQIM
z;oju81%V%fFHt4evBv$vGuxX4(|xSn!-TP1lw?jjdOhBOqUPS9ZCnr(yaRaT+oN2K
zDjpnsw|>H(HZq#a3UmJ(0fl(tj=VtTzZR5@a>IL)-1M*dNIJU)bWW`B6D}nD6b4Nm
z>%RnNt=*<Uv_@2*cGChWo!bb94Pk4HshuQI^Aa_BV%io>LHkMXF!{>^QdiPIIj03H
zSTXSRi+FCfiZX<dy)_cY^1Qf3qQw2r^t6k({5Apz0Vb6C&@%4(GUz=iX)MeYS`8S}
z6|&)UJ^A-JI*jzNDnt_IQ0nl}A36AfBS@Ds5ePl`#<0aMyyaS@1zm%liuR9oL)fK5
z8uA5`t$0=mASF@RA(<cNHVE5V!5hGJ!0)?-HQ9gPy9VrMM|2BiKYf2ScL{3`g$%2&
zX@m6t&bbVZFuw{4V*SKY6rr&O>v_Ax8f<}PX8#);BLn5do~MI0JA+ws<T=?>AU9Q*
zSf5<7JOmc0-iLWk?|d@E2=)!)<VR)_NTeMLx9kHs<5u#IHaS{36@ik4@A5Vg7|qfQ
z*sU(y1QRQ%49ffU^tJlCVJ5}b=?u(1Fz&B;lsr$*+^T_yqHMV4*P}w_aKu{>vA86q
z2xs1}lbdS^tWl$aTcu@)U-)gG98pts{=JVq<DV>llENWLrMZHpwF-pD-&+{#f`XJt
zh42ens)|xXYSae=nmU?G!G?7Lu!@~!xNvE|!l2PDh9-RX87h`>x&Bl6qEi}yP76{S
zzXKUmnwf>$LkU{$d>EU4><deo%mIZEwz@wqis&e`fQYKww7xATeYU<8T?2;ARZ7h8
zydLK_ON-y7+$Fl)MhOJGp?7|-feFu9xyVH~KcxCgTBZe(V>r5X6;|YDQ$(MlnB@R7
z7r*Y)JbQ0oeobqVY%tf#xS?(VWLs{Ikv@I*^m@#3N<`mFnZ6Y2!&x6E528Oq-%&|&
z3h^h6?-k8<*fY7te1@h-Yv~NQ%zGX`As|0HpU+~xt4Dd^i0QK#?1&lJyzb0b`!0~|
znDwpIdKCBT#ctL&x5$m0TPEc{Zr{4{xHtd}w`x*P5NrC?_su_FC!yxEMZ@vr^P$A}
z2?NWWBLT9xo9P}%>^h6o^1%n>B!%7YOjcG--E_JZdf&2%J#r$|^%oE}<5~=OG^7nc
z402_CyG|^t6e#CY!)3EF$jS_R6`nKI+QoEyyu1!)f7u9-fl4S6j@A*_d81%`C-*>W
zk+!l11s^-z*QLR0_}x^psi~%Eh5jwlRq+f>{20O;x*P6sh2BTzvjKd2nsX!{vWM`Y
z{kZ=;$GE&5q{0E>XMxl>rhE8m8)f-J(VK4(rEVdAw?B_)NJ^0@;u>lkKV+W3*nFC2
zt}wcBA08U~jNk)_cvs8?a?4ZePg$t&W|6t;a3YYsf@=kjGQ-mp&8IpDjM!!c-C0bc
zX8YX7xz02nI#aBn`0%$1n|qiy>~^C=fMcE*Olv1cVR8zL1>R02sF9b~!x32k3i}6O
zkDwZzpq)og+%{7|@F`=!4rRwvXGMzB!%Sz9RKP~MIKU4py#^LoYF%axY1jQ&NFNGO
zLwEM#EU}s`E!AOQg|dv^3R`i8@VpYWMWVM66Ha<|f1skPz4VueKQUEn1RWPDUKk2M
zU_-G{)e07r!{A%U^!$L=r>)-@w}@6!*{Q(!UBEbHy39jN8<*z2;>b~xo<^TC@<($=
zGVcOFx=swfXm%ci(3Jes8Vt$l0K?pqU+pbdy9&<jc@F1^t$-30YguDV*obWqe*-HX
zD5sA~YZDP+d?IA^dHd<_!3m^kE}=Fju&uclcl(Z0h{d8S{ab+HM7O<yrfrlDt!OEU
z%k&4cBgWb!wCYrTiK@Y@X3A!QnT_N7L$mnnu3~Hd?tTLe!w6|oP6s7llf)FbbPKcy
z^hT+Em9J`E6hn%2lum1mIvYgka;Ilhn!A|z1670jQ0lhcei2|QVWk&uhdgtNsbk7k
z4Cx*v*@8Zq+_Dzv2gV$`M+&^%+}*~bDcA=#diHPqr=Xgyem1$HQNcOo9L=uI8tE$-
z*pQ3f>S5I((K;a#erLRFlR(?#_;zX~{k-Q*$88*In*F4VN3Mi^hESif>Rztz^GGG(
zc#IUj3(z%Yv6gAx<WDjq&@VRYvCb&-(^->Vh!&NkIY{Pr<g`_$G!|*c2r7NAF%O4d
zCB&X;LnN988TOsUfZ1FMXxEMM4bA*ehMP;K2r;*4tqkBIhzn5iTX93Mbkc}o{HInj
zGu|0ar|>gQ?cJHQ{GKi_Kh{$}^puFq2lL`de^o0(FMYJG?>zlsm#bcjG5$XUitxPx
zVAz442>1wXyAFhPrl#&l7)jR1tGMr}IajTCmN8LAowME(HpQd_#X}z(#ZUnC%2WO9
zF#*KSPZ2f1y0+U@U|WJ#T^u}0P(EJl$CS2sr?idBI15t*wk`OG7QyuKl0d0oLZvQ$
z;4Jk@DvbiX(kR49t9J?vKN1a8LazAiQR{JaXz+2~iJvrtv`v`fTAFykq?*4pG%co8
zKcTLr4qBOzGyyq2dLIkDI}Azz{?IO?>D-yFZ>q9(frF|Sm+M#c;R75t%$ngw#twmQ
zi{#c>R)bZyB+XQQV7(22gs2OFlIt~Mt3u@3pl0&TRObqLk9ZWg4-2RBkkKoB$P^Lz
zcjelN%+LnilA-ipZjK~aff$;L_%cSgs%o5mN%+WSwG0q0DB1=~Hom)G6>sb%G1--O
z@t0%9RDPKWaml;ch9V1G)jt;2$T{|?bRM^=GxJo~>*tUczo+kFDxkQK{yzLp-wU>F
zTVaAG00ACWxrkWTA>_Y>Th}gA+ny>=>@hxM+hYQ$*Q8>X66g5T=3*oj;%LI|<~rfN
z?b*!zOh);cL^Dwbe$TGJrH`Mk6|r1I)c~Vyn$M1#F4uHSVbg&0%o=#7r)PJn<!&@6
zSq5&FU`N4{Nn>B7lJp0k%8$fb{7hlcS?MvB0S%s-K_DmNCIm63*FXDWDNjNNy6WS?
zhwXa2(an}APLA3+U;gS$_6gQ9e8f>?JRwB-8Tcx>#fx)rwlpE(KK<k0=wQz%ZHfZp
zld2?M93&oqXhd@FYd6JIRoRJhTQ_*5+b94XsV&FK6dfGgZ+SInx%JleG5A@dKZFx}
zUqmF@hl$8%w~$TW^CN~8Rw=@SoBec`G+FuD3{o5kmZw(jawqw|w4~3ykwA6~Z#$tF
z)7Ffu+%ba+YOJc4<s+9SS8|rXC-uKLI!d2*C+6gH&n$0(=Oozo3E0RlB)Ly29N}VW
zb2l-iG|W#03yah3xsl7DdS<ij&_mc3QNM?bxTU}lq^Gj}+Dg}}RaY#Sm;Z;p;k&tj
zx%aFp1#B3|EsUgg7*lTjZ*Il>8ln1*<9ShO!}F6Yg29dGRRmb_lpb~}>7E|vpd~jW
z6xD@zJH2(KM2EN%5Qk>#vJjSlim7SLoQ;%EJ5hQ7?4{$~0ouReH8E_F5Bwu^S-O3W
z;9nb^LptFHV2JGJK!QV#)9Vn_q~E9cR-&_BP&m#3e?lWfG3Y#BGd=Q%MQl&-RqAPL
zjn8PDM1TMlD7WiJfGs7+(%Y@`#VSZeAt6(%klro}IYx{C5p4gvkQ+U@_ehdEx`Vh}
zN9R$8i>%S`R5ghCKnYQ|-bkrYtJzgTTXVqV+CR>xYsb?q4OM=hUrOT{lU@ka5SwXz
zy)v#^<vS~RsdiVhYovW^8-1ilhPODH8K-c`x#^)Q(g*sf%`bvK%6cYbo-?<I&j{!I
zKX|R0u4V`@bOxFS0OBe~k;-1`m7K0%y;gzfH;rN9kkh{Ca{z%m-$|feJ(#CT;Tkb5
zO&DNnFadhrAEAj<hwO*;2s(73cp#D9daZV0vf`|-TmhmQg#VQgbiQS3%7@|9n$a*{
zJ*o8OB40&iTVz?BNBi;+7A7Gl;>%Cmejb1Ugi_hOv)BIuUmtLOMzk^zljgek9SEpM
z-LV<DrIy&QPtig%AQb#=*=RF$FfadGQL>Yz+GxL3FE`9UW;j2BF83aT-8poPbg7pv
zmv@jFx>mpFLF2k6@ZFRy1Sg#^L3u?OHt1T00ToVnJ;FmrX;NZn%@Fj&3!Mv+5T-*x
zl`Xz=>(N4AOq@Ci_Lxd6|CcTW41WuwhW)PJeTFi?FpZ<@sjk#$XDk>rE}8gc{5S>|
zZb~D%*S?00UFKeEQuF60Q*=jE+)_@&fsFkg+m&bKq*?Mj^inj$)cpEofDsZqNMW6i
zEGjmiywt#B9+b~+|LS;M7^JS;h)@@kRtVDe=qmyg1r!(z#t-ZnTLo1Ug5Ici9F<I!
zXpm?v$ikTlIT9j|{fRV(4*U7p&&cTx-a^xaACDudt|@R(+35}AS)d7>FFUDA=Zm2K
z?-Du9Y3GcEKGxgyL*24<1iHb-ot1F9U71t)9|WM9E!VKsr=MUQ>1P&)l+*7b*XhsF
z%YrF&RqW2XO+skMI#(6o6xMvUY33-!trrmfE<V&!DKI}eR@_(1=6J{d=6q`3nWu4e
zdp<){dKhvVoT?6}c-80So0usyS(Y^L^C!|e3o|SaDYju~<VG>Mng1ly+)r+j@C<rb
z?1_<_d#CbOJ+sbm7@_@G&7=(#%}^rX_a{u9ZZ>Vy_i6wU1Z>j1!FaE{DhJV--=FG#
z{qGzbZo962z)UBPvC4;#1*&oQ@i-q<U_pa1Kt4kNZZcEU;`<rYtsoC9_+_|ah5p}k
zH`0+Uvpw=E7*a27gNs}X=qf9jje3R$H@_&yqW33B4Mtkxy6;=Ksyl40ErXCf>`DaH
zn4*Uz(y*jOskQDUC4yWkLFN7{88Y(wNf)x!SIZG4nKUKLf>ijv1ey<qP<$E(GOJS6
z-j?ev5|L8XHPX2si;;TR{w|>@A!sj)@v(N<9$V;=et-#1RIcZ6tjvNTB;PR{mtJYz
zA{#S#)rPh;n(Tc^AoS$5htoFtaN|VJ%rNW}LH)sKFD(1g)C^KBiihCU`rC3N9#}|k
zgep9>&CZSrG>R{WdGw4v6JHuA^{)UXkaQMZ<4tIZ2G!3ilca~{)@?3_D$^njzG|he
zXS30=l<h0;HxImE>@K$cX0(MdpGaIoEAElNdBc2}qlXg5lc1RqQJi2!9aKamE7A^l
ziCjYB4)=0tqDIj5@0aK|rG9NVG@vmx%JFR0GVN*o5*=Uj<#)$5>vc~8g!YDyDpmPd
z8ES0isKBC74Mj7p<WZy9#RHKqTjvyO8%|<-YvwA6+~qw(M>60m=ok2R0u&VOx{q2t
zp<;f%M<$f<)NQW+a6zGI2{IXQ+Y*bFWZ65NmoS2B5zE+LJN^5yhtJI{%)%U7HM)S?
zNWynk#It12l$SbKPoTu41pNjY%}vHm3QpwzWn#wuy3QmdcB=UEc2(Um^_bJpgHsan
zqfs%e+7l#Y!z~~J9c7kIjX$r?Lo0s@>7gF8N~WA^Q743oEhNKR+I3|#Z@7=Io8ng-
zB^Db+CG7M1`CyIB{sb0)P}GM~fXb!ES4+{29Y}KPn=_hr)jFvrj8j>iK|+Z_g#vp2
z@x~sk*dUT-_fbMw^aaSQ{8|aFW|BFOZ_O#D4>|#4En=h>>xtgB<ZAks@qi@1UlNWx
zuO*%ZFvbm1$v()B35I6N`ph~4{QlEBU-pU+_L$qG?B%z6Ne=V8htR594!pZ`55i#g
z>M#A16Yp<&|FK}FDqq9x+M9$VwyhRZ<{&yr+cvc2<0_xex*F-7_#7#t1je)i{M95>
zXP^2VoVa}m3!cE-^rx~mRj`<XQBtZwK(FI)9&z%17dBOPn8+AmHz-6sdS`14*yyUt
zLj6wEhI8%$JAXjoXH`BjGbJ|E)Nmpe^HP^<Jv9@Q3?LofwoGU!cT|CB#L#<T)Jr}%
zZ<bmitcz$>rSTMxTAi~AW3WYQa|KxVHwF{?*B`AHc>tf<iwu@D$MYE9IJ|>{ocd0?
z-^;xh0(XVhNch@!e(7^6*5`-lK$dj5(6PXv4Ry;v1uo8C0WFVuaN(}1#(2Zi9nxl#
zCXa(d$%aY-DL(vr#6P7W<(5erDGiNju(x$}_JrKP2fp|FMqGCpypk2yAQ<Ds;VK#y
zE3*uOH+b<Yoa<<eFMdwJ;kXzJG~lD6I$&Qep1gU$%R95|t+>@e`Q>f)7gaYq`yz9+
zF+lPh%1T9p4{|LfB1+d6yIC5A0Ns2Pghq<2wa4Bll}}tiCd-E&x{22?8O-GW=qU6Q
zJ4<j<TSBHI#nvl92!Ld;%R%pXH2I`E$5T>iEH-Wi-6}I-_K*R&RB(JXpn8liNv^_Z
z*5a5;mDiMOfr~-TLiUekO1>bJC9}QQDZ=BaHc4rAhF0h9m7_z{gIOT&i)D=<xw!op
zAjahV5aRq>kA(PiHSbc)PkE2VAkqI|YW0(D)LNF^Mi2n*T&F_4CF+bKRYw(y9vdm5
zzEK*3cZ(Yfee#_D#dcy(sqD2tBIL%h&0b1I@Ey2;c1egnOy||}BGp3cFleG$P%K#z
z`$;tW@@MlJ=G#sKL>?6g)VdeJ!R9UXK4o8P?;}m+N@|F_3NFWZo(ao?9J%czF^TJj
zY=ziZW*g{mbQjfbb7?8j?$U1?9DZS&&2#@Fe6EN8x|;CSaAZk~vvZsd6XhF_Nlq}R
zawSGBC&Fl;y0WgeqNS4?4!K<w$twIROUDSXDE;2o&-NIA!a^8E&%Mry;4N$=iYzcC
z+s9AMDrnle(PI~R_x$tp8544M^yunHX3mD37eLU;d@u(-W^q}DXgT^gXUZ)F|CBl3
zucS_pjTz*yZefas@;nDfu1V88%cWYHh~nJ+%Mk0Ic}SgnbUyx-M7n@{C(y8$lB^k{
zFZ|wZk0r33u>O}lUsCmFk~Yjnxs;vuI<Wx$#uHu{z)~J0$fY~Utizxj;jw98ghmDx
z;5Psx=rVt$__W!h#E^wB9?LXzxadn*=i*6uV3O3Ee1xm!L~~byWBkBjVm>h{0;jn#
zM~dn{K4z$P-D-1w`Q)b(qdz^_yWoaaI)iTaYQrJF4H}zQ3mYpPol@pG>R{tECz`&~
zhx>DdQ+crL8yhf_^!hvGO3enHDIR_ew2TlPDk+ACrs)F@f-S~yi8`)B#&f)YL!O2&
z01XEcQ>76~^QrpHhmc<78ee~BwAWD>Bh&XYCshe0+^WKJii8##PQIR0bb>{pa;Z7b
zuDTq18@fJKT+x0>^Sd3xDxA;lv1kEBSUWa`AY-;B=vY`T^q7eceht#c)6<G^F%s<r
z<h&vg&7jbzFZcqttwM=gz{8+VAf^NT#={PzPh=BYzJfL3KuPjV6hRS@m*cm)=ouM;
zznnO_7b!KomQ;$r;#ScFX;66*w5nWSRA%=*6eKLy)ToXZVsF(>$n<tjDKK#t(L0D{
zv^j3ncpe2aG-V~b#R%xMgz;E1p@j8W(C?x^k1%Tj3XWisAT|Z|<SC}TD8hP#xPmsv
z1{A>ZmP1TDYh{|>uQ}VWQxP?1P&>4V8$!t`iHiR#QUO8N=Cv3i1p-)LS9k-o$!eOk
z0&m7rtZz(FdS7s>w_X3^<vXr7Xp-3q46CSI`%>y0HRH)L{XtNLy&cRkX0Ti-_gidK
zY^<yx9N<@i(?P}37qB$GrS@Q6JXq+u@jAeJm>#Th6>CpUD+N6^EmOkY$}F#4zq#Eu
zu+gri-T$=e*DG{)yY442g{ba*9drt2*QOaKECWBm_I9Cq97d4a$csY~w~-m%V}{xR
zYfTW6%)D~iCHtoeqMdRlA<HW2fwjVvV<_WGP!?G`hu6jC*Ucu_9pLo+Sqb0Xfc9DT
z{7x}nYVsQ+4!ox?)ur{^$csak!U?|&xiakm;m!J{OQ1}zF}C73f_@U=0%yV|4l`U=
zfV7}T=)GylXvEaMqxq}xTkj9EsoR>d>Y4z4*0Vr6a?MjHA8-oWUcnze=vqy|04IFb
z|A<#iKr#?1ElnK@Ur7jVbp5>Wsf2)BRs;)KmBHV|hlKsr7saCl&-QJ{CsU_*{$fh_
z@V0k7wN0#x3k9ttlf{xw$AtF6%Uc*nPGUPyhEep-4~I{+hIoMSeRs%H$x{_39iS7P
zrOORd2MN$1;cW_^qF2MeC7_e>k2aFUw=imDq!wD~Dp^YYsl$k0wNNwZ-FbX^&cQQN
zXK}CS#4@aAD}_IZb-$#1)9Q%kidE0OZ=i+oS{m=2dVW|?eJ%+asb1Y*x-(`36T5@w
zIX%Vx>@a1RwoQ(obK|xc*H_e|f@DDgJdK?TlYQ-Ea}6(Oh<}0h8#wN<=Q&y_7TTsf
zljM@G#mgGDJM>@D)FA7-dz6l02P^GgOXCfv*!*u3i{Xc)2xJDHbIXJB*-F{&ao`D~
zo;>Ij)%y8_GmcCY6Y5PB3*)0?@t3D=;mDz*IHfWQFjgQu6E+mcuOaeS4nvpw@zbn5
z%s{lYs(#sMVMk2V+rxb-q0MBypk(B2Q$vzD8q9hoV>Cc`?!PwHQIA)&CA;ob&b~3D
zWw04`n_6j&Fig5)fZHmoRyj9s!lt;Utd^YCMUJJPht+cwj_ztl2Cl!f1jADl`in~1
zurT;$n6UAE54D2umrU#Hmn2wOy;D!DMGDecljl~r(@-L2?kHA~^AeY(HqKx+`$Jll
zqVEl?f$B(E#VklOp@LyNiL=$%A|DA72QSqDaM5#-nOWJH4(b@a$ZBHoz0dHKp?E&+
zjh1%8W~}7rdOtIpvyp(cMy#{j)R2x1gAma{G~&1{Lz&a$z?=Wcx0x;YG*8Cu7;Z-T
zSnE}TC*h7Z5oMdUqHn18ZpRQNJO$D<PRs+gG)FcHFJsHSQ-3jHz*$oD_O9f*09<P6
z`uokNn5R+UJ_beS^%MF6p_DPah8E86`#5@JNnw-Lv#l`aQ;7p-NSz1IQ%YY~eNP(R
zfzu_T&C&r9FomQh-qkn)4{mFe$P7KODDWMI6-}83yvZcoqm&uk1_D4K-p2Fkb5atY
zi*oW%qB~Xyvv4bYJM!z%cXKijj9ey8O^dK@R$`-`BYo?Ln)XWzUwgONG=v&&06Nle
z<cPzz$2~umb@6xt*1Z$_CIL`bBM}X%QcOdyo&UZbFZD<4u={Ls&8e|3zSWi%-1chi
z?CE}Nrg<SWSoewp0fk7pGM7Bz5)|sR@pb|`*pY$QhUls1(D2><H)48@YMO6?V-Q8H
zFTvU8Ii!3fx@0T`TBemf0sxCR%|7>c0qDBzHxAkQR|#U{VG^om-V-yqB*CU0<<bzQ
z<F^j@{3^_R<^x-cA$iy{@J(T0HOAF1oh%hgf3hk6GtC{w5szH>?N~XcHSWl`Ix`R$
zh%9S6*^h#cr(w=xy{^|CH*(vQb@)`whpgu3Wo4iFj?7w5rhysLBb{_WEMe&J6!tyo
zzObzr{L)g^sN(l)OD-zS=Kh#R>+VW}6}d-7Qr28u(XIBlWR(%rZy}#E&-O-uaG`<h
zASVV0c#^1q%?JQ$XK)1aBRZmBc3xDgsVkPm&&N=}!X1~26>ooPBp32Bv-C7XJRO%~
zV|Fphj~H<rFxN35V&$B-X=_>~%t2wMnj{wM91or+!ZmwZcvb%dYdRmM&T!sZ^A&bV
zzJC~M{8YYLD>%6pzx*#~y}Vi)2X5)FspuqBhcjtA8BZsh!Rwt~@Ht3|4o!S7W3B&k
z^+ou*93Qm4CkVb8<aBPZ!53Y~#49+m@;+_?-|UAd6@H;IVxHSL(fD%1`{p-)K3*$e
zrO)GIba!B7JWz6;cUE_ni7K}viUhuQF@K?pL7<VK_yUhKZpEVd+FG;OukE7!Ze^ZA
zj7z6v%eya9Ds;J^r7(qvb%Up6?5*4iw5T9Iz5dd=<EU2K&D*18Ex07$o=;}->YjSl
zqB#8mH2aFMyt<ekhZ#;k^Qr_5*X}A~E)PrJfiqjKk9BFhvxT_8bq(~70ob*OwoX5m
zd3ljrgzKA!npPcTnP^$Qb0Sg%w>>%Hfv-S3^9G?_zm$VHHz@du^^hi}nbCi45uNIo
zc5u3k{dziB?&<b|URP72-rS78>3kPL$5Ahz7J(-Z>MNx#0BnHnU=2(8<J>B$RM-Lo
zyyu1=3kpHVtBsxFKic&KUCA_$uJtctsH1>|-{?YFzARNZ170oM`xY|Z6pNGS)t#<)
zKuBh#59_b&YNa94o_&(~0trIMACYcnjlUOP<t~mQ4I|s7kJ=x_V{DKJgem#dHsoD;
zOCi6LQv~8uD62Yu8=H15RHR29KV2vYhxwJDFaSSp72N<AM`EJ{u55+1rrc4+2`>=t
zlRcikE#9+MaGX(T1YpHpm@nvzFuHmm4f5)dRLz0NR+jS>@<wnDW6wfkBvy^9Ks&z8
zkmEE<L1NsXvh2V=4zdWk4Xs%`s#jEf$cc9^Htc;01~oNJq9vd%DffsiqQksbpo0e+
zZxv1CYDDEe<r(+$skdi+>oDa8%|YKA_PAC##o9rlVd{zB(w^K0t~D>7tH{n%J{fbY
zCnl9+7Q^kM_4&wKDw?O6s67o!3>`lk@ZDss<dRz3TO{?y3Ips3c!so87UC#mmZYS4
zX=4Sh`D)SHQX`Z<QkNgakY6szhgA?o8mAO9*H4Bt!8mH+BZeS9p*H19OYXrRva|5;
zHqBW*HyrxGZqbppBeq|vB3$&o^9A^3>$Oo_ETD_6fp3u8G5G4X5a3@EC|z#wymOK>
zHn<^nY-l+}MiVhnzFZ^U(jc@Uu6CXjOPcEPL*s|g6Un)ygV-^ZXXcUKxbZ9-Rf(0Q
zC0a>9EhHSy>D(40>z@se^xf;#ji^Fd;&>-y<>|$xQ12e!%2nRW^H;CB#icoFJ4EZ(
za*TPHwrdG1N6&=YVHjlIAErX{k>LfMKSum`O8DJ!)uTI9^+7E4r)aGwU!LvZV+n4L
z_Gt<0CZ&G(UqA~}#o0BB073{@V`J>bXm@$pg{y(cB^)7mgA*Y3SAkMh`@1$e5#hm`
zR=0SWEt|zpq0*%J8FO#2nvd;pl2{P7<7E!}^F11?p_x{9M2vkx>VAVL<(U$uR;!R?
zyUZPK#EEWTdCc<Z6q~ZpxRPVDN5f2^odC=I3ntz}m|W#1{N=at*E7JgU#NQ<TOoDl
z*i@7wkl3mMzkT|{PnYoM<~a%We<{!Y<FCy=<hFpVFAI|Hn@>8GMo4Wx?z^{dI&u-t
zY;H+vhw#xd9DVkIAVe|tN4@Po5iY3PU*U{WH@}a3Y|L}4<k<vY$c-#0=MeFwj6)Ao
zKcZWO^zs@KTGF|zJ~YTppRz)%$zo7{HfIKV_4O99n?CqCk+651NN*xR#EM(~@8;x6
z3iiz0x#+ABg1f)hoGq)kFHkM=Q{(Qlo<z{*?_cXFus#k@E_q9PvTcMtq|EJ$Nlbyh
z;HNwh1}l#W?fy?Mj`L7zg~|7=ib9Sn4B^K{TZ~&lD9T~^2Id3`(FR;;xP0t6kM2)x
z(CKuE(NQjaCeXUD(phPmiopfkY`~dXORhct#hCK<TR_AI0&BwD5n?eOUyX7)H{2fU
z5sp+UI`$VHs6{~Vsi7)l26k<~qX86`n<t-w|I+w#YQV0~SJ4=XE0RsGtkl*$SBY@!
zDXQ|<kiL#QBh`x`eszQbD^{ym_9ldbFQG&7=$$uyXR!Kl9|Jv?4?Nb5)|tzGvcGc#
z?!*in_9|vIye?^Tsg9+D@^g1%q3?iWsH=*W3u~<7@fujv`17pMG}#Z2#Rvv9V6a)n
z!(1yOcT_fKU|1CFfY5y0DAEqpq4!vD)rFo=7sUd1%DEPgu+JPtv8Usy!~69hKKs@F
zA`U2iwoYviGnuSsTI>!LwG_sZ7AjqOL-O%q_jz}G#zkp7(D00fYv7~(W<b8@jB)jR
zm4<QBv#w{4SzB++oHRf4^QLcs;P+>7dJCx1_LRtux+L(rUx2+V9YMH$?F-h1HH7$s
zcm4L8u)hVZJS4{8O7!MT9FbTPFq8_0EdXSc+f`+XwG-uWV|pExk`RJa{R03&jj|`v
z6$1RP!>wF?KKrGwuAy@)|7x{u67DZeoMh<ni^@+tb*-P&_?agdL2-uEX50}(Biyvt
zqeR*#h^G!3>93e;hVAa_FaW4hXFf@sPQfi**oE0=msFTE7BT98YGQxM!CY0RlZ3c_
z5W(}=J-Zt^-ED^I0rLQZDwCbzLWZ9b&~ZKn=rh7}&6m`ZKYi!pJi7iq4Dk^~Z7E6v
zyneCdAvN){E>|y8!*b=ky2%SYBGG@I?+l6vgl|prMszDnPX;eod|t>(Zax5SY1&8m
z*zY%D2b6QuQW|`=^JpD_3(z$@vrp<f%*dSeFj%J^5IYF9PwP99LFHqR^1X9@u=EZF
zk6Z<&+lLI*H@?2e`WFb*4ONNF^`tAWC1WT*#iSmM&gRc*_k-+cV2jC6LEI#m_R=kv
zth%1YQ#6-m*cIRu33=U4ZiSYh5`I=K-6LSQ8r-H%J$`^;u7{3X1<$wx>;pJ3y+q)i
zI$3w_5<DPPU*%NE%(Xd9oMCo<dIX$|2@qm?0b{lK-JS#w>(N?NVlzt~;Qap@*J%h8
z4W-7uWv2}K&fuV&s8#>E|4tI6A<N0)O(A3YS@=sb&{70B;>TbEhLgArKd7^8jZWg}
zVW29n@JQ4uRH!iW5s6-%gth6qi*mI9{jZdd7u5-9dQ$p-f*e=Zyr!&Me|{ee)yC}Y
zhDJyC!21xm!OsJ%0CS#P4wmS4f-k{O)TL@uFYq6p8St%uabuco^kgF7Vqe)ivp7Ix
zzPNc++%Ycl-neX775-uXYXollCyvlsI@(<kH;J-sza2ND+Ow?xS%146M~`@KBM(^=
z0rcswP@4#DaVN7D>ey=3T=;9VQY6h{f(ps=S>!)G*bvy0JX=U0dRwWlT;8BiY^uQ9
zQL+uT8vut!M%rwSZ?F0lAY%O|1>Z)y;V#zLE`Tz|&rBZy4Tg4c1=IhrG1B9k@<i^t
z(!=q`DVP7Pi2}K~7I5bo(I_@qiwcnJXw6R97Lg2qKg8jh;xCRmkP+R=2lyTOfoB&$
zDi@(n%R^qx16EH{SebG5PwTu#Bv5w$gH^V*ub~{+gNlxjD4IL%AF~e6+-tAurgf#-
zP+ggiyLENNNT^OGammX+z92fT9hH_Lf>3I@VLwYd!oY=Mor)T{Bc~_tUWFaUl=gJZ
zGP77X)v2SI(}Mi9xz8ziayrA;Y`~V2?oAx6<lH~D11aQlfcA(gVK;M$qbY2Kb@%C@
zqec#88Pu8-vB&FCJ4dW#RKy{rS7vV}=+mxB5qb@;jue6d|H$R!MLcabJ}k0JnhZN6
z6=y)9-F7s|V1IL{O+6A=G~^4?KPAi3tp@52OB<n;jB7_%Uts<sH(oKgg$em^YP2nA
zP_hlkDT|t%M-ul11;Mw0!sNSLE13(LpTXR7_VCwtvq#gewcl=l*uZ(eH3{P_+WBsQ
zp(BN|h1n6lq(_Q1tm=Fa+9ncK9Cr?vP^QeC&|CmiAuRv^CFp5J^tXBr&FCIlmLXEB
z+#A{6`7z)ZW(EmG=zIxc<{A9p5=1FicdHQ!O2?aeF|N^_dtE#E&o<(rgcTlYEL_Nf
z&6FOFbk-doMAp@$N;eWOl%-E5{n%d(t|-FSkdWk;9o2kR^EWUt74z90(fieCw%*NF
z00Q0eTBFeM`b_UzqlcnDl*$qDQREGVqvknHDZEDb=#Z~ht6h`28gQMP(GyT>>MgaB
zjRQU2BVfJ6m_`G}*smZ8`h2ijFb2nD&-(m0Q3VQ`z=(~Ps7IJiX-wKsEINy}Om0Tj
z&RSHb9p*r}<gvtCG%NgTHfR{RJeoutffCO-4jzA_;GE2lu?Q?4*M9o0@#r`WOAIo3
zOnMGAK%fg>W=rZ8Vqo3`h*!|igS}cgWaIc5vB{JUedawE7*HDDqW5opt4%Q7!OkT`
zz7@QrSn*m<(rR`zuW(!0aBj!SRQ1Ru1wo^pWm^_?7;CZAx=8#CHJe&s0!HQ}J;|Ii
zufqi^3pV6t+Y$q4Ah`&`XG}O;juzM!4ql9!_yVwdL_5P#2f2P3U{B@s5=laV=jJOS
z8(Y(#jryA3ZW;j-+I_Bkd9h21MbCFr7x_kX?qoH*sJLl(RO{geC$+#T&O~Muti!f~
zen^hsk42bscy}^4Kh)I&kBbb?L?gRq%$7DeTvhWkANvA(V`{u?xM>+ydU6Wle-;n*
zFlbQ}pi-Ym-E$53UpLUhV#7hyY~?Z7mt3!Ki>4ky5`Z<(#}X_LqXMnqxAY@c8`^V%
zbQ9LJ&P-mlFV`%u=C8rGK1bZgOiFsW9$x<fylCa>wQO%chU)&fxusB0Y*4v-s)V9-
z&KL|WUjV=+y&FY3FCN6mf;RbA@3%eJm_gZe`2_s*_d7a>;mO0IlBgusLZ_s`HB(r~
zw$OuE$LU9D<6>Ltx%zP1CmBVyoc(pXv5RevSCsTA6@axMveK7kOcA1afM8J&!TI|E
zZ2+784|jS6#BCO>src@1r9miB{~tdCP2KK~BjEy`2TDU2?QQmpDo^<ffu*-+BT<#J
zn6r>IKMTW1;KK>D)h1x{A??C3&!%;ULIiC1ATmMlsis!KKLzAotPP{0!fQ@iDh-D-
zm)opq?bb=E#q(`n;XP?vSf&YO>EVP%6~_Xh-;2xGif_Sn%R{PXuCWN5P@pskv4n<}
zU%fDU{?kGg_qQ0+{Q+nWp|YlNM_r=Rs_a7Ai3OhYqEY+{m(`yQ1Rn8c#-b4r!0WP1
z+eUIYOklT+F}S~^?f?|nA5;p(vZA=xErYYq{d)ur`%)cPgn#m2#6E+Foytd1<Hyeb
z@aAYd*>0ocn+$mpHXnlBd2t&gf{K?or$#FpQ&;rjL*vC!rjbc7@E5xvx%MgSw3F+O
ztC&QUispIp-63V|lnfW4Jx(t}Q6=FPFVt)()8mte*q>B1P8M&JLBtt~U?dCi@0VXV
z@x)qm!;dZe)kn@woRU7Mb=qb9E^qW(N~?ttLul=!CD#&%*ZRCSq`0iAbw)wyabESr
zJ74xc*$Ms#rm!hzY8!lfo7}5a>Sg@N>FbJUA};n#j(n+D$B%V~Y?tR+v`7W9P-a`J
z$(S^WO-y!kn0ZTZi@sG&0O8RphLbE=jU=|+ARS={%JSe|8jA6ZG0#Enui~5XsD^@(
zV^Y6Dyf78bRV^%|pduWRsaK4#D6!JjoY6m7jZtri##t4}&*M+?2RCb<67{m4R*6w&
z42qx67QNz`d<na0Hc>f*5ayPD!F0QwpY>)Ec$M)vK<nZdSG|3hY4u*%T=kK2Bo{lF
z0$HQS@hB(FWG=idBnPkyKPxlhemb9EL1f+s^oL!>@1in*=W=ey!(nCz_CDjw3OW9G
zwTytYFL_Ge6=fT+gq)^Xo%~U3;i3%&EhIW;`^P?K^WjYQo-CJHy2*A6lBBaqKJEPK
z8?>FvjsZ8-ZXuA`EL>G&c`j%b!u!HBV~&)oFPRDKAU)#Z%1m*~U7fdIjSr9)yp+^t
zFO{_4WhrZMfRwr17ZC{?I<KjMF<xp!(jG@T>AQ7I#2(2im;&(;dG@;5yV<G+<Jqb4
z(B9{_QyJHDP_M7V+A46i-oBX;=@2-G3>zavep9X3Zd^1BiA+MquCm@Yti>x}M+4Q8
zCqMp@_tqyDA>F0Wkwb_o8P-mN)E7m$6s39~Fu~z#wLnZD*U9%24s}G*+ML$WfT!Q>
zdKH=fld0HTME*`klc6~cfiroc4w+D~lSj@V%tG>zBT{;&-;^%BaSrJyRh3|v+&IwJ
zICtoq$=?U`USbZcGyLz!n#bxS8TP4ATxjR*p<AhY4;f#(JN7qy@KCZUz?I~H9mH1a
znbE+_S&h%yow6dA!X%xfSju7l??Ku9T~p(I-S5F2Z%|vtwqCP7mQJq>LVZGj*^dR;
zrKF&Nwuafg>xy1Ue<xly8_c_DHaO%61-|^gq4OpR`_k+2^M-h!0~8qkMf9emF0Oin
zUO#iR62WRtGfeTK>iU8BXiG+nC1gf+Q`1H^Ap!Hk<Dk<#M7Hx2vyQVY<L29}Oep~c
zx248(YPsZ`Q!t6I00Ae_GZ<iYka0<*Om^A++#wLs7BhEgP7`6bpvk^yBtxt+7J#`q
z?@*N$!1Ju?sjNQG2X&RmBD}9~dRcG5JEK;RZ4C#{cd8*2mTV_rqz_Q=w(5UiP@++R
zl(CLyqYzo!oLlJ!C;!brfi~SyYhR^ln?E^1T16@)#J{AZ2Huxt&+Rj?xfhFq5xqAW
z*X~{CfcyiDb74}b(oI6^B1_-vlfEHQ$~r~h5WiH1H}_rZV2bIlx-IkEZs+jY{eV;3
zc{e;=3e<_G7pEb9S$32sa!1(lL|FP`X78p$g6x3=Xo`YCDO0L~_)C~ab;7rAUJZy%
zone}HXJz8;O@>e)vnL>ttLiU*N&nGi;cN&4TR)r0&d~G+`E`BhC5YuD@%MVKBY?Nx
zs-_@%x?>?z?8NzP{olH9aFpj@(ro~2xv8s+${{u4UiucrQOdBu5<Z|1aOq1IGY%_4
zEz!w5D2oE?C@;*wYD@m~goMPWWH}Ht0iEt}FGso_MK;s+9}!e!VUhsY6A4jA>~)A%
z6fOX<n^^AvQ%%IoE^FK`%R2_qbzN*iCj5|DUVDvIKj#?g6XuYTHr3F>{oaR$a)o^W
zu7@006u+*+^^S4lQ5>d&GNwhK_#BJweB)ZHuD4>d<zA~EM)NB$eDKk4;SUQN{&E;F
zgH0Gb-w58gw!zvaag1<H)_ghy`$O6X-NP|a?h5vPgM`HPPFJ8m?`^Y^W}~CXuM@<8
zR0<eH*RX^FZu4^uF|~yfO?yfmZ4--xP+;V|WK`Vl-CnMLlWYt`d+ZeVU(wY(C5gQ3
z2>5Kr6lokbdx0JZ8f~9ODKS<ofnM&LqBut)cOec>*q5?FAQ^6#{7vkOp7#7{Xs0y*
zd4r4~6jjsTZGC<W_9`g~XP>w-o0k)QPn~Y{Q1A~(wjV0RL(i3kd7T*cMi*^yQF^-F
z8W|`<NfPvtLCLSX$SQGzD+X4Tr|CE<F(LAU*`p5bO8Kah(k9^Pr`Bn^w<olb!uCE@
zjNB?^{P?j7Foctf(YpuuIU7uQ6IX6?S6*6PN<;=o!{i}~-r=-XT)CS<5sEAb#t>N!
zX-KEiXl?O@xBfE(7{G4b2}fszM~T8hU>|bIzmWO^hRmrLF%m|C?E`3GfZTJqKc4!-
zS)eRFD2>v)mZ+zKhZ6=vdvB#fo~M3F?8K9nRHx!@5o+Yi#|tB8QF|^VfvN5+NP@@q
z5gPSFumD<?+t@^V4~Mti2QOleP!uApA}04Q;d;h<<}5baD;%EK*v}ki<3-T$9PT{=
zh3LNBHYd}p<rMy?&fNz-?R$w&&2&KzrmjNWN!tOU){an(g1Sp}hDOO$CC{Vo6S-pu
zdf8jl|FO}k*~IqRCXgu#u}>mnV!Q=n%giuUIj|Fgt%+*jn>VLGJOpPbU|A~|j##l@
zvG!q$__;^`ke^&a06H*gWgQcZ@W01%6P#Q}X=Px#l*iv%@bT*`h>!A<Fs&7jsX2UT
zElYrU=u*q_HBZIr*r`iGb~Eqx=xVf8NpG2ka0sn~N*r{fF7e~eG2G2fw1%Y(YeRh~
z2O2&40iUmtH3TNwYM|n=??wiKYn{+G9CNu%NG=YLWebLwR<DJw<ZR@28Qa+lVXVdL
z(lvC;y)-*xq;s$h<|@v>L-bTfg?b&|onH#ss7877mBhwN)xU%z&noU{ebTkGcO<gj
z=+Ls(fI!Iq3T=6Zu3%ysEU>+u7qhOtQmqzQZmU{N@vgEX&HeiTC!L24b>k|1t~f1E
z<NQo}ztR!~FflPOH~&v_ulQz!9|9ew!ocnyU)I4T(b>#IoU>T>Wklr?0FXj0H5>EK
z7rCaGMn0ENMOGg4fetJG)kjjrUtW|78!?Wf{sxp3shjL-c=y7pvL|{iNZRb-0>{Jh
zCX~C@U1|;)b%)Q$9w&9jbu40fUT~mY79>Z1ElSB$UAP6tBwgtuMZ&_p9|y5*+s+KK
z!Z~w;kF=?p_cn#@hIqfo;YpMX-ibN0hSJ*$gqeN=+3APD$w;1N#4Pu6V^;e{^MEA<
zBsiZvG5E1aSAY4<^8j(dTqW+@;15J|q|{qd*To={7x9-t{7n}u(zd{98TC{mU%z%D
zJ`@A1q;Bm6Hx3{>?hh!@mw8YpcDROXRh*Wht&dE=ceX+q#{6HlZ<<Y+2Y8wzJ^uwI
z(o`k3nX`v`B4votRR-{%Bp_}bd1~!^w$sum#hgVNqhmO4KA(@)-QZ!i8BnVdo+0A5
z=6FHZtI=+QhnSzhiXF|Vti38vz8PB86*qKho(ZJn$3!#0kuP`xgO*8VNLvDs>Stqz
zM=hq!w8^$J2MDq4LSUq`^80;J73OxpZCpb?fKM{0TrzXhT2SqCARZ36E<NAH1IA@e
zu@X=E{l%A+mO}I0Xc=&FF$x6(B!6!oY$3KM;ZR0Ev4W~%a^o^%H+1y1J)zu}F>h0{
ztFg`5gg%Lkc8^iCO}BwH%l27SxMJaX2P7V1p5Do4+!V$;S>qUUe|*wRa+F>>{l9QP
zmiu?9D8Yn~J6q1(?zX~<lp83KR`0t8QljL-zMwgy@RmNI9*GVVn-c>Ha^`WZ%Z0To
zx|$5W@y&nRzkKosat1`tlX7uWUx_m|26qj8&wNr<E)Sa)UdIxjyW;$ugZ^5+Ao(i|
zr2fr8RfbAurObpcEAR8sQ%~{Wp(>INs<*dOc!5-;qnA}SdjjmSgu-Vf@giZunm;#J
z#%p9JnJUKyd&Qo==YQN?LuYxvl=vzG)Bz;hCc~*VCN=EMu$q%W^j4w9a;7L{xmcb`
zv~yo!Ptwh@cJ@$_^=){%Nh#zZ>|ecM!%D=HPzzFgJ%BODpp5z+S~~>p--@?JEN$jm
zPnFY?RM6Rtu8;dW1#j<`0hG#ZF0Uke^H%<wqOTg0CZz`^gH2?jO&L*^QR*)tIn<kt
z8%l@%y7~71h7NZ3maybn4)%ipK|sF0TRMqe0cDSrZ_vT!tNe;C9A8hkrdAl53fN5Q
zl$~~mQBQ1B6pN@zBOY@Ns>9WC;QMM+tjmL%-b7$_v@&Xds}pPWCv-begsfwQ1i3mM
zNjQQOoQ^rt^W;PC0-q;+AaqAN(r+<KL_29oSSmX=vVlkBj1C=Z>o)z=s(+|$ST&^$
z${D0)Am{wjU!K)sPf|EHD2H~4ce-bP)7Ag_8LaC|_e5VI`it*FS-CcFo@9~G{M!z7
z=AD;>%+%Zw1j);ye50ZR<@eN6qMa$&?m9l}X5MZ(2?rvL%cAfpB(3TcIkJ-yd;L>8
z^Cf9$@SGe>C-13^G^=T{_VuAh2$;Gmc%2fY@U6&#q|*MAw6^u`Trp>qHr6>;XA&ZP
z<LwhtOtqkGf~jv38hDGs&OJ-PjzI`!&0ffg(Ie(z$2?Ve;a%gDtd96sD!T&jF8pga
z%#N#fViaT3hV_m^<E=iL9D4Jf@TqSH3wfMvHQVj+hIlkIo1P3u_3Gu1-J5h(1la3r
z(z@O?r<6HY)-S-2b+P^Z27P*%N+0&YwfayRnirjtvQKZIHx^tPS4f;G8jnB|(jmjv
zRA7r~B1yGZheMp37Wj`Kuld&-cS+l7>E0x0m@b|`*&S$c+=`g}04Liox__79=v8D8
zSbMesD#0<LzOhP!%>)&>8f#%gk%FN(_Mrj2*DWCG(|Or|!rnJ{LU>lJi(<J!!K&m=
z_?{ey1AQM{^lK>h?Ha5wsb10_ljI^th>>54m^h1eNc5Tp)dnZ#JtmZjNcJW}P4i>+
z_o_bgZw8g8?;qa2tFYqo^92mvI$>Y@HNINs|FOz25F0R~%}&Q~Y@+bCV{`p4ST#OY
zHyBZ=(xKdXBv*Z|v<;rm<w@yJ-UTsocwRij8f)xdp1zyA7-80N^(vabR|q(#yQsNn
z<A>>kA)9<voKHh>>bG)gUSOgaim-K2jS~+33XrwSzQaX5ChSUDe4??Anz2fw6-MLI
zE*5XGO*L#O#UCBFI0^rHc742B^d>B($t*P0hEYsMg6Ums^CXm<RvXvnT#Ri<punrM
zLUN#L!50}WyXS4?rFQ2srx1j*+ziWH)n|?%Byfa`*I>1HqhakI1_eW?`79BmD9CeB
z(TVX!m%N88oaaF{Re-y7ACIF=Gt-kl>lMZw5yc2zeY;J<)Nit#iXg8vONhq1E$%f}
z*1gy$ngbUfK-<1_4Vb!#_V{M~X5BBOfHYJGFVm80OxJkV6%y%Z;W&g=iZqc(b5SLa
z$xt2B!hZd`PBoWgM)?0MNdA7Ze2})t%pmXiLaN9zH-$h2={I>(4Uob|o5#gx5eg^b
z<sOHbO76PCfY73s&e=3(8UVbuHwd00%7uz=D6IDd6Wu@|ng>e1xxvO(M+Ajnfwysl
zwP%_-#S)a%-L{S)R!7q5yV2!E{CyRP5-Cu4PyvgHX;O{7#gpPsqquYI5(SsuH7EOh
zt$si69XQ<`YZI)CfTh@*$#Jdl3FWC5M9OA`cIE;p*%C|9o~x{>H4^!fKI2?b8xK?V
zt5#BZilV+y?kN;VZb(Xtih($&*U#}=h)M9l5Kyf@l#(Gugzq7Gk>eTjjipcltbe7|
z&F#8+t|z+`IA*{0#Uw@drrd)KugY!5Uet*^@nm_I#*Q$r+>&PVVQs?gT0z0MK0@3}
z5Px#(2p;!6$w(b3q4qZDR0C}d;N^<>zmcKdC?wfZ5~{hnJ+n1Sbu@S?2DGEYjbMaf
zPcWQLJ*-=W0Si(M8dqp=C2e{`$c3=OfT6Yj3lv~=DaxI4zXiZiY^x7cuJxy@RT8j)
zb#>mj5h}EY;i!?Q2m___8THkdiZy`uAh+C%iAaaFgvhbBEV^H6Puc{1OO;CIsVpsh
z*B`ARXB;f8&S$JwusQbK<mvhqn~Iu8U5*a-fiYJ(9V(W*5dl89M=A5bJ!8>aY8C=S
zj212-sD%rh6ZhUohUlP8i=FHp*53!Z)~}a?*(gr-uVHyXUPS!=DdQ`8s^#_^&~h-+
zn1*+DUY9HK1D>B|G$o36SDG1nh3<~)G5&52OHzdBns50~bA}q5G_RGj+$G{6q!|vt
zarMr7d@l`*C1BZdtytMyUu!C3H322iqgFMN&Pv5+T?Mdl3$wKwZZzU6OEb;Qqay>u
zNPv3u6B~{)^usApx_nY>bITB*lGEucR5Eosa9FQRQ49txF38GP4kw@4te}z#y??a*
zqYODc5LH@_gq$imBCKjJxYwW9+zh94F0>wA&m~v?$Fc6+UNK?Lil{g>DWpY?batoM
zpGaB_#fiC>m;2FV{c{YIPFL#tFd<k)J(%Z$rc>G^{4Db?fs%ykM9ESyL*7-$^2<~(
znf%Knh_k3k|5ABV19c4z`fk((_taMd5h{k~jihfWk~gxdZG6ZjRU6Y5dh5;PQ-$9_
zD1E=a+cvO{l;$i}>7VwxE9Uu~HWxO&;dWjB1EB!>n>DDbU+XJ?e<M%yaJwLTk4-}^
zlKpr-64dF;3H|svMg3%Z<?K5v?%yEdwijZ6%yCdUj{pl>H}W>wG!MfFD5KshA1BE%
zjiTzSJMH&R+LR$*40EZU6MoKREl=nn0heY5ktGVvSb?{A8^A2qCuwXUati6R?}>5j
zrx|Z#Tu$7<fwCHuPjfc<fe2;E9&!->Jne}Y^p-*yAS-r&aEtaFXoYopzaVhvGkJb2
z%myK6v>&?5yar@+@mihKcs@8R1215RvO#oX+Q8%*dxBNSFV#aKRcnlLN6AHy6w<ov
z@RzqyuMmHO*x0Pd2YI&1lopy;bCJqIn*A$@T%4CzC+fPDJ`)^ub5ji0P)=_@68%Q!
za8(|`uoq@0H_z7w!tR1PL7gp_TJSydO7v4gRw{#APjNxmh}I0$B+A(Vdo1<0^mq-@
zXY0mQh01ib0R_%9Q8NT+518Y!&DeEc9qUF`bY5>@$QeVz#vdxJ_Sr)Q<-Uq~+Ex=g
zitxFGTf{l8z)gG4s-wXkud$=O(*iY_F}lIxjk1!K(T*?$b=3Z~YcY`)p<&G{=G9mS
z8rY-1x*?!#X-H_|Ep(}}ABim$j-h4-SbaN&E;L)!S54ma&9pm=?s#l7EXV(8*Y=<m
z%PYX!Q#78sQpAPJtCoTL@PXaay-K}0z{O%B0YH)0=0L<KKjON#ugt$~5}JnnZrp@r
z-%izjEtQsVhSu(75~^YmM?E^Z;(n4Bb^bT;d#ZZXdns~>MeXV54(^eo^C-1e?eQ@N
zz>7MAFN?YV;m)Vd<ZFvt{rNWZlNiBA=*q&k58!{yzKLr~5;um<mTO>E-RN)pcRO5I
zIFJ2UGhR@C+4CJdtE3(fvX;iqJwSj=bVWOsuhW+mbOuW?l!loKE+HFk<b~;1PGMCA
z+tLDAe}pm@jw*iY)>#a+KMTp_Lwa||>n>1#)cru}c;mD)AhbOe$0+o^{kcs7X3l(h
zW~ChqICd+;9D3lSz=5!0$Us6NR{7ifKdrk$y~W0SH#ZGb0Yx>lTV1FV4e2_7p(h5X
z5K$9-T;Oh%g-bE03H`zv@u0!A>{`kC<F7<#04}}M2X?mr!Xd`=7{_^{*9!x$8W6r`
zCX}l~R-?fx^GE~y|5dbl_yD$=dHLmw$?K_v*iqvmKIuSO;2+9`PquCGlPSv51TmZc
zxrkpcv@C=3Q>-IzwZ573q+9_w5Y;N;;PfK-V+C1SE1(xWVa(@~`_>}UMEhCq8TNAo
ze&iGO`_)Z;h~s|n##dZgZkOFJ(>G%4;viSq-zQ@eO9kFK`(ZX3+bWTpkKNd^PmJgi
zQlqD@0#v>nZJiF))!}4+3twH9r>81G<kE2toX`54gkv=ZL|6Z=F*(eTqtwDN4hd`p
zrIgIOX2`LnuciGA^FP_^ZQk|^y*`$*BnGQx=I%*v#NSmVw<9uLe&ujwQ1ISx^DAGi
zo?m?WN2C7*VJ|Y?f50W~>W#j=LeFLk9J-2$`Haf=MBv4MW|TUK@3wPyCqeV0D-_zM
za*h1d(NHMgYaWK<_fBHm@#RI|?Nc6ySh1Rwd&x$Hrzh`qk}}$qhs2yDNk}o##dU*I
zjZys$3{9D?XNy23DI0fOJI1^yPAhO|`9miGPkSJNhVknP3{o|z0^P}T8jDmA=&;fW
z;aV|OU;I|W0u~>Tmd(`BYw0uyE7KMo@WYYj^AigZS7jCe9ix<Nk)dDH;ffDzpP-*J
z&6LbIfGAuyFKiE~hLwcTPk3gf#;yn6AQi-&xF~rrwO(gPo3TbM_(8in%Tmy^R)OPT
zTC?d;R5x)CXW(h?7gQOv0e&X;e5pAX&>k<O(Z}DCWi@X_&TP6u%3`nv@<M(n1o~L)
z0-pjoI8#&@F$S?WhEm!evY}=x7dQaWa~hv_13O%_T$W_5rO{8%Lypj6bhzYnO-N?&
zMPXlX+0Oz=7=T@CizQrb*(lA#6@wxe7Lwh<#hSHOoDXkYfFXuaxN3!-<>f(U_F#w}
z3<8}s+h07-Ei<LfqG`M2<=e=bQ;G_$Hj>xnbW2JLYQ;i<g*-8)OM!`_NJPfcip7qb
zQ;H&toi3|ZI@e1*`a>loSl#;)ahT2F=-1-CveG=|zJ|6-CDF<;FUE^8CzJVW+>U=7
zSZbG-<@Kv6L%S46a=J-vbHNP*Qzs!s5(r@6k;LHQ%eS|%Y=>f=kv9DXS3ZvO*2;Y)
zlFf)?pt!uG`i9cg4~NGi7Z|<rV)y>gB$?X2TD7Ipp7f64tbt)bP>jigd4ijcJP}3D
zV6s~!^G3>hWMV(x@Ulv;#`zeXXTdZ1P@b``Ko4zBDj2WA6#JqMJIgR25Ud*;60&s(
z!CpnL^yDe@$5jzyJ;H5Jckm3KEoc(xT`j1pD~9PK38ZJdM$_-~lCZPdgq?vC->rIH
zvi@!NimPvF*1;Lk4exY{;_^Mu+c>xOrgo5@qC80E>w|HsUc5HIc=$sT!G$%bs=QM{
zfE<Z8&CR^x%b9!A1CBwVy(T9r>h{2N`Ecf@pNv7p*^7Wg3i`W5=+zXcj!)7EW3npG
zG|(*rJX;4nE!Ci!8V~Ek`_#We1#=h4T-uCt!`0F^X7gO<>N{iuSMnx?fzGEo`ct93
z$TF7Um!Qp72LchSrFzUyBW*px&U*G~fO$lJIRzB8i5$pfrV?mBM!DD7wR)gYort5b
z^UuO$^XVTe`$Dt8eq5G7V%j2~R;O7#Bm_2?!@}lsDvCXkd7yqX28cD1fEEGpObwZH
zJ7~b{Yt1aPDQVQkxaeFRS82|m2{{6I6bh1B%4Iz4QS@0H4|krq`+~8SkR}*;fdluS
zc<`>I9^4TdAhOGtSyMYq3KOSy#EV3A>83k)%<dshEpq7kM3>u`A2NT|qM$U&A`jn4
z4aR8$`A)vP214%-3I9&ad3Cc&25-n$?2yV|50NuH!iHNNyt|?5d2g&fq(Wn$O{J*`
zfkzG;$(7+Bhx&93?t(kUy^6tCH1vzOIMJoe{x}H9r3mJ*5i~$yQvXLbuPY4Mbz!#q
ze>jJ<;ky$ypa#=;!j4oVn~hMalXxoX`q|I*EJV;Y5@(lNdr3b?<$W9D82+)jfF}b^
z80#?))qO<rg+{0CWk8&8|Aa#j^8s~L+W9tzo3%}<-Nf=HXg>A#euSWF*(u@7U^QP*
z5+=@?AgU6gqNs(!+mz-z7cXvR<vf4*&Mb+`pwO<@WN;ZUhNS4`ur24HrP4w118CTR
zheirM!?Ho3OGi0z-(1QR>Xv?G^4!JPZd9oHaup$L44)_!h(7~-*=P>xio+e1I&z|*
zrVV>7k_GAg?810d2{tzPbU)d(z27}BPXpyzH9@;gtiF(wMF4}_-5$>fm;*oh4iv#~
zoy$v9{lCa3{jF5En9Kg+NluNk;mX{0HHl&2ms=bByVuKEqxpM11E?*6zNX%8Bs7n~
zp?jvHv~m+*4;MI9g7q9AiBcFuBTR^F<f^jawI82-vDK4}m}k-42iC0f)3Re|m!<?y
zT9NRMCV9qacM_M?I>-J@=6ez_$}26}U|F}@ME{#SBiF+bx(Q92((iYK@sB@D3a!6$
z#Q?@cX3^-k2NK24;Uw&3Wk@@5T9TCupjmKA6%}at4U69YrA}()@+v&M$c0@6RGINX
z5HUUdrAB+l)uh;k&5$w{BXJH8SZhvg>I^$_8p+eti5jA>ND54Mz<a9C@G6ZQtl^ni
zp)Etxa&`1y)P2EaICOF4v1H_x^6cM{|84Xt_w#HN*qMH5e<Wiog!X_Vo3Qr#o9mT8
ziE=|9Lu8)H$rnxiyE|>Z&0;7RQLRB-<Ts{A%s~B3E$glBS+h;{!r13X_3s0KRYlKw
z(8OBh7xgkrh{M8pj>ImO^Tv#92D{C!89I8SqkmrVoBo_^HlYQGy1FZ`KpE^sKb>~6
zDW<pnrpi+(HorPy9pnC$$V~)&ip_bJP=7Y9C2D0Vl@ea2)g;Xji-c(sQOnD$ZyN)f
zt(u5mEjv&}J-*R<hG}Uvf@0>@yV7z+T%}qI<{4jxBt9&y<X|Jtz5Ecdx^1s*vwBEw
z;L(%eKT4V%L}oHA9XDq#l+s*~3R8cNnCAbDTo`bB33Zqe6c$9bM-Vpe2^T7-3wZ+8
zgA@v**pd^@<|<^#{nEasTJS8-$At!w+cR$G{J^p#8H_mL!!A2<oE8r2wjVUq5(iJ<
z00U?+G<_|AvuBN!);X}HvsWN9fSxb^9Pj_WmeW$!vc2sOw9yds><Ng{pFfjynR%M!
z88JBiuaihGV8B^S6H7a)U`depYThDK6dKeVS^1bari@+fWx(1ALXV6qPH(GH4QBxn
zSQ6ZlhCWj0FR6}~aO2f@$v`bxQ$CHidRd>5VFkPRjSZMQ-b1<S2aI+BQve|M?w!v{
z?ysv`tgyK(m`#Rx>Gl!NHAaS<T|H5*wtS)Cc5z=(Br55?bGo~(RR6yMj(ji?t9x}A
zQvIztVEyHbRgD*33{z|o7<R<(eh|2MD&yo9Rk}+a_M%FHKu^yBt5(4sU7PXy*;`DI
zVlEuRU5~h;yUD{RJ)-r-ZUFh6`mL~3fIx~&s#8d_m$v7L2QS_2?7Y77NoZl3|4C7>
zE5MapG?x+*Myu9=Lac}2<QinCT3zmX7B2#B)q$?e(g#nKnm)yLBD@LJHn9rmR5Xgt
za!wbUYmWCqfxRA$+9#A!*;XUjNaGrRVtkMLcICvOyn4h;0-9TMacLfO`?%?IJqVo=
zb5Ns-TPhxY3FWmMZ69L-vonEC(2E~s%!9k}HSjAEPnfc>ki0@Wb4s0UeqJW2D1K2I
zsJ%YZW<(Zv&WAs5g2DAM?3@fYj_zpzI5%`PVLOd@HqcbLk21%4#=p|mB&+jfyt>n>
zJCiNg?BFsQs4`RRa@!V$*6%9z)3N_fuc+&qYak()7T1AQmi5L*ROiPSuQAeXbZV5A
za@<e+C-et)eAni-`Ne|TK*R5`tmMy#@mM$b*~%BOd$h%a&5a~uS+OVT4AY7rzMR;E
zi)v@v$w~4j0+m@{1_Wpb>y>=y)1@5DdOP%}ab7Jc;wZvBa2om#lVNEBFPQz7=(&(n
zH7k;fQ2%RRMW|M<cErY1LO*g(sk5~0Nf=-=xEfSB_Z-Kvg(#`tO6xix^piP*B=AP|
zb^|^8iN>o8&J%I=xKx{cUS=&un@Dhctc&?Is=z`VXWX-xJ=xxEc?*eJG6iLTCu&eG
zdNra!j#t=FUZ&qq_>X}mR<T5Dd<e?tviHtS*SNdmCud(J6z!a3j32gI$bZg!a3VxE
zp4CAtIDX!ram$&%xLq%$Nv=WzcVb>h!uyWNo~UFeQ7?sOhJ`r1Cvu2)w(zfKwTL%N
zXi=tgW^q;2ZbXFRnO%sgQVDLI8-;Vn_%MMC)|5R1Natoxx;ks5yJv&q5E6o$)=}Kx
z#rlXz8Muh0E)$ckv|BuH^A-ge8`?_YD1L&h<J+9Bw_@_K<V=FJ-AQuwNwooLZGNkC
zxIj2T6muGzBi5u<Tc{$akOj?FK^#&Y9rNiQU7Zcl4xX0Pzqq}}JwQ&~xeRrc=8Zy^
z!lb-R7U}Hpj>DcL?CPbd@3RUA7}~MTS7PT%@FYBwcg5i^|F+6x6yXM`$WbfUN#Nqb
z_bmxxvcmr(R|bzIu3tK8)<><+FEGU@ORgP=_$y-1X|m5tMmVI1e}202p>ztY^zfW`
zCy0-BX4q~$(Zf8paIhOedFcMT8IKIRB)5wLm6N^1q~h6XA5e@&jCrRyt;H|hAL^mZ
zfpNCNY??|FnnMT<I_Epk(CiLitIv&VTXW$9wq+9~!;5=4Fb)yo*I(UMFJqgqZS^44
z8_!jCoiAebLXQ|2JB~q#KWd2~0&WPe5&&@Y&f=2eYAfr2ZmV@AIDckE#~teM;Z_xJ
z8b~ms<oTE{d0k`Sa+jdZ^>GjsA4QTr`x+A1pIg{mBz--_QCj8ID7|D+hOIUIF>%E8
zEn3*IKGCx)54wrykt7wLrhIhHU#LyaAAD858t3X6pdB`}h>3(QZPXahYnmSFImhTs
zZbQJ=A|mkMiH^~dVm<Q~01%<d`NR$=QXh}VXH#_x;VMFr`YlO#;fj5_ci`N)p$B1c
zROpbv;D|)J0jyZNYm1WeAe$;sPNCT$Md?Zgbrrm}1bTZ;M)L-bTnPJ{kA;JO<TK`~
z9INMltF|8CS<RrMd|?2HT$p>@j`T9kRwjHE&(;Brq-ne*U2OjHzRFu~_J;UK8f3UZ
z_lcA0Y93KZO!)0ns(KBOHmP3YYD(I-Xjx@yglvIU1hzGZ*j1xZ*cPUdo-PFyJ?G;l
zdihI@)pGEgP|@>?y<beb;W$9<UzuQo1!Ua?KgV@wmN+wAy~qiXygdsH;d!lA1m>8I
z;-u$#l|*C$-U;&4@Nz?0o^%1E{)Gtr`JoZ!hS6m@QS560PPOZw4rQWAd_KnG$<F1l
z)puxcHjY24(mnWx56FD>TQ@B*Xbz<n#j4e`4l%;J&`s5BU9mK;f;ZoKCP`8_d73#%
zpS32B3tl?<f%vm{;t9_bPonDnHF!YD5jqlm@_=wr!Q`-z4WlbQ8ZNs1HSwBX3=eds
zX&P-)<$~q&WI$N8n53CCssL%gxVWaI&~m@<Hj+&M`Du&PDO&<02@R0D{8ps*t+alc
z_VSS*<F94S(W0S)tA)YO#p1>I{b_0_kdX$Y&udyORm08ug)~(=Ep8Oqgo0>(5|%^#
zU)RseQ;r^v!Axnpld->{cC8H?2%k7KAKm3Xm+cT6sglHJH|7Lvo5o3_O=-NDjHk30
zSgJshSj{QFy*Eq&q4FY7gm}<cxxSRjhktipKEeI-GU}~pYr!GE)>r)k>2aPOxk}Yk
zjcH{o9au3K9l4V-N%E2Cx;2!19hy7eIWrH^`-#n3fuGuFRTfhex`)U*pmY_az)>Xj
znPRS>-ANyB#`{4KQT>(||H|zPsx{Nr+Q06Ox_NOo;x}IgxKdMymX#>lYsc|$xX-EF
zoza?lEEQG`7mcrQlx;F}dwJe6>xDiikJ)GLxzgbhbB&Wr;HOQ-5CoUyEB=+1-fhJ{
z(Ty}>Xor?#d~7pKPn)s1@odQROW$1Z3ba=u$%})1zK6XyonB7AwRPs1fGI%;Io|_8
zUepFm!tWAMIXM>H`H-oEUFV23<DcYgr_c(>{)r29Y-IgVeEF9dUl$otYiIN!y%mJP
zt6Do<4{6!es5^be)|3P_bCibmLElSW+-9m&wO(gFppp94LQK$qW<B8;ZxdLo4KB+}
zk*sQx^#Ixk#2c&FV8YwojAn$BMR<P*hsEvC0VUF7Z_Qq&h-$(<@)AyCMH9~^Jd?A+
zfoimm))N!JFRG6z?Pb+WXRyPF9&XX}2JNMk5XVs-5!});*Xa}AMWOMPQ=D+Cy67v8
z4%LvIM`6;t3uYg+5~^xTEaS5N6mecn5t_?~VaPxQJJ7RB_?$xk_}Ty4yJju?8||=h
z#^UlNq&{rJ7HrNv1>6BO(Bn2@+(AM7MUDrw#ln8!X~grEFD*n5GAO>qSC<1JdQ-Mo
zIY<SCsZc_bkMS{Gy#_#2_Ra;_ZlE;DRE6GGGUA_nXm}SJxHzFDU5*V^WuzhMHNeDd
zGX7(nVktG@g@ZTsn9pL~8(k=3!CW1X@j<gEM#9G%c%vaU*s)f+-~|Q!u=~(HZmz5E
z$&l<9$F=~VkCIeLs8rogHoSfCB+vr+QlO^uzX#pU|4wLvgtdk>;h`S7PK))E1F+v+
z51HcEsrWqs>nf9Yn^L#O6rR&Q7@}ZU7q24p8;cpiqOU?T9z29QaWU%Xz@JoWyKHcO
z0x%%?Vj~!!uNYk^VdBE-CoMZ`su8(8Y1Mq0jPmP$z3NER=03DF^md>6h0H6VENo>^
zAzthIx`t#0tmI}AlxONt!nErcT-aK&gP8)xYp+6fT_cvr2G4zg!YKuotcR9e7mf`u
z_G?lpE`Jw3g}?YR7+?krj@Smrns7g2k!mquS*Qe1<_zOPT&@9^#(#L%`+vZQqg;Oq
zj?p_z)Ouypp2tRh?cCUv1^k>j_v)r~9O)}aGmP~_YY4>BY&5>3IL3tO6)fh=g5zAq
z&`>=A{$uv;{s+wvyQIKoO)$y6&t19qKeqnI;U)0Q3sJc&$nvmcKmze}1+p4R{Ny^E
zEAj1xkA6X&0?TFQ!COJ_7O&KcHSORL@21SWDNE-G@Z?+iCbHGlifyoS2YH;o4?C^q
z%bK)aVlIBwwl1mlJfDj2aKT8DQH1G37ZjYmSo4acLH)z5YDXUYSN(t=-rT$df!Y;)
zkxs2&%&n*+D0;{cQwX!VY|{}O7g#9QU^?Ddmt3nY(_8X=dqD>fhN?9=Fn)1*R1P?+
z+0HA`M0e2W;C24_95&`7kR{HIMw}j6-Mk#<t#VVc_7#&*Lv;r(6=O<s^W+1?i)vJq
z5x}_gW)s%AphT$Eme8Ma>YaPDSo3hvHvf^dQ?H84BuvHaAId3C;fmBK-%a(BYdm%H
zknbLCbF~BD6eX<wvb6?<{db#evg}!toLAY1o94aOx+Jh2-{>Cj0n}QTUBR0D><bz?
z*0)H3Dk`31CZWQkn8I@2|0Ev}T8aUjPXc$aC%Gp2LMD@PWP;%-HW_`9GEuO%qea7R
zlt%s8<Zcll=s4c`NCX5I%V1c<80>En^eCin_<imuoQ~`*$?CwbOMy%K-!ydffPB0<
z(FrVXjY&lTpo-)e=CHYWdfiYdBvk{Uj3x9M;?ydzN=B^o>81fDlTN$O5_^gjGG-<Q
zuvP(lUJ5eF>Di&f+8*c4=nFt};y1CnH<n^9R<Yfi@o~>bf>$ueu!sAT`&j0@dWQBg
zeE1Y0byy+MI&Q0+pYb1v%XyqIFgku;{IzDdb2=;ToaXxntWc8;Tr!_Qk-5;b@I+mS
z+Y>b`ycoxFCZ06{-$#ljl;4Y8ul-^X^5HrlB2=uM<mqNNJbE)IJB;dqwG$4mS~-nZ
zQScser8S_LBJ-!nqWxY&Ejn$e(73Qb*?_A1mH#<U<=LM@S`CZa%5N{AT*YNmwqqrr
zOP9o73Kq*iSp(LL&O20DdN-GmV-%v`IKf;AuF=WjgY_!J>t{R{<*22m>Z2w07V**a
z-Vpusqd#S_(vb7NynpDz)$`0|E|{MQ=aVRU_0fj*_wI(Ffe@`>L_`Ag*xkWJZ%KAW
z(_~Rd+23!HWANR}$nMn@e27b<ZGsK52L(QWX~zijq8^U<65+1WRg47-Ct=4Mjd%i#
zeOCq_Q$+Q1j!f!Gbkz^$(buSYa<kO&=e^ow-*{HcG3#El3Wq|c3)oQkhQjOHzG5*P
zrDP3CRkM5ItAHKON^7elll)v|s%ObZaaB?o_H|%D_{B@-S~sn&!$6F)M}u(lY98ne
zMM2-~!0zp)+fhF0YY+2pJ%t}(ETnu3=X`+;>es}Fg|!FS90B473;uPe_;yiyi~L$n
zvw<d?6>MgV#GIql2M7TS4WhIZk`hI4+9ck&;}Oc6E@ayLuKSS(l4nXz-uK)P2f?qo
zqT|f8pw|CSYD5R1%KLpFgN2J5MVxu2Wmq2q9I85N%F{&Eqlz!_6N(^UG;o}S)X9_6
z{g~qqH(><!i?|d7;%SzngOXzQSiZmCbN;B-253f3Oy(f;Qwhe7%X*@-PdMY;CEt>N
zRCNe7j{s6b@nOa^i>J%!Vs+Zqk*}s<=KJtA!P$@-33kP=+E?>%n8G9kS_krBBvmYR
zR4uQf27lPIt}!Wr)gJClr=4PqL58uhug@6+eicf~$<ntwp1miz+<iw2v5vz&?`S&s
z6(`*VRAabfa4Qu_hNX2l2kpq*^2u!=+piOt01a<x5?MWe_0czmZ5z<;->2CJQOwf4
zKz(>{Lchf+_VnBR*v9JvwW%o~A@{qNGFAcK)HbSTDD<!oUzHu<uS@)B*oGq}G<l`v
z!~e$g<FxbaG)08&Q|mAjw_yn=jUyn&0rtipXR4<Cnp>I$z|snofBp~%l{{<Yds|6?
z3qwjuX5aKHzWtnPq6Nb1_4_)%pO58ntd>wlI8?Tc?914yfKo=gX*w0hVz29>pkanx
z3O%PhJi(;R7O$1e;VGn{WGBwianbxLTWCDzJ1G>~w0IyZICi5$)tM9THX?AA*FiKO
zF(DM-mI*mwxSM9F{74xdUuMQ%s2zU>tD<!zJ5Rx9)B=+|0`Z314&YE1Q%bmobG!eQ
zuTLo_IeFvnUlC7{JfOGYB&8|q%5Fe_^526sieWVkKHG_Wz1SL)z=793FI<AQQ8+<Z
zb0jcDK!)rqf`|Ywc7K0}hM;t<O*5|B`P&`wBPD~7b}3+${DK}^SP)HIz>YDikf!SQ
z^WhK&rCtC-8d1)@S0=c@rGuT^^K{PcrYp-?rmeAcZxH|HW1BewD@F$QbfxSW0qi;z
zd~Z99ojeBfum(?Kzv3ycuKfC%#t55<Zu~lSsSLVdE0>)aWEDMyQM^9wW^RguOF-g8
zjXn=9DNc0wNNVApUh#f&v0{@p{iioy+3+>IxrYxzgRUT8k86+|F<lq45Rev$C$0j~
z<-MBM;D>WWYer6##+ozs-@kbzo2C&C)aQ{=<e<0#`Rs=l`gem`oR1v`8M|W*ei+C=
z@~5*`NdhCfO16l3NMmlum>3&&{e^BuFHC>6w}KD`M4L9hqo~<g?!Gye0Rm7v%@7D8
zptXy*Yd3geTRt?8lexA}msq{kj#a%ahTCZ9g8NaqN@7=^&~FdQ-3V|<_>CYCP1`?Z
zDq8m<(iC%OTlM8mQ9$ai!LzTbPT>s>7xnF>wXbnCN1AULARtPbm97$ekmct?5&A_~
z&b~MXTW(_{<>Nq$-7c{-&e2OqO{`?U+0Km@$snI5vTNa9n)ETcXjYV!KF)2<H{eb5
z_8MN5)1d~UF1b4UO_dMSmKflY`24M@$B~bVBeD%i`C00aZN6UYcuBTkeZTpMTy%%@
zbV*o5t+QcTp3$dg&b|ECF^x1<CEJ5pw$c8D(bUQZPz6hiO?w<CnThS;t!0;gnbO;)
zYyMQ23KW^dkZ4PN5I__BaV<pp*ALcWEb1Vi!v}`?5Ct^39T<?;pEC4`MGXR3pR;Wc
z$Quw;t`W#oxicxT1|;!;V+=j^=lg7BArufiB^p5QYo4uWmz!|IfT%a?T5{5SbkPvj
zrnb1ESLTRC>la*D9l<k^MxX)uD44u>h~w$1rng$a1G$ENgAy(-8^$Zxx3xD<P<qsf
z8g)R9yXlLhy(9{Hy!Oq+PnUi+GtFNR5aqkNOz?DW#r-|aNnL7|<9k<!OL6+j-iY^d
z7#-5yHoO|4IbaI*!tNDy1s0%QrLP~+w1f%I@+Ai77(7XLzG(_0Z;gG>E3?5rnYb?v
zv<w8`yDIOglXYwFdMxkzcv(_L*W$-5<BykuT>M?)u^^uVMneb|_0>N(gd(-sOpIEQ
zCov&(VFoSud-kRkyrD1Lh)ch{b}o?tVrvHe;E1`hXM!LZ^~_=CGU6Fkt(tXQ{pA^@
zbTr3|s?RkP<G@RgiI-bxhzqaK1aA{I@*K0Il7Dzo(@kG{2jh&BFaJ60&{FPy^iWnR
zfs<=PD>!yZr}8%Xns!UH0*i(YW*fPRrWKVwG2AN{fRFZ{&6lu*o3KGCXk_-&CZ4Ur
zHsxMb`4$7<LJ(w_GkK>mD!rQBQmK&KjXFLj@iKK^;LnePvi8$>rhdCgQoQgz#z)!`
zW#Q7ldbo^Pv^aDp<(*(RI?M3rj##blcG!@~!P9tjS#AinFq0Rqt17~gcRs(RlO_&F
z=z-vZi0x#ip){~;y)k-IuH%AU_edR^tPckT0LRG`UQA5x2q3X}r;8a&0v`C(u4r~i
zUU0dO3rg?P@HM?t#Z@H6MML*K;@9`51GjzTH*jEc6?_29Ns$m%`sf<d<v)`~f(aZ*
zrTV*n_?H4+Eup_!Wa2C^x8A`hg#CP^06KyHhe#=KCmGy;;t>j1J!p)D;M1tTh?u$O
zzp8tFKD);0mcL1_i^NCrsrq8g_nIL{vrNBrp@1Ci^n*&0RM<<vQHM>BgQo1cT+;IO
zJ)AVUaWL>)63p%Lfl<?icWox>B3t5lBcdZ;APd_k4>4dPcmppmG|Ra~-MwoG1B7XJ
zMK|%fv2BnM;c30pcCkHEI2z{6uv#?1LxDTqW-`5~#7_1(KV8aOv^uE>#XwD2SaXZ#
za4bvsBz+(~C^9stDlQ@PQ1+Qiw(58Wf)>Fr3!qODuE%`dbinw?NDs$X05wN4Dfl=8
zX>(OB$Aro2Nteo)wCv_*gya5y7&bSMN&_gAGeP<~I|4q)YNBNA)_*7$9JLP<tu(lF
zF^L9>lIQ<#IN9wCMVjAH|CU7C7V(M`Nd<F91xM|d6euHPjk7Q$HI&|;fOoG|Q*F!K
zK-c(G_b*noxxmv^qCbJ`&&OnW`^@qt#Yvv|fSo(#E#rmUGr{XM4r=8MA`!XGqB50I
z!&#S0DkP17k8C>ak!FeS?k0%RIo5qz7;1D`l{p!%zYEVopD`xEf?MDfg4UIiltd1u
zIIA%A>WwTmqQueH2UzSnosCtwHunGdzT1KWfZmtVFRB(d8>Ui2tSZP>>S;P`)F<u;
zZeK9GdwSSOGLtkku0eSxtS#lP;bXf~Or+KNQ%*pDFgEn-wyfnIJI7ClRA)<1mR-%a
z`Q+?(JY<i!RjZIxB*PC7R*$SPGQBuv@=Za~fCeUE78xc8)g_c*PKY7|o%!%_V9PF<
z6(ZgabwlnTIczii5BwtN7Uq2*;<N~Y>e8odaZp`#J2&uTEJ2gxCR8rdloL>xg6r2E
z$+^y3wwN_w!Bj7F#%}e!9{p(nXIdE-juBc$-Seyu9hbtZ+(%aM<uC6fGHclxjI;=q
z;?i@n`Pzyd=~ZZ9kz~D#IX4pj*eD=resw-KewfR;h<QJ;rV~)S?*vB)MUG|evHRO#
zWT$ICkNmJDUqg^z30|c<D!z2WmD6~p^Js@*i!Q<MPD2FtUAWk_0cK1cm({c>#=JVz
zNvR_M&FS3f=o5-g-v$PBlmj51Gc*q*h!4mk+=><Dhi|$21L}cXwfX<{dUjH$NTr~z
z__<t5>L<jpa1TRlPUAPZugJjTZi-Zi205I^Lv3SyZd{C2z>;h+watPAavp^OLWQa}
zHx6Y+ifNkF9p^=yv!0m@;fo}V-0(pR#(v+07(r!>+HHxgr2?pjf?|ll=D5sjzx8vs
z%gdPBTV4npj<!cFglRlOiVmafHLxwn2bJfzaTkUNEC$l5eQyM|is;Ss`O=;~{9?VV
z>=Z@RRXYu-(F-uLB)RIGBqVx%mXrqkZ=pnZ5sg{`svapFdV!8AevUX(WMSOtih76m
z&Xt1smRgjCy!^Y}FH>X>y+cu+MPsJ}vOMHzz-bz|&WplMc1dzqNA73cAP^x6L%k3_
z;(8$&N0W;Y!Y*i=eb1;D99EfIE;b!j;EuJqetammHX}&!?(T82yqB=W0nsYKm6k(Y
zC$-&v{*m|2=lv=2+0LojwiP4!2E#aGq;}(1nGzV#EI2pMm1n-}X(GyucI3={%{v4r
zAoU$b+|VY|%EYqsTP#Z?v<UvN&}VSyN*kal$2GdTftbLp3Be7^_U4nt!V5u=<huCp
zj+Uwdw_dkMD7p(NLXe!z+NSU~^h}g(x!h7eRm-43ntJvE7&HUeu?pg{=yN9*JYmgb
zanRg?Wz*g=PSy;1!uboOadeh})B275OH`-7Ulw9gSmEVVzf>d9;61I5;BMq-x*>^?
z+@@a~tUwFfN5+zk_H%ZtVXJ1BikumCA^9E=Vx4hb&X(%@Skeq1<q#)1k5(G116;1J
z(_|MgmWW!dzyjA3Fjwf?*6Yw<uU6<ZGn>xdrAe-0v6lYH2YbXVeV!tL5d)c7B2CGx
z^(Lgt6YT7%*auS3JqgO1Wnzc~VyMy}xyeukEavfyk2DqswaVta+O}k-Ul5V}&J(1}
zO(;iA_^cAXJNEhZ`@#W&%<quA;x={0I(LK4afu2X3Q{|-ffl5mkc{I-uMBpYuDAw_
zc_Ms4c-$%}!>0&yI-SrgJE45&qbG$S!wbmmz6ICAM_*FyWQeCc_T}Rn(H38RAwDui
zD0zn*NJDHe@+rz2*HqWyJ?)Fc_z=P9(EgDbQ~zzihM|^L2s+|-${IlLEZ1LqUO-nb
zh5<;2G;AhF-F0Of?wuZVgR2nkLd@jFB-XWJ#Sq&X0)WK=E-Rsc>gk<x&$&@bRYd;y
zXQpZ5eyWeS=7yujBP*6s?ezP8>g2m7xt>$vn=gQ=UUSDkx6Z`IdW!JSk}acjeH^77
zh8#1a>1vKRy$R8Bv!o7%Y<?bs4*&x2W}XN}Zq?flb$2U?z4Ik#sB?+$^YEj>gw_#U
zTI*r-XACU0+to$hVp{QR{5@U>rt|ynF?uaH-syehqt-(-fw4#UjE<#7g6xA-yO?uq
z4~Mto4y@_X=K$|Pu~9~DNHI{9!qwx+Xgf0Xcd)$PS3#d1p?8e|lDwC5j4eLRf&!~U
ziKm~KdbQQ_U7}MV?j1Mrl%ek9IUqz9>JR-7M(H1H1)P{&!x?t|K%GOHrKrUx{E(46
zBG-*=ta5k@epg0G2tDg`)cxw5X`iEX>fA2}u#jRj#W~RSL0-{xn5C*o4{`m8y=n5h
zF1_TKmdgovf}R-#iQ!T=#M-+NRNpnpnBkC~*t0>zDpa4+5&qKhHrWfdAf4wV<@Ol|
z#;=kq!9m_YY&NU4*cW(6{oM0+8RwN3vCQHM9*$|G>t&DR*d1*!gMJdO7-^${gi>{3
zU&cll`BvR8y?)E-s$Hc4^6b%!Q0{Sq5i<9!HIg90@AAAZM^Y0Tsw&!n?zpn@vAi?s
z^>22rkr?=00Jho7DH^-UR^zDC-A62m{9dw&tY$OC7#TrJa-@1`sD=)-9yB1Lx-(B7
zvG9~o<p7r|_BI8cI!`r>q|yNp$#(;2vP;J^*iJs0?&*P&6~YihrkLo<ay#svRNg{T
z4BdXKz<*0e6}Q@;D7k=>&(u37FEC!#Dk2*&dtTJy%&ou!e=S1KcyQZSLGZ)BaqNni
zMzfW&a&ZG@(s2d2;@V<G{Z&bhjxDn4KCwns|HRv_=0%gql+HaT3)jO?sU2_^6FYtE
zj=V2GoZPQnr0BY=!9gHUGLRM=b+UByrK5;<Sb+~S<Gy4JQm}6cjP;@vtqXF#X`EA2
zOm30I)Rq2$HUC@BDlMb3J3@q~3{H^{V)FNXh<T){%{WhaY<p}w10?~u2#w8y(PgUN
zPmy5IGX0)&V(wU!X#9x(KV^K<vuf*Odu|(1n4rhNS6FA`8Ro5bVw}%1Ida++u@}jk
z5X2`f*g3~Tw1HG;yatxSPLJ%zYi;DgKYOvSLoCGp$nsr_<n|09xt|{S=Jp&=LeK2w
z)nS6<F3xjpx?NgL5vsh|t2IQ^4i#uq%>lDpt}(g^!S}!Pf)lM5tN1c9xTk%-4qbFX
zDc-W#5Y<Z<HqFra06?8uO!Ul`+u9}ATX&R*=vVNthKZKSpzN&~^&km)p9Ojbj{@=a
z^ovJfqjb7q)ATrb<2teQWP}GfLDqi(oM;m8L<Qj7VuESBFFyv`qX3>CPq$fDi#(&;
zG#9xA_43>;yv~ElqyK3r?VV3z7vZZKT~ElDbF3$;l9O-|2||SxlMJ+^q;Ov}0x0qb
z;QdTs{`o$%CO8_Ilsw50OxXkIo)fK-%w6SHL=J6DN-(UG6?!I{&C`KzenL#l;k8_h
zK;?ab^)FFuA;3yJ$D9{@YMaE>K}8kBq3-MC?cq}nmm$y6|KZU9tL?M|m??}W1lh2d
zj|6`zFgHoNi_gcSj5a8}G6JE_e3Py{oy*+e#fjRqyxzn)Vai>N2GB`vw0NNJlO?RC
zLkA8kmWK(^bO~`dS$9CoJ6#;HSUb0tle}-xDxn+za`*Gk>wnF=xLHIVX(E@n=ogEB
zeUxyXdW$8bXLq$cRUGxD(y1tFT|y!;%P+eFYphhp;@Su=aX-qZCz;~>n2X!D-dw3Q
zzcIJY-snDohFFyU<mNxbZJ&;`=UPQp9~yWcPZkN8jU(ZrB$j)M2}_}1yX=Gl!7!mL
zDFmY0t~|abw{rAw$Kgd7vf3(mce-z1?-h5Ewl<Ye=3FXj<m8%#HijnVCoEIp7sV51
zVD7dh4`+OZWyCWm?4>5WNuSgk#1B$5SV7l*_WT3a6JZgD05Ut5oZ>CzyR#(;*qWMr
zuAsW^<(TOfr{G)4Lr)YayX4-kBm2<hfX$Tsajia+41h!>$TIysR1Mb$^qDarfaF%X
zgW?)sJH3!}6&yz;K=gS21CGe;T}qaHe~)ah4HaNvy!Lz+A#tcuj-r@zS0#$JQp5H{
zDW+-8i`OV89iy!npQt!|`RqYn5?n2R;vr;$KR2?KVf^|)VEBvkBj|*TySXzF&5}-d
zw=ct&BXS|+<t_8%LPI`b*m^05rURFPcbf5ZpNg$)iKmaa2+#m=e;{nE_qYq6?+W71
zqeDXRZJ!8$kg2XlAvUqb<+~!6eM41l!1l@R8qZHloShdSFJULU;n?ciaj+DPlK_vv
zoDkT$FFs{^r49l)Zl_F>hv<nmyRm!h+H&wom}Y)l2;|PEaY(7$5;u~A5YFa|X?urz
zcUSCx%?xGeMA3r+B1s|ZiK~Y>XE;kMYdehhAhkqk@mw6Jp;=O!R)gSlQ;us8zFsrY
zIvfq7p&=3=H)u5_@VGlajqy(4R%#LPn}&HA$XvL?`~l-TTN6Fja~t07wYV0Ya2Y`W
zd7+t)QH*+HtJb))aFt(M6dM$Bg)g9^!Ypf0uYaEKrn?&4NQ=jWhsZStGUo{cC7mh^
zz|t;*kGy`AWF5D64ejj3<CL(2MjU09q}|SxP>?_H`aK3;_>oVv7zvR>j(1Qg`^4+w
z$W|Lq@*=gTCBvAZFNg%1^`JxLT`ZQL-=_*Sk*40mCA5b)U#}U6ndR=YKh+}H0dU7O
zF0{_AZ$Fp$v^YUjC-+$ZA--G2g#>bO`~KT!zVHy+X^un*J8A?g|3y)V*KN&@UE}Ez
z2?jt%t9AJI+AbG$w6s%LB^<8mbSpl#E6k8{>E7I`k+a80$0V_Al-eF{cbqBl5S*$H
zS5xo8xRzU{V!a?q0Uim3_xFI0zy2+LEdK$Q*0xZ+hGBLGC4WMIKW!mOE)^mOz+n)U
zf_Xk!@bI0w-ZaVLP`ikvbYUMQQ6)+%JYn}zaJRo5V-kapml3&TK+p4<QHMK?Fpj9K
zkUd3NIc!YliVgD$VzIDIyVPgFLl~V4zkk0dTz~G`BFjsf#V;8|HTd<+OlWg$hOYGU
zfQHWATD+!t9%Qw+v&>=5VHgSEg96)=C+}JvX2LyMC?y><z{=t$D+4P`5&f}tDWMr1
z?@CoEAR~7N^kaO*f1zvL5`-+0Uum<CQtFW#MhfiVGxn5BdYMbs_7Z@;oH;EKU}wm@
z1+(hs8kV|Z16qq-5BfV?n?Fzz`jxk;UBi!cY<(X9L|3ub8OGnPiOKRZh|k!VBv+X`
zq`BdJ*J53HBUkPIG(0l6TyjkXVR*3t#P*=K_4?GC+PF7J)ekijtfSwdcv&bSfl*=H
z&D6CflD0Ru**_P`pB37caX10M6jgL>SHnnKhf-zi$}y7~-W=ww1`9)uJbE?TuY$!r
zc6_J>zc65^IW9EQR{P8Y-^EH6+M@_3ciJtlL-=haH(O<Vei}41-Jy)P0*@`2`?yd{
zUg&86u$6&t%dGY4GV5LkI6a<G^V}`MIwv%BV;_lnw`m^K%lhW;a)<RcQdj1?<FVtR
zqPs<JF1+heXkz<O3M$su%Y1LvrVmX!S7B$si4tRzVQ|%ot29=ihikM`f>w@W!oXHZ
zu7(Nb<?z54Imlcg+?X5IQO*u+UP%!_yR0yfJ1%-`z7>ct$$0B0`T;>oLqOzb!VAkC
zUC_haMn*Uet$NB<X+!Y#Pq$Y#zDr}#lenv88eUW=L1~mDjOjn;Siuh?=q;u-f$lz-
z8s5S>wUZGhrz2DNNu++Xia9t(-iY;FyN7>=SLE}LPcF?u<GbL@OAKRnxesL5f1_f$
zlq3AebOlaew1>6+f#QJgXLCxwrB5)=oj4A}a`5~Z+VY*f{ug-jUg-fF@v2UO)4Mhc
zv28XKU>5rf4@VDBsG0=~Bj8%sLnw{fUmIY5A`nU-3dW25q5AR-_645O9Ap?6anv{-
zApxr%xtHKvQZ1@^w9NyFTaP}!yj#38szv;>+rl($9c<h6nL>Y;xThY(MbogBMX2Ze
zHA(H@%o<zP8YWIbiJ*L4hy0oA;?JKuUE5<&q9<N(et%n@r$va2nnj@ND>x9ZjJ_GI
z+X^&STVi92vzz-s2@0RM9f*Up-C2c&qRL^Gu1#4{CQakorX!u<Iu%S7)49`omLnvO
zS6vSW7!gPxv9AWE1991d6S*h#lc-^^uB(yZ>oY@K0hi$LE-M1-#y$37yFmYDAS<0m
zVU*rU8)9v5mcdZnz;LV)axVy^KD(*7ZTF*X@utVEe7V_EjdNP|nc%GZo)xVuaYQR4
z6n+|FplF<q{1U_^9X5qPbHt8|GfPll><7Cnw)A(W0<ie!W<+g|Y#WDcLeR!ke+*7A
z-${jXnAF&zE}2`~Oj6b<xsh>Vo{)r~m=uZjIBWBcQfN1Rca0B+j}Ji?u+eo4OzKP)
z)5}|TO!>JAe+O*eF;?<xp4F9(l#@xg;P;rW<p^2a%8xf?fZCUV>HCS^3MyM8bmH0$
zcHS+%aUs7%W|-P_`L!Jqls*H}`7PEA%DqSzN{g2<?>xn`Qs~|X$RVVm;XXqhn%cLy
zMmU=`lY2J%%y$UYyM!Pl77!kaHrr#`cKKcm9wV`eF(ZSdg$Juu6!CLKn#8kI{Z;F#
zI;?IJVKFzG<cN8?K<MT+7zpn|?a4Vf2@|?M8=5ddshq0we#JIe9a8)QdB&JZ``QP8
zU47{1PbL2*kEDB&h$_i9dH3Qd*(=!cXu6h%F%6HfgAf{%ng5OKNCI%h=1J_SCLv3y
z%d3+XAv}`uKttPpSr)i`7F!AKEpJrZN<-n8-JcHa#7PCfE)2y1QwcNI*X?|~kwXS+
zVf1+MGJJ^}eBG+^sq&2NBOq#N90AduCbmJO&CHm?d#sNmoAAhqrvOVpw7<Vv<6^4y
zB2H_%sNk!+V4=(8-wF@K^;gkVi%2^1;2A_(7=Q*lqTo|0SPY@|AcYx(3LVFkb55yW
zdKQUPgD*`WH=K=(g19xBi`X;rt{+c4Eu3{yye9rZuZ=>E$BfokI14%{I^n;x&AHoQ
z1Y;5CG`v7u+5B)A0Knw}G$JDYA7MB^y#r_p2n$Bsy=_S*stM3x921+5c4_^<IW%h=
z|8<mt6zj4HezpgQJhXr8E0>f!XcC+}UKC>-sY?kRK-4|c0~xs|RDJWxq#%b3q#Dv#
z)_mOsK?h;^o(%kW?BpQUJ}K)8Li#V~T>d}nPuU=VV=)us8^D_~A}oXb*W*^d9&Z}9
z&>bSE{h=8Ns{^cc@<;numJ$<EPI5{q!t{79q<Y*YgJ_<0aO2?Dec*&DxTKU`U~@9q
z5d#sn-&IxIY2$kG_)(D075e9so_qH)Ms?+s-@Z|i?tGo5^d$+vM4Y<=MmT?jFz3Oy
zf1d2Q*?8*W$ZFO<>4zCmUbEO7M|V0ri=ry_y`6kowtGjrG3*6QL%3%I{yvKO*yr|?
zu<nm{NG=IZJva9~f}j&{rgUTYqki|hM|_q3$O<_%_9M**ec3~7tYgm6Z6efh5wwG~
z9Ry6tf2w{Q8*6lKKTQ5DDd_-w$3{-g-t&F_g$Q1x`%fmwIuQN;y|-bq`|6z8(2xYF
zGJHW?8zMDFW@E7nNBKSiok7=}AwjaDKeJRTRF0pfDgl9W4m;P<PxM_U5bVT^v9Z!U
zG&<`h61(R-eV^UOKT$|!y}DUe%3NCi;Grj+(Lo5*dzV>Q)`~#+o-{K#tR$Jr)3DjD
zRVBoTE>RmI1sOPJOA{I(fPaMJnad*An@U~2t~b9v>m8L5Q^SajAdnuuL3L`q*r@uu
zKm*Y!`bXlGs`?Mxn&Vkhf8WXHxm=K@6uV-><j{q=D$DnnT+C0Lh2>cj()JKMCVY<0
zM~hUyC8@KFC1D^C<R5e_nViI&2x@<D?gJ?c83zq~=Ca~j-#Jg3V`|To{DP83fcnT7
ze5XHYU;5iIz_HHM$6Uh{zTZg%-u#Aby{b(yI-V~_#1msuA4|sFFqyrAjrG>8hr>=P
zQMNQHQH>SF|A<}yii5QAlQW*s_Gn#ltq#bxLu>z0g=&*k0rb){9uy!`H{*4SlNps|
zU%{x;WH|?&=&C`fbwVF*>oQy(cG)=0f*))}jQ5XHi4}3Maaz$qm%TeIxe=V5{A=<v
zd(OZhbh`5yz;VNU!e^VL)iHwaR0<NxGJ`!sfq~njg%DxtwW9wQ)Ry6cmvPr<woaiy
zWE@J#HSk{-yNW@raKoAfGAOT#3#&iTIn^%jhIPB+bdZIbFVlL9Q;d(S`-P@AxqCCs
zR=QZ3Pq>H_xc`Hl#!Ct%?%pn_px{adJvPBiiWr8aI^xa#pUMl}(dpzhYFsn%Nhx)P
z0yv=m99wcca9v(!J|_1Rf<!;np<$elTp$vOw9GL?VJJ-rN6eu<t`UJ>RIHOu`K?Ba
ze9j)BooZU|@XkggbojLb2ulLa547j!gz18s*p+SuBO=@UH@p$@8_u%-I^}&sXs@1!
zllbA=AW-uJG@J4~H6LAW;BD`kn`^?Gw9*V&HzxYS#a(jy9=!3vVtdu<`Ex*cO0oPJ
ztT5+(gUDxKqAW6c*;@l`NGvRKeOk8RY;v;FEZa+|O#V&yLf%hV-F<^E_vi7tQDBHM
zD1W$pRHNTh(`ME~T!)cn|FyJ#W_8bCEwpJe$(l}~`+jPLVbFfXfszyJkkd6%1aLBz
z$kR;!{aAsc3DwqFEh)dVNLdA9sLECaOVr_i)VR({iSe7-3Ve7Cw&=Uyrj-A{s4~d6
zLa}muk}Tb*#eFgoC2ygVA)L0bL`Am$9N?aq13Xh?T`f3|S&r{hi18VSj7^F0W0sUC
zCzr?my6E-13Z@4H78&47=MRi)Y(dtHc8%r7*&UHv0Zyt{j@DU4dbu^0B)WR8BWP|h
z?{X#BFanAOxqR^q1kQZk`2!fqWid)MWgu=<La7DG@S?mA^Nq(V;WRRdGM<lW(fz}&
zKauvW3{(blqSSQHg-?kk!Dh8uDBO0*XbY1ZqEy4hSQjk+e*78VLP>%1UW9$AF00CO
z9Oxa3oa^@cnVd+%0%tiO=#VD3^gs(5%amUqvZ;E9%Qr`E(h{at1FZvA?9Si#O*cGK
zh1_Hk>&RTK*`haYudy7R3Eh>nadfx~!k;)%y0wKznc7{^$w};B{8GgiR;rckb?km!
zq9uK>yK<R})BcTl)%i48BQiJ^=WFL#vn$l?a$3!pl+X$$;4iOcXDLWp5^##^QMs%)
zhFxTM;cA4cmZsR|Tsuia@y^($^c4=tHMvD(Cjncgr>p26uNGv&*xx1Bj=XTde2ma*
zmkOuj=lRGgo1Z3EJ{VN3G?Xgt!wTrodJQ!27GOsehz7Ah#4f9H!uw56dDtH$8(9vQ
z;`P|Tsb9?XVp(4W{Af2)7e`M@w)>(lLG${u@!PALbTR?Ctaryk?bhzy1qvSV;P*$?
zbL@$eoZquQK`kMZO4vKUaPs-gk;PHMV=AcUbc_uiA=%Ar{-uNR(g(gkA#^+S4k?w$
zvICa~GDY6(u^_OHu=2IPVOP%7ewVri>g0={<>>35!per;3TC0tQ*1fG5>2;~#)V7#
z&#e+&TKKx#$W)f0i{*iZZ7^;Q@ddAp+mc*a5gG^&73zJM3z$fMy9$&46<>UYIIuD6
z8`YL?IdInoe5OTbKpX>`uD!3s!@UWScDw(^PqurI2p=E)a<dG-flNSIRacEwU~K~z
z?#W3f9xQYWiSqHfox2NjG3fM6l~O~twc^&i1?2cgm<`y{o0;i8QZt&~8XWSCBlB0?
zEa~8ue(#~L5w~juskkkAj(zGLhw{AIexGV^Vre2ygsLerVi&b%3uURGJbJZenz6na
zAe3nxpNa?J|3F-wokcMq>K27Xs{uL#k>Gq(PGwgp1^k0CcGCzZ6rCHd)Vr!BjIU_x
zZyLH*38xr%Ahp;0eKDY+@6MN4uQIBc&#vxa?FgZEY!?#O?o*cl@!o=UR)qO2U`pN5
zb6w2tiYs%-c&hV*);~_s_2WeEWJR?&V}4GOe-pC*y0@VDneVGbdjDKk?P0#g{~v$_
zVpc*1Rt-srg<FR~^mduY1X$9or!wm!Rg)z_hNnNVav#SeT^k3?OVH-U!GrV{F~{Ce
z9loZ4`m+NL9Ufr=98fe{tZqU9!$oTa6P%j}GPhk~tPj*WL>3~@?dk7Q+*|k2ZLxvd
z5R>>4C(Z+ekT_X%Il|`_I<aZu`ZdWME0E^?$^)kj)YT(m>M~~3AMvc{U75&NXN`lI
zK+1TcPjWu(V#me(%R2OBB4?J)G)S}8msmQT^U<zj3kamiSw;BQ63xBN(dBR&^A?gc
zOhy7fViUs|w8Qk}rjmH}c57YGIitG%3RB7C?yEHM+rE7AktEI;Bvr#Y=V_Z&&*|t?
zXYp0+%1E5W=A+_`C|GaopQAf1Q?1<uAd-ea(J=RAI*RB`)MQ(r^CT;<X@73AU3$)I
zc0k#I2EM&r82!(M=y)m)R*Ke%adbPzR-==~i8EH6XZ!;)&QEpS)&*KZo6C7flvpmA
zBjt^vnxVcS=fh|&nwvPgb*YfsnN>xT?^ERNy<wF>lldzd^bY_hD*X5(b!O!D&lUA*
zJi{+UrFSDufqK7ZciK9Jrr$PnJyK7tIbYN!LQ2RziwyhFf||+u%Ev@aFoeEW<UlN>
zx@nGW)n7ZTxq8P-1hbVN0p_Sm?`@@ILKi7K`GT-{b1e!mnnbgvr^!EgV6~temWZ>O
zo5A`3f`**v7_j4xO0~eI0KcDfb@8sMkEWw9=ak$Wd&-@Ap?of6PvuVbAb_cgOJ_ly
z)ikNQV^Z%x(<=ot3lOS5M__j7lVL6_j=CAZfSVqnnZie3U&^rCYfR=A({$Fh*QfbA
zGQ7$x&_u@xsD2>B2sSFqbTf}0)gB~((as2>hBKj)105`%Re8A7O|6rBA+rD&JV2<k
zK~p<c-atg-?<1Yy2erw{;OBg!o;}s7tv^%n_XF4E;gR+f{IhF&Dcs@}SYtc)9Lr)N
zSi&yF`>Z9YkUZM5&}kwt#xa>yHE*ivaeq@GM^wn^v*2d~(Y6@&tY+tdT>Bk~XFbg?
zRkh&fs@O8QP+N6h4L(cSdH7)dzvDJWVQQ_B*!kxQ7hyI*slsa8o6if^n}FcnahWW*
zVD-E>Ynst|Z2KMVaaWd$vpz2zgwGZuS-E;%IBSzWH`a@*y}A9iU4jJLzX4$EjNE*+
zr8&2unw&jRtMDoHOFYw&U;Mc`nif@;A+*;w1PAnalrEHgO;C06rnMwz>yYy@pYyeQ
zL(hMcK!F(VW7yzT*K_(~rVvi<u2hP1d6_#4gs-SmN<kM2fqU98ri<R%jVTDAgO7`w
z7%<E)2><x~UT4C@;1V|4T2qCVCg<W*Hv=EY@ebfGSqpvy?C*pDd&FWI1kb#H`MY#Z
z<z{jK7j%JUl_K^YDBV58k1Ehll0)9Le8SuK#;^w?gSJerkr@hEL3(`yW81@zr>k&Q
z;<&_q3;1P<X8`y<Vfrj#$EH<NOdRnfPz-w!!Pki)u%&A0)gjTAR`)F?m}KSWdRp^#
zwJyak^0X^yqaHWkGwzx*(UnFragv^z@`k(Q>zzYNdzmO^g&Jt1kr&wP(nlt{1#1wG
zsV`S)gv3hBuVQGBoiH@{80yeF?Pf?eVDD}>l6)keQ=ej>q-CRSnm9hqI<g=LDkG_*
zjJZP!uek4fkuL;&yKToQ|M?FpvlcO8OkCZPj;~0>TgAilOrr6T*mSOpq6;kkIqwJ3
zaeGq5twiP&c5s0aydN8HKF0BUlP{Lys4#kJLGe!?MtS%O^FhEGMh}aiWh8;4*w*J8
z8P)GF|FMfrkZN9pb74|&h+$#9oi2SlnMDy6&b(@_sIxPeSlqy5ECf(?SS`fJFu?fV
zXY|W4rQhj6XqV>IYIOSE<I;(~c{FG(X>&2H-cS`^%&T5{T7r=#4`#A);2TxVTpHXt
zO?asR4V&yAfGzIo<z9EarG}VtjXD0}SEY4A=3&&Dd3P3ZZIpw~Gg;_NApv@p>w%eN
zeXGjJAk9Wo=Lr<UtP#GJ_kM0C;HSVKxy2*=IX{ZQ*io+?san6iYKoJVqbDPRx1(x5
zD!%^Kk|di3zY5JDw19=5Dfrjl;6W^x>yhYKQMNkAfrwzAvR4BGp4`JBo5AaiWGgRO
z?hmgr-aVo|k*bDSp^SBpgyjztO2KXgMUj>VECXK`6d%fFMkD%x9aEg&KCnDsT@5+s
z6PkZB#S<DG@^xWTQ<&~p8CB+u7?2xv8qpES8uN6p5=_IWS`5_8p^=YI1+SG6V92Rd
zP35(Ut@Eae`Jdj^E<NV4Y(|55(aaE%*0%KZ)7VhXh)AG?G`Bkcv1`7F3lx&@n#p`I
zX#9ej>f)o^$GTS|e{~;$>xUagO4s%88mN=|FCGAhWrc5e8UZ`+JpG4}qP1Lxp$Ji%
z^zyOL<V3)yFP3;8DC&XDXSyLIkW^eq&OvpU-B1(NI<KJ-|MF>{<1RLCLyPV6ZJLy)
z=4svA(#o6iKrcQco<fQZqd%&)v{$~#ox-!)cAoR0(ey{QnvQ&L_1itImP~&b;1B@m
zC+=%C;gw?QfYYNm3Zyk%RyTa~RdX3~Or_-d&SYOa>Rb^<4_s^#d3H$R&P$013cuX*
zTa*fE-OxE?&1G+|Nt^sRtF@3}MNQ6ZNht<h>~r?j?i*DEvnKkP!dEy)^G$LyQ=uey
zEjRpScNyI;w3&b)6De7V)$TGi$P2HiadQHi`bpl`diBp)M=bFC%#=)Jcf18K1jpET
zk|Onn4p1NuP1SXw7<0laE8p>fu9K9Mr3fMHt3l;bWBjKZE~NysKNP@90tvU`AWfS4
zow!wm?kg3Dd?2kh<fa-+6uQaSk63xp`8j6-A`SXQ_jMOh4ti|CZfph#sB?eqi{!gx
z%buwS6wUn7NNqXG2F)^e9TAkk1Wsq&dHVA9VQvq5ONNiL(OTI|QB1y2%JhNckumdC
z(A+`RQJ`X~m|fQjzuQ@1^B5rOzO_hn>m2_!V>HQ`KZX>%aicLw$WU+n#>HL`p$mNy
zO~nho&WdWeQAdFv+g`ENOzCnG;7QV!Z*$1QBLXHYQ6XJWEVJUIGnyl_T@%t)mMmqd
zC6??$Cs>N}VoW{{Ud4rLZY&h%YqBYYGK_iI-8;r{QMsD4*H9_%$B|rozf^+MtO9y4
zuC=EHz0_)yWI+Zqzp6-%eqapnyB9LrimtQM0tt1*xV!4dd76%LdukqbsR3rqZI~yg
zgq)Xb1Yzcv7JI<)_~j9meI1xBA+Z*4QxUo|U@MYVdDB?Zh(vLSck!9w0s4R?E1Ffg
zG1_ZXh2p;@``pK0lshW63On`>XGixtCPI2rqy;$fSoo_jH_I=%gi4E3Jui0{`emop
ze}t2m_6)jjkEP@cgTDH}#e}Llss7x=)_3bbDIs|%m&$>zs+^qkLZLH+h!C5}pJ3ln
zu{rti1&xCY<J+0<bwPt=TATV-1{>@GuEPf_y9YobF|?DYbsQJsL)^vgsc&BZ_Yhb(
za${=;6m`?fqzXzJUWbo=7`h6$<QfB)$R|yc$3iQ`Ry{K-t0#=>D#iWF?;438I()mk
z?n~c4p8nDW`}tb-Dv@fZv-))!RI`}CCyx85`3%1_U{2b^9qXJ0@nIWNjFV2kfC{2#
zWL2SOmdl_sN&`%U>yCP{{QZ`)2^79-m`piS$T7kUTAVkZWK8$RE@?S}9=n|`9pNXx
zGcDTUo3I4?Gg_Fo(r!{LAV}3VZ4^p}FcnO;^ShZ#liq2dyUH8xvIcm&O$Wa}@&#!}
zz2eN_pH3i3)jpBk(hCgCVjfyi@EO*nrQ7*wpzK_^F&8%`=w6;DWimu9JUd_~JC9^S
zvLd@0{8=P^V*u89Y46JPQR^yK0L71#1$}8CCGn}tzlqd5F9ue<ZS|_~+b~?DkMo@{
zv5z=ulyk?TGXGm7iJyJPUGq8RCjLMR<h|MCD>oJxcqaa&5dL$bpiae(*+EB;1VNOi
zjL$U#_2XHqfrJq|*HQ9s0L$c-ByF{(r9_TqJZ)`|hjvL5l>p?!P&7e6z<dGj<a~2m
z+nnh3RlBP*g}Dlr5M@5?|3}MTi8r3;DuwW&x&!pej$u|{B7McnF9c4fw&jWbLuQ3a
zl}!g>Z%L-266M<NWA)wqjx`59=?5~($^(ygl)@+-&`*4qaS}Qm0HJF1C6*`3<993s
ziR0$0@RkJTbk(H*Az)nZ?#N2l-}2_qSIL4Lw$*BXd*_Fw3}eK|l-4OP=PjHFZWzFK
zr^!oSl5enNi{UobXOyjlhd+^cLYv<jr)oyN$jYm>|8R46>sWz@qc<VfboMfP^a9ev
zL;<j+!&2gtsMoM>B()3L!@Z@t15>3tClflJOJ-BaCL)Y~G|ca0LW(KLy|3G5>l-ZI
z1E=_?u&@oDj;@liaK5NoIEE7L5bVY#es#*hsuGGyMa>l0X7E(JWg=`+F9JyPu_B3O
z0(cc!x6@ab9<;8&rvNx!w)`(ghnmDo{NqxOGCdCl*Fu?yV~RQZbNSisGjfk(D&DIR
zf^Kx!U$vXikY7aaY%21F>x`f}J^nXal^tU2FgQLcA~pKF8FRa<F8L_xOAj8bN@#6(
z&g8RT8(}t!C#!6e$qNJ|v+i#cljeEQ5>vfoxi?^r8AwBzlkUWOl=Mex?bsR^MT0H;
z#cA;yh8tbOxephOEw$vR+utfDbAL&792v%ojU|n^;)uE877J`XL~4@?nRQhmRXb@(
zn}Z0Vu6mXviue6mW>_+k^v(L8we3<<uBm`N)G4RxLq92H>X*}tCaRUZUN5?}N`5)G
z<MmT~ty}xtHN6|peHL=Ztdo4)4dSjfteqF0?_fvBC7N@SjLp2OsE71tEf{0%outg-
zzt#HVAeA$Im{WQ$wbYk(QP~R<GV|T`rdsDPMmc}G&Ij|kRJ@LKk1B-B&THs21r_Lu
z=wU!nL_VNMyuI!~{_5OQ+VBs;7^8n}iyWI%<mjVWSepBuE*Nnxl8PekeICaNUQ7-z
zbA-x3q+CUH7;@^iFLyOVSLCQOEiEsliAa|$Sz~rKKr^M35GFx%$Bl-J0&APTvhSXe
z#Z-;!&as3Dy{3aN`6kC=+I-=}K0K6Q>ZNXvND_=x+}y>{uMsnM(})CH(|?Y4@j{l}
zTti^euF*|Z+$MDGpI2)~xT4Rh8E~qXMsH~ilaj&Ah$OB{woXvz)vlrC6p*J&dFlQ6
z7x;`lFX6nm8}E+q=Mi37Vnl?*8gj{_5d$Y$i$KIqeoSa=<8&dA^?DNsW*4E{%`-e*
z?^biz>gIv&hZ0MPq=)fz-UxAkU8rxDJ_9D-Z4U$#>BDC_UZ8v7dGP@q{M|!xt{qK!
zZdHBAq7vV(i#TWx{ehMcllG(F9#_bnhx|)iq{6pEcG}LuA!uU-eE<*RoDvg0j=hez
z?0pMFj0A@b=cv0@el56?m!?J}A>2elHA*3jI#k?pM`aTh%C}0$x^;HQXCR>`ugD#n
zrVeDDIrVz6mKI<yic8$ioe@dMzI5%%AJ##`&#=@7`0ye=>Ff|mJe&cMU(GV%x>uRW
ziO_&9;|#65<h^#SS;px}evT0Hmg$pjt&X>hTbG*9F^7<rnv>&je=yWS$%1<!i5rRQ
zU$|5AyQ8Rc(+<UN29OP>IzrVC>dXvI`+Gx>U6|BV6^0WXV^Ue#JLvW<JCygmqXWMv
zv3r&Th9v@~iZ?o0zr-7Hv}QFuGytcGFSF0e>x>}+$_lQ53XwY!e|WPIJ!6&Z&1^y)
zwU6}I6h$jLRL-c|?|?9C`!q-JWAjk$i`s>KwUf07pd~T>$O|X6N}X~xRe3$)>V+g(
z<&Kg0<-o!Q025k!k`Nek;x-wxD?|ncTQ`x}A3dl6y7~J20`Oidm=@NA(>=BGfEMeQ
zZ_*eI%jXmqaZGJOTDF2^i}h<XjQila8US*-wlH{x?c}lMwACuOa-)`c%MQ<hb4*U8
z7Wd<9y?yvp!YIx#!eCA!O;nURsBoJ-oyfUFhFIWXG0nfAPn1()e?#R~YA}U|?R`=v
zfLsoD+)!prDXWk3yps4^n4!uVr1*p<v{9!h8A+anR0k&*>(+5_Y(EgU4)VH?Vhh))
zr}UDe+L`<cgE2FUwa%GnnG1dHhpJ+8!(SF{wKF&t)G>+0CW=k+5xw!+VNX~~=(L^#
zodECPwfSAl)79@#<k<r1fLmHFi-6XyJbX3segyajhPx@N|G<BOM-{4J^>X_NvlkK;
zgcK@N4t1iUn~^-^N-X|AdB$w`!#R@_^jsExwI$%F4qqHCg_v813b5jT=T`NE1AA#R
zWKe{d1(BXE&|M1ZF4@7xZU`LmRf<tA4X-_%C*$_x6$O2$c0vhr*09~C^J^*=cf3!m
zu-Gv@{{=pK@%LW&ntWtoKBkcsy0m#Qi<f(a_CVSjsv%|c)8)?Bc7zT)O^Hj@`o{&s
zUHpFjCueC{JsU%7FP8DPO7fXcFynVu=gD#yU4Sf+!_j=C2f8O)Pspt^;u>tUy9=2w
zdA#hG4gDS{MWv-cxjFf&Fec){KEk)=B!VcA3$%oY@eN{#*0UZm0ny6c%n2<6$qgsS
z+|RMak24sl+%1XHur<uN+<~o*0ZcmT^~3?_o4MsZrJAhyHc~ChM}@DWYqX&{vBn8>
z?4WDKjpt3DF8Z@z3R*9g@1Q+3DXT9{iD!xvI=k^P1|?U71{S4If$ZyCDH*EccuWZP
z9z!A~=EUQMtv2QfAcW7dKLTR~(&-&H2ja}(Q-LN)FJD{c|1%d96NhXPcyVY0CR{r~
z>jys1L6NpCRSq$Z+WD-ryq<Dz=!6GCX=m7bP6$b*zS#|y58!A@9V>Y`z=n}aZTkvE
zaNIhbZ>dDVzi>82<4~c9eD8MTs;R-=dUJhK6Is$Xx0xt?V+tiTU?@nJLhJf#^26d~
zN6SH{)lc812H_u?VM;(_*dADFEF_C+3mEUteJ_`Q5l~<o14^u6RxzI%Vu@u^IrbsP
zFes)KY_<>ZsX`q;FS+4;#JiFE0c~VYv2Uy$>R*}%)ka|Flsx>Ol*ENqt%+kNAr@Wj
zwx(cvJyDDGVm$#z;tOSUp?nHFJ4`rm*7!*QgJZvsC+OIb+)|F<od^=?CM17<pkC8X
z2a@RbUJSBgA-@QI$sZ@hX{RL&bT`}`mR_TD@n}MI{aEjt+P-xwk8>G|ai^;<8g!VZ
z+R60pDyw)&?RIpckOr7AY^4voRyl8x0Sof48Yr^J|NXvh-y6?pxfk2?LyjzHgm7Pm
zRbA~X*gX?Wtw!>r#Jjmbey=8>=f+^eW_lrJaY1m<S5Wu#l){u|RJAgbXeiXe^KH%?
zWbHRQtIext+`;GaQ-HOUF@LZe;x?Hm4_qm{T}q70lb}w9j}OhKdIR3Q4|*&}1(3WI
zl1-#0rv_2b>E{`(<~)n9Mji1*EhK)zOff+jmh~9Yn4Pm2_H^D}1gju;$wo|<fV>Ck
zs?oXM3JtTZ+`e)K2>Q-Z*|H=v`v!e7^Y&SiX>mg?Z)|W4zG!68tz}r=Z}}KpmvCq(
z;Mx<M#zwt5d5_zmRgVksi-{^)WjS*;NyMwUj92j|1v08iS6;n<rI?@qD3L0Vrv<w!
z^NC($K>KCj;?kzrRjGi2!Mh)Lfs!#>4k;xZl$9ppeTx}txkhro%}Rd|fg|~?^yQ?l
zblGxT*fxnomTV-q1mt7%KHO%pOIViBJNl{lK~<h|irx>-f06*xJOAciiV8>#^8CE{
zp1(bWCij{(k{rK>_@#}#2f?W^;+El+<!VXs)mpQfYn<ZLgK!Q+d^rMPUSX(+RS@5-
zoZl8j1ePe3Yp0X>%>;S(i3|UyW1~igyjZR-H%$_LU#L>gST3M~|3_U}BZj@0cUgRM
zMmk?>c|q0;OQOr_ZB{F^g_E|HL_cOtjg628@sI)}Q}A5F*e)f`M8^mOmWj%T@rq!y
z&ys&cJ~KV*|B&ThrTlA0U3wsONt@*O^fi(J7H;Lz1ucpo(O(PO^nzB_vc$CpKdniP
zEFtoU_zxeuvtr;j<~=t%l!N~6N)T6-tpuy?vl@IH<=FrD%io|5p^Nw91E@J9xvynq
z-J1Q*-S%Gnvngw!n|#U+YW34gS4|#$s_MQ3!|=9+mkwC1@J16T3)UZ3LC}8PS@SLm
z6(x>8Qf0~*{S#^_QQQhf@!w^IXzoou#_mryhSfSMbOo-|MK*ONWD+#;b!+B=A8JR0
zfVk3&xkud@*vXl`-dvihfm9$xOCnlIO**ptF7Xj#H-e^KNM8sEex0@)-d7$VDooIy
z4vtQHWi1p%|6+NTHDd0rtgH{%N6J7wvR*1-56LVW64=cm<$#L(O~rs9X$^M{dw2L-
z?u=a(WksmUDl$?a;5Tq1o<w!8&EcT`2Kx7J-?5Gi`UnC_f7`gX?_jyKaPNMbE?d_>
zd^HPGHdp(qtxuI#qVqaIqq{`Q2bB3i_)xTfC77PE2<33paX5LHU5kYMo7I4`UsM)2
z+-sb1xR{YzOdV7BL5F1*`qidILpMe11De3wRHVd_-0*<8RDsh^Bo8-OOmvFd`MnYz
ze{~FOHvcd(ek254>b)N}u;)-DHM*{(^zmIo`Ojc9iSr=Y&Bd2E9Msz;>$$Dg$1He|
z)NPX`3D7<&wKO;99)fRw!(|uMO^%i3bM1!E_S{_nK&f#;jXs5c3=%DgV**GF=8F<F
z%FgF}W$t36fch6BM4tCyKLNbczpXpnj{%eK3bXIX(=`j6>nkbsBr{Q-j-)D;H%<r^
zoLSIE*;7+|3~+F#5>kNVWa~v%V@N;izAjFpBI(7&MseTI7*Fb@zbc)nroUu=bQ>_i
zR{0kXhTuHjPn3Qh#Zb3&F!p#Vu2y@4BG;2-NEmoE>jM>(oEdknBZ}!!ZNXO<=M1b<
z!xXiZE%ZDXS(7T~U(WfBtx^+=uKDo}X_QozfvKN6g!1-Mu36?p!wI1{#wX2bOz0gC
z=Wzu?3vWo!wY$uliz`dfC~vUTP443<NrZ3*^JHlf7U3CDydmB+1)U>V=QCf|4ZzoV
z<2FisSz4aNyytxYV^2K)_1p9SFWjZU7u2g>T3!)7@?K0#myP_-1-c7iuC69Fssi9Z
zjNZ5F-QVjqm`udLZ83<n?($0Q-kIGb?olU}kcb|?R@$2P{*o?dv(hllVL8BkdU0lc
zZ4z#-3to%Wt$=%a=m%khOsQ*8O|pjCFv!KtKDG!z+1E^A1f|*OoUt%c&-SHxX|7q3
zaet4i#}fQ}20=Or2v2bV<Rp<xR8R~Mjtl1*Y2M2uAQa%s#&EZ=Y2_LFv=Y{W5Gq68
z*UZ^-xL%$z(6{X*S0{J#b~sA7wkfKow>dYj`hTazTd|L8P8B;@qsW~AQ?(u9<j+Yf
zmeH||5gpcVLeL?<-7LBVoa9%mMi%X{))zU1eT9sJK|z?w=VCZ7PGE8DpRGI4nw<Y*
zRxy8SM9-u2i$Xnc4pXPkzpjEGaR)&p0!d0ipZT~@65Ljjsw)P}LvCLI@oIJ4z8<nF
zn`mz-990DAuMh6zVD`-au&V-hl=j31EkXY5L;~)(y{TILvuXcmwKk#Ii1;_osh`zp
zvZrWP^X_fZ@|xg)y_YOOEN%jjTZPCKp1|}6`bMKVWo^4>H=HD{epx?&2okqvv=^fA
zT(uKGpnl#Ty&uu;1B>IYC`u-=eHJD8i1fL>8KOA8tK<Y3Ye9XOL!W%#Z!SMcVateU
z#Y*@$YRf>3k((qa5)2=x+~*~y3&5ctq?g#MQqSejdv-pqe{~v^J-;g|MtM3Aat$bk
zlo#kaQMJ~M6UPLd47axG>Q&Ifx!rf%_tlI*65hwTB_*dKs}a{+9V%1#a+Z$p?ODOw
zzbf4LzLra#O<nHGZ>*X(UBeB2p6SM#IcU4{yL(y*LgR1m@dDozC?OUzc_NtX$tngg
zjRM<Ik?k=M=%Xu_W>CKGDFA@^KpLSBwkJpI9o1!&42fV(ttGqVFo8veY^d^-Qz$OH
zX38u?5j)RY`#bwZsw_vW#jFB6R}hgKx}l|^fmzIEt){0`AuDQ6H+EL0ZB@A0@tIwe
z{CM%_D@7h?Fn6zql(xjkyobF(fhhj3d@tQyW$(dZ1Zz{c>A0?AYw7ZIKCdhCNLYyK
zy91%l&zzYY67R;njKIi?0otMAEM*T(+uY4a&36jfG1bz##JT#65X}IX{dK7Cwe5f}
zpCDeg8Tq1fB#P{7AbM^iTW7RVQy@tq!|mZM&#NSJGV$4z;(09{Np`uBpryvVK56HC
zhq`3^RIL)>;1w=);2$qM9Mx9exIQ=oFk^fMp<J!M_aqhpj%*eluaHW0z>BDU9|1lx
zRYH_pk_%(OiY#GW0l-(bhTc6JCNd9=%7|?0kF}R?5(#(uj4vCNigPZ^n_bsL72yrM
zul6y=w-y3CKIpUU=P#M$W4g)_kwuu9Uz_}WHUj0C&BJbD0sH){O6;toAdgK~rLp!l
zUgM<`$*CE^NznO0PG|*cBt6@O$F9U8-#4|b!YJU}6{ldKGu2aWYycl7@TY9@G1M!C
zb)$nq!$Ww-dTHlx)<y$0a)u4l)0@y6{_+`l$Z?@NH1u=VqsCFeD!XEb0lX;AQWed`
z9terkwekYBe;MK5#aEMxEnlcd5!I*B?<Dcyru@A3>VgldDu`Fxn{NNnC#MhARX^Wd
zia$aMgHnkEIw8;#$j#c#63@7xA9;e|rz`P`I9=E=KqGG?Uqo9H_GrC*;JW}r_}VyV
z0Ukru4Vw0i{7O(5<m6X_@X4%IQd`5IOY{Vp3`eK&Is3;9s&^1&@BvWM_=E;IiiNx-
zczk=0t9H#G-!+2f@@Uf$q^jbIU}vo(!C$*(?&3<TN_W>H#N|4yF0%#>Z#kxC<V-}4
ziyMW}gbhZnB_F29-a&P6WQ*(O(fHu#Wae=0sR~Ce*R0g!Lb5~2J&oz2d{Sx~Ukd|q
zDz&+lgDn)X!YwCaq*kn3gLP1cFd$AW2}?DUYb7frn_5~i?`gJU6KhmqwbT$GODmIL
z;xuCQXaNy(z0UU{poUJfzIg8xWFIg(&nGC|nAxE=+CdH2$OepYZ(m7MKhBnk|D@Iq
zs#lN$aKE%l%QL&c_-37}`dL21)f+Hm>g#*_Y$P0a)W`H@B|(H+B3IU}*#$MI(EH&r
zf9vkK&uKD8BH`7Q2~Y@jls_z?yX>w;r42{v_d#*d@K^W4TstVZ>GhcO#&f9SSG-tW
zzKw2qsCcL5o<C@Z?=nD!l^8=U;)o+f*-PDFd>ky7)fYZ(4<;FI9y3R25;Ou_x&DSz
z0!!lDaBfUsjN%72ve1~b_|J5+qC2)X2z?ZxxDb7N4KVD8TktNQpeGGz)8zW@Ov~!W
z+Z2u}5ax&uM!YiP#+pB%e$;U)<C@%%f7gKiT~tzaf1YvN9PLlh!sQv4R3V}YUnx72
zXmnt6&f*9up>N1q=e-^*h}J#slWu`Xl3)*T%AE6GH(O5a&Z$i7-oR1$*!1J@g3P5f
z#({m58?N`is>YQZQdU2G=dvG_UXd?vVnDbSxE8SpGMpEysge%6EHIL(JR;d7nh#C=
z-LA&mJWV{uu5_+^UKX;ZXOz#51}Pm7@B)Q|9zx%R-I-MQ;_^zVm{Iz+gGiKA&@AjV
z;Rk$xtXf&&!Vm?C2MMe&ff%HveH*4L=Bz{UPScC~9ss1Zl%nbLgjQGNz86IBE%RFh
zZ|hoN4_<fQWdKhWyM|EIOxGshl9i;tYJyr~KO~ghJJP00aN{}h(63W{wb6B9qR3U}
zaz|aQM2Pv~ajS9Bd+a!BPs3ezf;RZ8>UNIFNWivxUGpL!jNO)sx{t0`d$GYLIZHOd
zc!3kjnU%@mlorK)!+Oi{Kf5;qtbZ<X=ZHAmA4fGeZM17eeB?M_`eEOqE#(g*$^eC8
z!&P4jat!5xlDy>nHIi<d9k%QJMkMBXhoKcr;zxm#ke20%PW`5I#%Zb(|FU<AFnKYz
z5iVQW-6f*<6kB9eLNIcfyI&&{1`#mgk5wY?1m2x3c?j0<5NamRNbgnf`Q4!)A0R3S
zpg#WK8;0##KR<7Led;dG!2oYB$GatM7dn%DJ^u?~T!Z7n;o9fyQR00q!Zsw&IR(k<
z7*_LShsz?L9Y=D}iL%<BThu8Va-r%+JRGg|5BgwftpeC@`5#kRGA|0zU<6qB#TbOt
zkFJc7GUyI$88i8sz!`Vz+WU0CH2SfIuGS~8Ri`G-=AtIe5JE!hu{2h8NFZC_j@s4|
zuS(FViKE1#3pf{Vu)3mipFl#S$6z6Qk;>@oG&zDy)yX6r;E;xX?S~AGWQ_+2JNpyh
zUZ$y73B+rUh{_Y*MoLxp3EmE3YSVsHtIODkBG=>w+=42Hy<Ucg1sd)+xhEE#(8=r=
zcL+7p;B6W%GM#zXW|LWwTX$s>)`l%U(%1Tt%jl@m;*gL#%m>3FB7h}<ocIOL2Sfn+
zT-OV17N(a;am}7APj>>9GD*RZfc_*St3SqzhO-kylqfy8>Hkb4j&U79|G0-E3<UhV
zEb&sBTW3Q;%mhZ(L9>r{aQ0~W8(9HAYI+;PHNf}7(M*WGRFE~ga_1l)z~;Z7tA$L&
zedxmtKU<gujfs%ql;0;!>!LREw?U{~NVgjS_B<req#WIKC~y`e5dr=o$5L`05L{0y
zE!G+b{FDJ=;-Cs1a`E@|@>Np9?|bmJBA>#)(h<xG!NFyqT<pY_s`-b%PJ(ph739a-
z=uqJ5>A)ToqQ`R+ujou#s7Mm~?R$r-^4CM0vJAipY_&U~M3!06XwAMT%o+N#4O?H#
zD(5Wqvv1QGLg(Mjb|zP}i*+oNM8Kg9{W?{xMn)!|Ly{jy<LA+X{3fu!r+$qzPd|}y
ztGyf0tBK8ZF-|=^$X&<=ENZnSb5mZppoKLSsIq=!kHOgyXUs_}S^VqxFg)-AtW<#?
zOrKt@5th+M9VakHd`tfeV#!o@Yz0#I5wHX`gI`>Q>E{OZTRp4bWC{)$cwxoe!4n8s
zLX4Y9;Jylc#)|N@qCu{uS_}ktj&jINtf0GOf$6b559^U9H79%BoAGGNzZZ%GzHmK`
zMP;_07VzZ57mWzt8)e$<8CSDYj`ptM()kf7=ya*Q?@VEtd%N_uYXl~5j{aIQd23vX
zk?xSn9FXFUd4&i!CJZ{h8rYa0tGq$9&1-)((BCp2AcrHXL#v3N$J-fw@#gE8@L-$H
zO$b7#+5n=Z#9JDI?dgKV5LvT?8qBJ01-@7sp>-+tsCX3aqTM>Hlgbn<{G)0N*LV3_
zr{|5nP@i1(`Vt!y0=er<uE6i6L+-&yD<~0&XbQL_N`jE%hQq9gS;HB5xCt?$md#IU
z8LJ1Q9~;OmS-YRtQD(<);W5uxDemn7MR04@&44W%X_tkeFNOsw#R9vxt8b~NO`ag1
z6vC)lL8=H}m_dDoyiO%LJUbjI3)FBh`A3cvRIP1ml6iv!6ZoUg1G;`daA5cvqV)jS
z?OZeQwNO=t2Oo89;^lM-Iu#CdLF{SpsD@}mZm)^Cup$w--~(AKn!N=GI%6CJKX>3V
zn{R%BqRqc?CtuQbxoxJATt(#&S_3#q$ZXP77pLK?f&bPW_AQ|fbOL_25dDLWh%eBp
z$#An<vWf~ra@Y=BnySqzjsajqHbZ3keBuEo&8ab*b5^E6@_&bkw#HY!&;{h9P}J>_
zwMA}*k*%xoe<h>D=H`9}XIUz5Me{dQ;db_RH$h1D%ed+Pc70%}!|5ufbdu-jFJUYG
zWO%m-MccE;-&2Z+-=s-_cy01<gntHUWWd4eTJv~G`~6(tw#66UFrT}qA3m1-)(i^?
zrYukYg~`KzDyXG>mTQ$}Rx`i=6NBl*=F9gOL&UL8@K_hVra=X`@&U7exBd*$KE7R-
z<)wP^T}?fA=AR~9D`hp)4FZNAUs6^!Ji@<(jLjf`6~OFI0uwDmPlZW+tfegNf4E=1
z6NrF%Y`YCm<$=zIq%km#i7G^m(DzF*7G?zFp4F+rCEGjc$p$J}3%mEVc|!PvfsD2L
zRJ@pnYb>X_z0h)~6f{C0D@fNyESx2*)7}e1)?8JX3Q#&E^F2PSj>>@5I=ykMS~b!a
zW;^Tr&L8(uLJyW#>&OJt9mN4wljLyV1K$U_dT)GBJ`jJr0!i<3*AF^V{auS}nYA><
z9lXOK?MTbi-nfGXphb*sDublBCuL67VqO1>FydAicId+EIueN9XaBXsa2Tk#yhV3l
zC9FgSS@nB1;@cOWwCGCfQ@d=k1f)PWG#Q0+8LRy;=8^~^vn@!drQ}a{B5?U9)GvLS
zzC+yp$nR1~psNVFIMa8=J1kY{6TXK<j&dBQhkaRx!KCZzn+DO7RXmWn)K-YYDvM+O
z_=;nNdouzU(Ib<qQ~KM^i6z&lXu)w6lnw%`(EQlJ;ubfwJ--`UBRMI!DnF{AVVR!7
zcP_L`imx(y$JWnZ;cVt)m?T3KZww&Wz(x=2D4Zhuw0rGmk{h`7Z1vm|pTXf83))o3
z7#s*H#BL!&2BL=m+bl38uI`Y4)LD_V!5bL9&~(%5i!>6r6bPh=F#d-x|4usDJcsM_
z7%bef-u+CI^@Vp=W$xr(m#UR_Kl*R(5u-aO-J@Z_HMZ7J_oM5V8b+KYkD-0HL!kAB
zkGQji$;@nf5VV>V5PpLj&ybp$<$8&HBO#5`;A@i^`A-O9CD|!4E40U8SPrzRhC)Rl
zUx}UIH{belHxzsa0mX)DX%XxCMvon5qTNptHB6bLO14<xH~P)QTK+=lhA%TOXoGIs
zEt36<I~)%D24oPXsbKp=AkMxJ=z2%59wW<D(pr2ialeAxK`p4v4o#ttH)R|#nqj_G
zmqUJKr0ey7IXA3}z>ofwo|6S>C{xP>h}t?4W|L{Fh4ajP07jq10lV1%-seGjr{~Cd
zL#FHSg@ZQdkL!lF3`g?2a<JWUcO?D951;*`nGUu)Z3A6`nt4gJ*KZ0yNvr>Z-vu_j
zPY8F<_%j#`O{I&HCUUvaBs|`?7R;qfwdtC$sBqqeY23#syZ?ldKdS4dkZgYqM&=7h
zoY+xGf-R71I9cg#a(|dh{+PlMdw@%BMzUZhzYe}EssV8tmCTfx*;!n84z@!(=na6=
zFgSItEzlI{JXwMmNF0l|@o^T#8$MDS#}q-L3KXdGRS691L=_0GmEALkn};<jFr=ox
z&!FgHMf~y6%*Uv7V1*8}<6?5KMId|#G=QaE&U(lFUeB!^2E-tAq(QrKsf7RT@AVB3
zTC9jkP#?GNTeQe(FWHI>aK}vhX3IoG+2DL2x~yTU{p$x;JLH3Gy8;xcoiuQ%=Rp-K
zwgYmnJce5e-tb3zCVw*CtA0@HV!Nd(KM(B@aQ%RSLzV>4dwHhEra4}>(P&bnseUcT
z>I(W~^Lu#FtO_y<ON0JdR(b|9_h@7Zn^_fe5D6VtodH%B!<rFz68!aNQ^ts2wrrFL
zAX8=u8;C!e4Sn6w{mS(5xCI|E#!zd;>U`B-oT6Hrdu<orHcHpLs)&oH>e1-pPH=*K
zxe7O0p)hJzT&4ZVq6XtdbXRVl@fl{F;iRvwU>3bomM;VlD=#d@DpAoUg+;%yYu=;S
z(r;jxn8828DYH1j^Rp-xoC7h!f*Z!2LNfqoZw}+P<b7S{w6;d&pm6V9k1&FyH#WyX
zS<6{M4rvfQH($|kbM!<0h5>#|p->51=7i_ar8(x%aYDx9aK)WEZt<9BhL(z9SZ_F)
zc{%50t`XnKmrJ^T$ibIIHHO6p^%e7kYG$K!@Uwan|7`<y(qhS8h}c}5N=MIld??Qo
zXi$GdBwQZ*icYJ!BQ9k3J-68rG$T+tf{OXjx9apgr971<`e6A=eJJV;p&Nk9$1GGS
zkS3K)d_tWSaJ{_2bbhFDU_G~=N7m$n6w#PrS@q!fcu$u-0BkV88iF)2v$pNWwp`)L
z7;$~|Si}(EB!S7JagE>>nfVNF0TZ|6XJC|f)}LARo`#j68OzlRVC%}vWOFd_d5B=C
zQD+3ll&PE}=~<T3T3F10*(VRH;I(Q*f?N5n7(fc1XHh(t(I70FIRACMWK53()YPDY
z3{`WYkzaL#)9ZSN$aI-tKb8pM+!n<;tR(F(ZrXSAT~e^dbM1ORlW6a%Ul;kCc>$}>
z%61~2E~!aL;AYiY7%(#@2(+{t8wp1i3b0k^{0LF`lR(&k;cI9&R}xG_j?CkPt~upc
z#c;#q-7;$jO1W=Km_P;9aKybV{M<oYp?e4tBNkiT?SJs605)coqlm>lgIIz(jqWD+
zfJIu3q{NFu(A>CZ@f7HkoU0(-ZtW|gv5A4L43)rx%a^2aZmk%gf@m+gnsK1CUmY}4
z`l=kTtYSokhJ?Dxxpv>}E~8LY(zn2Ip_F3IZyN0yKDY4tM+4+gZ;o1+kO&FgrU#ys
z^f>#Gg5Hh=jfq?=4yv%a^nrh*bATzQ;T@Sl8nfu@sa1MpVq=-`RrS*CA{NVg#ov^8
zOt9VXq`NxAw16$pd^XwMN?ySoB)oVG;RdUHiPjoiBuYhcHbL`C;ihO@L2Q3o5};j_
zTOs$Y(bT6NRTPRa*ym>JDpYRa{IOD4Tg2@xQcx6X;%~PMN2PMIu#s=8esd@5S-zgg
z8~`WBl%Q~=lMHysNyn#{i=laQyLREAodkQh#5H1l9<1*~t-@4f&qWiJ@#4N}ZqqsD
z+6PI?Vwv*=2=0-W74yhs%CDC|x8G8VBH))SvRd-la_*}XTsq8egj<^7gV1k>>jWAm
zvp23A9INH5(7f1pD8i7cNE1aaTaNCUo1AX0ayPB~hZha}!;ovnQS6y~g;6n34|;RD
zxnM*yCt$^~sCG7rpcu#eGzN;=CR2-Y0Jtj1Gm{A?;xt6!3y(a<S0M@&b91Bu`eq7|
z%OScN%HODwcF8BUa5>NqD+OLJaCuaO1ivP#6bOqnAZ?4q_HT$E<|&9CSTdF+g|=pT
zg)D!$X5L&p(9|uk#W?Zm#tmrU-@mm;q@$A5ndOwLi+aH<Wl0a2iztVOY06ddCpY&k
z$rOIVayJMCx&RLP*fM)0m_4thRxspht`BZ}n~$Rfu2p>whe$okHD!HSv6}}aW0-Cd
z`yi|0nJeT;T=1Il#_?f03a?!#i)Ex#gy6oz5$M%&eSpYQX?8&913I=nrsx&R{Yzrr
zzj=Duxyt8*?%-TIdU)n<`E9Ey<fQsC*CG0WmkHeOe=Cq=rvwpD84I0$U|7aX7cU?`
z#yM9Y$};c%mEGY=L8P=KIjbkdyX#O#lP?BX>u&h|L&!Va@y*NkL00fJM4CR?6hn>T
z`orR2(mc*lnIRH>f64LiYX1hB08PEGYxkooYtTf(N*-ERb=x;aCTpzjO7IHBV+MkB
zH>|kO0-4Ty+w3vxFPUrViH@#1TlL<Q>5*D~4qaX4zL2O=>6WE+dx<aBMSdcJrC?AN
zhur#;N|cx9eEtvi3G_%Vgn&GT1@;a=N3$JNRN;yfpG<sB|3>Kbdg!b7r9lL~JY;A6
z8Pff^F?JNwD+au|cYn2zo|$dz|MZlwdjsNK_XBg@iT>OJ`V8i~J9Ehp5q+MQGX#Hq
zVt#PEuL6TIRpYq^H1Wp~wp>86+m&0R)7Y!|IQb=8mH#<+A9ePK@O3y}eo3G-m-z1t
zg_lk-y?9Zl?+89#P-}zV;iOl>M<q|>;XM5nRn3E1p&!3;a;Yz4;4&tLQJMvl$*B)i
zm|E2=4XoR3t8RCU-|kE^QpJEURg%(Tr&*Jk{baF%qs1AsClbY9e6P2MyW^v{XO_xm
z$SI*voG!R#a!G~pL|g=ov^??tpLrsx9Ht-9kOe0tkW)CG73O7EO__rsl_7eY!<^RK
zhrwTw;9p-Yz&^zS#RgT<5nuYy&nSa^exML~M6p=Y)J7~L5LE<*kxdc{F)h4KCD{dD
z@%3t$HH8y@L{q4n3eXp^I-It|l2n2mgA7rkV-3d<d9Y=VNSugn>56=bd5i(B(HnYi
zsQ3ZyJYi6=@JfI<*U5#Atsg~WKSenFK#vxmj;C!L=rkjev<#<frC&(ir(F>kg(A?y
z^^!(2Kno$<vH8;{ktKZz9bE~7Ej;Q?&=}^oi<SqiTZ;pP`;xo%xJl*o^<ixCWDjw~
z00SMXZ~xlEZo-v(u*BkZtcNUsnRz@m)8unxk0<W_d;s3ONcAm^d-WaLC%r@~{7op$
zGxnG2Wc_d{5*`ghg@0{tcyXisMq4~0i|7aMbn?WjKni1}9-W|Y4TQ~;tg9ME{mj?-
zv#}wlPmQ_8wrsp+7+ax>%Vy&PQuKjgUIGjUIShtC3QCN{%@B^j;Xj`|PGZs^As@N`
z9+<WYo!>J%%TC@YW|QoSSZ*=PBoHKnv-j_c@{+i_S)RY407n{7o`=sk4u~b(OKK-!
zKjg{V(NkIV<&#yo_fUkd2k1Ei#%y{h1^nk34X){BH!u)^P-eBTBt>HREv0md)LCF@
z@&1nsnF4@tpIXsYW7dE@uoGM_%M9I9cV<fz1<=^GjgD>Gwr$(Cla6iM_Koe1ZQIHH
z9_BbdpvI_&vudv$Y<ezN4na{LT~JWI;?5QhTMcINCaJJ5VYc2dXqgH3Vk6D$QIC|e
z0^Pr6F$bUGFr3)^eVRl{o3Hm5iW5|1oq+`-Dxdw+Fx%f}-twP7;^>ikA$AYQVmnv3
zjtMIfAZbJj`}>q&+}X<o3WWQW89LvXB4>sLF4`;thMG$ce(|<N87Q&9(FqHdWv;?n
z5Ww)I<dFR0o34d6__;7NnjS_29{0&RZ1QA6gky_r50f#z!l59F{7{WT(VV)-fJvLU
zkFdT!ylh$WgB@ZjTf8K~2ceA8Vj({O&n|uE4D7V38o?k_B-j<nQWDOApw3t|lzPF9
zq+y6!;5Wu-m<*E9Z})}EyE`_1km0PTgQs5Mc!+U^T)<xJntI9h_x{>ChXN5#M5feP
z=|r6;%6V|UjaggE2=(qspt@==vHpb^B+~nqHd1}O%LY}WDaWGuGzR$V5l%iDPOT49
zOwK=jWWsBygkyQ(6MiN3YOxW$#6f<~qkpH-Uo!*#F_|uf2^dPXNy^#;Gs_qD$|`Fk
zR{X)8P0#OJ^|mM7D7Sr1tx=bQq|kwDXBQex`8YEJsVo`6hdgxqUCtAdPo-eP619kO
zF>}BTWqP<pzyHZ$y2PNp7O3OKs>H+@Rro>xN+-SPdfFc9V2*OD0qCW=HE)?&KXFrN
z9cuveC0}>4?CK;sp4QcqrHC~w{*UsT5Y_&_<;1=$?UPiJ`%*KKN%QL|k3ijc4b#*<
zkl~Xw*mqtuRc8yEVJrl+Nmi99IFrqTEDRQTCO1}#J*I8MM)y*+B)$*g=;0f5nLL%f
z`<6I3h<Bd;Kz(@z=1+m*Hp1JJ=X1P7jJ9uqG4Je3zaSeQN|mufYYXxMN#pxPN3U$W
zTH<*~eu?B(3Ls++Nm?L8K*PZhZ%`^&W0{Uwrwa-lbyGZjRh*RzPxOGBX&26=My`yI
zmv;k=x<+GLphs1|uC>gG*Fiu)7Y$JHEH{ekSXt|O=OZuE{v+YbfHoZg)N!1Tr&HNq
z7Ev3!eP|I5rDiNOcGdBC=em?Nd@qq*0$?&Rj_m`VEwCWS#~qZMxth{Mc(Jq0sABeM
z7pRI8l0oR7+|E$5Qah^~Kz8;BZ8z`@a-(xsV+7o+)kqFU3<nfW+#WS9H8cA$`tT^c
zrYR)2QQWrbT0YK#4DU(7$gazsSLv4N%%|uS#4aJw)yh`pir*<m?1R%S@i8wUDy%d6
z3S0q=*aZ99DXK_egdZffn_-D`{~@+fUCZ!tmC7m8DEe0St@_XgNw4}zX6-wicsid>
z`Wb+983;kPX7+~>p(JqX`M*m4coAw(b2*;afJvi|gXWfXlJ5A<8}}l^T=kvR;77yd
zWy2X06|v`fnAd0A3aSntj*dOZkKKK`zax%uv|{pl!c&$?FAYg;Sc+ei55&HhQO`?E
z4%DbBM-T5mVb$Jw*i3EckO4NCTM~|HIU5!n6N%^!HCXH}7IYpdQ@=3q`&c<i%@{ql
z7BG&G3THZ)amHL-6ga?pi;G$XRIm)KZ;UzytTVCH`Q63dQR(lKmr`rfqSo}F6>qp-
z8pJVjHZ%chouXBWuk2Z3%h)f!V8WHIOA67c<;z3sWnTK&d)XGz1(#)cV944#wxh%8
ztgCO+`pJ1-yeyDrn~DLdHDb!sdWS-}SdubDZ&I$fr3S*%Q9PuAf602&AefU^(f%VA
z^ft_8`4hV6apK;2vL_=JK<XdG2(h1O{x)ys`BO6Zs+Ctw!Ld^n>(G8=WVC;!i`15Z
zp*7-%A6lO2(6#yP6TcJPk+C3E2~3A=!F#q=u{rh00*dA{&1n6~YKDTZx~hMVPacK$
zs)NFgp%1-C_bfr5Ms~d509ZHjB<RwglPCLRh0(;p5u%XLdlqDz-@q+qM0@keIM=A6
zt^yM@EVX)Na?YW}64%GekX;lp&vcMT?S(Ufcr|zKfqt^?)QH0h;ZC4j4mk?GKa_eD
zJP`CJYtyw`X&b_BB{^?LhY1+I@8?FtNM6-~f(NNTrO1fS%P<ZKPkmCPSJi|2qFxfi
zZWN7&;9zjoF`TxGxMPYEpEh#@am<Vd_QS{bqeG3C0NjQqn{=u|{I;0gy;AK&c+`~F
zF@8CYIo%hYa&vtUi2ct6n?Yt@s_grJj)BDpzPZy9@@<V#NlQ0=0$^w9<}`Q0p^qJj
zwMfY=H>oGp0f3@sf=63DKc+yLAVPuws+mEp^|#`Yq0lrvn6ceIbv$)%#G!UlQdAMB
z=RVCl?0S(bE_!5JfecwHiN$8Y@NKq4s@sb(c=tXSKXYRXEY<4%gc4hmEByaOU(~Qy
zIW1emS-IiZfDqv^<8M`yr+f0qMQaenhc!Xc$CBOfHGHi8?Zq^=CLyK-)$oIs?`3pO
zjQYTW+-zT+5ixKD;(+J>>-^h1^ocx%vpl(|WhQDsBF^kHusEp62cvt3Kxdik2}9SN
znwKtF7Ars#K4kGGtQtoUsWJ3-sbjqUqt{N<Sg6|Pn0p|Pe?)AxU+)=Wk3kh`QsWc`
znq2pC49LFhJ}E_1tEUsx^8PaKSI?G9B3!w<0k?V9j=y!nREvEqrvJ1$pL<|!DwNrJ
znfd0;QU|BfGcs*e%`hfpQIB-!!ZL~PTJC91wDowpkmg#nDJ-igTF)Y|XYYujb5HC@
zG@KwopM0ZUeACzK<i^8p@ic@sE(=YT<K+Ck#73BABH%%l<@E<`6S)AWD}7=xQ$?)D
zJ60vJiloXv1@!Q(J0h~hKQH-qx>IhBz?33dErB(C@2h=gTXBW?9%VJewmeau^82OA
zj-Me13N5VL(*QyI$E$l*|NXxQ;0!`VNG=0UUZzU4%7Ww#sQ9x#?w>lL#E)!<JT;l+
z${z(AC7k9yCtVKL!;M8sPQa~|Z7}ON$E{5D7=<kxIOHD#Qa94#RFIgzQkR906X|P9
z(5u@WLVD(LeowGiF<uVmW#<8=p#&@=0m#<&d}}d7dy4C$#mpEf8Cr1;_T9$`@jVaV
zlt~_S*j*rCsy#|)Vge*Pu+WSQA}~%+e~AC=^PTSNC>*ZwmyjWWI$^OA{YH#B;>jiR
z8AA))YP(;FR5%r;M?`({e^%m$6g341ntF6k(y2w{L(gs>pq07^at-mUwyzzG3kekv
zQ!@OS;2B3t+}zJ0b2&Rv@R&LqBV1$`RoAL=OA)ah1^OuM=ZwX|b(Q&O{x;VMA1CcP
zJ9E?HIwMAJlQd+7rXuu|>LLzv(lB0VnX-n6C@L!DR1W$6C%Xj%4?Z{?K}7`NKoEl@
zg;;$^$mkwj&vrf2LDKjxmqMFXKf~5$D?KH>OF%}AcFhU|`W48}ic-Zo9aQjaOC8~l
z`#jxb*Q;Ms9XJK*$DLza=AMJbiuO;KS;tp4<2~ihpP)j`TteiDN@hZ6H)X;@mNIQx
zZ>0fYD<!{xW)d>W;|Qw%20mQ3-1e9~-%R{*Czw3vPFC8`P}a(ss!$o&uic8JYn+?T
zON4QFHBN$V^@j?zj6E%;C9V<hnu{^=k2v$nt;+4-du}5zBdIBVun0DKhv&&2-+spL
zFv|3D4vp{t7qkPYW`<2pF-JUA;H2`Nb5gF|%^_d?#!+mH_e}qjd6g3%2zdcGnmo2n
zpsvief<~X7Y}F>k{K@9%Cd~w!oR7FsMeaN@O0HVq_o{HKWkEgscR6b!y9#`aahswL
z2=3j^OVm1bDw0#zO=pelkQj2nii?Ug-zdnSzidgkTH56~f~Yq&DJUTNo%M2ofEQb(
zlRQqYYnrs?LoB=Bb5VMI`R_RH`f{;t!`0G9dBKmw<CqR;2w6fsHxD_&=SC;)KPtv_
zW^nW;D)t<9#;sGTs|5pHLUe0=T!LOQ)){cw6Uq?NINR%v<|lSmeQ)ZI8Qjq3Jj);c
zO0$V<3JTBOJk&lI9HMhFKY8bQFk;%=!@?{NKc(QKIr8+s2{bTHwRe~->bple{`Xo;
zv`^XFf9jr<GJ;?jtnZS3R#^@_9Z4QcI3V+}=5R!>80@!F*jtjKY#2q|mKmRz?WV&`
z*$@ZdHQ<qGSqzl&(qBVNj9AEho7y(v5cRExphz4Kq}|vXIp$?fqTink!644ABoKnq
zuI_kx=?D9Z#2%=ZCHDDNetkPahi2XxQ|3lup@&VA7<-ZTcjbx6Nou|~7LhhJgMH@h
zGbd4^<?Q3~^s1YzX6NbFYLWVrZru{tBnC4Q%hp|`YXf`FJ|at$)$$lyNOJ_gUOG?t
zS=O0!q+rqy?Uf;?Gz;9VWgHGAO9TrJp@u;}E~Y*fYTT-(X|Ff*t;BG9N|&Y)OLJI7
z_(RNgL)%eO=<x%ecKa|Z1a~m8bDS`Zum6pSN*Q?CXE)KEFILs2+i+Xt6;bL<Nl-f&
z@VI&C4PJik9~DkJkdrzo;ot0nDxC|;pf0_lI9u|RE%hoy4-CoEz&Q`_Ra?lGyeCK(
zZ#r%~rVe9@XFuj4cogQVqZ9i|(w-=qe<B4!hD|>w9~$Cv+uQK6Lsl{yBQT6->`Qm;
z?G-^tMBt&&dHxEtfZ6{fhD%FAPyQ9SRLrT-?xPc*FSEYP=V$~Hk(6d^B51lk=kJwR
zlS`%+-y$qNSIC7oA!IjPd;fuIE|K_vSjPMF&%-*0=UJk^bQe9Vhi`b*xgO8E-bLwM
zk0vajfG~qh7i*ORgWbd%nTflg*xSb?hc*cX&HX!jD<=8G@4s-;bZrsjpe?q8iIY<%
z;ydn=&CgZTYB&71XSOR97oKCJ2!5FF$|W!1cNgYW<1eIyvQIXGV3J08&TWejYQLhM
zUuCDyoaZk~r$W=kCEM2;B=R?f?&4$pEM5ARo(CF-1uw~LFI*extKE_zZNVy#$pQpR
zW)5F`OB?m3Mo9O{kc64!q$?HTQ5Nc0Y--+O9+n~JuUKD)T~Z`Cq($z%)}PRa8<~$I
z;G^yGmdO1;xuDxKO9}ToU*uEt$8h(g52o^iBo>as`G3Z&`g!K6Im}jdV*!qLcVS<k
zpUl|dX`eWq?@a{YC~X{_jfp&r?{`;JUt#F{0wNoQETlFVAZb}7uAyj`PW8}p%+719
zd${c|m8?LWI8zb_B)o)(jWP6o@c&V^)DWKSD5kmuDhS=Iv}}C|qj#>Z`c@qa|8+?~
z5d{m9X~eEWgS8#NKn4LfFQn?mC><M@AMH(ETVZguG6AEem|%@#e?cN{zTh2Kf8`a{
zHVAug+M+d7ZBwJ@uN)BZW@wOJeI6&<x?kc+34lW4#`muh;U8RaL89%+_aUg1pa>IX
z$}BXm8Sl$VxGMPzY?a)|3>%l}rC0T7aC;Gc_FrPo0hQVds@g>87F&K<ASwo@uODKp
zS&=3hdq+5B<H||%s2D7Ps-d3M2(`N2y6XaX?o&VZ>f*F}Pntx@Nj^gN-y<^5KZTHx
zFgWhz*nH4HnK&hwFr)Ei%1@0ufw-!@sE7>=P3ZDV*J6FMzp174eQ0Eya_OFZUw$^{
z>+`J4)$9p=#c8*QAhKY3!xAlU$-g+&uY(mhCX@{6A($yK8V#~h)MIx^83r3qPrK|p
zUNFWGr9x`0jR7*%>jA!T?GX%X+9GqXliZhZnDb=zB;*xRHHZ);G(K4w-%uEbG!G}b
zl(*aM%YBz<=~(cs2PQ@@H1&sXP~iH3#v3lFgiuvAWkmmI_}#<}nrT9Pi!1Pu+;-F@
zI`sTS(#c2aUW&P*oE+#OwR<;RQYE#O15$5y@YmhGlR_`O%V4Zt;kd{tWTm@qf8Owy
z^DsL5kdtFOpLxuIAQ@9u05!(Xu1=tPxLzVNe7iA*qApg*6&@Tn5q(oOjU-h6zV6ym
zeenL-YYK(g4j9W7bY>Q&apq{=xwl4jhOc9T9nHT!tdDFxf40)_^MjmSH!20lEXwOp
z^ikW@70;|aW<LJa3Tyy-9OiGdm}){hW8%nkX;Oi4kG|nKwlii+ONA<!_hE>h)(x&<
zspSc6fa=uo3!3mhnD)OYms71Qvcf_p3P6bBe3S)Kqd(dO``Q<OkQuD6G9b{S#S=$T
z+&!(Wg<l%qL#uGv#WxB|i0Bs@+I*(k<2<A1yE0#^#Nnq}9v|EpoD4e=_+3qO!Klll
zc>|*U@6M{f`REep7QAEcq1Y&0>!nu_3$EaqIWwysZKCWd$vL*G=}oCheL{*XHyF3=
z{a?gSYaLo5QP5Li`nxcB7l{RsS#e_-f{ViNwjaeJI%l%`A%1$_0nezCsHA4UO7}D}
zD!6V0<LI$U>$ES3i$dZ_H+3ey7^nFX!a3*ZWWOpI+*Y9pzIOW`BDSQ$3dFU?GhQcb
z;ieo_>q`NG0}JU1Ud#vQ%mj|sckdZ<8dA=#h#<lo1ItOUw?6}mG%M8fbj});tL|Iv
z$}$tKePzg9d<9n;Ng~S~q_Gb8lY%>Gud&j1(eN_|oSgYol{jB}%_&&L+A;Rhtp&Lq
z9*K~;cOX-&1)kpXDWnAhE#;5`u-QY>b1$R#t47u&Qb7K1sM1F_33f0O+?WKEi&YWH
z=F)`@xO{`dL(H>D^q!~K$l@8A`8rGmj-l;+lGl8_)fEJe5Rv>=K2bvjEbxAtx7A~>
zq>Ncf2ak$DX~1Tn(aw|4!rk^awl6xqTv_?LR$s0tuitu^69zh@sb7!79n3_Tyg9Vg
z6>$Z<#~{$%M3E}BU_GevcvDlBa;gqbt*@0&`Dpf{*UTNy>-+XU5WaiXTDWRKK9GD;
zc=2S`>OYj1(dTu=>l@+l(Fr>cH5;FQ@&-6E*!h2Wu`DR`4{}NvsTSwelhFI2ZS<K-
z_QrEMhr##YyBKz5QNE!6vzia(cq1Ck_I#IjcYmqpdUhONlowtIvzWTLPG%vK*7)Qj
zBHg+`k7BJ<;0PcQcuPz_7_3z3_%HZ;tX@mH71fao^DrXzdkr0mC35VOmCah#P;A1L
zLQG_YLW9XI1F}>lWRVo7=Ci2=<f|PObXh^VQAOKGrET>;@h`UmtB3$Q_5}2h7vha@
z7@-yU31HIFx$`z#G98U|-{x4T$)LN$SwBb3eFi1NHbz=bZBPU6j8l++(D*jdZ9m9!
zpC#<n5iR-!|4{k$aY}V?G!6Bbf`C10v@gx9oJh{IH9yh0MjX<XaT5kjWhk@2s?1GY
zOTIFc!j4Emw;B@l4K>vMb0w)^joV7BcJj3)5B~sazNbZ8`<By27-pC_PEj)q7D4Hp
z(lS;UO!U%=5EmVbBEfB`?y~)Y5o|Za$#E(+zmuo)BPX9o^%%nyu{L%j-gS69IPY-=
z3mf7dJ6r)Gh0e$skUrIM5N~*+slgyZ^*MPE4sXqIwA9loUgY7GjIJ4H93WGzZiP{N
z5yhk4ID#5I(>5L*b$SzqZ9e2y4eXv<ik^TwR{^e`p(it;I*SkglSjzbt|-CSfX;>-
zSth)#s}iUdr5bld`Yo>amjw+LY<a<U&KiW#q#Lpy=W6otLa^O;wv9nSR%-ze7?)Qs
zHSn0E5F7}BNe9bINe$qSh+GK14T!vdgT*D*3j59wA4Uf+eM7^JIiSn~3|g5uaft7l
zsu{4hyW?hnTSy(+chwmkDP(0wYhYNzmDhJ6C8@gawY(JKocJq|xStR~L}>4C<?Ob)
zW9q1A8Q?&f`W8BS=y$}CI^<G;ewWySEgXphe*GFoPpC*{X&?FoX{dtdsIF$A7s9qw
z<m!@Jox81|;H4CwrxlZNzDj7}U<a{M9#<*@_z+X1c`bK<U8!_HqXIHAPL0jxxto}w
z4S&x<bDF_G0=*nq<h9P-G@Akx4rcyomP5|0BFa}tgCTT5&^cU5Wfn5cMMs9%NL!_H
z*xK3Nh2E*SH^8w!xu<VT#|t($Qs~xqet}ky*{m_Uo@VoDBG6e;ja)M)6Yjp%jiRo0
zEIE)*8jz2}{Zv25%T>8?YBAFp-eC#!1(P6MBZf87Z_xlhZ`MrDOJ$k%)5p$ECB+c6
zz_7r)_VQ~VdXmfmQ^_Su96wuT_wI?m@kb^`F2iPt*Xrf_mMKaV-*0Y|EwJ2Mz3|J(
zcD;REM9!y;PaQ*D23$*$=V~p+q^Y>E2xTH{;ZAl6o3kWl2BM*+KFg9EJM+6ylc7WB
zI_uzlzl-80So)AIDx+@?rIIS)_WD?+zZPvaB&35QBk1f}ej(6=3;C>0?;APjYMEZY
zOz4sm;(dvwFB7bl<k%nuO0{`pihboY7qFwH3_tsVc}tUD%ki={9~tXhrO?vkY;Z*5
zQTJz?GMOC{Hx*^);mon}%=So;MB^hFFG|9&a~aKvia1}b*6`Etc`_(Q3h0%OZzA6s
z3)!n(1%8WoH7E^E$qPf5HTVTeT~G#=RxKQpEX%(9)Pwc|B5JgMX)kzv=8qfy1<4FM
z&79!zkKNzyMTM_ZhqF8rq=m=FH1KMSrMyTBV7>48E7z#w%cI{S9w|@Gp-)ow_a3qD
zY23)Q%JO>M2E*0>=kDRyonnF4EqsL%l;sIq&Z;ik<0{4?ciqb9Zm4F&%tGBZ0^?ig
z$!cyhPdMy6`ZU^r8yN;VD-sNW)KEsq!n<8A(&7B~=_+f7w2l9%8+f>T8#ZoTut0`}
zv<_WfpL(EToq@|p&rq)c!DqMcHsW-3Bsg_Pt_ODzqly|@x~Z8cd&x$eRrZdXq=VV{
zYq3n0Ep)B%%vPvAD#>!TY~PDa5e;?BelqK$7_Lb=_$Gl*n8{W{Hb`<KK#qcE1}S%e
z1QYaBiqQk*;Qi*EpeR-Ih>H}abFCI6(NWwU&gErLo}PSK(zU)(>35I7)$8yG@tj;h
zqKDlhaU+`(C0ZE~co4+^nu(al^)f^{Z?P^eE1n2K*|kreYiT8E|K!jHg6Kuwc+4@l
zpwN*OmecY#cvv)uk$Eko+H*ZblihsobyI`pn_k}t&Im_>S(Zqj4v3BNqoPRGFdR4c
z_C+QGjb<S^06){*@mGL{&IqMkd1Z#ew=zVJ8=2e+2ZE_85sT@Qhcl%-CB(Kpx?IHx
zj7Tz3lX*hciy<8ZvAS+!oHGMb?%twy)CC*Ep@af|j9;ihYB1VO8T%=k>N@Gf`p%ko
zi9)UBpF6ebs|*SOrOKN72t0O?0@*owk=doTRCm+ad8jCA`)!QsQ#2*bQ1eQ*Uqq__
zzej9eO6i-~zlaeUZ8BB+2z+YXnJ!P^ajj2AuP^_1Fx<&Cwbr3AbE(aiRD&A_xa`ZP
z7SkN|deA;mQFO%~Zk|PEHs*@Q-|gKHDp>^TGUC>)4t+9@RG7lkhbvH9ha6xNF|6m%
ze#aLRo#f@Mw!WkNhWBX$W6}y^%KEuKs5t(jeADc3V%r%g@&eGf@ghb{OEnKSk&)K2
zhi!4I9A=DPd+HKqA+9&|y33lbQ^dS_kY+xCW&RQ88kMo!uus^Z+Oef#j0pQ#oPa?3
z%O0!R@OzWUdrRM=(e)?3pn4IQxR<|ys)Xzo`ku;bU(@=qDHo0Low|#6x1B$sGJgsU
zu``^OAcNEYgB0Ckojx*|OeKm?R@*G_5~t{2$zJ*XJD9JaC5D#;?R=!vA@Olk=!YZ8
zo<JNmh>x)PowmoX{t4~NShJ>-H`Tc0$tp+gOT~Xwv(g>jG?Kx>9loF$#H7}dl;4>D
ztsWC0YMdd=v#RQSbQO1B)!LjM7XMlH5sVxhgSO=qBsIy86vojji<hDeoG*?{goTQX
zjkU*EHyQpf)}?;hbqLUm(4s@Lzj9f_<`>LjICGCDVsOyJ&xVse(h7t8i${@?)KWU3
z3k1)ca53y)^1&pE^>wxfQOYs4vP%Sn>x0Mxk~Hm-{ny`x1d6F+56biQ9jA$TFpCtH
z0AKUc%O#cxZPCz2yjU7K!3>I3&B(A*R0UM(C1yV=a{7&?k=cmj*m<W;GW3HUPM(c9
z5=gur9Ap04M$L21;&3)=T!XUpK`LB#aX|A=;vs44=$^69+nG6)aYRT|pfX)T3N^#g
zGdWd7g*hI~aR%wpe>a4Qr}0Q2piM167-4V2o3-5EA3$0u@eZpOfA<luK;UUs@dW+~
zbp;luNWbwPPx!!#QYE+d^{)w7^@;_K5^7Zy7t+;7FCUK&JyEBi!Bbn_I)T1vYEfH|
zI3ofYgY9_gb{3pRWsjCN#U$Q79zo;Ka6~G$LN_6OPS{O1fK0gErfA`k-7R(wJHgZ!
zeM=_Pdw_I3nEfh^)ToQU5KWi2q9be~8pQH<qj!%LR!BA<>8Je|h%V?_Onaz#cc}va
z<LM==8Dd=1BmETmn(dqxR-T>Ocj>39kR&D!1BtoE5D`v$H}QP}@Zd0)jVu#zL&<!A
zp924GsIm}b-08)z8sL*6S4>9t@FGxrrYqo(U$PnTtumuE6ZP<>=JLGJ@fe;PgqP{1
zAWLu&Eyx8ticjgG0xIxu{AsuZ3u7|Qqqr7d<~ri%#ZQ`A>YQe(6+^W;<Q(RY{5Gw&
zPrg-0aiTar7h7)vc#zgN`{q{8$T2CcMmFk`S`sE<^q<9OLFXzmsbJ#+zy!+DrrfW=
zC|tXo-TbaT8dg;5Cof>tp^StDU{Wi~qAGcn4;3kIe~y>o7h_*XC&qNILe`~^OlLN+
zAN-QR`NIv%7+hJN)|t{2x6>?eDZON`Hth?ex{nY@o+4M+uCpZfUr}qr>bA!bKY-fp
zgdq+*>-&q=nSk9%65T%UXgCmO4S9lJs+SfxN)*U5S;!lojXP2ptkJDvR7k-xg80{N
zPhTxvr2HBEeZ5?+Q*X1OVVy7>{a%lHs9Immx=oJcNi?p(%bLKlJeOZt{~0UqT)IC5
zXxhZ|geLx*Z#(ISX~_snbH30#bi>Nl!dZENg{V=@AZ>sXgBxq`PtfZUgb^kXR&+Tu
zPGzL)?5fqJN!Nwo3Q3;Xg4JcoZwGqVzL9T3cBRqUWuVQ7>fUJR@1=0l!tps^15|l0
z|8fVca1&`Eux`rSrv-jD4KeGIHFUmRk^F<kSUYTP_BG)3IyGL(Cjh62Yp3<(79_K2
zqd6C){->BJBG5c>)%@HFDI0nmnSnUOxDYXD)ZMfd-FO<sb;CWr%chwDb%}=r<!(e`
zw37(V(E5+YTphm!qYPM<0>q(sW5Vdh5lSS6r&(El^W=#N?+koTzOK~KL>%=+LwLZ4
zaAvV=hBe=X>8qi(?uyjI7x^MpOO(GCnh#rmAF4T&vhbmT{EB~Ywc$jaIg(*}tx>YZ
z^D;@xTKC0HAweLTv7s>VB@*G#B58R}6NEF4p|P#;t0y%_gcKW<wl-{N{{cN<K%3Fy
z$q$ccVBLJAIHmJlvrarRt+M*9;TEU0OF%$Z|B5i3E}?FF`qBq3F5o$JCawh@^=zwX
ze^M(E*lo)Q?bR_<`7LR-LIK=INST3Xj#>-ph67coBX$Xhw^M+?D06UD`J~Vtoji$A
z=IzHImp7B?Y$Rsbuof_uZI999V}?y4;Fy?W`?PdQ97s%w1s`Od0s(Z#-++@0V&m_z
zF2PBaSbjuRGgS^+-rI3Ze_lqne5`$ET2=FH5bA-rq+DNAWl3SAYg2Fa7Je7^u;Ffa
z{M@mu-cTI+LJcAmrKc)MixVe3jgrKN@|&Q{$@!1nT?CehUSx&qzet2!mPXR!Aa>2_
zG>zzEr??A+`pu))a;a=I0gi6HXa?nBRiRlrv&T9Yv4>O%Bbr5}VIV&;?~%^6XMDE%
zH1gJIe&X=^v5w)^{=1`N{T!KLe`7zcw~XqU8L+wX$vV5db0s=DiggQ$h`+48vzi^5
zrX_!i=_jFmboECv7v$?Ox3DCpt8o>Dsr=PYGtL?bY?FosK=~%&Vz<x&#Dra~mfLYe
zUi-Pxx`&?>u*OGT?WtJfcwO8wzztJH5a{5Z&+MnO4UMG<CZ&)E78cxrfq{TP06+o2
z0Kfqt03ZRN0H6V20AK;&0N?=-01yF?0FVJt08jzY0MG$205Act0I&gY0B`~D0Pq0_
z00;qy0Ehud07wDI0LTF-04M?e08jx?1JD4_0?+}_126zE0x$tE1F!(F0<ZzF18@Lv
z0&oFv1MmRw0`LLw0|)>J0tf*J1Bd{K0*C>K14sZ!0!RT!1IPf#0>}Z#11JC}0w@6}
z1E>I~0;mC~184wf0%!qf1Ly$g0_Xwg0~i1p0vG`p1DF7q0+<1q16Tl90$2f91K0rA
z0@wlA12_OU0yqIU1GoUV0=NTw|Nj1Z0KT38UI5+zJ^;P|egOUe0RVvjU|t=(K;9_u
zn7AEeP1zWo0a%=$QoD<idw<sw+7pWxK>hVzXV^B1?J)(|%pS5W)|hAOYZ89C{bQGo
zBL1jHf$@I_xUmPUluWTQ_PU{x5o`*f&r(dMU<OKaxL$4i4Nv+>oAI%_P>=mI37f+m
zN4S1wXJP!x4Iz&rg@sSU@nP(!COJ3}9bYD2qsD5J;g%WDP}bskiY0BW&{cfQRwaRU
zo!Rx-8_G=VERmwJg6=P*$je-N!xHq2a8DA7p<GKEmZrnJRi43IDc-`ho}1B-jr|zy
zlPusY4Q~py|91O;!+52Qo(X4ccQ^^?*bzR(PsCEg$gMIl)v8x<_pKd8`C6D^iV#mj
zm9)H){{XjhRUi}aTr(zfV|{cu?J$6=pk9I7|B>{)yEn8Ue1vh}Ti0HHL%Pv0RqDAR
z8QCpWJ91@K)^>SspL{$HQ85V7GB)&_wrM5@JFatFje;&pjO|O<s>nhi9>zdL6lIVY
zqmtKKdm~&aprEdG#9^~Y84cD>s`HyV>-r6#xL7-NJB(x=k$MiN{Uf`Qt9&C6eM0d^
zZ2(*Hzj*c8OVs}Ry`Iy*h&xPmT)QA|PNI7TF@)B{XXvub$vbS$RQTuB$dBC}<;_D;
z9qOVt?#_kSNM#nXHUZ);b>Bo`J*_GKJ=#vi^kxJHlWvhuMWzlCrT%+Hnr9T_o`h%&
z{W#R<Zcn`l(ww%ONwJd>55%(0{;}Ar4TP#}hR+DXi0FH~^Rq-T%C|os$tz<=F0TSY
z?xoa+?cHG3oYr79^Cb_56=a9)7q%NrS|7bAI&ygN9}|0+>w7vw3rMO-*stJTs3}e^
z%-B+<VJgv4!*{?-Jj}V-o``8(4oB!h7vxRFk;A!k_-}cM*#m{AscVvcz1w7q5M4%E
z>wb<%fO#l?)t5Wg=<=v2jj?TjUem++Ote*+Evp1;@?ttGd-3S7scECaDL6zoL@hM6
z$L@6w<PD?yHnE?{$V<^8OjfHTRDm8Vk9R8>N1-+BK|_8Uk{*Tm+GtvethCyO59Vi2
z@!>=!FW{z?_I!1X(`BWdc~yaDO|`&R*I*f1d7h4ruB{0(q9V1(tILB#{=$<q?Fbmu
zqW5{Kw&qj{WT(`Lo`ng^n1`p1b8kmS?A8PL0d9#ubIqOFUdr^J2_Hl2jI|f7h5GTN
z3DeqqGO;)X54e}o<IKt0;xAggk@FVf!;EO*e6KBuD>mNy=^i!z>u1gPZ{NAXMSyZO
z5^rxJLhmiAnR~u=jt-s=4BTE6I2JpCkj$IrXx|la5#3ImEN2mM+A`(}&`huOIen#n
ztPlS(bYV;Ndf~X=KGfsl3)Lqr7FIGv`E0ztoF38IYt^qAz2Lp8<l1CO@=pJMKug3E
zE()f%23-l@iJ=DQ!F}W}N%@pcZ!4Czp!r!Z8Cx{ioF#KvOE(!WY2NaC0rvYlZ$M{k
zS(jG_bJ2LD__Ycww8u)!E@MWu*6MbId9A}06ck19(3>};I@*DDV;3_+v92l&b|wQy
zImfCFBZ6##_rkygtQz@Ry*0KW;}UWqYU$JKS9!G|?t4DxG;whlda}`5FCP5zX)|K(
z93<{ofq6YN0iki{J3*q#snYdcmT*PTOR2P9mXkTsUVIy2T{VZh;d^u)kbm*7Ft770
zFMGX@Z-Y3}HNI1y54zz!^f*7O133;6R))_188e!}Uujul+9}~4R$C`3Yqo-LE65<m
zF7ownShmy22i8(pPnc1uzLEZN=ZUT#fYG1367KR?V|B~URA`#?fPXt9A)-!XhO8NB
zQGR#}HOek;gb<b1E21logoD;QNg;NogQK*&k`nb(VdT&0kE+W?H9p~P=Wse1f6wVp
zE;4e6e{Ctb3B1%K-21-z9YZo}1o8N3GFLK!C}{1AjUaAW6Zm`)hEd3+bRha*uN6LT
zDNQM?ekS?Y4E0|1dX1ja;j&d>v8xDzyUEs)&^FW_mCQh_!JF8k6j72EC!N54(m>f2
zZdCkoA)ryqLtIAwa(J~|5)?=^pw)Z)0X5x__nb}2XiW88tb?HfV`QA5lxydQNCZml
z>Hs5x6AII(V*gKv2>sMi^l8mUUITt@@hS2$A-DP@x&|aNXT&K0J;W+b`>CjNQQGCH
zB7NC^$|JN&$QUdhWIQE9c<~oZ?|b?e+~ZcjYDI02{qrwM4+3jyquQDsrx4V5Fg|}?
znf!>2aw~L?CI}2fT1vR(^tft8>-kMFodEP*{^LFB-}qHxv?Tej`fOhh?D-{Vx+yWE
zl}j~<FU}`bX6to3nmS6*-fnXS3EudvY43Dqp#!@ylUx#3lL3{k3J6(YSlH?ed#JCa
z#SShQZWSD*vAMts6<DKrTG=TeD!(YNCxYSpxfMdAh&QX?r^)8ej>)T9&Ko$;QF;MF
zaL-Uw`ONqkV`IGkUihGP<R~4Wtzi$?CFKQs#cd+;J2?VRM^z6e1ms$-b6o2GESvc8
z0ogUSap<oeASty>lDE9idjmnRr53@qfZ&<ba)0c?am$kNdVs@XZL_g?@uUTm%9P_(
zl&TJn<^M?#`aYM2JDxYBdBUWw`oxL_i(F!{34dWA+|x~9OtDbNDQj=$DGZa(AYeB9
zGDdM!&Xm`IkT~l)Z=n4PL$RHu{#C_p!oc26934&B6tKvfh$mUfrywkng{C(NCFIY8
zq=@}cxCJraY0CQGq%JevG$B~sk*O4UCuT?zoLky+)^xOCI_0Hez8-eAw~Jku>rdW0
zqJaRx(TidS<bqpYTqtenJO}F{vE{3-N#J7^jY7teGWmt#&gYF?8`OZ5UBiw@a>%d+
zt*lVNQ}wg>F5i1MsvM`CuM$j**8Q}`@N!l<WAdMwc-+)$ukb%cH>EfV@qT?ik!M^p
z)`d%%7f>^HkMRJ{XcAS%o_ONfMksh@=r;*G)`x&fY?KZtjySUrPw<0an$?>b_`9Fm
z_W=1zYIqT_b&?U^A?>WF<rVrp7KAC96!IhiR2Y|%f09Jbzw@AAsdBIp_ZE#!SNZ0G
z{?va4Cj}Jhzq~E=JaDUDmOZ&h+9fj;8Msgr&KYJA7zp3oF;T14L1yzh-Stnw)cF5O
zByWS+dt_ufd~aJN=sl-Z=aXb!v{WRFOv@z>%+gztuHkmE#lU%c&rf2AnNq)s#gB(!
z125r*al8f3@eB$3n`bYxlQ6TPuB+*_YsWhuC6Q4Bm3Im_udtyn|C7tPjpIv~oct(l
zVo3H@OIWobL`YVe^UTiMem!3)cO9uzU)&e<RyK^^;c?igOe`MkQ+9l`Dr=#`uaXR)
z(z*Fla~=&$nohz0D5z7{K#5-)7LbaRaN0WwqD|2h#Um-R?&dW<OgLo9!%w!}NspG_
z^YW#nG0l_EArogXuHfS>DymIk5pQQd=&Fr5SKIG@(!X-6)>GvSf&f2nWT+ce!&d!S
z*La-+L%!*4*!t)3-eANPAC3xHYyw{~HR+xZy^T2!|B`Ttde#!-)cz)f)6Vh8kHZab
z?Pf>{XX%X}GpXrxuV2z!lj7qggrIGJ02*6ZS}Eq<hc9Ty_xgiJZSQ^dSK(_axVfXe
zUE8@wuA!+Dbj`Q_xlza(9G9@U%BC(y442e6F80q2mGl8_Ky*hGB@+#36ApZ{jz81k
z5BQKpgK02MLSbYEo}ZUtvt;2@!cu73V43IzJm1-mMJjH?R~Y;*sPPph>bDs_zCmm_
zvvQ5d`th|p)C#7e_1tL}4|ya78J^73?K!3bmD?uiZ`ae=TAEn8OsB}P86y-&KA!5j
z#c+or<br3XBWkh|Sd5!G8H~NT<*QSMmYEt``Tcih54clfuz9)%)W#AK_JJ0kQC3%C
zvUb(=`+_!4p(X@n-Dv*1Z2<dIfi6V@zYF_g5-82+(r@;TNtyCji5hi84u?e9t8ox)
zO3>FxM4z=8rWS$lhwYgOx0jJ}!KF<@(NvOC<n^1bcC;65c9YLGI2h{SR{m?zQaIkz
zKL{vKp4k0AW*XfQ$raW+(>94W5g;*=Za`uLXjXR;84Bppy7uZEqn=th8=MaZP+$S*
zu!v282dmN{^qdjj?GJJbzY8_~F-7^CeZ#6-Sw)buE3#t1BW8)!GB&a7zcfR}psu86
z7v;n{$fl+y1u~$Yc`oV2``bP%+Et$loquU*SYs?@YZ+`N1*5_%H4rad2V-RS4Lt1#
zU@mP?^I0wkRFqJ%#v9v#E#2F6LuU2lY42jpop2UkZw2?^;0(|aGXIPZ8z&7$LGbb?
z+Shiam9@?@XqQ3@aFcf^vWbr6ZxN9rf4&V^@KCW~rQE@;*r*-<Dw;fd1L>Wl8ZQwl
zZf^7GVbNKyU39+UcMjY(p_dDf{`wsHOuwmvl5*d#ybQ?lR}~uZhVnOqS<c#$TS4Xy
zLyHStu!j;i5=F~hw12s&$UL{LbuQmy9dZ!87wpqT{!_t3<#wP?BHikRd>x2<nFlXo
zN|Dgwlg}a%I!8>A{m&!<V)3O;8*2d1N*W$J?6Y(TGCdddrK)<qP~;zM(H@I#gKaNK
z+4>(=!)BDtFCj>nLT-yivTchrfp>e;wPC<o19@)DlkKGr3YKlvV5Dr)2@<uTo%CKN
zc)RcK?^NEEW{){)7XuE>y>`A=->Um*^$)crM=ZN@34&y`c(xxyzf+vZt&>g6Pqc>%
zVR4&3LJ!wpf!+3JLohCX-Fk<P^Pn2!sNqbVSP^Ngtiv(?iXMV>jTVSEJ78P;{!%r#
zXC*6A(c8iqZ}l#C@I%tN#cAhMqmS=;>kma&3$bU|nQai`(h}&%{0<$7L2UOZvw*6W
z_&(GOX%uZ#(NOB7AGe9R1XL0zV_;9c{}j3QZ84*tFy4SIt4m)R{rzjqI|MRc#~i93
zy|SFkfQEUp?zb5hB1REd(aD=NOLc(ahUd3tvBH^#O%+5=r<e4hZrKJ^sEcVgo%)o~
zVm|QGh{;uU2PHLb-9<Zlfg`6Nepuuk(0Px&^WR(7(P1|b*^I&Uqgki^Ujk#hNMi~M
zF%TXl5VH#n=9Pf3>3&yqbL3$=eogbR`{(y!@yOA9)Qhnv_N9IP-$WjyJn{@!L$P%n
z162as?%}%+Y=(RPa;(tINLQsucoIw56;2eOI;|}K|7@-k*8jsd$OU>!DZ?piv06Qe
zWRVWGn8;4ApKjOYR`&y8$lt!W(}wrX-C;CpS<zf+1hcZ&wf#FLx8IY{8Ne|f$Cgs)
z0aOZ3%i&-p>BmZa`UFEVnIMKQQ37uL(TODTbyvbTjc;22v8g9;S0Y>V>cP11V}UJ|
zL=7CSq_DtMpuL3_Wf1cKW0^|*QT^|8A@w-n$9m-^*agHv`Qm-D_WdPQ<;KM0{Fn@r
zd^W#2VP)ZqA?KO(S_#yC1LAbFFBXTo*Wb4diz*m6=&$LYZdO|{$BjJf24v<W@Cdgn
zts(K%WZDVnS|z`6IlZMC^S2f{SpII4`6Lo8FwKfOM4>Rxi}(pCqBEKuazQW|Z96HG
zlkgMc87Pup`zC#IO0erk6~l!Eo$P*A^=mAmy<d_)>Sy@Z4!bYm`h=VGVV@QYOK0fT
zhr6Q@1$>Mc732yQv#MKtJwvML6G??MEIH`Ru{sB;thjn_Q3BNKxgP^p!H1Ha^>YU4
zXuV+D<L`WSioNnDi0fJnr;~Hl?W}Z0AjX8^#hB*E6OvN}(hF3T1Y3WZ<|(!^pWMNh
z>eYtTm`MCxHVnFlp)FClTPlP$QDyITR@A|!uSAtJAv&OdlLyS3zY}1}#Ck}_sL+ki
z|M{?pss`qe$yH6ihgdP{ew7|2VN>A;fW~r!-Kl$5K4cl+{ZfhsecAbz6M=AMK{^gc
z<1E~=<y{La<|40EM6VTq^D?kEuY2?tBlL1*=`T?Euf!VtbU7E-dx+ZYV0$uu*@UVo
zI`#gf2_s%%055iSHFkprcd9B9E`Xq1Ge0fot~s|HIp)^Vd;>QKDy>kwA=rg!Ll@h;
z3#d_A&xY02Af7pIAXK|-hs#(jz2;j`(w*kv0Bb`VE6&mOQu~g{Jds+rr0SnLP*WrD
zOX<oeRJFXs@O~dFG6%=jKc2mJPm3AFn$gVQXla<-B{O~(@_oDV%Jndh;XfGoHvH=Z
z%!NIUb*<O`&X<P19JL7HN`T7UQX{Y3H<>Fcp{te1zY1U0FBK&)Xoo$ZBLt;XzACND
zxqM&zL^)jEKLF+k%E=A|fYy>#{O>zaN{1_H=3$O}bW0<mjjBxmZPr7H&Qq5)sqv_q
zo&3>9W135UfqY57vq8(s4uqO=i?a-k17hOEUGz-eZ>#0?R%n98HuN>i@?>Hj)s7Ih
zqE=<o3P)u}y>|J)9V5ogz(YpuxVeEVXNj~MD!Kf}o#)1))Y33`IReeQqJw~`q;ZcX
zRxi91RjHpixM>hjx(+E}N3i9~d#3#MEW%TsPzss_`~EQo%B8#Y`6-X&C6`6L&zw_2
z<dDtZ_$8nK)r5{D8z@T${N4$&Z{OYC1%>jef`dvzc)Wt<rkZhCDzcCQ_GU}kHp8%B
z-x;(H>zD;Ac=3r#^HD^*obj1*x(r&vXMA4fd=e}tdu@?E3`*XSYpoiSB*i9kezc-0
z!8N=Sjx#vrh8$-Qk=#E5M_fpfyN#sFV>y3gE7sQq^@1^K#bPpfP9Jd7^K#YyXO=+F
zhknYI7ZR59ll`r05VhDpN9$NyTte~gO5Oat<Z~N=B=O56>4|Mx6=m?+AvI$;$)mNU
zHeGmk>o1DJF4};zarTj#+KfI2&I+XRek&aeKaDi>AJLmBGfLTGd>Pk3Bo~Q67e&R9
z1v!$|^c+e_8)Wr=JO5sV{}L4X4&>8v_+kvFPywN<s(JWarg&P5oMB0DB6YK-LX=ne
z&0bUO?-YgFOpjo6R+L^`aq#9cEuUcKnZ6ykG4BAimRsE*56Au!jxATp#%8022d=@k
z71=uC4@UYawEyF>KK!4xxPnZ0S`G;^rP_!q`SqV?(2J>F1cR1F-<!k&@}<-vf3&6!
zrRLmU!4%%ZwfScRUi<36YaKtlOP=YkcfK-QUmRODG4n5QjLj9Ie@N5CI;60iLZs0+
zO?h)@bkKAc0=5xq=`S!7`nMk$96V*wO&)SnzkS=Pq3V49)F&#8j>p(QQ5p>^yDyl?
z^b{CY>!?#@sScEboQwQ~YXfX9^5E#h$5EZABHHrh>1?2+B#&F}YDoC@Q{jN8`CvbN
z_mSAlQgRBe%Ny@)+D4$xojs6X-cmA|NOM@lhYFawRWYP9+y(h^=;uAe1I2J#V@PH(
z#YwEs)HF+7!op%l9=rsFh%f6Er7=RJk>S}*IB9Ut=mo8j1)ThUV24W!hVQ<~=+&A&
zW1jS3%pqAhIJdK(505)%D7AMbJ{f4sLLO!w`q7tkZt|VZ5<|6YDUR#FhA8a_(DvR;
zkuGeU5$6jkU~z4<`iKB&z1?5}o5?@$P56|N{`TLCI9mKVP^+6|7z!?zF*Z^)@98cH
zpIgOw(x6ewO~y2S{oMv6$ti&mc1l<>l1i5Eq*#*@C=H%vq%NV`9i=~ky-+GrBni@D
z*N<@{23uEbaq}4C%SHmh9IuQ>E5P0`onU0Kg`i+PMPZu3su0Qn%mifM9F3u(wX!+f
zR0&um9BHR?1kM3log;m|6w;zl+qvX%UY2&6`YM%-x>y!;r&o4>xxqlIJ<xC_qh#j&
zG0`>y+e6~Y{LalfSpM9_t=-x@jXKjl*AOo}<20o&UrJ?>b?FqFSAMNY><QJ7j}fHa
z`Jj3UiERazngFb#A}4oT*dFDX6~}tM4oM0-<NXD`6;1OvC$e7asr@r3l7S+b3ku$j
zcoxTq&|A7u=C@<#1L3fmgBFbn#er1yg7V0j_U)0^!o6v-Xk(!N@UneEx%f?kQM9<O
z%k{Xh&8uD<ey_|QDqmi2XG$S&*GrZ)tn~+tTscU7leFwtl+w^-oSSCdTwyG{4BM!r
z2o9sa_|dy^ogIfT`3Mz$is5yVV&9vSEzeyt(r(_p4VcT0O&V3C3PmeKs0OU|At4=O
z=J=tTzeAJ7k<Rw$pLNMan?%-v!=2fdum8x1Ivo&21J>sLM_NkW3<4aI7lc#_Od&~J
z++Z73e%BDf>0A>)>ZVO)!-UN$iX;^^1DxFC&(RkzA0fPutltST5~laWb9Pi67BIaW
zn!{TzyB$kpCs?F{=)ihd0HRVe_DPOnJE-Fd!ivsd?HNI$Xsf%RC8+C!I+XGWZf1FA
z0>Zpu``0{Qpg={vQDZGn-;*Mz*IydR&DyC^jT>uI3tzDNow2H4#ug2asBK^wjS%7=
z(RC-@nST0{4)2^LeQeUV7FAu6uuDi-v6bbM;@;$|dHvpcsFVG4L(F92_(ej+CXiWC
zE^!12;t^e5q3`_D6))=|?cN;J-pUGH5Ft~!24hbv?qq`yZGg7nTX4MXAiXMI`Ac4r
z9)@7!PB_#SZ86(RIU2NI#m%3DHsy2;M`P6!9l6T0Np&pbAwhf@N%#d4adBw&m-rO%
z(|MCK6Vjz2ouwXSK0NC;_W`q21BPA}1d*Nh!+HJsPIUBK$4e#Yxp4SP8^NG^3tn16
zzK0=?Ehu`bf2|=FUqB;>pO7<j8V(Vwj1y#P^@UI1lo*y?k0eWM@J-`f>uq{T!yp&R
z!s~fUAcVw4I3+!2qojHzqz+;MYpJP}-l(Fz5BF8%^X5O@aGJf%r<a+&qUcV!sa^BV
ze4J6oF=peozpowTIv=Q^3&pSLW?LIk_IhQQql?!FsBPJN-J<dCH$loi`4lm^>jfxg
z#1OXvCvSTH>G~jl8g+l4zqE9im3X1hKiEj{xWWCwK~3?BtwuNP9@-6855q-nYR$tL
z(l|yfq?(!=pK8MXFh1ymoI;j4scX5Rz!smldP>RJi=Rhv`G}k6j5awopE5;~yOKLr
z<90GwsQa_u4aL}-+>iHiN_sLp^{uHE^c~_A!Vza6C~t}kRO{j~XJus<TAH)XwNOQR
zun5D#cqmNogHu?mq^o&IKeQ&}%s#|q95`fqM?OI3NPJuK-P^W%n9=%YdXUB}oz9e+
zD9XW9R>f?{rSDEu!FJI6eFP1*u@AL@;Dlb<FYZcv`y4}W`&7mBLUjN5%SEB(Di8c;
zW6DTp`BKn=h58Tg7e0^Qm(IhNc=5#Y?wmSy{s9eVXxbk^x-d38?@Y1NH%L@OUv#rG
zS<w;_N)?ovm8wEkv|HI|Am`vc=C0k+(BT~|4R)os+HM3~><84b-$<i638eT5BZm0j
z+ho*-x1PAAz*8A%f8>~z!s3D8a@w8$g!l-;BO4jf@%~D?2cNj8z|Z?$!np6|3#Npt
zI`8G`8vGjL$DUHs7E8T%EvU-*)X^)2dA2i%GqC6_<9M$bG8BW*Nfd#>Z%F^9ej&yB
zx@07aaFxLLO7CjNBrj4fdx60`;MP@;@W1Fdw&sE(%uK2ld};b&-DSDYCRdm!J=F&{
zV?D9h3KOX`=Erpp{!^DP?^a_f*xERnH`?o|$b<L%>Ig$9Ap0LLK+wPUhU`<>Mr$}+
zagG!iVena9UbNJxFdI4#MFWp>J6BWX_-OOQWB$ca&T<e31$u6^O2cS349k39H>@Zp
zkGjzA2Nxp+$1*n}imMr6mJ%#1-1T}frv#onsG#WqZ{+OMlO&{Kc7Mg~Ti-HNZWuSb
zjh2}Ew=^nkO^vZ=x--fd|LP6i4IiUfc6J7ipBfA^CI1uRIaS)Ptog`{WJw8}8yNxM
zKRoL&2<W!MdMMU8r6ACMc^ZL3+#5>|f}+Wz9N5S)x!no(sl|#K8A$I23M}t6EjR$l
zBt1YVnou6Psa3)!b}*%U$}37|_>^KMK2iGOlWjIuPX%`+*+=Z<*dXumA&7S2i!)0B
zEzZa!u*UvN$^P7ZLa<`(mDEIx96)v~>9gudq+`+bYdy0fZqV{p%>P2|#}3H$EJ(?+
zV3{Grn+J7z0hR+4AUPk_Zxyadv&Z0rImn++vg@Mx>Lv{#G6n~qfGI}SOwU8&K<kc?
zbu0h@@M&cd`t1-@tS5{DSCh>0F|L$Rrtb^iUdClAT{k!1+e4&hq@F!mO+T|AX>(eP
zVM`i+AtdaAif6qZHXAx)2y$1P(_U1SfHR;D)Xs(ao#kS>LFEVeG5~i=Fq)_aPY)3a
zdQi{C%|++_WAmkJhcSY)tI2w}D~99*6My`kc0ws+(YrzAL1f>h*16qr6-Z{c(}X-0
zLGIW*>B?^|9Vv(FKuoVy4)EM}$sk7^Ugx_XJq@{VRK=J-tvNY1U{YlNdwUkZ9QPwz
z??A>L(my2smoATj^zMMqfM%2OM>aat)VA;2=5rZIN7hW=3Lc%bOhX>1umtUe_Gl#Z
zbRQ7ASA<bZa3&&F4?4WG57H?_d$+DbSV5RzjUp`|8ZObE_ZvcR(&#b6WHrzGhyoag
zjBT!1pd&c-rkyJiPkMlVl(olIe~)mrDUKgBz&mw;JRm8jjGny6)}x?+s6p~f7)i5%
z0ZgB<R|TJnzATs*QZd7h6YSc+2CJZbYDD=23gdJXZd6{Xg`VaNiejbgMMhQzFZSgq
zkRQqe@bFap7rp3@Ng8R*`x9X5Kmz;M6u%<ZcNF<t)Gs=?7j4O1UK!L-0Z-^<>_*E+
z<@gMA%{TSHnLp^Rg5)&r4l{@)2oGv@IL#Tj{+*(_mfeEB_a{@pq1hllw)l&#AD-9D
z2l(ETA(l8b6vYl9&`q*QU|e0z26jN+tvfQX;Klq$TSj=aZ`YW~U9$}+4bE1T-QqzW
zFUry76@|#$s;Wkx8~G}Ha9N8%_9AusCLV#YEJDE@EyBiaMJ8vQa(d<UU-*Q3K${+e
z{XH%gHmmqYNb_+u=iiAf5R+!X=nsMNd(J`-0>Qd0U4BG#T7r_B{M66~7364SL+h3v
z;jlXZ9NWOgT%aDBih~1M7`@yV{!FtOBDOy@xI5i_ss9qb=v`b5cG|kaTmWo9Wd|8A
zJBObdt*u)z)j8(xbS&YtDjjv!R@-lrV6Y`DfKDEbC8fqW9L!@o9!Akl!1Mq?+ku=x
zEp^zGIK8<}^^0-bXz*pxxb||r<d*E<QPf9^5}aUl&As~WuF&FY!bWHcq?!D<!Eqd<
zeN>3=;{hxndc5D}jInSIrU+1Ztv#UQ6{or?V6*UnsX{T*se8v>IBue2<fM}VB_GK}
zTWDYZJLJWd`VsS?L$)E}iVE@u(2kM1l;Pj|RU62+m$w$U&YN_?qoSBJTcM<667mL*
zaX%o=MFX6mTK7Y9@@#>nhL9+e(D(r`GBBAa;~ax?a1J_46&oIq%c1{hM`|YMRUIrx
zVY>arXnnt$td<xbN+O7HXkccC=LtvlvI=ubq8;q`4#8{GudL76ph^B1fpZio8Utsg
zPUN7t7!7!~PJ%^elR|y!RWZ6;YT9NR<~F9<nvD<KGqh+W0^uq5Fh%jtbLXciX3Y}Q
zIum6)9NH{bwn%-Ifz-JwncsCGQ4z^ciVmA2)*U9K6ledQZCmbu<}}#FrDi;ZDdAED
z<)5*o4hc&!!0li@x03)Y$F<&qv3h`AvTtJ$PAB1yHT_7mMz6(QPXJoreIo>@_$n&L
zHRGr9w{ZjW#0#*R{0PaKls!twSe+s$M2%c9T?TTdbn_~1Kbv6YJzXC1?u!hbU(mD9
z1C$&+i7iaBv)OOLA;@r=l{hO$uku=rxKdq+KZR&o0?R<#Y0~A4E?Mt@F|8%Y`w^})
zaH-0dt5FZyC!kAO3OMdN;vP_kLH<GshKJ#+*{iWJL4mgz9{4BA(-5=3W;B@n(sHh4
zGCjAP3Oh?V|F+EU1_>`!ogR$(Yvvb7<)jynen+dY(OG5to>STfAjak69h<!S%ucZW
z>fX(a4*tKKELmU}YVEEoKXPcNM#Xi4@kqD!H3VT@fzms)C7Bbs-sg@ka=*!?B|KUk
z@9TX&seo=e`eE`SEWER{J#O`!I{8*@`L2n2lNg@=hFr`EQ%e+GDi+?4LC_1xbd5Kc
zyobtv^?**!9=qO1VtB{Jp()rg<Owt^Zi(N=vhxA%@$3{k_fS@%o^187sWcUeBAl(&
zgBC~W?P?oC61C#Pc;d|hwEpthOx_R^*{xMe%H7<PCQHfS(xvq0`GH^m4vf+0BRmz=
z?9F$v^04Yap%c5io43W<c+_3>Wr@!ook2l6I!ovxZOpfv)m(70d3&W+PBgl?7C4gr
zmC>+M1AP=S%pgyUpEDYP&d_6|aj?O3swSv0W)urVVoO*DLRns`q59(#m@T9mO%h=h
zq@0dL#ijyKo#w_Y&69Hd5*d%!x}ppQeuH(ve98u6OcFew$%tkNP?nJ$>5=9pJ`2_b
zgD-!;jnDnhuYlvVY5yK?I+JG>^J7j&sKWFUpi{7%b=0E6#i7l+7gb*B2$q@KgV<#B
zEG;y)c8NbToy9I0mY+InSzKpL#ayW0wJk4M_ToH3lZ(fzs95Dy<A!TV7L&)ZZy;mS
z3~viYaQaLQ{o?Zt>(w%DnY3e$ss08Sg<1~IvAq*wIspQz@(HdRPy6ZJP+SyX`i;4G
zHGQCBT=tp7%$Vn!-0c46QM_3lVl$8~jw|6F$MnB6py=Qpui(Fup(ATCQ%`6>clwRq
z@br<eK%8uL{nj1ema%8-VCuIYJ9%XT3#05SF0uqVxKxeEy{?EwiXWxVFMg)%`WtJy
z@JI)9kU}=~H(w*eg)m)C0d=}1Du;*-q)>02ki~64S;60s3^l>Dm)x$Ud>{+T$rRN<
zY)2-KiC;?NTw|;s_qPv!t@e-`ZDimMF(Qdi^0@FOvXz$%C%|ym@i}3;2wz<R{}DeG
z$2z3c1OwcKO9WSt3%%I--^ot&z<j?uev7IyV%)qQ2k}=GD%1Z?mT!n2J@M44@ucCW
z@)J<qa?QC`iDX;UpTC@X#8N^a%dGLY&dTN#HPK74K6O`4z<LBhf`kDJefV;|757Y+
zA&Y)@nCHABD?#?(|DmL*pOzy!eT1-}Ay<*f4X66n4V$tIzt=o^g!>s38c_||pZ%0(
z4U;bV)U|WGo&r)c4<fI9+Y&skae}G~HoAiKChZBI%z$DVyjh8faf>V?N{~}kafo1!
zBnu}=iQ#c2+snViat3c^|K9~rMuSDRQ%yB7!lSrM$WoI<ds7b>-lg#In^&xdrUMkU
zrJ{erwP_b=8B^PB;uMEhDxLX`l2v?aNYEDe^1$^MUBi>rT~*7mZ2aQYY{ChMDz8FN
zx)R}SBTtH`=9Fn|ue{v4%iHsF+uvpO)s9GbuF<wFOQ8rC>+^0ACi=y*43Nj`5E~YJ
zQ=Wzz?a{aqw)}vh4eDu9cjBIX8|hw?m<PQ>(tG*hnLn(8P*FT@xrMQ$mP4+}<ya<f
z{Ho$wDn?a)!P3&O;t3)elb5s}{UjNPX?e?|X-zVK*e@m_p&4h>c=jZ7*FoI*K`f#>
zpLV66_X9bHddS8>N{I2x$n}8Z9?rd0+s1s|logT9oQ0xIw?m4?E%+e`F1LhCb`D8$
zwJaxs-W3oNI`}EzH7~Dk(9)ZYAEcUi=AtJo5mP=M<BG{!AIK2~1Tho}SQ|)<UChcL
zf(8W8oJR9H+=f#Z=SV@qL19THZRdlxZjV6!8@a30D&nuzAXxlL9CtShURt}A%q7+J
z26ui0FiQV8ZhMZ#yE|EwqWv9RZtJiH5y7^GlcJik3KtxZhFrpZ)dnwZIuE6FY|;@H
z|9F(ugCk(NEhB05TRij^w^p!$BK192+*OILK*aA*E9=(u*polL=}lVH1WRlu1gWwr
zP2wCxt>3QxatVs_F^bYB)+K6drYiXxv?dMtOB<GGOk-;`Rfu8t#Xq4u(&NOK*bT!a
zA<S+Zkr7CIzjHy#ue_0H`N#Nx9=iVtI1YQ#EtTDA_FHk=6b`x}qu~x-^gvTs4tkAw
zbl$s2@QA4YN(A-qj6iog{XTsDY-z^}xmHEl9J0*!YY7rPpUgN_4Ybj9W$d6NCEaaq
z%?e9HM?25xA$g`UzT4zj)@%-8`7=gAfO!C-_)|LX1(jae1&v_+z?N)Jefg0}_hxF(
zyT8r9!tWy1Ks2}j{2nz57;vi#q<^V&30FCV?$BNE%8^FQJ&lzi<+Cg>3Yevmm<1Y~
zW}958H<6(ousVGX)RRs$(ccP9JCEHhV&Iiyk1f4IE!OX$V`T*p3d@t=ow1fR)8GXd
zFRkEg%#XI}VryzQDx4QZXalH{#o5qDxE$AOA~n!%wimf@uQZ*J`bBoj$Mm+L^^Y{F
z!)ns->2bf|$%@v_WaLK|gVbBzWRvv<U^h0m%YNrkuxTJ22g#AJtlexMI4sIFZhgR4
z53c0<4FK4*71o^3ZW7brZAtX9wxa*_Lz!JaL=SK{^3QMFU}8|#7PSm(o-|h}KaSPi
z{^GwI6NQr^RKtDjRmRaoOkbMo3PR-@{pA!YaNINVUXN~Lq&ZdXfz%jn0|6Km=4D|C
zRxb&8y;h3a8{cJm!4ZEajU^3O<UzWA0VHmV9R`999m(78$d#GL34t0<8Q=rg9$1>G
z2|c;Of?=%SSn#J7%4bx960@#Lanml5#CL#iFMYF@=7Bl03w84n9w)3uPz+4uoP4(R
zM|g$?%q3xDhd9$IWiHDG_IJunerlmc+*IHdMsDVYVjtYy$_SQgy2ved6BB~<`2Cj3
zqAUu;pnGMteg7r%7}QN|l>edp>U?Wr=PGX2%rn1w5jxff;3#4>VzGwRG=DLX1csi!
z{#LU4Fj%AhdJtfV&5cl&kWgPL3k`QDMAwT|zVo21Is6+tzDcP;x}ysDvOTUBNS+tK
z4|RVJ1Cd4}o6!Zke_$MT`Ku4=U2SDhaINVtH@?Qnc3356^MW6|j_&bqB~Z~HK#lKE
zMj4VLa>3R@LMYXr<x0--$-aMjiD!|N0oNB&m>!n-CE^GwU?^zlgg=<`iYsouJL6jz
z=<Oqj5Te5;f_jXq*wSnO17r5ddFo)O|I0P0q>h_nCf5PX$bDUNqK=$4T)aj)p!$?B
z)3aigQ7qq4K?qq1ntyVMC%LdXF>CQV+3ZcXEUqZrsXuc8ZWD)+Ww$;De60N|1edro
zJVvG%l_L^%#NFzBUy+NKpNB@vwVMZHg4iFp<cYf`Vf0f|qK>xRCEHge)h_{-;}mEL
zhhu@wrqa$$@h_coxPlYt^X`;($!x|noA$QuetK>W*eyAo#laB1sWO*1hX90He=;uO
zbd6tBJuLQPS;g443YbQ^%_ZR-CjSWi5<Tsuek6dTx{p%5B}!>Jc3kqn|HgdhK3F}i
zL^IU)gL)>nv10)Lq69${NqppD1cM_m=L3LRd(QG4r%ytCq_dQ*bDqSBOHgSl5o~NM
zV0~@vCFn?zD=Voht#loV3dYxy^itemT_lQ)_}^tsR>fEMf^slendpFEv9Wx81@D01
zrML7z!#f2ThjO?4a@(k#Q%)mkLgKaHgS}Fn0a4PUKqo?QO7VIrXG99+>yHtiD=COn
zn@5nWzkK{bs)|P>K(&9dZR_5w>6cO!4nnUNQ1fEa8*4-X^b&V-w4<gHdST*I#W<(T
zem2F^fs=*8>h9WqRMT|<>t^`OVpuI&w8U?dm)>*ks-~@AkpiJk3JzjxoMwTnP)=D1
z40WcuP2zgJbW5Nt;jh?8<g{a2$NS%X8nxkz-+kHL)(Wi~cV@*xdoN`gMVav>*WLnQ
z*@q6VL$W|Rz4dks;B;cP*U+;?Ib((S!3SjH>L$Ib8(m92dC}Wa+hL#|L3mkP3260v
zV?W((9On~QAc2QN90WB_8yrOd@wOGlc3*)XD2+I&;*SuueG@T%ss5yVRDWye_JuW>
z;qrA=bv5*1oGAK{5vYm5mYaBWb@pYAsTPw>J6+L&MXxH%8tO5eFOctktnEFsgvI&Z
zxw>m1JiB9lqVEP8d_9KL96>8@I{fkDEC(r)f1slS?98TllC}rIZ>O1(V^&Mz;T(_L
z__spH?3L;RnINxY@?BD8e1%rE|Ch0SVCNHBKtTcAqrG~3CXAtf$VImFYUgYb4$(Rh
zPlqwC0%2_{_6nQJn6?&itjR|mzASgQ@dC40FJrOpJ?3Gv5Dy`X)|)F)qiU+((e0f?
z#Hw85P)6GEQDp8hqR&{;r&73%_wBxZJDp}Z7k~u;4h2??3sV^t+kOS<jlS2)Ih+@&
z{q10SOdM5v0`(8u2DSx{r!+!7f;Ie|hcz}5TmFJ`Dgk%oFpPfcKQ=St2b^8gyKJKP
zw{C-{5m2}h^~({6Yz8&1S)aag?E(pLvk~v;0vPjzoC4oJ8yMR|Lqc6Imb<yqLZs9I
zBM@4I%n1;smuI!oa@5zQeK~8308ZZWIc<Ao?OY0w>obM*t4vX+QY$|Z#^>sc-!(@U
z(VFB?QVApDmP1@G%32}YY2#$<%?@KF+W}K}V#5)Lvw+W~g+xUBFWReyO67ZqJ;uZw
z;IppLz(o`ND5n+rFShl!&^lN@TJ%L!c<6_1EfLNN47uM~m+gyUCc}9ZUVbnfTM~};
zf<q2(0<*L7!+oXVwhNPNPzMMs@ar}if+sg9QYSyX3*piWu#DZa{|&uCXx(pf2G5DX
zPNFA(bUyF1qgYa2VR!$@8)Z4oUspZImufS*g<%lGXN{u9^t^u*>S2PyTk2q6a#Mq*
z+=*7UM;fv?wkn^MFFF;jPC!0Ml@-saB%ULD9>s&7QTOu0%bcr|0X_RjxFUUZ2|98O
zT5t3!ulPyjBk>mPCYJAKTGx%UjAjzfI!*PS#+EzPmL3FqizR~1H6fA|APHI2F;P5f
zq%1V3L+;abuHy{1ca!M!2s(?mU+iN4!i3MJ10|=#<wz`x_oX+3Gvl4lKn(cO3FpE1
zp?7x^2$-tI;8Q?!<Bmu9<jxr>n4?;#@A7M}vH9>YW<)x7K-NDoWo!D7@+`o}CLl@V
zwo}#h719lI`5GgW6hM*eiu6j~6TGL9Uq7~k(ga1Jtr2(UZLfUC$v$xyzA;cQ!fJDv
z5yYH67UIaKglpkZ;dgSL><57Ey_Zk79`yk-f7uiSLTQ(-qEu`c2EcvJk*l@BGK?B;
zIM3r-ObuInOBzOzc`kFlpkexb0gW5>Hpbc5W{q3qy`0lTZHNH&-&x&P<CU~Ob-oEN
zRVdQ@@3elrF7&0lxp)<18w#Ytz60=T>`_9ecX-IKK+r9e;l@-5_ZQFAXy(VDb`#-&
zXCYXyM*q#%g}5Yn6k`}Or>9F^CTE-1{lZ3I{pmWe{NOxrx|gDhQj?BpCy`H@Y{d#8
zz5B-526X$oM`Fv0(o(m)K`m=#`5ani=Mb)LVhLt6X2(9FM@pwnf(12vPtN^a*#!vk
z4FH)@zkIY(G?nb8j3j?4jC~{{3mE{k4yWc~=N)_pu}P4jnMsxt^kiAQ3^+Cc3dszV
z(2>e@za{KNCLuCqU~&fjjFXQ6Iw;2wV0nBMFx~WcOAmCp8ldCfZe&#jt}qi4<C)m@
zApN>&Q(cRqE!&3&Qhjv-u?kCObFs7O2?vOw$eN8Gs&0^N&ul52X7;hQ!Zgv@a_;Wf
z^8-q})l(>D-OJo`Vumqoy)L@3tKjPP20#<u^@s{FJNrq}OV2F8*J5c|#g@?80Bo=_
zG&D*1|3s*(5rl>fI)AhcjZ}jnJ2t@6&ifukh-nYfy{h|kLvlM-vqsaAy3Sp`1lxXn
zEU*U?AUV^apvYeuuf|7j9Fcb$=LOpo-!S7#>U3GqF>1!%Jdk^2Gv?OENe)=jI98(g
z5j-!tZjl&~*5dSV5e#dtA;H#L3ggJ~k7KLR7jj?O%e+<||6`o&#~#=|(W(`-q{R)i
zFns5Gq%jyGJJ1+~{6e-PwAP<3bz_kr+V)Mmyr{E`x+h27kLzuBV>?477i`S<qwIFt
z(nP(T!`~;|UU>mWI`;MIf3o>AKciJpjH0BAagn@NbK&0qO_seFHCF{VtH9*Ys{4oP
zshl=qC_`;g2%THy|8u4&Nr4)fVo<%OZ}3A%<0EtF^qZM>LLQ1J{e9uItXb01b?M*T
z5`|f+NROKPY9UaDt%&3J&fR`?tKU)#H=j)`5iTU1;5$Jv4*u}D7l9-)x<HoCl%cE;
z_>yam+tTN$<AeS8$<Nw@;aHKqG79sP%HGY={iFYGl<Sr8o5Q;Hjz$+#zKpcIc!J;1
zJf<Y4K3}|d<yUod<vR=Ch}D$&>2h}5W3AMOSY97RD0m;Acty7-w^nq$v#<fl>CuCJ
zaGlk~UQ|!`!%*O`-}Blds*=ckTSg?2?=~Q)YHMS%U%iIU-@s4&71mG@H`ld2PKucm
z>qArmPn;+OWFp^Wgr0{CN&O;Ro!!naDbNVK&DkH}z=9M=biOn;1qPxR<<9uev0Tr8
z=ouGbjYVFdivHP&_J;W#Vcd89iGigcXEi1@{(n%)^$N6ry+LJi3Y0zu2E;|9^S2c-
zf0+T01(IY$BpQj5baH48v+mvYB7n^~&XDC$gKbgu&RaWfJ~|ebPS)N9Wlt<vMtr9#
z8n|UidZoA4%MnW5H;fu|#3#q1s9^d{oWO*a`qa#4-1;JvY2}%fdk|r#(z6a345a)L
zfcb2OwuEFG<B4NeW%usfY-#FC45Jm8Goq}bf}l*Q<*+F+Kf!$WNOM@+SF?4kQNzA=
zzmrIVm5m(+w)yR-%Q7wdn`>~NMYsl?crYQ<d~ap0mtUxs4?eoxPtIm>zGEusJeHDr
z%rS|972iQrlF}wTDJq+QK5Za>(7)GAMRtZfM~71tGLnAvpe|A`eQ~8RE&nu$sZ28>
zU?SmGDaA9?Tb32qCxha8faZ60?0~h1F7$QOR&_-$G*lQ`!-_a0lk6&AJYwGfOSL$P
zv{1sRUNQP%he;E}O4R=$-D$7yXM=*H_5T}0QrmIwFBbO4>CW(nDfo*DP0-~+(bsWK
z%cc4o`;K^!du!_ZJE=pZouR;g4rj&;{v#2`Xpc@IPP@S;F<b4`JNLQ&*!1qEEaG6l
z{Gh=A$=YQwDE;*COStevY{gqfV;xh@r!_Ge+FlQc`wWQJ@PYSKfn2T)?j#jm^#jnS
z(E14O?0}ST7PS(fEe=2$6^&Y}BOS6hL|vAssfG!*ffc~8sT>VsTHIu2D?s1Q^>|v2
zn*t(B?LOGzUl2!y;%Xwyvk-1W&M=rKwFFB4fV4yW&rg&DM$nJwP<g0Gxq3;%m{V;e
zAr_#r9|5gpYcMBKY*VrBhmTB+B^h5#+g)H)90!b3+VVNgk5#SmB%jFtw17-}pUL)B
zdQeS=Cocc&3kJ17!zG(b7s+k^L`x(8mVJ&4;ux_xp3;O|Lfw`r9lg@XP+dG6c8fI9
zSgU7B2KaI);m5+>SBfbJdp!rd8w5qjQcJIq)7s7SxWCViuj16T<OaasIHF2({K9l}
zIeda_)9uWXhwK-2fzz0kXf#}%&Whgu+Gl3qW<|;euk84yfXM|ot4E0R#%JtPA(2Nd
z$A75)pg01TjD8%q5Vcups$u8@rWfZb3tPys<Xzp@`!*ENngs#A#N!<HnL@GHSZ-uz
zuIE6?2DG*-BV$p{sk>RM(9;MO3<`;7k`gs+g9s7x6^Z-EJMp?keeCfsz=%ZlBbn}{
z;^srBrGXci@qWDS^ijCRh*&W!K}S9%FIc|c3>zjiTxQyWw3Z+dVuK(Jc_=Fx_bRRS
zFsS5u|1^QQ%%X!mgieUxS*`=i?O@f}#}*->-g|k7RqP(=>x4}<lP+x{l~*EdwUx3)
zM(!<gF@H)QBwUM9$3eeU<-j24+H>qb0G#)*a=;<ku{2m?`8<+*ZL(03=3?}eiP@8s
z<iIRAxdayuVl!BsuBT?>wZcC<K<3MehKQY1=ff*lK85tYOp!Hv2YNKU$z+&CT&DCj
zN*p_Hd3s)JPO_-JbjZtOjTLV&I?0T0<q`OSNjGeHM_Y$%>niDCXkdoP9%u|_;Cc|z
zpzH&<Y>-s6Kd7BT?2}=GveS(;?;nT-p)}CJDUCeYT!NlI9zLPky}rZIAE=>H0J9zC
z%69<d$jgGFEtYZp;T=}_h%I3Pp@}?))^9yO8VxeE`luU9sNbh(6`+&^LAddP#VQN<
zXU)U!?vsrou2v#z-Cts^mIdE>5h~Ep-3e+$@i~O$Odvl59l-kH+u)snvtz3C=H&Z)
zd$Q99%1zNPxe+P8FyZ&(lqJvWe<_GcTPadnmguWTAop&TVw{83DRGC!!YV_<Lt?HE
zuUd_}gxn*aSJoxpKfX>8o|0<L<K!Ykkh#Op;SPxYWBTS=KkC~^%PbJ0EJ>NjLg3`D
zqZ|*eB5$y&2pZ;PGm$YomYF_|)>~t6{IC8-pZPb5bIsWJ;{94Od|GQ_+9QN$++eK|
zkA^Fy5)-_S(MpJ1oX~rmw>>nd!hl!J6|iI>h3T;PL#&$6%*b_UGuU7xBx@9b?XfYP
z{{Pi8YWGu$tPShzsbaCz6`CJy=R4nZAXuV(8Io<q_omf}HqK<}{L4fkC;YxwVhNKL
z*Y`6610n4MP8vSzaRc+)XtH!Im&l(L#nVT+nbVbO;84WTsiIo?8)fz?n)(0hc7PMm
zuq)ARC;GKhrIbQ@>3NghDv?D$@7@pFp>M#}m%r|}xrBWOMyYhHTF9GgS}(IJ4{kG@
z3W3<*G`uo+t6c8=a&`+L)+g_6SEKCT5Ix1`(~Y#Z`&D)@Qy81<Y40y*;vdE!cdcU@
zMIQmI#qCDgI;4SxtjpDRrDNv*^fDc0n(BTqUQdEx5roGTLl@o#JlZfuyN@Lj&5J=*
zz9`0haRaY09b})C(l?M2$Rr{e<ScQq1eSU~O(chZF0q;0ECuwQi{;VuA<Bj9VBxRS
zi$~QCB#+<V*FOOSuQlw@_c|u*KaNW-*adAKo)@%F`>t_v!^hTtj-6isNC&%nwrd;`
zwV;U~-^hnx3t@-jfYgqiG!_kzIRfQ=pz%Xnr_PtcZm_XLEze`3$`YW!@T8F7LVaV8
zf*F(R!Pnz-)F5B#oj>5F{#d9x{ukA&A-8?y-p>g}+eK;dt?S!V7j>W#lhM>8e{T<a
zCap<$lmnY(N+TCyy*sSSt=sDk%@LLtNcl8>y28W1pOK`Mk!nKxX|m5<I%~|I$X56Q
zHrgugBw^?$k@h|ua1o8Z2O;}2t6atbbndsn1X3Kv;6Ips>E~!*;Y1~gWx-KZKZh{1
zHomDm5NV4LwhtZ+X4G=Ms^Ca*l|XgbZKcfnQ7n4vpl`OiTIiqG^tf6Ga>**D*-<y}
zK$PZg7t?t$Dt*qY`-vnEpy%6aeX$uN=#sL7n5QY8yGLpZmEy5JnzJ_S8$V57P~~m7
zFTho_8Y_Q>q$usPh04ks{44d2B8HvLRtNXkYqYcG7jMSMS@4iJ%8y)?hXhE<Ho&*T
zYeHqqWrDE(uikP5?h6ZT5?@&2be2}*PJ$m?UY_$!QT2%Es|+)07Lj-W;e_Tq%8U{6
zmP#VNq;Ue8o)9X>7e1P~3^RdGCDmd4FkR?AOX4^RYyGb$-z+~8n@#UGwb|>qaFwcG
z|E4TNLBcpK%`Dp1LF{>j%cR8-Pe_cu;#%bAtt_Dh@fNNc<>2;&f_``!Aw_Xl&_f4G
zjm*U0RWumHho@frwmz%)(JG27Q30UeD*PQ;01LQ<__b7Dz{SaZRlZsCFQp;EyKNc$
zEvHy}UaQ+bH|w)KXmC9QK-JYdIOUob7IRt23hnTnnj5b8**$ckok9+QF8ZyHSf8<N
zvLgZp&jPxH{a$p~JY<peWZzN0>Gz~m#6DLrfDuE%Kw<(r99aS*wi|Q_A-WDid0`}7
zoQ*b{xs+6htO7}i>udGD#;TVetHqH<kVJdxKT3I_m(_6X4{$z+y@<aSZi*wJxtkXe
zqFLsf3^9-g__fF#5a3JAafz7cj=e$YQe{E}>4_mC1-4_A*YaIJnHS)B6zg09`^+LM
z0=Vz90dlkSg>sCypg;cYVs98Uk+|U;)9cniBS3AeeyBX(<NX`}Lb$qldW?<LO+7ld
zLDS!N0UWH2hAIte-A5m&6<bfZG+D}3TK_rHksJyUSU)0f>uH5F_k_|KeHdHq>taFh
zm%?t_?{i(ATfg9EaU{`%cn?5y0#eJUiKA0CH^`~)q#MFQ+a2=Am;kA=J823GarW=`
z*em24I&l_gu3FWc+C8Ll!tgQ`@!}TYk)76!B17FHUo4xZ3{jb3R+#1+8z;@^u8$T`
zno}j36cXKV#yv*UIm?R)tO`%*M?B(_ly@(IjMF3Vyo`xU#J5lm5Ciz~P*y}atmY4*
zT5Hn?i-UkmK!DPjjDuT>$$)hVqG5;pW$?aB2u=9wgvW6Kjm2s^=--efMnTR4#-ZQi
zP7yM23-P?2oEzDPY4O8xV!2KAY<%0c<i!AeRX-1n09bEezFL;`2Z$eN&bfI*sWmi%
za}{XLU%1Uoh`dks%0=atxOXqP<;xQN@HLkrO-?mghDB-#I2kYvM>y|A^Z>o0p5D*>
zKeS;nL1?9q`Pfg>FkBMXNS$WIx^{%V%&kT{3FafX3siOLykFN&sSt4qh6M1Ocgk}-
z+Sum8fPcZO7D)3Oocddk*{r?l>dvG5S3uY`sn2dBn}N<+$F{KEhHwy0YiT9eD{1Bp
zeh!^=g6o#SrTVvQSWdX5nL7YyeSK4<{vV$rSp)aSv8CKTtMJa?|6p>6AY0}ugA+HW
zuBB8oz4qCQ%5Zo6Rh4Pwrkb4`<C$wX-eifEIiq1sLkm|L)K1ZM3!felc#<t6p5qF`
z<|Te5)Bf=jMTc>*Q_3~3mAyuMZPTne$7z!Y!Y(hsDpe4YA0dh_HqvF@s)zLM!^#&T
zqs!GvaZ(&GzUOzi429z>bXMkB{VaCn+vCdx*N?vqG4XuHhqvL%xdad2Ae|<4)wPxQ
zjndz7+#HIFW*@v5!;|qUV3Utolvj9%xSX}F-9M-O7DsG4n}Wmd_y0=CVQwI{kv6QP
zMq@Wi`76UK;)@BkZ;(+V+icMQl`SdOvs<TcQzv}eoQWM*vbC}QzHGJ7fbk47uT)^U
zK^naOKO$^A*@+&^!qO{+y#CXAxi_KyBizgaL~bN4@s!Pk-nwX6q<XdB=6N#QQSy5p
zw=U1zeUV7Bs>b0+aDt)|7hn5+4mKL~W*wBj0sL{lLN*%=<iB?}rFTHtaas5<!)m;t
zeS~(kl18u|Cx+y?xGK~IM?AKh{c6^_*GAx_?GD8w4gScl0$am`T2Qaltz<_N?xjpf
z4oa_({RzH#*LBCzdhAw(rRFz3?~Ycr#I96cjYm32%7|-Y_n$V-zKFsovM)S6-`n;Q
z^`wYCf%Jvr?&_S*M+idWP5(t8!RSYOd(C%0>o-dz)}HZ<N}!rfX)u|DtGIPM)Fe6=
zuR&FUT|7i^pE)L4$YK=r_*0N`4SoDy1`?ynU@s-vUQNYFDr0OKW`0oeS2eR%H)2D9
zB}Im$g!EqY<gMV@XW8xBMAfB7<7x<sMY0zVV``sbY)_a8JtX3Vh<hlmG(r6o0f^zy
zPrv<2KMc|8CmqGf<&0a~Ao*8i4uK}Ud|O;r&aI<d%b$2axOnwKd@pYs{*+y&9H`nc
z3@o|X^Um&l*@H|o98r@_Q?pY-97F+G_WoW0JegR)asUm^8-%l_YQ-hXD@5VJ;B9&!
z?2C-!syTw*q1A*gLGA3S&lPFiJ&{vHhsP!Bz+t~hf^;(zI+WHxAgT+Yp3v#-8Kamw
z9FELXExgc}+qP00(dOH-d)Ui_EHpQj-p{;6A5z9_Zd$JdKg(y~3(eZI?bTbBFomQB
z_8<SNNBa?~PNnVeX;KT@ge2@|YPgv6(%)WMG7>w^_P}uiw`OJB6ob&}ld{=*DKjA*
ziovRrPX_j9*f5&NU88NC*)V-q<X*;_NT@Nt_#+l*Y<QDkjFBDp$m@_h0_xXTi>Qbs
zgIx@6N{}!D&)}Tw?jB;zk|AbfZZI~TxkSM4B?lroG+|V}{D(+#2^)Ftnm=274|4-{
ze|VD&oo56h#-35nhrXLQ$%25>z|)yH$b!nDG(QPjvc|(fCa`TgN<*e>Vr`E&oV6gi
zgrK#wQs8>oLlh?Ctc0IrOAakn=&%bndNzFB_q484t93Ms2KpT*qq4BQ1E1Mpl|KfC
zW`<M_!VxAdgl`_|d@J>++k@QYO}zX-2`W-38wyzPnJ9NGUZT8_mfk7VV$Qd-y4|2_
zzp%uAO7|2Yg&7P=z6U_iQcP<ad65!Py<S`(Q#vz9b{Y}thC(X)<^cK>Xf4g1IYW*U
zs*RBbkrq5088yT@m=)FUFpuO-r1P!fF7dGY&3#2YVPZ^mK-IWxVQ7u9Y#QNof(enh
zBy|^<t}}o;zVThic|=a)=Syr#B#WW&U@oW+)EgFc-04(JE%E3QoI8>ApUDPZ*}Kq~
zY&SleKlcWxd@xVi@~pZ^gE{qXku(y<DGTlnuJ_o2NduT;@k$vSO+i1QSG{h03T~W-
zx9A(kyf4BZZ6^MP4dU<rQY_Z}Hc$9^ir<YAqo)@8a3hKaQ_Y2;h=lHi8vp@m(I3MT
zX14>w!i{t=u5lBaXxk8@BAd`Jf&NBI>U#DOWHe`T=fZkh7(@{^8qq!me}%4bar-23
z9>smpBi)4GyDjQXoN1yn+Pfy~2IG|r0Sd7&9vWsM3(AYT38)V4D=l0BMqh)a)Kx0!
zku%<7aRj>m@N$HmcJ)1XS3Eqj>Bt$@dN$6R{~}f~8-l@tCK{J4T}1Gt_L}PRYF257
zuznHjY(LEnsE8!;N!89MgVJ3>LSGP3H;d%xf;d8>G)qA1Pk3n)`hw;a%v@%n)2N{b
zz!CRYQo{1VxO&#&%aPNZ_?E*qs-m3xz3`hO_HUtsu_OqT#(4U{JQDWU=Q?U!5`Pl3
zH~<|^=f&ZKb&1lbh+)nu4SV8^68_3B_;^;#D?p$}mgK@VikPypC~}GR18+PXi*NfW
zKYo?9=1VY|HD%ku^X2&h50Ja@(}O;#w93Lel>7-e$s{sue`=MJ=g;6w2?iEk@yIjH
zSuoUyQOg--#Wg8(SU;bWEW$td+ry7dd8*fn0Fzz_MTgODN9}5E;B(dlym4IXlHrKq
zIsgzWtF&T<dg<&ILLAjC6`_nC9+dPe?P%G9nj-O=q4YH?h3M;fa4_TxrAYqLwQ8Y-
zoy?pS<2S*OxUPLPd24WI@FUDc2H=7cAKW?4hAgdS`jVxZB>UPWLZf{k>ZZCKk-Wy`
z7&^*X$FdLUDNsXYu{5gt3akpT$_QK9>FH*-Nf|dFVqM~B6dPG$0VOKMP<7^>vk@W-
z@@cV^yxC}V1<1Z0W?M1^q}jvkp>p&?>~7!Wu}J?6Cb#$D#7-WwJLA}S8pvi^f^y(>
zfV7=lzz2zFQO3=~Ay`1O8?yu}Y@pe_SxlIggqw%bHu~AiZoGdg><yioOq(GA8STvv
z>kYNMZ>`8znPmZP)A2|oSc1|)n2YrsvQs-%wHnTmMcCl?L#|0P#f$1Apg|ZZrP}Ap
z*;cWqUfl;yeNzs|l}e|+8mbvj8GY~-zKt%@LHU4^^vx3eR#Fo21Nzt0Q6O*p#GAk$
zcW*oP*aICAC1XQ8E&gQM8Xnjo8^4@(D(#QA2|bO~V8+JncFwTdMc8z;sqM=FwAvHi
z{qSJX$%)(4FRuyk|0=p&wAc?vluR1WzYz@qWWYVGdu=^VCu7FKIftI9;Qkisp4|lW
z3jTboZKLj{Ixn}>D6y={^U-R<aI4|6bY8)8*ZAwqNItnn$zh`jRItKeabTH`>-y`z
z@*r&?`wp8V{Lrn-j+pbN;vC7Fb%1u+IZ!5hEo4KdGZrlLB=n-g{jZC$EEO1VH>;FT
zEr_>-uwdW;{Ndg2J+bM`N!R`cdjrwH9A3$MROSmZ1WnpM%A?wbx%q1MG`;wtL(j~B
zlusYvw^jDdNXFhELFLYoi?IYTJWR>~K3~$aL~#n8ir?ae-{R0@X>`%2xZz2{?==Dr
zhBer00$npd-Ult&R4Cnljq!}2o7;jW9{}WeB)>U)@3>F4wDBq1p{@+Jb`pqi(vM3v
zo=#cV18Q8bE1-at6^sj$>xisQG)0r>Bi_q=+*VXc1TkCM;pGy1yxx~5pwp$F&Z&SS
z8q|vn&O>xw8Cnp|RC))2anZUc$FL5<`&714_h8qTt0DljwLQeN+M*yd+p!}H|Jk2R
z>35bX+7L^%?d_-1y$dX+m%3t(Ofi2r&`8P^61tDES(+fDt>@_;nsm_6p%)0!z|`D;
ztBlJtpj)Q3^6jK@u1aRDt)+k`Qqm1ybojcqySS&FyVeUWJAc6<{|9YMrk!C(s8YGt
z-@ZyH6u-5u+z(fV?@p(a15aE340NBiBt2BOd^~Nf=qbQB4rQi?*ilR1n6Vck{VNgY
z7G+5G+71(MfgK%%2Ol5iYMoO5joMrz9SDL8&LrKf4Mj76bxAs;o~Pnvz6ITXXmZ$|
zwkMDsmft~X59TvU>K00Vc<fKd8zXIQ%k<MbTjR>5l($D5V}ALXDU1RocrP_>#4xjj
zZ&yH`KO_WQ77qV6qF0{Bhg-5VFii!@za#`_3Rzta=b4Vv>)u<^wYI5dU47*!+Pzi%
zv1>ZRtmd2Z??9ycxlcOk0J!C(47XOVpyty|g7wyN9c!Cu)f_jT0=ix642PcQ7~uuC
z^3*61*ym=!Eu{A^#3lKPwmiLGeN%KJ%an*Zy3`i>LMUieJYyth?;$PWagP1(i(Uth
z{C-NU;Iy!P0r!f<6J)_6P3p@F<Tv8{KYIS*9;3s%qNC?;5sL4C5v{t@ac7<P6maX-
z&q*eT9oW*7z5kJJdG^@ZL|CqCN@9jnE8U?pD18YvMlRWV<d&Bh{`nslho=|_B1Dum
zC!1xZlfxX%a!Y9$V}luo0SinUbQ<mvZse8+Ua?il()~5^eH#UwiLSf?B<c<ZJf@yd
zJaouZWX)CVZo<Jby+nZT@me4SWhUtm{#X<R*b17adC*p20D$F(xzZY{Vw-CGviHyN
zHS$%MwxFHRrAU-NhsKb3Y1&6)Er|3&#HMhoZU9i{5VB$g07pk~6_x`zY$+l9Tn}KF
zK8+jabu#4FbZd?`ywngAhoXp{pUUD3iMIzf+<bm5jbvr+*2#lBN_F2yaxBGGs@e*>
zpI(|V$Qu?kl4Nt*$E==|I8xzMC#<)4f!ifa4utxxDS|~XCw{kdsLoL$KdQ+gQ*cG#
zkRMs7k^$a_PINygW=bD}P7!)z@s8K9bNKk?=G`CdG3DcX?P<s`>MlVV#w{ac4BMKL
z*)lombVbeBkRaygbDx3K1dq%AA-9^uE67Po-qf^CM#?$Egf7QmgrmUJpSYBJv0ns(
z;`)M3#APl)X}M^AHgv)18~6lUW5sa4jMDzlRN}Tes=ohZNfeVv*`e^bW(=?20?l>L
zgYTVL4ZfjSb?)$BHp^F;=sUijg<<3RM(UiqIjjui_p9c&<IJauCsg4sXrLzT;jm7r
zNi#;B{`_AzM~A(cNzm||Tbe?;4_B<Kh;_a5TIx^Q93d#$@K_7<DXB3{urS6)b}vDZ
zy&3O$ndHB6P*HZ!HzM5BP>1n~BAY!=`Xej@ArZ@gMB>-J8`x8=6L06Byxo9(X$yC1
zMbf}?ydRQN_Pd;)l|9F8@s<i%_{l8~lJ-Q-3gS3C5TZMA7rO$et$05taT$*ia^tj6
zX)=lR1;D#=${Vs#*?ovZYbx&mvB?S5Om`aj#|BgJIUtj)n9IWDKv5V8m6_rQDAZ#}
zjNmuude(-XQczazm(aq%u~06;D;nS(=^3~m0OzMuAM)kgBj-;th6m!+m_diCwRSe$
z#Zz$9DRQt|?Auh8NC@~>pN0h1ATbFkd4kI9I+w70%6A=TCURcj!>79=+>3?trogId
z2zNTObN2mL{&b^gNBxo=gdhTzJWpot3-H@Ukdq+ePa1*WVCu-v?bP(Nx2!B4ScT4+
zMg_^jc2S+|v%b&^tH$Hbtc=4%Tw72j?G@&$W8}S%^v5Y};6*1ro<0Z7p;jwzqw%8d
zc7Tp0CQ_0MbUic4S$1m)yu^@`)^n9539V+?h&8bySq)mG($Qn1qI;w$%9kPR(2oQq
z<mi_qg5!%DDMyFOvEB&DZi_E<x?W7iR^l?9H0wpmWRcg@3YYn%;%VpD4N7V}RWoV#
zIEj?|?(d?e(ND|5UK`pDa^87=nux&&JPpPn`;KVx8uNL;+G@b?iZa`q+*gzFxGzF<
zgvQAUYuN{Vk58j2ZAsmhCMRuF_n5%hOuy}g$emIhC?j+Ksd`?@U7mDy>j`*Y?TH#u
zg3;;v$>pCAOH9eKNZd%S#Y_=d5L(a2Zn~WZyrqC4Ws~l|@W*rwlmQgTJ6%z%E-JGr
zr#$wmwYct2OME{J0T(m^S01lBYCMeI$K>Lv|3+K0V8#6#>FjJmk;*bx3If>WFpeE^
zp9u;Sol>W;&cUOZd-`1u`&Q&*UL{P^XePBC*A#??`s-tu);AZp=%CzagZYu=dsdnL
z6P@X;0I5MEs~IejhMKe{vIyS@)zPBx$yet?9s`p{NVPUj-AT$giha>#8-$J_GcZR$
z=|*qTQJ|Aq-1Ej?ztnAUivK>hT1R9p;kvILGA$CezBP$yOYpQaP1x1@)Z3u0ZohM_
z)1TZi0Gdc6K@ph@O0v8!8{f82si`<8$h=jzmjc3x1&Rc;*`t4<aRXd{4p~0IS*wK*
zLQQOP?m-ap$yR2k$|B2wm3&WVoIP&Tl&i-H$Yg*UYtJ1H0~0DTDq11rTXmxZO-P31
zilgO0w1N7krlMDz`3C(-bF6lG^y@L86p>EUPc~fxBcl)B9%xKo!S>6YTDO~sTnDG{
z0Nse-i&t1P8teX(moG$LOS8N?8Fg-78xEQ&nlxWyIw4J3yh#N|7+PPgQxfAx&KQ@s
zC1?mIPgZdc32Gb^HQD>}xofyW23eKBezk<9AoEM%PK0$kdu>JEN=gu*hB+QWX?6*A
z<)37}uRj2@8jedd=82$;=TO@nr>?@<N42+X-n8SACerPibza|6Bf+Ov0cmE-`MJ9F
z%eaVX_B?l2E~lqNH}aV1=F2)=XO3yQ3Z*DwlKzFnT4X!ojuIo$9cBGtXXE0iV=`D%
z8I6}^#=oyD0O_%;g=@uY(b5}$i|{DwVt{Xjt>|l_+nRP-eU4V`ZB()(Lq=yH&_`BO
zoXJ3{vcGc_vnTYnq_6(?JIdx4N7*H3vEWySwAwYJ1YZX?!~Q~oo)0d2j8om~KuSex
zbaLvwU>i`O&`R-in1@Qz5Nc9jY80YQA_J^;QNLRCGhdZGrN|&wb%EwxFVtNoh+$-!
zCf)jSrd`Q~B_L#0OO;((q44c{IynmQX)t;=^eXHF<R)+zz@i0!S3eli^#U-zvK=fB
z>S?O$(4N7y&v@>i?C2*M!8opriXkj~6}_4JAaPIIYc%y8k<xmDHJunDCKx27o-Rln
zvs`amlJm+O4OHU#bP0VMTYn0rD*H$;y5mZGAyta*xwrM;)`MBz+ZOD-Qi59Uwvo;#
z>%Eua-A|gse%7de=&FP=Mj&#@NwsNfe?x_btctovQZKZAbZArkE^;AP^mu)xBk103
z<#zv%jxq_F$J@Mf(4*w#T<E9;a2Ubv3kyAZobMDz&&af`QY+g-f-pGkwpnoTA5osv
zb>xY4F50Gr7Lv-HZHAz~xRI)k#8wn~x=x6TQ4)QC+llRqBP9Gz+`>p)$?%o#Ck#LB
zk^5Lu?EiEK!uc0;lm5`X4BjgrylR0{*m~%Ac4GNqbVZGsmQ#bM<%B%#hak)!gk^4q
z=r$H%738^Rd0iN6zC8=ffv#hg)^t=&Jpp0|=a+^I0EWYNt^5S~cKE@LJ1XK<H%&~3
zgr^*$&_GI|(EwtzS`s-cSe72Il9nA7#J)A~NJEfu$Ru-?OE_}OU3G`?53m?_HlXRN
zHK9j!!f*z|+?RtxdGuir(q&g5wHZASqr}i?>RRWOBX<#z>~?s@=W7KjpNjR!H0w6O
zD*+**f5zWF)0C~jlk8f3BebJvu>@484z`INSakX%O5>MA57@7Z+dz*2so+@^`Xyj#
z&17eihE|Q5xtlaVw#cD*d8%dC-d@vOtnrqx9e35PxZW9UO#f@(<2g{j*|OEMm9-~>
zaH!aHQmnZ6)3y;qYXV&J0<B_pLb7@X;pS6hMKBawqOI##uo>#A7Pt}3@5gFL%Hy+)
z;q7SFYy%yGMC(7Hzay)p*<xkCG5Rq<Q>Ijju0djW*i>ZfJ~qAgaj^y?_Up*?x`)RX
zyN$)Id9kHxt@fV-o{hPry`!G&I{`S9r9b`rFA9TE6rV$z_(`WidtI4|YbDqPT=D1{
zQ&h;=#-6b`9;=+AvReLrBh1~|Iu6Wz5c%*LA9cZo6rLeX6kYob8<7WjJJ-EFmKb`Y
zIDC4oQn@_Kg&u{3=pqg+cO+eC|Id6D7*2@YVz5-;X{*%|(mzVeT!hlHlW&u^=Hz`$
zaUP_dp84S$$U({s&m-Qwc9LE*q&9N-uz`G#?^qn^y0GM@CA3rgUrMH@iKa8GYJXq2
zRU@}M+HwyxY?beA2<dJ*+!K<fA0Q{F$#AJNhOHwLn`?Cm=X@W3&ca3N0<R(kn6ND3
z^`|QH_tWbWw5@{X1sA%!H8Q8aP3SrCOj<za3?0ZO$~Achk~Ka?KZ6zjX<a*>vaBT3
zX6=KnS(H5Vc^qCqC`c9bxv>N;;)=+`>-6gIgPMxmrMrE}tPxH9p~SLIk0;N_uIWBx
zx@!N|>jrH8Ej~8>XiSEb%svp47{M|S=2^>4V0q6dgm!dmRBfx&h%4tL1?B+5nd{P!
zQGDnY;SaR(hm}n^J0G&l@&$updF(UiQ5xfg*Q<o38n)0{94+bYewX?N`gFO79S076
z{=c?kdsoxExseNc(e6Ov4|3wI3Pcynr8~vECAGi9`R9iMs&2N5ER|uG8QF=QI%T(5
zG;MvdI}7j41T7~K?d_Y*D2y13!hiDx%R-94zN`I!DQ~ULqJ)B{u}UZ=e*l>xXo54Q
z8~1Sjb-#M=x+klGaQBHf7HT$^)?db+4HZyqC~(4Q215|=3d@#GV{bM)J7QB>Q39@1
z2)u3`TlAy?y>)lS>oF{$Z_6BDOKje~m0E*%l!@HHYL5o@$Hfh_m<0e$K(fC~XOcO@
z8hx~ET13&Foq>=#PbdgT?1F{2b7s35WxI3miV0ak6g=B`T{lw+&=dBG!H+u$7=kM7
z@aJVwl_Pu^jwIx1EA9UtZ@ZzQP|sU%#0O8&{e2x9`B0-+H6E>)OGji~G{!Y_4AQa*
zRtvm>JXR5u9}0e$act#1SiMt6n)nDx3oOwYFyZxALE4DwYH`vP9HD1OKN>UN8u7KE
zE~Qh8%E!>UJ#w^6V@}zEC`z?q+Q)y>js=5|YrElA+zQ(T6y*q8Zjrd=V62&p9a+Uz
zgSw4UguU6}-;qvJ1=VBf+QZ<rWExIfuC;GM+82tE3>SSO@j9429X5vC0n4tUEog2U
znoM&uA3JfH1+x<{3nmZ;Ym(2mI!TTb+X=cMH5yyq*XuuJMsc@3cR4`v&NQr-_9xSf
zNMnc0K#2V=^Cg2H@;rz0g1eq1dH`Dy>r)~_Llq$Pu4S<Fy;3ARuGLsA8<3#T7?%Fx
z*Qd1;X+RD|MMe)q;)8Hd-bm6<rmmS)B?Ui|r32T^3BuU(Q;&KD>eqFKLU)-LKhhi^
zHm4!{k8#<xdAzkQ5wX2+Ml!2xUStqJ<G0lEX~?mFA<w-bVm?d95*&6PgAY%Q7mnz3
zfQ$bH+pi(Bt00<D)aUfy<iWCs&26~#cI!rrRRK1s0mt`Z64O{NagcwAT8~hMyR2{b
z*{l>*vcg?n&nH9VPQ@YcaJ2Y*M@eS7l@<&~vc@Rn+~@j~1y0P=T!{-tr3qw94BO1z
za5<_mB_s0JWIwrEzZ5ig@J$Jcltp<VkVare7t67sJ{=$y)TL?gq<XMW*EmW&yi;iU
zIz=^#Fzct~M#u_5Ts$W}5Tui_APZs!+^<sf%s#CpCcue-))Fry)CQ{c?|O^Zt$5ei
zwHhv7stc5=elI*dW>)Xg?kYaB=L8YuJR(8<$fRY58}b6a?~HH^?Qg-lwq){8>@4(5
zbj(|r_!XYiW@%j2q}G<I74(_%-RSS}tjhP9hDBf0Yx>AXPO}fiv+s3A7>O#EP9gBe
z(Jxfv<9>Z3g+wTuGtx%4LG4E*K7c1Q5=Xv3vyizR4udb;f$9<ni$upLQuG-(Hj|<h
zu@+)RNP!vdtyzMb5u`OvMEo3GYbr%3zOU(Ex{~!^box8C+BQUBJ`o)pG}!qGn{S{m
z5vxAkaySUc#pnIPc!ABRQwNpo&eXEpiEp(Mv{cf18#ykHlH~vrg^>!^4C7*U0uX``
z059a)*=-Vc+&LaX`NRj`luD+b(bVBGu+BR{sVqz0oz>@3Se03HnxF(6F6%52s1#c2
zRqiQhBtM#X6$nWGXUW&_)7J<9C@MH^V}cg{iiS|ETH%}4pZeJlp-Z6sI2rq{4bjx;
znUr@?uYCugr9}_+e6?ekIH<Q{_}R1~P}Bb@K!M|3b_I>vHWh4X`rw)wi@=iNp0SsN
zABVNPeF^DCzepP0sA$>FZkW$V9PG<fY46y1WdQ5HhjA0H&w*Mjldvt_UyAC_m9Z3{
zwcfX*<zX!yH}cI-XNg$h&hFi$Ie-c$9Or3Rb>+x2b(;a;=O&9P9prm`Pf`&+&Lj>{
zdmVn3L05+ILu`~F3R1mTU?y@@$4d)F3OL+!z28RxeBu#_zYD&l6jf_gHI=i1P^Hs8
zb?7YQucCRv_<mUOOwiZ{Z|C&NABT5=@QyYcx#|M&GRDRYRsxu&3hL4y6W3^=55nHk
zF0c(%6Zy~ss)q4Y;jT5J^U#+S#VKJYs4XsHlcLFq&2oVUy8E6d%#Fc^M0!$^*EsW?
z#?_KJu1{ZxKy1-a2ZzOe{rjSg`8FW@tE!dJLRL_R4}MOP?{(9r`97P&;fDoOiq51c
zn2b0Ms17isq|E;|JWGdPoJ!dxBLW=C99WeT{J2L_5To{q|3idXtuibP&hzQYxswB*
zY!T%qEETgH@uqw;X+fJm?F}#x5k;jK-i*BQeqJsS5SQ)vN?;aM2nRjArSJ+T&#hGf
zI*b0e%8De2iQ8=jJotQFscShuNZ8i4<HDLPh&WrQg?S?CRHJ?WOV6gCf$5n9S#QJK
z=kRA0)t#eqY9d8HkwU-#riJ*@_6TDOcarPZ^CE;M^0v5`O0afVZu3zf0kWO!5}e#=
z&ON@C1!Zr_8Fr7W_|5YO04NIrNPYDtACIT-VLT0F>sW9edSu)%bg<hiP;ovW@#1DP
zH?tl2ELAFX;((Jz+nA$`b^PIOAx-QCjyU=f&lg&B>KO*Q&qm7j&`L3e`dy>xuA42S
zj$HuyW#&PWzaFppPz=$oLb~nLxqP1~BjtF8?fomsDFB&A5!S~fs1%hDzDt~bYT3e^
z261r<PUX8JFw{xHNp%sw&<(ZW$K?y=a2m4Gcex#;W<G?NVwQ4n0~f;*dp2t2xJd=o
z-4#wCL$?oWAYmrkB!S#$x@#;Cb3HamguDo0zhQ|g86GNkF?U?+GTqE3tsa!;;TCHB
zX%3*?n**3pL<H-h|I??@aonfM3Dtp0j4bvr>G_BjT15rjJrI(J@<=L}lCt<calfNN
zui7XP>Hpi}6;*V)U_*el^0d=yQIkd{dv8Dq9ZuRY8og1dC~J8?;mZ;)2U>*}3!pdv
zp2<&CFNm&-D&RHP^#lGF&Allftea<&0#VFxxV&LNKB^3!{D)-CoGVl~SO+G3MpFIb
zMEJG;vND{XmEq7~GD_z#d}{T#w22G~6O5SIhusW?1;@q4lc?|aL;IfEw4!jrs0e;e
zsMRmYO827{1Stw2@{`ZI>7zJy%#Hvek#Z<FpREO>e+S>Muxu}{KWxWq53)Y!j9kSB
z=$ru=-(q)+b#W_|&W3*R1Ie+-_NKsuhft^Y8n!C7FOx;#&TPm5jFxr5=4TpG^Lble
z7i)M1R2`&_J${J()Etns*lU&-U^_@c;hGI-B5@?&^m3%=8li$9$bIXA*_}QA-?rLr
zQa94*uJ0&zlz!ALblH3Ox*$1w@sK@1<JmrD#Zm)l@C9UN=1M!V{qR!%vRVfjgT*eX
zXmBiG=S-3ZmWXw>RcKg}AtsBb&2>Ji+fcx0U`_(~T+13hVi<oiFM{uvRw%GpRJIF#
zX1?(SA*u`c8XMwX=A^{j-a5vTsVQzlk`cp;K^EfckOX#6ikhDmkO(kc_)pm4tfvF2
zHzjxV+3=Z}Qb<-n*PL=#;5w9v?1$+)uQB{vABO7t#M5~qA~=F#R#|$od{d9#^XB_N
zie(_gQhM4*2iL@;c+UUnL#6piK@wb7el6RILKuSPJbRA|ou{ww-3k@(>C%7@=v93c
z!`wrv5JJC(+Cyq<ZoPGsKNqxMQwZ;7x2p}r+MOf0K1^sb9Neky9K#XvD))+xAMmKF
zn;Cdal57fsS+1nnryf`=Ja@uG)Qqh$s={0&C(~YfaO#^;J1HTecWqKWgZ+U=3APU~
zH^nf)jN+Au`upMSu}(Ea6TI`WuhlzLo53?Livc?ZA@hT^2fGnZF9rqVkT$4^+AnFQ
zKK&vWNz~2rk;%4E*PG$30^nU)KI%QsgL?pQ{Hb@x_0*q|{&1$^Fozy(@yD5JB-l3h
zD+94~&yseuK@qjuyaduJFm}^6^wR&4dLgdH-xWcUo@Ml<=izzhbs9B>1j5Yj6yM2X
z1QOl_Q#F;5*Ox!6mqECCPnLyd7_P<mT;mympbaZ(%}V3y9QPNRJxDN^1Ub~tb>H-C
zOLotHST$;v@NU}Us97fer;h-fvB-ajh<3{6dBqJ>EEAAn72zG|&~E~C32oDyPgU+7
zH`?s;fsDzbz>EPnIFH9&z@!!mH(D_ADIFCrMBxkBNb&P|8`JjVel|Po&xGJ`S_dtj
zV!T~g-Oa6?geJoQS3lDk)g4iA(U2A834FzP<PHf1E$TG1{bu!+8>PQn9ei^@I4zp3
zNjwrB9%-4Lt!#d;k#1%9aXrczJv0fA&y>(N(~yc|s9tDVDPfy-a0~`{)VbDXAQUw+
z3VsTx=zS4)0b<;j=v4&bgkVT{?z}B&*0me<V@UoyH;*@}KF3pptf`?6XLn7Ob15W`
z&YuZZikKW!X7tx!%Uk3qY+SRW@iii-s1HjN&AT#tW$bl`VhG$Zb>gHlli?7On~J7h
z^XcUj%A@ZW8oz9+_TZ&+yZCZR{eTTx$BUEUzEJiS_^xs&M<j4Qo{lxgJb`>7Uc-3F
zS2_lwy162r(g%>Sd)65!Z#(Mxar<qR7<?8gF!0Rpt)gEve%C6BKExj02&Fs*#s=GE
zL3?k*J}_$co++i48?LT=D=JaFp^O#t#VKX{Ajk913peO37cRM1?O<Ln_uK((pb#iW
zSMETm%RVddpDUEv$)hG@)9_pBOr{BNIdW)19if%ZY}#Zs9~<Lt5DZi)uNLTqMaV+_
zE})#e<c>bIUO<>Fn!LBi-s%<;Jh7m`myOBioyaqasGMQ~{;1;^i3pM}4YVF0L?<-~
z)=7Y|y<Ys}d9mtDV;0|Zw{)*d0B{XLVEu4$g<lBGhh`%`x%=lTWiu1O7L>#*Veq|o
zu}B9}nx~JLy7eYObU{Hn2B=tihm>&}*X~E@=4v+Oshn`_=(LHbExn)0TBMQk3XnkL
z>?*6j)X@4<a=gHvo0R?LF%h5qJcE^Kxk<$HX?fFdcch(w$?~Z?<Eb->GdpMY!KGF{
zv;V1XZ9Aw*U>MDRHQ^lNYxSV&u%Y>}XwZO6m09Qs&+M^W7JtT}OaRt8<}@-swPQuH
z_;tpc-9^v;Vz*o1(K=R)lLY-g#|l0NXWTW7qyd_9^&gPj?vG)1>noN3R0}+mt8C{b
za5*TE`$Az8?2)fXmP^_MXU2#$>~DY9=cSDqsU0HvPx1ktXfG4FlZ*^lzg3(KvdjHZ
zdPIsRV}Oj+?)ReXgS#2hAlw)qvzMfLiK-MaEUk~VaWD6_U<E=vj7-xeNt3s#I@5?}
zS(%yirRUtouu&Fu9_W4vwH7{=MyPC;X$=&y`Wb5#_jw-`D5-Q#2p9g{h+QLz0o05o
z`L@k^Cv>nf0GDdwtw~>cU7{`1#y^FDh=U$|_sTg00Wy~}q^@(_kK@BNy2O{MDl!%|
zHzK?(a_W^`Gh4xnf6Bzm#d34_BSDzcH%MEzQgeYU)aDQMEwM=@ugQJH_*jWFSg5yT
zlD==i0Ak5>o9S<?BNp;!p+`FCJgXviap_CY>fa}Jb=h>Y#a3vz2U&V|VQ|%FPUCKM
z65kG#&6lbB(*59=O{Hn;XjwdPl5YVYc)#0^){>NdvL$PBUrIT_k=-#aD9W}XX^*CS
zE0%ji%E#m+9K~R(`5*+`iDZ)$A*3Q_=w+GnE?-RcGH09*rGdM~(Fm6zyK{~Cd>rq5
zanC`+14K)BRojfrFB}>giKfE=k?Tdc<}Hz_PuTEQhxnESvX2p}w%h5t1eOy73r7WT
zR*!MoaiX&xf5mk>uK+5Vgue~Pkk8hMy8_A8{Uhw-a|EJj*y>5&5oC;7);0Y;EK?2f
zKnA@#&e(hV0*d65yLq=JKdk}w;bGP>slos&Z>lA!vr`y6Wgqu;^Q>3NfJ$eFPCb<r
zq-FcNe;9NTu4;!mOQfw0d#<Yp*|~gUsj5Zw<KM(UpJSpOb@|P7uXwyCI-f^yrZU6H
z?-ffX8~7gWNt6<*>2w%%`3vFhmMZ#cuhyq{V8yfTO_#3@SAEMk_5ID83ytzce2;ap
zab4ctX$LPM{r`BW+l6rAh7>O8Pz6B3r7c6>{D;4E*vNE+YIq{f1rl0-$C_#ik3=ry
z)d+ZMXY}+lL~wIV+;+^Oi-M|XCuDeWkzY>k3-#Zq5r0FYhpTmobeLn86FWo1S9!L;
zx+UZe_WW09+NlZyz=8aW7gxyNp`7qA!82UsE1zNmDPe0ESuv|WvPvsomYI2Z_G3X#
z2AvH^&^Ev~0&rlz02|~k@2g2;MP9K7mf}+g3Sy=8bP7`!%lLctZhln!1mmpgWsBM5
z#P)g4)fGJs3>F<BBUscDf8E)J3j1$Z^%)&Gm)nGvh=X(ruony3ZhE3BT~mqrv$T1N
z=%N!z5g_A@mYU4Xv$PUONAErq(;RS_0L|eI9+UAP-y5Ta{Yunttq7LD*mhS0zfoX#
z!&F3^$tf3fK=65XwgfVh-p}1D*Kf|U1dA*m5D5@hJzYM@x|t{DXdZk<@_t!jic*VM
zHjm#D+3pSQ>pneL4e4)8m3t$lcgS3vY-|Uz%zRSb^#s*?kHE#+ml0FrQ7NW|?ktE~
zQ^XWWm+f@3a$DfwFxa08+~z`Pvfl;J9-AVKG&p}V_llG@0!uX7ufIFYRQD(z)n{Wg
z^&Os@&^wIf$9bK}i8dNU#IabIeW%JbM&$!ZJI}x9?I+bRE+IyvP*piZr8hmgese=9
zEbmoW<WKL4$O4>qSbM`%%S}7U+iiwK?5gS%cA`|V$AlRIyrB+`-!r^ECVopYR~(UX
z-(J~q`my1|uJhB!-FJvEaySx#I4gQX8@)<Iyf@x8yvya$yRkh}Zc^b3Pg}|A0bQ7u
z>8q7se&ehX+&KJNDF@-UmIAX1W$kAbpniqQ=X;hex4s0#m6ni}N$pM(@wz7SO%1b$
z1|y-bX9ZoD<&F0&ZzfYXA7RH^QE%2}g$-qf&x0xmos^AIz9qYpuPUOYrx`ct)Z)kz
z`fx<++~1%k4)OOqq<E*;e2Le2)(MI3p`=YU>7#~;0g3BjJrTE$1V$9iUsukYTo!D=
zmt8uge=o#CU+eUAUQ{>%Y;KE9_{XrBxhz%2MsYQliyQ1rFm*kdRF1ivGw^*0jvcac
zKuD7;Nj<!{j~eF=bgu3S@<Wd9=zJ*Y0V!O|FU^~VRFdPHxX}_eKrB0H29QWu+z(CI
z0vcXFzE!Wl)}erZPtGDo?JZ^gwDs%RNLOJt>IM8px@^l`RO6~j=dRwiE02RdP&cxX
zm^*B<T&u}yBJy&E59^flhD3kyOE0Sttk<-0CzM}IS*7_OFPCJSp*HvZBaCGNWE(8$
zMMrOTg!u8Y{MfiMaIJS?g!3Wjj}^Um62*-^ek&tK<NVrd;04;Jsr!>9K;9{=FKPDF
zr$pB-7jw=Nz+r7pHI`@+XRaHwL3^5xbv(N@KcFrQ&`Z@*Ssf>?VD+sBh8~ZVRW?ca
zE7Z}<?d?D8UePrNy%>5>O}jxEV<hZTORm0REKuRW%_4LIEcd+Hp5ckQZt4_d3la<@
z!1P*DHJXw)zQ3>ECmU(z$NT^nh86NkHk&wibn#b&uJLoaIU*{24;|;8Ayjpbg3&Qm
zte9e{J3%%mih7Q9KXTisYHCQO$p|#%M1j6V1vkc(3TP6~*rhM~X743gp$nw3=-U7Y
zE4s^NVVTlm#NuhuwxS<x)nYnew>T7xo6C=JJhsxwS`=HXO}|%!47<b{qffe76XYJP
zv%jP7dQD)xsZ6hhj52`lHVhUUq{dP%=|N)^1AkhrMMl8EJvSBq7^_RMVn!)C^QhCm
z*t!d32NP%u)rF$-D~)65%Ci{Do)R8w7Z6{lNCH>A$@4ml;5Fqr818P>|9FBMyvD3c
z70ph@S<41@%gfb@Jl#tXa^~OFlOL%+sHk=lqn;HCvc6sn(oX$)GrsPp!e2!xnA+xu
zQ}u8p$k-|R`Q6fxDNvaSC=w*G3KoiEmBq#1%0op{J)Sd<x^|K$Q&~$AF*w0YKxEFM
zAltu;qFXM05VQiWjT1-?K|34nwcHI$C#`C8*hYkk06zx@wL3{cQgkL~mra<k<H&(Z
zU$9>(m~qmXdCA1wN!6^g<=tIr-<Nx`&>(d#`e!P)^i>Y`av^&tbqROPa}ok4QHKKQ
z0H03B5rh6#C`EuXHLeib+>OPWlV{0>HnBa+?_+@Hz+v%~b-MvEzKYKgSD}eUFnjC<
zCSLF3TO7b-E~)e*TbU#B!rr&x5y9@ZCBh=_=*f-zL+=ewH+0X3fFx7l@^CT^aM#~b
zbzTE|R{p_!bwn2smj3tkpp#bX_O|^cD+L!%j2^izuow#Fv+AWw9Ji<wzQ1Z>?|~oy
z=T@4p0Cj2{Aq@bcb9Ug7Fr9vu12%V3m0a>vA(}X<{GIfM`@=*Wyr$KTFVyT2=5*2<
zN{ZNxe9SLnMo!&YE$cM0vBosXS;i%E$h@qQzhp2X)llB(i*Ev$%ZWpRb=t!;yO;>|
zsd=*PIL9yO#n&V<jD;Zq4YFnDCd^e3;Rnf3PoQ8JcU8Ndads1U8%h+^^%V;cz6_K~
zQn;qag-@@t!#%J>st|CxwPZ~#lAkZ{)X*i~$PP*M34zTPT_E?UV4appT>TJoDN?)G
zkaXR454MeRFOq^0Kw-?d+;|rksc8U7D)8gOh8RyDR~eB7Z`K*-FhQ4AJFoTM^WQ%4
z&!^CRbmV832h=d=h1sr#cS(=Kz@ZzLyEFNt^zer1DRS&Mg0u>ta}8~~HRtkleDCLI
zDh65Xb%oaiTqu|5>Ij|e)tN%hhKXVK_*H0$QdWpbOE4R{?8G@-A<Q&VGcaU6Y8ns?
z%ET6Fsa)ZS9C%#`dN#`#YXtR=%%x<K*4<q0QPST5$V^8I;5#<D{Lr8cjaC|Tr#YY1
z$Q)6xm2z)kTgKO9es+?3f`$9Ex18W?T}t;>IKWBw;)wdUkQ%krr#gyqdJ$rw#xtd$
zP_~CN%qo46iQ6PooXI26`y0ZAa5ZTvj<;d=SAWLd8YxWxBShX-uZtnFzDN2_a-Gv=
zCqD>gjhoGrTpNCfN3mmu6mNq8ueigqZEsUNd{PE7j8=2AANE9+FTxE&O-p3hmRF>Z
z9HkC(wO(;P2&q1EVI%w)wViW^mF`C8KjLIjm@*64TP^Yciz3*lN$dp@J(&&ZNOX5`
zw&H(7fLW3!za|q-m0hjdkOD%p`;Ea+bWFmNbW)v<pUdG;3nRAB?g$@ZBHSI|={xfd
z;Eb0V%XG&q<PqotgRZW^`LDH!Y3=P+%VckbUa}oONh$NA8Upi)yXu?D!zXcTcL&;U
z;F6=<l6O7o9;pqsn1M5u92uIebpR|51#o-Q;W+XE3c@P_2}qV&DNe!u9u=N{&)UHb
z{<iUD7^lbWNtl)=%3ea;{&GmVWl#RReufbirDUy@nC%Q^)ZMXJL<0uYllF>(LZ@7p
z^aM_lmFvHbllJZv({7ix1oQ{?22OX@=B^m>{-AOY?tukeIQ!1QJ4U^Xf{?XTb{L6E
z=y_^!Yfp}~dH|NG%-8KTaHXu`ASZ8h0U8y8t**1Y=31fXr)-k=UnW{rM5M=+9H#@(
z0mT}YWazF0EAj);-Q)R8+pHa!RPGtEpdk_TsXGTH%H{mU?;o)8|JGlMbSeq2=Y*7z
z`byTz<kP)ejkvcrC~wWr+xH`)|I7IVB|iXZWT$68_%>-+O#&<YCz?kEmng^9J5#u^
zc8(O0FXh79p~2drv5$UaCSO9^Q=Djv7d>oAX8M+OAJ;(QNA`8r-<nO2eX$K4ap|#R
zoV61g^FbP7CqKQmX*Yd?GmDR6WM~5OL%|WKz1Wz0?CevlXNl!Ig~Z+#HNlh;^oM7a
zoy)rE1Ll^P3lY=_Zg1|lc2TZ8GhTNm4VlO?#gPNUGeug=x=%?EaW|eDY!WDkDm&&4
zsbHwtcKcMd)Sd$2Ib1{Ru+=O4|Du>DI;+75D2{VX!bV(C)q6ZA@-`4LP9^p@1fYmk
z=(=EV{qY)H(}yN4vlnDtbX8MBig>gv$wrZyL(shAYfQ9Uff*NbFO)CCLjwY%*o;kd
zGbVl$284psZ_aVUvR*+5^2(-3@n%IU(Nl?YQOR|~?{3VoUWmA7@AvH&L<>wz4h_m)
z?rJMMFC3F6@Ax5|>^swbX{G0+nFNbgbw@9}D6D(p-Db6!Qh)gyVz}gXE!INs&V@L2
zJpoFrp1m##iwk+uG=@}>R~1Cq)ko#6e4qZJNK|(8H*-Q(Q`f|oA`Xs3v-i|`adQlX
z{MitAo0I%zFHnTvs}d$)0h8WSv4e|CK(o|X1u7hDs>zV@m`k&__i`6Wxj`z;Ie%xW
zr{Lt;gG604A2e3>XGs>Lt-rzt;#gS@kEyKu;|iz|{D;0r&e3#9j@MS!ivl8n;^1<G
z0!)%*jdeBa*RXi%KfK4M*s5j;G4#Y00IFTQSRn)bY|QWv{1vKogc`u}-<vwa=Fu=q
z(Wjy<6w3{#g|1?xFN_Q-2o`$-TM+r1PC4>t7+`G@!zVuxQj_JI))6dZaAuKHiiAY-
zE00b43uNfWp(OQ(FQS4+NB38D@aH9p-MM(~_$u=P_o;eIPZGewGi6_#APba=GHhBa
zU7VdEl(j6Iq0T}6l!GkY$aDLe8sujc=%u8E@;UI81EI^+-K=8~A(m6OA9Kz+T$3%j
zS2LB0R1}nzyyu&Und#XZ3rf+*TeUx%@bwg%(iC&o?<eJRGmBoh7hnN_`NK`Pc@g+I
zw@nLnn~`O&N?b@&LyCaiO`{j@(f5pJs1SZCO)cNzGT{R8@mZH_=nmM@x_I*$IIdjN
z+u6L`MQET6H{1r{lC1lZIbAfEF>^B5a&U|Z?74BNJss<G9$O#`h)**F43LjLbo159
zWfgVNXXvpa>0Flg5h;a7-MX^glba6c8HWLybt|Q+4;CZNs-I7K7)m3wgM1hyRDb;v
zw|h_sl^pi=%2qcstaHN#xM-G^8Qjw_;Fs_v2C5l>%FH8a?tM#H5BS^=CjJ;*oYu2&
zXBha9aZo=YJCxT<zEP6)D0C>=pGg5&n&XtQK#mz|YY~t3?>k4~^bl86&2I0>pUDP$
z=Dg3{!&MjWp;5P(bWJ3nwncl|2g+HKfujOog(aZM!l5u+<+uB6bWsr9-fMLuboGH<
zXRKE$Cw&4m1z-V#gtc~)#$49^!6WCg_@0%|&^~S@>v4)}WD7J3M1ZCLr=bcLNs5}?
zc6g3=Pb=;9+c+<rYm^GetR0~wYWuy$US(loi%W=uI4QO=BHRY9BATix`}#s$j)-C-
zZV|QN)%{#x8~7qp*$OMMy*Jsjx_qp)%aG=y2nQM!@$l>G96PtO?oh$v4SH8AU^He3
z3%~5#KbUBPhFQ+1FBBdk(B~cfDk`tD#Qq8&YpoU*L`>!!^O=w9ho^T2;A>cPrI4y9
z$-DrR@I(P$e<Osoy>R|}2{34UO<W*Q1>?;<5a!3A*-4PXVA3x<f{`d;Q5v~=Pl@_Z
z$1KjA#oarA7wymB;rwU6$^7KTgmjnhUr+aC?}ES;X8jK5#j)&g(pv;ownG==Iqhph
z?}S%EoV&BZbroDK<{mkl5|xwiQwwVepx<BzP{QSt9U6fD``UI<{))4TrT3hLVJ{Ln
zy#_gwP&dxC_NzV$rVVP}p}(%qv||$P7AXsu`;QL$Is~_vvhf~SybgG1&ir_@QP!}L
zS+5J$%W3pe0t1h?fbVHn7m;A26HRn;t{X+EdBVg792qC!v@()qf?WYI8WyiJ4U%91
zy}MF(O3*Nr-hJm$3a7+MFb@7`pv7@1vK&t{8*o*82Opu4q=^@eA!S9Zm#!Uel;Y{3
zNBEB+UL=Gbm18R?C11-e{DATD`wgw`I;{O_ODGxMp^K@;>WmnQ*G1XK#a@p@g(2ZO
z)5ng3vCr<lQBq(nn8)%04dzsz!6Hu(#g{?5U$NjJP|Ae@wq?_v%qmc4uRgNewtCB;
z=#j7oj*}u&KCJ#|TjmtYoR_bV*-+|Q)t$PB=j4NGHZHG07y6;1zH`qt6txR+A`@=L
zwq$j-q0wce5E9NWBUBpBB|_no>9qRr_kvcTrMf_WDT0kb*sirwa0dz{oq#YJc-|29
zYSA`v972I+m!scG=FmNdjS32JVwqbzI8za_Z-=MqnQ{A0%PVW{7t-j<<s(^ql<1TS
zN|@bX+MdP7cq;>ERQIs-8;3<pOq(i-LRh}ieO}$9uw=L4D)Z#KSQItYfy|)wMMi<S
zDPu)Yq*UlZh5<pidgspDP-9;O1*FBFao5pYV)PY(SCXSFc8Yc9_y>zHu(x1tO7p2}
z*-t145M_E&w`waZ*bgP>55-@44<&wo*;m8UxD`Vgt|l6UD=aT1JD0-)T2u(6!*%RZ
zN2qL_eD?p&$~oVULSSYdv_sLzzZHVd*wltd8#Rlr<)~5aTrLdcQ4+g-6wu#xar-`U
zrHK^s#%`?fg_Iq%(-A1gs`g9mn@jws>)gz#qsdfo8Gr5W`U8!OK9-of10n5G+p$Ka
zvCpjVPpGcoyLv31%;zyTCyO#aNpmi9-xyp+b#qB9lm}Q6hx1Uk)sqh{a9E0zH171a
zGXM6i>yuet*82)3?U#%J#B`bV7WXeuu~BOj2(T0YsS~B_cv+3UpR@MCOZQ_Nqi;Dd
z{VOd4q+YzRs|o6>rC`Nq-u%qU=(iwP&(9{FtUNdk^5z>4G_U`K5Rq771#!$Sx{}Tn
zav%`<^3n++m~L%e2-`GMt5V6bt<QE-ybIPq?OOWN7`LWEP<S@$HY$Hybnpf{dEKv8
zr!gpP<NyEFRy!G1xUpbfoNg$Ih2xhp8b<rw7FT^5zfUCzKiZE)CD0!gjLh^*u|s)4
zVFoaVtNfe#*bW6-=$7yq+Aoa##Z`dIb>~XT&syHxgF?z2WIfh*qGCTn6OSKh)XPBD
z%^+wH3;lT>TCP}yPACZxaR64~2mf%zZ>+n-df2*0zHx6Jn|C>M?D}rQ;)8qY!XV4m
zoe@B3wQLEmg()4S8mIZM=%uJ+)VfG@_yblCWnrfe)l4nUOIkqeMj+4mgbd5K&snuQ
zK#Yb}60n1}7P5Ve87~=c^})u&x|8OxzCk9I_3Xu5T}}u}|4ztGCBTos$jrH|G?f~y
z8)iHwWup&Iu`pD|JW`Wjq>0O1vGD0mEceY|ZbxU8N%*W|%Vd7fTAz^M<BULydA*bJ
z$w_7Q<;n{PId@Zb<>5~wo1LEwEtgd#goV-8yD;+u_|qF&q)-4p)?VdURfTne4xx2V
zYk!~;qTth9FqlwPy?}8p24A-!#!$Y8*UwlF(;Y!7Zx;-}y-&C$`4H*}l8a7E{~^{e
zrz|wuF_0%<S#lrH@UbnJp%>+E6j(ncee<Hb>}iI^7CtP%kcj!ytKFE4Kn#1mKWU~J
zbxs6hf6IALlCC8>Q=3wbEHx2*;OJh>qGWh>#=oKnxiXdqq6RyDfXpFuQnjZS2vYaw
z=*T<^fnHnJ^zyyIsnYjQ7eHMt?*rM^0IZ`eQ6v)8ZBv}0PSH=9oz(d{pI&`8>yLMo
z?^|dutClGP*H$I(EJ$y3mnlT`B21pj-<|hL<}1p96J*p;qgkoig%s$k7j0(Y<DXcH
zq;}DV$yAVMa4k>|*-0_{bk{w4q<HNsqMs((cAgsKB;TVnl(6q1!P>ZRxr<8BxF4nS
zy=A#1Qo9E+QT-JXRY_wP9K~?#de-Sr^N>%y(D!(F0J)Zin_h2H9pV_@_QOPBqSAD1
z_QQ1=MxTvKKa$lBRB2(5ucLk=r0;b%ImgLt?3)uED>M%V4!IbkQKvzoP9ke#a_zEo
z9{h|p8eV2x^M62BD%6}!KuXRx<i@l$^!v3epGcxQp_vnj0bu=V(J@Y)eBs@wQtp}N
z<%1UkI`f|D|K9Iyu2kCPhZ%iRjIaJ4&*DXX-rhLYGKq-;8*RF8QAcmOm#cnF8v3iU
zNU<}iE~&ZG79mt=Z%6PBkG(4?N{}!+BhIL;%WMC<RFpv57wHhq%zdUMp!yLFAC%5y
zH(B<|^l4}NFA^S{#1)jgUQ@<~$fM{&e((i&f2h^$0eQ$D3xu{@AzEb+m##@w`Jkn-
zAYk`O5DGzvCbfdL-NL`48@>J>!!fTZU4b6tEYztj63QNY>4F1@5Ga(N`+g5`!&9fy
zMX>O)^lQX0|E2y5x5cP)FRgDp^>6gNdB-A8A#{s8LGM*LB&<c|&rBlc8sU5XHAgMp
z?i<Ee7%dwp5MTmKY(jU66KII(HAE@tVPoxknXUbu!z>g_FcmH0t$GcTWE(8#^_~98
zrCD*d?$$u0kr`Cbqv!BxpJRhqAYEBj%4VmR7}9a$WRlXT`eF3g_3GLXC+R!2vD82@
zaJLpIyA+`Nw<rEA@kb%r0(A}pbe5kjZazi6r_mikxH2P&7jjx>BmJ+7g{|LWb=ZR%
z1$Nu4ZJ_!kJJ7Hon-2ZEkr^o3s{HOMP?4trm}YZ;9Ha?uA0$+PG1muW0C&}ZAke<A
zKSx>cZIj}A@<FP8)vnCG_4(Lf3(IlTq+2537a+6uscZ)y+?nmD(|%EtRBAzf=;Y(_
zp%4K84*U**^R2g*6z#9qq#<J+a5O~e)9Si0%M_*_E$pKslCPqdc1Zeg`-S0=!0}2+
zMV0$S*$+~7S#!6gOD;-})~z8C`oN4Z5o4c15b)pg#%X2U{e3mxKn;#2C&sL_UO6pI
zTg|WT2pB-x2>>Vr&Q*|!<aV!O(l}+D$DDJ<`og7=6=L{X{C9$9&5SO@RH_bK3Dx}!
zN|SY}v<???du%c%9jH#SSV%^Zoj8U}UgPX#A}cByZiKRvN8r9GON?Qlqsd5Ld`*is
zfcn>N(51U<6f=^nH__AxeASiD;#|$v26?D2&qj)dnKjlp9EI^0-Y<J%lqtrk0-zRV
zu`o1S)00}eJc+Z+U>nX%Zhz8s`d>*WV(@_*pbI)WNw<z3qxH1y{c}*Y!suHdj6aON
zAp!7Nh^=U`Ub<SJm#Cxbr}(VpYdW8%z;sy(^SD}^3B#QL!Q$fD&#Ih%^sNKg??3^-
z`0zQD74ios$HpjPfMO93fRxALI@cT-%LR@-mIvmxMQ#(I2_*pMCY{}(fDoMb#0+fM
zC8&y$@<y#Kv>50`eG7l)z!<9xEy-0*e>rd7zYnlSkDIFqdn0o57!7NIV+Nb^eMk`W
zCk^s(Ck7;p33LicV$(z3yn5C<x1?gft!M5_SUvMlN(kg5ug;NcO_0pXW@Re$6kzo#
z`q>K>a{g~`qBmaE3)0&oFDUV{dfGN5a*#agwEnZ#V&a#kL3`GcaM+s|gBT{35PXJ(
z*q}8k6Et3G6kT9w(}qwXB4g1u9`vF1kO)rnlWXO4`D^j4U&1z76107<P@g-%5o<(G
z$;#QR?Fpl~+3&A@#*`(r<*_(L8YShh!>)*s{*Y>LUouBX(bf7WfJE&>s90M1{32b+
z91aldDZto?7P1;d`6%ZfHwMHyJ<#0TYZh#Iq#pkyX)i9XyAM!h{`bxc?sLhGGfL)^
zy{yiqov9QD^6sJ*1H0J1Cl|U=MTa}}DA97oy7@JQ10o7YZb@nN(wzSa7Id{`uUIL#
zu6aO!HUUWwrxxRudd<Rsqu(#H^;z8j?GywfAFhjL11pjZiHaB|mzoo;|KuySDGT8s
zPC206{*%#EYf7#|E85CJ6JsqU_oaFFgo*|u@y|Ti&s)gyW={{@kNI*v&G%AF@c|nh
zRlX|<p@$Q?r;UIKz;y=mGK|s(^+^o;fl<Ar=m@#c?ylHCjydJwo#YJE+>3s&YNvZq
zFmN?3DP{>ki69v@lM!HitM5$y_O8b9b8<MQlnzHW3Q#(UKlVfI!2A4mGOoeMQpO;<
zC<rR&p$##rSVUl06BCb$sUWw1eQ#Rx7T7&3-w$mjExiN%z0<*77(^H{({A4?@g3fk
zaZ`g^c4Hn!Rf28^Xh#eqvL_(sXQ&t!5(N{jx_j`SIm+Be1H3HkxXU!XvyuH29W0r+
zGO&{qV6W0nvfKN+lgzHbT8}%J@yn}g@g2Qngwv`JRrA6njg)PGEHeztcLqxK2Gs;8
zi^zOZ;eUeKGl};zeI_nOr}D0HvUI7>oHy;B>&+}Q!TQ>B;Lv<n4|MEV5!)*msAvTC
z`Q##I22gs$stNoZfO4Q8oSOEA44q=%np^-{3*?GVyTb||`yTyLY~zkD-2o-!KW*v9
zrp2V@C%3^Si=;oxXA%rvS6mwJtB#%QKQcMsld$HM2eN_s2`(1+#zYQ~68*j=w6b8e
zx5bkA<QRD-W;;3lAd#xr+BALdg6lS8C)ecAkM${#@l_9O9=|(63>2x{d4#Fx5l*^{
z^ygW!0>Lqg2Od7Tit22Xk#Q^KXZ6(2G39J2LwC$&jVf2vsZY9kMluCwnA|kE*xdd0
zlZ~|uK6^@zL8Jdvd*-C)$pzlKH536bwm8fnGZr!KE+z$Z#=_ze6H{oczC=TcKwkBl
zHL3(!$pbvDD(6G#JG(X&l;ZqUP@jyorcph&EiK>)Ipwa_H5^~o4KB@ski$hF>vz1a
zvt*C~Lza{moTUKg>FY?_kd({Mi{RkO_Fui@dpqPg*~+kJtzfX;BTYfW5>vi0cJ@cn
zW%~K*R+!>}X^6bwc4@Fej;Txt&vZz=b#1u|<CC5w|B44&T`iq5?jVf`$wV((*K|ZS
zq7(spn3_2rDiPdSn!e?hmBTC$b??Ni@aM%zh;1@&pIZ+7(n%xPpFxb);^BRQTp|U&
zq~<nrLjY{?*lpxGy$9c^2unT3l2$3I*Qt7RS`!P6ca_n{>9qaRt*hI>@w9hl#cH=h
zt-d$oUeyrB;y^t-B)Xps1vsE_EP*cnIX4}YA6~ZsV)`tbpMWFqHj<}(Sgtl#5=8I`
zMIwaNb7!33!Ak6=HGI+Y>#5}s?;&ch?HDixRtwps+FrzhT=c6ZK{#&n-e@}4Q;T^n
z7aFz^rB^24u~RDa2`vV%3dN}OFsS#VRwUI?0_(!I_p9Xd$d!0#xkE*1oX*8MXw+Z&
z;KR<#5b1I+13ESQzgQ%3o<nT@cHnl8QnG1(54$7c7@I_ktk6j8W%!5#^k@SNy*rQ8
zMEW$6tp3`ZiqWa;zq2w~=}B&wKYq;{N!A5FwQfqWL2dDo{TIP7M!`qGtBn?3Q8sVo
z@>jK=nj`b@OukE>P28kPP$d0%7<n%}vn|aHE*1c;$;EzO$$d&cG9rsmW5}LV<U=O3
z25V3Ymz<EMN=~rh6uUkq(>SkVS;hN)44oR2uZh!W_6pMC^`$A_KQXLE2fe<~i3bo%
zKT|WAfxIvd$7r!V3ELjW%WE`P`8P|u?qQ*O&P?4@Eps4GY2JfN*|XrGPeL3FO>zId
z$D!*W`g^bJhQ{<(=iH3^x_=_L@nZImd-(i!s0ne-W&jVMdNX%k>g6iUn_vOpNm?an
zlsaNMF6a5^O0`b^QMH+{=+e^)w!&tKx$OwURN;iNm8*q7Wl)Ru5U1NZNjx#w3qvjw
z9Eyi$%{fs97QF}AgkCk9I2N)ZDK?|d^ET4Q%E-{({>mBndMmj-y?YnWj|@qB{xU`P
z#K53Y)x-Efhj_U=lwIv%u0@nZb?_46_nG2?hJ+-CT*LlTBSNDiORz8fJPxr<86$8f
z$NZa}{R-G^1z``#3=vGOqenvqgQ$G33NaD{ZX-8t6kdP9vdyzx#w)_w^IaPG%>h7d
zFo92oL1{ZLoa8D~E{`Bw6QZ*P)+OSxZTnoZwmZL;n#>$8JH1aXmDPO-)`9RwAemvl
zwd*V%MYfLe#_*vfq;zn}PF;~a!-EL4ijWw4ae9FxKQvSwkd%LDLmp3PX}+nfBkW%B
zZnS|s^(#U7UV_ZX%I|qAkp)43Wdv1dijD0siHb1&$c-WgI+4@4PZ&18qJQ*^iuvzg
zwV$3Q94{ut1K`vIH>Ls7{v+Qwx5oebBP)A0OMhwz`B!+!>E>h(z{|D!fJZPI9SB)N
zT%r>MGn5#(v#80^J@|#7WDymwIGxn!RtnR*Yd3dXP2f|Xk-Y5XzfT&)xbc-0+@C0=
z&>ePc{noT^*DrpV{i~N1VmH++2r?|8zo^=cx>=uU(J%D&X^vBDZlf@vwePzx>F1oe
z18&>ch;jo7=NjF01rm7$E212CIHuXg<sJP#^DC$^p3#wa2${A%b%-VPh#*AN{ubI{
zQzNF*P(rz(Yi9T0*e>X`9lC(AFT1aynJ~ALI*KJ2dm7k9X#&n4KRNL4%@pfkeHT-_
zB$tp<m6ltD=5FF57$q1r!w10Evp1Wb{aquLR{cR%wv2iT`vgTKrMGT(Wz9=z0W{Gr
zDY8L=aR0NgimS2KF7U?upZ-OE0fcFV#@i!u!@@So?9fi$P@Mn2Wv?8gs!2{wpLBuJ
z&%%;Q0VEg`i}&RmdkSe}-uK>5w8mbKuw~$LKrccKZ_z0A4o{maYFz15|EZ&^XnIhb
z%wTiHQy@+C-h=MBD|VJ9pxQsox@D!BX+QYsh?zxE=*C3jnLCLjpXVUc$N48_Ifbta
zeIi=o*(?z8CLtQ=m<Z`}pg<?rWtj^tUrxoho0J?xrSRLTs4jrRmF>n)MI|y2Z6Qy*
zW&iK|(tljfVKsq59Mx3OE~w~-DCodH!t&V3YJQixIvNc5%Om?-X-F~9EIKcKk$6^G
z>(0^_M+?K_;Uj9eMxOd;qicQ=$?2N6jV^DK1gYf_-h%usETg2^`~?wKGPtJx!iC&E
zk}n+SKHjww>PB5)9#xsl*K~~c6xTv2q;!Yz9eQaBfEP6%8~A8K6`xW&?<|5)Jgu(9
zKxr}KTYYTw+?Mu}l+j3ML*Pd~yrb`bLB$O}_P91TDTI|5axkzITA%W?*b=8d8w(`?
zezXyZloN}SR9aswKo7pd*8ZQ_wb+-SYrFeXMyy5X{-*Roj$jOkY_!+kqXTPNzu|~{
zd}lIDB&qKbh$-6cu{XNFw-;0Bl{DVIh{uXptT#4Y<B2ETArp$KvLGddudFXBXLsKR
zhHqPSWv#Oxp3IR}Fc70Og%sZbW8KQsV;61fY4>`X#dQJCRC&g+RHUDTOXv<MQH0Dz
zyn!}fH~7e$W;7Fh{Os$x;XmQw-(iy2Rkl>D!Nfg%*gFl`g{{L08hV})5aTBo4jxm)
z<IGp6Fod~3jrTesiS8id{Y(5(=W7h$Jt1lE-e0$}AiH402u>>h0naU=?TDjB@tONI
zQgTq|Tg66|bJaQ&iJ@}6YB?;C5P^d@U%30W9{e>`sa~DQ0}Yka1R}Zyp_q$kuPI`g
z8R~1WSbDgxt6f!kNoey-*jaqNTEk_@!l)$IGUr>|kEYtHC*q8DVGnsiOj*+IzSI@y
zx2}I0%@ATqQ%f$$pY%?^wDc+bN(~IMapKQw{fc)O0!bm&g@yb(3K|fID8%`uKS=N2
zWRz)&4@}0;&DVY)CwGW{`3;H8^p9*9CUuMk8~nqwKXHrioF;WLZ1(=;E!UJxi`|<C
zoChuqgSlUHakICFH9<e-2hxgoH(K@PZRzY^bgJ)nn2J6>`aSsw?jCjX?J&HxLR9wP
z#4+sBaE$L3pF&`2d=Mu2Eq3w5wsT%m86M7jg@FH^#bLDO;^UtXJ%TP;#+k?uPx=7M
zHwfr{jRkK9RwS_FFOk^r%MB4Q@*MqE=uC5^#B<~a;r-->$;iU9ICidbp};*uQ9Nf0
zSGVWrhR=D~;&Fx@!TvkPBgJtwQP$?1+d!n&RqU?fmcTAWmE#cI!BJ>2LEt;VSN2{O
z*kC^EZl98o1e@tT8zCqE_X_~`Z2;Oj-tb!uJaXD|lIhY+(UC}Q#GeQsis?jAqrfW+
zcu;&)q3w>vT4MFY98?ioZ*&UsXo%Wj$$>?<lfG5Q&S+*?rVilWl`;?~DO<9g#w$mP
ztiqwjpM)6(TDlKRMlJa5k-k1hC^;oPHFepAkwSNOX5ZDtq$SdJWBY)e*ADHv*~xC-
zGl2^?^8$x`-~HS`V<9aRO}I9U6-EstfBbw-gV5liHt4>#gQ|?HA0!8JEa9>2SeK%n
z`cuU1hLI+|UBH;*(#)m|^f2bgG4DXp8Lq=r95A9`%^&TTSR!F5MF0MP|Ld~Pj>SzU
zY2e%~xuM3P{LIdhZ&#rSKM(9`e~}i4#f@V2Y&{RhcuF8C2=-%6)C>q=uc=HhoC8Tr
zWtBn4N%72SJOQ6k!x+9j5aJL%oMBy1IAsuiQHK}P+*Gl06)@Vw{Pa_Vu?>xrMOxq>
zs=%3l>jc@55B+Gi4h3{fw-Yo1J6m5q_9X7c*hmo}-j{<nQ)7Ii3V?vmTyN<LHkWn>
zMC?{lWbZU46mK`tT4-GPQq{)HA+HHu)hq#F^^>7t_RazK#>kFXdd_0eFd`@WDU@>+
z&ouYf<vth?T#IV)zvhkkCIW_!YpIv%8+>2*w>aZxq&hw??dG`fFzXq_n)R5C1lYFE
z7t1^{leos}zMEGW7#H<FJ)*q7m7zqVxNV1>er!4n;Y_q~)#nBgrhF~aq}n}}=G`Z&
zA+lN)Da=6>b+G>_r%Iq}`%3_`LIVNYK}eSP<p+f1am%GEFtH<XHYW_w9$TxQP1p-G
zh#bJvBC#@0gx!U8#|07_0BQs(Wg`DO1uTyia5qgXiw@Z2{#OzRITYkeAS7^Pp6eTN
z6X%Iz^pbE7AJz>ghlAE+`TRz!yv6B{&46aQQVr6e>k6v|y+Nwgf-SdS8+ZXB%tAQG
zZCryn7^+217s`*=4Ql7G5TBFdoR+K=5P+mtpyVb;AiuHU#PxBdyCTf)ol63V*c{Za
zFAii=<)lG(o29F)1?7x`kuo=$>ZpfAHF^Aa2Y*$V@grwK{0A+v(B{=fsz#M%Q-Vb|
z8$=tgzKV0;vsXrI5DQj}%>nju$h(=0=l-TYOBvs>7o3AapGltaF$rulp=H6+PI^qW
zXJRU-HrRd0cy2fg)8pn-FtH;#_E`|e8L18S<LG7u%Sx|q_I9A2qN0@OS(uoC0**HH
zzuq|&K9|suPU*$Fqi7$-TuBu&<S@jHhSbPFSM|yo7-b4)D0;78+fQir13WCXsa2_<
z@b^oLquIv^h0fT1eZK3rI`u12dL|EF9*88|!gb^j006@tq%eG9_0c6ZN7hJ=e_v6q
zbdj?T3L5OEbkr6nRT&F-9PR`>KVNE{<Y9oRRdFSpU*CSprntcM`{~RyTX}I(@!qYN
zh+70VcKQHoB{NZe*7KVyhG=)6`@8s<It8AW$ID_f9q)O`+?VF1YYb@sJKk*A7L2p4
zh|tJjwo<(r3@C=GJhU^6@96%|9De;DkK1y|QqXsLP2t+DHG}lOi~^*fr9k+seDBA4
zD8=GslKr)7$CeredE$MvsH()q;4Itqsa#aa8$e<-Q(qOkQ_rI6TeF;>I2274?nh8i
z1$(WLGstttv<-XVytEhVq)HrEg3za*4<jhc(oB)J)wAbS#+;WRyHxilg68462s=&O
z=rE{`dBZr8^6%(*lTKN8b(Tz+hPY3QX0A)b!cv%OMS4#9pFzko+0UL|umR_Ev1o!}
zjVclclxyA|k2xB}0dG5yzZs+(TA;u)gp$hj2ojpU1C2DrEns2kIKAsN4BaQW9XQ~C
z*QtVuKo7o-?ze#dyn0r6Rep?Tnb8#v^4Su}w?EeMx(x;Nt)K7Z@=%DC_9|d+U!=_n
z{;;T9SlHqp-GWRP>$Ft2V;61UxX2u^SNMu**5r@GS@CWrsH?uNF7IHUE7+<mw-+3#
z&|6J}O@c1WlSrXhp&1BRf9H)BbcsJDb6CCSb;OQauvw7LN(CELF~s>KF^0h`VsIrq
z4Llrw$Rq+NrZ0^I-$&z5%-Y19w147cD6KUpL-xFR^3VSB+gOLpaUq%VEV2i-3n(S6
zJqhrkgk5ZaR7#qbS4A&noNyIvYaB7Mts7bX-EY>`B6%*mq6){yUfL9+qCO?0D|OYO
zH6~au=hAt-H`L;1gzY6ie4ym6{x{#)05d?$zoJa<6)LYN>(jCa{6Q<&Hw0jpcurA*
z?b-q1gW{BdBK=mqBl6HMpmmq;rOU5H1;%uhQ+yf4Q{VWY+-v8&D{8}H51USSu)<rc
zcz{WVu*g~m$u;lA<4M>h%n+qzr-8dbQ+3IA>X+P`1)HNQU~s%uy_E!gt5#=ZzaS7B
z?44<K_t!0=*{eAX+!0uimD<YPH*Q<3{L+fbqG>K*pENtBIAgsGodZATXH)J5qNxDt
zaQ)+R@jlz#1JN}Bj!cPpGO(F}qAXYuEXXJ7fRIF2(vA?4i<UV1-Y>iFwD4@=6S1e;
zjL_pV+JY2J8T9-YyeY(S!8sipmLwn=V5<tg-uoVk@Zr~o7vi!y8i5f_j@_V=>RzfM
z?dcSbmk~=88_GQ7O_NN1l^{&Muqb5;s*>yZU!u`8eu#niV_|+cTsB5ef4W?mxdBc<
z!5*noqqMgndqWG$S+dnKU#JdRmCt{T`LIU}T<RVbse~$K{qG)uf9;{w&gqUB_NdJ4
z{ZnC*R$Or}rCC&6WGBy0vE85{tRIn<?lccP634F#L1cA-W>(xp2YGnt-plP3B&PgS
zT6%WQFQyE(cdg>>Jt^342*4gW#}i*cR40O0RawkL7;y9Qk5PNvBYjRF6+i3<V~sC@
z%eBbO>!MHWuJFx6RXz1tEuJq}7^}*#6aQk^0|qOaY_YosHP$UyHHZ{;$7}q3qV$Zy
z)hLUc$QS#k6XMtliNM>{(?W>e%8or6)Zcc2iQc3PU;x<z2%)F0ZOuPUvd@>&7gC)2
z!@ne=))lv|&@=J;5Q$a3<FrNj8{)}!+mC+3xnNYHUvt^hac4|WJd}yWlHQ1vM)13h
zsB4w9E+LH@m5|hXBD|&JTa^EuqA%X%C+7k&nh4~|SNiMPQh=zx+Al%Agk2ddI_(3L
zP2h?xg{pTK;`O7o-5Ba>bx=*EJ|3MATjL)ZQ!3{22aQo&sHekrW_XRg;4bMoGtB~A
zzOl6JHP7yrSb1FS?=qBKlGhsg2|WM2K3mu-B3Cj!wIyCCqxblgxfR1=YWl7Dwdek?
z5~0HB&)VcoMS((>qkKSWN-(+9a)wPJlqL$8qm@97{LWbi&N>wIA90e_wpg*@xRUsx
z%iT27c|*19*~>TINt9GlJ^4L^=%3)6FqC&J-^8G+jTa0D$fCef28r&W#CqK$+w0j%
zjtAl<tJ{i(sJZ@ZJ2T+nsg2F`R#vkFGl7BdWs5GCdX{2-1%mJTAL1*MR$>9N;+|@Y
zXvZwQt!Kk;!72Rw9NNPW1ptwHEY;?I*pqb8MS#P$otw$eMQ5Y~S8yP4@M86yyXHnJ
zB)(b&-x)PrbLbo?0a)q8?a)@kU6BpUZ$xr=C!}H5-RW<Kp`>8tD7B`wKM(C7y&(rN
z3&)kN%`BT}&bK%uIJ-Q)O=yJF_ZDp%L9R00B5&YB&6_A1tvgdRVMa5jWobR@cmji2
zCS+FE=C=;1eaq6HE@BA3{+bEc(6O=U3(EONHocppK(_-f?r@<<)xDVo)%N_P_V>fg
zoJD8W1!;GDw0>`r_KbEP_B+-hnn`Dv9rBv;XdBsT*bfX0LwBKC5U!HxZtwP749d?L
zC+V8EB3JmL8s0UqM%ByrUVUxb5GDHRIZ+TFegEJWspePxbZLSM!mB}9k)+AWHAwVO
zJ^=qoF;9w`Yv2LhHRVLeq&W}Wm#X(A4YB`Qo<QPmL>)hSk%`7aO%v2=mgqL-ndJBh
zK2p~bfr^i|;|z;ZRm6~m5K}0;3kY;WuWX{ie$K)yVRd2(z98%Rq(8{c%Z{Fyb(8C<
zSwwV58!Ne(k-Vl0;B6WvuB>hjAg|;jK#6){|D}tSf|0*8ocC4_{y|XhY&*<E7KV<g
zg`<DiJRU|PU<cU}`hteHf_!CZNEC2{**eNWBWS&J6|voVq{-)x3QW%f+FQq1leb|0
zY|yUDg%u~N;Q{w4wN_7&MlO<bi4T6(u)&_1b*LSgVvpW%pYwxsxNya2D1Op{Hj;Sc
z>N7s&Ks|G*-UsAXF!@Q3e)ifZ)dVs-ptwk#<8-mdIE<B(k~w$Vr-Oqe#m6A^Z#)}?
zN+pdI5Fa3Q<I?W^n}CAt-0(Ug9bz>WO+v>wEPlGRkI{JkY{89ADoSS+(x;phImA<}
zybhf-6#f)P%tK@3l4&*W_vU5GphzacS{O2|vaM|Z+<DV&F;Yi_x>M`K+w+|?{OCZ1
zV|JI<3{tJ8&Arm2VMUAKwWZgnsd<*gJs1)yt$4ZH8BC^rC#Pz}r+c083u1d?kM4rX
zm40TNig80+fy_)UT3+pGx&?WGJD!o;{Z!W-eswUj=h!8|f%$hG{>3`c$VsK|u`m(Z
zP`#LB=0Be`9%4XfMVz0tKe22bv9h3s?{|u*z)|fXji_t%6Z}$7wQ}I@!;BbP$OdJ<
zZ?N#0KPYyw%qNs907t%tR&9iRM3YRZQI~Y!uTIw{(xK~$ZYh9>%0*!$9n9ZZ_P{26
zQ_72)WZL_>A!HUw1&gGLEP?)*u)^f>{5Y8aw+XBlgRzsxea&U%vlba9*kJLQR;+ZK
z`B`S49d;#tTZ(JHlwn}+L*dGTB#r_s;sb-|g&}OtR>+6dtbpy_njx<|JXT>bRPO%Y
z$5V4S1=|$s8W><?O4g42(ThKJ-KNHX7Z6WQ6gApX=Py*iLLO)af)IkEhiS9hVS)ir
zyqY#2k<Qh%+t*=EsudZyHIt(BF5Y~`&K1u$e^VUvNIt6eq$iyKJq};@f86yaYx}7y
zWo}GubzUjc0Hz|IM6(id0cl-V`l!`NnOY?Ng60l)S#_DkuXc0P77A`Jz&_2HdW4OK
zc1Y{UIfww~J17RLK{ey88|la$a3_rSQg4|x<Dw(3ugzYaAOsyG!Z420e<OB51qh@k
zB1hg-t9c>;6V%thjBPBdsBu~8B_0`>$xflHRYQuQ6Lud=Xnvmg$Td-EnjQ7+=8K`9
zSP#~V8i;j!z+&uhV0XoQAa)U?NY3>Cw`YTwYM4>f6WvKrZ2oZXGI+;yZ;mlfsF+tz
zye(&fNnLK&sBmfOP;?*EtyozzwdJH91(N(M`b7DT2}@@QQ@LZn6-1ombzJ?_VVKns
z2|^IaRdL0{Hytagqq?;!wwWC~z+PPu%1Pf=yACz=2PO8KI3ipkCzq7C@1+fuOXG0j
zW)@PTAW(=)N-&NlUau*==Xkj)DVI3sYk$BExG9;rV^;Wa*f7NF6L^~2K87-MYscD8
zgRS7GZ;U5WdT%j5mYLmj#dsdh&d2HGROCo<-k}+yfN{^A8Th@rfV}<y0zk0hY1DpX
z+5zYCy#AGTwf|&Y2+YF=QAROKq(irl5@|gT8Phv;69!GeMiThYXc5xOzaxjwL_5MY
zS*KpI!SV{>Pnm<VjkXIYpUcf4#k_TDF1g)(VT$B>z8`Z}wKrAbQsb5;&bt66-*Ebx
z-D=YD7MHNNUGc2cN6Fd?wahz|i0fVELB=Z_5b6QyG&9bS4uWSKjpr}O7^g=JqMJJt
zE<Z4L>*DhFlYT~RzDb}wa3nVE7bqH((DwUHw&9!f1|hJkkg;}1y6KO9C-<u2TZxBk
zp<q+3zxqWRBVG%F@dQzGDpdvY;J<gmtu(9O{^~bR?L=6q@4$IP>G&6{NV*6O<+ADP
z=GR8xxmM*$WW)LbT=7<pA97`~afl^|_aH4=^bQNA_f(e)PEF{8!s$=#!krSUR^ffW
z`DR;;2f&6C)*ZPN?W9dbDnSg(puJTnWyELCTTeRj(Z^-GAikiGnLgurARv^XZCdII
zS4X7Y;y=1tbJdosZ^-4>4B@!8?w@G7m9AsWY~=Q8w{n*a(huL^H?98UyoeSkS|A{j
z0-?FUCG7$3e+VwQ2z^<)CwPcT*_(`(fTvYfsygVCc&u@#E|tCNNA`9?d{&MWlY5pb
zHC@fC+Ap40xMLTZhgvFfh!DVRDuQstJ{#yIV#tR-0;-imgQ6X%ihh^%1bc1R1UTpq
z*DWPwnaPF$Y1VW9r!BJcaHOG@R6Dat?ZR)}+loK9JX#FfNYYJj@7FB&yeK8%awcYJ
z;9>E#UN2L)HU_&TsBigb)0t?zhLY81KbRYpM5tMmPUcb~x9b3yV=5osu787?QORft
zj>~gFh&7t~La;YLyBou$k$$11a3HmZ<NQch0cc<9nT(k@2G7aZRG=Nuy1TQl;LL6m
z_&;l5TF@|E6+8WNoTs77j!q7hjl<x7p*siIgW|8~)va2{&3;ji)Pl$CngLT@rYgWT
zju)B0MB?W9aFC#E5Revl;rJ4}gQR-`<1bL2R<RfLnen4h{b*-3+$#x)G%CvwkUmX8
z3qbGfH<6)nCl4FdSCQ!=q%Wk>EgU1n%tU|Nht?YL5(zre>-Yj}TYMr<P=1RH&K<g$
zChKCQQzY#>fh%hv?R91CiOjXGxKcV=?F!*$KcP+4Mj|XAy|QI#=2LcN2Jc+g(A<7$
z_5FC>8d)|kCy2r8h8mV%Lmt&NeG&>=^#B!h#Z4$!I28A>WS2<EGt%Yc3wk!^XK23k
zUla0Ks<@m5(sD#-&uJT}Eo#cP?&qX-tFjLHa~QFk_<w**OHvML8e8nC*hRB}3IBD(
zKu{k-e(V~h2Zf5_2(GzDhns90HQ^8)&^e31I5!5C(GTKZGeO_~=XuA|=Ge|}YIG3t
z$hJBozB$?1XJdItq~om_FNQIA42xfw0VVt;-GQC~6K-@}ReGxK`)=BUeP>IbHbI`1
zORWT1v4~gXtO&RE5r=T81hPgdjH{YH&CqPN{q}KNArqt+`_feKpFAbPypflz8jy}?
zrd*^xuhVU3Dbspo?ne`Vge2M57mwrU`Yb@S|FO<1BTwz+kDcNTkh;)E=rpkR=@{lh
z(r-m$8Zs`ID){N7+iz;(8!ZbrK57xJdHWsC8F~6MYntqXEDu-C{2Wl(;GJQ277_|&
zt}493XC$rwI!rNON-$)*HIB&lI!|Tb%5MrQ?t<s{El+`hh1l@Ky1rCBvPmj!UB7XZ
zI9GwMNX~@^(Dz0Qv8SF1P&l^kkV!~xJ|@!C;_i3|`VJklRmt>mJ^qM^r?K?80??Hw
zYeW;<=6L4+-1e#+AC0lAMJwAUx4J5z>6a>g*NwOx^mp<B!+zdi1MYiX0Ds0v!%o)+
zU5uH?jP?gr>OO2{RU(aATeba6+S*VK0J3No+!{{mL&f+&u`#QCeKw?2?oIAJ!5~HS
zw|kXAcY6?Gr~z)$WaCBg{Um9U32`BbTSEDIvy^fQsVVzSTcO<Qqf$C7!H(_Q{b}1!
zLD|4Vb}6qdY;++Bzl<{A-3Nj65B9Ouh9Hv#GphA>VmwcCpl01n=M*sZM!x%o-@|(D
z0b0!O8O)b;KjE==?M`HhwL^xa0SlhN6(Ad@lu1y(-wWNJ4R_m=hh3Ii2GuMlyfHrU
zEAN%PeF;E$wzCvdgI1yPsiKBwm<Uc-hIBfWi}Hp^xa#aw*K5HSxsoW#IhQr7s~(Be
z_yOwSkTa0BbW<a-o^)iGEiGLr>Q|ZTqyHKBu_Zrm(;#KOiqy$h_;R5hmdgo2v7{>$
z5^fz))8Qn}5D=}}n|Y)5j!(DCm#ulxG=^7HulLh$_P{J6^oLd}_taa?xy@DwQM|S(
zH<z@nDl1UT?stVQPPan?4|BZqLF^etBDbjlIC0vYe=~o@)hNsd!wNwswn3=<s!@`t
zOj4G_*t}@7bY2Nj6KlR`!zX}BM2%TEx^i7BT>4T@yQ*Wvad$2a&fD8l(F$enQboFm
zxV?Ur-APBv3@483$t7aS&(YBM&aES|QC{mQcKIeaD3BIwD9(3$?;murv;dSMTtZ`s
zmzPmwEP>(7+%nj@2LU>e$eioeU(hN*jA>7VXs2asgA9Tk!BXfe*$7z5F0LL+Qne>O
z(uTd^uE&?v&FUaj#{{kx=8Y3(u`^$rYW`nt3O6%c(_Lwmo_!F6AN1I)Q}!`Y9J7<6
z0y3%s3T6EMNw`<~0|e-ih~-ElQBw%te&1>TWCbT7m+0=*We9nDv)yroA&thub4PX>
zXbp38766oAc#B~CwWm!pWeikwMb<do5i>qFxXA}f69NUb7e6MBn?7alE$IvQ+9mx{
zC(ql#mu80_LVRS1&Mzy0E%ELivv%dmYD495uL8cF6jrZqmAU)SB}t<~U#|XT;Ya;j
z0PKRH6D8VwT+8Z?bOt56>n`vP)t{v;5A7~`g#}3C1^_kuhP8<Ye8(`5uFY}cWeEuq
z3K&2RbJ!qeDUxj5Gz1i@*@sGfUM9pOa-S`<`om@xm0PFnm;`FTRKqy|r_<yy1;FuQ
zSGTN*6#AcDHS^+YAKQ3v*JkE|VkTX1%&g5BIV={#;r?{yFtQ|#a-ts_hU8=HF*pMB
z!&Io;fhF1ImB4zcc0x`YKaZvKSp<HqOP_#Xd|YoBG65|ehC=V#4akA+4CGCz%0TwS
z&JPDK?{}9&UdngcC6*W}S19azTc&ZIGH~B0IR9X}59N<%yMd9jgH_Z<*aqoJpCPS;
zk&52u>H<K}nRTtB24^TVczrDzDRv}g=g30v4kH!I<WTHiTuZue`Jb86g8;30U<LMe
zShtrUS9ti=Vk~m4+xIuo6Q;6q)wEKTE~&V7xG^>mH0%9<r+*N50j5&`vefBv(|sxu
zWpa&#=Al&O`~}9SWw-)OK-o7?wA>|`?ihQCamF%n^k%2rBPdk$W%cYyQeHqu%7nkt
ztsRXb@cV}W1&7U>UMZV+<NZMMDZ`Eb69WC%9^7Z7W?vWst6reD!~P_T$sc*g;`LQP
zhA?0JU@^1xVS;d=;CVV<6A$6H5$R8a>9GP#;K8|iicbIj%tQ9Dff5-E{1k;egl@)j
zfY({-?OA1ha3W2phW<dVWW&Ypl@;No2F~FcK=yD`@!?`Exz+42sKqeJ$g0py-U~hq
z*WaZW{9$Of!eG?nr)MY><xLX*W6=GdPOgbwJ!gkCYNx+76S1eW-U$s<OP6}?+dafV
ziLRrhWNRC8=OwxHoo97hcG|;h;Qa#JBC*t%i!PvSutab)Z~f~3RsAuJ@lr9Kzuz^_
zBZMDMrtvMc<_txp*7}!yf9)X|V&Fq}TqGfcXEIxG+91%>hePv^vro9(&<5<8?5-hQ
zGDjw-_y;};1Ft1MR{H5H@)TAFJ`loiOMEX!M$eY<Ynf!xbU}C)>1lYn`J!77wVMii
zsaEvR1)lNtoxObcy2Qke$uQ$zzI;Hx@^}$t;G6^Tp7$%53`mHP_O|Undgl@Tohml4
zBWKY1u)#t)U?-@cr@EHlH*t}JBgdMcK@tNT)7h(1j}${ISJCxg>>Tt+#*@%;VrOx#
zK*S3Lw55EkYYiT_xwZllAv7hU>Q5xuY9+||d%I9aGh=>`+GrLRZgPj^$3Jy%x>!X@
zZTH@GC^Mh~wyrlw9%BIAtaT8<^+A0;vdc`PHg;}`IB_6O1Av{&tv{fw1BSrq=)_rx
zoYYFRH{4P`(SMCnded3M%7rU|`%Fi;EPYdm>9@F*CTnaw?s1Go8Rko-Pcy=BVHPey
zj$uAkeK8H;okd$97p+uawPRc}UDKjn%s{^)J6MQYLTCExcW-KyV9B<KcSDXyG~*(W
z_I{#`TdNJ$F2Pl^{wXX+e8^g|esR=uvoD_`#M_&sKwWqQ2*s%Ae3Q*7Aa@_S>fbv8
z#5~dY?7@PpDfj8}4FIXVDJ`FEK|hjY0wk`?TMJJFb2F=UaSm*+A<GEUT$!}oz9@@R
z%i`XSFK)_Y325oJAk;eBgV}Qljq+YM9AiEE_R7S91uEtbOvzZne8W0k{l-453N+8_
z?0#j+djt09R^xZ8rI(bU?;^68fC3|n?14{bSf7XZypEQ}2Fs!AxWFY@W8QWv@MPo?
z><N6g^bQqo;|#}Qp+-p~{-``W4%#9x$L-fwOcsphHq{%X19)Ri_KBFfB?7FwZ;=fd
z4g+#j$voAjhIx)xnsU3gdXC-<{ja_fW{l80U4iXKFp_$VEa$SnTLzlUa}1JENQjNw
zJfS`Hy?O9(3mQyZgG8;og34R{4Jp#&7DXu``}|f50?v%{2TZ};z+11!i-SJ=ag1$e
zU{{w7UaweY(OXt5g@`&7zhl>q{h*b<fiM(r<8DLIApI)CI_f7x6u>*zCgc3Ol{1O@
zP?lw1w)0rLc=5Z%T>t$+$Fc}WRs#exBYbbl5aC@Ra8lLby>DXU9qb=cKaUG;<f@Vi
zRD&q`N%5tYq<!8(B2RfsL!V%Nq%F)f{0b2uUDF8<ae~)Y+-2z^y%Ia-HpNSxx^px-
zU}V>~fxDcfmp1}$mnYQ7b6^j%puyAyzB^W;Bm+4!tcLloxg3T0#QZup<K^w?j(M$9
z+Vnt2O05KJGcaG`@tP|2`8Qt=?v7qF!B9>L_`5?My9D#OU}W+#OO~tNd~5)Fk(`rb
z79VeLj+o)Ec2GR&Xtjq@k2yzR?bqvi9%MEBdfQi7I*`+3Yv;m0$PovEfBaKPk_=kR
zw?Cv<60B*L<z!Y|o#!#>*`kFBxLD{i&v`b*^uSd~>cmK@SfIxhb*?wKfDzW-d^#NV
zwu8wKZqeL&W1Z9>bEOq=Hb14nItTfX-E6`Mp3-I+vIe3>HBy@)^#UMlOB%zM+5~oL
z!f{I*B9%RHzm86#Cf+llL87iIb<Y8~UM@rYz+~Q?g(4^pcfgNi3MD3CzE%d|WN`~q
zmql9Q4l}j~q-@}Wq;y+L^+roFR!CnCz)B)SI(g<uv&r_Xo7yR#yn<0BAYIBizO{-p
zNG+yc@y=hp{7syV=qr(U2(F%{%erW2kgk<(Dm;eO68-7+>4;-H|Grpo5UaUQZkIbn
z>#0pnq99KPY_<Y64>lSi)BVJ>zh*XJ77HQv6SNk>dIsZYPQ8;|pRQ|H%$LHN7h!af
zb0)?yKuI@rz8?EZ5w2O*I5`H*<-U6@fm4Szo=~SU_6REJez|Mb5d9i_-4$M-0)X`G
z=o@<>(tZb`Jb_NiMn?lw)}O;tKX>Mysb{UfV-4l!GBa^?nk@9{a-dffnuf}~WY&AY
z#RW7khuc5pp{p&=$Tg%vpz2!IR(8DN_&bmd98f@fty|@nRz<aZ;7*Ks*Y7ewzeAhV
z`I3qmYw))rP0dbSHC(nUF*ZWwuJ`4zB<ipG*T!@psz=42rT)nAk78J%8%KQBHC@>R
z%AD~5^TZP;+KZ6LL!M-nRB^H^%O%K`q4qr@z>3{Gw;sXCv0iLuK_#^VRBJQ&4<Tli
zm1-)sZNRTh2g%*_aG=4y<{o*{k5+@MHsU<n<E{*Ma>*Y+3!xklX85qt{R>IjoK)E?
z!S{4<S}~>GijFEe{Ps2k_FT@uNC8S7x#y@f4r{Sas$VnXzRW59T5F!0v-}O-m`9Bm
zkoA3=bRO=I{&igHb3Lf>yBIT>@ZNMgiNDB(i?ayFDyiQx((Ny&K6+)x{yfLA$CY+M
z#?yxG8Ixsbc6KFe+vNcg`Dyy=;zxd8NR2fdVaDpI=QFiz#6Z6k>^%_KJS<#nw+f;v
z?=a46erbo-e~Pi&JZVgsiE+JRq@y!fch$wg`HFy597Mq9x>UbkAEs#Z_Zqf$-#YnE
z=&j<UHixv^dz`>wn>a2N@Z_S|6?u30sUS4&{PR4^`S(i5$bZfcBQ1ME&Z0%*A8}?`
zfwp2k3Z~~dmPTlRfH)$DcAjS?G-Y<fRV7?;g7slMIXuh72+<y{EKpNGqO1X*n|tNm
zCRKh`NL#fC{m#Ti>87Cm(dTGoL<d)kd73~EHRF8Zindb%a>`vFJ$3BsVM-~b>)%A-
zXODe}v57MO!_R>2`6h2!4Y6Ia@!=!n(?UXBXHgE$2tCE^TJC8nXrpaJqBcyG$sd0C
zOk@gzkCHz>E*|-6j{fZWV19tWv#qn4{Gj|h7w%1C&qMeX#Q?kjd5q-jH$D1g6^__5
zm?XRL+FRru%fuJ{CAiHBEWi7>RzF7fcdc5g`P<rlfySa@A(qNEt5_q&noZwbjrlA0
zj^m#esoLTN8_f&|rC}?I#^MQ#F+ZbWBemhl7S2wOpuH{Xd{xmOV>9w?GZv4g=UMs0
zdvx*t$;!INLhNK?WM2&o19o?Xdll<$4dr8&y3p06JU{>-XdBbfh=ItjG-?iRRGp5j
z@)yxdNwOeJo;|VByOg15EfFe@Qgao8i4N_+BGlq~>Oq(M!vX^_Oj9`v;p{nb+rxvv
ziRrWIaW{5@Yq2f`kZLubmsc-{XXAGQmZsm7D^;WwOWuo3RVX}tCV3gJKm<RH%Kv%+
zLe@aykPe=mZ0(01v=IUJ29O`w96D|Rfo(X$)Fhyj{h}W=EHg!Hg9`ZEWjbo60#_@J
zpf^_|qI(^ma#C<%&YXqShhQ6INtd$CXGg7y(J|t-r3pL>X%X26e{8&w%g%Ji&|msp
zzaGL%X~h5oa`qy$t_2n~pJ_$>$pB+AK2O@X%)48)Zj+Wga5bhOiKE9Zr((tPYi>49
z$0U0nMUH<8{aT;l)R24fFvTJ+ax5VD0FJhkhgd-9{F3QZ^Z*SKD9S7?YMyj}BM$uB
z<)!?$ZZP#qf&QG0nawcN$K|P~;@%CL=gCscps_sy)}f%V%6K%aPX`^5e$FFKjBij9
zfXg65rzZfbm)gsy{#C9bxIwtKs+k|?`QEc}`O1>hP6>)z_ce_@tRW=#pArc6npl!+
zXF09lGF+S#EY9b5h2&O|9@G=gT{aE;uw*{56;^&^W@vI&L$yN?4K{S=6P~Sof6!A2
zl~<WSwh3L-erB;!tWOj!a|!rpb4zJ8`*JJjXOXJsUs`3Frv_NT5eHITQThFDmH2wB
z$xfG>#ER=#dg6ft(W3gF@*VPigUX6e<Wehx-WI8?;z6pUB>>PD!VkUd8$f!2%kd*c
zg1^@fdJTBMrSwVmF^^-;4-<slUE5t2Yk%GnzH|{9JRr_BpmO){Yy8}%m5i+q?X&>_
zjTG_ASoX<gU3dpg0&1GaR>#X>rAI{Gv}72Mg+dVFB;Z1HF_)XF|48K8hT8`=afzaP
zP_>K<ev^UBzu}~dNR3V1&mv4m_(&jlU{E&SIT=L~13?iHA+8H-At3h<;Ogqop@T!#
zrkk`kU;MU3uX-#?np8*c(M}DW@sv|<jp*Tu()F&K2ZEb_>~Dcvb?qD1XUu!AyKqxF
z?WawEAEQ(HU&Cz7dgs!_0rhwx%xla)M&8_Ao3p$+SO=WU(ueAcAKzqJ2JJE>Y=cGl
zKJy_DlR`hr;HFJglf4F*&$Suc7tbyCdrM(6B#5c}2n|LFVCX8(k6Q0N15`t~=Kt1(
zy@F#JQH&Fw1pJ1KBENs~I>lA?+{K(aQSByHlS8s-{>LhYn`atm(o{8%q_7&sW*g#u
zvs*It0oZ)I3_hk^EhxK|E8{q>QzRVzUoVo~3&fGS5~#T^2IP~Rl;A7pYD7@qLQ~p|
z@g7KHVHU{b0R$F8#S@&=1=-7z^G#?<g*axsyMs~x^<mWI%hC80JI_ugnMeYcWLOy=
z3(4L-{Ds-!z0{2@P7Is<a!`MAVA516K^CiP7n&<MRKj^xco<d-WgL($K?1<8)lkE0
z=gbM0t^ILogI_@rb?$!QXXang!X3v{a78_ZgUN*CYDQ>i1Qi)nPLQ!{Vqva(4L*9)
zPrCKCw}_w;9XgqOT!<Pc0R|4EfR9#-0(<%4F<E4frbl2MX${e$sM}GcvswnrO8r=w
z#*o$O?v#3`0W^D#+vQeF#Y<QTMX9cZ>WTXL+&;qAGuK6*gmjlIX)$U1$Fq&$vaq+j
zY2R2j7(kGP38DED_<no8M#sOa>2lvW$1L!$l5%Z_jGRBL|I{cS%9X5cf&WRtP2Hxd
zClyAl>`~}<1gE|tObT7UCTT)&%iX$6l|`O$$2cP=vVC1W42K*Wop+@OLw?51?(Fiv
zCOZsfzYn5k<X>oUnduKALRl)O??6CKZ~QK?vI4=eSDP|OIU177UnIaR&Knf_ETu~D
zN`ps(T5G&98s8xCBzA|H<1+NC4=*V_bf3_z{4K(b_y#m=reZlUwl;ida%Ue%+<#aW
z)F-bRWNGg9!BO5%Ayf4X;{@we=VHIQHo<92wbxBocbTs%Mgv+Q{Zr7vlM(*r4fC31
zvf}$1dZg<sbctfQfBMq#G6|AWXA`>Gl3B5#IpbMA3(Ub1+dN4++C`Kg7dgzs6(*E=
ztCrK~V&uvA>zrK-<ow+6^7ZlPAo~cK^`xjPFTw0}S?%H6OKY0IEs7bwl0_bB9kS+g
z2lWF=oJ9zb)=Hi5Ecsy^Eov^7s_Flz&thKI(^*p~=n)}mBt@V8wZIL*x99l0sXF=o
zsLi<$ZyHvft<qX}qg2-Dgv>ijsTV5QCC7bL&C?Eo1A@9xVf3W-3Vu#0`GON>833Yv
z&r-5{BsI1&H%7uD&=a`-ZXX6~hndz(!Q{DpvwlOmZuJs6k8(peu}@;wbCX64<Ifsp
zOHLM0!zKHR>rrJ|h{hDbz2tm(TFTk&X2qlal^QEI=VJM&o9jdh@lzo)@tDR9JqnHn
zqNUE*D18@zs<{l%fs6L3<we!S@n)GLsvwdk3;r&Bv0<3YCsn$bgd{iik!!^j9sILg
za?nSsfpE$zr^px}2xbgDU-$>l*7IB?H)31SpuoZd6|_X^zNv)N;gle*i&mkDmMYt^
z&G!(5@iAtpK_5JXAk(-dvO?mXSb=fha#aVZAi8>~rSI5D`XamGJJ-SdOzMSZqO&rX
z7(@*rwTMIE8RSfhtO4h|v*XSsHb#>>ujOK+G(}alqoahM50&rGAAZqX7Sah@`^&mQ
zO};Z46|h8e)(?VV=ZX=%=fPRhZV((!ELOnY!<f0C+cOaWd)_6>0^c7uKm(n?G84#<
ziy0C64T{H5^=w))!=A+>y|%Hq(j4tTD>H|JX?@v{);=MlG_-A$git&lJ7p*cgF%|a
zCzz2ySru47QyAblMTlk;dgf*>>F{x`D?=7+R~o|?>enrWE%Wi|p@TXXf;vz0WhR)|
z)j*F65r8j0tIo@60i4cT@vU*0Xmw3PVfY`V1P(^W-VyUY1BNM5HR4U#rb_t^=Jlob
zbt*1=Y}}Ot?mQWg%HtF_4d<2$w^t#yH(>MspNv)#{0vwqk9jq(fvw$RFzGt$v)-J?
zJI!C2Jr$h6phbf7)HQ4}@NP6g1{&d_qjF_u6xCuYL&X#A&6#4uQ^1rOBOS*;89a23
zi$$)B`q?mV*t;k?K3T_T@A`6>E(;QIhtFapnkhng)x_4N)N(kqzWr^rmgyWlL=HF>
zS&FLtE?O%;!y(*8q*{Cfx*)dXBa2`Q>R_s|C_M<DK<AGDk2YOwP^5&5s2URaJgcO5
z0sZ&@N|EI(W4sG$<9VoOm>Lu|NU`7d=BSz4&4bCLezWq(eIBt9!K@8<^l{0V&$J>0
zDDyj;g;>BM>}*%mI9aW+K+Ir+8||wmfaK*amO;JL1>1wEQI)??EjyQ<ly@KsJA&)K
z7o~C$SKY8XpMf=@({kvh6K(^TO$C1ezbD%vT=eS2l*^fgC~h)3%k&n~Bx^@pBp!`@
zS`%M5z$&=eS)Zo<!WUU+Ab_h>DE3>Sm3GN6+b%*&v7v>4EeT2bI3qt<mq2?fY!|TF
z4m8MYt(X}m*Ha(_He>#>L*~gZ!)6QE;nS@6DdzR|Rk{K>z&h@qEj3?_M5t=J$h0o>
zl#osY*Zl-w*%Bh&0GiBs+#Fg9Q3IY1AHt(qw^#8!L1P3Epf1xRR(H{64Kc}RWw~{y
z@IH*b5Yp*6{+Zem7S(UUTU(JB>4u9r4rtI0nDIWAt6Z=nt1WKs^v4bAYcZdoii}J*
zXI}bsRK~^Zi3n>Wa=@MRGcb)|3|b3n5wI*m-w`)tt(2}3KRE$0<`@BXe>vEJ`$Ve^
zD;{kBnP%Vj4!Q2T>GIZ5eqitN&dCE(Q0-B+a@g}`7$W3Otzhu|qHy>XJxGqZ<dpKz
z=PD*4!5L2tJsLDW{X|dUVbLB(n|=q~G5rdzzy;~+g!7Vj{zDgcij%T!{BNb)bbwj3
zU;vKc7v^OlUvK3ayOJ4BI+MkX*_k4#Da!X5a8qL+crEhz%)=2RrN{@t<bcs?+dx1m
zO$#xUci&ua7XWm$mGUa6o>r2RRULJ+YApok+HwMS6^T~G=(Ft&*VSfmS<uY-H(Lqv
z7kk0BFmAl2Yelx0bW<JDBeI)Qw7WdG0lpKAmiWVESBB}plgOSv-vAe!X`R|8M|Sqh
z1o7n9n~hrQn@xNKlAgKyc-nn9Y8|#C_Kyx3*24#xSNRMT4tLZwSQDN%ShM6bV6&MK
zb-4umw0}%$u`vWfB739iZP5@OjfI)|Aj;00rFUCHf&66CEar1!D99>)HTH_dB#Q-t
z;n#AtnSHT~!ChTR&@??^+a*Xidn|9>)P-&E>juf2Ui5#J-N6C1^<yrE-IWBLU{Xzd
zk>zvpAs?$Z>G-T5SBADlZ48H=lrK^%2Kd{hYZq2Y>mH+?4&Af4RcO?(t1-n4;ZxNz
za?_c<Pq&O!2Q7buwmy&VtYxfRv4#ISI*;Jm12q|#HUR+`ySqoyVmBCSX4LcW_(vZ6
z#5*9xh_D4Q!iBKDOuY0&4o1@bHs>U;{bQ@QIfa|G+LxdTed{Gfls)8q^DHMdMTG`q
z;=UWMhu8yAA0LATvQ?fO8(7eGP=P8>j^pRWpeD8Eru1+Yy7*V5v|2Y_*x64*6x<+~
zp}n5_9fu;dW~a;%Ph-DbErutQtpQCC><aK{d7y$U>U6hxb#_l~NtK0QBtcbgS-3XV
zv!Dd@m3PNC8E0%%pgU`^NwEnMEh&a&UQ$ZtoIp4wNr%1a8a8*Ycmwn^r!QTX`16Qu
z6SZnO)pVVy0#&J<Rq)bWI!KVn{*FmJo`YPj!x%9CVh-z;GsRBp>Xz79Bv<ETXTs<E
z++-!i0Q5?ue0INpAW8kOGELIRCkiI`zoxg#NK=$p9~|J8_?OQjy`{QT=!N*|Dd|oQ
zjpT>uUIg@BC$w<&F(J4CYx>9O;|+)S$@alg(<gFYKUaYmO6RJ-l}aQC`kv#*awSQS
zDPpMJ11v5$OE{#0+zOB3i?%GCHf{K3FFHl|4g4$b%+s0Q$Z;BuA9S?zHB;7mxT)(l
z&{Bw;#62HE%D#1a_iZX8Ls?NKJ8+Kd&PQzQEA>P_1eH`G&s{;N@$Q`jRVc2jG6=W^
zt1vdOV>1-)a-yH!sfJ?NR#NicxPeJA8Ri{NhCNYFkW<1zTP$}OKVo+HSkASr@;;rf
z)yi6{_(OX(w<D{Ml~IQQ&U@%mf*KvmAWK6jNup{O?PbF_aBt+yqS9t^5UzQw|A#C^
zJ7j&ux%h^r+PD@zp)>Ec;L?1ZV*5TsYLD5@bRv$LKlRap;{PM(Zedl=8h9*9z17q!
z5lQ-E49^#Sxj7=^(|I@x#mL{`*ca}$`8gIA^>y2Ia7>{Zhm7MH3qrKEs{8-qCGXP)
zT3{1(*Xo%;iv{yHArW?2Hg~^-r@W4MCvRe~0c~A4O6BLg`5&aZ4y=R{NlO_8Z4Qq4
z$x^?FVEAZI-oIZ-&)4eg8yQ6A-fA)8iLT)Koh+om*GSFJLuBSMw)<*tBgF`DADey1
zhfahdj)CS4H+l~BmXJBX*80IsSZ|~RmVUQ=5JT-U#p#}>m{aEV#uY&jR7?reLvaXm
zqNUpalM3>-*)Ev2p1;S<gbkZfJpW(=mRmcnemIWVlpO?uD*+!P?sn>vU|y3@mtK<@
zwOc{HWL6+)4&uX-p92Ao{M75M+r*P+R4RXxaU8UNs)*ptYiWj71>*3*!o0+xf{7TJ
zO1W}(>k&Y;--9yY_h52eRthGwwJ!zD_jJG0V$cS2t~_0JYv$Z<$3S~5MfxO3j<Y>>
zK7nbI*LB8l+IX-qO`XI=AMl3G6Wt;%o>*PWY^lfr?e<hVp(z3MP-k`M;ESlq7meAv
z;5BHo<cj|ha`!r=a9h&hz?#c(*G&at>jCm`Jn>6IdkqB?CFUAXapp2smY1a8wbPj)
zb~BmH>Yg7t>YP0G-?xVHUuccjClhz8bJd@U89QGnql^PP-)NEt`nQGaVW$5H`>6!g
zl*i|vzth>U9-+YynwYQ(*0E~CO#RX{ffX;Y-Q<e@vC*`_S<}ZiwY4_JQl@Dkk5xhA
zO@&{4P?|OPO=JsbI0^3G-Vz64Ek#}8)8M3g$L@`-R2q?6@?iAiCV9tLKymi>sx)jm
zDnEHz18)4pYheq_`{D@&D1AqN%jOw(=ZcxraZtX+R0i6RpCbR1nGX{h>`-?|sszum
z<ktKNZ-<-;+#r=uh9s2%+5z(gn}OuVF6#M#nZ8@H97V@=3*aslp{FY{6|T$5#yNCQ
zY*aW5S7}+kma{JX&f-t4ogtv+nyGfGM7|~qVq)4M_&!mG`7H81YXc$f_lH5LjrWd>
zzP?Y@3mPw}sYW^Hi#{&q3151T2M7+zhsuj!K(`JiN&&tv^0)!dvp7BXH)gW^msfe6
zK`NYn|G2nVFKW;@zszFI@2c#zioB6TMj6XiwhwwmduyS=UQPC4!1_`>RL4AEv9d`b
zrqjEjVZ5b4xjuL&@E<f{pc=5wc&LbbzrcugqbXKidR2Fi29l1~nT>xWf&l*qz)9NB
z!onx*Y@^t4brNCi`#rhiL=zFT0mf`Xv+h!+87mq&D8!c@G7~wk<+-?@lQWl?h%m%U
za5k<+2_G=x{$>iUySyL07Yr3}-QtNjeZSgu478do)gXudb7n)$i6-4p(S&F~$HggD
z@@9KQ-KbOK$Q#^9BSgcuqO4565ET-E{sR<-5S~84mQ$jqpJW&XOf3J%3)}xw<inku
z%$Cfw(FXuk+G8Fb)7Oy=ny`FE`063U=FK9Fu@wf(;Q^~2T(ljX=#QP;j!dWYmkC|3
z8D`BxyLS#n#Imrjv!d){f?30mTAGMTz|I9C$QmBcUT!`X*tSvr?jz61dd-m;fgn=3
zhCnEz`{I9bi31bi)0hsn2(#+=-d?sc_3vy)_vKh5!aqYXv31a40rKzoLVV`W;&MDi
z0?z$Nw@TmVfcP6ens}N5i#en-Do_~Z+0Ff6x>}2amx)`z^)UmZ8%qG*;qI94*<<GC
zQof9>56N^&$!*F|Ao<*(Hw9SZJN-BmwP%@0W{x%M4|W>zp`$kPuA%)=S<(vK#A)Zx
z=q`Yz-qhZ({c&d+4i(k|9UKE(7ozNy18ws1(a3s6^+;~dkLWFf^v#5KlEvi7k~0@U
zV{_}9qLTgIH9=v$HtQbrDv|YCuA*BoJa=^AYv%yp`b7PSUQCx(*$<EKu!8lutXRb_
z*Ef!AjYBx=(pHB9MJ0RL)dJ1?s~eV{DZ2V)M!giDIn{?O{KVLgZh^6k@SL#AOC(K~
z-$5Wi8*@2p6#Oe%%hsV4(`x)p%isDP$xID4A>oZvK?9}eBN*!zS<+2Mtprv=b5+py
ziT+6-5jEQ>pg|?x=t#=RkcOd)WMk0EV%e)zlU7%YNj?Ty2?-9XHqh)<CD$qBo0}n4
zEB!YrMhK$!S#*MmDzHeaFx#Q!zou_ySPVx41abO`q@oIm4igUWo$G^(1RQ*0w%`X&
zMgq9@v#=z!+^REfP0g=IHAlZXW<EOkJc;3qCdi6T_?kkuO#<cwI?Jt^u0#BKIqJZY
zs@-XAnHNs9KrPVg)n9XoYfws<<eX&JzVQxu&=I|Q>8&!V%Ka_O{PI<`q?+^-@>qcm
zH1%l++qOmBq_8?>P}S@3QH(hXSDX(MKgZyma;q|P2|#1x#XL`re|?&TWi}Z~aS!x2
zwo20$&5dZ`cla@(6Tb7v4)^gx-*8+X960z(uxA5QOVq9&8ca%5CuajY!bmWF$SMZ=
zWm;=6fJ5SUdC0QyxWGmCA$U7i&xc_nh=y5VU??qI;hlK@Rm}F}ZYMI9r?a-k1{%d{
zB37ZA)Ski|1N8z9jOl%d?lm>j;Dz<Kea(m>dEO8v)SLT1N)6E&#t53n9#KF%r!^f1
zQ!V{|dHL7<LK0B9ZdQ{ON3wvoB=S+>*3^@u+3SbDCis-hBBs%{!_nO1jhNYmLtt-S
z;JWB$_jzFMy1+^_g7<2PaCl@*yLkG*g-MEkB?(RC3R9Uph(Dg&tzO<_X-nZvLWK5S
zt-wVqCZw37MXsQTwB%<_cGW-3gwQOALI9jgom2(euo&ygz>OjK5oE$2CY9j(S1ttt
zApMnT6-YqfEQ-UNra!@tvcUe;7%8k)7Vog@9X#MHQ1afebuC+BY-k&SBdr)01s|%q
zA!Qq~-}6Zi1TXg(x5>BbV#JHG5mQ-L3`|tBmdAv51<*b~CNQ1x*_B)cA<%}hx8$Xo
z#Hoz!WG4p+g3vyX!>MgIMY?E=$jO2<XrKJ0bEB+9$HZ(knD@C<jCknV66@o3c7bkd
z2?}&!0#tUOoryscfT^s_lRy&{L=`ee%S#%=wuOU$w~&t7Du6=?1Doy#h_W#!ro*6W
zP(g*_hX#l>B0gmsJHS}9BF+QPYW_y%=yL9wqoUmJ>^a>hMHc*x&={}FU7jYlYLCeY
z>lxFYT$FB6v9!tU#EK$2`m?2b;6c==o8rHpX}&%Or!3RiSB>D<4tmMAYwIOAaT<#q
zB-+N?R?+XsU-+&nJ7>~)bLVmv`OC`m(?+HB7xt0%e*#&~agHbg;%kQl9w2$P>AR)m
zzJm$?b<;X*Yff<OPqbdfQuRvZ5p>lXxEVvUhN>cE>i0XOg1ncg?`uQf#7^0*!Nr<6
z*W6drga1!UFIclmRb3C8@)A<Ww<s}$_}2RwYpL|5Vv2Tdmf`le)eEy?PA%H|vKR^G
z-WFe+R`x%?f)ASf`8Fg{^Tk>*Y^N>t-ZqN&lwCz|GyA@2jPDjdukW5;K@YhSmxhB|
zJa_QH%v$Em_PU!;^WnZY*W8@!M1Zd67>|;1FYhejKs4if52yUi63ys6F{+;Bc5{8`
z#2)q;M>Bs}V4!|;P`BB-snE*~W5>FegZUt_m*k&8;3eu*QmxiJruL8Zj3c3t@*1(k
zgQWL5_>5Cf;%^?z**+rd#Onhc>!uEbbzy&SeXhnRH?CkiV)>s5F5A%#olKQd&*WJ3
z=Z)l+{<84|4@5qQdIQx1iY8!C!uI|0k>8w{)@|rm)`WzgYScF_-3!!l2x9DudM-mi
z<JSgfx}i3bU>NB5@Z*?8B4#Iukj8poV?>la71w^~%o|A_Q=77i18?okY-`DWGbF(j
ztx3`h$cDeE>YW<3#aI1_{rMHQAQWOcjoBceMZnUNfc>8*nP|z>`TUK173^?4U+obH
zS-Vm$-2Dk>_8f(4*Vbeq#5eORE-jY!W7sO(=t<cw&xjrYr!J3S!yf;`_QRD~5vIc_
z8zefK9YaOb)yrt6t@KsntqS0-P*n_6`gM?>XgA~n|5q6I{od9qsFKC+mV*>kxt(<F
zfH_F%2)kGz9PoS^3?yQx>VZkLkJuJoq|{PD2%g=L++-c)+@lKgUN)B_YW7;3@2;~>
zE7ZQ9DxaSPr*`xKAfky(VjHz#*HB!i#Y`ggsV9i<v^wc<J(}^40makQDp1ggTg=h%
zgLO;19f4`qye4a#mElU6bdvU{_X2`GQ&B*cFt%EKAVp{H$hFSEqeU>`(FasC6jlWF
z<l<6=_6$%JnKlQ!YW}PumbD7T%^Q>yyFi^flIy6@C$}?ugh9gBZG(WFFRmpL@H+bu
zw9TauCG;z~ati!V<DQ-%DFfi7=dg}JX0`A9X3}2FHWDl|c(b(1k?dC>e*y#ZH(NSZ
z1k`CO>|>j<Hb;HR6DeH`CNP$%EV9>tY=W3uF)B{OeOU^)FRw4n8;)->kWDU#={Eo#
zZgOJLjU2CPzbZ_xh_HIx@7c{pbAs!kD5&!c%C_Q)Is<z94U$+;XQxwBXQ$1P<idj<
z_19|XE1{UqF;{3^_#by*2bko>>>uSQ0BDYUjzvzg9o)WB$ge_klc_mvWIq*COg)qC
zx{&AL9=bcSVVV1b+s<N<rjBo<6fmF}6z+g4x_g>^nW*D2$SAC6oIC{<$rOAO(nF?1
z(vZ+qTG_z?_|<$KvmPL`4;K_%(A+&Q?`2C|2T;+dOhNWFEG$w=25^)mE5rT3)mlUO
zSV3UN0;1)k`hETPNhN6Qsr1jBkZ}_o{yed|JB0xHkgV2!XFnAXnFLM1n~(4$e@}H&
z{0m{_#g;}c_9L^z2&IEnm2lSq`uScWU?_g@>wmmfqOZ)f>L&NBz_<`&8Y3AbPl=qH
zi%m^tt_Pg^{EeK>kB9rfqh{MqG_+98YU!_-f$Ww4QS627<&XZ#88@Q%%_O~07bJV2
z22d9+(g*@aOXOjlU<xX}e9lMJTX}2UqSG<CxFyDuLzi>SA7FNNtB4%!6S7tKQM=^|
zbx;3AMG#?lUM%bfQR`^Z=f;YWHdsBN*mNoMLgq&?^E(%jZ4mJYyEmQODpszUP8@(o
zZ6ym`{CW{{?d+erXKZN!CM-Sw<~fgAi3<O(lE3vtub%nNI^|`xc)1+YLWYO8J_-AS
zwOXBWn3S*oqqV{baBr@Gqq%i}JYM>)=mi=e-74~n3m!Czba<U&vz-AtiXH01-_+vX
zGl8wXBWVUBzp>kYY@ALbzF=DZ>&D+~De_X%#EwHDFZtDnZlWryks~k$MFhh|q@(~(
z(#kK^QH~Y0iW4$+RnB-CH7D~*%?puKl%`8Cg>$D>o++GoOzoBn3=s(RjS@8B|49xp
zGs4byjEU29y@n|5{TpuL3#(cHZh<J4HN>qh<62nv4y8xB{Y6lep8Q8vA~houUVA37
zL09D#ViT(Dd8WlWrkrvE%L;!n1YP1LylSH(vut@CcIDZ&%1-gNQZ!`D<HiqNoQW)z
zBDyA@iL!$XELL&;rdru50GP|w&-%;`z39+``{tCR5JqrL_eZshlpf%R#AL0z-cT&w
z7FAc?ww~d&29bG1k0R%x9zB$XxJR&WiA5nj{LbR2!g>S(<LFK_!`^#NIOH^3k29Z5
zx3s>Vf+Phpgh1IHN+0_%rD++f<`7Xz5!!gkDKvA&Y()wgFq5PqMujnQA2YWW2`AzA
z_jNB&)BsUTB#olG8Y(|QA6aY?<GmI%-T-%8iWcGau1mf(^|Uhxbau+D<=JbgS1l`T
z7aP+8jS&R>(VXXqW4cjBBMbNieI<GC3W-L__EudSUZF7+<{utc8&x^-sF|-VYsNvs
zW-KA1c%5dN1M2F|&W#_~*tBnV(PIis%bv6Z&_n4G?>CvQ4sZ=Fw7*d<V7N1m*++g<
z;QwqVbwaH3;>_Dcz+36UE$}jZDBn#%Ox6M|p482Kuv{e*A~@i`CwGk_#Q3cG7FthF
z-z)o*-zX=Cq2zp}qX_ltOp}19CghN1P_@G==y>?wf$1%w+<<gO$CO&`CcP2UsXWov
zCnxj`tpwG5otzS|(Bc`A!V9YoXM-TTw6Mst5jYzEDtTW7JRq=Edr+j}u3r_f;^enf
zzd!1Z;z|_rH`+u)zp%H`AaV8(&07S<->$B{$LqO6m~Tx!F#Jcv0VTFQZ~7^`z9SsZ
zUQEjYm`g%;)jz%1`gb#d&9?#;<VnB*5wDuVM;tDC4BcaMCR-E*;3N~<wr$(CZQHhO
z+s?$cZDW$$*f#I`;i>)sU3IEX_g-t?>D>ue3+z<syby4t4LX+*9+!J8nGzw^<NIDy
zpRXVM%Ga1Pv%1|*cGs7u0qGz6jw!rGD+{$469oM0Ie=F{8KqUX)PlZ&o9F*`3L?zS
zTvoA=Ehg8N(f*Izn4gy1Jt_;D;q~8Je^{Gs5}#Gdq^p*8%c^`52CHQwv*N;?B6vJ5
z1v1T*<IFLlfc2l5-2YZ$^G9qbC*weFIw`p~`xfwt)Vp~+C7^$-7=v@SDO4FZ<hf;T
zC~z1RWXk&G2Hr>MnSd()J5oMw(c9(VaDNmbyf`YZ;`8g^_Pf_TojH)^y~aM4aZeD>
zxsYtZ(h7E`kvI4HO2II9_o38Qqm42|fn5+#H=5mE_h}lNSDFs;#C1(yJucbxb};JX
zJ@=|K39R=%WPhV5>A7BWpX>s>0M#W<$+`MO%S!cs(_~C2gb$1`y~3@yqY@Xx{9dt)
zdFim{j+i0sn@xZ|3`Y*`YgO>mOA;OiO;$HxaKiXSpTMXxk+m_#xha|ON>8EOEZYV<
zREb|Riu)--1IFMYg>PS{36h1gl_6T4)i88UbO=hpx}cB#Cms?TRNNV+>_q1qkzBu%
zA8h+FzFxx!&FocVsZNsc<M0kZysZdsv>XMeM6*li^#}De1vr7Wu1%92$L7?RPH^S>
z0<7ubzy5w(7>+26P~*^d`)3@*+e3?>iBgWxnLxO~1ipu=2s#lo#+7N(v|Na`6+?xw
zK)g_3fwyg_$yih(FDLkogk(M&Tj@oM)+;xt(KcUa7GD`}5+0>idXly&wB*Sx)nhSv
zyAxsuLMUb?F~$fX&NQqJcVix4tr6XlkQaaY;f9qk2R(mx@z?Fv(x_~EhV2R6wo;?T
zjh_`2x&k1SENIZ(je_C!WF2n*W)<z{TUDKzoSjS??*tg5Ln2kjK#A3kuiZK0SxB7%
zjoW2s!8o^atE8o;>!hly6VU=Yp3{)dXwyNcHMD;I#p@;S+}~ZWX(aHfyI7dMg`N<o
zX}9EKWWa9D^AX9C(@ss&=&J$wBw!ME;6t%N)E}%#Sy%dt#?@>mx;$1=IEdi@IB)l8
zmUGDI+8blcPU2juxiK#vhE+$Q)ct0?h$ja$f>AizH0exzRECz*iNw`E+mt$Po)G7w
zHMvRZVsUh7GNi1Z0>$ujLGoC?a4*&JAf7{_1ANHJcyg}(yPCDmoiP%_A=b-vTXCwA
zj!}nc=B*l`F20|t3l$?wR)_=dYavCsF3l`n7lpN(B+?@k`{4ez^2kTj2Q-&+EzC|T
zHMnxtR>=r#csjQbfA?zzRsN-d@=jekMyPgEt!0+ZWV^=-h6}#}yZiXs==g_;!yw4&
z22KZ|C#PUup*vc>?L{R%tUhvVbdZWTraVs{9Lm%qX@p$WyaH;AiqAI!=q`@)m@q#1
zNl7d#Xim;6nm7sB4Ywb9-UNKUdu-z<nMx0)cg4OR*3t}jSJAoU!CW(KY}4QTOrihS
z{W-4%wV{ZxZ=emap47pxW)+;@T1th;{TrIKNy!-2lupd8oL@1G^URcavmCbJ7E+KY
z4$KVXn<p{^vR;oO3&+uYNn)f5E2}rdZ%zda{v_LyDUR+DBWKGjw+hvlQz7oqUXeC)
z>#`8UmH9$sTKJVU0cpZeIM2JkHLVum)Pv4Y9n9Y&dcm1oAdTQ}ko<}Us?k9uzv}CO
z21Dzdj4%5LlaZ6inZ2c1{&VSR25Bf(V_B}L=03pN^t%3&9DmW;0`^+SSvw_v5`s?h
z-9WNvMnl=m`NQru%7a?K_hjSD`9Ux(Js`+|6z;a5_Gq@bU)2RFZ!H&3C#5Ug9kb=O
zI_bA*BPDa2jO8_f=@Osv%f(_(n(PLADL9@i6&ozTPYhS>XLSJwU!GO`J>kNdzBmr}
z=o@Wm^jGSpjLkapUKvcLy&TFiO-d$rTsUR>lsCOM>>UKi-8FI#;)x&r1@Y^wiy&;w
zkd{FPUqFe-wLHDzkv*=g3PViWql#a;Vz!_f4q^H#z;d~A=k+~F&h0PbO&%gCB)W3c
zXibf_gO4-K<PGwcE91Y&_>ZD|gg-i}Oj%LbS9(X&ngdp^Ws7K?Y2fvxG0P(^x2><U
zQZ51lP%~Ei;NiD{QgjxPlfSAU=aY=-t>tDm!z0f(+q`*5=Iy6*$uH`Y>bT5u%J!mh
zvlB)xvm0GMbodZB1jsGCP%1|%W-Ys;y^)nmHGV~srh!d^^E0L6glqdcEDVL`lSg;?
zyaaQHnU*G&YOEBNGf9R2?IK>$tCs#5XA4n>jL)EC;B!hnRn3kVrAx=wf~Wtak+Mrw
z`8SN;YxIHcO21g!wvcgbBc2Z=Rf|c#A^0>Vp|Vev-GuQ0Vw@JQsi#J<-inc5+fnxr
zREW>3xwbS^Q&%0KE9&`J9>l-*+w3%&9)XmoqVyhmD4VAw6z4oTm-(US<xU5RW&-=m
zqw+$>6K{^}vhQ)~O<7w)>K4Nco>mFr=Jv6~UA%W4Il6kibyq;kgLX+}0KYo=kC#s>
z>a4N?_(+ACk7SdG^vPSk@0`wn5SibR>2Bh~=zB#9nf7KYDP#_#ys58_l6-roKC)%m
z^+#o*L&3}oj5nMgvc9~lj~IE$zP<%@2IU305KC1H{8qM+&@<X86ujqWl5|4`p1;ib
z&6d_j)UG^Ivb(0jn+W%-_rGc&jKR5wGIxuQ8D>1B2&+q?Y2rrD=h_Qsx*brF{<~@u
zs*hlVxAZ&uH0&*RtICPOFEIu7f^NSpkmJik*5Lguwg5uZhbQ0FK0<BdUA`q23a&E1
z{Sz)zCAedokcJ={W)gG%zgqII#>sp4qt+=2@MkTz==DGsbc)(VRgieSf{!)k^E#|=
zSFQ%L4Yh0kh!?Sh5?g4r55A&=j9N-py&s|9z7q$HBk6d<wN>(i1}8n>Z^+3FdcwLB
zU=oC~Y>F4n0S3eq1ZnzW_w^{V+wihN%-H_NTr&;#p~&DXHOI{1I}-NbzV{6z`R4eh
z(#6P-PL`cU53yPyb%JWwqdKFV-X^wpXt}!{V2bQZnQhbD|MJ9Xp{?@*MO2O<Nue&5
z)(NBq^WZI&cI9>AqJzl|LwWnRf;rxarzzDN`aq6S$j>*@R`@qqo6FFSO>%2fU~TT>
zZY&*q*9CR(CDHbwZhB!*o5+WZ+h1QLh)-u8R*R`#I2KDz%)@>m@{GAh?l%2S?pF}&
zHy1PGo?ObqhO)Ed5>Zb;PNJlGaknSt3M-JpWq}-(nDxDeyz<zuJWIXa*e;?9)MErf
zqD%JR)%u-@Y3+#Dj2+6&J3{*Nr{9oVP7OL5%3@<O!2-rVRK$MyqtZS{@uh%$BZLHy
z0m~N?$ta?M2*ZO@clXQJ<VS~Nh+hycmsctI2~tCd64ENI7M>fV*%>qtj=bjgX)^a;
z@xL9<bShHo7!5Eknk}o}iVFyGPBs(&Tn?%mdBP!%oFn=>-0~HQHd414{2g$8Fpo|^
z9EKkA6dZHAe5pM@lT@jwlNKjZr<;fEk}~Hrpu6jSit-YzCMbXq4(>mJTTK;#Rp5_a
zPcvamk<P9QN8)Y^ly{mLi3y<)pmFl6C1-V#tN6ebi(L3eiPE5Z$UDhBtAimVV06t+
zS*orUOXZ9C7I4uJr6t}}yY#3*aze9=K!0-$(ul=&i?qB3WicerIdvT)n55_&6icaB
znDU52qrXJuBJ*Aw6+_>%bZ7Wg76P;B#L3Uw9&y7AGag^9M80>?n@7zYs!?_y`ZCpG
zJEr|vce8yrQ99A~bG9|WIw(EEf({=mpZ$kmUbZ@sv8j)_*@aQuL&SVc$mt{?)6L_*
zJc~lHvd#!g>lRaSq&p=9`<?u*kU=}S)x!h<r0BA;<YBdJ8|ZL5CjkTbz>`XNgePbi
zmeuL2Dx3{Jc^vl8ABy%+6Wjx@<|}b4Y%&&Zv<*fluNM*b5nQwJIer#yLkHOa%8yv|
zmma%@nB4i=ydQc!ht5NqFkVY(2|!g}<LrETqn<plT>(ZrIfy0qYD^v*)WSFrEh;8!
zO##wCxPTbcWT~nFWu@qP6}kA%BzyPrL;y*ad!XS{E$H+3ZijP%-Q}nv@tRGj?_6SB
z%d~8k1@Ee;5VWbk-K<j%%3%!dbI=%`=abhgxb7o^NXnX~`sUz$YLu@#t@<5RTVBf-
zC0ATAc=(`#TER~Dsp?@Ss@(V)s|h$Xd*6g>JI?G|$2q4ffeu2Mpqs`gUs+zw%O$NL
z@svk<nBPA*&IxCI2mRI4S4k1Av3V0bXT<g_Y>LfeQfhGs*ur3zOfF*|{#ORJZ}_`p
zk1^v&IjJyXi=^RUdCfmJ;>8#23}ucRGopE;QOR?Y`M*_E+HwQ(DmalQ(|0Yf)Qlv`
zE5Xx$yFUiSCuW|I!piY2yE_kHmye-{FO#7V%2`1O?RI_!$Km`f)P?_r{*~hcq|Q&m
zJJVKumLx;+TSO6E#QuVs4cNW;`bhVhD2_?~A@m7HLlKsm35STIhgX1+@#8Gqm`T$r
z3DSwFdZD3gcpxidEV@^B@UWB1;6uG`F1a}t9yS_#aE7a;`H=VBr6(7yJV)I$0Li|t
zkyF>a4cghw#EDIN<>;f7S|fZF3zlU2mFm7j%1is)nf4G5kY0m{w-?rhPv(>@Xrj&X
zvfVvo1E-Trzdz+^adN0S?4f9Wf>L2meta>8ees%%%kUdS&?yz6uM&6EZ*bS+&73im
zu+8jy3sBS2c~R2-Z`4eH+-4RCuDIFc+<>`asXRC7&Et?!z>eZDq4^e0iuFvtF`-W~
zPQY#Bff?3}I}zi{mwo3EdWNeVUR$BXyS&vmP%hiALD;W9fh2q(;XdDR=y45{MYfRa
zkNNK(`zHS<M6jhYt;^Hn64@4EKf-&okhD}ex=2b(s{!4v=s6<8=Nuvt?uT68Y1Z!U
zV}wZuiD-L~O){%f+nZRiUmW@Ir_gJ6O!>RAXKXZ5j}A`bB2#@#{-{`Sp`V{z_Z7V<
zw^u4bS&(GX+&GQ$2g$O1(z?W(A9OZ1VS)t(z5n)99!Vtrl;`p9Mt13ekwwUvrPqyy
zSH-+cCzB-Udn-fGp|aPJxtQgP=#-IVkum3hE28jUg*bjN{1Tn8F5cYZ9etn2)1+c3
zU`=%bYMuUU%QDPf2utV>w4VDG1-_ej=R)$<sZ?LU-pK*a3WbWm{nQ<@khi5<aTCy0
zPe(WfI~Z;VV0S>=Ke~8${TG`jN3^Kb;*@couqP|=;r?J5>})eeUyM!X!hEqqp|{5a
zYbV7Caj)dl^)uJ-8C;G9e9C?4x9g>pk$z2~%4CfE^?i%%VsygPUz`e>^*pK&De5h1
z=D#Y$YinoxQ8)@wXDk?vS*eh<_m@{^$}5jRX>{$!0?wJ<E{UM9_My%`Ns2pi$jWqy
z#0ci=V1!-Enz1wTq;nIS_QQE6Cv|bz0}PSS|6=byZ<?-BT*y_LFoEnm!ExDscSD~6
zSyI_3880^n;?rSMb!Q8o*IyHh=LEW|u?&c*tH7B(Ll+s|IE^_u|0F$3cYFkSATt`y
z=S}jdHom3|cRKm1x{WZ?wz%DFx4}kIY3#F6QN*l$vpK8^1!{T5exey@at6+GJv4<7
zRZhxSS$-GnR@@rg8rsayYP10^FAk*q6iXJd!X=K#>UuYcyo${F4~kU-%{tvv5<A#z
z@0XiS2r}LQ=St@Q+Oo0$Q}zG>iw-(b>s%y~?*|fLGzbJ4d`uuXx;K>XCz53GPp~|e
z&qyfA`A4s5AVvD2h;ou|rPGF1-^(aQL5r-B(B?sVSEBap5YcJa!w9x-V0BOFc{A^z
z&^>La(PuT7>bn10n^DzFDQ+gjsmwX<A>ptt#0?F{i=D>d3zW(u2hod|Ug%5_LpD8X
zY;}XwjMz7W_ERhByt02%g=9Tv1fySNf0hUU+48qV(LyM^bpZ?XUg5Vy1b9~Ssen2o
zdPh3^1tPU<pp<Y^b-%O8e{}7l8vcwDF>V{kG3haLE7`KW!HxmQ!?6Epb)SImH$nW2
zOK=SAJ!}QnHGb#&JGVXS54f(R4Q-c?2RXUrT;pf#+n)+~8=Pk*+qRu({%cW$nytZ?
zYS)BnVHqLInz3`nf#h;Da{O5Ldg6N0sh^kHLv4tJP*B7SHc*{m!@QF5xF7BHm#xS{
zc)zaPC5mhtd`51)2|1oVn-i*d>0KejUbTV31`m9pT@P?o*~zSO&}|oMTFA7^Om<Y9
zCN#FLR`4)k4X{*5$%vEj%cVNf9+p)%04YdY8>@rs<=3By2OIcNm|$AcT5FU4()ANL
zdO)sCCzb)bG_Z4i-?9+oZ)$ERm^Oe*-=bEh^}m{bseO<gNBX;-Fxa{^zvpP?mj6et
zP%f@mLZA~=r3K#M?OCNL@g~W@^KL=`UvlmDAtyxuUQ-qHxEE>2bhed`;doJai1}%X
zugxrk$1ld;*VB&Lw`k@jOk-`#SVE0X%Foe5giqiYw&rWVSBG`Q-F|?09^<^<ybV=P
zn#0Ix2EQ4ma$rA7DG%#H1m~({(9@7j#W3knr2U_K)D|lLsEeOKpdYcM1FVc&Dmw}|
zMzO}`27cxsn8_bOaSFEyTm=1Pr`$Fq$S-BB1N9Twna$OCt~~Wb6`{3Va9f_@$+fR`
zh;-ErmcL4GiZzacoQ7cx%0K2sqQ@M}j19i=rIpO)_`bbc%yPLH>qL}|qiRhb=`D(a
z;zw3nYv*o)_?T}-0u0w*K)?v|Y7ijWN7_K1!R!Q21BC{K6cVQjli8Lp=<uovcnF|7
zhlUH4EI*-BM`L>-Ru_3frh<VSVNfg>0`$#YRpUYwQchCAaK=4W(y8>bhwm5yli4_=
z9jDb8LYd>er|0PHXcY<;>H<j<5-tL(cG*B(hxn^|Y9!zU)_VDW3KG1)k<$`(1Fz^N
zBy<?qw*&+)SM^EvE+=GxQYlmN841n0<v~n-wNXTDIoyb4uqK&z?J>xai7j*HzBIyh
zFmcrb<}Mtj&rt4h+o7frjOWxrLaCTB4|c{9Sw5d4fIA`>Ce$N_vKry{qfISl?Z%gd
zzqZHo{@|<XE$#0iFphA^T$HG}T8SuY%xOnGL0$G3@q3Mja-j&MOFdn-mH38XN|;NX
zT;nFZ=uM3{mYzTIc?PX)+Q8c@2p^~+V<#T9WWG<J4;N*K{wKBWMx)sv4L?evV<D2F
zd!3?H*O#z8tI64i-ObxGIDF<m7(y3PzaE*jbFIqV9gcm1!JSJlJ8Fa2p&13Lmz{Kt
ze7l8;a18oilq**=@=3T_(MWIMd;H44jyJnXGOk^^y!^iuozR+rTxa|lj=pMs*WD<5
zfmTML|H@2@yXW08Cu-^yy|gP*Oa}?=SGyFrnx~rSyQCzd#a)*kq3EKR%Mk<@lZVly
zqn=tuK8Cx2MpASV@i)#_J3u{Hn-+qw{$PvtsBhq<#a7qk4q(uu0pVL*mb0;>ozx5q
zLdOaI*9NIF*04;`vUhb(T3QYf;4^ZO^CEa$K)Bv|JK2V6V=MK~GQ%~bNCMR#y01kd
zE>zITTenZ`K@xnAeY=c)r4Q=3Td_N7@BvM+EvV{Lf(Yo=fQ(twYY4e=0m9)hv*OgU
zJZIfD17GrSl}K~|Ud9@~ybfbJ4UCfrv(g>L7D(&<-X`zc><;WKN(5?$Q@v7m0a$Tw
z)qFz=^z(K{T+g=fR}c#t1ij<W(K=k2IvP=CQb`~kU&}?V2S%d4xGGhIW*}`OV0T;i
zCyhS!f5hYz<JWn8(Dv_g$(*;hS7s`E+k2SG>@@nv*PK7wXimt-$#FUJ>W#d6J_C*r
zVY8W2z0&dj-UNCdLOsSflvsPHKRMF+3j#`j)Zhh7o2iEz!u76{uN?$CQ3`K!L=yI%
zXb#M=Jx>2VTsFQaEGjRrNi<5?ii)C}#TK5lYc5;0%M`Dd@O|s}WV*CWOsjI-J2;bL
zp2R_=N+xnLZNZG&kDyp7^Sw2TKV5)knPl3Id_ioG(otZdgBAQc`VOzK-xm|{p;-u%
zE&Okjui{%ps#R4n&oE)B+{e$0XU;UModB~reRkBWZ^o|<7Ww0M518=<odt5F2O^Dg
zi6O83?XyJNB7{AEH#=t#kc<ZRjlTax-PJtJ@x<mPytLX1KIb^Un0pXqy%wqIIN&d)
zkLM_*R!T-X@H!BDq#a!kMY*6Aej#%VZ4SB{v;rGxn|5x#NOhAv(I={7DSZ6y-P}}4
zqa6ucRRLn_M&rAC34v7LPtvI^#-o8xspJ@yhIiPkt8feq)khoULpZj8{8H(yC~VEm
zZJ*|flKH2+CaWEnvy(P~{|Af4u|d=9J)r$Dmt=FMu^YJHucI@3nZiT<lc_Kiw}%Uq
zZn(^?cHX35vI;>JFg_~8o!r?&t)qUKY=t{bV)xzrHWo$I-TqBNZ=Zw{Ba6^2gH1pv
ziea1(1r)ClF2`x|$yJH~IQrBJed1^a!ng|3p%y`d@KH;`Jd3hlVWIaQw(?_@5SLt3
zee(sNPh!Lo)1^n08iJ|1xxyG}*bCOYH{FK`W7x}_*+A50A`I?j;la*}A*V3o`{CdD
z{nsxjQ5{R3g@;$(<0&5l)_dvw8L&9!yzB+<wshk8E55VAbxv#3vsm?hW3p?^^{4#z
z9g(KXjr*fm@2sd6-hNBuP4<A|24T2g`$szb&*2L>)(Lz$+&b!-aVYVHAFEWn@=ymX
zj{-kdHA9(GI<vFET|Ay=sTM>Q!4MqxL#M~&W=(dx2Ikb;%Nw3l%HBfGo9_M>!A^LE
ziC6l-O);n+t5a><qI=nC+t^FW+g_hW`*B|gKPBhga&&66$DXBe<~#%K(?1$J(Tv8X
zGoUwiEe?YO^V2xPpz{M}JdH4VYq8@<#}r5U6u;(yjrUF~V<ErW1(qQ4zD=bBbmyWD
zwKUt(C#AEH*A``pg%;9nM1Qikr%R<0gjwZ4%Jz2n0uPl2(pDU$OhPactUqgpA9y<>
z68l`&b#)f)Yf(<NzM?iebc+7c9x=&|uY}TK4Q!<8>36YCnI2+`QOXDFU;y#nB4T>`
zW|1VWd;f#e%P1F>*#lowBKqJ3<w6&n;&ZkFtLhI*?G%ZYDtAQxodnAMrCc?X87ln9
zvZ)Nflag?*rkREk9xLKy%BkgVFtcn=K0<jh!Hv@;oE(Df4(^O%{pz4i`)0VOs|jh^
z|IfS<+80PXkQjM$1^PNc@#~jkHD^=(S(*5WX29{K-wb4*kN+{gbE^4WbqlsWShA|(
zui8Lz#Rse)g&23kZgFNVz9|2Cc*hQ@ga^}X)~lwy!ScFtY{b~<!Fh}Z@Q&b;Dx{*M
z8&Mv5Q42n{__?lr_{*fue)o8UveOeaXsa*`B3smuwFc^IU)(c-Yp_89H{BF$mjAfC
zpqE%n+tS}+n*<uJQi0k!=qIQdjQ0<k@&3bn_$)3{2YTBU7Mi?ZEe@JfBv64V%lV}_
zNP48Lsb0Km4^BJWxsf}Dz?W~H3g+FkWhEsuD;x_hLoXBFsLCl{XQ3QI>UlpjjXZtO
zQ2j+|F$?8{FqMe?cNG=dXjIOf@O>Jmlklbn?1!niC?DZe*94WSzz6sSg@`3q!HV48
zNP40W;hM~N;g!*Aw@^nuCt6Co?g4Sen1qH1v?s<YMU*Zl2sTPwO4xC>7vqct`*9xS
z9_R*^Z7G!v{{s1di}(-6vC#;FOf>PyE0vp`UZ5UQTAhIX0s9cuI5oQ-S?BRmD5ao;
zBnQ*GUOZG~TXCbuj{8b!OL|`~SDE8My1In^JbZ{lUilD`7e&D+zJj(s7e53kZC(pr
zsksLAdJB%`wGe3n6YQuS*$-1s+f)#5lp`Hg-{Ai&-7wP&kVH_zy>r-xckj*TEhNo~
zcC2$l22frX2B@KhvM!fORbbHTRQj9St|K-x*4irKR3A5rP=8WzRU&}_d!fF`LJCVX
zkupVjmf~wlNA)eEQlS-!>jW^Rf{ITM;#JmFmqas<|H;dNyBRG#UMu9)GQ2diO}<$t
z#Nr1n`sx5rbtm{pzh~FiSytAqN7M59l`&k!%DKRXvI@T_28%76&lvep)s;zhyg&=8
zW+_7uj8<PpXXH}oy8~0DPF`tRvZX8bQp?V`44`3qsByPiCx_APY(?|HtJr{!@Q~u4
zlM1ll_qTe_Bol+`j6BAH0Z~c6B5__uMhgs-9yNx@i)vdDDVl8l{y3EH1<#S#D#~j+
zP1)r87X%I28?*Rbg92Z^n=<?jY%-fGE0a*Q(r`O}jc`#y+%e0bfU4M~hsQsTLPlpo
z@*i3nU^NPSX>0L$%)TTj_gi7B)9oOK)mu8(ue-X3#i1J;ban|UKvQel3H>%u1;kC+
zG=tae7&knPiX)>_tR0-WX5%)j);Dc06QbK$f$~;Hsci6?up&b@s|^)4ZT%*Q3PI)U
zCZ5-@g$%BXFYHJxs4LjPKyjd#5@TU<!h?nU=+r5yM>5&H$j-rBAESs0U6rpVxw=Yl
z?3b;*#j+8o;?;V6&iQcbk%;COQDSWVr1C0w`_SOd=OV4s>j*<f=7>Mji83g$DmvCJ
z&m}NLLCa!P+}IHoeuz+MO{DmyXB5l8ytg*$l8IJ@tj-nvg##~2bIR2OMG3MVThs#|
zQ#p1FHP#Qz1`K%UGNA^clhhbBJU@48l#v3O03PA>kszzW&U_m4d8r_a`)=u*XRhO&
zh3mM4-8^}=kPkwLJt`-E)8phl4fV9RZPgw+_E^NY9XVk|^FWVKJ6V>a@El{Vw}|#l
z(D>``J3;;1P`WDr(DD}MrBep%J`cEzHQ`<+u5Kt|Pam}Y%{hnH?Z=JQBoSFErI_&<
z1i3FF*sbGjThFXFRHm#kEeyZ8d}eZ$!L1}Zwf1%*J8C9U#%6kLf|gz611~q|`t?wz
zlpGHm9N^p+igGvt(ZFE}K`&m+oX_R7=u}`ShGDvWIg%cixX?Z%8w%=i6}TAAoN`zs
z<Xkab^KKxjxgp8o07}OiN6Au*uo{D3Ux8*YDVLyO6G1_=<Lx<4-AH5s^xp(x&EieM
zp#-MU#*oNF?Q8U>(~dF6&QqqR9g$HGN?^&&FHwrQ{(HbG5Qg31@Ktr9S`&ugYk9nP
znbX0HS4}hWe-Zmj<nSK~ClPsV!MM2SQ{5~0Oq(W718PALm>2qzz?cmm<zaTEtVjEg
z`{lZ)_^%3U$x6MIx|0Exe9-{0<UsjDv8m*Y&$|_AVP;`C`@`aoe547TU<2hP&{rH2
zxR4W>xDz><+qczedqp<xGSP;z)swpE4aK%{Jt7=G^0adN4_R+)dP)aPh-^B>Cxw;f
zK0jpzPopQK%XbIKZih`5Na;vH9J?JpO_w6ctu{vvr+iW;;Vr*a<1&&}716s~tD=hw
zY9j;!;mr^Uf+>4`x6;tpMo?KYkkAn(r5L}8a%nZ$#n|Ms4C33SZQc)5aO*f?MRor#
zFs9>-#-GikxA=%s!7A_148m%hC<r>mM_Xhqpdsu|YKgVJH22YnXNCOIx@3=V=H*`-
zGj5JCjz-Djb?#B40a~2GHE%t!e?|tS2)oGLj8RDFjpYjLJP<hlx%|c)yrr!9gPg?)
zdqqt<Xg$&RhDtDc^fp}l8#z~K%{2MTsJ;K!b<0{<-=VrZp+6#!KUVkbRCeft2F<lg
z>3YsWKIk$U7M*FphRi)DexH@Wss)9jpWoo!Tb{A{$b&PmO3e3qMIohTI>#vVCOl@e
zfJW=V@rHV*igZn!a6cg8)7U(@vhnr9n;FTf5QgXV<MU-M|5>am{ugPScS*s}Ikm^I
zlPF$-8LW}vlJG5iRN<Me`I@wU`?pMB=+VeBHrW}jV6~c%*c5f;QTJ1wvJp-R$EDwn
zH+QIz$QNyaOLDY7{AeJJ5YAl|zMTmf)xI3DJjBvni)b0EnjK;#2p9+`7$5{76d(*B
z93TQ95+Dj78XyKB79b8F9v}fA5g-X586X896(9{D9UucB6Cev98z2WD7a$KHAD{rB
z5TFR47@!286rc>C9H0WA5}*p88lVQC7N8E`FF-v&13)7{6F@US3qUJC8$dfi2S6u4
z7eF^a4?r(KA3#6A0Kg!?5Wq0N2*4=77{EBd1i&P~6u>mV48SbF9Kbxl0>C1`62LOR
z3cxDB8o)Zh2EZo37Qi;Z4!}QvU4T7+eSrS}4gd}TjsT7UP5@2;&H&B<E&wh8t^lq9
zZUAlp?f~uq9snKzo&cT!UID&;e}CTq&v$?ifKPxgfNy{wfL{P05Fj9}y!(K9WCQ_b
zlYn-Aes3LXmi*MHY%imfT|r<Js?^q{)Qmy#A{*A7tX4qrf4dowDg2^H$%3k4Y?9-%
zyFcYUWp3o`Ny;dmY@r+q%pEBmF<LsrKv>K_4y5KbAE?x<J!&l&7O|3M0qAtX@1gX}
zhvL8d(|JYmE?6eSCG@e#y~=`A$o1{eRbrn@G({v%ZOV^}?~FeU%}Qmp{yBp}pJ3AI
zh?C%t;pnZ&V+B@MY=w(u*Bg>VuNB^03CS2e<`Xqi-f(s(v<(OOt{Tz^N#iw}w<xEK
zPl`IHe?+&^#D-3R&<pWPlNa8(v0K|~*?8<|TyvO!z{>HB93g_$)r#UNk;<RNQ6j%z
zr><w$b&*1Vv{8cbIf`@_&`r9F>YjkYj@~L#nygL!>;AQ|;Dd6sq)Q$KB6jkIK@2Gi
zvNj_m4=`1eR1G-K6)R4Udvs+B)O~vV8=;FqsbOnXm8uiuAJz?i2^unm03%;+rw69_
zB0cm2(qz&tvxU$A2BGQ9kq**ti#Fm+&K~=Qx%|*blQB~xJ*jW3o#>N1m<lM5inr_G
z3<KjQV6_veQ)0?WT<@D-Rp8A;I^c|)aA{vlAvr_-Lw;(w39A!mXglAha`fVrn#44(
zbo_oYWNkuqzWI<!{=?WJ2LJwNn@ojx(8Qo{mUj+tK*MIoe3U7IHQ4`B9!?EZq;{Qw
zQkrsL{vp^gb>*Yq%6cO?9{PY=I#WyTJP^GRkVc#5lP<&*iQR_ABCzAQyl0@7OY%jI
zfK{|kV-cQ^{mVpEmcY?7Jev|eLCTLHLV5X;I=hzsPMuDa=^^8ectP;5nvV?m8*E5H
z)FATq1s-E=sRJ8zWCrNH@2K$4aPZiT{Mix}6%CNltFUUsD<rywNqrW(#NX!Sq<#FU
zFq5-j-Y;zB7{3>2v=Q#~>ZQ8EPqA?=V`-0a^X^U5lr|$50t5H)O;d-3c)Bn+R#Ygq
zNK(l43JWCu`(d%>+SyiYl=2$?xC0cSL{MCXi9`7ABavV9*Ux-)kY3tQwdo^}RGUMW
z%90Y{d`!U*2!UK?YqLQ_O2hPU&2Qvhp%I)I1KGlYA8DJju#~hI4~(sZqD+W$L5IY)
zUo$J=I`1oY0e@y*B%o1hI~UvXSt#jweY3Od#q{)Etl1s$=F-S=oypuYh-!0D5tH$g
z!x?EqG|QpE(DT9&GiT^0Fsk4mtR;NV^0Uh5nRhOSwvWhG0uK0+?Ut<4D*8E&^FYAG
zH?OnAjooQPk15Yd_?oVsv1aa!zclrc9--ZAvd^~o(?QYdd+%6rdawE4M+^*8=O^J`
z8_CRa2PyEdYVIS0{7+w<47z6i13?XQ3lu#Mc_<@WIF82Mb^fceqZU?>VRhxWvcGIz
zag5BDv*P#t4Kb_<^xjkHdD)zWuM_aCq2BzZq^U<ds7~$YPr7jY9kjx>lxs(4gV_Q9
zIR{&LRd8SB@107uuWQ8$`0@p3fAS+r=b;}xY^FHKE*yC=e+%OkXbbdU-a>CnVC2`p
zNh|(m9Qk;Sh0u_6@kH~}Ui&W{v@xS0q7z7MLT}-ESmN^Bt7POL#FyMs@AkOXJr@`6
zCGYMmgBw!em`BjnSEvj@qp;b#Z!(p5MOgdDdCO$r2V~O%cUCm@5xt6GB(P-$!vZhZ
znAne<E7LClQ?>KIOb&Yncu>1kcI)kA^>4WN>Ls|EovkHu9<l<r&(vZ?J2$r}1aj>Q
zy0LU~uHTCz`~WvX3D+*>-^%Vq^UiY&<}XLV)np3a54HHD`=ok7CzqO*@9FUWl>SZ}
zbfGD2?9fu^HM^BE0mbqk`4@kJ_EWwerJP#8|MMfnC46f|z`Wsz47Ep+)Evnz4s54_
z-3UAaYR}cfbD7>Z58GyqSj&hc){N{+Ipg!}<6}>d8EG!mscj_$6KSDI^DLyzzv-3E
zp4l*4p9?qr>GJAI0+!SEK=^Y5)4#T#9vB3Qr^3rP!7gSjzD+mBp8BAf67h(}ccieS
zNYGEm>xmtsc@w~p<6%H{Kg}Z)IwHWmTIw<J@$jW1Rag11u#*RsT$Y0kpXBi-;ZN&^
zuTKa4bTcV6ng;4~-?joC;+XoD<4<}s#a<NQ8!ENVVKAa|I{rJ~*>1o+5A<FB=z#en
zcy>_1pL-6Xobs@nlmL4I-lMcdcT%AYl>D0C2H8+q6IhPR>{Iq{LMib4YvV?FLeD~A
zY#9v(GDyJm^{)yjBF>x0vZ7LTpsZ&$JCC7M5sy*lJ+{V4<88bOgU0jW#(>U_e7$OE
z=53`Q(m%cLb{Zy?_OUC0=lPMX`3n-a{nSY<ON4?l1Q~76tpYAEpla+|v&1VV<(zf`
zAXUo}Wqo6}_QFdI{gV_Qu&BTHSj!xdDB^zW8@0Gx{%#q>jxCPUD6XimpTjWf=Ps~|
zRQabZdXqb5w1@wqz(?@Jh2)4Q;MDg^W#q<8pYN>siX0+Rc_P~MGzNuY!kZoVx3cTf
zVq5#(i0eim^#qBB{ZrFeAK}Rv?GL@_z}K~{<L(q^&oxzI%xh3`OMxeVCbH{QV1L-`
zHEGY}@cFr&@js@;ZJc3fk1%Wtc~j1O9CY*Tc^dsGiP{EB{G6Tb>=rwPCBaJ@1(EFf
zm=NVYRdyY6A~uA@&6(UqM8Z52YJ!yC57L_t?j&wLbROd7(4-R$p6Aob5!Ks`JHlPI
zkpDCEV7%<hLU=yVg-b4*zclGlCabfS%92G%mWjj!KIVl#&quh5pGFY_a!)FMHjZRD
zgeI!k^BER9e)+uoB7){6OaBP0W0+7%-NVys>@?#cR=ZQZ{czEZdw@KiN`>RkirFC&
z*(FgXDw=n>Fa#-2sK?r^h(natp#g2gHhSsIsci#BN9pUfO>mNzauVUrTytDR`GjaR
zy|}=W&2TP9^w(tz+sPd7@Lr#}BX1DzEDO@zJ;H}@dO4(NZiJGldqO@0ZRJsr!M1)S
z{ac;Ow|@5YdHURi<3Ic+ySh}%z>Em;G1cF(LvM>JyJXgB=FBaNXLLGM9(|7|*IaZ6
z50-p#*$-)Z23##%7>s3zQ{bb_?U|w&W)$+qS^%VXSpwfR*UlsM6&&Om_c=`~b=y6e
z@^NNV?)=td0_{$JPjA`OWSLIYj6G{99_PP$L|`5ahtmu58r8qpR0B<Z`Y3(W{RpM`
zev)1U%2r#qD(|4?POciQQ^nY2!*Lp_CSeOXt`zQAiSNhh!C1f)y<~?4OhjE1xdN31
z%6%Dm;*%g`vDn-H@(-0oyU>WH|4l%1(jiNw^9MWN-&Pz6ou+RtDSEF#vU(3eK<LzT
zcA^hec(RdezF`L@{@5Nrqv*WYg)wBJ&p21*a_oz_NpYvR+Kr+(Z>uq5UV<N9FUn&t
zRU!_m2uKEB#Sm(c4(%(xe}~!zWP+Ok_Im5V^QldkaC9N@Cnx!6^buMA-$5O2BvQ->
zlElZl2wLnrtpjXGxM=nB#lpOtFGQhHe1UD)q(TQmr874V@dIlaK$#^Rt){|`0v`Hg
z(9{qlo-Df!*%gNThXNgJv)n>ipQ|T?w{QdeXq>PS?KU<Ce!cLpSTG12g7t#@h7;VY
z6K-Gjf2nBkpcmRSN%Sh?V2+>xBTI+JTNmm(*p)RD+(>!*7p_?g6}=4JGc1Zs8=+-g
zo^r~JBTAdb8L&L)t{4F_j9o)J9+|OV6V#7?>=Sml^{sZaT^@{|1_bj)j*TA2UQFgB
z%s@IjSB^LC>`u-kyr{a+-&y!0vD@iXE2>5GiQzFEC?r`3v?m^3BO89FZ&_fWtrzB(
z3ikF-Bqz83(YDpqjl&t?!f;=MLg01xUUY7k%-mz~@{r;HVbY=*a_Ji`=06rB{w7MF
z2-=Hi&OUvE8x0$^Sl(c4vds}SD(0hz?zG-K432~mG;^PJH=`I{0Qu}eVV$s-zaB#j
zv>ix&nm}c%<_k1HuEfP~-T_-l!T36qGWQ`%(tg5?VZq$)I~{P7wG!n;bwkXFt$SD~
zpmQ2FtyyuwcCg4J>xhSwxPqzLc;%PT_tu0Yo#mn3M0Ye11s9nGDLgwmI)~Q|Fvt!*
z7%R~rCwP~fI4`?F8OrKVb8LPi8M*rz`WnO(kTN>2NGUyVve{ecS30fqhW!$?gN8^S
zF|Wk?YjwQCnvKsM$_|EJUJV)u?yHueyKd#A+ajn*oY=o&REsCearX2;`0a0eoz|ZD
ze6;Zxh2uHmnKp`58p@peboJ!wi*VE`V?LeT$FpZoZjN*$gQ}c6NoBmknXQ{?HD@GW
z=FI#~M-~9vU^k6T2u{ea)Y%$yA*{*O=i<829Fd$gpls;KLkar1K07z?u{~>>nD_aj
zb0<K;6}63>5ZsT9sqz|F0wMvB*D{5>zz}#uhmNrOFAj2;C<(+%iTTn)%C0KCJkg-+
z<xVS@`bQ{?H*c(YP=rd%bC{wc{3e!i0b58P<PeqNhFRikwc|kF6uUkFd~7<eGqVH-
znA#F-8NK}=`iP5BD&X9`VmdK;4!7wuL#I)!7>41xlEcxh{>&@aQa!tn`<@6F)VYM=
zv1FtN&8?hQ#U195H;oJPv&KXD^#;Xh0&{<CdT;U?Zw6Y|cnn*!tF|Hr&u+}4At#ya
z?E7s5A<-fTO8>n(^73+byc)e;`uZ$vJ*RnCsB@E`c)@@56AXUW$5OL02!je{|10eP
zeI=)Drec3lsw;vmVB8J;gl<9E3@q-|dXjn^x2y&O({cbUgO%WxbD@*uNpP`K_N|>h
zIngEJa#Jq{rpPyr-kn0+ml4NFa0v4{j{J$8UNG3A0?Xmm`{1&F1-FK~ce`&pK;W-r
zUFa4cVbav0ZW8pQq9-Yr!(NM`5M{%El+*sfuHQ{a`{et<3B|FGbI@R<#XKL*2<uwU
zeFRpU@LiIg%CLoBsaY`T`kt*sITX#e(@xtEI+u^#?4fqRf#h>ILxCKE+$Z{5Y9$5f
z5vMnmD)C_d{TC=WG95zuO(K<n1m{2KCGBM9Rxg-!d=(=wtb30Tgr6xf!B^uCj%2iY
zju706aI0l`1G1w*VE2M3nn^e4_6AhcBpFB+u#0rloe-m_ysf2~CpZfa(BzkrH#x5l
z@3D(}=w-}@|B#?w?)bk}hv$8O(t1D7I157)ITSu50!ZlEXDTUotJ<8YoAI=Vag!nf
z^=sB7j2!hvZ<c?PJDWFC{8M^~g4#Lf3k`h)Sed8H;wqw=y4DDrQ;RE<jFr*hfu<#Z
ze|mH1Srqip22!EjBvY(Bx58DNlejS4adE1n^2|a>h_R*0lP!Wh>QOND^w@`?8J&xK
z=t`YeSBp7Z2)Tp(5ib3cqDg>#dTAqjzK~XR_Xb{aaIVLdw{EjG%G=~h<w4!upZ-}h
z8OQN}jlxlYY61F0Bu17T!KxT!`Y2yhBh<mTm`j#W(zgz0ioyT$deS(y@^$G|%}~Pd
zn~Xm<8@RWJpi1y5H*BN2jD9)PQZp2Y$;oF4W^qTJ#0H5}T43lyEcYVaHFv6!tVOhz
zU%=xRQ<aiVABExa7+Y#$$^H>AY?a26wzU57j3XC_0oMe5)SV_nG2(`@tv`(W?y6>3
z06t(SM!R&)2*<S)9nI9-uwUTMG>zlIeMVB{ggXbuFO*~Q8Tniw<>3?ZAejj3dbb1C
z1^KiLHBtzN3edC&l1s46BNv#7^o{0HXpfs0;HGbR=7CUWDl|q7-}3&P+qc`ujGQdq
zYca@szL#Ci&2{7*49>AB!_m(b-~-!S>`uwBRytQSPzK{L|A&};mqRYrcQnbgr|yrG
z1$H!ELo<}WJ+}rzq3|4eN<WzNZC1b!sy5TUdj|iM-d5SbKB6b<K-1A1D~~C-8%Je}
z#lYN@EqcKe0Lu)AM~)$q0{5G^o0+-)c3^6JNOMm1pCv^6%V6)R%IQq{lM|AW1<Xbu
zyri~i^K@SrCizo%swG(KWwaB?@9j-#r4~VQGh-+uYx^Lv?^qKFV^k6GLzT&-Ll@yf
z1LzB4leo}sA+*E?=|f5{CDkzwt3S6s^(t)Yv=fx*D@pm~uwH>pTWt7g3nNn5+$Y5T
zCbb)nyc>HGS(#az_oL*Dvfgoh_e-*Ry>19<<;a7r+Tnr2G!JF!Mwg#voJ03qltHT{
z;uc~_f&Gi3Lt!($`f8ML&AW|!DI{3RYnFcGE@tw$F47*>PRNA-+5QrKm7QT(dFC>s
zJ}f5;iV?oO;<<p+$(Dvu5W8w;k)&VN^0p66(va0v$f7Po$xPzFhudavmGsX>9)z0E
zujwH3HQFckdy`282<^ufT3sJQFXOtpM_1Iyg{95l97|?jVzTn8(_OGSYn?fV-tX0$
zKMN<$i*2A#dRUFQ{;6?*ep1I{LL}^;YW{r0dXNR@Awv>)A{iG^7+90ci<4$=d!Y45
zYwUqM^V4XRdcx2THlQCXBwH9RXg%7$I}GiscB<HHq+<&B54!z~SQ1!uqC*u;$flyt
zs26sqCR7YM4*x0^Sl9p3bB=093($mjPb;gGg>r=@ukxuN{io)?tK;`(KbYQVNe=si
z7+Aj8Smf_M_5QKz>J7Q5%a_WonO2K*`)KzZ3Ud=qZmiQC!m!($pk%3o%6;}HT@>t+
z!SpWpG;4A0M#+5zh4O`K)n{8bf7I&VB~(9ZoPI-<;uCQoS7Cg84fxs9#^c4^(glLd
zV3}GjWO1wyiQ5R9$UfH42ZHqO)=7d3*5UeG;1PDAc9V~|>0W#B)07!>a!p0MaZX5p
zoYyPTBiweNZL3xJi*)WNDmOIP{-#(9jAd~YmKuy@Miu9u&FDppaGJ}NhITRb&_v-X
zu6vx(BeHTOqGi2Of#zm`HcX90Fqc8NyABr7W<r@UO;n?B0$G@Zxh)y=*Nd+b3>01w
z$o`3d#O;V&qYJ(=z&<SOr$sT!J9TP8zV|xhqKOc`d*=wS<D<uj!X)^1E-RxW{U{C2
zAK@^1Om8WM^XTON1b{x&DMMTckoxSU!T)mayZ(ab^>-;V->pZ8c2aBCpxumzO<oec
zA1hVE0OibcqT2ML2UN9hiGs`rf`e8y1wc)(0-=&>Sjog>=)B*#_vZF|^)y=8_GxUt
zASqPqlRfjfUu0PF+e=&LM_I8*)V`0GFcou;Y5rY?IV&-5Sb=@ts+qc2@MHLiqHA*}
zFcS5r<#qIH>_`_d^M9@E)s<qVL)bn#vD&JU;R$u2&UMKXFf&odtwF&GnxRU0b;u)i
zyq{LyR3B?)Ds-3%tL1xW@rESWZ_ByHykAgf4+?A^g#;;*tQN6-uRMUipe69!?b231
zM0pj;rQ$hQ91gv!%*X;7y<|*E^A~tF4Em>X=30DXkf{J+Vz4`rIy?c{*B0li@g_jp
zGXO-Qsu+|`a<2+H^dOwnXPIr5MH#*h_Y2#e`*4zifIByr>I6Ak$R6M?EkjR$iYrmO
zaV^iMApk}~MLhysA`6A0C${4ot-8ov>taBPw43-Q<>R&UKJOe9d<iXkJ=odgz1oZ;
z%?PjPx;>pNjKw$cuq2?BsoYgrGK3`h>M@^S!;ez$#QE;M*~dAj+8X~i{eIL*1jjxF
z+ezNkQ~QbK+$w{ezoVZGmCZ{(cI|@eQq#x5QTPr9uU&q9;3iSoGe6@#UR=mCKy3R}
z2#p#d5YHEd;m0p?v~q(E=QTLC85ruTb=q}eMo~oe@5x|(!O*N`D&*c<6!w$16yGcX
zX7IET;@E|(uzTx#jv@*BNY6b~63^D%&UZOZDkuFQi|S$@)HU#iE~kpj22t{Mi|kmQ
z%a{L-$#_(jU5M=@+32A|u<SYo_8Pn!*l^-(l)yxmDK#5@9$qPE|JU^aZ-q%;`*!e9
z+Cz8q^XYu9aHEGf74<j|JR`1_EzY%P^yrQZP!gxH;j=of_>B9n`X##w`bpl#EqM4y
zzvIBFKGJV^9uux2M=;o)43Ta)Dxc)p*t#g%erVZT`kYkneTK7%=kEK_<(rQAYV^Q!
z<7g6y?D?Me3*8H!MJ%~>S#F@S{?@MN2(MCi3wgKPs*<oErMc;pb{2S5dV>Ze($=tR
zL+$ena_m$4@&P|?V292?fM>oVPbaV*3}r(65~)JvmlWslWzbMIIO<;sXjZv8%efkf
z3gP3hFtDq%p#cgCsa}vDXxv6^g6>&cvdVI?L%-x*sRh4=gSF?1b*%WzvMZ-g(#4aw
zBAB=QNqxY~U%!`XRzPLbz2>7?yUg<NQc17CjYme2Lrn(du*YfM_8Q@^MY2SD$I7~;
zYOcufs*ailtzK#_1To4qEMuxZ!?-WZ(8FS9PG;>u$%v`sg@konkrWoa*^+txC4RM&
ziT#sDl)qy(lz@yX2%;el37x)cHn?Wvo+$$rtWHXh_21D`8g))>VX;GC(G=nWEI^al
zS}SD%*^qG;Rj}e`J$%$R5ksuP)=C6pRWU3mg=cp3KSnnz7faCBS7PtYv~B~_%v0D5
zH`pV)IMy^oqj9Mr$Vb;e!Ui_maj3+m4$mLic4a!ZG#^RE95&{8q_2k>1oFu7z^W?T
ztiwn#(f^z|&t<UWxQ?vKMV_Fd6nZ9jrsmhxAX;6#d{X;TE>McJG9F#{B;!&fIMc*^
zn#Uq$7j6kibO!%wpXz=>>YgA`b;4c?oQ`o1yS8Ti&enN>i8W<jH{ArZP&Jz5REh9;
z99%Y6z>I#dS{-3I;^d_hS(tD(JT4bv61?Ndm4bD4gf|dQttu%7Y4!<^^T{kBxW<_J
zDLuayV|>Lk0SUi8o2y^Lm)WHiYDI_FXf!+%!USe7KFAYb8WkaYY(HE(+5%5gTs<DE
z%^l<{`j}O@!JY;aVQL<5<Fw2B2I*tBCrv6dU(<lw<jooXrdj@-U6VCfD(9DCF`D2$
zRf^Cg(-*YVs^<Ngb;F8R5*SRme5R{nQnzxYnK%`x4Tetnyt10MlBkXsC9ABKap`58
z|B(&D6xP~ifq!W=KH0=55O7HxjGNue2&~->HTcHSlFs@wpQVbI_1)<F6hnF8j&UH8
zYZ4ld-u7!RI$Vg9IX2;?uK}75d&+!VI=*Dof|(P(Ne2_c^HqgV0X7&BNYrQx#_#2o
zWb=SNSqQYdhqKo00F-*9|F%*>U9{m%RnGs+akIDN<ED-zzmApB+36Q=1KjCz_lL0Q
z1jDCar>&u|+PeQKbd|67VX?{|_=W9>h<c4#bt8zEnL@>RN)~6oc9El*&fdn^-bn60
zUJI{y!%Z__vRA9Xw72&8H6=;buy;lo%YkQSX^a{u99sC@PY=Lvie~mq8dt20#5$Y)
z5XFPYwzp^)Z_VzD!Q^=)9*1hGUnRQ~;1e_%ZISyje7xIag0C-vrBFMX81RuC(omoM
zMU8ICMTH|iW%1H0@40P~l=w^4t+xEgWs>F|&5^hm*m|RHv^#{dy;Cl9+-JByd0;e0
zlXo%mbBuGR{kNjg1NTe*XwHwOrm)TbsMx&aF-Xbz^Z2H_Swc&Y%cs<rz<20zMMwVZ
zVxLDS^GUV*4?94_ztAHWlm?_I-4qde;2<pyO*6P{dahrp5b>n>$=D`5{hKcP`UJ+x
zV5jum!fgvPHBNyZwN)suER<w9tf>+9<!=5nvA?QC$Y);RGI<DH#H#Ekm@2VW$CK>!
zu9kV)`<in^cn&bIIz<&ERztQm_M~=y+`p`TbrjN&N-C9_@_yx|aVhbIgx486(i5M#
zW%3IuytBI$)f0Z{IyYXm)nBP9Vm#$Yu&Yg7S&j;dZxO8%-?3J^j}MJhnwjozYUdER
z;JLum9=@fL;c<L_t;i1}>)!2X#9xVT-3XbuK0-f`X9^X~CP`{x;v^ZDS5sS+29y$^
zNOs-FYEp65bJs^u*nOrl$27dvKaxO{@SN36_~0~u*4XJa)7wg><8Z-W*-`nU`XJ1H
zbVo`5eoKqEFj@xYUi<Bkb>+(3@@BR-Mdx+qZ}-l;z0Mqx%)&m(Z+VKXC5*_@YyMfX
zG-ew^)cqVLSDqbR1}b%~W0Bs2&Nv>Y_b9cF*u>b);1M|J)uNU**Q}B@KeMirl%bRr
zfs2k%t{H7y!G_1C^o!^?*^Q2}oKOf~|De6?2O$T~2SHNrM@OG?*b3GkMfZS5U2s?;
zvh}~gz5HN=2_e%R;(Dg{%HDt`AeLh2nZB453K#tl=Z)eK4?+Kn21CM4B9pW^ZWemW
z1=H`-Q3+@YQQ>BVnoQBQhF;E!NjbL&v|d@ptp*q}KYZUS@ai}EMThl$%arclP+S*%
z`rF$NrO-nqX8hx)a4xA4K^~P!-ZO3fYub&$aj<!z!E%N*naHNN9162Jb@<Yrhc3%#
z4Z>B}XU9!<4HhsWV^D`Vk**zMq9$N_j=yMYHF2gJPU-x?4C!Y+h|ujRFQU$q7p1&<
zUZemai`fKZsKD0TBrs<X+0{~vj>7bE(x9*}iVwTnY&9yp%>!rfi5`UsR-Qk?#mjzW
zV9*T9y;Rjty=aEcktE@flY$x3*u>c;Iz?yWN)SM+y>>ByOr8N1Pi&Jl{;UChjuO^i
z=$FTcELS_EMj=ivO7(pG(6KwQ*}xh=ub9!0@!7%mhmKgGl{PF0GuK#zB|XLq;e4~X
z*IekA`IYN&R~q(FqlBv?f=X`D1!Q4Bnv{-wDAzbL7Yfl8x;EZNHpcj*kE7NE#JCVk
zS%9HW7|~P=m|=)Yi1z}SyYb;r{qh)Ug^2j=*yA?LQBkMDMD908bLzp4=f>Yl$H6jn
z-S*x+Gs$dIP*E*0-`Y^2iQC_src?qXdo{z%4ma=H>lUj#B+6HrBQu^HTt0CI-==K(
z*Fv~n%oT*AS<U0s#kh<?R~Dvr{ZUK%ec6(0?w0rwOAx+@!;J#m8Nyq5xPc3_0nX7^
zzbQ%zLw(3ZPu4eaY`X&sMLn1K9D>hYGf-@Vsl?oW2iy~@vZrN>SSe<9`E{}Kh5ocG
zS=-QLzN99=@DJfY?dV2Pb>%w5?^C!_7gb>8k{6JL2wG*G=1ugqkr7RR!&3{yi-b2H
zL)fVj;x2mxt3vykP@PA$vhGz_s-#DAQYq%nvWziAV_h3?rM3?eO^g`~M-g-$zg!r0
zD{w9mpGDXQi857j(%EU${3qLnkJFc4D9GN38kcSFHA&3A(VQtEu(g5N%dIB=0+p*{
zeEmg<ReB>MGC}BTiK;ud9;*C3SCT&-$SLGSYw3P|VU(^ZkK#CzNyWm>xY+N5hTnQ#
z>V|znQrhQJbvL`+fxwFxA;HYS-CT{7%JnZyw&ib>4qo-_(|m{2k7&2HCM2&18*I!A
zl6!l{!an-Zn*)jtofU<hT=b3d3K3>0wQV~K2&Trf_$-8#<_VRNp@}1>7EtmTog$9U
z%YWO9#A@M)<5QBL+B%6;sorcj@0*g8(zRef?UZMG4&uUMf@WK#b|k6j3r^299;x%V
z)z@#c6jH)ZDWNTMk+|txROBB<XplQW${tf?VnH7E>?8jyfpK^_Zy#EFXodfZ3=9E-
zSR$%*T`T&OFw|DLO(BudjY*SX6356yLZNo7$~9`qHKew!4{nfdZ`w^cE~N(wGk|9z
zanDm%Bs(lNzH~u*Zeev}*p~O#wNciX-F_QbRk{?W<j>$Zf7B0>BPU+0P}9aUzEhvQ
zbqsM@tj%Hp+FEmL?$Y{ohyOFR#@0Yw-t0%kz!mH}_R<?MWI5@%DVB!-<7xFAvo3n+
zU=z4Y$z!y)&`X#|5^ur?gT427b5l8vz&uB!*6^%+6VplC0IVC<o_aBRNH>3M0?YrJ
zovT^+A%MHXVk_g3M;&^b$`m9kEE7{%&_RR)za-@&IHyh47~YkGM@XTLCJrP7&Vm~&
zxOL)V8YF#W2k(Sdh{(P=<hMf=41NkNO;CU-!D0&5Ll61~SPtXirUNfwn|3E1c*#I+
z0)*V5@V)Vk$}f4RQm(~H{LGu+2|Wl3Z?>(z=1D~qx~Ox&S|yM2aTUsgBMq*wEmapu
z^C{$+t*dkb?yXU9`G5!UNSE~+hpQG&0%3*{KSbLWAJ}$n4pOa!5zqrsdUl3OY#e|1
zKyr*cyp@j*lWF=LxQcb@*Z&kJ*kF5jiHrDc+xr?Ac2Kv}`RTkSSi)-E%}rY(wu0|Q
z1V1B4&8!p4@DJgaGZAk*n>~KIgP1YD7f1zkb7Az>t5&L~+3lD3w=WVLO%YC@cZuBP
zqJ8*E2GWN(FybWR=dPhC>AsN5iCXgSt^+g3uPlecLJ298Y3^*#cxk4&88K~%)8(lU
zNG?0bjXu$y`ZskIr2TJB1iTyPdTa~ktdl%Csj~J@$Cd6X<keg-8%YxOW)+Nk^ot-5
zaRHRx2qQ<%Afa60B!bYClraF-ju1=6zZA1sqtQ96UBdi_t(+4>|19rn5B!W>DLYYc
z5WIIU9ThTdoDsa>BSzrSp(}~2rJP*2w`a=8&+RXTs+*qy!q2YLP{i6h;S)oIO8PEy
z#qrD_GIAU6#CLkG@iAQ+0;F(_$Im`hjCmDjUd;OUN$0g`w)fSubdDCwN`*(iRYQp5
zz3hw&w<;+RKW`j*c{T^bf(a+$_j($eql6`19b`}CyvR8qht4~ft5~s@xzEHsSo?*+
z-XD{`SPjsSNT~#LbP8?QzFLFYoJIc#W}Q66S@`q!V47}wXFqHj6-qE|JED3qHJTl$
zN%dW!6eMtIB6&DgHHqO+%@4v!k{~OWFqzE4oGGY<@sA(%eda~<7I;W@rk=s)`j>9=
zR%`K?5ptL~w>W^tJP}Xw6%u92N0*+Z%;~CkJW?_Fc29?s^S5Q{CX}OM9c!<6u}nAb
za3dVI?<W-D^Q?0|UWSWj6`g$nC}E~ymdiZ$R+v@_RuguWq@X%QYWxl;dEpz3Y12Lx
z7ZpzxrXnZ6Km0WaMYo=xxEe+tECS3e=!rY1H4O0E_oZ+pH90LC40F|1#AL^yTK!9C
zX7(O_r0QpwR_2=Uy?FUDS1Y-wQNTGYH!~Y+OzmGS%5;Z;!pOp?Yy$=XEI>8hR1tJ-
zZXh+apK+GD*ZA!4A4%fRDE8*`GhGjrkqg(p*ry@8GSHhQK$4&>3bjX_ET-$|M|dkn
zF8_<S0@X2;l6qkXkcae9`BH!}L3oZY0bSc(!Y1f_tD0Ce|DMYNhK%_~h-ko&;+rkC
zed?{$t;}$*O5W#h<>(nX%W(hI-~JfdZ$7otXU8sPMY7i<{-9Qakl`3jZoAZalf}{%
z`*kkWY(L&mkX5QPXU1HTOBnszM|{5?5d|y5Pwf}}Y;Qx7$2Tra3P54Nk2NO<{xmTO
zY=MgUcBghpkG~NW5kR(=xbRRV-DNJb)@fqE(^EFU%?~*$^z8zno;73}l5&}y>*LjK
z%yX(E_JsL+m8kJC+Ji+`()^r9h0PN)Paw0>lk@h}6nk$$UV3^-E|nQ^ltV|Yf4151
z;c6FZ=6%1{wM>1f76sBFCMcl-o@}8)SY?)r>MbjS;V7a$%!)6Y{b&EODH9=noIK0&
z!D9YC0`WE|5G)){iib;XaI1M-K+wcnul+JnlG{b}0(h!P{EG!yD1uc=KD+Z^cS#+d
zO6=t4$6S)noiX_byiUCpajv`R!MQ%BrlbrixKUU2+p0U;znP4dUk<sFY?ScfGv&gt
z?&edq8E7E}GZY|a;&qIpq7YkBfXAX+X}l5+Z@C?a?5|_NAqnzK1r~;|RixJwnnZ5`
z!jf|62_P-q6K>)p^|&Sw3hd$~M25_VYn#|qtk|3x<fc3>>O<9xhBrvv8x?!Iv>W8q
zcewSb#dwK%VyY4813x;R!I=}OHJX0L$iOQmnFTg$HL*`c44IzYWAA%wg(VWl0rc+L
znf-89C@AosQ0oCAWN+9(JAu`5^{C4!3-tHam6Cm$wGx1@6McRbX1Q}N$Jx@rBL||A
zQ0CeJ(kFWqb@z%xq|$>Y#y|}!`~i1UYtXZ)xe1L=bP!ge9J!q{Qe!}5dRw05Ok)-k
zz~}*TC4N3bz12Tn2jv)AEWNMXv(XZf7e1k~6(j42o;vGtn;0v|VS!wuyTa|Z@R;JQ
zd^;oR4k6)$rks$`v1MCk!-CoSmSYS_*(s^n=aR#icWfq!@yPz#Ef^GnzCRKL&=XJU
zFN_T5Q616QRALS%Ds(PW@-%h==H3szW0lp}usA~!NBL{Qbp58J9jZidnv&U5Bt;H8
zP9O=mPE$oMAevUAA5;tUOO%9l`^XJ&7`?D~^R$R}>jz%kRn=86)^LWlG_;FSR2@|w
z!Q$>P`Q8&>drW%=pX>S+EMPAFOty4nErY9<r5?3zo4sJ@ePOjBn+xcfz3QA7)4+!7
z!I`S`0}!q86uTZPJqA)}Mwu3Yqoap(onNQ83!3@oIoVX2uC{g58|~0R8P7Iqi}=z0
z7eS<n&N?4Y?#&9kp@2m2ykxCR#WegO_j1xX2foEo;{H)srFmG>$5Tv~alG+<`TGD2
zOH}mRa4Tp`{@PqL1N<D^dm!mAi@I`GrimOfWL089p1>TosmH_A8Ws1beIyP@JXFpv
zw&iU^WcBt}HIl2HSt~;Xv7Q0!%Q*$Nyp&g`;d$juyM{~eH8XJ1!K=79u5ivIzg?$T
zraRR(-FA_CBWVVveeZWrpA3o=?AqNh|0(r!6B0v1N{y?^l`WJS$)K>7LttVrUOU%D
z$9ta;#Q>1TcAz?m*Ji@{R3PEJ%n4~^D)x@gEL>e|t0yVnpd<G(X!cXlQCOCxUx8s`
z)KDm&2PD=M?jKnzJ64BVV)niO6K5)qDf}gU<{I?vQaGo1w|$m6Ma_wWz(`QpK{dA$
zc)4hIvJStgQKB(#uc@bI$0ah0`0J}|TnU;&ZbJUZ7c2hU9F^`svsh;+Vf8gw1RlX=
z>QC%WBj?qJU<DeC$w#5F8L5VgiIeHqE42kex6KGoF&b1Mn!CAX_!lfMRPXq0G6n?E
z99YfJVp9OO4dbRngjkd=aQVl`6rKe1{j^=<GJ~gt!6FqEBpp2z(1~;ck|NOY*-Xgc
z3RJpN!^KN{9_`PPJ&B$QXRs=EB=MU|XtA^Qm)AI6(@tI}??{s!cv}0x(1pE_D8ZkN
znQ+Q5W=ON0xcDF8&XjdCC&}7S7mL|(%4$hlY&Ij2-BY&r>B%PP_3|zP{;jGMO{K9!
zt-g3-D`VkOdCA&?ngUlfz1+L9EJvyjh+el!`y*Q<FD-;FfZlsSvd?w`aB}5mwPaP~
zsrPPdBr}}(U6P_0qBA`LbDdd<45=W>#7=Hy;Nd}rZs0weMQP&(07SbfQ<e4gw-;w|
zEghO#7A&mx8Zzlp*QR!WV_)_5kJRJBF+BT<`s#30DeX8I-%O;q-{2pWyaZ2!;}fei
z3?=-^oLEa@BEQ$Cq7Mw`N$*AqBAP3y9_!>drsqJRo;f~$h{B_^zh*L@M+q}B*4&2b
z1)5i|t*gXMtaH=GVea(qy%>RDabxp|EV4CKy>E7oL^A)U=K}=AwA{OchN^|`9Lx^L
z7WH&<IGUE86<0=;Wz-$Z5A>G75?iTHzY1P%d|;fVYGk+1E~IrU6AC&wJ(0OsQxt0q
z5WSFBAsI96SgFCWL&Qm%F44H;f9wu5!3!?>GKJ0en|4{6VCLgT1{FHUN(&U3Cs7X#
zCP6oLiOTD4a|_7%g2=1O#dn?kZYEEFdGyt!3q4oHztS^Lff+N&15UYo5C&pmJEE3q
z4M{UOXU*Y_?MIU+dL<97;D3qc21iw9^bvN8(ENwhyW#B*_tpf{CSE?pI<8gxu^ak0
zn4IO4LwCk3;A2#cnI>0<3$wZYqGAvbpr>FE51PLZ@2=I5xf09~(pfEtE!;^lWk-Hb
z?aGb=S(%=#WRi^Rl<><|SQ*n~5uVWpe84IzRiiA~@9lQPD?Z>Fw<=;xpMfUhWV)YA
z>@Eh4i`XT#40ugg=iLiRCt)ND5b?|RxGb}2?%3#@?ra$RPp}?Qb@c4Nct0~%D}V@3
zArPX7!m5$pwe>>p(zrJrfLE@up6~)Soj1mtq%;<k8%Gb+%!w;bNX0!QqJ|-q2B}AG
zJVnzhM6Y>Rdjbkrw5~OT3DMBlF>KmK$F;L#W0wt#HzRzx(qd*tj#@$;_haGc1~znb
zLbPd1EX|f|3~IsPk3Ay1T!9J3D<Zw0MrD#-Uo#gWF}9Ron6)pY^27@7Xg>=#adkTr
znupd5TYim3M5ut7@#KQM<I~OJ&O`&H1Dhg1<?bDa?gL~P{&a78Fao`L5=*E_=H5|R
zqx-=U9o?Z>6S|5pJ|Cd7hMdrS8}6PCtIC$P&d5}Z{*@zxG|2I+&F)FI<n7Rq*azo$
z+x{O9TRcocN>M=eA?X3e^0x*e@2xPcOi1N$f_C~C&K>I>@hC|j0L8=@J5MTu*}d8Y
z<Hy=YV_x_5NHj^v6~S9?xrC<}`(6*?*6@22WzVnv{38qn`C>7IB5w;4lgt_luGI!2
zmK#Cy;wjQPR76f~it)`TZX|iBCuIsFs(@NQAccgmfL{u2=`Ma#jCL2d+ZMoFm0?m{
z<$NU@N9%T!v7XkYaszuyl(ipLgq#<!QX4V0(tQTYMx#V<5K#5WR2?@Ip(=88659gC
zZgOzj2PZ<6NgPdgK2{#`KwoG)gsihjHS1i*mnl}oTher%)&T<jh`(28;Vmt2sNO~V
zGs657+}{rj_;ZmjC|VWU$m<4!Ld$B~sI~OWn$*3(G5UZnfe-QZj|U`ai%kiNJ96Yv
z5<%i_k8y2G4qek%r(%k*5Q~Vl&XAw~ruk8HPccH*={<_#MUhl+q@Y<MfN^luD1`)s
zp42&IMA{N9*ww^2*|wT9RG2TGWB`Y+VH?c7KzHQDuM&Vyk(<!)WFp;AU2u1N+PNBw
zEzuH)bnB&^Fva~|o>`gT<9Hu}9PHUx_w2HuJrk7Bk5HmJfk*U?j)7N4|M{+8L_<pP
zNeso@$D9c$t<-Y8MP+>erR>U;2Y-2}E$(gCzSDDO0mQ6o!*!tnIo1c>sxnTwR*iWY
z1j>`G6pe<=Czb$$>9?M<Vuo2A&<09d<pobSInW;w^^IN9b500_FroC{vCkERz8iPy
z`v`mmlPX@i@YG#~bUVUBVBVqYqeh%Y89pwPgy_4mPX~`Qk7D?AwPU&8+1d;RUt}R}
zj2O_Mo)Cd~(V##;QwORkn2QYa-nC8yyy7cn+tF>vVWq;_ovkhVDqe5U_7N7GlHk0s
zDZ=h(P+JO`YsW8kwLp|su8k7YB?7g8#<$&*;+BC4Mmz94aM=(7ON>AG&D##y%W#>n
z%L|V7(|1I(gK#_YW!3mQV7hSLmUUq@ll`Ph=E0`0LR5ssVB{*5U3ymF1#k?c?$(P*
z_G|1`g=<VMr_5H0{#~D|l!|;t=YU5~a6G#|rrS>sn^$(Yjhv9Bfqh;-LG%7xvuMH0
z$(aRiE?0Vp7vv9Vc85vD1$^6<U|pQ=x&5QY5Qhctg~Z+pP2^R&O!r>Y{=wgPz(9Hr
z;KeiQPx@>2w?mW-PJrXPG7L-ZtMIb2{8f7oF!YGmRtVMy4)Zqkbw{EMvcvaQZugEh
z%bggqKN;?{bBsB5p-}sfE50Grj$Ni@J?O<WeglZ}fTmwyVel5qdbtRebZ0#SFt{)7
zPAdH}Y^k8jYU1IyBxbBTZDv`E@GPo|N2X#NxFbeC1}b|F`a4byI;#1Ee%11kHsr*;
z!o|FeH`3&8=P%VjB639C*o3IH&IV+w5m|(4utOT(3bL3b77eYGaK5f)4|s5fcveT$
zQ;n*NBXNPf(wIbec@X(0TVLUVC0P#8@>vFQx+N+d)^qR8zoZwSMchf|QsqbMHT7$;
z-O3U|V3^q<&Iu&l;`GNAK(5)C;i8dv!c64`ex^FWyxC_{12x6YSE4NE5J9K<ixDI)
zM+b$akg#<E79nwpD{V0Zq$`Bzg4xmt{-2Hf?bfh?_4C@wk783wmWz-mSfYLE59~7G
zv0+7Xc}#}rYiH;3#ePkW!2zN<By4!0vBuh2cn>$=rH)P7R<=s3m^Qao1tXz-Mr7F%
z*LFoS_2rN|LD8UqH?b+jsss|E==W$%y4PMjimoy7AA|g0eH3q0=8vUu#HKoj$>N3x
zj*8Ek^h+q#Rr^XaNogFU<cgj(C!Rgot!E`)MBRnOidGo{PZo-OyK~)O;#OR!CY2pT
z$N<m}M=n0V<zR`wJiRiBe?ZK+Pk4p@>+;>$Zoq7jh!{#Tzp*W-O&aT(poElakXK@I
z)SSmm&}30<@l1KkX>-O%PBIb;;KN5n&X$t4e!)HYVD7n22YJL2uuV<D?n-?kQa_Fl
z@d35Xm-JP#fx@u2#J&9%p6a6?yXJb=5B}1|&Vm#d8B1@eA%MTG15;8zJ{Jn!>PdT?
zH9rVi={@2%pPi6k{PsU|a-y<S-oOdsZ|tCya~j{CZweC)#so~eb+wK))q?jUVznnK
zX5?(pK;kJ9dkLQN0fb@2QTs~c#(Mwanc-2zrjDf!z7P9$c*)!Alv*|JOG%;g*sx=^
z<glJ;lPPTvzclOF+}7S&Au1R?xv+|TPn^19tq3GbH6dHQwO|euJUV*!W7{sPa4{z|
z1<I3Td;P${+IhAw;DQasf#w1*df;{M0w3)8zTe+pB-}~{sC>zc+st+`MACOKSz>LK
z0C*FUy~Nc(qa_?%6Q3wB#so+4Gkf`e4Tcw+&JRb8<2oNGVrR!Gy3?`k>l`gv>Z$S$
z*x6;wI|rZdfZ!=k1BH`nju5DX1bbn!?d}X}c#GvEKrc_peD^$i^E92EYU-KY_uf9k
zhxkATexGyynnu=^YZd%lJX}Blj{W`ztYD6>Mj`L${#3jEIW<YIifG_$$M$0iU1<{w
znAZ+Ik1QDzq)BC#1uxGkQ%JXA9WU>?>}uMkw$r@-5U~zgsp}eC#p`@CWV+LIM2At^
z@5QJXlEfog7+t$BvyI(r&*4xg7)vTIo_Ll6@boh8bi0r%ky5E@-$P7+knx;y68ctj
zI34NB%=(`$;FWH?In4o?;!#BhZ|)~8dItkK>G5%ytXvi{z|gEJ8Gm)NuL|G=*%6Xa
z**wi?2?H3JnH8pZqzLSVPaNZ4FU9!kw2|uA@LlmR#YG)CCWWG64Q1PF8#6m;^GbcW
zK6+!oEM$NBD`Pv{Z*X>!R$GtG7xO0}H=UP1dEHwg)Ei7n_JWqZ1E+Vx(`T0?Fyl`x
zA^2Rk70<jP%kTh^lJQxobGsT`o}nz=q~K86mB<V{?U1+j_(l+QDVVI^=o23B7JmSk
zQlxb%fPR0W_-t2zA1ax}3E(|QL6D?3gnMd=N9=#Xu08($%k5%>q12q{r*~$$v;tn{
zOQ0+AOoenEHh!4=a+8$l-G2ud3zV0^@STg(Ms0Hr>(ytgAt!q-6SzC5O982sOe^4E
z&H6zHc#QVGu46xIx90P4MNuV8I^jZ4=5Dgx<HTU{21&`3J0E7&T%0k<<N%27`VRS7
z7Jui6&UGwiG9Ar^aM*kWC10Ddo6FYlV1N~(yfXpczeNU`)@(E_Y5N{Q!s-pzO>yW|
z`aZvs@i`vac*7=$b^Sz>hm=qIZYu7p;IU46y%n&1tESdMJZl@%HKs^G++Wt{g_g-V
z8KpSp+3@DrtfEtjjW6b;d4cp`o!1nk6qbQ-B}|m#6`H&Ai1*ZmPSn~?h>0-8Pk{zK
zRDXzcNcUNr1TpncD`1WFht9`++CL0Nj3~eZp(pjOh+pu#bJz|Ph$MP>B$xu>AhRsr
z7-W<Qmw6tSupt@q9f$q()OBO&dJ~1bw<Z4*O)x5n*{5`t<wsi&Pq)Y5FN6z7n@)!|
zI<)h^oySRV%Jk@g*|ocpmOcC>hj@{D>U9Beko|(u^B#ibIG+#Bc3>6*qZN(7D4k_7
zh};dpSO!@&jA&Z82qv+3vwk*NwsYyyNM-S}i`8YH%dkU9NB#Qsq=^y2zrwq5F`;Gw
z4J(gnzBXs#Ak4t9pk5$H44pTAv7#UbW5;d;P9^g2vfQyq&ECZm1*A`2!4amyCdM|b
zAeS4m9}UfqN;=k$@Ev(LV6>`R$1Y1VsX7toy$=1`TU8i#P#B)`Ee!8bK8X`67XM<_
zupqvBC(qU>Q6bY2T8I&?D=;%GKu~A-^b?fD&+K5GfGu*H_&kW5qG0?&=l9^~>Vytc
z<nl*K>jIkGjopCU$L!NH*}p@>|3$Y9>hiJft25!r&SRK-G>bUJzdYDElVrvvRYYZx
z<Zw|koXSR>AiGDFfPS@JsHHYUGm4Q>)PF>MvJ0U&Qu|`Ukel1+2&m99V=z3vh1FhD
zfoGgf88<#`dYMjAo0x9rM(;NXFu<5|f$)M;Jwj5roOq#5Ikre&kkslh?HtXzxE{oy
z)P6-!UpuzBqWPV7OaAqu=QS~Xv@5bA$_z74UX!lQm3fw$G{zV=2AFjS{suOc&p|fc
zKFMN;fNt;#!hUw1MuX{Y=te41hS6T(Q0n$H1l0c5>5I$%s?+a5Y=w(f+}4qoi1wN{
z{%FQdq*nDeWNY5sT*W*dF}xJxYyn3<jh15qZ>OVVwir+1sAo#+c?P>41?w4N`-qvq
zT8{38;(AhBAJ@lek(pDxkBePqgR-V17&|_0)<l3wsR8m`zoFf2_nnnQmWce=VCT75
zs(m{tB=ZP82=1V!Vrn+ox{=new{1YGE}50;BtI8$REzZ{{JjM>?b6f45X$M4Q;9RN
z3E}ySV_ydHPenkCJBDO#fES8@>+g+_S-g(oCfgHy?^s8WKb1T1aYpsSGZ_hDBD&C%
zu8+R{wG!2e3B3n!(6^E;V6SV`n1wVVS5>v@1A}6}jVA(o6d!3%2R(_>&ZFQW#IDQ-
zxk5Dl?l%DiMdB}9z{SVuQJ$VOgIeG97lA~@IZX_r7mtj*`vHBsHqHLhhTuvUjYhtQ
zp2UiwMi+Q}30vTJl+}!OV9@v-Vr{xSj6J5%7Lds|{TCR)>h9_T#D?-HGwoz69BsiS
zkR(+sa!~f+ha7g5RjbpE-$wCNp!nxktygOfDnqIhqOM*WxKt?c&I5jy$NQ15uJLXq
zL^^oLu@d*|tO67L?$}bxJAZxC?9!15;O13VC~BISeaU~WnaMBRUF|FaO(E(w0{CV~
zTZ0Z>=Uw=J#1zJqAU?jUC4DoakOgrQzS4fpM`ChS3_sd{xH2ytwYPj@A>WN582=-}
zJ}8DMb52pS(^HnAr`yZc!wC(9?yCy^$P`N`6W%h|DyVu<gf+p}UU<gYlssVw@Ff_*
zX$w6cC`8=`UUj0M#7iCWHD3`IZ$p@(ITFg{wa~!wN#I8Y=A0GQA8et}W8Lg4YS=#y
z-=R27Eb2N{N_694%67%Y3ko+t9Gx_OheZ4xCQkhNc6`H~@ef;PG6f}Uy_R5!7}(g`
zFRi180!25ECqRB=*dyi;D1f~<BWgl%mnN4@$!1hPyex`hP|uhE5Bhq8AJtl=^3nlU
zbZ?tDl;!~YMU2|NGxPE~A8kP<nBvM$iz(v2_WdE32!h~gj7BA{*zlzZ{*J?APv5bT
zgfKihe4c>B%3C%E{E<%yH8ue#!H}k+TdE`We20+xw@jw@ESI8yGv4z?W#=MPxtW@(
z#U8G$9*5>5p##sY&hml)0w|!PE-}dG1lrZeGF)f71<5DFC2fyUmg%bT5!X$B-4>(b
zQaj5ynYPY-jofGWvfmZvQq!)?+;=_4S3EL}r>N(qy;r!h;dVzkiltRe0NjidTC_At
zwo5nu(s||xVlgu+YFW&;2UX~6oDAZUS9vT!vbGPM%@rUu8BgBMFjX8C!h-XE;I!Jk
z!p-zu7(wI18?C-m|2i?w;e3xEdM`uBA?D*h2fY)Sixs%w!G0m!x#Zaur2GeM5d0Jo
z-0x9kyW{(?p-4@<kWoXbQS%_*xP*$zKhfXWUe08!m+!XD3l%4%FBIE}_&R=`fgrg&
z53-#eX2CH#Fdli7ZDrez%duh|I8j!V-lFD>QP$6Ll^yMunV}WTwGt0>9muwHh}kN=
z`+-Qr?Flqoj}yE5*F+f!zo-%LTs7oVkr$pPRPF1xH7h|8%)DhpI2(z@wq&izREJoJ
z<PVIxROo<icIYf-FXBD;y>|WLh;I*Z`^aqP>+?b~1E)#wm)WkdBvhxOx`t<Q581B{
zlz@aleUW~>OGA`Mfp;*ZQ~>%wJM_38!Fll`=tIEB^&~BcF{|zQtRAreO7`9CmoyC(
z+)EU&$}O*$CKKhN<%guCIY-tC7VT>|WWGfQ)D0I2x?a!HjP_aXgzB2KdnW5M0zj1i
z<Rdasif-v;0X1<u#<M1gf23Bh5i*fL=jioFHrY=qzH&u(SfPJGFRHJRsO<zZ<r@A0
z86#s$LQZylmG;kF5w6`^y<YqOATdXISJi)Ku`DpOGSCR!Do!^yr!Ta=)O))z{d#{I
z3FZF03Q%VF9O#T>G0$mzcjS-T^%5@wGwF)ao2K=kOk}fIPB5aTn?9(KyQ>=eLIp_G
zN=Qq-z2gZ&O@tn?u1i8`FkfC!?*QFv#Y942OdOO_)E4BRL-ybpTiDyIdqQehdAbB5
zY86?F{jrBh9-$UbB?=@0o+u);)DC*AH>74S%@W6EREwC=2L<ih;92RtzUXjj_Dq<g
z_%Ih3(f(2}IDypl2_U8fb7l)Oq)Y=peA<@T3CcouP`$a8hG|`Rz7+wme*Y>ZhMnt;
zW#MOiaxF{Gf=m7W%Kzxj-wA-!<cjxMI3oa^acsGisZL_V&p;#3)d;C=DncgpF$XUr
ze(IsIp8(n{D~>`Yi4g$m-9fE4y0__NPwCmk%!R(K8W-@LKhH%OmwM*@o1-H+bIDlo
z))Hie=1_DbCv`f2ejowhkS}&fi%bGA2PC+DFez(*%;l3^A0l0x-OfDaQSfb6dW+Xz
zIee0urV+@ZV1W#>0uCy()rp%HBzEo_Y-vrZWx*3L+q0_nHX)r(zcp(HE=`#xU1^y%
z9m#s<-s+|{snA`dS)l)I5Ax*b2h`6&J}MBn?CB-rHrtuD-gLJM$%s`Fw=YziP<cQ4
zES8*bdw5TpGFZ|Vn!5_G&{CKUykfdE<MlG<BBSez_wDm%-38{k&Y|OzTa9P8iGr`6
zNupr08nt6IK+*bTNKgmC1L161ct$1iX|~A2*}Y!L?#ug%2$f2wuFQ-WK)m)<LC#my
z3|7yCR{9^kP%HT$ih`CxrS)MCS_x{MY~zi<strhlF8k0m7mmOky+n@T?B2rtPjh^{
zavxiw>dHO;!b#nrRH#oPOqR2{iC-G4W8-c7HxR+<$i22}Mz16HEtHDaGowxxh^3KR
zpa0#rb*xVmjtyLq(2?hFP#3-i`9NcQKet`?@^lk1fSmMtwAHBC+$+7rUC9a}^>)9L
zGs5sz-?^OYrJ~=jm;&12fDQ@7L%2$2gxiBy*4pCd^tdGihWd=5c`Se))of^N=DH?*
zkfax8wHdDKw5y$Mv@<{U1kXS?DBW8}S-X#pIV^()!|0cS(sH|KC3=2=EfZT{rMT9{
zq$J)Vf`~(4SXS{WGgy^M=R-a7-Sm&Oq0;kX2PIXa4zf_JM^}dvv|z*2ASbn>ddArS
zB?GXHs`Yt=58eWkoPYiIB<aO>V=|n!UJwMq=Hy%n*#|XkaPw5FesrwtUTtm(WE1Wl
zsz4;qz84b}``nFl%wQa9D)R{-AV3zj#<~=|!AXRHij;eYU7=mvuj9OPg$ST!NBy=T
zP2~RPXN_GO^l^eYvBYV3XBAq(SVh^AssWCn=!wBBL{>97iP~^9A7H^&{#n<UWtX(+
zu+#A2!QpB`Iv*A}T`gX)y>JJ$FwJa^bHZG6Wz&Cx45MLgOg0_2SPNNrEP6BxCqN6F
zGg=$p0vVb`(d|sbB_yBkOgj8c4RsHtD~VRkwNbaZ_C!tX7Wq*Syphtnisca>cQ*iG
zL{ZsiZ=B2S&n5}YFK1j@s?^YMLbl!Zwrv1CL{HGv^)M|&+(kWVB62-ojPbV)R-Jnq
zxI?Ts%VDS&XYvt|QfugFqxQ_mhhSkr2!J@Plfb^b1eu?!A-wS&5X6>qxp(Py1nTh#
z3gXi?o?lM8ZB%TtrpM-!uG5KL51k@DFyI&^2S%iEkl)aWUETj$wKY8PuY3>}1p&JK
z2``eDG$2#;VT{KX#j7Znj2pgd%WC^f=H@|=!JW~MmOp>Q(iYxRz^I%hHUu3Xo<MTP
zt=JB_AAd_zvoR@*eBFg^(^a9v*kjd4@>_|QfDNk2vs`Vhm!cb?i|HTXZ5tmYPosJk
z8?h1l*pi9u8e!*D-%LM^5QtdDP2C8g%3`%l5H|Tsv>OOC$ZnK$24z)`Y)qur3;r1Y
zEUb)y5!$rj$|~p<>|m;r>0v1afX(MT0<ialQdL#rRcaOA{^@tgf|~v_w5%9|4o~Mx
zPdVgD;{4on;u^OrMdUis+W|IdCKkJC7>DULln>^6dzzP_<b;g++*U?eaU;Gz>2;Ks
zBU~`*qQoj8ho5=|BGbksb3+-q6ky`6>Cd7zAbb6E<C7^pf|w@9UM{yMK47S!PB}ju
zD&xy)aG`WbOgY+Q$++8Nx^C(Ou#fII-2o0;l(EdqkDU*)>0CdZ*0bdPR;mc$o%>Ot
z-y9UXHZws-v8y?%l{dD69IzvOiGX=8Z!CH;qsD0oY+C(u`ram9Jy7En-8S*e^xf+7
zhSr>U;AGH6T(STDnHtFKDq~thgtaPRg}e=_;jv}1_<{8~RsWj@@=}SCijgNiDd$e}
zb047%ebq^jRAUAlRa@X!*xT0T0{K|IEEKCS(0A65(pxMN5phI^&AOTuog`hupP}%z
z*DYr&u41#sq!-iH_f+_Y3U@{z1%*kooPbPiwp71BSbVOIRslrPkUUj?7Ao}0xIrJ2
z9?e(y{dfaI+5GkjTf792t5A$bX?xl9Mz-BIjrP2f!`=ChK|E~Q-eNtiZ*`k(T%amo
zm?7;-?e>gm{N_7X!`g1!r!VB)9sGL~4xuu`C-eaYx-%UnwM>8Ev(uz{AOvjl@j$wt
zTpzAoo{i|v1plS3#=g4oRV77RAj!lN1Bi?%3YtgjOXN+-;JO?HNPr8x`*eVhB_UFD
zp~J&iJ6?wcPv)RyiNH^!o6O$Xf%6xmKtBO@irtt_7ie&}FhMn6SD8r}rVPd5+iBqG
zyfWnEr2H^hHw2&R9SOIT@?Jm>3A~kMHeT1mQ)b9IvG3G-zPWQ^rPfghDQu9E%jjYw
zeDtawWZ_y_c5BfqsGfWIyzP7#s!b~(?ft^~V-7IV<te#*Rx-qX2ipw_Obz`>%Tgr5
zQ>}oMPZ~xz{xgT0nV@_p$zIB{5Gs^zSfuce)o3`<E1?$N-__}*u0{~L8MmzH5`rf1
z=OJR?<gvI-NJQH2?)#dUkF4R=cg-Vg8w^bvA_Dx;cW37GJA$lzVK8TdKXUyR5E*9)
z58#9HG4&+T@>pwLO)BAq{LVvzoWZ93cek5!WLeT-*D3NDnbB(%XjX)fMdfcGf{ECC
zb}!36Sv8ZD@ndsngb*wh;kTrYrJHexXR;1~^RCc8W5i+<a${EKI7lJ?4w7;_sJ39;
zca>xv-CcLNvAM^2Z2L5_70DkdCe>Q7ZN9P*ZH7X|M#V@ZcHc)=lXpxEoywUf$@irx
z_&IX(5KE*knZMk`mHYt=Flj|^+Tmc^R&sta)0@zFN+~F<(XA*WW2?GcpqWz9A5Ho2
znnEYmaWaQeNUy}eiT1n2Fu^ASduY;sn<B-q3w#}qr{rVdCE|$@QnW_CQH#XE1QMTT
z6X8BB@@+XMp?!&3jSY0)!i_I0KNb`v`#3%z@9I9Jqty=;mvvH{D~=^0kU>dAucVeV
zF$tA4)q8$$5IdH26XQEaea&gOa$8l`SKrz?$^7sl2JrxlH<}%o1k@#jL*O{oJNUiH
zq>M<UZnYkOo^n6*GfEOeCxt%q6Z%YpdQl>i<i!^56ag$sJSL>fTcM*~6`CHC{w#e-
zw=+0Y3+A5VbT7kQqL@bDTm^PsKvxfDK^FUl>$5)8d(%)v0oziPKZ18if4kX$T#Yi>
z;JlIfqt{i&RuM)7m{VRh=V>Nuf2Z4m&n0Mv8&8v{HWKTb^6^nu>~?A41riAOO9_cu
zo^0lO_W_@4F4n?fj3t_vuB?@1h6F=r`_h%=GcE%JihxRo{G>na3Cp5ceB^M<07dG!
z)@Cpm=b{yo4oB1UmGE2B$L@t5o@!wj5Kjn`aY9@9k-XAWJTcad!nGIr;&-nrcx{@u
zNfIw1U#Ns>Ti@4oo83n@zLNb;20u@LtxogTIVbsL_+rVp)qK^>^7BpKIF;aDlglT^
z5)v(nhQZ}Ih^eMbr<CTcWb_+2&qs?waIwee@3{rAL$c3!?8>GZOiv6(!si-kNoy|p
zT!^8eQJJIcMU$upQj^72pfV#E_>54`lP0W2`+C=U<+gy`3Kj!CB#F1)PzqFS-gP$X
zcn~UF?iks2O&K*;(WP1)&bjKOI*+1-nSp|s@!C1_=9Zh)8d%+U2;)gmNg%)?C?rle
z*F}Kz&HF-%vjdQdjlZSNwh~xuZn@a?67yGio-R;}{e_rj@8SHV_*`J90-v96bA=29
zaoh2fE~@EtS9xInTFqFyk&&7|d-KKAzy|-W{WIx7XxfNOB0X1{&V9fpP0ATn)NG(+
zCMa4qD|Jr8H!ki)45MMO6VU3YFQ%EFIYglP;a?IxmyzlP%)a4}?&z`%!ouVBV|O)`
z{_*LL0v0>VMlk7>hzZo15Ft|}bo2}t-K`y=s8N8j&q*bMfYYthPFa3U+G5K1ER>+R
zDA0W2JnhQ&)A$1u9vj4urp4$G-+Y#tEU0gObTtzjTtxL)osS{fOI=C-OW@X2ZNgn-
zB>Ci4027&m->p^$crcLyu~>^Vn5Q1q(@wA0kCy>na!e<L3~b{GyPXb~7#N(fIt;Ze
zIq^=pzGMwJh~dYXCf~9}op01eMpH+fPx?gb8Xz|f<46aw^-C}$960>VB6yc`5-rCN
zKJ{H_EIRXic<<4TP6pezy|Oq1SYVkPg|YYEVkg@6zeovbi67)oV~(KNpdxWZRr0#V
z!s!*#O~}4&pn6ANXz+t1i&GQJLLT67T+K$7G2r-I3fOX#tX1lPk0u+6Xwnp*gskE3
zJa`MU*}kVll_fC<WTE)<(4`p#a<TV?3maSIa00-IF~p9$Cu}6&CZ8JgQElz}!%?}&
z8)^D0pwqH#a0w{Tt)Y3qLq{Rv4;}$u0w@W`ou?o<S65bP0ibnhOHKHd!1hnCU|ynh
z>X0JVdvI|PFVX%O94lH2&YRsKsA3MlQ89SoK3FUlH{f-9`?ltY{dd>r@D<wW$tZ<W
zLhSBMRx@b#AQ}zPv@eUb_bn`bY#{@o8Y2UZFHbxxAksmc1XXdxc=T;;7crjpJ5(+#
z|5maa*#96t;Dz%Rn*vj}fhRP0eBB{8Lcbz=$UstkLAOL|r4yefKRRmV0|)NRz?M2g
z`b1oD>CaaU_}w08MtVP*^7T}wh?=b+jBRz1Hj=~A{~9(#eb!C14$Hm<uo2k;FhCnq
z^HI?cAV0;V<WTS!;b-kxyt%W7x_r_MaEF$>VQA!meTC)V3^>p<D}<{;NlEHte^4jQ
zjbW~ScQBVV*<+?Nk?8$)eK+(AMHiwh19ElQ4RmG~M>w;63CNQuTu7m_@&8cjWE>qF
z%LmJb@Mf4b`MZ?>rk&KUEXctb78)>4mhlePhV_xEk;H3L1<edoBP)$lO!(u0(q0tr
zD_?O0>#rwl1~sX_GIU@0vlH#b`x0Su@5YZMCQPt@0lYaW!=i2YDA@tN(e7VSqoN=>
z64m7=G2$|e-46RW5q^L$Jr!x-DPdpNGmq~3PhA3n#sh3lbrAz=WI{NJ7Ez*2sX!#H
zZ#Zl=vb?{kWIMU=fRoTHHW3i{WiDNH$eawKYN<@(r4ZVBajW@%c7F<MYxNEJcO3c0
zU;~K6x#;?D9X}#MfLJI~w9RPV<33vgQyrEPA|)LJQ=re!km|95xND?(MXH~Lt7f*L
z@`;>2HCtx~&(lFhiu7u)<zNth=1gqIaEik|-!-?c+8lPrv=U%LEC&0`kk_*!{c^=V
z6D)cda)V16ue>;m?jY1WW=g#qKRBdHH6mun81ziFl3Jz0D3jqQCT|=E8$7?wavm7k
ztBsuop#`y5D~M_0PtVlZ+qs@qDoab~I?A%FBpnV~la4b5UJYbhUsH$yA(J_JW*4L|
zwgVJcT<FzN0b>GcrcH!pO-mGF7e-B8&iOei^l({8k8blDfu%aVX6o|wpOc}ce95`M
z$f80UQ$SKrHK88ASjuvrIW{zA?V*w*f@LBK?HbL%D;;x{ML8j3Bdm%wvd8d3v7UAo
zNVXxWfRevO%UjXp1Ke%D=&w1i7dDIpNQIIY3Nt+sVZ_z^J8jd2%MET~k8u4mz)&t~
z_;=61R7O)YoZ&xyaq5wo>Baj(wX>FU7Sqa(;=1N|TO>o<s8u1QA^2pTj*H6bZ)msV
zuyNyJ?~mB`W$plj+rAwKciGDEp*~w%Bdi<+AHt<>FuGlBtX>B{2seiL<&1H*I;}1w
ziBTgWo(~2dsvn85CCZ};WM>KFE40|*2NB4Ahqg*td#>w?@av|GUWexKo)m;iEkHJG
zojf^?y8uUX7FY96l<emo*R8x5Tz=W3YV!p=ilpX`3xfusmxp-?4)l+VQPEFcVFAro
z+Z#-k)bdyo{}wqW46Pzzy%!zm!z+1NFTBjF>wdEyGh$Ehyrbs^s%#5xyK2e5=dbux
zv<|!3`H062hd-X3hHbLM6DBDx(<Z=A-ZGbQmD^I$^>A@tY}L5Wxy}e<Hdw!yEms(M
z_Juh}sf(c#h?=ZRf1D$U{eN#vMfVj<0s%#7N$A6eE)KrKL0PpH>im`Lg}eeJ==pp4
zhTvPiT1!0!Mhn`}BhH}JQb=+OwAaBcoKPZZvcKxOcOu;J?yd+C=y8GoRh5o3-zg58
znf|PEawz#S*~1~`V|Uy7))nk=nW_NqJ(0$Rl?kS@U0kG|KtX|nF$-|1-~D4%XWEOu
z(PGmDcR6Dc&37jU=pq>?HJ0Hnaa2z~!x0nzQO-sLNd%ne6jmJ0p0@!udrxmtOpWlP
zjRLIsuV84o?JM+B{#q#PE15|9nI_|?@=n6!L3vz)Z9*k~o)8xU+N-#0Fj_tlf&?}$
z=s+*fet)a!bS)xxS_Eo!ToN6DTa~h;yjkf(8*$EyAzs>+J<~l)AF1hY=*~4#*K<XQ
zV?5h-S%w$IWBJ8}FdC>P5MNW<FK~udykBJu!F_T*G)eVy-r44+ylu2GdZN}0jm03o
z;v4ss@-yp@M?q5E`-QIlqKL4mZ``yGKI9WP&yw&Cw<i3)n%3u2Nh&Wm$;2fouRFFU
z^vBhLF>0>>ccx6eGOLX*5hdX7sY@lWVG7aIqZ6RH%d?h@F%BS%3j!n9HQ%wnc+z_X
zC&WwF5FUMI@D;?8b^YEA9zUBE>e|Ufn@Nw+GI|()_#Z*xDC7nf-x`CIZesqTq()-+
zuMMA+%O){5<iKLLKiArg>G1G=^fl*Es(eyLkqyL%z-Tg3Jb6MYeh~aPf84RO-0}_6
z*>1i>oY)=BWo_1nF`%^mCAat%<I4$cwTx&b^V(27(ygi?s^%qBSUN%QjJ1ot;vM1V
z%;|iCY*Inf#1XG5g6n|bu45J&mu7TlYY8>HL7o!F5CZ2$wwS`hDP<j+%6I|}SDTHA
z6;Wy<I%r4Zo)7H@USJT>FUo|9T)t<kc{iq19+J~_loiW-$~)BCF1D8vHg>P4i!3*h
zWCxs@^`e0b=8ONJ5J72h`y9_7t*BEdOwz@Q3b7or5n?^l{}w4aF!GPhhQ6U3x02V3
zqeH|i8P6pKfRpYp@fHx@v})JO_Y1H*T9*oBO~M~-rpFM&Z?L^i+t|pd>)okTeNlEy
z5w(x1T9#)3oCuJSd*~R24qyIGH2A#jif`5}M#`agYP9xLd=Wh2QZ9--M}2{8xK=Zz
zmbL>jJ<6=uxZ1wy(A6`Je2G{!bU5p_uzet_d~3$V?4z+TfF5qG9M@OwV<nd;-!3ff
zlpJp$jCP;Ld;=G6n=aqK*a3qS$-KTf);rSXY}q~C9{dA!DG!050plR`n-DOdpCEc7
zKz|;kuO>G}wmMUZ`My(-TS2auWeq964$d{{L_fQ?BZ7ooQ}(WGjT)o&c8BJE))yT`
zltqQ~7)bJ#d(hn+QAr-EisuvVm(e3%M~t!`PiM1(%K;)4zV#+k#)ECJ|Gdb-+X$uK
z6%xmzUQD$TA0KCUSR-C(?7|3%38`t?1li09pYb9K3*de}@&V!~!qklK+!s4V3}3PD
zNn`f0gC_6@pt`#XWahU&7^P8PxgfCCQeXR^u{P6_kt}v_)smu8h=nzH{vxoWnT3vT
zuo$*e3BJ~U1Iic&ug+^%D)#jHRrMdW-3S>rO@ojl$y<_2;ekzjH?bt7wab2;lh$Uf
z!+fh=1NI7RFGFF9@-lAiS1g(eZ1~7;&m#PCo#<0?nQZyU^Q(kT&EH-XRw8r}>7c$^
zLao*SwviFwVY9h|t!%esGL*QaylRV3buI20r^(@9P7>?-t`gU3M>6IoyPD=LSA2^U
z#-3s2{C+y91U_*w9qg8ZFr_Oj@?#(ekY4u$cvAAte#4{w$WN8!I+z<8dhO#P>QB)7
zkI@FaI*1exoNLB=4HeV&tD3{XY|-c%t2}IW@Xj`&h@7;l>i+TlQApZgl5w3<{2OW&
z$(hT@rs=vlLa;O1+u4k11+dD}X5yvAF(-xJL#RH#QPAfgCi5@8V1VE4al(x^28YcI
zTsYbOiyEbuznq>bp?RnJ%bpf63|q?LcZ`gqMp1!IA*F-k00^>6<3|vw6l1@jGN5_{
zSzEzOL~yyk{dy{15ip^%A?3D(h)b?juMJl7B~wRnvepCQE*E9;dr*1r$-*ClTFKTX
zzp<CM5^J0E@ZL^#9!`e1lmBqwsREOTZWg+%#B#-Q{QWRmz3Oj)fc2&g<)#ZUfO05W
zqihJq!bf1|P`bHI(BSks&-f(>IE}eY^bo(}*DlR0bK!Xj_*>IeoT7CBomUFo{lRok
zt;m~Yl$*j%KsgN6^YE5?!Oa|0hZaC%?w@FHW1EY#k_nHO{eH`_H+n^C_nvaUMXH1x
zs}l!Ep)JTx6Ob=C<{m%MleQRCNEziV08v1$zZ@NBrNK-z;`-(=Leze9_jn73{JG7-
zS-Rkjl>u03HSEx<k(O3?6b*3ZsIbt^^arDd#Yv&Vn?*tY>8v&i`KI8TH+=W>v;p_x
z*f|zYkYR-3WSW{+4uRK%(7SDi;XAiwa2QVUe{M#8XNK}d7%|sW6r5^)EAx$pp#XI-
zJLap-@R`4VsmxE7+~m^iF^Pz2P9FxMA_{oDGR7$XLb8ihd%wjye5Lo2mQ~_fkZcR=
z0kMJJ`O)F%>inaN8I09?C2}ElyPkH}deg-jM_boqbf9n-6ylAfrp4=)(N2=ULKx)D
zIMcP-Mq3}lSR|9j98PWn+-O+*yf6MEn*^#>tsJsyv24R4qXs{Dq&h*IK&OytXnhkN
zC;<7D&)>idARIz1gP+-Ep_*P6_ffgq9373Sry<^&Y1)nOZk@zK6d6n{zRmRdt-QE;
z&rx|pfh~~Xp!PYn=pJoiF+J^bZx&|^@hsjC>pfYWsnZvRN?NXOrvax3NFbshkIpWn
zGAqJ5vk|f?m!$yJDZHEyud8|`l$N0m$a%&DFTO+pt+_<HeVhsOzXWk@`K6rq8g>EE
zvmb8Xd8(Qt4k{aw6-7kLXS6g8X3-xuNpDM6T0ua>A(G)gffutO?aS%aD%;P|na#d;
zr_JeD2LG+p4*Y90ZwOCP)CQakB$E(ck~uH}ipbVZrc_l?&yY;ULMgUJ13A8w6p~oE
z$KU;v+jJw%Mx+f_&x|j?GmKP+wHM=}U_ZM00H-~@#_Q&T$#NhwONr}qyG8{xJ4-u1
zM(#)k`-MY%8I-pEbP4~t9W!%`rb2}47m-D+)|eSKZ|v#{nDLucs|vH^3>m%F8gRUL
zhn$bC0l*&HaLai)ViHlSy7g~&ISH*1hr|+*yS;jQs`)_V*qz36V1U{0cnHk;?AYm<
zqZmd^I;u%Hm97~=8#8jw-64GUF?E|4xlzS#pB!uc429khCK<r%Ipu7V1kJF3Iz>y<
zy91hjA9@kpOMJV_M*-BwS~UscKT6$&QHHbzSrDo}kjfbmUW@p7`a<UhuaZ*d-(=|N
zR7`%C|BwXtSp+&5+9Jo{75X?H6;PG`u1e-_#hO`zeO+omXPPka2nln0<Z&>Sb&9v`
zRU7(puTcb4nJrKnTrLDKo^s|8deQc!j0dYcw_hy#*KOInsGLA-utg0l!H@yABR<R6
zZw!!$ZI0<4BcX0zYf{P{(?Ayt1CEY9uU(F+st+v@xy;|2II-1BJjTA_Q?N7y;H|DO
zxt*C*7idLp$l5cM)3-7F(__{2eP9o-q{OHMmlB=>PZ>(A(59TirH@t4&P41oTV@;W
zWaxmhWr4CJyKO*WZxy2^Q;+fM1-(b_MUO~)h*LM7WStK<CT9}ZUx`G^#67tSuNoc>
zumV9){PfPtC2ht=kFhNX|Hgs-j}L#1b*>N&7#seu&t!*LYcD`zzpWzwGw?`F#QMA|
ziR}KXdn>rqZ{o5(WXGUg%+g_^KmDj%H!W0Y5g}={kt*&PF9POsKynjwKr^H4Be#e9
zvl<_~EbzlNxRxVMXj&>zgk@+Hr-*L|G5hI7c2QdCZIH%iNb@9aR(q6`VC<r1gC=cP
zh`h|(+Ea1rMWoMqB7Isj{PNF3bvu8aLONuWUWD)K`PI0tQ_roS4|dm~;#wq^S4z&l
z`?fr+!gE#)E{)|Mf0vrQ47C`bpDW44bhJQ`TZE^EJ)NMW$aA(4ly%g}!|4D5vFm(A
zNS@<?I_)!W8{7!q<nZmnMWM~R9=Z>4DIh)9+692rz)<fIy~O1hk6r&i8P#y{C8?$L
z88)jDvH3)&EAMZ4%;Fg{ORdow?ieb9xg<wwd!EPEEu$d}6gIBaZp+mzZ}5lkEIkNh
z-m=cNGbYDZF7|;>=XsOSs<E-|M^o{1*mL4a>G9xnzA5@XO5L=XE^j(DQphTfk`@sJ
zZ{2Uc8gnkW@&-6aoQJH>Z`zxV4B0dpyG|6?)v!g~k!<0-m@@-tvO+NCVGB<{N;5~|
z%2AF%QRf3w#2AP!vbR@FbL;X(;c-kv3S9Sl9U5CisTR!6)s5h{LmIwAO&IEDe4?NU
z<cae6dZ@pV76!N=y~h(FD&H(?29+2t)=O}m22>#J<<+WdQ>-CnGtc+3ho=8wL{G8N
zXllmREH?7zNCx08CCm#OrBz%{qwh{te?I6A)DpI9b&aGYd9+pj*!-$@P_sK1Se$ub
zz1&<^rPeVBP7A6%wIQgjnI&o1c5pN?C~vqxv*3ciqRz96g^@-}{e-chpp*8royb?m
zRjnnZ(#hJ$W^`eVG-bsXtQ|N0<E$(VD!XlyH+Z2>s&UE-{|W)MJnIWT>Y!G(N}{aK
zlDA1*!(>=Y*=vWnGkz%&7%;nLyrwqPk|{qiQbQhONAs(D!l)hG1&)Y(bHf>T(h8e5
z;IdoSN{RisfZ_ujbh@|WB%el(;)nrm7^ooE_#gqZXXIr>+SdDPyrD9PJzW9C1%qq}
zd8K_IKF%}RkbJ%|CQgHrEiW235#~zMipW6QLdLeNmyUL0A>x}sVpJE54^B3}pOAlc
z7Mi%?6(%O`66u1RDvHH^t$Z|+5iIsP6(AhRrcrd<!d<6;98sr9Graw_m6=x+&AUgu
z1<5fCH;06mJ#@+4#FSq;l47<l<kb3$KF%shazyc}-;%CYH8>Ro3o)7-)90o;uY-pd
zV^x1H3-&5psmPnUJk^^#_yY_PLBGZ08NJ*;0b{z&t5%w(Rcf8Rao619P?fQZdL#{O
z5eJK{w6ewBj1*4VF~7#_rZEz7qLigIB@f!!Kh7;x`d#K}i}RULmKQ1V_;wPQST+Uo
zIAxgC(iwV4ak$TynPz7BfT$n4rJ@Ov+TE$O6hs)#ruJ)@`95A#7_34972cn}F*$uE
zns=jWA?2HPRLk=Jd3i;b%>W1iG(f;p4YW4X?0&n1cAfZ-q?igXxnoe%=025Rsx8fP
zb<CIH`Zx?F<kc3F0Z%VZK8;tEWKm&6F8=G)hgThB-wQ(mqcp7zkevYD94jB@<`-c^
z4>9}D*Xh<E4H&Hf>L2!Kbz@>tbNokU3}#BQ!GVu7p{SZEDc6yk7jaiTqg#f+W~&*y
zr?M*Beo?spT)Z~0OAz(aYyZy?-*_ZOWwk*4zE$;jg@&0xH#zId$|xjjZ{d&hwwCf1
zo)uDmnnxCPkvc?K%CphmK~OKHP2w#fIHeYN&ly;{7v4xSA(8I%=QXV(@zO{L_AuOH
zMMTh*l^@-hOgLVTv2B{@z}ZWylq`(IHGCH=wGmWtWe;0Db@&XJg=KcKeCv~vHxLwj
ze33vUyu1HLI$1Ms;ZEO;yT>6~&jvVuJ@F>Lq}rGJSUdLd3nhQtJFpQhI3oA2m2iyG
zc7)V@MvJX=dra+HaP$~PF0f08v>_3V^Y)MP@jz~GtH2`AO^_G&xOqm?N99&I9n#Rr
z0ar0);eY6Vt|&mq=U&np6lsbJB#9@>?O-aYUPb#_<Ym!N)u(#I!&+ks=*5U4-%mp4
z4%%xRzyBidBMUS>dV*6Z-32`-XFK3q{*w-t+Jj~t3BFYvvD$G;xMIj33IW#f60;v<
zpV|bW>X$-X_;kO!IS!gIdLtL$8yJa#D4h89rwp?}PPlk<mMIY98cO-aXP$zz-jORB
zI^Y`8e^vESB{8AFbTk4Jj*F$K8?Gw`a$k;;e$E7=hl-GYde%e}?+<Z(HH9m0)}EMw
zyY??zrw#TvNdf|I<TJ7G)VR|=9BS}vbzoT04_k)V1h=5LJ>l|Z_?x0XE+W0+=zbtD
zPXmLPNep}L=@W<ig~;m6B&*Gu8-PUsbA)=b8m?bkFq~Mg$n#)u04+=!lYxj?zLhzh
zII3V|?AKR)Hp7|wB_z<6Odb>)j3CG)9N%Cj_pj$~L$b>I8J#bMl)02N$uuNGqKTIb
zQpMESHVrW352q^Uc#f0~C-Ag4Jxzp>96`jZYZK!Sd2TITRn^iE;DEme^a4I^e-OC%
zdAKaJh!r%m7M<-h!|ZE!ys0PU9W7?;igY4CX0OngzTnRoCEm^ZMsO+i2KJkC;j*jj
zaYGGi?$M2Mz~j@d%%8+TP%8;VL$s=U7v6p~P2;678@{S5n)^Lg?K1CGC6{9!XmzAI
z4+#8hnl;0l&QXIn#+bm1ONY4Md(0%)+ofx*p%u6w05}PM9X)v{T`Yl{Uby+%IrM>R
zNT`l!lxCp=a)@a#(jhtxbi>`y8QEB_pdJKk!Um&b_!5|5z(-iDkZa>^H{!f5uRiL0
zoK-5KNn4dk+*wmg&hX7m3%ckpKv-51dNFQLfY-8Rn{}~4L4+AEB*1`s^#CNBz;EK0
z^2MQRunYLGIa;&OyrcI25&^E^=UAXWf`BGr_l*&;_I45Z#8<DF3Vf3fWA-y#f7|2v
zwq5>${N93Ap!ZD=3(REx&oHRPvk<<%*6XU#8LDMwCD<->(Hv<)#xxcft-OIzrvm*%
z^fhP-KMjh=Y{+X9W^V^x4UVAb&WLQGiE&MDHKmt)^`TR4ATbJX*5}ke>-4*O)d6{P
z%Tm&}t0VpyBe4&c&ka<|&~%{k23SH?UadO(les{zYbXlUE%xlziMw6KQixC$f7p9V
zS0qBX$}``Rt%F(1e^yVmqF@vWvrVT`62)k%DVk50K&xJ$x^P6P+r#4m^Bgab>0=8B
z=u_8lRmpOM51hTQ8|_u>j&OyNmtjbrMwhlb6JhmjLvMdm>nbb5lgG6e!N&_Ns5J5J
z`?tY_VPpni2~YSpIO00$v(4hNZw4;lv}@0<A_H5|JXs!H>f`-*cUjk?eMTr}H_)GI
z`%zan8^3Cj0<s<)o(GbjJ2wGF#2bnF-IYeefbz~_w~F!$?_N;bgZn9`<sW-Z6*izO
z{^2GQ`5w&aRL)&~oxx&4&t64)n%s>d{O6)am6T=Rl!z%Dy_`fW8QMkYmq`bkaQ=Kl
zevl1x<wud4by-e?TMOgZMr=+VS1Q6-9E?VhK9Osd(~`JrH^}<nLo5qqPB<<5{TrQ6
z??+KzJ6w1lS69Z%V$krjbjFt@lNm(#hXuw!s-T0*-}q5=v@KjK$v07wXvkaLyO(Ub
z9#uTQ$bsFrX?TN|29De^Cl3gaq3tISLDpJnA>|Q(y;WK0T!WkA3|R36okI;S4IGy-
zU841ohUc0i!2WvB$ycY7?Ax;%LFRuY9QwWysP548LOBP-gug()8*>}UA2x2?wYStS
z=y=FlOBO-`4qr?qARNHxAqeNzZ+gj0WCJ=mIqwg^2}aW!$yt<7ZfQPkCq~5Y-8Q5j
zpn=*uh{oN8-^?XZ{nA|RR1%4z+}^ZIne|)>ysSN9kyynE;YOu{K*{w%98_~Edo-kD
z!AK4gx&|Gxkxx?$%?7v<l(h#lb|~<w>>1mn`RgF@kz9k<<W76`EL?H=z$q*>Q&UcZ
zjr0MF6HGb2xM_F?esg5v4Y)}1tnr@oXWs^dai@CU&j3=AYcS8*hi5ReVhi9acute?
zuZxablSn<JRgtg)3D}Swb^j?+nv=^0yF&e^VonkEN4kmQ&B;se_J_RoZRu#J5|mvp
z3BXTmPae}hv$9`Wnk04NH%V3mEwqds!WU!<WW<*zElw1qhrtLhrD<Aul`3<=@_RZv
z89yN}e`OsY=F-`DcvB7h{Rksw=s6E~G*n>ic>ak)9Iyowy#6wluKDc?MDB*dZZ_Pb
z(%VUtOlrq*18kA1hrr2>c@oW45+VG(Fq?(`FXgftl79TO)6J-`p#SICX1rT69WtPX
z%zU5+m))7)9l(k7b{imRhb!@38n+<}+5JFNH-ak)XSo1gS!siIPtaLqf{yZ+R;o|G
zK3epeDaQG8oI6_r#?FC!WpYSai2t|1b~W%#QOa~`WnFw{T}Pamuw1ZXrK`zbbl2Y^
z7B5Q&R}I~b&3b@~RF*b)#8g$1>IC;$p-t~>^M0DY(|knLjVU;m>2dVbchXx}9PlUv
zPGaAtM+i=hSGDVdq(kb(z(kjJks^vkkP6S9V7+2OMhz4#CbSXYh}%(W$qv{7&OzVW
zL|F+v!|PmxH%cVp$Fog?;6U@n_2AH7Unvt2xW$K;S~HXDZ~p_YL6@B9^&c$hK`b!d
z)h$Oi>Z3mruPi0mIg^KZuL!s*^{|W5kovmsf}k0^%bX5L#FkHlkh~bzw^F{1V~*4I
zYhDEw;9IYZ75R2fr{hCTa%+c#_BnXAggp`n!`u@WnoDq>^I(#mA;TwUx$nCj34#yj
zK>cYuMJi5(!1MruFV&4<$5SQv)i34JM2Ko5zb`cIaM^d9=yaG)zQpy_W=C%z|3m_(
ztTp5$U-k&_OcbDQ?cfJLBeZ1j`qLSA&j_>>J?Y}&$~FjEtD|ca3IHRC`Q-)DqxLIO
z>7{fR;guPcQ1FDmrzsA0$lYP0#$V9qqc06RaeH3&@fRSMbH4KFYQ!SBF{Q~CwxH0E
z`VXc~?TgpyCwW3(Ydc}rbe%AS_xt9gE^iR?bo&RB?sy6RKQg@IU{KJ;TONqs2*rPs
z1f~3&f>qTlyEkh=6IN&w$`+TvVe90Y8w*g@Jb=XM)6+%g+wuoNpRbE3(a95BDe_E-
z{$GH#V~&)O6>9<cCP?DqI$k5fT?gYn8~~-Ope-^daHWKGETPpUx6HUpgMH_mVQz1Z
z?GP!e+UUki>_B`*1XHQqn(F{;Pjlzj?*Y4v@#|Rh1;P{Af3B%uFf~%PDB;LRxblD?
zv(s-E%BHp0)M3HvTxHF1mL9F6Z@DT2I%MJ77$`qm)-ek=P%GLiihBQ44XH_GGY9}X
z&L^v6qwPSxB3^x21=6m8D*Mw#Kb$XV_83n~6SI`%cC&SFbUs4u*xb}b^-SWn%g>8c
z!2r@*9N2&&zVj+{kSC-Z!6z3VTf@O6iq~h3zh?B|dD{b}iP1#Rp;Xl@0q<AM;KX<#
zem}@z7yT2rltC*K#RcGXUFwv*7^u>;IjK;;w?3rcG+*!-G-t?H*HojdUVfigLW`#M
zukB6n&@ze`M=&OV!uegXyZc)8lu_E1W-SCU_$VfqSr|!Sr+(hcVm2Y_5p?1T+8k|o
za{CAUrLUryCGDm)v#<XiJkY+Z#%>6f0x+#pUZG`eMJL#B)Dbp-#{-0)FHzF<;o(6#
zFSAA@doFrBH2V!hVEh=9F!~lZI||vuil)xU#zd{?q_o&7wjtxsDEPYAU>O6yx>wS7
zfIt!qcU<faYv11tdtuJrgTsH6spT2NsRJVp(^5j+O$D?kI6?cI*71w{dDn-nj6N@K
zz~w7#)LPj+waVt$=xcUUy|~R1iPy+xVpB1Gb}%+5)9{Het9QARcOUM218gh%0JV&j
z&emfto3yq2?``Z7y})Hqimkb5DXSTI?)dWxMw`hk2kijC$EpI#PAVBL_gpo;)bz}~
zfyf&g-$?r2eThbia^$j%UIR}usS$KDc$$Wf<J6@TC+KtMuJJq8!N%A;d;x$Gqz*vB
z<#1;3D+-M#;n)O~8`t$Z{1t7n-TQA<10h{&55aFv7SWTt`s<fCtP4H?dR|5vZW|~O
z@Um99Ls+eJ$6J-UfY4@=oS_)JS!=FVq>DOW%P5*k2NjB`m;$o$Wwkh>G|VxmON_PH
zir!+2F`D@TP1RV9TsnueCkd{vGU)caVA^(edkBhdw1T^7TRTMrHB$O;(&5Vj1cm&O
z<0L-H`llsUw#<{^F2s@t7@o>}+yddKCBkyWreP{#hx#zlDSl&u0kq2)w0aG)Ax@Uc
ztNQ0~3?Wb=mHG=94@jRzIkc_xkqAF{Rm0fAEe_&u?IgC_>!8#CXJ1#KRFOEr#!b$2
z{%6MDQOocO@!4n_<jWPq5wPUH-O=hj6qp^3|0VvQY<zd~W9Z8Tq&rVJujrvo5BoI1
zqBt3<JppKy*4KM$=Ehx)0(K_W@20J;;^3T<m0VPooyzA&rd<OtW(`D9!<)oxUDZ}J
z&=q+Bf3DoT(j@=fzEEmp7`qKr;~nX2oYIkj5f0B=H@qawja6S!>_1{?{7b;`Pscf=
z|5HmQElXRkO*F`#KIR``vg<G-2~uh)4&7}ncSRJRV(b~Qi|rFcdN?HE#>CrG+w0qk
zoV(=#P`b{oP-2mOc}sIwTSco}ziDBCd~1J$M<oH$lcCV+Vo(51*GZGw&DN7rNoKSf
zJcy51^^}9C4We-t1wazwRZ${W)@QJoM_W?;`fB5TqkM`)0Ss0=T*U+s|2WX@o1u_1
z3Edv_ci`oDm11GXE|I=nd(<I4`k#Zt)6PgWbOnRKvmOff59T{1j6AMi$~DD-nf_C3
zy5%IuhNW_%7PXnK5gsh6BQLWX>Z)Q}j!F{l9~Twmy5IM&*Iq`@8DsPGv;kTckAvtr
z>9JyE7SgZb8~62gA9a81;POujZ7zQ`OLFPV96M-ed*IHf{|_I^!JB8QjZ@g=lAzw3
z3RiEgR?vgr4<^H!;!mS_QfwS$VwqKf{zCR_zr~YL2#R+JcL02#*Z6xmCVH0Qt24&l
zQH}XA19>a2B^O8u7%V7^7DR?%!A3#Q>%YdM-JfbA5{8|ObYFGKhm!U(sSaK_1e?2|
z<SlQO+z?v!HV&(ei3`Wi2*7v=+})IeR@gGJQk+F}(9^Z8Mr&#`8?7^}W<z*rY^S14
zGbbT+c79&(xhivAhs@)rzc!#*Zu)A^#kt+*M)XF-Hlg350`ev2#s1;1BVTbQz(sHC
zqMS+*#F9jNn?c*xA^(2Q$9>C#qf^vEJdjJqy)qu=QOY+7uX4>ykx;Bg_q=ffynlEf
zO)ya7^k$vFQauoEci{)HudsD@FhD`mETIWhRl=n0NIxcH3L6KaBT{2(H;{G|x5xj4
zvgR78Ae_FzRl<%+P-%vP?eozlj~g&aaLtJ)b9md$E%EEIJ3H?Drn(a~2zHIvlbr*T
zrtrze!u9f*IU3?K56yw;q#r+JGuHLW<f@7aO$sIpVHR$yeWj<e<M2n;Y8Xr1xBmHX
zo5SEE?Z%nyZA6>UQhi-&Y@{x22*PgoFGw#!5c~^G-O}0e_ax8A5N`9O&7vSYO(Y}2
zhn#9((9As9F`|p!j6ma5KC?u)Vb57aAD%@`@Vu@;u2R8QVkXJEp37LwC9<J>z}dEw
z&bn0}I0L0uf#QMv{K6$+ekU6)=@*dD5Ns(TSP5LDs0f93)tT_P^Blim3A6j=lwJ(E
zcD;cvLKZH&)t6?eLbzG!mS1^Hz$c!l$VVksgfpqRM5AjuXoA0q1{i&+ZlZ!OpuOWM
zMMLo?4bRuCr8bKByYaQ7ls{zW?0v6e6k260R^+p+rQ7#6Hu8F8Qghj@ArT$1#q?RT
zILlg4K|(d{C3EBg&V9?}3nueDMF36OO*JBeV0IFn0GZ|_a1$O$Mu$BOXPbnSLiXlS
z7j-{~*>u~i#f$t3JG(O(h$m$pmKD3ZG^{m&ARUQ&8mQ6G#Ih&+9yM70FDh*5Dgc`r
z_V_X~9{9wD)}7yXFs}fqf0Oceb63-RT>4*x!*C`6St}*4QgykJ1fU^X>!Jnk6#2LB
zHS_7p<Y%CwB7GSIR)*E|s$l9&j7*VzY2QIw*g4AKZ3pB~_lDo;J$Fi^HJriND*{~C
zN$sDp8IG+w<pdN!noKV}@77d4kIF<ziI?`3$yl$Y^y@wmcXLVp_yly0N(K|hVeVG^
z3!tY-MD@CZCnXijr9>)Nl<%NpQp7_fM;Sj3JP#O#n6o`RzI*M^R2E_j$^OumrJx8H
z4h~eg`648ySXMdTS8p2v!(WZ%APpTEj(226$EY_H43{WIJl`NLOebOB=^FD{a_dWZ
z8zZY}etWG;>{=?<HOu1yXX28YBSl8v6}UR`5#U`55Qp{`l>0J82Z$Juq>!psXlEJk
zo$BSj*AR1aeX{oUpU}7Yidj_IG=2ZjiRMnj0?5^C0gW)MWhy&u^-a<d2CbmwFKwGE
zUjIY!g6s5VVbNb@sxKz**nFvvsCfq)X(TJN&%H(dxcH`{E9W(#RAFFP(^Na*E24&i
z5|j#joAR`=t0?1*C24Ae8l~G0<fa?imMr;Ghbuq}^C#R!ec_P#9UUyb=SDdzzlVVO
zr)!9HE8XK4{n?CryT;qj=Zy*Sk0K96^CdU`B0Ti4G6AUQ5N;Gas!<P-9%WR|AitUi
zon=-9i%*v<>+>w0Hr$Ub^1`7~nF{OOwB<2mN)DSbnKQOvNxavOM%wN3?I{_8T=n#l
zXM5{r@)x2zA49p&>xmIuuFN`9_r&!r9gY9+{IB~X&HzyVkRw0z&U2?EDo;fz45{`v
z_L~bGbstqf|Euej=;(ZXij=g7RoIk*U&EhbNL`WO1iyMf9k^P`+&{@`!a%PHSBU5O
z0ySBu@4CiUEHOyWUZp28xP8z9az<F|v=*@S_#my%Z^>ojZr-{jbmn7WwS2@HL6FKt
z`pdWLkU4KS&fFz{AD4I<TqSZcu>i%dO)f2fB&B8q+R8EM+|Hcxr@ff|C0aPs%<h9a
z@uNE_kl&tKJ&;<D^x-QJtrUnuVD@9K8LgPn;5Od3BS0z1v;kybpLX>&xHoSkfg^Z5
zZPN2&msR`dk^E<z18ImLh5y*~B>3Lv_?N%f1Z^&kg#sH|Cd5SN>Y=a@FG2s!s-PJa
zO<<f9YSwIuw0y*Wv!_5JPVPYDLbf*gB@KC=3Nig&R%IN~Li#(Mv`BWK#xK|I8|4gq
zIG-8%i2|;SXD(eu&io`j@t)l^Ab|7qIwF4#z!%i$(2$F<_rR1DIv<Q$E_(0oVP6&`
z?ZDM^_9(Y~27d-Ecd;1VeRt`aD#6}sH*_}Ss56;Q>3=!J+Pk!&+ch?|hN(k;EPU94
z?;WfGF{mKMAF=iCjM!-gp+RS-<X%(CIXs)5VGZb_ZOf*@H@n1!pohy2vzT|zXy`<%
z{U`)C&q`>iR_s&9AT3c>vGT8+-t-HeE$1H|{%0{F8m_zQloE2+y<-H03o>SWvN7b$
zl}}gtoFxf{6k<$_f6pwG3>3(7cNawE=AH)YwO7QkDeqCrHlvX2D+|nkGs89S!I#g_
zxeZYyPnIyoFlDx_mF(IXS8N}2fHy%-zc9-zL~!LY@ez2H>oTutCSnt1oD5&)lS?t-
z3qg{%-htP*Y=E4qc`eJJ@S5`g8&kku>Wbw^D9VW^BeX{Q^oSk9N8dK75i`ty0lm?p
z``FSt70`gNf}kTSj4E?&3%m@}iRH<$DnGkkqF}PyHMMX@2>)nv9+^wV4^YI$!8+K~
z;9-Nd^^2HYrgBzCNni(tegXeXehzGyD(~v8Q?oCMcCFK4g>kpt39RXuv!=<F6uMt}
z882$Q-XW6Rc(7a1T%<85Acc59<N)2f+pu~9k3R?eM+1Exlm2k-<k@1%M~Kedj<|aC
z2!X|P;VijNGNc2s&7`?RX<)GOmPuJt?0>znIkL<=7DqAGWi~FS?+3H!6IRdg_SWr&
zH8QJo$hY8&tT(dS;5h5t+&J)-lg_hS<Mg5A47_-1#Gc3L|A{Qz{>bBpkYO33q>`1V
zgy|ipj)1Z_3?HMFs@jF<Gm-7we5RRaf%KoQs`h>drqH<2r(mvEYUW0;Tx_1e3WJ3u
zZK&MBZgg4w0(M$yx4(JnN@nK&N?rac9TGEd>XNA+e!z)np;KHtmN<IRhe#t(zY1~3
zbTJ5l2Qz!1HMU<(nszi6A@CplWk|~geTH3}#kZZ7Z47_~mgle0WIMf&tVx9R8}CK_
zh#zXD9D+oo6D7NiCi`h`X)EoAm!C#zWcmygpvX(h{WcDU+KZ*7*Lw#hqee4~RB|uC
z8=?wkI=0?d0fDY9`7%owhC*CKB5spGecvqBf6VF=F_T}rZ>94SoNX;eXH0X%85~Z3
zW2o{r(*b@Ku8K<ck)^(hAWR=5(tx=RTvx2F)EgsSN&Cykh)KqP7FBp2hN-TU-I!tK
zSTQk)X=gK+bHJg*sVaceB@G^Iopkl}_oWGm8T9Azhfwc8#m|O&ZV7mf;GYUst*?68
zJgN>HdMC)uII}>7U(5QyqP(EGfoVm!dvULJ^b}ilwHFj`Mmh63tGEc9^SJQipf00(
z%>6h-gx@_fI|}~<c^(HiDO3}1v0oTwDoMV|tBa^j?5UNg<_01H50ds~6{qmN7$OfI
zsb~W7<^JxODip+I#ltxo59Ebwq}LnVoZNWQ=^lqm%MK=BD#+g02ND0y9r;LF!lz4g
z$KF}`A&Mctv-dMgx5P3Fc{X6ZzX!^0c!U&GRG-d&UR4=`;hB9lah`Zc_6z_181JLr
zSHmFjR1uNYSX6w!EF$dPMTlne!u_YK$nHsxWi&-L)e>5{&t4jP`3otGy+K@Dp;h3N
zdjGYaEHD=r*N}g!5-oRnD>labxu|Bd@rI(0S+QCUrev1{V~h@J*YE!j`9%b1cCbqE
z5}|VuE%ch2DN;7s^1Z3o!0R_rIQ$npD|JG>t-^8fCCj<5N~dimbK6;uhmFCnsxf3=
zy7CNR3`yk3<pQ*)Nb>_t01kUTQzAGEyjZJ2{s8;_r1hR+g=Dj*zbSCZH#!FBZAaN8
z?~>EGE&8-jRym)ea>SyT*rIhfZE<)Ela+e1l@TmZcOk=@9envoE}24?Yql?<c9xXx
zun4olIL|Zy6^gEp1In;0rW#QMqhdf7Rg&n}h1$3YlDuiD&=#1~vh&A|7&z0WAypO~
ztH7hrG@$6#OF5XcyW^$4F2mQ^pwkQIX9zNTL<&0$({7u<9)}@9+>Uc&Hj|KaN>5XL
z)qF@{-;zGwLdjG^@2ATjYZYmX?YEP5NVmq71kw5@AiM*NnCK5&khBmFml2a%%J*}-
zV-dwrtzigP0PD+vKDvIHy2y}6i)eyo;u#`8f%T5wPessscOuiw`wrixuE9}{xt<?{
zV~h;Rv0y9eh}dm_du3hhnrHUI2fcjI3~{Y8E0zLy90{<)0S3^*Atx4(lHJEbv^f)?
zRnP(6la?Dyk2rm}jX?%Zu1%wz%N4N!Bh4y($8Ow6rD#nOcYv6wOBy8dfn4HYaceQ?
zaC4uT0frmx{vv2Bc2$+4j%?&m5jb*!9PWuO{&pZ(yKLDD{<zCppH(=*c20jNP{8`=
z=>(c92uDX+dN3v_V|q$Ty~V1!DMq6P=mBD?j@a!W$RzpcNoev;#|>fs>ZhZb28C)X
zAVzzrQD&>|4iyHUkzqyj;N$?r<312z#H-yTQ*6F=h&2BW=ojkGC1D$_SJ|d6T-qw%
zx)S+bHNtHu&|KKvIQ!@h{pzCwwkDNaI@Y_rRzV0QAG*aobL|8`n#KY&FuAHyaM4Ad
zCk1s3YV=2XvA6hjs6Mr_Rf8y)LRziG_|hNOgpw-zv5o->QvF*VS)LKCx0k^OU5Ot9
zt7}QL`}ndR)%R3HMxs=>Y4C@PRxiaL_8=qOoe-TJK(V5hqE`53t^PRs2u~%-gqVRJ
zMPBO4fmq5BT=aC*tTd=#M;blxT6K1;1muhsi6U82UdkcR7%~h;cDINv|Ne92Bbq(6
z+|FY~!~y*trDGtUPY0Xvwmovy>TtKPq3tPgP{8=+4=|l9W^{j-o=V88)~Jx5!zo!6
zLjPSTu+)@*cm<m7{_(kXxcq!5OkTx={~K6F#xz@91farg`bj0lIbGjj9xHJ#uNAvI
z^8TvjY<ytd>Ysal4*U<y-P|CsMNM*uXWT&&JjOf`H_)=x{LZyp#jLTw$98_Iuc?(g
z{m(oc=0b?ZrUC=7YYGb9Kma8>(YKu1#8oZ0CDgdO4ldN16px$5RTycvPGUYg>X9&X
zw;jgDtL#YUEvALxed~Z-8NkR@{#|yAu*t+pu`xswd_ZG=wdl-mUD9ztrPckt3h9;N
z+u~F3mL3Fq*w?4!E!-qQe(=DQ>$YBrM#R&^lVZOW9lw1~1nCg=aEZ-hz6VVf0(%+4
zf%u`yVLBU~Kf7dNkR9)a-XkhjQddK@l_o9EnG>e?86*vcMQE=Q#>+>m1%_z0?~I7}
z+6eZ-Za?f^Uit)-H=U|W9{V~i1W?<L2S{}H?ut8y{QfG&5^|zgc^i*n4XDEpig9%Q
z#KK7FtNptaV~Qb2$6yl1X;p^iR+FKKMJz84DVjFVhU0Nt#|y=H8_Bj!f}(mk%b&X3
zu1ISSET<xpMwMGV$SF4!iSA9Bo74gTddb|(zbK(E4_~X7W@y=JQx~pKcAs)_wu%_o
zL>9!p({Il=VC!cUDtB8s3gdDcY9TNo(#`GIX=)09ru(FG!x={P5(COA*e6xaf=Q+U
zDg>fSt|bOesDuZ)D%^&t4}`*j*T;Aoazg7^$=7O*PAsw4CSdw4a_nD3_Q0OkbT1PP
z!AofM=|(jhJ~V$^(uMu?s@uwmpkow|5b(5T0C17%4+dl?kSM2+)-oGl5fDME;kvo}
zXf@HnegKKDXVRM)=mR|;^LY?cIs+W>_>!nBy4tdY#{B)d+Aarn)d@9a_i0b;XnvHw
zyyJF2ZFLCi#hNS)e=gaxIL7Q5<pQVMK<kp@vDdZ|6-kR5E;1h!L8D!G(XrIP3YJb?
z!9CwB*D=x1I8cM2HJOZ~{3L#ad}5*f#I;6pN5MaQpf{t~H{npJCmvbE-({}`%RlY1
zY8|yNp`Gpiaa~(j=Ki5cm?7J9b-9@g2M*j{n)J3n^-PNO;&tT2Z5@)6=q_w51=zc2
z<6Q`}xI-&|HoV0Q<SvKe03*VWw$VoNhLKVu;<+_Sko%AGpxP}bb6``%f-A7>_Ub%A
z)2l}cWOsn^$!tZvWHWqLs{~DB*b_?FkWJ7Z5Dt&}pIvIPf#;TdNF1Gp;hbqP&N14`
zYa_Cdh00;BblQ^+jG91I+Wc7mTZoI6mxFi*0i^Ow2e9%ta<PnDS$L;Ud^;Z%iH+s_
zx~V;?oOA(9)P~EE0)Z%4sSMs#u;j{~IVQ7hEliRUyJ~NzXAH5y=&W7e%rI^LT8o{P
z$s$cdKSQ@qipCeBn_nd7JRagK>G%B3Dyno6ZMQGwqKix`e^rED`hQp%Cq!cQzL!}K
z-S(wyFK>KMSW1;Wz}&^+SMF`q{iCt#tX_a)j2WD`Sw^3gmf+F(WF1fQMaLz~?0%Lw
zw}RKF()IMo25|ZDR7=gJs^}NKI`ha+k#(mbNy<ty@{|MWpi}(aZNl<dCEp^fS`=h~
z3XRF6m-`fkQ`-8!z6-vf5N`!w#Kzxg|ADFy(GUhrJVgOhJ?sN>UKKT_Wt`f)aVLOd
zJAv}MX>gn}R0AKZt!lIfb$2Q0?e@4w`V>3*QB9J<+B)BdT$DPJp}uIv%Jd=|sN_b(
zYttbK3WfQDySiMhV<f`Y=Nj|R9|8gD!1<;n*lBrw{I<#Q_NCT+$+^~A9)-vsq6jpz
zyaUO$shPL(s#7KnzW{Xw36vA`<t&sj;%#;Z5qkJL?Q1mZ$s?~<mSJsU6tv`%9%o6-
zjUw}DJ~>aGTht8XY_<|Fs=3}aKN_TuYp!w4qFarSJGvHl#(b<&+9&#CEUhYQS}q9P
zjt#RCnNrFFg6#f2c!-*2L$$F&>Z{$WQ=Fu-_C_$X7l3(t@qiOFEQ)#+{+;W3i!RYx
z{%Xz+)HwU|Fb6Z|P??i2F^SyAS!IcYk#MJdeG@|h7v=y(;LZEy336&zpM2ya9@4gB
zylCfgqFvf;BX;l9-LNen?4}3sE46uY=<E&ZfWGF{Jn&B0S1746rmo>!GY|6+FKeZ*
zxWX1G?Y^zd{~dJcl^O7%Km-fYNAV2IT$_W8XZZw&))jat?L!hCgGVY08}f<ry!?<l
zToFjz50_~^q>&TgrX8*k7(uu^eEc_99@I3(|GC^4LO1`}D(xzboWCmW9HnlYf!C{-
zw#1Nuv~8~{(9pIC>Q4B6_L2Q&!SqdYlJVW#OqGNon3vAGkFE5tSI48f8d(Lpv^FuV
zVuwY?Yd1U;gwvUD$MTZ6Cp%N-b`pI{AyHE}{ik+gP0Lh!T4qtB&Z~_4n!XOB5h@ZJ
zXcS>kt0wDy<O|g=_e^E$JecnICyI|NwY!Yg4s-*J?WH7Jbb=&_!tuhVG#OFX^V;MN
zZ+mH%r`jV>dS~);qsFt6^JgnoIHdXeqP~-y0GfDE$Ghc5k7M~KB{1jgv_mInCy)sf
zvNzhbR<u^`0pQzE!@Y<H1^r^;=pFb^1{Ui%Pi06ojm)@diL7N03=i=)wHHdIU!Af9
z5zjUGD22!@6Mnz_A{xpa9(5#w9GvD<VQn4OkNwJkCqh__VXCMZbT`^ArFwvSzXm!5
zTX(cD_<Pvq{!;b4Lv<INA;E_3ghyHf1ne#Gc3GI>H+4b5&D(s@&9-%!fDa`73;Jx>
zk=YTt!Avo2GibkFZ;9hG8JN;+OsY4lDS2)Z*iNxEElhV^zqX>SC;k+Txp9yf1OC80
zhEI*wwCIUzg1UV!Lu$!-_3d=sA%V*_PCh>!=cit?+w3=P%Q%QWlJl?qlertX5|N+5
zL)lZvOYE+KMMG;aI(dehk0vckOkGai5I%FS0TZ^(8vA!SMQzI3u%4JiJ+=Y}SB8_v
z&K*Vf?hYmdZl-wH1%9oKQCGx194o*@iAHW7WJHYY^5!w5`#7S)zMGS}WLDUHQdY&1
zqFd-MgXenxbf!|p*DGu?XdXU&TB+Pt+kTcPXfI{OqpDC;>8^J@LQ%EgQgmyWO0oO`
zL;GYN8T9sSUH#f8*LkdaHy);GduBC@Da{_^ymPJcaK%2V!85b}9vS1AKt5Wkyu|9}
zz<y);d5>863XexkzDK`$-w+u~YRgl&&{>hUrdlT-EF4L<(@H9nD8UFdD8?PlNGFBc
zlmdQiniC4kUy$KDZ=L4uOB_z+!D0H4w*hw%Agra+m?<4$v}}$@``KL2^TD?A(pJ_N
z(*C)|V-m|)7WiMirv8ETs3{<JgIA&BqltjOAr9Z$<9^t!a-=cgzPi>PdM7;?Li=JP
z0S}8unMB>gR1fMHT=@-aj}wBMS!MLPcj)(6`^gL|XRv;3l9Q1cnr8kJ6$*UB4zVbl
zYJ}gAFOuoY2WqIa6qug1AkcB(%zN#*NY~tp^^D#8U;XA`F+Ci_9Bh#?k(^m)S0}ra
zX}F}s-n(qH$)A$B>d%11nf}X(j_E$ux(IT_BLWhjAsEv7*_wXdPr|AVG-ZR(D+riG
z3|1ke<Lz-!Hv5-1_c*M17pu6m+t4d9?}$C@q=-BVNz#!Z{>UblO#BJ;x&y?=SOCt4
zqp-65$+r<M<G_P8V_$jeW{7+`D&35^Z^JM~7XYbVYIxNQ$uF-NwttHDIlf3x6sWxM
z>B4QSmmpwrL)yS_Wk)xH#4!dwjJZ&0D3XElZin&uG<%){Mtl(#SKR|dheIf4mg!WW
zOZHl%=B<~D7|V(QMpl4#E7|==|8UaDc8cK81SA00+kaV~>b~49)YVJ|X{Y3)s=;1!
zoAv`MD4t?X1!vPN5?-$FVLC^9FNhErr-yn$_YG0IR0o7m)4_t_l>adXj|b?*v0=TP
zb-qUD1@9}e{~h}00wFpo-HI^Fjd1>uyPl3ZL;X)wKpy|~T}a!F>r43Bpw%`Z(_fR>
zOO0o%zfp=V`wPp4A59*yrsPVXkIs)2N+U7c1mw$@jH2J^21Fa6yK|Bwwe8vcK)72B
zpPnZiA58dxh<B0@1a@4ckaFKSz}No@hCHLxN%=0yDYjp9xWg%X!#Tp#x;_nC_o+yi
zphalgG2t=~xrwjUt|K~h55(?~K7)slBZmbf&aJb<gXM(?d+|_uw{*65*CdbP*I`>e
zruqwKo6yyhqs8|L2fB4e2p(pQh1K^9Qt|f6#7rzqfPg>L(o;z#s{Y%BmKyMV$PP}Z
zs)G5SWmEAd#fc8C#-j|j!TmItjEim4=#(9oE;RrW*$Sanb)zv!&Ewy{#a5>@xH@>h
zxg6;0HdUPL7q5BDxy9?c$`2)ZVyzhWVw~EizA3<#df}rJEz-?kVPQ%LD?<TJNdUi5
zF+B)Wp`ZUovtnT?-jPImN~DWz3chyo{U_`1{|VjiZ20A*9BmW|$}}AAb;9C=OGBe<
z=gu~Vnd#U$u>n(_9l+jv74(*Z-$58JI+y5429Ezz*uiSWYxP_UC_mF*5WBArlk3nf
zbp}v>tbOI-aoCrO`FkmtuB17ZQ+l@C0~^p)MN!QoP%{pWOBw7p;GD^awvrC-R`I4Q
zJZAg2JhAk6E5=E!L!=)cM0wz7G49q@VEs+ZlE2$YhnMXJXzKD64d(P!g(SMvWu_gr
zJ48(cDEvj1XXGEMBJ%kgQKryFYa}UvL89SAdxtK(AS5Dfdnw?+HSBC+6MVaf_Jev*
z^TtIqVv5C6QdR#WC@zvT>11?VV(0F;G7nkKH2M7~@i)w-r$*|DauC9NEl%1`G2OoK
zr)L(i|NKN#y7|UptLHV)!ID^`traq1hl+#ZK+~Nn*7tP?nyyk}4sLB}<?_LU7^E=@
zR}hu-m}B`J$>S)ui~6umx@-=nS7~10aK?A<)e&V9m=WH!R*sDffgqP7Y<)#3RDkqP
zRyfE@IPaY-K~bcN+0ErdNsP1=b2}M`#JTys@R_C?)Z3YAGV<f7880TQ1mt2vk}bM+
zROT*>&$&8i0!%oioRlseUk1=!OujR<oF?m1SzT5D9_YiHx6gRHcEc(e{;>J1GWn#i
zjH>`=Wss&rE+_i4m7ATI34yyvB&tM#*OS{Vvi_bR3XsBvf6XKVZy?x*Sd@WN_$#4q
zEVxC8T$^`)zAoYGdO2O#uM|6|^;0S$If^0)?$~TiuL0-iHaa2}B%7f9tCVZntI(2E
zRT)%0hXd@!&^SIG7ZDAeFUT^(zP6JDYon*kC`lB@HN)vavUw-!?$$mhFJmH_q!?Xb
zHq+v@nhtMasrMj#%eYzIMZIp<Hu0gkUxeT0>_eP*#%6#+D&q?UkRo4@thrHY>HseY
zn^fr@ul9BRbRjm_;@|ladc*+C2q!K^rcW}jA$1~7NVmqZ0rL4ju0_wyB_wZadrP8w
zcCGi(`WOtI3BcdO!p42i%;MU*`<8J_@<jRd)T+9&<a~6Dh$*#d_T9mjld2yRUBMo6
zMLUSuW}S<d+&u6tEe;2Woq`<@#665M2t%m-<AAV{^0tTcy+}3Qi5ftI$gNP!qYIn~
z7FrickG34FQ&dG`xWc@m2b;awK{Do@x&(LC?P6Q%VWX3sx2Dw~5t3X?ywI7K`p~y;
zuD5T;sZ)Z;njczdP#hhaG<A-E63*%!m82kNxz7%w#65Oc29rOHb(V2-8^}Wtuws<2
z%NDUVdk5`QaSQ?DYOEj@`$_C?6)2>;6-48jZg|Q;HLZ_~D<qL>Ts`O=Sta9IV9zd?
zPq`*D<g(~Gsjx0?YsTFqgW!SXk~}S050NIpyA7Jhw^ibLrU-JZ|6`E|XsIfNrf$gJ
zp}#<WuRkQYg`yAS;Js6zH4T7N@qNm-cS39E9?>6pEBUX!4tcX1bqsYsfb))`cSuJ0
zeq6*~+>w1++L81VI*i*`RtYriTROg|7wl3^`TpiTjF}G+IQyyR!!YWkI9n?qQhs%<
z!-4wGB}_H_yX9e~mhE^~Tw4pO05OKa93`M8VxJKbj8TK@9G|RI72&S1;|maqdsIgI
zW+iEBXy?2dj2f&+9qs@~1Xt1FrFuhR8UAe_y)zG3dtTGbt3pK0-q&}~Z8k3{Cb|EJ
z=}rs$%dd$8%UNmT*y7-dui28-EV<y?s2Ydj+lVb8H6wh94Z0!){iy&vp`pOm<Q_WY
zP=YsO7bX!nD_@(>E5XEXEA*v?29gb*uOK+^wyB}M8#*@YS?#{^ZqZ1M?z8@pe>Ob@
zUZad+*1<WY-|OpTByc)?4<3gA0U4xCr@x0}Fi%v~tAFZkT$6;^Lntt0Up6>nkDZsI
z!F<nFlxuv!Zv|ldwO$rv)HTW~_wP}uG|*3CdU<anTJTw-CPn#xj7I6iQw){Sn_so=
z^wWJ6<)Ut3Eu!~KDlEFY=~K=0_VqY1m|P-Fy*_oh4A5gcIg~!SG=l5H)=z=<Ajet*
zfV-9q2?ke`{g2yJ6IKV7TiQar;`~MZQuQeY(G<jfaVih+WM`ZYjaF01oPSA)|J9Kk
zjo!j{Zaf%Rd0`TOjmRVhQ7D5u^A#mnk&LOpah>oU|ADA<iwaIMc4UQ2?H26q9;ep=
zVcMM1y6W?`f#mQP|9$>cQtmv<i<ha<`^Fl=t9p}rzn?CXd|<4rpz`UV^qIi(%W^Cm
zPGgRH!^V_bCA&~U)TZ-?PeptR--JdJ#9A;Z9BgjuQAD(h!q=I<UP~H7f`PyDE<@)o
zDD!St*p9RcW>40Rw`*S)c2Uto12_%5`5^rA{J0B>)#orJLZj0gpO4=?K^>(0zf7$Q
zOW*El8yJAnsu|S`g1x)&yETM5Q4R%IizogCEwlp0VSWG2R<!|k2KLyv_Zi|Hh*5p}
z{4;|1*2CI~^w^{OtF}BrWbJP)5GTVd&T#vdE0wm)=jzpRwA3YBinwVZHr&k@%WK#m
zbvv>l#=~ucn{q(44fCX!b%<;zwW9>-9<EY%bO^<NosTiA_E7g7$!&I)m<PhoL>}xO
zfP*7R23x5w4%WX<x46#>B8H?B_{zr+96;#~!Xrzy7qkrABl*;S>is}@AicGjtV<z~
zdUn7*)qLGx7R+qkO$OJG?Pq1txIjZ>c89zJMa;*tT*}k7Ls~n>yOTRXv9z;f5S7b;
zcXyPweGbOkle__`@gKQm|DHJKMXLkBufmF&@j)iN_H%a6rz?k|=wWS1mFsR9Pvn!7
z5$DkwD?enQ4d~^gm!}!fXJZ6H(fq$fH4s&7ues9jlS#qJV4l5(hFqx_^I?v<c)V@L
z-WlP9A$%}q{ZHt}n0&2xMZOvI4n{f=b@IOk+pC!Yn_aXDb|wajB)Iv>p8OHLae!Q4
z9q}dv2lQ40I-h(8TEi}6B8}=|UMWoHh3yox!9dIBbNreQ%{NPfWd#*k&>;5*J^sCo
z=4`NLK&8NB^S4@ZY&O`}4O)IRo*0$5$>gL@U;VKEy|2a#A$I~^jYuo6K|;%dDzDS8
ze~9j0zav1MqxKTg>mtO`nM46$J)=7bdJFp&K*+-!C&gY=1ul?5__G7$WdR77Lhu10
zX_duHRsA0eX}sn47r&f@um(m?4-*qFEV9r)J^5()1=?Fd7-gpPgo_|B`^y*G+_h&0
zotT!zRT>X6cpea%0HTI=Uj+EOL`bhm^6akC>{=M+J+?B<)v!hdMIgKHiqe#nTW(-f
z9$K=QM04-tEjy{V^wjCS5D{Z8H6B@0z?>PZe?_^eDF+sf{s*c5e6Om*qoaRxay0lm
zb~oIYnyPF1eu4wqSPAxO)t%nQ8KBUAaD8wJKYU{-Af?Ph7vYluC2j*BI1CdHud1M{
zeH|^sA%g1XJTcGlmQ`kEr=NGEj4~^q#pPYgyS`|WH3cJO6|WSH<kCXo=r^sDfk3z0
zDYDIDy9^O`&7}L$<Kr2<hGPw~kPTtxi8a18NOFFJxwjKgqz%Ka#f$s05w+~^aLM3&
z+FlY+46l;u%EeYAGH5D_@Fuu9II}$yNREfK<|5tb{FpA!2cfP}#hlbayh+_Bd7T3s
zAQrreV%i9Zk%~9%9c8#Vz@A*0{Ho<L2|rE!7#&Kc5$>m;1AO3LS-~mapyyHn3Oq6b
zl5#+%%FE$;U*rHfK*hgszE&v0Hyco2mkr?@nYnfSZWC6xWnBB39gqI{6Zgsd;{ZgQ
z0dso5zXR`SEw<70p$;JM#gA|?G+|`}Mtu4lnHBU$0T%|`KDJuM41X6Xw4Ms7v~lO5
zEUH1410rHf>N#O#0m)d{u*PO86uy%cd6VboP@$Ierv0K5Lfbh;4;%bT`_|ifTForD
zOkjiV_8|%E;fDUYvBZ3b7_WCPg_c~?yZrQ6R?y8@ykF@_=OAIn*`Q@R29&2Ph~fTe
z{=r7dAX}supGR&|BnqPYS!j1TcPBrbdF#b5q5#CVuy{kJ{by0RQ_(riJW>pFL-dOC
zy`5I*K)wIsIimeC+_;pLTDifW(fAzra&?H&!rV~g3n?|as`AsV5glSB>P>^iFqSC^
z3y`sQl#9CCN=N*))eo8Ng#fE~T!QE}b7h7-+^b*k3VO=-j&hi5Q<M%VbdY^46`(<C
zA1p#zQI+w+WY7vZ`@aV%Ddh%4b4x@Dj(Q7P^N4F1vy{Kt8j;!+(&r4kvxD%04G|EX
zHc^%!v_JrHcaz|A-cJ>JrL!0jpGQ^(4f&&Uxy|I@w!AQGj01W6#_A+&UgY#1dCQ<$
z3VVi~!e6noY?6Dy%*b0_MV~5Nh&xwd2H9>dq)|!g+vQ359u&}a-!>ci_N3{GEtkzt
zHn|Ui=;3xGoC7441IPO1e#AB*1s&4sTeHctQ`tsIlq2v$CvBdOD;CmXQN9}d#Q7MJ
zKS0i^#JH+AEF)bucK4`LhZH9Wp1Z*U*Y`&gC>!>1J(?f?ZJn&B<V<7ujrzN-R1V|2
zR-V_bf;MeLF_Y(mes#Y!#>sutdISNo95u~!qu<^13yoLN58eqi!&HK4iK+Psh5mA@
z${8xjVvU01y(hYeQ}Y6EOq!(CyxoiOZ&CmR$<T>Krl?Gr6PeA=)f6l)T*dOLa?4Y8
zI*rN8q#|+T%7J`f-Id0F%o}0!`}(n{t+O(C0@$k$Dq_Q?0Rt<PL8J?DNZ$(mgQHUc
zcqzM&((_pFs0a7%W9E-cW7EvAUOWJ$X7e0Wz3E;t0^KUkpmJ1e!M9qEyArW1$1@8b
zVbx+5$^Y#TYziz#r>9dnCu0rK+NTSH8q8~RG?WMl^7wHHq>0pw?Y*_Kt*p>uP<JuU
zxs&b~r$<$T&>6lQyiDMxDgMo_Y^0LSrmsy;hW%3U%fTs0*2bOQ&DQtPx$0io9-3Zz
zB?W4e5O&FaK{UnO<Nv|R&~-r}CD5cC7`l2DIy6x+s-+ts--$gDk_|(B@(_>OD<!)t
zhv>nZI!7!M1mnm#I=z~em;K!__2aG<+077jF0X38`$nau|8lG)1%6VHI!^|uCaTTi
z1F!FvWMFc@Z+os5qdXIxgYs=j=I|t>Nob9ND<6j)6D=<7!lNxwHlBpCS3_;gVGm)c
zIZS9<DR@?nIfr7`bQgW>j2NLIh$tq8c+iiR+}_3zp7i%b5Pa|rXZzI73U@AjM5l(S
z3IMG8<f3JS=Me^}o=<1$Z-)*Su1*IspBv=ZTv}-Fh8V3#22)z?9R4TJX6a-wi7;{j
zy=vq3*x|r3Kys?|lt54hCVY6Z79Msc!D`0WR)vaa=00SVuFVt_unb0(9X!+)u0C-x
z!X)M;{rFao^FP(Z$<1aIKS;3+!+?i}FMl^u?k-9uMfo4k8QdDbqsl}!Xrw(%KwaTg
zqjSxkCJ`_m`xG+w)@4b4@^8WBrNu@ON_`B&yRzF(M?N~1C2wp$P-iN(T**c^qLVi#
z+3dZ4QHH}V7sSNr>OGep`jh8#g?DB_UA_kfn)a+4EAB%z4l?rgHPR2R&lfqq^&W|%
z`)2J^W@4tp80}F7Js71TOs&LZLp@o~rHq-z_R&Lgwl@13LP#aXPD-t8XsisIjf+ob
z(0@3#3bKxEhZIktG|CVD4T46#xbnv;c6xuhh30<DJ>%@{lH<-i$}B}GL=gwB!RgMF
zMz22%07bV8vcNT3*I4WA@Fo7TaF>Iu_Q2+Mj_JoWU2+Nk`iI>aM0cwvt7AJxjO_f$
zWkKvHM0i&gkid0xI>j=m5HH{;RLbwq;rAcIy{Lla5gz*Wqe8avWpP3!0Pn~3e=B+*
zqyO&<TNDrOCPqDls+8;RK2XIId^D}NUM#vIj<tRhOs}XOBv3KNgK8(l3@&K{jm{=%
zF;$n*EPY5D9L`+~`kJ9kNoyC+kS3iwP4J!0!QgvD+=H1u%~P|xlZzC{bw3#Ig1%ij
zm_hW?$wp;jzDS#LTx0SdHeC7*S1Ppj4>CH1UMKkS>-TQXuPIM5lzJa&nr6r2;2v(-
z{jFwFZ?NmIs<8{>RH<Zd5yr}&xSsU>lYvKJF)lID)JJyMOV1cd!`acO+EE+|of+C2
z=d=VlkR$~Jv*cyPzgi%T%4jfN6zm!O^Y^aFSr)RXHN6$BrjIf7p%3RQy`H657~TwD
zKoDAY8SUtai3K!ct2S5{nuboKF!G4!qiBlKHHAq!ZjLd*P^5>T#b*vpQPwU$qRgxO
zmiHqkemYONR$@V9pk$G9U?mhZ%53PVB>xzvM?C5tEg!mHSVlW@8*9J*P2&z#q0ZXU
zpIyFO;fM~8Pd!VKZy%~>nK58S*Z)B%&XZtZF|M~AE1`AOP#3$&RFdKM7E$q2a|MpU
zv4-k5^7Lp%gqzQLj_!jhgQM6I#IOZiT1aIMAw5f4X+$Qu_fc1Fis19or8!^zZu~gD
zp(wlJqzdkV#UK2?0!ftt?-8Z5z?#IfKWoN;DcqG8${Kt|QLIsT{h!At{}Q-nL@cmz
zB_f9pr~{qNbvNpNS=?IoIM;POOl7cZ5)6(%u4w>!xWR2vPFl6~l<hs`HAdZ1krgx@
zU_}R6h2qo8QQAfl+tgLO!#VC<W?|(}esaLTX@-<ODepAQxoN@U{8Cy?wEL|k7~oX`
z#rddR#@PhBJ{sFRY-4A<2HfqWWd`d@E55stXX>Yii(Ei{pXl3%sE~FK^_!$hiMKC|
zfMjTh4_qE17FUqXW`lQ#o5JzVC)tRhLVzgQ$~ZyoT2+7B-6-Mir*dtrF3qBhc7wl9
ziIKcj!7Tkk4h-^jtTVBWeHFl343Xy$Xz29(;o0-yg%c&9gjMMN^fDbMgn6eomFGtM
zCM_5^<yPhIfwLB@>Fs|27EVY(@}OB_K8y?`yp7iUp})7o`XAAA(CD7V=nq;QSAD?!
z=ic^$8_~j8*vR5XP$c1)h-bl4Mi1cVymIq*)2^l4r-CEU(cbb0I9+kJBv@gtdIkb~
z+I{!}o$@ki!p$4TTiIL*NL^F3QV~AwBm%*lLY1++8bX%vJXY;@)nBF)<_cY3F3||v
zwVffI6S7PrD^UMN%lop;>xX04s~PUCjBIK6()eFSEoXd8qX-w<xp0{6uW2~W9RE9a
zbgU%QX>lGSZH0}%AEkBWD)9H_pvM`E4sPSWmrWB<;+FdC*i!Vkhw0Bb%lRexem4aY
z{1$$w5?C<vkd8TQJ%PkWJ7T)NgssJfnY8Xch$$%@sOj#7?>eHGh0FVx5U_y&c$yk8
zgm*D7&{3}bMCna0NyDD=b_muq*-DP#huCvgD{kkRGmO;^?J$0;W-=b?KLD$QN@tDQ
zEZ9o}Wj<oNY3`Vv5%Jy)(Is_6J*0j2qJE;%x#+t)N9W&<#+Vjf=Xrhw7xuMrFj=z*
zqGFB8llJ&2>g!UnrcZ9an#acBK*3$T4#s7Fb!zO??YBfy*1_Rgp@Ek0X5nGg;290O
zRU{k={%BCjDp>L|OQTOuxJ%+^268pOCaRlSGW;KPlzu7Jo{e+Ca7>T$^suc~)qqXo
zKLO{6NJ3-G9i|0m%z<)XID#ntQSFsW9GU)2m57cKtR|sHGz99ClXt}#t%!Pw?`zH=
z2Gou*6<c(GX4)Agr7o#QhR*ZWl!ua@`!=Ylhx@Ergc#p-hBo9ZPG9B;qb^0Lt^xJZ
zEwni|yF8kmPT4U4Mp@Y|iXbRt2_qzIJeh3Mu^$K4_9Rih5+!a5cnl5Cmxleu;vTjH
z|8For2|b~>m?yix9WTvZ9x6%*JLMLsQ9?AOe3*A_>0V4~Gg6~+<MwHMG@UvcNX*o)
zHfP|!C6g<52YRj1T9%=ar}(Z21dUjS2HkC2H551+;A!(hBgXK<PSC0U$u67I;NqHs
z4V$3l-oMs-XbYOuGjPX&2|FiI`lM}0n{>NtQmmXS@ZC4l=N1yoVf@%cD_N<$M{u1{
z*WnPK>|`JTFQ4q{HF6c1EB$h|nh)tMI<TGD$vGPV=x515B$=8^SqhLpJAOi4(f1N8
zK{5DZSJp6f9bs%NaR^rtuE}-N5e1_uB2&orTLHE$M}Dl{CuYdIyIRP}54g)RG;=GE
zih2X~6$Xthx&T%sgnA9kx{i(L?C2k@w_#7IS1=T9&u2y`<*I+jx(m<uKszgiJwf+(
zn>yP0BLt~)#$khDmbUFd05f<X@ebZKfN?~6z{KGGo1b;IyV29ppWAk+NbD{PEP(OL
z!yAu#fn>VP)S-z+8&GJUZc_rpJQVA{{Q8@-AMm*3Xj8e{&fQfc)l_{P&2{y#C0s{%
zYpW3!AAcDDilzhn>#21iC(T%*-lyrH6Rf^)juP_1uqkO*)r?G%r@U-e{<YiBu-l1d
zx@bsohvSeTGu~CSEiT0K$1kM%!s)3MY{YwRvbJcg;lq`PS1E@WB8R?Nw@?bY@YzBy
z7l>L_BjeFo1iIzUy-K40R}m_9H8q?iKR*+kr-VFOi13Y_Gbk>P={9XwAszIx&bG|6
zxI8d}?j2SoZtc~Jdj=Z3cDpIUB+Xy=6qY%m)h&t(z|GLTG4<lTBoo*C8LK=6ZrBQZ
z1+3}<f)zfUyD|-)b5M92*`4w*PUW$~lj)(pK*2*pT^Vq#C<n~tjI4{W+)0KlR7XXp
zVVc%V!Smp$BC#gqoUTt8krKbAR<TVq6#4lfxrDYlinsXXKN(9ToeLSGw543pB$l`I
z7L<LJwSu9&Gj2Rqq*jYidmtO&M#%8;O!W=8Wr?l6U&27>bi_8UHw<`>ILT{1#eQ;i
z8<7;ORN~C=U-xmw;F0b34I1na{hV1l4n!CS!H`3S;FV_>KaZGtULSHntTJ-C5uE-X
z?;D?3W#D<-wCI1o29VKQ$R#5Xxq|mFOMeb@*L}!7dRnQhQswA%MfMf2EFmq<bS2QW
z(?Dwov8e)lS6D(O8a75ThY=havg91;^X7sm*`u*x9t3Eo(d+62pt;@TL?)+nta*q#
z2|awn%Xb1Hu(EHw-wdS#l^fkUv{T7U8y=x1J)<=#{5cV%w`%HX*V!H#UPCmHIJ&}~
zAe06h4?q=x<l!H;ME7|$<&M6EDeNJB+5=KRhM!~&7%vm)nAh#eFOciG`f)RK#`K}+
zw3(kULD7E4r%Z5B5^(JF=*-y;yhaW8W+2(P7@cgvSPtdk83XMHFZ9!fa|`9N>enO_
zv;0F_7?0KSy+I578E|jcda6;e8{%*S7$y~-tvr8zBNb>*<zINjcEJ^;YF6}1#B0G<
zF`mw}SU;>UZ*3D_yMK)C?sKaQUH$5;JujeR2vj*Xw8&JXj8LjHZBT?QIEWSRg}1Ui
z-S~5F{S;AmKCbEU4IU^{J?i&rNNB*^;RUU#RK99bpML@lz1JPsGocg$yx+KJUuNsP
z@i?d+aCZer2cg$;Zj9A*$X4ip)jy#KD|POIE>58ikdT2~bO*5Co#|sL{Q?hXM0)K8
z7<S}bP0D|GVfDX)RY>w{CsVIDQTcLUt1sXl;1E;r!`~04?+ruABu4hC>Nj@q;vaL-
zUi`$Xx??sXy(pqEg`W5Mw`e2-M1JjBpAoe_%^_}3r-!N5s^RYh^VX9)6c+EH#6Q$M
zd~6Bz$7CL^Jd=(}IR4s?ZmWn`RWtBRBrvqA%vRZk-MiKVZbxv`8A4^K43${0s(ZyA
zLzb?LAhe(ZfFsI89BpOB5z$~Lano85;o=^|Evs&{R>xnhN-~v3T;eS}!?V!@14ADb
zqef1(L5`Bfak^LHQZHbv=<#j7T=tasv4O|X?WzM?XDN9cN^~_+U(UuE-fn%emG-Pr
zwo%+R4{<k4QNTgX`_RLSw>%dTMNe|$P}iLncI0n3vcMep1Ripu)@%)MtIS={Uv?fj
ztbpIpm&;Qx66xI;_d0t7y(^7$D!{9W8=9K+s-$CyI4qr&Q1oi-46}$gi2FX%!Um8j
zO3ifNU5@e|a+y$zk5-E@r|d3`e1Li0&Rr(W<NYE7WbYjv^u%czTNk$Mwmzfh5UB3`
zFi6KTIH#wPI*$CK!Bd`#>QSA^Uts_s73*a*^@A!Yxy~hY1!<r8xnCmBU_+F<PArmr
z&APe%COnjigBzsoxCg0fI?BY(LcqB0o)q0)J(b8+-05+PTDc>fSEsUo+7|;qdJ7hK
zy!kJ%Tvf(I7YcN3ksd1x7fWW~G<ujlhO;iUcjqa1M*N>)`DE91LyC7BY-(^{vXJ}s
z?GllpdfK1jM62e$Ai&X7DG{Yp#M|Nh1^DnI%A3kPMmP3$o9=gyaxNOWQ$<T`?XHWv
zr?IsUjCtdi=Lppx*+#j^+L95JaC9O!LGcMiR$JSq)8M-TbSV0`7kM6s_7xy#+0lj3
z{)F+-Sb(W9f=2!Vlgb|-a<ZUp{1!-#55iU{1SFjYmm(0}Kua!V>94Ik1%CFoDjNbu
zMqXt3J7r?pp`_Naq)m<}S&E6~!P$BH?s+RPlBepwE^AUL{heE~NzH!@UpOHry3J9L
zo6ip8l$My#>Fs=PCqvn(?(zn#^a(G2RSLqwp+PRRnAIh4y8tCes&-Gtns~|*H4SC&
z`4#WF(8O^d%NPdDo)kecnQ%^SKA--Mi8DcehG|NAkpWbjOb$CpCd0t#P;43YB0{CE
zc7^Ze98eTQD8#uz6>9d3`IX}WT@|uVB2S>s=f)QPKbJZ*P-RTJiDno=0PPa7NEoDn
zQ5v&{LD6afWIC1&cn<FIjsAy(7XIi_W%^j07AX&alc;PqUtN&%D>e6h*$R`fEHB`2
zDABOBr{&@eMZBe?<$?4WHZ_10LD18DAZu|)t-VRbm;($}m}n4dxePSFKCR|lQ8sN-
z+XNBCfYnmrkMK?JwXRHwmAKp96uHGae9D_+bJ8#Y7o!%(OF}f^m$B+&B0-=9DX~9)
zvKQ;^fLXb9qdH!<P+(Cy{nXgeB~%L7mYWXZn>XT7B-!h6#`PAWzFf`&ufm9Nj*u7U
zlvkvgGi4m#3njo48$*re0|{NZL)E*2dpHm5VrY8_j#dyDcX_yYRft$9+UcG})GmKd
z#OQAwn*U#f5-81{Qw>CMbM&_cxyK{N&J<>2*w35}vMez#XbAl9L|U>33TdRHtFS0u
zN#jik#|i3e8o(fQrYEp54=g94?=rmz8;(4#;GKdof^R}30GlC#)h6XmuUJ_HZhr$;
z2s8TyF^^3z7t3qd>5BGS1C#OGOXY6uee}%ihvH@S?&}EDoPe~BFE(>$^8D&Agf=N@
zps78h%exH9W(Aenw5@|*%7^zTzchpq-pqju!z)*|=+fl2^nWaPAg=c1SuDgq@>^Y}
zYDIYp|6R0{c2-(l^$pOu6*?rKUixZKY2dETvys%#URT$Aun{TGN<WYhJ<d%-zU*g_
zZU3*wfpL>{yVcSNSm}<VCtf|g1nxwWFeL`>$WjNRcB^s<v)x9TavIUtXMi*2B{{7C
zp)8(N50=z$SozfgiV?j8ZRRow3Ox^>)iRg=e+-tH+!ch1HJ`=U=MYr`Xr|^d-%z5d
z3GmRByP7jGEcnCH-qG5IeKWIWeJdPqoP6nG7W(Ms;*_qJI&A0kG7?*vtys%R;eTgG
zeG;031!2#WNtW&voV2Zs&Y+7X@i7Uf^O=qbKH_FvsYdti@oLa!B@gDQBBJ<0;0LBO
zXhg7y*V3DfUY{j$v+i<0HH$@Jl}$Lg=a$~^>Fdj^;C$<SMhM72VX0>|y5KT)olRFN
zi0pFxOs?Aho@Ecrzl3!6No(E88--q*>$g$PA%V9>U!@LzFKWl8raL(hw#7J;vdFTe
zoW?fm;)@W(4!3=qZuG$kLDRyIJyfD^=eN{^=OVH)Lf)2I_>b_<PQjRE5JjiU^gf1x
z!Unisl#@6ZbA30<2<OcBT_@V5UFNU-j|G?!90FH8;oF_U5V!bVDL8M;YwNEL#R>3q
zB{Z2aX{<f@e<Z$;aI_pQe!4lV^SF$L3ikNoWBclEmI>J3MV1vzPhwM<1)E9V7((01
z$FV*22~fzo_1=}lf(qo`>~{vO@DG$b?1+>t?^&!GGGv{sf%lfXbk|YN=4lrZc-^i8
z`fBwHb$eP<K&S-_)V^#zJLi7nhCh2b=t$%$F1YtL$t2K*W(P7m&`f=VYMXXT20-uF
z!_xFU4$|-DM*o`5yqK4$p;dCmdRx1RGZ9S;cNk}DnNP7X<lXB+d4HG;Sqz<lGP-Ha
z_OG8lOl?lL$-R(=v(q%VB4r(~z$(y0iW4*DF)nyBEJZcQSQMPuZSb_H4Gh?i)iexs
zAd-kZbM<HAuB+cOkP$;Gr}yB91|E*)T+_908tn^#xk$kvXH@;D7<i*ilT_xdmq#ob
zU4hu^;^>Au-gOa+ocJ^E%?;>q4B%X}eh~2A2H}sgB;dTnr-vE7+p+k%NSOz)Fdy(e
zbT5}!ukhmI*e{h<!~<@oEhnj_<xZ<en8(NJ{)&*t?bZR48Qi_rcM@EAK?2{s4daVH
z^ehE*94F1#{}HqnEB`WLqCa2)M#;k6rRST$EIjJBhV3kf86j^>b<rM;5R<;%w|p*>
zJp7Ld7%a;FucVsPE7yr^wGhQb*_0r<qY)M%{^mN#_88bei>|#-G4tejbSVvK&_GjQ
zhkmh@_s(^9r?eU<z1*Vg6`DV4MVP5Pnh3np?nZrKGO*P}mWXDfP{q%N2Oh7)v*G<U
zTuWWzD%W2<kYB08`}~tl)8Xu+7T3fMEFkMT!X_(~`_bS!0zO^TZ#^?Ip<>yO0oM!v
z$HMH=TNBBnYw8Xp&u2Bju1X(e=a{%T6j-I+!zLw$hgt5y!g&@c3&q@$y!mig(MZ*l
zgL`%Bba)?#&AqbqgyHp<V!!wy+x48ix}*X#zp+=TE~?}ZnKZdUx9N10L#A+ocpE>a
z(G2Kk97jyBR{<wI9;<a1SF>kv{5VoUBrb~Z1Gd1C8xGC{{9P>9t4Kk0=(GQL<U7mL
zj;s6RetMHb*<5KX2oTzU`R464UPk<njy1OktVG;?|9D{*sZrLYL!r`(Gq8Er*Ukr=
zCjh8j$z^?<U}m^cD%n~*-7i3ij<__Y#CF&*LO49B_$=b1%5tb%S?eKeb`ud^9#~F-
za4nH%U_kZw6eZuwt|QhKw8(4vk9AsiN<%W|R)Y~Ko}K^~sBAo0twgN*#yjbRW1T%=
z$0GG^m@H=q$+O@W1Pfo2x~-A^Zn@(hHck(PDNy1J0q1Tc*RMyP1p`l1c9Qg{LTE?z
zQt1&<BWy+QlC<s%zIgU8Pj?igJ=+|w_qk^;9Gc343hd`2#QU+Q@bjzWH=e6AJO7nX
zeIDAP9?I1T^-35N&p2dJSj=ogrfM{L&%u;1oVMahPhsX9kw2l~rwWigxKbz92>Lhg
zFb`1R5buM%cU`@?y!mROGl;~sk49cpH^%Qjda!e?(#<Xq?eZQU$SADIuq>a7|H77E
zyiK&2zrhMS?Nx398qDVe|K#JYc)t`cqw8t1(y+KJGOR9oX*R3_pUbG}%X;bqka5*x
z{&|PEoES<<!_`0LQDIzwNWa8Ca<z|@nAL?3EUGgQCR8NFHa-?#KIJ=$GR@c<k3;k;
zuXN7O#yb3Qq^$=iyX~flCaBZlJH5l3iz2#eUE#NW!m8Wg0%&Tw3w#Yeo0#oU=ljeP
z=LG3i_gnxQldil@UeE!grk`&?G!C|^(27^tyObwxeHDo*UdHW9HD}EJf?P`Ca;S%X
zR%Uz+Br10lLICZB=Q2Y3mk0@$H54Bfq6^tNlq#^>RgIrDpbzJKtj)KZjkSfqo5FnW
zk8Z@`oPV}_nnDnf0nG-fSO1xlz3fDG269zgP3nJathqCRFmr~S4cqpq@r*w%$zT!c
z_rxbG7-c)_&&oZQjO)7@uLE;5p2w@Mm>EZZtpPZr=1dzw`fj_y{f4jdWlHlnd6cG!
znBoEN(tCOQ(O}CxaSnr~DgSf!A1|$iz|rJYLF(x+5kur@q(NR_P5iVn6Qb6Z0+?KR
zSz0<tzBKCzjDowW)(*ec`{?Z}Eisw3DiPt1GSYMypl{tja_6@1o@_D=R1_BT3}o#w
zyLMxDUCH0EB#<Z1@1kfo5`8qK?h<-XYe97A;O2)}n6JC5er$$5v?Yb+*=D*#PJfNS
zy8I6Vw^Kl3=zzkcrJ`g~4TmNsis1bx`qEA*&8qh%U@A-Rn4WhvUP?Uw#(Xa!)RmYO
z)ka}5oM||EC8Qoe$$|Fp!cN4To6fuMN$)<O>5?pWkY7ti5^F~hR^PO3-LnsHqk${N
zC0*f?V(@}<0(eAtbQ$b@-nQs|&HnUoh-eJ2m<iV6_%VsG0jvD!)`+|P^JANbgyAvi
z3hK1GKH@P8Ie_wBudOAxY{=#s_EOC84_H3Y#fN7CogZ47oVhnLhI2oA#++&Ax-Ym}
zFAH)I0l1jaaUxKNiyI;iMIr}F@azVV!*~E<QU3ji$+L2QZ}Qbza>z@c*dafe9~u1%
zX>BW|?}%V4n%uk|2)EmQTwYeBg?#mRnKmq)Q?7@BTw4B~H1Q*7naxeZFddR(M7>b4
zr8A2jxgD06K6tuyHfps{y<#nOSddw)EmL<<0Gz2nUeUC1*H*@e!fj77uPvm)TQ8fx
zs~V&+t?70LcDq_HC@fFrgHB>dhi*eTI1=W)uJ~G1`NIH)rsnNw$uf|X=DZ}YdfaM@
z-OH`=x~8P)hwQQ9*zEF9b_JE$*Dr7pMII;b5G2t)TgO(tw7sM*@kq8twlDy3NofL<
z8OjYlKN4b92X0il&>;W@#1W-I&?c&Fdpe(4RNp%e)hSvdqOr36aguC5FHN6OlfPu4
z=UxV*$1u_iT<?(YLc`&i{mb7S81<eY5ngvtl)71fpG<!|i%Yi<!@NKX6Vy#`MS^8=
z71_PxN9PodIJe8D4hN4|VnHh_1kBPMB?!cMTiOOH-Qi4*9x<;SCm2XNI9E`RU=z#`
z(viCwi~pX@eyu+JBh_>K0)9PU2x&rh@fSvu8q3NWo3_ILVD(cam|Sqqt#caCJ}>iG
zXHCFlL~lhcz4G`jm4<BX$|dO#FGO%5LL7zUW=ROU$X@$h>x`PgBZvUY>uMr&J6+$1
zipX(EqB_*)_4d#je8+f0F>hWVDv5*U5^;<Aqn>od7|||4WyrU$>**>5WOKp&TeG=u
zsd#pcZc1P)yPjP!!%LDlPh?9US8uY7p^_6Tkx2a;7eA>XC{s|fATtg)bTLQ-e^K&z
zFgJ9^+eH3^>!Gqt_(10vb&H&>peHz)HvH)70Y2Je-Q7BT*umgcw`c1`@UK=UO8h83
z!r}~GXce^#5rg&@vf-Utg?L6%gEnt{FgX8{04T}PTQ{B>!zTKMql)jxhE4sR*FB?2
zpDNLD+7Y6l|MbM`%Ss$KW1)gNvfs{NxKaX`@u+<U{V&58*KdWy2!L`7Fl^YUrXwEw
zlal${wIOn1ZPSkUOMZ8b@|^I=tRlmIv=zUb6-(VNY2k0*?mO4uxZ0)j{q1U3?|Q@L
z>rP2#Y(oNc1<aiy>~{L#&mtvU5|MpbQ?z@s-`9%3s<NA@@FwVido9few06}**vNWx
z08)&E5d8sqP4KkCsxmVXRc#b5J$rc^cn`;cm?dx=pN4jsr)T0?CzSP?<Q+OfaHgM(
zxg&w)Ej8+9iLxolW$y~Q0hPPV-o)rYyc8I7Jc*;kZoYA^9wZDxtx=6V<nu=o6XW`e
z({3Fj@QxswCU-iZMJi~_Pi6B2`Iuqqm=6%yPvV3N&AEwyj1Yjzks^wLt)_4NfUu^9
z6z(J_LLJM;9NEj}0g@Bu9M6`PX>^}N8AEVMn6M|6jyt>$w7o*9jjnQJSl1c#ML~)%
z)9OO6b?pS(>FHZLzIM|tmCQ`dib^O`Sc$|)iG`kyceVA;xz<}3`eZvQuJz|5QwAph
zlY{5+@?V(k^;tw(g)084a4)X9|J4MI)U6726En?#wP6r?KP^|Y<a@*Ef7oR}NlmYF
zbYNxffn*xqL{TvQ2P7+ZS{OEbZdnH)d5jYgp@F2ZDvPxSGlL9cfJh3wxJWwadZzI0
zBdnN}N-(b~%tIz$<{wGMjN6_>2xY3GT`_x28VYJnK|)XluacLJk@ZTu2uY+2OFa*}
zNL^dKoFO-o#zsePc1G3rxmt50UNRqeAna*6DP*MD=gMe(d3u(j{%Z6fX!~uUNt8b#
zSmF$-$SztDXk$k%OM`4RHUzU<`{*>Y%6RQcMD2!I4>_4uG<S&kjsv58`3|Ty&Kz`}
z{ilMaE)LHa&FP6C@bBCqe!`pUS=n=guxvKom0=s0Y9XN)lL9D`#0NfeEyNP{RLV8L
z2rE2lHHzbR6{Fxtl|kI++vLE<Y0e>>c7j8Xd<o&uWd9o(Vu*xs&4io=k4~UXyy!|T
zq<e254Iq-HGm@}oX>4am=z4!mD)ZPuk^`lT0xScr@SJi2s2ag@dAmWN8J@ff!n5I2
z(#fxC!&EGe@#IB5=<fCm3xvfGUcS9@LmfLtTz~5(G$#qdZdL4HD`~d*rRgI&bvel-
zQWOXj9CxZ~Pz{TgUBrxz=^`zNu*BVN9e!ONu`vzYx7xbm9MsB6sHi1qvX?Kqs3KGU
zAvvHAVkQKr!h9i&Nlv6>=TNJckCYWShQptPqnoZ9G>AT6@omtzC+A2dcN1+%sW_p#
zZfZF$_@hlA60otZNw$o>bl0&S)b0z<ExAG?XW_m=ewKc+Lim_ISpM=i<k_f;G{q{$
zK+r?FCrTzT6E@HBfO99LFDJbC!gIKdrZaCJ{X=l~iP5j$cl?h$9DFiTRr(MhqRiy=
zC$wmV3b*j<C`t$ldIx9<V1RHXU6T+ll!xI|Fp0?&^0{)0Ny`CO>-@I8lq3C~!sSl;
z`T=knw}Up9zcWFQeU~wzGGZdAA|a@)9iMIUjfgqEw}9}eEGEZoY=(4GI}J@MhV?|v
zb>r4+t}&_s{mu1SjnWzNL7^rTgN`<e8Cc!B*5nWtezr4=_6C0*m@COclUBiOD(_k@
zzdymn_u@4LkMVT1lH&UREMGO(1bti?u!hHv77QbkjMz#WBFq;&w(_8S#OBYBej@Ht
zl@62oYlt_3YCo(6RiXSX19X-nK)idi=-`H3%t*~3S^8c%r)92EJi2jV1ppKc*HxFp
z_sHlo)65K{AvUE$r%7<w(Dk|2H1GqY{dYU+mI@Kao#qpkdGmQ4*gtiz(1#|z^P_ys
zoC&tsG2AQO(C<0XsOUXrmI6+<(r~JCPu%kj5Xgj_)tZPgrE!(i`OWxdQ4rB>8!gTO
z{(Iex-*33>4w_u_rElF~4DjCb>CI`wp^Gzk+Mzg6iG7n7@^&y={j;X;8TaP#&n45+
z^y+8fjwmRlcW-<6A^O40@E2m?5TDDb>*Y+ove~ec)qO`_(n!{vfFY|!-=<-ZX)yC)
zj4QxW+V{eHgW<qScP8=}m^Z9vK~M34*IWad(6!><?F~^b)FVe}xJc-~%n9wJxsF*h
z4mYnS)F?6s8MB0kCzj+cG8j}N?E)N99n!jq7b~;Abe1u_6vh}L5Nq8!->m*z9r4=u
z%nM#1!=OO2H|cR&vwa1iHMRPu=x{hoQC(+1%>!|t?rX#sNi|t9v?u<51{7kmY22qb
zSwC1~#48u+aK`byo*DXa!aQ*K8xy*WGbsSr)DEjWmm9tz(=zA%1p1Q3pa(-^*rA_<
zrmcfUuSIr$ah6Zwvs#_o3BJ~9g6@uwfN;uf+8$v2=<Ja9-Uu%Jq8R_2A$kdovRxin
z&bD8)nW}#lfPTZN8~Kh$2b$IyEB}CM$m<M5_>PlL9~C-7jVHf3znUeG+4s%xhvmX~
zLcFF4q`z0G8Uo+e!kr?B+Y=Hj<C<utT7yn!|A_1Tlv7-W7`EL~Ht|N5nL{=ZO!g8C
zVc*>L9p^BD7fcD%KIAT%j)*5OTb0%HKEl&rP%Y%q#_5AxY>pqUx%6tw9if(5RBbK#
zOE58}CV<cwjYB%kZ)Th3q9{tz29P?-fd+x~EfTXRA5V~0bsC`xOw+=6#`6+h4TFIN
zLrFDkdcO3%AaU&z#uZrt2(Ti@J!kKL$swd^qDvlCHRHjdnjEc${+%Rf9ZtQ(%foz*
zJDFp>*|S@OFT4fQ_&OS(cvA$DSO(v*DWn!J&kdA$7nJh~_RZ}b^OV==RMTP)#g`%e
zbo#5URCQ6}JRv}a3Qe#9V2ET@6h8(o`hJG9y!<9}2ZmE-I<t8PZ+Af-sBpa5OB3YM
zD0O3RvomgvyHbHh&!*brE9QMe04`geRN7sDQAVKZOX$(n{iMO)DWLT(;g7ORI+xZj
zs>6VbLwl1Nb!|VDq5L90hHqHo?XELotr2ke>kz`JTDP|u>}Qvtp7d+EAzufAE0k)L
z+TK##f#`u_(-^)%%u@udj1#igeDkb$$~^t-r&KRy1kN3i^aR3`{7!T&mr<7SkO8V_
zO1g5`ZC{(5m-8eF-vU97R`V<u6h@uO27x#mp$_JD27xyvCP?6l*r9rTv+Hrk63{eP
zlejJYjj^D_Op(TxR?6Ge_NMEg;P!&~=d-uh8LwK?ntz>3cl#Q+HJSIjX~a@q63DJZ
z-M_umT-MJ$nmZY3`5Adq>9Z2~@C<vqo2Li;ac3(l=)GXVY&+9O*7rdEUL3LDQb;6b
z=dxz;{TRTAS?g17eiHcy@&-9mA7IPv@AzxG^^YNzC5lzo6{2xY!1dWS{AFKvE7G+k
ziRNMgwCJ~7IFeG*CG!bj)_8raW5_PG4aZF1S^PjRertiiJeSTEMEjWpogs0K6ku6q
zIHaE~x4^rzYVS``!0lW+;T4{LG+0A#s;&gz|GW@*x>QSCvWU;VjGT56S3SWO%Z*)|
zdqlI6@*GCRDWH3PLci7T{S(wB$#4~za7Dj)92ly2`eDLBR{++StJ#tw7qDk@Dw_}>
zw|LJMmySR;gnD~nV-BS2z`4M2tmCix0bx+1YT4sxt+rg9Cy-_dcUQS31Ue_SKMdr>
z2m@q!3M7d%T03AjIckNJ-aBb&|DzoXgYY}rJMw<$4=f||oWguR1<~(Vv)Ip=BYOtr
z;#Sl?JpAEW{*iTK>}_(wTQ!G5sDlvSC(mLJpHw-yjC$|vg|=uM$e+K#s(p0}`O4qZ
zahhjU;yqz;UEdHI;S-Z!$Z?I8o%n{XWKi}vlJGB)TYvXnGY8!>)jW;Og|U7h{<&NU
z>UFkX?R%{TWgyI>WRSchh#>`jGs=OXy{u@3{1SYrm>2(>11ht1Ss7J4cf;l-74<2e
z*jI(LBx^)yeX#K1lj5^-QKA1}onx)RB$Vybf!lllb#SUNWJHX5&fg54%D;krcC1s?
zr)Xl#unQseFtC&a3g+<~WnQR)4_@dRtsR1lQGf@vY-Oqt?<-+Dc)#mHU@`<1a`*)W
zx63#FxD4OqLi0RnxcbN6rVdce*KE%0zDBSBC}5o_Q$Yi??D}684~4TI7(MM{fFQrx
z1`ya+8`#EoH$(l)qKTW7M!BQhoHUA;W2Pe_`YiUAU)oOMXsa|l!R4ipaKJd7I^~c~
z$xYMcr;*eeJtH9s2;8t-r=Uag?1-fxldhS=^QOasf<n9-8frzW#K(?Ve`hQpg)z=^
zM=7n_7<ZM(fU@~z9MJZ!VPJ0y?6Mxy$%pZ?M}&k}trh>6#+kxAXG6fiQgZhr;Q`(+
zyA10oTCQ+gP}K-V9P-<a>;mOESHM?~CMf>BjLb`*mXPB`Ilr|C0Rvvvpaz0zSac78
zW0T+F3m-wnuvpcj;!*J@WCOw2wEs7pF^_S*LFEI#J=>I3>dcRA(1uQ{d}w^+_I69O
zSE#+bvql&1K7-%~Q{cgoHi)&iZkX(PJsy_LQva9N(P^^7PykhOX7?U$7G=m_=%nde
ztL`N&1#F;7Ve!FxY(nudadqW}ueL9;%ggfczR!{Z{h^1<^U?vIdmUc*cI||#l>aKA
zDV(JDI~PSXe3T$V6QI{UNWz!l()RF*--_P>c%ZQ+^ipe(n5U(f03F8VBy&J;tFjo%
zYg|uTkBa!WY>_|`5waVj7FFk>Vx8K^R26;Yg~&ic%ayp?L0>R=pHx9=L+%%{<U17B
zLxFnPJhr!UFEM}6ZeU45glrU}nBNys_B$ZVSmi|z@)`1T>J$Tn2vf}e%dI0IC`2v<
z64u#m&ljqe*15jis8+jMr0P?~wGkY@A2FwtOW}}vN;hOxFEuZ})^8(o3Llo+*2q6#
zZKvZ0;VmoX+UvUzCx~R`%)ygTDBAkQl|wXe>L6oS##zBr&skX<9qfjWz^rmdQUOz)
z()6lWrh8+!V#3briGJd)iD6y#1%XMaMgjW)*)YFT?x#nD-qEx%AN2vl#Cn*FA;m^2
zDM!T&*RO0P<EqV>KFdp5DG8Z)tz1C@%Qp<#T@Izk`L#fMWs3=ooK>+5`?s-RJ@ad5
z4oPl3Lc2bMFh}EDfhA<P_hPwi@I$svr4-J@zxxyA!9Lb7C<fmPIXy?5S>qET202aA
z5-u`$Jx!jqqz}bwMr@;cw0h9lTMU-D`aeEyohLn62{~jCOM8>Q%Q0n-cf)I7tOs$8
z-;6ru?x3fH#bGDTby(4GUk(6qi+uWllc@ZC4d9n<$mB3iVkK5jUcq$82eNpw!~t>-
z!%qhiBMB07vtpd;H)fRAeK#q=SsTk;d|<B!5Y4g`FPbZ0Dg}@w9$?SFRjT>si6xUS
zFAI_0t?j<mhUZ`rtuKu%Z(DttELj_~;3J<B7syA@xuilJWl8+6m24O@aFaGBvy~YV
zDIsbD`3)*}dbckoMR#EiwC3RuM?D9<eUEt7%9)y~x2oZExz-^YhyWYH%)p_HAG6co
z+`r#j|MAD0>8k$cDQ0G?;qPJL#Azd?#ZE%2W2-7t186Opc#Qn4y`cB6u8^_G$e5|7
z6-L@gZB9SP1a0UNi~2t^B{I?3B}%@1DKLI*HEUY9J%C(6y+Z^me!4t>A~KigLkQLe
zp=#0%&?WzO2uh{m2M31q!*jxJZLaVsgWv!@^e0WG*;~8ZmP=G#UQ}DP>{(Q<B4~Lc
z{+Yj?F!cu+x-403PLb17qyOy&gHLPgZE1g~w!S?3mU(&iCncZ9nY?b2IuO`Y6Gpx7
zA)yE-Y<5JU4~#&(S%WNr(b`1#V*F(qjWz9Z4jD+*=W|RwcoR<OZfb~anqT3P<BvcX
zVq`PR{IN0#e_J7UCy+pdn@?L)BLdG5Av9<QIk+QVMvjuUS~IgN;;cu62lV`h<K|iT
zksr({)+8EAScT0t1^<P$Nd}8Rt?(oV3ZDMJR^nl-FYFWLr4$AM@a=4^UeV?eM2=qz
z*8}IU4Ja-IgxV1|lP+S<T%TOC@#crOw(Ai0_wg*hX6a|SDqxsA4=JjRk^{f_pRy4U
zgk?NVD~2D;FqHsYSivLmV1D1Feyy!Ojm@^Tk<cFhue`&y(<LPh1MfA3<kSz06OPR;
z2bF9^^aQ?o`?$?9!XHroi-!$49Z>>(3$^{X(#PqUaTC-FEvt{%n5dm?#T!Y*m(D*)
zydo5MM@6ph0zEvU%V+1f?f@xzwg%6nZ4diLFiSi{+9xTTM>u;ITNWRrTo&zeb{S*t
z0=+8hC$a<~V6n%pqF_bbNTA2K51RCVr}I@YYo-jH%LK}Yv=l*O+>>HaHQv8`hamxZ
z&&>ZFf99J{`@)CDFF};>>#XnLa>1wj8O<>AUBu5K&Y_dEFu`RueIis-eg>NEjOUsN
zACzIaW^rq6tbov#Xw_=Tz$|W83*S=KZESHTPS3nI$I3OoE$PUm?(QsogenxW{%w3=
zO=jRTRj<B7LA+5#(05Pi%Tl7-Sq+pOE+BwpL=rkKol_>4a`V(;1#5uyz9a<MF|~SM
z%l!oiZ*|UWsNQOCPffs;^>9_|hQwgbRnH+vpot)r1X?%m8g`y#0GoXCh-Dw_U$^1@
zHbRE-h1I!FeV*U-rvOkKE9BVkuI{~oG#C-g2dD-=<5Fn3N$+VJwRpTybBNxTWTAii
zDA|RJTL(ZyIBFbAz*Y7^e*n3;=9NH7lf^~|fDedL8VDLTB(BosrehQ$or8W`=s-`8
zE(?i%xpDjp{*^gdjZub~4LDdOgciErDLK-2-uwT<`m_ZrHk@amGvY3-ha8SHU|Z20
z;H7PSb3lzq_Wq{W4J$0aVqMyL!e-_t9f>7k-I8S;+a#Z1M{C~F#QS$!J^hKAaFv@W
zle1G(8qdhcvRR?qD7xM`Oa+SU95qx?m|cFAKwfG=!bh$fm>NR)Ldlpe5@DgPP--~1
zobMCZ4Z574C~!?+61ki|x5p#BTB7%`WKIQBBudd&G!gu+3}YSz^{ZPJ6|3vbbz!((
z70$)Y+?PyN9wdnXUv892nHb@T-OLqMUXi+R+&?y#O_2OP;Tz~$n1aOY1&K*uNgB?X
z6pMY4ysSMcfjaxzv`^7>hbwj<C?2XUNNmegtLR@ALKe!Yfv!iTG*>2QLL7pl#Y*;;
zf?f7z7&#3~Zr}8Z^v2Tfh*ICdW;Ne#3>wU3N!g|<Pj$2C;4hNci}&++DV>R~$S7D8
zTT3;wOMsX55?rKcyR9|rgaZWgZoVRsI5@AT!P_RaI_8ZBQVlaPb<$v>bUxb}oW4US
zV|mt8G}3k(85&j9wAn$D^B8h_^T;g5cB@BS(~`Tn2;fre@F!+UYr&5k_pRMFAdh@H
z1-<N?(}s1ynFX|LGiz3qYR@^QHRGXjsdoV=B3O&B*YrIqb#U-$_z$;mo08nLsRG3E
z#sGw&do0y&;uuD+7#EDd;cS8;1j99<j#wNVQBc%CGJ~C}H=HX2_yn5^p!|`asl_~c
zcin0VRIEpE{$mI6F4Qh=UsE^zC+ebwidyqA>_o0lJzuRWk5(G5eSs}J+KZc89u8`w
z^xMch>X?+Mzt9{R3app&mm}Y4cFTZ5=!S<cNBy8_;&yj@G8PZSg&=C{DKFnL>9#>J
zaXVZ5_-`zQE%Iv!nCkoA@^W`Aib-?i|8B4vEHrj9#cl92?_O2d2~f=AZH={}5hD!C
zRwhpx^COS<9%}#a_{Ld*Y|}fn`X4{a$=UxfG`jY2TDgvKVpmj;nLwvZlUWXD?pV0j
zca^fi*WWL*vehE791c{NMGN|(S5mOe%uqK0mkYU*u&TVxlhm0ndp(f0Q63)~fY~(p
z=pO#Z;)a3N({OT;(DyCc^`3Fp7pa_9nycj%JrzK{;{^XK9}?Q|g?!>iL<Gz50!L5p
zL8D!CW}(HY)1N`o&?im8!>{y#cP@S17<9xl3+iD&5yIhe-;m=GW+iot6T%|@#WAP{
zJ$X&pQD(kKR8&|Zm|c`&MwuPdgZ6{_7K)tu(izS0v<D4vtv%z~T0~c?ld~*-+{+h(
z`|zHd^5uefw8E|{aRWsK?-(c~nvn5u_)l3Eq#Ub=kOZFQ1=Zpn@u*Fb2?^(J%11U|
z1=0dR>RKc=kLdh9#X>Ti0RV(r(l?*qwO0fuJ_9NTmtH9fSc|dRQuH}kdFZZE64Mt6
z^o+Nwn60Q(-0@cqKWdkDrpH0%hacA{<2x}NL<taLmn;}<yH>GG_ab?l{oM+Vl{$c6
zKty0b68b|63}v@Ejb+cz-A_qc0i}*J|15U`npOo1cR1XU|4)!B!B@v^wUQJ0cN)tt
zP2acNVP+-qo61g(&{w<QG$GG4>#HO7m-E5UwEaQ!m1H5c@X-XyU2yEt|3^(bTbKkc
z!4qM2wlYyK&rib#jSIW8e*ml(((R-Yf!Pb!wl_uDv?uvwIQ}t7Mck%gd+StmtU~jW
z=PDQ@eoK%zCo!h~+lga&-}4vFnuFI)3l34gTmR{)$a`(Hgh0)mWdZFx*uS6s7fNT;
zky5Er4md#5$2YSY?ja0-@zDEvTmEKTRZRCUYj}->#611GK<HeZD{T`K@sd>ns{T6;
zUYJt&PMO2`A`n9o*86+vtUIgKW^JOx9~qSw2oZqWHz#ok<%*ix{2(nrTlbFh7kTgv
zW(*eq>ptlW@EN*|??$F{?{qGkh%!2ng$~KenOsaoFgbd>n)j1pKU$Sn<AXyUy-QB!
z()w=Dq_VQl=KVTRIRuEz$9e!oF0p?S094GE6t2a$FwppT8?sh<g-U>|m6x{2{`gwx
zu42-xG)@?3FUbIU(e8TrV>20XSylu3zMuC=Shk<QKcwZuv!9i|<}G8u@%(l@ItR}o
z(b;W}=XcwsjeCr5;i(XAxyK9m6P=1!gcNkL(_5=YqzdRcv~$3}tC}z!w=*I!xH%hL
zCwL1o6lfn3^$kI>yZCv>YJV0SZe+5vj%NQ_KZRY?5>@<QACP`bRTjNvXJBF1ec5t+
zyRS_r;c=q%9_?)`5143YXVh?SGxK-X6mvHo&4xBYuVT8$wC!@z)Pfk}#>uE%XSv9$
zrET;~%ICTwl?PU`5RN&524)LeRHeyi4Q`x4q9;kGUNNUcr%~&B<-(-?7FUKb;$!zB
zJwv`fU1#Dfrj(NY!tZ;+Mj$q0JW`uTM2(`(9jyGJ<CMCEe6R+!HljW?Wt@vs#|adi
zxJ)i@KcSWFPbE12M!kd(HFjQ)SYc`auVhZRo!8}n=SHOLBJVFDiPO$q@!oxA3%076
zT|f<QcXdnVo~I6??Wq~phH95?cX8HBgBQN8HVuA8t2o0dG(p{GtWxr%ya->|`YqOQ
zBujJ;TT5EI1bSSva<`cy<$1_KM|tjRdDUO4yc6g8w3nZ7tTfw)%pWFm$Q!%O>FI1b
zgF_PKiPoZwjNezNH#(lxns~cGMOiNj+Smms=NC@v)N9<0*>97iw|5%kh1*=x>0JTD
z{+{#O&dHYp5A=e%)k+aDAn~bzp#77dyR%~V++7s2`FB1A7bB!4rFt7y*rOpgk7f9A
zgs^yT={(lzG3^b4hDOjvXQOG@uw5e|N^VS;>ZX}ui71%fm(7r)Npl;~%~xyfB^Ja6
z638{AN!lkS7b6L}c#IoVxeE|FT0=Ub-wYeR_+bdj`x1Sag3+O~T0rnTL9@<@t!-*6
z=-oTk%RqmQ-4yz=J7ME02-*kn!g*VJKUerVef^YCZR0c{X3B}DuviGqn8Eg)#=amK
z=fSFa2(i?9VH74#m~K@2J60`6Ax_6MTGf_FSQ3~we2egWlE!N~kq70d6UxudNGsP8
z?MjSks+CXU&=JzH@H3tf+{|i5tUD5P9&f{eeKJkg>9cZeWk|`_xEGV_mPX=QAp)u3
z`7(%R!#)5nDpdqLk+zOfSQ*lpS$mJm%A$yAES(3Q@yq^55FA)8BL${q7M&qeE0O;J
zgBSXlG|-5zfaf`~R5rWcDVq!4OYdQbgHxz*D>@^ItgJ`_{{iUvTG!L6?Jv8|zV)SG
z45#!=xxRTutJb;K*tJKlQqJY9lT4pTYz*Dgb|woD2GH2HZQHhO+cqb*ZQHiZ6Wh+j
z$;3YY#a{gYtySGsUumI~J32Rxjt^2X#*~e2s%i&vrlF%!CQcy!ZJ#E<V=kEC$k~MC
zqne7Hx0qMBVk4tx2+Sfx1%YUZe(?CM(o-GzerwYsb+|snwkn6jF*(_C?GsP+{xcfU
zr9RB)+m<;_)2-oGOa}QNGRb5H{VyqwL~LgLJGQ`Q`>1zHtXAL5-HQ%9;-eAYpe`q?
zb4y|rL{HE=k0m0|8;=W(PK2BH2_zim`Djj`h<#ja!#|D^yQ4|peI?7vR>x`PI2ENM
zUq_l!O7ANMbI2W*lDfdBcIr1q+sWr1INP?6HR9zBFEy%}N<8$@S!`(-M_L-V=Ugit
zL*sdK+5K_K3Dp?gU?#}F0@S6qw--TxB~AJapC*OCPY7Q~C{Adq%?G<H<rS)oOVm>3
zz)%AH+!MEGxs#A7lFtnnL)>cEx5n87kI`9s!Iw&Yw;?QTVvy8a4_6TVpAOl0!%aaD
zLm$2s1wAvg;6(cA<;6EyV%>jAsukiyLMIc^y!ZiFbsn5AO9cl7fp&lAA?uBfAh-BP
z7=GO{5Xxmq-18g)?(7mz407G+P5*{%sn}BWAwYSO$S^@qj#io}R-(U2e!+_Q2#47I
zNVwN!g#YeffA$hE$V$U%;*?y?;Gg28$ro{<h{K{MnEd44x_%097#YT*SE+IIS5DY-
z)xept*)ZyitC=z#8r6kYO|GfI_TEf*6B+pig@fy#tS0yFV~2O{xBbT5=cfb=M6>gE
zvmWQR!yEIiHV4(t5k4zYv8vQQnZv>r4ID5L(i11%WN%nV1@1I~dY<}c`r*4CfJUc|
zDo$W_;~ODDK#^+{MT)}4sDw}gPJE~&T1#Qt&*G0D$+6=4$zq^R`7>&#Pmac_?r~mL
z>N`6R%dD{`$a?`4I8L>y8<QurhcSVoDt!s8c|p-$-?qErrqY+D{4U5lf#EEJNk#Y+
zNHrPjK8Xa5Cdgfe0|(ft=_b87wRgh8DhNmu?U~yG6~A6(RR6y4&lra|6j-%+=mUAR
zNbaFhE9PHnp;JODn@vd$CUo2_w6)oC@H)!7Q^gIRTyfU?a>F6{7*yme5lJ>pR+dWy
zuIO8`f-4nZNZeBozacLu#?N>(q<w1T!Vdj4`$R6{aF&%fAR>zxb4x}|M317M=uj#<
zAo)(18>%}RWvXPCrka_hDsj2-l3Cb*an^DhX%1I3oT~y(uzUDJe730ay@Y#OjSTvO
z@k)!{e1tLBDSDn}LrhuJhuG?j4rG&*+X6r!*sRVJkLuSMLY(Ba$8)_&Z&?*Otn|IV
z_J88%RT+N{5=^%?u!mLoO4lvxI2fU>Vtd3oUwe6M%Jty0*BgwA=!a07%}T<Q-KJ~B
zX=hoEWTML0uHPv#NbEo*OUrH<KSo0kdP8>t>DQDhUjI<<Eto%Ok4UP+s(fe?HF?*6
zx|$$QI51V~DS;!kp1Er*_03qg%QZ-hb)P#W_oYcm`C-_LXBzm=a3F9sbue6RL5vF>
zt6RaQn9&|9x@8W#=FN1kRA|t;M?I~1*Jozov+_&3>c_;ALI`^yg3Y`sRQwA=t(VpZ
zdc7>dJ1{Zn8-b$Q=MYO|iko{&hceq`T*%T>PVoC87bimD9d@EzVYl5t;!vdXl%Q2*
z5Q-_WJmg==VF_iE)<-P?teUqH4nL#chA6Q+%^>_Yk8V_*ebww4r{()W8KL&e8DOqi
z&k>@lBmnjk*8nC7qU37qAplv;x#B_*kA|f}UQe@9d(ui@C$^r`9H>tW8TRsmz2aXI
z6S1ue^6r=yJ^5o?FHJ(l+)!r;;pICm&8W^#XMJDySfzmK!p^8e>IH<Ljwje**wBp$
zW3k<$87VGL;ArTBq>BeRFo43?zWKFLbG0l|IicOg(Ig96X!EqN$v4w8PtNv@gytmp
zOvTOuGccL)df>y{4oAAJQJOOiw9kmlcdSiZju0KA$-DO6aeOa0K(Q@=y&;9g|JvJ5
z94)z@+dDWv{~6^wtlaqiUt%Gj3RekMnLL~;YR$2toc)H+f?Kl@_TL=m@Q<ah0f80D
z=(>D&txnsq_~2*0C(bJKsFxOGs42}g=#%IVN@{J-h0q-!n_8(M5vuU=d?2okQ$ZCm
zq~Jcvq~vecK}o9t&?;!9JeGB;RhJp|NAHwgZ-`)A5R;@l#6c%}gi#aP-$(5>VoC~J
zN5zm@zb8wZcYK6@BjUyup>Dy6lOQ-3n{NwlhBg(E!9`t;mi=s;iDKoB@(a;l)U`T$
zBJ+Lg$FP&Y&1u27VDyI+(J=KWkW(==mODE%^U))G`<`R`>z2Y?Zlqkr;SYF-PsZnl
zrT)p`Id<|J$i)7aM{<@-uY*Fve1dMUNz?W9US*f8awq!lRsO!@*Ggifk;i{<fge@g
z{YYK}lb!#`J;2)@T`7`SZ_HJsBP3v+k8_HD>Ne(5S^zivgAc7cIp9u=Mr@!m+l;)E
zO^V7yKB4^2QaCG)!5a*)1E^EZ_HO@2F&##n;9#mM2%>eKmqN~M%1FExT0fm&3jO$V
zA--9CX>Y!oR#$s5CKSbC9@@qYOyF`kvX4pA^;8^B>Sg_KO5-SBji{n}slXr@sK65>
zX(`iC0inc*>qxy0beX-z@!zpM@3q>mT}P#3MEMT84HHK|N!<3Ir)^{jW@<2kJ&gCo
zNuZI+yz6kY5E1=H3buf+@w!z`)=D4D5~lDn=;CG~Yl~@-kj8zw^9@@6#keMpH@5hH
zzPB-zbM!Iaf-b7kH&Cj<U6F5qmN8=lOJq6La+Bg6i6F2{)NKS&U_uL=9-(W*wT#*I
zCx@i!>WFhVLl#D`3+F_}KmPDHHj7QQ!eHxfD*dIbhv?Zzl*-_ula|AxwO}-K?MzzO
zLzgyAO>o>3XM6$n#g*tQ9%$b@BKJ8vi3FYrB=AEn_bK$~6?+SI3oohs_phmWLNQol
z+*i2r49W5x@8f-JfB-xg2%@_QgwXO=;qaOlov0r~%}^K8a3pl2I|n0$8;0!RvR#Rs
zN0{LCw6~K!xhAOVp$G<rxD^obUbB52%9FqU*5(6&^xpoHcfi~z-PZyYrQVg*A&GD1
z+3h+5E#x4wI?RT!j#TFVdX+fLct}zLxvQai1mk6-Y7R1mF?uD;-))(hHyZw-BKeI{
zJ;p!ImMizn@hVs)!yc`E$6+k!b9iTXgm-g3WC(DY$0`|D9U?0KPjdC4f^?JG4>I(b
zmT@259(e7!hC?8da5&D6NPHL{fg3Dswx}yce1C<M$F@xVWD59EOE3ObiD|?BonawX
zxp7k(zF04x)tDiG^^c-zARUR9l_*)YIB#ITcqBPtU8y8H%K?P^D}lA1jW$NG0e>RB
zO7#V@Pck2I>=cRIw?bDcsn0a-!ET9s*Ixt2UYqoP=ry;obYB)W8jn!F>x=iORwWgP
zA~GSIM(TTU1wi*CiyW{WYfWu*yROT%jpRnHw3glNJK>Kbbf$L9LL~)+IPefB|Izn-
z*}j7Q<^H2}B)D4JI*GjHBbXW3FUqIm6e;3|zZd&}7-f_t$kW0Uuw(h+V}=8RF$8xT
z$!~PNmSN>E-t`CdjRsMtezle)<M(%7^>|eWtlO8h`;)Q_&?I;X!`TsDpQ>Kf0OuIJ
zSR%QwO#&BFI_YIW<n{hzCCKG2>lzy$3aa_-gs1!;xK18{f_o;}`;w>ql#J$lu|-WY
zV=i-bp6rYPW5{;%`=o%{rDkGiLX}Qe4EQBn3uf$gr?ns=vqf(75$707|JPW+_>qTA
znjEBr82GxYy`glG!j&f0Q+a^&@nV&W=3up|K6>@IA7wbPGJ%U(ZHwJUqNvxdRSr3e
zD|{_K){9$KIS84;w#i0qESTGLi6>-&85jJB8E~AagkeF*KI6VIpsPoYd-Q@iCdtK|
zzEF@;0Adfw0h|jdlpBP_rS)*{KN^@Gn>*r9XN{DuTJ4J28Kk~6G*A@S(6#bHWx?V_
z7=4(WSYTAL6HLr>fxK9E63LmLG`l3dGO?1JDW}p^oTKOpNI?ggxzSRwn=@NV+HnVU
zAJ(nbs@ulBBO(!z1xt{$$L5Z2s`4<Lm9|7VN$W;$vQ!}d?40APGWr(ls9hz8T|B2{
zn3%*)#(RV)!@q)iaCU?iY?sWvu=p*jRq?~~xHA~FJ-b-jDTXEvv@IJE>ctB5mrn)*
z&nKm9N=>3rbr7viL+$H3ZBCngA_x3%DCxsMxDe&O1`SP7cpUOgdx@FSIn=%(?Os-4
z^Vm_{Rk9A3aM7)-S`=WsAdQhoJ8!f))ZT;dB5Fu3;+no!7qJbWEQ5%TM!vzdfPf#6
zD6Gi;L~0FZIsLhkSSTiGAA=rd95TG34ssG7$UmUgU#Ttfy%$r;fYiW3cJPmW>L<;f
zIQs;Y+dA9%@cj+B&HC<bT5-afbzFt|1Hp8D>u`JS>js0Rt7lm31Yj2H_1<tPp@nsT
zz4_8GQWjMLt<ke`e|ESXbToP;iHoU*(wfGJf%xOJDm!#dBxjBT<OdtR*j$2T%p<eC
zhVojSN9i5mn`_vK?OP{l=qLy-e<nl1mw$gIfv!<3^7W;W(3*1BLv<7W@w{9rpkvhC
zo23G^`9^@*BqSY>>yqii`0<k5iuwLgt&^#s2nm4v8%1^Hk$iMu?v20J=4wF@qy&~q
zfPj=NS6;B$cG2{elcqzv(dG1tNK{tJ^3h7gg2}#5NzYo1{SfxwrAdj^5fFCTf2$*m
zXsoqaD}s@ILotGfn;2IC>>Zwrv|v#UN_3$p9ciw`eY@9014w~*xdFvU16VG^@y#Cj
zC4?GIRkX-)kcf?6(1fT?@olgzbCTDdYi=-j0xq<dc<kCO`X@03G|;K`PQ-s~I@ul2
zjgwXmmnx|I%76M-JOCv;PPou#P3et4%MoYXEzV*B+N}^&8(CDiBa@87-%wmqWS+Mv
z)PxIKZ<QhcNcS32@wNl~HF|U;3#_}9I0X4l57-*aSCy-{PtgDd>4wK;E0eckJ#>c!
z9gaM43OIWEZZkSB3WF>OpiLT{iU9kJt`OjuogE-)2=$X+I~|?W;GfQ?3dS#{ISWgd
zf+n$$(I7<=!*xvDaUVp=$P%0-UJ^KTBK9hTYY{}2u62T{!Qdw|Wv3E<Tewp3kwzx@
z&7i8A8)p^6{}LEaLQHer)zD07+F*MB@=I3=gT@A?Q;<CkLfk*RUa>T}*&$%CmD)7J
zmxxkTo)_DdRC{}X;5F$dI*AdIRWv9KT;FI=UaG^cgZ%rPzkCSJ{uXc^6p;PZvrWE5
zveyxrQU6DUE#dA2Mn;g2VT@gMlHyZ=2Fl3L8?}u%(eoo#DHAi8H*DEbXmXjK{<O<m
zspyGHRSgRmESf#L$bo$c)ImnBuZ)29x61t5ja~X<SPl;Y#f=K}?BJb_(b%;fAtME`
z*W<l0r2o8-nyWp);Ead+k8&1`Yo#}!<Aq?2N{4i<8>R=sJ>Pw!g2X{)3t4@MH?IXV
zB=*0U&DnYuWtmn-hTeI%m6n1?4>&SwIZQPg8G^;7(a5vNA#+0{+)%F%Q@FlYB-Y<@
z{ZW&K?`xdGU-k8IGkQTNG|#B{#VcS*O}3jPQyK8sXsCOlwx2XeR<24!)(6&XHLmQ9
z{2tsX^+74s(As{?5okG4jrXiB``l=>5^mZ`^5?>shoTS7%!@_$G(<c=#t(1ojE~A+
zydV|^qHhHay6%a@yS@_b)}3;laT9I#Ewh!Pn8?$m%U2@Mkg1UbcXhG&_pSj(A}eHF
zL*17Gv5`WWJf?=jM54+@7(4Zh!|bMbKLn|vPBkn(<@II5s&E&R2^21B7tLoE!vrM9
zQ<+@jzTqQc+K{6IEcS?I%(O))5$vb}hapJavG`OdZ8rx)TtbO+b(okmU(<_R<rvyD
z{74MOihwdjO|P~o!>g}faJD(dD@{FKTyts?E{u}hUttxo0H}VHCEPopKY#gEig8{h
z2M9kf=I)1EvU98D8gtk`=Sh+Mig__F!UJ4AK7@TN-zaQ&r!kdu9g6Lh<Hr}65Ei`f
zPyUpeO>K*Qq)!v0111Jhn`^JJ%lZ1V88R%&IQ@qN4I#kU<gcGIkQ~p3MnE)V!>#T3
zEh1B5PmY-DVhAcS!P=YMYaow=xLJZ21f<&Su^qmuE!DW>Vrt|(MY@fbwlo-l#9vgR
z1tOm!=!T0EF?5-b9rF@eck?uJR~%<zZGGHs|NC@wYF=vv%JVgO=G^aqSZwTi1s?kR
zutSU&W8u)!3(X~O2!x7Hm6<$1M)oVx42`%W)R}?k8#XB{xQa@6;Dc3iQ|joFOtqc%
zi3#4J3p5xibo#<R+Fk;_HU$z@81MrvRUP8p<79&3_*9w`D-&rJ!WJgvf&{539|I!<
z$>Lr!x!opVyX9+V3}&dL(21ETnxyFBjQ@AV(I@NAwOwqwP%XiEp6Yn$2j;YwB6A4%
zA#*rIOe)`>09OW6?(e@9IL6=GRn7Q9co<<l&}sM5cfL+_jZEz9EQS`QOO^TAQ?=`{
z!+XGD>lX3RHhJ0k_%HI}W{&eml1TrhXWt)FBdeVXid?@yH7)91lZ%$jl)SbFuyF~v
z#;(a?+u(hk4C|qjqD;fC)Pr`p|2GU4wF=n1GN=UUWiae-w^Mb-n_+Dd_PL8OR$nb*
z3L1#J1IIwiIdihcg-S=yB+g&Sd_{c>M4sp5)_x0eiq3s2MTn2VdQ-G_|BiEE!D*r8
zmWv9!StaSN)5e-lDuyjNptybSif%c+`iUD|X)r@ilj8>_)E3rzAG5{&L3R+N7(vQo
zRw9V6J;Sey%<cQQLE_sdORPvmvg$Y*SS@#EoT2;WvKi}ok11WBGz%7^DT-7WiuS@&
zjK$QM--wD0g`9q9D8ore3m7zU*O{?fVofO|tUcDW>WlTKn4tNKG`>wrVq)~Xi7u*c
zF?bg&Idk(YJy~CMm3tN0?ol;6qT?Y?!?4!9b%)xF>D+V5HV#F-;QXaK*A^O_-()1l
zMeyz*Dum*>;^8mN7N0q(7{fSVc#xnC1pD3*KHqRUX!X`NVH}wT?{Ao>a0aFDcLvx6
z^+#@dFzbD!>FQn=6w#b<I^k&H?u1aa0|ysDEC!dlVAi1bOtHP>*`eT(8Ms+cO9g^K
z;05uKZphkW9Fitu!?LqttE3YyHP*sG2^mczjme44rARq8G@oOjHP$g|{d{mj{8n_`
z0Vsathv2}F^jzfma2+@m&j)S8^VJ^87H$$v56GvihT8gS5%0v4h>^i?%DIKx0a@xc
z0`$U~8;+4E(yMSPu4KEC)kfr{kIXmqG3fzd?50+x7!Us`pw0qiJmkW1+|XK9?L<G1
zrv9!wmDH(qK!y9?5dMYwftvjV_nyyV+OE<zzX;=hVh*2YVnk@F-=(+hD^<V#MsR!?
z%$#{P4Of<v{|#FWQ;MLf$G<&IZXn(SD~*6#23#kfNW>kcRo|IGEH+dtoGUTk*dwq$
zjtr1x7d1vhaTv+e9^?IGl1Xv6-)TE+IB~H@fV{DStAyhXdH5b*Nri>Dwu1vJjOwzg
zSdrH!v`4cGW@4Y{yPAX(uS{;#MYVo^lBuy3wPbOB<kkY30xGN`dej<<8YLX55Cbxl
zP<d73k6w~2*KBj#WDiTO7@0x^`mDS^!bMQtQ^mc#m-95vcus$7VONvuR6<qkG%nvo
z6&SVU>W1+_bvgH>ByW&koOAbufvgEbv|3ni!R{sHrlo=EAK1UVaPJRLM}pb^s_K_H
znSh5M=+rmxKlEfQL216JcO(3hGVd5qmaCifUwM2d-32~^XLncM+f#$U8M#E|9h(+!
zWXNA7Stp$0a)+C^E$GWuTo$h|Jf&$vaZ_$z<%YXz99M2LQpqawMSq~ipu^$<;#Zw|
zc(fh<*K!+7et#njxeEwN_vCK>*3xbAeH~?ei8B?GYx=ZX$x(*orZ5?auCA4%Gc0ve
z+|2y1A-ovSLsE<C<J<f*q=3Z#i06do^~v`PXz9wTCQ4^&bg#Ba&JO>WY-tJ5zyIrP
zaiA#X(49#4rf=0|Xb0pmnWcPh6`urAh}IbE9b4bV{*YE5iQOvAlFuCz(wTH}koHCL
zyL~I^Ug4=G$Axaa+}B^jYY_%(Zs3Y!YjroQ>)!~qME3K1P^`9zw>#F9P-KsJ!q)Lz
zdi+jlc}5CpO#r{gi_!|T=FOQV6K14n$^*~JeDVpbcVts0OI$EzXU}A+<QtGl5vg=7
zzJj+uMy|yP>;)oX|7fynXp>mspqz#lsFpNz7S)nuaboArv>m2{CH=}yu4=iLGkj28
zZ~bV(+FM7kZZ)|eY#B5s7ilz7ZEZf<BPlcjja8uIjHG!d-v%a!V;(OHr7)}kQ@Hka
zX1=UX+RvJ<=YJ$y#UOQ7ZOxTFdxKpwvk7_OQZ=HpF{B9&c4+C^5%?u*!z~WsPjDv-
zmZR7)GbIe08=Md*;Wn0A;GH8E$|VG2&%S{=V)at<?3;MD4|S7$r{3hS#&04VUbq?~
zg6?CUwH+9$>!QjKWZ#Et?@FqIwJAgQRsOqX4>*J(kP#x(SW*|nl!<dI0o51s<9Bg#
zf%Ayz5LLDDxr@0=sW6DDI`N9Wdt>_}zM?9coadlU^A4k0S3?+aTu3a=X+wxzKp5fB
zz5fK~g{;?){>pM3+spEh#eW)3VeM{1-QJR;wn|~R_S+ZD=b)woSJsyPb8qFjhZN!g
zoL6nKv)PkqthHfsT#UhG4H4?5@_1p$VgcQ#DFi0=<9u0y1ETK_7hSMO&Tyse6uaxf
z{NZJ9k6Wz&Wx%(UVBLumM%V(&&GrHnFCh2ZIDXauYv6K$Fq$>(Y_!?M=}*LLx3i%T
z0{H!1==}q&a*>8K=kx^UB#dOD=fcKmzV%un#ibD4bOtiJr^DWEM4_I`*p(FNajW9W
z;pM1+j%`@IIuIj*FbRV_Rng|_oDivz1M`>}fw1Z_U5au@20_&n+qxYgND$LJ)?M16
z@^RL9n4Y*_e~hpqd3Dqz{?M|n<JIs-99_p*@-BZ3ImEq8jT0J+DoNxwxentokT-vo
zqQcl=cUMx_hnHZIK(OEEuzn}5Ctc#{oQj6|3D|GWqHc;hrmaj(qsmyj#kqG`*z)@+
zzgQO;A`x9p8}bk_Fh0k5;idmZA2{MSDU7tk@wiCFk{|ECsLLLNqLJsQ?>REq@T<w;
z&$n&9io8aVzi5$4nGGz`G3)ma)QT{%0utLcy%jXJ{OK3Qc%-)s7UTU1bgIauoD!~Z
z?CnQhno`-AP#XV?R5{7B&{5uaKBwxDhn|VRHQTT1`D8#WgKqUzbjB=+l`Mo5JXMdG
z2q(B%)IT-(44ccVea)t=G@v3eWYXijVTUQI>|m8dwO16gZj@a7sD071dWtqW@krml
z>f50XCqPBpHVk;qu9ugyT3A<sjgS^;bw4>jsQe98`({Pn3QJKqChph`=rH-#Mvf;h
z7oN1x&vcrUIYsl+wtGR32xLgV>cGiYNAg*rc#@opGX-wTT2fZP>OMp<;v>5q28xjY
z)f--C%CfW`8TSCu6FmeEN|kM_Y_F`cFEnu^*XQ@vSJY_&|ILkPq*p5L^<?=4O;E;x
zl4<VV#%4UQbxm#NbHRO?7*%yuU4{gNm?L;l#5NMtzU7l8xCd7M6pdA72ONr;VRvcS
zfGDBhJ!xm*I=yA}w;v>ydc0*xjR^(_E{P0;PfP7{@9JDj2w)uSoS<G*CU)BVV(N|r
z4FZHd8FQ;tJaQ!RYbod~Ve@;LcH_JAVilwgEp=Qn*t0H$`CIk;62@DIw*rA?Et1q|
z=%5ZhV{3p{JulC%FoAwXBA}Vr^DK_$gfQJa)S?4>_8Fg`fTql;BZiJ4y}-+@f->^o
zp}mHH%@ku}-(lmWr)_vCTEc2-ISHs7lquTVdNS*x+A1)!8JaEH5L-CzV`Wdj_I?0L
z8lsFBnEN^Lh3iRlony;6@_fD76qOJ;3Ii3whmiwZopqORC8Ah0uFy%YQ!iqQh~eGD
zX=Z%sv9C~UrOp!G={|#G_3#lUSAtFPgV^&HT^odZB2f1Ea+H8oAklpF6H{oiKjo8A
zekapd>gOsJUTlKUkI<!PN^=5+(RW$m<>#`C$A6_W?HA9quF1Z8^8Yk?>@(g}FiO8J
z(&DVr^98Uc1;Mn98=7iXq@CYkWxz8#2sG0AN342)&~zyYf;99LzGnF`Ta={rQ#T3;
z*k5;-@z(+ZjoR9_B<DR-?8jSAtP72|nn-1|p<J8w8Ry0GWT5I^R{~z@r%HGn7wz@}
z7bjA;Pv=r}a#E?z|B32e3mC&eyKP_(;q~giJ(<5B$5Ouvx5F*V?jl?56pjsQd7eKi
zj(~%+%7+y+CG?f~S?$I~mEVO9;v*?kAfi16#IBNjcRxIa`ISirCKN1(80OMYgtt$t
zX7Ze<V3*<qIF^u;A@qq`qZ!?BjXv~q(sn6dvO*DCY2}jI^lo!NNX66EzXR|5&=6Yu
zq6wDbfp+*+%c2U!x2=RPfk~-3sLyGX&|XA(dj#zF>2AP_Hq>nz%e>3rIw9ID<}YCE
zfcl};;WD}$L|PO!LP_$P(l-TVYAaKX70BmVUC>*b8(nrj*g}xJ?0yXvZh5<XAJ@Q3
zJMW0KjQUglGRul}biTp;roVV04o(Q{QAqFa0rtM6Q<P|jR{If9yG#GYdo=cM$8BbM
z7wh(#1Z3T@5ql>g{F*|rPS(uBCQH1{Kf}^mmV{Eibkgqpnc{rkkV66%Wk34ZnlVWA
z=iG2dNJ2BUsT6v&n<9=}RY4hvMhi#okb${(CXjW^f1NOMq|}X6kv8S&5`oARhoNcJ
zc*tz8SAHz5>i66&x{y6-aHh&ga&=+(&lm&fFG?>Xj+G&_X5kex1UkDutqRU`mJYg7
z#&;3%5XhH$-d1khF!xmsS-g^yN+3R)pQTVRF^A8;c;Ae5W%CskoCNE9O7uS>Y-Uf&
zOEkP<_Tb<iFZ~PhaStwH_=(p+WSr|zNYxpkGhbC-iu{$raq{+*;7rsSa=hOCQf3qE
zNv@z3Mn}#H3hqUl^62S-3mpalNt-vzFQ5yo>{@n5lc<mfWO6<DFhaiT20PGgKj~LZ
zKeMCMLoCzLD5fu5eYlaX4ICPRxe`-(@1Qx*K^*7KPVW|toqDpiD^5=mLQs?-o6!Cn
zNku(88qzN_NeAn(Ch&1$l%?J1WEB>!k?PwyVB@e{K<aZC$dSkerjT)jtuV$?FaGSY
z_2xI`uwNp6&9o5=Nn)kcd$gSShl}@$?^T^+dQKAikgy^nyI=g?D~whvFA-b8L++wk
z^w$1HF=(qsI~AXnVNaC>*R$Et&3J74>G?Ow&NC@g#p7Y#mb9E1@q)=z^*>cJe2awT
z$I>z@s0E3rf}9gqS-VYc+vyLjaM=@F=5Hapt79|Ju~wqwZ$uw%b?~2pAj%<<_IZP(
zI*fl)p*-N>hNi(LFK5L%pV9j9bY&je9i<G{h#t89QlsX?AMeI0X;i%t+!HG+R3keb
z791i4Z_*~k^D^Hymf%T9P?Kfvf4s7~yth3;XpX(fASo6Z-^?o&+=8^pQTPAp^skb*
zP#1l5LB3iV??6<96y65z{Lz_5!#2W8JZk;r_q#YWL|Qas+H$rW94M<CstHVJR@%lQ
z>ctd`VY+{uILd`E>=d<E@EUN~W3^;e88jEugW(cV746o+98=wA!-RAl_WJl8tTmn)
z5@{heJENf+`>9c3S*FCP+M$P01iqXwtx6q%AcN<P$xaxZc`_o56T>(C7{<Vvn3>)=
z`CB~)VcZqPGGgc!Otp(p9EtDf`$r!RN0IbmZuM(uGF3?vQDlgMhk2E&3|Cr|F#d35
zG8KJ5G2VT)l53i>rIKEI_!4Dxb}2GZKX*{fT!T#l7z79i1OOBO3;-Me0ss;K3IG}a
z1^^ZS4geki0RRyI2>=-Y1ppNQ4FDYg0{{~M3jiAc2LKlU4*(y40DusH2!I%X1b`HP
z41gSf0)P^L3V<4b27nfT4uBqj0e}&J34j@Z1%MTR4S*eh1Ar5N3xFGd2Y?rV4}c#)
z06-8x2tXJ>1V9u(3_u(}0zeW#3P2h_20#`-4nQ720YDKz2|yV@1wa)*4L}`013(i%
z3qTt{2S67<4?rKl0KgEy2*4P?1i%!)48R<~0>Bc$3cwn`2EZ1;4!|D30l*Q!3BVb^
z1;7=+4Zt111HcR5`}g<P8*uai@CEP#@CWz<5C9MeV3eh9ez3s>tj34E67nw%jBA~P
z&5qf#*Go(JPN_b`J}LlR9*QQhuFJ5g^)T=uiPPZU#0*ij5>ZRsKkNE&i(#0abwANG
zW(-{F`Ak`JJYdvIh~j&EqD((3!cgRUz%9?59Piw}?Q(0KV4u0g2B}8R8eV*`rW&d;
z_&w4}ISz(j(kHrybAThYGgQh`9YRYFij5D~ih!u9<{B?<At-VgOtGg^8Ui=1c(3^8
zHn{J|FcI{0Yj7;tD7_=z^(AS*woH>M2*#?UF$12?NVg3cR_GI7{2;>K1&qY{Z3;W%
zFXm1;S1+&6(HxCgLk~mO_;e2U%;%DAT{V6u#0wGgky^1AFNFxc1pI<U{k<2BcVF5F
zOrJBu=VX+AW@>5dhPbqKGBAk`$7voUCgXs~AWC4d9q70PHFO?%j%n#V0(C6upMV1`
zVwJK7QJHx;Eq12{w<o4;(hJQ=$ffb8>XY~<0p~3ZE$$Lx`U$!hB43C2djok4L5JtO
z%GUEIgE9DnKKKvOP_TCcJ!`_uDL5i$r`6+oXlvMvu3vJb(G9*F>7yw6@4UIqRDpX1
zj!wg{kBS?+p?oAUVc}nXlsMd<I}@>~?5QgQ7d>`FYFw{*uawOX)ntg=KOTHzPrj<u
zLO0f492b|aO2B&xx4j0nI@wVz+nI;vVu!Y~ti=H-8KkrHz+)4jD!ZNj-?J$+!a?ie
z^Pdn;gO}9Lb!YnNIY?G%_jRS9YdCYao^pzvW>O-Cf)%1O4w^3Hvw&FchyA$rL^F<(
zkh@<0*+zz->BUceVpsS6n|$%hdRG5W-boiJbEWYP*}rE>-N_Jzd;e0FP<7iA)>2B?
zI5H4aqhu`;?uy%%mVJ2&!$ya#)GUw(4ocKnst77T|3h2QlStg(%=yasJOgdI|7UfV
zy2E?s-L4YMSARicfsdgmloMDS(Q?W5F<Y+J?gAE0hKZqUH&B*n|JFEba2}G76rGcs
zZl7A7@DoXVS1)jFaEz-Qi{@e*k-c<^IJS5@CzXf<!AYd2gP))s^^n)t7+sSztw?1$
z-V!z)CCqH_CqkubPI)t~Q+`kJ&uAmGFTcM>wu@Lk@<`V^ev3IyB)N8Q+E<P9Tz{(?
z7@)v?UB50zRIqTvai=PRuT`F=>|+shhz&^lGtgz*&%fPc9BV{d-%dkAJ&w-_#`KFk
zQ5lAcJhQXHhb(CnWjjfvLYRgC93kWprk=REgF>cFx;LZx5zGvd%n&Zl0bKTkzU9^<
z9yGy<?#;c91`h#~fIB*36zc2QMgr7xublztagE|lqRDqg#K|V6yR2YGm`!X=GBKaz
zY{jOUU*qq1{TDYXbKP^b#|yI6mG5Col($GTk*4Af8O!!Q6eydf7i&`UK6HvR9TDdt
zY3}C?jx0~EujVygBOSODduT5S%eSxBa?w%it20lp5TmyGm+0`SwP<$jy8)isUU=$H
zv*l;d`*l`gL7t~%Lz+i%G}G_1OI?daqde5dHOE@@c5!`V9`#e9(9y^eA%frWa9~Lh
zXJ)97K7Rauu|GaGcQStpS1esiZP(unA_xk=%np66f?Gg@q#Df0#a!?JX(P*q@1bo)
zTX;zkD%-A=8hx+xUYr7SZO!YYa#eCzZNoj3;6MarmF5BVk#dO@7`_<r-4t1&u>wD$
zH+~wWB=C*(dqVw8b=kM+;AwFwwpUK+kpi|X#|BU^rMrsB-tq%<jzunioQ-OWF6<;a
z9WnP89kNcOM5Yf7F5Ta-bIP50*X*TVUZ@H4+}B68kyql?;kb%h2;!Q-sLH6mv4n_|
zQ|xEh|8Pd-IelOD9dou4)uD-sRm)&%bz0eaIH=!o=Q%Q(MQiS&dwEzHxo}JU<OVZ@
zuZPV_Zg;3u5bS=}NbR(QhV&*M^e_!t5N9wYUAg{)9HcVrwI(xcG_5Y>;Z>W4`COrW
zEGM#he1LJt1!oRC^}*H{$4X$BW0%2c1-c$HiiE`6JXmj)+#;%Z*dcAreSEI<7p<xX
zCtOS>))C}n2R^j)7e*Ev2u9@MVaXMELV1>nX#kG+jzz`=5^&1Den<AkcVJ18!_t8K
zFSKzHp4w0eX7$+J=cQ#GO)<mZsY@rve@kngJeWxo7VJbI36={OclGv@J`7cd`UTeR
z*&jENXL(2aDgu!!)UppI;a#YdhePDcx~z70aN-42@wV+TxoAgxisXUzgE1o4A<#2U
zbfrlrrgAR|f0r7;#q@A-8rWg@GX3`7+ON~EL0)hV5-v3{Tr5UFW6NONDsK<n)KTs>
zFJNE0r(LG(o$>+~QGkciE1FoP#1;-CPv?q(HaRe#Ag=#mYdzxlJZmWbs*8&{AT*H4
zQc2{DRpv(i{lhtOio*{AxC}=jWG-Z<H4nS2t>|()4BA~NJsI5Awy1K8w~Ari&sSh2
zwzlv}p3MLvMuLp!xwY*qdqvmAuXNz{>5*_?)egK;*`@&=Nb0~G(RnB-VSkh)lqh_b
z=i30%Ko#v%+Mv<`bAxO~EBMV<+X%@U)`)#GD{!RQ8{!#N%7po*xsrW7OnV6w(fQ@E
zuw-xI0@+Sa3W)A|qT&#eJ$R}~s&*ALPl;i9pPum*a*1<flSncpXzI1EQweLn7|_X!
zaWzUdu;89JO&7&B9o|hvl?g1YeYLhFjF^b>xyZfr)|p4o#ne#Ml7;cOPyGpfuMpF*
zm|M`|h;>Ed!J>ooP>-^zpV{hARt>*WDrYcV#mw@$o_6zj7PRLdgZ`Anwkm50YEvF4
zHTm!I5F#k6L1Y-M;6^o`%CQ2(T#4C%T9OTQm*+eVan-zdCrI(f`mwTm{d0O#{kYm*
zMjZr;^k7zQ)hLLZXNEk1V|rZ>VY%v>qUH=%DEvA+y=u(fdMlHU#dg<5%~fpbljdBt
zam4|xJrE4B6`|`8814~tmo|wtNZUATZPL{cR=Q6hfq)OF?SpOB#(ea@XD|;|V^3M%
z%#W8EBTwv3+3K#o$Q;-;sO|*!IiY0;wj%h`pg-7gBIU|`_p4sE69~}7=(S3iE+%Mj
zzLVDEa=<KtS)_ExKn7JU2GI$=wF5LQo3nz=5#K|7um{UScKz7bkAtHS&_!Tl+#1X4
zV3x4#*?B)2PSu@cHG;ezn<y)3kN!tv0cM4k^lo98uO~;HW9am3*=I+@OPI8EvVmst
zp-It_^y)tI(1!Zco{S_y{ivPozm&pd-hm3p;%g_L6Ct>B{>HnB8C{p2I^R_Z`1oK1
z76borr|~v3`n+Bq;K<we#LNi%3;HoM;SXJe=ks^2b4J(VLdl62MiSKjo517Xfv?tv
z>7So9$^A!TdUOZ(jRc>KXccB%lMC1Y&-smZA2CR7uoSW4pn8DQ#kAS#1`~a<MBk^L
zIe=`c3S4O5x^nM%+%iKV%;g?Nd_<l+e7D<VeHZIgL%sSzCVixNI0W46jbrHr$guZJ
zUCeWk<reN^M1?qI=|DWfdE#HffF2IhIhaeb@emOC<~xqfv@d3U4E5BseRpFCrCL4U
z!n(&7QYlP&!qo^~00UPWQ-71t*&LG3WN^7nLaRD41L6u0<J~f`DF31w`?E(8(2x4B
zsN^E+n@a3{<a)B$xeJ3r5s{L|N&#y}d}U$Wm<)w$V9PYMb8r1_S{2`D#dCsShLU(+
zu0yb&H%y5eqm#cB!?PS7#rbrzX&^=vVNT-8OC(UwZZ5%t2;zw9m>V?k$m6vdp8d3=
zM$hVf)}&lH*Ye4!z5VH7s~YQo*0K69tUhvNpEk)Ghx;O%I+OLV-6r~61Q}x5+xQq3
z#vZI3@kKSwUp)LSLn`z`XpW*RDNc0j;&1+HMN5GwERG1NikHbwm`~R7=%|;uz5rn-
z<<iIq)d~W7C^uq5!sG*jIH7)xFrD>q3D^?1ySrkfXu3HDC!a8nOqCD3Vh9%G-$$K4
z=RZ%VJ>n?+a2E%_3He7jqwtXPnl?|{RIJ2<s7ekHJwQF~!mhT!ZMAd`ljq&B!H~YE
zUq+O=fxX5c8!=WX|Lg-hAz9ckyhwn{`IWD#usAOa7%#7x*g18%jOs#2NJX6-fs&?a
z^ToA~QoOIn$Tr6m0&KYqy9qrUlmCI$$c@d*#&AVak{FbVF7d<<hLR&D#x7z0*IoBO
z)6)cZbc!#)n*jHo&aE4!H(ZL{Sv7oGhQZeLx#|AB{x3DVkGv@&+`3|Wvb^f-Inot$
z^@hB~7yJD~qAeu03Msv86{;osYCM6CXoRf0Gk>AG9C2!TIIyi*Uus<=+ouJikCy&U
z)}~gl?UQzPU(7W{8z}^6V&cB+M#=^KMz;3MelXexPc{Z=$#oehCK#}jg7p3Aj@hYC
z*yin2ZV=R2>F?uDy2VEi$pfJ?m>9fAFOOptE14$Ln6B;#-}d8HtgW=PWq-V|)x3CD
zSRdCc(LlY6z<O414IEGuV~Xt8(Bs&$#(jlnCz1?(L0#`r`rS$R4Jok`xk*Aocs`?i
zA6&mYdr3-+a9A!+J4jX2QpX|0sbS#r{ej@}rCdko)Fu$Z2tu=S1y5hK<4_$4=Q91T
zusXwE1x{+@nIBc(D=5+JFu?Q4p%!ME!h>uhp@bu?*g9JDnJO-)!Dm#{mPP62N~1Z4
zZ#&tplW6jMf|+aHlADq9fbT=t*{3Lru}F%>cuWi>&@shGt>E(!m_D_>T$ls@@$QEy
zV*fk?6V^2hq|IvZD>JC={9@CHPmWm<TpZ}}z-QDsq8ZD5JT*`Grm=P`d`lPihy0Yn
zu$BA;2V}+}^RG`f;y&vq=jrOeI$u?9`@y=P0!F)Xw3_H|CTpY+30)Hn21q~ZZu)oO
ztfkO{gT!r%bB_3<1EQ>MqJVJ`eeo_dy<eo(Zg@T1LcEFI5u55xUDihI-vL$iL_>XY
zLD9y>z<}w5#_(P<Xny44Y9C#~FJ@=MwW{s+yYo6Qj#ZrnjN2Tt56m2C>d;YWMLiF{
z64rh6^gn<PFZ-%331u#1j%jRX;+;eJe_65xKEV76+QW_N&3DB29bkshoF2xw(Cwy{
zL9=ydZgpQZ{EeSqQ-?_(*k}?fFh%meyM5we(0pMg=nD}P%L-5pJSTiB3eDf#WE6ya
zx4Pt0P;$>LtO4&=w-^@H=psm!3gIP$DYNRSw*Jp%G&8vtXg4~TSrrU|Vv;j~C{JQp
z9BGIKh?cx=ivaYG)I=Aq)EX)AiHlWT*R`4PrrvcsvyjkZ#YhTqnD@Q^_zdPIpMrZ+
zcUU4)ex`Qkno?1Vw;#ST568J1RVkJRu2W>dxHt|lP_&|g*9qf9If=Lk2vja$+?Oaz
zNQi4R+4sb)5{&QE9w`Q~^$XQKcDG6MSEP@#u4$9t$06wI^h-%p&H0yK&NeQ|@Ul3c
z1>E~1q+5izjkkG$@k*{8<4p+s+tQFOgi&LGqLAhho^V+}3C2*{=SJsc$cRz`=3{oF
zAMoAsh_f-f$0+Og?#1}FEiO`6-{Qw<yV}N&6nEby_W334JtXWT{<M+p5{H`W^DfZl
zLGRdaszCW|tAuPE$!&|f7KTW;7~rrjNISuq3L;0UWlOPrH*Gk@o?GMO(^In(5lTWO
zumO|rU9~*+LyXJ}tkNLE0)KDKJwoYtfCyzqep&AT{a~;YFkXS|%hae3i4+A=vpyh^
zhPg<ur^vFObO&L8bZ&c(I$++O?<M2WAj<h4+!piXsfSFNee-&DSTU~cPjBVGK)!tH
z%2ert<BiR4@dL-V+)^W4SB<%~^3|coEg)o|Kw+(c6|((~4w>FP9<4-Gb|<a_q1+X7
z{@Kus(2e!@9aP{P!0t6Ll)X`ZD=TdPT4bJiwCdb&+H-%#kRgsRN&owK7<1H5fE42L
z@4qXkU3G2W?5xPzj$d|$;}}ZNekd_x6e4AU_8kaN{KeozU<?nixI}A=o@uIjGJc&8
z)Qb|PPBDDETd@}<J{$-4v(m>heseLII1ZCA;4o?I$JVAI!4DwxOBC84N(;YpjzB!o
z{sKCFK8rOGqyt9KReSssubcqqnYp3k%w-`wM2T61d`R2$eZ@wj8S(yq1)6zT>NX5J
z>is6MiA%Q9vS4R$w6r!0GNy>1{4+e!beWsp%Tc?JZK)p_bE!=?w{sCOLt6Fi5|B-X
zFr2U)Ea9I(cwPm-NeX_#>D8P*NuPKyhO(#79sy8O;8fZ+=WL6$qonx`iPf7J1dh34
ztSV0OUH?hfE2LL_+S=~~4Gk`@fcR7po-4xZyiT6i6Hu7TiMiI)Ofl=1zzhqp$yaIC
zikk$>SR*a}!yl{rr1cr!cvO7OyJ~oDn~!#<lzdEit4)Uk(nV@a{3vy|`QRNpjGReP
z|0fqAEPVbh2%2NuvXIvpIR^su-vOcP_{ZPO%?q&+=SbGSh4^#YdnUo}<9_~B|8Z>t
zLS{++BMI65Zr0Qrq}#s`t<$I#6w?p1#~6zX_;7z+H{GFSdhP42AUh#Dl=UCOS_NT{
zFfXB2;iR)uGuQYQ9mvvdmaF%ho)F7Um#F^JvJD)-<h<FO<Hg<}pxOe5m;w&GjN>fI
z34LC2@G8G#)_iFgozVICDmkoO6&hx)liK7U`6OQ1L8@#TMr|nb=|tG5!8I)`sHHv!
z@@#LEW-C(E<$61#$3l=21$@0w%~Wlw_vp_r?&@z<OX9imr&ShCFCJ0hJ*Cr-%$TUa
zFtLehbfdBFWa$<(197`wf;BPu2xn-)u=Z||s#qtq;rvV9z<2MRtBh~!0v5zUDby;q
zGIPdG=-1VP)5Ve{hkF^LHFm&haz7}=T>L*6LUnPpZv0|0duDX5aj>-y=fJgTHB**m
z=vMh(9JM%QXd1MCQdpaWSj%n%hb2lJw8W+|c$EDn5BVb+wgVH$kHy_b5XB*x5|;^q
zgo3~)u&3^Mx&re;>^CtSdApUgiJo6)eElfWkF`O?l*dvL%|;;!S|#v9CWA3g)@cri
zjmBEqB#TZfaFQm76*O(-XS-H1`MkJ#dl6lQZ}px-Ih!u;WlP7%DykpICTwLv^w48f
zFA<swL2N~~^(V-<$fHQj1r@7%4s9avSV3MtPggIfrH(&ZgYlK}w8~g2T<Xefo?njQ
zp;bztDN2G<Y2cQ)DB|(f4-NU`QmfjyE*j6I>SMNbSiy6M{F<oqv3C~T6~L%2nsIrE
zX_6Qmlz!;PIUck%teM@poc-OWn_*EgsscSF1nSk%H)BFc5*%AtS9Q=F4||!cY%!my
z14vOrgPLeZ4}1$F(yt*<Iprxo5WGdm8k3&2^V{_0;+a}iS}PzFp|S6^P7GNbLKbz~
zP%c@95<3|s+ws}ZR@oiNG-va7q4qU+7!#7Q*T|Sb&7?w^Xl9OmRs!L!e}GEoxb??p
z#)ErFWkxPrNk-9)-rnWgF>sJ!5}Pzk2}2zV@B1p>hp)LUckK|{p$-@%IDe9mJ3^2w
zmGvx&_ELp&?w-)$;%6ZhF-eav7cew})V{vrbd(9~!j<JN;+sV;AZq(3eR6XADhlM$
z=JEksOy++dFCK~V>2&yp&!LbdnEn#MHZ2m;fdz0J!Xb&2$iX1_dNcAz%@L-cin_%r
z(rDU;@A=VPnS>XmCLlt@S&+w;a}2chBuqjs>0%$bKNsaU4GR!i9}~9u69;IM*aqH_
z-EN&uZZ6D}(~>EB^P#>K_HR;|ZZ4?7E|MTU9Ff4eV%)y=kgq|kiJcO3wmbas;#F`G
z=<(MxW_3UKife;*I3Nd6HuU^2<2)mWa!DeoBh$(b0rUkPyYR5^mWnK^$*)$nsg`eI
ztGs5as-JT-exI)Un9urHZzMys5K7N^;E9WLZ2S+h((^DgNt8L<s=S1aQhd@=PlN4d
zb*3d)4e-L{n<Oz6%(S>_cv%s7@g9jkqz2QCzy&5%Aj^IEZ;J?$nssn;W8fjFntjfV
zw$fM5TL9mr@&=oV;%VY#XUIP4x}b1jREh(I#i_;)EaC}Ys>6Eiir-q;q!VLI)>to0
zI#!+J41$zlaY+akCTm$fr)kyM$H@&wFT#l#c{*B2Wls;5Kql~1!<g^0^05xff6ydk
zkq$=dZ^>OFCqVetXQzKE5e((IiY)d&O)+viS+c<=<|}!T!?~UQrsMU0lm0Y)1>A;r
z`FZY{?g~zsZd;>5DRw8>T`&GO!h0n)Afdu|84=3ePu-jH76+^DO_-RO$9+ryJK3;w
zK3h`F6iU`RE+yMb^0ik9Q$5AxI@g;LUQqNITX$++C<Bu>F#esG6pr1-a0aWjDFFWL
zH^Dxl6K-xmc>oH(#>JD)4#8X=jiCWv+JRSo5q!Q9$d9v2iS?**`G@<6^jtZ@o0bHH
zeW#I!2&rU@PXZ+J;J+g2;jf-hetrpTgXQG_R)Y3_Ko;u>qhoR}i8`v;CZ=~Q6yt)Y
ze$2GNd|F-ESj5$+q{!dIHuzUh>MD=!DhaE-iZrc5zb;G$bIahY^fb`Cm_OS`!~-q3
zx9@L>)~5CEq*N{AOzCG9gA5RV#LUx1v=Gy%)1)V8F9Xx#Kxv40nyPBwFtdK(g-1ek
z>~)acS8Yqz=vP8z<8B#^{tJJ9kJbVf6x!3y2{~JFryR;2|8F4vA~0-C(Cdc3X_gxj
z6Lfid9et$EsbD~y%y;nP#r6bfqxM|URVRGSN{3yHwVdqwNX&mzbzuS{v@QH-ihKqx
zYiFmW{^c$*jg7K*%?v+D8iz9xV^y5ak1MsFVtu`%dH%)RuXX)sKEIVc@gcoDm=z`q
zI!8v0CVkGOJAe4R=#d9QBA4Q5<m;~|F4j*(AR<2um}zHVigcT~b$Ys*e01t!OCr3T
zo71qtIhNh}L5T84C=RK-cJUEY29(&7U^LBK^{0B~@hk4+{Mss;Jp|R9QEP6BTj20S
z2`|o`F^e3!^fwb2W;4b5lX1YE+<}zZP3397D*;2Zdt^pvp#!arzf4Jd6m}n*!sds5
z4!2M*4ry^ZJ7%-RK&(m5AsSzOPIi_-<ObfXfFnh}kL2=ew&)Uj8>SmG@&NW@MP|nr
zrDB+*7f>8i6dDS~Sd2n34w*jhM0jGGv?NcQNMOaQEr%EvFi!@!Fi1{=J1KCzzOdiu
z^%pdU$u#mqK3}uA?_SZ?itC3BwU)UTVp_4yeu6bkyhKl%!9LME<>{j#KV#PIW5|2a
z%FN^uJ~MIQKM(JKWo*#*j*TfZyqDr?a|6dO=d!}~G*=$jb%VS|qg>Rmk&<&!)FSCn
zwK&uaVQX8a3k<E%1S_xYcy9ANbvHxnhXpD(`+o<|9;;;IL$#TwKf9IvcE5`5501!R
z1!T<@i0^T+n+P4ga-R-cS@N94BDPy3x0OknU?Wj8yU99iUa@IFvkF$tcen$FE7E3P
z6&{{qH09lu#2UNyebH|;;}%P*kn?kye|z||a5UY8yE&~CnEv`j^y^3K{t+1JBEptH
zd`q`bmk~F8OJir1!2i8MVFHpumU@`CeorSPv<Xq~K=nr<Bxl>rkc$o6%dJBqu8c*d
z)lY626^hx?%laQdK)%0TYizN8rK;tZeCkae7-EkMoLWWIPE93?0tQcDM_%GFYvc?j
zjAcZuQ>)f%K{Un0*?8fW`Du%7%p)pmht*0`33Mth%7hN7lq}kfJ~bpia=2CO&DnY7
z$+_|om7KGMrKX%^iaI`JA@CHd-HL6Ihl>0BMNE^PSlv!bj{A{bU|3syjH2MI=X^ip
z2GbM5$eZ0;^UFS_krE%ez0nphemb6wMh(h|^a=W|Pr2W;pe5lIu&(~qOp4wIkoKMe
zY?o;)&9Gm)%Jd%>Y|a~b6oLoA{mLgz)nkNyar?mezsJ67HaGSPjo!%C;Bl(E!K+zV
zUTj6JF-N^Ah`J;e4@^`Plvw;y<jZTiT!rB$7x}9a+|%SQanslJ4mPMN301y5e{N8Z
zwMX5FWQDFgh{-68S#x|S1L~PQ)-S<rUdaojH?Ji5!j3IsMJ>-}MJI`L=$lIM@BsJ<
zWu9nBAy@rHc(B-;NLNmMKuJ(*sIQZcP`*L1>rW9GA&^1eyQkEH$c9Zs8uGL>KffDo
z=#GJ92Ljh7&x*rz3~`#W%*<Dak649@m!?e^$c(>{diLfd{HJQQo+Fhad%t24S@LNN
zs65N39B+BumeVC&=0D;2t#+9iHoT;jVvfz}WGsP#3uL5*bdo3Dxg7O{`qc{Q*0y}3
zH*G-mz@(NMzLQqB*H}ICW(7Hd2>OgLooqG4Z)&Vu7fVj>y(|7kYgIG1({?0nD)WoY
z4*Qat)_hv~=jN{CE^n}X@`N#pjVY9ShK?P!7p8<@TX(QCg`LYQw$10`E{lZVIoVoS
z1%<flwoj0KOCOXdf(H16NY5ZY$P!e<#D4%BX+}iKJVD;aqbsRAD7PI_S%)23Lqtm^
z9%I9Xm(Y~=MZ!f}KJTmXx!h*b@v-_|=|K9z(tg(8c0+mnN?LkO8(6WgVOk5p;Gq2?
zqWDt82Uv}BsTd52iq!K=-&cjTHz}b5X#8D(gC)C=n9qd&uLn?t)ib;apO=u!z^^TS
zxjWcf&72a1X(w4HVgoLKj^&@(KYD=19tVH+f`7vjWN<$VB?=~G=FOE5$J{oxpQ(P9
zjxCJkPKd13;29%vjdS88Y8!qXtRGTbRWOugiX=I*A7rZ%&J&>fx74HpygzV=P#$Br
zPd&Mm=RSm=azutohNqJZ^+OV@nVlMS1zoH@*j)e_!Y*Rzib~E`%*It-vNpkeApzI{
zJn@fYgWW0f6~xiobr;_hr$E4!e?QXiWrX}73W5Et)5ty&5);)8>hD9CW&tRwNO}fH
z#og1|J4EPMMWos6Re8sYEJ8<PYviLc*E(Thz*Z1&4d>!&dE^V@w;5nuydeG;%;yV|
zEW{zJl-fhC;RpIYr6dAx$|7Kw8=KBaHETf)ou76$JO(`)`6?7tNUgFKqvT3?#4)Bx
zsC!2DSMYn~I)n-nvu@mzm!cgPf)Vz`Y>o+S%pOWHaSK-}XZ);I(cLrM0^~T_H;JOv
z@}8ZP{>uAPQv}QNRP&xhh_;}kIj><(4jm1LTT$))OT9G<sQnhdVOR`Xr9Dh=<)J3f
zeh(@|s!I2RGxBl)e5a1Pw6YsOKPU4uP;4qv8U6?!n!cB<On0%xUU=h1=*Qq1+NIvC
z%Tidt9$gppZp1xQxxi3t*%GgGx^%e;<69Y<c77azOdM8yn#A!WSaR_~t5H;>5HW4`
zG`6VUt<v;i7_T#C?L)ZbOqptenpjG?vLF*`9Ca|rdM~KnS_2vWo2p$PM{$1+WT>*D
zZey((Ucz-20yET&P({t-n7OD8?G4C@?b7JWgI9?uURd)6%QFttXr0Ih5TjHX-;X{N
zPwFTn8dJc4wv?rMJ#G>>z~if%rCy)1#!#;L<+&*PK7T2>yL`L&lRM8);Fx({696WJ
zeP(Eivc74;d-X@()B#6&3(fPla(5`@hsRC&df8SkUd6h4zh`k`KZ>bQ|Hmfecb4X5
zhrtqw6|w30X>zfSi2H3XAn`%+tvgNV9LAKQ#Lb7-793`Tt^@nBKMBd@3YUtku5)fe
za1cR3Fo>VA833L0TC?gz(vU6JO@Tpq1CwO2&U;kPlRXSf9iBKu(Zq(ZwH@jTT;1-i
z={yl5+R6(!pueP4#zX;J+X0(VF^t+k4RG~Ana{iWC{Oqe51n2#p4%SyY9cY5v>G%*
zHL#;C-Yh}shY*tGX&(I&(8s5^*S~J9&y&j`CV#V8mML(99TsP&>=+r-K>WgwzUbB5
zedEIK&0O~yJk_%fyf&o&Z>NNh28|>=OuP~)tFZcV44qhGHCcB<n&iN`0qR-#4yANI
zRf{*I%en*W>*+x_e@-4N^$?8T;Fc^T?Nr;!P<douW7Av#@Sc}fGBbKyvNHG~8Q%1o
zZ9v9N&t*c=SYf%Y&~?wPUk)l*VrQyt`5oWcc{7+ZV!@*HX>WPm*FPxa7KQi`7Vuq3
zq=!{c=VH_H_rdK5Eb1`6|IZIp94o+3FguX_9*i{n&vPf1!if-cGPO7yP0*mJ&N=ng
zL--wD6%g?*RZPw1y0Oh!3>*%X?s<U^)*=?({gXvhct38?I?1f94mun`q*{GM)5#OU
zqe3*gyc}B@=7ve>b%b8X^YU8~rKD}uWJ3eJ@Q45^*0a&+8_8(VHqsnKB0sygWkyUl
zxM(Q^#Zz<z4$KCqWuwISB{Kp0i)jz=A>=B}dL8N|+FiFk*F%sRe!upHKVWm!XZNf)
z8_{*$X353L=@YpB4hxgeR;~6e^>8bq>A;xkEi+=(8KvdXzSlgY@f9df*R^5JgG;d%
zLbJI#`pQ$}>%|87GO<r&I<tQL-Q`-D^-EX<pXYu_9&oltV=jUPX=V9Z8_Sk5D#fyG
z6OJ8Qz^?c$O$jDKFdH20R4sp0*;G2wgv5caF1%Fc1$!uky!3Uxzpb5igUMLzR&oh?
z(k}9D6>%}De$}0Y@4cMO9v##W4}bgfmN|L_VZJMe750tsxzgL~H%><4w%^KuMZB$>
z9UqN^6a=WiFburDTi3<GT$7-O9sJpw6-u-mr-kus6h53rzvL%jE0M2aC!S?|_7wWF
zN4sG?`4i=fP<B->-|}km+=Om9EU4rB0WJ}-P<+P@m6;TtTKVtdD69#lWr4J*M1SZM
zzLVoCaoetK<~fs>LS|$z0sC_L)fywlzq5V;7ExuP3tyt69!}Mumvvd9k3FL;7<r#3
ztjIrvJl#XmL^aN$x~ALlscZ;{i=zRteGaqFst6;SLAgra0x`@IPrcnI;}YS7tRZzS
zra7;byUo;08+V$%irzJ`%X292x%U9C04UXp|0+e_>eaj<a09g4Qa;tsQdfjnUw#!0
zwzmVHAVFmHGaAIkig8`|%Apr!34;T3nthE=)RX-fGccWe*46Ga#_C4Si*nbhBA?01
z7oR1q;ACK`HB&-*`Hn68ZO<6p5N6hhP$hpQ3VqkVKS~Pj)rUn`NtIC^_XO$-?42`c
zI{i*V>XQ(pDT4J)_RuUBZZv|1H$E2@s|DM)=i)EDgYv&>NuT*Rs3^!nUYpesPHISH
z<QBBowxS~*M%R`%h*`I`M}bIeHSV|=1yE$;h>DCUvEmWMu6JAiN4rAYSFE2P1_uV%
zUEB<)aB{~cHhM}*%c9vIWLPNRj^u~-JvO;5T7EUj6MR4et^$v7&&q8FQ&Ww1*uyCD
zmE6Hh-awaWb7~ZyXiknexn`EQucc_%_d%>CwZC342`ct@?GI!C{98fCK9?j;E<AAy
zWYdr?hBtV;BHGfoTbwLpB6dB9sM-=~49{TlC*NF4MxSN6_TZZ{F=FCi<GF&>%Kh25
zdu}$k$EXLLlWK`V>*u_4j{`%293jDu!E9R@shNOCdM^D3b|uu|txYzze9*>i<Hn1V
zP>-N8exT+y`9BZp24bID5Y^;HN`Juzm+WuMTnOtftk;LRrlk<41JpDS+M}m*Ucs@E
zyGHNb*L~U9Tl^vKNOAK;g0`R!!K#WCJVA)Gy>4eTwc<o|;-`7_Tl>>89wjfyYim*X
zBgQKWuSI`Mxa48n-%PGErS#RrpDJrX?@h{AXWVtc{USthS`7fX{`^h)CTmEYtFoOz
zuyopB18h%8%`@;_y+A`>BiD7!mTG#1Y#noIdg&6R>iH_b>3oudjb6t2S8+qS{JcZF
z1s12}>fI7kbY{J@ml`m_TDmC3wa$ezTMJdT1$a2l=?#u+oBtwTxQ`xVPqP8Cm7R!l
zovrA}Aba=sm>oT1oBKt(O4<BrGzwSYiZC)LsI*FBjOMP<#wba9duUx4f!&M{EnFbt
zPF}+b-qwJGv8C}KgR=T*tl6dbXSiL+#W95~leU!3p~hFL1)i!)D*KaKR85L}sN2M=
zC-*>T+8(%!qBVCjLdrZb;?{F3E1M^&fMrVQeYZ88a%&}d9e07&!3NbMPjZb8fQ&`M
zaJt8aq&cf=KZ>n?Ww?CWFB~4_;w~|eu%<YmFL_MjxQ^^r@r7pc&j;`o*<Iq)Ilv9v
zD+G|RTP@&)k=o_CQ>>3G|8L`ACG_>Y{{Bpc?PC89eEO8bgZ};6pzXG+rm*pI=L@S$
zGef+U!^yI2_T<>;CYc9&6ow=3D|=&hd7GVntK<pXMV(aZ{r<Ww@>=E0%FNSiHeLX2
zP3194K0DnEkMVo~T-n!m;K4*P2WfdC!lM&b*>s|tQjJqT9wB&4PMcc**jg&;R0kqo
z)1}%yI{VatdD+Il?20w2LeEM5*g1({NC>fVbDwof8DU&ZrBV@$HK961i-AR{PbokY
zg2R3^LxJ_Y?H%%@HWS_F=Wrqsx=eqB&zbc()(m*v0`QD;tVZDOs|r1)9kMGfm&Jda
zwMpg-bXP6L1_Px<XC-2!&=$W)Y0MzLAEl%sB^~D9U7Y8Z!0(n;No+tpWSl*yu3+AU
zyVgR!@!ik#D+wkZ#lI}#VR;Rm@*U87V@U@Ca0Kkd{FqJk9Xh5PlFlXKuuKaA1xMIT
z?iI_9aI#EWE=eA?w4!}u=QWFg>7S$n7q_7}dt$Q0pF$-$yOgq|k;+3RM=}wRN0Ko}
zx+5c;*0!O10>k`Xr505^sq75}Xg*qK?3}v@0J*Me$!TegcrGzb0Uh4e5p^j8^@?;<
zZv)IYzMkyLs+AS3aS*;=0gc1mH)q>{D5X|`9ilr3*Z^z9rM$-@@#n!@V7dIx%9DWc
zXSs2NrW8lli0}uRn2JLjB!70O)gN`QgKSa*n03Y%!ECCv8E{qy_xwzJ;s_&ixcIt{
z@`QC;0y+Wuo};`=I*!etF{|5kSA~%g{|uFW9&(#Yr1P)#FMI{QqTTEwZ$4kXieq6Q
zS}lq2!0r_<@Qno%?tjJ^Ive2yuY;{c%L2Bh;^?JRrpHm>etCVzmk%Xt0Cn4BGrKK2
z3;<@;hAyI_1A@>rE`RQx6y!17F;GKz-Ta71-$5j;9y)VPgNrT$b|wfgig3nm`j+Y=
z*=nR@--cb+>s<)gO`%Vcu-bDc91GZt!i434>+|xEf$py5_-|{CKJM%7jP1^6jRH_7
zRL5}ni@$^3C+a_70io&6LFsaJacCHDfP!Qi#R_x1J`b+qJ$vYR@ciQ<C|(OMM_9~2
zaF2Jc$#k&u!-c@&=NIHjMob~m{~+kF^_tso+Wdptt*&!c3!blm0N%0N!oc4n$QvBs
z4tr&T{ocnivUWKnr-h+Pm=I+PwkgSiiWpa~Nx}`KQ?D$;Ag1cV(CC%mA3a<0Lc-Ja
zb{`&mLXcMf@CzN^n`vj}eEaGjz^lg9KjEW&B}viS+S(3l*o495|H1XRESkLm(6rL;
z&%c@4cQCkG9Pm4b+%yIQI(^h{0kWxl-m0|lc}W3BI<LwZTT#Z1SJdza-Af^hP}vu~
zNU%<@6k?1TX0Fv9@$_MF4FMD%tkJY{?+p6~#9Za=HIOQIiVTz0hFh?gYqRKTI$FYq
zIi*@gR1ZR5PMcX&mJ(pgsy;p@=lggI4ZUyOjyrhbs=s#{)=Gy43PhSIK!no9L5*eH
zk^=9i2Vu-1Y;Lg5rzp%XZKOynm=^tQU-i?TDVZ&H2oz&LK+sRI<e7|GM5B(8_E&8<
zC=xD?nN9jC%<HSYT|4>9z<mE_LKVJjlkzeAj)x%12?Z+6bdDA0iE)^FI4;5=Ob3D*
zG8=+}ssZU6oD3gZtaBC5x5a>WoaFdEZZK=(+_JC5M0>N4U@e^-5MWj&cr}1zM28iN
zSHAUV#$|H|8^ib;8}Ece`KP^9p3dGPy_JRL1EnvV%s)OHx}apdVO1<?3%u*181K%g
zL_~R>1%C@(1^5)Uf)G2_(*+d~oe!+d(u=;AeRew?%68~amIS^lwnr!r+`Q1&<}dGP
zoL-`bl0g%TxxmcR_{>HFNL=(So%>?GZmIW2#yjFSG;nYEE*ZR!Fs|L+SM%WMPFQ{+
z=FlGkO)wl#kY$?B8;sjxtZvL&O-4PYZOHYd*yqhXaY?NkXb~v<c?u>IYy9`nGG%Eu
zKCRk9jw6~mi$;-tENl)^Ma>H89Do}U&~7v#06@E@>XHdxl_F_zBi-ya7;$-kQvufe
zBe4svPxt;&l46sy1E_lyjV#u-#8!hHFgXqcjNCiLhH6qFUu#?L&w&cT8{k%IvdTr2
z4S@%yUFx(WICPl*y?(wRb;neu65k=)Zc3ic8Cb3w22TSSFWyFB6(zjhk^uV9sY@ka
zLFj4G7Df+PD$4=QQ6&cw+*EQB6!@jvHP!#{J}mb*Nm<ZnnuR>lGx>QDsQJm-Ci3ce
zGS_m~5A400kbWG|eafep2gf^|oFH##B(D1N|0sYF+uENjd`;zv&T>OCN%!}fM`nbK
z9TNQ2ZJk+I#v0tFw|<BZ@5$hZ-1VQ7*w@PWgM}gFA(40P@+pIi4&lU#lZ|;3y?3<Q
znot5zZ2YlZi@9f1Wa`?uC8zID{RdaxYyUt)xCH*VW{(gdMj_m%G3H0@{-HWeWZ!&I
z4tOepPoVm9A}JVgDc7f+5HUmWfO`Rrj&y)lrzcRbzrk8Naw}HTjz)1XJezu`$Vtex
z|5oA<yC#AUg+)`8%KE)~j={h_ak)=-3ZjzT*h=TO{@)07xaD1;4%=;bEc2$a%UQ)o
z^d&r^Fxn1knUNzM<NJqZsp)uY9xV_Kda?wyz3E*AP5=%Lu_)-_|Nl|6fF`-Vs=7|%
z5B>|Lb;WNSbqd=OfsAkoXFMjvU7X*~u9!a9qDIAd<7+`Yn+a4Nf>4&AsIl)h@t1BT
z%QtrabSU%-F?maL@+AZI$#~SppXm3Mv0+-mR@wPd)ALD~P_RX|a=raX_35sMOk-(e
zQW>#q{Kkhu>Zpk^j*Db1iK7F5pu+V_FO9@pa1h_@d<J1fUn6bV(g^>$$`Yq^>xQTu
zVuE{8mCn|PKV=LyL|sR;5{C$R_lFyLeaEe?*5g&yq#9kFs%Kytdgg~l?c?`vU`$#)
z3a(z2ZGV-H7Eo`02VT_BN}I$zpBQ%aIs@XELixCr?NZY54=0Q~X6HRLvK-{?P(Ldj
z;rR6=OJMru#!()pDy|jnF{eQDIg;x{qz~4pUSrQE(09Q7y&EZ43!yaAChdHq(()6E
z&W9mdBd2m+;0h}QvX?s?UHDC@v@e{<jF2QZ-=_us3*x9zbnU1I8wVxS19R~BA)c!`
z&(|2G)_a>N<@MHcAMmvj7M%$xmq+yB8G_qzb`bA4A$Em&01hDe#a#?|7YLpjs1YFG
ziFCjr)ZrJqZVPnfaxNPGSw{F_F_i?L2&TKCM@d6sr`$rbu4;5FN3w9NA?Y!s^ePax
zxVfM|1OTzAt6>#mYz4B6sPw{##l5&YUYDWQCQ3uvvy6cE;66Bckp-HoclkGLB5Z>B
zMf$hNL7CPYRC=U-?Psp|c{}u2Ta-a17Q(!qFP>Dciq~~@AN|?C!<yB_u7rnPQKSzu
z4(|au|3Fg8YhwX1!{D}qwpA;xe@ci{Vt&*O-_#aRPt8&Sp8f?}I`BQ;c2!H~Q?Orl
z)X!BM)vTWq{pH{VrO1Jy&j1(InAzk4!?}Dx0-j=`ekluEAH<dnGn=>je64UHc>T3S
zR(&+3$g}4V;M<8fzb|C$>;Dllu-0ZGKZOqIh)~t+hJ3bCjy6WZK^vJHS};{83a!nu
zS=VnAU`g_LFoy{YG`zOvm5Rr?5_}E(LZFaX8g4Uv_#1>%U}uZ<u&Nwd@mo4s@XXlP
zjKbM4$cvcf2k(}!pO+*|@OEv4(*jLJel-hq##vdM&xc-_)QuB?+~{1=2#g4Qb+(Pc
zc0I4*V$&(;(@Li0Bd~Jpv{r>1i^cC&Ok5;Fg%z(ex=(AQNsS|VzH^*hkJnI=Ls`Q?
zb&XgXWx^U?_qznBPk^qua{YD%1V-dnyNS#YT6Y7MpES~9iJ%x+w}h^4O#R-9V{M^1
z^{T)Bd%5hcR;%k<l7-N1D$U;z1TUwJlgEGMJu9}_xkc^V)TlPqmIg$}_=yGh05sLg
z(5b{CWe!_eZ!Eabr56l(NB+{BQu`s&jj6rZqao7+2<AQ_h2Rkpx<x9GjvjHK&UR!1
zQk=8SC?HOnimIt?My|(|p`--3f8b4=GHl`@G0nonXxcL`2irm5uq*kJH`Il`9()bg
zoX|ufC}T_kIo;iDKmxC#zH4U#v3X!R_KfB_uG*+G4N8ViAGHG~PO`>a<$~F?aXFL^
zW0|pvfw@FTU$Rl@p<fr?l8oW!drNZ&BbB`ZVUeu}97Qf_x)=|Hu8E%)11Tu2mY^Dv
zhDYo6KjEH%26W<(&C`3kEeJTsoov(I_XLdi;J{Cq5^9tb%*g0)A(|#COVb#1GA&X_
zCgvtcN0icVPqt2jWd7Ab6nsUua}5?uDoOAuiYJ!9`nk*ix`kx{8Xe60l6Y?El)dUi
zMT@*Juod@3oIm%Pl=+y|4qkt2_6DUEe;B4t9#-sJOOie0qieucOL)8@6|$M-1I;-C
z`9KzhfjjHNGb!<$M&ufkekT$qj4*_;6U}@G|LR$`TY#P?t4}#`z}VwD&+GG-KfXck
z{!TRfkkR;7w8QXCh+78SFr?es@oSmZIgO2HK@4-97kPrbN2T|a*gu*#)_p}Zb@nn#
z2qEKfl1}(AH0ph?+Ea?}HpiPTgfz?j^p9Jd4^+z&!0FuyNDuaGkFZkSLUB}Gfj!Xq
z<X2?ezmYt~!nkX|vocZ{=cR=H(J_Zj47n_&wc}!;x8LE-in;9B1Dau3S5wG>rz=Q}
z!z16Y6K7o_D>_(Q22PrkFJU9iK4Zhgs;;$wpWJ0~F6PCkZ#g~LJ`sKPM!&4vx_wI+
z&OsgHn=|{~3*po=hh_6Bj@lPIT|jz`6a4i*!^CmWXbRVxOe)V#0T;C>%MZxTiXW^3
zpEv9C@$uiJ2HLvp46NIg+%6aPS$_Tvv{`gHhc8}HQ|fAFaBDeS31L+32ALu6rnl|>
z$0bIWwK16@&J&`o>70Miqnu?y&<d%23Sx@km<g4Oe`vLT8N7^^)NcbWaeZPWX*I7J
z(zU-OUIeJ2wb`)s+O#(Pp?kK0um@qodoS)&EtsR<yf!52W=hx&8m1KsC=4807^kZs
zre--np@vKulB8b_M_&lI7ssCO&);c|>zqO(8qZ2|Ty#s4bmj?m`vWhjURPvKz`KN?
z;z;@LPLSAYxa(qEUr08)pv6OC<XGH)_=%xLnfOHfqcT`frx;y*o#xK};0<^<o|?U_
zJQzMiRu&YJXc}Q9{eqVS?z4urSEM`RNesC?Wook1b3P37Pt?04e-JY>d#dn(L(+?x
zaJA$I3AYc;Ho;XC@VvQWw6h{0=3c!Y7<lm4Vho$Wu;OW5M#!w;=ort;=vuxBYgAT&
zd<e|wT^hKD)dflWXCKuFbWPKpvb*ocR$(M&7?mGLq<W2zmv|es?w#-v=p+~~#p_6h
z=YV=gWjofF?KmBZ>+{Y@gtjzAxoaZ32sJz$a#^-eTebA(w)7l+TdwRKzfk2qN7qjl
zXkUmLfX*Ilv6B6wJ=40t5o`UD8}4c?;t7?yCf<QL=H|Opqb6Tm8urX3rvi~?S<s3s
z>_AqT6XRY<6D64{e~QB!%P#yt6o|COJSHnge^)>c=^MC;MM_(@OP)^mWCN$RVp2IU
z0EnwtDowMeOub&7L<`&=4lI=DI>`3iG%PeZzn}Zp$Un3UF_R3JRGr6Ob{N(ajDlaw
zw;kJ$1)>!OStu`NG-)EDu{|Qplvpsh54W*VK0A_!>1kG8cZM?I!6;eKnv;Irak3mr
zl6wr66?Q@m9W{EI84cB-_2h@whH?ZGU$ovMn1qq6=cn}y)JK~69e{G5FN~vagbEUL
zF<jgJkH>^9ZS0{yc>za>&i(~?@QaB0HkyZ_quyjzmo43uQM#|<oY7FU-HuHM!heou
ztS5F;?EW~LoIp=Km3%*t?0FgV+L)lGBm2ICv)Y;d`y*^OExhoOzYMiz5;!WrdvR0E
zu9Q3X7~X#UQ^3t-QgB1?o#C`^a3w|?fIeut3?+$KpSd40C26<uKR4%A;5c~tTLX64
zLzj%;2KQ9RnLKlrP*XE~5(z6v`Q&nLI;;Uk<$d<^P4VNp1TZdbU7*9I$7{?nJX++{
zSY-h^(u`5X9`~%-9pV?oVQ}5!WjzEdA<>hM{`ko2&v;cn7;vn?z}zJZdkZ)=rJ_Of
z{R)^?44TS?S&-w9z2+ob6fHH@RU8DFC@+X2ECo8j_m$tfEkYB+tP$D^+~T%!zu^uv
zcZPo)Y`>^7g#AYkeZ1J>`154mz#Gg95TtVXzJJ~BI)+IV7Z5qepZHPf!C+J6VbTCG
z^iLD+?$`c?I_0EzyIF>Ak<9z1kxC9I+0*^e-Gg{sq3z|YBeZiXEE8lRh15HT<nj%g
zd%P*Md|p<$h~RZuUIkHsgI4VD=X5Q_?4c?g=?(~Ld}#S+ULevG6z#YYnT56M0TxVT
zUTx&H5u~QX6Y6}NXjC~_oXB%%*+1IAM=WS|;s;m4#O~IR7ZvEYrfA!re589Nr=H6&
z#cL>u#Pg?`FCXLTVmGlb3k=gbvw<<?u)wT!2+*AM;Pdz&NWx(Q+C@w)Knt=r{4Yx^
zcHk&hM<?2=WZ0E||KWr)iJSwk<0GwCb3KZ?+ex3Ch2$6ej`KXL*Oroag7xu@F+`Tm
zIG6Kd_5qM6FR|kJ?}$Zi@=dQkBZsL+AV`E6;MtL2l^-uL^+M8T%qApEjBID>c_l4g
zO9Lk-#<s)#vmFNq0?Abnj7H=tav1Phui+@hf68(nopMGS6Es_-g7Z~tN3R9a{liVy
zn_*e$B90d=_xKX`oo60me^DdnxsQYr{!mGxy-Jbyx}6NzZ07qQ8rYy*P9i&3db=o9
z+XiCPyf9Ni(OxCBru3%XYYue1sUYx2{aH_7W0tO9T1w^Hk_S&v@{=T^sZ=xfdjRZB
zNO2cqTN1WwMAzc7UWxw~GFV=hH*BKNM~0&3l#$GT^73bzJvsS=KzM$y&lZ^)WS5=%
zrn}nvEHflLlodO#zuY<BHV{<1L=xqtpr)IIMXdrtweAT5`JM+JiM9mU^VlvvrWyTE
zN&CYr`fvL}o=y~*EsV?C8pyLo2g0ZAMDi~7!3bv`NnUN2oQw*Q?f^3pcNnl8euN^W
z+!sb?s0S^rK}T-UAzK&=m;pqh96S*Z%wVpqK-<#u@%vNQk5cO&p7QO{da$YZ5X6$t
zq}$y&q2@&Cw-x_8c}^p%FIZ0Y3hvZ0wFud?^<W*e-DxVMFos*C?80LV5lDo4G)Yfe
z)5I0~Uin&oW|A=*SYH<Q+8kkMROzQFNSSq5QDNU>@l^GkmU|MdYo(0R<_<B{R>SH0
zD|h2p+>-8O=4LFq0Xb6?-nZv2v&t{AHhLOU$0My09(G&5k=1gCL94`T49?}Jg?<||
zPX-GWVG(b-_-K_AXZXqlHj=#Os7-cNa=~jLUEci9pWb&YbFNq6@UFWBTB8cSF7IoB
z6Qz=mgxW?T^xPqaJ7fsCCLR#nJ%tQr8N?J2Q@Fv7HaoN^lQZeIzyd^ky%GI0<LM}3
z*#E;R@E&~@1;#J|yZNudjfJ~(U~g0ys<ma<?O-@v0E$fKseiq~<E~9v14er_BXqpc
zKrMLYuYantV?@r})lbEISw-&9`K(GaFvZw9yGIDK?H@uY8<WVw<o~A^Vcd0kAIew+
z`)2Z?z7NL-NXmy4mbNsa?RVMc>I&rTTWN*qE_e(DO|xAJGK;&6>o|6n-WEkcc^IRH
z>jH&kx)$u?4-Kvfo_Y<++x8sOQO=9?5t?DAbSe}S8Jntu+DMN~_O?DwvPb+MGLbQB
z;W`G53Gpkj_a>IO-cI5z*+=z3>Tc!}OpRQHcn>a1(Yq}=JX{}9EvJg%fIlk)zK*~C
z1-{Wmn^b_pg!>mEj#uiUQEJ=KaBiT7#ryu;4|_Wvu>(XM;%~LV5n5Mv4zvRGbX*e|
z7N7#;+co|#W=S7c39>{XxDdZ5-`tf#{Ey6qMdwxpk3jOHfhsA8_6q&QM;o^CnG3|1
zhs5<-(x`cC2UA~QCDy+;*#mm03AnpzAkDGqLKva!P}tS)1|j{ksN1e;O)wzDuF-)^
zwq0yOtRojR);fX>EJu56TSoT%U8m9&Ds5Q10-d7%xS@mz4Q(LY_VhbG`r5|m&^$<!
z9KNu+3YxA=;}Tl5Ea8@atvCJk;Q|({GuraGY5=!sXw9Ag2!-}5g-~^{og%#tCc-(R
zvV#5De9y1#`Jw?vtx`qJp+~O`6}xY}WchMu-gO^(-7Sb}g{MDmQ6o&Q$MjYYCxqJ<
zShPHNy?52KnDe6K58}hNK{r2)JW4Il^hI<Dg+T^|$vI@)=0IqZX;83&Bv8c3ZY|hz
zEWzxKp`SwbmH;mdpEfLJ1X-8PB~ayw&FbT2@ea=(I;ei}A1|0AymIy}yq8A+CKk@f
z{rNCvqybT`*AWh<K>)Z?S+0MMZN?Z_Ubo2)TB6ebl6Y<?+A58}8qjOb%K;sd_Ca_z
z(0(t&6l^4{mAj2S{|YyoZHaWH1~Ei9Mw~Kyur!REG>)O5hq3qFG^bz_6@y^_(hH}g
zIfz){`r*Y#?G)|0&14<>={{lpsZ+HIy5Mw>R}^*4<r^$$p@52+Nr$~zR_N>F@u@ip
zg+h;eSDD~OO>J<!kdgI4g1pAQSX+2s&9;6N4mN!E*Belvy|BBzVooI4o3O9%x6nLm
zWk?JHjP3;26^9F6?wZAVI5PRiI|K%rKmJlc8OHUP4TpOnaT@ld+jE*{^lg?@(2g&(
zYaQk(+g+euqF&M|L~n_mq9MBNV8T(>duPB(BKjzQLIKVTTbuLbcoFubH9gqA_hfpV
z^u7;%L(@!p(LvPsGXdg;2%*p{{(k~<%R@=oN$gxKxb2;n@F<x=Grl!mNgI2Fl?3&}
zcezi2+RPnBnZ3unu{$J*Ffmho%S%HDKk{K^uNC(^#|<@>9mSn(WMpGXe|n>d`Xv}u
z^S{9Ak3%h7+6c+HWG>z8he7fl7T2jQBGJG4!EK0pW>5h7)}CW7T!2D9XHsmjz3~hc
zf+!94xOo>Yu-K@Dexsz`i3m+6l1Oos>eU~$zm4&)3Kq=HR<Lf?I#2<~-zPw1`taOj
z8EmDrZ4aw!dCFoaOJ32#8BLYevYJM6Rn{iaxtq66Y{oJ%WUw0sh>Lh#A7E@TO#)Z?
z^zj%W4Ik*;@5L3MO9)PtlH|$iN=XbR8%)h8CuB3zYVTl957^qWO*gS_(Dtf}<MGW9
zj_ZQ1NGFQ7`V=ePV~3_+0nI|~OMiy!h>b*sJ=>t_cSiT*g5{)FvSW*mX@Sdf-}07^
zo9Bd1UH7P@=ToR?SD_E0X~)^tUop7$fP3tTP1MVL8cjn?X1^pzkr(GFkmX+~UF8Z}
z&~urdG;$9vf2RvUX3sZcEexm4@b^oMu{r-%Npo7Ow$F&JU=l{gXpCJUpxwgSm#A`n
z0X_lI10ycV(=-wxEgMpkAClI%>yldt;)H)j+uevaMb+ImMD;~SzI^%l5>p$^z#MkN
zmu_sRznyL{+Vi={s7d~q=s}FouZKE+wMp@xuk^v$=K;oX-gP0a0?OCcxL{9I9w9s-
zpw3am+w{$fsLGecve`o$w~;xC<~L%IKbip@@bTzQ`%u#4re5Fqf>hKa`Dz(OW}FDC
z(uxcv=6&C#Du{)>MMKR&3py^_7C`hC01aq>0SbA58OO=+-?1i@=wI-Eqi&=VVq%<8
z(|Y+fWIint1`V=i=@6Joo;lkFz_LvWbN^(fbsPLut7_M`1dQVh#GdTt%Jwr{{2Kdd
zY#W&rg7<C^&=2%Lk@msNnC>pk)NXL{odzcrmm#=%jL#uk=t%YdrUHQ1i<!_jM8vAv
zhS$`lE~fH*{hT>rRWr(4#7|W<l4uLgUhb>f_t`LwSO(u7%F$oZDiJ3VWu8f~mu}Gn
zV)gG`BYh*LoERwC^117yAVCVg(86i0YR|0X?zHB3nvrbGvpY{8{e%tW`*j{tms<f}
z*(?Xz>RdCTFIJw}0`cj~lkog8&n|vATG+Q?==FK12DS&N3U=*sv8P+Y`d_wQ+n$|L
z48GN`<#eM10h~29S8X`bIZNzWeS73I^g@Vvox}Lqz5!c%fesx+_AI<n1zF%W_<+p{
zQX^PV7}js1H^L$(kZzHYwCm#+i#v1)cYc<QS^Hci9&$3h#Xx8N6`I0d36)QU$XE*!
z;R3>$tZ5K+wm#`>2!0(%00#|9uyV31a$D%p<tRpLOXFulM2J?Hn$4qw$iaM*uVcCK
zLOS>Wdgj*a_nXMPZd^(4L}G9zmkb@Rk6?A6a$YfZdc)JB@C#iezo4vb#{M8D9M-p1
z11uV~fup$b9dL2ezK_6Ka|}aTLc<yZv{Cp$G;K;G-kc|!*#AKkEZ4CqN1~9o#bnaT
z<BS~K9-m^BN{E`ss6rrItRo~LUef1T3k1E@g&&n%uy#Ja*dfs89$jir@?f$`Mkq&#
zG7BfL$ORERICFR@K<)=kHo<d3!?u{DWQ&^Y+l*66Z%THfszqOe)JJeR7*baInvk^H
zorTQv?=ryO3|qDoHb}pZSZw+6R)v|U;BbBdgK(@G6!xnhg<i^j(Hm%b?*2WA6SoB`
z(p(>iIwdaPQN#Pp&02&bBN+Hwkesk!;`l6HXH`;IrMr%Wx;fvf&EWTpHIw^}AK94C
z@;sv$!(HSv9{8MhWEedDGT)e%NNs4%LHN*yW?v@HDL#T0mTF;6!4%Ono}$G-3Z5e-
zj(bWE+p`l7)rbRqEkli%I7?Z>fY|@Kj9}$i=XaQvlJXSIg;MIcp5ndvtxy7&JCAIC
zKz)FIcv+?OKd2gBz!iVqPm|+?wbhp3I|^+jI|4pz43>YxeCX0$NsC(WRawkrC5OkV
zjwXW3Eeib=F82UN>lx?pu-I7d%jw7wNbLIZ+R?bxt?5MLx-9YtB)s58<a|*V|F>bO
z2c6d3mAYMlmtT-T4I@q5LhfMkfS6DwmmIm{`pFO<H*1r6BptCz=7hXd=dw*`eo-&7
z<Hd`NvRNM;`s&*Ml*~O)(5`qCNuK**i~IyP@ulKPe<_E~`Izpk2n7n;w9w^4&YGch
zPs;7*n~X!QtRT5Q$!8xM8UD`Qqgf$!hVjbc2dJo}c!7QE4iXjOV)RO?pi5s=3tPsb
zCY7U09g+21Of&`DFTbE3(lw4pqqlhEuNX(ocyih0cmuZLzhZJVXB%SiNcb6<I~aSN
zGV-{xh%o6w*uUpAWArxD+z6jE?h4>J)TW=WkZu~ZZb^VCqA}tMT!!cmiI7Ro#KM!1
zRX3F^@Yu4v;c?9T8;vFRl`8Or<zcxQV`YnJ9aJf+4AdqTd(d7b7T6<Lu2v_N#JIZ6
z|G5Lh-mJegtyAU${W%mqs2IZhG<0}k7p9+#fc5(Yt{WB_74A!T0Z<0Ho^cytUcc^(
zz;(PH`&$#4L#|+tVHK1Jy-?9%m_ge5O(OW%x4CjYr)8}YZr0=LI%IJ_#Xy>Wxcwe=
zeSBZkotLn%+H-KBliWVy2$IFL!*%m38d#PE5A!3ZFB6)71Sn*TF!Z%8k}-J2SwQ}7
z0I#=lCDS7xnl-d5Zw>Yl8=6dkh;Zr*FUH^|UkwzAUpP<BlZMA!dVknk^gb8T?lop)
z%!T93ao4cK*EJe1%=xf{*mu7T8)wq!uu*Dh|Nixf!mU+n)@U6*qJliVbygT(hr@Nt
zLwNpA)NwPDEAiA}@1;UNyr(eB9O(oqukTkm<$x842+l`?__>Sk(T9&07o{^ap~Mvc
zfJ!%in!(H)2b3Hn{p;n|$)(Aclod?2H=4Yh!#%-Mg82P=muwT3OPlm8gFp1~=T2_N
z%l!>wnyU$6&BfMd-@`rCE8Ve}YwwFx5Ju8x@GM%*s*h@)M{rp_D&F8`Kv+>RPtl5J
zX7ucj%SQQ58<kT1#Ju-d4on<aQ39I@P}TMvek3T%ceM8$*ASm&1l>h`c!2H3_v9S#
z(JD3|_P8Ed7(R!x=jw{$D4k9Mmv%d)*CNYH+Zm0b!z?RMEP|*|SY?Z$F3$}9GqO_}
z7{=CIy@8VPu2^yNYn;0JE0`=(A#R{2R9)pNU=){*el!VrE3dgzA2C1j8t-;H;nFVB
z3~J3DxlncPEv}g|`u!JZ6#h3@v92KV4`fvGNCknD2R{ksd(Y?-{FgTSy<+wso}_RJ
zeV68OYd?gRY-^Sw@Ajyqhh|-}Zp^UsnCQh?cI2cqPIE0nXuX=&=3!}Hie)w18Lmtv
zzJmq?Cu5wytt%dV%-U+93bC=0MA3Opx{7^jxu8{C29sTU$c3*DhRze4gjdBnnnMLR
zx`RZ0;U@q=r1|ukkU?l~x8i86%JmlJFFP(4YIOSQO0B`big{rQ5TgH7k?6TIpsx}u
zykZ9RSD}eE{1Y#>;^!=2DRAwFAO7siSZ=qe=xMerjO)+iB&2ziMc;3o;55tBn1e+X
z@9O+JK6g*Q&4ap+WD{66vje(2_b#_=U{Ifz9d4dPpO-aN|2$RLB_B=z*z9?r>_t0I
zJu%=|*Ect?0bK%GtOSX3SKFXE%(Lk#N3gEuz7rtwp6%43lE5PjIdEsw97ZxAwqpnb
zSJ0U(@@lJ0NazHZ_bn8^JU251GfRsYBJ4f6T<MjYl{jKWrb?KpJKwr8u0dEs*(*j)
zAkUM8fo_l%lB93idw$S(PMbPAFtig##Fu3r+DS%892P+s%owtR1<4|NMHs>U(4q{w
zm=}lLndLZoqd4s;8u(&b3GXV=v#7nH2DCTo#40DW&Rm0IBqG9uo~;Gmkon0Y6h+~&
zR2v1~z<%A1I|76(sFhRT6r~agIe9KE?UAih47-MWbPH4ACtKVJM>BR$nLT}waJ%SF
zI#Cr8kN`XcNHA8V8v8ORbiOmW<Of4aaqJ_M^yq%Z7AO_mWsBNhd8JX=GrG((LO!^G
zk=Aw`W%IYIDnR;B8CD?Fr<|&pd;N=#wnD!jL567e)SjL?M62#b@l@1wPy4Nbp`d)F
zqgd#9Vz_D%ksQ~{Z}xeQaWr9gkhyU|AIte%1=NofRe5>ZttfjANZ{n8PI~wPwN~{o
zEOYKvRG!~-&_CfgN;z#g+zMT?CyKEJar#2uFV61{z}9{9Cz7YnH6r%4ClGJ$`7Bl<
zt4X`-g5?2tKJZd`HrZ0vziVkr^$te8`S5we&G}&iivMWdZdApyPHRUO%7t0YZNDx6
z5=&3Yx|mt<%$b4qxNq&(U9IXHcjnAX&l`?K1DHip$vcDoX)sQZY3K0o^Pa;sT8T1x
zI0ID^vd32-CR-bzUrM452NM*7xF_PUITzZ$(RkTwt}8!dCG+x-`(XVVxJC*Y<QZO~
zN=v_Jv%OwSmvb-(;ta4YZi&Zr-IG-u2oph5CKf%|d71WzSm~)r3-<Iy_s?={U@bry
z_6j+}Mt@aJo8~9kBg6K>h-2nz$>KF_mmrv|Z5k)+S+rgPH7QK@B%EP??Z`zU9Ih(>
z`Q(S{k;w#i&k2&h2V$LLv0mjk54xPTMhT9DjqN4jWZ%djDsR(|m+6SX3V%VT{_o+H
zG_hpJH`js)LwbbX-ym~AiSotgvy3DVS+MvW&<2Ye1YI0%K>SqGwZG9Od^sCj890O9
z%OxhIX{bVQD{b6bc1ND}aKJEB>#Yv@$yjBZFf7gsggesLeaa|2GJ6L7BPz*B_QeWv
zE3%_$r1S0Wl2N8Q$Xpyh3AHyb`S>b{r}y}GZ~>b79x=)ak<}R!DTcJ)8Pi|xm8<kM
zwHc(fY7{@N1E-rrt`MQ?F!c#ge>a`>NRUN}tfkz7HhvdzBDNJLr8bOE$cMRcU_I~5
zZS-5VTeSFBlN=<e0Z2U_$BX@Z%-`9K4R8h`w6_BmD9*)X@Ys&%`3m>gODB2hDX919
z*+B;EFln*Oc3@^Yh)h%nbH-@CRfUFWcH7i>{-dbwxwtxCn01AAZ)dc+x=C{>0dn&|
zcz0VM`m{%dw=w4VdN{yGdhPQSggGU_FRsY4mu1Xgi~;2lhKl45sI}di-au&{xoHFH
zax6wwyIIZoI*GsE>6cUI=b1&JPIw&=4jJy>3R?`f>;Yr~1rjKGFMv>EhlGzx9eT@z
zkv_gRM2HDevIbf)205%jG8^=FEM<bv!M1HjQlhYH@+vKw`)&?zS*Az+P27S&lGnuE
z68;s9<*=fdj1xwEkvi#iqd6K+W1CY@RdMkFjp4e!nvkAFPfORypTAY=^R4(;+;l`#
zqI7Ncx?6j5nKw*LkK7s9l|3EWaGg?FW%U~x=XP7pXpY$cFBxQn)ox53hVvv{ShA}w
zO8*UPhuKARGF<xdx@e=NE4HF&$C}grMEH?UbEfXds{8br^4af)gCoNgiH_e!K&ywU
zb=m6{-a#f*??fE^<DIgi{7NRH0-2UZmGC;FJrd0lt^xfu(n)hVi14@cjh11@%>w*(
z3M!E0aB9H}uID+{+vW10fq?)aj_n}zU->Y68A0AbsTlko-J!@Y>7U?n@<{*+jbN2r
zKGUP)AUr-)gGUv1XYkPnPuGioouw;be||yf=ee{8;?b==cm<_M2{D$<#75EG@R0K^
z)HFxkCy4%1h#k#0&;1(nhlWuBYJs2yojl6Z;kHy}a8Db+Q`UjX0_hx98R$1Sitrdy
zNfvQcBIuV2Cva`xyzT+K+G>XyXIXlWPN;|WG&VNqS1i=V(n@F`S=gK2)Q1z}W8v7K
zUP+ABY}oFWxfwaT|G;U*<2z8-7NRtAIp$8s3oZfS&O`^XP3pYF9@HPb%JEhXyn~Ts
z(6Kf^6r%qZ>s1Hz-37*yL=G;}#LP~M{F{Io9TL);4OEoZ@dF^fips0V=j;&)i6q*v
zE7-ss%3Z#o0`iahyr2a1r-WY4VFvH%8AL5~jLvBDjRS9-n?hfuJ8nYB@gn8F=KeRS
zk<_vnv6{%>2K}ItpIRNA+%>~%nlxfwDi_m~2h&h~`aRlugZX(JD-%@%NOdAV;`|Z@
zELr8RueMx3g6bFy!mBgLdM7m9Y*^^Et<$-AG6e7?F!|Sa0YF4ml?1lZeSqZ=hX%cR
z_o9NN(X#9m;|oDrf94^=6Pd<-ZpeZewU!VYx$)thQKIoKNA{M<a!xhOP;F2Xncy^x
zIB(ChnZ|@QPz5F=GNX(y-<9x<%Q@aacQ)mp(@ck@(}f44oAnrha=*^r0gf7@-$4u8
z-z9L<_7;lNpf$i@ZJa&>DNv9Vgz>-<=#@0==b+M&kwTijLR*Y5Ja0eEO%l@>9QuIY
ze+Lvrb<C0U*`0qV(Ryz*U5`<pV(FR+8H?ChX@77yl02EKt~&2qoxw#-AZ<L{>dre~
zSsU}vO7xlZDYrQ-TMstrcRMIQ)9|m9E+_=OAK`HyMgS4w^D8o`zG~y`a9i*NVv|$5
zuc@cA+_)tuHpMM28ac<J^e-kHN;)-DSEa`fKZv~FMv=A>cAv0_r6Kj|Dw0s)R|ft`
z&R0r`*^G&HPjHc!TE@n~rY^?NtCh3qBqIxb`5I6U7j~>Tfz&CX+JKfjX=FdEJp}1s
z9`?&>mwX}zHFJM0_Cq}LL>N~Y|Lx>~y2;Uw{}VvhnZz2cu30nW@b36K^EUQ*h4H-c
zk?R_G6g41Q{G*jE(ocnwx^SVsvz|d!Ek88?$RXAoy+~i=H(oUu#d{skpSAkT8sRt|
z^BqJOC+bT`A2x^Z1#%gYMcTA>@&fK&sN$jX!Jj4SUIWY_F9K3nJGOX?aFW%$j{5)<
zY|42V2F}bkI<t?z-mV(!U-5+HsmRL&c%*JQkm5G%VG>{aeWM??k%HB!>G*uzCC9Qu
zPeykoKdQvB@<CbY&h4N$s880jpfO&76@iAj)Nyyj_lN*%hB*-Rg+o4Ez{$9eQDfXP
z$M9*t`D~h(k#>AF>z;(WqmOfcpRA!W@!}e|E^YIr*UT4#5>DUO&}Q`@OLlF4u<5M_
z8`l@Eo5sj(&@cJ*9a$t`UWE4Sme{(576)TY0FnC$B621@kEh3DdSY*Q7UPx9vrv!e
zzC7NY+?LrQr(7tkX*R7>A65$ob(J)<bq8+4EQHpHSo-;t0_=7>s|q}&R8kEGu{s&u
zfVqP;g~?qP&qt$JMXJR{tEr0e*z)5WiuP1>u)EZ9fkz5L#78x|*BMAv#GJ1H@=C83
z+iYz{ti5|m*0Dy;)+K?JW$ZK4H?OAR9SV8SiKR9Si_;YN%5TCXbMyC51M)*|7gtDn
z^3t`;Cp7ssRzzQqVX5xe0I7UDHCITG&>T9Q<pJ@91L0muutPi+MfdQm$O)Lq5f9u5
zYp8&PTamIDoIm(=jis|;FP1Xiyr~=zn3;{}p%<1P1pPGe-@!T)95l<_w>#Tb7<^?l
zM54pYnmU7<{e`uKIl!7N$zoN*=j?G}u6=mh%CfDix=@0B4@Erkuk7>=wtB+rb9uSC
z+ya?bb8a3Jbl(2jj~8^K?gxDZcfhQ?#}xgzY+SxwWmn%9_)8N-AXqc^EaDU)pa7f-
zl&6hL<!b&zNIYL2(uJFQMiaE<{|cfEPFl@<b204iKU}!8qW}Og+boGg`yYq&N<lWF
z4bP?WZ2QaIOTZ@jnjX0G!Y-G>_Ni-btxBU|BcmjL=l(THV;)o-fV17yH#1HIy-v`C
zQANSgycjF2-h0Zw5>mCuJd|1R%d1kSiz&k)s)JI2Q6FB<h$)BjN^VD~Cl4Kq;y&D4
zBP#7CS>h@wW}@R^2}a(>7n%|z?kA=_ecc`@JyBLgN$NN0UcDcf%k7SDZu5PWivIqh
z)2LU2B;p`N$%)aNt+=<M0H8LPHhUf*2!(c)!rpwb+|`;+kUNla6L2q0nof@MmDEhd
z8MsfhrmP&qAP>Pv#=nc3z<g{SZ|ko*Hn47=`gO^6+5fb)f_^|X5zz8L9Lcna;&JXP
zCA;5it)`<sj$^Og6@mfPe#C008UX!%txOqW2#Y3bjv)+S92K9nYL(5a__}d$+OKz)
z9|O=*faw*|#%&tsS(Er2j|05aO=prtwY})ViI70E0Br}}3qV<G>0>WbGtf20S;Aj>
z@QbMPcsG^#dHj0=M<@c}UxRx5ZACfHp<9r&EtNB0SlO{8$o2vOuaJRF{IuXF5Z*e0
z=dNi@rZSa2dLi6olQa-R-I_co%JYaQR>_Zr;FJn308&7$zZ^{q`Wz<+x7m`xJem(N
z>Q9$J3SOSh(TJd85uceTt_P4IEpe%F=StCR9PU?yW=KO(yoyLNGNPsG<JF1t`I;uU
z;O5ley@o7M^rW*G$viUj*$j-S1)+ESj@>MI<cJW+u%Vw>B?2#$$Zt%kiJC&qWq!*N
ziJlM)NZba`y|H0eG#tkS^BR6d<JsR`nR%({Z=*q>a0%UV9CK<OPG<rdCk^0PS={Gi
zkcUJhR(seX0NS-;(=_o>q=u<Kw8(RE4SYPzx_hDDl>=f)EzM{Q=usgd3|a1km|ut=
zs=uo(&Un>k+_bpljdC*S%RzKyn}Y4ZcP}WwkEZqh``BJYabNk0S1s>52j|kjjD^1W
zFz03+=68aq-{5Cv2La5lpam*nh*xdGK<X+51)j@ub=w-RbQ1yY=2#OscF6QT2_Whm
z{Gi$F4Ff*8nO3~z_kbX1UEFsGtQX5wpxVDTgJ?o8l6!j=IhYO?A9O)qUwKx(j36lr
zrY$rbq9-KOTg9Xbwa!l4{hFM~t$?q6woQA^^*>Wvxw84bCJWPd%GlTmaK6B73?MsO
zB4*WtD;4I}<im=;%YadJX<GO4$|(%RcA3nrW_RTj-oH;&wx;iB#(MPgVX{v2j|9z@
z;b!bN?P$X<qY*<nwVvWnDCLErp#A*Md*5?2D7#7D`vpXJei|8W+V~HOx&jrddtR1j
zhykob{Bc`*nYoMqAB`JCm*)5M0<FK=q0$U#4zcGqrH2z*d3s~(s+6UtW3hq2!EL6G
z+4D@=GXMz*q|}AYm(E-YbgflR5{lfo2uI$Qk^L3>)f<z57-AdRZo;3lNib?_Aq7)F
zXgG6$&od_ZIhhA57qW<a)s1V{ZM9q9GrwPy@M9X4+ZJ@Os4GdV_&$J43psM93d{wJ
z;KBdrRbt)Jytn>R_(m2(^HoMX6r=3CW5*6FRPIcl&$&#Cp&u(H4!E6fQR!Q7VmW`G
z848^lW07<B7%&x#?kN<RvX<a;0Ed&60b%I4WE8ee$x(I`hd!Rnx5nXpm!_02AhTrN
zKKQJovy2d6TrxS%%~xr5B_neU{N$kAVvNTUC|_{2<y@$N8=tCRa9q}@ZoA6MF(P2V
zwQiRTgSUy<!-NZDo`yAm%AJLLCIC!2aR_v>QMm(ay#{8JJ{OYwJn1wJg@{$vz6QQ-
zkq4=AF=CE-KF@GlT+4F|Z4@!FM$JPpH-+>vr%b-e^2WOUZQ{rG6f17j%tu{q-%aAs
zMVh=f{4=ZPhvI{Cb!y1BuNQR|u%c8`ZB79@$2U6txtgCW7QG|56Bw^$Ea=TpQq(rC
zz#bs>EEed2Ke#)=d5b+W=&l<tx`XWK{1!{M5t0^bGe>UjjmM_mOc>v$FC)g}U=tc4
znN7187kjp(8Yq$#htM)lyOY(P$zq#uq%oY|7D4)**ozx{>qv~6)u>Whg}^AV{PBba
z*UVYW{@K*PiDKkUXw`TY0IGRr2OMf|2ni`~#yLj`@4Qdp`_pf|MMqJ{k0#@MQe&JB
zo$k47B5qG!DvtOhEv;0pdxl<J9!4!)4ltCOFE{2RV&Mh9Q~J;~32GBfwK-?{v7RRA
zb;OpM3BLY6XKJ=+<Ei(+fx&#8g&x^GFT0D7T(TAL@Yj6>xKP*>J@63YFd(6f8v@l~
zY5KO^oQelrc2)-$Mz0ik(=Em=Quh+6Opjz`5VT?~`@*85mTS45ge(lieYl%YBzVWg
zM`f*x5{z;HAJ12j3hpqx#`jJi$%8wO{2fUVureevJmUt{)Z(e9vik0H*q=MvrS^^N
zB_*!xFYU>OcWY#?eV^%%k~4U0#SK3UaJJ?VG3SQek#gRTK%8jU91c*w>_c?cX%bF$
z_&Iqlt|^qtrH0bcdL4&acX(Mwe|?_K=ZUk<7`2k(kR4~M;TY6w0#`yck*G^#jJ4-x
zR@tJ?+{8Bl4E;vRa>=ET(Fio8-Ehxv`(NGOOJ|EU0eL#S4g4#{8i-o_$SKWYWKiXI
zW|@U&Dv{R9oib9{x}^;dpi$W(8hMde?uSZ|C}Lql0rwI^?gxB-D>@@7dvAxzlu0c<
zN9E&^4_Xi1E9%D|wC5*Z<Hj#Hk+a8GdlgAenUQU#T<r^1GQr_Zwu*F71LkYyXu|w&
zQd%=S(F`ZQr7DGwH^bIs_JI~IkGrQX4s1yswr+1F^FLvG24p*pP>9PXCJEL>iO@1r
z6uXz%5*O(VM(8^EX8*rye!yL(^O>pw>p$C%U{|!>Fn$YH66eXU4G}aVxtuN*9+h9O
z@^g-IT4AJ|fst_XYqTc;R`T$liwpatXvA@5%ZCALQm}(Ag*`<n6h`lOYdt<R8#_wQ
zW2+TSsU;8+9Pb0IG#N-9f}V5u@RW^ilk=L&6sbB}%{JnPKKHD5TAZ7~MoaD{Ug}p&
zE=bGuZaIH2I`9h(n`kC(K^X5um+kk~nj?N=)qGtxaA|?0V^o=psNe=mHFl~dlt-^3
z=2NA4i<0!{8KQ#c);bD+0!eCCKySliP~j}$cI1gKEz#=XG)%NktF6Mfk1luq>LMDC
zjQ5Qkvh-bxD4~ji!W0-#vOf<GJ=&#sKSiEzA3}X2V9j9z{QWq6DEk=l-fAEUtBh-6
zk|=lU5xAv+deD40kZD}v6~y1=(ph+c>s{q2aKFxzREA?W>mBa}?)z03Xb#kq=%aIP
zK%i?U4bEz4`o{alTovK`8mOH=s0jYmlux>?0b&*#LTZtdG8#)Ng3>9}w~8DFSQ$6b
zi9W3FO=|EwrnYiVwzBV*pKc|Fz7LhfM`Q12a)5Uqe3~P99;1X+96w(}zdSeREp9FA
zv5C4+@uVMD!V6TafGrQc-mCY+B=zxc@X{^UBV;>nYs?O-F6$WZAFYH!n%VQc)=j?~
zxK1gZzlC~zimbx^*w`8JB}(G0dQv)Jpi$@6bwe-EjO687P$KK6d1QNDcy^fF;q8nT
zr-A1f=TQYR^c@VgPQRukKWUUP_#RfgblmctnZ%O2lu!p!O1mu)Q9aYcc&=A*?5~fu
zr8l}67M`y_o|0#AeP+;ao|q1E9jw;J)H;a;1JOVP(m>}13+#V!F7X3)i&?lBD=bPD
zZ_>In{0i*bA%ZqdjG~uA&vr|>DQ~cKCJE<)(XIXZZ-Vhjxu;@T1pJQE!7~NDAMvRj
zfhRiqLEQptm=q;qS9<e#`e{^Z%V!!J*I?be-jO!_WAUj$(VQkTM6X9jBg@|*pWh|u
zWv+#}aj(K8kNi6i2A?(IF;8SorKxrMw(~$CFTyW0KLRJQJ|jIS`oG3sdQ5=kUZs?r
z28CH7(weav=yW}eR(&^X`t6mOncn%EZ%|%H&jH1Uhbxh?D?<y|WjL?+Uu(FG12VEN
zm6RzvIemHc8<JvH9-h@XcT7#Pu2%}`vN(j_2eyIf#egm$CTqbya8mvJ<WRYa_kPuW
z->zJS^c*|Qmw;87p*bwz00SF?1q+e6hzS~Zq1l|w42hiG;<r)9*f+AFf(zIvE&T5A
z4li=ZetTz+v>*<6EEh0=eR|Dugn}ZAtf4aEx&&33bIq+RAY=KCtV8?IAaid#W|~UV
zy1!pCuZ}2=7ib)NFn3GSXJ$(b?)ft4UD4b#^7VN5(zba|iE#~Y2EA){nIDNnbV&SX
zo4YG-7c==GPnl-BA|0!Z!I~!N<g25?j!v#2<<7Xv{#__W#KlHoX9)1Yi)*Ya*-Z5v
zA&TvS+%H(8_vF<BYJ3Xar#6CSBI{F91T$YWQ$y^%SKe9F0pHn`5))!X31YXjas%%k
z*<jYh=&airW@OxlEmz;nHMuWwH9Fbp>k}abSUeW=%q!0B6J8NBCeGgxu&5GGs}oll
z{)KU<*u+>UhE=QRk<i~D*|W7unruRBOc-?RERhRP7O}}x)D<t-@-DskYn*n_+33n?
zwB1)t7cKmdo?5bkmF+0HbFL@89|qmSadq`1hMwalN-zs+%TU0+Th4}@Z57}JQAM+r
zHR?h0!HGe}P(L3ru{kJ$F~~~5E9vGT(sNFJYbr%2=<3B5{AP&tGE0u4pOE`&LFFra
z$LRFFJbCnW8$ATR!#E9YK%HOubd|Lz{0HLN`(U=CR~@8ZEX~eA5pKmp7WL~cN)0G>
zH8g>bN-%kj<LcBUqS7%ZP2q6&^%*TCZDguFE+wZfK{n+?c))sO88)sLZGGl)*ipZ;
z6=jP_L7|2#k(&E(Y17i|r%^{vZt{kAwr$6phF>?px`q%t5GQCTTLRloLIrrCQ*iZX
zw!TVO>Ln|ot%yVf&^=PG406h$)mem;HHK09L+rZF75KSUYe8*O&eB1W+!qqL%XiC~
z_BzaA@O5%tCeX<apeZww{G^85D*)JLx3gbm=iO>}mz|#8tHkQCCwr>Q+ZWqh;pKA@
z4?LZqa6O55R|vmLz^bY6@EET0qxAoLjEGJbJq}V_zDN{EuN}u`^Et4i_1*J|MMi_3
zi1=?(LB$^8au2i2-b4FDp$Pop01j8loScES*zkpEm*aIZk{-L)XTQ_)N1k47KPmvh
zgY=}?GbLPr1+SOTH3w;GcA;h^Yxr+WGbR0q)Q~|@<KSR56kbA=ma4cfYs-CU(Aof1
zp3C!d+DKcVMQ<%4tFJl#${otfbrc|`wRrn%a*4Q~@gnBv*8Ji2UxE4WGeO1gcxLH7
zPX(r&Mt>NEc!uiiPL*AB{?Z+om`E?;-l2c%QdRFokaRP955NR@$bi|4cO8VC9#9i5
zaP>R3PJ#R~0^c)<x#W;{Nyz~f%md->;?KPrF~4g1G#_pN1T#!W!S6x(xp4^8Kr5p+
z!GUp*lR8_bJh~<emzYg1(Dpbr`vhHodVN)5+22`WTDQ@sE!rG>bF}v8NnV5c|2k>g
z#Bd<*H9JjU=A;2~0tdD}SHZa1zT>QTqhiWr=1;6zrGXNVGCNRJebnHrNEUG)59@e#
z`=%aV#SQ3L)}<dPy|;B(dAx1yade;o5j#C-TdZRaTuC0B(F>2#{%MiLj?cHos^mG~
z-pcNeBRQC5pag_{sc*bO^!*2Z=AS%u+b6TJJnR^+6_Zx>!0zpyDmc$hy<-!7@0CsT
zS^(Q#bgV4>?UZzkp9Hfy5;8Xn;V|K!uBJaPj7@osH@?pSOhTqRZ8P`Q<78bBL>P(s
zLjxDyAk#zn9jVgAtL)XVeki7o4P2%g4aXnBYK#lO!1dxVPqQVko)$xN!fr8ki>get
ziLzmW=6b0hQZSQ!LOJDvb*5w=1{#eDYRU}|&knVv14&-~8@kij$7KzGDJK=WQNF{J
zHafPmzMN4pY7NjYV_qj}=6GN$S;s+Kv&5Gn*t4b8`uoN`RW-Z1d#X6dE_}gIEjmdP
zzSc8I%EPisu6|P<H#MxA4fFq^{Lm7;vui7*XUeceeE@ZxU3Kaw#6sRyH%T^s+#}!&
zw75*K=i@jOjKQ#aJCahMCPU{K-+G8!%t`^q9d5<2nR;i$Nq#E;HuL6ekQT*0Djn{*
zoC4zW3VMqS$7?VpB6ej55^(R#!KO9)e;gUwz@iKMvYXqX6(T+Op}kUmhl!os^9Yte
zom9;1KoL=Be+{Qn`>Xyk-GJzNm~Weter}xdV)`84an-3WjvRKnp`5t31=$@QeV*{=
zQe_j0>i=E<dPUBBUt%Q}_%CLLdFP51O1C-FiFA8=wv8v4nrl>7B+7)Kt<j%ZFP-6+
z8v$Q84k4-W%tJW!D81}>T!$C={=A9>*->zZZ-s#%!s&ux6h1Ne6$B4z<5@e({pzze
zunI!usF;;bg4$Oh@NSb(hji2bbC89Y%e*li=mSP}1Zsc3oB9{R)$&%8qXDh$bL#Et
zwECdHU{xA8XwbB;%u*dHr5DK2rkJr2;?$6E`jiJKTF^8gU?FW2FfU~9jB(rgxcR-j
z4#Y<qwSCKr3z}sM%p_D1&5bN4O;0}oyEJ9`Q#_i2uo1St;xejL%4`pX+i><j%Dn4M
z>yK&7m4qowzdae;S6zo0f}U858kV31zx=3325T$5Uz-~Z&tvQ(;yLaWX<GAWQ4~#>
z2cw!fS6_ZVvixXew)T_pP)$|keQoNf<uHwa1X}z~B5HbMxG9T$aV;PRN8d5HVWidy
zX{wTjfjrHPA1-R<W{K+>9^}sOQN>D-wf0x2lj{JwqEn>L4kPJfVqco(z{EB<5ZUT&
z)dCDVf5B=~Wn^G89<g~*D})4rOBro-qt=sk5d_E6K49Q_*)GRg@Jz?Q2m>!Ktu3@z
zv;VL3k)xkl#xtr2LB_xKY6cYLMqv=aGvCJqf#rzVv_eH}$bN3fi*oSHfNB1FHyf_{
zaflfBVT2+h3YuReOGS7Lg)!PEKiO%t$NC%5+edrd+dK%3kA@Fe|7?4EDlgm8@O0fM
zI$XIm*2Qks!@J4)rO3W$+D){)`>E&3D%09M;u#z=`y`|&vrvQ0v^4b_4IxGs^7x1%
zf%5LM2>@N8t4X=>M4G$eJ;hm?&G`jF1yx-*CqH;BCH=`5+C3NI%mT$IZ5m#4yL<ot
zD82ynl-WR^45sLg^<W*~ldqnJ0Pu67=cH_f5f*9o0|H|=X6vU^5k<%wf|<dzlAruD
zt@n?Qwm9Qhjg~iRiXl<9rP+8+JZ2?P|BH|Im#}rWDN58T3wyT9*i%Tnad;v>-Yf&v
z*E3)JFcRjm*lk>@b^o%gKZ)yl=TO(O+~64X7dU%}RYu<vJG@np{K_yRposS3IZL%p
za>1ebD)!WFH-cCGF;=&;xOc9CzJKRbDV*>nI-1k?=bvbl^oqH7-`L8q8?$|2pcbu|
z$h9YczQ6=VSp+%ez*Uc57A%V$d?O$+VK{i;I1<0fek&er^D@PiWgOv70Uq^t(i|dQ
zNDNSJI9~BHm?g`l=zb5tO7UInzh8&6qXpghv&6Y&8~bUt^!Y}6d*NpQ76rj||CGr#
zIO3H65FmjZg7N#JcSiodLed1oCgcKX3e)#m>gamqwY$7opPlwFQu9#arhtNsbx<?|
zK?v+33O$>7Qc<*nP*NgLWPr`g=F58yeJuV_t3~yEaTFqP7qi9LzoRC6OrVjaWD+T+
zb!=1ms;T-6pKRtucP5n_LhoxNm$pOROs?>x$ng<rSP!SrB6qzGbVs$+)(PENDWIc3
zc}v&Ek~q}VO?x1R7+vR*u5}5!@GMz0fo-@ZBea3<K2|sB?{h!?9CJf`t-e$Wl(EjI
zHv&pE*guutQX<}05e-S`+Q?NiDmXKs!u5ElYL5-Cgm4J$wd>U2npDd`<2frb+PkXz
zMlb(ge&@hN?&O$z70L#jHjUav``_C_FgY(O3^ozIrpelhV`xjo7(Ed2L2h9w`-n*;
zf&$VeTUcIJ^yp8hNJm<R7gs(ev}_^%$2ga)9Y0D<up5FaFP;TZ-(YP_{cp+`NfX_*
z_8@Tr1IlF;WK)|jg`6g;oC8v`ttjR%eiDgX5*Km{iU$MTew{q}PiOrKZUgq5<-pK#
zR(Vp~cvYC0A-Nb-=y*0kGm?j+y7S5w+$VlO9*gZsTIO|;0mh>#g+YH39M`~9(O)}{
zHkRFWTDM{b<)M|ZU(iHF!S`jDk5<~ydGYc2*Pn1ZbH15tcGF+TyeNNvr!lCzWt^en
zcs_A^pdpru&Bk36Jj~D7s|K#9^ikX<N&fj=3qrKCgMib=PM6791DcM9r6Iv&$+^R(
z@SJD=23Y}%Gki*y2x>_}Q#q_Bu;v<bFW{F{#|vt$1GTC6IN@~?(Q^Iu8;>4^9Jyz5
z9R|L;isffXvN#)K-WJYlCdSZ1H0}o10#;J#K&>EkK8SI)^(nP;0Ya&F=(oq;awMyB
z>98kPeISqC#Of8)v~qwRTaojwRyRIqw+2b>4_qNkL5$3SRKgFAQpNDU1VqhF7hn&F
zZ~IUc61&Oph-OIJ$6dhkyYN@pq`9A?Nzt!FwUR8+Hv>3DM*80vQoAs|b})MEZ;a=b
z8Y}eW{-U+x9oNA?neFw4SnAN{nuJKHRT7eElWnQUm%s+_Lk!LfQ&HIt&qCH>BoD3u
z!BDrhFUGiS_w1NJLnhyDf6Tz`AF1UcFyRMaevzw=-mMY<txZ5M?=Ugwi%c}0=P1&j
zQv;b;zh3AL`1AK%85kyv_Uv2G0U|OXJDby*2`Zl4x9*cM3DB)GWDmP5c@sYsW(%Ce
zP3<$3<R*nR&IL3(P9!Cq7TsG7jY?+vdv5^54wTheaFENQ8k|)bp9B*J^Zg6hA<UX=
zP6fIfpk#4Cp;H)sHt>KL!+*+NMV+kL9ccJ*%3)7^m7hm`AK^uw0ri&RlNZIo87#nG
zf<usmX6`GvpkThSBywX<F;c+7;VUXYYrdHUD~XBCd{zwO>1qqwpMRFj&O&NG?pG5P
zRbIq!^CvP0d29yJS-7c^Lvj}vX>5d;Yr-v52+Ml6{O{<vh+Nj=N}8L$@Ti%2V(gD#
z(Rt%*2cbiFK1mRsJ12kr)Io;@;44X}Kg|nyhZs+|F4@URI)^t;ehTR?=DOREY0?-S
zp7=bJsfZ#q3txv~NzWah8wy}w>yYy)0EGEfh$`Ld{|PxX$Oh8gNxz;W7$rS&XCHlz
z%?-@KzlOH8{aAZpJz?yH4>%~bf1b<p1&yvGbI?`B=@n6d`~f$IYyKjz`r*CZ{g=U<
zy^wT<z)f<8TMJXeq|y&3O+*Zzs}dntMg|XU<j?D9^99zZaP4f7jd_~@bLClGe=aZ|
z0OyZK{6YNB=B0bqkYsRueQU0gUFtc>#OrBPdG5ho0{Qt*UnEA9upmv3<Ze-naO;@(
z#hcRXcrX?fhm^o;k+AXA_CO)mAlq6f#zONyijLzPf08N*qu|=gcJl}2>WTfJMxSs<
zb5?;H``afZLid<cV4;mPHI@f}DeHvs6RUHQv%zu6y5u3J2xWz8SFqi+88H?}qo&?9
zj7M+lsWZR^G8*{O%Hy^>a?eHSbdpNRK6sEHM`dZrZKN5r6v07EBLVNYaTI0RYRc$-
zO1`EC$gt9E=&Dh7m92-cOE}>u2z3yU*a12Luv5B41=R>rdIyn74h;kBZG>I|T~~6Z
z0vJK9_K2YqThckOrp-a3#*t<d8G9)Mj6l_#G%>NZi9Z>vkv2a-YKTVWp9BvbHS^X)
zbTYuHAi1m1wARnIeWLO4mum)rC5Pk(QIssKlSi&3TD=Chl)M)d%EdfNP)yxt2zY~o
zZ`W&omnCj0@_9bY-A9nksK@Q!*2QmVGNmi7w#ByODRV~30XRHIJSfN`SAPQKpzYq&
z^9xFP0-5|q*G)OP(AnPG1n&Y4AR8lS_UGFRy_0|CY}1&&CV6+Zvo+4&!_f&!BsiPE
z;R#XHPm*FJ(aDVd<`w|y!F=%*2IBW3h@ME$r}bM~s8W_;EU!SkwX17Dl5eXNOo*eZ
zbeJ{s9e<{jAANbZ+!u7$>$~&vSmFcxh>(<TSFqqi{C6PcF+wR00zGi>bC^Qlp2^hi
zLZwNCzW&Tu<_4qv9W!_0Tq1#@3b{a7nOmWVUN(~u)6QYm*Bw16OEv-RmPXm?A;YI%
zS6aE(M;35hEEtk{O-xUeW2H>fTO+<bcSAjeOL3z*m=?9u)dW`hEd|e3$M6#}H|SL>
zAgPJRZ`F+4lQ0(7SX3&d8A?Prvjr!rWJ`)~jRh@eyQL@~cmBC0DQe1?Xw+a{vk|%l
zUqBocSP~<|B`$1Pb=Pj7q-Yg?Ar+ly<!Y+^kKX(X{W|bd;wBMe$cJJy1gCE~%bSUC
zL>@ep@0SUWlVni@LwRQvZb3Ec$Jo?-^1(YH)Aa7PecPC`ckiTyjFR!bj_vBk-A?Kp
zbFcjVktoU61M;?21I<@~Gmq2<*_7<^sll`MQ7GV`iuS+(1mGDu<3}z9jb?U5%^=7P
zNaOF{DOpF#u43C3&J1)0O|?0>6bLxnGLCJ2y76t~<%`&QcT%(|Sxeg@fn5o~w`kq0
zQD?o?72DCZd)L&`M>(ZE7e^{iV<eqOL)yDGi$abVY7tk3sPsj;yjJ~?2ex}HRd)Ks
z<RWN2_l>V+*rMq2ZrJ2&GI;(%aNpJ7oY^0oimFp(wTWc~>e+io{OJ0L8C-*}T>R!m
zRVnnpNc`Nw{<&Q{48Epey}_C;bhfJ%QJ)n$zVb>X=VMuky3K7oDRNQp@tD#R5_F1x
z(8E{38*J|a7oAcwzaj8EKc;OXhWuYQ<4a?Wy&Be-n=v3wC<Xmk1tdqK=mACsODn$i
zE>lksPBE~^Tn-)}p*9h`QnViH!8OM>$kSv*ksG%{E(I7Qs=rKO4!oz=-g6aQSLi;9
zzJ{j^us#f<>v|`_Rb@h}5YgA_e`f-TtC(t2ayYfR+Xi9`c2uu$v~zbS6g0qM?7L9r
zw?Gb$8~q6452BU%qhi$-ZEg4XnTegz@GKGA`g^#Zl+caO7)bMd)9Z2}oz4x2_=zHO
z1Pgn;waWB5!V^)5dKynl&*7|Okg0!?<F+6`%)Gg}3Hr?_mga5AzA5|jLF}4ILfBz&
zwcObp*sFY6Y#Llj^S`hX<J-u6%{2v^BQ;y{r!j-0ARAu+;7xv_B~*IVuDc-fsV@u!
zwG})BMB8b^P(5e!22Q$tL5JM*bWBR%d_i44Z1N#gmMt=o*aE>0^1by#c)sgPtzk`j
z$o(F#e;|TeOhVU*%U@<W(H`qq_B~B0ohHgvqLJYYbEV`Ud9#yV7+`BV_Y*g>OnV&O
z<gjr>M+y%h9orP51n}8`36Tkq=p1U-Ek=@<rqpf%Mr~@rv*O`(F8rnUMDABihePD3
zAfHu`eAt_XUUO6b7WBl~v~b<q0yXwo2xd|tze6X=`V58va&P-qq2NyDOc>1qhuuzk
zug0C@Z2WVRZOUZxC4hMi9(T<3N4s64-oC)M2O|}4R9P9_9iSE`jEe<cFY0p$l`w6E
ziRoXfa-0n;h)Cs(R0KxUDDtljD&R(aoW*Kr28wJ$+P4u;ee2+>FnjF?!*|)0&psX#
z4})*x!gs7z+%AY>nH$jGb-oi-uJd2r|58;j2SwO7xri~gDlod*J$aDc33DEUzW;;8
zfE$lASRpjAU1`<8jQma#9$oK|D~G=?2}2yw5|R$8H;~k<%*lyhwZBHw86*j2VxDGl
z`hYbk9A+iSHJTjpr!23o4Vs6Tmw>@$*yw&yJug?S)6Bs@w8CLu!qTaZFU4^U;P=3d
zG@HX1mgoxyZ}{zW3U7wqw|XSL#8UCl+PMZ*!~PrQvODATU3PtYJ^hh5pdcmZgVB)-
zpBpwmvaiLKVlY~QKRBV8EW&b3I}=b7?ZPiUOfHn8!hEOb03K;a5XdZ!!CMms;01#$
zs30nI3meeiwcuWAai|x)NqN<<j|2E1c{=XB;4`Zj$4j^ubCCL8iC}7|>a_x40-O@f
z^6M|sWeCXCve--RfZij9y9^Zn3R9+zo|t05DtW*a@>+=hfd_8%+#f>-a$%=dWki<F
ze(prD2vWa%H;w&G`L>yuUB6x7@=!+$Y=Y};kE#Tg5hPReIcKKIXAMz<RdT&^fc~!$
zg=YzU8lBOB$Z+2*ljNSC-~0~Jg^(9qhztV&l7zWa8;xaSrKccmpcOB0`ty2z^Xvn(
zEis+(q-&+HCXygAZ{3x_13(<>f^^-S2sPiPQgdr;FUglL2)yfpD^G7X(*?TO4(j!d
z++(RyBhF8nH>JqXKg=m_i>q&S11P@7*BNspkYBq{E+GC{$aUnfO$s0^^}5+QRT{ai
zD+u=4sRVpR(GpneK!!LQJXJ|Tyma-m1x8EyuEFltAkd09tRRQilb_%zPHpBM0r0TZ
zH9?lg118nE;r?xwc#Sl<Nn^z@W>?G(ang#82U=LaMbc`7zq{Z)_foqU3zRc-I}x#H
zOP&<xQytgRe2ZQ1L%>B(*X5J)BO5fc{xA*y1YKa>S}SVSu&mT%=`7?@<_RV~mDOnG
zzXYI}KB4I5ZYgz+$TA5N-;bii2<yd#+t0~(?-o@Vh5-}NlhD`UH4^GwMgYx%6FKxU
z)5JSo?B$KlS!iX!4Yzv}Ikx~a!Kf1+af7>j(*(|%j9)tO*q~+8{o$P#%99sz1x3Ju
z>2h}DH8c_fcD!I|#@5r45tfb_4fS1DjcIzoB8ryQ{VWYFoPYl>@J4h=RoFmggAsau
zcNKJqwROf(&E9%2GIzQ~R!UoD-K_ycO0AvGHof(du*|3gC;?yv1813;sD6%gc2|TB
z3n!dj($43b=}m3}Fi)@5hUnuG{^N?CoJnhdIpWl_(EE&wANhy)8#KK%IovJHtCd%J
zU#a*fq2)Wtw2c09uH~*zhnaGW9&=11RXf3}7FEGFKv*Jbzoen!!u;mJlKS@_EEgE&
z10T|>qvV`p^^Odp9;F*BZ`fLynH|?soMFhr=Ua9CrR~Lu$sRm{2hX^A)0jNX^*k$9
zRL_>x7ev2}-2`oJ2-Q4d!1<xK8?ma)yjI6(Cnk9-^$n67e%U5uUBpbe9|0YD(ubv1
zcdmjCL%&o7zzW8XBE~by_9*2e%NP)|Q+QyMl45Sa%$TVmmm`$`j)b3wW2_h<7sK5l
z<4YsGjhuXTvNQkPX^_P(=x}Fz%mI&m+NpWq^p%pB(7_q5DHF5mh9ap8F62-bnB`hy
zr>WkX|BU6oDhyAY{?W?PRoRZ(X?bLFc~XUr|JSn;xPD!PN7S|DbeC!gwizjEOxnho
zKmp9pqsLx|j?o&ls|*9ZuEZU@-;u{~Ur0!#t8cO|f|ZD(b_pJ%vQzIZH^)tGR>EO_
zptj)h#M)H{DLfbKP=g)IWLY`V)%%ZWA#?@zti|9j`*cFemr;k(7*)T)!}~TIxJ9-D
zbzyeQlmw_DSn~Kx`0qQ@iqT_WJ?7UzHT|eG_H7d|0qkA8QZ>q>%dMku=^E*XBv{EA
zz^%wsME&g3lD*wGTqXQ*aUQ8>JLoht_;{PT9i|%&7dQJss#o>Te;rO^hVte?^Uaxb
z)l#_$3DPTVI~UhQWzpi4y{+fhu8=Kxh4J(XRTRz0cUCkh$ihz89FCmAIq(EDYDPP1
zAspYtrTXN@lvNnHcb5m;@+Fe&TCemyjaXo7oSR}+huF%P0x(yQ&HwZmFC5<IU8oj^
zR68&ZjrA7KhLu+>IzVFvIC9@`e?JtUUJixS_Q9d7EFB-5VS|e3|N0Ro$s0~%LVI}#
z;0UNX36lP3c=7a1aZGP(i(C)$Ebdel`XcH6pAbIjn%H_OmPx=PL=G0ZaD?2$kGa0v
zcr2@NG~f(~aqh#DkKAob=r=Ubs4fOh{)gwWg^)JJC9Or+f!=)F8%U#&@m$8_Q#5R&
zR4p^|h`E7z3^IASCvT8`>=pXzR0qU}TRL@sBc)*z<IkNcCyx3&83Z^=PY6ZXrTvor
zvj}nr0nFHPy(1SWeOa6Vr7ugARK+LG<wmpeaFAWIW7a!7Q*DIwZ-+S0Eb}S@7ZkMc
zs+^hZeGg^+qqitBT;(59lz7EXY0}t_8ITB}wdi8duB&xnvSMfXwcX?o$6-BxPR-3s
z>BZe%32~9EBOR3f+<jm-c<+-$)3V|e&P3fe1!Ix5<RsUJNYd|61A%^!<DDez1THhL
zX3Z@gJJi5a!k~Q?1u;-huY^&VVS6ETYW}$L{ohJTJmyEwQ9e)5;C(QPV4kGW@*}_^
z%x&@cJUiymQTl7-4hgElp7ez1ilm~PS|<G}M%A#ma9=L4q+c^s-e%PpmUVU4gzMQR
zdrrq%G^{2xPNB5SXwPTQRfH+7<O3jFMv75)nc{BR@lNC2(i&g5xWxE%jFI<{DEq;W
zI@ORgRQ`hdO~c8veJ^*iT-4ca)-VS^+<Yl66}M33<Z+Te)2IE_^cQGAHB1`I{+0G#
zzTdYdK-cTgm48ODrw^*+)5926MKV{0D$g~=xxGOx`**R#5=&2#0%ViE@#tsTA)J6m
zL(Hnj7Ix$@)K?k%g*pa><oW6aP+#I#9BoPlNx&RV4=2ZmPsVF!fB_n_#nJo%W6~rb
zXAP@%rgkpbibD6e_!aH|ww%#ifx6+N)DR=nod2}0=FB?`gkSM{J&Bjjp40A#$pYXI
z&KBeyZtUIN4f~|+&zHBc;Gc7>(<mEs_UGd>{0vP|cB|(B=_*MxS<6+EVYOr!Xz3E7
zqTI%PBl$p}VM)}vws|S{>bKBo;#)GLq!G<1onoH1URDS~-Ldq~SWwLg2O2DQDxeo*
z#y{;JhLh&*V9S*i|MvtG^v{VQg=~TH6&IAlq-jEwT64X5RBnaP_4rh-DYAx0t&4uB
zAHSV&eQPF_X9Z8{?Z;<GcV&tsFw>lW+^JQiIZQ9r8|tvk29b{<RFkmUMFdHgD6wyZ
zdIgek;x0}xS6~KK$myBKhef1t(e(NCMdGAqkC~{Q@^O+R8s~{Cop;-d@%vaWc|!6*
z9|a9dv(ibTc$z|9)8$3=u@l?kD}^BTQE}bdvk&F`MuQ-ap|neV9=^#x8ww6XAA>Q)
z@Zy=^OJGuDvP;U~`Cup|`IS`90r-#tHk&CdUdxecivdnI!^9|uannLs)|~g|{W%44
z<nmTgr4@x%9;LiIRbx(cJBuPq=WV%wT7t+@g0Yj|UCf8_IBvsL+znVMnb3Y~Uo%fc
zIosTXXG*az?!MxWmFGAgiS5xZP?Yp5JWj#7Yv5>%AGROrXYVdddm3v6_O}8<898l3
zpdvq6UcIA-1cl`?4MOb}_KLs_+V8heCPikR>ps-m++=QbJGfS8E<!=E=G9hh^B%V+
z$LHRdzWY^~f!TTac@ML;=Wlppak8M+D_33th!#km5OdA5BNMo%lxwFLcYDWMja(TL
zaPx(BD$Tu7r#5hoM+CSZU%r`Rn-Z}`bZmp=_KQk;K9#z8Gp3*~jtn2UCQEuuzL-n{
znd!1-mb<|*o=YX}cJ%oujct?O46Wu+QCu7;V<zOu3+cngqdLbmbm9MLMdKt#Z<C#W
zY78X&)Pl_M(O?W_&?4jtMPz5kQ+r*WRYo)7p5)yqZdTF;_eLL~P=8Scc6?qGD$_i#
z-L@6FZiLmhf+_@CRn}77T9|ll?FibKNJ)MfwiVh&W65O{(;7lhYh?#O74}l4Oz;6$
z(3+|HF*R6|l>hT{6D$7qK}9sC7j&BEHe!=)qJAfBAl}Iijkor^L$45T{DW(mo#F$P
z9wWG44p|acCjoYK`W!nL#Bijjt%im5OL1=(V5#HC^R->-o7W6aKn0qSn@97eP8l*-
z5xg2Y5&|6%*DeI{r5@8xH13^iKR%H?v~=6_z?XEZYG)aLK`1$GP9C{lEYvi4oQjOF
zRYHy*jJX(<5liw58BTa>O`i<mC0GvdcsYpK`0Gd%(6-n)O`X4+v_0bn-VtX&#AR6d
z>vPt?2I_`5PIN-N1~<IJaI;EMrkLf&allnJ-ppe+z5yF%nF8JI4oQYI^bLu+l}$_$
z5R)=MNsQ^Hy5)|SpenjMJ@xLJiHa3o^1Qa(DQWJ=1<TX@9^o(Pw_x|g7r4H0GR2R2
z8-Hgh+jm-*stzRvG;J&B7Eb-axU{}ATopn?svXgfS|g3=+hc*cZyFz$dReS7X}{;!
z@z}_%aIf=g&X-jf6tVhIM(Yo^`PPnJtg#aK2pt6!Uc#fsr_|o}d58{d74&J=NPWl)
z?<7?w)S3T-R;@aJpF?tmxp^qc+Gd<qFGjkt1T6!C`cgqS^E8fSe%&nvz=0w#bjnvZ
zq4yrfK|c!yS+164*#Lr&^&7pkEjex>{Fec9PJ0G;`Ih1=$fwun=?SE7)EA}aJuCVO
zxXk;X$TlH7kHq$up2Oe$h*-LB$%}Sx1R`)kB8_78e&5!JVMG8zIRf&eV<w{=H<XgQ
zMch-wm_8z=CvWW#gn*Gy(_yy9Zy)rhc{iRX<YSFAdm_jNUO7Y^7ZNAD=12l3H|q8B
zI*u$NU*6Lq`=-73l)F(TF*~iL7b0x}C$nleqp=VX3(ilx!0Wi+GnFxFZZ;wFTC*e;
z8nf2VAtxaj-LdIl-eZiEp!|&%Gu~(a#PR8OJSM40V#c~8y#KH;IX^g@KEWc@@d)I*
zP}UU*P(XMyUo+lrmUy$1JbWyzg7D3l^>zbwDI2e<?b){*jY}!F3ozizen3FP1+ia(
z-@p-JHAMu{Wr3PONoBPU_&H`y)5yD;+6q?FTtox}tan|g8Go5q%H<{pf*=jEPf2B^
z4^J9CZ@U-_>HY`t(<vEdvhKjMe}sgB!vWpz@=v%8sG+e?M|@9vSHFNaT=khvWE@wK
zN*P$~sKHphE#iBMs&UYVEFE&i44?~zU*|`RPq&v;e>~tNVQ0g-E^pIs9JydkT+b*(
zT(^*cA5YNVwP02@EFNom&QVfm=5JdZUQA(de^iv$R%Q+k#fu~-EOzofYl-^J?46Ni
z$Khvikyw0dK3R=yfxrz4I*mcK;8EN%5wshCx;{QY%|)W2AL42YJ-PB&mswsp@r$mf
zD<+`Z6R*WxEWw!;PwXazSqzRhBm1_zqhrWKi2<{6&m2jS>gR5MYY!IbE_$*&I%Lqy
z@7%V-|LfCKlgB=C;R%4m=R7`Xn|jqIfZB+$4f5L2@B04=_A_ZN$oPaV_lm(4+_kl$
z6AeVq@B!&BqiwG6oO)GPeV%86!Gm*Y+``9~pkE9(##H2S5%cc{zM`g>m4i0{T4GXy
z{Di23IYS(5b6e-XGhkkyh5};7V%oto*TdN9kImyETMvFi-sI8P40PS4h=9C+cx7s*
zk`4CZ(W9loCN;hoy$OkemZQ|fdLIVHdFOyjvhfR;8>3TqY+<Ah#9i>DMoSnZVBDr6
znD-OIS^=YowQyaPXO=mpr+h5oPv*b#c!zwc%7oh(oNGu+_9GYP%|%3Hj>64;flGY#
ze#Uf4JwO-Iz^}yjUT`r=Gs`d{(o~2Vttzj;w`IqT4Gzb3%gK)AZknDt^&}}45ANOl
zZ20-PkzB4YBcaqFg9$bI_q5-`s|fJ&w$S>r3YShee8O>Z*#wH9BWI0{)?km7L>k<k
zLI2?-qK=rz5@T8w%=9T5x+6taQF=OiE|kA!c`DH&?^&33z>?W+c}(G|o7Ibi=m)(s
z{c!nkdS!Z^wUQJGev$T0DO1O)MhnJY7tM~1?pFdDGG567NjgB(&dR(GQTAjg6fJcr
zm{arjWM3q51Oe(4zfxL~qJP#v;-hz-zv2wP1_RHzStAKVAV@puT56l4*oGg(5B4#q
zm8Ish0$m(}sjhL_#r~l4;{%nILUGJ)1`C82k?Aog^w0CzpI?y~o?l?1!Tr_YYJVA@
zD|jaXp7>7z&lP<5biu7v#iqrGz_RfhCrrP<je*l>;I9yk*j~d-aikCN+STEDslz{C
zTN#O5<>cexG;d;DCwSnh#S{<V0~8UL`}LSUl7#-vF{a>=n4auSV@pO!L*fc7*~(`6
z_{OD}U<3lztxe>#Zr7m_x)|21v#US)WfvAC1_;lhKF5&_lq)ij`+DaM^!}5;%?xGL
zI?-nY_xdDEAhUHXNutM(mzO+8ZHfq)w5r1iPXO(C5QZ9f{`j4eBy~7#a(z%oZW=7>
z)jTKhEU90N<7UE7f^6r8jKI>!5T6GyC)GUKJdZ>r#(%oY1eI}pBT)mdTqM>|b@)S%
z@xwMUw1^A~RztqbLQ(zM8N^H^qRx6vP@UmeqEpuqNd1U6itH+=7{CWf4pm$0g#f&c
zq-Bj1qXX&-qnuX`l`a^}x7ArK`5<Iq%#?T?qrx_o*Kyt=)qxBIcF-yH_VlK&sn_st
zaTF>^fR%e{Cse*w3T*`3OeSN>%Z6Tb`U6k6sXzBq&{QjxOLI?!X}k8l&goeldT^VD
z-{p485VW~CUmr+-<1p+4TLg6)AAVFN@%a$s6Vpn=am78oKLe7$^06c@gz+{1_67m-
z*Dg<c(%u6IfAw3X86SKJ!VveHeqL)$KyZr@HqZ)Soo=a3Fw=AmhOtrM&E9Nlor}*Q
zl;2)TJPbS>X+s-y)HBD@vByQ}#1&5|IIu=)z`KQeD=(5_JLtKneY&-cH9-Vv!_T;^
z-`x?w#S(hCAnj)29;MfR_LRFS+9qV2+tN#Xjjx*aMu3qgYpO05D9rl~TLEa4xb;*S
z0d?CO`8mx%LD;dMmHj+z3S;=L?4aEH38!6ZZNj=sVLg_*FGu6tX!h;sA&ka1ww>9d
zmksZa80CLqO7i9S+=7#7Iro?qlu*lyJt&5|Cw0*kBQBHnKz&ubAAIqyx3>T;@<16Z
z;`voXWLMW^dPUKht*l%mFJq^6&7xeM*nQ!q$dTtmZkT&p0Y%W_Dpq=^E0*mWdgY-d
z+Ri_YAi00DL$as&b=E@PEfCZ+{$!`I6Gy87+Ze_k+)$D<OWS~S*6Hu7<lR8>dT(78
zqSB>KpiB@k=w9Q-q_uTrh2^WNMn%7B1`-z#WZ}tSR2BVMl5%?57AKPs59u#dm(ToQ
zkCdpri81rczgGRQv{C3a?6?A04(niWe_iz%4Dx2zBTmS&*J$jZclDb!Ah}5Wb=C0K
zwc6j^@9@ILz}@grJYib_w6JrE$n<IAn;n)xY~Cn3&K5;cfdtKdQ~{qVPMvgkbx1@8
zycX`Kjqf7=UYzAMc7%z>j?!pcgZKIT#2n$|k-wvonP3145rWX|4mSB5a4ar>Rrbhh
zwQ`KoL+ix>H3_^S^^bvt<SH6BnsoUx;|7KRBB=!Dug{1YL}wLlK};KBlfkPfr{-Zi
z40l3A<#c-~EX)*aI@*iX;YY!=4sf|$tZa>lPtXg$7@++6D8OR%Xgy>qt%Mhmy{4U6
z@I|4!XG)ey|6d|;h(kd8D0al|Z{z^!h1oZcMgtPSDIQ<KsRa!q%v>7&fObmpy8F-A
zYdEPC!~t#Tj%}b1Q=XJ#MyZr0mDzq^`#nA?$^T5qjVNe<!e=xI(LgEFJMGv=4dpNh
z;uR0@v@#ze3=<_&Kdf;MdUh-58aYt5yh)31bb7n0>6KO669BM0TeOH><XMFZ1vgC)
zb5h2D4Xt&95O=XQocT-N&i7XziYL@GxbOjzUxZVB7ZG#BTAHZ$?@Rntkw9JV?-^ce
zqsY-{jltVR`O^MZ0ftL5Qi1e+GJ)1N;UM&q$`9xbwqs(=0l#OIXdNhLk&+IQ@e#5f
zc2{Gh4i_k(QJ2gK$~8yZo6Pjs%iiNK?fv++D!=%S8;?;!-pmEwKuNZ5gWY(AeoZq;
zMcxxoPWC8t+zd!6wfa4NCg!UUCc(i;m?PDLiO_a_P^9&?MhbAPI`9~!I`rY6no@gt
z{qgsU<;wgffc}v;S}UFhbSi8>er{%IE#cE~PugxDt!c;NQZ7udl^$JzQONuafG39C
z56W?5i~p#-_1Rfn&MT>Jf{8x2RX?5(K^h2p#NEE>Hh*@gENHl1j8ecuL@l%#tSm8O
z<FbRL+KrYQP^ydo2^BG3HhoCUFy*~d&XZg~GpjepuZrt+fE`9a12a$v;Y^A~%26A!
z{(tmNf?6MVPBFNe$q_4V{2f_-1@Zwv&&_&urZJWymv|2inW#*bGPQ&UaU6jk$+%Nw
zx~g9MOTwPcR;d!(oQaZnIFiih3&E*_{U=gPL1N`XwvNHrG2MRs@6q^iVPc~lO@}Mo
z1{>v*qBTFo8n)3D>keV;kILQ_t}!nsBCzjKl!RbIo&EJACrj74YWwSMI#4?fu_fYF
z<ZVsXR^A|37|bdXb5YQlggyN7+A~bT%~>V-KV7eSr=y6)%ng03O^|x2l5J&n4)d(L
z&6RQdF9C7Omc6@K1SjK*4dTU1B)M<Q7sH8PhVgE5E&=>2e0HxF1AGkH*Ho65Ig_&b
zn>!50n~9<k4q-}7PhR?%|LE%LiJ&WApRB2FST-sc*SKGT(Ssn15KOogDYHy6iIBy_
zKrXIfOy0}Mslb*7m<H2K>jP#YfSJ)Q&LVj(6NOpM$kO)-&)Xf7rr8?Chw-bb>eaJf
zhg=hBW2<q;O(5fdhbovSXfnc;`iW|%N^fc8&{E}Fi%w~^(vVUWsm(10*EDoZ%By(q
zNJ@P0b%m0kG`4%R@T5OqrJq&w98Vu3q2WmN*h~rdsyI;csXvJ-dYfDX+N>Uz^^C7y
z&Ksc;y?ON_{@<-(;mS4~m>dS;{Ycj?D$628DQieaHjT4v=WL_B>W4=MZur0_Bw}05
zWyL?gr1x$<XF+uSu!TJN;toNLgz;;ruav;@f_OgTYKvc-1=1lY*wiwRzFz3<u6iPm
z3kT8uTD0A2#Zt!%f)Ol!E4;GfyGndDi28Rg9KKtBj9_AG^K$Nwe10h4JuP%2w^|y)
zXa*o0b@1%s={uoy=h&EM9Zy(!<8@LKaeQ4`*zeWMl-7BfnW*0t<GmD+vl|sVIum#z
zdFW72xj~P?V0eYxelq23np98QYdnx;TCEvsT!3}sCaF&yqvO}(a1lM)S$#b3+=2Mu
zF1NljZub!X!r>}Paip+x6MgvgK-;5=Yu;jRJAL>ei9Tv}N^D^7{UHl~2=OYs>$D`k
zs1Cbj6+$BzEJBCQgluPW&1P+f3Arf{e_N}0PI-k1qb~T^(cvWKZ~%sGWG=4DLC%n-
zb17&4=fH11KOLTu^ju{RH$)dqzxc9Iw0n#~k?LT&z(u))BPMZxX21m1h*{Fhj&m9D
zv}Rd>#ri_&KUBIwL>8Ey|JYuYAAzq$NVV<}+qkH|yI#Q-j&np>bFwm1p)-X&Ntoh(
zjF5$*<mF2I!4LHa$#UvM8<D|E+5BdztRRl=gq_!P19w1(IhKzhfTb5G-<!sNQ6Soe
zmTJ7ZHt#UhnB;@|@DjwPy3SsnBLSCmi4aw(gk()f*O`5XGIeXF&cj>V+rrpil-vxf
zj^?^{#tA3S!q$FdqL|Cz4bG!nI(^Two=>j+FJ<c6eEl_`m;W<Ish5Usf}~v3FH}Ss
z-SD#aP4$uVEJe!>P;;gP=Hz)~<LQ8h>W^uHr@3-HK8|D(#`J)+$Phr@_dk|tR<zrF
zrt+_Os(eiiDf+!!7+_Dhr8*f~I~v}L)WR`~^B+Po4U6i;om(s@r-2%!amHRrlsUkz
zJ+dU?cojlQA%im0(For+Xee2r?#rz=5N9TRrk$fOt(?_8&881mJ{62QPp}zG1xE}@
z;pYzS0B6Da3IP5>yCh|Cx8?Q0{UFSc`{6wZAo4$zo8$sUTz0Kty`cS2Z-NN5<C7v&
z@%m4DX()bVZypg*G;pS~arS6yKyRj%pZ4As+#Y$Kq2Vx_+ReQ8pld@~Vp80ejs(l1
z1ZIBSDW1rg%m7_LuUBIUUWIv0ISe>kfA6ECXf`-XIM(Y&Mg|5zlmnCnk$j6{_8C!X
z%)wi3&a_3k<6fn#N2Xa#E$Z1sU-nuB$DHIRC{7kp{j1_gN7^ur&nR?ifK-gNaFzzT
zd;ZD=!y(<n1Ub035km)T8^DBGa^97Sj%`D-u|HvkTPhOAr-fM3ixpCzN9OFVzXVci
zF-iggKY^mJtuVQW23&TO8{k!XKq8#<ETev&C?ZX1*a)Wi7y4hSUr0j!yM2R7v;;FH
z=#CcGcD=Usx9@oaNZ6q!`U|zqg50t-(W-5*kW4q2MA_61&JegUdlC>Uvj@Ah?ijq7
z5Nq9}{qvD}kWtq2uisEO4c#^tldEhVOFPzL2a+$qb<08Gv?Ob~_%W!j=aFy5eM$Bd
z#sxnmC^nrk%lxorZ*mx*gDh_VJwU?0C9)|AL1sz=#B1&_iajyn?d#oi1$3jCGS%W)
znx+gYyf(x-5k?_bNvwbsRf8-Cdj1ccz}w1e7PGgTd2wn%Cd9_CmmNcFs_P;ivk5iG
z8`M%wPHo=2+ywAVxd_h#fyTU=0h$8`Gg+G&qXBD3@_P$@N}U$je;;YeavbAp=>ej2
z>UXma?n}@j6}tV5emq}|4SE%bY*bLxsNeit`WYpp^KL6vBYZr3;qM!L(>>7VgBQBy
z{jWBl9AKx8e;b}HG4yL7w%0ZJ@*4RtXx7K4PQ_B=u*w|S=jhs~s_2Tnp+jktPpG!y
za()*ynkw=&oTY;?O&Dmg3>8u1e74D2y~8`*bC(8@MbZAMiBi$;U?!GET5^qhK~)Qg
zk|Q>|OS20+3kaHa_<*hg2h?cxCBz0DWP51z=pmYb^sU73XjNLggH|j_0XSBa`rYD{
z8I!}HVy=0DpAbWuBqO4jp2{+?(uLqkySwN8BO4Rf-UtTA|ICyJNlPgr!A27Z7hf+#
zM9+}#m1oK+(?TY~v#3k~4Id<Yx;FH<MUcZ->0QG}DO8`cbN0T>a6AjvA&@zj%wS~z
z-143Y^UC0)*kO4we<D$#dJb4n+Te0kG#Iq`AMNd;&5SsOz~|{L>Oppjaxn~!U*8eC
zTb?V;@-dp4qekqu+ClHU#1r&GEMweF-2V%z)}n#vX9Z{i1YESqwV0E4_^Le1<jtG1
zV`|e>^K<kT++tE%RclWzuDBGO5pWYT<#7t#OH5~(>lW)U@!B=0P@pE8^y45+%Z=Gq
zhE~SBlDH}*J#wf=ds^8F0=7{_aP-E<+pHWigt^#pIM<JV+XiTb97_r<@cgnm6(+0=
z)|whHSLcKDsG{Vb2CmVGvG@Aom8I()0(ZHOTmFtB&RlOa86k2WkZ|xI;DLm9I%eY>
zs1IOo8N3=Wk!DohcRktktku~{1Htz&&G+oUN!q>Xh<ITEJ)zWSqmkYVr!{y1Qc;kC
zH3Vbc_~w1QC8}j4JNaz$3#D9}`$g=Q`MjV|NX#pg8ZFp)^&fEa7|={0Z-Wf^m2A6n
zYE;00L58KUjT>jH{rPTI0|AClgXC96WD1Z-k#G=l#`ZM+N(6_1e>&7MoigoA%g;e?
zt}(E!kAK0tjEp`V)hr&MfKa6Z(y+W=m7r5-l}6(1f<IkG^yl)NswaN+o<iC-_kUWn
z7O!AZkV)gH5Hm-YPF5`>`X+R-PBS?TKe1vN%F8xFL`n;4#O{=MSEyV~XbUMZf-uT)
zh{=k?F4Dm3hv}NYGoNw3q^C;zzwyOfn&Jn!z7nC}2mQ7_u#PP>7&odDg#o;iGsV?e
zshwh)SmRlfPtkpEW1*$m#Z{0GRL-=%er1A`Q8DKz45nl;+fc~2aU<ThFnAs1IodF1
zemiC-)+)3qvNIxUb5m$CPCFG2iz%NgdPB>-DDC6Oo+8LitkbkLyB!D#NXF0Qx2Jnz
z{cwK0`Mah!^&<X$#DCuAT#vMTDT9mPX?wKVF*<qrpQq!wWh3h%gv*anQ&%8r<J$y+
zhJ7jPK+Z2)#SBefNsgNM1FdOUXm+C7uQ)3O*qel&xeV^>f8ZP9H5yGJRUOU<r4{F}
z31(m=O_2({Q?tWQha&ajTmx@jB%KgUS#W?575}){PrGaJobk86v{&sA!`%VydY@9n
zoJ^jZb}@lgK4LU!kR4yb48Ft3W5|dCrjU?mFup387}iSE|F?GTS%x!ce-SUCRN~t|
z3j$n+Zprd?K)bRL07~?MtHlb*BeDgu*FfKOxs@nj1tdk>sP}QKgnn%qhSp_igWzuv
zr}(*muT>@J+x7OQk>!e2Hpff~fIdwYKpCU7t$fn^Af8v>hY@Q3W=J{&6^aB8OymK@
zy@z@_`$ZDa@Gg;8UIELdIx_HfxY*tm{D#8>ACLA_oq6ibneN|+u?TK^&Z%dxJ;IJS
zND(li2<F!wvT6WE$aAJ2z-n6~FviyN01ss2b3SH+|3mxFv%b!?ac>WTq>J`CGz0(+
z{p6X3k=TiJQ&}=Dft`JmcRW@Jr5<z7d&17b0`!;3Hr|MKBNZXiRn^tV=FUqTZzJH!
zV5si(^rXoR4T~M9zK_6Nf8+vO%gHvC(&L}3umFU>4$U?b&NLvil&bPBoD>VU1RJOM
z(wnk5$sq(-;P~fTG$Yh(=d_XCx#ghEk6z^oy}{e8`C(P~wa&l00RQZlDLV}E2@~n2
zW#$)xzwub!Xff!@Q5$+k|C7Oq+SwOlDU(lA#FB<7tw@enT)0XuLVKzWt<Z{y+v(!2
z&2Yrway*^{h%ju))vE|B5WTtUMZW_U?!{U?Mbx$v?@q|*zirod`B3DEYH9At5@AnY
zBgQD5Z(}8mtpC<VM6>oJgqiAzN}WRSx~>AfR~=R?uZ(mZRtj+lBgkr70%glc6#n6a
zC#Wj@hz~|1Rq35=q*2K>>>^)Z`;o0^QsLy+xenmY7%CnJn*)R*F}CcGA1rZDYB*GT
zqcAr#9Ypf8TyGE+)4xtUm9?b$Rf1kc-PZ1YMe#FYA)^yBhl0+V(jJ`><uoj+ak!C!
z7z+wGl3g(y;NAc`SlZRJ!!|)-qF744AxgtH+UgpCT+s4>?{vsexAro^0uWLnP{X7;
za?f@L#)vLXFu`W)tWcwFaw#p$eOk1Gf@1h)eVtGbi@;p78Uo>~VHczsxH*GjW?=?Y
zzgr=;Zvq3z!VoS&CfqdoJ%FA(w6~y$d%#695J4NgZ+OW`8BSBEb}%^3P^}kmH1e9x
z@Q@Uera>%VKXsL<W*Web=y0IUHz(>PE|z-rhBb=x?buni|LG$wO+tVw);7y$K2n4)
ztDC-`q@yT14SaQ4$eBdEF#f#v^CKu$hDZk`BZVAfjM`KQ5v(e79{l_Or`dH1htz*T
zpf~d8k`Y<mN*(QObu~Fgbrc~4H5+V5E3;(7K5reE!Y!b$#gAVG5HkSzKPv8QsyJ6;
zDGZs_!d)B`asGoHick_M*&Oewjhz$;?y6xM)ZUKi5Fz3ShV&?EydXS4STY*|hTOD2
zB6R4FbO%maL(MiNj|tZ0pR0^vACY|X09O-K+2i}pC%yH60sFguak&0&dLjZQi#*vh
z+tRffA6QYTr9Kz*DH%j2F->|y9U!bzn9X#EQ;@2&EY#-lN%mfOIhH;raLi)I&f?nf
zJnkDmX3`{Yju=nPQMJtiBSw~x<@-#_#5GoY^eM|h=im_Hw<&$%jES}{x^>TOJRb(q
zlyuNwE4wZX{?Xfm&KomCsN5^4&!~rMX?X9!d?UrPo{&Y}llPUtBY>0b<Qo-X$>^y1
z6i82}<={|kazK<zGzBd*1+xEH>~4k<OB|PEtRJxs_h5qmsqN$54SGm4+V`j`G!~PO
zqsAD^&9+<^W?znM>U{A&)9?pU2O}Wc<-ma%u78_!{D1|bT_t5CH~h^IH>z@2U{uj=
zc5)nKa$ETf%%R4uUWj3rU!i>q-7yc{zK?wWY1Bb^3vDxST^hk3km^8Pc$M)vu-QxU
ztW;F5=63aKRJWIGw%~ZuD*P(I(s=sCPCJFGDIj0=cZF<8aH5GXG13cx!dtE?CS_@-
zpJ|({#0Y%lIJ4(qkB`f(-i-|;kRNudi$$6ZYgG+q2k>nX9;GgHG-;c^V`}N+(b@{1
zeY@-St?#hJ5F9h%<BCZ3V0D{x_!Ez&ecvvt5%&x9AZBwS<?vt;aPR&QVe=jh%7Zf8
z{#N=eQ_=VAafCtR-<t*ysQ^49f651B(6n$47u3@5KmLz}K`As*@q;uPMRi22(m`i|
zv9_K+@-S|*gK-JO^5@=MxMGKB(O`+<wRc-iY9|4eOzT^=7?5;u#n`z@X-0vGX)!CK
zOK0Eo*zMf%M1jzY3a<f?EmQsm5zFWLK6LYB`bG{kN!BR6-I3-0Dx84)+Th=0rNam3
z*>I4-g-JYke-$5{;>G{h&JB+Dj?j^5G}v6C6xlyG_fM1arexpV*~cQq$Fj-ux4Uoi
zn%f3M0=1-SO}$#M6?`dooYO`rQsS1@U=U**G_zCl$8G{?EYa8DAhAsHR|h5Xsf0i;
zvk{E1ZB6g7D8=M<PZPG@i$Mt%^Aa_a%r>YArlH{2Yaz-R0WUrv;!lA2F%d9Sgvl{Y
zke|r|{ALpj))f0h`FYw;h4uKJlHW3;P;lSyR?GMjGk~cE(2ID{M2gATgHoD)O)&Hj
z)+;l`(oRd?Ug+f%oWKJxb4(MGXlUjW9wCU}$!C9xw&lszr<|2i4JVR6NP5u&ae`%|
zHiyM{mA~nBYJ%|^WS@)J4rh|O`&4D@hN!X)6}ZRpfl2%$SGT`qHShV8DjD(F#SAb#
z0tdKi>+G<$0bL#*$MB#8k$oP-jX<eCf|hQ<8AH?+Un3Ww1?X>zixXIJ!P$H<DN}i%
z<X#x{3f})p)!yNGJQ`%PczV5si}0&+Jp7b;TA-`i$H}+;QH-UOgX+8Ygfxm%vk4C?
z)pu~;MO7b1`~I+!387n5(*Pn3+rUn=99L^=@?2bHw!fOK##H*J>$OfpFQRpL%Agf1
ze(Acdvq=qIbDvct#3KBs*PkKX=dkB&;h#F(Xp}5#b7$yRI2Lj!u~Ddni;U->!SOZ+
zRSzl(tX%mLCaFr-x(r$?Ve&HFA<2A4DP%=}7rh*`t-j-CYRcHi(E>sMR0`*p4z#Fw
zR_jP-Wghkkds?%{99i$UbhT`jSx}_4jOtlE3KlN|edY1vbtQyJ0E_*{?qd!psPA`_
zRL<J45DgpZT@A|i4$e>DSTFgj-A*j=JbYh(H$U!8-{f*3ssfMXSYXF0bSLl196tY-
zOv0?y=psr)`6A8figck=18f<i5bu&2Rgz{Bu49(>6{l5>r$qbK^Ie|YB0yBkM}P+o
z`G4-OAF17uh>oi`>gr?XGygmf=l*QMw7vEu1zv^}rldx>SDnRC<kgRdplRhnQCld!
zIgVV@gP5z~sN2iymt4HG8*idM%Ful$)Bb7Iu9JyS+B`xv%mj+ai9`pHo&V!rzwoz^
zJ48<(k_aej$4)MIhh{yu^)R+je{EZE)ag@s&v|2t3H<E{2m_HIPe4->+O#k&1J;t(
zH|hf6MI{Ax@htA%)k-Pv&*5F$leFwZ6^mal7iQUjJdcSh{ra~$4GO<Y^|g?l1?FH*
zBV194DuQofZKV65jeV^n(T8Clkyw<?c>K3{`_KG~A{_s>)<WBT=jHHfZNPL`qTjyL
zZn`kbII*HJtYO_^wJv<zw~X(JC>{8=<7mwp(o3Ty(eN+CT--VBIK+A(Odi~biD0Y0
zc}-3Mk&!jp%YG(8AA%GS8S%2|(p+_>jxc<IOW4Q{x&a{{gD)UcV&s#g?AgS%9tGfp
zRu-g&w9Y8-uI|lR*l?a+`!A=FTr|OvTNFTG2!E_z-dy$HisVZlCL*MC^d_Bo&-e~&
z;C--7l&|?tRMUfahS>d!#~G1lyP~UAaLg3aE61Gz5Wi1_uugs`9s5L|?%hE;qu&Af
zMDcmBTO$TLFf1=<gUJxvMb{;FPOaJ%$o3R0LR%$a*C*8qQ&8VpBUUugS>fhSd%yfl
zt{+84zEFhg&U_PH%k@403KRX@#mc=0P9n%G%5cqUH~Wf90IZb;9+og4zPIa^l9~C9
zWghDvC87~{G>J8>Hb#0NY^sg^g7JZgpRx5=cTu40)a_VSt&MR+XGQ_OVI|n&%TB<0
zSjEPtz|)&^tOIPrMB@`4(2v?G8W7ctvkmD;9DvzVp`M1MY4`yx>H1i^e6&q#4Hcl_
zFb31pHtJRC^SE4djFfDt<b>AzcyVe^gHxDhFVJD3KXUVd=_pW5`ZG_d@OcL;Z}9I4
z$CviHO*X}&ZZUljkOb=F26MuJ2ca1=l_w|rSRx$6S87o(tOrU5-bm^JyC+W_VM<|A
zbZ93zM^vUUll0y+GasGKb>Uc6T8{6LGp>Aa;RG4S&_O<Hs*(Q)lJ3g`WWwi*K}9aq
zz0&`{8SC}Jsj-cvywl@L)<bTpM#Lh!n?`m_CM9E|LEOrOy}_q}z;o($|92jcjmHxc
z`5#3;b`p5OUH(cqt+4&T9cKq^_){%E?5Yy3ihHFxaiHv9l9rM&ea{Xp*>gTmm5(Ca
z7+s&3!}Rwc-%c=k`SidH2dj5A-L)Wl1So5{eNm#i=#8~2qyz6e1g;XKBT|+Eath&4
zSY34aV<!$#v}kUP^Bwy?qVvk(X?ulfM|BdvxBMp0MlgeJ5ICNUTa6>2ehPC!jgE8v
zc)~Zn!Z34srzpv>_?5OiF!O4IQOn(5gbTd3(xHRGstU;)7EGi(?!SePS>^J0Uu@|v
z<#yFlL8y7UO!8!AS8kDE1`a=^0rx_}L1D5-&0FrxCv`1wuj0`G-`1&cv+PNaK4g}W
z$Eex)+ha|->WJ5z2egfDp|QvzFM}NBVRUjX-t0my&)~~Y>6zd@8{}KAgj@#_l9qA(
z5DRKn+oeCvL(55ZW5j6A>cWEL$MN%Lk{uNl%u!uENnx1IEj#4iv<E3;(y{w;PKHx_
zf@cJc$-U|wRKZk$qO3R-(A#&%Y<fU3-eF3vLM7#cHtW|%sTl1r+-Ya1WnLGDgs){`
z^5d`J%<_|`rmGkw2^QufuzZ`P`s`WNMfD!Yq(p5KsPqky3lFd#J=9ScJ;wl*R}O3T
z^+NZR+yTMFSALQl9|^Q)ge}fRdL}g)qzEhhnr6eTsd0NLAT$-=<0%_LyDZMK9q)T|
zC7Y4<1<344^M281BfDnSZcz=&h1xoibr6zGTLamQr$}c9fk!W@I7Z*aXhX(a<9N@x
zhG!DB^jc}fUmmxS;z6L<bhax1ih%Q3^^2+evBIzsf5;r94sQHuWt+H5;TtNGW2yBq
z$?LYF;CgbO76)ly?TZ{pq2c-bf=qe{eBW!$KN5S$b(AK}s)}`$WJspA>X~YxtV1wf
zfR;~=KCsz_Wab}4$WG9S%-KQ6Q>QqJWwzb->qbZn`Cd<7UtSiDN0Ef4O6lw<?om=d
z;1Q~NDjVZI-K<>>X$>2yd}c_wmu6thV@-Fq*?eczEo*fut!i{Yf_ShCo#q5v<K5Lw
z2%IT<dn3-p4pKe1fE(>W{bHc*35_>BP_ML@%93DW@3Dj^zr0WA33PQ?45otTp-5CW
zy0MpXvHOOLADUOjo(cFVYsxpvr+U`QPX0URIm{d69!rcGfBpw2yE-Ldmc&rj((fBN
zx49Vwug?1y>x4yMMdJYt`l?f~yYP;TW=ep#Qv!xovTzXp(a&&S*LgN^4T#|x=M&@C
z#OtfASDETyj+W1wvXr2Oj{=?bz1P5@+=thhwLo~JG|m+)kDunv0zAt`qlV*7+1jTI
zb!WcD=I0qnT+v5#%hj0A5Rp<?8IUOQ`6v@1Fn!0naA$w6Bi^wyp;Ijc&&brcL2UI1
z{Xp0T6wKl7k&;acPreQCE`PO;5>we<@bLHm(im}-11<8ZIuIO2y;Vc8Bsi>3+IrMp
zRB5=lnnH!Mukxf;&PSYjj8fJ3n~Hw-Iz}mkk1)mTcceV$!aKZeY85lHgaBtU;Z)oo
zLg%sX=LA)ml4lL)aX^B&wDqK;WOZb1$l9m!=@rQAvWRD5h3cA~NQNr`)F+|dS}?TB
zS@6jLeo@zlp&plzL$Nk<J;ZuqbPb_3aAnS&-kmq$vG50uAc(e5oo&H)U&zzhV)E7)
z?L+bs7b10Be=Lr@$v45TnG@M^nzqJT+A+E`j2C;ZSH5tZc9|4kffC)4$qSi+x15Tv
zCS0(RTt|JeILZ`oYQ7(#L@<BEjPT!iW3zbUan=M(HH|Fc?``lWBJvIE=@R$}5)~{^
z_AnOykZf?ys<#_MBDfV8bpul8eWg4<zq%f05QmI=dy8S0Gi7d<){8P=7v;Y(T!GmO
zTZDUbjX<RDT*8;95adm=(5=FpZ+qfNF(jTR?cj?|GLtWlxoj=KIG@-UM#ylB7<mH#
zs*a&Jx2HAnf($q?Z2DnXZj4rLXaFj#1mLAthF_Bfq8W#&9<9-@Ia^+Et_#@QMM%zS
z%j%KcGR~ACKRmn#<+a^VXvBW}cCRwu8~d^MX-*c+l;|m#Adp|2RpMgWn5bsn7iWWh
zXfCf0T4sz;2zk`pkqgijBGc3X0a^G?M+vR4@%w6GeS^AtH{+gZyLpN)arxgko?xUz
z<Y|Ke>4v*_Hs+#j2SmP-mZLpzEyw!zFxX`AVPg58IbPsXf+y*wXuD+X>Ld0uXEmJz
za|6c#AxGLax$;?X6W}drsy!paxdvnhqlQLvZ~8yJtR6HOfGMhWUb>MwR@cBW`0nez
zZ$GdNJgQ*D;r=iu@|0ip`~-rWRA~7Y@THg6N**syW*Heb8iyalHdqfS(K14=HX%p~
z$SL1r#C&xk{ubE28>ShM7M%@A8Lcs52_ylTnU^0OBaL-xPi$m}VrK~0<MOz7I_ZFU
z8ofwL4PyqEE;zb}!sNNM+l!97^fzp~bA!w<_2!&mp{gLQ;VWj$q~65e_k*lASMoZc
zTqO=6<&xp$FtiIG_GIF8X_6c7px~I!9eE~<fn`^+e8&3PpAIJkk(jt^9^_vLZr~sN
z-;d&4zVt_$9=7SDS{K|3&T{(EvYHN4sxaO!+Q5g<s9)##51IJBq@YG2CB$Oer(|@G
zJq4mAV8NRgm>K5}TG9I|7z`6B6aU?SI}0}YE_ps$<|>ROP(`Fs`3np@9PK9pr3~}M
zGiP#iw>gB;^~{D$L!_$)HjD?J?gu_VeMCnjh6fkC+^mc3|J<HPlMEMW@#V%mNrlpN
z|0jLh2reZ2Bomtb9Gy82*Nuq<CI34oMi{fvt%a?kc*vuIBPTCB09;+?k^fV=o5ozl
z)5{2EG~Pn+Skmq|aA@kxpdwHjq&wO=zIOI^y65KKyPtZbNx?dfUEXS#a$MVu4Z({X
z&c|mB!Bcv_Tua?G{qnjp<AF>sZ^p8qA|dD!DNwSKYYK7HY8A9eDv4<)h190}rS&}$
z?sU4LNZ>t-d|}=8j3eFp6ceK(uVHJKTxdl_;}M?g+lOpkY0UZcJh&*NamqGhYlV<R
zC>$}SRbY)lF@n}UMPR848ITTK1JE|X$F{S(qb;!pa-9deII1?vTf5YmQ)%{BQXcSA
zlLE7VKaDwA{|`d0Nw@ur(iHj%XE}}Cg=jC7uFZtvQD_0gX|0GrBW1at6z7B}kre-9
zyh;?O|AIg8p{Hh#T*Y(l8b5*nI*oWP^SQASBz5w#F7iztwoDY=_SgO~ioG`RaIYOK
z(mqj*$1(j<WJoc_(jbXoqqJp(tB&fz{oh)dP08dRXs;X6kHK}cWHPL!2Q3!HUE%wG
z&ir9o>OC$mAmtr2eveFztww&uH~&ouyvDf!pE$(6s|yYqLApKEN()MJ9bg-keQju-
z8C5$eaM{yw0=U@#N2^O!hf-O6<rSdf!Siu@YsX_VKl2DvyO)rnW}8YiuTMm7wAxn2
zI?&I2D{3Su`l7wQICwWrX|0BCROfdC0O@P~WII9*ZGy5=i7B**W58!*%zIko{m`>~
zb}>1&aBk!7-VQ^(o@9vdQ{(AWk(?=B1tssYxo?{enzWf`{eOUrycUAdAo4t{ZwY1&
z5@wwT(|#HrxW}ZK#OKE_fmeslPc977>O>A%bW+ikK7QQ!;BU@JkY37p-zcze$SV4b
zP-0h<qr|r#W(b{jeDhwJESxDl)&**Mp|#C;?9)*HU^a5F9LBaa=KE0=KITO*Z@h4E
zg@c#+e*gV&C2S{GHVF!L>EX*Ob7JlC4WWO>0ukOL5E#Yw#IWHx|J32{5&ycWbCeL8
z#050Mg^J1e^dPh^nR{Z!i@pBXY*Cok<<OC}obxrHwR7{Lx>>X)h8q1>DU1=J%?ZFv
zEu-F<*pAxgd<V9ELI$nIQi9)2U&OdYt|NkS5=~1#gJIa$0l?@i^ZPi|N9^brsi)>O
z|I(B?E-2RYb)L9H$OyMCDRphQou?=t7I{HyQ)O-Zd`v#VZ9~tPyi(ca{*QPF>V5S!
zk2C@0aZT*o>5~MG{x;{VBL0LV>OTH2tiM?DvqvpT_@OK*F&NaEv$$_4DO)BnEB}>x
zwEw}92(X%jok&dQC%C-;iwO?=o`Fp+Wf!9w`0Ht)zNeBkZ-ml&b?`f2+8?MGB}{1l
zd;L$ce<Nez<{X_#3~?l?E=d{-%j~1~ur*)%$Jfo25kY%}9NBJ~F^IS-4QoIR-4x{?
z|5+1NtmWJHG+}6V&yzu@V?NlGx&h?NU=EBzM%BGMWuEghLt>mfwAnRs6L8puC=bni
z0LUqqFc{{ANmP0HyIQQJ3*nh63^;lAb=x%9iP~rhn415+I?QIb^_bl!q6p%1<ZAQ`
zkQiSH?TQBg-S(~Lyx!)pDRAx+scZ};I@XhLv9P0l`nCEjC!GGJz05|l*$?NtJ+=6C
zq=)lr*u<WzYmyg^!ig70^C1iF5ZXiQnUk(Y@;C8gUiv#f>P~m2J~rl$oSfYo4zeXX
z8=FEoCPei8lrQ*CvZ_(3?`okxq|sn<6{<eUo(frL)pyTz%iIy<9u%8D4F(K<pH$5r
ze4{JXwHBJ`-Ov<PQB!QdCsTi@lgH;!L$VM~)ta5NkXhlndfbJJpt2P{Ap>rFfryZe
zJbb53D-Q--!3?hPk&0Wp;~t{T1q1^Xr6ii^#Fo<*5O}#-XV43ZJUI1KRnqb%>9ZE<
zDTWv_;5a`bX-ozQtx2W3->!mm1feNSE{0=w(cyX8B2LNDU;<^)cHYbicGFh8t6uSZ
zsbgOUg5Ooz+375#8L(R~#?gJJT#qHrf+@X{l|gCOuzw-IvMkCDV?<M`zS*Q$wWGo3
zgPS6HIE%jp195trm~z%_E$<1dhdu1PGTSc5H!CE8>z5h{6hZ_4T1pnh%`3(%h3-3=
zaw{;IxxZbkpN-_=sHPPUtSBD@vmRyB66^1AakXZ~!~GwX8;p>Y0#|;%@)xzznebWP
zdlDzU#Vm({>3i9G)c0DfNQ6W}WO?NHO?#ZUo`Of?bqI*~8Z-cEFyyEM;nl*LL<LW+
z0*Lz1G;CPdlT+gkzng^}kc=?)UwnP>a+BA^==VB;dQ|<MhK%$wkP^#jKb5*pN$3}_
zsnkimGL)x5x+DAAky@dCP?nu*po4R3%8@8sEXJM}yC%Lp)^efscIuy!E)k#kS)}1j
z{x2hDmGG(pd+TjpLCT?5>{Ly9Pqn}(Vx{@CoU_J8_z&sUt@E%^RBTRqS&2uZB28@f
zuhTDpg3{^%Mf_CJmP;TL4oBE04batExSj~BEpE-Kj=4)bD0W?m(ItZ};G6>7rlWu`
z5lnfXkWsLxA`E$8l0!s3_rZ39UfaD$u2@#agH=$@FFZ*Yz^!NC8l)Up2DX9j(B;3$
z(zWPQ)JP0<u>>Gvoeiddu9)mF2+;hPFf-t+gAB=k!!;O4BISB@iji&Uz0N)B?i)a3
z<H+$j{(79%T!^p;AB-~9AXs-A?E&)2{jLJzN(Ss{fp7>IP4Ck=ke@VFaNTHPhn5um
zJ;<|9I87kO(v4p~Ru`GCh#F@%VV(-qCo#|OgL=2QaFqgVe+B0qMrRgTUvn3#{J1Lq
z4Q+WR<uLb+f0Fxfb&rW-jF00gKfQ~FG2(Mt>L7@^F-YO9Jd~%&T*-3$O8L{ikug&(
zy!Gx2=oPq053`3n>MP4_jozaLCh)=4w7ywdJM3L7BXL|Diw%A3yw8JQF9W<d+wg`t
z>TZ-FAj0|I<g<e=`LXuMc4}3j&t|%DwE7g9!edMBt52v~(S6hmBjhe~j4t-(k>UdF
zXq}h0>2!tCTl4<aOddr)l9M%XI}JB4BI1luMk*m^T?!Tdc(~A%jXD1)3+l`_oHV>(
zY~{R3T`S8nE$Z9QqNy_YBrq#1$fxWAQm*kwY+<|jv5h}<2fetbyaL4&*B2YQmcfrg
z&D3munFA$cp@!uo#`P$<<49`m(xX^Kf?h4ngUFEhL&<HyFO_lD9VWNb%k%!D?x>os
zcr4^6N5-Z>Cb_M5J7J{LqGWeH2o~Pg=D>5Xf<z<$eO6n1VAp>Q!+f4qI&2btY?V9(
zI~)Yf5)wmiE*XIfYpI3XX^D`WU&;4~95$|YK8@=}NjFRGF+S@~YLXqeo-k(lhp|iv
zoR3t4lJDUS{0G&CJG`<0$&e3T(4>WFxD2Uo@?O%h4Qcv5N~3mCTc-hElXJZ`jc_*y
zF?qHX_~*p-oaUCw*8)liSM|r-A)Z(D&znB#K)JFJTem!d&<<`AJ#>CK0t(L{%=F#V
zML=ofuj%9G7GMd#e!;FH0TF;_g`f1^eQl=XbNxZ_9QLS?(MM@m*-iGfa4n@m#Jk@}
zrh7BknY+s#=-t5=b?T`DavGLHgdC&}=xL*r)~0zn`vFYgEGI*=rN;XAwx?jZwNh-d
zQsH9ytGW7jp+~GXBgB4{7fyu0MC^Wiv?G}84#i!kWk%+ajmNrk7Y8~yyQwtSI#q0W
zGz|Tykv79llmid4p=w@R$A)DT26BP==r7I7<>?=JHhXb;fClidU*I3WtV4yP;gXlA
zSz)*E9sQ+{rk4fsicY3{vt?(OYRg+T21SeV)D*0<{N;cvH<(<g=W(l4$y8%V{c^mA
zw-<=i_Dc%(WLi*NSv7nB$K8zgC(#E({z-&}JoWMgbAoXP4HM`UdE$ZY*R~AS$zTYN
za(*hdJeB%5w?#rwc<IKSNeHjfU@eI`t`NhE&bO3alJTj?39kISOCO1ZWJ=PMG#ckQ
z)*o+^D`CPqKVm=-<Sf}XjbVDT$U{5jU(1{8I)0@CFoi|(amYh}-QTjfiA38>hO`Ip
z`MT~$4~LKH&WI-yHkWAhm!3P_Z%Y3%6&5lPY;=TqbJ-h6OBU}}d3G9ibA@pCS3ez<
zUnbrz86X770F{NS9W2vdx=PT3yl9$-XMU*Xi0%w6Hw`z3C^<u6=oTb36`x=92vR#1
z!4b~%ZU$<&x`wQVK}<By@!`NC_@F}uLZ}@lXTntl#wSFKfe7(O2fxRXs$L_glnWaL
zaSJHioWlCA!-lA&X=zUuXFC6;W&eSQ>CW6IX%N~DWF9$>JDtd${aDs~S^~%XsZDQP
zI`xIaT`T0(_rsy;s~Z4Bkne%CeMs*@|5EQDIW-HT1wGWR(zFX5)apa@`FcBt*UcO*
z4M%37r0J}mHrIk3QA;Hzf!%zj8msUjF7pOI8R@sMSJ#{PwCTd$P*q47xN*LptQA3u
zo{wpY^{Ud*e+jw8RQfv@gC2IbC1)2T6Dh0&AnjUC%vuo`=;f2Qy4Rql{nc*0^b^5f
zzP&<3n$&5?g>kcfva`Q_#`wSZ4k|N*LFaqiUIW(M8E<a3?+P2)79QS>eua-C4N;{I
zJmtkj537A$b*2}f)pv*@y`O`~cbt_C@>|{-spl6LNQt0hQb#a8!1HG~PApIfonoDf
zTvk4Q<0oc{*poJg<F^kUMXuP(J2W=2Aos)t8%NivP*b+}SSPS0KM!v9MVsoPNKp-N
z{{}tesn{=cd6Bz1XriR12mZYHDN6%ghBxJ2#A4WW{8=EdrgQVQU8YFXTOX4rgx3(_
z(+*L|OQFt)HT@cr*e@G39IEqNpVkdlv>Z*A13eh8X@a(82V%3MW#g$a$p|z3J||`X
zd^s_0unAz3Y67@L>F|VflTjNm|EqUe#H^!=z2XVA>W0S`!xwU8D_3K26O0iQVb?G#
zE-;so!=(nE-9=k(S<LW2!n5<ZiN>oKKlO=T89tDrN7z>?Hjz&I(>uZE6IUfOlG#%X
z6sW<#fgr`AI@WuM-tP3c`i}0)UY3)bu*}I-_+3*P5d|fKr|4RE>Q;7rdSc2nP&^fI
z7cKIZGNnVeZB!q1<_$pKSJ`>SZO%oeuqFXQr+yp#@Cl_og6jH<Uhyz2)}3=!GB4+!
z!^>vUxVqDPr_ePwR<tjjXIH1K`I13LXB5T#Tr_v`EV#M2{HG6E6SA!WYqGQW*X(*M
zqEs<#=h{?Rd{ai#<bPApAPc$z@6rP;c9x>Hk-JWRP$WVb{H#__HliG%l;R2qv_HNQ
zD$lK#2>A`lCcJVgR}pN9pE+7I)2-=$w3j<OCQkCwPj42$w3EKATcNc#BVn~@+&MDL
zig${EfM!Y>FpvZNheM<nutZfLyq*7sb&ma7B7Ps%Gt+~}Qb_BL2n((9vrz4u*lAeF
zi7Kb;z|kfOdwlzam1(1~+{1ZAI<-+1bm>Damgf<w)MQ%tL(C~e9ESE{c`8>~*^N7N
zkKUGavFTd#Y+lID78NRLai>=xZg=C?YBx>$2IaayC7=|q^?GrK{1y+P^3wT_;JBMW
z<l5MjXls+-G``N^lRsPn68c#?C0c)`mfqiSjw2g#I#&4WJ^*bnHpzjW9$G=2O<|5L
zN_1B_u$?TFS&OYeGJ0?IvXCK!^BOpuwRu~W?QlwLef(QBcz9Dmc0F717kAAWghf-{
zaGvQef9gnJ>C2VNG;-7RB@nrQgeTy;FXA0br72pRen2o@K~+tWgAE@xyM*`}N@6B1
ziGrNw&QjNqe*8_|xIr2g9XE=MDh`;lktnO3il#3{ziWr24B724&b(#IlNp~1Sk@!m
z=!~835Wk)?!QG98wQpUGX%}yAP30yy3pC8(zMvl|x3*JXgDGo`pVClj^f}LRfAG5Z
zs=-66lYz0wgo1%fNO`7kuVS4N-}=7m57%{lGiQk?e7=np#eV%)88enOIXFvJtvRRh
zeayyH7p%$;U?0$^Pbt`%hLcYinKCok>LKw0d-bKSwdJzsH8i&jSPkXK)!7IVpBdp;
zjP|{$tIC42;Dr(59t%H6m?*poum68HdH;zJc%H>?sz9uz&-jCc7j0H+bG#-ou!kw*
zyF^sH^6W}(ikkmfKvLbw8Q_p_C&DKfkdi(JFNC|LmdKq(uQqN8t?W8vEcIq%g#o*)
z2Le6erC3<J)%rO~sk*s~lEmg01&u9ev~eWF>r%0$Vic>FKhSRO7n~hLCZa|{+*8q{
zZ#4#BkNUsi2W0-qT>V!*bPx+P%u6NtD{5PQWF?f;3Kb3CtstR)K)c*&^ptP(qS@}-
z$$ru*jiR1n&D)U*Mc`CJ;>VFopRU0tS@N{1o}5@LP@&?MhZhA%l%WHgfqQgOeDFXF
zbMk|`8_Hn6f4BUD;Q6))rBrXdA{S|WS&x?k_gQCC$CwbiP(wA(I^Ho0qesJxn?_tM
zdazbz%`UMM#54Y{=An8nB10)Jt2_7>kbUmMprv~@J-Ox&NO-Wy@q)bI!IM%%ooeGR
z3a{!T=0$H>1Htw5ID2OBP4C0=ZZD2@0lZfmYZCWg*FvoKI4xo;Z$f4+BVkY;p~(!e
zW^NYPSDkZQO87+UvI0*Z8o_M-g2K~i0>MCbgsfJj7SMy+)$;(dzf@U(#V--#v_I%t
zYDH?h;|T%9Bz#fS`GUF^0kEQ!Ge>I?caPu??FlZ*tc(MpX;oTE1v<N7aL>O3C+P35
z@KkO~4s<0pY>f$eIKDXSL(*v=%Mp<QNBoxDF4~aF)Oz$H1ga|r1A_pi@b@|r)=uCN
z)gq6(&Cq09m;NSmRGdwnE&IkJHI7#Bwrw!$IK`VLDyoKptCyQ{<w@<o+rtUBueLP{
zqoYvz!DP4#V00}=>{Jb+DBc8`HeoEg3&!RFW`UW}71q}_VShyt?p*NgF2u*AT7qoz
z5ekBsj|!z}jL1WySY{~{Y~nT-c@8ry=1GJxH^fsQRa20C;TLaJitx}hj;B%SEzr(&
zw|lqCH#U*^M()G%r0yR7H-UyZ;{%eqP`i9jy9QStjljiCW&X2XhC}r(gZk=g72k*b
zwCur7h)ywesNb-dwB|c<hoJW(;G`fo=Xb;)b0m)0k*nAvoD;IxJ6Rd5worz9mM0m!
z0fMB^bF65fhTWrXIE3XeyT({Ft7d1Qe}OStMo!<c+!zTo=mUUNG;b}xKTzpz^L$@!
z6OeDan%jL<@|pwpLI?_fOMaK*QOzk7K}Hu}g!@L*v(k-3u&3eVU>hnn?<CAbUQn_>
zrxYC}eb3&ga63TtLA?rrx7A1PAWMZ8oy)#E5U|q<dl&RT01cDa=7%{-U=<A-I%VcL
zLIv&`BBh;_VCb4d=3&wlc0hSIx%6pf*q6B-TN3kEd%(-w!wX89qdjQz6t#I11kUy)
zX9Fz;*Qhc#uqh(=GV^x@ISl0S2r?=4rU>2_Ay~LNOFsjEhdK2DD2h=74-H?L9T~Q8
zKQaPOa2m`@MOk8!{iooZ60Eo4<?<R2(`HQltx&Nn3dK#%CWt;i`1HX@{78wx_CPG~
zXI-}&526CVg0t%OrxF88==^>003O&6EsO_2ET<#XoeE36P<{#~qBqy}-Ja`(8tO5M
zEv=`6s=_`8!^3LHeNSu-e_`}J!`X{^p2<G9nU(MvN)p<S<KN&rxj^qRi|a4s7V3G8
z^p3Vi*h&<!T?DVrkO2Ry5$~`w(z#wsf7GVC{Mvi8Qs0_zw!hZ#l8jQCLg4+~?0=<6
z8U?3ly~$F*%}!dSo>k!Xe{Q!=r<hrFjxut9Y{D)S-Eu`PcM;gKkv1V~jo;nLrb*DX
zaSL3Bh)RDCCP=S56a}>iQY0Caew^6!($oo;ba!A3qcip@7?ZTe=y|KeCJ#5Y#8x9J
zidEG+huW$66d>-%Bq6zkS{eZj(=V&Z;tokJM+AgfNU(mSOLlU6S%URRcRdw;uKfst
ztF^o~g2e2c{V)O=teZsOpo`c<FBlj(n3grWti00x55&yYqwkJ3(Lvx4>ar56yjUSZ
zOt)Wr_xbW;P5iu6Ygp-kbYjL5b!lnT+U})_E4pPiFJ-q3w4N_rhgnWs_Lw8|zxeuI
zXpAp7pb@0G8golKVk3aTDfXyiw={Vea1Y|<*rbeOAAryX6XvF_vmYHeT-f5`q(gl=
zAFgX)`&Zc5O(0i8D0cTUK~6vwZU>o+sc1>N9~48TR2ow3N!;6RiO*ECoj2&QN?pSL
z%F*81M9v0mV9Wtyt|Tt!s9=CE_udSuKZI_>AAYmR-VWpJW$C7@$+h%yocR51_`og$
z7bCuBkG_vjjK@j+-S_U6!sGB_IS$KFy)JMX?##2ParXOnDOh9V_YKp3SBewaxiVW_
zC!CmXhCzoYA<azs%^E@|aspgPP*{AUyhR8udo>7*(IjAx;2xw-Yru2n6Bs62rGZLk
z?yqFw5sKv@KQODsbultc>s>}ofYggaA46q<SX$GFevSsTox;MTvKZQ$&X40ml$^C`
z1udqsNaW}lC6G|~-Au8ofgSE~)$WZ}KuEa4ZoVSP7Jr?u%uVL1&}GYkWAkq`Z5Z*$
zJ{bJ%HSi{3xfz7rV(jloa&Y${6KoBck~vrzdl4C-86<2C4i%kFl5O#)HNy#7gSt8S
ztr4<{6n>=fqD80Avy1m|yyT>hm(HHVJT2AmS^EV)>rncVFdOIQn;ui)f9h0noypSR
zXWEXP)5Cn0``$eQwo}^%YN*<cc(T7AL+bR-%EhT42@n;AA^~iNnx&47;5#7_Gzm8}
zSPRrYa=~){v1Sa8@v@_0PoC{jq`otgBHbbeeGWhUy=@E97`h5uR?xPak8nBwX9Ci1
z5#dc848h;R18XKS#U_-{5It5KB?0Sg-OscFJ!mV{3c*14ba;C$A9g)w4OawT_yKyr
zjwUuC1P9EBuluR(`qM49ij8#p(8*f{QxXCXiUjPGOVcX8Btx!CLWU+#1xf1;acQWz
z@Jgm=1Vi&79tbtItp%g-X?;}t#Iok~6r=P3n!BH;6CC6NAhZ@zbE_fd+UKuJ+76me
zV$PB{#zfZp-ij)bOC{a3Rb<9Khzq#UlCc{&FqgW=AZB`*|M9>eyZKEnx5j-711+Tn
zJjcgSEwN*5k}kl_kZl=vN&#7(z1OO1__5YvaKRVy0ZDgCV;_^*=Lf2};+MQD$SsC+
zv0q@4G+vMkx;hWN@cKCC@9f#>)z>Q6?LQe`)P`u02^Gc=)uh<4>F3GAlEZ}fac*yg
zOo9knsQ}&zt{G>K5=i9sLIBToXvr~u&_!zB`3~zpAsf{%;2{e5Wob!y60a)HZ(=Em
zCN5Js%4hL7IOHJ1%LZlsK%i>^*2UT56)o4Y*J$@-V<Tt3!JW9?d;fH0UvX%!Em;y)
z+#YcJbS`ym!3N>Tkrg}S`D)w_1Xtzzv3-lzD!EYSg0U(*a>?mgJu3R;Z9Mh>9Lwrh
z%F#nvsom-S_Z*;_`R#JE7~C7}&{nd@r{Dv4#o*I4JhP0Uubr1rBLYmBenEY)Yw{uq
z7N~RZQ1W6l7{B7X00H^g<Lp>Ye1`7HM-=OtJ>&UJsx=oWqh@-f`ld%VE*ZiQ%GH?5
zOKrz0=MMivgu%3-Eyw3n+4O}HQFo&V`HlANWsBR$QVM1JR2lGHj9N(iTnQeq3Iw4Q
zv3j&~g7Y&Ck3)>0J!0MmGNTV5pD&KB66aEsTA$9`{#2dolHZ~Pf?z6GoGRi3-M?vq
z_*<?8-=C)OoTi`J@L>pHUx0ZpKh~*)XDC-q!oPgCH)1$CQ(+7lZO1@c|I?!Gp$BLA
z5f_ISo3h1R5^niUCky!fB8;B#>h-qsjNIX(EV0MEt^Lkr&wsUe!k@28m8Un2(T^2X
zuz+oKCFY_+>G3#(hJ5t9mMcC3+AK_lC0QSHF^LUj31mIVFO_w3Al(o=XJQ0?xB^HE
ztAoXt@Y(k(Y3K=3PTuIqY&65!-k<|&7hMooeU|F4^BG)?MIs#t3gxCCNqaw0bB)Hb
z^11)b!O;j^yA<5`#cbONFL#kSM^)Ej0*HO9kE#jc0FXR8lK<Y69~%D=9#vG6rf(qa
zr}0>D+tYR_Qi&G46Isp%B4yLtQ`*|vk?fDu_&$HoWZt3=4J(KIhBV)X&PMm0cl&?V
z#hc$cv$JIf9vmC+fF*Q%>@Mw)sg3T+D-wD{)BukFAS-|vD?Xo}dDyiNxMZrhM3|pI
z$JN}*c81$@y<Pj}DB@hzlvf!b6f#?uq!Qyc@8pnf{y1KFkn1%>R%FM{yRG1Os#_Y0
z5yhvPpdd{Kr$-KCffoS{xZAbBh04@JkGfJ6{_+5>oLc7G;Q)YX@ine6)Lcd`wo4zg
zW2+s(E(x#!#LP$$(CMBKl;ufSaXSv828kFCH<xiZ$p{3jV+bk4FgqV%?M~u@>&qT@
z>$g%L<FnbhV8YCiQgXB~5$(EvwU#pl7Fj$?;lHdlR*g=O+%eEOLsM_g*oL40@8Xv<
zR~4f=OPgH*ssQ$xw%lT~>rRl<KSAikPLMtgbgSwFd3=5IZV`xR&<eeAxy|>90ZsdI
zG`0N@T?w2B&(3q>2Wa@>?+~|Ummubl)Y-vdx-wNNM&nyJ*nZJELeNxEBdsW<=D#9M
z3*|ziXpw&*DPw30^3Y<|-v&TPNHs!o5p&|lnt?^n!+94OxJ^XN)V1m`IHu+@*l&Gb
z=5uEwNcIrv&!%%9*oHI0lt!w4KwYD43};tL^<g|0!T|<V0sJmDQ7rwU#45kn?w8{L
zTAdShFDsZ=LlVdD+VUpf7PI}*JHT(Ral<Q>cI>OQl4V}<FUmxMK@5C`!eaXb$;xq)
z#!rE<Vh=wBZMw<C9_8CF-UM9HlYITFflkNUP7xrEi=dBX-90-mN6$G=NdsT)vq^~6
z{!uzAogqoV*g)s|N(yPD8NJS-S|GUprdaPEN1&pMJ_20$&C+;z&t<(+)Xx*-*Xm@&
zYu`Bj6kMFhX;w3p>_?5&svyt-quwokGVh~uF)(ZNB55H~PpY|q2anf@ma1y(Hf=4)
zye&SzU9u6xdHiu`su~-Xhu$|>!Rs&C<)U#dm|-&z0&%^4k0Z<@l01o^%kca&DM_ko
z_ZdF4zHBe7%GpcY2CS~;g&}4%y?J%^N9nbPXf;)_PK)q{%trz|1d}V*J{=-TL5pz;
zXuaJKSkYvOy<X^G;ed)P)L0(lRO#p-!sI0J?w!5Sf=h=`zzK<WRBG$d4q&>VWs2lh
zk6(;kJmdKyS0^rV6baR^RBR)ASXpBlI@6CBWn1uprCFHju_F<b<-c?;_rV3-Tr%Nl
zFWUD{*Rn=IIg;dzZ3SNfuwKLTT!-wfi=^&NxADifZlj0SdSgldsS_%S4rJOq)u212
zy)(C;o)uAGP9V_(DV(fN=1_KT-N?`BgrX=sT4Fla_ZgyB*CQ($Kt^zPZn$Z^X`>Ez
zN*Slrwb+q73+LeWg0Fdm?-E9dOd1SJ)6O~s3Gc&RSX8w7oVFoG(tAcFf3iGdQ*Ooa
zr?z-}IsY{Gin%W+bDijF1@v)dwfR$9Z!z>&6?Oy@1v94d=E$)hhZPLH^l@mZ;)SXh
z*NY_5u1v=SO%44k?eYHQkXPc!Hy&;&2a{9fbPkJ1aRqPZ@L=7Es>sRP{G8ml(#SA<
zN1hJ(uIEAt>L5RVf&-Frvz3CjM0sQy?@tnWMYM3svrPCocZ^$ng0d&;?PjiBF1&F1
zRsY}$xQ;ga5p|}5lE^}H2OQsn4?1fOTbC$;{MCN30#V?9`EZAoE{JjHk?lNV6BGv-
zbRc|o4V>0Sb9hPPfn<Y$Okj0S)ms<9-;>P7&z_88_Sf{n44+a-TSaF$aQsm1IeeY>
zzGl<1I<*VV`|N8?pjuSb0Ip2nQ*NZx(e+C1Lr(=QWlk#xJwN=CoE!J~oRd)65X6n8
z0=3WN_>VS<|0p*y`V}5#+Y1sN=1U1)JW!ckbBtZc2#=+Qa5BEQS(DISe4kEFu)Pk;
zCz=Yki|r(mA{bC>iDhfj@Np??r<JF*nc*kwoD39XNx^@A=X4<l&qkp4l(d(R{<9S$
zhYN#<k%fu5GsNs&#S&H@X@7bJ#56SMdqWjme}UF#ro_0_eFiBjyr}W{9Jikmle!Xt
z=!yqbzIv=*C;a&hlh0}46Phgx;>>i{IYukiMg=f-fiiTv+UQ8+O3SMpUWbwc5#9!b
zf&Xtg`NmYYo$cfctQ8*j$VG28yfvsJmv~9gdyGBCNjR#H->`z&{{t<n>27LH5P^k_
ztVNx~<4|lQ7{}{N(u^6i)%uqrl<w(+#OhlTFY6Rj`7GQGy>+|`HA}tT^^`j<(=RMW
zr(-M6T#3g<i<6zYm{8jpiH537*#hBORMD0gHhIlh^`@Vp?y6!@QEDz{t@gz}Pgmw{
zJk3)N3pDYt-BtsipZo!U!G~eOs8Z(l!pCUH+_WyTw$~t)5#5?HVtCVCTlZka)G;$$
zf~(z{(^^Q<X_YmZEEy?5hO}=Vg<Rr5<VQ-@)%1hl@0b_^k#h$rL{zFH75(f$Rk`|?
zG`!bdh+XwU;-}nkRC7=}v*1mVmW%4tpQG|wA3j#e*%u!DhmGj;xv79cW1Z}_kvl9L
z;1pvgWK=wMk#CmaRL~<irE{=~WNJxvCm>bDlCQCkUQ1HG80iG|L13mTizWQ)1GGfe
z8#k$X6wa>wA9^Lg7?(fr1$?`l-3v~amI6~OcFB6^D(x}CP0+0`Rvafojy&}hp}`(m
z(AxuHN(hXmz7GocfA{~aP*jsCYXVT)J8JIwqH`4lsQSi*%rQeP4}E+jZPZRilTOkN
z8V*Zxay4EAVI~Ki$~g#2=%!ePY2C!)i}QUpHRgca$Dq8=QWV`okS5I<1>m-A+qP}n
zwr!i!w!8mn+qP}nwl$6W-Nh3XwX0oaWafL$W|&oefaL{g>-3nOvR>^s^}(0<zyylD
zZ}<^f7%$({&A*|=!S|l_P+sEDj2rCYAovL^S<zcf?EvHIY~MblqmHW*;uEgmhTqJ{
z(pUby<^q-bFxX6*0qeVFIk)8TAF!`BP8Od{eWSR4ogNy$n)8$1%^KC_ge7R<qUCM*
zZqf$!q_yXBLKQ*H`bAaX+dm2+t-W-`(UZ+WrYP>Vj`D_Q?){oI2yN+zyr7lo2fdAf
zKyHH%B5F4E%RghNqo#50#9hgbdu#<RGhvT<4^A!o4_`&RAXW@4tc&9TXzxU2C%J8G
za6TG7hU3`NS`#m(!o;{>pu1#Y$}aj6VK<~Sw_HZnj<_PGx1t2-*1=DlVek*_l`(31
z0~b63PAOLFJ(yaZ9R0Gg;(CQ=u|EU;nWIc!OuJWaKa!fXCpL#F5LE4@G8USp4fmg=
zrnQ)}y!=GpAJ^9A6~VRzGIrTBtXvZQgX#4nYuP!L1P@)*yAcNQZ*V`q<Eu(af6qwi
zg>F<3_ds04%iG2_#_7fcR1Cqb8BW<Rm?y`q|K!SD+k)Khp4Jt}7UBJ;H)Pr=hG63<
zt2|0<M5!(}i~1bW!Ik}ck-Q?G(88&LPxW#$Zlz8pruMha8u5E@KjdzwYH^8hA9xZa
z{YK%d7#dw_O=<+O7K3EVDfsm(d(i!O#3@WG45F+1ev{GQ0uHd(S@Dti0lI3K8PIuN
zecLy=ZE;Lprz1lsLg6K3%5f<A-=@Dg{br5?=G!L30A@;&gC0?Q2!vpkMk$8K!#@#W
z`Ygkb&Bsj4>3wp_-!4I=U$NrN_6_vwpkI#w^{Cx4ir0}?jv<R2(xUv@UGWhD4o?de
z#N0kn&9gO*bR3YKT62lk^w8%<=-Yi4?8-iM=UQ+dkvDnP<F`Bo-mdROLPqj!s2r}E
z6sEF{iBr025h?|9ux_J=<+?&1!YZXu?|I_fK9`9TMtZNbj~2GA6IkCu>k_JUmg>z{
zD@AL9jhH+Ej{yyKb$Y{qCI{3Bj_OgN$tk=R$zQ!MsnGxhpkdYSHqYMkw7&+pzDN_O
zwJ6k#l?in*+=XrG_HIMTv(1*>2#Es0+GP<z8d&Jbko<K2u?Bc10?Jc|X8wV#Uejbs
zvtT!gl(#kI(5UXy@r2M)aQkN%UBa9tL3Z~4M?8W>BS(eoO|Hlx%#Fs7_m9WrxFOJ(
zVa)kttb!aNH>fOg2KqYgaBS~YUMkDZZl?cj02e*KXA%1hORRNImP1_Xdi{Zd>t}K_
znayYiJ8kKTP!~<=<I#T6{*^NmvV*o{@5kVk-cuw*-F0n4Z|vbQO>Z;Sm>g6WG1ED8
z+e)`vo<}#&TGM&1bPwOIfvR*PCn^sDXkeat-rL)dktDNi?V;;T2B;y<9uT>fs76xe
zb7+BYzt1GAF2g*nZ?0P!$K|vsS7n^i-xk9bKPdi<Rr>Gjbhu0X%2w&`Vn8iN@k+EO
zD&{yguwFO57!g{=c)iteWb=IGzo(EqOIq@B=i!4wzord!54`I=-%v;;Aj~&P+7G6u
z<G%YmiuzP$x;L@1{bup4xeH-ovuv#SKh5<w=J{E`a>~h#5mDftSZ!Xi_=quyuZYqK
zpk-zHJMqkxsM^OOX<9CBF2zD&(0sYBrmJhWd=5cs)UjPKO$a59>gveHGd1@{F=mia
zYt%|-0ncBnWW(0w)Ic)m*XpC7Gk|>cYp2tb@j6!wnjx3_-LruCHjS?~R%OB`7WA;M
ze@b_MaVSZ>pf-hp?Ke^PJmqA<GfE7FNqBrqoh9qmNhG`_XG1tPuMsPLk+0NoQ3(Cz
z9M(eL9b`kGY`<4S2;rF^I<Gk`1~tmul$}*^fvkl~nV;~MnVDUWj(hyT5PuZLy}mmJ
zt3CN+&e*W-P2*?A-z9&Q)mL?G+rktaCAPWUX0hSu<@~O6-@?gROJ35WvIRGfW_obE
zDdMJIB9=8uBtCwmpo?Ky;Rtn*#-?ur=Fg={o~Unn9~pjNoxI7#MDLVAZSr8e^9z-c
zMm|X#y^@Zyl@&Dl!vAEeaH;AIJg7o}!>+QPTwkLVa}ftBima3RiFzchaBU3M)h<vr
zSP0W24=8g>BI^WE<1mz_Hfy)tq`zHlO~=gpotX^@_RGKgfP*w*h}e?lNm7q(y0H>x
zc5K!*Cv<|U8|^;72J2z*Si5-Dz@L^NRjt{9F}&l$+n`ooPL_3!bi$2Qa7u7|+dM0X
zy?6mBM>cUjtD_OpN)CRp&?@YCrV_#udVj(E!=<lp+)iw^jUs`pPi#~mjkpXR?CeUW
zOt7O|_fV!QJgMR;Tr+@RW)C=N2le8MiER)58>x0M0QIEA@xkL-4k}vo5d8M~3B1aZ
z^NMdU)u)Cth*+KnNltc-QA(3}toac?neoIzt7cJ7(s|I3U<jsGyIp<q2gj3fF>u)4
zH%YSU@NR6UV2rc>WrR)~4WBcSClOGuC8<Xhb0hCID3o!GK^bBP6Xhqs)*E4{5~qcF
z9h3us9vnA)T~tK=x>y5GTd-9fB}e<(+P&`sTpr)cw)#1PVpioijzRz*`><MqAJ5TD
zVrW_f#0d3Y%|B%LrQw`pGeVdS@iJj-D5J_2=%PwJUg&LBbmQ4^4SSL6qeYS2LpuAN
z0C%I1RlkYCJBo?kU$ou3(E%j=0>dVCdbHSkDqqAd7?=U67@}VhcN5C-%h7fui$TV_
zVV)3r<iJ~|Kyi4*ww*H}h2}lv1c68sRUD_{tq%7sMU1kxJ`DHpx142zHXrz5%Ap{G
zU!CNa&r4$JV>bv(4hIcWaXSgC*yfdxvC2S^%ujy5P_umt*D}G;9pEhdYBsGAFGJi6
z_qu5cyXhH{m23i*)7k$F@Z|=TmFRWvn-YdFWQ%vQ_cKibZbRK`V^^yWXKeYj$6a5W
z`gpSzR0BYGmWBv#LuP^}H{L0Dq$`#q(bgfknfK`w7{uT0OM!(Xm$ojb8Q8-QyazA`
z^#`*iQq{KK6vAFxYAq}Xob_k_cIGK}YcL(%B9Uc~!1eiBW>?76STVL{`E@ZZq&OQt
zmj8s6MB+xEv+yEjf77OYZ1?3)()}kgmswoI))N&l?AJa?N>WK2&QDZb_%Ndbr5Usu
zD@~tek^}_argQ2cLEMF}&d&XN)PP0~Q^g<rZz_ZD<G*!s5`F?jV>fEGKaI{ElJ}$U
zciV#3;D=*T0iu7Oow*&Z^o49C_SP2B0t~xP(H4T8f=4r7zePjhkHzn)WWg5;b7(-y
z`NUH<UoffBugYopSG@rFk;>4~X#I*!L9m>xmLvQA_m(*Vfct9e>o%WV!)>!|5Ln>T
zo3jV_*-A^!WKX7l_{rBWEFwIHn?C$}a$bpCs<L2(wIq3J2`*8TKaLT&xaQsTmRUkO
zI<{53?H}K%TSM@<dZ1(P!~m%{?8*^+O$i(50;&(58h&hTx@*dYI_-Lq+2AHXRqsHa
z*4ib!AAb`LK==@ip0E1+P_?y_HYSR|Ut~yBH41XdC;r-q;LfUJj2gP4IN>r+F*ium
znxpmh-KgW3Q}ww8s3GQ322&N(c_@x0#P)Oh>?eD_f{A14tGtLd3_`9*bz=ZGzf~=<
z7p5ke{H4Mx<YK!QAR7AN-$a3JhJnQUb#^1AM!~r}W#0TK`13t1dWK`p&3+y0&O;M-
zC9Wd=swD*%+2Sq$hp!{cWyB&4HM|f_l&4tSmK!^2BE#1KdDvl&#@(8GeidMzcvvk;
zEJizCEpXtKd7B~X*8p+apvOT5jsBVCmog29ne+O%s+PJOE0&*8jY&LlF(n~ECHr>z
z;4?f#e3`;F?<-OYRA^lj62sZr(E}mt`F*T<BFKvJ)?-FPr5Rw@a1hMyABL~FHpl<x
zw!f%i`~&Ig)2-V#Qd`P^51I)xk?q~;rO1q6`|o`)%Z)YZ$AomXyv`c1_sp>2TuJ|b
zm-JFxN6mTjxx-yRf1u86(yhsaLuQ_kg@iT8+vw$OBeX=HHqMc7=*G3MUX;H^!_i~H
zw!N)~7Ck5}toixM1<e9eGkfgjfefP4ZYYpnGuGDx1~aGnvEYZ$`S73MAi2?$%!gp{
z1$N1F$6j(fLy&T0mJ`d^Av#28WDoViapVeVRF|{zIAmP97k*~tbFR_oD4XB*bv2ly
zH&Bs+b~kh5FMp>?jvWhT5VB<<q1F1IRfQzPNP{CPzUz>Uj<8%Wj{7Jjz>6~8l;_-R
zB27}o%0_RQNuaEfgjc>mv>L+T-_SUH@c!~k&a7?b^@h@$QU9Tv%#U3vIdTCa0Y&`J
z3F?oAhO;ux<7r{p*y6x`&omJ+*HfkN)T<=2tXCa2{j=%B_y*Qr0(Y3IbrfSmeKwL#
zUS<rIuxMeN@ZdRW6?Cq`paJc<8sRgn8bA!RAFk?OaYAwe{6<IlAx)g6w<e)ms|2wV
z7@|?OO54&5S4b4OY`@JaR-=xpXqp!PJq%wfAiO>bC|smh*j)-TQFS(R64UM^NN2U0
z&Ws}C$6jaz;x0OZV$RGni|(@mn%qBYJhu+mUoJ-#!pbpJk_?9E!tTakG5Ifj+T;!j
zuIFOd`|p_+A2foVJimS?SN&rj%y9`-qxg&oH5-5a1YcvVzJa6xKTCk@Hz$YpMqfnp
z8zD2e{y8@46hNDJW?9f4C8QV~KcsztY$J8`pCylN74fux6mfngKH*@~(86{Ui2Pi5
zDuO^gVFS9tA0jWTA&9FkslC~ZGN$X}Ei5c0^M>7bvdMM_Rwh3`JIfl8b9!k?!2FBq
zt^XHG?x#rU0TLU<C9Wh@3AAK9$3`ixY+!zObx&PQziIL!tdTS{!F{x!P?D<H_?q6Z
zMH<d`%Gc1G?+?2`zK#+dO~&NgAf=j#NizL)uWV$hk9bWxnhL=k`JeJkEp$K#Na%eo
z|M<8Qr~WxOC!Ry!_|X(p#efKlpR>&*P9>d`jqL3U2_B9lh%X7!rJZNJQ;Ko&xL;6h
z_oLYc^pIkRh*>sUtfp%*t#AffwT$|n4u4l{m-KS=j2PjCt78G*(g20zAUo>-D4uRj
z%n_=^-k0<7w%@y{5v<MHu|Ixvm7?{B1aSGrNK3tAM8ZFY|MrMu1;EwP{`Ijsc_rd_
z`n=ULy@RVGtlXIu4Qf;*JR6T@)YW$gti?hM<Rgz?e=+%$-ap~%_Gq(xODj8Y^xfJ@
zSF?>x1nG-{=Xd9k7k)rTHg=sd>p0S~G{c=tiReM5X68OakvHK{le5!msFeS$dvOz<
z?b>g>eZu>fA$Vaj3rOwPXhG~m!US{WGMxPl4*W2RTE^5YvQ7p!3J#`{7sh|8Ht$<A
zRC5maxw(ZqsSOQq6-e2ta@5Z*4iMxa$u#_@DQ@#2UCNh0A&nI12_-+YXhRhe+T3ZK
zTnIg9oTrmS0V&E)L*7ZQbkI(?zLv676uE_23)k=aVzn-2&H*3e&ulBO8>zZv4_e3%
z)A?Fgjx}hh=HVO#6)}iaFLn7zMZEMhzemkq2b2Ao1UDR9^6OD|LE;#|W)Rt%bnb*V
zb21NX^2`hQXHv#zz;pVaXK<I#4D-vOf0}ozlqGZO3MNI5xyVR`hDinrrHbvix@DPt
zXG3?wR8-im&J-;r%hZ^P$w3j%n?zk~V7jQ^>(DMPm@%yQcq^7qBPoAU2|c;)w{VLS
zp8%Gx%>g%I&cs?&Tg1XYU3!&CPVm&GjTSv+Y!t4E&oC)Cw6@52n(ZRyAGvB)h-~<n
zSAJ8g)yu*ktqqQS?AY97#fU&CpQP4aBH#@cfBwQD{G7XC6Q_$gZ31dM!4IfABSyfs
zgA0ufg!Q(2$e_%Bo4DNSm<t<_YGAzL{oeHxZt_VJk-nbueIuzM<n|gaH*Kyhqd>gP
ze1YDT`Y7w<W{ZS)x}rM4ib92rd90PQMH#HB*uJ+7b}$Dz7dGZOtOvP7b^}G1#@b(x
zncX}1^L*cin#W9k2z%_eB3AF8%ybliM9P{wjp!$Zp2T(Ut8X=^a!ZX4$TH-}$dgLx
z=bGyaVo+04oDyl80t;<9@AqC(I5MjM`LO-+kiZVYHrbd8j3p|0w>n>!^*aCb=nL##
z;Ne}LL90}zk{p#cMHX{mEjFiUK@~<L`fxIYr6Jan*QS)nM4Rp<Slr(?su}x`d*5w<
z+~+)kqS3I&96qn%R<qdI9TvqDyVm25WjOeKr69Nm0|Hg+|N0@yBhRh!t_Si%xXHmi
zQyTKah3|rqE1kvD!R4wSk+M~sRDwV|P_YsdI;))$67Vfqw0Ve<qWCnt<As*UA&!v5
z_WsBAA8$-KzG#{H&uk|CPpn&M$upwpPyC3o63T&Gd;Mq~Et=>zcem(l7b(-giX`&<
z7TE_^;}wa`{0VWxe}sgfDpB!^EtHJJ3>J~0f@G!5N|k?E+OX~_lO7B|)1rzn_6TN-
zv(nBG5I<@W<fbGWXMNVikgXgLNrW;c5fAyn4tcQ`L7>ku>KSZJy6UC%?m}mq78>U8
zLWmts4E(0N9Ea2Nys;j=HpfC@8wqluJd!uIiIWK52dII2aGp06SArharpqm$?*^-7
z=~BihR>bc&x@Z;u3ePb@3=yief}zCqc)kkhdqauo|NZ6j(+rcsanCUw<27B=+)+2#
zk)Ac)t{$fY6Rm@bM4iZ;DG=8uE3>IM6FEy{5|*BxM|gtCSv)(Cc=*)TY-4YFIONw2
zE;ZGmt<2G@uz}w1=$!k|)@uZ#Iyj`Te=DmyN=ymfG^2Z?C8sq-2$kKTtKu>uS6eJ{
zz_DRX`|-MpvAY$c#@YeP47IV@pgSr4#*mM~WJddT#>_t3QDdCBSPen818GYum^<_C
z_SA#rDlTg#GvZXj4tT&(MyxHyJxX_0fP1)A<e=!VDD8yr;FAt;iu#+T|D_l75R9=3
zuIFFt_`{xYpn_6ukSXtzYyM)X8D5QtKI6~lEF86i$(dXz@cJL3@hS>D!n;Jm_&V2P
z3>%It1*K3jG%}<EL^GHZil(2LV>(dMsj;~K0O%2Z_O%-5LV#hag<9E6fF40}1Cb=w
z5w^jjLD2@$tM8gP=g_ZBLr{RRzo<=)H@r1+eeID%`OH`W_Y;@Bt=YmQ95<c>WPq~E
z*Tg0{$tvmDMz@vM6<Aoe|IX$!0WTr8kTCyNA(O3(ArYca<0GfLh0IS9NVxXkKF*Ol
z`t-SFP9KbukvlRtitBh>E5Xp>%=D#6)#7%P>**wylCE#Z&ws0fvAd_q<gI&8FE*bp
z#MGQY1Miky7kk(7IT;|nX;ZPFS_uCX)hot-ck2vdALiyEUO>Ems(oub?D(un+nUIg
z9&yX-^b9yA(Vh!=xeYzw1{fi@)_xeWx5P6nr+D$ofZGc|eED3A&k~a!mn4g8K=f@N
z83^SK7K{=-+R}FhL7Qy8+tOIoC+`1}B$;l??Obk<^otpW!aXp3e_cc?C)F5nF?8-7
zmSacP+`>!es4w1=neK?bD6rSs)p<l<H3M60#dImRN2DHEAAHC8H0M6gI*mn7e&AZN
zZj8;XhSRxr)O1<ElkzKx4Xi)gFG55HK0ik=7>RJ!SD%1}&xd?YBwMwtrI~m$vh0|h
zSGVW?(&@9@%fujkC72X7wIESE7a>XBIsdVQVwiAsHG5uHw&7i6kXZhl>KiHw2y^wk
zpmaKKAq8#wu#QT-;m+3$wM$xz#Z*}0%G+7{3xTe56sWk$VvzTj>egdXIN;}+DMC5G
zy(>w&U{x6uk2D*|YOIgm6Z}6>hrEUEa3Fd*zVE$nAChl7d=Nc;9^XbN4v0Q2V{xvK
zJKHwQ#4<4qeVNQ_G_DBDeJNG(Bad(v`TxRdKG4dNNC%AIb^=ZcROcqH6_IE}N7%oS
zOb=Iu*q;Hj#&DcJ`yGfqqD<iHH?(j4Qs0iuI^j0!V<8DWHcN#r`><1Qv-DW4%TuG8
z@ITA<XPWmqch<U-as{H()`pomFWm&j{XB<U3RltJd#CGdld@xEnn2|lofGS2di~NI
zW88*DEz<B-NVJo^KI*w`f%f}f%TU`F&ybv&jnVo~-H3vk!Y(R4CVD`y<WcqX6uIZL
z$-6ZE&u!;9JDsqpd6d6S1-N-~?Y!Y9rDMk+ZLom`3D9XMcrO>KBZa<gRT6h1v7Jk$
z3Glh>jBFx+*^W%1eCc8W2P%iw9B8N|$B2`;v}sSNMc=w=zaKq8NqKiHx96?wy3UqR
zC}QA3G+D3NMon`hKKNa4R6(}+0e(_BFSe_B5J4+Qi;=Z?R$q>SsjBpoBxs=Ho0<R^
zEmTv2C@+~V6O-2_U>OH#3wuk&@MC)SRDm|UL)~ai4Ewdpfu?E*m-f1p%>LDVWx{NG
zTJfgHkqo6;ql-6FSrmR$`O;Yx&KNkoT9nydDmT8(>DPaODxW^pW#)LMqjR>q<0%W+
zn<Eqk%i5VXi}3V_8Vqef%Jcoa$1D=|%F@3Agu<BVU}xd#wfUn6$13))<f-XeunnZ)
z#O0aNl7yx(mS)oY+S3Q1r#eZeGLZA6`C?N4VjWI_D>NJdsU>?u>kwm6IJxW#JH1WG
zsGG<q*G`IGVVr3c28d!!ghCoI-<7T76ln&u^P5*FENk9i6xPgG#;LI)$YWR$RD!;H
zLbJYcWHq0CmapHtNM`R1)YU(2QadyOk?q9sB%2cIe+r0*7A<M|-Vpjt@Q@wfqZNEM
zrl`j4l$W}loT{BGW>be(sGt8sbS{=~Q+Xbx%&oV6b>YC)O45vOm2MlPXlwVFBqT8V
zNgnDq-JERqx`x4zKyD(;Myak^4m9TEbS}Um->4HP0#eLgJ2ho$U+U?UWF8-+C*aF5
z9loFLbd<w(hgjU|Kglep?9-xQl4icf7bu7*pS}oN$(l$mM@SJh>BQEPeU_}kR9O?@
zR<P(I6Y6@32j(j`Cs5YQCQ@rEk>y}5vd%e8FsrK0O27}E3)u}W+3eVhf@4vG3nz#c
zTuoMum>v74IJ2{&JqK<@^N#EYv$c4TZ?VY$rbxYu;DNIhML32#4IYXSW%sjJ>0Btl
zwgUOxR2sVTB%6USIkC5P7~EUM9CGak+=xJ92qMd&lw>AKA%c$U(r2u}5@4Xd6SN+l
z+K6cG2_ro)W$Fr_y@7L>5s}1*VHC<EqO&YrcH!n>CB^@OxGYlg+{-s_>BD8Ne>oo`
zd9hw6#c)L7abEf2STVY?)K6uDg|D~O%htlE**Ii4)&7W}SE9vwjI1+7AYx5~03>Fm
zdU-)~22}M%MKS;?a8~{AUZ6vtg~=Ey9Ogsk$wTA1QbwZn<AIEb$VkoRZmoPN{I2*t
z50z<}*FmA)pIDNae?!y?bLvjH4?`e11DeHkAVW$r#iCh{0JZ(IvMG7am5s<&s+v&H
z8*VZYFeBp`g_5PMtU=Wo9Y~(a9_8P+a^b?8#XAKj(h_WwQMXcc5LMfdppA9->73~m
zg`HsznkTXCRY}8pft}NPAX|-h?XJ?qc8v>i7fkyMkCS_@sY^^=W3raO^Cdin{HMI{
z(=Q>VOe(YQEwzsDM!79|%CfntA{*b#E+4ZKD@`x=LOzR)Yykd#c9EHr9Cd6@s8oC#
zexQd?yeTCEN0BYt{o_ae;Vorzpo2SVNi!!1%?1kULbPLm6=~v1bpWZNxwd)h*O&|V
zI(bF{aPpH_ixSPk-|TWYoh4Jo)%FR68g0&7T8&;my+#wW=$O<t#we~Xqk|{dW9!Ay
z`kA7#>5meOMM`pA^9%iK6+kktds^sVWxa-;&SizTLk7|;5Q1k;-}Vjtw$eH5s>+3P
zA4a&vxqG4S)aXBD2DY1BD}3zHJ2`&Iq?jnz@?(}}+_RWw77Azc`?nrWV@hgRvajG$
z(>~@#ilA&k!JOXR@&Km|YH6;FR>;&)=DI7xhAh`*eV(xwlw<C9;XxO~RrZ<nPqJK=
z4hcE8SG!WU6?+hgbNUggA(|K;*PM9WL~Y%yaSw4K4LH8sGan@)_t6A-#kIv--MQC0
zJECNJp*te6MV*AWNQ5CzIDc|lN5D>G0$V}0F`Y7V1N1Vb<SJlB2g=VZ`!5R4gwg12
z#Sa;OjfD@~Rn5+-3y>b+(%P|C2$cSumzYtH!5O}*d(;-@&%}id@`yX3%qkuT4A6M*
z{zp)Ky%tAdUR(g8%3`Vux(iABXrd0K6r3Jt6EJqCIHdBXa+Qz5T1_<l_<k2g6q}2+
zu;o_7@OljY?^B)xyZAt+QohOE^ZUW;qFYPOeeOrc@*lxu=Loj6Mhvd*Sr398P|b83
z9>_eMxz|LH{l%d$D3BF)R=3b}OQVb>b)|Z_2!SZmtnaQO#1F1vie#)5={3WafA=r2
zb4^iiuf-2@mo&IK0bNE&%l)#~MikIR<jm2*EVGD~3-C|2_%hXLCtVa4Ht8V_*~#q_
zkWvqqIsyNlIt>D!1`@K>f4}?NY5O2p;vM3u3VYq;mn<d;z)w30bA{Cy2X=~Z&KU<R
zlYc#oWGG`8kw+X@xIW|3OA?Q<)NuEA0(4Q3azzQ9xa;^T@P^kVXMOP}$L>ap?NC0h
z_My*JR%TZkWo7>hyzubzPf{VdF*_`!j$Bie)9)a%R!#@LPse)S|N0iKsVtERex>Zg
zQ2=f<by+%BBBv`I;Wa0hWkO%?qSI)?`5R<tC}s}X_|tcH4BYUIev$85F$I%8Znd}T
z6la;{Na&Ur_GGDB%dCJ_R{pxr^iy`AyX~i0j}L`MCVjbLNKO6S;>Mu1y}}#y^&ftO
zS_l7JR{QF-@p?>c`T^TiD9#G56Ep?`8j=ia7kW4{yEo>*B8kOJl$$DSy?Qhx>L+zB
z`A5FaQaABL!EdbeTiZAkNtfGt4Ss^mRvpjQ@>u)K+9Idk6nkZuM&*&*zswB`LHWz?
z!#Llo%wUllyslHM9=9I>pXvo<U)v^H940CqJK+L4aZqih!FRe)&ZaedD8)i?4IE5a
z7K6-W*l|=6utg5Pg%k$<`lA`wXGkXBIQbE3APM|BVN4V#(3;D1y0${U<jbWf{<n_5
zjVQ2jZ2#2vdV(sAx94qE<+_sD=8Y5vU7aw#a!HHZe#0nq$gaKH3QLTXx{HF<1JLTF
zKu&-~7Ku8S4D75iI|!fMZ@MVY^kxbhgfx5#^WXF&GDSSO$@74M=-;xzATqzHxo1Fv
z8g$5ng!d7OY5J@p91jIOlo#_Ok$rL*f<!ze4UUYq3hIfXSEErFa7EBnK^y}2)AA^c
z)zO^G(xjX#s}S1{uUR{{SQovoDpE|?t(8li(c@+)PdLmZ8iRl@X)4-$Ju0$K+~mD0
z0xeT@g6TRF5#k%r-!%k85{cieX1u9Kn^(m8Me2@C-C)g1wBb(#s|O-*>P51-u%<7|
zi6^F^-nURw+JCiP`G73ucvEL4Epgckw+7<sVt`g5R}DC^Xxfa8wBP#{*&Xx$BSe&c
z{Ncr}w&24*&9VtWE}8MPOTvum@&h?$Me$Z5?AsP;9!Dhx@h2$BPNdp-b|2{q2krK-
z?M3-;sQs_TQ|gt8(dz}<9FdD(!G!TR^R=!kIUQ81WX)j>XFDl&Rh}(I&+GQNc1Gm{
z_>`6)i-Ennft%+S!C#?SC;|JZ8_gx#^gMS)UPKYZ%&$S!P~b%Oo1x~-wqWj7;IU6b
z&t}D46i(dQSL%UsX3V@A+4L#c-;qT<q}6c!BYsEwV-X0lR8FT?dBpFfR~9#P8Kk|A
zNTL!~Q9E;hAsQin`mGl)KCjLE$yGT5TOKh4-O3C5pYxL}(lq723R7q2KAV^cxkvHZ
zwVSvT>4`t-9V?1?A!oI(B{Ck4f>Mt+=ap>tBSmk-ToV`$^DRyxLM&_PrHDoNTEnEl
z?`1%U{yej7iDcW~QX(*|A|9HY+f8oq-;TB?!5~0DApoHOVF2L(5de_@Q2@~Ze*j_t
zVgcd+;sFu>5&@C`k^xcxQUTHc(g896G6AvxvH@}casl!H@&O6}{sZ_6PzX>2Pz+E4
zPzq26P!3Q5Pzg{4Pz_K6Pzz88P!G@m&<M~3&<xN5&<fB7&<@Z6&<W55&<)T7&<oH9
z&<`*GFbFUNFbpsPFbXgRFb*&QFbOaPFbyyRFbgmTFb}W*un4dOune#QunMpSunw>R
zunDjQunn*SunVvUun%wma0qY&a13w)a0+k+a1L+*a0ze)a1C$+a0_q;a1ZbR@Cfh(
z@C@(*@Cxt-@B#4s`}_L|c>V+U`u{t?55O+~5Gde#L#<IJ!^L@3){~@5q#;i)YGo>L
zOEO;c{^&y`txiFPec9EiYsOP2Jd*kq#aKEuMRmeyB?$gJ4Hl;k$Hd6sxYxtQ{!zBa
zKqZxKpAPZ+pbMrR^cPTLg&$<^fRNBxWb625Sy%<5Ho>GEjla6YI%dqNXTR?k*|ZxL
zj7(=$@$k89h0-7Yd1;O|Gn^bJMNIoTVSna%IJ<54g<s|bDl-w6PV7NP-?3`04c$fT
zK)q|?$$VDem_jrZu`99V)UwVG82R;1Gj#QmG$&RPoCI=oGG4@+wAemn4;rt1CY%2&
z355G_CI~IaGSG~%Y)?w??HX(;EGajh``A>iHJIv0^o;a7pF`aiCZ8@GPLuY9>JZyS
zAp+8djnr*s+d{ew_?ai#V3NX*kj8vFN^d4tYcXcOjr{W}kr~Pjx`gGo6k_MhqLt+W
z!$9k2>YU=AI1K_#JcGj@8_`guv@}{Z4{E717K!4ue6`je$mm~08q7Z8BZB0qkIc$W
zA3zK-BQ2O=H@{8SF@@#<^voPfzN@1gRQL7-m+RT_$@%P|bai~6W953q=M^Fp_I4Aa
zOOh+fvcg)H7a(|ngQ9LBk*SP{N%<5$Dy7tuT>5mc8?2+?VUnKcNWtM!;*75m0}ZNx
zS%_RP&%aRVC2Q5R$YCplk7IIitrl6+Sg%`_G8?0iud~;Wn{Kg%eK8H8^%|&vT4j`S
za~bd!<CO^~al+zX{W6=}Q&?c_Al{JO;_zK}#Uv+BAE1cJ?d4`Z>E|(OBK&K(X3{%r
zD`G6iBGEic)EV1+PPMx0Q3TaNOGkza)Z1X;w9C|4A-b>13#M=ZSv#vx$8##;8ZO>C
zUx|1L>+(%u3%%m;cN;~0Jq&?!(M9A4!c5U5Pz463@Gg`WKUkd_l5a_%;Y6`FX7!tg
zeL2jrA5t*@!_MMQ&0bw^Q>hKyCjN7!uV$cI!{YsCen;)`MrYWrxJ7(i*Ifq{!S-{$
z;KFB~&DOlV!VP<F(Z_cYl~C1Ef5xi_pVHGPju)54;X4Zap>$t%Z|1T{V)VC&tXL%B
z$+9_Y=$;~h)Zh|ag-uOBV|Gc6=OG#aRow_Kam;3Jx!3FLK6Qqi+v0rEVBWW~sOEz3
z!W!t*S*RA*MZ<<_JW>db(1BumB|;mg_t9|&2*Iw(i{W>xeJ)ND_GL54iI=8cIMm)S
zn;f24rS!>-C+5z<O>N#=l$S}oZXj2F%$A8Xm~nuolk4Oz|Gz!2sb{ouU1AL;5ZTS*
zG9}*!ftP|R5)+Vvc_c_rN`B&uOilIgn#c5eovY&kB(?9$wWb@M6_t)Qe8((qGwU{9
z_@&2H1(w|{@UWkAtlqZb*cVCTprdH~>OY}%1|ggXFhgCjxGlxt0#!_Cv{ZoL^veDG
z;rO92oAYi>t#`-XPZMniEtvYormQ;<m1k|d{!;C0N(CBnc*LsbWLSI2+L(Rr5mp<f
zp_&6KyYQY8v#_$5y)qd0b*7#T0#Uc%;aYr|-2om<?3p<sord<cS0C%N0`p@`X>Prh
zuF$r#Jvoe_vZnRb&48+n=if&!J{6}QR7RShJNN7UnS7Ys`M3_*q$G!M$>GM`5(3kN
zWlwzaF-dLR8oU}i3Dl<<7Qt6xO82Hq;S*~t<YPYqC+Nuu7~C(PjR<2!_xHsieR}fy
znF9P@5$GT7ZJeL+WorMVlV}nQTnP9NSd|}pL&x|;h@HC-LMQPqSh}rPYk4vcD=aAQ
zm#nwNQaa^wsfUWrwihEU4Z#{gwYsT--_3YJ)ZHVG7j6?&jNtvJR9Dj7tT}DsWzCv>
zRukoET-pH1Z{9%eleWZN*vh9xXZWKgNm}X6d!Mcdx6dX_Bsam<#@vVUTuNoUzr>nh
zD%{m=InOqf<5U(>*z=1HPios9j3X^<;c?~87jv~G9cGFwKVmg5hhGZ)ku8)w$8D1y
zwjm(5mqiU-#2uTGJ>sc9BuS0^Z<$T|aK4$|WuldD7FQqys5du1C~OqWT!AO2Ys&c~
z92K;w$E_y>*up1Ev)+$gU+R%?u4w!D+GbA3C~n9H;3c3a>}a8a3$lRp+z-7<@ApTM
zOGqUmV&rcR>l;IhMXCn#$YC=x9z8eLTLKsv{4`4^R0k$PyT<=4F^hS<S}km!aVrCo
z(Uk1e0~P;c=?9ExxXD%AGIahFQOCo=j~L44J4-r;BLeTIDxIz4D>Mk0JCEHm(cO1R
zgYbUCL&ccX8^ngON(U5y4!ExEkYcz&{nB;#VY*T2_8MkDc4DzFj|IB4PJO6w-pwni
zK&pkzKDr$W28rG|p!oXkxr8;n7WNZ_TX(EvT|JK3Ji81KHAQM>t9rdb?0rS+%t<r`
z^OBWoxs>cV)^N7$X`AFv|LTTqCyumLB-q)mxU=^WYmX7cL<f2AYG_~(XyI2sg{VVm
zgtXSE3@^6Y1k31X#J+v8E(qJG$QTWJHySw<qP42PtHUXJrJrhCd1R$xN;*YUqYbh5
zBH1<2MP?D?qM%>kJl8p#v{id<Et#<DS^qdT&hY|D02)>C<i_#@lMAwRhT=A(sLMz5
z;y0bkiW0@*-?$4t*)QOZ`3CiG7gS5&$BkNL7eqf46CShz5qgfIrh-{axc@ZUwsR2&
z-;xD`bQ!NTRm#Fl>v|z>y!2k*ODjtFEA=Llik(<)#W}i0WznjOJ{naB&>q&dkNYu#
zny0e@ZM<G~4!S0R7<n&y7nWK`)?dUUVCK#{>w8O?ufTtO7ETY{K%Bm|7`_?lQT_%!
z>ak+&X-0+#cj2cB4Vi#~cgJ;REpb8Z0Z|}lW+8Ai_GzD;QvEiwVRs<ic0PhqHix=$
zr4#s3J`8Az@E^*%b;HnUiHg?ViSf(5boXIf*7+40s1M`Oh>!d443XD+?4A+GfaQsx
zp&kP+j31HHk*jxr57i$F+A-W-wJyH@TX&t-g1Z+Ys?9;s4GEj{8jwvk!;RMH!|LUr
zCf2&Mg-PfJ6NuB)+dEhR!d8;-B4<mA?{I$t8y(bjf&dP>d;)QZa4}&%FLhA5BJ6J^
z3&b<ti@L*$WC$XCW;$s3f&?wEcNohAy-eavBhIK<2j2?VG?ng*1kxlir$<QOAOJ$1
zTyaJ`Q*S1I-OJl})z4~0<a0&=L&ruS#llL;AD*`wubsI<gZwLxlNUnqXV`olPG!82
zcLq*P**8}|)-|7I@F3>J=C*uI0rn{sTb#$xU_tEK%x0!<RRh7~-`)~VM>FU<jSCOt
zVi=OTkE+Oyfwn(_R6`OG<D^nN0xsm$g5WwtJ1U32XzFbaB1!-YlzBk6Y_W@~cclZR
zCuZG1L~OK)UCQ(TSHzq~WKMBbd7$Rcu(sj?h;CpC6co9xK*V@Zz|8jGO#QIu*;!ZO
zaD^=f0(YpI{8xg8zF92L)PH@2NbGuWktcGk)TZVJSJr<7d!zG-iXZm&8;7&F&kN&U
ztQTh`n5*Hv&QP(SYP)Cpc#_u=LR#2u{I+z=6W9pc<oPlAC$)|<{SbrsD3+k1(}h}_
zmVXnImQ*EQ&XD-}n_CL<FKvCo<KfS&_Ju4)S6@76L38aPxtqIx!n^QbR^;%+34<oY
z-}C3S2SE=OX?ucb;Sfmr8?gDi*vxkonilj-jxD}!O+09)Pa4dE(F?yXgV`sq5wY6#
zh!OFz?U|XlCkJ(UzveV_xrObQu9rZ_i6jtz>@jg^6hgCuBZz+do?j<pmGKVFuIM#K
z7O01z^rVV!Lm}C0y0ZAO>cc4p0-_nY@y3_l<>w#L!HjSzi>3vjJm9iDS2YFZ?egi2
z_$LeBf>zI|g-lv5lUAcdz{ech|KaM=&L+}{MzD<-!~P?L4<k8ngNW$z333nn*OR#l
z3g<bUj>)>_^=l8_P=?a3-(4HvE!<y6$Un)df;ce6d@okez))r%@?|Bfm4I>n@ALbG
z$*NvYhUJcpz+X->hJz^+$#|fy8RP4jxeTot*Dq<lwkdeC4s8qsr>CSvjnlaHC%&j5
z^607gMC*3fkMp;ho+PvQq~;oMCubapb5E6%y>ZPR)^YEq?T5?xXSh)3e4_hZ%CQ(_
z8IN0dWWZhIn!!GZ2f?wrvp<^?`!M=<d#3rikOfP-L@C2gS(Kn+Uk^ys5o_PJ#5^z$
z5eeTU*Qwq4Zzl2a&rKRDD#YKL##2^x*6KI>X;d9xFL*^ylUO38NdLwtP#j5SPL|^<
zG4jgK&&O9CRjQ~tqF%^XYimRwG46&vKM%9{>(pCb{i0;7WvPMly#H6T@aAX;2V(qm
zf-q<-{@hMuh~tY6^Q)a9*VH%pwl58r-!A%yt3W=v`*Jhkz_=sS!rReea?-h!>k&>(
zy%1#SM~sO5Fq^wA*sSV`#<VNIO_Hitf^pQ8aG5Wk!W&^JC(iA!%{9*}mu4vwQw#~`
z@9oCO<Nfomm54CQ&NsmgY$CV<BWLFi#{Dr|m@SQBhp+vD5`3C|1ff_j6{(L-QTDe+
z0Y~gl6%Xoey^wbp+-OT%wjib=c{qN+mm4GYH0Og)J|a)i{2Gh81}vs%rTA<HIepx0
z1!SlLmSa(RI5?LZOlF$Y2QOxaJ#RK`&q!lox=Ti?F^K2JGMg~1w`H`)d)H6FLTJwt
zPh9mK`4Gu)JXwppA`b*U*d%0oYt{yS_x?PBYY#4D^+0Ut8q&=xyJcA!=J5*ci6iy+
zwmbgUF>0@SQIbv6p>Zg&qJAC7<+RX24LV4eKwCOdu_ocv8N33olgMP#1;Lw9m$*P`
z4&%uJmb`VcDN}>KU|V))v{l)paBAB}7mA5{WWXA4&(05C!Y)kJz}(!x9gODxwd{hm
zDmuL5zIAzf_c8y}`bk$p(Y8U^B)(C>n%^A0tv6U{Jr4WME#K+Dv*@E8uC5rxbOX~L
zC_~z{LvS7!B_ykN`sd0obrBc{ys+L8n#7L!R{w@5OOQG;Uel&1l^MNouI|)3Lu%rE
z^bx3G&PTC*uQ7X)f24_X-31(FU<?$iLcbd<`$rfj^9`se4b*~VMlte8Z1ZHcoT@t5
z45gIX7V8;ZIXCx%CrY56xRhM-&V@5<74xqelpuQ~MCxJe<FKU9DuG<-kxiCW6IOiN
zwP0Lt&58Y^Cb*+$gZ8hpWNqHld26=S*=|UD4+kDqeUy_v&C14oC*o=#o2i_NtAVA8
zfFR{nM&d9^NHbq3IdEyFobKz4^`p<%)}8GnPb<<}e}yDrtIKFQq`1AKGy;nWukmn}
z*sp?*#cKG^l!soQXMbVP#Zf-1IS7%o^H}TA7$qy?Xc_?rjv!nS&ksC>xWwELZWuaa
zs)KQD|J5F3^w@9d@p3rgaIbZ?6pxfd(t%S-(zlC>ed*NW(t{9iXpXKElB<>K4$Az;
z5!Oa)O2W5actLH0u2<;OC@)x`n|7LY;I4-bHj!(x8(T9lj+Op?(2PGIZOTro3^w$%
zHA1{KFeA_CdO(Xx(4TPg5HW!j++DAeW=$wLct-hFjVTL5L*Km>qS@!!OklR5gcH+c
z<Lm{!?ae+61FI`E^cm;;ePmE%25H2pin2c+-Qc!eOakmlaW-)JQOG8{iq&0GkvT;l
zK3f_4Mwfm;`tBr8m#e(^9WH-UEWI1AOn1!Dthy9Stb_2sL*`wf^VCl+zIDh`|LMP9
zJECy#k#bwKf)nyHazn9TQ#9!ssb$RHbKU~695H07g8AoPO;z+$@PN_hw$-4vw#*u?
z%iY%s{?1<HyABev-2~auL{chEC%u;IV2naCz9;;jNZ-+7Jud&b*~0Cc<IiO1R53L4
zTm>d}IpB{wG7x8RGNQ?AO#8HFYeqTSSnA)#NF7V}otpO)P`J}1N(xg!1+m4|>bH~o
zTbsc$JulHrTK3lm%@d}kPz}SY`^DGhc`9{j`&WfhIujus<9Aq%sqOoI%?9!;rE84t
zs7TqVZCTu)J!xtx<F3r}dRilMYLMb_5D(ApEgil0yWe33M0GT%)qVD*Y~zZ$WEn<H
zLgm+fFvEEqa#&ja_K=J<$cm(f%CM5vWIwP6;<}s29(<_$$zwZ+f5AoMZftvAWCy<#
z36$j1_@EM2gm0-S7$eFVs+Ip<8T+cnaO&^OoK{lJj{4=R?UN$7<`%R=J~WEdTN^}w
z<U&4ZOgggQ2j8$}=1WPAh<1q%imay$bJ@u%aM-YMw6>1->DS{m(dlRx$Bdj6#Y0&*
zIx->CotVk?&Q%bNFFw4xT+J2vm*2w$2x~B8kNz|@TJ}@8gjS9G-MIMsTf2MreCDD|
zFw0A}APzjXSx<HO-@W7VV?OR5**)DSrgbA-yNaeMo&*i$&f_@v^JzDGSeL#iMh;$|
znA?)Pa=y-fZaoIxa9QA}Vn2nUb%NjENf-^-z`r^N&hgY~D%<E+QJRVWo$LpEZUt8D
zesNfx(M+4!wR-JO2=>(9_=~~}ns|`uQ1}Y{;CHc{6J4_Lep>a*Wh33@zsp*{m`87R
zSmL{9sgI!Q79ljUwlM^RL?YhQGi{OIg8p;RiP<tOXxEr6vE+-G?}@;V)e)z4r`&Sy
zbK~)iVB@9CS|h_VU-bZ#duY;Y*zSYWUBc}f(d4Q5Mv!?^h<QJ|EK;Av!kbK<x!(SH
z^G^FakTqdnTF%Bd83g4cpFg^C7*72}8^~y2s0~C4iY=f`(EZ?yq3)ba4{zq#JhC{Q
zlld37kMq-VyI{FF)J4as0^%!%k0qT?#33uOF-{dNM|3ieWp<%<BxP8kd(&A&RSvVN
z^}<ywVZZ^luGqkGy0<D>1?2h!IwlpQHX+;LxHx(%vbQY-f^3M^UVEae+K*&*-JJ$3
z<C?teIJjxqB;SI!%yPVF8N)a9C)x>*aEdqc?u}4sur8xPZ2-A=2@_uAWc()&HF4!?
zV(?rv-d$6wg_J9Py{54edl(8LrG=1AB5{Ag&0MIwpK>dVTUFOyc0%Klw61m-ns(O|
zc$Bhk&B&g5#7|>-J~~rNHsIX5i7XfG!mf3e6$f2yaxH^ANOS_WO~_2yQ{N^?Nq2Gg
zLP)c*V1kPMEZs+2!9;swByWhf?G=}?#SrI<Zy#2dUN~-}&gS;k0ws`yOVdV2nY2T5
z(iqDl<$8L{%r+Ic0M<~6F&u{M(#G2d$JNY^HJGP3ntayxWDLZgscQ&%1=>dtRb}Kd
zX{<q57io4=#L^SAeVg8$You`U)-)aA9+ico`OoKn)qvQD`z`Qw<8stWOu|i@jC<>l
zpBIle0jH7Ru`3E3vdKxexmF}%mmZQN25+!rV7(_xK6B%)0*YC){G5KYe?4xJZ1A$h
zN1s4b7$$hcv0aY>{{m!b@>bcySVZ_mrnicrWf!{Zn54flWj*XWLFL!G_ieJCgDI*B
z^dD|9s-+aY^Rz;RnlRS+oUX#s+B{mD^-${6f`lg>SAU8w73UV{jV;nK8>J}BCR{BQ
z*K>6$J;<jN*qrBI-Q|+~3u(oW;_!U4GzIVRJUm@FtkBTS(o!_}4xIP611V`|SYDNL
z>F-`Q3Gn%8Zw$HQ<0Hy%FE}|e2m_6N{ak38UNd91C!f_V^OVF-hj;!`Y#oR?k$tJc
zLxR&9Ar|GvD??Gh=48TimeVx9UEjyVW$glEuH#@R;ZI&s$QE5A_CXrp&v=@lODlW%
z;r(|*^o$`usd)B=cNZUCvh${b2IhdYdW@Zo;`vnyZvuvU1?wIUywK>~mmOCpf8@r)
z65CEKv!RNgn?q$NYVZRluDkLP`np{iG?g@eoV7=w!S?cB>VKji7LcsKDX$D5fU(l|
zOLj3I>4qP#*BX;PX_jYqJW3W0^-csik`3HU1emL)?!+RitrY(?iEP5@7vmNKZhP7q
zCp#RESHumUf)GKi+gO=heqWh!eNzR4c<{RyAvnWl#&X#Ij;z2{%j(I3BX!Pdd{c*L
z?u1*@vI~eq)e6uAH&sL(d8)dPPMA8gUxNaGQK|FZ?JXg?!rkJNCa;A0(i$*WV&e4~
z`<XLxrPzaKVpQ^zOKqr=>$eTN<5xp`q)fNib%Ck|+={r9lIle7Z~zMmt`7G0EvRb-
zU&VFq&9DznZ9uCQB(evxX+nKq(sfK>-v^79M9mGFG81pNF+wuK_%?kx1;2~&1&;{i
zhwq((*S}N8H+3>w?IJy7Zc*KBYIR+Uuhwkrj_O`%0cOQkXUVONNsZ%WCcEGIDvvaw
z)LM_c9C~J-KhbzFP?a&_e?cU4_<XW|P}#<h&_#ynnJZ^hHokvbS^$L>4(@e`3^8yh
z<X@8(|DaWHSpC<_j;I5S@v9{QHgG3z(5b?k24%nj&D*<Y$v9p^9{As{L+0}CM*`nA
zPLj_9l&z7vS8X)pha4cT`Z9rj_(MINZ93TLW~W_|_HPVAGnH9CT6al_D&Z`d8vcs4
zmggdfR&icPrRdx#^9x-)DA?0LzzScHj<f2rG%0WHXebFLGC)78cU2c&_w<|Kowe(*
z9oU#fFE_L)T>?;hiN6)RZ8$$)>!t#pAvM?z5U6hl^(x8<-pj=am;vL85fq>iQcU6n
z!P^k&SB%DADz{wp)E8g-t?bpY`pptzP6sUZxj7W7aUZHR(2*Nhur$t-CVx~ABUb-n
zl*C=BC9w-I*_`=06|HUVsMmmR60^iAs9of}pCmIDNJQ%x=DJl)?KfLV?dw$$m0_Ch
zAK{0MkT1`wsrae!znrD8sGJy4*C0~0W{b3HJXYt!1vOQPb%%{+`(}LJ)khr?{{CYk
zjy$+e$;ttvILz7&<64)MimBkOUTxZ43|u*9nxhrA8UDfeI5A{A=u9iPw~`2pgGpgK
z%TvJEQdOfx*L=W}IT?g}HWFyXp6-NbK910Z^!}Z}RhUD?>wy;Zi+WX+?Lil1jdRO)
z8(s5C<4}c$nV(T4{ISV0zgyt9D(`hbu@k370_C{OE}ZH0L1Vtuhp3spw+JK=2~?vA
zNJ?6$VIzny+t!tk6%;1P>yA}BZ}7iK6#RIJr)T{|O^H42D+bv?J~rscK9<tGWm=T&
zU?bAg`-Bi9xh0c|%(e43qB%}=om0>K>q#2!16b4)DyiM*Gd2I_a6(0fs!5dw3E4vX
z_O9r%7wQYAP(&1oCLG&FiNXw5+c?_2J}k^igRp6n3A!;Z4*-+XO=6pkxQ={>V>4Ed
z^bg}ur!*z~bAy@~X2H?VqPV*ad^X%@X3M!Rqy~4*8s4|6F<Vr)M=WaQOoGi9EAOwu
zp@m;sn^6y0>A&eB&cK>Ju0}H*bsf6+#79X%)R~l}p-?>1@*o*M6eR%zPk2<jjXwk(
zdIeef+#gc*9EyQ(@YJoCjX1V}XH3Jv;W9!79(ac>h2O#Zq>L&#BCOUjvwOWD3Z=Ia
zG#FMSR4QjNIJfP`!7p=H=0$2e<biT|;HR_<Sn2e7L(!UkVzG*O4=OP2S}_v8Y~3nK
zd?(0&GKc%JxOL=VAUwB*)=U6irWH8mX<0PV`dyo>bl|j5&PY6H=qv2O6%hnq)9xtK
z0Omlr3di2lyC||p4V{+xaS#nEwn!;tVtPl=q5J+H06{>$zjX#txZAbwY7MK|pXj6T
z09@6iiEN$9S`8bpk8_z1kf#kuu398WXm6B4+wGKGPT!s3{+}@|M2~EMZ0)?S9~%F}
z(L@$<jq`fpAb-R)JbxrRlwN4}bIRq-zQMp{ta=DV?SF2@F5)w?nN&v7IVfCw1%lAH
z;%%g0lt>>3umd|;*SO%^E`Y&(0~Sm%FH)Dz{V)EiATcERk9IcI^}Nh6O7R{tqyR#p
z>V29YkVNpC{Dtyx)B#$bgeUH}kwp@JXUtp{T<6CH-!YGIS}@LVsKctOy^~uei%R|5
zau()=0ltD}UE7a+Cfg;n=jZGCUE|2?K<pF9DS_ndZ>H2-_{K0Z)W|Z{F(D6JtM33m
zVrs*)%f>2Mgj-XZ<V<G$dgA{Hb+W;Qgm>$c!x=)#pw!P<p)FomCb87Qw#seN>dt7=
zI%tofSv5wM!Kzj~&*GmL_>)TD<NcpV*=@8KX;9|%0!fnowqfV4Z&$OXbhxhB`2cEU
zR(R39#JgT9*iD{$AxP9_$*J!1*;kLyoDfwOak8}2fn3M(o1ByS**1i+lrZ!}J~j4K
zS|U;##Ej0JW5ygBw}SMG<1u)C=M@PbMLn^5WHQC%aI_E}vceJ)qVBd~H_XH@I#YZ5
zniWZz;&HYk$A$i=xcYw==DCI5th`5eMrq5LR`Y{roBeMF-$$PM0$j5wK#LEb++5#-
zA+BamSll{CfCP(RQYy^>|BH#W*1BpwnJZmE<rxISg?t(o6KSB=FY`Ltt&IVc1=^Ui
zp+{7f7jXyP5++diEB0;<+PYag_DD(^0#M3e`;yx8UP~*_&lP^@jm!HIJDAMbcGg9C
zRW1YHY96XAl#^`$Uh)|4POK{0tTE?WV3>ZI-`h5()DszxFaE_vVrv*+^eNjlSb>oj
zpB(Sio4YXa0oU>uUG?W_As3Am?fCeo_vcye@EN+7pniK%cNP1OL>rMYTWZ!nqVXfU
zPjA65=8#$LI#;NR!ti#Ddl$>wPq1Jj9~rphxoxp`L?i_IjaC9D(LG1rw*2f!*9pj6
zPI5xb-vp+mgiN!tb_7QUEEEXfq#&jy#bluJc>o$NX$az+)jth=KfK0|sI|2)YhlOO
zR)Ap9a0##+dM0zOu!v7W3k(YM{f;X%DI(?mFEvVIA+g{h02(n0%)p|PYw2Zp)m7I2
zk2VQ#T6}q{iD}}e=33~Mp)_@*1sT6RBqt#bc8;jNc5tSYeTOs!1e8+4uIaWI-I*{=
za_M~ReyoBa{Oh%P78)q(=GjJ1`JdeMFaX3mcSd`Ss6q|~nCoA1R$_3rue^Yf*oXKW
z!LU4;*ZFk(&H49sxeie)NZGU#ZWSSG-L}5_1ahIyb4Hc%JwlsE$T2ocEWXGMQtRQ3
z2Z7r|4n!U>DDjchU+asExhL=uxs0lJtbV;iV1uS+AYjSG>864<Y9<A9Ot9n4M?`^J
zQqvCnh);~tc(F@2FY~h%AYnMXjXC7jFvduqjblMD;_QxHE$vKsxLnukIOa`L6)LXz
zPXo0WLAF|UdNewyCo4&o2SjyW$r*%MxwwY76TZE+rrVHBNO<iYdnV_?cma;Eb%_{q
z3u=e)+b75o_H@h)gq0P|aY})wPyt$wJALq(-wwj<H17m1BW?1JTK8W=hYMirH<Lro
zrQ}3`vl>gZCx9ao+aB6iCUG2Gr&t*Q=$L5;jlHnM$Me!kLJI$DI~!GXYewJ6yW#ix
zWaazw-*PvbpQs>4d6ct%1SIs{y>6@;m|sgxWjQi@$nsNvkG&;fBi3W8|1`a9JRxFg
zTS~1@x=JQ6iQEv0cNR*vgH3TD+b{#)+qYF+O@5Ci-6_~E!vTLaxC|o|{%&p0)ab(8
zuY;GUgy}w90Pf_B(Fz5uc6T*(9un@k666;#m@dgXLIS8=1qi!NAeGRu75;jM2PmRe
z;jo2-xwVt!LW%)*Yus8v)-$7gK1H{_o*#H0hFgM3ABGw(@ZyODaEgwW_IhrT@XM)W
zx)S&sIT6f4txl%=AyAw6vmE-T`|s^#sktBSVCR*z6kHwvvu{=vZB5Q(Eq<IeeDOdE
zYA|sBtbd?PUrtQR6DgMbmVmC8Z3xl2S+a#&c=(X*&a^OZpMI)D7;zTMdHo~AEHpIe
zMSM<ht9ylJUYH)0>0c(%iF$?9Pt<Q1oP}|k5IPg5CU3eeq0(F%LSsa&1vcFsMxo9y
zeHm+zV`D#M)pg&Lw#n<4Ty?qYui_6m;oHW(^h)v14rXUR>K}WqbJmj#wH_u&AX0Mz
zRuTQuz%z^)175R9)M5Ce+hbKExA4yM20#6&L@wR}xH@J7Kd{N}Alo-xd;-64eet7=
z4Z@d`OtLuO7F>B3ClT4L8Dp`n!;mmw(le~YY*rw&FI}3-DW@9EtFk6MYa1A@P2<iq
z%zPdQ-7??@gJ{lX)9nGS#bUju+DHrVqmVBQhHW>*%P;#f_iL%na^2g{e#cYBYU5Nq
zMZa-Zi`2(3xwRn@S+Xrr(j0%Q-yyh=gThXLp0@x%I-sV4SDGkZ{4A?Zwv6&y4FG0$
zwc+Ze^O^*BR-0)fo^cmO!y}@SC<wFNiFhkPNqDiOgf1lYnV%(Q$R@Yz;T=|*ONR2S
zz7{t%#3^%xo524#O5l^d4Beyx?4tDvjgqT>|5hP~u69nn#d?lk-=p4bK5s#`f9r~k
zmt_wlwTV+JXF=*P#T&Yi$o~Cqj4Y#`25&}3`c<r*uM*s=l+z5c+6(w4PX42m5QpvE
z5q7gnQpv_p!oXCBdxGcGxiJ|lPPkAC<^m>wZP-<J*{u9JLfc#+5SvgNX#Iqc3q2K%
zzm#9w&=Yno5Y8lY(W{TCC3WD)TYSWUutup^C}e0gg*x;Z5Za^}#DugqNf=y{`kjx|
zMaejn*8coON*?0#?T2GQv%$S48+Id8WLGF(25|gxIeb!~)q6S=4fqS>i4o<pl+jZn
zLtW3rJ;|GsP0fH)_S0iV`-e!6ev^=|{_U}#tWIeN)RmQw&0F#BxDrj;t;<v?owPxA
zPS=aOOYk+kMH8IV=Q!q*NjY5@nm`Bh3{>)OLk|aJ?`&MX`X!Qg7JyQ!!XtoS2~{}}
zRN#*iiw@RGP{RkfYcia!p>g(_Jlfn|i~Mj-4O5FGo;oZS6zP6>dvL$rsN7~n5{xn9
z*l|P=Du=U7wL|8KEmo55HR0W$KBuY6?;h_(GzRMSS>6Xug6I3AY_P1Nl;2(v)i>#R
z*niUyaotVCfw_Xh@hl889O@av{OnVkBt6VaA}Nw8_%c#xW1Bttdq_7Y{%o2NRZ40R
zoAQF)?z@yzb~-quaZpHYMyje`KoIv|U|~eN{!|W*MwEjZ@e57+akiNRmlF<`Dgzs-
zP=O@R7R^=I+uy!JB2X6DVCST9n{GINq@*stT(3pDN@`a>7OdPu?l`;^7DNhMyV5(&
zsaR`Ly9%8hd32*p@(i5?Td5}x*v&HEed#moNez$j<s8L=zy|j*75?S;hU+p6s0;8P
zC}tMoLWrBuRtUp4FL@vRt&=#hND~(--HcHr|KtUWa);C_v(!+V8sP^O%SCsZ$BrNT
zoC;i|aWzff+Ey}9*1U4f*Hq!}Ga#)shmp*O@&a8DQe&bq7DVmUyqlS6Y~ZI(5`-Q{
z-OH2d5>xuV6)~KYa_%jt@XB|CdPl;@nXJ=<xmIjq^i4bDcNOc$e^}`TAbEIhrX+fh
zNllU0N!^4L%k#^Yze0+$Z5UEXYp&k$L!qE6YphWTy!E*!O9XUu3k=BTL)ST0Caexq
zlCnD{14)nqc>M6Ht|W9MqchOFjANRkLBd&)Qu+*KUS;LleCRy1c^WAzMK-Zu@VbPN
z9MQzAYX+s1>BoF)Eeb<xAEP8v(Jn#2?0fYwWa<qi#h&WORIGtdCQ=eecXU&?aA0UD
z>?PQDm5ZH?E|#ryGEPQ^ECJAcB72qG5$6=lG*mr{s*Vh2E92h$oUVIokQ;khQ16tF
zafNjMk^y7lyl776B>@4-@&Cq(0PO>2t50Ei3jp+*_{6>@^%5L@e9sH`*i1EDUUDl4
zlNDh^{)(4k@}1SHX*AkXSj@t&_uCdP$_G=fE-xCOHCB;srR;`@wW>g9Y2U)q;g?*T
z8W(8H2}15U{)R0yB26O1%X<1|5&l_*=CyXr3P0v&Q^d;#KY$YNJ(>-b#=4OvzMnw>
zg8oJXp09PO<`k;-Y57$3(O>gHGNSn0N;%lIE2n&YmMXBRSpsdBH3ZYQT2RonUz$Vd
z30RDw;$JGN>j9Y}Q?tgY4SJq>;{M}28PMrdjIZUvN<rpMZJSgrUVSQv8HymenV>Oa
zuu&Mp3Bh%AueWeX@JZ{kvjEV7JaOFE9^=DX3#`J?(jzOg6OOlnbN5JusjXP^+l-wc
znAid}1D?@vjhMyN4AzuNf$_(Krt)$vO*6hH9z1#i6XVGkB~sK^*b67w4RCMXET1qI
zpQ}_LQ@z4@(7ml7h}1kx$n4I}mP^H$@;c`(wcJzHNc$?{WIwCs_J<x2b>_U??{W?_
zuM7$P^gF+-=|>JK6M1V{HzYJ2Xw0t+9U~-jb(eNX=@EPkGtKRqtM#lw_JjkEGEQO>
zqay)qQRW-yj0jU|NRE;jI+RZPM3367xnMpp=CjN*<upzl1i&>;gOj9U>6USV=L!n=
z^W$NL5c=W@H!~z<^V)S`<p>kQg{)tWYjH`CDg0ZwX+(~Lr=h|;oK15-u|&ILkBLJF
z&C9S938l~ZLZs9TjqC+nMLo>k!iJ*l1(9ZH22^zU5Z{+<?t`rRQ9PgQ$TyvA$ABTG
zSsn#hMn$0OqA&GS8~7{BfrZ)rA}slG?k3-N+zA~ZLg6BViLOsESAKcRn22N-?ggtX
zmw1EcMx_Qu6$Svbq^@}6CIX5a&%T)k5Be+ZpXmHL+PEGLFk7+5cExxy|CoI=$VO<l
z?bxoCk(;qU=@vaez}aewKW7So`Dw{l7SNDqJ<kjZaXm`?Y~@M7<m=xvOFRCgpe#_K
ztW<$+PrPzek0u~dLwQ%mIuI?20|*=nRB(czVCs$Rp_NQEeNXZF&ghNp+&}}f1s!<!
zBx@{`Np|foOv1qv38azj<sDRRZx0u@Mli|g2Geshbdl9R@aHB`?e}R9$IML1RoBvN
zb1`dVh2jryUI;<sEFv5$Q08_$^s=Pi+uyB0Yqz_rJhtAx)5&WjNO{TKf(G<Jz|~pV
z+^d>dg}P#%W^SVLe$apXT4@)~Z0VLVf9qV8LDR%`bfe=mxfbEbD-Cuu5;k^QKb-jT
z++*_1-yIN5wNIGXw9GFnj8e^*;w2hvB&2OnShEnu8#+YFWeBp`?O2P`;M93Wmr!-3
zqRGwx3`HvXHJ%l)VWy-()S2$LQG4-@*rN74Jb#r$AelO4onZC%QERuQZQ+vCD)A%m
zdfak9AZ)mjjM^hU^0rYLp+--g=r*8z=j}NJ0S4E1hiuy>Y_@zhwtO9bbbj|-h^~LQ
zV~|%L^hpLu0Ju;f2nxfc^R1w58q(qDdf9Xq$b22kQ!>8t8VSX^I0au=Xw0kF5FjkJ
zDXrW#CGTn4ZV92tp~7RS6_&t}`XTd8$1;^nv<3|j>iTd1bFb_O!BL>ji-c>`3wzqx
zsmGEaoKOFGP}yYYU1|)f!;e`JK^j1_>Q%6f?vIP!Pfn|a6eH3(G0}~nsrx|<Q3VCT
zJms&T8`GE)iXqRzy!MIOVWwxwPPbM{qIhYb{JDb-QJh#Yx$GEvhMs*8dOJDIiB*1~
z!S79;7C@bteaJRU3#frkHLdwwHbgQ;k50Kwzw-Or-SwVICxCi-(NE|UYl3q_yP@4>
zR1Y)vbTHw0v9RjZ0OeDqdh|K(iupTpeGdbdpp5sb-wk7x3$ipmL$J?P$zS~oT#TYq
zLT8&(!g>5+_+>NWaZmnMrb-sa?!yRbpy&P{{psiR6+f>PHxou+5q4f98_DDDG2FO;
z-$Y7BqZ8QmesME2QROU{YO5JQ=BFd>0!2CH{E8R_O2|1m1*jLRU0giU^>=_4A}0DS
z-QgC!iR69@T6jw~MD7UNxDU5ChP0sbLb(WPOL;adC9Mq!Y!oNKp@Qy4Z&IKOKGWit
zCCBeMUNP}-=s`)mjphz;vQ5%wiRp={mnuz03(h0nMus<3o0LSr5Du@~pOU+3uihb@
zE5=zE1&kJ}FhSzbx4d~#6wb0Q2$F_=cv~FxQMQVUUu<|l@S}E1iZ@hQJNzQ!ntb`8
z3e0sBLS_m|Cl_~CpUc18qEdFCAk&5`sqph(Oa^&j)Qd4VbmT`LHA=$f+TXp4cffu#
z#f;mbOsQg!>r{##^e+y)OZCP$^(G{2D{g^IQ`~xK#O6~=JD%tJM@EU>Y^`E6GT6tc
z7L(8jH$w7!33S9joh0pI{~2Q+8No7IM(*tUpprk5tw$sQqX^Y<h%#I2v*Sxw@EfBt
zlV{x|RMcnE1#pB4RxDZll}0(Vv%@w%VS%0^n~+561%QZ-qMs!gG2zteNS_!@+e5-n
z*CXd^8c2@}uzu#7lXp0hva`-4y4YsHf+q>?f5WwwNBfy}60$hbsoA6sT_|sF2%^h|
z-mblzX`xqg9|q#`r@u*8xs66lA2nPTu8G!EfGvQ=$QTnGPY|<<=AjHu9k9FmUh4h;
zlZ-KEcoh0*SwnK~g(PLZTeULG*9sCkeTE3|iD3mX=pgg6Q>?c%rw!Ap)PX*$^Ebly
zq7X9l{{Atcx|$CoypIM9@;NmF3(N|l;qJ#fhEY4_%gY~|L-TC`(a@qZbjvrv3Y;^;
z`qz2JLK?kTh@aiFr;=pD$y%0!gO4}as7Rkq&|ZZ#)KEK#;I-17iH$>Yg-p<n&CbZE
z3VkGE)JM@tKVj&{o#%*u0iRcYm8D$NgC1zu*+0!IZZWFqy%)>o{Z4b>0`|cyrPw1Z
zY8_`Yu8f6jVqbK;4I2@w&^^5!nNd`qB@#PTv}hjPahW6Im0TeNNWlTdt?awRzh{n2
zv^O$i=V%w?az%tF^bA=E{OEoM)cc_vwso_LgV>sX<hsEBpm+4K^BHa$ara6yGI@xz
zN4+mqHE`HF_UWyGFR_mmODz29QYa_yO|r#U5n(ZqSeC)8M<@*=^GaN3LNahvsZveG
zIwB6@bj^FO3^elbO{M99<5X3+n6ZJ9C(+N_yMptXR!UXRisZ|(shj&zwpXDUPWMYL
z$3J@tPA3&Bcb*v269hjI$c?`9iMT|%qNLJU;?2$be>Nw=oVRkNN0*i^w1EW=T=tRR
z`HN5G_WI<J=+`z32@8AxD-PYC2o&9t&QgPRR9JBR1_wUMM}B(?Cay$5^~(OxW)FVw
zL*otwx?P-G&hZ3XQ+9<*bY#NdrcC7PScnzidltd$f*}TIzQpLe8}l-{(o$%pfg8u7
zxUcJu@{q~pPTNbqd@9%bci51B5|`niHnkfWbTS#&<$XIhv{sDhqesua!x!UwaNrAO
zTB@LQhZa8WEYpjvAOA{RaOEk<G>=F*S-=~)YEeHfZXnQ&67T2roX@8vemY_}C>ALv
z6)el01f}DFD%ejK?S(^pUYy6RP4<4w+G4^$y;CrW_PfW}bW8w5!=zg-=xwVD=gX&X
z(d42(p`$Q5SV;KETPRq90cAtTGbMUesJ(5t>)?sJoV6GEWe0{7BeEt_(2x4~UN+s>
zytCwz#4q{nGde^6?h-!o;}nw(B2NYn*t|N;6YC*4v4E%DwVbGFT#T!=1Sze1akRcj
zVqXC>R?gvtzx0oJDJkjC2#M%;nHTI_+(4I5SGBS}C?2<$ZnlkW7|FD%Hi<4!?G<M=
z(!I3_h`66~tM(b?p(h<FD-LT**%jtrx8;lX*1+QcT|kB&n2>3@B~+5{v+kXrxoMp?
zuTa}ee&Bvfy0|QkUL9>4G|+^R^8r2V1Bud*V(>pgo8ktf+dNoYwfRqt+&PrQyub!+
zO8~pFY)fc5;|d@O0o;$S1Dj&?@U=iyuL@M(DM{`!Y_wz)uNTvS*oLgU$qf4%k#Z4X
zg}dI<fDR4@IQLM)cBP+Fc|<cDV0k974dZ^0u<HMLU8usE?xgH)>cRnqiMLwH2*(J;
ze;$?RbZ0%5Zov(OgM}um#>#3(r7niX+`e%nsIXERAf_%Jx&ZiG3K;+w^o}b)nSwL>
znds{*qktRr6@)l!nZP=TqO9-;tIm-QkUF<1B<+~-icUp5{~YyJ>Z4UhJgOI7tb^{y
zFdMQ2>)Tx^)4XggkgmiJQK3voA*Md0SS2F@6LltD+?OLMVQ4SYNX_mkU%C02*W&nf
zi0z%;DI5dCAf&u9dD4jrmD}M8M0Ag$=>WNwdb#iqQa9w9pppaE9NHBV0v<sM$1Y67
zPIPv|XB+1p8%zT=e=Io}d54-8G5?g_-G*rBV1#j0$NypD`vjJbS;Y2Qu;ZvTH&2}f
z2nDrp2}so{qFq-*O*I|;{=k2+l`h<6;MQ33S7K`uawA<iffKC08O-I+{IEW+4)KY9
zS9iRRo+<rN^*Z1HH;<}<(F}wUu)>H38iI?ge0o8F%u(BWyp(=_4G$SD_`D(g{RMIU
zsvMmUsFvC0LNn*%N)`ddtBI@k2h#kd8eMZs=brYDBv|8#F@IGL#I(c`5!ui^Bm?6`
z5C#_N#i!O8Cu#d0i<!a0y_SDCIj$fzLaB$I5=X!nrE$)*<X8WzbD#|Nv^bD%hI-9L
zSP_Rf69*P9I&g#7zmlmdUya4gV5Civ%Rn}<uO!KT%mtU$N94>--gE~mHQXC1mId!F
zN!#eVkP+@M&Bgx#39A^6pXfs-dm!x*=RML(2Bvx_1SdYHNAMI<wd>+PjeD-dAipW6
zr3c8(OyZ6Y6aQsxtfE8-eH@?#TX8gtF-}bT!Nc3r5q_?W8(jPfw!lrj7h?$_xFHKU
zwz_aYVV~r93|4O^=kEsP36s=~U5o+AeeGM>x4v%MM(G_DyPV8&|HijUmDYv8Q+u@A
z{9HGo-4O3x<cmPmxdW$=SzF%KXhw2f6dy3-R9P|Zt1%zB$UkV@0<tA8K$d{5u2w3c
z8fz4>2^UJtiuSZ(1Og5MJycuqy*8R8{S&SBvM#ra4dEn#Hqqrf*QzXbr`OUUZ^C{C
zCBZ=jSBHNi(D&Tyl5%3Y35}roeoq!-6GamOG%p&#YzEG_X2a8DI!b9)T3fhe0H$TK
zy`k;_>{A#R=U-89u%||Xcz%QB!CF0k_9Dx`f0XKq8weZpQn&hOv~^ydiePDdxO*bS
znr_fsh@CwmoSP_!X26b$fxL12R)@rA;5~}t&QOLG!-Qla4I2{H-aGB-!Y?&8(sa?3
zv~?dxPY8)kW+mt#)$&4Iu0@lE_K!)xr0^n!UytU4a|ZTmjUz#xo<x<6<UYl32|lm^
zNPhbbz<Dq0Y#{9X;a(yF{nG6L&wRxEj@eZlm-$0;QYWZeA-eL}r&4fNiS=)=UW$p6
z!uz4Gkmmy%I=1tNf)Av`mj=SP=C>Cz$NLK$1sk)<dyJT`PozBsUu9gEL7~fcm5)pn
zbXj|RzX-Q~^OHBM{`s7vfDutkBa4G|j<37_MLW0>sShJ3nj1LN1|^NzTUx^R5qq<X
zNZ!Vv*9dStw#fmBF1aaxnF#!a|0G_88*Kt?<}l^Wh}<G!0;(-l^y=h&YJ)7FU<1Xo
zwui`~d_(>-K|>>u0MzMGD*EYDO5(OJA*ya5c&>+;*|8rzilh_0fB`B3a9(q=cLlr#
z%>T5reky<ja9U!23d?&ufYt4SR5Y58o9$$)V7%j5G%e>JnFdJsgMuGS`}9S70!gEK
zF390|76hN496Lj00M!;#Dkk34D~IzV0DXLDr}Qvbw3~%-Ys@t_25eMmA1gS6-DkUb
z-j4#l%qiLV=ED7+dWN`(5zeGT@oCn9W+RF2JwEi8P`e3FO5pm0-;7y1Dp;a!%k9Sk
zL-p8tn<6r0r`k`MtG=_*<}s@)izLQ!&1E2J0OO?)l3J$QXSi~3iND4FPA`CBYZr)D
z%C)6SJ=PyMw){h7)i4-a3GpKkaUMvFFKq{6)j8F^*U1Sk3|*z2FlAsLzfm0e@Dlvj
zPVWodO>Y-mUizrd$DaC*iQ-5gc3xKA0y*#q%RSPl<zH=WYF^USV5oD*To_0YI6<B0
z1pgbE#p}$ve<C(iMhW!)`Vj9-B~x*DtMaNStEX#6-?qvVV$v)&=<EeCx8zR~2?iBA
z-6cq6{QM&F2cM=c$_PmpOFVmC11i+k`W8Me0}ovCYcla!=<ftpz)&&LIvsvXpFyEb
zV#gtqT2RGq><uFRX!eqJ*bGK3HG9n)RiA%5kXD2J%KOS%&L8S7**zHvR8!h~$8#cU
z(Yj(qY@dYL<FCJ_`8k8Muwm+%uNcZCM?LoyX_6im=54euZ=g+=&CtJZmIOzQJs(g<
z5Egnhoj@)C!U^;JpVHMHgA2*QL;Foq$f(weMGr8$e`l&t-J!yilr#ZtN|j}|0aO9)
z<lSwjt94?j3)dd3&XL{0vQDpTw>YW6H~3MFm&5Be#KI}flndb*h<L*k1+MBgGR*2J
z?NSL1Xbt#vA|}m|c?+L+Hwvf4Bs0WZya<a0Eg7FpW>*D}zJJZ3vr)VeQI5`!nMwtv
z^FeK?|44yZ&^pH+tOD5udo!2hV%L|yR@jXvb!kMhgd?W9bui^jKZjqNZ(%M&;xoLU
z7!TAqPsV*61+b(IbLdqfaiA_3zfeRD-Mt^kU!2L35RzS(6kptZR)~m*kyo%F#<<QW
zgNzCS8AdSQg+8717XMv!Y2rJ?A>KB+6&>c`GO$S+9sjzfr70KxMWQ{0F)_p}Ez=Kp
zn-`jhup@|_p8(j%SB?ZGQAonYV|TC3V)``fjKw}U?S;5g_voNjH}LJOehj`?unYf0
zBNwX%!CFa#cLspz_p&0-19t_XQx&xQ2#yN6QOJ^u6Vt$`eh9&3A{i!yV@W+zw+7^A
zb`*@*puFc+fYJ>TkZUSRbG{68BeNKlbJTsv35E`6C#Y^~oW@U`t9%I+?dS5<_t290
zx)4ElH3@TRQUvr2C7dCi50Z?|oE$hSrIAdi&JXH$9Ss@(tTu|>fI@v^AomI<XJ$VC
zXJ@K@@-4F{?N0*FO~speZgyNgnF3(QYtHms;E+P8Y!WrsP1jrsO?85oD!eUlEW&IQ
zE-J%eM)bWp#`TS*t+M#p5zT8K8_XHrS0UKDoeKak!|S+_B)sG@m<s?(TCdJnBAe%n
z3AVEP_BDNJU3AWEg}r^rN55Scl2|RSoF49h^|qwc%1sH9v5-SXvlkh&L_lKVXVN2?
zjNF$p#MDlzef6L8aWGY0&AtNqF;V+Z7p_7-;6cuqn%3ZafWw7fEFf(UPn2DMo1Guo
zAmDuUJ*N=>ICL#z>!AsQcajPw{g8uOiHS6C|L=PuTcqTIMPkIZH%$LY8`+++Dywfq
z1?U?SN|}zX5)pc;<UiRnP)+)*wY=-X$(H(0<6-jdG^S_&>!e}DS6ckySDL48D(_`i
z4Y0*AK6%__1B6KtEyM!gkh)hYSDS|zQ4#sMDL!4Wb0h&GPar%wjgB=f3M`7HaVvgq
zHZn*%fcuI|@H`QfiCO8s<yN`6V>r#4c`s*%Y*_Xl1Y^LyRtm)DT{4orA$dc;-#Wiz
z(sL4tE?7!XN;MT4E;)<>0WC*Y?LP1P=kl4!w9T9wpOa6s`2IYLE;C%^7eG&Ig(D@R
zX-)ADs$<9OAWGmV-2Xf;fg@P3SV2@t|Ig{<IR<v(qYHeAWStO!LjNt$z+2Q_SAC)4
z)P<umUO}$ghGJ{N2zb^Xcwz^Db35PxpPs7ZG;NubVk2`wzE2bEEl;`x9UJDhq*@r*
zU4Cr_Y7n8z1Z?`?kq0;!h3r8us6Cny+jyaALX1eFK_>>L=4u1Wd2b@5xaRF<2t|2!
zrH2<5**OeIAPizHX74e5>wK63?FHoz68g8yq_{B@Qb=Zoy*`<r9qXjsg#7Bajq=3=
zCMhQtP7q0f4B)~9r}ql)n4sMTww=jT=*Z_Nv_LB~zot4SUqV>^33xdsc-8pl2GF_U
zHH!Hg%$&ZbB_!W!0v8O4v{uI3>0>^iLP#}JR;3m7$H<1Z-&?@*pBYyhm|6=;QBW*k
z+Nz^K%d<@H4mp0d7u+P=3pHi9+&iVxIgc)etKU0hrPOQ<taCS<r>BV4vgn(C^>iym
zhyRTYab76}nTsfKkIdItc^}~n^F8mBgEGp^pO7OAEI`ye{$dOXQ!T#$374l<u}<NR
zz|*(JZiZ~X;r?Vf!Fd1c&jw{aAn%oI)39CPigiu8N2G*|jN^;Nw?#V<neSwfFMdIz
z_PFa>()ZFop<GjIKtETuWTB5U6kf#W*HR+nn)R{XGy&Ao^W(vGmn7uNm)2FAGUaH8
zeE2nYw9Zj5u4v<HNsA0_f*lGZPl{Ce*rRxeMUAWm9Q|v(f<fhz0lRJHcol2o^Fu^$
zdTC}h>M8ZVP#`~K=6T`9coYFG72Y*YioW?X_M!+9B16m^{kCu)0^E1On(CTo&^(CU
z)&)>5A1`@mPXo^K-D55bDLZ6Mrbku9zq&~L{UoTKCo`Ee=+#kUe^e+Qyx&S)!gq!z
zoU#TY-rWWo8PLc)89VgFC%uq*@$s){d}b<UUCBBs&d<Z>b7&0M$;Ng>%O*IBoa&Dp
z`J*pjoG6+iW{6Axk=<K6!+waBtEK0aGc0eZQZm-=G2?j4U6vV*6bS27B6o972dT-H
zkPiuI<OSK(-7WlxlC>La7ud8Ptxml7i9`%AV&SHVnImgyy;Y&t8vvyHx|@bE7BiXp
z2-i3Y!t=rm(qE>e!So&|NCVD{18?3ia6u-Y79G+9Li}|U%HDf$bH-+d9AT?mc1o~K
zeI2>XO++nv4ugt@uR_4}*A^!^)ruQInePg5+4g;jlaQjNfky*K8#+25mj4K{!72!B
z@vhnA_D(QiNyFDIf!bxD^?M?kt$6GgA;_TAN-)jz5hMJ-NO-u+z|o^}e=!NmfOg$V
zaH{MyniTd^e`pO|rdj#2By%bKU=3KmlEZMO+^^i=Deo%{H*u<CHv$-C#v90m(omYU
zGMM@5KWLleJwi;C^^8UkucniK`(mc$PtdN3$uBx>|046D5vW_ndUqR41e;cr&WF!o
zO;u#*#dq$p`xzl<oH$E`jW!y{p(_4eIppV3J|%eP$s6Yl35mvM?ats3Ar8?|R}i&w
z_V9_3h~9Le_W7Vzm|!Lab0NF_-F!nkb#0G93T%sgNQUsb?4#Ai3bH1wS!H&-aOY&v
zXggaFG)xYsI^_$m6>yYCON|Ry^6nIr|K`wBKN71g832H8UN-WlDO8rM-IOUwBv>x<
zFK`WbsBU{-@^I${^`~Y7v8Ev=Lk7#EW`2z3b}hVHxD8$)X3c?!U|tl(&_ZHM+zM3Q
ziOpV~eQcsN?lhj>;uc0FvZldLT!17rLW6<q$Tp|DAJH^!i~V?=yRQ>@xS{Ak%fQDg
zY)lF;QCluIbeXikGGz1e)|y&BcXsQR(eb^WFP$zLZ9Od`<HcwnV|S%~lhG0c+=4!u
zhRwXlGu)X(5KS_0AJUm(rJ&RB2ygHZa@cSSG!ySEnWk8v86Q{CLmm{AJFV*LclRKa
zS`y5>=wG<kP2SNfi7HS>nSI5tY*P3-)#u#*dPoThysEzE8rzW_!aP^pC*f?_NZXSd
zPQ>wCHV)h!)MxstmTP3v@^X*7_)g~JZPCrR*eATS4pmYW4as#4Pt>>FLjA0*RUlLM
zZY&Kgcit)ke%RsJ=P)&^p~!<1zPS~GOK72Gg|^srxJ1BT%uiB;Bl33c*N!*x*O7IX
zYC?av7tP8e^In=;Ta0Q<j<HOFqh#yC%>E|8bax*mf1h}JKxK<i_gbz1JRsX8oO2y|
z@qD{sSz$!CL2k(0YA7<d+B~0kZn*Hu-9;T!O$Yeeg5Am&BS6{oodO9F{bvMk1hDvu
zczu8NkQ``HPHUu1F7;;LU&i9CbRZ%*5HchSA}-6=^5is+;(+t7&VX26Cx7kB(yV8V
zYDlyTbi5X-Xx*OcIp%9ntPuJlc?BAqpI@>Hqr4o+G*7t=_WC)cZ%fEefX@Jhg{3qg
zn#<kti9Js#(9Ur1Sit5JQh&(g@GpJ<OC`e~s3t>(IERSNHanIY39CMhd*a%Gqn*rT
zbS?FEl?n+d!Y`BpMY)XxP-p%%z3gSah<N4(;FhIAhJjAdobgHC+4gi!&Ekx411)`P
zU|_~mXH$Gp1N>g&ndFKZ-N93>q2WC9iZ!PxnT=-+io}TRNzZq)Ct`O&8=w7cK%$49
z{+PLkc0Lx7J8A37ip}gWnL2Rinl`&Z*6>;X2Zh-3On9gmCYI|)W+X%d9R+sGWI8|c
zeYdu(1S?W~#`LpqXahhVq)n)GiH_+4vJh0ZM7@^(NEEA5bmz0X0EI6zHS&_QMHvbn
zKN5hWr-8%uzn=&D=nt%AY{EEvpvVch&ULN~-`_N;MP|%LDZ?58mMx?$HTpOwpKnIg
zp<%ghPYJjGC%<)W&Xp`*^A#gM8(j)O>doy6Z1OkAak3fjDU)FBOpeXO_B+}r%cH5b
zRg$+7L`La6-?e6K-Qk^qWx83(ctDZX&zM!l{ai#J%<^STr6x~#Zh%cH2tcW8@zARt
zH-_{Hh}gJ6cD)i&;D*ds>hxu(nWg)0AauRDq1nU#B7s;HN05Mogj=k)+^UfYx$jX$
zUi$xF7>FXyN!>4u6WRSlKF{qjRQxIN(7CsL84ARVXx6N*UDU%v)-#2ZgN(S+G7bM4
zY5gKb^_s5-=*XxUM}dlqP%r-7B-nkHpqIRn*z>Im68s(q$eP6LU)%Ku1X}<sKn3&S
z@0_4O+Cf{$dgG)_(YBI}x`*3}>}}&?+-q4!Bv{B5G050;TIP0n7GDQX@FmC*mV$7x
zPc7lNMvF6ywPWkZj2`&;AdM74(i^~o$f_ONrGA*!gry=7J8>bq#vNgwDBK{%{*}ZI
zy#*?F_ZIQvM@{9xTe>MiK$g%m?2y@#-ag75;TB#DImAKRvbWHQl>33uo1OYBFR<6+
z;Q9`d8K}=#+Eh<(8;e`J7$4qSOUF#@xYC7RgD4r)tok|(hEukj4&0Kt{sQ>X3r`mI
z#3x`$9G{PUY^U_apt0v~9fmhFX&9k7y^Y^nc^-=PZ@9TPImCHt)jZ_3+h@sB&ibyP
z%bdZrUpxinkA_&)*X-#s6>AM)Ds9+115{;0=Z))E_Gj1|uypy>1V295RY1osOqm>N
z_$oA5XvLZHUA?w^J_lxj9hJmImZ{%$Rgpx5M3?OEmm$f6ucoDWRd>1672k0en4*lr
z1I5RayeKG(A6|`+10;4LzP^hh7rT$cX&SlMed>;oXv9(ZNn1@bJ7;Z97W&CBu`@ir
z7q}|PWle5XQKQ_Jis}J=#gE$3H^O5YO9uP#p3jKMH$@_qNvUS@zE^4we1h}y7knwY
zN^W~UeHEg0AdVIsMA-7_ut`6ce|mo&5toW20?GB-<33@Qat#Yy5EF;r1@$CX&;hr?
zI6y*)8<c$H_!Q-+dW1Q28mCOARg<^Afx>(3%bcP3KaNg~EI!N2bL-N!i-eewXZqmt
zP6N7u&(Q9!kt@-Gsess<4dQc3U9`IY1#>0XnY|!3U09!B<lS<wO1u$wYQ<b%3Y&`g
z<$1bp$xd|{W(HLBz#^TGiByOR`jOok$m=;bnRH(^T+0mp<`fAg&BT67AM*xlC=`)T
zOUN()g8?kw4=FrCn^ibR6by7?qa@AKiim~ZA>GYg5HNU+8N<W0eE|-V_Q*WiuXxO2
zU!Ts3qwHHT4lS2MzwrL@!GPWn8dL8)i?zZqD?ZG|adVN4Zb*&=jbD!QHZ+7vAXgkj
zu!6PK%hvDj0eFOsHtcj}%cpMoi)<J%zkr%pkf?L4wI1g%X+zEGbP2t`MB?gHTFYT?
z%OxD>cN!{dbH=i)zZ*#7;g;SNI9(>&)~g*xIf==wUnF&}{LBC|nHSJ2fXRug^#%kt
zqfcp_|95ad%P}o1@^JbqAym}l4g|jxeJ{a3xY>+5nS6$so^YT9h~$(to(*sg%96Yx
zB@8<Z<dfh*ai%W41?Pd|mT}z7JA#98{`)>|@9_gXA0}}zQXqe=?`BK^+3V85$Bo8K
z!WT`by^D4|Hh(D2G6Dj#le1;a?b<WK*2^yK%4HwicIDfy)X=6VN*}M{OguKe(&GZn
z>qvGX>!585K^#LG8xxZ2LL+81N$DD&N;b~bfs1M!%G@_dIzq^Ee9x`0hZusclwmdj
zHt4so-E3fMuPmh)TrECMu>_6DEwDS5(^Ck=2Wqha^IQ~_MA(V(dO)%6oC<$02*bRS
zZ$5ck7z*ffE|X37*=ne;uvx&6uF+GEagrg2=$0u;NsWOS;@MJLn;NVxmnNR2E7}E8
zo1O2t@5Dx*;CaLm-E!dC7oQ)Nnq$8Z`uPN39!)GW%0Wh;>I-KrqDQW@;#9O)qT8@$
zEH&@Y$pT$?sw>$1b)$sw_YH@Gw_V48r_GXynYeCv>9cCFp;oAhQO44|@7bix&VzFo
zmJI(`tdhL*c9f+OrBgir&q>jl@FWLHZmP5WLW<Fd&xSG~B`=f@)6s7H(kJ%j&7880
z*hd=lJ-k(8q&p%AYvBhn7YBm88)67dvUeMT^8rl;6K*$UlUZ!SAmwn_vRQB`xE2mP
zux=3jWO;$cp*GalsCB1}3&CGg4V53dT>bkyXxV*hrTwHuwQUiP!UIoW!kw5P%C}&V
ziP7dvFi(d;y^iVLDWutQ`1KB-u?$C(b{(DvM_>wI-9_rxi)*jLr{b5k2Ag5*LKvRs
zc;u2mJbXcVDxK>nB)3r6axD6`j*j?`!)H{26<0^Cr*`uPLTG!Du^k^Kpj0ps7>N}?
z>ASMXPnvsUwbBhkTPYmDhy`?iejSxa7!J+bkvioMqDI?iOq<7s-}cA7IAtDE3|HY~
zCEQJX{Gs>32f!c=Z*awA&+9lf2t76q#EB1Nbg6S|TH0Y!PuEi{ShFSg$r9{lwwY}0
zL0IX(R-#`nr3`kK&il~sZk_Hfxx$(f#2d`)c-|H~-JS-z4R6(}Y4(VyI)M<c=E?`m
zZW(5ED%(=7SnM3iNU<`f4t2!MRV;^$$<YlG;*XAQMh>TNavQbqD-)FE+2%*2=~EnS
z^9Um?$r6aTr(m}nkxA4b5rW?2%I)z^_5ID&Wkf<cXG%DVjb}h|j<XuU3u()q9|TgD
z4F$%?&c75@y{rGx?BlIcmt`O1S@$N2rx#IlMa1BE0b-LgeY)p8sv&LC&xE}Y>gQxh
zl;v3pKE&8JNOlv6#>Vi|SXr`~%r^zWDS|Gf?cFb1JYt^XVF#eVd_TXR{Xw1T9d?ak
zu>LAov>0xuArNtlOB<Y!k#X*UMD?u_p*Ncy31^J|i|sk4YRWfYgTco*y||>$Q%T;n
z0MuyEw>2x`#hh7|xFGtPKw)8)%%s%;g__pvG*A1h^G4h+!K8(H-CiBZ@KKtXvA{hY
z6thSShhDlaltbKEvE+UZNZ_?e-aQarZopV=pgOe;@|{ITwLOvk#kzIUreCAcIP?c2
zzZb4gNR1c2O#^4{bv;urZN0E@qpf{L)7hi=$&HsXEkWTDfES$1_j<GWWb7UaL8Kre
z^PILf%3_2MQtD)re35lYd>{YwvCM~oM+dlwSHCRaOrcp$HYaF)EeMH+B!R}TzWBr$
zbMJ;N{W1C3Kmh}FSV~R_s3%YJ=%Dt>3v$qncBME8ZFpx7o4}<gk~cQi;*LII^XWmQ
zUoRvwmG#d7oSr{2RHrnoOaz<=K#BPmPF9iaq|$9!3tHoUI}D{Kb@aSp7>v(fP#Fm~
z``_I~^Eiy{8Y>Gz4SC9SDf${eY-xPj&prRYY5zzbxVy{`$n(29x>~vD1G9h<C&q=L
zwm^yqIB|#;<sKyo;$;Z<>?4E~YTGaq+JX?pAF(UW=aXN!3S<okNu-;e{*CTX171!N
zHkuId&|PCrJzQkEOiQJj#P_MPolA*M$ielM^c?YJ$jmuZJ}wPu<Pj}gR8E^AFs;@g
z{;PkcH7bOqx@eYT-`8+NiZAhwmsd$7@~nEwIR(J?UNQqdZR8Q0Hw>BT!eC6I65?hG
zOI8Ri(jfm458(3aCB7BEfo0pgUjgBRyj-XxJmUhrMOsi0p>>2PEVK#DLd~G(+QsFb
zpX$8;JEXPm=ufl)q1)w@lY(E0o@ltkNUg!(RCR!p?QIUap}mzQLrz|V_RasfO3KxA
za1n?~ojKzj|2D6zt9!}!7>z-#!x^xuSS*DpOezqmR?GJ(8FKn2!t+qGgPFPxh3uGW
zd5l{pkbs!g|5axDhtW93BL#H-om<m;7~6a_;wthFz0vNc)=U#z^ju;FDrvbq=^K^A
z7rI=0@5!db@B7H6J_aLFjknp*&&!6}Deb<|8WYL@7-VDd2)Fa(4T)7shExf)wSM4f
zW=P}fm0XMz)<9k)+o$7i{TvHT-~7=sUW7-<-PV8y{PPsD4sA(Vi*qxLNi_F~@BB0E
zqFbQqWXR$}o%{i|Jj~$}f&i{@N&7#ZmFiK-g!}>4KhgZsCbQ<lgUAr9A7?}`c`nH{
zVQtJ^@jx^}@hyuz0yjjlJ|rPTSPXZd<x{<5%QI`3M^rxUw^t`)+TpxW+$g+ZS${a%
z!I)x1Dg^_kmYZbmx){?VixUfG^WOCRncwMlUrlOG)ZxXNJ%W)}{uYJxe8q|&F^Dzx
zlM0)$liYQKVom296iTZWXgUIGTp|yh8D%kuB5;dgPup-L6d*5P&TJJdA!DGrRl;^s
zay+%?d+pC{WPTvRx?A1n%C_nmpC)#l9yR14@~_tyi?EXf1IxR+y9owG{biF82EdnJ
z$fP*PqAJ8Nlh^$3#_9$!(v0qtCWYM(hBTfo=a+F<ps%Qu256#BU((Elz|Xcs(cX(x
zjQw0{Hkx2YHdnDM|HIVKdR=stf?%Sfeb^hpg9Vo2*P?ksk;Lv@Pv&1oBu~jeF=*WP
zPwGut!>57ZfZKw8?16%a=?DmCvH!__E_QpyXEyTHN#TeaZVMRH1jJmU%Mz9uCu(zU
z7hj1}|KZD2FZyr47A3tlS>`U5T5&vH8xSpao35_hiJgoGE*|}@_Jn^2l$pP3ApoRC
z_+?RjQo7WYuQW1a*U?JJGp?<z<oaLfCAT;~hsJh72l;4Q4Y`O3lI8S82?Fj;{f4aj
z{;w2{;Wmy<S*@VMRY@K=A=%}tlGF%I`2?iJ1-^uEbylBmSTH4nT>3y%7_;FDn23j)
zl8=G8`ZZe^@tP?<Cov1`+Xz0z(<h-M^L;Oll6joS*Nb&lIekq+w}Cw_v&kgx4;ebW
z6h4gA_r6w=nfoCOCrRxiwb968r8OuiQiNDdk!8lk`lZN>fMM8qEH#)xabZf7b{?JR
z#6+7Be;o8{hizV{EhUKu`knbq5VW3pM$!~yh0NTf)LR}zUuIN;^e%=;n@9AmaU4_x
zETx#*WRWDCr#E@rUPMb6(0M4GW@~fLwV?xgXkDMYO1J8W?E{-kOK<SVC^;K*yMlqC
zqV_*OH{fX~c(0~}jBzIy2U%wIXDa~7NP1YDdNJc72(Ud+F2GNWn8tsaw4_)%NZY05
zZ3t9Pf(<V5a+gWFrAk4YPBtvqv41WCNG8Ya1u%^t`o#jo&w6jWj2&lmRVq%T>5{gb
zz-nu1`pY6LPgBzL3T^6sDei~yat(~1DVBqq^<*)lL-qzVDL>J>k!Q{yOkjG13|6r8
z4^G5A##V-VM~$OK3_gYr_C$Hn2*ccN4>U+sMgE3U(|ej~#z4L^#VdGoFEr>a;zj}T
zV%r6_wTc-=YdyRi#;$2<x&))9YNe9V-0$wSo$w|{ZUn6BxP+bsN2|`6n6MvDmjyo?
zYx38X^Wo9eK&zy1hE0Fn0$A{&pM(gDIm?QM^b^|ScP0#)AC&ZczChDYUfy?wynUi+
z0HHrRt`0h8qc9Q_%<~grl7|7wXfyjpy_SAi7Jhy(EVa1#odYmr(mnyWh2pmipUiSJ
zu?6DB7}$mDbYJM>g9PzMBjYpE?Mq|Q3RFXWUmJ0%^2|lU(^91?-vS`VAHZB9h4Qr`
zq!#9EmdH}>vAI&v)LwVfLs0no=y{6>@V@c?LB|t3QI=n>?QXqS&?)hpUDf$+j{r#x
zh&stUa*V}x9r<VF#!pILUEmVD@|Z>-W&JY+Q+D;gPXZWIKUGM$`HA!RQEEAzNF|!(
z!B>MdmS!cGLERVI1sNYtHdZ`to!@D4dUXDNGqGddB@Lv_(il10WVOt(@y@HJWizK%
z|NkAIHEUpiS&Ot~^&BHkZG0J!xpm?RtA@dE$s#8n<HKY<FRD4pReE&sb+(3c+5eA^
z1-rruMv8I2s=&_#2mZ|NBb><$O#H$r059>5L}rKcT@07*^|>VtMS-;|6ik5H24?N?
zPxP^%RpH}>i62dvwLGYparrj^se8#ZrMq6+TmS*E)LQ8nFbaNT#rkaq#(k%Tv5A8l
z2E*gvV0YnmYnuvy;r~j~s}UdZ?(UHFL#Ad-qkq;=&*S@MstY-DieCO%j1)51aDt3j
zxl0R@HFbc)3_uW)pn+wtpU6OxdexTC0^iI1OgJdauK)w#a-7{!3`#%^PvL#W?r<^D
zPaQE~RBlY>;yapqv~-}?N;d@;4k2(Q5XAZjDkS~Z;E@OzN^F2euXzLF)8!C#asDtO
z94cx7(PWEgi@;NXuJv0;b3kf8$_03L*SG6~?{}cvuZYLTj32tIJ)W^FbC>L@LeEmY
zL}@(lPS@;?a$$8nIjppMVCLAA^qe<A_c(W?zTjiM6I_x%n27+KGOA6#T7=mh;Vtq|
za&&8&Tdl*2=pf?8;3IuQ_glt=VWE2%tMeGEC6F`JDB9uQ7Wn3b#UiYg%ohV39f_aX
z)WG2km(kHWN(x7*!bPp8EZ?!63DJHVqFSAks_3hom`Zu1S`7U0BkX_;WG}^lWqDHw
zlYWrtH_c`%nd~<vYmObv?uXh%t{-|G<R`0IPQ;34kO3=Tq8lZKG`Y<S7s!FY+~j0n
z#`+3+C@L*9ceSnBG*o@@c6--|w3Uu<kYJlweEz=M7q>>u_QZ)A0@sO3Pg|w=*xZPP
zkxps;OHrZoYW=1bt|6x6h0Zh~XM^3^{`+4->&mzL<njQFIE?m4q7mamiTijqa)56v
zC#2}<Y&=1p?&FFpcm`TU(s$fQ3`2!kJZV+Ukkwyt-Oo@i*zk2l!&S<_8cG9Rsr<}C
zqER2?Q>Xx1BFQ8yWVL~lU8QUS|AV9@s+`92i{H791zYPkD~Zz$-zRhF^DFa=hjn^R
z&e~IRv~O?a{>>o8Z2wHGWb)d`Y-zy(Nj^&I0eRNye}Pq_1hr7iPCFQJu>Rg-%<vAA
z)2wA=b84c94ydoD*EzHfbeAS#nh5Umy0&GAhnLvMT6SX!R2xFL&a)@9KYXi4x2{VH
z5{DWVJll#Bot<3}d0ycYr;Sa`htTW?%o!<KzdU93UlV#~#UY`^<*p@RqjRTQ^d>L6
z$Z9mCBeCWT4m+FvHnuQd)CVdsC*D1Fh~2Y&@?HWmiSMr(Gss*yNY1%2I;eLQnu4$%
z`EUS3K)k<VOo3yTE65c_MowB|$0>JLQG+*^!sw_N&cffTXJc*<+J>A+#<W_;q;P;g
ztC#a$*&=ls$7{#0sL#SQn8~;1VLc2eD<iqp1oi)G3%Ef;RU|>m1CMPzRsR!S6z&on
zo@z#7$4(i)YfWapxG%8sB)oziwIPPiXP(9+L4c#s56YyWi3fsuJngUbvxl#y50MNu
z>VFN<VqSS}&fCX@dsp(g$Z(iaIaY9E2HD}gtDCb|Je!P%ZqJ~_;VQFtc^d^To}ezY
z2nxWuUPt`z<kzSR?-CV7Hk<}ygK9x=fMTDE!vt&y5ka&iRDRcrcVDVyZC>=&7pTDl
z(3E;72H00p#AIKc%Y#UX5@D4CV&~aIb*M*Obhfq1f&Di!cF@>{$qz|}B=9CV0^_zW
z)tm^cZFSLBjzSujsmhj5lqGG#aC1wMDq~FsZ9_k|K9%5Em#*V9B;G2QK*+&_kRko#
zLtG$64$>VoB&we7-b>ISKjPE9<}F852A&Qogbe4=0`(yd_XIn*4AOHwrFq}SKQj{n
zRb-^C{V(d5Sn$G8KxClRKxWjqx)~eB4jI>zeysk^S_OR&8jU2Qb)u|k)k4@$Tok@D
zZ1#yVP%ZI35Ea4+;oROmHXRlNV7O>NBnaJZ8U%aG!ldel7p|Anh3=N!R9Yay*mIz_
z1IrW&R#o-t_SR*E{biZgT;I0fi9-RbEZIB5k|v;-GLrFWhk;Q?JKNYMZw3?ox>}u;
zn#V6lIAM&zJ3<DxAq?5A+ehY-y0@3wdCHAxmVMZ5f3Ls2*WJRDMk%?4YA7JWc74}t
zyLda|C_0py>RcuXJ9@&iA5(ViF_ts%<^Lxn<eV40K5MBSXTaFg5X0j#ZnMZ<A06&e
zHr-f+f_&+w*1uH9gv9IqwB+rb06`7R9z}ZI?-)XqG1TL8TRP=<p@?6ASI`iC9dU9~
z-5RKe6};*;188g>f%@v1rIH_fG_n8TBmBia>Aorx%8u~#8tjx<@ZiCSJetwUodYie
zj1WAJUTeGyWR*538aZA4$3R^1iL?wKk^NZoLzyNab|Q+M<;*aBIT9;3VZ!qw{q|4X
z=j}{5YC0kR8)`%Xw7Ou{Qazm8P+o+#pJ8B>pTVY;T8l}xa|B_<?t{-Wq3NP0{YSjz
z0$NjPKLik|eg!M_A;C}nFLUDY#qHM9fHc5Lh_%^oyGl|{3)X^V#3r7-)3yzpXWJnU
zH|&+No2PE}OYtbe65O`5mpbi|W(DXa&OE8^H_3>zqMKJbDLQF>M;_0x;HHn|H9^u9
z@a#cxU(fnB(hW)IRl24gAsXeu+E=tVe=Y&q<g)7jch^B7K=o4KbAoemPzu)5(Nkkd
z0!rEZtXF3jhpmAb<<1=>Sfnsm!)Co*TR2l8&QD+v`4`|mhBQ%%4>kthxBCnHMbqvK
z5p`%kqOH}sAkmm)eR}N&obvO%O%50-n;@)-Zf|LGHL(SI-05Vg(h46eo7<UT3693X
zcl$k4GW~D7EQ4<(BS{a2J5rTZ?O1J?oY)g+<HI|+n_Z2f{*U`X)9C+>#lccl7&5sN
zQPAy^5AU|CX3v`+Ikb>3nRxt`hnF&KvYn3X*raL~c{<Ov{>s5hr$7N;8vzi20_HJU
zEH@bhj13hZY7@onVvjUz1&!z2THrgDH=U$Eo~O)&lN4V1JT&dScR<b!5AQ^$Gseme
z&_GUJ#XV#aJL}f9l4u{F=iW-+RG;4LGZD>v%d84X97K=}Nz3N8BxzkE6ktR5s5)^$
zcI|T^<q#J7$tTq5qyuAf<1JcsJFIeob4(2*p$RGOSd~qLd;$XVF-F{}I&>Dupbum%
z^v$Sw9pzoFz{WK0z{yZFBn9_iKkYPc<C{MnUY92yl3H>i`OYWCA60Q)94w#vliB(v
zJc4}WFT>d{UaQ%CXITcWJNyWu<D4Uvf-PK~wMN23qN#;2s1hHtyqJ4kO-e>X@YTNv
z<BMkMGBLu?ePpSM{oCZhq~hxj0O+dY-mR%vmeE@|GqCxFf2y6mB9^w<3BxVe)XCGv
zBb&}IR2=gisA&U`|9X_P(}MP$^KsCAWYS8}xro>+NAOd};{UZiZV{UC8E{47EHTu@
zPj|VUwDaW}n!>H){ex?38*0gW+(SWG=1*~>Z#@|-HTznS^3}fsdx>>*$a!GVphl?M
zi)b}#6^g|5T!cZaVo>BkO!x-O<2;ly8jOv(UFjs)Z0U6GAq#LHdIvdS1=Xr4T07tt
z4@k|2qyI6|8|w=Rm*8jf_j(xR$8&=gt)yM}G92lOll|u!u;efFn^qWnAhkR#K_=4&
z`rmb=(yCK~(Ayq=6rxu7Mr^$~`nw}czt~UArf;@eB}srJ<wQ*n8OE04)ydO7paPmG
z;KI#A$S0Pb`-GJmpChnA5|Wt6QIBNkl+hstf-BoiZHtFDlH#L&G#ahB0wanjb3@*P
zO#js}$kFbr&sv4a7)^R<>(D3O4?u#w$iqFN@Q?Tf!)QPemxLaU;`A8hJ?(y`w3{j!
zH?*t90AC2>tA7&alS&^f3T%!A-J7OOj*sAFFuOwTlzR%66cconpL#Wf%(2V7PY~Ve
z_q+}+^Z%l#eGeh^cUyZPUqm*!VTk%eGo!q*YV+9>?dQ0o{^?O<J#oNBt@7UIB6gVO
zJMW5cSkUZD3|ZjO25=waxd%CE+b~fR@<Yl?l^h@n8ae>cj?3;^9@>1Geu^yjZaZob
zG8SR;#+WfWr~kl0uZ;Egz+YT*ZUGUjd}O1*A;lw~eUAKn{LS{=l{ukn`XIS21t2~c
z-2M<nR^eC9Z$BG%;8=cuuD=(}PI1|b#b3l}WYilqvEC_Y{@k%VsVOSzjR`(f5(=d(
z7AQsbYp-cZP1JdnGm;lpDabtQ=JNam`{c56MBh0^dIeF)q8^9sSZ}Q%9;h)0yUu=A
ztgYmT#+(P*H1FuiUjokA@Li586a)92?r{y@i!B}Z!1Q-ciZaC_53dr9PZ($HJIXi_
zl?QHpotUDgucyd#uNC>1#wbPc4>}wou&FD5rMhh9h&1M?%pA_w6GoDmB5R{@XUX9J
zajr}znn>#THdTI~ZRgmxoa(3`y>drM!RrN%7O_?;h}dVW7LN;b%XEpiTF6ZJK_JR<
z60~ChWS(ldBo@O6YXl+y%5;m?)z~Vile}7X=M^6!bC90n<5MCiR~M0Qn!P)-k8kde
zG?&p`)9Tg%79ch5SC?!)Jw4Gn(+M-URKphp>*ZM?*UW?1l3pt2FjL<3(frUfuSZTP
z4Rt1lJ_TCOLa(cWpGt?&O)cMDiY%zT;NAl=jDmig(Dj*-(!TJ5Z_M1e)<W^TvaGyg
zS$^3P9ceznF=Ivvl37Q!iqOw>-%})iiHnl%<w>1*DgoN>&YeVn9IxzFGXyNd)V+Wp
zx-}l`)ff1p$5sM3fj?tGb9YL3EwEDearHp?n&m03w9s0`DlL;B!r&fqi(J3u57A*n
zM@E_lT!_Fcl^$PirR5J{Dno@kmm=s4t|Vq-{*M$v)jyrX4Z;#3e6pozy6Y1=o%w=s
z8#T+$)C@x3NiR-+lzkik>xa-eebHL(R#XR;rH{m!<AWyXVv2wudKeg?<onPZ|KN(2
zMJJKB0#ST#gcbIperDz8YD4p#?yD%?jq@0Z40zA+p9tx{AkM>@DaHmkF5$LtsX(_b
zpvef`WbEYTkLKTB&aq+CGgX(^7*1&O#A4R+z{0cuIw={(3}6kWryz6jQZR_1ZHIuo
z)|?#Vz<p|H7W7;}y<|<9!crUQ=02Rs6sv^vNWWvl2VEPgkP?~i7nh%H*pX4$ti{!2
z3fAe<O0{A&`nN^a0?FyHP5p5Zt}MO=OqlV7Zpz}ETJG$b-na;Ugc+nAJjiPw$o7SZ
z%rC7S#fPqQFyP+^%|Ebd0SeFGR;+LZyZQ5FM&StN;9w01tvJ+>7+_R>Se`7_+#|nG
z>%1R`3t&v#srY=L^JwkV2ll;8R9Wy=`~}P_Un{S{;3BTTFs>2g1QW?|ilf|f^zTS&
znPoeOp?@7hw~0i^hN&{sDuHk2ce9JCN4R_Db7c0ow#cPpRry^i6&uRPu7*>)VBH4V
zs>v-SQ&W#EPm=?G<FU!s|2Gg0@?Q(#H0KuI1eyhL<W%3s76hkLg@N+r?y%!nZ5U{A
zc4kJtE-mt!m8OwVVt(D#xLAL>{mp5~7k}c7zYbZ_Rix4ash5STOP(vH$#*gG&$hl9
z8%X)9)op7)AmJ&gcQ}288{Tkh`KpFOgkd4NJZ+fq)Rf`6`k^R%l+y)-3%|xwRNrvS
zI`GU7aLB;TvQBw?({C))nTJBrfRI$b1rKlkOy<-EY-`Nk=j6JtA>&P_@x0{W2mU83
zl7(WY_wi)VB@uCNFQDwTm$nWldmVonsu&wwQafFh3%v-SLee0VK3?$*A$0~^mjF<A
z@kiuuHZICoW@x?KhjNTDH<nv~q=Y6=MTd8V{Hkc?j`&Q!$fI%0t~GU97ARwwHL^ti
zSW&7)mR|iKs2M}fNZ6NJh`BDo(K83n#m<Ta6i?ioW9zi;G+Lg0{?6Y39q}lAf=6w5
zT(20Z=9XIj1ZO2AmzhT8X_;@&;WW-L+D8<r+e_2_fG&Vw<S0d#u9z<WnC>D(n<lad
zJ`h4=TR<}kyCG_&GAXe~=Q805WDOtT+eJ7RdbSE;&fy**WnuSJN9JOu@|>=ZeUS90
z4u1N&8|9AL?Yao2#pNWD?<@7kSGwpkw8y~;t^t{}uTw%gYBr*BG>US!-=WVKHMOY-
zBqNXGQDCR`#*-d=E?eN2TAb?Z>)FoRZdmm?oS$Q+3eHS8H!5XH?ro-H*Pw7SrpBgz
zDIZ_j+24ig|7kSq4;Lxw<IinVy1^w7HWo%+e$MuXu=K=;-ePXtiAnJAp|*O?Kh^oC
zD#>&G_5*}vWBrE~!CAG<oh1?+dI?v?z*k#a63Whg@0KdMQSTCM-h~M@+&nYSvo?IR
zlBs6d;Y2Ld1Nzx(v~lHtQOY&mXH~@+f<k#_-X}YnYe}xYvR}%G(N+evAs<lfe8RS0
zlW~MIFMfDYE~!&2k>~lCb@V1H)Pf-rZE8^xXJzrTA2V`#7yptTsJOYhAZ*r%{3S%&
zo_S_gI4v|NZf(^=#X)mUcMU;@W~U)EU7gYXNW!59&)aJ1E{NnBiqNk&y}pC8>Z>zY
zefdxxaKeLdwa;z!e3sHeH+aNgI2{lZc2~6mDzV{cyiVXEE2-uZSB?fl(i9t=-QtsX
z2l`qgJ{qQc)MtS@Fl%vzj-vsenOvo2w#d4=1c_?BFOPJnR!S~Ualsxm)7MEEdo#-(
zv(A*T;}GHAg{?St7OoQf<i`|jg;=bQN>*0q1X+*J&h4r-8H=*a>5V_;`vwSf;<jxK
z5o2tDCWlhF7Oy8D83!y@u2y?kk>?k;qcg}Z-@(?W;Ux5Xx36PEvA@HF&50^R`kLRf
zhs0IJGXc<1r9wB2{zJu@q-9g%5jLxGCL^D0UDhI(Of?Y7k*8BA`XS#~;Vx#MHv4o;
zHF-D5?RrUG(ttabJbbh)7i`%-XPvRT(CZ7y6MS}d*q*r1IyEJ!GJ_u^1ka{@)rY@g
z-VJdE_^?!c?&45e*(V9&>ju~(dRJEzS7_#vsS5v<x`xw?aE6;C1wz?){n{<`ol1Qv
zty(5abPb~&z5u8tY@YOVuAUkvgf(Tu3o3vy9m@??ito*=bN3%R%vywtq2}1-e)ZS|
zTNvez3VN&8O~Fsm(SGA7MdnZuY(YBf(e8mgT$K`+C`ns=ENqnda}tAyg^OiwiZP4$
zb+k>K$7b}O@&S6#=UeAOD<IS9yXN}-B>;MN|4K)W8i9y1K!X+4iw`-ovns{#;_XP8
zsLvp5Zdw68wuN3E=^qo2SFk#^tM}Qwbho`I5V^m*+DOkO6X%7aW8M$JaxyBm0w`$w
zsVzZYsh^qsp>Xc<hPc|3asscv&m7?vl)0r4eei>96N06+_VmfK6|`?gg%Al1aJgFN
zsMt&ka?P9Bw^+&%UNNgpCl_s_ydyKA7s_+ivxsJ5Zg8Xgc+p)}T3V@P7l7+O318Lw
zBe4;p614EdY6Ah&E}&-|!>a}D^?P*Y!=~2o*&t(=I@?Z|J#QX;QW3ZzBMQB76k83>
z80P`pU^eURU@FeI(F?t6N6(+aaGz8%p9V#Y6)xrDVSI;f(@Sp&5B(7sJs^K^yqqK}
z2h4=4n5o$3*AsEm1j9eDF0syhGmFoii+04mDHn*ZnPY1Ek7hit8g3wfQFl+<VYxNU
zGyq?$51!*)<+m!RTG|09<Vz0KKN<Ryt&*{em2wNz@qRx&avrJ=isN|`sX`Qx(a`S$
z93lbvZGwI`zpjbwk3j<2JArrxh`^B|aX~~{$7r9o2#`*F2y5%nvh4z=D3AIWzCXvb
z_U&B$D2b@A)XHGtBXtUAk+sic6vWQf;)sqA!4wh5`rajhDHWT)`o=Kq=?fokr|&t(
zht=#bMn@vF00!==CJWLo5v-{a``X;gP?VcO#v>eqh7_4+5~hAmqy&i1otB^N%aUcv
zXYEuq<>Ga6FjxwQ>j~{@JbCioyl!23p@1gY5;hp<(GkYKch!-a@wb3UoQP$*A|JTX
zbvnW|yhd8dP3gsTyLDCIlsK7i<P-~%E%OP~ci%xHqZQsc^YHm9D_A7e-behB(ELSL
zObyehP4AF1tQ!Gf{>;065!{F1DsKCse+4L}vCKd8OmGYrC^KG`DO<HEeS!Lq5Y(^5
z_0&8-CCy7bQt8RC(>sKGb-t*=wPIz&xcNo91%Wsw5SY`kP;0_JQ_X#b<oB+uq{gLy
zb?)<cwck<{jJg^<YtbmRtAH5Z_O!9dV8I+N7IKMa{DD?~h5=8)jPJ!#ILw!0=K*kr
z$sS>-`obRLsJf2f{QqU_TjRV-2B~rXcVR)p_j2^MctEsviE?o&tx~V(b^E^KUZuqC
zOKSj=BvwrO8JEOsH6e?6ASfYW%1|FWmn-{VuWQkaggQD((rDPfcunRrj_iLPMlFhZ
z_sit7w2|vL0iYBYYLbQ}l%d1{nxWZV9&*88%iSx-Ku&Kn?z$q+K6I8=UNsg6cs-ak
zahG1X-VGutzpmc9tGMhN>5&(GWq=S2+O4S^AyGX2X{Jg%I55+b4fkQQ`hglk7_sbf
zew~a3q({*Uswxo}(75F7gn!U+&}=s70a$a%R?p+9uw-4tXNBcCXU{n$bFQ8e*q3?%
zYuqMcg~<y>4E#tCDWCpmH)oAP`_V3<hR`_1=aJ7O>;xD!#pBB_nm_K}dzR&t4EyiZ
zSu-VR!~A^<eejHzf4;EOzA{dOSkF1{cg~7LPMfF~XZ)7kRc0J470`t>1*J4qvMAx*
z7Sh%#wVY|8D9j(W>C#kME%W{gUhOK)UYWS`NM@O^lS#B=*5@x*@^W;*U&sWi&MXLQ
zpVI~RH(m6Ugn9r;0ayPTA1t;^28+^Is+mCg{)u77pW=f`Hgadd4x*~)FKOQ)V&6x*
z0c4!@@I$?e#K_(*Y;WSNnGygv1Rq=1I|>^L^EeN)_2h6Brge+<Ro&7fU!iK9tIgQ0
z#pZg|e@NW}NKn<nxqAma-4ulGpob%TWr4D_*)RhTRl6n?HWxvIC~yb8lph^PL%hTr
zk%eXC)T2TJTCecbhf5u*zfAGRRn1#8D^^E4JrM|c^kzKu6K6c8&*yK{@x{LFFEX~o
z#b@TAD<QI*qaGB!`z0RQGkf5PP35!}><Q9)NSuGFTLD5{&xguXQ#%ye&|WT<;lfDC
zgy1V4Z<JAZm45$lm0S#U%T}TgOEB^T5^z*n>-;pr*0vZQ<MX3dWd$tPw?2MXa%f4E
zsG~RvO%ot8fBW4(%A93Lap13Yd@9stmeoxna@$4R!SfK9rU23LmOx_j6ue}8irL){
zUn1^vH;t2WS7u~T0+fn_-K+z3?~|C1?tn!D@+m&yEAxn@hkiTh7NvS1ZxByVkl|Yr
zU<OOPc31$wS=|`@gGfR8J$T9y2Ki5~<FyI7ZKE&B{RW9MQ?`bq1+(7fZwOE9s$DK!
z@W>1W)zBeik$%rQ!Kh+mHN`2`kj#`hpoCM=PYWq%=#Z$@nw?_cc&-pFU}W+9ChX`{
zjhjsy_WbPn`&1yww<(a_xv|VB*v&u=$?TwR%e4$*Wf<mEMjk!-`tFeuX8ppS@G1VU
zhFA@(OBu01>nBz?yYHZmyhmMK%e4NNA*=6jFi>VWhww|XX-_=(eQY>(Bhsx31A=Y1
zRKF@Q4fg-Hs7mD$qV{+v$Z-<11Cz*#CLS29v8^+wlmBhL=m7<P>&%Y$JAYO;DfdB-
zC+a#imf-C$V5KX<w2Hg15x~e6j&0w)gjJj~Z>vdL%<j25DngR{^qmNY+=Q_(O%*qp
zOL=ePb;m5fz)3s0(<N!)md5LJ=Tf;VR&nt0NbqKz-;B1P`goicPQwJT3c4Ef&|HRz
zIWS{tVG0Dm(Ft#=pqo=XJLTflTccZYyH=m=8tM;)G$#TcEnJq&*OiX$+pGilY5AO?
zc`IrY<j(BgA_6En4qz+SNZttas7(cKEhU=ii+uHX>zvt<#VM9UT0&QsURm>%uJoMS
z_MrXxQgu8f_h9lAYe0)aRT(VMheVhd&uY?7Vmg-f+Q0l|P^5`8UQ(qjewEc;L7}Kz
z=ZLL_7+@TbF=i{v(sMf4X`cBb4%EniF8Ug#m6#QwLr}VTv=Uj=;-LW;F3d$<@3u)a
z0f;lx4X2`)3&9^VfHK_NU_eej$Mm-{#Fxx^p1x|6gZ%YaG;6^BcEzBwv$bJa{a94)
zMsI<ANl}DBfbjP@v7NYi49!^sA=PRW8K!el;W|s@NNG}DC0yXjUOTvGQ?`bw$j~F5
z^`3>6(PA@-A`0)<IVZHXwsiCoy@hwS>!hZJ2pks9*}0qP3n72ZzfzOt`55&ObGDp>
zT0FG^X^H=&Ko6mSET-2Z&|?p;iGj|q8Pt{Bzsq+7KI)q2ChU^rmjC8A7&xyw<-r$Z
ziDxcbfmKTu`O-zyOj3_@K2U|0r95ZoZ+Sgjt{H&VCiN7<C$pxs@h2W@SGk7{%;!Pd
znr%u$B*l)^Jr%(U3rbP4Rp7@xYJ36Yii0h5{rI4AQoKe^1xiw@x=xfTMLuJ9k(EiC
zqXmae3@IMk#b^fsBSN$W8k=_@cLmz5J1k1-R=At(TYAV<{B#%uGKvMS{CdGGhlqEr
zHG{3WW>q+B+jQWn90yS}J1HYv@&v_HBYTOHYoN|v-VM?ry1a0kVC-_xa|Q%OZAFE2
z9c#iZ$wN-3L40r2+J1SPz^bL_Lq~1ENj{vJN`J!e1Cy<#;oyU<I%jU2h?nqLiY`*^
zdxK>ExalLS-iQqmELZdDmIn>s;sSl02q#A)EY%PlraJuL+VeU8KCCiXuTY}LnOjo-
z-ok*<(@0RO5fGS6iyOm@XUt%l*Eg||qtVOHnf74GfEjD<hX>jWr7qsSaB51}dMJ-e
zT7_@e&W@+}|C17ubo=JDn|bM?T@cYtIo|1v8;ss!p`<ieQ!`(x_c0Y2#B+Ly8a);(
zDAovAMvIO)HWyuq1bLXgG#{9-tC5C6Q|?_jn>cC^Ri+u48Wgkmy5R^=J`cN-lNcPz
zHI8rXsMXk7jzbb|d9JWjg6)U#kQ%iy#ED({3t-Ch#mGb?d<5Xz6ksQlU_(15$yAOl
z?7YLam=2`Xyc7{Z%%DYo(kg^z6!#_@W4<ucWOCGEi8pd`ZQkC||J{Pr?qo@|?yePk
z2~DA#YA#&oN#LDBPKrJid=&%w5PI@->fjGT(B)a*@MwwTNJPI^6+wkhr4c|p)oi%L
zrz^V|+(UIR8tG1M;xH}tcGS>ttIa9M<jd66Yr}S^7E+-{X#_`cG;~JHuV7!*OQVSt
zBM#3%LW6@RG8KHmBUc+&TKv``1acLwx)$haU{Pn?dWhH;&F#)>vxX`!WkJF!ocVd?
zLePYnX>6wR802!?zHSri)nt=DKxU*gmWn~XqItt$AtpyUCJEx;5Gv%bX=#H_Rph-v
z4t+818=|ro_6#j&k?U$ukf81d$5H}|e<Efrv6ouus9k`YYXDT?RY0Stva6E-;=&m3
z-sgt4k@HP)fr>suutB9$JyuuS5vQ)9R+<x_!6!Vg&|tGaW!b1?lXV)W6)v?IOwkBO
z`Pi!2LXV7zKm<Kv8F0_$5O^|%Uhr(yo_1UOlm$+)`ZfbkwS=Z7^Daj#CW6*$KoIA{
zVw&rP2^sAe$=nmU8*>VIqZyMV-Ct?;0Vka%S&`mFL<uB?0)`#TY8BMV=rcdW^5vkZ
z_Uc5!8s9SOc7()t{SVKLnk`+Xc;0Q{`dW}Mj6|j7fk1bDxcSatxT~HiI{8&#ad;Hh
zoQ8%@)fuw`7jJF;qcX@S)O<vv*t}B%olV%E&igGTa_Gs$VSJ3KHo_(@`6IwdFWttx
zF0_CI;70jKybeBx9*FDSj|nDQ^=m%+CGC~*ktEE51N7RFN!Sbx!-7@wKTBoTbwev=
z_{{;RfdtZv_4O(anS5|g@u{yI<zKUs|4%~C7H>X(vcMo+;!U@)f;QS!?&Z12N?0xC
zSj7Aioi!x}9$kqFBD}BvQZC_>LZ>I5?IqNaiu3F<0E{#+(-zlN@66P2)cyPt6qscP
zUjpb5d#gcV`G#%un}l+|g)n#qe9*pO3yT7PS_ygGoD(;O<H)|1UW=IHNeJ06`d{aO
zmZJE2#ry^Af}`>4Lb1&g)DJe|wajUtACN?`4=DzkcxdQVZ7X1Qq3~)uV#=q!qqTWD
z2b3pJ;SEXo^aZ)9X~&c#1+=ro!zTE&TC=Y@VE2tOUxrMS%cq!U3$K?eDHS*_Re2Hk
zf1Vf%C5IGEfNm<WJrz()e#%(gY~f&1$5{d8(@RH6_=ugC1IX9WL7T;fvv!@igalHb
zQ3B2OybjTaNeD(?Qv;e;>hBw#jg>Hq#)#kNP=@>%OL0)A!0`V-Y5HV|jYPmP{_ikB
zl*Q_~VWf#Ckoq7_M<`A#?@(pzO%CQfg0pg7EE@Y@Ddz-~p1_QSK!n<zPF?wcdVV+7
zkuavz7lQEB@p*j;h;R?#maAElZr!{5&#0=4RD-dx_(H3SpT)qBDKfDhSoP5tfbZW+
zyZ;XUn<#HLM!t21ww*%Y#gPkHZD?UqN2^Y2k|vE0$2UdhmNdDG@9>cx#2Ig174ZnU
z2<7GR2tjDbC@5||jzkO&Nn5NvC9y56`V7Qtj1Ej;yh@06j@-j=s7tLeqbYuCOnSaW
zPY*ie{`G~8lY8P3!YicwRI{<K!08iiwEMNYbBPfB7m}Q_RQI}Duonsg9H~*K*)k46
zRkLM;_8&FWHJba*8^KNW^xtr%040a9{@6u0K7-YzT%fz`XRc>y17$oi%5j417S`rM
zfavnL<03i98U}rZWHrw;0lr)qSY^Z3NrZ6L;jK!0IP&y2L0F{p<NB`_K4fZHGoE7a
zIuYUJO?3uiBgx)DaIeDerJrg^G<4~lCG=TE4%pRd%d8!a;&*!>uql{1wIfB7fy-FB
z=&R=q7c|Y-7a;ASvub2gkq22i1lEnB+D(2O_CH=z)`{RPZ9HQ+zMD<-D0_TqD2H+N
zYOT|T+1uZ#vR;V`ySN0Lauj$V3N~>bHxjaR&_Vf`15AYv$R(Decsm8O1}dLqA!N_O
z8lR6D%|HqwaD~GU2;R)Ip*c9Qdj7G|fcVmhfUlADHju1kMXkXRoM4E4eFUktD2(}C
z{y!PvyEx2`h<%4=pS}jf{o_jUQ0raWIA*Ra+Hk}!tA**iZey*2pf=*!?uE%f(gTHQ
zY7v1jw9I*+`T<U7@ueI8`?XDmQ0FZe){3f~Mo9H%)pVa70U+4oHEndh@NeYw)CUw)
zor?_*zk+>K`eOXki`DcV`|QkG=u;QKAoz}_q=7Gw@g;DsnbfOGqw`&=(d0a9D^KL#
z8KC0d{seBe@0t*&(7mm<vKYcM@r!p~AJ)F-10>sg^ycCtKqoqCh~rpbKY6Rkv4=@F
zd1p$<Vag4c@8-7d(>dc!9;=nRr!N>6X@ba=b%bnJPJw`oq9<da$(0Dh#-cOam@D0=
z*Hunn`=UtV{A@_9X21u<Y?Sin@v`_hrv&)y-UlG=p-}bn1j!d|z_bq5W)hBgf0<d)
z!+3v$N_PPb+)Y-TYdVAZ`yWE3s+862g;E>DX1u#n)h91xWEqnrB{1bP|K=X525YSd
z2~##d>%m-x=``#VtC%lRt;NGkPy_~7c7`3F_mzw#!m#~0U`Og=-RtFi_f058)R3PB
zsCNiv*j9XK`>;3YVKZ2f2YXE?WAvwowQZI!6$J+0KEABZJy#uWFTK;qE)cG;*Y+X8
zKpaFs3eUb%x;0Kg;+8E2CL#CUy)v6Js3@^}!-g^5E5#J89~r>Q|2UcH%g1r_=^f1N
zF(zgyLuHtT{ff(sxTNZK680sEG1_YR*orzrzLJw_`~NIi14mrM#U~4!LSrS%LKRhG
zfFz`jAfvgMIBgo9{HStgEbdngR$Nfon`{k*^JjlXHtpc-nKrvpPy1~q`jIjH3~4uL
z??vJoXm_CT3?CjOqnbus0cMCj{G&wS!3hn@+0}=hZtLZN6kuWLy@@87ZyclC$zOGD
zYQ2ctuB4x8#`;~F==ohrU0`tAId}{-w56*z$*#)|y*m<td%~0KvsCY>+#;$8=<(uO
z+^`DWK5F$L^@7(AiCrx1U^c7!4R2X|xvb3Lpi+K9u|+yS6UnRyrjrtKAF2nUq1B|)
z>!UC#6aQ;DAEEpvR>^uCReR=J6bb{2xa6?fa5(S|-e)_5X8boQgIdIjIFoL;H1FA1
zk^d>A@S_AugV9>n;=~tAZJVTL@Sku!&%3GPEAQ(E*>YLAK2LvFp@=PO`y~}EU3#bT
zx{y=%7$*wDzG(rYIf6`Xp%Wr3v{n%#jA>6Mj^z7glIwgKAM(&#S*#wb0SfD!s?1Xz
ze+BrdtMt>-$q$#>1oP>DbfW`9U%2;iamtdT>MbDDQGu4JSkyOEl!$B#=-F@TBxJ&+
z(+ydTM3nqgz|??sZ%sJm)qwFpEki<jEKxmeHhcK%rpRSM3gd;oh_^1w8jJI1N9!Y+
zhxSoVtKIlN`noyiQv50#_k&WigIz|$VO;O(mkBmP4bRkeOQ*3RwqJ=w%|Wz5qvK0g
zz3xyzkqNER5&>f9*M)Q<=~|^TMmXZZocVS2s!32c%uC@42CLwH=v-zEJB%qrxLeHt
z0zQ2fe+F!Zkcu{p(O>VKd5#(g;2*OnMZr88N_PUl=CjBy)a3!}|A?xxD6c<bE#G$z
zdEJR7i3l@lFO!jcNH4k;bci@^Lk(3Rg5+cKoW}MWF@g8;rqhL!rLF%vO&N3?tXTeS
zdrxw=FgLaBWhQCph~IYL8r%|KLW_uf|K7Oqbu$h9VQL*(q1s)K25^kQc2zi&J(|BQ
z_!hVX?9Fk7TnsVf{ONO@D{xB+@c^0g{6MiZ3D4o0Y$YHrwFK}W_=DzTK#uAL0?QnG
z6P3PPwWhb77MMeFg72$D+{(>*x6u_&#p+P}!B;5+h}(mLK!lfn_V3ScE$xPvO$n$U
zn=Sk!B121GB*;>i*uQn53yq8x3=A@)R^jjNNdyb7>T90j&e+_ws?D9-nd66HV)4U_
zLR6Q8p~+k3y4h;LN>Z)|pmhF_gQSO3mHSg-rWI!g!|s2`b>!;#za%=mp&i5kJQ#CZ
z&KV|}<wMw5vM6F|8CL~6^3i^SXUyGU-L;OpS)|p%EFb<5skG1?@yG0lu9AfcWwt2M
zTEuyxc+TQ@=o;e9#VJ((7=;GJ_yM*<-U;Is82z+z({Xz<dCkUG%YxA5T;Mgr|4@9J
ziIEzKJIhu98%?Ase6NpC+Zj!)Z`^5hpgriy`17)yM_lMtQQPGd`uxy!uuw}COvoBu
z_ic>jI?l?urfSdj7tZbU`=7mFo*}lmKHO(>aAZa=d@4t{A6P;FGklsHe#p=*nanUc
zPaLmQ7GwF&bf@XRpW|g5nj-^KqL=vTtPFS4QdY`4*M8!L53@d{L1wEj1O4&P$9I5h
zs2CVay>RB15@KY0Ny$uUfk_-KO2Z$A439-b+*r*TjY2S&R5~?z5WQIf6<+~}8@y90
zmDIlagPSri77X?P$LmY*#X>|G^J={qpb3d>u7E>lqzSD~CYu?J@nuU#{Enen*ES`n
z%Xnf4x?+i3@oia5t5bk!0FX_A<<$){@8zKDQ#Uw79=GG+d9#Wz-ifM$hniWY?1qHc
zBkt~WV`>nbI<@D9o1gNCGXOLg5<V&JE5%%$FnX#)UMe+w%HwVU&anCzGl~rTpc^WY
zvfLa}XQq0=Y%Sk^v8qbX@P64uXoz;hCxkm#XY?x1ilk|CiO5zE21>j`$=w2Q^KFj4
z7<gR~r&G%m4n}pHA_ap2a9C-Dj10x3LDQKo$zc;^GoKRiW@;RY@;JrG>fSt)`awO@
zz%DjD`_0bmVrC29KIiVkf>uUJCLM9OWIORLt<IzA4-2-n9$CvORy4G-&C)E;?!+%-
ze&I{K9DwM!X@j1XmJsUw7u#G9F7_)yW}l6f>gU!2JRQDS_alI0IQq4)JOfh-p;=9X
zj+D-ysnWiufNPJWd5mg^A%G~s?`>{D>Agfj;1wc23#lcQ1749`5b@GFu!*Int+NpH
z(?QpEYUm<^G910WJ>v;+(LVgL(#TT~1{|G+&gY#SL~&i2pHBGy^Q+VYXOvEJbQ%%V
zRKdV3s*O#*eaXgE6Z|u*tN-0hC`{K*XBv$^_Y{q`9C`%sBsZSXJi#`7R?yJu%$U~Z
zSlrSXtH?VeuAV=S_+J??^@3P|keKK3#I`?DKFG&ioJ9zyNL$da)?8p(YXiaw{xBIo
zX5mM>bYJyW`Q{C*#y6O`n6w7N@~X$S@JTTyMu!N5*4a4u%Wrcjmp~+%BdyNC2pOqH
z{+mR{NR|WXu7(x4fX+Y4JW6T@IZT5IqDVnR#}c^*cq=m{K-#=<{kp|0jCcQ$*?+w-
zPO2Y0n8{hU&<sf-f<VhK24>H!-;PBtIDzQcV+aZxd$$tA_Jd?=`;5+U;>LYRfXK{T
zrg@C3hP>h*9A)+-Ut#0j-=R1Rd<#WHc{mt`7J;_4E3)x}Q9Y|Aw*&HLuGZ(V$T<Vl
z5J3~DiNe5P*IFvujaLTZj4kBG^Y*^GOYWg)el6)Pn^F}26%RC*R9DZ)=G~J^J@ss+
z?U)o717kb|s7D=LpxuNzKJikuwvft0!eI)U*^A@#b}It}1nepwvV$ij+GG}fA>{#w
zBt?sv;R`D%V*Mgc7vAkT{;t6Q|BYai$l76I&Z3tW7W5FL(2Epw1UuNf>23k337apD
z_o!ZpSyA8GIm4>ePlm;)*EBfYjiq-CW3R`n#l#T=jF1;Jp+sfEyBFYZw%SqOhxVh#
zP^GDTgwC15!1IEYpOTzll(+>N>mh_3WUOF}xdJPi82e<W5oCeoyp}EBmqZaXkV0Lo
zPAuB3Ft()d#REG;y%P1i|0A*K85ZIy@>6}(K0PJ23B7djF7y<nw`he+N>^IL7<glF
zBOhrct1+p0qWlO43IkQKO%i%1!|E`TXLrVmtn`WwZ8O8}V4LVHLeY!J{N)r8YA!Eg
zq>nzMbh+|Gdc-=KF6<SgWr_w^DjDXl8yHE>DJBc--``eEwh8l+)qn+2SHx*Ho0uyh
zEk0}~7F&Aob+^`^lp=3u@spSbw5>vHt%dLO=NQPgvxqxAn5*8&of)4fE>`kSW6M>T
zwy#UZfg(*aDvUo2uiub8r4t}c4D5k^%v5t9rojf^4X8jQeZ-4A!0yxqFJYzQ45mOR
zm%<82O5UB2dzpH7w;1XQBFh$e4?}35k9?mp<TpTL6h^JicWpP&Eoo`YF93Lt<aIxw
zt!}FGqUbBb2?u`XlMyfJPs>`f2pHVeM4FxJO!D1VY;rGGdj*E0N~mQ1D|p_Vm7!4m
z^}dD?hEFgA3J9sjm_Q3)sI7H~u_G|6zf6;lu+a;f*EZdWymCBOd}Og<uG2o96gdE$
zP{^tzAzd?2mzWLeqhHR?$bKVq{7ED>tv}jiZDV$iu((|NIs|<u?%wd~mVcAOis85<
zepFv3VioEAz*v{U7F@6Ihe=)j#}D@#2!+71)+EIw?4klmo^dCe)B`mR^Daiz9iIrQ
zZpQjw#;B<ntjg4|qnBIeQ5H6!ZSvBj<}(hXn)#Mxw(S<bOXjf*Bcx|u6<^=#C0tkX
z^~bD3(qBuOY~<i_d)#He-xps|!f2Z?i%cXaLT1zAYnINVGn&a$)o&^x#bR5}ZI$uC
zQhlOS)&=Re*BC8}f%*ivzr$r%G=i`pRi-a+{1JUnvNQBfSdFAZ3_5~hqFOP5%XF&e
zeEwJ1M4bFxz<*L#+tGY+iYALL+oF1gZw`%-)jaY%!~};MV?^t@&i(k6);ErX5*zb!
z^z;*zMe7C_&0VAz{p+_T>oaK|!TjM!C|n|9xYlLJ6j{G^FsSMkir}-2vYiX*UAKnR
zP2t&i{VbK}_j<3Y%`%HuQl>KryCQUG;G!{Z+uF$zxyi=O{N^n#6i%EqE|=My*;M}Q
ziHO}yN~jOjQ-j9<F{N|0HY;`%r4qWqE;J3md>>DMq-ecLC>^bth$R(`T73Fk{h|m>
zmrn-{gzt_u_P!2dfPWT-0iX5#-oExpdCy#JDf~=H4R?RY=N4YAkt~xF>5z0y$c++3
zp{kbN^}?-Op>x&45<lZA-_Z4UygvMw?;CH^PQf7*$E)R=YHj6Scx~%7PNB*`TPz;;
zlu$VVdwh;Vkrit=qyA`wv4Ybm%{gV5g{BJ!joghRz9)~jWK)frX;!M3u?#L2C||Li
zJeS2NGYF-gp@LL^qmoy=G=4=j6#`D_AM6QT3Ya8W+Wvd{8qpW0S)e1yIu_^Mq_HTi
z0)cIo^`13!q@2ebs-Ub_8TSZ}<wB)cXY{1`Kb!`A+htYN)Mt)b#01(&MUAfvzcLkm
zsbAsP*-dEx4+a1(Y`wH~^oJf&@xX2T)Y-WHyKXDh1g?yd#O3&UJ?=Z3vpOs25epik
zwrpN!;XR<Qv1Z>gByKmWkpl4|4|R6wE};zre*5H71y^KgXmaafUL*bvK$!Q$`6Y%p
zzk5J_5r&X17HD`!kX!!JNYoIB5l|s^JKGLu;Hn8M&W<qR%8YiHTN;C;g$4WPGqolV
zh-th-3)=B`hsCz>c*J`%S$v|8j=9VG4d%^*>pY<XGguFPPE4ari@lP*iR3RXEXD-6
zQ`vMRmee#S_I8E6J47LJ$E>F4DVbH!@B@48-zkjVdn#-ztD)Xq_6?>1lVqblkG57D
z0Kzg<er;k}emJD&&s&eKg4v&B(SippuMEl?#Y7NO@xnpr-F&A^B(-01M)6*oRP?fr
zZS*_>?F)vpLIgj0X8?_Q8Msr`H6-#TUE-gt!ItY8g~6C_wTjTEi>?Y^fL(8;rY)7o
z27_9~l!yLSco|7_M4~_FErXCurvR^zPe@GFK-R=oI!|7iw=?p7M&0+KZcR>%!MkTr
zHWex-@dfRC^1}<P!#4kW_f-$udtIPSeUcl43vTm`&-T9O9W~|%RPv$Xs|EEH`8uA&
zt5@2XDm40$H4}?^^}RPq)aDxQGESGI8uFGHtJyzveJeD@=5kz&xzA^yUhoZNK-&$-
z1rQpwwQo{Krj$T16~W$}rbMOk+5UkFmt48Y>osMBH?(z#Hl`0JN9hfJ7$m(*?e!?B
z#%iBDB#gN-F^wYr$-5$%;Z0t~!yC`-X$-cy2Z2FQ-6IX0z9{%rkmL!uu($$rHzX(O
zvcZE&>M@KwGf9RC#M+sM4%r+h-LDVxstuGoUoT$NPUP--&)?J{vL#rHt#W~;XF5z~
zs-n>x#&bbvi2r?6YA-t=-0$*sYN`|qu{sI2r1CwgFoPv+Y@;h}e4_i`yAY|(HHSN)
zMmCGemeg;E7k<AfIYPX<UlO_pv@U@hFz`0^Anw1}>w|?|pK!~4)s1!daglCz4z7y=
z0^r}mNVsTEx@=qX(gqyz;shP9;p9L0(6-J7epuWc1D!f&o&jLxG{Q{t%Mo@b?iK}!
zzN}IfO<zfb-?~zqS0_>Z=E)=dvBC%BbZhRm$vh*uX4YNe`96rQ`@QO?zws#ggrrup
z@#*OOr_VU#=L~dH*|lOs|2Ej@8@8Kh12XWlrm7N~#jw#Oo=<3L&7!MhULA1@rB*30
z0;ytMVI@+8k~+bUiG4qxwI0v0|9;P`<jN=2)iuvnTF+&|d4dk5);&N=Yj)M5B3KUF
zo}U*egkyJO9H~BfIV~db3wds8Rw|jCryX5ggOeG@7FZ;_P)iKV6dOTr^`Pmp8DPVX
zMG<F|1J^@6_R3z<1h<!+&TUDHRcyS_B(_Z%X!kYHQ?xaMr;YV^K*M%;7>uH>)W*+L
z#C__8?~K&VYbOxFbXTQK;k;9~K%F!;KPi-eRu)|l!?x2A+RR>Ku`ooZ`;TrIR_6z0
z=coaat4@x@tIy~N1qgqZy3=5I>Hw@GJ@KMDYt67(b_%ISS2gam7=p@FFi!VJ=7gmn
zS9W>c%py01a#H%zj>hbSZLXAKJ2l<7A=z@T=-?TDyqO*|eIh`VErbEad2V(v*c?pp
zPZWJPJ<>Yy3~7JfeL~|<Y)tTUcJI{YP<YyPjb7#s7ePzd_RwEcC)HAt%;49{IoV8Z
za8Vc86s3vHi-RC5B}E1xk#khV66jdDZC#JHMtR*AG6HY~LwG6d=E=t#glLQSr<mru
z=Jha@O;ROJqG3yU1i|45$T2)N@B=)5wW1X*XD_prEbfCxR?&2tI<J-j+D<xpjp)5|
zIzGh=T3k01<kR))N-+9G9^+QX^}L5VqW_nKseU~-+w-n9G5EMD%)vkrFMY{l{zV~|
ze@6_uk!!ow>;u#kh0*CDKG~G(eh<OjDedx$yxuzTMVWWOBMx^{;Rxj0)%FEObWGN1
z8fQwW^H3Tg;BO%J4>{Yzp4UlPB-73B28M(|5!W_9a~^V#`tlCEein&%i39ko{8_^;
zhk?=TDw^};vWSFmmfpv)q$Cb_l&ObQVA!8k^0Ou`DHlMF>8abQ^g-KQ6d~L%T;P!G
zDP2|3BbArmE2~gZwl)&GolnyF0oK3xxrtAHU`#E0<K&jEH=yg&B`R&ZvO-~H0-(v>
zWUJ?zVy(Z5G|mVj9@}oYkwzP$@(;yVo&x<nE=(pXtGAHGOL8%~80xS5XSzy}T~Nk(
z2C||v--SQXE2!h}rrfBfkUeS@vuy%b!7_H|o30t$iRiO=d}~Bk8&plTru%>N7O)Uh
z3c6#IO&5#rr&!wZQ_uQjhakO(jUP)i2E?;+h$Y;cq&;D_?_Q*7$3vISy4SOH^*?xx
z!W|o|$Zqcp|6#Q3Au(zaJN|gezuu*l>0&gb-d=>)?A1rzsV4ghlrTv3a2mO=6&oK~
zL0!8)Rvxz@qB?I;4?-z<jnRKu1dv|9-$R3CSf6Pa2I=H4ODb-G%rzCeW9Gu{;BZ4f
z)VYYQN#o1XPBc0;|CK5tBbO72oy|)BTy-&aPR{*!t0qn(#46X1dZ%rxtpwc}3LL7X
zERFdAypNzWA&4ov;cjRk#_N_L0k3^kQ%cwt^DA2|SrC@$4sT&&vf&4Isw|!Pe(ou$
z-8gzRyiZE-NC^Avj!r*9OtxPg3>rw5s48Hx(~)`YaZW9!pkf7t0xjEC-W1>R*}MbC
zw-kk}jhE>6><$lc2jka}Gg!B{yLgc#)jh@k_@jCci8$P4JS|tbUK}au5`!PCSQv06
z2&!=RYG-IyeT|KSCN-LY@}T@2IL70N)jQ#WYF9YPRh}`&;8T_4Bc1_EjSQVsDe*J`
zM?-Axva}Px(=l>u$;Byw(at_c$K+11(I9wd0(Ou>I82u3?1Iw<vn7<!0$JR;<zl4!
zfs{cYY@3C#N9}=(UR$t4-&8wysg`)s`>d}O<fm+7oH4UQ7GQCe%53n#<)VM7O)Cc0
zL4%<ohn%S#0QXY%1O-+tnbp`gcd1i1vDg)K_Spz<J8s>%m<X=XUrpVZW^tJV*P2wn
zsbGSDDj_1v9{u0O2SzjoWcPjPf`*``mIB2rVD^20ZWF`PG+JMD;CiwZvpEmJSAD4%
zjy3KG5@ukz^ko)ZSoHg)Me+X;4HTQ;*F7bbtm4s3&8?QM1@BRC!N{Aj1q%>(WUj(b
z2le=yTra1oMrpzc?15P?|1b{TrxKK5SL+v$j$W-A3o+>M^v<~u=d39h`2D8D2ma(t
z8>1ek?^zjuq2~oLdM|2Y#{1Ad+FXQUOO-S%hN^8_5rH<$>Dkprsz;t#+zSiBp5C5V
zH3%CAnxv5a?t=XGWkJIp-&xlANE}(`C&{gf>i5w3AILkpU(3yoyRh}POu3}p8%6q0
zUvHN`e=X*!uayr;0*X0N#8_gMe;^4N_E8;CyNJ7$4_!Se*h1#v_*NVrUNz!uuUQ`|
zKmR>Tt%q&%?f%-7$gibyOg&T7V#BoZTKv_S2J_VtbkKE492j+eW(o#RFWjgHaEY_B
z<B0k`U7yLPi3A%RA@qtSTto6);8JQ{BSZX&vMPHMis}tWA%1@pJa;oNf^F0c%fi>*
zv|g$}3~IbpmlM(l4P{W7*1)#q?BpUw7GO)$=5qp`J&ze`HR}@?ACUkHL?#+vX6Md{
zqIh_+kNkOtP1m7>66+$)Vjvl-joyQ6&`G6Y1e*CBWlNNftzo5;ke;01D9wogAx#UU
zoj`({rRbwq8>>K`J2^rDizMXx%ncVHz7p$p7o`vCy6_^g$Qwv|iFs{(q!o5gr;H2t
zmuX1_(e;Y0B>%rB?9^ZmpIoRHY2aGiKlaeN(RBJO=L!N8?LfLQi`8FbC6XqeyC*Pw
z18v}LOE0(}1dPBv5uC1hA&XkhyKNOg`_S5a#P^1C-{@zw0Is2K2u$aH$U-=S{8CQS
z&OeG$@kyKrqwN<GHiFvD!C@iV5CJJf)8Y69m>OdB0b<N<DnduI1e>X$oRqiC(dr}_
z9pb_psM~!J-|8DYT{o{!r(mnoA_zXe0(;%PAq&b-uSxx}L6r52msp4N7w~Fofp}?X
zqAkPw9))$>C^?HJ?_ItaGT42{Dx=#x`~PT0@V__dxx$i9MI;G?i9mEY(_cx^I2gjD
zQL}m28qZs2FN~N3#$`vPSFMS(jB&*{EwrGf7nb0fg)49@C<0V9J{h7gJ`7y>X9ac>
zs0dbS8n6u|fB-IxWvkg7^qUSfn!k4SVorPbx<ZC=+B{%sd0jPVwRj=inUx;yWdqSj
zwZO^D7Xa3-A>?#Q`!=j9lr9}d$-pMYkSBVWdaf}hXmgr1^nLt1{j)KCa3RK3h%X1%
z;DhjPIYVoIjDggp4<VJ(VhK1lQ8L#VHS*Fq*oQUPCKgY+(2v(u!VB@qbJS&J7We2i
z;JXt<FOGkV`b7?G*t%>-J~9}TlcfGQBhCV$p2%+f-70>imyf29V5C<Nj9_=p^t%hK
z&^W$tj@x09T$~9v;1A-rbjAwL(rrcGfO!6qnv>?-^Bcysv6}TuEZ4`ka4$RuGfs<!
zGq!mRlP7ApyHmv$rl`$4yYnZl(m1~1$iV<NK*+y#GcZKe0r-yWWy;MYV+2+#K*dyj
zN=@4m0%z_z-G(=Qfb&<vJj=F)6o@Pev$7I63_|xGcOtzDv3$K0qF&9DuyYIZsLB3i
zM@7xHU5(!=+Bi#-NxgxP6*3Jy=tbe?I>Zud;3nw`7b!5ILGrKiuXyk*RFe_)gZC?^
zhOXlcsfC}xh)Y1C;GG37x|KiFBW+_6cAB)V$2Q5TfxuuP#3ZmLKViE2wY()y1V3&m
z$udp?jlQ5nvsD!h@IIpSCx*b{sYu%g^C#p!LurtaOKqSLK5-n!in>?7^pf{UsG3=E
zw#x-P(?8IArHm&-_LZn*c$&F+Dn$dMZX_m6wAI_4-#ztNm+_~I|3);6oj>A|UsR?{
z%L{)QFi)!cYOOL<oitCXT=0>vfKz~8R52zj0^a?erNVkEv8VhOtcskmLVQLVNl(mp
zEHkHwYycwFSo!wi;-KzWSE@HeFkO;Al9>iII?OS;{m%r=s}l7(R%{#z1xpTfB>mLy
zMxg790Kb~cro=efc3b7I?wUo0s#DAbAtn*?fK)!hWlXVEEJCdfYk!TVc@>bnG%0a1
zK*DRK^ofdHcKjX>FQ*Fmphjl?0|?(iCsHMB-lN5vNW&+?gDySh@Y1;t0wS3lOp4;Y
z+kb4acN8H2GHMhSeozwPw&VZ}$FK>}yq4u5Vw)3d{G@(k)u88B0a@;3RMA6Fx?O8S
zZuxJC$Q{#h#vbkxm2*9Yvc8b=HDjbH-}}P_Zs*~j22I7+w-+YK-%k=)bOsmmkTkG%
z6tiedot-vw4eYFc=HZnuzJ+qAPWj@?mR&{DY&++Yz?is!+3{Kc!t=b03-M2X3*n28
za{AukVTRy7mS@iGs7DHTa_^Nprvdx8E-%)FnVB{f%-8tugm#4KD`VHo#f7A46c}oR
z6tMF&r&NRX8JbDeSVD~kV|+gaW><d4%aKk6xF=~-+ddKEli2->R)8~@`RiDBbaSsJ
z^KdcpUl3{&=ydJ2%CNK?P8@Tgniq_8>>dt4EIJ63ut}7{BTo?j>bfUcs;y!)^t9c>
zDWRR(OAWl3V{pVZyql(XmyNM=U_!fDd#L=-I37Sm;I*7eJGmaYyhk#_Ad%NTWkPu#
zc^r}o5@?BtUY1A{Qq5wX8mBdyOF^<5gQYR>s)_FU#&J}w`aW2osD-TQX9q}R6iG{&
zsnOv<0wG@~Htk9jw)4;@{-E%Y{Z1B*pXiVj{?54VfF#v&EM>}i(#WIp2m2N5=J6fz
zAv*S!JmUK{gJ?0uW8xMuSsD*laZ$^O!fGn+4jr|Pm}MmYbF*@;R><5!ODptJ9Iz@<
z)5GxgW&!2UmQZZSrFp%yx!uYl(F?;Tq9gSbIfiAY7ee|=cI0i1deksYPRLe>;Yt<=
z$?~P}*_IJQJ@9i^_X2l;L)uItFe0)FR{F>`M@6-Y+W_CTf<5jtC`r^0J~Q5<e9RG~
zvLD}s-Q$dhov`zvhq)1`(c?o5+AptW`^oAOI~0*RivgbQXSfc3qX9{fM*p3aJWENs
z5TZxzzAGYi|AW2~4XW*=u)J0TcWI=f9?JDuZx@a-Q;1Arr<dHnYrUU6_uF0s!So$f
z3wV06=sheJgpqE(-|mnH8h?<}dZ)o-R*!aYmAO1q%tq9LfI)U-Wf~8m!z-e$51%HJ
z4PUF<Sd~KF8oUZ>#e^ax>8=>RhlNst0)a+M4BE2jo1@Gd8Od{cV7t%(jdnsAdQIn-
z0Mb2F8k-u3=W(L<AhX3PQx=j`CBigWXVeGIPe-nK(KL8MWf$Ywe%*qwHnqTfubK}F
zLWE~8iV{co*D`X+fh6fs0V(ZGn*X>0=e9}22FUwFtsroaxw*Z>h(e7PS3wG5BIy&a
z9ao)_J<%>RTO$wfj`;xFo|(4G$5zJL6S@m>^5F6y87kM8I<XtqfDYYQgR}VE*9SEj
zTqzNa;pa!=L=LVtA)39Fgk^kXQPlp&fc_)d^F@<T<-c%lse8?wsMtt5Q=F<<u4x3t
z^w%!2;`2;5d!ut-(v!BWhnz8x&TIv5V}zX3VK0{w8^adIyzc#9A|fsQ9T3zU)w1k*
z%R_$5Eg3o&%6F8u?l+9Jlbg{>`ZLJO=eDJfI?lrX@N<Js6Nk#Rghx$pEDpitL=Z1j
zuLV+qX_gVgAY|0!&qvDZP%#B*>+)pi*BT7}<X}@z^Rl@{+zeSt?KFhl#?X~yP>>KX
zhY4cJLxz`QGme~5zI=ee9OFpn@Cal&!z-EOGE+_VIplx&vf8FBeU2GeS|G4twiY0C
zN*i+TYKBvzD9Eo8Z~1q&$O67U2;!U+|FZISoR@Fwv*mU-y}|A(5U#&;9-PyNpz^NC
zLdeamdq!y85+0?iuU%GAnK7mFXRG+WFS2>B2rw)?g~YY2T$@W6J+qhKCmjGS5Hv)C
zRRR(LfPuHeDx92Rn@gCD6Ly9dHlckzMC}u}7_*|7rXJ<_4up{y{kh+M>+mY%G}yzl
z9n4YYjV5GL|Nf2uMiRJE_Ix1c`Z~Q{ZRH>28(t2!pn$}8H0_zDOhd_4y7xTE9ub;Z
z?PtVotKDDva5*RF$O|s2fz0gPL!<LDCz0fC9DXbDThXMAZWdv1cH-Ox4`8?SO@#qz
z9UAD8at4n;N(e?t6xBln9gr+YhDt9vk2>>KjCWn}^6v}iZC@%Qm2PzkVZqp((e=ft
za<sH^>RiwVo(dS4*h2DuKd~;zn{8CODLYidn8UyIV^G~ZKs=Ps^j#Y|CB|bZezdkN
zKIO*xi{Ceo43dirTgvGT>x-z}g{SOXZl!|-*Tvw-?Q{H}KWiT%E{S8&*mY8N6#8Vq
z!Fq*{p}ukdigS61v&PdqaEJc{$Pv#WGfrVTKS>>2^JPt3YhoR2G9qriKn1rWB&)8*
zQp{w8L4*_x;3j={fjy{yxTZv*O#rTHPX=}%mwx@Bh{8IV^TN9>8_{~C9>-J)v!17s
zks9C8HLk#~m6>(am`ev$TX9Ps+Ji;}5EdFE#-Hy&Mobb=Los#r!OuyQyM|rI_y!26
zCr@G8R|4y%YE>&>&M9)FZn=&l79h1A^F1{U>>?csE!6gs*X_bdH-ZzK4oLo-_!3K%
zVu{18Zk|?CDkr_cWg2?BiH-J>tWomO1C%>ZF4dVu$ag^V(RWPy?>AJmnrf!-eMKB5
zoKHg#H-Vy)(Jq9bV?IAYM*n`dTv$>l5g`Uq>FUt`e_?~^7%#`ibmXy~P93}$1Jx!>
z&MR;}pKge>h>{i2$b(dJSAyPmd+PlpLa|t9`bM5M;I)FXtwdvAi-F7IWi(qVvCTuF
z3H6dWJoRvg<Di)X3&7N6MeYIfBZbOtf0UDHH6|?{znpdA{<UPGs}?Z+6mL)>Fq#sJ
z7aP+BB@fQh>~*}y>1zZ?suK>(hUAUT9gUj~svlAhDh3Wph|K^eJ6=Fp)-S-4j`&Qm
zdfX+2WG<(it@N^Hz~`&opB#UsKES#$frhit;d??wV9F#{XFydm0|_mCaRVk^>#oCP
zS^Y6pgl4&}`X@<<y6?#H@1hdh#OrJ$Ky(z^%56Mz_(<b)e`BYb>YSD?tGIeQ;>C~2
zTWe7#DM2%}h5p0%_Eq-gWmZVQmq6^f^fS=X!Q1Gh=`izmWvP(JbyIKZeV=mGorEe_
zH?GG{NkM%<yem;xF!&kKbX0$6*^BonL^9i{-6(13{I<G48f&Za0q|z?_}F_~j+C>E
zs(fnsC{vptp6mShPH`LjzrGTs>cUth;QS`3jI-XLhrzRM@Wlo0TcC4l%vOf=OmNdw
z6iSHKDw*$t9eSQ#f@dh&5Lv-n#A-xlGAsRT`hb!Vm^)3W*R5vCo4_fz&eT){0KR|8
zFs%?=n_uSZ6V5y-CBITze<N;ppnVYg`R9MmCs}W=D!LaF!`w=FU@~_iZkqaX4t~*p
z4K1S@2_Yuw(d2E|;r<eUq8G{11peAEK1&oyMtp;e#|iQ{9k;G7@6?2*L|Y%-Ej?8%
zZ5#H!#89sMaK#^5snRm0X$kb3csVLZ(2C4*c@N0kE6}?NpYd$BJFKCz7&;N#lP0Ao
ztDBh?F>jD7D|}5}Cv6M$@X4yYRv0R~pK*|we8<<<h3b<Eow$RwH`_qk7{pkQQTQyU
z+OJsB7##<%l~$7UM5RebNsBFFzvT<ef;?4W-d1_1csO$&K6tnibQPB#=%mL1(nvbw
zKy$xG!YcbSl%f^+P@#!rQ{RhvC2BhkfM0%Kya9zgDQ?e<EvStB`#}zb^qb&r$7(V#
z_9ue3^muYkQ*baWAoN3Z5~oybMo2)sduMm<$@e^t-8|K-Out>G*pTbr@Yo4pU@xh7
zF8Qey%*Kb%6LxYzzQQUoXjTg8kqYW~u$l1Bx6U-)Fay7dHzZF^Z7(612=c~O{uPaI
z$US2<)0`SyO>91)$Or*Np0EM_TdDl3)lFO}O>IB}eZl-lEQUT(=8-_^x?)(02j4ar
zy@LrE=Ipo!wWM{53^)WX@oX`Sm_)D`xUAdgs=gvPObOj!C83mT-N@LtDu8$F_h>Ol
z(L<w1SSKPS0V206P?NlPyH>O%7~)8re-f^DPNg=h0!y)vM{>mK=rw9xV|;B*>CJ{E
z-@olUdudJ=RSd<}nQBu1>2i!L)K8M7gCq!0S$2wC1`?ik5mO#c$|J(gs=xDLxWRVm
zJgSTjzLr+`yR&8zPG5I`LbU+*G1Y$4xeh)EoX)Y?zQV`_$@qB66;1mDMmJ!(NMv{Y
zJs7JQ3d2(wn8kL2lh{Jsn0R45F!JR>j5A$~{*;OH&5_jga19oMUD&e?wDQ&NR+C#5
zFtX(aVx;uj5wKT>uLSvRb?%*KJ6UrBl(`1#|M~LplBB5TNtfNKX59oL@-@WBP5a+0
z{JU7(9x(eUlY2)%=RzEfAng-RasqL%_Mbn4qlTyaxE{8ihB!``W72s62$kV9o~Ul`
z5$B8Sd@cXuKT8yOY5qo154zWBJ+c-(eZpeZOS)V^6pXm2@flGBLVS;|G8*>l-e1lo
zC6>||ti*f_iuvnEXr#dU3=S%&z0@l|nR(3u5)2<}@3lsdCiF(N?h0Z7R<=gwTaU_N
zunK2XpqzMVJkX(nuA_}H6nv{ZfRM`n^!YT=BOIwxm+V@N2|AJe$8L}dY$?g0N&+Dz
zfz$^<pVHr`&l6SrP^o!vl72BTn=DJe{5yA9%`O#2`MVK?aP`Hr<D~T=7C>(#LqEa=
z$-y213K35MKAoP?9LMv@LC7wVxCkKrC+Boz!llwoSR}~%t8h{|%wiYkz@{E=!v*Z=
z7;z*AuF*M;H-vIh^2Pa<!|0yj8k*`%r%%YBS*D{-|FTg3!(Dv_hKy*}))nKe#%-Jk
z;llMD<M}mYWKE&xzgi@Qpq3rv4;YgQ!LNCK@@4wBU~UAcF!I`2kvnT3%O8k$`RP;#
zmjY0K&pDboD;a^zHc**NqUf$;A%*=R3vNpRH@D8WV{O;;<iTU3$%=_wHV-tZ$A)Pu
zXtai$Ym`-MxpyQ+IW~WC_5C6}o`s!d<p4fi<eDybghYnErm_fCPj>0@n1r8zjhLfe
zMKB3uU24CIYZvj{XMDjfg)b&IP~HA6;IX_+N+^CVc=UWWy8+0RCyZngaxB<pv7r_C
zk(1vR%<da0I-G<s4?O?EvQ20hr1<?WML=1A=M6T}MvMf;8f84y4+ftBCejFWfs1jn
zfG&^95vxeANIN;fS+k={n!bq0GN>opPMl<L3brw^ybp7@>Gt1?Y+I$P*E4lx+kknN
zwfb<Bv--k@4IWCEBVXTj2y%UcBWx0|3ovNdEtY0Bn*rj@AwlTD`r>c;0kgu%9oEIa
zeP7rdKvJJMxQ#Vr;<#f^MdG9q6?C)0DYHne2Lo$#X>z*TIfIE52rhc6uDB(gtQC1Q
zefAZ-;kfq@5nR{@SAvyqWGbeFOuJuV-Tb^Y>7D51T-(ZITA(JohXQmwE?phM=2#!g
zNLH+4y4NiRp_`Atkjnv`F6QkJ^hulJG=%0Axz#5(!M(Fg8#490W#YO+#gNUMiR(^(
zZzqEWMh6K>pyv`fLMF}e&BE`5ZjE)xUv_5zOXfE8Dp|9bB8=zQHB(;0&eKz^O0mCq
z!;AqSi8bN4_G2hIs=EMY*iqrG`&`wim^L%xUCHiCTq;V~r_BJ%Au|D0e<do1^WOj-
z>GhBT725qWC@fL8EAl83A&+Dn&>jWS>tzZgaX(D!iq($s7Ce(8u=o)wqH|^;Y=UdH
zj<;lQlsJ$X^atF5?f5TPz6J^H;qI2{Og;Jl$TJd5Y%cbZkT#6}_2o!2j_3t##h9W#
z@eBUvKvOWytpLNho<Xzs8fbYQ&r(H6sUj}8^&aw3;jgiM2<XfEQBKT4)59f~hUy+!
zanbPgFk@-NNo{&@f;!?V5y`E{?wA$`S>jW-Z-wdY(sm7MwbzOH*gP82+?HO7vXxqB
zj8eS2-R>PJ?2ggS&k*FHy*ECdQ7URIo@#+lGEXcC)3vfn-$`r3|9GQwh4k+J`3Zk!
zr9PD#>W{8_L%k!Fb#ND*{320CDT**r8ZbCl9Zr;sFz+&6$s(w^!8(X-EBpDk@Cau~
z%Vks={n`e2`@&y+%_U_`a8Mel(NO7ge-~g&GsJ6tT@*<YWDjY|I54IA2V-acRdxe(
z@;2NHC-Y)u$$gW8C3dB8X^<@oPDNw}p(VFTQ%hC3pof@8ea1Y~?NSB^qb{qFi5qHh
zpN>Q$Foh(0gP4bpj@1#eow6Ce(Rqk*mv@8zac_^n5-1R)+YE>nYsnrg4A_DN30UNl
zAi7^lI8wA-ZGogb`WG`)a&ML<zfj!+x<0sqtiER*Bf6F(I#Vlig(<cwv8f=Q=dbGr
zOi61VcmtdyYjx1A?#KNg*(fz%5b_=|`xRLB)+QlGC9w9PYtBTmwCojGOI9WUvLFhU
zNmT4fh~Q-Gfd=7%2Fe1o0TB2d-)WzXHV(zrriXV)A(8UY)q$u4%l<vIp>Y7nkEAN*
z>@wyAxbz`DtaliK=5YH(lsGY7dz&&D16=1!iE^T=qF3|`aROLnbe85OPS<5p!y_!w
zSzRF0Hquu?VYj7a%|dujMety$aDJ>bP`*`yxg(ZGpuJ!@-S4D7+w1RJvl^_XeGwf5
zQnfG^fDic!aMu&=x(b^Qn4uQWgvOROfAC5z=EzFOXrcrJ=ZD^$SE9UPLt~yZ4$N1$
zh~5Yo>qygSP5SwrVbb{}g<w37A~5#D`~4EoL8-MoU2wB;qNB(<OxSK>)Kecus4ZBt
zP#LLw=^cBVni*77<2<!2f@QFFiLklP#nP?F?Jzlw=&Ve`&L*twyh_6Xt--TBpzM_~
zwkhd!c{gOBgZ%VoZ%zY6ZarvKiC2@j8^_M9OG-X~Bm*kUuF%qH-cnU~#FoH-pxbED
zQkivyf{Q(xH|lO`uVmhkD`(1Mq2nc$PBzm-1{CE900P@&xw?WGz$M*Cy@~s}2C-W3
zQs+U;<_r}xh=FzYscYAnvtyj40NiX91WuYRKA?Y<Z;f>-X4V-pei_%;%zaF~0DxHb
zb&TI;z{7XIUma-#TE<s>4c_!4(SG+3zM|LYhOq1EAX_ZjAXW#>^w8b`A8$%r|Aj5w
zfKn6um)uLHI+rk4c<Rx9Fn<PjKDDUt-#ygp4UXCQOy)C5jn;1%0$%EzB*ru3CI6s@
zL~ba8=|P$t7XXHw-Q!m8Sb+}tIR6p<?05y54R;Z6BYdqp7ZXv01`@kk(S9w1_*6Wr
zDH#l<b?A-eJj1LKQ(BXI126LJ^AP<m@l+b|XbBv2BMBFnjV>oEB(s$Px4c|@%15gM
zhA0NvJxrJO&FiymBq5sb;%tZ^m{Y@%jlzmxH4XmE`u&r>U5-FzfnX?NsD@@XOe;>H
zh&v;C_PW7LXLyj@1VP;~oR3zv4|PFcYqu#u{hJU^U)gQ{zHJ*wM^b;g1Hz2ajnh4-
zG5q;lCltqKTJL(T!bQ$KoN>EeTTbzX<WG`U_Puk0;srA8kpyOP?|;itIWH}c4kP~;
z@d=N!-YjyKU<sM5y|KVQ_lt!jOx8o_10LF$wuz}xo02_{R~msF1(G~PR1IhpWKI*;
z&vtFJCA-Uw%<X3FIKDZNH5Ho$3hU9HV*aZ%^a2kjnHd$<7JI`X3xyozVMoA%bLMqU
zFPq5$?~iQw1KyM7cTBTSf+oU^WzYk1?*F1v7~X5mB_t{RltJG`wvQW^SR1uh6eYxZ
zBg?`}tt2VfH6Cq1dNpWxY;32dzNCg6&jgZatrrXkE$1BV_`INm7S&N~FZH*^`SnJx
z1UhRg&J-N9YY^qMAFO-$N53?~g*;EhSdrx2^yrsWvOUI-X2n$<-))*n&sqco@*tT<
zY)Aj?&%&uCgBq=oVk%1WyGGZn2RYz)vgwphl^mm*1aNI#A`9B-1NMo6(ZqBH{<b}C
z%FSY<H!j@?amFRUs63v6Ml?f5amMG!rxGq64d9);T-m*W43>#$Q><9EG&{l=z*uN!
z4h(iSJiIXg6CM<nw!)gxVI(*?EmXZibmT70=&s^nU^{mSk&t{}8nOVe`64uXTE6^0
zn>rKP)V5d{HL_~8mG5h~(j?@udU*8SPIkB-j}Dr+!tye<2_F$r>2kPS@NA6<AAh=#
zM1V%>f|$AXVBBdDSPI&rMG+DSjeE#~Di7*-yfksqH%{<8A`IoG-0wJZgD?$>K@-lF
zh5Ybe^o=9e?iKJR6OV_299)D!QSGc3$WCSVqTv6BmiX%7e;F#vzun(X;5V+4LijoO
zkezq4jHwAeK~Doo8zwMF3iAx4$jLt)y2BzWb;85H(*`w&FOZKOUKYYWsuVOp?Ve2z
zwtB1FNNFvxcBog&4yW@V2BOuKu7=<RnPTHqo^Ht~-gn{LRw^i^!`j#2!UMt8@u@Eu
zL3i488LOS484hMD>j7MPw1L|<<fb&E=m7@PtvNSg@;d#fq<?QW@Z31*_75HSyMXsa
z(IN~ZI4({~{}Pe|2?xFzt=SC;KtgwFHMAJK`|m}E^8)Js2pTZ4wTnsSh*6=4kGFyf
zCmIDePzJ<kEmsE>{oIQIkEa<8$O1B1gX(-kkGXhs*iNFx+iCFk&vmXcY@#I?9TvZ*
zR$B#U9c;1W6QEfIadGfef~ro@7%Bcd7DFD=(tyAruV+2A%hm~C1Rs=~&~5gzvE#K1
z<qVqde)A5(Dd+oQAqD2d)3+H+4iet1UCIn|8+a}vQ~$hgYB+f1u6chA9`~s>Xh21f
zV8(=KCo3}kx&In0ZvobZR~MYOx50JaXsR1zb!|_x=uoq05Lla^0xd)!CBr)CEIQ6Y
zZ7?n^j2W5U1iLfbiSDtrA`W8s40U@#Qr3>U{i!`MjCG*+3!d3qZoy`kGxZgE<}3t1
zopGf^ypT}?q)>ox=Ul~R3x9{xE1=%|=0T&folA~c&`&XO&>#wIA=Tqc0j(t%FI?G*
zkumzO$t`^4vr$cPhs2muuUORwz2WqX^X7A1ut&^v5|l^_`xmD2X>JX5B(x6WYNUpx
zID4D1;+z(W=uQg9G267P72hOhho$=4J-83uI$*rHFp;7I6wx)%YG1%{OOp2jp4UN#
z4>|adaX28el!}g(kVEt!l;i}p=q(t$%;!3$1&4Y1MIIG!y3iL)w@-`!F#GNrjVkFk
z(4WDgdce#!)f}3(P}}@Ac4JH)>bDGv)Wd(WGkI^*vgo*<r~^ZP1?G6%ov(cG2z=^B
zn!Z*I)J)q=SIqzV{^->EN#Xz_mu7%jNTa_nmEl5&cENz~w?2-tTMXkrB&k}Xiu|Jd
zr-?;}yU8->b7e}UKn2Sf%5Fa9w)yM|c5zH^A*eX53QZfeoW4kMOg7=<%Qbt!LNDPR
zy1X^+$7Oh9pPF<;jvW6*sY0K-pJWuxgD!O3v22c>f8#)$;8PI@>B_|xI83)&@&0U+
z+cEOr?^`}A*7@?sS22PlxuZ~r{h<;Bc{)$bkyUE~P!=-e=9kn^+*upi1qQZ230`8d
zw0r6Ykf+#;xBAYxBlUVuBmPsP9GhJ5<p5Ba-h|N169K<}c*c8f2Sd!Z$F;REw=AO4
zLpKc(eaxkW>+<4Af1m$21v3>72_fqmTF_ku<bUK0{`wIq>e5;SBLSqKa9j6XO@kfH
z#8-Z^DO6QAk+9bltfjl_B)k-mH0`j54Mx!2<`TGfN9i}5O|*=pyt17+>M|*Lro!tl
zjo~Jyi?0<nX`MM{oOT`nN%~A~NN6I|OeISf51W7X*)+wMMiWh%)B@zSNS76#Kc{84
z0eWR22eoA3Tc1Ey#q4@tY{w$(9Sv3tqvvvJ#i;du6n>;10Y_xm1EJwCz1p<U;JVu-
z-=3oBI4qWGdx3aXxekHj7Z&GhYgr4U?|0Wbrw;2R34VRXw<9oaG$}QMMQ*%k;5S`Q
zaEyft&X0rk!KQeJr_jFkIYzJ}nb9`8r)jHbU_3Z($M^zy7Bt?~=1P_R7#<SU^OicW
zhD+)3zdbFx1XZi4n|i<NQ;jtYKqf^?*w0vy`>p<vBRuOtMPSC^*K7=-l+|FvD#4C@
zJo~#vSzP?C?eDNY{^fp_a`RgdquMC|b7hi9llMtY4~%FVUo7or+mV;q^`WH0leA)Q
z`HtEUTF+JppAa)SYAV?lE9W7deW&@hjko=7&P+e#^1xF$%J@YG0XXcZ#p~wXl%)ZY
ztY%}HBL<^0-Ga#km?K#g0msa?b<bOn_Z7dc?L9#F|GAW(V=ngZgQC4Y76Wrs=cJRc
zeGuI5n5rRwIyZFZ`=L%%r6zw|aAEn!QM1wO?`6y!pwAR${OirQog>vZ7gpej=INj*
za%<p3P!&Vyl*sjU>S4$Oo1$M0FS5R$JF0<>^Z{RC`>-M9aP8~ZzpZdKf5A%NNaZ~v
zk@Qj;PgwxeZ^y2k3rRkR1g-5@D<reP2vS@jvj*G}U0Y59(c!&1(bP%Bnh})I7e`Y{
zA_i?!3P7>su;(wBAs<f2Ts|_L+-KMh%A8Afr6{@*2>oY0ao8vw4&it`XIjx1setSp
ze;vKcvC_OVHPv&-WBC!hc|CU8Rj?#umo@GOBABLo(+7<mq_aBqR>+Vhn&xdTplF^r
zYOfvTAf=eXavV@Scv%dI9!<1b>EtI@!64$1aFoA9FagrW4U`(fDLUm??jSonBw6g2
zZho}1!Y2Lz*otY=ga~0M(L!`?=@ZWi4p0N$;zRcub7o2X$Xh|9gK>h?pc*>-Ft4)!
z6B)hUo(Z!Atj7=`rR^~M_|H4t>XEB%Rl(XS><6i0<_Zq#&z4eZ|36KSL@F8PfQq>Q
z`K&PUz^@B>=OYUG<exgEm2+g<1xyusf6aoR+@PuNJGU<i-u}@@Y&9`xC70SSNf{9d
zE@fw)uy#grgbeFNPb!1ts2Q``0;VXMfBG+{WVjxK-fVu<4E#PGH9d2YG5@>fv+u^_
zl3R7*7-5?EP^11uhAm6agFjC-f+P*VyP-1RLE1ogL0NJGR!THWdg4hYiaLafb$Cdq
zZg_RN<qmQB(lO{t*1yU!efn+~?dmmTp_-aQSK8si&R2wRL!AE4dT)8Isirw`Rr*3n
z(tMM#?!VdeY)tM!bh<K?9}zw@KMnxUEjF;zd;h0IsPLPnL<th+xvYr_ViWO;ET|pl
z7Oa{4%n24|c8iU53{kyO3MAzoVf)pQoy)6lb{nZObo}pb9R;=>n!>^0Kp42dlFeIX
zPym=6$~p(o&MFVM2V^_j)PwJa8p^_kEHk_43pGUU77*<b>=mmHLs#8gdQmgjMI#L6
z!s?DN2!%We0}2$L*Lp~S-=Wai$vyrF&vKEE2S##U+G<CA{*hYM0oIzYYEhTV5je(}
zq0vFGDk7)-W!)HCUg7!Xqzv=uB|@5s!sKYv_o@JbhIfZsZLViV_UCKk$!J3rW;^l~
zElqBK+F^<GFz&CLRx+$f%?YJvO^hI0`*;w_wD=W%|6=Jfmxoi<7TO>+w6LDHa|{nv
zwU5x%mh!fJP`&nLKuANRtA_8Hl1u+uGap!$_tmL~O(B3rx(ZlQpJ0Joj}8d+i$<7h
z(pm)Carb|U+<|j*6{tF^piTQ#V2*zb+0OO47S&!l!v$fvl##q))J?qzlIjdY`pi(1
zfONX>RT!d6L&8b`>O6UwoNKmXpcB^dB#HXMKe(_OHTr}Nx%j)Tkp0GL@EhRrLybxi
ze)knxl;z_cC9u?AB~?X(Xf=LnhDEvGpC)V3S4tVUp6xn`3U@JkuO>=D5PkwHTiJ}H
zP~q))$Ed~8oN(6nVX31ZJNRJ-GdtIL%Eh?r9yUj*0$M}yRs_2S4O9X!+1B2CG?_h>
zqXx_Kw)>5Rr(*8@FNMk=d<x9@?H`^=gp`t8gK&UP-32pQwCnBzeG-Q%O^sFKL#G&o
zC+wU<er)Sg*Fd6vfnmAytX^m|#6lDGrcd)eoi$9NCt}NS{2zUm`}DpupSeae79ts_
z{)3>S;g7J=K;r{Ry(i|7IJ8|I7Q@LxLh%H&Ki{y1i(GM&TuePN{n(1g$MPe<aGh3@
z7Q`qWU5!sbB)U98QuIDsHujdksR-^vRyGbO_%SWOUz{yuBP8U~+F)HvJ>ZCwsAy<G
z%L@K14fFxw+Cje3i=EHC?i6Yp-E5y?R?P8)5U>h%1j)K~ThF-pJ|q58tYm${5388s
zafHoN>z0A20L~y=t58H`;ur#Nw=p0%1Xq(}Baf0<jwIpkNN^pklU7nGXfbT93FC>5
zb)zN23ec#?BaoW!U*D&bpZD!jff?~9T4EJWrfirIj-fa~UJ}6Z#~cv}HHPb2eu03h
z=f)n0#|)j;_npX>JgoRCI3vc8tyZ+}`XV{Wcn@CTvjUa%xByp1C-wW8i>GN;WE6d=
zK1em%#@H8Z(Svr1VSI<p$Hbnhb5o|0DU)s75%lVF>`qb=0MdsP$v3cpuKaGI%>-{>
zy|g=$;)!<4xYPQHs8gTlo`xe4>U`EcbROtaRp}y6TJK@ZYZRJnv;=zGHhBLi7v-@$
zRYGP6T=+FtF9K}lRh%*RiJLaM8T9I}%@Nw?3Jvn16eMtGo>XPbk4j0UF<_Dla<;<a
zxAK`695kup*3Fn?%{F8`Rl{u&Z!ZV8-zV;?XAGtzwW+$%RXIct|6PL`u5q$=mC448
z()wQovGVq)L2O}bB9g=MIrqtR&7y+(^48<Nh;)KBa1tZjAz$C#_34m0cGQf)e0@d<
z`g#M@STEL9RpCFyHgDZ2nbTO8^Mnvu9#QEgqSRN}nJB;Hy%0xmJ@dc9Ss-ZBgmR(<
z^sv`s4@%lwF%i0g(8tBED8CxS^k|t}-QExm?dm*X#h6PY>Of;FY@|<bBGuy6NUV6y
zz@E5$OoJ^5ljbR^Z`d_H+8>LgJEQPFSJvpI25~ExUCis5P1(zpnPBt6^I2e)b`sBu
zvfd2gw?tcqY(h9h){p-gYfR<tQ&9|NP<u<Nim)3&X4bgmFZncF!T^ydQ*dX<I&k%-
z1J9v6j+R`$M>feuR&met*LGC#j^=A~&vamN<bM0S#(CFQecf^w?Q8fMgjwzR*&G?5
z>bR(nbmbv!5b9kttvDy(k|$b2A5<jl3!|AmmB^}2Qg8KuAg@%{J0}p|AbRh4ltW7k
z^9X)N@8j7MF=<N%{3pJ@j|cL&^ePg>?=6J?`3o1zYf%NWLBh|YWTCx5>|c1eRKi_{
zM5kou!yS$j0rMro%@+M@Rt&-Or_BpK>BOiU55*bK{)!?MT?ypsOK|b<%`(i~GZbpW
z6@{-Mw?uXP8=SQs^@*Tp)^k51ZWw@MFP%Y2Ziknz3uL@^E(XJ|xcf_Hx*6Cv^$#hO
zf;<eo9gK4R=)K)NDbSm|t{Ax?rBQm|WO7pp#YtY0CSt)`*qJ0iytnRqGu0h~@zOxO
zEcJ$G!+}%cGq0ICoug0DK=%+L?OjzzGVDpKI}jcN7cAGnbe%fGbekbbh0xJ)9Qu$E
zS~1hmGi>ETLg>x8@otgQ{6Hljpf!Nol>qu)AnNI6vPfZtMBn>i$;qtOVogrI?^R%v
zi=K<_db-?=-P_~8{%ke(h&^|zNvnMRe>^lj8(-aO44oZq0|txHdf4l~Y@}pVo0^K<
zZO>~>TqJ$^_}tq^)E-amfm^zqH%kd!#t2dqhksPD^gR#Z5Z&dk+#y=ztdHshtIaYk
zRsnSe)&Zrd%8JX16f(}hRXS=2U+!8bRLrHe&#ZT`SC?A;ltXyX8lwJ(+)pHw?RUlg
zDI!&khRY8qO!yz^>m!i{<)tk%z2)jBb7165gn=yUe&cseTb4IkWrpZ7?c)`U9!1(f
z{c-9n@l1Gv!DNOZgw_Ht5b9r-svu0-&lR=dW-W$WmIa%V`lIqH0T6L>vZ`o8Z)a(H
z<q@9hIL5&krU%Vgx*7wHfh|ix_OfCUfC}mP;v>F_`~OR)t@Ke!dvWs6w*)$NvRrCq
zf@%*vg)opS2we-TtJ5UZJ8$LMbxBK@iwn}P{!7;YuusTTToB<*7psGn5_H11foPp@
zf~UoMB|Q9_%gD;4X^RAKu&j&<WtY<%qJ9IrF(?7P`3-vP6re_ApLA``EJ_M^Gz$@T
z6WfVGoLzWa<SO%-VagZ4I!bsNcuRQ1*wRq<PCV6skbLqiC)iRQcWluLVVv7t0MBLN
z9{uYJ8Byygn<jkAG+{$B5Z~8`Ld2&njrV4PaLqs)7oIjXY`r+XT57e=c{RrYAgG#<
zy*YL?|CoV%KWb7L4xt}KJx>Z2Ud=M~q(i1u-ItCY{)-B!bgzU;n0j|2T;@9+a<m|V
zm@S1gb4rzACbWOXm7f@g?G}5_?bfH~b}aN+3to9)d-t9pUM^Siy7!R*TYgencQ{26
z_TKW6Pbea2>NBrx4#DhttSUh|8c4iq?lu$APWkm=8v!jJ6uK2{So@2K4nb_K7DIIh
z=vX|(3(lNe=WXCwgRrB`VX3qcZDK2@9963y`tok(7JK=0R=bwr-&<!HT?eMiuN%+F
zM}Musr~Wr*E@IHl-H_-x>G(_mGDxPS6?M;T)cm?&{rFdk%7P$@Uj2HgsvFU&y)BF)
zxWKOAZ?KW9ME$~Vh)_S-UkT!xQgi%=;Y;0vIk-s!z{p(XDb#@($(f(mX7Z4-N0Ami
zm*YI!!8TD4E*w-$P+sW8^Y2BjSpItJ*CeHuT<GJ3u2;dtci+-zSubdBOcIK6RkWk#
z&enqz$w_`jP4l5;D{^stv71B4ZK9D2Mmt~$@j72&Hqg5B(Z08vnUKM_$bQ-1R(PdD
z2=p62xpJy0WBkl*F)ofPA@_-COwwo!?Fl`n?@4ofc+}5~RJeImdX5v<8_S&c>Y_ti
zpg}a$fVH^)F_2o2({J7#xk&83b8SH^NiH+oVCZfD;o+%O+i2P+>qLcCn~NV?ua9%_
zXdR9YssK{=5N;iVEXx0|Vpz!7d2Xs$1<JBCw^mrW3COLH0k-LTL7Yl!Cgwg+eSN?%
zz=D_{8hg?<(*0<{s3V|<G8veVo>uZFCcjMltbLAHZC95053JT`oR%=RHWg#KXt4rQ
zrtmBslRuE%-J7n|IJ|##`Lb2h6?U$6Ae*0C_Hykt1!5yUwH{vuLlqUC;GY<qCL~wF
zgRUZd&(t{TQqs)HZ+pau5+@+SgqLoo7dmbh>w=WLw@rDo3k)N}t^n|La33gi3*^9<
zK{fa+KU>{K8Iz`_-Xvmn8VxyLy}FX#;fpZ5`S?g*k)#f3zGxx=9ME(E<Z~L~7{Q`G
zD(;;s0ol536u$apRBjSglsyW*^TFM2VU_b~^cgoj-&#oej$h4bhiX`b{d;D)PlT~W
zzi90*Pn?a*G9-QkG4}+KYC!1Z{Lm<fsOEVqzRl`2x~XzRA^`NNyJ+BmK}SY?3|{tJ
zc<r4}1sH#Y-XkN|k9cw|H@&oRdb*{9P2NiAru02}4h(?MXK2)qQYs{KOmY!_h>j#4
z-qPvz&N;V%oBp`~H?*tT)S{c9;N*+BR>EQx$3#McC}MD$G}pkn>OOu<4FP}N>1cp|
z0!3#jI>bZdLl$9nvn(=1yodFC8%~h8Vt{AM<zm8|GNfJEemtOnd`LKvrj)^mZ-1p<
zQtdKVq&o1!f4d}OvPcm5ggBJ+eNmD6*!ySAo<`=qD@=Tcg!~oGue%_pIj@UCxIquZ
zEbJF#0i1=a&7N4l02qCx40~b!8<7yT%fvy{Bd(X^C+U2N%Gd2!gP(3YALKbJR))o1
zHI1@EZx<`T0S4zRf#LN^XUvx-6|q?BilVz*MH~)~17vO&v7h~Bwf#e$fuaCtt(Y(q
zT*{;^`pU!fVfA^5A}&?WIuE|0$oX3LmyBC=wp@+*<tW6K9Av0t5R2Q|Gzpz7Em#$N
z-iQpS$Y$JSk+~HazjQh=X5bQzdfKv}yR-Y3Q@Yh>sSk(No7FaagBa8RUew6@W`;t!
zmHZvbRKSV`nZHxOwxm$M^`S#ySevtCf{=hRVR6eBm3kDvF!vf>Z`U^7`-5yPOT+~i
znya**Yw?gt${@jk2QQQMWGpAWk8Iub_@xNOC%c92*-enYDnp4+1f4<a!xDFO8xxeI
zfhxp*g}wO$f04f-9|Y9#e`U6G5yGPv3Fv%H9AREr%C%13YyUpjm<s!1N;jR3u(`@e
zzuhPz+MnHBZqRpIPfv%9T?go*GOb@9DG2QC)}=GFhIAMzfW&PQF-?k>ja$j2Y)vG2
zKYL_0b-0pEjX&T~{%N<z<{9jKaIUSKmX;%^p*<B|xnqMnirgdwrRnNOcY;{^(-=V2
zh-oE*A8HUWe)^CEz~ezv_zosfa{Pg!j}iJq{pP3!Y<-ybkw&t^xoR{RyIb(ZqnJ^d
zArOdU!svFgwXzpZ{kynj3$gFNn<8GjcZkV!oi*WqysaU72-OqS?d;{8>3cwAZv12Q
zWJ6{ICBS!y>#Z&^EyKu|UnfXld_7DnyBIII*)kl+{DFfegVC=XuT`aJ;#GN4(TO7*
z7F}!gu_t4*ut{Y6E{>bgd8^(IdIKSTpT7jsru3-;R?_TOL!Gd0OWp*0Fn~&`$|I-=
zuJAoW4l1_*wI_5yC|W2%W>L9=3Ec3#2z$*3>R!m<W^9y@?Li)RR!KpF7MG)!T#=~<
zDF$iZCe#C%DF1!j!qB83GL_azM>?qrJJ|HB-RqC*2nm>Y6bYPh@#VHm>59}!E7u($
zT#v8|++lF_?ARc1EvfE*|6#YU_=zAlRh$T9%y0(co1oh3OJFE97JghNZG?*a-jH5U
z6RP|O-&o#IP1s_9lFMvZ;s0*T0H@QRQpBO6G6=05hgTlnX167C-^wg;1>JYtq_714
zIG#;@+_?>IR>#6fGSXF03}rvj>6o^twiQ(q*+<BgB`)9J7;-Hw_XjSB+%`sgyq)mj
zU>j%O@Dukr*5?uUNI4Yjt&jK>QLXA!b4R+onNYO?i~Lquzb?j3hmN3Bn1&{_`I|v>
z36+yvTZ*~;oa3fgv`E}lxZ@**cLKd9(US=m=8RxX*%?usRmgP9GQuWUSW+yl!{f^c
z1VRU}>Awor(n3Zs<mDMb?g8z;`($;d=9i_6c4u9s#szcc>C6Wm1dmwk84i<~>`@5Y
zrI0xG6u_!wypM@9x3~f|+H70a=kz`LYmD%R_pMKFkRY$z9EnX|McTMLi^cBc*k^%L
zUIICJk~uaHY1eAnIGLtq-F5+N7v9h$1M`?b{p{ofN$^S4Zi3N%0HFq&pbXV^cuu9-
zBgF}?(WUyLvbaCLeaV>mqXqG0rf#TkB+)X!XvYH_u+=2`k2Uf#8v}fN#)E;()DQE)
zHP{7K&{Nron$I-?|4`mA9PTVJ{d!)@i9|dw8T@#D6*Wr68kC@Zgi6=K9U(S9mS|kp
zERcUR-rJvU9G~L>gj?%*o&nJIgj*@?*p>1sVwHZ#-@puMZjurAQKzv?Cz1-Z@UXCQ
z_yb@{(qtM4hhvyNc{1kUznPMu`&nE#D(wi?({zo7m5&bI)jb)gGxM_%HrMt>q0{3>
zS~R#LlZPPB-O`kxTVu^nirfF!`CB<7HM@y_T2PtThS%sgx)zW&n8YWm%5x~hsok@0
z%@@?Nb$v6$uDGakE7PivYKaH(kx-VxdOcgJS=u$Udqgp9t$63pMddBGu*S4!P(taY
z5yvY&uanU`t}=}{+joJCxUOPBuu#0F%P2N84MPy*o{_VId4QLYlH*r)?$ikkCq{qn
z8t8f1ffTTy$txc1P%9g5EGi3?NRslwiaN}qW`7E#h^VlkO5#q>sRXZQGMCTiXbkfw
z+zpMo$7>j_pp0Q$*!n`_&Jeec=}P&}Hoiy4)w62q{ZV4=x?GxH1keL4Lg`un%3z!R
zv01v{qKn@EsmX<v;oZlUF4bN)fLi@%AMXTbGxcQP6+`(l31;mKC=Xea;9uQQf7MqR
zkR0dqm8^!wt7~Kp+w^g`koaSNeX}VBGipTXj4O8Twt=Ux5Vb(ii`d4DPj5;O<5?K)
z0XSXhOSI|e`|R{sDg}e`#O-b}&={2+`=QS%2dLSfUDjR-KDhIf{|2$2$xXgnnm*n}
zIf7)kE9)6ddIcUJPmX45sO=f3z<T^P!wq^*46Yz@tA!T6XAjz`-jhco0nBlGDyKmf
zHfw++`+El8m^18gH7mjtPZ?qs{jrLH3%ms>guu%h`2P-d-n^opSn#Mtv})ODdsi!f
zUh`)Ha<ug!n5$=<U@tq(SeHd<J?y&Qn;k`|*Qe`nT1TS>8?fiiiDcDgZ}64@pMqAf
z^*lfi527d!+S)~puF3HEHV|C8do#lv44?AfG@$%B@WrgxWf~G~W*NSTT{@-R|8aOa
zc3?LRZp>z?Y2S2*TZS2?Xf}7g@LpX<e|6d$BoDuFaeL0WoD!o@D;xlJsm=7wuLFRm
zf%W`8I;4tNq>Gw3-3!M~Q54wWz2u;%pbopyiZZ6o%Hn*;obEny^zq`+s{3-}=~XX5
zvpsrRT%TW+IMzEmjY8Q|YtJLFR^OGbt;Q9O68BR=pf~lT>!e0+<C3V#%4)fr7%oDw
zl}rMSUtxGEdrX0CkBMQAdCD<h##UqkRV5xH&&97-S{MpXMZ7Xsnw8n>DL00jlb?r8
zP5zJtc2o7ZI;QQ?)3$mg=pywN83BTr65B&z2zr*9olr6RCI`xOI@~=E20AjuNBUO?
z;nDW~dWQ&CrwXraz=7IB{OYbnNFd$fu`RIGgE-$~wgvb{evV8_`27sk1A;k4eKJ?$
zA>{J>|LG*MAIc_ft`l9mKB6lR4a%J%*0KTX1l*6u7oB*FY9(8`_mcq8wJr6arw56*
z1mTnmSBR1GgQ)sOsuP%BPL*}_FPvLl(gfS&gC8X+1{G4a-vf_7(i9X5(8v*u7O$Bv
z_=N^ILwvhDzwI=TJkb%7jMnj%0F0yL#iKJ^wi3?9O1x_cUdns!Rl(yOoU+QkmR1~j
z1(U8Txp)Gsvm)=DA%)TPEKEBeUCi}i<DO_Sr^M$fCBqE^_;y=IH-1RhZ#WxmGX`Yf
z`l!{|t4_Ya4v@aR2<MiV^iG*wBzqym!hAF&LdfTZS>6+@Nfnk3iy^t*Kh{9WQyY-Z
zn}kud0yk>tcyp}Zbs>8{f+v4Pqj;M#JmIgJDx!kX+6ZEu8_;bvQqeR$Q%5EaAne(l
zdN<{-uejLK6fznO0#=%g#}7h{z)?3B9Lu3@lf=~hM}rgUzqB2@+o2^GC)1U>w)6aK
zV*-|XTtRtm2dS1~#bSBl@Trg?j*U0tS9VJCH1E`Nsb&lIqrMD|8u1Fo%h;vnq6RHQ
z&bJN<A74Ws407b7&aK-W9GL8vH|DB%Rcw+DG16R3GGkO{uhtTYFyVc!)2!0u)H!>b
zo!Cxr`Cx0V`k>E@Ki0yF0LFs<dxR%1XS}Z!jdDzDJ?KBPyeK1qS}v9@1UmBE&1$+k
zJ<*Z|Q`;nTJWQ}82Wn%CYrDRhqIFHFqG4}I49SSZP@&*AQzJpyFm{No-=zic6ZA3=
z{`TUqK!mIwGxfV340->;%;Frdi1w-OEZmljg`^pN&Mx_bHb{!1pq6{DE(Nt@>;-@q
z58+b>KD2VrUpj9*SJM460(S&%Aq`AqMkYWcd5eHpz?EQD@`Wpt!+yF->%`1c&FeUL
zcK_Uz<Fr38Fy?5_MF&x(36l8Siv=j>E?6#WV_IOH+#~@Y9N&HV;Y%GZ3PfMa#ow{a
z&3)$dk3dL#LZiUw<{OotO>Q3+*2HF~uHq>hS?c^d5MNoxA}xT#V6i&H55<vcrI5)Z
z1oYLm|Ad>$>8%``w|4_-mfffw&7J3vz7g;nUepR)ETN>7y0tYKEddCC>|vCC6tF3#
z!!qrx$Y!hj0WFjA7l9zGug83jc)s>|O?X8SxC#m0@0*NsxX!H}hxMeP1SJL!7QvN+
zY?`*v^v(>FF$YHuQd+SnQ1cXjJkV@~Xop0I5lRn-RPhxiijlTzDk;uJyB)tO=?e+)
zxk0?J4zxiUYFQ9k3>{&desbucn$sl{s7w?Ea#?gU*Azwp%L?%1#(dDMonb@C<vIY<
z4d-nmJU%TpI#F(d^{j0?P@Ueg;KK0yhL(LMVODuEgzy5^mZjd{Vg>{l*%$B5v6XU#
zK1VVc9(CS%k;Q0(k=%=&-rWV+SPhUP?h>>VFZr2OYipq9BvgxYPP^m#DnEr@U;CLt
z?pDby-CO;lX{(JNx4u)!QMo#VG5QtkZs03{a);&kgsowkU6T;2^TI~x<@mlhYGwyU
z9W<_{CMEHKBergQPU*d|!=tU76{$jNZ}t=qTN=YuZRqMh*F$0Qmnu{!LUZbJr>)w#
znGPIp;H_w}AT5ub8vf&`A&!hE17$@sO@rr2vK?|*G`r{<aV{e%Onu}`25O2m(7>6f
zvc%-xNGnabk%4|>KAGIwqUn9WP3%>_X<eg^(5@)j%bfQ&5jA#LBN>Tci73Ip-iR}<
zkCX+Wg0iWGdu4a(@*rXXZ-6l{(pQg@6cZ0`qgQ)a2o(yiy&bfRxw*X68IZ|%$e#p-
zz9k`xGi$}+KlGlqY9Cwnh_wWUzJalDO>qqGZ(FI9%?^tP=HJb<>!A3Z1{aCs4h{I%
zv=t7jj9xO4J285hhS@laypdpp8fC+0u8L)2HUB7rOQN*6Ilec1j&j2yPO62C_I|lm
za7R665Z>}+No8(#OtWRzmDyXmkrG_~1u-?O_v<eR#1#OFwvvjwR#;EomG-Q(PdVVA
z-^e#$gQvb<TJOE2QOB40z&yGz-0GM;)Q2(2bW>W+{_D#y3eeKvu@*&N%JyTJX3?Y1
zA;JXPwt`NaAQ{UzHc7a9?*^ELRx>|uWe79%GsGY6$j(i<PX&+FUf>)WT_fBcsHiue
z(|P#&UowsV{JYal2-TD1W%KNF=*%;IqputUvDim&p6#yW0RafCG)(DC-LL8GO|BeY
zXB$NE<6sUv#EZM?C4v&<%>6H)T-)7p@ExP>$6=8V(UjhwDozK&ch+N{2S{~U_jX9E
zzy*~5i)5)-*K6tF@t!r3n*0FFCy%QkBp1JP`i-?b(}6w%)dbn^L%h104l~wie=m~3
zb`gR89mTpbx3*bH2oL+kY<s5S(lm{NT51a{g}736f_tY0f#D3@(|TrG5CzcKHco8Y
zwr$%T+qP}nwr$(#*j9(<zZl<sfqhkL&MGHq_T|+5zxn(2<A|l{_6#mh^&D;6uaW%u
zL01R1lITBnhFtI=k(P31@+N=Kahz9ACwDuZzI|KQ@@+QESCBfUZt-tY5>E*kfPe&9
zTe)Ws4ZbiNJxPss5Z4=GZbmnKSgP<tLUWBQ9Oz;l^e1(Om+Vs0U)bPE&{BH7numsG
zdwdMW5NofTf$s^U$Ii?sxM`62JlN?6V^6sl{YQ>WeHebG%9i9rjkXVH_s~Kc?n_Vv
zmrA1Zb{=sTm%L-?z8mV1)mOR$^sLYWbOWgvWv;}ewK-WG2dnDxCih4tc7N-=Pmbaz
zhpV;;_zX3qybL|szZdODMwp#FC6_y>#Ww$K?+>hU|CaktOnh~%*2-!|@v6mnVFnX=
z`|9P}oWg-e?}b)k@zHD{f3P=HxU#x>lj)yV80QCxs$iS-v94z}@-@RgCS_p3JW5g(
zbVlIO6a6-F4g<3lgjy2lfw4=4YffC^dF_v-hR$3pkp#sgoPl(2qp$5NIH!I_pvw<;
zS2Onj_py(m>!sp~d9a`Fee)=<N-xA;)CGmH?Eh`Nl@c>0di~|8iUahqv9am}6AY*&
zCz`NhE1`tsuqGUpnTF-#{@Q5xf=k^A((Kb^h~hEECcoq@?0;9+=(j2%F*p5<RJAiZ
z@WC>H?GDn0!VY&CebAcJ@^yj1e*r$7-eGt`p~!p+>@@KMLh7G$xGiVt#|AwTnaOxh
z-Tdp4)wu=To~cmoGgy1RXL^LIEd>7EnPb1U-imAG5$k&JS<`lbS3iC=L?|$<WlP9&
z9{1ef;KUg5A1KlN1h|Kx=Eq&0eR95&RHjr4=D7JR=2@G=0KXo+EZt_9@eJzP-#>vn
zA7>!!w4KFTdx3m3arTup7KHhPPzT6S^(wR1D*7W0&F=q1oS<hkM~#(vTk(aJ)VG#H
z`Htbpc9M=qA$1-$qo@`mESDWH6sfy&tDxv|9!go3lLx;8{3eYLq|!1=f@_5RP(o`T
z{Gw)#FWqRwNrGJ_a)-i@CpMPlOBm7j{z*!KCKZ>L2PKlDrn&w*IwnRq6roK6Yz5#H
z$LW;@p8TfYl6+TcDnXO#qv`j9{Da*?H&*oK$7{M(Z2QJbw_e<P7zJ}bvBlIMza-RB
z=T(VjJh6o4N?h=tG_kdyOFmHq>me&(2qq<?{%ETqte8z|u_OlH=MT<>USGOz{HKf3
zOJqauJhAo0M=p;mj#$YHF@T_v^GAcP$n6w7lcz=l8SaouIUwAU)v0=@Q-|1I<qyWT
z^G;ll5ad6u#UmL0Sk%DP{?AkwO#F{w`iA%XyLqguc40WyKHGPF3kbYB1;c1o8qk00
z66QIbpNe{Kb2U;mJeR{={tq=p<4%b?Tnd5WqZ3Gwe*9V`rqe=$)pI|#xF(uLSh8>^
zOn@Zm8%e%@<(&!ocBX@~Qnv;@X6C-N;>Y%<&~t%z*$!H}`ix0kiN?9YvHNbJi5)oM
z6yIcJkibIfI92D2LiFkdWLTv>9EpEF#x{pL0ZL>{ci*zlUoY#y=h}ru?w(4*^sW6d
zO-EuE;?&Q3_(4xb@i!FOfiGv+yQ%9&JhY{c`nUA1j(YN)GYXfTI%+|(hMT7MekrX!
z|1w^30@X9W?OS5PO=i%H>4J0^TU+X}(QqK4Lqy$-v`)8}>xoPL`LX|y^aIE`;Cqg)
z{_@6KqDiRgX>l`FrNnG=tiSUF3}oZfWIdEm69Vd0$ClwGhf&fUw6D;atR`hvq&n>n
z-E2D1ssH$*fg3+~yWz)p;V0q3vaQ#0d2U(dfr_mfI?~II!x^8cWVJPw-_c+X7|5Sc
zlFZ*TbaA{_0tE`xO6vri5L>4Qk3PdKyenwS<BPfZF_K!QG^lS3WKtj_Pli$H|Ffaq
z1SyO%{5S4ERHwrzLDPsJ7)anbIlE0zC*3f5%IN9Qn!enqo>zc#oni-)XE)SC;MA6H
zA5Ni-!%bwtHTOrn<G(Zr{*o0?P-py3O(wD7cTX&tL!*+AJv@~_#tVsJH$1I*4n6<k
zeKydnRefgNa{2U72JdKYiCj`D*~UEn9Pv+{YM0$AP4)KhP8or64el;{Ua1}=SjM5Y
z&s5v=vvqLYW*vS;&E$3jj67E@`DTVV6eUK<ts8&%p6^zc>mIOhE3JO@zftRu$kNK}
zd7E4{j72Nl-E?LiE#g!pvt<0->~gUT=yT0cl-cs*@vc0kjlgs1Bn<S3Tz?Vw{f+$z
zQ$ikI)MW`Or;`#YU}xmONE{IUxsGz|T5E_w3y*DV{D+~<aZ@fa<}Qz+r1qo$^0ANC
z8OD`Ltsjiu09LazOcS}fytzYpShw3uOYVm2V%>!%q@PeVr;I&*NHo42%6%%<zTbYC
z9hpz<O}ei_1B1Y_xXu=aJ!nLNDt@#pieFqUmlMM;=UJ*<;Bjhkz7@_~PF1tMgBki8
zDJdVF0#-q%H&Kb~a>FY7Z-ZtD`+SDu*ygEJUn-RTMge-It5MBTjTvr;6*G2WlGzv6
zJQMDf=+V_;9Hn+yo!&4t;zWQu=c#VQf=CS2S4TYxVsoJtjgr$p2gP$2k;;Doeg_gq
zhT2imc(E-ralC#?7~2R-xnq4*eIDoj9;1<MTg4#jYT4|=ODO>mV$Sc8GR<|#247c$
zw4oh2d36nvE^hy7@4?Bi>axGbIPn`WB-osALO)jbZ%AMdBBGL5EOTm&QwvStw1beA
zXvcYdLpOyI)V;hV!m<B^(^v{{h0H2lP?@FZ&sUi-(aCR@L(F9iWMU?TOf^K41pa=`
z$&DYEh$fH=@&#0Js3P&axwNi+K;aN4h7Ou`XD>&h8=<z(B&8|^PUGeF^@DNHDC)}D
z6Di~@tis9gCYKR91;;NXqyi={)+kXUT(BhFO^lpC{M`mb)95PeE`IghqhXqmlFXsa
zG#J3O{t5<@m6-8cTgEEyFoov!p$nrtjQ<Ht>$r-jVAN5`D1E**2mYAh{HC41z^ys?
zp(~m>2C?MGPt6O)3iem6_J0ck^gpsTd7rsYsQQTcK6?%rgDfBT;@$h!tmm5^zzm%!
zgd-tD%zl7a|CmmA4{2w3sQ;jhlSz85NFvb?vrTB)W|4NM0m9#?vHs%A2M{%Fa-ZXH
z_so0p(tYTI)E8#;TNKpaiZX?byjneldJeb_xFHBo>GoBmPgR*XPta|$S$mC5biBqN
ztFrZG2)TliWzl!IX{RJ}C}6{n9B-IqOeCd@{>D4<pIJ}8Rz=9fn0NVvY~J?8N<JOx
z2dh;7P{Ngx-zr>>g@r6jBGYRzb})Q8#pHpx{J}fYo|N{Rv9h;6zX+O*wr>!;*UejS
z?4j->4^c?#y5^N_Zs5sT=iV&5^*QlgL7Ce)HC1f73Jr^<_!I2GvrY)b#Jyl5Z&tGq
zMNyE*u&{^Gke*<0xWt%_g|D9%{O$6gK_OgvzGOc6V%38Y@UXGmIa5U7SFXnqTPc;M
zP1^NmSSr6<AfbT2ur8=Q-5BqiBPFNtB?&Ld`=tn9vU7<tRZ_oqa}Y!WVKbCF;+$xH
zzLhsd(~d==xzMb^WaaYqiE+B<rfrGGy4FP3=t)zeHiKf<CI09&KU_KR2T`P(pLTUq
zc>u2{%><*Ym$G(5^+I39O*^$-d(0Vw@9R8CtBOxKTYlowaM|0PmHdN6UOn;L5zj}>
zkfKL9PFenff6mAT-YKzt)>FoUiL4-HaZzPv3|}-8io%ZN=YKI&H&%{GD$}RNI75xV
zd>1(Ud-<%tfO0GV4GC%fu<dEbkRNK-?6^_rE;bVUsgv+kC~R@)qQg`!pY+7sVd*OH
z=;i<I>eGH3@jzO{n4Q~P%3DU;G}jU$wsotD(wHv(tXm=u=Z4U~heL^C0B6!5ZFM+S
zM|ReT@VTTVeR4L72AzBvF4mQy5oo74J%}GKFYLe`5aM>zuWBnz*y3bS(O-~Z(_5H_
zVuVn46AS*r<~9acT;CYx&XeyWt|B^jXwKjbjHH_}*qwsljYF9mL|j8?H-fOLPXt%D
z`9wI7C-wNT5k-ID--=7`T$up7hpqZRAnI>;-7P0Q><SJ~uz~ew>g;x($|Z({7&;W=
z%s{=&jW6;?+69MYhMVk6g<~ni@-aE0b9g56zZ{FtqK6^PTzbSEL(UF0!ft!}@tsvj
zoI6!zA+)X9?1X<7<X6|!5jwnt@fZQOmhyeVCxk<#4ab}Bo*!1}DNd;Q#>BpIjfviA
z<`w^)aL|}M%8#6}5adSFx^^K9A%m<>FN-Ic-*!4MB^}i2fvlo%UJ7-;Pf29n7Rb*^
zGciu?xYpGV0&ZuGwrQo;ea!q>bjoi;T3(gT%FCZa%VRlehUb1kR@O;>!ZIAxop*ao
z@jBViS9guhqJn;E+*MdyGrOe=)l-ai?Aa}^t+m9^3EQ`)r&!>Yw+Y*$3p#`(0(FF>
z%Z@pwQoddAErcTB1BTSX*zAg#D*7A3zT{|BjB;*Zi?L8S&|i7qJZLn)&~iIa>VM<P
zy#B19#p~;{f)D-}P+TB*MRiaR<OP;7mAygKf!&nfCN5@DDT+zI51xXN^VPD^MCS^`
zU{FN9e+)QKRN?wp9L}=m<B&Z7(p8_e5K}WtrQA)y(nZW}Wu=7n-Jkf6&WtMh0xppc
zeLJ>o#oY1-S?5P<<k7<o%T1Mm0Z;xB4tKP<n-?g(;gf!J&6@cdUQG4(Hfy+F<H!j3
z6`NSN0OdYB%zK#oZv+sHC84VeI9@8tg*?s|<;AVm(?rs<zpM^&6l(dwnSz|}pI9;j
z>uM`^ZV6{;Xl{9~k7g3ZDFIy6ZVjf+6if2aAsf@WkZfj5AV)|l`R3Ny@36NKq#IK|
zp)fmZUv=$TVc{*dN_|{GuIyS5<d0r*hsbuH>oq@a<}2o%Xhnz8=f(+9j8(mSeA1}|
zOI{xdKQ{iSXN!<J5%nJ7agx@r{XV?Yo+s&iDTZD)c(T&@(gCYI+i3k%$SoWe<X&nv
zeTAkdlzowFid~UTIa6hO5G0_PlM4bZoDAfoSKje+{%VJhA;bkeyZK|b16nP^b!`rc
zKBo-g!_YjCd(JJT`o-ian?_V~o3e<zRaJNH1EmXi6%tBd_{zxF?5>6nrW7=yCJ>oL
z-Hf?`xGO&k=H6#5Fn@+fJFlZq9Gi=N?X)^W%m?*`(!GS%_@*Eo&wLXX3!p!-EF!gO
z{KQM_#AX@=W_zQQX>J?C)Urh8Cq$C2`cwC;kQZa+tU<yeN_|o5I-ph16v5~awotS6
z;TNq?+v3F=I}$h{cci|J?YTZJiB&!3)5ChiN12;XD#r;WnzQ2>)6-FX*P;aH?%)oH
zrfO5So?4g5po{%N+(>$-r>9@EsKlYeZ0VOF+;o>Sh8W9QYa1A#V70Mza@)1G>zOtC
z#Sph_DuNxKc}Rll)M=rq$wj6AMkQN*CepPz&(f35>XwE~x$(lrr1vV`$|@p*gnW+z
z+e!*t63yz3hWw$pwCKS#SC_ea+-lq@Ou@p`Ise40Kp}TMHXHVByH!#!#;YdP1e~8&
z{A^;TDK*8fi;`FDnnN6yc@YObsv`(wz<dbQRb$F`k0o}K*N)EN(v{XtqUR~@f4H34
zIKXqx;AS_7iLR@u8sy<~hI35Ltx&<f1Kzc6iSp^Zo_43VsK`7)X(Daqq^bDo46xmP
zOL@~R$zdQD_CG^)jG8d4ef243lt|kQx}L!7StWkN#w>3B2;>Ca$IdPKCJgrL<TS^a
z6oQ15d34O@xtgl_K#2OU!T5KpaZV_1A_?!XV~@C`2l%X%^V(PDe`?vEglNpH9zogd
zFfRyF-E|ZnZl;uDNzWd(C->N%+o;8yA7*ErJR;?J)wS}5c5I)>IC0nhhoolG8DLL2
z{!vMe&@S=@csGTwKz(@g6_Y-TAFfisMQ<P16w!0qozoQ*GxU&E&f&I7rlCk4a3*hB
z$4fmg1%oH8=q@|IaKpi~2B&-|MNL3b#O~pGXdCE5LF^4x+3kL7w*@|Zj355f=-1<_
z!}W)-7vK4w78uJUD?gzk9k3uG3$M$eP;_*vl88XcWhJ@A5r%wTihJ*PFejW&?efDf
zqpo)TU+j4(p3-T9I(>2zxN4C<F(l)qme0xV2zNk1Vl!#u;w8&Tav9IgbalWtZ<lbz
zv@Vh7@-aJ%2tV-bg1hE|hsRx{T{$S_AuGRs^{t*3n8~l>P<7NTA8KnM0u-#KsP#eb
z3)hI$MJp(`5Jq{(pbTZGWLg6r6y2i5P{m^Ui5}g2s=>V@CLhZ07&Cc5(@Pm`Rvh3W
z_dk;?UXd+vCr3f{i~gHlR>xefr)z-|Y2sU_WQaRmRYfb5LG=4wo34m8qE_&UShN?z
z*}f&GP&^;drMVNNEQp3;73M6q_1B3?r>D14a*PmtE_lO|le+uPKNH2iy^!`$OLK&Y
z8(KeDG4q=&A>#&GO*Y$Sz%#OArD2p@34~U|U6qStvSAUnUr~pk1nY|RLGn%;ni+W8
zKO|`ZJnZd;|MkyQA^^V^LD*%U!}A`<XrF@+qN%FRkAv-cZmUb2dZI647OyZ+aDJjt
z#M<zcO0!$Q^?5wr`#vX0-hGv*$88gQ^(COX0NEN7zKxfJbi#09({f3*x1NfWX3K2I
zh^k2lEFdUNzzsPD|3))=)O@k#<U>(h4ow;Oj5%Xe{iI-}zjkKw9ggin2lKqx-<4;!
z#_u5|^pQ`^VrmHHo_J?%a4k|mj^+g!RK9oyvrsfQwV<W<{G!WQiFH7>@%HR4ycCCX
zmQvt!HhzrT`#i-Ln#b<pwW-srJ1wQusLCLHLgu}TzO;fs4+0^0<}T9cICt_ppzA))
zT0x*59thi=CBt#+=g$~9+jH7lzeZsdI!+^@mqO{PlU${I6WqgcC>H;Yi8Hc^@ndXs
zo><E=ea`pCUo0=ESwWPy`wyIktEFHhys~2q(F6B-5BxBb2>#1qN`3#&@D&-0UB?yb
zs$iDad*ps|$VSM253dfnW>7Z;=ni-)g`8e+f1t4W_%t`d#TgW*((1-rO05=zVC+}W
zUBx7xtO^$y>MV6!hht3OI7+<oj?!G#gPKYPJI>0fldF~NYyKa8{ovBRQ3P;TbLd@X
znUw!j>D9{7&Xl8=b8&Ovz)7Ik;r*}m^b*2;dHd@+#nZRgcUHM8ThfaMT5#_QSsR-V
zjqWz{_*r<2C}c@tB(b*`G11YF!iSP+l1ZA)f(`dR5iHMT@=qd^(%|iiL}372E6^>_
zB&z%cP%cY)q=p%NfNL}!jKu9mtUso?%)VsP3>3O#K_iVcYKc)Jx)a;%s1n|NrBC2}
zc+y$!#edv4fqDM0+AYP=G0**{|4D&>{I{=!*pWR^OXI!=s_Z3CFYd*V0<JX|zY9t$
z|5cYw)BJ&jJrb6#N~aYilxWTv!X+J;_(JJ&&H33_IqD1RD61$b+!b}n^&7k6t&>{i
zo*5~F+297j@)fx%kU{y6#j&VHgI^7vVg(AeFIR0+1EDj|uJRb;u6dYh+yHs0kh+qE
z|3nU-nd$JxzUOxI#LGxS-#6JJ-%i}|=Zczm(iD!mvKdcbm<WQ`Kr?=Q`T;swE$AbZ
zbXQ1QHk6nY6-eD`;4ix3e>a@$zjzdK>Fo7->!uKjIv6?7?G>^4UG3(95<~4pg=O0_
zibKoojBQYy0cMzHterhLSZgp*yEZnNjrV5yyhdx|CGZ7#Iq9y~!(vDR1!;Gin7@@9
z8YfJ#&3+`>q=b1<yR=)_fV|2;vK<gR`m<ZyfCeEBA%aUg-Xz<_Q0YS6>=G#$=KOS3
zuAF3XVEE2|HH&4690KV1*IBv0l#_}1>mB~f$vJVOCP~_Cnfr9D!i=4^tsSj$?pQ2H
zLlc*~hYFYuK6bPY#j#y1kdHFRU1&Sf{gZr4w|l<5y&hJ<GnMv9mg0#sQVV|F8Am2r
z7sf#eBUa;+1GKTRWX9-(wFX3*C09k4n5A9GjSQ4(JM<NSSJwsP3iWejTmH+vUQ!}H
zs2GOnK|%!3=UZ0j=w5#t+R=M2X1miBy9z7R_4_x~>z&MpC@7&zP^yHFN*$L*A_ro=
zvffapiHDRFQR3`D_O%|y6=es{Tm*J!cOh~`Zz`tfqx3XWG=ZDWSptF>?Md%cM=EGF
z*$#D($2}+6o&U(kSE$Yq0voqMK`LJ_aDw7(J9Ci7Eh%~nO4c_}=&zX@OGbc8&vHOk
z_Hq$Qwq#d)mDzY^YDmUc;<Lm>tC7G!jjz*;!u&PeNu+DIYqcaBno<i(4anz>unCJj
zV4D@psG_8xBw0Bp*6ReNNRYz2s)86>`P?hP`ENGc24$H@g|qsl09<?JMbO9ia}+sp
zQ6092=b}0_`9+Zg*n7-A%LLo>i>6Tn+L>2UF(BOUl^)+?I*?70Ft$eg^Q$4ryd=fw
zKh`MfUbWXyQ<IwbyM7@?uZKdy7Av!6HmN;$+WaqjJ0d*}3zD}7+<>8BVN&p0v()>%
zwDd3Y{a>nLJZ!oitoL$Ud#z;JQNGe>xzL-!wa0`yo3Q`N1wHS>U0n1eV*g@!yg=cG
zh54GFJm1@(1v;hFg${g>1l`6j;On7}baJ|hP$FePAC2N~EWl3`RFZGDKBVI^r$+d9
ztWGeI{0!XTt0+OlU6{LN41gv6%v6}ko?c-Ut;ZKu6^=EtgxvB)Nl?ZN!H<=AKW&z*
zn?%j;#j<^$dTT$I2#7vtnli6f{Z|NE>D^#Tx&AFk+%Gsgc5%-$SDyQ(Hu`YVivPxz
z-r^JPzku)@754T<R&S$gf0A8&Xv!bKi!Q<-f1!>2gC_?VgUcG{+h^-lTo|1gMmaSM
z5B>0($Blc{!wlmZ2WA|12GA=TURQhm?mN=0R>WsnJ`%zUbHYc4AgMp~R3I!sXDfj8
znK!-P?tV|Q{ZPG$P1e$39o1!{XGXx2QB>TS4NMZXUqL?<X`}QEveuLY)6Oth!}Ppj
zsvU`<-M2+Lwfm!idJFY>5>1Nfisx*u7Y^l8tmtmqqGn%*9ABVI;t+j#bli{kwMfBt
zDnAi(_j0UbpxsiGXZ(c_uoD?=fOq)Ci}-H!Y)-8gtca8KiOt0)@SjNawR8^!t+CCM
z>;}aAUe{I!W%CYp*F*Ev!`>br^pMFH4W-|I*NdY6^t=M6${u}KUbLRK?@J!gQRX<;
zW_4^pYR?>=(ENCY>dBWCj7~JwE5h#ZF)uxYM_yX`@E(I?MC@ME!Yxrb4NZC*`9pm_
zSWvmpR2u&QRv%0$x$yy?R9fDM#z<d{`6q6PC&{W+v@!CZqI@kT8nK(KZN5n)OYR!v
zB#5=)Zb#r}T|F%q7S`=XT1m_W9(<Wf0hy?M=3^y|EQN8BOob$9dpQ&u81;F*)E;R@
zDo<Qi*xxF5n!UFKB?89oK=T09=|E{$Lb{H4mVzKNBu{ynbkvLm6EOXxxVQudCrqCZ
z+8w~U;hT}bcA3%bL*IvoUG`G)a+Yt+eM-f{zWq0YBhwWvl*S3c7mo4YaJe$CZZ!i1
z&2>ME*f3$)BiDpYk%sW?Soe$~@4FW8DJi){4P2ZR5D@;9>I@X=EskFO)vx6K&HA>R
zK_2)^;Pn$wpAD4bFad^ErNAwhF2dbu$MVa3ztUzSPlqqkaQUx=QhY;kZ#Q!LCB0yU
zb(!9VU>jYhyTVRpm+iZhFF!6XHhpM@$YeEl<1%;}ByEpax7oyoUb2w^m@A|HK}wT$
z#-PFQ`B2gCl`}}R;c`$J@xf9pcGmkE?gDCf*xVa#rX$dlWDTG5PcCN#>6xeC$LE)m
z8v7#ZJJ8J3eQ_<jZ$x^tU3&&GJVp2Jzc*gI_(V+of2ZeuMB2Wv=45-(^HmX>C!@rU
zZOq}^81DZq6<3k4G!HoT^8?XNxg+)iUnMUqtGYK1y2HwUCJXbb9RY*A4`-|Cl=fTC
zKrfxdHPE~E!gj=(sc1;F5P1oZDo*q*Sl&tgx*kVb)D1PewE%T`cz9TeUHXU?CvuDK
zo}aiepCFU}L=EL4Gi((v6*&xUfVhLIbt~fxO8iMch_WQr+*a^kaZ$oh)R%ZtSdT-O
zg*F=e+c;=!gmp~@zGS`pkxIyxv{5~J)7=zaLkfQG)h%JX^yT*s*CKt#3feW-cY@41
z$yYiPkUaG6cQt8<ZC?F-+MD6PkSj_e;MT02uFE&2_6xsdGB#EY93$%hT%;An?3d7(
zkN~P6k4eif8Z?7)&l!<v?}@x&I+VTfa=-aQky^Vo%!4&Y8v-Bq0Tmf4&+mU-K)ohe
zpI~T8QfE3EQR>!lb({CxCzilVivSyRYIG6r>g;Do<y-jExVKsPJ#*)qM+)zCnKW$N
zHfuyQ7to-g3>gzBL%EV)?iz}xy7-immqs0RMq+2HjIp=56spYKeG<@PL9Lx+AU6DI
zdHe^DjKv%HWBO#Uy0{WY9%$4_yM@*jv<UMcPJKa!?sHFsvE)8$;rC3|h!44*@ujbN
zk>JgT;>d<Yq2Jg$DmEB%+!FGbBE0#iJOPG=;1R+_ahqM~Sn(1TEx|uzkO6MPWTq;2
zz1Mf>lDFVxklLm^aMP$Nisy8Jad2lbG;rDTa04VxtP8a^o}#NZqC&qQ3NI0DW%RkF
ztC8;I`N5>b+Bfp>K`V4YJ{qC7Lh_Ub96iYJ+Zk^u__PXH1)WaE7*|%lb*-U8#Fsk?
z2GXtk1_Kc)g4ERJ9jZitxssQTs{q!0LcgHt8(Q{<>pXvRhe6eX5}wcyHr?2&f1K&i
z{XIUz=a0$b<hFHE;)0Lh9cc8+O?jZ6;|tuO1dlyxLp4k8!b^E~5|EO8m>}~Jx47pR
z@sfQ>8M}qcZunmT&X}wwgtYcd7<{(*AV9xI-I?zM0*#tF6Q=EM^wVC8=*|kSeJGID
zO5Ekh!mu>ax=<5rGXvr)o<X62q^NkVRj1v2@>9>2^qRA*7J1AOdIlsyZ7k9m=G7~_
z$<u1SiXjJ_vy|-{>xfX{hC%dtg9>6bovXaDx7N)C!VC^K94>O_S%L9;x+BE*58I7h
zv_7^xG+TPi#5;r7VCew7H@-rM6gyA@D@RssAGf177OR4uBV{267Y&APiQ?Tff_E}c
zd*pJlA#E7bQ~lEoDThEYyOw=6?@cYNZa7Gbufsm~o<(+#`j`tpCuTd}Nac@~%|NDW
zT_lA>oNZ>J^khcq{LU3r9Qp@Ja!ofl#jeVFGjtEiM?LtC-fLi2SBSavNvb-TtG-r!
z!hvafKMGdZXt6QtE>~%L0?zrpgy|rjnF7LWS$lXR`+yi`_zq*cMyARB*JV*GcbT$K
zggg|Wfl_bm5OD~l?g64xJ_;_?=zrsGZeS8h>Zd$4dohfCe<lW2xkMypht%Qd-g$yZ
z!_IfvyRY|2k4Q73ZYQH>9w2AMia=6SDwTUqfG%@xF!8o`K|80VwArM9lwLIWa%xm8
zaYetuB!$%S8o`}Tulnd)yq!ER>I$9Fg}7NzY9S#|agF^oVKCvq+38h3z`FSPpunMa
zg1xb34I-s&c}q7w?)X)HGBa3nXleA{r9gYk_Ixgt1HvC7Z&PPSMUgGoQ8EF|!Ac0a
z00(LXoG*O}$ih$-OXrZg!y}pmIvfURjm7Ity(NSmdB|ESCy)^Dt`$kCbIyw2zLcZs
zX2mm2k7W*sQe`2LfG_LR2T9#GW!&2Mf`iIHejnU;s0S>{h%F!6DLEQgMw6Bozn9-~
z%eZC%^@*><lW7D}rYaxEo8R|N_E(9QCXyzb*Ir!oly8zOQX%6`R<iKN2_`RIKQ}C)
z3hw!DHjfeNObq`J%Ctfl=)T@_j|p>i%%;Et<qImxo+XpNGQ;LA0tvA)8C)sRv1t5e
z@4verr``n&@A(Xz*q9vSn!unyKp+610AK*%01yC>08jwX05AZs0B`{C00;nx07wAH
z04M;c0B8W{02lz609XLn05|}+0RI8t0pJ4=01yHY0T2U_0FVNZ0gwYw08j!@0Z;?b
z0MG)^0nh_505AeD0Wbrw0I&kE0k8vb0B{0u0dNEG0Pq6v0q_F|00;sI0SE(#0EhyJ
z0f+-g07wEz0Z0SL0LTK!0muU=04M?|0Vo5g0H^|}0jL9L0B8be0cZp00O$hf0q6r5
z02l%o0T=_A0GI-p0hj|=09XQ80aydr0Q>>41+W9K2XFvz1aJay25<pz1#km!2k-#!
z0{H&@{q+WXeE@s``~ds`0st(97c;KL(S_iqppeP`61YC%nzL){CO#s_33F9<6lmkF
z%azY($Kr(s>J6X>kVKbngys*i_-I?k7kr6iz4Lv`;b$T~zQG_?e4B<2t`l~O*DCf;
zAp5$eXngKHm*Z$&$lOqS@dv#aJ=w9l5oTr+fdsdDFZ>rHD1^H^29b-Q5^%lqD_gLN
zII-wNfQmT54HQPC6$Vko$jmu++AF4K=uIWML~I&a*C?&^FY3(V(=)?98B&GjU?2S7
z+i*_RdxKz6E%;8{iwU3TbtTw9fv@??X2Kqk1bgm3ooMeCA(^_Hq=>-wFZw=DPeO@=
zm|1cZ34@G|`IFdWR~NHfl4JBbo>zI|3b+&7`#Pv&Y{PMixv?OVY*M_qSHsG1s3Oz4
zS4ueVcIXRIkvYgi3_r2?#st8LHR-w^10^PD`d*_pALR?&GUd_KYK`|N4e~#2?R903
zuH|M}$OU{bx6qm3A3S<YqqEX>hAf85&fBvAw@x6YrC()n49A-_`cXcDr2iRK)j!~2
zj!kzNQEr8&H>`We(i^K6>Q-bM$-6%NwJJIusw3~FbFcqLzvgQudmkp$wAW;o%Kav9
zs>spr1KF?~v>9Jx_Rj|f#g6%P3khzHY^KM^umdz!Q_RV+I;<|G_v277ovVqs`42y$
zUnub9G#^mH)rU9!TuQ*wuiTbvUMdDf`~5PMa4I~0Ts2mxZMKy#5PP{gdrC7+-*J9=
zlM4J9sQ?bM)Jy1sYZ}TmT+R7Fx@*a~q7%%C{C0=fAVr*>;Y>BiayDWPB%#7>$MYb8
zej#9QXC;g^R5WXN1_s5JOk##v`B9$Q3tPm<q>S32POlZGqH|cw&^-0L<EgY_;83G!
zACM5|e$`3CVWUy4#J|9f+!oRo=dSDTzrqy%rCj%Bv(BvgMnzi*%laCk98sY>gf}~$
z8t$J6c&JzN^uKB0iq+eH<EggowR`MW4LLJj6jBJ^>6;X&5iT3$oqvVTeH0qffkE;P
zEn=jo#7IJS$v|$PusmF-mwv@vLfE@FyK7jOr~h|b4ns#eN&av1yG}=y0K}sFQ1lk|
zKhl-HoSL=H`dlT>9pZ+BiviNnZ9`d$`pW|~8LzQpMIfR6hISSCb(9H@f7Ca=>TlCZ
z97Qz=dezd}?n)0O%EV#{>nATYi9ba~+Fm7&zd@j!MLlqW{i1LiSbD-Noh<ILRGZHf
zmp%Mfsk0s0(MC2+*zZZRdMpCCtXFc@8u-X;<CAZSA+Z{a6?zFT#S(mZ$Xx+;qTOy8
zZ8R9OyT_zzJuCO)S_;B=*U4QIaUYqF$$W!@XGMaOLPaiPImAgmQG+{5LQB#qbH!tS
zq--WD{A?fxJ~%tk1pShl5J`nu0ypLyAfg+sEEVpWi|qnlY466NwbXAcM<L~Dod&%h
z$Ld3j;j&CzabnANYQ4fSqQalZG27J#rkf+@fKtW@X?8LS93%%NEWm%iSkB~;#G)_C
zo5u9}xu`mz14$^jkd764NK%;aei?tGi~LG~A^QqXUWtMpWs<~}8ap{1TSHF?m%_H!
z5|lSIMDCa&w0}$6j}IA8Os&?4RM<sbf)c*`YPOe&60IM8;Qn(|3pNu(@*Z^d>o1Xw
zS4p~=Ibt!4)uc5iHhJK*{`WG_5pJHg{inCy+4xwVl&wrD+TOA5#0G)t_g9^uc**EP
zx7TC+X&D4nn8>8MhxEJ`8h_NbkVA{IIBu8ZgU|J@uzKr18=6_f&Ln8uvSoe~a)ht%
zk~Dd&FldZmpL{1;)Wf#Ab98>8_Wk%Dn4l$pzaBYu#T7;D4H{Q*;fNO0wB7E_$sZ36
zk$C?NZZzaC9P9eVWl_Z4!8;Rz;2CzB#lowh(&_L47#=ZIV8W`n*yOCz`1+SIym>ZO
zT5(Zg$$Bp3Rt4|`P<DSu^})odh7|7-wz~7=B&j&Pblj^|+-mrs$>wh!B&)}$tstZs
zQYJI>t>GNQ<k{l!Mb=0x$G`no)9S}=!}{UheK|ltmtDZuL$s6U>p3$o1iODWvY<u`
z@-(NqTlu(KU!q}&3m~+jcoQ-Nlmn#H)|HdHen!|5e@8^@f57f##o4nr9$b?h>lx)%
ziPTE_&Vt#{$O`(P!-|ugpayO9RrSQ680WTeHy1@r>cX!pacJOKkbyeWO{b&kipt{s
zQsZaLj;1yLtR`JQP&=H}wbwO{`5;Z3qLcE;7X}wjTy=H9)|R)e4fTgV8S7bqe_%}T
zEG_#iw><Kc3;w;`DMF2c#c51vwI`bA8bw%a&M|@HyTCWqX-nNV>QZ|H4sB1eDylOz
zHK3WFqa8j$6#IMJTdjAamhLpDPypn5uo$V!!F)lFzLNs^+68l@ghMz?B)e}n^N5OA
z*PH_hk~uesfW@DHUrwGoV{U0FqF5*#bUVmpj-MCOA|SX})LQJBqAvm7Leg2-cevLO
zDp5FfkrXjdLb9IvAA=hP<!Yt=LK|;wwG%7`>Vml-<I?3%&G?#8d}e`g&4!v%MpEfa
zD==AH+@F2UCC#ANl5S5tJ5(+!zow0cHFMPG>fjaOqCK0kVS!R(Sc)E-Y}fU}i++6q
zvJ5HO0mg3{uTrIm`k!_LB{`cvm4;bHc!cX*H^bVfa?POjUL_j1Tc)a?JyJ+;NZgH9
z#;dxKnt6?ch2>)|*%8j_Gzde=_AWdQ!k>b*S-3FaJ|PL5;H?%X>rhqY!G6V80T@D7
zbmb!0HJO9&c-fjdd-g>*SQOI*rHn3ydbrtx#Rq60>e~8|Y{UpRMr(;o^TA#8%FvDO
z5S{GZbAVPgOgoBTFvPB=8b7`xdBQm95O#~;^FGOcg_=Q_-`BL#(_rahzWGrw79VBh
zMgJ1E3;rahMSwQE5y2yg59U^TawLf-y&y92F~YPVt4+A~ZMH<5uvt5fM_2|HKE*4p
z4@1A9^pYHq!ypAzN~(j%hJ`H=F7EZ|6`@zj*t*~SXM>H<A6y~|&7Z-QdB(aHVyAk}
zL-JgdM6zsv?Tx839H^I7oN#w)E(i2CFJt=M9Sn?l3263t<{-qjD&0?78xgLc+BLP8
zZWUbFRya!iR+QJRk?%wAK^Ya=X>rJ+Kpw)Q`yizYHr`&bru0yraqGzVV7VhgBZqn8
znoN7*nHDy<%1AuenlfDG->1ECiC62AW8j2s?vlnGb7e2Iy^!n{r=i(-9YZ{ZkObR9
zf#D@}_uApOhq7eHy_N`y>F&Fkth)3%FUBqZ-C>$`G_hv2F9iOP-~{71LmMQHu1+{G
zX_`Y<q@q5g8TyQ<iIbswW5|$x1TcdC#zrT!)y=_cBl;u4q4(T0*Nl-leAvz}M*s}G
zL_}+*wN3V)Zx_CGlX9&}1r{j}@#WjsY9Hq3<+riNu4;z;^BY5n{6kx<2aeAX4FaI8
zq?)I6#UrNHLHTKYUsEYEeJ7F<boSv(BLM*=Q_-CEB-eCMU9a#nrNN!k&z-@ctw9!J
zt5Dvl$Bqvw>k-2x4qM?&tT&EWGcvPp4$cDe(9iZMqJv9`@0M_w5spb&iZq|>Zmpj3
zpzS!_T?jv=8OQHChSm#5$n@b6BxG+|0hCJRM73I`$0+M(zR0NF`0ufZrj)=y2nHpM
ztaz^a8gG&}$W=b`BK<VDlPjs#@uLksTXE=9cj?nSDC|DUxs7S8FCw?27|7JJUI(vv
zN#gG|aP_Qz6K^+S%I7uKkZ}bHd)q!)1yBgmSMAofPBWVSZcFOpTus;8@JLs|hnpLG
zHacAxq8;pq#!CDDJZ{Yhbkv`bTp<g0=38s89H0*?3wn?CWFA?45R!Ennn!5jnl6)L
zXBV)k7qowG$SOa>vS%g26ASK7O&%nfXm+H6R@=uU^-JP3({Erj5WQ#5lO9W8?4lfW
zt!4=VCi1o84Km7zr+=9ciRh_t2O_oDLGoMj_$1P>x$zXSO#8XLD2tso4fw>E7U%yp
z=jy}EY5$Ta<w$`NiNYFs!Z6CSn3t*V+!V@H!72sj*CIezAg~wUw~MwUrVbk38^PUD
z=gaV0wU|}jp;OO|*Z#c;vm6c1=&+=d%nG74rfAC48-n+m=a}mwDivu+wBz97v8hbu
zOQ*bb=>h{~e65;9J*&!0%4%SmFMxY|x2w(CfN$@W4*fjuC&CPl;kiM;M9{Ml=MPyY
z*&-fv&8j0=-a?wzuq-iFBP3V}f_m=Qhi0|Oo}$$F7W&V>uR-E~xlX7j(yUm^@9~?0
zIW=GNZKfy?hX)z05<CunWyn5nmO{-pg53V5@yb#ab-IVd{(D~pc#eM;^P@6uG=1fb
z;H)@MrLdgq5<Yg^YQ{MZHscOeK5$=Scc*jO@6K#uT1J^a?s-cPuR$7tcKz-VrgE=n
zcH6LQ9D$Gilm4Ly3z%7-LHl0x&d-Y6+isd*wmo2Dpy}Ud{N1!yWpieyPh708`;V*>
zM~@7h!io79Xykb|4Gl0?Su-2qtLBe$<)XfJF*A1|&FzG`1j?I{ONqh}9FQab8%exS
zED3)pKSTOa>tau(n!D}uj*_edZK(96PTqW(#sJ;SE*mH;<9KQjR7<=rWC@4fP4W3+
zb_1IHQ#G2HV|3}bR%+Qik>NuU%lYS2D_t68Szx-6QUjl_0D%eJdg~ncFlua)7f$OY
zm!?RDov{1VQv&^~`i|XBTlz1q_MWOOJqpsY+px{n84{SaPkC89Xzv&5zvD=t|48+-
zhg)&V7avV=D&cNzV@g17!2Jr(!;$@cluCgKYcQ}V;-?Fm3wfg2N{1V=@{N;>@~=r%
z1$x3=qf{uAL82GbwB31EtGRzMlg2O=Hz32j!QO<DeBswL4JHRWnf!GYC}>khe<(D|
zYJq3|K|x*U2_-oCo;hqDri5h1Oq^y74#ov!gwyS`DiI2D9xWm2DGq~P`&neosD5~y
zaneNw2n4lUS0!lnEUa^wQDk4Gi18e-um_ta?Eu;M2O0T3>$4b!l(o1AnkL!O=m*<D
zQo+}{E!K4A-Z8sFJX<RdbOvgcY+lqwzE^#MM43*)8(yZ3BP>*+Y#q|JUWA?*5j#gI
zy4ZtzH3$C-K|TCv&r^+J_$Xt{BAjN7gk%ildKK0p64=9T(N%^OlUF<IIM%J2gI|i2
zVn$-IL6Y#iL}8Rj@s(bTs4`R0b*LXSIL28H!tu?(iMC8Vs<t`jf?&im&>SBBh<)%F
z_!Wt9&4#JVUlC-FZJsp=r&~MXPv8b^9D|+bFb>Pn7mv11^-*qaMBH!^NPrj)tFp9a
zX@A0)ykko}hbA!j8}f(YTw8(je4OtzxQF6vk3v~a{mPd~A%l|c$P$ULy$Y`ui73@^
z3GAf4&tt(H7y_A#!ZiU5GM`WZzJi?T;L2*kij@5lv9MOc<SsM8MgbRdEw%fL@dI0-
zs<-;Y1KY(hW2Wxfo|E)=QC<q`qsCWGUQC@a^5U>WnM5b53G%6<bMj>IxxUMsM&b4H
zKm}LKu4@VDMYzL)u;RYF8ROuwSfeZCX`}#gue}jt>GbyjHI^vO{IAkvVF(GQIz}*K
zurJ{4q_9YvZ(G%fHApfCrS{QTyS=u-)?9tXOr+bEgj7zc8l4yUzQ*k>GIr_V^=6LC
z#3H&`sH>PkSf6x}0ExKa=D&+T#<VGlxfgs@u4S$=HiYrT8xe~!9ammORAnA#n8%tg
zrZ?6MO80Mi#0pCX$oAE%I>ghm1PGMgpD?*ii1TqsDOyuoX!oZ>TRKOsPxoB)KJ-S*
z0}^`qVWbqu#Adm_Var=M#P_<JRry+txLuZHvKdWfd<$Yx%OK@d&`rc^HHAIRc$%=&
zvF78H<r?}q5#|@ke)aMMt|E<}Z8PrY!7^tZGBZW{LlbFf{LfLq!qjw`cd<XdroGpt
zWm(=*8`}Fn4oncV2TC1_6cbbqQr&~uTVv(7Bu7jMUu5=-c+)hvZFY?LQWb{fKADmz
zEH8_=O$}yhkZX&&S-t*Bb15r-nj0{HiLgSb)o`p*fXKaeMddg@zDqNMSa)k5cl8jw
zjFFmXQTU64!U;nXje)H^(S{`eg*nZWrlbE(7s#N7;``%n0@NL{zd*gq0}vFpTzG`P
zUpw)MM)81}B-bhQTrg|kgsCYvur8U{r%tZ@?z4HIciAYUyt!9tre{59RZOz*Pnt?#
zh@I~mK>A7^6TDqJIB>d#LwIC1F{+`S<;?dg>;~<T_1#?!8qSij`T4?V*!zID6aS6u
zk*$xCV0&n6_>MMs+gz6IRttluD(PSw1cm1<%o<A2!8KU(4r>ppVEmFUy$mRn##&)-
zixV-G+YPd~C#?xXG^@t(<_bnB$TroP2vxLL3iq3z`1j3WIS1_YbhVYO%k6vn37M-%
z0hNl76k0|iegp%J=9(9QSajGKXio2Quto0(jj0Z*hucLWU7#+EjDoGX;h8p_?Rtp8
zuOM99aGZPk*^Ii;W1{(^0omAU7Qdb^SH80w;o;NA83Pp@8+&Dit3$LyOmsTRU@fJS
zP$Xi$QO<Q|X5*(Y1FI=_{j6jl+Y7E#4(Kpu4ePgfQxe*WQxz-2h?j6m&e+$j`3k6q
zh2g!d2kk`EcE$WdT{=IcpFcGTG<vNRGtIUV4=t$_%;)Q*G)HVH+KM3VO5m9h#cSV^
zk}oOS@kC94`A%@E79iu$@cLF@Hrrv<Gv=~Zh_t(2lV#z!3bTH_88h+iNfy9t+Yg^n
zB=}Hc-2tmXz2#GJd=^oTREqKB6arJ6Z&dHKlpyo(6X4dgj^$OQGu=`Hr6BEK-cy=o
zK#*>fTK{*Ju0R<^GY(e4w3i>n{C5XtV@Br(0p_Cdn%{8(rWExVeYw!0H_Ks{lZAs#
zm@i{qH>w{PpUsE_<InTKUNU-AV}v4|`d|HqhhQ^J&S6E4j7417C9`4kBHEMUfuZnA
zJU{qo>*_<)w$mMx<6hvFjAqG9j!|gw>z2;jAr0w6?TIQV_tRGzdQ;sww!c*%<?0F$
zkrDUuw0XJeCO+bU;w(STF&CvWUbc(vNeX+eHPVnRH9#MsGVOwuPnE2710F1IetY?O
z-0=@0c@-hpZ1J)F`X7cOGE3C2sg!s*!6TChE8teu>trvY`EP&q?eBpCkfgV65UtYf
zHTe;y*^B?mXy3L&Tws_#es&i5nGunsQQbM>I<179+D1N;_Y~t9)MDQ)q)W~Igc>(b
zb)l^>vHFYa#p3Y*3C}~Ha!I5T3SWP%3jF$D&1n_6FtO!vN$$*FZ6brg?~y@1AVH62
z8(YCuD4}2V92|rUfHHLo&d~kZ`Ty*ors$dGAN!ZS=>9epYS>=I<Hv-|PYOMGX#3%Z
zg(9s)LDb=Wx*2!n!Ir+jSoeo?!;gHq=#`-1JG$XI>yZ`tD!yk-z5yqO8sX8|L96Pc
z3HHp^G1-)4(AzZT(8?Jt;rZ}H@^uKVCSQ^e@}UG;)NHmwfCHhiuP%+Jl;S|Wyg>3m
zrMnM)9oPU4(`#Kd&r2jNAHgqqJ%7^lJZJdqRyQ3pKy1@=W9G=K()C+A&)Iaw&7W;0
zP%2Ion&&D+kP(Q@o20}{JReJE9yF)t%pZWIg&zcx3=D(GS!Qt>-z*Rt$^m(=F8i~i
zQFe%q(-Q;v#fX4;nP;_fCd|3iTyQ-=ia8}u9?che*V9Fl_wAeAI{5N*-KlWCsWPb|
zA<#3!2u_lt+sAq{PevIP6x_gn_y1g|i$T}OEy{%hwNdU@hxSh7CL3*YlS7VblMj!Y
zeVL0smyq4k^yW~lEK;MOR4nLP5j_XwDZORJEsk+Mvd0?R5n{66RX$!ZC$Fse=uP|D
z>!rL_qD#nk_Ket$JgKW9Yk|RoeGzyy9tZW?6h*Pv>J8m&W%xdN8l875l#~Zo%W{|b
zg^VhMe2n{z@G*Hnsn*e7+tOc}tL}ZD6q|R#H;Hxi$`9WWZ`jl1r=<xNiU_DGXzvq&
zgg{fdV{WG`>(rILMKb_unkr#0>x4M6R1kYbX*qYV`Z|wPY6WFvhjjE;JvJz0N4ycH
zP1o^@#3CKL?ZM87RN&?b-KD6yEx&(Q;*|Qz44B0{1FP(?F5aoRnwpuY8`3FJ-|;s`
zO|c(zw2O~z6`$jP7G4Ged$}owJCgK&InVU=PMsoW#9aM?aw0jUbKmaC=j>p6X55b+
zX^}h?7%=w*FlO8JqlBu%`NEjlTfo%vr9nEw)(i3X{kmN`96V6iG`z2^MEmEliC>su
zjB8UD7b=?gUsoYx*nvEij4AsbaVAC87X8fJFq!59_dNr+K$HpTxZkQL({hi6oi3!S
zBXo73DTrf>s<&j`T&T!yQBJC3q%-aic=3}G*JF<{rf(QK)-D~gca{T~65@I%<6BJn
zdR(zz#U8UsG_!8ksyu!4of~KW^{t6%MSDPxr-N%vBw=n8h-NCHn7o(t_>9jX=qg_2
z$iE|w7?f|m#NAll&YY~V2^*ZcX5`Kty%GQ8YM7CX?MuE5vMOVlP-VJagQgVa+f(As
zX*IAVJv3CcHOot6|8`BJ%!OC0S;njF7{of6`u>tVzFf~IssGgO7=p%VRj1w3P<;=e
zq#71iYr^5!K=RvtuL^f%l83n*tOES~yj?@`Z2uuB6#WAGuRi^ADvXmrVfpXH_sU%p
ztr(in3Bk<-zJ?YMvC8^+>InrOvEaQs#OA5R9T?drh9R+I-#KZ_kFQC2k9$3t&Njbx
zFehS~^2;3Q2}SMpQTDM}YOyNvbPB=U)TJ9SiEfq`7wP_b`HAk;QBjN`ap^Q$DsQu6
zZWgqn4$QMPU?2AgIDj+!UZ;*oF4(N1wNwns*$rV=4n{t6G3a=m_3vPv_bJG)7A8|=
zs;@QtMOg{4kqo-(PMf+GnUb?6<T>qVFE>h@OYjDf4ZcgT?pECWJu)q3?F=!!f3}cP
zpm?_euLCDr5EnG(va#LTlf<feO=uGdvO7fo`ZloS!V9|H7)+B-$r@J|-#h2+MWsV8
z>XD4L30~l*Ywn{f=;(wnv=Lwq?_dn(=MqRgcIczZWtB2_H;NJH6ri?hyEbRPwLFG8
z{1@#1U1BNzRqdg)fV%F4ttGSMVxR817%M^P;CGNElWhar%$Q)-yT~Luqwn+3hhc|h
zGR@u?%A*xROILI3qgWr;g!K37H|zH+FEdzPskuK~EP-F*>N8G5(U=ju7xadH>6v_o
zo-k_HG^m7DU!NHMq1M_q%kJkyeiTD5<YFLN#e<-!6G@LE6zKyZz#a3a1>5uoXjlMo
z$$*GSJ!W%#8`COmYG50h2i!egd2}IoS8$;l=R}Bn1axt|Bv)8DwIQW7i$Ptx<1>`x
z(}H17Iw*3+(DLsYgLNCetn!Gxqm9f4FUskatC_{Sh+5{zQHWHzW_d<6(bYPB&4&Ac
zh4Wv8q$314{MWnxWLEep<3;_zgr^foZ-=IAf1I7gu%|>s-2F369&i&pC4d4JPv%Cb
zPp6kTE$7b%Vq3xQ>NP~w%)&Xo+a(wOggC*+&`bVjt8J*vzKH3Em{R}F@BEPB^}<|x
zAdiQmc*+&3c4>k7KL9mA%D?_uFTV#iR=Jf^iWE*n_Q&@P;USnoYjwed&mHoWHn)bZ
z)5Z_C_j_o4J0^@5i|V?wSL19iRp3;j_epd#cxZ{Ri)?504;|7e5{~=sYGh(HAJLm8
z+QU`n!7NMas@22o;1Z1nu!2BCm-n}$-@X)}iUy7*4Cog7Qv;`8F0bo#dkMPHm6H<O
zQ4%7)yY&zAf-IZ!>#V2)I7PxHR8SkX4&f)zBhO`GZ{~E)uIEyWYX~1I1lg_+0Zn~u
zt++T5Nnu@Am5x0feR@xNxpNpTc>MuYfEK@Q8=u^soN)%UB)5|pkuxe(<&!k;<5YtK
zFq5<ca8;Thnp7Ox92iHS#U|?46n=gS^UKC=zfNvbwo1R62Xr#}2n;G(G8kMl9X8z1
zbD#kN<!bTA2N`}n<n{&~MOlV8+Jzu@^el$Xh#rff*HdBjsq5Lv=$V_pnvEsBl58VH
znLq=*%gLcMRhaaWyLA9S9%Z2W5$O>}MiM#ZOc$N~yrl79P3BHpoHqXrT7D-C<>$hy
z)-JELVlhm^Mh~5GnJ@up?Wwk~vU;1+BR4;ML$ybE!sdJ4Ryx=*d-d&^D^D~J+gpNr
ziGY>X(4Mj`$G7NVHF#&z`7@DgSUp^$9sEgM+m-DmvCVwy8vgv(XOeo!u2;lwZb^aY
z)w{qIGm{d8Rr#G4S&K0SC=Zy%YKC_HG@Ro~HXk8WAH+Ay@W!46G*nq@pXsFoSrB|8
z7)>v0(sKZ>iUMv&2&(Ndl$T9%`~zg|i1~so%-UA|Ku2O(;h>>9yP`Mf=DHB?1F_VT
z;oE3~5=QKJn}$p)<(6gN6l{-Jiw4&drSJx?8m2-u%QqZxM=`G+zyj&!r-4H-G>}fl
zx&s`Jwcrd3Jo<duG4=8Xmh#%90dnU3RGwB2H15K@mZcC~A*Zlby%QtrwB-QE;6cq2
zF2M!t7m8tgHHasKKkX=d$7%87sw&i4mFIozm}&$ZMhIrNEij8%e2=2z^B;ckEeQhr
zL!Ch_iqbLVN$k>`tWOgKfWUo)o|~vMCC-1GP2#ystAQ$G!^1x7D4o+RAFV+6J6d@^
zPs$n@#J3g8{J{MDIF4lFEbcgYw-cIcEj9=BGE<cb?DDeZ8E|~JOw4Lpn`>am8-__s
z#0X+nT)qBxtkw33)F*%!MXDb`^#1m=&&WoMFJ9`uS7s0(;iIxkZ~<KpMJyy%b)dtg
z&5p#2RQ0yaY7Bx;Fy~^5pBw#i3&t4lrM4s0OA3eSBBI^<XE<bnAD9{}IQ|5F$rTEB
zWHrL`x=NE)JT_5T|9)&!S+r((w{-4O=U9^CVw;~rZ)xAl>az2)eD$1BtR(Sqk>lvL
z+QB!A6o<UOBE65azl`Jx`~_hfx#r@##NunCq}-b<*AYvHQBmY^Mkg+;7Cb@JAy~^G
zo`gVt4*=U~Qj=g2^icTr!e+Q@i-Qd)kG6o;8`Y|2Hxp|8Lb#BK+=CUWF)->o3ygpG
zKIavO4-7Dl8v%b$`s`Aymc}elks=4wYQ3^7zhdJXTEsdmi1p%N)j+t|$1A#Mg8rNA
zp!?+v>43;-`^Of5u<IH<N%$yQ<{D;WfS&l2yQbf?sefKdx&ZP;5}s0udMIk#z;y+&
zl_oaOPqykh+Sct}Q{W55w9Ka8U_U@Z?minTho-<0$0kMR&0R#gjZz?kk9^=N0_3xh
z%0va2!(;yhzumF>070fxPOae-Skt3Gp2P;Ohz0MwmJG`woPtI3DyNN3;K%m|ZTQe4
zf%3=>e&;X$ox*J?@O5)C??32oTF<M%*7!G37_pPbiLpgLcO)+wRxYMqMHOLh6n7&Z
zXRTB7@sG4e^vd!R`@;s9^3JeRp1}EU%26CT<#vJ+`JqG%we;zjw$41-$L+Q;o>$Nr
zj0w^!_2vO*O~08T@)*1MyEuYfTZf@-hHmUe;4`A6n%Jzlhwdx+wIA$&bqc5vJ;7uG
zA7J&clm8!IBiZ|Mj?=!|m`VqXDf?5Xgku(cNC3}B?Yv10&JRY=R{rOdu2feTSGJKX
z@2}Lt^;M=sk*v`eb`&$uaE2Rq>xc0w9F1_8011mG99kcyADhd*0-*gDugDsq*Roh4
z$UIkvbty7PB5H69CW-I%biM02+D!thYuUst!L>E?gC9>?FNh{x-%CxYpDOJ6Xxm1I
ztWB{7NRM_wbWXp-NLyQs_`OlMOY=_6QI7!6*iNVC?}ke`CPtf@@#(Fzx*wu%<h+m}
z@!^f(<2@_Z@X$XJs1!=2bdKvy`*@xZ7%u1|0i9zsBB`^oP!dAx*=_G&?cS8i5rvK|
z3qe$pm81xwhG5WD)6L(+w!r7^o;iT7*=W0fx*nw(i9=S>odI^^3N>hw&uT4uJrfej
zoIS69PaQu$D58X%m1kd;YRW|;JHlm>Q(^1ad(;_wcz#BCVLh>c1|UTH@mU=$roPJL
z1oZyRNip{40aCl2dcAu_PW8SyeLw<hs^IL&U^M1+=Ei{;DS?$P5nxu*+ODQ$^={I=
zbL<u|TY9#5TL|T#3TO7j^^Y%?LDee&D$r%HxuwN98xgv`)Cz!vq)BWPT5z~uq}z7H
zEuE~oK{{9QobSP0J)zhrs)k)6`FkwDn_n1dlAfy{`Vvie|El~0cx=<*dB^K!w(U&;
zD@HZRl9(};29<4MC_W^4m$LSJ!m0SF*>wR6{J!Vav={pS>dw&ap-!^)orJeywueJc
zd|qHn@-pE7LfXLKShnJkofrgSe!FT@z{cMb<80B-AH=G~MCW7kC++SdwJ?DUq>XH;
zi{rG?TuR)cLTY>Db{Ufp0U!iO+wb8?mEy0S8w>W-Dj-K{II*;X_{>2_jbV}1vx1@j
z#$v-xw@RNsf~ytY%^P4-UeEmGA78&kv1T|+-4HU%t7v0R_Rgq6f}+<8<E&zeBbfSB
z<r?wfCFJsD1~ny<?_jhocS#hd09LMmz{6(!&$JGm{DH@mjPTg>v9d54ZeeS4cG2_Q
zYZQ2b1ua$5y5v{%-nz`#+#_xxx0ws_)P8)kq#680)oYSXZe7V)A(LegQ;pV!PjyHH
zJ&+ft;%5gL?J`w%kM;4<!H_*B@xDH|b9@p<^I-i7WvlOZ>slO!{^+}t-i}lRyn9*m
zL99k&@eXoG5eZSvAqdU}KZD(gh)CruP>;Tf!8{2;`3L{kp*;o{sIqN?LOx4uL&8I{
zXETv;2HTID6&162vXj|upvoFeopDv*BpyNnT-_`7J2(B2DWYa>k!uU?K^bq`z=DMI
zlme=aKQ^^F-cD*5g8tTD%~5+bx#v9>+Fnna+9)A*<k3uxNf*oUpjfH6gI}`+j#aK<
zeZ`r{QMJv+U*8UTv6D+`6%`+)CVguj%1i<sM!6;ATg|eQxiB1tNhgc5{tE4N{YcR;
zk#w%tg3c>24nyX7wN(xDlE1W8%~+2~c1-;k<+I;M+En?@k}#kE6p!@~W)is_dU(=9
zCm8>YX|jn#bWKBcx3*zrAAOp7f=I-EnhE{$8yBVA&MtY~2~YK+0>h2qdmNl5^?b4A
zstZ|dJ#3osZzHeQBDHCySHGt<)BcO|jA*a2ZEUbX&DMryF#PPR<ekUgZ{rSshf*dO
z>Hg;|uPRFwX~JZ4xi)4P&I&$k*j9Nw|0z96M#*F?L>7{efn!~Aq~)YGw2e5grTwVR
zf_gvEkqq>3TDlNRO91r^JgD&j3lL>g8ik!%7Fs2^9<Os#sl@`MxPJ3R*Ieajt)^P_
zVqrXn;>>d!0^P6FunMv9&`1?d(8y%yQhU`u*4v-ln#gk;=DDxf${;$EyHGA5HW2IA
zDilBsKkFQ%C;L5J&Vj^O2Si`EXLvkdsThQ$&oF5BF7ZRVE#1oF{Yfta9f+)s31~EO
z#ULL!UE9LU|N15wfO4blC5)Y^XVnDQ6NKrKZ<#J(;TcjWB`#|di?o7VRF0@9&ZDf>
zc+W_pc#&^%7*t0TP6dtLaTca&^f?xat!BrFFePgN{`T3FupxdZbFVBrngep7eC*oi
zs<WV!FJhZP{abJsD5GzpVEr1K^h|nc-&Nlb5($=;4pqWsuJ11sSaaD_R$WL?$pktW
zE&g|h;_sdOI=KOM^ZxLNsTuo46rG9t5)4jJTs^asi7OCaa%BT{)hV6$>dC?Xvd1rj
zM!8=P<l|l!u4T%IvxyZgpmSHq^}LsP7xN0^@k9PyS22`oGb%-xmM@;i@=~gM_s;w7
zSHc3Cq;QbzL&TQ;3K1p+0~%d@!>`%$uh$;-GixZ7QD-vV=;#7@6zng<UcY~5mG%~n
z!X?JN$#Tg<!UZvsH91Gz)<UR}cQWu+Y2r&le<n-iZ<Wl~<~%tyk-?zh&)M1{9^e8>
z41~O469&HyBSYTJ{}krzJPlQbzY0B}T!Xe?ZgNA~6_L<?HJn;9Z&zKm`JEpx^k4K>
z6>$%X*X5JJZ6Vv+Gv~n{K?!|X4Z03(*aGT7Bu-n7<4Bv2Je6MUO*-2yk`VE*&hf)c
zWC^A+>@Tpjj~O!uV5D<EM}%S;C)*Devg-s$1pl64_C%(w!TOe(BBJjs=d_UG(o=35
zdp<5a!#4uYJ=LCbk+3k#&0lO#%Y2)vrO?s>G&G!ufI)TONS?;m!1g!U0C6v(?>)S3
z6nkQvX!`MPBijn^3lM_z*&Na~b@75>V+cPPM)gMn_OsM6pJE`D)Bp-7=FuySge8fB
z)?dz8UjAU~)i<z6SwGN9w*Z=K>x>!zz>8Ioj@AY)eUD-a;Kr6iF$?7?G{Y|KU*J^(
znPN^NGiHS0hSg7L^h=e@CVv`=0Wx=NmHr0p{+{u*TYxu>NFYofJH+50Y`HHI@69z?
zdqrdQiOjHtHI1g}HrN5}q`$*AvCnX=2NlqVPFv9USw8Ct<;a+%Jk6b89p<b@4#zw#
zjYs^}-&gK`FVp3DmCl^7%ZR8@u1Y#4HQ@GFVGXI<A>b=(jdO{IpNt3wd3aRX2tCm=
z3O+WVY>|qZ#81l!jIdkINQJJ?-&EPfa!;V0JX)p}^uZ|S-Wqbu6D#!kL8gEqjl;6l
z@w9E2D5K(l*gmqPwARWK0xOo}O$Rz2Rp{n|3fF-Oy>}|Ak8yX2o6DRF*d7Os#08GL
z(W{f^*XAGctD1RfJaSw#)Q<K=Pb_2Jd)8e3ws8e<)cTk81D7yjP?}=)24jS#&el*m
z`LpvR&RXj;gCf*?Px`$v{~s#MeH2}N!XZdHuh@|TAJOgb0qI_gL`ks&jcky#X8(Jy
z+$Kilvmafe|Iu5>COF4B88pkS1lm6Z``FsyJMpVuIR4h-OQriG5~17B<rNxVP>Sgs
zN39b|7oGYDm-s@dgM*7`eqyK#4AF8aE4F|;d`Z6(&=IYd^d@GECz#w_T7V=TkwKS=
zgVd!Hg}qUbu*r`&);H1Iou-Mz=yC80M|m7QvWHd7A5HJ#3AZlH4Coh=E?K*JJ0qKW
z%|RNA3zeuBsSt)(Q0Mf1aWg{NE>8jZbRsGRnLCj-VAID&TnOnfV@=5=#;h}op=GhF
z^qWSSSyN9vFC_OTz@AG}5*K*uP?8bG7Gi9G@oQ_wQ=#TGhOTm_S~kRNPZUCJT*qUs
z2_I-9y`NyzUawha8vLy>!HH9Hc@bD%ez3F~Jso4IxYx8Ranu9jL<vd*#n>ta(K~CF
zx_zSqh}UnMytc*=Yx&Fm|5e#?9l=qGl*WI6=x)U^z%-S<$fDDdd#{}0e@yH0kDl}n
z`0OnS$|{{D0Bm`!^oQ@I6D!5Vx$7~1!TX}C*|(H?v!7T~UzRLmjYmmfO4wx41G7{H
z4O^Kx$;^7-PVegARt~}&u`vCpE^*3}foSTRJF?r6L^`TldpOn)E=Xda$!U=ejb}D|
zP--pO{ic&%P9uT|pWwE0)oD$18D99$#g<YVsw#*;G;^Mtl|W@jfo_|-*$JR_4xCgt
zcEA>nT`0L1sXUpCmxX!R`?B5Gn1OBWR(AZ2*_t!HuPjB*uCHTQiu13gr`VA7u;3V#
z<RE+_D|}&!am~OCQ~D(L_~`zw*7v02b&IyVb5WUZW@GyYI`F?x{Uv!R-=@G#8{bE+
zeif~eoLU_YRxuLY#0i~&4K8e*eHv0pK~_gw(eYY{BE5O|0^AtMm9N2%16{;1yJEDc
zp1bHNh>Sxk9?qrkaCyMOmvYc^l&92{$`P_E9aj|wcWiu=afZAT`A_|3`TGJlr+u-T
zs3*H`&!9M6EM8`Ss(HM(=iWCjh(lSgacyq3Zi!=E&F>of{gRI7SSFah6V_u10zec{
zigkwj2i4TFx)xVmGkUR6!apz!O<0KaauEptY(*jT9hyNC@_p)C9E7a*w~;;eVL*e%
z{y}e0z4xPTJx`E71-s^y*$}`Pci1^~MicO~x(p@S)|&rDdoko|Xj$RA$k8`3A!X#l
zA^WIOYo<dPL_)qAi!)|yOzW##08g@EO@EPGWRtD5uJKN@$!yuUai+g=UVvIb*iIMP
zaRMTg7>v-D3td*NqibPViKMAT)=sSV4C&_2LmR`O+r8R-;=|4>8zO!*3EoWF5)N)?
z|MBK6PSaHL;cA6YSCEZHM&w4tU3m|>c;pW)yXub8Fq^YROkniJ6V3(Lj{Bb)a1aW*
zdVN#k25#um^At^?fDj~rWP0}$@^(crarKHBqcYTc3MtMv<J4!H;Szg=jI`M9?>L|f
zV3@yp-fq~7i;NS_zvF*rq09y(LJ~GfMOzexLZPUJ+O2yV_Tz&^Yh6*q1=nSJoO|E!
zj&YufQPIZWSVi=BxoH?v%Ft)H_P{VN4;gqWX_0Tf?!q^o1H#$TN^V7`A^@KXLk6nT
zJq>CaDi0d@zx`4VZto{}>mbFRQ~2HmImB@0Uc_a4fRsD1*bTIkkl!J-g@^pX%zR%<
zymvd$)>A3Eq*iUH#o*?Ox#$)b^^SgG6;q%Za}aU875jpwV6Fz{6uMqQ<MJpSw;M~R
zMFxM?a6PPxR04(hHj!5n94MsPooX-_azJy$sf^p>@z)2vr6{ElbRpL{CT+>ogHm3_
zDPfy07m+^Fi~vfK%}Z8jt;@_zPbUecw@V`s(w@g1>QE1tUI!7n0GDBmb<}8Tbo$a)
zcSCVq<RmR^uPQzrJ0Z;GsXEd}Y2K7BD-ni@!w9$LsyyQ;LY$P|1rC{8htKH<f{Rox
zaz}}h32|Ryv+VdQib|2lT=uz8$9~^^+@ILc?hx9{g&@kml8UX91eGLMzQq_Er&6#^
zm}+NLQo$mArrE{M`}vYT?Ddpi9eOaU!4e;45R<A*v5<DdAHW6npSK|hZE4~b)}^M{
z>tFj3!}w+w6eDvM)d(J<(Yc4ZY<mFm+p5FAazy!*q&>j6eDPzl+olrH2Y*DKbG127
zrDof%g4AnPiMpb+F<YhAP8_)AvcKXq5i1NU&<bGCda~SbU2D3SoS}uwg9aE-;bWOH
zyCy~#V}(-_11U1vMTKEvZX)PzyFNX0)VU)6!#11nC-9kO(6CskdewgOi=(Q_BuMBC
zGz#EDloW5pl?N%v1zYeRd5q1sx-YBie^nmIIQYq-Vkd<IhxMsKGa}nXB5ES}1MiK`
z!vKhGL;dcqQ2;uokt3U^HGtQcsB^ffl(Cxi>st;V>o5tAz(qEt^Vag`Szxszy(v{%
zYC{qNx}3tHlh=UR*O_myXxGB%sa=5xzm}a2o0+RPCb>yl7epx=<$ae<M@hrWTlfVv
zRK8;2*EsD@Xc-<Ds~stQ(hfy9ULk!6*ZuAE0p4xVXc})8Y+uLcM5#boaUsQxdVe>4
zWGw~aPBtrf*X3i~zscLeiOm~g2TfMx0yDE$|Ng2^W-Qr%k$4bsXC*%tdEveEqC_%u
z&Ou)Syi~|-@D!?$y8Xg4=`}$jQiYeWrt6)Uz5xeqZ2e*Yl=T0!;)cpB{pZ>s!AZob
zA*M4JCjPc~j~^;lX@WS296OUf5FWlo<B*)hF_G_V3nne6lg)7-dpGGl{_;=7?+97J
zp0}0TRe6$X-VFZ<?ttSj_>46i+lCTfB4#2QH7!P(j95zx>~VJzSBKZU?a5C9!-wOr
zLYJhalwShinMTt{Veqn3W`(PrqJR3!^lFVLpr!{H(=w+0LM>cGcr}q;@e2hRXr(RE
zEG^%}g;dlQMHg@{)3F<Uu(jByu^lKX%IT$FPFQ;YSsEyS5{4+>)hG8JCX6h6eu_S^
zrZ}BSThZMT^{kQr@ltz`{M*A-%=_CPEvZw2$=8Z5AnO-ha(HDfwmN)J`)GFk4<}Iv
z3={_aS>ssOy7JD6wW<BwV=RSlg8`8a7O`zE$bIhz&|7o;pH>(?kv*VzyWiP2Dl$ks
z0GYVm@pzozgK)uBAkLhzkZVZ4%3VeLx~iWL#1i!4IPz#Bq%os@#&>Dmp)Y;n%@wu#
zP%xHV&XJRWKf5(&l{6|%$YrOpwbP)F!~045<tKe0^e{-PVRhT<v-E;H{{Zn4J0F<>
z&P&V`Ez~n*B#H}fdrj>nRA3_Sw?J&VScV1AE3j2jjWAFo_@LhiV353iDXAiH-lvJB
zReHfTx+2YC(AfFmV65p(L<V|bqd%zh1!Bx<x3?Ih#~(Ak=^&L<)5Ww-|J;rC>(HGk
z<Tg7W-G|syz7Y55oNQ~g_n+&H6EABOC`uIIIKn4vc!is$^4RgwHkT&TlXc@~LNpYw
z=!{ee;nvpPT2d!zeV}Ry{A1pn-qW2l5hFZMvt*yjc-=e9@Aq3L1}KW1_|VeKrp*dn
zGTkBa-rZ8LPHLDH)utM|nc%vT*fLWQ(wc?<g9f_SqAWk`M;qXcoY)d40agBZH8Q>A
z8FMsmHfe>7&&Wfc0HsnQP2`aY&PGGV&?&5aRl|ed8{6c}sF=&{w;`wY9xuFcKpWzz
zw{xF**c=2gQ2=*A28E^OReTr8cK(1o<$uYPy$a-IZ(a{Ucsf%oR{sJof+7QSw4!Z&
z<v;pTcw$K=Gro^|w$&=HuQ6$KN6O%yJ1#_H&))4WKKwHWbhchu5~m2kZR8=Y<}3Pb
zQ0@4sIL7oM4Wjn$9kGb?wG(hx*)W`@%DdkXAR(UIL?!2q$-X#PjPDeG2eg&qxlCv_
zrhRvz<7NmAo~WUkBoBMnSYvUej$QPPC+_cN5!am(a+^vmF8hO}w_ptjbqK!7aI2u;
zV7?eQ#_j8?wp6}0q|)`ysyWFG!=3>S)YeHG?pd0YTK+}5-(q7t{h+J1#MEbckfbZ5
zgE0DGymMAd&igoanN=-36G<?-Nh?qJf_-Q8pfF@Se`n*^<RM@24EQy&%m<HCQRa~b
zMaV5uS{W4W7ZMO)*g@!%sla8jEkFlQRTY{sw1KCYp8u2o`CfzkN2jo-kKfzS6Ug!t
z)RIu5`*9S<BBw_o(dZdSvOxgvEf_RyX(XnPY7Gn*^}IqT)fI&`1uqaM)`5P3ym0-u
zC7{b#=%u@|ly?1nacc+h4MHLcMeyz{o$LQd43|GHiRRtFe#7Vx>ymbfYFZ}ulO32p
z0!0}&{ETJnY2{HU4Cj*~v=;SYCffgB@F=iI&+zdiRig9VDYNIhxh|=x=;hG*Kdr)0
zcR~AovXJpOj>u5t5v3w-m-#x3pw6VuO(o0cb)#5M{s~GV!u+H{i#$+KYj7?cuzNC}
ziZ$?-zvnQBkziSqsjGme9McHkVED_trwY+S*$OxM8fkhThz`wf;6$17b*j{BjopOx
z=)y>Ya-^m=gn?88RSCEo0&XE25>#jC5MR``1Sjz+OXAdt264snr!x!ULaOGmAk_v0
zq_Xz6V>#%aj*nLg6aHijHhQ`qFklbW&f2+_{=#705uO_sLuqXS|5h8U&R`efl$=~z
zBj5}~obzcR)c~zk_~Ltfm;?<`uzFbCJ(Vw5_8~n;V&A6zhB56N=32EJ7z9|NG$7Bf
zI#d0lDsQXcCBKb~n1orTTAKw!>@falfboBS;#v~S*QpXF@vRmh(LB=B-mXz;CAH?Z
zWC{R#e2f3}iCl}hFN~4D`#UR2qT#)xvGZha2UzjfHfE^@`@M$mC#Ks7r_=cCkw+XR
zeFg@^8QnTqO7j;I!969re~1-A=VeKD$cqMKC-v~XIUdjW8b3($5;K_c-xdoZIcF)-
z5WDm7+~`8pZ@YAyL{(`5@^BHL*`wp{epE{3002B+t;sezRpA5d*$O$I_x4>MEn}m}
zQ`mRlcDn#yuQgBHj0L^Z^Nzq%NZq|KuhvE#aK}K$9PIx<VLIT-xMOdI*Zn!p-)c@!
z!vshbaoe$Y;t{`(;1_x50*6&CIAKN`uabbKV$6M~^&#9U;_%GYw_J5^vpbW;%SY87
zA%I$eX#q)XzVME|KkJwMF&mfjEx$2;wK+(^q4zh|<tQde9TNeMSw@KnOhaaf%wR&r
z4=bWSV!niL79+<lAqBC6nX1o=OiF8H#j41BgZiw!i?so&XCnkCPg0>KV%I3W0Zj6F
zHgEEm^Tn&6lZqX8`)oVXGl(Y6pC;^9!S;Kgr}?~4W5n^A4$E1zZs=BDv%sSPJWG0O
zjY*>PK$Gv+VJs+?Lar*|rJk*r_b4Q?V0RI>$J=uI1TafUk0m&%E#?k8ArVeESQC6H
zS!>I!##M&Glq{x*H~uo)7hm_?eJIhd0aMQ<Ng299u4tKFh@k#sJ8lNhp^5@G*KIy6
z5%&O>2%x9pB&W%=grS6CFezR?h%eix0FNBWFlB|o;$sO=y|kal-C0{i_tB|#j$;Kn
z*UpeNP)o8%uhonnBKwInPzE~+aD6av?y%4=&h@DfC%#i^kd=OSe1b8BM>yoeEP>Ub
zYL47#=PvY>kZH?l0qihck&x0Ql&^)y@!Qc8ngKt5YK=8iL7A?Yu~^1&G!<6wDyvO3
zBlgmtjM43xDF^Foh>7;p%cC4|hKA`@35xJ<c9t>SA`!cz$|`Ni4gzVcROY+r2jh6?
z8Of?V9BR`@H2Vyg^%@OP3l+4k2S|<!XzMiseCL@k)HRH+uA5UFf6DLEgA?u@I$}+2
zo|OKbQ?uj05I8DyX1IfQE+a+@)%WC13;o3T4ig`GI^J!fV~@r>HpO}MG}N}qM=Sa&
zgpp7zK$?AGOXbU*gBF6++O2BY2EIl7VLJ7t^XjBq=HrH0J&t6JGecAdcwW$*b;$;n
z#9|sww$SuCuA|1SJCStki4Gbo;lmI~c^|2Hc6k!j$YUf8Xi;u$hwH>Ci2oq6qj!@Z
zPZlHGj2sRKyr!fX9W_2Pb7q+qi6QLN;rEGv!c_2qM<bo*>W3x=9wmo2vIH5bP0@9(
z7UY$^d8bzmLuo8C=)g2Y3nLaAwd#9G8>^Sef_HZEzTh}6_Q|aDbExL^2G4|=7??sv
zfB-N1C6o^{2id&0Q5BfXP!FJ``$ArxuKmLTg_IghErcI+D{NNssWgqGx%KoI9l0`-
zaP*iUMcRY58lH8Lgu#O1)H>25dMTwxkm25Ipc*vssn?=lA#>J)So>s`0W*F+--esd
z77RKW|I;Pn>PAj26FDOm2KxC48Kv%~8i{aE4L*iSe0ZO9u%1=YA3FSewCn7>F>rXI
z!?;RW?d~A0D6|Yu7r|9Ga9LHS@t;e*Iu6gts=~>i2#;Io67x>E5mWhdP;Mc=&~F0u
zeEuiLIV$Z0O1{mT(A{G-;64Sgm~nW`bdctTqiO&AKp+nkL^new4G~b3-K3cTK1j#i
z<t-oN+0K}?3vWiG98Z$zy8F5q_mhn?Lt)OJHTgP;T6gcG6>Tg>6+Bnhrc!SU5=tvo
zxU0nb*d?<G?R(gu+Ik4h2Np89u&3X1=~iV2@(`AXU}&P^SE^2`aa%lHtK-+V^a=8d
zuWe`u_{)=@-#{Hf0&9PxQ7cptsg$}CVt!iH&oGi0>pc1IZRAr_R*0!*EXfC7vpiL7
zgftS1|IhfJPoB1WY9=_;Hoc@=B2Qhre#^(6wb!YmPl+Y`1y{Fz$I&jakaLC)PzV`N
z%Q&aXVwn2oV|`rRDfqFdenFur6!Kr08Xxl5DZQ;tS&_x&eFG6KiY&}rpd&AAkJifv
zkT*m2t4gV=KBDSSbeP27-VI8e;y9c#LOp!5*A%`X-6v?Z&F)Zx)>GE5>$!)RzjTgj
zg(rxU+{vjap$qHeXo7aJ#v+A{!lz^n;JIiTozgSk6C!xWROXOCX`7^nOeK=DN`i+8
zg};5;+z>5a@_>UQ{>rP|Pi_Fup@147y<OD-Wk*zVG!{?h*!&Wd$!i)MXESWu-+?i5
z_1fcq%u`QnLwE^F4AVRK!|MZiit6IR%M+p~A2@YNGP4vdSYwrRUf?v|>QbeD)gkx-
zt`J-$GX@C2?D@UkPoptK-HDUvGtJ}Z9NScoDAtG}!^b!IL(9U?ThnY7F&ut#<|~9o
zj2eE|A#r-np=;j0KauD4*4E*JT5s^T_GlL7bD1aX@zr5c+miVG6$)AB?eqV)@XzYq
zVFk?aS1*eO_W;6}lM>U}k3bzUvB^YeqUae#84o!KYizn;N4UrN^7i;JP5nNs0xyZ_
zs?W>Dtr!N#IAG?zq+iM?egJL0q|yqldjbrytTY7=`#Ovvi7T}!aQ5iZb#NJp`sOg&
zR69ReIh>ROMcyc~(C`mf#szbgj0kr=#c^7gpKRDMYtT)^;^(Vb$7auimY^b8WKfA`
z;U~e~kI~<$1xLI$Ya8{l%#<dhI{~>#S@fG1gy!H)7`<G5;kmv{QK@Srvzh@J>s|ip
zxQ7k`KIpb>)OW_vcDyvI-)-;G>PCZ<5iRWU^)BDQUFR-KQ-y#s?V!agocpNe;=wnf
z!<KAnt#%{Bz%AWr3qA-{{*T!T0=&IJ{O}Mmhl2p5nu@xYp}oe>9nxJ>f^DC&v267@
zP5fc47@ei(p;ZsTB}z)qPkT5eSHT+~w;`NQMgt*>_CvSJ@BxU;3qk{4sm*^_a)<Px
zyB)L3algk7ic%bDzWUArbJk3}rjl`BQn*#>UxQ%d;#o0GypVVL1M8>YhkMPDEsCor
z<4P~hS@bSxI6&eDmt68M$rIBP;&-^VKsgmYu(<x~Sjrq@%${}=w5^Qz_M6DvWwRxF
znQ78QF&XFy25o@!s9DP^LM6GlhRXARrCYF0jNXOEJ1B4Q>mCN8KAjka3l?P`!mx&q
zjdUZt_Q$REhhGcVk5@)b15qq#`zA?|pf5_Tp5z|f`{zZqwbQRU42tX6r^~HndHI9s
z7O7ib6<1&OqNb7|Aewj&gbVNX&C!J23!?uG^(Lu5R!yv^RSkSXLyxY~HP=3z!o(96
z2ZQ@)+NC5u!D1UP={AVF&gu*ihQc6?F1fK@xs&ZmLYD>mGC!h;DdbmG>262nqKu}V
z5<)Z1<uZl?DqIVkT_jWQ4NV_5;FbhkEYcuTJJgy^n2_LivZ{1Zzl$`<B}9@4_#YKC
z(umP#O(1?C$x6!SpsR^Ygn9Zm3_8{ZD3Fw7CnPJQ4`J5M+To8;V`jP|+*KElPO&Yd
z>?r``eHt(+w1f*Ay5pSVnV5{QUg^IaRAq5~%YLz`0Q9W|%<L6^4&mA+J0pG~243%2
zpcvqEU3vu~@Nihg;67s5tIN)DCES`hOTjCa?%~NMaf|gYk>_uotDbSf4)b(sXcX|P
z-wek->o?{ahwf!@4{#0DHd5iQ7B`iVJHy2U)|EhHE<tQfkz_~}=sTPxgeGsaU!v_c
ztv<}o#?jHfVw|LI$P>EJCc1vlvIv>>y-@0;t$D~nSBb6+gbrZ0)+zE_!xRd(tasT5
z3w<MbDx@6tMhm5F(GP$7u%qHUkqrvEZn3C10Fl&KFrq+zh5V~$%GHMN?sqcY(JFwA
z4_Dnn!o5xh9*jy~=_QffnQp$oXLe-bx^y*`FniNzO2yKPIDAD+z&#<&Rd@2M>n7cf
z)gNyp_c?DzQpxhW_F*^Ugog4+NOvudfF_zYzBD;d`}$7<UW|t`FQ1Cy(`K;{!ejv~
zpn`q%KG<XlJql_5Agk=W>9Q5fPJ(UsbcW%SY7B#;(?qI(j%84ojit+Xe466mYv-)-
z#Q*3m`$J`MIYN9K8hALV4aO$}ImKVOq}OlI3~2clrBV#jqd<Fb<%=koIkux1#!pyl
z(de@|q{@rG4wp6rW%IH;O2Vosnff&CeA0&)f)(TmpI>r_3qCsmo}`qsgU|}y2vEHB
z$66i(1^f~R*W{`;=$x<XB$#DYVwW8gVRSNPP7mFI;tI?W59IC3{=v|YGaa>ZW1y3L
z`YCX%r2#I23O=Z|MTFL_t9?kCDQ`v#nTBbt(HIJRO+rad>Umca*A}u%otQQ^THNX2
z|E6xH_7GCLI$#~G{`cGgsBU8?bzQ1wn-P?!ED;yHwPDAxHtl(z8#!);C*}n!a;PWa
zMC%|U*1hK@Rmu9t3i{>7uV576ijSnm(MycB*Gj$OiLFo{<aXFLYRWO78E5_0RXVPi
z22`V_)rM2JJnqIshfDe-TDuw$-l?8Ki`<DkvT41RI<Q1Y%Q!nus!N`3WxrXSAjyjg
z!y4fKwt0oQq%(YF%v_-n;q;d&Lb3yAo;rQ_4K7QhOn_u<+B_>TBFBoVmv*rX9vrYZ
zJ1D@u4uqN&NUp18RBa<(W?Qf*2j0p!JkUP$0I97i4RtrK^a6UrI@;-p#yUIuIpr;5
zB+PN}je|&dMY(JB0ZSfZ6h>dT+M>z5<oUWXMdf~pS9+T&hwVNfZH%VEJPI?~=|!{V
zf`-`;PydpEiN^>2eckj4xSj-;q%6J4A5~%-|6c5k_1&K2nYO7e6@F_Zd{AUEfm=}R
zFlBPzP}x~m>aG!)vr~)Qkd_5IP;}5h9kvf#P0GlhVdTI%SzX9Ff^)rs*UU%?Ix*fi
zyWt^8=4Ro19?ypDm^-XcalLqOwGZZzl|8X@BEF_iMN}N0zR-P;A7EZ8REj+}!tWb4
z>32SJb3}22m~fy!rFbA7e_5cN^|qF;v*t%_AqP#ixBxf0EDF>iVNbz<*GUrqsRjc0
zp>gkRu-YHXO=$H#U~;vzmWAD$@hf3Y7&x{8%cK1m+jafWaE<^0FeFA2^!qxH3=Ljo
z^6Ce%kQI5Yish8~Mxasi>`>01gz+H3`MR5y*nd~U`k+KL{cVqthsgGobD+i_K<2`>
zwgS5W<Lkzz9_aeemf7sbAXffCNb1|fAx?xPES>a<TF0;$XWjKmN}pVBwd>mBH*q}d
zFc~kOs>CDPB$Z>QPF=S7L2#UQf{UU>)_NBMWrWg(0EnvKit2*(;LX#kaG|kZ1(AKR
z?36+)66Z+$CH6MFcR`^2Q+E{7<FY5a_|Zv3ur%SLsAl>W10&NLnxj;jfmuQu&3kmp
zzCOqxlW~7P@S9$l=mPH5*^qfq(RaIB#%{i)b71*oHwoH(s(X(VB=?e~T1@LQWKdqz
z!ZYvq$po+{pm8T;%t~_R$ndP4DBTRXr1~)LYgEN^6c*?K08vUJ9Wr`Ld2?bKF5*uW
zv4mQ&ldhG7#vVuH%|8w2M5p>SC9G@>W<IsG<tRdtG00<^^jtrk@pO1tSBQPJtUMFG
zUU7X*+UspRcU$(SWAS26&oP^Pzx$xpsj@77_i~!<YdG4kf^0hq&j9fwa_r6q*QTsa
z(CHbwoKiG7pS<o3t9`))E-9bt^*Wiin@o7Q^w`Zs^{q1Cv^(KpV+*&0)EIV8`{=DH
z`ZU`3yV-i9c4>U^f0-CVPq#J)VO|0DUMQP}q{B_$aU#^pxW7w|_8i`NSo6(V_eW-J
zf=%;^^F(I&n)rZeabYcIJDj_AFe_}1D~2UW{em(dMyyUW&w?h}XQK>nG>4a1(Cgc*
zu>syD;bWU*oeE(Eka7|6zl)H`;#jLmW{YRbyoT~QctahuiHP+x*H*wKn*M$SujP_R
z#!p~AT3}O3zSqG^MeoOh@8S&hqp!=re^K|TFHy`HCKJg2$}`v93}@b+xe&zXrZfvN
zp_@=OL8aM0O7)6X+ZjEL8BrIf0pI-Ml=MZ;Jr1YD6MRvL<Vdx#w1^b@Yt^^=E;H2?
z>IL6}WzIa<Zsk+wY@UQ%Gh7uei}TOBf?E?)K9`y<g@VdcXCYL}mj|-%nWjcxgu+;j
zgc{TQ7u<g!lzoBJ3h0IMYgyz?A1!vTYoD*#SgI3fg(S}<lfAX5;ikImFl68lgsgm8
z&oqM)KA<y2$9&aTU2xdQzs#AW>wL>VaEYW&mf54Spy0l6{I;2_aONfU_i@=${n^1O
z(>(6XW(o1nB^@({iPPFksaVRH-=oi6;yoIU>Lm~7hmMu+F1;yPtUGAlDUSV5uJIem
zXS*YD6<J=?HJD2yJeG;4dpizl<$g&Yu#j@HuFeGG7d>-DUo=2ctAu`ICr=PPxN(V3
z6E4vCdA<dtqWzW1u}cWm!ANK^7SNSyNAuz1U(sbVdjhy2*<B|)eR|#bJ4261m1I=3
zFhnaFiN{Ibm@{q)@@TQ)=a}xx;DZqcJ7ctCyfBi;u@;kyoQK!o;PHi80CX(q!bLJ2
z6hE5<pO|%)wpl=OPCk51z0`YUlFb?G>Pyk=R)p$=d`?E)&|d(?x#uJT!4kI|6s_V$
zhv_?)Ir6Q^^DaQVZDX918xV?K8UmITkU8&B5lRi`@bk`q_co@XWH+opQhB`Rm#yk-
z76JngZ5Im?*8?@TmnhvUBvjt9kumqcMpv(t65Jl+(VKbKF`v2}T^+z9&)h;L$nrrf
zCF3o>p`Pgqny`W%Ed164{~bT4S(xkax*(MLI6&UVXL{ZfwJ|;8RolEYr7>Yz>1V>m
z>J4Ws!s|ltjf!-LB&+K^C{csx_a@hGEqEf^c?R5Nz(>Nk@;A@h75IIusYb?mYpB^R
z1svPJ?#xJUC*mj2F$t)4Rh`MK<+hoB`sFaP2{sMpjb0I*ym8h^qisb4HLu1x8i1UN
z4g%fgE2KeRk#HtgVGk9JL($4t;}N_-u|XBBw4d>HOcvJHKcCV(f8UX#rkU5F3B!b-
zErfU297#vEkD(pF6wAc>5u7db)Om12xTGCo65&iy38vxRnpWjMn5rrR9R++$)b9Ma
zEN+y<%PALMDv~_U;azsE0TInJ%148GYrh(RR;w!v@wniXD=MVjE7-eywgfJ`GC4hY
z#wo*S{|r@#!*DahQ^8f6_NUykdK|d=Gsbg>E72Ib*XV7PhD1GS&N{KLgb81V<0Gf(
zZqwE3<xQLS8+}()q)7`-Rwi5aT?8kHVPm-JBopU7Y$Jn5u#;c_eMqk3x7pA;anh}d
zIdu>$M$(R&N0hgG8+VQ}PhgqgO*yxlnxIH5EoEE4!v5Sw6$8MTd!S3?!fVXItL?GJ
z8Lt}z0hNk86FsI{Mtx<YEjI>d*X!#bqFMQPZN8P!cBfksnIzC<+Zn;=5Ax;7@p(f_
zN=LwoEO$bNL?2lSRqaNV1C^TEavvoH@;uTlj{jvUnqgw2n@NV+M1JpX6`aBx10+eI
z&#AXI1h`oP9!;Cvn(x1}dNXz(cDCe`6_Msf%Dv)d@%~bE4Um0!3c|A-9sCpugJr8w
zj4O+wnFa)c@oHBXRoPERD(FsLbUf0Wzug4hZrFhp<Th6l?l(c-r@498tDYU2s1&13
z-GC#TmAJ1Ak(sdX={px~-~Dz39Ml&HeH2ujklK5!LddLjk>xeONar#3Q?U>%{uEE4
zd4VXm>!Bz^%$|lYg0LYxR;3MNb0?v+IW9*tqD{E_LE4Ne-7F?-)wK*XEU~(S&{#-Y
z%pK#<1)<5?>_^0mSiIpUfs$Rmv28r^fjiI5aXpa8|5}T||G;RkpQG-5r(*9NYzArL
zs>W;%1WE3dnwQx&ksk44(&T%xp9cGSwUE-)ogRH6f_@w<Q14q33<xXe&hU^`bENT-
z=DoWv1@Falgqs$W&W+tECm9giAod9*PznBlt;pl^>n03jX2AcO92m!|0+S<xY&Yoi
z+tGqp9u>A!FIHzQ6m2!k>hzV=>eQeoPLSg<y{KzKHB$q5qQe5FbIOl1YBBujQz_#;
zCFDB*y3SaZ*nUCH_PWC0ll>$NN{#mfQ)fw>Kabae1vvZg+TER9!zd!X(#d;?!k%K>
zT;7J5;lIb7mN8^f7GrLY9Y>*t4v^8hO@9G}ij(s+xjmSjT3M%TSLPcd(iS=>!gKBQ
z3A0bpj&K=*EVncpkzf760=h8I?rEm~Gxv$$d2hp@u4(t528VW)NJ69JXvd!Ed$pM!
zk)6*lFU{OJ@8(~-@oMB=z^>X+k+_gCTUk{8x<4NZ_(<i=8+Xlbgo>#Oj<ybP@Bs=u
zdH2}NLhmgs<>vXRvs1M{Mg)v+hdg))<_ne9h0Zimt2jQF<zwDO30(0f62X|5pCnkr
z(N)8Mh33&qtpl{4Yhp<KoL;GN+#r9<FmzeuGVoDL!w#tdVw&qm_c1Eu3?GQxc1Unn
zpZG9a_GM&0clN=c#RKQs%vB91bMUSZzE%~6uu@NsSw-`UZa7Bnr}r6if@P}F<6UL^
zs~{0hIrrQMLH*=Kw0e|`TU6y^zYnz9_NtJd+ojyz@<X72$rr<mi}dQQ&*oTOl2d#9
zwu?5u7i`Z_NtITxBDV}8^bKYjzE=BS9`f>~;4!WvqO8(1Ip2Wq6L(p;|F^%3csICC
zmABP`wGdRT;$i5TW5BPNj|I(qS)VM0q1`&VCm~ASjEu&!ym7^zXOEHMY)Y!%u&kN(
z#ppApsAeQf(Kc1Bmc7AMP|2)|U_H8RX-5QNUP*?Hh0HD(IE>_i>S=jBPE19?Df^+x
zSZK)ZwOk^lX+1)bVf8E^of`IB=iL$B=~z*tfyX{u<@%Td|C2*zm(d>H_OY&R<{NJ*
zPqL<%G>U_^coi1Y$u71}xHhhvC_4)<ORzK`NvDIj+L2apv~A%mAs~lo(|yG>qQT(W
zfj3h8i9PBB4I>(p5l42ttwBb#Ba)ebtjQ}8#GiL4Ea^MsmGi4dr%ushQ5yDYM3$pu
zh94_spfPAU%BQ}P4c_F>(P@lmwx!73x4D=8&R~H;(q2h0VY!Zuwa%9+B^tbp?_eMr
z<06FnB4Sq8PK1<oFN)d{Bof?%Sq1<N+M9B{&5!xNev}>_8*_xI>F_{F@|LdKaI0?o
zLw))$ZakUz@Rdmi`9<|K`Ic*J)C}&f1!9BFv55nbA-c<KJhCmD&;l4-k!W#F;h7`P
zwc4^r2J_w#JAen7K!5hQZ<1k7EvLD;K&9oq468aC&|^AG$Cgph%@-MnrN!1h8^HeL
zRFmfgMTpNk<eTke5yxZkU7NvYDZaW<uI*lI4)`S7r_T~i!CnKU5x8wKx#DJgT?zXT
zM#+G#`K0!~bal%$1&wp!Hu0zIKl-;@&ccE?!ZwDa5gKakGx=5Jn%Uv6ihP>k=koD`
z|G2G>HDiwWDjtBNh`2z6U3R{PF1g^`H;;Aa6<fdBh>gOk2*IZyBVQ_2d^b{Up^cM1
z58s^eKI=1ZwChQXc7riKFD;gY0Q(W@<>eIMN8>&=^J(^^dSZuQX^Px2%M(=CU;UZL
zF4HhQqR^3`=e(c?i&ihhu(9Iv+>%GmKk7YA{cikvKZ@2=1nUYxuy+eQnnR-(GV+m*
z5czGHNdgY}k{dh{>{x{Mw*7gtwKm9Cs9TE`I#6dWb3n8HLpd7&bmnyXV9R&!hykVu
zxR?)RJ6Ac9;$`d(&feb)f}H)9rwR;383*(@Xv*A}9LkXRVbB2)l#CIqKIKQ4fna9r
zq?gveBzec-z+sI3rU+hWEG4`}t{90!XBv`9G@b<D#4-6a${I9;=xT_+p@}kQ2QTnt
zYpmNpCWH0y`p<K6W0QokGPE0>_Win(l+>{s7tl?OQ1yqmbiSd5lBjQyNXIrGa<^uZ
zZziyVJHlOzBe7;xg?1j%X%e`sN_)dmSp&tS1;765JT85xwvGr65udthdF%pX_QsO?
zys{s{C$_2OEjVVWh84t_xm&zIWWtrVI)KlmB(|}kyfxQ2z{pz@&aljFA+tN2_u+66
z$ZJ6dD(G1Y#9}Ow&}23UFT&usb2I;AG4i<bLcMWm=iZUGD+sZ4Z|TkxLxezsIP6gu
zzR%<k^dkA`utcb!4ak&fwgE;FvITF%y`M~QZ^qSk-f6!;SuM?BuDDZ>1u@RcxKU+|
zdkLke_I<AL|E|E2pd1os9J_7@{VfLeCIv0yvI2;9=|Bykki9?ae_x4025Hk)0}v_P
z*XyDWluD>U5e8G+qG>@v`M8!#1Q_O6=)=ILMGO3BNI?-SklShTHCz|z4GNgX@$Czw
zt_(z0?)}G5@k~EFh}5spk$&udz4%C#^nRoM-PU<$fc2&qRu2`0w4FQHOJm(Vux-~s
zyzRu4Hu}a26(by<k?RH+gOuW^{}FNi+D9%uM1=)3z|P4%<;@7$0w45o{-%(&%D;Lr
zN5UY-#eEMciqzc%pFsmYwZl1x@gF9~df&lo1%E2<%q}q)GV6NEga50Wo=MkGkt(Bv
z3yGkeeh`rEHEWzPa`yaCHn=@2)P3`tQy>SUYCFuN^PE2J5&MEc3B&A~>3HgrwSTsI
z`-It(%Jn3SP@MrI<A(Lep8X`B1rH>6;^Cf%-Qmd0Mm1|>O@%^pPzMnQryMS@;+hwg
zhC3=CglQKDN79QGs#>9sr%vV(4X%gmr3Xiy5v}RZNo=IK9g_RoQ;bi!dlZ`FtvxMP
z;Z6>}vY!~+<vU<qL2eJ)g_T`DcNIUCld2yZLCuv|*s8Ir5l+mO%t^e)vZ#R4lAG21
zG6wyv&mU#NURd^$Zi+x1()r=jKNf6iCHe>mT)yy>`Mr#UaNAbt)V~Hp9(K%@0JMCN
z0ppS~7?V+WVxSPWcdK?RGYt37(P@ebyxGfbLiwhU6kngS|B?b5_6msjLvVb>@{ReF
z1o}b#Yl@Qp*C^@d%R-{to!#YpF_EFEoL|fB1?x$h_)Fu`q{NU?_0o`5y6B5S*spYo
z!UE-JdlDa79&+EaUOfl7!1-N^zC9fJJ<dWOP(16YIRw=O`ZM{~(jM`&J&Z`%Z|H49
zy1Tc`ghq-ZEP(LH(h`e1Ot)qng2#NQTqSoo0cB*GF2652NF`fJMC@{Oozst#<S#S9
zGz->mj~&7I0ur4jYcE0!=qpACFet?h5Ax!>d4k}y4<-K<b<!(s{7!=Q5*Qdn_tZef
zDoEKJ^c9_B7!H4!__T$>gG9=2%n_9|1~E|h?_xT%J$}7kvo+PcW-aQOxa{YC7nBI!
z7U6yhD@izA*R{v3Hz_UC>w{V|cRG%yItrK^XKV>j{_O#BRwI7%{|PBhbF+w4N6ykK
zn@JnlQKzYOFw5R`ko}a(0+j5V)(Ik^khz|b5g`KUx*3>$Cx$$G6htvqP|Z|eA^bl&
z5nTAf7|$_!n3GXgA$`aSJd3;qL4~i$SH6aMJgUpIUQNm}Ngx^*9|%PB4PiOBEi&MI
zv@+R$bHu|ZxaM#DbG0-nrAv(iqO!cyB_sRlH|jVwo)a>3tTq7-Qi&%kDxlRelSum5
zholPMteZekHqjXS9tvIpV&$raE14i*Eu}Is_d|-&Flo<19M-dO@=72N<)*_nZC-LL
zW3Gj7n|M%8-9`D+9rmKjxZVzL^;UA-r$08CZ>G6e_}G?0P5>&3a|_)r$(r(O<ohat
zAS<B8e_G_K`M=tKzVYpdpY9wy=b1qOKS030@&7fb#jWvU)bfW2M@EcYN97L;iF94y
zxI9N<VZSG8ZBd9KtzPE}#pG?y{A&`H(A)>IY~y*95JdbbxD%nHccw|k?nC3&(v`!A
zMWG<2qPtXL_fV*$(B0SY_AqqL`~oqtngSPx+|3iw35nDc5)~^?b#?qL*?f;1kVTrY
z0a7c1)oxxzpXk$tT(0<c2GI1$#Rwf|IrL&%9cKO@ZQ-HUbsxaULQEaHR9qkxITHF;
zd^4;&9{deh^=lS(sw>Ri+xmV6Vgrtq0kd2f9l{yg!U5APMfWhbGxkH3gggE$6FD^y
ztcUkk=H57Hhc!rRKTxA<r3!ZZMvMgXp86KS)L~KnnF9!nWvdP?ZI|?@E(|=-tfoW>
zu<ZC9f{0V)mLtANX7g%A#lgLC(=b4|CuADdDfP1QbZ<}Am;WcfL*NJL!TrV#ZG-v`
z&d_2+vu1ai9oj|aax+pk^RPt2mX6sY{cY~4@p^%ifZ9mZU5U6t+NslTQS>XK3IoxV
zH2FYR%92nC0g7oTl?HMtG+l^8)aF1>oxrF%u}f+{u~^;Cj|05`jZWbU88sDB*K72t
zzo(l+SA_@jaBEx7@1~e8bG>4|ugxoy?`t4+tauL$MaeoEA8Np&6M>+U@VC&(9?q<E
zl}%q%v@)jhQ2Ab50$S&Vxw!!`2WQv??mTJxb6Cv@s&{>2V@*ycoO2#&3}m)%XCmnb
zWLyKmuGQYyTwZm&Ta;H%IH-A}+<WXOd0J3JWdoCEKyhj%U7D-Q(olTkzv)3uHNKgz
zJFM{A)n0N97;BIsD=hgwfZz8t+}<l>a)PhN&iJqA5}|^EEx!O_udzJPKL1D<Y}2nw
z$lT7#;XE=fcl*gQ7xZVnjW|PtmbD84bj6+P>XWK{*2}+I^t8<qFphIU2ur3ZWbU18
zo?h~WOc>8h8<^P;P}_jalwV1Nw^ePLtDWKEnIYQw+O@ni?vFx6s{KIOMa3z}ijIWn
z;%gdaJmls~5{%3QyA$+;%8_c-5F;dnMvlxGHZpSW35Bz*?54HOT2%r6>zS#XgqcR{
z0>A8#Iu(s(!ov8if>JoeWV*@vhy@C;8?O;yRq;f$)(>6{7KtcDIRnrTVl!Fb#Ojp!
zW}bE=xQKa5+SZDM^nDo)hnP%iM8*3KRqy){gWmLFMcOA8Od6w2k*Uo+t`+GWt1eO|
z3qS@|X-PwyNF1vxF({;%6fg3Ai&gZRtiw+Zul>L5(IMg(rAIp%(Je5O3S2rrL+5?+
z5^u!n`ksUcD^bnpcH2|ck=&#I5Q|J%wELnUM4%@-vAyvK&HN4U5pb=&FuL-=cXZh0
z_&WV%Onmsa1-Av_2S!Rw0kqlHv#^?<8C3OW)|?(c+%)Llp*G+z8H?)v6%n`-?@*<)
zz)Qwi^y%BC9G@~GakgVW&fq|Ic^^N9JVhO|3OYYhT&8$pW9pSEYj@d>;rW5=wkzt)
znrIiEK-<)%1AxojA;`vT4!oR0%yS@5E-K{3%j9`i{;&K>q&+{XMDo{_sR>@JKP_vJ
z509=NO0?zb?(|lF`2;2A>Vrnyxn_j!eO9LP_<$`R=XO2?&&epDgvgPr^zCvFc57?`
z*ka1B3568)j(f2dSgRG#O&!94RVxdp1hJTEBNmh~xls>n6)BjNzO!c(Re_FeBCyC0
zyq+6z44i~%gmSRkPO&9N(FB_=7-HgJgx$Su#f~jtFRLc8>z&=rHJ@Sjf9PHF7tS>f
zG<g))?ElF(HK|DWxpswof0f6;0*hWrV<-)B#CgvZF$6-|{?6<MFvyMy0W#JymI;xV
z(w%!yK37garBWn{=|4vKpmQp@LbjgZjClC7Z{2V`!YnWU-Za~-+iFuly2^`@_PZn+
z@2og{R^WdET40*PPrjU^cd4LM?TG5q<YaCl+agA?t8LPw6^BL+pU9NU^J@MTOldC8
z{@l(vJoGI!O=f|7mSCE4+DJuS-oBnwqgbd;6wAcU=Mq1|dpyPXhyBjcY`&|>P2nvD
z2xCn_Znr#XU-6M|A}jC*g?ayGf=XF;p!bmUb?5kOBMj0G$B)B8Hkq1XKJn4OPjNEY
zCss*Z!;c(%j6cN0wTAb1IBG5A-w$BwJ+1V_fXsf3Iri}AVtz^ZMU__ax&^+%9Cz9>
zM(e!#tR>>085Uwo1wU(t{XiGG83YFSGR}gO(w#-fRb<Ze`1S|ifwc@$r9EWV)^Imw
zMyHBG>8wZAyZ`|qG66jV$E4KFDYwpc2ti2P1I84rS&UpYx;F)C(G<CSO;JS>B6c7b
z_E`?G4&&!f7w<Pht8WP6BZYOo^8xy|b6gU8L>^kwUSqQ(Og|-6e8Xs>7%5E}2gbH`
zO)HxNR4%qz(cm_BD;yAccDq<PF=kOpJ@d4D(6n)KW}m=kY+7?g{{GAinWiu5v07zz
z|6MCu2MW+xKIO`y`foI*_vEFCn|v!WmI-?XCHDqA3_|An%X@T&!i;ki1VG3wQ?vHw
zGUQx5cBf$xPhrRGx$rTQf>XklMHIbLJwKd7Ii0S}8}Ydj8{P<W#9m$H7E+y_gm;V7
zIuBR5MHI2{b;)<&iY`wWaJNO>;<UJGB)aSwt+aaPUcTrEouh!<D(@KC6V4|2iMO9H
zW2{urXTv2C@TV%tpcr4Fpsd>$Co<d;<O6?maEUGNbzmRe{ys8|Z0uHFeWR1+Hc#CW
zO8X;BWkk3QzATshjCU8-q*Ep?(>wQ9Oso_%oB-s3<lo17e1)p+i@YUsA;wYBPJnhu
zS$m?PwK59s<;mFn_@SO1JeoD-ENR@es6k|EVU}N%PL{k}B^wF*VLUAFV|)DTq2)+-
z++P~wV<G8*Xa)Pl*~rvZMTL|QyOc5B@d40AEK&b>@1W>3C`G3521{^GUde^wIok4L
zOio7r47_8_kbs=vl-Qe>DncL4hjS3ndlQ%yZXB!$=2?h$N{RiS3qQ6Z)49rY&St&O
zWRQ)eQ-a7JK46i=?)(YnEbGmXA51I1q`_t}ZUyL&_rc~ThDKWuGLLbdd3(k|%J&ut
z$|;hzMI2Kz?qEUF$U>P=oC0erym#_uako28c1K?z{X$#&LO3Fv73WW$kGHN+9nwxx
zNv&a0Bl2AxsN-txK!-25amL_w3X8O!LNO*^4X_>)r+42D%Ly`Uu%2+$@U6}87>P{U
z1pWC)zDyJ<i}1sQ8Y~8=)rYBQ2C%5Zfv2g?WeB-RGr033LmnV~Ju$>?i?4WIQB=AT
zy8Gl2fFZiScC`UE^K3P4!;!DZ=h}#skUjt(YPmBOAuQzS@YFY08>BjNl;s={(-`E+
z5N#DtLvZ1i?{4|7Zjr}6_y-P%$Gx3JaxQ(l`}J>MsG7JMUHbF&9EG2hv%pR~!ESEk
z=F@QFB8P>NFw)HUIyF%Z1JvP-E3ux?JHe^5ir5J`ua$gK9S-}?1|G#*I5=ui0U`Xu
zWZ%r;1)Px|{HtZgooqbVADUfMN~PBjk7?eDhWUBMe2ur{rpep&5T~yF>1R>d14@jo
zlm1{_+Ri=r2t)j9SW}mPBzpq!E+V8o+#uLLolo}3KS1>@&yZrYc~vI}aL(_G09(Z@
zAk;i!k%Wddc}&{tF;6KWLN;t3NGh#MWJ7VU>yfev7gtD5l>-Ed4x+Og(c1rL99IE}
zRet%iI^-w)Q%*o~4mm=xI#270epFO#Vw=SvV)vkXIetKm*}a6pPC?fzAxJ*}VtAR%
zhIGA$Gy=?*2;c$`l~PvQkNeRG6z{5(+MJ(-$Uzu(7&5Whrk<eB9*WsG7$WB1eyL=T
zkg>D$#AYt}VG&Em3P1EI2eBx;$)GM?4kbN*!P375W}=^yw;$GCp5#-h$aY7Z=jHUM
zYVnh?za^<04+kD<9l<vnTSgJMQ!kx={Mo3s&Z`E~>j853!DH)F&1?KygE_0@>0${4
zm(YUhex1SjuV%th)Cz-Iq4kWD#OL}W7nftEu;x2+v_R;C0lvj?rIO|Pp#I6d4ohHL
zkV*^SwD1zcngv5fx$nBOTSz|0E+6|!UQ3&>fQ3?ZI<8WilNg1cnRCfwJHx3tZSjl%
zXWNO3C{B;s)jX_?5Mw6$6HAe9jc(g=8JL%mDb248?mg%oH9VnIJ-Z`WWSZwva=|q6
z6?*N*&iTE)Z(F|y>E8Www;iFIMrBI=%~JDQ-)XrPi`c2Qn{fi5vNAzIdX0uJO~Yn3
zXODlnaqlGer@F(OL3YM_(7)Mx_Z0le*vog=<=)Ly!RQ*Fdai3-$!}Yl>U2p$8~HIP
zIJem?p*zOeg6XQ&H5t2+RmKCt{6}mU?QEG&v%;5_5o2@os@KT@y8*_BCVKqkjyTbJ
zRl{m>^;Sf3)TBc)8d>zHQuS_8a2C)Qemj@?ML<g)P+ci$l=$U17oj<*x=J{CW>C8a
z#6JW-jf@TPrCS+?SmL$;iZ@_k#>Rp~#ylAd<E;UpxDr2*3sHT@d8Oul-5L8(Pmtws
z&Qe`Lde(>m<B&_nuyBHV7Q0s22Q!9hZU&Av@a7gAgws-h;~6DFAf-(F^&(mP7wI@l
z9+Os1P`7`j?$AZN9y8XN_!KqvJ*c>&pSz1?)nxMwM9Off6;o>Z_<$lMwA)rA&DFCz
zymrh0^GlWmN6GRZ6{M$YfFvc2ri_}_M9bX6zri#8(pj@iG`R|vbU`>@D#9l*2J&$-
zoG61h&A_Xpn+jSdx0~&<FH*K0->DPT1jNksoU^|kc+#T*<HyI<htVZ^hQod=uY?Kb
zNLKb6DzEcjAcD*XEp7O`WV*!SFzT&>oFs1kE_4&rPI7|3l`B)WddXTOyi$aiRRR&1
zFE3g91xwnj6|aZuf=UAQrGo@ny3&ACG(jXgX;hA`_`pK<{=*b?SI7Llgz3v|EFJHX
zT#XMUx2uaL>C<n~{)s#wPztVl=UJOp)Zxj-Br@;@9RXn%#>~0yBzBA?Jxix;55wS!
z5g2!G#1??3v#c3M@?kf5rzGeibwM-Yl^!2Nmf!}LeYSzC0c2^>M`)uTuq~1CZHEh@
z7#;cM8b%TPC&&gsp0>fMfld6tDv^~CELZBt_iavW0>m7ULhOR_t&^41Ru4e70cmie
z9<&B9o;=ozptkEt<5$+!3p~FM-XtVU2BF2^kVtcf>q?pM#gvJ>cj9Z!F8LecCZ8OT
zjQDL!6dw5y<oeKGMOgX(;xYn{{FdCGH^$m)!9_H6ODa^9eLG5aIfj3*>q8HDVL9*w
ztV62xp4lDLVC9)N?X@nzyoZbo`gw{-92pgKa5<2kERjz|BKeDyc`7CWj~V^kVaplj
z_X})u|J;lTbO_v0+$T>}+RZJ1W%yi;0-P=qV9Ja9sedRfc!QiPaR$Wi$<AOD*{3nq
zd-oaCs!R*4Cf4u<Hl>L%<!$$pOez{?y82)!jZ!~CYp$+U&4tF#6Iu4-T}JzsQoe5?
zy~6{{MlV8=f;-F1a{Rsch1zDSdn(KonJ+t=db9;%^8w$*91Ojj(~9QsR95OtXxDTs
zk*yvtzYPmIy>v^xg3{mTT^Y58kYxL~_y3N~<e#oAV=Gd55+<`<Md@Dw{v+#jmjI9x
zI3i)UphMeAuf%q|jHC+9+}yu><bI9;`b!hPn=oQ)_Twh2=4|onQ5)wcV)rhG*#7;w
zunb>ZrY7{o44XOK7`?WxBd6<CU>SGlqWK|#J>!|SQ%J1d6sg6XwS%|!9`p6MF?%iZ
zA2>2_p66OTY5ePvHnL$Kp@eDBY0?e^xVyA1;>hpFE-NED><m1fQ9og^YhZd+_ZZW6
zfzSsRo%axhlXJ=ifh;uu>=q4ZcZS+wGoo_`quSL$e!4eo&pk!G1IEUk7uJCM6S&TJ
ztoMK#ACkXSaz2YasH1)l4;2MMDunur(spmr`8Ua7x2MQQJebR2!;W*SLjA*rlI$Q1
z!M2`aWVBh=K@p@dbnp?fae!*J1>4M>w2VTt1bT$Gv2K0Q)OL<k!}fWZAq}hz7l4Ho
z`d9B#3{tZv(-T}#U)5ulCy3yJmwq7IF7ff(F9yfmenZwwB1cQsV~49{>xR04wU`sk
zZ<dR5o|mHHt|PthOXY(UZt*G(PI(VSvEu^~Q7|@OTVh+6(Yv&e4oj^OW;bVW6^0!4
zwEGigpw97W(g(!SDtA~$Lm6eQ2QU-+&V8U*cj5B1HSvMvhtuhcrcvBpV1+vHXL3(E
znf|htL<>ptj3=+Oph~le9|H^8W@InDT(Jt7U9MmyHvbbp_PFL6Y}<O^qrv<v12umC
z={qbd@V9zu?Xt`!;=I^+<nn+cdW>TUE^H1C*dzX&hq#Eo(cK0;W0K<H1{u!WhS2Yr
zASoEJ(FpI|7PQs#usd#&$-qbEVKexUAn?&|1T2L(m*D7p?r7Q!*UF;p(J>JdISmZ;
ztcW_Rtf00yB|~1s-?bJ^GbDA?lWYcQB5(`%4@giYsE>zo*Tm&er_Y?dC+1UH-v+RG
zNaTq|t(Om+`#8MO?YLo-tx5~F?-%N-GNM>tdEnM1L+ZEm17m?**IP6xy7e0=z3?=r
z)oO21bxDJiCP*wBq@>`zD#PX|haaD?6SY}vd;25>fIOg#f|gADRN}dhLRo~IFXOOH
zpNXc;ZikofOgc|fpFAqsM6t$i*ScBEa{wUIE7~1}2CB#uzlV?f5JD;ei~BgRJq2=f
z4$2XX2GDQ>50b{}TKI@az)rmmm&(oYqMen@moqduMwC#*QRMERCH^Jr-bBUhIuNo=
zg+>I1un~er2YHl2`xqPYl{L_7z-+FPq0iTh8}6vhrHg01L?;0G)Bmv<)Y-ZZ{a}hq
z<vP_0+iYYn8x^r1R|@mZV=9)?!hy{RVyeglL>j8CyK_;JCj<c+Aas(8gGfE!7SAWj
zR9_(|BGe6hsh1WS=Co>a@{`yz>9E{$L9$?3>V$A*f;2VEB4@3u=moJC+tWn?mRNjK
z8mu=~26;Q#VJZ%)HUz~19Eb7A+<F}?X_+<Rye6Zv+DBIfn;obIxS4m(WpFKx_y&v1
zSPaPpnw)<MFztYZ1xd2~%_k=-nboC~^)et&THoR^h#1)5$*o&gucj~JaQ&@0GmJM8
z6bsxBXXdyp{QY53j@2+4=ZbFqAIbQQfXnTF{Ch?eq&t$ChdG;Gcmd;9gMuw&*m>LC
z+r2WlA&vz?&2efuJSip@PAT{VhWg<niYqBzY{smXA;}5b9jGmy5Ir-@HRJ@!lreqj
zF~m%IXjxrMCq@17Lzh2UJO}wjMktrK3AjnI^Dkd%7QuEmjc?Y*I&G^hr*XVsAxE>h
z*ZAkg{d+%A9qojWnPnx*sMGO*bQR12lycLq28OIw`$_t;c*CffoW2l`SmOK8cSHl<
z;RUVDe*f1vN^X#58qJmnZ#@2vyh8O=ZDtI+-A)`T)`R3z!tT$_Rrq?5G(UY*j+n40
zT|Ejcae0;F4HFN!F<%$A1>e$b-m^ls4mX^ZBEOCfK6Zt2Pd8DLoITCRr4s?H;#f3x
zQ(SBv<;)^^n?CsT`tPFL=o5|S_^R4am1~X^GK=KCz<QG$@f78|Co;}NK_pGFNT0N-
z*L9+4>?18*=T1x%!;hhyOgWb!qK27nAWr8}#nCykAxk2RVD=ajjE5wwutgS}0aUY?
zX!@$Rf`GMNbZPWr!V&1H$5csiJ}--*coM>oHTl6vGu&2;mqZ@2vz}8m5ND&{4<*U+
z{KSX9HX3(<7Y=>9u-2q2qBi<Je@%h23`c9ua`{i2LpQGm%}~2f-dIT`UJk}@e80Q>
zXaAL8;n>DrfuVsip*)$d%TQELB5v&S9F~=tg1jSYqO4n@PuXXoLlgW9xUC*a<t%Ri
z;9v$yEYU*lJjcABi7=qc5lc2a!A~~s01z{%XMIbUl*GY@dyJmD5|MhZvt&C2x?G(B
zUN0d_^nj%KnV!JJAyLmTWDzIW9p=439aJnl*(c)|?<ES83RF6v7SwLN>G^3;O)n@u
zgnSG^w)Wrbb+@CJy?o1?Aw=oIhCg<{Ag_?nQQ3p{63l%CfVw`|widy~ZK!cvsPZFh
za;teC6KXD>DNGI*H?5f3z+kuP-MHo3KhaPN2?dBh^DT<<UVpVQ(G2mpM*wHO;HIj2
z3EIafEcBN`y#NG<$@p#<pWIXHgql3NiWaF9=Kr0=Ra7JEqYG%S-+>5kP%B35L<?ON
zHf`-zZ6aAzll-1*e4;hm#WG?dJwg8=Dc}KpdobS1N+4+wS*Qtv+Q;ELz)?h<dVpN?
zW~uXdRdxK<;F#*%$4_OIYW5iYEK&eGu`Z(bCsYc9w&jONd8~{!E}o&2;(sGsTkr6H
z_KvB?sm|6bf;*4uUT6XzgX&db;ld&VS{68~aUcgftk#Mx1IH4qGJaxk*h;(?8G`Cu
zCjzBpnf8aPt{!EW_#WWSoZ{lwwpw|Kb5QVPHLhs|Pmg5xfI&&X>DNXMDl+*k@b<A2
zIu6OTF|~1|{5rc_{Ui0kl+jy@Fm=3F;Q@=wWE#SI(Ytr-bnAStE<0`bf5aH`0Xec@
zcK1Piu)N&DIzWbcH23i6x6EaIqKM8F(qd6N6E}T1zm%SJn*5g}UiMqD+R78Qk%fRl
zdm5}lO2Z!%+BMmzF4poKm2LRxMg>znb9Gb@u8gyMYNDky2aA)Oy(E@tWFhM=@dx-r
z`Ac>bv)io1NKh^xd<R7dN$IXV^|u8B(vU<wFIsM(yz?MHm#f}mDS7;V9eUpR#A}4|
zgr;MuZG<Zxe*M;^Fmyo(1?Yt}Df{N9%Ti0p*`LkLmc0TOVh8`_B$ZU41s9WZan@{=
z<uq!eBtSdPIxg3*vvLtcVu$>BoKpqO-cfgy>lLosh`B@RpEgUe^7*~<w7W9VX#wZj
zNF6ehQ78xXB*xQeG&#RG;*`F;mh};E`phdC|7Wp?+Kj{1Fcoc}qd8OC1q$6LDTnD&
z_Y5^%$byV|ak1qNO{<>Zx1`&ZgVDjzkx)N97@;L?TYt}0MKF`FkLzfED<UFBf;VnI
zB(_<%w7JqX8&%yQbU@LXc{4pN*?@Si1ej?mDIZMury*up?h1(C4*T4r`rxK><6PX`
zdy;{-|5~W5>n6~yOjo5vJ+>s`{<$6S6n033tuWYu@DjS5o}wu~6f#;gVY)|-y^S-u
z9#qa1q}Tycp+KR^+{M+8JaM6^XqQNe{iWvYT`D2jjnaJi+83vODtw}jd;MY!oIL<~
z%!h1ND691X@Edg{^z4%lTVTLuq+HkrhI`7uPkIJhU}mV@z`%sjw-Fb9>|;1;#p@?O
zL29^*g-(cc+kg**IQ2ezXhkS4m3#r-bfP{FDaJQBi&S~j%*ZgSc#m7htX%)wX~Dr^
zC7rXjx-4xZmZYQ+*ZC#BXc=uzU@toI2%M_B@P*fWk{ndcRoSd6>S*UJ5K@U8yjid(
z?(ieW?&b_9yq-L^d#7t{0ZXKMu#=#MWU~r>C(!h!0qC7wE!9AyXUqJK)R12NfUk4J
zhaV!$Ib^|Wl$Meyffr!3#tRCIy~cH5k64OmM`tVAQ^7GgT&5FF2pu;YTL@!7Ofq;4
z1*ZxBlP;+BE=Cx8-mHlKCOI-;LEzDJPYUIhEX~oa5ARHISNX7~bXBpA>~Hww!uYU4
z<qff}M&wk_0_!uumziTu9?jh72r^ENT@A*+8%;CD7MvN7V)wW%3BDn<ae+6{ktDM+
z<5;HDJ32rcE1&*!Zr|%GDd{Z&ih7)BTGttapgfPKAU5j$z>6={>9pwHF6$pK)wluO
z_W5!bQD73fQT>X&=5Zj`65>mYD|0|?BjXaa6cBkfdjS5Lb6c)8AZdhb$lciKhUG8r
zVV^Ur-fEH#9$77c%CT7d$YKd!B-j&=d`*5VN{E-UTF5%GOHxEh8B0(D+SC-fUlaAy
zVP2I{vOemcFXrP^mny=r^I`e*=Sk_0v{0lBI5RPMCsJi;2Z+y5ExvtjCxqexy77s6
zTzgn#MP`WRdaFt~Wnj9rQ4npbKOjS*yZ<o=o_&U}BIRBp9JqSj2CoCaX6md?8Q(*T
zQ|UD$$^PA|H}NzrOP?{zW1H)#0=kELq(XcQ@!F~ix+^_HBot`cgm#RR!V|((svqWZ
zynM0AI!@#Xk4+fIVr{=*6BFv5bzeD}&XmFy<#|hdGpcDXpKFYXREZ!2VsyX1$3w<b
zM-@1#t#xO5@ac~C)(9x}g#Pt3-iziPQ3)C{0JRoYy!W#i;XIbIB~*o*UG=<vMC^W8
zg@EWXG>tvArW|f5*6FNrJ|3?;iZ^V$ov<M%<<Xab;s<9g!_=)>1WZZ`x`~7*%`L$&
zklHh6!Lwo_0wor=lTBS7OZNDa$)Sx);roxH;|zx5&`+GhR}EVp2>lNm48fSn;<gz%
zU!=eF*{&<futp~}c>Z7_o+Y2g95sIrgOrfs=3_L8frj(|B%MA;C=={mVtb5ab}kZe
zyP;!@Hp7Q3`I9d}U3I4=ih%Y_Q|WknhHW?>sk?db2>-L%$7KQKR))zH8%5PAyHJBF
zJ?uW6Fv1DP@-^(*_Yut`?^lm>P|+D)1{H$##a`ZGoPuq@y2v-O)0OF#eR_x<#BN)d
z(vHqz!oVeKq~fuzQEpP-epibvWaZ$pu|wb1W8V~TElXZ;ugj{gh9mFc7BpZN(2HLl
z>0f>u*zxiPzBNq8&{izTzw9sT{+DDe?>BGqJj>HwASBcOkk*3vI-~rXdE0Ev|B9LF
z!qA{Zffk2)W$<s3Cm21nbekRZt`7lY7S!k5fO=c-PE;2*R`(E3Ut0hgc*iSHk)h0L
z(&i@UfQ5p^`v5kC!@AY$BTp8$3j0<!WX}5%;Rbmt!Lc{w2j%W=bLB=v?d2tSL1FfM
zVckDD_}R2I6*|o;*?BKQ&MP|N(^8M_pfQC#46;GF4gThT-6>rTFK1wd-TX>UHtY7{
zGvG|%9>?OmRUeP^-C26;)*VRq!0vT1<x=YxgFzW^IU&+x!b7mSdv*`>WPCbat3(Qj
zN~x@;6x;dK)E!kjwBypqdKg|Mp;UH{4(R!Z@l&utG7y@&Nc*%DyAr&mrr!m_gevxV
z(uhno8(g3Pu?Jq1z#<BQGE?r!q?fVEz^fY*M~i5eF#VZLYz$2ZR;L0kq!d8rR-wuZ
z;4|b0WxbaPkm~^~N?z?%rIU(pCV+#ckJ(6-?`T2X;*}MO{BhsrY&)yPG#c|GTZa1V
z2m7ir`NFpq$iJYxs)=uIZCMJ4d`EkQT2r;G)9y_NG+Z*&{bH5DSgvCg0}=|m4G|Y(
zSOPBW+ARH=h9R!!!!>WsvMtlQI(Z#)pV5>e3V12p%u2is$(Z?EucB_v{e}lTc>cIY
z@ykbXj-2%GKgtXGh~DIPK$<F6vzZr*T5gv_VZ9bO6Y~c5@Kx8xV$^-pJg<lV^$A8(
zFdP<LbGu3Nk_xjgtRH+5gxm<!PS4}`)243oby2(E_-$SllUhd)uPPFpV=bEAV{&|s
z%NGGH9@T&}f)BK8WJYO6ibtq9(Nfd0Zj$e9`a6nAKi0q?mxgCn1a6V}@F5mkSm*Hg
zBX)NKrp5vh+zp?CB=O$h1=UVng(0k8AVQC-4$+cXQvES#t;A;lGPNxSq(Z*&cab||
z41hs{+k$m=6TLn<P-oKxA4$`-{IXL(J1^|g02K-sZV#tvOJ_kS8jEnmD4<z*mh`Y)
zn@}<NLar}tiI@a09G+idPpJiGKKjtFVH?WmX$|BfCT|&=GbXxUDrwhu`XV?>Ebl72
zLZ_4HT2)-S?Z2Z%ErddN*Zb467zw>YLQo=FtYj5$wnu5O_2=z;uJqjmS>XVomNAok
z?ERn=qFHnQ-QePDvJ4*{M`XIOk`ie-cUYKrBfb0<FZtq465<6Tf^Pgu4W?>DUcNIi
zDD1Tr)UJ*4L~A-b!Df1s&PH<jf7FUVqP`n;3`I)6>LJsgkV-qw-9L*hTd1dnYvG7-
zR5ELyDOA6+|HkesLn?-%b`@P(q;HgY5aJt&C>^TWz0dkb$>T27dG;ftWKZUe*b3N^
zY{5^$#>oL+e|W5M<*{PSrJt#M`+LcG-!N)iJlf#pi5d-|!>XWXOLK~eT;E&<d~u%K
zY~Gefn+F1hQ7C}8W4P^Yc1CHgY(%-%jJ(CSrW*XoLlWj}RKZ7)o6ILDOfR7q!K3Mf
zU1v7KTVJ^W6>sLpW>J0F-fNp-DxuBbAEltSj0G68ot%P3G9r~X)H3NSWFTsebX}1K
zrJ0NA{dy?+E^R+^(?rAqGJ(PjrM-VeuO;1tZB|4T5LUbI=@mYfQBxPNpf89V3mpyr
z4Tn*?(v42qjoI42Kk=5gRAi$`&2eFDSz-skeew@T-f*_g5ROT;pA@B{rwOHP>hB~G
zYQ<}s>^u2n>6y-}U?F6I8jkUwWv3Tz#Rg~xi`_Sh=kEZ^a)_Y&7sS68XmgbG6kn3#
zw%ZCg(U6k_@fTt3LYz1c-?2)a^13<z;d1W6I#Ek{uWk`YU|Le4aa1_V-o#x~R*|gf
zpr&~~go=f@vB1tX;h5Pe95{!s+=aqWt6k4z^Adx5b735)-PZ3=mcZpvA%;N>Tqa(_
z{Y)1HRP>J`(B&KLEqTg-V#qs6!N*dHAu^kW8hZ<-wEJf(Xoy<r#g5)&W=L^yo?4VZ
z*KHYs+>Q@Bbl}s}oN@T`GMr_HeZc1?dU6&sFb8!;W{tX8gFO<Xr}q#w$<&A|p7UK-
zI%nq4b+g<G6AS2-eZ9(u%#bhko9+nPflalLr$EW6U4D&9PttZ4Cbed>otp~wg^ufT
zvc})Ye7;Ss!@&>j&-CJF?spHdG?hn$doNpUmtBZ&<dq9tZ_Z^piHyLr|JT74<)f12
z{Jg*K@zwTy{Ny@2_Hyn*qPyZ8U-vM&7)=9MCKE{5@<6|*n0UMw>Qo(4i&}DKo7O(R
zSi5WrVaQxj9nq67-wkZ+Yr+{{-hezpzs7A2?Z<#ytOAmELTKw)^JNU{rXa+`FtWq=
ztNmwW53+K6xSLUbV<ZG-f;ii=28wB%fD9vMND!LF^><#W>-kX~PgtEmJW6q<)(1AU
zTFts+(k0ESs%OSkz%vxN_SA&mHi=iRv2|=I>h)$u7T%wk@0)$Y1Ikb`w<!eWqFU^{
zo{g3zuN%WsimFUN8V~MRPY_NZ7A%X;vL?w4Wi1a$A8ENWaY87Q@G<=jAOI!!hlP|w
zkWIFj*q=}}z6)Kp^|Kj*adE}07f;vB|7UwxW;4;xnQtWQ_NejgM#$|5;hKz@LSs7m
zK{+oCG_-YF=A!aw!g?t4U$Q2XiwD}prsx@ESE-N66xP@25&%|EmhR!P0yo|z{<&>w
z#qXN8F4<6&oS%v0P#L;$2C45jxzw1;w^lldEc_8ymACRlehNdFa{~Ap<-cG=aS1n6
zsfmz9`VywIPvb=!$yY7m{b^odOED-Vyz)&T_pt3Qp@<M?lD1#@lZSgf81A`ixI}ho
zX%z~|AprqO0&mR_C|NX#E@zXxgY7(>OF9j*EQJl^domaLl<kQdlG8XrPon~jFam`q
zOZ>|tlL?6aBbMDHmmu7P0$bXjC%MD<K@`#*UMNx&G@;N_+OL#G$@R!}HGaH8i`)f_
zgN?0G)zQT%Yl8x%8In=K<`gvdz-pM!8Xt^$8N_o#87}{R6CI{F&s)wo{w>*;gNeUK
zQDn{_SELANO6=XA%wZfW4SSCXv<K}aO>)CX%pcIry%&f4w<5<h{V17UvtJ}szhO7V
z*h2c@*Cs~@x;0zYGDBED(EkR=s>3<W_?qg;4dQ_cZ*vR)wR@etG|$%pNQdX<wdM^Q
z4!i>wNm4%-emnOALDYrsOGDE(E?22z{-Y>tvDoVL3_=y0ni<DLZ^T<hf&cY61DDL&
z&>WaX?o$i+`YZARtNZ~k;F!GPp?*T|(>)pV+P&uksH~AG&U{Ne_wT3N@$8@AKQ_^I
z<WFy>xPfnH*ZiO~cvE$24)wWCLuheCLshlg2{-u*hJ7Y46vT%mZ5>M!mTpq;-x_^P
zUPbQ<1-k+`5-PkyFM7T*0=ZNOjKwMWX}LJ-%%tVRmvMOYEQRW<0SP{UJwi0#1zH`y
zw>mY7@9Ye5aZMZvz*;i0RL!^jlq`t%)W=jSp1wNQ<EM~C%<n%vaowF$$mZ{l>4L1q
zff>XK52S&}Y?+~;jrX6@XnDBHWf;W_gHq^2PhsJl+Il^^ur0(AW;bAtb(6rZl5tYc
zGm`w2z<J*Xi;4515Omk%MJc-an3;6LH>yh7<vrnY)g(AEVe#j=_1BUMVA<iX-wcf`
z;#_ni&Vhc&<l;=>1&|9r`+_8zatRqIZ3iyGEp0XJ&M|eWd#^+Boq9(Vplg4Culbs}
z-nIkM@)KPG`vU5@m9tk=8Ftu?%VcYqk(JT0k<09Dq|)Ko9(`U)y+`|#scT2#;HVO7
zz6i3)X*vuPSo8!Y;244zv5l8Y%yuz(;3ftM1CNTx8d+2AxFap+?OFJnY&W#fMMu+e
z)O3hmWZ%R@_Cfh2T}f9uD0RmpVM2L`!X8s90n5Ikkw;oR7*m{TxUAW%HL>C?g|Svz
z30F@#u8@_P`S6U6R(yALugNv9ZOEbQ31S<Pul>-@gM9WYj7{+&ORE1^iA!O+j9Cly
z$p5HX#=z=~s<uf$BJ=C^05u10Y_)Vuv<WxO4)iR?wA4}PvW^n`CY9#_V?Q?-^j71K
z+YEYfnO<9YF=AvTkb+evg5Ig6tJps@W$8wwH=l=vtYFxPWOG3cx)8!T1@1S96h8E(
zzED>c6xsrX#&%`?kzLUO>3y`5%$U(WnbvzA-^eO3TSuB$Y=UQjbX(?{d?`^1a5@w(
zc>PZ=!O4`Ey=RQql!u=LwQKh=5m@17<spEQ`{GGPpR9lfA-L8B@Cyxq1U@wdG{{FV
z+G<D6b8{(0lhr;(w{^<dP{WY9q|&^><c={HpX(Wk*}9dRXGOvs?n;O!Y!t5zyaOlK
zNmfjg$`bWknr4^540H$9Tc>D_d*ecms^whc5}mMgcIA&!V_{cRjIA={y*)y;5H{&`
zPX-xwy8sr~+0Dw@;^9vH7#ltI*efPzK-pqP)ff2Wa;ak72=n@=>|FZdS!lXB2W7o8
zrmi%#>9K^<;uGX#=oaTc3!S@7HV;CZfVcB_KP0oOEQvuJ67-d49-XA%Z=OQA`3odF
zlW49OP-T2rk>CXXj78F$nqsw#5k2!R9H<}kHyjThhAKkkMng9B2Gn2ED?QLYM+g}l
zrpj8vLkH@y_q<NigxkSyD&s&}pFT5q-<0^7r{*qBCAIhNzHb|(EIfXB0)5n*$3hf?
zlnZf5wA&ion^5=C+I`yFV384F0viMzADjUAQ=Rp<c}mghsU-y}1_^~ANz77HM(DJK
z*xT}V`WRB*Kya+3DOLXvhe1K!gY+wl<MQ?sS1ot5h5<w22=vY~$2{q1?r8TUlU<Cz
z)Mzz1z0F~QtAU=YAc*bmDYDnC<%|1Mwcbt(*^OHTl!?kvj`_Vr<<_0by?M6EX5%ia
zR;APR2|y3k$zR&mY7McEqAozmVuih$BF9K#t<v4IDSpT~2atghPVHRj{WX;46RRHl
zrCz+Yrz}W_st=vFmtx-nEf~bRVo779)K-X${X|3G>kscRbOpSID{XTs)rjNqa|hQ}
zMAv<qnC+Q&-*2L#vB#WzUXwQ(-QwJPW5UV$iRrU(bvS`KLge18E=*`NnAF2|S>^YD
z5L!8~$N=(CpasIV^tDLG=oyZ0iO(LsS1t7;k3~nt#C)=_ml>S!9<ajTC4=nxe4CH7
zmO6=>*aas$IL>{FzNq;GZOpL`M`@GkF6%KZ^3Y`mzk(9JkNYuIg^fy_k>oK4&I;dx
zWj7HN^SLgY%~H)G{mHXeqlu<&YElH>9v%-+Uc^_K<haS4&0j(tNkK$u<z{@e-KN5d
z{V;I-&VNnbkUWivG%*rMGuGlA`2%LhV5O!RX*&YwnJ@kWmO?ut5vIerkZGwHf?S|A
znyL^#C4Hc+DDIunzXwv7WOg)jiBk_-S0r;#Mpino6u#jvt9a5f9xciHtZ+Ww>IT{(
zsbzY`O8gyCoZI7O8e1SB;BgxPjc=wdKWtn&pbbS>zO{UiiWeWJ=XS47Hq^<o+x`EL
zrZN+f)kAv=2y_~MjKlbR6ZI07&`Dr0Kg^2?<kDA2=ecg7Ug-WM;Y!bX@w@60v@H*p
zh*zxe6O9<~RW;pkB&fJ_q})G{vGIeZv<xQQ&mSxg)LF}{TTiYCT|Oo1Rhso1Z|ziV
z<Hd@4T!R0N4dkU0X-mi}wu+H8?<)&Md?)eW=Ie`P3Tvi@GLhq2&%TjNxj1|BYYF0*
z;;3<kM19zx)zSqega_S6yL{zaMk=eKJdlFD0WLc9iGX}X{d%IZxw#YvgkMMHIv?V%
z07J=gK-!?-he}A>_m64&0Sb;ww(MCk+m@6v?`5J;*;FR>79BFT_FNS(C-=eOxijup
z>0n`o6i|66OCm`s+P$vHmxt+aSniF_r@$X{nMdWM)M8hI%pHySUAFG6!M`;l+0FRX
z$@(c*S7I>`$Mf|U;2QcPS9Kj1mvr1epI=mwWsL_vjfWJ~Ap{oWFM?NcvO$Tlp=P6S
zVhkqh2Jv?Lzo_UuN+cRYm=OI;`C>ls&mVfN8~x{X(=3nv-P`iU#~$|f&ERER8FTir
z;<3SBbrx4XKap*gF%M(}5<Zc0S!xWLfhpt&n95d&ZJP}dJls1?cEFQ<&=(MgZIP(1
zn(Y$k-pM?Z|IZoVY1Mk3<<1rq*!W!6+>{IzA3cKVrmjA6xX1-wU63fbksW+J1Xe?*
z%o^5{>bUwU_b<vk-i#8AS)W!t`BSR=LX!E2e-S-lKVgu&>!d)LD{rA~5e%XmP6uCe
zNLtL|DA=})I=GxDDGAL6!n#P&A5hPLE+K(irZFqUU6^4~_4ckJ!5k06E>Pj*9MQ+T
z_ws4#SGp~SM;>tYWZ(HlCl6D;XgaCA=^!m7auK(ymPt`}q*tUGCUxman1_l<sgRFx
zFd`YW2jnv{s5DtjEitfNbo*U}r6CP`q9cfz6d$qUO*u;q)!^IZJ`y{9$vAmkwt9|r
zE=(an`qwa5A6G(eoPQfwj#Ap2Me_dCpG?wu!8?6qH&8e&TD7s_3h5!T;CKACgm%);
z1J3KEMxl`NpC;$Xgi%NnM{ji;qqS|rp#Rw(nXIhVF^!kIl*57#gl|7}tx7+RkJ8Rg
zi3l+B?K^Nw!MRz<i3Qz3wCldIRvcx1g1S^a(X_kMOxM^Q`IbUIhPNcx>NDv8IDx-_
zJ}EOs^~s`j<MAiK`Zqg*9_4VrC4P=(2Apg!WT7DH80m$wQ8xz}IqDo@5JA$KDj4H5
zi`>b5Mm{86^lw`tY2pkrh^qe8^orwyMnDWU1<F(wgh_r|vb(oj#z<TSbx-Wl4i;M-
z(4E@4J{@VWBD}t9+hgc_89&vYt19L9Ao2@XgNwSP<p7zJ)cBrq5eUiB7mn|>Gtfnr
zKv~038`rkJ8;spv3yq4p=bHR-Fe$fUp#7d==g_f&E7~IA?VYnX`u&aOoe!HQ<P^{y
zTV8@W&l}zuz?t<v#38oPaf;^&bbO;TBjBN$tmTP`C=m^iJa+%MQ%b)Er=(N=mxcvU
z5>bFwJ4gE2r~?iPA#fDzn~lWI!_9WJf*w3ny?8ExIaSLoPMZDd=1{vVo2bt2vlA%B
zf+Ht@wT?5;s?#aZ_R6F#$7FdhHjv9r)uh*)$pOV4UuuN6^~BWb7=*M|+I`7FyD;K~
ze{}QmG6%97gK9Q$(nP~Gv?-L>?$%b^X*%0m)v%~9&!ML-rX|sM<g&W$r=;A;Z?bY&
z#m8Y$&z3AKG3K7Z!^9tlf0rSU0||^;)=0S(+FEF(y>AAdeH&)CzM_oKo=uxDpeN2`
zF{)*_Qt2zbIKgvD4Ju0jJf}+>T=K<MgZA||2{;AKoMU?C1lUMUnJ;Am?rn*>G){g^
zA4@hWD~Bcerq9frLb`5cAzvMTmHuc||5~{<!?7PaM;m98?Bng>1iRWRPSWPuk8hlF
zCVQ^1af#kH{f^Zpx6F0VH0%4}Jlu9nB^5J|ht?7KxOC92P*_a>J7F(veqn*;Tco+q
zG^ZAEB6j|sN_;0OgJ_M7Ev%*&dByPhWm?M(81rUVsDO_-Ra4Cf)`7|=8<KhYADiB`
zK0nHId=pPC*9O7z@!czD(GVMrx?H0Qs}8lQL`&s&yC=%w_0zSY+r7a%I8G-C&3eJR
zF26s`CgkuR_o^VMol)hD2vTeIqb;=^k9g$GYZtEWXL@!vROJ}4NpzW8toQIrMNWG~
zuNL#X&};^NzmN#6`jOsGZYN>LM8Tg`Ym&0Nk=0Tf@Xf}9;W1oDtOK1J#|lW|Fhp+9
zn(NnS*eAW8oYo#dN_R^l;r{w-JS{ZAc|`@>vy`8I^WVGr32?s*&y}u8yz{KimY7KI
z4X^I7mf%NVB#f?dX*8A{-_1;zDqhiDw7d1Pn2iQ|G4(Q^wgQvcI)L2eYEkiXZ>8z!
zTt$&E_c=@_ylM!x)CZ?Zqfv=Ou<gh}EkzpPfQ`PzGRuidyk+nAAw}I8**DCZPK@tW
zOdx6LaDcmiX}K3I!?&6wzbgNlZ=dEulOL`PYf~L#p%;g}S?o<P-Y#SsS$lDp^tU!^
z`J#1S6-*~;zvR>jOcJZb8HwdEv`nq%!;8_73E(oI9HPo`6Q7vhb?oLnC4=FrJ}%@M
zly0@<i9hd+?733TDCy#l)?clk7l4HZFh1IzG>9j+Ezr}y1mcvXEw{%Uy+o^!+eHs5
z2j^mJa`(EYA*c1Zpj3$jo&!wN5SD7|gxHdhMruhksvmDbr1$fT(RWMIuKG}LV__K7
zp4&~cX@ROI$nw<{hEnCHO$6Xq#-e-UfJqvtvQ~lK3Qx)%j(6993xD5sL=cq~E&`xZ
z_d@&jO&~#kI-IK-3qwP+T(2RR$%mTDmD!$^|A9XYt3$HJX(z_}5Jk`kB#hG=e<WG4
zticvnBfac6)i!C7=&7$NUOzk5&Nalxh$3ZiVi;FEBXg6uwbvY`TB(dJUz@Aos-}V1
z(5hGP(lTBFkv>0C>QPm&`e)S-gt97*)vvxX;k;tqzlLaS>Pxlz8gp+3a!_62xY3hk
zSY(QeN*fbm!H|&v>&fE@#JBVOR3Vk(|HHMmIp>spY4MEZjyFr9NZeU^VV+yJlnDZK
z_JL&<7E~M(YhD~>N8hB^AUFs}*C+HeGwXnwcIwAflhHd|o3&{T=5KHKLQg-KBvkJl
zvM3!Lzf4HEX~RWW24uWwz&vrsVj8&tg%bqdFO~+gqTK7?zZXl+Q@w7<*=2b2>v7bd
z1(?##P;<7#hs7!3)D!a-gbyhhk_v$7R03)V>7Tu4l4O2DXuQQcg6`KJF|anI{*~mr
zp}Fg}!4M9Vj;6RmHjm~I7x>xiS%DTk_V@Yg%Ni!L$QC@81{pQ)%kzdjth$|mK-zr)
z;-o#w-7<|+<fsoGu;rh9v|>Ae#buv@sg5Gr6Uai8a(DAVR24FxiIIE7wxSQlPdw_k
zqq@jd;lROt%A==zlU)4r`a_!e{{R3xyMVQlv<71$SERkbW&JU0{oIZDO=ecT5atOE
z=;Qh8h69}X;!d7HdThIQJk@Pj;-h1>vnxxiJzy*Z)jf2%Xome&MfewxgWLQ{g?D5`
z>FCR~?)I4VJjBo!pMsy~%HQQdrg#mf@IOh6wzy<aR1S_=BuV;p+8NbJe1q(UCNNRB
z<C@IUJ=}{&;W$k8Z84E4JuH>>oZT$^5*EJ-n;R-5+j=kWkY~kL46@UJvx>s*kW7-U
z!3A8br!}4}yVWsUf^5^Mlkt>Td`WaQL@vo5cyW<lXa-5h=O5J8(0qJf*!^5{nHSTw
zE7eCZ6~cZLWy&X4xDwCvs>Om}W2x0YJ(Cg1uWUZ|SP1NMalSi~)|ZTyq$X3W+l+ta
zZ}GfZ!RU(xnT<Mp%wMRY(Phj>JPWtba(Bk9l?SV`Vi3Z;&&T{rU(0nNDt5SMW>Ybf
zC2+bc7|ijZqg0@BGybz1Dk?}~!@D02hl#-S<_Dd&T(#=~=L6WDy~NNk;lxK3#i7do
z7~`HzsoWC=hkKFa2hPm+F?1}P_R<{hHK}TK@k+($>xYJ|Rn@uu-VJqXSLEMLdqP6)
zq!)Y#sYaCu6NPNV)^}gDrXRnzVqdR)gRe##>mIpV;$mN)*76B4xfU#m@4GNUW41|Z
zPowl~@G0k(eh)x1I<x+1AObHRxcxZ+$@<8D<IIqVox7l-l{GtWrJ}8Lw!ww9Wv0qm
zeTTk*)aNi(I-M;V`*d_ukX$f0nn3=l<0kTprmU2?ci&38#`N>VMXEdx8dTSb1e>dW
z-z>VMCvh3|okIc@!#S;ORd9AU@vH-r&Y&7)zU-*cCCb15?56hNH~7XQ<XR3GR6vAN
z7|;q<NilE*C|DK#`Ref$<0^)TbFrmg#xE)$rQJh5?Nrr^zOUa5s)gX(-?)ezlJ8fP
zDkFjs$CUw<D!z;B*H+r+H_3nrv#U{GA@0l%LAKpx5c}gjxC5Keq7F~e%{ksL;q<oc
z3K)h9WK4(V`R&I9C+QlCHOz(2hNKHI&u)`*Syoko^QsMlm&{<t+4HY=dUOM11f%DL
zG}fkHL2Ogj$>X&s-Jq#on~v}Nvqwyn=Ate$J#kQ0%Mm+$1w<(PCa}R#iAy7H&~y>(
zZnuf!!d0!FoI#G!taG5qMy^^GAWS0nYN8Xtv4L>*i$aWcmX*q8n}0ia1tJ*9^RHG+
z`#zZV0?nK)#Me^b%oVn#c%bOhll}CLi@pc}UNY<nRhvpFE6eN%+6FuMl)<;`;M4m&
zfJmkgeb^3|%;euqBe&k!b$v90*)GmmaYqx@0)|}6jd=7XaQow1jb3^mP}p*>7bXS$
ziwA0DMLaV6b`;X9qD>dCb=4~nkjfw=P8k6b4>|?_Uz0el<Py=jN^MQuN1objv0)h#
zXEKa1js<s(6kV@peDW*ld|;WhTbAjjiPrS27_bA0%(3PJg^2?h-s6+p9w>gMMvB;{
z1H3Obf2?sZ;=eMGg?)nD@cjKI^!4=9B-w{_SNPEnxD#Jwm|{%h7%1eCEO3ux!}KmO
zB!$ylU@T<&1hq9_999kJvDn*kz>Zl>d^E<eHcX6<gVXnxUdpLb$1)GcpBTzzVDA~(
zyu4BVKsKww9CUN0qe_8l7HODR{1%8~C<B9dWCj>LX*$_hP(UVPRdkgTL3hkA9k4>o
z{zhmLKp_X(vRSU(l5H%(krs-DgB4nz*9lD0U)q>|%!T%|3IAI<m>DI>X;IF*9>~qk
zZxH3AT7`uEpb~G(U!A|hQ1}(VU|p)cMk(*50{4Q4Zd2`Zoy!9$YyXM=PK7=vT_&a4
z!`HIq2SQLR`TT(K^Vr6F)2HyVV+~g;!7eEb{OkPW2=r{|ZX5P>UtvuD=0DBaW;wOz
z(pvi3m@;7iKbND0>E$Qyra@e!HEd%Fc>!$QyDe`HZuQIjAU8V2Z7K7TFTb1yDwJyr
zXh6R)%l_v)>;>2MD$i?A5N$fDi)>*Tm1BllHxU#&WA%|gq{8!zclmbZG&JSSDHJs3
zuKBRYBCo`e40sRS>s^+7%ub9#arNb7FqK}PWj}S3nTr=odTacFJ;5*lH9*S04_~ri
zm_Q_!xi9|1F(PQe$Rjb46t_IXaZLEh=*&mj7raG@CPlF!{#JikbhNv9Cy@5J^4R&=
zQb2)g<aB`!cZz6~PVG)@7r4a?t>M#WvoJg|#jyQ3y}G=1FqHN=+1GRv+{PB-ZNp0q
zSC>`Wy(E6&29yr~)z`}`-%apuQVBj{#uW}sj^80a+pI2l6(Ay3KVx2i(Q7pF<Vl*g
z9U~X9gBf42q7J#UKUASnZeObnPV(qJvm3>`6ag9A2#rfy2OP-EF7c&aQu+HaWk|30
z2$<L6`j3zRsBSDG<h<8vSLB+CW_ru_2n4-ig`4KjUwGNo#bek))8EgI1dI>fp(<q|
zz$jKxVRa(Cf;K%TNOkG8pv`EsU3SRmV=Y{e-RAl*?!#LrH(ND++(%t&bY5LHh<gPP
zLzUj>=17)4*v9*O>sXlR4mQMQd@!f(i6;{A4AA*%>oO?3#?OP&gz2i1Zdbz=XY&{j
zqya6ms%b){lf^yboC*#djE<EHG63<-8XN!Tp179=aJYP8wK=exy(9Af_Zq(9Y5sPS
z0?5hFl->-cKPcuI{A07?aMG^rWc<ZrHVgS7S2_mjY^LF-{GrJj8cLDFRMh=FS$*GG
zUX<n~_Ayc)A|GPb6(P*m=u7gii&Z%224EIW0z5gi)C*z9m@nmXj9d%#jFU6qB2}qk
zM`q7&E!G~yT?uA@8kfDJ=0<HtTCOMmKEWCY;7)fR&3xd9-vt&@6|(J+hGA5K&@2?4
zQ&APgSX4B%SX*g$_*+14dfuA%$YOT)S%DprP)s9dui_z?3I2a^Y{(%c8ppcD1XH$t
zAC~*Y`#cbq0F!mO4egW8dm02jX?SBB$-L0%kkD<-q4|jtGuUeRY?Zj+u21L`BkiX*
zEa+UGXn>Z$kJC6huy;Y}u$1cQGhz#LSP&acs^ZVTia8pEA7Mgd0;1yB5Wl@@xyL4+
zCdq7=7ppMe{HTew!*cOu;?emIRps@$--z8ZYafLsQNCgO*`qom$U0@ihi2g=vE2Qa
zS@YZ6A+9?PevGZ>i}u`5NtEUQWKFL3ROfoPC|uM<<}fb}&ln&A-OImD1Y6!HMV_?%
zpR^?adhB7_3#RsvKUc!StIKVtk%ge4kmiUMt}i+L1z$d+z_EdcCt9FLGiu6kCI2ur
z-=S6!3RGY-cw!kIWU9hi7-84*xC6^)hL*gjW-wQfLU4%l$Mz}zcFgu@d`1?Gh9+Yf
zO1%AjRO{d@QPhr~k=hPCO={Y1^`DkAyOCPPXYn&8q7nYsz7H)$*4L>pM&cG+6Wc#f
z`qlTmO^cC6YZakVKvR;7-fxp$`!`sG4yCwqau5-`g}2XGqjQ5pf%=%>SXk7tQUndu
zsMIYSS|46V*t&CAh?7TbiUjhUb6RE0HA-U3nL1^fj?F@ev+CBiIf@xVEt*flzI`F$
z6MQMQHs_wBy7!(3Rwh!7#hi+_1$-)HSHFQ$U3m&jN5;w=yP%boETj5-EbrjhFbz5`
z!>ll9)DuR566H=9tm5dQ9q(nhO!ll_abg#VB4a<YTd};mQ+U*~m+IqJnH=LDT|fht
zoemO$;W&%y?ZXQ&?P__N?iTma!>DT{ng=}HtGsQ)qOp4qUN8oXZ(4bbkVr`qR#9_6
zllIQ#RlCfO$3fSKL1IH*<*Ul~psWeG!3m`#0e(^XRz8T#9|%f3BI;{A;<fjCsF+LM
z2G1N0B>5^Qhgkdt?|{Iq_kC|C94&eSPm&iGIisDZ#Md9_;b#sAgJY@8O6z|%cTVyA
zM%kT^jK}2drs$pFp)`6QeOyGOn>n14h{zCINW&PVOts&CNiqxyV&W}&@+MC7pwON)
ziIGE$NK>$xzP^W9C3GjOOb?dNd?v6)`6>cJ3r!&G2X~R$m`Iza%Z1w>ps9m{zQj*9
zP*Q6O?<tW?4JSca*3UnZ<ojlKD(X4M9LB&jc>rfpi{6u(%%Q&w&8ZKLhvOve|I47L
zm*jI%Z9ia@(X_FRijCtlWWwG#$9LnX;Ytx%DR3NF0wR?AQA}lK=iNu^u5>{)jRSf%
z^WC#>R!ZWi{9f5EtF<gfcku;oI&g1n?8t>|+ET`J5oS*Cxl<d%rWqDtRv|5uEC|h^
z3j|WtE_5KG5hbWBkrR^8%F_TuY`n<BYZ7bbkw&c+O-e@i!C1lI7OP{dR*+P?x9aem
zi%23F&0~6zve_d464$v0eK}TPy~c%_EHP9d#l1M|rNpB{-`BUM!<7m9%PTgw&*ljB
zO=Le%94bej(I<D}`PWd#mi^taC=@>MN{Jr8$OzrVyw@@eb_DZ2z(||TJNWK#aTD4j
z7Nq7zq*+*@xvM7wOSG)db@X6apm~Oo9<ZB6!|(sB5ot#3VZi;^lo}w8X~XWu1l4C@
z)xDZS;QZEkmcn;1E__`}t0gcMahBo?>&@26_7E#B>{i?(E_nWE4{CnheC~SCh-Zs@
zZ3ag&*kEM%t=v)kGL5!l>RDE!pXff&MPIu}jXOP?O|t7k%~M(tsu(}cTR0bF%ZlH^
zvaAJQilsubVOQ|uT^Ikx;i`KTEr%bYzu?94G+?!qHm;=Ln!2ZCS>bxiPi;f>O~F?Z
z3W-;8R)fNl9eIEnWpNrq(l)t(wIxQhbb4d}i&wv5<AppZLk<+-A&ju0{!W;d6mYmM
zBCT2|e875<jWtxWZbR$uW9tcxPEo+{)!^p>S=RRm5DCf?4Q0cV#Comlp}_1_w2gCh
zIflZE5Omu_D{Iv=&5}IV$tN=ECG3IO{%0V895eATcd()39eZ!#B?NC-=D-hS6E~OM
z>&ydzWtTFF#U&hW?x;^Ft}eAk3~3bbF4wD-$#IWCv=?2I?@QEJ5`Yq>MomW$y5kIs
zz@tY1srG^>8*1gkY|wX3bwZ5kI;OAv#m&I!lyuVyd=C~{0J9<qpKZgfLU+X|DFX<J
z31PW|&t??Ci=#e=mWkk24a2o6b;N1Wv#5oky1k;ZSMxSx<^X;T&N{>+OZBsrtYex2
z5mj`K6gA7QBftlU*b%*e05Xf3WnP;URUXQc+jvw`ly}tDt{&Gcg9LR^<?WcY!6{dw
za!CEqE1v(TBPg3po2!H&VRc8%CDH=%wGprVB*_H5{%LRbw#J%WNZp3nyw>d~BMff|
zKZ7lE^0`&*qh6#v?dWk6wX!Qd_E+v{7(sRqp!LVpxYPn~d29{+0Gq>pRO#lx`LIkE
zIV)j&o6p{dnwTG#S_*?6288VC$Z%HUm0nsjWxv=62zfyw>c1FaAB7|9aZv6tJejpL
z{KMsVOjx}t;A&bS<Y5(Q>N@_bncU3Kv%i1+FzkWMz-Iy#?=US+i4V95u^3>UIr8KF
z?8C`>VR9&DfE|)%fhw!!qK6KU;Qxq8OuSQ}N%m3Y6?hl1e2-DzcN#gN*8_5`au`lB
zLG{*_@j|-0NfU~G51d{wY>v&FEVdB-O`4`#-r(+WM(G>ya)mw^9li$WpH_S8-^NCV
z4hs02P1BFmT74qOC-38=@sQ)r$Evs1B-zAij=uQFuMa@K10iR8OmRw#L4L{xLo-t{
z)gBn8_jwB-(&gaL0%QD8V#;0X>U*2EG$;3%^$VYtJ6X&J-j7G@y^|lQ2nx#oO!oTc
zmGhaoICxcrxw6q9h?Wngsk!{jG}_LuPz_vyfMx+oGh^Ja>i78$X!);uG1Q$>q=++{
zgh!?xSM;>7d2Z3EZRe-d3a0NmhnE?%$!c0HDjtIaBw(k7w)MMuUv{Jb*)k9vX0-O(
zyO`Guo>X3j#tFEJ<JRQbhDWR5B=k+_<~5o@&x{y%wy<`v=)%8yA71QN%X7+Pj%zhG
zyBPvET$BroaUQqJ_(U9*&$%^M<wLQ*OTjp-yhYswLWod9x@V0SC59RG>z?0Muqa&%
zE_L%*dXf0~j;J8YkW;nN)ogDH3FR<70)Cs%S{o0mPg^Ri4`JY<lkdy~ejuQ{phEg)
zN77633&DGlI!+$|PKzSLk_rR$Mk_?VvdD0n2hOFi&JoCseb7+~X>_VUc3f{>>g7qD
zrshu?ET|GLmi`fA`{^=2qt`wwe)5yzEznMsR<Hl1byx3>xvd0;q=<tJj;d8eWJz}c
zCZd<eAgcOF@Koc^h!Vu=ZPeU8Wl))W{5C;}83o26kI+;k52U*Cy&uuWJ#`VGU?!gT
zpZ3ehk)Ov22jH<1R$wyhuEetk*H(1G_WaLJ>iKJ!^8s#iEAFFVoeb)vtHUndeer?~
zhC7;u8ISYf1n69LTk59&IqLceUYR5(0sr|)I|;#%<!d}PCkr3+o_2xqKB*x`Ic5z^
zICF0$?C(UAWrL#Osd8slcDo5dPs)4=DhtpJ)M<`vqMzZJv~k$*1h4!25`Wh(#7ro6
zAKv6oR8mg{l0da;`q&e)uiD|no%}F|7`(>|y)x9NRGFq>RHD#$av@uWx88tf(bL($
zfq7v`%`K6zj;7%|!DInF`~y42pnx2a3248%0p_nriQ20WbD(_VsPne4uomh;{kviR
z)4zQ{&NwAt9D^$**>gApNdF%=wtnLjmHzdzjIAWg(aNxr;e`dbZraKwWSs*|r-1z<
zUO(V6R3SMA;%h??I+7YHBaMqK{h_0w#BSq0<^{z*?d@j%(O{P#7|yJA)Dy@&9X<wV
zi^CHZL+My$NA;FMbWnjm6HHOhlBSr?^*MqZlvPlCc}8i{JhwZD!t1=KclT{}0yz+5
z-j~Un|9sNu0Er>>0%z@{cERPrNnd37W~CgCf>mH5vB}B8XM2dn48!l9$9UfKu6Puh
z)_(~YRWd`oIrCFD1}>=O25ErOZ!w!juQB@)MAThcsm2@JSybC5=O9bt2q<%juQarO
zEhOBWYbGD@2n8?YoGOIf@U1H*R%@$G0qCb~pUojldyKWnQ7A;NUyoC#N${F=>}IE{
z358Cy$V*(tz6)(YTjKoE^4Sd?p={a5thgySO{rUgvhr+X$iEY0gN3TmXZ&z<jb-ND
z{}p+~^ttZA{fR6P(&=i12iIYTVf_Dfdt^y3o-yb|{{9pLgJ2ARwhtma4hzVwnYb{6
z_u5H=`1R7G+%auCM*<F3A^-Z|;TxBa{_C<uVTtXe7%|l})odkO5ZUdlWP6`p<on`H
zL$}Z|VYlax>+NGD`mK3`uj5@p2r#)>n+}V3Ez{!F=F8$y%-qgjkOnW90e-upk9)X^
zh+3)1_6|=s_f(@B^5zGdG+jo=ApZ}Zn&GxNxpUI%8~r&U^R~nrMGRmrh7|G?Fk3Gq
zC}kr^g*en#KGAojX|C?O&Y|9nNTJm7dRUz-ndB8`Er;V6x3N9~^}U*rl6o42<Yt6#
zY63AG$fyAa2on;EwXrQBEJ8wAH_0W6@8I4oZKD;1<(yNRh18ih@Bd<11=u(y7yofq
zAe)f;Z@WnL^vZ=PBmBWs+3?BD?7n>f$5<r?(Ua3?|7eU>c&D@1vJ`_qt<jzcUEN+|
zh~e{tCt1&xuK2z5$T?7oA;L$2X;glqn8bm|cj)dvT-m5^$$}`O05DpR0iBh+Xc1y|
zyA!_wmt+(}-2Uv;WK`7Z<S$<`XMpYHon3v>NIXR9EV)kCs9d~!-IRFluyNMfTVjj$
zYJv&#^}b--9u*Odp-ud*XEh@^j2kft=8`_!ZA^ur?%A$d%c;2A$#Qyt8cmSDIohKN
zyfcN5No9EMWHN!ykm)1CF(59mx^NEz6GO!bJbvN?tJb2#FkZPS@))tNEjZV-FYOAB
zxa#S^;&2u0c<DH_Rj{*M;~|v9q~5f75j1#q`7-a8l)!F5i48Ne4`taA-?hegeCP~h
zDcYwZaHB++><ueuZDRQlyF<Gw36=xac+zLRY#8c`MTz4=L)TEQ6~hm-gBjPYLNE}D
zsU*LRX^vv{%A<*4fcOyqP{K`Tl7U_wE=yslB9lOj;GD&Js1hJIbw-4m3`Y^;3dx4V
z!0F`3{2DSL*@u(>@@D!|7{7?Z$jFO!MYNP|)x1aCg?Wh1#ldiR|BUcR3BUZEZgoeW
zhL<IR09EQdlSx*hIc|8<bz-lNsC_nJYdI+dJ9NKU7%MoDJ3*glY(f_vq!_pQT5PaG
z3YmgTq(VrCRw4%<;~800sj;eG+(5b-KN_<(3!C4o;LHaZCqTFJ_hI+~>JCJ_Z?-~x
z&up6&dKIZX_UxEdSy%Jzmy(4uf3<)wONDCW>hEs~JH;NQPBmetiNS9Hw$`?U<j05F
zcRE#1pEX<I@haK)H^cMQtbIUK{7{1KtsC$aQr1rK3PW}%Uw@oxBn4t-$wC~YHHmmZ
z?LW^=;W?IscHW%je3GNZn3aI*#)q4L`DHDi|6TK4G63JqX7|%`zkoKggqwlFKW{0`
zuf6UAA!I(eW<SS71`H@YcSSQ7T~~Gtv?=VO?$`so8NQH+@oQ#yO?c40)Q2lbkSVe6
zdr>X>Bmi`R6+Zad%}9K?9^x8r!SLMw-`%#Z6t}rA*U(IiLBye8E(!u`DVZu2tNmp%
za0L!C_?`P0)Mub$3&1+%p&sn4;W73u+1Gn_?dl6(NR4`ByGbnTx^14+BxbWr^DD7A
zRXn?Tu}r^E1!6ntgTL}C2{aOpb8dIM@9sLFL>vNCJ5@D^OS_Kmds5^$g!t<WGI)6Z
zkbF<mu?L1Y^=<Z2<AN!?$z?kKHD6#Cov4M`uN=-)g=gH8l^Nrx&R7U=nnVS@lQx_H
z-)h?Ftz+KMl4LEdtrZvFJ;yhE&{t`!X0bZmbC!@)>n+Lu+Pd^OQNg3i^Lrad<?!l*
z;>;L3^6Er1sPwZA*H=!#GWn{=GzYlu0jt};<M3(UiiwG`B;bA=YYB=q4IytRa^gHo
zq(|mM$ctR>`zmd@5zzcxK`cJODFeX}pLq|0C$F2O`Ss8CVFhf2aE@;*!VN_mhbt@0
zPd+KBz7T(+{pDZi^(=7dR~WJR&a(tb=OGoX_5|GF2`AX@>oe}}kXQ;Sn2F@GF|&y1
zVhwQL(SPB5|JIC#x}@n#9=t8o^Z>4Cz_kjDPwJzG7r)3MPGo`@E%>J7LgwPb*yQ7d
zlpOsTLvsTMeY<0``U(Oo`#qiER;-olx_=NEjFxc8*bDGWww`;Y287C5&w%m2OwHUe
zrDW0x+o9O`?0+Hu1XaO{eq9~|tX7x^NE79n7cX)Dfy0YMBtU2ZGR6Iw85$kq7oUJU
zmxZWw&A5lA#vPB<QH}tc^0D_d$p6LMsaeIsO!mdtLa-I8;M+)a@gaiXtr0J$H!Q^>
z*;sbf2~f)2ZeptSa#*3PCQv2HmblAzwNixWaQFwh2$7PP{(J^k(kjl3re03?g^ADA
z|ANR?TtGAo5KZ0_Xl_D<8l^#-zO2<&*yfpok06&-gj^cvIctW0%jn%Z`ktuh5Tdb5
zkH)rxbRMaOWs4Nxk#{p<YA1!{XVY%KcY-L_Q!uQ0zSswvu}v}c`2<@*4-MxABGk5m
z8l-t(yaeZ)ZMG$~!6pC_m}`b7n)DuY`EX0t$s9fv`XB|cp#`)(0N^+60qOvqqcp)2
zQ_`Tm*KO~3Uc2)a7)T607V~_bg9ah1ukH9H#}4*pI*AEPL;H-cVZ9>4EN~o6qb^UT
zp>&#~YLN;+G)c5JSXkvy0)c=3<Xm<Cyu*#)gwM%U5>6|#*qNVNEdPvU{yRB7QU}e8
zdHmH|YIPr`qll3~e3ePE9=YuxK!%`=SC9eND+IVdMDQ|e%F|cI>QMUr<ubg#K!Kg7
z9SmLX)e6wU5yVSU#u5H8`|aCC3u8T$s&`vdlpIdt7a>CCmD&BdHJHbHsGe99f@@s_
zE<@q{=11KgzaQ;{;_VAv(?FCPbs5Q|17q0}LNG3Tcxdk5pK=R1=dWxve6wCW$7vr!
z@%k1#V?kqgQ*1qk{e$HMtzqe*(j-iTnccRK648+WHT!aS!pi&iGY+rvV1GFYG8R2=
zPhC*+DJjUGOiOl)#&YEl7bJq3e4wF@E<Jx-ee_$?Rw%q+>B8Y}$-=Fd2YJ-KJ|t{x
z+;w5Dwsk2-hKkt2+kehrVMz!KN*3Zz5h+^{U=mD7HiBY}?hfJG^tlGbMSLN=>TW8k
zu?Rcz?C|60B^=?|Q5r~^R?icOmoCSM8;bE-eNVcB9M~lVGpC|zAE%#GZ*hMLv=*LM
zr}hTVze!l3-?Bx+p?PEssX1fC%ThjyKBMzIv;|pT5d(ax{u$*$*sb9V5;(q+KpwM^
zl*F}Nl8v_}Bt6`(N!erCnKDI&qP{kK9<l_rNld5`6$~?M`u~(<|2L5ts(kuFiL7FV
z*%NAyuX$vo0}&o8r^`_r;9S3DVH-YEJ9{CsjV}EP{13>=5j$6{sK1BE*{H}px3Ai&
z2<nr0m+2*|1z=nY(=DAUfNy<BwsgF*ooAQ&wX;nBX%cbP_d(i`#xP^d*8KeXXs&^w
z=R&o}XN~wQVINM#0C+NYM8=Pk1eX7uU028d<d*+vs+;p9ag=sOrXj61mW&FtI=1v~
zcFI>@1D=^&D)_m;d$qurC5Q3neR#nM5jOOFaN$<gX0Nuiu$&b&fmRyx<4p5yC0i<y
zsxFQ(*5CsKAB7@dnCaNOrpXG_r_s(2s<=fReW0uTevW%3Gw`MTWsD;eb=&5s<6IiN
z@+6rJ0yT<|F?ll1Fj|p<)R8>L{?n$tk?xOkhy{z~4?sUfHAZ(5Q?Cjqo<g60u<B*K
zh;WY0ZB94MR2`k0F#8OHy>mXs*Z$x0^YadKI9C=NAA;`m3Uv9Sbaz>86kPo{j}O@p
z?R->dvtB%QE@SKX<hQ~FS>qfXi=iBv36J*S5gnX~BTmPyiZ55vMkW7Or6v9^P&wvY
zpTJ!E36s8gZA;)Bn7uq{h3OU&>#5}1baj~W<+fD+IB9!~pB9CDw)l~cU?Q8$FG*91
z5%F9L5SVQ+?By5r!PV-0ohw4n`wi}UKQU)ZKt~S2OAm0Z9xWn9Z4Po!b%(&y#?R?q
zB#AH4j@k+9D0i#LOy6$82H!99m*fu0C($iH=$?KtO$UfvJ1d7Vf`=bE0i4W%e%9fr
zV9qs`O2ujhza8LDBM#hxu-qdd+hhx7w+zMsR}^X<(W*gEH6U^jEv2iLw9Jj*o|10u
z6Br*o<@a`4tm(|-EH!=*?s47asgah9lx?;QdKf?Aif)p4(4}LHqkQ3aKgXO*l4JAG
z72xVLNn@h@0BE8zjW+<cKvt`f1~c-3IC@ae;pgX+n_I%Gv1StV6##HVD}g0NKeh?>
zYzN`9feaQf$v*DxT{sQF0fQdV%4C6ByHUdFU7@GAz>>6%j4lu=`Sw(J1b0RFl4`@v
zG#eYo=?1W@LI1wJb6OBcWpw;6a%I(B0tqW6gx=e;`jnCo+_Dme9yqqEVC!k`L_;tj
z%5|G`IfQ;7z7$v!7*#b{V0xVj5#4+htQ84>gT|P@V<B1m0`z=0AMEpyc9+kUFMq2>
zLm^7Ae!`cLp-!962wol()A0#?XXFO*Q9%yN&z9|Z7UMhK4`|1I!?=tFMIp?o(&78d
zT=tXJe$Ub7UMsPs@nBE)A8*we%3S=SB)0bKWh(V-U$RS>8JrDBPzB0SXAZ641pDbc
z^kpVS&W~y=T~FdmvD2q?`FlwU|M#izd}hB*@S4V65v~v;Z{?&`zY$_}WAV6uB%k;d
zW8_UZ6I&Q9j8oLn0h14e$&AiyL_46cI#B@xAHs+6bN5iEvfmunjU&D0Z7LqCC+{pA
zEVO*inVs~6=ZRWb_*u%fS*|pGjAa3bMa=*LTM~&WEcdHc3KnM>OzXQu9mlQcr^3kq
zfms+9@9j*x#gA)6U05-NC;mog6X2gyC8Q<S_XR!27j_)qd=cHN<F|BC_i%shDWvc$
z`@J3@c|9qkb^@Vqv^lmEanJ!ue;>{K>08pIPoyA>r_{)8F%tO4dzeMH3=7Wnw`W;x
z5}}6UnO=-x9!&#W2>pf{&!B?|E`?7b!ENmi#mp@S)*E3<OO6Ib^s|n#!sg7*G63p(
zM0ad?-PdkDhV31`(;*+_p*(&>^ab771><J@<@5@&{v>T=)O;(#xATzE{ZY*8+jqGc
z_Ls?<CE(xUqBgSr>2;}h<oKIFYkNm+A3wkvla5S|LQgP8>$}taVfSK)wk4s2(aMKP
z9o+QWzp4Wg@b?=twgKSU1{gr8nosDqQF)}d7%Om{a}?3%&&HYHa4c@7jN{5uU;u?g
zoMMp_kkwXJb&Am`3ylN;qKMU@7=2=j=~uZTLV~|e#auv-?;4Z6gPgy$pa877W2#KQ
zV$S*ED<0Vh`lsd6$QT;3{EXkaA`sUY%?$jIWuMm8QA`@8ofq5@WGxE<L*^mI6suz$
z*N9z$N~^ICNPUpwRyCXZoR}{>Tls(s^hDBqokIoEHkUL@kGVwqYWG6bDi%<)MKm{s
zfauqXYHQAob9HHypT=vDi95VJ7gyC3?#^Lzq0hq2A!Q!OGe)>&CFxZwS%FfI&N=3P
z?6Wc!K09D21`D`!+=vtyjl)sog42~QmL@%lc>nAX-4AA>>JwS_>~kvvbkIc#cld9S
z<k%3NvJ&}84iFmJ=(YWtM=DD7tje=w@u#jk62T1-ujRl{n}3HlmxvY#1=3`kvQ9%-
zIq9|Pr{%{*V%gN;Ov0y$76K39m+oGt0PhAT3vbjmyElbP%Gf5d;urRYCh$Sz<uG-5
z^;CbMyAP<ddt4=la$0Z)FZ$lRx<(2XTVygl;bgrq+fE?g@irS<uamtoFAUtZ=`Wc$
z{eg{Zy3$5fWRwd!ePzilZM4PD?)<{1Si{clRP?LbwXX6ro~<=vctD5hOLg*-ao#6=
zQ&ZhXx$biir6SKm3$`Oq*gRt4Bl|OtZ3T@4EA;r4`*Px@*o#o3KDXyzGtaaV$ZMM`
z*=krSOSOFUZlog{eQ=17$yWm5DWD)%+?p;T$d;}b2sr>PShU;^m|H2~&63oIQgRom
z-RgiyQ;LsECABzmHf}RMY|tMom6A4JFhY_H*Z%rmTFqAYOWlfm@5JrMfP$P~P4i2H
z!5YW@LJxH^tWA2)LIivd$D@dPeRN26G81a@m_fARXPVNc2g8AIqyx+<T9(5vA#|JT
zreREM(3$c<m#chk<Y;nR1@Ln5r3w>&4_NwdV%_vMQJ*teo)AElcfYGslHQlocE{C0
zvQhe!tUDGr^;jD8E*uIPeOm!$&Vn{6q1aPY>$Jb|zgNeYd<ZNtwKBV4;%dkK3c`zS
zHYXz06@%tRo%^siIc#0ch&ZN(V?NSBE{~Zs-rUviAOD6>b-7fnPYeUyZ2O~65rTKk
zsLkJ8JyO<1P9LLmLA#v0oc8^5m@I`tKl1t?toC=N=@#X%#Hs(`xuq@Yt^WN7Ezu$;
zom8~!yPgt^uC97Mp0h|k412%sD(mH9HQZR0UC?u8xyJ8;R}X}29+rx$@`(`e4w(Mz
z@H5}T=&iBclw?bbgnkmJ%q&Sg#0n5E_um47Gn$7xqa|Q!Vmr38p|Au``Y6d0mIlhw
zI@Ab_-N+7vzp`9gz{0+V4-mWHxo3hK-*@y>a_CgPbJ$3JO<vh6`WO#I#uDr+c@ZWo
zjYFsSp#m%61kZRxXwxB|#a>}+42T7+QOITcE`?F~Qu_rSgnaN~&QFzIrLiSh<r5|$
zUu@LJ=CrLHanqPf^(ux=O+qpzhuE5GnG_FyFn!L&80$^|j_|61fHAh9x?+0nw$w|c
zjQP!~2jgS<^O&&kI4CJGk5?{$bbYs4&*Ed@32`_vmNv@$Jiz8w3=hnL`9QBsxa7(&
zoYGGu!XFGVgvsavrsR#{M!reO@{zDUU25ZX@JGV-zR8&qD`#E>e%iaSxJ-dz8>8A;
zW#*xXt4_yELiif0b<s?mjPm*OyT}`dBbshVs>HY<3HuEXWg4?6Muv-Zj~YNfL13sB
za;bnWLB3o@9684l7_DG1>zq!;5{4F!F14M|>?@-bU&QCqn2;2{1T{!282Z$kH`ozu
z${4mC==>S7RQg4!DauoUt=DhmcXGi*84$oT(4fHpwZ*!~%80yc(a<a=9ZNPqAa&P+
zl%0%#UfJRMUIHx}`EDV1zZI91)Gm1$dOONjTTynNX|Hw96UilhhPFFy6IsT+k$eZo
z6J?3pCPALP&aZmj9P#t5V}yn21?o<ja2pzf+nhk=rp~%O>tjTjpA7zD>~mTnjCy0=
z%SSd7`p>POBCl2Xaok->u)!h43q*cX?>BJZw{zB<80jo<%}QJ`OJj>@WlRI(*x^Ki
zQav58Rja3tjxR(YQhy>?+UrJlU4;JW9W<fKC8MC=+^@A8BQ60Xab57|*3TGEGgpjl
zq$PdF@j|dE+cFUXdSwYCYyYed;=6oX{M*j*<I6?Jw)SQjv_fbLdVR>++BUepiDoG_
zh8zB@E9SPS^Qc1%Xbir+oC-sSCl}MCb+2inOGOc`00HCOI!>Onz|}lxLu(=wj{aQ}
zKRN`Gpn4-EYx`4iH2}3(vz7v8+qGi85=&`Ub$it#PWMf*aJY}LH`Z73CckHZp~14y
z`T;dr%%Tj7f`la(1Ps;)=*rh*crzf_vB6D^<=j7|NB1R|Lo7z0X@ozLE&{78q!gZ-
zm9-t4iiY9AFcT;Q%U(6#nY!H_MsSZ|0xLT$SDSkj*KUO^^G1@pCJ-=+CvV$B6a8!N
z$n?Fdj8t!ZmkOVkH}YMzw!Zbrv@m+;YOKo+Wl1+iw19OTgJU9k_;o|LY=(bXfjjIx
zdb5&P%p&AxW5nc<`Sd7-Ra#m#3_~%eZ3{3Z{s);BzSu|c6b6HRLOnFWWmx$D!%%03
zD~tt1Yg~6vBd~L`sE=F`Lcgm>qmh1xo<8iRt%PqsqA#M7Yv6P2FJcHAcEz8?lYs#F
zxWGeuiEM8Wv(p)eG{e<*@C4FtHx6@ldZ8QmHO#VfReAG-EQKK;(E3AI5Li%o2S-xy
zLp=28)ZI%0@B&n+04f(LhM_`-WozN`+Lmt+MaHXwwW0}AgiJJU5&AP5Haf1cX_v<0
z>w*Sh^c=2JUHjVrg*~%ALmD7n{wkFs#6?lgpno4hlJYUrW<XJ5&dH7W&8+&66Z5DB
z=k`|peamn~CQa)a%z9Vip43?^wD+H~MKAacuHvQ#=WW)J$sR42@29mH@l1Qh*AJ9q
z+UWE^xZrl`T<0q?Qqq$%z`?3RYp;0i`g@Osln1ujoBNjC0xG;MMT;JD&TqpnaZXf_
z48aL){GD=|{m~<BJ>X7A<t(5jOhVma(YleHEBk8&YTs{`QfOnRPZE2U#dYr}=k$y-
zol<Q8Hb3-NqNrBmwN${wdVD-h1=N)Z(BV`c$rM#fbpME;@ZuX+61(y;%a)OyZSjW=
zJ+6Q_A(Pn|u0K<(38zQ{cQ3qJRaOzP5;gL6rY^zJOPj4^Bu^MdvbK@5#W-g#YB?%o
z&f21zAF@w6^O`-(VL*a7<!7uYg(O6XEW^I;{FBI*D6k1Cm`0BHoFPg;Qt!$h1y^&k
z7PUR77U%cbSqBtzZ3Um$XU}p#Er492lJ}WJzeGVBbgnaqj!>$}-=8eMv|xcm2e%m|
ztVpb=+E)+g(RKimnc1uC8_icKmnq{?fk!NdejQmv9jYKqQn6j;C|%KdYoL_u-K@hM
z^s!VUhPRBa3O3nL6Ogq~vhYFCZkQi*#|~&_lxDK%Nn{dl>a1o;EZrhoi55<FJ;w|&
zJJ+iHAG?16I?QIxJud<R^|8Q0CnZS|em76#RD}IbA~#VB?}KwVy1VAt)#NSgp5{b@
z&X@qc&%|Jo9#q+$zG!A6_K%+BjqNmyn*Nc884X5p0i0F}gkYzMbgo~Owvvt+LnW;%
z;YgDHdX8p{(cG~CX~s@RdJ#rD)bCn=+hILC?~|nIl_eRt104E#qkXAxjXqD>(=beB
zR+9P50sCkBx46IWUXSPphn@{y#5&2LNf-_EwM{6>Q<EqsGkw!(Uj`#`78@Bw<nB{u
zxpDR&*PsuJWI0<~YC_vh@!1;%iTWD5m(1Ol?+-C7DG2bwdingrr(A;8ZAiL+yr%EL
zDV%yIZ>q2baA9KX9Awc+mL=arwRyHIKpLm@B^k1(P=l<n=r6vF1|3=4ev1GpALBZ|
zzb5nS8X_bcP1b9pWwnO?R)+sL>rim4c2dZPIK%*9*^B$<E}CMEs@RZy{oh<ZGU#Eg
zQv+0((6<S}p3N9D1eRZ7bP&7Kbs+^G`r5$u!c2#z6QMrw%R?hn8GN&xR=Bu-lMX^*
zO{Wk;OPOLnLNSk@@)hm2y3kWi>lAie;iPX1M8&PVHZ)JR(o&r*@gt-om$)dWgz;rB
z+^<W(z6wP`N=_^qK_7uY{d)wp!i*1Ji3J~sy63CtDf~%SiC;t6arMipqP;HL3eweJ
z1?gufQZqW4hLRm?B^t#-SS+3ozK}K&^HG*cTtB&};SL%a#ZI2Q8t41t(vg~?b51_X
z;XL771ic<T>DNTS-!igU#CFV0BSkv(>&*_Sn$VB;d;y~ls_hF}Ucm}$g}6OAoG<OB
zDb^K04n`kX1GOW;h?;7~L_-UJ9n3$t%umNgu@_~|Nx2(>yIDyfV|EYg`&mkRi>_B2
z)CfUfe$H`W(`Ad)B`n`j@STC$aolwx48pQx7zOH_40R{m70YN5fRAiWfN3C$9xewk
zL}U(-xhE{xRGqj9)m!-N{i2WedoDdWz1Mti1x5KJa3KJXr*0l$OVJex9h@GI*|aMe
zO|7lm1b=Zf?Wk0Jq@%kCf=K6I{%1omFiSSd8XO&{BNNlG$iQlY2<1Jf$&UOoL-Ls?
z7p|(c9LJOMH=$&#jWsXroTO7FZB6(f<x6J9^*AzoFlWRtx6MR)?oG^LacRz)?s0{(
zT6=Af%}kIb;Xr!%c9^h21Br;R(GR7(QQ?0WV`l)kH~#63Pm@sbqvv9|Z{`y;&`?A_
znNKUb2$=20B);W~?ak72bESWjYh38hTR6SXJY_Do-*v1_*i+whUs=Wt)_-U^sLrcq
z(T@%G;m0K%Fw;hB3%#JVHiaIOP$|RAliRR2W$Dz5t3obu!_1OXPZxxiLjV8n7H0cm
zr~eah<&l+>X22tiK{AOuiy;l|B-qE%$X$_OY#RG8y)>jUdV@r9LmpznGH%y(#nOpr
zH*J#0)-Q$Js_ODhy;fTAtd-UY@EStai3e7~g@_;ae5WVlIzfua=}UgzTD!6rXohP!
zJI{yS(zav@VBPEXp;~FMC*;`l!u6ruSK8_qGoZ1k)c;o}*RC_bfDcm2p*x5Z)VsiX
zVNNj1;p?7OmGjXnmPaZUy`!vb+QoLy+#R|>nH?PF*=s2v<~i>5?G@v9sF*2vW2{mQ
zqw%8*{)fE|sDvk^>or3_?SuU-Q|x@pSO6zHZGvNjFzi{y`w+;rH!5DcI6!9c3-6|a
zr{kYdPPlHy+W|I)go&)SEOe9<y*#hqK9;XcX$l+xB~b@>Xj*bC_B5jNGjdHP;_Hge
zm_eBhOlga~X!slC5dGD(@k1*?92ZR8zii)NyJOV!Nh)?VJ!c|hlS0*Z%QXrBB5=be
zD<-9Ke9BYAq(gS@C}g;Kuw%ULN>$c$c+#Gmfba*n8Rzl0*4ZRDJI2NkF&($Hjfq8j
zuU{j>?iDX)BIp3txH9;{&yR^qbXy2!|Btz+eT!Y%^#{Z+(c!5~WKq;})vJo062+pV
zQ%|}1*G2*qTJ-~EBWqXx_s*u3u>{L`aVCRdkB_V8T5QM>9KhRe@key;;=0PUP2Fnt
zY_`hq7$1@{FyaljqJ1Bd|KTd~$DOFI4-bD?x{$B~n-YuR#T6*&h?5@cNLOb)!O*Kg
zBIZI}H75#08S-(cf(;NBst50il3uU{iccvZPC0!fZuPV#enyi)9}ql|HXUBjHIQ0?
z^fDt9K||vc0|BZ|MvZM?9#{CVf_pQUT%TM}bQum)kn{P2@jaI)KgMIkG|dXnk1_Ys
z6WF9vW6IBa2J@?&E?=Wk@n1xZavVb}rIzw5HPw*{VVZqW+aAwE^R$Id4-p~0wX8j%
zBwY4o#GhsxF9Q96$a_=fH=3W4kVjKM6^;U?d&zCP_{mauroe@E6M+_B{D6q!_BzGi
z=Zt(GMyC5Uc{4>lBdym7!|keI8Ze7&3-3lFb96G$=G3^i3zSS1KktG`W-~U_y#1EY
zEQB(`;(82+rt7%?pbx-i`XbH!)YXXP$V^)b>y7*0kFo9F9=>#C;;xqJSVCfnzlemU
zw+7wyG#C)5u74!phH>4`t*6A^7eU~Y&1zyPXe-GzzDaH6_0tm}7KU6=pzNpeYRMPy
zNzLfmC_nh(60#dzVz;yCeC=c+5^wp`<2)nDkWU+R`MJ&zCt&h(paI(DFO7QsEkEki
zLtqoPtcr;QjT>&-J9qrdtqzju1P;*8{CtCwa3cwk7}?1cb^BF0b-V)iX208EtS-p^
zQ@pO&CkFvUISbHQDuEf-D1+U)#w>t{B9F2h!s}3)!C=T)XV$eTs(O|hiP$>ER@$@I
z&_Z@^B-Y5of=L^;1A{KDT2xqkhW<wXs60cxvN>`7B4M!Ak<x|f%=1JZ$3DCtMCN$E
zWnk7fSQ&n-5~-LdBnZlS&Q{9v=yVzEOOYL2tslxM)mmH`U~JK=etNp}HGfw{$@<Jl
zE>Fe4?+{cTSpXilW52nZbfe7D^FxW>2ZiHmhF9bXKX{3#KQ-g?kW*>nxwa>~jlF#_
z4Ptf$%{rzVS00#OyN)sVZuoz)N|ccX!r82q?6DX1Ogd`<9@PMIw+$tAcyDdocQ~5;
zbXO(2&GRF_ScP3Y=7%Z->Ht>#m=8IQ2WNkj4$B0w<&vGxw7WwwpasZsJkOz`F|&G9
zhSQU|se(rfr$m#obOs&9<<n@v2ZVy9@hpzErZv}6f&mWOf4!G5&kcGj@bcNDNIQ;y
zD`(~UPafAo=;~l#vIP>|Vq&+2$2W9^8&q&Tb)StAO6jHm2M7@4K^-(KO)K2^L9GV6
z98HOaSvb`DbqiW$GrY6@3CU#@^Cf>;uBU}2KRwhfN!hP?wRL--soF)IfinRX<<Bhs
zInhF>X@kWFi<?=53{d5G%jbTUC#l>tZ=5<Mg*!43d?L#G_H49X_Mdt<=N<zXe9%j4
zvK{<|13wlE^nW7v=&rH1fqwmb|0LfOg=_CTTc!rGZV;s#a2=xMg!39nTc!eqNn%#m
zb&j1TDk0B>T<;Wtx*E=uE#O=I(hf$~{>j)9y8~te_mfWI=EP)~TmoL21jkMja;zJ0
zIfWAIlri=(GAq{G>_VyNB?pb~cW0?U<beroQ`_D6y>s~Dc}12{DO$ItkuF&mB3-|>
zTFZ@*LVuz*C_*Drs-kOA_CvFs?oML|77^X`S|NwZ-2;%-$YZRmtZfx0!@`FnQM1+<
zKSAx64(>iX`x!H9h^XffUrt0nbWI)gPhB*M-JFATPF=<agDXj6AAn=OXOfwK*?z)1
zzM37R!Oi{TB(85YV+r;O1}=qlJr~}l)?>PtR(vf^2npG{ZFuG<a&H)9Xo~C&=vw+@
z0<rv!<zn^FbL4{?VgZ~<)^_2q=Nr1Tqh0ukeVFzM5^$<fH(SF2#@;uL<Hp5|aksP1
zEIs5syWbvrQ?V9Z&^naqNq7gE)kaS&kwTr7_xasm&hISTpNvD}YfBlSDig?+aP1e`
zh+Ymn=99O?rWGsjaZj}R8izTv`jrXloAwC-U*}N(CK9qmEOjkTjxlynm9dr>X&`tq
zs;zA!bYdFu<K5rDC2r`0?HPm}SGu92bs+0~0eDWo<T=#qi#C-`<OnYE6<l4z(WCp%
zdMkAIhR^k>r617Zl7qtK`4d}c)r?W*P7n%sBH8LDC_I_6QAT4WOE1Q3k@XQ%sDxqI
zWZ+W``c*GQ-v6<>jVI1Br?iI`^$o0tO1(>Gj$p9(Du>f&kxP4N$o%~yi1g^Vx+Yz|
z<GnVGbdKP!JygcIFywEx(iTt2GX~+_^rM+FjI5RCl$knNBoEYSA_PHHu(9<BFZ9@O
z_roGr6VX;%avzzXkfKx4T6Wq=X{j<bc5h=BQV>!60V))&O!7<_D=@tn>yDJsa;O~-
z28?CP%W37*jB=LFT}Vi(mi{_r7>+wwJa=^i1Ecdl)yQT$P~=!%PIz&MqKupd)cC#q
zVQB3`&$i(qg@*F}#$}C?0rZ?ki9Q?f-f=K-rlNq>N_YL+f$d=J*#MU;(zBkWLZV+3
zt;dbQhCBP=&yh{>#`6_DT*9J*o~fkAj)`%XWk4Jf-3Ggs%n9E0nM-qTP`n?#g8F`G
zsdhO*%PAR79)@KcZjZxfL3O$~emj2KhW_v>xB^yitR=W2&9TfRaksoCI|#*jqH4)N
zPTpK2;MWl@nx=)3;AWp0Fha#Rh#lB>WSC4l!P_sWa!-li0k$*XnJS7UU~piVgnI^!
z87$nKb<Ab^3Q|14_m=@Z!fJV`2p{M|8h1jQ|8}!=tg8W6jx+)~*zrdd6W+*#8}lJl
zi>JxY0=$xss&c}7mK}3gn{M@FjN&I5a>||RCsLq{*1Q+NVJ}uo)}X!~juuizzzE^J
zm2knjo|(~>ivIK)f{YM@>Mh;<mGUhcLbIQzb!tAnuGU)6psR4?+}WbcwQ;Y`F$Qnx
z#0gRDa1CZ-ByPbwVs6Kf9L2+_U4X9t<Dd<W7T|ba){Us0GZMv6{cp#_vz7dtJW}OT
zg%HirQFyQ{-Jms?j(?$mHSVo)U<G^2li?h`2|*q!Yk!_?7&8wP*C66EfLRd*_I?Jk
zaX85)5lbi~KHNUr6Ph`cUq8En=$y6|z3>5B_M(dJq2Na@5`Y}E2~#`1K>XKsq~?3D
z>8Kx^`YZ4z05_T#Q_MI06ihC^+~+gZWMS^i9C%M2wg3s42PBZLUZKf7AFU}Eb`@k`
zK?SJ+aNOOq4UOyVxDp;YPO^>B{A_0H3g$X<rETwCgnM8n-nAbuXzrKL_ki9q;mj!(
zJVEjg%*v%#*CuMxp`JJoFctL;54AXffx^`90-3CZSn)s8K(3p?2K~p&6hsLf1uK~7
zJ5Uo6l8)#GATLpFqNnr180vGD2Zik1()bxG-4b(Q7#hgcA))Md50=SJ4&;SRYm)P0
z_q_>(wu(u7Ka)D!qI2`c!GtPGu{@jhdog<{un@<n+pyQ92T+u${^~v=BGBBVf<X^@
zL5_#H3(LM1p5jkW@;qJ8#@fjG9)Ab#Q2hWs1+{+UV$(0o?pK*Xc2}DHaEvaH$dol;
zRWScprbS$KU-+E1!vfl<j_m@8G1m*fv32X3FM%>ie7nG`+bb9R5ZPEoW}4Owc%ld=
zV&&?{`7VJYMzlH1LB#nG5sSH_70H?TiBozblCj#4v$ge5MDR&wBc*ozzG)>hN(v=(
zh*Uf>b}nYGK*W$NZYjJpd6fKOY|0#J-)3#@RR91&#a&0SAO~;mR<?_pL#ry&q_Q>u
zGhk|yyoa}Z6l>R}6q>{{Whz&+<@ct9N;!Ua#YUJ(r_^RxxOS}ftAABl_pkXz5CF(|
zDuLWiEd-EDCIyi3i*93`0S=x_;IcI$1av!GYwQM%2{M_5@t1J~>Lq3RkOW9_lBGuZ
z8Uls{fpHXDmM)|0MfeU(8P#*yHR;=3wDi`{i%z!^B8X<|?HAagx|i+yp%VoNalpc(
zdzZymg{H-Y$$aOJafG3C{7@D+b#j(iX*u+)_JQj<8FauYEo<fC0n3hSm4fi@;c8K0
zPE7OxBxAQVFH8GSn;n~CdUbTY;iVf#*P0`5S7V*=k1P*^t688~WrmSjyW?Z1-?DBC
z7`gWb6Ly1<gD15w7h$Jg?C0@t8wu&QKW#8f-@*iE?7pWJ1YiBRl3un|pJJEVGe}Sv
zggl{TQ`9u*d$RVCJ<wRAF4y(aPe9L+X!zD)O|2en>1N6Wl_UYSrfXfW?VYX>cM(1d
zU%3ji?^gQ9(mefU0H&By;x^~}zO4{CrG}kqNbtB1a`2+J%~==T|JZw&r3a4@l;C)b
zr7@0A3oEfoHC&xyii1n6uO_wK%@G`r&1;DtGz@{ts?0qz`Jt6G1#=$Kuk3^Hsg0fI
z{-!jP<2#?SCqUH}3F-*qq<MAS_t63;;=#qU(QJl%pR>{r7+y5RN&Q|7`5~xmr1b^g
z1?M)ed@5KvW;D$}x1R~hbty1KH#DG#z$2!Q)4aR9Hi<elz71r8&CtHmS*y^~Kt)R%
zVLWAE{D)1nHJ5xshUWzGRU#3G1Hv0m77Duq1FfCEFb9Y*_?ozd%}Y;<Tq>GPK0(iS
zhAhnjAxgD{T!2cuSovLKoC^DRD={Tp5@bxnfFl8U(DpV|)TH9mTTewFE$cZ_B#XUw
ziZ*LQuq`Uj4~4F)Qvt?zh%O$4(*c#3SH3mSPMC9-@{$Iebrq9d4YC7<o@%1%SxScs
zR89wNQz$n6@3(SvDt8+gKdl345CSIavE6~U<Ojfv{`n-}DLyA&0^o+j^?Hlm#AYji
z=Q~WoVf0R}jQbe!c|P}!HIcsBK<VLA{yZdEC`C*XA4ji%*LxQG<tA!1=K{y-hYird
zBV^;ROAPn8lKiw5+J@IQ(nE@4YVLzVN@*AZ>!c^V=6`wsM=dfKyrx0t-{e|dJ@QZm
zDX?Yq9PbZmoYenH27{6WzaUD+!SiNZ<y#^7BykH1--sE`@_~y{J=0>Ddw<pVrx_7p
zOQAbi2eQ&)Nwz0ZUyHD0X?wwiJualPO$#J@+f9rd&_>N2oUSDX-K^c+Zb0LlbS;|2
zS$>K5G&Iq1rp^fHSt3SVHDcXvY42Ew7#CmWC19p208~?F0u5IXM?^M0kp$*XveO`x
zjt<14TcEO%rvK^su76IrAG}5Nnb2Dr&y!C}6b7nUcqFgz#lnsZ(u_=+5EoI$j=R_v
zFV(E4x;dAm8;i9t__isSP2Z?-Snq*pLpQGy$Ng9f{3-MhB3~QJsCUnX;bzD~PZG1k
zOp+r8!-a8D(9}xRcko8a$I-(x=1`U+EKC5_rb+PcZal2S!?hH$-(=pK{@(|Ydlo9)
zb(Tk~ZoC*5^^rQ1zek|ziLI~#ScM>;$$!Q%?wK!Ly~VJ1zbV09Z8E3McM^_-TY+RQ
zJ1AW!oZLeAa3}YiO18CgWaaR%Eg>bh=Ze^NzBWJD%-_ZCs5LOoOIh-3UYt3);t^&O
z<*ZZ<d801$Sxh?nXaPmT8+vW#NV-!LyfaNDD4F-Zu5f7CX04>9q`IUpJP$NoDEYTt
z?_`1Hyl4?VZ^`^x#!?U(`Fi=HXKpC3BwI%?TM)!(dhFOztWey>bczzq9pxxoA_1P9
zGG98iMGo(IdNm~gO>}-Z7dGojt=o)7syPwS3l#1)0K@=zpSOoJO6e63!rIj@{EDdq
z`7ha)aH_LuLW7S%B2nzlj6*kr+Ju@`*;%FzFjaaW+Fju9dpZ<;v)NFzDgL;e_X*xz
zRCkTJ^aSt9jsDUHB+!a#%x1?ihY5Z7vpOl#Q-SAanOB!;Lb&RD0W#HJ#ejeN@OuB&
zxD&THocu2<3TPM8LJ^ZnR*ctt&1zihrC4B+bWR?}e+FG$yt`xKL5=|@ekNzCYfP!+
zdyQ9^mte%~wB4sLbjQo>Z;y(_s{<FFyDwa$MWeLo_9C3wP@;)Vi^qw}#OFj`LYx#9
z{}kO*bSBLj1>o4WZQFJ-G5*-LZQHhO8xz~Mt%;rUor`DnU0?R9uBvx$bL*ovw7+xT
zr77U?#f2*pi98td!Oq(`nr1noE}s8%_vUZ~TtY#p%%cvlz_Btnspv*{ex);c6z_1P
zcKn*`QDSqRtwFh-XBZd__Fx>#t@m8Yl!(uJI%=&;7*IIYGE}`9PtAVTM;199Ppvzd
zN<?&uGlY{+#M4|Cg(+(ol3KhR{u@GxQ#%dslUVuPJUT^1*MTPFV%~0HS>!J`pj13W
zMYeMS>rM6tqn0{e)k^?EDNrRwfbv{x6I2Po5~##$3kZkzsvm5%I@)jO<Yp!G$p0$S
zZ#k^n#Qy3DDZ$rIy{*Bsqi>~UO6msP;KOA~;P2Tica@@FAIs;E7MLI%ECHwf;#3yx
zol$`jpW=pBZc;B#>U|FVt3iVf8*@Hj=EfJ^`QXr79?l$z`Qjd5A^f*r-NZ`UbC|Eq
z8WF=5jNt6`k$JI&u`M08rIPC>AOh$vxiyaRUIbW#f8oif7Ar`4hk$Lykux#s5ge+y
zDO+(AWjqraE!g&mrfYGZoM9*9E7XeIUJM_7?xzCMNQXsov}B62O<RDUc;>N@*NQZd
zuy%H}gA?7CH9GUpzkjKd;@S|%C-fS73YyN(-rh;Uicd6(BAD|QKh>Iq5gjCY7_E~}
z@FbC;pTzqd8$_#Dm}*KR^4~0f=%T!^d0YH-v2u_cRg#umPq~P0>zRw|sF6Eu0fQ;D
zKhmMDgK_Sbol$9bh*!xf5X}sR5jwM>r&mvF?a9rUga#ZrO$HdMQyF4?7nwSopCo$i
zEalVgUOTHex3UL<bBTU7><pUCC(h0$D83g6291y>Vq!X~fI;aiDlcf%536SFXEozt
zE6mK4%kH}0X&}dFO&QfI<!ErmH4XQ-apKL<JZVOBoJ{K9e2$oZR7mDRe$WmuSN7C>
z9%MefZddR|bTYnMrhV+M$Ql;NDyfDU!7gREzzDr|%6Sl3)!a!_eB3YX?GpjI`EFlB
z(kDctr4Pa1sQfM#RXfUUW=<-7sZ+Y9epU-Wx~^vz`db7{LltXLE5SvUkDw+zqcth$
zN)2ov1+b31LdOvboqP#sbZQhzDZMIRaIA^`V@2asyV~{BjKkM`!`sG+E}c&zVNvyo
z8gnaN`>E~^8aLHckb7x%pVMu%fi%|y8C`_MTQ5t098igxorkFwV%~U$hvy3)2mAO=
zwEuiLZ;ivBoxh37X-H6<6WxN|nc{}3lJ^NmHo@R3q-Tl<iE&=#ZcoBhy+~s#rYLD@
z1zE^$(rQ_l(%M`&M>}X|IZqi#A4#;6`J{ep`)=$_1ZEm75QXV_+U@G_CxG_k3VFST
zAz!gfE28^qjWz(OlGa!x7gcPxx^L;;^}2YK-)bz`2x!KxeDV&g%JlbW$p<Dsu$W#t
zPHri<H#mnXm8|tGwcz{9($?vBxVWh!=JHJOX6s$EM5$^P8~(u$W9TY9wxo|^2Za|f
za`>mv{XS&V1H>YNlsXhTpXADG3^GU}dswnCYu^#AE+pe~(Y^I?WwFc^?j}`UJxTtz
zu-m?<H3WuK$F?knvPMhD$TPQP-ef)x&RNCI7>92<c*9>c5$~|r#@fYwQ@;AL@$BCV
z@bY$lMzwvn>9cu4m((|mxVoIcn5CpCM(Llf#$*GcL7Y`rNL96rxUjiPmiD?V`QkA>
zjgs&S_;{!X5%nV{m=?1zud?nx`tj2n-zsH>Rb356)>*MIxurX1Mn;hhV(aG38amNY
zE>;%Gs#cRcG7eS#0q)`UF=fd8c_UY(U$A`%1l2BK=_qY{#%368D``dDPt_lrnD894
zefnYPeGCK0LfGB<EBGS{ge2D+o?+1%72l(T(3q1uOt_C*$w}v7dgk!!i-Hz*r<bgh
zU}0vxShkoj96tHU&Yl{Je8-0j(FTaRz0|iPL$R5=q-{nqe=_1SnEC@&P9AMLKqGEM
z_r)OQ;D<*-dbPOj+oUcGMR<5_`_F&{f>Q&GAYS<+Fb2nF`7R8&B<95IR1<()rL}Y6
zdm+kzF{LO>rP}bWs%Q9MOWFtxAl?rj3}8!qWL6<ls)nV|usFc;={FHv3xw~>P-{|p
ztdZ^G3+-?o=2#|q+IA~(4rXzwOwdo4fvB*XJe0!e6j&tB8cdjXl#wf>(Uk<|EV+$7
z{Iw(Nm={!fC-qPue{9~h2d5l+TC$%Q3t|cUWR==gq<o`27ZND(IfbZ5gn=+V8VC_X
z1e9Dl>zD>y%*Hs+vjZ4FW@%wqS)cgY3`pK3F_pIXNEx4Cr3&_lv}#)#N<XXT{~Qlx
zhkXiNVnw4sYlU2ro^EwixxVr5qy%1!uG8dKOX;HYe$7ST-OI4VF_24PQ327|6zI)K
zdLJasyTtFl(-ltf-1RLb9b0BU+-%rg#sdG2@Qaxp5rkr1OdkyYZe<W!cyN9g=ZkJK
z9^4n62e7q|Snxz;esBnHfm}Kh0MSa6WmGw;BIBcurImJjHaSd<4%vX5To+VR<Str|
z?@6-wb+MBlXj`)d2nJyGJ4cmdS(Ur$S@@f^QhqhlfhU6j>b)F1<K9C~cGzA#56b6t
zpujwL^;mBqc>6*Xszl_pKv7K#r(pomxXmzm_<J-7*#k7p(7{`s9EFoC2MJF+hxOeZ
zu#RUh1ag~C3aY<?K5P!cYtb*LZq~*-m9R&`=w8cB9oUgUmjY^GWnt*jyE|uNJo{70
z1~PDa{Wm;b{K4@b1AgqUU7t=|N?<k(J8XV38{^P7>93hbV@<S%crB1S>@G(hvde--
zn#J}uUm@M|lnpdb-xa#xC{TZwj+_s4PwaVHeeLGv!b3S-@r#t%Yn$&y6!vbeheI!w
z96KTrxK+MxI-M#DINvUTHIrNXBFX5wgH|s%tD6dkGkIvCl%CJDlcp-bVybz`>nIE$
z98H#E&HtG99^a5W2phY2*(umpPSFScb;C8uQSiapQxS<6=Fk959`bmSb9PAC4Lu<d
ziiU)?zr_M+4T!p#9zz{i?~71l9XRyvl#y?ZhShw(^(U~2fpu^C=~(+NF&NQM2^+5^
zxexHz@b{Im)B66(Zf*_=lbt&F(rc%N)`JTWQU9$Q-iJb-%I})`S(!z3tv{?{P+TP{
z+MR&J!>0G=gmTva$pYJ(<9?zkJoJVNF(@H7m{=sJVZS=fXd&_^^g5YpMZ}o@T5!-k
znvi*UptiS(;g-vBiD;{K?)cY)fI`=SnCKCLHtuqN)XzR5@kS_2Zud++3BKDlv1g@3
zQZ*R`^snyd{F=hk=y1{O?!eakD;|UnPdOhEkxMk^Btm7ZuB-ryVZp%qL(tpUcHV#C
z;CD-haFqWc^F&aFd>T;pn^*gFf!&RRyK0Z9D!Lo+xMj?`-;quBtYMxv=jNozxfFin
z@oc!OPVU;y8nTQK?PQOzGcgX&N{_Dbi!l>6#+Z!|gZN)Ca+ASO%qsl>WZx4JGrb;G
zi8`DYpFBG$P4ePdNvz0ts~%{}71wxLKZ{9w8SSBI@30#_Pg5xLKH?Grl%bY4*Qhl$
z&QW$Jb>k2sKdA(U3JXVVyx4)Fs5UvL|Av(2vvr)++E8^@z4nfFtG}m1Z!tb%PUA**
zF*WAPvn>UJyGqHjyV0K$J%2zzh#yKSyNzp7d1BsT1;}rg)Ee{xm<9fYuLz50WSbH$
z<%>TpBVj;DDuOB>en@$82)vXJnYs~-whnuY`N=Y03#Gnc<V&punoRHV)S8<3YBe|8
zxmP=PoKWp6B_br4a?EsNF}6GWlP6t7dw^7homVoW_y{}FOQ~5U=PYAxF^_dW@*bXw
zxEPk24lfKl$8~}Lr9T?MXFgcq9&Vn>z%J*KHqvwxctH00Z<rwv=Sau<r%6stfz9g^
z8_cA{Hr@Ch+eMjy*FTN*?q@u_-W}>cX~5aTD41<DqM|dWF4s{&_^cL8q=;zQXOL9?
zVDk{3SmR-V;6>$f^bbROjT9?=skHJ*AJ$1{Z}x4Y#iN41w75dQ0|#sBZDol@kmpV;
zpHEMz9F4?)Yn7%ex1~Ym2U{TzT9q{k*H-Vr-Jzf^F-g`W4j9>yV0{{X(Yn?yZSu-m
zQ46niI{iidn@pGhBe)gTg=WOcG(iXXo8Oe$7Z=aZ&ph%Z4VPs+xC25Is*Jml)+YxF
zVX?E9TBY}I@+q(&?D7;hvWWO>gOBPfY!I|7_*D;UK_sg;dOwU+y+3&|UHHqUAl0f#
z?>Yvd7iTt*uZjg88r$qj@sGV<WEo9e)W?%E2^D{j?0?V;5@xC(p}J#1=5*}9MyaRm
zXL8aDbbl=ON4CLheLp*b@a?mbBpB@fsMN6kmMHZ-raV3sr>;uW+}7DQ!-#aLerUsQ
z;;;&-^2d6(P_P<Xr-X{kGE2q^*fLa%X8r8GiaitiTyDjM1<v3$C%_uKK4>ZPM}COf
zm5vDv_L+I4DUV<az4u3bdq{{h_xJIqPcS}2FBXowf!3+D(0n%bt(e8xD}Gz$XOsiZ
zgn<AzHPJjq^^};=B{%IZ92b_3{4i{&(#5x58cJ`-bo6I+Tv>-S=DrAHUUcHJXf~{y
zK!2Rz@^@zk_lv8mr{3Ctz(!v%>TLRK*t!_D1nipCP;`=dV@<x}-t-;7UjH6-@hZcu
zw9ZbNDfbd~$E<s&b!V|BM144h+=^f|RnPD!)tdwt$B)1MXZe%>S=+n4Y=vO_hXGQq
zDjpc?%hE(xk`{UdNm^M^^iA^qu|0L!U`0J1KfJpsM$txu_}UN_#~g~z$ZB<^&jxC5
zoS4f;oC;mz^<lw%g{?xIPTX*LKk?wK64zgJ1XPC{H#n8ptdfoJouV4;tUD6}Yc0rn
zN#n$SJG2rfM3eu_YD$ZVz-~zsJSC-B%jQ4yR6SVu1aJ8wVs69ehxtJblzXoZY%ac-
zU+VW{1v8Uz1^Rr4ckWY2hJwUFq$>g*`?Sgfc<$=OHCoqM*~nZ=JVNRqY7JGf5;cM9
zT1c3TYkDmw$#x&IS9BqH*pr<Umy{w$Dzb@CK1H~8@{1#*WK?0RR`+V+EMm~UsW}t)
z*^1#;4kQOmZ0G7sPa-Le`zqVLqt@210$b?mh=!_sRdSW?0%4qb<CuyC?^s>gid^`A
z#v>{;12Qyar~&>AoT~k`8ceTED%djL^u!cl++ejzbMZ1Cwvkj=uC_lGcL~OW?NaLS
z;+8yWxAW-NeF28<aOCgktqKBQx{wt3eGg&y-*?}Jt&IL@7HSb@2KvM!V59<UKKEx5
zR@}E~fy8E+16c)BK7X*hfb*;653U?InEXxZ>U~sY@k&xD+`)e}2r&;Pw7}RQCx5@n
z>Au8e{aXly3`bJ}mLY3+X9&Mb5ko4A*A^-e-p}K!XhgC)vW#*?o~|MSO_>AI-AF29
zi>%Lhpsj<$vvXA@Pzah%MKyaT=uE(Edf5*&o@?e;sY?_F+zpNz2uDspb36<AEM>@<
zP=Sa@fNLVL{~IahCQkAM4&9MRvX#>Bz$Y`OBmhMEMwo*qRV$KG#M+OXWf=#PG*9n7
zn!Gk5mM2UsWgMs&h0h+dl(4wT^q7APYwalq3ASLC01whNDhaW{e_ev(=<t_{Z}?bL
z+io8cAI{gpqECV^(?wOH{|A#<w!dloQX7+s5aG`r4U;-14<jD|<$Qcry#?=(R6Xou
z;#~Ia_G%ijI^hgDFAYkM*pk1(422M<b+dbDL1~s#C|6cXz+{l4OO$#MO%BZedi0%H
zxYeVXLH~zE0aP!go_mdJJr$oC^Kr0-$xh_zplTKpwXzs%d;t>eUk^-%-5?Znx{E3P
z%$GEjYA{_UjkvYTRl9m)zqG)nyKW(E84`irx1_dH+K!1iS*9&XVN#gGtXo%LrdZZH
zm72dMol7jW_>XC$(E=e>bQEoVVht-8+rs=rN>3%i@T85Dfj$%WH48y7W#xByn4yJ6
zbhjW5<Cp?yAwvzLH!n)5agF_`^8D)o&<8KwhO2|)dWQ0c15$48Si_(+q9!Dctj{Xk
zLuTf#DsEkn2xRL0981yVys3&53eko1*KYJ0vPB=ed2G)<>U7^1RrG6Gc$X4P`A3t(
z39)7FClS@>W0J)VoG7r_4s>-ebeq$7IAacQ9Z7UY2smR=Vy@Z0xLWd=<4_2@9yel5
zrxf(Xn-;ZJb4>Ms8=-P31ymULH4ob=GT?oeEsNfk>YthGyM8(-JHl?iG(&M<67Eci
zq@X^_R3eS={(*mXPM$=R^+cOwGwoL_1R-?~W8AmA@iUJ=BI46=cjjn-%ZKTM&>t+~
z&N70NNoSa>Ov{~OSt5R~LS4+l_0D6vz_8=YfqP7s#6{$0S+}p;&!?j&jV<Lc5b^<4
znXk0IG4`>r3}Ba))M0z9lX-!DPy4{}_!+Rj^oJKF2fVexSo!Ks)ld@Lnx2dlHsmHF
z#<qK!4Y8e(TaZQ)$tN~GnboHeYWPB7d2I8A6PEeV6E!_VI+b<k;PM^2?NV5?O+0L3
z%M|gPVcBN8;p`HvU!Uc65Tl<#a--#vOlw97<BVK{p^2?6NTQ(Xjgd?k#_X)~!p7)|
zzABH~e}8q4az?Y=9=^>?CgPc#Tf7p|eH-ZAZ3yJaPMU3`-qEFh!2(^4SnN-V)h6EM
zl6RCcIPGvtF}5h>?U2^qkKO}u69LiosbFIM$$#~ABrA_uX7K`QyoBWNPrHZNbAjq<
zG$w2_f<`mc)4q~86Nu6vVYMUTl2-A2%>&8Mi<qCwJxb@>Z*IJGo%4W+lYm49ycQaZ
z|8tYXKsH5jez>KSqb>EQ;mfJ4)yN;5J$kG{zTDbLW#g3=<UJVJxiwi)BB%VkS%mO<
z*Fmq-;j%%lsNSa&zPZMb2Xd24m$dvR<_g^++_92pXD}6x!Jx=rx|x-Z@#RR2Sq;0O
z(Mw?<iDXvAYDdV3S72H$dm27?FE<g1whz@ENS~n_dw+|P^)L(!>QXJ2@q_dFBhO&|
z#fjJI@Qs@4Vj(mK*37<v>-}Dj(Zn1fynK=CDwNQe9l+TCsE($}Mr%EoOhwKtcSC;4
zXYi?TcD%BFyltO>T_an5&MV#U+)C)(Q=DWDw>OyY07p*=)^uH9I?VD;6`>nYv=uir
zPpS1s@@-h`9X)j>xxRr&Vq5)&EgyJWXGySuxg57EOzG84)^_9k_`7?bh>WNgbDXS7
ze`Otf+OwAp+aNVT)R{oKI{Wh#jeu9%S*!80Um3PpEIq>swkCYCufd*4MPBl&&Q~&H
zdy8$NS{bA2uFc>RX_QVrwUsi_=n%*jI{1_UvnP!Kr;I0b#+dSNo<D8z0Zwn9w2gT%
z5p3ZC&{6i>tSc(}!myp#XB-!iBIMH3u9)9vPuQ#D-}nk>h_vzsQWtw3Dk<p7;tOD&
zG24e>*%FXPTMedp<BnwJTX|+dgY2L2oKNHe8PpuNGKptR{B~yl+*%p^C~UzwuW4hr
zSo)CC3=DH*D{FIya+599*rRuUqC#E)D=ecz9E=Scx-pmrar7n(hP)}~7$i>rsTUhg
ze8X4DP6N<tHAfeBacp(}xB3@q)3{<Ud7s-a6K1cKGN8x}zoNEMr3@hk3p8oqg;7-r
zCyIkAI>$37d_P7L5?>HoIJGm)6-AB64~=eE$DsxSWvszrFPe;wVLuUBq|L&Lg(s*K
zz_)5UsfXjDHaKZS`Dkpn-D`D;b!qU($G8ratg#6j?=S8_nc_@d+}zb`0+K%5@}H5U
z(>JFkPcITt8*da`#JrJtMJR7|{}&Eze6-q1Zj$*oGO`B2fB^ar*uOs3D<4uNs4gQI
z_9I%Nn=r*iw{=B@vpZR<I{($Q;V@BIY7%2mdwcna?tn9c3NseJoMWgGCjuct*XP%g
zsRp!MUbu>|R^pk~*vRVpaUZ3Xyj~;y1Nq&1ZzIWQc{jIE`uWlrS~Isxf5i@P_Wdqj
z&VDR0e!q7zq`>xd!Rq>2NJrmy%bbicuc5PMkDum+^ndZk%6fDX|BirV=QJrW^QTCX
z`MBSjOBB+#q)447C5X411WiY_D9Ic0i(I9?6im}=a-zYJ<IQFvNX$FTyY>h*qJr;M
z3Fh+;G@K{CG;wv~idBRQi!*mw5l;*fF#?;UCNO8uBd?S>zNBQipJABHc~*#Tu|+sY
zC~mPmb26NR(U+&eZICOYM<=cJG3S*<3B+8HL21)8<mmb>EbFT7wB_zl*%?pB(!k>A
zRslZ3g9YMWa!nEwp2=AOYx`rW)vu?*w}}7Wc3vv!ypFd(N_-1gb}UVvmv`DmGaX8N
zj;D;;DaD(scuQWBaW)9DE|`Bm9oN~8ur_z*qdbxa@}P{K1IbqY!jyAr=4KUoWr4pD
z@V`AQL0>0eClWcwwO3L-Euc~`>De8Fi)jr?RPS5QYGth#oSJ;B=61s?=TOoR)9V4a
zjih{RQqsgJ!7&C>8UBt6bg%G`s+ZX73++HlpgZN<x_&=KIT3Bar~%Dm&z#eLCR2Uy
zdd?~z;_?%uB^4$KgP7_iauE-^ZW@Y`Le)*y;fGE7Z@HGaz>=5|KEZ-RrJvT^K`qTs
z3DgEFL1hXyj2^&DWeK-hM{tsOyLiN@`bhfwnHaUfli*9rlUu$~Oc%PTm5EqXa=Dbw
z0*KIY1)(WTfl=m-lG{aJP4%+|zM#5@tUEVa%v1c?t<|4E{D!{@f&OV^>Qr2D^h+yO
z$^K+#L(a96oH$@TJ5<O&R^XU{E4TV{6v?0I+p|QZ#Mx<?`+V%a6ZUM9Ei|x(89EHZ
zBMzS^@kJPDx)5`}!RM~vDH1fxMt_jhPlG7&lu~Xp3Om$6_xhhvp~671P~zJ+^U@aT
z8&P3jq1eWhoLV?M<bMbgtl_TLf7G}PRJz&LIB2fUm>w&ZdY||xl5di-XT2RVm3K9_
z@r=Jj*82No48gdcDG{c#rx5zIaUf73Yg}*O1mR43-OfcYIyW32vRSNW!C#vFUA~&G
zzG!#2^(+aWw-S4*$%E(07U$Y}_e8ZdVP#^Rt=?<0N)eW0-qi?%p_Foa_Zf|q2q6o{
zO9VCIxV+ULYEZ?lm|Lh1A$pn1@|3DS*9ua8ribj<J(9=wa41}+p05+y10o>@iHP6t
za%?tU3oX{1u0p!y>?+17Bk648)CKDO^^SR|3DQxrUv0J^4%sVAR_QGbl%}2Kxb6!Q
zcACdJ_r<$;VpjK6$t1J#jBmdq#6w8zIr#pIfZN~Ejj?*qVrc%3w|5whwH?(}1=8dc
z36y+znX;j*9MxUfVR&?bNtu1io~jIdTha`PUf*$yp;Xw=S0s>HYJaOP|FEU{W&fFm
zZ^%8va)2e{GV-ENqH$8qcVSgSEVkXI6yUs_Tft`ST{T#+Tdq4_b<!!=Ji$U5p)YNL
z86rhMg8jqPGLZ78WC~y2@XB$sUD_yPjJnHIZ(V_xNVcV?!<Q-KRj`}}bUTf;71r4k
z2%0rU1`D$dn>5@MNr&CsuU@wd`h(_{UPKc|3byvtFhGME?D>V%k9{Ge?@aB4^RCrD
zkMEAEt#&!Lh~?x^>5Rr3&r$@>pTCkJmuTxGvQU|#wWkD?5+v<pBX8FT55!Ih*QPks
zGCml|Q`a)K=#;%j<RYjl!!r)#!Gfc^mRe4!0yvsK=98*lK8j7i%9+rB32S+I6CYKf
zmpH3`ZOHyr^;uGE#hOR{{KH93#dA$#-9GiV#B_c-MU2Zb%D`S=yGDp&@MhGAQG(sf
zmL7>l%00y4emy;h%S8a~M|D%cN)HQ831Pu~E1eD<*t5MOWvQn<cVOl2ja+ThbFcDH
zR<W=&W(uL`TFACr6p5cz=nV~Bi|-XE1jn`sVd_8le{RwrK!k%v=i-)u2CBYhzQY4v
z&|U?lDLCxx>I2=;e7C_N#pQoKST#y(d>}0Q8q7p#k|JC6l4C9WFJ1Of{SsHS+S_zE
z+EzI&I=#1Ux>l?-My1Rd8Oqh=x$IEy!sOv$x5egc;9PI{nIX`{(wM*h(<xBG#5Yl2
z7WkUgkGb^Vz8JMGWn~2!8FpF-Aph{ItO?_2QG4cyJD`s;^d9(|lZsEpPYYI?+qvBJ
zB-B!?m5RKKFCx{V`l`B%ga}%|%;tE~KPtA%8BDWjZ^`od@Rj@Nlx?egKo7D2<6y~l
z1&b-R$tn=Tv|QOAW+X+2^uhc?x_QQ3d3^;WcbI*Mkwm^e@sd{&i;5We0CaYEbCB@N
zQhZI8U9iRs-lg|c5zgjB>{N$oP-Y9(!Xy+f_(f93yE6XYdg3O9OKGVH^R}e17;6C=
z^c$9RyzOECt`#T|4E+n&e}~jUm>U6>dQDvVGc~Hwn283s!{7HzSuoQMGJ4LcPv{0U
z`w)tQqU(hFY7Xj74fB;)4a9d`m)(m-2!e++5h&;^Ts|{gvDRC}dLLu<O^7gB<Ic*7
zr>#F$%FIaH)eMoxnj!L4XTB3#>Iw$?Ey8Xika)=?kC)BDf&y_mz8UWHoO_Zh6ZvzY
z6dq0(@H=5sf?z(C(+(x<0*O%T!E+pVivjFj<tl^iOTPm;(s8esjoQ5Gz|7Ho{3h8d
zB<5}QWx!G?m)j;ZT@hLcx|pW)&*6`qdccAnO!#CP-eq_*2$58@i!=M=2t^0(@TdH#
z-wj%3wm(F&nhRooiG!MWygOGPC?TyamO)Pb=`Wk=Z6fj_BOV~HCP|ein#v?m3RAHq
zh42PkH2XZJBrNA)W6a&5*d#Dy7!{w7#(=QjHVLc;rQYFB<5kVay)}>S`SE$hyp72x
zi2?2V>oL_6Y><GsCM(WVFZm=ze+DB2&oWy|_k3KbHgeq8rxkXcHtFo5VjEuhFe-ie
z2;GSZYnn~5wNt_nkzU<emA@AF5ab!yq1xz(#W#Qt6%5BMg;&o7@bGK}n6BN-f$n@>
zT|+X}s}q819qaeH#S!Ska6`XBfc;kOB}WSYi#9yY8jy{ie?jSuD6p32$R#Hs3BN^<
zsmB^6eNCVj9w@>*&sjyqZIvh5bd&1mA=@YJySA(SQ?nO%j3FFU6+JQ<oq0yNtalYi
znR)i?=D}-r8!HUw63E4F^f$}z(0qGs9D51gm=M(&j(%g&&qOuR`LayUY;ErlN+W7b
zKona?XSutMZA$ErP;O)>D#cii{fd?#X$Rf#4B3i6K!4K;aNfEycN>s@6kSQI?;G#d
z6Kd~K^faydRxUvrS2p$z{(zo7M&H&=_o;vj8Qd~;?zA2*z@hvje?G7#ahxEC`YMqS
z=cHdEVqmF6_XAWVYnMU<@mb@?prQlq0<@9rmzlb#IU(N^gI&X#v&I;m1vvm0jwc}D
z0(_0xS_F0{lxiOAy<J6se*{kx46i+-v1B$7NlxkTBL$8?FqX_EDEr5rI%#h$NH|eQ
zMLkQLN2hXQ^Phc?_B*4Dt9KxGJke9aJx=sP?$B+htV>k=H4n1?s<C~NR&3qzE~yrJ
z)jex$bZ>|M-Xg+Q5H_8mfz0t?YMVQ|3@r&mj)10RSY4gye{h6UdKqsOVX<n*JY@eE
zQsZ)W?#L0bubo6huy$IJh@5vr&)!BZ7Lyi-(B(IB-<58MeW=Z09qSDE=9EOYhhikZ
z=OtH+k{m&eEomM((AjrX-uB>7Kt*ac#J6JWTzo6(-b}Re`L`{$R|HgwU{h*Ytj9Gy
z_86P{BwxFA4=;M8zX-Yn9u>q|lX%15Gc~OAU(vrVeC>Q45M>4l2MDc^#Xh%pX_~7#
zNllS+aZZ&&Url4F(H`5y!rFtX9FtS4EWv?@<f<h>#Sj@9t7-jky}l>VKRtpTPwdz)
zI#-LUEwmY2zyf$hO%k0`C)tDYW8AnNu-iTB9=KCGFOT0~K-FOTp6dIFe|*wkpwdYB
za#H=m7mb#QvdO!_<?_7+Bf>~&o6^uZjqK|HsePj{hXWt#;OcPkVN=S<Oem^cjyrUV
zN~_68b`Cb;BT7htpg=%D0Kotu0HFY30O0@;0FeMu0MP(30I>jZ0Pz3`0Eqxe0LcI;
z0I2|J0O<f30GR+;0NDUJ0J#8p0Qmp~0EGZW0L1_$0HpwB0ObG`0F?k$0M!6B0JQ*h
z0QCS30F3}m0L=g`0IdLR0PO%B0G$9`0NnsR0KEWx0Q~?10Dl1n0fqpE0Y(5u0mcBv
z0VV(@0j2<^0cHSZ0p<Ya0Tuuj0hR!k0agH30oDN40X6_O0k#0P0d@d(0rmj)0S*8T
z0geEU0Zsr;0nPx<0WJV80j>b90d4?p0qy|q0sa9z06YRb0Xze|0K5Xc0lWiz0(}4e
z{(k-c3Gf5(3jhQLcsCDve}-FW+b3i^<g2u+Zh7CFBRrvOuVj4hZH$&Z8*NZ+z?NEx
zg)=a-estN%4t6rTj{<CN%QVF>e;5|{_!ARYta+mvdM<u0+=+Y6HA-wHcoZoJs>*kP
z@yQ=%2S~p1w-L1yxZp!CmE_2Wt|P(**rLB|j5EQh4r-v(y(lOVn$OOXO|lgY`YN@5
zy%Ubw%UOu<>Ac=swR!Y~eo*+Dh}Il0{~favFpZz?lrp1kiYeo;7hu?`yEWM<a<y@Y
z6%t~TGjfX<%qE|k=_@!_>E}@j1-i4|yd2@+(;~u^JY(u|t?|H5#o3ZtQfz^Sg?Hlr
zKsAUWT)kLLfZ0ewv?T*$p9L`C77^S`%rktJq6pOgNz_|@1kV4_vWPr-X$2zu+&)`y
zNUHf^D$Jpfr({vp7!uY0cYDtI7)J=M?f<p|^B+P@3U^Z=#qTdzE1O$iNz<jKonZzS
zZX*V42qg(|a84eXm$fIUs%E~=^(fD*jrsDoOEhc7t8(7#(dmz=JK8ZdJWevmX}`8>
zfH^#3H*UHxE#7$(?Es<AeJsj^6v7C}DSHrj$&?qZne?=rRaykwUPsUl6NJKMNb$6w
z?$=?VuF0<Id8uqjlGP5wI0sC~8eFJGwVkhjfXy<dN9!s(Rj52Q&0pQkUKo4GhnM0~
z9K`riCv>qL%_6|Y;WR{CBUhtHQ9Fp~Y8~}O;(*no#MMiUeO2ofUx;Xh1UVL3gT%n1
zg6?p7gtqPIraMj{Yb^hw9Q}>#vV@ftm^L<|u)_oKwBx{+B2jHPJArHW&VM8tf$X3l
zx+7KR2uOu!^iH4|dqn58zQ!Unqlh7vYls7EpS>A6Rv}Jm>khgn845mrX<2)b0a@c4
zcIHcRetV*0p5%FI_zr`hj*=KdC~xR#*3g!Tbup~v)k&lQ_VTdGFqP6|4d|lqxfp!g
zT>s*Tvb*PkLN*Y8vQA87|Dxh(B(N^^=KG4ao+i7jW|w`)>-Pk3+w!o|y%C`UT2<>%
z%p(`vpg)0vKx8q$37Gl<V&`_T+`?_9D%JZKrDy&VYeAbtgT4q@mim|^X23$frKL8Y
z83L3y(0;wAk7+5Z#3YNcdWT5IWF|Pyf+z>#{75@}9W{$I2)IoR6VP>9hBJ*;xei#V
z+n~7x?9SvI!7YtEqqm<P&zA0GQZ4l1iMG*;?AsDmGg`=3b&x3X{V425r5}lry|q#<
zxodajc>F#VeJyQ>pw2||F4goKEp7dI(bvdDMX~l?j%I^VPki9@GLZ7hmBhfKjKF!~
zoB^e(6fA^>>w~@u{qCAh@=6@X<nXhrpllTe+kbVC;EodzE1<L_>nr{*X6{i@r-JHy
z)~I~osJhu{*@g*W{n0vY!kq^PJ3VyK(l|7}v%-;`-LUgqzJ57ul$CUwQrt!nT69v6
zqEpovf{;W@1*+bxWA@p~%QGgPWOqrNXQw<;DV1VFH?QXz3Mv(N<n0YX)b8#uQ~GA!
z^`N`_ikDxi9m3soXKOf8+q4ec<{$7LmvO=-Sj&vtaey4#xyp-4Y4^$BUU|<a{pUOp
z`-Phf2-Y1UVEiO;G4Fu`>*P(fdF??fudmCYt<DW6tVO}EyNB|c;<<!NtSe_78ON<X
zXfXjp{gN*~#UM%w6*z=F^XC;)OA}DbDqfh{>#MB^ru&t4qQX5p2!E9s%l7zt*>txl
z<g^;!aggaDcqCV%_vS1tIzN|a?_PA9*i=)CTkG`TK6F`<NY2WgJ}RDlXaz!p@|o$;
zCt+eV_2yGCJKL&tYTaW^FxIEPXx3&h=2FH<c_s+`<j^N6k0j0crb~<;M`#VJ556f>
z5;;X?FwSq*8$&CMpuGwIalI{NXJew=&HTh;c*TBTE)>WaJX!rGk8@X%grzP%8Fyz&
z=NDP-L`=rxbdG3%o6YrIRJYqRL^r@(EAGZQ|8XkNjam^nfgc%mLeAMg9QvUR{x>W!
zxHumX$jRvrW;Mni3OTh1?jv1fgmMCV>MvZr*(eJceQf-eXJcl3GMQqAvVFq{YH1*d
zlH7ySjo#^SIXGupYg;$bJRPuddwPIEvn#B#obcc5LWso5&XSR4N*34M%2H<7ir{2W
z`go`+Xy!9vF(wuY$W2B!|0$D1ZYEe+$~<m5eY@4`Ba6>0OeZhyi|mI|X&GX;0RBn@
z>xGa!EeonTkm8Qfk^(pS>+ssP8owy-Fy6YaOf}_y{#u7YVI=~u1$W{ymF*mFKn!O>
zH=VO4STOb(L7NB54QbwS)_>-7*_n&s-^@1aV>OW&UkXT5AwmHIK+cPzIOwXr49GK1
zXHv5(gq#78tCk9=5)GsO0VjKrWk<709nKFXVmf$V7moF2e@w*BHZ&H(@CSy!!vg+;
zm2(U<d({C=vIz|rm$cC7mSr`;(2a?JQdM%5vI_Z{5R#jvlRAk{u*74QYG!YiyGk3D
zI9bx!UM4qdI%g$~@N!u$G^J?3vUyIfAVG>M11$$l&`MSf_!zSP>?`W$O%s9$hEx%s
z-<FF8;R1bGZx$$Z&>gaSQG7#<udXHyvN=+I@q99wt@hjOnYTHS874sSib}-L?VR<+
zXMm#8Xy_DOyS+2VxEM{By<uXhG+}||i2i*B(#e`1lQ5<JbVTC5I+^v{*1uNJMyS)c
ziKkZboNOJr?8lhs`c;?8rcGA7b4SZ<q`vVzZOlUf{;0ck0#Zya&<~m~k<OXrGLNt)
z)<3Q1NfWnHg)1SfoR<5^LPJs2@CEd=kv5KB@AII>IDfyeb`hh-_fn^qRDtLA7he01
zNRu{%^(VH`^_@<nM&Xi=C6ceH+JB8RCY-^zKK>5|GMJFjpY8mOCmf4uIW}osW@f(}
zYcrjW7WVy?#96AO@8S%z?)Fkzsmpzct^RZ*`E(n{!Dlh%c6}O6^_`cS6)UEL(@jGn
z!@dldAYqo#kmH+Z?4Z9=l14cx`)>5{9Zvk~2yK(@_~S%@kXWH*nz2GKK@L=;c_>$m
z%x;3>u>A~9i8m*|wHLqQ;GI<R4eRbWwYbv%0@08Z(o{5v;`3`wS8`QE-;~9YTPfsQ
za`qc@K4&1fKr#sjWSnBI_>1QhE2EVR9YF}7efL^40#HDQDCs{!X6FO+dE4?K+V9=^
z*o<g|JA}(KVQ$`@WOzGw!*>)?T-w*wHmgF#N4bcbfmS+<EmkJwD*DAF0WnmCKlj9g
z?Yrq91)oLl6o2i&=uC&)hJ|K9$U1dhMT`|r({k?G@oH=ne6<BU@&{tPAPsK0By^6d
zc#83cx*iJm^^#a@IlYrwMR8|}7a%HbWQ}vYKQVoPznF4RoRkAQ%&J%EwHoamfT)5(
zalf)}=JfuX;TCy@n8J4OZf{G!&Ci!@VFp)#A&K;Fd>G&I@Q6YD8>G1vMd_{N{p0Fj
z!Ydaykh`km|0$WiFPo5;pFc>qn%A7AFfiryR_EQ7mTo)|7a;QF#kA?|{BVz<|ClXD
zAhkz|aauJ{I&DHIs_v5{iRK?wa)cgL6Rgx~WzLYX)nd1X3X!vlHO0iVmnZ~EupK}G
zJYotq`x~M%zWjdj$L{w|o3Kc_Wy><pnsR8v>R&ybJY8kni=N3hGW(Ip;jZXv`wObg
z-))4qcQFMy$h9+zYbr@gIxi6~_Q%q*V53Da)(;*h(KsoVfe=x>R=wqId-s&Sl%H{8
zt+VPKQj}|F=iuZOYgVaE)_t{WcgtuDby3X}g})N`CYe{+BGEVlwW%byRa;X1!)S*2
zUQz2XoZ>ewcUGAf`#p0!q(LtMb9)?BOr9cri9fQR`1~U8qH^@l3KO9vJF876{Uy?B
z80Pzc*hB>^P$L8!U@Q!L!4vX<x%0l(KC$EjlB|#Gcfwgn#L5@$XicCu-pYYv1nPg5
zNaPg2b*q=@^0IPU8(-004G-@~_=d>Z4kW4D2d3=s<@>NtU@SUYSp0|5X>|VcVMB10
zQ`b`pLOKg%CIZd;|D{SfA&TXc^E)+5kT>>xQ*V#DD)D?>?<|C%qNuVpsP3vRSi_lg
zH8`hB2v#1S_Q}x&B`jLM>`C>`X<1{Qnt2>}Qf5a!SigOW;e6u~XeT&{X$w8)XU6bN
zGWhZc%8S)9E=D*}5@r~J_HkioSF9NwmjMyZ6*kNYYWB3v-pMbKmj2l|a2~I$JwXi5
z=P@XyUcpJqY}ZrWs?3Xf`8*ZTKpevyie(mo2G*Mrhhxx36j9Pq$rxB!@oQwx<GNyf
zc3XOxW+;bK0=kd1?ML?!HAI^|4#}n1mO8M*A|D2xGH-l6nyAIeb;F4Rt-!F&ndN1@
ztTcy;7%iV?3cm(N!&ltKNzK|FBfqgI8#Ty~lOV*SDwPARMae82*?s&^+@Vk@<Q@#^
zgaWv_!C=1>-;{%r^+G4E1=`G^dWXX5YbgE^wl65fIYV-PX8DzXArKYnio8H6=QZ&;
zNJKXQyp5D0Z8cx6Ww>4sMWi;EG*WWmE=fO7qwADD`sKU?W;vw9wQ_#C8&mIJexv3t
z=vce;ro0fLK56Ak6u~kQ?tJ&#WZX8R$ZS}ebB>{4ky6mTa1@v&)jRSFm=p0lWnliH
z=$jC@1n7TVaHh2XGUu|ZCx!h&au+BT#@clYjcnu=uE{UZJ&irb*{AC>loic3rLS)U
z)KkT+wR1eRtmPPuN7zeeX$AZhps#h*|MP1S9DuPB{$qh;{#EpkMF|W-oFvO?V=rn!
z-dQ&bHQWUMqEx08kf-Yn8&jmSeW&LhIFyEwDH8K_4*sd_^()_T23)Y=$mH5<I3cn&
z?YOievc1aaq@+82{7Lb&zMNiV0LziCsNR*Ag{DZ1Qh-}^$%C1*=L*BJcyl)Om($?y
zqZ5#o#nH=Lg{M82fyf&32VQOkPOf2492xE)U)BWa)SOFJ_dmjo1+DIF=qQa+5_*O%
zvObNhH&`GZ^Ho|~H8<yChtMx<&GehnB32E&G6D;6bv4l}8S-NEyDFx!OI1%Ll3GQ_
zAypPp8ZZ2V(NW`7j$J6+Ebzg#^i0F9wpxgtgxqxNPF3}2^LT$ToyhUF|B}VF5g4P8
zRjZO%|0EuPKGXFq-d-}CBAJ&hjNk_3UvN1z>0AuWi)*{Fl&Fxvvx?67!{Q3rzkCL@
zj(R`)O;!iiY2k>AA{>xRyJ6EUz0w`<G2gDwK!WwTnqvGV!lsyJElbleZ+E;boBWPs
z<7V9%`jJoI_Dh`gi`Bo#KgT+0!o5t*m%H=x3ewZh`L9ixo8_HusXXNo?yVkjI?M&>
zbs4>9>)DqMX3*HKg;NYAcEDnzn>x!MRLje0PLNmI4eog-)#mNL)U2HHM_-4N<}oVF
z;rCLcoo$LbpXEyGg)Of8K%U%{0NxRIGMMa_iOMbK-A!Ql*_}@0NtK^}%6Hm@f#c7w
zc?6hWQzS(v@G9~mRf{<A8NlreJan$0lOS^G#v6a!*E%Mlc9wi^Dnnnry3|pT%~u|4
z;FABk2tfg9koL=491tIMYI9PJG~8CC{LNA{5d4MpuT_Hi*JLv-@mPSG%<17U(Q~c1
z)mwM`NWj6LXxY_H;isK3&=(ggAcKjjf<x{4H-0$5JTu~F#UEV7^}kMzZ`*=+HwHdj
z&T+U>V&1Z)YF<_O$3F;dK!@i66sez;@L9kv4?{;iX^mX=pRjBCec<hy>4gdyob)_!
zq|<T*fw?0{|KXL<xD5Swt9qltKvTnh8o>ndi~JZ`#Rq>(Z~>zc!aU1Gy2=Kw4{Y--
zLexSjmUE&Cw0HS=5;98NP|Hg+SP=Fwn_n6b_a%6WjFUg<=sEZV8T34#*1?53EayjV
zE=o~}ExjDElfI3R9ph&3ln^#w4%f=4%entPl=rEIuvh5`PMI}q*}Ef?G)><A3mTxk
z2`m`$<K?CsAwxC^XrGzq@yHA^nluL#VSjhK>UYCrZdp%T&D1-^(CCXlQsBeQ#C-b%
zo!&hLV%-Kb$aIifGcPw85zX?!M?aPJg3-+d?m2Hw+r;d9U0bXA{9`mXiX6QBXNQJF
zLt-VFC`=~7j#v;mt{;Fhbyz6E`m}3O?S<Wfzsmc!u{~s)qI{>0LeE55Zb2ElOD2@A
zao)zqhu5jY*-%2$Au_faUMZ>M)J&1ys_6aX0#nag9M@(=!+WSWU3E|gCC#%ymhTqD
z6WFKvu|yY#k=iCE4*Ow#WXay=N}9=1Hv2CsVWEy!UCy`IWLW*XePVJ!z6xMp)S#4G
z*2nKnVYn6P8*&7cwpMq-YVh}ORtCOIN3bC1RyRw!ze7)*hUppvJ^17THMdK>Z^qh7
z7r4JUWuo~)_wNony@B8qRq_=)HY`I6i7Mv9(ABG$9=~bz4e6Gf8-?Is1tTR<mgCwS
zlz`WV>f9tIcEb*(1S%~B@Lk?68AER%kJCn;kvsQP^OH24dkVgbqMLcaL>Kh1)XU9~
z-S6efOaT|iQp8m2i{iZXZ2n%$PISBqEq;azc;24v>OV^O3pK8`uQg9x1D|~4{=bCq
zkP(+g=2{`H`a4IvnY5QO=i4Bm;rQFdj=oJGu>~)$-%pz==YiZz3uzgU?X9)#=)Y>%
z4nv!UL7fyUj%YNnP6mn7c)9KFiKk57P^_l-DLew81;=*<j-pSxUygZ-9p!Nmy1WjN
zgeom#E7m)CH~Kz>3{+mjG)LD5nyHVuR<j&O#Mj#~oMP-A))kfF{cITn7h?74Lu=Xh
zPt#e6svk!*9l?@8l&Lqfk!*lAb}Iq>O;^muf&_G4v|{-rgjUv}rm=d~6HqMUMeu0j
zCzxrC-_v6047(jQ_E?%4kurh{D~{d8G=s1PSl4=Kh_NTdKJ1AssEl=NVBX4cxWDyS
z&T3kHf|Eytl$P$+4i+5h_tIH=u+{6_izqnszxu`{FTPHVM8eoGoN1GQaZaG|xno*8
z9Ju8UY2U;D`~(E!E#dKVaSDUu?6L`E>6OsHdpsE@VK`xD3zvCU!L1Buu)zmP?pid4
z3?>qUO^#)J{i}l&1Ba|apP(=e&I`fzAJckj%<!O=pUC0EO6&6M=!`JYgM@~RgUnLC
z?Ha9z)C9An)XXz-(D5-bjjD$3(achH<r{vjtA<WMXkAm7^xjsbHVa>s>ed6%zxD4T
zoFX1h$^xUaF;6i|F3r*YjZvsI%Zv1jx1-wp0$sYyUj+VoWcXzyst{ZwNZvy%@~3hU
zDX10LD^Yk@vz=gxl7h5us@7ck47p6=w4{#&YCy}kwrksE1$A#XlMqO;x)e#(_wu*#
zQwj2yJhAQ?ic$jBCSb>jP@?OH>n<^vU*8HH%!0_Qw`gOXMLVVrRMW&$J&CWFdqYO`
z=?`z$c~;wa*?;0U^;G(8WRW%e90fE&HZL6mP`Sd6zyEcj=rD13C8YR+dhNWHdvsf=
zwu$n$*|kEPur@2lVj6@Y8kkJ9=|7>Te#Bi-glal1MR@F2CMkGdL|Wn?Q*_B7ik<NK
zoY6)`xUqISK-=0Ig|5m4pQU}fu{6R&-T@*AF*olO&&x9pFKj<gbrtE41lekaC1u;)
zYfe;cWBcskbu+*av=><82auQt0L}JVLSL9$AcTCTD^iG~q;G2e4xsHxq4nXTE%!pX
zjd7P)mV?vALINR;voT;KgEvV3=2_}LMu0=`bCqWJ@M!0psD_w;wlwR^q#4g(Z8+-^
z*eRsUf6P7sC;hWES?84gn!1S$R-%m+rF)A`EGaDfmCYkDGycUMj%g;VF&+EO+wk7Y
z$kPoil4Lcs;U*!^v!u_AU*)hOCR}wRAzh_s8&NENyWO+>=<ur>j~4C{R`?wht=v|I
ziJbf;^xvuII`M5-ttPG2t6BT%^Cr6TS{x2@15fX9HrI`-7K>w(JIcOJC8&QWd6zfu
zD+T_FzJpD<M_*IB<B@9$>=O#J_=-^NuDE`YnCdVc@ZUDZV_KW)DGS!f%X>iXvVPrL
z<wvQ*zJ6EI8a?zSJ(H5-o((`=ykQ@$nE(~~keAB8!e;7(F5rXH0pIIU=NJh7!{OaD
z_jusP&(e3LeFfh|#AywXjx?6th5Inu4ADimw8ie|gW_B=55%qDV1hP;4nLJZmdZ#>
z$LK7RaZlRZhf9?Je>lMa+`sU>=SDXO`+~O18hsRR${<&4U!OG3M@C=#THhE@&>>*u
zi}NVams(w$ie4m3Z`8;xJ7;Xj(3)G@xDT{sSc4HFjlAk{hf?+-B(Ghq@%p}S*a%CI
z9}rX;cIwL9&f3oDN^mZBQo^k0oqQPK|J~<7i&F>Ns&39!6j7Bs{-RV1cAaFou5z1^
z=euHyw=`dX@Nq4>NtX&m5c&FsDr-ioaSdPw?l#00(kEOpY)^JuiW@VW)$5L$x15a}
z@Pv1L>Bth8ze<rEW}b)fzR(YK3PfQ8s$Oa?pTh0IKb$f>7#&Q90at(duP^&bW=G1D
z40z+k#zvo2FMNZb6gJit^*i&%lN@CNEru&2NK7?`uOKOfb^u`tabj7!e&U$DXD>DA
zXB)5HA1V9oPQ&dcQO4r#V?ADrJT|2?Kt7ew{(XMkv2IH;lEI{;JgOCJ^UjS}zvRyW
zs8JWg=!OddgLs_G<GrVonu_CFK<uAOVLVTjXHKb>d)Q9$vtdOYV9G}(9BQ2oGX|1K
zh>YY|BOKD9a<=jUa*$^Fgo8h#Wm%D?O!Ao{evoVwENpweo#&yJHA;k7TBTl<m*N}8
z=&)R9M$O;abWV!kQ14zkc{&;PU;V_D@NOCv8vYibmO<L}NRrtKstW~)13qM7FH}_K
z|M{jUJ8(ERJ=5ASx~$y`y4z$GJ5Inxo>w5bm;!$}R|U$~aUt|pFBoC4HWdj$NDu{*
zOuOsYyHK6MZi7P;s31vbY-k`0zL4ir*FAjmS=1%BoygE^7}=#Ty}Glj^r@9G!Si9e
zNmQ1UlYI-=T5EamM9+bwmASUZvK__x{)MtXf%4%2zYE&4_)m}4p=33GODMwOmNzN<
zpVw#ayynPg{=lu4jLiih8F>vK=TnoJhO{ETUzyFSIP@PU^+ylN-<0puKuWRysIlG1
zg5^Ua3e&T%sw2FkntEA?R8ac`yGg3%C!H^s{)6Xe4{alkrzU-eDU&)pAoSv}LOyLD
z+w|96OKDIjyt?AZk^|B>ot-I&ud^C(Opy6y_ngt~@d#p2sF7)lGq^rbZD7HPHLScT
z&MXP2plp}lLDlADk61g8QLD=aosb*v;oC@oVUgkG@vn(Bust-zUw?l)N`{xa?~^M{
zm*kBI%i<3hm+q62EO)#5e9#}$B-<+U+t}DlmHJO!`bNX#mIyvQ{K6OS3cjU20lwbd
z&IcXb5!09Nn<)hnov?`CcwD-L_D?!#FjF!LukP%38`m18c#N$$y@lnBDL71T&;bKE
zp-0Iv(d*y8mCWnayK#_w0jJW|#@OzQcvYeQxT|L+e|1vf3eEg(gc7tmP%UkP5xvAr
zH3In(fAqq(QNP?HK3(mDW6I6r=97vY%hVe;Fh8U#8|+<55&j2KK&`)=GVenvorES}
zVv1=+^Jl01aELr8V!YL9k1MdXn@!P*jS<zyoc-xq6o{`M^5{4<lXuy;{d_&@F^7k$
z#OZ|XHWZ{~g-zCUkIlz=in~ou6tlQq<Vvb^kdQzaUl>tLcKx4K!ys$fykORFC9WS;
zEDW{=wja+C&^r*hz>yAzm4`8~f!c*Agk|GSAl2ae?`p@RldS$<(?HlUC~a|SQ1xg^
z0wL6sx{5@o%{${b<sa1+uSWHCHQvq}d_ai`e!lAN3<fH(yv^9Uhxdx(H=6J{Qm63+
zOWOEod<A8i-3qhT;k1ntldJ{g)6Ex1`%fxX8$h~(Tj*Tw$Q_T`$a-ad?SNKg%7Wsr
zjyL{pI;jIJ%nr-%TbA`F&WGJO4HFAh8z-Eq2$FemRg)VQSpTn$Aa~scirXGpF5)Po
z*suC(VE!z(pco<`VNG!<cC64wW5;@4bJf*i`$sy9RFlr(hS;wiEort1=cUh57|LIY
z4^RjBXm>SFKPqX4%rh6qI!Ly*uwRYUlyV7WE>8j>+Yxs*T_E5)Tpw<87#}AnfujQ!
z%JC0IWSck?evDc>%KDH2|NJYhro(U5EpAKNTi;QD*J_Tkm<<-X)J{swfSV(QV;yXx
za&=|p7b0P^6QqNCmsXfmq*9=W)KL^)nxK)e`a&q`VRPEXPsSet=CF`vi5Kh@oX{!t
zmbxE%XB<7+Cj3+l9UyI;`9SjxZbGBJCqh7^p>@Yiz-JPw!k?&2gGG72+2L;{yg>9B
zb|oG?Ab_8A$1=oh`O@45z(99HF<YG1M9#?T^_2mUo{kyZU@yriidz7PfuW;t2^vOj
zu<7KhScw*3wGC;<GRxF-;(ISC9i)XZAqo2y=PHOkf(hV<&5H?rp*ml(j-Y`3*`v2T
z!p}PaalFVHzlRbZp7x0=^-s^P_Zoc3^kjcacSie!VrmFKzJpJbkc^1Mj8}k_k#AeG
zSK*97xZPa#31iyP5LXOGaU|kKa);DB1O5I8{BI*Qb&bk0o3`1?O%I9Sm07)%7uw1l
z$uVQOSma`z$`rYGT<&{qO<h0mHL#WIv|Z+`VIg>&amPCq6&|3MU*}WnNbhIkATjsy
ze?3hi_6v*bjiRD0sIB?0=SriY1oWotH?gSqH4_8N=n|GP>5puJ2-lc}i<NNoZxI?0
z>>teD2LsRZ*rB^La0t7roPtHurde90r!%>UJQYG@HV;pK<M}I7D(5Az#Bv)~pET}o
zPC^d;TkBgiq}BVayneiQ&gQNbghmretU^fbiFN7Po9gixV(KO5!-^zTgHc!+l^(!y
z<sX=QC8DT6o~FLhQ{kM#;h*Xbl%sBTjH`!KVxD9nti(uGI+^ao=9|tvtL_=~3y0d-
zPd$_AE#=Gf05kiW(07{UhAB*@t~pQx9s@f5g@F3=K1q#N#6Tl-yD&txgy{~TzHi-v
zxWE9sh0>ZjapI>HN{YJx*((QvV$vWu)0WB?UV$0f&|*r6CtRgpd@1t|;=1U%Q~957
zr)ig!A<`$2aLYxKaV|^$o|D*)?gF6e!Tk}AuH=+!7>c;F8CmZ4IduUpT0^Stx>)&c
zCQRrHj`-bV?KesxG@Od@@pV5%oAATnE+vyxRPrB8KrBC-O<l{E!9!Ji+3(KDsGLV|
zR+d`8uCL}uu~4TN1yEn+PSD>0;Sx7boyGJL^{HsC=;*!(_B_Swowa6_=Mf}gEc>M!
z$5S!^JFsBSPn~bZe>LZklOpd=#{7TM(ha5+)jP^vm^ssza<t~k#xdI!a2&oB|9!kj
zH<B-ie1MD)cq#@-H3n>6tk``1=gcq5g&8@R=8N`5gZL7`Q4%~ody0=mFVmlaz6upp
zg7KgW#%X14+1j*(a$y(}-<pqChO<S{78yd31S_YGfPnOJw;<~!<63F-w;n8YcqZKL
zih*o((3_F|!0rS86XhqgiVC-uSmDxSmDlU-sMn5sf@BE=)Y|0ujH&PX#%&*qawyf^
zw~8c<1V5#8OeA^B&4JpU`%Wt??BXF`oF|tFEqBw8da2{xi@#Ak+8yNh++&oc2HM#~
zwzNCv=9%tWjiyL}N3O{+zA=jV<SyhSoXKiw1bm0hqLflyR6V+PdY1<Cydu7FVkwTa
zuXZe-XXk(Q4IjAGE^;tg9a=JL7tt!WU}0uVJqk;zPy-gRJc1Sz3`}f}FopuRpXB@(
zmXFd;^Uc=Zu;9Zm)_z4SV_%)Br9L%6MlZivUyO@1JT`7~mz&2<q*i<~fqlXI&+e1w
zGr1ktXWHC;Wd4MgGh`zNgA!!>A;Qd&6F_UGXpB93nU-j(J&XckFE-XJu0}&6I<M_4
z@Vu)KN$2<4hV&m);(-&)Eb|Xur}eW#1sMD)v#oqy*Iz<yVza5afJc$9+p*u5ph4%}
z@Ril@dxm5ImlFEDPVGdBz^$iAn5N@;Hh|=3@Z92C8^#b$Y^*dpD;-j)1(fX5;FlSc
zS4aNpIbsQaW-7b`<tZ>&+Z&Hr3BP56L{sxA`}3zWs+PiUd_$ePGnPTK>%Ma+3?@IN
zr14H&fS&*_b#4}*rJI@^A&TB?nsIgE1r8bn@is~g<|x9}A-ZsI$a6y_TKkz;N+Dza
zI~8L%_Rwf9`0w8-+MqR}hJ6^YFt-OC`h;1tfVl379vb2sY^bEaKdmAq(=&1nXuI34
z)xnLt7D2_nefIq2Aay}AlyjrXE+qjxF#{-%5r<1Dfhe*lSoAA_j~9z;b(?hTdeNbm
zG&Z;k7dyPCRMeG)qt(se2T=Fgdj1Zs5UbFBVHnE7OfTNZ$r-8OvRbTXNedELwLw-@
z6kyz=_m1?#`i&p|^2~W>X4X(cP=-3ux|bq*xA2`|^3)R=lS76d_CB-gjW};j^nvR0
zdB#cL|M3BzTLOvP{Oo1xqkquDpyi6n0yy9rsHk*3;UHTBbKq<4gkd;#MNq`P<Yg)x
zBQfda8)%ZU^?Vw??WB7*NN;-NRytQ;HUUGswWD)IDNMuc>o|5@eN@Q=^<yVIS-Ef^
zmeiJQcl}HK^);RZBX)}Y(q0lgCc0WibRIB*nmy)YkMD&>%`50y`@+Q{>iD{2Yt_1*
zXV#Nq`)@9h5c^5iw)Rj7T`IC*RsEf)6lkwD=OXh0Zp6S2@YSI9hso_6dv5qpKp^&m
zt*ai|t&iIL9LlVpx$jS1=tdVugEWZJBUQ2gXp?%QFJ~-5JnNDOetBpV;UK%G>$sUW
z7-h?u1YZ+UX$@TqX3C&q47X8_-e%c*k47qO-Rs!6#CG13TIGOtTXGUR)$>TDDNGvo
zE8U>uMJqzX;v~2`Na}~&P_-*#HcO*;J5tA{+dq>AI_7QoYaWQo*HZ(77X+d(Mwt?A
z1L$#5*tMhGSmGmirgCjsY2yzjg&_f+5=+>J;zCGz?>cnEgxdHM<>efC7o8<Rf628u
zeA|aRx^tM9+$Xp=#NN5gltv42Ky=g&7cRldZHl*GJLUX7EpAU)2L)&5v=Ek4`Vlr)
zW>t)_u7=-V<INl}vgr@;tupx467HJ5vuq7o(FW<nEXOEH0+l~Ls*V6wsAN|#4ChiF
zdj!q-i<@p}YEydet=&LJ;*i_tyTD^1mV`&nw09(nVBKGNIu3<(;g+xNE3I;#BwzyV
zR&|ftB_p#^!P(NGVMNLD%DBj-**T`Rysu0R&-b9+bw_iD7AW6d?<sLcln-ZiPcA`j
z#@?VQ$#squ=VfoSv+H%97wI6bif{cgxOTbUcm{jYJR>IeG0DYSr(3JZRP_ppouXH%
z7Xc|9ySmwLuO#FMLfdYWyg6f~GeE}j;K2y~1D1gfDc$xe2~DhKRbyminxc6hl1E(L
zKrTRjo@*TeIkN&#F6n9h0GgPU2;okg+>3?*+)mzSo$0FAROlwA;)|~FrN=4EfxbgQ
zo-?IV>(~_1mdE4^v@pE_9pU+o5XBTD88cjEPpyy!3j~2)dTDcU01lekl12@_NugXF
zJ;MjT6EC2eyj8JiC*IN3?Qm@*s2F@(MQb<-*-ZYv($lC>y8^_}V2R*<im!Z763tLO
z@a0TJJ%1K^gvBDq`zZ&Yq+_m)N#d1m737VmS3yQ87R`1UO)?O75`TYL_>p<jLnIlc
zOh#Unv1IbmcjoM0_*&k&k;V^eG*d#}Ve&4jAxR`=-LT*OxSH(i0*d(IC#A(F`{PqZ
zdlnk2;C(p~?DLM~+*E}r(g25B(bdl!btV0881v-4x^9nDExU;6)|h~r=nDPMm-xV6
zZAo@toGf~@#sw<0Oz`ODh?vKtd;gyYTK$-y`r;q;&F$=!!rWm%C~lZtk(skjTt;QX
zB78Cy(|`sjq4%zTt$ePR<vhX-FA{D%i1~g8x$YJ*k|K!MoT&?pbE$XLct@WvttpK$
z{g_-WrCq`m2Ww7>_9}PUZG2p=2Sd9En@9XB#<PL<F|DIBn^B@LVPQYOY$P$`-VR8+
zZgo&AAHKd3ZzZlCTKT0*H7Hj0G4!Njchhv+Mq|8+-66}fnKU_te+rZY`5QaW!-v^4
zO1wtim@#fCua82REJQ^4;^wP9>(q|)9=7a4Cq|<(O?An-YA($_g_&72GJX4go(R<-
zbD8t1?c7}J#gh;ap(t&m|JZf=Jg9KnwC2Rf4#0x^YIyb?*WtqK2qhqLO%knTf5%}v
zs&oH`Xez7Eam8N3EQuDaj4|wFAl8|LkKwMeKXK3K5S$C1>;Tq1MV2r&*vES2gkQ97
z(y0eM$!v3x;&lZLTCjY^BTn$Hzkz-ROFn-f5vI__iCOXmJzSZ@kPI5}5`Y>o#CbA{
zDD0sJ*cH>y(&{WWT|$jfL2JkpYlB4Z)29>C!CMTM>Srn)4xaj$u5XBU0RT);AbM(_
zz_6l+|3Q7U2%BMWqF@6%N>Jzn|D%FTgMH!bTRIK#rqm7A`jSOCMpiFHAyn?;pkfH)
zkaopcPHj?64*3*mA}*d?EZZ6@@RFYNIZaT5p}77F0z%iRqJNrmSn|&J*)zw@F}R3)
zC)yd9LDR<LoyZ+&{){A$OJg1lLq{lCe8l|K!%(}OoAowci{{%o5}<=xvyt?|FU;p|
z+AO1r=wiiFcj)D@8Eqrv^!L^z$4w40Z#{1RrN9xPc*vNfxr4D~RTBRfw&gFX@{&=;
zbQp5bSE-O{6hg}3vC+33mk0lSSa-lKH9p^}q!r+^19j?cH;%0eTvZA>g?*zSMG<hw
z<Apa^9a&%%{EHgK9B(3vC{9pL0U}I>jRwAStai6AC6i^6tbXG9sViU2G2wx`WwNW8
zr7atl$xBYDK(<c2DZ$CSD1*={ad}KkNOIM0fC1(2i3}0x<}FwsaFLy!G|AilhG?0h
zi_-_%%gK+rMvwpuobwX>9;J(%M3iVn##JkQa~D$?ut4X2AE$gopZo3~b?X*4Wrjxo
zVP1^MCiv~w(RYOdi3k);Ij*mk8Onp8b|*s|T*ZR_q5KHZddB%d?QsRq|BNbAuh@?~
z0MzuEpZ=jwF1XoLuay2CK?^cH_){n<-*`mri4Wz<YB$4|iP5qW;SNII=-cmsq3JDq
z$wqb#>R@;UqL6_MYTreUya(Ja7gjPL;4=(@Y%AWN-qr}J^sdbNSq0XT0O;9{sHRq^
z=}+iIn?Uf-Aw%u^&E=U1O%*SFK@B{+zo!cP7Yn_WwB&z@$K+y`cJAp@y|9C-j{dJa
z6bUGsBX5cAIBUxSON?fN38RIFhAof^KwL@@TR^X{3IzJz{zgB4fK!fKH58CB##U7}
z&+<D8C-*o43C`BOAkg*Q+4iST*lXhI8au9hxJxJr06Dwo{v(&eaR|i)>iUbJf|~m^
zNEJ_iBrk8Ow3OQJjAl*=OK``h@&yajD&QrVrP<#%-8ij#=@HJ}9&}Gg4O|shiQih+
z0(zXx181o_n;b!Nw=?xf%dhX{aw34MfY1v*oBs~E@Q|P?dBvk<{L$@Y&fszG;h?-F
zqT|^rz%}7wmP)$qfEy|23rp)Ni;%+1I4%B=boEg_0!L;R6p6vY0o?OD9%=4hL2L5P
zc;pD5O2vUiz>~c$@C9g~2!5oCUx2sO-t=D%{ZiP(*6}BvT}D!el@lHX%Wp4<GCfat
zA~8giYKH~M;unxS%z*T#k)p#NQlSDnHC_I@Q1;0DQMB8gjp=fU4=v;eB#pGr4JV6M
zH?AJ28?kDIFP@Z(ejdVh@knrLvW#vR&MfXiu7+kNheIqEHb>?<_VuQ>vFjugm^hfR
zajotkJQ1?H%TiM#NQ?DXc{#M{mjEc{(#{e+VPISvkY8rAl-rZtU~^Z5UJG$+cU|=A
zIo@IDn1=Z<f5ug}toS!lys0PgF0bH~+cwN9-mlq$M-@rZ#(dyoQWy<sOd+UuDVTkn
z)LkN%?Lk`B;73}rc5CoFG>yD|3tjVSZ9RSwaw)>IVmHR=K6f5a(9P#z+BND3SrwAB
zliQdHZhL%tG2zs{q*!-G(!WTq38x!}z5MB~K)5T|?pgN$Ezw5ty}Y01m+yrn`*myP
zK49?_uPn=emn8){@ApoW>vHheR4;k(D^{Q!ZTnADCED<$vHuAH&OuSCK&WZJKtULS
zU4q6op^lBTF3{<LdeQFg`H?~`Uyl!saXJo>OCvvTYx@3-HNBTQOFw53Fut#7`4-#l
zZgS@i;5Hv!?Du;EB4`Ad>G2dxr!L%DcZLi#=D428Skh)Ys=5bx%ZNmWs9|Wx#te9j
z*gnj2AcXmN32j8H$tXmcJrzfs!UscJ_&~lF5MTn`{Y98uX0<DE*3_4w=$nIVwPKMR
zTkVsXlRfYn0i`&sEJw)X1nX?^0es5)c-KIjCfxj%@Ag>xo%S@@P#2%x&;;N!vT3~V
zD>=$FU!b@mxfDz-fB^XNEB((KNTn7G<FMl|JJwqPBTSXU_GxN*qsR1k?MH;nOErA1
zzI#QrjZJZJ5EIelIw+$#O#_VSkTfbINuy|#6;s+u>1^71G&p_wE?AHQH&8WlYv(;I
zH9MczY1CL1M{Uu`+CPwT=FnIm#iUU&-UQc)j57{Ka2}YBgWJ}60B|oF=n-Njm23qc
z{dzLT!1=@!ZP?%Vg{5kyLBz+9xp^5{y&-(mX;eDqwv&-Oila%KYUrtKm(CA2s1)Vu
za`G>Y(yFs%1y$EVSITxtCQCq+gc~CeTP#4Fioovta1Y2AcMXyK8wC7jn(h?dC@+tC
zkD}QO8M8Qq{utXG;P6SStdJY9=@vXvyE^hoLqy1LE0fjYZR%7bmYa((<XiYRT%<)a
zBS5Bx9)z$os+~W_{NsgHJZGtlku!zzDnN01YHy4mZ?L)I<C0HSaKW9BTX95JEah|s
z86?|leao$$Sj-+kgY0(~aB((=_*t-;5M|tzxkSWY>PSVF9a%D>U<W$XwdZ=0;Wk0_
zbIR^;Vo(R1L!Bo_Fgw%V%zGZ{)N<LN2`rxI%OhsdmUfW^VFX;7;>vV~H(wCQW*U*_
z)}LV;-($f9&N+9(1?8J$fzT6OeA?<R8^tqKAdmW0m!&Mas}dxIKnhm46v<;#INloV
zYXUEkxvMNQkOme~9eIQ0DR3<zu(}gnL+ga&L10FU0J@^rAp3t_Gyp5ORROZn@V@$9
zqbCjEe7Jc~%B*iCRN9EYgEhQfR5%8f!WWu{_~)~VOZ|w;i5fiBpNrZ@tP<ctx0rzI
zz?!xMFnH-}567UlkTo|ytm7*Sk9R4h@drGf5ynk#0b9HoX3x68qZR4DVR?{tEvG38
zI8L{Fa_dv-v-PZ^ql0Z=?7qS#yMhmpy5vlqg7&U0#LlBH2O_%!{3v3$fO4{a!PD9$
zNXS!WlaCg`2V?`}Z#!Jl5K3Xbtb?=!^uulEBDAd|SjEJn4%m?6U1XCL@e+;HPGe@h
z*b7OZdj>q)i_rsZi`jwY?g6q*(NysXD6|$Q^azN+x*Qt_jk^>YN~uh5dg>E{i=lVY
z!!`&1T75jiW;jAYLp{H}>hUvKjQ4qSDaM-b>R@oV`EjEVL3bwlTV2O8`dkO%OY#p%
ze9!ev?7bqOZVUb(zu-UwEPedN+5scOIrrw9Ln-&8Wu4KEF4%c3M*?Z>O&C+R`+dbx
zbITKY_i%Tn!7#JX21h_2PAWYPbKs9=7_bqE_ZkOR>qdNAOBM?r2&(blq|l{xzpyJ^
zcjPu51OULo1k;_t&_NhFN*4Oc&_`XqkH+|OFOqFtEp>hJO0q*N?+)fG9+~>yz{tX$
zuH`U8VFa^ND1c2QifLRak#{5F&hoQ_5dU?a5M7Kd5xe2`c=xemec^NFDr%x^KRpqU
z>FspmMM8em-C{4OOtM;3-mW6OQKsmKIJaTx)Ej6oy49e+4O6<7%ArY4Q<WfQ-EO#7
z57@Q^+r+c%sCs3S;F10Blh>ydqpDi5E_0xal@FiX+c@Gm7i)~N!?px8_6))}(MC`e
zPT;+7jffWYJUjZM0)YiJWA(8E=DUSY2*gD>qN3=GDj`G*!31^GQ))K2-WDJo&57^P
zBCp_{NW!09d@NT1{YQ1BOV3EBl5gLjA%6Gd_~RSYBo_)Az5M<kyKgc$oWmmcNW*2q
zG*p)nZYX#~_>okn;g=?YsdOJQdBoXadUdV%s+%MoBog2)vtPBP#n(kBFSFzr`w?(C
z)u+_E(5i;Ni0_Bj9Zo=LZ`5DP+Ow9V73p9d`8>r3#$CS70asf-!|j1u$B=>Uqydy0
zdo~-h>15)>6D&lZ_gX{#3+H5>!5zF~_FeT((-zdsCOs#%ofp%2ntS}j*4lni{IUR9
zUCM6o?_tq7diTsYtYl*C_0dOl=&Rp&BxXiTEDer$Bvt~Z6qLPI->gC;sZXiuqL<2e
zHs9lt(-pL=vQ83XKKaH~L>6w$KTpiqmUWyQ!{`WEdS%3Eq*{fbQj>EV&jnk%h@CjJ
zJgHN7iiu5j%s@IcMAX?u=k_?L=IRadz`K}3&Zj+b8oe5Tk$FqZ(U#X4Zyj_MhPIWK
z4xf+ZPHQgMLMk4C<s9lN-hQ|qDS<B(etU=`AP{MF)7fQzvAO`ERCWgD!MGdiVrZX~
zdNOA?)5kr7%^>BNGGgCP>}6;}b1xMx215pIuFHiSz}!onJUMGg<PV!7Wc>tAQO)vR
z`h<<If=1V>k*-Bh^<6GpzNp7!$S`Dys^<YdcvQ`U1MLX%WHqyxr>?9*TH`p+2NLLM
zSpWBW{!th63K^RJb8D3k7S|bDnk6LX7_&xj;TlRbauq7fcrIEt^=Ijc@nIl)VmFz3
z`<<)x24&e|7wN)9vab+>vMksQhx30^#Z5xpLoCG_-t?RDa4hx7ygRQm?oP&z0^3uq
zt1=Mvyk{CJtJA(tC#J7tH&yfthKrx&*vvGT;IC+edS|%Oc>dlzP6i?s9m{#y1^NbM
z_H(YwFF>I~B;PT*10Umbuobb|=B)hEJt95CFu<U1O4MXp@;(GV_wm}1zAD-(8?!B$
z>KOl`W>9CHgJU_Ro<naI#WnA-X`>PAB5vexbEA!_xIb_;H}wHjbDWn}K3$Wf*sHKR
zNQ)iG)pQl=WcbgwVza94Wtq9tsi`Fq8nei>2B=DH!Tmbe1L(M|?&RtHX5<ad_stpY
zbNDCp-}T>pVmG;-`PV3=s350NI|x5kXtwM}2sQ^TVARp(n%(8Wvnv}s^PLzpF+>`E
zrGFBJs2#8tJ7+s4jDiAT<!xHXq{R&%A;{Y+LUjmt<8^f`oqtBI`5bO-?A`Drz-YEy
z_YE)D^*=BNL+8!hUpLP;eeRnDry-A?K=Bj>k8nB`Ltkb*&U9WWaVF`*$V>Cx5&3An
zH{4r35QAt4x;`C&&X(OlpGJ=++q--LTHDtl-P+1A*9`dq8!|UsnlMzesLYY&en(sQ
zf9A+YUl&jE{G#0XR$|X<WLYm1nRys(kV|TG3GyuB37K~7ti>vJG|pxAO>zY-_ZoIR
zAlP#1fc*>ay!v)@)IIo&&kPO%HSVfn^8noeahMXkA9?{X)adM{W-7)@;h}-@AUt8L
z**2XvV7j_S$7+jBGf}Xb)ej5qx|gn3dydZu3vIi<XgRIXu@<z`CH!s{kWKPVc}f(M
z5G&w4)e?D<eOPxAq>=@yPyl^vQCrkvQ8TS&O&Eut!F}fZf-i+b2n(>6jH~rQ9RxqN
z`E;iJweN~rXK}JS1naNkzP`_+wv-{(fI;8Gmm94CI4%gtBcW7S`xWttSgBu2Vv`Kp
zP5>7(n=a~zN<a4{=?*ZzlPMNQ7*79h02ENX8i{qcJx;Ry<*$FiZavC+H4vmHzYO-#
z`W$*)`4(qt)cwgi^J+Q@wT$TgQ-2vHo-!iHH>F6V$qOX#f74p=<ij74RV;z`NOvLB
z1}_>38SIkgj}epAmsh>IEfYRG#-1fMZ5QbvmkR0ru^3Y;Ama=ht|d07;6g}d;04#Q
z-j6sKzj9*0AocPP?0U<X|Fa|e&9B3L2c$LCOoBz?`4Cp80k&M`jU>-PZCkc&#71LZ
zP<YC}T6tfc;d9v5Q+)vI$Tm%;9SF!jR`2P&H90*+HC4Vv#8P)AtRbNhawrqv=Q!t>
zfux&XOoPDh7g<`uP6rEu2y-WiJwqXQQAWbWmK5WqhYR&{60w%*=r>Q12wL3XH&<yN
zmSxr2tI36BI0AGjvfMH1Q6D4K0WJnEkKa4-$<Mo`IL~ftg2Sw&xg8d7vF%atwncWu
zN>2k`>3_dBdNl2W;Hn9HmVGMp;qdtfP$&<lxsbk~_2`^I)cHsUKEl>f^Kq&`=VlR2
zk%24s9c0L`nQzC(UR7LiQvl<8-}SpVjsKeFpte5o)6UUh;5OhL3`UlIDh^|ECxR9c
zl&MZa{nn%R!TQO|WtO&wQn6=V#Ad?w`A>F#XRJW(Gf5_@MrcqqtpFwX3qI+e`wdi}
zf~r6^GFB;hUNPloXAlsU^a?CymBf;=PN_8JH!`wxtbQU0&HPfKi$*XoXT^?jS25$Y
zgmQWDFl|^tHbSuk8FR74OLb#++SYRacW&Bv<%*e<hATf=sZqwvMgSG-eq?hi7x`m9
zu2~<R5#5W*6&J5=s(I@kIzT6=oMa5hQk)+r@_W+|0ZwJ=c{-&RGiGMmuhB~ca~Veb
zh4?Y=spiQ{c=>D<MLX<*(?Q>IVjG`}xP}}F-1vJ(fFkm<_d4=mpc&lYV!=tuTN}CX
z4FHKPV_LOprOXJO4B=(Fw&c$@IJ3SJ$@k!G+>vp*)kOD5V=x!^9v!TK$<LeF@BRk+
zn^7kWD7izjbKcDewA(~!3n{GJRk=l)!30>5BxpsZJC_9O8c9i&A}q2pwBG`hjSP9e
zw*>z$PUI6{g~U!J_>tD3U;5RbDKF|0N;<oJAY{74W<s<D5?bbPe@&(%<My>w+V#`g
zyMPmOg6}3X|Fb1KTd-XWD8aIEd3f0hkgvEm{ML19h9xmT4G&qn){U!x+v2pFw$jn%
zww#pB5*_&j!ZkZJ=5RD4B$tzU&zNI1rr7G@VOVV$+|u}%GZ7chD(yx(36!DMF&6hC
z=52Qx&;Xa<5*|+5b`t?7#!D6jl;Oc(ydJ1IZ@#ggxM%gGd<Qot!l;qAU96QiM80p_
z@mt{J;_*EW2W%6RtZ-h_5gCKG)8!Sb4wzstdm$;vVSGrrpk|gzmOxYs&;TCq`SSJw
z;nQ=XrZC9}(xkHbYCd*w>J6gkoU6wm-+wU^87&yNjDRsyYd9NjX!c2ppeT;U66#BT
z7UM3lv<^^orI**OCameh`biZzjyWX}Uy(!;;6qABMl7N9{H$heaCJRTZZ4sce7s3<
zHOSvSU9G}V7rWgkLX_>JuOLPq=1N-2-Nt?!{-CV|cm%@do!UF|fs?t+XRWC-O)Ddx
zLR{HYpWf7Wc(v0%ss!t=*=aNbz1YfnELeGHhC|P^F?9+s!>B!O23?mf8w49)CIKzt
zmJo^X2w|}Rt^uho$7tRkO3H3Tq(KkDC_zk&kDt4fgy<)!|H|a8rXO4i<DPJhKE65Z
zBNE~<$hi+{8hdGJ6uX5{n$R1!LK=<$zi&eouc#BgW?WzJ=u~@hLuaaCxWNlYVlIc~
zVJZGU0Rzb)KY!^{sWY%Mt`499gcx4iWC)-Z!kC<><yeL546rwE6gNGnT%KI)gvPYK
z`$2+1CqQ9iA@~YC0jQTT?@@Kb2U|zTNnYxTvnO~3O|2SWMgVPspYycM=3u1M+Pm{T
znZK*NENyMd!k!Xt>)_4`BNJXqv<#YbMjQQp28P!hjFsjr-&stAE~aq&*lv|IBW${Z
z?W+)=0#=&uxaskTz$I@3U%6dX^T+i2<nbAp5fojuo-qBS(c6$s>nldg>F!;SsD7dI
zpYg-GEE%!{!e&+Um=z0{styJ;#lCd*{%^BUlD|=*rpf9HngW}Y7gY{?T15dc;FZt~
z$<dDRz(?S!gE^Qt0cGL2XVSqJqf!fw!jwaP_g=rS1q)+pEw*iONmyC}FnvYzR;Tk7
zNEsHj?51QX*?qLcpooK<y-C*AM5FVO_Pq~2?XI^vl+ME(gyb{zDpYj|h5nqR^5j+!
z2@`N~41&|S>KBoRa<3?K^MW(JMQ^>tIFEG}<KNI*JDK#cz7dzd(xhxa4aDxS26Ow%
zV8`3a87%pMAhk94jt}CwEOH*IA3(FvnvvJBPn_6V1PXj`hJk;}S?Y*9SEbMT5(kDV
zZ=H^WC<Bh-k2?Sri*4mCUI9Tr0hRKL8pjg_8R+6mTu{f$k$(ILOmKz*-H#;kKb-vH
z=N@(s2edt5lPN>@kG(+}KSfl5sR4a$aAuo@VwoX@s-MyfOKoLQ@bHC!U>)#Ojmq+Z
zOl*TO<QPR7;7u)8>1m*Se0d%^y;KW14lJ-4X9n(_0?k}+oX5%A0#j)S42QS}&gL$o
zl7h4Y_875-+Wlseo|%Kj3B%LAfbT3d!K`%X0urpy_&<FsU^mI!?>lzfX`cC=28YIb
zM^c3k79%$@N6W#_mDV2^8P9hh3lO#Bjie(zFd2LE6b?ECHlbk>?^3=V+30p2Ef?i!
zcrMxdHN=^)Wys#q!j1>DwVK;Mh(0_7X+Al>3Ym%FUw6SZmNMcVfR{Cpdwf!|5nYd^
zMQcfOvKGR%x7$2O&HnXdmir{ZU^pspHXRO|J({cQte@C<{o~tr=#p%HuWH9>KUcvo
z&c;&+wA&X@j<4cfx_E$c4*&y>X-?ZEI)&V7O_sP;(>y-zw4vMDUI(P0lLYVo)*fee
z-tfPvzcipHtP1;LaxV7Xzi;;+zrqs5Cj~s%`R-*u`{lX#(v`V|b-^seDw}C?b3_8J
zYMbSokq*^WyqchsX4?-o6^ST;(0GXo3OBCS`%k*Aiwrjgn5#huLonAFv50S<ABM1`
z=|fIM(;E6;Mi;k%virg4b@PouH%oeIpb4v1f6G?xF&jbE;+1lXnRKy_o?I`+Llm}F
zYl#E!{Cs&gWCxW=3>y%}+s{#x`rAX%RDE#zMu&et&$_VNjq7Fpo}Nl#fvV#|br7Dg
zqhn=*@!#OR7%u-53ksFY4Ip9~KO-QRI9U;FYU_4JLHDmm;rn6HS%Yr^MamvrmF$#v
z>BIFcSv=#r9O$QM;`&_+7jB2f8}da~HSLA+Jap(_31^cZyWFNyqg~CHLlLu9wyknZ
zM~?IEur0$TLkmL1grvMynDrdYygBT}ZDup|W~)+BACqfLur`nDw$IT8eDD)?Z;EoG
z&=F=`UkS2Ud;(kWB^vP@tc}v=ScP0w+Ftkn>9OusLZ4CXrY(F<Rqpb5Se*FygG-(D
z{!ixP%jT7g(1uE=PFS<R1p`lud!@EbLTH;SB8e>(f!*#2_woijR^oiJIL29n?(0k*
zjddpd(m+OMX#GEL+!FGqTBY&qJxjbcoQ*CtqxK1CN~+S?f2Q%hEVtl*?aKTON6^#R
z*&-JNh~jc$BT|b^p?~EQJrXP!!Q)`R4T}FNpK5RL9rfuIp3{M?s(SCpl)rQ^wr4=h
zZtrKO6XEL_lv&bFtYL&%-wa9#wdf-}TrMG)ij`V=&Le1~s>61JGFrmhmo}h1<ea0W
zru`Db-1mSLV3)$~&c^UL{Zr2G+8MlXvF*&>^HsLz0Rielj}n)Y{OS{*@e$OtS(jw;
z$P>#qu;7*$h3u9*KRx#a{X1wO?Vab-v>h0Kx5_0~^p06%Af=CQeXs8qB2nT%-TT<1
zAE0O2r5EyI*9m!n0`BimUP`osmL*;d$kpXD>uM8-MdJE&jrr`YMz|-=YD=BZ1XQQM
zF}Uxzlg!iyb;t4J5NzYt2P9=8CS&@$$J!3e<KtLXm0jfT0}}(6`mNs~M?>l=%M}gf
zy0AV$^?RFF;!piI32Qd_2yK;e3=@-UJd!6?(`7aGt+0>z8)~jzkTGhF8RG=KTuIes
zj1%vfCW3<1#I4L}8<j`xd~zEtK1J4i!>0?_by^1rsv9x5P$ih{wAJ4B<JFF}IW0C}
zOzz5V`|^{O63E;Z@l0jK1RK8CS*dZu<NTUV9eU-WgzQlN<^>yeh{{Wg(%(jyGS7r|
zbNVddh-&Kdd#&l&hmB;hZ!|~xoZdqPA+v3Na=sHv#qq=$M~?1xG9Mg@e!#EH4$p$z
zflp`tx};O9#rP0Y1pC@*-<PlAJkr*yvYy|cb#?JF$MI^Cr=<^s6=FT-cw~Htqq4<5
zmiUh!5!o1=g$h5leG8)rgGEtpx#)oPtj<Mn(sLiA{6~Hf44m!2;nL<|Wv^5L5~<Ck
zxHhG#md&p(zS9ije+Ia(RwK3I`~-4CSVji*Qt5Fa&65X^I%6p+_XG=`hR_INp3DJI
z-61JpO&9wJv-*3?V(t%)?8YmtS}LLg?U>ReC>01_w!x@N*DoMyayZz&m(<#zV4qoT
z1Q+*X9?&LEkN+oVK3S8^bFNf~$uMYj&}i=a&QEp1KY5=gGd9(orA!qb*6Szwweh+^
zs7|3FodQjgMX<B@Fnuv|VgeZR)GMC!HRkd3DB~N7f_CAao3q`)#Yf>MwG&cVhLYbF
zmfDi0>yT-N;S(7*W0eYV;8!UMCI*tPx7O3T2|Uesue~`(7tqzF{V$;=2P|?<e0wtb
zG5C@;4*64cAS2|G1_VDd%!7~Zl?gSl9_v{@L<W|ThL5#oMwoUx7cg75Lf&(*1ug$7
zoLulR|GBgq5eQXFJA(cjbDG8$MQdv7Nl1fi*(`fyy8ZI9Lh~UsL7v`!Dzxh?Tx2#$
z)Lsz{p7(WMVLFOhgEFDyyY1ul*(gccmn;=u6#KUS3pK3i9|~`cU8EREi->JHHTqsb
zL+1P_69!KP_-uO3*X&YJ7L%q+{cHD3bhxZ3C|xbPQz<_uo1W%O+o@8Z8{Mb5F#K+J
zi5Lqz{C+neb)0*f$_eQCYGkSggV^M9>^7L4Ke=`&V|3Be&qCZJ1auLx-dPjk$&@3J
z@)nhx->5$z!b#WFK=)5?;CbFr{ZtwH$`CT=TgEFd;#7yF=`U-v9e)S8<KS>s+~C7I
zZu1Ea{;flccLjVW$t2%JeImq7j53HWczLMdorg9(O9yrP!0YSHxg0L(=>qJ2JeX9N
zcDj>K4jhLP=n{JO=mbn^=b&n_F}(rj6wmIc(!A4di~%gYYKU3J<*TF1eNwC11z{_I
zWRi>f#Z}iZ(WZv7J;NbTCZ)Fb`FHpNalJyeCTbQ52`v%C1$FOEWYHWnMq*)x!&hR1
zXYU?<_#E1if`A_%-BAfKfD6##)16u+V7fmMY~2l)WVGF*Q)=xGzWMn|X7{6pWSW$`
zt$x%zIhA1xm}a!K>?u3%Jr40soTD^+#)?Bq)RDZNGvl5J!9nk2oxDqXerA`AG{dAQ
z@-V2rgg^$Nii_eO4P#y(Aaz@2Jb9?Ow$5>?6A-9M1yX7C6Btq|jrRPjy{UsGb~(?;
zY~v5NPh~q98}|}?Mhg`<xsHy1_@pgE+-3EbNh;-IWnZQu03@|*jMf4Da8F`mjPl;h
z(=MoBTme9qiI#$D9B4ClYBUF#f*73fpB}sbH8UzoS=@{L)Cshy^LR|ufo_Cezl2~K
zT}KJ39*UJ?yV<1}g-TuzfuM}4vOTa@G*&*l5*k(3ptpBmuk!9)yhBRutVED2Fy(LG
zJ67=5xgnql+F~uvJW@wYj4zHLkY%FA90^t)N<}npAwU8<|Gts~m-8s{`j0$Jq=F)w
zLc;^aC%>Tnl7&USJkxY0wT9ig<Q`@rpK{VxF?hR`GFY!S`IIBN)%o5!r3P-62yY9e
z*~AeSf@O}iyR&3GQu{*1dHoifOV;L=<{YhFq`+jBI6D0EbB0(mO1nfm&;FQzO(MRU
zO1S4=_H3|0RkL{TlN;~xPs16GnEVTjQ4Y)cwA`vHoiA71+1wsEVy`Am?;d-mam4Ts
z$ez}_c78q>t^42P-}L_FY#SW3hz8YA4Nq3#27##W>$;xP%3@8@8=9_KuhekmX1Gl}
z!dEIzgI625E#eW){%VP<c9r}Eo4DY^JErv3BysuG*m1h%{;03PSYr(C4zRLBLkT1O
z2F}4G5gNhsbnIbGxr*rbT#vEPny_|>NBnlrIDYb(uUDfZgT&<6VkjwkcxX#>kxKS>
z5~PI9mw#W}f?xykx<$3_XHfo$<Lr%uuSDu+=%RZaH8QmS0isESIk~=QrMX4@?Klhd
zaeqz+PQ|g!#TFh^o;RqV`q_7)lNQLF*5+#v`!05!C*Xp4m-?f#$^_}0f#d<{a88eF
z_F_<0sFjlR`|gL|5MB?lTMR<>udfN4VQzE>2*Z(xY0JZ%oilM$e+VxjoezGQ8IdAv
zmz%!I$rhWJ+2;Ayz!ZD_ws|hFb0aBOUyY&@F^@H3(F!jkUgW5?)sBt&7kTk0E8nDA
z)@isRRFBmH*cM8*TEA%rd=Y8)xq8TFxRah^zxOKXTkS4uYMc|kTt{#7cIgn`s{YWd
z>>2*EE5$uHI?Lug0s%yA7V1(3qwoVO4ldY{j$)jP46D_*hZz>`WClx4cd-aZhYtZ_
zR9yF2XGaT%s>2Q5N)>fb8TGzLn99?|zHmk2U;^P+6_dAI1QBYSVP2CA_zc5;N0EBB
zUK`f7*quYcT-&jO$%<{hyc$RKDMU9nccMOR)vp9XzrIZ|#0T=#$Kx_IFq%L_%P0nQ
zMW<snLS=T6L5_zMSJ5&>hwmooNxu{@Zhh2eB`jDW@{Ycvrh1Y0V_aco_^VK)?u7Rs
zUHMJ!wvc*>!2BN-6gIwbCVd$Z=<*rc_%9#v2YbQ>Q)kK0%y^{!b)dmH7us7<80fhx
zH|g6AUXEC;swS$A7%0yQ<fKLNYE#|dxl4^>Iv)33mF%lkfzu26t1Zsb-d{?6s>{Sw
z&Do^dm3mp$*}v6&>i%cYw9Bf>b-;$|%=YZ`sU%WFy+#l7@pEm;eEbqcOY?&I$Mg~d
z?c-M7lGCNNyl9yYm<%so>&$-<p}evlv5}yxuPe-e8J^3e@`^wz>ZNV@BBHmk(S4rf
zi5_}h7=_kecz8->D?%E%Y(J-3U{^dMlLc1E!Y2O67eOVQ5$F(((}d8S@cTvPcqa@4
zY3@%i5YT_SwH#ZlLW+R&`o(2_xcc<A!w%oMGsr}oh(~*O7XG_Cy%V=)zz`H#)NeCN
z99IUdvVC%Fpeuj12gjjj{wVdcsG7(c;e&f5cGULO01EgQT>HDwWA&v)WEY-K*^!BL
z^~i%7B+Omb(h|-(I*NfFF@c`2wQP%YZ;s@yt1VfSvI7I9^R&RBMtr8B8nNLGJp3jy
zBH1@Vbn1mVhz>oAKCQ^0l>X&Y&2k8qoG(wSk3`;I(4IgEto?id6BE{dG09W28L~3F
z;r>AeGagrWRRMF-$_}kR**3ED0ycPZ_tRSsNR9F-6T<ZX6bpoVC<zGPKIA&xBGr1l
z_a6-ND(K+bk}?)(#D-_xW93NrNogvwo8l5`eA0GK@;7!);g|$UV5!K8O@yA}Vmk3R
z<f9GW5ORV)LlynGVxnaU!HRtAGpv<qJllH5BxE&AzXmBc#MDzaXdjKRg=tC<`6v-n
zjymLsI~*FOW)v7j)e5Yl>&YKuK`%KduGJ3>_L{W~=Eq1JMQE&EF6bT$;xzQglUlft
zY$>;d)vP_0e@5sf(#{lG#08$@<vWm)L*l$G0Yu_U+QHYg$sA%~s#pPCz7kNLSg-;#
zSOZjtne}@j$AM10>pKX^vKx?2kgH|sLg_$0fm-@Xq~<Pvr;0i^v0a2oIlqUyP;t<K
zqJ(*-1_Wq`nJBOaR1gO0l&pOgUIRD~01%PmnN{&@Nmq}x+Ph&4-0?!6M4IwA`5<qP
z&#KD($FSqNDoMTV>9TEMf?*$HqxD}^l9mm4c3zMqRLZVjG_?v>xOx%68{}e!QqjE@
z;_<IiaYCK17>vnnpB^Z{$6sPYPsL<5&_XhSre`9aZ)x3%2&m}5qy>drNctYetJs`{
zso%NWTYn0CY?MO1D&zQevPTyy2c@+gvMCOd{XW>sDrO2*R~14tP=FtLVYIac0o5`~
zmKa(N@GtTLU?U-lHRD+DFfXo&1e#VyTm`Ff1_pdXgQ<G7GQoD8qaGJ-1C&r@5Kxf$
z1wYVkqWV+mY6<hbxa-MA&L-eLE6J(0L-Q+H5Cgs9u4_zT(E7|j0yEmO2=<>))>~S(
z6~lKN17o!8>HXD$j%$#rsb-s7jAJ|84x(9dCA;0<kwpS$2wGk7#(7W&8Lr+~3{P@(
z(5<x=zOCH|5nN!8@dH2q@{$;rz_0`^iZ%!C#d1qYop41{W}9z*M(v7Xmv(HTrFX2S
zb8mJ|2i<J%0!k*txiWX>e#wuW^=%Z2ltx+5=wSx0-KzaG){8`)(#siOf8f7^=XOUm
z*!wDMSbCxo_8~8bY~5pm67}C`IRCkKrxr2E$P)aWMP>=LU&FV9Zq;F=#jon$p3hI#
zNYqB=*4z9it5&(PreDJ2jp8|hv6qxIx|ti4K3mR!0}nPPUR9t6n%7KBo)(TY%@x56
zyTNwRv%33zO%_&yD1#p4-CWsF1TU^$U=Oi`?(7SBn^lz$A{NsILIzEk)L0}#d%>~#
z_BRBhcegxIHF2A6A7AT&2Lxg7A1fA#6DNny8v9V4|F`5pE_^mP#<~~BQiy8He2BNy
zo%fK>V7DQ2O()^3T>__%<o;wS!EQbbDhqodWS%>iO2KP<HW)C<ucrpUgQQ{?M|yud
z9r2Z6K7d4`ySYNNY~a;hX=bdt_d=1wGjzm-aKRFIUw|bM>RlXPeFi|$c3Git+dzX(
z#zE;r#mx^>SC5M2==AeYjiIQFn5FMQ1%bqTezlsRG9^W!#Mg5;m};K$j!gwETO&wc
z`RMMgrr%37>kkne{qB3Y!_})H5fJrW7p$O8o4CD0>s9#(;xmBw@^_B(lbn72T87$4
zIyXQBsGYvDAUr(cyO1mqN%>b|=L8L_#|OIX&2~n?{EIu7<-o3N?GaM8{|dHI4h9<(
zd@BuMH_{m|GLFk<f-W;>b~fT3B1^<E$~@<vh#Fac@(~SNg$kR$I_AffHt#~^V(Kv3
zkC@}%ilRbDiK`uvhnX3og>@D)A-cK+sK%6k;~k0`SZ}vzO?JX6T)WJOIYA>3Akesj
zawg|xbk@<3HA%{FFX(pOS$)acQA`7izlq)}hXnn)Xi|DL3%G2Ds)HxqGccQ{NLfqr
z+$Z$F#q$gRT9iXpZS_Uvd`oI+kJAm<fm-c#ZJcqZXzDMvSC6Ddg+3oH6?42I%Y+u+
zGP73HP_lpow!S0odYXJ1E=Dt+EY$>=ep8WjO1dZ?oF<M(ztPt&Uw1wPl2t(Kh19bt
z9_(8SZE0G#-d%M2>!}C2udEyUWX4H42;xWghi)=(CT;O&iJ?6P{glhp+`H7#;Bh)~
z;Z*MaDdSzvs6#a0mCq^TF`={fY5e+o{*eg;qJqt(4H=JNzJb7g8$KFA&B@%wn{Ug)
z5PIH5_FfaFDD6KfzU07v*41e^xQx50r?1a6#9w6Kqlp`)T7nvfx!?Qz1ZHV>Z($tr
z)puBSqNB;L_;us@!-RgViPUECXjewD!#gyutg11Rv{dKLjIT~?g8mpmTM_C<xL-{z
zENH(F2iX<S;)t=}7HYoHFv<YgjqT9tT2k%+JYkseG`GPwjq0TMdqd2Xkpq!)wKPjx
zn2-8VoQBcpQGi`{I2s5qmj#{jSB-+=y&hHcGihztmSB{<quqb238&JH!hwN>1Ukmd
zc3LXyH(bXpR{X=qWCZ`rza(`+Mu?t}O*(e`Kvsc&uOCKDFq@@V$B1ne?PI!e*auDC
z+%NXUuD>;16^?S=Gp+^P$oF5cg;Z(*&m$WN4W9-V9zuaaP50xq2rw1=a|cbbB+9)c
zJU+DH9Y|*~g4aNtC8FwK^Da|y-<9(b7UpSDPKY6I7KT$#fnO6}&r*eXN>Y`FdpFx_
zkECBTvc1ByS2q6BVQH6|Zq}wbbpMc+6f#S5;@jKR;GOmWS`>C>+r=wCd?s@VOvX-O
zC|CmjS1kl>ftv8VYijCiaOdxI568OBBClX2K&o4`2bQ!5yVgqP_#q#qmaErX=>>dD
zQTR~~PW6G(ueG?=iED^a0i6g;yVTDyNiyz62Tr{vbvuYd*Iw9Tt|2j^lf?vn9;26>
zpN=7y5KN;ABsP41Q>hCW9OZQ^Z}9LPA9YG`Tjl7QWElN|ykSDt@!~DRuwTIklUP)F
zuUcSLEeoF_XV}cv*eNsFuD`z|TGLQY5IZo`+q}xodS>WX?qmT{YtnzqS?kRrxy;Ln
z$($;H{_!t}6TlTs#8If+-k*qK{bh`wwRzV#vdYL**w99W|Md3$I_U=B`)oZYU?#;P
zB>V5t7;a#<cu$Y)VJZq8*j3tvk?a3ui$s}&lB$w2>O~f^Cq+c@s-TM07j>g<q{`LF
z<vfBNvQAofA%lAWia5tRWqg@<-FS};x1oU1w$S~nspWD1k-~&I6RNW0;0MCqUjbMp
z*04!rUDf7V)mC8wD1TQ*z(j{2BBdnlV+aqhZ@_o1@xii3;!leVMFht6u*Ad7{q4?I
zA@gwu8mVATl@xJ3pMKYkh(J|iKYa|7050#q^iL5JKoDJi;WL}S>$m7Ak~yaX1Ng!k
zeqRJX=61+bAb^X9wz}H2>VM6Klcr{dYs4Lc=+{kXcamXdRo0MCwB;sn$qKzr8Bh_3
zG@J6z>otq*huJAzW|8>!*~QtLsE47xFmPhhCWGY4&vpXKfW79gWuD!sd#@`sQO<ws
zSFwp@-bGQ%*hdP~dZYN^WLDT!)CZCoBJHXim~w%G+XlV*5xP^-<u{<umv#^-0xjdn
z^XMba$V{iSDG6M&Qhd)gfF;XEmTX|6p%VHG=0_j08Lb5vgl#Xr*?dY`FL`u`UU9~@
zhT9dx0>-r26o^1UCO!>%qrBj<SI(#blpK(IYhUy<v<1_o|Kx-95vkMTkjFj4!TBi)
zMwYRySCPR~6{=2!w&L8`Z-Z+Cnv(l{$o;4(F*r+c&z%#japjN?4@<$x^aoeh)n$Pk
z4GJ&~mDILiRk%W!Xa_Xgt#^g>u!b8H<K0r`>v<{ld@H;aA9;Np5HfzEXa(7`oK14#
z84m&ezVoNC5nl;0a)+c;;nU!X1yj9?2h%}^CIJ&iI%enMjhs%ytJJtSjMW@4&39H+
zSqSPLT`>s7;*oh;0^@!0&#!Ei$VbP+hyX1>(!XE0&4<hl48#ZNyl)S|`@-`dau&)I
zsaaV@gGffrWTo@zH@sebbL+$>VF9Slid`E@G*Xq1H(w<RHbkTxWQp3loU>+|;6h^^
zys{v_lH(R=&25LRX^EwSrgtqQ^!>Qa7M)KO`o0g0lsX?#msdM#@Oo)Df*lP?nKDj?
z;J@E@kyrty4}!q{v1$kDvDT`ZrsjODC@&Eb`)yH+BTfGj-A%hD|0!`>+*e@0*QA2i
ztI{P6i*T#D7HgPRH43MM!nLuIZgsjPj-U}*7h0w_bNxafs~mXe{!<-&`^l-#%5_`r
zWYCGa9O<=qvQloggLL3g=N!&^X02RhUf8trfIF4P6{IX?!#EX=J3L9(4Lk~MJQibK
zCo5yX3T$!ik`bECcnU<dV?w5gGNoL4zy?yl<Y`dD1R8!rwVyg(-H|_ts=sL0>2nE<
zQXrXeNoD@FmTuM({WhkE&|_f|N0*W?YB3F~p(l=!12X)zZpyN$X$ScgO>!tNeH(L=
zzUEn^MKmEch=m4UYnRd)7P5?0lz*B2xYgSvmF5ZN8gmZl?%to??!2jknl=0Iv!HP|
z-hd2%pfGTcbkuo#ZDHwaAz1771OfzJnzhWe=>$5AK;NR=-b9Wj=UjQsV(fuqS&=d!
z8wK`x92*otwX~DSuwro6CtDh~wKlLxb6ESSo_zUqhpT3EO&;<05Wuyiu9)NhO!1d>
z{qOCNs}a+K5#<A1*zE5~Ir!1yQB55mZLdPeb*)_|-|LRqD)vg`H41zS$(lhx26VLu
zoG&~MDSZxG8tSyK#@6?`WaAm%_2kmeNs{R7ccxL*?@s1dN#f(&DztMc(46p@xK{|!
zHb*~5$(z@nGi^x)UTZ02ybaWEd`-hD^tn^1h1YX|h6`o4kUbriCQ=b3JSkBxCW{cP
zNra!gyzCPf*FNruq!-$@mnw6P$;RMjf}P!c9i5<IacAE#IgeZ8Um`i#SJ+TdG>saj
zI|)X*(k#0$vJUk=WG7*<<KO)POQ5$^1C5**7#(Y?gMI^Q5jRDx=3;rOS|DYLt2Fx)
zMY65{23S7+zHyrKH3AzLa9s>rSl$IZZXnT;0R2K_gsNYeIb;0;TvH6XGwyb1AYg0&
zy+K-sZbK@sKH=o1Ots0&p>tcp(B>hP$Vm9Ck|+|SL;ksOpn?Sf^o{|BLLAiRcN#|Z
zzXD!^jfN9;(Ueu0w*;1Ik)Tn$5^?|BsFcTS=*R<3(?vK7gm$T?q43*JT1_<k-)GxU
zKOw(q>X#=~P?oA*<#@4{w@WsM?NMP{ghMPEA-(SVf+B-6V0OTcUNDDaA?2*7p^nE;
zyN7Y$NLNm{jW0x!q_Bxt*=Oz}om=o&quXZO5Tcq_r6fC>CF4}p$B7qkA`3v`o#W0Z
ze5#u*1M@atC_sGn#vChae%+?h3yDt|wN}Y`7h7LIKgY6kYN~ua=-1uL*y!*Ft9z{W
zE~<f^bYS|93ob>xXjNVkS;D2LZ<KhJ6@N=9<xM*~M>Sb*w;*eC90a<f+?87C?0vN%
zKq^#50=}!}kSj!ou!AC6t`)*KU9XnkxR%Lrnb@9?##)5=2ZT|4q(%J6NmB%d%apI}
zCuR27j($LGu;aAPzA!uWX4*Q*?u^=a=`&6pRIX5eXV>Mc<^|Dq?u{ds!q<y9wuEi&
zxri(D{0<0i!;zlIuM*NSmdl5fXydMh0x&P1HEY^Z7rBenisb7m@v-+Mogy%KRC8C}
zCBV?P5CVw4q#24ffI!JMJoGWv-zEw94OW!Wlns=I=Fp6}L)8(S413Hr?+Lbae;$rp
zVmD7~g*?e?Ok0!&@giUrv24fLM*~;=bJEQ2E(;)%JX8ihI}2<KK6+~<HL08xC@KVL
z3CsbkO}{k5;sGiEJ?qqW@VDcJwnSMZg+N!sg-*Il$S_BfQ3+-nmy#A3QvtuTI}g~p
zm}K{m!2VJcm!N6BnQ+e|qFirj!N+)!GkBD&^639NT&p%&hTOPK%2E2kH@7`=R#=8G
zt=Bk@0ptH|*}q3_y?9a!`lTdIUxx-on;$y_juA-C(Ew^RMFdO3+TAwPDdeWj_K)!w
zwgDf6*Q5$Z2D9?ej6f{fW-*{}XYrq|IM*bfKcqM{Y4^%%jauQ}(OAW}%m<Yh8xaX`
zDMs)+8Z90E3<;O5e0hMbXZTfxd#Hn*Zlx#tWqTbqev=Yhw9WSL8u`+r4Ys>%6Z8-Z
zDsE771SqtOS?h(NrFUyjaoZP!lZ+^fayH8DpBw@SW{V)%jUA@xFa)-6YRMQ?`VB&)
zu%|<proJ+^tDf>+xD6{ar%tE+2sKaSgcIf0-PK8s*f|z>+^OaV!f$Z|pF5-YrF_Bh
zh9Mg>6_XtANn08i)~kJhsR`}&h6cgX6HMjP875sQWxgol6h#P?zCw_P`BB##Z{Jqx
z@+9RbNgXVKGlD)*yBL7B@|WlX%EHgh1kMMLi~<49WFBLKM8}{Y-fDJ}%>^;un1@#5
zm|(6liKhlV2d0SW1GmJdP4sKyX6JZ(KsYi{F4+&N4AIX{`*wNgf{E`K%q!l71%sZL
zW{S+4>Ilp^@I*Sir0ja_)hR*BLEn3fAfMi7DR?>_lVL8EQ&@<{XT-<};noMjuLV{D
zQcGD~0T{zhNF6YM)*<MHQ^y0R_@oM3vn{T1YJt+`gmI52YP|R}W>Mpykp><O<59tu
z9ROcCTu*;jCatEzFKYh1=<991)?v5!Kymb&)Gdu%xS=6R?#{`*U(*`|-cwC>Mx;t$
zhfgU;IerJ-z(CnNRT|i4d!!e80;#0G@)mqkz1GJIy_S7JJ|z3a<b+=;EsXXi>9}j-
zJst}9{!4U>5Qv3BiV!nFx90k6!_bN}Ob*$=SO($KNwYXK*Tl*9-|}<R4e8~`=V;81
z1dm9!0)kZ5|8fYeCIYmLm3|V+p&*+g5(#u-vU^a5La$iu*o4eX^ax%k_jQ+k#zi^1
z$3Sox%ntrcxiii8qO5YX*jDP!wcsKtJoJ2df2Ab$0MBy!$wmdHfxmW4Jv$h<q(57J
ztP9yD+KqOJ44ITSe_y>_#Ln{dvS~<CxIA2;7ef`^A!Grb#v0Z`fq*lt13~19`&eSt
zc&ZNU*~PI|i{9DGzgH+|cDyqY8_ykw^mqAbofA1|g%T{%cR#~5s^3ENZZQ$U(T$#z
zfNIPhGYT={8bo>$-BVx=o)sdf-Vu%tzB(UGXY1JhE}J&xQ*^FMzXl}&MlYd`bQc5Y
z+<psy9%?-<X4k?!?%ANT>#-_;WY+WtEYKmwz&Ip<y%@FC`a=eq;9^bcOGpyvD%9k;
zQdL9q2nKQ56}uwADXEN~QNTpwe{;CcaV0N>(96;(Lm3o^Z$z+WhEINO^!?L~z=b3z
z{&Sl)QiO+}gA5V|<uYW0gy0!aTsBI<Kv3J@?)+_TnOrR^#MS=f*6KwHB;~bY6ld%{
z8Q-uG1daxo%)QjUu0pdSI6gRHnFhkDcN%IBRXjV6XK?_&>4tjw`{6fKx(<{i^fN?-
zF&30ku{vq%ULLyv@c;z`VKq%Vyq{HBma}{PK`mRjnm*Hd8?r7edzg}mMq8$4XZ`i5
zH>SP2?Jym2i7OIWqRmjS@M(%8#<bPs(-X&~az(|SSIQg6&{H_09zfQfj(yG?Cfb6h
z@y0g>U!Fs3XMC!grMvrzge@5er?Q*0^RD(?O0h-`myLcWgtPkT>y9fpTzL^>I47d|
zwi9o!mY=WE7N02FD}HKMjzVryUfC^q1y|Ww*)0kv%8B5Ke!2pG(!obuV)es(b;D-#
zx`PqU5cXRV$zdoIBw861YU&k89Pq~5+<R82<M7zz1%eFkj<O)Vco+#+5zJKx&dyyH
z%G!hH%##PNl7`Pn`zJ~XyMJ`?K@%X_s)#pooMq)JX+1HC?z?dbE!5^LAx|Gd(=@=f
zmr;WrPDo1^@rn&eOG5C0M0*Or2l})SxP5N*%%%!K9W83cW^53m{;3rol>Dq<`Z~`C
zWO?znD#xCNY-=Qb%qDXoE%jAd?f&1w6Gv+;+0Kp1!a)i`FV0%c!FfC?6Q5N6`=KM5
zRZx?4&g3HLpE$)7rMR~yO6}Q^1PJ#<ub@fFr|bRTv3}s26s=5YRRo;i)7j25a4@u+
zYmE6t#q#b!gPAAek}D4KshT0xqy(GC3Jy}qyslfecS?ljmB7C37d-FQ_=_*5PhC#S
z0=5y*z7eDj)WxK=Ny14@AO@jh7*#=jA?PQ$1!D||kq7Vbij$mR;W?<O|A}c>ABDN!
zIPgszwplY-QDzc6ycj{J(KBq;49y<1{3>@ba?@yJ9C`JjvOR&#W#@ewb7v1%>1q&H
ze*?|^#owpJ*KE+({^`1`DH0mu5ctR09VchKG$N4JPYdh&kuJnUohVAu$7Kp_Kr+jf
zTHUIZoJa{#tbjcqrM#)#%j1Hw=@iUzXD76~wHBD_Y-s7SOR*aP&)gg<4iIB%3=4;o
zduI^Li*xsrSF<Vb8E$H2PjMFBgY{Rv&;ur>v*ChlbrRe6<-1M)I2GO+D9C<Zw6G^<
z|86yxKTtU+hm}dX#zOY1`5M0RB_8yiBg|hc0*Quyr%d=vx;sfBE$f^*=_#548Vv;p
zTheY1zjU;!XjE->8nQqL(VASC$g+#lwTF2iotLWm@<Ux$+%t{e{gE5ueh}Lzd6Lum
zgB#8A*@Xn-C>2W7xvgZd_BnL}U9pMnF_CgUUtX>FHlmg8Y3-ONiG&N4UR;$UA>6`{
z6ZYmnazS}Fim^)qeu*8YbPf4qzUSttcClQb)Ed@Ls%V4&@MUy*Yu7jWOtbZyz*!jj
z9$vG_fhXCv5NlffX217bgdB-)5b_*j;BIQye_h0jlk>&E?AdhbqsXH*`HoALw#&`-
zW`Is>8#4)Uoq}iMI<C}kScANN?*^agn=Z9U3~>9QNRZmPGj@^b&VSg`MsAldK=Bqf
zv6uX>f1sLaV&5!ttbkZHk_+LACNjPwwA-MgS*P)pv%Zu|5Iv=%xMtMn^65$*NpVyz
z9J8_7Gd*lZvGFD|8JY8&4+O+<R6!F8a(y<aWy~0Z=o1xROU5zKDz8@=ctk}F5Naqu
zRzqf8a|a1CcUuWw;4tNx?_VgPo8pYj-XP9oU#;wr-w^=kD~2$hvJUl)@MA}uvD!qw
zm#wcw4d-t3XB~3v<uRB$v=kyYZJ1-{O9aAm9RJ$&(K4pQHGs8;5E~Lvw=o(v>^M-M
zVi^<e4H=(3aSsews@&#iN3|z5K=gZv)jS<itfS&)IipJU%ykQ$@<%1V{IDQ*`ZYPv
z_Qh1R9b^&7G+(#jFhTU3m1Ef6W{kF(0MU(SIJZL%q@v|b17itv?+kXtbj^hh;8_lP
zXZPV+t%<DOeb^q=`FPsSTzURAgmxcpDn7p4fY)dcxXOv+YYGw;rc70Jt<%Qrb^Hey
zrV=*GlgoD{Uu1{8=tDuXMY!_$E>riVqhWHYYsgv9<J+@!r&S>IQZLM$LyNKrwI;V?
z)s(ObpI4&L?KMVZo{4HZQw_$tFh}D*&I?-y|Al_0JFxV344eg~ftTmQ#;k8GWVJCL
zYN?FHg1)!5qGg)w=&Ohmw9-LX{;md)TZo|VKrz__BGvjFbgjU;IsRBag+B{0t6tkR
zfAQ=4{~5Xt)MsInP|ve2s$G{m)Z+X)PP(VYv)^b+{W1Csj4iik-f-7lx_ml_#+vyH
z{2#tL!L(~We^%SFfN`8@zXMmWQvc8ca@a$Ynk}iu6MnbppI2YBzPLfKSwl@lb$jP=
zgCh)*D7Tc2I9ou*MFhB2uY8y>k_{(!(TFE-RrgovC!C%(pHmBY&{N8b337XT6L{vO
z4ME2--`PTtAMduD)C~bxzLF5Ht}Jw+_|c%<eLK%}v#_sW8DPBm7X!a&9K|;jB##;6
z(ZtGX_H=dGcogD*s07HVRO>gMguL3LF<+Ev&kXuEA;$ALGjePL_OL}#wItxjQ$3uS
zWQX>gchbaslS$gqe*N4Z24B-8wO)t_a;6HoAb>iQ5UHux6X_Io;%GmKpE5W**_ye;
zQEySUZakPDsMJ773?CL+vXO6vRWz-tL_SxB_x^M&*<L~@{=ll8LExpV&dO>}m@as;
zNeNp%ER<s{0K~DK<K74+3s&%r4S7oqJx#?zU#&>Ztd(DG)I*RSG%lNxBOoVzYP3a~
z(Ae~;8W(wW1ak{&F}E7HuqVR$_~sS|q8c{RIe(FuexGo9S(3MOtSUjt%hR^ufIi`a
z0bV^lWM!g2ij>fncwQHRu+yY`XB9WdM2s+|`WayY&s+@E_p#BV1SB5<DLW)yBz4q0
zK+5`)GD1O}pUCHBmY{`}&ExS7V}h+-4LdH(&J*0Qp%O3Qwp9{jnihEq=vE|*7OH?C
zn-zhB$#-sQ@-WP%GU-#kqfv}Lgcahkj`|^mp7rz|Cp&NX8f1eT{lAAB!>3eY(0;dG
zh|A23VS=+ThHeC}yq<Vr@tDk={^&N}`ox=i6HgeSMA0IYegsv#5s`Z@LVnvz;Ms(?
zSR^AoZE(zArH@EyZ6rJNucB>VS<9qDl(ColyP<@C7pZEREm3y9z&sFVS#(^D>>{_D
zuq(8!506%yF6|?Ek)5Zf_$GoZcuKvvZgLw&YGuC|JWs~|a0EM+wW8Y}Vutt9-#ZG5
z@!0$gVq}@mXiN!M%-2Wl9yJZEaB=@q4dU`A+JLgB2CC84KEIc>PrD*6;g1`U*(sf*
zdbEY<wf1J|41l(O(+^<Cc@^vQgKC)L2oyVYxGqRqe4ob_3+`Ec|Es5DEkc@8DYDkV
zwIOXov%(wVSQIJKys`#3Dw5+Y$jCQBP0?JsD6Gki)u<uoje3pqm~As*9*B&<jF?HL
ziS-_o?8SHl1qMK~6+cU@Bb&U+91F*zFQchiy!TOmcX=K*h#~?+)UM%f_`#pTJ}I?u
zRUI|p4+wlmtl&YAh<FwH?f&b+8rVO_kFnIUhYu8I_4k&Qj0Q-h4mfwGc=RlB_X6Mc
zScNEqf}dUaJ+pdbqEXzqz__+?kFJS!`Ksx<#Wi7=4-EHG=uQpjBQLz_iTyB{fyd||
z<#}VS6dri3-+i?-snf?UMBRthEn_)?y#6XWf#iw{Rq*;*x_FA=KavI|%0u>8c-@*v
zakd_#PFAmFMt#riMLj2={4Ag<jMHBQB^~2uuz4%p5^(D&TyE;R_ywOUQ(tme)RQ^>
zZ8e=73W9jNU^Q-bxLEIS<DDoo$iJM4BgvKz1{e!2*g1H_OR<B7VE)8F!zi=#JL?~t
zNQ#Gc>|C3FCZ2xUndLQY)PW8FORMozu6+mPEFspM^)j;h3xe;FV@RS|6F8HjgZL;R
z1Mc)OXg~jCQ5t>b3R79VrS&M1iFz%pFqb;Y+XZ~)AL~(5afw=e%*_JQ(~kts%0iNC
zu8gV~J%{>!#d9d~J@0tbGqfPTbF=|s5Xf*V)H^xi@)N8(0aRlJK**Alys({%7B#FV
z$nxAr-`-h*j-u`hP(8u+R9zHV{I4(%)CS;Fg<)$s^?S|Y2tJl%9cgoPAjHbt<SDcw
zJjU~nGr4z6zYNem9DRgYP{>w1B#{x(e9J3wcQM(8V-t2gHN7kC=iLamaU2I*Czhh&
z7gnIB_p!EDYz~atG)gRBO%9lv8!deaj#nXz$pdagcHN{%F#d&~jBMCIS3d$Yb{?CL
zpK*z{#R&-ibQ9SXU#q$^t;n>f089~T*c?-rthVj^)qwCLQYyLD>Y63dQB4T!P7E4`
zF%g!kqAG7$k>uE#eK*%a8Fty5v}SAh*x1a#?>fca5X7;rmuzbuDU;2IrXST~@X@4R
zs6U)PlWv;p%V@i))RkSuDNwY7CkBSNnY3DO`J;4$jYHUt#pnl2&&we-88pF#Q}42E
zEA(k8)IYiLrASx8EXhpn2{8Ub?IqnA0JWe~ur_1D4~l38JLD!_1hU84S{!Loz<yRU
zw<g@|;4LA8-xP_DtF!e(YLr-qJz*hpE`i7=&g6CRP?UEbT#q9g(5zv@w`0QD5aTMI
z(=2vD!}x70ckR^T(@1w6h232DW-hYv3??LVMb<@RM(s%E^F*6!X09JevG)GdwU8)S
zVaGM9<Fj{&<KOGGKhJ5Uxcl;Z1j`O0#~_4R3OEWDZRW%6+}90Ui72Wl>}Xw5C%tzE
zIE2oa`9@`cFcbl+R+_d}@A@66&I*HZa`-m$Op!T0VjkUNHikg$)$xD_YlrLBkh)*o
zc?DQG`Y@psR6AR7*v(xj=~@UKzvwiF#V|pLzwZSH_3M8Z@AC>C|K2Nu?mH;bJAF_>
zN%7~7kAo%q6t3_}ZJZO|;$lRZEOxGYqQiv#RedX)Go9+9)CChQ_?707C28rFlMyEQ
zNduVYBx&g-EQbkwO|^riQ2mPB*jcx3u;W6+of^vw1(LWog(0_?)gjTEgO|tk8fr~_
z{RJ}s$AV12=wC4tcXN{}^O?Y~TCTb5Ul1mE_`NoWxWL&9Ut*DX9-V&+4Mm}U+o83A
zjM|7PKp(?18{xDi;~=;^-wy4as*fD5q?cbx-iZD}a8dK9cl=c8*X3d)UyvL>;G3Td
zQF8z@3zTo(G$&0}I^Yj|{qchS5&LB+tD6uvx6^*ypi#vaOE$KllK_U6xjlIRq9-6)
z;?m<VzOG93dyolDf|uX~$>aODx~w!(GY!R$2})$ae?QUk2-wHHdCYuVw1ZsPn%w0d
zy+S45Zt0Z4C(O_h(LWP8weUgd?TIM#h%%Oel-ufJV>@lN;&u0O?rw@O+!*yD0~~ni
zlC@p6%BpcU?lyk#$#MT_iX-hL0?d{+Qld(F;$9^HMgRgSG#)A?q~@5(_$v}Jo-YpZ
zJe?K?@cJWwq|rUOF!CUMUlmD$q!ND)=*^!^ATb_X+YwOsIw9P*o`P_?yCof({FX?S
z17L3E(Asqbyo}`<pkTXk#spTrwp?ftq}8FaR`;;L!lBI~e#7;~vj<3e4F}2x#Os7h
zm#Lg}N-2p}2RHbh;`EQGV>Xs?{u}*4M8|)D=LRw<^xOdYbV1^ggFmg?fG@}S)Z#lC
zFqq?=gX$Q-!v>Fj39Pj*_jNrXZHFlf%104tw<|0rQ^OYOjfZ-{yiM=k&zZgpKc;FN
zG1i*<MO0&2F<9t5g*yEM?!CZC0@YR5!jFtV=MoHWO!^a5B5`kD(wtYwk#UC%z5%(6
zq%KBn!#As&FCV@g^eh4PPK1?`8;mX}rY9I41@pc_=ndgt2{2;9qffWwVt5v96d$S@
zlJ&f&XF8Rsq=ge=s=KX}Fr^*tD#Ip|k?W4V(lOYLCDQ}%UxUxh?0T*6O;Z1E1;AD(
zcIHyA#i02IAxZo-qV9x@^Stj{SOs`-t^!~6Dx-%Oke;ttXDtS_o`BM>STb|{6PvJC
zwr+QSw!QX%DO5nQo2qjKu~K{Y4zpN~iL5qIllmfaMsH1VDuykQDmOd=SJqC3I<#Ef
zh+1aSTfb--8vZ_IMli$>|G83+8i<VllMW`dV(9FOb!scw^7e_$fAKYqR~fhSbn9Om
zy9*JxZns5O130)qFhH(Dx1Q73z|3#H#wPE|cX8qy--51zl^*9EAyypbhD-W2<Ut9C
z($YedU}9yvD20f>6gwm3G8n6!O0bE?Xs+;dZQdVJr@43dX1L290R0lD=NLO<>9B0(
z_}^&!KZu&O4CBVX!Flxh>SxkB*!-fS4){j+k|#Q*W8rG+mk{1!hen`V&oeYlR72S+
z@t0v6#&&V_(*&&o@j<oF+ccUuYW@>U)hUZpJOOLr?DbRcK@FjbG`BWWd5(%PHgxuY
z1lfpMa1QCy=RN{z$8|D>!0?e2-A0c1g@pb%IpTcvuxjhmX%A~;75e2Q!+#?yg6lIc
zQ_Kk~y0eMwIu4iDY7;}`_q!Gvsh3I;z`gXB2J;tTpg5B!HhCk2Ofte6c=Q`#kPvkx
z5f4F;;H{$A{aq=<W{g8(pFj4%XSR*l%5n}$dY4Z+s?0m3?=-+VX~SY~p3+T%U4#!`
zHO`~2$^ryZOa>Ev4RM7zsBi^yQ^Huv3%O)8_*MtyP5k_(lYq|_j+hZxWGPE72Sg3|
zP8`8j{%^~Fb>Ag<$&CVK6~_>~p8W`+0$|q9zy~PKLWFvb__{!$VNK|`gdKt6&F`O4
zu<z35CWg4#{HE71w=j?*WPIaK7&lQa;-C=L^3gCdoCi=v-krp+&Ri)Tla~-DK$Uu2
zh*nhX?cwNmg!?PO;T*l;?7#bT`0CkEEUgpHZg#BoDCg1Pd6Pij%n9e+-scE$v9RP%
zL`f0)_lz#8%+>d-+SFJ|oq2;mXALbVO-Jw)HF&mz_c7(s_2Yy}+E#%&tU5Bn25mkE
z9t5gk)E2Tm<E+Y$<#m}VH-Z-YA`tR8La&!GqzJ#8`hG7mMy+4YgD-KEn#AfDe<~VF
z$`U<wUN*I>zety={jUiNePyD)(}bD&V;tNWx8r-j2cc31slJyfkZK}Li6r=@&6_*<
z!yj-5L8H|BhT}_I+x1^eL)S$L9QO$kkLA9wYgk3r!S|4whf95J!Pj6O{nV)hEl-1A
z<i$Ny{Ujiqb@%_NWP<l6`QNLX>9374IC{Zlqg0pyQJsogsuYIomc1V3NA{IP6;<FX
zyDKQY5~wqBb3dPKNbV-G_PD-Qt=vdA0xn%ua2JX_&0u_=JxM|$UAw`jIXGJwH73oG
zVA=|srrKc99{+)iP$GJ#p~La(gJh-jT8fVzPjjm7I#Tl32Z>GWmtj+j_On_6Gvw1Z
zI3?&saxUlHGu-qnq^F~#hHp4U!*dN-nbpIJ>j=?$8T7enn#HE(rzQf7iN!<zTH@#E
z`;3c<y2Tl^o1oB<s8^7|9Al-idMK1NcHj!e%X|yqNx_F>vATWnRKVAWiHCmGa^Zif
zfaQiL9Rx?xF?e`9T~YrPe&o!-Tg^{41T4bx%-%9U<sO7i{03O&#A@9om=n=~zn=s8
zq@+(X<Gt7AEHKxT82r<`_FKM{)u3aZ`951ROLrw@_cm%zz~~Z>w$|hH)s>CIZzS8Z
zw@nhPp;nb&HA#HUpvly?)?>33Rgz?Ma`f9Zl16yR%dn<ODqTZ780AXw8jp~m%PKb0
znOCT>n_`%q5`Ue`7=b>7h<kBo*{{>Sp0?9S0mem{Ow~toHI`0h0Mq#pk=;Yz;R;Ow
z9Q8RFUo;h3S!5&VS%bR0-~h|idVVtM76WiQjT7>(W*0RHsDfl?Q(vMVHlcZDdl=Cd
z$#bWPcaJKWxa>gk<3Xsxec<E}6Ey^7k4HvY>Q~So=u-tPAr3lsPw3UsI!5M3QYQQa
zWz9z|uBNuNmK4|u{#YftWo6<aNf;fBp5iHV*-Ne$ng4f<RPUHN=ZNvr9sk{q5gc8_
zPvBa)q8(srENHRjV;XayB^D~O+y&_~4qOPJ?GX^Thq+(?lwLtb<D1OZ;vXpnf)ye!
z6a0?OM@3pgK*K?*_-3jO+N+-RiyO`nJI<&F&G@2<rdQw%V@C%^J1+&rM~<&)xw#E}
zIATyBJXi`iZlf*G*OP~`!af`jfNpnmm~|xj6>Oh%!Lb~1b4rf(JKJc(uJE7-nmMQ`
zDXr;Qo_cdV!!LM<Ac|?z-m{+@w-(gS+QWGP+k3BqxNBL~%FROH((cZqvc)#X`#Tt?
zZX8PXF1CyRsDYEDCU7c<lc85aOPxz679SJTAWbB2{xSo&$YJQ53$rTWsI=<)PPL#9
z)vk9X)_{l@4RZbkj#>o75@f+QZ4hqJcQo80t-pVIoP61ljL_%;W=jg(sIUNU_Fh(n
z??<23zj8NPnE_FR2WlTXdqlaqNv5S@KVsjQB!#2A2ow!mq><b85&T@m^JdZ2P)z`s
zo>Z;CMH_p&2S<ti+#>AnF=b2^$yP;u0)soSqE_dT2Wu@Rk1CDiPPCK@2wV->fvck2
zAD8OB@HbMzaB8lP)PE2|!YstbtiI8ZoK}xQ3{!%S&kj29iT?@A&RNEar4)M3K&Ig~
z0tQzh6LG@j$Y-<#DbhP}%XFt?w2kr*-Yk2j>!uBVO5k{fML<V1+XA?J*^Y%YK;zHG
zBq}ur1H;{Xr5$q|rq=sk^h@kwznwNfgic}@9Sw1(Nqn^zhwn6x(Ox5GTZA=8$~lSx
zkT76{Lj>Q45Zz&fULlNu=_E9(!6{`_TxUU`X$X5ky*$z|0jt#~z@ETXD0T{cCgp#&
zC2Eu=?E57Mwzd*PVN>5&`$InU1y6CgnTYv%)TS@(koZWQhS{eEG0r=KINvM=-T-Zu
zYm|Kt4x=T0GwOyNnBAA;g<$vvR2WOd_2Qeq89(&_er|{B97a6`#Vb<6Vsm;tO&C^E
z67*_HQP=zWeB>PBAjrd(p$eOR94tVE&jW;2#7_isc}VUkDoqg)<naI56BtA1eFk`M
z+}HCmP?iwX2@GIWpIW81+=RcS-g!R6LMczw=0w`8a=!)mF;cQ4+H*={pJ|fmqM(4~
z`+>&<`Zd=-{<q62@#?%VbD_2znN=Q#G+rHV7g@N5Cz_~3HDZ2CI3nTp;VZQR=YN@v
zb(Lx&ihyRNtnj(Xj3-TY9=|Xde}&LhcCY@+0X8&(%f8ZrCwVkU`^JR`dk|UEYYd1s
zMhYw&&kqoRsul&4bXgu6HnvY#7%SFN<njwQtp{OFSHNKzzlo$GW>HuX1}JCSTdqLm
zHQx$$jIzF0nUjS;D8)4eLV+D;3!mAacdvaioR8}fygw`xGomMRPI!tVD(#)L>crQm
z8vc_lb&8g|R<BQpTe9dQP{gE!a)ryz6mkfQAFSMoT4OB0{Y?2^#ggi-jUuDu1?qid
zco|ZS`=}W|zZ#xq-zPU1%*2At7OAA=lJz<PrKNuaz!4P%s#Ozwf1_orOIm775SO5i
zKJBaBZ=?0&{0wYfM^F(^0?O3XA^lROq-FpK=DY2cpYK2Nra2tv<@linHEZ<=>-5@y
zLa8BqNTY=^H^IUPrLOQ-yzm<%uN}`G+1pLBQNS&<jt^3ZRr~-2MOc0AjE>%QQotL=
zE&g?HaYiw(qb74`M#wjef|V|m#BKx-2qA49S@W8Lb<A5=$BPuc(hv*_{V|5WF<Lo#
zWM56hBHm_4q@^Qa7jfosS4*_nbh$#3R@nBk!68H^3l0YwNAL`QJg50eKk#47a|I(~
zxLG=eE%#|eZSnow?d@$$r^0b4e0q32qGl*xwQ}SpJ1I!qYUTv{2Rvo~R16=G)rFC%
z%zfGYsz|s8p!7erDV=Rb)SJeDUgE2PNB?`=5OWh<Y>mVPsNpaGw$WZxF{A3@OFaWe
zc&F=+#sC$yGu9N?_7Ob0h`Xu*__t`)wJe1gaLdhNYP+dJbhkF1u>dBYtag%UEMC&K
zWK!{fBJ{95{}_mMQM}>~0}M)65sOSA)E;Wqnx{gL6h37?=u&^?iAnKDRlQ&2C}v_3
zjC52Pe}IzAH1X_)C0SJZUdI?&g$N&pIONI=ejF0+Bj?hwLb?K49{bU{M&u2Bxn0K2
zN0$^&ZB$r~|B_KDJnMctX{<B^Jsv1e@j~0E<6$`iOj3^W@_n4@+2KR>7^IMV3Fl~a
zAa@NXGdqV!XAJ#oC=zud6Ca&x^&;rjrIx##uay12va2YM(duRj=Rj}(jGR3vFmmCY
z7qXDdACCkA_w(7sqcs?RMZoqw$I{*9V}LY1xRbLPsl_qcGT)!GZ67z@07N<L#AKIl
z!Occ)K|C+(roP_WiKQ67`ENGdIA$$&TVe)Qyz8N6RBjD2s*ZUn8+cek9Y!2jd$5TS
z)97<Z<OA_oC5BZgI~7^$_Bef6zEMxmvx(O9MEF<afzakHXN+qDcPnhkuTN80gq{U!
zde}fV$)v{OoPHHc^i`ecf*y5{;863e5qnKUc6-2kDr0k(Ymrv7B@q=A>Xv#+s>}cX
zWmlCZBy(U&n+VG^sn;FUdj>~&t3i>PTNVu=#%1A=W)>wEeIhl?RYt$`mRC6}EeAWL
zrWv;{?rVFxIG>DLy7deh?j`1O_F>l|Q8Aayx@Lh|I}+=R`IV+?FYC2ph51v5ahF-S
z0+V=uHR3h%p!CPuC}st;I4|a5CZY6w0lxNkFCh_QwE_UZbJB5u)k{y7s22_WIyXdE
zpfCKGSWzUw-Iv~1sieZ|%;Ft&Pd16mq{-+~xg_jEJN`<-0G%{JHVM)pjp$x%w^^41
zZH{$*z&sgxbu1FY8k>gY^Cum_uRNdmSYU|-7fWJSn++tX(G<>4NW!VdMQDb0cRa2=
z%x%}^(ZR^BQzW*`sE*Mbl7-hB0NoUWd(O-nlZkYX{a0?d7Wid8FG#YzD!LSA5li#4
zRib3LJp<P}%3s9rKf0pX^gK;;Hj^hwxrf{1Rn2DTV^xlSD=6)LY->4bj}kU0zkTxo
zYZNtN(177XNGDgEpjyNHl!hpx1(d(B(0NfaZcBZbh-SJ>N*#yDlz{nibtYrxi(Db6
zvzbY$w+C8B+k0aSm}w-tNqK}k));1Uc~)b;7gbB`*61*gIe6Y<TDMgM=8eT2XM47O
zY^c%_Zsk>a&$gV&Qi~%$cBO4CXB-za)SRf+k5!)EZY~OHNQf%!fF*|h^gi$Qo1djc
zvFRsRSi%~AF<|zVCqb4PQ5=T$1mLXnP`R%J-PtLiYh$NfQCF8?5Tm7(aivZPojoP4
zE1|xBJX6*b<SW9t_#JSHXvX9>;b#12*Q{HD+RpE&!kIs|jvNEPs{TV3%`nAy{7)}S
z$6Z$*LJFmFvNY1ao2@0%^*+icbw6tu{6JA~O&5N%4dsPUyQv(!>DW=ly}3Wmh2ic2
zcm1dVFT*<6B8{aA1&wb%zxD<p=ES7hX@f9_nRN%YI4tD<bkJFpa4dkxg;N*HLL)1H
zB?!FYx*7ZWOA+sxkIwu^P%4a!1T_F*!6z<xq~Cns-tE$Z_)Arhci$-C$=cUAHDO-V
zQ2b|>4QPuJs`+zvQv+=#kN4+^#SfsZVx{Iw@k2x3N*rTm;&34<-0+lTIvP^Pggvqj
zB(vF!t_34L#iVE~@O{n8V;yu^zzv-yVro}{v;vC%%NSP;DjzmMbS`7qX$V|Ok1l^G
zNojH8Zpr??1L=U>m3%Fwcj6G)ZOKvQy6fXOmQ6H4&3WF5X-)NTc-DEAakPbzPyB-p
zw+>n{EZGaV&h7b1mwggj+Fa<}_UqUgitAL*l;Vx?9MpA(rm#O>M9=BNx+!C6gKDn(
zU3b5mBtNA}4Lg&Fq@0Z_g&cl6P4;@(bGjp&H*f%RRXR0MUqI91f`Le6OS#ZSaSe+>
z*JM9{+?YVVy_Hiwvx8j>!9zk52Qhwd8jSiB8VF#23*_t}9S^{X_}N0Lv6SnCbrQEg
zz`M%<&A_l-=QoCRz<yiKJRCAx*!p+NlZ6^ru?^<NOc}265OE9aVz2^icP`jcU`*+L
z0%LtB3Epm9M?ac;szSHDU%~}*JItolwj|50OgO#|F_?^`m<(-Huz45Y^s+$v<9PJd
zl^!%wN3;zF9Er255iIL0k|-Bg3j(xm*8N+Z3U5&?fRqj^33%KDC?_Ahx$~3$$<ao?
zjv*zGvLbG-4piGI@ySNiaK9M1+Bl*dla(}U)tG{LC-aoHaSB1{_Fzu*u@2fCIn5L$
zYTdcJ&}Ep={*Til!Iq(bVv%|L5)Oq4+6Y%*G}?z~QFC^z$+Rj9=Q|#K3k#aTiXCHe
z8Q*L3Nj?K$(JyP@q+^3*Oz2bK7y*NZRxcH750~a1^CNWro|&&v?;TeltW(`KxIQ#y
zI`o5Akp4pD>Ef$i<<_#__wvQG5<xJUT1_P}6vT#f7Ur;@5C$;gTM)zUDez%1xBCmK
z9R6IGVwWEUMuWSgF6QAAQ90XhZCwVSw#%i?IaZ`v&=WlCB9hpsZ+a5D8Go4_M3WGr
zuPV#|Ks}<>OA<lCq&7f>?6I9*VN5a2tc9qzCo=65$zf?Mfg#L}rfn~)9q<JS=4J3Y
z8i>-hJ5MgQ6_ParIkGnIrXStf(y>Kw0o9nN1T9jnDNRCIT8$hQx4v*AcPvWH2n$A8
zz|D@2cONPuGKsjdp}pubB;6|96i&Ruh|TaxeN~96*#F%>%8_A`{^+mW2$iHX{)RD8
zUZGIAizH4c7V{u*U7uYya1b6iP+z*Qo~|!AC?ro+?M=<T!gp)5!=q5WwdPKa6zf4^
z@(f_B7S0O}WLHCl*iJ~zgpLJZlWxmXg}C_YsQ1^N#V?$t*5;vaD&MeF_EP~|P|+jM
zp;SdlY`kc1l|v!Zwuv-*i+Si*GDz&V0U4m&EgwrW>~7Nl1f`<{;LI?VG7Ui@?N3kI
z(Y1(Wq02|^(3W-|zr8<$Hr-Kn?_-h&<e-a<<hsIRiRSP`c6iwzOH1<)$j_5VjQERA
z9tmyY$fg1#Gh=;8RMJ4W=>aX`XMNhI8B@kLp!WGtf?+H$ig=J9C7OI!YS;BOG@MPy
zrYab)^@~jtUntuGxuBFo^Eb46T~W_)<tFz2ym<GrB}`crK>1X`+XK6|H1u+}8%NLe
z^Kn^A<(PdV<bbB$IdLd!qLSHrl1tJ;<Filk#Pf%RVq7<(dz)$5TQ5lz?5hRl85(@J
zb4baDvr1ha*TRGwl*%>1<(M^n)JhUAY<sB%Kbq$uapjyJZ;eGmB$p>P?T5@g-|Jz=
zZ4Q}1rXeQ5=eV*XVMB6U+2X}_TqC8oA9wU0@@J*edl7-himGPAx&K&g$Qumyq8^W%
z$05q|Yl@cZGlLEUF)^Ss$J@>Z|FL&qaI-i`UiWe>AyRvpZq-`3BxL31RQ+UcHOQ+j
zb?rn_8xs|vh3a!HJTylCkchGrwD(VOgYuIq6#NS}`3zbq<|^;e?{!&ioPQ?^H8H-b
zk>2Gp8iS;!N7=w`@-2HE3>qIXos`w0v+)30In{&NtG3YfQ*4i&kzo|a(n8U3e@jaP
z%-i2ms|K+lPQ<+vK7F5Ar=ZrE&#5k<W`;Jdv)t?#wga+^XP?7F%DyS85_L;H&aKb-
zM+Q_q`A_)Jm&q3F$63SX&EZlr)p<56FgOJ*vq+W`tgRLa;uW(s_Y)?h<?j+3GK-O^
zWiyH<yQRXp*DynL*U)iI#KUPHHiWb!XGq^aRRUI-dn7jZO5;NRFstb$nClt(e9qLq
ztXW41G^g!gwj5=FFl8bgR?hL$O{1vkNVSc0rSieLqpP`^88NcRzrCJs0G#?}g;uYl
z04hn+<oC3G(q{^fOEAR}y$MTuPP2wQ390z78hw(}$KH(+`JJK}T{UW7a!)IOl6HSV
z)Xf#26wgXVt{>W)vUE$(FRAYoxT8OPyKYo8?Ecmdt-b&<OI`yQnQu_&N9fGcN#0pA
z&dh|g{kKQq|J#CEEm@!a$9pR=BpR_K0iJ)dEN*)#5gUcJ+B}mpdej=QMK&1WyxBCX
zO}uWmiAbu%*uSsYHT1E>t=Af#T(JFyZz(aHmHQQ=zLHT<cEiDz>V5~)scE`kKkjn#
zWlPsP3*+_!IQRe82`usTYE!|u`H9Sb>>bbGSX@Mg7C5uvKR9%pqlZz8aXM|UYS^DB
z`x%TJ8>2{f{F#0wh7SmKxB+0_7$8YK%U0-6mo*n75+q#};Sq}&z+XI=r$uqPyya?5
zh00*NStWK(<2%$@b%t5PLmSQ&ftj($O1Lmx9j_3SQS4mVvs!te8l?0x!wIEM|7gW`
zM-9@Qq?ne3ES~ugNy?zl>qc1#n{<(pcl3^uf<xH1^f%N|K!!zH8BX5Hyc>Y6dX%HZ
z)(rA2Rm51hg2g10Y5<Hk-@r`98H`6y@7X|+dzRO4NA0j&z)whf3v>riz?lG#J;_Y{
z7mtd}pdQV05qH<)NSf?<!&_uOE^e?ab6hMWiU!~e`xo%NdAT9$00z39m~EWWGA<p&
z+a0se*SX%UV^}!YrMZ;eOzzI&TM$u}PR<nCvWe<}0r1a!N3*1RuX2u<p9@KCe?{jh
zg}N2}$c0(dmX4V>hey%<M=1n8H$lK#Vk6t)#b|iPN;?gLtfTA>Fd*&^MqI6d&DaX@
z|3$m=Kile&s3OCnPleLIrZHSvxv9%Hs~F}QBJp^k!lE+o9qL6`?1lmDM#e9iQE?vV
zpUhohcN6`UV<fN_(dhG-EcqXT{<YIFv0zN|3KRORi6~!(xvU@q`0{&#sC-HWm#zxS
zFL$*jaBOCxKfh(5%5OyuYH;ZCn7`PijASyGz3{voiU6r#Qif=J8TazKnWwvufLE}C
zQUXj4Y~Am-DK|VIg*ZLv4vc9}IXmRh_@E42TR41A-OmDBw-r;dw(c|0bQ3&6QAHjV
z)o{k8-HtKYtt4d8B<&ns{f8ZxPeF!pf&-KYSZ<@a@#>{Mo3^LfwsHuz5Nw`)`=(d`
zcy*5<x%CVYTq$XWb8uDPt@3o*Q`hN1J!3;KHk6R$&~1XyR(eZxOrJk(ukEDi6^y;3
zNRqa2z2cD4?^5esNftE6qqV$EbHBO<if4G0ZfyUa&~SrBS-iDWy=O@z9NvArM5Nhi
zS+^5SGj(%URS`LnzFR@E&7>b<+to_Wflk?+hDvzAn0$X>$zyMUB1kH0ObF;$eYjBj
z8yv%si%V3@(SQIDBUZ7N_{#M0^AnDUUrt}lt2t-X4q;s_+4G~2i&#6E^9fzm+*tbp
zfK^dWWt=)5u^tQ@8qH^)@7=8T#fg1YLdS~vVsbBfxWZ2I$2S}OZ5VCGAF~@gJ~KV7
zk&c<ZpvhBV(b!!1n8$`#?1wAd7)d82EigU&3w|~SV#elGGRoE6{q?%tVM(2HZ6FvK
z4_(>`B{n{c4p}UxW=tYD=d)AFqeYsoZ~#n*1-+D0t3aZ7o9G+j+G2WZ9=BjFDjP1v
zt}5}dZ$xpGKx8eI#u}`vEBN?yehcd{#L5@F-y&+%*W;lQ5W<9MS~%rk{LDs;N9DK=
z_P+ygH22&gy#i^!f!mZ8POFkq9?u-RKVfhQ3-6$O7&|4oiYN0^ZC-k2^ERtX@ETmb
z2vi~`tKusD`hw+Y_7B;sl7j$5s7RI+lHSPe9GoX}Euzk2K1i6fSIBHRup#+mbxbiW
zxVUxm^QCR{XyEa8Q1kVexRR5Bwp0paV!+1o>7Z*}bZ_cI=*AbZ<S7J6dvMbMM)#`h
zt6=7#=>V&+3flX<OiX6gKG?jVWdL<iD`7{1Z)$c8tUVPeI!X_7OvaIt!gzM8>Zp|s
z`c91Aie#|fj|f}NlY~lFHS!vJP9myBaiw@uBk>KCMv}7$SrXUa21_%Y_n|cn8ysEi
z+N5>BJl8V|6Umqw_oNt`AAE_Md1>4d1N`a-o|bbjyE5k&6VX#AfDCJ*LF7d20maJx
zpFSmQ7MB6XLqwQybL3R#+M(@)nOv2MQ#g_p5BSVkoiCH#{f;4Qbma=aP>=+)a9dxb
zz-D00M$=tpnj&5zYG`RL<_eXL1fX8(vC6%ev6%$5g7M6t&8d<(Z{*y4mTAq0y7Qom
z($;Tzp%Xf)I06M^JF`e-*966Rp8W+jzgxOPWNsyN8zKCqZ_=p9Zv`<k=-!C5Ash}6
z?4TiFcqg<9xpjBNJq{&`m6Z}PP{#>udu7LR;q74Uj3>*Rt3LZqwtK*gN@qs!h}D|A
z^D$+_(N*aF6|Gp4iHC1X41`6OLN2gPew+Irj2C}C|Hq(X#m7qIaJ*L|2-`QL-*JI<
z%2i6A)3P`P6yeEh3^tnBMRpqHJ*DU<y%b7-?JJ=*ovNA2@Q5N+Uf@gT20-PmGDaZA
zJ#7*prywZlokyb;55bW&4)??`1JmslVpKLu7)H60PK4P7Qcp)$Iis!h$_}~u;HWFx
z{A#nP<-df+vWNz{xgb>fk-siMgDEa~v;)FYGsdf@<EGtL*e9}|$v_Qb-zAd|%Z|y{
z5)#PO3>5uERp{qWnxNN%D6!?`=AI8}{WL+O$7vR0^FYg66l@5!1iJ~iHuZfdA#>%|
z@Uvqy5r;{WmTt96J}r6JTF?G3Nt{svexIrOlv?vT;h36}CJlIBN7!a}a7jgh1kv-q
z)1JXmHO0a(!+n~(w<ihd9mu%dS0xs3dez?bWXl*j+d^$-#GpvixPOS?wO$=~pD_jk
zCV2p5qZ~*aUmvc@lG$c(k`OH7o+Wyzvh=!CC7}WQA@;(QK*7IGV5!Zq?LHwP!46r?
zMV~`gN;M9qjG_k!Tdl8H6L_}1Rgp)u!CkN@NkcYP20)Cm1GTy=&$%Kqyb2Q%@(*-Y
z-NfsbLg=o=7);s4JmsjKIjfgBSgiX(J{}k(b^FL%P=R4fkS)Su4OR=UhlAOWRTJhl
znte@`pXwpO1}k>dl;G7Xj^Wtsgmx1UrkJ;SVb#D1<`W1C)U^DEWYA7$=ChF}{@vXB
zTq`y<8K=PsCfCqA>0jQQ#XI2NhQq2Rd;dVAtXoTbeM5%JpD%>2s%tMYOQ=|`Lh8!X
z3gD*MJ;b#Y$*s7S?tMX_Hla~T=!iGw4VI&=IK?-}k7+C^jHxVq+;@=4oeRWKA0SP2
z-M$7})fLg50{0282XF;nOvxo??8p7eCEQFC?-rX?3lk>%4<KyCwzG|r|2wDy*Pa1U
z9b^>^y%o5j5lTYU3)8$T{Bd|NJkS$z?(y&uwNWAJi5FD@ue)!I?kKT>#hN#N=DD3p
zx%z%){XaS<TypYZ;K)aCYRYwLJvaRsCpOK8tHH_{yA$cdC97_j8SF|M73TbMDz=Hn
zQZTBbJ9=>zRd%h1^1Ykh<p}v&ley*KKk=(ekx)qwCMcO5j$W-+xM%UbaBZkfa}X0Z
z_5bwrAQYa_<|c|aN^cX=OvIEKLaZWP<NvPC_#x^efQL!GHMcJcCqZ)d6?PmcYG?H?
zf!om`6|4#v!Gc1y&qx^oW<d^zJ=fjYpg1^gLSpPeb#jz_2G8IaqN?==q|m31i3Od>
zb<<8MBW#uD)-xu=ZwRWmw0H`*2A!Wa9c;a}B8>q)o6AXT<J$=d`7842Z7~-Y@?hE6
zw8;M&MLRpKQu~erICTHm4!N(TCY4xabLPr79n1Cr)BniVK=&Q5U!XVG<i<H&8zDR%
zIYVk848j>;Z+UlG$M<ji%Q>Con8@LZwTT=QYPHU=<p~Izl?h&weMk-6_~8=&&y6#H
z2|F`WaFv9GVS|4+3yH6(?DXcN|8XlTE^FIVZBSs+1fGyPVJw|Rsrfrlxr<uLk~g=C
zX8Mt>2*IZ<3$wtr-Z}FonbshF>+g%+)}rQqtX`YuYugkaX%yIhl(2(4&$pLwtU&Fa
zT{?M*tXN)8U}YJIcb`dsWi#fG*(Q;HTxcy0D4F%yEd-|~lpPKV<iP~!gBPN>8OFTB
zb~Y8M%xa>kda!vU*+O~=IZq_y`#7flLCml<BiW{w0(@<_@N2U5Zf9yMg0zPHy`#Ek
zG)cPSZi==04S;GwbU0@QF0Nq~Vch@&!`S9(3bBcJy94)uReAxK3RKf|sksDzJ!Wab
z-|#x8iR#y>ELJ{vL_#aM-vi)^TLR3-1ZsP4@rG=4Lz=qc0VUs~c2yK#50-&(9fj8>
zpjspWx5DLTmfG=dI&ttd)0b<E!I7X)(jQ>p2{^?l_&zFX4D~Z&-i83ymg$*c?_d|?
zJw2!AX3szm0HjT&1ksMrHULC=Dq<UN*(cioL_oX0<@|AKSkJf(MgC1%uX?oY#i%KM
zwmE?=dIwCGsP!#0<e#pAxj?hRr$rn6h+jw+Yn@&1(YaQ10JN%&{j>!#uNdX`a#r&^
zNT|S8aZ07QrH{=wW`7HEQz(xunRuTs8s2-I<&|0N8v5qTdM8`AD$9D-B94uHO=5lL
zOS5eX=G46>d&w{FVMt_G+xJx;LjP3KG|9(ZJXn|m-+I2(9Xt~BG^u3@78|v_G?Qg9
z1mT!<K5<oON1EEF0*N-c=@fz&J=>c7#A%G6kbHNFd(5HEG{AFZq_8McAP#Xs+*T6(
zC9tzB(2-+D0?WY6M{JQoBl+iuu;Z=1?{#IWe+>S^Ga0q6fL8I!N>Y4y>7)ZLW{j#W
zrnle-9&ND%;<McMVs2s;9~BXIc*}{7f=C#|GvV&Ryd?^Qt>c{xrZtI8Aim0~Y8YME
zkxcU6`N~?o?sa{_Gz~Wj^?;>@X-xd{!~y;E!vv{!(G})cMo<n2xnpie^e;YQrOeJm
zTg)TU^2m`bgey4GZ5h7hMP41tZT5#)u4iAS)H*yFhuDW5r@fS0vNqXCD2111>$@GX
z-hONlJ9!5xySHwqEJjUCw(^#~#xCRU)4N%t1A!maf>%vvm2r2ZPv1~tp>nv6!H<_y
z4-V7Ha7dd3ELXD6^1mF4KTP3qcXFBqxj~asISqB=6LjC@he1M!cp^eO-<;er4=!Sk
z%rBxL5i*Kc_lm2+AD5EDiR+jR!nF0T177<fRl<ga_1G*4v)2hki#!)mL1CRSeO!lp
zB2$^PK5oA>p~7WQFn;u5^tk3s7I)xrnI5YO-iBE8?dKcB`Fyfy5{<Xe@rQXEJuJAy
z8~{=&E6Ev_z?qujWU^U@-C7Xis%xDQ>(L<ol)2rjpC*RuJh8$Ov;Yd{H@uMRL29v0
zOEv12Gy&JU?coDW9;dkmG53sWuQ!ewN*|Nswyq+kpOCR3+SWu09K0I8C3*sB`2Q#<
zB}o6CZ^>K`?Z)zoU;{<+a;w~OT>m{A$Wybc-W>7$!1Nh)lUDg;B<*>cD>isdNT{0y
zsLrY^LQJp)t+Alvpt&XSTlK(~!UdcYuE|n4n~UItPH@3=tWr~6@wqe-OU?Cdr^>Ax
z12j)=MDP4YnCcjCDB23mLbKcWhMHu7eY{6-^$=dp5_-e8gl^_u(3Y@pGurE7Npw8F
zG_Ye|HZu95vuo66PxSoPe*O<c=8+lxEb@om1S{0FQCY*EA6!UpF+Wq_Q90KsV(CCY
zSeg{GbaYlYE36s)c@JUTqgJ^aZ)*eDj;Kk~h7#wfI}dC#BK9i<8&_)g5R-TObHX(#
zFk_%{9r==T$9e4?5(VPu9^>-i>hQTFH1*Nb`mVnYyjTFqvmjig7j#zB8j6q&X2J>=
zs@bjR(sKSHg8o3)V}udF+pzN4I8PF!NMAPb&G{^;lUNL*mJoi%P*`E4e4*U}#;)^g
z`xJkqc;?wae3!D-7vyn(V-y~yzH7#iRXUk}8J@jp{KP`M$&zSAxOZ>Q#>YVUO|QM_
zZYud|k}>D=i~-vLW;@-7_KOp3iKu=~QkI#<|Lqw@^nG45)>fp)rb~2axV<JJl&!(3
zR~Hd$l1V4zES74Q%I9`=W>)vmdVKb(MnOIufNGNY*NwUtwCr+`_=wt)JN$A-5!4cz
zuiC2vcLhRcgR%#AUG43Z`4YChDI`QS$xH(dYX&q)5{Nol_z<)N)><}C`K;TCZd49A
z4!JiUHbOEEY5-}J8jFhau2mOiTPz!;ITSGjV(O_%$d#wMV*3M0EmGWXx(FALN?;j1
zFTrz6<ZCya&v%82hLN1K+LbGoyuUS5!W$~Omx8>Rpx4XR69bC+yFwTn<E&9B`p=Q(
zn<mi3`6Wfh1;|=jhWHPZoQU(jhgk6ky!1HhHClI#)DiJ9)qTunsV__wJ4nL*GhTUO
zjw@6L8S_twVncRuk0K<<33VPP%QwO1ak?3yva8!oDN?c8mbkxouLE@2P~6j1wxQTB
z0=@S#HUu{NJ!iOI-t4NGaeMi{$EI>=$uyqp+BArVGQAsRcvTmo&Ya><sGMyAFnG*5
z`O&cnbu|~0Z?dmem{3>WU`_h2zIo2aMFle0d9bP4EmP1_qzcpEL0&m4K^5Z`XEdP3
zH56FOsM)oKyEi5NVxD^|2qaZ8%0L}0zU5qv`eH|FTyQ8OnT8wk>;G!CbFr^i$Sr$r
zv~$I)%I+S-3V`vA?}aYzK)m4%@HW*`(uQP3`RimYDHuMNZ1r2ed2^S#_3^&EF~xtx
z%q`>Zy6<2_RSyqWN)cQ9BqCQ1O@`WdAA(Tlp)p^$2>sI3%=;Ehp{XY;R8HLO-w(QE
z=s)ilbhuQRpet`#>!DZe;WfA0;w3<T4nHLtI5NS(E<41)OjA>u@-x^A%a`2$i?sTJ
zP$H8dM%cu+Ap(Ios=x@MP~@J4HZlJg&~Ap)$L}2vn|mjHbk2?9d{-x{;gX866!p;&
zL{g!Q!;(h)sXMDj^_r_ZTJ*+&Sw}ODTB@M47l?))q64X8@_b%!MDrfKQP7GKwV(!Q
zfgABGeViJm<1w%=@l~ppISm9O;mX%?v&(4IPur0pTH<yVevTY3*FI(Jq%bFvisQR7
ztCDwy0ek`i!BCM*_C9eEQsz8AX>nroKcwkB8I**1N4I?oPY<p8IapkVr&BSIzqxT_
z^kT-Fv}nYR6|^=_8e*y;=7(i<48*iod_g?-7zG|#fh$*ZDfiyDmE-V6M{*S!=03rP
zo~o*x#2+N9O31WvTGCK>2TVak72a3cUc&OhdlfGLI5#aU8mWbrUTyr8w>Qk`IQ1x4
zDb{!*_38BLCn(;|6*->N1wgleR49TUGAX)vjqezlXJV4@Ux+6qFPXs+7s`;TUiWlU
zJ+w$SuukZ3d(yAvbPnv_?!4RMPfl>D!YGW)*w~;Y|C*)TZHoS`qJ5_8H97B?<i^}8
z**(!}auU2xi2tX{hZw!-7=k^GW_J_gV@0k*BPNZZUDNk7mdfw91PLFJo*c`oyUJj_
zX=k+XfAO-L1K}sQ{-f-Eb|n9f=Wby!Du#kl{WrjzClg>DwJNP!&ZOOdT8bYN=9G+`
zDtK~m@%jo6zzUy&(Fr>+!5G16j(x|VvZ9jGSj4}J9I~KlSkz)LlM~^8?61gPhWrZS
z*4;&t)<`Jp*Qxrc+H&It*9%(hJPx9eiPqaKbI<nC?7{&2+TxSo7dFRT)Yv}vG0GJ)
z-p6HhyVxEVQDv9>`<&BZb|u#a{k^6ffn$gWVcq76sTCFqypdBf5VB?%8&y@{a-he)
z`Yj=ELQ`{)f-T1a$RwP@j4$Nmr2<zqBM`KYGh^td<i4v0Z#v*rlu4A_V%g)?%FZ^c
z4gg+Zv#X#9QQx$}&{so_ZB_Qe5eIks=wNzMw9Ka<U!<=@yvIo<1H@F8NrJUM369N1
zXcXK2qTf5|Qffv=dXPIifId1&UCf+TzXKnC2?E3SO+8&5?AbPe=8_$1zcQX4B{}q4
z*s2^LuxMy7vC1=Ba9`yUE*>Nxk-tVmAVr^#9mp0rTxNjqU;92$S?W6BN?jP0C$!}Y
z4qxi17Hys}PAw7a==^gQEdHZ@_Uf^s&n$$PD}mvH1~bzaycB2g!8RbIa$s>_r#lC`
z{%yh3#?^AbcmkT5c+BzD=lt-TQ{J-Q?Xq!z@LKNn^%Enk=tGm{l?bw6(JRk^HL@hu
zeMzZTNoD#11$P7&hJ^R^`fWQGXZjrr`b-(}dZIM|K$qIids*=(YI#2iRV4%tO3bZu
zRpQc@RG`V9-6A;DwFVeDUeuABwRZ1_csbo8IF0RNZwTeJr|N7791~>Xl(M86>Q7Ty
z=_{sd<GS@XWa%An{7%nrpg<)CHN{sSc9&ZXV7oLx&#d|IZvjC%JrzBll^~eL<<9vm
z+Y#UQ(3u#_ou)X2k_wK2W9ULqw1R_vqpAl<YhhK2-%g=3zLdz~3P0ZV(0}5%v{PIQ
zU{V7LNZB97v|{^2uKBeF&ME|ikTnp?aCz)2BF>(Q45g&_n0ixSo~0JR%e=*hLfh!K
zvY&(s;!o)unusW@u*-T5Q5;M{vqiPhkLx6>#h`5;`5?@m*25*@etghzEV9+HyI9dn
zT{fFkxea&`c@q}2Z8$Vtkt2_wkWt+^iPrj7G=~Z7)eSN}KwSBI!Z!>c^sF^8oLxAf
z9q@1|*-<KM^?i+9BvA~lg*PjCmY{7~flB5)L)mWL9{Ke!MDGI=;!vpjng;-p5V?y5
z1dm9c3sA};^OX!VVKp+Y1*7J6)9GYYXOwdo_mI>lYQIw#EsKMR^;G1k&t=X}2fHyZ
zcZWcXpi%oWV2A!rjVh-Y?eT^INX3<JbXdx7SChr}07s32Vss1bL=h8>cr0k+Cz>vO
zFtCgWV$_}I=c%mq=~Q8-_#nKdmJX}zJ#hy<2Bmk*Bye9JgQZkFJ?|9r5_%rah94WI
z*dZ?4>A#-)wyUx|Bt*_G*H*?V1KsSQ>)iQpo}*gx-GXQCu-EErM5Ssz9iYblzT|H^
z5&C;HEHQ*t#{iOqVO~m^-0wE9g$Jfy2OpU8>-=bepQE}sy$Q3M?w5FmgVW`ANO+&0
zg?sm;Dm9@}Ffwk8?aX=jEluuB{7Nt}rB9mZUQzv=mG-EBM<m5hWEfN;f<LS;A(By5
zcK1wxj6MsH2>!tX#Sso`bOPJXQQ}v*ncKF>X<Og-Cap}l{lELtGnYSZG>uOP)>o1#
zx9`wWEPU-`(fb*=?)H@EpW4$N@;IjVMZ`t%_eGGbBrmY}irFODn*=?^IQHK@FGF?6
zu%=b9xYI;*K3N23kRykgu98d>ie0Uxo0$_`f<w3j13AwI0EU^5;D}IuEXL8j4smZ(
z&9U^ErV%A_a3bS$E~+JFSq4=q)~X&*AGsRI-4CHe2FJHkwt&c&z`1RVQ0!bmbN~Qm
z#?K#ei4oOr%qmux>B%SSO45$YF+nsmTdQHaj4*d@Py6Q1#z(Z9&LNvpU3ALd*6NZY
zNrE#T6G*~4N(Jpd)0{q>jH?TRayAaxN;r)z8|Bh)PaD}$n%wD5W_8dWdCYy8#JWiF
zpV9_uOfj(T_?7pOmLOUlLS6(hmSVBbk29q+v7xR1#SI}I|D^f&DE)ER6h-Rq>tL@h
z+!Kc*bbj9>5f+yGHJ`A8JezpajuCcVOfk||lM&zcFY@;KoU<UH1x*?xEOLyyjT^g^
z#_r7!h3bmd-YJMgsWg$ZeAPnCeWK^glax#Tx~COA0~7+)EXe%aI;f%2N=wKVVzeSB
zR!9p8F=5DtE%Q_%VJ`pKBeNgl&n<ZNr`~eNx(6LUogexw2WS|mM!Fz(?Fd*R`E3Z|
z(2((+^zCW9xAEH0AjAsux)_2dcyxBBV-GBuTs0M8IFW~o#UIC1OUm(FO6<zmCG4s2
z8=vORZRUlS?Jaf-w;9lzmU>6avWSf_4j94;6zj2Gf`cP|{$|Umc@^5Z&F+X!lwUrN
z`Npk6(=$djWQI)#F2wZ@#NwY8h{jPxvzBCF3bNMyd2Js*KBJ3y>m`-#>gO0HR)Ii_
zpId)sJ2cLHB>2$bSUN7X1lkWZd@?ob^F*MR0YJL4!@3_YWzK=NO-|Qh2U6OaHQYGx
zCu<EzKh_gx<Kva#3-xK^aQ2f$KNC~da{rEDqeuc@OidQ?w&Qi@=}37qNF7T-44#6_
zGILaC9&Q6T66?WYkw#?~At8H+3WYvUrfl)w?!jZYS2n4sH>h5Us9OKE8tIGznP-ja
zKKHfvPSKZgy4$syt5noHPjm4oTSEKdDPcCFTOuQyTiX(Z)+Y=IgK;ih*|QY=4>k`_
z&9Nvuu2WPFtpM89OzWZO-=&11C{voS3{QSd*;Cqlh8eqv9LuBrJ_HbYj^~B<2AY@3
z!qn;u64bne>=K!Gd>lZsP@GmMaeV{-8ePQG+pxNnllhD#8j}m7_`H$bHdXwWPmNEn
zu{x8`*3!BzDkITi9&c<bv4bAmQ}#lcJ+E+kc3*uha2#-U=W#y)Ptk^t*+2QrztsBA
zI_ahOC=v9F%B^qcT~XGm8rr{x`&voe-f4xjXEGN)0`p^vs=zf9^0(gh1D<~7({ZGO
z09;ob?C<M(Wo3HpR&r$?!&|k!u3irk#&*n3t&$7{8GbP{gxEiCiIFS-h-wb>VZl{d
zx#&~h;*Vb&6&8|O?f>e@t7)-@9&yTNvy`7B{7W~?NH&+UtgyZn6v^W}z<-DLyue%2
z06#34^Q*>3KV&PL6xAwQJoHjZeof`JAs2~y&JlAmJexN$56CGh)3RM-`@(LS9lPGJ
z%$9;ZRSg^`s^zv^^I+MJRpazn2GA47qmA<9ha^HJRz{fu_Qbf0pBJT;{4Ty*2+6Ez
z)KlPcka}}=)_54i3j10HZ5CU(v`QJ2OnqnRc&nS)g4{*efef?C3nbL|Pa7QI5R)Il
zb@LQ<4EJ5&QHUu(KbY_|a9N=uD6!261Sq(C8~)SCEg{F{IVARl!3GHXf5S0bI+Ky2
zSV91KN%qFbbIPXv;#gH>CwDOiUS)-b$Rz8Z>^C6T@h{<LgZ%wv^}Op{y+1>8aNp;&
zABn=3R|M@OEdSp)_l8y<J=uNf_rG(SZid@s%P}{;8Qp`YcaV9x0K$%QA9A?K;ZU_X
zh==N+M#nIklmYh*!z{cit^G!-MPWrfF;wh>xH-Z;KWzBY$OrsXvi`SFLPJq6b{FV>
zP7-7~^`!^4wPzm1VsusienkMyZ=DDP4}Lpy`hf`i**3t;+toZ2{gGTYSrD3L%o^Ha
zGML9;p8j%&)w(GFlzdaATCzB6x(@}P{&>~fSGl={1<d7k2#mTl?7myB>n?zIP#29A
zT=E(PZUWxzjWeT`=UWQq>BW3Kkhol7ZZn1&a5^n{Gw{d6dr9agepfC!yg0xOEFN|r
z31W8!XI+iG+9d+qLBmO9+_#t=P#(&4>$yTqp6X9O67PuYIdQJSW2g_LIL$ykfksl4
zH392Vn45h&(-?Ovw&cs(O_hZHs$~In@uU-E2QYEeh5F$%E%v@tL$dEdHAQjTm;Uj`
zihlh3&siF?UUHb|X|^Y?vUXH?z5f5QY>U~rxY0cIwlIK84UWX(=#TZ7{$OMgR%Thy
zJW;8)M8xx3*=oYUDNV=_<ERZUOc}ZcV-UKb`gRT6Sh*=`SM;{b=3u%GfzwFU`v2Ns
zCKWVibU?!m^RqJA;b5Rc<>?z5C=Ox0zbK9AnE8q<-bKvEa1H}<(p(SdyC7N7J8i51
zoJpZ8IQlKr7yWlGlC%Lg6rHC|b$th0%0c?|!UvH)=0wAbI;IKS`v`!_yBq0=!<m5I
z6rt$<s@~Rs6@!9K1w`Ebtw7H-P~Wr}O+4xmT6X~}hN<slOlmm|5+1{O{QVQ(Jr>M~
zYz~DKSE<%+J7nF;Zl(5=OuCd4I@bX**ZbYEq!&L|HBzoI=B-*-is5+jRT`kOGXePw
z^St0?xhUrluK;s+#*|oENrC8U^d{BB2Jlk5faVbVTk~CMx=u#ZYaO!#IaVw0l?|1u
z{Ah62y{x9yHB#<ig`V+W@MyDbPyzvk&uU?!sHh5@H2Fk*P7aB%az8C=+zTUwz8&IE
zV|k-wJ%S#BF&C<1Sa>Y^G##7)cc$ZFHfrte^Z%`o&Ph=!=qpbS3?SfdE1zLX=C1sG
zi~semh<+*N|4K2Zu9#iz8ewDh<t!XTSpyleei0S0p^O&BlkCPy_r@wIvRR!p>_bLW
z_dS<&pTj$mr<U7kFv2KkPeO|Y$zmTo$Ff`I%g%K!zuV)(Soo$ccV*YT2}1<s&RLDe
z`=NWZ$=~9nVyp<AsvKdQ5eToTYWDsQ<bK<wM%rZBa=}WtaDeZWXwA);cHDhEDtqq)
zs0JS)zMy>n$)&|dsejR2FAihzz;KD2f_s3Qh>(Wr85a%GAW1fc>MB+syvdOC&>sl%
zp-cUGgcr_I6hKQvs5^PO$pjaO<{Un;u_6k|e42*m?&S(U02o4RdJ<-r@5jrCPY-Kl
zW2dS8zQG7>BmykGP;8dP%sfv3B2%#GtQZ)M=7}pn_(yPo26q+b?Xw{CO-*j#zV~Bi
z(a`Vrp<+3hoFReZ;pF>uBg@4*uOT@8c@9Z94%m-yp2E6#PKA+PQkAV9Zqc-E#R%JU
z*DILsAKeBc<%|$$lG?e!M5y^%h&W%c8^0Uz*PqtT7ur*Dvf=*4;frMj#*%9=%$U)j
z;dw7Y1ybcFE0HW%BXD%FuAaX8-_`82P4^mH{YV7E)&md}u)&PA?G<HZk+}D~Y@J~P
zoZ(!uyP92!a1|E)e^skD*J`Y$ie@Jn%5A~>zpPW4lMMJ8GfX#F=CNLdP;o3_Hj?0V
z2EY+RQTM7!GIwQE0c;JveZ<nKFrSzh7#X9P(jbhR(t9BhCnf8?+czD}ecq@UM<n&1
zjie3J02dSR%#2N^D0Lv(Avb+3O9y(tgV|j|i3(#HEz2?gmcBm7!R7NHwaG?DsI>hy
z5~v#XR)w*@Fdafu$?%x&ZM$2Yn%zEt$a{Vb8cG?!RMXf8TvNM(0jC2OA4moWv#JEV
zD0$C1TXl-eYUivcNqm$|K{{Cw>%x$=1Iu;QgD2oaKUK)}!T0`!C*PIcO61Q~DE{BE
zoIQW_1|<EA$kuWj@Em&DUpr*Fe4%1f0q)=tx@T};<S?}fZa{lz!9Eb2sMU-jGfh0+
zO8R{daX>ei5{(=%8bFCa1oLcecMrRjCjU1nt^sE8y~NdHz_5eX+|q@Nf;FyCDCWi&
z$a4ciZ|`nL^^)ml7Np%~=~CGjHGvQ#2Dbh0G;dN|egKhiYPeOvUSb^x^11Pt6W`16
zv|vgUrSV&Dy*%K&&(XMEtOq<r$)q$Zz$E1}JA{PRi5DS(8R!_jGd&1AnqJPGGxFTB
zD<#kOE#t+^>)WM5Y#gj8)8m{*6W|{+dKy7bI+dl307q~Yrl3MB?o$7n{a8#+LB){F
zlwH0<GO{PD^rDaFUIP^h)cTjzChyFyg%O0K6s#`28Ndyp1HgMu=wG_p_Iy-&B;DDD
zW!5dp!rrSQjR=;gJ_4872SGgo(T@y7ka1U573?Z3zOCQ14YYv1fIgu7#9L=T3Vaq$
zc?*ZN>%<xIx+|xX&0+JpNxdzECA}95)A9&N-za9gzp5`RO|XTQJ&MfO$y;Ly(^TPC
zm3%1J3D)xpbviBw1I*V$U<w!D3)SAz^r;7cYi+(&%L^X9e#s|lvTBAMhvtwa%480}
z%bum?WTjc|jRMN3ug!oz;fuye61H98U%1J!hhFKG&Utaz!16L-7wcWRF#ft^)3ry%
zyhS+aEu&gy9J%}Yxpuzap@)j2<mZ6$U?|&I>_bo9d2vN3pL?GV930Bf_$y$NwE#QZ
zF=3IIa+Pq<p8n#G>&NRhWqt;cF>!bFHnM1D)rrAZ(h;PF$0FN3%B2+M7(bDPEzHb+
zP1aRpt$!Zfevu}Cnmx2#!K-b_06;0P2i|VA=N+oeo6{4jUT(Jr9<^(B?pX$06#`s>
z^re9LeO%=&L#2eeuTGDP?Du1#utOEHa)F&R6XcSxCEwHs(-OXzT_gm>IaVP?Wk11p
zbZ$`sO%8Wd8q@C%USC;TaT!zaSTM7C8`l{>G_2@J*q3;jl*xDWRrBk+?5`JN9K}{u
z=7piwLN{jKb5$L&B3<2kG@v(v9(5Vxa~|Qbq#Xjo1z}L7Z0VUXslp-w!xenZiLq-H
zKMiBHPh-1wZvO`(BRK~kJ^_#@+I6B;s3-^|9EI{>n%2@2^>gw!6H38ZX0Cu08%g^8
z2r{APE@j#1?`Sm!gS6@u{t)~v$t|n)n^>aES<zE<pGwwUq=u{AU`3cNlxEcQb%PIW
z=HZ!O_@iyNNYi@RLJ*!W94Eq8U~<OOVJ5l<7(MSxfeR7ir%BwZ>kk3M`_4l5&C@Wy
zId~hy!hRz&48%dZvGrSZvQ`#MBjF0*U-7!KR~(tg1D&0IonyQ-1W=vM`3EZqOzYRD
zq68J;oYN6$ByAg=MoSoXlzN_1eVK=y-<4z|weK`Hf8RTJM+G69BKvho>2x$WkPqYl
zNBBR^_)r8z;FAP^;&8X7=ww!ag1>QAM089-t0HLrbb-Q@K6;R&gefes=r8;>U9K4r
zc%+aw0G|oe(2k_>Q9SuEGSkbtHhA4c?4njRc;E+)4yttGRzDT1DTHmWMsylcjTCmd
z*{NX~+|8L-vbjkSwy%Sp@hsJO$B<ikUA>eNkmo7d?7*hvp{1C>R?|c6i<2&>-B7kQ
zcvw6(!EN6@36Om1>Hyui5u5J98wX1!3jMu2&{IOf`j6j;S%?<|$H2z^^@Mp=-l&ht
z*D&by6Zl_}QfR)Sy#(<#ALmE8{V-KSTU=)C{F-eG&^+jU@-NcsRQy+UbE4Q1mSN|n
z1%^9!XUxly<Tq$#zf{$lMRH_P`qjIq#tDz34m9i}r~Tsl{HpvKD6rWL4WgNT^a<0f
z%NghSwF+U`4s=VT_6@vlR>M(&Tfq5rrMIO#T+aC#D16ik;+H-5tmAn&K9&>4rXlWY
zZ3*(e&sV}}mOi4XIRnTzwO)~o)3iljnb(K!6E+aAhmftyS1b+iT=`TrU3B85I^U|)
zbh39Hzx~t1Og<)PYcRY_o#f-fZjdp-rRxj%Ly^i8Jlrng{ogPDgAqpf#crFc#Q`nH
z?m?7MF0lh)N7;J<t#p!TXm?)5fIJsNlrEMOY3=me&UEV*nf5&^9(#F&A^pvY>UM)%
zy!7CV-fN*VR`F>z7j#e=G^@3@<IWb0jS+&8YesgY0$ogVp5ab_h*05mCfICV<7L3>
z4?h3Ftol#Su?BveXHa45B@VcGFqNR~nfpu{BfumC(&z6;LqQB=mN<WV@{<j3v2UsX
z=pB3(#k}o*T<KjrL3hq!{^grfQiZ$KKGnb*wa>pkhn-}5PFyjUJgo!!neRHjR14wJ
zNwJe*p!QPcjqCm3MHCt@#~4DsD9yoJ7!)01Pg{Dy3hk&OQ3x?<yO)Ci;gWV%ik_0I
zgM#7nDW$HBi>wpw`yyPkX`TPlB(}o~%xMI&@8BKI!)Dun=zAL$x-R%^9O7bzNrX)E
z4`l{~e9DA!2z#4vJ*6dqn^ByjTk4+R=~NF78M!4q#1hbXc7!h)UAK=#v@f%%GK#SU
zzf(G+jQ~cnzmRlF)HT`rR)y<z1~n`Wt5bYKL^}Y+{bJ$0uvR6AXKH0#$^+g)gT<1B
zZ?y{ZvnfDqM5MI7`fd7Rop?;bES1*j1i~Xwc}kQn4Ex$F1i2Nn*<o%>Cni37Bnf{1
z1+T|JVvw3+MeXBS)SbbP2)^4<Dqvl*9_<Sg+y2bMdX>tM1RaPimnp{==hkynlwE9&
zfdh&QY!a2DeNT!#`=0BF0-O<ws;IhWS<aa<N?msNzI*UqU=%gU6$c3ZqwMj#sn(gn
zbyR1xRLz1;R;Ywh8A}iOpQ_yj&<4T|*)S(i0B=B^NK}_tVfGx;J%Gs9_hM~#4EYy$
zL&$>0GsLJoyQ1R7xArY#dvomk<JKk+x#6!_w`yLoc4yKp8n`=mlcSHg_hkF64j`m=
zBxg1=jL%Q%&(vpj{@Vd%R!JuFM!AEZWl^K+<mRs=L|{dxl<{8L2D`MOWi3%XUX<Y}
z>>&fG5q`xmyN6!{H7=txlg2T@-<h1<RCEg*{#6<8h7if6NrT5%qBP<Rq#f=R_WiS{
zj6X#XZ1^(gM>K=NuHQ0@hv>Y0l{HE|dUom9V$)ZcX%DCX&c%eJc1ucuqVHFvNkes~
z8t#s_z`P$COHeNwD9}Z4R$c2M6kMS4)iQ{(Z2UMI;-HVc8ehC5+dk@|pdiSe_B_t6
z3~c%J+%rGSKle9aQmAMd^+H7oAYIOT1Q7r#T6%M9z6`NxlAn>ee<^>P;Vdi~sqQ|h
z*(a8PlvrieUnC6Hoe$||J;upe<Y9K8j7$}9nT%Iblfd6QUkwqhMArfqX|OqQtlksM
z1+#uv(>)6FB@sjF#Gm|n5m@#6t%sk^Ls*dLG8?=5aMeC1xl_iwL(X=Y)Fj2{0HR5f
zcT?$PC)Q{J$m%MPulU&dzJ59YLzOUQ%z=^*45$A0CB}gAMb_yyIZob)A&)VVbuq3G
zzUwWqgl%HT(cf3>|8ExwKcVy~t?h(RHdn;=i>e>hu+*5UcG__Ufr*eA^%R3g!+SFc
ztRG5-kp+Z%ZQ_fV>WMLSBlD(fAR3)81D6MS6HUNtCE?Lo%So0*kq65cSfC}?5mR1%
zOfMb1o1}C`WF0Q9Qe$l8=%H&3o+&_HbP2lz;ujShJ`sRL#QStA)Nu&2e3k@55+}v?
zsp@W8cN4tr8-k9S<D7byU<*pp5`IN2y}`b@QLU0{6M{ETu)^6Wz|qwvHvabUBc|Gp
z&~1ynoorFiyCudl$J~1Ee_&Ok;@-6>*iVDAYORU#5Ud8fG-L};=KRT$L=1JHv(;e{
z$+W`HM^m^R5JEvZDhH~Xd3WYl0(EaB?dtbMXgZ=Ml=EvzxWzTqjJ_NmkCf`AfWNop
z1#QW&$@Yjgjd|P)ab|Dt%HLiaZV+Y_0UdHhbwzCgW_PCzixvtIYx#Rbl8A>BTM?@X
zr_D4#i?(FE{Y3U;;*VrC+_pnm;k<8-q@l6R8vUY3Oq#4&N}}AkTaEt3@5aVko{|9$
zL11r8v_LB=TT<XHG?Fp|C}-qVMOj_~WMlud52G|lm~*AKDI(((zB1AY^(_9c7h%2m
z(PcONmPp4Z7I8U~YGk%j;`i}6Y3^S+BzLCbh*kTWrr!qvg}`veOo%U7bII877J21V
z|AmLwI3HaAc#1D%px52Uug$f?4y;0#07pNBL0Hq7Yhtc45EM3($tGvDW%c&292b&j
z@z*U=;Qa!>&;)-=zqPTbSe4%Kt4#xOAmv7DXrn|9A&VRb&CC7q62yO|0}8BbB(CBG
z6^`GAZXEO6E(IdEM1k_?(9kq&fS-9%>YfQU4g3OUgcK~@Pgc=QwAhQlJ3QRQ=G@%S
zL!%?l+JY(kf{({NQ}?A@-T}=snP8I((=EyS-lZ!rTQSw1C^ePXB|fwk{!p-frgf3Q
z{hY=i+=TU{y-uAjn-DY6Id{EtK1SA(!>y}`c|uiRaUg^o;e=yn8tW;GEDojT_d}on
zTs%<{yHz2L5>#^=xBg{NBVM>|-~OfByjnRmmm`?O9So2qyNA|VWmLr<Q-(|MF^Q52
zfkRW~00-<Lp+Vqu!`}}ZBMt}IjJTI(yVREp!~6?0i+_LW>M!M8yWh14r!a^oWrU7_
z4E{CWpN9#?@2%jSAM?IwO==(Z@J+V@9DCP~8Y4(KtYvb<+v^2JZbqk-Xf88vMQ+C@
zMkUR&1ogei=;PerLnyaO80UdQh2wUjtvD6|gspLgmJl6XEN!kV=I5k^m8fUk0!a0Q
z8uHhjdtwe_mAw4>WiK8c@N2|h3%v}}Z`0|;R9pB{hJfS)uIjJGwEcP64?VfK3XcD5
zL$KX}D;UmBQuxt|T?sSIFJIGFrHdj^qa9Z<F*&!U1&Ymya*Vm;_683hp74>jW+Q&7
zKNUEm<(YQRK@@5o1k1Mzke>lse-y#)2DeDc_yj%*a{Vrl8hn#4V$fbccoi*Gfg8OP
zKzt5!Px-%f6>*0ByFiKi7*{dAv#Oq@hBx6vPOb3Zv^oY7ZX!4v7aAPH0XjwhLy%G#
z(iWb}`p_@Dw^5Orznhk0gk40WS~<ij48@=<M7Vhz#v$(FW<J#6o^det`Ar+BYY}Tn
zZO^T|#hp{@2p#s;MFLhMu{aJD-!9Fy<SAJ<Q&f{&ZYT|WNjMhPQE6Wra<Xs=o&*#}
zANpN|0B28Dd?C%umi|PGE|#w;qYU&Xw%KWI&uOH=(_C1jI>Db}%BWJdL>SNrjYz*F
z0R%m0h$CcbdZxYwPd20v7Ux*r6t>-T!fk*zphGeLb!$vX#>0@S-*5gqjsjEiO~fjh
zba@I0pLvIm8aLFm_$+%&?6JNmBHi|4y4bF$&X>Ce|AsckckZBAb{m+Oq?E~wgpMfX
z{!QeMROs9R$73@v)a6Y>ep1$ulriZztDPH(Z>qj$CniFoAosu8Ve0W(a$n^nqD=3o
z<I76H0-y=S?>OX}rMj>F+K=<zwykmYFB(c#auu6%Os%WlM4Lj`dTOW<uc8yRoKvWM
z#Xn=Pg!0FS=n_72Zg!7n!^Lv14rLoHiv7UwXx*}=B>fZ<HLHM`C_l!#_a4U5ra&JD
zh4F_8Gg}i4E#v`Hd+jg2(t)#li+bCNlJqNS{NhNk9(z||<4b<p3k)_ewmS$mOusD7
z`YC<mp!9i65{oKlbz4rcu55=m?c%m+;$!<sB)%`!Fr(;adO6RccEARs4K_ZPiH$<+
z<QJzI<kLS1@^tUfIRqXREwEn>#FmqNG?>IJ)B)JE*LXC%k_8!r6io0rs!dECxn?gI
zV2+$T-*caHo0vboE%w+^Q;f}CbP1rs4J#)%T(siT2kHug2@woL;y7NIdrUu$<bi~H
zz_)XXurB@r#$>gSFjOuWQBhINSNTcl02r<b14b(q6*+QOYE$(Up7L*kNP8`kob~~G
z4Le@ZJdr`f_&#1UvhyCfrgtz&2+cXrWMTTZ@`JR!s<SEdz8|dHErzzf1*KjvblyLD
zt85h?7VwjRd=oDhd{u%a{Qy7SEv4{;8{MJkFz;kn;`v~4X?{rEgcgJjMsn?L6B3a?
zmW)btX|FVq;q6XX)&`L*x-=`k%Q$Mbt~~=A3<=2~Oh!MffOwfnh|u>K()HB1nPxQS
zc2H9Cj>F{buR3L(VL=;G(;?dUEs9=yuk|m10$cnFo1oV4bSkj4I39S`s&z&Nb^H9d
z27tSdQ=D(5r@VU>4SyubdOv>E%b|<HXKM?xgIw(Z_|p&F`*tp#TyirS^OrPH&+XR&
zsRbB={qG_zDt*fl5{9kfBqGtwH617Wg#^^a0%;`aqOI>#H5r@nZV5&cfCdJgrh4%V
zh{B+-nPJ=O?!G11Vv@fp{^`a5%!e}y`?sEI$(tot)bNH@j-)K)E%yRv+;@Ji)h3Km
z(<1#mj<mvaX{<;0i9&P^AIIWKMc2=NCSIV2(hW{VlFT|k|0$JFpR-x^yTM%YB90Ie
zap{)m6*4NBYX_!Nai1>;rDGw$9{SFdJ-Kg?K%(*)%jNM7e*Rr!d7IJkb8_#9NIxKv
z_Pu!qYvO!PBs6M6s8jFCmWmq6p=y9dV^Ux5kWb%?Cv@B}kclNNPX3WKo2V3WVdq2p
zU21!T7bAzTMDdRl1ks4=k299K1!LREK%VQ;Em{_+a&lDGZdTt<M&yp><Xo9GWvgoG
zlP#7w-~szsbiA@iRK-n)lae91^$Z{i-h`{^Hyv_?qFg<B5F^&62G{3@&-NvGfnxrB
zgw4;>SZ&)ND5EQ26U>SnVL22N8^v4a_cO_jX(`1IQ?y8_?^aYqNZ;>KY9N6$gL)bB
zeXN|lO-)MlPBj0H4|0qkYhyj_bZY>Y$b+EVUF68<vEkyoC9WddS>14LA43UD8+QO<
z36(Pr9(eQlqKe8O*>s4~l;Ek*P)ij<iWcdmH4(_lrjr)w;QcOPhE(@7{0fP2aJ}K;
z1kP0Vn<Vb<7Q_<X)+%jFj7&jCBEz$9$r7<saF{_075CPJz;ly{5W0*{?`5wjBWwN-
z<^<<8qiV!R-j9~`1u>7N*=V%S>J{{;7kY_1!*F&B4$;$4ZdC+D-rin4u!YAeG@l;+
zbQlY(k?KhiMu0bn5oh~+*N6SqgFKGX0q4h;*%}BDR_0_z9Gt(i)kJ91--$z`Xy#<H
zWUZY)90<cFl<WLw2;9Boe7kkxBGnUrL$%j3^^2`uZfh^3HP;$g;PozN*KhzkRQ+KQ
zk_%VFF>r}W5H!|Y6v6J(aT0Kw4jSqZt}~(QKX+nv3mJ4pIoa=6Z4N&`KPMicn3$cX
zFimaYrehX1pfd0}4;6qr78@RKugv5ZQH@`YiNR0(Z+zK5BM$K#*0clm#8?Rbx-@TF
zxc0{;hc(A1+O^u$Nj-nk!#pb4ILh3--TGvOU@Y<A_1-Vm$U?$p;dQn`V1&K5TPx1U
zXM3`@)MflpEQUAcMBf{hA5G3TSd8ZM#DP;|(D~;q8#e7VtbGNYTWBa`ac@@r%S{Zc
zl)#+je7PPh|H#5t+nx%(UW)c8k_OFO3jgu(u`ivpY!}FIqy=p#m44NCfZc!x{>JT=
z$j1%y$$SN#^74Hx<#$IdN)aF-IbBY&NAS|;3e|KwQ6`TWD=m(8=k-+IR<Mw98HxIV
z;MgvBZ0Y4+(QQSBH@8?1Ab0%t#R3kNNLJ4vqgYH;j-r6>gXz=q+P!x7b&19GwHa!9
z(HO<*@Odhps;&9u3iw>^47HGy<9}Y_fYoim4I^m5ba&dLDzro(5WaE=7nD?BhUmVO
zfv}o~wz%#G9?DH3cfRdAOk!{JC7F2DICb?MOS7psH%XHtCRLZC-?8K>Y@E#moKR85
zt5?8H021Kpd&0A-MPfSvkGxn!J3v_Pi|lKt)OyxZKmp9NSMFGa&a}hL3Kr=nNo>bA
zI@50Qb`+RHNzaIg#J|QR>IV$WOIe?sy>$Uq6hKe-7wZ)?OSnWyE^80ukev-v=f}oE
z=;>P=)dS7$1ID?ZpR&nkHdwNm)Kw<vRuV1nIstyS$4-?%7XP{;a~aWqyeKf|Svnii
zkif&cjR>aP;HgT*yaR+>jCi?yC@)XnRaHk4sQYP14)TctvW2Ww1H)Gq`<Y-94jeG`
z8x#UEP+h??TtojV*+e=s;nu~WYFv$oh|H=?-;s;U%rQB4V&TkuU(O+NQmPpH+|ld8
z1kuWrUI3&$+C%h3O24Z2W|x^jU9v8JgScLgcslBMajyJiJTRAUy5_+(EybKqi5$(P
z%~#CzrdGN@twJ{BT_LI4<+L%~TfcLbBz$u`as)up$92JH@+L@iL#(V0QKZ0_HE)6|
zDnCccdP502rfvZbbXIr|DG>nHIzDG9oYlq9N1rcmb3c_;e=vkYz$R!l!d#|)*-S{P
zjCam^^Om_!u1E|lm>~2@%dqp{47Q0r+dkgNe&}=q^W4@U+#+)+&ue5np5o)h%d5<7
zmOBN+*4UkDE5W^WM*0(BAosP_n?x|Wrf_HH1DzOsz)BFc4Z|Fm+f=e&7E8{q>Jx-`
zy$#X%5Hlx-3V{vB3!Vi`1kXo^Mc*1DS4&fU|4yj;S<)Vt4mp$~kzL+d9xoCs8*$L}
zG6_J8uo1z^dtRT6_gV%7`2*~>sdJeus2<&n;ZUmgI^%yPB$6>@>dN(e*lsoa5Es`j
zw*nX<*=-NaTkbUYt;;F`N_T@*>6tu=;j@k7#EeFpAfqG(080QqmW@K&0U|x<xmVD9
zLWu!tBT7pPV^PQpw&#N97xU>IGCc1ifZ+hC#QESE-MM=fXmYXT_HOoY_vEm2^$i+@
z6{SiqZ7s&#DF(HVMsK2uE>CCUSQe#fE;^mHgAKS3$&Alhart6K_Ankk38&2l8jmp8
zgx-q%jE(d(qCm*iz&t(Tq<-8Z`yTFWFVJ}tqnul~1zRj&*9PyglGL`hBDQe;zy$h~
z6o=ki=8QwLAq4#wm3k_3v=!@}g&LX*92FPsA7~co{_86;Dw;uKNJ6pL^AWIl9M`AH
zutG;dVm;G3QCKx2NJ&bm#ax*Jn1AmspX>Y_m1dI;A`+_%Q?^2_tj|iEtEj|(ss@1h
z;K?h29HgBXWHl;i6!vKbMvi#aNc!&fKtH)tw$eIh0%LA%YFTJDoJ9>^Y*2Gop3((a
z3foc6uT-OeIb(}@3Cwp2)~@jNTc8(FNz!rn$<_geLCJ{qfJ6Ii2`z1n0w4w)yv|7L
zlH5XQrrB=KpQqV@Jwj${3(6xp^)dILm98=E!Qh!>m-<p+FM9S*`#+zwZ|jJ5ZA{r`
z=@(ld9Hgzbr~!-pv{ZNwa07rv_V5uUtrh%K*B9G!^>>S(e(YpQ6#TmxqW_dyxUMOQ
zN(4Hm#-}uE`Bt1w6o|({3iM+&X_iVTrZ}PEx)XG*k1`ez{|j3kon=1RRI1#K@>R|H
z*x~9ti9`p2512};Crgq!D%VaX+l*Zo_FZYK&n+Js!}A-f&j2UEZh5l&serm8HnBbn
zjxpPinCJ``c2u?845qK((y;%A8YoFS%O$LRdwj;oHe~4{K5?J7qko+2MH!y7Y1pZ9
zsyNW3J`;fHbs$Fw_HW%DySbFIk-b8kOF?B*c2Gt#<P+vd-5$78iEVp!>(W)rX9#W1
z<5KT^!F}iguYU?@f2>)@E;%)qoAU~-tIpIO6$@VS&GSKX#b;^a#@dS$02;f0HOG^K
z&>z|JDXh_zn@7%ZqFJ(K-OM-2S8_vGdJ6A;Y*MCh2`ZSM=;@QwqKYHHu~4r_knyV<
zb_$|FV7>P;p&DeWH)I+W;U1QY@%kz+ewSu?da_ggV*6!`IqB${YqP+X4tMD9*m~gX
zY4$aA@Pc6`z#eAYi+Jvy|J89><G)e}Q2e^X9o`7v=t&yx{z2Y(3q66(1Y>IGIU-{k
zX4^pu{cJ+<`uA-X+89u;@o5GYaWiVgUCU?cQX*MGn_2CQx^L(~y%%N;6+R>pf?eBz
z-6v1>E5SG#e<y{fbR|?y-W&)gg58q)Pbpz$*`RFv){>Q;2J`JF<Myzr@qGlv2aubj
zw~z+gpRgXT*RnHm+e=+XbASiv9}i7e*~!QtvV)eT7HYi4aG}eeBzc*c@yJK#CrT#X
z3{^T&2ofBlT|$LoehRm!v&EU~>mwp$L9&RXbI+;sE&DeQ>0<!@@%D!pmb^?512H3s
z#vBS{3nezw$9U#%^tka>204S^+A9XK<~sI|0><W{U2?$lr(Rrg<lf{ozZAJ+;sfv*
z@8uxzB4WL3tDhis%HH-v=M%(QWgaD0qZI#gsEiFubN}}jtbfE-XtfANKKCAaet@+#
z>zbIlGxVduD`h-9L|igRDFF${)JztAf(n1RHUSb48{3qnrTUla25B<2ryXjH#0TGa
z3Lo^*4+yki<l0DHB(E_9rq+$b(llu}$P1|?kjVcQ4AX0azo!Dd&bi#w0YqT!#8$or
zM1O}fQI#=52}?7bu0-YG)skhu+Z@;&#i){4rU6Qybv+CuNDTru_s-9ILee2Tm}}kw
zf&tosv_O4x5f&L#e%UvT^ZQ(wZAZJ8wwlPhGv4L()^Rqp1^@PPZUe`*WYG9%j%UP~
z2h&t)E>VqG{C#Nb(o`j&dKdb4faec=MiT-FRi-mt$A6AxTJ0e1j_JaCFZ3!Mh^dvu
z7miB={jnG^SOMHzo`mst!Y<+^{lr@92u`*#Mom3TX}s&?-cq!icfBTDQ$~+q(O;b7
z+%}4(QAsZF%Dk!iJX21b9m~Ey7J>y#hXyJKk6`bKd^!%_NN)<H<>saG(yD@(vAmB`
z1w07JhK(3}GlK3ffvCOtMY9-yWWpgQ1|^Ca%T%CLCI9z!L-d6Y{S0v(?Mb3K;2pD3
zv`~c>Q{bAA$m$;x5XqEKF$VD49YNq9-vSrkqq0P%8O%L~|G;vW;;FOh;9jFRSGb=p
z!9eEusD50WqGAOZ8mDLMn73G!P9ZV4+tu93?H8gKHB4peF>5yBrsi)jZ9-)PL#GDX
zWm)>kb!A=I5r-Duz~NhgANwQe2)SvgGCAl^7-S(|cx(IcAeN>o-2(@pj=R(ALI4*9
zs7)cefoo-~?|rcP<i4d$ers8nvV07aCz=L!5F^(W1wH2elb%4-aNcfd9A{5I{TZ~3
zRosTvJ8q$XavyOsUkU?<Ctq1rKrgb}fQY;Et8ns<apJ}Og(H`G(v!Ng%cX`Af8ulD
zTT}EE^UA02A}?CsB=))U4eKi@N%Woi2!Oln?+3e+kmebt-O>%-+6SG@LeEdhAw^<!
z8B#@V0XtLE-vt~hcoL-D5S)3PMN>GNu*13~tlg!dUv)MG<Qw*($Y+tsZq_=xapFfj
zA_fz)7@n}_LlL*D^Rtw2kjN9WJJR>hbMsAf0v1A46tcyKt`&=^_C7qC{NmL(3Zg-@
z6VqA;@(Q|HkYB0G;~~gm#mdNMh$M==*8u6gId;^i%eEijF(3J)=0AlPeIni<x>_vh
zwVq5fKV&J-DPtS~DY32JxpVO6_+3@N(k=6c9tBZ{28rnA<FuENQ@<`O>nBm%t&#C2
zRk?j={Rb~TMKN*u)aa^<2z?T44+L#CD&X0A`zPx!s;p(mOkV;C3^!m==?-oC4hmWP
zln2?icC=Y;xenl*fw3=$>z@qfA$-9IiI|5>Vw(ympp)Vj_9P{8?d(R2?0-_m0Z=b+
zj^oA=$xiEhMWN8UceGEb{EbW_7c1D|P-8h(e5J4=Ckf|T=+Rq+@R7E11CFtdhRQY=
z$puhJSZ&B9>fI)hO0Lkk$JsqJkY<a(FV<2?`;tiG!XHeINihv}%1Wb>pC=q14Obl0
zeCX7iI1Wue<-s)RNGO)Ut%u=tBSU+M{dx+n)O^CNqC%QrIS94w&;DDs3tTe&QWDym
zExRNNqScud=(BI~Qogs21L>>Lg=>MATiAHrzSATc9;1BL#2SlB%YzBZFGIc=EB(hd
z7FN6%^xWQ?&3B`-&qDKM*39(RXKHOp>{B`}c4}?<{^~-eP@C56%cFYtRq=BsYBY27
zGE;dE8&5ySj{n*8cVQ_D_D*T`K%PvF;21TQzzvJqoQT_72p)nArQrGOT(6a`b@8H%
z%!G8F4HrH`zmP#r12+<-My2fS{Ou;>_U6x|-!7(!HN->L3VOjP7&c<2g@iXSeRm+0
zPWIjXw-2*N93g|<>WFe{B(bPmAEykNP~i|w4x6*&zTk_)aeo}yy^YndBlGSJdjS#R
zynjEE@J59A^M4|+YMSE7K^-USynoGxG(-D;y!H1udsL*>9}!Qi|LSSi%PU?ULey-P
zRuFry=@<#GSV1<LkHZh?lwg+WjqO+1Tfjh@T<(%+xNqoWow_yXGUD3^o8eeEv3~{u
z0D;pT(%<%crVhRpV_)8|k*nRPl!p|1{<TMRy_&m}q6BqgZ7Sr#GvPTNahctHmc^B*
zy_8i7Zd?DE4yE&CXwnc&ePK$H`X|NU*#xBoAQRtzq9UKnKfU_XZgY1}-t22c5_T{-
zSlbby2p=!d8CnY$8S~6BKO@@e_B<hE%_$D^j91D?g5w>(Ho_~fyZ;d}ZF_}@Xqk+E
z^+qw(u?cl4#KpkjCK1K?Mzr;@tUJ#bN3+;?FvJHbc68-q#3yZ(E>Rs=sLFa7vc&)7
zuA2&48&~3C;xgGx)*Kj-!O*F0K;`~!7U*zlrjPcIOkkDfGgQz@y&jXtx_U3OJi|mG
zv<E0xuh>Q_o`hEX#^%%Go(c`yi?<SX{|B4j5pyNO-65+0Wm%9uwIPp0qI?jJAXc**
zVa+@Uh`_1d2PbuO7zl?ROG5M+RDpcz(H{qu<Dc$H`HPPfw%#yDM7bI2F$j7J+r_<#
zMtR;SB$uTn9H<oeQb?E+{Qtlz8Hu%l%-#B<!4{>aC-&61>}}s3M|GZ|=jE%J-9~k3
z6^sG2QW|1&{0*rt3M^IdI)YuKCQ6&`PvQI`!ODlOgfJ{^4;YFn+p9MoeeB@{jS>#m
z4Bb<6CQ1+n;Mlg4jcwbuZDV8Gwr$(CH@0o-#5&)_Q}YL=x@x+n`-NFA_eytvvP=kL
zQ*IP{Xr*V3Ne(|sXa}zlQ!Mv(jWoSjq;r@Tvi=?IqQ}kK9ElS`H;NckbKv!rX|{ki
zNrHx%%AN8nS>8hpVQr#v&?~3{UUqA{IiV7a#Z@OM?BXvGoo+B3wF0LHe-y;vFW;<h
zi`io11?l%;Feo7HGYJdn7<eG7zL*kJi>|!(%OjVh4GZrOa^zMe(B<+|0B_M+b*)e(
z<zJDI%wzi_sx!8%`w@Y(>tjeiz%6l5L6);v2q$td<g&(pIS$_$Q60G%9SU8Emxb+^
z2aJ#e_ez@bpB8l^S;kF4KX1ZVrYrx_CZZhjs{(X5H29O2rH_{9R>d#j<NU7^xP}(D
zM7DojH=_B&AuK7^G>l<}SR^r$=`s?}z3+%Qe%;3ya#vr0?dd>?HlqA0h)L_tJB2&C
z>=<J=XG3=bD!dQdDlf6~xuuHQrxZHtA=q)XTiRv*$&{(y330Xwm2gc9Lv3ars7egR
z+UcA0F@MoHBDN?Xk1n}2ifZ@O{AT^U^r)(*)4qLY(oMsXnT)A6;=ZI6tNJ+ON6KBs
z(bmb<zk26uY{1F<pO>sQSId0+C$%0h!_aR2Y;qf?Pl+=62Xd|7UuNopxOOjixG_p$
z7zDgOpZg%2Ek6w&OGm%g4`zQGrM4Tc2W+W5*%k`}T`&FOTZDsd^@E^Pm-idf+4ftO
z-;aDJ$s(8>Qq+fxxjfx*LPEFzPe_&DxSwB>c~F_+8*=?wt5aLF=qf{&)3awZUjoTh
z1vMAd#ek<C^U^x#Pp-48oPj5Qx}*;?n-amB6t#`syfZ19gB<x<X_e;VKg4G84{YR3
zKKhB?A1*%3ng-71Btn7<y1o7ss$xak*~cH)e)|&VssTUc5K$5GBdXmna+lQ&_B!zY
zNk82sSC!wyAQ`Aez-##r#6OKM-#f!U6TPU5gg|z5E8s0~`5TbOnhTGYHcXsq{@vBE
zlSx8WdWmTt1)npmE%0*(J)qW(5$VsClXA~B6@3%$V2e#ek1Hwul%1JImtVW#uFZHs
z&;kdoe}p7ZFlrNfOuAbColL|45p7ZQF#c$$urVzJBWEUt!&=UjuEij(NRtixBs@?L
zKrx+1KkIw2HX_m$v+<F@?JM23#5$-S4b>;9%}Nz{-dAXAvT3HMEsF}n5uHFV@^74Y
zy(hvD)zNxs>XI(IK~--!LP^7*BzA4wVG3cEzA|xw?a39E0b*BN@Tw*tu#@AW>){9%
z9ExB_s7sT|?%EzY_Xx$ztm=$F+3#NOFT!Xt^#ZAoCGKDVS9)+Y&G04fm)S{Q0Gm#u
zSRt8`26d(CKIx26AKovf{pvwp2`PP%W4=q9Ek=wN_=gJI4XsRH9oNMx`{z5Jlb|f`
za=aLmN=GQlzzmO8t&q2~4I$grnS6Vbsvv_QSGFT62iW7w8EB*N!PK=<Yjr(*1KRc<
zc}?R~?9^tomwIwRf>a%xs-%B;bNq#KyQ><PQ?A%yjSss6P|F;c3LkKg96xN1gO>Z}
zd*S0n<QJG{PyO8c*wvO*3}J2?Exj)*MWnvt#&4&GyCBrtLldkF$OAzs2L%w`9(h+-
zk@~^=%n!9STd>5WH1lm0YX%Wv!He1KwF}nFtXXJXPs!8KT!U3u&9kmcFO1oDApvBi
zMM;<^-jOV2)?_dR`qduU77d&a$+;r*;VnEdIj5A?G9D`Ej^l_7oq(pEs99zq*In~$
z10eK0+yuf+Q?pY&qALm&`lQ1z6iTtudLs}zcJX-nW#+0nN~#F)Us(D457doc;5t0N
zs^r`4f27??wo3b~cTRFpu~KEVNa5A-Lbm6HgfHJhafj=Oc`ll5&C9kZG!CwJ0SBN`
zXc2(Lip0#ojh+x@N$@FZM&tQ0vQ#RH2@%HT5<5xlon%&zdSgA3|2(ECR|hEv7LA)?
zU&tV9`+Nv1M#D23{ToaAJYcsqq?Jw?uzTKMjZvv`POFGOLRicSTD=Wr8+5!_60<f7
zlY4||7<h-^>VL@>WYbzl7Z`D+bQ8L*S@H9SyK`drIQ&|KARLNX*e$QUa^(*k7jbA6
z44)V%W_gXEh%=OQ*nx{Q-#Elt(Vx3bRCkC8<{(mso@f8X7EU|T3xPM(fHne4$NJ$~
z;7gyVs2lxbX(}D~uQLGKGa#C~-E;WAgIw5X#buG7=np*G#`@}hS6+T=3DHsA&>~Fr
zXFwxg)eQn^L-sz$3GJ4|IPW2TTUX0X*aRx1Q3MxhpnpdzD*s(aL{vk2eYg;mtg>(0
zu_>$_aZeLb?>IfW-ld6Z=Hnlcr5A7(1(nIW$!z4lDHX39x57Fb(5qP3f%x0Q0VJf9
zF3?$ZhoC!M+nzr-HU;BI-$wdg(C~((l3k+flV^I}P{Nj*6gt5qeuN%p*@FeIlw~|q
zRb731LtibAaNiYo;VcQfzWy4vG<->eJ3dm<)Lnkh1!CS!3r}ts>UZ(F*q<1sN0#=%
zO<IKSY+<DV+ORMcHSqPzKt0}_2LpITbI1<&MlP_9j$7^8`XDafpBU`W<3)c#kuqiS
zec3nx1PcP@d`E4R=>98`q9h4j7Q4iW@R)P5q~C&EX_x&wNW&a6id{g$L6#LW3`B4@
z%&JR_H!Va)A~-{<=M>C@=xHZZ9HaKt+^nJUrKA!O@?3A@uA!vl)ptK<t3V{?fEKGz
zkSZ}wu$kL778hBb=O*5{3QfMG@)ab7<@&@)*^pADP*P8qSLO7X|6e2ir(j1+r`)rL
zEkw2R`DTS_iHe}8i4r8Z|57l2lZ^A(TcM%+oz7<a+=PHT1U!W)BOf9p4ug{reJ@vk
zAW_`uPjwpR#D)~&|MVuv_N8&=YL90dlE!41;@j|%LCVx&4?WlC|Kw16#1(Qh9SMxN
z@&Dn9!($pEG11oB>|QD&N<%6sZxX}xRjIf27K1)LrBiZ`uN#{97^hCeQ?g@5>G9l{
z-4}Zlnc7Q$e98HHzb<ThfdPZY(nmG;qINg=ySH1@pm435%<xBdh}|0gM6_JCN{iJ8
zKY>ThGUJ!-KqJzl{rHxXqOZ7+i95}$OLD&I2#3otJ)#Wc&9-r_HAzz!%ZSgT#&SFq
zefuX{u!`L?l_^CZ?nKwRY!*TTiQILjJ4lx?RbhXqmT^#-AyGGySLWWiEOEQ1I4jx8
zY)xrLead=fm_sEt%0XZb9#gR;>t7ar_BD3)7Y$pu{>L9_0lMEAki^dLOxaYG&8f!$
zu5gONxaGx8_se!a;^kv06g_^>!1I4D;1>=xR%=!|G>J@hryggbDx-E!OweAGP=^7e
z+pJr;K8K(j$4j%(5eSS_vLwHIEMlm1!f4(vpBnhbCl>hp`KNCKtPf&IZ!zChZb_s@
zlN_E4AjK0|aWKniC#yq4i7x03BS>+X<AX=NW)t*A_XAUdxS31P%V>h{&tisOpDBFc
z@TBTP8zesIePJ)#T=9QQM*cR9avlxYLYWyALe$ceHiB3Yg>~wS`B<ncYI!YQcpXBL
zX)cS?Kp|)@L68mkWPV-Ah!hIWusB82U<uMcbGFf1!5peNcDRE4CnKMh!zrZl({g0K
zY~YbO;{@e*jC@I?R(*6x;PvG_gBd3M=i22mCj+~7fqQZTDMV)!u!G=s$0SJ3uZ`)i
zfS^9%RUiL?^5JTb8n_*(0HaX6-~~YyJZJY~o)k?Ak~b*UHIeycrqE;wzmb7h9Bq-{
z-8i$^Sb&hdl<tCT0(TNe5cExw)b)888lA51H%3cHR*=&AcY0k-Kap?;VU=|@RJg*$
zoUIFyy?0T^!aN6PaWT83W(^t?@?O#|$P_(cvi+znM_!B{xbEkmi<^Gap9i_Y#0Wg!
z`w|9;WO*Pbc;+KB!M6mHD&TX*&qWn?(lkv6yw7m94HEK;s3v!|wu1W~b%iZ_u!(7u
zbs<LTi~(p~3mm(I&0l&@k&G(uHq?xoaggJ4d03*Nx3jN$1bPSQGo9)t#f!O)Gy9nx
z6oS3QXtLx7rgYmzgKrOk-Ee_8tNP&vi<?w14R$(|@`W_4uZOu2k|~w^zn1zcgAeY^
zzPLVRE8(ZryP;Qbf@V_oW!%H~&vsQO7u$RW##P3sK2bgy;ZI1vQ6XPC2;^I1hU<`*
z4f_;yw9B}2=byY6JMv^C5P6^J*;v`yHI04r|2d9Ag;0$2H(|OStlhvJm%_)pFt-~*
zI>}4cVR(z6?>B+Iq8WNOx0rmlRNEkD^K!0l<c>VB2qE!<1?`uJXe>}=Au{)K{n}Hd
zq9=7dN*<g&JedG96}&kUcCw<H@O4&^p*^@0a8`wFghT3<3O6#jc0m);>w6&qaW(cX
zw`{|+SLj;w=Y#?iX8JxqBX4avxWweoQ#!DUQ_Ty-tuu5UfDXA4sbVAFHc;>rI4I{&
zT4D3*@_^fj341HB7THXC=8?D1q9ta_2kZMI178%TxZ!U;zh9P+(hO~!1UN%U)AVeP
z!=^zF{YT)utO^|02=)R@Mi?K-ZNYTAac7?S+Q0r^DhZO+XAZw2RAhSgv)+pS7<mL`
zkrX~KL}xySOQP<&vX)I8?25(})xRCm{UirL55u7*1PJT`cSH<>srt<T!m+u7->)R|
zPwJ{&(Ll~b>uoNnY8tBzND&KphhQG+>T4U%uSt5?d8*cZue>A*6bD}N=$>=LG?fFD
z6N`3SfADW{KB81QT@y=(IkDxB)G50ahq(#9%;@Re;nE_IMr3xu`&Nyo6MrO)VGsXa
zPW$ALqa@YP-=s{gi+Zri){U}*au`8c$T|W@F4NnzOB%TEUQ!eb2Ap1CB;q(VB9~SW
z958fIlVG)Ff&NZ3yE*pho<vF`NVWT*3>y!cKpVULq>eWg#Eb@ac1Ns>PVkOKUHyum
z$dDPF<2z_$SGts|Q87aM9;C^m-6fagNnBu_BWV<{5sr71o&&8NyxX;Tf5r0iD*mKJ
zCA34eM>XEfeFRSiL329usFKh_;#wq?`f66bj$;}@eX07VP=$Lla#({zBI6ByU*QeG
ziT!vnuHPn-cf&=H-8Q;IZ`ssve?u4ISY05vlpcdB9PTOmCh9`p0O=~Opo6-2Li@%v
z-70qD=OD)GqLeAuNbjxFlCUmD*Lbs20x!!r@T@)HsOipC5dUou@t&qBy8ew{-HT9^
zoAFal8+2u)1!nE14lSf<^?2ZOrRFrBg`ecJ76MFyk2Q}0+wJbxp<|i_1F62aT+Sr6
zG$y*U)u30iM`T#s@`{8SCaj2)ydx$noJ!+tIB3+W1|RYyV4QL-Pv>19=e)(RlUQnU
zw3obieh=(;;!l*BvxskEZ?{lo52+B*L#^Yr2a=nKCaTAXpK7I7jlqnc(fE(1-|RG&
zPu4>B4K~)QS3<4YYaaw2Awg;b3dT_Inp0!_bVW}^&jmfN!-<A#Qdbshq|&a-pryDT
z_-P3NZ&9L;XpRA~$uc+lBo6&;0i=h0e27d#y0dBt$-lTwjBsjdzem9gyf9;B&Kq)g
zmzhJ_u%%IOVbb><HI?&Q_K~&;LyiL61?ETrGNR2-V{3mxHEBgoUmn)u-j$T;E;Cse
z2Ui$P{tRyaaDH8Ae09e0(wDMCmbP>NN%yU=A{|Jh1Y?F5!#3qPg9250*WKi@Y=|j$
zrMP~5<?0H_ymxC+A2Gmeo)o2A?y%RM@BWZa!<>Y^$$&Y6E@7j!{^d|_zN#3d>~3pu
zd7GLSn$$asqe)#=eIxhbJtJLm{-tNqzr`(;({DXF7O;(|a~_%8w6T1*;fzM_F`RRu
zf23Qu|4|rKF5wul-*{3nNXq)e$GfHgY2L-%srIEXyyYbyjq;OUqxT7HjOzDTA2XOC
zcl2HsngTMYTu|Yzl@;6|g#gtShg9|lQfAEC8fmTJQ!FJDDLE;sIQe`rv?$tKy`?p5
zpCHa3F38bC2wlVx?Pe=1!sYlzn{i>SH{t2L#B=Ru3||A0wYvNzdYm$Pb<vJq{5qT5
zO#MtB0J*_5<NKBVsH{AIyM!4yTfXQCR;*7XOW{~2q_}nDyK{r9R3x_TIr8a<omvQd
zJaN)PoKWa}(azYm{W|w4?ohs)6>ZS!RtwOSE;pWLxTv&0t!RHEYUiWqz1MrD7IJ;N
z4ak6I<M_MZocJ|_L!Ua$S`Bn=Wh*=GSzLTy&ZE1g)g}$!{hJI-Jw+_mio>+<8(=VG
z$uq1Px>KVymeVb!w5|&q9HIoim`mngwh}f|o?{KgFG+fP$v7|Jm|zK28*`8^LZp)*
zL>oWucF&EEP>cuDBRn!76aMDQ{GTu*f4U}|1l$9v4$vSILG&A#I|(4EFk1Lj1peQw
zn;j3uy=y6B!6GtPmwdD?p$JN9(Qj(ZuWdGKRfTlbH9p~M)fML)O;Ip6JEX9D4b;2N
zc)TPo_UA1qD9(-^`ru$nvG(-g^TO9b<ri#F);9AFxFENvyVDkxtxKT{+fP);4?zcf
ze<QkCT)W?Uq6bK^yHvDJp`?(HT|tcYR+`}3_uZ@ep-8FtjZ$4Cn%ZNxoUiA*-lrz-
zV5aNk{cnTWD66*4AtZDR=>xabf!8vv0pnjIbgNkDyLJEMnIR~WTL)N1KcFeOAKs_W
z)q=NMHW)jf0VUd{ru`78C6$3QWb_FQ4{keu`j5T^4q7@)>vixZK6~chlm_=IoN*P8
z$SA^8h>p?&XDLAsQLxc~%%072e%69zdsdP@Tvw;hWTZfzYeBtN_*VlxWWLQB=KDmG
zQw7cG>C_l%-Gx!|$3`3CWg?q}J9upj&fa!fY$W0B$`a?rIf4WR#AJ|KB0o{C($f9Z
zO2+8P6=nD4w1PYp5|cpWd>fd7-EP%U{biZ#A;tJ^r{dUFkj_=yJA9z5YMs<CgB?Fb
zl9jhzVdWe7pQdIKQ7qH?MwGyg1gJy05Q}CpL2F`B8VsVhxD8HyR=%H=$FD_M@AJa^
zz33Vu{QT?d2i;G63v}Yo!l{%cQbm}O2v5>No|O%TYR|T>iT;)$7e`>`FwB-=aB6X|
zOkm*5A4H~Fm-}MHoFtJrRTzssK{hKkp!`|fXtdA8#2aF?sJ86ok6q^9-+Rs9g|55K
ze2Q$Y<>}Q+iG<?eD*8q;3ddsssJ#3Cx^>Ih`$6ax)lW$U*7-F(nR63JYoGc$sgVct
ze;7_?lK(^Mkp@?W{kz@nn820>lxEEP9TX2Ga`4_cX>8lrKm`PvHABzBF42d)?<!W2
z0)zZ?I#+Zrf#O_w{m_JtEIZO>r}ZDv;!`&8Kp@j<i?SIdHP2uem3FK<fxFsM%p%P{
zb_WSg5~NZEM%N?8h<T;GzRRplzek**=KfA0zT8=6Gw%>*v&#A=m34iR2NP5jV)6{7
zCb9=#o@uG<Xa>-c$oK9@;*f*8o2={@HXaZ@aeugfNNSQ({&}xiSl+|=CaH~KyeCw&
zTaH*lg;0+SEPgH_3|)@-w4^S$U%w=k$y7EF?G#Be(krB)6Xvx>We}|=?!fEPZqvB1
z5)8>h0nk$Cx<xF0IOU`BVaSxl*S4=eOY+93AEes)2;jcCemehxe%_fp7kj%3-St#r
zJOYVbwuL+cq{qd}4BWcxH>b8d&mvEwd|;dutW2ffrH={fUYpS;kvIb~gwF~qd?FvK
z`kjNuq?Db@@Ps>}%ihE*1RwU#4dkS275Oymkc@n0E>KL^E*PN_5cZ>H{!2VevH^8T
zsLf9JE;aNCxo>KjYvqWdHxQ_EUYPmwR{1D!-BnYgJWjAeum&Gz%_DyQNE;f79PHKh
z_4%)cKvk<j{;dtV&A;v9-a5vm(!qwv!^+v1IxQ}yB3nMZzYPfPKZ7uqVR39VlI~)t
zRw)$!GTCwGxqSWU&aS1-IrjSWsRZs7_k!a(Dvqv=#JUmo)GA2xdAp8(^IyAYMJ|f%
z0V~7-(BmYZ;8`-ajIh@V#m<ejcteZi;(wUFKI9ges=V3ep}{ADd^1Eg1Bv;g@l_wa
zx}O*FLe7+mc%V<4J}I?epUIXw0}-he@bkYzMLo%;Uga5D?EN}~NA$tyj5a_mE8WcU
zNHWU+zw>Yy8zmD*h07wIVIHBrLJ#%f`Az$UP`##Jb|!KFaU3WH>}niD@H}qHdV}Ft
z*ansSAsELIe3Qu?T8&Ut7aTLv<_Y&LO`wLk%)bze$QtBu$8^@ohA77t5d4Byo_9&-
zyE$cU7?%pBMb?Zb<SbO~_As<M2;W$nOn52`^I(dYOhVzZ7^^Qahe;!XNw$MXDuXgA
zbRGI*{?<KgCfRXp>BL#hH<L^mW-}rVe^B2dv&+Fo{O#OJR6ST}a%Y_+4}dK6?^YQ4
z6kz!5JWK9%Y{tIlE+i#;fk;|l+R8rM@!xBnW<HOT4^JQtbf_w2H@h#9S9rv1iIrtp
z`1_e#u1LSut$EQYT!Rp;oOJ2G;-LO2CXZIJBsQ7T^+_nsnbR)y-u%T}4Y{yx`ZHVD
zZvGs7qNd={si{k1n4p=SmH&q32N-!N=j1Ap&hyMI{e4Yj8a;T37-UGG7QQga;2~R8
z@(q-F`m=PcYvCkfCj`-MT{6<qdegdvZ1<n|<Q_hyjh68@TXE;YLm@7j$>Nj5x1%kk
zkw-K4uGZPexZptkt~%2I-5<w#GkJwk<VkKni^s1D(2KWKQ8{4=by&nj@}xFX*Z{|q
zlP}^WkY-<zzfoptON^ohe`$XHVaqNnf}6|z*-k!FMDTvr5prYx9{NflJTp|I#;oAL
z*lek$NNlfBd4BT{fo-+r6ZuV|WJA}pf5AC{j1cwX0FjfNMfLAh3#*0Uhq4Mw+u*Td
zXQhoc@NtExHf#UPHZ8u?8JjRpIY?J9lKDHx@%Ig(q2gP(5iYiT42D&*B1NA34}bS0
z0{Q`TI0^j4n=Fv5jEcikO7E^z9q%`CjK)|G@@Glcfd?kJV#F@miMgk%$>iBQ8-g^u
zoI~HD%p$x#cu9o&O4@Iu;-VrpBXKmJ9VzYXwIi8;1dJdDWR}!c>@IL$RzTPiTk?Wm
z2!8eV{t2=DND;wosw9ISG!pIp(sa}veps#Ni0VT#CM}@7I!R3_m^qA=W2<@U|KcqV
zI$;cg3cJKfe{|)IRJm#82}D>sA?p)wa0)7Q>L1-5Ir4Kj@@l@M<n_4IREKcDRY&3t
zg~o;(<ak??{6)_sW}w1~5MtO<3?xa+1%$ju9Vx#!eKu9zp+5DeTrPXz?4tfm9hn>A
zuf>FQ{(?6)S3voj2HSnOx*nwExfxa1AMo{3ukUFIFB*O^X9bzG=o<;a_5r>+GX1C+
zakU0azGDRc9&@4{7;<<%L-Xv0Wr;*<Wk~B$)Y8!>OUO#!An`+RHHZuBY?0Y(Sfm4Y
z7%~>}AO+6v00h3(u|Vlba53d}{b^{@lQ%Gf$lgij1YB8tajP@*E$9|sWG6`07Bbs|
zP&cSJ(EZ2wR5y4LrMYF;Fqmna@Km2ZN*iczc~KX7*cnGfCs$zjQ+Uf1nv(N)9jB}~
z+at+Ui%>p9is?CV2BKcn=L4YBwLcn#hxK|x<*;^}*6sKgpy;u|@Vv6_oCNO<1jwF$
zY4_5CZiH${n{;;D;yGWkiNM*oV~uP44YKR;FOmmyfkM$kfb!KC?ctkI3LPI&6y12H
zoo+QMG>Gue5Cw`7(2d=>KDbwdn@1q=)ZM3-mYZq9#ta&6(`J#Xb9=ZYFvrxdo~Uim
z;kdpq=CIKnz9QX#SdIgHk)|o=C-++*rz@xRy(sKNU8^pt);m?LCzR*53p;n93!tfG
zsq)pxz&RuiB0S<qb#Yqv(U~ynxS#l*Ik~wNB_?>PhdW{ZlJ^J_V{A`(oBGa>8*v12
zk<S?BEb##MOv+?_pc+qqt+z|R7Lvs3%^$dC)n3fSszC+?GPQ3=UhbTc#jPg<oNbNk
zw1iUeW&V+gA04ZyKRQ5bSOT4ARdwdsCD1cxJiM@<Zj+PFkgQa}0(U*~x&C#-iUsl*
zRj&9j`P{Ljpr?lO?oKiBaR9sjTk*An&+k#Fwqdt&G;lww^l458&zI3r&aaky%fMma
zy^0WhU}*`I`&{y}&rFXpTkh1~8+tBu%1gAgPJ`k`caV>br!%!aO`v>Kw{T0ApcEDS
z$q-j_0$*&2-hwSOEo*~DpbdqnIaifJoJ+o;&)@dujlp-O1Ox)=l~^1~7^h~X8b%jy
zi`6$lQo6FfN*qB0<K}rOl?SgRYD+d*_)=#zy<4ZO;z?Vq6hyS|Ie)<3_UKu!x^&J<
z<7Gq(V+wh@BvXea_MEfArs>`7y5K7ca<-qSi#n1LvP?+$k*fejKRn)R7Kg_H_BJI9
zc@FoTe9-BnT`v+L3%HG+^<Y%wj(mnv#W_iaxI}MJxW#gw90z3deUL{jg<5{uuy^tL
zBBtU4v&5gco;nTClg3n}N`wm(BGulRnmS&+d|rMcg72J?t$d188o2oGbXm-%8JBKo
zmwRK=L_XeGl73W|<zS6cL(C{oFI*m!3rW;MiCoT^E&WX9uRm;|fypj;7j25w3_h7%
z?7ZvUe9z-Tu{4h8))pqV>YLgH@;lEeM(<_jU$*d7U>s3{;~ADX7p^Cy0c+3BGe^f=
z^rAO{9p0<k7=f;<@of{$ltYO~Ih!%1_jN=}wnpR8>=s=C$FJTcy{QT!#EKT{8Zg5K
z-tbh@pRDjjJ7C$>q-QS4&w1hsdXdm;38z4f5I4vo2>5v}MWTo&;$LWM)0Pu6?ZD6&
zKlDHao-)xf**zg<<Byw~Uzu1@plq;#f~iQWG2Db+aqa)fW^(%fsp6ZZATTEkskI;S
zXuSpr%>Kzi1@vQ{gv^p5-UxvnYQV~-Yl><o9z^q*8~p;XaoGKhb2FAUnOzXe3<J2$
z(+X1zj92R>3WGO-lmAnkSQY)dPoi)dls55bx^=!X9Oh%VQ28MLw|*ug1R6v-+JdF0
z9)1s<K@ErEIU4^|{Y}vg9p4bPT8p?3)S!h8w`0Yvnw%@A;5@ffPt&7US=;9<`?4=q
zgM~L~(B0zw-iu$Uni?*6o2`RjuPAJvYs7$krI=EFniH%FhW*0RFP_6(cOFn{ku34A
z+>RiAy&}!Hf6?^f)f*xjL_PR7i^pK&<8fZ3^i?^x>!XI77|&^|dGAE~NB>Jip1NYE
z{%q{3Cux#J;S#F4o^BK$N8sC%+5GSClrbW3%cq|sh1P+uGdPNkFSl{XO;Cs>77={M
zo39XCk?au>N3^G4b!#Iz-ELZ5u6gEKnnCEM)Lw#w*izDg*0iLynl(HvrdtZ~S=|`;
zr`LS3yG5t%9=iC>&Ix`ItE4RwX+dIhl82QP?+Jfy!NaOS7K>cb<Y0d|9y8~X_n7v9
zw<Tjg1!F`0DOQDXn&D1NXGNqcDNUarS`}Mp8sf*mIE7|_Q)p5iFXT1Y26-~!CjawH
zy?7A6KvtAl3>%vNqWVs>>15a^WV}o2^M6UM<@OCR5N-BLWw>Xrmax2tgapH?y@9`b
z#)#Gj&S~=!orEqsn6d_`3rF|=4Y937>!QTQu==&d^2dg4j!pf0{TU{2uogM8gxG?6
zU2WjY=C8(|Ip+)dT?qy4Gzh-yY0cr=hrr*L3m(Rl`VX4SnNS!`k++!qGDq1qPJ+$5
z96}@1y+OcuU+j(4eD%AFvE>>p5f<9-&yFnDNz738eU37&)=r7lpORaP_JK?OUA5oD
z+W@gEie;#Xa3mCY7+p@(ALAt|D5rF;im#`{!qL9T3?@8|>q_}XeamP;99RKmDc&Sx
zHAF5ZHUV(P`KSHzc-t~j#t?&{gY0TNOg#tUs$Hr1BcDQwH_(BIUdW*U=7{jk<=3&n
zy^bczga1<FA*C2L?->z7KzCvqxfyucm4olX6&t!FhPS4G%rhe6qQ7^B*h)$+anMfG
zB$9R=1*(C7!GM5306+o20Kfqt03ZRN0H6V20AK;&0N?=-01yF?0FVJt08jzY0MG$2
z05Act0I&gY0B`~D0Pq0_00;qy0R8|F1CRia0+0ca15f}^0#E@^1JD4_0?+}_126zE
z0x$tE1F!(F0<ZzF18@Lv0&oFv1MmRw0`LLw0|)>J0tf*J1Bd{K0*C>K14sZ!0!RT!
z1IPf#0>}Z#11JC}0w@6}1E>I~0;mC~184wf0%!qf1Ly$g0_Xwg0~i1p0vG`p1DF7q
z0+<1q16Tl90$2f91K0rA0@wlk1+WKj0B{6w0&oU!0dNIy18@iM0PqCx0`LL&{{8*+
z1)P2W{r~|0d70swM6mDYROu`qyH0mH!3s6KiwDaH!A5QB*kt^be^q_jaLwWby*!&@
z6M^BCxFkAvWs!+hNB9SS`kHf<ypW(8;E!l-nEdk=M{{(;xo-m*LuU<wpTD__M_-+r
z$3Wk_|KzGg`bW@qaV{rpImpIF;VWNWw5=cuiVO}~eGTL;b3GQzc6qz3{FG~cx!=CK
zIq;2KdB)a&1YXG=krJWVu*xiT8XM4x^X}T)98kSmA)s;d5E916QTp2!t1VR>uJ0#c
z4Wb1d5v%G0WAG(OOl&GkDho9GPWD@S@Ka%A3__9-iv4%*c=4S4aidY}WKdE8V!@K4
z4IEmP&0$`VNV6b2ShPAeNHwm}JHc;d(k6$6LuPAFZ<`aVxXLTc%h&#IGnfHA&~!1I
zpW%0ZFHU=_inT>_Qa1$JjwJD=p{c%t8c3pAPXh@idyyj@=0bV{)i&QEKgyC<iRp#)
z&81ur60(sN-VcaA_E21w2c~stcOfSF^1}9G7!=QcnHDEp_xD08wj{LFvnj8bBg~w4
zu*K}TKopKq9cNGJR1H&hm>jc8Q#L)c=k;0h1UM8}dP)3BTV}<>$4?5so?`(6J)QYq
zL*ETlr=hg-q-$S&`InC}+lY2YcAaf3mq%!@E064QTq@Il8lqvMH8-#qirenm2RSB=
zNRm^0$tn&=IU3BI8mI7|vN9y@mi{*4`OEw=L*$PC@hDdO$Cb@z(xOL3KLMO^e35Xm
zU>s@uRu#`P99?uY6)gt2lc-`HT8cc9<Ql-kLGRkpT8x8?hai}-(s)sLVTo7TF0%%O
zl(x+48q<qk1!Xgj#s|R)sD|<l{Z$uEm<#X2XN_w6LC?(Q+2mDD%C1HZ-rRs32ynJA
z>eN(>A9k*=h#P9bV)tnsOI5X;K!p;SB9Spf!pu=6h?QT=k=(6`U+#cCzc~8MIHidZ
zm&y^|^_L2{qhnqH+`%4`oadU@yK87pZOE|aOtWPV4j5dJ{thrg6{g+;_N<W6NnVKM
z^a1hdEuL9?^vzl&ps7!cpLCo|q_NC(`lw(!^p^~b57t@fdX>TnIF^0L;kYc)S^Ljq
zNci<*T)h`Bnm--?b&_wrT9Ifzyy>@W;AT(NNNQ6`pQGo!v~J*GgqgAZ)`CM7+@k+(
zKE@W!{sS>95m>fkVyWh=;1~1H>Sb3^<VTZ5+^f4vNgbY!m=_iz2N@~M1NJUoX^mz*
zC%@&|;_`wuaDUSBTSq6-Y2h6%-R?pU4KVLmztBeeFAqkj3rIKB(>Ffu<1n~_^V)U2
z^&Wf!EA;QAwTG3&r`QA~!l6-gEKY+^G|GX!MMv}OGGu^+7fcs~KKy(O(^!8b0p?M4
z$|EvOz0mbMY}?YCc<>uWZI$_u1kHr%yN9Q|<u#Io8k5z&a@Ki7or>HD=`IpCY9YB}
z@_7Hii^W;UPz|oE&|N&r)qFbX^CDKbn=I^!Zpo3^&N+@2uFFe`pWG17vFymub8NP|
zxRjXHv}saGqc#W7O7u0hn>n%dP*T{~VVuMj%veCZV;lh{{hUb?)A|&0_!`T38=~(8
z8rsarSiS5{f;Gssi7WR;Lq663bn(Y!VXEkTAUB$-%oC>pA?8FTdA~%0XNT@|wmcUN
zncl!75(nN<VBQ3SScqg+C?6LN{(SS7Slgq3OHe>SQ0n~KGu`xM1iM>7v8%N7G$U(F
zViwkj+Qzw-YdWRUiIji)>z%lz>dVG%GV5$lO*GMGnN8GQuJ|b0ByfQBi*7Vk-|Tu$
zBUnDqz4)b_4#*csD^%ge>?iK7wRd1&qdYM7$ko|c=xP$E@(_(~5C(35QMQF!Dlyym
zsWsZu0#TI_eMB0!tHA)bYJY84Ov{9VK%7ny$meU7;-it#){Pwm$mv`Hb5aj9yTUSR
zQMF9F2n?F&bYCg1+V@W%O*L1NxrLpE&hZsCUYPR^FwS$70Ml3yF4e#8bY_fy?&s_H
z@WLwL*lfH{LdpofNKl+lHn~Mw$1t~W;l}EGA=4Z`1~-O@!53s2Mo+mim8G|{EzsCo
z-z*_qMvK=rcI1mrE^26xNGFSeq2=hiFrn4XlvTi-6=wV8{a_V+v13ETnTL03DVr?D
z{QC>Kw8fJCs1uQ=f4#0CtMeXl#r<*gN!^%}i+&QVZQtF%Q2))iJ+I`1V3XIb5$I&u
z(;H2axz#Q=Qp{U&5e^q!58?PoFoLhh9U3kdxY%PQ&-*WYLTLpw1K+@7gX#Jjzi%66
zwmhu`dT_5xWSnPBeu9`igl}(vP*xkS0luM0Vp)}ej}?WPlhbm-jeGkkvrSwf%^^as
zeZwkPytXe1qu;p^$X)k&9mYRihHs~XiIUI9vaVca?$YK=LPtCzhKu&+u^{`q$Pq}v
zjvjX)<TgZ3O(t}`*@;nW+xR1+u*9(cUh%GT(pXoIAOvrDCNp@j!uQ%pTLiYC2Oo*{
z)q(qxhpqEM*WvBKZ#>@M!jfXb=#SqC5R}`gJBICB6i@s|NesKO(aYQ$lHm-!-DbLC
z<aDo_RaV={A$YbjzXii?u~eoY_a)`x=OoU|z}r-t#-|@P$_mSzeCt9g&dB_X<v2}_
zRDvL9Nhv27`<&dRo_A(uxIiVfLf(4P%Cj#BR2UZ`Q@xyW^ms`K>Cb7O`__bN7`rQ7
z{h7Ixs+%3f?6+a4txj8A<QSAt#S5J6tY*MTcPGy7-s&^W^4f+^*LJ$ZpJG^xdvc|3
z;nQdt6!wrUkZ+IZ^F@}rSx+5WUP+-KBGoEoU(P9YT*pN>wZ8bQRZt95rX2mRQtU49
z{ccm4&5HQ$5r%A7<oQ{Gw<7W~c2Xy$j{tpN@qR2XA{k6AFR+zT^Gw;&G4P%2s8rN~
z6PmB>HQ4O9!4>>0)c^Q~<e%}Cc1AbDEr`TR1p4EZRZdc->rKm<v4r%wiRVwG>M8Z#
zOG#KH#*$6chJTq`(r7IuJLHAcRBhPx<cN5x=OBEwuVtnLPBib2BW%T2x>^NrE4ua7
zTo7%gtsUBG_h?`R_SGr8y<q5TW~XY7PSMg{Aa~0d9)OumF&iVJd$PdmF<zAI<zIz@
z?cD`oCr$8>Z%rG^kBa5|f69+<AQ0{&(|F(EAwq|U``3r%(QoDh9Zu?I!`i%PsH+AJ
zExgDN<Q@^`U=Zr#9Xa6}1|F*^2V1I|zk1ndL(aIbgZ!!9;T!BOCZ`eM7;nT>1MJk|
zD~oURY*hH>rAcc?Mq(`lxi`JBy>X2?>3x5|iGz3iH!Sfk@<?M*<$IpTB~hzcb52u=
zpR*Ks+&2cZ8;zftn8Rkxd~UM)K7dpIkb}-AU(hN7_AIs)MAx!BXo!Iw)B@Aur!sPv
z`uc(_YumKx(Tla$KbKP><nu<aElD*J^ia5*u_a>gZk5;>WDVZ`ZV}h5hXj`6GFy2Y
z3OP>&KRErA$pjL=)=;aU37hgCTG);qT(lsri?;D$v;F2|`2qh94cZIW<`TaE#TqAn
zQu;tN>Ll%5{bWQg#Y%U-Kw@i`^_i)r1XY({mdnJ^3dG^M390&01jAje;1;KDS!B!-
zN8Uwdz?N(ob6=>9zmoGaf5^C&h@3SS7`uqDy$5v*Hi~w^{`JbZ>HFL268Yb}%R;n@
zNHL$i{&Xrkc!@<Ln<DGIB8@1B7aqy?4m~b<b5*Mg*EbW!tcHxC=&g3vK+GBC?NYnq
z{+>ck$x;FaKE$3*9JK~H%A59z6`Y-<sfod4C_X{bo{|fMLc3WN!3U4{(ZzukL-4D0
z_VP-YNCSj5L2L7klIr42pReAfS!9$JE^*gAY99n-lu!Vp@cb8EyPHTin3Xfe+J0C)
zD%A}W@H_9plgXGh9wg~~XheUxxVYghhxcIhEBgt@0hXV1(KOXU8O@Lp2KB3|tEyYO
zKyvtKJsS^pRqC<OeqX!(lAdiRMPclHhJ_O7g6?Gb#LdQ(rOWNVY&-Lml}NE~fmNx|
z7rjV^@emLBy3q5Nl3u@a_S6xieB}|NEMg;i2WU`|--<M_&mkj8>aHG9U)9S2K2Z`a
zTa8!eTqAM8>QOF7<<&V)hU0+i@W0Q^VWCVf4>t7S+Gsnqr14;DAl<{_zw9+@93jca
zM_WMQ{?_p#8$$!#o`<oiT%k>ub@sCDNIUu-q`59^f*4$r5*me^0v}50Ws50E^h-9E
z$NOZn?<~O`B?VVztNgchXt@jP!jmV*+CR`KOsGJrI^I<DA$ByRY*r=(4S0q-?OjGZ
zhSh~^v{9`(J(AqO3)b1XYs0xHXXLzn`RHcU8BzZRXp&+Z9Km|<|7%J%2n`Fh8Knsd
z9^sk*zfE9q{hdRUnvBNjttn4*1Y%>>>}&H>$5zpr5EVOfVADW@rCY$s3%Q1Z(X$kJ
z=2G6<C1UnXFSwJ0YVFu4Awf|d=Q`x#GCEFMuoc1qA-4So#rrbsrKy=2kG2{1Dt5-i
zDNs&2!2y&S-vFQ4QWxLi(l7cgVny-W%AS+d_CWm4$yWil?(=zsFE!uhB8nkK*@Z~7
zJ6Qcv1hec9kUA1AWe1|~=PF|@7rJa&+Zm~}1Q8Un!U;N4^Dpkw@a8fE<8_3hEwjhC
zIeMoJw3dmVKSnHR*m8)iNoaN=(#8x)L{zrzB{=h_h>`E_!wx-~VqK0cod<4Mqk4nO
ze=;7A%%Wo3d>~SzSj|oJZi7p6mtCSHFrBDMH|qY1{L(;0{}f1r=bB%}$Q#tlg$wR0
z@#LJ3mRn&0_Yv~9Tq|&fCKW+ZF`xr9Vy&hAeWfXBw-#?NF0>a9;`;egLw>GHSizMK
z27I!CtJ)hKe(&}!$MZ}isWeh59$l6VWaS*JWEuib7oz@Vt+fi%8pLdM4DU+IWZ}w+
zzXw;tGo@J9L0#w_`Bs+<WR)n3MCc^$talv0FKK3sHX%>MOCW|Jwwnz~2nQoSA+HhY
zBkFnB&R*s<?fq%^f#5)<bL+apzG8zZizGA_xX)wP{%ESl@}Ln@n@Z`xyWpJ13*=;O
z9hSz-b%?xPcegzclSd&FMxaJJb9KILm<wOsN=t_i)f^M3tMKZb@$)z^^ERv%#DGTM
zOEC1w?B5p>`u6?Re~RZBXMCk#Z_~5$3^|2tp!}HL27{=YrYrdq1}AhY3QDS?#dq}Z
z&0PQ{Ns&PDooE&bVr13iurMejrY{8{5ujokWAN@FGUK3y;`$e4dBpB(mE`YBS!gtv
zPo4WfR{Fg)e2@lQw<os(v>VUUSPIccoS%Ro-Me68(O=yqcD5duQic3#+21Tu^C?FW
zGwJIPm4u)Y#%;(&!JwLle#BF6`C?BdrgyhjG|F5$403i>qQA)}WMC7FYduu<1)39c
zJ#8%o2l@HS2&A9p(Io3>yG-VlTpdgx7Z(tsHd;%6E4fu*1B3I2-=?V^2-#<Cw^L~_
z+weT|;_&C^zE>k=3Fzx*auV|-!l!*}&zbpLy`N6*e!n=S5R9aM7QtSE$URfF^6?s%
z#=|BuxN^EC<hOTvN@@4!Wa-C?3znDbnFwnUe~B*Niu_`7Co0pL^l+KG3_p?7T}FRI
zT6v%@`scl77m7En(j*!u9>;r|4f$gt`0KvwvqSYQzoEP6x2-6urC$eQapPg{5o@2%
z6y-+#^?wul%Kb9wy?D%!4P3lo^?CQYMBmR3ME^Krp%jH9P+8e1&+9JA#P`FEy%->u
z#!DU1gPfLN`G*Rw$`v_&;JU{X1&s+}r@;4)0hha9rfiSIqC3=PqS2m1oOR2rn-JA6
zYU$Bi_ld{fSAN+Mi0hhaO-pCTmk|9IHOm+4W?r>pleib;Y4SjkYauXG=UKd$nwn<R
zX9%Ir8teTS=xv<Gv=u35gQ=B}&#`$*1GM1H%OhsO3c5aah6eK-MmcQ8uK!pSX5SQ0
z7T*HMuLnLWxKPtPw@MXg(QCM$?Tt9so_=F-BL~^>{X{=#v@3|X4)!ehOT>-8b3yW?
z-BzrPWV42p8frY>#Zhu3DmZ6-@k|t&tPlkcH%>ooigBVtnq^GApo;Q$Wm{PsvsROP
zTo4EJ{(0dD!Srh!PQAH7*qosb5ZCgfI!;JCiDEt%S@48+xZ~IUzWlGN14xX=RT?Ma
zA6`fWC1?c%vXT_jUed5xDND$mb%8~|7YfPLUtT7`gD$~f@NBuCPiP$6qEdREVCH`_
zHbHisYvp#9Y~49f907PlswAG*g}TY7)T_S6d8=u6LGg5t(wZnL*p&O2l{>Q0^_kRt
zDNQ@+`HuMTtnAvd%{}m-!6zdzh&yW#HYY-+B$#=dMFP0$=uaaKGCJ(ASM%7NBt4>1
z^Ns&Wdin|^w78%iLCS-`I1-t%P)gbFtW+ssRsQB91t2~LQYa`=h-oJF>3^q<wMVwO
z1xkM7`IH0c(!I2-i&ay$*CzE0LRw6u(G8UeRqw1sEe-nB*MQZzHlGVZ=9`plF<fpI
zZrE$)7%<s-S|du+PMmn?q?^?{I`8<^?X>S!qPpce?vbY)IzNmODf!!&otF#LQs@op
zp*%#LAnf0~sRqErUVSEv(Yma)tTJ#1p*G-3|AgntMeD$0Su@7f7WKbogvj?@0u`3m
zb0_Ef!orB>?;4b%mxzl8V2K>c;sLqMd$sv0?DA=|I@D^f=|m5^K@XxNKeV2-(J6Hu
zgqeLF{S_Mh#gOKWySglZS6tOtEs9s{tv6*74S#8^Q>_f9Ck*27brj=e*u__8VN}|#
zIIqwi##_ZIr)k=sYZ7~pP~tmj5q3ua1qo_-I!{zRr9zMn;($*y3iEkg`kA@DA!0D~
zLH)Fv(UHK2*f$8n0AKVE5qb_Ef8p|MXu>2p08`ZbF5aW%ufxEN7pf@0c{hBtZ>@OQ
z(RyHox`fs}L-n1cD<Dbu#ihPL$zfDuExVwuFH#PzJ&G$hQHGy>@u4gPnTN&`Q07Pp
zY7+Uit*mTCWvC0^o}dQqOYVY7@jd4E$*qJF7A&R9k|X2V0(&OmbO?QINkNmVdtaLR
zWY1spS<tGQzlG<CzG4+pBImhT_a=a6N224)uMc3{hEdkAi(uFq_iklmfC{G51WAOh
zL<zXgbXzqaJ{vxtEww-XWEG@eVUdQ>Q}U9z3;;6>@v1lB%}St?Z!XjkZVlS*rigB{
zaXWc#4b6P=`fR`xoD()Km>xFq2?{2(#_DZ$_+o2qYy$H_79W<+mEDU?{bhAOEV-V<
za?%wqPUtlKd@Q<zU2;!>!K%fr%M^d7ui`b(gWb{jyOwR=-;C1ufCN+kLCj12r+k~(
zD&m<5%$&g9Zh?c|mk&oa3#Mk#$oX)?L0^FrfsyFH!lX_7-|`+0tCEc}zFHZobg5*o
zG5^Vhr-T*a6Gu$Qbq~xkw~$i9Z|Q@GT%-E2h}*IBR@!bCjkdGv0g=Gb#yFk#+z4cp
zwNa`t?pQ*s&|}?!I;Ufr@oA0#4G4q@nLVn)lK)CttG+g{4DT7QIM>W&Rlt8(?GRoX
z%1|D`*8W9Opew1lGSjXgJ1P>39>RIIIC^DeX>TpxiBqn5^o`19cPP5+crrUBM3ht^
zr{4hP7;jg?L!+zj%-AzIuR1c-{)A_fJEz@{o@=yizH9<F<nuKAk~7U^y`V%`&?9Ft
z#3Q2mpQg4m<n$v*PUU6CCWk5BqZX4o5wP1<OX&F6dJoq}VA6k4)OtA?2I{SG*B+v4
z3+B>|un0IrXi|^E^LkQv6y>~(spi$g7RERqW7GV*v=V_UWKVVy*}>@bM|e2tse}Rz
zSuz#KnL<nSZ64I>sK9huHmllmTRg!~8@60@rkDIVig7bQU~u+3_QRf99^k!93*3!o
zZu{lZ7FyYFF+UM}WiK9nVw~n;)JjvydL$a7@+SGxYYi>SrO|Cb5yeZ)>95o9q18-b
zj!@wFXz=m>ogyfYUaiNMtR2D5>Nb(~W@vwQ)}!-Wx?o%`;R*Qi&Z9=hav>b6iI>2J
zgXpIlYSKUFS>sxJ5VHG2#{vq-Y?ti}hU;hRL|+|{>B_+;BKr4XJ<XbBdEuePuQ!5A
zq(rnSU`32{netFxH;J8xJ^L(atyY9nH!dM;VytiakBuuU$RA}_8<r^xz2I{hh~Kq2
z(DTH0A<8qEhx7tADPtszj-1}3Hlt*?I9BLN0%?|>{||6cD-BcIh^wT9P5H;~S%p4K
zozOItx__|(Pp@d=B@~VYb6&#80s-E{b$@{ud!Z$2w}Y`L8mop9E`3~~*2;6%{U**r
z2I?-gg;{r18!?crNJ*Y$Fs-Y~<%FwdcHhl~HN!Ij0vhlBX5DRgn=H|YiW!G!3RZ1d
zBSLw+81xp%#K;sCc!V?4XQ##n>Z{3=PqiT2KYBxl<CfoiA>u9tNyc}=0;z-?+2Wh1
zSQIV;2|16Buqr7<F~sM;@`hN4<o%MMbeU<NF~Z59E&cD?-w>d*8?E=pvNsUnB0R&~
znnrBaYLfl0XN7g&i68S%6d94FiildhJwmFZ9$wWnraI<sY#B#9<nBG9zh`kA&hB$n
zP%<OiLlSO660&`C)%nUGaKKyL+n5rx5?u!T;+B)%D|~?y;C8DourZnaOOtdZb*oe-
zz1r1l<aOB4&{2m<$?+#x@$Ia=g{HqyuTR9Tf;ImVzEYwo|8VwdYy4ED8f0L38&-m`
zbH|qYZg4DhvTpt%lH(85bsD;gJbaQDGq}S3h585keEDSxk)JMQ{E_}BI0x5V#yHVr
zrx>S#@~!@8Jygw<!51Eywr6G%K_vq6C3-22hQr5GjuvzYVm<IU!ar?$fWw>AWkJAZ
za^mYMXo@YF)X5LTbN9Kqiy+-`DX&Iw*#L70a-74DN(J(fKgx<MSkdKWfr`!G&#>Bv
z>Tp?iwDO_BT#|Z&Z;2kDUVjp`O2SI4Zcv`@um}g!E{r(OgmG~lbRa<j&1Bb~T5d|D
zon8+&g$z7Z6NI1g;F{rX)(K9%N>XOgO8EhriQd9>WLddsw>Mew=($d;Yv<QmRzk3n
z+DemtiSs%qp(Zh{J5$ZULV<hHJUjwED25`-R~^9=)0UpBUMN)bth7xssFaAI`PAh&
zTL{D%z+4jpVyr2#SvwY&4js&{2)))7(G!5Q*BWKap9Ay#on`^&ORY@P=)QO4WyW`I
zoy$^k*NzU^v*KLM605vkz}~XQkd{{{>#~nOJ+#&-CHDbVKH$*nV$U1Rwh5Q3?0mqO
zy9bGHvWG<c{r*!rdcX6MnG0mQlQ}F<Iung`uNM^i_wsuwN`(`p1UO`LM6KL}qf29I
zjdrlNXu81AX6@eL16;Q%*WoABHuB0}cXEvN$nlTRc--t=9|jT_FlaTakbTe=Q*Zp*
zYf;Dmc~b)C5O6(F?l$c=LS=0E&?AZ6#THCjt60kCti_VFGHIUbH<vPRW6te{F=R?E
z!$c}_oGykOK^60VAz4X0g*EYZ;1G!o=4rUdP6VFnEqGhz$y&o-T!RY8tu?e<G?WI9
z5c)b?j}|XodZcOi{{uHb$iFgsj{pWg@`FI2ub>|OJ(e-*g)}hBNYz&DDb=bwv-1q`
z`6-$@=<rU!tNr$iTo;6zzT*G^tV8*Yawk`m-^4WGWtakM^%TD9JJ2KO2ai3@{+346
z8Ct)TKW6)2RwMwK)Q1T2fhXPE4-f+pkVu_4@v;yvUk$rG*X7|4CStqE=TLO))_Lj}
zh(as6ecIk;%+%k>1v%}ZPiDBS3C)nHEABa_sp+4M$NTM1C0u@&2=stTci|Ha<K~Bg
zq75%2_75CcVRk%$qe8<<#n$i$V>S*}o#3j>CE(7hdBQnEL7#4IW-WPwJmqew-^A-<
zReX0}>=oY5b)MX#fp}gCucnRne7PZ8(Ddc}1vazrYc%1|Yfiv=l0m);Hz~MbL1Z?m
zvT`Mb4#%#!4niMuYZ%-X*W+M#Z@NFYStYF}?(&KR#Yp9$Y`gYB?aMr3!-m>}E*IGK
zmp}Ap(22;~sSYYNQ;05ubMns$TKHDa&r_khjezb{#h%X&{_M_miN|{Ca(J&qY?($S
zvvI21HRKyMnF9m?m*qv4^@%1VW>;WFN)gsK2DH34U-dU+L0#V%pbt&cw+^mKK|x_h
zdqkij0<fk`(4YnXVW?F3gz^@_j6X2CX2LUmg=a(?5SF3ybQU@liU$707p%J<1z33m
z`^({bxn7#>{&{-%Z4-z!HI%ygi|-20{Tn8JiZX7}lFqG;?SDzdkI^+W;ejKT`~o5*
zGfKV%*@lI)@e<lTNO_J+AU!RG%y#s|8Ds03g~c_Z$=uDvPngUnqp@CR@;&$QKSbY$
zM7sXWd@*WP<S29r*duk`&ws4&{MCki1YyahL&Ctq1-VDPbPq}mkvEC6Gy9hrE>dtF
z5@12G%DM8AgDb8Qh~u(wcy5itPYlpWQ5F!pea~=8wod?&K*AZ^H{3htFX}?$s-?X|
zlV!cqUy*mF_2$Pp-*d{q6z?^uGz_<iQry%p(z!rD4|_t#U4g{oK1r0DkjFk0C%;@=
z-8o)?Dbl>|SC(N!01gA(Y#jwIo#X{Y)_vBFz?3K>_$G7{#=`liS$Bz0dfe~=b2Raf
zf0e*BephMfzQFz7GlxXkYn8~?39H_a(sxV>?u}fdt)zmgP#)enO`)X+q9&as;&IRg
zfme?&r24*gio?TEQU@Qx+DBe6!nQ~s_d83utS|)ZU3b7<RdUKl<+by9;C@!@cUk?H
z(jqk;uR~*X1R>;C+aeH>qS|N@KQs@%cVp|mZ;lG!v#^syF>xzInAAC$TDuz(bVyVR
z-H2~H_|EK1mu!1E%NJ~hWg{m}yI2ME%C$vIi8F}N%td{<yGXNMgQnb0D}*j2Z*Wtn
zneTKoIuC)_boYcUKtwFwo5t|bpEu(8C4mqo36bbhQ{;&~*8BVgi)$&KM#C9TK(+Zn
zee48`-w|C(p;TWsv(jL6O?!9yC@%v+XRgAR$aE75aFH3u&TQgb8HSq#NP)*UkkK9D
zNf>Q!y;r}?Xr*;vFgISMe(ng@6QhojfL}&@nAU=3ac0jYn0zvB)DCJ4QrlT0zh#g*
zmyBt}>)3FvI>qzjLJ5zrsACIOhpQMv+kB`JN9|fUG%4%oj+&=hNkR{!-L<Y{x>%^e
zvyVtmon}k42mAOq-^*@Q<U<@4Ai;wYv&$v&BS7e7z5rQ<{_&vpS3ljRN!Eh?l7|oi
zx#Rl$q+)&b#m#~L^=2I-^i~l+O=4ivnISTJAI`-$I{CtlZZATX`&2TdUU*rSlCR<(
zbnsE<Pkk6Dk@%}xjL<du^4-b%$*pf91N#W8X5zlq-Xjuz+=P$sa$$C3@y@lR$cBn6
zom_x-kV@&!9iC=-3zo$X|Esv>Aw?V$<%5OH&IoWf7D6qK6tWsVR7oI+U>~8AEruHs
zVK$Xa?YH%8ov-$_cy|m5CyK)jbR!^krbA4yu>quwc0)Vl4Zbq<>&wh%vK;_H%Ije2
zbVO?V$bkwaEhMQ1vetG=PpS=+?uU5~Q|{pQmtKFU4`<3dD0A)_f1wCx$UvJCqOUqs
zn^jk%XRRY3wKL2a`e{9mO16!jkD%(wt|i3Bf>EAJQ&7UJSljDt_gd{RBmQ`HQCh+N
zew;lJ8)kM36aXKqnX`)oHhWdUQ~RTX%g5NOyFYZxPI!5VQ*h}C)YN&fx&}Y_XVYh(
zX$|3&EYJ0rX*a;xY6n9#$OBINcOE-%GiGulaqAxij-R^ndvIbQJFSbS*R%XhXj2nw
zoiYr@12H*d5MxY)G=~!iWE8N0H&WEnB1_n+_jCQA0e^|y<gd4XXV@=Tic`#o6XWJV
z*DG1P92p-ppFb-4sMc?Ed!*oc;|)T@7<9p+5cK59Ma~N=aQsK7!a7q-voh8-l3EgY
z>X3d4$`uw6yqO$06X}Ebgvb>F<LQYm^DgYjiqca9_mnvwKdbRTb-wC!>TIWAV@#kI
zFb<U!P<N<9K&LNuP+L6;wj~tztbITUU%7nC4cE*k4%Nt0Pf_;Kya@^RcNyBE=NxHk
zLww=ox|B^U_Q~I}RmB|blBANM?Qz#vAL15g8bUTnx*~9_Z0`jY7=n=%;8dQ`_Bmdy
zM*&1<8wv7j?k0vIIycbYuw%m|+5=t}g@z~vv$)Jeo4U`EFMM{2I~fp!(Cq8<|LbNR
zx6YAuX{mT5wuk;n?@vNJ2Gn4mZ`P<2@3!<3e5KqYRM&LoN&FkesziqpRrX&=E2T>^
z&VT9#i2&IA)iw{kEEPLxH5A7T({zBb3>ZG#$+*SV6na1W;^PLmm|wyfiisY>@xnFP
zC~jRUot-xs^+{sXs*H3C@>Y_Ouw*2*J)bKm{F<K~^52=zp`kK)_#$$ZqnWn)z&7|V
z?D4JVPBvh_ZSZI323Bf@R+5gZDdDXFyHuvehS=B2`$R_CA%J$w!CIXw;ydJ-;&j+x
zG$@)rp9P(klWfk}tQ%w!B3O<Bl__ZTzl+$<SRU;~SFdSv_h?>oJF8>Ei;O0Mk1)@7
zhw8ny9d8e0*ELn07+-s*$m9yZ`N$LynCGIA|A&=rM>tLoYrop1d+l+crieF=fR@b$
z0KJ&8QOXUV(RIpUF_j5xy*OSQUMXwE2{9LI@$~@S_};p=Y8?DIsD_717@jtQiDLtG
zt#yU`@VG;9asi&%Pc$Li#bb<b=3dzbo2(KKoyVp;T3&~KM_*75v<qf{Uw4dJl^ytK
zo>#7*PxAMEn8c^pS>w*=#T(u5@5fOdNeHvSQ=u}Y{n3@q%~fZccx#!R-PejBm;CPk
z-|44RN*!JoX^9V$;NLPr`VJ3h2P>DH#npB8@FerZToG0Zo4}gFp!vr)IzVHlO<eo4
zzbU&QU<f~@YD!q$s?_K`ZCn1T(`IQp;HtZx7}O6v;)Q$Nw|U%?7v2Vo&0^{XbM*zv
z@s}w@zl9tas|^QB(Z#27n&}E%c&@)RnXmWCAjWm(Yp>-*57UR02fnI)a@bZiJ-B;m
z7bn#?(qj~)2yF8;R_bENFUZ-a!~=!dIH!POSLV^y-n$NA1xim8^p2n+I<&gt7pjMk
zY-UwSAb60r-`fAjgwB_!o6hA?2dvpCXC#qAe|D;0Rw4&LC-~L$ocPf4#5uxC>(ZzO
zEbF|`+O{A!wP=RD1%qQI&S6r>F(Xc+=AHPRtMA=hM^X<jAJ56grI|@S1%*$VnKkDw
zoaEq<KaRmStL|K!IIQ<5*Hy`Y=2(8=wmENA@AtjwbAt(ciCt5u&=vtf6ff@U-C`eu
z<`y|RuM9eD3*n!0?9^u=huujNwjPE<dG|JLEy{9)s<=cjNgzx-e@huZzR5L^xflN&
zWk$b<4Z+KiaJ$6}a9VaGKx}8g0R4?rLQtohrBF@F0C```-I>*y(AzJ{>xRg0ttBp8
zvH8%GM-mSqv=FJAcv5?rN=oUeBQ?<e*Ep5r$!!a)7W>~vNY<mRu&+M1zhxtHiwDU!
zB5P7L2^0fWs7$n?t3DX;gtxhPd|gpS!G>y)D7TdEn@%&%$ni~8%IMeQ)77V<yi<IF
zHkET^%asJdc)Ja2)L8O)=OoGQQ9ZkMPRKjI3EQ0SGY`Cf-6oSvlod^=oKD`~C*1Pd
zhG3PM;ru0^PEOzNF<PNK%4SZYw{$20Uo5@Hq$(GF&uG@EtG88Qj}yWIS!%cjuVg*y
z5{JgZB~=iLni&5Jolb9YtMg!vsI1-4c(gVunfc)fA}pxMt5AjS&yjRVk=iqMOaFHn
zEl{Q1f#tDwfT&C($E8p`it7p`qgZ~|MO*?gj_N@%VzH>qK7>szi31)8EtAz5C8Q0Q
z<OH<gvl%~gumw>cX85-V%dkq7g-5FK9omHSj*+opoS&_O^6Ct0^~}Kvhy8+Tg7!oG
zC|n=XnuU-J4lj04bq_n&l*mo-O?HR>J}IM^yA&TQA-k`O&FE~KBkRT93MnKwv0d0J
zN=ts+sj+^1j%_JZw?_DDM@4PDF}yZr=BtO?qz(xOOvj@<m71(5DV;=lyqwJ}Y<TeE
z#tk4#gT~sUtx;{)vr<oK=@tCtxle+^%Bwmv8**omPUTCMu8f)|4%)2L)4E>Yo%(qw
zk~0}7C4LaNUNfz!jj(HoEH4>?u-VExrY*A%^ZUVKE<OG5^;jXc5mZ&=8;N2YOZC|z
z)tvgnmQ*f_+iy%fz%p5^kE1fhL_ZP*W`g@i+t7@O7AON^gS+4MJP+czaL~r0i=lkZ
zhtG!}>(*85ekO#lbuhdc(mX*0BE&pLoEdbZ_KIdE>t`6^jN+V1p;mz_gipG@iJ!U+
z+548<3thbsX9MJK27JS_OG{T-2Y<44t>zMPz&HWSHQ_7t4Y5|jml2Vxz+^;#V88*l
z*-lq(hS^9edyIk1E?Hp;&9^00Wy!ge1>@!;1vP<K7vlOB!lJsF`D?8nflp*6IxsvU
z+sp^E2{>EwH^&Fv16B&rSyzC&rOZ6-EvHtNHbxB!5q4b__kIwi!#2z{6OxD`u+X6#
zEoug#a^Y&8K4&dv1Pi+ZSoAL2pDKK}VL8-Sgq0J-gkP9xs(6}FR_Y|9(X$g;HdV6V
zJNXFnFm}u7%W`O7HMoAkyz)~M2Ciazv(boD@kPWJ##9Z$kU%ts&1%B16inQdP?5}V
zLio605Iy7;Gpu}ICe7$md;DCstQ~`f854E!6HefvnX&z5My$aNe?ZhAfZ`U_YHV+N
zgh?#esKR2nTuy??yUBv>nq(p*h5^eZP$UIhuT%Qm;@@_80~ny`^Ml1YWR1r73vAaV
zdJ+%D^8+J9f(~gwBIk)|N~k!S4XUa6W+P`p>PbR;6AFK;#>4Urr3N^(n7jW86UiL|
zIFX*ZN)&Srj0ZwIX4cu{`0v_1CaNgra8^@o;t(?G+-ka}wRH{dR|r2?GPQKlAN*b+
z63XtvpFhsJ#Rv<aU}<gsDZ7MAl1b#*Q27HJn)Rghyla$>fTd&>05G0$RS9(SCQ@h*
zY8kKF<NuYl+N0V?HRIaJ$Tkd~E`^|XYQ#f(^fxIRS`D)tXMq&9a6Opi|8_lG(;hH$
z3JW31(G{G8Y-X@%IWb#PSt_c^89Esqy-Sfq^0`SWeY;y;wQcnB3qtV;QvCKcudrI#
zq>y}543)}p9CP-<XdK|Iz>8b>FH1mk56OL>jtJ)}2Lk7^<pI+10kHI#`*Sltz8>+0
zg4y-A7#VCDF@9qi8jhSYrJx<xNRW1!k~2U7p4w!+ZMsEhPcQUu(5ENXG{5BTSTHAW
z{shMlk(L7$dG34t+W@ej@>hX*gE8z|gMrHPkFm&7sp3|m^7cRDwAQdSJZoKgfI*Fn
zbH;!d)wQN7xD*dck5F_K>GuGcGQj5ejB3m26}#F3cCHl3(2aX*8pnsuv&b|u;yn`P
z2$hzxZ1|pTlwmFq5hsZn0?^DKae$KP7aApLBpNr~LOKtG4hk@~`5MX>xKKg{c8gbh
z8JgD8BBR>s;~NBHM-B7CnH<J1u*c6ExIK(95>PcSM|0;8&h07YrI6z5XyxGHZx8n1
z_p2S$n}?kc74{UoMl7BtmGbseQNk}|F$+=UN-1#v(&|E7cL`~aaIhQOv%^62$$pGi
zs2yLoe9W;BFBRoK9EfR^mKuDbnUs+$nCo=9lg6zD_;q&}GM`baa4$=tv?%}53*zV+
zJ3v8Kw)Ay2?2$bN8dg44X1-<Eu%%1QS_d>P`t_2lNu7<97n24nsl47g(ap2~vg>_x
zXv|A2jQ7@}2y42QJo&_WbXl9K&cv87+AwFTV}CI%zv}=Ci(Gfo04}G4v;X5{cNJnM
z0yFbADX2<4XObv7Un)5CS<IVG|M*)zX#pFVFN(vuNxZw6nhVHDmfgAVIZBHV$QLlT
zd7<Vg2knmqKX{)l<V1-%jcZ0pnNBlJ6;9C-cf8`BhTM|i?8eGb(cRP{1LZcQlzd=X
zGFza{+4k3YD2w8^R{#<Z-4$nBbB{|%rx2odfHsu|d9uS&mS1-}rBGxPeilUZrF1Yp
zZX$^1y6zW1Sk~=YoplqWNybp=qhfRUb<kytPr6s8;2=E&arPdG0tVE%KHhx=AP~b&
zBXB_-Itg7ES7gwhCAInIXgqUq*ksZBLxPlsL<K28sdCdHdK1<naHVBH$Qayjva4ff
zr+_kVLJgmlj1zzpCF8}K8yaZQwy!938~qx8Y_RnB1RXz(s+G@Z=)8W7i@S<5Dxopf
z*a^grT>Y*yHM=gU{U<f&*Xmz)1I+2w_b9x<2HjrWo8hN8))kmze6`c%l~=r<!%NZU
z+tCv?Uz;PlF$i8&&j9)SQTlHg>EFUQWMPRZv=4o(gGMP&+l3cXRBy<l%tfUnu0^N6
zGNKcdZUESv9?Oq5qQz+5k6`0ERjGa{BG?1irhMZ7W_xiLmvHfEKh_ESSVWXTwhjMa
zLpuRb`G-?C>}4*IYhaoctIXnX;Fymou#gM*m4bcXYo=mz!B9@_0X`QbRYQz#XtmVx
zn78E^^R7)Kq=|nlW)Et5@$dA)%5Gmt1)s@P9bd5@{m_VhA!xC@=1sD@7bS(+?lC=|
zPQ-3HF?hAQW+`5KB0n`aCy=oq&CgNFuB~0h^*&mCxqm#bD<qqm&Omy%(Pkhqy~Ja3
z%1^NQv4#Wr&tAFyNU$Jx5VGKJr9EpbT7!Th_W(uH9G*GKo|UXc7U3~C-o-=sozv`k
zpT)q1GFA{kTLEPhSHwmy9koI^2~LAJ-PUbpU&KuYh%^72Xn6m%N=*4V2W!EdAGqeJ
zTf*lZx@}RTc3*n?n(w2duJe6#l*8}+szPEgOP)e_Co%LIlfsLxOeH&X+Fh+62r*`*
zVNhtWTI&^rq?BXDnblF#fchvCIHmFP)vb!(NV%W9>X`qKC-RH3@zv)%p{$y%1h6<6
zitA|y-RgA$`H8jN-$8r@e7?H+pgHFSW$hpDu@gWR6HBS$P;b*m{37Ey8CcCMNHjIY
zB~T&1yL^x@+54osE9wRpU*=E-x=2Vb<Jsl*q{0lMJEo-L_GRr?e=SSeN*#YQg@ZGC
z2Lo%{=~b~!n*2C{B|T`d!nRF6(l;0&XAP}g#}9p#+}E8}l}?HEeCnWNheFu^80ivk
z9LL9_q~;EtwyTYE-XVJK2H3+X%+W*a=%h1CTUplJn|KN!H`XSl&TY;dV7E;?jQTwX
zZJF@1&O8_eP91(s13S7M<jJH)<mqR4d>E?6SBiL?1P;ogqycT5o@^k}HpHkXrCMOR
zA|_CC|9Dp}b4$9-%bAwQs<K4UT1ssl`c7%Ad}G{YDB^n*TLk}Rhwkd!rZQB)q7Nx<
z&r?lJRQdua`Sc-QPU8D-@OPn}7~wCMG^`qOhHn+>?@Faqt|sP;XF_%h6tX^%+5yGT
z-8NQ<U=5e)*l%hx?@d&8m{cRVQpP0noGUlMjWr@XOS*z9Sv|aK4CP7dGpChkwl7l~
ziQ-ZUR?b=r2hBs`_)w%O{K{a7#GfS<`{=a=VB~V=`gtWeL%)t7^)ksmL>=`m_AQuy
z$}jP83-Jo<q~4S1>f7CR`UM<y?noGYb}}#;OndtzJxNgh;J(zztcJm9KszizGGea_
zZE(n=b{7PdY-c~gkoO(%G5~W#UjBvl{=;2;|E?38>p(2XO*PBVuD$Jbd1np-LGzv3
zuKUWkVXdOlB?Tt^#>EwV2EqCy&|kyvZb)%@9XMv;vjB;TH}ogTnkx%Q5yBBo>lNvL
zoa8zU;v_i^6rlfsmX$Pm8Z`!MyawV`D_T75FnSLY=F$4b%<JhyeXUOAIjW-NxT~8L
z+H`g&pg@JC`{ztvx_&%c`>b%9c>?ejlWHXa@J2eNpQ8b#NC*LBG2qkqL@w?4$Y5@=
z=zQQ8+P~M}h`A}?ym)Y$0PuAyoV#ufd-3Xyp7$@bI0cm3MT)u<LW|nLv-f+#l5;Zg
z6pCC_(41zs6tNWms5k0Im0$OeY498hro6r?cAmvf9h~eVtv?{T+lAvROp~PgJa^@d
zI&F1LAp!UA8W4f1uhudUHnL6L0|$gzjrROEua|5RMQMSS$VW0$-52kU3>~8lj~l*t
zO`@oRGTnXK;U<kNbFFdm`A-d-mj0rH;->kQDz4%LkcF3G(S2X+b#*dd6;HX#k-0<}
z(aYunp@70_vPgCR`gN<|EV#i97sT+!4e!G23Yx>r`1<v|z2VR6mf!C3i#Z?a1FpYo
zjN$61n<Q&=`obs?4HBgU%7QGd-#gY4Lv<{M{0jsePsWGX8yU0mul#$tYhUj<4;+ll
zo1MzCV}gB1Z@DD7{zv&M#mlmUG4**kn{ESlCFc0cX+3vAI7`Nb{W&m-OQX3k<e1YE
z$n=O_I0`sfkugYZX!5uAR}LwmcCwYCT#vHcZ0bm1j~&*I28qYzMflCjJA^5VS_$eX
zM4(ma4X*THCPk~3V8H4f?QM346%p*<%wNswaBlyUuffw*9}TE!C@pPP08!%6XS&f(
zm;}4>{L~7{avwfxa$$Pok`B(W(Nap1)s&<of&O2N8C0G*Fg^`1n7(0#V5CI)ZXJe;
z-(Q4=x;0f$0(_8jZl^gX(q6xGeS|BTb|8uO*hkh+lrgFq8)9RUMh_$iW`9I#{di$y
z(0W;UuURb@^!g*~ZqxmAc$B6jB|r93)lsP8kxK}Pj!Wsun%_rgObG+C(?Llr6Oi%E
zU-S;CDCd|lp`eS{24D1IFo`ic^tCB74vwcQO7)t|(>b?ek|lQsADs(D_ijm&*B|Od
z2xhP>9bN`*GGp`JNpBZp{73ue1(07ix_sHVmh*4x42=)yBVkWdeRtNTGWJm=BjpDG
z4*q*HQcHUb&;CJ|kj0P2kAh1rv#NJ_=}CVOO=Zj>H3yp~n}W!5!5pXuWHnOFbW<h!
zw{<5aj8&ZYWkTzM_oL3<uKRx0Eb-KV%%IDz?C@1@Z0E?*F7*~jqN5Ysx$`xz+64NK
z4Q#SIv~8!q3R2cSB6y41)xvCT__`9|WEJnCq{fY>j>R#+q)skd>U||7`Owxj9GaRs
zET56pOaLPG{c!xyh_d%$zy{AT-$W5$^-_%B0w5#d*T8?!7eD<*e?iGgaRq!%BpwpE
zHGE_@Ug%hJ{!P}Ok9vibeq7@27kvEEC<~vf!GjIKk<h1GQ0yJXbV){tRh=EkgV;S{
ztLw6<{oNLBNY^9K&pz>Lzba#RV*-E_#!79Iv7>xY7g4||*05>H!G;Xiy6mruf10J#
zNkeF(dzumQ`8@vY72bka8PfLno?T#%#gJ<!ds&{SZ`vr~OtT>~zj*b=o#x6e5}|Mc
z4F5liSc+qUXR*!BItB5<sFT(42ur~|Q}VvJr_jB#!dBhs*ssQ;rn<>t`m8)`o<P{f
z0QNdUs<BGNqauUJ@0g0y-wBGY_>IlYy^`FPM(fv7t*ZlQk6fgg+-<{@$6%*d#bc*f
zo_o&eq-SB|9)5eU<P#ctM^e<dO}xoPV=RaK|4mP(mF8dXgX7tGMv=jdGJJMwC(S!`
zS2pNLPZ3`~k#5k9!1l0ff4X3Q6~5Mu3pfZl<$?8Ck5amLC`2o04h&J^8i$ad7=vGq
z)`+o8@GUy-1U9D>U%6Y;z6@|n0GYv6#4^=lQe-C$cb4fKMN9q`bmh-NUl;T8i((&i
zHx=~O4qY4`X>?}w9=)V>UxG?45cj@KyykePm$Nsiv(SMZeOgFWecx1%b|~u)eB?Kh
zgDdB?YCs~^m8Si+Fj2zFV2|T6I(p~RO2@Pd{<QnwU(r6G`#5xhbW5mtP%0Y`?i}M0
zO#y^mSbm_&!)B~y@q&g-7cpJ{r)GJED0*zWZl~BI+llZRdq)XP@j>|itKOx8bs|yZ
zKFE0}ZJ^#xQ$w=4{z)Ok#=SXAaz-wB(j16T!AK#U&+LhZbSJMnqt00H9)-|oBkf69
zZBpppOv#P+>t~_X80I>5XDR6(Y(9VW#F7h+T8G4mRqLNqLM@R7*yH-+bqx2FW{aLM
zj)|;N%kw0P^BxH<w;dHzjutj{sh+s->0w|Fy<aY;l?wG^5x#VJ1c1e5rndY34WQZA
z?*vowMM%;rur32Ei(KJN>x4Y<4>GGCqhD1Zau>1{?~YdLudvxDkxT#(hFaC)XIHK(
zPn4>-wE~x>FU#;V=(nry6db7xSZ)s1L0;gS|9#dfc3&ZI+e8H=YiY^Teh1)8?bXq8
zF}`!P%XK;r6v!i#>sypQUU_Xqf<jDgLBNidiYEbuH>qLo;IuSdzWmx+mA)D|d`Am3
z%}b4u5FXq6e>}I=AS&C$<xl*kA(yE8Op=^`C(rsy$nf4yGSAA9ApmPEW~_!9*Y;Nk
zYv_BykT9UYmY6~9{eM=w0dXIfRNSlYN0ElGFXY7WKG0uXY0#SlDlV6FPdBc;hs=T9
z-PrQaMlMsu-TOF_P7Bj(Y0z`n)XmDExX8UJ$^U3bx8kA*-fBkfl%f6S1S{6le~^zv
z-}VW06uSOl_ipwa-u6>QaWrWA$lMA<eLcI68YCR6QiQ>QAbVQVjAd_SvyWwzf+Ivd
zARC|;TJNjqW@>J`;4F2wRg7B%g04md8Yy1e*%*m*zhj^Acev?lM@$0{t2IuhT0sZw
z;U8%`tjj*->fe5>@`SGEq#(-{26wF^h?{@n06z|uXRka=GXKE{?JFlO7v%J1-Bm$G
zNGEAH1Vt`ZcodR`ztCp2{Eu5Hu>h=zF3*s+nu{Y~W>5qK@B>^+k1b38)H|~j1>VQ!
z5=&x;Sg@KIGLEFt($JERhU7g=3cJ%oD`y;GsRwK5fAt_315~=3v8;b5eO#2v8notO
zlg^Dw!=0veu>nix7sK>JskfB|Nl`2!uN1u=U*Hb(Wqa4|bkO|Q$&+!e!aU0G3CFCE
zB#Ac#@@h%P&3Qz0DK^1R0Q>}1&z0X0z~R5ytz#(X(u`wwo6eo#6s&xYV!;|KhIpR2
zEQimUBn9q5>get?^LFkIu%YlIVhJen74+Is3EZJeouYw(AO%`(Xbx)-qp5`clHT9x
z{>rp#@14U9b$0?Ye?r3tNw5NI`aY<mcIw9DkcMncZf!10BqMG8bLdQ&+7FS8lvK#f
zWYfKnmI~lQS}%!_;jNN4={ryg_r{$dNUvK%d1bnvdPVW5>i-nbGAIkO+Wvie`;O-X
zh-pz!%b#BBnN6@DNF9O)@Dv_{<jAeXieeU9WgXX#sjtm(%BhSy^e}l`<MG?b)u=6@
zx~nAf7g|Ow4cE&V6~`c1Ft8?0-p461F5BqO@1`N;V#UYN`y6qj0dvsKXxMo4QB2%A
zWm(gWf9t8%Z1FRGHJdV`Z-Kyb)J+egdG2=h@}kdFQR00qVA8kDb~U|e7fhqVJW=9v
z{ki_*I6g^QIkDRRyJy^|O{6mnr_ZuFe_|z}cBV)S1BVFn#J+kt(?qK-z``?I-aJ3u
zZWudm>X-4dq|e#=oYi_b^@ZYQmnw<R{oLjANAZ4-t<1D$1%z9evjDgiKXZv}NT_F=
z69q6g2dw79<UeXZL4t{HngJu)Im)I}LPe*kp2(l4#r!Ys-D&TqGRWz`BVt~Tou)8d
zWx^#X|Jxe=NV77ult6W&ggVkOn<F@aeJc9d5ZVq8pJu4F<_MJVr3ZvvHSY*wST=cE
zX*d!xdFWfuHyQ{u{6BACW{eLEc`r_hvoSFv^rJsBxI(1Cfv`jS%x}rfQ-}~Yh?Mlr
zss_>}j$oyMCh#SQi}t$cfPVDyoaK*(GRz+hh>`uR+fn4)@4k(rbi+r7NN+|^C6?Jz
z;~stmy#Rm#o5~~_`d{?`li&~~DO37Lyn~d&=ER4@E}<AaE6V)_r5k!3w>>FCI2ozZ
zE*{U&qsh@e+&2vKJItY4D)jePHm9FuT4IboqR<|w{?QVor<iuU15hHMq_^OKkKxE%
zNM2mY^GwjlKmonGG}@6_W}jy&%_Jx#(x9^kqNg8b1Q$j$(a3q`@$iDs!`02Z@RN;Z
zBQkH^sOfSaPrd3-HlLm5v2LniMGnG|*5NnRuy-FCjz^xH*~XYDDA-&_T8p{g2}3($
zwaPML*Yrbq*-jbA>9#18NQYC!TZ68p7a1HzMa!4>lkwQgZg?h#aiMnq5%U15$h5x9
z7DTR2r3Ow#KCacUJ|CtX96Luj1Eb<y4cj*1z7S;*jS-h-d;<l;SZGDD>7@rvktFMX
z^hCe~Al15ViTlef@jqf*B(uR&4Mm0!dh@#OGCQoDPHF3ie<7Or5Cx-VU-lk(NL2An
zCV{9XVA3ju73o__9dbBEvGlX)u^WhEP6ow+=m!BP)|F8+uZ*UqK1-WcF_**cfu~d6
zdRnsdsCk5LCA7p~EiEtb0bclOB<kw4^N9h-H9TUqJS42?fA{NaQ>C34A>hx7y(gn9
zi)BId(xu6TqXm;&%lf-+5wWn5HRB6p&G>is+}uZbE}PCYYy9`!sH^Ac)Af4BSo<w9
zE23W6g?YYVXW$xSm`YjKp6xw-yngc>2S<VuMmeN<EFC}4dNa3druO$3WX>KK4pMA)
zSnA$Z-5-sgp6=>??yeKNG_cN5@;a2}LkNxCm?S^=9vJVdWTKRJTRfs+Qt!HAF6P=*
z+$Q^L8&MKG2j4Stt%}0Dgu`4HYYtO}X8q?S6H}^BfV3rBTX2^Sv2|l}$8H$9*D#=+
zoC(MbG1oY~#G5w1>0$JY(?0CPxVtm6nA&tZJWoDQK``>$Q7|B@x(a!j+2ZFWLt9xm
zBJsQ;PmjEptC98=*vDz^WAr%qcqf%&k2BZy`k12d>FDY_>Z@odafb=xRkk@7l<EHY
zG9Nw)!^-USIHMN0YBsztLj(e|h_@<2^ApQGZ0kl$qQfkY{gfvUG49fZCj6}?hl=8$
zlh`{IX+jiWP><GsQN4?s{Jwo9iFYHG!0_?oaul|KNgZotN^gVh$?&!gfF{R?z|;i(
zofhmi>V1U=T*3la+|kI7?W@B5L%6Qt$Swz5o)Z^7@B`Iz!NJQ7!GG32@5?Kajw@?a
z$-roekNHl~$uHyHt<Y?2{{?9CIWH6#3HBEy4zs9b*Omy;uI_*7q~~ZctR)NoldD>T
z9^f{N%N8bOAMiQ>`?GEDU}@rj+0s0a_S<@m!yBnpZq%jOLzG!Fr8&S#DM1muCqSR3
z;;$!NsSwSJ?jvGdni?=^z<~d^OFdkUy?NIIEH5sDQ5iNzJ<6lBk!M`=5tiTGoL6+%
zi!gA!p>~0xW6tb$vy_hRY~=n48ducs&_unv#g2CAcx(S~tg9tr6`xaryxXU<K;75h
z5w<O#s;L}s(x7NWo0%TU2@-|OM$*DH2H^dp=vD;$&@wO7g9?QcYET(DvNBSWjziGI
zRk#!G|Gtm-0ijV15r%jOd!@ROU<^?V(CGx8bCH93heKbTFtRdD{dwpyhU0n@w6Czg
zH(vsRrL(}{6{LOOM)$A_%I>!@3Xgl}GHGPAojy@sR^C`)%#v#|Cm*pUi3&Y`q&~$|
zR6#wz$EPGu)-f$KUqlt9<1E;S*hCC#W6Sh1K{DIF9i;&bF1FM_V*^1)OXq08EC=d*
zssFB%yVmmde}um}2Y#Z$U&)MD86XZ^<QO`6VXhS3sFe3(TmSIg0T5s0PzIwK5);6m
zfHUL!w4Y>^`rRb((}jJimPmFZ-ZJvrFz4xs09d>^<_o1(SZ@+}3H!1DZ4HTb+BWa(
z_vy`nHlJG=2rM1dL%|+(y*bRrY=gan)xJrAPN)Qzw`B3GNxQ;k^LeM)TBJjxG9Jlt
zzRp6I26X9$$&XbSM^mS@-P_s1)bt@86dx$H5%d*uh_`er4F+A1(c=!9WeqAeE=DB|
z{Uu~giO_|7ut*&7C({;Q`*#ald=kSN5hG(+yP*~3*?J-|c+a8s+GDO2GICy|d+0N%
zH=6B8kFVv?fr<Vw2B?DC>xgNs0U({g+I^OJ`uLqmbkHW^K-X>5rzSa@X3um(N5v%L
zM116!)o(U+--$!pikgl=&i|>5Vh#$I5RP1WAl%q~L!u%I8eHwT1~<jK{cvs+8<Bp6
zQTbeX5*upcWv4Jo-&1ay3C84vE>(_RKlrwFdw=Db)|(7P#+C|A_u*ahi79=DD*4vC
zT}|PI`_&)pa+HuX;(7!3qyomhT&4yn7B1^Gv5cv<&#97{_SldQfFu~!Ju6__-pfdn
zEcu1n{10`TnSZ6g>|k+#Zf#Lz@=iCrE}@`b=b|*7xOGugb8~jF$`%82m%Mga*N-VV
z|D1}oxj6)tb~%c5V1_WMkMiv9P)MJx<xAQ7aeR{)!482AD(RN5Q9w2A!{<Uk-;(LS
zMe>c+_v}Ngh)$#;W<}sbr(>0Sh0^s!*jtc&^7OtO_dF-*pF?^CS_kJOw)5czPj`};
z<DLYm@&61;>(U3fJw0-3EtI?+K41H{wc3vc_Zw(Xy6?8ldWy_o6taPQC4GtkbTMx^
zidf!vQ4PuL#l76=rq)idL)LT^K=<RI&$sl;>3a-l+7Tn$%w}g)M5eBhoO6v&=K|ws
z=^@~k0`)E0ayS;1joV2`-b>`uZqlL-dOXCTHzz38P!^AfcFDP%3f-AOeYG(lulQay
zcSfjlfD;XhdA_OOyp@&iPE78D3xl{Q5GynazZ|6=ADwZo5DzHft!l%o-XpNClI6xa
zMybc5k~0`QBAfM}T|Cnk!!f?Vrf;HAy=3`NS62MA#YkuoZprTBiHJ<-+!N#1TY|Yq
z#w|}z9<{fdpCej>#n)4f1IL?h6~I|KX<DN+?;na5d%C74vO${)R;CYlRP*$c8P)36
zS}1q*HYxXU;Y{56`6}R@1h}QPHI-?}D|Bqqd?6cq8-fhgNi6#X>#a%On*^@8cUa_5
zS4*e#EzLym3uz$C&(?yHyc##<acHm12IP1FKMfIll3V50IR2x@Zuu!G*I)S$2tja#
z;O?v<<wr$>41Sjr&osgwPX}_%lxep2XA;xpibMVJ_L>kjd3swa0SI1{ENXE7LI`iU
z*I5)g@nN@eeZ!0@{m`C$6<B)h6DzyHR);yTal9Xt#~_FNFg(%=d&P57rl2Z<9I1z!
zSQjFM)I0Dc`_zDGW%(lZtg6(@X7jD@Xew1BktAF-1s4BgBX<;whlsgmDc)0$w}sD{
zoVHuZ{qeta$N=${9smjxZ*#ocnnq{^kB|>)(6Lwk3_y&ppN9qc;h9G7M&;vKn_t?-
zc}^NS@pWBAx`?wTmV$5c@PS{mDR~MDVnf`h4Zf>G8W++)o+ny;7Cr(Ts~A`H;I;;V
zF_+f&fiLogPq9@=Vt_%~{>xmlsq6o`U)K0O>`#7kWj}mBXcnlhyaai)ZO1m{CwoSF
ztZA>e)!ccmJ2<tc9dmVu1T`|w$xirK|C~2IqID`h;iLg-0k1*^7{Whjb>34Ryzh?^
zHU*xv5hEHM<@p0)ASX+TE`cDY^=GyeAnDBNJDee1p*qlYEpnFkEAGKg?-SBTUzEcZ
z;t^|Z5bkEZx1e@mpgIjvSx5_OuJOuFh$!*guI$H;mPu%}Cn``+lCmS&Lb~GEF~+1l
z=Qli}2jltXiH#01?{BZek<P3Fm`_-Pk|=JMVXg4X+%up)EY9TEr+uO`rXZ#N1*Et!
z{rc;95vaq-{nX4!#R*RI<u#H)bvQWnx4m%aByAhWe9R(4-6wsQR*-1B>q)@;u&0dH
z%<$DfkTiKi61+mnCLC|Lb@w)Q(BTPkdLfd@7OQ662v<g3+t(gtG?!tnpjL4BtZ;Q~
z#lMg^^Mr2Yvb~*-U4zi+g)~h`PU3aGxpu{YidC7P=O0$NFx$U?i0QK8{%OYt9|uhw
zgyt=)3T6Vu<6aO_01#oO9}Y={N|q>D8I={U=Wk_BR_xsd@9Zto7w<*Rq$+=OsqycJ
zdtOu>Q@VX2slgo;6pesY%{eYG5Sa0ZuIxfq!inDviL14YEF0B#4=v#DD2`Z<r#cax
zy0oC=I!19f@5K{M!a9ZSXpR9(yJve`mpbTIce6B1kOEw(dj^g(l%L#9lLlB?PA6x(
zU$hs%qXCYmn=V~Qz#bay9&@<CUHFJgW%4`AuD+8#O$eBOspcL`=Py~ns}n0f9y)H<
z_}-j8pRV9%jhOj`Dq&blDr%Cy9A-;)e&_t(=ERZr<roL|g!LJY*c86!GRKtjYNWyI
zM!vz!C?OQuF4zG;MeW?|rD(4<jq)Q_wy3sos;OHIDw&or(Jen``zJW+x+}st-qsf$
zKk|%x1#XM!nzT~Gkws}kAM26SU#lUL8=$m3xin8vQkOEGWMW@|=~VooR1$OG>C;;i
z4xSNKc}M@ZXN|U1s(<I@iKoCa*<J<EpmmQQ2w@rEG6lh3E!G$aLyW~J(;xUG$80;U
zV~_4N?8J*!&GZ#;{Qnw(N`U$W-Acro-sCykIbVlq8H&7)B)V9B;usi}_Uw&c(D9lR
zxUdF20JlNrkJs=(H7~YsRaHU|+E-F{;VKm7SW!k{9RcO<j=%_dql4=Xcnw3$^ki@j
zC`q_`D7gMr80^>1^4=Ocw*?5|pc~@WA045DQuA&%xq&UhEvTaa93(irp7h+0CnXEl
z+121qG8TVx<zE+8K0ZW>4{&T<<w5|gy-j~E5iQGgxhBi%zQ3NCmVt57Y*uIV`=#eM
zg1#XbA>x@(N{)y4R!~y@fA^i3Y2TY=y-9!xUMDp#2$EcuSc`Ye=&M2d=`thiB7y!7
zu8!$na`MjBog`ggD61?O;4kMsC9+kaUwWK+q0UR2OqGa==l%pTIK8f{{{(1;nntmV
zGq?rykj~c62n$E@7Kh!!Q2xg)J+7P@nR}tO$<BL&JltAeiN~l{ZH)(X-mgN2RUaZL
zWi!h_2Tu5JnI$n%H$;$V3LNI~q2tpw4cE{@EB^sHd$?{!)^05b;?mENecOYEnf>p_
zs?mV-b6=OTkO4<??P@IyZJ0o4Jx+KOP={-cjd7cm`x4Nw%Yk(=LVT%2g7HH6e<U_!
zj)PbiF>3Pm9msZhWl`w}V7no?aU|29A1Wfjx0(k@Bt)m1Ktk9eN0QKUI@+0`iIefP
zZDc$rl0Z(TadQC6OoSK_EcUG|k)2K~;7Bn8cz=b_VM&kb_-k#_q$Mk3>f5ff%A!T+
z?EcnO^tTf@PvE;R<1EBYjt(YO7@xPS@Y4<F6Tmj&TbYKLFTPO7VsvjxVa}_xN0;!s
zp&KS)18W<{2%`11ryd;_hGrEkBch+aR>MNd^%R~0+MMv-&a=##36V9orw6oeSn4su
zB4#i^*F5*~<SeXS)}9HYPLIWedUZRP*~_R5d7o(Gmn;sdg|Kk5p1TUTF5YK1ftM|K
zGD#I<O2;dS&RFZ&JeU}}emHv+oFtl(TbxfeB9ulV9Vr^#qb!tX4YzO4nDq=Lle2)r
zzQ{8EiZ3oyxopn7X}snHtQCW%g$BKBhR$YSbD?7@7z-wSrl}!i6p$U7b$K2Qm*}Mu
zIuZg|b=KpHJ54*A1-h*ShRHX!Jdh2)0}q%*@z<IxG03t&mxjbgKf885SZPh6<!-aG
zusUlqa=DEA?;2fyAc3|(`{#BvZQ=-3BOgvg(75w)J{_~!QZnmP1HjjowaOD}W(ub&
z5y$vUr;dM<Cn#ALtDebm%*5_7_3+4Aqp|A9HnzkV@MP}131%*9jK6_r+8arV+qEGz
z5d4r&v7pd@Y(ew6vsmq&;}ha{J3%kVM@V1Nx`OsngiRXD9ab$N{4Q3*IglR^#tbHS
z{3W3Vl_&iJsNG~}wDEjIG(BZa#ldwPXyWI#+a0}Fcbv!{^0*kbA$ftmhio5oo_J&e
z8k5M6&`%JK!dOzZ(uHIb`WVtNY*nW`*XbQ+Q@}OB8}xOh?%T5#5{$|GV)smaHCjPe
z!mqjxk+vGd1MRc&U963$mxoAX1%zUTHLP=bI^Jqlp_EH&7z5|fY;9LQM9*7`86#v9
zTZI`u9{3k-t7+&p4^bGug+H`U3st3visD4CbAVa?ctuKIDJOl>CVX1Zts?USgFRhW
zvW0PV3n+=gO`@9QszqM>IO8zF9y-G#xDo=j#>92PzO!t;ZgqLdqJQdj2)FtPcQdo`
zRn#h>V>>bfB<_2nodsY5L)JA3nX1DEy20y(e1@n!re1RPVtP)Rytq%GpzRqWZa<=R
zJ$NLK4)+QPKj{anb^lM{DeZ(@^3sIqLpiqjCLfnEjE8o4^USuiHR0L)DW2@4#8nL+
zt$d>QTXuN!J-c8oKb|!2ycOyrEblqz@iL*aRKF@WLZJtZpbQoo#2bN?*AxvHO|Wog
zh}ud2#TZjLNqpO7OL5V}iV}orfu5*+o<diEJh3MnDexnx<fycYQE%&%_v3C3f}k5n
z<oS}FFanhcb&}>6@fLXZ7d9^&AxVO4X=A(&XWD{}H{R|bkG3ajJFmDI0Gh+2e68`7
z)g5~<>f<IPH)Vy3^0p{#l8mC~u4!TyaqQw^)^uv<{?T=m(o<-jrJ4dsbRez!fwGPN
z*Z*a_y6m=)P9w6-zN0xvt6aJofAY|!X!cqfH=+Mw-JH)WuIV=2*kfG78ecgsoP3wl
zVe8Z@Ob<{}>6ov|Ph)kdF6EIJiT1Sxv5%H~G>>x=z2rP@v2v=f^*z#a2>iN_{p0*`
zl%~~!pj4xD2oVp}E#~xFiWKdHf7lI1Bpd3L)$s*??BP7ih3)`{G5*#$t<9a_%*j0m
zLkzX3<R1?uOMh>g#mo_IUFrg-4WQwu3KqDD*s2xz5V<|MPvF=e1_1;)6BW5PAO2aB
z2<?)`Hj`=q0`HixBCiTPd>c=*6V;*fO3G?|i;DHg8J`v&w__B^ih-U90swDih3oZ{
zu;{8tQAB4T*M=L`ni-aZpB{6TFfv2g7LwtPU{Qh|&Wzb1HnVUN3-P9wWi;J_bCrcf
zd+%)lM`Y$_)7u8f^l0D}NvEhY`9G%+fYfALD!1aoMbb&{@yzR2<=OwclH3Unrubk8
z^R#&Su;?<+Mv$kewC?n=FWASMG$Dc=5{Emiu1bew79qt9d+!$y`g;MKdm}AK;a3*T
zgL5k?PW~k<x3qmN29)^HDb%*+oTE?jE%^f*)5RTY<U0VA8{>l}J{kvg$4T%j4Newl
zU~}3uJ{>Z6^Yjn?P2vbLuzGRj_><zo35{ivtIgL)Wprt;%JSZT1nLDz@7FPvds00;
zC$7s~>JL2umF3Lt<@P~L9?Yw(rYfs|ljcGo@h*8&AD_H{I>Zb&JJq)y4Qb|i!FtSv
z2m{f^P1Un+5zLHnkHvR-GnBQ^k>|g<#2<fNU^6DOG8piIuwKE@Ptt(OfIm!o?!wsu
z>}Ak-d1>ya7V5jnAmNWz`J<X8`!4bvkAkqdTGlCL#p7x7$d-CAQIoN?TW|W*e=<*1
z!nNV!jj0dgXOVkbI4dgR@XU4<vlfbU<O%2e2uefgBq(#nRn>+0<WQwl2EQLZ!_#cF
zMn3JlXMbM-dIpI9cA(2!NkG<rNS6K6mqDq0)Naf8Bc~QrjtaSmMPrlnE_rO1ANi+s
zmtrwHm%2|*y^YmrN)~C8^Nk!#rOdH#bvgXq9K^mil`&msN3=Fs+yM}757v1B;IwJA
zLlNhgn@z%$S&XuDx|p_?3O)t@S+E)ih%=`uD@&EHZZGv_dIFB<ts{Z@#^&+NU<!sn
zKRK1lzfn78;wSUKe2_4v*j&8tp)E4dd!IATZP9G)B`03M2XM8jTWdUositmz9lw#L
z8~Pe*L$pnbVBrX%AE^*MezM!s-dyNV#sdp1JXo9FtM@3Lpg)wZSWXr)OEm92=0BR>
z96W`IrKybab2k&0T=?7na`Uy}w8Q0!lSTx6G3JmjQiNvE)jjo2@_E63Q3!@$Jk>mO
zbtlwA!7=>77ZQ5M=a6R6C4ePWZSO!73zp{I%Ua;MN;yi%*7?N`xLXB{1VIfk_xoD*
zy_XHop?>ouvUNUDL;d@Z1HxQsV9a76JkD!Qo##;@Zyd-9_Z$5qSYhP2gyMl>8|`H8
z9R(fHN4(L0l?a$V3otiE;9onjkr|kZSC1mC^5m@idxvb@v~df;_kpr*QXlRk<#0A5
zG1k3tv7${<Wf)O9u>s7Ivr9$32RO;q<*be?l^)PisAR@i`Xsj{c;NBsk0#p(uApPG
zc@QHFXIvL3_%nwVzH%!epX(SVK?zxAcRGem@UG95-&GPiq4O1P|5O_Taanen2Yia5
zO?8C*2O=_2!%$gyRVEXbm^ZD^bQjD1%w!R4eIH)H9$D<7;j|L>4wR;9_K2^#cTR;>
zXH?3YSHDf(_Ix&gn%=k>I7%BOo_3S_3S=m4r`H@*0qLjg{iTl>wkSRn9M51$BodRz
z6fU9&Pcxuy`2emR06QF8<gH5RCBh*-PIQi;GY`?kVn`S#1jMfn8lR$YIaGX2L|$ni
zcBw15W<b$bFJeRfKNmJF+{}qyx3CdA&pn1$7o??B^vq1vh5lN#h#a7_yIEnqyCrYm
zZa?73s3J*1ob+H2u<SQYL>5>ASUHIg%dgXKjYGLnp5Mt)Y&)L}%J3NSQMI0yIS{El
z$LU425%*dAw<?{!RF{_vr-z2N@4n6;i#4|<tnZiH--aPf*26;=cm3|x6Jv6jvIoD)
zg&sOEuen0`C$aeV5$rqf(^2t0li6>$kX`^P(xBz7nn&`VkqQ)lNAD$7_bgn}sUD;a
z^#q(JdWMsrkS&1}hIy&{tLKwJh<pkEnF7L$fa!|FJF~Eubu8&Rse^>4muI*8Dt1G{
zKLjk;H}Ui>{kaAe*0g7l2QU;`N)uoptX&#ta6|&}z7we9B)6m5l_B|AB<&M~$)@jd
zxP;G(0Ev8Ago2~@7RuDzLtW3z-J^a3tPa@XN<;*uagY@@A}B_H4IHKoYyD>2k|i^V
z77X8Zk=a)k^0Flm_h1z;q7e#}k6s4A%vADEO*%3M+{iolpvv|tdr6M!*n3hz9u<&;
zQ)gKFbLC(j4<>R2UX~XRbRHW1nR?Dg>=j*sm9Pcz;o8T1xpREaO}q)BF67o!<jbgm
zd!9}&iutVe9<_O1VhL@f#M}+VuEJbRvJ6;BWNz0qAAxlXiJCOEwPb9AcTmKGBQ0%M
zqVO0*AZXauZ1qQ`On3YKYykK)w;tfd^bNo!uG`1u7HV+A3{d-L+S`<YU^CU10l=u#
zWvxbw#Jmat+^jNVz-vEHNN|8TZoGkQi~u)4$iL@RZtguuTDll#6Y+4N!kEhz?o-d-
z6@z}#Y<?sEjjqIxrBVzcNT*VIoLuV@z$Fht^i{PzOr~ie)+N+cIr;b8OwZv6Jt-pr
zqedI!#E6}WimBJ{V<6^*g0;!&%eU#9k$Sg16d;TNehzQC<okrv_Jad$##Zdk8+oO8
zciYRO;MxH0H>M(YsaNMY-$<~!T5o29I1r3CI|Ncv9Y~&Jpq|`YUxefiBJ-`{X0_jJ
zqYaAVJ54<86(RZR1+G}Bm(KPej-3b4wB&eG1mv1WCwG0TeNKNk>|@a<EMk)?`%IJY
z{9EXaNflwcM-pQ*s%{Jbj)1TJVWcAp;svn}i<Ce0=8@FPDYb4lS}eP8gnt156UHE*
zKfGThtRk4Il%C2@GkGed+Ys%(8iIDvw<P|{pUByqxTm_d8rsC!{yZzML{|v@6M3w$
z;%lx*{RCGo+%XsKpufN5*Q{b9i7;=fhttB8&X7`^{hy+rq)a%t#)nzRj+5#NR7qa4
zd)*uB3hGA`v?E50S+KBDhTs^XdeZA~Rg6RG!*)q740|=zDztFyuCXW$0(~B;|FAT4
zS#cnm9nj>n|N1npWvEW@-c`{o&9wRk--uMBrp!w=B}+c+TzuOSW>QDuFgwONYgmA!
zq!YrZ5CTJgW%B<B5k8@LkS3T;_gg1ATd<}{wj$SvkSFh#O*iA%ll;*Tj)TjjpZPLq
zms}S6h!Ztg_mF2V?$4+|)Dt!vv_RTf^NDEe8HNNKLKGy%W)b%Z5kWSf73X&Xjx1H0
z(TugkNGhlH|MoHZoa^y4tJt9VdKZT+CrD|OPw}(`@L0^H+~=I2yxbK(pd9AlY{5}v
z#Tmg-<T!|XpzNr0ENIq>X$WBjN$+&bzl2cd0$C^-r#}+x)Z{3#NvGE<_8hw-b+OI2
z03Ut^#s_%wTBDBTL2sX;=^BWoul=7V*VdF9N?ny7RTHNg8r)4&UVoVRE>id;Jqo|S
zaMVLS+ASxTj_TXNw^+yXl3X0tt`Dx#p>4j{!6SlpOLK6EWLbWD3Ch#sQEnY^wIPp&
zsKIy*wtV2w%g|}<$^MsGGC@zKp0m27P@sFy-!3=U%tD=)*vCc4oX0Mzn4c|a`hhT4
z)n#1x#TV=sOO|fFNr9FMn)$nIc0}7#IxaLozRMiHa3;etzXTcJRMDSZIw{}8KIYDB
za$rJGqnEVGVbRV+H<l41Xq_;-gOQ39tuRquP7WoPP~ao<#xY2^^%W{)8kA!|lkK1V
zZ&@uBXh7--iBnU?<7V7)2Vp3{1KMdGk4kGOb2uVaY*NLZo;o+V@1DOo5*yq!CQS>I
z7VHg{dfuB0fx;!4pVQ4Y^+Gb>jf^nIQ#w<L6JbKr$xT;Xj+mC*zyNa<aPG)R){2kf
zn<P7|fl-eb25_&+WMMMwQLt>MzAEcRhD>PA{!X2Gv|^LkN`^)?l+24T-(R4Ke;Cp9
zlmPLu*gTyUyO$XdL5@F`rWFh8QQ^upCKQs!5SNar%Ha^omT8zHy-zeNf)qOVrlQ7g
z2M^~Z1t-~;X+N@+@wmCXI+!Vep5cGj;I8EyrPKW1jMlEMEqeW97~?kP?D{iZ1|0e8
zo1@iCoan^wct?o~^|DzQ@94)8V6pZ)^gg+MvdE}KRTs@jJ58sVCf2MMk)LvyUj*7A
z1*J!H(P@p^2Fx-#mTXZ`hYXD@&q+r=L#RKt)aIKWK10xk+w-(Glvig$v##e#*{^ZJ
zi~4xlEi)V6OX*Jq<A4CC1W%Fr?SQUOVr1#44q&m7b1G1cTDY4C!VfIP9V_cYPkM@7
zFQe2v?zWN^hI&qe^bOPgU#rW<NnvWah?zLVFer~oj~_^<)~iO1V2uL)r`cLRwR3+Y
zhmF01pLSg+`bWhzUpUh+&@%vgYUIKH-s}JOf)d~GaOx}#7G|#riQ8JnbVDgf;R5mr
z)CqxE<X!Jd4P#|=<>Y>j87=wI9Cup$qEFImm^N>gBQzX2wGsZ!l%rOtji&Jl)*ys%
zQF4SlOk|jP4*xB{i2XV-8yERwKZfS6m%6SLh(hvugIhb4uZ%}k0?3#FO<%)6$`Xii
zls@2w$#lJrDWg*?W{<3sE0mV!ViHN%GSo}FXZ8>EfLK0_MvU0&$~%|CDc{VjA~n(O
ze4?&qa;jU`2x%Z!%zl3SgvGxw+n3`Iti&fLtv5yrqV~aNYHKxx!0jip&;wjJeS{|*
zkxqJ0m@azsGu#@Ib!bVXM{d-M|Hzv*7#-mpT-?CTiWQ-QFa>fZzvO)3nGI+Q-SFWY
z17{k}C+8>~J;<1>)$EYj2xs~=gZ13iKK!C!iu9elif=!`Q33DQ=3>{#qKLr4U5#~*
zA%AP0odbSE>%Iin#qbzvBAw&aGA$In-x*J?!8%N(2)ULGM;7URWEm|x(a&&WJR@Xw
zug!vHEuDQ;WperawX-R(<pe-{^qoy3K0KT_g;2_XV#ax`!`XP=>Gff{=>x;&Mbt%Z
zLs+)q40bXUWFp}lX>1wP8SY_?_K(jPe$8qvXC)x`&dan%!J~4^Z+poHFW{Sv)WI*8
zMvsf-`dW1HO!`><^iTWIl)F05xyP?@m$mlj_3`LxUBR<*jJ#31P3Oy8^#(j6cb?$V
zmT^fN2e-Y|Pb}2+`*<z&ZvW?vnw}|Co7M+Zy2$nwN|!1K`JNF6hd&FdAt=FxO74uN
z3*H!i?}|hNPKeK46Tt`lNJ}mDX@Wc~MjqMTEt?B6yrnr#u&3AOHJ)^bI@&~!Xnz@$
zy3|ADifT2lIp#PUvT5H(Y`dQxH$OLFd)V^2*tznv;%84rbeM@gJO84KNoq4LRl!v^
zDr&>kcI2`mjIAO3Ny>C6Xrzlfhw2VPMsPlFB!GW%E|6Uh-(KN_O?yvXZ5~U^0Z-@&
z(WClMfQg{d9Z%T^q0`UK!{rqGe-Y97M7EJa^D~c)l_}?vBfKnNLB1XP#&Z5!X6!WF
z70#+`q28Zw97y5K{pZ!IoO^hKhN&7OYQHN`_jZhl2ZFC!y<kHha#hBZLx(9StyQ7Z
z0uiPFB=5s|G;Ho~mFg65@yNfp4>9xy6RC`7G#LM#iJ!El<~$*XGL_&NNvC6MSMLDc
zeXc%l#gR4KK5pg_(VAG{kX+v*AgV+7x(J2dYE3t!;4wnMU-H1ltyyh1AsXBe4_!;d
za@J$p$2JcW*gnzsxGKdi(xVsK_er362lvq(AjJ&D4v~?wq|j6+BM63|@-lxmpa0v%
zDGrLmLQ$x(Ad*P)d8B@+-#Gtirczq&6Gdf4@RmF@BXbTH|LrOq?C~x;D?rk3h1!0-
zEyfTCtH?n31CarG`9$7bkwl;7_tcwxnfF^m4Jv0*^+eMxcrCgPjmJx{Ny|g{<&Oo*
ze`r$aJIe|4ch?=_)MNvdjhfMw+o$@#UZo*-jwn+#XuI;~uJlz=#bMTuAD}@(FYZEy
z<qXd_>j4~t`;UuiF^6L@Gd*OmdVx1cn-K7JR)qL$Eg!^ycS;cTki~{a3#}IXO8nxa
z7NFp#$iTBaH5xEv>bcJf7|*PDdiVI#>}fRB=Q_V+6E{Z%@}*KJ?e0kOP8J(v?&6YK
z*z$H@Y78p?`)z0hF)v2|)9eXqhpb+Xw2NxQ`i~>Ht5Ly<S}$tnXV9;mhUpSJCk>po
z?$k-b7zcDuPBTGqVkx%C<#UI?E_gVkWf<Q5kn0B}rX^1$zD6W~cT04KVdK^32L>(r
zF&T;tNs(<Ce3xE%andu0Gxh5mXp5q&sRWN5{XTg+28kia6*V@H2DRQTAdq)xRJBjY
zP~->X?0@SIiRhKZCJiZfs|g(n@&BVZI9Dxw9+^0Ll&`)5qc+qGK>Br;)LVs5YT6EX
zut9ye10C0$!zlL)5O|mtedoNibYm_wB@>8D9UQe_Oe#%db>mW_YbzzrFHxTaXlh$$
zpS85}^PvkSPTrgk&Ayl&Z=Ml)m}M;8doZy6jOcWIyQxV6C3TAJoDsgE3KDkXM{4Q2
z#Z}C!aNF-5yQ{-I%hz|yb(?YcKUSFO`~9Wi5hlv8z%d1cE%M~h5lMIBHvLymk18#0
znFz)hR5#iSgF<hBr#eoVvE%7$sLYeGSe`yA-RA+UmAWSyDeaL<q@2@G&M}h+PU^|m
zja*!mkNiNSoM&1^Yheh1J=$@X<A}t8+KS3xu(E*W)1wNKHsU12PIYUNZt|~VCpJ#i
zE9v&<Q)nJI)edW-vXe{>So`HMz|sgPdJ%HuZcPO*;6P2pLW^V1U!P6dCH?)en^wR$
ze+JfV%}+kl>>)PsNPcFfu8TrH0;^(G?5}*t+eE5-cS1nR!;a9j+NPl!<kD@|!{Px&
zaJEVoZj7ZHP=-Cp;K_Tq%WW|gpr2d8pm9^-$>;BW;}g7OnNI3vbC^pzH@0mqLDYL-
z-VYsV)LHK?chb<1o_+2@%=+>!APCSsv@*S4a~bCg;Meg+b@Frjq_O9THmleHjf}gt
zY*!F)*hzc^GU*8Or6|BVHDmUHoU(m;SSPVU`ekYEznR~y$b)D&0n3Phf_4-VEpOk<
zU~?-F#+JaMCn}Kx{m)n`);jN;Kq*zQYU|bEz55L@D5A#qkQr!kb&QIwGwWa)Vg|6^
zhJAw#RFB}d$G2}HHhRrpeh~8VEz24GnH_$g@y!N?GN|M)&Tq!XWaJP@u$8}R&=!Uz
zuRn%o?~$ip+_38V5Po|}7IGpH3;CN?V%u@vU3XgjA+>Eq>W2nfz+uTOn;7y(vdXFB
zeqxmg^63MB&i0X~C^#P0%u>tbbczAiBS4-Q6Z!<ONeX)sj2*#A(H|B07?o7Eot?!%
z=<yN6+s8gKEowY;dvhEkdRLyOX;spyRsciWSCF9u$ibJt+Dhq4-Pny8wb#0}xj^~N
ziZO`4nBudM4>f#wLHH@}ru037pV2lpLfKZ8Yg>Hl^Oz^wy#0})^+GM-za|}4DOf{^
z-fX)?y>k;Gt_rl1ixFX4jT2DZ2vR2}mjTGcn>!K*zg0r5IM#IULRMpzn!l8dy60+l
zfgm+<0xVb~=Nes~VVkhs-TKv^I3Z6Z$CN@>5}hScFjk*^d6aR4fjlo5n4t6gq94in
zS~?{Oy#~^Oheac)SP*hHHks4u1%&en-BOY__Iga#r_s%cV$_6sIQ`B(BB(ko%jlP!
znbk>mSKXpjce+C7JK_1&je9J6eTh%u8WXz*$mpMoQnrh*;-l)6;eo2@1hFO5)h*>q
zt{$1I(;n*wNX+^rBy&ln<R?-M*NVum4&?#JauOkv3dN{^X&PgzZ3d(aCqQd*3nl!)
z!;HUkHY%3M$X!|dZnt8Stlt06`(v~S3RK3QshTPD`2yUPG|&6)O8wc&#+!y?GxB)S
z020n8N#;`T=f@Saw;CW@oB<)tw#;esVl546-cXWM8TE=?$D8j)*K!B!=fGM96U^)O
zZmG807(1|(pz&{XdD{euil$D{G(4U&jDg)v|3*JqLRaKmE+&s9sUNDjg)VIS5v{{C
zBN3@pFP=}M)!UtYm6eT=+V%5sRL-Nqd{Gx>w)y>!7Yw#(c<hYfrm73o1(iT)zoU^6
z9s<~-kMJjYROWU!Sq^3-AT<#Qs6mA!z$Znn)r^qD4_(|u9LAtOyQ=PY+<%?G)7kfb
z;|G4OWBkR2ksCyK6q#&TzMc*<<reH%!S7ViC0O-9#OuBHYtl#}b)%>^pA}C)Q{J>S
zP77whc9O-Fl-R#fG{ewpv)u#jdIS`)e^vpIDM+xD1h=>??Dwtz`6E>;goQ#Y(eDZ9
z=*S)P-B@{T;S@>?b)+C|$;N3v?NNw0Pmz0))*;SzM#g91^=KihU2fMqz!5Bt!@#Vh
zx7Q^Vd*<O`4u&mN<D)=+P}uer>LHw0soWgo1-2a)e4+a00&KC$+ZXSxwCG$h4XQ+#
zR$hJU+ry0t<X|$h+2A`9$Cz?Fl66&2FiHh$*>!^t)L@ac(?lQ=uV+6STiPmw;@sx$
zy2s|glwMG@!vl&|;m|QvAsv$UHNrR(1r(iUse7dy8mrL$FW03?fk!>);AJmD5C84m
z<aGUhWZ939Si$un?zOz<&3zoh`&v2xy?w=i;KSQdqt%lNVms&e#8ZT9%>(&l>|I%f
zsW2YEsDk4+pJ3CSy<a`=ZDJtCd_8c;o#T5Q4&6@B53I&l*J*aTplplgYOc*&r2x-Q
z-s{SzlwUuHLQ1q#d@&e9|NUduC*Wfsc`V*|J_I_?OP@MkY!I0`SSQ03L{wQ<i_NXM
zH;!5ooI;oN$I@^bSNbjsD6h9#y$;|Qa|!qIV(Zi7gEFzaNS1FP&#z5+^&PIt6(G(Z
zc3H8<=KxJH@+bh+sSy56dG+zg=V*@7GAjIVAkvPVa<-2V7blQZhY!todwdh!T{Z8k
zd9^{4UD>HsaK$)7pawl*)AYy&Rg?g6NjCcmk2uRGtnzqe(Lu-D@F%>T=KZmCKrjSe
zO#C4R!!jUqz?=iITCl$ak?X!qJpi7MD4JIgmqp76{xbP>0P@K>FX&UZ@ZYo>)%?9x
zMX>Dlg!*njy=m{<{={66N)2CWqyH=vU4Z&TLjyfc)cd1dk%7Q_jE?5K{Z{|k)c~OF
za3!vqw`V<a#4tjmD9X<pZoEvq<rqpY_8g~|{|WK}LgL=w#NQ|eOM$4BC*h4+JMT69
zKFrOFTcK^@X?_RNsQwbfzO8aGq&2%2lrb}X6ne!Mz1uVgnI506(%_%?Bj}T`?m@o1
z(vz&f`b=rRVM`iAN__<uFM}(ReOdk33RM*LRTBE-H8@grKU4s$0`vT6g6V$J=@Ut#
z$%YLA86_Wb&Dd@+FZeV8$c~;O@Qk8W{s-0e*|7e}w5goTS#jC|E{=sRWPi{aKC=ne
zU>pB%Pkx4s5tyA~xJWV%aNAqva5cTl7dYwh(T(V7i<k+g^h*`=wp)Hmr=3yCWc|Jz
z$Zt}xQECe)sW8)aih2RBF+f_Pl~y_ZVeGpPxNJybAwir9RpK^2v4ZHxz#y)VU1DHX
zp>WDDPJ`h0hwx6*9XkbdnhgWu30_oVmZfMEwuYAyh?5dzxd4v(w4F}m#pX7iM^ibs
zX~enmV_Q>HSg&+4wHp7ML6jj?KYkSYumH{t#u*`CheQ{PhMgC||A=E77z*_`92HCg
zQ_+{)ZtNjmn3ZTayMJT@bO~mT$_go+1wu$jx@kLVe*t2OOAoishH#{o>^gAG!_OD%
zA6@q_=_PX}Mw<u0fk{PBG)xlP*LC_{8F!O^9D&0Mad{>0g*Fhn7FsEEKV>HmnL)^4
zW>-ps<%7d^q|FwoO^ZN`Xy~UPzH0mP^im<IC?&dSbt0tnbI*tU$x23k!dC*q;$TUn
z4%LNRZ_p-nE(pJ!5J5MBan<%PbOQU>MQCS6izqNjtjh2lkc~jtf_ae)@*~CH=K=_>
zA7<-9P*5TCmT6)oTaQ$L=u3a>aK=K#?8PI$`i9_#$@Hvv_*{Z>iDu`ApM<9$9U?HL
zDc)4u(^ZK)%zffvEI2P+0(&fBoIl2ydSoq*@3Z)=7n&qhG;6At`tRQ406+l;oBI>1
zv|@KmrTqfT#}(>e9;eL7&5JR8N8qD;T+f9<kfK(41E&U~wb-LKV&Kux2}%d|yY9@W
zO`b*VC_hqcyvcxFxW1tvCF6T2n~4nef^CXzYavwwv}^{Ezud_%#9KYTd#}0Jynzb3
z^1R0sjM~wUf)?KD7e0e#{lUwe*eqsI;isZ(q(cbAP0P%f&ZOYuDL>Xvsw7^JbniWK
zz&wD*q{ickV*ya$MO3Vaw^Njrycn{}>1=S6a`MFV+ixCo2>|(qJV4oUHIjXvsEitV
z8kNhG!>t*`zP^$vtW_)NX#A6;B7Rr+X=K(Vq2~}i0YP*sQqCipK&*t<k_@5B6I*tM
zy!E{HR*&6}A@c|*(?tVu!VchNJaE#_xeKl)(jBZMcn*ZVu+{P-2np~06^V{@O*ow@
zBw@XI>QK0CBG^}7-Jv#w<i(4--ECdRSJA#AF}7^Ef2HqY?7PK37_u@+je2{(dmxdY
zZ&LTu_{MO_D_#<Ws@8e5@VllN?nKE2SV0<^CRtmtltEEDLnvv3CsA>@V{Cuo<#wBT
zSS8I7vjh|^M21$i8OU@=h_0yRfkA9b{#j<;go5FgZ0{`y@HYm%7}tQ^-5L&rkfpse
z@$B1L#pnAB10YXNYu|1!A;WQi(;S_1GVXYV5XxDd{y?FX04Z%jYML`?xYCifW0zIf
zoWuG>5R&8U9e*-z)J~<wGet>St#pWe869<3T_y{A4<6{xa5m%L={n=mdYm~Vq|*UG
z-)@`oMJCk=e$nXh*gf0UC3%N`U<V{fpP5BPtldanfl;YFZ3y+f?72;hZU6Fq%vxl>
zr2EnPewWSQ;Jfw~_Qzk6OvTZ;!vYvcnZ6tAb$A3x7LBm~tM|#Q!dpy2p*jzajr%jv
z54EMQS%vtJcZ}cfBIshq7zJG)8B3*^(n@*Dcv}umVySypK()lFQCCvYU8iopifB=T
z8qg4pXf&l^3RGaUt$o;r@lCPTE6DAQf0c1l>d48%V&4G!USwa{!05@kQ#l>JeTs#z
z<UK8UlNbO_&$(Ew0cY4&tDX3r`Eq34m2sitVk~8HTh{rGtE}YU*{r)NP?s-yP9&i%
zqQ+?N3Rzuv$nhRgk35EQAQI?4DWkPp4c-TzZ*fr`HLzCCEk}iKpYwMbt*ymF^2EHr
z8VfvRtfF^mKFb9-O;R!Lb5oE28}FCP+bM7IGVv&8>}6t{Q%~L}58mhtG_zFJ`j5Js
z`+?(8KHlrCYD(7Wn>!_(tgaqO-AH!B$;<z$0@C#aEj2}_{aVFP7yyIG8Ri?_KjZyw
z@cz%sUhIN8=K4>nh9$ApND!tZJH05Irlh)i=d*Egzs7f(k>{%{%iTcwzQcu$O4(}^
z<~&8+8+{$vp|bus0^f)bomS;Yg%Ftb<EBQ@K@B{w4F`m##?*`8r$dui|Djo&pI#D{
zPCb5E-bsi2Zbj|{9Zu;1YaVl1{hUnnSPki6Iv+jvwtTV&bAoFETLY>`g;7m67k1#J
z%}8!=g*2Hk-wk(ahi_a_MvBk^P9J8=Y&z#>A)Cn~49nR;K?M1RKfGd?c?Z~_2RyBt
z=c+v|rA!5z4@k>;nz$Iw;(Zqz+J1J2zO%i@69Q#9#xnCin^DvI0ZcYuWCSg)IWw%*
zA5ZdV@`VSoCK5_!Vkl0`#bXh7n;1KHbchEptP{_n&6eN{g{A-81gjYB_A)_}w;@>l
z2=h@)ysILzh3*NGJke%UE1%zEpI9Iyv}`3~Q(iyJn1e%|G|D|w(=+NA-jH$kmpp1B
zLVh3#^mn0z+6JoR>bw&#7nbO-C!=5}>Cs`gV{}VND%Mj{QFwE!kW?uzOW*-gs=7&;
zApA;2tHia&qDH6gOT;}ixMwh}<gI~|(OF)jBEVlxctI`5irC>aNWeh$LfbOqGhc5S
z2fFQTdZiCU9M;FO>kMOLAxxl|lwb<cjkEVt=$X)wG<6mt!Ja`}ntE#5?qMaVM_zPg
zx*s_Nr5;l0mG?Et>Drufhc}kR$85F#Ik_S}c2A0S{|$By9v=rHgk!?;OVO~T(Mkly
z;T&QY&e76@{&NE6Uxkbf7*=zKowpXZIgxr3dWl%+r?lURJmzK-{?K9JBHcB35#`QX
z0l9AT{?RT<OKy(KeTT{S@v;I!*-fe8S-!8VtQO-Y0uVP)=0MYROOEp9t^J&;X%_NA
zCIG0Zlujgi4BZ8p875{DB4KrW4IlWwm-7C;+!5sy*<uloYikn^%8^da?LgkX2E-aQ
zO~}mh78$DJ@76Zeqy%F+Nv4~%x50I6RHx1~)P8E|nR~ipAnPhO0gsiocX<x#{!0}!
z6VqpIvc<qS03$NlO#sEh(Icv2m86goAh}((9Mn5`weGVsSASs91`WX}{@Mzd$5Kp{
z{U+PGRKua87f&K@E7KPoxrB9(!Mx~cSjw!SS0z@30@Uh&YsR!Jjy0h6S~MUtYo1KL
z{5n)-*5(j#GFSkW*VGEMuf{&wf#i>~8E5R<s21oP-5b6hom_dtCphC>LKa89b@dR0
zt1ZUyR6fv<RwQ*2XPz%i?MR++LH1~a6<Z>OGBtpXakvnxf9D^nc9cyv)N^E3C2uU<
z*zbw?AzC;p<{}ad&-1gjRxd%Bv#&GIEG5C(rVljdy|hlof-CZ~)v&IN5G2|Mqmy9r
zxG{AodXKyKlJ#~vxKwS=td(<FBzJ=5Ru1`9a`0sSy>+(P0Jup1S?gb58!tY`Xr^$+
zqdu-c=4>Luz0r&-v%Wi&AT!lMC^<CU7?A<sY$8&^P*+cK+#}o!W%`H0P$L#~t`({R
z2=+%8*Hn{2WeUpMw&fs-(Pahk!2PZZF-`*?iXx*}DOD;=c?%LU;1|T^pHEgevY`ZQ
zLkdW{YEtC5W{sYOFgkY_bIhs3OvEGsi1;fqJD{%C<WZT-5xXY@@YhP?7$k8<KQ2P8
zdN3((kthRSww8psK&+$qbn4cuFX^LojxoQ?0N0o^nH_0jWm(J;%<TJ+@j8)+k{Z)5
zoGKRXp{M$>6t?A3xN<GSM51rqZfax|1IoFdnNOYY{31hYpUiD45OPORnce4W8>O^#
zJrK2L*z}4zV>MVT%>Ztr96*f4NbVYkWrVwKX$`KhT-&E^O<?tX<~z!nJzwHLFa6^e
zG00~FBMB<a)4%O#G(+ztH=`F`0>Tcl&SW!uqI@0+<OES8sk`kDlytyYot!>UHFb6O
zEE0VZ<bD7+CSjRv%?kWFS~KEul6hK7t~h3JZg)HX_^NOKs4#R{OKODga-(x^euHo>
zgP|v#C`(2y?epA}2u;G~7!rysm~jSEw0jM1f_VfQ)ruTNT!T>8dwkEozZm2{(3wou
zcB5PC(08ZiZiRPY-L`dn?O=Dmrm!i!(Fobe*Tzlb4Nnt|;UQe52a1OPi0azyM!KIN
zC)Yt%#^|MF-?yXYAI+4P-kZGNFD$Ez_Lr(Vpzcu=kP~`i-{`Tg6e<iAS(~h5c()+K
zx#JF?k~Q09tinI=0ftbDD(xg$j%Gr)D~s-a2b9{#=*X`G2HX3-YxC5dV)(XK<Q!1k
zhr*zVR+eyERjYls3f`sdEcfrEJ&&4ai3KQG3`yHrH!BGudi0MQ!|cMq`q`r3k_Dqs
z9kJQd!`17h+2e9i55cJg*ru@~7_#|E^T2X%&rp``y~O!5QK>bCnA_Y>^J$|`hlt@M
zVv3BdA%?TdAw4{yVvZsIK3w8uu5^0y3td%hKFml7z+FQ6c3oM`#+GST(B-BonDHTe
z9p+7b<xb~~fU#W8xbpEz_pJ;<5!|%WBIn2|H43|CY&%GuOH4zIEBR_itLBN@BRx54
zfv*yh7juEmxY$b!-uRXe&oad~Qx3CA0g=ur#pzJ_e#yKg&1h0Ak}glP)t+<NAD1w*
z$4&S3b=Y~r&ji7<<@TENAgZq^;BFHTeQ`o@P~P;9lU_|noL4v8tn*JmF7Gmzd5)0N
z!(*sgQujMQ^gAm<bK%Xk<5MX7vt`J^YxG=EgxQ6bVMom|odG}<8}?6k$e`&$1>z`5
zrh83ta<_D1wXJ4-S1wKWR{}<S`^V{I`VVrmW$88??uE*XW+Ef;p5<rm&k4#CgaM0e
ze9JiH><AWH?&+}#J*;?go+P?Vbr~Sy!-%GmBXn|r>0QhVK2P%k{3ZG|G)NUY;bmEo
zNSJ*;ah)us|7S)te$l==zGF#vR#vRgaPG-lKyxhlyf44hMh{sqvF&ObB}jMy3}tOT
z<+snWTC6vD2yJB<$;|0sN#4c;2&y+g+JC6_YB=d7-Vk00O9N|Bx3=-vtx0CvTK&71
zxYbfqOZIx*c6W@jd0+^rYVymnSLGX>XaK0WScvKZ`N>u^#MY$e*8($B9iL9>O+kEd
z1q7+4TjNoMzEFh7J=pn#JIwxYpL;Von;AZaJPpUJ*xxnv#W-?_pC>Hlp@0h{8@t{>
z$iZQpLkT4<;D$xbrK7BsvM@;R)Q^1)vb~^k67WS_@(<EkNu^d1Z<O(NAbfQl-x&#C
zZT-VztdHJgjK;$y+PwCL*>5nQ_}YFh#zb3mLDbAtln6qk&5i(b2>9b@m|2nzo$%Z+
zHA3~T;kew1VMKf(y}Isjr6Q*xdRqCZtF{-MqQjgl69j2j^zf7mueogjcO>`iCpUOC
zYp7n&Z3T?G|IVR{7NSn#nbd1bhpww#gz^D&*)QeyPL$9qkguFXd{od3m4T=9d}a~%
z8QEP<_haYN1C5A7vR7A6So&gG=!L0-bPm*?bnnACeW8UF3MZi~vo4s9FS-1ZsHSiq
zmHTNBj*U-Kab>kz1Tp-x$GEQE-08yK=x*eTNJo++V|qEzb6N!>&+KwzMd#{UA8YKD
z#&M;lbvweFQQJ0gm|D;RJ%}rvdj*fM&ec1B!3T6Toc>wIz|T!=)C)-M0t*5J3XDO0
zVs$lv=7PY$i&_~bt*MnhobJT7kk}YzjZ%8@a}(W8Gghw$n?Y3sRCykJbHKM)={5w>
z5qE>J2>uMNDn+>hH1-(hkitE3@B((>g-S*e<Pxx&WF!%ccn)A#j>TB;L2WYU(-*1(
zYPnY_n@O`aA~jr^^UBV3?a`~O7m?KsRt|al-xu>sKlgsKdiE%3At5Edcu4+B+>|F_
z1;kK1mmj5nX~xtq&(?jaE5T{3|EF&>?zBg*p_=$Lg~**5MLVSD-AWC18d6Dv@zw7%
zie9S3txx*Ps&xAEt<Ye_J)?pTqoFl8oRC2=9t~MB$Uoc4!iYGU78ts$EG57JP56Z^
z7-#qdKrSEWwknrv7I$G~x607BK!qM(^s5sSA>$Z9j#S6!#FcoD3Su*K;8E%e&Z$=C
zq4Qx$x|u69TS=6%28+Oj{TaEUb!zCaV0MgKQ!I#e##pIsImGyJQfbTYqLkh_Q+A_k
zhSLsU9a2KXZUZ;*G`ofm^>A+v)f`K~5iE3Fx5zXH0ur3q9x#<HLv2HRJDYx4`#B(e
zQUVFU)<lWc(Ilh#u-=>iU-lYw#y2iJ_<><5Db-K9NoX>8v$x`TFuDHbGOhg4usyLP
znv9}J(0@}cnuKyX>b^-=TNzDf$ukP!jI8DQQ=XnE<}L87C(MS$IR+o1r6i$$A?fYX
zzJQ*9PnweOms8D#^cTv|0nfkGdfV^%ci5mgR7DZUo}Se!XtuEOVRDWH=i-5tleo!#
zg?VbPpFpAIb>EMv+}CKBa--aZ>k<?g<zT=_{Q559n6dh!*!7~^Nj#>jTR-b45qrR(
zCGrJ6I>~z)d5&jz<`g`TC&?o63E8L(`%8D$>2#(;;oc)V?Q+LGcK@Z0t;=;%UB3|`
zM1D|*GxcPMvu^Yp>}mzMsaH+xcUFp_K3!b=kdJ#`O(s92McP6E;Y?(dBsS-2Wzi1_
zVMn*1WkAA!Li4HFM$R64M-Bv?NF+q@J(4ky_N^9>1oyKbdz&!Ocrcap`iD#BZ-#c$
z;8UHQBnh>!sYfp6_!9b{-5~WZqS+ALF@$;zaXP2~ChmrcdGP`uF$m#c2dCQl0LTMK
zG}@&8MnFgnGYH%pyL^X2t9%Q0WNpZ`U^yhU3zKR#)YpdN6oywb*|P9zp$*6!lfw7^
zVaSh6ci>?hQ(Pkg!`l;G$h(6Y1geB$cZd7VFs&ue`3Kqz1lsO^V*jje|B9+kIlk>X
zn!N86i&5B$w|I&hz>icNgN8tGjS{q}Iqt<IcHXogSy&j~$CQC9MYivQFiIK*5#kb$
zE#SG8C>?MhYJQJDo29}2cxczYsX$42(iJ=R-8l762}ZS$jXkue#^JAn2V1$(*Y@hp
z-Qp&Nt{M;c-_rnQremomhADHz`KZ8k`pb#rgFXEnC0q^>l$ooc3-w_GAOehBQ|}-u
zkgzL<V<iVkD}<m-@@k}lXnpTQw5`oeG7ppihLuxkGbq<RJSI>^*f2B%0QQ%vChDqu
zY(p2|fZ9*YWK!%U>9!nzkI9z1<l4*=f~D;>2gr3ZwRj+WREX5JH=-mD=M^k|l{2)I
zq|HydK+r&1ZthkHwGh7^{-92owV1n1)Gdyz{uPX+$?V3$CAy-9)vp7{0HSW}0_F@c
z;=t0>pbicoJ0jszYdb4&*bh%XUbQbZVyl((^c{}{vMIQv_%oz*iV*$`+`*vnE`z5(
zZBaCR6OOYgON%rn-{^+~@`LAS@lI8FvDBp^F=*9KBh+#n72VrSa;*<OF_ncdTq!9a
z2CsP<Xj3&EuCALGLfwu<TI_JvWv)x=W3CZ~Mf)f9lfGDEU_h(r>*Du=z*W{(NRvxB
zCXR|NTumBtI~&(?2*yxBkz~VuFB^Z`HoV8=m!D?MvfA3Kb9G<FcAFYI4ggL}uMfQF
zB-pp%1U9LA2L>Q4OsDc=9rjNmVY@awy0gubC>eTIo@XC*e)g;c_m`@4io2jjNg7I*
zTplEK4@Ahm$nuE-BJ7dE+Fc@cbn?4<Un8Xk9B>W3EK-i@pCq;`PncV%fY|UGU1;u=
z58HHE(nCT(VUb@C325oO34M5Fqx`79N8+&(8L%4>twaXMdjQrhKo}?nRWXunQCXB6
zvzmul$(tC8P-;1J3Cv|gD=yIk*7jM}S^jl!ryiikcnu!F6RcPKPQss?vs|o5@Ytl$
z=@bDY=L3cjXw<&UA&7I*O!9~iDTZJq;h3oT80Y18<0S>`*sJv5Jzi(H5<J@R-IyRt
zK%M437gkbDzti^5hL`E`a#eONei!}nMyuC-5okUs(|?zJefV3CUTtHXx{*8|5dDkJ
z^i_?gLLPC|%+O&*kj8qJV1};xu`-~D59;DWM)6BL?LTLbm@ZX#Mz5!xQgMe8Jc>p;
z7>L(%y7`ZtFX`IKVqNM(6N?AMv(a#0gc6tonG*v7efea@KVvR30E^xEXUPAWi2`Nu
zjdnZf!KH!*f^vt&t}58mQG{HM#34NsdEB6+qxGhN5<h0D1edJ$;#MAd!P+$E;Qj6R
zMjv{0kwWM#eF3m7S3wfk_g_Y~N7!HsN(=w0N4^Nz%qcp`Flfic=zvCc#dqxIzE14i
zxyHKr2X*)HD>r^>kpsnc)zrf<R2>W7k_Ll#DV3>plybI!sQPI%f+uzrKu-avx0jKb
ziP0X!4gW=^#`>L!W;r1TxD37@=n3ckFbeM^zV$2m83`AT_!%+MM`bj2q$Bc;mo2nY
zZo|^>1<^5`^bX#o@w<TFhbr_;JbAPuX0D!I>%tJ3-bp_BrI60lXz|x$%%A{$Vcj`2
zWJT=0q*k!?TBhnUi%*vTL%AzM{7wZTCjb{lJw`ukeEWmgc!sa#@#M*@%RTkP6w;4h
zkCFw)za~)?Hs-$QTXgMr;5<jp+ZYj|cq?3M;bIOz6uWrGN-WU+)O&Q7T*s~3##)K=
zW20QjB%!E_y9$CcH~uTonhQdtb~HUmtF&v2xLZM^a#`)j*tf-=7{JgSH7I}GQc-D1
zf|~2V5fyD6n}3{1F@1K@0~B+!BU5KhEG+xvTZ$G%h)I}wOQwd-IR|s{OW2NfMb!*+
zGGnh7!5zmZS>1BT=I-MWa!B{sB^#V2_7K+pH2~E1&yFp1GBrH1e_GN5k}~i=s4%XI
zV)zkwO$xrDG?uF;@?6oEs>b<5ed<qj!PC49GukU9LHF|&L#hT{9zI`v?UBiCq2F8D
z!K$NW?BQQl?0rx2Sd?N@cgUNj_Ex_~X>d@KHa@UeB@lXt=9Cy;n8ZscpSI2KwP0q$
z$}F^B>ohxDl1&>XMWe}qbND2tFkV;*X)-}0{w(QRpg%+O<Y6kwjZ&U7zN}1;!%raU
zj)s51x&`a9p>tDALspg*6Ff<WcSiAA<y~<0G4JcmkGLla%Asub&TR_oiJ#QF2Q#M^
zCPK9dN)Igj8-91MTKQXLhk)S6!F({}_{z#0S-u)Hy4ybK?{Sj2itM2qAn)bJfY6aO
zhop6~Sx%#nkbd#tN4QaJ(!@}Z9NnjryvqOl%=i<1nGSk~s6Fn?5q%YPu7F&|DZ$u3
zY@7`_FY%m`&wifmsmiARUc?fF+%<5NJY&5|z}KH-9bhc~92yH%<u@m=Oi#SS9-miv
z(UWXK*odGUz|Isy?E3mo$JQ2wiB1zo<*<tB0Lf@WBc?8obVsJ*Hxm~+bCnrta_sE0
zx(WRW+Z(>kx<lY$OCbm94|f_}+M*dIZQ7?HkZ6$stxy)NCLUeT6Q4~QLKu_q^9aCf
z77~3e@*#m;KGf(U+wZ4)aOsih&v|x%;4^QjPqKBZ0BtPaE=}c1ADp^FEtw}f!C$vB
zc*XHHnaZN``aD&Y0rjj0MjPdziGI(+!q2PFfEP(fx!f8Af*o0ir>6_SL^K(<(zvEo
zmA=rMU6GXKk{h8KmaOboaLb51n#p7gB5fUy$nUyU6GGt;zq6OOpUv=Y<N;SD1X@?N
zGy$jEuvF0vAHAeEXHO+(O~y3X+Y_14;`XVdy3;aG@{rO+LCact=KC$w=t9FGTUMhB
z(x0w)20i+hSfKXn&~*o`CHV&3&JTzT6<Fx9SRz4)66r4wA!3R*2WxKl)f>CqIFtjS
zS3j9)Y1bG$+UEgj)!WM}o6O9z&I%);#$)uswd|2;i8?2XbC($O;JKnwd1V@Nozl8g
zxUZ1S%lmH8q$NS<_uY0BwhV`Cmbr)-X+=E_LyC@%RlBxtjYi|`i%djTlJ}4H84far
zIsSb`((%dmSJvLp)~^}LcP?n?p;F*>ERptsM+@~p>)a}3-uCmval$3I?bV_G3bK@V
zwDXya>BO#YWNMp|3Kl+E$Wm+inLIs?N>QjL5gO87ZkwVgPD!4%eE3y*F-E>OP358)
zu>IDrj?z~a96BqhM7<<*Gi(~<=B|n_cbJZ2Z>4an0nY))d9qS39}gc>_~?Um$rQm4
zYesVw`T-U$G7l&h7<#f~s>K@lHr#$aGXS{^IS^D;H?l}84*im-wq>OmagW)Fs+&%<
z3YCn%-YfH2rUx)nX1OCl*x54{WFP&MU8yZ)_dj|%oxlhnifsfu#eBg~oA!w$X1?Be
zoUUT>!F{6L5_jO&ow{2{F<vuTg=%G$$yI)NVM%j?S+lMl7DF#Md^9dmQu%qsC~ep-
z=X=O?_$$6=95S%-?>`yNm`2)htvVeQu+AHsF1aB_XJcRVs&m)k6hXVs)eJ3+au*U$
zH0hJ~!!?PTV~VLqQ79_V<6%cf&tgsbhZ|l%kjHS;brhz!FXP44A1K5xGHeql_UUHr
z1czSJ5(hs{kIG?+Ma!p1a0yG3<{XJr+2P=r^&QHt^O13>M}aCgD$QNs1QuBh(EgYI
z7>f0NVLHesjtirfpPz<mvd+te`GDM2b-_cYZo9ZuMmWaGdffquT3#T(>6n3BnE?F|
zai9n4o`zON#S=FgS#d(WB9&MnOY)EWGNlaerUquFr*qw>Ppn`D<EDX&-F{H^Q^4a<
zLBa8^_1qH?gG03C#5g}%rfi#-GU`*Zl?oCXTl)mH$s9L=u;C@r;o7{;ObrVH=C^eO
za@*Pp`0-T1^xhVbCG^QEQe@6)tiy1P!Xp33hg(s~7^qM?DMG_!0vyW_2?<85!Zq^A
zd2_FMstHv1+yKNL^v%$lx3d<4{N`IjAM7)Gqp0Tkhlb@YQ;|Q9-GK&DByC~=TWY}z
z?081~By7o!E_amoJV{xP5d*!t{n1>|@~PkDAVXI{kIraJ-s<diqiC@As7%H4a|0We
zNq)gak5gh9p{*nfj^J;_uL|^c6VnB5w6zHWbO@@GX*=B0tqYb0*#}Mmh_nzUg-K?#
zEAsc!?^y{PttDle;Vq3t>m&8?;FUOgS8II?uT77%u7Ilxm{E-`GRhD{JhLneA=BX5
zSbC#k@VW%V<yFwzH6m6pvgTtj5@?5qzaJuaT`OIs3sm<xO-88-c@y)EfSB^qYjX{p
zMP<Fpti*a)jg55-$^d#wRSMiBnpPZ+&X+Ox*y3U=c=95o;6X}Pzuk(vt81K#Ah4!4
zdn}awkI6XF!<j{hk7)*zbJ}a%1G!mo-V*o8?En_D*?}><e_4Mj%)8lz{>h%zAy+q!
z=&@$fRd^eb4s7hy>&4Udy?yMebTtgIQwDxV87i|*iLa9R`r4br|2)Maix~W%rz1js
zMPBYR=qZG+RPn*SVBPx#lSilgf2>FM;JLqVT}5X=f@W`%R#iQAT$SvTQaaiCK(W%#
zF`FLps!=3Nh{nS=-fqC`C20;P>tv9?VtZD<nf?!XhWz~Hzidhaz1VGbDl+z;O4`We
z3G|p3qj+>V<t^;TPRaj>9unC2yUD28lx#ug@>pT7ao<h{r;fsDL<9txvS(%WNar{(
z;Ix_dJdz}`Wq5<bakh?gB@!N7BZ@7>++TVkz8@7J9)x-dfg@8uAndK~5$@OoPV0%?
z0$}cMHAh~eu0Y=Zkga>nYJ~)MforGPWzL%3X_ld%CAl5bXI~nAGq`#okfgLG(NAJn
zr^0*LQ-cyMh=*lveW53TE@+sfPrAoqG-*QiO9JB^83P%L)8Bs^!hs@;37gqxfzYOk
zy7{Gemd_Ag6flA6IZfi1>HUISE9l*`8M}dUOi)pGLdhsi=FXn?IEWC0k<+9!K1S<@
zZRZb@{pJjbO((_K5-Uq7FrwI2h}4%5U1Xfe2>)nvge>B4N&?`pET*QQ*`Ef|2De7U
zLv4^1v&!PH9G$rB!4@j*UM9LZTkA^W9u5QxK@28}Ts4Gy+e>JMg>HSc0Tr|aSlm{p
zQbfl18hUZg3Z^DXn4E(RUK966zC=JgDCaJ<09Hpi%&^$f@co5c=4%GD7_l@HU-=zb
zTCr>n$X)P%zDuxunkQZ~==97!*f)81Fscf5fUyKS8UlzSx}jT#IG})JL|P099F!SF
zpG#uuc_1L$|3W_2uvK2>QG8O<c064)f^u^=UFB`))s@+UV8q85$jx2S)dnps`4yvK
zDr2NH&{CANSbHtPcLCC3Qd}0klz_%u%6%DXhak+-JcYjoKpyCFRNhVCbT**|D0x%Z
zGw~(Q(qmxardMN@jM~2O$fk-<5T)O{^w4$Ll~b^hQSUYGtq$geZmu;AF@D4bLI!KU
zqc_+;X=`zS%Yo^iCZx~I2CP}O*VEf~v>kjQL3Ix-zzS!aVm!MN3G;El83OqN917D=
zH6l2t>wwQ;TsXlOhynfqY5Ti^<&ZX^?35PVU9P0=nnrM{K*JLcS?OE7=LFYTn&)}q
zzM8m7Qs<SR+KFf8*$dS|2f|OWK2rw`V7wmpiB(hrPDod;P%s$;%_1r7!i;v*%d}Zp
z3~Eyo64DLr3MaCjpNz1Cf1X+{1y7vvgB5@g4q`N?oPLVr8a<aJZOWU;fo{=;1IK7>
zKkV39F0u2QDjN@`2{`W<^B(yfQh~P)krW<sTdrPEwDxtm!p&Mlg#fyjE<@KP+Br%e
z-5<1Kb^qonz5Vf@<6@z7l4dY{F`5eNi)4C(+brGwAE3PhEY0#V*9P-wIU;s<wH%{^
zrNeTYGF_%b5oC+<D|ZK}2-Rk-XxgUzB<AzNRI-)%wjv4RUv8+(-LG@Lls3PH+SV+r
zPdGUURmnU=c%P{}1|5_3-%kbcQA*$hbU%R8J+?a>!JI9fk2-ODPyxA$efwlIg@-D7
z+@B+dicSO&S3>2F7rP>!SM!^is#~FHIjf8{6R4%&U}w_^WK;qg`0vSwb{V6W&rG%l
zS@>#=St@?oC1D`+#AMXCHoDFqveoK30LLxdjRgC-^E&(WLISj2<H+t|8Z8MME<=cH
zVHW>%3GTP=4y(@-Y#E?9aOz5!{{tV`QK$JY+Xa_5wiT0!k~|a924f|LpS3ldivi?L
zVIVu@_-DAnd>y`HK^9RAy#?<Gyuy!sWq;ZD%C<Jic}&_v`*rIs3~C(;>_QpgR@XPV
z%$=D08*&$nht(&+6L%|kyqk@q`*W_fnTD*^>5Rz0pd{tyRd88zOG0ccNh0ZG&PQ1)
zM_I7`CGbP9-a|J(1~@0JCKu<ZFWz6|pJGs?=@zi0LSgA@pUCopg(RA@0QIqQkgIK(
zS0r$d!PvUly9A5@+}r!nGWrirX|cjukco0<_^;o5!%M8LoQ4|@*g}()a}Sw&+Z4t!
z^Rikw7E#Mfc3WvRGRWAGD%+6N`gE<=Q*BcgP08t0O#yN=Or!g$<a(SG_E~=$t=$UU
z-;pi!^})iXT1e&;P2mRXt-KwYZ2s>E(7GrEu5r&Q%9Hi0k6;!v;ZB?QGiac=7j9T!
zv~?wHlVv&O>&}0+8L<Ld{<%noE@2vbwneq&4~_rI3E*$$z7~-UwDMRE1sN}|F{3JV
zWOMQk_RF(IoUuAwi6{mYQLGybQpBPN=_&?A_&4qQAwr~>%a`Q;u2+Sv-;f_ad|*aV
z#A2)e>=)<khS=-*+7%3x3(YFkt82Akg1{3A;2FI`8EDz1{hvP*uz&#>?tHa@urS*8
ze+Z_WT~Sy}**=IU==117{qkDEyxpn(oLSL|$^GG}d+U2)9#T`Ils~ki735!FLasn0
zH{`N`_=H9g!2Y~&aHM$kLRys!9aqXjE}-Jy`5K)<SO_ZY`hB(zi?+C9xYQ(&H+8|0
zqK%Q;R-2HH&90W1()kkEcZ&w`ueh5HRI))4m$pX}6N-&fsPioow{tILJjh62#jh5g
z3H~~RYIM7mmY_9`h+t&nD<Q$m3p44aCR6wdeLe&lWp)~NB{S@!cBMuWERzP@r}qfd
zi}@;onpkE4^|=3DokmgwAE=8N^ysJj#}J!Xj|Y&4cw4QGf9Xe&MATEI#o%wgzd{5R
z!3!2y)4}nvdV!gg`4~-A)^TxhXn?!$V)|mEL)Y7^d;@LQGRALN`wIZQROOpmdBD<~
z$MOFT4Md#pve}8zD)3;a7gi2*DCy<`jm^zgQuHMYc>S%M#_%(IU#tesrasPqocWVf
zTc(px>(4ve_&x{;QG_{b^y%R7(GbW=SnR!)1!!OIBNr03wp<eDqljSB=9<rY!Y_I0
z^8e9HeOI%o!agTwK=i6V7QtvBn#T>~;m|WwiroTljZ#FAPElN@#_oN9j@1yb9B}GX
zmE`@Rk@zk%xAXIsRGa)BCw^)mdZ}3ypeij4N`VoGztaO$qnugvzTwipJ5LAsM`kuK
zzO!oW`vuxjIU3CSj8uVLG3rwRzw0^~ZSqPJQT}Tt7JEreDiAFyCviXAEkORQ0kN)f
z@z#0h&odt^UJx+323B$g>J@!P2fXJ{9ArRUu`TYp)*S|EP*yz<uJPNzgILz%tl*dT
zf{cU>PQ*cFCA)AXUUTAG+pJ^|4u@uBH6eO^81FRw9E9{y{c91HO1V}zcaGi%(3fL3
z=!1qYAhlXtSNLy1>^Pm%qhZMCNvwxov7)a|NK)pWjApt6JkL8>&_ScIG&#(mnrk!}
z@NY)}*h3l1NvFm)a~9oHS50ZsqnMScmGpp9hA&A_&K8!kHqm9KOTQL%BubO&l2J<L
z5SvF|9iP7Ltq!#UAERBv8^3`U0(gWV2CcI6$rL!C(mTXXjW>8Z&U8ZGwusmVtMz**
zV`E6i!+>OUuZp>Xm8~_L4*xkL<d`nf3t`@Vrh}7~!Je7^?Eoo2*1sJ^wUC&d(#*OJ
zdN~7CP<4F{`7bvO(2xt;drCWAMvJ~hr9>kx0N&%N;GG#;DVA}?f6bG=?U;~(Q#wu}
z${-kk$$dtmO64qgB+1rktr9u8FzmAbF2HhHJ&kOP$Vw3WLbVOL`H{UT@b|0yYGt*s
zfYW+JK(+>J@|=-Mlqv65kv@j(pq?eL3Epx=3EYoTwXIh~rV*4dwupMG$JJs4$Per-
zusy=7es*s==bgYynl4#j%(`)rgMvL)JNoK0wuLu%`@<x<eE}fPoCZGo`^(nDXh6!6
z?d|q;Iq&%)^u`vW45aY0v4`lB#$mxWhG)HYq~24(YVm2IPW#DXDycSu5%Gw*)wXk&
z`*-8daA_yGsIoqa+<z-%J*ta-lIL)KiQ3esnD*6Ddejsu*;NxK2fG9^633?p)CQ84
zH_1q<PCCy$*OZM<n3(VfPs1)KtLGYW0uMxHh9tWcas*dS13>yzOP+uW$uAqQcsp+^
zZvd6PdD7p1Uk^xx!1Pkz)*6wd%VPT;P5Mk6cqLzvA?e!QJTPaiol0n=y%`Na@{JtC
z;GY`6-%Jrh`>mV&1@qlfQ*xTR=13Qx)+vv3b@;@IY)^}LY<BtPZvjU7jL3yn2~?t8
znzCm`0<gc|h*q<l3k^6P|6E9O96|{z4X(My>@CKZy|xF3samm`WT(S+P?oF2TJMJT
zGXciRD>if!pfC2LJAiJxn%__O)^-WSw|nA8n(>BxSYuGn_Kbq?FQ&9<g87N>Lv9hu
z41Q-a9EsB`D>Qumy(h3dL?3|z&?$5J$EAEZGV0y#E=6g$vJzR92$nT6yaJHWhLT@B
zAI<*t)XqSV^8+pGdX~>fWar_El4yz$(kZsF_cGTm<iX(>fpSQp;DzOag5&eIU4JYT
zsjbuk?3tX_yxKU*#3RfBv$NpA6>Gc_h@6d#W%ptbV3M8~wRf;=K^;TA)j^F(3k@*2
z-(eZ$?`lBe3}S~LwRux@Ko2XtlmGWYq1LjyV-lV5_XfVFGYCXnU~CR0Y`;|@pNU%U
zx<GkA=+SzcPk#*K^029NGGC#@Yw#yG$%7i;#IS)j7Osb&30kSCge_6rh7ioGV_`j%
zZIrR4y@g}<%Pi@)hp$SZYDsd0f<M&U@#0&du8`$1H1Q82Yvg#{kWdWi9Lu9)Eh0mS
z5KQ0#lx2Z8Eq2_aH$8>hGmqCYU=~_Sib5P7d#=YfdiFmWN1!@w{yC<%%NN|pPQ6q!
zej<j|OBR9>+|1!+AZIYo-@LwCVl#fh#V_0Om{(SIQ~fr7{UT0%TsbWH*dK6Gu;``*
zd_$zzAr}1P-&Byp?yGSw9)q;BW<Or5*i`FPZ1;FFGd1m37mM#8W~||SaJZHU$Ubu_
zkOjvs#|_olcolG;RS&bTX5YQ;?;Gj|pKXwWl>D~_NXZH_%T5Clu_7iryOqo%tP;-K
z%x+0Y)9iH+wlv!1kbVH`*Nb)=8pLUJ{I?G?yDppBIR2Mc@c*$ayf>`ueSs&}7$wej
z{6Nj#4;#r@pBu+_a|R2hA$}4U5PSOA^nl%s<NC$GaKD!gJsVrHTFs~bo#Dh1ANZwe
z#G56mLSw89&Q(n7-Q--BuWJ~0Jkq%_i44gX(e4y0{sz9D8;wi#JmBm=coU6+l=9Z0
z{M;eHpXa#EoT>oZwk*hoglkY-cs3sPq#CjHEmcCaua3{pn&!5Y$e`mNeZaT~tQ~3j
zO;Cx+{t)_!j!oY^2P`pU#K#B1yhFBL0u&GJo{SzMIkdEyw1y%8a^lAisV&=6#XFYk
zsJI=y1e{slGV3hnP9qM6>&mMi!4IT2eS8vH410)|*2>$~=^z+`)pQ#SlTsc%@3a9b
zYj3D~@&FkI9r(2mt^oUjj(X<9L_`j<Nayc}620{(<>LONPks&fp_v}+r8}>{_Fgi}
z8K1P~Q(6cb+u(*h*VNs_2||zwoSNH<g37lbiB6z>MyFhjeg+I9XiFja5?>7F(dJM(
zAudZ?s=q@*ZZ3z<LfMCttgxb{RjY|i1{R(|lf7fpM;%Kh{i<?%Bh%sVWT-eMov?cN
z`z`o~3nJYTm#0^12FCPKh=JY;-R-h&$?CrXXr!Lv%|UHZq&VSI^z~>Br8f1)9^=jk
z>k!iFh_^@pAZ2ceXl0iN1s`dASEOxqJVz*aHSw^JR@qmAiuxD6HK&lph1me5or8}H
zG7#vwIq;J4B9O&&8Aj74&vVvRYImt|bS$<+L~13P^HgnDT70|jLn3Nl1DR-f<Sy&5
zV#tCZWgiPuY5m{^e7yyNB5s&hK*1GdAM%(dBc|m9s|>YEcvD>?qyhe3xy>V?jhzQ*
z-h?v0{*&`u1)5k|WS(NH$CSunG?=INc$8I?&=+5a;*vlm|3!_b*TCM%U=Udx8v@2!
z*n;R^O5W)_`!i3#@ry~KMVC7Km^3I<8&*UPx3*HglrgEXZF1s&EOH3$IeW~`;RC;)
z<sR2p8wrhC;T=>0p3Dcr9E?_YtbFim=tJq$)}T6gtH0FW{m?6MUjtuJUC)FxOQ<d<
z^?RAUEF&#rszH8-dHQZ>|4A|^@V~C#Yy*!#nkX2RLAE8USf>}h;-$2xD8a=){iSDJ
z7NcAn*B-m!)Ad(GktGwLeIR@-{7tJi6Iv1OlauhB`-gn!X=XwuDHPFL5j=MpA?xNk
zRcAV6h}Nby-O;zZ<~x?_T7TWVmNa^DD3G(lor<UDw}nnpYc~eVYUSU)%??;Da>j*?
z>U`t`Q1ErOpPu)(Ki-mI2Q;XCuGVd6+yURkv8@Q9lb5d71g^t#hFi1YU{MXqo*Dm|
z;Sy@E{8ZE)0sXVqL<=~Kic!D8Tv-*0T=nLMe`(R}Zbnq=yPu*Z8rT^)ZLuLO7OTtn
zFY0BxPIRJ(GP?U<bLr}Mwge*b4NsZ_5PzqEu>9Fe{C-@~^cc8rmZSp36HV)5qrp=o
zqbe={mt#Djq-Jq}-L#NXAE#U?y7V+=_)7k{;X%~!rd;@jrSWPAFyMrIJm`&?A29HI
zg>CwP4pwUdgAHb=@C~6~#C)(3^fd>9-z_3I-%wK{!I0fFnFBDRIh9g@1AgX=_zIQr
zQ`rNK(?)#KT&(&)Af8ZZT$ZFKOVGoB&*V_7U%y7hb&L5r10ZlbI`=ZY11NmdmZP!i
zsCiMvUAdX9?xf=5)k*h8tOSkQFl^+KH`#aeQ_lX-?57(D`Q+(llY7Q3O@c8Q2S(Qf
zDRc0QDZCULO6dH~aLwM(8Od96-|%Z|Wv(#|Nc#VsidM5gkZi~X%XNSBwNbDJL3@e%
z$rH||=z?iVNN&X|AhnFxjqC^f^pI7$WQa{$Z2poDNa16S$mPN;bD&5lrkWo2QW_N=
z>le%A8ILlPjp|E8*Q?-4TkP|um~`fqz0&DPfNf5phv5y5eplx-RmcNiHgRoGb5QTi
z?n*w+p=@1fECc4g!A?e~H*mmvZkGOEH+OYbC?GUfJ)*hxpy>D6uVub=v}LxGa}QOn
z=WvFcNA6@W0)KRKaB=he)*DHn#9fof#Mw1mMVGtKVt28K4A@_mlvUT7WOqE6#sfQk
zCatO1d<A3G3fAEP^`fF%d-QaZDGi{hHO!hrW}rqbE1KUnEg_C&rCweu;=rZm{wu)7
zeMY<-0$eYn)e}DKBs#FUoOT7ZODR5~H=~L4uUf*9Y!U&7XRh84VDbQh-j57v)EWL>
zKld`Qz>L9#h`#7jT8z}&(wY~DR&|v;pb=p4@*DsBr#$J2;8mH#bV0~+Bvfvl{e$dg
z??ekhz2$oz6C@0(MbA0Q4as=PoP_EX=hb9F0SbYnrHJXOOsQl@9303e>qnH@8)dE>
z8h{jSK_J<cP9<MRx~E+bj@IL;p42Wh%t3%=4DTW4X!)jVJUfjg2Wja+dA7j_34N=T
zu^R3A^x5AAjyYt#B?r0xPn3h|N!vL)$j6iLLIH8{hU%Dd!VhL0$(t-*VyiLwZq`sy
z4QBC5{7+}DZFjQo;eFxD*nV6rz~>$nFNx`7KqgdFf}#hBX0g~MggknD9GXOGSc4CG
zA4G?q#(_7qo)}A)tGng4ejk!%HgNCwJnR@0)~qdw7WNQimv-El%)e97e;PmzosU73
z7)KiVhCC|Vt2fLKAJTEQ{ce56+;`LE&2%R5!PDY18CAF#p9zq$?!kyFw`$T`fF|VN
zDU=A>iwGF`skDj{A;-<63Y(PDS?Ie@_jPPu`A3|(MZ^r1j@km#gz{9TIEAxy|EBx=
z#L;E?LZmQ_>SuP;V40S}L~sMA^KOk9BwMqzzUgp@Z1vyI%vOyW!CUsN@^Khf3t5BV
z=-N|2RH=}m*^O^W7jMHz5e9u3n(qbC=2j8NC5luD9M+`fnBURBUN_|KUm{~T*g_f>
z)woF5+-NK-29N*IN7)uAbivU0<M)bcgrUd*C%m4)|9#y=O@dkf-_sA_wT$MJXo1J^
zC~e69aet^Lk~hvzV{D++im;ZKP?0^O+s|9>9bWbRYFUjkw~<egk7jdZLYRk}!Pu#`
z8^cDypCd`rzdF=lrTGf!v!(s%P*lN69bxf}f=JxLm4G1jo2HwE%%pRGC4+kO9nU3=
zT=A$V*JXxmxI0k$FZ%lXj(;&sFgw(C!{h4Rc<YO~mw<;;QlzLlyct=E$T!=M6NWHx
zUJY&Q0Oa{gtPHX6q%h23MAsV^lC9k0tMRz(ihxr<nrYZ5^vg6A8ti<x6q6M}JBXAc
z9!_!a>b%rFMa8RinK}*VeV{*@y^skJsfinU%a>5Nf}s<{g@mzL2NRWa`*6TA$+IHE
zY`l3@qz!>}Y4IyT03V=FtArLhO6Y-Mr*Ovv5BdEM3Qs_pa-#a4{+u46T?HX0LNmgz
zdp66`{Z66Ta%>c@11NLf_Xh#gC~eJt>G_N$c9)2a`%zfVfv64A1>qnw7PDZsK;lo6
z!qaH4C^F7%5j=o*85p`O74CnPku0q}LB}_L!uN`K&E71kUG4JlQJPWu`(pvj%v7Li
zfdx0)h@RB23?CZ(LEq8+x%eGO9n~okB)9X|g6SAq7IkR#k+;2^alBcQ_H@dTVr)Ud
zrZrhMgmio`!qUup%+!n51cki+J(T*5n6}pCfgFPouFmvTQTqFncXj>K{-GV;A;RK4
z%Jr7kOWrb@k68BXJc2}H39!h`nI5;U7Skt#l)RH9GhQ%*j)$P2RHYNA-6Z4rStZ<v
zVWn)@K<R$&M#mN<^#YDQvZ&of<U=MmUpL|hJ~bYlcl&BgEq-gU&v$NTL~l5cP3f-N
zH#~;|)4c2D`a(sB#6N5XxFsxzB9fAf%ii0FJ1?&+1z5<ot#r4C#5DtaVCVzwh*oVO
z*ar)srm!iU(oTmFqqC5z*g&bzY}pD=@b?H~s<Na5A2$|wwtV*D06y~DC28yq{&U&|
z^mLXLZJbWFUsk3|zM^P5ox&%1UmQ^x!hBqw@ViFzHL`sI$}xs~b&6GQ_XRJ`C6%Jj
z%n@t@bOA&F?=yEA;O-!Jc$R9J^9p00WUVuDM>f3kPDQ2UlQ-q9A+0Q^AuEoHnyyB=
z6#s)zFII9fJXiN-gw5d<ImVTJas>=j?;tdZvlGzG))%S)m~av_6-41md9sl_@1UQ*
zPBQq?`yn)cW2R!S!Mv4>Gy-%JZpm2eslunD<{=*#a8Wx0DRDA3s;nGgr6bRG<NJd+
zoEC5QQPpQRRgBO0*;0rYe^5Rh2xo3ZwWblp;UP6BXD>Q`6p_W|V*rCqFCS^8&<E+u
zD<!MZiAWjgD2Kef!aOj*8dC~HP_DHvL~5yRz_*bO_N~}5&7zTZ%Bcg&cr)*M(g8|{
zL+#LLx7QmwQxaQ=wb1W;9nO*`@Nf@n_gp4&l6n?Olvt{r+hV^BZ=5{*x4`Aj_qVwr
z7r&}BNDm?+thI%n|A_zprd8b#>(bZWd>_k_q*Lz&Zh8<UKyz3`y(Cw1JK$NY-78c3
zV0&^dpR$SX<e6xJXvv-SikoWBgc58@MvlDJ>UTl?e$IY1uA4hxn=NlTie&y)kKVyI
z6?pheaPF4T3O_t>9Kya#zXp1}vD$OfzL>4jiu`6FSUKr>WBNT9dJk_P{RGQQPw<ar
zHZYUMTxZ6iGiogDWP>gZDIku+wbLF4qRY&iMXXblKWt?LZse+DL>)gkuJO0X+jURl
zOmM0}T1{bR8W0{ETH5F&P+f+XJhRlv3!gX;Ti&0(W?}Z9MNlFR{mpWI-_~HN9k6s}
zQOaIc`gUBkK(W#A(TH}C0n{M((Sft2jPCtQuCDdu94JJT`;u@g2={N{nDo96IyAWM
zK%a=amEGw7*%{Bg!G+D7Zz*}DSRF39{W2(Exv+;UbLUJI6hb?ujLO6utkFZ4?RASt
z3DLrI3xU@LQ*{+Lj!-%L;thbJ{F4f(Z0h#y1#3QkhEQ_0?XEBHMR_FB4INtF9~RR3
zDb$H9gC*^HW+VvE<!GWl<G13d8=O<@m$1-Ov`7hEh)(DtXs46GGV81LCQTJS1f6S+
z4-xA*LPr&t^F>s*dBr0{=L>jfOezl=e!CTf3mw%qBloU}^efB=9whz@>ke;LF0zPX
zj`bh2NU<GQ#_{@%;%5mXMt;8chBgcSO<naf66vNLX+F_HaLtMsO?4nnr(jC$=}u_M
zBnoupS8ZB@MOkcZ%?rSEOP}<Ve%;=r0h7QDG5@K5@r*f65^{0NiW(vqt`(xFMWFH5
zy*8_2rJV`39}h(^U6W_enwV7uoTN(7V>k<R@e770Mo6|%I05I4vV)j4dAxz@e}!Q6
z4cX6M*BB;McSp&KnxTLn1!G0ut<qR^6LZV|sD6%+6s!I%((+~G60hUD*pM&#-&10R
z(^_<_4GTWgEiFq@Keny<plY@&anBYh#WiJxs5%2Va~=~aq!Ak9S>V1H#_yv;AmCJk
zuru^>!?6II&%Cj?>d#ekVpOleAX~76LHvS2pJ$Tn;U@m<5_X-JN7=#CX}P+5mbxXJ
zsRt9@fm7=t6OeH-7SURnD9z0;dAnZEc~YOvJzGv$Y~2!b6eAbjjs)vZ%9I|{2m~)T
zbs`SkQ{ZuE{9k-Yfhr_Eh0~;tQ`2(zSXUi?xqQ;f8)zrIq4?HLWz6>Ouag@m`d2U+
zq8~kZ8!y^|1ocuY@Cb)DmpGwDBL1$&0<znRo6?C?mItI-9*t9ra0TW%0D53=I2!|(
z4o6pdF$N*}5KjQu&}Jbg(M<7OrAbfS#6jC#p><u~ED>SF$bugPnFyw->b?kHjmap{
zba)sNDTp<c`Em??Zj1X3zf*%gOoktiLh-QFO#Dqb#uIZZhu}961|{vW<Lw3o!L>oL
zd`^EbSn409+y+7Q?egV6n5H53YQzzffva7m2otk6oqO99CQt&GsE)vI8Y92XX&U~G
z@A3MK1X(x?X6~4f`*Z3qOJ_nilqiRq)qovcP1PMj<wn>uW7YelkIprrO(VzvI(W!Y
zopllX^#Ai1AyVUMl0)80_7%#B9XrCBFv~9_50zYrrdORNkv1E~zO{-hiJtlKUYkq8
zPaM|!4(p=gtUZ^@iQ7yzC(~mT?Xk~Qhe(Qq8aYSbxLz|{M!OKf8)gf+0kw~RNGI7z
zfjB=82nq%9MVBYXe#7<{hEvmea+<?22gS847t^UFd=}ekwpLv-Boq!w6oLqPS+2o)
zz}%v?;>1u*Q-d>3F{Ti6+G!%A{Va(P)4=8Fq%0r{60VR>%=P~_%5R(}Lz?RnhXTDo
zdxa`#Jkd)&xGFgbCvjU?vTZ6`vyX#$=wG=*PS)SzGqMn8&TjcCy9B4!aIg=7-VdwC
ze`%<a7qOnb{(@(nGCi(+TNg8;|EB!wusJAyi5m?D;b39^ByRvF^)bLoTKYb@7CHEM
z_lw^-#QU=Sp)n}*Pg`~To~LqNFJ3^{ma)y%<d=l<xEIMg;#DnzPy=|k|5U;rrIW)F
zhJq|zCz*`Ws|lexZB{%E$*>@W!d3ATvKF7pMTjr4Z#}9Z)Xxl47|x8m<8#MT!lL)S
z-+uDbBdK%&1i6mx;4qH87sSu~qBN+wbJx)W{AijFKsX;*o02yXqzZ{rmOxG5m{o_=
zAT_E%w%;?kbe0NVmaV2=S$H_1e$AY4gGyB1B-Ufz{I14t8MjDxeOg?8wnEJ`jlGnQ
zQ%rsxIGBLLaUHu6B$p0G5KAg_j9LG*pFdjVm`c!@r>q)LT`HXqfvmYJpdm`7A`n!b
zn!AVa=%^DTVI*{pY%<ShmNo6;wlseKAB~4;Yr85cuj*l50fX;%gg(2Tq<us~OIEkg
zfE2%C5P!ViuU7@1z|2RkLG`f09SJD56b`|#dw9k|WdNjHhlnKn<qOK`1rKN=U&%v-
z#N&x|6e?T4&J`Wsl}4M0)5>i0z&F>!MfY?96Q+3g-5>L!gH9z(K~Pe53PN&ZWHl5d
zgmjcUMVMsS&We6NoS0>E72_ouJLc-9X8=%I?ZQW%R8rwZaD1)yfmW_tP6|-SuXP{;
z2(Cz>4=G{u1#2moKQt&<%Dddq4OCojrkzxxX{Lr<3Me9Tjdy!&&W_47@<<nwGP@Ct
zn?2#^R_5x`IHIZg-X;JJ!>e^{T3!u=fcY;^p_Cq_ErNgllkJ{TzJM#e6RiGyPYr*n
z`2Ama($9>G*DGhb1&#n->QclpeO{h5j1338TNN~%dBU|i!6a+YNwTzXGX8gtO=*04
zGFnLh8WvF7XGUhdGFlGDs!7m`<4^aMx$vbW7|qD~ygZjj!X_we*eKt@+H8Z2_|W`G
zsu9}B+sKv9%rHM<Sw+@6pDQ-Ih84LFCMEF_KYKBrcZl(mJ!&1uO^dWwB1pfl?oF%*
z%>yo%NM(8{sXbNn`D@jLTrJ#B^1e<gqm-S1N52J#wJv^@P`6@ySd61Hcx<5R-66p-
zj;$t<#Xk)=cG}MBd*-4|*-P%3N`IZ0&07q`4bx`S)VYCQBoQna31%sQe$Y&L#j;H|
zlx+J%^@fCQUeSyiAtB*3>G9ECAlmnZF1Th!nJQWBqD0x2`de*)#oh!!Q{gmdJwzET
zoyjfdg-Lh$lmv*_wNNxy(0k>+aK4RFWVP|G&Y|6<9^N%UmBc_7Ga3w;A(<%H^i-li
zcmD)=n{`mNM{A2QqV@4>l_Agv1eWtxyJtrN-hljm`IZ%A(&^JG#cDN9F4q^xo_%n7
zh_H3|`sR|IAjflRrR(uJ3<D*^C@CWi_=TWk8}QheN15=~s2e_GSXFJ;U%){mEswz~
z(0&Coo4bTKlah}l3FmhVik1ocnPt@L3B!e`-0azhB9B%hgk2`-ARtz9syz_;KlPrD
zVw)K$8s-{Jg<EB@;Q~cXRraXRW&?3c;x)ejX@>WNN4$t(6%)P8w@29oN4+C*y2mo<
zT1!?L9VhLk)L;l9EhoBgwg~z{&bEcVBu=BO_rr--;_NQ&t*<L8Oc;z;{<dlx{0|go
z(~r|`xL??q#LcP#JknQ(o<OmM&Y;-3(D@c#5j1?E;S=g_T*7g_X4InLT&5Pb@OWtK
zb2n5=HOUoHVesM)dt*)0&n5_FeH)!?tkO(fh`^Cqf!$p8nj6!<VDU!rmq}8PXWDwO
z>Zg{NSlf(>S_+{Y1rEgu7Fwp>Xyr3yGfpz+YkRf_P7lLwyB*Eno(ZNW27RBHx~aba
zmfNMjT|ZMM^PnIv<uToHFB(#b$lW$6RsM>C84+HxdInxxyl|;PRvPzyE8f)e>P4~=
zI1z;>uvuHvu>eWPucaDrRqa(^iqH-du_wVdn#zi8{BRn`m;j(vgaPBD3zf=p6Q*k)
zS!XU+(MRm0Q%Oj=YErqWZd+PpB0TTi8s&U^wGw!iw}nN<a=@S6NppItP;4RVKdK$b
z>_68s_-;RlizUrmPm|Y$ZeG7@Ye_DznUm@gg>jorYe=_8nziHI6eah~SfQ$f-QZ$~
z{5Tvg`Geg=ZIs9m@Jj3swDnuJ`_E?BQ-}%jMBu+16mGMaPyVs=87fb68%pUY^AxOl
z+PiD5YpLXpKNU@5W)7b=!ZJkh(eP+?&I&Y^OxbL+nE<g#P9HGqj9?<>QlpcNX>>#$
zUZ2q2asikPJa{{8>I{$IB7wAp3>~PT86mM!+RZu(NZ8lpUqc&berE!rw~iN#`EdeQ
zkzv;MY(0v{hl6`q**0)Spa`F-EDLsL(V2BfR`?<?Y_iTf{9y8xd2^(0Km|eXm3BM%
zRbeoA)#{lwRtF}m;w(8O5kMVU-Xzp}MbRN-p$RAVwj&ms&%a!MqS}d7S7Su>67>+n
z=rcbvbOj-OyKm4SNh49-iv}dAlCFoE{Zi#2`$#fd;xM7l&ld@i^<&qBbyMWx39l?(
z=^D7nfnKR8h%@@nVnl}k7?nUCReZM{Cx4(JwMLl(B1$`Y$#lPoij37Ey<0G};5eut
zyo(5c{fFKG<KY%gtbJj8!hg#2)rvG9PKe&$4no_0t4&g{p<0e89KX*OEs@WdVz~KP
z18~<g1p5=v<jBsL7Fmmg3UF8B8JlxhI0h?0CVkq_s1x-jM5M&+PmkkhduX^yOL0R6
zG(i&E_JXHN!9pAg=IJ9=IP|ilK^akjgM9X&!WOLrOrG{L5f`ADk5y{9l#Zsq1oMYg
z5C097u)yliH(<toHw7rpN`ezcP|ULY2lV@Kqmv4L_!7L|TH7@x{6!~2)-nyBy7}ki
zL<v7C4T(l-2vV~#%;&TJtR2b%yF+{&Xb}%hASlJ0fXX;U_Tobg-EW}fVKKLy)-K{n
zQ_+xd<Lg&7^{1Z!c}p<*o_p6lf({Ehp@TwGjjeJso!G#d_}WJr=NBMRB|8&HD*VU5
z<I~BSWDooemwcCcTsd>f$yba6JKA_z_-CmYukP*$QiCf-M&7DvHzL#CK33GW$K~ro
z7?EzB+{bc;G)JyDHV%cyqZ0O@E;YGKzltOdV0TjUw%y=QEJnND5H!~<R;dH)#PYuz
zIO2RRNP!(LOMDYHD1R#sYAugw@tvY%vYRAOu2`UL06HU@3vuM!#Tl!K^x0(N+v3r=
zMD}qFMig6`Ex7}(w1!g#q1e`WG5sOLR$V5RaleN~;#cgP5y5J4Sh#cpp{45lfMCx%
zc}UWCUbbZU*%QlrwEdMV>c638+s1dI?|aezKt^2oJ>~0N89vHH+O9i711vUm)bFdt
zEb4J0{}d~urEn!`A4E-XZ9zjenAP(EEiy>5GRCw*Ml%pkIki`fAcID1?yRfB0$ks0
zm3k*^S3R@*GcxzJz_0m>4@^t3sIL6tZ`)x&Hp^Fmu6oFRI1=fm@7XFiMKMb`X%=`s
zm-jF#=|Z*E^AUVL7ATnFkQ~&c;;Jl`v(?;;Few|OvUvxRX^F0~r{$|NYrpg_*+<Rx
zo))CnBJy_VPzI1<n~dp1y&Qj|u@aH_lzAn_vR<75kFxG`o=Y^E<>-3WLf-tLUz7a%
z({N!ar!%JUS=RFsr@loe)ZR6Zd^;Ikm{|lGl^y7=1J!mK?TpX7e^Tv0o?puHG2K0@
z@7LlF?M8t7WgGrJS6R{CeZv^}DIT!QdJo=tHI@SB2$%+?LEkxo<+5oADV%i<;v{nE
z$fOB;JaZBdUUI&V<iVZN_R_4Py9Npp3bM>G9aLrUJYh7C-GJqR)E>89oL**$VUk+C
z_)<c@dh;g@>hv-wBgBacdZ)|MfSqV{h^qz(5M@v(Z{H@>4EFPi)K!0?g1Tn!2@$nP
zsNjcXbD|S-516y@NV-`Fq>fkF!!s*R>~r(pKeb^W=UjES0DT$ktjL6^k*)Gab{@4W
zW2?4FBS|h*G05_cJiaIY8Ui4-lp0^(B4p_DwAkXRfx8vK>8O!}Sme7=-Q5<4vcdXn
z;3z$u6preT|6^wN_>@)`0~Co(ACh8SwN<N$FA&9TEjYP%`uMliaJm=i7?r_z?d(V+
zfPA^hxvo&CvYCz+8#}hDjWgk_tWg@of?xFks$bcRfapEbV{&~5JYQKG9MPO!7fJvO
z!*#$x2449-X&Lqf6lUXpFrraw+l$F%+l7tF!;KLE0M=hL+IgF5TR4q+rulCw-D&i`
zgge(59(g-O9jnz8ZGYaxy!bVG`!yH$G<c7FnE(simC{|(6a^G_eMFJQVMk`C_&#?Z
zKGK5zH<55x?OaV*GbFVDshXuUJ;eHe3txn{et_L??ab>Ne6x%m(e3<Rqcso`%0WL?
z{LXZBMr|4~`4fmAPDmDvD*jXdRTvFbl$8|8G)?jyIB%a6ghC0$exr(ewLs|(R??%4
zw4rysAzqnMbZm!u`$T@@(s&Z&Z^+VAdwn*f@rw+fCq*?6*bTdkhgP7z^v7olyZu&r
zD8`}g>%}kxvHvx!zyHM8bUO}nvwSgsWJ{oe2RKKd+J2<Gag`K_hsZt+j}jAf0I9WK
zvdsKMZxQWc;g=yB^W$ROr~P~EAq4G3T9ZNOa?{jyOomKfsJ6Yl@)cD<vBLVccpziU
z2+Ai?6(cr=>QTS*<_@Pr8a?UJH02V~S_iHN%C2wgf_qcjOU@H?ip+z2ujn3F7v{(%
zrQk#<&T*jJA<a76WYnk}NyvK5XC?(!&r)^!WN<V%RD7Ig4WXlR#Rry<75~4P?Q1=F
zl70xZUjdH65u`olQAVQ!=_~TZI5QjRVOu$B1Is4?KN|`X;>VVu4ii=;YmzXeb0!wO
zDt^MFh)=bL%oMl69+Y>F(e*Ip48z&K-*8#0kmFy^8B2-&J8lfnJ~81dU25E|t*VNW
zjI^h=pk6y4*f481@&6+|-sLZDH@4NKkjv-2zlKj^8BzKr=Bt!x6j-{xm$E)Fc=M0s
z?DX}BBL+sZfx|@vK9egAZ=O%fq-)>UIylD<Ij3lk-EbS&>N}(}jE1IyG-n)&?Qbaa
ztT*#Mnv_!)psHv~f|?YlvjZ+J6`d_gqN)<uck0D&!Kz~Ret*2Nsv7auNGjVn+S=0n
zYr%h{#bNI{x6_SNKu2$pKi*?B!#;QW?OH$ul}kv#Z|(uw;PM=s?+&FV^#`7c9%b<0
zlPzlCx^%!4jIsy~|4<hAia7#{KmavrrU=O`UnYh1eVq59f`=MF5b8c#Hq)0Q_PhDC
zZ7#0mC$Rg+XwhLb2f2$XR_ZZOF*28T(D-26wgqwKNfw)>M4-}V+V$~-W;J*3zmR6l
zA;ch+<n!N$g>xMr2F~7NML`<(0C(5pcxd>06)tsli>C~nte->rYxX1^-O$CREpP8o
zMVNX8vNSzvxp~^gFZ>eNLA~!GL~*;Iu>+YF>(53rJMxRe`Q@nM4VV@IFqr9OuxGmp
z+V#f7-pAX6#l#f6du}ddwDP5c6_GqRNd2<Myp~vG@vr==sR7h~5k&`}&aSu>p9?Cp
zGB)_u@1XY!1$ebgVhU)-Pv7tnZ_s!`slgs$-l95d7)P2+ptQzUO<IjPSpGvV#%EPP
zwMw|EcQ+?Q0U{V0w+Z;HOzuLD_G&Y)oj>E^HetR$M+emeqJk?_qH~dBr${k;K^Ry-
z&OtaJHUBE(R#MT04N_3hmC+TwTiWM$3pAn^6vB=*yaGAp*$*-)#x^`QP1zL6P|S8k
zReIIyxB_jkDk;oB-MCkjerZJTB*W?ve{z>l-KNv2?+*!ylnQM}{hy{A`UkhQG3M>C
z?VJ#9zpnAFn`J0CcfyPrcSLJX?Ca9;HYoecDNDpg&AkqMUS%K4vB^&gRHM~*rFvXG
zQGPu#aUTVimaHl8y$&i{Pc0qe_-`|624b5$lyLU!UVplO;>(ihkn<u;y*MeLajAXc
zIW0BLC5^edaRBV7UIvPjwSeoY^ev;()+t~rNNt(aC6@XCpOj`@QjkbLjvjG^A=(3`
z-s%j7kj}EGC{4C%;tDwO<1v@_6pOZ6qQj^L^&a|HSV#MpxU2)6=faxz;oa6ilhYBD
z(+B24JHbf`l`Q|G>+Km2ia|#$?@s2%3>IvtQJwl_ZS{TE%)PzeP!PifS$2w?3`7r0
z$&K?lA`P(cm>Til#GALBt-D`F{AdvUJJ5r`o^29tBHgURKg~(t{Nh{N>%(viu>d#p
zRd`%q`a3yO$T$xLQ^~#ojR~6gU@<HPr7rJ2Y@kBvTNk^ir#0^tp?2Rj%=3Du5OMG!
zw41HPeK%G^2i;c~W&)q=JyshxuMJF9ao(=t;P@})XP#hS<82QvKZW!}0RQMAL|f#<
z?oW+G#AhyJTS!2;_zmAs1g*>YyD}6XlTEj^s{pL1TN%I{oF^Z8Kt}@%*8>PjwK67%
z7eCUB@HcCgCVlstVTc-$5_HR2{uM<nf1tioY<H)^1X)ZEU5;Ak&P{`TXN0xS(y0J)
z(e{dKMoz2&OhSO47xN-PxsuJBa4pNEQPP1=I?b%@PQ{e7MR1i=+A}|M%~I=)6>6N?
zu@SFVrr;J`ak5Y-k9LB{p%{Nf)uJoNf!Y$8(&XB7meys*M9oh5=-(h%rUi9QC9IYb
zdIX%}-$JGOrL%2BF1XaE;^*F0^gEc*Uf}N5jQeDnqE)N(AbgJMeP%-jtB)U|LA2Cn
z5+%LH03V`+9{>WK?sg8`2>%AwCq=$nHeeypha?vv{?Qimc{kp3pgTyGzZT^unk8Eg
z3i=y>S78tTi2vW8Pd#(>c8NS$*zUJY4DW9G&*52#oT7ifU)jBZGjy#z$(baz&cp9Y
z$N#3h_|NXP%V+TSJXw8oE8^ihTbuAAjx*TNK`yO0tPmD1S@FN1fCs|{qHbtT_;zhj
zwsLCnh%-%MtOWErG?kDP^%%V(vS~9(&k0me?2onIJ+<sLs-W3~A?1WC<m$Q#U>l~t
z(xM_7{mIzNBB_ggD6#KygH`{pwRJiD7_RM10xp5KOpmUBHnH0I>)TOj_Tj-V3JRli
zIkWc?T=M1#JeU?C9^kh^pJ|JQ8i3%)ocv*=J$H}1sGGi_6P5m9B`01UEKKKg^H5cQ
zs9!@G>eR^d8fey074KDH(7B;vo3}y8O!9u&Qf97LY+|Ra2&QsuvXvp4Q&5IV3mH!-
zh9HV5e;Uk(mW50}zg=v&fdc@CGAFK*-Lh}up{^sV23hbhJ?Ud3V%r-xQ*2++n?kaw
zFTnzbHbrQhe6j_{g6L*#{U!9pp!%mZQ3sULdz`B1)sbuH-jA~}ltSYrk`L@&_AvNK
zo;Bm|$WxLgJaWZEU0p4LTN5XXr7putbVW5=;al+?-IJ!1_7_?(BQd)G@ub-%<cK@e
zb3;vaWpNy0w<33IL^OBAVEA7dJGAT*bOL*A$4DGpf4ab>pbMogOahAKP29pgAkhU&
z<G+dn41w80+{d4i<sSPy-sq)?;Yy;qH$q|D@A>1&H2>}^lau6p-64ve`Z&@yk5_29
z>?Xqa;M#)9P(i%B=_KnC81vg1<{O)K|5WgSff<yocBKt4E6V0h@=spm{*%n$9|L@Z
z_I)FxEiXDj0v+?T6BW#t&K&8SWbP<FOrS(}N^Wz+5EkU%{9DloXxuawpN}?fuuJTh
zB??a48pK;d2U}4bZY5x6v^L1U@_>$ABiBM!I}j}VXu$0b{5CW?*a}TMHnZ_*qHo&8
zj-Rt{2`4U+mtn|tZ4tA%0SIaF&RE+~7<W^|NoA(+;57>pb?APE((CFQq-D6D9Ow|H
zcx(51T$C42UV?}(ukhTG#XKo>xG&?RaKc$NyuYt<(CIg&lkiq+2{8mR;7^%r5C+@O
zfK8jQGkTxh7a+;p$D%hur>`n@6x%Ki&q5;A=!!V&8n12_P{!*{AuX9G3X*6x==|Sk
zinzF`${g3gk!!g6A|+|-lrp77=kAMDU~`3?i6Iz2{~Ja?9+G5(4+RkrkX6;Qe0wSk
z&X0&t2$6<r3rg|HMPV`+1r&X4)!)=f$^NV!c<~A(i7)B;*=Uk}M$V9A0A`VLeZImX
zR5x3l*>5XLJ4?r!DdnVF(e_&~P|}OyYgnK|zGCk3^-+LUEiXNz>B)nHTI+LA4}X#=
z=xXzi;Mk9eFJ(g>9vmvR+B&t}ql0uck&V%zq*q!|0*K6#^qz)>)qcAM{*LB~#2*KH
zkwrhO!nbH%uKYGOh)R4%^p?@Ck~v?bb*)UZq-pmT+%*1cQ>3{ba#tXXl4#Xqh1kfB
z(1V!WJlOsAI5v%pk2Ow_n&-l?h37)2-9xnmCI*&(A}xOJ%*R>DJ=pMHvzXxk-Twy_
z*CAu8_&G_<5>Xkw^7-99Gxpw%JtT&nyRs(jIpi}Zv2!NR@@~hbP2!HJN}&9gi00up
zw%QpKaxb_}Bt<HZU;+i;szKBDHGePtas|<wm}HM^b`rsn;x!KT%X_IKpSj(1ZK{p2
z5gE*E6~o_-xzp}FlmjTAC+_^Ai8vw5JlyXiHu`u%&(Iy~${)cO^+psucN2uNEiJn_
zAKz-Cx#FQ#d=sPTYK7e`t$1`{vz}#t`GCObr*P!@4;ZqzFwDAjGGh~kQ?u%{*`~Cx
zWFC=q))u>7VLDa>4@@qicmI0rK2Fx{JXx;hw&I4=jatRU%p22LM942#y~XjSV+`jo
zh<N;x3H|PmMx7<;X_gs-;YO_z4dK~V6*{78rw98wV<qvtnEVS2A$go&etv4^c~I7>
zG4eWMM5UiK%WoJIL!N7<=zDvO_Z#X$Cv?_p^Af-G3)kw?5pgIFU4zgEXk!D!5ea$@
zZn3DVB`35E`bN%&eJrEKJoS!&a1%+eiY{U^+_do5KW2-?EkIXjNUU!u8+4R>kbOm&
zH(q=r5hhB_Qvgx4xk;-Ta-0Ie9&g%^v84AmIA?N*PU;O2k0UzHxkUA7P0Ok*njCs%
z!Sa7g=F}fU{hYaGm=IzXMIH`z%kHey*2*xw$bS6cs}XvI&cgM6psM%c3GOG--`!7x
zrV<n!MbotY(tIvjm9{JGr8^u>JP^S|)!Z6eeU}E7t<0y$+06~lm?;ae+GQL8u~6M+
z<>gNNuoCwIjtw$v^?PJgkzJ|bEJDXX^MTZ1I3pRDcL-t=(BlTfaonJ#1D?~BuI)%0
zSFCQAKwmx$XDWPC=<vrrICGKcH&Cvy*;y9!&152%d@0C9eS^G7W<}2;I$la|sJ2yU
z=I$ubn<J*EFvFj<DD{3OI;iGZ?Rzbao4j;qm|Mbr201$yj4Z1vS4Lbgf)W?r`K8c2
zDjf}#R3W|whhPUk4=}L$`H^`U{F8E@N#+4amWE$J68ipL$mApWy-h2M+y_E*;|P^>
zl+U0h+`I$cE+ZwkFF=hPC=1lq{pDH9YsXu{e6R&{Z-9Vq(~<qHaO)usaZ!gzhb<-n
zLUBaL!aqLv-QU$M%b>lrh6W341mVZ(M`4>xi2@VP{O*F&un{%#M{(8`dgy4XIk2x;
z`u)>oh`AT8D1(35vb>?m{_pz!jMTcwzZ*7hTC>^xcC)IS76)CI`MBMT`2qx5#3cZN
z?6IX>ZO+Jo8Lv8l@6U_`1#=LoAXH37K2MPoP%B1&DVOReqyt+tyb)C&Uft%Q6WuxK
z2~xzYR7a7SsxwiMOa>v}`7pw&LeQu7G7+XeWC~ep+y2856VHZY_PC=r<GvjTgu3<a
zug{5subf;DMyNTcS@<iRLq^i)Nd&(n(;$T1@1BDQKtL^B)b!}qY*+3LbWsoBBo7FV
zozYn&M+lPQy9%fsbwGa2#@0vTP@;rP;dBJLCs<(Q!+T4bRIt6BcP2z2GSG3h5LUuZ
zto5(dc7e-$p0lY)08z<;8&x+(3*$FP9-0q(?PJbh(zw_!1Y#KoakNK_2H?h5+y(kd
z)9ij%q?HHdb_hVL-?De7EF)O1fiZ6BvW|9dZH`FoXbR4->miR;5|%~lM4zOxRNE3o
z(UJmom)w4#oI{ehhhhk`@Y6BBy~<OP(X$$>pcM;pC-MTO1VvP!{*wQZiYGDX;gtqu
zwc=-_9{R0}TqjN=e=Tdw1Qte8u)RTcnW5<+3Wkm>F3aUlfD*+OOvLK-ik-AeQ}k#L
zD|nnvf3Gg-C$r`u9OqA<Xal=P;I?X|r=j_ds3iM4+wOSPydHe}>2Z#Va7Mam@6jV6
z2hv-)FZyFB@ibzF=!ufUVlv5E7Ef$A+`hSN2U8-`aim@#06JWe872ipB&)Q*6HnBG
zmYvT_R;I#B0T+>ply~SdtkUj>T#`Kl4a?}TZA9#7nW6<AfwO$V448!&CF?}y)r8qq
znFrRe>YlVzx2r}?4O;7@Iyv7&S30hxsO<Pt1wwV;5|8NbX#gRMKxiX#xnn`@*tumD
z&D2BmkOKLy^XjOyb1FHWFyAj<gwfso2sPKppw6qoH|j#M$s;h?41M<h=Oz{)f-eN|
zRd@)FE#>?Q!@RzAU<)hot1&xcYd%TXbiuPJ-6^i#Qe7ng3W1cmCdD(`JSot-g&MWx
zu2SI|(yec2pi#i{iM_s^q&n^2q8Mji#`YSZV3cgbqhXI(jIhTVe>7<jqhpRn5GfEO
z>7!eWGAflWq7(Ij_NngwS27G{+D~1H+H)ECjg+Kui2XaPp4`tau?)cf$Zb}R+Wo(-
z|5}o;*8*CkKn8}~xqVPt?4CMJ!PfFhy92qJ{QcB4=<LuRc1V^GPpZK8uY=x<7IgF*
zm(hh5(R|=wV!$aO>LD9)mzaE7>ocbT#Vl!cQ{)s#4hu>)&Bk_fkX(@2nGNJg5baB(
z(=;P6G5u@P2M4lc4wGs6u!h~wAJ<)->+%W9gM-Q7uS6<4uWv>0lIGRGkt?<8nn|l7
z864J@TLJUgbN&BbqBxv4s!aI9=$rzQtO|Q)FCiUqU)En3Kl$T^U467=;Va0BtW(W+
z0r5j6xy*T^;--i0KAy`T_-(}sgk&(ilV+d+C}{l<>BqHXrjYNEpfHun_me>C<*L^F
z{7{;Z?9~G)zi#)M@E<#TT*~JNg2vn=pTvNflenuPVNsh^BD3;^h+;PRm+iwXhsS4A
z+AmF6P_qG;t-N0ORb8)od#{nJ%~QL5+yD4-BML|%(gfc`e}dnV7{Zbw=@(N-dF!<;
z<R%-hKTV=snV1Ni!QTtpVV9ePZG>WE0o=9oj~HRbnK690v>X|sq-J3EE=daTv&<Rt
z6WpfAzbt}JH2AP7;$uqL&dcI6xcnB24K~CG=su;3G#>xsbc(h`|8VwZ(dzd^bo1C=
zD2Gehs>2|Do3U|tQ?^OLlW`uA)LI-`@OAUh8K$v3D3!RuSla$NaCdrlj+p$5QCDcA
z;4Q-DRx7Q*h!B<%&t%V3k+%tcBjnteSd`u{H}Gr@c8B&1SZwmCg>cfYqXAPqm$48e
z4Ejpbd6byI?Q8rhAo(5yk+L!j2Uvy3o?*Ib8Qe&TU-^;;y(2*=xrei@`rb?W*UJN9
zbiKimMqnvZ6ydp1%J#kb<UOE7@<V!)(K@|5fzpL&&DR<S*6(IkT1O-Vl4~sfyvn%#
zcfK_TTUnbNp<V?#jRBF0`O*e;Jrnf7kJN^Ei!=ilZNj)~Cp2>hGD+T-r23Bh{};cs
zt}9E(n*vTwFj$vdGI4QUKaHX?Cp`r*SP-(<Wi_$Vkeqp{C~A2_fptHLSLz9P^GqSM
z!*=IV7`KfN(OP=(dLjk53Uf>uHZEW7P09;q#}AmfO%_=ZYp66~k0Q-FU8WEemsVcV
z4mzhIfYMe>Kjuio<0=mn0@NTaJofIfV1B`1Yi3fC*C7;-)HahlbgH%f^Sb}FRUm$&
z{JG3UN$BZH!_K|#cjR0?&Wt6{e^Jw(xu;2Twf5}+K~HQv{8dGEMkqs4TRLsy7v9LT
z->MhhJJ78Cyr_6#I5hn@{qxr>>t~e*AX1DqUZjIy!&@u0G3r+<tbN#!VtpX|>%>hI
z3$<49a%)pxs8tOdUvD0377B<?{p@!lSg|y=3GRqxE^1_c6yZBY6z6>bc!G-p=S@L7
z@BuY2FPfteg4Qb<k#_y^WL#?i)q`BSz-CT<8oVA*q3(KVZ_Z0fTgb))E?S3{@bg3M
z#XTp;lSqVXjb_Fx+%WhsKnq$(zoX&@=ou~)>v^*Yg18n4c8<VrnR`^jljT(<)oS>1
z#Ju1DR}C1q)Xwz1#6vOYVi*Y)brat~#i^>j4n>zx)c~1!W`$<USiUkaBoIW;xhkqy
zSC6sZiBSXSi4McJBkX}ezj-)DPI(e!LD3V3h)LT=EYY<xBFoEh0RLxbX!rLt1@`S_
z=Q%3J9I5}F`{Qs)TPR($t1I#ffgTDAhxRJY3L-w1(;}Aq_C`8|qd#Z4=(KV(5#N~~
z1Z@Z{q4Zi;uc5J47NuPH&DK-YZRW*({Z;}^4P%sK^=EAPj?d5qT%$~66-4f=WizWF
zw48j2H?}^lPS|-y!V*y$$Z6=)lTK&f>ac|`yD{b!J_0_E{szv(5to*b)Z)6#_%v0T
zAMbp{Of{jRdR$Bxs!HgZMuS<A_b+^TJ!(g<)|7#6!gP<?EYLtLIA;7A+X0+!l^tS{
z*9y$sE=;Hnu0uymndt!7X+<^ilxpS67yQv8`=e@ruXZPP(_vP-t2-$sD8|%Icmoac
zWEIL49Emzy2mS_ky9xz}&Fzbpa|4t@mQ|3RG5TRkal$bWeH73!yH6KvpBf+cdg(Ci
zB1(>Rlc(Wn_FR5}aEo<PY8}ZqvUKQt2>1B5Jdq{jwt6N_@EM2z1_WkkWo|FAw>BIg
zTO?>~DQwo@dzsMWzWI$ZnKi5sFgeIASUk#K&J&pn)1ZhTU3bW%&n<KE*NsW6+xDq{
zFCAz0w5YTqOJumZ^%)dm$xru!JOSJN=XPlmJ_9v+)Uzi_*ET5l|H6(BURhv=CAwB<
zi21USo0&k*!aGFS2@8?926_R`=g|TNLWu%16Ke)xq7g-h&2C_|1fJki4QI01?5=EN
zIVzYmpiH+hMl$Nj_ssijeww^<u+B|W_rNUaa%P4FP_*}Is*$PG=v1LJ)t5#`WbT0}
z9w`a}2Fk1zI^zZcArEfL9CY4c?CGZk<sz`H+PD6dU$F9(jV#2(TZIUKnYJpV{)P-i
zn(g1(EnV8boH1tIV)SAh&Iy2Ql|Tbt*&3ePgSJeYN5O*Z3B<V#ZZ)*~X}^03C{Zc@
z^x@naQk)#9`SE^DK$FO?9Y^V(e`wB>oU3U&p^b;bQB2*ErBRVr0$Lehz}qz!SzDC&
zTtBqYi83DS_>bbRMxG>RNB5&=V`;zr?sME(-#{72{?l)3OUv3jNYl1(K$s@;Oewl)
z@)`R88ySh!Fb(~wMiH!NtA0L^T`BVp%$zHKP9)n{4B^8CMY&Q|SLj~(S72sO-98%=
zSWo!u_LLLdOs@e2kOyHi91;q2gc2vp1MxLoI0mB2Q<7=3$j}|Kzk>~p7sl#j(*~kR
zB1cmoYx<%xU{DVz0S&8Nidwpyi&@-urZKYGxF(02`G3M#=O^kU5o83(0KffL?$lq&
z^<s)jT^LvcD@3?K49#xmE`#H^l1s&VF_LGX+fsn6OS>Pn{yANba=k1ZuV4Q>d=F~r
z@low4-DK}S$m}Sk{$T~ZEA08U6d|=>cA!%73Z|?Gd}WPboVH6p$`dV1C!9u@DOS!r
ztPP!QzL0lSdPUNTPhrXiL0x3QDYNlFT5BqjI4cK-q#iT`KYIqeO_gmf@X0$5m16?P
zF70|uLvs^I<iaAH_>2-2G%@gf;pNeuUuSwjZ>XqTK@Q~<-D7)Z%N7OD=)|^d+wRy_
z$F^<Twr$(CZQJblzW2j;_Al6~sx@cfE-KUIR)mo0Ho{i!QiH|frfq>zt2$+|GzNRQ
zXLL+H*o<la^ut=~N@v;HFXD|?6G=$t(N2T09{u2AoK8Qy2wG>EL{Q91<nDDg7#Ais
z^`eXbS&05nbY9|=k-awLd<Q1==qv$4k)~|wv&{$MaWhXbh{c!%iGyegv^CYOh>o&x
zFZahA=z+Hd$<&skf(hiI)O-8BYG4>XS&(BwZ(8LVdJ!Bm%|wN((g?ovQ;$Q)kufuN
zGB1I|UhM!dLA>t$HyQPbFH+j2<BuhT)mbAGyHnyoOntTilIP3jKs_|vH8^$>8AwZ|
zbtiou$4+V;U&LSAW2qcC*dtALdh_{1nYZ9sc8dnbETVA>P_HC<nC=?sL`U*6r<$M^
z{_}58r!o7Qi|;QzR)&qd%LO#~`NTk{U{q0e=#qG^pkQIP&q7fS{xjYbPzkALQ2vlk
z#6PyV$|8{RRA&9YiFfwJfYR((HX5Opk(ULit>3>b_fOVU?XJ-MLXZc}ZWRRlU%xVe
zR(G%4)`PnKbDYK{s031^JWjOp>%ibGk(or`PW=Xkf}z%9J{n~w?Vs$Qf-gK9n%E3`
zd1Vd(;~jt2VdBBTQxnLRQG*f2<C6Z)@~-jJY40@8sQuHGf)&$2_^4^W_81ku5IV55
zJy=WKyns=(UoQO9B$Sc~s`?3Z)_Dy|5x?A^g8q|9ZjVDk9}VdwNm*%xCf}agPC7<4
zsOjy6%N|YFETf13Rq;eBND5*l?25(Kw?nZa81gW%9q3ztALXd6o4lnFiY#|j91l?p
z)~m~w_!T7Fzry+uE5f23%{3pW8jKdG1{w2|yWgK$o*7}{>pyiNLrO;YM(5?$6>g;5
zo+NiL=ve}C>j^?{VVGyC9{Gv^-1jahmzF*BPTdT-tmRSWom<dEnh8!*ByPs^3!<PQ
z4ZSey#Fck}+CpuSc^0>^*fi1Z)M5onSn)OTrh-Q1r@QAZ>k>d=40ucun(5Ldq=#^f
z#=7*k-ux=Kvr5QE`H9Ks|0{1WS61zOIlXBy#qySk#G!pevx+vK*9NI~fB$~Had|N(
zMs@d2hf}odugQdPZ)7AiRG@f%DoEyP;ltEpOW<Yuz#h?v?0V5#4@qdv$q3%x+N!gS
zad@EI;aJI|;X$hW5*AAJN9Hy#(n|HecMio*q(qImG7k?jmIMK!X+^|WH{4t@ytb8j
zgS8!PWBTdRFd2IoT!YSyz*5<j61#X$tR9C}Rbctvs_B<*OZJlOWwkhlIQyQAe8;-x
z5v=>qJy)D*{%+OGvOjM8`rhQzFtbu^HftCXbQ=GeYY+)RFp72W%hEiv+*vz*Rx6Gb
zP<IG-J@dTi;AEYrm<}O!OMXnawAh9Iu#ZbSHrg@fGC4}E%9Hc1UJSLC(iv{_CcJ}P
z1upSU4#nb+W%y4w+?4o3_bXT^;l2-8E@?wIxR_q3b{1I#od3iy0WyWL9E_h8W$e<A
zk5T1hwDKvij{aML)_0>{;Gn)N9Ro(RX(nODp~&}2P_5haY~FXK5x%L;2l5&NIG#c{
z27&Z3NlER2t3KI@zS_<UfwFyEX0fGMTX*v`+_0u>C8lpQOV{DWu|w#1=`})az{uH)
zNa-WhnPkVSECmBOiIpNX;<3<eE!C;5YMBN`wUJo3+}G#an9j=+)Yb^yb#|E8i|5aa
zjIN65dFi8@t8<7sVd8?$kT!Ro1ta4`Vm*SBWe-dFq4LqE5%)Z@Q67}?o#DiU#>U0*
zCu)JPrVO&_GhBVpPRu?0s-dL*ZABhk*T;4Uf1H@kJTa@uT$M-{6sx054%@vJ$n}ds
zcB_*Ov7_lX3buFwQ_Rr8Nmwqymb;ao>}Sy&^^&#5bs|<Nlh7)CI|)md(VbZX(SLLh
zs5;J5A<UW$iGb0}77dMQXneI4FE1ddd1+O3Jr0bO_3wbaF{<|lji5V8L`FDLoXeT*
zM6{_wUZGlO*DE$KlIs(KqCjI?-Sg#ezd25u0V=g)L5CwW21Vxs8jCMG_%Y&)8J)GB
z$Hl^^CRY5Z#{T7o&Nk)+eu&5H8ev4(><=N>|Dfr+-^Zxh!9cqBychB2DJ;V-DgN_^
zt7MqUQMvskGgi6d4m%)gunC6G_a7Z4?s~Jfs*L+7yc~+We&GML=AJ>V_nwBDU)VwC
zq=s~4s#-4c@!l3)0(8}5ZplH@){g2ZY%2=h1_r%ZTc`)1vm(<}+>Zjmd#{|W)@tk;
zj9~9`za`T#r0N?vp)fxMOt_@`wML)zEf8F{3+(IN!w>epGwEyk6`SmDVPT%l-V)tc
z@U|UY{&zYYp3F%1g~A@4oa*qOrol?rY3hZf=zwI_0C(lds#wgd?(bIqBj8_WD|fRc
zNCDi1%0t@tu<mTMSH$htP0haOFRc#ya9{r$knTixBlCmw#+&&@+Uw437&l>4+Z9w8
zxG2Liy?IP^Si076n7RYJdwYw1Pjg*P<qNk6MUwwqd__YLk@(LSP@W2+l^u#VBfg)&
z=<YPTfQ#`Ak*{&8sIrz-K>)Hw=PICncv@#}$qP)c$DuN~DzqRsIY*c7sA1Jtb7dU|
zdV)sBT8F(8(LA^?ij}6&KWr#8{r9aht5L-wKw_0k3k{G$j!{Qjb{P={d9ilzH^C;>
zMBMD{WAyA85Y)YUeI%03MFk@h@MS3?<3o0;aR0~0gXkL_|3(04Y*@`Q5gqk0F;aCC
z7<)R=#gHw>8BTczRh)ba!&D}l=VwoO=#R)koEeEWgqB%t$}5ux^LC=cP?7EexbArI
zKFm{b^5=xI+iMn4Zx^h@yNcT)?T4=)t?o}ng(8olvxFsRF=8;sS{mufL=p`tdG6f#
zz>SANr<)<lhFBNTOO$L?e~KBF2M>DxErzZxcaxbfQy3_Z{6^ndvmYItUk<D^7t|ft
zBV-OM{^<;59JvuO3TU7wPmzN$oULdy*gs#)h|--<CIK)|+t&!Lg>DfQdap5%7%??<
z_FWY3PZ7AwtXZ3&BALz$d3EVqU8bZV=Mzyf=?5gZ=7JSWJEyd8)jMI{<|s%crTmX)
zR+<-FhIsjXF0<&eHc@U3u6;G`_<;yGJlf7ENL)6ae0=?BVoNVgdQ>8<WGI3H|G<0E
zzXVyrh^XPVzLCBj$6+^&B=ft)e>Zh&k3yK|S%D6Gvk|IY)#vAcsJsl9=$0+@8S0w<
z&<1REBpZm<X9DloRtCmxFlT}Ybgdz$ITvRAsFz%1G<4e_3!yi7gfc{Lm0%p=`s6~q
z6x6=eqJ9@nR;2ACX}1_#7helmSlb0o1r8&u59Jw79w6c{HV1#)S8#a5bp)9Qu&w+6
z2@Zp-YV)MX?kXU0M9l1Fc`{x*Ch>+OZsJcr1L+GA?v@L)hBO)BndpiN1|3I=LP~sZ
zYMx4GU%EJpDX=E`b96Fd?_x6*k;zcdb_~jJj%>`7x@lO9s%``n!8Ui8cqy<3^3w8O
zjwBYKjBHya@4pM2X(TAi%Vr3-_Fvfb>HkT#WRHG=Rg^=fwGGt?A0%h9_hsPRsQ4zV
zbn(}kUWW^fj^K{L0|MRUPcGHguhZ6F>iDw=mHf8ZQ70KQlt%xLB!y1>{(gy)Pxx%#
zY;{13{;?wB=|>8}QGxSw;1_BB#RzWncSg4&H5Mh3wO~@34W%re{uiR<)Wo*@yPAmv
zQ{UpRWpNJ0sqG;%Z&wQIB;cKm{D$bwS(+8h7X1n*IoAG*o!Fg2LmE6*UexqMaRZ6h
z5AtjGGreo7J!L(KWVMtNpoXR6M<H_6<`!1;OH9s|TKMOSJQICQM}wT$A^ubn8!_bH
z+BZdJI*l5lhzg-)^r`-!d4Q(m2WFt&RYDAi;Wyopd_4`qrzKh)nyI~x?ZM_(A=>cX
zv&u9A)q**+wY$MPV-a*L8s7Q+Gum*H(2f?TiO$UDwJAvk<Fl*mMc^G4-??Vm!ll@z
z_W~Fh&Eul`IV6jeQ@&wH`;icWbzssdLwr{yEvcsCCg}I)IvdnAzA$!M*uj0>)cenO
zJb5Ab-Pr1D&7{`6uo<&U>@yiOh8o!Mtx=Q5{gIVIK3}v>=_!Z_=bW<&BkUy6L{c~2
zUYWSy{u){V_T#QACOYCey{4>&srx8oEYQ8erk+Fu$!}b4)#XV;I_gt3SqvB!!Y{hW
z2(jZlZKR*w?-qIjqP1)WylJ=vchs}c<pZ9{G!+L?-B0%z3eZj&Ox)p@)UHF~M^@K#
zd^Hlj4U|u9*Y8NyQ=`=4!>*`AaLU~r;G}iR=5@<4$n-sVm&G6W`_fjZE{=c&g5iW1
zT3~gYg*6tYMuF<Ceaz+ib!UCCfnU<`XZ%LVcD(9%<jV>y6ZPfUoE8KSgnxeW;{qnZ
z)eoqQZre1{4Rvl~NbgW(`nb+nL9ZNrIxUj#b2|T-lc@S8kSY%$J0AJIE5@Bx=G4^u
zXk#J-b)*Xl^Ps<xtY5?YVNK*Vs)Qdlb1*bkNq5(gRDF{VzHIYP6@V?-M%0X6+`y3&
zAPA-weEw8O-G-(%mFQ<&>=azAe)sAxTvLw2Zcg~3DSJ?x1!Yzf&p2IsPnpwMfhNvA
zYHbsU@1SlyT*A!Ia1G<&sP>rN&_eJ3?*uikG0t<#qZU|w>GWFRH0OiS0;{I}{IEgl
zqVg|KY>i1boo^83q=NPKDZf|u&VH;rhW+vzv-&>`A5lF>VH^>DiWaG&tidaB$da}E
zR9}LzGKt^Y?EjKoJ49y7kx*tL^?8RV(HDfoeEX}?G-UGcb3EsWiDB(HM&)xRH+eb9
zTW5#^oGR*4Hqj<^O1aU?-qILFg}{v4B(+cxp7NBt(sHR}uig$q@*f%!#L@1IX=q-E
zD3Wai@L1&OZ=8ho`?PK^5PZ?Alp8B_SFk$N7^x_kqk;O*uIAk>WFJ}#?6qKI%c3n0
zGBGv#J^vyT{AcJ}%4;!^Q9i`hU#mzU9%Q)5$RhJ&xs<e2*vPxu0E<?~&4iUnhVaO=
zf~kjkW#H>ShlDFvU5Evr)ESi+Dy)xNLOeds#S6HrX^~s}y^}UX7a(JNSmD|J{1l<w
zFEBctPSPziKG&>w(%l$TPR+^fr1txTw4PtPb4hvcyIt|)#-MKCAlel_mPc+;Lm<XU
z8xsEE8!7XshKovE#miyBc70w8B%mnw4T-M5dlY3ND3r<+;(VIJj=^1pW0rCq$zb(}
zt_PE}{;&Tr)+E=of4QF{TM3SC-Q4a!0ci5*fKa+1>1eu@e21Aap_un{vUsR>qHBfJ
z)2@}s1J>Gdc+*T}g3Z@S^|Z^ulelD9;b~|5B=T(@{azMm3o)=!byJ|kVM|G;li0|g
zVrLO1<5>!wTRA0Zjx>u|a7N~+K?e=i3QgJ>l{cy&4$Ro)$|NLt$=*;?sF(+3Vhw4E
zKdMWAl)~&V^bnFH{|X(ZchYoy?pGJ%&~kF7tsj-BIjx-_9siat7vcvT9-U0bkC=V&
zF<~0=c&?=AN^tv&5)*W5j+CV{{X_U%V@52C-npYLM5L7<p(W(z`blofY7$4tg!<*3
zLRSy8a%;6$V}g~$w?l@8pI8!hD5Zi+;8~1?@SIK`AGA}7`A)^!nroTB(f;f_PaD<I
zofjPwAE*0#<-S-n-*skgt5!)gauhKh*5c==sj3+}>Xy>8yDUgHPZxzR$;nkhi<Uo6
zL;LfBDh%|!eWm_PgJys%-!`~qc`n)8x*0vfPf~x~Ms&mZ1k5J9A@$eA(r+mQ;(645
z#`AV?tm0Mf%K~+>UluIfBZB|G@kpu8%%<WR7QuUej>#TLQ%<Z%X*8}3U^32RnUfmi
z?8k7lNnM=Q5&D3NhuM3gqoBd91+wR;9V8nwm0GVYg9e6aY_lMD1OHN~jb+;gfrFfs
zk^xsEqV95Zq+m8pLGAn3Cpp$|5O{<uWLsB;6kYl(+{2H2;~>=|bz_jH-b;U(pX?4f
zm&M-4rn&zPt;9hu3A@h^K`48V4wploeBhu~H||zpbVo=D+n~vSZmqyKw)n{q(e|xy
zwpZYojO^G-xdr?F)t&Zm#k{vaE}ljEdsV-c3=}{_`0N$qjQHn}Nccf{jQHI2OSH)O
zSrh00w{p^p<d=yRf>DSf1D9ZC-T=qnOi@M?rq7n@oKFA7!}$L^qqK)3tD}B(ahR1h
zKFb^>?UJIzcubUY`9SLazEFFV7ZH0M8KF`s<}6)zM1iws&38<-guGQ=9fc*V>!QxU
zJt=>-^M_FdPj1&AusGCUdYFFqR%}14E(T|$US!U*`oh_TeU;;)K0n=t6w|v>A-k1X
zwHkHdE%SZ;;}N2R-#Z?LEev#YUtuqLGyW-1A?wX+fXxUkR;6TYzhNFK%)D!+#64fq
zf<kxjC*$Bp8zxHHTFis+sbRYEQ9l`2E`g5aM5#q*bYC5_6^mqS%SD8kb69+|VBVk$
zRR&f%Veblxf;vVJ?oLUQFChHYx9U_=Yqgsa;^LXNRBVxm+Eu0C93x~*?ZYmlnr4+p
zx-y%!%up`$3cZCn9@pHk(K>CwTY8e2A)|nG+w=FXpDZ+TV7g!aui$R$L)l+#3E9>2
zKVWk`r&?G`ON6-M&5&S3$Z?5!pr^biLshd8@|GkF|Igj{WfzXk1@f6`qd%?iiYHN}
zUIDFMGq3ksNq`WJkP#1S^9a+4m;?`?5D~P0h8*Oeb?Gpyk)j|WXljaKZ>owe_oars
zliEmTD;W^4AXFt(8I>W5Xh!rFE7EronVTQz!pxVSO+x}MT84M1Rqe6}c%HW?LjM0G
z!zA=^U!$Cztx-AlZu0tJ0p}PAw^zGt<L=rH$|~0w`s{ot>mULel1RZV1sPj&_iRr?
zRFl|Eh3<=9d62A6wW|WsU?-ll{s76SVk>11y+D24K@%zb$Y274=M|8}=^@Kw!;XbY
zC@OXHAbZpzDNo@E8={LWLp?=RP|1@C9<Q~wekd!+l0AHMH$WB=E*Vk0A(8gS2S?AM
zOub0g86K_(oYe{<Tw6+EElCDJr#0f1ipE-dB^$;S!#iWVBT3{QzGXxRlNULG0Vz?g
zw2}aeI!tTLZ<_(1^=inbAe`8Ej+>^~;tZnV(#x_(^O;MpqnAAQmxto0G>%I@&Bu>a
z+sB4pt+sD`;70O6G>e_g4<F|Bm7i0dP+7%Px<~7X+cWpa=}Y;A_B5w%IK2`3NzHKw
zX6V59*n`}N3*QkVr)%`$&-OQ<G_hCU_=n~LH3al!7w5>X1n@hmJ0!E+CxW}Ons3A^
zD8<{#6)!Otj5}B^#t3eR3<P(7zo}CUTMG3|<7o<xHpY(at5&+)6;b(|N@jL@nRRKA
zb#bBwn4~9So<_H~PjAKM=g)ECTES@6CE*TzM(NePJIV#qQcJF$HSu@i2w)Qe^H2Qu
z3x~?C-$V3eWrO1260wl;QXli4)r?Gz-(GL_YVaFy^ZH*Pl+fC09FIX(1haMS=PWgf
zu^pS-;lfh^5+>E$X$3(;9&6%`Gv@s)OIy@``P@dXkn~;fxIoj@zZ3;o{IJqx`lHh6
z=doBXMSF9)Qu{c!_}t#)#YA)+R9ARWG7n%mG_!$)DDdwVIKKi4>jn$jQgU!e*U|W(
zc#QugQdByGEDD<8=k=s&=&%PfudLU#l^u)W6(JJb(lX#Zv4dhlVJ~{|8STGv)j6LC
zOhqglVmV}QE7_6MXU~yFrcnHMHKfmE!TSZ{?(zcO4e48{FmW?)gj1Ajbz*ln2S<+7
z?${9(@QJwHFK`~i=-3>Q+u#&22ldd`T0I+K`QCOnQL$k5mnjm9&4YQYRYHY6iM}u(
zCZ9t2Ss4sl`h7PRMKNuR&WtRWt14mb=>>6E%Ap;iG8ME+VNOQ=#*p?wn!KX93c=6^
zAt`q~aqfCj2cyj3!NU_=8c?v+*ppYdJLKJ@-6f^QBn+0<m|A{O+!BOpPgA|;W7s85
zXZIjVf+W1Bt~!kN%fBg|cXcG=DTlZQ?pMxX`|YQLoPWE=591bH<pP=M*Gj8lQ+u4e
zdfeS!mXtNDUe=wLjdz<18MgKinf$khsf3hHbRp(W-b}z-^{21y4J6!TeZvBK&<00P
z5;TGJb1ZVg*MaYI`sw)PeTm#YW$rx(LIcPNpK1`z+EM5meF}aGKCk`?LsyIa?-M$<
za~1&t<%(SU>BKT0nA(=l2e`>u6vhMj7E`Ix-aF#S=~Nm=V(YMvx@O+{C(K~Y6l?b4
zbSv|}Qz4GGD;&Fbw}3!kyXVcQc<2}T#5l8r-&@=z?EG)Aerqxmb1%$OPk&f?LO#4#
zt*n`<<1A(dhW7oIW%!;9d?jL{D@4%Qw)$T60oWh>hkl$A<(mTCKf8idyQ6HiuMiXZ
zcqdVcfwMUWfo&)AZ1hfq88XxLu&dhRC&{QgYmt(83b*;ICS>Nt4Bd`fmtc5&!iqOb
zj%aBYD$0;}d#xk{<#_cL44$$jrRW{uU=W@C)FVMFgjOC>j;XDiAyyuLLH!53<Msb#
zCXHI>3Zm=~N?aT_#n=#oZ2=`zqmQ8#UWh0Wl%E4vyfW(!Hn^h%dDJyVhGS(E`t|(T
zp@@kw!*cN@rLSnixzL-alm&y8IvFp~%7I~4I7oXhbEwgIQMl~Tg#P?H_O3vjP^vdj
zKD9hEUM^ol5Z+Lde_o5|>+&L3zOH;jR6N<qF~AA}h34;eFD*;FR)4?ng_w4@dX2Fa
zJ7=*l@X@}w{jyKj==|UD)%?7|oh28PCY^CtoCay!-dJxv8u(HO$52^Pifp*G(PK-%
zGZKOL8B3@Bim9jjPC0jihl~gsN-Ys28;@(~^-7b6`SFfONBWtc^75;eR`Wn!9(%=B
zmRG0tC6VPzh_t=Lbv4Mnb3XrNV8Bg&`c_Kdu~XIZVn989Mu_mNzf})A`!&hN*JkYz
z2^#Ti+KH1~-$3FYg1Zr+&t2kl>U4^taL~RhCO@fw^LHu?Fl?j{XoCyu7$BTuuD#nY
zG(8KGpFCx#;0lnsZ9=cqQ_7U>PA|LI+1d@smxYKz4uh*!M9&!cBnF00ZyUF4OiOs>
z<>Ve9^dNlUW1yo*TPyo7P98~P4Q^XRz;ub9#OZA#vZBsW<7eU@MLUMBR&vy^y1Dou
zQ(Go;7g&u#9&<9p|0FW@V^?z2yI9!1rq~yX`{xI4307|^#KW9L#kHXi#iM7EP(szE
zODEcm#j?UeY+@f`8D&QcOz9<np|j1x>t#6Lry!isef~o}MElLum_I~7$jfW{sm0pF
z6HB_RHP^WMNX_+CtN>ohG`PR1L3X@l-xu!v#4}?A{<&VwXm1zyjbm%if>LzO#N)cq
zkuK`a;<zeglDX(%cYQiSRrC+^OVR}^lMV*HT?kcSh%=Y5Q{phTmFdqp4|fS}sLZzs
z@RJL1|8w;oJ$tF2iT%cHpiPHG`#f*uPTqIo2a;f^xWy+&ZNuk~rZpP-uK*l4;&nTf
zxR#wy!i_R^kz%b(%7q>xgjqkxe0hQ&XbSg(;<5o``&lgB;mf+I>vI#AAoTtm!r3uN
zruIDxY`T|?%aXw(fplx2Q_~^WETSy`iuYY%QKuwZARi+oAaYdE73i(d>oU)?G&Jp>
zXHIJbY^H=M`4Qpu?d5MIXIxq*k}lSNu}!$m9awV+0q>feOwfMp?-)O~mygGr48!>q
z{WcpX%Db(j-*+;6Z?9@Mt;UEuItit%Q*u(oEjfoEW%z-J=Hyp!B5yO!lBdLp5ccON
zK$*h^M*@-x!KXerVF$47+(b<M4*dH|Fpqw4rnkD`Z|{Qb^B#!L4((H})#mk*3g@=@
zqEE}f^rF;mC*@t!5z(7e+>p|EwvLp_@F4^HVDp-wOlnvw9Re<a6s%p~grq%G`O{<;
z&+>DFY04&)kbxinNzO~L6GPIi=I6}=*UF3jbtDjOOt&ute;mBh4j)YL)m}oa2~;B&
z2?=2QV13ypSnUyGGUPd$zRbO!lf+5$+<_8cmZqx05DFa6`ThGsz`A?Daykus5nE>v
zP^EHo*A=AHkF+{|X2<8%_LtDnYyx#S*&|sKX6;k}WPGTZ0qv(5KV26;ALo(b^v&e!
zR+MCl+<MoF+w_yLGF4kM(-sEXq~N~}4~0=?;}T}utF*P<MJ_Ubegw}Q#HO8;;VB*%
zPcNUgeYU0oNWSKZTn&lsvR$&(9eO4dSSKWboSX_^X;8s6ol8gm2$BIz4dkIY9!6m1
zTo-PiZAgyP+mAJcO?yeHIXeR5E?idZxn6j6o)CCf%uDSXYJ-<G?Q*+~nfSW$*Z|00
zl3IpgjtT9-WC!sxH*8DYI(_U4<g?rj2WiYJh5OBOG`!r4Wsa~K6%|9IazmIRt9?D7
zw)c!S_2*Lm+C9C&J^nM(V@P3d!`E8wEI4ELO!HHWDLUm&{zE4nW{`@%c9Ka8%n)Hf
zDx+BMy{HM5F9m`S<5>D`>+pu_N1NSL+o(Bv-EMO_`2Flp?soL}#2&9bN(LTJlDk(X
z)M~dsO--qJ>_4B0A2a%$>i>nhNL_Htyw9rkg&gPuJ(ho~BNxsz-5-K1F5yX38h4!i
zY@JnU^uR@Nl*7Vn{ur`dsV)zujZVI&)|-MZgA)1^Pp+Nn=oWYPq#N92_+25tT3kN;
z`E`m@DUgof7Fn0dE)7<+a{o`+zTp6W(Qc(J+&m|=Cc|Mz04BUWa5=sOX<N2qFO?f2
zKW>-#fN@;&wOYcmyQwEBa4K65miHAz-@p0y`^U4;K;YdF*G-yI1MN}>(RQN8EAMv#
zO750l^qbC~2jlA0jbH&DKT%;plFlKH^?f<`6Q<w5z5PX^ghSg{4o7YpABgnvu6UDL
z7g<hX*nQ+5)sLh9IX()ba%Ja(rG_b(XH_ymc;yb76{=ZBlRa`%m4?q&<BrYbd=4W+
zi<NRx>Po{?)dHS>Pfbv5tHsTT_Gb)O7#mldbh(+L!ZzY@VxSMB{BFvc=rKd&g3cEL
zX%Y!o$t74ubO_`OF^qyZD$cb<-5$`4^iG_vNIsoqEU|XBXv_M?=%+ih8WP*!lj}e}
z`rnk3JkOu`UawV@I@c#q?@<5Kpel<)NDW<lis_(n1FN-~&xnMMI=Za&c&+;B7V-X1
zE&C(^JH5LZPY>^!%%4Mtwi!D#L6?A3P#K)L#uqiO`X+3SU+h+n2u7J=w;i=1mVdT=
z_4Wevy+is_WQ3Ed4e?3CGM;Kp#d%G-UyH}|t@>*L!LNh?d0m*Ceb)vFk2}cSGPhTo
zk!Q{bznQ*`ia|utO%OH_UIuj<GnK`88|5!Iw9ZJEBnINRG8Qi!7WS#^^v#4(In1sF
zjt-4_Il7{lmK-RxT*nkz-k`T1Uf*^|-YrJ1kq_%&?1&<fRUreZIU-W_aWs5QY+MsZ
zBi&m-^~%7G^V};hu74Yy2Y~`a-HaJajS#CAY@O8~Z}6zX-|OT_hn*g`lbYxCurvDB
z7G>r(V;-_ppbq*umv8kU7R)`A?(c6@q!1LT&u1a^N@e~Vr(u5A(z2k%DM_*a?NfbY
z{7e$#x|=ax(55&Bu0M<vd{*ffy+9%9Ui3Aox!3}=+&qfQIG%;!A3uXW?``J^ABX=p
zKFCWnR-X{FItR)P>jZV&!mPp|)NZ3dG{s_b6obX~!7W%vGvR?k=E#Kb9T*zpzkFTc
zWvc7nv7@5GCbwg)vJeN2ns*|{E@kY|iu~kL?gl!Pw2<SrhW~T%0qZ_Z)qkOlH&?SK
zyshqIQ44Mr6TRd<uf)qZ+eC>H=?^;4;tfJgxx-#{pde%_#yZ~=2-91uWRwEt7VhPJ
z^~;b}wwv%n6Ec490wx+VD$5hy+GgwBX!y|NA1F@_mr@>uzeLEV|0{Xb_oEJ<<Y;WV
zqA^wZ)k#@fY=CVa77W~(kXh|GdwUC*!1bnkacA_1F^nK1<qf%c%G=-=s%qka&g%Pv
zH`|@Gu;4p<lU9$haggH`q~>AWXsKTmHADm>R$u@KP$tKs8(MKd(~-}nR9a{Gc>;$H
z00ROF1PB5M1_%KN1qcHO2Z#WO1c(BN28aQO1&9NP2S@-&1V{o%21o%&1xN!(2gm@(
z1jqu&2FL-(1;_))2Pgn21SkS11}Fh21t<e32dDt31gHY22B-n31*ik42WS9j1ZV<i
z2513j1!x0k2j~Fk1n2_j2Iv9k1?U6l2N(bt1Q-Gs1{eVt1sDSu2bchu1egMt2ABbu
z1(*Yv2Uq}D1Xu!C23P@D1y}=E2iO4E1lR)D2G{}E1=s`F2RHyY1ULdX1~>sY1vmpZ
z2e<&Z1h@jY2DkyZ1-Jva2Y3K@1b6~?26zE@1$YDa2k;K?0q_a%{eQo|zdwNMF96Vg
zKtSZQ#HPCOd-`rruCPzfTuilIq5g?FIDNoZ2_Hn58}dVn9~HRxA-N6@`yfdXRgii{
z_78uP{xdQC5<&D1!G%5oLz#tGuG<%piLyJqbple4VB0d)$7M_kuSYW}QYniohoOXf
z6hFnkL>zXiJxhTiLL8S|_e>3WcHZiqovT~Q+Su2T7bO1cSaZ?|)yrT->)Loa1s1;2
zikT25O#h#DYj=!@5v0u%==4-^+IJ26t#hw;>D_QErg_P$68?W77{rWzGS>_t|0v6q
zO54h*k+l845)&jI<Wm>UqTm(3<cZkKRqpMyXs8ibzKT0$EKXlIW(b`#<&%1kb&2@z
zn)8;XmcXvvq`l=<x)O+K28(bUxhZp_olgvmhA2J#)LGlIG8lZV&+`{It9U0A2P8`i
z5Y{Vu#)0+qM9QzBUcoo0AbnWWJuk*J#qRE0L5#PoT(`E4>OD6F{-yG<s06plag#{r
zgs6C(LdpWAxnH6a+cTH4Y!+k~g9oJp`WAvcb8AQx0!9Ds)RO#Nk&76<G6C{EfSdnL
zLggf`AzW+Tcc_{gQ-T>+ksQ}}k7OT@DJ-ugb?NHtoPf{<&UZuM2xvIZc33IoEy(va
zfww)eTHAUF9aS8Is$25zH5jpvOI<Kw$`Vg9W{21qLUWA8RBE6|V@vgJmG*POsL>H}
zq*}x^U#v$>V(8qgEQmJxuyM<kr%e-t`%tVEjQ2E(iBoNtqy`-d4MByi!&~4T@X$B?
zmmH>n>OD1yrA_hZ%8%K~?#N$WSr~?rRHw@oWM=siip9(ZrmyrQ{plzuaGRx<3%Orn
zRkrVUOF@OOiMr~Iw<s(N&QZT(y&w+K1Dl)6Spf`XCKk^PsYIElsH``jNz*Ggs?2lJ
z;0r8(>_t*rje$4zI<xr4;UAyozoK|`h^AL#F6b3CeaxQ;KlkH~*mhzQowA(Lk%>T(
z1krFz=YCwzf4OUjAm6RXwheNA#rSX(6a5rG162?Ium`Hes?6p{>d<FOyvk`jndG!u
z|6oj#>s^@2nTlp>xvi>*8TYU>Dfr4uyV#!m7&N3o$V;^#l~SSxKRj%{$x)52+!+mc
z=0^s{WazC>RS*TgHLpwj1`iB_DoBf9_w%L2N`v__>vv<vqg7(pD3H4$hmROrKSLhx
zjDXBYj2Mra`0+hB8K8S@D7?L?*%2=8X*NUnL9!1g&JjMh<~!vL?4G~bBN0X72qQQ|
zXb9e4+t|H>Ji@G_7*(D=QOL*ox^(3RkoZB>W6v0Rj_vDfZz;n~uI{vERW#4xQ%@so
z=*ynBrMG-W0aFPmq9%uXsgH^1gOUNe@z|i&gNszSx7tML_hADAC)UZ$QHThpwa(v@
zy~XN0g}knIqSFOM@`0kvcMbC%Bg&+BMVMceM`=}yN`JSJvXFP|T>zCr!#Zm8laB&r
zb@^<I`SVfy9F}Ytajf!jJJ;@%Mj;^$_}ET1!eTZW`DoXCTFA-Zr49eh^d~%#jbR?_
zQ7h?!<e0uLx>gv*jpv;fz<yJpbX3b0KC&_h8k83kK{L6d)a;>zb%Q2oU^$-9C`gBO
z1|woxkqNi+1SK)`tZBQDs41gatW3)kIN1LPv+iOc@p#BEIPZR{+9Fduv<+9Li!_D;
zZG$rW!3KIp1Ai>g#Z($upA80QxIyCL9g0W_zqDD_FeK}h!lktIlq~w~eC!<``dCiW
zRPiQKq+yV_gR=@Dm6i?Ug~Xs=p{R*MZ$n&eoj+mWE0W$pv{K#!#sXCEz>b$qk3W7*
z?}*2GX0-8sCqxA<I}SM<2eD6<{&zxX8oJFy*$sO9NhmkcfvJ!QE$crq8iOCBl5*ra
zrFq+WXjb6nX9(J-zhd5OubSJ6I$Fw~#mk}2@yZU7c94Hf>_BOA1uX{!O(S_oNJQ_g
zA*nvV@1L9=<w4{u!%h;`{LQ?~ayBVCn{;gC;SEL6epoCZL4tLJV+W&#Ed&%MUH}gs
zYyzIi_waEM(!pU@x+7zf`0>7+jEt1$MK(W{5D<|Y8|$zK-z{stE)Mk6S-jw@8)$5*
zz3Gs$mInkW`5)-{a6NV+JMdfI!<I9uUs)~7f)SomYw7QI&W_h1+=$xIk<i_sKExoS
zr$j|ZId?szSQ9L_<GVBB!`st7m#Pj!d3<*h#T3p_%H-$KDSp@`&N}y3%dzCF(^B2!
z&##*yIxpjWcc~-d<)&G?F^4it77)6#-<)Q9Nt}+pWU3{j%&m%x;G<5Ithl}rZ_pO(
znuHk|H^gF!+P1@478e6`JR5P9$s@Q5wmDi$jAz^Hr7DL)3B;eeTF$4xY#k+&@bKkM
zUORK1kfD~9eiV$a<rOlf4$}#2!rw+VH801dn+%&{sR~RE*3YAzYBetP;tkxIX0cW@
zL0ye}_1UCtfDO$!C*Vpe5YviBAn1FI{V(f!Xku7QX=2HJi=*{@e*R<r>Yc80d{<Vx
zS|8^cWPhN6p<xOZFlo-g58}xSEs5IScGw<xq+Z+}77Lx&UJml#;vZ>f0>pB%$xU<9
zjC$xptqq<L1xxsc2(I?@#|V{Kul}W+<LJb&$enl&*}3FA#&^tG-1*vec5~mHj>$PQ
z3InCEFB3hU>Gea(spGOS5tuPT2~vjwH@NVyv-_%)?gVDNnPcEhckfhCe5*g=O3w;o
z7_02zn-{*KgIG6xt-I->?Ud0-IKcUJ9&j7f_h|y@bf#NtaTniVr&hqYvZz}VbG`T-
z3fDDs6bF!xWuC!7W1IKO?I_v5l961F32)QjX$L=#mdZq@k~gFMGp-X)zo9e{FX(s1
zYwkJ%*zpf6vJ@Up0nC3e1_iPNqfG3ts8*d(8%F}0Q161SIKLz$H-RxgrPxD2$Bs9<
zCQO+7f%25zb?rBDKB;RNnS;@@aI*l(uEg;oo}YQpBd`$Ra}}CE`pnMR@sGg&Cbri@
zGwc0dN<*ZF1^-cZ24B`N2CLsp5qOW+12a29idjjbq<bx()+oNEggef?#SN|QMWhbD
zPM5M?CVx7`-4-}qaMx_D$S-2FOA!8HNrV`xDYuY-Q-||mRg!K~ER)FqLPOZh)*ynL
zo3Wc$o|g}&#!r2wM@h4jm*E9snHpfA3ArBB9rL_%&HNYTN|a}EF3}S*z6;O&Ora~x
z{Ki|e4^s4qZncduC8Fh7m1!iyF^!#t>){RiJCl_KwM2A?lgs*>D<d$C!Zpk&QR}6~
zoTp}!gb`uZiAL&o$J7Q4bCpTHTZ|sIX6vCsRHdS=g+3^69mfi@NSZ1zBZiOv5O^k9
zG$<O^1)YY;%iAi5Ph4J;Q6T_{i>E)=IxfBE+dKGyStKt6)mM^XHh`o?f)vqrxKn&Z
zFEkD69CdV>teL)-X&`X-heX!Bz9r+2(<}^896LE_*=6RBa)E?`64+*GP|Q^gp?9Ab
z2d?T@dm53tSxHOOtP!)yTjnPZH602NA5LObRsIzgK^e`yM7ON81!00V1&6|kE(c?e
ziF64%WRW`Ark2@k>Utip>6AptOuw@MHVS*&eSEIq2aerrS5L;nwNeM>(Mz9TI{TrA
zH=EUn6s7Iyk+WM#<$?~bDb2ZreY%b;n->MFw%sgVumi<A53-&VdPPCg=eCtJZ1RkM
zAvp&ekq0$w-)We)tOUoPQBZi|x~rG0u|xf9!T34KE4<dr5VmzW!&a)FCgbh^r2Xh(
z)VvNf(@DN~Y6cIBOJJ1>hbj<qm{6vW9TP99>b(}HPVz2~odo*9VMSld{@Q;8Gl!r7
zi}MzLj-${QJ|`N9YEKM@kuzxoH@3M>ot&##az_2h)so-*f7J9=<Lcm!e!9$S?f7nS
zKJ3d%C#I{^Yxz*|H0yt_=0$fW<_5dBr0~zu!xTF868_V;%Hg@^Lk@yH=t8}ior@L1
zRKkbTQKnwLCJT5Bku6w07b3TUoB1tvR^(o^L123N+>ndGO8Goj>Cc4cEenm>=pRO)
z<zTw;uV1DC#`{lP50v0r@xlvx^olF-x0>Rzvp<`4VH6#GNO_FQv&LE8y*=LN`rzo~
z<>2O^46xD_($y!h&V?ow`Pn0iXeb|4$-M-ahaU@&y&~G1*j~`w`h!RM?>0vCvYiT}
z_dZZ3oaX)oq(#8+E+29V?u@p~7H_|-;tz_?lC8sLuRXsj)ZMfbF=wxX{a`hC9nT9G
z7g`RH&;reS=^4u2qg8nkg(v&;elS;y6(uvlqE01dmFe^y1xE3oE<PA!uTuAT@^`{U
z_swXJ<g%$^vYE<0!P1*~p;J_&WKQXdS}g64L+k>-s|ECSD{FSBUF6k>%GV=gE!DzX
zJk)1GLgB<5G(+d49lTW<DX9x2cSpS*&lFO*{v#)>?6wc7h4Qpa0;JFkN0GKl^E4T{
zzZ;`!!?O~+wSnx{lWvpWi(YEx_I$ckIKS?f0xLPv#04XVzqe~+?ge*D{qF;0kol=X
z^FNj(iQYu>>G=Y1S=b^6G!)NCFJLKbtFLhNczdGZ>~Quz)zd8Sht)o1S(y$SUd-Op
zk#DeK|0K}MJ?TD2=S{dlT~{qTVwWC{0&K3(<;0!Qp$sTn%NF3e*EBSYpj_S~b!6iI
zT2PQWi@fX+rkU^AqnwcK5yd@y<ugEkSZAAFPk$`P9$`Yg(JpVbOquR_%x_E^pWkzE
zK1lh2$3FLZRy*rz$d|eCjA<D3)r0ak|BFzs%WwrRb|+oAv41SOaT(7_UrsT6l53Fu
zgfyv>q@Ncdpqyv$mN}@)y^do^u6F>hQPhUY7pL6st|8Zqu<GAo>+x{Vv3;?Y%T05^
zr%mRu9%!ocBI<xyFQS0tl205?UXA~BFIO(sDBtNEm5zPxf<1%6YdbNuKg|tEM4%si
zDJH<jBO2PsXVpmY!?9v~H-9Zydr-`#BrqN&ej+}c-kT(_{kYqb0w?|SV++2FKHsFW
zWN{Odn9F3zhUz~`Rn#>j1}ges)heBobJ4gsC}nc2AVCcry|3>sb&e%Xn>F@Mqnar<
zFgsupF5{{VxE>}xdEY<UF5WooE*q;B90IEYMS9H4L(LQk^gqSfhrc`^cBE$|_3Y%6
zb|A&ep>}T@mvQZ2R_snt(;^!fBJuk7yLNhRb8#@~y=<Gmlo!nj<nm9#c(1{e&R6p)
zE<>t=7&NpwM&r^b+yF<FaNGbS!e8*B`xzzc?=K|(O}Qgh<Wtfd&qJ3@`r>SSd-qq9
z(!lYyBJd__Aa|V7_Q>S8<$_*2OyeB<h!6HB?e*0{<WH6yd+g_E8^4k--j48ZI#uln
zv9_mMaQMVZRB}k5xxN<>N#lF{nl$H(ay<5fLNB?p*P^k*_!3b#*jeXS1@)8v(NH=U
zM!==mPab2ZLj}mgZojR*m`}^?OUa2SIEc>gi<6l$U{6LOrxy^1Jg$iNX{_{kW-kDL
za<dXFBUBhUb<4ON3gI(_#_Wz-3g!yRN^Vq(xzB5I3KQD0h{BK8$d=#Hq~$a&hT9L;
znUwP8Y_&%3mD#R}q4gh>=cQnemx@>&`-p&{T~PTwmssNx+>gBXb3%XD8CREPxRHjK
z+r|Ayh1m5P2S{uJEgw6Vvw>Z}hsh7AC=kckOEBX29V5=FB;7MXjY&(wFqJmlpzWF7
z<`yGkbg>H$@X=AD*eO3!&NK1#ia3qGw{AmALGRJ`RsP7?POwai8ol5U>&Re?j&Lvt
zs>CCXXh~z0oNKUyKdq;aiJwjirIO<x+G)mEHlJYD-xIe}*zA3o^8j6lfXNez{Oj)8
z6buJFO0NUiKec1Lh(S8i+FV21OFqYF>a90m<swg$`ynoz2$_HGH)bHQ0^afdO6@;M
zstMaZ1;E8W_V3AeDS%mm(R&dY!Zc~>uf6X4{o3s>q#A`7j-Gb@I&MqVX-mjS{HHu~
zJwG|~YAB!Oj8cKD2gx$0o!~V>+sqBRZ`WFyRh=0%YC5e#oqvn=y+G2hVil@p9I1%S
zu}G+MYFpw*&ec11uf1Hw<P7<b_BfuS`!W2?br=!rw<~YY9uNp?=xi8F<K7NlvnU{6
z<oW#dYuSf~ZgMTpnyfAAqqK|yg(;ZWS;r)-F^b?i+C6$5Dt02{O;7{!4f;GD&GcgW
zL@%kYceX&%cp-8&E;>t0X>s4DFV^~Deg9`i!;P^L4;33mtOMV&>+fuk<`+Y$wh!FL
zS{_)7B&-8`%SB%_Nqy<!LB@3`JUl~W(!Di=k~-!}OjtB%Q<kn(rC-xKZ#IQ$OhY$e
zyde08mVM&EBA2OeAU30_hUTHT!*KAi0EtpfK~?yasdNBC>0PK}yn8j%A2?awRV!U2
zzXyph3A~b<sd~sdrE8)O9C-?Ogic|wT~~$BX&)V?yGM!t$OfC9)^o88&>!qrugDdC
zu``=Gx<%gmrRqWhA$5ZrQnAT6Z&!=zg9xR53fR+pg$=*-sIfm(1JCsxMr$}izAV;A
zgNt_MG6R{}X@F;Khai5No0lkNMOtwG6-N#S8s5<`$Yw~)kq@bD;tbbq_Fn`%4*oPb
zC9Pyoh4<nWX1EZ=`ri3%CngqL+)v`~H<l-}u1@?no^5l#gP)-nLc8|!S-#f25B<#Z
zU*KQ3t$)XppCVsvdifVin^ETwRBqd$wOs?S7E*EE#KChYIfowYSXbs4rrIL7!Fn2y
zH8y60Y%_bX`4WLmVK&;?rnPI9K64G}7dB8g)q?xT&ZyW*XkJijD34LL3ep7>Dz&@(
z6@PDa`ybZsk^bJTVXRSXayW25JL~-WXNk?NPeD-!WL2PGWz4;LViP>zbPA(mh0#lg
zL<WK*HO3e87uvN8HMW3VfVt8{1he{Y!d`R7T1#Rs163@s*Cti=$f9cOwu`uI!)2g~
z`_Ye_@w|YuQVvGxHZB_rq|`hHQ+LOO${r+_4ojLZp1~l60-X^*pew^g_7=g*5?_^-
z_~H1&0%Z~_AnbfbbK<*(?hS}f0nw#6xMIHHB4>(4CV&Ej)(dTtm_pHFmflIQ27Dr-
zBfZ*(9|^kPC?Vj$QH_3DID}QohD~ZztFx5&-M}%;OMlo)c;Bt+SlE~Pb6$R*L+khU
zQJ172*pu_6l$ASZL?R#n&1=+v9`I>6=6I6tJ37u!JL*K@rGK6vlYDr&K`g^%p%=!S
zk-It`JQexiTDXEq#|+=5GR@7wHtv(n7xV#i`$wh0KX5gXv3aP9Hl6#RpgC&HEgDeq
zP0<vhS*ydGFO?8}$_B|0Ic>%Ls-3nwg*Qz6A%c$>par{jb@eQ<ha;;x>4zUPhsF0{
zJKMKMtwqFf%4b?JW76982V*Fc%lNUWoD#F|J=7nlmy&=1HqXXORK0f+eE>?COz3;N
zFL@@TKgZo)n^f;23%e|Cdik%bN+E*B#)Dpjkec^Fwc8t1iR+8*;7sLQGT~Bi^Ly|k
zWrvtor1$7*bTjF*`8JmX2D)#3*TRn0s9Q^PJ^8U}J5S-mz2|~JdvllM&qHV9Fthy8
zrkqNDZ@)#I8DYqi?2jR@B;Hq|a4b}oLrgeP^7$U-uTPPa@l25TI6t8j@EvHHW4FJp
ztbx`cGA}YqNxWPn+SyhZEQ%*asg%jw$nBQZ4q!b{GV&Yp+7ij=3Z~(`;%{~OS;`+6
z>;@)GS|0y(oh>(C!EJsKERCa}(6;w}BOd>Z#)M(#PgxQ&d*_F2)mO~!o@Z4PmCWk!
zjzy*#FbU;#hus!G5(fekS{x0m;CQZc{;qv-hEBBB*a71z+@ggW5TUw-z^DoxId50H
zXA#>x`wZxGxuU=9j%rKnYSHJ|T$M`77r&k+8ISjWks~=2jI<nqr7IS83Wfs^zp3*V
zoLho?5D1X{c!zQ(E5^L<-Pg|5<YIaV<0Wj|x{q;QaYhr+2@Xa3QO}jeTa{k7p=|k<
zfIjdU+~3bE+n-N=pp5K9fh~P82S$J*kMMY!i+GqVl@xReO35O*%+a(01S^-$s)Gie
zNxflXUry>U@ai49#>4+6D4j3b6dJZQ&hM0V6978)Hbu$f=XDR;o8NCLAe<#>qg#3K
z2TqOk^5Zt%y@q8tdt02Puf}_WNjiS4E>4~$dqCzcV@kWUrJ}n2QeNtrbI`ea27=p(
z-aY!1lJv`wtG~Pqyk}IV@%+1&d~kgNUdG0af2Laec&dmZ!q`M>b>9dcVSKPe=8`ed
z6B+opl#l$F_14P2FXeyWT-2vn>(Kg*j#2}AsEN<e<t33<q1D)GOs*0Ht&R5|>0c*(
zy!w|vLM*tI*y8nS&_DGbChPb^<}f`)!mN~=ct=9CZ@~xGX#H)p=ps96+CN1uddQp7
z&J*pLD~-Vd1L(_ld8DMt%OYhB1itQ?5uPJpYOb2VTBZJGAvSS*`kEg7u8&&_V}Z=2
zU^p|2?n(h0A{xLVHaOTH?E~XBYGt2XJU@&G-B!k`-RJ<Es1~fAv2Cj}l-b?GGj`B;
z2@jgOo7mH|1?m&91KGpnRB%iv|4%%+4llT;jk0XcLsXvEigJ~D`ku4Mmg2bDrYR<w
zy{(6R%g6Bp-wqHhQ+j3Db41|f++|gu5xJ~6#(cP^wb*;h`;+2F{Mg_UTn^^n5B@mX
zA$30aWv;ic;$400SglztM5FMbXMC@1JV?b^tA<2sGFkZZif9xjrwz)tcKL;2csY;F
zJ(&ExD9Zq*oI3245{LP9Y!!yg%%dYL-NOKv!6P<s!BFFyP#vTDh=%Vg%yw{7FNlsX
zf#k4*(Wv=dPV*@r*9UV>wk~+6L6#gdz0&$NL^@h4PCbFhu5y)w36Z@;rWWKM1|>m`
zQzMp>!CRk;GtOYtWUcMoY`b-JlfJ}>)Kj&(IOyt(fr{cVXog#kN9mOE8&=%Jl&Yv^
zvqhNIiDnEpn2`{R8utc~=FC_5FK`GR_}$E6DTOTA`YQMqD;{mkWC2QzJd_)v99!lI
z3|h9H8WG6f`X|!=mYpC+BnaHuJSLghQtmB)Q|e9B4#;dnN(USUm4-O?f#}6};JYGR
zd|Yv?n-;ta#@r>O@jgbjKsrWt8`#O|J@Qdsa0gr;y5J-U6ED!=;II>~H*Ya@!7oCy
z=mnuRvX!hgCK<Pv1g5$0Ca^yzD9Vk(fDqo47_OS@{XH7m7C?qgv5U6&t}Amu_L~AP
zak1-518F|@^FS@i!+YX+24jQri9O{e+%Lg4yGDqn|5Y5cQ9VtcnUe(d!lMcbhnIPW
zun)$VbF-_~*=`1haBWCMcD>)VYNIvvu^F9mEWShEsuyI5)8odbJ75%JDl>8&;Q3>x
zyXBpEaJxfC=t8h@)jU}@!aon`#@ln=FLbDP8n<CHL!ZIdM7d!52VW_2n@=$MY#9Vp
zhHTVj6>xDKEXTwr`@s%}cIX<<o;5{EN9}WwA5$(L@LDuSSefHK<5d_Vji@&TFLbYp
zQwBzn#!00AeeFt?ApIWzJwU?0masom{fL3tOsV)RxSW*4$~YvfU4^-3tsD=^r3s(z
zdokL*0(cgN0Y@<DJZ+na&FvxFT44{-EGECm{mhMbeZGKz%SYx9a>5aZX1)G-@dsnb
z9?5~Qeo8|9lI6lUSu+7qTYkkXGmm!lK33e{5XB!j{DCiP7nABib=faWf01=7Tal+x
zh^g9Ha>E|+bc2KcT$1borKG>0H`L$aD9#Lbi~<(d5s>`r5ihlH<^@Kub-`c$C#;{k
z0t_MurP6B65b;o3sG(hw0&onLSd;3D3(46dO0(>+yfuKOHfwH@qycnZuU8Q`bOggs
z-H0pv@wr9zv)q(Na}y=n>-_w|PBL91Z3ufN<Si`p)d5AO`RK^ROIl2c->KdM{Y|D!
z{sqnH8KW}Y&M3=LXDOPmc+1I_Jur}tj9PxU1~>B$8lX45-#@{`(Nyty^Db%$vGu~u
zUbWXb5Wl=QF-RM6rPt^7*x-t-P&v-e&(<6ZOA=8M1PdcoKOr}M_E;D86j$4-YF|7U
z`yE@L3NE)L%c0`}RbwkoHDyyGq#M6Wo2G0Rpmx#V#cPiROSGn7bc$3w32aWL>q{5L
zay)-%HDvAR*xipfobAMxe`}5{qRC5~Gkz^a88TcUihk@L|4*W>OJ&UlIqnv7B33P}
zLb31tQe*-vzMejlpETjNS4J;Va%46k<m4&BL;@7fi5S~l=n`mAKI43=Bgbmfe$#dS
zpJ~n9VnfMgR|7fX#t$J9K|EU+T>LR$crEAZV+rLX9>sClg*aVZ2M4nc+JRrfXCg~Z
z(31vMb5Qn=1t;wi!@nTUyT>9)-9A!W$8UH7ljk<1#GMd1EhaEtSL;Jxv#Fb_Uhw++
z4HjvF{ozYCxnM+f3)8ewgODM7dSWL-Z=R~bkmet93Yl0mMln6DQ1G*FqXN0{omZI*
z!rILgpy?a)NG6X#G|52fhm?<|44()n&X_MDfld4FrS~ez8_AeY;@Uu!N@eQ3Mm>Vn
zIztJvoRB3?GPNTH2#+(1_AF?R9SVAfgnQm-Ua8)pRZ07AZvf|en6rc|cYKYR3W(Nk
zu-s&CqZ~LfZ6FZFKz^K~c`B4#X|FWD#G@F28e`3jUz+=1vnMB38B|3e^#>iX8Gqp0
zTbQ8>63ajdbta9t=3`XbM$z1EG9{awldfc+$YSSsY;*-aYD9>Sd8&tDJ})*Z5XIt#
zD5&;}bxEdnZ}TJw3ow)HBrb?)w}1F~xv9)}x?^~Ul>P0$B2^eIe2Afj%DYv}lqn}X
zowt!tDHP0ox$Er8rtfG1f(lRSpb;H2FYgGaIikuTm6y&5m|wo$#hS32Yf0N=2h=wE
znk2bpyJ^aQrfnHkkxpEMt|9C{Tf-C7ec^yRJ;}{e#v==|m7DWk-}eO=)I)M}<`q@_
z>FT&z_6tB=-FIJFKuF!N@Njq$$Zl1SZ90D))bjwBc#c#Vy@W==bb7s?dp4?5DRAlM
zK|EwQ5FoGMV{6&ltF^?cEfjxlSauEsiv-<qC%t|1Pqk)vK*<lRPNL&;y3WnSLSR8a
zw?cLNsQADPiE<s8%2b_vGF|=OEjK{JGks+Uvyuqz10{fo1DJLZ*w?Ciw`VD~hH~VO
zBH{uUyw_C+=yev5AWGWiYV814N_st%t^@M$*1`=*763IXhq#jQ;JOg)o|*uYXm5Y>
z4J0A>=Q1`l^*5f%izyGb)0?-9)b%J(^no+Z49NNzeuC*G>U?8s|6OilAi%m>8+R5D
z<~MA)iIT3J2dN96Z<n@wmwlucFJ*1u`{D>8cFk4!#w?b%0NC`t*=4Lu_#>%>>$|u@
z)(H6<ThZU(whWrG;u-2HL#c|M571ta)Q-h>^hA#PK_1}|-sonRerHC=Rv!F$+q;vV
zr7EWUGr888+pXU0TH2gWg$n?MAw<5VXSg`7aU{?G1$Wyr8HOKTSaa{)RVjPb_BJ|I
zAR>K+0saei4ngHV%!}F%0!*P50hKsCc)Hkz4Mf)u6={`ME5VtGmuX{S#OXf~m=>-p
zQ>j}HFT$94fpKOoK;*u(qp8z{IYuh9Zriny4iLjh1At|@e2a_WY=auYJ2sFRbi1}X
zO(N`lcKK_B0symi1l!spr1V5DgLou`_HiHx=DV5{`EHEyj$z>O_K(P`^`Vx!67~ra
z5yF|o$%EgDpU6|Kt+VsDmV!P%&kNnI8@hHQH@qDXlI^pZan=3zy{HS_nrKtiXTzdL
zV+8T=bRMn^l5XSweI=n$KU4vCAgVgMqt~K!hPPF4o3;Nj{XjjKlv9v9{ch9A5jo|M
zAqcWbJ*A|SJz>3Z3F^fsH4-J(qQ0<)_z{YI9&&qG5)JOCl@vRr{xI!V8`lK_j9huB
z*a^nS$e#x%lTW=MKeh=WOu*j2Wlg$gm>*d^CXU0x*=u9z4R4NFn+*U`xu5B8`Vlb>
zmZ57in_;cgKp%)MF-_q<ZvH25#U`5nl}P-&%!%j*5{IiPqMxJkCMZ`?*N_gs+>lfg
zO|T!Fo4p2cfababEU#mf3GJBNMjz$PRtxVIt?hlg(>>kdypPV8xOyqMpE!?(hzLrP
z81TJiIHF1jU#V%LX={VVBqE5#kEasL!R{hO3W?~%2Pt69d=ZPs-a(SmIU0uP%Ok}-
znLGN0C}pEvW^*0IH^(=^ac0_oxVQ1b?+A=~=3(^ZB0lpteo7W1OGgqq@Lr+%i}RkZ
zMT>Adt-zlwPy7LNL&cOG4u<p91*<@ki0eN4mqQ}Q)}iyiwSmg$qS0BxMNTjF*^j^p
z$Ho&1qAs?5xcn<EeN_VN>hfP&WAmIW5k0BX`?k)dTYe%Un1Xg+>3R|tL9N+)fI7<I
zwexMdLJ!nFhc=~k$sgDZ6;*ME0Cbe=&6jcEjN6U<rBo&lUD^?7KaYiaW8V6u{d(Aj
zg1=2sA@l8qfo{;d4A9*YH*f7SJM(e4b@ym*mNAkP``xvm!UsXBZpw`mK);R}sU_b3
z2o_hCTnr<MfdpVe7s>|8t<#sw($KnwL{C9=w(H&&xX+v`wfJ_A$hd}O9S@mb)WJa9
z`5MwSA|up{)kl;?>r|*IjUi)t`7YcMwkwMfLh`=RoftC^qf<&7_i@IgjUj5~u5Aqg
zor%-o5mwN!K%&nB?G3}!Ol|Oo;FAu>Di~Kb2fv*=;D9H`gx|KTFSG^Ay}hx5vwfnx
z0;GU#*#;zd745psp~ix4I!y4*C~ttY8qLKnZLMVHEgth;_GF<;Msc|%6h~P=#q(fG
ztYP0GL!9rE<o>4m9yr^DCjxn0?^=<X;c>ownQfkjZfwg{l%1i?<v$*J$|9t=m1rl6
z4!hwOfB%-pwgkw(0L<Rua`1xCkR8}f+pQrn#uV&6m0Mit?0wO<p+yDRHgg#ljb&3F
zBX^FqZAu5>KU5drnzS}Xj$@lE%BlD+kB1y#C3?$#G|Tvx-u!dLrHHA1K(;SXpPH>A
z)-SG|gxcBq-h0hIXD6=Vm402;Y>49TD#(Cmdqp_LNiKsw@#(rsl?Q$pVC^(F2)(b2
zQ4W-CA$E8tPstGDM54ZJ^{bIeGZ@RlJF$Cz(fsq1lKn2|>L8LApX&E}f*WNq*Sz^&
zq2HyfJgWeR901i00J$4nVT7uJFpYvSy6)(FY?!QvEeiP=B^eEJo~UQh;MAly-i~vR
z3g-S(nW9QRIy1TK)PR_~|Hjba>VFofXc)$qNJqkiWXh6D6%}~e2`*nQGoCSyIwD9s
zF62B;#X-?NDL1*Lgi=Bn$Qx2d4phfDh8NA?N@3@#Hv2LH1#fqqz(Xu0s;%3L0VJv+
zr!P(@0M2%8`4uj<{ONvBaa$3<&<VG;@4^ncm3UH4pzlW-XQfg@3_HpF-KO;)dR&*?
zC)cKr`X_<Pf&G^TUh1om5nxll1S^xje!JaS&U`2z1;lnDcB_A=i76?3=>6ZT`TDP<
zQ&@HQ{kw)`{JYn*CFwH8t(ZL{2hS3FJ(^L354*rstbpC&NV2F?OMK}O@m+2>YtOYD
zcGIwXkb2$JwiAlw{XoKJt!M*waLJe(4#aR16<Q3uJEgYG3u5EPnl{PkymU#-O@HqN
z(~rsVts#wpu4zLMg;D+o9z-Rq>(XDbJ6s!&9>F@or_zM<up-)NShGywcf)T)`wO)%
zF&Vjv*HEV5I1jK;IL4J0gq2DM>ycO!3woAe*JI{IGi%61Phxi*gkIR@p*vN>di6{#
zTmiT?x)4q|>Ae(=k(Et+;qF~1A@{r&Tf63`7?e>Qv@cq;{_W{*Xi0U>LKM5KYnZ~k
zj5L%Ou^gK{Bbg^6meqP!C-j7bh<m47>dGuLY;jK~R<&VkYfLy=IGu=2G3ug1)EVRE
zPX_zk2LTU4_7)yVea=C?t_ugz*1pD?za0mlxqEM2lGy!_dBzO8nUI~cC=!x#g;Qq9
z?~&9DtlpVDkHslg(rjTz?ej_E&77CC7WdWB_+gz4ug6-zpc^BBy0$+Sw0{?k|1$LO
z)~#@unW!LZ_`&dZv<IME(^hii5;yb$naIvenwOE`%s#E%wPfECc==e<4^-syS<Yrg
zOuHf^Ug=}XJ81-0KBu~$SVK~cu*&sRUx&hKT=@HZLTXaYuF4~@nT3wU$3$bVMxL*F
zX3n`^QLDiFEf$gbdGipAV6_)QF0i0BIs`>Lfp`anz07Cf-?8|_&2JvDXWE@YJ$0Vz
zoo<M_YfP2zM9lYFc4gL$hniB^SKwne@p%UJ6c5xE8Sfb?6MTte#@_8M*6N{;yxA9-
z2{k$$Yk9fgt#*?nX#P)uJn(^Y8IuFdM*p9+C`;xHD+i<eB1zCD-_Xv0w&#{^&j5iV
zukR47PR=a*c^Wnn?346xnBfWuP_ER{cGzaewDb3(NG;N2Quu`SgPVyUK5z+*OPWSn
z1wErk4ySUe4^##Fe=P0P!gn-ib!(~$ZRO_d!Q1ae?F*&|RNPq9f?O3(KrKX%BOvMh
zwGD$=kD-FWX$ibhmQ{5~@pTYywcP{zkT4dZ3EMc%;dmeO`Ry<GTzrZ@AtbMmk(6pS
zs_N(_ao_|Hc-oCN!q1%`O!rn;N2+xHI$QT8s?@nIQEXv|JnF-jGkg=0G{sFj{D@?@
z>)1Af!Ky?i7^7vIi9FtEnnVpQwwG)7sYDe(ii++tS19gs0pPHr-bqTSx$-ug0DGZP
zZ3!9HX{Yuo-3KYeMFVW7w*bmM8u((&vvagY-`~1KMCj8hf!^#qFc(zm&??Ki-GI2)
zf(UxcucCiTk|aV8dDyxIB)M5T0FF7d%VHdsi(u+{^i-t7-*)Zs3O*V|>Y!Y0owGUo
z<llb|-$dHYUIh{lmMJea!MFHaN$DE@y|^%yZGXr-H+`H7An49S$9A9DLOE(z)~5@2
z$!y=ic&$S7ki4HuvE37~!zReVBk=N@ET>Ult?{>tFQ#LcA8RYLMGv+J&pS`Hll2f3
zV{y4n`Pq||($a?0B=_04q^sT=$(Z*FVZLrb?wUQ_nTFI1d5(3wrbwt;Vn0ckd%`*t
zm&3`IIoW7<+@hI;`(1?)5b;{EcJoCrLaDcKFmHHSW%u(GnGzsMGH?AHLY+$c<mCOB
zjkNWzC}@AZ(@HI-`|j>HLy;I(rJhV_$iPg2;la9t22+XrQTkp4cR=Z3G;iIsT%h-r
zMXwaDGJ~;n!k{&$OJ@RsVDQ<b{tejc=TR;HWo+#lViI%hzmZ0uoGWnCKZx9_$;f>)
zTq67Q?M=zx&#&`gdz6JS3+=D2q<;<RKdV)AgJLsvf!<xP+7*X$+KHI8q9CI5i?wT#
zP+O7*rFMW)HsY94XJKGvCAR<lKwOFV9h_JbNPF#=g!&%4Av3dWtieQ#V;8DC#<Xkl
zW@WHqW_Pe1(z}FR9dceb*21gu;Rk*np<T@743$-!YDNDWBh-_WS_q=${<PvDhT$k%
zyXe!Bveg|0W>#l{H6y#$Hjlp~wggG)`#e&N9!RSaBk*W2bp;z%b7~vR=*9eCf=Mdm
z*o4LpGT?E5{v*K#ajCCEsXzFi*~oJ5o48)tU)e4kcaVn1onCmh;uPMeSklv(j3?_c
z<_fxvK_iEJLTW^hr&uJMsJ1}-okS<1*-!CZcN@m5NaqLR;w?D2p~&VzQbz%3rJnjM
zp5_sR!t^!(gNz66+w>J+3a=>23iG0`GpuBJ!t7VV;N#AIoX_5NMrAV~To$lnI!^=~
zMg!@ag)p!xG*m<=Y*`N{%x-<RFnD3YiVzZ7<=5Z6z1=$_vW^&mAJ#Znfpu{c)B|ys
z={d`kbm*8;xVY+^O|%?nBXX(tuexNuIA}XCx9^~jS~AiH;GA=;6XQ$Li;=t>uP1p6
z_nK%iX31+p3OqriO5@RoAiK39rJ9Xspr~^1bZ>0;x#MZfTvdxolG{^kJ>_!R#<_KB
zU(B*3Pdm1;XM4vPgd9aHW?r2?U_>7q6;W-gg=PNY<_VKBV3wAK(-MO0d4&PQlj}4c
zZ>fC<q7*B)prQ@oi;JLNdJ9WHD(@61eMG`_t#~3A$60`&j`IPDz0k<^XFGnJ$xXw3
z!I+IuDuc*@Y0%1+S3uzS8xYs5C_-RX1<IaRv8ZLV`61CNM;Up339dtuk?$!aHm_ia
zX2}71Y76UEQRjM6MpyI62dxE?J1aZ0{(98$16hsuS;q5FJs46GXDxykQ=%i^G!OB?
zgQaD9AxXqua&a%8CgG5uFhrcx%c)iD1$ETYktFyXN}${rw5dHEKlUa$F<@^nIZ#j5
z(wz_Rs?rIIS<kentxo$d>;F1g5DVNvLI3yc;mBQP3u_dNO6xFq<t||)=*-*TB1qBV
zpYKgz>2S_&h^t((KZ?XEFq1I<*=0S6aCD>=k-`<nGO>a}P`hF!1BAOBox5M?%3~&R
z!`u-1SeG)knfP&F(F<aD896L6s%EXj(T@Fof$An$3#&7|ZaM)<<kK2>ctlHfZ~8oj
z1;AyAJ8Zl++7X-FtuBYE#=Byu)_mZzaJ@wa$>OcFJ(K9=A&fzJ4ln1VGCRFC8*@>3
zw!)(e!}iM-^CRuN1u{L;NjV{xqC=j@_FkeTHZI~Swg=~k3dH#0XcJ*V2WM`WKqmdT
z!MIYR$AN1Rch#{JmN1vNHn@VKR(<k4eWK7&ghVXvflIZ{k7U*xeq#wSh8~R<M@Ijg
ztDOAI8~&3mM5ehq(12~#B~HVCnSOjB4Hh>)B;Y3AHz_*3F7cCC!50JQCDWc{Zt<5C
zdDs%<t*f)m09;G>nh#pP<7UVTk=wl1PeaV}E5?xCM(L&ySa>L216qR~`$$F60lXdb
z%K>XYuVM@Op{8}&&}hK1TKQr|M?_quK{e^=q_QK90VnjSppy=8oA~Fyeku(SS|P|P
zPO{1t+12ymeS4P>@SR65z!2?gIt8hyEd{qGInztI6XzFuYdRdqDiVpDIpNK40Tt3Z
z>_NXR@V{|f1uT++?+byhDmf*>ZFye?Y&cyl{`eQ+sMLzF52S=*(N&P`H{WDbyUMTH
z5Ag@AjUPAr$2DDplGld;X}%|rI0%Bm&z#c533-oDi0sMnIRnp%PGQiPxZ-)kGJ<J#
zW5FK72HaU?B5wiAT`rD$eZJumaonH_WOS8kN&nA`_ro7p2WItK$=~Dp^$yuwa@oQq
zT_f}ntXdqmUCT=~#P>21(QSPu2=mIRc@1AAxN}uf_1_ci{yV0qZ*6~Rd&qqRRu=eM
z^A}iDp1^6bKB{9Bl;S2sAd<IkdV>7rLw1=R;lLyR1dWWsN*W9!99QcEx}%9W#@4t^
zhu~FM7z{{=Og9zimNZ#eNcB1lrbnv5&RdinX!@5)cWym0BQf3GBo|Nro=HsBIB^K%
zNtSA0GWC?)_syt%f^%miu8BAslF*^ubKP(^R)%Ps`79kO*hTf60n@YLW0bB}jNP8X
znd*(NwB<M0W4ypaMo%el)nw$&*}7GOaF3q`KdXpOD&bd|g<GSGUizuWBNckOZ>1XE
zx&?{Es?WOiSG%0Yw=>BzbOd35Y(D-MuJa2e0O}A47dfGpQBywWb??4hB{vi`eyBAE
z?}|Y`y$!`$@V8Z3BZPj*-!J6NZ~QOd?Q=#vU@|!kblXh$HKNvUUdN%n;H#L}`LoDK
z1v%HK09cLN`$ED{QFv=m>#IIJX<pk;s97V9Ko<3^4x|<k2L(*)BT~XX9ypT3s<H_@
z-%}A@5BK|u&Gc?VzU*v8fkLlf`90N%o00P;+RDG>u^LO|8ge}1p8wYSH=MOhz>C-F
zNvZxyH8d<1!_s<VlKJ{cbv15VeJCZ@W?7{LMzwv%(u^eV)mWVuEq54*!#YJ*ZxZ0S
zli<EQc$X154G$i&5~sIyeixr28E3ZyfA|GUlvkoee-jU5{x4SJ$V}WXBf`XTBqzAt
z9|cPX85jBR7r^NfpJE=}K>msKya2x$7UU_`tZ8)}IDntw@d3Za7pmdy<5a7mJSB%^
zev$h9<c^>x&5HgTDe^q4oPXP0TkFz}&UgBLGTqM@<v@i$7KnPM{GG~Lp|^B_+)?bq
zI}yku_x(y*C4i}!xFlCHN0pdG{t>NTtg_X7x;WnXTM6_Sk0UMIhJuRfri`kAYA?WU
zlmKA1^E@`^oG8RJ<R9zG53z9hoc&Wc_3)Bh`4c9TA#?%`P=guZb9U=c@jPN3!tkU5
zblR8-aq6=_dJE(0em|fw+Q+@o?Ny<DQ7l@RC6f{kX#}inMn3zctJ-pn2Z*SGUrG6O
zGfm=cLZEDW_QIOsCgK=1AI#3BcdFx|A;2QR=k&lBSl4Ut<Y%C*KngSyj9eSSB(YQn
zW(nkCUCYUz6-jE31vvM~hSZY;1#LW7Id;0eFp`l0&;-&^KO<rk@E`<ml<^(6kLDFU
z)>OI)>iqu6Da))*R_*nO_Bl-mD{ZcjV^?&C^hjyerngHM;4`WYP9S1oy#zIlwnv%D
z<B0??i{l%(W~w8Tq$Bo`8?7vtC9N&v`gGoN(lm(lY9@zz0MH<t>9pr>^H{wG6HQTx
zg}h(mbH^0@(Ig9}`edY+WogVI_Wz~gfAYXzBzmq~70<E!e{0Ay?U{7(LMl<<R-(WW
zBzO&YtCU^|wJ5kZhJ@4#Pdn|5c9-q7O&P8`7pOBPvL!0&PEPRH*`7_!E-*vZ>E80|
zdhMl59KO0=5p(nYCulS0*jKm?g%wCRbTX$ibLG?akonG4_=76L5E<=jC-61L=W#w_
zS?HA4^!=D7Xu!nb><ts7&{o`aokw}TOOnY_wwSq8iDi-$wW;((RgN$dd8nsaSVh;J
z<5{!gITC)-R`1<^+XdwM!=^+K^S^3y0{NbPo4R9!wXB0&qDR)uEz><;U}*)7V?;pe
z<G6DLhpz_5I&E|HsnL;Q=y%mK@1crWh@Cy?S9eyOgX{hu->7o+A+*fmA)(_fS#su+
z2PXS0pX`2Obq3wWiyx)HutbZr`dOydFnLNeBXbL5NZ5Nr6Sg<^$hUyBa=+u6ux(+y
zp?Pox-G*{gQ!EOoWTe1eST~Cy9(rQzxQYuW^CyB)#zo_QP3^@C6#7k&KhSiw+knK<
zE`sItRjck?Rm&K;jf~FY0StU3`_}L!UVZrXE=4{=(snO#(a6B?p#?;V7P<AD>Ux3r
z$;HpH=M6+Mdzp+#C7s1}TP(FoP-IwM^L3q;$N)<w*%a~XW^ud6jQAs}=)T&IHyn6Y
z@+wf435J^vn6j}`)O2@+Q8_?4Zhi8iN(56a(yNCDyIa~gv4q8a&{5OB;ffyMeE&IW
za!DLP(axt!4h8}%(Wl<I87Jp5v$s8vVf7?z=*aT&s?`|+(c^RZMj!^7Ra6$(97OHM
zWpXC6Hn>^cW793>bRm2KMnq-A<gUN!Sm-re;MouLcn!<gMO=L#bT>dS{+*0=m`V|x
zuK<?b08}R$p){|5Bg<)E4(dxxG^94$;M)9b6Sam2w@n>Hq?zDbt9zlff+szq_Q50=
z{O;7#?N!T{0RNQboEx!iiWHQZwx7ye6D&NguwC!W)B*Pl2S8J;81lcOvxJx6ny(Fa
z2&;E7Uc$F4Tq`BJtIuh&_kn>^qEZ>OM9RAtSS8tJ)I|Bz()I7c9>x`C_5mz~^xm=U
zQ&Z7ix1#GwE7=3PEjl{n8#2)iDE4uNGPohXho%Om$t`eRSYM2TY<klCl}VZd+}tu(
zZnY({t+--K!wq_@2>4PTW7WD0A4`~kS7%>N>hbb-Qqoklrkk@&BTomd&?mA|VX$;6
z8F(CG2norFSq^I_Zuxryh0Mjd<L;6LL55NjTtcvpsX@6tw@P|}C_)==Q3b^#f%bes
zZop?~Ru*_cFf3JOh_dZ~KXlEyJG#Oo9@Tg)3T$LywCTJN(XJLc=%XU-n*;U>4JPl|
zpH00XK53O)C(l3e=PA{%KD?qir>l?Yogw|jI#FoM%5K*bmn}f=RTd%X$aY-WgX8en
zO^Je?(w!{(0bYMW_?iM^(zfOpQ{~iZYmdgxCS<$gk{33&kS5(G|9`f3Yn;^@43WZ^
zKd)9rDRly<J*q;BUe<=3$qdaupeSpX#ZfE~S-=ZEM#O@?$oj;kES5oAj|4){StEUb
zh1RFIXVh}fh~w#jHD||)=pIUC65t5{b7kO@APjP_mC08vBc$miBqf~Zuq*^lnl`Pk
zYK5eOQQ;JtIS&NOjU&4&M3!^i9pYkwP6r=WQ>@%g{#4%!FOLNeY>3+qGFLWkcf{Mc
zOQRjaqDXiqiikacAAIxncdWsYpOqH@6Dpj;z&~j5bDOen<a`2g$-;E6n;kHndb(m=
zYoo5RFFkH;jUW9eLO7*pM#?zrD<F%-stL(SpLiyss1`Y)dvZa^Q@9<&yX))z6(tq+
zm|2{WeykFG8_WCrkfU*i?#pS@dYi)3R+;wg;7xI13BFKP#$SQ0PZ`b<AKa+xRC*im
z7pja~>a)R~r4*<ptK6b)U&2)-D50K%-zx$1b?q~Hd#qBUICBzn7sBipitb<pcBN>Q
z2pRg8g`$J+EJow$E7?>G*==m{NWBKOM`6a0b)fJ9H`s!tR26+x!C{O>#mAQ3ro^AA
z-svU&MU;R$*FY5JdIsm_g-AtZJmEv#f8Ay%cw&$7)8W;Xw)D~X0dB8dILQ%+vvTVj
zbs@rcmiTLz*ndlJ>=x1<;;|iZV!&+}?C)i`<73_pP{y==cWLk<A*iVefwq!6`<?X^
z21W08y9i1;(SU<e{3P!iUwb3)^!fW@3T3Qg-);xYY;1P#VRT87<94Wnh{P<vh)Bkw
z;gb>0j~HXEO|J|<oEI9y(-ND<*>bbTzHo0Ddgkx*i3a4DvcbsD)6!u8aWN8u4fHU5
zGod2Jj}oQ#v-bD6?-v%9?0%d)diXCb^(0s8;Bt;bx|@Ay0Ul)91X^Mq8NYY-BHv0|
zZzVUxzJZ=rZQ#Q8HL#9WAqqMRdCM`=f6vIj5Lb<@JaCl1+CBjt3DP0S7N1Lr@@q`h
zIGgPW0-4YtKwx4SU)F}+X<y_4_}tVs@+k}BwQ8-bi3xvrWzE<F`k&65H;J8%=c!Sd
zF8j0}I>By`Q%#lLX;*QFd1BlY9$DIS9pDqrmsAEo++iU*D=YG&K^b_X8T#^UsyoO5
zAF?LiZg_2bU)zF29?p?MnXUj-+BoY`ej^)=m)iex4YQF&hEQ1EVMKsjJ88^EFjNGY
za8ZvSkLm*J0~ZXg`3K8ECeU}YZLaHq;LG}2&rVE!vedFzO_w9j8Cqscq8eh{?bPGS
zh#?93^zgXEDWEb;$7aed`B!B;gbugPow!?f{)>Da4jUuv^2b797*6A8^y(tG>xHQ7
z(6*7c-4n~`@}3Rp2;Jdh@(|Ek=s-q@7e=Xay4R>HL(D``oB`A0@w$_!J$=pCCm|kf
zQ6V98xVSNx*}}~4VE`?$6%xV6TMV+8lf$DF2$iQN8JAWQk&9XS9d_8Riq&ui4hKDf
zWV>@+x#OdNZLf$Lwf~#f^2V=@MA}k{-X-(0V>JR$4FcOpb)K|FsuKke?>{=}b}#qy
ziD0~nvmM?IHxs#YhnceCm`3>B>^u>*plz=wO6pkW{!MdHK?dri!=1RPZ5Fg@AUv;M
z2A37-;%jz-49xVgSS%Dk1p05#*vw)!L$G4Ic3aoUXddegMMFvoYrKARsR3|=ildJf
zG4f{a#b8w`$n3q!QK=*mZVxo}3$*AQbL4cf=5VEB_FULNgrdnI#is@iu!FARC;t5d
zP@Vy#U=+toTV{a!#*<MWBl+RzY=NPvnQ`<gel|32>Z;(sH4Avq)Ddy3eRXEw-(0Uq
zY3havW{GL+NEGUyIl%OL3j!+~CGktO`-$1@5*t(!BA7`^X(~?YTaekzLp~&w$d)RH
z91{pD5unz7cW(@Im$?&uSP%e~tcYD>YYo7Id^D$VJQGnvKSuLjqnZ}J)XzL)FtuDR
z6~c89B$GiIfv19__!L*dLCFi2CB?++Xo%y?%yON*z-{mn(8!fm0#__gns;6qdmA1E
zIr#4IR3dEbvCv|J_#X0Qy4gLLE6uahb^$8j5ETb(sfNBwvd&8~y*vj}15kzW!wWDY
zL#T^6>YN47>La}cBOQLm0hej()C+s5GsTc~z?9ibCY(!&Rc8WT4%jZvTV?037SDUT
z7Fo21*kYFle2BlZo+=}2dWD6zR0lTq##n|W{QnaEij)E9<}#=3)Ib1S7sxN65y?2~
zn__~k7l43l%W2TSR)cvQi7X6V8@4%%P_Rpk*F*p+5pf<1#;1S#4LxhF)0du!c1@I+
zWcbbUKMH!a2dKr@sm*NG_odi2Q7V%U8vf-)u=x~?><oD^G=SXvSuI4URhF7elnP?G
z^*heThN&}`?M3df{UY~vW7X_9X*||GzKy+!tc@bNT3&%@dIPtaNITfiiiJK{Fqrt~
zNVHUQm|`~T3xxTZU5_x?8cVs00K$$Os14Q<GTmFm@oHw2MQb%$)wbN_HNK<j$iN18
zTMo0Uq7+$i9o*}6OZz<@mUh}W!2G++SM<fhu_A#J@){Eg4*z!olq4+SR7bg_x3c%c
zt}|?xE%xOg(*c$8`o$ZEE6)QLggp_5d3B6zML8}o!K>58vNpET!F1w$)2dB2FUV1I
z&;m0%N;><H#dV6X8-E2(R5V0*0kDl}Z%8~N<Xu#hE5ty8MXQ)>Wi?{#xuL22*Ypig
z@SE8!Dh+Ge8#YTLlvJqTM=#Eh#s7H=PygBGJMGWRsN)3lZ7SHn99x&~3V|B&A_Bcl
zKpzE7ms8OLWKQtVM6}f*m||zgPMNL=NCq1csCV4F?74M5iqfdC)-^i@PKaY~6MF>x
zeJpj8Z{UOCEWU`$f2?gLJ3y#%KFUO=S3;K^c*9c!%QHGMeG&Q&4#N3QsSC0V3t*Q9
zo~z!u$kBti_e{1*bC}gXel3T_BDUZ2OmiP}HuTENM%E-*w6y*0zYJ8T)SBg^v)#k}
z^@E5lSyg;|KI5V!_9x0?B@KKrQf$JmMmTR@i_T*P?0i+BOC$9!Z6Y=I11jXCLQfEf
zC$yTM;3iL;m~fIhfm0kam((isFejUbeNef6tRggr7?nas`n(T8C<VW>l$6UWP~rW-
zaKEYCGJKSwK*zLp!4hcEkYBYJSjLfp0@-AO$4R_(*`@0)8<&a~{GjoxYFM=1egzvz
ztY57rv~yPUR0uQu8b62DU<1!oFV?&g-e}np!4=V12B?pUQKg7vw7Pv!e)0wN2v_&;
zrO8_-p8C}dwVL4H(0}E_LkI+^>2QGSV$DY7V>&!0W>wZyx;A4)4z`F`C`DLtTZy@A
z=6w)<MX$~X@}@p06mrtYyKJBHfF8D$7UTO^51IPCOM)K4FAmZtTD!aLwerCF4(dh`
zsP$q4(f_%S7!Tx)%4krHKp2mGGmtuBOc$w?`p{$3h7#@t4F<|}-vNGg+$L1i$T83n
zksR-}6kFO$YrD_AY~v#ai)89aPu%vC{ZVjGy~m|1be)XnRV4F(Q=Lm5M+apqtOB+J
z-05v~@4=UyX8BFi9Il$NOIN`M0J>%?Bq?5aNu4z`@)jnO#Jh4!*GRDG{-<#E^@X*+
zN!c-!F&WX=1nXt*E$yeArJ|6P*)~cKXPdSo-;yhHBuD<Mi{E=;?F-HW(tdh{wn(|L
z>D1%dci~ByRtpyv50p1Eyv9P;0JR(Wq)|Q9S9=e}Z#V)e*~``G;YF>btNbWgVf&b1
z+c@pl;zfc`J-^P*vL_VmuKS97s%SFlk$hn_>Snj(B^*G2C(Na_{gyh#v#!G|s9;X*
zr>@{9pWndk&Cv9|2$rYu-^7eumMhEhP;LOo%UeX}I@vM9o^;RMW76l-Y-(hv9UgsN
zSUPFBjn4CRHZX_hc|BV8@(ovR0P#K_=H6GWm&Cs58>pZCI`Va0^1J^(rGCz+y7q70
z3!N1aAYW)e6=r70QiF5+avl4jl{io3ani@KW8ALHu*d70d>xvPZ*74eEp><xY>$F>
zdUlX}u-V+WD4*3WCV}VlJZZnv+=bs813i}X1XI2)lvNKq4mYY%L4nrU%&x90p~Dax
z13(ow&qnql*hjuIxw~fAi-Ps?Jy$G~M3w+32aMYBr%4(jdpI>N-RcA^Kx^A;W++U3
zBwb51-(P&W(NV2F>dQngSo2pg$(K)&qT($l6);6P(JX`@c)q}Bo$wyG0uJ~bg`}cj
zqF)y;1+nMHD*bOfU&WNU335BneJQUZx<B04Is;<rHsB#>EkF5+i$v|hQGi5bdNl3k
z=<l+EpXEIwSP>RWm^Ol!x`gUoyK=`R&h_DV(>~Lyu@#a%a9iWgJFBe$?q2q0^)VGm
z)=Z;eb5~XN5`dl0Lt0drm&^Ktc9xOYe)h>|<S964G`T5BD)PUe@nczMwR<(1vP0HJ
zSjbf};Ghyh_cni9U}}o8IVQ@4$HbxAS`=_A09cKVs|q#ZCYOTRB|voN%)@f#P7y@e
z-Nv^s;euPj=(vf$Pn=r-C%fw@0_xuRIn;-y<K@sxJ5W@^@!S4DE@+72beFRUArSop
z+8$V;kEsu!Ni0*8RfVZyWG`C|%8I}(GaPvIQ5hSkoYK}|o->*I8-LP7dIr&=be|T5
zSeAej{eSt$d}bk^j*-_iAj(So%4U~EiG`IP<z0#9#>6|9C@NUF?9Yke7OCyjC!%zf
z{)wpC8WcBe;|qV6W*%WigvUv_5CxR5ix|?ke1{~bOqp`(MAi(oA2<&Jb06-}NpnJ^
zm+mm63tsC4pYL0upc;KsZpO40B&ZyO->BU?Mx#>km~Y=ucIh-Xl1%&udFGO@M65BF
z3A!c(HTx!)uQ{x}3*dSFc%l#K5f8aM2Cu^tPJ!K=kH>>wkF{Tj!)yzVtT14CwqA&z
zUGvu`Il)Idgq~ZouCj3}CC3KqGy<Ppc05g(MzKy*`(%>B0g0cAs|VtR&@<o6$JDX&
zP3p{sb%}~aDS7wVUCMUKFi9H&3H{_c_BsHYKJ@R<cB7#v4X&1=orsy%+ANbc^yiuY
z28ou2KL*lpd6i6;gEWKdctdSna%qu;@^gnzW{x4#&^oC(Y9!%VIoI*QZHj4lS}2PQ
zimOjfOk(%1Uv^D2VDoVJqo@wj7ZM{&1jf)aPuCq*djl8me@6YcdBq1bf@pdnNFBs#
z+~3VNoKuM;GrLpSH`ZLjI=7EvB^oHgPmH(^n}=9WXRa8Tqffgd4qZaZ2v8V$wQD>>
zmayFUH3*I-V~3jInp@?iprA6`^+Li?P?p#8rU(9Z)-zkpN&+MB#7O5GTIXIJpMV#d
z{keto=3(Q9hNBtu`RshZ29q{C>s#(IH-bQC;<gSd1Tx%<0OWwNxNX@EhS8K<&c7{l
z5Kj%;BwQNG5b#>EQ){s`>_RE)y*3Ml%RIuWJbdJNl59sp>YznC$(kf0waC1&lPX1w
zCVf_xwV=)JoGFy-rpX0Jgiz^K4?si_ItmSzFrZ$>mOkzR;_MG6BuH=FonWXuS(;YC
zU`h!~$vKr2hji23t@$||H7gJF2~+A?oH`xPe2;(JX&m_lIE9z_Ax=(xyA-|PaO2@V
zDM27Q8GcR4=Fbr4M4Q^&`f>lPSQsn^%CakY$e@$-p}F=3^$$->2lJVIlR5ev-tk&=
z@|~iAUBl3f5)fXC^*5iPc)}L(e&`bcU&C6_tuA(fOT@9K-ekr1(hW*dG25k4j!V5>
z=Lfv&7CwYk?wR$O>2iG~w*B}9PwTJM#d?sD={ww`stUba%GZUWd9v7ns5OhOplK(x
zFAw_aPR6IJjkp(h?8Pm=To3Od&kicy-mHX#8hDkg>K}$e4{fw2Ri4}qHG@A=90`xp
zhXFDqmT%PoHDiaYLkv!--yZV0nxg#+TNshvWy_K<#?J+~Y2VYOUY-9zJQ6U2{94&}
z2>XmnH1bQA!-AD6_BdNLeiiyAGm@+EOKPQ*aPkvM`pcY;r-;8@**RBa@L*eyRm(WN
z?@j#T+50go^GQo15;0G$%k=+CFGC<00#I;6vH<Qz3Uy15a49Eu0>eMeBHc}C*Nehr
z<2coc+il>@nJnqJ7EzterST|GsVgw5i_H2=$F$6@*g&g(Aj$qY`DF#40OV_z(hb6*
zT7ay!RwQ=o;vO;lHkmOy0Z%#lK~`FUgA9h}_Dro4eURO^I*h?#k1yPy&#&OAG4z(K
zm*^D2Eq5^*kM&~XX#@RzY;_L}J0kPvUvV|O43uZsC?ArAZP^#g62y9=+qB3(Sd)KJ
z1x5JT-j09bL#p3}E^*pFlwQ{EJy<5H_nbW!JQ#m)O1Q@0(QH;J)c25Kqm<Dsun&B0
z=QCF8b5^G2=(Mum#2A9&73>FI<!0@cFlQdzW<nO$13!vm+xmjsn#ScTCMo&#-l7en
zx^VO(SC@QbDlCForV^RxCa@lvYf`BQD4^-)dGPZzjOu_6&)cCSa|%-@sn|og3_AO1
z&9VJ?o#%b_H4SFSClPDKX3T(z-R$XUt8F_GT_#PB2O40RH^_=bqMV!8fBySff!S{|
z?@Zo}QRi(rUA0~9Yn~j}(@yaOs&0O$wZo0x1a7g_H?sOLt>4DDVWs5qi**TE?NmM)
zGy^k!vR-O}sNUoC-T<JIXe03BR4UsJE53i?VO3}Z32SF;!LzIKeao*%0zY-kb*WjM
zXMZKC9v#QrAH{xNcGGu^vj4$CGlmN_r^|a~S3H71h0?SyS2-_CY)INFA-w-HKhr>O
z?0@xnX7>tBC8R0am4gYzFH0*8@<K0zcURkF>q)8~F+6(SPO@%*3XQBUA)^?B>J543
zMiyJULmnsQEfpzDt|Mb+t#b3<O5^yu^C`psgMZTw@Tny3=c#u+H{owzVh03HF)NeE
za@nT3(Z~?#_V((zk006LQdDKtFeZ@r<u$VDg%jD2(+`n~8g$>iW_aJ+<(G7-h&)m^
z_xT<3K=KwArRpIi*beNCEI5}yslODiGmujK$|<3^DrVzUl91msi2K_ggy3Sl>(_{H
zscX)lze{)Q_${@nuR(*kM)}5sw4Up|u2+BE*Pw|~p+65o4B*WTx+SJ=X^y#$q`)`?
z(g_vM`fU~(@F4e;*FA#HXJc|@=fV9tox<M$)vu_jA1wAo_uO}8z+0=Jcd*N>z2Q$5
zam0;!gVV9+W_<J<O@0M<xWwSt)^Ixd++s9;)R;FapQq946%`Sn(=L~~<OHO#DZ>uB
zU$%-?G#suu+T6HbuK&fBD;cIIaCcg2rIkU5%nH|e22`CvL%XRK7ndCvV+KM6`smf}
z)sL`P4yN}jcR^lCU>0X81T_GYr-lXC1zYts_ibpR`rkn%?;Mu4a8b>0|7gIM!;7u{
z5yoI$gWUp+LL`;+7OJFG$67@hI`pD{w-QDT>!&W_ZxOe85*N*}e=rO)c&r{hn;r!G
z(p9HFS7-0}8xXD!KZKU4i#F-0p|8V$fdA%`^;B&^1;r7LPB8>`VWC{RopK&Ukd;vS
zv;iR$;9QZlg#pc4e##)}$jrQUcq`2EvLPWkCFlE8*UzvR7wZK^a82zrog;FFeNWA1
z{+v7nnTx&yDQPX&nZSp+kkLuBzk;pa>)AG}dsX4wzXF&02wXNQn&W#f5Z6CZ%mCt-
zpwm+e<$_PU{Q!Ut$qd93$LsJNkT|_FBzR5s6f4FBHVRAsIrErS+D=wU{^`AV8Q;Td
z*9ohEI{(*5Z8v2X4{g)d?E$|7IOXS@vZOT}1<woHGDQq#6}nBk|L=SfL)ZlCzj9L(
z6dqGalNh@KP52P1Pe8#uUKg~hZ`&<h>iN`4Cp=7c`G09LPF*~CD8{8}lZx%+l$0>j
z@@fE-&V%lEdXiU;7#gfHdwDy0k(i@J=5H1}yR}?q^-C#B`EU4>M7yG(`kklmjd6qd
zD@=K3YRKwmO(8x@qIB0za|`;9>iR|f)+K6ri}F}JJ#7rz5|UCpo_u<<w|L6UhCkJB
z5F+c(2&*VnzMw52PO~GjT)C7DYVU<36Kd%gd0D2&pYMJ7;kkZ18dtV?Pmt}$M4@2z
zDhI7svB7F=#Gx0xE5)DQ{Gk^b)cW6OTB$e*PKo!AUZP3*zWrJF_RI%tSqCSNq8lwO
z*DTNnhtE!DmTdU}ylCxP6ub!F)J}ZzvP?F0@MR)A<s}F6{6BIq-vsLQa`IKtWLf34
z{Uc}O;#xh~AwiUq4}-SMnj_;U0fO&_tJEaru<s3F$_U8W@t5Ge-nS<<E9j;#6%J1;
zC>H>5D^YsyN#sbao$7i&a3WU`29-OOj%W%Ee<C>=0o#9mO@tDfH%r|r2W9czNX=N;
zlVwT^+lbWS7p$AKpURV}$q=fp&!>FZekJ@RIK;rLEkg9UjluM>_TOwloU<poDl|N?
z0SKce@;Z@#RO9z6>&Ljz^qo)cqw(`1fV8tDcPqu-lg}-@O3kwWEpD@G-2Y{(e}TNH
znsK^Iaozb-e1USqOSa6PQ7u6U)};<*&@QV2Y3xuIdZZfol7e5w8_D+ursUn{$^x-6
z9mv(y?3h3Q?%4I$oGj6=$Xymb@jzuG%jSWw&Y~)8H4#~KoG<S1;kkrDSUlAKmjVQ-
zBMx~4s~oQti(vpVuE;sr?K_1eV;HD?`u(e(uI;64W&DNlo>tw-(-O}+kr3R~WW8E^
zYPVpb@S<F4q}MFXYB&8WG);bCnr`&4#aU|@#oWpWmgd##u14&N74GT(QE`NKfsjoW
zI@(m5FY+m>F;9SAj0@q}g_34VglCt;a;41-oCG=0_3c+~o0*3h<)1qaZbeck)8$T1
zl2tEwnw`xRHn8}_vo6EWDA+XAHfn+Ydhf8*l|-xS{i(}Cb3?)tnv{cNEP9ASTcXa~
zw~@$wgT1DH9A|fLd;~SBOin^Lf|ngoVn-vE6r~t$gzcO(S~vfpSUyHa&6~mQ<U(`D
zAOZfT^7d_ZR_b0#kk$ExYS<J6l2qFskc+;%<1wc-a-UOgU`W-t;-RMGbPM^ixlAw(
z@h=FV(3d~{g#^CZ0WHKjYYPW17Hp}h6LsyVK*7)doshN~mC7b@Fp-HVH9i;;_{lVe
zAwdw4+a!rH_V+G2Shl}!%JND>M_~r8(&zSNh1zs_Ve+#6<x}<j=9|OXv#3?u<7Lv%
z$8I`xrM-v$$~vOX5CGgyM=_n}zPh>{E4&I)?Z+Zpmn8KWh{hT(N`ct3ZvH-?%Ce4{
zh~}pMtSLVr&yMZ#elgj(YTdrkH<LT`TUrFBYGDl-de6HJHuL3QCfxgqw%NIWoaYxY
zDl)&r_}Q~=&dU)MuSBxAB1*T=NoU-*w}Y)Z&o$(OtY#4zKMc@*jVZpdK(vLc%9@Rx
zEE)T$W9LY(JB6U!EVj#}OG6!GSs()M_=l+Mq)gXg(y-R9`3cA*CAC+6N?AUaTghK|
zOQ==@1Sbb)(Q|Y!+tgmVNc2V_peAq)xAQy7(P0I^!IZVM@EmS-0~OjtT&yUg5YmGI
zVx4b}O;A~ic`GPKTWYRtudj4BmDzNOWHdDf=H4$M4a}BC^?A7P5O7`YT4ah^5G!6G
z=wDWkK5UPVk`-uytKcv(&!4si&e|7Ak2<2f;Y9u;fFssFl7_#_G>0y{;i$`AkBx0P
zgdb(KB7-REdls91_oDWC_D=`ipIr5cuwyMfUl=4m%oS@ATswQ7KJQs$DQ4uFm+xc}
z7JGo;JU0i#mGipP7EDI2f$F}ox76D>6X&Sh>H&_h$7<{|1Y21gT*`XL+pWp^a2<HF
zv)s(2T$}Wr#24ga!-j}xDg6$uXbJt6%u2)OH^#}dx+ef;;mbf){ReE$1EFBT>tlDh
z!+5SD!mT*kYO`SPUzy`M11a@Upcm9772M+L#=GnrsmpZb;CFKy9eRG%q%8v`3Momt
zrVDn{nQDiBg`Fr4O!!(B6&>0oYYe7qS>D?yj#zA|wC}i4X<J3i%<UXQxSNR_wc~I3
zpJo5$@CMLYJ0AW8LEo0ls|+uNB_{N+Wm}~Ae06q=+vmBZ1=7nAg-C#|>^IXu7mmJV
z8*LZd#%kEPb*sqB0!;Q>Q2lKG;D|)56qylL=EdHQF}}{Zk-ig%%Lo2<{w>G-Y<#n5
zjNOj^;WwIGnm+5n#D9-T;|M_vV4t69`zQD3d)fz>LAeqLS<{Qal5&fD;5&s=d#L$W
zXm!d=hw0~?5v@W+TX=XfckOs;8)!>x8<V_m3~MuXW!0P0t`^MQ-vOz1ySTz@Bv<~U
z<~US{FT)p*N9k0k%O*9C$_3D@+4etIm?OCY`MG$S9ML?o;eyR_(DRhDGu~Ek$9O-W
z;P<*>kEL@1f&qthJ_Oys$6XZwr|kov+SY8--t1ef0&2x`Y*L!jpVy)keUjvW5Tyu^
z7mCAf@y7L&;(O><HtDB#t<mwiNw{<pGnGHWmZ^9tN1qaDZIWmUp=N3<+>dG|gd5j!
zMPvqr7Ga0@$`Hy}>#(`)GWbSUjD@3nO(u&6o)(<oiijY!`ZXf3ubRSApC)drSN)%s
zq31Kn&}F+W8SlO1(NrrgwI46mzOqe#kRkizd)n(`wmU3<0JzQ6nYGmsn_GVzoq8Fn
zS4C!|3h-E)UHN6RQf9o}0t1iSQNY!InTV+vvyk>bLJoK}JiDnHAXkZz)*TSv&EGtW
zcqv8|;b_xq6Bb!spNz$u<C`cAA)YksjASPqe7&$B(ekPwh9MNTlSC5M{R|2~YS{<+
z410&km_kGO?gRLLbdn}9e`}UI`Ky__Vyl=HTLTnWQ&;p_R0`A+@6{bb`yx!@(0nS=
z^X*hxwfSJyWv3(N9K912k>EqoiW)F5Ooo4q*Dw2&b_-P8enX`8hW#$1zuP}~b*T_e
zE5{~`=z4nq@oPaU<hSu##QgrARLrI{N=z`AN>+WQ&R|Yl766=$EE+=1+w_(=?8X-g
zcAQ+y(Va?>T%SWco2A1a3=VO0X^ZDo-c1y<@{1bWkZ8IN6Rno&)CFx9YMTul8J2Of
z4IeyvsQ9fYJ2`m_44WnR7)6zmAfOCA`eLj1NvRn-vMnMsr!{YA;i<AAgWosx;l({k
zb)|DwJLB??^Yvvd)f>)u9e%<O1dnL-iJD^*#|af>{j0B0K;NO8QdY*2ByQf@bM!L!
z<`#r;EH1!s`!*LgwaR@v*fRDXs>Vig5(*H}CQl`9`T#pX#J?Z%=hZ=DaqoZQ=~%RD
z!aj<13>y{k68d#TX`5>O{3sxN@|)WWW8RrQV*J3F3qdgDYQcjgHLGdtGL95Tg<F?)
zq1g#;sIbT$h74WE4hVS-A<o9{v+yu)fh|8is6FZ~Yat9TR1$%#ZDj|yp)bTTp1MS-
zmP>TJp9*LygOLreyqGF57my^@SYL_ZyZLMO!AYH3Tgh}@Y#OW|O)>i;NgPHbXZbrp
zGCW?W^W~=3%wYS@cVQ4EYzo!D(#u~Vp*bnXg(4h14dwECEACl2uzWTVCxWUkal3Fy
z&C2*eD%6_=LvIqOD}q0EF-Gvf!1}y+idH|trT`xF21U;L_DlkXYIv^paK?qio(E0=
z9`QSpcA8hwk>6lIsPzUsJUmCQzOuzukV?avgX6B=Pw8QdH@oZ%@ZO!Iu}}rESy1R0
ztY_+laqok#)lJSPa7z$)Yh3M~Cs*o0z=p1sdI1^vv~jw3FgtS8dU-}AR$FWF%DLeS
zD{e`KEC}jN!JqW>mF`>p`$wIfA=c&XM{2tgo0SxS<0r<^#=Y=5b7ADO6D;JqHang!
zEhVN%cEhxmeqkktXp5xbs{w)nD|p?LmmS~zC9>rQH0ctZ5oz(&e(}n}O`$Z4>3m2+
z=aIYU!pq+7bXHkMbLQ`nW(x9JaB$H+^Jk;8Tk<TX^3h$b)v0CB#zRPE2+4rF0{+n8
z6G_;rs$@(Hi?B4m$nECWdaaCJF-LJ}GjPUr+ygaTw>fC)k2XsB>DDMLUyC*xg50`%
zf>1&wV<6Nicd4p~5G;c-2sg$WG<!R?N@xo0s`$gJibW-bK3y@cpSW7<TUpfXVN5dK
zZ;9c3QiPIQM?)L(Ha;GiNve~wr=|ug%OpaeFXrAi?TxcxIi0}%stuN}mbnlzAW?WY
zA-#wh|8W#QJ2+0hd6~?pj`lcif=^nMmdyzwp<)LV!^q6|K!@;y4vbbD25=dMzev-x
z)ypH38E*tH!%$NIL*z+^XjPV2m7W)M^p<E4gGNy)&YwPlXH`kFcB=q0OYs+$j$ay<
zm<HS)#kgb7rBu5sXBYl3#j`&i&a2Z25K5?@*rq~$7lsE!@H~46sdNvIjdzwPjZ}|*
zACPdENy<<uV0X*LRlso7y!;+U8xK!hL-vF7QnOqv*vbo9;>Q}u5-visV-mh~=rnq8
zCFr!qikQtPyC()H8MiKT1@*quOa~vSH<4EIz`|Woy!&l#uh1J5QO_G0A)n;@-z=uy
zBnI96L9mwR_@PtSBT34*);EHmmOSY?_ij4HD}Fx*z^_OT4#Isu@j#I8)<r_;{bh5F
zXs0%&K*PtgNK-S`rS&8LoU0eLlfA@jUw|^lrVLNqW{`OlVp@Pn?f_fyw}(iK$>xp|
zawN#soK$#ES&`Umy&2mEq(FzUT;h@go}Z#$-Uwx&TW*I_m`d#VpVVb&H|`LS8ytfI
zYKXar{7edWddSIhnB>*#a;|wE5jo~`_|YQ?J?ICHQ7_f?cj6V{KY`XkW!bIll1@+p
zYtkLIF!bMDwdIp8i*mwb^tA;?Tg3VbW0>YYJ|&dp^qshY#!{{Vc!M!WLdun8kl29M
z<)9drLn+FYAH~K*8tKfXz>Y1L!TI~bJouNpcSsV8xHGnTmRdN~3yuB4F*s+bi$H4q
zIH>Nb%xO8?NMC<|hE&DtG01HK?|F4%8<eIDahZKnLD93{tle6_a~3fqM7;A6=C&Ex
zqaD1zBb>bZVIXy5V8)8Y7kX`zhhk}PuA9sh*=08wc4iGX?%}lU+(+URuo<w=jR=m(
z=yf5rAPjNr#0sB_7`V$%_yXam)x(m+i)!h>#~G#spLVK{FBE$hiQ;VJOr(D&tv(3e
zaAXtY6~z+c8E?2Dz$g+v8Qpv7)e2nz56_pdg_ZK)Uw_goKbacFg4$ddk<0un<H!A-
zlGH9zk7O@BMR`GFfx7_f1fhllha&mL#oS^+^EuudYJfn^nAVyX0$#EHS=MBF>ZS{$
zXLt!~%R6-7Si=Yg=)^Kj@!>kUg%`+t?D#0p2*lW|ECc+fl^2Z1F_pr<5@B_Gc5*aY
zwj-Wt4AC>9eNNO)SV7k2`BL5FxGS*h5+C7eQLarT;0Iuc%_^#wR3~VIpsHfL;B@?)
zuQv=1;lQ=8x~r94U>bJ-A6F=<d|Il6l-T!hx+b}3X)^3BFbT4%_bauT<NR5>9o?or
z70@HAmLf66H)Ei-GsudJV4}C8r|3|RjTw50tA?p!9hAh=6j~LBNYF6kX7hSE%W*=#
z#uUA)k^{atJEyhMr6Lcj@??EK`6kmkUGj!<;}_FLiuxJD=d0Nc;_ifez0Rj`Dug>3
zRbhDO&TxG9bmLLov!nvLoYYA>JA00}meE~X6Z6s{_8VzD>u&_e>C^`vQlu8)e_;#m
zdRD^O^<`?8v)2Wq(dpMF7=WN$2g&ebz)C2mNkc{`9;_2IciHh%K@qKV1R(-V0-M7s
zXZa<g9fuL^z`AyN8M&7gLWK8E`KjtIN_9AANTK!~uyi52V1vlTiS|}GDT7pj;7)?X
zs{X!WC+l@NG)8SK+hEN?5!|QVr7AOJhF{dk*W+DG%2WkRXVZ}X#$KmBZ2bD!LZN%U
zC5qOJJo{i5S)J{WJS+I=DlvR5(rFQX-dG*{Z~Z<ks+CJKxman7@m191d;j2~F-6zI
z9}PH`gfp$fydw^O5`7r6zvTpt;!G%af&kXzyU6u+tm+U5{){Vsm=&$7Wr&q>Go1hK
z42q|8{WVJ&!xT)G(5S%b)R5O$IW77}e{0KtK?v$^;XbSg5;W3GPdm<^IiT8$=%Z|n
zSD4o=Xu?9ZG2LHoN)GFfjd4)-ZJLIzVR^7Ko^t(?{eE2__*N%dgq!bAHZL6y`AH&g
zocU}4jN88Ri0B|@vT_b%u+3u7{I^-Hz%|}|eV#3mL%4_4XpY!zacP{8<uy=b+%E7O
zd~__9uR8)2re)9cmP1vbqExkkK5}P1w}ifyR2t1N5)0_P05?iZe!hUBwrIYxSvlyH
zlpB}ri_bXh?VW&%R=r$5fi5)gD3YAEG$HQtDcoswd<~={+Z+JJ>Rh2_onZ0@fJa@G
zx8qVT&0OT>_zcI5{pY3mojrVMTkI&qgPS-<#GUFvIA5Ft&Ce2jIgnv{a!TV|Q`sO>
z)j|*uLV-cVVC{+UH$!`~TphdSU#uSUVeKZ)XPHz~3YXM*z#w3+J1#eOUZEro7pYLQ
z*z`x^l7x@gvD|cxWpkov`|$<RSgF@wiTQ(hOULE^Br2$MV$(WtJ@pFd;rN>|N+AJR
zn--qV|7<r}Ad?RKq(d`bB<#|wM~?SYK<nY?<k?4~7a>U1>(8)DhUK8$r*1xx|2TB_
z5IbHHaU0~c40V(nSy|f#tb_Sd)A?%|Fgf>G!!jl^W~)I!$eLg03m3)}Gn}y!<Yx#R
z%c5nXraiIFtnwTwfKk3%@c327&Z4C>ZO1+*rI!-zy<p~MmLUk_LDwEJH#DyJiy>6n
zG+V<^Ba!nVF`aE$3Yf@tPRL+(Us7GtLbYDOW?n>$cSk>=<!ro+;;P={;dfP=07o&M
zKdyLY?UUu?t#koUg5NF8n7=CQ)SZw3A{<y+9Z8Ux=Lir|{ku=l1D>)83PpSo+hK1B
z158g;M#0m{A+J)(7(eP(*uQk?r8c&g+~XVgr4!EIrsM1@OqZu6;h7hAvl{b~0zLj|
zfG-i$7)Z6@OcjVhZ#c;7T5!e`;cbR%e2x!&8Wy%wMGHD|9Q6ZPu>l-G2Nda;+%24=
zhi<1bISur{Qyl6$kp@+R&blEyxfL}K4k|a&iY!FLunZzI-Df#Z9i1t>N1s%~@CAtN
z1_WW7@2Kz*Q83vz1B8z?Gb?T~y_u}`bg{m&#YoPb=rHcQc}%?+qg21MI*&2S{J&uR
zY6RaJ%MvN;nnj98czdN0LTrqx5&FSMr5oIhi2Yt1#J#CHp}80ljeQ_0z@LZU?bY{x
zg=$yrAv8l^l*=XN#`S(ZMubfx<<22jWCiGn;0gGAY?&;vyr@#GBRP`$sS#%jS7pwp
zSf8}r$4?OLWl__5f&|S5ZYcX*VIKZT-$)@ns^ZWo$cvVI`5H$&sX0>wEy45rJKJbV
zz6Kl<v{a(6#_{iJXf__}z4Y+1IRHOryl@LTkX86LF<r2AZ!Z`07i6hi;^!j#yo@3W
zz9UVGcLWT8A%J|j^X?IC%=XQN!>NN0tJK(2k?@$gDlfFsXQ1lx$iAxl@)x_b2!zp6
zUt)OZNBP=jFd(D<b<k15|C7yJxY?hm)kcnvqN2sAcB~iX1S2X8v<(9Cp4^vR6f;mw
zwiu^J8Fc~o3Ld25LNFHb6E;v1+Ty@nHH%Go#mSr851oXL5R}(;B$SXIi@QTDQ&w%`
zBYBrb06!*;q}8G?@k0C|Dh2|4K&_|xEnzK2wr4q0aZob2p-`J2IzOSKwpzY|54c!-
z(dmCW$7OFsuxpAqaWX@5!wCI{WUwSs4RZ{`VkHeep<Q!lC9l=-+LkO|5uqa;kJ-D*
z*V#Hq^fRZQjg!roublLEJ#bs8r}3-^LCUb+6yR{mdUIir7g~7GNHD?AG$VG*Mh+=D
zcHOL9K+wDwl>`t^N5CKFTYuNn!}N!*^9qicVIB&m08jlZ#EI)Tc2O(XpxtXGOjRCr
zFHUmZ!<-<%a7|<wUp59B!M=MKo8X8mD4DB*GAW8hI*dAqnC|p2xH+izQcN(OYcuI+
z&z2s#$%}+<LU@T>akvjT8CmH@1_F;wd7=+O97FL$CRRL8i+;0#8F`|!sUs7(ON30Z
zq&zl=kH}@B3Gj;BBKiFWEI*5{YZQ0Vc`uPW^(lXwm@eU7{<58o$-7Db%vHP~+$P@E
zRr%BvKZ3KT6;`5A{^bwj#>20<3MBIpL+Y88hVn0FLe@ildtkx9o{coRQ$Ulb%)B^N
zWd~dxjJF+bdXd-{<}?2Ie)ODYWsXR0n@F0L%flE9#nDmybud_s7>;$5@m_=%f8V)-
z5?!`7EH=bNza90kOmZWICIEy@1PE9Hvc159k3fh6Dq{g-k18mXX1o!wt61n9Taqqu
z7*%kIW~7VSgpn>JlWrUBY<S#8bny2Q`-Z_8S<iiKPRATCSmWv6#>Y3<txnRT@QH-!
zk%~oww`=wz04g75L@Ex!J<aCa+1?G8I<LkXYfFU`CERZ1M+R4`rDAAP%s}HiVVCH{
zo}n^>?J<$Fj1Aw;1wEus@769_o!C#<KE$&rYB76}QtDhkn1=D8RxW+`&v4$*h-Mk=
zORn-Vis}bh!qU2FfVTDgNB=%!UzEGRX3w(uip3Cl!9shm2}4(}A#(wVzE7S)fpgZP
zO;Zp<>~6?}s->xadnzCKqjgcnetAeuIymgTUt4GRYV*1!fsSPIIfE8Y`W23e$QwEf
zajVQU)r`r=Vcca^6m#teisxLn1Te5@oOTr01TNUna&bD<?@LK`5H}PBS(RXM(_Miy
z|D6Cd8el<r=hsipuwORd1_aMp8kzoTPbwY=<8}KVBf+sPwMy3DDQD25<5HH0S;kH@
zBM?3;X!!odVophfPm%eTj%Z(ciWC{ca!1}sacaD)H%BqR{{56V!*1IZl3_pbA&fHJ
zSb6`4<27l%X4Dyj(IqVcmE{9L(g>ys{^ET2J=nFO+r+a)AdnUbCyuS(yk0~mbW=b=
zY`pP#vvRYwj1FvFf{oPMZbB-dAoid~ISnQxqhEtTD-Dz4;krCdCts=z(1VCH4~Y`9
z5|)+ns7UfMXzR8>UVY<}BYry1$y+{sm(5N;nTfS!_C@#x<1%L8G#jbaxziVbv7?&b
z{=01Nv+&ZUZXZ*QSZg?RdrE?PdiJ-W!B4U2ARCW;P{dN=p6c|fLJED1)EKuOy6sEp
z>c{VuZmbqwyCKuH&JF2mF%4I&xfPV&?Px%Ljm_|I7AB{53l$*Nqo!TS@OaV_g>Uag
z78CcOgQL6gtnV+&$+JJ`1%|*h*a;kb#Ic%R8x>L->Rv0rMmRixvyh&12uaQO;YrmE
z8a4${++-R=Y}?K6yIrcUy?ZVwh*Sx%S+}4978Z;*KS%s}0?UQ7!zc!He{fF;0r_2J
zirn_#)@Em*=U+2}<32dxjY~Q+hg4{Pt`&LDs1~p32+fpXs`=M|=#rR<2!^&5Xc|hk
zH}N8l&-&7b!67Ku2X!UjoI}q7aFmH-v1~WU46dfc!Kp-P_?c&5VBN%|1Xi!3-<@%t
zrcu2DIz#YXEceIfP6T6L3h`$In1$R|QLi=GjkxEuWn(^rM-kb;(g`G<G-f|s#HVnQ
zY4HA4SX7s9<tnKw2x-7$;Kp0s;za)h4A;%@69=5@DXwfxF6EQZA(>}ZztXK?X;{uM
z09j9%*%&q@T6!?oIY&c7`BRvf0yTaEntT?aO5Qbu*9H=u)chyn>~16oFICpe=R0W3
z7?<%cw)YAO<|J6!Ud#Cn(smq+9OQQrhoUMk*uHr9!54%?F{Z-HaKKS$KDCNhD34gD
z1k?6&P@eoU?)tR5LBHF7cCLMZ)dn;Wn6jH-<!nXRv9PR*#e!HQxMHXfQAfRY!SeX_
z&ily1v*Sx@sD4qlGXY^k;p-iDrl8`*Kv>Ml$ca4Ja~A5~$p&J_(sWP_csjkk4cPg*
zgE|=k(rWMR3|IhZ7wMWoqw!PqX_{gY)4aT$w*kI@)t_ak7yZKT7~dIU4bV734b5t=
zT@dzE9}1OSv0I1yce}v?piGI>O}B#U8pzSjwggSRNZoilH$R8bG|`ALFs`xXa%E*-
zttmahdVn=17T1LNXbT~y=i}sC66B{0Pn%d~b6IOIFD<7t=*B|4HY<nA5j1Py!1@+|
zOR2WdE?bmy9I0Q@C|nsL<su<qehTn9lFEYKMSIjsyR(^sr2gyjeIMqpzkSioIp72a
z3w@B9pPe6c#>a9!62Z&=v^>b>-^_ZiVoj3n4FqFCbI97Q;k2ZxhEPvdJchtJBc#4e
zIny5MxK$Xp^|-+9WViKheQi{*kT8*4<cUu7;<}BOQywmp9c1d;plDn*dHlw`R6wRK
zobrY?MQ9+tTTRjIPacQe&cBwHJH>$O3-Uj8-}08_wesjB1-CER^8Fy{;{21Oj&h2p
z7azWG#tbjL`WFxYYUW~vT6wK-G1ovkx1wp+h@zyt!-K#Tw9T&5wgEJ3y+s}`qcIu{
zFS}hI<u~fC27fC-n<yP^bba5|n0SQBq816}3Y3Rc6?qujmHJ=l7XHh*6q~F2FPwek
zO<@0qm9fq1h4WIPWQr7z8}A>PxZ~_JRo%clDAdnFuz-EH440eyGYb#kCJ`q7j7T#Y
z(B~@@ZOMWM0d6Qz7L}1lLwl?u&fgk#7b#{tTFfH;CO(}v_jYD2|C+`_t5uKeXg^om
z$1OA?B#nZAY?6qY1ZDo9i&WN-VP#^7$ZkMicTdEBPq;5wTkfoz8vIm8G_7X<^|Fp1
z!wucvTh8R{?`@|6L77GFMSNnL<Y<)M_mxB5^_vW2(Aj15x}aF)j(2($efV2U!q;)e
zwJ>(bXKu=RR=AkPq`{$vMrp|W8XVy>Zal>`oF-arD7|jY5G<8tutnS?n<g2TGK68b
z11O-3cg20NX30}~TGN4xEqzFoo_NSHB`Mmnp;H?{ndpUzl`ti|<mjq47FUW~V`NQ|
zITBbZS5!25a;1kcB-?Cr;u0=2Uu_Wq<9>ku%}0hr`aQ45yneHy`y_S}N?ZU`nVy`{
z>T{N`6D86Bw+2(xG9Lz)u+{0&@WQB40ycR{rvUfX=Onl#m+03!5Z;5SHuJmA_gUd@
zn?zrSR=AidhJ5i<9Z}v`WZnKvK+JWYEW-Cdad}|?;BCKYa1(H_;YshKZ@mTlkFv0W
z7Rm9cw2F*k2aG5*`H#`^yoxyK6km%e|2vc5_V<8>@PhDi(PCD&45t<H<8rt%_GKmf
zW0B*E=4ZzY=%t5QGHmxkLfM4oCknr5=M&8q=6%k(^ufZ1|6pg$D$<&M6HY2t2{HV{
zk>Akn@Z^h5d}Wul(>0^~RydGk(R*xGDS`WMmWbN0l?e`W5nzSaT3Fvv-PV*dIN}ws
zhXW4U6G0$|`7C>|`?$LtiGFVP+WY7CjSl-zs!e=DeGf}olpI;==YIR$@KSNDfy_1t
z7EX)Su^RS^V~=ZXbvN^v;|!a^Ko~fji@UVA#2_uhD(ih_W;|zFL2Pq~m7VCOXk^)D
zwNLJgb$2~rdFz(cBS!XpuFl&+_Tt@X0+`OXdVqFK$P@nV67s^2nXR=OHl30ExE0M*
z3BysS-QKjhY)C5@1k69-{)w_Mos_;v{4bbnp{<Y;{(U=B;bWY=<X}21^;7~~9NPB)
zR(`*|C)7>COk>G-2<Uo?v6qGdv!#tk`Zuy*zBcZnAEm3SW%|GDn-C9(1kPvB4OdFD
zG{q>Nl0!H(f)6pEVDdQSG%%CtV~A)$rW~Op(7U<qdroWLCKDZ%MP{(4?@M%I1^37k
zx23jk-7P&xpQbpSDnCqTa#HC3<Y3Nd0^gb?=)0px{{i5cvtfu~o$xSgR7`lDntx#3
zUZJu7Kv@^`B)i{-7yVyt>RSbt@u8VF9j>scU*-l@b{0ee3A#_NhywRa%!?zp6jWD5
zb+^gtW67fs+8)X1_#u8V*6*}WDz9Jgl~2^iS`@OziR6jDH6AYq99W+x>YRo27)@uo
zNC;~J&LoNS?-eI24IETjJp&E$v#`!`H_Zxxz7%3nMXbiy<(F`*&C_g2YfE<^K3<yW
zRXM$6*ZH1u<iY@tVyg`AKuam>5JMsq`)oQ@5!jcRH)&*@l1mj%F6oXZ;{!6)FqN5i
zbY^#9XmMpQt?ujnLK?Uh8oOH+nWmt2fp>_k9jC7iI;aX@FX@AU>v18T=sL*>8bG>1
zwx4B4XSn%5ZSX&hdpWcgV9kP92wHB;mV3r%FK>(c^E-w?q=I~+7p-EEmom*gIFO~b
z)h<a%vda+{Oj;S;LOqnC$-d|rrlrs~gpwHk?0NR-t8q0{82~W{--Ie+o|g1Cv`Yca
zn#z95xb&Whix4!qVtt{Qc5TEneEIODGg#6>ELfr?zg)QazN$;D{ZH_dMF+s40ybS-
z^`P255-<=mcf*vkyeIcuFfpiKe*F<oQnJa4QRpScc4i(oC1ff|R2ir^L~F}XSI421
zSw^I2xu*98V%202PN0E)zVP+Cd8)rwZx9!%VFfI6e?hU4&1I}$%%)y&@Rq^mGH}2Z
zA~V<v@Wj)P#6uT}XA!}jV>Cf)$)pk<vol~Q3_if-v8=rKwG&)bAL9c&0aU>&w)p+j
zybA2rS%6j{w<Pel`2QK}C8#1@<y2t;Qn%%w#$;S|&!>kRF-w9eT!d5ss-|KduA}np
zm!A|WMR1o<UevBGRAG&_8C=R4`vLKGx{{ff0T724glOirjOsPrRV#o|ZU-(r;pYW`
z!DXDhxs1Sc%a+wj9q>lK0{@QsJ`3^cwN~QTwBQu18S<P5SuxpS&uW5b0*#?Y3|ZMy
z!RRI<G0x$tiYJKlMcht25PzxDE#h8@HC+#lr?%wHhyXU17lM9CvjX2S!$&rj%(nVX
zn(Omlw|lfCwu2lV4<#xbXuewE3O8jswvrT0_{N&c{s;i1il&$xfxkHz%pO+xw?tBY
zs=7g`F{dA1cXPz)Rk#a?q$bReEU4h%lw^Z^i|gN4I?E*`U??uxe5IJ<E|qAQ=qnUK
zi2?%b`{y*4R~I>h$i#%TCp|q`9f<18tr~!CbP7OdP17e{xP?J>_q?n_4emB&$|>{6
z6pGPGRkD+VYNV8Frt&Idpmz(}pWxRE6^KsIco1SnGX&XOL<<z6{09RT)p{p2ST^wF
zsw^``=zG?Sf@<&T<SvoN*$W8}Z)7de9Tmq(FgT<FS@PC7MjO_EQKzy#4|uFESC-)@
zB<c(IGUw=~d@arPCfw-HFsP|n+Rq}i9$VoZRUjQ&(vRtz>vUD?8Jv3sY!qESQe{ZW
z(3HH1S636YSpkoNX+>c{=_)@U^{pogo}ivYwBSB2eycGss;bX#?sV}>PgZHl7;oH8
zJwm3`VNF<grUaZ<Cm_r_FHv(wfnMbRI9h<Hz%5<>84|e$E+M100BtZcYajB~E^upW
z#9Hv8hZamRF`CLb#$(7RHcC(^<9R9JA~V}mwg#{5_y2*nR5bL|U#NerykL=Fbqx*1
zK28CkhsP#32i_f31A-Ltkl$i@`aU4%y54j!188=Z)tsWpK5BZMi;<V8;iA%K;W>&D
z>t3Cm(ZP_aEFM2pB2VXy3_Y;t|2OBGKaX;>Ll1fzomXZ9+guv^7%ox8m93NtCZ#1T
zGwXzJFlDd|TYTnrSs4S2w!grroV@V)JHfFyWq^LZ7^Jgs%G=SaQ^`Xn55zu=7O}F{
zLds-H{_O%qF7%9Drt$Pz-wZ^a5rB<KkGpPa)yh<SHV7=tpnY%dHYGw?4RSD~lS^z1
z<P(WO-iQcyCb2)_@Km2I(-LzyI<)Q6X`9T#6wh%lOFeOjY4MS_eEM@0zGP-K)Vn@{
z+m3m_Ji)=#&e=g;t$)j-uRBC7YSEqXtiCW3sL^iVr)?nS(gRd)EmUM`4I@y-k_;<<
zU;ny*&tkR3yh6v-0BVLqviZa<s32u;U|kIM9wts0zsp>1&`we!-J^1Rm3QCcOGN-%
z;2N|aWyz0crX`7<ho@f?w8IR0Xi+s(?Z!Y6!=l8jxUq|mIJO5$IgnXt?r_kdYiYjk
zhdbWJmdjvM%f4V=&9|3D8cVVXNCID_S*P}vAfXK>0@I<Wp&gwcWCYshH!E9lPm+xV
zhrbAQ5a;SVT)~>$+T(Shn!<yf=`XzW%8aiNz@y7sP90C&R~zmQ6d<&g6+O-c?HdfK
z<=t_vDkPNPWVRcClTh$NcHl?*;JG>S=34L-SIZ5?6gbD&<{_2dNAwAkYsdvYMnaV3
zPU2&cf)g4>*w)%>L=eM`TBToH!NpgvUl4vvnH|lYeiTW`(1lV{KjmUsDNpU~j3afn
z>CZMFFFS62?Qb8^uHghA`QB!=Bax3&9}*E2?OC`wy<T1}`&7NHCy~`!SC;fVPCnH}
z4+J*8f-@CcY(Of)eNX_CCK|-&_diSi)q!o%&c5W(+5hkd(;NPK>`~%}nzPK7Yt$jJ
zdlSMvt~sko4)KAYaS&d#Gi6vp=e{IXpx^sgAogeUnQ)u@tQoYb5Ar_0C_!fe$G}93
zmUv))FVDTuE=$rjDKtWk-iwPkhA&Xah8+&MLte+a5g%ygNExe&eQ5zLafJDX$+esz
zgg?{3phC7-d5fplk$6AT{_WLN_iG3r(0_v2n1n!Xr0EZNbJc2VI5q;|u&V(YN=<rk
zLF|xu3stn{SKZNSXrF}+Jc$)#_DSLmlo7PD2%0M$W7ZBVXLnB1%^VJ3ANd883QdsI
zV>vCW9{>}}MFc?k)L$yq?NwU}6<}t!!m1^zSq$TwOFb5VxD-7a(i{*#otK%pb^IJA
z-8kOgYVb8&i9k5knGNBUc_|;)OsSEZJzm;iH5USp9pV~RF=_K*stu1J&j)mq?&GEo
zrjUp2fdcOlBcongM1<UCUJ~m9*2{uSdebl{CH5Hp3G$$lM)Rl~We8*ulykmOAFvhJ
z$y3%#a~?z`4jtWs+S#+wX-$k!xF(5UiCu3Fo^-^lC}H_DK@2A2HM(Qb<R&oO-+ZMK
z_$!wEIez}`a7XL0c%}N#KQ?ePb^<e-Lp{{}uN)SPL0xjBURA`1&AsPB<5-p8_73kN
zMg8?~Vmm)ib;)p^sEq7;)PIV$S(4(yvjV!RU;uTa`MvNW=_Ax+uXuev<wZlqQ<Cc7
zOa*87#ZDO7%kqQ8s9lH?q0?%3GzQ+S>Y6uutLslu3<^*a`8mdC_bMq#bH4|?3S@(8
z4>IIrmVbdhmjfF1SNS6Nb8z!Y!OW5Sp9Z`MN4^hmdIX9$OfbRAMJM0k)Y(QbzGzw(
zF~+>>P7rR-2f@1<Y8>F}N%B*K7S>IEpcY%i1t<2e+x)5b3YoG#;wpZH2N=&jrh7YY
z_}`o~_s9<_!$2Ni{E1SwZPGi4YBa%}9U_$v-LdIB5nzV2xkx$*qaFyf;%J6`uIx4d
zcZ=|)qA0wH&+I-~P?Z^+33k*T7+CDt+3WD@gB<N-auaTLirxbT0556Ki_|9re`lHx
z<0vGk&PzcX4_0dmQd3W4n-d&M7ieNo!ClWWj~D8pbaM!1=)^(|<`WmUU>9o5w6i5g
zJ1-`_7Cj7EZ*H?Vmt-tjnJ7msv7jqmx^pG`*q?=ZW^jks4exWjX^^G5aME+}MGH{-
zGM=sV)yPEmrke^QVwgq~c4pR)YfIjbeq*y({Xnbh;sn>gB^XzlM&&a69%K(QPCHeU
zYg3t{IG{Xj{Xi*vDVtbe9-e{JE-lQZ4g2S~JtYSl_+aqnPTL8B-OagCdX%Xm3xw@g
z)adyM2j)8EIGUSos?M8beY+|K64tsn?#I4Kx!1<&Iy!LgL!pTQB^~#A{tzwzXXKle
z7z&*#?S_zAx4#di>?d;h7F4+XMW7vwHhvtY#2_vI%14taDP*1(@)k)D9pMhNNAcuj
zyvFe!{|2Uxc+MX)4Ty&@GX6`aLcc)Q2$$$`#r`*A+cpWo>=n1G4Zwkq?v82PVQS1H
zFYfv4p5nZ9PN0*Y*dsY~xe@#A&7-uPF5Q1?Fprv*3#j|i#j_k%#a<ns?!sn1E_AA!
zRnXsZO3;Tdv^N5p|3#xeQF<WsxEw(CfWsEq*ExG*;Nw*KVO`gm6fUBS?4*kOwz%~H
zV-CItwnivy8~lC(;kwti#;H`r`INC$o__EdGVJ0nW7`A6WD4B-pfjPnrdxHL@Txv+
zIqxMQhFXp;%<WoJ52+CSl<@A;H1G{4T~No10TH+1s=)w5p=DnV5T3PXA_X=P{lEe^
zjFd!syzKzEbaqp69h=jB26$iLKI0!o+#0_ZOnE+?-}j7pm!N9p<BBEYg8hW>@w;Y$
zzpkX5I%snV+e#xo?_!d0<zs8Hd3Xer;{ZQ0u1V5iv?cqqC%m^qm)rU|Ayt>o2-K3q
zu3%*J`D29EU!TSa)Rw9+5*jGHGLY0iH~|6n^IJjCX#BQ49ET44xn+iHUB(}lEy2}Y
zAeD|IdGcWa7>Jt;ZR?+AgJ}lpCZLprS`p`$J7Jt>ilS`_EM-}w=>i<nWY7hC*e3ay
zTzQLFf8Pd8S$(`a2Lri%oy-Hg95Gb@0l^_?Yjw+9qIZ*iZOnQ}3PUAqL&;+0RPK<k
z$<r)Ev=r5F;!4&9xAd7i8VITOw+9b4EBK+Ikn}hb;`YZBCxk*n${sc!ZN5F|`lG27
zeYVZe+z$N(aMvnIZk!R~Uo70K6l|H|e(lnw3CnO;<@Y>$RT%V8k2vOR8TZ;zySgiG
z)FRohJ^^^^uUaRMIz7;Q+!uVj0RXVQE60+Cu9Yx8;5d4ymf#0X1)^h2CgIMU05_#P
zKaqm+wKh3s3M=d#X%yt~*s!@`<W&$t$a6ngQx0FU{?SM{2~8sKkL!y)aXYls%MLZd
z0U6ex_PUXgfa%p|C(JLENg6bD4<gqEsKp%(T{K0;luR^TR3#RT7Ax)f10r~++{`QD
zY{WR2h=o{YawwlB12h<W?ca_MsM*$ca_&RvvQkJJokPEh2$=N;lutd=#~X2Sc9qP!
zsWe7aAO&u?*m?w{HOk_;4-c=WLt^E#fNXB=Ff9f8cnB=bop~y1u$z=M-cFak<+CrJ
zgI@#1Q+bh*JTfnh?g-2YMQMa{;@1}P`cU+&$3Fp}zuZ#+F6s#IT#MHXJWeHR0h~ZY
zsQ}6IJt1e9locYdLPXI3T=}}6reyH#)C=uL`z`iW+h>YPLTB?!6DU)>VX38X6s8R1
zf855QSdtnGZ^Cd|@qu$lsRLly7Mk;b5jO1{#=MJW&#cCu8fe4@8mil5yQJWZC3L-|
zJVN!WaQ1?_YVlhqG$e7i#b{)8(jYUT_c}jsKR>^TVx^<X+jEwb#hY0=@~@g3n~2ic
zLhXRpXrAJByt>$n#RRE^9tyhZ33zu?SHP}|l~dd~yVJ&K&z{}$Cz>hV7xRK$XiosY
zEwxsR2{e1P;pIf2%2v#aH-l@)j>we%4hWx0Kc_W!+=JYXd#!h6>=@0Z%7+^P@<k+Y
ze%`<DMRp3FP_Q*ZC)x-l8Z$tb<hKgzhQty`yF$mS{1t;zBR9D%p`(RB4GMJmtb|&v
zS(A5xf}VP-Zuj>0AlZVeH>DsPl-=j7-M_+4x5s^d4+<*ybdc0zgY7fC6ML5Qph69s
zD)9^G#ZSg5>O~rLh~Uwt7npU%<@f;<)1aRr7ZS}O37s}3`i7cMb;>ff%5S<C8>{)!
z(|Or{r&h}up}Mo$&@I#pc7(Hnl((E5wnbFJ<0)x3XcP3Gya?xM3UqAs<=(P~Gb^SN
ztj5^{-Ze*Ju0j@Ekw;jOPbQJ5kr@h_14a{RF4Yrly&#yNM=#R4yZCLL0glPjLJa<g
z$D9PPO#orj_|rM}Hg~UJM=el-%!4|ZN*BrkkFYNn=lRi4N8YDU+l#=$tLzG=elT!;
zrDgy)y#T=OBof@#nw{XHU=Bf?I~hC)gCa@AQ;zQopMyj0f2Hj*mJ~mPY@c&IoCiKi
zFag+0ao>PzofkYndzQ;&Dk;Q08G4L*j@3mifpD>)<1U+*B-2WSgg=+p6}M4rb~P~d
z5rCX<f<(?F0Z29G3O{pm0^_nJY!y@NH-Sy5TiqXW`Tna_UG|1X`Iq3codIlN_sBSc
zu=YBL5rQUl$m4=AKRpX<b1G|@^XD9(t&k<8fIwQFGA8$wR}O;#d?OZ*$*Sh}vk!!B
zo&*jg59|ZIa81I^jY7rVEqTL!29P_5GLGxiXJX5wc8VZ!y)t%(51<5tEp`$|6qfna
zGgn0WitoeR)j=(>)c@WTbx+&!D+MzbnJ^swNg(yAlBHe}<)5H0Pjo4{ZqFUT9wB#k
z!I1Ewl!)^tt7$W6;wReB%Q_CVUVxav^TabNr+LCt2QU-84kk87G)T1R$Nlc`32(U3
z>MlJ7Hyt+sGk?h_Hv%>{&pxt?#Ry9SjWf2yOL>9|%0~i7kEZ|ZYKybL&qa__l0ZS@
z7t)SjHBjshDegiigRK+9yg_Ve3&LjW&R7n&Uf#Xt)ahhgC|hTiWs5DAwmj#g+G;4t
zwxJO)qZR$*o08Rs@yh7bxruw<mYEwj03ryIpBblD^u`lV3sDCf;y=P9fqQ<a7A5Jn
z)`X5*WE?=0{9Y^rMMY4WaF`CNx38#ZFkP6;e)%LyjLZzQnFfy*Kkypm`5dF1!g~vP
z0|>o>NkaAyAgE}dQ!17ftAuZXI}cYl(C}2%A&bEZlqel%U8_%fc-n~<M-jhk%WAXh
zR;SX~gvOJRW_2Y?q5efH=5P7Y>GuHMo1KmAqKnV692m-~fDc*wK~$(y)SENIUOm2s
zeHi>2k4!`XLch}Y8Osb(IRz=I95d|#pnY~f1Iu*SbvE$uxb3+)y+}`@#*n6P7-beV
zfR!c!p_MoF_7X}wmzM@!*D>ro{U~-{SZ`BnsU5#-0avHB7}}bWl8SP);B7OJ>?6gE
z4_m8dpSt`t4<*{lR{;*k0zz#{Y(hc-AWXfNyJ-n~_)(fOhmXY=j2^-cyJX!V;$~UH
zPSaW$LIym44)XdxboUR>sLzfNxF{q#Rm}7-5b!8TyTtV<_g1FLE7Y6AL^8FoD?(b%
zer@lU)lHLAsQ%v$PdnzW7MQLJuJTS4?QLM4J<-}CnJ~kd=zm+ou;q{4#ev@P3fVqP
zhhz((nI%a)dz`dv7{|)+e4m`bVsjuZfvfC)wWwIAQa#v~j&fumV9j7!CAo?P#CQ&&
z2Xzf;$d2REE@Q!j=>zcEBV#g!mBY8Ft4_}6zS3kQ*l$NOa4Q`cY9wU9C_6WuobN1b
z#zW*l&OF=MPpNq`uF|czwHFr@2o9TN%<ptMOC*8l>665CsrOiJy|_uMri6Ys98x}x
zVc`bE7huEM*f5HAjMZ;Ci`2eM_A}6rr2-qgd%cCp*L&GbPUU4|31tC?Ja3GT)Emml
zSSJrX!|Ra!f%`3jYI$Pp_w0)^tEL1ud)kVzXFU}@RbCH(KRKsWkPd|6MXoWvLHgnY
zl)>99%OSKR)?gy&$-n#D)EAX*wIv|pbtO-1>fHi0AYsG97`(^WVy@6^qU^r)DNfI*
zP$GJ+aT7c|2M%A@lpBRgrSP%ZGo}4HQYCRc9HYFRmEsKvHdbl-*G=g$q1=wNMIIzq
zeoN_toKi51-$qs6It`Vw>n?#**RT-?cy2_z-HMY%M9<=(gnjiC`eoytv}Qa`1P52&
zm!Qa#c1s95{A=O5HWC$&Rks~V-j$HJt942lA1Smutzy0a7yyW`OxEp+lnQ>a!%I4c
z)#5)MVY1N7!Po~V(*ncM)QvQ%Fv7#CLfRq5PGKD8Wvjvhn`kwO&W~ADKqUVMtyuch
z3Q4}*Ec{h^u}-0gk&A9x4PKmR>V6>C2u|xwkxO2q$CnF&d+6Bw3s!^MM$?S;y5rDl
zWFT;Ur_FQ+3CKh=i7r5Bho6HO=6hiVX5^o9)=LhZTy-dH<s+33N>}`^7u5Rdzj=BO
z)Vqz;kP$jIh^urm)Bhd}@`C6>V&WMxs^DZIP2l`s8c{%>BlX4i<L8}<T+o<|gnM6B
zuIJ(ma}?@Is><o8h_#Gmj*Xcx_olj42Fu=?k``Mx!LQ%VVkT&vc3x3zl`YmYJ2c*i
zu!+h*U3nQ$z^_VPJ?EHJ%{wA@9o;6ytjtqMujkJ?#(;@W`G_B?D>s&{OxiJ7O9#wJ
ze5g6}s{i|tv7pF9Hr&Bb9o>yJlOFHdordY6)b|>u6=0p>Zo>CLQ-r?NZ^8Xvi;u49
zr(wE{ntNUz^jk*nvaZ!O6}e+AA*YybE{8Fl69sQ_Q&T>8SbIcRjcgPKikC@0yr+}s
zKAYMWo)mKw-^G%wJ_6e7iA5>{jr@34gh~LW+W<*HIrG^i=Zv_VaRi8lEMB=ME_=A_
zY}+FmRNkp(T`#jOCk&R7vIL#C+6?Q#6z3t0joyX5u<ukjJ9L5q@cZQZ`qaQ26NznX
z3^ru`TPSlbGI^4!|LJjafsA2ew1-Z(aOD+i7!jF-+UiB94rX6XJ{IxwA>-5(I;$=Z
zTl?g|SRh#mVMU{(Ys5?H+&m+4K}Z*>z3fyOY&vHj{gICRdY;>2{pI(|V)Lx*BraM}
zAKFx;({nc;f4{2LOW=o1zp=Bu^R#6~KaRYOKwvI8bY`cd^wS>THIfe4sLbOddm6Nw
zuepqZgIkr~los0PcbdW&x^X~LIE|D3QSEu7NY-JlXyO=97%1$q<P9zTPZ!J@qjn*x
zXxXV+F%WRG9$&liRDSUls{mL#ARU%6sunVLDhprDS%E7Yn23U)=Rjk0_PC5BVC?@#
zJ{}sieX)JhdG_Elfcw6Bl1*6LhB8M&>=mi~Mi*2TjbGc1vJJWPPAcN)q$zubwKj%9
zvuNb&<~MKue#i6RoT|(jg&E95lIYL)QlHc@DbnqdY40VS^5WiJnxHl7sXs&rf0<8}
zhbGH&TREg%s5EkMH>WZ3`&m**@$gf9;8?DlS6FP!zCo*Sjjv+yCjd^mO;nEI<gb|%
z*7E^hBPIDUQa+ga(jYoaW#|TLzV|OX1~Ufb!q8ZK3C-<4TB2ks3(R*AA`uq%M0ZX}
z=Eh^v)u!)B!2Nl2{pX(nIUGhNLkVzZ<cc(eWhrcS2%eQNdIg?4S|i!L`*e275xkEZ
z*AHWwh7+wgLX*h*4t*qr5AhipsRV+TkK^OKFe7i=fk!R<pfv__&{2HUDPSgZ1;DfG
z(qNyaIb_A&>^tnhL{O_#PtB{NQh}prj8#{5eAE-)T1j5Fn`$$hpy<zzxa4GTwu+cM
z1uL>Z;%Rnr8CgLQ60tecQ+G8Y#hPp=ZJa|k)Wu}!&CKt@L<8wakXovv#<Fy}hMpoB
zNDF11?0E17dH^L59v+8_LycbQfHk{e#)-ivPpf06zy-@ZRpwu>*x60#um8#vW>_EC
zxzHwNOgZ8sDXBOhe%o<AnFhhpUbAo>YTL2x74zf#=H5q)OFuEw8kzU_K5@i~ECQC6
zTs^Jd#S$(e1l2gSC1Txjlfm?Z=GC3^Z4OrUS$bx<Zil!Xr!ZBPYlALk7j@8BldpTg
z#%ySX?kgFCaB4E{B0uj(CyF(!Cvb7-@=g|jpT<*QBZX2SKY_q7<19VH<wgsX5<JQ_
zk*{<eA+>pBE8*N`J5=qzG1YhT4vCYnTu_!5w*YUQ2;DD%y6X_&24(5S{3<M77S7uC
z4b4tKrMMZeX@BFIB?U$E;C1iu%;WlgJL3F~kzTQ1ptzG0WS(Jeh6#2XjB$zXH~Nwp
zX7}QQTj(Hx^4%R!i3|{I>wAm%zq80vevR`TioJu#<lE|z?jQPN&N5&e;eJ8j;=tR(
z`mU<^OAnP%&|Or}p$k)~YC`7vbJ#P^$d0ye=R~UDcNzDj_PX(RkY2SSj!BU}seNrR
zO>?ivMO#^6G|XOM(KA9iMpyl3&s@7z3U`*o!}S2dtr3~7#2^0_Jb6K+3iFC^`=zfG
zAM2VpLgGhJ^am0&!(xj~s&nrT^=N|-ej6{eB4P7ckWQ@kevwZ+tzFJVmV|lk!n|E3
zGKFS_LBSytLm*~SrL3P8Roq}7-cB|2SSa}miTh=!<)Q{=Nw^3aq|?xzg`RaNDmQU>
zH&MNKar2C%bY~H{9zq`Ll8x_YbG?RD#IpIK(2BdTPle{0*jy>keD}V+uE~@;t-!l2
z<_foTmEx6%=OERVqozV1f*=^)4E2;ezofUkWKi)Zj@u!o+BsUpRdoqm^@%_uEB!oO
z`#g3F&)*2bHCQYQjF~43eQ<6GENj;?-!85svzzk!sCF7&^*Mug1EIeR*MDX@i^Yh@
z&<$dt-~$L{DQvjS70==HU5}s$vH9>8)i&8%pD-3^@J8_mYdvO%3UO#Yw3D2O)ysV-
z!dEglnP{s*BrG$<(D5D3brtK(6rHIFx@O}u;<lZ2T&8s-6;yENcG&HPAS0<n9f2|V
z2)bcg2Ed<3=+J~9Q|ROmfn7z2UU%EvooN2=(ZG?@AqG!RdUU?(=%%2A6%$afVLB(U
zXY^nSJ2d)3d&&E<{0yla&a{kFRj>|N@^4Qe_c1Uo%IX{+zpTa&c^j?#B@S%(-uDxW
z;_})7Y5NOt>x2CZRHs`!#a%^jYEx;{7=ygS()U;Wwu>;E<h&+td-)mm_=U?-+M3?(
z6aExJBQv6;U5NT>VwQo|tC|a*d|EfV1{QpJj(80}FmPLV@4J9dv-|^>V38Q?(F<Ms
zoymejlPJ#PIdfRoe0SJF4hU-|oQ3YJhJl}t2!o)c+uHse=i4(nca&Of+E&xvJ594S
zgSr+N^Gsq@7R;0*(KdZGCF}G0$Q6pvvM2+jpI49>fnn25b&u1n7JXC!1v{pGV1;$=
z*4W?#Y4mcK#ov#C>o6SNSV3hQkb!A0u5`2J(@qIAWdKn`(OGMG{t#f?hngP)9)$ZV
zNT`nH{v~aSq1x}X)75h;jQj&O5n8}5STz6_fmon6UMwv^0MYNYdF84R(?@UnT~mB!
z3jwe$`dONsgjJ>#9FVWscS@?(zXT(0vQVxQj+g3)!sk6L1kpRdESep)t+RW}C(^7q
z+RipYON>mj`!!=rIGcd=|IiQd6HCd0P90iK6eAHur2@Rx=}I??gJ{O(`y?!N4W4=t
z2ZQ9zl0J+zYha1tS<gFKGCumx?GX-Kth5vFt@W~8ZA%Fp3l6ui&lY|>XX1cYl)Ni+
zVh&>E^kII4tlwb+u0oqohWeIsluhe?IP<oGe)cd$WOqFiP3H$FA6or;CzpGN^MruH
zJ~0C3lAj%!9Qx=^8DSsFVXE_B@ZHKYiV|o4DwB*(1wPm(kLFPm4oLjKqF&S$#eJ6b
zqVZtuxSgG#fc)cX9bo*`C}f%hPKU!_iGz!^REfIsa=#1g_A^c67#3i0B;HA7Rwbd&
z`*O6~VY9v#E|@H*fp{J+{tw+OPYV`FN_9H>YuLRy$}5H;s)0N=#rzc8Nirb`*zv@6
z`gC6f;AC9c`m5m$Rb?<-$lUgWsAA<a5jw0t6t~LE@~h^>(-=xO+7fn=!5SQOt54fI
z#^UcGX#E=fs)cITa`o1}NPbffz|ntcMTqE`e-QRWS2%$$^ElxItWA0o=C!O|TiOoH
z<1R>#PmeG#mw&-7oF+CKUW7%Xm~h;#`PKN{_H7w5e^?ti-a)+Uo%Wnv5<E+Zd8vBU
z`=WmldDd5`L#yqFMoGW;Mq*AnsXxWSqU0Spko-MO4@f<bKG6^S1WijEU@EBw+k98}
zB8EFB*BF*Jhn{@v&_!H%aGWOOLra9VC7}JUh+2i`%!SCKCsA(8*#=fV;ReGK6#e$X
zFxXFV620BZDeow8bIiHVcc0nlJZbB|a=~79d^0V}PXj59IuGBn?Mlz?n2bl(Oq6m)
zQ=gKZE^-r{RJO^`1S5Ny^e340(2hVM&Ey9F#&*PpBZdnw17T^RbH#q-?{i>Yfb^<O
z7Xt_1gh3-G=W%V+N^Z$ATxNVZl0~2an}#N3_A)7_q^>9Q4|jislnaP}z4ewEkA_n9
z=%e2p@y!Zki3kqFx(7yfvydIKBWDJ_nUunddBT=$IZwL1Z3i|BTDN01(YH-b1IYKK
z({^{^oOdhsv|?1(UT)RcuNtXTgj!0(Y0A4U;<@B}QgGn+Mg4=wG&=-{;xv$w1sXDU
zisCTAS@%zy+Nmjh4C8$agLgp}mp<Y2tE%c4(H`XH<(6!BWl<!vmAa+b=K>V*Uu=BV
z@AU)8hGZcPK8Ny>-Bm!Irt(U4dnQ*yI@!r<TD}M1dAp!GV6&@9dS_kqMV?h0L^(0n
zO1-#vkNS@7^p+rS7-2TL6^(RisHCw<IWL)Q2|9WDQxVw~Ql?@rM-Xlk;1o2Rz_OYg
zNQ3){*Q!oR=JF7Rm?W`)#YTS|q_B_IrIU)YjBb6ZTyyV9(aj(tI=<fql@Gl^?Zt)6
zawR6ddTmm>lS&-&@@<CP38p)ivJF;m!7!%Y&mb&YxX2#kg5sFhZh>@@ADZTyTdGO}
zFO_?~j2p?xUJx^Wt2a^qHw)6&HbDG^i=5kpe?87)8JyqES5H#4R}Rm(!TRm${85%W
zSWHXaYSKnbQFHwX?+U?UX!1v3DqH=a^U3hU9yJ+G<Tsf8Tow2@C&EqE%tQeOdH{)X
zPz8RN4*7}Z@XE2sSb&|56zBnj;gM=z)UtX^uR1${rWNPIR4iAqj2Q$EJ;~5bAp=kF
ziEHzLi_E#O<twN0CIy~)e#O{NvA*`9spr+oQNvs!tRo3A5j#G%*AiG72sxN#p;qE?
z<0ZZ;Yk6MEu{A3KL23BRG*`^{R}L)P%Cx&ZTtqW$`rXXWlk4Ia;#BR~>I2_y8g(vi
z>JvQ6sNQ8zU_NaE%l86HmE{O#H7{>s4x0dcRLVQ}U>>Zj?Or6!x0|VgwMA&UK|1p9
zv(!mx4FMV7&Zqjh6C_7+zL@}_|Bm&s0kgGlbohAg8tJH7F+;f%<N6r2;1oN;DF87*
z&cE?%s$F4OKx)5Q(pTNwo-2n5E@Cc_21s@0EYro)ngT=#hIZhLfo8j=zy^XLTPY0x
zy=t88U{vLu#JMJmOCu0_g((&-5*^@{zdV=kN+&$+?qoHj@}q!0(~_xZa`xF#?MI(Q
z2#z8Ny0MQcwLL~zHDi@dsqjI?-Tb#3a3|O&b7w_&cmxXxFMfku%b7wNq%AYe+ox6M
zssS&SBw34HKYD#f&D<2X4!SO}FT@!;nkbLHHj#Y#iP(B+)ak}mTG4dVChQCeGM*O~
z)n#Z1#G;yW$#w^Y3qENd=6~#7$`85?)I!AoRleozq|tA!Np4WpOEWLNmOqUd0_Keq
zs*1!55__?LNqccMI_#7~M+P#2dukNaL-}`3(al#}{Mxn3stGr!hkaE-8S(;!d{;P@
z!J7EPOSU~}YL{%7`Fygyq;k@5OphqUPGu04(tUx{Hes$vs~AfJJM3$lYD7Kf0wd3;
z38jQ3d(qWgrgGV?CppH%E}Z_<xW0AH;`=Xp%xgD3=gkbL91)S8{|FbCUW&kNVj_d!
z7Bcy$yspCu+&YC80)iv7ts^Lo-Zz4Yc~_`?PE-qOqkiWT|MHd~VP`o#koOWj!$mdB
z<!mVNNEU<E%vQ6VbWd3fXfNgg<qyQ;a^K;D0aW=Lz|aHQxHAQ$PZk;Cp+-4`S}KOM
znm=d3UR15NjzA=5^?b7<K?MQlh<uS8UwUgN*KR~o#7hm6EeqPgD2&R3x*6Q`Xv$h3
z`Nj}@pz#pz<V%ShV!ZpoA1c1zVaX9N#};Adn^kh3yTJvBuhOL+*S{>TNtWn-f-T8V
zfCO5X|FMayaZ8muSxQo#A2?S4Gx3%7L&~9mO3Q>~9Vk_|`*N8&LnU+W3;7=@gL<-T
z$3Z#198s0q3!cU1Blt?})xP)lcSPM-p4OjPTZgDM`TRLPi?01FavICqSsE4zl(|Yd
zTj4?lS|=R>*<G5wU*B5f&*hCUfTxss1Vu_!zu~bdLHsYuMIm4QeBMY5p8-YT)SVw2
zcF0O=fwgiz?5vUod&)rPX!U$3zy?*B!>2AFM$;$pm{S`!9f+Zy_jA73qyPUw7c{ZI
z|14s5c`plEWCw<&&<`y(LY^5_eheepN0jT>8At4i!fnB|*{g~KF_@nvmY!@a<|%jZ
zU#ip7fUg+c+F>Sc`53<v7#~J>S;iRv5EZD0AIG=C<AR>E_N)cy#k*aLZ*?a&<`Vj+
ztO~n4yND%kqI8k+prK9L!J(VcX_t^J0HNo6?18D>%-5_#^eI4nq~$7s+QS9kFeml9
z4%^>uN#I!=bf*kK_4&D1iylSUzV}weKg|m-n<dwPGPIg%4rg0ds&oHSDJJyf=9|Wd
zy=^YzemHZvys5H$Vs}B$_R(oi7Ny}I0fUVafA)qCwOVPUh8*NAT&!d1ohYcav3bNj
z$_>sY#nz1iK$+**HM32n1h;wfCJ3HJt|vDsuWO!V^Be(DA4V?S`QF|=qq4nB7xxHs
z0Exb*b6w{R2v@p7#XE@#tNQ676Vj-+f)sD5fi9<vOH-?e<`Zt|rUkrj_0xgccQ%%A
z3I+e%Ir+U&72+i(f=Co?IsU1;8*_lO&6!(0Nd8TclJfoza0G9$;8fksmc-`zyqr?R
z2+8&Xr+mr^6=w}0RT;m1p~S9>DYMXpE2aUXMGmGr_vCzR>u)rnsjVdo)?fxi^{Q(L
z5h@XA=FZ)_It=`F89yX8?tce=)Keq^ZdaaG6{q8qxjs4EtUH(hcucWPOnK70m;=M8
zpVNT`-QjoOy69X`q#FSa?$1~U{(GTpH6RXMrJ^}UYW$sUCiOL96U&rPj$Ve)bly6i
z-E2Lq6AOs`DTqStEa`H6Ahv2B_FgCk8w83+Ln-bfo=ApnmPn>VtK5yzXYVLwPZLg{
zi*z`QFSWR_?u(6-((oHHJD?W%Zpn@W17i@irAOk^#Nm4t<NGCj1~ry?sqk?!D|s%W
zyt;j{hlJ;VAQeG6r^LR-N9KTPu9j)Tyxv~?4{M2IC@5~zg!2)>eljHnXrc6Qd!Ix9
z&EYDbbO)dR3*7txQ$xta6vTpXxg;O;*aiz|mC9#I?R{ZH-HaOv0`CLKyxV~D<F_2D
zM#X?HA%9Vf{10yQ_Iu*g09-z{_$!${?*j;4yf*a?Ip;hLglt|YIja67;CCF2zd0Ap
z^*U&`d#X+XtQwEsHEd_sJ4xjNfSiQNS;hb7C<%p{&bgMYC~Q1{ILr&N1=h=RXi_9K
zvmZ7vJOU3O-5$lsQdBQ=vUmjx@t^i@-e`J6t9X7O4X|u`@?)EN$9cTS*Im;VOj%9}
zF);qkT=@c84bbe`t)UoB{Mb%;o7N?Q3`64@o`DjXXaK#@N-Gl6PJ8?5Nqr6$F-&2;
zoTcK~>%wB&uQ%-bU5o<>WuP<kq1bk{y%Qik@^R>Kzw{wD42YI_<|HQv%>uIMsCpwp
zF9|HdbLq3am6pYYG`pZ=kz{<vObgpFacWQa0W%be61>Aj4&^uyyyivb$z^D9_YRN7
z$Rl5}<G}sTO1L2LaLGSWxAFYCV2BSu!AW&dl0q>|ieKVsjD}<}`>U?RKTvE9lCY?Y
z0h~mPJAT#R4X~Gvj40Pb>PPY!d7e-GS$<n_pt(|U$D4C2vc+CTOn9F>JQoXbFn7zd
z8I4B(!WMF)d{Hmdvady&683CaJ54o<M)(xC28l_FrSgh1Ugm~WgmV#|-LEVK)0dsO
zOz0qt9C7rc{3tY<F5k}G%x!-=4;6mQD9Q=ny?lXKUaQ5^Skb&mM=T#Q6rpk&<i^In
zDmWUm?g}i`?-DBC9KnOK(tP5tLtVCNcSwL@YgdBYQ)Uq%P8d{!>mki0P`vR15mvpD
zn0F{F@)x=LEGI1cFYOVplb`>xu$v@{wjgo*qth^Hqq&GlUo13LEEl>C;XCrjs2;Vi
zL|k*LgKQl`umE2fv(4}BX?<v${>m8hc2(2OT~7U?AqET;V$)=qs5WicW+xQ(eS-uV
z&FqrdzHp?tTTLGnaJ95~5_pBFI*MG|@DwCbz3>d1J^B7fIlr9JYTgno0_TpI|M3Y&
z(D4Z5pIKu+Zg+&;v&djAj^V><yxd90#{IpH>3OGfBPQG!-M>^HRHJ$~)E{@#LdL9L
zKtRK5ZYw`3d=y+ZBZAY$`Q$ft9j}HWDsX_XdHSh8xPHOw%+3QmX@Ky?EmDZLp}=o0
zd>resQ-78sWre&SSZ}ia(4?Z%iFF;)H6j{Xz@e$=8~3y*XkcB{7uXFptCILCsDe*=
zTJwYCwvXL>(+Bx$virrkmc8u(1mos`GTZ6cbF7_qM7DWCwSEhK5oTvpm%90H{SY!e
zOa@_ZS5eUVe1``Z%W%kVZ-^~995tb#PUCJGIpqM>c)@?Ccbb!>>3l%ofG8+7ZMvXY
zJP5o~aSkt_lQsFC{!E0l@hP0O=4s;cWv|xiM#w^U<Db22ZXll=dCRC)H{}xQRJyM1
z%#6HCvZF&f4!S|;Bjp9GeLW7~UwuA;&G}&1rOt)DV#n7I5X4~Nry!FZ0wM7(^fuDm
zdpR4IhRy$MOa_iRnf!NITh}Dw`~bOZ8ef|NU;oHoFkn>n;IY0@C{M<XU1v7{wn5o?
zP{^jdw`AgBD5Y1$dtU4e`1q<ot8j=-moeZ(P<|2U(`a1%cX(UXOX&(HDnpluwf6D$
z<RE1l_@`RG$ABIAtaFNuX`O$(Mnn&pqr*qdISl17!R7vY`u*-Y1pBQ==>a*F%~Ow^
zCvt*BBvb7qJ-tHv6{|2oQV-puwrPipA2XeRUF;TLUt3Ktb0+;kg-N?O1M+L!KU5Fr
zsm{6OGn@Lh(>`kgx7(H23L4Me|6%KjJuE2BKPq|YUtDD4DzTV_;i~tmvlb(6t?trj
zury{YOFl*cYQnZ6ySLC&gDWrAcs_QYrczzylRT6KDzKgD?2Oj73PupMnS>a`QH(Ji
z+AxF8n&`_X5y=tXLPUPUtm8>DoE6d$-XVZU0;Pg{9-{bl73nRT9%UW^RY>2Pp%4s>
zjiJ-zF}-2w{paS@W)|QgsByNr-(*}dnwsg?I^lS+MAa8~Q8}fOh|2f<A^$tDd1n|P
zr)ZF9gE>vD^vEXaDUXP~Lr}>Ie%H>NTqK3Pow?n;=x<{)?fj6{-WT}w@PCiUugJG?
z{yyG)ka)b+{K@K|<RXFvDzkMjloL|Kw5V1Gb~^1>luEuJ9q=?AH~G42v9HKN)cL8&
zjAgW+R0m&1P5{iWpFDlq1U9l~@*X?)>MLWB#t5FQ!i7Sd&<3h+NXBk0F1JTh33No*
z@1wg|3C}{=zdD(F{7(MkB4Ko=gA5sfmWgXG;kQKacbV#Uc4(F(Y~rqPL3NKe+3Fi$
z_6{}M4A$PIh1!Md++UPvswl49rWnNd>fl@thpQxx1WogCmpvl<TWlRA9EqNJqg;#7
zXgV9M{@wwbcmA@cLSzDi>#4lA*eN$k(hLi^Pg3r+T5sQ#n;T^&mM0xN(te|@aJ0Vl
z+rhy8Ske=LDG}E}p@Q}|u{v1RU+wC}g-&>?+{@q8n*WfMotHK-+|M`&I$643Ce~@_
zL-E@Rm(A%Xt+WoSwQU~jJqVYF=QF9IR1lC32db_957nf_Rm2*<v-$lKW7CQv=p$KH
z3LX#!T<WaFn=X@oRllZr1Z$JgHZ|NBdz5LbPp6zXd-Jjiruro$>;Nq_T|vLRZjh+8
zB%DuQm$V)Fq?#xwm$}Ub3<0m&G4$C?r6nU@I_VOC4Dv%2hheZn&W&Bqy^vAuo5RvD
zayCo7vbHyN6Dsk*6eB*W*e=mT02zc@?ZbWlpz}G(q8?hZuzBp#p;6razAsiLL9A@0
zP1s5Yzq5kuzzB1vf#^tV!>u@g_fQ(l7-HSrJbU!K;q2QN|9<s3sH4)AiLb1l{?Z;<
z;o4AQKStnBc%(?ku;$SL0+7B_1`egiAL4F<h2}CB@Zr`;zT3e!bXWOal;xHBkUvJy
zJjW1V0Qke>B`YZ72it2a-c0YSI2cqs^sWqj=ql#HX6(R=6{G+;o-Tl1-^Cs3f(OXB
z4>EKZs4UU>lA+zlCNtUcl<IOD<-#)*^vo?wStkOI6^R_6%SJ9njZ9{A84a%6+Ankg
ztluBVeaLHR@X@*w!_y2|t#^SBUgYB6uDU1a)TPw0|7<0gDy7}yl^Y*N|64gV3FL>T
zi|#lLI#i5l9|MWvY>5;+kC-oUpmz1RYOW}~t_Yn2ATZLt^HqX`WatWXW+aIao}mwF
zzH>clo?(cgXT^!m7G%>lojzzb$w1UQu$9$rB;Vfgp9rHgJwe#6eo<+<rf#SvjY`Cz
zxZZy4%K1Sq)}CU*X0p-n5EybB0;oO^je9TDAT6zYO|*jzE`VnOphGM~Jh8Txjg662
z>ogguZpWdquheZ*I9jb=XE;0OU;l!X^<&hv@*u6MNdo;djO?zV?#XbNHSk=34d-Bl
zFo+w`xjd>1FlU$qXwKeCRa?!PK_UKj{Lk;2R%|g+f%ZRhCc*P_PZ6WQ^MT8@^S)o`
z)GhU}3~pn)c=V8rLRF4^h##l3^kQ)gybNm@AA#<dmFNfpDvoQXKEReo)tY1Jv-sfN
z?biIQ=Xhi+LTaf$X(G*eI!L#+%-I5L9Rq?IyI9@r^_YNd`>-atXui~on<k8Hr2&Ou
z>W_gl5@u%~;RZ8KbE>7lboV}^rgB&D*l6@E4X4f2`qvZ@YK;P-HUH;#mk1~u=n~lX
zG=Brg{8~rf?pP|9y#|hP@vAJ^ANauakp@)|cGZH=X2~2fYiV_o)lQSIhn?^2(^err
zXz<=qy}Bd&Tj0Djz%dT!z?_;aP)r9@Jx|{s(gUoRzy1VpCvR9S%Ur{fN&=4qYyUZJ
zVC{kZ!ieA^V7bxq7G`V7HNmebx}2e|HNprm5Vi@k*C?R}m`6ZAtaVDE`tGzKh+a!^
zfX%SdfKAQam&{&f@9aY8g^bB`pgvq5v(T|H+fMN<YM%H8C4pS<KkE<Ey&0Zk1<|PC
ziX<o?X^lxJmYB3bih=1sF$yUN$RokT(#JAv@66<T>=+#rj5T=sflrTS^+X8SJ@=e5
zHF1*Z^SRUfW-!eN<)OD^zjHtXr}HIA=}0Mv%#?-!|Kz{mEcB;HjJ5se*1cH*bDO{^
z=JGVN7Wf_PfHq1slW0EtZFjj61D)S{f^3lq7U28+B#I9bLo>KrUBy?2&iQH>5^0%;
zu*AE`<-;xR!U8v9v~5|uhcI_2)u}V#?4v}f0JZE^ny<L`wMwB)Tr19Pg-xj%K0`{~
z#LZe{NpdYd5LsfJQu!M3=E;d#%KR=}RL~(pqb-e<>e6(DuQhP<&%G9=T}%JSMIvSF
zcQ9rjmrHudNJ3b2L8<2*c=BbLS-u9n>an@4&!wi7vkd(Ef983Y6ZBBjo0xO}5%~l*
zb|~3Ft?j|Psk0B^uR0tX@~uuiiD#O49Py6fwP3XOid%GZmYseey7kLK-hPDHk0HMb
z#6%+;F!+*WlTinZsQht{#szYQ?x7~Zw=O}eZ28%nOLEj2zi-7dU_$L>uneqM4~vr>
z{kf@*I#HPeug(~5^N(*<M;>)8AAVi}VcHOBS)3HEJt}fTJ~dyMj68@Nc@QY>=0OON
zQnt`&4aZ0lG~VYWLUQIS2zJsoMkV*nx!2k<VIuQ93IkIV`Ib_JI>hRJCZeuxS||2r
zb~NQ{4MQvcezp&8cr`k6O^6XppNS641B<C>V3KujoW0RY_md`MP!}ycGQ>uY2s~3P
z^<jn;Y{Q&A06cFTwle3DdL=T&^41D><-^>bZ1-+&X?VUoKXk#{5cj>Kq@gR1qqWnF
z%aDr7FGLysHi=kfg>Z<sx4tvD!64rzdykp8eB4pNNj!yXf3S%}thtN7)oC$;m-Pm$
zsmKaHovhi!9J*!wvr{>LF2<6c5&d~nT7w2Il@Sz>tY$!0#s*SN-QqBXuvimswiWi(
zZiUrOwbAbWq~4@jaG(nrS6<tibi9&D2wMr5FH}wTy1s0JkNh2(aUv#J9d%Ts@-@Va
z!(H%bZLlx?l9I~1Q##f#B&Eyg{+F^|R$Qi&Cf*V?s^7BBUh~Y%CO#MM7FpdFsF9$o
zt!;<Y+SO6!NWsP#ltPt5nyeYiP5FQm+6zn1GXymyC^?(o)(0F=c*X_)<n_jY;D`!K
z)Yo{0D(L_B%0#L}(uoOQdH!jEOTK^;p2VViwB0tFk4#oYmd)4)o(9o95p`HXRH4L_
z85u#E5W$3LpQ0EksJl>tC&q7v-|t}v1x;<Iw{RST{E*S#9!a)(b4C+Z%r(2nz<JR1
zOu}R9B_-2`4Mt1wQc8`EgAyNiMKlAEErTXKfIjmz;*^&x*Svgl5+?;}pSP#6l)MB0
z?>~Rb85dSe9qtqYbFFY)G*Thko(LR}chHAcRI)h2xUomZGs=hRefrjy8wm>gO_-a_
zxL<{9Hc-}q<EYd2-mM^Ity~HtLULOnT1&TC_0_WyR-L3ut}x^u6M=$ygpj3FPUV#}
z&;@Mv;JoMtddW=++p|f7^7icbP2Q5Jx?2+K*`=KZ;&D*5)~do`N~bTJHSBLDZ5s8V
z+8j4*`7U4yx~^qvaTL^+{1>WLy%)491V$2y%!^v%@O+B$ze)h!HyCq0iS1uNKhuyZ
zhQ;?y+#}1EEfMV)-d$u1zv0%k_sqkmEY!59GQJ_PY_CmHa?qjVI{Q51444oTD5I?t
z$;8jb!T92{UT4hlv0$0PjDo=x1fzXem;R)5p4L^e$tG^lSPp27n#eCS@d!Y~rzH1r
z=r1_*slQBo(3lzR7Jp9lE=O??!h@IM9yK>FQ-NZC3rM@Hq*QqJ(ndc6iA(s>+bS=P
z$S0LPA%&<D&2k~q(FSG;V0^N%=Nhv~oX%d=G@oXQ5cjHn#2+<tm^KX_kA`wN#DCj8
zpYNN%J5!H;kUZzi<27q~_z#OFgbH;<8??02j5sbn3y{(hbQ_$uF=8-9d0TL`Af?<f
zWdkMmY68sWC+HQ_MpKo%h*3Y`JaJ1^$A(a4v?54kLO}(ZBK8*^u@BffYd+77iWOnE
zLYekBHJ2OVR<nA36pfYv@ZUJ9hg**G9W^cwAVcnnOO^^X{<Q>A)_fm?-rkP|RwkA#
zS{6161b1%$1O@)L8GLx7D9NqX1lgQodb+KT`j%rgOL(;Hx?@f-V`QWWS5B>F1d=bA
z!x=~aLVTD(UBIz5RA-B2Gv%sJXb$Ca(yT#Hu4y#9#O%S(%j&F0+zTZT1cKvqR3tW?
zVGu}|Z46_eH0-QqlEaxEW~Cc9`7M%JHB$LDZdaK)7^+gCFO?Tjlr6}U3XE2V?FXAz
zrU|mmRR73bkpjzo+B7?BC6!iv69j+mIxS7t&@#3KU<dRIaDuW+fUcGv`(}DZwh1&Q
zLLZzV+-QTfm|jkmh_0_KXYYo<mlw)p%kJgZUGfu|S?VcPaE^pZK00L}9X$=J0AiSP
z1zT$kE<r|e+LniG9IgQ;j7v>#Gps3W`;9>N9CP6?E$0&NgoM%~0<GazYunv2OFhU<
zxs;ferL>$wa7ef~U?V1)^VH>gsZDi8OJ<%x5ayv50p3cxGL0Y2QSgxdr?#v~^fJ=+
zO;#3ctyABmmt!=tAJ=Dq#Q5eCO!zGl{f@V!*;g{o(L=r1oKg(&?Qa%T09@;#AFJJa
zE9k3r0KpXD!;-<@qV;dHRGKkxUI`@o8NDn?Q)Ct%X07EFD=*bMxRr2g<ZMXsmuMAf
zl<0q2KE*f3eG^J^(lfo7b;N(>VPn5g6<=zbfL`>x0#K(W_G5s%ExMAuwIO}~)hUUB
zlS!OftV6$1uQV6`B&)RkhqI#Soff|#mHS8J#|}rK{nI_|VnhXd)x=#cmi}BIcjKc;
z&0{z_%t-yODnHDjXl~6cxFh)$qgYe=ji*W(QcL-je%qee%6_%`q4vbuTOtQTK-Y5N
zqzk*v``h(_HLYUYrO-hA@|Abqfw;oTzyyIQsItAeC@C2r1~a&To}#^Ed>=Zd{;)kR
z6%bLlEXI;n3hf2o?&4MANu6%$9-B8;jdle=g27WEz;lIU0g96(G^864OI@lPp^~bO
zBNU4AgE&2!t)grg9*4X%B&~Y2ZFNHmslFX-t3YDdZg0{hmTx^C-NW3;L3Vh~!YFWt
z8(Qs!5k)we=pP_}7=E>~<5i|<_=@1G+i!@dc@m->A5Ec21#da1A`?I_b>Zr@xT^#A
z{XIdNrt5Fv1ob|WBVhpcz~d%ES`QXU;S3AN(Gg;6Z|J}ur!HI?J*Zq%<whdf<qulH
z>vtJv5F(t^H|P=U$2h(YuaR)DWkd|ch&3jABlm$l44>J&1n*xK)f^L9syb<Cw8+S6
z8F&q;JolHz1?QuoNY|7&zp=p(O0Ce=FuEz+TliDzq-msm|2BEm1+YcF-p{eqjHv=N
zgM|YcG>51Q9t$*l9(R;hL?q1sChte1Fn@{m|0q)i{hO|%ewn#g?gI;!HZF9E(J0B+
zs-ys~CAiwWam0Yn`fj-yW<a>FzQEC!6isJ-7EGz_qD~ZRGbeOIoF1}a&I?2+_8Ktd
zv--l0hT5C@gw{u7K_%VDfh>^uY#B_G|4+jj%0n$SccHU}X$=nWiBw^jLt(!#=}Uj6
z!E{xFU|puJMmfst4$`AM0DMp34GQNXNv(?wHrFcGUewKdf?9jlUnBO@T$38l|5Cyf
z_5uKtf0}f*(VJ@9Ta8>83=S;KSsHi9w8fTNQ+u@j>I3jzgJ;1N2N3K5OClfAYSK#h
zX4Z8ZPYUjee#XY9r4pdGD_BL*tJ4s0;@1`fb1>i2D;_ZNKb#;C6%-~EAiL4HE(#bi
zBW3!Y4LgWWjS|_I-gfY?cy)V%j>?9tGg02r7>W<P$wS>jgF`Nkt3GMWLxCHCCgrtR
zle)nLLa2tLS{<x)VEvWnlvfe+hQ3F|!38VsCD!MZA`N4bwT=^8`Qc#?1lvJxstFjN
zjWCFD2!0H7tT`T}toF-J8iBb^ku8h&U~nVHad>zy4)A)?e@-ZQc?vI^By|ioT17nE
z3f))pm$aVm`$ch)OKF>i0-f1to;0!t-f&n_DOcvjWBXsK>#ytmLz8*yCCnhe6Q>C=
zlT1=CDBylMbGh>ybtNDXXIm5TNsnAr_$&|TkO-eX=)Z^4Lbac?b^W*)S|b?bwR!k>
z(^{6qO|;#QFI&$y)k_IXPQ#8xcy~#YOYy}t_6FVmGL5g*dc>0Iit4Nqdr=+C$Frx{
ziv)=>G^o@Vt-4@l+icV_;iQhFyJ}unhP5ib5bZ*!ng;%=T<^uwmd))+%<rh8l&M-J
zvK!*lm?UnEdnzTSR)}4HLSc*5{iF9`Qzumn2Hl`P0(nF?V$ZoE5<~Zz28E^_V6F2u
zkG(qFb*y<#R-s+Cefq69wYR+PSE9(Y?54#`4Vn^n4<~oKVSNal#ZgIJg)NcvTcKkL
z)hU#tMJGTi{D-~+`?V#((6HYUe^Dp9yC-wFGjs;&+v9N>B%lhPslhbTvkBr}5=_$Z
zNC11{Yo~Zj$7MMJw_A<S&SMqG|M4+uf4sQY_VZRMg>VvrR!olHpHu1QQU5p-uZ1UD
z|0H9a3Efh%qLHc=z0kf)8%4aD7rQuGei&<(8Jv+GMG*~7Ro0J2qZ}Vkh=!bI2zHUC
z`K##Quc5j(Fq$Fy_+KfuD%n=)dp4vu#yfdgxXyUH+(RC5mhZJt18BLFs$SVr)U_1w
zJH<I*h2k_&RXH^2xMd03XNh3st~KBe9vGoL&;mrtwvR^p+)tVu<IfHaVD!q3`j8eb
zA|S*$jEGPN74qe?GO^fGkpVAfVp^biAZdp5KMEZ#C25Dy>0dgX%04V)g%afHP)EAX
zHC3&6Cu%&|?{kl8;o{y9Ob;y7g5(u!gMOUxVIA?Hmv-(`yB5{oP0$V9s>ed|WYS3Z
za)s2%>OBmPQLCgI7kq#isVv2ANvVSLt^c*N%f#qGXINKY5%#|F?RrnWBPc$o!ieop
zQi~>xG=(;zsK@H=1_z$n-jEh>-HmLGGToEqX`q-bC}HYZjRo7bYo*7EQCx(-x7Ydt
zHPN@g?J+1T;dSg|<G$r?ND2_Y{-6@=uutv>9bx1li02FcQ~if#u*K5}_j}#_uadgi
zY%#tVHSepR$A2zgChqzt3lVdcb)z5?G>oaHe1YSy#4iMzljYo5!Tns|^tAO?Y#~DA
z?Br%dKuauqvQKtlM6fI>zJ6W`?Qmms?nPM7!}sGSL=)jAkDb?lKEr{pQI9_K#L`ls
z10o~`D-KcJUQ|G7o_Vmd-|$0HkB|EzY=!|jxcE%HoAWk_<e>h~8v;f1191ZP+#^vN
z5S0Pk2$Xf=`soIDr;7?unxb;&N6vM~AcB`d;}sBps>6K-6IihIrq>%!OLhm2tCHtf
zX)Yqf-X#s+V6as}(G<RLY-pn>EFHr@6OtRq$DLrABDTRyuzhclCUG~83Qhe7%Hlhy
zd!<J6ZR{ILI8C4Q&Nh@CVfm$p6(a0w#nU}X9=~e*lhS4M1B}2pjtD?PU2;5~>wg2v
znQ7cKRhT4zsP+fRFL<d5*p301h-Sbm36?ucbRljpbo-h8a6|2SbPS%#Ngu$RaqhxO
z1UEgx7#4;yEJA0Ze%6g*OhuI8f`q+^HPzPBte1!I_Jj+Q2(ofJgO98m`c%mtEhQNz
z&WK|B-K%9X>iUTDKS3v-J$Qj_tL55{fGMh1>lH|2m249e0%2jC4bg^JY(aD~BCGNr
zYo|95hGpswK)h^76SabJoQ4}L1aMuwGsgIgqA9(Pvc<n>=?k{i!ZN;gYKX#qRFHWD
z?T(NER=B`OM33pE&0!zA9s)IRrb__IRLN_Q8L_I8F}RnHvl7H!txFK}YZ_0_dD?1|
zUhy12Wj@@E#e`3iS1ZEI#`n%`-Ndzh%zDi=37vmZQt13KbXXx&@A8=ZhydL7cxnXJ
zFw)%e0ujahxtw(1D<tC({fF#$<IoVf2%mPkPMV?Caq&yOfn~zBQ#=kaV4OaSGyPqo
z+3j^yZ<CKkN@B?Uh~HEr+a?9S(6bRc5j~uLNP)lPB59m9PvMzYyZ3<wse>Iz2NNOm
z1bOfG#vs%(v(0nI>pahnA}A|w>Ojne!UPxg;ERaY*6T6hzLDz30@pr8A$gNF-A{vQ
z=<wdMq*UC~W^*~!EY$h{c|<N0L@n_E$!;*Q_j$8Y(@}5+tnX^l9q)MfQn<p=iZN-O
zPS4|T>8=RLz5GmWvO%Fb=s3k_;vW*YfNtSaWfV@f=C#u}yMvs60+5_&IQt0Y-Nr4l
zuOOB+C0ie53EkuJcBAyU<Jhm<PTju0#G5!Qf*_O`S}cW=?E6t9JsD>!wR$doyWSRR
zj=jzW_!kfV|4m^Rb=;0k<<gpV;%b~!>dUo`VN2+}UzU{@1OYd8liEHSHMTe2PpbK7
zj&YW%P+eI2@$tZac<3H;ASn+7_r`-QBy%4%Cb9dJ4@Hw~lniCr04XH#5^=|eUXn)4
zLB<MaoElO}ae`@cA+H(}+RJpe7*1m>XR{?F3x0hoH?2G+<mHA$kH=o|7Ste!MNAnO
zpUNYBIiag2jHaG8lar|>zoj@SZ#p|7@|YO*wRWWSRCie({E~OVu5l*32ZQ1_wZgFH
zlzBPc-f$lb>Ek=7q%j|^Ow}3Bbq0h@KYrO6U*U%`3N;2z{t`&f`9qR0U=RKsWjhl?
zewv0mr8(o?49{Q=4{!CmuT`1{mgzibQ#<1)wp@gWtT|TA;bfJ80ZZkMgj_f!D(4kw
z81CR#s<>Y-B+gYMdO{@5<IaRUwW{H-;19iac@<|bqa`Ot^~<hKhZf)%d`ajfm7$Iq
z6mxuYc{13|`dn^zPOfDKh%!EdA4_LxU^>c_YA8_ecJMinD_Yu6_%UQ=>2@q&r-mMc
zXOO;+Y;{)P@J&Erqp(NTDR5d2wJAsBrK+&a2?N#%(>3J$C4(k*X?;EHNC1$>PFi^L
z<tfnLa!vFla5I-bQ4)$?acqy_)ih>(xo?dL>OddD3@57Z2$}~WCAG4~>9Wx|^I-2r
z!OPhKszK=%PZ8llXai^~@I5faMeFZyvrQMV%$aM#Z|1?nQf|vvUADXz0liu*;8ArT
zR%>gcBH|Xl53>ZP!9HQb%9jP?pVIM2l=;<$qBs1b+f#Y#@35n~NBG8trd7sp326~`
z!0oH#L9T>~BVvl!lHbRNRW**Q$W@47ULOZ6?}?M!IuGY)2iB}|x3YO%xSv3`WgP>W
zvSJUKHPoj1|G>+#-mzdr5Q$Z9ALC$7?PW*YA4LjON<a##zjUzrlAUvYBJn}vf0?@h
zjsBH;2C{<h^%RI^moIDDmy5Rv0sWPf1Jm5hpI3`ty6ta8FoK%!R_}q%x!Jg@9r=if
z9Vn90ap{!dQy!8byRr=JpZ>haSD0~Tf6kS`7Mgq@kxeaen46+Php1Y$!&kBmR-cA2
zi%U1R!^2B@NsW9dDZJYy63!RROPmuTjt(Fhz)UhmKOx-k3Ewni*_)6+APLT`qGw=e
zq5UD2DA)PVe)pTuG}Vtuw-AxPn5TN*{8PzjemoH8i`BZ!%(IjDV>>`0{`2#8i7y}_
z^Il}e6bCQaRfz0?9%;4>X0lC|A%Js1XubMy#~zc(8J=Hmj{X#vrF2@~at0HxxR+aZ
z?qn9?tmNQjqNP!YqH$-9?jG7R_kO=346l!O^GGtiM`p$3Zsy|>2c1Lnz8Q^54g5((
zNhhJow64)gIfKtNd9OxsNnS^Xnuj?s7JTOrs?0ruD^?(w#hD{q?GnTH+Rj2-u;4;p
z$n2J@a{NDRhSiCKQyn~_s08=R`;N@9T$tf{vlk+tD2uFxAB#(@>Dm<(Mtj;Fb441y
zlAd>NMYHz^hj0Vi>bNl4i@D_rf5Oc)raWRY>z3Mt<eVuqPe8M539Yj@ylV)j#CEBo
zh5+)6LN4Rgsk!16J7%Qprah0A-z_)rP@roX0k<lOT_jCA$E<;VM$cKQ3=m?%&T8J&
zcGF^Q=<W%zaK)2i*T>fj$%@+-P7A6b3O_im>4tT^(}T9Q@x71~y#116uBZ{OLTGix
zc%qWQ(;|`htRi#up|%Ew-bhZ}W95q-Qa3F$5W3=k`+k2VTJO?yS(>SO90s_g%a!=Q
zYjIfbII22^0md}ojRpBO`>KFgk_c)zs3QC7OeuD&)vh}S_5i1VVbvu989s<8#?zf!
zpJJMHRBWXCL{<$OX1{=JL4OykItH#OPy^KnA3&%aynMIT&CcuN8BhGgA%e8)4J#^@
znnP<HY=~qSLLD1&5N%18z?HsHCe3h~-Atn_{`?vWj{}VbnYKIM+Ogd!Ja)4*WuOk5
z_BJIau*E9Lfl{qpvFwT@7N<MZvu5tW84gzw{>fj!PI80J<A4$kz(*&-x0xS61+vWs
zGMYfvT93N+)P`plJ+TU=QW*4_PKa)vQ+xpmY+N;iHq^~)SM<(#C$Pp5o13V(Rg_c;
zfYXglR`<>TTkc0g_nW4Sgfr}3W3G;&vjMVHD%uX^F;Ol&?t1mWCei2M{E#X&RQGS<
zeBX^8zDlV+85&n_$IKU!&SIGy(J8j$BMfPjA(+k53(rF*QJ+gAFz`taukzW>I#});
zD9q)>2WbjZgy2isIX>VVH&*W=>(!Mx?nL-XU&#U^p>UqggMDo#3MlPV(+!G^QHPaQ
z5TYQ+VqA6pN;VvaG3s2as7QK}IO0UxS+jS4=H$qz-8DqC;(}n@v7zBf9Z1XYf#E(p
z<8kmVT(;C|>N9;1xriJBh~y;d*r#}OJfTK~nXEn+5-z27jq$@UoJ0B5pen8z6jeFv
zm3+n?C}{SbM$MDX6!<>Te+VqFKByvEkzuI>ObIT(-w^_THTwYX6*8xVY54tyc)7sH
zW^!h^fcWut#cCqkV6AIl$Sb2$GEy3MLDzAkxse!z5{iIvGtZM~>F!c9Cp-ViFOWmS
z`bH{{sed^l)kg4hS(_c_L}@WOsLuz1xKXGI3Wlv?f*1GPcRO=@(XkWH1wjgb)sP!)
z7IzLIrc}0(7fLL$nMc|I9c+*ufxj053oVpwV0=0fD&wAbo++6QCOXwMhxudJf>>qN
zau3qZpa5d;YS#aEb#jms{cCkMh!hp0a#2JWl1T@Xl&bmQN|CSfrXOwAvY(8ER5leW
z7#$d-X!a8~fcwZ3a;S#-5K9vT8u!)}!y=5+eD!|Ub<S<~uEKB1ay@@d-J~tp$hKLz
z-uXgvx+{_=B}a8ptYYoJ4t-`qS+)4H`w3d#d%ppF5veNr)DN}su&bUX)|Etu!K3`)
zg9IgHo=jH}97D_uXa&OS7yJmOZXHxIS_?uhLJMeBln(avX_`RKM-+u3OhB!OX5puK
z>s;wCi?A_tYiQ{&?&vswe@g8ndJnsJ*I9j9xiVUH=NU6J9L3$<!XU<<9DF6<?293n
zCILdy)a%L7(_NdQQ6@j*u?=y|kMEH?{h+gEzWKcRViPbrIJ}`65@M12yF`hl@hoc-
zL`TTMt>J6IQn3w^TL;}1&6hfy$QBDV`b||4x-TB}%nV7)1fS>gdpMVfXAb-(Iv5RQ
z-qKCG${@;9Q#s|vyi;s^V@dCxi#(QoM63;u(J`fM`0Vny=t=N-tw++<0-w^J#vY#Q
zR!zp8xs00-7c7uN<THGCOn7gsr2+xLAr1Npbf78fFBj`DbQALXjnDkKtzES#f-KjX
z$Obwu4NRrhsT&wkA0{m9IBJY0QGdx2;eG}?DUwTbC|Y2mXfy4#ilEtn+dLGTBoo|)
zvAK}4O)Xwt-ztVRl8g6vFP?~-?adJM?yQcyI6U#+GI<uea2Q}b^;~wIs<15Kp%&Tl
zWq#V4WFy@?S|(G$;OL@}y69ia^LOnVcfK<#<|dJV{oRa2x`eVCE6$nu!J@|$=@|Kl
zN$N9B$UK{Sjen96bSISD+C5BbrN95`H<D#Iu$&FOp<#<0?o|=qt$lr=Je(hE?0YRu
zz|$ODO(^pJOZinoZPzj4J#7|CWJ7HrutS$AIb*5LEGok|^~trg?SXm5s&?}ADthJV
z%UM7M>;oQJ)C&DK6-GgVwMpRF`nLS8evE~+k7zy4oqS`4j_ZUv92X8x04#KEe)ei>
zY^s?#A^+L38I7MC>AQ&vW+^|ck92SZ;S+F|uD&&H0dYwS2ZH<>@-z3qcIsjVtQubj
zY<O0eco=Xu=1d$F6W9y6);>EeczE>CbmwPI=MZ&X*I#3|6NMkJF!7y7KhM-3drp($
z$H<1z2wwo1_j)nS<%lmqOWpkH4^T{8qtfldS6G%M(+3u}KEbTPcDyP@OOMa(WLC7N
zE2&S0M2trCED}?zh9y=@>+8yP4TgisZfdTo)hlTk1qR6R=6~@@GP2v0#wFN1u)^bl
z(xHtExp=xaVZcAy1p}A%P615TxyZZ<qO~KETM~CREPOuLMLl?dTmC#7I>5nbEN<uZ
zs?|tXj*pTJp?|=-A|!_X+ee9-z!X{=p?U?j_<{UA8dxQLS{xBf_W9Ud=P?CO68b7p
zNEeVW?^jPKztqFg^=trOsSa8vU1G(HlOBvvqHQ~H3_7+v^m#DEZioBRq1rQ){nm`F
z#xRhoe#9cK{`(W+c$f_%EwZGr5>FPq_U2a9%Sv;^yf<d_6E-Ez<dweVO2I>*@V8K6
z=B`n(oi}@1oFhX<mI<VAM)+@{?fw@Ii~ZOw25W_9ih}sg4qK`Oo?hkCk$u@7^uGsJ
z3^0wyFhIKyRme%Q2<W}yytC-%z$aH(c|~33`gpiCeIlZtKYU7Th1D1mOL0s6j$((0
zSd|@d*~uJ#z+`u_9!M8=q1#%87gfThFCy_<=aPT&tl*RNk)1IGw#Z_0_?ua=3m0aS
z`inFjGVP+k>XsFiOsE`05>xIJ@;-^9;}SdsJmD!*hVrgAu2}(_ScyDUF0|M;(NpEp
z+}>`SjazO_feEZ8jNT8pt!n>Yw191<%kRam{VHeQg&_NII;vhyMm$WV(rc!CBfg`I
zQ-bF3dKf>>FR)c1%6SeK9D{;?zT*j<ho+dtVypp@NJ2Fprs`USRK7ELpRM3hbueTV
zqx^fQb#ATK6S#al$ONJ@L9HBISkvRW=X-p{*3C{JiHQJM0WbDb-GD9NTL>kd#c<w|
zL)D!I*?eFy_6A_ODd7S+2<~Z2o-w~4D}?=zyx>Truw7Sd?2RTPLkKZ&SEa{GLaw2H
zN;Sh4XU>Y-jz^pAekPyD(+>NzmCp62k((PrJ_l5XXQw%sUR@64GOmeRq%SN4P&0D>
zTx0cI0IsfTWJ1ytvp3z`AfqHWA+QhOxeG9`FsYK=11A-LR#JBQX0=uRUYAZ--22S{
zG{j6gwmTw$lAyM^F3EHhQ6cO5G@kcnaUz4r4jblit8mNM4_f4@XDu~CulArI6k+hW
zukVO$hw;1RE_`|@NN5w~c>;IeDh*!q&;S8a(-A$&&xwZ$&_wC++qWK**(#*<O*%{A
zKj=3|b$dUc&E}S$hQuIPjV8xfS(MfHd0@F$`4#7CH~?c`17lii<2r^T{9eaOS(ZOQ
zo-ZCz0<DZRGdxKv%3gnPPFxw;4BvRqKfdtTr_X{-Pxs{C-26yNoT22<Tu`1lrRYZC
zb+ciueOKGv>ATg3TYwGlgE*F#7rh`1H&35kpE||(t9~MnXyF`=|DAOxNB$?^&~8`b
z_ufPY7C0Jh7#^CayFDEUe6dpH*DP~Wj0!1F%$Avq;m)j`ul|=0&?VmA&FdoaD;agl
z5ry*yF<uFR?A?AjJM%BnmpdXJLlMv2yI<0Qn9xK3n39{pdVVa8&3xKNLWksrrSsrr
zk~n){Y}E`(KoQH@sqA_<nPzKl1d2V4-Eulf`aNg0M{_^n$f6{xEpC+$EFxRu2+|gm
zD=#L)Hsh51aAV$5t!LllpjPTMp1H)dA+8;!BqIjW^6cnIvmYs+DCg3rVl0@x?eg_P
z*KHR+tP~0pKTK;QX1wfpmzbkner3=^@o%FU&EJI*mc$}~^Tq*=YT_85WAc@7kc317
zt2)eY@Jo>e>RbA~m`Nx}l!ogmSC{e+6aXi)htT37w2S?a989SX3;`ujl!^mZxK$^3
zbDxRf^BptPSh1_0J4%{P?)hNeb?lMpjT!tvNKO+&M6Qbs7&m$hN*E&pGBkyd-rW4e
z#s7T*T`bga>x5mRCP>F(z$a7c>v8HMQP~A-azj5kATgIbmtHO8X_)Esjzb)S-1YE<
zaz#$9?qMP-ezu!kC~|1f>5eH+0yLYaCKaW#00jZW>L_pgF0{U>=VB`Sk{hRS{OHc!
z_1Oo}f+10EdqmEa1`DdX?eoKQ)I%8k+_}5NS0L=}(Up$gTm@j9B6;XcBO9&OTwunj
z^mf$hxTe0-lG0w8(LQE9PX)VXZh;cT>j(^L$Mw*vH6b9;#uy;#S|~Yx8@pwul<rjy
zoG<r<84*2Ut$-_Mo*Wbr)H3ttzHMy`4SVuU@f$sKCgb7`q5VMl0v(fn2!Qnm_a)ur
zp-VpnB``fKS-QkT%L6)~HLk!WW~0|6V7STYrr>lK0u36TI>(zweNLTT3oH0rSw`@|
z-K$BqP@wyE2TW+)rxW8s=s(VKGo?J#c>Ph_J80GN&aPaAPIDXQj+*rOYC?_Z*IDSx
zyCPspjXNd`q{Gj&{&DDC#>UjdJ6(xj6~tZ1m8}mapF5zfc&|N8n68R8rzMR52f*ZP
zBdfu9fRt`TcSa+)pS&JoV=GykcDaR_Iu}V-q>9{k#3BDoIN4|mn>poVW!g8=aK|wC
zrC)8Fs=|#`l&vwA$IHQ<IH<fr;!MB(;%W6Ne<b{1ko?BvyyW4ZnV*0_ccs@ber(1q
zKy-`<G9J%_P6IB6S=P0e2aBc)scrRzhbUqU-SjOg)z#}06!iVNdZYR^rw)^alUt7?
zwTB$xXyuLbzDix>IQC1hI)GSBk<|3ZEjHJ~Jtel`abw)?;i-jPY~xechWV<p>kZ*K
zU$XSQ;RK38YE#TW4LY>s0l?h>fjNL<l%Vm*yx^~p&1}Rd6GD2Z6^DPTbufIUVNW>m
zd{&9as(mi8tlQI~H=IH+tenT-Hrw@8IdcyWi;!8d0EPpSg(gv%bD;mW4tQn=bFPX*
z615t3hAu=pRp$gv#P~Bt)5(J4?tzsQG$_?%<4@jyYJ2!d@UXd+3HqZhqF?y9i~|XZ
zl0~e*1!c(1i3P4qJ!P~C9gc<NMq>@U$o8@z{(QQv+to2O>x{8u`>sCL>ZKeA+BOr_
z&x4U(%vt+I#mLrLjNpgE^tGrUZh{HNaL-?V-u|y)C6l83P|v_j$3Xtf_ETJrs;hD~
zt^{0lB)MBL3@(1>tBaM?gn{3II(!kRAZd6WwW|6uB0FoJf-mK$_8ZkV`1)V~E}9Vx
z<QAW>ik+Qm(#&a_H|U((27TzSC$dfO{ej>Ql`-O9=UIssKG}!V=@cdy<fmawXrp|*
z5rVXoeYD(FXArq6S)Y}o8FgJUPNM}eA^BTsCdZD(_c}T9TCq^TvG73gA$j7duot+C
zE;>>7bm3Z3B56h|FeK+G&GLImu9P-KbgsZYHR<$3F362c*wvIj`&dfslLI0J{QYLa
z9$UFjj0Ctx*vbB9dWwl4ItY-bz&Be$qiIA}-&#Z$UW?PGI>|+WrLS;%CqdfenYyK;
zPqHpr+4_gN;n<^V4{WvgDLrkx9Bu1i$#LIfuYW<+75YXCsc|}9cv#IeB~P62(3MTs
zUUHcNa!6kvSXm6exssVwO@ia#;ax967xO@&VwN;*iSdK$=CnTBX(b<+L2x2qz~Sj6
z&lEalk{miMB$ZKy%Iq~`4IY-|q{_A>&RE_alZbNU+=xqsX)wPEP}REbJuIqQCPknu
z{-W;XJkPE`UtIQ$`4kF*lwk~Je;4H;T7)39Ppm=zNA_U3%oftKA{GoWURwwE-pCSY
z_*=y(keQYv6qi0eMLXM$SC;{89;TgbsNYKUjQ)582k+0Z0bf*~ck5p=%pRlNM-c2k
zuyYGw)RT_qL5r>>KY6T!1(u(b4R7<t?RqtXu<-{Sn$?5U4K8e3QOcpZn1Uusk99$a
z1(YP6ebbuv%5BNx9@K3h7aUI(+BB%L3k$aL@(6MW-wq>ePDANlC)_{o>pm_w>9R##
zU7{=^zl``&=e{Gn_730B318!jOG{|vL&rs+yZTj)uK2X<M=@o19!Bw9o_H5h76SH5
zfIA&DHY~2ESq}oL%dlgiNGWb(e<#w~x?YI9&fO32XKu3h+^#;9IQ~Sd)DF&KgXN*C
zQ9>%RTZQbn<_#$!-~NtYPQ9D3w8121qC5u$mi5q}LUoN(-?j;Krdj9tdA&O3m4>%^
zf2!=-{ouhU3O4?UI2$MKg)UI>^|Wi`Eb*u8z__QjsQ7|3M6EYJTIxanQ2)5VYZc~+
z;GcR@;w6I=eQ)PLB~gv-Dq3z&62DV6a9E~&5K_KZ-DkP(#2^~2*d$|=z-0a8qRA8O
zsqWF{V)~}&L-+#YoN-KD8Zt+x=k^w`u*TU6*g5<zW`bbv)1!jisGbbFS6vE$Szb`K
zHQwkY(b8D#IzJdNHEY-M=`|?<@_H|Wf~1jrio;p3T#zB`WGL6%X^q2@lz10%=_wIu
za>QD(+?8LBwq7g!AvjJRkr}d4i3}%o>#XA-Z$dJ3B1B+W5TbBHy$YMV&%IIN@eI>;
zOQ^zPDczeQ#ax@DeMaDD&!RP&{$jF!R1satsvsg6F+FR^ad577IFVhy$uMK4E)Wj1
z{w0<p$OSv)uj&B+yxzWZQ=q1UB|ronc2M|M%;IMC5lb4he|L;Vs+;r?RhE=@?gcij
zLoDmse$U6c+Q+#CKXSj!k9v!^;|6)Zp{@!dgy<C|0|ySk+wsuvVQ{VK4)WYNf=Mi2
z`_MIMRipcbB-CIHFci9c%^@eMK{jgIL!Bs{Sh0@!Ow;>ao`fx+>r?vFM)R{zu+nE*
z-<?~v5k3FKVKtLd*cp?Q!6|Hd38N+2>#*z1i2)4_qP7eH-^m9fUoNXLQys=_3JPzj
zYx{LXXhz#uI-A*m(vb8jWBsF-4zMc0@-byQ)<dXH9E9P7%c<3gd-xT$s|y^%<i2>Q
zpQR$0`7>C(&MPszk(t_)RN*U7_<<|!A;FZFeUj9?1a57Mlh|6OhN=Fp(Pu=(-%oYr
zzkH(kI4-UyRVjfMC!`pQ$eZ5<b7)x4xz!ig-tp1*i}D{*ZEnf$Bow4~>WBlLKi2mh
z60Ev%xaAkCga;Mkr=o*jDOX3t!IJ}7mdqqQad->5&XaSZm`75UUsR8i8-mk>*_C@{
zZ7xy%NSA`KCResak+Z$m>?6cBEwpfdhA-uS|Is6<!ceGg&J(DbA7R*F(1dVj?Z~L1
zBs*d3)u08}$mvnoqNau5-MP=-@>v2U?DO_Qwkb<*fy11K2>52WLKnm<3EHexnn-%u
z1P~x;_G*{1U%`5TSi|qX)x2L4ojDoUh7gQqUL*RQx-BFY2O_b<Xo_ogoY&aE^J@N*
z>U<kyjieRi$4rDbu~k;uS)S;^G%f+6nI4-S1Eh(euo*V0#8qWL3FFds-CdIncYyK~
z`;GDp-BWiaTNDM**y`A}ZQHhO+qQ9I+qP}n?AT7n_j{P5e!v;^aCX&ROTOc_yWECO
zl=E!C>RVeCzaZnP<f)#a_%^nn&*NxmvRbeLI&hg7y2z_GI->0%pqE%lGk?(*cUQI2
zq!*@c-L}o=CZu?!54bT73KrU>F2Jk4?$dkB&nD^2t$US3^pn8L#H!hNSnGPN_h!<+
z)D2hTw3&0NJxltbCtg#F&n90NazvmBF#Z2(lESBzmT<|XCd5saUoAqV7G#MpHOV#@
z>bKR?dG5I$gsJ@I6LdR%j<fZ3DuRV#KQ157A*gGfM0C+p*Pyysa$XcVek$ljs&0A<
z0?xk};&AU()-beU9-;3`2)J-MqzP0@sUyJYx&4asWVYk4#sOSX8dGbi@xF--zUe7$
z%;6U+F5|s(&t#p|24)Zp7)wGklvq@BBICQ@50K*j-ec%JZjc|?J9x^N5iibguxr>K
z#)hOxBX16&chVGQ%N8|^7`2nHc@@%#CjBIh{#uxgz7UHfW48kuoQ%aT!geYNrln~+
z1XuR7VN29zC_CxN;6~gJpjsB$IN}6C%^cBxAG^vU1NpgBU@%T$Xx!5M?^>xva`jcO
zy7^Zd(ke}1!t0!hoi?qs$q_gqg$9WQ4q~QJ_DDl<tm)_A6BiWtr5q)CIXW~NSg|i`
zNJHA65^CyLY7i}X|0BHgD>bAOOe_%m&gucZQ+I2@h-;Py!zf=tZy%i}BuVLcBOlE-
z9V=B2E&a!Hy#_I<YCo|gnk>FBF;o5KQ0JDOKOI+`I6><!^Go2(wMqBtD67zF@JkbO
z6%9WlgG*YFia&ldTCO-A<V{3*v2saEtA=GlEiBZwg1rTK<~ifkv$3WTn*HBo-7~@A
zih{*Y0<?bGrcQ#m@LdjMDSN{wc}NGy?BHY@lppkQRBR|;IHPF>pV;R}gD}Yk@p_8B
zHt;8lfvT_{Q!^1I+LIZAhccX3O2}F>md_$o(mB=lTZee!=su8ESs-OHA!DRX)+000
z`g!4YJxY+6{GKLQ$H3@qpuy2HyI>x2)W<%QN`7@u%QE{<4Sl@}o$+WcilCiNt)ZU=
zX3|{kBv+HCijadRoXCQ6Hl~Hp?MYs)3Z1^=U=2CL!*1#uN=?cZU1F4BYRJJ>As1Ko
z-?Pufo1ip;of6$IJFQ0Ma_ox#cqY$ThbyU^cySRfkPCnVO&CJ9&>`zlE)LQD!S$`i
zLibCIV*59i`7c{_$uYi}(Cxl<oG|{-aoQ+EV1oW&CP&I6wiuclN!Djj`8bg<=v1s`
z6uYXrwn>AomT2zg3m^$ih;ug#RIIE)*lTAoFc5_%axUn<Dm9bN%8Z>$=S_}&F6@-L
zkaU)BkAZl|qz~1{!p^AZGga`J8PDRa3=B=XTe<2=_9)wP>D-y+LfWc@yEMP5GQzwG
zWYCa}+dj1tj={j3mr)%hP=e!?Nz~~@Z=SaGbOohbV@Fy{Zanhw#ky%!)baj+<Ot;7
z)xSQKS7q1HkGBL61#`PE&0gkN*vckxo65&3GZ87je(;&l3S=<A&nQ$PSnPf^3<)r=
zES1MU8tpWSjb(o58Pm$^mQ1>Wq&@ch!LeIkIky2q6!zUrT;6Jpn4HQ>%}S+I)Pjm3
zZ*rKWbvSEIvO{0z60$9P?K_P+nUc+=GYyAQs(8zM9;r@@yl)68sY)2$C=fhFOF_21
zGpgcp?K3=uG<!hQzIKAh-U7q9Q1Cy5QL$%?@#UXqb^fIr@q!WJA#AzpMa<DPQBl;3
zddKf>6{GKemEc{<Jn-Tw0SOnM@KohwDTOj{-OMYu4%^Tkq*T1HNJDfJl>!s2;3@}?
zdcu_bA(AzJszlJ^<cH-E`zU>%W@U>VbF9jkEFL%B{^z1>L;mGNbmWOF&_US0uCv;u
z|G7LfAQ-vl8LxkKoBFhVT!5=wd^HM0XBe}9=UfPN^TGcT_aUzhBH3@Y_7Ijnjvkd{
zbBg%=ps?{w>;pqLfuS6Z+4GZ)t<+EY$%#2J&<**=E1vpt;Qk00BGY6EF3#~GW9o}y
z4oAD|AJ`!h;rbgp2U4Z!gG3d9rZzCl`mdQ}4Hs)l?{97^OI0yqr9@r9?vSGGOoO&;
zQ?d={o-Dpk&D)?2F~oAe`taZlpiPLwKeb;5znN(K`g`Z)2_HUKf8`02grK~q^xU%_
z1ct`$8u{~Cz_p4h=|^j#OD|?i#Cm~%dVV%-TT<}0J2D@Pfoy)EzDv1W-p@UODKI%u
zrPNpFz5-}7__R%6u|F((PK#c^I)q|No!kNo6<b-+I_(lptHAzsw8R(~jM6RPI=jgl
zdu(=R@vlY*mjB7oM=QBk!h?qO6O@Dy1mDCzA?0xi(hca5o6o=6TK{P<QS_=5*1}qc
zv~xb+h7T`b52_n#d=}p_E6ZDee28GLIXU~BQ-ai>xkE5PINP@Stx%^0@D(bNJa3fD
zd(=p}&JN4c%*cQUJ9Fl*Z?F^4sEEw>>QhBrYotQgASE1xP>)X`fUZ5FT;zaN|Jt4W
zX7;^)zE*40&RI*`-+X@G$s@oDszmSG{&`ZP217mxz%^7c>D5ZWUDv2An9TR34(;JR
zxT6=j?JJkoh*8j9NKPBI^E#i~7VVDa!I8UCL7LG*k~8lO5BCp_vmBKaixH-Ia)jIQ
z89JS`8HE=<Nt#GZ7+`L^LrwGBf_2e1t2I^#!DJTic-5IGYDnU)QfQC%Vy2e&lnWdI
zHnJhRf(J)!r&7Ky546<KPsiE`i*6F2%N>@kSDI3M&$!|1jV9#7-it(77{EXWCQ!8J
zjBUA&vSfv-`7E9DI2gr{1ur>UD6{hJcP#)CLa6zgUF9pbI6OJ5e?yMucEzT>DS21W
zN=4IfJTwxK7{<j#avBj%yv9Pq{ys28Vi8{&tX#dTr7?SwjZ6B_-}n4mPvF831c_;y
z26j7<Odje2Q!d2Totc$<9Immm+LzA$<;5_PU5p+y4a#I>fV2YDb>)@>%Y^j#Q%F1a
z*atiLsNC(9`w%@|&!s)8T!<IS#SwGtURF}WD-r%Kr)Z1MPKW)hR#CX3m{k6yClp;Y
z@NCr6H~)FEdO7M@87v~`iw7s!?x4{h{ot&=t-AJ>3$gCqaUd4Cg!BiDI!ITv<D;CO
zhhcC3Q9Kk78_od*xf9=0%ywH`MieQ^$p*OS!wKB9hS=1_!~;XR=`dHGI-p!Mi_A*&
zA&|>0mWifqb=?&2dOt)y8X#4h^rkf}^gO8Di8@M#zFl#OU#vU{=j<`H5Y(p#374+h
z3U2YR^?x97^0hs9TtFucfog~@mH#y+qIPBz`tSBF)0ZGh6Vr+<4+3tUNApC0Bs2d{
z21}%13=~<&xMy0ku3N8`YxuPv8R7-cu?6nzu)d>^dgc)FoNP=)-7dy)IAFf@%5krE
z#l$!BS84viOiC2~Uy}(O#9xfKo*CD?!u!Q_jIx6Iyr~}?$#BKZMh8T-B@a)mC(iR1
z60G&FSn(`(0sLsLwL?NBt8YDtcvs??{i-1?q>Uu#Omy{93o9GbnsL^?pgRhjY$nVh
zhyr@!dQkW%zBLQg2nJL=!G6Sg+v2|ykED;=LB$fpx39fY1jQUVN>NfrOjtxZtsuXR
z0s0ra$jCLYGVOTj!9x>C7X?U2P*0~)xq9YuPIZshFFm9=<M9m0>&R0uf4F>T3eg$8
zW&SAxeeNyXfSw{%t<2Q4xVP;poIyx;NvSX=-$wPlgAh{%(eYx*+X%z5>Dj$c;q};?
znW?PBd)yDqKQSo4*5fbdTw<_)L>3d1d|rbLm4y>4t|bsQQOBVeqJ{f56MWp*yJRgA
z3+3NYEYdGT6N|f7w2_T5Vpp#xL%bZm>$v~{i*#vCJ46W}r+JL_X@C+w&&7JMWu!q2
z^y#)E|3`=j5{@pRC^$#;)u_CBn~IvUF2!dE8D&n@=D}<AK+Fyg4$6lyEgGl<wnr!4
z9RmGFSbleI=Q_y1=PDfgHiM(UvocPo=GqJT%vHvHwg155J}lGc#oU^+ga+rVowu!s
z8h_0O|Hg#WwYTXP6@+68*W$u1`iQU^%F~d6^4AjRc8P_mvLGeVctbeJQ5<A`WJ&Sg
z6l_f??}?hv962D&W$*Q29O&_wMxY=<=?n=3IZvc1lq)AfpRpv6vmtLM{$i^+AEp)G
z(1STn*dB(oayMlhiSLddUER^KLt@p@ky3Xyo80eP$isddF+v|K+X~gB-A`WQyQqbV
zS1%5wdUGl0LFn{fT(6hxKsEMQRrJb$l1FxY=RZ>9YAk=VJG$>E(m*QB3QdZNnhfwg
z3#mxG#UNb|i2E~;u6I51u1;>EhOA}7XWZ|cDovdaqZd?a{OU#LJo=zQhA-PO!zzvD
zP~Tei=CUIr&KnR4DAB*1W7DZ*<05Na1~jCy6h7YDZec~wlM~=>E`}8Imdt({NVFDg
z<8{(g6{za+QDvuz!<TxuhG;{}*Bq}=nnx-T8*JHhNFD+Kr9#T2!zK_g8(YWC7_kZ#
z^g&0pTYzEHgG0GV>Q*eq{JsZD>`jdJRRoJ&DDuC+9r`9NDjo~`x~B;Jkw=3Z8j5!I
zE{$St<f*JYLhlmBW0jB<-cqn$1Y<IY(#@N23*1G5|8nZk&3TKOKe8Cbj0~$$VGSb)
zA54HR>~W7su9?Nt(Xh?x18(m$GM4@4qA;(B*Xbg>@+w}yr2Jq=Ej=Us;EFM|E<CuU
zSPE-2zKl4nQxk$GpSKv73h^Sq*JUN=??WF4mflCt(b9#D@STq=kceQp;H-pF)JCn;
z3dYQu`FAihJiX<$*=275IoXz+?fWhqde&E6Vi9ScgDrDo4sKj3-K#VD(E9fFv+PUt
z!P`B{4F=bn+oH$@&`rp8_d-#`Z>|4e#aa?JYoPe?MDbiITX|%(R2#QKuwmLb7_d#`
z7taJ&a?aqx_sAWr>`cPdRFlR0LpBWldqRJ1FgrTI)K=;t2Tn5KjP#(yU{lPk0PDgM
z05|qddQ3Uj=!IGuX?`fa&-vyu?^6F$5$rXRkxWDxcT(8UrhxJ<iIEl~g+c9ITgbya
z*~J~wHT=&vN{+=Xf)pdlZ!^0)xyVmK={GX%YQ8}BE&jlK#n8DzX40TtIwWR(7NNYW
zb|i0leLw{pD$Xnw7I!dwU}FH$;KYj+-6%JO7`0}o6WDP&J(=;}8sIxjamLFRVY>O9
z9u4Z98oZ-lq#)=*n=qFayy=2$muD7yRGhZpbeVay+^k#D!n_VA&DUSt30<nmow<ZY
zIB>fU$v;usVPk_DhNYwVv<&fUk1tgS1OfN~dxqb^CT8$E+{^b>g|`pMKl=8hF=Mr1
zKm)DC>~=-f^BA!i?H9*K!UD$TVrTx={UQgPDv+IqG<r=du3-q66^u~VF9+6;#NCw;
z_t5P&ZK4^Jk05J2O``nK#b51+^JwT=nd;x6TcPgTovDW$anG+qY0D9qD5EF+4~axK
znc^)6WMrdmNwk$IX`q_eI5`&-eA$aJDJkq6?0t<Y36N_E?{DJqMt+1>uhgzz>HVf^
z!5J#C-Ot~DmS(`-cfn+Q-VboBhyUoCf?CgbVIN^Ef6WF({aKdA5(>@enW==Fo;d7S
zGb;aw->IQ{8kJT^zrH<Dt7|(=W*)n#5p<A-!SC9hPzVtLG_~Z7wng0U9v*gn1`kP2
zp-j;2GYvt+(#6i8H>TY>9!<8%3bT({?4=7^YWR=IT~pk(ndacCZXT0Kq*hr6!`3DN
z_6L68z*4s5Ny7dcWe%$cS<uvj@)aTAY11xmd^afto_FA%<70PGNXW_M<J+#G{s?mq
z`<%+`s%?bXSerd^(8wcKpYlh>Bb%e1Q@$-}%geP*eTeVBJt+@t<yAxVw~vz>U(g!!
z!o=EVewd6*Ctv81KzzyAe}D{=0Pvp+v+K}RkNWa_e*&4;b2)Znj$6>TLyZxB__l`1
zh?1F4U=!@FuyExND>i-L_+_{k-1S<haWCVmY8;j8_AvW6;uh<m?=R$m>9j6$!PgZ3
zUN%y7&8&}9xA<>w9108I05|Lu|KC!5RK7VkQucgWxDjsaYg*YNuZ3YK@wKP)8az>V
zI8xWT_APE^-KFftblJ?#YfZa}!L(r%)kMKKd{GUSX!C3)i*k~(;PkmTr}df6L-r72
zYpUPRVWv-ejY?jb^ARXNd!FOto#(~3`?B=FdeS=qXRoVLJ(|6dA(PXjBk_f&ynpq|
z@j=s*@xg3^QpY;UHt{j#LOXuGGEFruPr%a}`1%jgTNCnDa-sPrPno#Dkx<nQN}?;{
z;tiJ+GGL<6YzDF~b?QM@87ws_1Id%uvyE)j6m;<8HxFFL4lxZ{`PNnrBTH-L->gd~
zjId-6QfvMe9?RGI&QvUTR!Bo^=|M!!qZdPDc5|NoGQ!<d@qW2Hqy>Zt5^&7o5rjT7
z1*X6~^c+gFVS<TY@g-IYnGACB_+zC*#qYylJR-OA(P)3rT}uV&Xp!v8(4g9Bhi$XY
zzdE_Y6N(Jb{;EQ-6>Wt5mqNxeS8cOXL}I)9(X6kwdqkks+R^by_R&C5ZwW|9jQUMH
zX?0T7;<dBSkzJ;X0!f6~abi{NxL=tX%9T+kt}C+w;r`ScysQXgTk&H#^TXj-7&5xi
zZoW5WIe_>1qavY+ZViUmhr1-)?$6*qzL~gV;4xz6D?E-_(OVS}ztKTj%G1>w>OL+8
z$CklW?O?h8?{2I^l^=v|e#`E^jFwB$^AqMAfu>-x_4tlOGD&I^5PWmH9QZ${zt%~0
zMzL@HYiV}C<!zn3<o{}ixc9pwAgCjDQv#Ss*#6r{MT<S)g=GwGh#Ig%^c}3w(oaAE
zw_X_~goB&N_I5vAM4~;y#xftYb~*V0BBJ1AN^|)WoD_c~Pa;QvKt`(>;G;qOzH#Ml
zt+b*|;d_95_%qPTUa^51fhfz1Fq|Fz$+n+Kb>ueGO>$7><VK0?2BUU*#xHhW69Z1Z
zH__A()7~lylme<QgDvdZR^w(z*^YvrQ%+4tcMH+krdFfq7@C^gj*}4O@w>gRC@^Mo
z>_PH+t|-}mt-`m<;dDb?_%-wOYeV^qrj=Jx&8(|7wX@cVpD9IE>MA8GaohA3!K1p_
zRA~Gk#_`Z*c@nH~>)K~Se!WGFz}FPTwDmBUm64=lgSvvcFKh}ETP`bba9q+8#V_mD
z&5udmio{b!WdC13vSiRc+cMPObw7g@7R$G^d`RHT6OXD!!-s~-BuA7OCkE2ID?x^V
zG{q4FsGxu&JyMK)b`NT^JT~I#90fkflb-@ejHv^p(kR*HAnQ7T3$&?gN|^Oq#bkOs
zH+?y{rge-W85OFfQVE*9_nMi;iMBxeBm=RY)3D?bS;cjc=d`CU0T|0wbJxU8grgIR
zwHuCOa+vS)F548}gY2l#M5AQyGIz2iY!0jY7n~QS-YDJ)&m#VPyp}VO<To=lKIs5`
z+#2)hCcClmYW3$9G(x7~vRXhg^PnMLuIAM<@~%!*Zg<Tb2{?%PK-tcPZI7M;lsZ3>
z{#q&Y`?X8JC!PFYwZyAnxo+W+)f7(wb+KJl90&|67t**)xDJn58r@MR0}bHZ(?-PF
zthvY=wmuO&>XQa3sf2}}umT#~207RD%X*01AeI_Y!4e)9-9Ar`$OJt~G&@4}B!kVo
zeS5SBp&zA6K36!GNYXwxhI+QtzTWs|jOJK0dd_VE1B(~jL4zwP_k{j?OKULWaMFGd
zT8S@0OrMxxWB@hAk0<J5FIdUIXng<D#A}g4u^#i1NH>URoL!0+8uzn#3Ktjr%N|#H
zMDU}sq^i4>(U_cgFscA$=tUAR-ac!`5(C{knhm-3;j-l6ma{f+O2sUR(BEV^O7(JO
zE$<h`Zqac<_E*>GJENls3FXr$-pqw)Qryymp9bBElKqAgJw8O6ZshGs9eaOEt&ksD
zChI-Ij1*0>=%jL5Nf(=o=LpmGZK+T|R%yqyw!sm(<I9i>Mo>JNhd$5L%<vJSS~=)T
zBFRU*+k~Fe0Q!-(yIu|gLb_cnhrXM2i{IE^cgD&B#Bzb;%=%_~AePeDO=~e%2&Rx}
zT(f`(@mDh~avR?rh#~YGHiXYj%2J^Gbdj#1qcM5%^D%{r04LPLnp7}`RSFcWRxb=6
zY1D!nXMy=9h7ue*R;iNp!rHwt{5xgrW3-Vb^&;a|iQ1eUQ?HyjUw6GpS1E~?#Z+Z%
zwKYOjxKfw2w@71(REd8Y7IY@lY9!}+KMN$BItdEy1nCp{VkjspVbw>S<AW5NT?azt
zZEhNPZe=Yyrw<r>i8(;OGEAiI@v|sKzwf`p^yiSxbW2xj#9niA3+qei>VZql6qKh+
zWdeSk=CUmlm3X`A$YeK)f)`$H9l77+Gt)XLdO%dqAx|dLhL`86di|?CZJg$)313Cl
z1nQVJ4i!CuQagPU=I3X5t5y>mVg`ifToPs_M@&wJR|Z)ZIhl$Kl1(63kfkpcZ%RD$
z$?UxWny58_GO;CTOIenA7)+gX2u$4Q0T5|4G55{I&PLBmTM86eU<MvUFY$Smtx04$
z2-R9vPxkAeu^vP%Nd`Aj7WUna*+G>v4ZlB-%hbQd5m@bzh=({HVsySevA$y$zjUu=
z-f!?*?$n-eP_ToUZ5sxkkE$j$=RV%-e<w7ondwRo<zYYUX0mC-t4R}tG;**mH^afi
zRc@r-LqAG)6IS)KzB4@E=B!$x*Hr~~A2Z^gjwxO{Tz!Jlhp22DtKUWmoV63IihnYB
zGy*&es^FsiJv;+rAe!mi>9|bmxD1N_bY>V#H5x$jEM_y!VG9G=4bCS|feghT`DK0g
z_0Q#ay~<W+0w4ysqFv=v&egpn2rct3;DbM|rF>-N#R%b?Hb^#;$gYJD>S9Bc!>=Rr
zo3RkW-ueZSbBY)g<pqyWHa8-GkHqiZODc@?Y+_5zXO&JU2;Os4$~~SJNsvPvy0PtS
zrC39~SnQ%B+z!5nYA|)!Y(|`%hbD%s899J)fFSl&3%3;}YanFezq2e@zW$>PT{}?s
z#PP^%c5g9WG!=Gz1`OTURV^55(9#mM?oNw^$)b&$D)C~l;~AAg04LiRCn;JGMdnxd
zy$-iHAk!HL?w5KZU!+;;t9d4JIbB(MIIYW?!p=-j3t=WwA-?dBNNHQrWEs%@XY&Il
zO*x>ZYvc+Rcpy9^AeP>t@D^fdzdu`QKvqSLX781Ua&pP-I+zZRfFY^dta!)bH!~^|
zx&9g}0BP#QXsu!hn`<efkL5j>ekwCJ-9{0u%_mjc&q*TlZ)mGd=hn4OLBBo+<v2!5
zCkAF-I{}r^+oqz)<Z6CiL7HHg1x;EI%CNlBaj~|eF@8DEl!As_jav9WX*~Stoph!*
zwS_-_BC5n~3SqK-BxQbrdG5-Bo}}GYE~2#M3$cZ<)g#;{>M1O?gRKWwBNh*nZ}q@1
zS}YOsrCjE^ST@J@q&1OOlI}{EDLNtx>ZrK2Ygg71ay;g2(7fOtK9(6%u5Sbx&rPH>
zSPR@qnw`{}f^taYs%MVwLHeOm!Cr6U7Evu|xqkX+2O5wGD&0mrjux#2&3I)63MO+k
zAvC2B@%-m704<f??uy?lUmOs<_lgny;6s9x&7a7<+zE>{NSV&QEOwP~?sWdG$8?|u
zAHAq4>T?1RLH8|BAqBj1)!2kYdn1uH29x^Rx>_C5t}-AU$`)yPsnR5bUy2|K#|xHn
zsGKtGo85;o!OBDbFv$i%jM}@oZytEZ>g@Qq>|$6Dnpc`*I1e|nlP}<M^!OqxkxM&J
z-I=@R4bX2@&fE#qN@>Jeg~O>S5>NmBIyYFuFYU?mj2abS-sljGJk3(rhBp11FN-)H
zd&n1Roz8g^<;HJ?*==>YVT5AykO|h~B1}1<ZjR@=G}}^WZ&J>t4;v{lm%hmSWrbkf
zE<vYb6F{YNSiN%v@?_?mIlD$!bo4rwiiX9;tRa(e$-Gbs{IgH+(2<W_9$qmTuP#T6
z>Z3>AaLEyQvy()vGq%m*D&!zywP;C!=rdbzrplk8jjld909H<Sb8a+YBRb1blL=|I
zj>~hse@mNZ;9AhMb1%ebTzFYI&6|G|1wRt~A93CTnLmglm?#%y#t$YL?orudC;aOz
z7e+D}i-mi>doOZ1INWgb89!RSkLC#vi=78TpnLOwT_ld(?$$zy6BQ1!0gHUo&@5_w
zcU&6!$Srs5pj9>#%^?{<{wu4La>akXpKA==G{+9Y&WMZMc8unK%bu=KL$^9zQ+s9N
z`n_c(f(c2@R-!MB_XNy7IJFg-D)v}!;0mgr)q{2(=FJ#|MeB`S$HyC?aqA_!T@x<v
z#l|)?ZkZPoL)#gm%%7*d4B(Rb$W|pM_Agr4MuYw^g^PCCQS${FfVRi>;4!3~@8qSG
z{;(LVcY{r9@s|8|$CSI^H|X?}`AEQTEP6}y-71vVgUpyIivp$u7S3RX%QkNN>4+sr
zO@}d&TeACF5}To1&Hsf()`&qZw&Rp7aW2g+`b?Hrh69JB2!5o+_qwH}%B-VI*a4zk
zs~zl=#JVh#^daI;9(Ulf$johuS4y}8exkPhV_iR5t4hW0g(0X&;)f-NV4Uu(o5`OL
zLyh5vG$^*<63O`l@<+&lkU<};bh3l!x{L=EP#Ty!LpWrdk`c=TmM6IO?XU_o+}>qc
zv>o-U&0u6ap>4fiHRY=<cJ1WFrb{2Hl7!zMoi3#2cni$W7Eb#hB(QMn#<GFyf~vAX
z#<iS|w$`!otz830yU8f4M^ZZ>q^dtH0_CX&tFcLsSHEQhDenNQ<C>A~#}?IW-6L1J
zm-cH)(2p^u*iod5{ZL~Oe=58-M^%y6X_$58=x=_7$Qr9yVE15-#eHc|kc{S*d`^sG
zfnMOVF@;_YsQcSI9L4#{6`Ji9@iuaoZ(TU`yVU-i43Q7y!_);%h}y#C-AZBvdIzb>
z`&wiUzSKgmo$QB)Q4^#5)Ly5DKLOe8VfU0vM&S42eaD%W&tpJ0slU=Hoh-Y|qHRi4
zfSqyQ;Ifb_XV4fCZT|Dkfl_i)RRG?cs8KS+<B)n83KP2c(}qxn`oX|S=d)dJ_SXtH
z^>GNFN2_Fx#lYDB0c-)Cu#up5@aJGPVxQZ$he-PSK$nU2nNozRZ<Ud36aO@7%9)eL
zEH>V&G1RDapA*Lj)Ew%vsj-e1{95wGC`c;zR8;>3Z-nU{cP@`iJ9aBX=eWJsC}ba4
z`A|`4l)`nTV34hJqUk5ah+$4CqN6nUo`KMxj0$JR>L7JXJ@MXC;#c+EZlhM{pSNNo
z8;UjH4O8~9TtY*45d;yuZ){S`X7MQj&o@Oz&+yGc(kC-fQA$U^8cZ#A`~laY_sa0^
zYS)QXYWm)m<T`D*@`LMp-rwEmkqaBW=|+$_isSva+hJ-&4J)gNnQ)SzM7TV&a@2*w
z)??pupm|Fj<DC0`)!}bOuKxSzaG3{_Sl4<XaMaFMm&LfY*BKzOIFIeV-ln>BgRAmN
zVMQ=dI5r4humVo9eiMv83DR{YV<|b6wZB-ab{{*;xB*qK9kbZEGTLwuaK#r84tf4%
zlUCecq+2dZr-?W<8SgnjBkTTFdnkA;yFiZN-Zrw@m6kLisvOG8DvfT^=Y_s{nhI!4
zJ5x!a-yo30xCfG%)&VC&jous+i0w>Y_7Z;B+_!0Twn`&n19b(bwyQ2>(-JfuVs}rU
z9kPqps424cbH;ELy|WS+)Ge$vtEo*&plDtE=L9uL-D%#~1Y#|p`UMhWGxIWq#Dmo;
zf<H!e^H%F{=;~NO@JS_OPnY&jU`0JvDlC)oq(e7`aW<8sXvCRJwGuZ&c2Y<wTf80W
zc@EN+6MSqaOumDwMDYvBbfpnjfd4;Au|r+cLA?*70rM-ENm<{SW?Y38($7XTDPQeP
zgE$72X=7ayn_3wfaKyj)ki4p$`eHIzUM<tC0!}~IgPGdmK0>uCJKxSfW0OWvKwp}S
zO6`r~Z!d~BPQh5-z!X<2vli^pgY^~uE^<LZeYJd&W78wF>NN;GI=ENHz~DeYAON5M
zU;y9%5CD(>Pyo;XFaWRsZ~*WC2mpuxNC1BTkO5EtPyx^Y&;c+2FafXtumNxYZ~^cD
z@Bs(_2my!yhyh3dNCC(I$N?w-C;_Mdr~zmIXaVQ|=m8i27y+07m;qP-SOM4o*a0{I
zI03i-xB++ocmenT_yGg}1ObEqgaJeVL;=JA!~rA#BmtxVqyc0AWC7#=<N*`_6aka~
zlmS!#Q~}fg)B!XAGy${#v;lMgbOH1L^Z^V23;~P)i~&plOaaUQ%mFL_ECH+ltO0BQ
zYys>5>;W7A908mFoB><_Tmjqw+yOiQJOR7_ya9Xwd;$CczJGsz0|3uJ0EGeg?I}&X
zfVlz74K}ZrR^Hbv;UwYZE~9i{F|#i<Fz)w7;TM*W#bFP9l}vw?rCu-G{{M*ilOiYi
z_|4z8r*ke*<nY{#q_HN?8-OoI5&Hs>*7rBdpR=u2IkRbd1lUc7g^}1*Gsw>yA+20u
zJSvmC7||ff$}k<8lN`XP5_5B=O_xRr$Nv=eq08U<jUXMh0R|5z%ONiR{g4mD+qN3P
zE2M~%j5y9qsX3*^m5pf1q>S@{r~*;Ob(K$(6dcO^GsX>i)=F!+?9ngYneWUv?udQ6
z%_tRX7NnAYr!j?z_{Dm$Re_7D16uyCG{f${kY9P91dM=K<Y2oci$Kd6=^_7Gr730D
zV%Urn8!*Gkwg9_T_K}z(S%FE#Ye&G|oz6buFh05auShoD5cBR$1$1}FtQGGQiffpv
zcH@lmiYChY!z`y_$no0<?Hn(cmMKT}0W4lyTUNn$<4=Y~1Hb*UbxcM%26e))@ZR!z
zl<;(5l6Ev=O$F-tnUT^LGcxKUZb7T!O0Bmw!9v;aOT$HZjTTth#CbC7@|wX_0rj-M
ze%Pbx{ejM=xu=Qc<#k6o4zP@mHIG{Sd?>X<irw|M9px!pOVH3-<G-4}#=~Dy3WpXG
zW(gH)2EpzUR}`vO(cNvy{KjW&qi45#Bef5h0*<xA_=Tr_o)9Z>Vw)8xRbRSdr=e7)
zzx9Xc_)nycmnU>}Vf2z|E7`m<RP8QnwDm~FIP#%+w<4K1>FM=Xp~=i%Y?T#asv~d0
zp!i_gn}^>0=xr4Kg-8o$r!P%P$$WOKm28w8fN150{DsoIGz|yEJR%dn4Z2=*I~zft
zl89;We&`O?h-e_ScxiS)Jk%87j}%|^d&3o;F=2Ns6i;q?;fsX`Qk@!91cpv$pZoE5
zz2ef1wJzrY0}Bct3)B&0-CScharu)*P{l~bo-`<)q4YiGc0<;hJd@kON&N?LmIR8I
zc!^m&8j9kH8TqR&PMP4`zy7!4yWdMH^vGy`&?etXeqGsHlx}X%`ae>6)-t8B;;6g>
z<~lYj&S7WYvr$WfKEM2d^LX~tht_=pK|gESKE&|RjBZ`@7jod6+}WrLLr_KigArs-
zJ7D~xzpDM2aEh0w69<qpQkUQGp8=)mk}s%X_GmUJ_Zr0?)0sEA_Y5qoq7q?e{5Kyo
zx}n0}a(j0AmPA<REOB^x(Rn1tudPnj8TS|m%wB)S;A<(HS8A@(Js4L1>@>!=Vwd_u
zL$y=Mbw+n^AQD;zlyb-(uj=jMI^y7mp|n#_om8fi58z~f+M9~_%oyPu8nLP=$#FWO
zl~2l^$QL4n3BfSuvD=!}t!89nVHq$(OFbeceJ8A*_c1T;5OmMG3#Xn9TyAxxJJb_h
zi>t{mq^xCnTt$D1Uxr63;F>@o?revCGem6au*v-Q{UE&gq^@of(MM0QY>|Kx0&Q~p
zYnVX0OjO}rnA(D+7P|N2NoG;(N+bD3A)1g_XRxc>>i-wv1FBnOxVm+u){|D(fyEl>
zhTe+zh7`5eE7OwkdO3zIlNW@|L%>k6HUuFLZrOhb61?(Pz8jRI-4EOLQ82qB^dT5c
znrd~<%@8t~PrRH8QoYyiP=~7H6_YRDLQW5*Yd^IVf|lOzZFY9W#w0COFNOYR!iv0n
zKCJZtYV&e28&*s{e>lrBfG`4KogQq#Qb?eg03Q7zuD@^*)trnQ#peO;i_|qQlv+8s
z)l_|5aJOrgL~!ZninD1rZ?WpX0A|NIT9pch5IMc@k)vaSp%dfKMPfvYmWrRLnnv;L
zy`bl5xuW(obYA~-<5UE3F7Wq3&MD8zn*5V)m>9ur>y|=$PCn#hOK1$2lNG#IKQcE%
z3s|UrW1uC{{r~pw6IJtW&4sA-#JUBwcj^a7hVMs-JF`B|9Va?jRF!1%Wc;Omes!hx
z0)&neD*xu9F;YC!t{TUE6&SeLpM!}WvL;d7$^-67Na-hsRppetob5#>qQAQJ3P?1<
zbqyqy^%Wo=sZAwk<Fm?hq0C#~M2E0_EfAS+0+M*XgGR(qr+Sg5n<lGPa+VGCSKw1i
zclM5aw$hnc{4+}7n0Yv}Jil-TWb1st6_Q`e7=#$#*E|FWQlHmsDx$v_Pi|tG<G@TQ
z_VJ&<av*Nx0`!By5Q;e=DB$eaE@|<Q=|M(iZQ2aQbPUqrVDWWNPKNtZ#g3YX5t?RY
z`;gYb{;|0j;QCh7tN%@@((igG^>4q2-LbQeUEc*(AGNpT@&fwTtEglHrl0gL|DX&R
zlJRE08Mg)JM?iuSNnyIg2Fm3wCL>i08+<gHXC#7;pUXdfV@t^tC!|Z+cD;I@F(RK^
z;<d{lnbE4Uo?ZnSG}D3FpwBI9kFQW~%6xzXa8fLXUH&GcGd40b@;7Y;q$2cQb`bJs
zyWW<uxOV<^)ss{W@gL0cp>WI<HP=!Mt|kx1y0<mUgv!+MPHa~5IHR9rCpYqDJV)71
zRbHi1{BJKES3pe|Zn0Tsf&sl2+DCZN*1dhgxq~dm05<Tsi~Wv1`p;o50;K#s7_qP6
zFD7_I+Amp2=M7kLpYLq8Io-7^o=L82>}QD|MgE#<A0<I4G)(clpL*&eip3RhlET(_
zn}11e4g1Ni(Lo6%k`haHuXzjPs5?Zj8FE@k&}(&7%q~oVFIrB(u2kmm5BJxns1UZr
z<3EKX1;4{MBqqNh`f^M#Lp;$lnH|m8Pn3D>|B_u@@CS8-PwtfGH2O0zd}Fdn9*_lp
zT3G#Pvh^&`P!|+r$vv%dJT3J0ZfziH-qu$>NggdPWtU|%=lCz}5u>rKDb&>Ld*kg4
znE;!kD~n=|yJ8HX6{i(rF1XF%^gd70JWMFI+2TYuw7d{KB1gHL3Fgve$xPDK`bVi?
zM9UnPFA=fs4``~8p1|HLJ7VBRk2L=Ue!<ec`5j$MOW^BP@)MuQVakY}4;j^W82sXl
zg<TWlmi1P2lR-m*{!EmlX{U{gUU&SigD$}J8>bqoE1B92adzmsouu-NSgJ6}SCrmi
zV0SD*j_*DV(puNyP5>qZg{o_8=%3kJeX<MJJ*6}W1PThd<5A3BI#ShX8fkw<B*#qY
z^Whs=N&<sf&7gK}wrg%7_r6ZX&6Qt4NbLI?o}5;duQ&)VuRSQ#9>P4mg)RHt%6p$`
zjO*@_r(V<RDvpejev1t`A`@H8-t9xWmK)p-1;<f)lEaQng=SA9E4r4-Ld6xP3s{o)
zY83<AXVRyD*X*u!KG)kVu<riC)c@>Gg9)X2hjJ%Tc|t52g^4gAX9Zn#C;i1!7T9$N
zJz^KgOHdS*vkTSIzB;TeJgM6fN)}Yvh`Un6@WA12k>;VqIx{p_=T)BZK&8#!_-#wm
zCP!LjUs`lb?MKfKZ;05z2g1!uL67dpapxKOuaYj!gTxO~rLy-amz9wOZ=(BNtTP)_
zvauJJk5oY$^hYS?G}PsmdD0D&sBY4_`5y&`Mp~0QO?<-dIK{z`Im!|9=jNof;?7$r
zUOLLB`rW7)5$<)3vt$s<mKBuVFpx=d9&JbNy1K3SD44`XV4oo9nVU~Y0*zXW15>+z
z#{L*xAC>eZrh73MW|L)bQJ>=?21hcpXyVVAkSo;4{n-Ruu}PlJWGDFzFbtum1LFX)
z(6HuU3Ht*<g(at_JhHg*<Zi}S%rE&3hF=d`t&_Yuc;oDt0V4AOiK-X#4lD3q<?<pC
z$voc3v+<M*2rG~$b>o5;b~F>+(tCY0KjS}g1T`B?)wIwEDCrnzd?)D7-G2CahVVp4
zKMOOJMdvuWu93%zX!qmam!$0V?fj$V!hWTAffVHR<$q5*zSLVkAH9|h=N|;=+A~bG
zaj{r1bb}^XEh?mL3wv;EB_0^6eSQMHK4OzPZ-_s;y6&<vIv)h`kGC74?!^w~O%v{9
zkLvm$BPI5o2f=J&!>Q7f(u;bHTL_Rv)w)GhJ!dR?Dym1S_R|E1XG64lY$=A3TyXvi
z)R1)kV4XVh2&%B`{IH!IzbqN6=#)xR0Ru`|s8o5&IKcPHBlRyoo_>5;t?-*}9Py=d
zfnMx`h^Ez=L_E0shF6bLK??|WeGW_o#+0~#fkNEW@c>hx+v~r%oBb3R+jZH901XCX
z%NzZd@0Q$^@wUQ1T4G@`Bdci=#yGV2*>B|^QB<Y@O03ZL$Ky8Qi*mhb(Idar{reW>
zssvB$Hh2w_@4rJDz1fYdc9)VUvq}>tiE-1ekFa-+;rw$3NnxTp30sqAsytni#5vR~
zq$&;7UO%HfGO*1^@HhP|VD<%L)1fLnt4$*!61nZH4gCHmRf1|Bd@vxrzMzFCz?RW-
z+RyhaA!1c}gHhcOVeOAtvlWs2XhW6*43w=U$*@U!&JZfK=sp`zwWOnh(TNRkyjog?
zVy)EZbVaZj!53*EH%qS&h~+<1^G?7ghv_BL6W0FN)12ghh`*id-*Vw6_bp2=D}wP;
zG&P~Yy_l0KXu6K-hgcSrZp)g5wfj26-JPiv4OPmPHnL-j;Cf)5*4R6B?c0>=_Wyzs
zaS5ytf<751S7OZ#q!TbkIpfX<C%^BX7WL-hhAqKlGh^lC$_M^ccOX8)?G<@NZOL80
z0=)oZi)yIRRg8^5s)zq)HO%!mCOOOJS)&_~UPI-P@n?=6#zag)yY2*HOb};Icv5%$
z(<Wqd6*h$DA7=nZqBqic^VcHCP<zgvn)Y-W$2hMCA?B6sk8&CBEAM<xh+T!RP^bh)
zy<7Uj&5`mL98@-tv%kCWy%`f92O`*71xZSI=&33XG5ff*;*ki$Blzv}Y=vPy{UNq_
zaW?k1R&)5klKz&*zN+M66C3-&U~L@TU(fxG?aF_c@tP;igEktgL4q|g8?zL8<KTg@
zw9^9jDhWutw`qsS&E)J6;dz9KY0c<;lNH;(O6a?p?K6XaL#D6Gi`8(O`!*Oq9vmR)
zYiQKF9P!KEyXL_EEB76p1t~q&i?xKvfoPkEiW}Q4aNeVDbD_gc{?fKC3dXhj`))km
z$5S^&`;5=0`T9J`6XGql2Vv%2$p7-v`S{hX^d{M=?_aB*&W^M&ET`R@gJy*d1pF>t
z#!sigor)!#sB3+(n)BJ_)<2o~)5uBe_9L7UqX*KVae+heBaZVP-lavHs{9cO2STf=
zqc?}P;wq$3R6?NNPOlbsM}w~R))B(CjgXWt1==!4@@F;yEM@Gbj3r62wSGxKF82!0
ztpnLoMV=wA3FLcbgcR#at{OtS7a=C3n8M9p7byfP81@91%!vv#6-O+|DfG3qdmV@6
z8|kO|iuXa3jc(s?7w*9d$^CWdnXH>iBI+H)270iZV`p14jON^gQy8ivM<VLC^)n_o
zk#B6V+YQ8#zGoZf?=wjw5%G46vPhz0|JCR9>Z%%efRkxd?-O03+ZPb?I=41MwZzkr
z#8h=x)^M~UM0(UnF_q>E6sMKES|#50>94(8luI&*085STL0(roR=Ze?;vqo~IobK=
z?G>PJOVIT;EQO_O=di9ht9Js(S3Nd_|GN8D&FhEXux3vhdPPz{@6qWY;p3PJy<S<S
zb=B?|$_*3tqWDHW5G>6ju{w`f=7z4WX%4oBR)1;?U)>n6)DilZimdGmH@b=e7w-GO
zexPZCmn#;IY$=;<Tcf-9+IWV}WV@g45I*!KnjRnb{`}E`7PWS$Z>R4LI6VPjW`chH
z27<vXi9kge%;4o73MQBYqP1>(ijrKw#R}H2luNCEUyId*Xh`IA)CaxhQrcW2hZ0Gf
zWNcjP{Y<OYX;1q$ylk05HY(4=naISq?v5RJ9$^;a-4jDEqC%$Q&OD~2y4CsjZ<-W!
z@Q0ee!+4X~@&NM3rH-P?&N6W9rv`~QPN~5rP5uo`HmQBx@V-|<mCUl#IoqWPqOVfw
z6)uyH(JgbkHz?{#q|q4Kd~5c9!ydNne`VCqUFn?(E*Q8C6c8qEF!3=<!1puu3Vu*q
zx_4sZ>iR*0s1a6*iZE<p`plEp#4vV5`Slh33=@HJ2gj<Foake(rnV4(#Z4IEz}4go
z=4;={dX%K-(XR%I!C>`66}0uSA5_mxAX>e4O5ws16MWjMlin%m+hTTzKB5G`7$!ZS
zPKMoLgUhRY;;8bRCD=zNnLX{gD(6h2;AJPtArlqRD3u)yztS(b6|v2b)o1DfnXfT=
zh(hS_>BNL36?(uKNi(=NVloK!zuqLIRzj&T*BlY<5g&iSlmn}g|I+Og%~;+=b_c%)
z=|;<y(MXX2`6v(`c=XH{RcH>LKcAuAssR1{!$pX{VVes}t1EH3^(xiYmd8Vjvo@32
zdmdiv9t$O|sPUoQwPjy4q#tX4wksqg=M&q$hFRFyAsS;*_9`CwpKB??EkZ0&jECLp
z)StIu19FzXwYc5{$~{;8=yle+SY|74YL{X6UxWT_%&Q#jQm>W#de>PIv%#p&;`{Qz
z8%tfu)jIuOUsWxH=M;5vrqm1`z!&MUUmBPR1Ae5-zHRr=Gv=mBowcVpm6+CqYz|{?
zT^{gCS;NzRty{8y1Uu5FAWwZ(=d_V9-=Q5<G~fU~l2<8ruGUfyc&SZ=T;oL#AB{5l
zDBNJv0X3l2SXRR&o-^K0AYg!oIq}}&5IXk5oojXB8RCETwpL3PHGp`jCFQ2G`2RU&
ze9m-P_4I883!F_X1yhta><11xC{oZw*ruJX(qi%zKITW*2*q<eaW(8^p@*f=WYiKH
z-(G%^a`u@MR(u?7^fD#;rv7wqL#8-`Qyq8h-s9de?vqDJDdtpu!9|LFD=?=wg}ML^
z5Hi3_W%sB>xsxU=d3|KZqTJtv+I)&XSe%{M(M;a;*HWbiDKV$b;0*$qWySPyMH9w#
zs1~dqJK|ifD^R1&*c^}`+kB+*0!n3{YDYZfLCZ10!M+}35lRo7>x`f99d=d`pIf6}
zdbXZKsMsHQywY&PSW{-jNn0K24lEfLT;*|Q+%R@c5|YV#RR86U{?uRX4324L86nqe
zVK1uf948>uR%+Co!`pZ6fT5`!tTi2}gEGUr(s_!eAQ^MSDjss2Im_Wc`j3$KphG6k
z4z8!J7Vo_aJKn+ao$6#gf6;ybHapVvUGfJ`4VmXl&fyYJ52*2IOk~pB<Ibapgp@Hh
z;XgaR5CrMG9fZ~=68p`+;|v!(9UYwF>b$6}B+`{~ert#al7J#^f;~IKqQmj#`ExY3
z6v#p>u`O1|{l!R4^r8!^VU*;c$=+ctRBLlsA?;QIhT8L3Sq|+o?o-VEUW;Dc_{&2j
z3qL6Nga7?`{Y}*R_gm-<%g(8!1UVxzTN!<tG+Y~L9)-~{VvYE92*0OM?IZ5i=wYIl
zFJgMU$zQ!3A)0*7fu#M~g2>LVG4}py=zunMN+n5m579mmr?BQCb53xPThvYK=m@56
zGFDvInuMi3V473<a;73kqa5f52W5uStO8dV>L@0n6xZ%Pig4wKOU+Du7qV#|jKMqT
z_dUsa5VPr?YXWc3#Yd*J@*}}p!^K}j4Mq6J7Q5F6x8Otm{^x#lKNcrl6L|4@MlB;a
zFd()E>2HAqmk;-Njq}On6k}gb9e+**9bhl@LIhLcS@!z;Jgo@g03Mx9y5aVit9&=b
zAVseDA2hG9hmoJiYK4wB<0M-yiWdxU$+sXqzqQt)hdZp^PT+OG=lO?<gHnR(ITV4U
zbP<hQY$I;*l&ftxQiUx$bv;D@5%0zN?I_!g5|x7zI-$ftg=DFQJ;72S;nFb;H~&>O
zMwnv@=YG-r^jr4wA>M~tK|_@nUUusrqb+g0bKPv)BI?OblqI%V4?^PK;4*&%!h(7~
zCXuli<YbFO1W+VO>!Yf<K#1-#Ap|&NU$uL>2i2zj>4eG|>aITHKcPmhwDTnENgNFf
z<c2EoZ0t)XiNSk3KnvWxK{r36stdR7W1|Qe1G%+0-ZepH#f}BbMVw0+Vl$6SSMUgk
zX!ebt(PPFul!D5WpfXpHz}wfQ`iL8W+v#*ppZ_|qXpS#=KO7h=w_qbh^-z-BA|A-&
z3@_f;Pp*W9>N=LpaZ-|`f)5KZk6uY`Rt%Ub+ouwf2Wb;Y{PXp$&|UG5@|Gp9Vb{-7
z9eDpf#Ms&TSlqocwtmqVf`Co8Jo2p{DzF|eZzJonGMxyaiRlF>P{&$rFMa|k4NqzN
zH=eCI(f(=le<f&*_G7?eEg5myJ#^)Ei+MuvlTQm2)rheB_NEEF%qRX>Pe);;*vb7@
zI#%7&D~*1O-_pUZdcmX4Xrw5ZkXX5?80_FvN9{-G=}ik{cjYUsL8JnFqMFFyqm*N?
zrVVC_jl|(Cwy!inL~8U}a=WV6jF*MB2Xw2)t;wv|`CkA+H~EpyfZ3qckomNNRpOyi
znFZ!<&iTU%^lJS`$+-utK(nIrF8*f!c8bCBEb&1wL&h(kPzhF_oRbJCJ8gvE@e?7V
zu?iW6=)Y<hm^x$aeO$fZlzt=s>9-N57@)eF&O#%9nLGTZBSV_5|E7Z&Q%Vk+&C~wN
zQNRzA1f;=yp-3e=%&<a2w;c~ziQ%Q3IqxAd)Hf~Ws7Ci*RdN^CKME#ksdh*ub(NR}
zc#GI{`u}RcNeE+&&~y9mCuGPrqGG=Sef7{N-9i5PPESx^U^Vul?L5xTnUL}XEW>QL
zG<Uhn70!kan?igYFQ1bksY~N>&bgHR(o>IyA=<C!(c&*FfU;bKZ=s8Br1xoFhet@*
zh#7N?SBVm>n_bW~odZq9raUEoBHCVLC)mhonszW9$4vrq7}hL84E}LG9iwbMKX1U0
zzr=We_90^&I5OO8fCRC<@McPt((W(2RByRSYVq9!-!sc9mBZ)Nuz1h<d9fX&+0ne+
z#H*Z}iBUWQR}oggziKY;NosDv?VcmxVO2<am?L`0&Y0N#oDRH;{Y7`n9L!=c0ahlz
z*RbhIVPvNoufF>=9QaXC*Wf`()r5E(>|X(0_qu(W@GWOJ_by~Zl|<Slc&y!&$c8bj
z^C7W0&w?^lAz$F@{Z}`&<L{Pfu195wVF*e>8*D-_RIoCm6A5AE)<$(x;=QI7HX${p
zWMr01hyQ&JRuI^V#$kJ_Qm<aFm8a581o{@lTCkZVc}A&3BzR>xb@q_>CBfe<D3(B|
zTQw?yeTK7@_wKOus2}<m>X6ZsAuG}-dfJ3%%%Nq768>F9zhoGgS@dp4mg-p56d5tx
z&xlUjaQdqZZLP0f!*mE)ec~k{&=nz~B_>%u;>#p|3%Wa|Pp+T+GBF#YL(?AMhw5zZ
z;4z*${s!0M$;rKM^KcD`u)rUHDA~p@aVcJXs@XYlfOm7P*3eiypB%7;``f+1g4ZNY
zlHZ}c!5pt_t8{gMe~<*#=^ZI3LxS0mbliIC&u+ORZAI>)E}u*VH7<htrpitA^FIJH
zK+M1GXj)|7Rci2pzBs0mv|Z~ZUa$;fHgtWyeKyFA8aGxZk_~l!m9fbdI#hDfArt1e
zZ5nF+W|FYcWvguN+UmU~<}a4FBo2!>7BJwpQI>10?~MMzx7|eAZx^<TO$-wdf+F~f
zof1hDGHFI%_H<*j$jY#9;rA?2vW8SPLGiESVXM?ONmu!a3yF>SyRW4UBlFBsiL)>o
zTnU0uCL?b=^L5?4DnJymW{5U(=gb5P(G2pOL<@0x^S31M5j=et)$I|4<j{)P3^ZGZ
z-k)$e8iO3*izJ8HLu|w)wKhD@*k^yk3&W23t3A7l$Wue2jL(ByPN1PJ()!G)%3Ho`
zVDqi@X-S%7f&oWkL{w;GHz<(bqnp#e4NS$_Yf7k3iyf8$?r<#4QJ>#JLkjH5iGl7Q
zdkRmiAffM@%Cw4NA#667=ap}9PHN7i-Pn803GYPpGPesJEgnP^&tS>naclKt*mXe$
z@)zxO?2_}aPxL&N15~%M%H-S840K?h@06|NZm^C$vT=PnkPv1@cy&sebub{WVgas!
zXj`iC{KaQ-OiWBPKX+Y+={KC2J5f^M74%Z4Lfs6eA07j_d96I<Ric6pYzg#^d8u%x
zC@ICc|D`8!mv_bPvxL<2#(puXbgn4Qq-U*I{lOdi{F|XuJrC%e4dLUwvVl@1M3B@%
zZERl$0T&)J;u0W^%?zY&Wjq<!hf2KG7a0d9RsArEP;Z^VjN|7M37D@>{rjSKe7I{c
zr*V9#U8~Sgsot&9BRb3(*Vp5c)%+dZv%@gmCG+zRilX^mKkmIlH12Qcs{lu)U08A!
z`U$B(aH~n_OkM^$Kx_s9Ij5+D7yqi{GC+nniqy`CgGu`arMLKe*r$F-f&F_)&NA1N
z@;x(`STo<SBy$r!CgDHuGSPz;=1JB+&5ls&0AefEFSjv4G4GQNHq%czc^0j<P)#yP
zX?a6&t^po={fsNG9`7x#q*&52GV-MuVEw|cGTnD<_N&)?<Y5?}yw5{Lo!EdTg~`U1
zC2?_^^YgdTNAVa~Gk}d}H(x@)qUbE}&}a@FtCbH7U-aDo`PTC>!yG$ylfTRdl(>lL
zvcODxn~iaAB~`oW&R=+rIaMk{zsy&3Fx>-NDa<qvBy!vJWlk2-))fe@6cTMU6m9t)
zsKBD6G12D2PD%My*L9v~P+BhArnL87RcSNBzh*c;D4wk*DZ!!qe^P?Bw~)fX$4}`o
zjLJ|N4yQr^hVm(m03=l@OX+8dgI!f}2paBPO3;pB&bVmZ>}R&~(docIvz^XKbhOwx
z7W{H1_U?4=u;ze+_6OW#XEH_%L%yzxoC|<c$hx_|;pJt&pya0z;F#=8q|*nO5}8D7
zFi$d<(ArKk|L|E90-D1-{h(q`wp<BwvauUxk-Ex4WiUR>NAD+z(;XrJ0aQT^?(ySV
zT>NHzjEf$+uz@Okm^VhH^kEs_^e3Dp9AU;qm2*G-qzrE_WkwHs6Y}vZD~o9|m!qkY
z4nNsQLCw%^@?3tYSh30759EI!brv12k<rNZP@zQDR2yMUoHO`$)&w?H^m^cD%s+vo
zW_O)vrv@1g;Bq==<oLBHty|I56fpXnWEv@{#o?c#JHF5P14^cfk-S;AK)6Np@4Qv{
z5lHKM8LUD>r1e7P+~*s>u_%1tKViGI4N00(ri{`URqV1}4e$iMp?q3bp!``e8gAbk
zK47H&sK!T0^qk_KcD_Af5H<lA5-zg?>2>u!Re|4YtyTRiq|+`820JfM?B|cCXm~_&
z232fppD8gXbO2Z!NudG<!UiWDrw{H9W)zd&n)azHkmp^6L!ztv&dv9`+&oK(>VGfi
z`9;pZe<b)H)uw}SEz)q*HeD%gA2k1P=*)IOI9=e5Yk3P4VtzpdHD6ai1-N8RP6j;G
zV3zxPUGamU+3<`<ckkl{u?_|k{gp<P*s7;f%;<zxlpPBVxFL8(ls>Nfk9%RrDkjfN
z#xi-$8c7-e<(oZ_|F7ckg>%PLe=PHoF1QYXVvc{Z8C%*;vy1BTQcvwgJbshN35hxG
z&z~-aznYb8^})97wQ(xwzWye9hrn8OzgsFJxi5TfTB%1*OW!eSb2+w@Axid9lWmE?
zbXYV`ADEN#xZ~ExPC32*J%L12z{PAc@DeCsv(U{R5<8O+lkPAJ;{w~QGf&-Q@!Wf_
zR-T27*|&)PVrF2<LEX@K14h7U2gf{Z9Eb4`3E}ShV}m=8CH96eDm$0BnQj<Hf{%95
zJw_B1`_y<_BvmgV)rjiHmPOHBB#>&k%~H27)Zh*oQhU#ff1vb`FJo}LD^Yty$}wp?
z-G~?EtnnH5i|=n<gB`19=1^qM^KEGUxt<ypwdqUhiA!*lcfxNl;jl8i&Yk(Hl}Yo0
z3!}1^FO=)vV@Tiea`KUi_Jw9pcVA{|SIauvNf@h5`!=iE(;WNY93U2CHSH%Bg+oMA
ze+aJdl<1pbe&jIzPkCa_-`(oBAxT60Mbkc4l-?h5^y8~8!$XEPAlgH~H~+^`OT_M#
zKeMW;4;0YW$D=ltd*rj;&fdQv`ZU$D;2d<qjapNiBJS3Ih{FhA2f#LRFgU>&>$Q90
z^+`4pMv?Gx>}BeHf;vptx8}$tpZWR3D17vTVE8jC6$&NJ4wXN<5i-k6;s%FnP>n6_
z6hYD9%mclNiLtvJB4k;+MO|P^i+NWtrNk@CCfP9G@z)Dt*nG+Lf2LSPjR`mN2oGcF
zS{H7JiSvzYXWWGPcs^`h#_Q|CSTlzuXGNDrjpJkv%Nwj!#}ATP0x(`nGjKmCK+@Ml
ze9yM5QdJCC;RdjT5;QK$DYWZB&^Ts|%vG2)xK=vEqz&<JGw*y;=yjU!Qu64W-LQMp
z`}z@z$X<83(KFyI7BNNwhbn+)rAbVurLLp141co<_(hilyZv30S8u4$AP-F*BFwU@
z>?1u!s{zbHn3groFJ$x%7Sp0+&rmvSUb!&K^R&$?^8+*7F^pqfn=n)yrC(1HA6>b{
zr|oDAytIjPCq6UeYzg{eV?ql;fIP$XY*fNAU<>&@E%oui!L{#ny`%7FC~<C-DB_`G
z^NFYmEXll%5gj5dv<Ih2TgDoq##x^PDk{&?d!^*lb6(girXZ#y7@eJk3~0zTI(9)H
zxwxZ*1*$lT1g()rOa5Z`4xj-!Vy?iO#N-FFa1jkXOXCHUaO&iev91YvkZTgq7)kFN
z1g`8ZegevkYvgj~rBQw-v;TBPwhvC58fD9fn63v*B~uHxZ!D^Nua<~wt~kj)n;2QO
zA0>prP0GXB7tGz2?~Rs5;o?qdstgUiZ~M77#GX`Un2jVpT74W1YPY3G@P+}jqq=At
zcJL|=Mgl{i7eKYzU)r02BbONvjwa8Cr^IJE6r`cyttnimOaut5V_wKg<3LTTKJXau
z=MHOSpDNAqhFO@PcU0+&eD^6neV6QlAiV;lw;p2||NfD>8d@c{Q9~$Vyk5U83k%@w
z<v_8@CS0+7htDW5mWw{4b7a~6LMovc{;0cQAYKsUSCtnUsghpc>guVk2&}JJ9^usg
zE~a%G@U(jqbntE8FcU<+laQ4kazaD+>t`>bn$F)tgDnApjb8b-O1=4v%rD6WfvUQH
zJ_vyc9B;<_a$L8<FxF={Ddn2dUlt?l=cK(x5?@`e5%~IclA(3~weIk5UhTj$&eRRs
zGomp8QHmdI0_+{1lfORy9iUCHQ+QFO8vuR6Zx?s)BI&BlOmR(<tcx{_!PlY6>R0e-
z>!f*uV*=jhN0Lw>Gi&pnJe+gU#Qqe-|2tLM><h=Uv=xuZmNIsy+roD0<11T@Rc+WE
z9zP$bw;1<&siRvs{=GJI{u(Mo0LEwL-u+ti1HjclMLBdR)eC8?xhJ5Fx6~Ee0Kt<o
z=b$!2aZe0af_^Jwa5;QPG<>8<X~*uwo&cJ@tQQWOnQz0tfw|Uf^Hvl)^x~_lJj4P0
z`<1i6I6^nUyoR;1ZG1#8f}H{sSs&O6;{5Tk&ymdtsJ*GNUUcyVnWQN2Yz(f>0muuU
zfzfPO{Ku=tdqFRn0rM+SwJQa_FtX3>*s8Mc&X^TwUt6T~$Y8Gm1CjT~pT)8Q)qgRR
zQc9-`)_iMAmp!Xl_T0DysUZJF%fOC>ELGGj_3s9nb-s^XP=&h{l0r{C1=X7c71EO@
zN+YO%5`3XJ`{7p7#Tix1i@_n2(?P(`0BtdFQn?W)IzxVL1KgocM|&;2G)uU=#+x4!
z0)U3HI@91^1dH_Jm35txEErh0ojvUA!sTHt#u4-H+^yjwP!J^jX|lA}Dw4T47w_ls
zB3ySSAi&b^Sy|<j{fmsX$%e9Kw3{W6aLr-EW0llC9;ouoYugV&n-S_B=<TxLgRRz3
zaqe`_P#!!@X@2QZNsszPPMiKGWm7L_1-8$R<Ry>77Jha-z;{q`%}1q2M61uXvN9R^
z!m@NGQdB0g5Z9K$f9eQxj9((Mp>FZ8FX7AWyr0#ivM0?Uc{z{rP~0WgnLe@)n9APo
z{nj~#t*Vx}CyN+L9hIyB?}3gJh}>NX=*K^d&yU2llwI{%{T5lF;It@7PI1dAv}JRV
z6Mq9RK^p5qHBlZVf4>!QPdv!aZLFa8X3<4ZvUMm1c34q_sx{b@Lg&GM1BM{~p6^Vw
z_B&~yCe*c59;Zg&KJL1IxwgTD#~oM%R`3YaHcOV>8ULS}+5hbPIn<-<`7HgmZ0l}N
zqN=$W4fkw&2ZqX7#8nG2MzmC>Q6;$i8IZI1EGp*9e)b8!nfOvE>jCLx`&mn*GmU8E
zRMP6g*K_?CkxpZC5r;K{TA%haE`wm&z@|c#dTv4mC3s;T%u@Gr_5=UEi$1RQenVU!
z9>I6rqFaPq?z+`RTps(^LHXS;*w*G=RLmDrXK+S__&(k$aET+&rXF<Wbu6rMEm7YJ
zPl19@?Vzm0=XZegoK68RipGOx(Oj|trY?F0if41}&h=r7M=x2Hy<F3_xaUkLLyIhx
z;idE<w9)A;)d`074O5A<22WxtO!Ze(6N~XI)c_nmCmuC+5zAvp`Vq%AS!0@04Pi|v
z;b3Cp{}~&2a0efalQczC3@~pX%y6eRLrBB8zzgJFvi<|}vbd<TEeaAQ7(G#2Od_E#
z-elbLIACZgPtJ=mmrPLao&Vxb1RZXO=~0&?|8-;f7t^Hox$J05Qa}kN`M1Q%yA^3;
zd$Yy24GGTHUT)`mMQEvB#z<_q!0O<HMH=j*j9<SSBSFa-ZMQ7OKe#z!!Q(bG0>#RO
z8!5LY<f~jGpW=Qa!o_8{pd~>dZ=*RmYs?w5VsVG$<bZq+Sm%9+oF_t#_e17ZG>rG|
zl(8--^mZnQ4aO{(zvS!WKir)rGt`gcKd!e`bkg0JnCU6av5b_!er?hRhApbX$4~dk
zsp<|S-Q&$%BE(NH|CChQ>LpTQKNdoSH9c>#zQs@^LPc-FNKK2sceYNOzY94=M4EIe
z8%8idd|1l*6Y)W%3sGgsa2ZeA9o?jL5tNKe>uK1)7;^58Mu4*4a(P>Gk=0+Z!5QR#
zn(BhtAk_~C=(WXT>1ug%s6#>R{0_aFvJ&!G7ybN0bD!X9d8phgR!n#xc<L)E+jQ~X
z4c(qWl`m5chc3L`#fm!%r&RZ<zNo1}2}u(o2Fdg8)d^3j4?7fuhaaA>+764Dzkl!6
z78FN)Nsz}t_isLBk%4A*Hk^r^2YUePr3bX$E?N6Ubt~bfEmz2Z;J)1Qlr`4VliO;1
zu#emT3!Qq&aZYvhpvWt^atFyPBvW2iGmD7S7nUy-yM*YyA!Yr8(`8cG+@O92e_eA>
zop7D<wP$arV78+n6(0WM*8W%C&`>0b$deG`G>Y7Vt17UaGZ4E}3VN2~42_v`t>e`#
zYos5ODeGHy!6|r-B4&j_YMu95%;IL-72mg4Rv%b4jxW7tw#ksg6x2j5T&<zpn-ndq
zLgtcjWy9FU@hSLYdxzq-_H=$O?FD;Ur6e2DylcQvV%P4p4o5uz)X^pT2-55YFOv~M
zi<xebuhuSAbt2C9dEgo;{1Xf)aI;TNG#EfZ>|p00mRPD+#MWEd4Mp`<oG~^i!EsYH
zk0OCVg%YGCB$HaHq4gA2<djfX?uj#%H>Wzm#H}sWs`s61%g;xsbL-oRg=Q*XFqHr;
zH>y}+-o&PKq#L0WA{-5&Fu_<@$|wuUAdzVk6$VH7#Hx+Jgp!^d&BR9=(OddKZDg2Q
z9up~Jp+FmI6j{kKnB&#2LHT)8yEcGCGac&5-m9$g)rcWgv^pATJ{n)^+9{%Vk?dvD
zTQ9$(uDsJ|?@y$+1KyF^D((^!A1a<`+2IqAU;;RCjzlXH-7eXRoD58fO6Azg<V-Tb
zsAQltpK`t8q&EikUXXOvq1RG@{qhL^ep2D{WXj`zWD$-UlQqMWQX$6kFrwn`<&?E6
zQoYAZd;Nj)yRoMVnvk_uDS9wtqCa9FC^|qpV@tezd+wQOO~S#Y>9yrNC+f3=*Qsuy
zbi^8A@Ygrz&FS$P!DZ$AfwPVs^_;;&!+eXZY&Pm@z+AoULWzau{vEIRD!YIf<*dDa
zDTzB4Ld4?W`cHf<Ni%TS+PiZXbr`a;t6mcmL!`hmLW-qkB4K59l&M)BcPkM#_hZ|g
z!>M$n#e2vP`3`u^iM2%)NUh|>tQ}%|Wy?1SaORK7dv39tx|S=5hN;|{Qs$RXl03(*
zDLM6$3Vcp7;A(~-61t4pvVRK95QRvh_I(a%`=!4dXN+raa_+KQ03wLx-gNx_6bHtb
zdeaihV7oj`4tA}VDuJvj$ev@}bo$F?&3-}wHu4kd+=*8yO5(-eW)Wd&%*R$$;85<y
z`e@~+ioYxl=FKD0i@!|JX}HklI!s6;q!pfdq)R;}2u*Xt-!P07e}!chk(%(z=1`UT
ztJQ!3?P?*gQG5Xai+gv!5s(TP5Cx^4hF%RA0lMjOg0v)U+147+9W$l(+l}HQbxi>K
zV9$}FJA*a6r$C%TY&L7mRpd2wS68!MgX4KG*G|P^#~iBN?Gs_@wl!|~&AfS2YJ7_{
zAivD<wX0M`G52<w1BM#o^7f>eewTtQ!ku>FLp)_lO?*XLEPHo`<m|Zv1fFd6O53a-
z+f@2ge)`uj>Wv;<Cut~mLU{R?ZbV_yDJdvz3TKb*0FmvSpGk>1{$LmJ`Y}(AX`DSN
z)28kg55>BQHScc3krpkE*$)8{`;wSZ#tW#v46ZE6d$&~UEwVkeU0cyCR!S9SN^c(S
z;Hxql7~FjVu)8!9JX*I49duVaZl#najB;%V2s5Xa-+QMr2v#ML*SyWJ0anJ9#IwkL
z-~y+>POA4SO0f|9Ns&eAYPdj%@fkomYG^{Hol{(oaR3n@0l#tg3mkIWmrR`8=&JyN
z)aavej@D6k1X_4SnZ;~hM~KS5Q(Ccq>?;s1WojOA?fI?1czR$I1Byt$Wj4Bn&u<_z
z7X(O6?$%VE{C|K)UyJ;Zf$FvD7Hm(*WvfTl51q7RL~^@MJ=-h#nj5A8)m*lnO2XRR
zqRA25%Y=%|l2z5lJ2b!7tGG1%xRpN!1r!bem9oM12{p>pDfHf{4n!%JPbW7cMs5BC
z`1ZPtBne#ER^z&2*_YT$kwTt10mNff<1bC_+`;YWylqRFkmS-QaT~p1b5fhA%iEqS
zN{7PnVMUj;u$PY7S6Xv%F8!AQRTx)MAb4eu$M=TYG`@hq>}7zkZ}?HfU>{h>1kYWb
z>yj*0?h#T*)Y3_F`^fvJ7kl`!_1Gw6Uq^e-C24xOHn9=7ip7;UAOl?sUj~dId#gWg
zp2Vi|NT>9}29|@NPO6OAzpL~7*s%F_>A$m4mui`9^X*Azv<PL6iEGfAlY9dg%L)L?
zeo(tf0&|*<zx<1eQ6B@Gp11u_QM8N`B0#WbxP#lh{x;{!vT2ywFX{UT9Ev`M=OK=@
zA<VSB+X<Q}RGgtirxn_<Cfb&@UlV!-PHF}JoIvv~?X&N&K4R?=mnwW#;5>jL)V@9h
zic!PtL^n5_Un;NHN4H@>rXvXFK*z%SGg08>l{PSftNC8g5aeIc<@2AfDX|+=2U%2o
zzly{wC_SB~qAGctK8ii<s1@-8qrzkzF6ROWD~o^B6F{bjOeauYXYJWF%tq`!zE&rW
z@?>=HSsksIj>2g+Vf>%Ex3%@s%P7oW@C^i-(Fz7D-q+#5*K<)$d9J`K%3G*MKURJ3
zElYCdC2p`r03-kWPt~pqs~ys&&%MkkY9ghd%x;m-4<EJ!glEa~vvF=IDCP4F`s^Ck
zu%^BPxwzv%1=OM1Uz%cuP#Liz1ZLjn29IuaV;ft5<1Jjk$fRUtp;c+%_WZBuc<ziX
zH}j6vz7ngrTW>uiQUo*9%)bq7SefTy<0VqTVcYTtWw0-UHQaD>bstHD%0l4=2Nemw
zlm3BwDHpkcm6g94Y{W*I)xA1Kj~p$MuVUM0Xn816d@~?=*={u|V{Z2i4lA}t7q!Rs
zTE}|F8Hy+fp3cxL05MhMD9x$k&r?L%DuO}eas<Hg7UvnqyVa%!elkCIejbWa;7K&!
zr+zPL6N4#@SOWD}8)5|s%<6EyLhcp$SJ~y{_ZM^BH_~3tRFP9V)%)v_vG?MXkc+wi
zW*b9nV8@5z(*W`X>tt^IL32gRj_KDTR~Fc-m%a!Ngcd50>QB>_f}q>L{gA{$_)UV0
zI$7x)w)0?UB7&H#y+fBDyr&PCd4!V{EubYoSkEj~g172W@pO_#KL(PVR_ogjybnM1
zJdjs90J?B1O%?!Nb5FjFIGC9`2VW|8UN26*`09K2@kvzoWi^+M++DgP(&@cq6do7j
zmBuA*h7-4i$6#nsWnWN?1HiLfDvWa}&9XR~iQ(--044*z1T>{2$LeA9ZeYf964y|H
zwX9USipC}A8_0t3)(AYHf(iP|51|F79chAim}9A2vRFCDg(RcUFgq93i*u32&;R!{
zs44>N;>6#D?^Eomz0{g2=Wo=0H1H7PdgHhY8c}}*-1tdP$QboD_&CXJALK?f%>Fp;
zltmrgO>WFJ_3NN|sXNhY<YW&fAj)5wuHaWuhq&6t>g1w;<p`37>xkDJKeYmOY$o=B
zMxrqEvjiPd$>QPtP=4Mp^)jbgy`c2*btFu!C8l|zgz4kR6Fh-Q^ozKdVU&E(2}Jn(
zTwvQLHBQCYSCAqej1iTa7&AyIBp*Xkbq?Inn+Rdih#|Ohu9T`lpabPW-XU<D{4HMh
zI&=rzHC1TnRpMk;hO?B7J;Rdm-uJ*5tiIZ=%N3rMzbwf1!7}Y7V+zc3ivhgO2ycs=
zilq}Z6at-!yrARxKZ^k0Q$C~Pw4>;l3LE8WO*(Od%#^s+qbl!0m94?YRc26Gccd!d
z=Vg~xbIqnIuembIeY7aRYaUX<F68+csh!n2#5C4`(lPS-^HxCzmJj>S|M_qo%7mQb
z#R3g}I)FAkxuC+()8W}0aPuJI+QR4VK34og`EgfHe|`57gmi{WU}b0YttdYT6S_$3
zebg7r<3g)s`>usoAURYzQv=dCM;7u=1IU^~99ia?Cu&&U2F1W+kN(uIO@imaOWcrV
z+QFncH<e9CMpP#X();q8&bd>c)x#<mz(D}0WHCmv>D4hM@e#sPI^RgBbGkU<H*$Bx
z**Dx-31}m39qiOTgC~XF0!1QY1CgWZvw@@p_L-<z<9Uj)|7_Oi?$;Bk!va1`KWBj!
zw{Rthebr)*xUPVLT(yB0B>}xypjtY<#atvOF+px1y&P~3o~3&HEtjMBC)mn2kc{*)
zaJ(IDsmzA<YPQReO|O@VkRKrkP62e0AOGr}bF1lo|M@LC_SgK$%KW`yu<!{Gzsk49
zZtWu`4dG&G)Cx8*v%Yd+WS)!pAeBk}M=m?AESXuPPHxe-l!PnoEJ<*tVQ7`6^ki^-
z?nE@2=O%j1jvym=nU`fT6P*xZgKhvs$%+&+7ggQ)utqJ9roCBY4%yM<dx}*}_*hr1
zwr3Y}A4=rZdV^apvjVN?+?MGrks@O2yTXe!5u*jcZU1=ynHNyMH1t#!*FnDBIEikO
zKF+j<RhVGbX`hQ(Rpji8znXFGRLMgCG@r<+Tv(}2n?NQj`Yq7mbn-`${+^LO5TzKS
z^JOiKSFQ+uDYWgX`z;5*Uyw2QYXwe%K1V@*blle#+NuVTQudq~kJs2F!-m@ci$A5v
z0$jA3Zx;|h8Qv7}?7@svb7o!pzQ#F-8qbnsDtr-WDhuX&tqVa${^-Bfploy;u4GaG
z09v8A&^g?;U8KpOFXaWX=MtT6aTBz4sP^_6fYnuQ%x6H~aN12koI3rsk-0kN7{avX
z3zx{bSMCXzx_S~jVbqf|AA_W$5(En>1%uV0Qc%p6k~#AKX3-XX)^~3}2l||X-HSE`
zDw~oIk>>NHs;6I4`M(ygIaSTYRW<=@?I=|DiB1ju{3`?*x}4kI`CuUYKsi@bE)X>3
zsgQZ#?8O4Wf;KNH4-+inSprz8yxy72=&8)ys@Ju{68OuQS@wb<mMqBzzqJ<k>)WJd
zJoCLPJY6-VN)N1NY!|<MD0o5s`1iN`RER?Nw;H7kR$_Wowkh6eTa4<q_P(vNvymG5
zm~3U1A~4Gt{2{~L+@T#{BY@dXNkP2JPoY%1&)S=<PdYa9<r;_$4Bek8*5cbmlZk%{
zD--omN!!udSd2V2Z+z0cp4V6!<#~EOxJD3PS@cWV$ne9<u!QtCZvG%yWZ~?8afa>8
z4&b@N@xT&18%^CLZW*Dx5^bt&o+~w)n1xn}u!TPWl|mo&(Yr#(*uzQC=yVz<--$08
zSidV2#xT(`pi^PNEueY=sy)Fvw3^e3zaljxckD*$FLP>tdD+fRpTLZNf!AO0p=hXi
zJos@{BILqsHIvg~MJjH38&u>>Kafl82@>9vJ!fVo)z)G9QRaLnUy#75Vk<s;Uz3@t
zp9IvL6`^JkQ#od;RwWXUQKugo6;Hi+<{~^h(RGlj$Hpo`$T|hx=s1I&GV!pf9U61@
zyG8!0v@V^Myan#TDA6`&w#aK8WNa!j1GE1`i9$8OV~>(k9)3~*Dke3~y8w6oawE{U
z0(@)?M^dQ+AuC)0!mEqU!iB#leB7bxgH#0iB$(>aKuO;%uDR>0k1#{MeZ934%IL?5
zD@~ftZ*?FoBCd^EnS&dPTg~X?rS=K3G19C!D2=)N67WuxwLe`&>73nbD#myhjO8Yt
zJr^ma5239^hnkF@YCV=PwAX}!3fq67ycvwg=4Vxq(|`JZ^0A|^aiC`9ZcTH}S7A-@
zk)>>4@^8-r>TtJfbY$Tf4fzm}j*L;`f-jZ-ezwHvaNzg|tj~FfT!Gt@j_Ryd*m9vs
z8C@7YC-gObhpr3GcU$^-ssu4_Yplb<2EvnhcYhfnY5Gd`i+ia6r)UIKGMZLBWZUF%
zufMj=?bJJ4;S?vK3GHlEEWsM@k%M)pCqb6jdKP%d@x^|9p*4UJ;>FnLHv_P;zhThW
zb4{JOyFN<|4}i=ltW+bU6DFKl6e{FbSKav5qMkbC$a!ZE*_PKpe2uDGkh)(o;R3Hn
zA=795k-`6THU4y)(=L6TKz$=T-#=Dh%{82}cFnNk4fdkx@vLHHxypn?7+W}R8Pxx6
z_X$3pew30Kqnc8P1S!I<?qUT$W>;`^&YQY1nyveb7G{Yu*G0bbR^YThdS7@ig3b%G
zm-$Nar^T~KiT*T(wj7Ohas?P|Udcx}aGrSvF^oKz`i7q&A|EBm#{#81x+Y_?r0N5r
zvuI0pGy@VEpgDH~q%7|!xFKuSdgNk7`GcRAE1xOW6*^()>LEi;PguFMD?Rd}0+C)Y
zO$ngt?;hxh6XIfd3&Th8z7YE`bN~ZZ7k;A|FiPPS{aGb~uA_<QiI{AYuGCRK5)wT<
zH#ufqTssXb&j&+3<x`DTo;0v5mPpwO!eObKI5_BcS~7(tB%@2*7fV~}E_+k7<Vn|%
zMPr>VidI)JF~vRajEVfQ==zL^BZ&#Wlc+WLe?;Zq-h6m$JH-cW*+hDRM@(?BIsJGq
zOk6XXnJ?fujlONvT}M2kM~GlP8<t$-o0VMSSw6AC;UGQS`VSig$}w*TAQk@8jereN
zZ%bok2nNR+C@5){-mUN)@Lt}*tOl%_zt-3+pJ1lY*Id%~2n91f<o8+wh|zCB8IT9`
zLzeaG3i#A`rjCL8S%sen4Nj7NEm4e&>1njpIWD)$R(PF3@rKq-=Gfus?837WiQNF%
z;Yv-)0#ftnl#9eeK<}Ub;qCqe1N;Y+)hwQO#ee$mA&wOAf0=qY-|QoS4N%EusjQ;4
zr&yO>)t+-=2(jf+{5+fg)vY!}71C$&hF&<TOqc6$8CM*Y-Qis^3BxbN4$PWbwt6|;
zNfw4YILY(v4EfFM5+nPXBPeN-3IlTS7r4Q>(<_yu30x4n4|<rCoL~?y;yW*XxLWn{
zfs?J+96HPD3(uS@X}Q=(UFb2)1^(co!|Bzn2z8LeELRJexD4RIvhqv_26EIcQyB&Z
z9=Z<5a(o@_4ib(^-jACua=4}&36H(Rw%ZRCwW;4zlH^p?MUde$aluO6?fi44P{=l>
z<mO5Tp<0CrrHDf&2;vyM7gDmyG&Z|T&X_)t*nEyE=vD`!G(GDDq~E<y$eI@<o*=kG
z0`{x3uC#c*MAI>HJ+&Rr0}Awpq7275nar`yrIHDisWg2GDp#f*?$qUbE_<42uxm-U
zCJz9#?`D9~<aru13hbNmwtEr=!%df1#4$!<e7fIHq$|x%WDL3KT}CrfXhTDZ-JaHW
z=d8;bB9GCivr*KKL^He|oh>SWll?FmkdTB=KJDj5`T#ZK*#W$J%=WcWuj6#{uftA+
z#X@kD`9_8bhcqHR<w#T={DZMDDxfoupknuC{KT~C>igs-cnPl5JluHA70VLFV~gJ9
ztbXX)xF&$k!Fh7zZf;<Si??c9@+rJVg5EVtw}m&{+2{G3$UKR*>XkOAK*lhQF+z!0
z3*y}^?1yJ<C_h>ZH0f!x<KO(9ZTOse&D#F#7d>){nKS!T3zo#|z|*D&?elCZ4EhU1
zJ*m=F=*Cg7gIPt$j1h-lxaIpIdc|q@Me0_R$RJj1Hr1Ec5p<S8A9q^+^NI#9u`l}C
zj&b`m6vo!`^SRuqc$u3pg+-$86T1N_T`&BpMQw7TwDwGUAS*6%ih@-?xNzikkQnT7
zRgS~;xy@L(x#j_#?j>=Wgp|&7QgIBM8sI^Pu_`~W&tS511qFK(^8p8(1+*6iHgP$6
zep7E2Pd1WAuQP}?j^cG`1|qjwoFTV!6hjdbE-w6Hm{l+P^Nvmks@?nR5`CKu4a}Qq
z`rlG}^wD0aQE5f5VnLVJ0RymlkBhK_g&?-?#gk~y?y#rW-xAbE%<o3hUAvQg7~2zL
zHn{E9S3~@sM0%dvN2p@`q}3LvCI#2sP6rCfV!iQHas*Qn@vtsiRN3cWp*O0Fhyo;%
z-*A><-7ZyzDhz92?0$}GlQNcuF*(_X85u1xp-e7`fZO3kmrJ^{v}VHrT{=s|?!(26
zfLv}DaaWUt{PMw!-1zZ<2^X`zQCsUdzq6*1aV?sS>ZRM4wrMgQS5vzCYdV^6A?Pe8
z-1b{&uxi3UA{_rY8m2?y+I?M@&=sM}k*p9yL8N@RBWXr??eYLyfd<e8I^qWmYKsgL
z`+iLGX`@EX<4#h7o_uL$H*rixR7M|ki)~@ZCQ!sCo>J#A%HVL%hfxq3j09JwAleA$
zXq%+G7rf<){COzHrzIu8Ps2xovXUr+appfZ;tCXd;v22S^{+BE=x(e{N#Ny{*-AvJ
z^-gzO#t$p0BV{@*2fMZB`g<v{Ksn7HZ`ropM7RJqwl7b?Q)8l`EKi$S@Di#(oSS}6
zP>lL69v8=zJ_d<90hl)qa4FB|^M{%eQtjLb?L$H@@6nS47IC{ZWNwn?5Hm{V69q`4
zcYmt~51M~XN*`iMLeQk`OOae+${fU-A?xGTk`GGbLSQioqafy?zYXS@&#_b$^OC;T
zDhp-nz(^)WWB$(kVbC*CY|cPng^z_K#8iu|mBiw2=hjt=iT*E%GD8GTPq)N0)pm1(
zHu;ianp9K(+<fqZYToL`S6pVRId8nfp)kIMvbh_QsDlmS`&l-fT7xt*MK+HrL|Sv;
z5^gHa@eJ5lVsJuA_j$TZK?2BYMG|zJ3)hEES<D7Vd*m|6mQG)yvG|t9-jG`c_vOo}
z%7Y_eKU^_%QPmM~UggyQbG|8SK`4jH0A((Wro`Z2gzxE4duF@d&z<wyJ50K0)pV}M
zlFiqV_bZ|KNemDY^^%2#%ad|od_2nEkN<oEc=L36WwUmY?CB)9tgpSxsV#5MHDXo4
z;wBR|c2a1q*(9v=sF2h3L1m4jN04GqV7mq0fk4Jq^hMqDxlaMqPilo%Em)9-`h<o2
zIM7txY_)&k*sdLZk;tiM2@&GTd4hdHjyp{Dj0dG-z!9f{l;NPP0CQcZ7is}{Qm`pg
zka6$ZK<8Hz2Y|(k+u|$#?C6B0r8@S~KPi#sl-n`H@ldtJCWP4XG^8`{1%FBAn&F+k
zK+Abvgig~!2cF~8v=v}`zh!Ept?2xszVIrA=`c#!#H>_9_~hfnW_%7ZB(->5tecX_
z7-()5)-o5h1zpG*PdS;wVYfJe>S&DkyIGcwU{hHEKkUE0GyAE|=1QN2v(#<%A>>y8
zZRpnURq7Xr(f6SfQC6^6lwtf7Sl!ysNZ{VhX-a`(lLeFbzfaumGPm7-frA4OOvl-c
zG%IrBm5{WRpjGa#J~n+uDk*_KIj0>IVtWELl1n@amI0`40#qW@?#7Okei_lpmR_qc
z*yZoJ*qt^}RL9K>P7qHHBbdu*(pbStT+L{vzWxpd?#J!IESD3y>KI`H0YM|X=E4%D
zRFiL@BltT?oknhRNtv0PFE1<E(O>MNJcqTvy3ihscM=49kkyQZMR}V-sX%u)uV5J3
zq4*f)#8i@5CA%f4Uld6dgvJSSvKEH2Y!TxQ1wki<WD!hWl+fF>N-jw$!U9Ga-%4J9
zc9Q(ZE65KOVR-R(@AJ%(+4Prq`LeQjl>Q;zrjq`|gDO$y;uzG^gUNKuIrUx8&JQS5
zgHm#H`XoviRDY23FxVaRZ~vNQxzsBg+{B_t@9Qd>tp~+%3^>SoFf$#`SOda#={2I~
zbj^{`cpaO()FI=94m4GoiFgcJu3K;pas$!Z2J&#q9w;pNZ^#o-AC|P*CpmHKZAJ)8
z-Je~mh<53%yQ-VMo(aboyM%>H5ssrO0Q{SkeS=`mV_xtO8IaCko*fEWG-!^*57}N9
zRX*Ij>8%rI`2eAo@k6Ac6_NfRY1P4fM6dy-qK)}KApkF6SpawUU*PGHH11e7L0<em
z@K>6>y|zSKd{*CiB2D|;P_=B2j9dC`UK(deBa|l5XJc!m018C6I2<iLNW=bP^j(6~
z8xzl_81Z8aIxED~X>1>H4_uuxZ0}W4aPjppNIJ*w@Qizn0&F1z|IOEdjEea>Q3;;x
zwf`>|%tv$#PB|k-!o++m$o#wmU+^*?HG=3b7rKX4`l@l>Gq>%WU3M{HPaJDvBq(sI
z7q3_yT<RK>xutj&a?j7xQ|AnsNN+Ij+DD(P&j7)9F!5@}pmKlL<J<~p(&^Kl%{~U;
z|6A26igLr^LZz63%UzaOfIo8tE4{EnCE}YN_Sjg&0-GQE=i^a1CKt5Dev3x)eUAfu
zqLy06jel`;VYg9x;ui=;dED5qH$S)ua&I(4IkAcxb|uR^TqO1%)DH5rp<OJ6E~3S3
zn)5Dzx-c&#T9xpJAt{xM8JAEbGQ<HBH;B~|ic+TYXKe_doq^ynKY#kmdvSe@DHbh7
zkFj1<SI?W@JSXD@VdhXUi#Tw*UpUmd)D0jc&vx6_@~-Kg6(mHCY;Keh)kgeW@&T}>
z+f3LO*cNeNL^->LW$Rb*%>p!jtd~iA{1tLZaf2>sqv7K@A|r5u4_gj_-WY~f_FS|p
zSEsyE@Lu*{ey}x{Pm!16E#t(vAO~KT@ZGr!{sxFXvmrBeE;M9bM%TJyA-~|>>1ezp
zP>%z14BRsj)zz({Nx`7Nb<wL$sd+o`<TIZ^Kb|H<h(ki^(C<y>0O-#lGgS)|hJVDc
z^V3Kr*L*QlAa*{290U9mf!pl3joR5*2&+Xl_&f4$;A&pBb$w7*_?W^%H4gg#rHUqs
zfpfA_YPpB8uBn}=AsbI@i>9tyT{}QK+Y>OZYcn_dcmpz}!xF%XjNn1v^b&E>G&JXq
z6CO0d5;o9z*$t=<66F*0+lrzM%VD7Rtu!ZUDEP?8lV|0Vlt8yx$C^O+rWnh9Cj3rk
zMtSI*M5*2?82Yle?yee;PUsq5oz=(AsWUUKizr`z$mxnRFum!pB)xVIt^4So*=F*B
z10LcQ?Z0GbD)$bcJ0f`qZJ$yzIk^)g?&qU5QEzQ0TNkR%<V(Uy&eJNJj&axuTReK@
zd?%#uOXX-iD~pvta&e@0UQYXD0dh~}DTPXF>0G*QO4Sg<U&#>vSr7h)7=>;K%T>|+
z=M-M%Ddmo4`Q(bI^A73L0NLETTo^h7TUhvlBHO$K1Jdy83oX<pRGqOByfSl3|AEzA
zq_gzhQMi2$B5p`BDSG?`seK7ZT;{S^;TH@&@|#<<5~;A;;#8k&g%Vk@90b3z|Jq5z
zGErIQ_K`w3i|s9U#WRXA($!D?UUZU<p5=<X>-?j=15B2z38gdg#(nF9<_l8v-0w#0
zWE>CSxXZmg?oQN2E3)3j{zuEG#%$M|p%E&v0{8rpLvZ>_<Z{CaQRZiPP^||wQpRS`
z&fCdzTsPj;sH^sA_x4tyq`VIW>3of8mI)BiA=UFs>YeWU1P4&wJK*^mr;qHL7C1h?
zMTI#nE3rSk4q#5BSNYcQ6i9l|)KWelFX@)C<r08iUb2!5D*5D#6Xu?0xo}BD?qcL@
zsY(l(>*y^W9Z*4>9GV|i7bu78HW-0})-8VT_PgKE8qZ<bBf53=RN1?_Yz)c1oYoI_
z0ASgWqQJ=$J1fcd1FMHG|G8o7t5?;Ik@?br2O71CSj%8BTuLmBF#2nTq?BAaLVN1O
zt9C_`<}gXm9*FVHWAw<yYV+(eU(a<Tys{w$Ux|bz5e1W?&bdyyiL;BqdLEbo3~!gp
z#$pvw@5`s>z>HdlQodb>O+O_EwE-3OgQO9V?W+=KZ+r8B$N;*<Bi6V6ab=!5#5-PA
zs&xGMKf+AwXRH3iHDt)pM;!ny#x?q`m$F3h!|F!7JC?rXFkY(xfgW6-IWZW}RF45h
zlyRAoQNQgV=H`6!F1ujx*Z9+UvLqki(3!Nk@=8f#T(hs1<TbaAG8V~H65wIJ_-#X0
zLu^%2V-KcG2Gh^FdGRl}FompCm=2fn&$cqRWnfaC;m{k@Ma<$X?ZyRSd9(6=TcK7`
z9@}9z$R%^a(>^ijGQAB14*l4bmh;hbd3|5_7MAVtf+Gxi#DZ#hD?&T3ey#Lpk>Bn_
z(jPzUcaA{v;+h|RY7lOQiGPO*jB#h{6pEoP>sw!E&p#vNrpQ~1mSUiMuX`0(%x1YQ
zmsb&(rIC&lg)1;}nco;35j$xBxY#Hv%x=mS&Zcpj0D~?!@o!WE9mDv&)EB`~gQvJn
zNGUu(k0p#fp_l`T{+%gCfKmLk`s<`G6pst^s$x$Fw(fb}Hf-CYxXB^RSyArRL;<wo
zv|&7^Z6vSrl?KXP_S~+tq!wR0L*LHIPP!3fyQZXp<>c|oo@qN<juXt{DHGSkN;dcG
zz@1#-6z^(()z6vcw)@&yOxkX|dPd@;hU26^jrZf-G=|c4axTywjArG1JI2`{R_>5J
zf3z${lCbG7M!~F?#a^cta`%04H%&GJ(&>zaqqPknCgZ&x0jH{m0YvFTFD73*8SAR=
znwJ=6XWiZe9l<#&_w!5JWQ^V>MQ@jywln9%wtC?T1LRdIuIAukh5;M>%{>onfSa{U
z^Qtch3%&slS9^?OKS;rz!laS-nDJQ?t&=^?(0V%@?#3kO(4u+25cUNVs{Lx${5&G3
zUN`XDPI+H#!75Imk>}$hP>pIlM%Yij<}HwbVh(owIs`-bF<HdG_g#VVUe%Ykp<nN>
z4Z2m*Rn2@nXK2{RVDlF5-4Mv@?uLM~n7URa(Nl9&twjF0Qep!L|GRi>6<%Xah{bCV
z;(aaY;u8A->4GxM*XLd_=`SC(>A|(0Sm72;S}4~cOv3z#%xH5R{~$X#ZC5j3CjK+O
zS{&5!MM?0&66tHt@T+-FB7kmf@&lhAcO=B|E*~r<vK<e;(R)=C<otBkM880QTktWi
zmcU|(?xLcqIcpVpG4tg@@flp_FL8^{xr(^9F8gO?(g50l8Rwj(VJ0sMJkbQSDb)NE
zi~9DiY-%{R#sEozc^t@h_bjZ5jPOD)CVxVD-CP15qiqV01!b-NHDn%V=1l*Jy2c{^
z_WkaDY%(<*kd@K%r|fA@`-Jyz5YzBUf08EPh@Iu4J>Od}(WC9LINOCrKjN9_G;f&j
zD8=uE?of)|ArfqB_{TLzkm7Zc4$3z?WTDP+z#%aVE=x?&D&g?s{m^Qbn4Q>e*=OV4
z652FMS!V@hT7(A9{vbyRgLmG&-@)UfoGDxxq=abML}6t@{<oFyCGiepT|K@~Ra7dP
zI+U1LN5BUQt|A~^%l0QUt-SJEh##(jDeVtrB4X(?i+{8&sS>JnjD+0mRh6_^>>^nK
z<^o8a$i%vayg8x&oi-Ucqqae69GN?+(#Mh%@KGRHi=~UJBY5?8UnUVpU>S-r9{E1C
zi?6lfBs*`A5rd>v->8{h1?HL$8+3$((LwN}s>r4!jbq;Cr^VH9xa{w0ZYa?N1>IxM
z0+N|Ie&!oH4#;V`dX|WW9Uh(v53S?xY}NNCaj^6B<Gd9C)QqEkxuI6pDNVCjlFh!L
z=i5lcmg*ALR^hi$jr>|)&t!RiS<a~JjHDlzm%JdIU;LQNySMFi8jdFoXl71`G&}w8
zO8oV>Mz-<c@bm9Xyuapg9WpljB6sTX7>9HjRq)<bPW)s%Wb&YDVZIL9XM)Uy#3Ei4
z;M6JGtr6KUEuUMbgFUS|=~E#bN}}EYO0T}7RqhZBkHHWc_%W>DUlW7BuWrtRi9)*V
z-{Ywq<Tnf9UpB^B)C-jI?0Z(BN6XbOA$h^e0~=cFs->~LJ0#n&If71D>d?CPf>zsG
zqp5+JChF{u&W6_n&75u8*qR*BInQyI;ETx?({LS>Gd$Stvhse&x-F*pNZF%6#*xaO
z-qc;W=sP7pb_)ZF4}Uwe0-@kyUePK;Sv_k|YB4YwS|BB`oKuhLQ)a&XAD-fhV{gZG
z>lsp|eEq5MB~u4nY5?wDODY6-(p#%WUm}J<*p5-FqdfC`Sl2<GoJNP#%j4nVT=a<9
zxW6#0-}Rm6clPX?J9CkHu!*2~&AI5KshqY)$wg%Yu#tTKw#DUOXV;qT>u#azJy4Gy
znMeyxnjx)zmu*bimaDik#IQjr*YwUOX`u=dfX>t)TT<?IiIx!32U)ch$uGo7!Zc`-
z-HDV~odc*v9RflNb$h>s>xZK%O9`kH&v+Z4WjlgH2;oEb1FAoOI5txS)JOKo?DU%O
zi(7?&?h4|H)Je57Sa@Z-o^|0E&y4_Ai$%mU_F1a18W6Pr0lOT?!ODH|P&G{Fr4~&V
zPmHY3h0a-$5$8iJCD0%|pjYHIpOk}^>`e>BOSF|?aat&~FDMn4K#EoIf>~;1oD_h^
zk#H{n?W+lDvx(xxuge<rcRb_CUROx&{(Q*~irErAJ1MxGX=K(Ca{bjsx!xo_K-#_s
z1HK0pTx8$wDomCDYgtilK9+543;}x?{IM$lx3oH@-Z`H+oaBnF#fD^XjHu&63|iYn
zeyHkUzt3jYUtd!k3Kh5Ko1O5yd^4)GWAUAp-3EXQLO&ow&2Gn3(-T=vwXSNbCpSI`
zp31y2hIOkE56%o)CcrkyrCo)G*;cBx(uqGyIrVZp)2>M;@Uzgx=oE7fHWRQ|9m*Xa
zmjm|uLoZcTz~vv-ScX{%eT(ueT?>aQ-M%U(Or*vQ`+t)~@n1scNX}G$WFFz~o5hP?
zNSc{C59@u?RPu90a*oed&Yf~Q6&%w|l6;{%>E%*7_|h(-r|iXK?)q@EhM7Cwq$c~m
zye&x~2!d_&3y#5mftDk~u0Atdy=+}%n{{TRh#rb-@yLa@8+dhyL95-nEq{MjNEQ)e
zDPoaG+zx#)^6pqNHKkateXk>T_9rbIx+%YG!A~k>`H5@`U+Bp$ICJ77J^fhj&SHbE
z8_UM$r2pEAr_%+sYUsIzM#~|?N@$`LJgS4ogoLIhFdI;0AD4#dn#GmGvXr1w<j5%)
zI_8`3ROq5k!p$%G9H_>A9l@8TQnd{RgT?$XIxI=4i&FM}XwL(KPQ2mGL(SRlzh20<
z)X-f!jt&{)VycsVV;+J>s$(~@g!rYowjT4IrY%}^T#}gKsCdoKNgQ3$SG_yh{SoSF
zJ|viiS!zhjb_Cu)z&Cfj+UL>)5y*RtZ#sai7unT{7cKBAQWyu2dBI9NxKO~@<fet*
zgwI9A--BXFPTU1pPzAY;lUQP&BwW5?Z|0}mF>E?9>V_*nJxNx$a6W=ZrBsE?*ADiC
zeEAN`lTN1v<q&RMOf%X5pD+hLH&?Z`mUBvw8><GbBRktHeVmx6^ydK?p7Blt&9P#J
zd!@V;zJQ=QjAUNf<PktVRl|Y)=5}Yz=vkWEZWjCAlnJkKL-shd#H6uxq~lhB<7Hr|
z{@&`6PEEVyK&IkD?3Xo?sp`~I)C6rmyt0n{qxtI4cPsz}{FLvyql1rh#SBIamGmYN
z_98PK>HrlH7vQT=o9Ty59Zahk4b4wcO=8y3%#banQ>~8qDr!KU9^YFbZ*1TJ$3cwO
z1v>*1KDxflf1npSPU>qd%Om#>+t7{#GDZ?!;ej05`>YbL(Rq+0yI?B^jSRdjWI=T*
zZ2f9C97PXpXzF?x0$a|1>DE}j(aa@)`EJz$?Zh|cJdMcAUdQ{^L89l*S>3CvMI{Mx
z=u`$bz#biod&!lnG0)ju<TsN0pnioSS_6J?IVmH8#(YrgG!m`}t%;Uj0ufW8D?LgU
zlVQt*O4kC@JzNLzPxnmfwWsc*rjnpz0!bRLYo%zVFEuB&^4M8o6s+&m->pmOJ}kIJ
z)-{%#MT%u1`HN{EOWKpge{HD%3-<Ws$t*mB;C9-T;x*7|n%uOa!eFDhHqbE^935X|
zf~aj40-JyOfMXn|Nz<nm4a)KKe8?l)K-w|)US~FZ`S*~;;#y^GxV(p^H&V==4bPA2
zKKeGbU-F742#Et{zPC5LK!f$W7C*n|P-h{+?Rz>?1&lHe-;u3!w`P(6J4B1Tq#LKg
zwWb25>0q72Y>I?hM|ug`1NJw9h~!eLA5GS=gNF8&p6qr*Qw4KJO>LyECM$JJo&ZeK
zZuQ+~i4D6^&BV*4>=E$TKQIu>B3B54bkBB_bGJDFfCB5DG_ah(djkUri|BxJ?VPC4
zV1#O-aYFW$dSkGY$*`@&BiY<9e4m5L0Zk<n7Lo4QwU+OsK}n>bP*821<eHD6d;ac(
z1bdn%k`e$lK+3;!K`4E>1(+O>dv!sd<3#@0C^v+`Y0SO`5F-$2+g*>**(-9wwc!$O
z$a4k#we`2is(Y;b%QIQ%l(2-sgw#@{E&MP~<yVxx1kU<qqly5042RYP;jLesP7k&v
z(x8!ZRe0pjV>2h)E^VHu$&rnk=?(vhyRpMgeyIuzG)_6u&PcVZkX1@RZ9|qETuxsg
zqn(dtMbDz?z6El_uFzGhWa-a=#T{I*@iZC?9p>r`{_Z>b6uDsYwGV{=)f}1`ITpo?
zh)@hhY!UMc`E6Qz5u+luf4Gf2NFVAu^x#eC^X~_kp3JZV)M-6Nyb*P1Coc@|O@CMo
z;{V5dp<pZ^=dHUGe<d5IFIiYLc0P=8ZYZ3);-e|m5M;XDuP6%TEPcI&S}$TUsun{(
z0i{s}pzT7s?6=G%4<V4YgTa`+XH)iKW6eh}QP=EtvkPyTTdnwP1JfnRj<lCcRYa=e
zYK$@y;l4|l=uN7e-<f31)N!76IC{Bcx=xuNn9N7I<MXoyVQiSrn{q{^sWK;b_dvnr
z9_(!hRH;9lX^zI%N>>1z!snPZLJ*BKv-LW2^XB8cxZMQTC4o&6K8SC366yY<7-|<D
zNdha#&5g(>J<gv5y90mazJ7H@RzKOQn=yoa-F~FIKor}qg}yiA3rbtEwvEz)mF(<N
z-6BM%g0EAHRa$%7q>gC3J_ZMArE>#~K?A__j5pyzimf7(V|FA4g5~DzX1_gbq-e)f
z47jYc%JfWO9!vV~FRyf9hBfo?zG7gFOrIgPU+%nNoT{D1(Ua~Ld<+QNH}Q66UE}P@
z;#6CQl9E0wBtLVdIRXo{sierFmp3aQ{m^v`^q0jjRPbq$Or|4^N=85WcTU%~`6&wk
zh`?)<qv@cnO130UlZ?IiqV+vTpDb(*+cojdGs=2eH8*C(<y>W)Jsx+gI?OvQP%Wky
zpgxe==V?vnGv-#^MIqOgC(B!IpI5NJ@rPA$_<QXs45#RK`>}DmN5Ys#Us8gj8WxLq
zb{ygWO>=;I#WB6+5o#R90ANQQTXaT0f=PpBRk8?<Jx1jk|L1226}q6Nr15d*4uWw&
zbg4QTEOQ|$laQPGFUxuG!$H^YW*t&fiy?hm=Rr6gY8ZV7CTUc(C>gD<9)^NW9|-Qq
zN1<<~LTuG9(|&NqOyXT4W_CaECFc%rU3^)gl{HFnj`SFvFLxwtf$|H3m_jx7+}4>Y
zJ0-)JA7ov;L%>4(Qza~o2b(TX6S#?0$pZ)P+DE@6IP@H0eraU+FF>patmF4MQnkvN
z^Huw8?2#pOZv?e6t8i<9%L<flXwY%|%_?=9cUqC7{Cbd%s?3<+OT}D!66rTv>`LaW
z>_C)8UVVQ&i578+1lxfLJW_={lh4#^8m`JpPVs6aKFp4Bt-w|-7E?u#WO*6O=J*Pb
zF~olMLvHOXV}b@#sN8zmX$-0Bglx>OC1L4Kw&1L)v`z>7SbqC8G7s^?gaP9G(IGLs
z)t{R@hW<(ko&FK&JcEoUABjZhP+7lkDG*J(v(>JDTC=*0J=GKbWM#M;>$;mKa!sT%
zxDKLq{-1yA*^H*vh=iYRYoK10aY04i-pP!`+kV<LT;@}mM;_2j{=p!+svf2w8k73f
zZ&%(Mj}bhp<0nu@@j>JI<G+-i376Fs?C1i+y|e1=pa2~N&gp#a!C5^rF$yzL_TyP@
zPwW--`04dFUdLETljUCCI0qH0d>5p%p7KHtlpM8k_LRHQzT*CCrrKPVS{V6G^^deb
zDsEGZ0n1}Bg~K_m@?{9YChbY+eu+Sabakx4kz!l->6F=(O+g=wAayoE@7bPBIh?#h
zT^+d!jD{?P9q~6P)9_TW@8Q}hlPNFKL=fTR^x?pgff)!#%x-kgE#u#>74&w#Gdgvb
z`5#LQ(YOyyz+U}$3*;hY9|%>0v+eSZyP;G$ZX-`J9V05p+OxGnh}ClmrQZ!CNkb(5
zf;y~oSGj^@z&$2lmJSdNsP{KO#q=$fKFx;twjMFTDEm^+6Ds8qWDihCc_Pnn{pf2p
zGoDK`{3YfCd3AT7%~W_=jbo2$n|QoK%5dBAYLl&8*w|)6XH2U){VP6Hq7tb7WfT)L
zt4FarI>;?+BipxJ>B(Ca-9R>&2l4ry*aIG3U=KW%yF_MP<4=alDSQba)jUY;3#wl<
zcrv|XhoM=e5jaA!!PdbPWHLBe2ChRT20A(<?=%t2x)@*q(SoEHgC@h~LzG>hR0WCg
z!9|u^YDwiAfeSf4<W8=kbRezenW#b&?Id%B_XBqvkbpNpK-~C^sjIFPqn1`|J6!X*
zl<UKUVK9(7oGHEy$F=I1HZbiR9<pH#!qhZ26plZVb8tllcMWWA-*?hDIs4OOCf_=u
zW#vC-1Bj-*<tu`vQ8WF)-E`x6U!h6gM%9uDQ^N0FpD`!Z7(xM#L(j__yg#59Ltgu%
zSHG8u4q-4nM-ATPr#^etI4PdX93k6|N~bPGkLh;~q3qnK;p&7+Vop_>b>I3aB*g-_
zUuI+^&5Jug20GpUG%<sx7jQ?}pfEp`k{5sCvT68habe9O|00?u6?;&n$y7I*EiD`1
ztYB}x@|pyFh}zNY+jzfC5ig7-iM(z#-Tx*L{q*N-KpD?t(%DJ1mizEJZik&Yq)$eQ
z{r5~c&#;v~`iVX<y!2W|7V{B68EkO?Jb3Z02}{oy!AOF~`C0&>^ok>Jh@znGV^frY
zPLaV_rw;mv9q53mN(GsEQ%7Q<%sE;x?WTooz9dj1wLg&iOhnBwyVt(MIOV>uyUbiP
z1^(-hYq#ee)}8H=)mD~BYZNiviVU3j#H&J|3fbC;yS{ya1zrB`s;|bRb4Pm?RZ8$2
zhAZ%n{~IZS&8F22rwSB|z)DaUibqxn<a_WBde(oKdiLX!r}hQvK8l~Q>@Xe6m<;=+
z%8u2WomyopEwU_0UIA_ncsd1@)s?|GOnnlz`f<;vZT;X~x+xmmmyz!l38w5AFf3oG
zeA#o%eWYW~C2>$UXng{kN;|Fvs2_3@2n2wkR<xS@**){ob7pl_4%4=0xZgxQY_M{M
z>k`esN5a#6ogR1kZdPeB1Z%G7B{ykBtr`5IZ*V`0Y?#Z{deK<#|F6yn4Y?Sg1fPto
zGv+d_c^kaU`DMKprl?s4FFiNmdNXK3O`YX0s~zePaJq}3f6asuIqkAZ=P_rZ!toOP
zJ;6kq+Pp)o<}6OND{%W{F_A&%C=JlUSkc4W>fS8QlbJCN@hX$aCykyPCWEBYPJ}V1
zv$WSpYpFZbMtKMlpD3t`vc>grF(^=o!Wv!xB%-?3at;a;g{syfRd+^>+8}@pkU>B}
z1(@IA;=gC%p}*|n<r2Jqg>8JNMP1B5NOEpBFBqye*yq#64v71{<(3%Kry5Db+VmQj
zo{alYiQpYhWA1cM^7n#4*K0CNxP^9Re&kzW)^{*jVZgNva_JwS5F|dguTIJ<6A76^
zTMIE(aaoR}quOPd2ms7tcG%2jnNb1``1}uOh4<4Nknc1MhlUw#R2~G;oZHH4h%N~n
zd$TO%S}>ymd%dFLgXS}m>u#mOnB>pf&JUIPR_UKcDZWuNgU&uuA+84rwBir!b`ikL
z;Y%(MNPp%hRx1U9Ng-wmtTTbEYTa`CnjP~?pXO*Be7Z8>zNeVB$I44Xmk|GY<axd$
z1h9LEx!VbOg8J>+$kBipiL(&h*@I#zpG$z}w21S$0)}k;Fs^wklc^2N*h^_QZZCA|
z&ingLaMf~R;0v+apEuldvl&@@p6jv?;z3LMr7G!Qrf$BnnV+-Rl(rHd8MH_S9q^~M
zk;MX&i3(2Vsda5hE28C8z!8FVgn!FfchEylChTvnFFw@TMQUIo7^4vK$pQcwVGhXP
z<196)X0Y^2Jj-InTz?2_54y#F!ql1h=fCKU91E*SM^5#V8{fq(`%D|_Gu!cap)ZO-
ziL%P0lNx0YhdDOKo>tv9u2`Zdg3C>g;LTmp;UtJ*hr-At+E%s`9>d#iEB0}F+{;QB
zy5&YO^*gaxN{6Q6v`u`UdD;$&s?DUtjZtmy`<wOr?Fs`;(<G(yM1imrDUnoO7pDvL
zi-!8x&q>XIiOYf2#A$r?a><pd6{-CCLa>{BgIwtfU<|o_vCx@X#cl8nn0wk0K5S*}
zwDoh+^+)v`X*?-?QP2mvbyI-y7vJ-8n1Lne95{y!+Hy8aAqV8oE*T3aD`4fkPL9*y
z!z0zl9b0%z4tHy(Om^u=zW;M3L<?O$g){;5rzY-09Akh2Jlno!WFy($YxUSkem1v|
zJgPBm5ib38;ChZ~Os`yM>DK9*X<hkz1Mc<s)pX;C96q<)DU2yVtKyC!^b#Qp;i~>1
zC;V;;v(9)!ceJ@Wo%emL5tHW$;WOkFD}4VeZy-?Kapv&)G+j2A+${$o(M%$JfwPAF
z5P^k|u$&*qWt@Uu^`M-!lQa3-d;Z|~?@})l@3TK3%x`zG%o=9TVh~1l9|G$Q<WwUn
z*|B^>r6EI*RJSS3UnJ^de1f4`T2<r4amhv2ik<}Gs#vTNffmh@z2&*GfqU>g{;CTJ
z+K%syr7S1DHKD*O(s3C>5wV_Z8z$Y~Xtt_cc6FtwP8K8hy3$_cYJ^vTq(TUzfbDtk
zn{KfT0Ar8S!N$;$b}t#lRN`Mi+0$7`WPEv>aer#s<zrF75x51;#*8^bl(vvk++v1R
zPi6XC?Zsksn)o@ZELT!<P_i~LXn9xB^={5;>)2+<wFH=qai6d()c~#FWZ8)NsLG=t
ze|Lfm!%*-@R3uSgq`@;_HVD{;l2q&)?$D5`%X1*8T5TdFf-E9cnF1Ym;8Aq~5YVEE
z6B!`zU2cr9;%x8dY)XVHe?WvHkBaERo5S1_CEh-n)vYpY$enXh-6W|)NK+pMK1LFm
z%NDoc#O%GS8_YR3C8=6tIGx>=9^{O>(FWVn+}WE|IMw<03Yw9M|HC8#tE~?Ch|7!L
zm%D+`6!rO_@K|%LuRop3_tWR?#++xMlq)*k@=sU+LoNQFM3ATw+!;PdZsAveH^Z+Y
z(fZ15r%zM0$Zyf9U=T{^9X};!Gnr1HpeM<#Xj5S@dNLH^|HI(f{IDvsU8&?7KJ1w)
zH=4R}r=7$S3Bu^znl(a-x8Y7~+$w8&c3#s9V#aO*P8XtyaoK7oITC(k$Ov5bxv$jH
zz|1AkWZGd;f`<J;S50l#@?dphR{eSCv4{{5rCtzFbU<*!r#HQ?3girUs!rWSN=Z$)
zshu|AVCP}rM&R&Hs&J-<ec}sLjy{Nf1X02jsKCH5``QbAa9qLDu%A<HMa3|@G>_|e
zN6@lVi_&mfl>K-4CFIXZMv_OQg)Chtg$R=#0mHnvo%Ay?YO%;YP)lt_OpvO1g_Qmy
zYN!`mc%n!40C%5mHgg+a;CzJj#sTv{e$rxU(^vg_X_4{nfFso3Y{bSjf$Raeb2$I-
zK@tw-g^q=k9qNpvj&jpwSCGD8PgRsaj6+md+#l#cyG1kn9Oij`u`K#BmWHdLJal|T
zR|q+CrQc1HQXWuVeg5!td%q7&!fUfTpd8v#CWd9bi|65VR%i$?vIsudIDKjA^*F}a
zwg@`%h^~?h{}}kr>r}J{pU3PyFqPb!L{v}?J%iG%_Nms*lwU2T6X*#`cE%R;4&{>O
z2S=;=dYDZLmI|%q9h7(#_*kc=wzS#1$aI!7EOFpHGJoOVT_c{@T=RQpPzcGYo+JnE
z-|OB#IAw3JfW@LBjO_RtidfG>y?tMwuy8v`dXkojBCz17LFU&k70ln=<$1+w%Km7w
z4D0gl^*Kjft%c7{#0;%AzVEZxxEKuApcnBSFSbKE4x^BZw<5I`2T{ie>i^1fWPgA$
zk693+r(G;lj{kx5B0|r5OJ`8=`2KhLZQRd7>}whi*5%dbOWb;{nnw`W8MW^>wE;1l
zHw?_dqBFsFV3vbN=re7@L2gub(`f$l7y#HWVhRTwx8Wo^D8QlXN9<CWnSZQwzK-uP
z)9m~=u11uY6*i$9&q$}<5tT713E_HT0>pGit`P;+6W6Eq@6*S6Ay_RW<`AfOD|S7y
zMA*kZl{wzGb1$n7QM3TGYMJuj>yi?2K8~}yIO}X;<On{av-y0*b~W$+{x5+Vs>j-G
z>TfGY$vN`0h@xJIqQ}1BU~uIH>G$rBJ8A#o4RI@eP{bu|dx7wqLluw1D9Jp=`MwzC
zWsT21Peqk0@#>+F^Mn+Vh4P^>d?_29av1E^_zLGE1!CZ=s`JvZb;OHDHAX{^lbGhF
zGRqR{XIZp%fGCoThL^ZNO27=vUg-@QsTbO~1ZEwsMl3q_0qOZBy2+y_wthBv3B*=L
z>;G{f9OoGhiuuos^l%ip^Qyz=U?c*mHD9nqshZ3pqFkVs`fy&+3k5d&cn+7Bcq}h7
z@S9Z>ep3J`^)GCiFi{M`sGtG(yWBg@Cwq{yjRpz*DQ<}3y0Ch646yKb*#sOE?4#vZ
zSCl5s-tYm9Z?I3qj9$MNwqOrN<jSp+swiU^Qcic>g@?Y2uP)KPR<_4M{~G*5t__4k
zUSex%U&r-Aa)Aw6n??`)Y99rO`4%}qViOHuHQyHyxLMQue}ZTOWve2&_87&iPO$^Z
zAz90PgP+wwU+BJjBd|1B{$9a?-*!6!_Kq|rT4I{fn(yGt<Qx`ZJ;%8*^AJ}oC`ZZF
z!h0}a@%KF+*{k<pEVnNx<ZklgA3TlA0++0+cx_#+;*ZOn!qW}rk~edH9aGBqVQE;d
z5O;#5qOb{tZ>}q=2e*u9{&Mx7sW&VNp*GH)jpjaO;9#V?uA1spQEvIapQ-y+tHyF5
zp(!Bqx+9@VSmH54LM<03b^^%fPW5koGC#0A^$I1#Ks-4>h7tGRfKz2N<db3G0*0bp
zumlmXFBGd2)!EDCuUdCFr=9;#_?bc)74t65?K8Fd!ha~*BD-66ym8o%R8Hs-csQf*
z=lez)OIm&%`zsmrwx1D6u0l>W+o!<6xA&iu+&DIrq^qfE)JLa~vyl)#a~3L_U^$&-
zxII6b+Ne+CKbLGk1?D*czpN+W2`DrM&B<Ti#db}870`NcNgr#~y&vFaiYHcIBzJ!I
zK4$ou>3lUq=Q^LiW&6H5gfzbYC9|Rx5u*C1sQ&nWT@6@D{!^RY(?}o>s-`9(;i>=q
z0q+;)AaC{a8Ey#{f2<tSp3X3tX$goxkY!oNdx>pPV2;2V)RbqgT5{$=(S+lv*hdtV
z*8WY`ne_&YoS-0JD<FS^0CmG1h2D?IX%CqQ+caOw=QT)W@G%(!-V6y<S31#U`xk%n
zH&%X+Dei<;ED;5Hl+tN;Wdon5ye8DKq+kjR&~%>T8Jim&RK|`7Z8iynP(I5!bCrO*
zidk*if0!9DnFV@PWFKl<BWYs&ZW_1gx^6E@E>7v#kn{IFdcfVu=UUq<9Fs7`Rl;0@
z!&CW*<>s?P1#xN_#^XMfl*JGmW^?~6EVmhHJ|I6l6`hRw81!_-p)fEtz+cN{V#*Gk
zSg=SA2ah17wj}wDkqXZwz&t&wHD@5%MCs=dnvpotW=*=n7ICwS{vI4jDDWBRDf_x;
zWhCEzYA`l0{Zc&E$n3t3Vb$Zh`bKHWToswVFIja0LpV-@!0}db63i&+NPI4QC8pai
z%XAlRP-hb;T|4~gFLQwS9?A{P$leM59CP698Hq4t7jo5-N4Ld+RF$(bReM8!pn%@9
zgG;CVRSa`H0*P+cd=ye%zYwV2Cvd*>f1t!TX%)#~LFSY)RGgv!r$HQ^z+3b)yFJL;
z8)2F~sTH5SZ6528=mU!yIjnZMZ%td!4H0f6tIcZsOMB@@uP@28at0J<<S`{xyoYNa
z7V7i;Y%${R%J<`2pV3g7!WIjWcT8miVOR68FpIu?sQ+r>mY43`8>1gd;KkKo+NKQR
zSa;!+<987WzE8J9l!$C$S67<kzPj?nibD(fuV2rQ-;mHbcN`GLaYBK`2!qQw;j}^9
zp(nqbf>W=zxV;un8U->b1!*1^yX01()`8hu9~Vqhj+tjuxeM{-beiuHE)pf3V34+F
z8v8vVk>XAzdVuB`*tfn8nnm3Dc|Bd&KTe2A_TV&c%O#|>GDMX8r9k2f%jILC=NnNk
z&i_R{R^$X-T4KQ)!rr3Hh~&pE;3~g8in+wQkbQ7N!t>p`J>L>0n3>YfU{Jrzi3W|^
z+Njfvs+dwBzw8Wm$WN2g%#GzxgO8-CRj#SnyUle+DiEO>KZ-c%>l-3Yd(hT_FFDv1
zVprpHRlP+~WML{l5K?2FxrR%1QzeTkn~#5ExXO$j2T1n$oD-qDwP#*!BZ827myN#`
zi43EX-K{QkDXmga7_*G4pA7{j3Z|%P6NSO5FUE6Fq>f8#%0Uo|x1?g6Q701Uk@U3w
z7)|!1VK1~82sIR<gEs0BFAJb3HQ(CIg7PdGgV&%#?VBdg6m={Td=FUSstpu4)ig7a
zgVkY95Q$(Sbtx}>HEGbbqQq)3372b;L>`;yusQ=pPC42wnFC|Qc@nMUpnNYY72aaC
z%Q)6Ot<WV4v;S}8URw&BngkVN@(Bx>S-A2H6?S2Fqv*G2mXJn`tnR)oseobeQQiS_
zATU=-T2pcSq?Re*Sw;61{Xh7s8qJt$<n=VUY`EKWBikJhK((ZpZT?406oNV@^{bz*
z<tez?b4CA56x%?(;aj%Y;jnyOf|5p|BQ>cVn_Ng#IjHFWXJA-NVl(M=!fq}Rvq+g^
ziA}w3r^oh_>7UMq1BkcPh?0{~k{az=?BA*5!y+u?AerpuY*z)!E?MP{mxjoh8^9yG
zotrubRe6lZ)1C|#*a<4q>1#J_6G=6w#zj_N%mp1WD?A`lMm^A!9V^ev337V99CkE=
zGCYb2S9G0VRcqD@s<0?VJ3SJYvCS49^Awor02<_SiCX`bnN!o**C43}YT_%+{L7+t
z^mXu9LG47A0O~x2A*(lV2{b<N7p$641g|f5{Ag%POa8x%2c+0bh5PHCSCWwMsfz3b
z#vL&kjpx{ahl@*^07qAgD&_qf{l-ZmX9N~TZz%;1Tuy2C*jhfQyxzp%Z4kp$s+}@(
zzuml`K}2RD(7tET#bZu3Ebv}vbkHm7k!Z=U_A@GLoe>@a=b0v`-Q&sb)xuyMYGDTe
zUa#k`9T4Cx=AhCV8K3);=7w|Vr4604_wgRJt2I(J;k^e1Iq%mRv<#f2I7lDlG(3@I
z?Q~*fM}5r%{$i<&et<8s8+b@hT*{9MeWVeWDd78gX}N_Nh4B)cPMGL$*l8)zZ28Lh
zPVI*w65jPAIMiB1IEfM&x{7OrYncEt<o6j3!{=v{zz*5E3#S~UgpSDhWHtJr-6*cb
z$KQ3mEW?XS^_b1z-rtqJ@kU#+`{R6Cw%<ltVP(v(N9NOnC~*S89uZmEbVK>_tq3Ph
zj1_X+M%@fm1`7nFEn&0*G;e1L@l`Gk>vPKiSu}24@Pd;MBPr77;Q-Ib2BaC0?as7@
zX3dVv>YL^AUmm0vi7cd#jC&fk{UtL*x)Q1dAh$2(oez(b+TX6@qrS`(dO3|5ycu)#
z9W{)N5$8Y*PO0FxIzQ@67{0qAj8*DieNhaA{(9iM(AM=G85S|9Boc0!CO%I~BA|2k
zf;KQVZotDZn_fUNzGb|u^Pn&^wgjiIGBJ3Da`*K9+koObmq;^!3~>mwbdnK<rH8-w
z8P#uwCS~!OwJE9p;aByhRpet2>BD%LW{JiEOhFb#wE94|m_HwzOTorswPYc8myDLN
zS!G(#b?Rhn9;Mj+)&w8kvEV2P_K=yh3wgA3kvy03R~mG+jrSMdeU~d_;*Lu#N!jVF
z6eLtHOViG&$)eKjhq3s=9=e)*&*+lzA08UR;8<mTN`t^Gbw6r??2g4Ov<x41iNq=)
z{>8RIo*6xHbD(Y;Aj0%2rw~=P8+bv9u(iA3ek^+ZQ;?@8Jt5WKQ9)#H?8xipI<zL(
zfR0^etyengT}v~m((^!F7<Odw#+t7&ND7ElUsW>zyOs}dI(|Qz>VQ-?*639_C*Tth
zSh6I$aoN-MFZOaa){I?;EtK(?eTazVi|mov%2-RDzMBgQ%6r2#ppY~wI_6%>Apq{!
zJk=Xd0FaGhr-R1UGx^8aCbVXdE|WN<5u_C-E7<pt&T1+XCnAIk;{IC|k#!F!*2@jB
zz!D{WIP8XYc9#Aw@jmBAM~(=){d6#8Z)fEGw}iW%ZhFp?h4|mIZc(Z;JPx;vv4@tv
zqsO_K>iky=v$z}rd4$KR-88}H0?N#p`%gvAN#&U)W{<w1vxD(botf}uKd-Lw+t2dA
zH0N-?8?T1%L2|mkelhir*YQcfktDjD&)1m55bYoxcp(wcZMeITaj>S!O(-O1tQexB
zw0w-SP7w&W)k#RyB?G__SW&Jl{C&+)e*L4K0F|}>FD>_gwV)W!U6w~%Dl1XzCJEga
zlQ+L6TbjzLuLfEi@q+JLWzLrE`3itnYtP6nr1uTmD)k|!l`i&cTz)!=sTudekyU3G
zG=-J3jYNebwy_8Tsy8e5`6r}OjheBWh|THuzP09*kc|dz!6Z<3f~1?@SbKmThKv|l
zksH)*SsQG^Y5~MD>oAqEwZOqDiG}qbApFmcZ*Y7P_Lw{`ofTVe%Z*THO!Hj`3S7a@
zfuB0jl8|aA)}FN3rK2DC7Tjk6+;}DDxTB`K^oBcure$;^ngw^L%^vQ_9IPwxLM9;K
zss^eSj`B=XTM%U$LKJ>S$n$Hmv+#oD5=l-u^wtIVCtacRW7~VJ>|*#tE@$;@-0zD>
zwZ)W_^D#<&-kR*JeyiSqs9j%A%4i3ZU600ND%A1PP7OZINp(xHlky=ej0O#jvy7@1
zc0aAN#)O*1PUk8kOi4Mqs;dE9wWGkKF`7@h+q|0ypo2*Zp-9)85Z--mV2XM^!XF<2
z<Y(n_z?0mvGum}tO&;f`|Nj)AtBie9o(=dkEr6PcH%+ty_4%}10oU@xae!C8;pM)k
zSS7D)(*w47DSW4wh}>#39uOy9`Y+|>nrZv=!T(2A0zZ-1nS=n%e7oHNRjB-~Jjc|K
z8IHQpxo&ashg>=4DigNh#d-bk5X{9trO_LFB}UkM{3?sftU?(Zb!60`^laLpTmESp
zDekit>L!mvWr8MN_^rF)nL<br!p%1x16RJ_W}KcMY3ezh#t5Od)||n|H*CE715Q6-
z9z%qnqfs3^+1VijiaF9xFL%pSWa<4f;2PI#_h$CZLZoo$<V9l1+gqYd9>m{=fa{?2
z)(p{9*|)Qlu2FnLUWOyONd(^U%0P=D3}#l0*QhP2A83Aah4qMR4v@`<(ANuyQNm5y
zM{#n*1=w#)MNuAvzW`iPkruw3w7mXu8y(tdY-67TlR|P(1fa~MwSQb?anQs-k`9lm
z^&psR977Ox5)h@@B6Td<1NAp+Mbf!Z$o*FogYFMnHGeV|Yz7a%FG``=_ZX~<b8CM*
z=gU(%CbmAWjNqF0^eUJ)WO;~|s3tdo1^Fv3JNH(n?(!+ax$58mWu&v3&*&xTLc4rH
z+n2U;YW7LXa9Yb2#nfYf32l(?F6%4$iwbe+m+iB|(>dR?gg3&CSHUBylTIeSL|^2J
zz+mq9;8~YeS?S^QF3l29h^D7u0|-e6b;@9*G?cs=#|<`th^w00768|}RGD_J@e1(*
zb)lD>LSpsRbz}K(vsEmR{qkA}y;h4mnl^8MyM2b_@|j*|kJKl)tTm))on(B(WIJ7a
zOP0=MSw9Q$7kiyZtMIx&uqWODedR<l12G-x@{^+r!y^T_2(NcesCp<J89f@Ci^_LY
zI6FAIKonY-mIb{-L@Q_p3MwDbKu=exr5?5LsG2_s=Yu!?yL?j0uZ`rj{*g*an}y0=
zi~T+`BnL+)IR)Jk0ETdc22M?ENU6VjOEQslq+S~vTLV1mO#uny7@(XN&TOkYq?50x
z=jE4Y98>~v-Boq;GtdyfBJLVP6pbIXzo;>cx@W|faXAOi2Ntz(zf?1)E+P03hhnEV
zd!OF)N1~g#XQPzG3UgL;xX+Y{Uyb~xihX{*?*%1ldm-$^gQ}=81<l|<3<Pei2F9>x
zX_c3=q{zZ%mP;u1n8>koE<(>?J>!5=Rav>{!UY*WtO=^BaTHB_p6W+8O(JA3w-F>(
zfh?{CSP|hEn2SW5;_#6x7zh|<Q@L#9@3CFG<aZSk7%J{AU?kbBOC8sc;s(<?nV~i9
zA$jtqUY+mp4vT{3;v35u5GN~GC7kgSpb50Z);!kLJ%4%IAcCN!a-O&;jX&FYokzc1
z(!+dq(J+=TVftd~a3xG=QCTDl-UYOgB$d!Oc;ln1ehY&<^)7b`oc4T*C7MnQ9!<?Q
z5+SNUDxO57^J^uvdiFrP5-(iDhe|GK4d9(!5~g2*2v|1H%N*Ws96y%F>E8U#E~F`<
zh#8{6U{e*|lK9G3dJCYr4`W~MgAtWAg#WZpzwb-NRo@{KqWM=g^4tyF)xoVdWEz<2
zt(yiEjO!et*4>L0(1Bat8EhU>BTZyV3pt3>`a~xZS0@5nEF=hsclu!j%~FQ@U68{X
zIhPg*|7)ExDc1AeLIQrX^_(Zqd`@kNQw5%g&g2ALMLHvbs<(W1S4+)Zvh$tMQQS(o
zj-Vk6O&Da$CmC^l>TXOcZ8SuDA}T~aePztVS1Hs99QEN3-S%xD?A8%6@X0oje8zxT
zMq&M`da2p3!gCeW*8nYJ(W`nE*Tg9)7B`}r;jy4{%4s{;ANTe)G^NR~ig70-6nn{=
zI?43uQ5A3Yz+dcA;aN}=*kc8z=&=+6Z{<o<{!J+K96GW79G54nz^N=RPDL2y>$+vv
zQB;nL-5z$&SlbV8!?w8DJCHy`*h99jSgUXr^NJ#zN?E=wax@=j&Fa5;*z-rNe!(t6
zOlS?nMZm)|@y(1xye0=Vdm>)7=&p21GS;`}1Q!)Wy5z8<6?(cTfxS6n!{{vkz8RIs
zVG{-9msoJ8M8r3}B33!7Q+S$!R8NwL))_CeX6Sj5hUH;P{3VaMaL`bFG%f=>N^>><
zx?{rj@hLIqp0f=(Okj$%!MFHoDe%gFFxEN_^mF|RK4xE<Ci@NR8swqHV);7VMt>mp
z@{DChk3gkzfg@T3Vq$fuM(s)EIgI0(gKLIq3zGP<B*O;{MLi3=zqmOajlmoW7P~93
z+b(790Gw76gsi&+P4^qE<GCQ$=1trk@Fuwv<~n6;%}yx9$Zx5$eo#z(!To*y#u|<m
z=vS->B<XXMuIo>YzRKIqgU4j(l5@i%=ZQ^Q%G{*qh?C)s8xR3Fjztg|WsXe~qez$@
zik#WvyO{S4_ZMT6mO2ABsBI!CrZ(jv@1M%el6BcK;1@&oasp@2Bq;fk%@_F(WM9G_
zI%KOO7mLSUe7t)8W^t{G@N?jsD8NZXS=*mpkqo9dO`0>BtoNQ+nwUlGMg-V1j*dt>
z`f;1DXaG@uzpgxOLQ9pgN5DJ*Y?q`@IaM!uUYo-FeWERFM(yL?-q<MC5?*vcbaI*8
z+#Oqt()|WFp5q}<_onqV7bEe1Vg)2SD4cgdBZdpyA5xwD=|>>oQxi)oyr_r_V`CvB
z4;bhEoieZgN>K5#_ox`j2~Li;8#J6CH)%;^?Y{jddm9CqAGgixk;@Kv8x}^w&env)
zq2sgQiz-mxmN=t6+eNwy5IUlX2Zy-)kuEsuhOXW|SNC}hoF^fx6pz_cs$$f{-gov^
zTXTr5q}|58*~FfvlnU=)nhp>kb<`{Mr<bLD%;RR!RU0pD;dWM@zR(^O<snf1ofuBo
zY?5a=k|pr9@8Ay-UJ;b9f&eqQ26@<M%*3yrV^fb`yF<|6Ri(LwovMOC8VP>uVP}I0
z<5phhWfDsFbR*EN6Tft$6v76pu-|Q@zOWIY+bFf{ib05#9=D5qjr{5J0nIiifwyk1
zN1U@Hd6HlJiJDNQ?0Ob@{iFS08^#~lH4iStz^g_G<m4~FJ^O1*P<y!#-5%u=D1EJF
z=X_Zgzo=6M(C8GXd=q6DSMv@EdaEgwU&{FlT1wzud=ts_*@V;<T^+jYAxn1B`_cL3
z{ltlch?sV&wqI-0R*L~Jb>6>dDwK8X0lQ@w)*xiHOG1lE#<S@Mnchf&)lggvdtOBW
zGH2IB2t_f+)wtd+0qCeSQeXI~S(9cfj?^mlN<@)tae*g)H7w3rTO{?ptc-t))H5dj
zoK#F^h4qZ!OUoz2NvayUHo7k6<^cKd+1j+oZfpQN5R2ro*fWe$su}F72Pvd!<t|7%
z73+u*XKq@>iD;-$S-qdJma9o1D^^gD8TV<Yo!tg!#wS*T@_F4y{%!hp8{B}zbqnm9
zW0eSlQ3?c@Dh#5bKskDc=rNCs#+~5v`w~~2^w;@N=Gin*2HlWdh<&HTsqsymI;*eN
z$z;8_5;|Qh8OE1}Gu0-Jd^x1(t`qkX<jpfmI#dFA=m+7mgPhlsNXHqQqjf+JJoCYq
zk-ZsOEvzqE4(NjF{QGVS1U?2S5)q1^(!8e|tE4W%0SrN4N*Dfq6~LyPZ0s{;FMPC6
zhtU2HC*0Z2x!3WYX!-@ev{cub*dVOXY)|Qk7i#rTL)icZB2k@RAKY6@PH-KXt3@C0
z9_E|(SBB_7le?aqmV}CK*GagyR;?VB()Csgok9RW*tFiwbmdb>nJ}=>UI;kYDbh17
zol&4{gkNe%e?R2M`oW#u*f3a(?$lw4hw8T2!p-Tj|5{7jAlzowMQYqQRga^3;+^Lu
zNj0Q;FVRs(v4T)_r2{92NS3;nqMA({mSe49IL?ePuZr4KJgdhA^RF#a+B{S~J0J^p
z5|<04^N#WXxJD_#zJ{mb@h>a0pPJ8>3+^*v&WR<=GeRuiVROyoN+vIY*clb?(4F<g
z(E7y*y#(E7OuYh~91&feEKB-9owjR{THP^(S2jpsMi`!oHy8fB**8jUp;H87tsF_0
z)=}OFHsKz7fLmXLBP;2+%T>5twRionaG2dH<RhiZ8T0KrBUAj1FbDBR5k%#ENLXEG
zspXlw3!UZDUV}d7(sh#4Z6)>P+t1-)D~8?9FRd0xyg(b^B@-sDL=8f&z;htQoB!*B
z;Mn8`0c%qjRL8%1La86x6PL*LP$G#(ZUX%z&HhLt7D<ER)_%0-vp6$?7kmeV)Hw^C
z<B2~wk}Mk1kv8s*A2Z61oHEdA39V*M3){l;{;ZvU9tSJ^(sh`KAPp^p=JOqWlfQTn
z)~ZzgR9+w001L);jwPPA`HQO%%VM2%qv<5y2Wkk{eZAu~&*OiGy5S8601eeAmvz{D
z<}^aqj;(B+N;Y(^aCaOC)f3X$2K$T|pMdL8{C1gdZnZ*`7znGOc=uT06NCQ*w-`y+
z9=kAmCwy8X5wBW7@59(G3^sg6g>ynOW){mw>bjwRPNd}I+2yop)x3NfU60G6HN1zX
zM#XZ~DEb=XyT%l{(3g+nrSkf+Q>0I5eH!0eoFq;T-i=!df$%fcyNAFFFW&%7nQ<Pa
zLqP`Clo8yNq1#Wz0N&9m!#?fkX9%K*)Hs0{rtRg_&o?mHi{(Zl`f*COkSv|Sp@tsc
zt<qE98(E|m6{&s$bm6e{flLqEQsVulMl!Oqw)U?_w*r{Qy71lY8~rMMW-nb&7>Xi#
zYfxuI*vdx7j0F1@i>)QM)5ydBt6TRNPtfl?PFAv&n@ArncVLAae_K1<TA5BkL|rb1
zlTHW1%o(D+zC&r{46+<*Y1L1{Vdx~<o!$On(jR-rr7mC9Dgsga!A4^7VLjnKofGE-
zbOr$f5WXs3x^nhs>JyUF?iQ0&=>Jhz)^A$=Lk*586-gHTxcpWXRtCQ^UTc9Wq9Tb1
zuF{Yn1=;8x;Y7B7J@2mL-B7?MOjQijhhozQ=NSD9j?U2aXSvQk{2<_jT`GTP26^fD
z%{sH^c7;BJ$OxB)KCTweG;jqy`s+R*`x2K2)m4=tyY_f=3oRW`V{r{}uArI6cdGV?
zTaW%YY|{iRn!|hfD?bb8+1b-zU=A{ekH}kl2DrdkY_&RcqO%0ZA*(281X`lkyn<j=
z`af{hA*X$PEh2*yt!#84(l=Rnd#OXJi9#6ABMqW1Q6}N@db|G~I@mLo-M$+jFt^N9
z!zf>Huk#HkbgSI-weXjQgYlPu+XVbhaesxfr~s%5>wzMm<uJF!VO7n;*xI@u{w$hm
zu06JzEg%V*8*@5k$+|}>*6x|X1TpXP0|HQvsOI9^rw3t`a6q#NH(`RSrf8M>;!U)l
zR)*gXQ}^`b7cL}Uw`OC8-dWgx*mpDCpkXFa04d!5e>vDpjLM+US2h1;A;6U@?%tR5
z)mUB|eE<Sq5>4WC@|HLY0wj&bN~uh)Ugu`Aw$#*cHd9^{Bhz(xJ2s_fh2qMa1GtI#
znbK-OG?0PQ0q^Z)$xhqn@u8DVN$F^kAaFLU5N9jU?3TNb!tbn{b^`15jlpu}<!e+d
z`5(G_6f1Om2)j$b1ub(F2^k&(L^Lo8P)3EC(;{evme7WAhL8a>dN{Mx3g>mD-~y--
zD45@9g)c-z=Z!?ZfoP85|7JpVS+od`8F#V{4pm~4A7lV~M#nULoS&m-dr@n%JbN1r
ztVdFO2Ga|}iN_ZdwqXgE`M#zh;sCI0Y&hl1Yv=BSl_9toy3%2KO5Pp=#EplR19|Md
zG0visfyofT+6Du`m16n1$#1!t`$0?zz183}KJwpA76Q^M|FK=4IbS|<NkA&lB$(-n
z5GG&r<_5gVmst_PbVu(ejoyy2JA1f?>aN7dHj)l*m#Mrh1we|)c-Yf?KrZpyG{SV)
zT8>>An#Q&hwDj&grb^qAcnOa%F$_3aA1WI%suG;bDO%8J$7<E&Z2`Bc@>;ljD^Z@^
zQJ|0jwYt;`BR6M*eP?VLP2%W*PtfCUpPB~Ae~QxQRFk6?q!Y-U?Ea)J`f5M70l9T?
zSnWozZQe*?)$$g_07DKbQ5}-syaCWDHntgVmR20jls`AWfBK3-RkJ@LP++`-1;2Qr
z1)Dj_$P21LJv3(^*6s7>()+F`6PZ;Ln$n*rI9zp~dP10o1_X<?bsss~-yqMAibTGh
zB~(GyAz->EpsEiB?C_S#!FTd>5-CuhG&ZqZt3Y-ivJN`QZUEmVcmk+-&?heNFK>qx
z6iCMO?<7$ou=vcSJkD4SVsiGrN(~)@Do-?!BTU@kb13Z55TxllJ#x>NR{Au9VX@t}
zN36P|n4S8aen39dHRLLb!wqu=E{5zQ22}(7cusH#bxCSaa{4%QE9qkx5GZedWV@GG
z5mD*!vD74OZZC;ZSBBg<Fi-!krrcf}pfWv@e?VGsOW+%{a~bB_qIcaNaDaEN1!S(g
zGrNRNJWx%4hCM|8Bv{v3@qxzy2b)DP1M8M6(7E}xB@}T%&kJA72Xcmh^k1^#OPf*6
zTY_~t3{IbJ@2TagR0_5kyTI8S6Hd$C962{J^w9&x&c&dKbF5z4PL=q$wYU)x30uVa
z=<%Sdy=5l~K$SfWy{+jl1@?g$a>Z9g@phvY9(B$L{Do|3@GR$(V?{Q!GVySW?|ur7
z!?_?T!;su<v-bSN^o_I}{HnfbPw&GKE~Roq7LGcjD(Nh~kv<l>as&F_vnz1#XBSdZ
zsL&eOX6)$!6q9whm=JFFrly8q44`FpO)yPE>A4B&L&h?@KH|9vNJ^5qUiwP{x0B}v
zPe;P5lIl>cq08BC8Yjxt?l1_ZI`QXyX%b}I2KM48)>Q*aZWBFrVRO$kac-7G$UwvT
zF~Zo6qBGE}r&TZ<5T)#6>a0=~IZ(z51*d&~G3+$liLLZ)8?G92&Ig$P*Skh;V!giZ
zNhUy2$_v?EC_(?6CXWSHR4M&5rL8C(!5H|*w-CW7gh6<P9Wblm+R1rI!!eU#U)r!n
zYqtJ+Om$q4kzVbLLn=?dchj||DHdUwHZ#QRSM&<JD$Nyd;Z&x-4;{)B(TQBOm3159
zssQh+(Qeh<F0vM2H)U|RiM1QqS|~95k#2uDoESr?tGzZ{S?>uVUXQ7@js&{XBAjM6
zPc0aQWG)*sLLY{3TJ32f?h1#hnh6M$YHKvXM6cdmPzXblkbA2QM_XuRQ-O9>FAUR#
z<|Ci$@^H7dFAa-(t|$Ps%u!@mo4{Ijpu)nJVkj*MZ24NUnO6JR^ZE{!@&gdDO-9Z_
z5`PS)(id}pV^)s8h-ft1{|<@k#uFVXkR)^2Xpow^U`=oPB}Hm~M>&pzcKjU=2N2jM
ziM)f~7(8(T<k&|<l;%*!5$Z$ZV`ksEvt1B{$G{}nzr@l+Bb-kV&DvANT<^j_eY1j;
zGL-)qVo?$a<TN`e@<#nVJ=yXgpuNrzx?}`9op8y4cco45YapF9;$P+Dd_Ie>byr*r
z%Q7?hB_y^#oPE;SY{CCkqf`}JLg(_4e}q{tUsc5~@Msf27{%gf9Um<^^3``Z?>s=h
ztinFu!=9<&W@lIn<D$N3t0L}Ta`8?1O^x-4d^qcEmE`8!la@`@^WQiFIQYH5Obx^x
z6MaeKP~cp0TWW35_*ecnUwwJV*~9}?0B^6+#u5J2>MPPe8GynPX10HljFt^-rW20w
zA6o3WqvI0-Wt7m{6XQw^Y&ULgl@Cvv3B2s1_zA@ns&W@l^+FuV#fOom8r{Lt_Ok<a
zu`Mc$eg(7G3ubTT=HV&WNTpr%vVFM?*oPeNbPUnBT$T^EXs7rFyf!mHr|^@FUmI06
zG^rvLpiZmdelA7CS*eVbCmgnG!u*=;*c>i{C|d@%xHq!6a(C(~mQ8eHr;Fe`p%Jb}
zzb&{#K73qmrEm5PfM-QQk2a)*uGY5S(6_)NU&5m)ZEm)jmD``Y$l}&pq}~$3oFoqu
z44dP!%m?Xc3jxJGt4%<A?v)I7r7Dj<{<uJ;fw~+Ms%XF)MjSkrlW!o(3r^%JzMAm7
zm$rz>I=f-R#{{!1i`2&9$y~UX+}NBae~D2%)%_b*r)Nal%{Sd;fehl0JW|}GXEFhs
z$Q?d@_<(V(A5fv8Ya0X^_izpLiqjC+RgVt|$WZY5arW!A|I+4R*ea16%1&+<Y@d2i
zDhhKA`W8&q8eL*ncu(zmS77OSw4Q#}dM1qD-@y5GRMGL!Ke)``g4x;mhQc4q^Hu~I
zp)aQ3j;F)F^-%H&7xj|h(L}lo!EOrM7PCv?LW0Vg*;dY0q>n4Co(LWKJ%PTTlBhE(
z)9uqbrMrWkZgSZFS)Q5bMKP`99^x<8(j}+)0vo~;)}}r{Z1TAu-rh%CAp5!LGShQZ
z8OUdF97UFt%SZ#dp+~c`7-dg$!o{jI^!1^=QidY^&B|eY0>8swRKV3_HsHT|pRuBq
ze|O+a(ESix_{TP|ZL`XaU-pa-e;UrYO?HJ+0l`|~^K*y`HP(qGi4!=60IYfY#w8j9
z`8*BYNQ&LR8sBRoiwEp!n^GCG#Di*dJZGH{%0knS{EG8{*M2ZKkehp`A%h@9nB&D}
zuWl*0128!<oK6-C2>oPrF5mu#p=_yGNDXugU}dJIgy*1-OMTd77+m*MlvZkw!c0La
zsbrlT+ys`BFxpe}__z1wh&R{$EZu6u`&Iu9U_0HnxLjPeeZWTM3877%`+=g|asao2
zN|mwa_Te`43C`=-PmB0IIJ3R-rep88)=m!~{;7q&BkTSrKM3G>A~>Rw&iEFKe*|!A
z6}uvScPZD|V0&aJ(^S!0Nrd5nqZ+qa+VLk>7=+o^5f|8>&>00@L4`&gK(8TShRJ1U
zu4AF{<1M^1qG9dlX`Zu)&-u0uxHTd4aZg8JxyDtuN^#Onc>)C#pB00Gg(0WKT4bgE
z^Oz!xIGu~9mB2fUY3Nz2FYcQY5jz|$(`~e>+3&MlJEcB?l5f}WbO_#PS@YVsxhlET
zy`1TVIxGAZd}E8X*>B}^3d}UmS-EXgnik6yHF0`Q^6?|;T#hsT?`GWlE62(+W^Vd|
zVVXBZvIS*ff;$#DxLvN|Ws~pYbJt2hgDQcLQt8XETBy!m7OS7jlwXAfCD&mj-Fz79
z5>6Oq>Y(B&1|j^H2B`le!3NSL<m*MB5c7YH<BAr<BeYV<(kl?4Gl(-|Wa-{#E0hm5
zBFwlC)OO+5$><V4l>H+5)krd=)dKnwkN*SfL^>EX`UBUU#u%4=<v-!*%yV#XfDHMc
zp`}Zld9M9I!LKlEt1@bWBzwBBK-@S1pnoU%d3{OV62!vt?McnK7OvZuBrSu#prVDM
z0~N8979aN#`nt&yJ`W=xc8o|1!LZY{C`3)?O&g&>(f8FH=^)9yf1dZD8O8}N5=hbw
ztiO>gAHX4MB%3NK9;hBgO-I}ZH+5RCFTVV*NV5KKpCOB1z@G}xd?zgF@;`J>Wxtm7
zl8sou{=GhKbw;<pPzLyMUl#AS73PB)p5~scl24?%VbmckMkWD06VTW!4k{8=#n_!Y
zx1{`@c{iCA{0D{d7z92LeaFE}V4n|X>V!BpU&4Y7ji@>)>zBD9<$$WGbiqF4FL`K+
z1c!<1-XE`GJ*f>{qkavz5YM<YF`n|ShhT(iQ|oJb2ZUB_iCvB@7b2iY_oUCTsFsCA
z<1#w={I`3}-HIaUOJ)EfEa|Sf>OQ7Tl&_WF6zR$pj_=gJ@{Y<ys<27#LpPvf6n|i^
zY~%#Yfs5+F$f8KkUZHO@KC>bFBIaw1D360V5)QmK_1A<*TGsbZu8G;xr$K@DN2lw7
zYv&Hpo1OI5K*}8O-$B(zB&;BGCzN1n8d4ptf-}-~lV#G~TU&;dp(M-`j~}D&w1L6?
zUWSYd8=Z8a`=kM8owlf3X92UuP}UJ)o?YMPub`V(ynLG}{VRD&w6;H-L2@gHPb6mJ
zs)tBR3wR>$GWcc+DFfH~A8gDd&!fH(PBTPN#Vl;86n!zfb6}wnOMVYd2Uh1Ttdy+y
zJ}-`#FlRHhAO%P${?`Jtlz;~9>hnKDx6**A|M2qUg3$x|3tyO>1cv(veflWTJzCeC
z=y2<DioMoCEHs-%FChV)N!Qdd-lfY{A<9jpM{)e0JChj(<NB2K8v>QZy(~CVH6-^D
z7?fMwnjH0yK)-iv%cfL8j5Cd3vLrgvEn)t7<J6XPhc5&nz_I(%#ZlGRX7>$esf_IJ
zdiKhBgPKcFhBiWK?ifbV7`zv|wVzv*@R8t11P34RKI~79nY`aR(S|6|l-#!GDF<71
zY6ULhk_TWnu5I0)WUbg{UB_9Ge-PeMpooz$;tvx+j$|OCf??DUX^iY(!d)P%RRv8F
zb3kLGtI!(}aXzqb)n>vBBJ7JMP<^3-7by>Ckq&g2vBYENyL4u{%#=28z!(4o<L!R>
z2Lhkj@J|zke}rzH!xd8l#FRGbQq{|DGgf1mD{S*Rx!IIOOTjdj(ER(^n_6)~U#>Z$
z(gbmrh(1pM)aTRS2a6lUc_VvaCi?^uZMQV>D>FEW`L&qNJuL%EZh2}k^p2qV3!t_|
zb{2F_Qir=+oTpq&p@}e?)qj$OWeQ3$z?<-#D14QmFHlJ<3MBU6N_^=()ll9}qELin
zX}SU&`pwH>(suCcG}#Xk=NB1iQ=&DM`N6smt==;_SO<%}=?knxF?sN^UWAmt5FTtI
zf#MVs5tjg~hqIYfnb`Db06jp$zY~f>0ByHHxg6gFUIK}2pVYXJQ$1&6QR<N?`ho1w
zI6_*RYu*zVPCG$s*FE4HH}2R+Vejitj;6eu%3U#C%MKTCm}<Mp*|~sQ(3QzlN!`fv
zDPN(Gj+m3)c@82^Yj>yJi5#X$9^QNChN|uEHYLz!T97KS(Q^sd79iM)9O>y8&}S_<
z%M?M_=7v{GqIW$!_)FY4nsEAV<F!>EOHj3XLBs0twz+}M=KUvhvlQkmea`0e)aEzU
zI+C*xuy;J7gLtt}=@TzwXsShx67F*!vs_*puG6c_gi(?Qw++2&8bq@GyuafpJywI3
zoft*P@e9hnDZS${!$<|^=SG6^G4hF1->U_$v^;SF8uF((h0%cu?c(wYGy8ScU2kI>
z{+ZovMm!;6)AvkSlf(!4mxUY?F5jRmuaa#CFQc(~Cg1_P5oE0@qelx9dP2)(QgSB(
zgUzPpj}rov?Vk|l6>efGDpkhKD<CvlHn(B?ON*yjeDbw=Q?+CS`NtvF_{T;4ZiLxc
zM52(5U84>JVHRq|Dk&?bw`!%#hAnOWN2R0wMl<=*mKv|~u0~5Av24;go5R}DrBJ;1
zK7^aSC^5`YSx&UFslvb(Y5AAK*r7c&01-Gw)fQrXVAj07RKD=@&ipx{CtK;xm-;Ln
zOA=@MN6?CMi0JSH8Ogrv;q-gI9QyEIEvBZ@cGs3K>H}CmC)gJzv%)7;t+4Xn7?9;<
zU1ko4HS1BM9UOh7=7@j+JXs3Qan}gtEP^B8XUz-U=G6c?o<Qwzm`<`=j=B!selI%6
zIqbJ)=%Do`%h@+cU8;K%1U}*+#AwhnR$#1?b_=-*#hH%1iLQo{qSeD~5_Ug-_@!>r
zstU|7C*V=fiSb|i7<ma;suzNRny_%4J0zu^pa34=%TQl9p{*5cQAL8z-LC8r=^4_I
zAA<Alqds;_3VK!4Nacmn_xAWF4@_I_#U8|sT{DNQ64evp*TgW1Z*|gl@%hVtyLf?j
z4?exw^rPr6t$Hfvci*lx9?kaQNU42YP+d-hyM@OlA}<dSjEEYZCe#0@=G``MHrvp6
zIEmi6X5oQxqxU|XdIiY}LQrVFNg8hy^y|_{l=oCa78wtPv#fe=Tq_Qf=n$Fowng?w
zt0`nw8~e*>6nhGUR{Yof7F?&`DSbtxAPy6{l0f+#to@jD<cKC2K}gTk|0M1WkD2!e
z{-Tm3<EbUb`tEMqq_B?jtYnbp)JU5lI+qIMM7|qBk^nX9F&NrHB7`u_CaJb}<~3dL
ze+8$%oU$}YgZJsBtW*|L_Di481-8T|;tc7YC|7S8M(j1t0~@x9)^Eg<Rvn+*Ds~x<
zjyO2S^9+Qzf6XO{eh0!LgBo_LNaVFT7w$}wAB_Gk0Tj%}pmGbwvFm^?CARexK(4Zi
z9y_T7UoHpp1&2xU0ZhrT1rDfG@!mVinyr3}?!n#uSJ@@ZD*oZN?nGOFB2u-I7qGzC
zXy7-ReNet5{<<1wj~pPRu+M-(fgUB715i9q&kHq=Xs$ham^oU(ItAXnQlv3O@KPUD
z|8`GkPq9kZ_M<g*7l2Y5gEhYUxAHO7>L|wZ&LBaLR3aO}RF0d{KM`W<Rl5P$j*iy)
zcz-XCM`Y$)#Z3%Dw^G>w$<>%<GeX-zE&W2uB~*>qG&_4k2Qe_1<?syRIH;iGKrs=d
zaC)VEtPvpJmQguJkkX}mX&g7M0gp8CEues2X2Q;pZ)ia`eM~@YVJtMHAKJ}be(8f$
z4)mEcutBunI@|79RHVdX6~aKFe64F24Sbw?n2my!n>q<L*01RbIp?Y|omJ&_mi4`+
z)h&JZ7q#c94EW94e0GAhQN^HpZVJeFQ<)HKo6HDmX3a~RthJEeEn}-lY)a#$)3{>e
zUWy_fJr#RGd0Is!dGs$I($2K9m!Rk~S6=PeG+0p9PF%UMNsh_C&6rK$(50jf8+|4}
zFnuRKP77sYdDf0~aa1W>B!ih_5Fh3wc9I}!D{Tc-Sgkm}%i&tsPIk)%MaO0vaGy|V
z;K|UltHByJaFOHKmS~H38)+;nQ#kO?Z;<fJ`y*f2xs)Vaf986?#vXTr=G>1M!5WN&
zK5QqDoAH5irAdB(k?`GbVgEp7X6y@{tnp&rYap*N%W_OrijFQBNG;pz&Gm4N_w2D-
zGOkLBIf5g#$uaWoxrt<%&uTnpXI!<81~bn}@V~J;7xYIWNG+Y@54JohLKAAVnA=SF
z<d|rtq}QzbWA>}~z1sLzMO+d}J+aeQhP}@d-fn_;xe={(3=pFov5iRqP@HLX#$L`@
zo|mHXbDo_c@{AY9r-8ynp0Mq?{8OBM6BLt1l#Y6`LNH3$%U0U2Rs^eJWAStTze9Rt
z$Pm1eD8^*r-96*5rb;$Th-KTWwTg()sHsmRKnAZ$g)(Chqyn6xcK-j1Hhj%J=_`AH
z`{NR#Y3!*$W%0Gkq^7vR{s~msQwW;nerek?KC<-0QA33e(Ggx0(RwNW)>L7-V8^X}
zEl#eI!t6XVAGaaPl9=eVmNEf80lL>b3@avOJ$GFps;Uwyqwn*hn}pM!>8C(vIpem@
z+_(lIcH|m-Aj)N{g7|U{L}DSxj{;$DKv}LQbwzde70GyKjACpWv)KQuW#rnL@uDL}
zQ*m$6Z+{J~jD!a8cgK|%p=izYHH+uTFQ<?sC#3NruoWjQ!$d~~W{8E}R;l_$xFpNn
zIXo19sK!nZRn$=JAmff#9tVL2^td#H%d1^~CQnVysz`xYKVLCqkRC8*avo;vtJNNS
zPapIP_beUh;WbTmhptT1pMO+Pv-L+tFzVy|ta^vP(YTi_I%UV;yo;QFEs#1hw5=~2
zY=QYPsnR_OB`_97q2XxTIn5MPjQbNq9WJc`qYsVY@PJB)vRnIx?oUPsHyiwHnT&>&
z9di`+5IcTAM7;h^%s<<wJ7Kh~I=GKI82+!ZFf@-&qr$_hq!}q6M~LQdXQbiTeN@l8
z7EYRMI`U%w+^H=3QzDxyo6Ap#@tquF`nLXx+AiIA_5F8cg#9yB(Ok6D7Ggf7VTxw?
zS&FGQd|y!%Si9%yV#Wc=cUUb*4JZ&S0ctGgA<P<V_uw}ri2N(!kc7XFnhFKksq=N*
zQwblkS?L#Z@Ut*mxW6NLYw)A(FKJ4#u*Y*SO3RUIRYL>NsIm?g`=o`IrCwDKC8-P#
zIplDhPTJos5ql1?Q`hz7{_%;U6@Hs`)JoZ{Zjt2DMQCsk*qsy`WUyG;f##_;=n=Dz
zhy)-trdH|+h>mvHR6#+G0Dp~+POvReA6eU9t6?T;mbY#$Hqsuq%gnS!o9Cfc`pH%J
znWS%B5k4KND^qf(dGpV<<s<bWIs@d3r5^`5{_WD!cZcvMIQ{BGELW+s2Z<;8{Jq(Y
z>h7-QtZX|GQGWgE2`9=po9&N|t{fV%ECZd$CQf4lpa#RL*1lANwy^u8@Q@39w=SK&
zR-UcC(F@@q%ya87XsFfQw~k|>cg}^+I#m^RwqQqGVR0(X&T!EzoLSNGZLXKum{NPm
z-2Y-*?dxR!cYyB)uB?=3InuY8eu<oI@?8L?R#wZ75Q<P$7Gu`eh0)m^uA2U%U`45d
zOM{g9HMQ%rZ-hw8he}+^4&;gm3E~xGH)brA$}5*f-KVuwt;Vx}Vo^2{#vmSjD{4FN
z_Hi=*H&74j2~j!vyze(iK%1wBEp`W%v2t=SJq3cU>_C9jJMy73_Se&e?g3~!z>QcS
zD4u{!ryEkv+vZhGJtFzJ_`=)QMXn4Sl)D|X@5H}DN2b~jBI3fXgIbh`Ib7Lrq*-ki
zPe?tD8$_w)z=>+=KP08-EfIfUOw)roSvVoc{!DyWK<={1Gm3zGMFL&kLt0b3yBUp1
zHHeOA`_6XUG2ow%f;}J!3v~<Bd(l+{AXA_wIeW&2A2LXtmuz3RX&@1qTka=Th`L@#
z3t?q_B|nZX5Z7JsezsT+cs%kHO6UCsLU#z)5+P?nMbIgc=N$;*dMc#(&tO-pwo>c-
z`)`CO*MS*1wnTUpT8JC{?7nwL*<$wTvSAU|&QA0mAxH0FL!{!UT$UV_#nSdJ6!2cR
zKg3gvjrI{N6fY%>b386<*5g1o(y8}D^ZY-PS%KPZa{6`C{2txW8q5Lb2;=kBL;f;_
z%dG!ir#M_Wg&6~F)q{q2^o9L~IxR`(|4wQITlAC0-CSrM-<l$<JyxTYNJxTbYLO@i
z;iu-#+_R9AeUyQ-Fx74_r>n)n8th>Jk1#|<YPO9&w!P7aZ!3Av!9A-i$_qcPYIAk~
zyj95~i5wL!sMs#djv74BP$U{8>rgyT@MuiOZpeqYG^~t(Gmg%fCC;+_7)eS2gmap3
z&JQ$CXz3a93x-^8D*o>0ocdYJjapkT5$6QwE0J)wNm;|{*=H>-)dbdJBNQI5uvISg
zVLLWZZ5E(LHFYV3YfK99-nR`Qog^2KBQ1~S+E8M)CH{l++M4$`Ai~xYh3-A;Uf6V0
zP8^sh_j+eS1ABcC(L_f9#%i=QqcNSXm$HfBJ~chv4__wPVXTcz1+hTH2B6T6NN-$r
z;xGAZkv2mSxK`Mlv@4^){v>;~2#VH45D_w>QS`0a4LqI8oYqhK&FK(IRVjjDhi)f8
z5S!n}4283sct$G59l`~46|0H3)4b@GH-!s@)Ef_~5Hwo8_6MM`$?4LosE?S+#gPXJ
z181cOh_im#@`WJYPP%vGWote8oI01y8&=~=Erlqn1U0__`0=Gi)KrykGSG^KQG34_
z1=NS~79vRD%)s`hymTCXR}gZ**qxN2v)c>;LrOGxO75A4#o{dmpMSRH{5_N~Cnwq-
zOl?C>T)ZTk!_i)Iimg(|`itK&^v54I-rXLOkI4u)h4!RrZ-Q|?|0iYg=^ECRnmFdM
zqXR-mg6Y#Z&y++7!-J4k$OYPsPa%YOKm0o(+Jlw$8N?CH-+^HTeH|#wYV9Gs3qg8k
z;!g{(cYF|Xy!no|fIlC-QBe^+w<wXeO4UCHRPCXFr}_(T)5!t)ThKy#UkKES`HdXq
zc$7>1!?_L20|@Rk2P4{?_7<V_SsC#n_r7;3>qEE)p|I@6wl@4Z^Jh2rO9(sNF6DH!
zsv*HJs|2}0<CQM%DvjWrYX=w0C^fUz&u;cmdqA8KYpzcoM~EFyPJ1Gr$<R-)Z>-Y!
z*{y_sk0=8AA)f$<$8xHarNsL?gg6|hF4liCx&hTI;blen-|f$I%iY2z2!B;8m93mV
z3blv^ihWlj>JtcHX7y&x)Z2u^Dl*6-4&X|~ggebt#%(SmfH`7E?66|_U=4QnVIgwH
zLd6p{8xAwUPQ{-SiK5KXln&w?`@ZJaj3#&!c-<Yaod!S(ym)d1)`mif%~&^(hUwmG
z9ck;JYJjNV)E`~3O`Y0?L68}Dmf==}*v|E%rbE|4GEuhIJG)UqUKFRML6bqCf%{w=
z^iPpZ$P!d&H*1kPA}G5Q`NoNMg{;CdQMxH$k<)<&@kV;*4iZmxi(zr|b|!v35x>h|
zzXljvNHKHypZ6)`6cZFviOeE4>%Pgyedo2E1>Wtf^q5%<tO9g%7U<a=`^Yfs<#LJn
zKt0K&odQ1u$ukt>=Ld90J=#H?tpIr_1x2AM!D(x}#XGM|mVez|xWI$Q6>TyWxAnkH
zz2fH@?!!>I#`_xW6UqDxHEp3)LfOh!+%{6oH6dMR?Hf@QRIqmb8rC-;G%!s;`5#{R
z>@xhVE$$ZmxRmWtWD&utDyAXire{WeBfa;0zeihg+@-Abe$}7Zbn2uoM0jDfZ2^z-
zVZpRxqk70|ARp)n^SmVJYLR|JB!{LqT><F~L}-T_H<Bk^d^`p<@Z*zL;Od^$PO=Gh
z8Y$QlC%&(lh|%8YO8MUBJ0tXcRo?Jf2l3|C`4tJ79JWB4pN&pq&W{#ix&hzN{nGBK
z$9+#l!{B3}jvw!}Dfi>6ha*2-RjSdAAY_yKTEdE*>!HO-?QVzIOE{?K&N6k{=+lIx
zMIIyq#aLuCo2|Ul2~_}OXZbb{N`D~tAe1~4Gk2jhV?ju4lfvRQ2|ISC(QR-QEK$6c
z<gNyvsK-#RY+m9TPoS+D1U2BjqY^k&zA6bX(<kHf_8V1m)RSC9A2K!I-Z0!Lc`@q_
zp|i@O=!$;!0}OqJMzPxwENhj6-8(+Nk>6-#3nUP=-^{dWL-P9vy&=!?4xH^qiZA<;
zq#9me+s$auW~g;4)?Kx=neEl;q9LG92v=v7MQrvSjY{$bzV8>YVYa={H0BLLGB1DR
ze=R?i$iWP*HFz>rW7}M|TDRG;2B$_<OM@GPT+u`99$d-a-ym@hLHZqz>Djsdk4mAy
z)2$vA-KV!;gwiCT$@C5b2W@y@hHc60qn>iJZs*<UI45cCmG+Y>qbcrL_BR%xUQeO<
zdVK~YnznxCU`u7rt$pm`FpQK8PPb+Q#F2W|8e9X#M&y#@E4FvKtnSB?b7&dkho;S2
zI4+sUVgU<??01T31Z=VVT`1{xbW@t_M2XveazqQo^XvoLUhf^~8U#i0R~Q1MvL}zB
zfMTRow_`f7JW{M$F4KR{8Aa6%jdHD^KXUwP*5eti8<~qDZ05^jaUSDnXE0bLON8&Z
zo`Y>uF%%=am;<YabJ_c~j)k19dzCFf#s!*X*aY9A&ZI9#bDS$_)vAZ3Va!aZoUERI
z#@!^2U0K(=Qr0r5=0c*~n-yhuBa$OyIbhG%_WOsT@;4ZAr-MvVf-c~ykRNfRrYk(`
zRDmiYqT0}!FJL9S;=7!d3K;{O;`ArRXQ(18j%dp{`T3>|?;BfbDyxgM=ONmvyqDt#
z2LjvyeB_@><p@)%b2lG0gcW<he;!AgXDJ(%(qHuFY$b}BZ3D<l$@w(hahK?<bMxqb
zh*^H9^0z#bIlz@|HZ=LVl(7n7Rt!{(qP)-3j9jP<4jI|=a`wruIG2=Z!-<N~lK%kU
zyrN7DE2T;iVIjn)t@Bl)opAiy0ornpmJ}IjE&g@ZRHOqHEj%v(C+ltUXC6->Y`iKB
zsAGrUg#oE?vdYyaM{vag*Y<dTxfx&disQpjz|J%siLy(1-prMlw2mWm+O9w4PdycR
zoV#*oPn6z$2z;9EC(H?YXQ^!++u%knBBVSfnR(qg<Pd>czW)?g3aC({MpUuN=jYAW
zm^rOYMeQDl-G>&s{>9BCag0)U+{kQfL5gnAcy)Y^SL;-%f%eN}7OWhW(=5F+2G$}#
znCw0N*DO|#$8JJ`f~6=bH!5Fb)Z6#j@4Z=A8T0=-$~66TgwRW1eTh@ghJ4<*Z+1M?
z>t2dGxc@vfKCA!?$HSx?F+R2eWY={IaXXp%oszNKr7V~q?mka9**PojI+SzmNr`>1
z_6gwNEJbiUBjPTJRz|a_a=%iUBUFEjN|86csk#lvgGZmBTeLJz>GvzlpU(5m$-(G(
z%_o=R{iY#L-qKE4>NUT`j+H=tjn~<k;gndF{D0ZKsRWR{%F8qx-xp&h=QUo2=dw8V
z8>D0anm0%Go@WrI<A|7ENs8*0lKp93(0M)mFI~PWJF+(R@fD^ej(Z?pp0O9#^sImH
zOL(*uK~{n03(0|i+90fqHn8rFC#*msh+PXsHh#VhIK9Ap`aOZx5X{oN0+R^5BI;Nm
zh?rB7s-`!58cArn%3E8s+AM_ddsGz$A;LfwZdaUP1%^kk3LCaw8J%wDRuEH$a73=|
z3NkLi)j_*msjPl2e?xsLz6=7}VrX;X1`xdm)}JCDTq7~reRlg*wK`QOhgJ$<yzHg|
z3;L{s=5LyUrp#0LHu=V@;~1@;=|$nfp#h+V6@7-lxB@;M45vqMe=W-BWeDT7{6DD4
zR2zCx5f<oJ*Io~yyrVp2qJtbS@5i98e5Zd<I|<jB)X4}=_#<NvY;WzQG-w-ok1E_)
zO9q_;xMRR_>Z+VK>im3*e$<Fm|23bn`2z~$nqwxxL+ehoiL{ZIbjV*$sg-uh98S$S
zfiawZuPXuz4(e4>Hxs%~C495<ku#Gj%UJw3aN<7lO<wGoj_8U)UI*VSdDfXzkCy|e
zU5IEQa(AH@kIpIYDTeA<o5U2&gt)rX<BJ8&wI$j-aC9Gkuz1|j`E5R5Z6Do~XjoZ+
z)=a^QNgbvGR2@f{*4I_CuoaBq^6Nhy&k~2v$VWc?Y$@wg#Z_)zV{-S#;hwo;KYE4x
zctoY_h(|Rdn`ji!+o;SBSU!Rg3DlgE<&Off%7F|ZIp+RqfDe&G?qlyubhgM&peqLu
zs1^m?d@wI^!FdP0sX&3)w$4{NWyOm8a0fz8$v(!yRd(cKkCPWzmBAeALBTjajU{E~
zp-p-zYoO?6k2NKRcR5@p<A(FmS$=SErdG2_-tPHL&JG_G+FtSd^qPg|b~2*t8?_4S
zx{+l^4f&uR{v6(E6#}{XeqwCx8scP&`zirLcxE@at;9&E6VpzkMV;ART-dm&Gwmf)
z&91L({@tDadOe3!>USg5(D%OJF?=-EmlfRXG`~nwI6|V=SZ<N!w=`No;3=a~Jpr&g
z5dGE8C*Z084g@{84)c(kqi&?hdaE!p9JIhF-bW&z*p1Ykz3qg$>T=&4_o6Sh61<S_
zEO7Km)9VPePhED@U-GGNDNtd|rR!ZAil}oqbviZ@5HUxF8=^-c6kiFGy->X?B}pSP
zAUWaUNb38@)4T245eL_0O~pDWk#R(-?3o5GR*fpe{KrArir{RsLamMNA<?Pu>_Zrc
zOQy2HA9=%=0z7zcw~>ABuxFP0#%RR1XEiCk|D=A{WWfKln=gH4#$#Lfau9IX3^MZ-
ze6aYw(p3Olaj{o~+Twes`_}Fw)v}ZC2v(UTZQaOxkT^!@hkObzC^y})8<fA$z+|~{
zikn){%x?5<!riE~SVK`Mytn+P6lW(^ds366aDY$WU{&x|kA$Xxl@gkZ><q5jXWNv_
zQL56)U9HY-$Quv|2H%uprS&6|7S)n$+ZU;~@6K)8WKb4&<^<J1KzrhbN%8r&-C0A-
zRqca8<Fbvg&V@dvyd+sb=fGim+}8c3qY%Zi<it3>5r60nOBWh1)d8f#s<OrlSR-gV
zKwVbu(DUT?QWg}h8Vwgg0;m>xhN?Ls7dA4;iSpS2NGG6YrKouqrX%02UY(>j89zrN
zMF?cy<QSefICzu5%zA*iy~Ou}sFaW&D8^e3Fb3t*2f9LERWgEHB6hx>mcH2nVR;}#
z7bY;DaAW{2i90u~%5(9nRi2szxSl_KZe5$n{s?Adkbrf{>$;B$w2k)<5Q{44e5Oi6
zHN?2WC6CF4FN6AtCdO=%H1XQM=ne*hqie7brAbRe&qWgGxLY@vdPJxYT9QwIZPo<v
z8>qa6f8dA3bRP|GG(pX7CL|fB34iCRToU28O%)y7ytU*~bE(LV3!t#b6-sF%P>X%F
z6phBTYX$RY!(mX0Ve+!+T-vh6#UDs8$>*R2TGma0p%)4E@R^s%X*+piN?yY^YBH3-
z2gJ~vI_t+diZH5BHAl3n6)z<%R^J<O+wF!z+<Z>KZg~u)mEAsA!EQdwAw8A$m82Y0
zQ_m0^xHsc<FclRADxL8aRpv+OdTc)wJY{Rb4Y)<pC*OV`=(xxLw&(}>SWlfZjxYlv
zk;PNRdzb1iNg7rPfRr);(R6LDvC~dK^K#LcK<U6qCqyzsF;vwc32mMGs=bFbf!k5b
z9v4%Q-s_d;X5Yp4Pt${@@`YS~cSlfajR~2zMg(uGe!R1*(6cnpWFpoDOG@j2J$XUH
zI^vEsC7*$zyXnB#5^fcdA(C^5%%MiRCYn&_U&F@d>@q;MgnE*o8Y%O5JA+Li?c50k
zHp7h??(TX-wt^QIY)LR%=2BUGp94EH0cQ1g`zrq_#J~s7KlSARqbrA5=hMJQI@guw
zgzKjvgPf)Q>^@-==u$)N(V5CG1>QdMK%XT!9}lzaekLKdl=DYsQ?&k7@%2B~0;XCz
z>7<SsT&EfFx#~e^-j+;9RoryPp|>_bxmslPir}?0!-nlf)3dkoa{vrH0<P%U6cON!
zq`OPIWE9_n#}<b|%P$B>r8H)S4DO*LQPFYVa&qrZ1`Uk!tmGfN4kQKfBS;9h3w|)X
zKU>yFlTwUVYy(394K(VOcmd6)n((e0@7}7yjd77fJQog#RkwU1X-wv7vBav-V6e5F
zYE-aWLl6Em|7sDI`EtVS6x~#Glqj?pZl3gvTo89GX|}7h1vCeQvkv-S`YQHhA3ZUE
zjEAa@I9$EqHp2KZYtp~A`VQArK7%&B?@Mpegk7_IJjH_+vO^N%NKI0#7h*HhaSQK$
zDC8ETvr2*^0q@Eg-D>Beu5EU&Yz??YzgHoW!)-IlRbY6oEx6!an&}<yRNPVPADX;w
z4QWDINq(O<a+cL*Nf*rvLnV;k(?cGm%Aq=6{P?!%5DMmhD8<CKBU=)vA_H1J7mUa<
z*52_GWjtWuHm&e!NA!4*sB{LUcctY9w0W9}J2OzTevp1VB*xOD^WZz`HPq^*A<1kA
z&`@uLntE^#Q3QNb=g98Rg_Z<t)+}!ki4&6M9H{HK-m@Al*<G^N1I0UXi8Ov^S9gk)
zO^zDOF16mEHnLOCT&-BIl-T|4wI~@mB+gLHAJe#byZC3k@<B)#=Su48T$#rwzQskP
zJ&aoP6TVHu%keErGHK`;O_MxShKHC?YiXaCbczR$t|zPl!^aQt&C60u)T6mQ`VmZ^
zYZs_ddEt#vk5kn@;_g)cTE@$Udo>i9m$QbatY)Fi!>^3nx->cEhS*lR|3a8iZqi6$
zIp^hx@Zb3R9Qr_q?CRbg_Ohp>SWQpej^s%9SgSBx55)ObQ>#v$WSA3m=(F@P``@0S
z4%oO*KlyIC0?=aV-E7;Z>|7gX<Y3Da{X2PyslMkEj|iTuPple6lj+b`Jefs>XDJg5
zw8mI9Rb{7gl;<`Y{F!1{if{GKf}9GU!Vdq~`=@HV-PGMaQ1D4sP6}4q*`ttvHEex%
zg#}?PsuJUaBvl?$V{Av8o6Lkvg*)33oXM0x5VJ?Y7iikXD=$*xb$m<X47Fg4eG<=v
zGYVt<$|!mI-Si=zl*4a)jTZKeolqP-Qa|@1IV|4(1>U$Pm0<XymC*mvZy(JWtNCeu
zw|%)q3`DVq`~TlA#a_fJ1#MW#L_r0qg%gp7C4JIr+XgfmO%NR|=aB;!h>VJGft%+k
z*}IYcc1w}GV#68cg$nFo{2&mT<)}qpy7NPpoeEd)JkeKd7@n|9I=)_lyDx3KAw4iv
zj0m>kf=aP^tiokjm*V==@5~T`gnuz}IutS??S)PW?bUvZwu>1l8ehk4hb<WJqMJ?S
zgKCgwm&;$s#z~<y*I7QYC5ue|+iec*K?S@{pdQYH?vnqhI?*J#O#=3?Up9{5PKCV$
zoELKSyYYNBr}1OJ4Y7$c6<l=Hb@0EKLY9MtE$W*D4xbSjJimw{V1w?F8sCtLyXr*P
z*|RZ{<Ouiydeicmdu}NcgooByn&XBYmzhQ$7}Arndz>0l;0@Qm3yw7>yIZBqYa>1j
zubh?FF#l0ow`qBpE2zwJI&;W}vUUDsE%4dTL99>|I|%ExW%BgxKtZoYi?Ko`ScnL=
z)=ZLEFJk7;A;%x|)+b5j5F3<wXl6U^CtH(rRy1@Df~$K-?(|VjVZBcnxecB(bFAV@
zoN}~J%(fqBJiI@mgF|uT=%pni4z>#swH_tpC?1VxQ7{emoQy3$s7v{sn}JWPcZha&
zeoVeIv+9s4O%;m|-31H@u-U!e{SKB%&AQ`K)Pwg-9MN?3a=N4_z%<cjr5sT>iU3LH
z<*y%$ZoEYhaYWb65&FzgsMO|ahaWs~yP!=jLI(MKdFpr5f8)JLvK?whd|N-JVi{!Q
z7&y5rJQ{V)%x0)g<Pk;6<H_&Bj(vCgi(29c|KjacfZr1ng8|4L_63gx9DOYi136j2
zGs6fHHg5Y&GZ}9oF}(3W!v6wIbfnR-u=xHmRTrD(Q**jd;0HRddp*ebeEN>RERdla
zP9)A7F9UhhI`ySHx1?jRnSs5X9?f*#fXMH=8vEN)eke;vD1W({xBvKYfF%b59?UvA
zPE`+igB^{aX_VfK^G}{8>=VL@zHJd*EE24lJYCaYJB0WCTv2m&KKBjNNb$kXiVl$-
z2wP-7;__%hIGKUKPgw#DQq5=8*=Iu)g{e^I!nLJWb%Nj*by4&EwL`1J3WZ$%sAjI(
zUtV@9xJOKk_%MLhNlqe!Mqpt<Ol)6jWuVv_D#=%3fMKg(v1&<?dTU+n?J~H)io5Vn
zVc1o0gJA(_hN_#7_28a-OA%QP69CK{$ylR9_^^DJNnXo-`t6D=?sDY8(FC2H$aQu4
z7si+VP8-upEz8*dh_NO_!k$zM>e{i!+Os@=_p}N-F!E6Du?`p8;#Z{`su{s479NTj
zV&o}|Ll9pg(?<RJ$o*LdL%{#UOH?$&Q*Z^NJ6>~D>y`W?%~$VISYNV)_g6C@NUx2{
zHz@zrf<yVNV{DiP<H#~%XG+G~aj4GOqwos9ddW4fkDd9WrZ$(lFsj0K+ugGX7^f?4
z{vy27SY=CjiVT<Mw_!)VSQ)>qv{1J=nbo#P>Z~n{Z%3j+9M3ti9wsKBs<0RL75;+3
zAc?>ju`(j>2+3P|g8ylFvFpk{33;bmKjjUCXZI2^W!%0m%H`dxImjxEebOlsjBo;x
zdpZqZR+D#RVN`sHBx6Z3?2G&-^iupy2q>QP-K-O-9!3(q4)y(I_qcd{^gSQxv9Gpt
zoHN@C$E2%IVqOsY>NxgCNaUW2;+_-3x5LH#_q}!RYNyU<CZ>#SvwKy&0o9;xXXC5&
z$`bSHe+Ymb2a$jCE-IgvUL)2eLxo2&z#D;$by4lJbq%Yo>+9aTi;w=Vv(QH7yBF}$
zIqzlA+Y$v&%Jj|nY$?xf@j)W(8G^(>&kp|0a4mN8h|X|zI7_pxKBU!M0fFV&n4ZvJ
zuHj2?`@N0rA1IU}i*D^fQb6nIZerNuvOC=Euvp0DUFpuq*bROL3&)~SAK}CF+Z&QR
z=RUYYPr^1nQ*g}$j>!P!*sod7J*|imf>Beb*O&NlF`+nPtO#*wOs|hI|BNc%qHW+6
zD?iI(7pX(PQAtX-ecfWw2v(D}RJQiU*LOirES@r%Dzeh@M!oGE<-2@P@9a>vbv=0r
zv=cDUa15+Kh=?|$*LGm%7|yXFy7ihOU4@2IF<^5u@KyS8;$i)pQZ=raPc7Z;rRgT9
z5Q47qIM{&iNCfC8%v<A3J$$ak^g<UC9;xKQ!U`u&)CkfulZkbSo5Jps7T3?&SC}ie
zvsqH%`!6%oQLHc=_mSSQR3ba(XrK=~V!8lK=TE@ugqvsv=J|~`P&?t{Y2`S0uR_?Q
zq_L*bKcaow5{-Nih}RE`79Sw^xsCG~7`<QP@$yU%3o-y-?^~GrshIbAWDnH=b8xOs
z!PMz0?Zwc2@Gn+jHD0evqxp~MAd7Y!`&9dK#3w5S6{de<q4Shb`v>7tDmF<NUbTH=
z;;2`Q9ttGSbNM|-3^JpxP*8pwN;T4vx#2p)VIlE&1VA23tMTh)c6@(>{dcZ+0R8Si
zdA8s|4UNI=H@+a~G(=Y@YX^=Q3>I}i^G<sPR91@$v-$^3+2dMokEv#tfr1U%7qKl`
zp~~kv;H3Xk&b^2ti+9wKa}$?6RuPcGe_O4+^x`1&zcVngQnOjR8EC5AaZZ!^*e?$S
z$b`jK5on+!k_2vs@|=RURpW(0Y6lY4?$v4eC$RF@McK-M1mcu5{uh;FbeL*@up&A-
zb8u?T2%m_11_=7Sw9QL>t%2@&Q>cMR70lH#1#)jLw_GgG9Gb5%m9uN*#ko?ROjHBU
zV{aF!C}^hKib?L&+J;bk9Py$NK`7uHt{XnA@G2Qjs+;Rs#A5a?8>pifI*$DwM<}tE
z3tef)#Ir$EWC;b-`2`OP*5zD|@UNrcLB)%SRtiN1R{VL9LnaUSS|>6PR|4cQ*$#1T
z)uBMg)U=s(^L?$PRF-)3LSK1rI>0odJL+_lxr+WyXZ`f8><cVZqVvpa_hH@1<uyyI
z*Z5qNNx*)9pA12)Jq8ky?`5U)_Tp$m{Kc}zjbz&CCU`T&!=)cp%)}0}|K{qm7rq6t
z-v9u?#S)f51tv!&JfPPe%B$L{7`8#B^h)jn#)hMw_fBs?Hc{KL^|u$oBcDi>E4s25
zITa)}4h5N;=AomiqsJey7Bxo{Q!o?_K0L8F)-8sUUP}SyOu`wRcQps-d@t*kr$B3o
z*r^6T4H<6|uX+5vt>pJ+Tw6y!H9%B4LZ^#FD*|_m5tIa4=-fS}<aig82DCAJB<A%{
z)U=p;F&{R}W3IrW^N4pC{Xp~!=5X#SL$EF}{G@~uGKm5=dFC?gHrL*z`7tSK-OdIR
zu8lvDF7xHZKz1-(+9h22^q#7}aY$v|qtH^g8=Wz&ncQLW2@BpUwCw;yMs?WuytqBl
zq7)E+cusgXjYvXZEPKxdtZsSjdpo)uQ8bA>O^<Z#gd(B14mCd9KHmbK>7M7#d1o4e
zpv1lzjV}w4>?hVxg^I;<=C)WEcW3O}Acli$n*D+KyA~qu!sS+IA|yFr?CaJ=b!MD!
z$?DRh4<f2PIh@YI`B$)fzP+)x_Ir0_*Bn94k)QJ1{-~ZwQ*0}G+|K8Vr{mr%32=yh
zI+TwPWK6DJx`stC0?w3<rI{{+N(Vi+0t-1aD~@IxcaRgk<0`|zcFvfn`~2c~7LTVa
z(%Szp;qAcFxM?FqgBv~Y-DUc3m0SOb4z29QCEyYOxm!~v#QnnZ!*2M}2VvqO93303
z#>=cU@tYrh33m0PeJMKgshCu;3fNFY)5d(cn~U340mIJOL2Jn?X+P<cx!!)XLmtlj
zZc&_5UN%VtbR7|gJ5*OO+LRdCMm-lrBTcV_f>CDucKnM9!DY<(F=S^ajc@8VDVWG+
z>5HT_6wVK^5jX=Uz0N-C)AGK~>>q=?;jFn&?(k#)<0oNz$3SN+xn|r%<<X+o=oP%%
zgOyV9xR+qb@T-91gc*=ktb}&!LKm&X9W++>_V(^FpM`;*i5Zc&7fE|PIJ;F$<<#|4
z89V>LxRtwG{ItBao8@H4UN|Z#62aA$AZkwodlv-;i}_ZXH0dmSU}j-gj%3PCREPT3
z^r`7&tfaOIBe=1p6LJYWi5N$Pqjb@3`TpNQ$OXzbA_?sPO|1)kW|6*Ccyj!*IY?TU
zY*%zy$sT9+eyE_voY1{3jgTI2UeYNJNkorOrIUY4u*NYJ9f}IW3H;bKhl`QUVXxpK
zINWvW^IQ++9o7~gHS}@ev25N7{i@|FK-%G>3{0MXZqE=|SrCH<if*#&URPu>9U7Hx
zI<Su$>5VaEZH|rm`yPjbHod6mB(<{$`hsP%-yzr=u`}|WE@cB&K>;Z{bS~zZU++`8
z?BU*&au?`zzb&CKB5F}eVd&eWK3K8IaA^ukJj`PWKy;Uw_{d9~+>HHLvswMRPU`nC
zT(yy83p@5N+CR>np}7K9Re2|n>_c6creF2HTQAzsh+;O{m@7))=ns3L3bWF2n;tL8
z4Lapfopm<U5H)9T<<|4cS+)XFA$D+F_~~gn-GcKLt}>L37ws@B{$WRfs}VfY6!ETU
zNN+x*ulc}sSL_gMkyb7do{-Ci^;EnKX<0Z)tw%^r=E@dCk_Z{eFsm8l@SrUkEOcUQ
zg*L5m#jr={zqiBgnz*UKP;KxpNqkVY0p^o`Gk8}*_X+v4_S<wz%dpZEb)~Nz<+9_e
zESQIbgkSr1HuX!`AR&~CVn<Qa6*9*c#sH5;Hv<nkWIWdPosh0#sLf9h@6o2&CaSYC
z)iFbDiI<3E<P3_<vp)%I63(UzxpJskpjZ*IPGZcltqeN%`t4zyC(mX=app93>L`7w
zkshjx7LxHghIT-`O50EwcrD0QL1sL9F;Q$9{>bhq&mmjE4g*WQx(>Uu#Guj0!J-HZ
z%Ea>TqdDZDj>q8TmCvuBD4=KhPWB_6p;+WD2Sy{X$o+50^&Bn#G*9V)ICt3sFeI;R
zoWx~Axl<{S%v&IHfQRzgZf3cFOqJiRq0?VfuwyO^c>viH4JSTp?~T0kXATZ-YZ<$Z
z@eMb0NDsf_auVIOH8SWKZe0qxJs-4R;dDi-HV=HX*LLy>g2VufvfH0LZyw#6_~RXw
z5`C;t1;PINNH-Z#k8NBvrgz_}(8TVCZ;XzR;y>NQUy5#9&q6;T@mjf}e-9df(tckj
z+Gk?34Gqo_Gy|=j1mzII36L?A7LUcfdbrz+_<*hMZZU>ZLscxQI?lyv{4uf32tN&J
z`Na5i9pQMQWiC6-r5TUH-y)>z<+SbiQbDiJ24L|_0T6arhFWX_kf25`GxvDwgkF#!
zPOu&MF`-PI_YGU9#EGoti9RVoi*)y}{F$C2Dt%f{|7H=J-*qA{RYe@e_B?wu1mrvP
zdL!@<PfdAMrqXWcNy1eTYG(?m4c&=6HH5Z+_D=DZKr_9v;k~5H|0d0qRwA#$+MFo~
ztr;<t-_&IhSBIAQM8guB$>|vh;cP107;e7D61Qbt%Qx*p^(I%}D4ZOAX(PZuQ%-_T
zIebzp_*HUg3znQ_SXUiR6<a-?dK=d!CJN*ykPVz|O#P#`h?o0g8p^EfV_%oY(vZKg
zblozOBwh-1KAq#ubdy__qaq-pZ`+xyE5$OCJ_E3rmz^-`jkd{6L1_XaTQ-nJ_nzH8
zKq$@J$@~B!HbvJxzQmn^5tYLmU&WT!9!eA7Q=ARf7EuGh!m+|gluoTVWyqt(uixdL
zd7i6G+0CYcPND;AjSey(m0>`YUKq!>e`&VLN$qT8WpPa0z(<dN8@RE~%n!dlA~k!9
zmf^ZY>SIIAetHC`w;e&~$;00IX52Z=<#mP%b_wlHdiYWL-xyQ}N*owT6I1$VYlj+j
z894(D>MrZp6wogb2g{m%)Su_&VH&IFGd@h4)tZH9F;E7a{o;sty+8(Kc}4pK_Rms|
z-=f?3X#Yo*%VYRx@HzJ&-F3a+R>?h90a-<S4=Udd`w$p`Hs(}Fd88sGC<R2Uq8>!5
zslLIps5-pz`{y90fRj9uQg>N3sdaTEvx46wiSJajGRrh=o@YLiQNnQGLUX7U)l`No
z*tjASL^hTy@LFv!>)^jD6>B3YDk^)n=e$6k;~;#4NGPwg`owl}bays&6ej$iAK$^|
z89;lyCx|Eur_ari>ieq<i$H<^N4B$?__V{?!#Xe1nS<^D#8WcXClPQZzMjAsekCT7
zgz_A27_-WErICu^1}})5+DfC`*o$X<R~y%zKT{3XKzKAGmzQM>12aK6^pf&T=<1g}
zgkvn~v;7;93RFs)q=jz_?q@eK0R|6phl6mil5Q6X^H96tb266z2)ylBN#FQ_qm7|r
zr%>UgZ^ak-1xm+yFaQHL@+!iS0b|q&hAV=e2-T-Ar@AMjYvmi^2=3!d`KryXEC>P%
zTlMgI^>86LnXT?%9RsXVlc_tCu{CdN`J(sEAs;7|rD=-c<Pn2e&K<7W0=>r|jbyO~
z4#4e66e=3!OWCmuCYbtcBPse`u(XPDT*kOs!5%`1rO=kU&ztg`t);k{lEu`c_p<2<
zVCC}8OH6cfUbhM@Q)eYsOAy@oq?c8lX-gQ=c<bk@mUiz*D8P;;wcn!jG^==)W9?a)
zA+m~k=>pTi&E;x2PWtcXiN;YvC+*>H&l+QoTrQhgUwL_^k}WC@UNHB7fv|18MMkBb
zXRZ44=vlD?;;in|IFP+zVldm%xEl7hEQ`+kX~l;pv4S0C_{vWtvp#Rkfny299rJ+R
zsPU{78r@IvF7-ql1O#BU=o3CAuSFsNcUN@Nmm68JmN=AF4gG<K&Be9Do4I^pR!R{E
z{oh&~jN?6EJtj!Fjp;-uysYlb%uaq+X9QL2`(Cc?F@w8<MXxf>zK0H4&G1i5DLp+n
zD;!hRHxG+lZ*!b6-~;7iHHQit<AjsG88{D|J}JELeOCo#_0L*m9gg^DKUl2|$H$)U
zHzkS?COjPt5n?~?GjO>XIyD*bH>r&7L<Srf=PTV08}$B#!cl@`&qpy1o1S;pf-Oc6
zCw?Hl9>9pCQYil(ndGkcEnrPbYdAr&d7{BtTjNJzlm)*FxsKr0#S8hrk}1r3?kdi(
zL&(!-2X;|nB=}eEH_NI-^ivmqqUYQq<N%zL=?|a%{5`J$We?|Wuj1o=6SXw0jmY&W
z)Un5qPEe1E=VfF}j6T2?wPPGkSchh+3?G>&l|bRTy(tPGONp@(Hn+@|B*bfp{U(NV
zME@Fapw6h3UD$2HCBC2C53Oe}h_YC^lOr9O?HporZ(DDFv`fb$A=GKy<Zk^QeU-;y
zVcb$bm&|34dr@SaSD~xCguZHKV6~3Y1NEYDG*s}P6fQbk`o!y4-{6Vtz{4(vyY}p&
zQe7<%!sPWyd-qDe0fmR+37G2iuQdvRhB+FezgyY4)Pp};k2ogfD~qwWU)W&wOA2Oh
zD!NCThm5WhPZL>*19;(%-)${BNpI}6)5R~@av5E)qcHH1TT@v&rZm|=eX*F$<?Sfn
zZS)il8LW@zZvo6reK4JcR;6LPB*+=Y21CqTH1Efh)x0Z6t+v<y?lp%FAsK2jiR0H|
zb0KN=4!8wp57F@qa`F1tC+WGW`Gn~<!ic`InLcZE+~dA`2f{BUKct?}1Tant-0kH!
z0uo~iPckP=DpF>z;sxXfT7kK=VJm-i**o`hy>?(wwdMd3;i2O@?_D96zw<<zOxU{?
z$}g2s%{Eb~v^Zx$+M!Em?Vh9nxzG5O--7NgTAxO=%PM;d#7oav=KpW5gyyHzu2<uU
z>K;62*7tokA4AOqOts;RlDMp@4%n`EE3nv(*|II|vTJQEuV-kLw}V8yzfy4Iq(P?j
z*dMC>Sidq?oEuGSP$VRrlF7uVmTyaX0*$!Y+o0l_ang3iaSYw4PgeF_*mB8_2r!e{
zaM}vc=KDIoL4u7=dINS@Vak#^bfHarA1`;WLxQ@yh-|1&3&T!uMf1aA)qh#3Wd<y*
znzIQhniNh%5TqZINSKP+#y2xvT(aG|G$N7xWG-ET&L3GyYA{_q<8yktWA_dMtx?Ej
z6X2vxd%Fl>X|$^%1&@(PH69hL3TQLxB!!7`4xJHL{T+OeHSfy0a$~m!Ndk8m$?N1o
z18i4!J6`0+t2H5wLi>nLN@2>`UFhOs(<DuZs8CTUk<;vCQoaOh5Wf5bck1;L#r<HG
z#+}7LqjC2`&0qzc`6LHZLd#m&Rq@?N+`RJB36OtBXDMnc1KwD*)5bs@Dgh8&?!8XW
zcq05V@AHmvTikQIDnJe-IxPZT>U&O!wuaVBw|udds-9{P6-Fq>+lKbkUx6P{VXEE-
zCFh4R4H9r|n-l5r<LX_L(m}j23d~grsqFbpS5;r!w?j94ctc(3yG2$McrVNhr>}vu
z0D*LN7w_a`6=5QLSc4B285p0+&*rOBR%X)qg+^;)eI9xuO(`OBj3h2P$YZ~RZmpE8
z1@&t{9OF)`V~wcB(6Y?NzR^6wnEGokn4<N2CEHZ4`N;4!J0I30BF6h`;0}|M<Bp*L
zMGXD-tHA2j=HvaoD^sg%P-GuH;<0IJo;o%(sZW=Z-z9C#rkG@2P4KB%8i2@B8=j>R
zw{sTfd0Xbv|1#?f&JtwjngBK2a;G1mw$dxv528UfF)#lsFygm^-0<L}D&vj2*f_7Y
zXQ83_Nf}C>7QL6E+cU0W6cU(G26n|?ZN~%Cz3FDOo8k|BsIk4r3r-5AF9EDGoV27%
zvb-D98Kh457ktBm%nJfQUzh+1lI^GfbAbj?uwetYh)?Ud6zX7eNdJ+PN*2*_Yw2I_
zw|fma0S`w!gRHe3A=DRcmy+kPvEPI_yl!rfw;OqSMi46mGSswLa9fJ#jo~YOw-4=$
zR3SUhrLdl6rt7m0NF5ftj4}S;%PxojW1E#7s979knpnOC_IEN4{4Ig2YiW^u`E~et
zhk2?@+-D*0y@<e9PIHCrt_vg^(ps-L0pCR0<P6{N&ZcmzI9==x@B%;?cX7&%piU$q
zg#SV&5;yW)+f&7=K(Z1mYKHcFxvwfEFDGflIu#e>*BLjQ`~Tpf>aZVelJfuel!A~i
zs)Hak#Xz+o>r<Y@n~VA%Ve&mjV_N?ww-9uVs*&lE#kVOQnIguSEH-bs-gv`Rdh4Z+
z-6Oal`3l?BPuAh7B;H3}N!V=Ith%H{dikGG4BX5TW#j`1ug0{no$H+!60ir}!*WKT
z<|^MrOeH7p6q)*F_1lf_a{pe6mOmgh!F82$)8<SU%n8d0T%-vtkDOR@geBxe`zHul
zIbV7vHs!`q0{cPpEbR&?$M)Wi5aWW3jOb$$2T6EPoPu#k<lFSSBr~RxV|v6obXe6J
zBHc*R?mjSzZV^_c3qzt;h~Nvr0+~AJ8_(YauK)qS2b$9x6Iil3BlQk%+*qr>xCI@F
zx(%(o@qnF+M=)YYAH*09i>G*34Qs4|CKMkvVHIOtHNhL9>vLfH5Os{8rLV1%3aP%W
z{h8zxxT1{17%BN1C@eZotAL#_;W9><d7Hh_f1<SHlKd!oeSGXbuCc$)x8R`$O)%I-
z82YbMUh6EzJ{%>vH_{3rl}&Yf11n|p`0-MYgE<D4)1_L<z~=ZXq@3TU{>@BPOd0Pu
z8pR;UkP86BeV78G^IIVcaLQ-uWvQtPuTACZQ4r%$SpRUa)Nbt=hp`rqRdD;`7C$iW
zKUJSRczK!%xJ!yHrH5ym^*!Bu+Pi`v7oeE&3u9%NREPQd{%@)^qu3*EpSLb@o+*m{
z^q^3Jl`%KkV-^3)FLbM1^{{D=P=W79i*^?_@wf(o=SNKPvQLmmx1h`F1OAy0J~w>i
zCT2b!){)7ikh6MP4J1la5cqujFph`XUg)0ux@8=N{>C(0Ws(8=(*699q3i4BVgN-9
zl1u3D!j-H)MT>vXpKE)mFqtoCLV#UqiE;;{jxwxIh#T1;i_raGqu$9nmZ_oHBK89R
zI`l86y{zV!$meF!+`KOtJMbD=kL&&W<8z3#8x=aO!Wk=G?QU=2-u_YLF*NZ)01SzZ
z#W<aQ7><mHM)}vk=fN}ZrI>kFHD56N{o%nMCn_5fp<klxue3u?z0n6;Ra+F(KmCi;
zvQ~6ZbI>g>J{-P^MixC!EX}l#t`5%WzkC^=+AaQ-LJ8&H=C_zwT^J@*usa46)ED|B
z%FNceDvh7bGQ;`Nx;3LNVb~=HY+DSNUm8tNpl)Jz0TCp}jIB2cyqCBwA8hs8mqI}h
z9b_X|zfe|~t=#$zd<3b{a0-ZP+W@Psa$O4vcR^Bt7~sq=nW`rP3FPD5snhKN6)F4L
z75aJ|n)Z{MJmo;5R-D>37Q|Cnihg-e`VoReCRi6${0xP>h9K)+o9ayhNhDE((Dz6d
z8|O{`KBSSvLRNR>C-dAu<zjR52j7;BX`=k`i)GsE=TWa-=e%f`DBYg`Ee<PLOuqXd
z1O5Dhhrsr^Elrquu`+NTS48$;NsJ9%OHQ#C%2$&WK;m0x{_S5}D$Cj!E|9iq{+7}q
zG*^i4a&36%4%4SZwl!RMTs9X$Oq~swzjWg8PZCu#*4Y%@Q*b8T76#zhlRviYOl;el
z*tTukwr$(CZQFKozH{+Z-}OaTSNGnv*LoL28vG?$zt?RW^{08#fz!+gyGJdL6RF65
zw2z(M3q5>NNy~-AkW3(#>ceSBeFHt0i|C=E61Rech9Fefb{)&q_U<;Y$h@$Fx>Uiv
zzxlju4d<D>l%&#@p?q%8Pg4KB2tlTZcU}{7xalS)rB_DRImWMuejvj%UsI;0OQ9Ds
zudnTJodte)m^HJ=yhFFUjb?>!YbJU6eZ1d|`VN_!8L=nO-y)gt?L<*hj-$;sJT5q!
zAkHB|+juR%VEpAJH>q`D>K|_mpo^<aMW#?7$f<6Om<@!+rQ=7XE3TP07FT#qo-ex?
zzZrCvtFm*CR`zL-!u{eOdgYp2`2<K)WAtu-S-tnT;)Ep5(|)@or7XetjzA%Gyl)L(
zS#J$p!9finG!ZC|#au}x_1P-BxJiSPD&&l`R2SjBb>Hq^E6BNtkGtO@i{15e#by{u
zYJWHN|1CSU`Ik_NSB6YErj|^u#K#5mzr_($dA5>~_5O7Iy<L`?+YX5(95BdEtSGf!
z(?FN&wYayD)PNlj(=vLR5OPvB?Gekn4}V7ckUz_=Y0B;j^5(6CoeNj+&6|Lb{A|>O
z@nFW!LZGD*s7!@-Ur!>%R`?IpylgXZP0g`A4rzrBFl0Q;i9)UQh*f%D%}o8W0aV!?
zbdEJrDn!^u{ZMtQFN5c1*IG;5o^a*W?&F_x$6F3-O;A4&jv_;6?sfvUyL?afFS`Z3
zf=Q1Fk2P`MYG~nin@s26ql4SpkmXHm7mJp0q&LsZC44}yeGTM-q*y;4@MIk)>Wo3e
zb7mMZ(QQ<*1$H6%)$<&@hN#5Um+aPI=O43Cut(LN*Us6A4&k6+R@2;kj@Hha1>*An
z-k$-fu)`b0nO*H^j6E<9I|V5CT3ajX*j#Wz&RP77q$r|&(^bUHOJehCEs1c9oaHoG
zpoHTk!ne(GSK0gQHj+b)e+YnvI2g~fOir>Mbpz4HF;xs}E9cTkdQfVf9I-BTdny6O
zAF?3)M<_oIGilqE1H+woutFuonOz1&9&H7N0G=X0RaVuf=G1aqGtpXR+}oqOJCJ9Z
zw3f(%3S4Q0PEa^VO=8dnAVAn|Yu;b9hhAZaH=FABNA-NOC?!@L6Ii{U^m)yZkrc0k
z#xD6GT}h18qzGfUcHg!?y9J~6`#~lcms+X|IWSY99vl^gN`oEQ_WELfVlHYgWFQa*
z$WIT3viy}QQ|5x!>s!P)FE#dy`he-CzN_fl=#{ZhiD%r2T~rdj<$&+JhIr~W92&RK
zRrqi8_K+#`sS#i&*YYx`G4gXF+X(^^Ub+T9lt;md(t+^(3bUM44g{^MaopH{hV-<Z
zrVWF<3#eVW>|>83=tz3#=ZzXk&2)f~F0-n2VEEh?xvgNIK{BIV@O&4(i1h^Bh>m75
zcC5b~aoPzb?njgI2p67$+<%#!^|v=-808m~z${wM;Vr3$!-4^42J=afqohO1f`wZc
zV+viCJ!Ho$Ej0VYH~K2nPhiVy4;t|yHgSr)ImhwwtM?UY0zpdYFZn(%BiHNj(}I3K
zoq0nxF>Uot9><|wKP-Iq7pBLzl9ImYnp$M}CJ)^F_g-9s#<~o}&i(10c?jtZWV=qY
zZlx|DT8q_mi)93`re3o8liE22i}~g{prB85-)Aeb(&8>A&WV1RNCCgrz<_GSzJ%~}
zF$BSj1p$-+Yt*r?#5Mft_&-v>xc=`@Qf-|x7H@=HRTj-=eXz}@H2NfqIo-kpEkV_1
zT(9%cnu8|)pfb#OlHrs6Z00T_@YR?8K|?ruF7^C09c}jWKg(oC)J_nY?lwV05|+`i
zmQE*owVoVCBjD28kiN4SI{a6tsoMVQFG)i*c?it02{?W|f3B;}DS6cYSLc~g`OlYR
zXx|{)o-Tg^`+-HaMeV8~M|_vHf1xI$azWmU<jy(hC>p$qii*Q^`hKUnAMxDD2jZSi
z(qSr8ONxBl#jArnJ7`Kab>WG67vaQD6Fdlkj?LS?BkHyYT<p?3{VUegvL8f2Q`Odn
zGojUmU>p-@q>hRKXZEe0WyI1~hmC6{tQEH8ZW_u^eoyxU>(O~gqVKTtT&N#?+-f;n
z2Fb6rka@ak*CwJ5;{e^z+D#C`ulJyn=>0Ej(lJb$Eo>;+;NH{Xu(WvOgTNYZBYqLI
zFoLe%pO8YC#r=N+60z2U0koM*vXtnYFG}i369Vri2=XzUI%;SZU&IzDIVcVjU_>J3
zAmfkBI$%t0F!We0(GPKDklJ47vh9~2K5vcKIlr)JMJwK{Yy7szRbDKN^?%B+qZYYA
zfSUOZu9w;1Sy}{z@SZY0Q6iy&EKccd0zYJ3f);~F-&9gXtJM`Wbb%uzHaH6BA6A+o
zze~(3ds#T(zBQu2v6FMf@^ELh5ciR;fRaH85+%zwLL^T3hatef!ju9GK!qM}MJ?!~
zQU`m|{aW6YwUG4kI_j(&9!?JA1Kf2F5QgcDoH2LoIFJ5R6@APMf&4DiFD%kL?!>4p
z2)#V}uB7*L108vL$J?v(r%gwR?jQ_`%NYH*u!F3z0a0RV`rhwI@gNq01eq}rkwmLb
zl%UJb4NAeo+15v$N4A2r5p<a2Zc-_4_mZ`w<iRvgaT^A!UEm-sK~@`Iqp(swuit`I
zgRBIKJPQXB+ZwS5@}tl9QrxJp&=x1H=2(czaj0O#TsF7nIv1Xr+#lZ*51c``xmO2#
zI>%wcDmbhEhv$H%0Vb1_C^GPF`=!aU(no4b0~AApI|m0FU@c&hFdxOwyVmx$Xr9No
z@dP?UwRdfpYUbN}7yMEM+I^8JXBVl{Fv#nSq}Ab^JeK6Zu|hEPnH}&+n1O03;Lc*g
z5b_~vP_B}AI9>)}F$k2AvEe<;IaBV*i~nEBgmHC3wrT)4(rcz}lhgRh=*5y_{g>p4
zcniLVJc&+9WBroSVJ2M6;~%ovgpbP#b9Sli7NjE``xScJ7q9e<{#`nP7PFuL2Lu{R
zS`#DgjUm<mrho>z9MhC-+`GxYb8)e~&tsG(FSc@^%)N=4dWp}TtNgkW$w6mn$}Nj-
z;$SUV9N!q8>cIL<wr8NAE-AbmA*(Zop_3C=t)R;Z#8^g<S9_Sn!vdCMSP>OqAdp^?
zI6e}bv6_=jMU?|h7kO86NGbL<+v+B9VV%zouGb{wBT=l#RnOzGqg8*QJnLi$S1+z1
z5(4)71Xd?8w}8j&6NK2lo;TOV*@a+dIRnc|LsU*`Q)`+$R=A89T0|Bl2n~lw6VIIH
z--a}2-mPCYToC+kxzF=9%2+stnStPJ@I}abc-()lT<5WV3;#<It%v_&GOY^ZrBy2#
z*S~xIDBb^YQ!HVb$@EVEBv%w(iC%`0y;?~_J_8-k#qbvOG*lL`Q&0PYlGg2BSYV+@
zGsuOj-ee0l*Qe*VKEjqil@d?UTbX7x&P>L*9=#$Ej+k2(Ocfs&H(jx{k*U4c*KX|7
zL=lJ$Oj<z-^iWEce>m`sDOI<Vr5eP-sw_@3)4(4ko&iy_n6iC3X?TKb<n{Egz==;-
z-ph6gPSNFKb-V|?fiTQ9HI>pyBZIyE-uI3dFm>`T8FEV&{<eZ<9Ln5>qA?&hH1kN8
z7qd}q8ruG4kuRp4z=d=rICx(x&-TB)YQ5m7FBzcXh-w9E(ZyCR>@elN4h8q6aPw0&
z#4)IRR!WMuWe(c18-Q!lW~hdTJVf(MfIm$xH5IB=^{jUke4blUD8krC>{Uq!48_f0
zCp4HntRo4HnKQ}wvG@rAzIqCmVw>u;f>WbuQ=%otd2h~Ii-?zwCrJSL^0dY<<r~GE
ztQzlw(Oh#%9!_?Y5hrSni8jSzgiDW9*K2wQ|G;~oB(nIkgf9ro*b!(z&8GXuf*_E2
zk2Ombfv9`mu_cFJcKuHh!Y}%NFiQ5@H2+c9XKfmW8U0%u(n6vO%5MywLqgyRsheKk
zYtMXIb65%zp53Rsr~~pZM$Pe}wYh-k+4|4!rtl>lq$1TE#sB+#F;#@AQ>K75`t7mn
ztM2ceGvZWJrP3CTmWd4alEI4Z^huKWlUs7QN;z*z^VRzyOgy~Z{&m`{%ax~7?R8wI
zFCbsEXyd%1b02)E2<!p}tDO&5{kiwM-ekNrukLR>TnL7BvJaEeP*pKO2bSAdbEBqo
z!KH+6IuQHZM-R-;LF!hsslC3XGdMPXgnDFcCkpwhJrsY~^GTrhRNNfTd3c_NjPXVp
z#4bPC@$QJOCHJ%>6i(&c19Bp8a+`R)Ax#b(D8`cjA^iKWKV9899a_&3G>*HQh7`iV
zuV5rfWs0%Qu~pli)l+}14q?1ZOfHj+C~KCGCkM-x8oEsFNSyB<wuWM$cGOCpd=@ww
zc%%0Q9X;WdTMVp7Xe==a8VNF){2BGSgybdJ@LJ`r-??|`NwiO{V}w&5cCQg?+k2(E
zE+-Ff?Xe*lSXd|b)cgnI7l~=moXU%D%vO#R)f$#K>7qwO@URFu9D6i*r*O(AHGD7G
z9byN?w2rc98az?7Y9l-v+|zqFiqa&V)J3z2J+fCdHH^rPaDNS%mfo5jPcFB@6b<JS
z@@h+sTH)FuC<I8oz@w<brs*wQaxBiUeHkTeIo+yTZ3h*cA))Q;wM=xmMpc}m;B9vl
z%guQh+}EvF1AQ~~)hq)vziuE#>+zk46+B8OygF-E?vA}?h5bL4xAcaDWD@~0UawTb
z9N~Dp>wd+cS_`vxGT|<bGW9;qCg_&r?%ejS2)pRse{QVi2lqrjgk~G$R^a$WI-=f5
z9%f~EPfJm+E9{ZmoU+W@1mwa^(8>^R{h>bPnKFZ)WZdnxYT=62OipdiF-5lfPWC#(
zS*AamLR_<nqb!CXo(3kCjeq)qkk_xHbW|H&HW}|{-Y}@$X96;<swtEH{o0*r2g3Td
z_%^6^eXf&24<4q}xJhlyzj-9KeLHzV`Q&j~rtsgf!6z$;UB@M=0Q)vC_ln9uQ*w&H
z3_L|vD23RA%a?)Vd%rnHFPrjFtb6{rQ2VMtNTtUHegr`Fhnq*_&*|l%UxYtR^Q><<
z_mY35RTA#F2JAv#<Gl3B7ValoO;q(sT}0sNsn%`hYMj30dT#03TiQd46c9Ge{d)b2
z{{WlCv^b)J17DMYtGX6Or^s1gX=-66wz^Z$tfjvK+n?`@E(iQchB1V8?Pu&1)C95Z
zXX6f7gx9SU(<##S&DAq&`6Lu!qhU?IbV8@o0n6U6;H+p}D_``LVWNU${d({IMM*j?
z<_`R$oHs_>IGD32w%({;*a1g2YhY|1KJqNQK<d^m^YB*XOkwF-zC!GTIcY0zv9b*B
z`ATX=@c^;?o2e)WW{{g{+`*oz7pKY3F}FB!bl#|so>NYE0##p~Ya_|?W)2AIDoi|5
zI5P9Wx@c`R*l$j@vyOja0YNjt4v1smg_@^f%P#(F%km4|>fZYL3+<danUBo0GC4MC
zSsj~)c!d-dU~cAqVRJ8(e^ZoiLOJoI+e3Zc2#H0)|3Ry33i-O{bvbVZL4+pgUTpT(
z?+=8%ZWWijf|jb)TnGucU!nTRL->#TMoB0}fW5)(KUjd7T%)##q3SMP%kY52qF-w6
zz52lw<w&it;|L6_o<-?m9%Q`?%r}n9>Cn>)LEo&V`O9-qZ<)?WZ40jli^Sk!&4uX<
ziml?dcctr!i1Av2ThAcTdsCT@INHxe)!oVEQw;Uz<PBv>sd2JRieD!g;H?cAxDPxD
z_X($L@_dWU-LVYT`nOB}o}Dz!6M`IS5ASc#Cu!t8TTjEy`>n|Rx!6JbbEj1#c^ipa
z@#>4ulb&kM38VNsB8HIPmMV4WwL#@UP^*ac9{uTHY~bM1=NFRgw|C0P_GS#KErAJ3
z<Aveje+H(k=v4)As1B#!bDz-PhU(*D@nhern2UqsQ$E3C*#2O)1gY-ccuOu3(%9I|
zjJhl|3Hc;`{n@QX!S}U`7TGB~HYN%@fej0VWQTA-GqWl#4Ef7e?u;_HHNra1{<IeY
zp<m56v|oF<ZPN9__|oU4%IjJTJ;283z0kZ2x4!W-a|UVS*%RJGnt6sPr!e_+nHj<Q
z5+edm77a3I@!F%coUfdt=dacySS)5taDL#E7yeo-$6qn9%{J-Ly6}&k>5!LPNl~62
zO9#@b*Sd?5)T5Hlc&WonhtgK6|I^a{w^?h6F#dTmf?zI%sK>q!vONYd%+gPG@G=8J
zpGJW-fY!>@hY{m?0-u#oQnffJ^ywl~8F{!&bYQbYFzr#Qraznk1-nI`%{gNmgNavN
z1>V^XbGj<)&b9hK-8)~7`^Zn=g^XLx9?d3DrCIdt*cw;36k-2%>RT=Fe89v?2(Q`B
zNAZ~WTgpvIw25#1L`~%(HNJ-)9fej6Y)+faWfKNml!_~n%@mC(+^pxKP#Ehd-_gK!
z90RD+Ne?_3luh)wE#nDmcedMW_*%(?Lh=o&H>K*Pu)|J|$6<_hlr|A)5k?8Iqx>v<
zsWwz{i>&2cjn<FjZI&s)r?6Xy`w>bI$vkr<maq55s5E=KdTAf8*w2~7m$h5FwRw*t
zTgiAzk3SJo-QjY+vg-GJ-N83sf5J&nQF7a!{~0m57WWT+Om!uSAGt9*N2uAX3!#~T
z?bEZ!j_L8(Y|AY+q8CO?soP?NR3|AYP?LF|vFBn$U~PJ+C}FR!`!+J#!YEGqe)LDG
z<f*1`>BhpisH(5Q9koyGuzOe3;cr}su!vv#bqRZ6p9Zf$fw{bKg8W6RjEA9ROvgyp
zLTgq=!|)DJlB2ftMNS<0PbQr@SuHPYrYV)o+si`8TSh3KchJE(@8l(1e7&4aCi!ph
zR~UI+Fmwo|h>(^Wic`t4PYQnx*q()no5OH`+@)2Xn@z0^aPnCym?P%kf1OcRLzWve
zEB`(8mvAOyuUAXKZB9cT?~tQcTJFO<AhB;yMH@)L?n@W&9}!fE1Crb1az;q@Ht%=r
zcsfX;nGGg_V%Q?*(HPNiklv<`E5?G^IG@5iP7cF;93<sAY@Gzne&{Gl{GL*nz+W&Y
zkIIC%R!8}kPX4xbhijOHKSanMTnglDBSjxBb7~yIod>xW;;6}0p+Czo@aI-4hc<TG
zNO4KDyDflDzSs}KxAjhDC^Pp)=!>V9!S}a7p~^Pu_K<z6-#}gBg0RI%=b3wcGnMPo
z0Xw<AT|X(LsHPj0A66Ep{x)~F=y_+#9LSAIX(ixgLiw@BTiwlD4;2H#ad)LhH&)pD
z=trkrKB|J;hfp8Ny7Alg>KV;%F&IfN?;PPB-Db`h#Chp3*1nO@<2a2AsZqP{hrIG;
zZV@QU<pmj_%U0IoIfiUtNTOlEG+MtzO7ByX2mJGU;Z{bf;e)-iT)X&v_@WRwV7Q4U
z#p+hYq|r7yP$(Kg&wwo|8h_^!sN!;|8@g{a>4JhT6n0$%fDLaXj7N1zcDCl&N8rD*
z+b-ho|IO#Mu?!y55|$hZMa!`4xc}NTNX-~@FULI4qSvVE9Nh2apqqKFAT4l$z}+br
zw5kpnSe()67a-7a1Q_-;<8ROE>Nc)QN1Z${#|sRHgWolJHV6`-O3|{S;~ng<)BhY>
zbfi+pBvZaLCK8K5d3&?@5Kd!=@YZDV<euHBG&@=65)#e|H*Niyp?iYhH8>^#mc~&D
zMWRtJa(lR1w>SG9313Doc4PFdz5}A)GH!=|y%fz@tmH4j(lqBZA%vDw_nJ!6%#O4U
zG1KYM#4yL8pG&};o;{Bl>v_%hV1Bkq|3nZUkAP%0Wp|VY$~{k;`jQ4bn298p&-j>-
zucwa-yv&}%skH`{1RA4%lmuaA<h4Ma?lq7f<k5RfLbF6mV%KUynj-SKW}^$^Wv5x>
z*{lduF!-SZYRDzjqS24ghZQ!=781T&+-eoUlV*|O!YB4{_$J~0>~s)iJ%}l93$KU0
z?))EaAC%b4a33$|N?QD6u^lc}itm_;g00pst+lH)#fsC#3lI5_TPeqh20(!l!|84&
z6vO5{qy4b^A7(S_eL13VCN`o4ZU#@_!M@Zy)JKWVRq)9L0khw|VngqqTmrmtC<3{y
z;AWmUc-XI#GE))3LjyRMaLwi4jpfZP$x^Y)ZhITE5idrf<R6w;ZI}8G8+}v7_W>=X
z$71r6<*{k;>1#m>UV8Yf%b-D>5NI?rT}S=b%dJ7wy`JC}ukR8Nc*UBb1WNoyCI95B
ztsn$1EX=H*Qcs8x9foVp<OgNwSKp%0C&-5($LuS_<&)dP7`(ciQen!S0xj8l2Dj*?
z!*y+^n|FpyCx!;l8z|e8Fq1E$Er)o5X>>R!1b$|~PO?>307JBbmRYv+n6fSAWXm$5
z-T6>aC{fn=XQEkLBefr2?x0UP1kU_vnqOAF^@o8=Qu8z{*3trdwPD1?Qf7KOU)+)0
zGPB?^AIDA@`x{*lNt+I|y48MQj!>3kM5y4;uiE*l!YafL*AXKIa7(py4rMc0kLYdx
zvDOCCNbt6TJVz4da_Sx3HR*ULkD1$8jmC~qm;8Rdw{LQLvz46ptyFlFR0gD`CogZd
zczfxy2id@1gBB8#H$@}%n&odl%pmag2(Nm|beIS2Xt<5YahP|1O_(;IZ7L(Y*x?k}
z5d(7-4@fTP(Af-+8d=&Z5*PzP>j=F1M<js+H?Xb%zv>N-lV1_7vH^QWZ&;H_%DLim
zezG2F7F@-)kRr|eoo!>d3-{j=tVFyi&|-O-BVR(Ih2b+yrO@Rw+(nJZMzw+661V({
zvc@}M=Wb2V;^MT}<10kl@-tCnv2O$4yokUWuA|P`q9CRIUHVum>msCfa6i6(3m8Q!
zxQ|QZ%*(<_qN+FMzWt+vK^4zwYd*)^61}WsFS3lfz0uPHRH7=4%XQw9tY}}g7Drxf
z?9syw*F;;Vv(qztgFpx4bl9t<4|}1E<n3CVt}4<5OOKXiiaRQg0p~~=<O@`DK4!`C
zXvis^?M+gv<3+0-HlU($>5-@9gLy`*-<;$~CleXuBiYT7@pp`dQSPiZN~h_aSQ6+L
zc0Pe$11Vw;o7A4cx!g{)Uf`Y*R-LQWc)IdpVs025_4W#$3mrNrnBQ4{wjep~zY@?T
z|2~Qh4ZI>y_;=ctbCK_?rK~x9V!j63Z(j1mQ`9Lpp7||&@eTdp+`Qy#H4S_rS|vP$
zKfwA$-^qdGO75ENMLXzAQzNEa2ywEq3)@7bwXWy+5bsIL`g+l&vmb9&M;=6DjzOPZ
zGM*9gntDq2vL0%Gx1|Z1fuK%A6-4^P^zMP>gEgm+(P`yEH(W~OjE5Cc`YklW-K&Qf
zjy_G(TKpv5`XLT!L}K(B2NoGx(!e(ED8=hFM9n&_b=Jc~2Eu8YgYN5-Ot2j4I{;Iy
z0zcnzSacz6$W*7KH+!VB3Xcw?+2^oHEK<IVH2;1m7$h=R0*_(mC?@v06K;>8l0dWt
zcGh1{cUT}OqmzBa#jNngZ+!a|?gV}z8aGdUXrsOFAbz&@2};0i$D|JQ<O}PW*O#`P
zrT_Xz?t_bYY0?T<$j8SI5*o3*2vFt^1eY8Uj)-C&6_)Ik4<#`u>*4k#77RTjRqkkl
zo`~N++j3niFY5h$V%X*nfBZJ#^~4h%2SY+mtb}KRB<2mDDCJCGoK=IdOeB#iI2K?@
zZou3FWq}U%Zk7P&#aonKU5(J~>7}NuLv)-lP)9@IgS1{}>5V%*Fl{~xMLeKl@9V~7
ztAD-h>Yq{w-%%9T3o!;#5x(PnKE)1Krz2P9F(NY}jT@PluTI`O3W)I6R7F?aUXa1?
zkzfYP73WTatWsg_kaYFju1awfU=qsiOO=CJPcu!FNNIU=UB;Gr<=z+JCIwdY;8=DQ
z|Mo~^OeP7`)&IFXMO>fgOQ=??ejp+NZqoXSEJB$s^MPz&*`7zf)Ht5~{?ZYP)KeiE
zSpl)k*UDH8*|ao9P3Nj?VXsO9Lzl;q6HnkEnJ}QIHq(DUHL}+oFRaH&DcIUof$IMN
zlxgsu)aw?OcEL!@H=Bs+Wl?rW`sO^l$>0?)MKnR3nC29iLCO6K=Cq(RbaBVz&apRz
zeA)lE@VI@34(01_B&CCQlnc$)aVuDe^H_Ey0kwq(oIboEoRUZz%N(r97mTTuU)z99
zRTFj!=Z%)#Y(YfuX?T6JS1w$QG?o=n3QY7bY#8H$R85WvEa)OxT=8f$LF@Qwiz<4F
z>7m@`U5|F-7W2sLJ#@HE&q86x{ZQNjrIPv6&v`8|^<~baxpuTAsR;((Q(SQw|1foU
zbh$kaSW#j~jXziT0^+o}19?FZ?^jc^ryPu`$K(Z>R$|e7NLMT?>(W8K;W;b*_^~O@
zA`>gd0Q}l>c26oxZ48HNYKE52#lxeO`J0i!AUJPW4x0tuq&p$dJ=^Dzam;Vn%H9p4
zk~Tc#^xlP!xH*caH=N282I}8Q%<u2Nbok*T(>#ODiPO31bmlAFG>d1oVV>)j+aV>w
zrqh~9bVL+?kztxsI*l-c5@W%0J=zzXGW3IS^|{8JUN;DBS2$PS;0#9gK+WERayTZg
z$c!>3ovD(yc#Rk^Q(*K3GaAR|>jaG`sO@s&{e*n0iKyU_;Xf>^rs0sF=Z;S+&J49m
zcNHq{|FH1P!$;H3Ms*5QPtlljhN4jA=kRpx*jrn&rOgUHXr8^JATOcF3?Ob>;-}(2
z_wTL0A#CCZ@kiCe)rq=GjU<(adkDWaAR<bBl30Do2H%_C{Wt6{SAYb=n=}0hrvCO@
zS%{Aagtj<N1~sK&N<9WKpl9n~m7p<5;&pnmF=`JxgFW#$G1JR)nj4voB-_~c3?kJP
zV2rE3oI)tw5>J%dc!{B`t||F9xu00welZc#S0;3_DNs1)x{w6VP@W?4Avwd~G^lCK
zgr0FXxH<1^rwU3V!O*^X=AoNjHPpiQF2RiQDY6POiBR`5SiE1=)4|{jIWjMS<*#XR
zQ;W!oDwjhVqOF=j3rAoWK<u?RFKR1GJzvf&lUDF&+hgdiys5bd=q(HGiLdmn<_neZ
zT}&xeyqpyOt}l+8^IfD4j5<@`la9S>^Y6mHg^{cuPZvA8V^OjJxp&aPKDij*Y;Q~u
zSh<I}tx#%~sl}W;OWu-|kR9u0Ep#>uK@VQwIS;?dERJ;?8?-8SBv))90_o49@}g+1
z4Jql2!x?(Sa-@w4fdyyy^hOX`^<5zyY<WG`SuidZ#0suic5K2Ykk0JEG+m`Q_7_lt
zM0RlFY8hg;#oG{DhYzM5^V&9>>)WJU_k}y6ruHOK=?1|BRdzjBXWFhguEB2xU^p+y
zI-ircxIs&}1v5rK-HR*Q>&v)Wr8JPZTbeIHrj;ahebM8klyPytw$(XS?z)L69lIN*
zJ@Sn?q`Vt^Zb$bBnlBdXij>lcdOdzUDy-lB6$&CFqv|0<l{_Z_L4Q7VbFiy_iKPIe
zh6#kCgbfKny2r5Xbu=tg&s?SWsccIQei%2j?StkFh`-?fijCI?l52r~C;W>Q7ihr}
z$$7Zl432Xg@?PuSy}J~+TNnfW^0$TB{Jjymz{QXP6JG41jA0o&ET}9?SVy~NF+`ob
z7liMMY<jp)E%JfvFL;kpuw>hRk+=NgJ^{15)7w^8?i|z#(44naFuyIt+o04jvLqb(
z*Jy%M<ED+I#x=)yao1g`WX1K7)=&>kp%ry&O<-n@Sk6Bo@Cer+3>Oije#UWoeA~IZ
z;}04NcQ%79bnj+zvSBf=WY4qhh-_^aAnK0as;M(EBhFBdd7xP7aeq*FOZVZ6usmGs
zHOsaUOhq9Z&#l}o;zCIccUtbOF0Gx$Cn<o~>TU8ml2GcH2ee#NP)diXJM<v*+^2@P
zQg&<?iz3ajc4CF+^mHMS$x^kQv@jZ{9aXtaxzpbJMUPmsMp<fU3%slUxfD}uR~{uM
z4G6w<VcW&t0h@b7qOb}%3MzJ)1%2`Rns}3lCvN=P<4GLlolIWrGDQuf^8u4PQ4ZYd
z=SW^I4p(O@-bQbeXr(aM^znWUJ&7!)c=FC}U&89|dHDsVzdxSv2L}QQ00;yK0tf~O
z0SE;M0|*C*0Eh&L0*D5P0f+^N1BeGm07wK#0!Ri(0Z0W%14swR0LTQ$0>}o)0muc&
z1IPy`04M|~0w@M30VoA111JZm0H_400;mS40jLG21E>dR0B8hg0%!(k0cZti184{6
z0O$nh0_X<l0q6zj1Ly}B02l-q0vHAu0T=}s0~iOG0GI@r0+<Gv0hk4t1DFR`09XWA
z0$2uE0ayiC16T*x0N4cB0@w!F0oVoD1K0;R05}9V0yqXZ0XPLX12_k`0JsFW0=Nda
z0k{RY1Goox0C)s=0(b^^0eA&?19%7c0Qdy>0{8~_{r~m%_ZJ8PaR1iQAcpN+EONs}
z?M)2m_mn(F?X*hbWdUKYd8^a9CZ0;<kZH4YdK;swKh9v!f@=d%KBYz_2fJB#W5<+e
zOxN)LmY|>(*CNmxnFKN@KrxQjgTC6pf9(?r9c+RGsS47awR~L3@rS?v9s@~}x8QXX
zW7_kcFiBO{ry3f;bu=cCq3xxqJMP&;Y%?HofpA>#_CW0V<?+-VB~z`rCZ@3v3ODR)
zOEk6q)ff;{W<xm-RO>7Jmso(p_)@B28FD+O*E1WiG<wVuDAE6);IcY@Hsb6E^K6iX
ztNqoXa@tDDB*KDz_9!+{85y(knqfYh6+3H{O>eA(HB=~5Z};dQr)IN}KVnaYY@H)D
zi^Ko9-=vXHD-a}y9T+I5^OW#_kJp3RrhI-3Z1Gr1+*(NOO2Jx`QzO(SW~s4NBAbu(
zCqkR@PHU<IYu+;h6_u8NwPh{3->4zS8)yr5C1ck?chShlJI=P$E6{%M3smQ<+`-0)
z%TvhT%xPUrZ{3D<w`n8dez1MEh2d3mdI|rOTnYpyO&kfzH;*m{xZ`Sz!SB-g68uH@
z&VtA6e8oOB_$rMzL4ov=4{pMnX|$g2#$Nm3bpl5li8iNLj5nC_RCccgndwx1mi_au
zsy;Xhk+8q5LA!E1TN{%1Dw<ky61~Xgs!3Bb3YPRR3{JjJEF@p_ic2A&TQYv~Kh+TS
z@``?y*LH|viXG%>CC(stJZQWF)+MS4y+2}jj>{z<r1^e<!W32n6|Ob0w@P|LMWvVp
zlnd%&m&<r}?Jh>tV?&NQpDa`kJF<3F-Crzw`pMC3JP6JCByZumni8SCk<>hbHd7=v
z8lfzs42M#L5kM(f<k5FV4`I4Mi4j_Zc7qUtU0Y86JyV5FRY5>lftg{rEp6nd+=2~C
zyVfnB>*DIGTk!^M3pP{gors}}9kl)d!Ds(fVpdhEfOd*ER^|@5*Wdg1fQ+r&eDs0V
zTS#uVDD)8)fT5Ey&u>FgXO34^4?#U16>d7BsSAp|xcO3n%H#ZHhXk80jyQ>l#$poF
zxCf$xFU0?;QArJUPK+B_!IG7*UPWNZ{04Dbe7Md#&Q`AgvW^oET(<oW(?nf>QlZW$
z-e{%F;mD$hCj8I&7Ad-_ZQNr&?Dc&Pp(2F-JBsOu_aH12>LNtWt(MU}AoL5pD&M_Z
zzB69LU=_|AN2)DMNR1v!&ssBxg+1KK=Mm7dq>`^!8b~c0<Mr2X>l6gas+3J@RXNiT
zgu%&ZJ<eG;XRZRYTWef;fo4!Lnmo+SPlHX?pUUqe$-0Y0xJs6uawKA(+cvdUO#$Hw
zD7}X6N=LoK%A4E~(wuS8K)+WkM(@Ax{~T%O0=Z?nv{bLX1AncBlo;BQSLzOx8(lq0
z993Uj(!rxRztxpX=%;Tu4b6~I2PIGZbpN}y&PF>D4r{Qyo2$6OI2C>|b*wzN^ZXT(
zX^h1_G=55wL?OS7*a8JB>x3y@M1o^&n*?Jv;0T!i`|z<%MUTct=zDgQU!wV4faw;e
z0kS37hVj8c6f4S1q6X4<hbE{JMQmnu2itFf6T3dx2*>-Vx4NXch;q)L$bC`IQ;GD2
zwFhb4m3PcIX72V-#qXA;Z4iIZudec}^BIDwELoR0qVh6ZDOzx)o*Vg%q;3j#2Aj!F
zS7LoO-vrXGavc1qigfVvgcPGbT`s+a&^Gi48p>B>0CfFGJrp#IBLe6QNR`)BW^SDO
z9Y%TU7%Suit8yA;$KP1N)z~uEwpRFTm($eG>G;9s%kt5H`Jn#OzA(<a)3M1tJ-3L9
zssg#OYDD0QF(X+hO5i8q0b>*DmBZU`?y)nw$Q#k>6sYe8skv~6zGPbxG$bo~6RcH?
z#t@9F%N5G0`toO=yoys@MfF;MqTy5IRCgjLx#Hm>_>JGO)1_>oadt-W;BosD2fgPE
z+(#^t^BfW-IQZ4Wa8|LjD+0Hnx<<G)6O|J_i#U``@XB1geAGeC4r4A2mg~P6=3wgh
z$a+3cvtlyXLng8~UjokyNg98oWY1{2pt`TYC-tJk2ec3+x^?A-$osX9u>w*c;G{Zq
zXhK5+Q5S5=HPWPpVRCTj<RtkNb*h1ZK&Y6>sAg7vy?%O43!J@}r+Vi#L+NSr>7js1
z<#DG`CP(y`Cc{Ch(3nyD$4mFDI;FBvD1PU-l69;H9<(tEAuGkW$}@KP+27s?jg6uQ
zqIBDK9@Yg~d1Hf4yEk6uK%aP)CVn*~?JqCQ*P(=Wg~B4VBkp!WQV;br#DUgO9V8>W
zEU?fa4}ScHbM+`6u6Sd`2nXEM_2i{@XdK@Aem!u<U@tH{T9QOjbBkCtNwMm8yu$V2
zJ4;0VEd`R>e&6vnnL#?iE3&jKjOF4tR|EMZo48W;`Q1^{KZP!l9oIfp%N|vyOL+J!
z`7u=$5WNFSmKADb=?4NZA-P)V%;C>NJC@KW%|8eug1HQhTq(G3ZB!XQxt9b_Rw2aD
zL<7PZESI!N)OXzvR#GdRdgoL$vRHXpq$_yBILP1%d<5xsziR=Kgg*|CqdaENjaYs`
zGpnp`TWiDCwZ*ypTvmO<y3T$GC6GG&V#@Uar+8g|XK{`+kp8VvS7&L^v(q>ma1W6)
ze9Ky!UImvpYo78S)T@?U{(&@9auYf1;vc#pdBslj3cLP%_}yrJlv*53a#$utb!P~D
zZn(`gnGD-I^bu*kl>thi8`X{x4?V9<;Qy-6`ie#g_VFO9nTEEoC=kwEh~zfn7>XXq
zU0?&T)Oqk66VPrAmZkEv5%~{BD7*>exeBj=7>CE#iS1Ct59D=_w|%d$U2==kHzn4x
zs(DK`46)KSB1^FGLdOOvtdkr2FP8|yi<)6<zypnXqVmxkJxLiguxnrq6oZlq4$1g5
z=I>K&IV7~HD|>D64kaUVKusY&o%Y*OR-G$Sjog!#p?xO-`?xDzIm3KyD!MDF#sVQ*
zE$B1Dy~c@lJm<zwfaMYC8X{zRf~~o?+VYzs?GCNw78@i~DEgS2@fnc-ZyA;TzccQ{
zr^tK}K4F$skbYTl^7xl#;Psw|dl<e<>m2_@yhUp%*jUEThn~mxoZt|h++l@|!HSCk
z{o#XWC9SUStn5hadoMq$8zGnssEBkB@R2&%Na-wA9ES=QfACc$zSH#)+DrCttHf8D
zj;_BmDZvvdW{Nb{g?92gIlH*atL)FoS)?#OcQ#+FY46uC(w56_Ghv9$Ox<Jyd*SXV
zZHi6V&!wsh+luw^(zZ1y%`@|$U11F43K5@pW)iWlTBm<_HNyksmPyMf6SxpSWZsBe
zyoB9J$=bgipsunR`}L6d60KCs4rT9e6=*gi!UfX<SjX4DemoM|4-@-Ge5!jm$UvbD
zS;f8MU)WY6!9Ecz;yUVj=l`j(Q$9a-XU*qpxZmuxI}_p?1V<o|dFmX`m`!?vJhqe1
zq@t2xz2M4H7PEnF!aF5Sy|96aGc7Cw(WBBkT%SoH4C1;v@)8JG!ug0P{5EF<FU$Ju
z<Hq+pmR}#W|1m1~>nzU%G*++w8fq&{n%nJK%Rn6RkHWy6pX;=$sfI$%moJZw^i^RA
zmHag6sRZZ<P}25$5tU`}-ow?=O)vm-r$L!PcwJr6@1^aMcVr;3gECx}KM!=Ju0VjC
z@dl}1?PkmB+ME~QIl-D+=se84P9wBu><ozt@oK00Cx@chAJ+I_9JW55qq_4=GR)`U
z-l=R<*QIK&!1F+BArz^~YDeZCk|SE$e-^0vSqFJ3uX-&_RA*}}%%BR66;zklEhO*{
zG_<F>1DIkH^FPGrl=wlP`H&%j3{&sjQ0i0n1PVn~&laURNJ%_ssbuR@*iqnF_|*H&
zRBrrg&{dc+%|1s+@PRE~jE<y16fambE8_(xawY9fr_I(2jlB+&d#pS3B-P_zChAF;
zO(5w!kck~@h<P%22hNapSg}i?_LxKldd9&LZx;gHQC?)HvGo?f!rDvten(7Vz#XmZ
zUWk4&m|;vVw-q<?zyU@^!r`)kK4db)sd}_KB1?Qw^7bNQ1_EXME%7?@@o?7VxSkNz
zh&n|Bfki|(#zMpcyaS%Y4GC^a=5T)KT>8R&zZ1v>LtXJ?@s)^GSazjrQrd=iq*79!
zo>J#k5jW(BO5ak;DaF<7l_`K{OoVO^IPevt^Z7`?)AU2i{v|8gI_|ym+Yfi8=<}~I
z9}@6mIxbIKtcg42e<bQF+P+N2A~4v)s3X%o(uyN*kTOvz&5w`HWjH)r^bZEDYUFW<
zj?m(8Ron5A`hG8J3==3L;w!o^GOWLnyo9q=dyLblfmUg<jgV!kwf#%3v$3zAD<d1-
zGN~f=&h!$3sMnX04YDW#>V^ETR8{xJ#Jql;ObzJy`WtQ%gtbaP+=U-(J=6!!7v~9*
z%-vd%)ZuIm7?!}U_Q1QME<P8+{nEt96^v`qg5!H~ExisyGD4_F)Zj@S8dhNOzkOP|
z5K*|YFcze#eBuaCeo02=Ihv9a@YpkFuApDA0cS2%s>0}3eyZ@Lrb!voQmi9L*O@1;
z`No2Fp$9EI0i&O^O{&!B;=zUVjuehfLh$TCdtdxvJ$E5VD!lO&j@t2LZ{z(Vw5b9A
z^&ZcavaknAeS005&q8G%s@f3ALjPFj=~QkxpwZ!B6VDXTM>BGQrlQ{X>B#nwr@I!w
z_{W23k0xKt&<wGjO^<!}AlubSJS8Gn%jF*~3qtMIfiLdA1_(4T@83vorSkDq7N7<S
ziT-+P!o@OT*}Kv{xrur1C}CUHhFR0+oS0en?mT@4Ad6j7n`8P4fd?0jNpb{?;n+rx
z6}WqHHg43;Fy+5Ay(RbJe91pa{ryjx#IY*G6`^QFcTzO+yh;{}Vw8>_Gl^3-XTDb6
z9`M<Yh}#k4Wg{bttM(b%*%Io})t}u?+-!{aeM~G18@^CZUHEu|%YbxEun)b;$apnm
zVe$AiNt~L%q?w*fwyLo=WA}bxuW*aY0gK^djzYI|*h6V2UKj(0;Ia|whG%<r)?H13
zhbix~er4NEq6**~tkN6!8K&pl@Vq*DnlHe4uyBExE|3%06|P@6z%o$>@o5)ctpq(Q
zn#dt6P|PJk{8gGP#^y26BCBEK*uO$Zp~(LdT@2k&xfK2Bzz1^gk^aP{-+a8f8E5un
zc&<f(uAhaSzAZ0H%ny1!A1vl7Pc5u^5pwNd+L$USOJ2Sp!!iJykiJuW*v^gRuDkzF
zVsAdWzNA1d!PcifudlqQhx>khMJd?0LB7E|v%Y(oDVA!EdzUoE5LIAsB)O7GbjZOC
zg2!X+_C>QTIO2LVP?^&XC-2m_XSZ~{QluJ&oO+hor1$Q98?}KdBc^stOlT;$u;eOg
zoS)mgZg%%qrqLJ=IZ-MDB5{o9C-N?nuNOv_BC{w*cp^J&IU2u3@g$NTJ66$o+4NGC
z3^^#d*-6`CMb07>ZOgQuNrpe&nqx<=BT)Z$twZLo_|&n&F9_&j-IyfkS#k1!v>Dbt
z>|Fb6F1v;8gPKsHu_hjd<Xjh=N|0Ko_+Ti*^WbtfIfZ*@C)-fPNw+DaGI#@bjsMj8
zMY=1om8Yn=bbL@|g_@pLD6#oR)&_iB!>?XeVNhBeMRMQv-Iw|TyG0Owq@pxM>xib9
z!sr_e0&9b0*pSvmo~nVo8)sgDAA-D6n@!%NWLDb{THAp71Fc<@t0G}0F@qVdY(KVb
zq_>}=eGkXqM33)}(f>$`<EGI;8L7eT3t1`WzN`P9+Pmr*DFuI=#m`>^J3a8sUhbLj
zf^-5c*iP7&lCjd5(<q<B5qO-)e%E~pj0LQAHGc(pMi-P>Pt^w=gYu<ZU`X1x<;8_G
z^I~XQ7sJzmvo@l`RSG>ubnhJeLslcAo7DOEyQm=aYE&o~I(70XI%ztQOp@C{F%Vab
zff@53%QYSgw=D~Pqdrq!RA+&Da`L<X^338$>YR<-A72(4Dm{vxWy$V+j9a$2d~uxF
z&+lxrPp{iwpXp)-5TgK=i?>K%c5V!mT}-LkHK$Ju`T3+jtk9;)<JY&P4lNzhA^y~)
z?G`^Tq%k93a8l=ayozT?L)Q!+x6uEfPeHn{UAt@(*#hSzG|pIXZx&e+K>jjEgWtk(
zO&6YIZA<9Ckb2Hhr0SAv_lrd^J82*Jvv5#7o=>D<bWv>Hshoi}5iv7y-*#<?-f3IF
z!;h-48F3U@Na0TO7rIm;Gyl_PBY73oczHH}cn|0#pypP1MHa$wkIBNAPk_YtTo$te
z3Z|+qkSao*V#k`##YgbGY~XQ60Og9l=*7BW#&ez7`N(KpzC~O_vbfZl6z}_Q2Q$lW
z15LU{sLC!9YXe9j<X(<Z3YSRKOWGt3OUp}%mr~HSWrZx%kH$);P#npiZ}nKUz4edK
zAh<#W1rc)HK3iga-?tZ>IutjJ?~N?kU@S^Fe7R-We__0QNBL{Z0fNWPhQi*;m0rsn
z43=T#*tGc`uP%tTQv6rZkR*b01bEr`&kL2t?7Qooi5Kz63GIS%JcG$@tO)dJ#iKd8
z7K+1BLsSOr|IH;0p#=WNsIb@IF2wpbK^NWk<JNM}nMF&mEuT)NK!f_*q9!VfB!a0z
za8V<7|Bzq3p5pi7mA;Y++0W#25<JxZ7hDxei6hX(Ln=045Hqk+9px$QUB7iuknKKC
zA;ma${U3f;^ZZIDssehci(NY1OI^JX)1>no^Kc}ons7aElAbC}c@c#sUaFR<x&z=X
zSmD<S2~e-^_NFXk5hvEF6ZI@<nMlX&Wcv4?`bZ@uXm!l#$w;Wx_2H5y3YB<pW^_=0
z5T~W*D>JT<;s{GmN8oP8dRX8h-EF+|0&zb3$6|JbOp#^`Pw_{mg1^~PAz*8%J#!1&
zhI@fS7HIa@-MhhkBHQQitXHH9u1WgxzUNJ_S1g{BXM_F5VdyZK;e6YC7?@aK$b=XT
z73qt}5)LI+ea8uf9BDB~7J89;50+uP5?RX!4UU<=l@oWmHiz73r!#4E<v@V_CuNEP
zf?;D39kU=GrQjU@T}%j=IzKVQG+qYdu4rv6CyLq99I;v!qDtuu^d*}Nzt%s{gU)mb
z65V(A{KQL~)<Bt_L(lrHy>wXyD<S8G=GI!xfB0kn%``wZSds9Xm=VbMUHVSku8iRM
z4F_AEuwO_iXLLwB2eNlntB6_$&GL+*=4bxm&kiZAn&N!vp?8$db{0mN5z1C{eEiPe
zZHdul<dnYQPhn4##>k|SqjbbOh18AT1&nE3cg4<O^r=O^E)1`8Gi7NhsjlU5dhDF1
zvn3HG??K7LN4MYg%@#!Bp5*>(814pa|FqZosNbfn4T#0C#I}-F#yDk_SeEz?*V9%5
zEf;JPrA^sD9fCwThoH<TEw|B~@JO_Y=`_-;g1)Fd8S_Wp^B%_Kv}ZwleM}39)@gBb
zJl%;W1;gH|oev9auMOF1fwo+`^J$!dlX^6}*4-c%QQg*(xRVtX*|-?`n26rnn4o)L
zs86Xw$>_*)lT&Og6}&{Q3bw37NRBEkeSNHIk_7f~xa#m=J6l(^_VZXmuo!a#C<9g$
z^uABir|(XL?DFsa{)*joOErIWO}nKtyikFM+oCl=8K1kq;-lcW^R7jKk{c0=3HHy}
z(u*&pf4M;X5fBPYEg?!NhI-G)DTtX0!itT@mk-=3Qt%rNK4qn)-g)|!-?-KG(NCnE
z7%kfBpl~HovQB2sl|5jUL$xJOoeTbRwGEX?^XK&R!e#F0_+44tr4E0FNS%kDb^7y|
zq0moVUj#ZT;zpSSk5hylfDYTVr#CQFJ?qInjgM5J6C1Al7C`cbQA#0mMEj;ojA48u
z78j&9GI1B2eqG<;?Q!nFjvQ~MqQL~`tdoZGkv2+~aqC_5ZwGtb1xxblDYuwCzOcYg
znIXmn#Pc1Rc5W*}B_D_<UCU*ZC`D2w)@v;i6b5IGsu5T!(cq5#oQgM|EKOkWwOk_v
z2<+sD62w9EqukR~8Vh@Q*@yP$>p~B5_jNPBQ2{zCe1UPtfe?+ebe5W!)N7{|cv*b1
z*W?fP(3+@ew>Ud`9?vw4^=ZkVKoI?(fm>GE!~tgpQu-C(dtHOO?mv)+D*r)Y=nulQ
zs=Z@EZ~S+PTNufQmhlnTL(U+Y)4v?JwsJ>QM5Gg|6$Om>dc|lZaAtS<SoNi72ABXH
zP*1dk;`akg*vAnnQ9bxyE7Ga34Q77HqjojXPLC3M61NSG=eJgi@c_3b8k>oH*ZPlk
zjhjf;D7;Oo`zDV*@9#}9#B(Y|b&T=T-Ih@LV6h8U;ClC=#%2h$&x0H}BI8+;R$mj{
zU_(4#|7S__fw*1p<>Yds!jNP++acdkT|DiX+Np9zk35;#ui2@@*Q}RbeTF@nIH|^B
zy7m=27oN_(8Cr+r#SoG$Uc`X&!lu}9<SFd#JCJcwMo^$DR7Ks2cE_vOuk=S*zupgW
zsD=6ch|5|cxBQ2Y4&e{Pe_1xlpPV=1KKm0~<ewO`S-^j$PEP7Iw}-%f)jH!7Cps#?
zPv6LDKpLb3Y_8C|Q&E6{?iXacU1CGF0ZB*XDU>3+vHf6O6q$~Ad~UmDE2x7RCuKSD
zv?C3lT1?EXf#wr~q3xk1Bg))pA5RfL<5`nCfGCHTC_`1*(t;e(P+uAv%;DG%4f)`x
zgOfc8mua-F4t%K64#UK=PlcgI3xl<Tb{D1{f#a#9)yqRJrl?V!)B>4EUFPiu%kWH|
zwg!R}g^nf6)PbF`eh5B6D9PX^@bJFive5oyQJJt3k>BLx<&<!F3PNi;L;hMV>}Kg@
ziiJ#fEbKwge6<iSSB;usyG-LX<-p~PTy@4D*T_;*5r4@6U4qsi7q)42_N76B@7?ex
z(dX2VkFvqHaC{gXZ?SS>$T(sWGxU?YB<JXzcN^f2m`pECXnYBrPnoHdQt{s6j1ITW
z0jWTE)w%7ZmexhiRP%z?rI09MYtR*VTN}ySp6eG`aoz+J%?;lQVbKt{)nsv;<4*)g
z)w;SF`xMM6HxspdYj!lQc*_E#1zFnq5BTOtxkfwKytK&y+oZss_94iTnwG!>FQ2Cb
z8Q?Fco6E`PNwUi{jWJS#Rb)=J{$o(<^j~5j-q?S5c)#bB+4oOO#tsi2Z)VSQ{we4p
z$aVis7BPzp`C#Ze>ggi`*Pn`Z(xJS3St=&g8peC{<;}@K2C}xWCjr7%Z&h_UQ${c7
zg8!c3cKOd!{E%PtPLlxpVORW!xfH~B*xI}cLbK1QB^OMw(S_NFzr)^C1*>~_kM575
za*Z2JwWRAqrjF(hDkPOu;EMNF$J{Xn2sIpv!6V2&%C;bEM_G8YoL;Q^@GgSGX*hTw
zdbC^^dbwm*_5Ke-K)k<CgJ1mTp)cxSlu{S;6Zlt!?+oA&gFmS+oj&3|0qU0apoT;Y
zdshBFvpnjWjVydPVy)Flv?MRkfF9Q$Y5~}HGDJw3{=qnr&IcN+%85r)2L^nV<Sr&J
z0d;7vt)m##qeNvNHZH(ZA~oJcxTjle3b}5s*aI<X9Ha-YMk_8jn%cz7bE*#~!qY4T
zvZ*xq@Q=`}2VB(f^(yDL@NbUtal8eMQt!4+Ph;nRZ~B!R0fJc_8~KE=v!qqAl^ASL
z8@$N3BlObRZa}}DqZXEEcq($vN6oBL2xD$Ks~`v~c<;W&m&^n7h<NYM4w+tkIMPj{
zGfaA6N;9>&CkR&vOu@yJS0h)U7C_OWpl{;N`IjrOs~e;hj7shd`d<HW@XOqApZZiY
z2k5z=wh?#Z?o&fFI8Q?si3N(bfHi(oJg%nZ?y%$OX0<kob*e(f$oTu#VkCJVq5x0T
z!Qi#@C7b!+)Z^Ye1*a4<TU{-hArCn}tX_7e8XO^by;U=xzP@<W_;sD6@LN#VpE+MG
zXCNNUL3|!x^b}s6I#L^~U`fN3Z|~}n9Mbcx>r7%fOn2DjHUCO&Qa{)Qz9$<uaBGf5
zbChHGo3?bNFtJ1V>Kx)S5ncSORH@%NvI2oNVP5QB0dN*hc0lrV0E{EN%Ybo*`(gjS
zI|x5?ZmGs+p1`48;V8TDI;(;SOg4JPa}(ifO$8kJCE?|6CQ50xk94#gWoFV{(L{lX
zR$F!3VHKq)qEbtoxxO^R?b$n%kXI=dPrpA)D9(YiOb#NOfSdjfjiScxeylBksa=$6
zWqR!DyjR)Rg@@h;f&Z4(i-=QO`+ZYCic|AZyu5=p+K9<VF6Qhi!0>Hi4{@3rbAbv^
z^T_H&0IGXoa%m=3#-|yqlk^P%YQTm$G7nZlVlQdQJV%a>ae-O~eVW68JCMqB7Vk`W
zDIu=~q<uDtRV~u4%Ko8pe1m#rd2x7&|5Yh85F=Aat_o)m(HqcZKjn20tjLO-DX%ns
z%<i6CVJAn@^$%$z;SC$+rBu$oeH!4lG~>reBbULj-H$JI6=qM%Q+I9MU@Q2ce88-8
zXr4HQfI(mmAe!g<8LW<|k=Bm3$v#A#;><rh{pqla(N^0?$w3DSQe^#J6tpF5lghxn
z1x>YzC29LT8`;TU^XN9l(A6k8|4uoerV%U%Ec$9(kxQA^6wF|KJkzSH@oD!-0+TXD
zogS2JOoYI6H>iNyllzA1U7{o?wW0B2f9Nk3lvf-$@9_tfKCfT7J?Q5Mo$80JLz}RR
ze#2i*z<Oz@Ks*2eG3ybuIVUU}Vb-5j)ADca@n?%xTm-bk88yJm;lkT<yDg8C%qqW)
zZ6y<eJ0%%__;@ng+?6(6fUH&NtC+3G0>*GXzyE+K`~Zb#RrnJ3jaww3OEBOrviu6Q
z4{GN@KTkZy{;v&#O4A6ODJrL+Z>on*%<c&FTk^rU_MIT9n3jp*e>GDH;b2@drxGe@
z)$$!iJI%^Kv;Q{;d~$7C#UQT^CHJ&PuIgwsAnJyy^pAy-W%-Z2^K;Hl`<Nbk<WSl0
z8=D<Fc6>lif)Jv16hu$oYZSp_>1otVX51@6^;;f*KD|w|WHUHRU~Vd~MRYjmb&K}b
zv6BEF(Gw(&`}|t#A^F~1tq@_!7O+n%5Pz!X>qoE9_-}khvY%XvovXO(m;6hd+t~yO
z31yP-NS1e!gq@pn5kG`2xlw{Fa{kmasQDE%=U0>Q!WC(rCfDKmNB-%B5<NRa86)F_
zD7F%ECvWz}9VfkNYqeItA#4FDZ}dQ2B9M)(zrcUsc0(9jo|hDnqJex=I{18{B$K8`
zu*Tz`#^2=>XuyIG^vc%U1FR*1CBh$97Y*wSSfv#Ne%1fBLt?F4M7GM7S*H6zo~+Q)
z4}b}E-M4Un%|r`nX~p-+qPkRD{+;zz-A@%y3)YHT#0&s=Z_qvt`^XJi7w+pkWAaf!
z)I?!!o+yB&9Mgi~+EfZq$3v@~=2ObjB+}=Yow<)H5D{Qt%mKs7A3q!7bkr#+M`dFs
zeN}mYB7?M=+QwgRol^>HsgQ{&P?_co=BkyU%nuc9n=9K~p2)Y+AayvdFG~F#PBL-V
zcZ)orocg#K8-5DBs|O)rqj>(I#x}rrE{#{x4bbB%byNc{u^$Xc>2U;|d%Ih{sR)%&
zhzG%5;uezqkMOj9T{L2LG2xmwz${2OK!?gS|GAVFF;J(4#~h_ymsp}In-yKYKZY)$
zrC_zO{vr}sKRHFCh1F?VW8ASO2&WvfMG|Z9F?|r)6}nxO_PkIr7~U97xsIXS_Q@V<
zt}K`yY3okbD**F8iQ!z%2?6Y6)uOq&2+1qlbZ3gC9vQ5$y2v57tAO0dJ;5gfI7N4G
zQJHEL1G!+wG9{b#07rYFIc)JfV{k@y>YM^E1s;<ZJv<4xOrj`M9W#j$noq}!h{;jO
zN{SXAc3ZC^6bzu64y@Uis{0+o*zm?gO=?~4#v3B+?5~_;aZY^srJW3=@Q*>W<~;9b
zSMZ^408G+}rM+m&IP9Nt2b9!jKzFS^DBa_x*+U*pO^(jz!<EH=fK2`w0BrG`990;#
zwo4uiiu9|cO&DjnkuNe(NIeSGi1{DUK>&gp`N7Z~apU_NYzwO7R=@73oYezq5q4&-
z_L+HICEH!aEDvG3Mgko{NThfG)8}QUY*LQ!=D1@uVGn0JTn5wUYuG`>@5Elq8R#KN
z{@-qo8<h4i{Y_JfhOBs=M^<@eojvBfC|E78;E=Y8STfbszd`zE49=Y;k>2B~a)cl<
za3nZaZj^o4G*sa#Q)huaYC>Gg-Kc_~YGG!_4u|#yq`WfPTYHR&xYCzNg*B2QRPBoZ
zY=}!o@*^++Qo10M9+mzfzPT){;t)_&blOUu;E2YGKAmMdW8ZfdIpi(nH7>^o_jZ-$
z27y++;*L&_K{v&+XwQsAUDlO;d&x@C??<<k`EM%>RmgL<lzQckNqljxCdN1~qRH{G
z)4DCasSD_7o6U}CK@mjIu=~Q#BX{d_iNgZR@b&azk{^!IvvO(GX&)OXdHD2RM%6Ae
z%sXE|URA!k*`VIUYK$`G>O9oS^+>2UkG;pTX5_7nvmVOR_Xuc4$jcCoMmuK>Pbo0g
z+g*OVH^&Fsnf5i*qPsq>5fPfc0K3_ijZ`7tut@FE;zexrZWf?45pRssX&<<#jYdM^
zEvGgVH(nI<_0DMI^H9tyM$O%fasGx@U0GF2dfQYd59Qu!1(b^=<1-+zxq|kv@nGcJ
zRo{qM{W!D({F`?_=Ajh|-u$^@N1m<q9WkM^8WlguD!ybxMZXPrd?DJsgLa|Qy1hRD
z9(SwcSMc?30uDhVJ2P%CZvZ$vHVeanLz2k<z&!E&nHC237=X%^O$cOZScyo<>^1}O
zQ>QDf-!JF7>qM~yxIMFRdkeme!7HMdvAWWDw({N46SFR~>2$mi?(Mwy>JLHaS!LG`
zGyZbdleAzv$p#X@trYnCI<h_4<1xxk09nW`msayDB$Z`f2*mjKf}xNP`F+4o`~`-r
zE^XMKl9<O|w$}7Dg3zngYgDZ@<alg$)?(IrtLBXsZ@^JYp97e+!@xnwP-_){Rln+T
zxoU-*L>*nN8wEokE3{E=8a~IjpN)GE+8DCr?Pu^)RKAWOpUX=)L&{1OYQ}Z-fnr0i
zANr^~s?xZ1KrJ=nr$NKMN{%yo@HQR*BXPd)<dy{PIqXJ_hUQ+AtvjxQiCBS7xtAV@
z8|hkCaZYs~JYv@Yp$~8hZsz>oJr(<#p0pB5|KCejz;eDTqXG1f%43cUie{E!mek;A
z&;MkU_zYja0Oy4|_dww&ni*u)H^#XJ6sj+>@$k@5E&%I6N-c*-Dw3=*qC_DC^+{RO
z_Cv#RMb^_3!<&s~ZLKEHU*e^RK1M~d{fPAXJ-!UoGF^~o>aYse>G#c^@nuUp9cD%J
zhEFpdrsr$UlB>5bLK-b2iPwTXaTR&iAtPt!>x<NB(5RTAAs%@6hFW)K4}aJJtan*4
zg>ezoW8HW?_lA*GE^Y8oHm(QyGmog3Y;>0lKp!i~VH)&3IW@U83YbyYZ{vB59ZmUU
zA5r{J7F>caNsn&O!8y6%aZ&f^OAQ!SW+pvySI^J>^Zr~4MX@b8!}j0Vwy0N>2}{fI
zkzzPss`#hfRB;xjmqL93Ka@U!j`orzT?qNjIk|G-iZmK-xu!ydN>e(`(%tW0+dsck
zIu!Re3=pMvjT*L}jL<{gY&h$?v*GM-py_AA-7T94m*js54zPzv{m@?%eqk=%b?t%6
zT06vNbJ`L)TTjm?REqF7whIr610_lVdt`lE-;YGJ)GO`-*=)<7TVm5+C*D=)gP9;~
zKTZOpnJm@&SSeopHW4+|_5Xk~qiGhh#@bMD;Wsd-PY8(b{TU()m}9%&ADVCj;W-NC
z_WG$&JyKXI;lv<*2o;*|92lg&dl;H*_2s$MYvC3&fzD-KGQ3$JvH7)<uMTz~+=Fz!
zzp*~i!6l2qmm@m-Uz*=?liaqdX!ieo2I}Gl@svu{@F8d-Ay?mKz2mUGqFgk^n^Guk
zDrYV)xE9$|z1ox`lmyhq1uuD<bh^xC0I;gq1u=|my5j<R<G70@uVvh7ag5e!jHncs
z6mBOfm6dVwpBbkZM+%+u63L%hO@cY(*V+^;g}5+i`3_yg{F`ah@xn2J9P2qePY6eA
z_ouNO7F0p@R@ps*V!moHOE}y;T?he}MSg?kVi9@1{&hb&416bY7S<YLB^0Cj(BYq(
zW?!!mGRjMPn9roqha%#Et3L{?G?tqT`H)<W!X>Sg<*PV%`aiSt@EYcEs%xAUSffx;
z(Y=nXM9-bR7Znq?-5q~mDQG+ehU!I!A+02bz{qewmsY6XlCkoYs5RoRUgun0FTSPS
zW@Rfh!kVSnfG_6=_9cRYxM~#adi4N}RNs`&;>`As#gT1PJT%C1W8(hk;0T#aIj8Nw
zF`GAI_iom<W%(bpqEMmULZAK@QmnH3X~DjaFUYC8*I0bhD7gv6YK>24-+0SHA}YQu
z$}&39r+oxjv%3j@utD9{M8sfIkoZ_LDZCp1L3-_)Z9wY2StbR}&&iKoBGBIE$Pf$n
zt^LfKeB-t<#5S1t22la9P8+aC{QpRDj-6sk1EE_9hKm_ku(x@R`e(Z0X}s5f$Gu|?
z4p-c5w$#GgFR3bTEl5!Wz+~JV0RkR2-4=_+nZG3@5r8CMR47Y@v!G(fKCoMI&EOxj
zz<Cv32QHtZOuh6xO~>S{Q@v*XX@nK)U)>+o(TliN5=sjDtT=NEzOBV|;Fvx)*=q7R
zj%8x>=^}^m{{H@W_%ywM9-4v%c`Qfnd|^$1B{OUDIfMbw_{n8=y_)VU99ose_PcWm
zSBC$J8*X`895*Yv=1BO|ciB1;mYc(38{_D#4`NRIwWIl}t+_pl-S{rA*Dv6}8xFa<
z{9|5ud$1O_iGM813Dsd!(SIpQauP^JVAlZ8!U}0SSAY#0f#vc^H`KM{kN{sS=lXbg
zzS6i|Z$>q?zL2iZw69i!>^5V&Q3>dsJ>g`xXLoVil0m~VJGY#v;N4K?mA5aKk;^|`
zEHOTMf`}HC5jZl_|G$(-^MGoo$00<{PzO-uOOZG|Krk_<UP`I#;wlY9cg+b%=294A
zW2owinOedXf&_oud{gK$r*azwe{`n|TUjz?hVag7Qcd>UAmoo_8}Z7B-H%6;6bJRJ
zgfO-%i#^JoPn=x!`M>)IDpNwdebb`KJYJL}(OGuO7InBr)`W+u2K89AJqFmhg1*iL
zdV54Nl1XE|IfA_$j7J-db!f@h5@Q>i)1q{;l?5cfhQO#I>Sbc-%}PV2&udH{!-9}V
zm+R>vy%^W)fL6@{-f9(GU^Ae}Zn=&MP!&oJWuV(scj7k#>LRWl*;!S?NlA1$EV^jx
z31{zNJeVO@Vm5Dk5lrmhGPS0n{gw|t_uCsCC=#2Jrn`TnhGwm4Ma*#6hS0PJTu#^J
z*&%G@p6k42;zvWYQ0UH$+WfGMYU90?`Q52n3cK~C1joktO+=!Z*FrqilyHR-?p-tl
zE7b^XJOU=b<3Tuqitej1;$NTa6dl>rjte->Sa0xyj20U5we3)*MF=yKuWY>BKBGX3
zLf|t}app4`7_Xe#3vD!3vV)^0J!)mqvar%r<ooemlT>Jvj*5RYJVD5WRcdbiF%4Ms
z<3qSeF&6q!jRjo0vR!0+tLa)PmB)(K_O4m32J!as6=#`BO`TW2=yf+Skw@WfZ{GnS
z9g_o>u0bqy32#)9E`N?MDtP_MWDs|2MaU2USC5rBgJNt{aNFw>%2hjq=&{fW4%95g
z906LCx<yk3>7DyPlvI-(Ti%CyY^{uhl40B_T~^(jR$ni+c-TTX`(DI-N*od)uRu!T
zdOsWVr3?fX%<p9E&sxQ{%npw@8fwC%?I3CL6uy_hB{6|(%>R(!E?#s5L_vrH*+kF-
z{La$(26N>{uPsue*uW2t@mm>Zchq?KUg>V;KRr-A(NAebX=x**dc|OmLONFTShGTk
z>lQgB_Y|cSF=E(`XMsc|`PkQ`F*2ZAQ_9~5DNlDWZT^W524rHIEZ*^he+jThbE$)1
z!2jrQt{TWa+!lS><5WM;&ocAqbF^pzn%V8s+@;)65N6|8Wxmt67!8UR+Un5iMi0p<
ziDvrKj8^kVU@LAo)k2Y6p~~{key|qNyj5^K;*xI;EU?%irnP$&Hi@-Ce#Rwn^dXrn
zsprz%0T3p{8u#0L_FCS5;;q#Y`Bu{^EInr&riKNIO>6`Gm2=*-YjSR@oD$Sy!AH@v
zgoK|+czu6=Ti57-u8<V-$U~s=4ww*WCK9~>T#6fgn|n@dAao0k^lJpJ+i>I?CEQop
zx(MpD=u1#fAm~?4x&`RUYDC^xFOOhS6u+T^*A<NE{5@w}3s_ibFXXAPs0Nc+2gB}X
z2!t*In~b?9ylE+LR*QFKXoy#w50T+DF0&VoD6%6e?eJtiJ)-bl3P9h=gXtK~)v3Y3
zRia<`uaJq$6-a_q524`$&0{k_dLUPVCJk;en@4zGN%Kaqa-os9nt*RQYAtDyEEda`
zWvVmt<l>9H4GVMzn)^_g+1(tOEst}BV`?M?mco+Je2owfNF!J3WvC1%Uy1#Ga!I5$
zTNQ#ZCF`nNCM-iZ$sghW9+JQvceJMxED)#QK1Fw+P(m#iill!WJ;1*Ov>q=|0WqpX
zQBkwmSx|Co8ISn9?3r{A>{)&KyqN=;juCEJwRDZw2p|`VKrcGo6P!pQxvjcdt+2iL
z&-adk9r_a3`Uw<4GHkIpKj4yBnVaGUX<-j3-zEDBGCh7;ooaIHMlg*YISo!orCQdL
zp&C~u#u@u33I>ga#+9xY<3DfXTi=LUrQ{GH#wPA7tPIl=)bDsUb7hZeQf-_78Ap1h
zTfQz#W%mVZ*m9P0ACRc*g=sWSj3ko4cCXuxY%I^GUP8+QSZJzMC%>k_Q^Z^aFjb+?
zIEJRQI@Y0&Ae13Yh(*{)a#CMM<xO;2>fWZ<e73Gk&(o;1&SVzpH8br$Po+O<7Bv{#
zJ2!uo^QuSU!pjjI(XMDboj#=5drPI79z$-wCn17#=2;8s?(r25nC&J#NQYG!Ul>cG
z&Du>jpT1QI;cAlU)0(?c2$KXtOvbJGKxgbm_|C6Z@)h&5Y2s*%k1&`Y!Ge{o<Q^k*
zI4@J7wM#_c(DL+?SXehBd{~1u&Y6|9P^S@<{ESHW4js^@n!aq$;cC5sdGKjN+F(OQ
z19aDM0Faw8qRm>?U>Es}u1@&`m2Sj(&$-(3K5k<ZkLE!x`2tVu*&801JKnJ5kelM+
zcO}_YMlD^UsJkx0Cbuz6*=%DfI?H0_8k>pQlRWt-_zw{fJX=)1N%iqO8pCEsbWKP*
z#&ed^ev{^n#87{stfNa?E||aZ=%kvl($S@oyv|hUX@$$FsFweBt*kzKF260Lk-xeQ
zT5Bsp5I8TehM-b+mS)Zx;A@PTk0V+;r)b0LxrU!XGK`O|N)QO7@WnJO`Un0xp|&{n
zBb*SGbPFlzdWxM?Y(tU~I|MpW_8}0K-A>G5jDV1sPY$aXmB+I4X=)IG(@@2-9frOj
zz(SyxJH0~rM7DLl6m7Nj$YdHT9O<P!*|+^`{;O&oq`Wr7vEwd6k;3f|j4Ep~rCZjq
z0@{oCJZ&I2NBuy;-%@6yHdTa=aQMTZZy3usGG|{X#z)-2Ea0nvTD+sLpklVy4iMFd
zeiu(eQOa$2fK=Kw#Ps~DRaD>jn4jc{p0KL{SsL}=k4=HGU_HwI61MvF2=wWazy3(1
zU)U2Jn#3!hbRT*;==J%Z3OS>$=1dQ7hfs_!f9wS#;77?&&9hWR?})dE2vehK6tNX7
zA0+lyEtS1b?$$FDs3NB8Hq0#VTe{<{nzwf5MakreD5VkYwF464^g&M5esLq}F8fMN
zLR0s(!H(FIFr2T#Cw?KeWnr9Bs;Ziu-ZP`ueywQ@iWc_v@7v>(qiQZ&9zl<MJu-LW
z7C@DRRw+X`_|IBWE}(2dT-m*A_<Pw|VI!WVdDn+B((&?5G!$XjstDYDRLQk|4bG`h
zg|PIdy?QFi>O^Nij#^O&3@=hB?%dJVFMZXYw_UsmF8f13F3L1gKtY;?J*`tThKDp1
z=ClR(UHYi%(haE4+d{@i3)9=u88qzh`+Mn;Mq|eHb+w-4%3{Uo0~#Ohag61cC?-!;
zfM3@;M#K?nbfMC&S^Yuh*?2fR+JhO#>2l?rWDCw4b<)2O>G_D<sB6iRMC~~*sKFgs
z`+{?_NrI~%GS7Oi+jq7L)*%!z)xoT{-f%Eg&{yzzEfi_$0HgW}m{ovF2)%brM@<*6
zkQDVavda(@@$O4HT4af4G)k?T!vlcnPrOA<Ca~Cm_cZ&5XuuL^Q?rzn{T+bn_uZ>i
zWpH)SWAGi+bm*?MLY#d7!JbxRy*Ie=J!1R5<KV%)9x|244B2ctunRWkGI`v30}+-G
zje})lr*Nj)ES3Ea%5#v>@vh9+V6*F77^E2%6$#euzNd>4#iJD#ik;`YrZ-#8^xm+%
zzI{b|XMWnmsr6*gcST5S1sYxoq0N@3&;G3pd0J5fSN+ZfgNaxz;@!>)S}MYBP}~_x
zX6gOdg;rl9r#UO2K9(!LZy391^KKxUBey!ShAcx0-$&O~)VDzSyL=vz^y1rUG=!-U
z_6Y@`gP)SmktAuAiTQQupF|LR9&AiFlWkC_bJ}C_h5ARGx-$}4&(*rEB)BW|XC#g|
zR153YP1))bt{C`sgsouX$B_Apz*vMqCgz#?xxZ(bRmFPcF>z5G><CM-u`(!-vMKLS
zJd^d!0`fXFGD8n6^vBZPCRu*ss0zGGW&Vw-w|o8Vrv?E-kl8FnFoVPmlo?zA>`k6o
zy(ebO)y?KyHQes3=5_K|b2s0A0}(|iiPX+Lif#RiAN|u==VygJcfu_k$_c8|V7QG}
zCi?p6eL|`*5ZlcuQ)lWIelX%&i^Da?uz3LdiNP(t1#-ou6HmLyN}^7nWMi<`Af|En
z6X!#1oCk1`^ViH7{w57F$E>5X8^c^vZI~Pf{OY5%acHWk_EO79sqGf$o9mPerl><N
zETK`c%0XT$Xw;yKs=T*#H3)S~mdi9K+X;)udSrF^5MkdNOu0rP=e|!evty^k$-to@
zE4OOdwkJx9>aP0x%2$?+A8?3RF9*mpLx&y7X@Cm)B`wk-h$r{CcKNm@_gcdv@b=VH
z&OXuw7iTMjY-Ti6;%JB)pO0*Fm4Gp+gdm(YzTh?O1cWdL{-+dEnCS@-q{lK{g!+mX
zg>cLm=KOM3{o4WYYQ4AWAD2Nl92<2;PIpLJar0BiN6t{3(1Ic8N5lxM6~~~a?<sqh
zHj69BvU!)-X@ba#0w*xI3qYnSVQ??P=i#Xqtz|K+OiPO*<_)>uExjSznoe?H;=tQY
z7BT9~K9`||!nZZQ#H_uN6y??!<N7rV&J8Y4ko(iDt|_HAtx4`RS<Il|Pu;NYz=iD9
z?tJ~yIG~ws-zH<3t2ENrh`?A(PF!4y-qZN#w#O-$3VPl$^EPRp^m)F{a$nh7J>A1-
zrXN_{{yPE=LxqEt2pbDjUa2s3is8yF%?;U9tcWrAe$44pZ;nt98L&*upzk0?n(Jeq
zZTG!$AR>N$+_Hf`M3r(~&Or#1CUN$%UG7{M6`2l?18sMp!<9?cvZONf(JrO?)PRlX
zi{PK7iwAsl8l_5~VSIt&DUY}Y6BoTO<-Pw@S%D?6GydYNfgXPUMCpoFd7yr=o6(hP
z*+#k@X>e``rS!=gF-Psq<KFSuwN1)@aV_2``4i$f&90nvK@#-+yiN@7vJuPpl6tvJ
z<ufTK&q-T5yqetyD*1i(^O-ra)j+-7@X=>&u!+nCQ^_Z}Aw>91S-<6)Zim;rcHvzn
zGGw<d1{8`R=MwNQX92coUVWizLyCzW`^z_xjaeHJ2N_9^y@H)8J&;WDG=wUKa#|6<
zLx3~(m}hNaZ4w=~B;kUKk;gb|FWMjhpjE5&uYw8vGAUr4)+lh~`kzXbt-P4j_t=3s
zQ3jSO`yrt!65Zxgs>Oj;WyL~4;@{RWIDpP_GIl?4<5;lm>BPc+gdJf^B8*C7HlN|R
zt5AfFqB&n>)Wu(1pz@1zouDvl{AffUDiL+l7UtjSF1z8->p(E-UX)O0M?3vB&P;mq
z6AV(e0>69UMzuSk@sysMQRowNd>;C*tbjU(D1wBQv$Eh<5@+K|T$f9p;e*TjmZjA7
z;CJJ>S~Hj3K3EC}XyEX{VdSv;@{)F@bm#_-P>6R_g)HInDUId`;N*p?D(Ikv1a0bW
zC^!YOm{8talEPZgn#H=8M=4Ph8Z0kwkg0M=*n+qowtSQCT|%!X7H=rDs2Mj<2YOM-
zKVMqTJlJA119CRJR2suh7C9DpwM=ht+?dml0I!_cny(u$K+;0nkVKSuXoJLu*)${p
zkw(Us!{YidfWXvUQ;ZOu7;;em_x~6U12K9`*|DJ~_VX;B&{&k)hAf*2PGMW!B7%7|
z)2y{75gGa-I3ozAf(7c%R>W{WF^S~)YM^fLSX0SJ+R@j@$)QQ%Cp9%jJF*0X7o9`$
zs8P+6pF5H{In8@byYYIIOIWQO=MP>yVkM%Z{tc<wFJ<yT#+{)s!PtT~y*{|NXMq)z
z=lNGNL_lyQ{1Q)!SK*usg|H917BrTYouauWJ%p+F(S|6Eeo_e7<3XtwO}-mRA0Nu?
z50$+6HZ_d_0YQB}IX5an(S9=`@=wr>S+EgA&d0QhoU4dQgN;^^ow@?FU`v3)ao_VS
zYHvj=Pc$(^v$%cSkz?Qo2lOK9&?)j)G|uG%+`Kn*9Jk=}T*qg#i5J>|b=93s2>s?0
zYOx5dNy~jTCJ(SEoLZ0_hsX<4vG+ffRxAV_6~Fxsz^J7O?1@XWSv5kQ5wkB~^hKq3
zb7)M7QBSJX<yT)xLp*4SD}|{hnjT#F9Ypqt<#{#gZW(Z<dX>y<<S=FR8gjO&HfsYf
z{fmXPKVwL>K|HfgTfBpSLH%g5oM=0iyI)b+4>$Jm{)V-WnTI0*QIk+*tXn}pO6c6V
zR=fcq!DoGYp?LV?P0WAMc68%b+BQ0HdS%xAHpfiW+Ug&GR%X%zg@5QYy-M*}Bsh)g
zA^q=k=c*VFjJdjVjhoU@WS;pCNcTFB#l`7~!odJ%enen#iey4+a-0?}nLply-kRlg
zzi#jN_4oFoeT%FF`2qABj1BzX)-2fcOH@3a3DmBFIg!~epQPEG-V6&6>b?4JAOajv
zyTmFW&7HO$Pq32AQXAuKH0-nOn06ENQ#j-z*?v;#v_|KSV0Z6b)SCy-VTqFu;~jky
zFa5b_X}Ux+oF-{e62+*N!@Qu9Ym4^KwEi!C4kMVLBPT&$K|Mon8B3j#q&^h^!Es_L
zURk0$fGy8@$!>WJ+*22XZ}}8~{@7gW5UIan9fan-veAy$htB8C<|Y&DmB-#cxfKD^
zBE;aWW)xP{9wXxI67fW1${Av{s#y?0v#-Fh8Fn`KELUYO4^bd|IAb<T;r8vyZ%i4P
zZ=(WoimB#L?(++bvoxpcZ4ifZC~3~GyoH8F`_Mn6lW>*$`VH59AN}*p<RS&$yorvz
zJP(-O`3jzcv<ctKKNO!5yB<Q<pz_Z2bWe1*aKuH%5>_?(y2FPVDJ5RS`~$2B0A@9j
z--1xmMJR1Q&-{hv#OLD*tuBdmf2{{dR2bZ`D`G>=&}j)Nr$)}tqn;;we*=W}l1T~u
zZL}f24hrz)!)nC=nz+dT!$Gd2dmO$UGwVBH?>ypkh{@fHz7d!f(pmQ|x31pr#f3i@
z=SKQ908PH#a|k!{9SNxD96b1*Bg9n9vtRAqUCTY4la!2h?o>ux<qjkP@bM}p*FW2N
zvUAK4xP5_hz{H$Z|ImO=8GZdVdSAFx$pk=AQHw)-#7R%>-Qr~MoB7z9NbntknwwRR
zMJydmN0V0eFAGg%k;D9i4$ifkE^>RcxOU8(ilHaj=(-ipeJa>DZ8o4^&7RGTg_yc(
zoV?33|I!1VV=^o9j@lQjiuWQhiYy9Zh#}IabEra>iar;sfeJjFaOxC3qXf6`J%{3d
zRa8_E@*&*rKEyaW@5sd99H)BclD(>536yIH)grn`>vWRz$byP;rK(6mHN}rNBtJr{
z1+Dcv>^;kLnv(v3k%3{MP<@-A;@fQ@W@$JqP5|kZl}GGWWC$^m?c!etxko5O;#y&I
zo&jxk%aX>b4hPSbn*=|4I6*RvwZhP_l51}5%-+2M4ry-!iN17bWrzb4cIn^h5d<yr
zlR(3$sfGXUtVX<$p4myuKkKAZO^lX}q$q%Vx{`UXL15?%Ye3?sCtmqJ@`gY)C;Mm~
zz>dH@2|InP5!>&38{`J+Ya4N!e^9i*DiIQyO;;oKzk`#v2@Q}HLwjQqB0Z#Sl+i@d
zKwqLVc;~tz9o?HYL|&{5X>(y4TQ!*f$rsgARZo>+@-EflQDE$cJ<eo3n7t#K^G*Gn
zbCiozU&}Z0%=$*S)52$!*Ux7Ne;^X)5rM(?0UMj54ynXt;sx8AS1S}1-YEqyQ|ylN
z&QV4;n-2Nj=Ih>@G#q70uYoR+n8@9I)DUxfGGPh;mmPgYkU*0=(jxX*tP>wmQ?~)8
z4s_a_x0Dd+nOc6_2nG~Ti%CGl-CqDBY!m_yqijd?6u`mkF6Pkmpv+0RD8H7B)Vnq?
zd4KZD&7B@r1-AM-OuQM*9+t|JvdYU5!^P|Q&_~YZMikX!x4E#U+Dkhm7~0;dnt`;+
zPWkeZp4zD{_?(WWH`c9iDz<9@ToNFVQ>@XDt@B61?f?2t@_nd+Tu++JWlWLBFV9~r
z{_vEt%5h0eVdnxypLP1Z)#g2S7=4&C&~G^XCx^9lBKS0hn8I=gVMp2Vp})yrlcJ95
z3=rvhlTUidBZj<Pd^oYb_lfE$L6>X!0V)Eix*egTD^O+f4!n6d55p=UT@F_O;#5LB
zOT0(tA`h3VD{u-Gs0>$P#C)4~a(mrf)mkH0)s)m-W5lkU<gTnErXJb;n9k5lUi2>&
zMygaSE4}H(Z=b==to!PA27dqbaix0iq#O#|5F%N0@fPKVwY<ssFTXj|$r4?*fD7$K
zC@r&?rAJDvS*|X1Q?dCnioVtgvZ+b6^<|JRu}Uqsu{U@A#9ti+A-f(-&n~Tjs1paw
zRP?dD1hLj6C<m6d@pZIW7irK&$9rxmM<B4u!31eit}U-@vnmv;Sc~=U%wOQoEeg_M
zE8^SeGQ)dPtMdd^^)cqBW1Z8CBwms)7^V(1I?~mvy2bmJjTjJL01pf#LBqCKCV-Es
zDVna3arRTG3Sy6-{J8cCW6k%)I91fk*vy>egL+Aj$rioVS;JQK*UQ8p?oK79iNI&P
zRXj93B%@htHJ%%6DZrW}@ZT?;vUJoX8?V>gzoge=U(^8*!nTg{1aTBsK35Yo)>|Ot
zEF&DJY3#mz@}$fG^u4o;uSTi(tChjLcl@4rly8owo|u?4ix+^9t^X|63=7oXDRB-?
zBhWsktvlFgdq6WbUW<~-VUB7a)%4FM!iDEL@;>e(_jS69-u8Ts7@HBzB}7-?jtSmt
zqBA6@2I)Ld>=5#HoxMZmCs{&8BAM(Ug?I#s+#s0k>ng)LLQeytZQ-n4HFYJ2u-wKk
za9f|N%Q4l#f<Pk^f<StZfezF}_cJ`ctT~%k4ed^JzKlUCxW&Qp)n95<(7Tp~*Gs6u
zLS;r^q9YI74${yTA*&j!?fSWu29ObD^l=@<Q>sA}fMEC|qY5mMDw)g1Q%6MpQ;DRh
zJ^1$ioU*KKAw}+jAQ%S~z(L%LBqt;Rl&UqLCNF1c$T0j^34|ZW1!;Zb3b(9?2`Tnb
zi<2~Hp>D>gfHW(S9oz#eDk}StkjOZ~Qyi>ZjSL&709FIZ32QJk(}~I-A?64PUMIc)
z*yv~o51IW<25idUNw%m96}le<`|mt>cU*G2yi_s^n_Tf!{A2Z$<r8756!9x#Pmd-!
zk)L1p5I%15-Vb<{Ie`F!FL^N|*V2)wJ7Q9rcoN)c`KHR}j^@M_aMci=cEAcP*6U&{
zWu=S5Y?6M(LbiXbFzHfNCA$R4RtW24)dx;lBLb;~Kj-BD7Mv!6F-bQBTS(<izt6!M
z7=KW!el?kDVj-%gU5!MP&2?sQOx!iRdPp3mh@->I+tHuFLXO>flS10TRG8%3WO6Xm
zb_*nCp1Y*@G1K|agTc51pKhDX;9rZs?Eofd@vKZ{D&N+jdxJl=pWz&hA#4|pDFgkz
zXoiAUF>vqUtP$qlP+mvgZTfE^?+^Ch2tC;IEX+y=Po)zqHpW<2ihNZ=?zH=Wu`AaU
zA{~@Z><0+%A(mH9IAWRLIEmmkHPsiWU>VmMh5;P|AOB?I4}IFK)_vy{cs1L*fGdk7
ze3_1R&7cMkaru(U+Cm?+OXJvci)?qaPl?N{e9HP(IzL=Vs##c#Ndt`Z_~PK0w0WXS
zZRBtU<iepJ7X`NHXMmJyfH;a*1p5mk!a^TsPVL(xUURuz6)>@%5@kjE7UI>g`&kpm
zA0uT1RGH5%U)x!03-~*|^SZ@!Y*CX-IY3A$Y@1I%NStaFo~21lL3o25GW33%c#W2$
z1d)apsr?!WRj=06BwHElrxsJ$w^&xX6X1|b_}}aZ$qDW^90HX)%w;VBOG2-P>VH(x
z5AfJ>hdO_HL&<DS4_)tW?E}egM-hTbUZoByzlM6UT4Raizf?(mwH!iaNOJPt$T@&~
zpXmJ3Ko=q)D7qxW{M`RwLO0$NmHCwWf3=+}^8untUx>HNJ-Lwv^uhNv30{VBS;#&D
zzs4mod5Iru7P9LJv$uS0UotMFOE@&MF|Ic_y9@nVp0)2(m!ru~%8Mnvhfy4Hn2Z;=
z9?32qwM{Hs7y^f2r{3$l1^W;lPBvVm(vn^(rn4PzN@VtHUgAKCl}Hk5ve^xz=+#kC
zhd{J#wy*~KR#e#a;ZRVCg1ME`-bg}2Y5b~=x}W(~J73%?XuZ03r-o}3uHD*gnGuym
z(dgc9NrTfg;c1ELh25Xlu4Ua(7tvPwxhWfNb+1RTAo#(P2+k$iT<WRyT1pjbBv^Q?
z4>`7#xfDeoHPtuJ#zywip9O=^0*trQx!nH<DC6>$)nYz)-AF`;*Q7h(&Qk+FVu^T+
z!9o?S-vo5vki>=M9v~GYXAIY^daTuBdgF<2nQ1H1`v>tjkZu<N+X7CV&@@DZ>0cax
z?^-yYOc3#<Rd&1-d(XLB4ULqYNF=@bpav^V*mjuY&`lRxhI)-PT5k@_icu7T!r_Cf
zvqOklRdaLHEh$UQb)+F@JAnzNo0~m38f}x1D0nhykg-R29e9jge*y_wC1q#dj*3%C
zXR*V_PdXamyt}4_LD~p2WHkvS+fk#jOjsF~Zf|abo{2CQ=dHd?t#r{v@`UADh>^`A
zAk()2Zuuks=^=L`EMIu>xiq@q=ltv}h6G{_yTVj!`t(Mix9nTWSG^G-#~}xvu>l&r
zlxcdYIN9p<v`0^;NN>o0xKB-IJXC7^NiR1&osTD+Gs>!)U->mw4<FR-66ZrtYh`bs
z%Wt6po@6zSoZrQWl>{T|#2K=OEr_zyFM7ru>PJ}NryWf9iyC|8!Tn<Ok_UsSN-F|m
z4Ee?Xm8K!FBKxA$Rhxf2bGJbol}RowEeSIJNk}`8B>im+F419R3#;pghf|L?Sd{^T
z7)}9=ee9s!TK3G9Hn_Q#$whioFtNArz3muDqrY4324bZeAn^4j3zKQ@9a7{mij*nv
zw;*_NJmJ$qA@(Ptw7qjvTKY{J4(sW)Ac6lUa+e)LQSDdmKIY&s9CB4OnhPTyRtB3;
zfV05JhQuaY+0U_E5BPNu0{%Pp=7OYuYs!mf`ndq+SwK9=Qe|*KRhwz{ZB0aM)YJKQ
zD7qy+p|jm7No40sH|#i^Cr-Dd&;<MLZ_)>OlcLms0?DM@p<I7E<cLbyjliM*qMS@0
z7xby|$%vi)(8(25BIX+LIZs1Ssbau|q@0Iy$lyjDbnfYT)^TzDmAi8&{j!yX`9%AQ
zid%b%vp(K7z?ROjEGkDvoGHqtOsN}DARTikIqkj^En^FwBz0LRXB37ALz&&I+i>v|
z4`ESulAzHN&}lK1wbBey7&BuMc$8Ti35qkzZZ)M18(a$uT{1iib%5Hp<iN|YGa(9g
zP03-;xys!Cc(A6PmN<!1)U*#OZ+XJGgS78>MdOM(wl*1Yxl$tdC}7(#WJMCjpL}=5
z8ItP+ZfskhovlG0Gd0{9P=q={{|>fvOjUQRBSRzk(!0>Hr_kbKW<_SXp%H)j5PRF^
z&MO%iOr#FD91PW^=56&2!{40#+ly6cd+$QppM&1ZHQ}Qv$E=HaI8xY>!$y0Ze0q(I
zBD<t6bVowc@pT8m!<QwZS4<;%Sd9ZcM+(|??JaD2R5#Tv&32(<CYZc^bTyLhM|03?
z{+U2q;Dm4nM`qc=-QKNDaja4<UO%kk+T(D};^~jHP8mA?tuc2PGJMHPdgBbGXo^%0
z01O9DB{#x%!P(<0uxv-(I(gj6BAfy&GmE`_4m93LyvROPtR87yL>#KmIKAPRQm(d^
z;9TlemzA`+#;riI1?~q=#x8DhkOOfCHmsNQGLBXZTiXS!{f{>F*q9sF^8q<fIpy-Q
zwGRZ+iGtjYDwUQ6tqb2In3^K1TWnsXw^o=$S6_sRP<i$`O*Z`9^TV?w>kI$xL}qHp
z0S2gdR~D|Gx5=4L7FZ$tpL)HURZ~MhU`#Eqw9`iSfQmdRhs>;~!4p-p10^UorT+Ic
zbM?D}*mUUmlgl4U<$~v9a*su98B>mZAzuPpSHCiG0U|b;lR@3UQ=h!F(HV88$wc&D
zG{fVSlF$P7dP8p)K0`kd-(HK7ZeAc?wmY?nKO`hSdlq!tv7!>8d^d&B@Wy4+=3L={
zMd!G&n21_``|z)w1^)M{kL*xf!RxPX%HRV|^-wQWahiG>ZrR#qyXRk({~cUY`4IsQ
za}U!^Ih3&W{(T%b-BJa@FnD?K*>`%AubBKPEMi4IvAnVaC%_L{XpgWxY>#M*i$QuK
zq*ZvuU?4k#nokC?xx$o5GVsYH30n7!zq5g4@&_kF_*dB`7j(z@5xFrs)t@O)g>cP;
z5cKZ!44-;u4b%!3%OnM19DFD)3Xa!MQ}`wi!}w7EF*3Z2wK)P#-($Iz88A`l32<Vz
z%tN=gR8QQE?Pu_(f$tVKL7*)cahCI>pzdIpP}<_48aW{neIA!xj^VF;4{nqhA&gZp
z?&0GOXkty`<%v|P;sYb*X-er$`}sg^28;%e+;3a1UFYb4G4AX1#J`{{IBoxG8Mqw+
z?N+<|n8%BC@F*DoIuZLUAld}yM+Yg<-UbAWHbUxCL{Ntynq&OOi&=&V=KtDYP;a4t
zzr~A>?wBx?sHjIgT%vyE)KEH%IpIHc{eveA%*Ewnml(Kh&iHeGpRrUrEQk;x0cUHL
z@cuz}e*4nFtIf}A&#s3uym|x%R{yeysHQ0pI@daNd1o@tA*p>^cWY9Ds$E4Xz{=2{
zBp3jABW@Y(9tQy#_pA-jTX{d)58}gx_ur}kkrfa$J(YH<36eo-F0^|Bnq0Q?0~Sry
ze`WsJlN21gtHT|b&>c9C`AfUXFOEp@qTQc{Cx+aDG3FD!lTbgAg#H?bAPU|zkih|S
zK+;2gCe{L~w$of|x69jcmYPwM`IC2-YLk@h%nCTeB&-vgFs!_I@PyUOs^8C1PK;lF
zt3_dUcu0GvqQM0<MR$>e{dd%FcQoUohS}bM(3s_K-+$V*m>|XgOG1q|crTUns>*6!
zvNg6pJ}euDX5QWFiGv#>Y{uR5`Zw$=Ia7}QxG?br^pvYb48{=WVXR40RFa?w<MP4W
zOs`f212AY%Efj^|#mMKfJQN#$*e&L>JywESgk_uEN#41wI})1(P_Jvm4jJPCGusT!
z=J2CL6+F0+uiTq)_5CcPw|5>qudTc+w6+bH8EWUY<q&zZ>A=~JtIl;RM8`wk6ztVg
z>T{26PH(-e+tpIU*2dKd%xbo*SCzhkvc9)$mk)vPh>h(Z%e4&q%QbD$)4s7>cHzbF
zz>>Bx!gc`5Jim_vni1F{Z$c*J^GQ`?Yx|?QJ+x}OP+jOwt!rdWoGu?G>wDZ=&TR~L
zkj+O~&9taC4_Pkf7V>9^lNz&#Y5%@XH8NzK#%ci=IGnXr-*ujD0O%YSSb0oUO3K06
zE+gas->?HB$`*$CbUN-rm({j%nth^e7n;8pBDzPr`zAQm%Bl6s%q1OjQ^tero>>)Z
z`X!l!lhN`v390p6Wc>HMH{&E_wozTl1q*hve*%5*l3dCYf_u`fWZ;1U$o^Wkw?6yg
z{Yx!PJh*vBT{&2_ScpNLE@|W;p>1_5vPKXFZ4P=a`UUbd;~2CI67T`62op;*82~0C
zCYlI5BxQ#4X(K~hH<A`TU9Ln3Z6tP=-Ljt7x#b4q%{t~ObQjgXsj!6B7r>=BtlFFu
z#)y>W2UEgw%>>E%otFM_<OBakgk>O1TBrv|LC3APJAa`B`eQumFsjwu8VaF4S55_%
z?_LHuqOc=8)8geaxr)Dju;!;X18UdIc$&tQ7#VNoDeZe8<>SxRpnRHmvztdoZOg=O
zCi#sWQa%PS0m${35}V#ZY4%rqqQGyEiRZUMQ2K5mU|jQyUa>cVZ#)gID<TM0Aa())
z>{J`D0b6B394o@H2!fe~9;5RSOZ^|z>r`(PV(*f<+GPrcwf*R5)RW8FcvZ5@ubuOs
z1A!Iz>D-$!98DFCEAV1DhmL?_f2$;syB2MQrR5r&>IWQ2WUla+vZ@LsNED9S09vm^
zmU`_(8!sb2Q97X1sP${UahN~aa#*jbSw5mWmIc~Wj~C*P%F=7gRWGv7&nJ=V1j7t;
zeOT3sI<{0OO)ApduYV~g5-iw3aFB~NJ9UVdM=dO&o41u1PhU(A%!~Y`87;PF{`$a{
z=$w{!;^j^?<)%&lv0%_D@2Hz@Dj^1qTBny8q8sUDT%5svYafR5mwwQ%2A1shLR;Bh
z6P&$;mwxs%CxYUqk~J=<nI$!tD5@N&2KI&r@9&T!q&VCLAD?!8x=JN?ibPkp5C!ux
z3vZ80i{Y6<3kR0AOs3Cm?~E9#{=m*JUBK!iZ7&k}s%CnHW&o7{$KLNBX<Xx_&N#7p
zFX4`>25SX<f#FY3hVZ*0;>|2fSQ8gX20W*D^4$PD{jLllhn!OOR7^`XO&KM9zO3$b
zEAL5hNh#PJws%k9U`9^LjD=b4n*7mf<?75Z<wWKiY}t$v4Xp^=PGQl7jPXzFXeQsu
zLHGiN7Ao`kkKPuV(}+(Um7JQ}9Pa^aE%Utu{FSg;x22~yLf;p^$VUO@u#rvCCatVv
zX@}x{Nn#wn<{zQ4tKUu+#RsmsUvb6@9@SKE!GOC?QDIE2iDL^;T(SnQ2y<*0)YbV?
zHE??-N(Jf20(@!A6V}u{jO1|T+z`B>Tz&WV5kdTWEq6Fi{Az8`SL`b89RRVKHwNIn
zllB`Xt7?Q>G;L7)ZBi{ipfu{8JM5kP2cb&PaX4GwGT3plhh5zCVUzRwb^Z5|dxZA}
zEE76+;?*&z!5zO;jWR0$++nR=Llfq6+^E6gozi36!U4IGR)*4}(D?gU#~AIl^w<R5
zWW4bys%PNQ!%`wEBe8Dy2KZHdD4oJo4(L~z2iQZKLHQc$XBJzeQ;n2W;@nvK%s_LP
zUBio-{vz%dwEmp5D>6l3swvIu9q}c+T@UOLw|3neHC!unQR{lJbuU+-7<C2(IM+i^
zVBK&s;17;XL#oYAS&s6P9S8%01hlxzf=&*Kr92V(f^c}(hzsBKkFHur^(Ym!2gfiO
z!OygPysp#gM*gZQrr8=ju^B*A(Q7V8JNwJB09Qh5(>XckX!#<xa2kTb!Xz;Vc@o_8
z?VeQl0dc+IL?ejaK2>_AG>Lvu!>OQ(fRX=G%Zq}Up=1=H1KW@1pzZg8-MVKrao}0_
zSl4{p%JLQfv*>xc@D9k{0FhCYqm-c!W$)q-k@gT7tx<GFIuWjoP}l6H5f5?A@z9Cu
ze?0=IjxInEKf(ACCLTxkQhIEGTh%JKto~U7d@PRjwoLT}5hxl3L08T_>LC<e=`5F?
zMqawVF>@a-L^sq2`I6B>?SF6E!SwjcLIHV3*nK{uwhgxG6|6AS5BF`)mq-)K3su%-
z*1=alf+AlW^+C6$qGG&g7erTBtESE=1P<eV&QB)*ETWs1yHOSaniSO21U^daktJer
z_NlLPnvU+!%R_Q2+l0-G9~fI-oQ@aCp_nL)0bQ$$kQ;%D7klHZ8IUiSrh7dCgfeX#
zIa4PzNPQ2yJa003c7oUbD%oQINLqGb#$YN6@=2(ypD6YkE}K`0w@qjxUL$EIXEEX!
zT0>I|z_p^(Jh${lmndclUwD|`27?dGlAO7JgZuc)pLWtx@_HYVk!Y!6ik{k}-cOq9
z3{lKupqf&qX6+O$<IMQ1D|WG9R&fgMG87!x1td54pk2earSW6N!^R1G6XxK<N%WgC
zq!rhGA#Y0Kg#RN-NH04Zj`={gk(c^3nS_g>juy_3G2_LZ`V0Bu2g_bqkIV#YtdsLT
zJOV`&zxl>xOIw;9{y@Ko&KAS$JhUEzOvX}Il0Ep?Ke{CVBKdxd*w?vOzR;@+ZRm@n
zX|ktlD!QR4o4?hwsY)x8g=*1zgwIiVcCgMUBjP=Ma*O|AGiMq^Jst!VLimVJF{TAf
zIksB|H9+)_ZbQ?|7+1}ix3|Ap{~!mLCn#j_$Ws4@9h8(ty=(RcX9m)IyGO=cY|ofj
zc;IqNOu0$6;v>b9LV|6vDa~R4@7PCXw<%l$&I6f;(?FYcE&7U^G2)}7Xh?|k;(H`)
zUfI@EH!Q;zp0rW$^Cbm1QR1Nk*mLuWft~V+J$Zu)EN|5q---^t1nS&d`dH<@Y<UfG
z3g4d{a6s&0x{&y@nl+ffvT)87KKi76A2<sV(Z8*qHLCDh(Tg};l;ZHIjR&zffz#{o
za)1kojs`dgA1H+T;Ty|egFO$(oU0d^(M}(O+&aQQp2Pq*K*+z%F+ygj9+$7#*@^6K
zku(k4B9hI&u8wg7NBKRF)U5VRX6^o|u^|c<SXm3AH{^=L^YnfR@3;H?Wbdag!TzVz
zLHr*|fBdwe4NH?ctWZLHS80#~d3I|in2d~k%XvGCG<c_fM;QjYq$#};x47uGs&SRP
zaSWFCk*qAp19$tfV&_q2{KwZ1aQb$>h3NB<6gu)d+!{}1AT39G8Hb#{_1AoASoQ(j
z^x4yTpIx67(F^F}yQ+Oc`(@DScNs_Rk}Em(0hTS661@tg`VvHnLG3`JxnVZ1@8LQK
zBmy?qI&h?x71Fi8`NN%n!zPX(y#%hPC%(SiDpH@Ewdta)Zfh>@W>ds^!hxwapmFiY
z2iz~Js{<ClGDFL&p59y7wGEcx;wPj*FJhEvzZo7VEdg&&S%<1nI9MNT(fjEj#v<z$
z(7QzkuV%VF-b~z!#`N|%5`M{-JIzd=hEG5M%?jBhAJ-nPZZ-{s1eX!deSDClipEt1
z{mmc&VV6`(YKzS+-ZbtIKuA7@jDS_702!|+;S@-$(QGZ<w%kOl304CaGw%dCsp8X)
zGb9GM`tVwjbdLLNMxsutVa<*2f%Ov%+U@E9=5y^(d!6lll~N?CSXn!v^G^IYqVFCU
z$|eJcsr&E>9Ryrq0f-CzK;yQ_5kOF-uEeu9N!a=C*LV`MXZry<e9l(%mp7dq%GoiV
zsmF`Xu|J3?mXuMA23Hrq;=YniCk)c|Mi3xL2=_FbW+cXXrXc*S5+f*;5tL0VS6i&(
z8zseRk@@!9(<l~FSXktx)nIar)1AL|k>;JieOq|^s65F1zhdELWPJtJkR>g96A@cr
zA=?G-noJri0o*e^6EIWWRHgA!DFoNL#4Q9eB6qsx^>YLTBtaNDMOM(UAulLG*MkCk
zt>-Lkk5hZxIry@jC8w6R@qjV8Jv-m3ZT%x>aghfSBOyG8?fiP~7alyd8m|EYxZu`S
z8Pr5*bV+2H<1^}UD-zd#f0FyCvF3E7>M8puDDCPUQa$KF*5u_S{?dq;eS0BPm?<4?
zc@3C-uhpl)6y=D(&;x{)v21!iIy5QNCeDS(u3jMch@=1+PR|%D7+J=Z_x|^Ne*v2)
z=xwWLG?E+SWrx9^*h(W@UE$GrKxAe1Uoc0)UeOPrT`xArQF8!kflTd?ohcDCzqJvM
zstdpu<-psDZ@AlcDbMacgsCw2P8H<Kt$L0YCV(?ngEw}d0fnxAsNZ?FO-5PCwBLIG
zQknaly?u?cxuW6F#aL@pZs2c8vEgd(VOw2|tAib|t=4K&#>P(i%Pn#2exfF-L1?j;
z5<}=9rV?VHhs$DHa@WcBd?eo!8{tw_GHbifPq5?%%`t?qts}@dz<Mo|%wjWKL#94t
z|D|X?x>Gax1d7!)nJP6m_uI1#+TiPRQ^o0%fOYnTq?m{SGRpiLnx1;Tf^Ft$!rT02
z9He`UJ9P(7KPvDkP<*9~U}w5ARG>Kse1q%+MvEF@R_KABx#Yi{9NMxDPepK7r0@Lq
zp(k6SJ8$Tg3L2V{mAv(7^vZ$?oGGMDseBe?oiR=3#AU`Oq3nbA=16y1=*VIbiNOSq
zz^Gy3W16vXH<VBJZHX}wuIc{R#jmf+y^wg=X{TW#h)DG<Aj@?C5vVUUMeh`IP8Qj|
zizzBU!jQvoC-Py8>^WFR+rSO3rTTcCfca@m^;)s&Qt>|PGJ)#QfOxMgp@`mj@A9HL
zoosaI-x7AA6?U!I7=d~*o6MIhAR?)n-vyH!zlm8@D2WA>v2dRN3H%wLkT$U2iP43q
zwwwLG0tMz_tW1Xt2g~%b_1Z)UnqUXOuPfpyJyTb9y*b%ReCXF)!T`sKOYuMc#th)8
zJ9fmiPUzo)CJ@gu@U`w=6S2|TYfW_zF7%&QiFvl_LHr+91a2%o_f8Zcw4HI;yfmUs
z)KNX-p-KD0s=D+ljr=vezb=jmD#p7m3z<xx5kQe+&;=caT&h#<xW@c@nGf?e@TSLa
z_+q2~D04HIX^XK8Bq&bpcctMdDWORW0ZQ75<6;qdK>Jf&L5XoO0C*3|WpbJ=0RWpt
zq>zdk?&xwFf~AqE7|nK*0p+nps>S7gOs*T^G@A#p8FDFf^qU37Xa_;Wxgsz8H?J)h
zg!GPFsdeUM*%0#uv)+Nr)aqBuMAQ)|J)WGnc#&My4+w;GIbONT?3&3rQD^&Pz1#|^
zj&K8e2Wjj*N(&BY^qXUbcg!S=Tgb+Y(3|oEn;Fi=xa0|YjKzO1*nPe8obS(ggj9>&
zq5lB{u)2gq_@f$iQ^cc=AM|Mv%@5fjQE}>a#arqli1~Km^$!cm01s%{=D8={9~E2*
zOBrn_Aq4q~GiHv&JbMziimt7S0Tj<t*d5YBxNk&xxx9ZWNVX~*beb~P`MwZahA7i5
zb1c??fk=*j!M;<vws=y`JLw7gwq&}IDRU6%30;(A5u;Dc8i4c^nPWbvs&_{KiMMT?
zqEGnvBO|>43CLV0tE!IZEDeXf&}IqARtyYiEEDFxyNz0_ZY;T0dJuHrQpGi9@Rtzg
z+txp|TOUlL!V5^QKPI$3YU_P)HxY!@uBa#gV$S=;u`Tw8=6sv#ZRQi~tw%i4eX-YS
zh3Fg2HRb9kU(C>rF44g+CZZSlSOe0JS0aB1_&IE;M4PN@4{S2kaNNiahWvR)XSb4+
zRZN?;wOz}PK?@9K+U1+??1z0lyd?hb%9;$(vMBT5ZRIKAUU|whx8a%k75dGLHT#m~
zB1T-tU?i4~qdp%JTDIA65?QDH`JxH@_73KNZsOI<@>#s)#M|`17?5^u6a#@#*3Bsw
zig|WT!^Fv}MU&=CcRLom?OW-5eBe>*R&NZ?n`ALgom3aCK<eVy*%pH>_X_rGl9U7$
zDsrsr*t-QXR54}&4RjQr8iOO#y8N5<CpCkW<%r?2BQngwuW6IMN2X;i#@_=@vib9h
zSVd5bkL$O?|BBeZe5r%C=ckyd&hczho5EJ_SAnzasD;Nm2{aTBG($`t9OP|zO+g6N
z1JWr$F1F{)qwuPvCdZ|x2XikF5gOE-i6Q7JVft8`La~Vp1p*azfNkr_n;r^8l2G<e
z%XSk-T8KI;YqlGOr|`mzhUGyH{Zq!y4)_x6K+PU+f_+Jc;l32b2*U<GZR_c@B%E5U
zJrPe*ha=IYUMaJTp+=ssbegmAqRZOq5Z@eQ<A*mw8rM>cld^au;OJcF!_;M)kqkr(
z$i-E0228QQ?N6law(m4mcUm*iUjx1gd$;8pjuDVD9qa69Qs44JXa}8o)qsSHMF(Yx
zhpl(B?9I*J;1ZrG<sGir1Fc}523^Y$6k@Ig(x^IiFZZf@=OLOYN=u+D2Iy?>PcMT@
z)ax}{wSSw)>6kK|{h>haHh=D2(*PkP_r-4li%*IV{YBQA$vSb6Ydr~sx4g{=L(!hg
zSOmAP*`LZDATWygd;&E97D>NiAr0N$7$WK#{r~Yu<w@OFu@<#v;_|@+E@p%12;jZj
zAcjrCb%Evh>R>&8?Lla|R8`gw!7(25`@uZ0y4_rn<YzG24@^+AYGUb$p?X~>CVJE<
z`+bWhW)!6=q(A3xOUsgA-p7sEr#%UnydX#5P)9940(t&7Gc=g2pySDh=4I5Yr-b<&
zjtcjrYneaKvLLL*#NH82m&3FEg!yVNo8Zgk+h*@P_m)t9EpQgrH_}}R_a`3B>@-0|
z1k~p|3|5q@+VtaJEvW_XN-^^`@z%uj=3-5DM+LpKo+#>Guy}XfF*z&L@E`lx!QX%r
zZ1;p=Ffi7V-QKQR;lJGou36+psJU|f&Ai*uJje)8-#kMf|C`SpQ;$=H1^yy{1)08#
z+%%RR<aVDk`>Dfd1PPWW<~yUXzph;C7~Eas+x#`6e?y8`D1#Y&5D7(?9lQMGx;qIj
z)~|KwEANx81~l6|JsVmb7G?xiB*4}YL+R0GEv=JHVu9vyAUR-6ga>>Ae^mK~rNRL{
z2%n8`pArn@mZh>DN)jK@eRLDPftv*P{&&mqN-?V<cEvhJQkk_mEs?l-G9zvj@Occ|
zD%`-TbzK1QTw^IsvTt{@kp3cwFRu(XO`Vv8n4JJxCnAGP^ZjXUv0j<3r{+}ny?COn
z0q!@+DG68f_;I7^YbSn_no=yd9jG#^?Aov>TIYyD_syRf%*3C=VuhmMH?QL1z%DMo
z1OmBhbrtOA$~<5mFMr$uKPsl&a`TjxWSZxMm6ZEB!da%f${!fRzQuJKg+8)tapS?E
zy?m&mJiRbO<N;=nZFd2SqRjJHH-Hun+b=X$!+sl^0eTqLdupn`aA%WCM|1bSxB2D)
z<hbEms4bwKYigLbm%o0^ID?9MLtKN6Lr*>W91fkM0`0fJN@8MC9(O3wglD_C=|E~t
zLZ_jSEih9q{8l2CvcUeszi`;Tc&Iu^i}YkvLGh_-%+Q|TYM|Tfs+=F7c@%n099Vk5
zJIw`fKy!?At-AM*kPq?WXaRd{PHmYh4OSYWWC+aBQkH7!&pl(oVV+b;#!9-yR6=XB
z2UqyNP+Fx7qtQe_<RXCEU(^fukn*z6?>y0fAK2DsnFgfPnz*pkC;a38s3p)Eln4Zi
z6tL8h(J93I4}r8HmK1yc49Cn}BU~vX?FJ+&q=@JuIWZQByB5-G>0mbLG~tjK9-XCN
z`b=_rJojxoz#vdA7*)WM=)EQi<R~z-k50E!IuK8-<`fb%beyc%QZ_!-Bb+0#+y*A9
zP%1X_guVLYG$h9jSSX|@M@i8K#&I9Io2J>bU<>(#LPoj4j_BC8|5%;*ZVWNW#f?Rk
zK|7tmcjj89gN5UI9*Q(iCHP6sn|X*ZC!Ayu05zqMr;TUXG~)dO%~dh=l&pH0_zRE2
zWNU;^ls`VU#!8Bc6z&RsrMI4T5aGMcf1pwuuTeIw0qzyH21tWm7x~Nd;8V)q-e#^u
zO43KmIa3YnPJ{myNSs~N|93I}e|)DzcX6kfq@Mbgt}}3f%Mr%si)%LIrJ9r}Jz__C
zT)ME!>iugDusI7)FlQ&4NZ>3s6qr*3Oh`qCuJDFrjD!VQD%n#fBu5K}Z~7+rXI=8R
zYe@128X*kbp}05<)bpHNpXK)w0a~L@x;|1Pg~XV*vX$`D1bkE&Ia$J@tm7t&_(+fl
zZwy}|3=5y~7Mp2dnqggx^$*XH8?9hxp{jaKQ$Qz+2($yY{GEHZ|I~fl&N}i3!$hSS
z%{;jO-GYZwA7-b-NHV>zWpF1H!qR-=BCp_VE`t-Bkv1z#nPLXYU|y>uPhpUg@|PeK
z4EYtG8<`EympmHr(^+Pf17qk*ZQ%NlU-R2%k1+8jg15_iE38Fs<g0r;{o$Z}^(gy&
zz38tP8LZ=76#2P#Rwp1am1rkuzZs%=NhWnZ!LyK@U>om4m=G8L`TpnTDXx7vBrp^8
zO7saC04-&j$wt5%5!S+38QpclU5E%?pGFn<;XcVjo8x8FV0gkI5v;k7BXGN#F&w6P
ziE4Fl`(Jg$n>SUNTk!cKBoPGXaYVW$j1}N;U0vU+sQx(~CIg;xdP~2d^mPC3_<v(+
zK|m@*KT_jI%Y=oYn^0Hbq;3sb*Vzx1lKxE`=y8$65PBi)1FN;Vd3~U_F%1a93q#nJ
zGEw#k(qQj)H(_w0ZeydD4CSiN?OQ?iXnYMbJSv{sV<TIWZD)%!UP%Iv=_+qUY^jfi
zmjsa`WgOdCA!W<JB2%*3x~&)o`<gfYgZt1bzd%<03;Z!|J@Dqm@++xzLfNd{@uqn}
zrIj=S<qF;Cu8P-Y!vi`uIqHpdJ8zF2<+xX#Jd-ZMnp{GTZQTZJSC-LIi701)9ii0=
zuPq`7uYGlzv(l=KLJII$q}y1WV^0~K`22B510rYHz=q5e4kqJ|+dh}uq{U#l3oHkW
zvAGa`@gt)|OjT+moEbO+Omb&%7q~B<IWA)m`1MXZxxStWU^Mh0bqtENS7fpJ1WgLX
zE&E=FI>V`?pJsr67xKF#c@?9bbhQ68*20V5Xfxe`^&WPt!j~FtFfNyCB6wJ3G`*mQ
zpyd_v7$Y>}?i3>hNXP0mTT|sj2lhzT>94bjH6CpE&1!fSQ-qaS;R>aR2QwFLobur^
z#|0J;^(zrILak~PzV)6sIA&w@+KjdIGqr~VW0DQO&D>OSSFHtf#l(8XZ}D5yR5->?
zrmFhcNw41$iY`@#l@ziadY|;4CQP+z!i7V%dU~mqKqvB94_7bW8!tKNY9j;2lg9j^
z!Lr@(V>!14Rlz9##Y9f+0yq_+{3%A^@ytTxT?F_4DAm+$W?vV*{83^1)x$t{1ohv>
z+>zei5_LU`>MlL{Zlv~<sdcSD2P_LtF{X5|^8jALrzcf24|;3hF4m`zD%|pI3!|Rg
z#B_sjFeQLFb$F>;1n{mbhem5$8bZ`|Lw=xgIwik%upBS?DvKXv;JR+!4BCL3WzH-Z
zgZ3~55m?YvHOEWk4x+DvEY3vE<LeDA6zv@7S||S8$YGlxaWd!*t-^7mYtIbzkkuT<
zY+0MRql;EVgqI*Raq`utpg=k{n2}0APpZUCY~#|I;&Lvqqjun0?|X-@+ioY{=VBXA
zad}e`JPfk|l(46UD7)l0v+>hw=+bNV@yw{|5_`BM!DHuB<9H?fR2`uTKs`dJ2qoqn
z4)Jn8%k=JZ?;62!QdJOLgYMebh~7E0K_IMlF@ae>2o=#S(q@w;fSt_72C>5rYG62N
z=n-=t4w^vOtx^&aBvLaahAXdX>D}gvJlx%#cXPIyd<)Sp|G0_57v)8)L?Q7zw9skY
zR5|i&#J_;LBsI(2uFcf0QakxbYK-7Di^FOf#Xnhfo;}!cS#el`ZpT@**oe~h{xkY?
zuy{{%AvoxJ#I3%)L!Gx35n9Eh=&(pe3~a6w4<N4}WJN_TCg;$gjMId;-cy4f2G-YA
zdjEPLkZV}bq!Ja4Bzp^9%JyrFQfEoEmC7=c7~7!f@;qjo5A|R_f4phQmA-Ro>{m-*
zwyq3G#O4OSRxRpxvqW=8)c%gu=Y6d`i1cY>Ek)O1rDbf(?U;C2h|FV~-dQYwtPg8|
z)VXUo^HW^`{}Jk!%z|Y<5uN7O0Hm2{_aRW<cwj-0AA0?CGxw}iQIakqz>+6@<yvlZ
z!i#=auWY>{DDOdqHAMUV#q|l#sl=t%8h-VeXR264GW}B6G|CfZs_%16d!Us5X-R7V
zCi!EEJskLndiLshvzvYKGAD)$NmFRZUPDca;U_Qn+I8s3A`I>*g}xwgAdUB}5Q~dV
zXzVY*ORM5G(M9}ze$)gwk_}3HFmTWy5+>*84D9pr0>j{+)UtRB1eKeDda^?=)BHuo
z5EsmY{BM+Uxd$*pXRiskZVA$8F#zZ15MAS3rY(LUt&$7{1B8olfiNm{Ny0f;sR^?l
zklMTn#nB~*JcHk@1!dpRUqUn_ToGcO`__vSOlS`Q2VmN8InWM`DSxhi06I~i8>W^|
zG9KDNoGHx5WN0~ygi!0*U7Sn8JbIVSN;D6!7|ADEA8y9Z)?t*!LEXg8=eP%ESo=}U
zqVqU;o1?lR6+}kJ_4qm)-jqpZD$jZ6(p{X4TSKcGrS$&UJcgCy^C%C@qPUqMr_5~1
z1j1K|2~|f`4()v5hMJa>=`<y)*_p6a_6>;~X0d97Pz=AI8tODXVxcfX+3#O2d;Pr2
z+J;2yGGfLqadRY^Yw0$~o7tu8ey&ar4=jX0l~iGayfW{-)`;g-kRQ$Dp>EKn(cU4r
zF5I2N0P*z@yKFsz<^!lfVCt2FiAgTN>;>CkjM^ahiMfP@&tjoUM8AVj&Tsw7@tf_V
zHrv3Ep^MQNXYD3FR^xEot(&x5(Zp*W^YQ%++F8-^MBnX7&)Q$s{->WS0y&-I==TuA
z*a%1&3%?2Wq{cb+bc8^h8}B+LkWYDE#SF#?5@K)emDEffsf9lVe7JKhT92geQ^R?<
z85H>{ro>l-mUg7^FcN%PR&r6%$ha&HpH&#8QhJrL2QDW}k?oL1d716S>W;aC$IlF4
z2T^sIho;D?527LMOwOBV3H+m(Wx1FoD(!ukoJKV2?AD~mUjs`cUah<jJr8bV^e_)+
z9ZN&o@c-u*iRacdc?v9t=N?NHZUKI%Cx_7pN&!5e`EMN{iw^h6lKz*02A>t0#zEs_
zc`3}G4^j$Asi*m3PR$#!_RnT<hbs_YjSlQx6CE^=(g0qy_fZz{9(`LOuXi@ER>-zT
zoR1M{I}U>suZ`!nbY4Av)9iA7UKJtT`#N2bS%(snF*afScynMRE_dD?_ibl0zkShO
zlE#*>B=4{ZI-L5&YhP~NqtlA*u8(8FhRBW4ewcY}Ar*Bk;>}-?Bzz<CmIrHTTO)z&
zbCnz!ph_R+nZy1t(6#5eV89q2oZsh8SJPVna2)m8ltx9jv-rrX*l*HPZ&*eB6}}$E
zyn{#JmDn`$pMe#tzZB}3IGnW2r0tuz#m}}be_t7B>W!%*EMt$M65PS>4okOsrM<<R
za4Bcz4AfgT+8`RJ!#*(xosLz#Yh+)Z)aCCy$A<Y~f{4+7+Y~rdL{k~saY5H-H#Bl6
z9exp~xQk{Uj+jM&sUmLYq4UXS#NC257NT&aho>9|06P{;Th6%;f@~Y792ur1L=g<&
zJ~VO)Z$%y)e?|jAja`@kGJ^VGI*Nst8sEtEVD^z;A-`p|`IR`o9%+dQH?rF5F@#IF
z<{@2Fs|Yks6utg@(C4I4<?yU^C7+)z>=X^4bh+IhGxe9`bj;MOopfjy_W&?xN}_au
z4;%lI@Jza5+u8k9F)nN`&(xxkZ-{)>S5=LrX+(Z1EukRtLEPB=$G34Dr;Y~`8kQna
z$(C+h8ALS0K5@T-7Uu<RJBCyZ_?HGI>c|elU_5}Xs8D=Bf0A49aU+i;-9mHP-yQTM
z)L@`D_9}*xhJ;uN56WBDcpq28Q-#GMK7%O+jPF1X>vtI)HEGc*zP!$)<AZlr2u8f^
z=_Dk~1~>kb(m^w(DHHJuk!3{nHIi!k>Gh@X5noa}{gC4)ps@>G!Xu-u6$oH~*>g(@
zd?rFAgK%H5#_=2oOxcX(a^ug#CMD9{Y`EApZz7$vv;gL=<l+CU2qdwO+&(DkQEpN(
zL1LcC#r?}P8<6c1Bi7ND@?Nz$x<|R?DR*8v+1`$M`$oWuT|Jqzb&)iM2t&5Z#K(iD
z{5WjkCB@LL8LzBUP&7ae-Kg{*++cJ#THc14n*+j@D<gCHBvGjko7KLp2w^EWLPujV
zF`*bBvf81g3Y1-pzmoRTEbe1DMXE*%R0u0^SAU;UcjZ3s?`pzAQ8#*g#~arEc7Jnq
zL+XgDpD?*q^R)kwnu^`Tvv2+(V-KI@X%<^}VWm1DV!Dftm@c|cih_b=((muCaM`g&
zV_jc0empHo%UvD5pH)61F*NyxITROoqRQw7&)RZDj=shwRAU5FUsyE5_ksM@0v$UT
z2c&%D?Vn|9LsgbVuvrn3Xy)?GT=bjdV#rpsJu&<m;*}seJ%d>n>jdZG5Jlfb<RS~e
zuQbBGm)G-xN(Kps38EFRw!az??%@NMhYf<2kjh<sYgUrQ*UUw$GzScpr@z6=-Fn@>
z+EXc|^yL*@n@XK<a*!*(yAW6`bpkCnQvkeVXd2CKpeROqY@_;_Xo$Mc+Dixb2Gc!X
zH5FMmA%a49B6e508(kUM^238csG3HAC}FsxQ!t}bvqr~x9IC-SA*?R6+9nZ5D>{=)
zw{-F>^X>Mw64Xp{`XMAxT%^N{C@S&7&_>)_DTW7^vcxWM$yhZaK^~BL;{2-8_yH{2
z=r=ywIgVMXyvPa_B|-05+m=?;EbK9(+H{1JEU(yVC$8q{3mM5y!_z>+%cE=7D}=uX
zx)v${a@_TnjE&f&F8eTdgZ#?2|C&bAZi+j;^!rkaAve>n1!(XTyFm`E!bn_1$L)U`
zZ?=j45{9N4pvwpulI@L-yZ07sEWg4=D8=E3a_gXsqDa?(QkWw1du2T!+w4qzis0dO
zz6u=P8lL&?(OnJ$o%X)f|LXcxz1c;B&~4GuhDheOOWJkP3TQgeZQ#Wkqxru3cN3Y?
z*XBoTTJKlCUm5offgW@EiE)tYy?qIxZDjU;#~^L~wxTCYHDZZ#F&pynw4~|_mC%1m
z(h|QwjXc~uk#eYxC2585?)<N8KsmxRFGS6&AGS1Tf&e3>QUkoXqm5EB%Q47VMTs)#
z(SQ|UCqw}G^#E!^WSHUVvYshPSr6(qaX3#l4Cm46R?w{IE9nH8nQ7$ljsy}IDI3j9
z7A@I>t7c`Tk9rMqK~LSzSEuYT$XcCJyM|L9uo3;eyOSnCyAqTN>^Mvo71$ys6x>(q
ztDJF9tF5~+(^%-V!IuTc*6oF@j?#AOe~0b;AB8E@Zw~N?cmVewmZz_me)rj{8@?w%
zqgV@pdIf$wsTo%AiaU7Lfk>{9(v-6Tor^By%^(D%eo4EhpZ9p=8H^bX5j~bI?CZy0
znU@Rf>pdG)z8fhWRb{#;cL}=7QQ7jeMDKWY<PeB~Ou1@|k39^^wRMs>%ZHG+%5{iL
zLw_Z?KHXfPH}M~B<Wf^DnwD%<6YtT5OW=7w%tI;7$3o;6m@9Tg^X3}H+f@~rENlNl
z;2NE0ueTA3UXO4r<o+;d@F%*YRLn_d1D#X<LxEIY7kiW$;t$f`(m_mxI15iCXn2Qd
z-vJ?N<Xsj!FPd7J%&!313c0?$X`BJMzAWJx-&ympweU>q2@I&Vg8}Ph+N1#xZm}r7
zaQw2^ew-LnsTM%AAq&}L_@u|r+JfHY&1`2F$qI(0Hxmx2U3V7jp5-PaGLiMqAPbWk
z8<tGZwxXJm<#iGd!=8X^na0tsKk$(Rzhh=4*xOkk$1@&|Xh-HT%rgKKC{zhuQ3=od
zi^Y(5CCtpZC*Aeof0it?-m%PMVk5>iFwM-Wy3d=D5tfvKqUYp#o#s9dx^rljKx8c-
zVUJ_POk1>J>{`lPlT~5pZ^yNJV7ID|>14MHgwHc5-xy3FBPx!|k%CtSccuVX*P`3f
zARQse7H4Mlb_f&M#}5?)d1%n2V~lnO>)7WQ)6C#VhUq8Y#f_)_Ly3IOrC_C)`Hp>d
zWsowgn2fo7BKH=q-D^!gM&4ASwOEuT-KejcAznz*_4bexqwy3*xbI)bGe`YGZ$=+_
zIq*DdO(Wj|X{|)wZ03O=m8(H?I$hY{aP0u5p|&W3cXe^;Ms{QEErNJ<Yp<Iwdfqq7
zW=ZP;$0-nzPT)3XOOVhY(C@z5bLuo^{wo~1>F_Q9hJ#Ea1fBZ~myTnG|MiP$GX9Ji
zFNyg0Yu$Eu0Sj?Sd%qaEP<}K;?%^(Ou*Yi!u6kafv<<NgZR^LCjaF`mt-H~rPdJ3;
zykK(?B`Yshd1`J1Z*p6NY-FCDEf-{a3Ef>4|2End+@wMU9&Ws3jbQ)d$Hg)D(_$A1
zdo<ZM`#$}$YC*Zo_nXlCSq4cEc^n|h+zqbF1ype?*A{c33_WI)I@Ofo88g794T4PI
z5DE#6Er8BTy3v(Lf)h|wao~x$$;C9}oh=;s{{yOMPonyMs+JSLAT@Nl*^l3Xja0~`
z^G+jG3qLa0k|i~vNFLh^U6rj$U|&C&fm@6Y{&+$rhR*3H)n^oTC`=VoGLOU)<ZScB
z^1$N0T->*7Pj+7R!Cr4NK3P~~Z<MfAW2&8J9qG%s3K?Yu#L44`Z9)?fJkHFpWGaYH
z4<Gp@x($H1ZC`&3M_0RAD^q=jE~OCh4-ON5$wx4$&RyDoiW&L-<lCV!lS8}`u=~?H
zrZ3xj;=T@O@Brd>JX5&1Luc_Ng;KDis?@;aDg&W*5u;#T^(nP{($+$1l^hNY6eTMK
z^KktEEjryw#?nnPrxzqj%yK#!RPBswM9&>;yu5oG*}*c>tppaMrj@rfvq!*ZRzMXm
zEQf<J@C$Q;cUvJGnRC+29vn`qYCHW@M8FGiu#y_c{Cm2)8DH5lt}ggMNSM3U3ho6Q
zf_NVI#%S99Q)MbT3|Cy{eI<F{64pu)v;u2$J7^$0Dta@cXu5~>4H?BxyRfEW29~jb
zySlm<MP(@`jJ!07S>275;X>5x{mflvcz^6t42=1wXyIs$j0JU^Zyw!PShrl8;cv0#
zilTz5hZ@N*`TkjJ3NtZ=W?>skQw2bnKP)-sKUD!4qzx$p7^z}TA+GKhr8k%0fVJNZ
z2!6oi5aaOhw;hM3I6FDq<n^M8@aC3GN=+@Uv`5*C-SY4FLlEnsGf|VZ%0hmCzwInm
z3JkAA7;D@Hj8<h1ek})>>ssQ_AGpcZr4jlsM12nzq2csHM0eeUlg<}A+uWaGE1YC%
zH+#uP#MfH_?yyXhW4xg-$I9xrb%d$DzP{JVF+T27<iS>{1w72QZl`@)o)S)QhoP5z
zOM!B1M{<eVq@ON7c?dftydxZkt9$sG&0dy+CG?UrVSWHf^6R7cFQ2Oaqke6S9li5P
zO?(kkG(4wJkxws6KA5|v8=PshZhF9-a~%J3jEH##{?MoQ9hCk9QW+hu30T!Qu>{NY
zctlYJSM3^YXB@&gN14=eh4eBX;p}*SXE`U{y8OE@_9UzIW9@cRMk;y`xkPOhAn$6$
zkOG~UhF8L)O|t3zJV`MAh~l$=glGzyt&6R7#8iPY*tA}PQy^1C(_6_hPcIX8+b+5k
z%ZVP%l6VvF;KO?28aZPdZ0#Amp_18|4u9_C0*IHs*!zpLZAE=QUtYH!w6%uL(C!u{
z@1+Vph+3{+<{v^Vv~Px>ru8?{l^UZ*MNWAa;%D(I@pB&6;mCx@jab%YW@|39$_6Hz
zkyJ#J_uDJ;fUY8y(rzSFE++B1QPlHIHo~Ju3@p*MHwaw_SF%iihh{r}YjD23?;q^o
z5|F2-U~`|Ckoi~q)NbhlY$gd+BzkjWX0hU_7E5g(+hTX^^IR$Wwtx!4+x&zSa2Si4
zS9DQ{Dtsv{(mXo+tA647pBg-JR@3cfl$*MF54Cqc2D5gR8<2Oy^)mB$7*#V$d95?w
znmLfBzN8){>`2uvg8=0X_MS>cy-f0-C90ICi6n=e#Ui7}EgDd4xVdmxX#S}Wv%(kP
z;W)HDqYZk{mUl{Ai91aA`>28d?q<<h#3-I3B`*-+I+smRUP{=<B2ez_>j@3p28SW2
zK<xRJa65aJp$^--A8a?21|*@J?){s_RvJCBXcU}th-j-K+}M;(hwzN&6KlW4L$pyc
z?$I!wP7i@2W8UD!Ida@KCnp^Da@;;k!Kvp7@YCa|_Vh&a6u>V+{5f|tN!q>5!~6(}
z`ka8lb)#;g;f&0;)MJKiLS2iekfF8uH|l?yEFk()qsBiY3Xz}?9}mdIYY(Jiqjukd
za8LW;JRVF?-(#zB1EZxa$7OL!f<yDcZB$5Zp;ms`dS;?m(~Nh3t%sz*^O2}-M*bVF
z9Pb(FH)(n@YLw!MS|~VZWeoPUZ4tv;{VC8}P}s6M?&67vsl-mwH;<H4H*l1$EZ!?a
zl+>4%V>w7K#{v`Z{B%)0r<a+(0tYUcP<bPxE2i*g<>-I>Fs!v;?3d^_oDHdsd=(zX
zwT$H->Uai{Q?85q?zOqp6y5W_)&RoLdi#WWG|fNr^b8wH4-%k=s5Z}9z%+$%GD9BJ
zH~l}EL2aq_Rc70&nD!isVY&DzfC4fx7sFF*wrEtM@A;M3Mc~?9E2RzZe|;_PzDxgM
z!;3SZ!;VNVqcTVcpFhW)AJtLD|Mm7t81bNgm`u%=rH;g%{hS5l&1Oi>dOoe?y(>S6
z5QB-o&O-vQ;}UlKMe5#_vx9ovT@c{2eK=8K#)MzdmR4zE*2c+zDxutbJ;ZjrW|H+6
zd~(y-0e=6XZ{N|52rs`e`t5?h94K7%+H26IS2j@0)5PJCNxo{SdWUcs_z(bvQN01y
z{)Rd`0TNygd?`RNaJ1(jZv|1?b@HOswY5E&voV2ewaQE$(0S!tsp?;F{oyeahxBs?
zzTD*^c6Qg5qBR~2x+bTEMaio<EqO@7#0*1wkk*~_vnhaO!1(O1c%_a!!>f=ZI&2=n
zGGqUl4c9~(v(4+H=s22_WvoYr+TM*g-N<xZ+|^|GCgdddijZLvIv0%0tE)o`_~Z5V
zh})mRK`Q-85xr*L_^()FIxzD0y%aC|3yYlWqTH#CfA~?bX+Z5undKJGKbj+(A>SOs
zfy$8;T}Yq&xs``V9WpMBf6LL9J$&wu`RWjk>1hp7++1A{SoCKi<hG=Lh-+VXJHu%m
zA>w}um;2ab^!{Zft1Pc>Z9AEv_RuRIbbV(UzHIzKY36#?p_|-qNT|C_UQ*dCd&NL}
zGY<6l59Rf|%}3Nw=&l;lzpdhaZS1nHD*$dkR&L%4ZMnf*In3I;nB+*GMA?KfX_2PW
z$jWhU^ap?(FW8pakPFSAun&7`2%HnRIcKt$RVx~(^uwYAMujh??G)H8La)@7Sq?GS
zY%gPbYwiiv3~t&eC3&^3C%qT4R`b6j+*RN^i|qS)t9A&x1W|}sv-a%RG%)0Z-99Mj
z*y8x?3!#q^Il3O#anO3}CCQ3-yyjHV<KwC-7E_A!ZC!#$PXBvW$S=Z-^7#keJWj>}
zyE;JOri5)oVJF13jyZN5=!?B-%*Qu#!`B{f#>N>ygXMEa+VljQs%QFA94?#Rl72ES
zyuQZ+i(J8R;iTz_n-(=y*#yf=Dm%~shMFm#h))lupoaOVlJ|Rn!_H643m?0>r+P8b
zLMFyT(wr{S;zl~$_}HvjRzj=1YgxUPztRm|uGSX$M}Rifo1Z7EegxfImkG$DD*bj!
zU7s54*{!yGabJZGc90|ebl(J`Yjewt_zwvhM&i;d)c3WI`GHgSj@w6PQ-W<khK18g
z@4dOU5bHfQPTw>mdtQeyR5_uoR#XH#ny$Ujn6r~|X<!;aG)q>nU#GXXs4@S)&4r!?
zP&D2wPEcZ}y^$$4g*6>65jaQ#ipmYJ<?eho*>PPUDEdNa`1bve>z_=w9a5P?bV+jd
zJbqT_95CzXHCH8<nc|4xx!K)XX6c>{K5etnTryP6AdJgeL;>EzR#PJ34~mjwgKPF_
zt|z1IH@{*>!GQQO54S`9X>Th;N8ynVc0#`+i}SsEPdiaRa?U*Ze1^}!()}a$7QCX*
zy1K6ZUfax;pk2dcH5DDO#@kdJiOq|c{n!K53M8=zWqcKd$Y&v6jWO$QD5}g^e?sJc
z&YV~J2w;m}oc6*kkf)>4{DmJD35t`m$ch|hTJ-3Ue!M=s=?mWUEPS!C8G_#08?J{m
z(mc*9a)RF3VXcCL$bnLr)L};fjPJRW(&wc@%?d~_%A|zx+Pi7ppF#0hTz!(^SS4v+
zF4?|N;!WfKOA@74nqizR%v`5~kuTDg4zhL7GEQHepyR^z6M8{L0ChB$nMOV3pupJx
z#4yEkTh%)4dENZ>ncdyOIQk_-$QXkI0mKmZK|WcZYxycNOO3NR61RF4vr*dVZ7(&w
z!~{|9#JL=GVCsAhVuo4IhekJGExzoySqXA}tXwg1_SZ=q$WH6?1Qx2Gxwy79=T<#k
zxu*-Yt_Th?y-1tw!Etr<;Fpt9j7^cXnr2ZczRFs6W$G?GBYp5iQ^;UIKn3xrm!fY4
zc9TV=7!gbh8y3W$Xa~!^&4bVj49?^nUi)G-OIbl1pk7I0742yayzm_=<8at&t7-dP
zKsRa_qiR4p7XoIiO7=;u&oUx#PA&=+FTuC)(*v;<F1AA*H%;M$Svv#-9aE5);V#2|
zhGAKtRX|@%F;zW)cvXkcL3-7<nfTgcK@MuuCAioNM&_9G(@$?dUzoG)cJJ0$wpDSQ
zY8G!e2fabJ&aoSND-~x5;Fer;faAWMvx5J6>iHJm>!Y(#(lU$A@(~l&B;tuZ8tN4I
z$^l=h>HG#D<UV*W8x?k(?yx|G6Xe647mp6vH+wL3K^Iv#HGss@Lpn7#krNCcqw;@Z
zyJKD5tuo&d3yxv3da|M0E~&rZ%CsuBOZdCgHlpD{mAL9Uz^j)YH;%U?m6$2dvOh96
zZ)cz(^Hp^#6=rK|2P-ME6pgc4G{cD{>erPz)Pb{@(oOZ$hGXJh7T;QdEY**c2?h9x
zqwW}zstpn#ce7SLB19`7UJnPCrh;9qd<|KJ5K^ic+2&Z#n>bY|pSN&sjz*xjQzm^x
zVq?Onlw^Js=L!ws+J8_-f@pLrtaxT3PnRlP&}yi1mQxgU2E3yd!X1&OT0SwC`K03%
z(-!*5VBLUm?iaS~FEV8NTeVB-%p|>DneOM&Ty=*c^@q0Zb>Q1D{25K;!kt{UudSaR
ztf+g3!u-#*e<08@DT3bR0sk)(hX$}U3UaYP0Y$hPbv60T8SAnx&6iC&v{iD;dxyn%
zNZ8nB=@r@v!8h!UPs6GeXISY^iz?16!p6!317E`v@|5B(ne!$6Bdmjy96AuG68i11
zLFzM7LoClsN6l2!;;X0;O9NVGI@4BBj$WT<%~-{F9~UzT5MDhL6(y9r0UTa`@Vo7O
zXwltbQv-3)uR5S(-?ejn1z4|bM1H~J=EMKa7|EIyZ-Q8@PTEqG<(YAdmsNpX=izn~
z+fFcoAB$PuQf{MgvavI?CtZfHrx4ig<)hV0TURkL)@*vYR$p_`>U~n@t-rRUEa)qA
z<fS39L_(uxvB}$CiSG0j+!>3sC12-H3rXW$4r!X#%I`u@e+TVpFB0+SpckAL42M$G
zBnGc8N7S*vdq72KUtj|J2L8AVXQiqZ!LWROoLVb)`Hqwk_KBDh39ERvBp^h#l3BsS
z$tfos`1~(>9_I%DCLzsmR;~0&o8#dtY><jEOF4mGp|pU1=l#Z{Mm}*#`@{>^Wk;gH
zFOGYKG0N2f<yEy#`ff0TF3cOsNiR}g*hEmz8AdJ7HXQ=^70{YDW|U2b2S%G&(up{~
z3P~LprRbSBSRxpR=nUekV9u76f=jK~VF`u<utOUoOrNZlV1bX9@AR)!{ePr-G3>A%
z;V#50+yti~lH9qx7*W6uWfIe;h6icr+e*X)!OB&Ju)kE7P8xU8zE;VSY-zQy(j9ey
zE2thyS1&$h6w${dZD{oWlM|D7CVUkx<@QbDw9#Y=Z@i>64LZSqm5s25AM>^!Ew|CG
z;5O8|NYzTQi3Eu53D?2${D>BDy}rw}HjEcoD%-Gc#-n}%?g=!fXMA$-D<dvMR9$n&
z!VUL!BYFd7!~rUmTnA7!g@hS$VRql7G34vlodL|7QQK40Sx@icNweK4?QD55S!||<
z{z8F3u8;`SRUhctVd;Pq+wjOP(iKb52r_p8NG4|9NyJr1@>!g?dI|s5Qe)bT!A90|
z3rhc?Db|pf6$9?LLzj1eU&~I^8l6@NaJF*9^$PIS7=7B0C_NT%2xmvK;?e-iGCn1d
z3s(=6#*a#cs6Fs~Nt2SDSg2FfZcprzuc8MxwNp(I(uH&IA&nrEmOG(>#-xO2k8Td3
z-QT-gs#{Ok@u{J#`s@5^w{!Gm6fJ5R-zn$FYKjuDJm(-tgXbq@H#+@q9bRgh#b7Pr
zV<fHE_wzPh{Q@E6R_~r@4OJcRh1A?-_PwtC@FAery~h%ha`xFmv(gI`-%7~STNu7e
zjy(I)u%4!WNar=}q3*oype88N&}lCGI8)VWZ`h<v>>{>j(wTs8prHv3S6lz$B_sSK
z+ZXQIH(9KOk_RenK~7`SNFF_+JoL*xDcoD?atVP&d9RQIs+4v|F6|mOmWn3k|1s-Q
zu%cQbcznVT!oFGOiD{8&5f3fXu26>qd0ms)FJ>pQ4UI+hQew28mK&kIPn02T5lyRD
z1GSmXi$J)VdD`b2Vh<4Gq|u@?W^W`;vO!{K65*UoZRecfmjP2RO0r;i($5?OjyTB1
zb^%YI=>Qc1AAzx0<yq0DC%LZgU@=T|AYQ@bZGxXLv2ue=a=~9gtl2w$BEss*2)|7b
zXBDiTM3p&md0hEb0&?NXE~#{=CExTZF__D=)W8GhM)zsz4+hkii?EYFls)JNZ<j7)
z%)(?pcP{&SDiz~qI7b!U*9a<_v$mg?7akSke*6BU&tM$e=`S|~+ZW<a$%VC>LS2!L
zi|}oG=4Tu_b^QtMKa_SCb3#&5J-L(Yc0X<v^@tEbp2%y2(&IB5=eEL*zdQjIMeXnA
z=<Vh?2i~3@6kpLoCFU~*Sp?lj)Tgm~#4$X|+G`INuJmV0lEt&L*j|9s+;^P-+SD7z
z1?D%5EH`_$C^)dfBDu3ik<MVWiqI9t>y*(}_i$?ga*3n}ZWBUJ%RJXNV8N<FTfX`~
zz`%Jtl!cqftz>1W-41=xEf7xd#uBhM%YZ(o4zLH22-CMyw^_hE<}PRlwcNr<ga0p0
z>eo84cN^%+mB_k6GgMs3q{s!=eH>8KW394-q?>@KQv$x{hAb*P=-;MFATz)@0M};z
z^|L}CKV!rF{S7ue=6v$9Fl{mdba!RL)+ia#5x06kDFDySH+dl!eyUJe^fKDt5Ee0X
zpIbSz|5W@?*K903C7ZE2I&4xoff^!VCu|ISYO7C9iCwiW$$hAwZO3B@w2QkE(6I?{
z>}NS@xa0mPAe}N67qKng32F#*e;B%H-*DQd{_#elE;bwSS<E|})MjENdGOQ3vt6d5
zoB5?ebtQK}D^vnSRMJSmJz}0nlE#~pGta&_l4ol=9J8Y9@CylQ6WE}i(!F#g2^azM
zZ=~duTcAR%Nm^trCuQqirO#(YxYJ<txR<zhnD>N(*WEwD>RiE)SN1-Q%R6Jb4Ni$X
zLz&Z>a&mnpJY-epe0B9Mqj_uA@2*0w(Q@32h<pb{v03-iH%!ncL-_oFoNR3jlMSn%
zSim+ii`+`{dH|k@M-}6%YD|4N>M*o$V7iplQ9fLA=7XKQ<N+*u^Z#ZS-1t_r6oCTA
zH%7f<k8;2!qD+vGNoHg2J7ukO_%tX3g&jBia;=-a$|1)m%%EU#a`5EE=;+M0-YX6K
z=R>6(*e=TT*U~UU$r!#{pKWAV(ifvNxqXdgGhr9He>)pRQi5s6Qi#K8@q11^#AN%&
zP}Fg{lnQoUKr@)tA>IsLGI>(Xk~`KjSOj0A<EzArQlyu^UZV5oa&+W;cC6rTdxp)V
zj;~Gulp0IBM<2h<e`f#GEO~VQ!9&>d#$tzLTBWMem~J0sN!fD9qRwUSSIb%zv-jhu
zMEOb3rq#B(9s)>)TWFE_pmdQfd1<2|gBA&+Q;Co0yaVr8eb64%56dCUL>Pr)T3IcB
zuIR7OiYZtTnPtxb<6$fu036L-Q|DiWdE7P)JWJOHelTUK6N>GcS-=Keb*6=UZZaqK
zzFUWyqcSDI1PdV%S!?_~_1J;uU3LUtmw!qB(mbPm=4g2Q0tsH+(WEv#O(h&Ov&_&8
z15C^20phcN`nO0cb{depea5|%H;09kQVJzaM=~()19cFAvo}B@FNkZ1OhMw;r^?2G
zuwptj$|_+FIr$yM4!~%4ltRypVQGGPfO?z5Q&!RpN)nU}gB)CFB$h7Rw7ORF)65j4
z`l5ICGc8*+c>Nz~-`{zH@G(R5GbIFH&xqT)+F$8ZH_L7tv@5gIgkc|f&<cF0)*?TE
zvy>}kdaUY?S^on&()FW9?dt;uXv?e_H3r_Ei<H<n^OyCn*bU3sE*JiPxV;$W{$9*N
z`I+5d^WWCteK2d)A2`$5QBU9%dttAcworiZ*p%pIL3Gy0AugBTf~(Iti8v>pZBj{D
zCu*RR*+KV4VfZA}P%mmdaj%1syBM#uK<6=<y(LnHd)_=j+uNM>D`otU;cviLX|YWV
z-1#o4_6wxrIiDR1RyTHuxQ(dnD7S!wn<um4MQjO-8{N?@S8%I_-0H8~UoO}<!erk{
zn_1r#P2<(?zS*>1E$an+1PGSFy|EFnTjpxVbDPqQ7{FY8IGe7=Y84=GqRVdcTw8RF
zXV!CzH^$U~6lPXpF~Payw{m@z3Q40IF|~ZS&-Ou8d9Bn-9z0{QG9)G1HGSEFk{v_H
za1U%2YqCdeU(TdI=vcVjg`}Wd!#*ZTcNn3U3GeXODY0k7B9M{p%Wdox(-<*dZelM=
zCz_Kj%rl(?ZGOvQ>07#EIp0n@_ENzgeAw!bS;!sP4SHXggqiw*^Xq+&uZ)W=F5VWn
z&1elmo`fTck!*5xH=Ti`BfwDeuZ@^bt@PtV*`a^0<UaA`NYMA_3@?#@q$@LfK^NZk
zb#(;ePv&L{y5-2ZX1@p+PrTiPs+D>hrfbcOFat%lBcJnT0so5wShjMW%-H|9P>}<u
z*bO!Y1<WF#x;?A)KIt@h!HYYq{a>GTqn26(0MB4dE1n->o0(`KwN43$HXHbjd%vw+
z%PN>p*QOlb0hdV3?95VtdDg(VPki#o|27yLNFWqFqL!?HIY=bTy`X^v#mh8?jB_89
z`Hz<Z%W2|dn~<K+1YO~0`&`el(MOVX1^iWUFSy5QqxD!i9W83z&ugU0oXv}&H0S#U
z4dab@d5Z+LMNXVrlP#OgS?F6p#PjqJLNWAsWYK?_zH3<n&SdD+cGJF_oHvKSCJiey
z^z=(U?$2UY)nmL!7UKEDuWT@4Vcf;(q?~YGK`xv}5pb&x*syvMGrY|Hi=J3%lL<RA
zGUi}zdIm77?U_QmK|j3C69D|Y$Hpm^Db<&38sM$PF12Qz>@%=s#1>qFISrpR%UM9;
zTPO%)x#-_B$g8txK8aX%g`2axd9!1ifX{B4W-&^Y)tkCXu)yfw<gxMP-80DFQ!5{0
zW3fh~sFScTM)qHVfwT@zd)~*p^^BMcz~w4HwtA17`Xn}CBCt7WUbVBe6v{>GE8b_T
z#XjU=AdNAbv=BWN3C5l*F5ykP#ySs=xUSI$QfMh)>dkKAt=#Wroy+5K$5Olc=R_Hd
zaPX>F6_Kc6A`)+q7=*TA8yvkc*rxy8MK6QL{;BaeUckpFMSCCWbw{b$Q)2g{2j&4s
zp6eM>Y=+ANnVDFce@jxZ>L1Ne5xY6XdkFo<rjkaG>Ev^_MrGp}`|)eFp%}0~2LPGh
zwfBbBcc?VgO4cwK-H|40I@*PjDAp?y1$ZFBhbkv$iT@ukJ2<(oxPm>c=xJOMA|=gB
z4XJmE%XPqFKJ{30$3+MUD&EPnlQ^EIsuAT7eYO01-47Z4gyn?*cnC0)R+d{qfl-23
z(1C}w%p#Y4H)V@bgfLZ-1#3~=(dWDPIDj-=)Bs@FdN+ock?Z@Lot&;Bzzo#-1f!*T
zzn0grcMiY@>!-m|bgd!iL3{%FBaE;Ak~%qR<%zYye<uey7{C@DLY9fWyXMHMV}KL~
zW#9BDjPMRI^27WnMg8!4)rWZ%1YJBtLY@%fWQo67DqN&HJ<!M!ATlS%J`GC37ki{G
z(HT<=|C&GnYkLM5_=ueGL9K>7qt1a=c=s3FU`U(W-$o>eLYVD6N7LE}y~w0P5|bmu
z*&gC}kq5CL{EFgPf$c<;rItdifISxGG{37ubY?y6a|V+a0S(~Nvs_#aJ&asHEePm)
z^ois=hPesDvv_4Y05gW?r_E*4V5i)-b&-y4I9m*R+0~a<<!vkIcLz{Vztk1<y91j+
zfm2DE#n&l_D1by$<b(i?A|<!#0G!!ucYYJ+kUQQ{*CAkEeH*@t09O_+z@7k2K(fCe
zvHHpW{f_zR-CVyPs@j5kYylQjRV+!Iy;>~cLEq9cHDnb+{I%yO84{ataE?+zN>RVU
zv&f$jZ44-(ro?ErgnH?8nT}{3$P1`J@xKU^`M{LiX^Dc>{X*+uf;PqHz~>>jKuJX)
ziqxA_yXOOBZA-a4f1mqk8r0;+O4hC3e^fQI1i>wiI8(=-JUmL*hi={=OiF2zH^rDd
zHNL$I!T&b`<1!+5U6<P31p@(Bo`kNrYNaSprT38SljuOZ91{H=w(uALH+Q9C>28^@
z^@=$1s)xC)rDV&SNz?(aBOUcPzQpB#WffQ021nZHL=~L;m~y*LCJE1Vl*9d?{#{>g
zz#w+lHoku*mcBuEv5a>*Xg&sv2Dix8G>>QqVmI>og`MHHz0XVcp=TCMK+T*UYa97Q
zyv>0@KWnwC6~~m^_ZeEx7G-s7G@0c3Ac3qlTx;RkBh7=NSx3}Q)E`@Wsk<vImT?L&
zKaHN>)7(LllliNaTN0Ty1+7Z-&KOtgB^Rr9D|`8P=*6R<WQZv9<IZu2cI&JB)!QzH
z1m?6+iX9vY>D)9RFH-(<Qegj^yi~rhQeuahQaC5fvv2G|Uhm<wQqO$@%#6Hyc>Fqo
zk0)?rqt&0H_Jz%0)T|GLJHCVNvwef~PHYd0gL%g%($PEN*FILxH!sJ?F(u)eBH_BW
zB;!`rA=J!<WeiTMxs;nh3q#FOuMG<w!y4WB#`$xTpOq|2s)Hui8@=;4Vo|Rh?Vq}f
za8~wtxv5Ua#c<HVHdK2e=fYv#lDoQsw&1V7vfyRGLXe(%TP!1|Q7!%)MVn1j-9gGJ
zQ~ZX~s7v|(tCg8?=mX7WjVg~>q5v}G3Gz>%6<)`ybV2D@f<Ba#*eX78%B=R{j2)ZK
zbUisQzVH&T7&e&HliG-MwO%AlJ{!nExSys%S<jKfZ8uUHqY`l&x8b98a=yhDv*uXH
zq3k!V>2;f+V%fD|%oEPePp1zs>QSd%$G=W84<%eKe@c&R{A$V6IK_H5Aj9@6Hz}Dm
zm^{c&z*?;Et-*7n&qPu6T$3inssde0LXor0;lIa-bs+LOSvss*!n=xlKRX(o?qitZ
zq9q4*oD2O}xLvyIsz-9PrQ~iAeBhxu?x!*RL3*v$G;z_xsbYiKzxn3S)l$@Nd}Mxo
zp=XqhUz4;x21efiXd9_*oHR<~5XrL{U#FyzPqt+*g+-yLmkGxRoJEaM(CuBFaG;r8
zD0XRW8L;;`5E-g$&+P}iM@qUd%F!AEn`#zlX9KeA4t6()bT-0UHKF6Sk%0Vjd;h1B
zN1aR;7n-UmGw}jk$_sk6FK(suE0+Kg|Ei?B>HFEov@>6V822L7XDc8F2gW@9y%S`+
z>2?m_z~8AEx{faU!C+X_P{V)oxX5^6%j*o}<Lum}L|2^F29t!#GUeCol$d@$7L4g<
zVL$6(OBvw%0$Djtsl)0em$wKIT*WC)p7e%3`kuOVpp?e)U$*Cd`hv`&0NiOwEtIs=
zI6P_OH3Lq^b3IW@cx`*W(nXj+T<utnx8+@Xw>X3j9T2nWxWS^H;dB|Q{rrl(!F4S=
zZ_K<ORncw4i10bvVB4*U?x9TSMPjo%R+4sKVn$JIr8*5p?anJ6N&66V)$F~Lg|ePa
z@hwBg!f?wJ_c=4ntyM|`PrQEOQi;Q)YO8dEJQ}c0J<^{H*bJ&-`Y{wdg&=rlko(Qb
zF55^62OhvPxM>4v75(Q9QW326CC2J%iI|MmW*Yz<d3faSMnh^^?ee_5ocQ>P`X`1S
zwq}6ra*_ZcW^sh|ve_Y8-{)S?jG62JwL|Gx!Z1V*o~(@dtW0n-)|!HM$?R^?cJFZo
zcFj4?pkv-|(%T~l(9}sVcqT6ZKx7KAQ?ZGvxL5wInWx(zrzP%aZ&|{nW7}jTuyV9w
zHZqpdl41)U5BS|rJU`}Q6M)u76!oO>utxm(L4o`ont8|ai+A4&t5pneOCXqm#I`hU
zOwn=0GMWME7L5T5Ik4i+8M>&l`;K{Yy~%_gDhoS_jEsi6Xo1cJ)uJ7Fa(MG%K_Elh
z*5_v4JGsJ5qw&Jvrxme_O@(S0R6Zln^=8G0q_M-;+}!{)xj<?(;q%LA+)D`&c(pM>
z3dZG%3l%pV^%1OMRA2v)(MS%HQ{!1Bw=3$`#=r6loe{DA+c#?k@)at-fXrK97Dpzm
z!BP!jNIu=C>8JapoH$0Q^rd;`=ewH4r;Y3b=kbO6YX>95S4O70=f2R7lr)|+NN8)^
z_1>Q(g}-!3ln`RZPIFybMk0PX2Gkw~_cE$a*n>=jx_!WfR$d~l<r7g-1`w!i|8<dd
zaQdiQ;LrWPR*Z1+2>BTzxI#X*Wm`1O#gC@3L7$x2^JxeRIOr_#9z*r&==-2#c~41e
z>5*kCuCwTB*WFVS$F?w&9hozWQ;c?<O`qJonQdyaW(>L@+JZy;F@~K{r1nR)L~Z&U
zF<)KQE-=g4{I~<s%Y)&P(>nFuo8|NImmlXp*EKm(tWkjYNs8fM&x0+Lbx$}hRlI=g
zk+?n%lGdpFw$k2>?_y)?G{sf=R&h0qx!&km1Yv6&?&NRT?AzUA!j}s|-k({m&iIdI
z(9<6_+epaT7oXBiJ*yn_kmxxV8RIvM5n{;x(+28y7ol&CaOJt@`Kc+KU&E`aI+i1;
zXI5eS*I$sRbeIUhe~c#KUOb@Ipo_yD21M)s$&);X9k(cL%*we|3jBWY|BbMbPyqxV
zPmj?d(L(d&9I<<4<jYwQI?v|SYDC_Nq)^b5lxsgN4C2hv7Iq_aC(4(q3F?pqqo-_3
zG2IU*oc;p<l%<WJjD8;kMQ*eI=P49v$s~Jvv?sD)YbDPj0vwCW>K^zb_%CtI$=vrE
zQGHhgI0C8rP+_`8{E*<Z4P*HD?LVz<ZN)ozYbF8{8N4rjRylNPq&3e7mSroEhdL)P
zsib|#Ay8^SKkqdQYVsu8MR0gRAh-IMI^mY49ws&Sj*q|wl2Z=0L=mjZd5+Cm>=NH|
z9F|JTnm%DYL_{4tcWuA9Dve#Y>ZlTbah*8`UER8x%pl%HuEX3yCIwO=M6iB0;8rH#
zko6A;Z6xDt#Brr(*1I38WC9m?Sf9-Vtu+MD{jm@EI&@#f_adgob<fI8Dup|y&It#W
zt(D3)78MF!n_Nu;paL}c)v!<+{eM!i0nZS<SfW4<&wZxGsl(SH*nn`3EJEMNQ~~1~
zi+#uxd?Te><}G9jlO>h30L1nCKx>X#<`({NDeKL0a~oCA3%;8~9wP0AoK&H}OzYW>
zNab-_mMz7)f#DvBBfT`|WdJCjqAdH>iF@gM0h$q@)j0vVl*dqBfi=cm0akUh>9_@T
zdx&69D<#usLx#hB3{2~iW5!NE`G>gGKO~+AB7kcC*V#e^GaIEQ=yLjh8$Lj99%)WB
zRtZ-TO#2`?WX+-d<(}n@U+Gp~=EOezE@L^FtlK`r`@Y2*tLriIeE}&NsoS_=oA3>{
zkvY`jwI$ruuoAgNT1*UE>OQOi7={SZdLl|>^bqaflUYY>{Gt{bVbcA2@_+T*gQ6}0
z5!VaI5?U$>c`huC40ZIK)4ZpLB8EH;;0dmpUFWOf2B|Ow16=ZuI-);}5>$T?>=brO
zjacbVr#P}FTK;?PzbaLwZtHmPDC`=Pf|RnL{k92j52ErR-gX&lFc_cyR1Ds9rciG7
z3rG01V;e}VIYifH4%W&%Sw@#p7nTMi4O#KWX~YlGkqb4$@eU6E95faa#&iv;dUqt9
zLM%Kk%@THQynOq2W?!VO@-q>N58XUBN<SE6`bL}hB#sRLpV3RQ^gyd0(e%ZuT&^V8
zFHiuU_Hep3LU*gLBwheEb8^{6R2?nYcr`1HC=HKz&DpI(_N~KRa^5M8j`yib2ZD-1
zlShFi_%%Sx?}=PIV?^}6m2sijSR!ho1)7jP2twIsv!LZ~8^e)Y;><Zmeq;YK5D#`x
zSG85j2B!fys3yb6SA~0NIylqH#c80Glin*FFdTG&Pt2Xnsy|AmM|%>>m;A5BnHPU-
zW{HVBFlo`bRR;qb<IySe0>-Tlg+IV)sf)i@?5bAlu=s4&;O*|_rny?IA|L_L){FAm
zkx($s2sK3%6(IQZei{L5(J~)Hl&jh0%A(N2@EwO?CKW&ZO=`S=8MA@dE#Ds}zuESW
zDj&`+i#khy<Bdneyk>M2D$5UXb2AIfCCteLUnJ;XtUIUwkP{MV-Ktv>r(qMz<FqI}
z$cmclGwto|GadMJRBf((y(0FWEqeXqwt|YK;y@lhS+ACken?SJxPTfC_z)Zxk()1k
z1LOX6w+umhldzgsAV0X&uwk?kPKDsW1uXo?Q`b4aZ|Z6e@14VWxxY|ceQW9}W4}3W
zrJ8Z~UNvWnfk}Teib6lf>|ix1g{I~n;Yum$#1n-5bkdGveujOLp5GF%4DCv1yDu-I
zIO$b#V*;2@*TAt-0su0-jTU8vXyWao^WJ`Mlj2oa4X^Ji-iCVwz-%Hy>}0(I&LDRl
zt5ok?51@FVRsw1826-|A8v-fC|M`cUyd6<t8XN+^?&6&M<nCiZ1NxEH|B`3ZzXBZ6
z00&6c=7)vOZA}#bFgUi8tRl~N!F99X{<lB-qD_HcCYAN5*Bo)JFeFe*r9%#=Xf4l)
zX6&MqUR`K}Lk>Bc0GezBmr?cN(1=lgIh_+-u=ErZJ7c1Z<XShcR*U1O`~zF(f0X^P
z2NF-~1kp-L%OWq=f$<|Rt8+BFi_U6)ODjHYsQ?ec=DXwta!|nn*Mn%CY2fMiEuA|p
zhOQ-UU=K2hYV!2MN-{v7jr%D=!}>>%J|vr#exe9nyq`=){TQ-IP#h!c8Mtdyet9&W
zT(=V6wXYlwmrW61@$$kTNNEpX6f0;GJPJrAw;xY?s+$Z<qU;98k^ug*@*xVX(U|+w
zbmvFHmi3MNIilipV!!{ivbr0CTg(SKAn*=S{hKDCc4J-${NE+N%6SgT98WfbvOm=3
zwfJs(-Exu4h>Npt54_LWMceH;N=oH#ds)R`N4S>re=knULb*!@TJyR{g3SHo>0#gK
zWu57M<ZAHte5|#i&?R}Xb<vJfXOcoc_xJ~Et`r;7>V*72Y<gBge@t;)K}3NK8S<)*
z=gWd5J+gxiNR6XM{wI;2OOs5ynK{{(iHn)fnI&AT@eIx=7H&+)St(38q~?1|N-nwF
zcb$R4>9{XV{LpFzE022j_>H&P{W@GQG)TfITYAZYk$^K|2#Pp6bW4TI9y?rWuK;1`
zCX$i3qK6vPCohDRh!YeTCT?j8T(B|Eni@k2&d`zmy%;qS*>%Y+K}t9|m0(w`l+J+G
z=@hGLMwKV?508D!)zlPRFQT?Mwpk%(>Dvua--Fg;U~yh$DpPweY(0AX=<+JK^9jZt
z{zAGWa3(|4M2&;uegD_(IZ?eX*fRV$&f61#{<|46d=_ZGsf`XBb1<OKUw6&$s((gA
zOV&nnD2-X)an+ij1~>Q;HZ7fANydeP{0*%~{N;UEU^#p6!na}W*;Zm>!%7YfOd=7D
z%bUNlSjuv%Z4gGxl7Gpy{RO=zU<!3dQuC^JU48LK-aH`Ioo(#sldru?1oBUM50s|5
z^@J3DW)RD(;|_9h>ZEQPrtQ-JAM10#t8R!!bh%o~!rO+7Xep3hVFutxG@5T^ml`ij
z{daeNIj?M=f==9zjv1=bX3Z@%nu(={`|A{Er#x#d7!@TtFxbeq&I|&w%`vPJdE~Y=
zC5?2DXtoaZHeW8UonR+_+g^CS@fosr4Y<+?5!8qU?tTXhL5T~l@6WBetvAJqe(e#=
zKcPGpI2=3~N2$zafkF{>`pR+7HS7N9LvT8-=J)TmUM*f6AT1{zL+BrleJ)xGd*B{f
zuqRYnb!b(V(6?5$AEZpB6w}a7WCvw(vS<=LFY%FgJg5CXrGr8jOcoZLu}M8lf4RYn
z`t_D_a^E&oKSe<iMzZooXlCcZzr?#0J3LKJ?)U}wB1;u7)`0hn4VuhFpR|y-I=!*|
z*$_jsZlD}H4CrVPeO|5_gtj6HXg<R0?6O5=Hyx?m_FR@ec~UL`fH)!iJB$F=)t>_I
zK3z*RH?nbXq2nvsQB=4THCkb42S>-q(%?0(2;-+gD7G2m)AfEKF=a8E4SKmr&hg-R
zP|kirKqFCDwAbGjYbDK9D~kij$Vy@j;cf@M#w*EQl?MMUbBwn}#c0Q&I$+cJ=Qb=u
zujrbv*~T)oIurUM=SdmK4EgQzNiP&Q?J!%~lHo6uV}}rhjL38G1|tP^AlZC%tA3;-
zN@MIdz-h@MkCUHIhPFEr=?w^(6GKm44BKge+P+Vs#QOvk;$L)ygIdB?S5cibf3%ci
zF^5xu257{kr0<Fl#;E|!IqJ~#WU7C^oGP9SL>fw(rNdefSg(AI@x1up4GoT5McI50
zbkv}UHI<dJcX+vE;wCRvcR5I|rLOHdrJ`HR4)OomoctwxfrX=cyyfTeiImwmhxM8h
zjxj>}lD~^H6B7(PPlYl(<WAC^ZHB4%bhr~N3UoGARCZmhXR?)gBz~h{sgJm;!u@}I
z<6T{B$3OE=eTjzse8a2iWt)a5qq0EsT}Ubpn7-~0DPs)5T>v^HbK$LbMQ6DWt<#Om
zE60?|qXvp7^C*Icjv0<&3YG#ga<g(+YIjBF*Ippg^!gHDd2ej1Gc^d2_w;+pKOAj$
zC3PFx-?4-Fl&j1VxCORu9&WAce@Xs(S6*axa4$Cy@u%{?X!y_mt$80Jy_ArqR~w7<
zWG1K!>B+PrY=3E$M<fG&olhE{Ks-HFNrP|-MW+aJh{yRXyZJi+uSyNlDpb`j-YT%|
zA$~Y~y(X$3_(&rk4GHMr&1hr6*78$6=rEBYv%TSd&>jl02c`an5lOW`VA~Ro0R<{4
zZft9DND-TlpKy;Jnb`v3uCP!Zb%*4}^V~v!=ZG|o6#cmxUbc*e)eB^uFU1sLyh-}l
z0EA>FF|8?AYP6%{SUZPY(uWE^;Qt|zCEF6fC#>;u=Id=8EN#Z$Ni%<BOGuG(QBgTI
zu^dfX<tDO1Z{>~Yb5Wdw*zo$JcP4cnkIC0tjP}`l^0AiLaAhZ0d$bDxf(o(Sy0dpk
znKskl=v`~$t?bOWG0A12m~fzUBd+*}nP7S^(FrXaVU~d=fYlU8t3HZGspU(>l9u&w
zKhLZNhFgeL<rJGpa?{PdN`y+wFhawSp`|L8r-dX4d3tPs*v+g-mE7bnoH+d8*`CJU
z7lG1#KFvDAycmAwD`C`t|9J(D;)MbeKXtU63+v9U(Z*gdCDdTeJeo7@Kbiu$z7#x7
z;syyikKVNr=d+#H>c70y<Me8!>W62zgZRqDddoq5T9=05TCQA@w(~p|Q(2ETqnC5I
z?Ui~(-p?bwn+V`Ne=!6dAZZ|_sX=Yy0Zf@+z4@jUm~^jAN-g6zCAOsizu?9mY{8OB
zMrIIyHc}|;&$UrML?y)$DW0EE6_tdbpZ<VMkUXJ474?I=NuBKVbo}WvfOtL#akGt)
z#l7ylc}~NK-2PcmcfpldhA@Qawd?z241D{2fM?j}?{ol#qu?1~w<|9{A{kHzGInN1
zMq2(U0nZ6jmO<@VJz}0DXyp}rrrX+sw1Ab7@QeB%BY9JxGPAOeGlQk4_VLo5Og%#E
zhhQiU?D5nYP3Dg76c@0)77onW!3=Px$>dL~aLLXCe`JVnGrNpdDIm6_mm6l7&mz41
zly8Y%d8;tj)^KP-BIvX;-7Ofydn*83Y_Si*#xIM7-WKnQzr7HBadE}1SF{v;+ZE7B
zm!dsSRaU(=nPWsI1$VlX8oYk_z7xd=OADs5Tshfs=Z-5tToOou#-KG7O@O|3*(0Ps
z((~-g05>MpOq%&UV)%}?drH=)(++gSKo}m5Yz@SxAl3k5fA7Dbz9s4?VQr$3B5LYv
zwcc`?I*0&L@XJNY5J(UPO?loR2Lpw=hO$QBZlR<%e?-UhRuzNMcsVWd9x=~7W$xbb
zSww7OjcE+V+1Bk5%IgHGjod=Y5E~~SNnAnx7Fyq<LwHPnbmQ&xIE|KW%rpX2Pn@ci
zcNWGC3RU|5sPI&(Fe+tb)4fl7sXnXrU32w%%-5N>W1)>*MPOh2;S)G{>n3X>%Kr}Z
z_O<$sGb6Aa7Hepd;D2C~gS}IyzTR775gUjxeAVY(2dq0YzH({ug<@(iJ<dP(jhQn-
zlydYH)aA`x3TtDGp8-42<dfS_%-=kn$2|BBb!`J(H_SGVbQkLWfNoIHS|Di&tw>~o
zaoT+o`ELqC=w08X$E#;mPJ7NyNGDU3jOzbwXG|-2_$@jRv(?lGI2e@U1`yaMO*xfN
zTM=b0<~)fx7~SaDlCsqzt)jiOg!lFGTtwd?9(WXq_=|sBBze=7K;Hg3{AvyW3|SnW
zN%zEqw$d@SUinDqDs_y*yV%G@q5=V2;D#XUEV?<TBVu&x@Fkcg<YF3FXCnSf{p@}Z
z3TTNk|HAP*GrI(&MUwUSq)l}$co|7GThpKkjpbD3&=pM?mvV}-&G(1OEO;(=rg~@4
z{;y3EW4Z=y$5?*Y3SzqMTST&hdv8FL2{kSuG}F*H2K?zCDLG>gb1;rrw+o>`YGLDr
zQHh<ijG0Pw1um=11A5`=pzhcC`v}Y_C=AU$0E!ZF%nvpryfoiIRg032{#nALczg!@
zOy`feMpxLywg7@(6p1rQrW9z1Os8?J*_VWDLuIWAVVZW%g!=`kpysV-gMTbck`3y&
z^A((45tXEkD3964_f__Ae<+fZrCk^GN2i?FDwUFD%rC{#6^*M!TwJsfEmhUY((16l
z{U}VlNOb$}^!m+61aEsVu&H?K$6pMp12Y&caH7m>kSh*h-q7@8EB!CVRD|;Jo5a!f
zh;iW_`_hT;>oas$`a{Pz5^ZHV4roDkJCfe`1QSrnW~+`|)jC8LTs#=)*r3rnO|kqE
zAU<G}>u6LZ%$Ty0n6iMgDV7_T*Kjf)%}`+G=tqV0GW7t2RrfZ}_=}e)7Ag}M2p0vo
zh6S!4VShQqQtW*JEUpFr@_dpPpIbDS3;vdX^|}Qq+m0m{Aejt}pj0St0K;#+9%w^G
zi@kO|NwKFYwqrT~$H08@?h3NrkbJlsGLnJ(Zf-%#FtI|W@ZM`Kv53$!U-e5S%&`s(
zz=+DGV+X^yjH^&Sp?Ij7T**o5tOFcWF&DfjN`7B?BwG-Qqz!unU>4;|Q%g8JIBt%K
zJNHaqaZI&%9DMNYC7dP#U0X+er`#tR93+TyXRTdAt^_^EgqO03_+3Ktmd3u!;4jp!
zo!ls_Xf?WsM#8f*_Yjs5EzKeR)%O#I-SSW$ovaYIHs|%^3GW4z!3z1~l{<UIf@Szr
zx7s6^$snH8F)3R;T2p#AYqnqf6Fyor%h5o5UzYk>;MzgUzeN0stE}iZ`<ICQ$^6QO
zvAH`M%DH-pO)=)1eX9nz7Uh`{FnxFUQgw9_#>t3+^G9QX<uIS=WF$TC)Gylj{2^fX
z7gB?yvA$RIE+b>v*bhEMBbkO4T^c-O_cV|1ZU5RI2IDGEA=l53@+xY`J_U63LC=ow
zEps;p8`77eW1N|#Vi2Lg_Um$xnoIakzhZJij3b3)dtwMgukstRF4xr{qSg(F!%O*I
zX4X`0Cs85>zFeGQ#nz}r_`fLC!{ocO*Pe@DluzFGJoWqo<rDJ8i9P_e9J_wku5)=U
z#`-Jlo&AV=*9jWR^vZp<pbxr<dt9PdjsyXrwM;_kS0(vGv0lzz?;^KKV(O|?WPZ8D
z`;al;FPNm8EGY~Hs3RP>xL?n6-&TN0N58GbztJ7Tx}A>kWu~WnkWLi6THsoUu(kFq
zuO~v-*JXvkELgy+=c&QJguKIo&{JmpowNORTDE3g&LOKWuqf|;S3!I$H4%mAg`%=0
z%|iQvu93hKzX2AHGS;sAdTz!<faUIu%K}hQh&DFAo}#TOJ@c$}I!FN7sBu3($qN9s
zU47>0jfRf}TN{*EOo1yQUDjtHn>ux1dXeh+|BR6F0PvAE1<bbX8guoHp%2oS@Oh-G
z&O3wx4{ti$QodU&9I`wS<3l+n8qJd(C=EBP-l(lL1(ZAu>}m`MX`ZNP+D@Cbkk;@h
zWC3W?x)?IEEh^cL0<K_<&(*6Z6ngGw|1+ZDJS}FAtOxGNTArQ#O+x~;tuf~IuV}2g
z2NP&g$9<KPQ>P7!s#meS{$~~IYW_ytGxz#n;2Y?3Zf~$F1Bc?D%R4aCM{vS@2+v>2
zoo&07uhf{qdw6SfYP@`n72SnvfG1J1>n8yK{^anrh(cN<nhF3Atm$!~N-hq}7eNWY
zmvbKkz2A7SK-X8M-SIZ&Iz?xg*r5CntZ_#<(1!$^nF-uAtOhw-QyCYx@rfp-?$<h9
z($zYO@nr^NF_3n3w+I8vimd9}oApNujhRTJE8ZX@o!S%KYj{9uuBlDz^aeEWvWguW
z-;<oaZmTL1`2zn`u0vdvmI9>=2IP$mHu{|*uivOu!KBV64_o^dl?x#BRF83f*r1GW
zvXd0k5c?lZwx}s#D)gKl9vNSZL+_}PuFB5wCAojDeinZ3)!$C5a@C))x3JA;@r)y3
z#!zYX6`HwPE6<b4gBuVHRu@`DcUPUGfpH)>eu1>Pxn8E(^Y&BTP2Y%0{~AOJ`3TF~
zL(#iP9$3?X-E~-^(kyR)k!=O10%|`dkP80OQ73wG?1yirrmCGnC<#ytfs&&Y7O?W3
z_I66Dk)L=ql(i?lU_?A9%}$J1SYHI9zGN9dBsBy{>#75`OxxG}K0sDnIxVHbyLM4W
zy#OM%S#3vtk;Ua5K~l<b!jetl4MSfRMddybf_b}nWo)5OZi0E{XlIo8$)wmgFUg=*
z%9o3&1j<()Z#;ZYHzsY+@DDpQ{S0$+z0c{e&kA{APjVl3XA_D1fj*P;K&)TR1@W6T
zAb1;ERnE_)L>Kk`eC*L(0G|)rVbpgu3@Db1@mM?mUFH&KgqS)3qO=0$4>)cK1<GKq
z=SL-U>jEbnk6$>B#dG2Ph`a^lfc)rVo|g!7cd1{HX;IdGjl{#Yv<GWXN+hkA=to#L
z_Lc4x|7@`>2&YSnz9=x#3<gC3ciJ)z0)(}-!N9VrSLBulA%TGJF{>v!HnmVqZ;Fye
zlzGKUe~z1=e{(-9eMBgyb`8<F&1}}0s$yws`yi!qH(j2`dI#F6o2^`dgKWxAYOK$+
zdNI6yDxkQ)T)#mTv&MG<uZR>SV>c3dUNuBGF7xa^C(SuPp8c^{r|!X(YkqcqFM2B*
zdVeaR1=9Mrqg?4j%2DW=ek<0Q(<P}B&d*PXn%kIG&p?g$7!}8pCZ~hNrKrL}%;SV>
z2x0%}Kg=lT_Q;!po=Zd}wm~kw*Vw|6>7>%Nue_bIGinXX{s|N?$e-t@9?yX?d`NHn
z`@*}TqP^A>CBbTyo{q>4*H|diMpWW>0Auv@J>q)sIRcS7*{M?UImLGJ>U&(~IS`_c
zM6Bqh{FoS&JUtJeUultEY1mFo5&P#T9or*80wK)q?z!J_rmQy**o9VT)-r5?Bb-Y}
zRG&g}17@;-t5Z_YPnNjCO35IY#SLT;uh(M8P<p=ufK{g#LdKdHm3;+U|3@0zP%N1K
z3Q-CE_O|nD7zZdKg!rUj(LDLJxnxWm{*$EU><W=c%=kd1ssqiwqfTpJC*jwW8J`Kh
zZjNyma1H3bc7}gEEbc&<DQmm^gO$K_#EofStpxNA?4L6iKyV7KW*8d)yFm+Lb<;+1
zTfKm?*aDLmy?Bgo%&x>Gu+e=N2IsgMO@+bt(^b<x(QrDeFOa(tY^AeSy}xY0vtdS7
zgkHm6`=nlHB`*EeWhXdR0+&Wt<Vj}$Na0?w3mJHq;!d~Lg_RBQkq(TtPb>;vPrSwe
zk0b9vx!(H<Slbc}xZUTmZq<hJL8-gCMU&kBLOo!uY~4SeTWXXQgZ1sjx4hP7NFs(r
zn1{*{jJg^G1hz>nD2VELPy7&GWxX5yB9_)mwbbLIu3j&N(%Rr5{mG@Rx9{8Z9U;#R
za+efEq&0CNCUf`SSO(dJn-%#YYl4ui6ycuWktexyV4!Y7atK!TNsU>-aL?%XIcOq@
zv@1LzdBADzN7*28r{;xofkQ`En98V`&{c<{G5`drzQd>E;*{DMDlu{@^}kt?j%?=t
zweDFCz}#^j_}^blq5A$+hdOUlgF!dmJrQC|*BE@Cnsu(K;Cp&=Uv9jxyN>c`k|s1j
zM#ScsMOqOO+6hWWfRr}0jaM`4zeUt=XOep~^2rbI#oBve8S`^Gkjk}HCab`8;UFJD
z{}5Qh4CECvW?`Zg7^wzffU8{QwOx#Q3-d{tDhpld&47F9Tf~*Ep-S$4B8!!th=OSF
zd=djaGSU2oPLni9hZ=Ox9&HJ8pa%w`jim>$Z{}@dD84ChcjN3!vtf~721Qjtp-saN
z%fMW83T@a}P~|<+F?KK84@qkzrPNcNr&w;5Yg^!83DB%#IQyNFhaD;JYJFG2xMjU{
zi#JmOwo%e#47(rj&M+3X%zGo4t=&7DcA~bP$}qsKbCh4KOTbzd^qh-RCR9j`2!k$b
zC3$#n4(P5QJYH>blkw6^jE%fM!RJ)YXK$jk#7MEnJ8JG8gc5co8_X91mKIhpUv%eZ
z{{aM1+yo4s{%St3x>m?=L0ga3!=&fL{vte)9)8OZxv`PE@l81O=vj|t!Ywi+=-rzc
zjuUPz-k+PS$dtr$k>aXbEeYGptv?WpnOx=}!;;0xO*@fvCtPd52YH~Ufk@$(lRC@$
zgdFTd2?LlYMo-PrJeIG^1(x?ldS)A8iL!KL<`64h9L_$~DvOV8z3V6m>(l)&W(tFR
za-`!uC)0wd&7(zX{OH7cKjZoI;GZmm60LxE9}yLpk%}F38&TAyUnQ}+HT46c#Cpq^
zQYlmw4T}2~u-EkLCE%FoZI(jiOFlhE)C`6J<#bo^%O8L~S>8oxJDzLP;TMU1mrFZm
zpDA)iPC8}A5n>+^!L|`4^dAh`q2=+9fj@X5?-z`lpW5f5%NZT-Kn64BJimDCmxA3+
z!N#o=F=%#t8ey!gcMN4rCS#Jkzn|dro2nGepDNS~H<L|%AZ+l#=L&;AXI_noB~dxm
zN*KGoXn=4<uoJ4(QT5+<>3kI)k;=!VS9YUAw`+~wcb`x+j5gEMxY;^EEy)Qmp>T7h
zA{4loC?p4AaHgOhMoEKN9V^-wavi=7<0-S<h4PADQ<sNo8j^*y?OuO73hv#)YnBeP
z!()7~nU=Op?SPb{>8z7iFOP~qreuz~L~L?zOsXu!K@e)gsd94_zS{Y5ZFg7f%Tp80
zxZ>p<E^(#UwS@)Y!DP`lkFRZAHrPm9f&hhLO)O$R+3DovuYm{%P@}_(5DcmW@MJ-w
zZ5rp5bE%|_zQB9JK!J9|&1Os)e->1>ig?G9LJo_EfgzhOS$HjM!<$I0DQh3Ux%>zx
z`ZnsUZHS-1>|Ir>(c5sShnM{#`{CVm7npgcCO#fyQeUsb)Y1VayXY0UA@1Q~rtz<M
zuUlHAUBGf-x%;L?G|bMm^*tULY@Yk-p{?TJIksVcNz0I)f0rQ_p$SAKU-x^X+H;2M
zcpNQyWCkfh>BU*53?X4$#Uo_X``c=Te_OjJ{u*f=blNs!T0%#lCxs%UCw+EVTe|*(
z4-#Gn5z6LOgIBBeKOm$wBfUY|)}WeR>|i$r)Pin>sm5cp32RSw8jOm2)d68Bi^eM}
z221(gr@QKd0JvVhu#UGenRW18YgKw>@y&E02({O(-)FW!@-vp3@kxmB`7Y5kEs6wl
zx%V~718#&35^LEhtk#AWjfk$$aQZ!usKg!nC?@UP9=7a)`?pxj!r<&?zfWJyh^LDb
zB)l~t^;`-lT&6OOL3RzqXFCg$*McV_3(B9!rDh9?qwwHsQJ*_H25D*4obXbh2_K(i
zpuURe9*r3mq|8R@_hhd`vdj52#WOL3<yzWVpbix4T#EahrqDf`m<SzK2oXFOqVaNP
z$y>2c*(zcLvvpjnm^_iDUj~FoFv=MZ4siWu!x1!G5z&9q_h)HXUJwPoPI5bslO8R_
zrCB1VyEuCd3^-9k$PI&(Q%((T05*y~dqYx@X3Kc&rb6E0*CFas-E-RjZh~vWe^v(1
zsO&iohlD2hn#T;8TyOWGMH$#@s4B0-B=WWy^6@N#$+8f>{26)x9}>#|Sfik}cxwPB
zm3Ah{&@4VUz8ka>p)DgFbt^YH$q$a|)MFZFe3sx@YDjbi=IIp^Dj2+f!-^d_6dEI+
z2lN>lYl`S|N>A3j<3tJ)V2|orAPjT{V_Ly6hHmaTO<CC?BRwS)Yl4ySp&Y&;iTRI_
zwl(K!z9K^qfE_!KWTBPizdGKPQ#9O3ab(EVB>7bfQQs6GQCAXO%+q11!ZrTLnCJ)%
zt~4|;ye!v*iTW#^`roK6`m6<IKSZTBIOB;?UsOr-`*R(}GUeJos&@4UO51r<fXrXF
zd1{hM&1;#MEtZ`{LS-%bj~=)C>fkGz2I}r5x8G?W5S^=3H|7h;P5Gj!Y+um&RX{r;
zDa~kNNB8369nqx$wwKTG>egV*Np<C}v;rFi+gBvPnx*GC0@~TMYb}s|Czz$dD2#J?
z(S_+U?2-oMTn;pR36Hocf4<VK7>^aeqL}9S+KUjmf?cRwHu|1FC#tZba6WUQ3=H3-
zV66XdYIvh(f>*g!pHU<11iibiRLy_^!qf<)lA5iXNOa{Y5{4?#$kRvP9_jcK%Q?=-
zY&4Y7#bUPq2}$hruc#~e=!sdmfF_S7`pSB>vl+FZ$XfQyV=wHHy7*((uz2#TAJ`)w
z+cl^DCN&>;L%vg*6lR^50u&E~5Z+{?db<IZ*cJ#}8McL=N;sD^$=a2zG`0D4vmX?j
z(;6JPi7}UZ-Lnt~I`f&n=L$cO>n&uZg&1}JxASp5E8tWGlyLN$1E43j4t0%yi8vex
zlk>l~lFP=L+C^%6JgQa+rbvsdY>y906Pw3i4Cf=jl%%QF;pojn>i>sjvlzwxdI}i;
zHQr<&1B1E#wP)k@(>ipU4$$E4{Ax)U7DV2tC-}$aQ2DQ;DdayMT!!o)@>h?=JBOqb
z1?|re>V4N2kkE={=$5_;Ek;L&tzqYRpa#oD4a0z$izp3a^86wD`a`H9*~K8mV!}7R
z^1p@8l%-UF>zZ{cz4Yy(JjTub(xWLN;q2AqzM=%w5<1vxf&umy($fwC-&Cmf@pHIN
z)X2!*ovn%qQ>iQ*oI$>%lamQBL^JG>A<(+hH3WW6LlW&SyTbVv-Yrli7D+tAz5BM~
z;=;_7H@8X;v-JX3VYf*bl{@&b6rOLbI-;~hJgJ%8A&i4wu(~ivgXvs}kCQi*I0<3I
z;J8roI8V*hFD1j^KbFRW*cS&ilQxRrNSO%>upEbf7xI@+g*-QCWtea_Rs%b!&7G3&
zsK?)q+ymZ_g)(XE*w{F&z*|%jy>c0hJ7(G31c)$)Z7DBGvwA@w;xEw?oX}0x1-=o!
z=KRI(>%`l_!b>tkLaF~Kg2B4snWojX7uU44LI!{|b9RYIZNyUWfSWwnf7*j1gRvgC
z{=lf}>@CUmvs37dq<`xMKZ@l*5^xF%b$wE#StV>(7Tufv1)=<DbVIRfeMKZl@ntiW
z?fF@IAf=~~eQ(#OD~J;p`!qlwlC0xPsf)Z^IxhZfrkUf|KCSHN9hn0lkC||~+%<?J
zdQ>KyM<9{v$N8Sf6icKym+zLkhbYoP@&0n0v$I$3W&FKGIM`Ne73{^3<hyf%c#*ph
z5dZ0pYv<pkBV+Ul+#H<btaMNK_6YwYo(2zk(@zsY%#S-Bv>LTvyX;Qlif%22oKs)a
zB#>gP!&UZLGa#nwwlvx5ZYL+;ueXSIw<o74$D=c-l33BaawKRsU+5&Vr!w(@KPR0~
zy(=VLU9V(3Oyuh;UwT_{JI|<tjd3f><&#XFs_3SSTp@o_N<Cq<ixGh_h;GAL2=gmC
zK-eZQy=v#C`9FKcNjAzwUCr3IZv1JBQaFv=+&DA*H)20|r*F>$ET4V*?4Ew!=#VDz
zt$8<P>rZ+Nz&?dW3hk*9WeYO*qIANX{PULd(}$VPt{}6Iik}ldZZb$-R{GzNUphlp
zEXad@)yeD@8eDn1XWt&zD-BQL7zV^(Rr?deae8YjMZwdg>qD&_0i6UqgD*l%|NIq-
zF^cf}7<o<by%~rEhx`pj7aLQZ?fbVf?;$L45;kUP!xD|ATtOui@Y_9}KGje;GeEU`
zyY<)8))d{II92&rQ7I4{)O&v^W+%o-@S!WFX6h&C6Y%B%c)t=)NBM{mKO~kmHBJhf
zHcw`4n19uI+EyW7oJWXvY4u0RKLuIFF3w@<V8HIEGL4i_089a%J!%Eq@8m8t`W>&(
z8vA2DLY?HU$`uX<u@;PPvy@jh%Kg4|%K0wH8g70WuUJV!50N5<;=lavy;3AO*?u!&
zQcXQ19~q)Z)g`THLN0i`tDtOruw+tX3!MTUd`i}py?c0HumWC0g7x`o>TmcSSbMiw
z0bLCbemexP|0K#=sN<Peu86i`G#z<cr7>((MAPvVukc9X(`dZRFsmf}>4<v!g=D1U
zgV4~rw($2rTFg_Y?`G+R5ri=C8Nr2wFv&LUkz$mdOh0D{8Jh5}f^3pCr5g)J+S`=f
zrIA4R{oq~w%OhvEP0+z_Rfp<@U!<d}c&=DB=QJ=KOxNERa$l1mi}xb)hCa6A-^_f5
zT7rags^!nQ4inmLoWHpK_X&$etiE=sMn$c@h+cjZ3Sk9!Y5j%w@HJ3ut*|}hyxbbD
z)jT45Rhk3#(ad+ktR!1So7Xm5IM2<O%&0C~;n~0hr|u@xHKb9y4BF8S>tQ)2t~7Qg
z$IZRje2MDwH^yCqdrMhnmPZW@O6?3h<M5EOD8v<0FK(S;TU4HtiqEJ(w-Ki)JsRzQ
zm@9e#OH`R<0=yi*4dYniBXiSy-v);-;a*38z<O>8)DA||)i~gl$0`!cDwEAkz<TCO
zWGXnBXemmyya7v?;z~DY9J0H)AZ}PGn|y}9kGU-~)Q+veY;DR0Cv+yi3B@nrilfO9
zy7SNdzcplZ1pFH9>dQE9mZ(QIC0dnIccG>!f*sf!6O%H@5cC%2?-@lZas41@ofQ6Z
zKRLi70Dr+ZsWm8o8noTir?J6ZA<(qZsF;lIt~B7k!Q^KH1Em$Uby9F=RY{pf48tWa
zCOvJG$c|!K*S3Plb<#u%SE(J`R21kF>{IN(y@O4z^vDCa^?V%CdG7%n;QD=Monsu?
zjA>B{ES%NAgt$3zoRT+1N5YxW774~*T)hil=dw}FBGOj%3a5h>av8GIkOO)(pcjK*
zClce++N0+0?fn}`-oB440qYPMCZ6ITltIjD&@@iX4qbS;ISvc3npcnc>MCc2+;R`B
zY}0-9TCiNl*mt!6@h7)Z$B9_xEFgtiNkl{tfzl_{T-mB&Jb1aTic_ZyTsVNYAHRZf
zSSK2c@ygrU<0=vlNUxI-9lyhgbqHO<J0z@27}R+>_5tV{vuv*4GrU$T$=J!dFNrHf
zG~5*2B-q)7b0ks|Qhbcw#**0tv`FoFp2qcXi7wtN3isA8)8FZDk_rs{4}=hQY;SX&
z<9Ey<6Q^wov79Xv*|%oz>K&TTCK>p=?NcaWC4P3)Jeg64QVoc#X~S}8Z;z9X>GPS2
z?|E!+-AzTq3%vDF-iFJ-I$CuYuZM3biNN6xXt>G&A_W+FIVKur26jhC-9UrhkYal?
zkJ|N?R5t|CRK?5vS}ay(xqtW6Gd(0_&~7HB(>y-g#-_BGHYu1>(5n->{;yS@8h3`2
z%oA8w3?`N!jqAoVSQ?vh%}OIs0Rt)nPhx#C7$@kH52do0`*CS5#H6ua5;p-lHQOi^
z5gY-7DlpJ_uk>f;7I&@Al(bRaqSe1w;`y@}Kl}7d3!_-l7YwgnjoW`N2q{cpd`ZdZ
z%eIvf<L0F1IL%^v+|UVFkQ;=t)!xetUW|64w+O{GZDhbSY811%<vwym&q_MDQ%*p%
zCl5Kwg#+#q{t4g~Km(`-mb*=St+~}?g74^xPY)L*gJ9{-)^Ca@#ttDA>V@au{z_iO
zsoCYqbZ<C`DJ;i`>LzuDpxs4A42eDw9yq+R-lPOIy-<cK3ujUN1#GHiNB~dTEU=|s
z%f68_$6$MRAG_}KNOqYF9y>-Cjtt%{YE%-nmMqc{aw0JSWVgs--98}nD$4}?k=!U8
zJ-XuG$kYHJ<Bcvar|BrN2Gj^2@iL{>>+0+T^><ARopef6+x6Vt7VhLT^Qj5`k#<e+
zgn|FkqNy7wAT@QtKfY99^0i`Pex)df29!~3`w3f$c@4&@J`qiktn|2#K5pa$X$wpU
zVdkoxaXr@e9)Q=Z{CV-Ii1aVh4`k^~7K7Kq-`Zvl0zACe3L{62!$o;MpbG$HDhnbI
z`Z*16)Wv=qLS8VSkGis@MFZ`WfnG+3U6XG?_@W^TH>dS?6PczHKZbqOTLU+3@Z_O{
zYsB$XdizjBYl!>_=KY2F=~7-1u$aMng4TUs^$SZf{Re)>|32OcGdm-lcQ7y$c;UG^
z+WYzt*VVWo4tDG%uIV-m*WV)(p146n03IihsTiXg{=7D3h52_3gVz)2?LAJl!91ip
zA9YgNRkn&@De?J@-5GG|5`}*MwqPJ|ZhwLqUskk-zl7-$2*pwit?>&HEAIxoK6}KN
zmyJ*lgY}aFlg+WJdTnfKrjNvSmiWO`#CNlJH*MDk`5yfX`A)NKqc&sTK}JE8u#RP`
z?ESwF-G{rXE^4^wSEu7XtmJsNMQ#G0$`Y${<97l4KWf_n@)<xnp}7bi<4W@PnM4Jr
z>m{wafQSOmVP^;egx7yd`&MzZ)Ee0@0NNZ}2ag5dB^o{hTi;V<q(5NMYXhEUA!K!-
zH}W0V#d2=dM#R(EO1s3DR+94fXy!j*$Te+tt<G=m_5AXmW3?PrcHv{JrE{RNFZkh+
z&stp@7{Sr<5La9AUFkO1HoQ~tTMe#c%%}#-z<?9nVY6{8{POVn8#whu_)KT{onfzQ
z1?Q$oQve<s(b|;W@D_j=3*2d=c;pcg&bZ}efWjoj;)cC>DcJ6vFp|$AToV!ICw?{^
zC04wv7Mq3J6gR86ogAHn*f9ncOR2?mA{D|%3T^g-YxJT%)|+t%V#0-2{4>^ekRZ8W
z+MC?ijj{#s^`GazK?^VjH4#C(6aHI;wx(Ho{T!vQZQm2lj6f}ZK_XFgb6N61s4)aj
zOo7KW%CK!)pXAm;Uen*a=D#--G9}PT6Cp~1`$AhrO;cE|GeJI`F}IVE6?h}^@IT^h
zRJ`aJUQ~a(lCt{x=NKcye&0h7s7c;4>V>9%!@VzN+Y~JIS%{5a6lF&7$r;MvlR*%r
z=bNG2e?}bed=jbupC!-&nKVg44Y88&wou9mz#CY%meY88389b%HA=Jm0dgLZgjw+u
z|9<jd0}?!-$hs5%aV5s`>mu4)`%c}Lmr8=SwEZqPWmQUV>Nm94N7!q9y!S^IXZbGw
zwUBG5$%(MeDvyZE_i48C5t)3_7|>N^WJa<hHI$k~BHLH*Be5Ziu6ED5B-<}Bw@td9
z?%Ubg&oP&C#<#}x;=j*1M&Q@4C~ZXOlg)b=vT%*mciRnjdZ5y6t@!g+h#>2jjQC|`
zGTRkzlaWUwB4fyK+e(HYOjKW?f#MXjfF4_4YXX88gb2A|8U72PswAKS46R#i*Yt=g
zZ`_c@fdU|eJWR#j-eNaNExo^GCsg)2-}cDp3=?)`5`Qd^Qt80~>@22Id9jk4?sWIg
ze7jteYNY*5UjlG&s{my7CQ743uxpJC*7BG}#JDMJi?i0eMbF(pY3VtkvlGsfo<-;K
zDkFjzWfeNk5DiB?!wW8>eCBTSVGtA`c$-gNIv7no0u9>F94V;HLRHp6+C3yViW%qL
zVhQLCGfaDaQ0qnkHvpwR`6ml<oRHofXdG^(dKs~H#IQ2wV#8pe_OKe3lDZLiC~@5c
zl1}QjTji>DD@(=0KaLuj50JLdzh}2%Y1WsSzFc-6Q#nYd0j8H|MC@_~3Ju&jjY_-+
zBz9PqT;C2pUM3iICG>k2D@l<yAg{~Dh&dE_|Byd>B6S=ic=tMy4}+{6rwRfl=r7Ai
zX49r-<Vi&!=F>zl4H)@*D<5Y8Z@O$zdb?2+9Y~JCg5@aEAck@@R6U?7urBn{8sx6Y
z)w#y_^AkHr>x8raZL;12OeQt72ac%@=zY-nU;)uRXHEIWW5WMkXU$3QKy~|UE1H)K
z-LD-1u%|yoZkmJS56M)8Mrld&B_PHmr}Fx0Du%njnj_i-ENYy{|HH9l43q-PWZZF~
z5q-$=?TG!jPxZzH1qhNNP7W!we6@0+&f6s2PbC}8l!0HJT#nwskZL1QSEWv^Q&CsF
zfyH9<+02M7sLjQDX4|sQ@<GIE>73Pib?5Q4pOrpfI(X3C!T&}q;kys?hl{rE)&VDw
zJLKb&FOA0m5e%M)1Umg2**d(y;Sy9y7Rte3wNa$Hsdy!lXDE#=-QK<|DmLNma&X^<
zrx*XTZ<&-D8RFC6vC;oiL}4IxhujXq2I8g8>>edt_+y&R$a2pOz*@G;daG1fimuIW
zIng6{LXa`p!=A6)nd+QNGQ-<80fkWR3X-`#9NcWz>aV@TX<{^u75_cC%YSRE9dZ|E
zxwr`&Gl_!g*fpp;eT{M&P{}XyuxaMS+DL8L%ralpuFdVscm9%8hdt-xvOhoRecwZb
z_1y4>*?)u8gj`c`OY=lneimY$WjL!nPeY>;Q=r*N70~=;0kFvbhnM{a%0tR5`C(rH
zpqjUS<*5Cfdl6UifS=Lx`IhJyzyOo8Sj1R2&}Zl5GI0yEgO^yE)*aw5&B-v(j$@z!
z@sGNQ`l+Z4m49rraXIJk8qnB%E96*;&HvPlPq0Smv|*bj{N0hEACuy!Ap)?mH%bV+
zcX!&vy?l~{qectUWba$fq-`?X4uL(+1ldES{5qX5dFfGZEuoAd-E)+Pgz{a#bpkKc
z4jQ<)OVf_3pN*i`P|$&kzVKCm)d&GoE1Ycv?U~lYGR{=1X_|3Pc9~IDk&AniJvF~p
z^Gn?LY-SS|TH{${CdX61l(D%OKxM-}jTKfq;}?s0J(QWn@J$p(YQwQXBKTEfy>tL<
zNjlgXe2qwMCN01dRM_E~*Ae2>YrR>8`JBGvLonLJ--8TiI^(t+0C5!~C{$^B1jjjQ
z8$(e&$<HM#E{D2n%RK{#3u#5~`gh7!-C2Gj;3EhHVh5~0(Mc@SF#My%TGa#7V$2-5
zujS=;XyCR1=Ymd?*ZMYl3014_p|V{$BQ)g71rmFk&mV<#zROQ$<#R0R*<$La$pZLD
zx^D9crOyh#wtFBv%BBo^hAf}w4w@6YXs9{eo3i{3K5cu$R7B3l6mT@d&K)iH05``Y
zPwf{+CuTj4hg#G7s9tf^Jol%OaSqA@8o@%@6RBg`t{f?c#Pro{bjXYotp&mjX@_};
zPpalLs`)-;-bxw7;BSUpyJ_izIfG<!*P$L`_SY@^r)am~(pP0u_~y+4?2rO)Ge5(d
z9A63u?TG(p678&Q)6F58P@4O#!Y#G>_WPQI6y3vOCd?KE(Ac)Ej&0kvZFFqgwr$(#
z*tTu_v6K7V!Fqt2)S%AUwJUR&q0@Zwo7rK-OiVMa&=AuW+n|frRZe?WoAOo)6#K2U
z?a>AOM|jO<>>MoyKLQUuORGVcDg(3?XJ-VRM<8os2|(>QAV7sxV_0c`MY)`-#fF{t
zkWVA(SfdR+#VDW&*S-Cn8P}fQ{QD2$6*7(v6whXJC@;hNqq~&;BS>j)4j>zG5^Tf*
z@m}xLhF>N%k0cgYZmT9NC1^ox^y+&U5bI5&jpFn3v1|1+Zq=m(vJ4-VG5NUHTb@-r
zjTbk2n1^>iWo?<HVicU0i}5Ezf3<;rY*{9)&%wx4*++2=_d+IgfNc!9Qe*9K90Mh)
ze_Ak`Sg6Y=_h8+X`{+lqa5twN^$7|{{DQf?#r<N7{Sis{-EcwoR{p96i9&0&k944*
zDo`ni0wqZpSo{odYGHBtqMQ|ooPQ#R#QtoGq|IJQ-i?l=(WbPqk7z`iE*d|B!)g-x
zRiD;}+H9w?+UyCAP+q=174#o3*{3#E(i=TQ)+v@#Ie}ShD~1~GQd`vv42+t~@_<V^
zLzNyw9l5L*mf*(aMe#I&0hJ2l0gmHS!8`H5he46O17G%ldulDTHnWm$RXKV8hLg?A
z0(!`gJ5FUh;f9XhRq2$erxT)*HFyG{y_F;=vX8IxBqpTUGcH~R@2Up8bPzLX{T$>^
zuTB(_Sf5{X6H?rv@c(PS7bawve@P*GFWp$Qj|IW4MQ-ys$3^CTI<o?9T@L&md)U%d
z^oXV&hY=8BGxZ5#c3td&2r}SXDVPo89GUoM(67-ZQCZi$*~Z!h>_BfZ8_CP&kX&@3
zFp#CMF7-H3>i$e91j?Hu=%m?-@m-}H`TKanXu+VEcVNgKu@7&@Sznoik<v|n^yjOo
zLToYhK_i5NSPJam{+xfl3c3%Y<W{xww{=jB@S+}sdBo!GDrB!vvs+~%U4_eORldxB
zYPgx`1$eTX-kU~IHn7pq3w|xw*Xo^IFsy_igLgxdpy+0l%IbC)wn+n0<0sHnsV30C
zDIyzd6)dEpq*7HI@{K#s{rgUYC&&H928~kE6J{J+jG&ZB+8vQGD{uAGxlGd3f2A*W
z(rj@Lm%7@*Y`n~J;RV`0W;9?4<TK!e>3jx6x(?JET?DlE<Ftk3zi&t{#|lvtJ+2<O
z&ZUf3ec#3tN)nE!uk1C2RuZuQFvGh?Rd8zW{?-9=TaICO)HE-Uv#O_wI$^?Y9rB1f
zX=4<Lo5;jJtbu_Le|Is>f2q`+BA&6TZdb6aQg~3Gns!g+qjvE#4hpBr<yKwSP##Ap
z2HJ9fa@6CJE)cgpK;;K9=4O?NmrnF-Pd_@^OQZ?<cLt6#k0(|q$(7&w$ci)8;wnt*
z+q$l-ddVk3AS8X++te%Zs?XKX3>zIXeutl>g_DTYgHANwEE%Y?_452yk50NA&Evw=
zUCb660xyc*C*hFn$1LvHur>BhYo1sFAyWv~UiF=^M_!^dwI{9KmSp`0X<|?ON&X0D
zid82zi+GR`?NpWzIZy9xcA46*o{&#SI+FSPcKWT4k<+$d#Cs@1vLtPCsScB&z^i%a
z-prGZGBIsKbrXIeh$bAWlJ?gUgON>vR0KxJE4J_e`6+qYGjejWGWoFueoUEdaSNrA
z>X=4n8*AvQP6mN#)8SAhpo#E=xDOTL$)XDF?553Smg{YjXbT{H3yDERgiqSrO{{ES
zvH3ge8s#j_u0B9P)z#pATR5Icd{&rXq<V`}34S5J2vgdyVEa=tpG`iJ3>jk&#SR+h
z9?ja8ZJ`tVg0cy(v_JFCkI>mp_L?w<$4jbzD9{^=k-S~&24wpg*X-%~7QXRnW{$+-
z)%=@$uU9Mcp8U;pc<a@pPbuZzm%`l*Qt4UN>O-?4b9bA!9rHl^od27g4+_!e@R2N9
zSrs0(S?yFh1se2lJ!VcDf1P+s+PIg+PpXCY`~YJQCB58s>CqT{@1;$T{~EvaNuW%_
z@Zi?ev#oWF)~p)}?9kY{|F3-F?Q*>oZ%aJp)!|`r`B&#h0NgwZ_>^l6i+qS?V!2%F
z+4o&cj`#%foyo!3$pEkEB1`iSvGKn_B8KK5x>+)5^7U)9r$6@L#XZ^<p}EJz;rF~v
zx28z-N?y|_Idt(*Cm<q1IC@0-Qj#2t&{8BbtXTF)C*qS7=Uck?-n1olX+N-}v4j*z
zVuwMdJf%JqBP(kum=j?L@08g^d}_6WzcFsf%Tgd;O>{qX&q8~<u+6ACS~<$A!L%c|
z9mYrO9Hgow(Z`0V)>;nm)6=x!Btfabm|-O8d-M<$U|ys}WfVun7$lZ<+TU+Ak+24p
zYb%f+KdLTN*VBgIjt-eN6q<sD=$Y$P-WN+5FIJ53-&ajNOK!dQDyIvC+?|}-Y_~`P
z|CC6dw<qbi(YcbvjrHM+BNZk{An>(}R2V+$V+T0ZDP}QpKBGu1Gt&<hxO=V_wuw`Q
z9!ttM3@sI;?&gaRWnMP3R4nq46qMudj>NSyP>h&etR<b>Zfrph=wjU^b|2dL14<og
zrO;rF1FS`=Q79JA;Or#TvPwgYmV9_q?hf7f2$BypeNqoYUbLUVus&tQn9~tdHA%{N
znU(qPxY~7-9rXU{kgZ{Z`Thszv_i9=dadIlNXA0MB+$jkRHVD?DI`5i>dxxtK5+JP
zr7>TA`fn%7fXgHDM%usdwS88o=~0z5@$GPIx)HgbXP~B6ZHqzef!Ptx(RKB_UOwvQ
zGA*&xzi=t);oLE~`LAeR@w)C2>b$MWAvjJ7TFKq}P?Ttfg1;{F$SiBgsV+5lAA$?z
z-0hh#o=Qn|p`_Xo^K_H!d~|D<4q7AGl>-?yM1oT0qUHI>psD{}%L0W;c%(UAdd-Vr
zO0wiF+ih=Vu8B2`Ffg#D^ue)2a;@!q1io&v%N(w14o@{LZnLt-vA+j0$p#A5yq%PB
zVa6l@W#f6w`qbpm>xOaOiN48WOlIs}PTPnQN&A?y?~|Qzm2<xc=1k{HubFe@F{6HT
zefR4gL?CIvmbq`yP2Tc~ai2->leAR#pSE6oAwe{o)h$cvMtL7E;s$FCCC%q4t&6&K
zkCV)$HjT~(<OaQ6q!=CUnlF0gO=Bb7O`MCq<Gcb>O_4%=2$41?UEiy-+0<J%3koDu
zKFIt{u!(SY?n|o<0{Mu<*ed@4#=wX1{&g+fUfrwN&v$7xRoWa=tAuX8tJqta6*MJa
z_1XYc+Tp{=Ag%M-xhwsF`>3x9GIiL{1mdJV>ukG32U@FmWwiTSDHG!rp%t{z2NdQt
z<=Vc)7IcGV`<_prUnC*Z3Y}uQWSG=850#=S6$5|d2nJueyNo4NrZnTCq{j5lOItQS
zOp~+!<d&z!DDY(KmEVRnG+}>+wD?hfg)_-;MAI5Vp=8lA@-~WYq-O{hHr<sPe(Uc1
z0`dFBfPt3UUHYeky^%bB><VssF2tpdra@5<AuB^pBQ_!E*ete)em?6SkJ;mV*;e{?
zN;gu3mG_r05^>1M;{73*BrT)8h}x!0%Z*}Bt9LV(w1Dd0pNF#}275`KHf_$f)7(V2
z4?;;3*?rud?u6j_dyM6nMeYN{Y#L59EfGSV`QQXQhJeu3{-WKq$rkdJ7W%1clnvW5
zOZ)dVKNb!D`;bK1EJblhZKe!&4}!9_ZJWMbq37(b5m4SSF2+vu(RXKV+)(uOm`aTj
z3qGEFsR2S;UTj|m?$bDZbZ9kJ{S$Zjc_NG|?dRTyTRIZD)`r`7zr*U-vIyUxRPFVX
z8BW?Y2H}APN~ND{yDbM!n0e4ws1$jFPiCW0pG+!`yN4L+74K>YGR$&CkuaspUGUZ*
zfBAOMND1q%HIsYJczRHIP~0v><7rYN9pj6*!q77p)~mBR^i2LLS$^}u(J&EsktF>v
zv{uxbrDZmBlXlKXuHopt_vA&*Upjhy@rDQz7*V5a?EIAj%@&<q^It%hZAVUo$`x~e
zc{Xyfeql)@h=id$C5zDuLY!k2@#oU}%4yiF*$H^jGO<;G0X!akzQ4okzg@I`Up4V?
zH;EI2RkIIGbAdAmWa^a--`69s7I$@|p+D$DOG!DBeT|182(DJBWH8FAb|=F;``l&3
zj0C5T_zB$=Iv_NFh=<9O?gFpyw20c`sY^5`@u9<EjJkP`<KY8YNyFhk2a5r`>Up@m
zr9B5d(s9@3%~%M(o`hNO>U(Lt&HjS7HwN!*;>31m^KbbA?KT+R5Nv2#_91^q>^jTa
zhr6=Bv&8yBhlx(j(T*)yLrObnZgJ3S9DiVG-la`Z0R;uW^w1K2rK^M70EL@u304eA
z8J|0sP<o}`azO@4T=5#|GzJrRCCqiIeD8NaR&7<VIu#rncoHG>Z+X6TTgAbE8{W{~
zaPva~b3qv4UA{Lw=Z(xy2wn^~=5Mn(MVj#WdXr1leJETI&+@QjDcyLnHji0}9~_q6
z<+E{wGpL5n(9P!6wfJ&AWyu|ueXe=J`hmuqDkQ<s+f*1ZI+hsBu@&Az;dRS2)qo6I
z1wTb_*PL5L$J7BZ)J$3<0i~9ZunnW?ac1PtuH3w67)^GhL(mqQ5qF6p&!PwB$$){y
zz9V(!RNrpeVMJgw8v*@IQm})P2MzgTCsCOV6ExQn?Z`xj!o-!J0uwHXtg+k8W9Mfl
zWuGJb#EuW?2IOobKOes?m$@JG<U-g3!puG-f$gFFUzgPpIec)J7mb0kbac@)+IcX{
z!_d;mU4pci3}K@TNAu*f?YfuJ1|Y351MmQ78cisc3n!*s6HW<CC240bn7reL^WF$1
z>)#-m;{B2p7|;Glu+R4@sE&~f;oL=icvh|rr&$xOdSUxw>c-*I56?-DN?{Any4G3a
zA$q?_p$H=?4>%XaoD#<W-s8A`C<AT|vs;K_E;;$Qq<K~faDqlQtKK^d&rZ`I!NXpx
zbrtr(2)ZE4U0FtBTfm1%qQ&r&VQTKcTN7G#1XZoC@-J5jYs(qN>l`8!idp4jAiT+T
z#&+!yG1rq+r`6s-fNM?hnohuv6Aoj5+K+?aMH6`x>DTva31IwkezYz<kxds5PCSCH
zflF^q!Osr}r_EB;<&fw>w$jqxdn~q~s*agGzl|sRTKtxDJ%j0rb48djY<L7O;FVur
z-fjFaW$Zc707;bK{#W1sCPInKEJr&?gGz$-;KZTA*F)a@bQxOm(dB+e;LRg5D`AXL
z&+N#hC^RdL@UYnVvFcO<X!HC$4`zQ!%2U@`6U7M}iZCd1s0RA<k|a{Ia<y10-0K#i
z6cu<F2Nr^o_^l@|3g1B3-|9gX2)-EC@g@iQR~?x<&La>!akDzM{$-7yalDtAwzX)L
zrmA?vgCTRnr&$(7P<Lh{C!)3wjkEHybU{es_}(|+55J;A5{~kwR?<7M>NteaF*vaX
zYU?cNViEUq^pI>|GoM^{f8yZk2_aY^(d)F9F83vszSGZpAM>D`=vt|Gke@ZNn)tkB
zgm10j*ifelk2$+rMJSaA#s^P3%rX~|ehmFs%PxFQ_HWeZ&M153SV~vbk5VQtn;4oH
z>~Ime4FpD8tQSwQfX<uWA3!Q}U+WEBl?nYJz{jxeH4S3M$VqH`&-wcn^l~oqgOu(9
zk%s@`EOO!%-Suq5g|V;ydOuIbq&s4QhTPm_nTVEIc{QqToH#^z<GpN`SDU~SOIgTr
z{G+PhEMC2!wPie$=^_%Lzw@WCwYQELnEZy64P!M`sIW;mkxJsi1}v>uB(2F!G+_D8
zVZ}7*SCFc-!FyHbTLrs$3A>z}X2htn%-gJWY{DS2j?@5W1?~6a5Y6(=Qk~2dB<a?4
z%oDK-s+hIr6;eUw2Eqw!2+mWK;CzJ=sj47i_ZbvZpfM<mA0vK;FLpB?Jy7!;W`5a`
zqtHbbU-E_>u5fjXGmO~FJ&eM=gomo!kip~=C<i%c1%U>1c5t#+WLv8ul~>IZ-A)UE
zAFLZ2mR_xBX>%!s<!)2mwruo(0`Hu_!yvgp`2d(giN`?xN`8R%P>riH_dn3JmdB(1
zB`4{=r04SQKRh)-rwdQkO!GOyal&2Q3{$$M){b?-Ms<UkA>}N?sDi}AbGe8Dd6lUC
zk6VT#7EMcyu3>CbcZTBsln#e>>oUHp={Sb`=wk5FRwAxaqx&c-(t$4vP$z7CcJ*=t
z)HLRp0wt*^Q8z6}w{qs(D9O-U(=DumTLk27WZ=xv=Rkj=7eKIaX1pV|;<AyBw)?SI
zL>>#Qc;}3m2eo&)CdwgS_e@~$RmX;@>N-^7IznUD)-lmov{rjHc-VCUk)dFdP>p2a
zhdsY1U4)$wWrDFkeEIR(`#f!-M3lMv`qwT>QT*P{y=I9`G5PqHUtJALy()yo3mO;x
z`d;<f)FoqWsHf64lwY5RzxGdSusmD3G!^b=fSg9{Ctxc&vFX+vm3^d~;qNo`%c|<A
zZ&)2EXi{0ERJXZ!t^YP2S)3)q-!omZc?B<C^*J-nZwU$U_O8(~B9~BPVQl<}y`Sb~
z*bBslN&{!V7iLO4GNKb?dE=zW;Q#)!KAI~8ZBaEt?8KB%b(CZ`llcnKoJJbnKc($*
z9`v5r?1s@(ET8C<qg;NRdDIo6@Jg8-5q?rmE(gKjb;j3KP0%`eoXCBT0n3}P54i)|
zK)usZ49nU6M7sH2AHzkTOC13%OiIfj)HXH4uveCb4+(AQSz0ft>UMi2cY=BU;704w
z;oIgR?*GRsCz{8NL8<s8Vu`?@qXiPoq2~Ml-xvSx1{1t-s#Xfo_jj9D({N;-i#`UQ
zm&!UpZ`=QX4$-d3itG$%%Let(yb&jlYEeUGnwE4G1zY4{LR1B|ib>wOYccu}CYySq
zjXO%22zj^tC-;QfZaU7JKFDuDB10$RONsA#jUN4<B6L4k<|CQtCiuGq4v0{)jPJU<
zK6-47O)r=zU5^IuA%uM9Jh_VA)={Tx$Ls?7yFV#j``iwNK2mfV<w<a921R0_FdR^3
z3t@B!sL>i<kpx}7&m-?CnQ*8-HHwUno5~cUR-a;kysmNm@;#(m>d2+bArp=gLO20@
z``@<Rz0Zb_Kg*GExm*zlVOhM-gxy2JjrOud9edg)yKnV_ASc6vMshItrP{(j)Jj~2
z7Swdx{q}itg~@jZ-yyKsCG;LIPzpMgHsiVGRmp|aB3Igl4<_@iwL{N=J7mqlVmqyZ
zEP!+{DR8N4qJG{{B=(9<ol4nYreDAo%r?tky_U>TFAQ=1zGarDTC-{&evpkiz%IXK
zRU}vO#(L<|6f|&+5?HTBd-m2QXlW-<Hn_$Q4CN5St-&g<7xVP3yze!CxkIvSw*J7e
za;s01AdU#GPB5her`LI7Jn{7t@|gyp_coi}!nyI3{&i38Kl2iqe-UuU@DHD*iq=)q
zAJe~;9;9=vqpy7~)>oW7bbZpC)5YvgG{#D<7_28oQsAyCab6Tk*SV!en7;wyskwNN
z9`<C$NIk%YtX!Ob_!e$e(MB$9pAK>O?pmfFhF<3e{I8LdCLqBLoN|@LZ!KhIG!0O>
z(UB8HhbP6>KgdjO4MGq};$zsIIt`>R&;$qq+s}t%gj@o|D^{R|k^c*;HF3N;Nt?Gc
zZr?zm+;+$ij%F<(%j!|j>Ka<VAhHPrqy!|U9i<r!Og7-{{aW9JLan&JCo?OHhpxOF
zCdCU=^UH7tWR9ZxkPac&B2g3&w!LRd^smduB-O2%T5bn3fT#nO_K=clnQ;APqkThM
z^SD2b{?bvF;tC@yo`8Rfs7bv*y_^aj4GE$-O>LR{m*Hv{wc#LCjquHlHQF2Z*9gRa
zVu`)|9$t^1<Bt{%u}x1RB8do{1dr-l7Of6!Fu@u!97WP?SpYP{blc&P@m_#X@f*uY
zunop{;M4CG@4W~Ein&w%%MB}Cp7HpfaH24YSQ^3BhS{h|5SPJ&kyc|v%xjRu@C}<@
zcF~jOB?uE(xF*mUdiQg6m*lh+rZPxY3zHxM1j%u3OB2vrq5O<OB;sje#L1_N$Ga`T
zVti&BRd8%^lE-OcxT$BN{1me;wXoqsxFJ{*@{fC7;|M1?+KX#mmL0kG$fLJ}7K61%
zH7MUSzrfT3i!!bg<wX3<G*%<HP|P}69HpB7Zh=ygN>~EEsj*M}(Cl%q!w~azA<rz>
zE8lhhCen!;6twX1na*wveyfYj23`R(4I*^EDw@w54OshzgRUT}W38AR9l{rqwiJNj
z7(n?8EHEvyQclLLG=}brWe~s4eaEdk!FSjS5)=<JXdGYP3ED$ejFu!~W*OHjBVJdu
zFcJgd<UUwLfhu=ym6RhrNU*n!ZWk~UdiD=1sp?osr^oxt_NC~nZpjtEoN@Nl9aQ|H
z+Dp+lS845)Y@9&D9%ToOICL#7mb@{I@tPt!k}N4AUG|QFc-kWB<!3miD1l4$G}?bX
zBNL$wQ#xXFO`>h`yP!Yx-oTwds~q@oFGQsg8AIw}r-v)*b7@pC`v`XTe&TnrpzPNi
znJHdr9>P+Opu2`H?NrTgO78eOl?Ff;`{I2+hVxaxSmT)q5byJiWFY5J2{d~BS_<Y1
zqJ7&LuS2eh+vjjODqR<;YjEw3zzxdiC{5-8xxwyrqwEL;*?o=a<cSn77A2iZzsr5U
zNs+R$&r$0_x**W9N0=fD$QK`M4;#!aEa+4YP+#?78{i_9c1mn`Gw=I2q6V^f9G{Oz
z@+!}aF&&*;sld#I{o%46ykD$IAI9NjFzKk-btZy(6PxjtwWyHH#a_6Rk=BU1J{jOF
z5GKHiv*1vhLp>r7UMGd{zx$_D=cqL8XlC9I23{z4Nk@zWD=lf?9uE@<No#?|n*H~9
zs)V3(m)%Dag+0D))0lgEkjP0d0zoUaGdnXTE=1k~>#2!r=a%J=J>-udRB-Yqxd~wr
zoWbu^c0-r__}cQORY7JMd<ND@i#QIE^2_zc!pt+Bg47kG_ct+rJL+SnsANy73XmGl
z4~W!htlNhRjMTy0k6PbwoX8OgtuKM`xpr!@Bg_f`jM<?Udt!yaLYF`Mbz<$owI{mN
zSKS`A+&eL3H9I!q<GK{4+4c5Z5w*R@1&C!iKa8~(zVt;}TkQ5F4-*SY_zXl~hvH9$
z>>cknv+TFQNTof<{Aawl<4(14<vno`4qj275nS5aN&2(G8clYuE->}-?Eb61)Ol<N
zOw>|T6ABucTMEADrm#@*e=%ATznMj#Npv`pmn%eaAv`e`KG~TTULz<Z^)-ctri={M
zeo}xz(#hYKwmHW&*Eyk4D%SoHU@NVE?cakPcOizfDY8#bxTD0+qABJ=7H)@DV3$EU
zr-r<jkeOVrUAB*+I)&;#+p(Gpo>J9Ze02dqvzz+5-j5D|WnaWO?NYG4X_To9eMiHe
zwZHU+ZQwSv8M#z3W+k!TXUvuSJt@5zm+$pWL}$K1TeUxr67~e~FXiY~^fmQneo6<L
zp`?Q*N9vOu>!5^P=6xh$gXgZN4h;lxJMY>11PJXhpECCm|Bhb>j3kKbehBXUj~h4m
zeKe&_+I%E7LFTKB-yva?!@iOc7b)->Y)3oGN8x<c1PW0zw{qW)N6%_OGEw8xusb<r
zf+zZfPi>IR@RsoEa!ew-er-wZcWm6_PrNz7Ot21_nSxfDxWDJisKoCuNrdvus3D&m
zdKx|SnnZEx8srO#J-*ooSXhd#l<&i6*~wVvqzpJH!U=?wi*Z)OpU(7)1#f<iDG9}g
zaCIMPF`bS*-TgS*sg$kXEq!u(Ft(BN$9*a{+ZgQTjetV5fupZ{x2&M=h^&3R{>~f!
zwYiVH77fD>xa_Mb`z_n{;IEU=z^>b-NL}RL9?2RP+8j>jVLMeo*!<q?x9-X2@-CU4
zclz5MymU&H)LEpvx3^I>plHQjVGbu}CywFDwAA8Diltoc)rGVsvhCd}U8OL6j9g{U
zZ(;2!)V{tfXnBe--F00S)iSv^)*H?eqMU$ScNHBn@@fmA-WtmP%an(@B*t;We%6=;
z-F9Kbjs|t@UP2+>CZq@s)dxFa|JaugMLte(Ku{ao5gR2$L6=a=3tCbD&Lh1tX)}-a
z(R<v!Vcd)@G1c@vmz7i~oh$9>LRcjen=CA60I4%))<*i|+L+unhkOmfEj*D%rGSIB
z!+0Bmy)s#__8+Wb$Q7?&42kqhpT72194)IJ0omn$DcuVRY)<(0usfb*G<K-}KCLL(
zbyvr!5`hvQ+sw;?8O>c3Q_%FwuHMU)X;pSf93vt0T}$HOm^SAxM8Yxfd`~JDPq^GM
zCw3C>@4hRry&G%w4I+^ma?y}P$gQ;*t|E(I$T>cEW7s=-xX#+dVuhGYQeG1-*fC0R
z7G3_Myx->Cg4KVn&=x4ycD!`at`X9>gx(=$tk^f9?Aga~_hKmsHpTwQuJn+~i=xG`
zBe1fxy8Ew_HGD63_6Tbb{KlrBRG(0Hm6zvywe~i-g-mpTV#%hOY39WoMi~hNhw1Qf
zu!~|PHfdN<%5uE+7U@hr>8Hy``y@xV4zRVxRoupbbO*+}5F>BsA}bDb4w7^rD(8|s
zx4aQ;p1C4*C8&~~aYSYLPqVaKoa}~WA#}l!Fg(?9$SLcrG;yu~JUx4g>)`iEil2cb
zuN$Mbtj^GlPx*@~H?4=W3gS>GA&fc<sxT+k$Zba75N}Tb(!6R)1nnbfR$?Y`Y?3m2
zcuE2TSonOh|6mC+cbnSNVLK9`MbUdJT1sS7NQ%R(YyoMIL*INw*0qQoyW6>K8#Wju
z`P_C=DkH8JqooO(Y<F{GxjBE@|7<0yktswfoNxC|u36hLqhJvei76Tx9U*`Ho3M?9
zJTqI&o88Sf!TiQ<$Ex6`T@XaKyA{i?G^cfXAr*oIx_NW|gosA@8%jZCJ&ZkOZ8_sH
zG7-!rw|IanI$sh;CirfObE4&2VP#KIl0mbVP{(MDK@XqdHG#OYL+0IyNPX9Cpo6{i
z$n*SaZcTK99{ga@6(2G|R9@*}9!$w2x!=eZ#^oUcY0%GaJ}vv>q2C0Xk?%h;665D@
z+_`AEYRj){i^MW}1-S|(Pmd2n`x{9SUNrteo+6oF$9Pgvj-dYBE>oC0KIFHCg%7te
z2!hCi3rBLEQ#F_8W<F18(TlH)J+2&SMW%`EzwHn+=#nZiG5D!#uzsa)#T>A@z%r6l
zV<l%xT{^5b7n$rSo@^3xkd8@S6a>t-4n!a$@o@1n4KCWs$PtEO*Xi$+mU#hUe0%6e
zS*jTYlqms?*l-@~e}ratPSBweonYa~rL^GWey6qA1QLKX_(oI~6nb2=+R^rgCCGy}
zys`><{oJ70jiNl$*}ab4#lFd)ho4CK@S5BbK6_GE8eBbikYMNPQgpr>ov}TI&!!(Y
zE#wYVf`Q{P(ma9H_}Uf?Afmt)AXSwbrxs~CN<V(hrvo*y5{x(GEjbNN(3(kb$Mc(g
z(PcvtnhbnK!CC}Q5x;cRM|P1bM;x38i!VV}to{nA7=8!(&jvS$m0RkIfK+V{hC{-f
z<q*YYXw{I3U;O0j8@X_%&={fCne9;J31ZUIZv&rkm~LNQd>fJwC>cK4?B`|gJ%JOD
zz;$iLfcW#>NBG(49hR?}cCE#4mMT{$q9qL4wgNfvx9ABY&hiachd$nRw}BcNb{Vhf
zpa8d=Bpfb)CvIl%T^u||)dyz;>!nDV>IA+-!Me37?Cvc6fqBo$eKb|VDi3kj1l4FA
z0WCEal}D2DG<;_Ud~3?2oh7_-y%S~5Q*?Dy9SZ;L(Hv+szK?k?UwhN=EY=plDHOjJ
z`Ezb3S*l}_90!TRV$vcmY({*R7nNn-KSe2%VvgsZ^xv;y$l^8pZLx!R@MFp!tma;_
z_f^K_q4oW09mtWTWotkx;IXMtsU`}ORMTTM<9B;oJxU`8s}YZEztR>{({pv|Fa?eE
zKopT0{=J}AIO&Osa8oY7GHLdehFd27L2Z6qRoub7Uw@k5yFb3Dze=#7*QSr&Tx&%C
za-ritkc*joSRIIpv=r$IENG&G`fhv?Foi7?dHB;4Az%m~AP@jh05AY>00;m`04M-x
z02lyR05|}600aO;03-lp02BaJ05kw}01N<304xA(02}~Z06YME00IC)03rZl01^OF
z05Sk_015y~04jh#0Mr090JH#f0Q3M10E_@k0L%a^0IUFP0PFx90Gt3^0NemP0K5Qv
z0Q>*~0D=HQ0Kxzw0HOe50O9}=0FnSw0MY<50I~pb0P+9|0Ez%g0LlO=0IC3L0O|l5
z0Ga?=0NMaL0J;Er0Qvw10EPfY0LB0&0Hy$D0OkM|0G0q&0M-CD0JZ>j0QLY50Dl1-
z0h|Dw0bBrF0o(xG0XzUa0lWab0ek>_0sH_00KR{Je*=f++zq?`%D9rws+XnO(m0Qi
zf-wh87%lR)`4^K~^h^Tx4WqWn@9Vv(lW0)G+SIv?L|JmFK~(E;7mO{p3Zq3b6d_u~
zJ<k5t(y|16#%W-U=`Jt&L8(r*KL5(0;e<XPOlW`x@cFHM=So%7w{n-t2}`oy3H5>p
zQ4IfNrzv07C%sKahdxD_Mr&dQP4`~Y%d0hVQ$7;4BT%;X1rJ;vV~2CpNT1gJHv=li
zwur(Y95kU2@S<~p`}*9C3zO4wz7?y1e11JFjt+$m4x{6u%S~jD{euJ&A8|TK`pp;i
z5pDKwSiL{lL1MSfC=kU~f5iG28acX+^|8<qq{K+g4OK3)<xp9`VSq{@UL0*aBQF`A
z86u`dtF^LdNyR8;g8a9oc90|#NY`WiyR%H#hs8Yrxs`m95S;DeabU!|$1~B~y5%*(
zw`adr)t)Hl{pRZ7D;r{Rib$bm-;aW^y|#FUhlQ{G>C`n|9jl(~kmH<QF^}vB!YYMQ
zqvPl<CO1VGLdBr3e~bRiAugq)^~Zn#!4AdV(_8>Nvx^uX887Zqeix{ql#5~NeU5&f
zMO-lR8r8q%{jXKG_0Z2`xq^6}^PAMoUuvZjX9Vwm^+`|9uU!<$VhxaML$JB|SxDDD
zbPD5p4NbW}yY@`J=&1v#fev}qvF277u98-PaTgrwJ}6`t%>67)d~YPpiT)aulv|P6
zu*gZqj?&UzcTsFW&uA{4js_(+=~uD5{;tQ168!%~j!2WYbZ&jiGr99_&bj}GVw&UC
z#;oEahXTI_@w3c+{}O+bTu0M4awLzIQNA)}^0YfrPyGkp#+S1CzojK)30%E>!yDWg
zPf3;I?j0SArRNsf&oFDLbj;Da5ob-YHlA%Gh)<_?v>u0aI|VUS>~c9ZVY3&%&)y?s
zzvp*n`p_8Kr;`|V4-K?<<XQqR{1ZPS*rZ)9dUlTf%NhOorG2a2z8Qz2j*lnne<c(6
z)aH%76fyTE(6-0Tebq%LiW0Tgy`tyLoIPgSpcPIX9D@CZ_X%aUwS1*BX5%^>i_&ZS
zN8v1u_{b#s{k8^siuUUs<R`M-E%GjT-?XzVmLi&Lc*S9!&PFsMU$;XoswHAso{I?{
z%=k6A*&Ur(*amO=+wT9c?!@2L4XF-j1t)Go%&+>F=R2oK^V@ser3T<tZ)-mHb;hcd
zsps(VCESl4?k))%J^PjT|BVtIO1l!qYg+MARvUJj2@02=_F~`ox&^fQeujBA2r5B-
z%d0|b?a^CekX)h6nc98z+sjZCBEEvES+LlOr#ajRf$TE0B&+Z!$!7J&v*!179uB;k
zz1?Q_hDc}}<gY(NFgsP{u$j~9&f2!a+mmNx>J3taWb@$emj%i4z?ny}cOlR8Q7`=$
zf_^uAK%moC#!c0GeW)`>othf&VO(UI@yV-B4AJB{&uz#g0Ph|+C2xLb?$`41#;U&*
z1NEhQp(&ipS3Vec8crUXMQHCRZL=Z}2<;?O@idNWxW&G^xQL}l0ZA}Mfx{|QJ370H
zWbvFeEOyR|J6i%Or*3H$&X45>v43&r*~%w;Y15u-;T%X7d6@|!pue$dHV|{!x9}Xu
zK3Xgp#^U9qbT)(S|G~eNHqU~_pE}VLjhQefCp7kXi}y~)J|^JtJ7Wz$p+Ge@TA5`+
zKt%JAx>aDa!8KjLpNiV`16%38u7gI?|8OFYAO-th_nS@q>Ua41-co^idc)?!&DVPb
zxev)SSc$R{hZW#4uy;Ik*uhu2seI)vr5fd6|GFXkDm&lECxMdcW=kX8w{CyhMLtxH
zqJ^A=AG4OdRP}sJFP}%-+1DsMs4h^ikL2e-!?LfzRl3aAamVo(&gZ8lV@-a_mK_Lk
zCL6A5apZxx<j*#mbC67x*j#%jpd~{F#W@Zam;4bN=a(l--Ko<y%i-I)nSTRCFxfLH
z(iamb0>z2tU6BCtbAkTjVLV0P2sSH;OO@d}xh)snJXhc;q@5brTUXtK3`XIO1DZKs
z)r+Gv*-t-oa{)!iZsNL}UBHe)BAM|-5{V!<*>igSwYp@_cS@=(Tn_(i3&i`>8;*u*
z+wITw(yWz&P3O-+5%H9W4-C<-5VCzE6lNRam6{i2s7|Y|gBqvXlw`%O<-Q^-2`Gsy
zfx!!~Lp=mq7)MbxCsu&M5_9EN9K8wr(f7jLak4EdmXkY~H&|msWv5juPhD$6p#u}r
z`0*8PXXz6z)d_-XfUedbGLxM`A%7q7HN6p-yC%01!L0V0Y@r5}x_V>~sPmz|)Mmw`
zd?xpp2zUQJ13JpGKr1}<348=hNc?-X<hqZEe!l6sltrX97`^ogF~KO>E7_3er2=18
z<d1$M)7uMg(b59?9_sIKNaGv*!0AeNmvckEpwx}KvEFU`ypyB!NVJ_0OLiA5ne5}>
zJN9!0kpOA9ARThLe?|r3;zX!c3Jr;aPwgMk4?hZ*(P*W932~OF&FyjGOJkYZ1*-b4
z@PB5`Zp&ef*gkv*moniZNLM@g{)l_+KzjW1O|FS?Wx0U-Ff)qxr1=YHX-m605g3pq
z1`z^GP^Ff65EAM4WS5cg&!e+7mOhLxLt(Kx6EqNS&me4FUqPU(7s@?)77YAGGar2?
zXZlN^zf6OwGAy4FWNY@nu0aZ<X5tio{B_kA=<-b^G99;6he-Goae0+U{AuZ-4@{mr
zD(jDGWbd7fgOb_mIZFldglW=5HQkBVQ)8<yL%SD#-&>&fL!k{~_q;72$Vu|BKL5w;
zpOv^`lHof!G2#kn@)t%dYd@!N;+Nl3a`I`>DJ!f#Hsgb7vGYYuy%Wmgq2vM$r{(V}
zl%7+x{O~U~T4iqn2B;oHeArH;(X#+XWW84^SG193>ML?HI7`F(|JIp+CZc-8zTKqG
zD*qnB8t=C`jx?*^alCenwO>ga)du0PZDzyzjH2F0HA7Me$ZX{(f*703#(K#*H~H~*
zRm-HHOn1W(g_<udrrdv=y!x8`_mU5a-o>TmbSOyTApK%0=hQ}`TvEGX@s%>f-kX7^
z`Q!peW6m@#LP`U5_Q3O(Rxf~~e~mrsiXb8ZFk8G<sf=y-coO@={8uH(!I=ubErSry
z5~Z`Z1B6>I;u3D1+VbP+{=gS~Mf!$v9H^-sn7wJX;B2JT`-vK2+G!!!J@1gk>UbK%
zVOSYA09<ZDA2uBl_xKA^DaMqF-_@w8gK-Vq2JZSsZl5mS`&K;v7F!nNU%Bse!M=L4
zoO%mk3j5!Ge+DRNu3NpcELe|Z<&Qyp=n8xo)p;(8F+&W$Rlrjd97?%L9z$o7`tTi3
z3BsWv{%foUPBYr~<69S$?i&J}l@eBi&2MxRuqY>PZ<<8f=vWq3>z}0)Fj=KlxoRfv
zwPCFUUey~u%&3B~jjIewS7BnK*1LpALwvZ@*b!pS0N>>7Ce{<=Ji1!cffPtSZEacH
z^(_M4PRRV;8Ud+U*&{gmg+eWjGg=8O%{fHyO`?;{LlBUIs3|UsGPT}J>U>q3_%YVZ
z_*(3I?SFU3*KS(>&YgVM$>FCH=1hrDFY&z>2;X%!)NBFY8baLSxXu2tDEv1&IiO}g
ze1PjJ)N1tmRZVJJT+dV+0*z8TwxRwMyDm`f+%yhDs07vCwN%0nXYE^7_Hy*PwSc-F
zN^3qVfpnls(;Ug-#|TfIy2rT|r>L3RZiO%2vZg^x+fs^ew4+6?2rx&1pI3dSU{3@R
zv6*ud5MNu(tA7JUxdnwa%r7irj1Q?a0Mgh+xDRGLllCU0Zph#3L7X(Y_fiF^o8msz
zv6!dYz@V*YcB+`TLgPB|1^$acAY0yXLUJHE;BB^YOC}}{hO0g28R{1OZ*~1rY>hqa
z1FKb>8*wl%U?~=gHN5y*#Qw_`-6Lw`MswVg?QwHlQ4xtTGbY?w@IqEICQu-hZM*+(
z;uLb-Am;dD0Ls-D1AOp|RL-1s+rP4%K;33nrlPU%g=P`!u|h6h-&0dvTyC5_+4MxU
zJ1H=_NEwGC|MqhGCylOui5QW$9f28GiejEwl&r@SJ8az(&67azT*rkuZF<rBJ@cCh
z7(sbiPpNDTCf_g@Ro-njkU<;kTZEm8(>g=9iQ>xR|MF<mw1vKlDW0O`1dk1cSb#k`
zy+J003TEE3-C6m}Z6!vJCr?t+p%LDNW3=-{zz=WROrvhjJ9;`3JpI65%^%+ypCH2G
zdc=b9<7?%F!7TqjySz7(STYQ&E%-j937EJ&!NMD8On7oRrEiQIjR8&n7uzh)`=xxq
zxm@v1)(uuxbBGl9<x@oBen5ZmQ^BbhgQ6B`Od}7~*`Jz2vsF&|jQ7P-RlmBOYrFyB
z=3@6Nc*2Z26nR?ChkgJILxe7I<dwm|XOOd(nbtWyMh*UZUp*1Q9D|qzPBcbXIg-WY
zO$gWJZpgy(1RW*AX2>Tvy{=nrV3@dGM#H(8<?A(|PB(l?Q1MGvv`nUV34u7Pd-hc^
zSwAEh_K5T6J(+QEJ`W9jKKf7cQ(d}5-L7;}CJW0_5QGhjC*BRV*WK2^yJ8iXzKgA`
zlVQ^r5cR2iPm^#0t_Y6gzvYb=FuH4Oq?Fo|al$6%{fZ)fE-qVt(@y+l&?3L|j2IW6
z6J2$DJRw$Y*+7F%Y<V`M6yL&tBB|CQhza#5EFdw0ok;M_&+Mf+V7rAkLY;}^KT}T;
z=7enQ?)*4w338$yH5hLcJiqH|)E^)%=#ooPL~SB~I_!8T{$*sVH;iAA02CA~PXZdy
z>|PV~=ewJ&hL|5sNH$c0x=n<uiyk>tU&DJm90A}+-WSRt2kQ^<n?I&hKYrVkA%>I>
z+RbE@BcRsz!#`@AMX*MjEg4QdCf*kFw&^___JnH$cCW0VJVp#Mg)p(`n~na`rH|Vb
z_pG779j8mjh&qv-ICIlv;H2h6&sAHw65zE0A#fWd!h_BgK@OKxk4+%qeWPAN$Ms}M
z^bRicUcxt75$M~M>HPnG2jwTpo%+)gKk5k`zYkv*YVB}!vSsk1{%YY;W+{h^u3W5f
zCTSPtc5UW2H2&NWD|TPnS=aHEQhHq2Bs^UIAUg~^1?~kJT8(tO=b)n$GZZO@69cCV
z6KRWG|0kjLaLhaUSRzz#RX=vM9YO=o2sM!!H0)7l&m(_V`rpRbxqYc1V1a^|8XIF@
z1i_0>y?aCnzGmx`=>sD-5|cH|J#kJ|tZkpg3mpY~4u_jrw~~Lk$rLiI<5&DCR4`Gf
z!@a89^UE;S8xj;t(ga=!?W&>xEu9kl3~0><sT1Ypu>N-LmjPS3Vb(rp+pAf61ay7j
z_y8ki1636nlvmzAVLh59W%A^8+!IO8kI@e8>-{67t~PyVyq4d1$kyLHpmz*cz+2fg
z^6t@xxs5p_?I$?SuDuBhDQCLW{#9vCjB|;T<kci8CWlWFQ?t(vykJ*F9HMQ7m(<F-
zMl-oq#RFr#s;+X7ye_tfKcbX~j6}mUFig&I2s3<7p=wJitTxt!J;dqfS1C!uhdjgx
zQvDB`j>9HIuO8ZIzW*39M(8|rw9Z$@8m4RlZr6MadR(t4eqv0|wk^@0-=8_)fKuFs
z;b5tMwZ|ymXLb_!VTz-1eD@G^chNS@3{4-9ZfZJvS8FQft>Gxg?Kk-chM;^jFnU*)
zZWq1tasRUYGv!lA91X@ESD7e1?;z|BAti1)R0gz%wHs%qSw;m2Dg}@J;$%E_=juGO
zL_uf3F}4d?*r;G*BTe-2xQ`2VrTY)do$S4`{zqI$&3Q@C&~VXhCUGE$cj<}<Gy#)O
z&7TgXb?OCdPT3C<DYm5lk4eTU^V_NV7!LB@)<K*DlF1WTr;~4}{J&!Ncw#^ROR!yn
zREIxO`oKz-$#Ge3)<7)6d67&YIT=)?h@)=gUkl^HL<~1=f(7(G{=*H!hqdJ6RnOln
zHKbHH#Q1*Ur!}AIqzVSC2Ke>#B27@ppa9^QZjZqZ;E-jQq0^nRU=+;9wpUuiME<}!
zkQOAa7Lw|bKAmDv6oe%DVjZ2@XB`3mChP|^$8B!GBDyqjAo=g185;#y1nl%1W4fmY
z!`U`B6FutHqxzD<No$Cth*ZnL?b`OSM0hNLKa95Iy9x@nyuw!&qOCy)#Tp;rD<bRU
zsW*P3$B}##pcPfieu8VjXn0UB#M~D4uh0^AQRf-<rB~9vYB`73iLKCx5ACka#vLNp
z60TqSHm-AnEiuLiQ@|Vrd^p38HH1BXzoIZ72{2_TDA3nWZEfwM8RNGSTkTCvl`m%c
zS`xw^waMBg5*ca<9VlQ50~(CyH<4`1bRM4z2a3?Lz<M&~w<yNM#gf3%`J`Ir0I^x`
zkr=8A!F!VF*{6x<{RfF6Q7>pcTvKdRZ}Xa6Lx=q8*8m2C#>)B@$Vy4!rhEPA)~ncV
z?dY81FG9Q&aP^hPTVhl4{KWrG8KRfuKnxlpKbze>>bDdvk<fs!$4rbWR!`1{t{V@N
z<Kjedyhfh&?)F$&z@7sn2N3XAa=mzhcC%AmV9UF`{Pa7&jig|a-_lezulns5Q`id$
zUd(f1N326HDFdXihEG{m%oa}}+_(_+LMm{CJP34+&`yhyG!zBGb?tBe1m8l2S7LyC
zFs$m1OUN9>Qd`Em&hr0JtkhMN^oKUU6Ax$1>oj-Kw!>o?<jJBJ^-E(R?|;<M#AR=g
zL>*qruS=`+#sw9L2(g8KPKo=^Pc@)99Iewvs$Ix-_u^B&SVDHzx-$OB#t@t!cab<T
zCb(TOEA2A^`rS}@<|$m4(b;$Wh_^-IZ%n^JQAR!yT$=7dlltH`Rra@dWGM8_5M~fN
z$J_MQ8_a#l#=mC)8wb2qkF$~~h=SgwF{OOqPp`okn~S4jHuDEZ*2gG(I3f8Wn{%C+
z3kvI4Pg%y*Ah|jMziGQ&?rGQA`hQ7aPU+^#uHj(a1GT-$N{uED;9|Ej{g|+X&FY?$
z)Nlf$L!sGf^h+zNnz)VJhMX5Ucpb*?E7~X=1Bb5sK`BEYV%B-knR$>FFqojDwy9{g
zxawL2n2<S&6$)@YR0SK6x3A^izx_2}93Te3m_g9JGW-O#^iE}VzDWJLUx@<X=|mB{
zB{*Jadq|EUliN6-BaHI;L63H0RaNl~LwZ!r)hQ{_)@R&RwO=Y(b%<jabFTbh-Jf<J
ze-bHZ+;yf(Prml*;^hOF*#Eqyxc+mw1)`}pazSwX)2X*1zxs!Ar@RUeaS$jsa3v20
z?pK$vJtk4%cgOwyC$!(gWC1MJ@XN8|aJ@HEx;~>#UWrap8x1%>3YO3rh?UClbLb@k
za=!I1vZ@fq<0v##qQBcJ0>0v}BzKU9n`}p(q;AUQUz|A-(F6L$Nqu??eG61&R<^Sq
z4!ah;?TPt+iW`DM5@r%=Ia=$s8CW%^CPPR2Gh>OYG2N86g_g-fqmK|M{&}5AtO7R#
zIFMp+IqBb92e-GjMwFHrpHswLu)Vd<79qo^^}InpZTx(57d7x_Xu}<@dEbNyJhip0
zQ80b>9y7b-n(W)TeIpV^a)cVhux~=0JY0Ki0T!Qo+kys|>r4obGL5>^{hv|lSoD*k
zGG`=89uf+r_;Xk6bse`<^zHnnw>ImxejmvD{oP%*GwqOC#4~pghB<V@<DpY7yzmKQ
zui684osBVWu<kELTM{wpa?XoL_0<7Ucej&=vqHV^D!K&g<>`rdOIb#DG4pSyU{{K(
z3G1JV%UM+Ny%lUVn4BWY{}C87uRPv3mHv7a{|?qQDDa6&qp@Yd8Se1L=n);Q7nA#h
ztG*^~IF<y~D|`NRrqC1-<}_xb?d<e`fa2!6?XELq@kE*)f<>H~?9D0SK?5J?07od`
z<CA5%$SDA`AxwMi!O<K)BoIUWV9zHgqVdZth|GT0Z-V8Qv7^tkx{|%vTc?n@3ZETM
zHv&I>GQ;x5y&A>GJk~RS{dTeI<ar6Dd*yM9sqlZ_tDT$FcbEIi?Qi~FOP<|Rfh-t4
zZso7}JnOt<a%4u!a0_Q?SE^~$qx}p|ndSmtZWK*|7$WbR(~<ONL7{G#0KLO7GP-5H
zo5aG}NApH6Y8$+;fdnPuTt1&mP%vJgz#y7bcfJZDg+En>g!s%F9)G!ky?>J9-O~?~
zFLcSo=`I3trD3gR@Giw>tICs+MNo(I5WR01Nn_ETlCJd^e#O6!e527oAD%%~cui}2
zoau8Pr0R=KQ~kAtwEBTWZiN-+vY)mdq~I+UOoRujDv=%Lo&Qu#V?___T%n-+_TZnB
zNs8x^0w=6!-RsEJOZ25l!D^`K^wd~%vZXqtO%((%z53w{B}?+E5$hQZ;*Qf7REUM|
z#yw~a|3xCk-dSm+^Gcy6bhIu#>)|0oUma}$@9|7jcfA7Gb}f#>arO|V^$MZJqb^YQ
zI(qdHNAmmKyT8I4Td*5#j~bcJLgq#P=R2wN0}Fn5nUN91v|QueN-vtk<9x%pkKdio
zrUl<M0(eydZS!0ah1R4yTt=|#jF2DwYOWlJ<Y4_~6O5y#JhoM;4*P!nOeh1oTgB^O
z9$K#sRP?Ayj>ts*66ZfMn!UL+MQtytRXbaLT~_{6&dUY68BqZ%dr~9EN858mS#4)d
zTJ{?HS4{@Lp*ueF7Yto$$pgX!qB^JL4xj36r<}x3w~tritbdLhDld3bGVI|@hnixN
zn3dp!YK%5>3+Rn&Tm8)MMe4--FeX{CjSDc#p3;PePW3){u=!I_*{{(BZgrWtJy~__
z7Z4Cuc7JG3I}eYpIXl-d-wG)&jnyua@Fj+YpuJO{Bc|E&wctU&5A!L5-65hOO#9dU
zF`xE?W?XkJ31QCVfA7op$(D+=EKF1;@i~zi{))m3M<ObX)G@WB)68T5^>%fQ&4aiu
z^i}MC=k;YRA(qSr7|xvB<lwu&=n{x=tUjq^rVd6%cG!oAC@dgDm2`I}etAUt`Tj#T
zXj6m&M-T1EQJf3DI(WO2H|N(&Su0MP)7B5HviCZ3{O_45Wquw<N%^R&NaQWT+_$M%
zBk%re=QM0|Y#c=LLU(>OSaj4+K1Nq~BaE}6EEd8sEv&N3d{7G?CE=ORE9$T7*17V=
zGFnb3gm*V1c8}69Y#aVwCpunhnquqbcbMV^3Qh{R=(y4PNQTDMgy!fPln#B}JtUtA
zni~Y#v5&oN%DvBt$W;NuNxccUPWg!h*fr}xzZgv?{FkC_hQ$a6vqT(!)e(@^Vj*|2
z`7Nqx#M3U0%*6Qer!W3Ga~f&7`+0yTUF#PwD`dz|Z-dA%G$_ej1zi;0sB@gv%U;iH
zEa>l$f5YiJ*3k|d<5Oyf|I}C3+%^^@cEdk<-=K3HwpMN2qWxQV))KxavImCy{{cZj
zzQ2%*-A!prMay*#oGG{;$12Mp3dg7NqHnR%jI2xNrEcf8-6b$dVUC;Sa8)=+o>k|t
zi_zr=2|{8z%QtgIxuZBLt_i7MAnXMbl*;w-Pu(=8)i#$%R=iJ!XxU0-GRC{;sA{@&
z1l2$$Q8n{kOUWV&8YmRq`fwq~LCcoGxJ7QJlmy()>DB*in}a#q=0KQN`Uf+)j3mb?
z;UKjNeW{p^^q1PmRb^zz_KSAF9(%nU)fxQRkSm{*B^2jCm8y^JjY&%f1!X1{OE+KM
zLOs$Y4B%un_Us{fa*BWpHFs4wroO?rA}|m!(xK3lX9_5^aSU6JWZT|vG#=Vgr3JrY
zdq7+NCEc~9cr5e&E#8Sx;53b5qkc~Kft5uii<ot1>QhqYaIMn?E<C{#(GYC?$5G7`
zgPNM7A3!nPh_=F;Q=9#0!2$DV0ixm$mK&S7(a+`3?ZQGVB;ZT+;os@oZ1`d)w?g|C
z5@LJJ+CVkUo%XPjsPs<;r3oJXA+n7?3kV((P-;-Wv!yULe9_TFRz0DUffGi(&eR0{
z{48~iYIRcII^p1GYOrgfyHX)Kg?Lo`2RtZ;RMLjXIR*3JF^g$dY+9``UX!&O{a?oV
zM<=AZ=9E2VHbn?+A+g5mwZ)s#ODzm48Ggxa_#8Zn9;ZY}%=(vV0;qO)aCkx&D+5(N
zc!@X1y!prYhi;To3UqC=%v;M6fLwQLtA8w+HIFN4{Nf^0(k;D^zP}OtqpdE{m;<FH
zfMjsK5nh~4G#Sh1d~TbPdKRqnWb(BQ>|{dZwAbmqTj;Fz?y6zG*d3tQQM<Z3cD7y&
zS8$A5JaoUl>Hpy}&9+COBaHRCqu6BUksYIAy+mPut*u+|P}s8<yx}B6{p>cs0SksN
zX&H(o)Bk?1#eYfx<zYMjw{vka70*hREp~)T(}0zqHysQl58Pnt2ci63b`Qb$5<bW+
z5N*C5Qz)JlfwUjC-VrN=MrWE@-o)6bW)`ezvYLL{+mRz?c8nzgX+Qe|&hYVf@R0Xp
zm9EH!v{os2eO;hz;L43e$edDn+B$-;n<?MwQ-D80*%lUN!~hT#Xm<Flr@3#24_p=`
zJ`J}(Lvg)t&zQRe@N)2OD6~qX&j;2vpj^h}V}TSx90Gw`*o3tEHBUX@68hu;UQhr^
zhaVn2a~%Ypg@s)sJwjpT=cLP;Xk^w9MAf92xi-1#$PPVoquB-P0hyoAUavmpz_=IU
z3ZA>5)Q(rECRB~tU27d%(76u&+w%WwTk0Kxw%wCtSm0oFhaNxMl=K6IpsQ=bRmoun
znnR!Hpt=NY^GPE|Y1rhQR3u4Ug_v1uM?uhbA1U`rTMu&5h6UIe1*Niqx{W`%34|Y5
zn)E~1k9U{QSN0BVwnWT6;6bJR-N0-aGeL%4LF>WJh_T-X$wtJxPz9;`{FG7uUcdl9
z;sX(f2s(zeYMMBUh4`S>XD|v#z+8nV)c?QN<Tbaz8iE)xPCG0~ON++Q!2<(1>R5L#
zZRyUSq49-cE{q8NQvsxihvCAXQ&QHpO3D-9TIy<>9DZiuWz9uul#mAXK24f8#bRUm
zVrk9(yUb9?eTeS(b)bx74f-OISxL9PT-8FIvOMHLarAN(mn=+T1kmEjx1O8R=-xt{
zfVxDSksR!!$yxz$9bu?eWCe(>i00<85RR<A$OnVO<HH&0(O$bttiq9=sxp?#)k&N=
z2)QO4;hG720p!bvqJriZXF*P-foIK^0|!^jk2Hs7%Nz=%byUPR@q$@KTAX24t-w1U
z^D$c7Va?k-Q%xy89eh+2C0Og^CNv&HJvGXfczu9w{EOt(ag$$Jc7LwrP~=@-zA170
zb-)>c*jam_r)|<&^jaBrz*Z@~{G?p>ui;!daOV|{xN}O0C3lselumLSpEsO1k<%GP
zR&Ps%Nq)NfH9B9VC7c0Y$d6C5uS8FAZ<oo<m4_jM!i+5EgKqLM6R_ye6x)GYY=P8x
zq@6RoaRry%Ic#OFgITK;#vg9l42n9#d~#jgq=0FNJn_;hv!aTn#A6`+;Mi~EbEYDf
z+&JaXP};VUmG`<``Ao<q-e5yllnVk&>L~?-D+fj}rn8*b)71}PW`Kyy+lWHU);5PO
z#S<0g$|T;@h7b3ekamqIiFiGa4XM1Yn_)#{qQr64q}^AIs81j()a5~m!}bdv8uFAj
zpg1E4aISG7<g;y1z4-ybyE17N@errPE<meCoTFj78lubF4J%8J`=)m@O-d$8I}#j=
zQTT-qnDiBH=k>LW45+(MiXCPYJfqajymO+y0d0rmQ5U)-6Mk*`(}0KKT&^s`Io7Dd
zol>MQ20>)G*ObR{9r{?XT1V?07)d_TnQm-wo$C|^)plD>@^Td5kMe~Q?GYs;vit>C
zcPdHaJhzHCfDi9jfKb-d3qLc%H!|~8K9<%#Y0HmKyjk3)1*ck6sX&eo@*XK(FLK#V
z3TK)=OS!Kmmom3Z)6J4Zp&!Q3_Ut#w%+Ga~^8-8?!9h2!{oBprOo4FWXRfDM`-+>W
zjnUTjKVP9Vg_ckX^F~2BTCzn)gQD$MwtY2<asUb84<Ft4tpf-O{j2YCx|%9^#GNhP
z(V2bx9PqkO_37`)I~s$#6c~YgS0Cr2k0BU*fE8(<Q?wGwT4|rS8JSopB9>nF*q*-q
zVSzE8Kt2zxdHq%sNpDl1GS1k&+gc2|^U6k~m1j`r#G-jSyw<ti7}zXplYNCP^X7cZ
z1UKWp#5!}||K{0P?G*dT@7;%GVd^;=4Kl>m!3j_rQ(GeZlOV`L5L2z&zaXdl$Q2g;
zvve;Ba>lzRupqrzzK?i((owU}v}!w)L{}*s(q<U+wRyCn|AuJizFdl180(-%x2ghS
zGi$`skE)X85O)&@UUSh=owo1Zg4$BfDD65azB-Lzngv6zV%4}62x1Gc!&K|_$zv&?
zk(tcM{wjI>%i4zP9HL>-cij?(Qw|%p3B*Kgk9kPVTKS5+i>fxb?0Lj=XTqjIfGn8*
zYy4@91b#Gja%;<A@>j4lEb%FqKWmS?l|TZz%Fo#q$Yd_c<n#OS_`m_iXX18%<&@K8
zU1RonzRBPiHR2ovy}LEj<&3q2^C}Njj|6e%$wX6wPl@vwRaSK=$^x9nK>)=9fK?6p
zumY1YwLV&<b5-UXfJMnPF}DvAah#gi1C6Y=Ly_d~o5sGjtKS|JRx+^O`}=Z~wU+a%
z-zI;a2RM<OUx`~8BZd$V@Azj?7>&46O=QI!TKcco9P#HuPUj))QzHZKcujMTe|c#V
zg+YTmM84+ztain86p-lil>73U<}t)|=XdT*LCK05P(<3s?Cngot>|7y%7+Cr$MIAW
z*8f2LU;4EXW2?+6+&##?45?og&|R5IVx+_`vKFs^EM#*?h?OI&JVU>rfAqK!lHuOe
zJRqlWh|is`fAhGiqnN72s_&hS_Dkld)VLEy&X<~O0bOK{O&n4Qqo2fRPAsdgZMyBh
z9>VSHl6w%Q85+6wIUibii+}^wM}-4W^;8w$&EK4UO_7m9{11=5syBVJj#Vg-C_P_g
zu@)g`8D2i*uRcko#P}Y_AH7W@&GMJ+{xVYRZ)FLq!fk)LaJEYZyd@h>*Kj~ofGT9z
zfatugQM)Zr+<VC7hXk?$!<kFrVj1Fa{y3d|Y^`5~ORnIUO5ZCTcN~uaMTT5k2^4A0
zmpNP?LsY_{t|ba$s!1LNytFQa%jX29h^+z~>S0AZlZ+I1Y=N+WwNkJ|2vh5gc;JeV
zCJH&8g>6nSZ`sk>!0iUHLgwN8q*%W6VYEr>u4dZX#Q5tlb)MH2RTHk;Jx5+N=SUl^
z#>jV+Qsg|1od9$u?f3csx)`Y<59IYmDIxw6f#~Xp43XIEdwC9S4jY|6LyU1<7ee^?
zL1bM!I5MnP;Yl&aU7~B09XyE>cNBnx-A-C%rvJTEa422k-8XSBC|Wsv&c|m>2fHh_
zX4j9w2V?N+MA*i6R<K^YXWRuaKd5dC^M0d{0gfr8z#4#u(6LOt@?2)o6_9Tls4(+u
zd-QYasRH`CW1=1CN~j4GQ#c7KaBFc$*tTXHnpQmX6Zf({YlksBKBI~-n_*B2@vpx<
z_XqiHMJ%e5@uD<;7SH_BRl=KD480E2jMxkN%JOv2O#L7hxKKU%35&(H;!WY>zCDmJ
zG}1y-A}_|vh>z>RlxSqD2<XdPixIP<ED(Aok4&pmVf{g6Kym^LYlaGlwZv85MNbTA
zsCU>Z^jt$@i(P;N^AUh_3bwNDEZCu3=!@k8we0c{)uo|xHi7ySqbkD5Cb8iU?v$S^
zegGp-3IMbBchC1f)JxNkMIst_u{zo)cwu0y|EQ4k$<81i^S!ZA|6M_`o*1@Zz?-`2
zqC~z0Lf6Nj9&sx&0t}@TUAwyoEaz$FAp~L=U&8RAi5uk7zwoLc^|%tHw&ZiQnK*vi
zbs$c*vg-N|5xn!F_d}~pmjJEjyANALNLl};DP#OrkA`1y@FlzPja3pqIeYe7KWwOF
z&V2YkH$ClG-*9lb`a&gQ)6Azg7py?eIZ>xqe`<0{YIzSB!K}~^Ddn}G5!~&ljIv;$
zl#VPEF7M4VLH8r$OrYnea$+r466@;;kGldq)c#LF052-W<){y2#_B6b2BcpeaSJ>7
z=iYv_;ygLxcq@`?_v%1-mQKheWUG)gB9N?a(Lu?<RIm|_(0^BuP=tOh8?HWoP-vK;
zIK3pPrCLq%^motzeFfp72CZ(=DJtsW8Qy-wN`AoH;W>cMl{zYsp;ScsIUAqbP8*O_
zYFB*B^@}0J_gkwyHFYNs^=9wuoT{9WLz5PN)t^-o3bGmKr`kj!K=plLagwLjy+)q3
z!l6_`n!tK~E6a!yS!ccqx|QREv<T2vA9x8l7w1(E9vH3%A8%LkMg-#6Y4m<PXj_K|
zOQxkK2gnSW>|tsLb>r3oc-}PsXM;?dqxsJ1HCvd{V~}&we2+{wcGX6+s@+mM$&iPB
zu}v@%bYuIV18i%do1yG_GtyvO@-2xg=AnF*SDmhB@ps~rI+UkC-2zPe@shCEb#X)F
z^{XGH<E6g8co<&R%KmO5&P^=c*xd^4B!fGUZlPaKBHI6L=3A0wxSs4{1>ocA;N!Y0
zw)h^I#Lh!?g3aT4Ceyb9LZA`+tFV|t<=}{rs_!a@I%}M?F}5po)fqG9#?|&z$&Dhc
z;q_e#R^imR#G0yo)f3pzwOr8Z7i;g(bG_H6N<|tl;S1-a8c@c);=I>(Z2|wYFix!Q
zh)vM+BJAQ2*Y&-{^3GTW6hI<yAvEua5-+KmVZ(#nDerE<o`J6W@+z4o-)f!LSX1gx
zZG56g%%tl)7Ag`#j2BbFxvXw#8}jBT*XV1%d{SC{7~)#O&rO`e3(I`1LOnuV;Swh@
zTXMC~z(e}sF`GS00IMV^Nj9)Rl>M#?rZ?`qO;ZaLM^1<P8Kc1#Y}4zYG88EMKAcH5
zD*3Dg<_Sw6z?SF+ceka>K6I6~7Q*mn_1|1EUPkbyS5-Nw?cgG$fuB730#NM0peZEf
zz0UH=X*rK;OZcgaUF0#=-u%T>s@I4HJsQw#BjY#ho!Z<cg^p&u&la9FHUuv8&;{C?
zMG}D(_mPzR-Hho@J2oCNYN}PQ4M{&>KLsdjZ(*_`!uUZZntm;YWU}O6A^b>U;=hoX
zA?r)?<1_%M5o-9aaxW0Kth4}YsQ1Yt4!vl9TxqHCH+2+!pLzwOtr-3Rw!X8GdRwRd
z@~m4glA{~>&qf(^yQ(x}VNs>e|9$?EB3@T>{77<~*&R|{VwG%%uhPX~u8igUa@nLk
z$u?NpbDLEZ;U0PZO%pLRiV!||Gcgt`Rf!0zta-x~qSO95Z}v?9Z!>+}X-%`00%Rem
ztCez#9;TEr!e*Am79ad7hRV_&y(h1(cZ6{XX3~@T6z7~kxa-uV4y|~Ltg`B{HtH<A
z3hFdzNC>@?)=voFn9mNxRZu|~$<8cvO|&Oof3Sz?tc382z`Z+Y>_$Cak8H;!<K<EO
z0IB;r@v@v%T7YH%+jZaGE#w`<Q%G~BW~m1^n!sS-7`i^FPjzv)PJ?8pR_NK^NL{ZV
zN<jbo_ntt?)Ow_C)QJ}vL#9D}R0RpTRsumjlw7dBxf12%$XT;Y6(33o>6weK`=cif
z;QQHV0)Gvydv4}~#HhVij%H4@GQrFZ)J+vz?8}P4MGUDBDI3zgjCzN-50kKHj1bi-
zy7wPbEQ`U@EdklDM=yCK)JJ$7p^dMd#g633UnT-7(twY@LxIKK#G#2iUz~Je5vlW@
z6cX6Ndx(gVQy>knQbzaAt;&$Wp{`<OihZmVq?~28V5b`jx>piiyEF)6tM8m}*c(P;
zh=E;7z(W(#xvhD+z}*)5kzc7j)T!3TXaB}Q-d>k=kzNfhWR0jqEzjl0uAkk?yv5;f
z&VN~U;~EgJwK=}-4WPjp+ms@-R$UT$ix|4g3Al;!yr*x%pi;S6uJ7+HNaP&xRWb@4
zx9*(JIt3pX4Jw`PD9m}LE;Vg%Bt4=^ER&5CGkoH5iG-;xev(GU7J320srpmHrB#mX
zSjaZO3tz4-B=zM$gDLna82wo{7S8-+wK6R?M7%)(jsdgrZ0RPTn`!9#oc1j*lvKkX
zj+dyR#K98kjq+(ZLoMQymy_SrQFxRp`3D<Ntbc)nH+#6=@w}}1r+4P;bc7IPZLOVL
zZ{aA#B9?g5lXl@}#wgG0Aqx*f_{;=JSK}VGrO5P))_h4#iousY42MXyQH_E7CfK0U
z%9}k}q!s)F0p1rhX3)$OOXQ*c<ec7y8f&$CXQN3(q!ZJ6PLc%{aJBB<o;|(2pQf=5
zqpE0`N!vE;9$6}aDXrAsAqTX7#42d_ik4d)n4+)HG#t+R?0y6WKhVh0SXmm7Mt~+h
zDAgBL+NMV_Ucs1Gc4)hI|Fd*g<0jq+TO2?}A%%+I^kPU#m{gGLv%|yneyC!fK#<au
z`02PvF1Vq9uSqksSpJPx6QkG?gp9e7@wejgX4H~Ym-0fbp9$nCK)P6$(B~6a?Y<Gu
zj&VOSCZ7x_aPWD4s>+O#yuy<UCLQ(UPu$eI$U|S$=oNFt1Wb;Uy1P-0>Ty``buM)F
zUAcVgtzKb(<KY{UxiHAniU)GUt)uju^@-1nXMqe&z}GF2>^Lyxb=+;UL#;&IzSW0p
z*BC3(i4-S2wj3DY69Qx#<O71oZY$#3Xogg)c_S*91|_5MSLZ>s&{uigcdV76l=Sbb
zY>kv97^AV=cT0h2ac}1?#oydmTv9~K1iT4(g<3W=i$8Z$HSA!B2S}K#@O~IwxV<%0
zvQ~3^xW0)N`fWhA5s|B_w`G%eQV=RkKwnT^r)c%&R_P7cH~(!<Rizw*Z6l~DzUesI
zksAph^_a*4!LQ%ZFtI`)FiU*^_3IQH+~S0aaOv$-fETNNYYX`IwpIcREwu8@KjwO5
z<&Jl)e>|%Z33!T2IRtmVJJ%a;%ttE~2J|%TxYpDZad4`pC6+zPKL-Ten^~c?*36fU
zn~E5-fkga8`UIrgoG}a?70F1mEbE@2X4+5dd>1v@vE91%QjB8F-}$~xA^5w6Jk<mV
z$s&{P!8P@4w#E5b8THn_<_GDgGw#9~TWU5iMu=o6>PKM%I=o0#xxHL#`U>Erg?{AJ
zOi=Qx4%ZqN2v)U+dsDJRDzIMvdFq5;bU<?0rqraCp=*Pem-3p|3d&_6+g2@L1f8qp
zBsdHBpzxhF<1&FG&}>n$L^_#y)2?@QkV_K>8W;F#E86FAS~+~IvFw((H4iGnU2IQh
z#Qs`iwu1Lj%EAj|bBXJeOSWV+LiWq*Ygx^noO?3Y!N*6Y!{wFOO`?yHjT(Bg%W>SA
zGy%4I?@k-Gkop@Gv4-3^(S7NXls+<e6P;BtY*Vh1S}gq9F<V*KSBI-!9E*f^a8{~H
zjS6Y2p(ETd;}>yQ;hp1q5v~o)*D!+F_As%E@KU14T-*|DA|TJm0|9G{pX-ig7nZTL
zB5GRINSs&JqYVMbUzIfkxVSdTeX14|^EN9R>|@56SL;7p*m)-$+*xDL`H4!tMVd^n
zhvloeE6!ttp6G9x^B&8gBjyRhvukW`7yWsxJ?8~v+dvPT^-B22Lbu`{LvY#H#&0t%
z%o)SeFLbtxX)HTFo8Y>rhj1&K$BkNu4g&5T7792*0<V&p+9mGD@f#)ciP-8GgW!?*
z{+xh4F5YmUY-8l@)#sAcgg<)p@k`SPf<Cwms_R-p=%!f@#uqJj&}#Z5R{KFtLE7bB
z7%db?bsiQ<PzR$NjnkRVpLoJ8wc2gqNEoeY(8s9X5elvA=S5)DOfKfoXABz7%~=v^
zAGFN?galODHzbgCO;RV{r^-e*fsek2Y_#S7K}P36Rcm737K@mNysry+V-gMS+|-;|
z^(>8+`C7|Tb(^6OxRD_V>m6!FDj6+H<RN-AQ4KAa-E#<-RI1QQmr}<ssY+W`wE!N6
z&^dG`I@kg};u!V<B$H>R!|Vn7sI@xbd55!XH<u0meXSJ1X@F~I@yT`=z+2W>L5NRm
z81O<T{rBvq-@8xu;*fWI@H#IYt~b4X;R@L6lG4^m$!ErQ98gBEHG7cVNc+^3Y8XO4
ze0RDBA+T++E`XN=z}#jxyNjE0&KAF~(t50mCl6DfBYcz9d}Sq6FS>;2*_=!Z-SMl8
zo<b&SE4nb2SRR-78jgmyLb({T{Y={^)1n&eLa^|3>C5KT<)xOZ)DtHf0e0$C+t)s~
z@yJM4YA8eR)H0*WNA1NW1}Ge)qR0Z?RI-Gt34TW=`S*}C<X|NCaIEO^wv<u9T%m)t
z%aL;Onq(Z*-#)?dt(3g5iJ|4tSV|hCCLuUVGtk_$`lVt&fm0JQ6ryLNSw1S^O6D2$
zFsjfbLkh#}<B=+9%H-B(!jQe^V_79E(-uu^Q8raUywj4Cj)Alx-?s?HYI*r><loU7
zO`smqhJn(jz8A=7B%dh)cV#?!^pV@*rPRv-$YnWGuY$?F#;a6e*fqxvr%0n{ubhhT
zK0sGnT@HD<7Sjfr@sO&8EB9dtESNuOZ}L9wIx{R)9v;P41=*iK3b=Je3s?z3ibM@S
zGD(C=IPw#3HJKaPEG3YSa4v3P06CpE`BJaQ1|m`P<<=(*XP}5klM_)i4h@PX%saYT
zQ8HyNO~Hga+-F&{C(ydLOOCgStULb|7NbI5(C$Au-fuuxwH5F`x^J=lJYJO>BDG5r
z^Il*yl%$*nFcr&3%6^Px*}uu-wijbxcJ-{>^14=plna?N&i#zh5^J_nUfJrMMQ_qG
zVaPChUNOI(6~E%IgQX?3qW&4x!2LEy^DQ7+tDXCu%lkMXYb@~U3CKfa(!n?aa~fUD
zsJ7JP#(sa{9qo_X2SC^r8VD}OCdDm=wrk=Mhy2Bd3J(j*Xfw3=m<bZ3`ook6Q_7rw
z9LLtI5<fngTBYK4#j6E3{mORm8m=&qz<cNjsFe+-!&Bfl@j9zw0x3cP#8t1f^K)<@
z+t>gjWP)M))ekpGU6owb`sBf`5PAuP-FB`wKBw(`n=A2dyO6=2vMCj8H8VhNWYTxu
zYzJ!?I68a_Fl28-Vm%rn3@?$SGahHuDB-s}dC?DEL4$O{g`!nTi7{!GoN6Ki1}}wZ
z@0llE2MRJ=-JbdbTUwCDDOOt!kO!{2D1{kaGR?ln%^pOtj^xmfHcWVXXRlA9MXynm
zLjTxSbwPCj?%=2oXm+@O>T}S_1aY{uhDu#vG6`WRo!v8M3_{WFYkmoJndNyPdrH*P
zrgGHvM{i*%X?{z-PEmq-|Cfkd{!HuB{(!`Fzz}q0KZ`7J>GilZe&0BtA9I8hjSxV)
z&J=MWFu!gn<E+}20(W}RT`C#8%>Es-kwSCv(kZjb*!uf5w8Z%=799A@Q8_)X+jahp
zR5RqLC-Cv1!k`F;0`qLvdiF>M1*#+kDmLK#eY?b9x~M%Czf;9OrnwAo!U<Fh8WY|H
zHEeT(#n0p%Z*R9qJ`abqSc+R=I^R7VVpRXSRnr|y4O1?0teFhSwCyT`DZPvJ!x&oa
zUX_5`NYsd`y;@jazqGfscU}-)UiOHmD7|xH!;mPzpae<ER{(d&o*X|xu~DX6i4FlY
zB{<SXWLeo2l?Y2nbZWzZpNK)$vVa+)X>g(UU{`LD$rL&u9K|wGB&ih(1{(+FzL~jg
zWcMambq0%RCI_i}3t&WHoUF*>?%fpxZmnuvJ;s;4)>=357oUqHm8YKHHg5ev1+gfw
zEMi)*bX-{H6FbWYXx`T8q!TmW>H7{w!8GwPZ)lCUl!yxDbw*L<`&me4-#<Q1W3Bxn
zcjvDj-BIXKwd+sidmu@F%7#p(*Xyd~Dv80`jUT!e4l3BJkk^4-|B{|v|M58G?)rt)
z?YUWHuz(2C_eh%1!^DB%3bZNXuj+UAw{W#<VDlF5CM6AE7bf~^lX_dc-gK`tHy_x>
z=zB^e+H87g%L6$Ys^uoEp^40eB|vu@Vm14W^j9ps6P_5GDPd7L?=4<?DfVdd7Dqql
zU-*kV3f(z`CY{D=8F|ZJ5j7_Ld@HLZ(bgumq0Ta>YxCs~l{d*pp?-BF#_4(ual0;F
zjr4V^<4h2T{LUF;QtKVj+_aBBvzQ=*fNX38keDgyrjCqz*^>=UctIm=n{6)6Kfl!-
zxO7>C+DGS~jq6R`rLg;j?A0@uDno;uFW6Il>4fR8WblRn#mFz#<KBVC10wR5x7~Yh
z5=JHo4rk~|baXSD7Kp}7+?c_~Qpc{?hK60nIY`9D5=&dKzLzb8ekU0kxKpuQui$o+
zuQSm?AR=1Otslf&7d(aaTNZ!cEAW&U1^PPf)R<#Q*FVE(cx`ohrtl+vIi^vwv>orc
z6^}f0^6or=Y}w)bowONaDGXOg4mg@xVHJM!l2p1+nhkya;)3!e#DELd2RCH<^pDDx
z7KG$T8=b)*8~+;O17D4;$6BX*##@Pc^`+N1&0T6*PmX}pd|F71eJdrc-l>tn1|xv^
zHk|?{+&7BAe`$rBv{flY%QRD^NxkB>b}$C$IwEtsE<eqLT^0nBEdP;tB2Ct3C5%g9
zES#y!{%Ql7*-|~Dk9mVU19Yy~Z0WXu|BMWXCW=uglR>5aEMR0Gf(y-x3+IZ@u(Et-
zmta(Ebuu8HX0a=W#i;GgycZ~*Ssk=V7+4#|6Pl>Zw^?v?6vpef=!~JKv~fb&kjl?x
zb4FAAVDLPRi@fTWmYI7`RqvZG=T|mEa!vQI`f~AUrnSijX&0l_6C0i4S)B#dN4;xw
z#v0-iAo@(v#xSfruu|cyJ&|Dw|A%a8L<hvZ?BMn~<>G+JSs&&XvCgBc!&9|A&fjWE
z3mlOlB)O?;ouTW=7fOzr#Z=S*L*5=4KuBG1&I~lLqc5aa-P9srgfD(!3mzk0&@<=u
z@tp&lwb;Gz-VsDITfc4T7l%a-Td=N(%gJ(Lj65Mii{Sdk4ZX-*PGB66lbWiulKq8Y
zzW#>>$k#jKmfq%R@kuV!5_Ta+8MYxjR!Vz{oXGwp*Nu4?PZoTIUOsJ#>KBF@MlBb=
z3;%YSUu{nijFCBUCyMsGuRxI6t<XqsWg*oGDN`ZeB(8zP(gJpB_dep|Gy!yjXc`O2
z!;-1zZ<rp;-6nvUuEl6on1L>ieu`rhJ!ji^ND@O3{a1<xxhn)bXs65yc8~oI4oQRO
z4yu+wYMWrtrCv=&=2osYcKRZYjZ1Ee5Jw5%^!LL=q9#dBm5BxRv^po060^tLmM<(>
zUiegF-<WkL+ElsYRwXjr@*-9zRhDscMJkeeQYz1}hMKgeKPjPmMndMTwK2K-DtOwX
zKsf#0mAoA1g+c{i_AU;p#Mzm<-1RZd{4)x9tT0;vz`*T*Hs^bf$uQz31YDvByYBz%
zoug|}9HA08yVo{;pdZw(3@<3=aMfl**|E{tm=%+y2kkh_R*VH#`q1k*>GDxeV<JL&
z9BdQdL(zpqZpwImX%M?AFe_Z0#btybnAr4p{uvSZaR;BuaYm`g)j5pLRTq<8=|Vz)
z&=+UJNHO$BMQ`A)<;P6CA^(@HEV8e_vA<mZj$3y4*?{8y2T9;1Zp1^kHwhGl7KsgS
zs?cdjvhdK6td4SOP{Yj~FiR`j294T8Z^Fp(1W^BOk}_!ss6m+)yN*|oV6^(g7H=l8
z3DHRo{nabpB319CO!r5`?`8~1_GQIl+Ex4(nIsr6+UUc@+@|l5BnM$YV&QOOrb4ss
z998DOR>g@_#R25imR%%;$Tu)iVdG&oB4F7oZ~~NE8j^8R%8Sb73E;QJoz@=SAGrU|
zhlUS>M;bC7?(M+Gl__-%_t)8uiHqLww?`bTn$d&XY4@FGN&tQ~c#D47xp{}(U=doo
zV3$yiVUW|J2jrZ*c?Lc>@G3`9<fDdb807jVFCi-;Zm{UwUZqk$u}bO|N&$_Srdx99
zVy2poe8<8IB}h=0BKVxcQ?`JUUlAB<T~42JrNcOkKDKDX7Ud8M0ldraG(ct9SPw*0
z?~&-uHe#hMo|RUNm3e$2sIhAL?2@t+pf>*CWF}%Uu$O;QnO{F%tDDB}vvVbs%Kwpl
z-NvWIFFQ5a6bciiC2-q)$0Z5Yd`GZ<`Z(nN)c`KUL6Mr(Js{s2wX01LurG3Jk)*Rw
zu;<A9dSBL%waWGfVEQ9dC}}_3dZe13!xzOe7}CaHcGD*JPD9;>q5v{8J;b7qwY9xE
zHKOy?gCWk%t!c;>oIFB6f8#9B7l#jOR2Qk%xg71^b$Vfn>bsFdi~>y_8X!wM>Q$9g
zuIx&2k=o-=gL$Yh^)sVG$c)doS<?PiFpsygNHV=$8su2Lw7!d*E`0cXj%A1}&;$it
zj$d%A_`*hAq<CuYx7CQ?F_cEF5<?h-yICf}T>~3x`#aZrzY^{ErNjQ7e?Lq0T{hWp
z$E&4U6t>v9XDAH&7k>Yf^R&hb)j2#+MZUky#v1##m_QX&5i~DBJ`K4xk0_s`qJBr4
z_dBwLHP&A1NSsNHk%8Id8WW@;NfS1Dn5y9FG6}o^;d^c+ZPRWLxw&HevZEX}7w`3o
zP9T<lOhiYTp;vd2rHwSgLVj+ALj2z>Aw)FQNr$L00Ub6U@4S@-yK$g8-v}pA4di;L
z#KZK`P<;lk>J9fb%jhml2`jpb%mo*{s@zojdY{SYceY!K!8N+SFBCWK)1kK!hS`zn
zaS}b&eY!tZxtFmHoR0E3474V42j!Y81&4y8u1IVTzr62|6>>^N1$$mP$^;HRcjpPT
z+ffO*YZr`5(I91J`UHUGTGD~*UL*yvGEJpm8gLhL4If?^ol?hmRvve-V{ny<vO3fr
zC33w-;OUr*f-v(yaFiwYex%t4^G=PIKpAMZ4bhzFdA$Oy<h#3YWrp3$yX!R-V(j3J
zb$ZeD0+Q%CO1qE*#v<@^`yb~F4kV{C7pv=9Z<Y76jltOH8AEN8cVyOa+ef$JX}{xu
zaS29E@uQ)>h>sxBT*|!e->X!7>eJl?1p?Ma{3jtPYTjM^AlE~rZ1}6$|7I#pI``vC
zAjpUn7%I83)E;e@_i+mYnOU43amiO|<Uq$_Po8MLW6+2e^N-*@5p?Ke&H9H!*VuAt
zuDfPcnj3G>IZAiaxCVbQ&}qA8pKQHk6RDdm3t{@4Dg<A)GrJfc&$~M4cQ&+N-3#3r
zF}HJb@08}8<>b#OIa%wOC)FYsV(2u>^aXX{z$ckw+z4$c7_~W{F143ItXPZz1PCjL
zq89(~)Aw8}h4m-a@0^C7*YJ_j8G4byPf?8^=az+B`+gi?_Cv#y-`RavKv@e5aiX_b
ze#@=NADDM9{%g_!-4h9RG;5cQ6j!(R@bB6^>e$-dVP{iXdytxTYSj}<U0A9((@6?E
zimkH8=y3H4W8OCQu29Pc^koO1Us*wM8lJLN3&G+RyvL-P&#{p;ULNgGlT4dM)(4Ak
zmutugy$MC`vYh}(hpRg>)Z8&{>o4i^WQ}z8#o9O)BpWd&TTcJzbu_{gUybP#jFGyf
zE6N{>YsW=6ZnW7-!&HzK@ZSA}uAl2$5+KQ989XOM&Y$LSI}^mqJ?#xukHwrzvpTd!
zyW#z$d9gkqER(!hko!Lz+l5r}O3L%w(>>kJkut5w%9D(AWHB`ewI)RJ?u6RpsH^~K
z@q0{EXKQ&%xHmgj+6PjEA_L;H^LVy~s~%nir>k3U5lGkD?5d1^ke0uw-%BanALXp2
z0N|Mcu8WrR77sQk|EL#uT4AtSlFFHBhf38aS{AgnriiVr+hIB186h1|X#!A%%j~g<
zUG@^qMJgw1NF>t}^`u^JPgsgAP?aqq{c#NO^IvE?&8oUF4b)uU6jFNn{8ZC0#ux`n
zCfUKShL-)_=O>>Ce1V`6lu&pz3q2sU7<7YJf32Te7CAKCs{-*0<;><0Q_Udcoifa$
z=MAGdK|cgAp<b%Vg;E@q+hn8dt#Le3-GmAmXip&QD>4DhbG{4|Gg-YBg1K2^DxNWO
zpl`#Eh<k<cnQO8JRf@1cI4lW+9lg7LyZHm--NKqdf{Qoca&NMKje9=5*(cRaj-4A~
zZc~|JRlK=bb0Ly4-Da;(I~#EpA5B=JiI;|?MUnvqXuBZgP*)|r)0Eft+J)$H6kMrB
z0&yy_c4+iY;^>w=ycUrf2K1OMo_p6U|7)#(^F&t(C(m5E-G<$@YwEx>P3KJu<De3G
z!2AgNg9~=?F7egv1z#7y?|GvupaDrZ^0E3{k_O2W?+|BiKA_61wQ3^1ar%7_HGwe)
za}4%B8c(yGqOSpgMNH~KZ?RK9e3cM7O=c;+QaXBaTGPV2BE|v^hf>{ijHO!AIt78+
zTC@>(9|2-!74QwypJ2P@7edHni>Ax3n2Jqcj9xV!s$64Y;fGN)UiOhnX=FFsi0+VJ
zybU7rEU%n5wUzb18KBb7>u?`keNA@|kC{x4E8T-NFDtenb~f^9OVjzJ==gTE;H`Cb
zhBGhOtr&Emqs^=J=8koIgjqfW$icup0R7s}4BAW4{V$9t8;1|X2%wcP@7RVVJ&)*`
zeOZ4_t^C}d$rtApW~_tMG-XqoTQP+LCE*yKk?P4aO28B+%TSvF^$Q`UJhA-WWPI=f
zyM`1yabT0~H|)zp^s@Z}{h#g8KDE4pVT?5;m-ZVf_8bkS)JeSZB&V!s=h)Ag><DnQ
zprGL!Q#GH%r~kQ3WZOnLlL~+=#p`$FEc>B_G6=8tYZH{gX#Xv{aFSQH<#QnHce;E8
z#7^E*nA&g)sAo(J8hVc0eJ|I)Akm*gDe)nv7yC)^nx|ezIh^S<l>))3gcAaODa|1f
zxe+UrgN1Xh+W**A?dJaisEyu`=r&{ARWzlM2XY-1I;%fpN&t7xli=VF`?9d0854*t
znw0PHJ#{ng>wEFF1X9Fd(>}gZ^ep=Tt3pG1B6AJT(ycWx)7t?4JJBl&T;7IqpQqO3
z{e`l_rRxAh_Hq|Z_7L%t4m%q96;nQ^8Ik)ihO@U(2mkY1P$-j!pOzg_VPS+eVB(~F
zr!-q`d+S3vMA~f2F1lE$lp}Y-`p1J!_1kX%%#&aFgvt}QQ6p^o0X03$B0$!a2VS6M
zgX~&?TJh^$Fs`2ViMwY3TB)F{H76Ym4GlEComG!R0bI!ZQAYQ<TCwx@o9rMi>byKt
ztim<HoZMw70URQ<_9LVW0xC^}FeL@l(?k3wptA$_q{6jLNfRvf1B^qd1SExo8V46r
zWF-NfRj0gTT!6y86xee-i`bCz_}nqleCa7Q=*k`iDCP9>elX-ymv4hR=Wovrp6GYJ
zTRt%XH>xf3@UE8ii{_)xMGtU}1~==7dRW+FEa5;9V!=IrCXSz2kyBm$;YYWu0ANOP
z0dTISRw5%<5XToh>}!NrLD!g82d!Qop68VBke$`xx3jB=!KjGvhUA4drXd0NP=@xp
ze>&15#t*z4W7lLKDeLK1Aswypi${`cNBLtu8tWG49f|(xaOpLwu|+%Ucg0E}PC1O6
zCpx-+Jv%g05nRp=04t|t-~wS!4Aj`2g9hVGwUMSBUcr>u9MHLNwF!@aX!_jPC8Zy)
z<B!{Om9e)gNUxkI$y<evk#<ceT~=tFo#aoLb=H;O?Q=*)<rpRt1B(sc!oSuNpScPq
z{l)xt2U?suUds71&2pGXTU&?%!$)$k*ThUIb+umdhWEH*{Qg%CS1kRm$=@OtD?z-0
zu%FU*)&dPyd-tP%EU?;u(326Hm$4?hibN~`wIA^TEf&{3r40NHM=%b&Oxl#y!9-MJ
zkw0y183YwUvTI*&nHa>T)rsq~S?pT+XKO|tGi<Ab**0uhv<Z=&hxK#%mtaVZ9XjkP
zpmKS<mC$;DA20nU<o*;Yka`l*2DAO1$y5t@_pcqTL*UR`g5l>J9RmIZ8X)-3r1(fr
zCT=yT9r`~-?!Xs562C5^DQO|Wrp~(i5$gbB#))ZjnM+l1Z%dJF32Qx^)-s2i;+Qji
zbk&fk0@)+o5!&Ax^T`5KsRX)l90_c|WVW8HY5#Q|hlpn~VL?tdU9dMlk4YF=W6B|d
zbK!d5!>&vX|E-0p@{V^QV@&k2KgMmgs)DEMnsM9KI4sra3fP_>?l?CaR9Ojg(T7Dw
znr^lL=g#to*#2Ut=OpY}4^{r}dj6VHIG4xR^Oqe(^n1v{Y@lLG+6m&ClPa5x*Xq`|
zv2=OW!ewdxMhuQwWf+D_mQBZ4(!OAKrF05V*2T4B5?J?2RN|vXFZ89R;x_cIWW5iY
zj7z?MWw2>5IG#h~*1rv{kC4+gP6S$Euq@5`jB<;wBdt4H1{5}1(_nftX1ZAT@%JRP
zW<fst4x7!~(N>&w+Za*?R!^Z+Ip8z6;WeAXrH6j3BKh(3=w-v-wbHv+y#jo$^o(%Q
zlgv1aOn`SPSJHpveN5-9X{qVbCp5;G)IF8fbff&hSNU&+ka**YPN?mZ=VW}#baUAM
ztd@&{Yg*9upMsAxLoI9ETsMQG-gzq$CbfqIUk=%{Wz8;F`1TyL7FZqBF;;p;CSs#x
z3&7U3k5M6|1e8Yoz(u=5Myt6{l$Nz;TLDNU>Kf~eJD(J0T}q)PfIsyPG=v}z4CsEE
z_U!_pRLgW;H_pT=u!OpG5Wb(b1I)ZzUkS;vHPJ@<jFjm#)^Yq8uipJW0wfovk6xRy
zUpDnr;C*kgEvd6)COno9bqQ#wVjlM=qlQ2OC7^keUEjibokLy?iu(ZhQqgRR?m3Y^
zsb@KRJX47#!V@)G>G-oY_|sD30f(^(uGBVFckG@vTRE8gBc-F&pY23@P1j})d3R1;
zxqHr#|3YVuL<?cERV`Wt0jz!6rbz~LE-2o!F22gsCQO8hY`V5?Nkc^3bTMQnSmROD
zL>lObf{!kax8X4*)R*Z<35{5kwDlJGbEj}KcNle89TSo?I9igu=EX0Cr#q6JdhHdV
z1CTE=KP`P&DOg@!!?uv=!j^AuYdY+H0%Y-KDi+{zLq&SJ>na<2EL934-i!;VzD#v_
ztP*3^NA5&Pz`JTq4DoGOzn`0sUF)B%!(mMM5BYbrf?G_jnr<I!S?J46yltFjh-`@J
ziB^R`Hz?dxXE=#1*t+F%IT)}fhZw3a*@})jCA@e;T&KOa_qSZ?I4I?m+M_;G@(EW7
zV+n&=ylj64TqP;g2Fl%v+c0Dm07`yjNeqY_wYi8yW169qYtJi>(MU}VG1Stcu2`Hh
zSlz3tNaMWo9c=-wD=qbhu>;okv3Jt+IK;Q;SjnFnl1r{rHC~)iU9({8>%pk8ZnY>)
z0B?vIP-xj6p5&s8d%)Yypvj=OCw)XgbHSg>O7cU0Y9k=!y#5`h!;BLddZw1YXK3pH
zTj$#)XzWgg01+>?Am#Jh&l(a0-XjA1&Xw{hBF2)tu=Fqebcb;64iM71?t%G?o>Jm2
zLO^7LT0XbsL7mwnC-9j`=0`7qQQ_XD&NPhk>f~_9W3?Q?@KL@;L$&pqnfmB%a)j77
zy~>#dE~%dO3DiIpWm&38_N}C5_R-U0h(Kgm#T!`A<edj7uv1rpi9{s22{2GfN9N?Y
z6z>N3l7C|ysoK+5x#Z$WAf%gPz=xlFp}s^YbBm$gDK?Y)Ft&z2GjiWGve$|Q@D4jH
zBEnzy%4jPD4@M4U4sfYkv}iu}6Nul_bOw(PWjU9;C7P}cksfdU40Br7F)Z!QOehNp
za&O$k9=c2+2H~=tGs09nNNB{8ITTfPf5^`y+FXArL2l!yX{Fyqx^EzrfUxI$3SKW0
zmwx2Eq7v$!eH=HI3hCYDd4rs!I>u|5fxA%$r#B;}lpEap7iB0ny%cs6+z4f6W>4_n
zPk|~gyEGgapGG|{p8DN%qAa=|50`m<Rrttabf7<sM!3dDLA}m~+)fD(hZVtWZl*J=
zP@R0jf8w81w2oP$L{Pd1>Ns+ieVfaN85Qe^B7h_b`v=^5GN!+g;&HZxypi)>(kpSv
zg`D0XKx;5wT~KLMd8R`ZtNq@!vM*<f1n;(kKx?}wP&p1YtnVC-mD7W#hp{oS)TI}l
zwxCGx;0y={9%Bi=aj%E-n59@+{nk`q-KQpyr3{>pq!#r>t9r#NU=*mGV#+191N%q$
z3U{Z~C43g+=f{D#9sm&>|MTqy*`-$9GW%)Uw{ACDtg=z7Pv1V!xRm7QH|g*)zk2Of
zu}M-#rg_F5JKIp5tH^0z)gc{%YUVY2J+^bfO_g}|=UuhQ|K$yd2|!JZ5(p~l_>!ub
zD~-ZPv4#i&yit#5s@q(C^}13=>LSEzWhYnoM;pK>x|KF_^e%*z!qDL*X4Je&Lr2M#
z(?Vf5miVJw`&rE<xlw1(m(+)Hf<&_y;vNNOK=WXsZ_xvW=z;oRQRfLnY9V01dy72N
z9Ed(bS*l-@mQUIBG!la^>Y1)5r^9{J?-IR48DnK!2vVReY$)D$^}r`W)n@)NNy}-7
zko~kVbnz6{WWAe2g4AD*)eA$2{YFy+-rNW?Db>|cc!_ia6^o!SB3vM3^e}MP2T7)A
zG~!zQcLQ}}Owu>j0h-g_9)ul5p#AK2MqK*3_91QvoSet0*)ttGvuRMXJyo08>e2et
z`rz)3Q#*%_snHPcmtWbI6<uORx0`o=A(<AUBSKK!D`o;35T*|b+nw<9$5QzP$Jef+
zd{_PD)N~{#O5-pfL;+M#0h^~tpB5UFUtt5}TFJFM*t)eQWg%VH?#Gt8fj8lE4g-+~
z3+oCp!s2$|ADqdCz60teH10}-V&&ge5UOFtQ7Z;Unlh?X)F(c7WWp4pTmN7F<#rG#
zn`HCfgbe5D)Pfa*0JLV{XJ^cSVn8TAcnz^SWRde)U+PkQxK?OUN}$>Cj-tP@M)6d=
zWx#XUzl`yzorQvvD5HHxquit&QGEA*auMHIz)t0Ut+<V@!_33Q{K;UOt4o)|?Knk`
zgwS+LlSlU*%Y1%H{OUjY_4)*#|EY#1rTwlq)qNS?^<M9l6`2!TR3k#D%e1~E5(;9m
z7TiclrxoWb_}-2KD|Co=PD?<T1YzbcIU1DM9fgzjDW$i<fEI*M(d3DTMIz?++2YDa
zB~q<degAzMd3k*I^RX;Yo%|9ASaQfsJecP>`&2_;UCdqzZL#9CtBsOIR=7&R5!1rQ
zwhZdAQ#m=cNGpn<Eo6gnF;`DmH3%Wpcr5F6cBrW2Rmyki@~ou*fp^wJzmdph|FA>7
z1ZaAMya>6wOyyup?j445t?~9#5bgQG$qVdC@K?=<BKk`#B#R_HFy24w@xHA&Po9})
zAw`ZfrH5~!k`U!!C&;Q=Ob!K^(axR=6t0jtw{8_#@2BOiaZX^$tZw&)_zwp+b)(M+
zfdaV{Ti-y9)`F*)eRW-gpvr_SvibWeMTtXfEwK|)1^AUcrdlxhW%vBX_jx~2-9?l%
z7`SenA<<#9ohv+l66i^X(9<y>jvwo8p17%fghO%<3^Cu+*y6c&TsZ&f-8@k#h+L7k
znQa0{6$m%KDg0Fkq@Cx}lxq!Yj(FS9P+M$|a%?XZz&$sOdjrPG&H~j(wZX(DIOmF@
z_qh>iaTmqN#*BuL=_W&WmE;$gQYes!Go5K0Q9|%8()iO(2BK_hFo;YWt7|)Z03nIz
z6Vv2#BiJ0Y_OG33_1EAhuJ}b9BsI3l)?K+EvukGlO4`$@j{m7M&)n4xd!I|{6?RYS
zLg6ns{mZe#(LeQN;i;{`@K|-aKeotA3LaMsi#)CC$blkIN%giqgfx5$TKG%IXw|A1
zm$0nwntz<QA8qX%K$)TA)xJ7&pLn3}VFTlaKGk#t0WIrr?@T((=aI!E@oc0GQ!VZE
z%g8^d{A`=jAkAY`a%@qbO{Bl!w{=B9rIio3Ed?-UFoWd;GW_E(fG5v}v*&kd*pp&M
z95D-~19}_oQ-e?Z)Dr(se3eiKB9FIR^5<uGaw)(RbIvKETMyNVc!%s*WAkeD6y>L=
z$|QBXYUV3QcTHC^R@c0OLyyiu&fx66)H1HLXnZU-d`0&t0*LMXSXr*;DOQX-(#dZs
zw9IVDn;g4ZxilJD$??M8Wd4qr5>7M@51AH!#+7r>;p)w>bead@Fi5T~+cv^X>PE?o
z0Q7eu+c30fob)S&r5GzRqBPisVa2J;NnUlr0CeV<$sa$Rv&VMDD7g<uCH0zWOg@s@
zLDc}oWom_wAaBII6zuQmt4BEkBr`}OA_?zT8P!Go{?L&{^wfV(BYh>vlYq^*Ru^55
zk&S?`p27iR$tkj-QJrX2=Z-9GU#EG84a;oeVZB<~(A6Wz;34Vm!92O~B9aDJkA#Hg
zD@0orHOsT3j!Pkmj1|(}jae*;Nm3X|ddicxn1fhogXKlP8$g54X~>6f9dj>+a~Hw{
zhc#HZZ+acZ?g^$o`tdkx+Suo;y`fGT@AW~r8AQmaDAntvxVuhXX~fga(Itk=kGtbb
z>R1w0vW`e(2UPAu9Tj`^6A(el7A~;GVJ@V|ukY8{SsKSHG<s8HpqkCIx)Fs@oGqlc
zov>I!5lT5PP`JK?SL4_XrpmNEW;|J2p!FF;l#yQ;xODO{aQroaYhEHF#lG5DQdCfK
z5k?G?Rkrt-deo!3n|=={TvE5uF!7@dCU_@&DVPR{;q#D5)e@FtNp5Roa7zsAQ+9>7
z#wCV7^?L*-C%F6#3j@1n;Cu|fPtYgD#5DFIdUXi4OCBjqXPn#f41p<2zg9I#cJ<fR
zIDdV13Y!+?U+=rai~ihZyxaRdT@x!QP6_0Oxg4qw$r2DvX;2Fm3a2CLkD^@<YT94L
zk6?0yQLDT>9!KK0Za!8b!q!iwLy9G3nah)aLt|6YU<lb%z*=l_*Y634jlAJ8gi4&c
zg&nz>IWo!Z7-^Fqw+U2?rr`SbwekGIzt)GX9kB%12Yu`T?i-^nb=Nbq6~n0PGLJ3`
z`o;OIWLs1gHg^fS(+gyHDX&6Dru#@pf+s4s{S1kUu+4Z>f2i+yi#!)w1*&`;NB)#k
z=^1fQC`5g!Rv0`qo^4D(OylzX+X-5DycBJAc-i%!3NPx)nvNi@|IP`5i~6K!rtrz0
zg=0#>(fi^nI=)zNzxRU=>jdx7Jfe3vRYGh@A2df92Q1H`?_FPQ8{@#nEpz7z`43bK
ze&QsTt*THXKh|w%tJA}b0lL@#ML@d0bfs>6@y&B&Xm~dTwt{lF;cFI&Wqh!)V4a&<
z2N@~%eLW)u=3ofkbZQIxGfOT1eZ0Pp3iQi01rq<}CLXNLG1gkqCk`8bT1fh~FG(Wm
ziKR3OECkn>wCj$F8d-)`b1P>B;+*=`Y|cM91s_*wY44Ol2{Ui@w`wTC-jZyufCtmw
zF~S+Na`r;#Be@uJ(t-`*I-m279r^E+xr)6h6AI;$B=QMTVrZ}k?Qj>!wC`i<I>0<q
z(Ej?O@JQTq6hR5m&UEdF$@FDv`z9MUQ(#YLjzFGiJN;D}n<Y*8!~)>N848{*x3l<^
z<Od_s<cr-@D0YOHiO8-YiXKtJ{%^~rZ=Tg1>nj1&lPbto5ly#z<&|~`88XmSUh?Ae
zC(vz847p|+zc>1YEX2`r7Mf2BSC^(9sy70=cN1JkxFWta7N7yZD5NOeP$?kn7^p8A
zkWD&jHeye^*d!^Pew*W*e@e}MrUNr5K{B{SL*;U_of3X@Gp&nbTU*31U(&6XEr(V=
zvocS3P7}&DBPX?=i){;@tvQPN-Z*XkV9%th6fU-@@9BS7o?vl`>YY&=x;e9k^hQe=
za+(S*Y18eL?uA}+d^nl_JK3(Yy2{;rIdcRtk=XrO2YN=1w_&bJ67Wc6^Mg8(z4d<>
zyr0!%{1;P=!YPh9IO>5ctg9UzwiV5D+KF&`jQF6(+iY~Xsx6<q>mG}TF>O}3)znh$
z&qN=k{Ym;JW)$q3Cwc&*d4Gx6pLKm&cHSflGk_pcRrJ>AtUGBd%WJq^v6w~2p+hx)
zH6}m50gv-F4ZL6s`?{t7D%}<gg*-Az1tI!@#BeW31cpXl$D%VQ&gE{@M4Z?NeeDE|
z0|)4_V9dcYqSEtJB)&iT%wtH<Xeej^92&`jvmt@Z$S8xESSvfk;!geJaIgo97m(lo
z?swsC+a=W>(stu?1u>ySMa}2Jk!#;o*@7VM_|AcRIx>^nY~@Hfi*FxJyqR+VgJ}zN
zflu{IhAVReu<jd#uQrai$&|b5J`80b7F*sI<r{X+mmUDqUh2DR`sQ(%FYYy4t9AlC
z)Zm?LR)hV>7SRo1!-1LsQi~^FV@?8K#!ZVf8pZ8Y!+Gedyw2O@R1TiRScNwgO#O!M
z{bhiLf}w-N*`MJjt)Rwo@*ddLg_1bd>tdutE6|-pZ%&iT!Tt2V>uO2RZ)(@Jyt^=-
zpCeY3<4Im!+zWyOY+t8pI()#Vx8Q*`EkaTh5124VGL<J4^<Iht7SA+wy`ic!F3s4U
zb5=Y_NevSgX94ZdX}#%ed}(*fLd8ax=KUC%8oSUd0Z%kaZ+@%hao1?Hk6I&tqsdKr
zdSqj*fiw`c=_-2{T*dsu)?&^{;X1E$DY!#eo3CrvMdx*OOs}pE&ub;mLdRH$6XmdX
ztBLEEMCF+W&&GlNN#T0T30km)uq+>yHqGLsbV%R=)bPeL@=-EIGTCztR08Ya(*Twu
zhb{8}TBG%5dcTF7cM_+a=hr@vgf5A)dd~U!DIZaT!A*kfCSe<$eM75Z#FhUU!Ia}l
zMn~^y9G8FRXZtyOYDiAX`E-*4azz+-vw8Gu*xC_2tG<Pwz|Ho|vzfeL>@}C_qlsv%
zk=2_m?6oBkQJeiI*!8dV?CQL-IXyU!0kh0pO<UzbBlttNDLebytX&b_>jHvW-!z#|
zN9G*xz;2#{RoW3ormP|<OXh}s#L&&6DCUF!0}6GLQbaap*@uVu;FzbU?2in(VFIKZ
z%Tnw{wNlB}C&sS75y{<lhUupV+Gz@zDz@n?Vu}v+xg?CNC^P50F3cW>*u(RBJ7R{W
z1s@BcE3_?za!wRjqEMdW46O6lJ=XnEElwr6yj}GBhG|e4zdsRS!9Cbr2MFSw#U;4u
zf81I_c<ag!0?wE(_u(D$KR?g<7Wov(HsZtQD9%VcEW@PQ7wzI{H%jnUwI1=d#@uD_
z9#s9RGp3<Sh(!a;@e$K%S1AA6C0~?h7~We#T)Zb@YNX~P*Fw%6HtoAXNU5PWqcPFl
z{UL7LJ}THRL=gx@w$%G9fCRo-cU5uzLYdxNqlE;d>+s&Fq+b-GB$4<mY0FS3uW6>%
z(#G%%0+_RkO~t-mtO$s$8Lzj5GlI)He;T%2D023VAi)|Z^pRk{YBQbX;8}JNxZEzK
zD>8U}9rdeic3~5gBxtjD_%=!#@5}o&09oQ|brVbU0T>__lC7+|6Xzyey7hp(k@($#
zNd`PYm<R`*0w@uD3gU?O3AFEqQc&28$tEUzYvi8k(S!U?HAp2?!9b|h5krJktm;Fg
z+jeJDoFxwxDY;fs&qx;sTD=R^G$|T$9{RuxXtmW81SWh=Opnl0t7l@BKWwK%I$KBB
zkgatrbU^g3@#G}MRSlvWnD>EaN#PYr_`z(JkAcdnw(<E8%avY6d(dSm>1-MofdZd7
ziC=_!YNSSaqT6xOJlssx!gTF~ag<Vqw1_MjE?DaVOsu2&`zkon*hMoT)=gqf@zuGQ
z7*rPxkR3Wp*8%_AO-P<5a=$RKUxbD~X^^`*C0q#v^DSh=Z7jE`GjEE?|Mksu6LW}m
zD>~SJ(LH@bnWc(Dp3WQN-K0O95P@GD@R5b)UF^k7++9QrCC)d!Xo_7m*3<vqV&P9e
z3N33CTDE7R=+PJ~$WfgUkXz9#{Y~UJM$R$fZ@6D{`3Ef<omomcf9<#)cXb#y-YTx`
zUFg2Yy>Kyykv+qz_qiBXaWx?CwAi$vOIb$6ct#h2-njgk2S?F9w6bB^!}=VqW`Z%&
zL_A*(U%Fx*v%Wsve2NO0gHV>EDwDigoe=Cl6Bh}Pc%85j;?n>@iW~#G^PdW)A@G$V
zjJUzD*MaR2a2u}{bPDml*l;h){|`%W)ro`0LRG+@!lY=pt)YCCQcs-P<;fG^A%ieq
z+iiW`-<Bju87Ve9<~HCI8b8ijt~wkH-3}bRcqs-X<Ze#00O%yin8^`!cK@uoOe&{4
zfP)Xdw;~iWN9FLDob|i(CA_{OH>OH`m<7_;Z0}6yq`H~5`GrV4H$ge<<6CzrQmdOt
zO9aRbl`P!KCy9}pqh+DJ`VA1_m%48QJ)Yk#j^`@S-fS~2i!=(pihl*T^y&orfZRoQ
zYBC=F@{Lp^D3M=!g{OJ7K73ig_Y+x?+C#1it&3gg;}w=Eo68jEIvf=_T2e@68=wW~
zRcJMd1UAUTfI%tE5wKHu1>Ck#dPrT;s7K6erCQi{k5#y?FH)x6S3|6;_fm$3@#oI=
z#F<v&TUx!Ow7`KSu@GR2o`&<Lt|JfFXIh|U((F_Qlx?2YXnP$>d!j!94;s&Nd%GW?
z_Q*`&n~SG)2wtNY$W6QTPl93^l3^l<AHo3N;fBD(#AwLg+k6y}HoUjb5(_QOgqpQZ
z!vx~6qNw1djNXH7{-+swZpc5)WTX|=cM@H0_ejv@Bq52rP^s(|xLTcA%ma>HM!3L$
zNUk@9X$Apw6?yhkt}_!m=XZz7Uy)!5&HW%4#LPVRz2Rg+hGZ|0X3l2g87P$HJ~*TX
zyDm=nI)_K(eQ^X-<zig@nTkh6pC02G^!)m{=kq)*phWVU1FD_)r{S*c&-lP%RWXpb
z@b6aaK1^P02@dixq*JCnwQ5>@<Cnb<MnFvH=bM-q2{aS`Whix;-vqCeLik3?>-l&6
zhQBug1C*mw^~*iu*_vgiIFD6%(Yfjw{aS>$2}CE8gD&0@#)~=}oV+_sp!hjX7lfc^
z+|G?i45N_#AfX<wM3lUF3aEZ|?C5VfFUBE%(q{BHdHp~#45f8@IX0r(vaIZLi9~;=
zuVOD~bLgY3i#stFtm6XCA2G$rC)JFV#C#3;)b!eitkgpFjCN$zuwzp2qXaxb6v^dq
zkc($MhX}RMX^#wFAJ&{tdcP2|qS^ayv#}`fq-xA1cf))+*cTyt-$*z36Ta%AQ%pfE
z5DWId9Mb#)%dc)s55sb0s-z`ZC3eAvcjx{wu2A#xS#Fo6#Xc(Ap}Oz1_<02ta~V%k
zE;d<G=gL5=VhTjb-twM%ow;nWh4YkNLU#-`gs5J+wL!+Rl-Le^^DfnLw|||p=soC!
z8GODx21iU6zO3-CXSxIE8CTdh(k_M<J%Zdqf?sdo;A9%!R0sOchFs>NB6g+29(f5q
zoj@?7%)E_K&_y;*0!D%a1$wUtn66q;F>5<qYJx!pq<2^5IbAk2P3Z@QBq03XZ`%dI
z@RVMB{2aVK46s3&__qkPLl&waLvtF5g@jo__ZX^*U$-b&t5N2I0zpWUpCh(0zM%}E
zVz|*pLm8qR@zN8iRJjPga`I=M@gC<7Zcyi`o%xHG=AnxWvlb;LV)41{SLDm36peS4
zjZ#&`Cf!JbS?0^@lUPM|7t8ck!k^b8r%lfw$}`=mU3F`0bf5#hJ@>FL%VjaW8GHbX
zG}Kxbe(!Se`}Hdo;wUdy!C)d4LnBhfdV@M&ytyo3SL^(`Ebjl!fJ(CWY^9z552E1_
z$&yHq`S}RKjk{)eMhldKT*6m4*T1bJ2Lsg|am7+(xEk<Xtov9uG?%$?T<ohEmtEN@
z%ERrQO^sgch$%r-4ZxW#LZUc}R8{9Q@METSF6meKpR0lj23@)x5jdB%<80`_jl9{_
zJn5K>+r+}?V9ZmA;S%(3)f3)`>0dP<L4V?e+Lb6?o%@G8lSS}+2FAVPqLYy?nC+i(
z7yqZ)zjXzEj_QJ5a<e7nV$TstZ00^WlbWLBWeC&=!+H^Y-dbhq^{oghdxIuHGPj^d
z1C?0CMURwLQqZ1cTeGTZf=L`TMARRRRVw-fm^bM<jV0a!R3+-*`qsSW1gO@#wi5j^
zvMa^Lkx*9r_2va7f<JR_JLVXJ47`&p(43~-{yIOf6X|^YPiRa>XwpwpP<l}Vn797w
zc~9wY^JqWm*hVX(<PFV-%L$%?Rmyiav8uU`+Q2$=c*o%9c!N$u{-ua}_t)0#A#h2_
z(syPts}wc%t0K|Ye<%#dX@lIgiM{9EZOFxnMgK^pW7?7|hsU?N6?}I&#P%w=-@j|E
z-%w}Vw%sy_x};~7q~X*6$O~0$fJBilq^H)>{zkLED<yIXDMqb4o_kZr8KnYOG`eq2
zu9Pbd@lU@6rzQTjyMBMa5c{Y`A;hTUqQ4m#%j{I>({^ovu2=KDWnghHGKE)4H~=Z!
z@(4?kWvbiH`HqVBpq$j#cWya77X9sm3cnQ3gHlM-t$YBuExWl*=Z__{gM+QrhB6(M
z2g8l3>mtDfGL{1rrDb1Qw%q`AcviMDziFMa^I#e%742kkEMJHZNaFPK>MbCVItCrF
zX8a{??`<^0k)ey-^P?ygAJBDIP>b*y@#p*DT2APXSXV8ZFz}7ps7-M(J7FGzGTzwA
zz^vB=rxwRKiMHu$nW)cXYqA*H9{tYiW@*J{8x7(TkbB^6Jg^H^l883Fj6&-Y?e7=|
zG^3E@=n37le0yK|o9kkPI0wS2n?OV!@#8J2`w)=S?80r`{pQ%;F?JSf1)R3<8t$Xs
zk>Et{U)w7W#-Dfb<FW*g4-M=h=sZJCbCi@}0qX7xkEQmLi5rXh;@NKxoa9_=neBlG
zeP2MWoLf`t2?aYYUg{U8@&Q0mki!^{m{S<QBY4}IkL_P0ZVE(kcyvxKSRY4g;I~Op
ztG5$5-TKx&zfch^V#EZzX^2rF`8D$zql$-gVU1#SEsk8v)0l;jHh?g|20>LvgR&o9
z3{h>v+12!|97!vl<3D^i?<rdc>%q4BDT1smmOx}*IR_#Rq4Fo?LQpxE=D%B^gw9gC
z`WP31+Ag7*IjpfeX)?;lzf5y5)o=cr`F_RiN}mujJ@HjXJDTe9D5_3`Io~-$=+Z+i
zy$m>+f6RI~{l&S<FM3+NBt2VdNyG0!CaK#{#mHn*7x2)B^ZUIzCpuj%OI4Wty1lDN
zcaJ~}3hnYkq+y#-$yoM^pb6^}snCHwSY@siBVYEox5=OCs1i?u)4a8e^y4P#^;Bt0
z0f60kS$1~xexrr-<p@Xgfk`Kq?i?_L)O}{F<`FFg0o9>`R^o3Xbqhl59@?37IC>2*
z-qG@mUs@7++>PK7Tqj)0$l|2=thju501ZJS<P0mT2;*8j65b73a+-Cv`{2Ihpz0Dw
zVf&LgQ&b#UIKpYpwh2<IPEPUge3>iyTz2^>{F?0lEvW^OAC|Y9J!%lcVoXSq1(_1&
zgg~V-)`j4L-5;`vTV5hL>_MtUclA}+O7M0Nk4qKO4pxe}yq3+o5CHb%zgLp^S55h*
z`v96;Dbn;ddV~-sRC=qsHa}__LZ!F)tuCW-IX%Jp(VQVmM{d-Jz>?$f@`;N*-tVD|
z%1+So32fo&U{!}U4wWIWms9GR?U|mpZO|xL5(xle>qlB0nQ0N60{6m-e9u`;`;T_~
zCjiQrYJP>V4;G_23zym-gSrP!Q;h$_#D?ee`^;W9@Ik)Z%8XI>7P4e^kCkYb{T3jB
za_Xa_2Gt*jQlb>;Ec?{u3iaD+FNkGOL$CogXVDPNZ#IM^M8-9c51Ch?Xe;u475zcG
zn{oJVwdpOX?lOTS4nGX+EQu0nMQV-_K$yg;qWr_^$}SP`uMZAX%s{?zQ7GaTzvYT4
zI@P{k0uUy3J8mP;im?kg5YhR3v0;Vn4SXfsGz2H(;?;Z&@V~!Y2x%t8TPdN$3rofN
zE0y9kJqM@LJ+d~aaKjT0r$S#lC&e=#am89YILgO*z+`EV1x=$-EfNI42ohFKYJ>S+
z=$a|ikSJ9hY(Job9rMYj%W&lnP0d;NeRap$4^%vm!mYv~M!UT@SzV@NTswb+kigkh
zTW^xKJOX-jo!txd*LBo{GpB}GGTqLfY0qHjCo3T%A_&|t2<vD3b|_aSm`4j6)(cQv
z7NGoH*U7alftJc~Xwj^e*hj!$n=8h*=y8ADkzf2P?hFU|j-SglIv0+tjk(o;raa%o
zaDE+4HKqo?$#NgN4UsX~;r;vcxb)e4_BgGh6%>S*xE&OU>F&Ss!DvA|Z|AnN;x>F}
zmT(W<5&AHob1H|UNFSvGWDK)fXXHisX%{eCCuSt+DmXmhixz<OjS&X*_#s+F7_ri`
zED!%bxw;AvD2%swGf-%I6h|}}CNP4T8ET9Hq*7VaL-LQwtFpIN_F^QhA8w`-=t7NL
z_BKxu$HUT<j_YHFDbM=+f$wA<U}qjt&TDsuOC=`C=tjt<2kqw-R_%kzT)vk6)Oxz$
zmoWhhq{G0&!lDp3;H{8Zh9-LYWFG}2K8yRopUS&z5V|#2gKDHdMlQhIdgjGHUlH-}
z;*zC*vwn#UPzNcF?_7LuaHlrlgV>zEqKvZbm;e3nek-jkR!?o&LIAv^<zGyNS{W@9
zug9sLumVgDRS^F<D0#K9J)L;|Xiy9(-M954!-x885X5|pl$wWO`N!L_rW$sEOk&r#
zb7-Gq&bT2&XBkzw_{xM--dw5g=}~}kts-XCj$8)RA2_rnfbY2!>d&=DSmWPJtm!CR
zuc&}OoqpKPHQN1}rZFHeOr|`$CYaHv;<zBmyyna9u+{m@3Rg5*hRb|U*6n99f3aMQ
zgA8>X-8I<10&|!FN^8+PR+so>TXwyTGTh)~ez=ST0G_3GkF<v2kFvz}vI_C#SDTP1
zw;KwV+&hzE5?dqUh=-Pl)IHBlo;bR5JKqU$sx;;fw3^)U&{222dxoE!NA09odTWPn
zD-3=uK*;2?3oPH}J;1&T$X7{7ujH?%V{UTs+1P}hZ^SGh3#Oir;&C9K6P^-(oqVv1
z7R<{zkmHFh3Wj-A$j;U;MWCTRk#7@g{~>Je0o_U^g2N4HaWHmja^<i9txXa4zu-po
z=IURdB(GhvwUBrAKof^9gwP0wzgzJ6J)|*?d-oUKU>B;bx5K6v4g1H#L~b18F<Z|s
zSgaGjy>*5Dv;Yp3bFDubdMz&*ZLL0c_iCz8rHpf+J{WvwNO)#2z%VtB7!P7Z#bHwT
zDJ72JkkU9m$s=J*-PT3xGY_e6?F`yO!L`7Ez8})DW{&}!B*D4+?=X56-Bi3VVfM<(
zij|JNVF6rkU|6O!GPvrCA&Lrvn|%=^C&*XZCF#Mn_5e-qOiAnzF2)x$Ck4*r(%13|
zFBlGlU#OZmFabu0k<DzOb)wi`97%*JPz0lR-4JZfGMj5{m-2gI7IUzbf$!j{ldwJL
z&W9wXYb8!}e`1-SjaK#=BPCsy*@Bv*B`GK!IwsFn#8)%3+4HW6j;Wy%Pg&?$)swRv
zinN)?dSc{>@w)n*KeU29qyaC*yscQe2ZqnWjWZy1r<G7L$EMmes$kozpnTZl3>NSf
zMB7;?OEu<Ydb%Md6mlpfuEO=a5xGpdMOW6QnFRytv|Bq1e2y0DMJAfPjBEbSy~}4n
z4RFHtBNC;Pa6dRVldH8S%83*TmyS@)P4AioqZH2(!VIJ#u9;U_zefY&$H2&%DC&b1
zZ%NvAaRv*o1^OxJ0;D|+W(dyk7)-0Jx)X3Yub_s(S5Ap3R|uau3;9WC;4K<URZ#zX
zvU6N-1n8KbQXN6oU6?a#1rgj7Zxkjk>-iM@(%VXyv^r<N$+b)cu(Np)B+b$ZR+wwf
zgdFiJ8w|r8#14>Rq~^m)I6Rs9@7}NgJ{6n!AhAMCF}%M7bAn<U!_A{#S(6T$C?i_v
zfL~DnA#ZVCuAr8{?euY4EbK-8033{5KM%^pXm!JEA?R%ur>S!5&^NqhlnP#1-m_?L
zVfJIy@Y~eZc{2-O$}76S74&EI{gdGnw_PzY*0xq;G~pxZaQl_KtkkJsjX{rovwU!8
z*Cz6gbrO+(33U?9+|H_j5N;<1_EFV1`bftxT%+VIdIzGMwt3Amaq0FbEIzfpn<c%z
z#`uO;Lt_p*<~d}R;khoO9rRwZG(S{`>F&9sM6Qkq)q*yWR9)6~I_3Y`l>qAa7}{PU
zyiTL^b-$<X*AuW+PhD|Z369FANx{e$Lq@g%3Z)ME!Kcd^2YPv`(5f5kBPR|l@|8n=
zdl*ap$N{o+I1L`(P}gg^q4WKn1n`cPX_W|`2d#NsI%T?!+X7jAjqTf<ELPRP7z+V|
z9RebIiIl3S+C*eIZzp%~onH}~exEQGW`>bQFs~$^&nhs4FYm2pLuQ5RYELodIvj|m
zaoxYJT*oJqj;<FJLa`Vp^qRp)^3%_)L+!$pEw*R1KI|mUD!zBvEdK?885i*C_}g>6
z5_Qbe0KGa@zce*nMo9$)_9P<J{%JSLf~7$^S!<7S0%zGb!hfhP0rGb$+ih9Sl~3B>
zk<Gay!}cGDX1)$Y9Tr#T^7bP&+r3*6!Gt47`fyn0;I%Lee*%;${plpX$>g+iZ;>YG
zxvX$pB+OxWwob%=ZT{9iClyAL?elAWS^m&n%vz{;4&25U(z}TSXc@{t(D(iOjHFoc
zyONagK;dzbdVpCg(hIcXXk*W}#GRAbq*qWo*#j2Pt=ODQ;-5Y8<7Y9j`y+%iy;bwN
zLq|uE(?16QPM%IgrcB6hpE}m)oJ@-1dePA07Ccb`M~WNz=DFR~(_XV&B?LQ&AK^ug
z*Z1B^qHb&b`2HIu+V0Z!5|x%VpCbsnM3u*>Y2Hj*UfAwQ`RIboNlDLAX%96&Y>aRY
zAL1Bs)$jWj|6kx|PTP_<s0Ln59fR2h#<^)nvR1?&eNcKhn_2t1rukGEdSN!r6WF|K
zk!hS9{Ru6drcI+&;p_OMZ6iu&c$=l^w*uWY@kJdy&*|UwOd+A`R?nk04pd_>k^E=9
zmkFt6959CGE>PSTN4LZ0qrU3M@~X*!>ozm{R-2|)gRk)w$t!MSDgnTjiXgXCp5Fu{
zxIT4Dfw&zp#m*0nurEeRf4@)HR&jptWs=#{rB{0%Pd`0fUj$_9!wV`u%>$90rkR`m
zO+*pkb#mrQL=?pY5$?Ok(;ivwLbM4D$x>?@iEv`+f2$h{&KPw;y5N~)6ifjS#nAOY
zA0%(pPi+$U*O61!ug04Llks}o0%=Qp=}+<s7rx5_e_!EW7FFCDtUqE2?D+vV<zL$q
z*yRq^_Q-0zG)MYL8wVGN<x=2q<Am4a<cr##kNj<&%QN67Xcc&X)a9+V8c!fz@f8?1
z%7RilxD7Cr2#T#k8-m@jiy=4br`B63L!t}+aaguZ0~e42V^E=o<w}+ef!0UPa?%%g
zGrfv_Qv#(NR<f+AkwSB51_iS7FS#~{Dff2!Joo;!;r^EY&)o~WTHtOhd<yyvDap#m
z5T`ve`USkW?fQXROFEhFT|=16rnO`G49EAwe>A-;DQ`ZWM7c2h_QSr<s^DJeKdo~n
zLf0>vsq};9RsB;3t&&tH_XmtDpW}y7Wgb(m_c0i&h8eMh@0Pao<EVCd46x|+?Gn=F
z_d7?o;0V~ZR*pvYv_E&o_tZ!b$3JySa9k+|8y-$E0YDrURe!cM|6DxrGH)gB#rlzZ
zpkU5~{?Ywy{d+P_)&loe9r@>ehFU$U>R4w%+=;Oas~*jZ<st20<C{4%CA@IWR_Yg3
zz1IpAt4Uzzqnrg(7%{vgx#71v0UfM$;A}S5(N!#lD7cHS${)D%Qb5K{eoMk$hxU?P
za2AjgH*Y#I)-(F19K^{oc1Cj$REgPCk1XlRboH0324Za551Mj)x=<dCXk|f}J;3Dd
z1Go|qzvmvC&ftnIU!Z`O9IS(1EShAR<=2Z^C0a(*6CL30xjw)C&Tz%gS4I23;0q&r
zhIZ)#4EW)O(;>&dWtwk2cFWze%U+;28D4d=I1%9GjwE8iN{-y4wuUz-d3w4P(M{2N
zsE2BTPE#WRJHQaj41xB~eb~JAApKI&rdbACQYx`nknxk2@*P-lx7QOrEDa5;>*=QV
zt)pQI`CY*AZg<ivdZ_k8es5vgIh4n<CSEUUi4z!BKB-#u$S5ufLl%iHw#bMZrqbs*
zFM-|#;vDYR>T4%ShlN^Sc}}6H0tKEl!=({VJc^K~N!1(D45WfXIG=fC+6~6?U0eIN
zL3s|6MOTjvO2y4k1){uI^(iz%vq>$td2Lt$Ce(=)PH`(3Wp=`=eGRJbq2V#w9di4o
z5%>iVxNnRCeamg`<TKwCcf@*1Ln#O#54N<XvfYMI`_N<fN1#<6Vo@rc4qU$?08JMz
zjR(8Z^zb{qNKSm(+Flj4FXb!3{zj6_IW|SWyjIlPD?=sjruJobF9Yft=raQuYK693
zO*=s`W8*{=3wAcdQHvuUQ5?v=viU1g-x&T-oO7^sXXGq6-oMc}gXyn7@BP4~ZXA24
zm|BgxVl!Qv1klKiPGrN*d=uJi<wsKmZqe1@LnsT8A2F3;QdSu_DrKibhToeBY=-%4
zHK_!MN)^hte$P_K_)-W=I-Cm?PZPYJ!MI7pyFE()-G9n=nB_7!K@+B5zffuXND@}d
zdspRe2ir+?AA!m8*NeR>V$s|=tIu4GY>#0Jq8`Pw>=qUW?i6@%mZhO0gh>^We=CcT
ztlWx4VDA!uV1<#O*0-Byu9=vi<wx4m!0Gj0m&V<Hk<jM7&q>xwk*UPqq?YM<y=SJa
zI6O^y&G=n)CXUx&2S;&ufxo+Z&zO6o>>jlY3i*GS4;MI~vN`yqhG4DA;(JS9!y&C&
zf-6*-q@d_i>H+pWPsbQ-q_<J({)XkzEd=fCwo6GxwCSg9X#nvvdrYx^9e(IhDe`56
zdV;INtc;%4A5YmkI-W*3Qav_KSDBt;KM7GAf8O6Ows9S43$le%q;Nq`(I&Qx59{c8
z7E@c_#E&R)m8q&HVn6mB!r-cm$`GmwZoGdP&{vOYs)A#RT;3r~Xhz6tj-okAd5_gd
z5jf-v2DQ4S0mNEE5omc&0I}->;t^F$Q<>mg$%`*1VitR)=2aB)N~*bm>~QeI_2-vi
zy4D3STVKs(!;QpvNV(fbkl8NTXc($ZDw~<#_p-!MO}$>Hcs=LOkUj*`%eG6&=Ql($
z$L7-gtdv>)wsR#yQ6NDWxv@E<N86otjv%Yf^h)#PMMl^JPTW5l1O-L6DOG2dj&8Y3
zs1B7{cH-t08{7~cp{gW%L!h}c@kZ0pZT#RudkX-2ocdyEa085#oLC-Xj)K`9Siof7
z0BX9hYOYhN9t@k}Y<4)1xPz-a&v1kjF=pLAU6?Ykirg8^pZi;tjJ>x^<K!N#p{c>`
zz#Rl*HtN2qMYjWVU|HsnbkW-72dj^j5|h=!Ho7OWzDhII%ekBVLrJc(JTO#Mk#+u{
z#jvet^eNZiVOdegq=4T4i{FUBVdjPVm?2+$dU~I4r1c()?N{T*KBPfO`$dG)HMuoR
z*oIQ@AA{ljU-NSgP9hpH0{`c&wkLtLaokE%2HYl5e36x-CtWHzRBo##m*J`hGrdWb
z4~HpoED6RV#j03Ioin!YUIl514p75$QkMf|3<mK;Y_i*ADf*vG1b4rm7j`3Q4kEc|
zOX7nsask}!61NUEi7QBq+`=|Eg%BOYJWU1us66}0>~tn2=At3Gb&ysTk`Y{mH9Exy
zN$&So8psB868|1|^GJVBJJEE+80}3y6~-5S({FEQ_|Vgp>+s1ZrYrfVAsq}f%73D%
zAANZPwkC!n5cc0Dx(Nfp9|?t!(}U!b^G)Ik2(z-`bR)(BcK)1#3Y+R&>>!gSfcP69
z<d7|#?#(vWiOIgmrbltF>$!#YZTkQ!RfTic*$3r2HVl-S3=<JWtd81#DN!|?#4oEL
z%O8s61fVvOY6XOtj~lfwyZDoGAEHmdIKD#RkXs=1A_W(9f?B<N6~pN5rT_c9+r$KV
z$qXLusmB@b+RUIC#AQy6%wzKqd;Lvy!*~wzUmsDb&WK?(x9j<fVb*}25#;fM4tZjS
z<r%BmDeXGLBvujoI-CS}iQ(AhNAV@p3c~$&iiM-}3<oyDQo4fu!=IX<F^0-B0B<5V
zdB&rGXnQ|G@ZpHM&axvB(itvHqWv4=9MtYTQ5A-)dVqY@;MO9(7Zto`hCeKpHyO)0
z7U(rcJU8$IIYYs&KgMzCK*qOo!T19)0cslx_=OmcGlXu5vT#z>5Ztk1(loZagB+mN
z9q*i9ilF59fy%l6K^D}4=a!C_=CiIA1n{Jdyp8jVO$RYR?G-W@lUU`D`q0G&9ZoiF
zr^G8^E=t|?o0pyN>f5jQGONAKM}do4!Om9Qb|*)ABjn6h$?cS(Ji?{$Mo-;!P>an*
zv^ym2t?qX)3kl&_{E-D%9D@8Vs$!=kBGw~VAjoW>=MzN!9*<C=PCkf@qz6e|f4Tpb
z&2cm;W9$rMZ8pXvvs%>@#${vPT^LI}g#SjfED`RTLGX^?KR2Y4LOIn$B)TJDj_q?7
zpX$-~iP|_fHk&lc4)<g)!;>H``3={~emRl~VmP5AcNEnRXD-x`zl}=L;QZrUY|zOw
zb7|w<t)Jz9eUG~CoR$08vk#TUL|Gyp5qkJfNn`%<@_cVU1ZWeNN4=LaQL$B2B?Yz5
zp_{m3N2ZyJ_Xw$BnBSlT0666$3s-iJ&Y(Fg^N@;dwtdFtpmwZurS5O+pJjR?CL=x1
z_){_2B14Io<Lie_3NGT!gsD_bDj7_Y0g>$1DF1V5%2<~xDi({UbJ9q01;>ilKm!V4
zCZ(OthN$5ltzXkLbWKk!)aUSak<g;LdndGOp`0u$yvwB46VTs-O~oXk;qm2}n?5;a
zeeQ!+W0Z8wq%+Dax8gsrZPsUd6!A`8SD23ouIq$RAwQIOnD~YOT{pP-m`n`oy8WR(
zfV6h#%Z<?V3{BF$&^SHMCV+oS*!p|r)qAOGNM&n=PbhjG?zl)mP_bfAR!QgDHJ|Bu
zAD(WN9pGOLwJ^bm_E~kubrOpaMNG{pXe+vJFdE~0wG_W~XE|L=n5VI^Aiz>Ey#Ta?
zUcnK0;-ABo`(d{zV9QL!6=>GpPqfD9oyx){J#C~=(F4Nc5a=R1P<?TljX6~MhuKri
z*+P=KZ^JInK5b1UCVyioY`}D&J+_%E<Wa9W4-cQFm)2$&<OT2VK;GAs72*5`NWyKI
zaw;fp<H4XMae9Hm@g{6<GcSqhI8V+p6&-d7qu=1Q!<nqZ%w$hi#l5>qhYpt3E$xEd
z&}g$jtB#@%;j2KoBK-?ew`+fLwx0J)J#iRM@J18^NupV>CEC7}(cQ~}?))J=HME?7
zdsi}X?=;+>4aMNcKmNfjPTk#JtGAjQ1h-hcF3?p|?|g5y8qJVgU=LP>hN@q6&#NS+
zJ{qGY8d_@G>7RWc3HRZ#iKV@!Bya}IbG&QK6N}`tH2u**CuGhiaJ7nNwN1b`3n^M|
z>7%3R>jiGa^=Iqp7Q`}!Ev60CYe(*77}lHF4|D?XaMBVD@qAPPi>W9SH0P_uQ_qIA
zWiR<@%<sBDRr35Gq~80y#vsiv0FSQ|{R}}@9jBx7!O3qf#aLE-?xkH2ij$XNRI?Rb
z)mYK1L)Bu@v66K%5`4foeY5of3pq8sN`m0!SBJxR2bQKYDPg|D8){gMwP9x>f1E$6
z*tkQ7Sr5NqgN(?H)$={MkBB(%MIo*n`AE(O2^6pIeb~ZKnkKP7jB36Bt(siD8d+F=
zlD&Z=-vndwMh{+c#BM?=o?I_a336agm*O>Vcllf<wHZ`-2;O6msU>ZmJ-5vIn4m1s
zhc$lcB0W3vMFU>{rJ8a`xLSaagqSBsX1m%yTHXp)B!=+M<1)v+yu1;wxG6>}ppce%
z<beI40bfo_-&2hVuI~{>OCTdyI|U!s^KH6R7OhZT7B?$QXB+V-4vV`)V^!j=eIq<Q
z4Ya0tts9Syq_y~-&Ni>$v|V}M5=9SU8!nYWjJ7jR`siK&L6nt_5$XeD2~`hN`on+n
zV-EtIhnAfx*dr!h18ol&FUcwt{*F$r&@igkn#3lQ>=u4h<LnaV*Vi@qds_PnM3#Ss
zUd}iZz&31LKWan_J%W1>Z}u)7-WN=z@|FmYw7)O)nl2$N@Lg_66q3P8j{abwP%Lp8
zjB1S6s`k});1zH8DIMZ~no<~X5Pm#!yuJpQq<-2v56tO9>u}R#&j#6B?x(+)mOn<F
zt1$F*X<5+#)xD{<8bEYaRG?5=eWexCjB=lV@#%7B^C-h~D*XV~<Xz2}*w1Hp^xcug
z3_<jtO=bDjaiB~f7lquPhLv&I@#k1t173swjM<}K4y_-}c|!%{P|rDGYA;VSBdvtI
z+4D^~%cGGa6>L5~8uepo(I3h%HZ)bdd`0@QNC<w9qu)U+5-CUSwx)2Zyk_-ICx<@f
zvv0&CY>``m94KLAJxc9Qq4}^+;OSU~9WSHlF^#gkc-{`i5EW1Tu1NK(gvuKbK2xLk
z<ePRZO21@ktp>p@DNBzET3|kAsZQL4P)SjzEN+1v^w)PdccDae5`=4BId_>P5)*n}
zcT!Ou%v;t&vr`si>fVpdS|&v8c3WoMx0xe5l7Z+5wK*PTABQ`t$eA$?0@))uz)b~*
z`>a$;!<AvlTjUU?8uz?OX5m%Xzq}t1ui@PMf)9roiY_+}7~~f<JNd{_gK%G?CH+=K
zoI+N4yG;S5>;hN|a7Z(_9L=VY+vZz17-nn5WO!21jVfD<%Ji&A3U;AX@Ffym21A}|
zta=cdU{*{L)Wm8zjoc|&x|U86Hz6wRu4#D|{KxapK#GJMf-TyMX_qnlgpd6WP54FT
z^)#X`%-hw)?vzcz732~VdYU)e;fRH#v+b`N$;#-6Jwidt>Txi|dk~TPe-s;Ku1An8
zluq6i%u`r0U#czn8SMSEf2#BAA>3c}`x_1OZXCTmriZg298iD)46E%gg{rQC26N`T
zu?pS?m{j1oc1J0a5%=7lAc`ysBW)0oR-iuq@4R|oOaAQ*_c8sgNSM)H6zB0_OR>GI
z&5d5gFE{DOx_@L+D*p-2pH`IP)8hn!Sc^CHSa@vEokL%sF&oEMwAV!gUC^*;C)1@8
zXbJ9xST|7g>i-R#Ih1rIo(x)Tv=lmvb>dBqS=ffVUy7zpR^s>sl0g=)3ItnsZzWaB
z{A(cE9y_PIpt%l}IN7UL1NHqaPJAK3ypD5<(Qk+{*0Z-C7VM}w7w8)M3It8JySW_5
zv0@U!w$kn{BUf-syOZO>gic&?Q4Bdfkg91v--z*Ybp3%E3Q;2(;gfDXx#27jaXW#}
z4jk3>IKwo>Q5}TcgK-@dOjjB;-HNuUkxJjDb1s>)qV&-ABoTjs{@Px1c*g|E*0b|6
zH&x)_W!6lUU<6L=`W2opx{R2w;~8Ri!R_~a0vx>x;Zgv-49;1nW$DI<00-Ylve&6v
zS-XsjC}Io^DxuN_gNULzur~SPLaI~<1r9X$pl?03xyHu)CGNeq{6<}4_DZ<vUF`7L
z>@$}pI2WW=UTc7BEwAtMKwJjX2~>$+?1K$H2Q<r!9sVLXt=I9eBY<wA%Jd}tK-J8h
zXKQR@_}jRctxf8%=!W0rnqBTK0qu*;H)~DFmH~(ublmZ@F^RrH8})-B1zBfqC7!Ha
zLGet9%Y_1W@%JjYMLz1auJQ(RQ->p&QD>(vQTJI-yfJvl<c9hr7eNkU=LVow^l*H*
z^-TOVnqX*Q1E-D*+{p%GE=k{j!~tF)fpv5Cb=hcym5xCESV~->xw$Qc+x%jfTYENW
z?Ieq$JSp=_>oKYW*_)KkK{J4)@uz!d$o~sWqo-mUEEH{VobSUD7i^AqFwC4lbPl0i
z9OmHOfaspZ*1tf-c-H&nW&q8;dw;5^7xrB#t7v~=Pezq48N~}@$sW%c-ZG=UNQ(`F
zfzNC`6P@l^L1Qn5yqa-{3}<}M>hO(}AGJf30cZ-hAt&7ZC(-)0hWlMuuuq_nM>pMy
z-pFc}0V|9uRY(ykCEiZs`yeGJAAqxy1O6$zLr*ZU1__$m*mnv7O-=f|GMDk>b3cAX
zXZ}U|Ba3<MZkep&QfaWZPnNROd~EluiB2J{^&(qg?_+R*+nrpOZ(N6{xDT$$M0`RC
zYxKXVAoANs0v6y~D~h_2O^r`4$aEC1^Ny?7m;(4i^bbK=V-4xyXxOA2a~ZMrEP7`7
zZqR!!&Q?lNI)k9U<NJ(eDaav3)1fwI|3%w4-I|;w$5yiGvi)vr$G!*V`LL*dovoji
zAJ>M-04$tVU?K<>)+XLcBdd{67!=Txp7I*(pH`)AA!*Ai+q~fZI23XJ!GJ4kTk6fG
zJ-DZ0a*>P{Gxw?dKd++%RKfNJB{B0E!vdbeB2OBuE&~g24gKYomv!YnClBn8GT8}%
zN`|AtD6-u`A|Y}$F8uZEo<x$;#T(FEUG$f6WUK8bbAh8Gl8l{8vnCD)$;MCP&RJ|R
zX?}74$2TKJo}vSc!`U7D1$lVJRK25M5=slhdrjzV5iIqeV!wKtRFRb)*nyMprev4v
zy$XDe<Zh%ps?tPI85}eh_~srL#JkS-5rN}DO-2R0$h)}6JBJyaEkO_bWH_67-!Who
z$2JQCh#G-<$Ac3n@>T4f5@j!jr;FlHvozepsH@>JvKycjR3gHLi}WZqO*~Wg1o3iu
z0e_w1B5j+j?VkBWm%3?#WVs^o5Q}3;x75ndk>}Ukwe#&L+=PQ^v{hj{h(@i#94q7;
z5mJ|T-W46k>kOEX9dPW}O@6R2)2hG6$0z2vg6qYWBW>GNV&u}~d#my{w`AZTY=^Bs
zeO6T|g)1O2VLzO%nR3GBgCayM5EQ<?-_YV7?W0gT?dlddDfavGUTx>|i44K?49q=l
zzxOjc^l&mBfu``(_aB(6_aSHUk_g>S2MeXwDCYkg&=r4ONRk6yRu3YfREI0{TmTKb
z%VibiB>8)D#Z>GBL4yauYb_({?aSYJ1%mt6;?*@Tu{S$HvbZa6^!{e|P>59S^TDWW
z(3ofhLeJtJq0Zr~BcHVz^AEDY+1Il5%_MDug6C|+&1IOYef*B`8Ouf%K1_RnXu^Hh
zOpI`wm5YB!U%DKw8NKaceRu$lO>A!%iFDNzoh<x_D++$0ZTW+tjTClB%q~1!!NN-Y
zri4oj5EfX%-FoOB4;0f7Zy#w5s36oajEkZ&lJXF^nBm;DHV@b`VYU)JuhU6=A4(>a
zyMBdr(+EImk6g}o`V{g`A+7Bh&yecDMTgIny+{nTeA)SBz(H}`x9j<rFRpfQ`x%3X
z0j>)7V_)Kk(S9JR&704`VYU*5vbW1p?1;VHh1oqJ-3jv-vxe{Xp{=LRK?=fZs9)$d
zsp}-FQzkD&X+oXS1<r6%EdH$=*!`rJ-NWyzK3$cT9Vt5-t0+v%ZTn%&Cks`ljKJKo
zL5<h+M2@0D&=n=`>f`3;08yriEkVW#^=$<Jp7bbh<zJM7q{USxi)h4uN?I%w_@fs%
zlV4zAsyAlwv4SY^z&(qBH{h5Gn1+wG4?E9{skX>jwg&Hm>4kFZ=Y7f{UPf^wxN$Lu
z{g%+_AcmY}(|Zxlq=qks!{L@rG0<Vhx)M~t%p#P{A2d+U)O}VN1QFpZtB?T@^s%3Y
zvE42e#3eubq94&}>{yuG?Mely5n@3Ejgj&RqRobw4K@UBPFSS-MJMrwKrrpjr)_MS
z)^u76TvDw`-Hl|1U$HhOa2-diEVAGMsle&=6Ps#!)Ul<KbuI;$g!kfUJE}F-72$-!
zV9ngfSC8ZZ1QGybXb{jD4X80Ms}vrm*>U5hCSXpy<%u;xQk{}!`*Gc$S8&<bikCM6
z7FKMif5q9Pe4M}v)?8-QvC`m{Ox%Gy5LD8ZZbrrnraKewo<lD^xW-Htvnzy3*x0SL
zO!Zb?lfZ;;Y2$Fm2ydWuuw$AmdgUi+_`Sp_L|0eX*eZbu)rOOfIOV0?Pn)CALMyAC
zhXFYM=mPwx0-+D&D`v=4Hz^%BH6{V^<1W3s$?r%{n)OpQs&*`GYHr8na|U!2b5%vW
zvHFZVSeI{XCrx{{`8!_<nu0&rhR6li!!xk5HXJVJ+84s*O3QY&?ND)eq&3f6_yg>P
zxfs6C_HxNv>|mML+Pl`x)sz5+v)VC9OYG>JG}~y2)W~BF4`3wb%JR-wb9ZsvDrHsS
z5`!t*TkR&X0k<0bL4SaAkk$s#qB-lz!Shpg$6Gj2eq4XSjgrbf<1SvGu>~Se6aO9U
z6?_wU9t#KB-){WJE&lS5U+e2JGOhVbsPov-IH)dcPG35@hrXEpDf-O6%ZLS4E^Sh%
z-(UVYRM%LC&u^;Ahs)U&@XVy~UGNLQ28VY85)7g74z%HM?0}f|Qw(r#twC>rxoW~=
z8NxguY8@6GQt&flR1OTQQ<Lx+e$CzuY`o1kCiebq-W{4I>YeiYPFE`G4s})?#v!-|
z|5&^<_$s)b*GQc{1}y2|m<}YXu0C}G;C=C&a^@H<<=@o&hROHRXC4UWL|kHNyxIB-
zGe!XB90W4jaCXfWW-(K=VMJ&4Sj8L)G1F2czo^D*4`%uMgFmL(vhT{$VzS!5DU$Z;
zZ29O`B#S_dby<)_?>4a`jV!I7No^(I2{I^kau{YeLR`gD)cDkkG2j+-Sb%s0lHKor
zh&74xD9~i;kdtikuIMllu0})sDPg_fHs-$kFM>kvF<1Bkx2<Z;`xm^EV~id3bH69p
z`B;|#84(@S!3m94+0c#r3VmNzh!0tC3&9u&s=R|Wfz1M=0V&qOe84<SiQZA$a8#11
zE`H<S&8jZ7<{J|kH!*{<&`=7TaZw66j_N3kDOK;+QD#gMVVBKevxZ~5ow$w2rvM7o
zqC+>&4r}l01mNumm!D?&j+V^l9?Lg2&-X(Abbq9j;994uvJYf6s*7)fa1xHjQ9khL
z<!PRumB}Q?zgDTJnfeM*IPV7J<%p2)rWd@p3A70HuSCJ@FYSQl6;ZMd5h9*~P58Au
z@qw!39u*sp!a^(PeL%YF1*!3QjhAgsP>1-$Nu%rY*+Z_@eUq-8A=8d=6{PG>@CQTD
zZePv*`c>Ma0JcPB@$sGHs!{h5SP&$ULBRO0UkbYHkuD4h(8~gFo?Is*g#Tq393X@+
zs;T@hGBj(njaw<V7Vf>3>&cPV(!DFv5WQ&pXkMl4!UmK!>2Hh`D%1sdJ^vh?jKMj_
zG3V|mm`yG60O-Mh94Fjl*z02dR>$ae1W*h5KQ~``J}Wd(a1*f2iL(Pr-K4Uurtv!i
zs2GM@Z`xwv4E=7s;YaKH$;E!4ljX9Yk(E$^q1%R4m3zNGJCR}0(N-4Y7c}<3vibUO
zxw`3y`N4ivLaw}an_epd%m{-4EgWS%zjSipJ!o@3H&7q#^~Z7?=oU)}InF)z_APpH
zxUL+`@X1&x&b!Qi$R+FTdHnU1SYu&qbKsw_PBD}f_dJqvR<LdG1Y7=4zYLXox7*>A
zXG$MI6p14lj~C7j@y(lCHm}-|WHScJ?pA}F*K&lGumASaSH3}~L8Q0F`Z4nWuDT8-
z@L&2vD9g`*Q~Y3HgOh0y&d;pRiST<Rf={>`Npq%<j_OlX?+9wP?8K0nis_IrP=`i$
zvbb!&qqS*kNTe-pXx+y}&Qjoi{vp0Cs*lz@68}cBM(Eg%86%Aub!6|MeR;fC@|xHK
zk%7YKisq7U;}UgYxN5?yb80XSgs)8b+zF@X(H?hAiv3x&FBR2&g;eLYz<lZ(FcBt4
zQOoy%vdlX@y-WWR;^yvl-zcVxdUUldFUfj)(%<mGM5;p_-OWu?8bjhN?Id+&<8Sl=
za<~+LQ7o!fwvdfK$1=IzQjo6!d{WKHi@;|k>)ZbU71}?Mrrc&WF+wZg1!Z0}HR8w}
zO}kT#*rkp)|NE)7<LoID$O}|}3TE-A{_;vTFC#&>Y!Y>Rh{tvh;-fu$A#o0}v+DO6
zx+H!7(DQJ<6T)8=HJ)2a)_P;E_yZ-kZkx#BhBQU*__zEp@f{Q+07E;>KK)TtKx$4#
zZ(8u*98&l0rTOV`@z*vCqcJ|eNTEZB!);~BDwxn;#Xd9}i!!vF)+V0xYE2b>@}pGs
z1E%ca&1z2VguWkV?BR$C5Jk)6tu7-hQ9BP?YW+W-YI>^$_zld&<s!n33-Vc^VmG%*
z4%fKgh$W@*;4$p9tudznHGQpHq8xu8MOs>RbylzW^sNgo@8sSqvcJs9Z<)V88*kh}
zy8YSk!-swlAQs=dph;A?pbc<D_}zBlI9>QA!zzDQmS*?PuKmVotx0Md+DCJVtSaRE
zRqh23#T8)e2CdQLHF_sIZF8b<1)OQQ3Ulw{aE4EVN9N?Drh^SDx(x-;D!dWR%@;Df
zROMX61zQALNJl$bJRZ6PUmte-Snp2Ei1=46l7Zzuv&9w+VGQjdK=Mj8BXonqGFUYF
zCNHkuTDwl8cZ&+1!nKlLX^ad(kS3Rby8eKOG%q=+0(b3cYGx16W;f(*8IxRojQTf(
zIaTgPyM(lx6W<g$;w|*PL5eLG)Zz_8=2GX2Se4AX$8c7Qa5lSi9g#v(xf|2UG0th5
z^h|e>S%L)=xFGm!Kn46AE&{3P_$cEruv3Kj*dmlxtWqJxbfHy*P3A07>yp%X<}7(#
zk9ji~{WAW6^^I1S550ilh$peem<K`ZJr8dtDQi9XXK}(R(?N!L0#3JUPU_Mfz9bKw
zLH$9}R@be7&)Yx<6W4lSL;q%%WgcD4@GSqS_Tm&*&d-QBr=2Yb>!aFm!Ld5SXEM41
z?3d>BIg%{LVHVPvC;2rl2$|<jsRm|>N<}kh%-MHLKxR|Oa##a48!Gz|`T#vZ!oQb3
zw2lo{|BOsvp4Xx0O)PfxjG<u4yV$C^^vzB+N*D~X5y^0EG+5m33bmBnA-E59vQ9i{
zAKemM%?*U$kdsQ!O*`SXoegE~*Te760`XYyrD#{fS$MD>;XR=q0gvmA__2ek???AJ
zhEm7IK%l;hjRV^EiN(Rkd%Bn9dM2UQ1fHKH$9y2uw~mr(R0XwD<KEw`c0nn!fGIH*
z!$Im*uH66XQZ>Me%eb%Q6wB3)*fw*NZ>ntl);ZoJaJ;DD+3^?(nAjoj0^LG_zK8BI
z4z$22Q5y;|1DX_%lG28Q4_0L^TMl!!vnec-Bx|9E#Ny#u`3IR)UkZ_vYy_3VD385|
zN4r^fbvBTHnD^x;EIsGINuDPFDr{z@^ufGf4;;}4W=H<fzKRnvlpD{kCe+H8)boSH
zdMz^2DkSzH0LnMvQ<pMCG=`PVa5ZOe3MCtiW_A0H-DG_EqOAEV_a}U?_OFgZYy1pX
z;DrHMQ;xduL4sx2>@IZ@5DKh*BX(X?XRAAL+fxcqZF=4HacuD+jpf>Jx|14*+0dw;
z()=4w?pCnH+~jOO;_!Nfj&Y-mt2rxJ{gHo22(Cb*V$!mr8gCSqMAv|yENd#N6~ced
zyTOF;6L87j3&M3=ypL?sn3C}jwO)6+qe5Z1r)2@3t{z>oO;TMcw=WMn{uQQjV{w>}
z<*3??FJ)AZn1Cm9PQbtTQn#4r(#-mladP!SG)xXP;VE*n=Q^x$O079ND(BpLDyr+_
z+oDRf*y>_lJ(PmemlVi1Pd{vylpZKpm?B4i=c7^@1j)`q|6`LOiI!8YfSl5s{sQVR
z3WN2Nwj8ovY1voa>_r1<;jl{9&Zci;3n(Rq(SaG=b{QlnHaB!L16e=9Gt{WJ)=S)>
zKZ4{lIJl&usnI~2^>PbMbFZjdT<am_J7FPt)qgIyaA^rq%-CY|I@8QY`Y{2=QgXf|
z#tssoWd%rHfwvgo{EddKWbpW`q0C?3)WVa@c-H2=L2Ecw1{qxIuN4w!NZHf0whww4
zhQHe;fgb8ANM(N;GAv#75m{n!PBo++_tZ~b_-D*AonE`_M14-aGSc9Z8}BbtKHFMY
z6(;x5J$-pf+%l~9STQ=cpRj=@YkX1r=RWmylg8X6p7+6yqE#ced$JZZ<3WvfVBn$e
zRj|U%vjLkifqq@_pH{uEI%o@G$ykWKsH5j`#nKNS9;eHI)5=HHYO&m(1!CoBni7dm
za0MiwSe}~xic*a%ZS}BgDk}X0PKzqRK*vI*kRGf#SDGZKfch}~NR(T9M+%Q1u58t$
z9jwy$(nF>uyJaMw`aWvx{~+qualR5f7+h!x#mKvbB!ko3v?L88lTB|QC<WWVm}=>N
zX{(34@e0qrY3?y}%(ZfM_7Tp_3;0KcXT++^SX!&LZ#H(5R<<fUhCK(L|3o<KfKA6V
zuO;CKZS&2;bWHqdl1)sk&ai|vi>qtAs0mwzC$q2YDb<-@L#v^~pHP@Sa4s1L1ZXa(
zbpUWFiY&qXdN4Sc*)yy<N}QBMTN*%PcRWVzm;p(c&Y<SGq{pW=Lc5#Fq7O$$1qS;+
zs9?6yUBs)=zMb=P)_ZE5uokVNbIg!mC7&G*c9C6syILQ5Q<9Rx^=Tc1<DNY)i>hTV
z<6e}hV}JE^1&_S@1sEDhjCj+8dPG>rzgkb!hD$6_l|)Q1S<3ul_5)<`vW8WA77sZ?
zH%BH1gr!XCBMT4r_n@8(l#4)`WPbB2M7(v*dp4F5Wq!h8KpJRJYa>I|2Cq#&9pBUz
z5SS|Wv8*>7<Es1$a89yd<--k!$?Z~mVG?^`k9s0mY1$N<@&98ir&zcKUwQ#bv$1yl
zfy|xYh41Ajn7(l7Jv*w`m3o>87N_}D{1r$#Wl6CIApV=U%(5qD)soJZSwEO@LR1<$
zz9e9_Ea3gqq3jZbJaJ(z=`?d@$$D5bqYB$`T)U^5<IMz3JVPg-?L7%;t3gbEH}Pm1
zXo=sUp_K#K;zyi(oz{<_@g|f)?y;!&|H8|5J}75kp>j7RvcyGuh9~GBX5TH=u&h^t
z0#`)J@{k#myDbsQ5Og6!Y}oYj7isPxgi`+#NWgXrpQ`8a(u$lw7{(YkgG^F4VR+`Q
z4#Mt=P^J78^ehd)&e!5^3pKKrTfdh6_g*spw{I!V6j>&s2kpk8__&*Lt<8a}{7bG{
z%h*-h>njRfqZszz5B5T(eVqS25Lv4whISG>XX=PwwpV0|dv9jXc+ZqQaw0)?!3z${
z>&SvQXXc7Og{d-0eH98J+f8z4vuxo5_q#ZAw#NlT7e_2<m8X%ebNb$3<6X1<Gc|zR
z2NN_`GMH#5%I4=gv%)i!?DHgE7X_?U%05tuqZ%bkXzaegd2oZzy3WVgX6D#gylW+b
zxhpfpcm_Ywqh_hWo;@IA8v~;{TpBmCmCaWcecb$Sr5@$J&*pxY_cfxgkoF}C<c(R>
z+CKN7vhlp|G#<{O{Bk3B(3aByjmOk<+s{3^K8hb@#f08$9Vg}}`=1gZphOV7jHh&a
z4SJpae_Q=2Tr>3P${NmgT{{y1{$Bc?KW-?rd!8n3lnjbS6s>js4N=ZbG3Ia&O+W@S
zhKLQH9hTGPjQDmG-g<+-P9`&UN^8Q5SoOfgVoC5imqIJ|d`5@m*pFI9wnM-k%)%x6
zhrDI1&AXWw>Wpk__;X!f3BV&>>a~&El3p~=vot)TDd<I^kFY8Rz>{bZHUp9B<hW`P
z{~_ld-C?A3TJ>Bo>ca&L&)om1T96s6>Ea!(kLn5zRAvx6tx4VchWRG}AAY7V<{?SJ
zgP5hP!-F8pux)<VrS4F4!qwS&=}-@VQzeu02PCZpJy93)^M~|mKIyZFAG2XWT5ORg
zUB7U+Zx6!$*{O4<64yW+N-ZXRduq^$5u^v~1BFD@aylpU#ZzyNlZHHX4;&`q{}#Zh
zFmr9wsuj9_PfC(lWU_%3>g<wOuqynv$%uyZ7mjFajIR4&@&UlX_7B26C3{IEf>pcu
zH!FQ(c-S;vDNnCo@PxMs4^E>u->witugZ1CgNPjNvFrmf-ZF`xGS$s9KF<4)-x3yo
z&%a_^FRI!%tXzA$VhU=N_c!KYWk)&lvZ_%c<X2JhCTg;gzA3*t;;76QIz0~idtT?h
z*K{<$zSUFvc>lTH+%(}91`mcRPtW+*n~CMn-*fy;LXOx!k#dqpzP~6;s1O8k58+a@
zYd#*Yz=Q6P>84eQ!CREtu$E8<RuXwb6UC$5bQpT~bdG&k852pAbcCF3bP4zzS>IhX
zOr^kDO>78&<ggtJ<p!1Qmiaa7F8kg*uHlrotzz@Es2r}y`S6;g_rp%K8~pYnVMjGA
zX%tPd=#8<c5JrqW0a9n2G~(HNs;4?;o|TirDu3P5ykrlt)us`sFKU7x?bHB+7=`h|
z5%gBIa5wKL94cq?2^=ffj=lOy<m{U<%lZMLGx45MER!F=5p^l7JT>sok+UjweW5B(
z=*tCS{o@R}r_sJMqhy}8YftezC)I!sEp^f{IX645)kqHTa2Py7#}O=*_16kaOv%Ss
zOb2kq;T-(@U3e2*mCzG?Phg0r<tnR>f_(rQ>9dx+GY&rs<nMt{xCLPkjFRH5kuuo}
zBSU-m#0<Yz@?mnJ4@z271_aa)C^1=ZeOlLd;kTP|h_VfI$e!{AK>QK^oibyd=o<<3
zMU4KTY%%(Ugz5@pUkUm@m!xS|l)5t<ED-7OZ(#xF{XB0c9fsZ;M>CgR?oGHuKG6B#
zLr;bfCOztuwGl~_b@)}Tw+d?^C>oHZWXoPAGee69t3xXr0L*bBY(W{mc;#r_*r^6D
z@{hzM3Bz_2DB2xEIMD=-4ZhnB@qpv~2bj;z6?tn*ghXW(7)}!)d)ClAu)zm`T8c%~
zjL6;R`F8$>l6rw_-pmPDx&!rvO8U#HOwJmJ$bL)O7PE)yqNG4wAR~Z`$%RPdM^k+~
zkaEt$|6Hyoqs+_j%hwl03m=2k^>?3HY|$>E9dL;tdBL-fSfXbNnZuMK{{jF%9q0#k
z(kn;{2rA~F(|Cm=Z3h$K)ypEp^nnXUnJJrAC60PJ0VHtjtkZ+XTGC=889qhJRcB4$
z&oz-Y9QG62t3$!=Wj;qsZ?XzM(?m9ITvq@a2ap?5Szkgx66zVjWo`nM!vQus8b=2Y
zgXbGazq8cOU$cI+U1qhY1?z&zlBs~)%nM{x1TG1GAaIDu^RX`hotCiP1$c~HFULsy
zmXqD7;w;?Mf+6^szL9d2#N9Wimxt5aCt_8!&!4g&axkBn*~?`=_E)+HCddZge9bjL
z^fqwOWFOWu2Kp1s>Mt7XgQxQ)XE;{2lGINR5vG*M2aO%&87m-QR?6=HKtx`gf&Tb;
znp0!J(lxvaVOoAMq0>j=vRwM#SSdY~db$f&&RNY)2Iz_CeljU+@gRF)<4b0S=Bc*{
zlGygh+C#yrxj@%9Dbf{!Omb3DpZlv~zY1)))F_xMxu924pAKi@=Ftu9D*h|#F>+fO
zTVC{7WmZ|c<v9&>PSlZb%n^-yNM`3%VqmT=_EyE|bcD6dS4CzMF4%VeO5PkgDmH_U
zvAcI+pp-dC5zH{ln$lm^ZG3ceS*U&S-f=0^>C|Lj1zP>Nc0Xpz9<{oY@^Q~4Sn_;I
zLyLipON=0DRmlr*Vp>LU+1IVKTf{Fjbt7lO3NL}fwccc}&S?4Jq{5cdb}HR@^ou6R
zgR6Y)o)G$=v2@?mVBI>@{Vbyi70g$k!vwo{?rG0}X4#L`n#r0bNG{rZX_$7@%c(GP
zp%)T;FXuL+%4uqnD+a|oys71l8%qW(mUmD_gnj#|`>;?SKX%8cMV$0ERBoe?8Ta3=
z?w9ol>2|n^ndXUP<Jsu*=zv7*?JLc-2O$VcN9Zv1V_<(=vm37wKLw7_7Z55w?_3b$
zG@Uqv6wi)s^UepOC!ziD@D=o0orKGkh~T=@#yN(eauCaMer=n=_e_*Nfsr5?O4ggp
zC{&A%$Of3`b$TK^FUlY3_R_Z1rU$saHJB8I@l<+_?+bT5>->>yPJvSu%WA013Wi~U
zMq1Xu!Jn^sCmWoRA*e52!%FU8gMqd}UlkhR@MbOpNi3%I_=@f%L(8d)liU%%P#77B
zsu?@ywntxb2yxc8b7);B|7BegF@$$@%2*&?GQDZ7HKGQWE+1`!ybkS?|6!FsZREqG
z7x}IMHZ(R=@$uZ#tDRo=azvA^nIk@?4qDX60-lVKtFtAb1ucQ17Q_wAAD)EjU>Jb3
zLGLLM!fF1MPvIU^%W{B1btrVts2UYXsR6=okspYdB9SmpA0+JdC=3<F$REZ1YJz-S
zn2H-z6wkT}8w07Uz0ny4>CY4G7lUD`U+%T`)#(p>0?7X8gny(1mj$7K9v$A&JAX42
zUI~Xr3lOhD5v8R)xYZoYT0P~`=o|9ahM6b;@`SzlD*0y@5W@OOIgVnXR{&xi$^Um_
zctp;O-@v?WgJ)+$-fP1W!5S_&9xZEfipYPFEaH%^N)4wn&_FBG>!tl2*LI@`pon5J
z@G{dj(Iy~Pa}WHU*v}gZo8Ga&q9IY9?|E0=R09O*fP>a^IxKpvQxfIf!CR92#_hu*
zt~CLpq1Ed$qhSru;t<$t#1vNIZ>-yfN}312y)L#4Da*L*9i6kBHl=JkGF`IySfc?*
z`*{FnyisliztPG=ya^QUL(TR|^VmnGdQCU!Ok!*h@tca8A3e~D?qB4&nJl)ohEOEm
zR4;Si9UNcPg|YJXe4UJ;C(03oZe7h9OID=1vP!Lcg4`8YQvL)N$KA;B#toG_f*+f9
z_@ZX@@K@`PYy|?+vi+CZs=()%3<ZJM#>znc%+~j)fNY~hWlj>~qg~R>D%BYYgFf=~
znnN^JiCUriOoddF-eTcduwX&29>B(5;989Z!vSfnMJPNTn8*?Nxx?1Ad$nwApKB5@
z1;@937F5$qXE<t38|mXxU-y{UX9E{RL3?os8I%>`Ty7QYPH(h^P;borFq%@=EsH-b
zY-$bdIQhL&uhTNW?}2gPAry!VDxp_P4u_ypYNXiT0{fIOSOOt+7t|3jIa3wZ@b7(3
z(QaV{C#gTeCeB4*MW}c&0hZEiNtffGU?Sy8-`s0rE+z!VBWs^tV03dIJ!KOo)6^Bt
z26zTku>iG3OHAD<_BWi%$tnwYqU`sO+`cbm7Wv56h%~26Tq~-f2>Y9BB?hB7>_vWo
z@GfBL(sKk@-0_8hlrE#3pYBZ&EU%HwwqWpasRF*tQI?-D2{$8QcPjDkgq7@BQ;_Gr
zlFaoL5uKa;1yNM#))G6uOvcUN_zK-3Nh$Tf_~+F*J}TmAp2prRYP{IRc&kD`yVn<F
z($n-R;K)){SSXY>f&9$F=bpnHf2#~2KLw2!)D5~dz&f)kDz3IFWGaR#)vF#gSiSwo
z$rd~{jEk0A3~FZ>QPM4fY#?%8;u%@v8_?BClmqYTAO7%XSaGeeHl&fh_Aqt@u#;KF
z>`zlIR(vwLL%p4Wz+HN5eDSRC!JcP5H@Bd>^Ygk6#OYa7jhkL~aMm>hl>fe{{mA=F
zi)|-7nWEh5b`JCpJ4chCh#aSB#3EMNVvVx_{}o<_`+wl$aE{WsIj2B{d_>Rz0VY{{
z29gRL!mQWF;N%gFI_wf#IjsfkFzU1z2{n+S3*j<=M-&eY4m9(BfhVt7mk=MZhG9gs
zu$I!vz5H(sP}OZO6%yI6K;YjHUf9t$P8D<NFO#=eHu;SFuc!GwQIw;2su@8NmD2%M
zZS^o`@X|LF!42@#78}ALH%6rMwC_@OPPH`1uoTPD``R>pB`<9D`iT3f9mSeXgS^Oy
zhBX57KV0x-W2rtTT=`)9U7>Q+tGH)Ri>cbLi`d)P^ncflUscQ1m{uzBy|j8|JP~XB
zZ3sRImL>nqG8?gd^U<we5lEesZ^qrQnZ0{=%pAVkMgU5eMy$i~6>P-}!kMXyRlnZF
zU@S5qp6Q|_QDA{NxXuxTbp+fiUn;0Y&mb4EP7oBO+S>R0I)Uk(2n`egU!q}F9h7bJ
z$Y~_XBggfPKbEgqvNY3kj8|l;#l)d;Pkack&1gpww&+o9t}!?J|K_iDsY)t9!^aq%
zTS)%#DM{^2TU$?<@^Nw1$z&eh2Ehv%%e;XKa3;k|6hMi&S>@>F)uq3Dq*X<vVE6lu
z<e{Y(dWZoH8<pW2B!Hi(xP2sr7MgY@e+B(+_bRCIIN?w~9WhLaaUc4?qwvK@WH1`a
zen;UvsCH}{uG){A2j4s_teyA_WLM=_*Z2aW?V(CW&W{;v<DT9b^2@A@P)v;UjM_C#
z&Tu=x%lr)LTTX%|olFt$`{aW5QPp7;myM!fYy8)Wy{9B1cNhR4$;?1y2fqJvG5`kt
zsdd#{DfRQ`d4tzOv4e(@62{l{v1x7?l{eH}rYsc<*9S}^urCW;7ID7=$E|ZN-n04J
z?zMyXDX6^Z`w+3<y+4c?9_J7Mi>mX{%8TCx$VGw1qHirPdV{kZ)gs`5&V>kL`2ute
z@~$4jH=0(cH?pD+2~5$d1G5-z&*vhUjSPae8e-c&9RdrWgog;2Wk%;;_2tBu7>p@4
zcHY8(s??osFE2_rK#{caW}tc9{z2+dDv$=2$1-~3-{__9G&N(Z?{fHoKQBZk{sW{T
zfz{jwI+!($bzj}8>*^Y$gbzlt9+iQsCPyvk7V*Qm>0{n|wp&4>>vE_=Q|*=(w&p{+
zm6~aVNQiUE75xMxM89cVRGnEsXKoiUH3c!w@TDPe26dq2lv^@OpuOAmomS)<b1eqF
zUw^-D8M0>lHB{8u7J3#dG7k<#eM8o_q^l=!8U~({xyp7=Y|YkTaPZfXIMP<0sjAuI
zOUc15*%!NWL<?2Ty-h3P%W0rl!=gbzW{k_zkoQ_3RqXQfSM(-G7^&2b$=*Jvlu7ld
zbm5pM*Omk<#79}nR;9f4@~l>+Iw(0z@~WKn2jMI;be~|4c?C3iKmxZ&vCw)19o`1}
zT#`CsOC9eqeGxXA^#E3bgZvD((m&^dPqNPXb}Nh$WKGcYO(~yJxCEOcU{*M68}Lr2
z-00ZBuda}&-MW@6a)+|!<f<4|i=ey{lc>;@-}vIHjC#3CS#2YEl+thtwB{b8CB}bb
zTStuueOUTKF0lg8nb&OuDyb@)U(1@Gk9>ELFFZv%rpe9u(?lhy2#~+u&x$f!B`dC?
z-g@UI!SBUcXW9tTG<97sI`=yt{L9o{C<~W31IF#zTe*PP{g?YoVdC%n5#OmraOJ?a
zO#>8jf{8E&W&viXWdAWBMwGnrPX4v9%-Rm^l}SlU47t7OMb1<>_=0Z}u_jRN<4UJr
zUNq?SJ4HzoT~H3*H;^Mt;8MAGNaQWZr%_kUY@A&kQrN2JwJQ>Gz_;^_jfT|5m>7P2
z`6n~eaaGbw2w{RImlV3vpkD@doq#_YiuVpGzh2ywnqxBki+-k1Zh{5+gI<(z?(OvU
z2hj5Ko3QIh&n_fcdXgxeSXeS__3r5BSA*ZTlH;*kV}=`e%xqWMo@p-VV;EpeKiTf}
z#?RWQ^W?aBADYtIJ9Hh96uVDqEdnVZ{5U=693TZeF|%7=oly>Vt#j_}wM;D)R&**m
z8b*H&@{(6%@^&8A8Ta<3PXZWOZF_{GEA-s79w@}u$-v>Y0w(ZL?E~n8scXLZbR7}y
zxrv!ekAqObi38($r&3GPf)ENiN1$n2Zz0lzHe-rS5j?iC-8Y28IC6CdPTHn!)>3CH
z7jM;I{FEWGHt><^<wpHn|0W(H7S8~&HYbxoZb337yNiZW>sTV*G}dVYrmC-#1zO&s
z1P_e*4Z7R6zxvnS{4a5wDx`(;GqVXyyLgq`;8r~iCLX}?__R+RYfrX`<bjNfdg5x|
zPh8)}$7(Gtjl#*h&9DrwTIMvD5o;jYIQTHMHsghZIVyglrV^A)zRp=}JdB@<5_m}x
z`S;I4F}`YCnnzPRHY%1}F7QS8AeF>t4fJr`lqinPtz5t_PuQAriP>2}D1M+iiZUQI
zNwtr+oFKD{$OH=$XH;XtG889Zj9mBAQYl<41ogw}o#RH_LqZV1*NY}6Sk%g|p;5Zh
zc@_B7LNY9Ad5q7J)|Dupp>HPCf-2TY87CVIuSR2sAEF&gHVXMl|10xXf5KWBCkyL|
zf(J-o55v(l4Wnf}@W{MFm$5aq+C%F>*%RzMREKa!%@<;=Vgi}vu*eyzBn=qu5-B1r
zlOv?u_+QdRSfQg3xuVXlXaeN(`1?zjaY#ypSeZSR*b!9ac!_RLc3M_Y(;5_;^A^cK
zvT!v@R?oT7x#+Lq>yDi@wM|ONbQN~Ao&nHjZK8z-{j{nTtgxR^1bbChuYYpKJdaeA
z$u%^in5h_<s`^TJ0u$-AZ2^kth&V;jDsk%>DkjsOIJ~*$6v;k^{s%R|N%;t!)C4Y#
zE=JNeYFV*OWjXdRdi~8)y%T&BcfXJ4w$HJ!en+U;V34?wZH2XK%<jo)OR>fe+W3F`
z)@+ZYeo;UJEWEFd0F<k@55KG4a$0t{h;<zU!-byC2xgOH-qbs6V_f-c$<37Dl7oOD
z*nm?KnC|Q-@KpO2EG|Ql(2tS?(m7He7#_@um{e<fX?uO@IeVmoCx;X7=z!lVV06Wg
ztwFhm6N<JQYoZT|GsDpFQ^#iC-!{^W_MSP@xdKJih|3#B-RRm6keLNLHL-b^D&B`l
zC?%5vmZy2B>=YJ;c0F0hmEiR+Ptac9ndD}7VqPZ|8<y&JL}!=fTb-s?3+A_0^akR_
zt)Wgzq8r36HVs7ae>_^up_E|v+1rA_<!){US=VM@qS~)rDNP<jh>41XEk(LuP>^Vw
zD^lqlZ)Uj$UTVfuNsJU0TkP&*jO`qMM}{v4n4WGKBn&|PhA}^BdQ90S(DsjA7)ZO?
zB4(o?Px`j6vtBF4l*K0su`XeVNw=>!r$s0BYNS!&XQ2Glo?nd3c<0RAN<!Jp)=+q&
z>?C}oTJnBh>R78kv{)Gu)_UXR7d9-qLj}4Q-dV;g=e(-4osR?OU&LrO8wrYWvDmm1
zw<x<Z$taCG<~x`2J$+}o$*v&17lYiM=d&d$Y3Geqh?=yz^d!O@1{i{V@PvNG#ycL6
z)vL)vp;*M=ODXC>0;zM<qZ^}rUfT6L*DErL&G}ibf;541w88x0Yh+5NpyQ@7O6g#O
zE|OeMZ#4<~_`_wOb8oQQx9}JY?)+e-%5BO39$m*8RJ{{UpOE@><$9^zf4LK)?e4>y
zbkiYIV$`lKrZ)geiT`1xN&vD^EXz}~@ze}k95xqY&U}lZ-?!gP2*w}pDk&sHn*%sw
zABfKcJt7Yxn3BOiEpe5RmExE<<H5~?bxtA#4T-N0(MtKR8RKY&FvxO)-sADi$GV9L
zMF^H3@9R!=kEh;sj8~GSwwqS+Jw3a-`6=qBj5CPT6y`Pbwf-sdGCT02i2ZT^5&<$#
zqkO;U8QmK6b3-%}F7u31#FUlYa}?zVnAX?yp2sVOu363rz+KbYKTupc+A6>Kuz87I
z#1DCBn8$vXUSNzTpfb(pn312o$01=FFlQhkViJ4tZ2C@d)ocm~NRk1T;nS@4n!Hhr
z6y!&*9IF!!Rkk^_Pio`rZS|Reuv0-VMpXj*wYvH272O@Hhx{bQ`+EA^DgshkAtO-o
zG#76}*w{?i8@_}O&e6Wjy*8@Yqi6n2cwj-gO^pG#Hj#*=Mu~^MnXU8{VFjepv4f!r
zlOFOyaZo~;KdLFvGdOC1oQTQO1ThI6j68K8y`SLk)=+;0@ED<Y%|vBnb8f+h1@W&H
zx*mHbCi)^Di4AiPf`&mFUa)I~2L^pb>!3rnR1uj_^G@E%?W@Tgx;VzLupVp>l{N4?
z7t}xtPv&M`Q|a%?`wM<-8TviO*GfJZ(s9z7F8F!+C%Ad$B7?=>FyQVJ@(WWAxdDN!
zWOhqwXru@Dl|G(j?o4Oi&S_@QK(S^X0c2Vn1s!%_?$&iKI{E>%_>??>9#eOTwAHqz
z$$@y5-`n}4_osJLdEUOqYgUDAIj#Sxoy@V@v8iaFPLcfx+E<dWbN{U0hqm%8(IaMu
zu;+Ot9dG4<3eNndL><j_BSea>&#^6k+!nrj?AR~utc`X7hx)|z547-i&|>T=aA|7}
z6z(;=Cf0L!B%bkPU8pNni7OV_pA~%pU5r}E(uI_r9J!dRcT{qgmuC_7R^(_{Zb;r3
z-ACKJG)dqyr%#n)=2?}s;@uzU&X&2qjuwS|^7>&Sx*F9P#mw6mXhW_CBPmSG*X-?Q
z@E%y8z|T2<3WJ+9egbq9^d(m;mK_)fT@~SMlbT87rqKzM290D2e=)eBYk-w!3H!l~
zyv3|VI~I5*VovRsa+per!2Idvx*AfV$aa74s~!7MSQ0^~$t>b)_TY`_-8XpQnmY|O
zj6zT?`5H#Wyo)Lg4)WPeTbc1pr%lb<PJ}Kjv_Oad^2%}x(k1>e#JTTh0n2&^N3bOb
zwXQC7lCMUNf^{A}Lra3+VNzU1GNkqRSZHq@Hx&VY*Z$KXX}EosVlbq+k%sijqn{{C
zryoI0nqJm;-b^{VdRS&csG7O^)DtGRHbn+1wiYTN?Nup+6RgP-&Wlqf^xs^qB33O)
zRza^N1ooI?|1naf2nE$q=|})^^U&B9poq&B)FEaRW#7WgqV4NwEo6N8wKI^8!H13^
zG~*5TR8TaYW8Is2DKMo%d!Lw59xGi_^2(iSYwVv%SqzOc*xV(`(F)!l@zxX?3*x3K
zCZY?ygZSkb%e*+!3{R?Rc7%?y$4))EQYIcYVA~vW0BQ|pcLF5|O7y-}Bt456YR_<Y
z9&?(IDwG;2fAKW|ZheW@bq^Rsw%!lt33ob*6|Md1d5J83Ll2p8X52+tt+HeAS28mw
zewP#eng7$>2C17Z9pW<#$+fPDa8&}>x@$LM|Lh+K2BzAvKmJYwFPOWHLe%?lBi5m;
zJv)t4F|+5jly%nk23(}e$GGi#Crow+Y~w3Ow#9QZ%jX9j)cuZ;re~K#hAN*%Ag^Tf
zjF>yR<>4@M#^@b`u;khURLPkG|GUm2hX;4}20KUQ>4r<FM*{mcuG{!K)sBR_F)_PK
zxNyjjBdb8<@?%nV>PDSJfBLzvcG^Q{)aJxokxnVs4c03k?cB5rY;Cagh(qHV(5kx*
zrwKt{zt4TH9uf|4Xvn&CCxuG-W{{7)k64~XxmVkge&o8x%3m>yD>mF4JIEO^ZpBsU
zF>RybABSxbh;8~=|M%w#Ply%K!Y<uU;52!ISb*X93vB&tGp_gX^4HhKIVMz>1}13j
zCFH?zbM2mlJEVNxCyHeG)Uhk|Jv*pZO9Krpt%WEINfqtSHO}GHf=qcS@U=ORXJ}Zq
zCwV>xfMR5oHL<8b)PKz_y4Y)ZP{;x0+%i}bFhmA=$o)DJI3wC0;6hh$4;JdHP4dTY
zk~*>H<Rva)+qhBypjPI}I+J%)gs}7&?o#&Y7VXQrII*Yqltnd4{(c1W09CzqJcJ^7
z(=8-E*zhn#|8Fmc-&9i@a@aOLG?bby<+#^uLA9C=1AYG2K38&7$`nqTaT)n^E%n7!
zM=IJblmz+hDf?ttPm|y@(~sL#@9#eO<Bi$Cm?Uk%iQkiOnF1p_1Xx9Zg74Y|``>=~
z;`&uY4cL!AKdD1es&seW`%CnZj)TIw-i^qstMa+SGW)PEdqj-npq%`%u6!dmB4f~R
zZeZiLYUpg_PgBgfvz2CF^lIWPqWhA%$OSx0W+uNNyZ5mLbR2*9(qKACURSo0Z!ZQ;
zbb_~s13p+-G1WsgGSsVIXpE=*QM<pGhf%Z#hDgbH7AT1{Zg_m1XVOOHWwgE^YG;&P
z|7~Yj#Ufmtu_^zX-bootwDRX(&K#+FF>;P0{WOG+Ei9?9O01P8^5pCFNe1<}y-lc9
zU~mBQ#uQ3g#?uuXV+ZS746n<Wrem_5dubdQ?fVUXlf5J!fV4z^#tPRrn`{`%$BpIb
zSkS?WPg5+Dm8t1{nP<qpGt@)Oc6}+{zMh81NnL;r4!U%^voU(&UD>(|!%|a747u1^
zI_*#8=2!tgp=ZY(67QChZ5OLGQ~XWkZKGRdqpZR2)LsTA7)q9V2;9}nt5#v4Ys14O
z3Y=aVk}Zz+Rk!L3dTdE|OTEDNNVgK+bE;S8R5*NT7x<*L;K5NxA>i84r4XP3us11S
z=1ZoEBAdZU_kU6Whnes!P`B$UF=<z}URnUzqzBjPT|`s-%f$WCmz;Mioo~quAV!|v
zudLlY06s+bZS|0Th`-}4ih@3*(5hM9289dw!MulLL*EM87_wTRZFp#Bak2@zQrxj3
z_(#(F$Obo3J0!7tLfwqVpQZNsc@lZkw;*lUMe*b%usZA!<%K8}YQMJ+24W&Ho=O1&
zf9#D>8jl5z_MXQ6Qw~}vjM`(dj_F%;rLaT>7xMHpeR5QuFLeLG_sqBQcqd6wV$SP~
z{6WrbQ6D}?FR&uc8evVxWHUL80y`QC;*N9i_*0p0;6#avl60UJocUmPez^JRX3<N1
zMx#GgpC6lGVgWfaep0WoTzwlahnDvKyg@3iqNqBk4^wW~ytN%4+3F_HC^98Is;hg^
zL6vcij#S8;Vz>5yboyp9l7r147cjjnSWeGL-qZW>i*a4awpE^4hwZ^&`ShW4zn!DR
zXv!8c<V%AgFZ}4w%CDumTh7<R-3|C+)OawIS=Z%ga{Pkcx8N<hixihJqUBJ<LH1<g
zv!3<33~=|MA|)s3M>9~0|7$pLzD!J9G2gKFmQ-G>qvFng+PIjP`XG5|zQ%R?5;{jE
zZEQw9UGx#Qj!3-<FJw-})PQumdlQ4KE^BPHWM$nZNGx01v{6J;;R-Zxn8P2NqIEyk
z-I_Y90<)O0i1dn>cIbl}a=+gf<)r%(`IxRzjcq{nVUX5yr*xYJjRxe{vD;O-XU<^*
zzyiB@4jrGqpYvSt1Q0#Z7<>5@Y=Ih}cet2%rB9lmp8h~->W{pW{-L(hSHK;+f^a7Y
zMM^TQfQ?Bj8Z7;NChs$Bi>b3@{odgBH}6)yR07`RjlzCN@```^XvPe2jdK_3Z&7HF
z*v05QmhCdPU#uRdL`eE%Aq{s-8kQ}o{zneW2J%Vs|2V8_4HCeS6a9WLX+rvuPWT3q
z{4<mfU&)@F$@}jiCL-zOR>110p3Gw$bLB7mpPn@1kWQ*b$ZGvv3a*U?-MkcM6jL^;
zYUo!`$(F+f7LnIWBI4G=5{@QvM}YDOVsd0G?>xxLRKBX!U9>Nuk*i;A_>CT%$SP5(
z={WWJDJX7{tEOZgq8D6TRam`>_!9g8g00s!JqW)M@b-Z9M1!iA6W;8KA2>Pw%vZUE
zrnXr+*7PK2ne5hLisSFOuaF6I5Z)y@3>T-Upcj1jH_g!+3emb$p2*@q%t!zq@zW%`
zbWde&c24ib{pCqenhy4*cci(b>hSns;QYgskk$RMK!Y%Kf*T%4O?M-Zyow-G0#(TO
zFvcRTGGVt-Q-0sw-n2W%Y<;sWBz)E1;R}2A3}kZmfo@_bKrh!no-KXC&$qDiR{}RL
zs8<bvt~pU|lA}8i-y2}_@N=%ag_2w#jctqhCm@=mJ7D8bWKymc&>>9Po2rFszYX8*
z>HFDYaRYwS6x(A`w1PGF8ThFT81b?9F)|P5+%FVL7C>a{2DCEg6p=Or&qN5&0Y4&?
zDT+^?rn=l8>ppFoPQ(R#TkaeT2%$nEcE7aAqjJ+Q@iQ@%(>Y);`Z93@A^zET{k2cM
zxNLG|!D(3rD%2R(C8B0B`S(A;+zA8u^y^_BM&~ZB!QFbx^lW1_nfn@14D58EQ{SzA
zq#88lD~<UD;(t0EWWeQC<Yh2(AHoJ3<_^Ne>KFW0UqeZ|sTxulj}KF;7UnaeC`@g%
zY5C&9lZV|Y$eb0SAP6r(=h+TM-C!yilIBL@uX+;5ieB`BtCk9I4wv^g|G17^^C6vj
ze%Ip~zmV{|m*&Rc21EbYQmr*ff}oCaaBERz{k)lU@mb`lV(ITQnyrkvQHk0sE=VC4
z#ii{*oQz@wx3&bq5JX-a&`Ov|{_KYA8st5nY#Yb}A(#-!jN0t2@fZoIQ$6M}Rv{ZE
zqw^e%m!aCZOUBY82_(ef9}_H}qb7-9AWEI^FXe;2tRul$j^G2oB^MdNz}R4eL`QFH
zgilBRN}o-|DyTsDpa2~rg=GI&ntOR~{*<ULO+hv_=&w%Ndq6ZEvMuFnHTt3a@uRcf
zk%E8;f~T1(Gr5RZb7K^~l%1>j>`h6M(?9zT6;*NdCqy{AcQkYs%M4A57MW_7ineTn
z+~`Hzq4>;{n;0gHMGrANKbV&<uiE)Ljdl@nE7!OiAO*wyssHp7hd3N3ytMx<O4`|x
zG3T8|r;s~dZ{`o+D|JVv2S3KaU~s&tG(s6z?1#0k8A8*7a(TxYm_h399De;!yH2|M
zN3z?k|93~VD=-d<d@1{G{Bu}Z^N|lpSPE+)uBxv)KuvdW|3pcyo|4>90PbE^CRsR}
zq2B7Qnih%n;q~cML+goU<Y8!54Hqf;OE9lh@D!pBx5d+3La}?5(g8))5$Bwp(b&WJ
z^2btqVjc$#UqqvThPILZ)Ok^dvVWgXW(d2H$h5s3PS^8;$iwMmGE6BqQwC9>E+#E3
zI2i4iqbgC1It(g?<;oHx)4ZsbzF7qTMH-D|vKks!{3lPL>^!oRL?$*bUjH1!S4W9?
zyhA6#2cyb!`7`_PWc4t4#W&r;>r`r<zTej+IOV~=N}qL%5T{9P*`>+doq0BkYmYat
z*j^$SwS>zFSB{8up>+K##pM2{esm(|uG28*eG8s^OfG(>A-m0zWL#TODwu_3o{`IF
zX>b<>?!ei$Q;yZxlZ1VD1oxkQdJY7-b#WMXoP}*WMQUsstNvK2aTErdFiRkj9VJ!O
zgSekGq2ZpJ0?j?C6V&;VB9jGFau>~VDXRu4_sV!i;)^^gn~+*#ch$j00HK|LjQ7ql
z6~6W7&he?R8+v9;n4sP<@($D;k=5cA1<0{iI;2~E-AHfEyAq7PoJTW0su@0N4tZ>M
z4WE5QZx#3c2cq(+9#qWM(^o6$+*mmo8&R>#wO*ET74A%Yy@(%>XA?V+-N>G#G%Lxw
zw(zyfqP#7NucU5MgU;Jnn>T)x+ItgXqhd17g*FXML@`SI(+b27HF?*iF|)jX2PfoY
zRqqdBR<Bjs-H&)s{F!pC@d(2XSygTfJcf|Phm@btj7Zl_5<iYiY%Wp<o5!H>{qE8I
z7BTY7FEkKl2;aw9C8z$R5=}s5>Z!H+pI0-ea$pFN&|UAwN%%nWS{w!E#08;!^%o{_
z))gpg{OAI>651n?5HaE~hT7$Irg#jK57)GTtur-J`#&PmdYixs2n?mQN&Qy~((l3T
zndBMRk<(8YON>N-J9+>>y<xgwOpj>w@t#Tzd!q`}m<s2m<T}OSlW`XNx=@?Pk<nZq
zZCyf85_GS|_4wPao}zM8v=gkK7MoxVqJ?n${yfG-8k<A9FfMsv`C&x0@8;vU$KTzZ
zEsZby8U)WVJrn@%j%0B1EAYcmUD-5~?k&IFE+)u(FH~#T;oe{=K$nz7DHmcbLBeMF
zTN+8;<OdQ!BaTO7K;1}B%2)bQ9h)>}AU{B|0srrh**4y9C6Tph79%25^;pSwpWQY(
zO!i<&^nHJvSjA4w-gR_x&!c8xL781D;U)e10B_xOA_$BW!$K2ir<_tp&{17yH7pdl
zHM{~@bWjc@qbHbeQ-C3a=e-p*Adfc-WJ&d%kTu2zfToQ5BL{9j5yDyWP&g6nIR+0<
z7!QFoB=$#Z1i)ZKX6$S<{ZwTH>eW-n*g<5b$U$007di`^QJyx>y8S%2g|9lD`ZBR$
zhtp)^jvShFZ3HBN<~SsR_CQy3wo5L;561eZfJewg2J%pwnsyXg_u}a5(_7UNfps1y
z;~8W%gYX0GwcVY6Sbi*NQ7R5z#}#TZV17Tb7-r|)4GrQAMEyRS*49L7R8ON7nV4Rc
zjGZ%(-aD-!{M&QDF29_%juZwTfY_Ae+=^#Z^m%@ciGo?#iz5h1{^~v**G|z;UIPDU
zFR`f*R>*)TvkQ+CKcf9UT-V<y6W#*{mH&C8@+yTeO3%<InRv>5e_7E~M1Zk;GHHkW
z(mmUY23YxPK$`mPXZ}|dQZ3}-co09QPp@)SrWd2`>Tc0Jx@<&EhT5`SEM=rcR%n2i
zmtJ5a0)wPaIW*Z_?y)PnUQ<n(g!gfCD&7u{$P7wehG#PEm|6q+uj_=8PoVH;@bqIY
zmvR>qyB3)MQ=j6<&z#S6L-&gkYnC*S`?xf(^Dk+ywH2DYkFA%9{k>)Pp)9(n#2V6h
zi><iO%8FH=`2A2R4P;|)vZD!beVGQJO7U5imnSWGAgeOW-&*)nDXaVnQl}CTIBvXa
zsrI+J>&<T1#c8RxX?C8N*<1%=8=SM3_k?WW%zKeqNZvz)GKZOXR9Cyowy5Dt3$x~o
zi6G8(t}f@3Z2+w7mg#<m=*yP<Ia3y{j$*h(ZU|8B1l$Qn=aPrbLdTNEygv2oW1w&S
zKw7c?lAZ8MqQ)=Z7y3fdmMf4fGa)Xc&YMsP^~W-NMvHDo>p3w9@@ITyrOkww5f)k~
znzedht6J9+2zf+GeO<Tf;@OC~j|{Q3nhx@t?Wv4tKt(H&&PZB_(uJm{X;F5f^reT|
zRz=w2$-4iwR{4?$X&dJd76iOo;XUn>*ty>mx3Aj4Qs@|FnBBqk<=8IO9#e!P8F(Xi
z*=nOQ>Z*$N<jaAqHjbq76z_5&8d4UByj`VH8=)7v$rLE@N_IuPuh>`5sqOYos_O4#
z$7;6tOT!dVbpug9*;4$b1@)CegLK1St`?Tpew!EZD`=|Hyr|^GIM;pRqhu7C#-~`=
zdAdO479ge@UK3j&OCDm!0Xc`Pm%%ZRo?u)5y}UgxZl3|%B%k{REe0pOD$)b^ScG<s
z*SyTpH9AfYO;r^1py%K4p}~Ky*Q&G5q8NsAAG_|6;sR2irrFCNeEgxq+iB)d4n`wc
zkm_nKH5OPO2kupIem4G;N^0HZ-ZGe3a+*{@u0Sl}_J?*0+X&JY(1y4~&C<t1<l8-b
zMyx&nLvKH`qKlUKjteZOq2}TaP?Q0&ftKfzC%-qSQ`_466J@zBzb4Se9QP(&oAkMu
zuDisLKrvZ(FnvUiML67I6L4tg?f;YEfFC*UOM&q*yi_(@m8mffM_FB^@8!VGdfbI5
za+21Wq?B-tv5R-+UYYDvS!wC~`R+8eK{2_CpntEhPfu)T;rG9U;(l(iH(YA(OXC0=
zz>7D8p()$vy!#iE7l$PBo$8Iz<15@Zi&){nz-%`Vp}dQfJ$v4ux^!_lKdf{g>$192
zUNc&AU6qc4l*3@$BCq@sPlygd=L>c$UuvaV<EOJ%pCMj5u(E#x`hlaF&d3t!lEbNX
zGt{A0B^s+d&Ejd&hj#&6e;c<ZnrwVm4@1gt7%ARx!IwR;krP+V;0|3MRs)f#6T*$~
zQQK)cxr~`DS3MDTm<~$9-}%tEc!~0@R%U?_cEF<iMXSusTXt6hz8`G?e?Iu5$b*KA
zQNu9imcEeX?bEd@PzC&t${&&N<MRrYZ}j$?pha*@l5zf737m&V6IG?NT^<AFhG-(E
zfyzZO72~HuTefD7i~WV5rjrnppbx!ED}6623X#s072}okbe=InAQ<lXdN$Td0{l`(
zbxH!H@=={&7@Dj!Bmobtj=;*x{STHiCpoDd2iPKhlcIpSoz*C<tS!Ix8DE8>YwBe@
zdroA(0%Z#tjdPTP;URg(8UgCv{GKk_O=aHhOOD$Y84gyUS^iA5S{mB<`5&QX1`g&>
zYy!o(tosjGoNXxYHD)#>N4vRiLl;Uhm!**xsV+X2?MXg+1xQOXwysUa8~cG^gefM@
z+8^_Vs{vkn)QrAH@bo6VzR#%N(1abJ1Zk`|yYpWe{9x-rPSM^)TgH^+xP2QG;Of;T
zR$<4X*qF=}t&F|y0@HX>lGx#be{W=vzvF-@p@9V-lFLjwb`O#0v?yPU76LE}IoXiv
z;MunnV@e)U>IdJK#tqUqa!0jXY9s40Y3LApG@nQXn;yMsIuXz$$BCIms<DU&>27LE
z;6Xi1_;yDM7-ZJuV)_8S#lJS5521p%LA0S_utOi{1?=cN{8}989u(S_Lb*Z3FWmHg
z-NKRYlZpoQaqc}dA``+VPf@P6*2wfuRMkdeYg_W&#OG&INP`Ww9QN9|b;coTpiWZX
zR}iP&c1dCQusEpxM3Y9;{TAiW<gWjZVE{~x@F4#lZ4<W*(Y4hRzuuG?Z9BUs{`@HR
zmYm?VDAkok!6x)x9znx_MB9=b*gZp{6xeerm$%?~Sr6j#!XU1g{hL;%q)oqwYV|x0
zg?hVwbtAD2e#IXxaU6$)GTo#deMaH(L~_B-i2=`2rh{Nq(>~>s)2e%-_av}!tzG_-
zd;HYAfa)+@E?G_LjUaZ((TIH=6fNb`K(#jHI`8$OWepo>SAKpQ);zz%AaD|ENF$y%
zQB^NJ7~?kK22jj8AkW4VTLV28#4E*0ygy8G$y~lyRe+4M>BY<;1Z2un4H5V0R3cY<
z=l+)QY9WmKF0*F8OXP7RgPkr8CHk=nD+>zvMR__Bq(7iW>Gp0`PDEH)ZbeSEx;iD2
z3d$_vx6XDayw~Qz4=`=p#DAXa+(P9)@WAo=(Xo+B$J1IWhQDpllBOFC0;{Gl$r>ci
zrtKZ3uwr@bcJlIO+3w7Qa#THR*32X9V^_C@fY7QBZUz^%W=j?dlO5bT8>Du~a;jLy
z*pFy+*MA-2{N{3N@&ZD%F@o?|prCM%c$`5HzJGs2nLzOKYng3u{0z6On~Jv;T+xf}
zt<mVRC>lBYZ|zpx{YYt56pzdn;tm@1c9ACPjAIPLm$IS7M-9%%9pPnq<xE;=y0r_@
zf4+gako@xuAkMr0Q%8B<um{-SOpf~xI>PX5ba6l{u3T+UQ3*=hQ9WlCQISNhHw-uL
z17f`KZ*%i>il*5P?hBds$KH+ji<8J=OVXXzbl}BfL=1b&O5uS0S$OIv6L}YDulmw9
z`>I;nfDoNuh#CFJp@I*iBZg0~ebVdh_4<)Iw}elua+M=$(WUNu{BX4_hgTEe8OXiu
zpHLc8!qlaBWX#Z$QryTk@c^)B2pX${n&OKm0+`P!X=Cz6a}M-mOf;^9VqlPWfaVfX
zR#nQw;(5X8r~={Nc{I6J7O<w6Z2_ZIG&75d#hHaLrMKrF6!r_SOgB#%fzMM7nGCaD
zW%%5;TU*l#ioKZz3hFKy(BT<C?=D~A#`%lDggW<=2W}~be&g6;qT`tpeo(%;zDE7M
z;s!zEl>U^~JeFvpmOugOA7(~8y-0*v_4d_6|C+fqnmNE<H_nc5#Jq?<(z{XOT|j&Z
z`MkR}taV-`s_x5+b-^id_wD-uZ}9>NNHO;MDXcw(vo(pJyB`OFE+yTfd*mByej<~m
zm!W{U#0;b<%ln1STt+xOg|0Ar?YX{<pS9Jwwy|ZThYWCq7T)K4BXHUJ<(E<dZ{t%6
zT%3wQ;P%&rqHwIg_}m9LL0jFy4)Ys2Wo+w;JljULqAyxu7;>g^rt~;0sDr-%ce#iL
zLRRXiUg&Q@*BNFW`Z$Al&UmwkWeDq|h?}(cf&XI!6&X6*c2iG%>Tvm64PCcdY+ltl
zWA_9ulTgkYiq7<YrxQBx+REHUT0I`oy)(rN<z`v`#&~PN=GzKG*hOs}EtL9ahpVtS
zA|iM-kL}xgX7K-%6R=`=Ul01Sv@aoqf9tetukJ;+jTgXIXR^>C+`(IoV0-TM90PEk
z+KTS}MJZZDU}~KTM5GYH+NVhFJ0w^Jmn>@lfPrU2n=ffgHp8>Gg<TD?Ve|CkW?+!+
z_ss2S^FA{OL$&H1mS2+Zt%h(q0+IAp2=5ha?KlbHqKxP89OB0hEiizaw?$gmq^{R}
zPkX@)fP(Og_<`VJ-Z2{Q{~AO6P7oNqj18z*31}ST8H6{z93tF0Xma#nBUCm#Qoz+t
z=w_PLMhBOq3|v^DmX85G{&vbY<IPDYRl4ujjZ)F};Pkl(ms@Tf`FM0i&f?V*vNtVk
z7Uw=@+ZPub{vhRosAN{6t0*!DWvM?6#1!aWk;TO|n7TMYwTgtBw=oj4jy`3MolmlM
z4;;b554V`&6$t`I1sjr8(5N->r%EEOWyFoPmdJoeE%wK6Z|MA;OD=fAyM7c?Qe4c2
zGmMWFFAgekY2@LqP0JhSuw>pBG9_Zqf5yq*5tn0M(nM78+rf|+H6GdKFVBtz#}uI$
zCt~vVdLUn$3Q=h<;;Jpqq~48m*Y(UVcfiMkC&r)EC<_Z|5(u8Ub;c)5aECdxw0Mz(
zVD|=}-{P@7SK!bJ9pb?$A<B3zE_G*ntLBDvtS980aG>`PV%<QyRg^qtd*6)`3GiV#
zfRp~Zc3K&;gZA3$Q3GC;D(;r!no>`#vY7+G#KjgtLcRu~UH1!!K;pu3FQ}4&=BAi2
zH%~JrCotDEH9W#`p!f0LHk|CxRIb&+SZ9p>Gtx|o<S3|P_7C+Fx^{3`q#xi`IuEI@
zTiyKKU`jn@rJ8FD-D7iROB4m**tTukwryi#V`4iK+qP}nw(Z>5yzhtS7j#wEsndJy
z)m&4da$4=;4B5C|sZp8YNJMx=S5v)OvDWe|tHQ~3wl}hR3>u?is!J!}U_TYNrEq1U
z=5AV)go{u6XwL9`t<!4w6rV8#>XPRy48vUgmI$uBB}RR#UQX?H@-z0XKROB;R?Z(e
zBZ|=y#h(|N5R~I0bv+{sk-aV~k!dutfiZaJMJtRm%!bg6qQ80I@eK@IbKQ-uGstNt
z|6W}z5^ta)=$(0rHoN3pj*MgZLRgWK<0GeM1~Q30{M&Q8?_-7fZ*kNXw?@fB49H-T
zj!524&bM${AWI6vY;c*>S4K*ggw<_y+BP{V@t$75cVtOfer2t*+ygkuIHU5#TBqWk
zBcgQd--4xk-E{sjgORE7gs&h07Yh@fl+Qln=&z)U3|L7SObm3}Y-&$Q<0MUoiO@y*
zU8&_XR=>J}1p#&deJ-9B?S68gD9;Wb%aXLx!k|DfP>Y?LAUTDAeKR^)IX3W~cwTM_
zxK5Q4s?}(?I(5)?@6B(hrEI&GJG^>1Yx{<#P2G?IFt;CiMT&Y6-ji^17x<C_-G+^G
z`}=;LmJDHK8uVxq**XWX`q%q%qs5<kL8wm?FQuuD#P7hu0G<P5R2AMzr*nEkeruZ=
zY`wfnID^r3@{7!u-*z5^U($W9b=toCodn$sL9M#<MEy}`T$QUNY6+YAw+nAB$O*x*
z32O~fB4oh-G22Vp*rn%IdkU?hdXq(xFQEMF&|WNXl7v~d549G3=;$9p_9W5ZWe#c<
z6cVP^qf(y^M122XzqjzWh^(HmXwqgk0Y+3`?L3R{r)~__)$;`I@r43?Qat9dHZMc$
zb7vBRrkpVwL-Rxt|Ag6{bKHgE3p;Y{KpQJ>;EBOyoC4M6wWO6?YS-<|S7@EwqqvfN
z8;_DV&lx>-O8uRfPGd=IlTGQ41d`yIHl|3S!BBAaM(ve3)0+%8d%bIiP0VNV&!-TB
z2YTB@L~F$Nhmn@ta63b%tP#-KvZtYFNpT=6hfk-dKLJm2E|yRy8L_$9s7Rz!2*vn+
z5&6kUz>d80ICU4+;}f#$s|IhZcs*8gfa?c>w_if+bHx<sAzSy<VnE*_;10Ea-i!Xr
zcyC&JDEo@@!GRn}`BZas&~vXpA_6*^bN8XUKxi`r!xo8UozR%9Dx?XO+pYgWP!eV*
zdjvPJwYk5?<8E`kw!azKo^!cLi!#jpo8PCfe8qD_jU?YEk7Weqj^lu;j{s|UjyMj~
zXEdeIPQFOaMko!Fh}OYGK>|b*Vl-53glHBgAK<P3xJg88TD+ZldGkcwe*Ci!C&H}Q
z!3E;!m~)lj@iv~HfF;QzY6orVJ_L<}_i)NyC?_0Hyb%xkc+T98@;ngG_r^qVF`~48
z5O&)8gY|jY>*-5XP8~|Ip*Nzy6}xpdOao0w(fS{#-w9p5aop%!z_GJGr#zBAX&Y*%
z9{8Wh6gFJ{(#|Gj6dZ@ZxO%o<WX)Wni!=gC=<&zVd_6YG;oIgrO$WOLNE&QL&t~Kp
zoC45pv7KbzqGX1dKs>cS8))rG<}3T$<?-f`eJSbMoeK6{B82DvRVB*JFysERlX~aF
zm>y^HjKZ`RAVqoTrE;JNPOZLL)Hhn#i7Bz?MiJqyra@{s(*L&m>p)4sg^HoWxZ_i0
z5?AIUS?gbTqeUKFCkcPVc;>GhW5(8Q8@S(kLDlr9oLbvQeW1%SCoua4i^DLi1j!~(
z702=xk=Cpt*(f2Q8EB3I>Vc8tTQL4R^sC2gu)SKt1cwC8b9kD613g;-fAso*$k2d5
z=@?VU{VgZw{f^Qh(>2}YtuT%yAsQbQ$_hB*eZ-Urv~~L}80^nWr>F+v__jq3#c8RP
zEu~kzsv(%qY9SMZB;|m?_T`Ki{YWQ<=^jZ%=iW50FHS4OmL;1bm?{MSNn_dqFCD_9
z<QA4JrgK8h`|s<h8UfNn&Pr67C{mc}2j}3w%I?xeRk=V(w{Avv_g`5{$AN7@-OAj^
zvqPmB@5dGMW-*GM!Ybij{GPs=8q(@;r@9N3TN~RU4$8HF4wgR&obD9dlh~sz-c^ZF
z${E~Nl(l%NUzghQlk}oSeW^S)?&kEE!Wp+Gld}2fX8CxmY;txtT#)elycztXL7RB8
z=T1ki=@;V;0Yk(dS}th3Ekp%AsxXs$qIe%I%bvf&pageo9i$OVdJ^B?b#v1AVo5ee
ze~*ckkc^+cAB6*Xv%`~M^K2T1#TdCGISY?GOST-r6hX6L%6lS+B&<tXMeMGPvZTd`
z+a?$isr{+1`NXBM<;s1T>2-EGDR<PA)%nBdeiqrld!0ifLs0v-fX`Y~)9xbgAbzAK
zej8;AznG55*)*Mb%m2Zyu%yalA3IK@YZXU0QRTOvl40%F`e8;$00W2h@QA?s{%KjZ
zNU<aaOE?M~7S2Bo5>m*ySVHXgH)pjO0*->J9U4y%_k$207!B@8@^Ayf<2S&$r`8F5
z=7_{}USXjD-t@Mvg#F3O@)fiz?M`NJeW9=<t6>C}2pe(^11t?HImNBd-yggBUK5!h
z$xYOFm6xNU>ZT)npx{W!lKRJNllewjm%4RZNiLb<T3ovTy|Oo#D&iDXi!>OwDG0Qq
z8sCFIwK375ND58z(dUoGdZ3`Fh8{PW(YJR^q%y_1!#l*Gd4oAzaCxbl1}FkZmAv&T
zV%2ibvQ84Ycpp>lz=HBa&}Pfk8^)(|Gr|*HfmLLrYXlY)#PZ4Up=`Fp&Li-GcR`8$
z_A@&7WnE64GQ^}{Jx+9JhM5Brw;E=n2p57Qw0rK3P+uE0jj)565k@6I4{R9i@K=zb
zBiy^PR1*q2Vov|o0}BsH&nP1l)xM9RJlfL#uo}x@#;cW%0<|?ChqyW!oXDGi(qxUs
zF{sAH9W>yx=c%O4=;VO%+eeBy?i<m0({Ho5DNXO5o=6i`7`FBHcDHMdG?VsTYAoK}
zeRdE<a9In&sTnvm{YRvWbv&k?sxU{3;x+3k!V))C_DBy8k1IurvMR^uLLAVbsIXMZ
zUG(&crark@x#jgUpYp+Eo}nU#)p;@=s#~7<+|Q)gYkXK$jLOO;@grB{Yx2X(rdd%!
zOS|1&3|%9TOsdehbbWTWeEY|y>gbP)*qktuRxA@`OHSDdn(HTCoj};RIA?u?$Ze<D
z&nc&sR0b~CVX_ua6)-{A%aZQ?kQ7e)5-cAKt+qu*`Z}bx-Eh#zB5Wd`sv<e^i8E}W
zfq80b&3=cnC@8R4PP>0xah#7NdF2LF<s*rIxPAf!|C2(YbR@rvc1)rsVpHP679S=g
zq%SWkjxj~>e<4cwx`GC2B|AkvLe|-{Tl8PCy1hiTQtZPp%sZ_+1S0MwpK%N-Ru;;9
z{z#axJT*T;B(?L|4jeY{$G3jIr@#!WRDqAxlV**&=eFuw!xy~e@{(R*;N?sk>~*O@
z!@+Tz$W%^dO0MUgIZ-k57TL>1&#5sQc(CSw2vW8=HMlHYJp=UeTbeo*XQ9n>(i&k3
zN*TbBY5F`6R0d2~m>fkp|4Uxw;AX&FzzjJcOU9mt>67~pVU?Lyjx4H7ZITUiKDy7F
zv4p#ac}w3MyX8*^5)If}VB6UjUh2vn?dCqX1;`m{khyFLc?=D878Xbt<y9sAJ{Lyk
znyBSYgTAF48c&}voMn&{ldx<}iFxaifoUP-ow~RTjxa27VP(Ee0sO>ZcB0o&*`+Bl
z?Gn^b$q6bOjls&8Vb)+@p|+G#n{Xl7DuL;wme;Q&kP>UDq&Qk{_P-jnZLhmHh(upv
zAX;z<9D>t!?>+idy<88RFw|w_G;h3@*s2DPlES(HPh*BY<#AFUEwRKKM&m8RJ-)>J
za}BeB>X+D1TAZ{;w`Ro!<y9W_E_D%$@?=-1B74^s1If0nQdM%HmvtSd;`f-;k<)3)
zn0~mR%s#H>y(9ktV_PJ|Lj}&qd<7CI%n?^7CiItO(ma+*A1Mup#Aq#nNMU`{UHaZN
z10xZ6mu*hfIs*vR|Hil%8wY31-W%Xu6w~1guBow!!Hd*V2dENb<XsBHMj5{&p7@DD
z4ncJwagkzMz=S2*5`*4m>X=Q4+(@}&d?{pt{2Lup6!f@Vt<?T5UcIL4^4$Qzt`tkZ
zlX}Jxdd-JWOs<qT2A%&%g+_EizA5_BUxLci5l+pqYF)k^JINEy<i8)kuX-g7Hyp4C
zwxQG5w@M&2i~wOHX4_q=S<tgk!G$-;F$+3j@1=m~6j4j1h&Hyf+Dgs;%_&%ld=G(e
zRb+BM{fU^^CagJ5Lh11cbN?OS;izWi*h>At#0ZXXP6z}RJr`P1m&To~wnTx5gyV{7
zpwxslh_PU(ekDqunSdVG5w9nGQRa+dQ8I}vLQqxv@?9~9)|1a>3STN<)(-1-WPt8f
znRIiJAzE*^0bzVMVu2W&z^Tr2_BKMCs+&+yOstEn1VOh7HbfRRsJPMCR~s^$T)mUf
zm^7W3m%;Fv$w=iEV>K=t;Qi&j-1S&PBPdT23tKW-DeH-{+9b}l#hIH-e&Q%hhYr#H
z8{%pCi;;jWKAQ(TInq}?yocN=OvaR!eK7K(;XUB2`#7BA!|fheGeW*<SLg@?Lo{f$
zY|wkL>r*PYzPDak;&4^Kn5)a`&iYPF`dJjfJB5FV8;Oj9o;IxDPjR?6WwA}i^-khN
z3TQH_xWQnN{#lePx{FJetsx*&(!zh!SjPr!MtNr&TMktabc{SRJ#qf!6b1!}gZoCT
zyN_?AsiFu)H7t)yr9ba;#`+4ZX&!m}CkEDpHZ-&CEhQSOT>xv(Bfm3B;&Cl2)S_7o
zwnt<yw+VE9OSNh7%+v&CXesM1W?nzx5Jl$JOBcFPNg<+Qa3aX>74K31Z<Lytpe@>t
zi0y~nhSBK6hNxvnB{0bnb15e0d%oVr|3K8M?z<a;n(@f>23e0Wb)~OE)iW0wtWm_3
zjQSuOY@omYY{5&c98LsjLTvGlbO4yP$^pB4NbxALK=^@*4xZ&rxZ)1zSaq64Fu1JI
zW#-?oi^hy$vXh>~{q($P$*Xya6~k#+A;*|K_JbbfuGr&9-)o+P-R36lrI2#q&Q|g7
z^!EJ3^0T+CPr+CJHf;lbZJzi_ToK_!|EB0}b?W{@1v;#4G^@VgUJLpa(nu0<VRV<B
z6sxjW0{rXC;lCcI0WtzK2umw!W||Qu@KvjHzPuNHDCeH-N2yDHfnzxw=T#7<6b1t<
zE5kGDI;;z623)oF0E|yAG#E78Z2#_xJChH+|IC>Gd>y-hH*cvAzI|I|q<RmqOs)yd
zE{MEw1$&c~6_;OkMUbDRO*N5%n8&-I=w`1^#VdpnJ*7e5hbd`&ejTbNZXl(%DPFeE
zFhAsRtgsp#8q|IMsaMfpF0WE(Lz$@!Nr<My!b_VG03tI3i^Tr1YBA;w4dl2{4Mn-F
zWlUgUya&F&{F<)ISWStX(a-Cf8d-+W+0pgUh#R>Lu40q-d_@eIOl{9N$i=?+&~>II
zf4;oqEN&nag1D0e!+bx`_9^!|#CI;_m0h(-Onk5Q(!|6bJ8zZ!*q9t|Mus~?&jV`r
zd_%IO5#>9-y{-k(8r#U!Bk0A?uXTQC^HbJX*9yV(J;#xtqF<9r=(jfQnv_5SuDmd*
zA`sa1nOe%0c|kJ}&a+rT1bXVjCB5%<#KGwT5_rAAyz_wscVe)$;UWV)AL4zv3Z2a-
zNTg@6h!@mclowhcJj}1}ngj7wK>kl>bq;gP&Y|m7Y#%UCo2HG_h5ZYZNuZ14I97)Q
zy_;b%+B#-^=`h!%L!w-&35mDSdCXT&%ZhHz(W=$AyZK1dz#_sd6zrt7^5qX#gtBJR
z%^&8oOgbQ6l@=(>LkrHI|7mRuW4Sb>R1xBenbB3b6=alv3Y87sbnfDV009Ljeit<4
z_xSkrq|*@<q*V_((k@RX`Z}cJPqpNPq2W-$3vwCAXdZfEeouG!HX|Y>)-is68yG10
zhRo^Za<a2&=~dZZ8Emseph-X%Tyo9ZIbJ5g%_BePpEdig+JT-iCuz;@r)+9yik{j!
zIMFKP?95-mQ>H@y0g{rb=|<?3!<D+1hjT-H2?D2fLxQVbs3h>)?Ia6}M4=;~8{j)K
z`BjY5ux9)NA9s?MNqp<mpmeLuE@2$Jwr70abrupLFKq;MexiU1RYOUHb-Euzc~*fP
zS~>gp*XmNyeyrQPJnz(Y4!BX$d<2;Ghy9@Am?tVENANcc?%CI}c<cu)7AvPIrj2P3
zGyXmi=}?y+J|=d16IDLHf){S6j)A6D6oOWSQfKH_dd+-Y@;;t6-oqqyi%bM2Io50#
zz7WHP!vwcC)@8pakjoGyXVUj^OuY+MWGI&~Yyi?0vNnar0eI#=8<cn))>mVXU7zJq
z)i-@|6Qv1Rr)Y7Je{qG#^HT#HTIPOI&$iZ;-Jda;GwMNVT3(hveXH|l#=aRQsJtWn
zf{IiS^OefM*gmKdZT-Fnmr*EuTJu^p^7Zm@cN9;LIZwQH-#7xArIbw4!F)vTAR@9g
zoacV<8eaX>@!wL@Va{dDo*%zE;WA;Xd+S<GW}G!)vvtxdnrB=NnG2E?^aSdpb|HFO
zj+;}3uCcN$*CbF&Uq?ZeHnBbCkBqLfd?(c&TsF5N4I0_Xb#rHo%q5Op;%!%txErri
zUk~Ha^fo=+gGVA#=w}r>r=b7A^oJO|M9BSRmrr~`MPYh2Gsg*XW}S{wL-WGdce3ZL
zI5`E~aK4)4&pY&X<w>rDPl-ZK(S1Gqk@=77oU;6Z|4;WDdD_A6AgvRuSy(sj_H?aX
zF4BVg0}IXUZ-YckB98s4ec2|P9Ao!Kj^*kgS>o)8A06ESOz-AIoHT{dxi9#}H9@tq
zkZX_cz5`22_&>{S4UnVvOJU*vYAu7dWeuGZF#MPx`mompVCyUhHq}+=pH?*o$=Q->
z96lxgs}1x{P^H-)z|?8wzw5xwQV6ytm3?4HsAyt3kxm)atJw_Xe6Gq#4d!{s>QCkK
zEI4|TF#KMoFN6JO^DUr++*X(J*C=4X?wE1GCZ}c`NZA=m1-+6)y1@?*%k46^k%aR}
zW#cE#PuWaa6Muivh@R)0_%8xs?3#NzPD;2Fv6Y`qQ~fu;o(Ez;DKGX>$B#Jj^za28
z)UB1$Ufr@9*e3*T(_^EKRAOp7e>K|9ZYap%#BfSTL&jl~n~4oe;i>HUklUrD6x9}G
z>3Y}jpz8!!5@R20tfofD_^AGwYeCxN;HpvE=G6iaDw7m-@s!$1$d4r#QWhj1Y84`d
zoU<`*s6{;Nx6xR0$eK^Y{xmyzasb(-fzFR$*FSh>YM%r>%<y{wN6=O7MUd>izufI7
zK(iGb0c>ZV$#J*HU2<+8W^tooIB&z#=_pZ+IOQZP9{7kS>Nf~14N_0)7uPMi6^%sY
zDPZ&qiCh>`N(8O-r640oQ0ct!Pm4L~c%|@DV-zh1aPrh&!ZFoFY8>Peb(F4jBXXQn
zWc~QWrs6fjDn9QH@(5T={tTGtq+hdt|Jg+SJvQ(7`#K7o_!pkJ4#o|(NOn+WN+Ur^
zMtmx;EzFrxPdojywf&EKf!-h9oc-2IP>4PTp{{H3wj6(J*db=}ESY5t-gwAjAREIs
zj;<?hOMz>WfTTsL{qb*;y}-!czD>rMzi-hznoq0qB}G+u8arr=(t-FUeet|Qz^uyz
zjE$7zT-xwu9ki%E*>b6U%}8R`LpD&OvG@~i&u;X&XWMz^#pW77y}g0MI$TtXAzv0Q
zN}Ad_dX%DS0dcbGDPBfUr~<WLxwdp;+^%*9;Ma<`KR6ej)^9q4@$b?dO>nHr)46z_
zByT18ub2l0AcJonoHR>mKDH?jCXn3E=t3}9?KB1<i8;Rk^FBy8o>u<)`bpA82{MIA
zfxz9G?d3;mH=M&gL<kqGX=j-gzDk&oR$lKyeXsb+%ReetM`9*uMsJ~s$CJ~mr`q}2
zgN>`LfxNdI_7kgb)9TAZMT}-QTF|%kov<Yq_tm0?(7-ws#TAPuH=98)jHxrD=0-FE
zzwCSQZ&LppXDcVd*%*H%+>?FWJ7hY2?gh;i<@c|6t-@jQ0!?S_thFa+e)F`-$^#|l
zYz(5LfkoSU`$hP@unPX!JY#9=z=-+tYx$UwC+Hz~9Q!Y-EDBz|mQ(}nkYw33yPvP=
z+sedqHCE%`6`jNDNYh*{S|GRx0__U#mX(Z_Q|S3{O(#XDJXrniBypeOr<_#%hdu~y
z4!{2QRwX5F)^k*pZJlyH3)ryETwviih9LDHW^+Is#aV<mkE-rHS`IE{{{^GdNJ~uO
zo(NJ(=pUz};sTUz<Go}}_~R!r^nV&6#s2&fc&ISPjWhN;a$2ZS{mD1RrjJE1)bN=b
z`%l5L{8gKjSe537mnD2%$HmKD?f42*&Tr10TNSxggkj`65N+2B`iJzkAx(PH9r>py
zFI}DJjaO9CW)u(zec(G;Ulr4;Q4i*bgIh0CYmyP+PKVUhE(>&VROtm&ypH<@5!510
z=g7AdL6#FTv(JhjB`-O$GKvI;B^&r0UMXp4%nJx{56Fi?2#ow~a@9j)7L+Bq`}n&V
z)@|VL!S}s&W7a!WE<Qq!-9OI1<r}9_J~QII;_p#T{riNKVU;h4W?5*dTxoM4bbNE7
zxs5n_kR4WQH&Y6xD7$@<d1cU#ySYqC(Yt#q@5DX>Zvv@`G>8fyxAm}CR$HPWUAJ;S
zWjm_!KWDkIUsSwpuPK0UaO!`96oCRbPiZ8Kv(*I#*w+G5AEMAJb=|{=4(7E}T{ceE
z5#Ux;e<^exOKdb(_>@(&w_kWg3tB!5(|fq@9bCIKCU>zHF?3G*g^u=s|DMF8O3;_s
z6_FX1USYGHGQetajY9f5v5`sb9om!Nm$@Qn)1h=C*jcv=PU>f`3kqZT%T#0xm~Ag~
zfx_mQ^BWYJ{dKl5$YFK~K3!@aEerhn9GRu+RD%-L5XzzVOz!z!BauL4Tx#SpcF<yQ
zuWgV2&D5hTco6CQJO$jwNNG=Mi19N>dJ)3vU%1zZIFvNb7VvQ!maU41CW9>C84c^6
z(1V`SQ1@Fii$}EdBS~$!fNXigoMsg*9y=aHp7`wkcUs18*N@Lj2OBB`ZCc*p{Z4%~
zKf$!j>aD-hH?;!Ab+=^)-LIXk!tdN7Hq4&`-guq3?;)r+%8Mghir62mjpBgBU=wYn
z1wmcqVygV)p39ifvjY@kePiFRp$|?1o#{_Eyp|%bdy`lSt7*wiH_<4wE?DPeW22qF
zzYaG_ZqMi#S)v@&Ib#&Nzl>-DMG?O{#(A9y5AO{RE-SA{(b!O#jxVskm8z5`P?!Ka
zE@iLvKwFlb(_lv&e`JFMUWKX$Ywj`YG{}jY6HAh$5+9W)(~eL=+8Wj!q6><bhC%#p
zDLt4$t0F&6ge~bhjk{TW^=xc0j3S`C#Sk~(x<&LqVIrwF?5<c40;5JN>!2X`W#&K-
z$-0M2ad4-ReLB=*kLHvNN-f<imb`gF1Q`h1>a5YW*k9%Qzpk>4&yO;PfK@h^DCFWo
zi1DltIFY&gw7u{)oD3iWXCb=L$A$J!oL&`W+f`fbT*y3ntYD!HV6mC|l91}1BhcnM
zW8+9<?mh9GpjQs*S&%^<wtjV38a)W7Ay&~t-9$=pxW&4?Ww0};*^e-#uSn=-lNto1
z%Ao@cEfF|a)7d!GsP?nx3_iYOGY=G@#AUg|Ye^wPI?#>GxeBT!?)QF_o;JIIPkw-e
ze6{1rPaPK_gK|_XD4gSMz}QQgV1@;buu-roNYB(R*TVsNV*1zB{YPDBhz+Q6Nv$Le
zt`Cmq`*k(+5*4+*f`<Q9to7mT?o~wu8O;UA=cR3<ELom)#tX|#O!^oF*6?bpXY&jy
z6DD{(Mke_I-%~)C!4lR;FYRy8w8djnti08WG)vjwgm*?C=}J9X8F!-Y`WjR)s@}Z`
zK@D`km_Gk+vrMgBSEOdH)*|@jAR0PcO!&0~-Bw6qNn>6KiBBsj6pBApM1_<RphT1l
z2g)cu%;4K#a**#D;~=b%dFWxinZ#uTY(z?Hi0XNLiNdZ((|bqOhy9K802BTzkKRx+
z@*`3YLd6~_jRUMKy9+Xe31UQ_N2inb&%@BS99z2j%^J7f6^43AQoz#_SOND`0L=GQ
znXpNL0Trm~JnF7smFa(Acp=0or`c9bA#d$KS>V@fQdza{N3p+ydYhx8?WCPvYd|1@
z@Mvo|N~&Xc(EFy<AC68WUTMwQ^Ia1<1#@#0l_<MF5P}f_^kG+kQIC~qOLg^mmg970
z8nbWyl_y#)bmCg%>=q9ClnLm_+aPzw`|XK<u5J5a!%~U5XC6BSbIaG`)UHe;={O%t
zJO>Lk+qLLqWw>(N@JzG@-<NgIIB6$mhPq;;p=F|!{-+NWDMH~A;xY40z-DK}Z(%tD
z<-_6npJ~aQDV3Tn2StplK723#b1*PJVtO>3!Rw#^#&%(|USg<iicFdnei)7z5f>7F
z1szUeu<df$o6u7~G`)?S4XVRw$>V^JLm4^3W;(TC;0SioYx!9@*oEuM*jt)=HE|o&
zo4^6e?^nl+izr)UiZ-&ei5qT%KVW)e1<+V*130AMCnW1r^{gp*H>tov2(}*fr3=)G
z@4okTk8ZHU%EF@lOo~pi#uZcapUrbX=IS^U>Kh6s<7C>z9XgkgTGPr})N*GGy{@2v
zo>S3KtP3I{`+(s2jvN}_VBZ2id5_MamQlV`aa<jnuIZwxzLfVcceno1?FX%4(#oqu
zUOc)7DHh17@+Wpo9-e-)(rG<s7A<9$2rKYM`AzK*qicd1HoaFRD22fuxi;%^;D7*d
z%JG<p>ZhBxn~;de#K@62`tMj>0gi5%0lNDE-DP>f%7Clj`oP%tBWsG|2LzNm+zZnD
ze?b*<6de?iK)L?rJ=`XO?`+KSRepdP_~oWhQu`;?|3rlx5{5IZmwev#Y;*$W8vfRL
zMZ|9L1*C;Hp+(n=8A^E>Z8=RuKZzc1Gs{2^7O<S8rig~=ZH>PJD-wf#v1#AHs(I!4
zN<cC)%zLWIWlEM237b7clzra*JUR}%IwN%9c}jn(Wxi95b__o0H)TT!%M}+Ci%P*_
z&edz1KGaH&W=Hqya&@rYQ4BWxd+OPJ9Y=E2>(zV5ls5+Q{%%Tt3%ayMgcHKkeJoU8
zvM>LULwIrZKQbMIlE!}o>qj<(uAk#?Y>xWyjdoT;_pT@yZt6VYg(ikl?b4C6IEKiJ
z()HrKSHlFC&H$7G)X`T+<ToG3@Hc^C5yNlm*)K2k_asr3eqgBKcEKNV=0B)vjIla_
zaEVT?glAxb0Xh|ZJFdlvi*;wkIGqzXi~Ji{NH57^&P&NPl%toZ$Zz$cd%&0X8qm<p
zrn`$<nKC6~D*rCq<1=m}#~BY}m8AXHCVV}BMQ#yKcjAfQ3>yFVU>tAzN^gA3*@sv<
zv!{`4yc8$BpOA$xzn_gz(r*(+!wo2&w;DCg8d%|BC4cQ=p{8Uj74BL^SNE6rzN@xm
z>wTVO@@km+%58A>wmjJEV1feGguoQM{=J|{nG2TFf1W&5$HES?qC@VWP+p>0mNcPJ
zPllxUQC3)QLa9_72`Vd%S=yD9)L2X)!5{Cf{GO(Q!j3;$7fXO$@pe`nCbK)f&y!{M
zg!7iBNuzkUTE<At-c#p%BfG`?3#Lsl95n+<A|b7C*x{@x<2j_szFjA9wDS3<tr$`;
zn<X1v)m5fLW#Z!F<_~|{^N6{0L*vs?p6pJx#t^O?3Bt@FjNB)1yNVmIp<J|#nNn(?
zy_uN(jH!`oPq5*fVUi&l=hEF-<K03_FQk|iwRkh}Qv#!Ehzss+D`^nD?spO?sJP>(
zT=HLV2El5NYYLO3*<*bSa#V_#Zj#p&_z(|7z%A1CUu_}7Q`NE|X_(%fpa)%^D$>$`
zKBTm*W8|f>eP)Hp>?ZwT@O=1=@qFr#!js-68tNoeKF0hA+{gAWsBI&Ay@@WOT8YP3
zd_UB?FRe@p#SXC;X(1s@d3_rqSK_p^u3jJn5Ks_6FhB@EC_orMI6wqIB)~s_D1c~y
z7=T!SIDmM71b{?<B!Faq6o6EKG=Ow~41i34EP!l)9DrPaJb-+F0)Rq*B7kCm5`a>G
zGJtY`3V=$0Du8N$8h~1WI)HkB27pF@CV*yu7JycOHh^}34uDR8E`V-;9)MneK7f9J
z0f0e(A%J0k5r9#EF@SM^34lp}DS&B!8Gu=UIe>Y91%O3>C4gms6@XQMHGp-14S-F6
zEr4x+9e`bcJ%D|H1As$-BY<Oo6M$2IGk|k|3xG?2D}ZZ&{{U_PZUOE9?g1VE9s!;J
zo&jC}UIE?!-T^)UJ^{V}z5#v!egS|X0cTf-ttFcgHwL+zZJIJOawgg?ITmw;4OjPF
z`p-(V+cNUjzhV~ys<_58XYE`bHK${gMB3*xfvpYFpgIrr4EnV<D=sS_rue;o6*yCH
zMDjgJ+#)YseZiajDf>o{xd~c+66{6}GpP8PuAhEeU;_WJ0XaSm!p*X0nexPL@{AnP
zjnzj{(#~73^h08F`%K`0Y055$bt*OkWkYN)<LHI1?8$%#sMQmAX1{!TtRBBtWh3~c
zblWVX`w{V}(u9=0@(baD($u_KRP?yVqAuvaafLv)dTqOj9oz>@yZ--%q{19t<0dG;
z<S#a4*y^^^)5O(Gz<zC^MNs*d13BJ^PvK{}(uQPX@4LJE(<%bG<KSyC<h?%??(h<?
zr7J$&!yvKlkr|QrN#2$_GT$+_cqa%j>wxS6FxThHX<}KTzU$=@zJ%uamX*w-Y;=Zi
z=d?FA*<X8loR6e4<yEhzcS9BD%Oa?G<or&)9W>J&=ah`C{{5|}<9L#uvNyMtsp+AN
z<tGB(Tw`g<yAYe4_b%104x==$u0bBoA%ZvYEh*H*+CUZ-vWJ|;jBM{My|)cL_6T9{
zQin8U&MN76C^RbJEmK|2R{M%zZ}^dPf8DxFyUSE1nf}o~Yak_2e|}%bH5ug!^Bu&m
z3%xm;OLtU5@1(lvAaxbC!l#*}1Ua*-bkdnqB;o#kI=|k&T#K4oRHacZf3koBWLnsz
zUI^7g9si)@!1{)69g=T+xphi=1>Ob6ZyzTtwL{as5J6GJS2!~q<O=!3RnfpZ#GhBT
zt-8}amj#{Q*E+e+i}%ttbCKUaEv76S>GeZ(5>IOr(8#`Ol1E+Er@W<k>8$z=$FIlK
z^8_Gw+|>R>!dW31H=IKz&#&fnV+d~~lL3lVJMDS1U<o0b`CZw!D-16G(hO&p&o2*P
z%}wXDRwq-13F#&wycM90podtwQIa_TM!Uj?qgRvcctlL@;!H}z8K40V0!=Ie#*MRm
zn7J%(wV*iC(t^Ht>f$1r==cxYRDTdj)nOWBw?riO{7*6GpMfPLjus;H#Rit`WwP@@
z$YHF-fhmJCg4`yU7^Pc<`>Ejob%KJ--R}Jf9CTYjjo*&5J6GIu7jfp?qHWnVmBU&_
zbkkB>sGrr>t6gK-lsY8&6w(ngJxp>)j*$zIa!yu=GMZaH21=ivhcIbFfd@wQrS{e9
z5{e6L;AF4O`Kla6>LPI-1d1H|S444#B_80#+W&|rWX30s2}4|aQcnaTDb#9s!)>3O
z92JcbDw$Pu;L4n*{Hcjl+P-H#Wbl6Yr1ZIlh<8o0q%=RBQ9@wZ-Wn?#`f2en*JtD-
z)V64oo<`0EWG{bSt37cVqwbiOKHJ1%VDA@ubQo#qBYG?^;Mba00&>1C583<6O{IKs
zR<BC~UAr&lE6O_E#;D_qwA1HZs@{4cPlyH>|5At{3SU%+M)wN$<Tc|JR(0mWBSV@e
z^j+tBVA_&DNmD&b#tOXz+ghMDj;!k%(4(zB&s{5-;Z)muahwu-&BNei7ly@Qz<}+0
z#7uToVJ-iiu3gDOxgYHi%42I+XO$6jHR1kqbDG(Xhw(i-!NyBi?B91l#dW40kE%K?
zCt5V2S^I>2Wy(|RjIE*b-t;6eV@AvMFW4k#I1JGZcZ-v1g!CA=q_=<$A03UZow_2j
z6_t*S$9Mfx2jb2g(edQWexb8dPu^xmAH;^eEUvX97EypcQ8d+7L4p?1B|)Wls}4$R
z<(G-!gbn7D(58Sje78IlY`o}8^8_Ukce4{xYQ}s_(qhiK*y;gOb{cQOg&><r!h{AD
z7WeEEdRe5jDu*_wa6-0lqC9#F2CAfaMq9;7CZ6CKD<_{I9K_<EB#hK8?h!PQ>R-9I
z?Y(=a%CXCl`RDKUd^7*q{*BWz4k~x8vN**pi_&^b!cFwec;pS@xG%2ANDhx^etI$`
z`eV=0RPD6Mh4Qy*!jn=xSgUNOwEE~cS~M(ye}(&cxSuf(iFO&?xlZwlpsLBPq8d5L
zoKTeLcH14KJy{h4o0HsH9dxD0>=L<|<!(4vmaZ5AGig2%C-tm}L!cN|0%e9>IOjeZ
zE70H}zU7R!-w?&j{rx{`FSN8&h>9$y#h>Q|75le1mP`J=FRX!f%T9*s?If7wI*gT;
zoW-a1+-qV&$4E|R2%eb0C0qi06xOV#laOk7)|c$;1GVyF7#85v@gF5~(MV^gC|{wu
z&yjYaXok_Eyg*mnO%pc3VM>JM{YdEEuh!s6tBj!3gyjTUJ+_u;KfUww@t)y~j~5Yf
zwheM~^&I>At#FV&!TamRm0!g{DUO}Fnt*nd+iDL9BaSft!>2A~sHeKeAc6`Ls<RDX
ziBrV!({tXy_sf_PIljrnpEYFI3WJ>rAFEE>%xb@XOm?A_CwKA#hGnHxL}YvYxth{;
zsA1RYXXe#&y={g}@1d#MzGkNLGe%ikIk8GQ%xMd6{QdFnJ3r8`b|SbRQt$p#ZOZX}
z(pnu88;A^Ft6VM|_mC`h%-T#e8*u3UK;sGlnkQ8n$!F{d0^!--&PiOA#Xn}4WMSQ3
zlvGuXgps|(;axe?)<|B0t}Ur1(oJ}sBEB{IX9>>*I?{&tx&Bjd^Tv+ZkfRRd6u{BS
z{tSO7uloe&|3(k5mBNj4i@VtiEK#!kCamys28CN_ww2+SfT0|)g{($&>RzqW5}>Ow
zEys`kn@p-9jdUXd@kb7PlVeuF^bU;`$GFEO@Y(H3fl<?nB1&zu74$Voam6%iK%lMF
zL~j*FEm(hgC*ljFp<!zGx2J#a&t`n42V7{XT-JQ;nF<iY5Bs;Rh(3jGz}e!&l)b7C
zW#cL9xY?+I%{vcid$tZayK^a`XS%?T+d8wdwPdJkwefH4RZG+q($3OfPrM1k9_&T+
zPtnF><Ck6S{Fe@$lR2iSZI76dLkr39Jq{keI$KzwMr80FJ{OYdP|!+~jA&<z(K$?i
zAYaCJ!`|Z9{ZcO=+7|1ao8@1W>Xp|@ANKt&?yDu0RR7e<#<ptc1wKumLsruxtcY-a
zTQ;7n3Dy=pysz5}Cv4Us3mJL(dTscd&e)`FQ0|uZelMTv@s~H3w^Nn7oEt3~Rt;`p
z7fBBKEcje)%|mW{A?n{z?AB&yF}bFfN?#oPVLhu-x}cI3)ZLre76miDgAbl$h+Xv9
z9V2R0G&lWk4>xt+U)+Adi4+|PFN!Aq6*jYtGmFqtVathN=;IQe#@`z@o;`^-`=A_s
zf<3F`xaAiXb3o+g;gHuI?GodfprEhXP`Jb=tmnQg4Gl|obfQ!$LkI)q!7)P^bJ!9P
zaDCZ57}>bfJB6Nq7~|0bw{Xw!jU3z5)?XsqYxxIQy33(7K;9{Bntts*<wNVA@N!Ab
z-Hn=j=I*Gw)OC{l$F}w(9n&*Ym_Y`7!sLSptlfB^PR_@ed4XM&$YEAT-0tcck3#|I
zGCZ@_`Yt#X|9BV<yciW0R@Cj=@5e7w3IX%xkM<Z<RiLL`uq%x6+~`2O@;zp6*i$)*
zXPN3p-mbr|2^$@ehK4kErqWcLrS8mV6otp+Q|OIgM+jco8yWuh-t=%#8yNY%)-j3#
z*TsO?+0IPXzk`zgIhjX-i-J+I=9tv`vG0HQ$D-2stgORR|GLK}>4Jzqm*g)KdppHp
zEpXba=O8S+-)U(#VViY&LFJVXL9ds_NRL<51Qhnr{p6|md3X%1`j$M(8#SeEo>~N1
z_fbTMcQWPQWf*1b6mFPyrmOYZTP#b(sj1>H{TK(b^B_b<o@s<KyJGc{2`o>NqH7mP
z!oT5M1Xxv|mR2R1D)aRr<QSFXKK}YtjA*DJ3v-29U53ZN<Lp%$5$aau*ZfF1v!)}0
z`?jIY!K)Agy>t$tMw#(Ui$JWkOx*h&jtF%LeE_H2_L0P-%-{up059WAncBXNMGp>>
zVbH66{C+@`U=AwiZ-QAY7IbpqHC5n?S7-Z8x+5qg`Bc0-Sj=G$hEXrivT30>47Kt9
z3`~(D0k`MXrH2H%Uq6Qo1=fiD?vT)f2f7$I23<~u8zqkR{0^4nru>s_vp<m{WO!~c
z$XH%yMaB73foPFG<VAK;zJuTERE2yQl*}*TuVAQg6N_Wj9Y8V3+uLuom?0zT32H+@
zQZ#lqL(?hF7{h#bMOcOzNX*r_6jw;Di^Z&YsbWP&*YkC~iY5h28OLHh4o*piK!5aZ
z<2yGE5rDoq=|3Xd`$s-!s<;%BD93a$S$&Fa<+Ix5f~~-UE$vZ9QA|p!!+k?L>p+wY
znRZE(sblU*CJZm&IXKR5jwM3NH6^9)CiI%*o2Df0UdQLGVZ8PtJ}0xY;W_2S*;PE%
z;WCLB3(r~^0ur3q)SV!?wJ-9&2+NR9{zTB3a!w_;H3ScZG8&(--Wr+)X}yMov&GzU
z<y{s}M$P11H;s+JgAY);>XZs|IF9X6ULz#as|1%+BGh>kTlIG`LELL52O`#MHa6Gt
zR#SG!(EoBBG*A=M(f?R&0yzapAb0;P70T{W6Hfm)HLLh)gzq{Cv#jK(dW9~wYow_j
zZWql5ivuTvKWX$jLfOlyG3u%PlXitO6zqfc*T62j1&0t=;p+GY)JAF`qVFW$-VhVG
zqZ6W%j9ke^WnNjo{Fc=}XU(qab-mS@HYZosvpkw%F>+29`1g8W5)qGM+pd-)ZV@vy
z$q+VdmJz0M9dSRx+xAadaZa;kM}&^X(Jh(xcU5dMp0v89;L=>MdS+5-H8+RzEdv`q
zlb();KTN-^RO04&FtyFi;XQeN1Kbgx2F}$@(cMznZ{R2=f#QFf-u>o|GhnXX+wKB&
zB(<$+!=lKhHL4~uDcjS3FP0+k7&E-W>@NiCvWx1{%&JEMq?sRk*J*xNH(6!7N>G2F
z2H>#!s`NUgb1nW`&4kN!qlza+_CMg{Pzx+t%+LbO$p*1SmoMH7NiEZ|K;I?=o%0G>
zH*J{g-HmGf<NRP6Tx$;{4zx6>NlzIa77Xe=!lbS|4?!lCTkEWNZ}mM!S&ZpjT9M3j
zb65p*8KK*Ym2bJ~#4NE2wAPNa8n3l5Hv%One6X_xNhWN`v5gwx$}00UbQS|m*l{|j
zXf|a1DSM=RU~_!AUNvWOPY(g%e&RugoR|u2|B1(HL}10J4Y~2V<;L1HPGaa8!#t?&
zi8rv-{y=UlXNW0f?Er_P4xiAjplN;ltwlT!Nc2$ym&IPp&NN2oWHb)VD77^TKYv4m
zOB4c1&0!$J!@N|sfAmYOD?o-@VL+A%3TMTT;FA&x@A<}ClG`b(c8PoK|I+=&%V1NW
zpEI2MqvoLfYg6{b*VXSQ6Z$JYdy}3FeS~1+-m01qy(<UzX6Z{>%UZrF0@_L52M)x7
z)PLiKy2v(q@$Kx$mqdBv8)$)UEs?8Cb`UEQR;*`TOWtBzwvOba>C{xnceMR9774_$
zZWs}h6=es>$4%Xy*3GNYjNC=9t+^7#&54+?w~P66jadjNap)>dJrx9O4$7NMhY^oV
zC08nz+GpQOb{;TT4W>V_<ufF+p9Ix+VLJ!SV;WZ|m=ikioJ*C7{--k70r|k)*;OvJ
zl`oQW$jG%+rG&EXSV7<@^0Esz5}&n^Am`O8ilv*(E2hR=DE;m%CdeDHPw7<3wVBWJ
zggaRq9PUKowt_x}gPY_<#5s;YVv!wKg9b6N^>wPCYOQ@cZcr~;uEy^(mSDBBrl2ro
z-1O}#jfM1TWUUJn9+@;Y4o?`MLj3hqN>JN*W6n@)&W>H&h~awPLLK49*)9oo+W+Sq
zO6omyuZ8uE9ukbwCU6!TfyqrB&A7VI`Q;>G!A5Ty9nWQ?<{pnoU}`_u!me2M^9vZl
z{XfY`>bn9<oOtiPzie}O7T9h}vy_EBqym0UHwrTOu3d0rtXVJ<vP{K`DjjCWkX(C-
zp6{%n<3iNFEFA;21Rbr4NtuhUN0sHe4mdHb-*;I?)W~|6nLSm0v$nPQCA{U!#i1kS
z%`57kv5rPYRk=8AX9-?cv>sdB*r72)AJKeq<MO|#llR)Fe{23+nE~S8F0@*`HbE6j
zhB}E==b-SgbUOGF5rgz;juMCQ@E3#q7-XO>iqmc*dgA0y%!~Fo`lo@EpL1rJHz|rC
zQdtqS4}n7~c-#vmc!<H~%cRY(iX#219$BnlF(6W;{Yo{i9#2#9`@0dQH1G1dFHV-r
zjXQNCQdk#bPc=8HwxmoJz_k96#0R0HRy(}ldfG51V;+j8j!@h!ZgTFI%fcf%3<=at
zmvp=K7l(9fQ9BfJaQ%=z$z->T`e*UZpJCBgB>k-4D{IEorh&fu>Myu6f8=|EFQwi*
zM~|bH*C8psJHb8q;7~b6aLkal&Rgyo8S9B&H{^L*5*FbDneTQMx@c5;ijK=fiI1IC
zm%(GQ`sfvQ4JfY?m1yu|z?wtj{~PgEcxTI@o<=h$P!g%Q<t}DVfFfuEp}7oiJ6bW7
zge%0f@^qjKRMK;P!F7tW>4lx0_aBP;#w>PLi?e4a@1c`y4{80K)ZKTxZ=n7ITbf{0
zrkCO^Q=}D}EeUlr8NtJ%hoeadwEfSkC&_frd2H0i$38BAMd+|Jh6}@MeL4Eeat`7@
z)d$^EBZNycdd$c5_eg#pf^*xJCRf9x4xp2SdSuAIh*J?fuAx{X(7>N>|55;B@L$QE
zJThjDyKWP%TgRNU;itWX#YOlFCqG3gmvfe5>;pOoZ;pn@2b9_6Ji_Q>8UslL*u;f)
z$5qPTbgly$(je_WF|==2FRBiNl(&Rv=a+ceCZ2+Y!7Y;nzS=8c0is0I_L_p`^mshc
zjfF(fMcMciPEhErz6-PGLU)ZlUQ&2dLM0AgGF4!&y%1J<wF=!9H$S~enGpi3O1dhY
zj%Qe`N0SX9mHP?HaU^!$X97tcYvDpUrA9c?>T})Sn6MjkiXcE;kL5MBIN6XtBC1<>
zD8RFHL$@fZ!82;3)$Orr3TQSzNFwzeY-4|WO8c5z?`O*GNj;GE`!E3SKXF%efa#9r
z9^W&*{?(4t3E|7Y2ut-Y#}fV0@-$GnIOoK3KZ83r3LdaU!!Xh7teVBNDcI|#bJJ3S
zUc4$_$n)EA<Rl*rszB3rwknJ4&vi>lWrdJ0!_=?=B2njtYl}%7Y;rK|{77b~_iqer
zCHb-GW+S0&2P-l-t6tgzOal0I)&UOEmcMB6*MXa;lXEYk8EmbUyhZAO9{BbOD>G5z
z`CV1zwnzK1?1xYdICsfg|IU~7CN!vOO-9%guT$+g1TK+0yHU1EagKM})Sh_%r+KG}
zo_)^DrW&LZXBn_F8Lf3|l*U#~_UkJ-UMGEvfi5PW(pwlV2%v3zaeZ=^-N8qES9~5h
zaD_2?$T`J}fpL$%345%TfFd}C6zG)MF7g6{upb-0=6d`P|NoR3<JlQ^=*kT=n~|!|
z+%-$XDuRSyWkQEy@C7-O0}zifQ8ayR-d=4mTTvkPC%|LlsCsHnLm6EK9ImDU#M^$Z
z%(N;qSAZu3>DLO$SJ=KRsuMQ|nDF)IcvFo%x$?=yG+|q`QKNNz?Yjap&0$+c1xIjw
zL{6HRZDk{~c>I$znU(M@XKB^ylklaXxHR-mVnA<#E8PjpX$<+&!B13Cfx`@9tNec2
z3uSB7dJgZI{xNRd<NoomNOnGGI$O9MEk5GH#+T`S=0KMUD<C!*XUmi*uTLob@!M^Q
zRfYsho$zHCOQCjgXWj2=yyvHM=xcAe{M>dfC!DiLndXHg69W~dMo;bDqW1pYh9K(8
zVF0Zk9$1ZBqJRIoMrguH@`!V9whvO=dGy%~?^KPRjhJzI*5z`K(3w@K6yr*)aIN(w
zE;IP-LY&m%?{luU^a!~qx-O18^ZlZ387mDl9&G%G>C#NTYZI(SSOX@FgHX9S+q7)D
ztkhE}ydCOZqwU}BK(<j})|}i-uPo@|_$l#Sq*-lD(rr|La-qKaHk*O>>W+hOb^;+O
zRYmmsta%7A(}15ee(iueAf1b}tpfM8E~l$V>K<NPV`-)gws)UuvdD%Pcpa^@K%^pL
zgf!X@svMnVJ<}{gZDpKLh5QeO!TU=W%J0xFcKI9D*!CbS>iO9$qClVfS)z1U#If#Y
z5$B2MZMJ`D5&O?kex@#*l=;0e3Ws>mz4Yt8X6NI$z3Qu7iaB+)M5$nT&Ipk2Rjm~@
zq1L}~uOcm%wn*FF9oVfad5JU0QI-YeE;_M(Mj(}fYu%`THy`%E_u39@-ShD=6~PiZ
zztm9wTm3~jI|PO?zEIBfjqLdivQm4Gw3L3^{-EeN1qpAPN<~y-FE=NYJ}&bN2$cTm
z%j`+<=ALFMIUu(8Vnwda?(iW_9yIJa=cphX7*}%)BSDngqGG3UWUOw+`?1z_LJ>pX
zfDVIGf^LT@FQ@c%Qk(&d8NRR|q0HWp7+!j}fT2h@+A~DpUO4Qj9HBRdcE%>kOb(*C
zG9GdR!kDV?JEee1J_@U71g)?YC)~BQhgX*P8wWl{US4$wMS{M0{45znnpLj3$Lb|X
zl=tX7v6CtCT6KPHZ<u{x<^?*;iJvi0KWAhoG#Z&Y-U`82f=<Em7K~0%Cx<f=3HPgo
zT+t2<3e0#<iLPnGHgukwvCq8$7mx=?FzX6l?UF4&^cnE3W0JYBYP`?IB+3$?^ss)j
z@6mg8xqJN)J=FsAw_o{RfrsJ@W-}b^5&=v1K)5hfg{1BCOaD9*b%J*E{rvXJ4qFvY
z^G)1;#$TMf@}q3j4L89p&w65kzjSV?E_U+S6OP4AFU2@k9ib}kHSl^ZUq+1y6e1zb
zv(JCw>WVc15mjUE3A3*#th|W$^AjTcnlZzj3`x{^{N`#IUIl?)vyEbca^Bkuhk)b_
zT$b<Hg}T|8WmUmaP7M+)L(hqTqV3eVGiz=yYgw~OD!1_Qu=>GaneQ)MtKBCMCrKVd
zMKvg}jK83XJ?cj7_zT3U)I0f>bXakmLfJU!p25Y1cL=7z)9uf|`6*9~v<=V^%~N8O
z?PQ&F3b9ZlFvEoTTanS2yl1e9=5Qb=V6=Ce2BC;CiNw=P^pgLs(4(=~qMnmr9nq4N
zV1)h+3cX&`4ejz}Tr+JG3sx-qo&~7S2yJR#W$EyeBL_nOt445(>*SDx2;_-k=>2<_
z%R*@=2oUfNXPHG#3&jtCvj+B-V7T|Mh`do9CldYe%ZsO{B;}Y7M!z{o_<3j8lb`o5
z%Zc-kI`*7ISIPa=!b=MnfM&mY0U8Q)cw}(HM1=~J=V#6ThNWXKs7X|ex`Q@@zFiW&
zP4*q9?0TjXN>U&kUL1wSdvTgaG$m)!F3!|@Hef~R(sjh$Ily2G`yV+##=ld?Un9b-
z*Ak&vYkE4LsVQ6S8NZb7AF6sJE8bqozc9n?;|3j3ub}B4W6(y563nXE$eg%~OkYp|
zy}?oquI(UIR3^Btt3A8&vT&Vriyys<+3g4S@cf0i-+4TdZsm`Pb}gI)E>5sH0LCrA
z9Vt__buGwGc|Alq;`lC4oy(aU13xRTKNG1y<)kbZo?>h~-dxqTl8zMaj+g*y4+E(5
z@LxtOkHt4vqvMfg)om7-j{q5z3e7^fNO_ZNSZ3%f1ijm55fjV>$2B2<*ORO#Q4Cpa
zddBVRyDWt$J#yKdP;m-D{z3<uW^ic4kBOKjgb&Q&aqZ1Wl$N-9hEKa~{vxVUAC~Ny
z*EU!pFqmgz!hGZ}Sjy&pcZApiw8|UqdVz0d?(-z+xzb&sT4Y-l+0hr(P+N9E@Y9@s
zOv~U?H_iV99*zh}4}1KwyYc}8U65ozYzyP<N`g67jXNzpPcLFoN^~R!YT@*v0w)OQ
zm4z$1gouMA^{xwd8keStblA0YRj3#fotomCPwNv*^kh2cekN!3?|KqFij+DOYSFpO
zJoS_gncDFRDPgy{6cAv#8NSlzhHEu}#Q^zxX=`?rTeg93SwRk#Bnya)MYwQD3t$#f
zbIP^x@{yng#CaL2lM;;Lys@0tqL)63Wk;z9$Gp`^#MwtVrt12E{PoLy`MO|9>neHc
zy`)k_&{#pPpR-QRkRFvNi}=qT+==7mtTOpFp6vJ$yf%EMiQT;7voZ1%ZFs+q>(Nai
zqSh21E>#tu8G#}h#1eZyNuSF>V!=3Q8Ct0^x<A(Bo{)V!7SZI)&ES?`Yw(P0q%KS?
zXSf*#<3&(pO#~!1TpLhZ1qq%IH!ZLhHS1^n7KxYPz%T<KPSUi$Got2nJ__wpZAc)=
z>js`Q;&SLz?h<k1u%$wPo+I8w>w+>Fdjlnq=1V^=Of(79HNe7c-jYlkdUzATciF;_
zid2u0&p}=ak;U_@^OGn83oCJcm^jKY82~6jWaVl{RJq3wr)LL>UWJkOV@hz>x0mIu
z62$4+g<JPBgKW)a{oc+E$IR*T_N?tIJwg08Hf(qJbM7!v+I4WW0#dHIM<%D*q9A{p
z8Z^p>vi1lsdWgFDB&!=FM=1c23=gKJjPNo<kQ!bPwh{zBMx8Q7f)HlrCENYs0Vpi{
zoA%uVGL+=eAo25+C|amBK&tk;i$kE2bzTnkF0>=Ck>@NXien5I16e{CC}Epp&>@Pe
ztnz;()}Q<Rx{D_Ms;46b^Xdm2F}zz}C(M{cmX8q(11Sm7c0IEV)38_RTINdlch*?x
z3vX*YL$9@=DAztUM_hpDek3qXYsG#u!VX8IlYGW4OoH##A>R{NVrjlIj_mQ?M0LXP
z&>G<*RRO9oV?`??ASX-7G%>xpocBHSEgDY4^oob^HehbG<hGB2#mvxJh5gg%#AJ_X
zbSxu5J{j`>O0JRB7!1(E%GIG%$2`v?WH$@E1CC`@`Yz7#f&g>=_~G-<yM%*Dt++5A
z@fG!2yfVYBIW8zix!)>L>ToNZO%aK%TrZ+*m<vMiPEgg5gee7S*`j=0Y99$R&O*rE
zd$`Dz6O!!GcvKv|9=UoRVW+hgvkNp+uf^qUn5o@BAWzn&T=wHPfEP%VxZx+ZN%Y*1
z(pxy2ZRt5Rz*e7VboPTLFFRXLR6Dk9&;jCYj~KL&`stG-Vf#f0g^afO%H>|5Yx#BH
z7GWk%tLNG#SH6v;FN9_{2?tL@xN2a<#Bj|?;`0O=SH#dXT7wdml^0nS6Ubj`UT$oa
zy!}$<6m2wjVX}wq?!B7DYmUQu{z~qtOx6es5m$GO=?%~6&3hF^pKliZrVg3TMinYv
zX<FPq<tCG1g-Q6lcZg&{+X~A6HP!eUW<+k9v>;Z+X9`LZRCPGTR^=tb+419Y`dsES
zBxx7u*t$hJ_YR~og!e2?3=cQB8OYCF=sYv8`m#3^C1t3+^j#&3cNk0G^;ZAY-k?CX
z(TKj{$cOdVw(-V#{l_N-f<_Af3;dja3|C~@*~l};Y9sW(v3{+Pu|ho<?k)B=99Ah`
zOEt6=2m<fB11<9DqQ*+b9!^Veugh8+TR1f{_eOP6C_{TF&7-;e$^bNuub=DsOYnY;
z3Ns^lpxtpQ1p$`}nrb+ZwCxdbz_T0@92v_>5U`{M8Lk$pqZ9G2C-CT+yKTwb9ogzX
zoN!x$!b{id<wYXBddL5b^hy2mcRFbt^Njqk`2NUPS7mA?OBoC|z0spbsP<C}VJ94m
zojRe_^>y;bir#}8y=tTVPzyra5Q?*(@i-)|sd9pY#w28qLY0_qT&D;l*%kvN?}<g*
zIcERVXy4%0Dc#0A*9I(s+40tR=0)>R%RmOducj|D`;}zxasEb!4t%7?PjO_YkQBW_
zE`e1ApXMt|(9N1yc;B%q-Uj;Q0>S6W{wKk=j>8lSkz|H*W&wa$w}{c%Dq(M(f69et
z=wTtXeLtq%_n}E~>Z}nTVKRQCBQ=LbyR7|bFgaz0#~hlFcciAH3+_-}iWpw<Z_k;s
zNpbF^JB-Ir2BIB!*-_IPz4@;NXi)h%eVLu<SV^%2os8@-f|<q`b1bqVd~7>P591T4
zl^gAq7QUTMnEHD$PvKI2q#ob_Ecb;pc-6K$@Zsud^Y^MulWTH`Izju1SU|h@|M-u9
z6N7^c`e`ObL~sAm+1kFtBpTU4baRq;f=0H2RY-q{?mkw9?(-n?XU)!!IksF_vh}7R
z?_jp}wWHz*p8;JDW`eRIEIHbM#Q%Rb>W^%%p+)~?#p%X}D;K9!8CW1R{fPPMNp}K&
z<tj%UHPHbN#wEQK78pQM-6rh8P1$~Y9dM7ZUC<VKJ#UqXFxn#cSik1Plu;mHYMcFF
zO@?+r-|X5StoiIr!k91Q_mbZe=ns?1j3BwH0-D<}^uRw+d0H{8kvwSh@W-)*!r7S`
z2>$`MIAxi-)Y-5GLG@}Gp-Pu%5gdGTM<>}@McDH3en%L@qaw7_TO{1vCRhM~t}t6~
zutKyYg*C4vg#Z^lFTZcEyQ(*;)3S}X+1#*$&U&K@0jduDkgBp`5X8j!hgmOJupYlz
zi^^ezc$5cSs<h4dB+vW|6nXI|tH)ws&1e9GZl)Zx8sCsQ)EUi<e5U~?_0V6is{Um@
zjf#{ZB_-cFz;&59QjR_tBaOy!$^lQ~ci+g)2~!I8YKs!$z^Nx&O(f6Ta9(4wWT#X7
z$N(6>r_6Y<&g~l%?L<F%sz2*);9Z-a2NCWaiy!z_DLa9vVN!-%|3soeWB&*GHX-8l
zu}PTefC6qtJFH+Q`&t|b?l;+;Gaj#py^~2A<wc5mSGT|7OEpsPqNA`$p{^}M8~nh~
zTa#Pxu@wZ`qC~waj;_09P^hq-Wvt8FFR^PMTCMf5>VlTV`c{*H#EAY(u{-_`$XF}o
zmDz?Cu2=TmCTkJDNokqx9|ea)2trCK01hb+^Mav3ytNNFY#OMA@@DA2ENY7&rK7@Q
zF~(OQb<KOy%w~r_%dbdRXoj1c_<~eNVGSux#H=YYm($_~*x%nTI!|!bQr(B{N~}Tq
zhaiSkWo}`GL(zNBHFCfJCX^&r6*lhhwukTpDB(#9p+Go*I2)8_h`)K3FEx^TKEZ|Q
zTG301<@q{-Q<SR`ShWF(aUh{O{~T68&fGlsz^CH~LH8HW$5#m)O#Wq4g9s7%QO^tb
z+c|kWR^dHgyxi_Oq!iBJeEX!V%njQ2y^ItKVLO0H{fm*`U1{zBLLiipPmfvmHpqwi
zb<qxELnJm%@C@6BAq+8|xDAZ{?rjHWJ|SQ0@wSG)F=Q6K4ylWix}NyTH)GUvUZNv*
zvAi&UUX2ad!+LCY7kiihliv@xp-rR9%+X+Ygy;$<7pN=4=m|2YcH@m{^BU>qZDJS6
zNVc*xP9E#5^MUcYY9IoXlPVOnM0Qcitw;6Y^Ba55$c2+!4_!l!PiO<(U`WG49I}|L
zH&+xSQ)3m5D+g@4x{k#gA)IYQQx@sFDhJ^qs|)(>Q10@>Q4()+qnwTz!y=;nB?_2D
zMxzX7<j(3a#fB!P+?I<*lJsPXK8g$r1QRp<>P_H<g#I?%HKzVO#34!U()x#QXCRZ%
zvckUIV0Ud_@o3j{nC;(0nLM)>Wt4{7VK01I!vwDRAD4v&e!cO23~Iw!|ILci4ncmg
z@*KI4wGsk()LWH>C-Cy9$hXc%2_SNRY~8TV>AcOlmm?%(&`u9?-35^cRAO+YSU{9h
zrG7tW)0P+cg+K7X_D4c^6s=uQ^Yz9nd;@y{^~!sAL_!LB2ySTH)DW>(Zu5c3h|6p+
zx6h})ih|gEUZqg7duF#TquPWc93M0y%|Q}zB=i_%9o#yS?uzUCKHqc0=(B`O0QMft
zII4-z^W0!rZGmm;|KLdr4*3*}{w4LviII?3F9v_7Wys898`~tSj@j$-+<wP>7u_na
zw#N{vT}69C23-hD3DDWqG<9H}n}l`<KVWijYISLhOw?6DJjS8va~Mn`^H8|AWP$v`
z6#TGiT4X^5Ch6jqI%Ra!OO&7-FVNhrp?jrS3?CsfDV8M|PmOp=2A8q4Q*?mIleUD+
zAMe%bBh}#T<LC2OrN*wl_-;5KgI{0*v*_=~k6<9qs`KtFk}QNLC40Ub5Qf*GaCw<R
zBaA`AoTI+k7pSJNh;-oYys!v_#7lv_V+Y)wjt=z8ls}q9O2Wv#aTF+#3!#dp);L~3
zlAaM}x=a?abQvF3MSQD)icP&3i!*b^yH`EE!RuFW-T;uO!jmiJ3Zl5$4V~ANRzdh0
zVxIc^K7FQeO$1;+T;lnX%tg{iK)*>1evD^@B0Kmt+pS(SFnrr@d?SxukjG2|A&1Bk
zz6RBAwBsULz<^jTT&M<?@MJjvKao&k2=}Qt1)0gHYpk3?_8|wFqz!XJ<?$^4eVKz-
zbKczZnk!f>aQ030xi=dqmR4K6>%5_vGWuOmU7Wi1($|^#zsO)b^I^q2+?%6gCgw&N
zfy$755!r<ep2!(PLCHO2G?L{Z(UTn#Yyk-e5=s}qB~tWZcJ8OdU<<ww>WFe{gQ!@Z
ztlH4a#j27y#x{V+gH-q4l#yYGTg?dI)T}dg7@KO79mTeM0_ZsOtDOv>968<^q8@sQ
zOf@HZbSkZQ48=_{-q<c>WND4gD)m*WuQrN<2;+o}QXEB52N+f_0i}-9C9i<V)M2e=
zz6g35+Z{o8>%~N9ZPids{i%Nds39ljW6M#0{jo?KN_SKc8=#c%KgfNd0=_2rfLKhe
zNv|ejIJSyHp9^Unb+ysF)@nkGQah?hUfBL>fd5PtJK)Oy>OaoDo`M$F_m7j}S)-Sm
z{XH%-FYIEjz9K~SKyYO(PZpN?pl`Qyud82AV+HvlIyseu;`x|-QcPs@;I_~3&i_qq
z^p_OU$-_QtHcdzdOETE>)V!9MZr&7$Q<DK$uWH)N5H&f8+O7uj4YKhKvrqXE{~yrs
zB>HnRKOhW%W;`84l3WS@ahH<w_k&W%7=Y%t<dLs15uT!$+XFq+dWUHl{wvMYDVIun
zpVBLAkTHeGPO>jpm$$^SQUG!EW^k(D5NIsrCwkXGF&8xsK`}2;oAo*4E7@8=$S$2z
z*jQCZQNo5@pBN&Pgh)OQ0Vv(mNv45Dq@VAz;m(u7p<X&)?Fs_*)5E`=F%Qdc4SqI8
zL?rPpe?X#0u!f4Y!mAC^ui7mKP;GS~+V5S&AGUPj#Yj)uP-w<|HZ=_dbj|;x-||x1
z4;z@CL6KF8MT_ZUo{4F>G1QEQWA=vh@@&Cu&?FDv#o9=0-bNr`)as8Bw5TOJ_nHra
zFFNQTgcy|QTSy%}$+s>kNLC5(9sDKhjW@ewlg(5Qgy<<V9A}MG+<Z4JSo2O%#nqzp
zn^5Qa6f9k8`HXw^>h#Sp^&t;)<xim`nN)`z8}rmgSJZDzN@N|d(x%Osf?FF~<+O|m
z8VXT~`h04EM}ur)v8N3lU%gpQLm`zWNvF5^q;jECe6tj|IG%MUSHx-rYPL-G2J6zu
z15`v8dWE#={Hj-v88(9%n%ORrt7b;s5R_K1z-K*>QeXhGo7W-H9VE?0VD@D)$C-_3
zf!*g51g<0uaTa3Pm1|z4{WX10M?-Sou^>1)51z+e+!|2Hb+<AhUYDe#xKXs$#e`O;
zwm*3@aZY}n^Xwap91o-OiAjhKTeXIFWxlv>g{r@iX%3w{)Si>MZ3a@$s@5MciJgGi
zS*(wHAz=FR{CUvl=oQG}S&U=31|Iv4hK$_XzkVJ2aX3J#A&x8K6xfZV4<;iV^_ExX
zkvgw>wt2QQmOc=jWrATF5AUA<0nNBUQ8jDn1`dV-0oaly(x>0_Ch<sf{n20B%fiK2
z1!tBjR<RH)Oev<xuqg!MUMegkxioYNzlp6lNEXCIS*arQ_=7J4`RWzgL;=3}8~YE{
zLGZ7Uc?UGU|5+_KhJ~<<@QqV>(tFtt?NeW=)Oh~;5P<)!6}&uMNsW%-ZMCXXYXe}G
zbbmL8`e4<>M_7Tx6IJhsBF1y%=Lq6bv#ukSpmrO{)cbaE!x6L!mkIZdUK=eBj$0w3
z6PS{riu%^ktDZmiTt12>U2mu=y5#{}Sme2)=R{4&Yf9<l8ky4CT&@!&8(Zfo;<j(v
z>too8kaP~V4q>tPgfKI~3GuwjpXvl-4kVFLJ-!eO+Yl`c=h?s02eea3X)P0mOBhBN
zl7bDq3-gJ<<G%~gkog!i#$~J=50jB^`IVWX%<}HkgmroxnhgCSffqk4SY8ZThh}51
zl&&7U$w#3QM-*-!MGb-wR|g<gyxW+C&&vJuQg~?S7&JxbtGO}v81>1jA+qejiAuf}
zb#7GcVlbXNo$J7Zi#=#rET23aA>}^;0xNQ_QojDF{%vgI-Az4}lw+9aAv<P@AZ(ng
zk~*Tiw=s6Y2uKlCDR|ly3PJ4{z{8JlRpG16cvKTQKlHUE{Q|p_z;g`!wfFU*n3TtW
zH<5&`p%Q!KRt5v5np;5*vOJbG6q@KHT#`&CfC4v_YBg`jyslk!;t*6`Rjj7+U_dvG
z|E(1ZjhNiHm%H8tB9{|nrI*A?(x)iJsp>;$yxf0Om^`mM=>^E7!Bec%m31g5!pham
zH`$5p7zZzso;4X3kQI}_#$EzO5)PhB?T!z~D9#syD?EJYpWaF;epK_W&3@N8oD4aJ
zcI;*h-e7_F_oDNAK~F=Ud_41Bgw7vnQ-rlr!Vm2M%*1OeAJ;}oxIOhZWn%<)!D+m<
z0PKij1=TCEbA{x4b(qRKE~_G}OL;ymY>;~RTi2g2-ciMsi4Bfa;KhDm-DdcQzu+Ip
zkGFc-ql8Vy>BR;F%T}oQEDUSV`yDvEdxHf13_xl)x!C}2XKen1&4}uBa{?;qS#Enc
zM4ye0P&pP-zm7rFK)p*kN#RBC5gYGtOYf@V@Pz{AMH`wsD{8-&o#FP-4itU77iMUh
z4xlG0ORZf!;@9)Z2HR<@8}^w$(Um<ZF*msB=d8)G01Mk)j>rPXj1Q|i=9~OouG?=2
zbqmcQ^>3?f|Cds9<OPg|n#B^MV@mrWY^P#O_|p&BHl5R6u@V@@LbyH10FbU7VlC#x
zE!Sw^weIk9n^C(@BtuHcYuugF$)NPievh3bzD9}Sx;1Lj=|nZtvwu0FMvKB@X0ul>
zLBOET2e?jk=7oOWyh!Wu_6LZxOt=%s-L(Nvo)iU`{W5ILwVhuJ7EV1MOpc!06uh@T
zI~kr#!oNHj7h>r(-nsjeio~Sjb4y3{Rl|g-YSTN4*k~FjWZh09kzOrcFGha5yMM#-
z@-npCX+{2paA{0e7#i!&Aw35u(akmsVs1`z$ojq0U;CkkVAJ6qBOQEi(jy%d+gMjQ
zJbCz5%s1nxcghg1aU4QZpc!naD3+H{fL}lG8<4L!p>f#ItZjntk8>`0|J(6c7~nx*
z*FyW<z4M1)Ivt&YD!w%av?z*of%BZMOIihp=Qmrr%`uL-ukxz2{b@?!#zUsHZr4MJ
z+v#04D7oejr(a#nf@@Zecro&l3BLIojs8M_G0h?Lza`!W4AZUUlRdtaLB@DsK}hT9
zqECd|YX~Wau+m+qtG0)R;zK|}ooE|xR1v#FG|d|`)OWJxUxqzxcLN*}TfajQP|w_;
ztiP0G|2i#c;heY8!v)6btb4*<<LkV5{rI{lYx-5Ya+zw8VE)BdFph4YsmpkKsZ)=e
z@LZ-5<%Ur5Y#7C<%C^+w7)_M%C3xtoC{E_1vh2~bUFD;HMnSMM6^K_mzAnMO^?igv
zP?4G0-N~gHsfLCa2gs#XXy6F}VdVe!MefN)%6=Tfln67dV_DM5Sb}APpMwW#GPHVa
z{xf9QliNo{DG_NqUbP+kj|MeR>^I#D)KvU(`5M`D>YA*tPeef|+UR=>>wdFdVSx(@
z(NXU6CJWfMFzH`w6v{~gGx(_G73IUiMkqqqkCe$b|2Vnz&!@`zy$2;XhT9S>jd7^4
z10Wb5ru}m810y2<{8e8};MItEJnT88JKFJM6MCBsY?fq0%c@ANf{E<E{X=)D-tH1W
z4GXX@KLZ6oO1bsWX=l{lAU<HSAOeQgF`*QZaAjL_N?Dnjnhc~9zB6KKhq<no=kV9B
zczfn(YO4#OeZn!q>s0MrC2AdZz2t|#K7fo$%(ZA*i7<wyLf;KD3e)KS>3uMppN#CT
zIJukOj^irBJK<SDyuoU|nuc%DV2=;FQ_B}B`c4xZOziaj_xa2AE)8esM4>5(mEwYg
zXHp8VQRY}2Y;oTG>@Ecx7B+=J7wyK9oI#|69gsBP7k4^A%BkGZBivGiqj?~K?)40O
z(k9(YUy_MyLZi5V$Q^U_Qvz^v`W>ozFqCpU(QVlOerU`U=ETPxe+sTF$vxt6$;v1G
z<mVjVNcwVyrcR?<iP494Ub1CE)(Ta#R}<fAQ@{Dy>13CN)#qiT=P=!uM-=`HRgtv>
zB=snT<)QtSfVI02+2(;FWmR^_SKyDP(G<YR2w4$Hee1-u0KCR<gOa1={l=5vII^rh
z3y;E3oKy3~?>E6!FK><I<WM)p?Z%OGi^@8Lvl|njoxsadgl&tV^u@7@%YYY0$#5Ev
z6g*^2tPgikAcEN(9nrVf07Sqz#7aJ2D4%Ds#?e@IA#7wY-aQo1HfTnDMDX=nZ(+%d
zJkN>dX%S5FvYbuQ&-=BgpagQZFMQ?jvnrACz$y?XA6$pjkq)NK6lx+{Zh37(4AV~6
z_wPii9}SM%IiAOtk|(Ymbk}9z)t-gP?))Spi9%F&mpRCS<k{b0o}VM@{EHH@E{ZO&
zg@+LA5zgJZ6s63?5iW?%mTpeuw!`9Wy8r-4GsI@5qadrJ-0H*+vOJ$l6@Gv8v1hQ{
z<!z{ehpxfL#vWSUaOUM|u%=a&A0G~DG9+><4y{A2$43)lp~MS}THQ{Ir64?B1W``_
zc-$KsS7eOx18*3}$FHfc)$hvf={QP^O6SRm@hWxhj6GgR22mTd{u>(XioIr0KO*Yc
zUg%+5^6|<<3%R55|Nh#;{p9wh0;e9qAK<PKJPP5YhM5H6p*lt-HtQq{(t-9!I>2%v
zJ3ZZz$DUotpDkSo8hYsyNc6@?<q+_`dH#&bs37$CIEoP`jB_3D-_W*H2B!U6{4&P6
zJCRMvwE}3mhsdu3{(H>H<pn1Nppu+2%O!b&^V$^~qtufV7V>j$lp*M;7N`(JH|m8`
zsx*kIPzR>^k~h*8Na^{UfKKh?2I!f(Nv`898PbVjj6{noEnE@pdx-o=SAh9a1Iwv0
zY!{$|eB}a&Wd_V*A*gabKaMkMXB@EMhM<*n7|;t1LIGx`>Eo904}HP)qEjWv3OrsI
zQ`ZDHcet0o9BBe()^O`hVgDLD_pEcANBH;R$Ct3|R_uYN<M$P(PZE;j89(5)k~vFC
zsr1i%RVpT|-Y(Qio`$iE$!kt3Tfjd!ev~u{P<CRsMtb=8Xp0Mg%oaqxa{k6i@3@lV
zHk~VOdIW2)O2mDWbAYH)_h>k|zM62M<nW=whCNw$y&l14x%T@S#pNt*yCE}xsk?~F
z-%s+8{hSXMw^`!uyckkFBQRR{XDG!V8eAv4Pc-BHc)`%J-3ragV9cd87npiiXxeIM
zY&C5St94|h=Am@^W&-r^UV9;Z*~7+YEDKMKV~ne-V0rX%#<OK6t0Q#xWg4;$ICutz
zTiJZ^F-ou-R9P9bdiuePE<eK+G*cTD7XElD;w*j=M)zs`pd<6ID+eZAt18L){?@79
zktYuvHv<1w{^d!aBH+HzlFIQC?!H!g3?yDL^$)Zl%70r{zCpLTxo1*m;t}j;?U6I-
zLsRWO#psUWp**IW7c`zx_K={c0BioRX%}%NdSWt#>Ku({4hYx;<R+jpt34{hC%qh1
z+(cEZ846z0KT=FCSvytKPJQ{~gS{6WHf%OfxorBQdmD)+^wEU@{U2|zeizTni4p?F
zZLH6)dGHGl1_JW24vRz+!d-=9{`$?v!&Pa9Pg3V^JWLK@Mi49c_AX|g_0<zhAoO_3
zyNb7>5AQPRSYDYT`vROFs!67XAn+|b32|8=N9vypq#{E|$k;%jr-7@7uDTH(X**V+
z$&CpNP-ssZvcgwo0`$AH=UZ~;VWhLR9^!;oi#Ag25ZINO{uPCrpe>1vMjjkbF<Fa<
z6d3#IN7T1dJ2;#+|Dz1&QCAb&82yED$E7SAR?{J!+F>OH(Qka}aywsLtED;y(YY{+
zna+_Ye_Vr)V4)A0Rn|g1U2uy4;jL(k9>ei=L6ss2xy=dPjVZq12j!C`IbFP>+8c!`
zD4)XtX>ujm#E9-+%y5E8f)jDA*UEvdq7Kx(nM-VbIr4fGvKc&Unf}Wj9jqun?`mT@
zgLJMt3G4YRfNpvzG|Q$NVEhak5~clFj%1y%l>zYuW;<ijyu-G8<d)Mlsu~UC={dgS
zrufPtp>I@Y-hgw4{d`#-N#b6~oN}5+wf5G~7GNLdykEEr9&t6`{LInG@%ymrw->7X
zKnrg<u=_$7tDzD1MH_0>opV4L{}zmku$5Nwd889J+kipu)cMocww?YKCq}BU!tF2Q
zbpEVyCGK*<ndz8yyh1A7##Np~hmH&l<j!4D)OBR<;}lGwi=#<~(Swf4;C+8T1LUuA
z2+rRXX@V?XS()G(t<}^j{S0F8TWdWb+UW2@(wOvat^oy@>z3Fve@PPbwZN-46r-g=
zv!+$^USnJ=oAr$#kx{(sqthV4aK7aAS&%ZuCQXD%j7a8GfZCbYNY=G(3aTc%Y7fKo
zuyD^$gYeG=Og+jIvUwgZjzyj~->eFK4G|Vw5A+ug<|tG;pPAkH8UFK4O%}jrnkq2R
z@UHfKKWn`WNyF?kDB>DK+8T10@UAEx)@86vH5$k)+qK>a;kL`v1HEI~mXoHmr)OVs
zx7gU=;VW<Y2TpYh5_9P_T&y8~=kf_E=Z!zQ<})-ktldUaE5`exifMRRrytumG-G)*
z*9K0lNViLrP#T`NMvz%ri}b~hQshWo7!ocpg>Ot>AL%qO@Z?Q6BUj`pTqC=2gKsFp
zS18K}DRGM}h<ODs96MG-OoQ-#r0=tlb;tIrrwI)$P7&B|@BGw#2Qs`R>EFSUcNI+<
zunOtv@xX))>$&Jt#baqvVk2U1zUeN`t^*!{f$i#i8S#ldV{F7mb0dU2o_Gqb-It)4
zsWIt*`)dHCFTv#&Z;RiZX$o#h$6)WWi@iYA&GI)IpIWP4I(XlL7(mwDZ_`rH(Zq_p
zX)wPR3y+PuJPBcH(Vh8s#mh#;)uTrqP~t5S4Qp3=?v4^be*Z#|m57ob%)x)@RS%M8
zQVnj#15*xwy$l4qwMO`S$zxBMiBkDMUC;PZ;3}-RCS*qD;$(a7!&H{uea4D#S;kn=
z;M8sahqwyGIkSt}#NdRxHspHl+|Pc^mhxtxMcVBPRH0cm*@uk4rO~h1uz{m`@0NA~
zHo65L8w~NrWe))|KS($a#)RAq_joGr2?LuI0W3*GrLU~bLFZuKG_E3L(Nx+I1l=12
z)@+!P%!9-Mzn>cJ!K+6kcl?m*PHNP24whtP(YR8=taX$p^|tGg+7ke`1G^?YVi|IB
z4~IToQgT(tHI^Cl%9wE?0Lf?xvx5MYF=*aH>K$D%`^mVgz;3k67rvZ}G)ZrUS?OeN
z0w2}wKDz$<L)3awvQhUV^%s}d<{qn;plXX56ai#+p>25TFksP5f6I_+ZQap$1YAD<
zWwutYOnD}|6iTUcf`W9=-nOxi!Jr&^M4r=g!aOcOczjdFa8L=F<sad%A^#Zx=nT}T
zvnJ^PmCdVBb!%QV0^MJqFm3K_l3pC3F#UD5=vw$Yb=R*UP`QSUCUW9r@VQ}?SX0nG
zpmiJn^)x_lLOv_9_VivINV1gosglP|T2DU5BiLbF+PU1ZX(wBgrL{dtToS}BBb{0h
zStv?(5tz;j4z1e8Y!R6vxi85%r|4j`COD?tG0SMX!rY~yX&>R?o81L8^A+^f!*MWa
zw^nHtPYj}_@2itCr75-AnNQ}NR0&||TK>tCLe|c18KAU&HpFBFC_5}8iP=;i8ChIW
zaFaQSJX%vlb|Jc7RWW;K1M#dkCjQd2tk!kI;S@sH7gYU<^7a)9EEq0=Hiu>!+8+=7
z)$ON$QL|}ZzEX|9m1d71a0F(F%S<Hh)p!O&M0G3p6Cp?RmnnCffr!zw@mW!#UH^UG
z>o6s7Z9-f+I-2|y96Q9HB5}M{Q79fCOmi4MSeoi5AHc-8nE7fl^o`;;7n$X0g7LlS
z{=&HxYz`L=8F;)v+a~Na23<-lco2Vyt4yu*U&YD*1!~DyIOjweFz6Sen(=Mo@ZNvM
zH2)c)xEWh|Sv;r;Ft~Ia@`w#dyN^9n{64{n0eThy!cqsp8Q+@Yit+kixrUpt=i+49
z1XbBjUF_r~D)Wag4&A(<3$RI$i}`+vZ``9Y$0f}KePkSc!s0+VeT3sQY7P{tFIQc{
z!!-C6?k-8|4tz%Ghxpx`YZw^#bo@|^=cSs`AN>s>Z#Zd1-f-@bxg+WR_bL^!CqE#;
z6?G}$C)g{Z9s)T|T&JLz!KpwfU!y}{(vy^2Ug@}`@dBrB2!b=qz#u#S2~2Hchy1!k
zh<$n80{>CxZe{<icl+rDZnx7J?;reMDY;@Hee5`Q<#rm(4gm{vxx3e0h+xRnEz#fx
zbLEm~W=U+pFf)E}5Ao8w(A|xjjj=e?H~Wl+E5c+v{1Xjih?r4_I{iUGgWw9TUAjk%
zs_=rsm$cD9)x22^V(sFBGup($_ZO}ar@+ON>?4QfMoTahCQ;1FBAO3{FasLP{*XMm
z=G}t%XlGTRh$*;t?!2yD=eA;_>+=<N=Lj{rnZjcsm;+FF-4e3QKnYw#K~gG^>XZ_%
zP^<Jq8opG|AyiglL-5$fR?vP|)I<|u!Dj*OG%SUfP`Sa*Q*SR9h2N$s1oq!&;j>fN
z?h8dJ7n^QOpAh@b`9a|ypbAx&!4{_EezV>2Fhz+Tj+DUD4=I990XX=Kz5s&5KShdc
z?Se^1FakzzzM=V|)a^jcp|D%V$co(`bQ?CMGZ+A~oOkHqyVY1cVW9(~sh-kc9P3U=
z&i2u3>_z6oQG0tbD0@+#9WlMtcS_`tk>&r+Ig0v2{(>w31na3bw2zKR<5558=y<dD
zpW1^`lqw5HADQ-!MY6sn0wr_e;yHm!q<BJBYmfe}%&tHwl(#(I5ffC?)w(e2RP99Z
z-rQ)Y)7y5#h4$!C`6+~iP6t8<G<LHKCCBs_Cl=#?O+`K*1~1jUiB^a?_^c~e$jiX~
z!yVWLs?*NAxn|=E>q$e3;WBP{M`6!3l6N053GU#!MIkSIlXCL62f+~CxjF?ApFV)~
zyi%%nV_uLJ6hL4&-6e?KnE@>YK(0H~tPZ<fhUB8rEt?nsbd>AemoF%s6Orect@=%4
zLolhrCK95SYW4!dhT+s_8j}wKTTNP>zr^no%whWFaaiqv+bmcw{pF7UW3ME3wO4Q!
zsc1K)f-SaS;Gsb2>ZDVxEH`WtYBt?*Ky<u_!yEqO3&VgI@Pr*GsSe^Y_#YhTz?I;8
zpbqY$L9_M%P&AKJOrJ$?!ee|IxE>Xyv4f97lFttL?3xZ__a7N3ky&~~1!ovQ@jD)t
zC4iuN4ymhgOVF&A(jNaN&0irquYjw@F@W5XN}>G8MeT05VX4wnLs4iRg>JYuneh1E
zRFD^@CAf5>h*?y&Yau!4@0c=-0C!YA)uj^|iL=>Le8fS1*h5FQ?X2>3IfAQ*Yj#k|
zm)2bTg6ZwviJG0uJbppbRg-o`6@Y_h8}8#f=2*f2s1pE#IMHk=BOm~WivRXWCi__)
zU7GlikASmjT<SOe=x^I9%1}0?yO&IsB{kF<3jJ{<N)3JcHoCK;Q406y!*tYw&BjD1
zG0%lCz<1|giZ4{ub)@bpiABJ(YsL;8@br3<POnukAohIR4fJ}UDPE!aL+WznT}Ybp
zK?PlWf5ND;$lZ%f={eOHKY&_Hs=OY#9z$3N08{)2N2`2S=iu<xlW2S-CD8;sYh!tI
zshewb_HJy%IkRR#Q8mb#A4V&0elR7KB>}jruW-vp3mA%cS>#pJhWcG8?=}b5a8!3#
z1-gA&*xBZ;zW7|vw#`29a;br{x&t<ppLM}5y$5=&cWp}rmk>-6UG{)0K+Y|+GO}r@
zNp%+tXKV^(sghjcvkCAY>>@7Ig(%`TL}ER^#=X4f#zcjzJVrB}riq1Q%>`r$&1m+}
z%h`V}krb_8kSx=SuK^lN80RrMRFTb9Ur?3i#K4MWIX>X@yTCDQT<hF>f72WdofYl}
z^?NJr%w|KZXbcOPUCqLz(-6p}^OZpK`~c1qIHsF|JgAU!xqWu(-#cURTNaeAJSm41
zSU>MKkT4T-V;xxx@leE{b|74~5RyY^Can;#XQhL~)7_oxRFg6OSJ5hqx*Ek3%e8B9
zN@FCWo)8)VJ#K*~=m3{`BkSr&$jRs^A3)wex8I-nlRWkR<pw><<f1@Hl53F=IjNj%
z0;u@n(m~6k<JQSj6;wZpyN;hAM1UEX_M)+6<kI>se14Z<enj)zwL3UqBshF0jhbDw
zrFDHk^+nHywfQPEx>=T=DB-@ezcAz994u>XYq&b9b1TmAiGnzKnr&1ByDJ3BBtcl<
zl*r6sWZ0BeuCOTm`EeD(9uQf_Uy|6~YXF=0D2r<Jj#f)(kb~2A@Nx~8%AQ@2X;^`f
zW<wuh)|_N7Uyh%!v@vJwvZlw|03Vq~V=_3iQ6TELYVeFT0lP+ne-=m!eQ>l<Ce-Ud
z;$-Ar4;g0+Hf2>opD-4w3uk6wfCptAQ%KDC_9r+NrS8T?mPLIncESVJZ9csF0AE+R
z{AQRGkA+Sgu#xRtgVWLuJ_*~o+ek9Hep=>TM1bhA`3_aghL-!beNwEEZc=4MhXH!6
z`KQiP*!e|SHKb^CXuotUOPx}<^hFj_L+3=6SMQ^(5T2aV&5*_(K2>IJ4I&6BTQ;VT
zq;+%QRKZ+?Q=CwaY;9ov|5!Ud;Gxh~i%$<Pz4Gwz8|HUfu+XhB%YD0fXN4qN4xz7n
zp%Fb79!dfN)fC2I!>f4c!hyO03S3#1m|2@giBU5-mNK^(@<vYQw6Sn;0{3fv3~kMR
z<vqEnfciUo+oOMG0pP+f4fb4sUXM-EMtD3b9C@ODm?!F;CVqy-V&{gs%p{#ribWY<
zbtR_`uz6S$9M{^Fe-;Xv-5rvkpB*88sSyMK{lavmEN4jsY#17FgcDKAcD42?gR&Y>
zJh!P&*+Dqhsnc=UEXaEN+aG$KK^(ZEV>`!x0}di0=|Q@!UJl#8chW0oXPov5C{96s
zcOrD2)k6XLG$gPNob!D}OSO4{%NRIh;-vJk8{cC6pUGE)OD-Ps$0TWXJUx@+MKwd0
znZ`wN3l#9~Cot|ggJxv{JoO7uy!VM3)sw^%Smu~G&K;h^c(}5WDabD+I|1)1RG6_+
zWW4B+(R<U3X}A{++%xBnsr1tJ-;Mex=7kYbaD6roacCYhlB3sONanNttn<hE%%IB<
zgqg>w=Sw7pg%115d*#0#OM&7}Csb|htl)j&RW@WUGKEkzf??PVy~Gc}dQmYfAki9>
z;z0z(<R^kmfy1p+a2;6mT-?Ga3JqsY%bd56nW5<{oJ6n8*RqNUzwgz0^V;GlVQiSz
zvzMDS)=+2(%U+fED~3g8+hyy91rapvLOVn7ig9)c1zX*(>NET5pp=BRxA9IJj=Ovk
zY%GilD!3`PtoyF0qHhmGVg*i9$tV$;#<4$E)(Hb78&HvXl^u+~G|?ObK^kz|t_A&@
zvES_2Xnb(4KRk?JH@)qH-IJH#o|HJ-U?vL2{|k>BrFj33=DBMQVy}J^{t+kF92x=;
za_s03g%igg-m-nHSVdo->1na^0_SO#k9+(RL1#XicxoPA4LXqRJ5zC<u(~+9gX>T?
z9%OxU0iY004K-@I_T#xU`78npe31;<$V9rHEfR|<Qzwh~OOzsYlDqxUO!E0H=A7pL
zv|mwmMHciwqBY<X>y%Ms5{V*<sQU^q8oSvy1ZuP{t8Y?@5L9vEKr~IQ+$VKU;JT?g
zA1mPavOy(-c3&V)RG&KR-}j<5ms^nn2=x?@-az6t{`Uj9M5}~&Vi9ciO3moikR%oK
zZ$lVaMGFJ_Ca8-{H9FeC@_D#Rgi`|PJ_`tmzAstGa9Ft*7yGVnW`mJ0wM+aR$EgQN
zb?bd<JK;Ek+X+kQXtO>8Sby2{>Xes3sp`$(p%_(cHh|(_H;l!NG%+e#HzhW*V5Mya
zW+k4XEcmRf7R;Qm$jxtvSMDNLs7hhjjOdcL^6wFH)<WC}mZOF>TV=^={{A*}0X7gz
z@$q!_kks=U!UB`~MHr-4qaT!KS4q_<65&ylbC<96WujC%Sydpj?q!KHSJ?0Z^^?kh
z<mVj5B=#l!ur96@C4wPOQ_()<{30E>Nc$qO!ZpL`WCl%ylRyqcx4K^4FN3rG0yT**
z+D%9~D9TYyXr5hQ3byoR3KCc*>VO-8Kd1&}*InYIn5k#zG!$Mx0NkN~pS^hgm2T1+
zryG}fuyJnSR~=kho3!(-OhFU#3IxtL;qv`{8WNCjCYb^&hezgfDv)iR`ZD=^WFfLr
zuEBedw4_z;%@Jcfm?^Y7f`XU2=7chJ?G536s6G>nnaOO*9F52q>`EA9O0^-VRs<@5
zU<cRmQQ>Y*$KozfLklqiW0f+^78bJeqTr*j7glz!%YDI0{?{5=fb(D#fF8WZ!7e2d
z-7x9)J7U0!&t#hCy#zWOF|AmO6a%>yX^6(bQUBlK6sa)hp48Y<zd(n!69I4g-+YxV
zG3Y0&)1C|lwFT#-7v*~8iw%VT;S;a#bvBS$;=u1y<u4=$n)-?EzjnpAm7O~fU#Nx7
z>_ted2>5+Of>gP3&ySF-X~C?<2t+yjtvRXsQk~j`{OI$Lqv|pI#);3mo{2BmBv>1A
z4!oAjtyM?#+BK}Pu?m4!Qte0bI^XIJk{oM{f2>p9;FHRl+pnuVVk+fAlQrQt<M5xV
z-ZlRU=}O&qm2C6Oh!x-f{Z=gG4EMJceUhv>DdgYv6_2MRvBNmWx!#S_x5&VUk&J4N
zOys9hoIJFnWiS>WG#N3h^mw*9NM^`8)&~SpKtsbRB{WT2zA@Qwc2;9D4X%@bDzKzq
zCd_QW-k{!J)_Rm3n7h9gHEhtsGpa`BR-44p=%Atr-PyyUhfxH4_L_*^-N)YRLd|5@
zQ1pDC5i`diPOwK(R@VFhP6j?v2<d7=`y_D>eLFy_>ad3WxjN!#9SV8Nm8q)1u|I&>
zUiajUZ6gq(`-k{}2{Qp00}mE$kHBQ}uMocdb&$rB>&`Ht>B_FR;K~)$MlOTgl{0lh
z;>kZQujp~|_>`i#85Ax;s52w*^LOmLUXZO6f-_}vkLsjOZJ(S(uV&pCYiZRF`#+Bx
z3Qa;66R2Qw1R^5x*b=hFJ<C_^ip!MT8%($2g+|zo2Qr-9=nCZ&fWwx})PPhZ)^{&v
zZPykv3s8U+kV4A^=TMTQ;Sl7BA;kW_8Rr~|SO7$K*a+A^QW-{}I9&S|X{#e}q9FBa
zeZp$~%Xq)Am~ZbDWpXuhgntYV#=^4Vw=A$49e&-7=fFYTgRXtLop^Uj-0@3ePJ!^o
zht-#JVY`io#WtMw>s-tr7qPJ_SjdS)cCK9YeBPF9lyUcXIh0Gdu%rGsSvu>A|9tdi
zKy)URx8I%+{_BtBHt|Z`e=xa*P)qR4wLPkGSv2iSQSebu7jYp2-mqg~O4q--A6y2}
zN8`N130J(#|B&c6MOKcxNHS0(4O6n$n}R^$yAU!4=SU4?qc82;!T`8?p*qc66l@$M
zeOwAmYZ=fZVQsB}X-+GGv0F=>GI0Fq7ydet;M^(?ikk=+PYRLu&LJ)X{sv{0>u@HH
z$UtiPxFvH2g~nZ&O*IHL4=rEutNK)E6{U0$TupNRCjTIK`vMpLOkonzCT)wTUZUv+
z+b|F>;J*bOz}PH-{%o3WLpHU-Ox=BLD8ubG57joB-+)R7W_3L7`?;=%cQP6dg?(Uj
z2OFI^Igwk1DE|L7vUecrE|Enq4bl&()8Hs00aOen%C?>GB_<ul?2tJ8kc=42f=a|3
z0Xc@<T`M8F21zd;QGVUPH^?1M>DxB|eR-5u^-Pdmq@tBqs+O7GiCe=N63}uAaxdUD
zd-46aq&S&|MI$$Q@oy>XP|?wS!DZ1o{^JM$OcHbcAIR4XSIlPHbK0AB%?%M;%UDW4
z(uPzO*&($1wS-rtgxad#yRCFxYPg-*`S*=qpKk>93pTmZ@LuW}`8P}?3@IAqa}cZ_
zFN|3e=xkG+3ta}!C~69%4s6fxJ5APiRCc#OJZk>N&r1!&6N($4y3&KJOu(0ZEMvz%
zL@!W`%VP~=KfZ%}Jpj+;WEC1eVsh8;@d6H8>wS2$SxB9?D#%Or5OBS)4W%QKNUd>H
zuu?StyNLha8-d_61A{vzoZeb5GWE;CbX@<YUFXqO!#WtepSqb0=P8VcqCPeB{U;3Z
zwTEm6BOcqxTS+u&wA-t^fz5E8WgR&k?K^^N5NtNWirr4vJZ(C7*&s~QNfB--08!V!
zh$Ls3hM1~0&U0DB>>PKunexK$@;sz&QWk5sk0Re2Fx7*(2+h9J>Jv`o2&^R0xvYK(
z(v&1q`y*$r5mf(BgCZ6lb)XdDI1gor%1kWfwW6pI$1tAhqOFLqe9k_iu+_lSGI`CA
zjZVI=!RvrTo*~mDK&VVGDV(o*2PgJIHr%qZl`T4ivrNKe2Z@Wl7z^R~7puwH<NEO+
z2^xX8cx5%o94sA`t)2s$w`|sH<pibO7xu5bktelN5Jl%-+b+0{MX~n&LUsz-z-*>y
zH|&jNvleoi@eq8;!i-o@g8c5k0*sAtF5&Hu+b5`%XLAPA5fO{>JK(gwaXmTKSr`wO
za&c^l3#VS`aTA*v-aLWKqYC}BGrNneND}IqCDZi?fa&ofl0l{=<K<13eSS0Cn&XU`
zUMF-YGj)1(`)<x&fSM8F>GwTIwMEZ^i`J105}wq#%TM)S)GL*$2YP_1_}=0IejSLT
zlX^|XBH^x%#&7$0_AAL|V+&@T2dp#;{}{ys5Kpu`0M>MQex=a+p>kAJ;y&gAU`86!
zZl4fA<Q8(AWwzW0YdPvSgh5xnEaFb~X#)=$+#|SZf=mruX|+zj5Z3JCEV`@zAa}BA
z(CT|4T2d6~DxEigDDP*V9n`>RG&z}pMcnxcm<y|$mxQ&mL~rzRH!XKN4sR>_x-BFY
zu1;r33$)ckP>zr5oK0jvAM%U_^Y_6dO#QS#3OsdBlE;S`#|=i&D~()rixX+iz_s2V
zmZ&QvVOhB1*aRhm{e^wh$^`nzp)7jJ72V01Ws3%&_y*1%jewio10}_&#U|x;(!X1O
z@9@b`vll=GqaH;G6^Wkk;<G#5vPjGd^AO6V82%Kom4&pEW#}Qz;~tYYF@QD944X%W
zP{iQ4P(vN+#~McGyD?J=8FU3H_m>-H^OTOY2YVL|CsH-4{_EmiP=q-$jTq7D3@JiX
z$T8$8j`=9fim|dq7%_WN$Kj2TBhQ}acJ<WF!941zG}3H3(MXkNhdT+ciK=q%uYsO(
z?q=AvCU!oxVy#gV+JAaGa6v)q64ap!{DeXk0vTd`9v?~z>b*-GBs_hOJL?mXr6D`k
zX}4`Jj>cFTEAczufJacjD{GlUEpk6xk+hl$(FS(#_nQ78CXDXFSQI#kP#wC9_(iQ{
z1!Fmn(kYDlyRoL9!G-Pc0?Q^%1K&Bl(&AwV>*z(}ZLyx#Z(xc#<kh++6*->CzsJyf
z>{HW8B&)&J5i6tP<*GR7!dwhL^j(&|hcJU(k+GL-;-k@b@4Xv6EBj>^JkCcKjZ~5R
z8P48=xPR~oN!R7w>$IelrL~*Z^@7v*AW$H{QEo=rIO#t17N-|VNn=C~Zh#!g1%4lY
zP3Rm;QEWGT(a*u0zqCKGJ|#dFcOI2qzfNSLSr9fuyQrHXmsrga@y{>)36cU`oz9t!
z_&_G2Vh$UI#sj$Et_fSx^ANN(lOts(ZlBZT@)Vnm7CC@rJZ%%)XU~R=ldj`+MWDb}
zfKBgY)D4gKVAP!?&C{B900r+pcv9Ksf{#><F(^!tdX%*&<wWJtdET7ZbITy#RiBGa
z3T)dgfOPI?rQnZJxO?v86yj#y`!#VH_Ir@d+p!=7BIWF_+ei#E{ygi%`;j#nOeHB}
zdGZqpQ8-4{0b3tfv%=H{2*^9IG?c;ttR8y1V*YFcPn+gqTQg34kn0S@yUv7KSxcT<
z)1o^+@hp{=HnR#T$c{HjQZ_}5(G9>u3N9eAo{ez=HV3eWb>pz9g%_s}L?tq5V7Vuq
zsW0l9pXpV>?_qrc{{ePhb$Q4)8L&k}a~WRs7IGl3jaHpNuhO%r)gHr(b{wjIMe2D7
zW)1?Aqn*TxjUWKLfQzAY*SMnGHDdl)oP>b2_`ZQ#YuT`?c#McdSkN`+AdrY|wW9H{
za*K%2b(#kGkWY7Z%#*ljsRr<8cmo+Ad+Evs@Ndy;_>Bw(z8!*kim2RlI7#05Ov+Ty
z;ugEJWuuJtD4m$$HB`bq@FM9Vd7L@$9hp_fg%$HOH5-`1hQ_V3(MWB%sPhm^8Ibji
zJ_cxuX%)zsW@Gu7mHNm{9MUvAZqnNtWrn2=jkNv23(PszV&@boG`sGL;^40eT)+LA
zF1bMls+pfXy$P;u`d0mcdMknKddRsD{ZS?J300?x(76M-4o)>8oCfT@3sPHNpu+Da
zR;co$k+hk{$5m91L&Z=$FP0&Yvea~IFJHQw;F~5@4rl>JzLJ5sEExb-?v`rKLgwjd
z8FQB?E9N5UBX!wiIgXxm;hLODl(>KaD{=ye-Y6`(vR?KkssO{|2gc&8qRk;FuuP>e
zSg=mw|F1aZw|0!soOz5$gfp+~=ejE@8&lsGJR<erq_7=|r4WDbJ%Kvs1OL-Bw9adc
zOv{JLZ<P?2=|-zQ=nQ+y=vWfQsxo4gZ~BtY3-IomFFbK%+oj93R9F76-pXX`3?e?w
zYyuwuH$ce0(?bNllxKO!@0^$G#_5%l1|ToWe8h;tG2d^|$S-&5#aa#3RvQ&Bb!Nf7
zu>~!4VMn7vXk_7p7ju%nf+gptD~9?)?I1_cWWuTe0PbyZYi$z+oyRluIdULmaF>Ao
zf$;jT7F%|U>g$uBv>h9hIsjb7B<TWU3H8a=xuR1%E_+o3kR1H%^ZT#t;BH(DhHSKO
zPMxn^CJjcZJ@R|58@l2FBb&Y-WP$i78zjPM!~LyqgjE4U(C8AsTjP0CPBXQ6y_I;h
zrdj%i(}cOAg`YJiXqs*5VYqKI1FaYQRJ)zy!J$$<z1`lbs(?Hr84YyYliU|Tslo&f
zR~G{%xF=hTfXN?4$>@krG$u9zLHnd67z_!fl`ye7=$~of1jM_XGt6fDFa$@wSZNnV
zF0YQ3?JS(2E0b|tOi~_p6oC7PX02q7P|SdhKqHnn$A|P|vLf3F4aEbe$ke-w|6oM=
zAvwaVI*7?_OT$+c=!*cJR&D#8hSXt*Gjrv`I*t%+Ff#4Ab~%c3jcu+VEClsUMN$9p
zx&^1LIgdKjxNWcCR5T#j$Un7l2KhZ{q*GAegJe1|gx3Gi06~2bFyuNBKHgPMIOWb0
z637?WjdoXyNIMoMu|Wi%b!HPm0aW){?}VTF*B@lG3p!q8Wg*A8R6ZdC(9P>3YQ%Fk
z96qByTXs6d;|fl@GXp*!#I37@th^hWQVw&1lfC|${p&a|07jQh8Y>MSWMk~t;Zh2y
z3wBsss)i9ZNy6VJzcZziE-}d#D5uXkGRqTRttHfq{MN?)f2yrfwl4nsCxiUBZ_#Vx
zV~Bb30*&}7{(nUJZDFZ}8XidnoA%r=$h{4J+|nzLZKY$I5rU<>mIIFcHDw%y&Mo|z
z_%5!jf<u94XpBNBbu$0;VuKQhF6*7>G?Y$!_LZB(gYtMch)<`W3t34dxsjok?#=x1
zAMgMcWRd0qY#&o`iTAez`=HB&xqxSu-Gf%^f@Ffo8AmwzvI3xypoTS7%(u2}HslKn
zFMtG=HN>LveDS;Tg$0vffF@OxQFAjmlv_x+X;gT$NwkY}^*l56?p?PH5@cfW#h+c$
zA9&B3{k_!C7~TF_8OvuARsby;IrCnmT@5-nxk85;W$OBeG&ksu5toCqu&j>q;Wr&|
z<EoQbV~1U_KlV$#^Ns3UmdV{nHJu1Msi!>d)^J5xVp%T5AuveqHY>S{D<$P6>IqJK
zz~~o9^t;@Y&7-G?d=J8;Y}d|L2XLy{_I<f;`jbTf`F_TEAiiOMP|RkZEK`I4={pi`
z@<2BCt1D%*_Nbda;I<}><F)*EEe%c57L@*I>}d`lJ(o;rGW-4mN|m{MLS)lxRedbn
z)QR6&31_4L|Mw@l5?3Sw-f&BXv4>x5x{g2Sul5E>daZwz1dOH5pFCNvD(SNpoGh}S
zuG1LULf8NJ*&R2ALI<y|!tW>976UqJ^K?YjYA>ZJdMOdlNTCg_?N=f>`cE~tUB0YU
z>wKD`&5Aj+yVNw{1_d;xd^B}7@UPR0g<62O0I@bJeta&_TRnUrJbOJ|>bv$SWbS#+
z-a-U}8)~G%f}KL{<daNnJ}9#X&=Q8d{GuLhnmM7z1sSfvWAU$%N~Cy)nT|np-#RJ3
zn!jue5vBbDd%O=qfL%oNw=(Kwi_Lo<&0+^Q&&*u;K{9ineYX+ma{fgXfyoHw%wJ#N
zUfce}*pM&lGab<9Zy0hMn1OZ{O`|iX_>6}v>pcWtL1J5iJb!HMBAG<)L@?rx$9%~`
zm!qmNOY>QY3<x`Pv6;Aluor1#3xMagi_IXWb2&RGb6A|1Cc$7-`@9Rs-))4j>bND{
z;mjZ0-j&iE*VI(WRup?P_-$M7ZT2Zn5~!?4IzTr>mT)0ESeemm*QO}|tF1qTH|eBE
zQX1)O?~;LjLmTMpF?xAj&453Ih$r;ji3$Kycmsf%reyh8%#jO9BAlAdQZ?{MJ&m=s
zlJmNYN<cJ@bNZt+jY5y}UxkjE+L&PWcG$}FG7MbX@vS_C^||uNvzPQE80qx>Q}drU
z2~ADj`y`dw=W92~UML?rO;ZQa7h#?O{#olO(JS%>LDlm<l8Nm&J{i(8Y+R*yGoB9w
zEMFvuq9m8F?5b2lwjo{=ly}hw{arx*M#hlWRgdkMUrO`CtO%(5dQVSa(h~YI9_s%b
za1;5hc{CP!_WqL)fB5Rei#{`&t4&0grgpSiYE0`jUKe!eTg?oSB(5CYqIOvt@IpoA
zh8Jw+PXmPZk182G!>e1N=RUQtCwG)_i%)OB0*(Ir*+Ou`nHZT=yeqE-P1?33r4ns4
znr}>pYOhJ?CAU#^oSp}gdFHr0X*jNsxwd@?MYofHIqjdwXzwqy3v{2r0F8%5_}AL6
zmb%cPwECkcR?iN(g~WG3deh2(0UCkvKJb<Sf{&8NOl=j0b*7*q;L=MtSgc~FX0%t4
z3>oREFfGu~8txAa1<jM;f*-mGl2dUsj3r(<{xj6l%wPFC2lnTA&BD>YgNFHHTJk8;
z;}z7Uw*b0LdtM3)CLB<DC1REDSj!{*7AtUwgO+<bn$~qztQ&NKn<hbz2((o~O|s~B
zfEi$uLQZH<ddz!-Pkwwyu+c(_?*=+egteV-+7@Bo5)kaGUu0Mh%PFurfsHNXo=na9
z!F|gSItdZnXENH{t8A^qQmpSC3<cuaY?pmCi%fU7`GU-9wg|%K5WuVS9#r4WZV^^h
zvJo(Bt;TRPBOPhM84UZJUBH+K8Oc0Wn10psTBu>>&3vBG9-&GAdG%gKpJ<AyB~8dO
zKB7%MCj(G)k2qK^@>QrZ!=mRQ$p#Qul0{<RaRWq(b95IY8(=vxXl;>oTsM%vFgl*b
znXgJNuLZS<MNtud{bIBRhRcKyMP1LNu*bXjh|eI;7P$9-Eu9E`t}!$_>-=4w0XtKO
z#VSQAW)`UKW#24VV5g-Cw2JqDVZhH*b3(ApCvwIP2+eR6US*OYBOww55eY9;aUBZ&
zP3j0X2xLR+&=Qo%WLeT>8ycIzZyuFatl%-`Q*-Ozz&j594|}w(cPDqdDA97<^f>}o
za-ol2Fd+(e;)lN@j!fT1+(q_zC80UEgbZF<q1Sp0nq?~vKCs>Xekg}+=s<dbZse$L
zy3`6rEJv|sJ1uO4(DMRPb-lRPI|OrK^t^~d-8(8c1L6>F(<pGFJ$C6%O1wFtgHkVN
zX0DBjnP%~5wQil>oI_{Lf2_)3#~R<PqBb4=r-dWNH)5%2dMDrtjO~xCE^r@4OluZ{
z1f6-vSpP^zKN(5NTAJZbPf0zhkm)R_-oxOyMag3K*Tvr|>O%{KzJgn|qRM~nYydWa
zlIAz|b@xpaGZ~_U_A>*<cHt!AF#fW!i4>6WF<UcPqkq=R0s%DyeK;7-?8!x2rJ4)*
zyP_MEOoLn$2cDGM(}wm|<B`<A27zB8ZF7F_pfJS(<Y>;bUUxuQm_i2sq3cqNYD=3r
zR*Ffv>zVFcgoGH2*qo=7FO!M#$Kr;>5*2Qu$1@8zbB+nIChFL?7S(B#PxL5-#`V!R
z9<s~0zdaGA+f0D#$o+@y<5`^xtJSUbYtW)mdOuPQa`_6;)AjbKOrA<O5P-v%zK1KW
zwl(7F;KF8tBXGUbIO4?$FbkL|#A`9t*1u4F)md;dlmI>@Io5{}0&lghMccQ(^wt=6
z=F67Qh(Cko%hycX!FyXZC&+r<5EnSH)91j@AFaYd5z}G<U@{M3Y^gi%NuQ!$IrG#&
zDv=CQ@F&0azh%C~jhbqfRDZ2c?SiKG%!dfvoFTZ~Bpc=!x-E4n7rWX<e$FSyUV06q
z(0{#+ipq%;b10Cq^bg!o77bfcuL?9<X1#jtaONR5u&gQF?gL8m*bF$-LuC5t*1&&2
z#4|6|aS4V;k^XwIe7cqP<HstF3frW6#>&yV%b!D9`A8C~hf<wp!JHbNCjErND(?^y
zfX_#LO#xC9w)c8G=S=5eJL^Z$NBWhIx^Xn7n^o^rO7Wx<)%!8C+l5G1a~9dPPm4yQ
zI@#feGgVdEdv<v<^ZBC)UG|9UfxY`B24Hd{3t$OtpDm$fX|I>VuJRw4Mj)}QDQ|jg
zM?OvJ!7b;Vg^}s`#XvxvJCFpScPiF*tdXRl<To2J%x8d`u1+~Gd=TUt_b>HT@5hVN
z=mBsz3TWJ?x-@y=3G_QS%M)FMAf5NxCp6oQ{}8z`L14*RYm}+}Bv^#j<vo&B1XOH;
zC2~3S!1g5_4*TMn(^Lj&0Ou)rs(%{%g#YZmq(t5EsV(tni+R6&MxwkI7oE%_QonrQ
z@&^;e=zNysP?w4A?rvo2ZVgzj*hWGbr)s4~Tv){6<KP~jKsROe7Y5H1EsVFD_CNs9
zIviUAM`ZiLr!T-XkKe7$xI#cHhxQ)*(gzf%DT7-<rZ499X@zcFMw-D^7oa7S;Y%sY
zl0Wq-90Sy7DZC}YLEPfXqjwktdUSpShry0U<R24_1p+ztpVE`*tNr>ubB8a*$dXWX
zanU%i=St*0Y7Wq96#j%jf>8q2G4Y$z0Dj&X?}<OHiFs@5;DtApfGN;6HtsNtr6k@Q
zf}e_*OO-o&x{}hP#}*kwmZH0`5lVMHeUn==-}KQ%<Y4V)t2kY^jv8W>s;6OZEN$*%
zr($sB-3@%$Awi&;j`<@lS#|fl3;0;6bz5S{?XlnC-WfZ6DO^nAN+FVOo3*OLEsh)l
z_sX#0b7{H(7IF679T7%{y8&?VxSB)<8v~3Z5}?s!0Pp@}x7lGd12*UnYJ4{QQ_`vX
zL$usdl@;OXZXievPN`I^ZNj6nhWHr7EF0BgoFCxPuRX>gUdrgi%lVXP6YECgSA?6T
zro{291w8L<w$Z=tej<AxWP)U0#sWSsH2v--+o&T@q4t$yxW;c+8>Di0S#tQQXdkn3
zP^oKjYVZNHFv74j^-AF(Q6Ga`WXJvKWAUTcmtcKMenud$zA1Bj;F3<8DoXw>HO}$U
zd`zF#)W{(#Sqc<C?JLZ=vi-XgHH%qCY2)u>svu$`(Ngk;cc#7fZ`U~JCx*#`V^eUt
z0kc4OI_VPT-}t7RQNEguzNtpGr4rFYaGi}q*=9-CcQ+Kj8p^4nQ6g)=pAWhf`=lRF
zxJ6lbfH9RghP)+-1ICf-b(hESh9?dBd(r=afd&agt{kue1XwRO&>3-iYbeH)$7s9J
zT_x(bB4z$UKTXdGY*20ViU4#HsHPM(=$E8Dak6Ehp!L7sr0eDu+5;1q-#G4~W+Nt$
zeJ~lyxpZZd!B)bTDS|OdwSB{<gB-%%%iAP3p;$vS<MB3oTR7k;zSX(i{IGN-jRNe^
z9s<LPlLoNK!3k~f)3__^nvR%teZrM%w(kHP8HKs2I1&n)h%s@oG?ocX{-~i{R0u1d
zhZz>w+%f`lz}HV$Ygwn_V0u;x<h^rx<Ux)60PjJvexkVZe<b&&ihZ&v++#%p7IQ1J
z_0GxpyuN~Gld)axfzaB6R38_VnYg1Ue_2c+C<b1~yDg^qE(!FuZEoC?aM(%M?Vu@d
zYyRL!TC$8{CwN8~o2x4XYpA{*EN)#7OQY=rL#%LB4V!CB2akw<`MqSYvjk@s$k=*!
z5`)cKjYvq;4ARDY`PK1L{A8BR{i<%97%mM`2-pxjy<)=9L2wOdU@M=-6x^xbfVoh|
zARp^Bp$!u5W)^4Z1*S;L5S2Q*fRME`Wi6##45c$WwMWH&a_5L*JL0NuU+Q}o0%XY6
z9Yp+g9QJ~{9}1SAs=bQ51Yq6HK4U{<RcIp62&QUAi!sz{jl{sq0@4FPYL}a_UZlrf
z$=u(=#G0G8oZ2Dj5nK4J4B1rHo})B{^Ef>JX%RZm>0$0ucsYUCg3GhHopSaB1!`tm
zWt;Jq;O<4sF#RU0ZXrsEqBBH_Toyp*(O8L8DEa^|A<B8+j?p`TKs-qfm3B1g@z7L%
zE<mdW_@U_9wZ<X|S;aDN5Z+Mt3&$RKpyoMaL5dXuOyN&PWZ`RqNuX>?G<KQkxj*o6
zY0+bPr*ROfG8do*<=}#o$Np+ukhGb3R(LohCWp*$&8V7Ea@|0C?ml+hGX{EN<J$~j
zgb6u=jqa9oz~k#=<iJP>Ga2(=Zah%DE<R_f8o50KKI`4&IuiL4i19Bki5jX#mMBtg
zi=<q}ZIt(65ghQR@f4A`D?YHyDmU3*yMpA1-!6{9bf2H7S6>JdI2-4A=JvVbEhh9v
z;l;XoIvBffj+dQgnjVtpUbe(mQUcXA=5gh93e;Pfg~`4Fo~_`oi=)8u5!b7>AUC4X
z%9Mx5aOnRD)&sCzJeU~{5x2X^d@L9_!o+U_6g@XnI9of7iLE8JwcVEHp|r1PN&pgS
zB|R)`*$D_wvsF&X+0^9(p2lW%yT$X9jkU3Q-4Eq}Hmc0YqI;;kVpFR*2+}HtgitqT
zNy!~|>hiH_?}xlayWp+TpU)VXd%X|g*zZ>HR(!p|{=PAz?GKvab3p3<{EMwRSsEpr
z46rXC^HK&VjYIV#UFr=P5QBAHRZ%+nDKO9eQ^<*Ye<wf%$&M6z(Zsk1F5IV;MF)bz
zfRG)igcVf4W5kWQA4w+Kyz}JoHzV5r+0=f}?cd==zje`-cR=Rl4dUf0T2hQ8Bj7kF
zo?Sr`Yl}p4gZ>k<b1Q8UB2Jb8W(VG>$MD}JMZ3^8m_6TX&6o^SY}+Qsj}0J_7fRe(
zVf&eH3`|#JT$t@;^KgD<nDofR%@%mV#srNREZ0{M-ptHc5}jAjxs!zllId@cQQpwN
zmz)n(-<vyAiW;JF>7wjY-y`($or<iADHES<Lcwv_6oj{L88;I?m<}U7UdVvn`>q+Z
zbhI(X+3IK`4@Qm5dYIx1Norj`I@D0>tK*WT7W1rEHgi2&(gtY=Uv<>h7N^04IoFVA
zgq*@sSPX(mn|PS?p%EU*M<7Ha*dQACLPP`B8@o9TBAn||9v`;dgu1RjwOEPz{)eP_
zzkv(dK{_vT^_Yt5(MG~nVmrPpNZBbEGnEGaL0DYqoocgc)EFeF(a}Qfs$lQsqN&`K
zalJ!gvlnW-7Z^AZi@UB4GYz%$P@j*s>HTyNC`&Zk-_-yXR8Hho{sQm;POzg=qGl<B
zXUQRzPY(bqsJBCYopB4#WYLh9wbzAHu@R@ho@Rj*uE7=(&n@GYkd7N%M}5<jF+Yg}
ztDey<K^`h)v7Sv%(!{uIKDakEk=rEdoF7&4Fe*vwnky-3)M3$QJLRv`?q^^5@RY22
z*2m3)e4+2vKZAu)E*Z`*S%#L3M6-9|jF>&jo82nAlqRU0->t!cayrUs_s%ZJL2{e%
zN!(CC-ie{jtjrZ8kvLWztfY?=#0lfXV#W-9p-=+(o}NJFXWzx9!PLKMB&t#ncrd%F
z(K^DHt;GLtVeYi-hLXJnw9@!Xzmmf%h8PJC3qek=3UR3)b2D-KyIn{8ydu0I-+hIc
zXGOKwBTN8x<_ILBiilR$xgX!tV(v#B=2YZEYI{w`rpmHT(;UxQN{v_|nwcmeE@Jf#
z58~JakHlQdWiTK8s0zZw(oJ>VIeg~^|M;vuA;HK1AIszg0FLibt0EZpBP@s1zGcdS
zyL)3;mfo^in&R7062W2l%Zmp!be5%cH`=#)#(;ebnb!cS5w|vNrK4^uy0?xq^g4K3
z_r>!zI|g#kP|^7E3Cf&M=9Zp^@XsLK6!5Zr-7$yGeDK5pK)6beSE-H4yFQ%m__6t;
zzg0p!$}pmQn{Qx!7hVn*lp27&6=6&jX0<2AE(qjv%pJdjj@M;F*yUcEjn4++Fq@Z5
zycuJAx+ya~NFXf3IE^nJ8Y^^;hJ9(+Jgqe>#`8Vz!p-eqXNN~G7`n;{?<haEw9sYW
zNm9_W143!42w|p1zXie_@MFRIo<oYx_v5Sb9HB-TtMN>oy<O>g+U$|NAX6FNZ#1<c
z6Jc2;0-FBp&lBB`g9P>iDC+uO`PpS@iDbF>X<C#Ilz3IG{OmA~mRqilGa2mj4NbLn
zP#}K$KuhhJBi$>wd3H*iSZJ@zJ|XPHWH69O-UM=1;RS<3x)Z}u8Q4CbIli<s_WZYy
zw9uSvz9phEIoBwkChtLtBBcG>%#@OzM%v)I=FX50onZH8tTTR}p#Pukvsabu3E}8$
zR~z^5Uw@u<@ai3!C)_DQ-pZKSptslEceX)%$s2W#FHJLyz;6E%L{?mPvrD4b1Yo`~
zU?m8J$L~1Gl4AYCaG1zT*h{H{1ZF>4n~<4yt~Z{e=IZBW=5b&*P>eWkNOLPGf#jVF
zK^5%}{XT`R1k4L~i>>?+@F@9C+1yFi2P$e04<KF;+CX65vejZ50yC#FG*GQZV1O-{
zKK34dCyGc%q#*Hk4EH91!tNsW60w=4dw*{go?V7&D2G49526nXrr=_OS2FeVAAvZ&
z;(`#$FnlG?h5okq#7XG*2rSV!2mns>hxWDqfqM|%agW69p0ah51eQoK6|fWCfmr*2
zL_c_%F|6<lny7}DK$CwAevMOEg{;HH5#$f$6^Dj<+&z`UPQ@cLHf#xQQZrLIhOUEi
zax@ZpEho;iShNWQhVJ?cg4QQYz?o%>MuU+GRxI`h!`Ir^B*@2D)L3&eVH?BhGrB-9
z*=@~I+kMo2gsWFE5y0IImP-f$b8Ju!xi$z}#eSbLZA@k$uTo2n<YQoB@LmivI0%Xb
z*%!Hh!BiGnrWdtEc+sh4;RBX5%>OA&*ja^LyNX_`beYczkyBlw(+=cYdg1`Obm#f2
z&07a*#Nu7HK@to@%WWX>Z3mS_w2b>M`}s|j%RpW?*W=I)8w}y@Jxs26m07?w-DYh|
zHcy$c8Aq2Hdi;N~FPal>b(iVg1^_C?JD6M~^ODdXx567dVQx1BnwA)otrH@B@xTF9
zvwZl@TDMey_}q+prdW^HMHHau<`oY)77PEy2Kd(4XB#OlP72C<(kc};+v3ogq2*=T
zFCO@xT}VQKJsmE2GVk7^Cz@0CpLJ1M$wBHPbqev7uz8VJW@SX_zx{4>sh)8g&l;-(
z{y0l5eNJXzU>~E%o*X$(2%fG&W|AMan{oI6sa)*<JR%=RPjJlU?i&9Z(Pevh-5iBI
zDy(u1d0Od72%(xjf}v+Ys1S8q_P9baT+~N0u@C-2m@K|}EVG!+LndcvhIQRU5!cnz
zDD3FW=C$)Vw@_DVZ&W237pGBT5jJ0ERo9{V+q=>O7uAa-w?4Iuc8bxK!K|$;VMzoz
zPms`pv+AV15gyj`P=r27J$=TW0?RT{1=_c>AS4nupTk?uEgTC{5g6KPiE03bwz>eZ
zTVoi6c_^P%dmgOKf|Q;^mL8mDC1JA7d6SLNiv7~fg7`1X`DxDnyK{^_cT+CkMeZDV
zz_(Mx<D?IJu3zZ~a-V)V9iN5u64M`9ke*3CEgw6DEw_09`y|b0ZORZ_7U#jKN7rPE
z&uKMI_C1(%;VypoWRnGZZhDqw_nqjukKxN}O6ul5-5WAiHl0OP)dlU;aUWNilrrb&
z=zjIxK&)W$b6arJZBj=4HHHwNwPfwdkiH8>nUF!ED>Xdf|H9DE=0jxiDp;|iRivrf
z?suKcO}Ec<1Bx0ECfDfaulC0ynr$+!zn>rY<#|6E$}yuhG}0jXycR2e!P+hii8IlX
zE0owamiT)2d5xR_6aZJHXkBXTL*Ckrg;u~qd3pwV2=L||W#p}J#|W3+UJK3D-M6tR
zm;dIPQ8k^k=*SqQ{7-9K5XP~c+|`N=zf!K&vg$4=AtFXaz?$Nf#Eque3HwM7ut#`X
z#3+j(-f(cY`W?FQ`W7MAIRm3GU}eK8Hctzl<SB(~xe~iUR8|B6_Kd&<#Hp#$z_dR~
zCItRUqz9gJ9N+M#3}qwc1uf-x47}F|;?|fSK;NsdSH)cT(z{1cS4se|9?3MZQH<qF
zmBEpnx59`B{!POl3f1e>HY@eB@q%oF04npEpeq8GRk5m8?d$_=>#L~@faHKkec~SF
z6}rK_Ia-Z^6k)U&KFsjQ6&2C?c26>wYobyr!EO{|Juiw_MG7@(S`{8GSEr&d3EO(6
zDAisva71mRl@P^<pMo_*UM4h5ZV0JB@4W>VUG_2Iz^)Al0pcnf6sjKnw~5wFdb?)M
zn=*4zK<uNrTowVV__^Cb^l~}PC{cZ5vp7WXq!*x8a2%qow+#@WI&e2kn?Yz~>vjTs
z4p$@beyH4eTbtDR7<nSG<-`I!(O&}+(A_RnL)5(mS09Q@&PdNo@2z<PG8j9gYpsL8
z_~%XjM3bm#UhI-RZeZ97)u)`#U$v?419cYT)4mx<jkfN_+|)s+GM+;j)Z<LMa8#==
zby)Fn8#+@Ll+0d#D_E<ea59YA4ZFeHVfcyxdgj1sD@=kF;JX^B1_hGxX8rL^#rfrr
z_D#h{UFE+zeuU*f)JF~olGFub#F`bV$#9jD4{L1S)6G;?5YK}Yzc|>Jb!dDecZk41
z*Oc3pqKMl7YS)nT_D4eks}n{ET@lkSG<JOY*BTvor!SAy9E(-ym_wp%<C71b_I&1{
z5zRB=JP&d7NpL%z#Ya<qH(><-@!QnhcGpmpBT%du8@@FQzE0R_o;0XlhbMJebR|V9
zg+vuDCZ80Dl)Qq7<qC3&Xqp_s@1;roxFf&zAVb*f+dScULCc1ZOr3^OhR~VC#J_5h
zFxeVa&e`Aq77)?+VD;S()Bk>wbXv+H#30_3#Oolb-oL~3D=EpG!RyC_B>1V3EiwY7
ziJLN8Tg+KQ-n%#JsQfK+Q}F}>2$;&yju9k{Q8B5wV{u||Q5<lqD(Tg(``tHa=evc<
zR(?xVRNc;1>XOJJHyg~r=%S#*T_f~>7!%4FpWDPq=(um*HNvrU9Sfg2RZ=C4lPExE
z;W&;SQzR)zp%`4HzE?B<Z;4<<7Y-?L<W5p%**y8r*wUmN!n=DULm*9Vn_J~j^M0Sa
zGE$EyF3mZGC3u+2dZoFe)8;1Ro6;!Tu4jlhm#G&=b;5NKBG!Oj)tF~(?JqvLXL0=?
z;)xwFRhah&UQVw67HSfqP?QeG!3|GSPnL?irAD`KMIL$0jm1@*PogO`6;a7UD}xOW
zt!UNt9#c{0$Et>u9-!OrfqGc7L@@|+p77Ti2*LziOY=};_vxl!)Ij0)EPK#nM(N<+
ztgkN1_AdbNk$6Gl7H;Nmm8VW>TxhVw$K9Un7WxyC1JMV^41O(Lq1reKbY~0h4;a94
zIRX%wB^2mSF~5DTtm2})oUvOCwYH%YNudP~pBTrVdrxTB(fSbF3fKcBCNu(BvEkc$
zwh-^u7D>r}vP~Mb#xtqo+8bBmONx8cdz-(WiPpTkT6k6Xm1m*Qt75`T{YFZMFcGHr
z)W8s-Ryt<5#|5x`5e4Tb=khYwLo<meT-bcWe&p2LY;*eyZ4vyS=8zVu^~P}c4NS;?
z!r!DaXyHU9F4DbiIw0cv%45CdS~Oy($TeQiPENDF*RyX=x_#wk05aO2RAnD#DQOzm
zZqv+^HD}FMC8r|JLU+(^*_Xe49+X2d!b;ydl{N~#6mr4atwJ*A?!AtfFNJ?vi|G;o
zR5b$kC&D}1p=nW-!rlH+xKGg7!T__FjhL_N#acGQiHHi68xyLTL2RMfetF`WQ`FMY
z>Sr_RhS?6U0$*q#MI0!uEj!%-hPZTJ_YvuB^v`5|1W<`c<;;mQ?-tFOWHD4NJlc*l
zZG{fohN&XZflWN`HoD0@9AcKOl!1GLGEL~w*JR8GDL<t=_5-nH*rI4!cfqaKb4L_M
zxT7=*jx{PWr3LP|avS?SlBe^C*sWQz;7mIW-GxwH-{TEL^D?J}zj0HL2A&X;2)i5b
zlrc^X6J$x^g`6cfM|5XMp7?Ju0<F~<eu2c+9IuUv{}`z1&NjP&>xT(Lx7yxlXW<^(
z5r1k=*OQ*BU4Kj5I0U2yqAcUm+w%{nMB&?Qr_vW;5YDtZS@2;KaA}Zn&rY{;&vdRk
z^{W(lgK$kNXL2BvtwK(o#n!6yFH5L1xWH0^^x^R)c?_Om3qWE=qp0`C6gHY&8{(Cp
z^VQ7&I)lP1@Fq1l8QdcDczi(>a5h9l+Vd$I+bz94Q}!YqHH{_PO|qkE)R$Q2s8^Ib
zH9D&uFS^WiaqYRNsJ@uz52vFl``im)Xn&JQ(Ivxx+x}fRWhBFnq&#)}IDlaHN_t7Y
z%EN`04F<Ug{_zMOd#vNKZEZT~&?m<Uf?P@L&?j0xh*@a}9hAQNipJgeTox!d<K1y2
zH_{N-vc0diz`K?w+HZ_a3_!zN+qtU#LXl$P?KDw!Ej9+EJo+eGWZ~*wvoA%CYTiAi
z^3ZV}oRe8mB?(mt%DF4Aj<>fu9vIx^jK8Cht+&ne5xh#US+iqF#C+`ubW3hI!HB5i
z*wEzVT~C2m$wL@pbOsv$q~{4&=0iJ!RT9SN-d87I#<L8@R3T6DVzvC9YdiK;Jx1q{
zIs*(}SQAG=TvT4nn0IqT;)-D}?aU86Y)Z6!oSUL<wgCU*5%ygP6>X`TSV72t6e^<T
zD8!QM{M`HR)(>|zN&?xPhfhk<SHs{ZVn`OOhFbDaUnH$hwDrHGXTP4)mnW}ZafOwG
zC%kMY1Ew*@NK@GHbnC<2`R+@oZ=u<p>v#HA)JmE|l#GfPyolQ5-@de#twLf`<Fhzi
z^Upla0+mw#XUTnUtLup%uiqby$X@AX|JHUzHC@_!x8Je7>?C7K?3DD6f!*pfx$DjP
z)@ZsFC8L07bmK8R9?IZ4Qt^K>4E6NBGu|5MFM-FYyT>7$he%RFCTv0O<lpcbAL)T2
zBzgp%1ygf~)fC$36${f-?10XCnTi+s!qA{Du7}<MOap1^RV?_SIk0R%jhsGZD?)n8
z#jax);TrBDfwq;US-cFL3Rbn$eVq-Ih__1LVeuHk;!3a-d;zKTj`%~#ceYw=EFsMy
zud9ly_Rb?VNIDNvRR&zc-T$$}!Us$_&HYou9SpY^(EM^tbwjOdb2n|O4uBI)yQ~0V
zWD_sOLq9DMrPn<27+ky!S=9QpNMZAspk^RUW`_wXUYnF^Pq$*AG?RbyMfr!taz!Z5
zMm%1WXT$XPXTPq)n`hNCw(HO5vJ*l_ITP=&yt$-C_-r8#aQjKr3xu<N8P%%9k#w+w
zPt85*zQ!d#yWM>L+-mKF!x}rnl#FSNnDmoy@Oc$6hmP7QoD8$+8sAgwK0T%ENM~8f
zO_79GExVvyaRsZe4a5Gey8vNsx@E_wvr=W)`Yc@QXD7#O_UnEmH6@Sc3pmxR1&-M1
zu!t`td1a&3P;YDxXMPF+X3NDIFJ2}4I8?Cxg2`1Cxij8+!(`Y^6o$W|c_O~9fnf51
z2z_lF{CBrjr!pK@9BVwz@I^upi&?N<E_aH!MVzWPx8AaPsss!h{oH0d`v^aRK1KMA
zqSbfM?LepT#U$%TDrnL4XBu=V_iC3vQ7I<kVt;@9o#*(tPj(y&W9k4*c=xPd%74%|
z#*M~zXzs+0Hl{!_4Gh)jw)sf}VS&~6lpEI>n_gd%6KZd-x`Lmt2#F#Z_uqsW@gBfm
zEF2<7r_`gRal;T9d?r=U!5&7u?TCAKBrK-Q&D`yz>oP)kT@C0x9zB)Q5Qn_aESAgq
zR_jkfGrj1>Hp^Klcf9k<%ulId(zZ|b`zh#(SvPxNzdtiy3O-jrFkB=gn*g;Iw~4g(
zMttw{d14UL;(!^+X{d`j9QTuw<(!dRRoV9oQVh2b^&L+!Rswt6dcx2q_Y)*oo!g3`
zZ9^v1FR#!jl2or|yLD3elT%V|^?coG`evRei1-wvlLMP@8|;8#_S0s{x9LzofxV2A
z0k$dS><1R@HAzsH8bPO-oSVIpvE(}k>o({IP|0$M!)UqXO0BUjp1CCl#Rb{Jv;Tp{
ziN=Oi=cGk3RY#ApVr!$az*x&#C-N5b*Wm3uQ7IGKWarMkq4D1TB_(Q);TWLqc^W76
zK$87h^v-_sLK1W&ERbx<yDFexlh+B5-7d_Ue~sLX9;&G<J`u*_5PTD$^oaz2is`dz
zU`Ai1BLsjn%P!Z}YcyIwSm74L;O_^YC8KDlO-KAC;B}h5=we2IMn-k--=ChuQQaf(
zK#KepF6;X_mZ)eVD5P##4ed|H5)8Aj>k!{NQr<IR<Thb92cXw})s2>xGH}GrfyIGg
z71K<4JOf@GGvue@p4uO|%4S5F`5lLSFwR@rBjp)u^v<)s?*pJqE&@%q8Mv<sW}pT;
z1QgbKm5S>vZ7+T09zBp$4_?1#t2^krKm%UFWObZVr)ZN9E=`>Jb<R<<$Q{dB#aHJK
zyWCb%E=J~Y?)lrYn~cAiECo@4^E$3Ca4i-1f$pwwOu9ncM!5`$+-21HYozF;b^`jq
zCKj*R;gAsSY{FU~!~y15X&}bpppXK8&b|U+`NYnG>(qhZSD{QcJ%pHVz*=x52H;MU
zq-<?yT=}-u3eZ%@Fui<5KbtfnljC;=_gYC(c@iYpL|2RTf7*Dvp+2!SHYRjVQNh5b
zHx`RtP5C~RS$w;XQng(gY(*kZ&J{@0hw$$_n5<<WVk+)pTEVm@luK1iEas5B@7DJo
z^W@tHZF_hDu>)JdsPO^Ai>fdsDBub~VnID2FmwU#b!!QAxu!xv11Ub9LDCd&rP9wk
zG}PI4e_Mi`<<r}o$EyAI(Dlb-`o3d<{|H217qS<zjOAKIcnHr4H*&gdKy31vR)AY6
zYKuMW9-{-87btyTM`F1ZzyS!kuIz2m5bRTD>KzI4msV6GL1>)(C8dRWI7p|_^`d3P
zwDjx$yjmC_bE*v#_QcQx_3T(aMXvue#jOxO<1uNh^^EQGUNc=UT{c<njLYt?NZvMZ
z{58b$JXPdIhae_CmDBxBN!<eI7{Ud?;`cvGRm+Jr??OjHn_Fl?+ZQVxi_#}Gx_XAj
zog26HSHCFx-x|{4dMTcy2&<hu2*h@{O4o}Z1*A@lAM35!k50Bjuyw~R<Zc5DniOA2
zVXs^OgLoJ~_!ptMM-EA$@{V*$c<EWgZX(M%$|CsNKE2)gV*RF+%FS9XR7Uudf+Z^Z
zFy5Z_0m`!glA8+6<kV^90UrVzGXJ0u_@I&1I1+7G$pk7{?r5#Mt?Xt12m%C>0J}Ja
zX+B|3D>s}3YfxZ8Be$sz#k=T)G1NB?H{0x`Y<cIUn}M<yZlOBCC+4-<qzjy-ny9ap
zOcXNdRZ7&zsnv#c0Ri9Y$-kK-`2yPW+|0P`dtJ?`;2o>8zr}Q*hU<e0Y*oU|F@;RG
zdNv$BR-^>;J)4WRO3NrU>?aa$yN4G0)0q#WU>g`Wg*Q)QXcZnyZo`i7O?7jA#emLf
zR5FhFT^U8yy=6C~F9H$)64^NIbPSOFmYkBBL>26H_D!}Z;w5BOY<DCN0NR*rmciQn
zcuo@lYgxjP+VgCK|G~7uIo%2pWj4IC|E%RARlMvvk?xuk!<T#B$X!4QwM^h)CnNKa
zm$@_yQq(ZS5+FTg_|f*-4047ErwJyGEui^Ck21wW$$|t8zXN@m`JbP{<brZU$7OP1
z`#S%~4>CR*M~|I(@e!!<QAD=92((z%5)V)uc@*_%J~xH`{W)Ib20=a04wr!313oc2
z^usTJlEe_LS?xsCYiu6MZsRXrXW#~6pXR;TYeQYDmY~qOat+jBgCDo(MYF-Y<pAdU
zy73>BMxe15I&m21q#cd-r#H)bA>s~(X+6_z3j;YQp;;HP62=on%8`TcsB&Mj<c_TT
z#Fx(64uUO$(o?5;<cfzw@*je2Lu_;FsKXd<rtvZNn;nUG&I5*1H=JT1Rap|QCXKB5
z1^!QG&^-c$XtB$StY2{(tMQ-S$th@2^}9HpLx_~Jwy&kN)*-)83Iy4CLX?sT^2}#z
z@#P}kJnOD6zisYnihx8D^tOO(jwaSHZeK9WiU3h3h(o~QBDv)ShRwCpmu=RL*9QW~
zL8R1d=?g4Sa<O0SDra1mw1Ay*A|zd;m5Ujn<ZBvr3ChvyQ5}`ww&lXNQrDiYkq1J;
zoV=IGE^XlFJ9GSMx49%0bztNN70r(J2xGqrv3oH?_m(z~WW6c49ZGxskv(r`pXncd
z#2WDkwZNsV9UnW5+IKELuNPSjxP{jA;Y$+0wJf7uS2YPfc@yF#U2b-O-m9&LD9?X$
zOpmK++6#R^nUCgdMg#J~txswIy{kJ$WW?|<R9uqlV%6e^MiGd`^fA#icSE$Iug=C1
zr7AgZ29A}XwrU=C2?C)G7fif_*tmbXNzxe*$w8LKUbsbcxD1HJCY<HB0|boUMM237
zx++4wOeJs((VA7uENt~Mfa<3vdL6eBZZ?qZT%Y{<SA=%qG3xi2Tq=p8q`7<GW}xpv
zI#xnhX9x=}<)xKO*CD*W(DlFvFNLE@S=3-XU8Qyo!!$}0F6<LFDDdrAa~!bwI7)*E
zrX(8?Wh!yJ|Dj1S{bQKtU6U5P2!zvv<b7FgnzVcbJ%Ol|1?i;`0HPA-!R@*afT>NU
zLBj(l_9^i7LTb7IeQjCqCh!10i;pMgUM?6{KKuMx0k(EwGQR7{7HR>3c|Ug2JELGB
zn5s<XNg4uAc`Xs}p`&LkGpaM_co5LaMgVPQ_K3Q_c+z`(0I+5iKFF)wE7u-x|CDTp
z*%WS+oA9Vhh7p2`)ty+xtJ13SG&QTKf^t-O7&CN$rNSMsr@7}`TK%03VYmOK^Z_E{
z*UsJ%)$)YNquTIW?!li0CoKSb5FXwHtilEIJPy?N=4LulMe<e552B$$*2F-+4rYth
z85UZ5U6K=;pwp|-(=7|v|8w(dt;jhAE5#C@C-MaFb8Vf(%vf%0pAt~BR?lkna#-~?
z9XCwj_!#}zCn}w>+2*sAjvZM8_gLWx&eql1PagT4k4p#?kIOfEwa<@crn`ChXlB$R
zO>hr)edB~Q+19CGcYAcm=w8$zeUbd;)bz^9X;Qh63fF6)oVeL`lc>^gO+O`^Nf8ff
zPs=SFArRUGb#4+nk!>*W5IX=izWdOs?Zz%{{em~+f^4>zv7ru7v&3oE34hIG1Iy3q
zvh^YP={<W!`Qw<K^Z&zTPVU^#r#@&lh)5nhS=>9UNMm81|D=?s!JMrBd#+x$B6d7r
z`vR4tw4aZGw`m_xoZbXS9lshr=2^o)Q9`_cXu_hVZZy4=-mNztZ@p$cqTD-1^0)RA
zmV$&jwR}DfETnT8(JR81zps_?@CK1fkcnhDv4MMd0hjqKC1`VS0O1b$C1jp>Br0rR
z`-q|`)l#U6%kp~s^*x&&`cz|)l!VuVoPm`A^`M_gGd8+ogDJ>bCN1G_q%Q|w4tR6(
zG@qnO)R>&c)9;5YJCtA>=iSoZ<9q|n6{I<3HV!gU4;0rIjV%n7AyUe41&^5Riega9
zN>SG2(Y%k&3KFqIG)Ws(QheuUBHIx^L&$X=6m`|g=xGYnDa0K)JPE$dib7lH5*|%g
zy0E8@R9gB>YYp+-c$QW3P8S2}Aw5DF(p}Nxsm=fXXaPdA0J5VJt<j@8gApQ&RX)R&
ziQW|yU*(?@qEegKE_?^Ujy5ptp9WIx=cay*Ye<GVZfJ_c$A1T>L3zxZt9BOs9bn91
zUE%mO1aC6Z5WBnOl(e|ctQ2#<Fyu;e_EQewIecT9OO@4|Rkjtr7zQ9XjT{YvsQy^C
zs{pxf4@pE8h90@c;O~s(B}Pw=_zloMxT?ar+s{qkiA|{P*@O<BI+>ZL^u8E(sLp-|
zk|(`;6CJLM`xS`+!$<%n@(Dx#@COz6BHAple2%@!y*Aq2mcz~#_xnz#iDA?PEEtsr
z@{Zwq!S7fq$&+JBuRqcKj~&JL+I><XaAdH?9!{{a@+j$^bTap^`{>}A3cn-}c}pGg
zHYeo*1^=d2A6vKnC9w@Dm-kDLl~c&a>uclg-|_uJC~V#bBucm@NoDO{p&^6HQ*ik7
z#SG!19@vihqr?;|IBc9&Els%@R8u@>UnPKQE(&1GAwatKnJbX~#o?QH%Bc-B#N>U}
zwPQ|)km<NC3uU#KMW4^HJ0H|(t-MWUVk#AUcCBu=TBuLw&Puk%AL$?=z1rgM$q6yS
z7-~O^xGN+-bB}BF=Ay2f?PhcU=-U~6=5D<+*y7h;F^dX8&LHDC=^YNqrGz{W9YH@+
zcFFYZBDZYLjysOpen1mgd9a4Z3_3w|5h>(r2iyF>-}0&+8$twGO=ws%ohs3xP{;!E
zKDVEqm4)It;+;@vr%fmda<Vk|P)Wv1ci8J<i83yC=|8jU(d!5FjJyQKOzFZ@!Q3`c
zN)M!lCk%H!+|tf$2u0~5bM<FAb9{W_q(C-y>=3Kl%F-q^v{Doyk*o}cVvZ+WaY6%{
zSxM(LXzxuMG=WWKj9A+U>g}6BMY=f-kCk>%Bwvg~G53Yu=-cLlyZ|LszXJ1qVVGl4
zyG+)c;FI_Sds>8e4-!8w1G!9j?_0)J*>Y8jhZ1kTN9qrDTK9Ez6}65rYm-G4JuWWy
zZUQFbc@}EO5~?}Nz7sl4EF&5VTY;*tVQ5xiwKE+;(Ai@@1Yzxauo=p}?wApxt|elD
zrz*bCF!-&TK|AFaJDAQHN1}fpl<7{UB$zvt=0dw(NDopJ#XIl>x|t;BZ<RZ1R9O6k
zTV<Ie7|B!oeJ}!3Zbk5OzH@GcF_j3@_5`j`+xqL={R2Q8zd!oIrF>#5b0N4PiDi(I
z=_-m&xV^UDGB4fq=0i-2V$TGhZ<lXDhtdGwan^Vnx-@l9vPIjw<J}99SKExSuDy=Z
zcSn63owhKWhW^kY*It;2ekv)X9C_fMysUFem^e*yIQ(loq`y9p;3N@ki2NGrEn{iI
z^NYEbJ^|++fgpB*n#>m|@P;Ljdxwj|;7(^)o<#}U2c95f)pe1yFplM^K}-Nl!kdVd
z=`+Q%QP?&={~MY>8F->)my!Hd!XZWO&SENaEPD{jgk#O;-QW;Yw|=usuD-p9bIy!i
zbKy9Je%j3)-_yuniEnhcU7QuSAwV=QB733NdsjKpLiYl)brk@rwqAMOG&5^d5sPH|
z!YU;<chG`e_J=9i#^GaE-(V8`+ZmwxV?cf!W|Lz6I3}_jBZD;vnF@XHu%OR%X?w>d
zbroO0hyQz@!qSn)of55T9%(#iQSc%TLv{X^11HI$$ID@YJ<RxnE{DxFr)YUQ4lJly
z6$sB0X6LJs_oKJlKMb0Bwsju2D1?JEAh0MVDT$jR&`j=U2c~b|T=r4h*wrPV3aZ&%
z0MW+I08Z>%Ak3=&9k<$Cmg}8v5)6k(vu5_NQnG*?ZIVu1Ni@X6Cfp?s&T>^ZHfD6e
zL9c=!t#!SkzbiFa1a5c)H7`VSj7nd(jkoXS*YvSSOp~P`dIC_snqUVBGt0to>QOst
zl=Ob3E29(*v?AWzT3h=9HKf7tKn<ung5wJ_C2dP8sKlNJT}gYZSE``vT6cjTPidG<
z5>`wRF*g`wZ2-wf1OdlgZXAV3@g7C!3o_UM-pa_^6OU#6HmC}>!bFVK7-<A_ru%8P
zH(kz_Fde~%uezjoX=oVjx7-cbexo5{xmlwL_-!1B!zGb@A4p)p8EMH>suKzu4XG$s
zC|?<Sj}T*G|H?jy?GIA>pVR&gZoaS;%mj?g6X#(6^zJmI?ceGwr9T-SPM@QH|C90n
zY1fL$>&}g9^H4b-?{1X_qdym8W9qy<Vjg#%l)go}VgmS9ESI^-m-Xu$R$BbP2$dad
z`6Bq+q<D{J50|u7*#QY4+HsQbz6ko>C`-bUQ&Vy*2R$6M3Ny7Jgz$3}HB3xshBKV$
z3E|=3j-t&uW=(uZ-;tc0GgUGG&S#T4Ww(L4jVzYCkkT0307F`MM$$Gw?54%!|KarT
zo3?kl@sy8a7M|L@;ENYTe!VD^cR<qTU{7|QEVkfkFFijDd3t*ju~7M->{R2ad0v~Q
z3JxIdQ$g#wB7m;0ZC>krm#k)>z7`Z>Xfpj4J|K^$8<Mi^A6!Bjx1m*TMoz|zSeeG#
zf9`7FN=J3X=hFA8Zxsgx4+GS}yJ7cNkohwJMLg{Pgd`J&^7Ly;5lhnUC1Ehu5>XFe
zu3_aVxT7Y>g9){vuK|@TYc@;&Pu>1Er5buh+!teoP{d%fe{;5bO3(|3o&h;t{&V!b
zhQk!dPSY#XCQ~5XVnl$<u3B<PdQD?TMiN!@I^)+ouAIoTwB-Zx`uDhcSdJ{;LO*p@
zUN_0_LuLN(?Yyjhe<h(O_sN&i0wf@Z33}-qvsJB?w}VdAH<ncYb@y|!*!KT!F_MaY
zX5|JrpC65&96FP$uITXIqJb!t$BcNJpX5IbXt1tC))uvhwe~-}93Cm20(`RQE#mzX
zR5i-kp=p#`ZH}0`t1)K6^n1eIzcrU1iOxMmxb$?G-A@c;qh-hHA5cn3b7&c$dcL!b
zDl*OOaK{1j(6z$l%AtMk_NhYx<=n4;gg=oUWL3T+igfF6*NXyfF&K%}Xp%}BOi)>W
zTB&@yJ(4ddLQeRFL9A42<K_%tS$w6e9~}!dX0XB2lH7CvDJHDkC}}8<Ds#-K8&Y5L
z0C#fB1N!&$rR{L--M&BM=e`@@%8UIHY_t(JEdzsxF6_WcN+PYUfJ->3Q3632MEWaf
zD}FGysE@Tb0=A3ky+1g!?G`~iVJMPy(KttKgRmv2O?(vf;NhM+E{&=4r5=u#QHjgv
zTrUYZ?itU@YuAWnSGgqE((PS-6Lhd_QHiI?Z2gti*0q;@g*4}C;d33v!61N4L%S>X
z6&$#U>HOADtuzUDUE>ra$cszM1GK`;s`u^fQPJpYi1dD>FIA4=>b@%zPMV>L%)NRE
zQ{^S%3!pm<*92^&6xV*3K(Kg)?=(rbh-C`NY9bwyl|a-<rdVriTB22urlr{6l0?0s
zY(~ETaIDq8?{bNkI+v}75%rTOoOK@ZWJ8iW*k{<q-CKVjT5u7;k;64uTK-wGh`kU?
zCFvU%>rRJzqoAu)6y4+)7X1Z@EbQp_OO)5-;@Gx(#M`veFw4dK13-ZvSWUti;{KBC
z3J8>PUAs-7mw85GsUPfg8d{tWrhuXSb*v43LwH~Ve?qh6dVl4+d`{SxjR^Y9-K?4?
zw%T+=@Xz`ssLJ$1z?yjAls{g6<Km38584?09yZ-T`Y!@K_D1F&&C4yQTQQ%%jX<;0
zp3swq9(Dt;%T3p>*4bV=X<zD7_o7DwO5GADp$vJ;?!ZQPAbica<5cBX+ND3MuReOc
zC?9*54FFtWSlkHkO~}8Vbo@lK(os`6gByGkW0Irk;(0I>-gz>C70inq*nEsbl{;_e
zk&4nK8mG8c_DDt}XB<#N+X5Q!sHf<&ZNwGMG8XPVgq5-O93BkY)YZgx8&8lNF>(h6
z0K2lmfumvgt}piAsKG=*g}d&4mG0TF8Pv#KOll`zs+Ja__E11L42~o?du?5nuic6N
zW4$TW0K?QO8_f%ufyZ#+s$YT2_<aG8uJ9DC(d$i}X>&V$^6<eRtSot=mvL<D8QsZY
zfP)IeWHRy}omM`m-07DD@a9PDCSjj@rz8Oij?ycZ_1bS((D5o3kx!r>M3!3{<`%;l
z=KD1wNJ3o77T=TtDqpX4oIM1AUq_)TARh;);95z%j#;p0)<xVl)^74Jp&_^}pDZ&h
zhVY+8ocE`hXhZ+1L#@vMH9*S0{5Jp-U^6{0Q@o$cd!kDSoHOiZ@bj!xLow#VsutbP
zCeZCZtz~ZPj+;e_bz%{mSB{3crU;&gjkrdNN>}M~8nh;e%m&rhD6K68Q39Pqf+{RB
z!^MeckW*X2<d)7r!3X^rWq5~5I=pjY=FTchkb+7;C0)-+j|(t!LCVZ46BKy>V*n40
zxN6wovM!~I?v2~(YMLeN5zEB(A;$g&7$;pvhaLtiVmxe?og&LEQ<vKzBEKU!H}eHe
zt?v-?MmNU)c9nQNQXUaNY!aQzV%zYQHDUuXGi_>`fF;|H^7ag`8F*JFY7qli0GL7e
zZ@+<9y3*anD*d}he{2|bC^o1_vm&dS9ROupfXk3Rjqp4#S41lO`g3S^Ix9HDm;s0P
z7|sLN3-=Jt^-8%Idv-tpCFZp<O(bGLASx)R-={kdkHXkPZ4r_d6DVNTx{y0?$y772
zw2u~M_OFU()PkpEbG_fa9B1mq@C~sl%5}D&Y+)OC#f(~4n@?xKVi$_s6@iGd!mS*f
z58hN{S#Y)k9_G#K27&?8!_`cz<js<t)zmw6jIIlcG96f=%?xvMP<q5o&vj+o(%lhI
zIZy>>n)cDT5ZzEDu(~s16CkOn&xn0N^5J;MNvNOArd`Aa7PuDk!K+)p$U$z_d{$j!
zZa3SUz=7i9Ay7YSQR4w6Qn;i|)X?~`&SJ}VC@R%d=G31z8vcBla0yfb?oWfg6qG{*
z`cdB%P%89~84p+SjA6Bzca9yF@UhyZLi#-8;s`5>cG3McHqBr8rBu$K)*K~c+yZa3
zhtH1Wl?uKhbnLF;me1#QX$?nB=Z~18kq3U}IJnKTP9uacnBfrxBmS|HHS~7$KkRsc
znOZY;EB-y{Mo^4{Q&`6?{7b^|R1F&$eztz7RJI$sRC1kpzKGaJpZxkPW&gwL-U``L
zk17&Y7ysoJLES%fy(SJ|p)LlogTwUn9I8EW`Ls9jigW)g<I>LuLyYR#%xQM#2pXtz
z_a9GoKF|CEIhI01%|eyLDl^PDTd`i18q{ik@LEOfuJ(8OP}#6PJfaj0`X+d@yXQsc
zVu!ZVz(3Tja-YtW3#m+P&mXuiHr3uk&#9pLztp+1CI$HU3X~8tVetXy4^H|KtV9V=
ziNshi;JVfafr4U)z%mBEJ%B<Q%bgDNMK8es@?3>|XE%vp_-_gC2UCOK-`1=a^V48O
zZ}W4$0(@BXC^(kz#xSOKqg_DFK0BiQOm7OwE%d?P5CZ$9w6>Kyd|e}*$KZf?$W9eO
z<3NXoWmtTOaOhIThRg(i#n3-XwirrxzuX&TNZA@DcQek9>e|enYF9Xh%W1yA;Rp(;
zsyoiofSvz$XivS!3-QGoDQu_+&4=GX?caM0nH`=|ui}YbNoLKDaOou{WFZ+j)@u{v
zIa&;;y^7a8<Q~Fa`c?OUB51EBT_vifOj4{g=onO&$tGJOL@WAZ?JhaxVWxr*%P;lN
z2y@ZkaW{zoe*njmQS^#=Te<mzM$;Wnf{jIIfm#x0d0B}5$O3kMRuD^vfqc;u<`uz|
z(dzNvn1RKLfKW*$Z(2rlubA}ZuJ3{uDVnkkpaodUQ}8F+Ntl8%$A{wq=nHwD>>xTZ
z$~ykt@3;rPFTy9YI>BmLI$_+0u@4pB`_4lT!SGc=8~+StlO5y7=KmFr7>N2j6Kd<M
zl6U}pcqB4pD}`szV6Rqnz3a%xC0MS0-#`rXb)(?GJs`Y2fQZb(LJ&PSXOXSQ!2-G^
z4&Rc3DutjPqdL_+GC?MeU0r)N%3XyV)W3$<n!;v3$x8~^HySbZU<h~4lUOv~MOSTu
z_{AL;;-h(>UdJ}D>4oM?uKmA5iPj`}G*uXf-$)vycA0LjbIp_b{j~)1eL9M9zcoPD
z76#Ym+|GRdD=L*Oc4s>`9o4UlqhK-&N=5y32GwRL_eCj`PFB(mdB1aoB5T6|ku33Z
zmDtZHQBfvP3&J%j;LH<@)v^&5nKH=QC!radeGcBMy#6uo+OvHwP51@9ZT|(V^fY59
z=$9)2n-A~>{8KrKN$SUjb^1LKdiW#B&WRrw{>IwSoUBj5Cx*k(uFEOcPE=_!DMFNk
zh2%;@*TnClql66z2{9Vi(an!1++iWgd8Ft#xG1DcxO7YaDdG5wJUigbd3VlGj=irB
zo})qC>}nb#F$BDXKn66sff=tc`bG!`s5WX`bz8nDmuSOah?CCQH1i{-dEd;|PPhuG
zVpV$)9+&pQr0KgQfcC?uKI2w`yo>w0>xE<f2dez0x;cgQq0J%olcG3b6Yn!?%M-@u
zljTJ#(NvAlo6`vx8ev_XwR!1c>9oDPEh<~LY2@aZvGEGlw9;Ge_`j*Jt(qj;wOoMu
zdFy^IXx*yJ_emhTm-23}c7D#I0tJLC`B3d3R6vxR1b^DZ$%YQu?~zn}$Or>rLU7)P
z&vhe5!7L{Ah*URa3<~?`V)PiS5SOB6^I}zGW;Av8{l~#{xIkw)qCb!LW+|9l3N^na
zD^>fe4*%5<cCzvVz8AxvZ`RehQGID%PKPc>A4#*DMX%m(w|z$g%-je16ak(l*h-N$
z!fjEKj^`^B#NW3gZoh2rhQybFWp~~QW&{Dt8~U?j9~bLNE4kt5v7J_@?ZI_MswlL8
zY`ts9jycxtipKDE$<w>Vq_9AVn0biNq+Qkn_?dxIcg5UAVXMsP+o=fU=0!yb-uNgo
zw2f?qWF%iFWt13BAI|zT{|V?}9D9^(zTR->##8Quj@Y>N&O26=Au6t;O^|c$_uZlD
z950c21*5iTBp5!32Wkd-ZGB;6PK=tprC-M7{H7i=`}QFn`d;##nVB}Lj#}vb55iXY
zlClZVYPgI-+A%Q!=N}Pc3{mZAog`LuX!mFteFyCbM@F%Y%cP(9)P5sGo$SA927H}%
z>zS-$ZpKB0S4#{dMTwzVSI+WqTI|E1E`Stzf00RRM_V)a5EJ}&j!|A@1I+wHk<(J}
zD>!Jt)qWY3AQNm&5pIap*#wJA7x$j8M$@E-H&}4Kh;^|dqx&f+=Y;*dnUi$<L@C!^
z&m{B3)WrBIK`B)pcY*gTUoLQ{x5h<<+makP$A5V2%CB<ja4HS@TDVR!K7b-`>TcD^
z(mEoXoyb~@@ZKIA3XVEJuE;^zbbH9=H@sgjB!s_(URZd4c4mT|#1BFAz3p_ElU}ul
zLaY6zSbzQkVX;_0Jbe}}1Z8EoF`#<+zQ_xb*^>FB%j9h=s2*iuI#fg36%uE;Jh+qV
z2<}i94g=CsW=fILsFW~ndBMtPG-?yTzn7O{>Dgwe45T}&*mR__9LiuQ>OHhDd@MU1
zovUkR+YH%T2T3x0X=pK#WBxfJ2qC|ADO=Z!W!dhemt=94`23s(w-zXF<eEMr{eq)D
z_ZpjR*&~Vx{?RM-Qdbz+^2km>0s|PRozp1_F^vM1z!2%Bbok*Cb6`=-@``A6*LKyu
zmH76eZGJxh|42q3eO9yZdEH5IO^$TouL?A|4}h31C1^jp7ys?(*V@Y<j8jB2hbzft
z_3U?y%!y+(wFVx=+PU`)K_;SvTY^lG?F`Z60WB<2`_>uEPC&&^GVg;G*h|2k$kM${
z-#c`$_t_I*dTvOA?e<3FCM2zB?s1iLojf)CBK>B{%S{?BkbNl}vfuie-;IBE&sENt
zQ5EKE4~y#|Z9rZ!a|3HQsu`2;<w~DAS~H*{GhOK#(Kc?&%efgiKat9s<AN_QKOS!P
z0^yT9fE-x1-S$7u-EM3KukhxU6*VOcRQ|vgiiu<!TvF8{<gx2({_@@)Rsj~WBwR|+
zBGSW3?*awiUqc5DO$qU+jm>Fd9<>!1jCpyXzqyL@c7hH3Hjo_-&%#p;yq^QW6|<eK
z6L0uvY{a9or`11bANCgZT)?a3X9N91n}r4P;1x%;N;Q$>C@oPgTCYQrWjY(hED44g
z&*wX+@P1G3+C_UMdq&l&NU*#9(<~yuE&ZugF5vO6i9r>Uiq?RkB*d^=*7<Al9Z(2#
z5B^@E<Ww*7)NL0OnIKPuL~61-wz#{WG9dh7R1TTXCqXQ{W0j&&fTOV&O53vx#zkzj
zS7wa++D;B?3lzkU+}+64L|WbQy@92(zT#WQ@R;V5B)dR-yZhtOwGe}DbI4>22X_pu
z+faFdESj_qP3p+E=3%|zBP?&Z>q*>f4)iO!8ITEZZl}d0S~+Us*+w1}|G49;@bEA=
zZHu@VQe6PXYRvVZ>|U8fziQ-y!LM>N3D!a_4@?mzJbK;Dfo-vN0?0LT8TqMo|Km;t
z*6Y)>?ouZWNp%idE^unsrE7_y^kQ&Pp??dm&}?s9?l~Ubbl&s#G#EzJB(|##w<VC2
zmtR@&kG}vA_gKLM;~gJj>~Os3s*}Sxad(H)Y|6QiRzW$O9?1mG?l|&8OlL!jUBUgb
znPl3ezXs;r=T3x5R7wmco6z0O97P}&*}Jo}w-08Z(z|%bO)x!gE`;*%oLpo;m^dYR
zl7w^_Z{gax$HWHEe-GIiz%jFOy6Z{-TatE}FkUgg9$*1yiJwD|D;6Vb@ZR=72;PZ4
z#I2N!gSDSURb4GNBT*7AcU)JFnFzxW?!GPVZTD$^MT-_Aqh(f8&(c#}_s3~xr4>zh
zZ(oA&Z~Z0MQ=C9|%EMk-Gd{w<b#)&S1VA?MYkghF1C~%{0Y@h^YtxDmnaJw&Dk6aY
z*1h0n|KS@zT??geDf{<qjWXr}5#tIAu_!O~>EE%P2#j4UyiJmgG{p!}^|K##wq)dp
zw0(g|s^Kzu^-<J#s;iDv%^5;gd08RZmo;=?rOZL;etn_k^l%m&Q4bJ*CwMUc{KcvK
zdZ5x<OPcJl$Msc4fhkL%vY=*j#yhk39=61;zc2eeZ9DAr$9vCni~_y?GU_<kO<5~X
zR8PF)6Tj<0#{#D2tTA(8p=6}us+?yaTz1kqG#j5*1aL<*)g^yA#B{IZF8#mVG+PC`
z76O^ze8}t|*^oX96Lu)Oi@AERmBKqNn`qP)t52F!jjYJl57nmPYZVsdR1yd%1_+cx
zZW=mxDc^qB2>y9XcXzb?^_abazybWKYfo!DGhrP}wp;dy2YD*KZ&z_CM91!CX1=9Z
zxiJ=i8t(Mb&=*Q57pG-uh!o#&p)$kclNTiM#pps20GMXCH>w-?yK;)5{f7UD@n+O`
zymmRH?kRo>;v$6A^Tp0P@~o2aXdfxO2Zk8rY4Od#MiUXaX^vC}w?vJ4yypF$>sO{>
zIq0l1n0e&Y*0Fr%+L^lDk#WW*+^$GsR5`Ma{cD;evdCWHL}Qv{fA3+;3TRH?&=R4e
ztWsHt=hb1pMRTo*;a3|=o=O(tw~*GzxZO28h>|-VMW*}iddEK*RA_AGqT(j1FM1r`
zsT@DZ)k~)N+xURN8$FpUqIR0u6BT^7Ynm;idsN8bLa7!0_MfDt^wnt4G0)k2if&Zy
z?95am7>MjFciB_t5o!O??_eYwAlh#e8ynm~j^LIT9npFSA14dXdC%>9<LgOp+OH-z
zOMgl;X>i?sEs2FQESj8o%Kn&%TXzUr0^^lG@zC9{mZi;_Ia^gmA>#B>89;sZYU+`n
z*yyq)$Xi&>gX*7uE7%==kTkHportA8?9!CnCx=nmjAI-azdn|$S1RYmJ#;tU4}4vr
z@gq;f$fSWXaCe4~_pznr1X&vn(CeW8(3-y$k%eLqh_PT{=B$HD*CcL7+`%qhq2@OK
z!V2}=7{r<P$~N#wxH_caqxgh4$)1AnFcg1un&Pr^ee0ifFHw8YtBGWxT84G`a(P+S
zZOW^Rv}%LxStiY{y%K&At(ZQauDfi6%CKZzBY+`3fJo<csbgMl;|FaOo}j5f_^SL?
zcqu)6*x3c+tWO5=1lB1GSH}zYiroQ1-odaIDpj?S`=Hk5&UackfH$c(j$Rjaot^65
zP7rVs1r_+<1jMXI@?U^abe!!MZ3lb?#YA;n)y9f8(NNptt?!+M5BjEs{;l*~1eS<3
z^=m4F9+xV3jt8spOzRFIrciR+7vIB=pR9Pm+3ml*oQJ|Ilt=S#CHXW9o)nCzo(iP*
z6VK`i@?TS9SX4JU;rVYKm!$qc0gWl5>^p35klx!J8M`|z_}rv70^V$ho#=Z>8Cea#
zKcoR9DB}!s>XRY>7-geB`+MBpqggTKIi4jiyMA&(TpRT<Xy}GH;C9SdA7>?lg%BT=
z-*MAZ)M;=lWeY{Gz+T24zo&cT8yDTp53BuM<tsuk5uf9lnA}@A3rq*CG*>hk-O-=Q
zCuObn4<^*|D;Jv+1~t=R{`BltJ~JUtV{bs<tQWdw(77Y;weA0juEC5)K;D)~fBQ7{
z4n&LtRQUvz;AZg9*DPc@-gc0;bgAs|XEqtGc8Bg+PS_dG-l9fv5<tOjv;Ek!Rnys(
zaO>SGlo)PQ37e+1lL@({b4Ai+>BVf`qckLM*gZ9?I~lpy0xwJ5-cA}dD@(Lh``Z>a
zThOCg-dorj(Dp~q$gpYS2XJ;pKhT{Qxowb~QkvOxfI|ga+S`Tv3LyOG;qNH(fsQAs
zANU`cf_MUrs=&nRu!Pqk2<|v3Szr>#Tr4NFm^(Z}C8*+7WsHX@1j{K61vlF=!tQ|j
z(CQOqjAF<4)+A2uPh+CnUDW37rVt4Rr+lKWS`3-!qyq+s`qy$h9VSOg7;hXvP77&U
zHI15G$6TY6$6xZ~QS}d-MW;~Sb7L9cXer_A0u=<;WMkV%Wj&C$M0>-@_R+dnvwO@C
z2FAJ)ytEhvzi=0!Ctlxe!Y`b;QfjR#tfBnCZQvm7)>>u&Vw{8L=5S9HNV`bpSiyZ@
z)To7m6iU#Q59##Rf;hR8T@=Ui#CS@qhb+o#9IJ$>S4D#qyN{5wbKEjG^i{=b%y|t0
zvrRy+USE_v0RDPax@leCiV#v{z^d?)(jsGmmyQFPc@7cjujO4nYoTl<PAE%1G)LJB
z9yM>WLt}~`WSb*7*qKo^2FKO_O3am=mtYDV1>couLDKZ@@mxU6yhL|)0OZh^gtYCI
zag0H1BSd;lJtPzo*7fqduOxSg5Y*YO0|xs^V*q)~GgP(R&Ku(h8hPfd&NN~Lb=sPJ
zH7z3edBOlQ=rK~q+%1W#FiUA6(i@pWNv8EXyCExA4Z?Q<gZOt;<Xurdl}m0b6$8qk
z0&K_9_k7Tkm`TyekRJ*6iXHtMKo@zwT3`BcpBvpH>HhL1-qMKlQTH7qi|rB?ok`~W
zkN=aN+7}$nR_Pjk)$1wox*t!IuD>Y%$uSTo``dPj0I22U#w6fNztqo07eNl3osiDx
zaUSFFg3iI5%}Ui^_&=x$7oyMP@_5S~XB(taq>G0r)5r)$6ej3NyCj}3YR;>+15?yZ
zwh})B@Eaq!S%g#}LXR%3AlV~Ye%*>Newjn6i23Ave%kaM)L!IJi(Drq>`2k-voAjC
zYKWB%;9_5Y_iIEhiQ@dKFrzLsJsO2tJ))VeZe9|e5)&q0G4H(bH(I#_G*RFVh5<4&
z5?=g!Q<|)9(j3h-52|4;qDvEw^=JiIX%FFQ%!jy5V?b=VdGc;|w#Vj}|J^!%_zMu=
zgx0cY5o4I{vg2yCc*i{VNSO*Z-pjU7kC7x-8gK|sr+hBXo|VHQav~nXG$b`xRg^k~
zS_tP*WhWoK`%@a22<8R~U%YJk{|<$oXzeV$5U46l2`JBHe(qJ5vAXqiD7)ySq?Oi7
zPF_+yut&hmThXeW1wm{+Zuy5ZSNX{TYkNzld%{Vj$7MChete-ZlTxT8hzO?+O1ZgC
zEX|^n`QZnQ-Hy|0ZxsY*VLjS#1q#an9OC0EnzLEdC&lC=x(=`Dr>{S{K$JWO4yys*
z9hAcBmj^OkPNYCkfj}Y9D(+%)uzVd~aWfgT9|idJv7Ql{(G=92q<wSQhK7IebSN_^
ze)Q5nMd?QJ+`YAnIZ)Bcyg$UMQS~nkn2c^D@AZN#R5`y%eexR`8%KdtNR<yg&dZpS
zCe0jjz)-l;!Z~`;oD)O0*v1{nRL?;nh)*m_{R?IOR0?N4t)Lk*2}G8w)Yo~h!>C-G
zyk;MAX}Gv+e(BPNuN~5yNWQ|%-cBq1S}odVC?B==e6p1=fj7NEg9t7-`ieQx)OXV9
zIot-WYXD>NUne@#*>#)zq$<t<-6EkteXLz-nl7$GS|=sWYmA3^MlU=yAZVisg$C$$
z4DWdVewk~N1qAwLH0Tp_tEsM9RPA#NYrh`oI1hEJYLAu<q{LNCda8pwHiWi&i093S
z1>_AEXR1@BoBGo&J^YlZQYzCdctieFy;4*_jq`27fK>F}DJbT-lTR`3%J}uD77r_C
zSdQk66*?7orI*WV`B+|Z_|l;(V!pcCALuj<mh+ds7#$7D=W#97$+530VU7NBf#4Gb
z|7He`D9f?MZ9*jwNFgXK<K~a~bcRQwAXu#7<+OvprA44!T&$>dS@QqAwecC@g*N+C
z+oGNuX(J86hf)dQ84o57>-T&&#%eynXL}jPuz<<V)j3}IwEc;YLRpnTAv!EmJ)${8
zDN{^~<hFS{O}b`_8S{WYViy^38g4ltNw->i@0Ea(xaZ@~z(?P!z!u28GqpEh-y$<~
ztv9v5`r;o>M7KuDy>H{1Mr_8MQNj22Kd^a6UU#q1o(KLXwik2a*>xQJkV`b~V>gL^
zxfBea05DPnL+stVJ~!?P)Xw;^0~bI=y#jg&ZXp>X=omfnXAh{<yf*!<KikkXT_F4m
z_LAcV$~YIA8D#h#XFI!OFvE@lub?&oCHg5iJLy}6S1*KovziYnz9x8U5H$<zJA81a
zJkOUvsV-27J+V(siFF}8Qa03qpfG+uv%)AmoZ3gT643r9)ZBp3O4Jbt4EQaj&?Tom
zL*8nG5e3=1K^(YI=DXyAbY&}R2}tP8X6-Uy2vD~;MT|?Zv);Y;WykC7B#cU^pkn}7
zydERnhk=A<*Y9-yB){C&We5REo~>RS7=2o%ITl=PkmY9JzDt!9U5B0Vcye@#JI!c+
zp1RPM`o-rZs(3T*hxgDu+AmbU4aQvv#k8Z7&1ARBBM8qJmr2#$&MztuCJdc^P#+6^
zu&*@R=HbIezHb96(kWf1D70+InTQv5DlAkdXwD&G!n)}A_A*YJ4C0Io$}=K0Y%TFS
zp*HcYj-pvv5Dt>x3a1B_Ev<!;6e$e!vz6gqv}Lc$5?#c-59v9YgEXY4zytHx;9r~H
zC)Rt!iUUMRXs3H+L;d3w`@FjkHaF(+7v*IqjC$=NlER$l0-4yiBx$Cn=gA^#&4WvJ
z<N)D8KUS*J%KIkAY!O%Zg+!DU;@-<hBc`;la*deCTo<nfY70iAyKsOln{PysvI=}^
z<zV$^2T@g{Zd!!6d!xe){a=SwIQyxI)GBY8GGzD=R$1u^V0Q66L@0J#3h3yYjId{o
zP&vc!=>?!Izo&e{s&2GNVK@ryxbMO~`@6Y?h@%4fRzUp3-#BtDQBKKN@R$*|RlIcw
zYXf(TCN}lCo65ld^)G#Hww<ceN{yg)Q=X9$JGmqr!To5Cby6Hxw*^#g=by*D&z$Qd
zjaxOHh$G^pEDkl<kPjXT>BiTXL>USuw&=O2Uj#3L6*=quQFo?HmhGB4W5owwP3&Lv
z{c(Tanskcl8mFNQOd8+pC4!nD?q~S-2?XU~%Cvxf{1g+*nAs)(-Lut&Lpb}+_L;>|
zXoFvM<E2Op>tuE`DA-R>p)n+5h`(Wp|L<l{9@&UmGF}P%=Xh0)WX=kqX8*Up^yu|!
zldhL#7yU##gJGSx1sWh2MJU%l(_(hqr;`F?9YT=RB*+Dx2V?)_7k|IRw0t<6u>o5<
zg#)&@JZcx%hXV0?`_)cDuMVMSMrFCNc!KQ3lzO2-OI3SO(e&vUP_~k^L#=Gdp)p3S
z%G3ByOmXDvnt&kvoFi$HT36mhFcK{NH!=@-Vw#GFmNE?y-snV!PTRG_MI;s!H9KHr
z8w@TAuUhDi?wyVH8-*5}x2w7Ogsg&XwItz4FjoGeut&9DLxXM=a_hQRvzH&B&jVET
z6X&>{ve0Ohb*?v;T5mmn*^T|iA`RRp`m3wA5r0pJ7jwtC20qrWtsQ!pYWsJeNpD{}
z0qK%8)~iVFx_((RE%dd75g574=wSH_QMSnU-44VJe#MoaI%oRZH4aB~$J_{#0i%|I
z+428v|ImN9<<$F-I+t*^bf5zX+8XExv+G2+a`~{hPdl-Lm>2|QPJk*DQxy7^s8?-C
zL5pjZX0_FW*ByGkdsp9&9aAjW&jvXbjo!8f5g*XAV&$3z9IZnU8h}tX-aiouC_f?O
zS}!yf*Fyh;sWJxuUKa7e!~%C2EGyz8vmvUbMMh!3fztfY>Hn>5y6mwHt`ZN=O9gQr
zF2ylTU4zd7%Z@$sutHKF8=IAgruIEIdb;?4WIhz%@>UWajroe&?uKI_ms*YxqnK*h
zW>mVtnMO9>sB=QIW1|S;(7U<2XEihslNp(PPU_@%>>~iy5b1eq!{HMXottn|QR|Am
z&v67ft0>>hkT7+#cja-XI|gMx32o89zla_9+qF$*{v0@-Y!|J9N6ERn2-+a#6pXF3
zHIzLaRpYshv1@#eqNt`sNrj&d#-LwI8G$f&<gJ)-2`jZF#&D7pn;4wxpOnSO?$m29
z2sL$h+me5M)E8Uvdef@)>)X}F39!eoC%ia$Ks>1$lH7csZlME&961Y#sR&NleuuC!
zB{zl=cCj=J(=>gT4!~h-XvFA*p^-=jG=_cOOlKihdvkFg*~`Ow??(tteV(DoMneU2
zyhQ;$RL`b2iUsfq4bi#~RG9=R1Z}G)-AHDuHKcyE{q(VGOttOA^je9!bA@alu-Vh9
zf=N>!Q8RJU{kvd{8<yFtkq|&~ukz%tb#tgI-uWCsOL4PL!fqdl8aq2&Cl4mj*=`zT
zbF89vnkkiFkFl@-3k#uaTQrb&Ybi|K{h3Dys(zZsrgcx)dk~3kM7Nz)`d<wbtnMN;
z@P>?^&7rl&E&seXc;ISy@geg;F6D1J3w?fg>cGI!UOEiItq*6!FV@hKm@ADp{uZ=H
z|9^=1e0SJ@;AOP&y~J=8Q&9}h0nYor_So5-VN;Hhp%hN@f7p;P#Z0a&Btg7KfXE|t
z;<w~uE^b>U`YX>wCh*bq=A7SP+`T?-hrZTlX3{LV3L@1)9X&~piYOYx<Q9Nk-PtfI
z2z^3n-gw|*@MHzf1o`;f4u+&fuK<Vlu1ox~grqcye^SaI05(XR+VP!@*3Pr~NA@7Q
zlh$Q#-=yvEG$YOTf}~mJ6`J-HB!B)i?0TggH%hx_Db@a5nv7{Ma93rQ2~4*i<jd1U
zu35=Y+Zn_+AO1Hq)2NLI365>G4~=-g9vamHtNC*hPij6JJ3RS0fYY8d@8(=?k-L0~
z%K?Zs1)xIrZb=Y_mS%))D4{m0cS>iam=C+IayK3ht+YWi$kRNg9Q0n+;a{R2F0Y4T
zMhnGIyV={`W4J3$yAL&!d>g*3^ls#3-=gMk)P2{xk+-@ADv(A0WT=#6jvruPCRiEr
z#(~Xh?W%J*)b5y5-plEivmRWzw((vb*J2AZoh0k&U*n6iUkNkHtwj2xw2C};*Bd3a
zz#i|F;!Fp}wQ#g#63&#!B*tk3*VviePFuB`P)6O5u74<9a6~|0m$+o7rx<vP{%=Dm
zX(bWpT_o5fBng_bsV#j}muwG<iBB#9qu3!ak!;r-Ws3k4Z>{jJ&=5-+uO2wHoqcVT
zTfE4{3Wz_GL@cF%r${%nG<iXf$4G91f%|ngk!h#@6$|zZvba<LO6WigUoa>&*rK?5
zAgR0NX!EZqgMV28)KNjwTpI102WX?_Q5@Gwj_i`G$TJcZtt2qNh@q;aL0qe~3(Ko3
z0)&ot4Pc|5{3P1yNzLTdu#%Jw9sY3V0`Bzi!#^})fla^~kr$(bO)7cVK#0>7;hKw#
z!$84-CQc;%$}?=9^{HRX#Rdu*`*Ecq`3;TpNdE7;U=YrGK7`CN{9%eWW+NIC$h^BA
zglD5~aKuy7X|rQ)w)E7f=L_<S>XODe#4W2LQ6&kwW@}BW`&B0|@ak6a@>_WWqU-E>
zKm#QUPnd62^W+IGXVjQMy@LdW{y{hH*@A&H&XWoSk*p3EBKWGVGUBFtf`s>SN~_d(
zspfW_qw?e-58<?Sny@Yrsc-s`O8|-Hk0s5vLaO6u@M_8Q#+~;EN~n8wshTw;M-6m|
zV{$8WR403qmPR3cOL95#5(y09&^}sU)c4#{x$RULLy7rs@NQ2Rk=#2fB3$=o@kZXP
zoqWqy{CMf%Q_uzd&PhQ-YQCfHz3>*izMp<wnG0#ta8u!{C^VNjuoBjAChcFF*uG3m
z$y<t%2ZjUGA0KsS`W5pmp6~+Lh>l0r2#3t{S*B%UPYC}K6x5qbeYX@>h(i;><Z*;@
ze@Y}q%jg*4L)h9min9%r95<zm6>;0+y)^R%7JVy5pg|^K5+B@T6@21NAqd7iZYTM-
zxTF^9MJ9Ng|0DUdd)y<n8)PhEe`RNwod0W>uW^)qJ{VUNr8pb~cJYlIYo7z?;a$17
zS7~;!@UljZs<QpOj78zQkokugwUNP5A8^)t8UGBCZu>rtFgm6}Ae9!fHWR#)&|i0~
zbO19v4eO=Ii^ITUvi7?*7e3ObL<O^23L5GIhIZMu#!p2y3^aNwyF-SuX)B^_A-hT|
zltuK{7eZuKpjWEsv->qFz!62amX5LdUf~gl-eZXCYaCP3;N|7M+@24e)aQ+!k=Af|
z>0m2S-TTZ8PTb%*>PDZ<K+b7b(jy#hU`9Rz-9T7hS!T;DA|D?9R-h9^boD-qRnBwl
zDQ7q73&WS8Lt$*mTZ^-HSFHR)epzrJW-CTzsl;>0RpH?kV<Dt35<h+rH`dfQ8w+un
zOz!2f%Y(Sx3;_OThQ3J4fb^+~Xb<AqiBrIiz0S#f0Op>~C?V0mntiVD%3Lx*s?p(u
z<_4V(;0eu&Q$QWs==%@xX^8Ooo{1;3G6V9F2H30c=NqM$+8WIa5z6HU)_hfgD;m_a
ze+^UOpI^UiKzd{|!URc3$I50a_AkR`i-wjJpXB!Snmm%0^}P_8H9(>>R?0T_gv6Xn
zafotoJ<_4mb>eli9;v`w3PjP!YL~77sez&#?Bazisw`xjX|;tkP7`hTHD|`c8@R5l
zCdRCN08W`(fMY=xu5;v~<mq8}a6So_ye;d8&jTe*$_XltYB_7t$R1h)l;>%|fO3x*
zBzn-ij0Pqbk1mulK3uO{ok&x6813xfg9n0O@ybNu`5X(n#d{Y*be)ViX>S+=0`UYf
zM`*TV3u$}KmF37?2pu{mc(eo$H|LXIv?4zt_>Ek#_Y4cL99D%pkZfAt{qh<qW$Z4z
zWz+5uE1`tmw)a5a><M{?W$TCj@*l;)kF*bTXp_5qdBq^nQ80F^EGU=ng9RVa$LC9|
zz~3ozzZglJo<Y34yH_?zX(V{?a(jF}xA_GXw(&9->$5~8<s6(S2&y#Xvtk&3aKie4
znLs`Rw(GbC>-%WZs@mnH5rKY|IE9_ivv={|x?NE~Nl@fJLLlK$Cbx(qhKtYQR<+`E
zyQfCrCh*gW$WS|q>sU;uIateK6h4&KheCGMqW=ukTEqsyxLYn}kM_SU>%sLE<p_6O
z>-a0;PdNWQXR^`vM~%7>Kjeg6F;RhryEN7ncEBPreckTELhvQ<70Yxbp<szc>V7N~
zNCkXLBo!TeI?{M`F5^mrzU~NQ^iS&*g%yn}a;;*Ye(UXFQW0Jp>&!>GO<o@@4Rt8!
zxL73tUza6L`CbcY2;BE*<9Do>XYzu8ff4eNtw(dHnGQQMvv8;TfA?^FP!)E1RQ6Aj
z9Qx!Oc9dAtH|q`t_8~}tLymGYhK$Mnt*_~xy#qGc&I`kd?L{`a4=>0G+YB-Solx(l
zs3`}&`DN=R`o>YBFh35<f1S$zT5rMu#M|@N>hrTWKT!DWQvjlrqm@_mD3R6>bZ^U@
zEVU^v0pu|FI<t2Vvi6iI=zhhM%Vf38n=wjlI_TBO#~0%rpmG;EXOyMV3!-u?)q!dI
znHJDs{N|lG_`*{(tE#?_)|A>oHE&2_`=%V#64Iq09@5e~u#6McKersu20-4179N6}
zbzF<wuczb9Cr8>>2a9-|sDj+Iy7lohyz>#T_|)yTX}OisSG{loM|8ln*x58q6VRyL
zI}q=N?(MR707f03ptnia&vuxQoQ@+UBQY&@4v+iM0a*(!T7s~0ILEBrqJhe`Z;die
zwT2E#jr469MdXEXeG_(FOf^_Zh*dNdI)*#oy*1P1Okhl5PGV|k?!&pDQX|-kOhNA*
z^AOJ3I&{nHZ&RqMD$=|BJuE-HON7}9-zV;H#6_(v&Ci$<c#yVWoXq84N(s&dbX!fM
z;09i1(Vd2&1H?UwpYFBDnmIZ4ST0GVp4nu~j_*I&OFg!Owzw4Ex&`PXYnQm{BTR!~
zJUZyMsmZoVaU-Zlixqoe&i&f-Q!Y=*En!^-LR`@ZP*vq~AFZjGJMX*01TV+4Kk@>d
zt+2iTqU~(0$4PtcC6pBI1qtef>7rU=qFGsJfBI)M8*T;B1k&L><wJNwysucwY&>P@
z9|c~vDTg}Z0Xtnc36tOA*1bFXihL);r^I5xgfs_Jnu?@yOp`i|EB=A0Cg&U85j6-l
zQcCVjLV7!L=@EGqY*CjF!EaS^R8zZN9YMCr)jitEr66jpsV%YdF&a@bGy|7!{>Of5
zZk#0zQpCOkKZaR$eE)Vta!TSr9i@|9Ws~E9`fH@=EgCQye5e~6pit^2%=?pJoe5yk
zrKngLakp%-`9!v+)wi%qsEfJhY`jmq_q9Kkaj(S0;z3N8^wOoX62A??2*UAb^@Ab%
z$$E9bA{xZf!F5s*mUTyQLeAcK3@*vM%@7Ub`f`%)e)MIHPHK%W(^(+a*t4eOH-8nO
zg{H3jhR~OFNnN&CK>wWzJQiNMx)ooOLTu=pCwQG#2CE$Vxmxq=3rZ~ycx{H#C||K1
z2YRh%|Mpiq?;inwnX3cojpStdM#BDhmD(G<|F>^e-VZiE<aH>mgMQnk@t>}nkLU^@
zWf&0zAIaHk^GmsARhEpMW>c}wbk61d3BTj$s;#K#x7~W!R)FOiMkQtu##m4yI=S&V
z=w&hdjL*23?Mq4A1P{j;(~@;l=z%cXN1g6)G_1&W<A!j=xbA@p)f}mPTJrskz;*&N
z8s5OWV2k|YMwr^9Rnt+ePPvm(EO&?)I$O(QEF|X-X=X?14tSz>N&}3zAl#0K27k7p
zlr>GI7j@B+I#2Q1lWHuq$)E-WX(~ObH~g9c9cpySH)i$6Ie^-4ClK`r<1HE3@s{>5
z8$u$}t2t)PD{-N-=bZlFfm(M*OJ4vz$c~{OB|s+pvP#2!raJJuhWOQjI{%DU!RzM5
zKv}zdq5_#Tz{ckF3=linrR|@YxpJi$qVOwBuFe=tFwB*(1>#gPUE0z6Locbuzd=RR
znz?R6BwuM2>gQE-rbV8t!q!0s_?3xd44>>04r-CKj*sh0OhwuYo3H?{Wi`2m=V$aE
zO}ZfS8#n`dkhVg?lM-Y0P?a)Sc4qE^T#LkZH%b=3WO@-jH7-3TXzyX@IX^h{$!xBE
zy78*r2h%01cgD_8EjEPU0jkF&aMW$>)A~G=E}GcNu#{sIj{6{BOZr>N1bRCw3j8{E
z{Ocdet(w6Q%F~>J!BzAOGgcOGC&&vwSsBz+$YR+al$3Y(hV~gR2T0WCyM)f*xG5=$
zW`r6RJ9I}N#I_?{`dGBdJZ0==j8@N1C`u|kFiY@wbYL8|7nC5JrfEI2^rE{S3CDhv
zNEI#xQe4d<lH83{n=AG(&{de{5OVefE*pxFT^@-0S8h;JR44K--*TbP?*drK_0bzv
z>)Bd0kh5CHa4KTs3=c;B&565u8Mm)y^MgC5mPhFX4$z>uh&;wD9E{5^@dU)~5sCY4
zWGO;s=eIH<u!R8Uh{iiAcVb_0kg7VAB(K@}Rt>RWu06<q_1g>f6Ml>VAT6DjjA>)<
zUaDx5@OU>GnjZOjev6COCm#-`0ONrbLS7tKPJy3cvQigKVazGAt7Z0EB^OTK=BHn1
zE2F`hc<0**CV+D(TM9kj7(H&k$b|HkH_7^ya;Y~4&0QXIs-6!zSX%XrNI{kzJfMg!
zjtHs`*pr&Nb|N&;fIJ1~O)GYZ2eGKvLKjlqFIjKYP;Kfl8GP%9H84IrSD!Rz!Q+J0
zQFr|diLyQa*9CGW9}zf0{%LNI1Ew4(H|605g+cS-ffL2~iSjXIntkG=`DPHD%NHZk
zI>nPcTcomDt`Y8uj-|)*C@f$YRljg1G63QG_57LEb`;H4wW8%d8+ZsR=vWWnvbt|j
zMC+NKDFAfM%!ltyiVP&Sm{Z%ti&ck|@=l8Y8uQRiQ2WjUI*6-MZ~;Z^KUeU3WO2OR
zWmfJiiZoL@;zZZ_BHj_DS#IVjVRoa=D#aQ2K7U%)ul>p0_s#RDJH6EHd<TdrfOnR~
zs%S(@M6zNR2_ZC|5nlJbucwrB`T4**eh4){r^gD@{@VFf^F9rHEYqXIx;)9>>*R*?
zliZ6?d=99TyR5#3rdSFt=A}+r&{<)mi>c&h`4!;zy}lGr1s7G(a0ep2{FGIfYRoK8
zof#u~hm0Fb+zn`IR1SKtsz6MqPB>zFTu?AR4HdVg-M_GzkKTB3f<lKR8vQ+JOU8=o
zt-v1kXifiI3zrRVa>K82NniQ(MStPfqs)O|ZKmmkoG|(&zbX(Qdbqb5ntt|~Cp%Qz
z#{equH@`b*_KSc}0$W#VvVm(6{Cn7V_zAsaisYIZFA}wwX&O!DdQUBzXg?*_nQIy7
zFK&L(LhUZaLiDFu!Nmd7_W4bAg=u_E>Rc^naX@F*7+g-7jG&xJ|9|#qfw^umEz9RB
zyA|qEV`orD^O|!o%#DX1eBO*$I(X(Uh*Q&{{aIjgv;FFQOl#AP?M=|%Ip)C=s$)mt
z*{X2gBoivqO3WUEM^xG6uk_yL<>DyX=j;lUl)6E!^Z5QMm!hU6eYP2hO?|CCfU%+3
zxfa?ASplCZMhPui>)vv#Aa%N6s+?%?nDYvM7pJb_o<2Il!5O?i9+wYk74iGC&PI5i
zg&IH^n&Ipa_;lxP%k<!GPq^KSO@*nV73VRDLTe~+sPTnp$Pv^V$0QRKKYf}g>ZDi<
z$iroX$3TJ?qx~Ahd^k-0Zi`8)$k|eMLIn;zA!)=OY0}7(#{VV0WA%6huqd*|>UD(d
zf}3N|<;O<tbDe$E6`XtP*cb;DufBF{cf@}Pd+P5VOCUMnrOaV2W_{$w<g!o1)i$4N
zBcqbJ5PpwrkN>M~Q8zx@g1VH3BLq~P8Q=a=NdFkQp+Y-$OLzlhSlx;j=T{Pl8gC!+
zL71$rG{!xO>%v67K@YJpaX(I5&fAb8>7f1JN6o(;6Y6&35B7j!LO8)91EO09vaZme
zMVdK0mVur^)6|{Ol_vQ&<N4Ld%<0N3&)c*Z<#P+@wvb%)iHN%K3sN}{32r1Etkdx%
z3PS8(%g_H!DYL<c!G<?McM2-{H>zZj?DWh~om&~*uCwQZ^3)Ff<PcJa3V?6uE%si^
ze~FLxF!?k}`R-7&=d^<psPs3Ts1C}|oV=^+`SGJoyvzq@m7wVj!9sZu&JF(wmV3RX
zEf;RVkvBO%FbH&{deHe1a)($P+F6yZsLiXK`y`hX0ePlgKX+M@P2ZyR@=zf}U=}7R
zg;Gx)^)V^b5^oWsaiib|7=Qru!-4rZ3#7@^FzC-CnSvY1+e1`a&N?;st+)Q4n)sfY
zHS*b~$>gK?Lm+Hmd`DBU^GfUv2=L*3^$sP=9Cp^(Pmg|eUuCkx)Q;E6YLPsDW;}pW
zXloJBCC|)$KJwrENx8e1$$RkAir*g?M#G4e`jq4?b6%>H%Z?2(D2h<%t>mT{=oJho
zR&7j$3{LsxDp|Q^2}O3%@~%t--_cd#QSkE*_J6z<&HVzr%)H|uSJPwh1S#9hBHs;^
zra^KTBg0==Qd<0M;FN22Ycc1A$<Y{+5_-;`j!=~#FUF63<I(Y8q7;GO8{)sE<c$ln
zqwTKw#SH$dG1Fv4S@XkDuYvFs7WQQ;*Q|YNg`#Q{D=HJCwL>O8E1lRZ7z^6YoZlk)
zH4B-^;F{=Bp{6B8Q;#X8H9Ghc7i^b34MUz2rnZSC>D+psC1T6Ty$i8d+O0p;-DYT2
z#^MDNaD9-10L$HYxxJ;!In@rg<JKLsieRezd#`aS)vCJvVSU!cL(gr9MBd?LX~_@p
zR%So{aYGsw`N}A$h5|_$e6{4a9F{^2Eq-$qEj#!P(Tx3GwtC4H{N#%Mq5%3(sDi%C
zgNTJ+6MKy{3!wl_(GnuNh{tHoqVn8hVGt4~*4DX1!cvYdF+^D01M{)(>DS%oG~OWJ
zi(otG;8i_{Xg4kAwK>I43cfg>r%8LZ8BF2NfVC_sAp`Pr=sXr`Ga!?D!nrZxLVl#D
zHD?J#reP*Yx5GLTW4D5)N#(p7w%981JWNBl;R$|(WxY&GVKrV`8KLzOzZ^%+bWR`z
zz=BX{^EIq4@9^B$icaQDI{8A^ynPA?R?fuO6a&ue&`YyqZe4Br@?#eR_I^xIi+p{8
zSBRGeF|vJ-^gsPM0amk;s|-h7>Gw{^%@W<h0CNrj6zdnhZ<Yam1J^D`IT3aB7GbQz
z=_xxXO5ToI8siXOqAQg<I3RjF4zUeNSuo!x_;@0}Y3z3;nek?!@hf9unZ10B2o0}p
z^pj7J9Ci$q7)eA|H&g`*6&~X><(1nmss^mYL%Gio!8XPy4GzGD)Hn#}Wjz1X+D_!@
zj*jXV3GwtXl1NH85>G}YMA8se_rKX@Kv#m9w(4tVGF{uwnT)g_vzDvUt?)i3Pj<*T
zz7DB@a3=bCMNXGOv^u-kjRmAvIISr-(f@?a&u*y$Xkwt+;65fWD^i5qsvFjH<VG%p
z@yaTLr=;{uZ3+)G&IYdolXS)=j<APXo(CN7rPAaj5mG={<EYWo!L?y1mop^6x~E32
zN{+a5J2RbdHtB)m#&As>#ISM3iE5O)V$80?yO476@fslRo|Q7epSn`|^<2aj*ML7K
zc(|7~yb9Cd5t$deL_MifrlmR8aiiWq^_vgp7Vh-~MD45=24KEkl&*%R!E8%8B0Ecg
ze3vp?2s3vO5advMYPHri?zoAzpw|XQ(e?9)$=Q@cwF^3!xVOr{S+u+!{BaW)bu`xf
z7OV!QJ2L9mFNQd%V3a20SOpa8;dqnVt{NxssroS{yH~u`XCJa6V2WH$GpoqRt{lJ<
zT)tm!N=MV=_YG}LcJEKppnzxr@NH)bK#wr@1B;Djj50cq6=b07gXqX^X<nmXE<Q~N
zS)lQim3n{5$l88RD3X=V`W|a1gcFm(zDRbgLmFM{QC|FbT(K4t{;3^NtAfOZNQj>-
z;>X9vO`99yM|=gaL*-?usP?LY0F!`>s^&DI0KR=S48<Syz)4bVL5M;dys%D@N_Y8y
zCu}K-o>#343d(j3b3v|czum@A*#Ts&TzgcH-@9wuxz6$08umLbn)v^=G;j?ho#^|(
z2A5^<M4%%*+BPk#02=rO@|ckO?1lKFa8ePijI9|h0&-N<w>$wHx6mDLuJ@OV!8xOg
zw}eV@6$bHPtRe~O3cpCp0k;#vf1$9xChf<4n|yH||Fr`r8=j<yO!92Lbm)pbPK?^U
zrKuLfkLa^#veS93vbl=8XY(C%Fv5NcfF;<NrrTp)U>xAp2Dnw9WKU=hKp2y&2SwI(
z{87jMHWg(g5c8dziz$lP$*usy@LPMINx{`xHa_Jn=;F*<Fq&8?xovU#x?jDB3{#&}
zm_SsVUe4F;CIU5J8>uXHhwarwVL(^X<i>6#+VG+3*E$Bi&8Pti3wRxk-|NW&s`n3o
zub#aQZhotw&?GvB&~pJ?>i}eCtf_Mrl44kxVIjzCUEDirY{8^N&N(SWzB5qe;}e9@
z;=mj;Z6VA?V}B>nX;Q?|&x35v7CD$9XzXK@?I~e`#2;Nit}5KiZ#&Px@jm(oXT+Cl
zqe(|xQJYDSc>i<G$I1jn^#j{W>=GAxS(IV46P62>OG~Y}&jr~UMM)0?wQt;6ikAe1
zqg^AC<#XNyqvuzPR9_g;0f+X%2KY<8dKQN$Hs7G&+cSTefj8(OiVRTw;NT2;oFqh=
zp#fpv8yT5PDgCA3q?FNzc=z{Mg$}#?Ps>ZW1xV>*Mh}Uq1FRJ6g|awdg$?Gjs8DeB
z3>_Yx`<O#EIlnjMHP`A_K~4}fQVUyS(#)wDOGNUoZW3cCzEY)s!r(5uavO$Jezkg?
zb%>GVoC}u}oEe4bcf9!jKOw6~pV6F-V?f7ztwRx}gQMH%CTo^U5f6rF|5)Qlkzr71
z*$VqZ91)3nWUfmUvPoahB1|GGF8PXLdAAFdF|W%w%8ho&D$IG>^hnbs{k8f^9}b^1
zf$>|*_p0NSflq7iP2lN(O!H;0#R;hIe$A{SFuLmfF@itA)aMQJG*e(Py-cOXx64T1
zoA|-t!yg=><wCLi4!?R(-Qkg-<>9Ab%!h{?-0R*Y@O1UUd%RIv8Ec&2deV{Ud{8=o
zqjU^~TFAK@$2ii~T5Rk5G-9K5nfRhA>+A8ngIee8rTO2M$4_fA?2T5Upr#wm#!9Ew
z&48(-klN5TkP5*-i;X|-9{{Jy)ax$^dd{s^5>t#j|3H_i#l_7$*@^*^RM-r`2hHp;
zhA)<-@UMaqIbuDz$$5(xgRO~63@wpC3XrHEkYjsJn8!CCi^s)J05*o~bGSBf4VGOu
z4aQNNqIb#EiBG(x2QGwvt7m#;K_x=%E#5KX;idpq-J<%B65_rb)taqaipF$rv-%T2
z)3*Gg0vcXQZIvqzhVVHB1+Rb!$!<`fT^&d?@Xdb^72Vxqai0+W{U~z$E3fpA_yESV
z>-Y;fPjMH|Mn{rPfqTRPOtY(Qrq?J%mk>ZyB7i8kexBX$Qfaq@rU%O<E?tqz%dVI2
zGF~@S*uz&}>9HTSW=t@mg_ED-I6OY2wyJF?ezSV-haR1&`H`A5njw~ZicL=erz9D1
z<v%HCu^MT5yIpvuG5$fCa5HM7-A?d?GB@?#u}eCs@Yx0DZ1F)$r!8h%yk#Qb-_$JO
zAESe;*rpQd753a?>#_x4$a8|WU^1Im+mf_9{7KH|<41XDM>O;JuISVL(or~P!=AK(
zSN&Y=9}(2nnwqqwol>d1GP{M)2+{~NxJv~Xx2=gM?v!piW2lMuA27p$?-%&21eLy4
zL|1;kQ-D0SNBvMq-1On0{bSJzP1S(3kw$$q{knD{Gg)^Ypr=@2+%yzFQ>Edh8IV0<
zn7VRTNiW%!s`E@?7LIP4wg`>!5A<x%s@&aC|6?VDFE493JAm(Yxi$FU4n2wOI{Pob
z{NtNt#e+4}h8*0vV0|6LnI_xM8KK~!SzXw{b|6bT^L?OlnHxb^%bC!3%yDb;Ip0tv
ztpX2zl^b)FQh&o@yx+gDEIJ-Gcg>AHxXu6p{X6<%wTNZI1tdC>z}K%86kSC-C8eK+
z1db&S$@tFs4t%dS{7m7Yd`jUb{3AgR_7vS?b0$j|fZ=ds+qP|UW81cE+s4MWoosB|
zww-Kz-t*zA`2kZkGu6|5KjiRZjw!jGNcG-fQ6wmiWv5fs0uI*7u3wGvw)HLMNlNx2
zDlE$=;j0$TdEPc;{SGH(=glIdETJixO$a-+Bma=+N*$N=Z%u-pDY;NT^B3&cZLNH)
zpLDONzvq=DG@-WJ_@yyapofEmsi4oIv&as3@s69ud67lQyIK&PTS93+s_EXpdxK?0
zHBo<-YA12yUH2g>ANjbif%bqs??_!g&|}a?`ygMaHJN)#VQoL|17v)5te(h<<M2+!
z7f@sHi~SDSyAj@nggC1jR;x^k81_Hs_3~R~P*fRJndC~@n~CkN%lWtG5wyA#FE9ps
z|NYBoJEbzK&AMlBj^x{;FRswRI6c))8-=Oj1N+kNPUX|svD=%)!i+*jth~m%(yoea
z;@P!EeilH}ArK+x5Nlb+FJEuQW=z@jn<W;=X<f;UdH}DUuk6lh!W2BOnDn}O+L?2m
zh-46@!K2GYHu<7~q9>%YsFjo_N_!LoF?`p;rq@!YUQ5PbF!2Zp%gSL6iD;U81S3;B
z`O1#d@u~S$x^t7d!?WP0s#OjI{~0_`c4-H4)Qsj}YsKT~(+qONdHAP0GG*o+F7uq}
z9ZR|kB2d}Lh~5~(MqW}p0-lN9mk1HjQ|^>}Du_ja+!5_Z0Qi)`nc>-eM<xTXfBc5n
z%E=EwfbE0~btL@j<Y0|es&C;CnZLg8*S7`7VOk~jBxDIepBg(vH%BIRz@NI4g-Z_U
zAa>CA*-28slcL#>Bhl7X2Snd6;NQO#s^aj{mUm6F_T7f}Um{F)SarrY?s*qs#PCLv
z;5kp*VAs!WN#riqe_uqzR)K<?^|+Iz8xIB4t*a2qUuHDqb6pEQx^S|`1>%BfvAF$i
z@VHy4%t^rpRA}}*kn;2x=SkptatS$bo*|35RV{S<86ZH~{okwZfOZHsP@9qJit{Uq
z{`#QW$a(M|2rOXznPE`68PkT|%MC0ACK$fLdrZnDEq}PgwVH>mW?;`lrce4SSX?}Z
zkYM2)61Ls?x8j-Z9}66AMz1_JsPj5VHR5J6nuPFx!{VloWiz-huYsCDuhw;20fA|X
zDXFz|KBvUkYnIrQIm054hXZ%Uq)gYJM4}11Hn7r(D!=@(sxYY0C&8mXqH)@;y4Enl
z1xsoAK2u4lq8bJ@sPZDYJBnK1^y-QQ%!et-F^2s;NxqjnPy{aC)Elo;%yb2AgsoN#
z_??sC_C`0I<otbz!k-D|uom#r{7Xr&Sq8XIqiKA6Rz~LY2Ovi_ySVbyfhz1#(f8Rq
z^)1-O@<&=abGg&wM_a^yBLO4LpGi8_$1=Au2Nai@R|SZ4R&;LP?A9~55B{-}_n$1n
zTzapVYCR+t;b~+yH~a-Iyf+SAdMACn`n(J<DO01jLYT(P9aWa<S^K3jx0uwyReaD)
zqI*fdR=9MGy4W{h|Kl=B?d{&xuYW_X@eBOM*Db}y6wR3ye_)qjJ1v`T2yp;I?B5+Q
z2jR`+<`e-S`?Wl9P~(9kY`NhW%wG0fzfz>%a{eHR!Jk_ASiuwA`An{D*npLmYZ9A+
z*((J<0*gu>Jv@+`ZHuQDf!0d4+WoP2?l;DFJvtDHumD)DX+a8VnEExYUufcyayuYB
zo_>#w(5P|kg1%DH)}{*9ili|5+4)5U`^cN55U;g%u6hw|FE<Z@;w;8&SYjQb09pSQ
za*cL{r#X${j+m(Jz@JP=hfZ&lm65Neo`71M9y;HzZd5|Vgu@>!v%=|E13MUouSntc
zh!PQT1&)tRUrNAwe?N3R%R5y{9IEFOMey$4?J4B^FonI|xo^_#n&kbM_&7bOFG&f}
za)<ti8gv1)C$m%qHzZ(3U65|Xr_PVSLdEl*45Xv+=MTf7ACV^vg;*KCZgFw$P2~Jw
zrK8E;;qbn)Kf(T>y4EbU_D~88eTLkxODH|A{{(-FIGCrM^+F`E5+Q2GjL)ZI+n2mI
z&(J^%kjNx|g<sjifs^~`c!Fu$e)PQ`_;hf+ilyZJq<SJ4jT9+8lu|B&ZSkwQ>^KZ+
zD2|JYE%Y<CRR=I#d@PthU06&vy(DLdd%wMOVJnjF1W^1mCl)4(1)N1#F;*SV=iEYZ
z)Y)$X9|Q_Bx3M&~2v^8f*SX-!?@6SS|5~!!m`H#(<u^Y|;T-J&bqZ0e!L5gj_~tZI
z8gKCBwt3zQskzwcENgBFQxrOI)6l-@xiFB49*m;*<>RHxgyp55F=J~2^Dahe=mrgv
z)4X)fFhI_^au|O1PT>?G5pb!tS|MmX+=?mfo)c7o!BLriA7185c)0%}#T8*yu>MRG
z>Rq39C&0Yw(|~uc4+|cuC#%~+OQ8{qG-HX_7P-Ryfn%0SBE=i1@kM3(ENSMkq;~?9
zyqB~(pFB-heymRCb2>COyd&hlKfk2<hmMYZ?|pMc(`vuYvcC^K1IvuZE~N7fO$CXH
ze$2D45Vj!Fep}NvDn3c0lJV3r5gkR_n+9$ZY8}gBLojs&M?P1Bdz#P4D8#@V@!ExY
z-6aimpUL2NrafF>RU<kvPL18sP4ecU@4nAp#x8}yY!!r6epR~oFaGdmAy>$J^Y;Re
z8NXgZXhnLB3<>JDi>vBVmnBmBdib+JTxKXz3dejM$OpH0;`{Q4mO7Kzc@4U4!KEbm
z8lB785p;8Hjsouwf!AsjN30Nk=RjdHn1bef!zOE?D2coe*PyeR;4m1i01sYO*b#;h
z3z3lOnmj5u(ln`(M)ClomCSypRvgDHZU>NCvJ*ao7rAIj+Vo=CW{J(N0Rg5zRDB}j
z5D_prWY!XIHecp}zzmEA-{SL4h0Wx;?*NC~ZiCy7?Uae|6zocpjjjM}cjbV`&W7DO
z#J;4%CCjOhty8Lco-B5TzY>_M{Zn~Z#j<W8I@%K)niNsXC<p%B9zhGIq~zF56&egz
zT(sM5mPL!=P++t@N8CM@Uv*n7g5lmix?1?Q(+8$vpAL%A)%hJH+^CBps6vF2_KC5D
zkHIyh_Y9=5ZQ=kbJWYP69p?72U`Xq{Z}VOSk1UhkFEgD0u<)G(-WzO&CQ~c*_PAOz
zy3bmBq{gS|i^xHfPa(RU9T=kY77dP-XUHP8Ks$lX=)scyK7w6iU}a>UGIX@sYasK>
zf*HZu6o;=L#tj<juVRVXyd2z=zXIbl3lZ&itJgJ`HaYhu=XxbC{BR};!!0#gv8Bm!
zNB7(uaG<GD$DdJYcQZHT0=`qe*aS?L<x3M@rz1OU;gTj>uBO?Yt%E<ut$)cNB_c^o
z;r0(;pzyoQ4v74FP}*c+m-!w<G`6)roYg!jGH0(;HJC7*+l)&FxD`{wHrKwMh?hW9
zXFrr@i~pT`eAM|e=o$lIw)urm1lPnU2}(x%qjkUIso&mq+hCftz0bd#Xv|9elj+Q2
zMA<{Ev=?(Vz>foZuC6sn+Sk9eY|8Yj)K!6_i{-NmkevZ7Ah4rCS&C73bBamu@Ob@&
zzIAxI=TM-kth7f;%e@j<3H8TzO|M`lJU__!d#;Gw@V?Ojeef8l!gz8g+)a|)qhc~V
zU9Qixl;Es^=lRRd(e%|Vg0u}b%U4*8udeV-XZst4+EjX-{~m3R8)PgM?UV*<V=95I
z<ml<^`bPW*s>v^)DRRT1)*dHs+Z=D#8{2pNb?m6V@)#k}hwyK3rD-+t6<#oS?fok|
zu*bQw;_B{pHv0Y&EUYpWj{?6Co2>1O_OBPFH9To|m508$7<?faDcy8EJx1Q&itH$c
zp<ukUNV;z<u7Lq|hEFjUTHq^r8$Ue*RZ-~48r&k5%-7RB4Qo6=kw4?wfbzit%85};
z9X8o}FY)BguY&5s3&E~KI9G&<G@fpwrM;tS*4{<*g^0<zyi8uPONkSz($<$ODa-!k
ztj_{SZu)r#TAy!X>P_lwNSeJdiE$mJqw#4)s*EHr3`Z?Ut(yt%V6*c-X|Y%f&I`66
z`%dXDEe4@f&(qBG-;BKtN%`qw!ltH>5&5m=#vnVwR7B*UVkee<iwC_Y3qBFS)WAt{
zD$sImr`<VeTTP1?{<TBP#m_3wg*@W@-@ZS}Ip|m2W7*8Qxg0yWc@+Kkgjvpp0{4YK
zKpW!|8j9G4Im)7H<tD~q-Gs*yc$1H_w<|S&;uh8yn$Hh5ito>5cQp%HnBNZ;j3fpG
zt|ECY6!KYDO4e=A@8<@#sjQIv!Hsme{dr~vhtbVL3SW)~mlL3`9|KS@2<5+H^r~oD
znrx$*%43!3%nUQ^F-f(`%A<s_J<RDSStVW#G5MJ*h1eGF+=3`3XS~8M!a9m(xxkC&
z2cI12&kQnxh$s5&#}6ASwE2?S(Og;CR!RxQpQiq@N~5+8Sj6+0o95bWVNlORdTSG_
z+MwFv{W9@K-S*%Sr9|5T12NOMm_hgGbZV+Zh#W6bL9!v}#QtIKhAEu~opy;wN-`yS
zJvzJ}hRch3Pj;ojyT4!tS!5e+xqm|BBSx$c7}ofuaq*h2Gw-7+=SlMz3Ds3@>wW)B
z=UqP7`}Z{gr0I4~R^Ms;$8S)8)^>?8`O4G_9=jq9q)Z&>Ldt{kgRn*0dC_ks*`OWV
zf={K9PYbzK-_T3dnqjnl21oJtcZ(IyCtuKG67UBfCsx%(hm&wex2;NJx1F>6Bm>p?
zG2v%mutFGex2NRQJ)&_Q{6VtY<$^y%6!1%=zX@LF%reK8GhVUujOWgiCtW<_UGDV_
z?98LF?-v!Nqz2kEwu~p|yZsc`>e57>O^nkdW!v&6!)nD{@G118^8;jR=UJO9LIA9!
zn$ggT{3hf5Fn5ew>Np(i(QKNr`ns`ovG?CgH~3^#%LbdBJPc#S^0?Q}%UG9{V3a3q
zv2;mj<bI>)P@ca*v4R}(DxKg6bPgN;YP9j*f=OhGU0X!+Ac;MSw!7^8mNf}UyX9Ba
zu}fXP)Q|g~=YO3yuPfldkL9eISA=WY0&yOx!ZlinDsk+NgP{-NC2Zr!>eAAJMv%$o
zvx94q76lB9DTmKx`VBf}9@AZ9RSg~=H>$xj4Jk-ydXmQmH{U<6JA(LS-R_j{r|yuZ
z<f{NFPRJHJMoUyE3F6Q2{WSmd_c?nyX)3)E$cBjB_fu60p&XdUsPxQcKRf@X^Mjry
z9p~*aw2}4buNK?aMWu_nTQ&R~3o^F&4D*%fw&V0icl`GuVLph?u~UjVhGhL>gRy+C
zVhZ@ZCb@i)UMw9<Cw=@LcNR{gWhUxCp#{?ZtM9IEy#j4NGWGI_NOvC(`hdH#YMUoL
zPu*mZcc<)S>>Kid59lCPQkVmK+mTC5jxyaulY_?SFzjv0@+DN6J!7LGoM;MG&{#1<
zV~<nJ#$SaHmd2U&!6tXJ3~B$o9IKgFY1~r;McGv)Gf4*tdA+J>>o0Y)_!g|~6}IMH
z5^D8(i$2R)8pa2>{xU^>8~HwFFD!5TPgfU>r!vX<1ziC`FV2OU-n25*S{&)5_3nhX
zEdIMd#9*GUJxn+)y!fL=46XIhokkYzPJj=^H<rHhzVTl;oQL|VJ;8t8UpJSDO<x;D
zyI(m9wBQk4rjNg`E{bJoTccwQrSOK9XTEuLDd};Mvc-wJMoKe5Cu^9Y?F_-~j@Xg(
zTrEs?X?cuO`WDC@KA#oyTHjcUCuOU<#a>jhW}_B|CN<lYeP+jXv_8`pJSyN)a%R-y
za~Tk(T3bCq?XzlSn6-zON?#hK<$&`yeCaR{YnXn#v9-3}W=iYKM4wkl{m%9pR4B64
z#IQ9mZ-+jO9y=w;VDe&vD4h-r&u3pkX?ARDIY`mFA|i^~Ete~snw93+jp`KU1>4OJ
z9VN&(xtljhfJV=77;cghCqkz$eO@cw%TJ>Nr{|<EF<Z>WqJ!OkE}i(3;C-n2K%+<V
zM`d0hthXuFpNXidl}t&sB((4%WoG*q-ax%N$O0h}96u06YLI0;vfmTSO&&%%92=|=
zX?X~J%VL{<DcrhJ78^*kkv3ii+InexG<)JH?o;x;6S&%Vqt7N^Lrt>Po+~1<N5P!v
z++s7f#e(^6Vfn}28rt2o2-8|$OBfJI&4qQKs}7o~@#XFb^TZByb>gNY6m{48`$Ey^
zgH7-Zq`&+&mWiCQN{3#qZq2@CmJB~q<dD|)wLXshCed;)!S<wD1e+uWV!E?d(Y1cB
z>YQ>Pf@LiWZ~!`AB;tz+qDvqWH_hBG%1?;n%raAPa#_p#mqT|+?q~)okIhnDB>+QF
zl>~u>#*m|F@dl#7mbAmi@vNU)*rqR(UQg_tLKiOj+?*9c3vGMm9X?a47?KXnhpXaK
z+&c1Hu7B(OLfB|oB_spIQ-Ej`CbcHTd|sC!*H$gTG@?Y5Cl5^8p~K6^jUX#w`Yxf+
z+ww0;DhaK?vvy#b5DwWbbcy3Qt}uT<ft|XADh0fJwm)O-@x<m~=)A&Jn0bL593<f1
zh{?~VUxsrY7h($2{ZB1I5A&Pq0Laf$ah;QYcMRhzUU!f|PpY;xvT}j(HnJ1uDg>kl
zu4;w2xRilo4=lgN^E)1m{-=IG`TCeNFpvBCZt>rWYN8Y=oMZbkV*Gox9u$ccO4Z<Z
znNEmui)*Mu%(dNZxVsI8ns34*__!mA#f-aHklF%!zQ2^d49p>fMn7f3)fC}EAw<@C
zr;U~`>}(p_Rv5fKZ}|&nUp`nbYcUlI^<5X2K|1cqakZB1Pvzcd5Ia-dlN%YR1qJAn
zMH4{UsyX52Q@tCQ%afkz3}^hgCg*eNR6<2+YnE9032l{oq_4gCScQZaXIacHDutkG
z2(K+`5h12)wK}t9>mZHBu=>7&w8k;eXCx|oAhH=ga(M}OULV62k#X>Q3!Tan;Bha9
zp^T#V1K`JAWt!TWyd6h|z@K+dPatYcqOo?(4v~onOc~Lj)=gN#g};TKszE!*Spr#Y
z|Am{V?#6u-2BPW)Y&5)=(mo_FR?BnJ^qeR+;)&TO3FDz-_FOR{q12%~)(g&Ru|%2f
ze-7*rYW(Xb=SiNecB%+En5`a-gmt6hCPw?-)!OJ3?g?~O(Whd8BZ5c_Y8A4Nq}Y3r
zhvJ`j9Wu#SA=tdGOa}Xfl7vf9#6?rG$QuK$0?s%blafzbsB7Hhjcm~&7W+{NGR$n$
z$>%8fhEb|lmHDY_k7s6aCmBfDYIJN+@6RzdT+>Z+5*<248UJ8mW0rwFYIby8hjqg?
z2|ge`0LcGXbrZ#sYqu@Je$mLd04MtS!0&{s++~n)w@a{$4tn&beW^3cf;UD+%xh#n
zmYbHomLvEur9<;fP=}I~z?%2t3LnX)2qwdX($Ds{Uoof}pa$J7YwWopK)MAO!*zv8
zH}3hm`SM5rfy{SKhnLNP@_x(zi7*s<wbO2pzEzKEpKdUK6-OPRVOGf(G5%`5CW_jN
zp|?XTGY7U84X3to|8q9H5)ssM@T#@`$a<5x@JxKY5(u=3J?}!LyRT|yAkH?JRLu42
z5Ws^rr2r?o)#z>79QWuC74YGplmazS9GBcnr$VzG!u{vBSDCcm*U+C$bKZtdy#NxJ
zRXSTNdqjsfR~Tze!p&J28wZtibu?JaQqi5&tI3KP*&Gvk(Ulc6-}mavno42Si~g(k
z+d-!mDs@RoyvDi0J8#BnNTe}fEd?B-i}XZszXXE#2Cq#@T5bBSldkEV#DhY+QKP#R
zz5%|0)=Y$Yj%AV|mQ3S5NCRMp)*=~RZRmU<Ri%iKammOn6K$qAJflZ0jL_fv@bENG
z9DCT~dgsWUz~sl!=0?3nc4f}v0<!-!_HYl-1UCkJNx-W`$RAzsUSwv-EvUsuT)eW?
zYc=Sz$<k}H&NU3sN?LcC^6u<4hnkNm16erL4MYa5AgdNx<7V3TYhq$X?4|o5ffZgh
zRLZp<HlOAD1;5^t7B)s#5(*M<N}<@Pa^M$zdlKKGwQsmZx<Iz$UvqCN861h1kp5j0
zPu(gP#a9a&ekyKTD=k3DQa}aYV7RSbN4qjJ&dKx&DE|zPAKzZm(red4GI(9a8u048
zF-%+ZH2pT=QSMSuxh|VgxW|%h_6n<FE!+6bR~_*?UGTHEm#$nZY`Tz=Ic%Xi@q-x1
zHL;_iob9-@4lfr4h00DvS&Aq!WNL=#H$vJx6S&hGC5T*h*s>_hSUNaQ!~+~CH5-kk
z<jKwR&$MY8xlddTY`>kVs$$3=5nMG`(D={sm_K|^*H@_5?l+P!TTyQ_Nib#NPT6~@
z!&5O?To2=|_~Sa7kalD0d==cwG@IhBEH9d>g&<RR_eOAvQXT>g{c;C-J+Mk$@<ya_
zdoO~?tMrwseu1=NH&T7?3OF#kvvjMG(W1*5mSP&M7DLP+=>%*6d~gQ%$Nj<NHwwA2
zEkQkPY=J}~H8T;1i|9oL)GNPV<KN>N(>9zoQi~^zi6{ocL$|!|^OhYbtv#~#tCdy%
zLcrKm(#X1jN9t?+b;pg;%h8w~rl#~wYzsg%D^Ejs)d`0kD0^^-eQrj6%awO_{b+*p
zXt##N|LJD4dyMMCWCXIU-th;T^J>c}NdSc+dbBsT!UUexIWz%P<Eu{BlU%If5G%KA
z{*e|6%&|IA_O+EThXHEie30cE>91~|4czD{0yX9B`-;Le!e2V^fPp$ut>K_|6R*a+
zTG5(Rx3EI<7-j+KdIn8tIHAd3X4I`W=luLTGf{w80RLgIuU&ji(QP*?6U=naSwY;%
z9aXTHI4wend#cVFe?xku7!?HcH;OBN?1G$kGpxU_iXd@#xC|VJq8qEn%#HSb0c==V
z6%{vPueghEBs6@y7|iqX&k!)pSnj9K)FJ+qYpNcF7M1(ECDm6990^}vI)&Jx^rv#w
zAq3akhJTJ%v?FAufE@p<7Al*nV&d>6w@gTJheO+V!$wgJOlGkjbj_Hyz+&W^`|tJk
zTNB)8W@W6S0BXn5S$Afn`h?3kogh_aClMuqI0Vuk=c<_&<Nl@J=O=nds6h15_vzGp
zT@joT8})CAukA!5{^r<b1*rkLJXI4Lo6;%`ip*3f1e0i<56_Y%y*Oq@Mri?_qaM><
zKQ20`W;DMCF(Uk15m2+Ii-U9ZQ-6rYP{$y4%~fu=5*C>yJSLPU98gGt)K2FiuJ8!o
zc;cx056_r)k0SkGoH^rhw#B)mvzf3I`?5krE>@}Q1!<95^Dz$v_XSpUUwgF4G{Ycc
zdr!HPYDeorBFH7Z#;{SehQ+Ix)dR{h0z2s8$8b)9Rko--^kYz&j0rn`C)s+9Hi1@z
zwzWwFOSkj*S;-qm0xNoXn&adrbP}Ena5LU0PamD^6=779muz2}dTw8np%jEE?dr^%
zo(4=1Yf6IG%&AkSEN`go5*X~(Wkm4u_J;3ueg|Bkq<eX8cO>6ovd3lH7Q;8E@aDym
zGqf-9_I$fSiCSn+t@f->XSyP-3H*hhx>2cTkmu-#R(UM-+_yA4`KQJoa*6m)28615
zQ`%L`)<5~0x*N7FzJ6sLn&sWfdbu<X@$`E(65qln86%#dLG;VW`=xq0G?IFe1luBf
z`8XdWatu0d+HZ_y=&hd$1cj#51jXyINSX5u4$NbP56I84&C$U~^?|Gv$eEr%X_mC!
zse^12nf;{;GJZEWY?NiK-v))OUqj0T{k(qT^>uCDxGp6h5^o~|nWqS0v?itD_Ki&O
z%E<?4xJje<{+euP&?~PyJvD<H>WcwVcTUx$UrPFz4F)Se6RE4ss?Zq9rb`w~62>t&
z1UG{5v;1iA^;?_xNk7X{DD2+|O1_SUhESH^WPZs7Ze02ixz-$TnBvMC-E%3csLOG}
z!8?9|x+>`8?r%NZGw`F*ad09bWaGQ7QP<VX2JFN(&R@M>d$r-nC+eq2cPt#mW>WKS
zoQ#FQe+3k#sdv9fWeC`Wdne4C-p`|#){R@p__gMyytn6eJW6JPP_J;iNeuE`^yyV7
z=KAlN@vDA8vO>fEi9#B?=8IqYLjUV3645QqPw7;HjYFzuIAT!*6W@ROk|drt@1H%N
z_UX(Uno3A?YrY$DVv|4M`{NFO-;P$|DO4KzXe}&$&4fEORv{)OP`V!Kkg8zm7I2bJ
z97Pa$RH2MV+UdO}PM{PxFIpM|t2d|cC9La$w6O!Ex<RK=s1~em8eWP%^|=li&B8rM
zie3*?j4k6n*%zMoNp;3(9j%O)h@_R7q%cOxydW&s!(_4Ch_y|;Lo>pjh7?%ReMPQF
z{w|KpsF87`nDKHnv79-N;yN7L3N8`Y!Q@2ZA%NR;1+QsB|Kweo+xhbejDE1)8@{e~
zyQ^y{p<kipU|9mK4x9FcR!U)15v9MLNEqi{ZYno4HsczwQ1M$zeDd<r*wBjnaMUBi
zU%X+KyQXgPBbeI(VL=eK>~&zywYMWa@sJ7v7_srJ%Cb$d$TxcbRRh&vss^%kL#%4p
zL_s<7%MO&sUW~Yel;LjMmf-`CKDy5`2?&Yuny%xsPeeQ=-zsfuRGAJ2@hdj(KL^`u
z1(S%llJw8XM{#3$Hrb`J!LzwwrtGODhP>djB+l1Sd=lMcU4WuEiJ5}m#;k?_wNkb8
zAgt9{{<Of(y@sB4$j^IXqL-@(+kQRpcGnFnXZW$=C;^e4g&2@Bq#duSC^x3gZS*)k
z{Z+rMHL#NTU9g1Y@cv3CBF1%!Z9GJ&5!hSLf%jcvsX5RM51Oq{2%;c<$gSf}S~dz8
zJ=Zudy_BxI9|yL1E}q%e8afC~TpZ;x!7bu~<1g!HqALJe^qC8q?m)W}dnRE<;^iuh
z;vs~Dm#AY}Pu_t@D~AK=H8O_`uReu0@oi#21W)q@M6yxh#H&?w+~__S#hJxlcmKn2
z#|R_&%xun=hQJcqjKXyV&HN%%qko;te8?$aQu+Y02RpJjow1n)wEJWCZD%0X!JE)?
z^#W6gcY!L_m*!0<Q|BW>O;JL)lCv=7LS-<b&6cIWU@5M<o^8^-_{cd(o9?@N?1u8u
z|4o^4$~mq-%-`s+v_Zpo&zL0GsH6gI5LKseEx-qTr0Vh-UEQqgpVEsdd-!1>dQhy>
zrW@ARmq#J-J`gSR_rOyLkeB<Ht!cEMUCeHG!k=?mmqBF`wx@8WuJZm>4?_}CTrb+`
zsMI7v><OcoZ7k9D>e>Kg#!IOHn|{wPhwzN~H*OwEMB4X-%PQ7RAk-^<nNO^KN0TUv
zKaJI?OFTy#;tH0x9#>C&BxS09(H;W!+?bU3amL2Ga^0JT%>tgmZl2?$k|9IhzrpeJ
zmk;yz{b_OEw*$|V#a<m0m=3q4)5BJ~hPNfOj-W=az-~Ysay`^E@-s@tA>@{b>u+41
zGHg|F39kCu&!<13KpDEFW~0Aiq8M#dAqh5mLHWk5XmVwq)P&kjc=HQRE|8vf9e~$o
z9d@GXc$O-J-<Ar^Idl@hPfuYLd-DN@C=-cO5i#y+CP$_I%G-9#*5@!|kt=Br-1BS^
z>!1qdkT2!4UTmQ;s^$jKv@Uk(6z4|kV=r<NHqK7c?Ed}77+d`yhF~GfvLQuY=G97w
z&JGA0umVM0o&vkuQl#>+*As}=tFBTl!&1yfr@Wj1_VhoRQa#C4Y$&>(rqSXH3kIUv
z^;%K4oW*5IUWYlsIL%hjj&S>FNskq?mz9rw^vCV>!qzN5@qH|+*C28Np9E*a=3@D$
z-^=jG1_B*C7+S~Qa+RFc?`6j}PXoDefgHIIR_X}$ag&*;k<zeKy#ccC(bmNyd@wkp
z1+fHwK(2eSh+SW3y|(ZX0?c0x?l-^_@rPU{;0Gg2X^8s^%V}Ujp<~Q|GAgqk1(ogd
zqz6>Tk>O3Lu~FQM4eUr|SC7$CgxJJzwvPS13S#mLt#yW7>Hgv7-ONpo$z?%xU?|gR
z+4Hyiq|LVUPb^I4PZ4#5tPc{bLaWf@{?-x8sV1V|CdoYtMd%NY8qBoD#hyAl<<ofk
z&X@8iZJU49s`<{d-v3cf)tiMxlMkzP-NE~Xp6VXo@Dc9CPo73gtkIl$rX^5t{Goa*
zZvYxisps^<;Va=7F#ncogOoS5nO`xf?rJdr!)8nlhc2lhvjFO9xJRrJ8Ql4Bd)f9T
z{9I+W`0T^<EmONs5!JX(aJ(n`_4D%s0s#aB3IGNG4)6;A0ss;K3IG}a1^^ZS4geki
z0RRyI2>=-Y1ppNQ4FDYg0{{~M3jiAc2LKlU4*(y40DusH2!I%X1b`HP41gSf0)P^L
z3V<4b27nfT4uBqj0e}&J2>=j-0b&7Q1z-bU2jBqU1mFVT2H*kU1>ghV2M_=d1P}rc
z1`q)d1rP%e2ao`e1o#ag1t1L|10V|^2Otli0H6q<1fUF{0-y?@2A~e00iX$>1)vR}
z1E33_2cQpN0AL7U1Yitc0$>VY24D_g0bmJW1z-(e17Hha2Vf820N@1h|2=dDTwMTM
z0o(xG0XzUa0lWab0ek>_0sH{`0RjNn__7SG7<OTJn}pf^n)^$%L9zu4i6vY>Af#ZU
z^yk1#P|=_YEv5xf^WNdsHWmg*!YueJ#8Y&o-Ot|&hjv4W{R^XLUr(9513rP_Pgn+j
zjhyS64#sm-ZzWf-x?-Bk8MjO<wxId@B6w(7seDhS)flvSySe`|S{41gpk7NW=zanm
zFF$%f#Sr4b)^}dxT`<1JDxomasV*Hly&UfQRw_Z@^9Roc(k*t@N&+`%Foyb*bj(!!
zbN6D7=2ev+umyI!!!p1U((afZcVEfL$2@*j*Xsgx4JY^jT_K#aVJ|=+@k&$Hf5D5{
z8>?e1o7-|u%Y7i$e#(S9HqpHdL_j;UYU`*C&He8zo~i)qArpkr<=V9b1KIN__mTL>
z>oF2AUCer;?hZF9knnH_OaDbFT_~CAtU$mqF*ZHtMQZ<C+``q{50Ggy=+qcgYLw0Q
znLc!jJo$k6fL}zqIU0R@W1j-C!_=>|w^8!1T58ao{QZ&;R-kDS9*(isY9)+>yt>h!
z$^|X8bBm9+U3ExF#zMeJa24je4KzWy-IoLe=PWPUA>z-9@dfGT%*I0Ib~mUAEbS|8
zZR&3pkChWjwU=PpjTfZ@kctBgY#tHm8Yya8vrn~gA`cIl906VzP10Yj>|$a0&Zhxf
zIU-Bm`UknE`HEyeu2X%flUYg8=SILtF~Zs7Yk!^i?rnE$Il<)eA+K!q-==h#Cu^q-
z<Hh|}p9(WHTj8QL4YMRK3zj!ej>zvY_l;7Yu`SvPh}5E!Z2f{6^0RJLiJcai>z(pU
z%w3*xEJ`zqlz&tPf!P1$!$L*A8sfyQ)7k*m9BOqh&26sQ=&^9Dm2J8#Qu?U^uB?*`
zfg(6zqEf}<&k0>ONipNHxDN2C0_k2N31XV+LJ3>6*ibT$j^Ye#ZOVtkcE(GvwH-k7
zlUdVDc#yrMG{(sknsgfNVMLWIacK?TIv&N6hV3iYxn-pb=U}!>%`BZOZJtRo<D_N<
z(2ndFb`1?!T=4##T3kwUyj0!-vBLjJXs?X7Yh65iTPLRnLQmnpuZbK?EX#dHJZeBd
zM1-67bs8k;TBxvj%OZn&&LEzsk3)~Kt^8<FE~D4lqIOe@XNSBxHMENx+AzdZwH7{_
z&MffFbAx+|&($TvKc;h@+xvkU&`Fxwa=RiGZ1mV4x?-p`M&(Lh+oROEJRfH>Q~wbf
zCU-bo^=TN=Z=4=2$6R=C;-$2x3JdVee#c!9mrMJb6Rg9=_2;l=()-_i`kJ(GPr@Qx
zd1@b_pLM@YE(8OIiCTifCXlZ2UAJw=Mu%OCdT)B<(sVmxEB>^UzI9SJ`W*${<A~Ff
zbj&)M3~G&icT0iQ{kYQ_J#frMZHlvOMQar5$}wMIRA32Bs>~~^nv_;nSm3K00tHE4
z@QCb8UGa>D@}TFfQc1vg*B4TgAZ)~kEMgb=ou^$mv$3Ox;nSXuL@kDND;zc2lxt>#
zuF*VS$4UxNKuukaL8Z2UAg}w-<5zJF632})zt!L`-IcGl*a&>-{(ZQ2#V&b6CEaE%
zBHO7EOm1|NFkm1Zuw&#^AY0^tbc=fkmTcil8@QBD33@0MvENG;nZFjBvVhdY&#WbX
zG8HVdA_k7_@)NVbHvt1NB5B+Nu+y0bll$P*=+45H)osM|AX(D&Ipz5cBsvYeRDWM?
zH&-5ElPL~4U!UiVkbwcox`|?=SDs6oD$L=3JTlH<o~@cO1l44Z_CmJr+PLNa>+X$~
z_4@-k1ng}XJ=b%?W~d5(!cChlw*h85T>X0CfdS40Qq#3Lgs;9*ojKD<e>c!D;Z*vD
zxgNQFyA0Jzx(~|;adWnRJ<nSSwx%UuQg}P13-j;kzK0pYxz8^}h&dSDhsi|lnek@9
z<Tvz?erVt$j&a;t*?Oo;wQ%XnjT365X0{Nke;hB(W)MeFN->&*v@VO~3Oi;3Lj7ES
zuZv}~Z;nTV!SFfOKNP!d3_+1HnOr$r_RhDin&r+BVFaI;3+W~9!fl6KoI2XFRm}dR
z!G@$%d34!+nesD%#e;8}2~VX8^@C~{j-X%9^h!&GcM3?zMZ5~(><M)b(xnaF8FzM^
zSCD^r#!lAO(`m>u*M4)Ei=fhWc50WfpJ>djR%LuVF_u%si&Y7r$)OS4kJ2uIr8%jr
zr}`8fW1@4Br?wpHpU%I782GQbGGV*>JkHXacB*k@@PTc*g*>*nX@~}J%Fc`_AB1x-
zng?ZiTl->_{$>FZrLbT5c*SE4)7d~?RwuyoEJbmdry!-TzPUmv`^e9r{<eUvsx~sJ
zOyJcvS*dg`?0|1(0<$ZwTrVaPclv1Mwf%vQg&pWes;6R#$^ap21&JAyQUpd#bgs^D
z1o}gS%}0V=;+~V)4{cHHlpl@HLEHO~>_FxLby^k1vnIB+8u`If>N83BPGQxfC`7jC
zqcbsIO?wh5h-iz?pG2-sg(E@0LE?B%$)-<kc<F$`$9C~LJ;!PyEUMSzW6^H%9V#|z
ze<m#0lvE&tMjpmci>r7Lwt~A(s73ripY&!o*!FM53Np#;iP~Fssbd=>obLQP9fqej
z)Yw&^v9f}FJQN~D@I|J&9-;ar!;dJCutPG{UKMh`-80<)%yFy+2x>z%kA!)@^jNIy
zDg?gO4l_5QLj|)5N2ycWz5zcXTf~bbQ>t=!G4@xBn)hX;0-s-v(-g@;4(7KEyq`7X
z2)%1xCrG4WVAZ549Zyn$1kAbsBSBV@!K_)IZ^W`iYL=8es$cD1hHQv7sdT4+%5wNB
zk#OW-xt;pM#;OuB|D^lHY5pG=hkY7vZw)0*+k7FNQjD@H&(Xp{ZzOH2=IO>FnRhrj
z?wp!J38s+lSp(!Fw=9uXoIKkBpu7E{z0(IeC0KBWoH8vP89a#wUKrHlOinZCVff##
z!{w?DSQF)<0$O0T=2FEudIi-|blj;QhhC$pU1KQdM^BR4{lQ0_95)IgUxqLvO=#Dw
zK1=t3H7|^~AlW;h3$P1Ne_Cev${zXMdf`Oif5E{-k2v0vf|wEUDPLc2KiINM56bVP
zJ~2K!7MOE{S5(RLJN$(_d^MZRv`0)H11(Qd8&+-#aL*qpSeh=9ziNhzO2$Y^cc_Gh
zjCD4#AKu1I$_kpg3$*Mxj*-I*TFB@Sw<Gtq7)f4W-MOT@>Jos0<kcFOU!cIr7apYM
zbnk59vIf(wxeUrBWlXbK)-=z^xAHE^Z1mP>dzf78n=A%;rQ?`(A2D8U5+Cu$<EeQ!
z&oWSkJW#}oSIX)%Q{s_*Lq9fv_Y0f2aH4l*U0YQay08LU5+RmNajq@JE7YCUa&*AT
zZ*M*F+hM$_L?^6-eCiHmoeShP+N!C8CJsa*;lUl_feC<f50<>E|2|xX0mmHvE@~GB
zBLQdOw$#Z9%m@*Lfx;y&DVYN^;p!vFc=R|&&J}{cj%EtASh0ERDQHJ~65r!VhfvRt
zP!`Ib@+)t8AXu&6wRVgX>}pgfTR6&?C#wjr;<4Y!X#PFGg2A@M8Hf|FH9l@VvSlDa
zS%AV?)skPBa<=o;Tyl>0oXG-w{uAuqQUmYBqJ0c9X0%l|{Axw$a8h1u8J)5u!kq3g
z)n^x_w9kG06k3t|gp0x)FNSauTJP^1QjtE+wo3l6tRK?pNEJ4=69<0^Ta!L+u!Em(
zth;M)3v*KSCAi3Xsjm??ZYX9@#JLDV4hwF4_-kyt;uYKuh<y&VRxia|B%+V7Xr(iy
zzvUP7dT8J8Xm@DlF$;@m-2r5}Hq}{F+#7Ss_Cb!#BVS8@^M%Ok`9IhYzhf;GnWvRl
zZvI%*3V1K%4VvPvGCxC_JDiN^v5vkZ|Cs2eKXrp_$VEr1RR!epjE#Tr@3WDz`-Z21
zaXNb0PwKok&JM~=+EeDkF-%vmW-`Nm{{f{Y5<drwvFr}#t0Bsyf+c414tt_?6&R=~
zR7x@T#{TNpVFGy$P&=7nwuRwhzribh7&dVZw_-0eI<D{{OCk}kXs@`q6Uc$+YTik+
z5*xV;_9XBL;NXE?Fk*6m^iA4Gk$+SyI`Up|nVKhna?Rq-B`(0llBsH{(gzZxGPA|N
zC5bHk-djGJP0{EO0@EzAz^KM<!?_cK-(c_1w2*S(3BH-<G(g2~1|Oz!a;QTgHgNgN
z(SeHqq?P>j^_sQp9FqYS$(*fNnwJH~LvpX~qZvtOqeyP5Cj3Aa7ZL$Q0{VI?i^dqU
z>h6UvRb0!<Tn^S>`lO*%t-ph_^_6oi^^r6N#>2p%NA#N#v1ImF>kGXIWhC%aSa4nO
z$>H%?^MMA(I>h{))u_A%JyG5Pa0Z2w738kYF$k<W=}XCN+R6PD)g42{_n#D0ccclY
zv7~2w$DC(aF`NF<P{WfhlI1+h0!zc^)ai^vG$lg6<OMP!?keL7%Rei58rk=L(Q)N$
z`6R1-PB=?1jY7`hrh4ju&2x3S2rT8R1kH2x&0?CGu_50&o|2dT^T#~C9#=!9kx!za
zMGAG`Kb9O@YU|~?!z&xa?~&n0H>pIhHgWEzWNHYAV5;r651C)VqZd|wg5EXdj%(vz
zCb><t?tlfo1b<=9gtHQkUovT}is6WI=O)K2wNi{PvN}*3#(h`VCUq@5`*rjMKnTkA
z8tV5lJ+33OJcn}oF%}dIH0tN!1*f|ZA%o*qKF)h5b&9vVR>=9c_Nww;zPEd7FdwV!
zIZ9^<<-9f_fq&%@zO>!`s`hPDNvc`5pSjdVT>o&Vr-jWXf{~jdVDW`>{xh(1y;x?l
z1TGF2D!M>n>1eA0idnL%{~IY$3gUvPePq97UGz`*;8vbO_KSDD7K2p|E?dzD%3pDh
z>(Fo=dvfq7wtUyvOI^HbK&o5!V|-)hrC<8+ln^n9ZP#kqDnoeN*Ivd!S<qb`vSX$W
zI^Y(z+O;)!=LF1sD+_pEL(5ah)}f25;+F)a@m+z*cTY(w3=J7^5%Tno?mt>SvyAYV
zJW#hSu0qYjq5U5loI4WT>}HF~zQbHGouV2|K;3b&W0L6#+68P~)4hxfe%gx}GV}=F
zr{BoYIX1rEMVzD}1K+srd*Oi)?CA@lpGzmQ2p=jH{v-$lTYXWxP1q`N$36_EMu$Z!
zmaSHrY@vQUOs2N31+Fe<a1JdIyiv*3yOdIHd2$27VqedFzRyK=(hq@%#Mij?>I(Q;
zuoxQVRWGqq=+q$ijC!G5h8<>Cs%ur-_?!bDvUNWyi&cvQYJbJ)4!kqytI3T_bBIvt
zu7~*fGLqQ<q3W}k@=rT__Cw3pR>PC&EBy3`+;l=7CLC<O{O;jx1<DlVCz(C9q-lNR
z=3Vx_Uw(SJS-OdMju7t>kix3`N%Bd6zQL-SFGeV*sFD&kL6KW<rUp4?N3Dgu!A3BV
zx&}vtH}%A(kYwv(pr+I>g=~rJh|}M(dPP?~m2`aRXYr<|-L~qZrS)+Etv6*J1jZ6I
zd_Lf%mZa1b#1kJbo!Os2A<zHj6;LKBFzjeWIMBNb)~`nX$YTykP<@nvTLRLLX3e?S
z`d95WcXX*c1`9EwHf$&aOW!FjZT~F0exx>LmeTNN7KK5|2W@!w)9|*!Iv*NIw2!5t
zj`v!*jPd=>pj{Udb?hjPoRDOM;A03DT7Dy9h9*#<bL-rBE12su0*zSQ{PLf{w5m9g
z#Bw^i3AT|Pmav=Rj7Q2JidDs;@sx27%7Y}c{D~0laB7f2FsEa;FfRFfUphK9y7Q{I
z%dz43H}_7rL~&cVwL5fo6*qGTa(j8&OWPKSf7JsK=C}69QbKC#xDsDHlEu4$Y7Oxs
zW{(6)kZY>u`#Ys^h;>I^BfkisIpAUqQMBy?qaf`L9-vveb!YG490I*}Mq|%qq(f~5
zR2C)(1f|h!^=V(+yBT3XE`wY&ExmT0JUoBMLa3UeC|X3_pWRLC{e-klnot^qbr5x=
z^hasP34IYWpyLKH($^(p&9Hy_R?``pWXLd*+jk%FUxd$whOOPzn{bHPLBosh5$?@{
z7f85IjoU~%C9lO-dg<e@AWX0wIb!*MtyOV_8%?a|F@$~|&ql`#oOYnoglu(bb#D70
zf@FGLtT<ZbI@HY7#Z(aFX*ptTFodMCjHvDA;Qdd$P*b&Yy0y}hW+3qsgr7c)#{;f>
zzN#+1I~N`HLMV4f`<g-G@2=%nWc%oOr?x$l42aGyv1S^Lreo*@m(B+kkWFX%G<oQQ
zL~S1?3=KRXn83bcJ-=d&8gvmGmRm@VZHU^2m1g5ITW^!a9!2fUp)(JEFo^?QoBUEq
zF%1-DQ9}CgBnWXM`M;fLE?V~f_(~VJY-S334&)Ih{i;4M3`jv$MDfaIR^T~r(Q3~H
z#W5Sdg28%=fU|d`kf}S@jGIo2T@3HWgqhjh81qt66a8j4%zWqCK_SL}=?KA}zRbXN
zoVi^A-DQ>^{z<Wvp1-x)2VKZ{S}ZS1b9`H^FV4ZzmAt+1R)<?&#wN5$Z2mBPu#P#N
z;j1m-PVb9(d${v;Y_ZDZmZvJn<O6v`sVz$bC*a2S)iPzVw?6xp4A~Yxiy5At#y8zQ
zI8*#a?!{Up^d{ws>iVg1GU#CZIB~mwYpR!$pHnS&sWT$-_?=P^JEZ^HF8$`$Q=e~1
zwvD{{fSU1zCk({tL3>qGSxHFWY|`vL#Uv%>HEp@iXJHYKjAs)jqcfNHrZ$;qa#bQ~
zx;R+RoVjY`nqZI6c5d1Sug6MN#?P8bTA=#qTDKkAK=~~J23{=~!DUA180Wuk?mBkg
zy7VI(Nf4f`l#J1JMMtV=IMp4X!61k8jNGjuqWiLFDmvx}HN*!BNJa){=!)~IRBwBk
zPl?luPco$iX4Zc8nBsqX;gK9|GisT={c#)m)17nu5}xz3zgh5)J&R&K?yGY(21Uy$
zP##S|!0^tFw+wa}Vk)_}Pu-@*jFi6PchRZ+INQgHw;Ya5nTZSy^7bBj8X31{EpOT3
zV<5mB0-`Mt#FJB1Z}1ZF3EU$?mqczECmM=nG>A7V79skVV)Pjt#}-d=D-_=G7_eT7
znt&}ov@7twW;YV<k}%Xm&F1S|Z>wsx3Qm3UpR01@P8+J<<Sz)c?GV8%g5gR>_z(J#
zccCvtNNGZHV|fDD0u*w4VAqbRIf}&L>AaPGk8^SEnI=RHoWcY;(_J0%%%Wtnf=Wf8
zaB^R!C*|yaQ#*#}R1@b2#I*?d`+D9CYxNama<qDa6#9s5#&o*DZ3<2W+i(Ri7#Hn6
zD5k73k&V6!{aw%2(|ox*?oC6yBGr~n$W4@&&^l-@50nUF>+gu2OOt&vHo$RkTqjuq
zf?g{|G#E4;Dk!T%<!1wBMVM7zxt?tgX>hi_YmeXlb2`DE_UKbk&h=DxBPnQWsevRV
z5ZArQj!6);Pi(yzCmK%C;(~Iq>ZdQO$@wD!2Q)gNcE5~?c0<Aa-KQt^XBZ+=ySgVU
z_jah>VyWjsV$N6SS4VJp_t_Ub%mHRf>P`pySQLh~d*bBRUy}3!WSi)w0%Cg>lHVtr
zkK0H)rVrC(C<*e)B-vtEBmy@;7h9L^CWqUOqZ>p0@!r)1X>y@pBANl`K;77^QT4n<
z-?TU!emk?X9o@h1)zebt9g>P}nzhl&Dk~3=Ek>xY5DhTZ%IM^{hc!7agRh>$hFwaa
zSorm`@ue?^HK;@3XNeqz>OP^s=7ds0M0$U86GUf<es;sp*h1+&oMog>vFstfF&C!7
zLi<ra)&`dBuqbHKb$Y=YJla*C-n~0oXq~qFDH7+xT#X%~fP9$yMar!V%S~38Cxbq;
z;2?I4oXBBHod+M0`EW#k&NF6vxC$D=)|cOj;S5!IM+`lm*|?A@*4|)=Pk`(yiA}dS
zTto=9PA(w!OkLF@c|Uv`;Jk#(?sSLsUZUNj`-Kzx|8*TE#P+>`+bLrF$vc&j_PYzC
zL6It+Pz>)XvAlghff?wUX(`-*S)L|!A1$vmVnx%XO|Uz2`{8H^fY-tDQvocSEhNW=
zpZ%Hepo0~SsoO_WTEE$EmR&^>UZ|}{vmZzIgMyiY#$Y}YLvjBBXQ$jjw*Da3jmXgw
z^;$fiId_?i-*h$LwI750*TyIPTX-!V%eu87QzRy;a8Q|*`%i7S0cp$^{Co(XAK+C<
zLuYGXrA>V|*UEgN>>473R;`VJ8Ale#Rv|1HS%x8;dq-&z&0yc|<D#N<Dg$MSy+1o7
z$0q4ya{9IB9<|at+ezC3u{-%2=yt1s_G98XxH<-J8V2^*1}N)kQu>je1x{n(s5xIf
z)Mf?Jj3<EZrZjneXo-9;S^09oUBFk%5QaXcZ^eC|+{pIinIzN>sr%8HjYkQEd^ZWf
z>4OU+5H<_Ku7m<{o?I1?-$G+UINb{H6`E@{-5KaiMkz);v5oKfG<+5aceuxc(&@!S
zi>igt#A{TB=1`fZnu6lH9$U_V;g!9yL#$7;9L*2gPZoU;w9!J8NG_5PtF9O=)f%Zl
zoA=}z;nKC<JPd!E`Q5lLT`yzm-cPyLlvbR1vN7H1h1SH@FS96JegF9;waiw|um5gn
zP?Aby^*fDVmYnR+q6zg}RCzLe8)JkfQ_qkw-<PC$eRMjxU?G5%!?{V=b`gy|y`X`F
zIS5Oy)|8v5H$Uq*I)_@q@DJ0tqL{$F3>Sd{o%r2PE0-GQq~f&FjbSH-EccSLyIc0?
z!EXku8}umWn55?l^*?+J(?}a6L<Dtf2u)Z(IDTKIvl%7~mgokZB_(?a&9Xenb{%+$
z(lGl5usM@u<%SE<8^koT1N~VQDyO*obaH!XMIf{FICiRhU^~W?&XE%KO)MNbFe007
zCABDo@XJ%Gcwv#Rg2xoIP`BloL_*0vdp5G-E-gect(R_AgM~6>HR~FiwuW|=!cFZu
zZDF6Pbf&?k>lp^Wh)$GI8abq^LM!{UG929TQ9$DS#sZNwB4EZ@&2gX7p^wvb^av+M
z+z?3+!<nwJ4yQX+h>X@u(?p;PN3m-2CgL1?v_^}3J0jvfOnHK#;d{UeZ$IFfemV|A
z!cm{1{&65S#Mb{YbS?B9ImvEZr;SAD_`tx4t~WW!mLH$e7sAWUT!7sy>C=guDU$g+
z%F_r(3d=KOhc=(CD!%kg#PaSP=>+ZnGd;O~BcP+V|F>Oi?`<he3pNmcj3Z^#=l%}8
zjl;v1H<XPhW-4O_NkjTu%6!1nBweAbYT35}HDp27rKEI&!(Ql=1q&Os=+QC5q;1c@
zFhS|}F4VjhlAnkE!*J^mmBQ#3700kM>VyW`o{SUwJlM-BCoTFuSTSrT@1yp_)Lh1k
zv-p1iF+k40qVcu=Tp~fV16GcPB-!lcuhhy_TfM2YQZ7eRT9sBPNj2@oSag%L()${X
zvi@{)x_@;o314f)mHV?KvZEf3;U;R_%~nlNq-suaqzP+`D@M{;m#3-1TYHC+NIal9
zNWdJK#Pf>X#OUTPf<Tx(;qf@R7k#@+O|eN32dEVnv&QkS`(hR`11<tgm_j&2;fXz{
z|32{LCIE`Tth+S(#FXPtGa)c8NWLR&g{rU@lnKPC1Z!lux#0s%+M6{$&09(>Jo}|A
zo{x+;$=P)TaZC!9XmU;BWWi$$9AR}R^k>mx77L>Z{QCt>_hwqCj4=h)GI$j}-^XtF
zU+2Bu%@Ii~(Pxx3+P0*2oZ1u2CMLxP#0v}#W%*01Jl2|YctdvLE*Y6(+yb9_R2Ro)
zXWVaWD(T~+>%;*zA%iHTz9QVKC4)aiE4emSe@<~+p$U3}FGKYvG--|O#Z^UUI!(nP
zJm%tco@S>K2;@{fse7aFNwJf&)58qDihL9gxu@l)PcpL7CgU~@_^pSfO8R3v+?|M4
z$KAfiiD?bIlhiP#fcuBkaU|&j5_}p$2l5b!eC1bWjATDw3K~?oe$Q0|w~5s>QDXzr
zEq!tZUW5vcJK8(38T#gB076ps6l0uy90#MdhrnEEo{4PcZwL96V8(icRXh`vW9>gH
zk!H4Fc!X-CZ_^Ot3qXX<_3uzIQxTryb&$kL&*6kMO{cHI9lVXWG~|iWa8v0CcLs3~
zCW(DUzljywwjPunC=@6~qaSfug9Q};sxcJ)-Zk<+m4%bm=~sD!lhXZU49PrCd7+9!
zkjpwDun*>yp^<PZ3fnLSjxY`J@@G<^r5hR60u?{gq05{x#JaNS<YHl$u0z8psF5oK
zL14LvSF$p$->_=4-eEals<U{{!i+t&%BLIOKT}pWLZi56Yi_9InM&K3%E)T3`4l#R
ziV!h{fXl}Bc2L)P!Kw`}ICnBg?>RgW%b3ZJTL0nrI)zSP!Z`T`IXaNMbBqlc?ZD}N
z&wVhcCwP$+WHoq?CnLe=;!cFU0yja2hnL2Q?Gik0NR6mDd69mY6o#?fD47LdLeN<;
z02BV=a@dF;rw*B-?t1K1(=?}ZigmCbLCRGshc!xF76mX|OD{Dyw|a+QTwUPDWm49-
zt7Y+L{is>4PE>joFyaE}CPz0HcvCNv&4Wx;Tm=d5$$g_c?CC9r1#p`|SYo(Wh2W$l
zlm*9_RG83_nBIC%|9{RX4G?ss#z+|U$7$#x^qN%-T<<JoNR&8vPc^kHb|`5wO4Afn
zOqtW9l{~^s`-4o1>v)Ac#J6LYG2Zvr_r&qSK}T1Dn3f_nn)q>)?PMJ|9|<{CE8+2u
zP&c&j6=tVL>0N`gXck(DgU1rJ|E@Zb)*WoA?S*2T-+U)p4e((P{|~CHz(Pd$BQQAA
zEU#u2yjFl47<z;-ErDv8;j~Y(azW!stIeY4D8t=>h042maY(E;M+<Nfv?q+%(n?xj
z`9~fx9q#EZBXZa&DKnn<+$QtJD9tmSJaM77o|z6k!4-WwppO<Q*R~AdBDd*WKQw`s
zHFjeI&J7bD>krugeua8=;1YJwmg@7z_#IW^T@dnQlW!>v8|q^?SF)GVxwrnQ0+0h$
zbRkc#tAoklA(XD6tWoCc+w}SojrJ1wAH_V4h&75@P#1AgLKQ!-NE<CaB^S^rO0Qya
zFeB<ZKZ|_UIz4AL7`EXUh(<}W%;W3Cg9s>skdV*lqT=)G51=^qI4Tl&N4$sY-zbW#
z#eSg#G>U8m`yD#+&&Ao_&^t3b`;=MyVWB$f4Q08n%5|(Nn~XuML{2r<>mxkIPoCzI
zQljqCB|aascE?dT;H~{P{E1$&1wQs^XanqfC^3P1^yD^OT@p&oZwn0zvF|2WJwnvH
zF$>NFI&elY=dg+{Iy2q3r{zyt&-j4Gz8&dtPgzRRrE3B9@huq|N%3@>lt0Dbd%5+a
zk_+qQK2M}UGQs^CXW}!X+lS_B@7~hahp+VfgqS_e0SGc0BTWkZQNHbOVP8cAvv_Nl
zCpn_;xBkS+T2@u{Kf==aBW7F}HjD*Jj=l(N>$vx%IkNFpV=FyP9^7&2s0-DB<{JVO
z2K~F&@!28dxV*G<`6@YMiqpDiU7T%lMsSGhM9@R6q;1V!yUQ#9vRACSv)~?qd(BST
zHWgwUU#ng+;8B$xcO1(o<4KvMi%BxRDQ+dUAmmT?y{9EnZXUXHet~29vbV#XLRzC&
z$LemU2lP5tnMjm~+Um(08Y+fTgG@eoF;Hqc7VSrS7*Nd5ktzNaI`B@%6eQVii|XUe
zQ5p=OEZ_)8wQ85>PT-#gZ}F{$rs#^wbW^Fyp>ZHez_WBa0p=I$i827PiX1#4>vt6V
zkvuf|1cDoHH~jtHu>Y~9<EpfTx?}ex(CKzQxu!}=Q@N61*4y;vU-EJ@O7A1kV$p)#
z4-PWn-$Sb&%dO{DBlU<$v(H-J#l5K1V$`Wrox|^Rm@|{e<KG~zc;p;3z`+w4WC2kf
zEujy5VN~X%r=bE-X0Cg!pRsRV@4SWp=<lnr&WGM+zN&c<r=)sy@2kAjd7ieP83g4v
zw*($>XubowDraBdr`)^P601s4s$k%E^j2R08pV?)?a3r=cWeZ_K?bh8N>pL|vem|_
z^KfO>D;e#2<85UnbBlsREK}MCYtuXmG*6^|Lxs4*8a~0zEbO>Qt6KrXUaUO@C})2&
zz{KAGXY~)=?aIbc$ddg-;G(>zS6UW7JPq>iawE3iuGOHVErS?JkbT=~Sq;H#LNeiv
zaK$$B9cdjive)A%WHWT)e*rkdVVPaFw$nwXgc_pwwwTGxhO}l^#+5IS+*yMM8d0Nt
zjqQ0Y-AWosksjU6*n(%Gj`F9o-y~@okh~?(=nw}Zo--}MOBF9_f5r+Xe&Mw~J6vHT
zxm8<eVB2?6VhR^l@mPGKJmQ&jpK5n6xtj7tK0t23{~I~HR@oo3O=_`(9AHY{u@QE{
zAy$(<M4nYh%-O%4ui2%Ut00(iJ0?n~vdI8AY?1RqLtBj8Q|~9`@D%Vsj3G`?7nwS#
zv9d)N@u&3%`(dRDCqEoBs(h^={sY~5XvJqfHyue%+wjP<Z#wQX`K#F$2lp?K3=ktU
z08q<fj?%odb2&fYMqlW2<sgxB(yArH1M7ix#7qbfY6R*YS)TUMkx0prssuSNB~Ucj
z9cheFf7FRv^P_8!a~rOqoZ1CQso%0@X)ZDrIQ_W2=0MSy_>GJ{2(BthscQ%pvO_E!
zZ={483dPvp3%)=t{z*3XSo#*PDNoJ+saHDyH^q%P*_R}8{j>JTzF>oKB=49E3A>6#
zWW~%3eJhjr<H_seh8s+mnQd6ystFHf>vCL1K~&L6BevNC)|wTsF77hp(8P^%Mx7Zj
zL)X(^5Z6~HEFk@@G0s+8p3%?6PvNBle~oE-q2RL@k5)WWNoJCK?r_W1TMjFf<e|%;
z?o`?APXh%!8NJ>bP%YkVNX*OF%@cTgJcshSM*HKd=VYc!T<rjvO1KM5SL2Ix3;?gN
zX!hO7EeEM-G)Hye25Cn85_ZMgz(_$B_Zcz_J*YrREcTS7GjRS<Os&<-Z)qYNhQpPI
zN^obD|KXht-i{OpD|zx_(Df`-Vrf1z(HBpO5s|d*J&h8|0}M1yR0o@RCWgvjq>wK0
z@qRLcVj#44)C{FSh6_K1oT#0jYl=3H7JVLRX1bTDv*X`!r=;37oAAYT-xQ=KSK!If
z7z_afLQ+ETm;whZV(ELqQ#p6Fi(HpkWv^Tjl|93KM~RC^|ClTsC9wE@p`j1j-pmI6
zv)a4E6h1bxQj^Noq~nNhKXd7s5^6h%HBDD-(Qs_Z!91!6Nxh0#HMlv0g6cNGohPT>
z1TM#j90TwO6kx)E#GB7HjzwnsMQ?p44@nz}3sgo)A&Vo|a8$M8wDViB(*f-Bu9qTi
z%tbja_lCMjfU=e^=?)B!hdcIp*2G55iGqRf!6wTiJq>$~<@2X4Hc#z?w(V7Qm0;Fp
zT+KRG<4SdVwZLD#R)@rV?G?WWdUiFmUfn+VFwZ`UZT&T#k4@ER6r@w8bo-w$9{p-n
zS=0m83X^%e489x0ioRxG62yW{E1o9-$tV|c^&HGUbC2SY+2f9GlkM7Hd%Ksg8_@s_
zLX~2@%H78}r1GwX8l=f;w&9?K!~CCkuzQQjF>CSjWJ_*9i2y?++?py&D%NNIF>Qrx
zIXOM`o>R1%t&^z$7A;)zm7MXk-z9l$jHY{hvtU=;fn{DrQd&EsQlmxf5EARiXcK!@
zm{1yYzj%8V%-tc=iah3Gh+lN-v1gfCeKR0*{5>?Q`k$)U2VGN7V(kNG0|qdZ%FL)C
z3Lnu9IfW4MCIeGb&wvVQ=fv#jw^Y{RfYU+9!9X4qJ2CyIv9g8!PVTAF0HVU@hT*Td
za)l_^%j8tJ=c(4a&S1gPpPoHP9`&aI`z;<~;dOQrCWTvh#h)1#RiepBt;!>URzlsB
zAL3Y^U(F4l=!acG;7e9TO8^DNJA0#=VVwUIg-!dTp;1foA?u%E>bT%ka7nS7>|fTK
zFG>svq3&~HxC<XHu%={EO=gt}RhmlE<dH-Bxi*io=~mLcgzN-SDUTCi5q%u_A+hi#
zMZ-rf_S&@fmxoC}L8^KEpbmI^d-7!|sV$PA<;HUlP@)HL2q!&a&(pW&V>epT#MHjx
zMuru0CQ>_OS5ReE@Sgw!pYsxu-0XLo2iDrqEM9ztkRd%fIbRj|2k)Lzmf!h-vVP%9
z#Y<#s7+f%59o~i#sh+FztVlnn_{nAe&OhV7`Oq3_>hmpz6|xP?Yz&7K=e|3bzOP84
z{8&(k(N1x#6yjlC9qg@PsW_bCr{XfAhVh{d(&$05vu{Bx{ak<Faj^ZAdUkYlx_w%-
zr;aW=PAWh?sd2_hJP|+GToV%fs1u+*3~FZi5E{L>RyOelH?hA)XH~t0%#_jdI95LP
zC4i;cVAiCIp-Czp7fP+;bFQ&udUz<IH2G!rmwEm7-R}mQZvcS4Sk=04#S1lIwc#<`
zt@|t&3giJYCR*oM%)C6#u!PR-ECQuNpUy(wp|jHuEQgj~QK}K`4wNSbTBm5{f(^Po
z%UuO(KY}U{l*#JZF>CkO9b5~Ov&G-NHguf0SV|4brNLB+oTF$#AA4xyu6$MjBmx~T
zQ<)|<bj!-SwT^zOh~TT3_s4*HBk?K<jRSF__T3<`?@)z-fHs?$gA)WJ94(q6ckKea
zDSAXEA~9YQCVX{bgH`49rjJ_01MWV@C~U9=xqiY56U)pO|Eb_>OlkV5I_a6#Ka1fE
zA4$y3GS93#YLnQfW?;W4K{$og6De=f7%F+z;>j-n_t^g%DJEeCL5h5C%}_G$^zd2Q
zYzjg<iJOkbt(CzBvV%4~E%@dzWJU;SI_+D9)|E#Pf6NHJQMGn1ScqsNtK0Ix%VTz)
z9g#oo;5*WG*dj+CE4(|yv7&jaTy`5jjH5p&fELN9vpUG&sWxv_Slr-H+{%ACco2X?
zhWah!7Fr~*F^qofj0K|lfsycIm|wVOhH2%$jIlEK2O;pow`BY++y%0|hOEqh^|dOm
z0g;*y-rh2}blidix?esygOAMC9>z@`JHx@mXGnr3*gd1yaY*Njx<<Fac`f<abMUiN
z)4;1$$j|Rmgjkf)tx+^pm4=8^AmNNe+lT*qEP;oB{`tOo0bO?&iYu_)Af$Imwt~m7
z<jcJdKujn~xltv44z7Tlgjy|TY7vwLWEc?{V+TTjjCEG|8Yrkv$lb|R`6RWFiZS#T
z8Z}Ix+NV&X5L0svFh<APiD4LlplQ`CAzqq|^V5aXbuv@UFj1U-y|3YZKKEFuzC?{2
zd(EE;-rV9&?X>C;sD2LOznQ<`>B?MFlAY}!a+km9e{V8w?ZgCq*Z?=+1|m~kSO7Ll
zn*;-8G+!}#_vn_R!wGuT&N33qGN3nCv(XMP=s$!n4eijfH>=GjbXf|uGf#1kTU7EP
zNd{1ypyFrt4H)`geaiFQeQ}{cPWe$rwh$P%&}E3eK#Ht#-EH?9obghyC=dZnZu42X
zp#Ofv=0TYtM7R3;riwv6RFGT;?v495WJdo%zZw;h^{;2<htJcZev4a{Q_Rh`kM)!~
zknPEg(koP$L{OqJ29ukOVfb&6)PrxXDkbHBUBaOqV7)Ql{9Ma_uYmEj%)uYP6Sg|X
z7!o;#xVN$$M>#g&8=wf2Y*@$y#BMhsC5-T0Ww7_Aga)cJf07h(1gHT?ryKp~wxkO0
zX3=fGXr{~256M`SshPAVa9jaTGr)l3li^2bJ1Rk(Ry3fYQ6)IAk>KO0xJ9SW{>hdp
z5i?}QnzX1{ThTAMTq`$Orc|fFTb%kSxmIl2KMLWyzP_GL)EwRcUsHC!(pO)WPJD;6
zTTmdvQiDceIT~0U%_v75e<hrr0Hr8klh+5m4-?_yVX)G->u8kCeOEqZ<w_mdeU8>9
zUFK#rdnease+<l`JuLY<5i0^C|7&B~$6)>6pQ5frJmi#2FkV=nGAp=5Q5qNyQ@ZfE
z3{L@(DbjL>o0RiPJw_y9m#o|eX%Ae~@dv%`YV*Y6ezzaI54Q6o|6BL2_B^CUhofb&
zAYeHQ9A($%L8v@Zx#!TE)7Pkgm{jMq{P_!_5er*w|G@4TU@dk^wv<ZDE~<VrGC)29
zx>YY2+RsLaR#lK)Q%@24$vKOh&0hKQobyplIX;^cy$Ocwx&`Iz>}<PR>;Hgc#{V-{
z+!Cr=d-h~JQ0bYPy9B%+fl&QjwYVlkPD&k8meUruE3W)R0^<dT+!h5KLozIDa?&1u
z(L{&VNK2Fd=6x@>S&|N|In{op)%7bys~4#vB)^}(({>EzWV?i_Swcbn?NYP{vrUjU
z@1V%I>qu;q%wNTbD*#pXYB@KJ)@m+r15V76fY8B`{ws$x^?NYO(Z4^9aB0Im+wVdi
znVr?FCqetn>M;iORKtj@3g|k+oDXxCAw8#h*+(C(EvITsi#5l<a(N${v7J|@tj=`u
z76c*xe7?+Zw~`|k1MFbW>c-J(ve`6>BT&F{HMf7Md@b1Rpm)>2i7J9#VzIMaH@$)n
ziqrfEwG|3e>Id&7hza5jid!(1mEJwEUkii;pE7qnQ`LJW_O(?J9ir_G@C83d5{&sM
zL{WHSk1jV8ugd)A5hzvK|CCwAahnw5C6)Y$PoEWsJWFL{-;5xh37qF?a0_l9qJsYM
zcc_^0;9pPZD1MuwY`aq=f=*!Bu^Dbwmn>Ths$=7Gn(TRnOEE&Ey=y2j7{>1;W1#$3
zRwl+3_GUOR(89h6c<&A*RY(Qjj>NpK6ij=d_!5Xa6$c}+&a@(SFJ2S&9s*YP*lQAv
z;d_npZ40MwxJ9Ui;cF#MIfuwcj<>_XQ}R^5hqx8vS*^PnI_T#M@=spaMp_DO!&SWn
zp|Hd*%HN+U0b{GQH}e{Ws7P6>!6LyoE2VO;5X&IzeFjAsoOe@g(D#Q;cCTD@CW%R;
zc4`2k>N4#s)^FF?e+7a<_Nfld<MiRQ#e1&K+!l);#1kC-a`pF&U3EAkY%|TirMeYQ
zdG*$giym=3h8tsj)1s`WNc}HCk|B0LML^qth^5326epHE9IDYu-I}=x+aqEA*v=1r
zSF)hz_kzamy`RG$HBT+<y0J%F$9s4UQl0-91is&Y2A5AOR>QB|H%VS5FQnz5=G;7g
zkV6FXJKQppX7Yi4?=@W5o6E``7!7NOu~cC1#7DHVD7JyL>m0d6gZqZvj4JX<Ym<xZ
ziYQc6Uj+^%LNsXOuIi$&`k^zj5-QK0)`?Z!f|z2qmv*;I`t4I{%WGDN8|<E4mXwZD
zyV?Qrw11UQXah#lAgHIh-Ezhf&qL>fBq_nT>dMxduu5H-^=hiC8NY0|0?8q~QR3U>
zk!XgYpj2qgBf(s#G!#Yy#*CTf4=M;gux*Pm72KBjG+JO<6rT~ITtF6@z)&({$V?f5
zH=1epVzuIf@>)(!3;E$A7l;nN7xX-)>h<KJwAxS?ZBWq^OmsqI$*acEab>4(sSSnt
z0FW2g@k;%P!ixk$5aWf_ZH^;q_&z+xZ`ke|ly1WXb|!~e+X)!KzVuN^#e5*E<lnHE
zQM+~I#T>PtCK|VL-wV|)uf!<WWqx6%Bw+SQHi;M5{%7wp2>?Gtb!np3WbfoJJf+lf
zU$}|aI*>h0bfRlp%H~vwb5#iakXxm4Z2a>&oyFx-iNUV!OwGVL9M|(gMlswD0bk>F
zErE!UWm;{t^Sa`C&d@Nlt1UX#0I+Cis-F7(mE$ulnET}PDywSNGNoxHrHFaQQe!m2
z5W1u1bnlNO11^6Zl2)nEN^Yl;Z&vpV&&a!$0>62YAGY(;s2)CTwymt_m2@8?i;o-P
z@qu@i{VcI@JgLF>yw(cX>B|rTJ6@but;pAiV2Pu|K&84aGs%?xCN<^VKyh+bD{BZL
zwZT#07SJR~AY*x@+-%V`ECY&~^uEVD%R64op@(({*Z(4#eoFTL?|kwxXY5K*wH!?@
z!OFQZ_8F=;{%@`>v{nbcXH(8c_*9*6SyajYaFC+;C)uqBLDS5FmCcRO8#ui<wCW2;
zw7XNNA}rQy()d`RydfIb{$KM*u$1Bm(W~Fi{XmPo$>LB~a~gZy?IRh#5eeiDStHD3
zYs6{`h=4e8ukU^N9;!fU74CX?DJ`5bD9M~KQ%iE!s`Br(T0rU8PYJ+(yU~U;S>}Za
z<qbwlz+pJtoBKJCBEBB7x*u%1<_YZgF&k-Mwo;rEyYC%v>Bb#lWVlK`frO@Tp}lJ=
z!z_V--3Gpw$C-^`<(LS53MCkA^<}iVDf|B3SgnS6w4EJH0tE(&;IbTgG36L8S5{q&
z^o^k23BSTCVv6=Mg~7gU;+z>kAphtB1?!mWMmmb&)s|CsgP`z-LfqBtZ?fJoS<9dF
zaJ&h^lJ-JgmR%D@s$U9sk`zfX?%wmBgEEJ8B`uV)-_VC(Vw{yn(N@9aTijZ@*CGh%
zYD+2-*F6QcOmC%DHiJP;@K+98oxxJ*Q>HZk0QiW)8$+yA=L%<N2ugjh=X!%bbyu@B
zYw|`1tTR%?e{R08Ozyf*+!+;gTRZ;M<UT#5D$6J(^|i`xGzug2+z?zK84_dK300Ol
zWy<t13`&?4*nygAZO{O|NEq{m%|w@UhuOdzM}K(utWb24Qe5hM?-*?s;(LwR(_<3O
zINu!Rf^XnKcC?tp*#VdQumUpSYkIM-sUf6j68iA5m0zf;st5VnkV(!~GlP!Q`J*wD
z{<(_T*GhIoDLuQz;!b;Ng7vQi7`}%<<&4WF9asZtz>)O~aQ=L)UZddwOI3}s8RH}%
z`NWHn(RX}lCXLv9dPmV_Vu3u9Z&Tw{)DIZ8Gj2qHuwt!P4mx5fYlcz$$RnbWa<Fj0
z#_?`dcS|rXnBn~;3tYs@!k~H2Q=qYKK<5G2`dfq#%nHaVQ^k%)_3$)7d{q2?n|L~9
zY|XG{d}ijMfEGLYpC6+)<|lAAX}1`$(pfz|?Exy80ZJ+WD<OC(C}bs)oR)P3Z?yJ-
zklzSlp_}#u1;_B;^9`qGc+=s|AQ(4^w`5)L)UI_3t4lMj*3khlR`|M6@j*Z_iX7nr
z#4d=3g@bcGzc|9IhOgxt)-v)T+a`8HS4X)Y^YG#D|G=Oa=0i-En6IRtviEts?b`!H
z)|#ZD1|DGNYEuC*PcF1*|4E%ldNw?c*Cwr3#OzWz7CZT7+Y*lqz&$u~;d2YOhuIl4
z*)-)1r0dVcg*~3%wx}uDY^m<oe~pMvHYMoVy)Dcl3;o|^VFj<xt-~}6n#Wt+v1}bh
z)+-wLvft|(P~PUViD`K@ZkToY2(Y73fkh4&EyEC&>oH3yPyosMxClKsrXk6vde_I~
zo|y-#ybg6a4Di-~GSGkM=D24T>yARJ9T1<RgrzJw;xYvl81I4#r9+@{^@=i3NhOz9
zE>(NiSVk$+$!`gbnrl}jqRnbs6-B#{Y!t!BgcCmWtKS84P^x6`xmB?;BL)$+#O&?5
zS-o#^uXZA5(#eolGIBc0>F<sOWcEX!o0RI-dBF$BgNwz;lwfDr!ovsn&9%5H_udKs
zegPTqLc812WG~X>J<^$pzF_XlR``rt^m0vqC)Uk?nY8iD`M}-XLuU_MUs>JM!uf@9
z4zp9SLR!I@Llj;i*{U~MMO={IEHGpxo?kP*+|o{hYt$_`DJ03dfjz~Mwpv$E>lJSY
zm^&=R{^+6V=5zYP%)T&L$Sb+@;vV#s7_cO-id1afa;h@C48!tgv&7dY2VPnMO#-|6
zEz)2B5qPChVbE5t+bp+kq)_(Px%4Ru-798t)Vc74QSxokDYR6h-sypv;Y(}ar~ZQ<
zEJc_)OR6k3VoBZ6X${P2B&Rbmumsn0z`Q>-SA^7-tX`OPi9GA%fPNvQm-Iv!k*y7S
zx?{2dihd?O)Yf-fc)tR@5k;159eG^P-<rJMYllF{Rq5ayihj}e!M4IMN?)--OkJpt
z?r0;MsC+_kPfc2aBKVacZRwbGH~)|#^=JJNq-?1zgzu$FG62JpCSW?(6-%+2mgvO@
zJ>Qm>h6de__#v$yot+O&%N1{6)c>icp7&ZZ9$zw5nvsD)i;sgaRgMmPbG2r^v))FZ
z{~5gHtpEkuzirhK{1^x`IQF6p?4)~tJwaDwX_)UX0&WeUkdRXB-!jTQCc7tbgf~^~
z7#NDaCuv|*-7EY6DQ}R9W2`3S0hvxy+k^suJ+Dfvn9a)R=bTUci}!RcH@^zW0Jk$f
z<?n2I)vAGm#1x`3LN3WP-uj^K6A5fx56&w~*on!d4<Fh6(O$-DYSZ3*#CK<}enMD^
zEKwI7l13}+5fAqnNlW@Jj(KT)J0bve8g_o_d^~6AP-ZQXCiv8e85;tN4~PBhJYrM!
z9!@*}r@`Bjfq+bB%Y+x2S5Ux8Tx$F1;}oCOErvKGF0Ro$@8mOmHMIRY$i;~rZ-K;$
ze6(H#!V|l(6thJ*M~(^I6NAzLf%_naM}gdjwsH;mLI4?0azkBvezlwp2@AN)3llu4
zG(`iWho^o}RJo;3^LLz;uIL79yu0P*F-Y;QI#>UBpAx>vmDqe1*9hxnZc0duB%6=n
z93BWeAnmN{9C+|PAq6Rn<&YWSkRW8EvEUg;DA)Ox>n=~c(`!~Fla(>QnG)!2l;n;E
zrxVBg(`xID>VD3{iM~3DH*{9-`f7W+5V?5Fchord73gH%6@-Fv{QJYMB=5_!Tmeb{
zhI74@c{ny0<24$SDj0(tSif^f_z&olauwN6{L7KR?UdD@Z6NG&pdp0QUi`BwWl1$4
znk@^-?4ZfABZ+5c!ibf0qksaxESxjV<?=`-&{rrCFIyRWlW3L&5@GD^YN?T-n=<FE
zuTH{?4z}vbtM&fXx!f#YmL-QRk!cGUeYuW@m2X~z(?Ku2oothRD5!;wm-1EX2Yb%M
z@T>glulWE0ksX=jQEbAxr}bEeX06*wh?1r6-jYOx{}e`i1rp~F>TBgCDRLMGoNFup
zXk<tVTt3hPgy^kMQAc192ZLqnQtiBIfW49zArr(3{xXZ<>8wNR407hZL*?`9w^6_<
zz@OZ4P)K@1u~*y7g?8tSgFu7DNqjgcJqV4{E-lQuyk0knE5{Ln#YMn1DBxM`HYgF+
zjq62icErByrGGmmtl|nuTi8Ls!t3hmF1y;Xty!5T@>Lq`Upo2=g9uL^mc{?Ur~lre
z+P6$z3Rp~()<^5jd1n~YG#0UO4IAx^^GEVNf)2QtPtTl0iE!xBLz#2NZGaP+jg~dc
zg@E-(wxG5tpL!kJKCyD-7Bs6s3IsH`#XPoSghp^#$El)iV`cC5?8;IsuA2hR$mFAW
zMGT{8z`9XhjKwd;ExpB0(1Z8$gMo;L`9p`#ic<9O({*8O+kX1^^FlA-@78W&+5=b_
zdpdmKjUO=X0Wyy{x&PVV{lberqkZk4)ZGzsiu`YeN=O^$a2@mkXNY#*ZISUMb2cDV
z2M5ld!KZVUcD)uAI;-Q?C}J-pTJ2NPD6Qg{v`!IL#wmG0Su_ZigQlzm{wDGFHxHs&
zOa~zTz{0jFp23F1ZC`|D@y^A1?|K={B&KCAalmWbu+*tp6*?umd#*hK7v_b}U|(za
zoGW}|QtUDWNH9O2R9-mVmCu5)+3lJPPn4)GlHco+=VX_i0^*pJ1+=}B%VQ`ByhFA=
z@_$oickG~r?!Y1?yfnxs!sA%uH{iCkICtek?D=T=-TZA0CNv`p$r<uac%0StV9H-(
zd{`_K(t&LyMachq{}(a2SrbG%7>SMJdPkg2)_rvg5DRnkLAmd+QGhT=(<rQSx%s`p
zg#w&ycx{ZN7!y?@3J&9}ja2BSPHhkMio&Icqcku=h~`GO==tog6`$=qp*atAF+M_g
zc?RBgD-5tcgF?JWhbsPD>YAA6F_Q{6Cn_ezlZbM4YeSL-du4kqO-fjP#5p>qI>BF9
z^%rP81bL`s%=LD=peZTue22OMI3f8^t2$+2*6=$0m2oDcoO9#0`jb_r69N*p7uiV7
z+K$i>)(FYEx~_ZgxM~pnX#8B2B6^T0c;D=e<9U&mQcEbLNQdj{`jT>RfDJx4EJ|=u
z2iNN=Oh%O=0Zb<3aR+Wx*+j+BWeHgQ&#at)B|3FCyHf%Ud2GCVWNu&cIJVQqGu1)`
zF>%8#e{axgvpWq-z_Q5)=&|LO=b*eG^FHtcf7+S#O4p`N=t!`y@j$oqnB)(p*l9we
zM9&0$K<H0nL`BA6U<B(t=iZw{jaEZCtUB^zs!vr}t6{1Pp434eH+C)+8+z_Pn5)cK
zl^R+?Xd_JjN?dyA#|n(RyXCsHQ@1SrNW;KTF>6R?f1KJKp&1N~tB%G*^|qa!Lu;qP
zeAklp!R+M5qc98g(r|m{t5H>fw*H)dq}7qW@>0nE?a?27QoX+-#V}4iti(UqHdlIp
zimR68i^j%xpVH^za0?f27H2YG0a_q-!Ql=!U(iuuCZZALYPrgoZ5)NyeOfV6mK|2-
z<0Bf$iGvv+NY?P%38&zmevb1^9r=ug(eWGn@(yX4b3#(mHxi!eptT#}RHm+Jeo<8p
zA8-2a?nzB|%vy|MJ}Q3eUMCjB=HY!{wz!xda&w>3szcAeIV$~Ipaw@DfYN7ypNQIN
zVjvMQFXL#Jvi4K0du)hw9rJbc@eExK*<_@K2qAFjE#05(fhkFjs@vqx2L-n~vK14J
ze)G&m8MJp4SGY$pUfoqs2vIZ0BYQ+(?ngo=cVZN2wu674Qhj^bInk(Jls)cvOQDW9
zw&@G*y9G-OHqj;h1|J7RtG@#7>lt11S+E<pWjSyJ&!C`YyrCg`XCcR1&i!P}X%bru
zjd7ySX!>}jlo~jBF;n37floWo#z(+!TdV^u*Ecr$u8g42Jw6g>Y0WhHmC&Up`{M98
zQa12_nn4(WZocmz`d#aD#dH9`lL<mh+V7G+Gx^<UC(}=}FzLfqOh1Q!qn3v5Jl%Ru
zxSZj7%2aT=mJM(kVMk823DCdiZe6nZT%=cF;7W57*SH6RrOer&pWj+wBh%B=@}0LC
z!Q~xUSC(OB$abE7j{AM{9C8PI*cGadYAou&;~}~XvkCL~;D}Bi$eb=xg|6-lW}65L
zWTy7XQ5_oEWEXv^X?kb)YIp8an~dY7oTuZffHQOTV4|7q(TfO?Y3uN9mr3=OJocQP
z`m#n&l$K96ay!w9b#UmjD1<wyAY~kQx%Td)Tw+IBiXmI5WB(yd4U+k>BV`C52t6%k
z#`!l@^s+S4B~g>HH!fr&`fW#kfdkj-aj&!{!)m~Q+c|tf4(EO#g1*|s5tNRVpCf%}
zO4Zl^%Z7KV*Iv%+qgwn&zLc;7n1gc}gwpW;cY|`sEmNYL8YmE$_Aq%jm>^C+b5a%<
zBuvz$1GL2Xxxd(wGL$Z+7jH_svEc;d$dR=xCY*gT2~C4BiY7NJH1e2aNcTMt99%)A
z<MIB7=fiV;olSDa-ED5H9sAhOOC79hVLCDJOGq1`1(HgA;}Dc${(JswD~#+7C$PPB
zC{^YkCj?q|Msz#M8ZabS-rzH7$9Jl2R*C`R0ewgueb^%DIJkk=TzRBg$YHkOSb=SE
z=;gbgjaN7OXIKyX!NbX2+ygKPcwJ_4*$FtDZ%?HH|B(xA{PLMKA(e30h=^v}-lT>G
zTNQq(Au|Qg+qBH=bJD`DEp=37Bj}VzcWUz}A@aDmNLPHMh0zw)24|PmQilX})~ITl
z5-jaMcJ*LS)6rS`B_x;K=nWYvK$RajQ?*xrRzRVL%H^Fl!$u6yf};m<nan-Qo@G0$
z%;4&gKy;d6h28>;%E&+aH`2`=aN{gb0t9D9+H?eV0})--=luIr>z<j&9~y($Pn@ef
z8x;b#Y~`pUfYbMBr^`P9ql9MnZ&68*fW)_p){k#dBXWC`==+>Im10jNyek&7O!Yh)
zjeaSkPS*h3F58EiB$nEgjgZR;lb`HWR`EXAx$%#m>`iN<xi$3%^GjQxSCzaVfTvr)
z;Fe;Xt}5vzY_jo(V@LLM8!&p{7V&kelHS~DS0qWj7Lh_Uz}U|vtB4K|<2X87uy<$`
z9|9;rY$FJ#&CSAz^&~tkWmmK{R0n?GBKF?+GMcU3D4Pf|g}h;1sIS#yb@LU=?dLOh
zy{aKdO+r6^-PFZB2L~qb&uBmKhWRv$9SG-rD83ziSW^f@h5-gEP^G;oDZ~wL!I@6&
z>rkpYA)iW`c7pp~M#qD~c=V(Tby*~}N#W>7aV2R9HkG+qMkS)0W=H&D!^~E+ccdW+
zuTxn8B6A7Y%Km8M=>*pt&|x=#`}BmQKc6B?w<iGm8c^aNZ^OTy)nj)l<8D8&fure(
z?25*DD(RZFm<<S?0HDo2YQ;;@mU04-yDJ6tA<xBU@T~8?S)Ac$cGM0Av-fCs%FNj*
z91B(A1wyY6wPgd2qi7@+7rpm5yroJ)04O)l3YV*snK*Fm4th;^Ne70p5+X6qakw>C
zM5I+()J>~OQFlAat4n>+H%pZndIO1vyOI@fw)xx{&v7Jm?|2)A{hLu9C0!R6-9jm0
z#oI1$GlspyvvMP)n20)pFu>HqS31bfv`YCgzMN|4%R4d_Kkb{f=%VwViv)p<041B-
z4ur+oKduxZ)tr7n?TZskelfBb?EtsvR5+fBHTS6=A^sC){u4+x(<R_t;@R*Exp*1|
zP%)+ziykAQw*tZ@DbogahG1L~^kr<c0e}irUPsglfLCukltL!g6z00v!<H|jdFs9X
z%xV0BvQFqwGpeFd%r%k=EYrah%M?9(TY~LW{ZrQ3(DE`J#*D9C$S^qP$5!9FDH3f&
zuy`**LoRVJ-=#Y=uZx14H{;fY9dT!IXxIPC$IWh0b0h8ZlLgijs_aNfE{keA<V|o;
z>o-G&odM3`v>7f>#8ax&aN6j~PFdIbBF@;sB+|3Fjs{3dUc;G9ea$8K?49b9=N&60
zD!3VIJzmGFV_<p5-J3FlvFQ<xNE^mB+sQA*y3QA-&Tw$8Y2!X=zfTz>fE`HwaI4K4
z#^^SzZ(Ta<mIw&C#U{^MoEvtuD#8(nIIdd-6Mh{1!_TWeZ(eSNCTWsHf;83ix0S7m
zrBx>%r(NP6i9v7dkGchFj~fGSCGOp2U&c@V@~;=b*C5Nt$-?1R@lF$ETW$#}^5$-m
zxaG|74Vz60$bTiWQD{rY1qQiDfs8<FVyL#jFunP=wv$g}GjNBXjSowC+Cl75q`>pa
zBBkMY17dv}!$T%2VY6g+$N{y~$=Z0{<=l%*vqNOEW72h#f0nH+D5SYh@Qfl~&Jq6w
zL0*>TB(s5$krJ7^l6*Nl3c#(+pzsG9l%sFZy8`OVk0qe68;AhxMC$byuhAp*TsJ#E
z@>uKdMd&rF2}B%#GXk;kjAbETTcfwO=_Hpz0(;srBB?}_73NkIj9AwtPacs`$T2hn
zeIIKmS>*gVL<)$Ow){eWOGbF$n<8H;nE&u<a@Tt3O!Blk{dXGCUQ*(MMW|Do9#F6i
z<EGjKzpNaiT7lYrP~Drj=p-PYl@{Qje^o<>S8hA@;eS|UKnv4NeR)!)ZKfEz7sgRb
z66rItmL<N1$E_?UoqCil4Y2vKB*k0Bjql84y<%;T8#Wd2wr8+!&uD`bm3BE*o3JQw
zJ`a@G<6{JH)9|tHgJS<3zA020F-@v7w1O^6hVLfi6dX6i>1`L@Pb1f8D`}YNOAX24
z`!_lWSqZMLGH}+XLcV=Rg=1003yvtKJmbTYRNHOYV(n7ByFL_3|1i3-R!V2u;KiRk
z$Q-jn9i6^|HKR^@Y2>|zcG667o4LX0V$-NLrcWdeF<7K8uBvvife=r4^FS)c<Da2^
zb#^Ltgh7^y?=grQif@&3lsRh^4%vpqF2WqQc-={=@|GHC&3BJ8`)Lk$CML)X+m9Xc
zAPXx9nhkqYH2BH@1aw;o^3cHhI}G1QHzwgf(u?_~gM@&bH~^E<7uQO0XUPfymNnj=
zEk+gika=t)JkRZ*!U{Q)8#6Jr)PLz`hZ0)kt7gnQQxGJApM}p|LWf%Q2k^>F8qE1t
z?(fG=;8rI%KQTs7udF52aJ^^6po`ATu?gvZIIVs!gCVX~Uo48zpjQyH7k+X}2xn@(
z>BdO0N2Iz=ychaij8yUMzW43?v;U^dRGw_LV|x6PlRb1pY<SH`G(`<k;tAApTjEFv
zFZE0+z!BRLb_6HNlCF!{<`yn~W|bKQS71{WS=yd`3zzlv5;tp8Lx2D{8T>?5I!X@d
zfdatlG@?nmC3>*xB=tC<ppLZ|f@p47Iy>Ghn)+_O`-k8LaPoyv56|sFpBSKUFm;|+
zi_lz-;b0`UL^zD*is;5lBE#I~cQPQwycLXxTQi~#ga_Dmhl7o&KxzG<(&QjwoqqOT
zJBWnNeuaXG(rP~dxbuZJAsl}cPGWNuf7aih@}LA8(#=}){EzIzm9w}TFBpK6rA8-1
zN}TYk2IMeOKkWbSSid_3{2oFhR=95o)i-rmJ<{x$tN+z&7CFbtGjty&Do8vOeN)n1
zeyhWy`q<{X?$X+J*q=!;6iMZ4j_;yW?V?UBl=$Ok6<IKzrO@8~hr5*V;FqT|{rpQH
z)559x2|M3fH-#=v<V`?B{PQ2iO@%6<c*wUIPWLzAeuQeh-s%7lD)F3ryR4${_URj~
z&*<uqKdXD5sNGOBYxP;1+e-(m^{34flqQRwwX>LAE5`@Rni$Fy-ZY}O_F)9(hQg+Q
zm76f9Pbg%zLQ}OD(^Fh&){_AcxzVW>lW3S=BqBGG%I!nW?Kc+vV>2rPcd=55>Au=(
zp7)%a3JPJs8^BqjYR|4f=i!Cd-kM)6Val#T8+`W|w8aqAaEu%?ZnY926?|P@38;31
z!!6~Nzc)Nd4e=q^7~nli5T?#;h9Vkp{tt<TM6f2}(#~fB4NcjuO(fy#iLAy0^U;0}
zy&lO1DLEOkZkb|zNAyK^X`5}0HrP(r>dhx8_~d+X`_l;|YI;<wPQ2#HIkVs^8quS=
z736JTIhxCF85MqQkA}%-%V{P0X2a9BiY5yHQ9e_sgiXuvCdueHYiVCg8o@@PBb4Q|
z3cHygfwjBC7xq;;bHeU`toD&j3EhAbeXdtn5=s~pTRdHeTP~bPA9abZ4_+zT`yb`E
zx@i5agnV?69G7e0Q_F3RQQN|i#&F%Kv!<ZFIpSx54Gwiwor`eBnBB^UfWoU`Fep#H
znPKG^&G_}ulDIj+{lZr6B%jVZy*@3SQ?^^^^gI_)!$4GI+IA8jqzaYuwex(vXhP1^
ziUkeljU!!EDR)(x#>$#)t~`B>703jdY!hb2KW`f@4-ck7lEV)2VO^sfk9-7~33(|?
z*HRHycuxOq^V>GqV8U%=dmG}rriL?W0>PsWE*E*HjAFikpkKFyjm6Ap&q|{#Y>d=f
zSg2?Sm~?Qid@L;>>ZTUj4HbhI200P#6y;TGR=x|DiO=c10V3qFZ#UvPb0-+S=6zf5
zu^#w31Q;_l@eK@Rz*|3)*)<A(h%EXvGWhh1igx^Q3y#hla8wkC*dlRFf5AM##$1Mv
zm;PU_U<hA~F{kU_LIFRKKIH4SCVB8baF-jY$(yepB%+t&`06-&2)^DsTgq`7mfMT|
zV7tiRM$&qD5T>u?jKrcFH*9_?VP*J!Z<Mu!$%r`sgIC_(XPO0j@48&Ort9uKt}VR2
zIl<3dAsUa!308N0nW0~JIa}?v<lSY61s{*PQU|(~Zj(u)o!oeH$cES2v^Bm9W5xdP
zES4-P%NSu^j_!eKMr)Qz#IfI=DE{ax+*?ND)t)r3OWIRM+xIbV{O3{{x4OZt$AsC=
zna>*272+`=^2oTXg#sek>7Bx9uYJP7%~a1kxua7&G4*}06I4frG@yn!&KeKQt1WGP
z?pPZ0`|B^=7t%e(@XbVLFdp*bcTKlzZY83Pb<Jhzoab2!xHs}196BL8#eY}wq?UEe
zIS8w4hN<WH;NAnEBkS|w)ey^q4J*LkTxFsv5jqONr{!WDo$C&}#mK1RTju^t0_%j2
zCw#~2gISicNybxDUW*U6Mp3o7tvVcI5F4svS&?}3YG2>D7&?;UPo0zIB<f{rHI@1C
zSerHGsTisbElkAuRZo5_b<k`o0uY%%9rauXHL=}hWB|NqwRGUxONEi&iG04Z9G*yK
z1xy=U&Rw+u0z<E&nfxEg^=Ehz3U3V<aJLCEU4~Xhk=wmE&gKX<PZ;P7>Kuy^%x<}{
zGIu&&ZC?e8?Zryd?yRpaZo|88MT4H|hnu5(9><Wu0bcP8fgtGuDT~s>ynF{}eV11m
z%yl#|M#bwjBV8XuOcH4vd;JB7xVS`^pWeuc<4h+Uw@UME(Wf)oZt<$p-!<hq7h~f_
zf)!G$$OVir0>q1Aj^p@ABGr<AL#;~5x;grVrFadsSEz-zVW^vw-u8&I+9UgSMTpxa
z3dZ>rDyGquX$`<s=7^5mzH+aR2JLpF3Gn@>U7hJtV(49<#>D&zY^P3{+S6!2s7)(a
zIsrqokY}J6CDL^W_#<kXSccIReJ_h0s#`@d8xzXRulOauN0=9gKzY(c9N0umAU8=+
zu;1$l2xKx^J#EN_{49x|zMmMSv||>!N;+}?=G@_bgYYbVA3rdz7`xc`-L`a``E2iY
zz1<ww?c>Sp{&u5wpJ_!t_uZ%C0lY*gVEPSU&=#290P6c%xCdYlr#zWN%@Pw-fP-ZW
zjv3~KL+E0;xNBW7lnH2GzKh18Uu1r@ASW0W@s)RYs1O@He&>>4(wQ#&z4tw4{{iUJ
zse2w4_gW7zW~rN{7VN`(9%!k?Cp(l#YWEQMDVd07q|D(CG&bU+QcFAf@Ey6Pa1ZIP
zVyZqM8td$KD^D51rYY9bmQ4)pbNinl#W$`$Vjl-mK~&Hnm?t;R&ConieUB34ksCQH
zN&Qgam@bg1Ol09#>Mnr4%)px-oujiDQC-9<#U_(a5zwRALKAZcwtD%?0F^J6@C-$T
z;i4wPANe$7NFz(<VFoLoY;v^+MLNFT*f9wc2J+Q2X&0RKz3+cvQ%~*NkL^wMDy<#w
zO4u&3^&=e#p!tv)-T5JH%vx0`6PUk|M<1zer2<YDlQGx&8KIE8TaJ7jCSRQCRu{UE
zy3-YFg3$wDO%3h1n?U`=cH(6SJM|mc&!A2;m<{e~Pi`>p;WpJZWu*roOQ~DNYaypz
z6Y#P@Ow968d*I~v-A4Oqu60^FetjW}71RcXbQ*k$xqf;B{pfEWT2p5oLnfrNYLLuU
z0j*CN-GjW*Inu^5tj$ciW!KTm?c|1aLTMq)xoV75&sE>UAYQ_KvlPUoUU)@wpocN%
z0kLobZ;4W{1qQ1YvX%MPrQCONW;u~LPpSu&pRR$>>apIjbPKX9He;sXr#-M$qT|CV
zio`~c&3V=VBh>5^y(UKng~DQHC_XaGZKx>Joc#_VFS{Juuxq#1_-IH<UxFhNT)joi
zu9h9Uk?`tS{v_ttobt!u)$&A|?2e8jDRM%E?IlDeF}mH({j1kjl69Ao40BYFXu`t<
zA@YvR#;{vpR3sy_d{!4GLA(-ObS4d2CBsbaZ7`55zw1)j$Os5a8&nuSx4`Jeud9wr
zFCH*`goGYaq-NrGYUYN`0e=#Io?Br$r*w7MMj!?UoHes(LwFX^aG8ICJrCv#nh54w
zAFz=?%{6#eRy1H}3Z&;^l>st|s9$lwvyX2bjhDUC?vgMj_QTCuavKmhQeABA0SnQv
z|BzBa+jW(7Dnqoeok4*<cc=jgT8_>H$D@h4Eb*_CSlWfj*22C?Y#7KFsXG6hr33+6
zh$A)q?)G8AyrFnZ!xk^o@){KHZFcDNx?%Fam`#EgIH{WgWO*i5=Q0G!>A0&}mcQ&x
zdKkhO5!Hyny587XxK-&M)i1KgJDgR;?<yOw&o?-+>^?4?`*0G+QZNP30IY=}EUO&f
zHui&L;%0%)Y#Pq<5*3UyFEs9?7zZH0mz;yRl>k>lm9NJA(eklgX-N+QPt5%XS(~|e
zH`9>qXe>8<>suyDl^fzdw@4m78H;oO9|)^Ha$8Dze|T3)&g602*v(vNgRX?7Z3C-_
z0m*>4(a7#&s-Y+GedXI~2(ONA*g2JPTnCuz$pFW2I(*r`%FP*|9(7Fy<yF_iN{IWc
z<zlha^IuU-MR=f3k^b%69ybwhjwy2L(CJUR_$-Md`YFZ}nh2<zdCvugvTvz!SmqI(
z*I13tD>q6!C)fFb%$xpeCr83$seca~%FVpNVU7NT_eQ6_>=u37{5g}-D2W7D#7K3;
z&faO>+AWs%q|})a4p*sAsPq~Cg|T^A8YNJc*7H|LC?mCvCW$B&#Ns^K-L4o|!Js!H
zssM_&LwpOyfO2wQt9dScxk*V-(ReM_W-uguq&Z|V@hW|99(9oVu+|*e2vFw~!9r1P
zlaj*`n_VjCN4WorEmSO0BzT4EL88Z-HNpgG4OKHY@LrMFUpx!G*jB%|wMcTOmsc=p
zKG#P*d}?~=A7MHdj!;9?3_%VVKv+{88;QgQfxfxuJ#QM{=iw_5{#Qie?{BqFNb*I;
zcDv>~#C%>6f0>-1FNzV=d@{*6y-HiKh~ac%=pzYF-WBHowT~sT-C&7IXjl~t2CW~2
zvFvV_g)rcgDc^em45r2_QZ2VFC|VR!x@$}Iro`hjDSJI(`V1CGWo=vI42Zr^<nOFj
z=xxfOpL5*zj2|X}scGTF0NxM%DP$hcjv1&MyRY7_UU{fg-L%B&&ENz$@T+2-MWe!1
zdFZ9Ry6PT)p!Rv54u#ys&x!zcOtjK(>s3~+lM@6}gb2H!L;DfouMjo8B>ZAEt`ckW
z0Zmu-3|r63N_Pc(<+T2)ILuyy$<Fc_`v}Ws(AS`(Gxz7<Uuu>_hYHD1=gHWSQsa;>
z)Zh>wv0Ei?^pS+YPsyM03gi!&%{RAVoPstyETTPcKkqtaW!19ig_p|bi$t<8oWzag
zzK@;003fTi2q@gvj0X>)iRt+)ocMnv-w#3E2XQ-&p+>6|6@_uAWn(D221NA<N$L~O
zXQ++o=2O474gfPi%)d4e$X&EEL{ju%CbWSpp#H~%c(c{Wy=5oR&xw~>C7K%*lL;DS
zHVCNGhCY${5sD;!S>q$Tvq;`llQjY_NbRvp%lO~h#8?`mMt0dS!HY^sy`_4D>Rn$W
zW9CbdgYXqC9G@&sG+z_`R7b2gpu-xaF?WHgVMzA|q0kWOK}Bg!zq=c2#cUi9F2=wq
zyNTj#$(-`Hf+*w6StxVHNOV>f4Z7E2Eyw;9nNNqA;6eqZmi2$M>I(R9xTu?4q~NCX
zCB^SPea{erYheWNIz=x)T7?4$!CEe`FU+dg%@x1KE&Ji=1qpEXm9+)%mL0LX74`p(
z0xrZWSvyoZVylx)L<ITwefwG2&;~mfRO(AGUjK(tOW<pdMXE`<;1*0fAPDQX;z6Gp
zqyjtvdGqQWk!^wd%*2{A{QQe2L5ok*Jh+m51=>TSdsOtk9e>%dFzZh?MW6GfZ3~mW
zGR*yI81T$v#y*>GlL+1Pkj**x&SwS^f|`_FY?LW}ESs}C9J}7ua;2NootR4N!8X7;
z_Dd(S=;oa8U_z1ge@U|HFBnY|YF}I^>v!5kU8;7l?9ZZ#HJTd95jD1moO@|g2z`rt
z*B3DzGnTQ^DGh1(!=5-0Rd$MYjrRZgsOYZm&9USjnCgp!L6x}bAlV8lNe12X>$npy
zGPIws$*$YeS8~Lmtg)e4q&N)<zBVH(VFh%Jgi^2lRWuFovDH#J$BfH8wNLbjjx^ua
zK}Yj*?sSz6fcG8!HqTvX7-d}N_-$oo#k!>$1QzeCweEl}$&nkpOl!t)A@=y{%bSG=
zR%LbcTFlPOLJLQUnzCx!SO&<_r`dS|`r{aPdo?5Ik|G)4^=~GU6bZG-bBeg+XOwW3
zzy5b>y+JU#CV9W!j2%2{UwFVz`R85aKE8Ix%BeDy?S)5I>B8&PP`m|WfX|q6_<{bA
zAd`CLE_I(^LD`ku^Qk!-RbqER1eo&Nj+t}NrZPf+k%;4SkVPv_Xr#n;Urr5P!7D9L
zSiZSZGfA#u)=eto#R4wdFZ8|{A0*13e0(rmsB`;XX#RgG>f1pSs#k1j_aTzNJMrvU
z;)dTuY>a=OV>>)8kv@w@PkXLADZSUG9US>+(sDD8GV0Byt!4>(SaJgey`~s!DUnn`
zQ3Y|v-b4clU4jwi+BK}nSo6JgYJV?#thp@1oY^m#6BY7svwFBV(<T2h3Jt4XfaKfN
z5L-;3vlh*K90j!eKFOKuu;$PAd?~G8(rp^g`PE9ezc+?l{@Z%+2ro+Z@u62)Ys7n`
z*=^PnQJn@-w{a3Pw()2BtBqfIV4f6{p6j3sP-;o%m5q(Wd!QXel`xNINg(0*oHz8!
z83$BCIbsubJPPkLqnRVvy!c+x?J|&MfLlw_d#x08f{7hwuynp#D!A)62Mc%e``Tv=
zSL<O_^<AaLKe%`z%xasNgKolEIJdzMk7iz&5y~rH=H}yfwxhZNr<Hsp(G3^oPDk<9
z6K&6UBK=Is^G`&y=?w&s=uQd!EJA&&R^c!`Gl^M9F7+)8(emxheqa=CgS7_JfTZO`
z=Y5ljHC`kd1l(3&UZU?%CJJ>XO@|pFT9tC5vZLY?rslYM%Lye#3wyRIv{)TeZ*Tzh
zq$yud;re#qaxF4Q|IisvKp8wj&`>~f_E>Xw9i^}EdveMz2e7)51imt0$8j_4gxKSg
z{echys)GZvFQ%zAl}&CYpZ5P55>f3jE(=X4Z0o2JwLPygS4>5*m6GyJGWk)m-@RQU
zjo(Pl9lYOWC?_Y)w_y|@>bR`?W(n;-)X^MDdh3;9K}r^@zBj4D`y$q{ZQ(U24FQqc
z`@utRh*~PAEGv$U<MqATK0DSvSv(x1p28WtGCK&lH{N;v^Konu_1N3^ID1D1ABTfh
zV@e%J$z>;K1M93Bwf-i^JpqPUIZTkh)k6|}E`5AVu#K`-c<l#0*VMMODkJ(I*GI3W
zr1tOFgHcA(_{;vbFTqL4>|s5h3JvM2t+7utIXfwuHgF<w&m`|zE?{`LEM7Ma5Iy-X
zQjQ+(vcRiKwXgLkq_%?+X^Wl0EFPv_Y}3!L3JPyu1@ePO+Lr>Q_*B6SJZMV>xkC^x
zZgCBAhqN0Y16FKv%~JI|rZJ!;0`?xe;gCqa+A6T8V{wIQLYM9JIQDOJV-@E-RvDf`
zq>og!O%LUl6%#@2O;AU>j3b&;Y|(-kyO;vQ><Y(hYjG;VN?>V^nEHW0-C&*dYAa3x
zP#EH6m_M;hVFF}-={|wAyYOt2n0tu{KRRAtcx<VsvAEGpBDeC8tqNkA5!YzZj=(tn
zMAP$%LjELYy}kJigJ~3sE~9M~*057HCNc6gg7P}nZL{ue+?l9#fJjBZ0K{f^Cg*@)
zZ|Dq>o@r^<B=!=Z?PY}E=)grl$f=48BseYx@q3kcdh4z0Z?Y+p{VxQqWt4G@%}O0h
zzDM|?jA+v>R?Q)o-*V?J{G8=<ePYh>M&=!`FHzIo3f=<Y<DnjM9bwH`gvC)AN41%C
z@({h?X(|eNP8l++gk9}71h;91EL<M&#c7*3d>}#SFAUP@tfmZiaaK!qR%zNDyQ;JG
za>u7p*Nu!~wJa4Bn9H@!hKb}d+sB{u|C$|G#1GD4T8;;5e29WyRd0vF76rLOtRQFh
ziBex-;oN)a;ptJZ3x^h}(6y-)hi>q!$G(AUf95Hj7f!6Mnrlgz>s#-NX?x_Hs?X&l
zuUbnfOH(i$a=LoKy;~$wia{}Hv10A$SiO6O5_jGbH4aQ!SOExbN5=NBYb`Q{eIRAZ
zHS5`-@gle>?=E<z4B2f?oM*RzJK(=?M$U%&`P8Jei8@H9=talo{gns@fMNW|ELy0_
zWBcjkKPyl~u%j@zI<Xb@TwUo*ik4^X1EF%XQ9jcRWLI=pL+mKtB1`l#lKib=8liqj
z=0ZxAc=L%S=SODgv5XmY=vF#G9+>oRf1h&l@m6rRsgoSeqv@}SrKh?Ghx7gr@gYXN
zDO(-|yeGKzSZ8E?q}JS+!iQ}(zyS3jj$Xf~P19M8%nL*W+5lmGC*bv~u*r8;WaN{Z
zidFJ$`bOHnbE}uu-QCWig;b9qyX;~C-(}BaFntnNzwR1VN6c850@=yb{D;8x`nzDh
z%&85t>qwG*N);ao)HXX9A-TmJz^;(uMV{XcX>8pCqso*C7TpS>SC2&t!B&)f6=gVo
z5gF)g0!4K)YZ2{gXy!1b_PT{?{L+5NDM)5;O-u52Q^YiU9tRTDX<EDT+KT+=d@R(1
z-Cbs&EC&~Q>oQniF4seb*2f#bsj<*Y*-*dZEvx<)?Ss*ywqu;;nugQ^O!t)dSpB^%
z?K)&I&@R??5-5LSWo-;_7mX21qz{GYyEE_{_RjinT|R5$4TM5f?Qrj)=Hg*|cww^l
zjSm=rQHj(&e57jKL|(T7BSBCTG@+p0sC>O_DzQsyp4PZKvmnb-ss!P6N<~nT_1>=u
zprjHU^X!55`Q;B6m;dI-m7WhzVW^jhLyngalzb^Sb+m<t#yT4bMSA0uw{4Mx?F^4f
zOAy_Ya%BLlt0DY4zE}8lfT1r!QM3+(cn`=Mo!YA32)j65(;Lybz0m9CiFp0{0MU1+
zTo8!^v~G)r#n~mtt@3Xns7AB{JBSdP_(8|5@qZ}EGt~l4>P*VcI11YT4pwy~&~lff
zSzUpQCLKr%0%}c%FF0z~eWZY<YwC`q3j)Wvh9vR~U@4*`fuwe!;gU|>;@R2+q|dy)
zFt0yw;?J0$4+2Ldd7;RutX2JH_(h@=j~o-C@k*+wZJmRG?yKxwE4blm(lykLwEWmS
zM@LR@khqm}z^`kP!sEeVR9DgJh0w61Pn-B3KN+E3x!#RCVDM3N(jR$UhQXF!th63^
zyE?f$OhhZr2jd`<{QD~4mnD7c0`tk1DX1JjKe$FkR9@A$_3dwVov|8uh5;h>^55#C
zLk^i^m%QQ0Q~a0b6=*d}VM5}2_q4WHP5}Ny5IvyM@vBtZT?FCkG33mB;b7cqR8*}j
zazS!#90fk;p5!*_wdZ4QIO7n2*NNrGJU?Lrxw+`lp3e^-c`pc0ZT27{(Y;VbF#+rb
z?ebq<4>S^*LL1ryxnQ6^^h>0A_swk{oQrql)7F1M2iQTE#qn~O4rjXeX*lrVvs6Nv
zLa>=PeVz$zOHnAD-?idOdb^=ToLq-i*>GQ$JJeG9iVlkw!%P&f@yn0iiX--bxfhPM
z=AZ!YJu-fe%V=y@8RB?77pNPK$~yvF7qIuiJ*GPE8})*|t21TM#8LyRTRqjN804#;
zx)X`@?RZ)akgv-v@x$DKuXJ%WUc+(%VIDHDI%T?<ibw=-$B>WC$4#hWB?<|7R^^TS
z1A>@{N(@MgWCZ)1c54$nBZ03ath%@aq}-~|EGT|dKlJ$;dG|BvC8NO{?BQpH%!OX{
zu{K{FQ|<<z`2UlFZ4I91t)`)W!0I&)gS`6`mqZwIQNV&9D|4s3`XL=`HaDUW5`~IO
zMQ@?Us>-qFhUSEd_q>6z3ABy)!K9eH52G|R3d%G7IrN!ofY#Ede_u{3Gz4|^!`cp1
z*m3X}Qs+}rrO%~aJE@##UthrtT?2LVC>T$C32o6L>+vM0YkI1;k>rJ7@$SfHfzV<c
z`aLs>|2|=7PmKoESVE9itS|K3A`jlLDE%Pi!uh90#3wY;OpB@Z(xR|ZSo+LFQk!a@
zn!LtlxSUdkC%8=FFHjlo_9*b4wb35w9S67RkZR!WLS^1(HK$=?N3nR0%DQ+f#4Cw<
ze%a5zMbqhhogubt^AD@4IYJjOS8S6)YRi;6b(~+nSy)N3p;p|BaQM(3!Il=w7B`Hu
z?5<T+^=kO5;zIwh{0B1JKtp~I^ec`K_G>Fqor7!L2z@1+)#RBaNezgs<~`J8ab!QU
zmsy7~{1ab<M*BX{?~sW5n`0a`H2cU<9tEiz)U$bgZ6PV-yqU+tO@4-Ba3ak<ngdm6
zUzOHxzhX05JHK{b8cr)9D5TIAa*QKimmHRoJ=_#O&^I>ZU&NaX?&>-VFUmiki%zc#
z3`v7!XG`L}vW7f2YFF9pWqvog6Jpmx+0hzaZ-|HR(w|$`gX@#c@$;L8Yb|{AM$DPN
z6pcAKlrn-Ykfb9KyA8Ebs~Z`^2+cka^mP8vtES7+QY^|$n+q3qb#IoZ(OYU^9~Ng!
zebs&x2Jh+a(#^exRl^e-A>r4z6IxpCV6Q9wlwd&%6S}-9!<F#D43X~%(Ugs=W6gzR
z{ILoN@{T;TRIvJ|Ze}&yEn3SE{<uzM64d(taKv1uU`|8ta1b8uwd$_p@NDOx=QvRB
zX>$jeCyx=6wsmK%+Qjn~PGubrwlp?SEHYzi0nNl#u*QXUXL$YS-2;n3bw3{SUiOR5
zlz5$HY2&67(;gb=?|rTsws}Qw{D`H4zLfJfq=a%|kqz@Sd%IQ-!AS}uu54AU{-bYi
zWnPL-DV^|v&o*u_<e6RvW1HU`L3D6ZpdRWYCQcrS#7F29KZIE?M=)natw#;21x7jw
z1Q2s5)@M5^Ce2W*=Clt?*$$NjwV>G*OGrkQbLgA=JFk8$?_2Qgu8heY=pZ;j3IUKP
zu)j1Lx;fB8#euE<^p$;)Uy4e7KS!LtamIVuBg&uVgyahq2bz1LG2kK)MxfSoA+XeJ
z4c|s~2{?)XD&w6PcK$A#2*1KxNCx>IUe`cBRWx}C(KHGnVcg4&W$#d&C*mN+oH??A
zzVSS6=T-Ckr1VP++N+NIEv3B7QgqRzyRkj|K5#5w8^+~8wlGxu-&4@?ftS?PQ5bV)
z*JDG=M*I=+)_i3~ESTqq_HgxF7I8C1KvI|N7Iy;Q=$A5c{p__V0Sks0Sz^B03bVUz
z1pFRc94IE0YFJ~x<>|fvFwo`wJ09Q%4I3<<;o|x=MM6aPkCH?xg>w$wE<Cc07WxCk
zNcJUHT&pH{!%UwW+k(L-k5wP`OynM?>)~TJ4hJq)J4dO<NnH_grX;?)cgyd_Jazph
zELX<Do9RV0^B1J3!E&;voH<tsg~y<WH*m1Ip`M+kE#Wmi4z{ED`t1rG5b>md0auD|
zBTgmktd$f|ypu_HFyK`{RgLyp_v$^|^=OjLL-;Oqzo?#YTAl42CB40`Yl*_57qy+M
zi&YvBZO`&FxNUMi){tz%OaZZa?EN6%*hw(1tRIPADsd{>(vxIC%!L~f2}4*XLe#!4
zRHHu!rx6VOB6c5yM~xErVvPb7xSz<Sud@QT-7UwiK;;A<5~6!Jl`(Y1)NIGp4Q1A<
zk{*7g8;mK$uZ4Lh<A2Vv(df-3ewt1;4yZMhUiVKMUK#^1YBS+cf+-{vg``#n&s|1I
zNIMq1gbqsSQSTniU@b$DeJd3|)_g~%Tsw)<)N#US<<%iLN5oeB#$Y59&hKLTLi8!g
zb&0cMKKI(?0u~?#!K&t{i_DbdiF}D5cuQ}sBNAKbyeG)G{wT5wpd^t*T)+V#t7{N0
zz`xAfw8#H29V=pT)|d+M4zoGaC2ZOUT|n+{Pb3cb(FOoHJc`$P7nrJeTi&^4WwZml
zZ0Z(tvh<)Gy_)K!L`?zuu{gmmOZTvRC;szfC@mJ95+_qSbx#O_akY^adA5QC$ZAh@
z)Y}U%PWx9SVV)q?^`Lq*GS9Hef%QV`x0nkJz=SS?m)!;;`3B<}(Rma79o*w+jqxV)
zT%tSScHOovQJxZnQxkhfW`v!<6%D*yY%$;yWXpA&=C>$htQ2M+$kIs!VQ`{kfd(s{
z$UVj*I1wkl*|7B$?Qf(A<e!gGGtkBUXNQ1qS{(l7vzF|4q9Is7Ve8*$JTv`O_Bt3L
z#0_ds>ZEv+1wGiG*|~0iw*_|n1yRy#;q&6kTN<(Ob#t6=b8aUGu}w}&-Z)zAt|f7V
zwfkLocZ_q^*#yTGDe)_Or!Sh#jJ^KoO^7Fi0>vkyY=lQ7E!bHj)Y{We4$~)0qYb6G
z{wLJFw2iAxZwb(p&etVeITpK>Yh6L|)4qJgm>MHcaZ^+v5RuQBP>Ymoi6EC;3q|_0
zY+y-bY_QBd;c%>m7smS#j=lYf%9H7UdMN<}I}RD*QM#3?ZLvGAi7iMDQVO$Yc@jP!
zoEywu(<Z?6)!>=UB2bEmL!x>fwvAx1V=(uBgQl(dk|dNt!W$CQh(QhAGxJk1NylWK
zYqLHVIE}u_m_5{-OT8Np@?4g??w9dp6_?tWk?uSfQXTr|5zX&zwx-4DtsKDB9o2q}
z3f)C(Cz(cb3ixqFg;K-rgkPnDD5`RJ9;qv!v)WrpDOVO!2-+l^!&pg~0ZTG*&;8zh
zN^e*=$m_OxWCZkaeeiRI#~@jNP|;(zom#tKck7B{c6rST^TVRoHi-uTzP2HW6j`j)
zZuss3`-dc9*o1#U!fA3R&`d1_*k^chBQ`26kAh!z@-t%sM79QgeMuf&4`?<JH4sCi
z{7-*<S;I3FQXa1X4F;au(~+!Mlco#zw5M(<0GV5`zv<2`5~#nZ_?$LU117Q{ZW@)W
zj}nf#^OulUQ3CZ*+?89CUR?)8%nS=cbt>#G<8R&@!Rb`k?(My`L5V^tHY|w6E6AQg
z+w$enwnxt0SKkdmc53<I^pkScyEzrZ90S>@2e2E;x|u!nrEbo_NPtqtFk}f(tDwf*
zmV$S3Mf^C|%f#zc#9=}Ha(73)8sG9a8`#$!F#eyzWq^oYyfLc5RUl{NCuZI(i3$rE
zNmhgG#8fC2Hs9ZgP_RwrK4wcY{;Ak|MQC5H5wMY-3wFI5hI?Z}^s3iK19?k3?~5cT
zuM9Jn`!}bQ7%eY<e=!uvM-?|^TwDT&ZXmY@Qg~u*5S(-&zNqJ1w}h|zq(Q?C&)5?0
znbCn2f<GDBh#-9qk%u7<+7%Rwj}iVyR}pO*w4VGe^;!quVe)~&lQ(o0;waRnEDNv~
zWvyE`0MKA;Tr`sAN4VJKp{=t5>{_NKtXAbJSyjB2hJMK@$RSKD>rkzplnqFc4_lHS
z(R~RDSziP^T`uR7cN1mWn|UcawtjMbUHHXbQ?=bfMUo$5@P%ETe;CgYRP;2KPzK!s
z3kuH>*{ue597*GVzV+vU3vSunsG1aehfN5VjZANF5B*OdF?n!!V%^9eJOX3XMvF@k
zXlVaTd5kDl@!~46dYCzs<eNLhl+x9Aowo}GDflr@=3)MLS5ws*U}~vJgO3K%IHzpe
zMJ;}3TRiiNE_XL{5hmJeDsJET1EsO!0r#J~E#SWoA;eIqe)8LCG6gRl-Tcna>f7S<
z0|!g4oov@IE$77j6fpxh3fbHq>99?2ILKqfB~p=Aj{N7&AFDuJFQb`<C=MAt&z~+=
zu(?Bv8W8~_Nq#M`v3Uw?vkbiMpYsiV=wZ3Wb-$kAuJKqV56`)Lh2ndKXMsgkX8At#
zpcPb!dJ{o)hg~SJ1l*mzq}k+?Ld5myGMqZd`F6E^ZN=2l=dsu~<|UN>y+D4Q518$e
z4*98_od<JrF>ch9G!P10Un5?+LG{9WG)?LJ#k3K@xj+Nkt<eUvEmv5#2^cD<S*js3
zje67)-V%y^*Js;DN$z+CrdupkX9`3|(ZG2#)0m=ZnW6#x(VBJ7oV%n5P^GKJ7#a9$
zO;Iy3Ys|G}SDBDrfOt(MjtGoKsq47YQ{>FCH(+$AZIUy~rt&fJp`(<k=RSREGf2zD
zMMCEf3oNi6zM_i@l)gLn?h)RcK+?FwbL<HEsn0nbCOEKb;B+%BroCl=cc%&~+@X#u
zq)*a}JxSqwM_~w!rh4Bf2AM3HRhD=|AVcRh=<U32NM)0D^+kxE(53IM*uB@z6T<=|
z{ca-#xzjGE?!J>w<$ShBa2$h+vu0Wm^lU`&BSfD+XdlnOOTqYM+>z}Z22ECzQ#Y#~
zs@(TQ$wb`#I`eQ59tr}g<Bk1~88h$pHbP|g9`sn%x#93<fuP0t_LIIR?Piuri~>`B
zcHu88epR2~2|~@?cwIYq8+IeOWU?S(wLxL~hYnk-yXq5l&K;6A=(K?W_2x_#&!)xE
zOKD%^YXj{3@yQ@Ux!ot?`r}@DEz|#1y$ap{uptGR?%Av)ZkPAybFB8tF>%jw*)bv`
zhp51ir>kU8e-d_dQ~-?c^QOLVLoYY>RXh7hc`kug)t%OoW@A%QIud29u6e|Vu0Emv
z@q}TyccX(y-oYgqT~vEJI4s7a8m8IOYLWuv|J-OQ&au7DbqdfpJ-?W+@)t6a5-An8
zs)o<!Va_kA&=%qSZ30PL8)FpNTe7%;9uXcXoN*{*Bb2-6Z#th%;psM`F#evZMQz*Q
zj>7-ZQNzIR2qsyP0CPfh3~X!E=W^V+G~Gdsn)h@h-?d-2U}hSUzoumpuKz_G=k($i
z?waH0EhMvNalim~7!x09J7JyqZ+U;z4n`yk4KbP<Kb;=#Va_TS^ScpRDCEe=QZTgh
z53@&FB1w|2a(V|qzWGz-=%E%Dbv~a+O*#r7QzF=PvSr|_P(o$n!Ev#YrVVS(5Y6!T
zSOx5sZaUZ4&dSH0GZbZH5(g&}bbZUjmjwhZVRim06Fq0F=h`y-<LC^XI|=<ju`gEe
z1!?@QtU3BKQcLLEcY_)Mbn*u438ah@(pDUm-C&2xKQHDlQRkP(%}RUv7oVYP8HL_9
zBG5u{KR4Q1`dY`l1xw9{X?Gnk3W1k^n1my2cA@5vR2i~n0G_kY?MK{%$z5Z=g&;7a
zM0hxqud${LE>^Z{J^ul!YV=n|1xb@oVu5q804k7wnQ!<DHKq-1zKJLwCx{X~hsiPI
zG)k*oPsJkyI|glVON^oqJapsrUu;>EWuYj_!sR!7SncyoIv}j=zo*~$oxzVLX#J4w
zV`WJ6^VpN$3eOkT$9G79Duv;PLL72Z{0El<^3HEX58LWPhu<Y2yTiMz8aKMoa(q&A
zf~n~jY-XeGCzt=%)g(ko1e?U9VtX}L;VZ7%9vMk_12uQ1SIN5VvRXKqyYNnMJNAoN
zDXz~yKOvWiEePZhNa`h@iLfl0K)5w?Ymb%H7|`$hk+$NGr*Bfyl*EGcE(05NLXDdQ
zWLC6Suf|B?(Uf2^#iw+a4J+%r2Qf_4#S@Jbhe5s5RAE79h+vsAuH-Z`=RHp${z=1%
zM2Wqfcud|L_7SUnh{Tjhz?sG{^444$#$+dcgUszNA{O&2#XKIT&>OXTXVHlaxR_}2
z>wDp8r>ZXGFr*60wxsg0xJ+GZ&=ALz^@9>PyV5~ou<`2KJgIc2^uOd@ThIbkr@x%k
z2}=mjSBQA}q`@WP$Mj4pOAx2e3fxSo9ahZw+YmLd|8-Cl>vvGBic7G2Aa4zeD_4Gf
zsh15Ipe(ITaOtF101)UE0p*Rg%SE9VCf5jhx<8}<d>UCmqU&`pQWP1|N59N@Jg^oa
z8CnoU#d=i3FG_m+;3z>riO2XS&pS)i_v>uN=Dpd=W_VhG{{NRw2xdF{%X1y4^5a$<
z?edwt6Vxkb@(C(6c&;Juz}KD$BJ}XddCGfnmhyLtIj+O#iz8#gci)~j+2=%wM35@a
z7mmnRsMGA?S4&8qnNFy@TuzkBt3zxoeI8#Bjg#Y?V%C~N{9QR(B}!_)AN9AEZ#cO!
zB`~(CbRMDZRvSgCPys9=)Po~sMY~2dwI!i8*uu3oBIzkga}L_@!<Fep5>iPh@;8aQ
zq9t$j04-cmZ!zdyl6sSW_3Yw<ATTOiAe<AcpI7d^mMntdhQTE>N@1~@czL59#jJ5l
zR#|`*ElF(g@AT^Xo67epA5x5ijf$>Lc?EepD!M}t<0@{aG*B-n?VXyN_#E;{bi;Tl
z0^2OL{no#r1~7EB<xL#2<Nx6^MzYm_M3uhab{hjB{2cYfJ_O$JGGKHJsI6z`_x*0f
zU)=gmrzX=?S?{xPs&&nn@?HWevX>b%$Pm=d^TkJBw@DQd+l2a_6-IAk!rNyBVHyRd
zCdd0F{%`J_d0-{;meexQT-u*~wh@^@2k@bVWZ(QBf>lyk!csKs3Ma2>;|S8wLaICy
z&Q!*rX9GTr-f>7^n?$BxK?eiA<LykjDR>lM?HI@9o<AHg4@<^a5nV()EeiY5ozao%
z-Y0y6fI+q=1mL?v$V^ce;J$8VtQ(J98jupI5$z&5-ksHgC4zDc+W#94M2N_$XBcll
z{RQepe%t4LI}Dr3k)Yn2Ju4~pzE%DfsD;FdviR?bqdKxaGKxybEwL!|?_bU!$T=c9
z(XD<<Vf%>;rX-5F+jiFt<5+CEv}!5oPT_6)BMth7{Dzom@TM&a;)NblfzdAKEbkKI
ze!Xwl&u2aH^~Uiu7G}+e-sFsep>=PchtYB*WpYdCvKW`{?xnL>FFR~gvTF9Khc1re
z5Ebu?S)zD%(45q6R1;u+Ri&&V6<t-e@m2Y$g)HB;R6Lp$J#}P04bbr$tzqsGa7Q!h
zJ~ZX@2~%1M-8Ldj*}*571r0yB44JSPRxxGC_9p=q2F)~mttMjQis#uU4Ts)&vUf_t
zTb-%Lwok|f0%-L;&HPP%^PdcyC6G7hmRu^C$=jN^FHTD|J5zBJ1T41t`2brE^)7$W
zasZ~u*p2gKoX4!lYh8^tWf%5aD(JX~R&o+dNocrhoZ0-g&5{j^UL2-ugq3eX+3zuw
zR0k;}WxQ%zxO|YAf7!wBTPSyIG8Q8{j*G&(_Km;$Ua{5~yw$s%#4%0a6RVJst+|8{
z-+0xG4F_++WjgRy2*LoXadZ4qlKT14mZ7aHCKl0H`WcMn#iSH(hIcrgL3t@<W*X~D
z(?xKFMIlm@f2{9W{8W#Y_MLp)&iIQv<VCQ$PcULK4f!*|i#nN?&R7_{J}37Qh_oh!
z`NJ)Y*!{6GJXq++g^#5Qyp{;$=?faYiX->GWq)DF6r!74!0fV^m0poj@^@^nXTvb<
z0s|)-1g$zy@kagcU#kQ52a1mTEMhukAI1u<{Ec3mK45V942&~S;K37Gf0sT27=I_1
zH7^7j=trKCzGH5N-bcE0ob&49i4wAH1oMt_<#dB9pOv-!yy=h7`*T%qPD|4E)vc56
z8+8X!e69TiYkzgBwV;s4YwMRbW}qq9CvPax5uU9QknWV1nJe~=zH=)Az94+t26nj0
zxm<_V6G6xNNwziH-fMMUtKx}!8Ra<T!W#6^^a2RcqUIK(2!P*6lvlH7*^m`mD&G%Z
zQCuOcInFk)5bI5d?Wx8J0P1jjjufwTbDz8DJY8s{ujJcUx~H1@6DP!^k4=y$&%p(0
zmf!SNebMsS6K#+GR^;!RM$~h`W}`msGP<)rzC4Vvs29mV8+(-JgE{to8N)BW{K?*w
zPS6)A`XdJ;m}BGl**bQW`-}E{;Rx;JO8E;l-@7fW3(8#WR+ZXbH{YWcMhmu131w%z
z+DxP)(8JRI!T)sLD5?WAPV*3a%P!~@+p_g97p{yuutr^OaXYvZZ1j^T_BKTYbE8^-
z>Jwp7qlRt&kS*0QkKX|$rApv8?_xUk0ng>y+`XdbK<%-+lcSW8(8!q;()1I~()5IV
zl3;i_F4HNLjxOPeR-ZsDxb2NRYN}oXxBx(Ekc?ikO4v*oD@whIsqv!V^M6>UT=2Lf
zQ7hEQ*dZ;j4V>gOX=5e_$TmJAjgrgfV)ZwSB~^o}3Ll0zKss1vt{;UWO`ekoZ$C}~
z4hkfYu}&vVsr!Bi_jYcmLB6ETdNR?O<)Vtj7C7|mjPWL2K3-wmTPg62ks_g(M6@JY
z5vZaDh>oQMSV*Bj4gA5It~bgkK)Lsu%_*oF?@p^W$6GjILAC#)ZPA5iM+(fDJ23?R
zI5dDzbWdmm#OjKbSDm92Xv$r46Jxf(?vHrjtUO~g1l8rML`38_{f0%{zZH?u_!|qb
z2eZSnjK!f?=Exp>^>-L3m%Jx>IB~h67LN}S;3FqU)#{pXOfrOH?1+`}3J&!tflD$H
z>DUWRaquni2C62U=Ul7Qj&5Gf=z-#sVk~N!?vFr813#O6;@E}?B7b<w>)**^qH0yn
zes?;ri!hyEW9Da)GCkLGYVWvRBZT9~G*Xd$b%wImdrpQnPT}3s9s{xRf0s8xr6MX)
zdZfLrExy88z=hb70`qoDuVA)zeMl@?aDhdYWdS9_zi@VxC`8sK8=N8E37o)vpOLpI
zZYB3blq@)s^OMcuWe78Eytlf@>z)T9`An%tyO0GX-~lGQ6Nj|pRwv^%JuL<$PCnG9
zPM=?p`pdhZNULkK5DSdb)V$!D6DE%NLb^+M#)kQ1obEqUy42(G#KgG(`sX+oE?#qZ
zm6RS`SvIzSGJ-CX-qTMZZXF8D661xrUUCx`;XM5~5kXc^I8(j;@g5qGB>s$-xWIlQ
z)Wzv6Hd=P<4Mg6ht?TEbR*z~V7n)J;mgQZ7NK$>cgQCGxTVBB~_b`<V`Q^KQ>xgiP
zeNxU9aq%PZNmm#Z_Ivf8g-!`8GMDk_M`b8!K1gIs4v^IQ^UG=M#t4NR{CELpl=jgJ
zRRd)Xya${hzBP8pK;T3CH?zhtAYHeDgWrUZ1JMW)4X1H#KT7xw{`#VO`G@mU$YHk<
z6_)oYnA2*7X7~*a>{D0T`}hH^R5%ypx{9^545t})4#MFx=jqJACAx)&;pegnV{Z^m
z_8!Z-Q1gR?M3v6Lr`>F6b6|04UNB@|`I&cg2R$l=oWv1|$NzM!Wg49&qb7KdN=as|
zofcv+mG^shzc!A0HnOVIc|W`i>M&ibvW{;Bg^J`lO(WfUq#B811-%5}L}_O+&<kni
zcIq}VS4}XnA0s3e$Ijgk1CC~9e*0h$;R@0s2p{w-cx1knVM~h#$4$imz?U?HrJdsG
zQSc6s{M_?lmY;LA04K)g0|q|ZxFu^8>~rXx7DR225y)_TgUwdY7U&%+@vaUT0160H
zqyzUfxIOqE|Dn6IF~W>pA{h8LP=9iZ;lCeh#S5R9SSdVU>G(q`hH{=79yDS~foA_S
zz*g*y{D*+!RWAS(ZZzJ*e~^O3tdpGTB?ToIf&y!%J>{RUP`{=QNqtHAKEBw3Ia+7T
zJs5*mSn%0iGYyJCNK|`xBGbg&VaSQd6Aw!a>!Cv)SLeTW+9S=6{t%^@<6Y3$9lQUE
zq$c|Bla7ZahVM`$(l&hAa?WOYFQ8$UGEY$E*mgY^qlf$_<^2ZRa25uqL1^rOhwu2y
zNqan&ea)q=m?$%zv@|3XO4SAX{BJZ5<R14^4+Q!o!A)Q6xwq{MXt#9E4A~*V30m{x
zC7|+X{<J83il?pmx85vx7R5j)-wRjOx#wqpqe87cFmx#C1JY3~!%dHKS2`CD{`vQ=
zy(>nRtiPk=x35o~v^Z=Umv$U89E<sv^5{tbe1I&lDIBfBM=B!ai@d8nkzcV?bnr8F
zj@Q^<<ZRZlY=-CgK{Rz2MFzkwid>_25&EHsZIYPhge&$eyj!g2$tp?|Y;pPH5g@9-
zendOqkhk?Y8|Ix$b2?I#5+v`PFrV7*JC(?bx+qzrm~W4!(Cwm7;1XgOrymc9C6<mj
za#w~}%$n)}k`?|Mp5>$`BIW3MhiGrE?o*y#wO2AL$$;?=#Dx)bP25Rg?^O<UlcSvJ
zV)Kt8Z#mZ{_xGX@f7C*e0G^By>Y58ZT;dVeyCa)|mBy}?>2mX~yy8jO>T3@YwAgVF
z+NC6^A^x*#7XkHN^)OffY$7-*YRwQLcKH)<DMo>r#i?70lD^~~JHE=vwqjpueZxZO
zV{Wx}wG7G93L!PiWf)TcoWxyN$prmoq*Pt%t*aO!3;l$o6f_x}92fmYso<@Ye~4CN
z#(vIt+RfOv(mbZ%m6aZcoZ^Q^e)zR&S{MWh)NgFDG$)dFl<at0-))FbP+&anD*7Wv
z<=?<F$z+D>c_0}z^8G94q~K|rEC?!U9l8*{jI9~ApwV_;o5%w_BNtx>l`Io$Vqmaw
zzH<H}SE+c=3pcx-l~ghYOM+^4DsgmF?!@ZYwlZ{vJl2m*aGwF4<5>rWUDTTWr4%iz
zg`<-<$c-;{2)ed{?;4g@x8I&load7(?%=GP5o19Ee=$Gplk<JWb#DWe(P?T)37-Oy
zt#bUk#v-EV?&|K4+0aMml1B5#sO}crt34@_xTMp}%~{`JaGy5^l-x(*wN7p;Q;K-o
zp=t=l<Oj-%UiWWP@>AA^y9XDu@mqsDp?azdqJ^z=e)Z!4+h5WHW~`Dp$ry;u3?~?L
zkRql><*KCi9`Ec>;B57_KLpRjC!!61TinBPi1;*J{8!_pP%Ovt9paqM-vp-o|6p`m
zWMXWQdEj%j?05ClyMGdbW7kgM@~cBwdGbKsUi*<QlQFhTFmo4`X5%s#EDEilG{3Mz
zF7BlDKC50yqAeG*X&Wk*6j4v>j^H!b7&@(7J!PL+?DEak{1!mO+h?vZ*?_=}xRJ}-
zd1Zz!zX^01K_5GzZb91oHKUJ8$7Y&%PCuaRla>{ZaDaHxfio{wkXKg>sB`2U52)fh
zJTcNCDAXp5Aw4-i>3<yJSZ4D*aof}<RO4&An8zQ<z9r=acMpR2{LWDr$mLc-GG@hw
zuTT{}(VU0ib8Vrg2mwxrXmctFbps)ld*ZE}KP%3UTOvn+rdbuZP-V`!^=%_|8Sj7u
z^~FK4;UT2Qht&=(F+|$n``RlKE6}n$0rpR1#U0@A#JP5w_%9?YnHQMw&O_&f2w*fm
zCqBL%ECuP3QQmyY+<3w47^NzyhM2Q?FTBB99yXFfbw45Zl&!t>8OtX-Ixy_TFl+)J
zsb!U&RsAw9^!&0C_RP;YX7t{2zsZ17gxv9rIZHN1Z-5k5lNA%?glw&$dv+sKLGP_H
za}3ZaelS6`_TIn_!`@YF5&2vyam5%MHpN#upGS}|RHJv<G>wmczaCqHr7#IrrVc#i
zLWw7c1a8&&9d`*VJyK?gLj4#ru+4ZKm8TrMa3EY(Sq%n`bXFn^wZ%ZS_DPJLdjc#C
z<eeww`GiBUkB0V7yCwzw?8GmT-Wi>U0^|BgT((~A-tQm^HPv@9H93IvXzBn36OShc
ztynGI<p7Wr*CE1`DSY~@(xH1`m~TO=eQ;&aw^P_E(*4VvQ_``oUU&*%asaIjM?GKn
z2sql-N&tG3*1b^bE|XR?G(eCQHwz)RhQR<U7yzJ}Z5L*@jw3k!Agdk<heK_E56vb(
zI)Et+P^j{}xc>XRBXiDBlf{A*jnBYUe4D>Jur*JnQnoLgY(Ll6Lnizn{=-mU=uH&L
z5kBl=tY?1cZ~ijQJCg^br{Z&dJC<upjQTtVK{v>H3n|rBn>oh+rqf$|E>g9B8x|MX
zVPFu+h|bVxRo&WGQ`BL$IPwSV_`r?*rHklKcix*_k#6_gQ_CF<ROY<7b04ctcEv_-
z$}q|X)a4@9^YH@NY+7E196U3pJzCCug$+n7W|0UkvyWqvNRm_!0uRx_va>BTkAC3S
zr`f@&78+N;No0u8Jur0MZNt0T6pt%b-EOEJS!a>LU{y6G>NyYtZk8PUneF}kK4#^5
zQ<#}dY3k7tomZ;NX1>IUtrTLb!=SWovOze~O3Y^8;Z2#2c;LBErfdK8bQj1-?pzed
z(O{lGmlk>aw1um*+B^C^RyhLP$mBT8UP4$xI&S*D4c~#U6P*eKj_>!ZhYyX(9<zVT
zm!xvF=r!jPRRc^x{{so9|AbERjWkLOJL4i^%yw@dySx#p7Z(B}d|SIX(yd=aw1+Ad
zz>mb*o)Qk3wTv$|P^lbtqV|@Pm{H|hEOWB!q^&d*t7l`xxv<ZI+J^qn__n^rzWZR3
z0);Fb2aY5gu`6Rc!7LKLQ_DP_ACAu3$gXlO*&bg`@PpD=v(~s2phFRI^K!FcAE+&y
zay?qDI4hLr`*hQ_9=08Rr~Miz)b2a-g3*Nh*Ps0UEc{1vHBVse(Bw+z_nxZ=J%NZa
zL8+Qz=&YC3&Cxw4&*;8BlP6JgXo9{s6h5TK5S!gM2vI5gu8XYL9@9i~f*BHVAtvJt
z)!R*5SXt%tt#$b%`tcfSC?6MktT@frxTD24V@1xg{w-mlNp$l56hDG$&~?7aP**V5
z7MQ<JuXWH^^Vw%og*yqII;rz|Ix}U-XD8cCR9ZSj$@T0UG?L-|W6+gxgUBiPYxB1u
z-m6bwzV`~;B0?HUKJ2++`fFBmH62hgzX?L#u0Cf3yzjbXya=p&QF#m8w?h8u{3~|~
z*N@Zioi9nL_UEby8Nq=J;cFBaiZd#jfX4kyI5m9ods*X~YZb1S6^0$_!Ra5Txusvw
zmz^gH(FH>1+jR$q(XdC7*9q&u?SlgHX>O#{XBpzn;wT9J%hB}KEFD4`$*AjQ)cI$0
z*sps%=6GuuNB*-5Sw81PoekB+H^TR_feZY@cusDO4jVBTv-#=a{R*e6Wa}#E=p~Lo
zf&kTM3u4952pD(wp&7l7<1);>&rUd`qSo1vBw!>=0D$;He+K&vG=~;Pef;)Spw3r{
z)V|c0X0g4WDezr6->Sn0j8ssmpgF1Bn`O<GNI)uHQ>{uF%2;_0rrpss8vbNGve<T+
zY_0o#NP7-%O!6fao;d<c1O#N1x&>q;wW6P9Uk?0pw~Rf6@I7jK*0~^_Yg_#5!UT~e
ztJ>uGL)%jHq`D83$gW31_46OrYYVY~l9U=j;N$oSpb=c78s;*4q|e`t#YJBa6mU2I
zz5F79m0RraYm(z2Vh&3)EsyP!bNon%bp`#X`WHRj^W}2un{VnNT)0a7GL~{;ln^8N
zRT*vZkc&1GcD0l^skl-mv)qrCJ)lQJ_mKq!7G^QQQ_pgw>*2g`=dKSH!=>d7Ni)h1
zu^egnuzsowQ}e%ZN5F8k<iyj9hR?`o<U%@7MR7}KUfC#dY#OH52~!>;#Su}uc1u!V
zo4bE{<}NdC1?p3^Iz)1t{gj~0gj(1txgu34Ma1xYS8ePfbpsuje)#_`0`b_6w=L2j
z$^!KOEBNjv)ovhatF<iI)oP}V=tOvMyAzM8hX_-w&6T8XisLt2?$SaEDiSc73#z<G
z8_##Bp0I3F`@nOHCyN|mxIy2Q3dB(ZWlRp++cz3@MOP~g>vO|xSelNZZk{VnZ-5#2
zCi=Xp;+=zq>9w1@Dk`np?gmhO;5sd?w#wA2T|-OK8_x&OC2mOn6bbjDc-H(!XsBGW
zq55xV@JO)Sa@XnNts069#`%P4=0zT0ZT0cW)3Z&f3Xvp}qC3g93c0EO@@D4a`@S!N
zb*=46aWyMqYQ;2Q)xA>Y$xnk+6q4)zk$`cjcCueVO;xQ6$EDQ|_1pb8K;jPVihSyW
z>_1(4m_lJ-m;H{TsDkoo9U$!DGkQa4w*eZx_&Rn+k!&5UET;yOA1B<Nig2&2S~I1L
z6QkWC>=&F^Wl-J4$-{g&MP<)R1)R^Sp*GfU(;Y9HdWLPo&FD}gy+P8*Pw^l9M(LKY
zRAHP6xg*9F0d{xPmS69Rfy7l77K^JBz#yLmm`KROdmOtWSR07Iaq+B}Hxq!$HD4^5
z5z>IrVa4593KH669$Gpy8vw8iGjjfqFpYF@D3vI9<FQZ*>nxGO9?2wioHN;qj6uW3
zQ6Ntw{gn%!K7s~dAh84H*L9+i;4nQn*#E5p5KIdwi2Gm^57epAtoF(>D%PKQ^;hl>
zi?#*}(>vkEoV7tmHVv7|Iwc4hv3U%nPW#9#?l@%D4KjU4TA(YJLfDu9k2(IgpFiaC
zMhR^@N9&1-O-4W5_M+l?O#R0*1yF7>Gd4JKKW!EV=TXX-7$_8EFB-TP^2|V-1P)Se
z7}L1{!=O;^Wg1K-o`17%DT5;4GTqDk%67pBJBjgzW*Ixg7~Snx-VPG-i@u9SAD6Wx
zMm$%1^>^uKhMjxRdW>LgemHymk`rLLpPAFthaQ`Tg4_%d9Ct6=7j@I49h^Q=$kgEL
z=p}Ph3~Pa9?<+SbXO|C%-TBYQH1h$qE_dx<+T#wOHE;QH*lud_2T~W(-^n_^HAB@z
zDQ`kT8TzgZchfVxpGx%g*fGqCXgdbcrn4^7>1#$Q7PeeA<|_`p9$OOaqQWz2$+=uY
zWEHZiS++_j-qU^NeEyYq^N))oo)g|Bb4@p+kK#mNA^s3KE^DLQ&_p7U+LI{=Sxf3{
z=F0h_vHp2Q{bIL6(C)4|ph|PEp=St5W>`+(s9t;T>or{1OKs9Rw+4HTzR}(ZIY(&_
z;}{-DWeIm;|7nW1Mqo0kx~oryb4#_s)kk-SN!UsPdXV<cn<@jcolT`9wu1c>hu=k0
z7>FA><B_q820`ZoNK0k8{m1_HEp)p3)h{AU(~P?b-T(3Fr;6pqh*J8;RYSi5uSg0|
z#%j>)^}|_YmAVv^A(O8If__e!%m3v9NMj}zWwyT%hh2So0-W3F8S<EA#kxKy-f$7#
zy8rV&h0;L5AeZExasZwSqf2A(W{P*o;eJM8o(!l>*SVagIJ<5N?y`2gWZ=e8pj!z^
zT+^inZU6*o&m&OmSzV~1hCeV3Ni&mG7vmhMRt7m%(i~tC=`mn;$R{pG5%vD1JVAtb
z^s$o+2Ud?5H+KyA=UcYt?s;oDylyo6{&y}&?d{+jL0x+Gp=2~OwJuRVZ~DRw={V(&
z=I1^V1HgmJzf%qds$PV42@Pj>@YlMoKpRaf6qYF10pei`dmGWo@psP9>ATJtVPA?J
z)`=T*Erm~1agX-+SBumw6=!RFCl{)lA4|*^1^FUD*EODCGwL~>t6}6HGn?R0%TCqS
z6NA6iL^<JP5xKiK2VacRP%tkz+#S4X=Oq|jmX8r3e&DZ%CV&xX7GnzrE?4C|6YS`@
zxV1nMmmrXbVVN!5wXzBPK=SL1cmrhEvSRi8VCKqOJHyk<^yVjv&<R#LFi0`eg3v}w
zS=<Z^ye%*?wOTtb)u+6;fFC@`%cbtiScKYs0slo!&q}ks-E?es_mY6=)#~|2$YZ9R
zXoSU&)%CvmGh&}B7%ga4fWWSCBr7+A_DKP<2cXiPRQcG6Hzcv({pekE*ku?BJ_xoF
zna~EBM60`ei5yjp-D$0)>MH|)UGY}-ATaiQ&!7Sl<O`$v<H7jG!#si`GL!Jgjf|K}
z8Ni<0ea|4krA0%p(fB`TgH*RXVJlhA@{Y4hqsfGr<;NPLb^s_L6JaHWgy`~ryN8;q
zp~hG#K9{A)a9#G_Jz6)5UWN&VYZ^b#e<db>vNJG{*(fMS97;TDgf~Sw5y?0m+13W`
z_%OFbu=?m}wuwF6U;)2rw!=7$=?PV7@in1~+15`Dt%9iCK}v4iT%hE3oeUtWE2$JR
zGsC)=l#z6%T64k<@FiL@LJrI7!#bzPspi)MwsWBUuvK$<u)=tqcC8B_(+6FQe2-Wx
zeY=II>HFr2z75no=`r^oq!PI~I6&!jV}jepBZP#v#A?J2PlkGlC}LeN4)O#zWlV}W
zkW`5x*D!s()5s_90*=k7v{!9EKDW|kh+Qpffalr;sfiB<{|x8AImNhk1%Y!p)hq>1
zbj*{1jfMLJRy)BVul|o_#~(t78gO!}+t;%r&h!58;^uVzf`$WJv?TQg!_Xlge`r6P
zbF#~euQWg!e$-m?*NfIM?cnRu7H|qQKLb+G+utErPNK`|b{*C-#s}|Jzd>N)bKJov
za#4>K$9vnonByVuGM@LDkg7%BydhVpd3GCExe1Nf)<&Z~Wv-gXr3j<;kDP!4uSG<t
z<oTKV<{pX~UKye!Tv(lJrMsB6pR}7?wsr`MM-h_IF75^OZm><V+Iu+gS$*~FWO<Ct
z9A!Zg)Vt+C{1Mk?RS{w48I^_2xN-*S&GQ#1wr1qwQQNRY`$;$47wrp+wm;|4<7ojw
zPEJ)dEmD@DVv~)8|9f+;)@x9Hmv4TnHM@><(tdy}eQ=snna@NG>KXB9nF}LMNxrYW
zuE2lHx0Q)`z#zqc)UES_m=fAF$=OB<oWDo~al)B9;x7^vJojB|?`iFoIAlF|d~o`e
zvmqVzWF*;>C?@6d@Y+(BE>H<7np&6IoD9wz8UkGBUUIo3h6~$#7vaHec=83HUW@x4
z&B>(AXkBkkB4SafJ6jTEd<qkN)s+j~U+0q7YbL|Yr?6*SM<6D9FZo4q*D}+e!ptkI
zUqHRKCBb$RpB@4frrh+8#IaLEdq_5ShH?AHcH=6<3WgWfgMgZIVSmTSzqydTbA}v<
z+C$&2djlIdUEWI-1H<~SZJt*msCmH{xUs_Pog^P)qv_wWHh&h)OgoxdE&62B=A=^3
z_|)i}qq&F^+5##M5WJ$l;@M5)|9~V2MfTnkc~?i3-k9NLHvEdL$D-N##A(|x*{)C6
z1FeaIC#xIk%G1Bud(%|DvI_a-tPOAKsd+8U6zk4Z&jzpTDodd_y96j^<LHd=Na-~u
z)8?Ix_qBCI^4Ez+V&CV5knS=KFx9;R8(jxCgPdkYA7(JvS*iE>+fT0V9{x+?(ELm4
zzmxcM#5UzE<z=Tl$6#n{Quizxc@0w&0ddsU=k+AsZ|b{?GVJS<6Mp_M6b^<W1q(bU
zAB^qjh|4UsGVI4dyDdSsh{5_ix0nRVyV<&Ouw^mAs3SRv$_C;<<NJz98E%?e$l&+_
zq_?+e`(r+PXa2;3ibvG__q9;8azG9HHj6n~S)hS`bUEzK$5XhqP)kvg`LXjDMiH%B
z_B+x<RI*RmDfT1zb8J}aH~>39#J{ecJ*_?1JddZAvs~=Ya{L^cKQzQGV2_6JXBtBJ
zHp!~=R5y+I?}7X}Q{n3e1G2Veb)Y}{Jjel!7hI_x?=%sV*pS4)VuU#Q84un(7<UGR
z(HorTPh!QJY=6jvn`Vn~BYT08@-@X+9-5q6ul%6If=b=|a;tr`7Z)T59R$(>>+D^Q
zY0Y0F_s5tnj9^W(wK^82$}xVmT$OE}N|F(I%0!s?Nx7d^e&6GT$!YP)TCOLl`cb<6
z7o(2{+A3V+0ZN@{`0e<oHd5~g-*Wjd&$-i^HTNIAw!xFRp(2}*waMT{DUOIG2P)ps
zn-6oUy%uWZsa3$0vU<Pt1-)UNfN%#>R(;7ohuE(3G?5TYJEo|t)J?vR5MF*;9Fbbr
zI<P&<WnM!j?g$-1%N|DVykW(x+|PzcHM%zscr2=g)yyfdRKk{U55F%o*^SlCf#XVg
zO}%@-b~pdenhh}`15BOP=+NUC{T)#h5nx^>Vtct!))#tBEb#u4@_o_NgJ<3#bu76I
zWO&xt4EJx6&=*L3pK!mJotR6W@8<x*KM3ILo;^L^wMkXT25e2d-f{3^0m)=%us~c{
z$T<T$-i<I%v~$?1Qs<5>CBUyhXl6RfM~8H;-g7@u(SM`}8S@KG0my?3Bg<=Kqh7sK
zT?sM%cZqaRB-#s8qYCIjEW?B6mo9jxiy{b<9ag;QqflJ3gv0deOYQ}93*AN<F(hRQ
zsDYp>K!F$-``dxg>0JAcnfyz9WALyNQGdad%8Y+#<q0mCLKh(I6Z^l^WQzpwgaHca
z6gEpQ^^~V=A((@VPcv}LmAzx+1%M7O9@U|ht{>KpTiH8!f8IXswG$l}Y!cT@>%Lzl
z4p`_^J>4;n9hT`|e`eg&nQG)>8sx9hwIbCH(U5sy!B(vH-99UHQ-n8^$5iq2A#4ur
zkFL5u=}w61wB%JRc88xQrW#_@ZAwN6sB2rc>-t7~3v&fSs1tWM(am#`HRDm)F(bd%
zm+q6!+$Pq|OOs(^b~&0*S_Kr6gW26B6YXYlfLxFOKr^P%-W4Q%QrD@hR|}7b^_UNi
z!jN5`TQRj+%D1>JEBe5BZxNI+nx-z${iqa1yeIo>$gi>El{U$G<f~8GEb>g&d<C;k
z!`5bVY9Z5F4KQbjB40oH<f*fVe}I7wBp|X3Y^LRiIc@)-AP$u4GBW~qq<%AmzL?(n
zA{{gs4;H4^@pD{4&m=JOf*as37z3ac)64Uf7*?L^D%J!WX_g@UZd&maXa7GVaCcRZ
zgKYOtJC*GS$N8~)Hl2tZ?vqAxyhRl0FVwyhf}rYs+TfH`C-<@z#qdT)y0~RMQWf6T
zBt+&CW`Z8A5s;ZgoK)mLTI?kd{|HDTyzCoj>;#+lFII;0p*5#z?0W(ZW?!XP8Adl{
z7+dC^@|{dSlOR;7O3c0~MU+#bRl%jfQ?mam44pg?#2bjm4v2_asZ0+=FypV8loKTo
z=@;lBzH}MKaq1b*yE>@{U1h)J9b%Hoj_O=pu>nY;gyV*eBtKj*bBy`T{WAys5scM|
zuXJ_OV$yeDuJ4L<7IDjG*-UC%mW1C49d`ceN>*(e&P9;8Saa1eOl?LsNYu@y;vX0t
zussCvDA--VI7Nks%`w-IXp{4qteWGw<;CoR_8|IZ72ctu)D-Z;7SqMvSy}G{$x(qt
zTYUZ=sQt60g)^FhYufH47$9r-<qSIkMY16>b5>a>XrYE0fwy}veujF9gN~;VTbxcx
z)F@XF8b7bmgUFSpBik>h46x?y_zBV{X&u9YQto&%^q2fm^kmO+bCWm_nJ1Num6s??
zinhU~Uw95;U|rV#Urx!@ap!hIZ1+c3B8##z+DO%%Phn&Y?T!;FyLGu!ue{If$G%;n
z$-t^;$ng2q9Qg-YUzh00*){PiBXGE2&uX9KqW`i^ji^a3EF#6<3ZqKa1Gia5h^RWr
zdPn#Fk`21QSffv1#ugm)KgxL&Ms!}5sTZn6SDD!XE%Y0nPNH{Tl4e_=QSAB<0+W?!
z0CHth-^-);tw2Q{KnKncnv3aHv7=@FK`P@uXM80+Rl`_bipq^z*!mnu*gRmwteK=;
zg@#^UA3502pySH~q>SNLvhXiglH9Nc1agz|t$GhB8G&bG<;us&;=PE`gl;%h!{#l6
zkp%)-UkK1a3t$H5^?A8~a}k0u@Ri0d{K`Z5Z?%tFcwSc}0MoXLYJt#2aCpls?k};w
z+<dh?_O}j;z~^I(+)YGb2nTK;&I;pZUWJ;N<aS<0C#Q$3y+$J26Fu=3SxA|6iMoon
zJ!Yp}pm_Q<Uy7Jut6YVwaCu3ccz_Z08m%`H);?1#94($LvZ~_<hO<RT8d;}%W=7AX
zg>CO6|245?IE&wm<74-9L9Dug9_E;pa2#KQ??^mS1$O*`>)XCd3>;zcx)5_R(h;6m
zY#j_NQ1vx!_lLkqw!MzN*bzKm5&j?GK(;TVQzQg4S?fGObeG<iY873Who7Pi%u@P4
zWCTDWAHU$5waK^fyynT6#Qs&8D&?tZ`1{M0+-*defzvB7zhw8KUd$4(Ss*-=b@M>{
z>{kD|=bVay{9Ka6)|L;cI?nf%r5q;6ncZe)f+Si<OPI#|G#`vZ<p4aZp(fyLYy%PA
zUnJr|s#Vhn*MFl}4@b>e0{yY_pn)co4))7z24ZA=S_&{kAtq6;H`AYPmD8#L0-FQ{
zc@3zo`l6!zt!50m0H@2iLFo7}-{B@d#{3n}{C%Cba~vU5dFRpz8;V1b!gYjNUHgC(
zJlm0mDiNqejVM_}%@A~Tdk5<_*zNSN{1@BYN(JE1SvkL!2;Sw&S4z@cnLEXeOo~pT
z@<+CSu2Kv>2#%Rc7U-a4vU7<2%O1?8Bq)_*Jr6PzUj%ztydq^8MtcXjU;k%7!-6o-
zj#dYy46-Dk3xLsKwdS{f6!5-W5&}D@^bX*ufNYj>{p#sWal7lW+*S0_b!e=wQVM4j
zKCM$RBzGz7I%bw(GT{#!JOpyxK<{K{$qZ0~DBEWN$f+%IxS2NMollvwnK2Epj7p1S
zKp{#}hi4POtlN+!s@h_0&zG9Ntr!JDxHxP~OkmgZ)#cD5)7*U29ITrkpqKCfPqb-m
zad~nL#9e4Xs_bz*uvN`iF%ltIhK;gnq#ZJ_;}fIeAsh)MmKqo|N-I>7%)jC@o!aVN
zI%2TTtp-5vfb$xqPhKnesO94GnlGj-H-r;SR_estfXOKRb(m`4l%Rqcdvh~3w*v=T
zd8OXK!piysbK0CWQ9(X@X}YJ-5h+U)&zYCUFR9sLVeq?M(&j^}Kme?`KT7(1fX_zZ
zF1mFPegBI@gh3vGc6bG%Ri9`<eaJRQttvE(F~AexrBNw|5YRU%C$mHp>*kjC=IpTS
zknw!*gP?wt1SCwMTfn-7Tt-jy0J^`2l#6aj;_GTX$B%cC>!ocOF6fQbD7SQ+5TDN0
zY4xzvkycADVww)HC7^_J@iB1;8XT2(bGUkiclfRV-{~e~V9xV{X*#$76niB-LoIK{
zDG&jm!tsOUfT@ynin;!TK(Nyps>te!&4vVLb~X><w3N+KLS}peXW7WZ#Ho&Tp<+0u
z1!(F~kON&noi>_g;?=d+yMM47uZ8_ixL0T`4Ip#_Uzcn!!Mw)Rp{vtv%$R6#E`@sM
z{>xu1$gQzRGGR2LQ~B)bN`sDZ2|E1+D|PIY`YDw9Gj{pB3x9cv7uulBQLahj!4GHX
zwSdTXaT!Xtgg&9-8uiRoFf<!O{+NX0iqt=H;-EY!!Q;C4A>nhZ83jNCKevnB(3Z_9
zOhoRSisR`FNxE1z6HgOGGcL@6{@Xy%Z?jSqSU{F?xQESl2z{ArP~YP!cm^C6Nb1cV
z$L97GXN%lCHW4@bk$dl0>c-+T@)ty#;0=3Sa)21vX22bBY{<(<N3V=fAv9jjn}z6i
zwqozL<-3?#xWL;2lZj3A{xhJ-k~|sx^oF)t1oD)7ELYfMKo?WL&Fw)IPwB1!d+01V
z?O5?l2^}aR$0a@Icr(s9%sJM!dr2Dpz{D<0H?^xu?i$I7HyLf&f&vRPSn`|bLu}DE
zy2_7q+1o=Uri~=oHRTZ+?8ZBB0Y08za*A`J+{|4UeJ6~k8S+YVs_86)9;*}0#u(w>
zO?ACdjD8+9Zk8Yw<Fw}lBPQ|Z#wBK=r{Sa#&vJ>5WL?~hPP!QV(0$N#fCiVN&(D<t
z`6IWKa7Ta?X+z1B!6z|kM<ToN61dBlp>{Xvv-Bs>ycr5coec*Ml2Fvl?ZD<JEzH)2
ztvmipD6PBQ@OV8_Dr^c-J2&#v-~I4Mza??jZ1OLozqISqFOz%ZN5HJ7Nv1v#RVh)6
zMj{*I+k^>W0F8nrl*oj|TErgSKVul`d~r1I_yRSzy8bk+;-Obw=~H(Mj0&RxH9TPN
z5P&@?mm~`Xwg5_O&h<6yuJ6OYZy`ayL>iFwX;j5xh;biVj%d65gm9CqFt@>Albnrj
zqg(&Ee{d@2u9EnnztmLi1~oHu&c~%nwjn&>Z$p-hD7#FIa3t>|iVYvt^=8lI4sq6E
zP8Q&VjkLM9rTa@%Xyb<ndc2@>luPR)Z%70$j;aIzDNPHaO(f{07}Mm+iOcIb9g&gs
zy;wGD#_X##Agcpts-FXmMJ^(a3Hw}oBBxCVy_XQwY$%Q<)qFa)qP}*_vmtOJf7Yx7
zrd$j8#q2}jL01M98M!R*)C4V(8ihf9Ku?PX_O1ok{-c-fsenM!+T(URNNJ-+-q3)k
zV@0l(owYiJ*Gv*tKQt0Wu;oPf=`dMhbXl+dMp16I-D)s65XTV`neAqN-+!uoe|U!~
z5%=EVI_^977<VT4q&pN<bCp9bh)Oo4a6_@v&llLfG@Jb<pCPQX{erbc@Q&=8v<N`&
zT}tD!wqBB$SvZylV+xBeZ$XatVIEnU8}x>q^2W--MY<iZ-cW+)WFdO&utT{ia{7{>
zQ`vJSN!J8u-xPs%yc?&fyha*jDN{EFI0>|lhWbCla%|0cwvv#HezY2nJ(lFL>ZH&3
z&!cpjYe3W+z2-ydc;`ih^rj}Q+4XP{1i_xLqnM;>&8=v>dPynM;gi@)_fTG<E`6Tz
z2|3@pJ$TPgSdV#C^oqTj5X%0<>4T~76ULJk?iCn>uY_cr=K{<~T5PMXa1+sx=p%MQ
zFBS(9NQRw`Mc@n0ycAD6ZpsUWsJENeg3Fmavm*`qob*rs()U}I1*q+VefWnkGCc7B
zGrTZE9L4cRzxLqPKmKC;^HZ14=x=DeuCqy{cO5<n>Nn_u?;yIr!hjEa;KvR{BjH{~
zv(b^qDYu={dg4E>r)Dlpo>r;Kdj<&`IH=20)EwkP4A62r;cB~<(<sGDj-}ZL@Z&Q|
zIFJDBoBp<s-gpJam8pL=1;k~QdNCly+WGfHC$@$0Wm~t`r~GJ2vh#bNT&xKg4XL-E
z3a+-KZzk!abO|&?5G2nxCeTsnU1>l2bEqm(mmTbg!+)l#vYQkNnCqvrwQd2jEOnwH
z<D3W+#p9bcg$i+2dmE<;e@50?b5<vZob1y5)&OTYcs5-d{j&3IzO-T@%!0{qgjd#L
zI!v<=ajA}_5%Pyj3USv=!gtr*YRY%#W?4(jSGuZ;_GJYN&CT&_Qd~wH;WrS=&==C#
zJc7vu5_jOg*VP?GDrk8o(oJbh0=D$c>H&A%uC1-unV8x{%KYDvVDheHVuMCJoRbF!
z<xnWLVwmSLUUlGkZ!K9et7y*8y%EBuS<!j56%D@Yc8yc`)R!EPm0w0k$oW|G5cqPw
z;RKH&!L~qtOtFU$Pb3ugTTP5{rqBp}B6hn8ikmgc_JboHTa9+6Fm596diI1sn?=<G
zLs3%d&<{6IUZb8fv%K6$kDXw*$#&(d(jfYfMk7g0BDfn+hAQ=Fr4nYbwV8t#sngJ8
zwBKu#N-_jt5N8|p0tR-GCPznYhgh?7JtJ?FOFs3(GTg=HTb>g6MNAI|k?q}?KxAPw
zDZekOSwW_pN(=>#Nacq#LMS!W*~EaSBPi1hwY0w~^<JM1d7oX$zm0^55V*5{r*bWD
zS)|`f#Wkj01Tu=SVKjs20YlbS@U6|e6iy0Bo~H)7$<E~nzXV9pi4TsO#t!HcjMBKD
zL)d^K5Q`>oCxz?_5DIp5(i?UXAh`tT_#B4O^}N<HSe)A71r1QrS;KD4X>mD(&dR!$
zBi7>|d8Eyhe4Z6_H`krW{#l}|pY-cdFuLgc1M9DK81hP?t+j*bI%v=}EMQ!IPv_uC
zL&sX>7691H$t+5|T4&2&*+YE%%-hzUT`lxJ)%7;if`3GvN}B(%J+xro*zX&;8OvtM
z`6F!8gFWKvK&5xx=XYn$#m4E#tBbdjYkfOZ<;@}-oAq6qIj6c&f{dUD-yom4ho;#!
zA+`gpm=m^Q@H3qXyX8`Zvm(FWpj`5)LD-I`nTpydPlLQf<Kr2qtAghxwKa|&fy#ga
zoMP)gm;$zT`M6_g9A?o!Z{1^|y<me&WP2iw%L$!cfEJic6GWs51eP-{Bi*$V+J_rg
z>V-O@Qp+iWavfuBL)RljtG|kfv_a&M*4@q77g;bnP+%bkVYLkV?x*l?mzC76A1*^i
zSV^^2E|MVyF`{~S`$Xe$X@f&kf@AoS3naWI7Q740Y{%-JA^$s}k47#pbw1{gD87H%
zU*|3d(<P#9UcNY?%8Af;H8zLh2{bShmB-nZxzO8$-?zh>k97XjL+sog2o4Mw@=@`o
z2l#WdY4EtC4#+y+ham9MT*2r-+m7dH(dHg^hEe?q0o>Ud**$`-9I8)U*y$f6A36+F
z6`>lg&Kv}I@Z<Y@4J!<>>NQUtuL1w+>BKg1+Ea3gzJ`3kq6?71qvy3XF#8Y%Jz@<A
zQ%N--#M6cjE*<KuPD1TRsKj0<u++KC29`H`q>8OgbJfZ%o;gB4a|UdN2%N&9wGhy+
zspoYDGEYKv<&U7rrdv3P5Un0w{T3Ijl`zWc?jz7eh}*`xh0oMCOy>4t9~7S#5rG6#
zF@qm#W;~45VHf=w`p#Wu`|<gpE#-{KMIm8K>jiA%!)b!hj6_@j4><s%j$WmxQsQK7
z)%%*X36%xo%z)eV<sDCY`F2v2wh4eMhEzlp8|G=QFg=u}H4un!Xf;F&yu{8fNI{IX
zyL+4*Uc%ekt=ZqoAf=f?z=)=M7+Y;J#^}9b_4>F>;a^7gNNO@#Umc7U&6$|#N08jR
znTO>$iF$P$B|UXa<pK48o6wTCy9u;vWG__k5}>;Q$tCKD;tE^xCDc*gv@}Dk9f<D;
zHr?fk^tu;BB&3ZIje)=`I9W!p^`$$_@}m*gF7BM?=y}DRTmyZp<*NOs`Lk;fHBJns
z{SfM6a(PZM4Q=&?UdhwX2smkyQwpa7LFu};CzjD7mr<8__pf8)*&gB|pM~Yt1ZZHs
zr&?AVZ?GTy8zZj9rbiIRzB)vl{b)s`U5r6rDd(V1tq0ELE#x;OE(9sT1O^&^9jjI0
zTQ#1+bCIh7j5eF!43jRtuv(%dU6=b0So}c7HvQ7CZAQXDA<EyoA+l@GlEVZ5wH$J5
z&4bPsm|CDr=!&Xk7IL{ZY#wduLFD>RK_?XO%S$?mFi?L`l9wXr@TFuqc6b@JGZ%Tx
z81mFx<Kb8=$yO0!&Nxfpg3Yq^2(sxlm9&DlTR0BoRU;5&B|*zjMTbkjT>_+UA<qZ3
z3+{Y{SFtY!%mlH>!<hz@2qPL5OMD8(ve&DTtxVDFfzr}uVu>TayM`}YMl{WYzHKVO
zP-%)ge+{YL6d61%IW}G`roS<K9m4PF=vE4sYF<lV*Z|mXMT2MFdo6fobfo5;uK7dG
zJM`&XE59en3l|jAK_O;4qiIQNdkl$825T$lQb%`5f%H)~p}_ZFS{h|8+}l>4I$d!*
zk$^(?!YZ)gv2$FibG~zIi|8_zMpdA>e{6qyIgVIr)nuD*m$Ob1W{48L&#)n5vw)>O
zx?8O|8nU~b6kPNVVE>uXzmUCLXb+~+V#F6`Ps2o0Ih1VyD#c8qQ#XGHm#NY7+&Meb
z>?F!6OE&g~QlXrR0FVzFR-AR}-dd!+YZMb4udS#{LM*l6uA@ClS`0=#&W#z)?e8qF
z+3DsaZIVCERuUYGvAY#c>sZ0lbU%K$f}g@m%|eP<)hGH|z;_MN{cnX|UwqkkH3rg+
z*?lC3gP%myyO9Z5FC;7Hl0Ds3kUupO37;ci?4dUw|8l#UMt#$uRs+>xyKBG`{b9%$
z#)vjg&6y`PiE?;HJFL+0xOx59_}`wV`%d!mi045zE~Eku(=d4wS`L4M&Mnp~0a_1J
zJ&<_`#O6UJJmZClGET0UFA|}GEBGnAHcoDscnlX;Z-``s^WVV6m!)jXlhp=xvavki
zzHoR1!W&%qdcyAxpAcipiA)-pMcGu;%>n0K$_}m<!7V*?4UOe#6>cfOxmwN^B7}ss
z=IR_Lq9j;#K+i{|<kC7UsQV~k4#=G-Bmlb*KjquLe@AL}<F1|{T6u<F2s8=P(23OI
zo-};zQXWeIlzm-Hfy?Hlc#g7Boo}?8%ZL{#4+7Go`X}7Ghw%@E*1tI0*@4bG@f?p)
zc6aWr)<ox;s0~1L*?CGk{KJCJ_zet`SWjTVjx2yj`l^4RLh+Y#ecXFS#v9e!SIx3W
zZ*9EGEc1K?iq*yk9r^iFTe8CtRVl`U>uEi5=&u;6%S)<}vYEzr#et7vtVHa2gu2dq
zTJOj&s0882n#`m93Jhz<21M%yLa!zV>~9o@vlBsq9|F#AODnK)(+0j<z4RiERvJy-
zkP@`<VRR@+ViwE-mp3_1l}Kd;I_MAvzt$U}st_^Aq*C{QadBLJ-gOxqCxfG-z-E&h
z<ud&xuE8)?+cIX~Wpe99d_HF4Q5=OC`z;u}ctcR<3n<i9TJ!%MDwf?L>P>p8Z)!ta
zKtx3~I4mT?SFhF}NHp9xYcMg;+djC?%v-;l6L*eKeh_|ZxK}WYTJqmQ=U2Bu3)g@>
z=>!z>!SeNTtx!zN%xsJ3w9Iz7_VB6~U+ws<Yd*G;nL&PNImMPZ7PmT;9b1B>#)cw$
zk5gsq|Dc6(hE0xTu5yeq<vnQ5E6mfJN0<=f7>MPzB`M?H-n(v>X$z@>KG7(0)TD_d
zx84I*{6m`V-MWAiuzZSf>5iatZkJ>=qB!c_@(gA_o-*{$<rZ!4Q=#ii$GDq^nyxR>
z&5w+edBMgUV>167TLH+Q-J8#8_ALYSh-)QJe1EN+DAZ=;yJ&~n@hGsuvWe-!EVh>o
z_xdlBFvRp%V2&;=Z-4xOTU|a9G}Wx@9WpZc)kaPE^??LCm#}WdiJ`q7-SOztA_5^p
za<0!73OqdEpA1BWNP^M+9AOM(A1NsemgEfv#w%bY$X0>gRS*R5)2pH1rH6#U9vvf%
zklMT*W6Be5eZtRtOo|NM<hxW%GK|j`c>04B9-}m`9t&5$Nb^UmwjNFxZR;w}Rp3+{
z)I-eq*qGxBPpKa8Rq&TqCJibKLdWdBEvA+UG<<7<$I<$&dMZp4mnt&#>aeGf+!7_u
z2gHp8Ya8$i98XD+Z#}hom_F_AgY_LEln}tUa0&Vq^LS`;!80$*D3WGZmh1VQTVPC8
zGy#9sRYyjiv18%Mmz@l#?r2peQ`@9uE+oNF#XS2UYgg%QB`|sm!X>&&g#Z_0s=W)c
zQ~j2lZea(bK6-sMCHr-%mTUgO_+18H{Y;jo|J_sWjSNt?X85IycbQvo>z0*9$5#^=
z=vEm=-kEvT?rpslB*pG0oSA{jRSY>loU<n7UDc&LW6zhSlM3|)cj;&=Ho!#VwiNJ6
z6d`Bwa>5)~8YSuEOuAfF`{=^Fb;y;Bq#$0qUR%Ga$-!C9Nx;hz^QsT^STY3DhN+cz
z5G1~e&R!-J5kT!vvXVZB?#&HCst{V?>q*I7uB8YT(in*@taWdL!ajPSGi$*h1h$C7
zu8d$imuI3p*h_Zc0Gn6U8pm`%1Vn_6x-g^PU>Cn{+v6VQ(`@j<;ts9i5owVXxZPe{
zFgetSncxoF151on!6GD6<aUdTCfjwco<LC@H35?jLEV;oaw(WDVE<btd!#-}brrlb
z+;T3@x+O&HRL<e?XF4gDF#d{>OA~ofq`>sW{i<RAE0w-DHBz#BR#{&h*>_w@N`Vm)
z<4!??u=_KX9LEpNws*zaY<z$OR-Px#!2HB&&P=@%&f~Z;&f{`Uq6QlL^Glo}7gFh{
zZB8ENIos8%g8Na=MfojvRVyQC1cpumI+SzxVzcW}d$|@=qJbNH!HGloEpWK<-dxmX
zs@%=?U1Im>XwDG&j2V}vFy)>vDgmazZ8@cDikBe*h;!cGKi*u2-P!l_Q%!z%VEz#t
z9xuW4QW~dI419{Oxm9JY1Iwv6K4s`EDj-!RB$<b1fq|7We;nDw=6s7YoRlD6d>;$H
zK&y*km45i^iN34F$Bc!26)$u0T)p{Vq3|-W<WugKRrHq8NITDSysPYPtXA=oYE+;-
zV$rDB52n;3;Z82M4rYjMZpPH*x6f!0!0HN`3G<?De#*m3U`n3+up=v2Zm=5f?m>gQ
z@CSTev7SP#F}?mm2$6vyu99zsvNu*>b3q@11U>~P#F46LSSjiQ71{Tvdeh}CC{j_s
zO=FoONMkIvR5ZZMOXy)N)z-PHlA+x>!;L)jk7VAfJEoErh>6>72roqFUGsALFh@>k
zZ(fH{e2la1$x#yVb0fkw#L&B}7uc1=6^e@9iFTAD3wXfR{?3oNK_V$hUulH7hE2tP
zH?mu?zvGKpFvy%IZB(LNBQ#?y)G7Z8%dZ)V3TLD8UNTqdQQ2BO=ztl?9haNpdP{~=
zl}Lg+7RIjsY@g~EcD@XMflFhS!%a(&x)!9RcQDYBFU_Yq-e9ahecVWSzn1_RoGwgK
zVM0mO?B&w?X~1810m3DR%z>pQE>m7^)dV<s51a0F;4RuzhRU>H=6LIN+qbd8WlKHw
zJV(nLWqr&Sz_iDs^njj(>?SV60!J%=)%z<bFJhqQ(J^!Ky#J^~3WpM`?vwhrA<nNl
z?#BC0_?m;ih%ewYOO`>ioU+TGIx5FjOxFFfo<3R%HJ}Q&JL#9nZ3Hm0d=Ed_Az%M)
zJj)F_4<7oWFOQ{66j!H#KPt57ieAxPA_O0v?hyaejP6sURG*MjNEl$iNI*04!~=2*
zpeG0*EsT99x8Kz}i3-*p+4jE^_1$9Q=`Aq(b5v~LMbClqs#BB@my8a({#e?(E^x<>
zR%TT#%yoay@O&^^jRA}#BO))$>3p1H&I1JIAes@^kCsure&j|i@2SgG)v#Cjb=Bi1
z(uM@R&XT-_L92d2Of3~s2o>Q@nu@Y+^KK+Im#1sas-=KzEdp_wXe3$t@Z02I#lx%t
zB_mt=9+p-RaDruoa0vnCbst2r(c^J&5(HT)ub1PrG;t5xxkFiz#J;Pj%jKr`peKA;
z1}em=cu&R31NdYyb>K^R;hI7kf|~rrtUkk|iasN~t1t_fgB46~2I=k$;32?eLmWjI
zP`BBa=%e#WIlC>Z7_&Cc-3723g&rm!v%En?=5^Y>o9Z%QM*I$df!FWkbkJ7~l+V40
zR7c6rJ>rv?rGAP_|IENA<%$05$k6^bTx_|`OdH9Sd4i_k?%e3klqkQ~94L{UT3kpJ
zT^K|RsLW9HN4bds3vpIwCMkUx|NgfKPT;AG161jNCo(KNSoOQ0?aXLWKhuR@S{SD~
ztB5Av>36EB2$N*wFOv!l<1{2+*_lA>DHS|d!WPPD4%u0m^UV|Kx29<!B0uy;y?>P3
z3Q6Yl<Wk_H?A^{;=ow-!&Xhsii(SoNyAh5|V#kWntLgOOuMPGsUWh7h*bexk#s~;?
zQA`<US;qnLcDYaE$1OtL!z1GAAXPzSqU1fPmpPMt7l6!)Hlu77XP#ed<ucBofRk|f
zI$<7cs@rdTKN-CZQ5CqdcRf1yeF};#Jadql2cPKQ*pB0YI6P2L4uH;4&%Ffs3z_Z*
zVuy!zBjRi72U9<O?Wi=utHwcttAE=Q8UGS(b;)8SRTR9G9hkhFgor8!Wak7DER7#f
z^uJEGdS~XeSCW#rj(0QbL&lNI1dsH~mNq0#>Q^;OEy6F~WwJj#TBetda8iBvJl7wf
zC_uw2lC+ykDt5YlM3clQws%R_&49FD&on^%BwK8$eDMg0AsZ*&fh=-W_7S}57R#6>
zPj_4!xE7X1&+MH6F6|{T(1~o~qZnhz*CZGc&Eb(8vEciMxR+%ko2P_$ibg>>=+aUQ
z)zN;BN+Kk@R*C{&BsY|_kW{y@VhyR&jELmP_BgUFxISLwV#H6DjVY(p$ApOoSQ%~y
zZ>&ha5YyVBmfAj)<8vA(Zu%mS6Fre_<?;f&9cSf-$_FXIQL=vGpiqQ1g&?;W7eJ3d
zz7<nRRttn49szw1;3_GVQ*-WGmx7O_E9RakOaDzr?uTfUjOAeywmji769*@Le^<7m
z${k^0!_A`6Go*?p+U9%N4rN|k5BdhE#e2v1lSqNo=Jetgp6o^Dyt-LF<;J&rwR_Ue
z+|${?+u$Q<nFnbfEtoW!!>DOQAKD}K6<<EE>DdPPy(Fz#>obW&Cj$IHL~DD-VnCQ4
ze)Lm(gJe1IF9}t`4x+P*0AL^-=nqM-zvS?FBnmy>MxfsOl-nj!?k!n3E#(GQp5&?T
zLwaOHZb7jz_jGE}=rbeo`=b{dx?ubc<q0G&c4_adx6AjZ356viMs){Tz~Zz$IVRkS
z#+j05w__*TRwY|Y?Lu)K2KbA$tv&yO#wW9sE6AF2v>B>D-uk58sUJ3tt8h#VH1?Vv
z8mc7wGEjY?3hdr9gqICfUQ^0b`G}|yKayFnVPB?0wb67Q&1xtJBJzkhOxHD^Jax<l
zbv6r9HEVh8XRQQmpM>}VwApZ(duFf6QUK2|SifW*tW*V&^^<Yq6Pj!~U2GqXS)zGb
zW*6+Q#8EK`9M<}=nAChN+_TP<;MjmTqg(TIv8{;Z%hfxvln@}WvbHAW6~VX9jh2Ma
z2*Zi@01?OzY>R;W9FH7VuheNEj@3V~i#v=^Hk|QHliw-KQTh9$Zj=54;X`*<;(7kl
z(f~b(^!joM2ekM>z^6W_d}8p3_@16?1WS0!Tjl^dC*c#|vN56jzn~6EeW1$mRmr7U
z@MDU_FehgL4Bq(E!BXeRgJ;k7cV9*iJ+$zTVVLeG^ARsUMVFO@jGYYa8S!2YuS*6(
zn5cQmmGG%m8FLH~Z_lWnOa28MkTBCIVTCdA;2dYu9%ABbs*iIC_9@Qbgk_9f<{t{d
z3w(^4U+5a^R|3?usx}c;#CX63gGE>1n@r~JD3QzBQ%LQ>dE-;6)k$6)nkji5`*|*M
zi>+2vq6oQX?U8seR~BU9kVS_9)YT1Rc;&h}4f{q7oEMu##|_cQ(_%#^j8D_uzSg{5
zlp1*yI|3eNsrQsfjh;9Q<6CQ*iL`&UH5R+vNZd&EF1d1Kpm2Uk-4gNd^)k`=v1rbs
z7>GtWEm^^m75f;KLm8-QxoFk;L{~?<ibwqVCzy8r{ykpC1M&j7V>0j4w#Toz)))Xv
zq3!b7>U8$~+rlzA!x<mwfV%H>0+L;?Ff!sOTI`{JN4+Sl)2c=uOT~}Ef+Wz8+O8G<
z)cDj|7Np8KiQph|Yf<btSR&jMJmUP%xJ341Bgc~*>|2FGM$E>lsm~FUDP7>N><N)}
zn&PH%!=kpiJinJQ%r8=7;k+!6y|3sBTqKaJ$G6L{ucLQ=uFr;Myec4|+}vzPJ+L{8
z)!nX+RPf1alY3`Udr~Z42)xOp@)5#6ttmd`Y+=gvgiY_$wX%Nh)!PE~r@%Y1B=zN7
z3lxXa&`ExG>vupib@w;jD@__I`5HlN;9wVF%b6|0{C1l{-=A7Fbtc*BWC-2@(MDdv
z$XASornLw>Y@!(MRDXnGWt)6N<L9@r-M41@%kmA=jzfVv!mRvqnDt9g9Rje0B0E8T
z40?w(#14{7+nxU<dUneIu_A+RHP#7S*36sI&Sd`T^8)7Wl4o*l`Sou<UXq`_0OM@)
zd?Mli-iqK^2m1>!rhs`lU*I$jbqL`LWibT+r$kzyOTA-QaH^--!Vo6b@a*cwGcFEY
zqR}(WSZZd<6$HYPIdtGiGaNra`8*zU1}_&@j$!NbsU<oQDL)59Eocz;ano9*UY<}?
zE=NWbIc^m=oW<5ibX9>wPJV+I06dBQ*HDdeeJ}p@R~%bKptKbaH$DtYCp<$5v_Oo2
z5XPZ#p+W?BrKG~;v1tfCg;rAVF_1N6(=lECqBQHq5eW%)xt}x|v9r@eLa;g9LEC#Q
z*YZ3{@v2385Eu*E6jktLgL~=sefpiEE63O~8&>K(5J5Myg~a6Pj8=dhoYo8g18sp^
z$K+%;(nPq1aFebIb!aHmLBF?jO!9}S<6G;U+25x@#wfzbe(}x?AfC4iq!p1#0t>cp
z%7!nH`6!!ivu;LmpZDQxt(J_pK+qvOHH=%uP_Twn6F;25)48-DCBj`$^0G&W6_}C_
zD{LY&lO)!nk;GrYretFh3i;`EybDgRH;v=P#rXJ{gr!}>P)4}ynjeZc9q5Wj5WJ@5
z445q|9{VyOAZo9JaqW9hX7}-COGM@mhV?v0(P)i9yJKR;TvQypCW(Am@zw79_zL#a
z@U{BoA0g)hVUZH=wzn931Py@nW}y4nYIr#-pNw$H8Re{$PL>=n2#j$=;u~=X&S10;
z$4UfMeS2wVA4Bd9O2$R~^;v|*^nWPKzwBw&B8~gwO}A6-$jc;qilGqi_##L-_a+#6
zUjF}v?xTaV?HqXFURjWkO?d3SB2tUVr<GXv$18{cudpiBAgV<V3$q-YTy3E)wm<LO
z{e%RQ6WclqwiJ*GiQOktIy%>5n=k;zRjez5wA$suAbw(mA!%;Sr#RrMvRSdYxT4_K
zq(&f-Huf2W^d$x<Y&cFAjf|GcgL8Vy3caE#dn%s;-~xOiDq~f%oT6yo1oJT;GnO$O
z%g$L~Wh!vQF=lsNlw)pQL4HajV#k_>Qpi@Ar6$AKX?H1LwKm9eezBP<_ok~K=DIf|
zxvmJrWh+sj4v!8&U!x7PXCZ9Bi4(I6>NuHJDvCVU`7@eYWruVZq%X$2M~0TV*x4yR
zYg7f(SmAbyc*!1}YMnhg0Q}6!rmdNABy!v_FwK<u*esN#*GuRen-+lCN9C2?ns=x@
z9H2Bx<y2;vELnnd-cePzXZs9X*`N~VO@hbmw(7Si0@+E6V&0!;v_elK!Nee*UMD}u
zjF>Zd*)E0`jC}v7H?rw2fX+T>H%xQRUO-tY;q1PNHN>NPw2K|jdiJPTTixL|3%OUj
za3w1XtAYZQrQct6OTd0f-&}F1k>n48wh5e2mexJm5VcG9;zq6pCX^fXx0Jy-n<=$G
zW8Vu~oxtE!!iVhFz8Yv22v+4EVs;weE-Ov?m$4uUprh$HqZq9B3RS(z=6WjbHByZb
zL(sBr@8g=F@&~&HX832ug&V67q~J9;&AEJJ-Tj_g{-l90F(aIS=$F97_XE*3t+VOY
z@36@<7<DVw2?^6luq}t)dP1?HvQrpvg%ZT@DLx-w%nHY(PmY(Bn^E9vF?glR9af>y
zgiiX>uS0ibQz-b@!v%&{GUeI178G=5a)fl_92JeoX^TiwBY>o*o&hDe_WQ8@9W-Qq
z);QS^oG_Ki?tf}(zl}8CjW?lBz3z<u+<_laQ+s$~XW|^+>jXA+9$_5kPhD<ft=11&
zX2Ozr^nq_hpkKcWnQ`ZeNmdR+D|HIw5G=_TEKtNEG((tjS_z=sHt~{eW%e<sWsBe~
z*SSA`+2e%>k!Ca!D2+yHf|NkCZAi(O7ViqyTq!vNEY1vNizzkKa!K2!>bzMDT83tm
z2V4&ownlAeVX?Xr`A-R_95<)n<ArMS3{b4v7TSHEDGcO8EC~@(>eL@;h_WfOyIi--
zs_{784Ol}Sf}t<k!tT<V$`zxi!<LJi2a8_Jr;uq1TjClOOCPp{%q}yd)CX=);aJtT
zF#xZ%4i)>yVJ-o&CP({cNHKxF=ZxX%#4N#SPoR*Od>E|);n+w;$|bR{c|$QWeiUUL
z9wsP_UW@oJ^e!NU+z`7UIKM;)t^+Wu`(i?EZq|`$uKNl4e)=i@a}eKYj|#kMvQ#qp
z2}X?UR_PKL!_QP6*}xmB#e#&tJ@d~azu3Yr%RTx@{-mosEu|Ib^s-N8y;d1lmx$qF
zfAjR_qM7d8TQcybB&o*Bu>DrTj4i;uH$U4VsXv$04}Zi$FZa1?6(N;@a5j!eF99A`
zj(G%{w_|_U^4^DYR_#kh#bY!E&}!c~C>&UTVtD<H`we&L&*y)zYs_4l;T!v0$3$|7
z`)<=}h@w7T5eo;oiWqX*En@eID4X7i)Xy<aq>r5uG4n{a6~6}~tUDy(FmoVJOif2=
z;YvyfTKXj;vl_lt1F^?iEP~b9d_9kVbkGA8KSkjFeozFNm(9_$sg`t2m^TLItF5-}
z{DrA6pOgCB9GW4?IM<lDC4&j&AItdnxGNc>q>z~~@GTNQkRL78b~OS+Vs@}m=0E37
z#QO(sj9oFBADkc^3}t8r_R!l;e`q2kq6%xGC;s!8;=_@)Y87t0n>H%30)v}j=;d&x
zz9cSHKvX+a!)_j#6Q(>SmjI5V8;wUC<a$Wsu{;Pwd04D+lvcLoV3IYlJ(;`FIbNRS
ziN<tF4uV<W4R|}XKyCK;<n2gVtPtsSp(NEyY^k^y-K3@^=6lE!Iy*jOjJAYyjibdM
z<AUPe>f9d`TVyKUJq&*^kp~@3Lzq!_Fu|f=o?G^*oC)RAaibrxBA;UQ3tHS;_ORx@
z)be2U;-x-NOOD?py|To_ouL74<(sPSLg6O!%V>oij5C0m({8}8H)F)yyU2z<-X{+A
z#G&)9n>0<5{isVSi7Rj@X|`~SE}WEf6aBi6o!VwX@MAnZ7u&Vn`zTR#8BJFOR2S|$
zGQ6CRs!33!R28SBK>xDlc8dGg<M@C7T4h#1X0<rT0O~#k?McTBl8(`p`Y6ui=4Qqy
zXQ?h?ex?cp@k|8D7ozW8f-LWQONn)A{iPb+EX-Y&@}f$2I^btC4`ZY^k&z}?mK2^!
z6!ZG%t6ehsjvD1Q!RxVKng{D*ZxtEE?%W_epY06MKdub@h038dzYogOp9BExnMGpz
zUQr!U(jAB+RqM~6*gb75l6jDd^Usd}kQC9U2u(E!4$Sm(L|e@m_o?qu*g{0Isa`UI
z(iHDsBq3EYMRNLo8Ew@#tP{^5&)O7)7uJg#mgbV*#PtZd+Y;Cqqc6o)V%v*3e<o|=
z6IPj1rENVH(@#@36qM`4)gU1wq$}2OZ<QATVyc<kEFM%C)S!_m0Kv4wz}KeQwR?<%
zMP)zx&7)wBZX~k2cKKH%TOGp*?MagOcM%qfwS)=}yO`=THwO(er=H|onDu`I=blvO
zI-9T;9eXL=h$q-svU8D+@0HxhRfvu)n^njlCm@XIC}obq)5;eWD{scd^n{}Jrh8WN
zg>qT`$)x)-EpvH(arpFoC#Uf4ZZ)^w4^y@2uL18EjBK*4WD%wWTsgzG=SRqrK-}?)
z4}RNJe6G6*SLlAs_NOqy(EB=-mxHkpi!7_lKckzuh;CDh##3)%Y?}`?_%!~f$HY+j
ztT1nm0H<)L{Sy+5j9Fr*yDp_y$Enkr-hsoY$9ADj%dWjoe}N<&J88cnLnvIRS)3zd
zW}bawe#of{%r+l)V}buX{4WFzP_iAV2d~BbVjPZ7PZ%~)*`c-$x4FF4Zx~01z<q9n
zU`1aoQ@re9x2wNlA8Oo^w;~O~JRwPnhXrmRFe*lrLamp5k%nr$*>?{Ab3B1MRY1T1
zDZMB2*(KxZ>h*H^ny!3$Xi|^DL+m0Tf3=DY*wzu3U93BRIG&}JvwDbmRs*m?X1M>q
zhp0+`MAC$+<Or*M_Jx+wSQ-Uc_@GlY$^c%*g+WpC2Vv+lmt*25^Tal)-P72D&LYh5
zQ8z{RC%&5?BA6J&);T#`B6|2b3}?bgCT|cvWIigVu~QuXl8b5Mxx#F*O)B^?4C)>&
zdhk@|f?yGKxZE!Lo>QM;`X<u_c(#qn)%pdRGCC9kLN5(x(%eyq@3+RFA6?c%9fVgv
zuTjmX)FMfUBzLL%(bH-?d#(J5E3exsa9Gx)$AMp~fa`xUjLed>1kw9-hMdw;X>ME-
ziub;Q<No&7;BK$wH-%3DCE->!du);#?G1-y$S>#D;d{PRV0ML9Nh};aM#-W2;?5$s
z1l^Kcs22uECeHUj%E=`x^CI(uLZXWco+o>DqHY#*f%Fn02{qQXiZc_9VhQC_V~*e(
zYw>R}8Y+bsGk}xxF@zR2(FUXV+_{yyvO?dDbXVMLhX_^Qh_P>!&S$O=ZK@7FY4v_+
zRsAMa`%?LhaHxQ}X^J>%J7Mn8JGT+8X?Cq(@G{8NxHuZ&rs(9gt4HL6=%yY%A`fdB
zx2~;X2WB(?c(r(IQtW6xn0Bszqgj!f_fQExlJ}XvE(Y(L*ax5jdNJwk-$}VOvRq<p
zX}=A7JE$neplS(kbXhoYsHgwCUUq$R^0n202AU&fHmoNvD)^HZ;S`gP`%O&{(Y}-<
zhsFHq!oKP?mp@>?rHL-Q+hII^|GoS4?QEXkVHd5Bk#9FG4WFxIlLoESdX`;@{j*ZG
zmjfh3t#pa9+|)kOfRZ4IZ`^+QoS09LB)BJ-WHmr`37ca8<j=~omJ=wPsCU*RbUj4Z
zJp0KkZV<S2f{swg6$gy=IAEWmET5%nq~L5VCakzO<11h)b{8isZ{t$KlUL^R(&H?E
zv48WBl(Z?v*6O1hXTUO0J!tyYaCCf{%}@1=tjHx5)}s#an0-tYO*$BL1<=3~bxghV
z<j12Uf*hqHe_~<O0XJpo-Cbs^S(nZL^xIOvjpcOvr!Y{DT&o#e)6Hj?q2)TWlg<#w
zHSi+6YorEmuq|cdYO79K**HMsL7u+C+qY=Fd6IwbvRJ<Nk<hQZau>2WbHH_U`JC84
zKe0S}PNoNUZz3%L&uzF<I-cBq0j<_3>;I`a^(TFSZG3BJN`JAKkYuDE9r|oI`Vgt%
zy`P4gBG6vSrk2rgltkm}Lw84FCAAf!d|yy+bLE~Pxz=m)G^-lM)<%uwvWNqTS{KOD
zLBv)%I@{X|YE&wGY*mYT9wWHZBv2vqL4WCzNiJ2(rOTlO_dXZN0x3V_`)vD_{8fp?
zIwfb38A2{mydKOJuJKl)QKQxfoqBw9b_AB?s0n8@8`vpe$r<_34kpDEPzYR5IR5<8
zWId|=UMaN}s1}TZxV-K>m&b9&E*0x*3}HiIu2r$nl<-lvq$}iCaKL=sM72XAgnW=s
zxwY~G29H8mMqrHa=o2Pzk0ll;+2kJQk6Oq|p_!-vRli8RJC=K`XWr`!k$SCos4~~{
zC_Mds@S=~&QPXC5_oeJJdm!=Zlp#g!FTd|5iDRIVGOYp5VV;9V9^SqRpd;pCjh;Lj
z1|QLwaZZq1rI*(JK!VRy@`;~C$Z$=<uYeg|!;FH}?=LWh1tHu1#or{P5)fU0Tw_-@
z!>n@sGk$L$8Qx)6P*CL7A?;2bAbP3ZM2Pl2x6N#y-2Cs_8<u&X>+XTY9CWU`Zsz7j
zZwcpLuPtl`t^{J7%j+*Rj@zW|+^vd%+uII7mytxb-#8Og^+9MGaBwfFydiuA)7!rm
zYcxoU-;+(zLZONx#X7n%nWvk0edwaOMxQ!TkuW)NE$ZcF<^CRxy;3~MicE~7O8k7P
zC8$2DEbBn}6A?@n0-cbqmhE8>%vgO3X!GS_Q5Xv6-x}>I&ef6stX!}l9DxqHBPVxs
z!3!tPNq|ZQQak)$&(RPcxD3Ww!m;fB=;GB4#@~t^kFTyvfu@uo5*cxUyZ<fh{U@iK
z3t2q&c`$ZojvEADsGoi*GAuK7V&Hzr*@XH@yiN@`{~7BTI^FU}zPZ5GuFA!(w_ux0
z8M1kYzI{C?D8c2-b7j=4FuAtMzz-(3zFl@Sj_K&97paWzez%Mh;>3INSa6h-8ms$H
zUVkL~-(S6`t$nMKz|MM_TTd=epgUC^SHE;4jqqqkuru1;x@K|Ij^@pT3=2@y3rGa$
zLtmk3+8Uh&{B!X`H<8d`i|d5d3Q54_W#nToYRW9pYR~6LT<&g=wGin75?45i*P{+9
z^P~-!s}=uobP(p~^WNh=1g*QZ5Mo_lqGdQ<)TN7*fi~uDWp16))G8+Ri60E-UYkIm
zcv7Cqwft8^G6Oy;J8;}XPLI`cU6I5<M@R^5mUD#J`w?Bw+Vh#IQ70y2>EGT;rn9`1
zqTdt@#s#{+*i-}a$o0;do^moSjA3#CG17d3T2UF^7hZZ<&Q5&#J)xK^k8E0EDH%yA
zI=b%od69T9;9Z&VzdOU=2fe_=Ywvnt819oVXiG)mA^Gj>KpwQr|7{WRtlkFR4ke-V
z1s9OhPh|Q3tC!txb<a0vjW3Xa=?+Gy5?E9;myoy-Q7QaKI!yg~@BraxI)BbU;FP7X
zaCKFQpv;0Raj2kZZ*g0~WIOU~oc8q^y08U&xWB^*_i^81GW-mV1ry1#?)Z9@P;2l>
zy&P6Rg6N6Vw-x?egYI6~+l{m=MdN;8PG#DFdbjS8yKpa4DCn1ogYl{U-heHD)<x#a
zP$PzGXdTnCe4|0iHJ9Jx6?M|rjsSc<=Pxh2Vxj3f(c-gvxM>FOfutK9367N09@(l~
z@T}bm5e5$&O25<|`e*{1u8pvwRARTZm4gzqPUbvkqtsvt1cHK9F{)4nqDfja)MM4C
z`VaQ~+awbBv;DqzCKwm!AFF{g6zeq}$FS2nJ$8<RB3Z5<pVj%@b<0{eK90GmYKZVc
z4k3W(RrGp)V*W)<F$!nCb#Z>~L3Lab)~sbjcOt&GHS7Xvl3Uni(IG>prY}$xiJd9K
zDJ(^hb+&eX3?uf0%)Rf@s9C?1wa_Ylh7lj55zOWT9X3L#Bz7)bn6)^v(0p-LBBgw4
zDhULx`Fzb?-&_5%62I~(UAAr3nNoqjTu^>bX(+E83vvdj7bx^a1zJ1J?hz>x0^EtC
zz4M!dmRTqew>C3w>O%j5^`h-xj-Xw%>9Eas?<M0N=N8$Y%d~?$==0+TiNa?xir4#u
zmRmL1!u8xM{KOGTm_$@YD(1n2=Q@5kFTJ@!f7H*t0L%CJwQf(dM}q+^ky8_y-8!8s
zbe*o<9?vCHpfa=Oa)HMk%UVQ59vuLjv6v7)7^FRVrjgv3%**380{pARq$RRJ;4A7f
zns|TRZzs+MGf4~h(>dL;G{vF3h?$P!ziHPJI%&;EaTnZ92JV&+|4<{q2{%1*w{#C<
zo`#*ofv=R-@IJPtW;2kPAZgu@j8v`d+K^p88q$whDlcWpes$<#3TN8|b#h`B-a&O%
zVk#%gG^Ni**gz9OGi=hUlvC|3QOWg(lD^~38iHFKM~vowMveq)iETUxB2fqfiuu0R
zzD;*dU+-fq*SMlLM)tS>y;Y%^TjZb>x~3~XsiKIiE>ti{LjlSrndA|T(K^+69HkOg
z7Az)y1c~ZbNupRG2G(pwmOT`u7ESfaHKr#s<_wX~s0`iXawSR>1>o3rGQq^QZDV5F
zwr$(CZQR(lZQD-n`SDdhLU(oTwHE{n(&wW#$iV0g80&@ML6LY1&~<DtNTkXtT<LHV
z4=&bF$T2*&Mt^9&1{k?`JXU_JeY7cI7gCs*-Q9aZ87AU_Sw@vinZBFc!~+kxePJBI
zpWMNSK(}wHj?_QWXPUja#oyyy+Ay4>7X!@^!N-ZW*e-M!y$GKI60lc{4BPWAR*9gp
zqiZ*)k`i1tt)Ch#l*{3ARxFxm&|Qn)vP+rGT0FDGESv+%b$h&J_%5W;Y(^xHAsXcP
zSb3#Im@FW70dRro7Om-(aQ`5Z^iP=FC`G%-yIgI*Pb|5ndsEQ!U9?$5em1=9j`j{Y
zV_%4OEmJR}VD??P_ai{GFIF2i1-RDvS=hm#9bST91EWr}$GL?+SGVHLaa}!+BC3()
zO}nF6!WJ8-U(MnrukVye`p{$imP~VP5a0iTspR=9@WLhiMl-<=trwF>3rJt-{FOXQ
zqv~hmkvoSfP$;JPuy$5AYm2GmOAcK{H??P&5DqtUM_xysNa}yV(}9jv!1p@e!Uv`?
z{%0>Ja&NbnhWgxasWR~7QJEm?!S2C(!cfssZ}nJt0fL|uhkwTd{^3~jmR?TZ@co)Z
zb83@0WgRx@WLWrcbkQLn$dycKsO-*i{43?@qy{cP?c67i^TU`7Vnid4Q9|TQK%9B^
z(=V>jnmXdgv$3V){lfiPOfafQ&q-m3V0GAN><tw^iem`m*6UZsA=*4BB?=TIx~T)Y
zhdT}S!RC0>0B+{1!*YC7A@Sdrl*{nBj6$eqVqG#*nT1W^aF={5O(-W(BW#y|k-1@r
z@_lXgC0@;t^GsI-VinwKB{kM#2JD%$@E2L8Rk8dY&1EzauvjslWZAc&E-2IaQ$a1b
zbwv~UdU#C*-va!!*o=kf-@tSJg-MObm~R=-8f-X`rJTvShNkdcMWR!O9<}B5_Cy!t
zPd~rgA;r3(&Jo@Wb~btARys@`@g&1S=R{TfgzODl?Gmsj4T$e~mws`c59!A}J(9OS
zQlXEHm-J4su(=WV1$fuJZe?EC1lY<y9G)B&UJPyrmuGQ;4quJoQL^>l`9;`Y+%NRk
zx6VJbuHwzg*US)FXRV#vb4r;7?3sG=*rS)0l@Yj;=C)2A?_x^?n87MvLOQbLpv}YT
zr{Qn2qMvjuM2m6Z@zr?`dTajz$Dq@mf|%MS%kI;S>$9#(4}-Ok_q?9SD(FSd^CS2W
zSVDstv&(poRb5tWj3F<46i%CJ4sQF3cqDHdu%n^*Kq8Y34eitFo#mli*tPdF(sL+}
zRi<~jz@S@m3S<i*)x;mzrIN9nwu1R`eGs9S<^mvrfC2%60D=KR073!60Kx$x03rdR
z0HOh60Ac~+0OA1>01^R`0FnVx08#<c0MY?605Sox0I~sc0CEBH0P+C}015$$0Ez)h
z07?PM0LlR>04f2h0IC6M0BQm10O|o602%?B0Ga_>09pas0NMdM0R98$1n2_j2Iv9k
z1?U6l2N(bt1Q-Gs1{eVt1sDSu2bchu1egMt2ABbu1(*Yv2Uq}D1Xu!C23P@D1y}=E
z2iO4E1lR)D2G{}E1=s`F2RHyY1ULdX1~>sY1vmpZ2e<&Z1h@jY2DkyZ1-Jva2Y3Yd
z{{8)Z0-VnPF95FqZvgKA9{`^KUjW|#KLEb~Ku|zH;!Fx%Aub5Ox$gAWBnU`TSH|iv
zhslwYqs`oId+EL@y0bhA%Ru_h|9(5q-EMdXd_+fHfp}w2?~a!zxXnS!>`*(;OUUFI
zT8RiT=PLV_8b^MF7(}K%0=P>LQ0NLH{nvnDFhR7@u5pLK9S(l0BucYFC+4_5Ob(F>
zEebfM0$tZhIrTHPR|EI>?Q?Un#rUTz+zQ=D>}IJN51pDW1hk#kA^rOPHb%V?{{>fC
zqx9i8^!rId#72t+>2eU(w2F0Wgmm2MJ3xt(Y5UIL+Xtz&WL|IvH7yNh%Ow2T8xI4K
zWior??YUqf&vMr1yx{oVOz;hO9&U>(0OtSwC_ojYT~kSYbl|PxS&bq+<YUsXZR>--
zCle%|-4_dXnn+ir>(XE|BTBkrYtgorDW4UeGGf*uoUmLIss^3(r*oQgoLbl8;t!sP
zCB28{56p3Hj^<k<Y5=RHINme1-K2<?$uy4ipm{R=+mVrqwn@DQeWDqK(pzT{+-oaX
zW#79tX_1T0Myhf{P@s>)s$@8PoH=XfND=!kAJm{K00F^yte&Z<%1~?G*ePkgZyQn+
zIm(a;B4DI(ApsP?m+6aar)p+;62w7zK#gZRv6};a^RqX|kyuc$ac8Q1I-s*_+Otui
z;Ka{3|8h=79Rnys{%;n|gu5~J^>ZE@&Z`&pb5Ub46>pM{%+!^vp5vJ~A{um9(_qdV
zO0zQ@rp@b@NM<~?I(_p*o*5IAi^eK?9_+MF)2%(dtqMP8nZ_v`IIB)R04`SIX)|@e
zdx2qAJBst}AHj>7K*2x14xA!zC52K*;`~jOut|6+G?)ogZ(@@_Z+U+QLYq5Sb?H`Q
zDO=6ugL%Ta$0GM!pbNVNq;Di`=g4$cU>nJVsZ;FkO~ijdodjvw5!gC07k#N7o>)lU
zt_U}EiN=aB`lX|fLTH**hNvPH$wN+`Hc{u9EjnKeO}+VSYld^ndC7b}^bc$-Fb>mx
zj5gw9a(csM*Fp3j^iP7tf}TMPS2r?1;>Gs$V&j|4(%0sgDq*Oq{;t~IIjF_&E0^L#
zhTHc#*ESkGcY(UoGO}zh_ibLi`{lyJH3j-g$~W?}8=a_w+bPZ7jx9mL>;<k>Ut1kN
z8=|{Mh@J1gT<I*VgKs)eIqfmIc@+1Qr8!<5&WppHZZ#JEW!V@@MyoFKG!X)%C_{Dz
zX+DcSSR^_A#Tt-Du_zrhS?Y^4oVXVzmlr^`hE?Su=dpQ;sLDw%ZHsKlXZIC<F2@UG
zWKnyTj4#y;6@s4;fQ7t$#Ti$Vhrnk%IY?K6{|YR&jNa%x-_P4UEV+-z&31=nf$EOS
zhndB&sy*YR?qHzpilXI3vWW&rPaK53%J~Q6J+U1x{+fjz*tg&c&;`bHUAixK;y2ro
zh)C<2o-_)H>UD^>7u1_nu+)efiNlGhW{%TV_eh`g;f3d03#!uA5I>AM-CIH&@GZt_
z=%GSsQ*?Tt$`TdTn40ElX~KK!Zn4xLtF6(cwtnOqUZrS)jHJDRNIPOrUp2rPv&VD)
z$FM`W8C4k7U41XXp;l%<1uiSTW(p;;+I^^!V}HFlpSN5=&ReW<`<}H#X#-N-CN61#
zNCMmI=z!y?TzhQf;))6tw0Kzr4j1?~>#-Tif~jc}>LR4rvqP{68JUD58lXZ!+cBXy
zCW+)xnl*k(cdHz%Cn&rb242~BByqStDaIcu1maJQ=bSw?yrT>@a^J!9HVK?89pP)`
zv@H{aZ0CaG;Pw~S((opBJI3h?;*TNIwZd>dRfQjQjs{^LauY1hDy0XnFRx+5b`d|)
zY>zZWxt6nRR=R=_W$gAfk3W8F8nxHKq4-z3td6+)gdv9b)>RivCzc>=P^-Lj5IiPp
zeuCc!N#l0XF74=MA`-1%U^2MjzBGI7(y<ho@Le1iPIszx`z_*y8=1~f4L$zZoDsWx
zY@F#|tC!^IFpKnq83a=SN8PLq@3deMz5IXXmcQ_+q8NnK!%XS4u>>YK1EEbH9mJ4B
z4hb36xH6syab$u^`SOt`ZD6{qOCIAxbJSrIy$>@BWDXzJqR)I>E3NcMLOAjrp1v7I
zn<H-Xc74O^Ak<j--1-5G>=ardM~G}K(KNE+pF2Uh4%PG%iFQ+8{iMs^5{)V8#?RRq
zSOHo$gMbE^>kf}WLeD@-eSNRg%fsl~E*b;`#f|GFQ;3HEn9H^I^qu66rmSQ(8c|j*
zZG@O0PieajWYW?GC}XXKlWbJYUqmCsZG9un16kxM&uH|#-{xsI@VV+tU$d^((!I4C
zOlrGFvDSAMs26N|w!Ai#6Zb%74}B<d4KO6bXT-ayqSSt;Rfr>^HR6}Te(p%l8Kkm$
z!k&QwS=j74POQS$ERmTMh`iXpO}T`b;Q1g)O1=|eg6VaaM+aOaXLI2k^ml2advv4Q
zjK>Zd^#@Hy&|Q_oxzdw}!|iXtzPPj^McE)Uv%wBH#{2T?++O0y8h_JG%+wYZJ3@9~
zF)`;zg*h#(ZjDkzDDQtSmLt^W;e$V!qkPu;xJgme)wo<c7HDzt34W*)8xFpnNP&cR
z&o<G=Gqe&0px^ge&l3NGG2Bw)T~s=m2_9QW__VoFt>SpkxT(9+gN5YxZ;oBQD(Cw#
z9yMsMXv>L2mM2Grg38xSPc)KPH$V?{j@Uj|-WnJ$hI?Nwr5i_sr(Yzy7Tqs1kip~F
z#@a_hHJ>W67|BDbiMV9>GyRd*tgk{A8d{-o<_$%(xmEcM2Qu}1aM%`lXSX;q#Av-{
zAz@(&jtgd%CcWvLeC(+wv;W=P+^+=RSH#)y^2WN6kEJNoE*4LOE17#86`>kTNiYU|
z-tfe5*rPS;-OF9<%@k_JM_m>IAF91`jnA+lspr?Cqkt+BH7rhuRfeSqb1tLIafg71
zE%{!`jQ46B*12eIR`blheZ`Fo$$}lUO#ON791}$OijgR<_y!JPp`L$qW-V?!BHpvL
z#<6URIe9&P)xCTHLq)Zg)&3KHy#zmRNmX>1p$jaM_M4w&YFouQV50arIp-o3Fh#;H
zP)ToI=>WCJ6g6FAN6wIuLH`PyC|33oi`^}(oLcM2tUF9n-~@iysBYsGz!p=o$mQ6D
zp##miFul<T>C61BSl*8$$1Az1IEmVkh_S>&1R-yzUP6_El-$?MauT=>tyDrNGxt)M
z8sT2REh@L2Md=$-&10!cu;-o#Lb0jGZN5D5K%aHxU{J(WVz;Xuil@{r376Qsi%Tvh
z81JrIo36=Mbt09|XTxkvrTj-b7iNAU#KzH*7j^$tx>YlAA`zqdjuZ?9HJWAV(GX2W
zSvEx|bh*vT@75*(61O|!Gan3wcNs3Xcbb-GVuZxO67_BoS&HHY%x0n<bwoAt=@h-`
z;m_^KipYOrCey@vdw`3_Xc)Q#3?-M5IY`Keb~kPV(YH9cvNV5<`p=i$>bQa-gkZ_7
zKP*8_B?MKB+5R#L)fLyqjK_AdtPV+`5R{MJ@XPt;l|-r>FQWK{PvdztNI+Ne-56jS
z-Ns!YC6-at8%y=O8Xid*!yeQ12%i}?ig$l>(b_f%$3)PhPZ{MwQ%G`Khwb0!;Q8Nx
zd0lQzAewhrCdWntC_k^6kjq@r2}~Uc9Bb$Z`5+fR8`A;u!L(RQN#&}eb0#PGbZ$ET
zB1352-s3x0+LrD410xDIW)FG)95cVJm17I&ga&hAbWHNlA8{YS3bH#M_V|kqNe|dC
z9z^qTumP%{PSEo8VRw$S>zmlHe~O|S;9;6@XY&6jRuVuo%uypKsf~-3QnS6XHr^AM
z;kNdEkr879Q7LmDh^9rxd*l&%o6EYz7zY#=*GrQ1uFG9eLyJ$3%`PC@@-a?i&c)b?
z`_t)jyldE<@H9g-)$D>pt4U&wN2-z0)UIhmrNpCp>y{0#a$g9S;^TJ9b+R2e5;`@K
zlj}xV7JWAl;3-YKW0^YRN7{zsxP=Y>oa?ouJ49uE{s$ZlDG8@&4N+)t&&ZzN>CX61
z07`j{OEk;IjsMgN!L53Fs?zn(l%FZdHFn;x^_hp^jUE-;^ZqTq3Z+T^d!M<zb-uA*
zKi$tAxPu-0IHtmka*~c>+bn6P3ZuA^9Zubc=icA`QL`Tl?{4GYqq8L{uGRF*iysPP
zN*4b|g<R6VZ@<ZmCG|W!YU=OC4k;@j)py|V(>2|+pI|f&JgSS(_TyV~VN;eUuxK@&
zhaD(ji_M8P?7LJg<b~5QjHYYTCz;M!Ph-Ls=^8oDWAHdc4FMvMKXBiyBLZB3;P~T~
zOUm(uFmt9$@zipNLSJybNoj!*#Us0FO_H8kx2Mzp<xi_B2>WTG+zDiv=>UTebiA8=
z_na}@sQGl&WMlW)Zs0hh59cd`{rBZUfw?Wlv}N__sMm-9&e9Q7t5o0WS>!oHR<XvN
zO>YK&d(=+T5^cnib--woLwpwVFYmvCi2@q#wr(9pH@AgXw~*@s3=*K!cJ1!p@Q`yT
ztieQfu2%v@@JdsxUtBn5DQVn4LC~@>o$<X`xH()e-SptjDs<ewL7oib-3R2-2pbY5
zyg*TU@Asz#cL_ma7{>D=jNE$I;LAiO4FBBs!^fbec)qsQo4%1jQ2PglbA$HECdP}U
zeO_{LR(K2&YA&7{wY36#VKct2MNfn_Hj+dldDVric5OFNJ7YFZkDq)<am+1mIf+tz
z|2t=XLA#!X-W>c_1GZLXis}5~^KGrW@(@Hlm+X*2nzF(3rN{XU6~+<3P7M#YtgHj_
z!k$4F5N&*9##u%yeB4kTbpuR=dttKhrc~C%Uj~+z=z&-757E%Y*YqD-b@_!Tu{dP`
z(j<{07~NZROk&dm7Agy+C+2V1A9@D;a7X1{o4(16u@SXDmu@aZ;{%CqrhZK(h3D1O
zsy7D;*N$QG$3*%#b9Gtgl7B3sV5K0MYw0E|oZ-txx+BD>7W_FW#i@xhtldq6v~z+H
z`$;17iY*=1Mx_7g)g$~7@W|RxA1dhCX!3=Aq7i3@U;l4NGz|s{J0+UH7SoVY_>&N1
zAr(=to$LORkhq2$u>?F|jC%0egAy!Om!v0F*y99o4e8u&2F-rsIQZ#5j}cEd(1|L3
zV3bFr3x9RLtD}4a+fMYSxD4Tq?4=j8$$S^K(z)&ipTfO;4$}bZFSn++TD54@y{zpY
zUySs30vWgD``LQ`QCVRcZ(cZ&*Dc*r_iTc|y0yQ7$SDRd@PUC+y8hMZgb|MT+v&7K
zoI>PpzUJkglibuD`d0U+0%gJ7s72#UvzR%uTsLbl*m7N(po+y2X?n~baWoz#4MxL)
z$m(F`0YtaB%Y2d$6_!Y$?|gVPjH&FFQS%&SRfgkRVQ7}WARfsYhdXwp!I&@`r$54%
zV_@)O*|>|#KGi-9-=wlH<y=u6X-B_P&(_Ol90GoQ!YBG<Y-Q`HyJ$zTm9e~2<l0>B
zNI}~>{5!VN$%ljG@F(|iD}y?^9dJpI6eLG7v2tvB4vhgJauWU)#t)~|T*mqET0(>C
zcZb-i3<y~K*w)0BzsH>+b+z<1i=(Na_0XB9y1jVSC9L^+eT#td`H0uy!CW2lgbS%?
zeGPJ#*cxMIRO3I7x>4{bP48jm1pao$>8wgu1J(If(g$Lp-c74=&(ZR>T(W`Vk%KJt
za5vSDJ%roo1gU(gC+VY_eNFL*E?ZjF;YR~jd=a$f*`K8dT0vh;=2a=~Ov3?Oo{c`Y
z?ZnM%lQ?G=F#;%#DJX?AG9f*`O14Eq{5y}S#M#NoEbk^NMNz7wMPqYCzU-TXAX8b@
zYGF%F*L#blo$wsMcfV}&zSk@&v+O8l#}$$LX*>)QcD}3D5kFqLvqYnh9&v`CKi|WE
zY|k$KWWUbM&0;{kq-hpVQUb+ZW+!73`wcT0WkZg?)Z%#kk_UL_Cvq99vvtJPd^Myi
zG#A?xIaOdU6;~SClUSU%!MP(f1AMIAuAf3iXXD)V#7qSlouJBrOp{v^$kv1mMOP}O
z1K9yV4{!xnZtIOeM<nn{Oj7e6rTg#|IjAAJFbD9iZTU9B)P?b1+5Xn5EsyDZrCT%Q
zah$AptAjf-Jvq0KfE`6%@v)F4=Z$b6!{lNm@!6Ck$xOxq0x?GTb6W&Ebq8V-5zylA
z3m5ItkDsrQdmCQx^)gkJ^95t6?dF=MmMQF__nB7L%n_P|-@_u3TYU5eK)3Pw<GNI<
zTMadw3j*`O3GVN*d$0{9=MR|(dX5A`zTMGJ6fg(!X~7j`8+_`nGFRzpmOiRz3|DRA
z!Mwaot_QOs#D`S{pYn8sH7UzCSV}pfO67miLJ)}&>o3|N$g9yz9Nq(pIY{PPA#KmP
zwZ`mz0v_vV1j>?IYX2Ocv~lQ^0)RdwNQHe4hyP91BQnz`vyl}GGtJ~g6PRXRj?)oS
zUzX4BBIqQnP^lq4vxBsK1x=rDyVJ9vKxo8vWDNmb%2HK#?x?pXn{c~aotN>vZWP?n
zdmNaF=7Sw8kK5y2@uaf<cR@!Q<|9tKz}~J%DqVx2Nf+(~8ALEA8qfSaQLFV-XgUw-
zv}kH`#8R9hg5N8CUxLo4PI_v~{&bhz{ALM^PT<)DheRoIr1=lmC=YfczlNt0<psBG
z|DqMuEu6?CvpcOm4`c1)u1Xfac%icAU$+18B;n^fj=ooU!h1hhfF>Uj-BHKwAWXNr
zfT-2&qw4X($5wo?X)A=o4&ccuDL=||vx|}G-@+%Q{lt|giQk~Nd7xT9Bz$H29XUXZ
zH~a6j#Vfg9*zxnY*{q;X9aY?^&yZ8$T#=hL;rYW%z2|dn#lvxU5@lvwHIX`B^n}rm
zyUSwAwfK)bJkpN}2Tjz`ZI8Rs_01LLvHW=z(%0ZflE;SAfvEAdu2L;^H+bk2o`%>_
z4eubdQ^^ijGzh}@%EO42MMHRi8z^(p`?3ymv`5L1weKag_OR8lv7`YQ)Jb-uG$JTT
zbs0;1KxrRkER@f?OID*cJ<~kX0vtSLpkje}Y8&gfacV8;)<yjh+Sg-<|Mw7jz6TYe
zhwr|iw4cgFR}^(Rbz|8sFIp}Vx5Jni9~W_Ia5!AGeQWg7!Szt+t#cz=PWdS|AJhe^
zcSvTwDfFV=DJg^+h8K<f-VG(<JB23^t3`5)lSp%-f1X6RdFSpJp03t17^x9*FAo7U
zJD(0l1F^B(!fC6A`0A}n$yc9$Q)N4r-O60*DI*xpzH8s~(a!lvL+p09`kqaKG?-ig
zB#{_OIjGny_UL9l7T?;D_^=9xPIo;c^nDg7&iCRxAHL?8t4vfzRWWAPq}Niy(vmr?
zQ`6f0^*|w~&K3$x<>t%habTj?$VE$d;+I;<BR2*P&iuFqS|K5&8OhmZ-1A}3f;so#
z@%=4WD4W4B5Z$O*%K0Ge8EN1ez8K6&-%38?tpNx;Lkqq>c;>=A>Wm-H`1Lc8LDe(D
zp!_T%2a`Hu!+gr`!zEhBR6DUiJqx#X(o@%q0a8a)m8?FDRxzdT7xd_PGYqfnln=rO
zkA>i?+iIy}sE+jz82!15x<57AUYProVMrh>*+X!?3Bt+ivQ~zUV=&?Q0CFXoKpJx4
z*n{}#<tM}$0?x5HB-Ap<yNud(IWXKry_;pyjNjqCu)7@}0s{Cp11F0P2Xc=rE*A?p
zhV9TgbYVrnSdJ8^e!wc04wF!DVK{F-vBQSAS;r}uBTh^x%-Mu)G<%+X(+t@>w~pk9
z){(Za%RAAyAXGOhfe}GO_Dsoy*m`s#a0-|UvBA`i8w;v+))gW#h+!8U4gvaHX@KwH
z_^bMBG$S?$ADm%L^)s96cj)}vB8y-9;cDA1h@wStO!Xsj=+t#FMpf?N>dmZrTvQl&
z;Vn^tVCOw#wD3pbL*0p@OAL=aei9~(o3pfbII?e8ai!SaW;vK+aS(5%O|MK9o{o)D
z=^#8X^B*Hqu4;J*rO>!X_&u#se{GI^G=HCqc_gr*<UtEwLX}`GtpFRCfHBeDdI%i>
z%EYdX4P2Ek<VS6zWl^#bYx2ktrkA?3=$=p4Dt2#N^IRqlKQRFXDk82mQ4njn1?%q}
zrMBugjhPf339a8vV?ln=9QlMoq3N)Ko_`4*?XUEdiO}|8l05lopE64%k_`p_c`g94
zUsLgoi4KSb81f7XJo5|B47xF+YYs=E+rox*2<t=D1xQDy5kw<TKc$%hlkL>mD_gQ5
z)f3Y&^~KS95APAXV|L5&R~5}cD%dU}*fAiqz1MvZ3ve^@!Jizx@ol5fi8EfzSWBtF
zv(tSzscK^3wQYW?Q_ISv>kTYHw#)7J*V7D={nvO<UI@AIk$G5ONX|&3Doaect@TI}
zeVUW1WuN;LV)|-Z*Gl&EdsVvCav4^pbohtP&A><LkYf#lwN$`QS->&J*oJTj)Hyv#
zc7QRSghd%5W-s3We@$^rQ@&Y`Ef7Q@qVJ9dSQob^O#1P<$??FeIGJ0rGPEjklac(N
zL0Bk1>sTossNwJB7<09l>m%4ykuO}A;-YESV-Q)N91M(D*im!k?-R%E<aH>-VKtOz
zs{ZHBE|>3tm6#GM{lu`>=TCGSk!Lm55G<84u>unY#v>XD$qzJT>m-o(^3?SKQK7Ar
z(vG<pHllVMMRr-U9RtdMkH5K`Hoh3NapHPed$s5JPdLm=!a3c3+a96W1l@&gPu>~a
zSuk`q^Jbk0&b1_p0O8Q_U3B9sd|m5vn-|OF?QNNNPB+C;%jmPVaFF|4iBmtXUA@4R
zt2wn}vYnFF-OZn{BxGG+4@MJ3;7)S>+>wuqKz8CjH9mb>yw5_bGQdcUxMGp2FbT?E
zQRZ146DD7U`_6xUm=bfKG)JqIy5>*|1j~*@KvW>vUNgW*K_siJkCo~3-~kwwH^)Pb
zs%~Z3Bl%_mGDB!7Z6GNecvlzpQEEsprZaZVO!6@-#~Kevg0^18zc)t|*k&0Ny}AsA
z55WK4v)w1`ygyind&|n11U>@J#0g64*$uu)a9NT5pl}5y(ge+a2<yU=zfO1jhBxZm
zXbR=1<sJ@yiR@KMsHitK(xhC#<w&o1F!StC;8?7B15H2Ja1-cQL$!wDpWYnD;+fBY
zYKF@A9f2-;FDZa=icEeRCtwB-NQZ9`zS=fzl}5TKv}A4p%Vgl?43`!!z{fqHjjq54
zgzSPGABZLU2Idd6Q3yWt^3waII^`mWiGumsElCjC_*KbDNX<*@e@SY88x?mZmuMvY
z%d}aGi~>@%IdS`fnYA`RxW{l#=$?5mUtQw>x`VO-?#s%TWm(EOZynHa!+e`g7cs~4
z%A}p>*}D_;{IHI1k<Z<y!@IoDnqC~0oj>x`hCpE7cU?7<jAIe~jFjq-2_G)`cOf*!
zhwJ(=yTFGcaaR37C17y>M*;@0t8`Dj#6AUAn3JuA8*ZH3*W8em0T<jNw!b+mNQN&B
z4zMGVK(||Jk+Ge(+%)r!YzP=;ikQC}ED7mCdhfud%3%=p&L?OWe7=;c!`Ajr;t-ao
z*1!l?iaz<M{r)pF)fotlcEVLFE8{1j<U$9c*l?;&l8OL1a(q+vw&N6%Tgr1DHNrtW
zPlh*dZc;c1tIZUwZICFfdjxpP%*gf;Yw)*cBAyBX{}!e@L1(rM>JY|7mr45zR1F80
zoq5r_B@aOaIcrO?t6O5Lz{{ca4+uXj3Khs;E|PfVo}&bpEM^L^LY~$igQo%k%G6sp
zSh`7k)AXOK`%UMc6<^8;Fnrjc%(*(0Bce`Vp9}r!<6A#{sVC95iZJZKsrkNJsKL@7
zQ{b|I5tUZyr(%zq!%L<i-tNj(C-c$md(ueS;?>`Jl=y(${P{ZiJL4eL7<CYY_d-Mj
z^^W2YcMk<6{~Zj+^!|Jvva-EAX@M@m*q*tnwgs6gRgC#yckI#I8?`2Oh+tTV%1;+a
zdTlK}QxijPrGkS<<T7Ja|6%If$PjvB<fD^yxS!0cMY)>eyyBLXt)z}>bRE7hVlx-3
zzgZjDT~{n(e{3B;n=+TXv`~nm!|lH}kR<&{-DVMFe{EZFET&D<TiVP6fO!Pg+}t5_
zPLM-TBpQIB?v5Rm6(guX_YVTg{)HuGa*1uTKVYTvo903v+@|CInx^n6;P~$&Asa{^
zR^mQVD06@8i`9`|3+KlS#gE9!bG9-K|APK7_ZygpIBGHjM!EGg3o23u<;?Blt|j|E
zmkuFP24~(PO05;!=lzL~>mP75sVRsmg|`TyNE?Zf+>kG?W>yiCy389qWi3Qok*r~F
zsx}2QRqhMIi${8)o*N*RiqeE8F1pm1@0F?hO1art&o&2TQ1%t)94k3X>wSDfnG^;k
zk)=!9@2E2ps_42*dulJWA_t+?30f@9nS}xme;)qpr4FwV%c4J(=2|vH`_%VvXMFMw
zqq+H^7@-0xk-iCtU-*a7kiCiHU}m?kYZ1xT1Z>+qosHndBxvwXMH@jAMW@rRcU%$H
z%RVgEBk@`Q2Tt>hN)9|{uIMz$OaSRTAY|kW{j)w{EP@@|^WQ7uYUPcW4g+a7g-vIg
zTEYm`p!Lx}_N5ZT+<09cX=0a}c1bGos%lUe5$Yi_MM4{uGA>F8=bAmv95}ku*;A<%
zPTieiJE52!TFcK?)+?cGWrFLnwaIDLhv^)suDvSn`gduXVPe9*%ac$7NF|fIL;Q^?
zmi(Q>k04SgMbg1efrU5F34}+DAv@H>xG+!B9bW8xmydb+S{SM!$DJU9kRuJo3y&A=
z$bPU~;#1+gK(^aQ_J>M)0nQF(SuN#|i|o2Dc$luU>VhusCf)Zbtzywo@*lq>1BCG;
zTnav|DzG%3i+@(Z{6V4A_(OIYtE5=#T=m8W%yrffIVA;*PyOX@W}tVfH;Ik@NkwpL
zLof%ftbRh%bCU%)|8&Lckg|fs7dh*JAdB+-mBwA<2R;m{<cNukyV490+6@B7(ud1b
zl8^t*R)O>CE|diHEuSNHQxfK7({O)PB73`LFn8PiG>>^oC5C|fZM|Y%8NEUk!ouIj
z9GcjBu{3H4ENWzo*$f<>1}y>^5`RmGI$qI%h+@8FCPZObams3|4eHYGwY&qeZ6ne;
zBS#HF+hBnx7=09bLC_10HTlTUFB+Q7+4kh>5&)^82ttO_DPLbS8J?Elfe%-3^JR-2
zAU-yQdNMhRt8tNw{dx2ls0{zB$eqTXITKs6=6uRCS{Ode@k;iejWFTKOAMD}sNp`e
zR)R5b;#|_e&G+hzvG-Oz(|X=Kn%#_L5vyqY`5k0K76&5qF;1^O&ip4Sr#tTUdsa3r
zv$y9Y&vyF-#p>~KAjYT&g;idmuZmrs*6pzoWbX>?K)t5YYJKBVI(PO9Ul7qeI?%k^
z4o9#A%~I<cu<3yM;#T!O&4FS(4@fPZygzcz0Su$g<NCJoZr=jeUz%1gTrBD1YKkOO
zkd_?y@U%{aalciF&#s<e7X>GmY6zoA?VL%2u*?3}G%}euMkNJAKH-&YUrF_xBSc#(
zp4W2zWE)VAIxCGIBecBS9s#}6{^*)~-#m6FGuiiUa#xJ<zBr>grXe)c5^If1Fqp#q
zf?WH*8s^T4E_CU3S^X58pFJqb?S${A6xmR=3r|X8+A@Z`hAy~4VoMrUzF9yNi}}|+
z-)~FjcZXO^Cv2;MmQ{8m?!wVYXpXlaBGB_SQ|lb5jt;}7H0)?Z(ogTAt$o$r5FnMc
zn`=ZZ3Y0YZncgI9STz--#B?)%Jx*0(0<UYxUA7}SbZ(C+QKw9A4C1)J2=7<BcE8|0
zHoYL(rELXNoadvB!dx?uF`>1vA3g&<569Gkfr$n4J>1EzRppq?fT+0Y@HTKs9`Yy%
zeLlO646K7`_$v0g{j`y5Q#8&so0lzCu{caXj=)4G`uU)h!Qr~a#x+-e8_nl1WZFE;
z<tSavfi$c3TRE9ksjbu{k&Tk=fCca6fm!c&RVIKm6^w~uEy7rNyP7oeCvN(DIOx#%
zHpz8lUJt|nq@`)4hNsKM4q^xpH!v=RHb@Ef!pp*HrM$0<-igelTXJ*mN%%3~yVxI3
z!7&16cv?uwfMZ-9Qb7>pRA0#BA?%X|^~l-s|NZ6T!(@?{8XaI}gZxKlxBSoNfzx{9
z{89WHlKE7fz{V;KeD$h*!9&M_*_5hwuUJ_LL?eA+wjG`VK_+ddEJ?(e&O+7*t^C&T
zCfaSW_eo`&kOjhYw=6hSl_d6<Buh&p?%Ep5l)ej2o)?zuCes{^s|$pw!a*)?S=~=e
z#%EGd>5rWKGcI)tOQl{-ec-Rsqx}{&h8&f~Um3HYb69v{MhDD#^|if}<rqE9I3|1;
zTQ-D>*P_6s9(QVrbg>FcCXR(3ccBMT?9Nv@6MLG`UOX@sXX{*yQ2*szdyD)vl9y1`
zlhVd3jK5LwM}wRzM$WcE7}EG>{S_8`k?C{nCeM<zqhN_`xs07x-MvRvPj%O4=p40B
zzQbRJn+r77DGiQXq>)&ECp+j84X>QzNUf<`_i49fcmFfvQ~X^b73|=TsnlvkYzxxn
zxSKs3nP_g9?Ck}e+`l_5gr!#S7bbY^&~>2WZ-I6fR$g~+n+bCa?zAmU`0~Ew^z`-o
zBR~;XGk>%)L>n1~D=s^}ePOI67~2Q*U6dIYcQcu88rMUiE$_!fR<Iw_-$M1H3Qdlb
zQMj03vmXXo0F8g#=JvQj?A2;8pQSA?)57nW*&3_b)-XFD?n#4?X2K~UCfq6GPX=j2
z7L4Qjhwj6HVRcnugRAD9Q7UyqDQ^HCo^cK&lVAdiLO|V64>Pv$fQPi&qS5vyd)%QG
z1L^uIK$L>{b1@UQ7N>;eo`k;k?vf}E#jtDN!~xrwLRNtd-RkmjvoP~p0%1&=a53k3
zc^2po{Y=N#8`aB~A}ZX0*)M03SeCng>(^w}9Eca=u!lPYO%y6<hA(&<*#{Jr3JKaa
z)CEJb!YijH`WFYJ=-eOwwv@6WKzN)q$jhnYtY@}Nlia&XAuJs|SSuJZ@+N=~3*(k!
zyWYCKqf)Jzm&e&j3goO5RL**B>WN*qSXJj%+6(W!*a5sQ7B~AQnj)^Cu6JBCXmd{C
ze&6$3VA<4=H~q&h=-)QOKP_J^;3|6*cX;E*+JIfI)eLi7$p)7M1R|XLyO2`!p0v)2
zQ476<eD4gx{Co-KPSI4h8({0&LhXC~3rXpL+lM15=h{duc+;{n20qFeWoB9i1aJ^=
z;kk>9m3@7_13K%^LJr-{5^xbqlw#JpKchj|Q)+p582K4`)cs7{!h$8{S6E3J*50v?
zqrlFqPx@6b{$?FNqtZ-hW)Xchtxn2M@}<iEDaDEQB@z(~s(;0!^demG)M+p%6`Z3N
zKEBi&Nt?_{suBxYVu)ZcN!`9N;F=>nvg8}t7yJ!p_W>W<wqW)O<`R~h3N;z^>?lr6
zg}^ox=GkdeU6${umQ9OjK?ptz{-xYi5}9K&%_uPu@lW5a+NlS2O3bZw@@^9q52ivG
zhyO+mK1D*{Xs`N|QV#j&O5x;XYe06C^@kO{q&z1=&b*<_8;9KxSv^w;wN8DyqWPiI
zJuc-=q4+hTNaR}({GQf}BfA;GW68R`YXB`o5h3(vsIk6`IXTTL;=!dOgdhAlns`P-
z42J(Bha8fb2_MY&G-mx!3lrr}P>>6Qb6Nn~K+<~#S!}f&$n;2DYMdlVMuf31NzRJ%
zhZ=9F2jTs+sNhKB`nsgpsuK>R=T~pfmm4EOcB;4{HZG5fh&WzE&u`dqEMXM?$kpzh
zUYd*?k`M|6TI2(srW+0SD%lF5zy?HYGK-5h1WMoMs`L1WtP>~Y(M#1yFDLH|B|F}R
zE0aCx)*A5ACxOz#wQ;4>uENsxydhc7Hx(t`(Lg@Fl({XeP-oWEh)uN)!{=#qeC6^)
z`uVZO08I9#znUIlQL*`ViMMGW<gvLLcgwqWg0uAWDDrR~V6jcHULnw)c}U%&Z+9Gb
zhB&HAeA%`0PVxL9HrCI9T#d517ZiFRg^2*@0WHsM+dQvuf2X_g-xZ$+y(Is$?bv>d
zaiH0F<{3S#3R}pXOBF~|EG^}~O0}I+0aCbD>2m06M!QeCbMmSk@_xz|Z#zHSJ4AJO
z44{N}q9WRhH6dEAch<u-6a)yzuq*CD1Jt?DmAnJqJ9}fTTiCls1v!|Nq?M7uqwcR=
z_7Nzq@PAIa?qB(kxoh%R{hw38q^)!e^!OD`D6Y)*r9d$N(JT!8s9X>NeK|vX-l}L<
zgP<mf@&cR`P7k-AywDV(AVX!tO$!gE-i<RO|1e?@K~SFuqsZ=~CkteBsDgw&aW|IV
z1u|6N&c-9u?>gEvxU@g*Aj_rJcxQDJ8=uSlNf3+qU65?iA#k}G#9E}LlO-jD_+}j9
zDA<GnuE!cRpcS+C#C}yjGLF(_F64FSdu_e;2o+MYIfhVI4s&5J(m3gte`X&Wei4Yl
zG-X_1*DK$A-K@LY9c8bT8XD4#hgU9|_;6BKclH$W1dmu=9Xyh>!<hmbV+131#t5hj
z+;i1&EFL+mtqDQfiTh5P=D><gsplTdZxcJLk#vd>vN3fOs@7)Ho|fmh%A9^|Q?$uy
zZP0!bt^SBkESuX0ts-SLg~F#1(5g-(dpMf<H$0VAJOrIm25;hl_)+(<E}1P+cW=`k
z{Dmf{Bs63*_Z}BTR^K+v76fb6_mvl{r4m4?|F1W6HC8y0Ew<Yp2vdLT0@5-jJ}om`
zEuqv^s=wK6y)j|%_MGr3ML5!xm!@Hev5KB(K<UDasCV+^LbWF-rf58EObK@DNO{(p
z@6<b0Q=pb*xiefX51o3$7K|DQVfEFkg(*BB6-ir$z@J)UBm6M?Dd2oyJ|*9dC;lp?
z+mq4OUG6WpYim-{lSj$wj^1Sp6@-m4y(u2wz94gNo(ZDY<-J7pU&9M#rilL4E=9`B
zHpb&bX0wH-cB7G?+UQlm)R?7@Lzo!F!x;aJ!{Zq4%XHIO*5i^5hpC-<xj8<$pJm=H
zGw5f}mF6^bBKcMG>_rakpznEAVP~D8|5VPriuICC-zglvg}077N5r!=+A@#j>bbSn
zwVbh=P^^Px{IAOJr*|RsN>uuSHcocv`@Z-QGe$j5=@DyEYaS`(Xy%h()gdRfczqMX
zx%|>U^kRyN#VJ+{*Q7#Q$r!Syn)S<G8+FVvV_OXommjgF)$9MW{A60^jHQ$6!iu9h
z-i$BLvL;-orS~@bk7*d9V>Om}wz|i|_OzzV^G1r>6wDF1(}y_O`PU(H9EG)Mti;x2
zK@?&RhNe-iy>9qjH-_%NvtSuAjFUgcDV;0kS#&8Fzv_E|HH5i1d{#jPuLV|z;-mUA
zx(`PK(rI0>h>2lk8d*D751@itFQeT-V5)JeL3e?Ky_G%WMqkP&!uCC0y}*wLtoG3Q
zM$^LfsLp((=gGlYG&&%o^WJGY(9QYSu861OJ21ZBEv~Qo&t{ZR0W^gUYACD`d_b|V
zI^g1k>IV&y!!~^W1;{XR?4i}!kdY>ey+DaD9~cc3TkHg?!@e^I__8(zH08{g@8`mb
zjn-xfOK3!?lEVf}UJSt`&BedemP&ECY&$4WZaKbUEHTKK)NO(a0l*pXH<12D9CR6T
zG&(?3$?H;(A}#gJUn?9;YSZY1M|k8o$*zd0;Hdu|iYi8M`{@iEz7^Tab*^;4L;|#y
zzn&^E;6m7scjuYL4Vi#^vUE&k&W;yFG-od|8E=F8{yseu{D-~R^<Qd%xLh>oKNn=W
zraV|sGubhzX7%KxGO1MOwY-4=bPo=>za{;9<M3+^ZqRwVzrg<2_4Ld$>Ys=q3@gcw
zy{Q_1A7PKvM3}C3uJZrTq*<3n08h(po(#?&uxE<HQ<*{Oc5?~ask`Gem;Xjxdyf2R
zyE~AV@WPRdLGuaNZSP<Wgk;gLvdpGt&Q4rER(BCU&I3+nDiC42zV*w*z2b)Z;@PJK
zlaUqWbl^2}3*<#KTRf0Kbc^>|DOWlnvS%(!CiunlOTl_4A%@)!#F;zn9TnVW=o07-
zT0`9vuTHf3-pqjRLDoIGFLSH8A}f+Ts#U0We=lltA*$N0f_-w`Ad`-Rxk}E_%n07L
zP}RW{cTqg7t{1cg2JY$5kota>F00nG_{6zp`Z_+-H;A&*f!q(7k(3AWM8Y`dUI2D*
zwO&Xx(}7zxiJ+kGyCH7vQHe4XqEniGq?dqZth5YBNhM}z$Sy+$yPa&42A3u0HV@Gh
zeb2$&_N9dE9YFU@M8O@m8f=E$y!*#G6!!MFR`er(mnly%0EX$8+Wz>fpx*pUesNX1
zpV3P?WoD+pcVbgH9lRowE%<ZmicR79zg>kaqpgf#|6&6ewX-;X(k|+)!GHa1=|W?2
z%{slATZ*R@Yq1#d!UyId^(D{tE6j(lZ%Uaa>94*SP=ut$d)&Qh{P9Z|-)4ksD&VYj
z<q;)y`o$^Sqhmx!LAKwvKOl`kD2HW#4C}>%7jqh_BNu%C1Xw?i4>s&-yCMaH^>;+F
zY8{@xy+Gqh-w&BoV~z?_(BVaUnMY2K*RUGFQT#WdF$M4Q-x3@L!Y(`ildyj_UVDH8
zZk2ajODjJ!$&}d(;xDDL@kYNXulg^MXYw5`P}CnoGN;q*FhZgxTt^FFVoQ?H({-W{
zJN?03+Z;GS7T+nW)X=`ZS$Sl1YkU;&p!%8S{H+0Ghd}-O0;E;9f|M2_FWW{UcRVB5
z3vNyQ7Z_C6tVkTKfIgRrc~J(qQtU-;Rt04{$j|k-_}7K6g#wI2+X!(76}h$m3v`B?
zO0sYP)R^tXoSuc|743a^?QHek+3#{JBUYi2ANlIhmp*4EXnok_6_8LF1T|OOyX9?#
z;!@y~)j&FSNT&H|c+RbruIe?dLBY_*;GRns>I=J8&|Z@GM|7xW@;|m1uhwryKO9V*
zYb?7w?B`c<mmz7acB3_XK&kpu?C0O65fNXoOlC(C?><Ajj0?#tOPHz!lN*`~zDcc|
zAlb0n^p(zZkQ|0V+)*DrN}JWtLdL_vs=6}5!T)J(7*(jE)-;^G!zn$ekRwaHi_0hP
zl(L*jokrJhOCOFXz~$9RD=gV|fu2s0qkUlAUZ;6;d_O}UPDb@gW+czYMXmkP0#{)|
zESAJ{c~bk9n-G#VGyy&r$LBZRNFcsEF;;n(4Ku{U8xl-6dwo!GtWdD`8CR}Xj{4E<
z7Pf*O*Y=`fjj@9lig7ajnA++#Et?u0{1=fs@_P4gn4jl?O*~;IX7KJMHT0a!V#tcM
z(7O{ypjag0vI7wg0o!3G@~f}qh=Ex#63mM_0i#Q5f|@nJr`Idv{6a-N=!E9At4ZxM
z=|rkm1h~s>j<s<0+^fh%M|O65;mY_W=(Y#)zdXpCL_Yd^kXzuo=t>sgj?bbuk1?W+
z6CWmvYlkC*nd0(53%GSxhPjx3K`#`17zn)2Izc=#tb#rT@?K}-U*Td(3euk2Y$7(3
z*7T>0{eU*U0S%7lX$M@J-sIc|h!#Bevl>enCX0#6crWawrN7+1qUHH?nU!qH2jtAv
z#`xDGkAk$w_K-g5ua+*fi!k@1_^Utf_KsNk#SsMdYn^DgRT?4K4?+lR);J9#TBPl&
zzGZFk>#NGEiXj5o6(+A;{@nb@V}fF@cS4YjNO2TESUl+eU<GtgHaTK(b@iM_3q^d{
zG9Qrx%o5QrqvFH#;`K!A3E2D8)!{FUou}iMD+sH|dSqOIhBk)9NgtrI?M#n&>#-vJ
z1sQ#g22n;1@zs#iT=dCfFO03&deT{B@tE;(hyck~1GU=1+TWHwW%;5Yw#)Q+cf|ym
z>?!XD2Z+)nVMc-k;8n}FF$}rf2>Duz3m5{YHMaJ>LKID5;UBumASj0Wz!~Ll!9f4R
zdRERe5ZV=MrifDh%jbHW0oX(NK>k)ZNaGo})bPxsP`V2v56}ZoZrQFDS}4PXab5<Q
zqppHp=*J>;<G|FjRQz*erYf>hb#xFii7c~$?GyH$Aoqgj7?f1Xe@Q7r&nVXK@`^vu
zzU>-GSZ^sRsOzmClR9fzHXDoMwUZ{Zi8Zmb{rWX)b6=s_?v!6{+egpnn{9ZCCkwB_
z21V-+rW|@1Zqkw&VRijoz|cS9pz<tU>)Fw>QgRujl<p5xDM{{cDM=Xoc0*5(4H4$n
z3EQ0chuhX&AGYOh5z#OFG6PqgTAuKD3Br|s+|XTpE076D-bjq?Yq0ZH)98bBOdLMh
z8qS7<8{pRh^1yxx{Y@+4H^)~gGF9906T%)BADKc0UnXBy-@gb01=5r+;q7he)+*~`
zDdEP|?*4*C8Q~ILFZNSF;pW;8$FAY<>D&=BuSpV#4$H%gY;8C$V`xz3NeQD!q0)Ra
z(*MVt2fT5`A2O8o9p_SKxkdPV<9~X47hur=9Ovi_dSRf~tVBXx{%hJ_<etyBOmy&`
z+BaSuG5fBqknyHfIqsLC`l6AF5F;`FS4_9JgRLO5E9G=hBxYf{t>K9Ord<dl{59>|
zGAU3{5AMGsAL7?A$Z2{Lgr~R%a7%HWVp}&Jxyng*%wrjGQylrjk8;|0v5O5_NJ7%C
zdUGPCBxd0=x4ttWpKh8i=7wljW;4=W(4cNt#|9=LMy#;0Pk3&^4YS*&-@IpjZvIcC
ziUl;*T038C(hd|eEhf|hs<DvBfECDr$VLWJJVF5#vg<G>9e2Vai8>$>^N>;EI3PEO
zlOLx#4XZ20=oLv&XE**6W$ficKY_QkAav_Z?L{i%f}~Ns=2w=wJqoApWZO0o!#Jh-
z4{X|?XEGg4(vEDyZ0RJ<6W!j-LS)szVFqQey~MRI5tFZy46P}(btZ18F&K-zRqDkn
znjG#1%iVJv_APHm_Lct*wla2@St~2gWlpZ=@dr7EXdT#NIv$807PdXGj+`ezQ7~s?
ztkFblmQjb`P?XWeq2c~ZGgB`)pCI#)dRI`hFNqPty^>2VYU-%imimP0{kp;hWwYgC
zPT7U=cz`QU<4-c{TYs0>7dlEqRDyoH+(iQ>PmU)e?3YFph8G5!8^E})CdB+|OfmjY
zd@KF?jNKVj9UI8^O|`q+4-|~WjOECJBn8^9qL~miG&H@*6IiT)DZ|$SJlQE_$)=J#
zA;QU8{*0Sm!=P7*^tWc5RvBAJtd~k|=TXqCoF&YDqQDd@&xPL7X+$|M6l1HDa!psp
zzf_Ka*iAGAV>#tuLN0BI-q=Bvn}#ht-JNE)$?ui3`%*Fz+{YT!@s;mTBc^A}bC77k
z;y)}-HYO+a0ZNZ`vm%IMd+~OpDgM9Bg#sTjVRHIuRtYYR9PiWo669k6@S(d0{R6&*
z{3`WBP?dHpUpX~_jzolvZ|W(AL~Z<DWw^u%prwMSj|UL@b7^{sN?D#v#?+)Hz7N+#
zg_YV7^IQ)#&>3=z>Bg$+FLwcvF`>dw``4Peb+9LTzvB`LwH}kW&E~vyh+up2FFCeE
z<w(dz?$5^>__rR}{L3vRH86@R#fj}3t?T!4+T7anJI}p&P6ZwLHLRs-=TcJ30o0N-
zHx<X=Z^&`CtYtk{U}5S-VG-T~4^2CF7>(%SC2F7bvm%zB9R)!^k0ZI7?TDB1%S+O4
zPvcwjW?7nD8N}-CZK<YzSyk3rdQ5vOb-PB(3pWx(br0!okYs5X{+edU%@KAZDB{+C
zR10Vkb50_pdrg(vJxIyvwQlmnKgEquM$n~e2lxl6cH9t_Iu$&qni0J>p~av6gj&1`
z@dmrLzW6X@zT-gTf!*KpwG-}Zz38x|N)5=tayMFkiFer_WnO$C(eZvC`3JEh9-k~d
z*BTS^e+LFOG7im#D;h=w2|Sm*VnU^*xNJz?4MF}5Lgr4aw__VqEX(mp&tcWTHGtyg
zONzxG^W0q74N|qK5Xx#%!Zn9h&Q4vr?~1&WA@t>IHiz?Hm8gW`_L`P9Qt;*iA@6O!
zOpx&MD<8#o7V{2+v)w91Cx)bND%15fwL^<0@}$@Oq;lqddaq><nOM_i_u-cv)-Wx3
z@22J=f$pVdXFZ}tflwPn>WWyqZ`NNpMulcO{Bm>B*bUx*%y;@9F+k40RJU4)fvFN#
z3<35;P<Wt=AF|XXx;o%np78yWL5<-TZ4?g07mAU9sXqQEF6>K;Vo|mJ&>V}$Wt_d&
z1_GJ8%tXI&GIzBaq$((H5zVBeU0sKI75}!FFTc1HS8_wk74<QB3T#~yx+4J+O8P~@
z&sWupFlaG+G;Ma&@EY@sH!!(O!4slV1f3AORJQ2t{#b#>=tE-a7IyR)*c5B?!kC=#
zLW%tYMYb#8bY8T!(XaMZxw0R57IhmbHlF)jcmc4!gH8Fpbk2lC-->oa>)7sOPK7pP
zx-dvd)maJ})<49ST3{MF+bJE`U8y&ie#EbDu&tyc{uc~puJ*5kfRjZ+h?0>)imx!5
zaTpQy>msEM#k0RJjS0j$5NL#39JNWjV+-7PE*0|lwcWb})PW?$B_Opaj_FdmdamlW
z&J>U*d!TT;u{)($+J+a<%~#DDsjGae$w{d>q5q+=n)N+n$#DLU#uKxe*jmCt-~tNP
zCwu@G+Vw~Ep}WbN&)<ho&?6fiTR@2?{Sf^&v##A_G~$9#bZw(c5is+{Ba@BTqjQ!<
z&2-U`&@=BNg5&iHf-Xu9K&4ocLRdS)Jv@D3B9{h|ISC%0(5t;2+Y~!3VV+DEE+#(3
zcu}E&+afr>?(?x<A3hyp&_089V(6J1@>M(g25f#^yzh-mW7le}+Oq;xO3~VeoMr{q
z+9#7=GtQOH35hy6(-)9&g6ul#Tj9w@{9hU4u@(9}wglcc9#U7=-yKT2m`%Go?`;_H
z|9$_Ei<lQ#;RG-b3vcw3N7EHt3WA}0ZmCBgE?sDf9z&bJ9<kuyNUN#bAiK_S!RApN
z1W7Z@1xu%N@u0<&IBSbnnK9KHeO(tPrw>*If^OMRQb98gs}@jSmrlK4>qj{NU}$je
zKh0+9GPp;adlInZv?|46Q5g4D#?{zme!^KnjUVWF!sVbMmNlg&T{_1J69$%^0jpC?
zCJ0t3%!4i&LGNw~OhOoLj;jDCSZkC3Z*Z4OwwrXK@8WKQ!WmIl`>IipcsES|9X$h3
zU9yF`x0X(8auaZHhgBIl3mC*}bYK|yyLiDL6_~V|xiPs>#CI{%3F8qVE*sNx)l5M8
zSs*PjC$CKF&;`}|Azj7E`lbV0!cbK}1|gzav-KV9q~6^cfSt!4b?K6x*r)#Rj;ZFF
z$@%(yZy%5vK-Em|ryqH=bNt!W7!IVITbb-4W^zJ5l>`#M2rUC_XAt|t1mrTus4&hm
zwJjP#2})|bJqz?-LR%#0kfBR+1a{Z2;Q{vo;MzpCL#s#cfKObhbPnSS(mPH{xEK#A
zmy0~#-GZ1FywSwLJn5k^bb0yjxQM1mV|Y#(#-6XVuXo8(w*rSy2xV3>>Yv%8z4%9I
ztP<YWZA2Zs8_UOqN=Z?7<>~nJSST2ldf^Yq`0Wm4&M(q;bk8p(+Y-_!ep$YbLRdK)
z&`5PE!{3w5RnE2Y4_5dS&Gx_V%zx>vbQ#I$aELx&?WKo2!(u=>o~cF3*s>{XB1_DO
zd@%;FdI;-V9M<5JHqy!FJr<y)za}QKl-8v1RCvVapCr%Szv+fLECfbU=)%lFX51#)
z3wJ;daup|VU!bvC%p>)V#w^I!KjR^&pT<2^&yFIB6IE$-7J`!D>%hwyWS(?XU%x@z
zL4CvC!OzkwOzb|Ij_<3IL<x?>dEm_0_iy;{2Kh={!IDwfZ*6p>0-t}n`}0nJw2VcZ
zb@l;e1+_P@ZzHz#(DQwV>yzVxyo8XcHSRf~1SZ^g0XeiK*3`NAR1a8fA6U5pBrG&U
z1<uVN#dPpaka;xlr_B&2EsqPp(aI~4hkA>DD^|^+<ojI<0R=?_rWae4>jPY4_Tn1)
z64$X)aXk_WgM8r=(WGDsQ?{IPe@Mm!t?EIv$&OlYS*fUlOMY7Jq|X)xSdPI;o}Qw_
zk>G_5PCr3w@+4R9$XGY;2y$<vsbI=5gHOewZ}iX4I^3#q&=d4CSh~H-w8G+Tcesy>
zrc-Cn)i`De(8=5LUeohuE6k%QlZ@5lgF3pw&5_S6Tn8MbXRz`*x?u_gcN1q^!)#<S
zVY@V=>mG$ZE6@;(N+-$g<4o0%4{a{Qd0_da<OkH29*eW;ofSLSnBy4$y<Ivrz#JId
zaU%Bqx9KO}rEp>mqaOUzn=|2C9;f30#;|eB+l=K$Gs6xO^sFZM(>IYT=k_tX(@0F^
zYRAm*KkEgFRUVYXszl_=PGm7Ti#(srO^h(R<%?o?xy04(%n{IJ%~KpiJ(^l$FRBB8
z_A5pi1>#}Fg-+dCHc{0SI&iwD9akXN9|AynxDvE%=^?RzGqQA8QEL3QOs%`@$9wNE
zfXe+?K&Ip3V9wa^W||(J4Zq*AaY~H;fyNo_p$^|W-Rl32+0_iowCufdFwa#~8hyF3
zaK!a36cqtIth}D9J0VKY3r1)lv%cFjDju;{3?J)5<-BeUFEbb_JJ6})#t7}}PeO+{
zP#xs9Zc>fYl$6qvqvC#1blK3n_k?RT3_3Y~NGNc>pJn|9_ayM#aV`}?>u$RLp??ay
zWg9R?3ayJ7reTcbSIgvq%g6>&Be;uT(dW|rIoYY!*xO<a0_uI}1P3Mlit~pi%(Qyn
z>U!MidOq}t^I)N`&j+9UUxnq~iu7+5Hx=28K`inY9(Ni{H@a~jCxA&tdV)a+#Pbc*
zG3_2IOl9dIv81rf7~Np2bb3WZ$oy{T%m^O3Xwh1iU3tGH(c!;Mq&NWK-;*t~`{x>-
zFYru~Ke=s#ICt=IR`F(C*yyx*hG4b+3R*UtG5GtX!KtrFBN5MwZv=+LI?k5L^>tz5
zL!mLsD;=yV?G-jhSPdDwaK;tAOy(S~h#w4OK(b*zKCQ*@fK>p?u{((2xi|K~Z%Yq?
zn(`Ave<b>Lgyf|dV8eNIV9(V^5sLLQCbR77Z^iS!6}nMk(d#DSFd_B8Rq2(joIU~T
z);I7|S`N7A^1s<4%X(vs7|<#KyJpWpm@=p6Tdyf^Sf>jo?uu(6>SWqpHSUukhj}UU
zErcH^5I&-e0;TXN5MVZvgQfc&YsIMKfuadbZq_1kSU=>MW2jz@mhK=IcLS3O+L#D<
z*P~LQsZLNEwL`siCHiLF+X}WK*gVbrs4C*R5WtR{<%~FZ9X3I?_Fi@!3UmhIh0(?M
zgD=D#GrEdGayZ`853)o8F1fqbJa{hWs(P6-!0ny-+KHx&pf(s#aOHj^n)hYn@UW>_
z>0JQ^imw}pTBy)f_(5xtapd>g7R;2~Ubx4W^*A=nM&;|VX@2k2SraknUtxThOH*Tr
z>AajVf95wYX=Tb!_lQzuK|p0Imc_k|r@^*sWKn{{Pc2O44WR@zZb~0X{S39qIEKD$
zHtvZO`v*cG0Nvq8t&1`{oUVM!{fvGwQS7A4>0P&q1rfBej(54*i|SeIQS!lu>6>(=
z|L$M96lVqWb^RPT{X`~vU`<(B)FvP^PxcW85W*JRcpXA(y#+~t-^WQ|n!BZ!q@VnZ
zkjuP@E@=`(qB&9ibU5(99=4#Vt#XD5v~WHFq4g$TRfwfkn-pjfSwIVt$R5=~hu<VG
zVuG)y#gT8kw9Pil322_vzm7c@OW&OKU=WU_b}uwf9oHempNjH(;_SeUk@)u&VyjAA
z<+Ts)3)IPr5d3^+T)+*nxq6^;Fsx5{?Sk)h_SJiLb?IP8YqhP-Vaxd=VFV*c6?}JS
z`8z#d3&V)$Npv-KbVe&GX?C^BOsm%lQdR3ypb^$IWWzi3u8fOlveb~`@4Ov@h8BK@
z^ig4h@c|6|CB@NN=Vc+IKDIl0xGaz02RgSWyaA?crs|Boms`tK$4^`w*Jb=P6~&Bd
ztQXbWi(z8<jmspzw_{HD8oY)j{@VNG+@=WHM*B~o=*2)vZ;<esDhXH1Gels_n#sgC
z&;}P%2Al4f3v){r#Ba-x-rBB{9NnO(Pf$5Y>UPJ8mr?e;4CD~@XD|R?azb5&klc9h
zmfSuyl*W_}936x-CO*(1?GbBu#$&k*5@;U!q7eFTXBpZdx#$f2bwu8LSoiP5g_;i#
zK73~aDPWC&d-J*>>E1m6mgGN~vo&9vWP(m*KiFqbi|IQyx*<{)1Mep?W<iiS(&PQe
zlq?&@W2G#hF~k}?4}4r$IW{FS5RR&9KmSaJkeYVXzjibj$r_JEFodG1t<ULnG`NnG
zzc^Fp=Z!ay?}i%*yXOp-DLFSuXG>7*tyg3qWSN1irz$5Rp};ycvQv>D0C!~rVh`tg
z6sH7l5|A+h+pvTY{n3tgZ9zz771wxdUoCczg$MphuV{b=MllI0*P2Z&8cmIr%S@^o
zqnVh3H$N}Vnan&s1*Y4a?W+Wg6u1P!uJdI6tW3eT>(mATj^y&@5v>g<^Jjkk$Z1qj
z5z&NA;g@~}L>uB*Mf9|R2xZsaDeyhxfK0^pAHl_|5IKFNcd~1CH+TS_>mp{eHaP0N
z?8LEi4cAL|tu#vJ56HdZeP42i&qA@{>VVTfqeZ9U=A`=<ASz(Wd2h&TG6$Mw3>~VQ
z&(W0si2S4e3r=ZK|CbU2404D8_96tZ9`$IP)s~rX;p@5ZXhF36o8)!I`nRJEjt@v4
zQCXmsTpo%fNn)p&GsQdviryf6*2Wcu8Li)JHqy&K3D^bktY(ydzJ3q)+LXtseZrpC
z*nekO0eGwTE=DD<C6S8b<xH=~*|mET!TIV=Wq)>D#(JO6s==5bAbr1df7{vCMQ<K{
z6|qn0@qA~-n_ohi*h!kvs&ra}_AFg$JE*ZO6Cxdm%@7sh`yl$Y?n}FU3pIR~bi|{(
z!5bnY8vvTv{VpbDM$)i06;UsYb!qm}lLL6wPYP9txhmGo24y7(SHbX>VrPnva(XnF
zlL234cOniE>;ji=<l3!1ew!JLeo*kH01=y%M(w&z_#I*;$SoF?%uJ}tpd15{{rDsk
zC#j$5Uy56QgMi2$tcMKR&`BgnOk2CFanJylZmo9ik*FqIM9eK>IBbp9bMKEb$N(xA
z&1qM?V1#u=M5G0(AH08e<|h0s^yYxAKCZP)#-Ozh2TEppR-{;_gFT8G1Fa|aa<z!H
z#n5m;&)zzS{g%rSO4w`8h&?b`t{Mh1A^VntrP9r_ukI>2B#GrHhl$3*G)v%?^?c_Z
z`6BuYt1ITP*t-^*X!z%FgOhp?v2SC_wqy#oOKO~htgfG!$w_KMlL3)2`DiaHxaRjM
zvu-c5yRd}$wl9Cns!8^QaZFH+mu1fjcD<fcC-XD&p4}4WOjM#ZNd<32QxSd*+zvcp
z-!RYIs&z?14Cg!R-D4>tRGaWWt}m5c`?FBCKP9(7@BzE6vf`$W39~0#7Pfr966|md
z9b1<qVm80T@cYswjHMY7H|cCHSTry!QJYEKjrC26Ysc6Yfmh|i`QR%l!<t*wH%`y|
zt>$Q)gqBw;Gg><tdnA#oq9@c1Aii*sYmN2p$MNy4)G@9JGwneY=ToF}#ynO%>6Sa$
zM8W@<POM&B%{j5I4utK!<+HcZdea7EG-6FAx`oPzva8c^q*r1sEl_W^X4lE;GYp;G
zO|YAYQDM76L$jI@Kt|x@F9S|m_mBH_&YhRtNd`xg2}MY|Ixlh5yceYL&ux4OTt?c&
zSO!|k8dRhq&%?t0RdfM1dyMnRsZ%*ta5>|sNx`cM55LMY2kA7k@W6#RWl1cjPkd?4
z!A{u6_Gn7(`H>bf-c!52#=0TBL!m|(+@2`fF)RT-Suy;Rn+vzfzaF#j5t7ga`i%Lx
zA->!=v(jNgqpcW5X3e8mcb7bvQQRx}F~JiC{j!J3+--U3_}GuROl6UZxo$Wp1cn=l
zQ8M*}4X~7`L(csL+izeUpM(Ql=J+ORO=MIek!07}owD}Tk=Pjjr;_iJtOTVzM1@4H
zEd`Y3itLuzqR&ed%)9@3v_oM&T(ck19o;H$wl>m&H`3r8Uu5$v=m@EpLb@aQa)?$r
zAv@diWPwn6^?fW}z65s5NAOa=TkYDgDc9o&?efX&hYd&cal1idX`u6V*{z&Y#Uzp_
zA=$`niK;sJnD(L9ofW&>`WVdwf%1I|1LTn`UdyB<SslN7ZM5~E?vj5Gpk*j|xATS+
z7PWEIE6NW3?{N6O@A{=WU^Mok5N5mnW#(a~MBl@G#)PcDeuv&G`W|>ucm}liq(X4}
zqwN-zf#aqUp0@R_VfHmO_P_m3D(TOpIN3(^b%Q!RoQp&X*i6u(GyumD5lRmVRiWGI
zdzqcUg6w1!acK*4sgx09?tR+%K-Ar!1iu70-8E`CZ7nwX_o-^-W<=tIpt&r}JVM_`
zfPt`dg&Ta%i3MtdWLOw-&ce;3(Tj@PDNK1s*T|%>YDh45CChtObEA(5cpXPm11`w5
zt={76wjp7qp@4h!Mk$>^a!0sbSltZftMGrb2{)@-%LRX3jLkfCrA>-e0_%xny;ts4
zW;W|>i~Jg3zFIKYe6h5F(%JT-;ko+d3au&4FEcE5yep^J8fIW@jlQ}ZrP*l6)t6K7
zGN<`m15mUTxJDy!oSx<yjtf2X&|mIjK$fSC2XBewFzDko`Pkq8@=cLY7)&t=X7A(W
z^!nxRWg4**-@C;TxatdGQdtX3w<HyriPt<~%&2PyO#(z}&f6I4`JsYFia&HtOacLH
zjR~p!htVN-6s@rSc7_E)&s2RqAVcke*k0uF>&3{QuYO?}r@{$0JdJm;j&)~xR_~WW
z^<`it#G6VEJ@JF-$-`@X42p%jwb6CiwAbki>7%g3r@&^>Tc-{RpRJt#<@wdruOWh(
zZ~f5v54->1Z9Gj{zot!Gq>O?i=*(zRsd&$nfstxTe8Kerht-y9O&bnr*nIj@v%y?h
zzIuN#;<#tos`=6wG<cJlB4#j`{<$1}AEz;e)LDRPun;yTI0>F-lX#&N(Upv^+%O35
zbjl<Rp$<wDgp(ou4&ZDsE||gCyN!6}Fgo-wQ$(>jtfBlNwkAx_k+tZBclAH{F0DX1
zj46*}q6UfI4<a5Ln+dQj8x$c)=_`SOdd4Ct!aj;`h;wq3F!wiX2IvEV-4>+TBk~N@
zgT<NL?^cJHX)(Mp>Yf*YQR+j{Vy)DeR?}{{^itMIgQUk11xQP}7TxuCFFPWzmfv}O
za{vG(hv*b_L?G>MWzG~g7oWE-f|&3HH*L14>Il`t`2Llv^L8EKxlGmO(uqgk1boO~
zRNeBN`srcQ=r}g_mtKaODNtm%J;vBo-n^*fMQVzsEq4gccMB2Imj%$t?j-{fcU?Fn
zzelg*R|{kcbS^)98ONMVN%i4uDqR%4?}T7FB#GGRKMbLyC4D67u&phg$VTYw7BxU8
zMZCVX*;8RyJaDM1$Iz`DJl2$_6xBqu^H*KdH9XAm+F6Q}(I%MX$@4t+@|Ku9eMb6+
z)8OGJTM1yDO}xIH;51lDU@W7y0{SB77+k7!(8vOZDJ|_F#JzfR)7xW_X4sv{S2#5m
zIVwR~4htrUfZyf(YU8(9@5~z9ShftMMc%#{roMNJbOdg`1WNyghG1&?26p68Om?h-
z)fWsz{8sxh*%Dt6JfEp>C86mAgyicv>l38Ck<|Ohb4TR{+<FnE-tbDNBFgDR8vg}O
z?QMtkS%;O|@DNw=3E$&hU~mXW;cbv8T#@cz$dX{O_Um$qvVR(2koU1JYt)w=vgSeV
z_}cECoavDRR9BmWkln>uDiP{E#Vgh4-uWMchwYt*DE@~3=P?l{0PxV!yedGOngioF
z?~raxjX)5~9U48$#3lDPT`Fi}YrMTf)$(jevKi0+<g!Km*jCBFXhkBh91e|o<D7l2
zwFsje9G4i|^k&Q&HwoN8UUv}k!<UqtHxO01iA`_(Okj;wGmyAELwPNrM{Uu^!o}EC
z&V(gBsD@~=X+0w19k7mO80DMeetI&biXm%LI1%$HI2)_n&_CzklzPdop$J>|G9Hk;
z67`37Oz{sps4pkxcjbr)7blP@7u7F3I{1?|FVl^=)kPEnsOsrTlUfF%XP(+JjcH`;
zbcXJ0yBVk>Z*L-iHRX%^lU?YG+H_&>K8j2_UD1RmB(rn@k3tG~X_N0_tEhiX?>l_`
zp9|gG|6zDqq_78kTF=iUZV|s$Cxv2AN<3&LBJKfHuV{V8%C>VFWl{3{_$<?hj$Y;M
zlFbHU2Pb*U8E^~Um~dh<q=(0_{zv1QgAZ%X&{zxkgiAo$UkRJY`-ZP^L>~jwRBYti
zRktSE6{#iS?7$0$jWQ*<3N!*6kXb-vPgk8nIb&<A7Wr4PNj`y?3$dbOI_$d;DYSv=
zHW|PX&vEFAj^O2V+*ZDjCdt3__xe5Cak)o|hTWlzr6aH1|I8gOcO90DmjAwSsmtHZ
z328xtly4ECuF~eoaaJPXfk~gbLRS6+XV$@4imsOm%93Su#f`)GmDF?AaFSOp6xBK#
z#Htz{1e$Ac<^!VQyoHc82wE%54uib38=o<E$6-a{0Y)_I;2zY6D8)8p|9B)L8{_tn
zvD<Y{W}yGjGkU5YR4^M=X`%FV)fk1=hxW~w07pef2=COIHf6yKCr&ZEz>7$x8m^qW
z)FA)R*TYhvfYb==u$;~;EYYOxA?A&RoOvfJ?rP1RDS8iL&3JbmGUl8@^zCAl6KO+_
zwsF5+_|<t5-`3{$LkMH<W2P2Ua|cVTh54W1g#R@V&A#h@7=7d}@dX;*yLnM7Z$I*P
zm_w>T?*7?Od?^E~TE~z6_rE6^o8`edcG!Kvn=I??miAr#v%uF`(#hPiLQQ=Ib`1U5
zk%>|@iXk@G)#MggGfH2>(U!Qj3vqGxFLajhQw7+{+`9tLk6*>wsQDQIKGuOpM$d(d
zRS0GAF35zEm=)(Co`qw6Y<`ycNXb6NzN0~8#Z&O$0!YJ98#^?mnb$n^D}0Wkft9}F
z6LA+|C7xzj7>VTG7;9XP!Ui57n&g)bRop6+_yihb^OdwVCq|rZWe&1tVtQ8>zwdc<
z2e;Mgm1GbeXM+H1IE!j~-f5T-Wgg8Z<H}gf0)IZ3`|O5?j5jN{<C04;iM>c+0bA_k
z$eEM@5m0A5qK|v;VkJQZ7DccrA^>)Yv$myA4t_kb<yzZb&#|8obUt9H^s@vYEAyCo
z^V0YLx~R=QH+wyIC~Tgq@u)$vZdOnKMZg~F;1jfXzO>nop_cSqpG3M_rKN~|V6k~n
zN(QLKr`(87wfI+&j1Q?O$wu>FC0kc>i*}iRRoZc+{sU~`_&sf;T>86rCM<tQj{d!Y
znggJ=kS%iYIwj*REUc@7Ke<hf?uhYjs3t)tAl)O*{=0o4nWXeP<3un1x%-`3f-h4a
zUF@+z8xLgIn3Ihaa)nwWFUB}oAtbZj`Du>J<Lfb@>FGn!IOadwBj%Vg&9Ui{gT9GS
zyp)>S8`Nclbc)kWjefvVVwdkEUK8DP3#Aj>-8=4`3-4@x$l!0m7Fmwxs@d*49Ev6f
zIGc3sYu5~PdAJejz<Uk*_Roj9$ad?p@I(=-x3d<$<gh`+)!`Yt(64hM2o1_fY+WaU
zloJR^<~rW1h<6UHT?N>7t+}kfkLv?kX4NV{TebTs2|P#>vm6d}b$xxY0m|)Czb+-X
z(jl=B@{YOqBj_o3)1g&@jYDn%ukca?7&+Zq!W>fx7-t13q~FFjFyoPlqKx+q!<2LP
zYrI)`QWDvz<J{7!4%FkQRE*ssi`ZdRPnuky`T-O|rvgXm<=B9AU!=|xorSCAAcyqI
z@i6kv+sp%Yav||7xYtz=_4G0-reD9}<QOYs>cL}wBWM3ESitgZv!e>qtuy>$+bh>P
zZZ*eD|D{eO07ChI5+d-b(bWFGRd^FLh0i&f+o;|Tpq{~2`Z+B&q$F`Sy4Pgt))w<1
zgW;b5LGh6kZlku&8Cd03DMleoy|!L#&0kpj0vGf)9q>y`=$~sm<TcT=EL7#Wd8!8G
ze$mTMh;#qAECXGrRU|(%>pSz~B<83K=pBXy!{;j`yNnXLffyXbX85b$Yd6gFAFcin
z7Zw2*Xx?uN36$`^7pacVct1e_u19j~35^covudK1vKNF5>IgMXcZeXQ0<yK*s}gv<
zrm~|@Q@@PqT;=l3q@yT=D1vbd0FB7U6J!9t0&2LVnj)xi?u=d*X3R#GhFD<`BH;m4
zwhk|UO$JE}>uHgN3|*swMomg=T93Im?e4_(0D|bY!&MjY26q?zr~~eZ1En9zwafYC
z{|!U01Jfluj<0K_31*VMa8dSfVw_ew_y1GEVUNp69m0sv9<dlxjfYwol=MdU2G5iT
zI<{!H&BeT_GGRMDyTY}=93>C^{JsWL;#`wVPKbgG{Ims_#3E#>{sA+5TfgnuFHYT=
zn)_;PPuI5yX(wsiBP5|P{-Rn%rg^}#k~2lW7IDf`j+xukz<O!pnNd4<BoI(PovJE|
z7Y&2l2}j{yd_~vlpOAW_y6UL`<TYB2$}MEAW%H;D8P914+~d>A+81VBO>+z0NPk$e
zynE1402EZ8%<H0e>O)Tz<E!fj6s`hq#nf&FPo{N21I37*W>xjfu^zso;0FJud6{Ru
z<>)ux{q`-^Holvy-W_$DIeTpU6dNsMgMEQ^*QfJ-J>=RAsZSnLn)a#05y)o@LY)?$
z@@gT{C0D9n2QYTVtB#J=QI-6sx)2_eJ+>Gm2enRf@dvXnl3<oo>a_Na3(MI!&1+64
zFi{WmmdV~n+~|94*V-o(XfLyr8sSj#6GAboDWB41JYDvmQ0x^_iz76nJRS*LW9f5>
z)+c`8s{Iw}3L{cl2)sMX3r=t=m10K1)~yZ3Ox7-qsmp(>h6$wBM0PaBfmv38>y2f2
zcR|`oAL@#WU?|RuHrv?8mr04_$<#U(wN5(fnjNaB)nroYn1m{k+R@?OIa`#sgw~|f
zCz8dmQ=&`vsqT&1ZrJKGR!D6E`6<GK9&*t@Q=CTzoh>Su)oFJKAb%v>+}bsu*0fGa
zA(AI<2TIzmhQbbHo&`h4{rm~lyaJQn^4~1|D3w770H1#bbdI0l34?|Vi6+Q<l42Y^
z(cn*!Keil8aU$%$H47$Pufs_9M0IC7HhYyII?A2M^QuPzCe4!Fm<zmJ38?v1XE_vZ
zTrHcEDqmS^ROKCJmZWxH#3NKe40s3iF2}4(WuQ-4hGNvI?+VI~<t?OtW-W??$Lg9<
zQz^nlog=_rzvxDJJZ*Jp%#)67QJAl;@PedRb$ne+iU}j#5r)S|4exj`0hz!iZ?D9!
zSksCM+kO=UieJ*@;S}065cTvD%KuNtqH$=60J!%&PZaW5^^_o2QbnepaBw~C00lLS
zPo^mk>M%0^m^u|Dk^7B#%QV*VshqozVMZ|DAw6JU=1!MTR)Kajr{JM90&%U|@{(P=
z;jH;PvaN$YAD$^W4>`=s5BRlxT?0XO&7lr5-VHeQ)?u+U0RB1mhotTbv>5e&o7zfk
zBdO@E9e73#0V^#I#FTQW#eGCu`5iD?5*bT#8Gh;>TNTH5AxEA##HtrvuN63A{yQ6x
z(X~{(=9#^qOX8ay5gww`=i=*XS6S;gLlyL0Lk}tdO~4lmoMP{=+EJ_dQ9@8!&G!n@
zTO%Ou!eoE1lbn85N#o#5Y}nD1OPGf*M?ZU(>bCq<ujHWCAM2s7=k1Q2465Fkz}hG!
z0R^P@)s5w*q}x&$ctZAI4N$$P=G^6nOogw6BEC}Vy~9zO!SD>AcxFB3E{cb^aM;NT
zE%CbHTfX34EunR~8(dfesfp373ES4@YO4*#0;Wm>X6whJMwZ^+p`ZrM*oCMHvayF|
zs^!wi{=Xv8Jz2%vGy=BA=bo}h2jmqwIM)4u^Gq&4?Mk`32j`QWKxkOE{>L5l?o1q7
zK|>VoSBm)xQT<(dAk3BfA*_I~W_(JR6)%o*Oym%}dM(8!n#5y00C?FMHKWr|?7mP2
zS0ce_=^<`*0m;MR3mjOoNKG6>x{;Wsox7zWO=E37Qq90DMw#pO*{%EH+A^@>c=|2_
zIA=Om&l%?ygPP8su&6OP-`%OA-^1zmA5c{V3sF6Y^4BFw4xHRY4q6sL(Tu8!J+spo
zbX{cvP$n(w8<{mi+A~O~m1o6~XOu{1qB%WVrYPB4OY*Q9G>-06Px)>Ggj@a|-ZjwD
zEzETEUEK`yqOWj75+6NyffCJtMN0s=%c*7rn$u|kMT|zP^=$pa8Vg<`d;Yd))b48f
z0Ro?pH$=znW5LW4GI;=nyiSxtpY1~{dN6nM#^?eA&M>7TVe$XTWBw?|-gXC?-vCCe
zZc;xQi4cLtNGXjx_^0J>4h(T}ar69VL^zj*K6*A7Udof1xn$CYgwtOJmOzUTxd)>e
z`umSydFV{Rs_WFaT<lxpribw_+lBLhm&TdslbZk%y~{DGwrThqCRf0{<_=fAkDX`(
zc9x`L$V@Xo#OJ5Ld+^89tF!V@mjR-gJwz2lV4)@K6OdH0A2uWuqu;g2J&5a&HzQ4V
zDYfV|6k!N>kAjc=hFrrZ6i9M`pgzy8ahYKIujATi`VBFqSd+OyiAcvM{wS*{4z9a+
zu7w=JM+jqX8kJhm5U9~-*hCMb*%<RIMcgtmzIPtrWpifjunpQta9-8AN{r7-hTkCj
zmgV1>W3i*qRTK8s8oYi!Ihm>>yne8~x1U<CJ$506L~%HT5#rk>Jr}TnEpFa7I$#HX
zD5Djln^`$mge0K19f<r$KB_4tS(IIj;<Igsjfo`o;;Njzk`Z0i*nRWQ0+IU`uy|%H
zCaZ8Q$RqQj>=|k`+K}p7A!Mp4vOQ4|2t2^;>g^=u+nI2tKZisa@P?3~v(Jg%LRM3B
z{u1MDuM`2*qH68W^8V-@C_;-F_86m(GyF;`)%6I45|jy(NcBW>)<N4mU_Pj}4f*ex
zB1_<g(9pUpr4mqAB%L;l$V^!D1rXqQ*PFszu<Qh}Uh`vqD>=baE=tNZ;!<wJ`=CA@
zbxQp&`ABOMw8ZD0x%V-++lX=W61Xg&gjpQB;V5(&5-)CYYkFUy&vN~7>~4G}n~AJg
zCS;(NQ!}D?>A?yzE@4<y&3d?MH?*=qT`#`c(k5&+<mKab6w?Yjs*~oLTAZyRIg~E=
z3W!uFB%!7wB%X{F?*9q8gi^Dr3~tHu`t|@-;kaB8I`|d~?Y|+x0Iq*a#m^94IzH$(
zLNJ^uoB}cdDZ(q$vvxs0=&3{dbcUzFx_I$sIycOCQ~x<{3>&wl_}pEB;q=q8ZrBV<
zkrJ&9tZqHvv1^Q4A4`Q^krlC0iF|qD<`n^)$5H5iaL+1KlRmZi>hs@-^;Wb*p`^sn
z9Z|cmN8iSxk^LGYx@*u?QQcliv_PDVUWr>Rd72MGJwaV=4I0md`CYtLF$Hj5hQaUY
z{&G7`Reu`dc!fa9yP&J+m2qwiS~54Ae*-rPD49`-oIfLm|3aHTbfqAh0kawVZSZwG
zemY+6r=0Sai|Zl)++alKwVxl$$I#BhgfHdX^-(1;zA3g<L1R@80SY`GO{c%}mi;3Z
z%b!uK+&Zu^DXjQh%3cPFT4$V4E$mR$a!)A$V3#6~!(N2BhCmkCe`!=N19dy3Y0fCw
z_GKM+1vNOJ$!#zn>+v%+_>~V#LbAESp~guL)cKBiX@yw7H!}^lX;YvR**h6RNQ!AX
z$w?!7Bm!;@u#2XkP|@j|OF<D8MNZtwDbSaDxk0WTTDiO)22rIDjuTt#$Wjw>Uj4!8
z;IqGiN=*aeyikYR-Wb{ePPU`I=O9B$ZN8(n(*-kC+$&?v2}~0?OBVh-i4rgTANJpC
z0uY}_a@^sj&R<<;uS6OtJW>Q!i738?FA$K+ultD*^FScAj;QLl8b_E*Td>{hcF~Ch
z;zhs}amkPn{3#|i(cm2G80QdXTt%Y<RM=+&HJ|RvId(m*XT}ivS?RtlkImbpThjE;
z(<TLb6?R&q_q83mtz+ddWY|D56=mGXq_POF#d(KZiaA`BsNAMje*<H&(NMY+ggO%p
z-yeIs5(Jk$m5PFrvdn}=YX0r^+h;D!v-U-4sR%e^)xL((dc7S(_NPqh8oO(9K*DdZ
zW@^l~QdRkgO9IP~O-=bK^ZI*5ss!zLGLpS@csdC&DM$?h-^2FOfo`DZ9{OfHFs=E{
z;bZKw2fQ~C<MB=v9S)SHh!KvDOkc}H{8Lh0s|(EF&+eFr!?QjtkW4&qwD=rq-%!6<
zl0_qX`e~k@<Rx$GE@;Lm9Fa>Jf;9#_Le}7!#oR_1q1ntx$FT(hk`7ItP_<$u759xK
zTfEt1atXh87sbUCxs+j>feuz!H<*Eh{lz>hary^O`?bsWf=i`6PrZO>pT2DLe0V4z
zGf!1)#8+YAkr$Y@3KV=Ya)xQ^Ap#}0-0srmh5$AQhYvN+R3P$u#W109;A^(L-E-G$
zgc9V=xE-pra2ZDXUQmYzq=AgzFJ;IKFTs47oCJ94#nEUiJ-~~>`bVUmBclbC=FuYm
zzx6RefPd^6p~v&L%>DDDp{;Iue3;U${BHi_bHi+5`4H4Nf)abr9pG{lI_S-fh4ra8
z(z)#Ha9n8{-*&zV>GZ*TtQj(siix_=v~qAyde>u+ROb8gKQVYeFijbb5qC+ULT`q|
zBK{c4CSPm28e{A<luKdz5UTr{5xHU%hp7NTc2Pa;NB*gj$cM^Vh<3shXV+-%WmDX+
zE(Aon`ZueYKerH8fYlVss-BQpYfdT$RT!NR#%6AH;ykjYHPK}LX1yU;8$nPXjY1>z
zlKi}K$~&8TOSWvzj`HI8ygFT%^J_UqQ!rRv@x!VY`;LDM<amd%%^Nldwj-L&VM%}I
ze3i7sHRQAm3Z!jgA9nzgx28<c*T{441-mTxzjHspMe_has$nrId8b$F22uU<R*~ec
zFuH%TyBbdLrO?qHK7DwCkmkhxUgX>8Gt^G*Q$)0yF+?%MCERiixhJX5jV_7;+P5Fp
zF8)6A{B~*(1~x#^Jv<y-v!k1D%ySD3s!PT^svu<AGIr?$-BzWJLd3f@zROIx)Any3
zCHsf}?en&QaRGZZ+9>14wPvlAdr6m~q1>>hh5ke_CCu+_c)mDnvd8V-tLB3A1GRp-
zY%Si<Z1jcd0RR6HzY5?y*#=WeOc^*~P*#_=PScIWYBVfV?Rzx12v~6sTM1e^{uTt1
z;CQqi41NPEoX9gi1;9k^*+M#9t)!in%zt%CMRKNSr@Suk2^d1%wj6e3*o!-HV&Wr;
z#s~2w@PaetkkML0Nsz88%fdg*toS(7ynpzFFuG!NADoB=X{&Ma>(u4@$3`3<XmCi4
zeme=)`~R0&YU9wq(#cFUIVww4Z(j<mR#s7H*F3R9dn~fa_bGHrky{~a=nDor*q+uE
zr7>}k{vi{YQw`I>t)EY4z7EndFv!t7BERkkMS>fu<j8f1*|5aZp^wX1^j5SR^qGh7
z8GJPf)I{Mujq%9M0XgRJNk}(nbnHZGZn3k@7NtVMg~LB+yAdhCD6fEpz&!#$k=`&o
zuB8~TYx`&a)!C_a`_lXp@d%i=J@u)jt9eM_t6ipi>B@PhEC%1zI>U~<d5|ewR~?f<
z2Zqpf;hRlj1$7LxJCL}V4f<V}+|SVNILSOX>CT*O_C~oQ>v;@5ZfD|$9%xS{QSQ}3
zwexVuP!<EIT$I^?Qc;eM@}5!4TTZyTQa|0JCx9i3q!kLYN}T5=r}m*c)pota7@Mx|
zIo`LFo5`nLiZtJ>&P?ZnF#BD=jKuuuwWkxVHRC_Q>bC7nmI^)(!EbU<09&FNVL+g)
zKQ%G!>!qsGFp3q(dUX}Ek+e<+Z21Y_>vCI<l&RZKP&|ILx6CSRfJr_v;?yV{fB6(M
zWog8Nfn<`bi30J}q*+`>h#FF|BpVFS4kmS9c#8hD9*_CQHG`Uqn9p-Qy_hFkUY38Z
z-s&m0S@Gw^`F~0JX?&LB4Zvi-VE9hJA^TzG=0^9`1Lzh;i8&=+*a^XbQXlKF&>|VD
ziv|h(^K~(`1Cr;>DfLVacE|KU3Rc>N>>O>9=z`vt^2w;3`hxua_0S<~igS!4=W$lt
zMmMbbY}EVP$wz!~W4-1z0|mi$)2NksC0WLS4#DWaEWiKnJtfTM_Ib$|s}V*+<Mb(F
z1zth>z)PGA!1h^xicV%(z)apWx70p=J`v!7aU$sF%QS9+Nl!4DE0fqeH0Z^M!>h&|
zRpBdz@|VZd-_CGR)mcF%RfY4chSm6*^|zQEh1KGn9V8K=Q&1N~C3W93$U=d3>c$v=
z1tL9<*H9y$VKX(+btqRyfBY&6MZE|lY6H!+0{tIBT-MsX^d>c6u-Jy`jZB1y?b<!e
zVV^6IDo~EPOI<)NLX!T|Jv70|^F}fSkw9=?awQ2jK4M1i{rDKqUM4h>E2eot)moNQ
zsfX6wxf@y^G8go<!J%3)qPtD>hV&$#QlPX7$!l=YMW1D%uE<UhyBxJ`r}Y6OR~<cn
z^*IIgtL|YNMFGL2ox$7`RUCt~B00Z+=jidMIIi@jNmJ1#&|mwom5|J&_vf~{_2#Q)
zBE|(!x70BvU7JabLI+%`lkD~W8~yoHLOhTpwS<oLn>NU<HR#3^zR0&ifZ1?#B+=v%
zmB3B87O(obBd~l5-VK0=zWxPEB<(<9DCk>?RQZH1X`<$Rd!JhKNc=(q{>;z2xW{GU
zVmc)yL)NoF&}UxmEt_Gxifhf#gCP#;<g6C_u~#=>>F^hFXIs>9600OIZo$bu>>4k5
zP)CLJTH;3#s1<4P=cT>vyN`}`Rro%Uixs{j67pHFMu)?ZRe6HWxDPraL8p=a>?K=D
zk0XnkQ1WfYe_RmT@e(RmRpO^5D5te}sgvY!dqZ;l5<L+gaFXr!ZZ~IWh$Lp$8x`qE
z79xKwFl(NMUE%l!IZ^+~>w2*142vJ{pYs3=TZKA)Zq|B#E*Vgc56yl#^7pZ##0VBA
z6icVcAwhNL8SrT>X+$=-wc5sx_}6dx`FQTnA0jGkEhEBaLNV^xjdGDqhd3hPX7GZy
zJM<gzh?V*g-1uqzETekwF5kP^)WffaN6cxQVr2UW%9|z6T|_PGykDQKGhg*wRoB`l
zTfKWnbgKUe3@^QXh41PbvAxsC0_ED}-#Ef5d%^G&d|RD3i|prJ9wwhjPTIOp^Lu^Y
z@uvXpm2~PO!a87N2V`E>Mz{Rm=H*LY+wD?F=36bZ%YAYpQz&VhzO5F&q_HRj$p>$~
zI>U}_83CK00Mz*h^Hgc}%yI~EIn0;@8L_MNOEf^ueg@$M%ub$t(|}92Nsf$Z&whfa
zX-VI?TjpeKQ|TBx{G=;2wT4p5lpHrHaU;k6)bVAhjjj*{AA_b(@#5hNNw|fZ<Tn;z
zM9p&A5k0%Qls0jPO;FY=orTJTP(-DnGE@zHraZ86WC+Q0W>YzK9_b=Y98m#!|50&#
z$l^hxqIKLuvc6D;JUr$IxL71vKBbyQ9P4)2@|+xU_HkwmN7^juXiql^bfg2}>-#)`
z%2l_(KqfO9e#b5-3y*L4nlM{^I=KwAXi^VkD4gDRS$C(mY1JNs;3p=e)P<Zn+Kq*R
z!fSiXC!GnN&7?nq-fNf-x9Yp3f*Lt!XIIRquqf=nC8-HSyTcaXn28r_c)r#5BXb4X
zNZ%*7Jh}G3ns#})2W9SL#Y`YiUUJwR2=w96a<vBp7(+e2-5rfho<Gx|jw&M>35}fr
z&MO-lJNSR<+nPMEC_{c5CfKlgp=Tm9A*}9I2y;oT=fJ9}&^kIHwerhMb<!J4{wyh`
z=ph7b%F?7`CwdgCM|q^PV;Ea{ZN)|*A<r5Anp(Uqk0Q*iBKUUyJBWem8CC`04eAY@
z9z%D-M$RFxo5Ifi+Xcw^PGGsnu=9oByfTp^V3S9->5%4IPE)A(CO^mo!X#V1RA9^+
zuAm0y9E#L-e`XiV?Y;w^^#2I=(HW3_<qVioYR7IA51F`AfF-iP`n)%TDk+#^xzk+5
z$J0G;TLL{!@wFeXU(nr3RuZkRFbA4yX1o?|Vfvx@h$2dLm{$ja^Up*K|1sJAu8#jN
zmTQm*+yKG$$nHb((&<B;bB0fArd};fl?(*4VsMt?a>SQC(aq28zYEUNU+~EvtZ($|
z3(OLMoB;R=TL1*nC@MuEn{{`3)V7S>$vN_M*@6~l;E#OIe44@4s=?j$&$%@l*q)KN
zy(A>9S{h9sEQb0?;eQ#3UH5X(S7ogTs*oTNDLF9^G5TWT*WHR+$ol`Gx1GfAfoHd)
zu#Kz^{4td2+v|amlNfqpbdP8OI%viVG+_QVee3-EHx0o?QVy&Ce5Zv{Cx0B8=Uu7G
z=kqx>L~z`$JoUHRZw0J=mfTR5A<!})afm6OLAB+7oVe>S6UdNVNhi}xno#Caq(P#5
zCzVc?SlP{~q2kf4wN+7CH~@vB%o-0pB+T!Hy@vL3L?bpPcd&?A)qcG}^RSZLZNxq*
znJX&DL}Jun!j}2+aL8z7@I8Izo#}D6mE+YD;%=cSo@DsgGAw=QkqlU>!2<vg<-H&A
zO1<aC>OoZjW*L`yzV+B#0tEy{?M>mCKpx}2ayR*QRhk-tl)#>^hp}&Su&=$$)>nFy
zACIockj}9~1^)nRXY6DG4rHl3ChFs9g^q)$!H*`MYlNL@`d$VlstU-@6a|v=jg*#>
zC%mI}ZQJfIPMOJnLP%@9y`-6hXJv%S3Y!i)7)^0UTi!Gnhh>4N=S_~kz&RO|zdsC{
z%G=V>VtpT07+(jB3u9krZxifgDKQ?2r<3{6ewEGwy6n07(#v6^ZWct=U4P}-kqQAV
z<%KO!iL#*0mbP9w;bQc{R$Nu7LN`gugN@txKG$7!9gbqwO;Mh;BuXGcyw8xOU1%q#
zz_7=GvbjZ-0vG6-EU%o%*RQXvdmWMjNdc8<r{{f#yKfy{eFah_oaW>-0A9UQoyeet
zg5e`7+g2UoSXA~Nq8W6Dy2~&?JE5HNQ%WsM9*Hv6Y||S*&^FY?h6af7LBSEpq@u6N
z_ea@0m`V1CDXV2tJ>TmVl5XdG)Au)y7)lMDThso}*agEHJ8Xp{^}qL<tVW<>&2yK2
zpvhSS;?ATD=^#C$IbW{7@tW`tdnnd|rsUwPG@x|`MixiTpBZQ#RvrHIl_1&}eo9f^
zR2FW03-XR6B2|gpE#9A(3%~TglQ_Df5oWF<Z@7FliBp^;RZyn81W+kmV<b^NcW6-1
zW^qis7)=1+J<q=AuzO4EsM?l+7UatSp%KV<v=k*l!FY<K^Gzj=De;hj^uK}II7((@
z1MlS*P0za&H|ucvpN{C)I`hQRiN$wH(=hQ|FH80K5kwi^SJ@}6@Gkt3LN`Txkts(i
zFPMG_m*cxw(fF7rtAZ8Uj!AQgS}Z0t%g2Epx@x;!$n+71lQNjOu<@AoR>`c@lj|vy
zrai{NEr0(>m<!m|GE{J6PR`s(1OsrvJ{BFU22d-VsNsNvR&P4}rzM38Kz1x`u1-Gf
zg{sX6B=m%{<kE(&yu?WKo0p$=txBY=^3FAbCYk0&untcK5Z0xdzK^;4BDXZhYbiT4
z;M=*bQTrV(1E>J%F#s)8+`uSr8yW9v1F0-+gE}tvL7|DIB)4)En*PtLic+(#zYiI1
z$&KT}spVyI`r{j|qA<uFVhDHIEn-~0&>W_DU!X2pdsy7`2qJrY<|IvjHNF|*jwtvi
z!MNNW@d?`O@qAd>H~5MKrK48H0ErNFdw12BjMp3-7S}IP{@86E%)??Z$1);YcMSmt
zZJ5p_>}y6_fdVSi@h#><G8c28-3}=w#;%ND*>;lR&|&n&eEWfSvyVn<f>dlI%F`Js
zoF<wX|4$<Pj;a!JIDa7ZN?`?I55#?4R#_pt;hFNv0s`UMfjeb|pClccT$R$qP4>hk
zF;7OD;u?IuJOYB9mmP$TDoW7I*xajdu&>w#Y6X8a7<oOu?#G}g)s1n$Oa-d4cI->`
zEUM0uAl`haU*U8<7DME&yG--<ueNd@l+iq)=66lm;o?S@v=L1xf%0g;{Z;>p%3xRI
zX_L9FmR6teuhC@yTm_5vvF#L;U685KTAe1BSC`w{s*2IEyC$%%TS-w}^cyK^Xjq8C
z<xUgE$w@ov(1hz|9g_>iD6)qMV5uFzp`xNC;obrn!J>m5>nyanbm4j-859MAxl_nZ
z$wF#W>S?dj36`G7Xg|Zb0%|v2NC6AhNiiIWIntdojguN8Tj1IyTN8H|h@zbkdDF?H
z(p<f>PV1{?XUjTefoU$JxHSATJG{HlpH9Nsy&?OCAvj1?Zc<fx(>+047>q~#SQ{e4
zSI}MR%vH)mg4IURZl5MsxcSC`^c);gV<qTQ=pgX-S{`c0nL`<#=eSbEUeM72zGD(-
zVF{k+*Mb)iRtUUkI_U7!rHmwS73=XZOJ_z_;pef>gr?bq{kYf=CUsnl7gimvhgN29
z>CCj*zN!;Y3;uQ>Ei;7wN^s@oqSW5O8pQe$iV9f|&`KD)j>_d^jd?H^xbzY?&Fyv2
z2?2#K*Mmp({|uC8SENF<G`oti?1jxME7?Qfgc1+V(oVv*)}<NNPp?89E}emS-?aK5
zkE4!QFSwM?=5V2cj~9b4Y)prVP1%M@LC*nKf|c8!ehVU}JFwjO<`_qYEe}Z>tI?zF
z4}p7pm{5~T5h9qzd$;HoA2g!{1LO<`eC%ml6%k9B>pS^n68P0eC!Nve`Lzqo^N-P@
zfX>J^O;PMMU=?(^QD#GR$9lQnPvxnds?>?mNwPtLt+eedmpKMZ32zgNfLHMEC{=Yv
zTkh(ORcn5D0|+uLcnUt9o}6^ySn)UM0N|V$2DBWMOPfzlML<g-_qgPqy;>97qWN%^
z1}pcDdvzK}66SUqK+4rta?alFL-Vp>BimA6@lduCO4jprqx$qc78+HrK|QFfUe-t`
zs42N0NI3}9kJGu8rS5{{8%L%ybA|oz|H%ku<p+dRCTPW7hDC4=;>=qEGy<a)8gPbb
zN+I{ZVuOyj#K$%b@|O+P82Oxuy^YkkjXI45k#D_dNphu7y3AZwINgh#b*+6;u={k`
zs`rU?uYNKT2I6MAQleW{4WirI%0d-g^F{ot8S+|gvdQfnxhsMt=Xdbap^a5@G~}Q6
zd#mK_rG-vYCQ@{>pHyQnJfe#hjcnp!uvsSmFK!})G~}E4bw~JA<TiA|KdW6Wenij$
zoQe}}xVC?HuCn`Zkz+|PE0~7B0<+T$tXG)70|v{=0_}vdmn1h*mnR+Vp^E^%S&ula
z3rv)Z^bk>Pp}?U+|1|XZ?0?%$>qWY($Etx{X8m||N1BCp+W|SGgpaZ(^<J5))2V-5
z2g!NoV$F$r@2%;^WT*H@>u~(TiFI74HMyBfa&<ye87#(p6fR(b@hu!Wl&G7+%LiO2
z+Av7&MoXNLZAWX2EPwx|LKc7=bjEPL{=A`yJqPxr`S8H8Cgxn~;%mEkaXwaDBqKK=
zu`mttFNPMrvOCqcY)CqE{~fx8zt-sK0?qD#_~0w%Dt=(p1U$7{UZF)zmJY&D0|ww{
z1%N-6-zS1l;(mg*Sq@#k<N%Qr@f^_yxiNCTU-K2Rsa@`LIY&c^fWdQS-maMP^S*KC
zwWLzw3y2k%u9i~gJb&a=%W_1^FZZ;4au+s{rkxLB+5?YQf`^x)EV-Vj>i|1I#J@DZ
z6|o_vEjVQObTk`xDD(q&A|AK2&8~i}*TVG*>9DcCY*JZB?1e-?sM+~HVaHhaJ1|nl
zNh&}r#R7)S!F&t_RUF@!Rl<9G48EArrR_b1O19fH<156N*ZB`q+Ivxdli5r+ng{(6
zyS`^`ccjS<x)W80^=JTGrzLHgta!TY{rgy=E7xZ&W25XAe&0^bWnZ#b|L7Sc0u|c~
zZxA=|#*flcI{|V-^3!q!nPF}+hiZkB>rGCmZV8A*%y!v9egU@Ke>sZqcdUDygH#RJ
zo>nqs<wI0)3awnEqGosviNZ?S_{iTdh1%zW#bxDQBvXc&dR@Z!**`agYuPutA%_;*
zvktw0_U}@#P7Sr;k{A>COq#e_?LjoP!ba^u6)u;d=iLRm#k^90`F9?+lpl<OR*{e`
ztPdpiC$Tadx%aEG`AG4CiL$sTCQrS}zmzQB927b57ybktO{|w<ChqyK)lV#L3n$N`
zDKsYf3ee>@AgWAUY$`ptwhRZfE0`IQ)3RQR5HR;L&bv}H_)jA8X|aF<jA5vGHAIC?
zbY*{NHE*0b&X?xFKG>a>g7drQs6Elg2AV`(r_0v|zQVrsNdRSPg4hF_p*H=)ff${C
zbd29p8E1fsy{_n!O4e&MZLYh;bXs3fuRFAubs$|rlG>Gn^4bSq={7--`OEK+!VL;8
zrS9ebI)$j=`QIt8wMbi8yxk_`|4>;QLfNizNLJeBhA8@JR1~{sRmUCsPH9JYIhqNb
ziE0$L-U6994@<yZDF{HI)#^&)lb0pBpczWI{_6w|3|jNZh`JPET*Q=JVq%$Q08Fnt
zRD`SAgJ_7n2|FW&8k)@b@L3}4yDb_5Ra<rNQVwi4#ICl#g5D1AXc#$wW*L2i5bT3E
z1iHEn3ljEZrTCqVS)4LQg2|z7@}+Z*K~GiZ-EA$CLlzUhG_*W}$xa}r>1Bm0#n;)D
z?GRcf$Zbzgdk86YU{=ne5UX!Jew=%LT@gf~A3t$?RRKcEwBJ~oF$@p5jbn8&7ElBY
z*TJ_54U4A@*xO#B<mIckMJ#RgbIB%tcR_t)3NMRmN`lizk^e7gn|#}=&Vy=A$o$%G
zk4fw{xioOl0Gi?jGA;Lf>|C}*-Du<18gCMWN@w(RjdIALPKn<X{oV+h=boY?;7;5^
z!E-<+J}UswyFe6-L|Fk1yAc`gZxMQA=xXM~At1f@N=CF>$Ai~T8vOVTfKlg(N*5*j
zi4)%4Gv`)VAP}m28Wxo$PEJsv;qFBJmr$WQ0_k8vja4#S+6d3Hga$vC%GQgX;p(d)
zfhxdPFR&&eCdEdfb{4D8djkJoi(B$`C^5?q8#FR`Gt`<H3T`8++~xuBJ>Cy!e(Fkv
z;u|Bu$LCMz!8l^lLdkCXGvYOqfc+h`m%VE|lR*Ui39B9|wJW|C7p?EUT31vn<eA1b
zHuq7Nopz)4MkbwRx*KSmh&Pwv@Ose50ak(+TC|C#vwY+{&&5%%rOV=mzZ?tx)5b4_
z|0Ie0LX}!<ZY#Dli<XL6(gY=L`G#>Ge71+8=*<_9F#u1NVHO_FVg_SxcCdl2;ySB#
zPp01W!=b19duKbppNdf|lsq_dIZ8+$v16E{4VoB0c)KCme>l*VTobo{-!a8|vl$+a
z9w0<aAF$@<ty7@FWjeH*H@J!fpCXcQ=T!VCd-xLn?0vi93~D31cPQCK#w_LFzn2g9
zODSu+C<}Z5{UQ^aL&siKtzf>LG@96uOHtq=7@cg=1xv@_M}uMd0S~8+R2aU8t+(Cf
zUO;a-AAqv`Hh_6cEPz5QFYPd4hwwj2u|xW+9P8AkmEseVrCFawIGxie_<tdoD93r|
zCBXYDe%w<?(3$X=8-{WR>%~)&e8~alMPczZkm`8@TO0?Q5L?D+5MP^@Dd6arS`uwa
zE5fy}aRJ^@gUW_2tp|+!z#9t8mWp>8qX_0E1FUw>-IjsILU0jd|JLT9O60FAQ-tGo
z3)ql^hj5(Nn)bIw&E=B}?pBH-|Gy~+PMFmEF_i?*yv%|aI1EUIL5RQ||8un=!H|+R
zLt=z^@9&72aL-acli7}{eIT@uhdd@9T2P#Z`h;o5GH?65OFvbP0#fb4R4eQ;E7!YA
z5@~l<EcVinVg%sgxMvzh!S(61K6vEj>v$`x*Q|lPjd6ZbFSAQ&^#5xGVhc>Z-zJW>
zc5s<0S6^5w1`?|l3$t1ti<0#73^X}wFf}WjJ67{qUYoe5trc>o$u0gYpP?A+TTI2*
zfFnN&u=6sQ&x?`oG7g~ZP4;UBb83gKV_mQwv(x0GYagODf?rN&I#E?GH&jIko6a7C
z7%RXe1F`s0V-}~<^V{hs3%F{6Suftk;?lW`Wt!~f!a7`Jd)Zx7$1_?&_8{^(Sk&uI
zMFjYi+!a%ozMy0V&E=&8du#sNX){Py8K5%9X4q1i-)w8#wHyg|o#S1L)pMC@hnWs(
zJ}A2I8cAF6{Z(n!;tU><gCaMTb_&cnJuRiLZa*00{%bqm62GtAb2k6b6R4gv8~R<m
z<M3wJS~QsK%N0JV2jBau#*uv}fs?cF32?F+qTOm8Q7a?4`Yfu3{|1MqJQnctNa{0z
z1{jg|bpyhQAl*bS2QU-jU`u7)BcUA>m+fjX_6snON2MP8^F-em+c@?Z9$PeMu2CKi
znVG7)x-QrKvfc9Qa);dOM5xF1=9N)HYZ5t$tR><r!@ZbB)g)`AqX(clE%)4GRLQxk
z?e(sRWO=;OQxU@Y#%$@65>PU=5iB%6a*YyiuMPOlnwk=_v*UjLir%MaXEaV%N>m56
zA`JCe{w<M6skjwbRr^tH?<gT}kP#`BL={S5-5_v7KNkJ<J5n^`usaDFL>QwDeLhx}
zC%<KYXBaMEtB;qJV~=6cn|FA`G6^6ixz+qZd4%c#zzq>k;Q-sMP%Ae+GGF_*ot0yA
z_8Ua0HUr^dri?1l(N$twH@BbliNv{=Z{<G0RULBG^Ee@LI$8d|c4S=j$%EhieyYg8
zO0u?~N`<gwgDZf6*Eb=27oDcVcc-yuKLi3ovh7<FBC#3FQ!-RrrQ4wT^!$3F>v3_k
zL7B)c&T@<bTzDySDmTqS&;R^UradUt05Cb?4&+TYvPn?{$yCW2OHOcZct_Uz;o`yy
z^{PuCd<UBX_C_WG{-rAS&G1jnw_rqPgD9RH2lVY^aEex~-$xVNN|^;pcslN-vv+YU
zBNveor4|eO5W!>+*feKY2nPV0WX^T)`U#_7qKssjvKEt5LQQhzG*+Q^wafNsS>s-R
zItd32;xT6a44BI?dUx~4-BZ7^rF@m|jKD5|3rgY-j$NOsRy=L}nhlS`Gc%+h^=ME|
z@A}7fW<_v<gb;VAb!Ye+O6ZOe30Rz@zvkhl2NGBU)PW^WLt_ly_6(Ss$1`hJzewmV
z>c2sOWUkv!w4hVxV@OF(h0wOx53Le8;AL+7H!s%-AbFgNI>UTKt*4va5kRFxqmeyB
zwmem#kV0-j3<(<TaVA}24>g<xAKiOG>z>@#vfkA-uE9;jV)lf^%RIqlh0qZ{V`yrG
zC}fn(B#IRT_1sqIH}y`O4&hD@x0-cm&P9;KJ&NBo=1S+M;S-nw3`ph*mtPx-`HyrV
zW597?M^aVq(-*xmT@<mU36a?!y(p#4^q{w15o)p%5aQ*caU*p97ecc<uJ9T-qP~h4
zVE!LwHe^zz7TENoav7Q>jaJY1j=N#}S;A5CW>XjQ{*j<w7gz31k2U)wY$L0F)&|b#
zf{U0DCo-14YP|@j5{U%#g+ZfZfxAQ5BW)kUI<e%ehUUXIqR4x6C#U1E^Gk~&Pjls&
zNur+%7C;syCD)FMveIr@5z!Ea)2<j-WlHPZ(7u10T08CP#rC3y0Gkt@(wOZbE)*-?
zN4x)Oz|0wp8;E5VjQvH)E=;PY4Ntl5<fMTsYtI4EV;+h!o&<1&@@ka>-E7TRrJgtF
zAX0ypeB5#HAD>usrG2zZP%t1}5-rI9$SbWT^+^h#x-5)&vZa44CIvn&-UMhhX}%#2
z&u#}S1f|F6d38mW>I4y{TUtqsj|Lq70iGKV%s_lPeG3`U$7HEjDJi$3dT$NZsGKc9
zH=Jk1L_%Z8$TH-WQmgg9Bgpq?flSbEn^_aP@b~d#+U1L_QFsM~AK4!ztEQ<3j1|^)
z*D8RDCJB`+q?d2n-NSIuiEg$OW_*99^n;`d(aC^fugsMU3z$#6-`)n(ch}F}b)H&Q
z_GwAg0%^rL(o$t+eQshlunoH*Y|s(w+P<Ju<ns|N0>sED6l6pMsW|7`9x<n(Ci-`O
z^J|eyR*sHdpuxm_2)muPfQM9@R0Cch)JiadH!z<TMrG8xbFlu1+U`iR@QSp=`v+u9
z1m7)a>~c?xjec4B-~Ci~iyYl5{(N?J_^AzBGPaeO2XI#ZcyF(u=E7ZPx#C@)&c2^k
z6&`^nj(Af+ECO8Ch~pY?2KVKmNTm8bay9U?6roGgPwlbX=2l$~F;(*r@2Fmq7nmCk
z_ToSq<;#R<tu2By;+8Oo>E_KE&$PCL(@Sj8nnwJ_x7^(02t4=-6PIT+UXwb|-XcQ)
zud<Nhfwz8LI->kgmem+r%Jj%DV|NJDkzH_QgyXQU?y0tah1}9zJKy(*DlTLwknn&h
z`tRlptV;0Mew0cyc=JSI3+_6(1?0j5<w2ie42nr|Ou6GM4o9!IB@A1FyZA`j#)SoP
z19^5XBD8xZ_baHwQl<8g*XpmJT}N|;h!Im{4Ma<Z-qn}13+sq}f$wFA&!2zpVky9N
zGBaf-ilbkhyDhE5)yvs|uL~?I6aL+W9u5zSzK>NmjGff*ylj@OmqTdKlsehk{^pRg
z(eB%_C_^V!`73KBC+aj;thC*=>$%^s65LFUs+aTV@l<|o&f>hYz^UFbMPt`cRVqh|
zg|mk-EcQ>1ku{^AlRpBxVdn<IIQY|wi}8eZ&;o@9{z(4{cqJr8ARpRM+ljs6Q>Jpn
zx!HJbkiTXR(@BA|T44ad#Rc;ey@2vFe#}(O8I*N3P*7AM*pdXtsBOoq>AdNrPIOxB
z=ZfNBR|=H-H7w0{C38{!OKq-H#l5|y?v0oCt6#sITq3o2fILef7KCt()eO1&H1}5b
zyzY?BpbK={&l2M#z0G_Nu`@~cN!Jxi@izIIr;Q@mmb2tPa~9bS62Ien`OEZVR<fKS
zwtz!b_==9_<E38Y!*;+FZ~r=k36wGA$On5wQ>7p&Bd0~fu;{%^7-U_=;ii&1mfo&E
zaIwZf<eYuFuPuC2CV6W(=a0Z>b2RJE?lGE8`~Y7&nC-ZOgK4G;?zEaB5B|NJh;x)z
zf!>3joJ2)Q3Aq%Q<>YOkw1OU;!WNToLAIf^tOb;?x!3Rq0fVjYmSlbm3BF;!-8g6z
z*%LZ9?bWYOJP;l~pY(5P{z${uO_+$!4v*6mzTOvue~6O0W+_&6+|OZ{&sol>K((G_
zj;q@ss&Eivbp)g<7C@o9Fy=L-dtQ4E7K*q4{TC>V_4DEgE6*t{KSZ!<i<{B~XT$7I
zp4Oku<v#p2R8s2RZ$vSFT5b^xA=2@7UY>syTJQm2V5YEbx6Y2O^rjoB4$A=<pvKyM
zm2k%`@$DMH7)|%MF43Mfg}3{f<I*Vni^d&74~gMQ1Vx;4fX}c{4S&~KsL?{eEmyVZ
z!`MnB#Nhj!78~Z&H!GNdSBX!mrc4V3(%=ea-Aac|1o+Rat3$omf+Uf^NeOr_2+v*!
zZ=fyY;m<l&-59{+FcS5Gx{LYY%Pm)KFg~xTxweVS^7a)tugRwZty%*CmQ#1?tmhcy
zniNY^zkZ9^|3At=V$VbTk7cm1GjPqSq<TgPb-Q<tPk&2#1x2qWTentT6mm1^ty??z
z1l&2<ok@8cLT$sP%A=MgRx?A%dJ|kZUH^m3f`iZFxL)V=*v!vyRA4zaG@`0@5hHf;
z8Q6^1lk}ixc1<W7Bf3;Akix933v}F1KEwd2@hLRgW0+Xx?!}`WQYc#2Tyt$nt#++=
zS;W)r2Lqa1j<myNZG(}_z()OF{F02C6ru}l_IC6><N`|w{<lVin)#FX60LR~9~|l*
zJ*4p|;tEE(2Jn@+lnO1J2BWVVT;|rg(@2FSvX*a?n!{UhVGLmZ^1w|%;LP>S$pb<h
zfJ0G*2rImgGIxpjkxQNWIF>-mzeC)`Xgok%FRrwKj%@}XuaZmNf;gnlPyn7G1&JuQ
zpbD<G$kqUH;03V_Cz40W#Hfar5)<<p_$BI#qOb{XeH{vV92*?L|8%W`{L7ox1Gg6h
zWf3kURbXVqkDYLgEUSvOZ!+i~532zpG|$YjSTKsz?Opo$?C$fUx#Qf;jp}1b<_|1o
z-#~Zo!p)*FNkWA!sDR+TJY)|AHOn&O?}dq(R-m&4)Oc{~?AX3^NPaDl;raCWD*jRy
zYA6SFxK6g$NKFP;u#PrJ-k#UIsC&?k|3I)(bbj%j&~VEUd(}PDl@AGD1dwrP9t{LP
zxH@mM&M5Od3#b_Z(1_^i1BOAb)z7G#G06_Y8y5qhvl6*Z81xK#&G~xGqWb&}HC`&Y
z6E`_d6C3qDnzAmvdjmaNoZh;Yu=*jn`5|qH72l3lN&5_7p7BwcpvPxiwx<C4WUEng
z9Q7B(VZ_6gqF1vc|5l~%I&2IC*X})Z^NOJa6AgzrFvLn(rySjI0i|U<V21=6j*b*~
z<UC_ql*gpii>he7)(e`@880z8<%f)ES+vY9GDjNrRInx#8q;!}7Lo?zwI7ub#MOF*
zCVJ%v^w!oV_Rx6@ek>xnq0T8w3jOYaBqS$QtAtIi7W6O~<Vj1$F^zd5CjNcKTI*~C
z6>WR}^*I-m3$;8dK&0vXluRMH*@2E~&eSFE|C=x-V{f+7FqFb*z`ncr<|(BnK8hYD
zy6HAOfu7Kl<97FLdA+I~D~iI9`aq^XhS<Z@GwVQhkRFc9Z3-$VTj|ZxQ`SJL09QGx
zPf}xIUdO2$Zh>KU3XL``Z!cfAv*^@<bM-OXn73oeybiuDAN;3~J<G)unRW(U`z}E4
z1}#POHZh^ZS-6M~*yVDCq3ANE?Hh0KU59XS3!`>8n!u^#!P$dF9KRwF+z?KtNL|M)
z$|KUmr6dO7pBYdLEB8}eHiOS`k09MeT^*-m?;5=0U$BADFiNK`!&Ab7R<v(VF~r_Z
zQ=#BP3NuMscs{^lwuH3<m_J<slZY=IpOuC}V_wp*BVU`1>>@5K1p~J*P-x03yo2nN
zD$}07R!Fh>0%0CEX#gPj!oTOp0kVvBv)&g>@WT7Gp2y$f0_!49j4z^3kmyX~&h|<M
z0@m;(rr{{(+MhS^-I+makk8w`{$zrO7~R&*GIat_Y1G;t(KFvXu4GS&KLC+Ee8H{N
ztl8pf5PFAEkBlpH|3@Tui<hKK5y``%nFUCbtq45#yTF?lNuJ?m6Gjb}^U*Wf?caq%
z9{w(;Bft?{*|%L>NZdDyguvh=5l*G@+97<Ox3paEa+zp8l&u~;QJ)=S^2WGDVM~rC
zqQ3rNn}dRoTjC2H?2|lFU#4*NAje4|4#1TrodZNWDhA7LY`%!^95uz>&^oaG$WHwD
zRps(_HW&LQl#I<{>ZZqC4;U5RN7WrO<L>2U^z`N{9%7YNol~P(XRT2&0qAQigwE6!
z?9H$H>YVdbfJF0XUpC8LO#rk|pA7Rnk-E*u<xP)<KXP$awMYg5qfGnhlg-H0xrUfn
zV!<U6dUkV}y46x0(9@v+&M$Z~6x5lek>eqw0!(pru3}0Ag!%e3Zxvg7)4r*o%^ZMh
z%GwW<+o|NwE)9cHZ=)5}^)sbbl%zQUCZrDwE|A=`cHw<#{j-^{DEBPgKjs@k{jCrs
z4EDOB4GBN82YUn2&Uvb?{>;N<f8&O_p(75tYc;XVD*#MoxPX#Kvc-yXXtU(ng`Bk;
z*wXs5f|uU^%sZIdpRs702nRwL<mbnxx#wsi=QJ2?FZCAgpO5yUPIRz-zx0@?XRKP7
zZ+2i5ZmZW6iENR`Fe{1cpLy5G!}7<MbA2UUBzR5hmlwDS{uxq|6zR^20Mtt;^ZUnK
zyTMX6ae5obo{^l8BTqgX^4k(O;vS7I#&E(^RBlM1h92CQo4&{`Ri#o%TJR`dmjd9n
z@(6)wIWa;uU*)+Q_yu?$j#yU`q<VMTOle@Gs96-mXjpexuSDYiWJym<j_U?CUvFFb
zg5H&fhsIds6@9LB&Ua45YDBjY)@4S(Rt;V-D}U2u7RPC>%7xA_NXr;F^HfX$;Jg7}
zWPpWlPoNn9r?BW;t}lMux;y=$(S$&jheR#7fLJgncpFw3yYpeKJ8Y3V$QtEF)vn)!
z*b3jcDHytmYmVBqY`@nylg+aE-3bYD|H1ZoP3#HLGz!Sn)c2xle=#T)v;@ccQ=97x
z^oYR5&gGHnxYRYIqQIrKQFaZskA0m`+pGNuOQEI=%lTcR=;6+vyx0?7#=_xU&=0>S
zZ=KiimHbRli2dw7>f7{OrE&e4LC&m|CxYHc<<H-<UK<L=(USCS6HLa)A+W_QLF^&5
zTP`wVo5b+BsX<J3I}<I*qmd9{NQ0kD!;>u=rowBRbXs4|s;3F^$#~RKp^^|@j1CgP
zHvikc8-m2@$`KeF1~d36wtzlRej~U_M>H`!;)Rg~90pM4YHp&($#9B@xoAA0>MvAM
zT+Ri?oBN#k@(y|3Oo63FutSDJDWbGRC`ofvHze|GO@dQ?$6--$3Zjr0-*e&%K9TjF
zWj8P37d!T6S^$_wIT(jCwXb&Qg#U$m8C!n-#HqDVya*u?aVvXyEl*Ua!B)M+ZjKar
z&&N|IvpqXXI0!uI(@mK>HI<3^5rq46jPfn5QP%|e(jKiX-zHCaurFB^C)Ru6uO<kM
zYQ7~|`cJhEsYcD@EGEG5SLZbJrKx5#blvY3B3`0BTT7d8LS%G1|M`$GGu^9IXa@mv
zOAMIfb7{<>m3EOZ-XWWCxzx}3AkhYyAlD@*)SBXocFsIGdVha0lR4dzvf%<Ld6x#m
z%Lho`JC55KeKV~g!O{plo{Ojqf3c0jKev-+A}=k%k`6U}hjS|bhShSXEEpe2NZQJ;
z0n~yndn*mN^$EGf<aVt~Q)tanUT5w-0$$531AGKt_<0sg><)0(iHKpW9QkN{ihrEz
zCjU+5h$rx*jV~JG<I_&SIL+!xWcdN9a^_-?%ReVXeYNAx{>fkq)y1(g`9JeeU-j~g
zuCrDj+|x|ME<}=om`)r?Q$;x`rcOuH9D=eQp*m!{9s~pA?a`TfKvf6`{JD?ZD_YNx
zzTxdA6rCqekZzP-74CsIv}}c#7iTt&6eU)w;;6bN*he5w`j>`k7OU@q`?1tj3`!X2
zz^5*WI=BzvISrf_)8bRt#_?D1*Oae@g;3EGf7;u=dO*N<W$pmV)}@i1zTUskop2vX
zt2Pwe$IlTSceu)RVg~0m>-frM#qO!?pgiOgV_R}GQJrV_VHcnMOJ|IMCzsh~UycR~
zQx@&{E_C(IiMTR$mZd4D?+B3{FCdcPLy9mNuq2HnL-EMVaUgOkM@QY=s<ZD+PuEO;
zkVAm%Q^8u;9k(mUI`3M_WEZjuxF~c*u)C_)a=Jjy=BtE-n=9dO>NL8<UhKga#o?+U
zoCrkCR_G_HMYdcEFe-w{!2B}3icIPX>W6EnhG?+Vdgur;CkaEdOndUFOiCK?5ib#7
zF%G(kvlsyRY3O}Bl9|HcG`|t{zd|Nf^i5ZPQxWHZ%BS;*r|<)G>t&Xqp8J?Hr=Zzf
zq87oxRHBqwTyP{b-(C6c;EX20+!64@!!Mp05~hGTaW&6gwY`{!r{Z6ky>}9P5cKi3
z^Q(~y&(TkA5{}rHx0q0cgUq;FheI9ZZ4N<V)nMCV#l?BBM4L}vrh;Ps4YZCaW{jsm
zCmcZgtAp&&vg;pWnoL1j2_fAFluNUMFgCr-I&6+Cel#rPu!fuozLTzhq1P0;w9IYs
z3|kL<vU|CSzKt#3bFlc8q%OiTyndiINy;4(5c!Ee5d|Yw_V)EaXT$bmV}^q~&N&va
zr6v;(z#`#ryBUhj$crn5IDWOrLL&596v`)vL5_iUn79l4(x$i6rNT@W))=-m`-h8u
zZ!3jo9`qqkHokGA+>a3!$=E;ZycwYzSG=YqWJ|)AoiSOrr?KWw<uR?MN#+v?A@iu{
z><hrW7wmzZ{WKgmf&2>v0-!tsz$TwUh%d{3?J41ZPf-JOp9hG+SnjOitF~4Ymwg%0
zpH;8bK(_{~?mBVl0n_bXezznj?UzIs$qX{?d4<MLs6VR3L_Y%j^y<7O!u4#7z2ums
zrpwcsE-T|~HQ$9Yg7lf+=$k^s20-M=4KE`=P;SkaH(4YZD-=iL+*nNkWuRf*a&nLI
zrKvsCoOA0YJv6x}e_r9Rj`yKpYD!x|p?phtekr$C^P)w$kk2ZS%pnfP8q9r9T^*}r
z#|x~Y2fk+6^0=1Kewack-QUH@naO{?1~=YqBzilJlAudWIlq%I=UVB&v$^Ypjlc*@
zF_L`r<ONm)d9~M&MNO6ljt(qrYOxIizGkipf=vMMQJyq{lDe~bj$+p`T2e31=yPdl
z<O_ZGN&KF0rD_wqv%dTA`^~EbwAfgJF?h}w@k%4+KvJWYdm6w!oR*m!LAx#_1v00X
zw{68{c^ccRzVVvA93;_>V0)dvJexCnj*bDa{GRBaxD^tP2V30}Nh{xEPyX6@l68qS
z*}DXwq=KG9<TtGgVuY?occ5z})jb<FIAOdAw=ewI;2xhF9wAd7jU*V^e$x|4xWK6d
z3!d6Nk64og-GuiDObT8lVp>wI!C&b0@JhQi)?GyN+&fi?MHJJp>js$H^khvU&{7H7
zoohUpQt4%XQAy%<beMl*WJ)wwy1JI--v#iw&V2hwNkF>JK1i;i$OUmF-qGP^O^MfZ
zWSV)-pBo8Kg%ru0dS9ey-TXNmriqUZVCALi5g-%+-*lOiBnt^5h9?CVKl>YG^SJ$X
z1qEOrl%Ii4P==|F)r!|81CD!Tx~1;5Hc#GYU2hbM_V0;X%y)K(!k#{qmc}g}vrh-k
zxaWHx3M<78xSI+?lh8l)#GjyRlH9Ce&DnIEgn^<|f=9u`7e(Ke5gLTktghV=;#G3M
z4)}R_(13V;JL!++`U+|d2Vx0^pzkl2_=C5Hb!QJ3J%YT0h8>_9EM^e%Q7HOANLl%K
z4sq!S;>{X)lx%?$4a_Y{UnOAJSl*vq)FZgI1023H5SI5^v~w6kGv@5Tnw~r8qIpUP
zD#ibS8xGMJJwt4wMTBG+$*a^+cch#ahm34Z+7>_=Noi=7SReN<40~hwu$>fN26+?{
z<%MGN(2C{u#NpXoVw`;J>NglJ<8Db{5N1Oc$WFF2sy^FwaFu81=&Qm4D}CsuKk(La
z*cQAax>;XxN?Z!$IBnTTmAR(-MMQsE>|sS&4}7Yz5f9msr^8VJc%z;P7`qam`X5za
z(4so|Em9CQwyW$yY%jIysO(Sf@JaH+If!5n?`P`nw9wR=?mR#-q(?4U`pdn)->GLZ
zB4O8+n=qIZ2vt#Bum>gs_zT@>MSTu%-Sy<oax7(>WJ$-kZcgyq-b>3aXIldGXSfA(
z<`);571LC_yy_U=bb<voqO<ya;TrmdgN;T;IZf9XVF|`y75UP-X3I2s*{M|3Q^2l5
z)h=aOIvZ&ywBvIw`e7kqew@`B31_8x&|_~~@V38hUGw$-C+eu=K0WI;K{vrcQ&NwJ
ziL8txxu0~98&Q~Ao=P)gkBpQ)V`yzx`hBCA>8xfnb3b)|4rx#yy&xwW9-Zj9Sqj{S
z+@;4DZS5G<uF(l&RELpa*o0Y3MF_`bl3S80h1?t{&);g6E2`0%wT~a@(Q*E{Q4IKX
zgO=b&w)7W=ne>twdg@#vjaUdY6HQvelLR=5M@jSB{Tp)YqwG}dPKzzNSuVL8%RAPD
zO*|LMc7LBR37r8R>H6Hn2l_rjOq&?+23>t8m~4u~XnKTXkli7mgArAr;$%%IxTd35
zU`(a6n54y%ejU?_eay8i;+lMHVTL)tQwx>q&l^h`G5FtUhDCg3V#Gb9*6X43s4~PG
zTElH<hc~r|@7X6UW6$}Bf5|{9OHKail>zF-AU=>Yce-<;wB<1*aGfpJ9OPjF%bIY4
zAaV)FPmP%@{03`zWg_{5{P$)IwMbXPLen*WmXVpTGE%YEIHD~yo0j{Ltcbn;m4Nj1
zWAvM1ylRRuVk|`o*A$*!)cg|(UXqhlO*pi|QnPlq%U+sT>Va6cny|Nk>A?z&olHb-
z&Az7>z|yPg+m6)QfhcnZe__kC94CjZ%Zi>P1TIOPm5hKZUcW#MZQPDmvQ|*blsw+8
zg0$ILMkfd{kuKSuWoOO1Ly2w*Uqatpb#M(f_(*%)kf0;bf2B%0WL0n*Oxuu$_`(`X
z`y~)Guct<puI@wEZUJ_6ZeT*NTqk_xa{UJa!Im{<1CESx*bS*iX_Nwc*gM?7b%>Xf
ziyI&4sUfB|sDk!czU4ZK2d8+<)*+Lwj9{ao9WnYm=AU{jj5kgm@y3~$c<w<1ZF6R5
zZ>>T|8fcc)lk-g691a*%fxEk3G+%+KIaB^1L1-aK<uB&_&Kg~uTRq(D79TU>0tOL6
z4<xgX67)w>+)rE_3Q4*);6=`{)-#^uyjWo9u_;~>E_z{sBi<n{)JzPkU`L>kw%LAF
z4#rO78Lzj4w5H#ZmJ)6<uBwQrjN<TC+em0mhznfub;&-s5&vzd$E*p1FDh(xTxe~k
zOj)qnffAP$YU=@WuhZs_l8DIo-#t{`>;##Z>TT9Pg`ABI>^_x=&0BYdS7()sA?&#`
z3G1lEuQjI=II5(M@Vy$ZSkDB*-B720Vg`7zTrgS}L6cGbV+yGDPzGxUo$0{UPG@2I
zB3IR&ZUfAH*1kkYWd3S++);Z~O|U4x-JwV1N&125VjSh~gs7XXB2)WRJ6PWx8ESxP
z+x(sf^fdBFI8K*wcP#1f0GPXQa)>KiDV=Wq9FH<T(KUH0Y@pW|-2v;Pcp386Ua}Mx
z1b~sq9H7<~Q!^>3dD2r^lsmMMx3{^duA{7J?tmGoSOPhXFg!hGyg_fYJf^RLB1pq!
zbh-}TUU5rLk@pf7YqrkKWNV9{`cJm-w|e1OIcWTd375Y~{B@bGiMOSWLA<TzKxn?v
zv`+RE8kjXy^zPKNhZ#1&X)3uW-W4c&D2Xlk@9gHxvbN{&q{&H|2!R|Ler>=)p3{)9
z>g4H#K?~e9eLV-o=DRW%XAlVtJ^-oaFwAx<J|l*V=)HN1%uBcAYRKKyL7*TM88~Fx
zg3m*6m(i9>l&=tY9nIKQC)s#JN$Qim(%)rMTFe_P{=S?$?U4*Nny|t`(tcu(#x5K3
zBzuFahAQRGs$KSS#B?wN-!~rss4mIg*RAxTA#3Nr#c@R#TGs>eoiY9JwpE{fy!%R&
z!8)bOj+mc+6+S1}&ggO(o2Gs&8+K}GBH4#t($utPl?1L^REsnZY$#0wm$cU$z~9Q^
zi!!{&W7VZxl}Gbvat6Lvuww4&V_^7YB!N^_rqhhSt@1CN-mYxg;_)i?(Rm1#it^Km
z6LsY<d3L})Q8kjv0?n*@0fbHw*cq3e&l!xWaDW??Mlg4Z8kJW3UEfK$$eRCVNZzq)
z?wV2m>3~KJ=PLV)M9(pruy!s%im{!0ILwGvh)~)!FpSu{HM{k3H@{MmC8!Gaf1XnQ
z=iKmt@`ng2JRd9J2~nVCPDe@5RFIVox*f&}aNZH#;i0)~Ry>}<yS9>1PY<jn+RT@B
zqqwqF!fbS20LqTi{IM0w{gq=raU`BGJ67v@orLOKH(vR{v@DW-Hd+cK)JK^j?(-fB
zt+|dlDlF<oUHL0=3i6~x6N6{7V_k}^UkoVZV~dbwMzI0N+=?&UFgbv1E5!pXUGwNv
z?HYDawq{Uy%7Qz?4u1$^JpW<fClO$ZF^T0L@qD&+d3w4<y@0te6>fa_U({`f6#bfe
zf2R5(A<73x*MN7#H5pmSiT;K_3-y<c?lSQ};^S4fM4(koqOv2K)m5j#RPJDC&PArG
z_uiF_!ztpGrwdMs)(-I*h`S;ED6xWw&@iAyhR^H$WKE(K3b|OX10%4lagRgUX^Y{O
z>BmF8GmZAJ>_}`d*cV`z>bW(i9bCG~ZE-?2KJ9<?ny8oD6RY2D!QJ7q&6M%I!o<Q;
zZ%vf}`7qg9zGCW?HuFM@N0vtXy3?h29MN8Pcn!HcI7-)7d##32CdiGilHq$nHNk<^
zVgLmz&{;<oV^y#7YR{`3;4C)ceU>@DOMFi=3T>%2xO5o^u{+4IyuH9*EJ0aauD}_}
z87wBZ8{$@aCSsb?kH&1#0?Jzag?7TLm@lxXxFY{tFuuB~Ex2jW@{1H2X}+el$=bbs
z@`|v{BzOY|(M7_cREkkL*!tg75nLSfh#6bZsIBxwCX8lH?&W%F1#YJC?Uymns{W;s
zU!flr16L1=vh-?<FMRDy#06vnQQ=T8JVZ|a!nEmZ=}5eL%K+?Yl5&hxSsLgOb92R?
zP3vg6oy-&%>-)Mfb5m;)S|vc(7jl=TISF;c;`sSwc2y}h{NhrFZBLdGUF2bc1>yhG
zOTcW&Gt(7Pbo>)AT2h@K3I+M!=m~8RCUWO1yS-~3ujd`BV(&Ux3s>p3SZxLAIA-&|
zWnp-AQ%4Ga=3pdUWa1j#CI#G-k>HbR*Oe0x#<H6uGPz31-L{H+L_}Xd-xL8b>Du4`
zZ&U()*5-4emPm~GPrT#$lZE&YNfz=(=YHeOrOI)9)pX&DPs4x=3P%cKK<Hf#!EF-#
z&Gm~8NV6MBZ1Rpsb^W<UBMimUF((Gb3iyb^>25N0vwjzAPJ9EkCd9=oy#1!LN7oP_
zdEYS3?Bqdm{iWZDbH7B;9J*g;M~f_sAbaYmIoC9dnqAO`mNV9=J5c6Wxj-F;6x_Y+
znQEfbbr<o!X5*hE)9L(z?1+efBun5`!5eA5dTXw01`@InT4evy1%9b9x`2OZXIT`6
ziy^_C{TW%hGESUWRX8e2@s0aEG7`-I1*jqeR~+s#_ze$4V5PvL{a>+sYYq<uID?xB
zIaTU$Zvhu0rKWxqNm&hwF9*N_=nIj7<-XfZ(C=ry;kF<+fZ8omMi5!BgfD2tPO7#5
znF1+UQS<=`bm=2}g2Qt@5Mn*Z0AF5$+qgnBw0|`vGO}%Brs3qx=}!3g`5JL29YgB>
zp%kbf?9cFP<k=-c+yK54wQ0}vOKdqZg-}XpkFe%)Ug*&;L#2C!`s&I_C=S|TjfTbg
z%YYnPjFcy%!0{~^6cexURDr2rKU+VH*3Us#nLeO9g5(iSs-l;^pp8h^#5d1i*$yTm
zz3SkAe_D>Hp@J=$r*alen|$j;ePZnlRE4(LnBi6k9U=|7^(kH{@zQ?T;Av{G)2qO*
zyZEJSZu81dAc8!Q#6eDNmSEMNttxDNiX@c-_Nk{vFA8+L=TQt^)P3J&Dj7xV+=v2(
zquG_~%uAyi;p`Yg{#=-@&-cM_P*tO@rbHq1ke|%>m~B|Z=vZh#nX90JM%X8)=WX6;
zA@8x2#mZoEBujD<@ydYYt&GxXnw^^AP7(B^yN3qB(ZghFDCq92$rw~yehmO#;r^{g
zq4^{<0JUM#VT@C^F_n)30~o7}_s9F(=ijF2k{#B<W0EBz+=<44A{zQVm;3$V!C(b=
z>A}y~*3g;vr!}fzM0X5lddSd|9B=;WG54*`3>ivjlwB!)+FR`Qp_!Rzx>}Vxap|{;
zSS~sSfFtt{Z>WeW(>7D4d($OK&X{41bI`Nx13<K3ez%IMQ=yM+N5KV+TD*XN&>K5#
zAsCgO%Z&Rp4<I4TRWt0A&Z__WE}q+5m~fis=1rePD0dRB?bvTWL`qnyl@k4VHK1hq
zLxV#E>9p`o&JqHk|IgtIO;+d3@WeO<|K_<p&e+`#Npaa^W?*c9N;H=0U}^0{ETB#W
zj~!K#VZf=P$F7H*l+CaYb~(c`j~b4_Y|s-rE6h-eTHIA!zfXXV3uQV!$jbfRcA_NJ
z1d3yvmr(SZPN=>BJ8y9u-wQ*{Z5v--$F;Z#75g7;QFj2yjrh(G6)Fog44Ys_!mRj$
z)r6iEkBA8cfvZ_k^2d=1cBeylJ=Uv)tf8BG6du~UxUtySGX^7tesy=dxLCZuP*f7>
z%bqWIZlj(Z6GSrQsqen8^5U(<d>q}D0#G+>X@wYE=``c>2}Zp>N-Rh<_bxC26tvAv
z(e1vA#ggUWQJN!bw@)1iWa03$#q!itC3ql)fQ4Z7X`*!TWPpJKe+~|Dr)yHTKx!a$
zHwzGwjUFZAmI;-Ve%d|Tcb@dmCDA&+k4`Klc_Ti<x_W}sg}jgR%1Dgeoe(Q1FAE0X
z%LH{iJJrw@Q7P0xlg6dgcNr&o&Z5?z{yoDvd+@@Q>Mn}<sKUSzC<Gwo7(UD=aepi4
zk&$UY&1dvfI@TkB)x9hFOVPIsKR5Q-kBFO~F4a^DWW09{7B#?(OFnF17ysGz!~BI5
zrK>754ey$N#cjJlVYB!Cr_I?eX504g<_z2mIF73ub+F*8oQ02Y`I6mao(2LBvHW?>
zapid75*1~Pe8|kovX&lHe6{8NpTA<C@!{lvE5rmMIU%+ksfHs*NnM{_sCL%|ncnT=
zfWp>l8TP|Pcs@lg2$(`MT&_;;vXVEwHr@5-A~`6?p&KpV5uZrsjax?)$-p+nb*gvH
zAJVwgTNh2be5gE?;|!|@r|B@qPc^^?M%k&`j_1@u^%n(oy~cDXz|D`8P>afD0rAb7
zz;VVDfL)Wg&)1L@B9rz-X}fXaMGvTm5*^NK=^EET=?cOZf9#sfbQZR9CeZPDLkKQF
z+-Qvk9<|RzZ)~Z%{d&ZpAtFyQp6r}HMPna?m?(_M2BT5Ll|z2^E1&6ShD-?&YZpI}
zqUJwq#LJ#VB2pOexRscNE06JNfVw;p(lnIW2=h?&J1-LOaDG2RT6}Tu5mn^};;C_2
zMT=lvJht=x{w-3^$wNok2l<61T-ud6@2pOsq`7XzQtI&3SyC}IEgL_piSD=wqAU2q
zBlVgA`O}sb=wr!VQSFq~2-|aKx*o&OE8if(?XPuftFa~eG_0wja?E3MZ(4T3Dyh>{
zEDv68#jW82rrKVobIhYPno85DL}~9f0C(#7c?<w&%d0(FKcI&*Bna14^SO{DLuuhX
z7?#`wvI>E(1PNEf48ak_nvN?!ZXvRlc5Nd)G>kWKr*mDXmZAQz(49uNCZCymMjfPa
zk9TEH?Os~x96+qw{qLDzs|RNQVQE<ODmY&QYx`%m@*T3E_}m!Y=<7TQ#Rhv0W=p-m
zPz5s)K?*X#%%L67AqMyHr$=D`3?s402F4&>>c5F+qRH?S!4;#M|DUo4Sc4*hTtCjS
zBE|A|s`h*e#AIWj7J%MYpBsoRamcv<=$OQkwi!&n{(#vo0<N7=;Fm^oa{;#}FUVrq
z#0h;oJ%qYYnMlj*shGiz^QpBwLbew8F}NiE&=j8NJ^@p`+=tnLoBX3*UZ;nNphdB&
z15BXR+nf<?@tPSCyJY&U-e{tF<1v_Ro8F?uhx=jZ*^L*>aemU?yYDnng9bWNwp6ox
z!%$jk7hT}yaGTy@7uQzL!Nsn3g_G$aiIxfyt$KC3YzZCnVN=T;yo;^d`OH<TfRD=5
zIMhnZ>H4~EMdmq>w>>$5S+DAvrXlJ+F?NgJkC5okRXwfka@}9Fqo`@)G+eF`+1((b
z=C1zzCaWaa)4N6|0lIAs38p~a=bxjy6vbpDy|tJbY;TN=FR}fM&8)X{=?mpl2Gc%(
za;KAhX|1{c<nutK+k#D>miCqDavI5uky_2Z5Fn6WT#td)a_b+@=GEq?p`sn6(z>)6
zSI>W-PWLMj4W`aVw|PKlo}=g+>#&6s9yFBvsPEEkZt3yGkka=a66ePXkn0DaYUSmW
zH)p&UsR1cu=&vWBUTJ;{GXa5BkLGGwbWP|=+IvT+&=c0HUzwgkR9W{5`M-+InVb<`
zuna-za4S{2#)qrYD`gP&%+L^_@gyQ;Q;y_m8RCMBMXANh9WT=~bGlHmPw8c_Rn5S4
z?o+-;VUKlGP8#zjd+peNuh79@3>p;eotsy*imh&6%&Kx0tl9Ksx%|hoOHp&sq7=sJ
zTw0`WFfOu!Nf6aMq|eR8o0T%Vks}dkvd(vqWOgY>=zqN2i@tP!n5W_CqF6L@B#srM
z-7r!rDM&$zrTizH&bQ`3#ccGL(-9dO$S|^5!<05C80|L{%~N{5;}S$%%4TNkP!eym
z^uh!OgfkH<T@|=c7Z!$o4*EcpU5^12aLN%mb4_MHMu(<vkbIdYN%Tg3x02g8=BLgU
z->1U^UP9ptq__L3XHFrs?b1HxY0n!lVE6>iB~l8nYS)r$8JS>0hq1g-{46?>83^T1
zj{<MX!va5u^Xfv*%~fu;f-jP<toB|xazp63z2w(`0~@QL%0Z7&KB9jeGm~f9l96^x
zY78DdPw|x^Y9`Gn*bc5Y%@5q7DL30iB=JSng^Bpo?rBZU{_TKQ(>JZ(5;0uaA<5z4
zq9E<oZda)I@*Dw+R@vq>?AnB&9qOI6gE-jw4h|HXw0I*TIt6Zrnz3te617DLY*r2$
zU0XY1=Y@Ze?MwREW`<NG+-1pA3x4poO`sBx<Xcm-F*P$96OV;ea9?@$qS`P@_TFwH
z+LitewQ)M)Q8FEVs9ng^iv#{Pw{+tsKkR@u*n37K`PVfdmNoSkplwD@_7bd}NzL(n
z&vvwDRVfyI=JU$cUS7|=7r2wsxHuGmqMTuKwGwMdsB4M(JLHLGvldP*O!Fp0UGGPa
zMw4K~utqO;2rU<P!sLs8tPq>AkzRBrc7%OqZJn7P*~cE*G!C38@T>D3#ed~4L=SU1
zkZylH@K_YTXk`9+YWCwWmQxdAGEzxqtIxYZ9q(wy+dLdk@hG&Jn|R4f2st{F=wsqI
ze)WI}kh3B{xb*r?-3R7X92I_dTx;R_7Spl8vWFrw!oaK;)a09NQa$x?mC4n(x>N;n
zn_#42uxuJo4I7jpD}Z>ALbqgdP(l?Q##@Tu0H_`c$^#1GV>>YLcEOGD-t+9{z2*&2
zsn9Mu?+VTI7$Y0Pq><9b7uAAm{DLqYGG=|77k?)36p~E%R>#Hv-7~MsBbausQo;x;
zo#bj8uwhh(kp*RdhI+?Xcj$n-p$0$%zbE+Y3YA^by9VRIrAdsjNY;CRs21K<mn?Tn
z*|%F@kEiM<9?2&-D`NW}rux-xtV4>`!#V)7z$TEvmx!r<j4NX|!An`sEiW+A5y8h5
z6oCV2dQR8yW^O=49!KT?_T!t2oC`Sa2a6nn@{KtW47gk!3`RPnZ9M5w2Ji@A+*H8K
zXmTDz{A1;)ygRNYsd0!#8~#MvxlZ72Nf8WrGq~$}*t-t3FiIn>Q|TwjM%AS{W{r>l
zLlSj2q}C9@pL=vs_RuU?19?7un9i4F{sH<f8ex%m{p^<fr3L?FBOf$D*nYayoIOSr
z3U2WfNqP^GzK4^B4Bv)V4w>I(r~RGo4T!5=O|~x3w%Qi`q_<96M8}`+SJGWrs0qLJ
z>ghHt%wAundjStHmcPAR2t;Uq&QVfTzU|pH%%^Jk`r}q_^VU0#2a_X!YZ9KG(mvb;
zo41(zON4;;nK%<6%ERiNlK8jEcGAw+qEA6EK*9TZm|u{U_MP~S{5>j^7(>!UwyT7z
zOPLA_19+L6Ipt58AC$KWu9A20oIz8ts9^-PW0mV}E2ELyNI_jt7{`OfdVf{WYidN#
zMC^(1olLQWyCeB42o~~aW&|FZARxqy&OJdZ`V|FM=_t<p{gt+DF$4V&?LwK}UTQ*^
z#<ulv_}w5fL|yxq@M~4!7M6X(BzV?hp~INFnz5s1M#nH@*SYVFcH8am9aML)GIxHb
za8eD6@Z!Zb3dv<D+&Rx4z>X|{RGVP1q!1d-(-lEi->N!=VH^Q1+rmFG8;h{cJQo9C
zaCr^b%`tk35&t+Mn;c~0c{0xtQ@j&xj4bc4(wREWKEn|HZSx5ly%bTdc0TZ{zB`^X
z_mlmnNn&6@$BAjQK}&uP=1Oz3@2%fbBm3}OjDv5poqE-W8(ljJyn_xeFDeJ82bZ1w
z5`AUJwu3ku%4e3(*%6|NupG9d_qSK)cyA)vDzJaO6`?&F#jYN_nHt39pv4u>>i}q@
zRxSX@`vVdJRovUl86y6B4B!)?PZ-X-bz@z>G6YoV7MS|pVZ$E<#tiO*@Cce;m^!Mh
zzosY-`LaI9^{nQZ%q^aML~uA+S6o3V%B*$pbX#T|H89Cy6*lE_NhDRc|9BPOKIMP1
zIkEKC^(dza4fItj(A8SruzOe@<L%y;*g-OM<Lt<oLM@S(<n7_%>m?q`11=2BFGL6z
zeO%wPj(F8a5YZ}(V&E3q6G3OxW)^;c!3kG|$|q(Q((urNgf(aqmX}%-;#eP!-}6}`
z=0ETuc_0=X?7=D&3rOfVbrEN_;7+)f6BV=zTNzTxx)`}R?>eZ<d{J(lVoxt@Y{OAr
z$rOY^aOS~Cd?EQ0{HuCPN$WT8HxNCyJ3P4VY(N~XT@|LmibDGo|EmG%D~?nlHi>rx
zcPh|zs2`<_?U7(j`D=vw{`Su&V@Swv=$KxlL=|Kg)bx}3U74~%1?1ooBX+*;up0;}
zw^_^-&$qbGni2qpCiFeB-?1*85T;M9>k3JT`6d|sblJiw+m1wqgjG-n^Y)1IQ6T6B
z?ijPRRX~<&yv$M!$N9i&>dc8G#8_k3?rp@m4lHergN%uT_m@5fxtga1igrc#>5+a&
ztPZ%TT-&V5p!&gZ3S#NX_RkkW2eWeq___!V*1whgJ3=iNSg{1RwFh-?3YPb+z4aHL
z4wbmS3hFuC%W^7Ca9HFrbK|S6=(H@;D5H;sN8815>n<bPim%6%3~q>xp;9Xn`W$cG
z<a~K#&mZB`CtsfB-C?%5A2Gj}*>-luq?otX+F4I(P12&jeXDiBexcEGDQA;pi6M~)
z#EIM{og5)xGkqLA;Ud~rp$n7g&eP~hQK40OSrzHm1{GT->LN@+(VNA?@lZF+<1<Vc
zxw0?NpNSW}ERJp~ys9yx-B_hP8=8RM=Ab&zc0>#GMspj0$k4g%W!v^mG}4#(42i(l
z<jd4oOlQKQ3$>57R$f%hx+IUo*knAGGG(H!U`DUT2H0eKu1e0_^PWM9jylt2u}M!0
zEbevko*y7>E+^pEHN<z6wG=(lD#o+O1#foudtG2*&`N9>hfxJ1(wXyVBL8(1NHDNY
z{ej>cfyj<c)hY-=Rv~8G{C$PKX292*Y9ugaklk=Vt=LLekRuDVG+?FAwbshgS0OJe
z@zT#PIISs!mVA|*NnO?iSH8dzU4@8DQaQvG$pGIcnGlzY-j}0Tcvhb)`%{1r$trQL
zl;ED;><+0jCJ=bi*h00}I0pPg+=ZdGxDFgW7+PV7E@r1+C&p_5o~n!(#z>&tRsUj^
z@N%Sbi3RvVp=ii|LkxMz#7SywY*0Doz?g7I0KF7!|DVUe%Mg@fbpxDBLhRcM3l50h
z3pMfF9Q4(C&;UI^!oTH6>4!z&v$FDMvT!f#{RlSt3`Z8Om>GKX;7aoNr?)JW`S`{-
z`%=(sZWd!b8HH0;7nKa!7VbCo)!5>{Wex=)NHmSLP12`{j|Nl0gpqF_JY4@i3&>h!
zsn81gjr#v&Bbih$G*3S<fqsy?V6RK#A`8y_@U6KEdf6TdRz&-(+mU_rE}sJP3x7mg
zA+*}Z=QY-9e3l0QF{~cf<$bRd$FkFtv^s20UKv<iyde9BCKn&NjA~1K4-pZj?sCAO
zD`Gz=!=UV1-l@5mkmMvI-1!7N6GYnWT$GIdA+GZ}Q)2bJqDyiN@tYPjt`!ef3C;3X
z;PPa}$P;LhVBIs)*T$me`FtBJ#J=;_xrsHmyD$Lj#Xz4x;s9&y2A-X9c5mx@zyr!J
zM#%S$T_a<=K53#>T8%Rq?6rk@D+E#XpeeA7YSDfvEvXPSp|G@P!9u7bU*G}`z?Tgs
zVtZ+6eSovw5XgTRMX0~=>fYU|I?sV1nZoZ*n!3-9N~^Wc?(K;j@pjhVURgoiq8>T{
z;g*c1%sJB4IQ(BCh6L`esZgg7SZ{5%I1FXUIP-nO6C5feaQsW3Y=+D#WSTG)VzvN2
zf^VN%z+ILb4M=0Ka5$Iupa0^^&+w7W?&VFh*hR08X`ehLYXzhhgEo%<-93cK@bKvs
ztT5vRaiRd*CZfo;6V-{dOa%H@R(wI~BR3w;kaN!o!3E#;pnx8kJv`#vp=mnfma&*$
zteKUS3%u}APz$?^Aj`WAc4oI-4meO+6PL#p$UW=uw4UKBtDeikdK8{9?fiehmlj~&
zp&tidh`e%rP{joOuuH}fNh!tg)A6PdXg3x|Q9MMRXVGvniqBPvqJaG%@VRKOXFe1N
zW*Gz%#5L;<PJ>dEV>=>e9FQl3L%iKdXt8e|!xefSGh`=l_jR%~_kiK{#SRA*k-zI1
z>1taEsP(Nn;YAB`BtVCZ>tZF0$Ly9ZJ6zysQ`FW8Sho3nyElcyRQP^>X!ebg^*?uc
zl+;=gT<U}|XIb`?1{6+M71p9d!NowXA>S?t&LC&WP&<@%-3YC9zHRce-T^bttGQB}
z_#&HjWYhH&O!DFOw4C3!-&UhAA~c|+*PjN7WrZv>S?G8^1h#uWR@M=qUk}iwM%iEw
zjA`5hvl89<<n<c)QMK`&FJ7c0gjasIP!XvpfaLmgHl`>*nNE(R27JOo2EsP;#pHf>
zJ|K%`TAx>YnRs=tM(c?0DQkhJG!xc;+P&Wrv3{+^6q5NgVW$a1+W!r=xN~K(c}0Uw
z$J14Z_j96#yuhZ<H#+HAKQ<9gr5UMjXK`2jw}7mJ4Vjkv2{gI~Y*u{whf$aZb+k3`
zyk?P8RC|j*96t-3BGV$3ueUPogWaeyPfPAZcs{?Xm(Ve)8Ja<kI7wdolLZD`ROxJ&
zR+6)qXK$gi{SUc?F?Gns-sjYvd(%TDkY%`t=_<`MAk2T9Q2`@{RQj%ua_7ApuSbV8
zFnmHi^U_rt#Q7@4a!1CgBYr%ut?>v)Wom~f6{^cCtRb$+%iZ=%(D&5>Zc^AoOWI|V
z9C1hcr}%8DnbB6Ki5P=wi4k@%q2#^9rc_ah?BD=F9kjp=6FX4l7#cejl=9sM!Nd>d
z$S+`Cs^;>BV)5U1unN8_^BP47qCUJTbr0?!l0=HBy?4lKn_7u$PWNs*Eu2xg=1L0H
zyC!mz%ILg?IJTP4OVP6#+jXOH81!X1=NskF^y3tb!UokEM`z*rcEG1}t>&X2O8+7{
zZc;H9pl87iWeDQ>+E4tkQIN~Hwn+=xPU3#T*@;G_l0Oa={ja;Aij?@5+cm&F={K<E
z{F;Q)Sfa?_exx7Z9KYF8sau0Yr+EzjdNT?r_FyA^_C>xS%k!xP98=eW`GvKc)xABT
z?La6a9{>zj?l+AXOgoVTWPMNaI;DWnk7jedVbqtSDYvmWsIRjf#iEk-g}{xgBsL=F
zvzs7;c-BIlNx*Y4SkBo1YT8caQX?BXZ?U!sS_Bgu3fImVYirIdD}(cb0FzrLJa!b!
z3ouB;Fg0JiOz5%PO{c9jR===T4d}rX@GNYUowy}A2s+Hx4-Y5@*uGqKmqV;c)hw2<
zDy1lpMSUs<6eUbp$;TZb@kAzQQQPjWdV2Bqbh4nxZhiWYCKBc!vYjmDGAkLknwSTI
zc@sQ!g8m%xMT>Pcq=t5rP{-4c)>hT-z;87U;iTC$8`vF|xEl~^jyHSnOC!oL$~G^q
zux%|N>vkB_P&E(#H6xv33~5rZH5Ys(xCM8tl^Ts%&hb`0EcuFd9Dr3?>L^|L(nZG#
zNyhq($e$g`X3JX7)F!vAoP9MQRxyrT3gbDN=*b!q;SaJHGSR|BmHAxN5`7_zl_4O3
zcWAc%>BjBE)6~Pm+yvyz#>W7&x$5?eKReo@KosLv{QIUAbz4y!*pZ*vg%LLn)-cmk
zz3V4(gzAL1$sG?;rNok5--3~A#5JPe)TE2aqFgUWQ!j0qlZHSA%gIS_YLz?n5Hej+
zqCOSHtH^DzoPyEyQ*d9q2aS-TrO2@XcH;vLW5Eb#Cmye5K0-H~xuOflPK(Vt)YjRZ
zo^~QzwOp5cXAJ^9)A^EK?^j{$;nru`1WUnp7D}3BTNxNe?M9alpt1ld@zbj1Rs@V^
zcW4wdO>K1nE;#M%^a9$C9dOM=-M0j*i+w^*@oTYfo#r5z(-JY+P`Vf=Kqy-F0JjdH
zUTR3e{cM!#(C->EgW2EWe|hP-sQ5CakN{PgR`MV0pLN4M?*reNxqs5y4o;&$5XKaq
z<^JjfEKPyh(W+SCTrsQx|6AwT5oF^r@>u&J61TvL2`o|C=lsZ(wP_qqD!fjPqyb#F
z-fgD#3Z7p+tSrj(B~1mL(K~9ouaDG>8)2WG^#dI`Cti-&_rbut_mPwQ3$>{0KW?BK
zzg3ncc~LzuOc}qPqrZ3S3xu`AP8?0jG{+$sH&p!F6G5^Rkqh+8DnUNI{w`nJEU}du
z%bp{L+IH+ubzyuRWkrKoMNz0xl<rnON97SP+=QcJ)q?$!Sh<aUx%@L{?K7Ii=SICy
zW86G=A#D7hTXie{Qc8Z(MtEj`w<Ki<kgNrA!iuQ<MSm|_B`JvrN13`#g6QLbcLSF&
zROtYj5hFnBvy4?vDX5+q5)X5R(@9`83FlWc`lj66&&Ws|Z)8^?r#G<|f1MXnrhj|J
z9ypZBwh1%HaSUm>mVc~zoSLF%ILDK!|7e{HmWtX=YyfK{tSyh7?9_f7rg$Mzr&WFn
z9(#4vdxx{9@kAurJ0{{mNNR_VzCLRJRT*ojaULa=LbdjDsHy38m+Y0V1Vz-gnE}G+
z_T)lHVP;brdu8CBVyk#_uV~pLtnbSTR`GKyDlktFWC>6$?Jb1uR0)`kBAf{HHOc)U
zc>pAtRUfDH{~kx!OK)9I-dHEYxztkROHRE*JRWo>M7ezg2X45#=X8ew5a#;=Xkubg
zlk2Zy&pVJV20%Z<59XHnxFe7J(bhG(z`_c{l)gXb?YOs>2*Il6^u@T(Nhkz{j&G^O
zB$+bM`CXMU1h;08NWR-%1^riTHNaK+fO5m>;vI=lKlD@qa27=4=1Y2Y>VVRbEU~n4
zJjgU^hmMF4Th;JffoV~gr=urFM*?@0dPqzkWWy!uQP5H)+@1AKS8~e16d^l_$31o#
z_@8}dA!0@xS3cw5E52*?9Y=Z?f|KNi*8_+sz}s8?;s%_VrnmLrPjb-2u=a*prR`%c
z8<~~tD?fKV4EFofBUSqOd=Z|FgjUtRqWt=AJOx;hE6LHVxq<;p*nm_XxyLIJRNZWy
z%A3=msk270RKa)kSQ~5B>MSh2XG2TEePyY_Al19EYEO`1eZCp@vHSUeP%UqwJ9@|q
zi<75R(7W+t+;}SIe=B$_eWNb$c0s=ABiH^st90oBoNrH#7Tqq&N*OhP<gZO$BT<@9
zLw9uzETV4HK{Dx2NFmuB++3Y^c`Wg>6TCfC>6RCTTGxkDm;q24heAI%6H52{sW^hX
z>~Tvt|09b092tiuo0`&8=t-Bj+n1=OgHWJO2p5)tZt^#da`{1vI9CXu&Y(BKF=w80
zej2}?Sz!nhmHgB;1>f(dX%N3X%_M9zas%)t0<9ar{?}#J#Y87hF!FYj!%E-EwD3i<
zyCk*iQGJ{_H5hXknVF+j_p3Ki?1_V34#0R~RvvdE=GU3`5{)<F)099Hd%8m7KZ*`C
zwM-H?B>_;R1Q6~2NA5HYkNFJ9n5aV_Y9y6Wc1LOxGOGSmknDuf*p?L`Ke(S5Q?vfg
zC1#XOO+r3)&Gt~t@ddMrnw&qzNB0fO0|^7c;5K0v8z@XkbX`cbTBnQHZP{8LPR2jZ
zaWvj^6fK7JM>9ex>wUv-BTDiK19{uWsB!n~hK5V_4>=-$9L3cZ8Y$9}=_>BLk}oOI
z>i9bSYM>)MxDw=ydVg&&GOTY}Qc^l-uWj(>h?5fGCal%DeUMy{Q!hRwXI8udy)E^v
zR7JFF^hJ<dI<uHsBp1EbEfF0JM^CDr)E==kE1iqrs&ZfN@!iK~w#uUq4hMJ)FxEYP
z*jBjdRfGdG2e%*78YWj~1x+)*$*gUu{9^{eXRjo?-1O6lAKCcr6)8iMI+aDoTk?nD
zK*nIM#{Fz_EY&N+wT9uWc=3U^8*0e+Y75fuTcu_R>f?BG-)3CAQAHN(&xV%G$C+MB
z{3lIZt8=%j@&1z6!@ED@$OI1zpTE06N~Rm;P<}g@J8!jqodmOp9ypk@AT-n)8f7Fa
z17R&c&i_+xbg5f0c%-2L_fYAYOTTB?*`3%i-jxToD_?Yn#0{be*$+&!sAd#^03&l4
z5vu(Foj&bz3MeC)lZwdsj*+I+ls7Imc2`F?hT9UGkg_ccgh7N{9?Pf(1TUmTPjXHf
z;Sz_tp|xcx74P$sYR5{o4&mN}Xq&;C`_z0dpB<AGlT~geG0B3+QlC~02Q(Hk)M-`{
z3kZ#|c$AY-i5oAI4z|etfG@4Jlpd|ayHhU|%|_Ak!Ctt|S#R0?v_=duow$bvo)c0?
z=S{bn<`yd-=&_KPp%7&V@t7XYu|jF;JhV~6BuMF?`P~m8Kf2$S8lHso$H_%p4Vb0^
znLcg>$JzCA1*s3e>Zl~aEIr!>7w=sv6k-hqnTo~olPWu7N@R9Cq13~ScbAV@($Fb#
z*4&m0kB#*-dNd*FItpQx!(T1CN@xJ1dW0Q#Os3Zp(ri*D`VT%kl;3;DUXQv~&9zXs
zia!TyGE*SWhhSanKwt*yita{?4n$3_vMY4eWj1{v8WX%F?Hf6Z_x%Xz9fXc}CWfsw
zo7`Bn-fWo&Z>ZaCp`41qLH{^N3=8x@P*1K^H$~%E)dm^mv$W$!)ZC46ifoUITX?M%
zRWp!6MZl$|+FY{Y<flZ_M@45P+7=!S>93CJAoulQggo8c!4obuR6}@Z*ZqD_<eh`5
zYV@A-n>_MR(F~OCOQWqz#3h{1P*X1DU^{cs4BmBoFPbd48Mv-N>k3|4#y4cyS%>I}
z8{0_S*YG;PB3ni*rdo&0z;8{6^p?Dz+e|?TDuP5zGVM?c!sydLVvCUD@)?e_3hrMv
z?$&Agb$w>b-TRS)fpOjl<_u@=LJp)pH{P3{@L<IYp!5Z3YmUAQo`nY$(iTFhDm6Ib
zf>5euY7s0CW<cp_wd}nDupTP66McDZSJ0pHjivUf)PyJ3v?;15wJDJ68~^gP0iOzg
zW=&ZF_#js0Rd7_nLkrLaNIpTS-M3V1YOE7T+X-yzmFG=B@2{PiVJ%6Id7d-2HqZ)d
zGa!><ZVJ{^9ONkVY0JYMKs1>J6_00hHQ)L1SRFOt^v0joX#IZeLeE!7$(lRYbwBXn
zKjjv(SL;ziP|HQF3ERG#$+SG)lD?o>Al(eJ0#wx|Mtm`7bdv3~*yl@-z{i>ERD+d)
zfJh(g^+%Q9#{JF$^iO%}J9#z<9%OYu84xPJEG_ZZYj5@`-zFRfN4QjnUrU<AVe|1O
z>(Jvd6`U=}+8y1H-o~`xM5gS~WnM^nzL>v~Nd}&N8Xij_r*kPi1$f+;7eYh!5I73h
zKkU=WK7(M;7h9#(4+HoR{f4ttx5~Ks$t<z4K^3i#5@$SVlec7)px$7<EJ^%4C>~;t
z=~$}UjNDpVkF~Zokv3Q8w2OKe6$<Etyo`Q}l)(Vyu(5M1NYEWZ!k%zgpG_MZTLt)^
z$yF<e-Q#XV%pp~MjEY<ppB%#^+?=2ZUOnuLMjH@=rcugP^HC7WMCdl7se*W|ynAg~
z{gN(~X7FwqsUc_hh2}g(ix-=o)3rGf%dB=>WM1%5F?w2F2iD~BoP@MTxUwHu=z&yt
zV#SsS6elf*!`X4z-omd_=3>ik|2c=^w0aFyGpM)sIFBh{DdBLHH{tC3OBUa{^GfZ0
z{68uo)e`0w?lb{QwF3w(I%#c-I5;OD57?<IZTzWKRMr7DH$%GhwBd*L=P-vxo>g}q
z9+->tBiRGJoBGYE6T@puu$Zs$;DKzw(xdjEp!7v4C5F}Z(@1*iU~p2T4j%||@Qiu?
zC(G3yZ+22UZ@7Lw3bZGhA+DRfB|Uge&q0`Jedqpjl&rA>?pHutYCd&BJ3488P((R*
zU`JOA?WPB+=wnD{{|QpoI7N&jS8=v?;v}Mp3b0FXQ9dmVa-S+JiF>M{yUsS)R7O@p
zNx&({pac$FVv{A=+H)xZ>4t$+f2G;VTJ|fSCKvO@L#GMTXB@1DifATk{g-vYaKo+i
z*L51R%_o<Wc&&4;0@$hkNqJ&T)2@91TwQ`Kd5G0md?_8>ejVX2oUe5R^T1(Vq!ZPM
zx7+x3-X5E?R1BjY$oi18HHSIfrLU?CJDJmJ&c@-n|0%1~!U5xPx*pe~-U4i&DM@=6
z)h`)+z_vXvXOZ**?WgolmHQ3AQvFez79sr5p6I=#mI3C`LAyMiF&Gz(L<K6N@uwns
z27D4g6Wz$EZ^3<20up6Q!ck0F_fsGp!6PR-rl}*W?+RdPw!)j7n1|nHgX<1Wo^fJl
zar*=SfOdWU4&De^@F*Igl2#Rh((Gh4<$xO9;j0Q~6hP{#m*}JydGQ!JYqor0MduXy
zPVY@w%{io8XW`#c-$E==6)}k8MoG(h5dm4l3AFzJrbl0+D;T-k)mht?k_NZe#9_~Y
z1UXVSJ3kg#%N~yo$wUU^kSF`y*&V|n<99VRA}>KXP%G=?2fROsdv!>EW15np2-Glk
z2h(G&T8I+_b`Dt^2#TTp<2?~U4|8Nwjs{@Omv9dyWQ$AZcx4*S?s^#|`?%Ink=-<E
z9@_<sQwzd`ysvakVGtQslB)C4g4BDpz6zLQZ2OdpxSoA!OiEWLs|3nl@?pSbmG0y9
z?WVamy6D@Qu0ltWT)=J;5@%66^0+@h)0p5N6LjaK5pF{rE5Sz&6aNNmRYt|Vcz&Q2
zvy`@m{~GDn$I(N?C^xgx7BnzTF|;83NFulxyIo123&{vdDh-U-S}cU@L^iSKMNO2|
zPZHnN=frJn`$4$3YgX6FttzSJAmp(eG37HgQCV7y<{vj3^zOrimJt?0W{hv(|8gDi
ztk<G;lNRA1VqYa324-&4;-(lcy+dZ#4R=9>C>8^c^kDJvll|pMaFPR-SrwFnX}TZ&
zWQJ|ZOG2z@lPLe8{{bv8%4vp|gH`LTE{B#98W@$;^)->-^<?)|^`2DrSg{tIT-e%$
z|6zBl+VW?op(*{8HnzMsq-j~jMDNz-?DX^dvAjL`-ui-lRLk)}_>Xj9>iwFN%AaW3
ziLH!L$Cxo)83(Czb5tjHK(Mr4h%}NkLes59hkpB_B53~6S;B3Qaay0QxdATMqlr-h
zFcFaIXaRuE3Fu17QdRusWb+kgllAKtIfQfMo0%hnBjFzBp&#Q$RiAI3XoDM($*<Ix
z0@UCn{4*|*W+Q?2K9RhGce^1U_~REUWN(Pq94es7R0o3X<gH^oc5TPgvgNU|$qrE3
zWZq6Pfw@vUKE#dGo&4l4mUVDe<lH);rk?a1M*Fdwt+eIW4i76!?UtNrvxyc(F#k8|
zN4C}BCa7MAyxM+BVtHmGo}h;*dj8R7%8}rBq1Mi;D?H)Oi{(1bY^yyx;?m9zFy1j*
zKNC8r=OO!*VcYU{Ehi?aG*|s*+#(yFvr6j*k;KT1U7uOd8xyyJp(mfk=q1ExzmqjF
zwXvn!J9WI^wwv%!Pti8d!Q|ul`4?Go2JZSRrcIc2`%4is<~ulKKqyH4yoXdFCp?ao
zeNld<j)>)9_(+Xek%VETE%7E;SP_7dFPesB5)xp?)z7wYj9jyp6~7?|0o}<<J{^!V
zm_JN{1%5D!BrHhw?R7W&)9!9wJ$@rd_$g?Flhs&A&yu$uB@(g)L*ZCCj%Gkvc}`DJ
zm1Ln{5*)Vj7H-qzB`Yp$YP#MIy=xzr!4()QzwBPQ(@3!k-J}iF@FOS=%UpscNKD&L
z*Y4yx{rp$Hdl!`GT+ALTyym{&NNXq%mTC~f+VM%bd_V2ZZNL;Oe$f;m*u8G?$KZi~
zt9lAbS4yX=Z#m;<r;{;QA-jeLx2WrtKt^h{NSs%wTZJG9A#X02bU}vpt!C}U8pvee
zx38Y&hnZW9gm2F)yHsEn%`1Lhrstf9;Kp`_6#@koE%%CUko5Yf<9tN@fiJEZcXn#}
z+?xxCqmT=makxeLZ3J&qfkp;fqh%)NHjIm&vPd;b)j9AyNm@6{ML=sFF_IjC%?}7i
zDmd0e%ICtT2V>qN_@Yz;#hPq@&?WnYMn#+bIfT0G-j=frqv-vE7BttbB|}0J-9h#<
z<|^N3IvkzZ&DvXtjp3fcJ8785Uu8R`X1tx2e~nz`1<~=nGNgH;enTdh0qP6p3F|7v
zz^6g=<&~GVrt`CPOAGUSdkpH&M%t5B{82+&+geXc%YG#*f!&^p2QGDcIJaTF0Mu+-
zuL0MJuN!JwggN&+B^+HSa)vGDS<*bdVRFEhD$1_^aC#>iM@DbSZ7d$zDH>Sc+$iwr
z@_s1&`Atw4o;omUvM`%P;lEJ({u>=oKl<iUwvDpN0>YIoezt~Pn__4hPC*z07-m6T
z?}>y8e|RC0VloNrwM7u4V=f#^5PyqWI1-VOyhUk~?W43L8(3!C85Arr31;|Bf6atc
z5QTs#e)G!EaF#vC@na5Ri?+!eqb1^d_72RRjacQM4Rv{x!tGS}0QoQ<u7$2>jkk^g
zI-U3NG&+?PEc2iMS_sWZAp{(ywD1K0XrmB~opZCs;#@lu8F=UdNw+q}o!ck!22yZt
z$=<Sblqe|7D;A}Tr<LAoILv@T-&>02zR0;dN5%{=r+T8ZpBA#-AEMW*g=+Gt<?+k9
zE8rQ9zTL)}P^C#TeZP#x60NKMaEi%@hM_mk45#aN7bz%(I_s=ZmUKiIGOB~U-y-^M
zlMSC>|3k6xEKfez9lW8>W^I*l6wWe>N0Y8=4)dDIe@I<GrC2K*9bZaKl&)PeR-+$7
zeANK^NnjK{hg1hUZ8@51NTgoc+ntG|(#HugVovazQfwIMFL0yPd|7J$4a)r6G0mTu
zl?+g1($F=-y?ktPjhUDYKDJx{Yfba&j<>n3HWD=-1^9I-kIrHX)XDJM>WWDAu*Wlf
z2v^pgG(ECz&3N--9GPoVX$vFE^Tc~moiqbQp%qAAA%}wl`_hpmiCvnvgxPasg=*8B
zhbfFM62=bvY2vAedWU}9&|u!RA{E1KuMd^2A5}xCy6)P_2_|92!HyFP9iR)n1xAkM
z<^FBGjX|&aR)LhVHG8#ohJOD}??~6}Sy%Q*Mqi=-fWQj|Sr``f%7Lgwmt@1WzC%kQ
ze`iJeX@mKQ+7n&T0%8WApwsG-l*eC@s_b_GpWd#(X{eCH7*3VWhz1yU37gf)&xIbt
zU#yRqL<m@d5nGE!EAfMG1L68bdT?%5eQ<DX*TR3KX0uSLf6{Z+Gw5VT3m?eDa0s9_
zsjAa!QB;u_od$A7Kc*1Q5js;Ol|b@j%&1yxeXn&MV?b+KIq0UonDZY1m=mWMx|TrO
zm)Z4sBa0fQoVCJ|QixWjZ^F5}-dtl>x8}TZMi`vX$wE4(lun<pn!#kZtPVb+dyUPb
z%$aT?(-A)BH+0<x??~eOq&4WGV|m|ihm1kQv!FHR0vXy~3R%vAB64&xLizI@0_X%8
zh&C>`V|XSzYA}2&8<GRma}v5r=plD3!-!X7(wma;EKjSIQ0<9nijSf<R{fEtHtb=+
zr6-YpGe|yS2Kcbe$!<wlO;7=MouZLf%xlYIH?KGRSwf@>15!t}rY&P%D(dR}UEusV
zzgEf=cZvVgkYS()@)bbgFF<54>0Y+HYyigv_6!vSq+`BqL9MP6=w|C{fAU%oy=fly
zhTCIutSs&$R~JG11=zADdrI1cHQ#6|hC8_u-w3)xH-AJF+-o(va)z8~rZQ})oWVC`
ziOVq2|8odzCX4>G)RM`#g8r?@pgG~`h~$9)s*0c8ZVjOO|6ZbUmPlL6xR=p-WRHt)
zs5#PFxv=#A8|s(2f8Z3?FC|k@Xeg?rhsaCA@oSO31L5++I1IO&=u1y{cu6t%LjEZ{
zO_Y*vebi%C{%0G>qQb#lKms`9a(5qmk*P04ww07SOq1Ns&Iic1|7@5fYG&F{?Q}>L
z!|Mlq!srt8z>CS{SdnFNPFI2&yLqtWYS3vMXy9W>oeb|wii9?ZHnbgLV_P9_H$l5U
zA}cpwRSXPeGn+hU|6|qWt%o7Q&oyzCfjGWiDY~_6nIukH!su7e2fafm^PVtV3cA<X
zP{Lu(*1o#09|>&j?)jr~F(OVSVl1kT%6{xxsD`H4ko-fpq7JFwUXlbWA<#rg!_vX?
zp&?_t6g0Y>`x~fOrstuS>7YLM+^gae$S-=$z{<dxf@0o=+il!v)LoG4##}wF=}ehS
zASynBKrs8(nNZ<K@Wss>+TE+$GCM1^|G0S=G+~$&9t)ppQ#-9hphCO)GfM4Fb$zj%
z+pZq}_B0Ao+po%^hF4)x^&zT<`xVm#nKwHKdFHXhG{h8Fz;KLS$7&pGOGI%bqk}Zu
z{`APi^E`zt44KA^-)nx&D+~QK6C}CZ#pNr_>?^+$*)H}d&s}cg4WI41O=`Vm4@kt<
zJuD%2s})%P1Z>~#C(*5Y9%==6`7-_PUb3h#_?S+EF)#lTQw!KJ9^o}VOHez)dg#wx
zO9*l$?t}1<Ld}Afwljoc$ijeTjF*t+2St)J`{MI(`{(z8F(saImUxvH;yZo1I<9LG
zuu*6cXS(*2)kXDM(2EYiWfer+EW#4@dm|}}(2r%fWSP6qN;SJsYz-4v>mx-y&&6+U
z#?nniC8A!};>iVsCxX04&Qz|U=KSecuTqqz_sfjM%v+yNp$(_E7>Wal8M<`}1?*%j
zdSRpK4}Rp?Z~4K}pD|eW`B*Eg<3U<^sP=u_JI@#6)1WxQ9U~d9?$FE&_x;1F8owwp
zj+_^FvfALo$T*yWmc@}`$d^zJn-Y~mI}#Ja6m1DE!HL?SOaam2B+XjOVe}+yjUkrL
zHzgOJS;OI-H{M|y`vCMpQ1dCrq31$J)~Nt{^NMMpEW?ms7S=}XeU*|xN)bghxm+69
zm*tR|jN@U(`u!0AyfSqFyVCUI-)d|tbWk)qaGw!PS{l0^(gOX!m-}ec(9Sx@T5{+^
zf1MxAg590KUlhxrH00D)qrHeKBavh<8d-pB1s55({Q0ujUx<#VYy1GSDo;%+k^jR;
zYWTl^vWwc-d|qen@w6^zA@mi9`U%_oCM>6nR}zN6cuwy5Q*6hBj`px~FSAk@lYW}a
zHK}@fTw&}whoo9{7iGaTZO^QQd~^;&sja>kGXtOTCy4nLXhO6se`iaJ_UZK#@z*{p
zO6mQgFSp2h^y8FOXIS*+u2!eDVDgp0_LqCO;S7581mDWWH0K-`2a~hUgWhBRTLAw{
z6c{*%xmNL8lba>S2cOD~TAFdoZy%O^J@q`>oBC$ep?`*8@h8)6j&E`+6*f46NNKLR
z-411sMb3s=z~L=M?h5EXGHN-;()eJGU(2ad=bQ7a80ipz#A5jhrZ8%`$oWai3K?=N
znqq<=)7R~f>BvUC1mks*ULtP#(tjKC++iB`f;54Ab?#IDyTZ!ViExzMSM!Aa(fO<g
z%CFj`jJ7k`cNw5eWxlV=9g!vf3~z)JRPDw@aUPxuj@#!QdXFDb#eS$=B_RPnUU-dc
z#0D&2l@k)tNd5x9)c^EHp8(^L-15EpsQw1ZzlC^YuK<fq@Nk^iYHB-#kZ3j}2^}28
z*`L66o^ouC#gb40V<ioy=1U~V&oU^su6k{VcAbiWH&$elmZ+M*QhPg7*m<ulRb!+H
zW1IB|l(^54wQCp-sM^he2XaWPY?DWgqRh2!G_!Bm_CX~gmx~H8wfj_sSoEq<s&&mj
z6p|!BE=PHnXDuO`T2VWdF)T9Y4^d3q)Go!O)B-}?jgblblmX<63ZuVJpjsBlUxU{+
z>2=MVwI=GqZ}kEkli$#bF&UCYWQ0bl8{`GXXIUTgq-P*fV3?5|?gHhpxskrp;|@2A
zfIm%M5NKD#nguR-$L?(*f?9NB3~$PrphfY7^$*^&Pp+Mb&%Yk@qIZVRN%5741Zh_c
z-2`E4XHv>)GX^awE`@KkIpFx#e=%90McuDi?9H+wF_=o)`-Wn7+H(5%l}0n)B@(JQ
z#4*Ds;bcXkO`xk~rmJnCVw|_m_+GZz(K|<CE6y*Y{9oHG-^@0MB+nw%aSg+a$@n>k
zv=2E1!O8}1P~s6__q!ez<F$t6`)y&r{5mLgZf)zSdqjihzI15Z8}VHY+W;?l(Q>^~
z2C0Rnmv7>d(*5y}R1e5r;|uXW<9u(tpb4r&%Q-Dx0Jh_K@S|q`=*h|QEaiyBmk|Lz
z0X7PoDI7Efl5)zOCy12b-rxlKX%cd<SU~=PEA4qDFj{H1I4hic-!GXt3+8|2=L%{F
zk%SC4kXggCF(`fmMDuc{O`peQUQyX-0;L3_7Jig#y<K<eBfSwEpK(#D@Q3f9YgF_$
z%s9FLj1R<+uq;#k+n!;J#|#2#>ELN&<P1}3BT-KpjTMjVGvO!21=y;)_QNb1p$%Q-
zm2i^p(9F2{D5S;Mjn%aps}=D^S2f@-Iy$W6y6`DpFgPU3p|1qEc{s3+hVgWs_R&NO
zIs3j$uPXaTebzO1sz@52m3~z1>gF5}?8E~w4`vOd>&3Z0JsT<2YU40;CQbAbq+dzH
zgdbikmMZ<I9}mMuvRmgJEd&8j*tiIf>u{{FMSVW-?ReeVz4Lpxt36{NU`#xo`TroS
z3t#WxdA5WJGz$?csNZ<4D87TIWItz%Ej|L^@$o-Z62JI)1f#!76F&B1n%#n_yYNfB
z1sOLQ^N@e--j8iXe{lEU-@ilVH3nOy)lSXS%I@ceDroV}J<XB4<$?s00*!TUL5-`C
zHV|<u0>03}tqTv6Gz(JXy)*z@D%Lk?TY~uxD0~wQ>Wr8?^w57#Km(g0kDlLpNqSx=
zz<i=rWsmlTzuTu&dX{@_6p~`FDJSO>S9Fg%(_+`?Jl7O>zTV*hnkkFPJJ#vC5+8V{
zou&e1QM_Ij+u{fdm_eC^SVr5<1ZtS`nu}<dqHZzi9Z5PY63X2G-*T{v(|ODcj~-P`
zZkfaX-U`>J(d^GlHe^OJ4O~c9N}R>yNDYFTbXzG9$(5qS)J(rS84m?e`gb&mRvzl3
z2*p0n?{Fqa%jmwll%Yqh6ErUdqKcP-pIS}vdE{Fq{O;pf8s$#dSlW5pxm+19-B=$G
zed*g_y0<KWg{M+wG;|#%dAZz?-Qqd54O7wVui4GNDa#rG*A{uJ2!_fVwFA{`KKh&+
z$EvHhK1}X(o`6Avlt{+{H^tY4`ul~WG=)-+lo$|xTLwWz?|Q*RCNV9ek8K#h?|S7H
zCZ+Iz!BRtGW%xH(rN!zaDcW1dC#nz%aAF&l)`Zy?>Q8xB@D!Mx>TsPir;HZJj1kYi
zSITVZwT@BvowLL6k;#U5q%timOZz=?5GENZ)2a=R`Ruzfymt&kVKII~g6jO;u*pNS
z{Y|ZLaJ53>+|(O~4*Dp-0i~zb1`ew$8$nn;g{7K`ff&&P;9j|+Cb!Hx=Z7}Kq>TpX
zb!A=thN4~|zc~2uxFIwQY*{2-B5r^YRS3k%ih{n>Gcex*LT7z&RVu$TC^~EyPXrDX
z1flLX=0N*<4jX)$j2Yy}3S<h*R@(l_O^yV&c2V#KBaC4SO7G0f#sqnnGkgKZC}n}2
zlM$&ads)!HW{CSCsrY>*J>(Ui+aBwDeZm19HVR&k{#6j;(*Gd@U%BNiix{VB<y!`p
zxhxsiNW0tfMMuf(fpKXXvR>H3u!)&nsrUc-xOc?{OgLLwqLfYK^u7YrL+lG%+Pe7q
zgi`AEK=h>OjtI=Ce_-S3`%4HQQf1%y(9ykb;YZ$L|5LotZzL@q2QC4PK+8r8Wh(&=
zV{6sTe-7<CuyknbO_xnHF=_YCMn!1hLW^;FPZ$=Zuc3W>upj4(xAIGVI-S$J?cg_z
zE4F>j0hwJ0($?}n!@PrPrfl^@ncYvY^*cE)Rl0A)lbmhnM-!>ipxz{`*#LS%+1C?L
zPeX9l2n%G!P8=Cusvz(Tt0k9<Xz_1uu<MA?%4p?!ys(+X>X<CJuce<^q47F*_MQ6<
zFz6dk#RGpuUBxV1$fZ%)=zFWmxrw*TSQEO4+K8OuA5!_hUtJzDWW)_inB0%Qe;<;F
z%|Jexp&1D=0$S_Zr)F2KewmerkHIV9-EpBe%|$L~sA$S>*Y2WC`rPvw5?AhGUVkIK
zlU)mupM8bxmsf3{WxdQ!f$RDDZ38S;>j}SsbvC!(TBp8eFcTpP^_2n`s^x1hF<Mdw
z&l>+4dlp%6_2^;*dnSGZ06^Z`>WG$dW@q%bsv2)-O}2^d1*se4Q^y)bFYBx3TnQ|<
z%_~}3n}ILjz{i$m7Jjj3rCl`b*<QFqd^+f*nM)1BUNp(!`QN~Ai!U2Bzg{1mPQai7
zhwJw2Qoa36tJEpxf`ICLGAhh5bCa-0(Y?(f1N<$7|8!ssq82InK}JrUww0#~b*w-7
zjQhj>2l5rR4>%~5a^HbqgbCAAC4L1NB35`d`nBl`bLRp6MNT+jlozo6pWX7uLa}39
z-k(iKwX!=^`|~!6pcQ_WlU|JQadIvpb28D<kBXTilHU(f&_>N?EZ4H3;JqY_<AI?`
zqs^ts2FL#|NV8wKKX3_`u~X8p<YxCRh#XQK)XH@#EmIF0BE7>zs$;bLSLt2<+PIze
zjyDHP1*De{r0gLo$jLt2dXi4Kpf4Cc(-@#6rjK^HGWZ#|AFJ+_>f~dDQ2VnBDdN}j
zwR_ES5gf;VHlRBKSD()db=m*uWgi`d0`ujz>`O;Bg+Gg1XI=#jUY{@qrTRJ+dD01S
zNSIDUP&RId8vGG*$_=*D%1l+%*{DfalIL3tg>ID$HSYF=dYTCb@p$+=dU^PU=z&)7
zVG4sXZ9q@~c36;i;WaSu_ET2fwcrn)q@5SV-?Xy-C#EW=sm>Os#(oNtN6)Jx_KS&~
zwWn$Mv<ab0d>bWKr0A@5-5gJjNaGQ7Xe8!^GH$%CvCK}*B8!>bG<R+x&gS%YrgoHR
zcV8O?eM7~Pq!)Z?Gk7AoHah;3VKe@nL?PKrh!~KYqWNCM634G8(29QhR_XIoIBaeJ
z{&|bW%7&x74$`lko(>$f;(gI8c2zSq@s*|8oqabt^CxM_BK{D0rrRo%;|O<sV>%r`
zf&Ht26XosVTWQDTY^iN(Y97-INHQyMWpGa79po8r9#9MYdY_%Em_aN+bojZTrA@V^
zv-|F^$0FAWYs8Z#mxVMwuiXz!U)_R40|RSA-&YgDKd3ZvASIc~?0dX!UJ{H<&9cKS
zp5-h!)mB4I%IlL%x@#7f!Nq&L;P+X5=E(%BH^xP42vtuK(h&~Q02}wvdai;XdX7zW
zGw(ZFqKR-jwaeut6CWC7P=j_+vLyEgLNcc~gx!5TIU4R;(HO4~o^o7<!CbEgp~c!N
zUclLpXOXI9bADu{26qDv>_CP15NQ8;;I#tfY(f%^gs<8|7_!|u*$cB6MG-k%MM3@v
z8$bU1*6b#RI@ju@i)j`;<QM@^>9qK8ur&czMrS|$+IY^NxLWf-5e`-$k2wpTi#JuN
zx^s6^-6(H=nA<8YE@u3bcTGB35y|)rSG#De<D4xIW7}#yKtevHktmE?yxJQmQ9B{M
z<bt^??<Bp+p2bQmmYWPE)o(V@g&31q+b$o{`_8U`YA7ff?`y93zP>6OMiah5$<s_4
zwI&ae_PEd*&}noSs+vsjqaI))PV%`iDJcg1_TA<e*g#Ux6x1F;x{FLF=q)8LVqC)^
z%Q&Zi3NO>9Ju>SH#P7apc`g)7-)}(X`>aoqZ_QAFu*I>5jtFU?h5xUMcw1nD+#%JY
z)UD1ts6xz;5QLhk<QAo@^ZinAhyggXf1e9<W;yhWq(KWwZpDB00GOL?po&L#wvCO#
ze)Fu>$k3RK`5fc{`wUHQ6zIED1{lq?p_%~I^+I${;;|a38Nkpw5wXm3GLWw6eM)1s
zV;hawsfCbDYz44Sd+ZB>({aWcnNu0vNY59-=(|u~q(7frM4fi7PYJs!f&{5>sJ~+d
zQ)K|_{7VNPZ{K;QVsXk(Xh$zbwMJe`_J*D!LAJHYA^<<{Nkx%|jK*<E-=^v<A9i}4
zK*0CKo8ActL9M-s&Z`bB0137gxNtiN5A!IC1&)2BDufctxEMx(WaIeJuhO(LQF`rQ
z^#t2w=ZfTwXYq;!7yVH{;1(Y^6<3WQ7zaqFe9UAot+SmI%D(aDo~BD6*qj^_;hoxv
zpejK`!X}Re`?^}Q&*)F1v$R(kSw1Gxg#qWnB-_2<gb8ClaO=c*#aifY568CXX);!p
zFPS6)hDDqzlgWQ!p7k=;xP@M3hZ9V&N{!R3AFL6u52h=a^x3#p+O0|}&g9N#@h&lP
zGq`D|KL6>Ng7T9IL7~3dDm`(70<dzFD)a!&t%QtYNOQlfimVz(tWv~_M1g7Q2u#G|
zj!wxswY)T5hVO-Ee-~2f%X!lRa+KMU=v5IdY*K-My<=1#1FwQl)%uix&q(}(nX?op
zfpZ`Q5j-u6Qa*Ag+Eo~5S=_bRy>(?y^g~OE>CN(1CIW8K2skq#o`d1BFul96W;Urn
zMFpwtJJy63*}r4j`4u}x8f0fx08q}3Z~wZ;2tCvfP}w#WC50-u9Dp~zQi)m;ul1Zd
zcK$S?(5$HSI#&l@HX^^%Jkt+eT7b1%Nhl;!zFj0Trnj*DAHg8=q154(2XbX)L5uEx
zn%*z{VJqTAa#r_>VJ|ZvF{-Am&TqCbF(`qZ|G9eRp;3?TJ9}>+)D-MJ*<^+)z@X=2
zyVpu6H5~r+cW9CNtd-b(v#HEL!S5`M9jS^^MV{yJtUs6v*eMa_TOF5?@i4|9gnjQg
zm9p3J{Jq;+xwd@vObr5W8pvh0kG973Y|Ae?431&Mh7>fUInSq42^W)_@52<lS3ux+
z8O7Bb_lw6C-leDB(|f2+>yzyvZ7<_lQ#WbSz^%nr0hn+1t$by$K(7RDE^ziJz>aMg
zb=blvv3e0iAQdu$Gv8T*hKXE(fz(_*XH+1E?@XWTHipLPiFc%*?m`2U^e3J^BiS2+
zQL(0$xn;T;3K+EwD(;A4MzhkSVVs1I%nGj~P{cqrZVv0XKu5|_zMk$O`nK1s+w^$f
zulU@1SJA(Sf7#mw7I@FyUn%yS?QXxK;BTd}1{$vB<96RPt#))H8Ut(RpThdIA!I1&
zv98H~6Bs=pV26%h%Xq22d@o?3nN*w=)oj7Ly1*fIvh5foJk2;SLBdGjV8h6#tkl07
z195z=E;Zq%!R^E)yGr*)`+#$ZdW9y4^j6v%5ujq0XTm`|r_1Bfd`uZf1Q79kCN{d-
zllFKSNzGTNXkaZND_stM^vCqe8yJ8`85Es5;fFc%0XoJJZZ*rboF!}HL(msT;MppY
zXNiZ7(}M;V=4HtY-X_;&89IP+bqG`M-2-;dP+{QDL8zV<O=Yj3v=PjIacw{(FFbZ{
zZIFD}E(AH7qDr1CZcu!sU=7htVj|Y`?eGEldprpTDHHMDu?%y_BA2TK7BV-v<Ai_s
zp}&cRqzWD+5ER)3DSHJH*dS6NF#rh%Krptl_ua_1{lpHecA8et8t(=;wvM6qQqre)
znEWVF`4;ww0oD@rM5u~ck2emJ*HF%vC2G0EV#J7o$y%Eeq%MEnWZwGk3~75+(-|)~
zpHH`as0YpC71&$?MoiN(OfXlVAmG4Ugm{i}D$sTp$}%>^QVQ`}Q>ozV_6wn+*PPnV
zGo>GDTyNL%+bTV6B-*YWi?w2F;wNuU@`k<o2`>0p<9(U_C&B{>6w>zDcw!TGLa!@6
z&%Ytc89C1hHL%@{i^&mei{+d4yV*Af{62L(`oO>wug-F_1W={VLVWU;n@PDn0!6*_
zgZapRvO~N;ImF4+vOr$)LwE*Q9u{$+nYBb48k}a*bQy&^@}D&}ej(O=kuHOrPvZ=W
z37q+XTDY9Zh^Ikk#Ky=LvUWxrwbAyt+?gt}s4D^;R6kbFS;qb<4jkHX#_#!$(fhUn
z5sv(Id_>cB7sXle?K6i}Xd_Zj)L$|$qxYw(vx*YnmaXpNCOtYJ(Izmos;YY}>I`>H
z#g8B4o$P}-%_lgLLPS4?lvA}18kVJJ8KRdO<^wh~PrlzxkFWinzy8S~+Wu*z@1FGb
z7{!?0TW1VjTurTJ7QJwOHJ=nmpB2fh(Yp9mHt)tG$qt391ub#l>>(ae%+d_B*0#-~
zj9@}l3K-+Gq3Q@a)N5G5S}Na%Efd}QA7oGW7-C9cS_Uvbj|n&cdUv$NXdcO{n@qp$
z$DX1Ac;XuLl85wt&;|NyfSOD!6&wv)*KVDygU$kJsa^(|P7A<?<7(B(p-Eoveu9He
zNq29wXg9kwb?4k|u~2o>@wYAZO>Y`K74l;FGKM-r2I21#1#@y>2>$UliF-8!UqxW4
zZ-`whpjB(?s7=Uag*pPF1eLD8CvT4CWPe%^Bb(iX%ROLcOitG)M~F=2_v^lIu)=Zl
zixXwxv?pi?=_0umErVF7i(K<vff!Whh1li!i%FSXE-a%xLQo|!<#-t?uv)F}*XaDQ
zbObRbrbE2a*nSZ01IgSmV4)neF^Of%_Dpo+9-7u5CtQz<(Xts>vq-neAtL!F?5A1S
zA9`252c?0@^&?9pQ=a9UdD|vnZP8oTxbr-SAQmUq%0P7Wo0Hh0lv9ju$dDcU{eVST
zE0V3NJ<C`(fog;yF!$?k3AfLq_Z4c}W)Kioz9_|_?dZiYD5w2Gt18U8=c#EqY1C{&
z-$ufyGa_0rt;x0+MfQ53z}j)W2A({EGb$BV1MLbhe3tGm03+q~|5%VvVM>^srcp8q
zQzcDKiGn1rgs!y;8MdN*+D;StbvyJ?!@wC1=7g_EBk?vv{Lu?Qdn`hJ#D=&3dR129
z6f5k8pmJzoV32AOi}^vGAP0lj*514e9(=PTbvH(u#u)@@_oast$(<w*hlSCg9Ix1|
z^Pw_Y5x-<VFO~`1(L<2Y;x9pO7WFz`Jfc3Lp6U<?G#UzEM7{?6mZ;fZ(H#-ylwIc9
zuTuOhky74P1lxIwF@=_$-2syal$&=+cM*S*nCGO2tE5}1>@MbUvlFJN+Z9*`sznbM
z|5T(OIX<S3x<5Wgg0Kj}hC1@<XPi8hvoVCN!IxB2gGQ(`puKNKC~-I+glNg$OoA=u
zZCl8!cDxg!7sgi%3@<1_DE9iPYi>>E--);Rq|goyIe%&~DBFdv8_0af{k2agjWBP`
zD_7Kr5nU5GM=JB4Ng-R+zOFXbY2n`(VldZ#$&KJEE%VN6Yh(rxp=GX>3$3<1>!1n$
z1*A`yZVgw^!~1BaaHML=vFhm}srQv6VF3D(|Fsrg{;#Ecf4Q|SM1aZj5hL%Mh4j-E
zFm(9L8D>zRyT(iEV{EvLT^5x;?G%s3djOlFo`+`u5FlIk>q$z1&%d*I#~P{p#6M`F
zM#lKLbhh$G^(G%Yd?i&<Vc`V_JVl;^mdj&%#T0FB)Cax4r`dwo2djcYOT&amy<UCQ
zPbuA~bFOPcC;4aBfPDxOW}rBi+h|8D6~)9ncCsJ!DQ;C!2SG|X7?!}Ysd~C7XDcPd
zjQ*kDGbqEz$fdVGZ3-qEaU;vyt7I_!xs*Xf`5RfNR`>SoZ&pkW7#F3XQ<g6aG<fc^
zA}4Ve46EclyMUgk!wL^)$*FAFDFFqBY&sYf!&E>j9bbk^4ZU#fA;P)u{OUQ7%w8Kd
zQouuMID#m7rXj<PJmCdJDa$>-=IKiG`U)sI&Xw)?CNejgys;|HEvYL|72LAmRB862
z_PcRsjBQ3G1Fk$^3onknWl9WC-I}KP7vdGzaoIefONFpzpmdweqpBpu6hR`J{s&oe
zj{HoL!J3{`1C(_cud9)EsA$lJUz)G9p`5UWLa@@=0wRPxeKLC%#j1)_E6tAL$4?0T
z0qdVA!~{XXG-*PiV1hs?IfP-d2UV>wb*@r5ZQfEoG&Cz)G{s31bu=`dd4r#CfvH|S
zbqR}qxxlBv`ZJEB@PH3d7i3FHj0k$I2bRVB(j(PRzCpB<-5woC&L6xCNf>xfHrf)U
zG*ewn%-HLp0MNUK5SmL`>3M|cGl}#36~M(<L2rG~e5RXT(Y&EcK!=QSjqwFT#KG%7
z10AxK_P*t#Yx#1H%HM^;t+sk-Qw{01EoK{5w8zsJEbH8IWl^jX9L-K~9Kd>uy!&mH
z6zuOY%@}i0r#$nCt3=^+P%`A`xxfG6!~Yi?GlTNrxQkd9^t|OW>%P$AeMo57g8#Gw
zt5G@aW$_*$#uN<i55CO^w@jm300U?zivv7=kfJZ^jI_LngZu78w(|@b`CatbkfKVL
zD6V-;c;u-#Jh*3zOIUuhF^V9qwZ_7y9L_H*KSG`eU4X`FcQ?dU8|VumRX#Ht*ofI4
z4P`p<bKC)xmesV!c-jJJ&`?ui#?l8(a8r=Mhjd?Uq`JXPSwxBIq-k`~X`GR#VfSw*
zK!&FNUEVcmL-#8W2K=`XsneyxT8KW`E*mAc>-V|0s?S!0a<9B<DVv`in^7h^nKhxf
z#CR$Jip{PsNa6%4%h&r8I#kj`4jr7zTZiyw+HAQu<GE{k8vPRqP%i@8Fx+4M6T__*
z<8)<K6$TzED7AdaD7Aon(cqmKrO1HA&qfj2s1}NUsaP(6eKt?8SHFtL_7yb$9?>h-
zM9L310m-GQ;-3nor##io8|e+=VHiL`m#sjO<&2MNlzLYaaOslCWitFrV?AwCUWh5O
zLql<Ul5R<R-1s2rV<-J!941=L?D>ZNKR8s5fZwa8rQKzc$y3!L(hG&L4sPeyZ8wyz
zx{5?z&gPq$EOknwJzZ&k24-A1w0w>Wq2SrMr67DS<5$DiRHILzEYHBpPx$O_uuSO)
zp0&HlZ#O>4F!lx7g$!DF^Jm+0TYv-TbvdsFO$re$=fCMZXF!0>vM9DHaxZNO&ixZ2
z=$-SDe>P|0sCofFl%Dj+dUC5As5u8V3t>|X-P3v|TL1*m*tTukHcxC$oQZAQwr$&-
z*tTsO=f7BAzd&C!YFEK@85b$M-ogqhuGNHq)ef>MZ)d&BQAYeQn^yT6nBMx-X;PD2
zopGuT5$WjwjSsZGUyu4i%K8kr%`~uAEbe@L2>KA5iDB7K-r38$=$@K07DYWOa0iDM
z9yiL+D-#L#IJ+ALf2;R(!ro--df+xTZJTNNrh~-8@Dq+kxHAJ%XC2fZBr4&F9JAAb
z^9oq=FlI?i#wZVhU5b+Di}24%r^F|38^L=zK|U-tE>@WWtU;}5w%x<@*OWAM!sQIf
zPLSz+uu`^nMH^}6H#@IMvZ_Q;Exn|D3T2Nom_ff4rc1F`r)J&LLh>fM@iouX(Sa!E
zW3L4*1I$fS0V4RAr#8E9P8vChryQN*W44`v*Q1*(%8j`twB{Lw)UI}Y$vv0X%<fR5
zt3$agWa+VW*(P@PVK$8K_A7}V)Rs({Tr?&JBrH;tcF&*6K=5yicbyumj|&^}(@NY!
z=CaDHoq&FluZ=Z9S6l@u;iq!#m93z>WWA?u%`dhy|H5|>#9y3OIpCUrEop<ss1a4>
zhYMPCYS8yDxH(i%VxjoS_vGY?J8~~#7=GBQ&K0Lr56DgZ5*fFNbV5}rIo!whzhYZk
z)buyJfmxZSGOM{B<r{g|A78!<0*__%x^#bQiX>U7$1lu`h0%^wSS{FQi=7k7*rj;Q
z6merMOe#bJ+_97!^f|H@9gYyc;hJLHrHfB75hz=Q)&6sz*IwN&(Jk0#Fuz5`aO6JA
zrnMSbdrtWZ-*;{<1Z{%q31!0_3RZ-$ps{G`-CE-wO(fJZ(29ugtu35$c*|6krrD$!
z^09IV#c@*yrAujM8PyOaqTBjW$k`6M`x>r<iYB#r-lGm1IGAj+#l*C}U>;HjG2PB3
zc+)7UWh1xl$+!0oop2H0lh#Vs^K=uB@_cW+cZI{Zpo?#;{ae~-cI|C{Mg<s1xQlR3
z@!R6Opi58s4di(v0<Hn(<4ZQVR4~f&Eiso85El~8wP34zn!16L;JYd_aG|*cH{^<*
z!}llZm7T&SQU=mhibPaC+eD}~Ga!v-m~U`6nF@GMc~}nu@{UJ?3q-=sMBgo=4vi^j
z!zbhumA=YE7578%%yH;{y9J~5#rdggPy>qvR+ZfSV!6Qgk1=9$3X>p;_5TDRdVd~f
zThx;gXNAZDVlwxI-iC@Jh#g3wVWDX+5(7R4)^O^=*^$MIVnlpfc<1>;uAkBi^eoWR
zm??*&m?}`wJ`i{5*6ll8DSvABgLGOX4Gn1d&<&A-c|CL8Y!va;9&6_)5Y`6|qvZHr
z%8s4c8{ygIw{5rQzJKR`Kr5Muf<F>?cH&q4bEv<J8=j;0qGg8Su>ms{`%o8ekerHk
zMPH_?G(bRhzHS|}rM0gIzsvItN%ag21q1{F015yG01f~F00{sE01W^G01E&I01tow
zfCzvDfDC{FfC_*HfDV8GfC+#FfDM2HfD3>JfDb?bKnOqtKny?vKng$xKn_3wKnXwv
zKn*|xKnp+zKo7tGzzDzuzzo0wzzV<yzz)CxzzM(wzzx6yzze_!zz-k*AP67?APgV^
zAPOJ`APyh_APFD^APpb`APXP|AP?{#fC7LbfD(W*fC_*rfEs{0fChjjfEIu@fDV8z
zfF6K8fB}FZz#jl30Am0X08;=n0CNBf084<s09F9j05$-&0CoWO01g0-0L}p4zrVjO
zfU7Hj8-P222Y@Gl7l1c_4}dR#AAmmqk?Aj#FDBZfQ#OblhEbJKoyvO4lCS&sg_Rw0
z{({%|gxStjy;lfo|G?}Ex2+|^lCDJ7_w=B(WY3%3mFGV)Fb&dhnH^xcuL9FQcwNh;
z_Fd)+T|a^Pkc`Qe{ei~jQSKpkid)q|nTiNerxpDp{Bp<)crs7!=3@l}Q&Ftbk7eyH
znetM4aQ90xD60{d8RDG^Z_Q#=+RK-hqWWSA;zp}ICP**;!c?)VaO1EI_60|EM?qKf
zq+49D?)Pv{)nciKXyRE+p^n)s1U(K2reJDF$sP&THqz~uaouEI+5IO}h#?yIIXT*K
z8gH>B)B47bOB>fS{33p(pvQr^`YE!L=!)e$@0&U%KRch%<;A~WX(V!BK$RE_3S{b6
zs595=1l-d{(UXL^-JS|Z(z0>GX&pSQr9FT8qnW`~ik52eE0)Z`(Gr@0?VE8mf~GAm
zG{e7Q<Pi5^zu%2Vu`7WF#QR{grqo18Qe(8A*mbC5bd*!+S&>QZ)(HvjRcmipI&yEr
z(wYte*pW7B=x&=`5o`vS5<5NQNfUB`UCqajQ}5*jAT}s|?vj4U^WeeZceAZqbci3p
zO0yhjj+$0Tp#QZ+Ph*N+{~ir`u4~62Cm|(&)L~vr%gTag2jh}Z5g=8b6hx!o)LAR}
zuOa0PrftyIg8A*E7~(uxa`iF9ud)6u54!)MUMr-?$bLR7U^vupO@K=p>PSwtCVPr*
zeOT}+9e_<+g(x3f!_Jy_zdHS8C-WsgU3>QvBH|ONQr9invVIi5#=Auut!XRffkVzi
zgEtS4n|GsHectzu`=XIooorz!oW#1rRazDtDSMiVtyhMhO>5x*6IOj}s^v#De|Y$p
z*LL_TC2nMg`o4)Gb6&on*v-}re<^3BvUb55-cD_9m_MI=e3f_*VaL>j@I+JSU729x
z%paXs<0{cGc@NcW4d)V5IB=J!TjFs#80O=W<H`#oY@QwlLc6$im(HzcVx%Y5)fu^1
zCQTpmmesP<%5VrL=DjCR3kRw0jeV#5d<xMNCo}()4n??LxmxdAD$8wkvuIG~6LxRF
zW+?4rsNQ=j<>_slw+$Z^DM!|hDyy2xQlsXFcxjD}%bKA?5)ZxnhtLcJBmI%w%e!YE
z&8!1_nAq-JJ|N&0r3O>zMjScHRB|@De@C~I)Q`_+^<|}i1}IGugQ7K}Q`VkRm_ffh
z*=dsjs7n+wFS%r@jbW2*es-AF+CZpqZB&G=EQhZbF*ynhUp2mz?)L_bw<qRtxUaAU
zpIcCVE<xFYm)Sc!v{Dv2KS|Au@DS_i@sD*MT&S{zYiZ+F)#lD3Qa^7q=0^#h46zBO
z%xL?+Z1S;`dEz#UQ31*?x1<)X12r&P7a7-n6i`eu78z`XDg9F$-2m!;%&6w*P~Es;
z8&6*x1A{=6wq2LWnBz>hkx&nWW20j9x4*|&V?E@6_v@W|T{#27b$e9;Ix;bg1ac_u
zeG}6~!f9URy+Gu~E}EW$0@(Ez=>0K0%~*cVrjGBArfS>b*+^DF@|3`+ZnvZG2DJck
zrM{=JD}^W`##)mKI}a7`s<H4`>Ut4*cB}DbGr1HhHeQJGW~eq4cD+;^aL79;3QaHr
zp)`{GOSBx&Vxg_SG+3r|<X{XJi2n_wv9nt1RM?|o@ur38WkWs}M|kQV2HG|7>`5nZ
z@FZ&&&lG~+6rjU5-+WGh(7KK+mlYXWHMh1~YCsR|#{2X@oLE951~be~{<VWVJnvXH
z^A~u9zkwdr98sdmq&Wjt^Gr)7;S}%#4+O>W5^frL(4$pGQAeRKROYbfLb2mKqo#QQ
z@8IzT_rvqie-~XNZi*Q??i8G+416`l;w{~Q`qVn|ezkr8Q;JSsIX<;sO$uIL$5=e=
zgA}?%aK!H<z0OEc<oMUfC!fx8r0TVS`OURWYJmp(_H-!7wBe|=fS9{bTa%$mK^#*3
zt#hv`V`K=&hg06o0D0_W6guxj@Q1U1-SbDCTp&NcLq}N%xVJ3>DnPrp`pWg}g@m&>
zPy_yP?2&M*ZvYty&cCK8+FGy!1#ly=&f$xz4ft(`$#)Eh^$kYbw00t&SyTvs+A=w=
zbSdzj`T_IA0sAhE`dID_1@w8QoGTy|D9mR}K7V%)D?Vcy>9Jp7O?!NWYHS`m$9|Mr
z{GRZ*87;|sl*X)be#GYew!X776{m*aj43n$VkCAMXqn^8k#0gVI(DV+Bkx6bmnvP&
zaK=i&P=qPO=;Q@-D{P$Dw)ZH6Fd}$U2$*?_6*Ljdp}9W7?`1=}d<bsYhyU;t8E!zd
zbU=~f`pB&zUo-~^%&QmmnKCdHBZ<jJnnzwwvQAH1qXm}`^;1`3ISM#%f_WAneiwv>
z1B*WcCW0nfUEjUz8|u<0VS($^R?M(ElbI<`=5tBg2|1}o@~(W(xbO#zoSUFNvU+z~
z{;pZngv944Jh4WO*L7Tdi&jMzs=Ln3ah$bYaUtw}eg&ybaSH1fO7z#OT$*thHN@q1
z3{%(I4*?ErNlhvfW5<j{X<A;JgAD{+H1bO=#P(u)#Z?6;qsEGaNH<o^Bz@#i;4VA=
z!=qCdZ>+}5;wlq~G1ok;i!E3B=ojBAF7kuC>CyfY$rQ}c_EBYrbY@>3p8lxu;Dw<J
zdYMf=i+|mrZ{a~%qe_z&)Wu47yubO95s2LfDkBGPx(Q0Co3)S>7IuFqw~{m?81yuT
zEciQ-u`o75_RJ$f`(!pspD7KaJs|8o^T7|sH|sYZVQdn4L1HCnwE{*t=rzqe{-lR1
zjjUW%5+YRRL6uO+9d)Qhf;WzEQMGT^e>cgLxD`)0Tgw1@wU(#kh-m#^GUm!FIE%A5
z2k3c-%%Huh70Xd!q~+#MauK#9UHFm!Miz5VxTxDTYKLNOdcmJ-tzW?{^{Zla@qE4$
zF;HEGjP)qQkL&)U=of>J@J48y%n5Sg!cVMOsgYlE7;OCVI*ZG(mwL0jdZ@K5-wa)C
z4mYJ=qK5S$YU*emtG%m+SKm|Cu~$0?isZyUm}Yx115vS060FK@;51h?7;pc$yRQw3
z(&os)!<<tBrRznaHrq>>(@QSn)YI8-VZQl|2C?`$b;X$aK>A&#LPu{L+;Z(@rI$(T
zi3g3AZfg#b$^)3!;@sL8@V)OHEk-V6P0KlAD`WPW?jI1C?*}q>rUS_k<8Lg(OZU89
zbeEdFk5@bJZ*oC|>iWE}Oq=%qlZgky>_>)q%hblr4@2AA;3^maBfdApS!tawA9Jg}
z>8M!T&&t5=O}%byiNAS#s&W<-v3-JdlkQ}BO^y-%nEiJGq#FEaZ@-^Z@oZ|+XdZ~9
zMoU%gbYlxvI>Ki1F7v4^?};zrz6=g83Zx0K)UW)$KRO9!Q;@@>J?UbO1Y}=Zu4X6y
zfRoN7bbtT+@E@f^%sU48a)?$zuKWhn61&oCu5UZf;eQjnF)55sxGT!)<{O&xC6SJ^
zwBb-5M;+MVq+eh4E$pXzuIZ*%Tl^_njod+&XV70yj5|wKm_e4JvLYZv99B^BTcc-a
zzem{^2l2^zl`7+1%0l*6qsMJLQz^_6VE=4%jmzc0m<9I97$*mt?##ZsK<J7pGXeta
zobVN|V&tdPx!XPj8a?CJ%KAj0zCbVZ1C=N7Lh-_$oCwF!%9ZB*WqS?#)hkN`MCVpA
z_@i`yX`h$q=(avIx1oKO8E@@yha9fV!b84aUigZES_@v9+R-8i+-Tgssh4I2*|;w`
zvk(b6`1^Mf)*fo{;(V|fWz|pg?y7OtxbKi%)>&v5g+|@YmGE$=`n!P3h7F#8KG+oU
zxc@~oqFc(eh6kwmnJp0S*vn$LtMNc@af9qTA+ZPOZ1!z77fP<~)ioB%RA?z5+&54=
z6z;yz)qC0teDw{bfsygBds;{kFN49{e7)W}{|Qa&2|jfpJ<uG&;w>oww?UP6Gyz*S
zf^jc^GZz}sq-vr2jhMUk=7G_afc3J@gYV?g^nrUPk40hQ4KpDe$6@G`t6#l#(Vd|^
z%dk15x$Ktn<?Xja2A8&>x+dc^CfiqwlNYik{Ir6&kR@+#%P+X}spH;9a08`K5wV>N
z9=iF{pYEE43AA5{E9d*#45N?7N@{$}QwY&4vw4T;d*HXh@dIv<ko%u<s}OhfWjYe?
zTiyA1E!{fm{@`*0w~IU2b%m$)__6xRbR`oXN4xHn0#v`EUm>O6-EU#IYj~PEF%OB(
zWKL}RI+d5k9C112qIx*ooQKYyeVlcT@t+MuC@w!4G0oq|sAM9FY9!3OYhHG)=J(Mz
zRE_6Eoo&Ac#$_a$_`Fs#_`4?t$B%pg{3OH8oVm3(g?e~@)x){@rAzeh(G;_=ss#5|
zJ?*$g-S6Eyt&6CPf5YuM>EsO*iQFuqH;nE(ahV=|x_DDPfln;K1ea)Yw)+BiDa(Z`
zNJ#-jcUG%5YsJG@IOZyO#8|>EzhGy!DRj*;@ks%LGse8^E4{7%Y4Nc|?K4(Lz|%D3
zjROWg4XaHFxQM4y!tNW|1r}=IA{DD{J0=ay#(y;X0*QO9QtTD5>|Ao=0d2hVfEsqU
zOnszaR#e=M#}IX$+2=o8eM)&+JH)>gcZVOArXJwin&K-ffBlZlH@VZh&Wi?cap(}a
zUX!;t_>V9eT=NEP6`Y>D7pY@=A5T=KAFgrxz^8{#Te+|@@F~*_ALQrDTAjJCY%p#e
zM-x5FTe|`x*3fKR5X>tjv+sPYufGd5?s@XD+y4vM-Q7LQKvMEo?GKh~oRy$@E#7XP
z@IZk3PYNh5CVWJ9-!H)w$qDr&f}rl;Pk^c$o#Kqf30N&1Tg7(~dX{&-n?Gxg0o<*P
z!_6BppX{Ue^Y{~M#A>V6iP^c%%sb2pH+`Icu=MR_W8;50q405K|Ha-wDFI^!`1n|%
zZ3)$=ZTO(kd;bcIIz=UUoifm0)hus0AI?2%EvXZ^8xZPJFgmc+I#NhNE+=n|J06N$
zb-tmTx&kwYnOOh%&@_W^eGWgG3Zkw{oa<rovJAahR@%Xg4=0MR1ST9hYkPG5C$8JG
z{7dM;DmKtB-5M+j^3>PX=hy`GlRNu{7YNn`gS0k!v9!1_9-hS`_7o&nY|s)HYIV1W
zk`Z8BbySvUu!xKdMT@^T=)$Irl|A#_c2o*1<nV}o38hKl&+ENIRZ1Y%&QJT0Cz^ZI
zY;mfG#5#3s4vaTCETlToUtQXt#U;gz6c1smu=47c)D$PJww5%7+IlkiAMXghdO*nF
zi4%5gG0cRhl=p=T!yG!BB_G0|63Rs%Aj<rw)-&@vETi`62a~635wbUwed$%Z^TbJj
z-lNvpH;K7UXzh)5FEuM%*qt_PtZlk7Nx|3@R>qN5i<no&H7OeV(e>0REgy?|0WC?$
z%=2Y2;Ua1y^?_&zgNVs8B|IYx5yeQ!0*PqH42idAi!t5N!g(3bt2gkaAuoL>tXerU
ziBKUA-3QFOXR1C9GiyMi*ARA~RMJEC%vN7x#+0J4a6gQ>1Qh5}oz(*hV?mcJo<APZ
z?=DWL867tVub|319jAW2qLO?dTuJm_wG5Y2;D7j^0yn&xg=Ei{^$sM*$d6@r*kQv5
zCWfetV0mC%%u@!LK;jPj>t|f3_zz?}>#4zE?;UCy!`pPZtXd7rKXOgMi|~`d7FXHr
z)GyA#UIq!LWTK8hwZr(8|6L-Sxoq9b4?D{VO30Im8spN!m2TW}wscCBW2^KMr268I
zj`M+q>t202D8~^K+0%N{Z@FjOa@+5>W>_|qt;6?Uv@&IVhT0@gTcmL`2i275X?g4U
z4y8ni(;T#fT-yP@*zrK0iukFj#_jw4L+Ym6DR3<eHsM0_%Rhsw=tHQ+xV+XB+u+mE
ze>KkiwKOo#G~Fnl;kU>yG*k9wrUzoBW}Puh-^+X%Dxg)FbqSZz_f<h%jT<*0bz!+h
z#wS#3S);zxe>2o(WTiJ_s*nlKmpyU2ca!t~<+mI-IQax*?Z)u6@yK)>V(}+Z9tD}@
zVdfJ=EJeVA{9XkLb2vOncO8uS>&nECRIClcg<Q#>$OKDDhaha7ccWvI!UvR;ThB|c
z)t8jbrlmft0xd6gM|WfNBIh|m)|4r8HPeFD{q~bC)GDPsbGaJ%GbPdpB8F1m-=>n8
ztlyMvO*rP2anQy;$qSf1mW}!y9!QD`3hE-gX-dC45JF5kA8o6jo{7V^Mq$mLEI@ka
zrPjN=hFJx458RH%m>P;n-1Zz;uX^1K@x#DfNjf=d-!nIP|5N*eIcUHepEzp>ZlwY#
z1jjyxS7;wyK)aECm(-9=oJJ#2iKRF8CkJY@HoYSK92KhGN^+37qAL<xb-?oFhyIO7
z(~2nIkH0G8Ha8#35RzqUBrR0}0kWgj5YT;qE7ceD72Y<?hS*)94n?nq_VA9|+|fb5
zD^%TTmmtdUl@P&O<Mh8n?82I<ubkfvR+<tJH}!F&brTO|rz_0*z~P#o+LZydrWMAL
zp9Ho~uR2{pD7hDgy9+A9*yck80iC}&tn_^DxW}*w;nMIZlh^-okKHv_Sr?B7%7kJW
zZ1EPJn3gKA&Ld(ExXpS^CjIBYcS6-Ff^vd<<;BNLDEU5>+8Cw#%9p}iGpH0C7|<I(
zOo;Y3uHVJE1DgOLjq?W>2CDTUhIvZA+exGGx7>5Sl$A@R&%yc}1vFUl(Vqu7A9si@
z7E<JK6gzd*SXq}s7@|rYIm6q99^%zP=osN7r+s$|#b11@R92C7$%f8=(}N0^Mc3J(
zj9=}a8Ew9pwY*bSI~sy<+Pk1z=s|E2Ahja-Bq5byR_$r!gG!Futz)pge{5_CGZ0Wg
z6aMUA_<f{GBHbTP)ZR`Y@<gws!>au)tE!Z_iZ6ijP8gA+>$p0;Om5Wl+(&~%g+|$?
zVfAS_5J&{Skf_{hzQqs(G;I6Nd2JAT*fML)yjF=!Z`$)9#D;R)q~xtu^dGTilHqi~
zPll;cIc<}svyHhZ@9IK4A1*|KqVG|yt_A9#cYWsw6QiqP<D3Cob62@A(2A$!E*zXD
z&W|cif@P_^JgSuSOu&+Cp`&PK{~8#3ZDF_ZBjY#-S8lk;pNjUE`kkm`eL84Fg)_a7
zT88eBJJiwe=pGdzwR;{_Zu<rLMA*fo>x!Om#4ty+?)l6^aN;-h$t%82`M^O?wvDO9
z)F~2)S3T7z0Smt!*a9~yd-2a5Rervnd)tCxDT3+VI=7|NyZCnZ*d~IZh@WG07>%!}
zLKPumhc`p;)tDx>x4lCuD+C2B-J2*wejtjNtl8RnVO@hq@(o+wD3&iBjiSG2x_VO0
zR7uFyav>Rtq2n;CgA_gpK))vqrC_AAMnV;nnGVrNUMzyD%H_gEdepc7I<lsK<VEe2
zbe<HuSy7wLl6eyb3DkmI;IEyqH_WwG>)vu|He9n0GWZ!>Oxz{0USc0%_FnW-f?bwD
zg<3LM672uJnLz$!76hyO3Vx729%LT2>B#rCCxPJcxkJ>Zr8J_2+eJWG9$-T5R8RCm
zxt-cu2<m%b{XRG7_O#ZQLx0G9DXGBaRE^Cd_+TGaK#OU(lF`-&Ida+1)Rjg$mJJ8b
z%sOe}byVS^TCgZw5B7JGw|s*R?_;2B0Z%aUt(|_HtH3hTIkkAF<5)h#S4A!X0cD&{
z_U}_7DjylWn=-!pJc_(#{gt+I04nuipmcZJtTND(`iFZIB8VBVa)ZLH9FBnp+NDmk
zi>J_Oah;r@T5H4b>oSy3l#P?9Ka4BwJO|DhV1%c+ve*F{A3t<pK_jell<0CnOXKnW
z?Qqwx;SoThd$?u9lJXgZ@V&<<4a)8HW`w8zT8{1PrymrSjiJ!z+_xeregu2a%FebJ
z3Xd8!;t{5%kzsw8rtH<)`Rbe>&y}zExiepoq62ngF&YqQZj@~<rynL}Kx+;4w-4Ag
zScnHhp+YesYP4}(Juv8=UBo7uzheimS8k+bkp*RNh}H(4E82=xnNJ@RURoaEx`MXO
z2WffTf`6+MLRQ@LlTljVA=|bwr$^*@nD=sP2?k3A0~bPlK(+taSIq*iAqQ=|_HdmH
zAsGV(uem-0iWiQP-da_&m$*5D=(tXeRbRaEt&cR$GN=yO;W;AkNVIvO!Z?|&C&RPy
zQ^D@!`k65eiBqN$=M~+qo1?ui@b4H;|6#iNn4))d4?`+S>Rz`0Vjj6ZIOI&|;lkv&
zj^=iXY&lnSBQ#K&>MYmX59Xfim*0;w>CepHIDP>nr-Qg@kqr++A)q21#0LbL%}z2Z
zssnsYcdUpfCN3G5D9VA~GGw?5C4uJC-pN5otT<3P{SHQx0*Dd}@qlYWC6YAFLLN$K
zBd@ZAkW)-9Hl@@H?M`ktoH_W2ZX1`L;6*l-77A=H?cu|QHO6Tig}*RvkRS*IU+i)A
zHk{>OVG_5#)YWbZwz!3|2jz&`p~TxKHOpLwe{ir^Q_J1084jsh*v8oQ0znx{D2VUX
zv!I=b@4GJL%ON+zx!ETld8Lc%v9mL0^Rh2R9qY+q)^P_BEpgC^dMQl*QELa33&(KS
z7hOLjZeMx^Gma)S+$n6w8d;zOc*%&Oo82<78~KS67c20`=6*#+FL;uG;$}t$&9tq`
zHfbtS!nd|=y@3Bz6dtc>CFLTbx9iQ=g_M|@uIh(>=Gb-b$ssXgdxU}Ras)02^1zc?
zgUdV5!3=Ogi_P`mrsZ#tBuwQQ?^e(g;lX7*p<R}ndJ_j3u4JC?()5{rWIdT$g!Qn8
zY>;V^yG|IGUG?^<Bd6sdCJdY5M{n^-;JBAa)jqWZoiU7#;1Z#r$m*3HC>itJae;yV
z$4L_XJ$^aEvNabpLz6<a{#7=}PS^|nIiStj5}!86HG^|3n3eCG=yL)&DoJ;ydk`75
zv*@|`jVZ@2BE>e%Tp)TBCUz~$4Tg>v?#_d320y>>=?XUTS3GZ-9>e4Ik9oq|0bVGy
zEnm}LKE|yMom9sZ#q%ix0{hjkj6*`o=X3|Yru)E_;m5CwTFnqzIMW(4k7kW9y|Q+N
z93t+Oyc{j7%3B6tuX6fUMw%VjBl-FHl;)r#HN?Gsmp_#$XE^?&<9F=#rfv2TMmQ$i
z>GvMt8x)t{P3u%oqv^YZ!gmpsB3}LPfAduI(}dd>z4?M^xrRn#Cozrxz(0&jt>%6n
zgQrM5#m;#xGTqLt)qOWKNG1alb{fS<Wm$qPJ!byAfnIw-g_jEc2K(pcm6N>x+x3V8
zTVmJ>RhJjBw7{rx*UHzQx&odbAA)ou*6_HT2x6ec2sLuX(Y^;{_cn#ob?+!z3xz)C
zdAHhpui{~@cD%Me-jAF+I&W|`zbzsla{ikWO^xwZFRh$2fKSAzCVo{k6*bhP*AsK^
zWQwcd9xKvVtmtGflW|g;a?{`_BugA}k)0+d(h;zL?t&G;M&ucVwA)ow)3wMmCM|~e
zRbFjGg~Z1Lb^&_fX?SV$w8-NuABR1C>lv(lL9E$o|K1`8RY142c(z}Qi<<0w;(-c|
z1}gHf{o<Y`4?I2~&7bZP%xuC|Ul7W&cRZ%!y~5f9;it7)!-4<gsaO_{;orZK=PYEx
za~>e@kaFHKgjWIkOQ+gmo4fS`wN4)QEX1A>eJm*HQDGWC)0`R0O$}9dxl{|D>vd|V
z&uJtK45NIpomFU|eQ_iW`ghzmr}~QhYn&X*0_4S&ADUgI8}Z0TcE?)KA7MADwoRiW
zT~kCULIche{?rbegCw!r=fvXK%>>v}Gq@W&rC#O_)7w5(6>oZAKt8R=C2k!^wM2EF
zv04DZnfC6n)?JbMqk1YYKOC>y^L1_*vt^t3Su+-v5WM;b_hb%aHuY`J3d&#z1QT5d
zXASK(<hZBqLz72<x*=rO?|HDGPp|Z?EYJ2Ssf}v<6y6jR&bOvr@dak(@Oj5spAIFl
z!nG>o&$aeNy^GxgWDEmWiCN%_{R<3|+H0c2j09gEECtdge~^2zlFh|oIF=o;sq3=}
zSmm5PPA_lr(cgHGtp?wIU~2iCC>Z<}Y=Ybm@8W8pE=?oTjOnhD0}-`jkyBY-h9H5`
z&Q_&J)R|A(E^24Biiz5ig=DV0i{cODHevgl3|9S{W~L&rJtWKw6&vO{Eun)pyx7DH
zS`Pk+aL;QkoiSvC_M}8ce!y%-%&Bg^lsa;EUZonLu}x^=g~cAR-<Y$J6lt=<OSy>>
zDxc4;!(yL;P<Ak+K(7iOiybOt4mJxj{<^xsSC;S}4PPUlLjwjqG&Iv8J?yZ*9*)C|
z)yJjPmlZk;G&wbNG9?;LL?BQrGrgKCNdp)Yd8$GZLFKSz_5Riz4iGXq7yQw|Hd6I-
z;{16L;Dpkbj7Qw5A_?|G&(V;bh){)e5Rg3K-b;xNvmRik?s}g08UAYhEpx2ukMm6Y
zYN5&tXI4))2{IWrlIrNo-1cjJD@8Lg{exHk7!v24G)vV-OFX!vN?hB`;vw)ev)Ijp
zAl^o1;+innb^Mh28YJQ$r(AN;&sTa>KT-aa743mD5N7pD_%*Sh&ToX7r<R=X5ein{
zeVXbB(a)oR&Ohz148T%KY!U_tK%w=EpG{UEd%N>e6$ukn10MGYGv#NTra{Exfn*{=
z?i@%Hbb<~E8O@0cLEsT;Yr~+ap;P7wT;(6L4ovtq#E70p`8{UUu|t80H~Tw-F#N(a
zRTJnYLmOzKr_3x?;E;iBf6H0W@oGT|mQn_O)h-z8gKR}F1#r6*i*cAY5olWOp|~<~
zxXB+JN{ghWTnhSd+{kD@e&H~4QzByB<TK6*@rZu{a3ff^&z_xS8Gy1`L5=ZZ#wMCi
z+kM?642<1WJ#)H~$=$W5a&sU9xY?htxi%gW^N-9&vP+cPTQZG-M0Ne=$*##LlhEau
zyq}Jd@*swkh)3Fwl+sC(ow}4qO}7IB#7a2M8l|2(F4<I?irVEC(RSo7M}~y;HM5!v
zby0+3NP`Xxz*wUcB{KZ?^8)V;t`sB<*!oF;)JC?8o%aIh3V2oQ1w0_zWs#OWEXR8p
z`Q&->%kA<xS8}`twSns;e`Cgm!}sP0X>ae=Qh~H%O65<?QAz9(j=~~!d%Nk?Olrdm
zNpoDV7*_{M;FwP~LS^tnalwU^O(1c>K8@G}4bFJ77y%^$((h*;qd*9rwHLP1dwOY}
zi(F{7P?vUhk@>1|$>g`IB@QKFVrgp643$tF&|2MKXv_h`aOY2W?Gp&oTO~b^e#m4^
zW{~YuoFCh&ft)s%=6;XGK|NJqr?g~xi!o*RGB^utf#{q$7rt{&ki`0$;_Lhp_TN*>
z#1z(D{5@R}7pG)ESt)~DRl)wnA_^-Y6In12bjS-Fc8P}3mRSl8n5bwIo;<r4n$s<1
zUXjvZatzh9>MWp~SA3rNIUGm8yDVTZ@{WC4AHTr`7C4J+mie~g;f^S{qO$&14>{+Q
zFjBFo2cuC2zFFAbPAts=f?kq9OKU#Opa=?6C~qYFX6rI{du%FD_+7#f%3^iW^Wk4j
zWJebENj?!*RYeGWwz^N$u)UV@BcFXoGWhSF=sETfjoNHlPST7@3;C0pRm`9b<39gN
zXsriidGQ$@^<fj;4VIgyn9kzm?w)<uWc@|7{r<y*)82<h3N|o#y*ADKl_Z5LjH6h~
zslnmju0_fGH&~|4kTRJ1Q7^RB5z{!Z3YOhOvKJj{4o^D0Ttl0*SXfH#KBXaYt2wFS
z0GrPNI)l+wLG*w$7XhUB+tJKmi2qKVBfMgG>&5?hYHt}~S9A#+pLdVNZ2VV)n3BLS
zGwpHEJS+Yc3~1JBb4pT9OeitJdP~`ODF4YkO8m?RI(5JXhb=#e&aL~CiF#<hlPRqY
z%9#s7;c+m(q__gn|JG}09-gIv7+)C44n2TFIFB^ZW`5Qd&1+oNewIR&Yf~6lMgj%h
zl9KejoE3CQeSeLBb4eT_eSZa}(CllpUn6lADiun_^w*e0-JB(RnVon($9)m?LW$q^
zl>hF_RWRuR$<QoNlOs-qGt*?pzKIHmPSo3<SEpF&#@~5YFW{oB1S!-&NQo>^;px2W
z%CP5#!*D+eT@Bd)qPJuHAp|IfxysxMDOD&^q{q?fS;NVslsZp5J8PaNA&`sFO2{Y#
z<8$9(C3S%*;?OQny*v_I_wOR-fucxzLVd(7p&6ko7zCA*(Wv^KSr|ExUApEY{FhX8
za=<i+o>b_$UwxY<^~1p2wh#;Uc3zbW_PE3@TOkn<@ZzGNvhnluz>l$%Rqf@D{g+UE
ze_v;rIu$VcE-xI2AB;{XX)5(dzK2B<H!Fi!EN)|2**1uT#DCp9na*^GoJAw69(%i&
zbT>o#je&_V33^$|5fgV@HedAT0UC<;`#F?OpuB!L^ff9)f({dj^nJ}Y3*hQe=nzx?
zQZ1%X+;{4_H50ua3UE?7AXrku{Ib6H4%#UpnGX#Xq2U><t&+I&24PZ~s6e-3sY)Z*
zOq{_9-a;0ga3&UCQmkFoR<z|F&ee*7O(&fESbgPN1j7GRGbO0Ql|NMbRo}Nr*Rpl3
z9IywMZ8UV(T!SxY9)m|dQehY;DBy63uEfTg8c*6)&K2N7$3|oW<~6-^zW>E&jY($B
zUk)ICysqc42}}ke0b_b1Su`}Bgkb+TS(Fh~JxF;sWb*}sjcf)pBLo#w6$^PcxHff%
zHzc&^0KH9s3QF#X9@;31#RxGNl09YF|J8DNO>@APNg~?GXPFgZ>s|=!b7{o&@BQ8k
zUz@hvlkdF>f%qiUS-ZZMYr^9{k3p!fCi`c+-?^&8w294jOk1e8p)Uzm&<Z9My&nd<
zW0`($hpR-K$FOiEigM1_=gu6lVZyVnT^7TX$i}04R$FG?pRWe;w*1-0QyIFClaO9M
z_8&>b8NRZ+<;;u)@Qusb6Umd@KGr^>FeIwyLp*Bljv}>m;{)^4k}Wi4lE&hO$V*Y1
zH&Mix7;FHk2cJ?9d?~|fv)LSc<1X*NZ-S-lBr0Dd%x!q+k)D=cS}_xitRXZq%;NDs
zT7GwjfHT;94y!pIK6N;}D~yehK};g>QKEZTKiZ<!cFPuh1V-n-JK$2D$RrC{qP->0
zUDd6}J*1iHlDI7+8@}^SH?)OAYo95x^N8Fi41c3l!-bJs=d2229iGyHtYm!MU_&@X
zgXu0ueV25uW~u|#RKPcJ6mzZ{7E{TU$sD=Wl;e=?Wg4&^0|aLi_)gkp)*P{n(r4PJ
zi^9#tZhYZ&T4Uo#&>12Kfd~KfUz}tP2o+l6s94Xudh;Bcd?-2x?COyuq}_OclWt)b
zmPpdk$7fhsd{IF=Uu?L7&j05Pj>n~`1lxurn;dh{wN$*_J;a)ZiiM!=qvM^V>qXrX
z`2d6_nK7xFn8(N&5kLt7TxV*V^CXD{qE?|r(BT3<45k2ewEl_(+T7=$Rb<orXUU==
z#5EwPOnpN<;y4tSO$Smqp)*m2$39JEIKif$gGCZyO6q-@(1D2|3g_@o%FeOns1RN$
zlaVdIUES??Cp&^NPT{V>YCPkD%HdWx?KUAVj@fi5N*RgV`<*>>ljfoWCnXnXQ%9^v
zINU*@YZ<&)6>ay8B5F3Rxz~+aHl6T1dMHen?195RSi4KPr#L1=65ZjF1_sE={S3pu
zDPwnjD3`Q)#ETuYM9AofK8WRkA5RClYn)oP`|tee2|3u5Eu1Rj{qtX#6~d|E0lYVq
z$~3{4KBjC~Ba$#_dY6kyp5w~VO%MyiCP8kmlQUl^D)e*v0fGzmz1b#)TS<!t&iPN^
z2b<yN<GM^$7@E+{SzFK=Tq2bL5jo~UM|+?CP_id>W%a<urcSeCCt_w%0abn#ez@G;
z(V5`~B36)6#r*N3{}OQBU-t2Zz2;zPxWoA7TDb#yT_T`_fvvJ{4}vzIe^G}&+KQ#W
zDEQT)&3t2fbWdF4e-zbouuT4ZB(`z1qpwSJ?tE_PhlBt9;LQj1cDz7!46>N=q{&1T
z^<R<ojpw5o;yK7C&<c)mHMvD-6OT%uyo{D6^mQISVYb~5saJdc6y#y?$Qq1Q_s5PI
zvlz4AjYdT3L6yxc#ar~_Gr#<Y4%)CMV^nt<urHo><`vSZ%%3u-F&rSPT_J@A5kx1X
zVa{#$_GPF&06ehdzSQVz9UgYUwqCGX;lL-xz*v&pA%yADT!i`r-Ovm-a<d<Fn7~a}
z1z})34>$j|(g9w}om^;x`q#JJ&*kg)-}iL?e`V_+Cyj^svV-vU{9s-zXDrPYWUBvR
z;RyF4Xfp1;8~0O`kyiM7vBakJv6uMevXwQ{rdiG-yebG(Cf>?9btlhO0jk6T9bhPS
zfy~|JR<k|C`*JfdafV(jH1mSb@_Ne-_n@^h|Kq!SE#qZSj2*+=y{J+;=>TnvZLozG
zfb^khOd8zq+uN2i(XMKWlwMk#>?T8pXUF|+eWiZkx&rI9>&N2$j%ZuflPm`FDQVJq
z>AN3@M}%w|0>$DIN}th7;ItI>8hK^WxP^S<7$Y3BPEIinF8a)ECYuHNSB<nF1HBal
z+j#{2S&7~L@UQ`_6Vh#5qFXt#%-in(k-^Za_PvoT$kFbELnNiC6A};0m4kSK@+1ZK
z<8!r|rM!T0g=)1YNz8VdWdC=66RTl3c2IU?RAR=y;F|Hj`VAJ1I^PSEBoNmXprBmu
zg{2I*+kHk1ib@A<?U_J*Mx-RV3M<#71k+7;XA_0xD&TfFT)!ic7Lro@R$Bj)>o)L4
z)O7M*gP`In*01wJo?7e89(`?a#8v-DD!XtUh~dfBuid1aZS08p#z$;b(EFG`3?To>
zC!Pc7<M@HdkAxMuy4DFU2NK#}1;3(hBxIJa5i_;>9Px|PEjru=+ub@5E`&TyLSlTQ
z)4XMGFSjPCi#novtVT^Eu^4f%+?c~Z>VKyp2aSBp!hxxYwQGjE?_K&to^%tpRQsSl
zC2`1~N8<m~T8i$#iVp;cVUFj6l+zl4qYzvwuI~8K|B1d3eDW=APeZ~5?Xw_O)$Qh8
zc<LS_ru6DKMPWJ;Om4Xmah_I`*-{zwK%4(BB{SpYv$P>9Hpy{p7ZTDZRI*)nR;L>J
z){8`}Enb0XdW^$lL4rvX_9v|zT0MD!@VaAz1m{9FK-0?N-nCV}>_Ab!cjm+*wbgee
zq`dk@mT=jx@d@^sb&AC*LO0bKl*&EDEE}hEL-bgTDSZ?>f$MG<jNK;i`@hXaPC4r{
z5N5X)#QPRH73%!e-HFNP!^VtI-E9$L5PW7iU{sU&>U_<3ees{@S&67{S|DZ<AmzFD
z%7xVmlg-WtsCmwfzo5=1OA6jkJ~f^wwsy$h9CB`apsU%Mp?^QBHYu{Tkhaqe>|bG_
z!K1bkD0mzDAFHLERR3Eahp7@K6o^k#chX^4P)9gQ<#Wd_`&l>FV8KDX&tdg~h~;Pq
z%Q#2uUXg7d)-#HPIdEwD&UVbKjZ45lnfE`Ffa>~c@Hxggd^-S2ZQ6KLUi@Wu7DegR
zE==O?0wN&=4?Xkt<?D6xjU(5W1rs-WG<S9U;_|R8M;eT{JNGA93RU((rf$LfQs>ty
zo?Z{#jf1|T=QW5>?me%XQO*5j_`=Crn&IJ1uQ$R$0L<2d9j61LD%VxhXUj1fxbp^N
zf!%a#$V~2}Hj^Kr2a6VXy4nHO<6$0A%??NZU2o6`{kSMNBSDtq)P38MKF&M{2#<HQ
zUiuj|E$f2eVVm5FPzPyZoT6-UhX=mg?w#8vu`x{>qJ{-$+<QlccUOZcl3p*rTW=kz
zz5r`gP&?`s=TuLV>nnz9XY!>~0#8#znrK*uRgx@=_dH%-YszPDe14m~#Jvuw-Aqdk
zx1Q7LbKCiv7MvxBb!Ff6=vTGg9}SehoE1qX4)Y}bePPP^R0uJbDu%Qv+;yIs)%Q)q
z_}ad_uWTt+=#tzQIi`G_e6K(ozd5(0Il8JS90fPh0*eSSsUtx#$mIrkF0YbyB+iNX
ziGDDw#Arx8Y*+{jY7pSf+gy^Q4Lej@@Y46`kTxZPaF5)K+4jO<A3hp}2_vijU5?$J
zdSxDX+{j7<EN-~TCTY-yG|gt^t6_xy*P@jFs~5RNz{Tdr&j$fRikP!_A+1xv{$qf4
z<x|-70Q@l2WX-ZIRtZ7ua>#(>$3~OHFY4uy&ZGZmy1SrXM*2Xl>0n^b6<T;33MR(f
z9L2{#u*Nf8c~K**d*qkbiY&Pg^WXTGN9fo2`r??bF|bw=eS66C7VvX=CTS8O<fBIS
z244(%V5V=6!=XYi_8%I?I3l}y%b>ocFq-4Dp$D&Zb%9VB^=iHfe`2<9UxR$hi|A71
zJqsKyYotyhnSVAv{QJg^a^2U^D|IYd+_LOeOGw>q{T(Zgbda8z`9F;@rs@+JnO(er
zD5#*=pJ0~q<6s<{b4B9Vw?<F!@z6oPO^um1nnWy7NUxD7G3YBqt)0uTS{?Ec#*2c2
z6NJY6TRc{}_jVuBe}D;*oa8_?vhsTnq$kGe!;l*!4-+Y4Wkz#_WnaO(n-a%AtL{t|
z&kU{6e_Q?w)ZmHym=xFzsBhO}CTH@O!7~QYuRt<8ul`CF2rdX2A$X`+N$Z80Fi=7?
z5xWiC><5OsSDrqOCE1uezCkCkM5wFPp5XU}ktvvnf6)9d(LZTVCkq1~3y=O>7L=he
z%v09pE0Lb#m=cH}#uH0&4;q4%FoSRP*x>YWSD3%<nWP=+S=W+zMmpQ#a|1bJI4;XX
z;@BfBpHH1pK$5Opvo_atDMqoHT$;MgA5O9Sph7}1TC^Zn)$#lo7m*XrQJrO?8r_eG
zDU<UZt~E`SL11k|+nTs9hE0pq6lUq~GAfFxD~kG?+BlkMO4$-UDuvD0^F{CTQ{nR{
zBoC74S&;vs-e3CG&Em%|6P+ZtZ_ZG54d)BjM?)dVX5Hg>$dE^AH$Qn#A2<g0|E8~B
zM7+pZ?gH?<d|$mIW?AR39Wg-<gupgKC+XJ@F>DEf#ge{~{d9M-y3@wj+MU?(VxC4H
zE%=@7`=zx?lF4DGAjC1g|LxpGy4v>Kqfte^wyV?9vmwbEwB=?O98wAOWPh-j#-r=W
za#W(o{ml9}q8h{g3*4}H4*+d8je?_7$Tj|RqRi}&1()O@XQuf549QfMfJnStvAO?2
z==_zfdjF8{c!Zbr{?GmIkB_f0*f0la1o{r_n7h7Li~F<r5(BkMZ?PYPg!nbON|PEx
zon-lJO_i1#?1k8#s1utDw9XM$Pf|y=HJ=KQ{NHP9fAlY5oCm1P{bvcAgk5BnH;Rho
zq1vxF);l!41wt?bIoQwmK5W$EaEpj7cNbFgZ_b3%Dc7Shn)<$a=0RM<r7G^BvgCs4
z8<RP#i`y@AZg2|oV}@GYaQvEHr&LZ~d;FlZcg;oQFs6TcBHBbhzG&%8rTO?C22b+v
zd6|&$2e(|v_F;RUb6O3K6&eos{yAM~5eXBN%Hw*U*A}0R{5{f7DsW;Xlq<D}3VLj+
zS-eqxC`s1IAu-I&d}aEY(?X%>16=!mSmzp8bWWL>!mWQb2U6_`fsp^C{8pZ|Y|-bp
ziI}J=c&|;385|?jcYFro8Up3tpe#zS{kL`HQxz&Zhw6W|DSUWUT!Zs-$&-qr*uyG*
zNbCw5rKkys-eUy>t18l1A#YQ&hyUNt{sDcCHnzK$VQrMW-2+NGHZ(aRmQ3+zx#{9P
zoKjdMS8<#DX?Tb?7UN<)SoTe?QnSdx<<8_SBO&pbO(R?TFFJV7GbJ4TC~yopM<sdZ
z!%GX&WI=T=P_>(=u2f(d?d^^sSTT<Ch>2J=$TM9{6w{CjI33O(?R6Sk4Zz==?}j!r
zd-c9GzqdBnp?3q>TH_oUlZ30$zED@f!=Mg+rkRLXBjgPFc{a>u3aH*gyS;|Q*eq!%
zU>oEe8!FwcT;*~>Y?18h-DF{lOKqDI2`qnezE&P18s`{?E%Ob0uk$IN;9&${pa2%Y
z4)8@~1!FFlPcgiyHKY9DksM{|k@M!oP@?e&&Yr3*MY{EzxW=j#Xd+2Jt15v@eR1OY
z!S5Q_8HedFGHnhgDW8t8dpQ(5yu~3+Z+%1|xCC{vJY(x~$%@>i@r&zM3$HY+L99-n
z$C}hVp`_+AdPJdxWClWTE-3P!9MFDQ{E+6bRx{-j4-+!b%<z4ELvUw_Fmxd$sEnhg
zfkOMqsHl$Z!%j9{3;lP5o9rBAHFM;d2C895V8zv8o1@GE1jbUWGkM&r$k_@{+QCTK
zXFy*{Ktd!%qN+U#ysStr43)F^P;p>P**jWD^tzqz7h}x)dX(%Q30^ptASmd-U2dmg
z8$w4b@kVq>=cj%~bIhm;R=S;qa3~$P4_KRQKKLp&>S4w545L*0f+TkFf;bWFr#M+2
ztJeDQ4+ej{z^h;BP;MZ;j@6h0s9wIsJL5&DdG46)^{((L6>ju{9MquLMr(@vNWxWe
zaQTy0EnZnATCqIU5^zyk$V42<f}WV**6@b3aEcf@*lI1U@|G9Dn-mn&2TCfMRB9C}
z!9;pVyP!DM@<~?y*VpHdx&$n@d`CIgee$osRx||58A{8`n`;Ewq1V~e-9Z5{&@P6%
zJzhvpglucFPhLZ1mQaXolNC;cr<&<m{8M9PKJHtC`Qlu12nbo|z8|4ePhnXhwkS|6
zX7vGf<Xp`z2u}fA$EBj;E@yJ<n|Fs(MJq5D+7_{SEPGQEMSctr!?WejC&e~Yq|7>v
zSb-^ZbVdKa(?1aZfmTDT*n8AlzBJQoLDpCMa8%+aIg-U{?xM4Le<Q3LgY>JXQ^^f9
z+>FDrvlP9t9s2MXz}wW=WnwAld}*!{hq<gvvz*)Ab0wKax$v(TtLYe86NvVhCwok8
z&D7(P?PmwG9u(GZ0CP#zvKx2&7)Twl{?$o0yEKq3{E5aemx9Fw%K>I4S~Q-$^dAen
zIeM;?pR8taerD>+v$1$s%ym6$k0~A7m5#y@#b+=E70f%|a<A`)G(IPt^0kl`LZES%
zqNDSd4)z}5zXpK^gOGem79MC74wa&ivBLS>b-qVgYA6D29U(P)+mmU6M!@W!fDq*;
z7d|185&-Hmw^217078DiATbGYyGYdBOvin|*<JzVKB9o?e{zFIvr3`GmgHQICP>8E
z>XhFE-@f{kZv3s0T(*VM6Ml4$`D2AIq1ok8itjv@=`5zSkh2c<uV5XD@>t9cRK7=S
zEx4^xx#$TvCcJwe@hxxwfuYdA79szyWRfhRY^VXI6JHzIx)9A*rWH|d){en^q~L;~
z(Uz~h8ois8i43yeMdc~HJA)O8y!!$?+tg?+>+PBCnjVYiDa*9kyltYe*p$CeQ`xt8
zQ}M_qtbLN`*?oG+Z{k9{WJS{>rUQf?#d~JYVs~vkZ|Sm&@fX%#F4EP%olPC_D_DcG
zE;ODCmgfV~Qui0}HsUjlmd$>W$y=iHfvb*On{bSoo&1y=xGDeIl7#5R`6DV<pU(K)
z0x276?(}$_CBTK99BuV_VrD~NH~1l2bUJ_xU|5_U!kzF;=Yu#d1*h;97b&-1kUbc*
zE$-oZd%0N7JUorXPzQSVEUb`RKPt)(#4{*?e2HQ{N={8^q=2WoA|T$(OlT#Nw&ie=
z!&4eO#Ns3(n1VXc@4UN<zThLjhWxsml4|Kry}LQ#?M0yjlc5Wyq6t!$S~8a%n({HB
zdi;)YKvxBM4PqY892Ak0%MsSbG;Oy={nl15xC#Y<y5ew#!^4%2#?>Z@Q)jROOeF?g
ztMJA83h^adM3iF_7!HYE&3bUrTwq}OpO(SE4^J}r^NBZMZKV?iK~mO$&p&-2PMAX-
z{5uaOV}Pkj1Cc6Ac$33yl2S5l^O>HIFA(74z%y>Ow+!&MQ8*@$M^X)dm1e9Pm+Z{m
zd%uGl88^PaU{CwA5Qub-{n}i4OF4dXn4>u+;CymbV~8IJ!ED_<w3qX19Eim*p~^i5
zCM57sart{e_(hdY$`$s0e=q9SD|fvDk$?BetM(B2mG>Vkly-kGJ4#_OIQO^y2RlH-
zzkp|qF;bIPOf^uWN${JZ`YCq>zwakZ1~Ivdf#=Kr)vxv)F`xCT!P$GIcDceVtbV$I
z8j<-g>7u)yytASxT4+v0qB~hJ4d1UQ-5=+C28Jh8PelNz0ggKd4BJ6U>ND0SVk-!Q
znHp}iMnkgE5-%FigA{ew@bWU6?8&2W_U%v1u2UjHNLMnW36i3Lk9x+Wyx0BU7d{&8
z$G6TYYX#+J^st&)S^s%%3ABwa_fCwT5S^IDVC9tSe);bhb#kQMqv!@5_+eH{sZqw;
zrs0xBRKEw?i=w8|G5}idY|+Sy9yQ`Ja92roB%K#bnC$#SXf^`o>UuiXe-`o3lFXK`
z^+)|`8X_SxxAU|mi@Bk*)xuMZx-zwdw8<ijUfeh98!bkLt?Waf7~_8!Z={DnRy!0J
zQ6lGR@r7>*{~MoB(oO8<`=bz4*?dVjcYO5@youZ_>Ps-tc~=oxB>w2bL7m@Yu|q$R
zJvfyO1BZQDe`O1nd?atHvY3dLt+ELyHe>&$D@!d@WL!+tbn@fR=8g<lQDFl2l8?g`
z4gPUrPyRu1j}|J>piF~^16!iUe$JK{g`@UK$vOwk`p=lH6j4q)bB<KH^>?9qPUV=r
z#p}d!+7Q<f>;*`Q5_WKvYKY8E@ESzV?q3C~aN(quD<zWYMGNUs%U5T>rV#(>oC(20
za6vFg19)NwMD+AyB!kvwA{AfM)Aa-q*+H%>!*K#di=qy}ol(w=0x|#M-4Ai0W1e8t
z|7Ut9_#HnhCyotCE7qRWG(Lgcw8|fZM-=YDDpK;xVAc>cP+qZ5TKOuKjA$feG^$q7
zO~4#xW_j?Iepxz(t4{E@82wgtk+fVt*&75$(ZRv7;d08_R-{)Mg#W9+TY@Uq|F4tE
zjoc(8FLl1HJS4Dd2aRvgZG50%ExmnA91_cWF1Z+88GlSJUqzYuILE9%l4h#Rnn@Ny
zLWUrQu6}Se`KP?B%dJb)n*?i&jY1|L(p?D!XcQah2su&kZbEa#C*H$THd&S~x7%ko
zHqAVqh)W~V=uz&8?Kuq0I^pv-=o&FWs48Ny^3UNyEe)&K5N~4<v($v%haai%G6VCh
zS#n>~$437`MbD?atvbG=-Yp9^iAcu8KeUt->IJzgk9ynX27@tBVAl6DL1Q9Y{E-hv
z4K_WrMiJjPm#=5u;>y*^tRy{-D@oEwl6<(knSv<1n^Lain*s=HAux&AMx>uzh;K;l
z<i>AxC^S;GBSxx;+nZnZE6N6=K+bTaVne7g>FkrLP#-cEupk}^UIkR2@9KoyS?x!=
z*Zv}RbhtYY*QRS$6y^0&gYB{PljR+>By!YC2I3x{{gUo>hgu=PeSAh%R?h!O$m*pb
zP1HUjM8iJ)=wGR}+_WiRsXe-V8)+(@?z5_Jy%OIU@uvdW&DT$AJwmxnnJ))C^Bt)U
zLkyg@g9QQg$57<{L$Vr$d<1mj7MgOqdLO@72Ja!jq)xMBn7V-@yFpPwUdF9w82$8t
z&aV+cx!8H0k?d}PX+(&O&fTkTHiBB2ZqM{CQ8RbD*@A7KI=vvGzNy2FN7ZeJ_rXl`
ziu$*uF;X}4N)-zWe)+597aS(Ni$dSKW*igi|G4`q>vtp1BWW}xYJR4WD|P@}=|%Vy
zV*`~@D}KCPchK^DjlxLx*)l1#rYr0D3NlNM@f`c2?eu)Z&qyOtQl=_PT=FdaR`Q4C
zd?+E^xavftA0WVrAvz&#JbVlX9ia^e$oej}^-;UU0U_gD3j>{s%Xcy$L^<vqBa?xd
zms@M9WsTF78o!W`;UqP<%7#*<6~!TRJvP0{?2U5~J1nS8SF_C7kt8hj8Zu!~lP^9E
z6i1(}?h3wW0r*V2kiC2Y90a#YN}|6_BF7MiY*QP!o~2U`2NBVPah;EmD}QEs1T~gT
ztEHlC%1(1j+XYJn+8v%x8aC-QYEdATO!0jG5=~-=+nx1l>%a~_j+#0o*!x*(n7-^f
z&oR6pFlU4zHPuwLQ6)Us+(<=tbr|hNQfqLXsq$-$Q?OMmgqx!@hOPTwGnY)sf+erw
z806&{PP}b*hT&+HR)`PzrMERVppp|oRqbN}1Xo@XXatv3E<AZwm<&Ne2L~8UsUHJ!
zl_5)SIni#JLOf!HM4DNf;-Xr}7IvV9=p1>v1Gd=q;tQz9FMbU?DVP=SPK_Xc*IK_g
zNwaB&11o53!9DG#JJo>YJ9(>q2M>&2k7%F!@VL_avLTrWR;FN9)+lwCD(@+Wev^cF
zMSFLZ&mcorFC4)QnVv$r<(0bFHTRyhlNh8t=3NqBgGS2~+3=dC+J3qxSz8u3OS>_Z
zA2Ch$1Lmzui?zTy)qFVrUSCyLe&fKAu<mjaBL(s5r(-~(2w8^UPzcKFe2btxCX&L9
z-*C5r_xynHWGNYe9QG8KXU+80>rx_sKKOq82Oh;FpXIT99X0>h1xe$Z1D-Q6)N!9T
zeku(`R+5guiyC3YnhNn6K;|Tz?PvvbOUOh<EAN{1qe~lqj&%Tm?!1sAk+5F)U(C&E
zxl^jHK!XM01YorUgf8s{mejweUg2Mcm&+}p;(6?v+(HTT&!<%a+YqR2nc2nAx_ls{
zZtn?#(rbA*{Wz8*xJn~?!Am4@be6QvPTI1QRyKDMZ6ZE}4Rd}>+~y<P*7Npe((EuB
z{|LbNlK@x}^l<R=1TfjXXr%JjEBhTh;5LYX`F!iH>H}NpM)!SqEq~p+DTs|i$eU}-
zld%oB{&vc4!{}X$J8#JXXERUM=qfdQk+d4u@5+r2Uf2n(iMgT81)K5rjY?dI@>x;l
z?PH-OkQ{ZVvx|>qi^!53uER-CfPtiWB$Q?fi^$2;gdCy`S3eeIJRIC{0-A~wO&1IU
zB<2hi6Rap@YY|!bA4x8OlVk_cPTjk3YSU9%-ezjN%{hsCO%|w04RAjtz{cT#Nm>*i
zVP<b;9>*RShBV+c<ZN(DiZ)uyqZU`wGTqhfqD2Ny9qJ6#PLJEH8elIfP@4t-_bnf?
zyBU%X`w+WXOff*ZMa8k7124@nBpEJI^WnzAYF}7|$d2BQ5XxQ2&Vyr<fKe7~Pw<5d
zR#|B3mE(H$jF>*=TX8QW)k@ns%{&7igSMd<(f9=&a_&=ow-NZ*#*)$l+07zFbNR*b
z@>R}LqqB_T$u&ll((xWBz&rQD&-P07Jjy0#I3m2uK#>?qb4)$5CB|b{_Z<oXEovtI
zM(R{8XAX>NG!=EKbsss3x$7&SOT!s%@`{7xyLM#uwb>Pr?`%>cqkbYKNq<{n8+IFC
zE%COTF1e8EvHcr!rtiM-iA&txt?-`l0v*us`<#fyJ+fWur%A!t4)MAhx~NLPUgxgR
zphYqT{?;#I45FOpM=hYa!5j~_YtKdds@paU*RcAT6e2T?5o(VJo<3?Rh+urEZJ2T@
z0H#2`%HCC|<(&prOmfX!3Zj>j)qozlBkw5a`*XQLoc;`$-dmC+5Bz0=vvA`-H>TfT
z9fd)FBv&5QXAg7e_bJ75(-`(Y74r-#gPsd!_BWGET5Zi`J7(k1o}`N@moaCHXFgs&
z2?&GdLZU88!OO}}0|B}_aA~fwcC`Xq^T*K@ogN`JMu{2kLo(t#PhXMfjESioB}d`s
zmE(8&ydc#F*GR(R)E@A<5asX7;hV7Evj@<UO<xu6MP)wzjP5$t1TO_xP%o&~!v+pi
z7Sl|ff>zz_t%7KhB-W(`&P|;N-cB#?D<r4-e3xlq84*W{aT*lhj*YFd*W4=O`86}b
z!btvw#iu!(#PjYhzxIeHPXH?KZfhGx3JS1wo9<!e1{fJI#FTEHClXCw3aU-bzs({E
zn%fDq1`H`fhQ-x6y)p6gUke5N-68940L{fzC_s2$S35_qAw?8*V9w9x(S^SCNfZ!-
z#%f0$u4(Kvw4MEu+ByBa0QI3@H*@W@sAbc<b9;t8dl-0xcZDM;S9f%i0LA^)HJ`Bg
z^UAcBeNWaOhi}8okKLM({c8fWUqawamq?m1fx~CEWdf8+L!+gZ9%P=FLCOZKHICj0
zVHT>RKA^0bxU?Lw#!MwB+N8B-v^snVOF<T(|E`hgDwYK1&T7T9Cbj(hh-ZRM(*6DM
zu%@xK5YBr8n|bT7K$Q>JT)hV9L>Z2WLDhSUYWp!1iS?;Dbk8!%foL7lPt>f5gT#NT
z_e@Su`;=;P@nU@Utz<ote}5xKH+#k{w88qrN2W=z<*F%GE8f@@(Aw*@Akb$uh3q5h
zJZB+)1Wim_A`1yx@~fU84oVg0dMAj697Qz4H7b$lGp-x*fXEwr&azHi_WLbV0J2<w
zGXzBoukGW)SoWlnj`Ok2W%4QLaMHn5h^$XJKIkVu?2VLy5&mFaWdY{|HXFQkE53(6
zwr>gQMCg|}D;(3~kFbQ^R$X@vwj0*13$(4BLY9a{cd!nw0+KHr1bhFHOoo3I<H+Jk
zE(wPEfOU-xVej+DYH%$*ahv-n`?7Ls8UqMeY6@`Ecl%C?(`lD+7J8H@1-)I~F+Y%I
zU8c;3x<rJ{7ymPPp|S5G{<_nR@rx;(NMax(m=cmwnq39BxjResu~B>%4^?%%uye36
zpve!-3-iUTNPBEu;j`>{gWNz3MnQ6KO%$o^6^#3hleT@585Z&`^lfu?p?Ag)&DJe>
zMxH{XOJd6)z5p@fH`>Gh8X$I!>S7_ZA6_lxpT7!iD6`5fsnF;@<x;;kW(M=$-vpx!
z-a;Enlji&D$zR@9AQn~YlCO|;apG7YEwO3vG-*N#r61l?s{KfSyA>v8gkXuhQF`dS
zC9)SUW67q*%3ti);#kqn@qPHzJqBZz)6`YB2E*Pz8^DP~H>`Ay35_$3nu;|y#LSvY
z&e&YUMB-C!wT7kc{#Cn2DS^K%hiwqkM-gx%_PA0b%`T(CERyF!;q22)Uz9p`8=Gul
z6{VHIj*D^`UVLgic&2Rb^0(x?g1q!yn%F^(`!^JSQZY!&j(1wV;|QI0fnoSUd9y)H
zz~uM^he9t?tQlPjO=ehOQ&oS83w?&bB<yGbS}wO;DE{k#)I>MKD2RUWxdxCbUh@R$
z7+>YMn9}4Skhn;9#^wVBHeCGDPj-dwq1zVJ0xZ!aYJSqgJW~c8N^X)0C*lnsKq#U`
zsE?HnA4*BpfWG|p0BI)^Xz8x}Z}D%w>P(u<+FGY{nC`zynbAjMTMVEqrY@ZzZ<CRz
zuz@Mi;H0t3bh5FQY@!3@@tt5DpU-+p4hz&)T&%EF^+5h9-+4R7;btgyE!PNMtCenx
z)x*T$xk-@(Hg?AY1QRCbuET`y#G+V;lD3&2@z@P-{zLGm%d<`m-seJtE>@Lu0$lnu
z_#P-Sauxy>SChJt8obqM;k%)fKLZ_VPD^{TJkks1=74){KjU2ueu=oPAnsI3`;TBa
zXQpR%5Lu#@z&B^So;pvH!%y*zq7ivWI8wW0S3eq-Z7a&t^&L^qS38bB)O&+&u924W
z?!~d_j5@tx>dA9u;3eeLJ?$NCVX06uvV(o;I9?YlR+o3^>}x-r8fduP7W3n_tJTV$
zQNEf6@^#Unf@swbpbCA!_Tw?EG)KW0lA!c89QpBeQ>4=B&c^R!Zdc)xd|6TmI?_UD
zec<T-x!5n!$|<*j*$>rK+yQz;ssb!oZ9OdxH{{f<=@hFa#PP80qBfyl-RmxR;z$fH
z7@_0q(SQl<_%nqV<ps(}P3h?a>6hFm!@@`*G=A?#Y8)T@HjrP7ykhixU+JEo0%Fdb
z>p*UsYzStUYY(FaM>qYmbcHZYQHM~bz!>n;ZI!L)_Y%}?dH-U8JS!@=VXSg(6;;1e
ziR`hO1t`x2PX5AnsuC>O4#N|NFu3`Da6KY2=fW?ykU5M}C=4c_<%38EPpw201_{1Z
zw|5(>qoSoPCA-cmYu!&Kt@~OK5wduRy=P4NQr1dA>3QAJw>ez!o>34@lwg7>_!wbh
z8?1*QMCZ(_OQm1<8^7)#=>=(|$(?nHWhZN<y4z(EFEqaK>fPU5zj;XG9fQKIp6`Hi
z8jv^L|J(8m!*je=sALpo!=2x3<vbr&(C5m)o(A++8iv*Kv=ICf@P(<O&+=E09JHkv
z-_hoTNMz|y=SqneM-)}~vd~a7g}ZR&NB2-czyC5;;Z!$x;Lt>CjP?ko$`K-h-E)ov
zsl<`E$IH40lmB9$YAhCibhzw++i5TqJV%Yacn(K0)R8jJCGS8Q9F%Z%=~xF_VWiKu
zJfOhh#iii(K8n<j6iqmw$FHd9wr;8^Usc^|FY?dkn1!>y=U#&0^pq#Pw(diAR6Vpm
zMQe9m&w#lU?KD1z@*OrAt8)tG%ACSr-Q7Vm8~X3sKv$(BeJ7x4^;7*YrzmVgRuyXJ
z95|^$<>-+!SkOUTfd2r_s7xvNCRO*3-SjxPn&p|;<uf&Xr!$(r6eN@DG@M+0Sagvf
zkY~^*!vT5fl@t<1wx*Xu`a2;1aJ?mnQ*|FSPOdn%L#E(pWzk#y%Eh<rV?*4c@42hU
zeniFH3DR|$2E5c{%Rk(_#T?}-K&2_VZ#r*2$Qwm75JMB0Gh?_g*UICE6yK3Gh5cqD
z0SsJX1z|D+vML{w^4{q-DD`E91Q{8aRtzT?Lr+55M;3pz85(d9T}Wqo%8-8VD#hlf
z5W+a(lriPwmx#mGCgqA%B$4d#g=l1IX5zlA9ilwX_X8S1TQgw~;1Hn1=0+z&44}JS
z8!ti2SLwPa%;WOhueNmd!{IoVTn2&cozB?TR-y9JA7Gkh)WVs<uz@y0TNugBN?0IH
zSd6xwK9}#noLiF=le#Y2>n)f*6+3s7li;0WLc1<coE``vROB<w-Wd{y_xD`q%r+ej
zm!KrQ72jjeYK93Xtrh^R%p)e<)$H~HdK&UTa<ZGBCH!M)DjIgBD~h$Bnd~2E?z->D
z!oTq_fgr<}I`}sQoJq_JQglye-Ecpxh_I^>Gdj)NEzN->5GA_)@Me7UDM?D&GWTO*
z;$Se?6SYd|m$##y-s3V#4TKewQ}Et5noG-_ph6IEhfx2cxDSo{X4|f&KF+h!(l*tL
z40-fE2NZLuM&TS5iw63e*6`P=ps~&%^t13P#QTY9<QJOezq%C>Vw%~e@=DW4OZ$S$
zD%wmwE6+&kNDi4J<W1{(iUELZDE5cJG*{aPi88Ec-~42Hsnn7Pe^TfRB(&EhM*Y9g
z$}rK^YDAB8O|Dh=YJ_XHsWFQc9Y^$EBJHKyhHVm?vdqVo)QtRI6)^JZ&GN``L<a~6
z@cey`WA%W2^*uCZnt6CQg98V4hf$0HaU?J;1|o_3sVR}l`F5^Gmb~Er1OC@sx$I>1
z+{Hm+s4sJQ-?lXWKHVoXHtbWZkX~Cunz@Y8ao(3i<l1Wg{S!Wl2EDR}PPpn>Sw~hE
zn-NhQ_kQH`EI=5#e}n~Nd)$P)8X*F{)v548>c(dzV<cQv1Mp@_u|s$+(^!?Azc5V#
zlDZ$5-(FwYGr!8#0zO#tAOWD68KZ}uSq<I{30s1QXq2vL(pA$t_OF!a(=ThscM&?&
z?`t!@`C2M2W~@kSPy8XwFDh~SN4Rc=GF=euIGFf7D&((&;vZj#4}`Cy{n>k>?ESiW
zPE&>9N7!S0^7Wqt8#S0&MAED;s=w85$GpL6UUnoaZQ6ywk<g7-5BxBDP7|92&m2vY
zni`m>Ro-n7=sT0Ae|9}%(UP8%14)l9?1ydPwjEQ~BH~{gw-JD!aK5ivCLja@At9*V
z&7-3aMB_>3;yE1F8yQ+<_1<lOLe7kHb^Pi^7YGMr)KbE|bpddoNRL~VE^-Teg25s0
z7WyG|2|_aZ3(aJa3Z;}K;9%NLhg3xfUmT!fAU4$<6ae_g#eQvBSP2rJ(sTAL+4<&Y
z{)k2p+$;8^qvF_o<E+h{8?DXIz=a@Z`~<l-IoJQ~0y>!toZ$72QF-<~UZRAP?!7H>
z{hRA}`i4g(CG>91G}^Y`zo9d>`mfEk<U4Egt`;lLWg_dKazysz=gYPTR}`*)mGSXz
z@dHq;{xN8uO+Qr;0bdo|_Mt)7wOX^lNExnVE4sLEnnk3kH|ZBIeHoGF3+mfLT!9f&
zjuq1!1<J(tt_wLtJoW{CAq_7>lh@RuS=2D81LoLcZ>l!di0FisjdLcOd)$XscqZ*f
z{2Ln)LtHDVoQO!ZA@4>`4|(E0ak{^FWotiVG8IGK_MGQ3SuYRJfMy@!V8x6|D}L+5
zNZ=6d=JmE-je92F#H9E^*AIv|OMq_lIr?~;d9yw7JEvdNncL@mWHmJ^|LcoPCnaO<
zh)Y&Ltb21`!kAXg|Dc10OCKan@V7PBWA=ecDT2~TrQQPlW8Sp=gcY<EHB1QM<%}%1
z<d-c<GzQBV5D~Bs%*RSGl1hPwfayZOrk4M|CdCVg3V>~s(Gm<<xiaiX$|Fe$v?Ei5
z4F3M|Ayv}t@EczR9QN*UvnJ(`?zZgW#WHk<Dt|vr>i`POP~cW6aWI@YOSWjFAzRu3
zc6V2f7ZLUxDFUAd$ORUxO7NVKX2b*7Q?2qEuFTMAxBVCnmQVY#3tTgkX~gbqYC`U)
z$8jk*R>EG-qK*sim)WZ1tm-!l)Dub+5lTpCN_r%+#0apjlh&D3w-qf{Cs1I7zjkc@
zRvD`sH+sbx;?0<`U*Axo0fbv6g#e8Zfo~?yBd54UsDx>m`NBRU1=(2!3|-}xzcxS_
zpVYaNzIBt<OxoH3qdy$uzyVxK6=dX1BHvw-J69QyZ9SjO+@c_m`F<20C`ft1f7Pv^
zkqZ=Ny7>bkE;6LICF@goE_3+xf&hRf5-iccQK}tab7*9Hc9S1{qe3ANSVF@YmM<P@
zU<KqA-RV~Vu-Kd;0=Hy5RLW40KI)7z9g`7SCtdvkNIgovQUBby*WNasqC$Nx#MtfJ
zGR=qIhm0FhXZbQtsnMieKlYZhaUZRE9ygV5EOv*<lf+pXYREw4_V1)#AdR4rueeQS
zgV0Mob?p|%7W;-)r-aN|V+FaJBM<}`<@4!AG_6IK5JENy9PqXZd{NWankTn!5JAf8
zY7QBl&R*VCyr$L`jIl<iTV<=q+_>TCOzAj-SzY~xr}1D&vp;gX0JjI%m2ug8@HONr
za0?k<p9WFUhGk%kv$q|MD<6aX&)68@nF~=}^Wm0H&h&Fs5tw+4aX|QhL9tb+tIk$q
zpDJ6koCj(g<mC0nDv2j~R-m^Vf<AO`Re%8_VT8wjmH)y*iMMB4eT=ka>{iB}1C3*<
zvZcP&9bIu_2z8rdF%o?l0o51u^52b@!F9PnhoHcDgxbI7AZhhAui$0-VVkqKj!mFY
z<<B^t^!$4o?p|JY{GC%BavGSE<!4*^!8m*++GXXc>SO@x&@OvqbCvr_G*$Y!a3?{s
zXCw4st*QArXYU>v95WQbh`P3tCSr9TjuU0Uq{=i=L<c+)5a}ce-7Y-{nbuO+P`$*E
z!zs1|ptVMAhmo$}AQwy>%tro19i7_i{v%uRh;<1d#^M^#z7D(Fdw}uRE<aW4tNG08
z0eEhY*)%`sXoM~R-0ixDE?NYVlq`et%<>T4I023*{3(_NbV5QNMzXeM=4k`VKzj8G
z5d_PjbA_9=Dn?>-!3r}8Uk7N2d6b5brW2y;+J`h#|K4PZ(mj^200tn6?*7<yWu4&}
zsNviyhpY6!?7fu=df)LX!C$Rh9aOG>IumW9R8O1myr6@1S6@Y!TB6$E(3MxU$^{-g
zh2r{`+ML+APQgo=L(kD9<1V;69yVr;5PKWFXA1UGK9t-e%w)qNF>_h@e1r6QV%AaY
zbW!_*-`4B2JRSjhGfBSI!%FWLLUPQYdqF$7M0TCS2bKS277OwM4`oW9Y_|)UX`B^#
zOcrKs7jtK2k6#&B?hAZZG?Z{^|FOrM+W$8{qfo+dBlt4wD&rd?D;l!kXKJW;Ut|6T
z>*XU5%LHkq<`$(2Nx{4MIPftNR=*mZRvaWGyM4J;zgu7#naP!#ekLG*CRJe6HnkD{
z*%H;NZpZQqL^+lxLZ~|iI(Xx50@0Q5V6gE-Kkl=CjohQ#DsjejgK2p0W&aS>Y>Iy&
z-+RWQ;8mNa+VI@v>Nh{ju+$_ajnoZ{K+dd3i8Q1g%RG99slI<J6UfXhjW1d2*fnzA
zd*;NmP?oErAP#b*GT}RcA#Yw^?$C_op#dq`%O%E7(S_Mo>IXT2ndVJIbHU!eg-M!Y
zv7W|Zm{D<W_7p_?_gEJ%^H7@Yv;=JsjJo(bbPw&Ox{xLkj*%jEtn7^=pqS+4>{{YY
znUJm&79zxbi)J$Y+w90mP<+3HwiZ&NI0ZKaT#$YIO-2qy1zl}%SC)F}xQ&T5F=z1H
z&j0c|MA44+aXF@D^i6^E1&c9&9w~$ZHB2aVe?y1>AFe)B`5X~d<+NOs6`7G=IMSgh
zJ3k0m(o>Y>cHCzKAQOyNP;0fX?QGQW$z#|QW(Q#TX)YlwoQXysuB)eHQeo7#yY3GV
z8uNH)Ox%@#zVxE9TIXa}0l;W#_EiVF7_*n(b&tMTU5^)TmRyJu#_z7Wf#uNoEA5Pr
z&(8F8+2mmJvNDfzx(y+m3eAT|tR1p9{mK7E_7>Sq`i$bG0`>j&;s`fOKS%>px&osV
zC@{JzwCl+ETPX<_&kr&OG6{}$f=%J+*v=f&>thuTRf5N-)6i|8Pd#>lw>ur>9MdK{
zoGHVq1@u*)kRV=Es8rP!j2tu1tILwk)dlxHOYfCBM<k@D$15H}jP`z!szL(ZkN`K1
z!SqXhH;0Ug(}D{4QW&wR;pObHhQ4x9@GvD7MZepSlqNhl_u4o?<nWg$U6Ij!2}`{j
zv)zNyRfqo+1J;w8@}^?~BQTkI6!AeEpT8d6s(HhjSJ@<B7)|4d^l5jh*ld<$=s8gz
z%c~Jy^CTm$uK_ft@f7-#X%cP~Q<4}2PgmIcT7^P8KuTK`ZJPWbGZKwW$iDqV!aYO&
ztfSpe|0HUfTeI&uuPxw{tu6_SY2a2d@Scu>2uHN1*W^(4Llb#5g>lYiLa$e#@qldP
z(E;;{w)OUd1gk)3!N=o;skZ3HQdPQgKkDwf-?IJ1UJn#S8D(%<JJ*0r{DWVDvPZI>
z%wuXWiIV&;q>ezBsrBRc*lKR*l&aJ)+fYc`!UZbvPtW7V`D*@0MSP}RVw&k@^pZ6W
z`^;FRryrY*Wm2sK1g}W-pEWzW$JY?C_+yrkoPI810L~bGJ{M-Rxe<wHy==WLHH4YJ
z_(3b>fccVV{b57`0%OqDvfm`eD#NGSJ#<U4V?|XbTm2gOKZ{aSjA#zUx(RU9>o9IS
zGgu)0`5}9^+4bIDs!Ht9gN^XAb|(A#nx!Q@$Eb~I|19OCzCJn|2!@)O`hx96=cO@W
z=63=VL}cl#u7X3{V(u%W<PnQZ9zc0UjfJ{)Gx|-!!(~pEDUkVs4b@P{ndJ%Yf{HBn
zGH{X)&D|l^x(0Qk^;F&bA_0PFG(kyy{I`Om5Jm~B1V3%CHK8#WGtH>A%}Iok(l!VR
ziB*#wLX$Mx3QcYh^EsI{GD0b}(8QqJmEMeBm*2{|&lGFk;+Q{*SsCRl>l6v8ZWA+X
zv}h#h5V!3IS%K#G{xNXC(wcR>8j|}yT4}Sxb<qwECAZ^ly?KrH(mo5iNKX&-Vucwy
zX~s@l;;``wh3#(~%5J0vd1GRHp-BKx;pcp!_aF<llldY1WJqysV7JW3Sdj=1|8s)1
zw;iy}*RdSz>rr}h`Iv+~vT}utK>$hf8psFZx4R58yHWhzQTH_DHEy-tIqYF)C0CP_
zsh0cZ@OpG*U?Mfe3!fn5au<5E9S~7=CRtNO;n2x|UfOoG4S`9+(z?U_m2t-=BI`Yf
zkd)X%kXU;e$iJ%SRx#u^ULzA6@t;Z~{?|Au6R&8vUDUYhT1sObaiD3LVB8haP@`Ez
z!TDa_Rd}bjn3$Y6;v;qr52X%`V}))?c|Bk<6u_5w-VUdbgDU!hTWy4ZEgf|DD|Mv(
z#=680ltKnND5->)$1}yIKz4exMn#^i@u5`r5+zENJOc1<XLQnQm7|cm)T@DZ8HyvP
z-|7KsRuFauQp828^D;yg9LnQP;i%MM{z1U0)6q#L1pjUrc~Dzew_BxXBf1gX;v6bT
z3lZ1j&Jy?NtrLGlJKT3#Fw(BAZZ4rFP&=OFqW;{>WDm_1Y|Z01e0?P?xMpOpl@jv2
z<s+=*xeLBH4F`<-M#}pXB){rH67+K)P?~so9k0#5opI)?p%^54uDgQq0&2tLo}UEv
z4KCj~r81huHqOlT4Q!rmEPWx*)LWuVY()h}SC6aq@P02>kjt-CK>0wYw=X#s<f7iN
z8NbharM=!=*y%e)`o6`?qmc26WA-W^wSlV`ABb_m!nC5G-hS4oS5gCQZ_o%fTx*9j
zcwSaD6$}}05OXSg#n=iuK`nof@?TdsTB{G4uOe2p6M^5Hm6`zzw$UAAFBJ`&{__>X
zaDk0tn~JR@oUafX?*TA2HY))A=gwD$6O~v&fh}z;aqwuReu|+_X!NJ3>&;uw2v|?<
z%IKVcKWQ#u6tKY)|LLi}(`Cc`3LEQ}xz6mhAzi{>K3h~66ftUdZO!*OJ@E!l()ahR
z&;w&4liEhSE?$uthP-BHA>()lV8Yvy<B(j?{$4c;$?x=sXzDot>Az~7`dt+S^_HXI
zytA6G49k!@;2b-!I9Hl>7Rb2}rZ;p^#S8_+n}@FOMW%cJ8K9_St(cIOJ`CPa96iyE
zG|>PHA{rfpmB`q3OSbS*(Bb1f;*?%gPbxX)eV$W21dW#a4JQXmqQipqFW8li(2Dy`
z1RJ5Xaw{aVAeJ@i{EX}try)ajs0A%l6V+T#oqKy@{v`%HnZlObut6bEsPWakLSkXW
zOQBXZ_T~m#XAv2m_j@Jc>RJ@*pxDBAenhKv1C=6LQ=;EA|HPSQ1Og^DnbrM978*iX
zW?ijZ{mDZpBB0S)*@y*JlsG+PUIJ2!{grjhLUXwtZb;h~8+s`SSy6tf#;N_4psO3e
z1MBnfYgiIPM826%<vgZOd_@3VC0kgtK@>rUIQA6^a4!(O8u2LIUIDsl+Fp1TKfRKN
z#4Xd8Sm%g!;>b;s$(15a6V}Dz?XZVA52i;&A&wamk|sW7qGsOWt5d0cq#}z9{J7o+
z`t+Sb$OO4${BgzG88;vPPHw*B7QME#<fzN}Rizwsx5uCN>S~RH9D|;!(F^T$yO+G)
z)F|ar`2~$tkLi>pEh0BFWBs(A5!4!~WB&$&KSOUTD`9ye%M`uCtV#0-1`5gmGESmt
z)?ACPAXrc_HZl;j2kSU?ySJsyKnbnQ2+cw1$PmM-%~^rSPlOupb@1#+>>?u~J63=F
zY#}fi);X=rN$^6Q4z^lfSJA#z7qMv5zvdr&|Lx89%J70P&!{jEL>H_Qq5Pmmeg)!C
zkgU2Dw?=CJ9=dMUNt(9PDR_ez0q0kq`LU>iZ~x(X(Iv$JN^c1o;>TcoN<ly}2wG^K
z1qTlaYA=fjn<*wC-JFM@Ix9nhbsVI;HXJ27-7iB!8<stadWW7g)5pv?i$Mt~p<Wh0
z<XoDcU?$wkfnfO(qjX&t2++nAeLZ1t7q&f!5}Ic1S)r;L`-Gx~Ut2=S&I?*sArRvu
zqf1w!<p(E{^#j%f<Gxd(7?Yze1?9D^qN=Eo(G*$UlSsKPsZ^}^N8wiD%Fb}2=)Bfh
z-BbjaW8NL=8`Ajb|2%c5m&U)oQa@71LYK3K)r+BWN~mWF@u-DfNe6531N`dRk(pDb
z)SC->5g#R`s4&yjxVNHU24i$=$2n4QNr4j4u91eIgGZIeTJ=Er4ErrOvhn^BUX2d*
zRN!G#D(_3lg&n&c9`T~`S_ZyqN5J-S)R~X{ygtXY8=7&gPvz4>&l1_HtIAK95wPq{
z&hoz87-&AzjL5kAH<Xoe{rAaYVk9#?r^H8Hq1Dm<@WPHf4dVv|%i6ld%wp)rT!#-a
z5kWS=6b*~%%G=M^EiKE=L}<7bxEm%+>qu=r7Ty~(bmRbv*djC~dub`es45nu$10p(
zKdyx}_+2ar5K$zQ9cF>{ar@ST$}nzTY&J0zjhG4YM=|#m3#`8-+nb)U0oyAB9q7I{
z*G8QkfL&RgW)(xf1@geUVjD+q-lEq`3bp8+>_9LVT=C_TMq``C%`G0@c`1;AKG)08
zbm)v}IPD$Y_;kuYm`eWB^|V$L2TtAZ6z0w0PQx&~)|~uGAU}p%6we(lYK@AKzKDWz
z2pTs=`v1K6j8ZcG5cw)#1luGip;_EmpD3ngO<}b>jtd#ML}npPZs{exgTVw(L01#J
z0`~x5ZHTD+aibPwsw6<)65Ib6S>z&r2F7*L10;hI1;77xl0A+|tVMV)>)ei|gts{}
zrU$&c%e#Ue&6uR2xmyIIzS^yEu(HpJlZ}RxNO+tdNCv1$hpXBu5`*dIv-n$*_Ht1+
z(aqQ5e(ckJoXBnRq~$++Vix`RE^#dyXl#^Hsowj$OAZH57&VtiKzB6r7=IS_KC5(u
zr>BKzA&NWIrEWWE3on+hKpddKJ6veGz%BbJGaman0SAm!kLaMFWK3rYp{&_ZZC#Hm
zBe1f&Dcu*|^YHMYbh+cvydxMIo|5Y!=+LzY^53NQVp+bRX%JSxMlABLo9{^IErcD?
zP)G;Jm}ut+1|*F)7)>^^CVt=OfB<O+0mz_LA(yX5y7m-RNJ@P8ZYRK=fsSt3YkkJr
zsiFbho6_4J2aV0WtJ$ISjHAxYB)uwW^iQLwZQSPma9}-h8z^Qm+MN~-Ic{(wb|)y5
z5ZZQ}f#cD5)qR<^G^ll}+@$)Jd=uTvtT_Yx!}R^`OQ;a)7L48w^ee*Nf~w)5_l_Zp
zG_vS&dnciWgMufwYonmgamgTdaM(^orL_|daav6%VpW!=#wfjEj-c+?GBQ*9_W6nJ
z(zHPEgeQW-m)Qk#T>$?7QQmbvEf<^o6_3HVI{0e9vXzQRK6P)2!w!y|ez~*AkRlQu
z%pnCb0lULySOany1r)WXc;s2g8m*aDG%F}T>MD}YjerGHBImW$fdS(C%Iofx(((?h
zfq)gatvO!(2zadh_BzT+doHd;2i}0RPjhwd9@**0=X-XW(4aPIjKf0-iFUqf<F2Mp
zPzGFY-3;H#ZpS28w)Kx+2MP&mNIpAvo5H+6KT;Vx0(~x<OkxZdp#09!gAD7M<&%&p
zWkMeMn~6((l393JlSSyuBHJMXc4Q7>>RrR>uI-U&LoAcaZiC?)w}5GK{}9DY@>*!k
zovt^R0G}RjnBGObevVkzit0b_B(^(jic0@=YqR?$>U05D(M*fiAvTs|8+&2DnLccL
zjW2Ua$X$Vg8bfdpmU*-)grhRTr-=y^(Y$yyKP?ITbkN3;@Kf5MQfC1L)jYo@fO_0U
zyZrmyt6eif6L7e(WgL}-zcL>X#32UXG$y)44gi{ITz32-A6vG`qmf675VW}z<|`lZ
z)k@D==Ojh<6tA8okzQ&2B%!?MKQ3p5X4#s8O}!Z-!f2dh4mdQ^(^;(f3Zl}}fj>Ui
z?~IYuS{h#$TuNk1_t~fYw|D<rum`V2PmZ#I?hyjp4N5nL>vr5^JM}@uIUzl0*q}4A
zq9SpjgOGrisKJHp;85R(>s^(tip_!Ij8vYv)R%!Tq8D<M7&qms;$A3=DwD>v$|nM!
zxq1i#!<dM`!E&)f6-^me{n)Cl?E<V|^{gN6%vEKo1)Hlr4OUiFq837GPsbqWD)sgy
z{!lD=M$>+Kr|xCQyh&e#o0kAQuv!$7`c6%6wjH7<WtZ9@lVicq)%tTOcS)kiAX#lX
zm8wbVu?Kt^E&^|^cLtz8JgV>mxN6ib(M_5rywqUI>T+`{sA(h;@$%~DG`iVPP!W*&
zcOZrYzK6B3=J9T88uQU31*(6=9e40su<&Kyktxll@;Yqf*n{!CK2$GZMiImh|27P*
zwiclA%)4OoY<6iS16T0GTL3!3iC^W9_JZXrO$9+_%8`1HcydzbQM%-oV>^C`A9Q>t
zcO*In`76>8+ET%$Ph)MY1q-ftQEa(j>CJF?m!uquGe~5zo*`~PkGA3lZ5VN3-XHcR
zEh@yaVeh(5z}mK$d;e`j3<Ph*IRs@vwYm4oV9CH&-krm&wQha@LG}a?W?$SC@tsnD
z8yC7c87R#Mpk^IW0Uy4j#Rl6@ZS}b@Uc+^@^&j>t6)4%03e)XaAx~UqIG61r$dq)%
zf@rvvB*;%y|2Q;$_!b&Ued@n*Xljm6QR_N|=Zx`qthEV*`PVc(iTDh}jC~c_!NB!k
zg|^!tifsupa~aL!LWMnwRd47DUVu08LrkYJ=S6k67f-u<NRV#-J*j9)wV_ZA$XccS
zmXtaM0-~G;`}R{}`f6II(PdpUulV^o|E@?nvlWI_$>vTxg$_exuqif1<EuZhDMms~
zow^Z#KR<kDo}x{1gI1WMa-SII-rl}hwVf?-Q7^}l58M#2L1+*DMElVHV>0|&Tfj|I
zSloH`k_n!%ukbwO=Ta&F$F?li#-U^fQQWXiKj#P}$cm|S{`8G)GYKh;y=AS+LpNlD
zcITzd;A==P&%p!jGw|SZa_6Q|xKpWJ;!Z&(&b7GxsaDU>163v=wZS&r^CzRkF5XfL
zA9?L%>)%st4gtZDQXMu5f|u(?{t~e|(?BDC$#Er?)WdHLS1dxCXIxPFDqr+t`~6Gn
z)c5L2sN*eA5A;*?`!qny=I}V<ppD}c15_g!txK*ez*O(Zml&yd^o9ho_Dv~@UpZ{k
z?;4LRPAhB2uwoT_&{ixd8|B?%MmZGv5Cnr=NICDfGHn;Ng>U*m?ZRk)`pP;y9WA5z
zbeA1*c{S<CtG9{7@w>OsvBO{G41ANVq<JxzN@JF&@2`t$$V<pLD#ff&Q%Yw*$!dpR
zXCYH=M>Vy|fYt6qF?kOVBj)n?wwJrD|3!)UdyfW0hhj)kFio`VXBjlR_}}`qY8Cc8
z1<t~E|6WzGON?Fri7n5mZi_s)g^YS4d6~)&10bb;wA^U@QUikVw$>7bZd3lNq;I|G
zZsmNJQEYqhG{4oEzR9{F-uz{ZE*4_1VN$)6Y*O_cch9Rc@qnr+D1-04P*$-h6!5`k
z<u-}0VUQfku*+N5AN+(vG|-mZzJDYv8?;cx8zspgJICWM+H_Vzs`*^yO6{f^5?ga{
zT^M^mI&=WFiBt6WYR9x5uQ=T{pnPB1l9&C6LdP0_jSXj-1cb*obk@aEwav4Xl&dQK
z;ayT2Pj>+^>q7jq9aPFY=@0;qS154B>V@Q|!Sjp4H7M>Do}V=(dOZD%yJt9{F^UIK
ztjqW@S6vIhVp~8%G~1oFKMcSyV+NC;pgvfphOJ2n?CjW^Q)8k20?CA`Z?y^aFi8@&
zoXKnbQN|xN#pWaQEfG&ze)M0I)^6%Y><GRwpl6WiHiv&4VLxz~ri}lnN(CI}nzn?S
zQPQ+(P*%!BZRqXb07m4W)7&0k8+$Y|a8VuG#tu6J8TLdXPx^|O4OL7GBnM&ah@C+=
zC*GAc_STfupcRo-n<bD|aDp%#i|+teJF6!O87(9zF>5Q()5acS^O813UX7we3`&5y
z^m2)C$LIfB_B(jTdffq$G{=b+B4Pxb1nk3KD0PhEJ`RFDh6lt)qp0rm9b6wHekkW3
zl1)M<LQOS7$Bpf{Rf>I%WVu2ZMs=#cV{<Zf0o-$<;*`hDtc;slSKT?fR!l@f*p4jm
zD<hKWgld?Xx!DChj|G2RbZ(M;aqo&SofNXYrF4`*?~y5hZrs$RQ$eaEhfCnW#Lm4T
zy&?R{A+j#`?<-aY7+JP@rI`cl=#V~qoMvMNLia}<Hg?lC>Puv^|LQx!mPdb0c`c)<
zUmhj_0j|)f%82Xl4>Dvfc)_|Qonu@i3S6orC7_i^?#SpvPLTC-4yQipMv8~9b`-s{
zQ*sxtw7q5?laf~&iA~L@W@OgWk2WB1A4hk?+EM#e3gm4L(FgS+r6ITs4IsXul!fR_
zFanASQem>TKXVrG4-n_(7P=MrxDo`nA>lTep`~TBjhCP*Lre-x>JoPf<xLv=y0K*g
zqyCZ>O7@BsdO%-agnyEBO8DgO8_O$EKn?xjfH$RPK3{UueL!=K{y@nUl3hBGwyjYS
zu1S;jEvch8wA#q3thL<;G=0`x@!z>ZWTIkA8O|(1|Ej=2ACGNPo8ygee0jg8d}{qs
z)Z{tRybF8xX}rTNP`5aWcr%;!r(=;)p47(7E2@-ExoC<fZYdl=*}YB&2=)sBn~k1s
z7uVgZl?ZEoctJj2l*V7!D{89jMn^SZL0y_}>N$Cp_VRlw{9ny!5_1>!xVy`;2J4o~
zaMG}`wKm+l>?+ZFgi`=M<)GD=d&r@v|HG6~*>y<X;6KvA#&twq0TQ1*K)^+oJ@eK!
z8815zIQ;{6lb{V|%MWY?&h#En6A%<9Jy_%50NrtQcOmH^kVM9~*c4jCPsOI;_hH*@
zXJ@g2$g{hJDV35l>8>|Xd}D&XKl*zZko!auKVRAm`E)YpN9$So7Vh?~>PCrRWcl;W
zsR517f7!as=n(PrnJ+O>dpl{eF)hwF9h(7u$bNRl&{&!fRz>Fmy-P`^D^PvZv_%Ii
zeRN`Xedb|%(Xn=1Z1d0No%m}vS(1|W|0l7Ws(E9Z8<v`8<iqwF3a9V;-YR}T8j!)A
zsa|NW$tr%rNmNwQ_A`Eyrzw)unR#zFiqJDhhzVt#L<RxV$Ro$9__Cxy%Ptrp8UdLO
zGliPUcLZ?$T=2(a01a(EU5?^}sQht^0IIcQRO3y(08^rce2(@c%w!&ngH|Jdz~$IR
z2WH|usX+tM>pSlSW5S5v;4l4G!tFdoK|nov;)7HYjaOugdgbM4*}t1~X~zuz%&n}i
z<YvH~zXMO(;1>Ez(|WAciBgeuKZIHH-p#7czv-7Y8#T#wv;8i{PQAabLo$=7kL#GP
zI?k?OnGBR$(MnELlS<Mj^Ah+D47Ip)%NfQ6;iHk4L&c8`CRci!XYXoDtoEtw@5UK(
zDSZ;K2Pl~qv3JU_8=kBlK#KK&OlXJCwL?>-hcNq#rr|#Ypex<2n55I0>%=SKYwIz>
zj^A#=;Xan&9~rsen?IEC^!D(9=AE|bJ+HXdV<J2@>8FuL|CBk0;@9Kjhw+sRLbu<m
zgDXF;v@hbvf?HDx-b&&S{vu(u*I+gKjd+e_GOZ2%UaR*2A^0$b>T(0a23x^Q4aX<_
z#LV3D`cc~yvJZ$%hOn4yT;LdtN<@(t+IhBLAp4Bi*K;)j|85HiZ5wI#?>Bw1)7O>U
zomI<&c2QLMc<C*h>b`!595CP^no@O@hSIc-w3w1Fh06X7d7keLJ|uXQ)Tf_IYb+Rc
zGWMmtu+n%<h<in58r@{n84YKto}$c~^~;%&xif+C!~T>wUkotf6a{;pP0+oCwJnYY
zzaupnJ@3Z+d+G?V4HngJ+<MpQY-h&+xJZ8&2$xFVee>0Ot`{}@TT?_=j?Ub7sp4`v
z*YuKYNy3dPMZ5@~@_Ck72i%=d3PCZOx<JpxYLOPxprq3kyvHbW=ECPNW*KCkm~uC8
z2&IR4KY;37BT8YsNnVHuyFND86nY8Qe<o7ClVA{Y92VR7-Q}8HLfPoLxx-D(`SJU6
zdGEcRX3b+MtQK*O49?aq+sLe>G`mIw`1f&Q+YYyWUA_;OL!c;&xI5RkJbMo{Ggu%z
zMSKEf_#eT!MCZ5ZQtx6KRm1{W(=W*$4{|-@ND}e3aJC6Lj0tnsc3>TbLsrzlHe!5u
z-hO*&yoNLB9PqwFD`=3~Bg;r>$PO&PD=GZibe&`94C_9+&n>FpI~8H!nAU9wCj2c=
zySVhXhv~~U;jz)B%mwHpBVv1WswS5s1rMWTXX+A=Z*roUc#>=B;J!fs_W%9=E}#%B
z2Im4&*as{YLcm9AS+WUB&oy@f7^=nMryqLs^bn@5(w8ahCihe{Sl3^SS_UILt)oDV
zf^2I3U)6Ffnq9(YD*%C3bvJgMKPMQ#Wq2smcY`29Z~fFq8uMPlonjUS0~o<Shq?R{
zv!8C?jih*{kqhoTC({%F)yEl@F{?pEurx5S2CUAZS=xq*x=3<IC(Vo($-FvJ!6t5{
zk}6e}qfD<c{iyGq4)<R5NvNSZ-_t%ZlM@nHLZk6dK;lL~h(S#xbEYNDnS;wRO1aUa
z1tqWh#U>ERBi5Kr2OD7@1Kz_+!v?vw3A_#FY1=S$1)%3qS?;svECj)!xazx2lNW4b
z!y0)ljmHh@;?Ehc0!Yx`IBOT1xCP9>{fNC>UqPb$?0<U#Ng=m5(uwo=kc`Qo8f9e+
zlIL(Q#CxkAQBG=Ej|1An!sY~ep3hgWWOZk-`QaYec3~E$IrMNUmVhhh+ynM8xye3d
znn2P2>fRk#GbwH-MbbDQ0nB^bb<dmWmHOTTj`Z;2g7MosX4up7x2U<ok35U&HKg=<
z*7*uiQADo$(g%Ubbj#uihmX`DquWK}76=C!=Gs`eWppljb&7$vEFhq>*-^=5%Cei{
zrAhM$>cMPBs*j}kWb_arI|Y4r48h`3g2N6o5@w#~fwk^{l>;iivYQ=v{8{!0ifdW3
z$+qkwFXbh8kkhvRnes|z)^^5JQJF9+OyDWI5RXFJ^zE$<gD_Os%ot-wtk%T-l8!ND
zBj&ub^|3vc0u2#X={@uLM3cf$t1Y~^+K=Nm89ys*8I+R|Z&rHfmb=txfofp|6t9Og
zS1~Rp(g!f4L5Qe<#QM7e9v<o-*4vD#?D#);6>U+j^5-AWyvGk1lb0UtX4CA-!CTCW
zK~*ry(x4;b4>(m?>!8E0FOATh#485bGnJu?bI47bP*3}B?}-vz`gq3FQF!(BSHkGr
z2=Zte@a}(pCAA7Gfp^ULqi&6CO!ljjDg@<mQ1cjPzMwl5<e=0{Pu&-NCC+xt+7};9
z%2JahqWjG>@Jhh(Zce&ColmS#jp3-*a*AiLG)c9B^A5arGnhGdIFL8j4A6@-c6&(t
z?VZ`EV%Izijl`|D*2{4H9EIcF&46O2{^!Xmde1T7zjKgEq12MqIhuz-K+?Ja0Dx&N
z_XQW|^cq&9FJAGM-Bge3vPvAuFLgY+#V(oFFvVM2jk^B^=;W%(A@E;C#);xAIfipm
zttclzUl`w_60fMI;W%cTz(q?a^gvt@&S=or_x?1ESdV@>L;h8j4Bnap|5{`uSCmxf
zQ~G@Q$M<Z+A<V*X4!;rlcbcqe5i*=JnJ~67BN$kGC{>OgEffMJmOZYhNhVBn$I#p&
zAa&S^HFa@IpV-)(u^s9mt~eNkZ>uoy?YV%aL+EythFWagLM@B}4Q0r`&`igdDbK}q
zPMZ3ra0#^OfyiMtUAUofwJJ(5v5?&t*Ly_x!CIRdqg(46vSluuE^D2}ro~iQ_~Tkg
z+TQ_V-xbT#_t^Li?I6dXY&;_T=l+Icw-%esET5q2N#G4SwyLh`z%!^dR`^Yis6t#?
zjH1pRf{))$rtYI76$Sok-oWs}3whF}P?eA|9}5Jeb(C!f$cSJ2CMBL5b&l2&D<wu<
zokf&9)Fqn!lGf!Vn4o#+y5~&aVuVEk4`E^k=oP{z2D-^i=L8;(i-xZ?;rqDpjJ@oI
z9%u$g)iazTD1`b0082o$zdLllLdiZJcFtVYPCTcT|1F%}d)vk5O|ca^Sj4t3w7nC3
z#*Bz7sk2NAQWfX9IwXRsGC42;MN_Nz3$kW>CB@Vr+9SAh$+Z~~m6KA2zn$LJ9(+N;
z#xalD@sY0`tt)JQ+KH<-@KBe{A6t@4WBHn0sqoo*piQDl0g{c8@;!DnX9w8@RRXol
z4KZgJt#*@sXg&5M+2=MncT$*;rTcUQYZguLbw6;DRA!j;fEn-zP^h^r2w6cQ)9{bi
zdD56dW@I`L%%IIPm`iI8^Q%Z`M%vsYl#i!IP~^4|CUsSke|0<VeCu{kY<b;*`%qME
ztM~mA`}V=I6-lBVZ{J3jQI%b3FvmVPS_M{*+)|t);+*0gH3^O58HJGL?QinKR{q!*
z=QJe;=%W|749;7A=sFYNs-)8rw3VcIDDJ4ZL8GuX)=~ef>t0z*DSHoKokZ2)><6_J
zwR@V|B*ByyjUM>&c%t+=c;f5eShmO_|2EPuEQ#0BD5k7Wkh@9LZo?4>Er7TML3&Kx
zkdiez5|0l;o2K{W+nj<db5TWI7;i5HQ8X|47iEq=ZKw&heSN~Qm;Nf1Vi*Fe)<3CI
zrvY}aL+ElQJ`-9lE;w`gc)<8;k@gd9-h9?L<`%F=UM0ZPPm<1{@D?okCcA+yRru#3
zSF_3Y5NLVr5^3sbEWR8tFw|r}1&aUchd+?-!2tNjC=-ML(qu_=M2O;e9QC<c71jF3
zwA)zwyX$5k29X&pL_(PCSUx%S19`-DOIT6^qBs89bq8_O{S%Z|0~ahAC3BOPPkx^F
z>;l7kAUF~%4A+_}^@N~U<+JljBua+Mr+z6Mh2Z1jd{{=skQkDr9+&*C)k4Qpf1!Q3
ztfG3E6xfE>n8^+fy%u>)rL{zKD&ZCJ8%=wVL&>YcsNv84$XJPYUM`e=<g;%+i9tk0
zdk6}P41Nw;jDTEpO|7TTr(=-uv~Wm(0mhl7`_j^5a#Nj@ekYpl*!94EbQfG@Yw(Wt
zbigJx_X_0t*=Iqm0QCKAh#$PuoAkn&O1m4gVsX&jGb`JLAq_XhTspF(t&z-rTKd~Q
zQdMrWp1{7(5U=uX-WII7R`0`Y6ODR>sFsw8uq>JyN=2w|_vFE8v0NckJe|rouOkdU
zlH&5tbYHQ6*?rA8JR#LYn~PT(atd<bDHu)!wv4?iZ)-;2`E(3pO^jh6`Zmm+R0tX_
zfFDEE;9ky|i7!<lqn0LrTnfe)WL~%D(0Gn}agH4wBDA(^6j(T#d&ynt24lDsL$`9O
z^q#E8&T)-+>W`@Dkyy^{hFQl7hk!qiVgIs?qS<U=+nj>AdS!)0qMz)Mp&NyBHO|+4
zcBpvIoP<E(C+mLRPv>XsRJJJdbnCC&bbQ!0z<5kQYVxw9AE`_u(<nM1MhO=yrBG#K
zfIC@VxRo40#a|OVfxi}4i8k)&p9>YdL0_wYx{3P+klzc54}T+=ug>+;l9EiZG+c`C
z)FbjnPSjMfCLzPooAeWL0R<%zvxkDY_m1@(YYBK&SD=n6(|0HkM`~!n9aCK`a#7UM
z{c)Pp!R^k-#m{y@M{HIHdx}Cvpkm1&C-5X0YP}e}cAR8q`|0?x9#in$8ByM%^(j)_
zxy}t&^l193U;YSZnf3Jzc-^N}Hwr__1oSiC;J;LzLSkEf*zbfr@fiTpvVv02cES)l
z`sd*6ISS<=Lsl{$@-)nmM;p;%wPQ4b6y;IZzD{atI6Wg@U-6Spr?L6*^sHJP@5y@@
zqm77HImAyHB3Is?Q=RU~nV{;ahiTAPk%K`InM?FJI}bL-@+B}F$$@CuWmtlsgz*hE
zGRxJTA)D6&dTTSIRVzaRDIQvjv<WC}IIR3bx?~Vjd-d+UOOW%*a3lNx{m3TrQ@RaE
zVc)zS!w~j1-QIb#1P2Dn_E&blh!g8kF>~S;y;_UR(o5=YFX;6%)97EwR%|Xc<65kl
zQ}LMJnXR_971&;IU^1#fO#(UNUUfb)MyKl)@j1DxDJ%nHrKA=^l7=P}UXomQ>3R9u
zBv=AfD3N^nYFlC*lgQi%n`vJ6ek@(@F2x$}3k8ntJVS@-iu2Gqi_WaWsFZ@`;NwhV
zsPQ;1ADGPbHQw5f_m7HCIXmo9XZEdu*Sg^=d4Fuaa}aL5+T46<w;|<<UP1qp(H2(~
zjx04AoILC^Q=sNzRJTNyW$p$I3Vf(Z4RxO)O+`Yk((fxQnS;ZH$TO8N{i-Pqu5W;^
zd;RS(!;Hi`3MIogLB{Pg6VV5s5U}6ikKIT437=OGoo+3A=xpM8ct$)bPy&MYx<3=*
z+t|U3ghiQ;dj;9POcYXzd!o}Nc59Sac$?`E0lK+iDR2#OQr4(g&f(@C#tm>sy=7Ll
z_+VgVWvkl02KeKMU$juTy;JW5L+9{Zt&e(L378$tI4uwwydrtxiIv)eP9iKpo(+h@
zavHQA&vuQ7^pH8I04(G&`4GvvbLm&Z2}ezpuTgR-?_DAr>7P>N9?~&BtIuwO(3rSx
z=zLb#Ku`-k)-(}1J-6%E*+RqXVLMkrX)3CDWcqoAW_IiAAy*&4ZL`soL<obdtBEQ1
zA+O05=3e@kmjlWT6N&P*^r9;Qc#vi<P*^cpbc&MtbAU5Y^`gtVCCvfhKoC*Vy+S=R
zH&1vMEpZ}`D;I0a@js|ZYlYp7Uz{1XKAw2M?biYeu);V50NQi@ze^6hn`v?OT{vHv
zW#vtY6nPMwd-flL9KSGE2_Ytj;1QU(SU&5NizskT^tJR<K&evkXuy1)uET<DKMN^6
za>i*zpLt*aAxRKH#T+=8WcN+r8D(GSoUyT|HfC3e<dem9hSF)6d`>rdBpFWl@D~>!
zPubD%b2s`gk7flA1GLluqFO1xdM&I!Z|*jgqXKrXNP$*en7y3qibN<WsYbqBKzQ_s
zoG__HY(g-j;n<`NDJI`l^U|t&AF94+$VLW*HW~Jdt5(^wYeOWf_SF=#(T3E}lWEYY
z_W=sTqOXQsq{`z@m*BI;U_it|R*lzc@XcNejRR>$2~<r?D?m8fCK)xw!$BX!K~jT=
zXl5y!rTEnkgpPyWBB_I@jYen7+riykfQPFcE#AepzkiXhhRi2NtKf(&tti^g7sx;x
zI;~-Kj`e{O*_EiMuar!J<$RQzZ>#1><b^DyBcR`|z&}9$-9dEdoA6c!-nS-i%p!+(
z6ey#gdL%YtXTG{vdcj*Z6)cNIfpo6jTy5CHFG{XiDPe$-RIk%zmR$Zzv-6H{UbsJ)
znfvCkp`u_KKdQu{xVXgJziO2_dDhS>7b>+p@i-FX09@E*<acj7oA;Th8YF$on>b)h
zS<vOdfq1Q3RF+I(<xQ7W0tL}%>Ns^Njo1HalbE{Z9*1K)Vz+r?69E`fa}BvwA5c#}
zl^Bggu~D_g35bG1?<k4=YY5^%{MDn6{OpLV7Pu&`al?J8Y0OyD_v4#eacScCPd^+J
zbA0RMq)+XjAXNrHj^@bm!MaGxZ~1@XiTA3TI&^yu4Q^glEw9QV(#W2WRrA9+X7@oE
z{bf*-gV^-hZdaurRjw<A+X58dg7vS#TUyyReSRw9FZyq*q%G9lv+W7=3<30gXR6%d
z9_l4F!GxvisNdUX?2-qZx&+Lsv?t}gqmH1>;f96E++nP7s<Ho)=DVZ*19gcpPQq*M
ze6qWR3c&0=0G0W8=CDdT`JboDpj?XycoP&CiOt?nKU}?wrxk^WiJfx!ncsIst3d#i
zVwqE^X0^<A+YD^N*VJM|SYJwsG1?cxl28k-FV@)XH1Jy$t!f)x*?4`PDuU@tYUUwB
zyp?lziku`mDzVo3ug&42f9Uf+p}_JnvgliKo*OWa>GM}W>C2oG4$HwmSwwsPM~2Jc
z+oM(s6*+ES5=g*>jON#9>fij9bHSXF!>z#`V4^no{zUDbnzWa%R8Ma#I85UeK=oem
z{Qed-1lCk~VNTkq<^t)`VO9sb&9IC97m&R$l{?2H+4+`jA=yqGq6rtlTzuzEoYwE6
z&)*2DIq!g_OwEbw#IcAU5CrAIA8hj&(#~4lwom_w@}8!izN@hnPw(r`Gc1w8R+64w
zpxoFSIf_z+E<3%{l$nGQZp?0fl6I4)srY%`DC8=<?`X5`k)kx`H<_gAMMa9MVoQjN
z{)zoJG?5zG3auQ3AqH-pO<-K;8`Z>*+|WeD^^puoTKqqKgZs|=PJ@FMUSF^ZcF>)w
zeJ^{9Q0J8a-8QyAk0A3L_4aJYz%*t2^L&H<XbuQwWe)$D;oy{wQ5@rFGdLv45x}pB
z+l2V*DxXFCdPoUM-K$D=rkW;VdNH};D6b_@V0R?@g>DK(=r^E%3u1SmxGfj<+vtRY
z|FQm9=aw_winIT%Ktgj~=r*$TAXt1Te(Gh^01kU1dszA6cAQGu%@7)GBt2@ZyeW%k
zW7~m2Y2)$ub|)B;qjNfYec1T`dPLr&oM^Ixmbv(oAjAa_%cX5~IT3h%^Ea2f@Rv*f
z!pWvG5Nx_{kMZ(na$*nV9V>|zWUJ7ID^a`__pku#Y&2A+eF0&Gn)DmU(nH+`73Az!
zag~<|$2qryQ$D5wZPt^@dZr>*uVF_-p#;_JAc$wak&1(kt8J-3&MAwWnr*M}rOQev
znynQtYBnw~DzXzCDr!>epI~F|%_Lt8ZHQnsNqRd**JTe2z`efQP)47jJHmT?Kat07
zn+%R<&}&zZJ*&jg7tCF<f997ywT#5~1b}?%hUiNSV`K<4Q}ZdZNN(VobSws~BTH+Q
zp$TCqiM$FlILVTJPU#4SZU0jke`Ql7U5?GjtA6jaTo!t`s@i47qZ!`8rD91#Ej6fz
z6rD*Zn84Ok%<X$Kr*c|*-6L~0D0{C|>uzDc9uQfdbh`kwB|mlsv~VZ17HLufH~H|t
zeVS1Eh?f?<$c;K3pFy8cy%oi612smET{{Mw@yG%(k=f0r>f6$q_6aY#Sp6^Zq#VE^
z5mFeysq|H35b2rqcH=G~Gcg6ku2%|^kGm)&(dk?hR6A2KC8Xih()KKf&;wjGfuJ2A
zC<uq_DAAre7~K1);fGVv?1sTf3WY~QI0glai4^$)ffx1ZYN>)RsjDCb6(1&&^f!-2
zc|Ee7V}MMZ#j;G1pMgXurX0Bk$szM-wj?WTwbW~)sM~PiKSI3$@E=mD98XmES+%G&
z-)FWKeKS(J7}X1ABJ&y>fvwqyuUzE$cfe>Po>gA^UM`1IdNIH5a=428<~I=U=b%Dr
zS><k|JE0lRWy+q-SId6?Oyo7eV0}EZDxx}Clg^(?!u5*!dseI!tvET_OZU^wJb={&
zpQVT3yB41KXqWA&-Kqv@PfLcE09E8swc87aDD!4;X3T#%2ycwi)t@K2sv2MUiG~j6
zveyL6so{y=mq9G4y@5=!V{8isIDf|4HyyC1>mT!z>2R4v)~BrmjHHQh@k*t*GVJNF
zDH#TXd(hG4T1`Jcad7?h_l7JOseh<@Q2L|5&Ekf>bjmNp=grVDVIcDHTy`uG*hsfR
z3!?-R#7$(r&esZ07O5RmQN#-ikB$WPJ!7O{bTLBG0RKELjgeA!S5eDRu8I0Cj}==J
z`?EW64Fs`Z$~{8N^cC*X@<r<j%FKs!P}G$qw~zG*!W-QpE!tkw{v1?@*v`Seu%vvR
zY%;3l>ZYul-<{k`=H6e`#6xrjqMw46{otOa|6elKIv{nNZ<#K(o(hLjF@r;Yq%!cN
zeeVq8G(|#4cpoF4&tR&Desng15#s(&GVDOP9zqao8@IX~+040Xu-d~yKRS7f>>Imt
z|B+jM8Zv|2>=md{euY*txdlssM}{EzRHZW4#8j;BMpYtXYqzP1ZCWVLZBNu70bLnY
zsWL^w>|I>wy$x-%lI!0otl{_U46MKjOsXzDiH)`t>K%Ur=Hm-`uXwD~XD7tWaP#{I
zx1}nG<#I5K*30WaMRk7*g-C(4xu3;XJ5Azy$cx0T+!J#Qc{{L_GLrNxaw?-svL3wT
zFF4ctB^7FWW`x^g*=&sdP5m!IHTOgo2EyUcBro9HxO$~hTdA!Z1On;C><R`2{2h3k
zxoUyZ(a;lmZjvQbu6r)`ZErAf^tTvR98fR3^pB4hI7WmkR!sElsjJ{+HON*J7LZo*
z)76A5fG}b<h>vbiB1szKvBZgTOOWVhK?P%&HjR=eHg}I!aOfysvc3RlbrM`w8641^
z_+&?Lb;Df6PvEWl5kiTdiG@I=#=_+YU*}?6&u3FM0^Au()1+>F*K|K~ai)i$Qp%-R
z%tNpG!~hOniSN>!^i4V`02ro~`!8kr_M$8cwAOn4<4KHl;tCU=f0grXw*^F(J^*e{
z8QP89If2)9VR9w=$Pmo`96h%z7zsr%y=iHc0;)UGonsV15GekN2Fw?Apy)7;7PBSu
z;EG&-Az0B7RCrman_bUTz`Z+IWg?_cqOql6E5j$G7-Tfd6Og;H`j`A(qCWpM6a@lP
z9KF=92~46SOZJG52>`7lbR9p<!SnV?UG;I$vt~2c$u}DL-3k%<{*YydA40v`m$iIW
zj2nKM*0Dfxe03b4HCv_c@@--U9y05k0MS@>dW8BWlTZVjl^ffEgT$ZVsre%)#E>_s
zkAcxFYn-BOP{X#qsf*lv>(V3C#+!MKn5(ZRO2xVR97qM?lim`b-~E2k2j`y$NWq^x
zSx`2v29}v)!&n`6(}-MMX1ED=$B~)qX?5geK6Gwo^mjvARQ&@Sx<Nuo3>l~?(Digh
zvpujb%q&u);rKyfBuo2xmXgV-4a*?TRY9*)4dPQ3OEXYa-REHIf-A?s6{0o9D*Ax~
zpBHncuxuC*!f(9Qo@=c~rV_q(7>q*HMiO-?(xp1@{Lf@+?Wxu&X0UUloh@3pVG|ZN
znpZbopSQbqxT+!j)KQ;ly>Mm|oMZjvl3!h5(Lp(30z)m17Qj03Xv*R4rAgwq`xNeo
zI`s$*0Z$Ne-zD2hNQvsD7R2YX(B^(&crW!6i67t#)9%&{^8({X`+K{GJkgPu?lNc@
z>=}>osHer2b*@4v3e+4PL;TMXhKpxlo|D`>o12*n8+Dda8q#7EgdXmT1L0+rruq7$
z&b;V;NZL$~y#Voz60BS+WfAeJkHd>uV}}@)8xnVU>>?qS5cj}h_>9TPJ3>;zSh5Rl
zvu0^gh!yWXz_+G(n|O^L9A&!Ml$hBVS^siy$9Lt9vt57N$^rg9#9+}nP_LIs@mGzs
zw`x%5?dbPlQ!iI1l^r&Pr7{s%t)f-q?w-}3fX14-8LutQ_B}yWW(b>2)bvs8pVycB
z?9=K0E64w3tWK_H1Bjf1O!q=K4x~aL8Z5SEuvJ>$)IA6|2JvyBhlmEkUrqvfwP{=L
zjLl{;9`NeX3xPDWZ7Zb~MLE9NW8AGe2Viuxhn9$~G)$Gn@r37%djY6{ea2O^vdKoG
zA3v#kCKcCpHD=)na}^Vm3UhiEn8+cR+Z<?cgg1oY^jo;q>gn0a6NwpRZ32`^pfO)9
zuf~o0VpTG})xJ~fv0G5G3KR`a_i6U+>41r(Eu2>;rYr7LB!laYla_Ogqo*M0wKbUM
zw3w5$XjD$(=}jsEM72%;>?oEMUhW~Il#u{G^CQ+tEE~Gp&5&$m0yBK&3YX|jPJ>$e
zjYzN5TitH7G07tJKqwjX5+BQ2RGH+)j7Iuht0Iq*Y@HJ>tD6Y}!MvVq5K%x4F$0dC
z3o1X}=kvopdAbBnJCF1bz|)V;Or2rfS+pZf8~WO|R?$JGdR?p`o1G;<R{G@!eA~Wx
zCm?bG6lV{~J`&!{0iW^>FSyl!aU8tEyYv4(5w8X_J|Zm2WLUGgQ?1V(AgJ0)wKZJC
z7gn8CgeAln(ln6{S*ki~EgM(45oCJ|zB`w{N-T<JN1!rf>rsxAyMsb<NTObsbdJtZ
z2WQtN`)_bg1YGJF`TTz?0p%;X-4Hf|4e0o0=0|Gg*W3jWolOv>Gz7|pQMTth*E3lY
zIzS&2j<CoZ3QB-Ok>xckMNBchUo8op$cG72DY(AAuTpaO!_XAIB`2d;20{S`&cBsv
z)n4*APBJV6=s@J0<dfLf(W4D9w;V(qC@qr>E&A!kp3!p#hx&cFncY0C3s3KYbDsW)
zj^p+p3{Oy&!9+;BW7v3Ev#yiMFsm3E{)WcLhLtlicK@KLmK_^oW|`B$UNx8gxa?_B
z;xM!p($H)s4?z9^9sgkjx<w88M=%a5-L6gGcdzXG^5a_R1xVTXeNoyX6Z6_-1Jkcw
z{W9%A{ngmZJb|V7ZRn>9m<h0@e2W^U*s368G_C?mIUFC}iEN`H(s;f+p~-C3G&Xh)
zg%rGXUcaW_cIy|E#hMO73CUvBwWMeCmS2>m&gram<+RAUPS&CxQSB*HsS`hbSbwB9
zcYZrUiqNE;SA>o&(;DSq7y=6hW5F(FG!PsUF0zQVjfY`{Ukpe_2hie}3ti6qzjCEH
zjYZ@%KqZ#1o>C~Q<k9S^rV1cUth2;VU4MOvD)q?#0oj+;z$}Pmun`L1A=Mb5Ko$f~
z>XU)qa;E`AWv!DOWa>2z%Nrc%Q&MBu3MiX%Cs^VQF}>`SzG|)a_k_2cboW8wq<&5q
zD-X7M5`K!tbn>4p!Fj5*<oh2>kMW>>ZjR($svBFBl%6E_b#AFf-^-1CVTCp~9T+9O
z2t>M4yY%|pg|?2j5GDI!_Jf`6SQM!Fw2_sIVp~n5Eevam{d2>mKbl2wfOjW8Uy*2Z
zJDAy!K1aiX`aYt5<||g?!V1-mCzl(&myO&;nG?`#<P5?8n<#Ex;Gzh8s@C{tpHif~
zRJKaLCZk}JcM&p|1J)gEkA8)6;ifl13(S8o@6C_97>AA&*w@B)yudgxk1-04H7o}7
zu2_(V>6<$~FcY$1oo-nwU$(37f8*9dON%EIm_tSt2hCVziAWU!J4tn8CS85Oso5Wj
zppRl?C7d=Lghf4u?8}`R-|2YBegi(gy(*9=^uKTqr7y&d%BT*nDDc^Ig%msdi${Iu
zq2&GeTSNO9H5N571Pen#C1JtE2$+-ab_OwaZzTbsaJrxTvu=-fx=04c(QHx|5QEqB
zXLuOdppizE(M5m;F&PQabip2JYm_qIv4Z3FWo>g4@m054!4$DoMzMA7@=rI1^y*yg
zYx9>6H`KdZ&49^H>qVp*i*xykZcp}>B@B^zX<bVXl^sUMg|}h22iM2-To}_diEbN~
zIp@Zpv0CR+Q7<RZi3R@=3Ie92@c3iUlu9~?j7n*RSnbh9)-d9wX0$zav&2&2g7Jnj
z(3+NOXxS_^TDikrFJ^uScGOWMkf>E~iTSFm^GR$?HR;d3L~4)3gL25YGOJ~`h1N%<
z6wU%_F36DpEz$fqLFoi|2~XT}W>8Kb9^LF`@`#ru1s2Y)mLTU`T&{%xg0-3oTD<tK
z_a<6G$=KZuWCNt=%4|Lp8fqS>j^a4Xlj(f?F&U(^IV78UeyHXmx%EK1y(HndFm$7K
z#qC(xi$koKA(D=@-Ho@u<~Ye$t3#KG*W$vG$L<w6nrGaM>j~VwjtJGQ+WIE`84Tq?
zAwLfNo|zZ)Gio#%6UqEw=c&N6w)iJTB<C*A2+I{za=6xh8*>m{k4DxCcmR(=Ojb0#
zv*fC&UMcjOpVGc#4Vz(9291;=cbo5|QJ*Lvx*Sd{*t2D$+>ko3wz;H6pVda6wGlC1
z$~9NunFCb7Q=(Pra49o3Hu1qb@x9qpbN~)dFwtZKN9x`w`#HA*GV)JV6jOrx5sPIe
z(>+6!6#6QTD>@Uqt*QJ?xRz${>($VpUV{rJ{oAy&7Tuh-{>36y6bkq%>T$EUg^F}M
z=ry<jlQkK3q;>0Qx$Ip0i}@8?3=36-xKEB6tuZ1%03@&SaAed)&(NwflM69beA}2H
zct@5c_h!mw^CJ}m$U_}6=0%b8!3$PT{PeM<q@0#gytGK#eNex<{S!oos{A(iSC07`
zzkP^&qj#qalv%v9Bn;D$`TfGT`|tEpqB+9|saxW-J?K`?b?I7$8diar+(m#kRd%|V
zNyo~XkuZAjV?HlQ^xzwU6Q*9IxC6Xavqq{q4&eb)%1qt5%Lh^ipA=P)=q#i}1mU^c
z#n%^~z*4v5jDq9*;AFjh|7QMkwQOr6*biET_S|~yQr9cN*D+=YmB>vh1f|60-f@i{
z8NVf95tRn)mBlE1<=?_%nvn5j<&=)53<JUXpFb>lf{I45t~4YDE@Z=q<BVEa1}^)W
zM)%w}cYdq@L{Rf2g~fcR?Ir__C-5kn1a3H;LyUn@p~g~eO{&6FEn=k~g9Qj%=&GKV
zql(jTunmPkVijsUXWKhX|88xW?u`|5G}vVg4vDOMf_9jUA|$i{CfJ`|6^xjniH|PE
zDtrXfW!G$10iA0ZMl+dr4moV54&1j*d$m}dA|jv`{-V>qQdxcynT$}%k-Pl4Mb0!a
zrhovVg2|4#=4=*x`JTmcHmnO0g5Vn37qS^fSppcOT>f{^EuXl7Q=1RQHb+%jN3~F>
z_ZiG8Gu0N<nz+nd<&ee9K!0MFC8yU$x9^cKiAu|_Ili?Bm>@>b)1XNWLgKAyi}pq<
z$d>BZXdzv=X-cxv?2-4ZXw$SZaZj;d+XtzEW*_B_QsE^1QyrMXIYIk+&tSa$4gN%y
z<u2|MGgxli1P%V*EsvKo)d>FhBfMD_$^{&g@bn=q_li~eHTu6e!@3!Yrx9vUyTHDx
z)mZw-PLEan4!?R?_5X^<6b1aA7fi8k>CW1MuB$PL@amhdO2FjcGFAT{c_jeS5sJ>(
z8XT%25|fKb<Ln#Icy||2ZIC+XpF@f(fRuCnH_5UsIG#J#fOHq(xqhav&tW++)0hCV
zfqSdqK_xI`AB|D_n@5Bcbu0YBKo3h01(BWnGmp3)qd?69F{}eE3r?J>0G*DI<kSOa
z!(aKszt6A|8943nv&?D(VQcN<PwH5sZge%w0$lSjHX9eF7S{H_ON=%qCoJW82#mF?
zjEh|@EY1%4aoX5%f@W@ujGExw<@uA>n+7k}yc{AxfNgW4P<nB%e3_9x=d%(e&j2!B
zsEs$gE)kunmi!^f`NDZ?RMHAvhR<b?E56+15R1;OF&5%<@Ih-!?iKM?mbS$dkSqq!
z38)vZD()TEOF!U%wYSR)ffTU#$iS(jMVubnDn%k9#2Tg*g{*NLB6xSpy7MaW9#HV>
zH#l+;e2xD0E^MPvc>3PU(YT=eQY<}+nV(!2;FbgdFdOeWSZ-HEg{TsbP~jsbjoliW
zQANJ+Cqw(l37GJobe|Z@xo?vAE~SW__rR-Ye(kb)o~~KepL{Pils%F+)T+z%K~IUF
z-VRq`sCiNop*|Udgw7QmxW09q)iYTe{+Y%D9M{8Ceg!rXE{K6Iyw-_31}ojI!tgCg
z;$H+-2Biu<$61_i${s`hxdxt-yp>M6+P&|bVL7|9M0gnak%0kCkRJKQb)4v+aA*>C
z4OJqzc<;JH`17&5_oT1vmdK75xWKCK=*_5iPG{Y(WzCRajuUNUullI8T_r}E784*7
z&7u_m&ZV9O2)-UK-y{U^{k%krn@ZL8NRI;E^ZWpv$TtUSXyM%Ian9P2E5dh|JzCp`
z&7rCOl-CbRLz+Y)9-eq_8-m?jeG;?x)0~B5lGgK-2l;Nq!y3oz!>hCVkFzHo6M4xM
zvM)3ukwwIq3H|Lp%PlycA<stN>q(~h+5Q2SSE5k}fBHP}r(3|OHdqoEtsC@YzY}H=
z;4$Nc7{=U9zX6^wG<yK?Nim|7&-V&D?e%JGIB<T<78X`U28kA(`uSH|F0^Gbzgw>_
zyO5IQf7FovJfP0EpCnX1lcWhImBU(UU1*hprWJC@7oRnZwq&=<{yE)T;fDTgGJtfH
zlJiqhKXXcXFaLg5_1+1&AVYK(K+LK(n3w6hs)Iw(rn{4+37CRGLb7y!2KD;y61nck
z9AaQ+$SxpNh0(+2(~H4{AeKz^X66tJhVL?~2b^h~^Y3!rdL?*aF%ioVs-PbE`J-N2
zJ=V;~?men#i&maJqR2sZtL$DmiHS;lL~+v<KRh!qnY<%p`1DQ{yoHWC9ekMxSmMO{
zos1GVp0*id6BHZZC0Jn^vo4aVM$3d$bYtl?)@e;18`T(0Xo<;Wn@yWV84fM-xn^Rp
z!!8garKqiibB@u(?cH1nae|5er><EmrIvKGoE#SGBC9hlhrXsbLOh3`BCUJjA;kyj
zw<@>G)D2YjnwKH6L3qH5HcCM!plN8~k$n@Wbl_OtCF+T#zX;d0KkZmjqTgCG6?fWZ
zxUzL!I+d%W?Q|T6RQs}*lQl7!)P9*>w^km|f>=Y5L>q51K+t>`*IP<|wNfkG0e{X5
z`QK1?offR=gxn)y<(MAzEo=+!zwFFmk>f2z=74~B;$0a2Cx_S&5Sw<?ZG3!ortf!a
z$dS2NC+tPV7uinJ#^uUDO@WQO5t!t>K`975qe3BlwlO=Hs-BnJzINpYF+56+5F4oB
zgX;MhFUX=Pl>JI$l3&oHHT#Y%dQgk_^MNGb11ydOAO_|nq5H$AO?aCjS>=~&22ZO^
z?i-qNk@Fpk2o}b|243H@D+p5skm>opq}M$?!?`4!xcU%Bs{(4)Z<akPEAVyAweF3*
zbb2`OvZ7nn7$ow~Ho%PqwQ4m}mf5^{a*wwb^6A}qq&@ZhE-#>_p}0N#xaE7Rx#U*&
zY8C^^+J4`>KREY2EgCF|@@-=wO{+QgT0@uh#euDdG?6z6xU%oB0@bd~8Q0Gu5F;)x
z;(bIUkkzrMVLSm#?>4oc6(!Sml*oodF{>jdlrTFNCaJmiz<RF<O*vaMHQio=0ZrEJ
zMWtacT!%jI{@?TfYkgU^0>Cg88mnYGv?Nc>5F(vTsxhm|^=w82=&O&LvgxoG8aQ$m
zk12kDJL_<ee7+M>7-MOOe4DQoT&_N1!^#zO!e@>L)4lidyvIZ%?)ApTdtMVm(MU%K
zg_-aRbMt#fQ7YCe)-m|3Xy*5jirWaf=~ww~UI97cwKq``ju+5>fA&|qb)S$LoacX%
ziBXqmH<z`3OS1G<WyU|*A_oX7+ShUTbuF&gjC<a>@#gV*%njqjfp;oQAA;w>Y1a-_
zqo!QgV^xg|2!YSnEQ$r>=7{V;CI|zz_~^2eqa0ZJ5Ru^req6HjSlAEgsTCgJU*R3<
z0N^i@VcslX^$vrz(ExPf6m6UwZN!X{bc?FZ$k-L8rw$9ly4@kg?r4g?C0}Nx2q!Qj
zM}q!^ax8%>wxssI(1EFgHN?D$?I|iv=|}a##Lzq8PpD|+OZshe=eZ{i`vRs(6s+wr
zBH{~H5*Y(D>bP@KNrhx)bO06}`n+Ks$?!Trx*FjfAG>RcxY2CrvWVvIH?rj5M?>ly
z2?DyGSVS9CRH_Dc+YpKUlmZAM*&rimTE-YZnLf85Y!S;K?z4ZU_^d7PU}G8@u>Bs^
zE({$KDwD%$u-VU=7XD(Mh#R^#WjMH72rNfsDuPAq=GV)bLJ?MKJn%z=`TDFx;HH|L
z`aHCzvIP_~8T8m+Ii^e9`|rDwRs)s7`=9fJ8oVpn%W&Jo9H!SC@z;}Fn4TyIWqiCV
z9`Zq?vb-APQ~7KM5vo7#wz7>G0pxu3ounvFiE~+Pr~!F>@*3KFhB;6|R|s(P9Om-n
zJBZD!w|{IrIb2$R+al$_*`Tr#R2pjK0l-ZG24PGVfwI&{e|I{3t_C7GCwfuda@j7x
z-n1?2gn{kqVo(dv6Z3Fzyx?dIm$|VLy(JqVA@DxUv@7VZ?4peW7V5c-({1zcKbd#c
zsJ+4RSG@^zt@cnON$@i}Ka{$TT#Bk{`(IHD(k1oqTt+llU)(a@8@?8~&akm*LC2)+
zswCVDG24P_V)=>ij2~O}7O{%%7}jT@lRm9E@ME?9H2v8Wv?u7Aigxotith(im9q-+
z^_*B^+|=7NLL=;=&dY%iwhjyuS40yBDoOt`-2SXT?Z_kJ4F-2A`eUwqru}+8Sx-gJ
z(Px^o8sZ2nK!Qw^5*DQDt2!YAqCvT&s+=d!yfoK<{n;GQ2HKLvELI??qOO5(@@+2T
zOLVEVRN*V!#GUR=w&Jn+i(+XBPv}aMftt?fTJU#=*<~+1<JC!2MW0w{ylU^m<h!Tr
zPjv}1FK32KBK$p)mNMiY6PP8v(*!M#j@}4(RFi2vL3L0MXK;cry`*)v31b{mMQ;ys
z8}69g%DK20;LU<``PXrE0HkfE7AAHo^{J%iK`vSM@c@Oo-@L?q(svNchX#7K-&#Ab
zX~!z|Qx#3@yM=pWm!0|2<H*0+y(N?`6d#Qv|97;K-bpXfDPn2Oh94?1)|r$qzaf%}
zl8Ngyt82S8hWJ+-+sQhqAsYg#AN&gzd8Q0O&rR+lRgbJL;l3!*jD4KFur&~pa9Y32
zV<M@^D<AO?gQrb{#0A>u4+yl+p#1nxfZ0E+6!YG0*`0Wo-;9PZl-vi(DsNIH7*Rm<
zzW5OH*Dy0~GylF-bxzTGSTYS2Ez>SHJlF6ToU1{l{5XN%+b2m`Vq|lu+EApqcQD0s
zvUBjRVAO6E%`!;v%_4b9bKmt@dZ)^8k1daT1B9|t?NJQ6qz}6g$c+iZh8B8%0BMkR
z1^&jkGPKl0?XYOWC%L7FT-CiCo@Py|?xH83xS)eVkl~(o40-LuE)_QsI=I3N>-=(b
z-!ur4VOVgsIB<Goc+;8qUbkRiJcxA?IDwn<pz3Z`p&?%M&1)vrb!6SZWina3Qd*9)
zI5@VNi3utI+L|p=Y#vHj5_X({dx+mTSo~Fmw1W>-`zva0e4i#5RGPG5uQ=_WSji$=
zYOP4mC2aQWg=HKzN`Eye&kCz&zsL!TAMP`1y8xY2h-{R=`T~n@Rwq;Oub?|-`|Jz6
z?OA*f&FOEDBv**XbewM8_N|nK5-~o=*TJxQ7ZRxsP|<+sWr0p@CzJ5@Lf8@YNysSF
zY=!p)Q896eA#p+mC`V=zH!f*o<S3xpddbCuMl5O>Yo#!g?UBSVfQbE2_RM&eTOo@U
zr%-gxEyWD7daZ)c#<%aZ+?9Al1$!7|x}=WEiVX|M#WHMZ$%=T#yMepB;pnU*r*s~C
zj&_%NwJW2O@4P|{i()3rNH$}LgKzoEK6f5I_h7D1IbSYWE7)_74GT-&dj*q|BD}dy
z*v7Wfa29<7)B31<$Aq7Q{IFL@u&p0e>Y}ga!jHjcXMpr0nyCdMlhvscO4}g#ad&Ru
znv|gGd`Pb!bxl^c1TryIXhy7W#A*ukhokY-KW@vS>&38N{$`>-X<+(&Rn|)F+Wm>p
z9-_@XSp)4z_ZpsQ6?jz5Q{C(;z5<6!{(0H`7x%`}gKzaj5pOM$ul|aec_GNMGLqP`
z!JOp_G~?ugnwcpjSbqO>reCChG?sJa(@M{6*Yl}n%pI=*+9MeKeP;EFQw#^^J%H(n
z8#Zs7(RZ(eNoJgy$zYmPJu<5$z_-syY1ihCJ(pCG_yZ|@)eZbxz-K_P+m`p&MS${I
zNWsvQw<__Xd1G7b^W!nNa(uaEU=)hKivHX9+T*+NPiG?P2%nadb6bG_4*a^&vhvC9
ztMelr)1YTh%qZ<Pa!9trGGK~+s_KH0-{~FO8i^yfe5pSDtvxUqA*J5$C{@*Owd=ws
zaj0+EXDfNsK)lD>kp}yugHv3Z1Zuuc)+9`c{0~-3z*x?nw|o5P7Z(CnZuJy+YLwof
z1#5SW?C@<(k$JHmSt2<4jJgfzO-oU;#4F6bz!HSw13Au9_r{BRCW4vYE_wYkqKd1$
zK^$YK=tHxu-P{E52x;4WY!0&`gY8(SgJ7BWSP8pmspnckh6N+ts-J5xTFij#@F;P2
zI)d=zMS>5Sep03k-<bZmnvPH?m%f)OIPP|c!xOx(CFPjsMbNB67Z97jR;}Qs-XyK>
zIO35dGlwCaLl15If6n_{N0EmJ$Vurl3|lZ{lVLTp(R~a_P1g=x0V>babpJn4mvzJe
zDmwzG+xRhd!E&?=0~<Jr%-Qv<^-&&kx9m1HA#dDTmf+pK7Y*C{92tAV`j?#YkKZJg
zF$JVn+)Z@L4(7ykkaIJpEQB9P_i3KOw8c|Qdhp^@OAYr_XJ*5=1{jA=2x$ZGNc~en
zF-k}|STj^j?eyQ2AryQJGAO+BNQFl}?#fS^2XT3d8Ky}#-8JI@<J%CTi((Kh_9xtd
zRlnJs3Y&^@fWwUO$DgdtyG1m=u53`0!r0KA!ZUM#M)t-b8FQaA6z-_6{VCMcl!j4@
z-*sJ_{WsW`>J#cqp;a*4CPUx33Ha+JU3bN;vy~_irS;@x>Ca-|4WZ|g_D)JEZ^{X}
z1Q%;~^V5jw14WoRAf7fw)X9LdIret1hbjSmGkJ8E*Ie2@=8oVmhY$CRJg5Y`_<|*u
zxtx%Y&<kK!f_YrdYG)O$>RT@nP)tgL#I*F$ytcNbFa|YosBfWPW6#9eXr1S~*rjf4
zQ)N~o;rd{0>xh||%BFpW4@X9x>v?G>cL=)>#`G8Anf|K@-Y_4<;7i8KABHv8+1jaA
zgcXW$9DBvPv7NGkuZhjpMwooQ61TXba5;`9Q!7BSuYEk`h*`U8toW9TbrQE$PA$>t
zjk%LyK_i?&6VmD*TApDM%ion|Gnpyy2Hm{fjOe{72x=CCnG+eZ|E~Lp+2G@A4WKx#
z>s}x!zY}$z@ZNU9D(f(j5Y>}shbpK-T^ggj8e;rj;NDWeOLDneJAF>hrQn0%E(0nS
zCD8f2Qr=%GDh%@>jPIGq-to-;2@6N)6S3xpip&ZheL-fil+~af+$i5}x~}#;v(#f-
z)W2RpXkyrTrQ7xD>^MRC7EfqCX>4}xNk!NyY}GjaR_n`jG7NZW0Z3r>FXq<z^D1iC
zT!xRyb7Sq6yu6mnDh?dOTR(A{wakDMb<(Q#wk@}+Y*R9PWtZ@|)~CuLWL5q$4iTRq
zoKt4mgUKd^KE@*yT4a?(+6EZ?XLeSJT|tHF_v)B73?^;?n=d~?z^88<WiWWLKx(qn
zz!6c5X|)F>N!VEvA`?{>f8LYWbTQz(@^n{{a!EF-Nm5P}ZY=(rD#1L-y>5xnPoq^%
zGktRg=xa;pak1a+&|ft6rwcSzaUr8f%6vo>vKNu5CL!n)4%IW;G?v8X4s)B0o-WYd
z+e@}J)(}D1!6K3+ftinx=PF1uK)13u#$e8}mqQ=j6BfH4yzS2l=Y5e$1Bv6Z)4JfN
zP^+bqL669WDnO~LK3<9wzGq*BN(;4X82Ni8-6XQr1nvKV<)!#FR4LQA9#P_tVZ_(7
zbg|I){;>wlE^tTM`z>$*VM7>7B}TXvE1IpF(%JUH5Al%!JPS1&N$}gI)sNTUF_L9T
zKK+opxA%M~`a+~;8(C5Jkp!)uw)=?VPpS<cGJQ5hRdcw+C&LBM@>o3Bt*(yY4LPQB
zDLsXZ>edwBQ)MY$K$eCu^=64-%Cx5)m7GzsIOL|X`R%VX&Ol^RXxJsfPjmhWV)*O^
z!A7DXu2-QLA_=vFI1#TK%galgoCWH*5}9TeDEYx96sp8saW1({$)^j{xgIE7SVo$6
zED0cBThY{9zxb-??os$s^YBxiB+l~m6IL2pjZqC)$#By(HZ}0)Z>`@8_j%smmloh0
zKFIcc%v_vMnL^5I1?Oq9Z-=TSk|}Z020z?Dd~6|5_B01kM93Z~=Z*)HN_t6dT`Aj=
zOS#91Z+etmf|L2EeP4vo-9aNGGTQ~R)^%Dxcbbqa5sR{pL7eEAGQ0z%qMNAqvO`Q{
z;dW_L6mk5vPg=}rZE(`|l&w6(%*zA4KycK))^?tm4ZmmWP7BXr*PP^9dJ}9Vu;;B*
z?swsrO*ep*o(y+xZ7Ae5T@cv9`sUMvRn)hfzWA|vqAX*+Q^cHA3UdC6E<|JNAve<S
zCK2vCzmX@}*f&xfFUXyjm9SQ*-?ZZL{(zPPXh^c0-DL0=SlZx+5HG=&prOUANr;cD
zq=tF78W}D(%RY%Jwb(4^d`<*XV|{y2$jG665#M;0d@q)3-p4FC*jB-cZ&uXToP<yd
z$snAXQy)v*cod5P0QLbZ_;aME0=IA;VAfX2{t!fq(^l@%g&8wDO!kYN+NAmap(un8
zYx4#wB;fGADwJIk>oB~$y}m<=A}@ayzNTk%@>ABhQJQY&knbX-^ixLj@=u-FYPHDE
z(m3kn^+#(4YrzLg&VCu$Do>j9xk2#!!<GFP{voNekcDr-8@eKYnA<5qw!1N(011GR
z$$xbX1O^c#=$wh*t{rZ|UTR!Q9p-(<R`PYa%M(bZ{@m?6l6L&E`8rv_nvjjhjuCKF
z?O~ZAuXFA~lfR3d=c}DRp0+v}TBt5-65$EokO;IkQ93e1r}4yD+&EfvJ_>FA*-YH_
zIh3R!BP>s@Z$=+Y_qJyGIVe{23S@izW@-(M(wz#Y6n&9cJm7VSCxM~IGh*macsTpV
zE#eicmto(M$fELJo<CG7$qO;In&fec@NxIM3M{``rs{KZ+kIT8XCQfhcCz@E>J|Hj
zN&z3H4*`A8n2kYF+=4|zgzVNTDg3J}XcQr-NN!#yqalENhXds9=B>Do+O;nuV3Vt;
z)MbcgY&a6CE+zo9Pi<5cjojZDxmNvR3A|KL2(Q%yW`;l_lmD%M`c%wqGD&D@@g}6+
zV}#f8r;|=4G#cvhUt4A!dqlx9#cZY8LH!z93MG*Gx@K*#c6!fG+v!)P8JlJ;t!Ce<
z8X|NJkR-bUNxBKV6NSjO%Z;U6@<9Lony0q)4Q!Bf+M?aCt}Z%<3c@xIG?B24xzzUt
zajV;CCJjEQpViB}2g0ZM$}T8kZxz^>r~lqr&FLO&o|B?pY7Ft_*_y{AthV=pOSeDc
zWNKl!Z7TXZw<|R@O=ot6X4^W3R1qQfp<<nJq4o`Z&{G9=s1vGByl!o}&ymrh2EMeP
z1)lIDy>u5(QpuIX7AwdlQ}n-`v~%4ki35P1$p3AoU$W08<W!N45Pz6K8&5Bm$@qb%
zGwOhyz&{_AO2cKWCuy;OIQdM(acU>@hHB&3#b(ZSna^>(qCeW3WzrFh>mi3T%tZ-o
z2?hnThgnNzab>QFy(0c#<SZX(VbewFhUCqo?P4xV^DI>>s}XxB*#L{Un!G6f-rI|T
z`uV3${wU1PI9CMQlmJ5*YlIK8DiDZDGKC_S(8cJvvq@y6)yshLn%O{3CQLjnWp?Ls
zEhi&~CbY3)e|1^C$gzH|4=UX@d2`Yy(5v5h6m)HAKFl~HZN7WTF1o3mb2E~T<W4>?
z1Jnf<T@#X>5B_u&k02$RLic3EGrVhdt<y^kD8sq?3b{aU(*;3keIK;O;vT^5Vdu9t
zDjuKp$+V(&oRXf34SKXpgDgS|b;uqjk=73YMV)I2`mKCq7ONn#I{I)-*;|rwN_<(N
zOHFa>-)eJb_K-RVbR@O<q~E>_TALVV%?_M3L}d#GyYzj1XVRa%-)|SFbf3iBn}E;q
z8v;Xx<<s;;3EAbRbSo`qW1Cb_W+y&t47e4ykk71SqG|^b`^L*$57a^F8w8gw3M)@Y
zLiIsZnRS~t!G2nlqhv{v0IKl-88iYf<5wtVTrixH>iN9Za^b>3_m8?OJekbjg~*lO
zrI#B6c0Nt#;1EOsYKtzw02G$2aDFQvEbM0(-E!hFZdvJ*rb!p?#qmxMP!VS>c&rCl
zu9LQ=pRW5J4q7m}wE#Lmxd<9mDiqdju>r9fx_mwZR~5?3C@BoLLA4JrSg2|z2^5-g
zD}QRg!{ZI0vw+T2sW17hK`-K$uS-OuHPoS4m(r>2T39%VQmp9ZzL-Y$bu}0-Z6#Ko
zGd(WN^M_bQJ!@s%)Y$A!)X^^RM3!BbHGt%3ZGi_Py(`%(SzDli5N*~YTvG&zIxwcN
zExVXc(;57}_Is%7oz#=J3DBzas(bv)^XvJkM)+T`qfI&&wkUYlVGAz3?KCamp_I@J
z(g$RHU4?NM&v4-ZUmS0*{LXXOW`{3r<}{v3gF2gO@nw+dvZdiy^qs`y>XNGeli;DA
z8*1xT990h!=w4FSTms^Co!5y=n|e(bgoBJ5Gz0KG0k3zXk)Jd)VC4~BW>WX@j0;=O
z+5y2wqb}o@24k{%vlW_r01IDuns&__L&UI@v@<Sj2W87SjR_-=ji+`yyxn$l?r6mY
zkQZ<d9#7j9;I^gcsLAShRiWq(;eUa=Q$(D;J`yz^P$J#lMt*wBH=`-C*jUh*o!4S7
zBUBsnvK0~Xk=!KRJXrG>4agNp`;g?fYC5s{^N1K`Ul95)w;ZrTOg{>6V)sTHC#A=J
z&pewwOksgYvH@!X8*9c<NMCRzD*A1^WHi~)1(~$KV`~i|%1*Va8Wb1vxZS2Saf~N?
zVh{_iTl31hGuNTkSxA~6ZTt^AipXg#R)~D|(P?Q{^cFvosAC7+sroECSD)@*7e4!c
zn>P{*bM0(8T4wZ4cOV0`8R|Xw6x$^AnU-ntVwFevV*)zbSiZ>FfO$C)Y246wO*$7|
zUI0(d-HqIDy35@h6hnA*it||yGP)ryVsle#RKQ<xpNitRjA35-fXQ0#GSMBR?}ajn
zOJ`5*xk}&xRdf8Z@PIrgq8DVQ9l}kKXWpCRU|gIiS5$yHmXO#wF9hdFhh1DD+R;+5
z6NxIHZ_^l>HZjlh3E|y`K58*SaH?-|J>gO=c1vGvdq|uj+w6GR+hTPGhj11u`q0i$
z2yC{jrmFA^3uVMyi^{vQI%Q?H9_C>r*BMEYP{$x*c@a&0B)b1{V<K&x<B~Us^APvi
z#CdSPt2oG3v%2{8Mf0<BtDvbr<wg2bmlc~momit?{m&Yyfxsot&o`S=OYlC}s>a4(
z`O{<PNS0pq58GP;9Oh-Pn}1TL`VaAUqyw+@(0^zlJEhAcl(Wtpo98`A=zu3V0{Q?x
zjUSUfYwKSQPN}z((mk1y`^=Zv4oMh&V3}Dzy@A~&IbMh_aex75&4dHUiXs$%nh|;O
z=^xAn#JkkJv1iZu^YCG9sk@o5tq90)R)-za*x%*`-F_Viv^m4dcJ5}^9VL?5lDO|Q
zJtkHMnST175Opf2!Yk+$5-8vDX3bv>N_DsE8!5Svc}Kra#vGXFyf7+B-qD^{T``}N
zSS`c}(==5GRazjkPMtDY74nAwjoWpb^R}em1XFeFeb5f(@ICG<op-6Y8K(1!ma?s%
zRX!Tr&?yrQR8ZzP6~Dk33i=spouPYoC#jtB@iYbHZS8YawJ9Oc!;spBz|$Pa_|v_o
zr5NxTUTBJsf*8ntf*6vqyb1ft+C{8@(|}An^nbG14-zUlC{Ai8IWn9377f%pN{g5*
za8*+kydv3%tQ+U0#0Ng|6i`kymAg>x=6NUYY;GnaOwZDG`@~$aS>JlRI&F?e0Y6T-
zU&QAHV9{IC;4id7t!?A%+PGTrtC8Y8k9DkYWTYxr(AI3L^ut1qEgqi>o1`vJ<>Wvd
z6;X_lDmPZNw{D}pbd3?=?C7Bl1?g9E+&!UMU^voMQTr&B>KJ1N5gj^fZg%J7EHkT+
zbAJ_#qu^>ZRjgK=UaS3My<On5Py1N2)sHviJpCia9ASE>$0!bj&D>3L!&&i(YkJT|
zV)$?9ihB=B^c<m{0El2prx~Ch?{9!Wz^>VZ5}Y=LWQ)_ZTXhV`mMqK&07*c$zbx#3
z@A6GD+J^C=gnR~vL9>u)TM@&!Pt?a7pG)gCMCn%iO<{LY7!-`qz|)q&A9r)JW=xzz
zG*?7DGfY7RQw|$+B-s%e#^Nvq?q_2~Qw<Mr2Iq^4kEr&)7}9C1d6x0}OPXs+`A^DC
zz1Ol7Yc<o`ctc3oyov{=r`o4+I)}SAQF$*e!5+J;<ud2iIwP$-lLihs0mb2jkf*l7
zw0UG|+VY+<&Jf*ywJNYH@%@;3zWQ+lljk$K4#dLTvR5nux{Y9aI&XfavSi(5y~}nc
zu&)o(_+b$WuS^#hTLzv&*dxvO8utsfByjf8&Dcdl&6>`WIc_B`0tS|_wjGzD=Ap|}
z%wx4=*jWr69ufXQMoX>7*zP!k7z>YoXF``%26oc(8^n$B>!_+(zdvDaJ75Q_Z*`iv
zv?}geWLX%HqqzQNGi~%>U7DVxtrzxef+yr;&XS=VubpOq#OKB-b>g+4byoRNB{f2x
z5ZKW=<iwXwMy%ldpW3Sj#eH*iV-UeVHfUQ1vOD>hOumV<{R2=eFiS=r2OZ!$LYP;Y
zlrFe@)B|uNcs+lDNwk4@^F|zayNmP*p*2xDLpwyC%dmp6ALPuI;I3wo3%$_BR1G^0
zX#qM5&v+ggD~n9|vpw^##nP8bwf@;c%q0|w!s+n-_svN$NRPNUM0jeHpvYb@kR`1*
zwGXX;oYCWVf?lBhgm|e!GViN9z+G$j@sp|_#fi4dp!1$E#B-3l>drM&!ifFI{7#jk
zbNa)2l;CZAozOQ9rk4D{s3Y~JhGPrnLeIf8)eT$@NINZviJ<w0?WLxtNIW|GuvHrV
ztLldWrgF!>U1unv82%+i#lo3}XScpb-f`-t^*GtB&iV82nVZLKb-$KDa?`@TObH!#
zJaR7SKd{f)YBUy5?_E(QM{KX2xf0uOcbZ)P_@~DxghqvWI~@!8eYP~!G>bM(a3w4o
zuPA49)0F#?$g>;15{!5hZ_F$I=V+BVd6^Om2l^z*d|`uCqZ4kk8C>nG;PXPTF`QH-
z;R3Hw4$iCdTq(Gsu0uj)4p!g*%`O9G?h_-kS+P(~vlVt99fjt_%)0OVjBz%YqYj)V
z1;XVuh0zB^RBbK-<hu_hb}7E<#%fQVsw_X^Bl>B<tmD%P;z4Nm%9Lh&{}l=iX=yPW
zr24O=GKKzrQb5n3z1|YZa7&-~R|8H|XFFukHSXx{aL?r$_Nqv2hU_e|vvUWd=Y-xw
z>EpA2GtvZ<iJV$2b5tXdX!oRZAee(M`f6Q}2e<8t{7Iu|1*{0i(xBTo%F{rG)yzeU
zijS>M8HqWlY4Iw10%(Q7wMfag_fz<|0za(e&Yy7_Lp1Z2NJUpxzD)%~(TdZdBe6ad
zvDh6!HaepNjmiz&%HA*T8AfiVhAc?Uh^&v4kI!KnZ73R(6JJ<^4jg5R1{GYd0SM>p
zxUe^bLu9!E8U@xzXqzbl)5AvV<wA%hHB0IwTP_F(tdErrUwMu*Vkx$er`ca}3jwxt
zA+r`JRmRwUThxL%R@yScmVW?U-I2a6mq!g;7yqQlc3tJ;(!<}T$|@ufSq*)>tIjq+
z|G`g<V*3G3SPi+1vwripJr`?8N-77Eu1|HW--3C4z4Vq`EAsn{7+sEza?7PskXE^+
z2pD+vp6YDCoM8a%-AuJwb3%uwQ8PBcp!D}oGB6=3-i6{yr+y9v6=4c+$3}A&NELdn
zZ71F^hJlP{Xu{(&N65O?uOt$QBc=GdUEIwNJw@U;Ci}=mFL`d+lLOWT-qEM*4kc(D
zBE0$BT0UJ@{eTSaaxBEPh{72}9pR8`r-yiQi;>eQ@`dTko;jw*2;IP-66=S*=fz@l
zZ=4ZK9aAKsj7!&BfnX)nL#{fZT(%3#kIsY&*i(Gei=dgticvZ=m`LMG^1EJ**V_n>
z{Lg(-TLry7{s$b8-OEc!NxE0S{7QU6;QN`e+a>rpvghn|8M)NRv8mJc*n<Kjuw4mK
zGajkV+Y0fxeKa|}IDXbkd0T#myT2~CNH-rrkQNnGw4MwEX<dfVd;%jd?ERLs-|L<{
z!Q530_#>_W*~XcD|9Bn9^cvEhM2|u)1t@Q;Z5YiQ$zD!;G)1AlU&9%E@1G9T)<z0b
z^k(+O3PNQu>Wk5%FGN)faFTM*VW^Z<Q;6HZ*^yx-*bH}J+w^YR&@R7oL&O@CO)f`B
zG6xulJ9yKR04bf_{AAKdcC!8?>dE}+5_Yw1*gcwU6e)4&HS>hFY1px|7Q=B|N;^#l
zkI!-?UYDQz*k5b2?Pl`ck;yqbvMm~K*HpSxH_#QnrHn#+by^ev)YZqJTx&&$no|@>
zp0<y=u1v~>LVKX?p2-S<iC{a1LY2VPR51={pCXv1&DO`_YZ)FP{cU!`q95={>=INA
zdBc?86hD6OAO3(1@AF=g)^KU@ID$y{X0|8vWJKMvwVVW0k#e1}Gr{7<Q<aB2$HE<H
zu~}Y{B(@Zck<knqRH8CD6%Np$12E!(s3*l1Ri5?T9Bf<PZ0U?NX(QS~BB>$$?ZHx&
zYgJxefG5A(CgA-d9H3_T(!B_b6HGvCh8Dg`R-$_*%A@bEbR=9iY@q>z2VbBD01Fjv
zaZ(iJ$Q0lndG)emi_Y(Ns(Srb_r2Z<ZU0W;^B1Txtz@7R|2$}U(3=p)IQekk%04m$
zDALacgzmjNoGHMn;a4pHJi$u!U4yz4K8v+4UB-wfis}FO^DgSLxR1>t$1A<g45a7_
zXShqRYya6yliCPXCsu%5=*-0$gn1U;5{qB6?J>7(n(?+s-IHb>xtJU_CQ0rW#~nDA
zTPvRVuh}FJPirTXu3f}Ng(QN^`r`ZK%yPdvP&|fc4;3AFEAbRDT%p9^<Ou#GmskIQ
zGe3wjEAVU8@kCrDzG?lru;e{O5OqpFIUrEL;rR*Z4E*Sc`fAZN7?y2WN>)E?)IK|J
zw8Dq+eb(#B#0(Bh{`piGKk7ydB|WT@sp{X1ARUP5te6u#9?~FSX#Yr%ssywbTVNPI
zyN_2fMdkhjvE-|Jy<ji&R;{_3pp=P(Nc><*Stj?nrahR$SE>mMt`;<P0ZXQB_L`5d
zrf!sV8LLTi|DP`JuqtsX1o4Ohpl+~ou=|W!nLL38s{X&Rt$%3#I}}o>CI^;X4$6Ks
z6VL^ZP1ezbfY2HG^pK}fAScEJ(BMrjw}}8=v4G~O(^AwTvfA1=%pGIL8ub;3oOpyL
zWq`&qb6FBv+rA_bY_Q5@c32Y46Isv!h<ce$Z%lRD%u@Ro$ray7PN7C}P*lM1C>@nl
z7Rp(yjmr9LIX6$38f~#7y&@qIuT34EVDH))6N9f;!pQt`zhOg}y%A+`QpO9b!1$Xe
z57DRnjCU&~x)aFXFHTuKA1m!3@pl6t;y*Cr{ZAdxa&Gl;&)y^k9oM<tnSde&4*udQ
zKN*$o12UX+M=ec`KCGHZGLBryc*uWKln)>3X`}$(YxdyR*_b>2C==4~reDupG~PnS
z1EV$IRc0XZ+b=klXvibBc`705^lL7^xF%*d+MBE@jVUQ5n4}dRqU3(a>VZhJ{BMnT
zvu)=07SL1^h*#P`nbWJMFldgk4%X^*u%`E-i@M#+F-G*gF$5ao$}pUu)1=p2;`hsy
zYky9v<)e;7_D7_yz(C%wfZ#hgJ9J59q2PR^s;Rekq=#Hauv@qBn6oczy?oeOdLWES
zVfD(~ACwclyd4`?34-Pf@Tl?-w~V(@TYD+}j}6DWjUzm6YJ9PDTFTEzYRiTm7a%{C
zz6zH;fxBshre0p3-DAG56oX|4#Jd~0Iz|PkEh-kF{An0ls6&@>bh$M&zHA6zTz|J=
zb0Ldt)B{YXPKkUG!hvnt+^;qL0M8^-et(Ok!K_5)Ad@PTk9}7utn1#JTa_FKB*5Zr
zIXOlElhvl~iNomx8tdszuU_J;{Uz;kF&*Z2wgKVH9%xHtU68eAIl(_RB@lb8mVEj;
z44U-(@VcJbB<crB4uGFBATtbq2@1n6$X&ud?Xw4dV31y%+^)r~x{l&K{P9M-<s4y?
zwEi?$8k9e9BvRsVi4nWx-D^ZYz=-F<VGnCQ+m=_hW3|C)FIx)%gpFf-n7GeEmZ`cP
zI-CWHsf4+Guk8Qi(E=EN3|3Y5MDFU<^o+vaD=;F07+dg_8dN*~Op_QV0(raA%kW@f
zm8zAlEmb*_&To|wze}zDi{~^8j=-eiM)DxrTFBb+x5!2oSyE~^r{*3j0E2;gvyr}u
z3jLvetC<^-kR1>}EC+R%J@SnI_`;LeagS#rCi3YQ>iHewrZ{37_ep;V>FS>6YBti#
zYqgH80ZjzPYhP#LK%E0pDExc8rnPNYY?3vH*jH^h9!E=o|BzahP`X~*ec+JbGR5b4
zPn8bqrHjICzNnFl72Lr$#cnU*G;+P_{+HZ9T7PZb<Uo=Ta4q{&gH$B(GQPXfzWEFy
z)74<YEKZDF{f@+)&&FhesXE8LwN+5LzSTrp1yRf9JY&&~z70XmF<UN;>Plw-c#KPV
zSc+k)1M_1%JgKZl43c@MHk=z)6KRB1$uCfbUcE$R;2AkvqR&7x?0E$%*cEQvl3Ap%
zDRKP%g~hKPom8PB^5Tu>Q4lZ=5zr2rcsIqrbt8TXq61oruBa~()4P?@85?iPy>nNU
zHZ5R{Wt63YNy*)xt_&1jb=AO7$p%8r3w1*q9Qsy_>pOkV5;f8^89m>~`)7S6_ae~T
zX2fUMp$L1xczteS%|vEutVY!4SHw0>;Z99L@MXxVdf96+t+>kWq?LOprTUUv)~pfu
zhsnxYY4mW54o!F?wX5yyrUxb{mKtRI2ncKR$Yoa$hTw_<^#B1ERSk>;&)v0E3`u{t
zEXup+SgnojEMDT~{<Rp#;Ob-)=m!@oqzlmH`90H(6`TI=v2uav>M>EZ_!>-76B`}r
zgVLB@h@oenIoM_bKQ~p1F2L&<1f9FGY_JKhY_Ly%D3#f=faKI{6qezaVf^b$#*#3^
zvjK0K_q8y$CT0tDr}!AH@<{FE=p&(Q^68QSGd^rO7hWe<)>5tnw<nYx>m+)xDmtqV
zein2aWMN1PrsV08L@$iM;Ayd8zlN;m>6&**sPK&8;-p)BO}Ddhxdosy*)#O1(rH39
zqvBsUE91CnIl}OfMLrj#bQ@ljHv>i|FAH$cfl31qtAdzG=H0qHx^)T@(B3X=aSHY*
z33W4<8I%0Fxei*p<jRthQm%cuAT`4jC15yb*Q}G!#<$L+7jb_ce!M-bi-{2BL?w5H
z;Ey?S5n*EXp4@qV58+514j&uA{?18jVjQa@0ysgl_1@RZ7?wF4HyQ1?nvR~8zi_^7
zKH5a+&%1}6NB?(pPn>N7^l|v|>7I`2HH2?{JVb(au=PjgQlRPldhwunnonSMN?o~a
zS$Odve?wWO3O|4@83tN<M<OS{qQBnU@2NF^b&9AY-ic{jpoEr+82fZNzmd&uwHSyK
ztc&>-xVF<Bk@`CUooT@y=zxSA<Cm-S|AUG^sN)?m^J5<oeX|JdUItALU58hM0p}{i
zkO%x#t@8f4*@Z`?M5aM~T^VX&fwd~DG#Ch(hqZa1I)n(WpnvaJ_QiDPduaUh-tupN
zG&^^QBnSNthhnPVuJ{`YUOZ<Tl;mt-ex}~_0+tjp*0}SZ*7G@xl%jf86Su#1mL57K
zXZ2aPf$K-11}t3-jy39e2dbG-r~M`pPyDwGZau#g)C%Q8Q%$i^TM+<T8NLo0lv>j_
z-_RD;Jy~t`pF>y5!<%m40HR5o7;@o-A4j7^`cN~&)EXJ9@Y6)|Wv!Z)>XO+)dK9K9
zu4L)^kFRRrvzZERc_x*?0*3cbh^dnxwuh+o@w?5n9{EOf2R3zEgWN&OJIU5oW)|PT
zI;L$fDH-yx^QwXnUpN-OJu6;?!rjiF;VDS+Ah?gRHqnX{g2Q8I4(~(cclI3W&eL*p
zT9i?e`j}5}B{q!2JHzl~twQW`Wnl`%%kZq&P2vKGLIe%5QQYL@iGL6kGa3r$%#4Mq
z^eIi=#VI)u0)KwHiS@(0g(doz-cNW$7Z}emHcGG@nC*DI<m9ed0BSoP4=0h-ifv^A
zZCCNcI`e1b`oMAUzgT}VCn$t9e5ZHlkqV8~CZwfN%y(;%g?U1A4p83g$97eQ$jk+C
zq14eF?=S9#=S~B*!k<X~r}KXe#)eO|4Mix}8!FcZn&z|A&zPwQXnJS35`yN(&8$0C
zqcNLtz*~ZP)PgMlQbx=@P2WSyb87(kcVv+w#;5my(=O2l2iubdz#1wc6U+<Ucuds1
zA!V&N97750{V0JP#YL^RR@0lT9=Mols*UbOroCDWz?*eoHJ=HZPs*$-_w`bZSM0aB
zuv<8s_d+(*>2vW<k~=y==av<&#KL|CS{ce4SE*$wy?y3q_N)zbRqiYdpTR>C*BgyH
zk<F*%o5m`<-PtbNex1iF<r>*#jzA9K+{eWsV0eXn=M>MlU3K~S2uFjs9CkU@Kr>|O
za6MOmkK=c!&l9T}w|=#@X8vW=$;Uv2i}Ybl6M-R10Q}6JGcJ^H^zz2V?!V;Z3VS?S
zZFgo9HF}?|)`H>HxdVt(f9#vF7~ofd+U2b|b<moS^~YHsd;$}KdG>OD0|H!YM|Sb&
zm{{Urig@mB8g}V<p9F^39tHslL{WVU6FfEu^*kk6RffFQV4LtDFs!)z^R`+~8qXip
zHqM-Tqp3D<U=2Ki@AQ^40?x;For{(}onMw>H*L0zFAvglnU#P<)Mg;3Ktt$kxmbB)
z^4R`_O^&4U0N8fIcKrJ<>N|FH0hJq$u3GU*AU=eDTU66vGOCkDO^$v~t?kjsFr?qX
zRGH!jEya<#JK;(dmz^0_LU>psy0y~Kbsp@_({GCctEJ`S3-3jMO09da9y@i!$%tT?
zs+uTue503x7<VHl;Kn;X=ADNAb^hpneqJh-yfzzGL!qEs5zY~hcX(>|{Wtt^MJzo2
zvQ$9Z<9pLcqO7I+Btg@*yrEwv4-m0XZY5p{C7zWR`PrxXjRlZZ1)7C)Y~F9Z;$#i(
zsUtB%&d}uswx?Tuk?2P^wVuB!%izT40P8vY1jAscTL>X<{Rj6nZ?ug4MPZsxoNyA<
z3F><LG_94N6X2dZRnetO;zS#*d)rqPNU2ltuGYS9C~A-3^;$K*hIS+XbMw4R&q9S_
z#9KARR(WKAatDnpNe;mY9W~2D2;X_740U5ya!JlG?qeix&)6vsLr~S@3OmSF?hHSJ
zLlz8o$n;x^P<dt;TQC5Joyzed%w()|Sc%pS{#gPpH-Zl0Ou<AF|AfW`c|LI++P$xu
zN~u#r5?PGcrVfH{%HnY5k8Hi4sh;yjAT&8r{qt38Gt>ka5cr0Vtp3Jh0?5m~x9Kkw
zQfxr3jiM4$3R?a|VPHsa&IG>k4hNV`zrrjQD0_g}yPBRM`_1tWTn@oGg=5kHPuv}@
z=V-X8pazJyV-x2#%jbY42evxXv$XNuy&7088@=$Rq+kQPI<=No#SZq9gL)6}sUOa<
z-TO!$7?}UkT%3#JrJja8%cRHdNS;k3QezKV=n^?89j@eitb&cU9q-9>du<~(B9}sf
z1mrI%w<vxUr%Yq&QHkNTcmJ%+=tJLShC|6WW<ObT0Q=8ld_Mi71jpP0*mq(vyuE$E
zZh_)yGPm$?)?~+s=Z8`Z+lE)4;JOAzseuC;sG=_o@7@+|H0=?HG@~t*@Ye5m%0+{(
zUOZTfELi*JB@oir`>XjnuAt&h^mPmhdrS5y^)Kw#S3*U+Lk*r6a%(l#?LDfixaYw0
z?y_kJu7k>6&uR(&$Q=^TUJ@6SM(@`78xNRcb&@veFUA%UMEaz(#>LykGR>I6OhqbY
zSO>9{j->$I?8t*$b>0@N1w?ed4c@^+?rDp9_?-zp0vPMT-M$xY#^T1T;$}r-!Yw>6
zcyat$zG2gyu9@y5rUx*D0M($9ylr!K$O%W5{{6@gz>exc9SOb1+V|UpWP7RkH7-*q
zJoeebTl7wSr{RAVG)He+V|%Hc7AhdhCe0ag2s=t+6i2?r{o)b-&e#+RlPW%G{RnW6
zvSkr4%ifvFcYnY6_B<n4V)Fe?Ln6WDFd7dQk=nUzJh%2>p<*!eVMg6$*8i4XiE^Sl
z9$R4ikJ6->PC|`3x>?&oT!u_NZCA)|tC{HPt1S><9$WV(cP=BMiz(h`^H|>kkdD2k
z>>+yoP?mt6eICJ_Hd0n(mU8girIVzrMo5O`;mm61DvNhI%0u!$L4{AJR9p4zNK=e_
zwV9@IE+JByFqs8&bnY%nSTU+6yfg7Q2`k#cDxZ#YpJcdlKL}?$KAZ&{noTUUdFw4G
zzzNa_W)1>|aAbh2oou2p*`tg^s#fVgMf7(@X12H#??O@SI{5I%Bse~;16u7-2l+nE
z{)h8GAo1>+Kl3+Q1v~j1!<|W0WWUk-s|v9ZSRm#}g`B}dH7{e%5IyD_!+hk(D_&pG
zORy+Z{EYl(tHeWGV8Y?`vlX(gKI|G?qD`qZePlLIUL?Aq^dTbWmC~nEIcVy9o{Cmw
zP&OWC;(kWBQ4YfvTN>B}P>^6t(p?r~R_B)4kM|W7yv9xAFF<hVNPD6J?1x2}fWO4u
zn>GbwIZUqg37zsQH<g&w{4sf}Pm~O)Z-YbKv4nI18hAq5vKrh5>%BoRRAEO1%{C%3
z$veQE8gt^FZ();=q#x!`9h;tMRaiy;;yF1LDnK;7rc={YqNj7)JgKs3amBrNkfgKf
z#5C(Lg-nK?cKN}lJgQrQ)L`xzrYpKrT4*a|k}@I!mb82QX-+KbAJUb?0|~e+;WNIh
z?1xK$@1pYG{Gk&3Y|@`dESPxcW+f#4TXyjdXN1(BbwuMHuJxSKJUh*BAl(&YM39q(
zF988}FmD9R9TQlH2Ft6mn^4O)Mw2P(@8FesTSZHv6Ja`u9xZWcvVnqXXRsU~ACl|a
z0a!sAx6$3U57a&4{^lRRQCDX$Ye#I38~F_!MkZ6S_O4v<3Jr{J)Ovv^=5JNW7aXXP
z#kbBxv4RMp)|_qg-UbYfVv;vMqmi!OIi|Yn$ngZU$%Eu<J#N=-D9vwHuow?iRUb&a
zn8f4bFjO2v;QI|NQIby92hLQwD=s%<Qe$BO+XHed4gd)q0y@5^3|y7MikC!FJ}Sm>
zn?BmEh{`vb!b##;y-p_g(U#`{?I3;g_ArKTC_E)lzFnFouHuubYc>)&w5;QgP-rsc
zm_^I7v14=l*qR5XHTBgyW30gi6^9<5gG1NbreWdkO%+6VfM3m?ApHB_MkfeVJI#k-
zm9nyps*nE_*i(n{VWC6V*Y{*m-kT+ji`UUT4LRRi3stQjy~FN^hU<0?w>}tP-Y1RD
zEyu;}nPv8}n4_zhr&*pikMrYvxOF&Js7D7zoj|W0a(kzG5!$bP`$%);6nf4t!?Hbj
z&iN0wyWOsRS6}0?`21DTqt56yS6gMxeGt}gB#m$3Gm11=0I-|1ZoyVF*nIni;Y9U~
zX!|@4pfENUjPtpmfWIMHXsn0*>b_WgZ4CdI^B+u1d`)2ah>tWuHylJqtd+d^$+gE;
zjmT<8>XrMhxLzSZKe-pOL(PAgwr;<<^2n~Ld-o|MV;$6HUcPw`caB~;9rK^xjV3q@
z1~IX|=CzlW)<MvkBp@vA4z#)ADd}NdSl54dHR4M%d75!9<&T!P-=D<3ZFUUgEPPKe
zje@_{AX#t;z$ycp^x4*$6u<{7yT>=|0oxwi;k_^e3Vkww6J(bZ&M57E;xauInJGNp
zC@oS9<HUDg3QVU!u4tM7o7ka?7r8)MwV*&P@39N8H$mvM;|bMOw$&IHQt>T7lVY+@
z7Zty9-xH<#XSpi8zRMheXNs*LDSwwS35kY2swNAP6A{!ZScW$q@@5IfWb^`UDw6L?
zc`<Az({ZYbs4g!otQwCcu9eT4p@DHQkvy4->_>PtpBqoKUf6gXRIWM<AkBl1Z`SMF
zJ+PTOFi-Qq=o%5HGLjtqg?95Sw9?2D-tRxC$?vTAkY;lMcPg7j^F!Ay!I&ne?1}8V
zF?wwT>a^0^sTSXf6*DFBiMh9$nDZ+*_SUr!3BH*nCPicIHEt&jUX<W-5hY;dIlTDu
z&CqnuKbIfr)7a%TWKY=3G@&2^br`hfZpC4nc}x2SdUgyt9-|NvMA`5IFX6OPq!o^=
z!?|4kT~buzYAoURy~2hnIq$O3tCa}ztaAHCR2m0NB)3PGVzDqFI_O8EIV7QihiTfo
zLTSY3j9v$wI_r1Yxe-rh6x$=&s8cCXY~m5>>6ax>)zQSF+zkMXZ8-SbTah#`IrXps
zbi1ZF_t--#`Iv9F@JEXgX#<Id5LOG{WClKG12QE?^JS*RRJ%_x*EM-uQoLaAl#_+O
z9L|H_)xM)juu;4~)AU3Uht@LBpH_<tQte@f)QJGRLffnqZY|~vs)l1`KhXfy1F28=
z?{J#6IV5*$I3TK^2S6(7k#O1}w%?(8&!Xyoci%Bft?ZS{kZwOa5Yw2yKB~mzymBPF
zs`j#kG1V#^Q!W9ayW<P0CQJBkCv15`6YXmjh+qid08pfJ=?q_n<)<JpR%ezth0uEG
zO~`VqB*~bHjK4bIoDB4T&7Is?fS#Rg`829pUS%AniIY!MrSp(IN^69u;fr^S_1*tI
z<pW7Yep?;zj*I?0(aCm_Y%8<9u`7vRDkcPEI4c>A8ENgDhNo4GBi<StD-a3p?~I3H
z5xT^Z!R?6hiRMDr16{!P%q1fVJ{4^7%%N(4yGYefv(%Ur<%_#Kj60B9adRs_S0d^!
z!MlSKptdEE))|q9ZpUF)ud!owZQ%SKT;r2iofA?vB`5yW<z^oaPS~Wx5kf}M69Naz
z&#KUU3GE{Fb2Qjv1$m7Yhza%xj5Vib?0HkFA@W76$`9WmlN3V>JL-qR(w238S7BgG
zqCtU_q!VHJs?Z^vDVZFwl_P%LLuP*s%RSSkEa-D@1EcsAE7u8vV>CZPd~@v>&Ilwi
z;K6hiCR5-Y50w1u$s8&jFv|v3i~7yXxjOTPrMU?5_MwN@;8L{#<n}o6<C(#q^tl7(
zF*TiTx-f@nc&V$1#d11^w2lhW5&TdLXIf5=gZC?>!6jv0Qyc?Q$0>p9emCCv7hQCf
zcC{C%drPE77c;{uB#?{uLh2cIg>FMcWBP+{9Jl)CRGB$Gfa26=k{d(FXAlyohhez+
z1Of=CsB@TE9@9;N&@e$ta%Oc-5mp>r_vx4Gv*59=TyXe=v+tg>#^*?!@g1#&Hdz)=
z|D`*PqyyoS+9Aq8jUONQXuobQ-aUGeIjVB|e+5)CnEPiCR6!W4Lh!`6%?GjWxC@2c
z6$nyKI9AQi)Rg)?%@i!^sdG6Q3Q?>380zB91_ypKV{JT?LEE6nRyh;-8}AnF6GZ#D
zm+tH!JQvy+lptfY4Mzv?J0l4ciw0IL7?=^r^L=k0SvfXBF;^rZ%iH<8nHEf1-@OPP
z0bZnhUplq;di?${(dE|#qzCeB(~A&D!js+r(oMOXt8YEa`d0}zs;8bGK-`j!9Tg*U
z0e!B)`DaS#0F5*NoXqNG9*5i~ygthjX8XyqRK(?MiB)pW&J7`rOG<75f-W0CXY9tb
zwe{-C)1SRj#?^OFx~nk^y#%R0=1+TutiY6h!g4JAaWI3OR}7|t{HV#U59}U_H2qmn
z_PZtO)8=2E<o`Ux8a*yZ(2(u;Z(|H+|0H0g3sX-N_umFei_K$8#GS_5TIm{NKqtkQ
z>zEb~`UeYB4CQl}v*HB%6on66kZuPjMVf|ew))*v;ynC48$&EiZwM(@R%JQ-T}Lvm
znLmvfgMw6F7K{pC;775x4fvtWfd9cZxkkce76FnfJB(W{E46~YEa&+a+VD4~T-nvv
ztcaWwIpVO^-tWKbNfSUFk^szxVm2T8N;_NA*FMa<fsAfgX8I)TjgSgP`1_(4XDFeQ
z)4V(+!1Ix!4N%BUPxR?D<J)I##x@1>AZf~EYG^C(<(NQF2_=L0q73(9Spo6U<DbBB
z4zUdPP87kvDHHx-*t0!*WrNCVe2IMDQfMYQ+NB6x-7&1yEO>_(V>Yl*JOTTlLL`<J
zvxBx9*EY0`48=L+iI9!vp#_57n0XoIyd10Hcmujg^i3BuWnKA$jN5giU9*n$QxWu6
z!D1<Jy+um)*}d0~&Qy3^6ZkHf<o`R#F(<j|(^pfulrGfGVoTVuZMoZ;D23hOL0J(W
zA7l5savjgOS+^wqs6II|lwtT`(P+jySVC#2iG_C@c6HPl&qQ+2Zp`k|1CRV-Sh@~L
zodqN3EG-dJ`I=eOoaDtok#Qkma`{XA#_HX)wK-UN6s4!ZpuOenof1kyiGdQHytN#J
z_GMJRJH-uss$wbfK985B@5m)0{c#vTsEWeuF?(<D6-EZ-v;88=05<+s$C}G15!^g=
zoeyv~)H2C$n=E31Bq{QdDA98mG(fh_yD3u&*j_jH*&OrMFJYqD3JH>J_sdS@)UtPO
zeV&O__;VpJ6niYaLO7ORtL{l@*$Y8Q7LBDc)~H+UlY_2+b6Av-Of4v7e~SXPGbsLi
zk<-l4PUvEJ(@cO7luBB2)i`BP5S|mp6cuL=y#};Hb{X+EU_*s9&`j?~beYKWNEFJQ
zBd9$n00N~Lw#p2uFj~~9tE8+R%mY)ZRVB2BpAJ6W=kOptR52o3096V?gQQvMBcv<w
zS28H&Et6=Lw<N3vN_~rGU~u~3gOaNqQ<2rm{TFFzv<+4AWU;9ZAb(1>!;5UC?TPzY
z`0gkLcky^VM7oUI;Ok2I0^HU{Eo&+ujL9fq-h2$OJwb2UK>ic*{UyQ~ZBe*vF4=C7
zYjcw0GidR6ul@6Y<hLS=vJpeZO`NhsNt&N61J+Wjx#~dtbnA?L7`mLj!v84tQ6}xo
zQ~?MGyJymf%Y)2B_?y&oGByaV6mqq|+s~Ge0&U?(<SJSP4DYy~;bKG={V#b&Lv2fP
zy8^%Sy7)BFH3K83if>W`Jw3DQ-0}#2IlN(9&W>`NWBFt?U}0@Fih%aqRNH=r2{Q%^
z^qZj;J!xqE^~yiK&=<kr>g8_m6mh%>m3Llj=qX3gCT5%=m2?(r%+BTG;pe8ioBvQx
zZKEU@rh-EAMF2DeD=imZp#Yr0CAO9?H-VW$X}IxB3+tF99o?Z{3|eB$mT?N!!IH(Z
zy#)U^Ye#J<%^7d$N@tbuj{Z|v`+@B-eu{hULcgx_@$N*7nSsFzAeAy(4g{nXVFm|e
zCV~<oX(OUb(yUd9{q7)Vwh1;L5^}H)le>;ZLE#+3=Pfld7Y^MNxxF>kEp$~M2R&Z*
zm3Q!cG|SIIRI`i=ue;yLzJ~Wheb(bv7l-0!l`1L7HB*t|smRp?w0*pCyDoUb2MG4B
z0+$NT3SkNk1?Fqv#<l=+rG^hBj!)~n=|NS+N-H24y{E}=P@6}jPP7I#`>H#<ki=%b
z#jLZpA!#G7Rz?wKf>32-isn7OPe%At#PVQS!Xr4G!*3EqmuJYtUDxaF8H=-qYC-&j
zWqpES^of~5#5kTeZ=!1J(geMKuO6*d5`DeHh^;Xl#JU9!Tw2VwO*fJvRvseAYRD_7
z*YGMuBBj$7EvmVoB+ObcCck-%Wf9M^>P~CqP%dy84_qZa3td19yg5&aLjOxbg8VA5
z>zSO!kZsRhz7%f+-CsM<y6K8&0AQP=EgTonxDDIROLF3`oL4B>Jx4k-U)5%md!P$<
zq`#o+GfHUDvLX8_ignpi9sGRkSY%r69Oh!}I<(7Rlxb`E5uwUAYfgBTACpyQ3ySXu
zzqlPThVSfCdpIQqTrf1`xwBSUZ;GiKdFx5|%?xW=RKC@}Xazp%xH_{9O;&My6Us!S
z49}gO#(RuVV$b*<jcz|A3FKJ|ZzU-9$FeAm4-l@}LG?;t3HM^8`i(tLnqhlYzoZu`
z%$98$D~SyjCBDWX;HsO#tINenu5X=v_?AFxIe1~27of5LCrZbSzt|-qEGN>bfo&X-
zV1V?06^PY_Md#e!9CJY8$HT=;)?e~N+v2toOgSlj`@afQo2+%nE+644)(jUUK}(gV
zYqik2TkYuD!8x%pjc1tOwuQYm?9@cGrK^<%AMQeg--8)`U?LCM(W(x>*P%czs0gMw
zCck4{o7JUsFb$)BH;X-D1{)mg^Kg-M@Hl^{V<j4tY^%GQ)8J$BMkxl>CMg97U{lSw
z=bZYcaSnZ|@km~D^Jg`1nfe@*&wY1<fb@>K!LPdA$vrK?2lHp$HIUq+LWsyKkc#Kr
zRP0(40k?;6ZOr|g`085t+09w9u?)9@L(hvjuGF}srvyH187ZDBm>0@`BHegQs-NwL
zVjMZBcjxghFI=BUT5^a9MR(2>Rj7QwE1-H8z->F^BmJ@Wn0gK%;YM64)K`e?#PXdd
z>!cUBZ%&vteBG>Ei#A$mrBl{QbuaRSZ+XnMtKa*EeSDqV;o~@4Ok$lZ0qq&ZR$xlH
zlhX8>xbBD_#z$A_+TyF%>W7V}Z0Od|cum-mCps%M2W+bCT)IVFZTA!bf$Pt}^TJmG
z%>a=Of3`GvAWiB7fOKG0<y7*vMBxV^-yZDm8^p`7Ew&owA|tMtYT80ivYyu$&5emf
zl%RzjQLqb31l;=1OC@TfvN;KJ1qkMAQ5uz)A(XKU5lDRlNQdEeZV(kC`)1f1%C%<9
zzd<<rwqZN`4I${8v6Qt46*oY0`GusHu)?kh<^oUTNu1iqPIG4@0BE}IBF_H&?zvDN
zk!GALn^!yfh9ba>+ZHn*Pf=H-`6g+qi+fuzZ-y7Q8~)bD#Xgsa=K`GYL8#Y%Qqk58
z!B4x1q?~tvvItmTY(o)WVBS7jHl{!J{`aK;1yeGA{lH8g8s3<k8uN56+sQQ6DT2c%
z<G^`#TD4H^QUT~WJnPvx!*vk#JdOt;nYb(`<*H`#0~oDuImqD+fy@luCOtcCNPmq8
z@oJhuW?juk_-~mv9|Tr>9rj*QMffv_1T>GRM<~wo$1P=mO>xP-l`rERkWBys5kUiE
z-HZ5^okHkaW?1}Vy+-%5P<<6ic+2o^TLN$v=B3vEEea+iVjHb$U~$1@ku>q$e*A%C
z85$($%@PM0TjKmAOS6%Epkv9*>6<nGP^+np@v@xOA={+SBMtJ#2krY%oh#HS85_Y%
zUcGW<k@bE8+$R@(O*6p;snBICID4@l8avI#pBW+k7y~&<STLsN6pMTEZ{pyeU}7`V
zhwnssp)gAGNr%&ru2@;3{ohlrdEpe2Wjzje2PPq7@Hrv1t>|&!Y4UEM15erVd8cpp
z+n(n{Ud!4w%(DFMqosQsiS!_QB0J%c{1^g&A243z^z0ha!#(MfJ3ovx-d{b_G#@L4
z4s-BUthwdg53;>oc)B*?z2q_g$PkW~e<979VFmzgK^y!4%BtlsS&v?t;=_Bmc=s#r
zmRa5W({yE2-_HdV^+|Ib<tO0_SR#qz84190DpCdqMfT1CWdHfC4xrYdaio0>&aXNY
znNQ=#5wn5PQxsjZ`3al1SsoY!IwVA%k(|&dhr8h$kD8{fH>-ctJEgPQv)R-VptHmH
zLVT($?U(5hH8`NUCM=m;v@1aLbrdc6M9ZsId0Q$SyQXSUqz5MseFZdH6t+*6JcGZL
z1VC!uGFD8B<f2C9d@%M#e6fzxat^<LLOg_dub}|iOB-@~`=ZgvBf0yd!m*VG^Zba-
zy@|mENxkk)Gur&e=_^SfF0ItqH)icRQTd_$1r15@E5#LS#xh~=F!Q(JaWH?}_pWCL
zG52h;3%H>AW18X=@R@~DzKfuHAozEKd-J|#`ks6^F}d(MJW%JfC|4su?Ndr>^O*X|
zW43(@SrYBu3h@zmaR5-`D6-M_JjLm?eIKNNB{;ws1|IEJjHb~$09;=qof5Z_&G&4s
znuDXU1|_ho%Sb=L{@T|ZkW7?4Q2S5g)=rFVt%EJxV$E|*r*8Q9ve=IISvd$uYbW!v
ztWHb^Gfdg(&5}t}uURRtg+Lb!2rlZ7$f@#SB@acbdo3Fn5z=`|`gsAq-~)kbp})Dd
zJ`lM=!Ton6?CX5GB2twE@HriH7|j2MJyw&;|K2yCySClmbmsk~4+~>@mgJV|ciq+J
z(19Ygs@T`{J;q$;i_L~1iv@EBCCgaJhPzt%>^2+F*qieSG~F>g;R7|KIvBGZwuR4J
z3qe&8+^e_I^Sj9*-L@~wK}&8A%@DoznWd>cQ%;gzcml#{j^A34)(eGh)4W9rLJ&!K
z#z)Pg?&{`A0yb@#TAKf($E2poiy@0X^6T3)VA4c2H#|Muxjrv%gi1IY5m*eDu>SS9
z`Y>DSf2CdiJ~0atvG5#np9x=c1P`9G(#k=-+49>!D%fOB!b^ReIHMCRqWVd8PO0_^
zaOq#gkrFskaC4o_Ly%UVQULx5yduVn?p=h$oGd6YBNa`zKqLcaR44x<oT=BP)iMlJ
zQ^cB_d;dA21Zg-6Et<MqS^1K|gfs;iE08QxJ^@7txA?5*WB=n|rAfZh+8_|%<uJ=E
zW|E~JJH-#;0{N;7P0_c=lYp&iglREx6@)f@ZuRi8-5MTTS1m6vGb(;>;5ZwsbksRP
ze4^pY^HW|Lq#j+(onXS8E)}-s_FBTJ4gT;o7N++1>TCBQfU!88(KpLn1{Z!o`!Ti(
zWGu_o(>pJ4h-Y|e>)PexEc@&2Dcn21HKI{;UF%Yzu?n;KVhxs{i@@OhDW0_@*xN?#
zsH{$5pthG}HU2S>i4x&=(47n%ez(#I5kS=)%qCXVTn+rAw}tFV?c3B@$raKM+92kU
z`Z$Jn0k0jBc3+c$PKq_G$`|O~{eNJ>>3a-V!gc!T;ZQ~tRY{e`PAJy$?c%+*RJ1SE
zQ^+qwMyPD5i*be_SQqVE=c4%s8#_`n51~R}*DE|`Z73tMuO7K4!D=y&qb{@<)IK77
zu`qWxU2H<LQPneZHz*al+}5QUUllwffSWH96h(J<itLL6pJ8l3OQEGDK5dp4ax(CE
zpmR^V{_ha!OYlF0d0KS%(@C7A?Y#x~rn_{f6x-DxdOz$L6y6()J>7<MNj1A`M9&}C
z42WjUoH*zyY(1@YuyKAy9j0Vb%k2<2Rda)$3PG9JZ@L!>0fc@l^gS91lv4o$sm0E!
zkAWNE6=^m#t&!5=u6ztV6hONRg~Mo<r7}9*2h&!tteM6aS%ORn9SjqnfVQA>3z~`~
z-aLwEeI^jkb7QD4n+nHZR|X12$B#mad2b)&)4GZ~FFG*Y@Bjrm%d`BW&3hcOf;BAj
zZCjMLnHai_-aKI3!fZ!)G0C9Mn!hHLC{rAZa|INDDdgxI7^9sOC9njnNM}h!bFszg
zSYtxn&~k9sdPx_KU3T;qOL@f0>o3j|Ky@{2?1PE$Im#%$=-3QpD)H>}s9G57?Ets#
zt&j1Eb35UyKlh-3=bub#2h#yjQV~CPVWxS@v||n&rqP*@Y?St^y_YnM;#ib#XmFn6
zh2m2VV~Y1L`tz+v0wRPWV#=Mu42Yg)YJt7{BW?uw1Aof07-5>bZ$z+Bfk%QU=r}0j
z=pJgdVitL@WZrOoKB81cD2@{{F+pm`OeO&5L{Vx$I2u5?=P`y%v&xvCyC^D$JbU=_
zm3rw4%~;2kxl|c!AFid1%c_a3HR^D%B`umBwr#7(+N`_q=*?q125a=V!H$Kui!Xa!
zT!fDZshW124qz+pvWDL*l>9i@%w5_%)ti^(`cWP;SkP1)4X4?fQA`EAgZ=maEde8Y
zH>xI6mqV#X-YK}r09DG@6`S(<RNH82bVV~8!o>zGH#rr$ZQ`~?u`MsrO;&<&%x5C=
z3iE2;pIEkp{;>&Y3A#JEM^q(C)SCFagX*X-!sN*D^rvNWVl_H8sXDg385k`9jV0#a
zrN77r&J75xT`+YBb0pX0QZ&v3@snt)jr-KyZa6=mMmGe<lGJ7;-r)eP#CRY=ku_ZO
z)P@|_>*zZKKdGE%djJ!%ASS9I<byx5h#1KPxt3f5+EfL=#`U>k)*cws<H4&_Q(Mlc
zjg}u%I@53u8yOO08klOD+h+GpcOeLY{iTJ#Qzg%YphM66R0Ro1z09L-AWVV+FS8m8
zR)dT&0aC--GGQ)6Z3?~HQ;O<aAfU4}c#Z@u;lmvJLV<3Dx<P&Ds!#?GFjib6#sAj9
zx0Uk9cG5(mATIp0uQ;kIg@h5^AyOPa`;WG}@OV8=<qYE%)!fy#q8)CcpX(+9!YkL$
zV?LT)8w8}ICd6a_d%~bV2<*tTxNB`WE84b}e|gM}X_u&N@J2{(@Wp{NOH|0+Bbzm!
z4Ne8oM;1tu;!7vgZ7I4SHxDe>!$NncMJjZ+wC*a?HgYr_B#F$hG{sr^8_zYnt`ulR
zJg5^z04vH3gP)`Cl)7TFNttYE#*8wFR=Eq)!-jh(T^>cY``BeNk>TmysG@{g!6{>G
zxe`3m|F~LJGv4});`JpU_DU@A<ztE@EBO<8>}U6OW-0s+y0=BgKTB0Qf^}K)vqbvy
zeBIbk>nL#i#%X;~AMp^dS8l{$eWs?)7%xA{*k<j7Cn$u$Ch=)i&P+9x%Bc<S8Wu0S
zcBt5rJr+L!q*N}8Y4kDkGM*lq`C1jjnYLW9Kh)<O0z;H?H!#1CJ&0emY?L51>ERi;
zT=_4!FoLLu7Xkx^WMTe3uAArpA?7Kky=Ae5dYZijZY3)#1;XJEd4ZNFr7bxTvfm2J
z>wdMSEh7GLwOm1?mT>H}%I-GaMD_tufCm#1$QMz%TrMuIW$3dZkz-x!bOZyNwInsr
z$B`Qy7E^#jquBGPs%02d1~ADo)=u_$pnOwcArfN2-dXDAWpP*VF5_l$z^5%~jBtz8
z=M^=Hlhrvc*X{B4kuXe?Ea%EqJ?3gKA1lz?l8MTP(hZM)*b`kB+w6`hc@~RGW#d}>
zL7Jgiu@Ef;@q=X|*kmzAlc>*v%D((H2%(tOt%;aQUT+y#*U}Bb`pQW5h9@gJx*3<X
zR{7*xY*5w03mp0io~Z48W!lG=u{5nXhRN%Nd#EolP;j<6eK`7V;JflBy!dTYYFE5i
zWnO3=L_Dt&U;PXjXw_NK_nvEHpq|0&=&mVO*Yol+Ja|d-Nt0!5@{q~h2Z97adxkX|
zjJH-fh7Mwuai^7OK(^mO&B-jw&j_5fi!N>wkD-F@D%;KU%q%8L7~;l1A`CO&WuME0
zdBy1yRL7DNnB;N4c1eNvs1yrTrZzlZ?E!wL>CT85h;Obn)Nf<pCx!U7T=e&|j_euo
zQiB|PSqRJlSey9@zDoLC127*2Bvr5J4=@YBH3~8#8OVKoVUeB(h#d>mPXq}_5fQM+
zNmyVyx0@Q${_ixH2QM~53HjAV0VVi3<l3Oju5L6hZ$>pK%LZ@#qsNbO?3{8c`a3id
zyZc_H?30s*Md6C}kKaAZ1~Pd<(6xboB_9sEn8>cL@KnbXM;i(v3b1?T3<)a<Z1>Z}
z@=7pkkw(R2<+z}e8;b1HvW1?Od_l|*GHvChJ-)VE9=nEs7?GBei!5EDuqrsyfj5(4
z(_|zgTlof{=?MU&^fIGTEXtB}hH4cwqvzpMVx~t<sbd)ky&a>Iq!bB9X;@N+TFT+5
zX>!%Ej!hvg+z&E0t?ND;M4_23UAbPuSdAZ{f@Zo3{bOVuwln}ad7D!WY~E2Jr#gI3
z$+o}>UBE-+VjZ7H7exf55FeBeq&3=s+#H9XbvV>{*{#C)Dr<oAMn9uSZ2VI=49WwI
zMKCnkD9HGXkzJ!7dvF3bOlq|+#9Pwtuy?I~J%h?x*tlhX`x@TX{YEz1V|(d^?VW(R
zSuwo*!rH)T22J`;%}co@k7*v$G;<*_?dK%}HOf@ukMK2{Lz`<c)yHnda|yulhI+7v
z?JE2HU&rO*BVlV5<Ijax(r#9VxUDuvG<(;5!pH)ka*;n!T!K4_AViv?#a=dH3gAvS
z?1`J_v%1rD@+kv9c;n6S7gA)z?|SZ3Za{2G91?6tY3H3Js~LHcgtovuJOqRxy-nbR
z;&;uoUVO8Ag5^2<?-!?br}2}R_hPubr;vt&A5XET>5m2e<xh<-b#Rk!*4vKrOmRl6
z2Knl&8C|WhQ?6GLY~!eYl`#&CgIkAs(GGU~mgqe5;#dQ)LSOJaH&l_43GlC`(=rG8
z)HxwFS3LChWX>cv=0+f;Wwj4|g{X=Kz5mF;^(;b9z>8XXvwOipy-qCIqn;{Kxspmk
zH|LzcZY<@3TZ$&^g(QX+;?6vG_1pVv3f0{+P8lfhR{jpQJn}$~jC0?n)f)Bi2^F1o
zfgFk*ItJ3abJg+=c<Ls;R=Y$VG_IZY?~f7rt(F)mBeZU!+lFEcgyp?h4tR!SAXA;6
zf&^+jtoQh(3|OXnV)h_F=D0i?#MEA$)ps<Sb}&BHWDwqgrk-P+JCl9En%1UE+~<Q;
z)#B^}lZgjhIFFB|G)TB}9X|kt47CjPY&b_|_aI1OoF)@WVm2TEQw<bU8)4K*MHc^%
z5P1iCaLtm3WLL-zaa1G?tQ-gwi*?3a88*&N_ySp=`{&B9jJt$`^B?;h{}XYrwfqY{
z^s>dTC+e4)CLY$&`Zb(V<BOY(pxUWZ&P=uO1r5oevVQ94MCTg>VX`}H7}DqEaukM|
zYIRi5IX7XiC=ys4hnfq87PMmKE8MtX%x)yMtllaHnBtE`qMrSAxf0Z;yIkeghWD^;
zhz*0bx}woA05ur;K)lXUicWCRvNJg8EVan7f&@Ja1E=fg6|dLEt6AS2O{{Pf?5l~=
zFXZ7g?2+F7gYXvF-59(mNNmyhF>-F*2#oMtYRX^d9HX=Wo!R}?S4r`IOR-}3t!&pd
zrGGPeT?hq9$!}p8m2v5#So^Z&?7~~?x&G0&rse2rg#g41#>6iR1yoh%kDdpoXyZqq
z+aRRNWsgi#uixyIXd(=l9W~RxvMb)blokCRFPf&c)t6!j0q<Kz)u+4BhKV`8BtCe4
zIUoYZ2tXzvE)Zc5P*58tRhcT}H)f?b&L*gA0P~Zsv!Jfk+p9-#=?@Z=urK5RUyW*^
z-5mDg&1=5nZqh%<Jzf!?u2Q_*_mxe&l19cMc<afE0B)Hf!yVKAm3JsNg<xO!7K1N2
z(VP5(G%JZM!dOAg$?);qn?w(eQwLZ^*PBLnK0G(HfciQnzSQ#wlvngy#Xu;ENEz;x
z%Sek#o3=a|)AtVi2JQ9Yal?5HzH>B)dqqy_XUQ}1z-KvW{>NGj-h(mD+n!*D)&IM_
zS0+;sG@C#7`9oyF7&3=V<IJGu1h`w{-_3_m&4_bTsK`y2KD!L%DC%$mZi=qmD+_KD
z&~{p5B6PO-DxO(-Cc5}9zqPb~4Ozm!s!Sl1co79UttFyUnqNrl@Ie0STrH7ClF>6I
zQrA4H7b&`xYW;{#&hhc4ki~2g+g{7gFjCD*<th{&*$nY5y=joRRFFpu%+J=e6eFzM
z!Y!SylnonNF^7lK2z-aT$Thk+*%f6VnN>wXBZm199G+>MHx!&5x6mrJ@5h-tsRO37
zgq|Y<U;67_t6O#?P_@}kBvoZT>Ht)?ga_OVbUGW?WUZN`4$AF63}Er&=+@T@Vc=Sa
zl#I;1G{fx7t|Db%t1{AH=mZKx#o`RzLv&_K6oAp#wr$(CZQHhOJ1@3vr#oiHwrxA_
zAM90=8sEXKv%XXI1G~y|V9>rvCf5Vw?8T-7-A&gB1O+axhj7hF**Pi1Mk9;Y^G;oi
z#0Ay`KIlt%AW_$|udcUW9g0AszBgDD=8R&kwPH+}!<+to<NXJSFwi7ET2Mo}u5}f3
zpKUfR0a%e9so%al_(PFxKQTFq_J|rvkraDqmaF|PITDm@qPo_lHx>`$;l&b&Ota*3
z_|trWE08XF(j~ghMRGbPjQ_`$tcL&P3E7bF`5V{e0J2`JS8IJ0dV@<4zPVVMJ1I)d
zFdd7nsHTQLVEZHWC@0a?jZB_-udCn!;qkv_FG{c%D%wZtcoxpMYP|~3-wtFG#w$#H
zeo&}p7FkQbwe)|nWjtI{EJVHM#P77{PQ{0;C?vzv7rGv9c3sN|38`bVXLocmnT=q3
z$tz=tF|8$Jvg1YnMJ7Cd(D2C=b5fvb-3nW!-@^_r2lji%Yq8Y0`=W%5YnjHvXQNzI
zwl6~f|L3+?LaRBJ#u=w8d7Z=0+yy5t)QvGtc27(HV(oN&!YBN;|IG-RsQv{iYQRo5
zD*$rZSkBnIFsh|~@2K3UWM}yl(D$<RDe^W3)M8)Eo^wK5>wLP<AJpwTa#O^He$A12
z=WiM7eiCxpQ*d8MgEPYJ$cD902A?tR1I!CQOR*s-niX!9=jgT_zgRqwg}<doX>hgV
zZm=~k)*TSq2D%{BAVsvojP|T$MyD>m<1iALw9<qKTlMybHjsFV$YbK#2=f&dC<(2E
zk(lpx++-`$S6G@Vi~o=2vc^U)tBTh?lZmy;4~^%6XRo&_%sgegk~-^LZ-each~tMf
zYnbySJ|n%P*lL$W9rY0R6mC?^m)Hm9%06Jmh^2QM+~B2t*g*Owm1W>&w6I1mD!uYy
zwr;c6+4WknH&xX#jSk5Oe)~faDWbn)nnDO%cBAbx2+okG3&oE?w!Db!TTbd9Mqj!+
z?0xAqX-X6>I*6*aWjA;)2%NT$qD6~)oG~|H+%*Z`x$oEpD>QGU0HR$lBMY4aS2(Wt
zM3~41MpQ674M&`=Hu1tJ1{QZ{04N};08dR%#ZGMasYQf1s4~_76O`4bYe9(ik7t8$
zH56QQp91D-4hQ^rNIAg;u|7sgVP&(2TZa=4JK%L>H7p3a+0y53QS>7z!(XFztM{8*
z$s0ll^oJ_E%fME&Ve7e26l{jf6SwdHJ*I^oP{2y}GG)F;<Y_ZV*daERJ5QHMtJZqG
zB`aCxz8ua^@qC5u*S32zy}6mOjY`D?$4I;LKf-ft65{9pu2M~v4_whpHW3m4q5&<i
zu}hJ`5_XIZ-E})-80I*R(r8i$pR`z;t&4*VTId`={Kv7tpo}kHGdM6CC;?jE>005u
zw#M{(^`%{=^(Kjn%SoFS3<U%f0uTxi1`rMq0T2lg1rQAo0}u-k2M`aC0FVff1dt4n
z0+0%j29OSr0gwssA3zpBHb4$QE<heYK0pCLAwUs8F+d4GDL@%OIY0$KB|sHGH9!qO
zEkGSWJwO9MBR~^CGe8SKD?l4SJ3t3OCqNfKH$V?SFF+qaKfoV=zW@UOg8)MS!vG@y
zqX1(7;{X!?lK@iy(*XYfW&maZ<^bja7629jmH?IkRsdE3)&SN4HUKsOwg9#Pb^vw(
z_5k()4gd}TjsT7UP5@2;&H&B<E&wh8t^lq9ZUAlp?f~uq9snKzo&mmpe}7*9=PSS)
zz&pSPz$d^Lz&F4Tz%Kw0G~k|xG<s_S6=t)vIV3|Mfh9Q$3~iaCvL3Xz<mgLan7F_;
zUmj)wgD#$S<@f=JyESA$V&Bhm^CpDDj*S)jfb?urb%PaPZDd<TyL(u(Bb0r`%g7yk
z#8CNoD1=dCs7n;dme&p%Oi8X-tn!piB0<ell>;<OUPN7#hp{7&d*wI*$oH{-w%QGJ
zrA7+y5k1AL3QNhGMV*K7AGM?O709j&r0Mi0CvQ3@H{m%0*}&WdLf*SvYEE|-32bl(
zLqS~?mF|HpkB)hbS`HomQoXeCyzz6Zrgi@s{oTbenOywxgd^ZEY58Bw(kK=|!tS86
z$l|jdGrULWtr_5J926I19z5zz;&L4Wnv#a<cyYgyb5E!m(n{W_H6RfinwI)p(9#+b
z$Lb~L0auypnqIZ(ymGb<Z-nkuGMIXdBHHPrEYxzSV0cly-I+!$9KHiQ9V}4Q=|!of
z-?T15!>CoV2o0hIf(>x3WLdqzzXtdTY>*z2S1|}M{*zh6hGqybRfiK`n+pt5>zCpP
z;0s1BaaCE?&GEmBKq{Mvs10Z5jll}}j_7YYiR*hKu@tm)jO1vjkX2WC)wx4%*C3Fx
zXqx+lL{ov2fU1AO>~{IO2HXW=3jF<MkG>$#Zs>op;e=8QMSytf<=}=aA9kIjC?u+(
zchZ8faQ5T-F{9QvCikGn9O}^2CO#FuoSQ7Dz&|WE1o!DNY@9mn&bGJuE){4{-*Si_
zIu8^C)HS{WN)o*;32fb$n||73b-gtBT{xK{)9~(`e)lF6yN+Qr^Lld_U1QDktbHx8
zP-z@WBRzgwC@rqR3=vBS%i|>|HP{?C9jyT>vwzMCg~TQ>|DGe1!V@#NJE_&)O=XV~
zsc>Q%V9*Xr6onfWPQNrmRMls~k9~F=+J*+!N@TV1<=qV{YU81XeQS7=NjD~?v><{E
zB^J(w-!8MaIi|wTi3|?h0b}^gfDOk*D6??T{)~(ohiv^L8+@#Ur8oFQENBG|IrY-z
zXh^ffBTJWl;dpM?U*2Rz+(Xoo@d3q|C_v7&T_Co*d)ozq{TGR2SI_%M{AkErAi<7D
zb><@@dwko4rjFqUsTZ%$DIIga`y<<4m&Gd(>JNEt-?SgqM3JDnydi01w6!Ch-RH)r
zRt+_!_9Sx>Lr9VL3e~FpZM7~+2;I`_Q?O-K>f|E*W(Q7zmG_!F`tV2P$&{4T{O3m#
zF9e(I_1M*6dwEXl0;uWns4;n)=!N}*{0%N(cbui581f!YlCBkd-Ydhj?#_th{}Lqs
zmV@%BopH5sg$p>#0~v|Qw7Sd)XAYk;Z;>XwXANG^vLC7KyF=+HqT~uoya<25+1cLh
zLPA{JTPn}AQ&<*yrO+6AuHv5z3t4Jv5-bBNU$<MC_j}4jEH>(1LP(U&{+GiZo1pZ=
zhZIHAXhrILQ>-)^jKeSxt`e{jplXb=<4o+MFWOGv-&r5CbC#o{=|A=`^r}Sl;e<RK
zN0pPl=*yuVpu|XKTcIeP(&UNBc?DM=lI%Www6xqG&w2<nG^^)P7|*JTuJzGiIi`QV
zpMplpzr1#dt!TA71%)Jnc<Cr@FT#MNAy{rK$-e^rq3M-$lO;Oyq0pMB_GFE{7~KCW
zlXCUVG_sZ7-CUmEM$b9O|Bxqq_`^NH(zmFLm7znQ$$;fQvPWhZ+c2UFqYmc+y%<gI
z1MUZ_Y?PasR~$fV{#Gg!cOk;VDi@-nYbmZfE&+Ps{frwXfO7}T=}3Q%bcjmX@fTMn
z*fHY|O@G*@>Flr9H#VzAf0aQj&Iz+UO{o0qW)gzqyW6wtEX94(xzL<>QeO;YsxxQu
zFo<z>rL~r1p^Gxel)^gkRM;BwVW}Qy{Vv!i-@BpH?NDpK*Ev*J%T%0#tBWOfPep?S
z=o(PqHSF5Qfp-CvQ?_WhDkJ4%(<J1QE$5i@l(*H)P>Mo3=OjP%ZW`lQ>SDZsVtcWM
zj>;?G$?WxJ6^3Hrt84UhBu*7$zTeV%?>}P2*^Ve;sJKq$*ZskWmRR-3mLsD&)`tk~
z8-IJMi!HWxzBr+^I{CRgP?AhZ_9Ix*><!%&k5c>G+0J9iGvC3V(s4Z~f_zS2@?Z|u
z(?N=qSK))-XXlJL>oBQ1@BS-_TnphLM5Oo(@BOjKomcGOhyDC9y7WKm`;;}N>3A4=
zlRDhS>#p+Cb*wy4>fcsGZ9~{TbZKr5dQOsI|EVIENg|At&97Nbx10UdzC*%<i};I+
zC9Gi(p?I;p<=Xt;Sy*b%VoI(<|NNvo&h%X;8SyL|Qegw{R?~$th>};W*?RcoLWA^>
z+_?0W(a|<Y+4ORYBZE50&UpU&eQZ{9KP`}PC;{vi3_g~<(&nDXy>x{9=G+^yW`E&7
zU?fz1tmX{ybSH}Fq-?rsyO;%Iu|z`ijk2>pKIO0DTOtD+w|GThP#9LWyCaI{$)gg5
z8BXb|rwCO$t6AOn72Zn1yOi|8w=;I>hUq8%n7WxW0r}4erkCYamQ}RJitCu-mttqm
zOP=}W9}ywS-<?fqs*92s$k?Po9(V0;iOOiw6K&~A=WXEz^S~aw;XX~g54)eg0gfJ>
zwcFW)@G`D6y&oP#Ma_ZqY0CQ!ifn^~8syEc_LbNV?MLo#VtyQTpRC4{0rWQHX)fqN
zV)rRkQaE_E^6Ppvsv+eclm9(~QaNSqEok*>(~IVFUpDtjYTrzw)f}+z!KP`ifcCyB
z<No+R-N5DMRnlel@>dFhJK0nNNzBIQYZ55+((!pAEnv^*0Xy(Cw$U3^h1V*4uKBtW
z(`fx(E#tqoi`J2Nhd%5o>aqGBt8@_KjZ@(lJWJO=f_vy!H<%xK&Z%&ytUr_Uf$|N0
z>6;8t?kMl`Vy!KNZb)kyW5=du*1PS)6{imdaxl$c6-t>TWjMb}*I$;HjqN(A0rPPs
zDMIDOs*|(^q6U|WL6s*a2Dq=7NDk72iMBaaYR(wJwQ2dBgwNkpWMd;O+9ufXn(6tZ
zRDCp04{%zVX+$p?A4IUxG*Co139W;yFP+&;6OlM(v=(Yw&p1U!nQD;oEIScEjgFXW
zPdq!J9280`=p*z+d}~`n)1KEN+?mJE;qUswnQ^SJZQw8rf#f-t`CuF`yKcgrA{&1l
zdfM%I53G9Q?!M#_w9kqJ%8i;0Mzr|^cc3W8{9Rp}hma~&Vm(I}loPu8)3Y5db|1Gi
z&-N8h#N%*uYoOzi`xgNrJPeLPz7g>}J<jI^debJV`t<RgAltea|4k`}Aju@!06g0k
zOIGF|R!FOqvwU#QA>7bp#fMm!K`VQQJd|}E8NX7fj?2c|D739&<jnjyC+=k{ctM7;
z=u^PV>^#Sff?qy~b~^`xJMCU-w#^iOkNWwli}u#YR4%XGMm;A`<~8bZw$IUat%ek#
z&MP1?;>EK6Q>xeqk>3IOBkRNy4}Y#71Wfs(#QL_yY-!vEqa1u9rt2A>w`kF)fo5G1
zI;$-h_sfN&Jp;X<u;oU|TFJCvKM_#7^H9IP9wVjfNZ-DhH?G(B!!tbl+gJ=ySm-G$
zD}wOtMrKp45%~c!k%Dx_TmLt~ERT+ny@e-8<=AmxID*T~)DRH^>FTL4_CMTsS%EMl
z6EU^E+TBgy^yFsk@*H-LF;dy!f4;n&;0LC_n!-xST}oyHhymScF_w&0^mkheIGk%%
z3;j~}`A#n`zvTsk(4PG2b64BBhMRt*-)|vyOWEupByjq3OWt|;%@8Q61;D~uWcU;X
z=lyRGc;b3^=2gcU&315JrLk!S1R34vjkqisJD7;wFx=5qM3B-TyKO@o_)zs)E-C7e
zOu!Cfb`3Rf{++(e(iy6!Cbd`_6SjTA<*X9Jg)6+}9eGmeUc_IeYN&tP{&?n74T~RU
z>DY4zwce9|-&~8`A+k#TU>}{B=`S4E$?#PF!IZ7jAq<fA24Yf5>1LU<BeI(R9q}}_
zVHE^T!uNRK1ePssMLZOJbf-`6p^Ytt!1`N5<a%`ZA$|39ikWyddYXGryl(wvTNX{^
zsT?4{<M<!R$uEQ@w7V#EgDTT+^lW+sm`Lj)u3yzd-$Wq)N2WcE!5gpJFDC+?NDND-
zY%3CI^+1<>7Iy+4*@uy_`Jidvk8HkK#bazrpz(r?R;nM25=GsT(_>_#mG{~o*s=;2
zR(HabFjA*##k7%dBR*^?a|#y*q(Y*~627PsycfO7)wIoDy}q>{jq5wAKYsgE_g(=_
z>h-}(vEQQzvcX01r?%-qdj24CR`mL3unE+GLCSg>^H3PjhcK;2`7`DI2LUC))e}X3
z*lq%biOMvuNBJgJGtHXjLanKjGP|FSlJAA;<e3sRi6w)#G=@&_R(niBLa;117iw&b
zmoEpt)H8>}5}&+_v*GX*VNu_RcpZ1qjqbOD<}<r#@BbY$;?IreE7CvRWA|0j=bJv>
zI|#E-j#^SMXZp@9(cU$DJNa?a)U`8RjVl{U-#;gzMRUiV+cYPph9DJd%-)&5!dF0Y
zqF2H;TL-jDOOFd9z7|RIW|$#65%RXGhOhZ&<J#fXhjN-V7G^&ET$68)Bh{JyldI+g
zHAKO8CAEUh<5FUW-VYPN)#@c=U`#pN%6n$%fz`w!i9JxzG`kFIcd?piPCsoCuKz0#
zCu4s0*(c(J8$fXn!Z4PD0Kt;Fm%KAA>QGNsAbRl{Rl6x4jcl+Ior^lj=_wi+K;z^0
zqi!x2e@&jH-uKe!DcaGaQFLe=nP(NV6!l+Ca0HtI(qkq1(~{IuINZAUJud`M9dfB^
z<w@yYd(MeW5@Y+cOL*58RYotnc6&SjtzmNj{deSpKODikeBxTuGgKpLsoG3S$>xoL
zKTUA*>wTC+Pn!e{ZRRt>PQsqnUhv*YqxI?^5e_CK@(F+LrbuK`@CqR$8TY8A|8OZJ
zEW2U4>-qcK6%l3g@}TL`HEFp0Y!@FXRb+@_SXJ#E6u7=D*r+~LPkxUrE(=aU12g3s
zWhMJg8N!XRUYH%8<@y<q+`Bsp=x@_Z4~r{hK(oTN=s~&d#SZTBa_UvR7ycr%=#5eH
zG!No>R6S-GS(_k@5~#>fMLPQ#$3%a^6+NFwg0RTFH7c7s4U5{aKnvFNbsf{Z8<^^p
zXG^H^xw_D`JCRuNmd9tu4U39qZ<`i0E2x<?*ivi=?FWDeoEugN-sgo~6lv2Cf7&l?
z-Q<4?Kv$=fl{X@57~u`*mD^<b546;CDi|Pbti8k?j_nIkixF+8@4R%L+a~Y07TE)<
z;p>xfT81Hx2(jx+IR<tZn8IIGTDTGrWQw0;;DkrD{5Gn=Nu@f@df`c&g={`(t-)Al
z?}AAUFRzrs|M9afMU^f~Pn56?N)*;>xFIWABz{7HR{~lN)C<!ilSjIxXwazeZ}%fa
zjLqky#b_u_wq#16gluJ0JScI<R}lJDfCS&}XF%Ld0bcLMk)%pRP+D`@r_^dqjGc_9
zX`1w-lvsM(1(d9brbfx=Z1P>HSD5T+mH%p6#d|;%%6?B2QQR@;tcx!IE0>w1w~1r>
zz1>k99mzhhDzP_NHwni!)Yec~B0hGbI*}#US;c0v4;U(jb~^F}ncW_4ENczkX$S`w
zU_4x%4NeaB&)3A!)hBGHsr`%T(Y<UU;TLe%;-$_G2ojmhb@;HYNGNF6(ObZwhcjL`
z4@HWghxG2aambY(a!d}|9k*{XRdCfVj5EBBfta}}F$unl9cwLuS8JQ{qFI>_dC_`p
z@*Gv~4rZ_ZMiv%e*!G>iB^LiVm3Yn}#3~&QuY{cesrP0O=xwo=TBM<Su;+)|M5oCO
zGrl;`+XCuf$)uVt+zG)K>Llx|<YP2Tx-b0LDiUO)2{1*6P4|CO2(b9WX@wTFfwsPe
z>p|^SSC;12tR^?Vmfv}M>D1EbAOu;^JR0JNaefab$QQjSJA%tboUV|BTOBTSNO=W(
zTDfs4Yo2o=Frn$U$dh)8RY?iQ5$?2M7{|UMxuJHI>Juj2e-_CuHhiO>-S*wnFf@^*
zKKVJt|1rAAE429?<|f2c@I_PjINynCZWgIKe-5G6z3$W?76xh|1Hnm`KGHI-uU-4q
zYMABXw?BCigR4H3etyraF;r~$ivxkP_-Ln$_v>?D-H)!R-b-8K#wl7}1O&JDG4HrE
zk)QU{1${O_=U?MPbf$>m^ONmrank=Unxw$-8&Aew;Vb69NUJe^EjSS(j^O&wihOZ2
zMn;$*6p=#=Z?KXI_Gw1G-4a?0eXe}JGR!vNb;)%6%m-aQt68@<UGfOr_5c%#6t?d{
zFk7ylS3PILCMl|`#LhM06|wihDTB_S201m^Gv37^3cbD@KOfJ;N}VfGK^VzjR+3pv
zDf1kRP&0h0qH5VX2oAAgVr5eL@$XLD=_<LN=1oG;f|ewFO2wQ0@#!mXn#d;R`L~1>
zBC#kvNGPztq=i+NC3`dK%6I6&AmM1T>l>el(qmPL7TWNC5i5@(EiBVIU_V^{xx&(Y
zWL|-+5m>eCqn@!33|35BTtm3PNI+em<FJvg*J^b36|+Z_Ri-*`VdVtx9ulkwr9tGx
zM>3f$)g@~(?ei-TV{qY%B>M5-MhDLqQF&bk5>~S|26xB*df96(bot;VYixtPqjTcK
zmh#z*dI=pXX9~d4hynI9pBN62U~$q7)6cfa3@B)fBb#CbxO2(YE4~FH$|LS;fYX0A
z+i;Pjd|=ywsDdJt=W9(Ygb>`JY2&DHiZVTJD02U2(>Cc=pAUv<tknZ8AXX?nH>y1$
z1~a$T?Ir`8k)N`3@<9dSGCT8|+rc1SZ9Q?1jUccrLj8}lU{?!txN$HN<^e>U*XYTf
zQYdP#Dc$LgAu@uHbu<Md)44=XA+w=f!|gUGXEr0WvKn8?JO;`;ntwq^uzT{PhF1Wt
zYhHuLzTlyyYwG1cBLe$@v{B#vc}KN+S^-bNypX#l(?6f?@c;g-G+tq1+@J<@WaunW
z-Dh(p>nAlLb-cjyAad6i8#dBX*F6g-s_OR+3S9ApOxL%B6#yAqoibxWp@hPtUPgER
znTe=TSv2`&so*u0!)J7iLGm>ZagU#lmN;vm_Xln$!?yj8CtsM<<?E!AbHc59Hm9##
z4_W=nmUY-W&DNsgsW~mA1S9UaI8MW74*bgQEe+F~aOwy*(iaATu}*zK%aSm;t1Y_t
zcUSDJUUh)@!>P`bpxVyYgqdHOjYyl?^GM*%SWf@W#{)Q=`Jn(m3}sF$Ed10rV!B_y
ziQ7{=Ip!H6A%<aF=rR?Pqpu*$6qv|!3snKF8>)p=3wMKCaz;Ekd@}L;1BZz8YkP|e
zr9M}H#^*i61V8YORnuR^OprWQlrK2Fo`^B*5u@T<eoh5=PCMdM#ivCOB^k_@8w!1n
znolt~wu`=O)#uCgnZ|N=@<3*lo=2c-xV2nN{?Gu_2HxfMXxO^@gpMZEq<xHPS<_@s
z;(>W}(uA*7OOXd#rb8?&ru~_I`t3Htb=n;`W|@LM0?9(T%{P~foVHPl`<c#n#t7mb
znN7wKaf%rTY+@>!oams|_cK2HlwI8cFT5O9THb7gJ-G16jy)UlUanC>rF^C6o`>us
zPhNPWp3<^q_I1bSF!D8tOFjV$e~_c7R0j(pP0Sx3!f}ZWtN<D_RsFG^8aLkwDch6n
zBmF;IW|hYfH=X@n<vMX<A&W2nO~g+^u3#NJac(NAJd*f6cBBiVhl(w#W5kDZ^erFP
z-^N`Q)yL=?t*Nq~;2ujbh5(Oz?FQ~f3v1)iQwHtsytR9QWE;ug4kr@iQ0LjT);~Oe
zhL!@|6k0dTSSzgMrkMj3$Wt>i`?_JbVB}nCO@;5>`D$EI7ath0G0hVZwq|ldiOwXK
z4gTQnC9;H|<qiFdV|Y#Bp@>rTyTXMJ<K&33)<`9!SU^y$6?L`VIy`9%uI6UAh$YcR
z+V93oE{sUpJ%!p)ib6;G&9Xsj$>+8mD<K~A3qcLf>cQMcfzRKT0r&{6=ZGe5zN);I
zVGBZsFZ~Pb0<Z1Tctmzm-n2G1P?g}KH|$4tBSKzL3k-LaGvuIh;8r!io~Q+uO{~fr
z{hG3|Fz;IY`Mm`!a`|rRn94Z=N`}(JnYDh>_+a8<UcCP(k{I4t*eqD%^_8hS!Bpqf
zVzlBoBAzharY&;1FP`1niuaTP&75Ib5--{0mAR9?PollW)aO3bwr@nM7if9?j~ly>
zXHMRovk@1lGH9S+Ed{2Rq-jHz-nsHW)65sbxnin`r`fUSzphFj53IZSCAVaCf@z8(
z$T<Xu+<WCy3}tGGQdi21(&KRL!;07soWYGhs)l@Ln@U^PA9CO+$v}Hz{XVzTJM>C%
zd7$zKw@YqhqSDAG$SDr!9!LU%$C7u|lBdPT{N{D}PgaSz;Cr4U$zaWn?YpaCxFm0>
z?)`$RXZ5aS@{?x*nBLMDq4yt&L{A8rE`xo2WRS?7<ZHk(Rt0>{1fpmSHV^Eqi;Qja
zEI>B4`t2+#GR^kfN<mDqd9vw{`3`$EdPH8bG;br=eLMUoLLg~$xnt;elwmw3>1-)3
zy(oxUL>>KmJBITpnX(q*qy0BrP*8-%b5aeIL1x;*>c!yVl2x03%bxlWbVt~^^7E8d
zl?2w+r??Wh*O*#3NO+9^mB#vew`)yf7o!>*ZKovi@Y%A;Tg4kql(a|&JmPZoKC21F
z)CbNRu`I^%)~UZT2AI;|C+&*=J<}_3U>zIj<}R|7_H;+Yx!H9CVnVlk^U*&H&qXtd
z{p8IU<zicEw;qHHT46{qUyC;Mf{H@)Pnmv;&_7-}Npt1vA;=4n%g?3dKRWYt=&xHF
zc_+M79-7%G)}M{|^1A~672bRG$=iM*^sx7b>8;sanw3?zej<3KjmqCdP@wF(m&Rnm
zI9pel-1ScXBlE4Knv1(w+x)jYjdBr275#0vk`Rru<oeeC=l9Le@x)m)<j?48AX5aT
zg3@#Pq*<?liKQO=HHPk`oR9+nIHsp0^RzwrT_NA5^7L2wIkKMgid4Bct^OhG32Nm6
z(W3tnl+dR4ac)HT&#a%E+RfbbP=(hYCH}-*4lT7E+W)S8t&iw2?jac+(FaxSJb4SB
zF}@j%JOf)AJW*j&NQ%JP1_g^p>19@Xe3S4F>lpJ%batS|2;-UC%IWMjr07TGu5y#U
zQgc{3R~*DVge+64x6UAO-u>Ax3P;>T4|@-XJy;Ik$^JXQHIQBJ$~Ai9^7d)hL+Xe9
z=zopPoaUwUh83I{9d%+&`CZd8QGZK2`Y%r}`PMld9_sjSxnwLn^JM1A`BYUxqgdt@
z_JXt_4yFBd3vMoUzB%dLe$5rig~ctY*hhE+>rCDl7f(#_c;VMVm{AIJ)pF}X?fCPI
zPV!uf!)B%F+?LWU1>rx^Dr&0;&ZGJC0iD@L5pFB{)C!ePmOE|u@Q=^Ku&Axvj(hF;
zUb%J=yu}p`6SG15=;6OL=+ztrlCoXXM0PtqnNXgbV4<|#_mu6>P#thdvE)QEo&>eq
zuf!YgxEF4u4#(&#sQpBXDG=xMbgoTcv_-NjTwA~L28u$p86tdp>&ghPFpt--%auf}
zOW;;I6qCNWAJ+%|OV_{5MQni0<=zlmH!?pq^Deg>q!^w1%pnZ{VNk5rPdC7JD)yC?
z?gv-y5uc*+W^d_3#U`ZI6|tSI;oA&Lp42XeXz*YtNa}yB#1hkq7z{>iDEjsf+O|Rs
zH+pfhele=m<K#cI;E+S=h^s*Lp!-k)5S1_kaWw@nyvZunuIaP=2+I((nC6z94j!E0
zVtlEWCA!`Qf5fb{{J_7BA<YN$3V(aB)xDTMe8i#?1?BqjnKk9L>C~>dY;OF!sk5Rh
z<+a@I?G*<?5z0|3xfTV$mrn<{kj*zrg}2g8W2~$EFzOJJK-v!EUfC7S_py3VL1ojO
zTa%<?yO!Lf3)7X>dGmox?pW@3Z^~$p$jKS^f<k`_la6$~Mlt7Ih!9_bi3zGyoWeUD
zf>cqGVGS8Z+#z+WDOnXybNuj4tV;Ji-g2M*f~5J^-JAU~lZ6;G51ALkxy`#Op>V@6
z1gY$TX47c}=irN8Cm(#l>XH^dgNWr|8en|McZ(DZP*?KI!?`7Q29dr^CA6q22V21i
z#{oVSAp1iEqR-Jl;9BI~;c81Fx`^dvA*Dg@_E#v4$}{OFF<n^Tdf|<P(zrnvD>d9)
z%;0K$4{R=xr#4(rFu2XO`Y<u)<0^?zz0R}`ysO}mw{^g-22<eEWTW%q5|b~(bSP#*
z;|;OA1yv(8(n*ETyi|ht#xbP#hGyzANB?3Ssq)+q*Yo8X9L&WjLyneCu`yB6Nt}mn
zS29+4mG!Qdi+_`P#>>wYwM89Uy#7i4GM}L=BuIKHx%#+_iL<|&&rB9w=X7fs5Vnyi
z$6jMt>)u7Hjt3q;G=^hAy*`~5H5Yh#Nq76@iWh!ljwcp23H`ni5LXpdOYZ6EU|m<Q
zu!*0)`_tLb>L+ggJd7p~?|q$vN9xK=z|*ZVPIarFk;(DP<xnoA$Li$_fZe9)pzV>f
z-$5q51b@V+!jjF}2_F{svbOs)#)qz=NC&kEUWu%HcqH4a&3rL5vZol_{aew(HkO-0
zP;^R$n&=?m>NSfOhuL<mLEWT`#%lUc`G9DY!#+P+YbsT$f*4=a<sk7rSRO0L#OFqF
z%8=aflFU<PhPB)PQzN1#VBPA~_b3=@GlxFI1^B_TLEoNZJVs&i^MyoYN#XGuH#^%L
zoNtWTpTjk1gDrr(P9*G4zO%C()P_)kXv4w~GjwfT3=6j^n!iImJ}1TJJuSaKO}x^P
z*kWncveE)qHCF{b*i@BrpG3HwY|HAIs%D|}Fq3#<t{jpPa~}~G%XqC6LNG<0-s#ti
zcg@M1?5OF3(A_7o18N1c-M};%S&dqls$iWt=Wqklfy^Syh{bU*D#BGwY;2?<n|J~;
zT@VsPD)|!DrJ7cQIBw{=!LFH@4%d;c(kYGxs8h|`IxDrz<3H4>okxV70@@X;pGQAB
zL~-EZ+ixlH;>2TrVRYb85IJp1I)&*ubqiq!W@N^VlbL7E^4c;=bU}S_PfKeJFjLFm
z8vl$PnPk2No4V5t8lA4KF?9oYniUJEL(f@Gd{VWNay807&2iN|Z`a1{?6}0p_h+4+
zSwK}gn2B&Byv_kUCLSh}u0T@M#ZzX1)eRxv(5;;y6r+X8OR=_YhjC17V3O+#y%fbz
z?WiDY5hui_df_g4-Te^S*(1S4M_V8eW^VRn`aP-AmYHGvF-n(*;_F#1L-$&glQxy9
zjzo;c2z2xIz}7Nw2G3`)Z3dx&6xV+tm6sJ(=!z*afDbcB7C@ZgJb-Rwh?M{Qc{q?@
zvtf5pQ|TutHXVpCW>d`IQ0dcS-5j20KQIUVG&GTT&3ip!r)8x=y#44r#xNTKcI=%G
zxLP$w?Ete_6VHQ<y7z-g1-hI_Xj+Rhb@@j+(di|!9hn;UUtv|c#FdD73ZTB!%IY&W
z`qCdNIqjNueNz7*EefdwL<@SB0`2xKHq0lJu`J!BuuO;IeGXDs%bz)@o{{ze)f%Vy
z&mumue6aq~&{Jct3d%eDK}7;8oN?PRycPHqvwBX{d>rB;HnYT8m!9b%Gd_>FOV6ju
z=Df@jxOj-Apf-x!fwU?rf*n>bD$H7X;8N>9{)=zItj!{7G?#5@)q+N_4_LNU4p_ZD
zy=8XL>AOmEnYM}#9%h1M?^+$)%xYZiM+yE0;vN>$ojQc^)$#&!$?kccJKW`kynFHP
z{QL1gS`Pgl*+g&B?k{ue4V(wfFzYxs6pA;liLN3#<p_P%%!QwYy&zo=%54Vh8kBe2
z(#CN*Gcw9Mth-a|SQiZbmzVi4oSuSRmbMF795w-ZP*&dJ+63@cCAnw`?!Lcl0(!g>
zAxrS_Qu<<(vBaDH*uvM20z3CX*nXm(d!dsnV8%ncuU9&B==(M6J~5~)^-R&7uL(58
zSQYVC>I;ZJ<1{FcwOCE$EW9Vv0eG`iW2}#{QT8>}r)H8y8_lpLUbR*Z_?;2E!8dyn
zCCs;>=U4ZAqxZ><3o(w@rYm4K?A!+470a+e-o6!H+qDJL{0-fu-r7GAtI}I+b7P4d
z1&qTcz-rke!uV#OvpjJE5uerM6Z<V6wMXp?VH0^FU`ENSrvLF7hI-tE0m-7?fK%<j
zM29SOX}nyE|2%L(Nxxd{n<SOLiufloDZIl{*?UN3`K}Q#(EefXijGoNgv`N2!<Csb
zsl#Mf`0c7h+m?`33YwOFjc4gujzxb3e%uq|{K+s@VXXlnB{QsM<*E8g)`MPu%IzsY
zUT;O0XiAPiEU<*d(I9ox4znPBJIK?_wMV*FNcE&3snw>%6f3QEqN{Dct-y$(a{-dr
z64zS_8IybQEv=UAteE<I&XTXm+A?E%mXgnpHfN>*@y`TW&Kq;*ew&q-k8$-n>%F}T
zkx-K(v<O`*%~hBkNN(@z)I2m4G3y^DLvT7Rgzv3oI;<#6;y`Sn%>G+M#?AuEuo-rX
z>_!fC8is9ZpzitY&yOrW<%9%#Q4St!a3TI#c}hb<ro#oHKQOc~cXwg>V0L6FN0z)0
zv<2s@Oks~M_lMVpr_OzApDTZBKl#xeS251&#Qxt7O>4JxZfGuxla$EMzI=m_l(a+k
zY-wgJ`G@mLKsj{V`{_a|sl3oM>?&tFu~J^uO;0m0<og&jrh%J%J!=iU?Jj(mr3z~r
z??=?eIKk(Y+=;leWnS>SckIa|xUSC(yVnkG3iF=q)|vYG#}qrq=<3g_dQivdYVFYG
z1tr|h>}3pt5>*6S<%^KZawbIlx{s0G(-3-;`^A<(py^{1n6dQh5!}DQ{<|qsBVNWw
zt9>@iFdqW-ac2*$i-Tp%a>89;OE6rViF|0Hgl^e~YJShqY8C$Xlc#luTL${kIeK!l
z;nZ!W5TFQdw@Xvl51_c`{Gr^%xR7}f{2{la8ySUJvF2fUt+Jpu?AE__DkWr%d!njG
zIH7S`1LEG!=aF4^$<+ZVOfpEcC5*Pw?ORt^@9lEjn(k1g=<hIgcP!o8Mlo_R-x~B#
zf8;8mnTAtvQ?iQ~Zd^5)oQ*okFx!ZMA5MU>CD*fFjz9`V!?wIhxT>bb^MAja6e6hy
z27Iz&?A1!XAm-V>?7wI^U!H2PkntXZ#-?DsIi=Afe{ec0h$EpI#6t|05fo($$Np$Y
zP2nuh`mamt!XGj^tkTQ;8)^lEJDHkd!RnMkU1i2-kC3Ztf22jTusl4kYm9}}@f#=V
z=ht#UV_WRXDmkR0YmV!dAt3%VT5?Jq67ZWr=C4v$Im3&Sf-+NQl#IDy)bS4(o33Mn
z8m+*iVQqz8gl)8FD!7dkTwM6r;61B8PloP5oyUQHP&I@D22YDA%Zc@Lg>vne%eb+E
z1%nCUuZ++pl3FI&YKbkQ54odwSip>4hUY*u#+o&Afsl;<n<yw2_#vC6!VHY!v*fsp
zX}s+x@j@fi`NhZ07mz|X<LzodL}mgfFSy1I@|Hemy#c4)nNIdDhu)Vp;w;fsNkZ$M
z#IoqN{`jzQDbJ(@AzP3u^)#-G?cSrrbS$+MnNA}|hUJx=B%8r;GU2=eN!bCBsmTXr
zQWq`hv4y;98Dhc7u0S@Zzp_`x6Sl!8n%VVNc0feZ*JSjiPHhn%Dt?VcKD;*kp%QfT
zPe*oGWz|7+-|=C}ZG()|OOVZ8&|U=9?bi#2EJ5se%^wVsdh3r=T?Yl9sN)Bj9(dyn
zzmS17u;o;(XlkQ0vd~_)?WHYJ?{EohZ3_>NF{5j^79r>-_lR#hCXwyFfT4S0C0HgQ
zVYhYG;%~8!p4HLeKK5mM1ioGJEeOz?<|_#q|D_i;R=rlWDf5@2mPn01jAFPwDC5?y
zpR6YRi+gP)*nep!5tUkS*lescqqee+qW|WNJmK7F11*P3v!<=&X;%DvNY4ySFLQ97
zesn#>;lBET=JZV9ClWQrK<I*nhiCo$s)c0Kaircp>l2kf$17jKG`Z^tAjO^fNtAC6
zBl;&#q*(HBZ{bw}RJSBhl4A=Bw=#g0G-#;JX_Gb5tSX{qIUs#Dc#zAckY0;z0`7mj
zsgBA$p3Q+KfFEw>sY&|}vS1vR6ghtLR@A~7CVgOe8HRNCP4>l5=y^2ln9j<5{uq7k
z@8Pd6J958gJ%^V?#~V1&Q5bDPUWj*s9<b)@Z*~IlCT^usrli_IjZj%x!S|^uR{m|v
z8}QocJzuQ}+!@**nRLQCY`%P^+Voe8+pPwN*d2Pt8+1ar@FWjsmiuFubGUhFRmP`p
z>&!+Vf+PxOGa0-YQtc6V5g&;S7zYT|H-tx8@EI)2Ed#a7P}^LoCgn<GhJBOz6u$np
z6m8gX#Wu0@apwbie>tGX8l`oqZwfLr!(r<s%AYG4i<eD0{V!q9J*B@e%4-}*ZPkCI
zu(|5Mu9F=CB4YJwA$4g=eTHdahJZZ2{A_R!*+MQ1V|m7{&yLV{t1#8j&BL%yQyB^f
zA_^_-{tm$FgvnG4k$i(|2K+^Mh=FH4f>c$PQ!7uB1bR833pRRZv$nt&u4!}Oh(AeB
zH1$b%PQ1baCU7V|P#Pb+kNiYs<uk?hr;08r>jpV|ad3$kF>Miqp?>KYqV7xG3C<W6
zk$?V{U*8CQVsnjN+nS_(A}Y;;SS<dFUoRHs(rp#$j1o)Vnt9=5L8Q>M_tA6(&HxT6
z+MUJ?4}VphhrZ0(T8S!31N*}*AAbL%=2dh(V;e|k`Pu*dw0kE^dS&Urug5_5V(f8~
zm%E@b@USgYX<O{?l~$)U#r>CVa#58qREEpZu>l;^=?xqmZJqUEd9q0$a3<WwD|_jC
zRwfu0os&IL>akbAbQYyXVdT>W^9yezPU6W49dQBLDPzbVQRM)lklvB1Qk*HUS3?kU
z+ESSKS5qK{<f)FEl+JJtGm0MF+oEX?A8hB+lQh~U(X{wt6jGbcs6_ni$+l{_aJGlY
z#_N4C@2Cn=uQ>G7(axBg?+TPF+tGL7qdWA=9D3ge(Wm1Op1JI(Dr<-Z!uk9Xch^6G
zzQ=-^LniUhys+dyJN#ALg1qp4sILFQGcTY2jg4lEspPa3%=|^9yi#t;aHA$wL=+hK
zq%7YC>Ii$Vb_D6m^^vbB*1|h~iCgdLJFZ}C4w%mWyDY<;Ws%>@z9?ih8#fa<g%dFP
zJEG!|MP3v2rEIQEp{mCA>_Ug!O8oDs9OdM~7TTszfGpE*1}tg-FCyQ!=M~Q5M_a{#
zM2}3+vm9%+ZK}&mD1BQfYeU)}bG&3QWG~%2g@(R1F`G9-$gM$v#C2VB&~TwG5+MXk
zZrm^n-*!a=BQD2cs~h=9GlD*ymi*KTZ_+5<o4rPmG4NNSO@is(#2YXvy|A!0{kLv7
zgjyp8)D|~k<-eu@Fb0$K65Vnyh9roicj@c_VGE^a#D&)SVofy6WnEdmzSzQUAG8kK
zalE(Wonf)vU}J$*6NTvltNsAUzyS&o{;#xnderY7?Al7(X7`oXI=>zP-=g?E1?RiU
zmcBdA@#315Neu(tNUIlltArNAy%7S?e{=Nx(&ZG2CVxFQ#2{epu+b`(o~N@;inV#h
zqX&q4O@@5EXi{2-Wzf%!=<T;a?Ul5fE(~+@i4^U<pK!W>Ta!a^^6)6}De@j5RdtKp
zM9?yO1R;(y4N1K?RngTcE0wDX{UwJ44^FIl0yd66@yp0wH<&5;Ay;jS|EMlz1pK6U
z3)L<EK_kDVL0J+r^b!uw(svQN1!hWtH!A4sW(c!BgVw|O6C%ia+$=rZ+gyEL*RKl}
z`5`6^L=)tXZzVadx!?CwvX*;w#^iE?Asx@6{y=lO>YgGx8WC=~(=nk15(mOE0J3gx
zZ`P^Wtz6P~{Un?|_QCyO8ZsjT8J&w8>h}6;G36sS6)W#ebp6~~T7iV?JiqLu+4|ob
zca^7et`@rx1CUk1_Kuf08;gcDhll^&^}+(hVpz4jqL<_*U(o{?Vu45O)ZSfaMxwhY
zLzH1OK5GucJIkPqFWYgSLi{_@j}NXPk-q(^%s)4?SCE>;!_#||IX8znPLoxz?|X2H
z?4*s0)ayms)QMgmhN#sSp#v_{;t;Q~A;Whlp2K0vmzqz8K*P5%C>w#m^&D`{k+~;S
zM?3KHN{oE}U;Te5Nm$(d0Uv;kL=!9ha^QE?!72-Nv3*$8OH)Ilmm=6OP9tuU?$|%d
zkfM`6D=BA{+?Lm1wB<sFj_-+e#cpwwF%>tVXsXQzC4bG1b5?U}tU0}0b8DmPnJTNQ
z+g=I;T+LAEyF+)P&uR~E^$AmfCn}&M4H65#R$0&w!0Ubo-Z`*V4E4siZPm@w-C`Fe
z!A7Vuw4?i7YqjMaPmBGot;Fm*I#joKxl<59d-;VHJsx*Mj02qRz=$TZ7Loi{HVKzY
zE7_dXD#7n4=5{7v)7jX66kPj-c;N_)CT=OCvNCuq2#v*LLM-&5x#r+}!S-IO=7aX5
zncR=|j>6b1`&d#xlwo~d;qxEg(q>~1U80YM*{hWq&SIzX+tL!8P-3x;9Jrp+jU6jF
zxHRkno{Np$<eUcxYsXGv?KHwVcn$RI(BM8yK$xbB#l%R;hs+L_mU+;b;z=lL>HSwH
zP<c*~fd>-Q{ctXa=!R-4N?<`-QkT694_Y7Xsz}8?uO$h{Z1D}16C=d3E1f07gZq@L
z9L$#cmDed9GaVU^Z?ve~J}Zn8K&r9LuU^rpQ2us<+ls?v`Fs5s)gHR8w2NUERgWou
zFubBih+Cso9hKAd4wBcU$>9x~W#DdxUWKuNb<~z@t|1YT3C`_@jJ1QCO_E%WD<ypQ
zM$Ik<P7-ZE2qvoMBN}Iae`s32m%8!3!{kUcn+3`jSYJFyB~MR8M;nr>a9fCDu2+*;
z{TxJtB5sVimeDqwg~fG~;%W-TZ`pvHg&>jTO4*3N0RH0;S8I?TPU|KZ5>j~~QEpZI
zA$HYRw|j~-)A9ZkY7<`WjW1vvgllBYeJQ3wFHd`N@yLqedLVJhP%E9>CB7o{B!u{I
zs>Xmz_2NzK&7|E>NLfkp_47nxJX1R&-})JY8O%zGUPSnB0Pd%$%|ppw5nIT+#w^?G
zK&_(;4!S9yp$F+~T3=D-EjIt*gs3<|H{l-t<^g9&_;h_FZ1zqKSFzezr8RfVzwIkI
z<A#Z-01jh58zmS5e=0ww@d%rD;je)28Ra26iCtp)6~W@l;Kj*ugv2>ax@2tsM<*wZ
zw$)VuD1SX(Z_nOl*Y`d?BfRC{C6g-L*_dkPt7cgT<PEz%#Ys>_fkiQU7ydNmK{{?D
z+YZ8Hgu^+<RkEGY->BfQZbWC|8<|P^DbseVc>^bHzuk<!@e0EoMYFD$%V|--QyXmr
z6R-yQxCpt?21dRqa(z|dsv~vH$A7xFkC#f1IoiJTD#o=*O@;>n>PM`}f(~IL%U(Qf
z-M@EJB~$9YdMDyMrm5FtHql=%K8pNwPv@{-RGvS=z>qMvloXb`)I<hJhhNs<K6a3e
ztuJI0a_=ezVMWGh^k?V&%ih#GIgVM(6N+`wZR2v8#rh4go9ZMTl{QDhX~=v5{t7G-
z+O#WltJi#)N&?V%y1B~6LV4I;mN8k;8ijNGb=YyCCIVbUjKqI*s6}TG&^q*~GlFaj
zfYXpz9TH}1EM_%akk5Wx|I^xWJWtpvm*x?dT?f|Gj2|YtQoFzi@z&kWxRXex7Eg{d
z7}mHwXVnto>H;#ewcu@Ldxt^rChWU4YrPxBj4ILAZG&P8YE*)`rPqV`lYSnps;sVy
z>uY=YC~btK1Y0-#z_47VAbxI3;YcwnjymxDZ`?7S%Mbo8>h6MkZlhY~*5d^ch{&e>
z$@Q>7>1Q!1EqQB+owTHSv7fIjv%zJjTyA&KwiycNfx{=*=2>F-lm`S7a!UtEjdR4t
z*b+HYvP74_$52NX=B>Td=3(iJWi}ZP4dk#E``*ASk6G;aAwB^~d@|}f@@+t3Dz<=U
z=Y8ro-4Ak*y%`^r$(u!pg8x7mvtw|JbPyZj+&o*vP=Ku@zJF5!!4emyqfUJPdR9J5
z0A>r4a@zAh7DRH$4v-0-Xc|_&zc7mv17b&If}NB5(#D8wthzD{n2CEXIWwuXn)0lV
zN6EN&Fbh~XARLM@&5kzC-lTnU7K}IA*a3k&UT3$hddCcOZuhi3x^h1&rY*KE5{ASX
zxbY*~ab`A0>cbI`m1i##Vdcz<LAOj2q6dL5>DniriCv0CvB)u)zK1%$ma=Wb)wy#p
z7x=oUTw)S~rZ{)1ZvNtgGzW~cO7t0Phc|h$uO&0{+w%|w=>*cUa!|FvU_!y;nUG`n
z4VCV>hcv_OHyhVO>_el3uFwQ1Mo1oLoxppW4)*<>XAW%Ie#_zMhe0^_fmHuU$dfY{
zFr}U2%XjX;%_x~fM`QnUElc^=)BaP!zijjy8~ESuL7~VPbLB(0<1ATC?94EbeHR25
zADu0|-`ZKwC*E}PU}LwgypXW)A|er<(&-iali8M@U%laF6CvXKlk#wcQxfYUNSV{<
zAI76BBury?VJny{m?DGfV2Hn^o!x4?V7^5KaYjl|?gXC3r3)3j$(5|>)Jj`hXVbsU
zloB@d@TCcV$un#+tw2LGbDj?mpnPYQj|XDxe7|<eVz3(t19QrweR_p034{U-qHldm
zs4%QcOB)iOy7O&U-YyBpWLYX(+9tJyVX(^UX}Tl=5&fz?hfcaHSWGB&+3ayZjrdEY
z>D106pA+y`8hvN*<_}@A39HivXe)E7RD4w%*J?CFj~$cA`=nLDjt~wD9(Clj*|z!&
zz7bN6pZw^n!QryRC$<KIkHdz`FZAM|a5zU}qut~S$gc!_yCVc-=560&FjCBc;&Q$H
zlXx{rD0h`U$jYDv+m}hHGpac2us*hUMu#K}>v%JM9J}hdobzR{PL~VggsFP2=-}Rs
z@tK#M5DA(YLeM#7^+@Li6_?1z%>5gQsCjw=+>xlB(x;PMa{NMq7nCJIq1jq6>=hnP
zMO^l-Dth>|J~w798<s-F9`%e8Jwc^{%()_`BXwk=%Aeh_at`pb(H_3X@kf!;n=g{*
zKfi8bv18TVk)oW+70xTY#Sb9du!1j|nR#cKbRp>&#Y4eL4@uROQd1BzzMdblJm1-0
z<uYqpA^QVH-%n^6c(h~Kn^h&vu=G<=o}p20_9!qC@JKY2sK4ExNM>`s)mm!)WQwz$
zcwaRPLEOoKuag~;23bxVpd-C#Xr{m1<G#G!46Yxd!yxk5hW{-SUJUJf;{f3wDisW}
ze2YZSAZ1{Sb{YlRy*cKBNu~!T(bqJ($O}?Z9v?*8qBV{?A@rGS(@J#g-9Qet3Pea;
ze3jAnccC_N57y0WIHi|!&R^NDG~@qI3R~W^`j&J)J)^(t&bCl&f^+oXW@SSzkZXyG
z>Q%c@+U_(t5kfK!tE5NTRkWAxJ)VqBE-AX&a~}MRv1f@_`xWITzn`v~Iz2Shc0E|5
zKk@w$_%T0@VK}`yl#dkhItpJblp)4>kqn))09Jc?huQ_a`O@g0%R35Qy>n%zAzZ%=
z5iS4G^Su7WpbL^rnmhC2#+H9P7P#Ef30AASAHTI1c3UD=*mO@q+h28V;Qv~G^=>F`
zHpSf`AYvx}6%yMVanxeWJMz&zk=F;o$PxPqB@uyM<MoL)JHcK>zO0ZBovc~u;%9|4
z(l9kt3Y0yu&RU<zXZ>nUKe(|-K+<XwV5{h2JbhG~H4$zxU`RWC+Ew4A<(ViE;beE!
zYxX<|Jq=(3^9e|l@`rZMr1I!$XE=mqa69a)bFhvhvCtT!RKc-?#3+Kt&IBIxiba>@
zX*y2WqdIcp)yj$%eOUh!j6u_a_cmmD*a7wd6&Yp20welCnO&)d6?~+FnIR7yGOJ~T
zQ0=m(h(^olN|T3pquUEbAMnl(9#&<Po34VxXdTY{A1^@AzY9(^oL%l!a8Y)#Wb5rk
z*&18kT+0ZhR^j{9cDAC+v?maa-RtIG>)+e9Ds&vt;!Tfl^|y_s3#qZ>gML=X=Yw>H
z*DDwcY#$J#E9tW5066%k-6~#wnXZfP&QGa|@d{l!!he?<+^_3vKuEg~E4%(6Mxx;`
zROAoo+2h;LAvZ*hDiNT$XJ~&XGiuaVyfWe~+bmXu_NBrdQ?mfE7CF~jZ`gWcZ;}vb
zVq%B<(QKSlkJy?Ug);2=<w`ZfhDb!Mg}qSgnGYi_x4kFqw!f|KgJe0?<xjkdA4>r;
zQ7KDf&ywHuB!AjB^#O2%3cPDNJfq~?=1^?@@u)@o0N`xn8pVM|9<}v7yAi{}my0%M
zPUY<VMqkYqW<djXE%W;w^)rCF^(i)p2r;*5cz*PXMi;3Ao&c-d&IqiTZf)m2IajGP
zbV<S9j~2GE3;c<h_RGu9ov2(VObZ2bHqzlbFGRaOE3halQU(!LY=}ZZios8TZ4aY*
zrp!(0F78fP0gaZEgOWO0J0kbi%mY4iizZblGXP&2_>u7xLY;L$N2Lav;fS3B58`S5
z8t?eCJtm}GQfjpn)U+Mws56G=MG}c6YtlK%>-?J{nI*f);0@iK{n@1Y9C)I&pJyp@
z*iW!|^-Y+cyhQ2!R)#cCBrR9$NNn=j{8OY$^&TTXiNE12+O!%XYD$&PK-h78GBzI-
zeAs7r5U$VZ6APF9qWP=VG*~A>UM5}_NRQJ4pe`zsUGbf<DE%pArU3T}0Nb_n!#iqJ
zZ43rqqvB-0Pwcjl43t0RQJXOQB5Iq4petA?7<Hd;6p+@|wez>4?cVjj7+Ys}mBo8y
z*f)*J!_PD42{9&1e0g|)x=T>TFD}#Bzs4d(G<gRCg*aPmyH$Yr)X&uQqmhTrW7XSs
zJ&o~rjV-ct0AnszNpL(dnFi7Fy$OVKQk!)f9gq}e`W`~UKqYrmPZ2YfTk|EPQXknz
z`k{A`p*<FyEJ<$-T!Ji%9FGH)i7sf*ZnT&q-MVbL3|rPPdHfQHFfY*ujJ(Mdli{O}
zrtm|zgjyje;xCcX6+!qFfeI1S#A{wgO6&AS8V=`lG$lv$0GZEUE9YXAzWvu)RqwUt
zh*0_GT21_weeXS3jmCN+^<;JzY+(zsDf<~Wktba5ZRf*cgEg+d6#V4f`k}f3Fp$J4
zS$Hwq7<aejU$x@}Eje?$jrDWFXVewJUyT(OshG;Lee2Fg4{xj+K)J~XYELxU`0jxP
z-ZF8!LC|Gz5jT29^7lcvsne@SC`Z^??c=ZfKyt)3`k^E*oL#>J0F_m!rmKDo-r(ay
zSK{j%WV;{Kgi=#AR9%0TMH;g-d3tz+4au)xE?njhfNnxom)J<%d2K;!n;Pwg5rr4A
z1a38=x13Wo`j3H!{y$@Ix986t@#y7y2z9BcUGytH3P7D=hq>COUzdpto2FOWr6DQt
zHgC%RW~BD}f2k!X<59G4_xg)loi4CGr5)KO@;dAQRB~auSY0969hdN;%e|<)pd|{p
zM-`h6K4|QL5F9imx}r;-j+Y?B^H2b`-O{4YIM*au>0wJtoQhB9c<MF3-N|DYg*LjN
z3hm!)w8BMYtehaBF*Oy~y2mnhWUFksl?NO+;3G>01`|%Rk?`*HU@l?9$^sjL&-Wcn
zvR@D8JW8PR4RT1h$z-OCod2_w%S<%=P6cmX?2ZeRrC_FTRP@oJs=dkPYJF_R`k9iA
zK<ATaat}h@XkToE{lBFS?0h7s&dK#I#&;)N+MCXb;UXk8f31#Wyz!y?$f?{W#rG5J
zQ%*wGjNl5h-w)Sw!HDlsjtxs6_WDJV3d+!P>s(BFALdx6GYpnIfmG_4Aqr#sJ^{kV
zCb7CqUjEA+WZ(DXk((2j9WW(nY{Yps7mXfu<rh?G$uiGu0B3wDIKNh~mXt9n4C0~q
zKp>i?e!n3hN-({x%U9RyX6$qFA@`5;f9cM-46x@d#f&Ccr`cVTe>iPAZK%9^!hoqn
zzhNACgh$g+J^feT^nej7E623XhA`mH&??y3DAs_I9O2dFPcHpctfTr|umWMuZDBVi
zmc9P4pIvtX8uNrKPLVe`riW^QlIdHu^0ohWd;TAL`w@!s6Vjk&dy?TWYl%iCLH4Lk
z7o|m$Xdoobfz+OM7V4Zy?+?ynVD-;oOeW~dZ}=ya%@Cl=kkp~1NT4wN;e2w}8J+Vs
ze^|L@PQ+vB#JR>8=>C}Aiuv;z(d90ENVcjAJ0$RL+4ph(<hYqC2Rgwva|&(zWf?e9
zuZVbvku6eViDuWA(Sbc*AVX-!l@fu{viOKinHi2{RiRfr1lmr`Y*PsST41|2uvvZ<
zR`?uw8(#alqARDJRAMewJ8IBxEgMvr*+(-V#(OEJ7v<+VgQ#RuO+XjTVFC<vYs4`;
znDiz5*@2#)<_<>czA%trRN6?j1t`#uS}mC0bucBh!|HIj3W;zP24SN~S6AKRuux3_
z52~Ls!tLK0ehab{@h1Moed^ax;iOqv=PLOw^i!vsuLs9`ST$e4q5&&8lGH>P#Eu9P
zFh;K=H=VdBlvoVfNwnt=HP=Z%+7YpohBY|9y=wq)sVdwzAj{*q1jbQn)2_qhDKw1=
zKpw1CYf6m-v$lNNa><C#GQ>mkT^x8$Dc4lGIe(d`6HsF83br#SUt{DFU&Ov?^8*p9
zYKD6HlIAh#zRvuBr+y(JmB2VBb4edzL?n%U-1Z7YfRH_~W-I_Yv@nXFTp=&G%-0YU
z%#(B7Al>=>`j{GhDRSDa-@v~wHW&--c;T;kS$F9$?{d!x24)?~*Zo7)L%%0zZ-J0L
zeG4p(O54G~UVyv+dO52)5yeVIaR0>aeTmB`D@Zl<@mViI+_tV1nIROl)E)~VRYhOc
zLxbjg2uJh7`=bPeTCij4ChLr6Z$H6!Ijt)rubjSGYGr~?fJIt<YPn*SaT4)xO+ViG
z88xWE1+ITIuBjeL!#vZfLo=3vF+U^%AUs5v?NU@E%i))=Aq#6rhH0-d2?ffM@KL|M
zkq>bqVD&wUj9%vd<*2A%1Vfke=q}U5`zA&$2aOd7-z7o6cZP;}JGS3bk%%w;?-T%)
z0`a^rsx5{NtIr$<)+ag-6rNXBUK0wzH{KWcycRj?Pj+Nh!N)>^FvO4lYM(ysNapwz
zd<1H4&UJu`w%*|O;#YO7YHMbg9t&SJA2hbWcYE9G_K?0_M$-Xq-pD4IX^!737fg23
za#$Fz{P8M3b6h8*3Q;RNF$0ot{nIwrC{pz3#`^3{T^6HZRnG+7hh9+f7|ti45_l);
z$}0V+eBTax=}>V!MyFp<1{gsNzXsc%)2n&AM70pZKiiMo%qAAI@||{1NIWn`c4)*r
z=BEkKWE(#553+r;r{bz~^JJ`VvBdOdnip@t5YG54=U@w>G;Ii&ZTNeTf?+k~x-)v7
zcTRM}bSHv6n}t1FS`8FM2*JtLaqvZqfZ3BK3!3OZyWo%bEGSf@7f9$@EbrV81UlkF
z1iT%Ey$kSLI;A)V2QT^KvewZ{T>%n%o{cPxi;uak(PnKvE|67!*ZdL-7|MWKCf+v3
zipGJi6Ps^Fb9b<*ZmWdm1%EOW(ELKcASNhcORUh~^Df@cl~;0+OtL_BW(aFrY_uJ|
zY?ZC`@cf|q%Ivtj>ZDRKK5;y$A7LNCpfs<z2c~Tm0y3!xQR&Z1HqlkUvOkYYwx$Vb
zdDxm$E?)O%(@!Z7@oA$W--}cYi(>8T7HzvWj$d^oq6*Lb=6dA1qb35rNJ21%xW|Sy
zqgx>Y&&~DN=;~u7^w#{<AZr%S@vOyr!B}zDAiJ2c!Z3u~G5Fk(j7fG@ngr{s4lo-J
zX0@zy4>P{4!#JA6zMaaxWFWE8sG<tohhe!?a_HgfEHIVMFM27skMc);Q?22P@$ccb
z{;BnI4DGY+>v6c#AAE)T5fly$DkAjx#G!z?jd&@+rrCi?l3#JBc4FBBNVNbW`uj-m
zf%;ARH^iY!9VG2>ScCQR&&bN$Wz^;e*C6;qd`uume_m)Wpg=25XA_&@ifP0u$`)08
z)LntuMDvQEja`cUfG@yj=FsZqKb$ZItjA#(^;T3RuI;w-oxS(`;>NFaKnw`$ZjKw0
z$7|b2*kLPp%cC@)K>s)es=cP6kuprnW#+l_sjD%MQdQf^di7_)#pygEsiXfax7}C;
zye26Zk7JB@Pf*(&R|BXr3j9I4&5A65%CpX%INx19U6|d8=e4wWtbYh)En?yo#i0a?
zGr8E@+iD>;MDA^*w9btA88Zh|eNU4Rca>@W?C(#Q>n5D>KM(H#X7*3_sDr!!Of!wN
z6w*H(?pxc%b0*Ez#}^*itYN>_?>?9%FngI)4#d3R)sqi!v=&s|6?0s9+*s&+Yk|$Y
zo!qcM<5sxWZ5F8|AGk7G)f(r(MqHYjx}I0M2^!Sq-Cg%(3ka(B4J(JG6M$6QP`K_Q
z%(y{77_Z6VFur8$*>lv_Ff_Cxw9e>kgdZ~#w?yIoH82Fe77}{B%p!4+E$9?nS3?xo
zj1XlU!MCU(#x>5zNs}Yee=MAl45J;{#wE9RnF(_DR{%${dbJR@Uw2d2>zO8Kn6;U(
zt6JmjZZjwB`+m*`tiE+^XV@1bXl48#wIf+(whB9UMGikF4`(bp0W#vX7AOo7p#-UZ
z75p^SYc=gAqO^&Dy7aAB4!<3i;6-MB&Fd^tkpQO3h00Hv(!IZR!-2Oasm8FN@S%V}
zuf|lFg2IF{obolM$?vCHtbIg1Lq5m=$a{%rIvUktqLpBCo$G=6D&&05uH!#N>6LQ|
zLrv3108{*fS~k+e{39Y579@HXK6U`Un@pYTz-yD{{@As5A5wcm0b1%UbM=`0_~CE(
zgkvzjAyaYU2gv{PN(QKtNuzD|Y_%qzcv8&Y<0x6D@t`<}7Oy>^V>7Kw%N<NB_{?JX
ziBYM>)IkL<If_a`1+#a!B@IDMx06M;BkMYQ!TiEyc9^P+xuK@*lM)MYGO8rh$##Lb
zfiVX{r@1FGMwvu;S=a^GF#Jl8z!eKjw${n%;{0K=O<#$XseZH%&vlMkRKh(*+1t>C
zL)KpJG#Mo8WFcH(9sGGC3SPgB;OE1nttv;;-C;BIP0FK7=Wqmkg<q>mH0(p3j6L$(
zI*gFD_i1VmKXcSsa(;rZH|#S3bZX`_RJ;r#U#IIFaPYC20hU18eNryR(Nnu?Zsl?5
zsd6`c6ex_L&HQA7q94?SVHSEw_%ntqd}KGU2FZES@*DA*hT#~&`=fm^(<1XtYg9JI
zyb};^OyZEH>@*c_%RSdgB8Fn*qr2~zS%uDBgi@lnduOk?n8E^f<ciz&3r&@qI^DX6
zD49+08JfNDxG-%i?sL^56esst2dgfy)*7QHrh$@Gg}n6=41ue+ncxvd`@!#GF_zcU
z1L74!7Q>Xj!@atj@GIE4Vw&@JK1q|UB)E*!yh7+DlVbHN*XEuBJ|*lEATw$q-!u(u
z>4630oRN=mrZ=Pd)UTo9Qe=%RO?P8=_=KL3bNy4rOVZ2%1M6}Z9~xc`?<`8on}Xt+
z)!y=hHF{{#hEQi_k-gr%l_v_1Y}SR~Kf{Av7NA<;cPMZkozucN2XA=DYp|;WYcD-I
zQ^~mWyeRRGK~Tq@0g9;kqUg9#z5#+*+lmM8OBZw_63C^45%7j)`ELUF37R`bfb3~p
z^VPmWPc{Tq*8w;(=lRmumd=bsuK9m3>TuUu(p*Uq+*na3$zlxlfXL((XUZVn_88*(
z-FG*C9L9HOLE8~YaZzuP)s#r<k1d0j?k}Z0WH4>KB~^(nA0Df?HPH;QX^n%iq5LdU
zz5>}&AX3DMIh40rM~@pTawIg4lOOY~@`9u%QtTvo-r+Bn;|&V_!ubz+CgKEfMD)B0
zowkxq;jy$$7%hFe`r@Pe*_N~)xS?x1OQF(kh{6jbQvT-N0&W0B3UANcXAwnl4wal-
zfKs>RvsXF6R)$X%@<uU=rP-e8vk)*t&)=bT<J`eYh(Qu2ZVkJR3`#BoP>m|IT^9nD
zT2F(^j1xsi1HmhF_+2hWCTVSf5F#a*uxtd!tJ#7~Sse3yFH};!P}RJN0ByB|V>vK9
zuVknaw$x)y01m^wBx!P$qmO5F3LX)C+gRUoiu{_9IuA3%&>o=O|C`7sEc3-k16%2B
zqh7<XI~M&iB<MM3*Io;)-SIrBL45%WfS`gy@pAoG$InNx2kpxU95_OoRDP#wB#$L4
zq{~;{8MEoEZk*i(YM~$Wy;tYfVMMGup}Z5muCs<OMXDg_J><|@$nE_U+6wk;e6IJn
z?v~M=nq}_svORque=n592%+1WqoU>I4-W@k1ql5;svnJ${;%=Jd%&*&46Ya+K2QT<
zs8Cs4F{!&BmB}^B?DPBK?wV>vLWxPl^&!t%SQ9jB^1cm`=+|GesrXbg7c&&_+(Ef1
z`pwndac51&4na|!E079#&Djtw?QyLmyI1C&-`RK7)mHl5i-{TS^If&ILR>c!&7_GM
z0z47w*;s_|!~aJ_uxENBzM>`Y!(j#{1L64Um7SGpp;q8h3o}McK<%BPzE_K8U)}ke
z;<#FIA7n*NGT?FXwgv5rDHXVsS6poE<i*{HmsN}Y{de^h5H4kJqOdA2&+r(t=01a-
ztl_Xx@S{b`?H?-A2k9RJnT}5W86y?@s%PX$wim%TkH<4o7rJ*@kjyi4G%1s*7%G3&
z+5*|$IWUP4#Q<)Ona5lM);fULR1fRI5k+@&m$=tV1crWCHT?2vW8uvwY+~)LuKy{5
z4PttvWBK2WP#}UZB+ophLOnIow4AAz_Jb|HB4QtAvc__~%gbBKwBB5*8FrF@u1xOJ
zN9)9U!Aqoqg`C<+J)ka}v%b^M8~1t56ubM<ujrX1@d;76yc~~c({U8=s>LV!eY_mM
z-|-;@GcV!;D_|BWJ9aaV?D;uz1^yLfvD*JIf0!~RWR0(_r;wZz^e~8XmDK+LHGLp0
z{2D7Yq3k&ATEat~tlgmqcH*MVS>^Y926uD+d}9VAT8$>-52Le*%<4A-g}5!Qr;(1#
zAh9{Nj_HIo@$u%@Zjh>O>(AaZG#Zb?EM@Dd!^_$_5!xD0o}Ltr7r$^WEKj?}&z$er
zQU%^BBI%l`e;EXAO)9qKv{Ul+z-?H`IXbw#z1!C&K29;eB#GOcvlarwTUg}5QX;P~
zddOnCM*po$iuQVY!eJ-T>hGJaOMPZ-=147Mj-w<_YwG-{p^{LJBI5fnb}bCHuTYm&
z)Hr??zD$lFiJWHVHRuxV*HwDJW$jx9s=@1%37D$07QM}F%kWF8t`A)yu!)&RBf8>b
zfT`2j1vRKa&T__Be-*b37e)8{_=1Y%`6$WbJep5bBS$L~W|?V)mGbL5JmvAa=DPOE
zYdhv5I(_JN+?%8%%SzGXpCecTEM2kby`d|bojfrY1^p6x#U0xL^os=KrJ8P_mTT^%
z)CZ=iOV&}@1!+XH1F4E`2Uxj{|7ydT#Mji^FVygAL2a5h3yu!M=iF`l>e*2onzARN
zH`=f$r`a2G=_mvmB{Okt2u&u5VIp^#`HsL3S4G+_rcl)aqbnD>88qcUK%ap_=8!sn
zgd%|vG3#*NOs^J0IbLIQV5<vznvLWpBxGnRY)5VW5pq}$H~6{7#Yk|4!=4I@S(#*k
z&>}~91t5`tH%J@5{Z{Dz80_c$VXfc_ai=+w+`qDdWm^}z<$*Fik)=Z6q02Kr43<2@
zV$1S{!fHfG+_Y-O*y&kq9u1a<LhXxU!$axL!r2So6ZSH~_`MI#+|o&#5K7rEqp7EM
zh`Ak<lU~&?JrZQ{J;|E*-zJCjVR$wAOv>E5jIGRO+L>JJozB2Dm72#5-<wYx81fB6
zF9>GHeljJb4m*g8R~K-;KXU>}u|v~^Ua^9tNm0f3dcl|Ad9Y<kEu=`;i-8P99ug}M
zXoEEoMKhfa25#fhCcuvcBX}E!8Hd@oCC$6WX^YU;=?Nq+L%EZz(7;#i0@rdVEqDT3
z6O{E}THE#yl~xzKj#kPY1{728$(*C@Qa5*`1zAT3qMETeR<4wm8|#?Ib6XT2?Rj?7
zeXhj7d)eFON9!d$o1LvThkxk`hgPx=#iW`l+?a#H?+fT`uX6huAJXo<Ob7-;7@K22
z>*OJ`o%OtoKN}Cug`{4XD#U=srXMpdxU_JZuVMK6F8p-nH5w8pEYxm<Gac^`QcF+|
zMz*QkP=zdPYC*JIhj6=X*Z!({3bq$BB7c$H;5sM_&-AC^f}y4~1lhL9t9f~(>KzS~
zfw2#-^!BtdcX{Y(<I%V#hnzh9eRC9@!Uw^?$M(Vogs>M0o_?qh@Tdp;vOxC5e*-3O
zj;%=zm?RO{(~N+uduRxH{877xB6wSqyDtYK-(St<n?DV?mObVk+cih4oH%bjojPp`
zc*UvUL5cl=E<XVwWaBnrZwO?#<r?yc7Q!_~qkhmH2I_H&mTJD%1p=R|0kY;u)+&sY
zW3I;V+v3h$Qk3>s<aJ5}SOCWSeQ3>ZdWBvn0EllPv8Gt4x*_J7<2LS}u4aJIDa0nj
z>YI=<UqaQ;vrgMYIj?1i=40gygwp4q+7+L_ef3`_)?7t08<SFbP0$53OU>P02Pqjt
z0=xxhUd1I2ee@s#9t}d9__*w@+bC@Uz4w09)W2pXDnx5R8M%W~d@l?P9#Jh1WjPqp
zb50clh}o*KI=pXR%>#FVz`O?s&+i)-$PK-?9h2OW;7ML2xg50HeWvBN6*0xExE<;a
zwnN-8ezO$0?i(@<>@qt!r>+K(bFA8}rP=bGj8n8`i-CC)ref~9?wmBdQvys3E3Nd$
z^R(^<Y*@`pVY+jXpLlvEn0_4-;BX~E!CnvnCi}AcB^;hwvGA&D=lWIVg-ze@X9Aam
z4HpafCHbw!J*pG!z&~14rEVLii2i&9bg*99<fmS`8RkI|boFa{RpmRKZ~t@{lgm>F
zE1^Cy&aU6nap(KYv{Cpc&D6%7zt|iLA4BrQ5<s^YWPnjxrFsQ3@sBV1?2avt4`JjX
ztFA~mo}uw!9i$kypKtTlB73ZWSSF}PPE))3(AHca+wTjoqy>;?3@Li4o3l)Q>mf#+
zi7ejufv$OwWaP?AU$CFXp$7^ZtLoOCf4F&%k&1=bw?EJH88olAWIQ`A2<e99KVmnR
zkJs59)Vj(pUkd69Fn$?>>vzfUBCr-UuZWlK^v=5kRBwUuKZkRsqy0fQt9G|Gr;O63
zYFt6pA|t5xf3}tz_H*ArPwKpl_kr34ah|lG;!lU@o#XU@_Z>m*jpJbC?DrOZ4FAV1
zm<keQpex^wK^9|V7j{{^1->wZvgTP}06#$MU8oT2hQ*t(3iRu6HRUpzd$w1Q_kDh$
zY*(Kl$6-0YXuAzJ0u$KNioQafh)$Cx(r}CbGLwXxtY>>+<#$pT=1m{7Vke+s54?*o
zp1z*W4>L_Gdow(3ULm&;cdR80C6I8J2zDuUIt&JCG2HSkr}dY;e@gWd|6L-!(BN)2
ziB4EZin|d0vKnR<s%4mG{eU_CL0kR&EOOzIW$K;zc&WFmC*oZ%0A1S#&u-&~i7sk$
z?1`@q(dO29zCRBkVlk~~8kZf&;LJrBpGWgh1$<E$$ro$$T(@hbiXK%nGZa+?zx20u
znaPxZpa{V~brZec%RN~K?0@3<HNm5zX*no_R2^7fQe{6b_a^ERatXCeN3X2-fQePY
zvVUHo1)0$bF+<}!+&0CG);0)fOCuW_fX>bA$mJ6n#mo7R);mc_B{6dDbi@eTwNku_
zb?>W)wZKnTHVH8P_~mK8QD?C%{cw{p(fI0{oM>e(n?!n=x?j5RSvps9)Ye~KWFa?w
zs$)9~7wYZQZPuWFa=9B(7;72n1yZp`p0Vt5@1qZQGh853+!V;yQvs9jxXfF<$1;CL
zR=Y(YrVklQw^tzkht=X)>Qa@Wsp#r)ae9d+y4~QF&?dgT{eTWbaCHl{3<MNF6aCDY
zuuGt84DFpGi3Ai;Iwh5PtBh|oHZmb@V-|~f(d^hXs#cYcebdzx%i5V1wMO{aAcUpA
zvkZ`kSuk{X>)QOO_oIEKH^nNfs{%ecu_(LPY^pkVZN)ghDcWiQnVPR!m=<_GmutUQ
zzoEVB7^CQG>%4;l40S@4?P+B+UdNMfKAzFRc}mB-BrQjtpRaDb-LM$)!)KUDF{fGp
zr=THfLC;lk)AK{FP`ObL!A^Us3JS?+Ri~(H*$O2qTd7%pRt1haTA(zA6%TIrpYo+7
z39UO7Q-LStvE#c-AccPk8Cl6dCGT8x)PXtk;RIgU!;-QD0;DhrHLp0+T@5I0q#o6I
z_LiuPZX>8i^{7QC;7g*MG{U^CEF-0_@Gu47lB5o;9tsUR<LpI=554mqx?Xd8Wle3P
zwN{ilMV}b54my1%b}>MlPx`p9da9A)roc%zczMFu3iu;6^&Y9DdVpYbG^R3mI8zqP
zzz>>_Xe@@umqPo+v9-->=FXF~!Gz5g#Cg?me%)yhb$>LK9VWqOo|)ng6`N==hWeZ0
zFZMCTin0F#N1&xlbQraz-lv)<t0Tv&qO%N4D&iod!!BO)815q2lj>!LpBUX%nCG)9
z!8_5Akm0J7_qWjRQAWemUMd3m5qAC~fnYuk39`U7BR7=u=yNVz!_t2^s(y)AK8-&?
zdrF(4;GB4Yw1Gl%vX2uhD(tYEg&QFoH*|Xcn$t7$7_s70KXv)Kell;75hnv2Pi*)#
zJ7hE-nWCoc#8Z>HMi0U~j`Sf=zlz1Bp;?Z_t_dXvPpA}#|4Wn?z=U{{L~@pFV=Nos
zB0HB98K%D)rmS(@2$Q4uu79Z&ly!&)jgajf*=Hifw??(Lz%hFM`{U)YStO%wvn(r3
zJlNGcSpmP&NyD0cf}%tTzx(2Wj0*{zz@p^8zzyu*b2rn-I9Yz-Gl03*$!77tQ;*F@
zHN^#)>GJ=LZ#c%~Mx{u-x`EhxOPYTNAj#?I%GuZ=es4;|8ag#uAp>F9`C1^qpCYD7
z**Ni~VpsojndpXaxI~J9)NCZ(P(GIAtOmUi(0yzt$2kxqrrzzRrw(SjE=v-6a=^y-
z#r45_AAl%f-}kaI*A9)94<Tu_fH%>Fj~f&V)0OP0!K@a}A7UX1lz*VDhy*y010wLd
ziv=xr>9m(!8Zl&C_$pT~Y!)MnJQ+mY>syeb_PB;^<8_{`2W*^HIg(SqK$)m2Q}28w
z5TSS?HS!~Z6t}R-Z;`ITO<Oz2!rGvR7kWi&D}REZw)veyjT-X(xm4MyG|<gDcf<VJ
zRi!z+joGd_y!4gknejJHF7C$i(|%SoX~`%RI~(P_Szp-+BA?$C>~=`t1c@erBzZ(R
zVnWKM_f`}3@5R$-4(=oPV-gKqfb1+_=SrmB+SK}AylKdNzO->-x>|8*K1MCqUGy~m
zwWh+z+NWs>-e+gS=IJ)aTy=@AxazYdg36l1aKuh2;K_PX2T<O{OkFNAh9dUtX$ss!
zy`Cl+t&YnpEDx2gM`{A0#w-Zj!tNPxg?{Es4f8svfU+O#3s9>5=SK*Y+#*BW!o+t@
zbztajdDq;L<0BH9-f{PP8pb}AnFIQh7If`ax{W0`Q`l4hk4-~y$?rSsE0TPa0HTIk
z{i(?Ng-gqYYQ58a+D3Kk!`dJEEH0&abdVidzbIiP(i$zXLIK=iiF`y2J#~-|^(Y0f
zfEz$4QOSE=H=CdO#wzY=;g0}eWl!SCkCF=NjIL_MUZk^}Y*<#AytQf&5XXuwpD3(O
zv>7PO`>3WqCIyBk)V3hPy*Z`GzlbbSUMX>mQY0aMa8`dMZ1@vq0(WzPcF}iBuB#Qv
ztF>yHwHPmF?2{ROlVx`C=FlX_9G+e=_mh|&u5C($c@ro~P<1s|cQdb*d>FCFrKH6c
zWkS<YPka)}uvll7s}Q&oQ=2s-I@O#g!B$F^Z98V6KD+&Y04PQ!NU_jja`*k$O{07t
zUmPn#7INdCg=?DFhI~Z=Vo4RoQ9=<q63Qfm7fA+op<rgb8@r11c|k>%x+7AYP}bNR
z1n#mVJk5V_os*A!#=F9>U#s$eqkMF|6Vp*F5=b$a>(*YZO<awY80oAjYj0^WX>>~X
zI~uXTtAI9x{scdoFF>N%7&o4NUCVufErX|A?(mVcm+^@>P0CS&*;9UY$pFapx}Oc4
zE$pyIx4l8y6It{2&#tpwbkHlLEM+cUen!=1w;$u!I;%SIco`VF`~_f1e}DO4ex8q=
zyk4cmYz2+?wywvCh})9w){NhxS=w!-ai&#N-c1gIzoTu^FLqA#=4A{<FlTLkHAnzi
zv<8{x%0Fnb=Mo@zhL=HmTGQMg%*DP)-Mf_^^Ft|?JLNh5pZK@?s%{7XVNjDW$BHX#
zV=E1rFP?Ir=KcjE>6m5V-Bf>5_iAY^ptKlB#79dJ@xARP-`t>ooe*HuO+1S(28+KQ
zT`CC@xd%+}*dM~yJCRoaA-)#eqk)^&qj5i~t1JoS%_~;^f}V>1U5KP--v5k^BMUEq
z|G;O#!%T7Q7T{L;mR8FLj85x5kmK^2VJ5KyUT&ROmXNx`k6r6wQsZd|El4WE0}|Wx
z<x&zW*m<__%=MmMS>!LaozI1<>_^)@ePI*M;{vlDZ$lH-wHT39rQ+Kct(f~Dp!ye|
z_`VSP3>b7Aki%v093U>J>TfPF4W@V;lzyP);Wcs}xzKa8r4e{3P{Fc3Xt_DdKjY(4
zlRrWp%H_<80X5yQPM8l|+53{GNir$9$mD|)p?apzFyr0}d#6~?_oYe$oSVpbL4XbS
zeyCVx(A{GrGshhguB~r0d@Q#eocyWhRdFA<iy_CM1)Vfb88bFvM?`oC65q@zA#`tz
z!VjscM#>%q1`VGxxD4z2r|y&)XADQaR|aTuNw|6a-zNyM^SIq|H;w2jq7;eOk08uc
zJo$oyXzv7Gu^|`Or~9nCkig2-B{;`%beu-O1QaEi)X|IHwusF1ST=H`WkcWX43lK_
z6U_KVSNlqaOIc{W;_8Jwac&qqjgint?+0hQpBn1lhsNPWPJU05L@2xXVopjX+}2yS
zPWghY{1)=vdQz}3bH$P8<iuWe;RI!J5u^cG4@7Jx>9@B1=u78AbIHwFW|7stVbebV
z%C^O8MF6pcFCBCzK{H8^F!GdE+G(!PQe3I~de#!Q99j5eCB56=qc0KkYfQEN3{Qss
z){iQAHFc8Pvsjii2FG7h&a(`d8Q>H7FcTSANu!XtXJCJp%9(BA_%XTRB#iJL;EzN5
zdy44VAzv;0%W_gr9e+m{Nc(=$$<>e7m+n59KXhIsOoINMH)GLo03a>zGbq#+^Ji7P
zG%Nis>W*%UxPo%yzGGk;9by=QFCi!|2oHx0AR>&H{S&ks9W<&ki(<BXLG!Ds)0jRO
z%;MbyG@;F@WJMu_^BG1q2j@QLg+?>^7R#10qkhvH@*72+T}ow#2~S8fzi~Ha3a0EY
ztU|wbe^&`b+K0BGp-HgqCjQ2SB>RndEpdlF;Paf}a|K~RX9eG@>4Lb37j3J|rX&t`
zD#(jz({m(%nQrw2wI3-wXooM_Z}+N_S}YTfaV}ushwyfyz?aohQwZ7{to)|TeS8ES
zpSL0tTqD{SMD_Fij91^EUvlE?hQ{@j`JF**roqqx4IfL*C3}~sk1=KuS@6;)hkc+X
zC!Z!ek|2fW^STFrK(hQ>;oRRA266#-C3lJ-*+yA5(ofWK2~W2@qxw2btAs_8)mu#3
zTD2$hmF~qcm?%tzJgr@f?d4*!#5My8Ekre8a{d_ARI<JRskX!1y1uj*M;6$)-Gcrb
zPZ}GOSioy~#IY4*4}1_??R3G(za9;cUwU|yPZ?&!{NGn#+Eo&NL&HgxG&gG>8*e;3
zXo57Y)`0Lg@ve-R*k+lBZbe^iSy*mU2SQQo0ad`k_fSzyudpCHW8}a@U^aVqE#{J*
z<cOkoJ&t-87LfsPcZoIIwB6Nu-BRfG2Uvc3{C6ZPuMFZeafS0Wv$7<+^fR1#yIf7i
z>Brs%)dcgQvak##2n}}@gaQyP6^Yb>R>t?g|9Fxu?}h>CUc#X;y-IKxOqMGXy<(w<
zAvzeC4LxuE3{CIcPyZe+8eu%&yX1YhLsFxj6N25)`H{C}?Z&vf<+`x!`<D{Wsw6Ae
z*fDP%o&O>?MIAw|+;&@v09LRKtdHW7ErY6TGr^K}#y!E~9TLpCdj7AvjCs8KZ|Q!I
zgSLh!Fc;CBYCUR+X7y&JMQv)CNIsT?&p`yI(f7(T2m^K*`#3$Zy_#Ow5D(VibpDiq
zn%Ju*q}?_hm0TW<Yx&a`(&1oJbT|<haA|J1!M+*?vRglnbx0qJ)}swK1F@z~mXPmb
zCm+b!9MrKP5}G|1m=shcO>MIClyI;crw7UdWmoyfx|acn<&I4vr=<L%pUBY^sCKhu
zW(N0pD0%eu*i#C=6V;OO*3K<{N>tjOsAl1rgkb7@{?4IB=qF+G(9fLKJlyJWMs|wI
zIWn!KxB_&$IBxc&pn+9Xm!LZ!;W9>!3TB!^j`p9YByv*>sf6~6O*mFXbZ?iu`RRTg
zpMt$$@eob80uM*Yn7<#q7Ch(8>4>dPZ|+PRLHCOtsdAJ_#%r*1`W75YL5qw{6^|Rk
zY)>aaYH!LY_UDf<emdlF)~(@t-u`)WvspF$rw4}@s|*1db0#UY6a1@Z^>-32Zce2J
z6ixHq*#s*BTccZWCchDp?G6IK;EcsaV240MugkOuH=OV=fp&CuRaMMp-!V_$3+;-E
zI6fy``-s^>f@j7s#ZSZ<^j|mG^&uQRS?Sa=wil5BE0mNzHYu|?V62Rwt*#smTj^X-
z1wqe>PM9a=Jd_^zd7~|Q+nsNZJH~?_8hyLO(@k)4@QH?Y1=z(Sija_8Oh<UhrsSg>
z1cLmsN%(d2*H=*Hcwp>nXACQ7{p45`m_zp^!D=Y>%m9Uw79MSs`%JJ%*T(AGm@g~}
z8^fSeDDDwf2-{VP;&@I61wGdSVUn-34Om5?jq|j1aB`dDMmJfhYLg8bbfP<s>_Z@d
zwp~cQVuwh)b8X(Lf$Z`qN2eOy*yGtS_7CfalA44_u+NNm44QXF@{)|(UTpp;F0;X#
zIJgfOki~;<a9$|T8TLVv`&&aT?0^EZa%2Nm<CaM3>&@vMs632(BdxkGGJTrG{jMbT
zRX*T=wRqp>r<E3mY(Sd<;<n<Hlxuc#w&l{wYZaQI!uj#sb2DcUXP(4b&vAd^#ZE^-
z-Z*BVQ~!zql$|}Ss*%JD1dEu_**9Qx)ejakdU1?B8`Futm$1<gMXf;O8;4f5_bbH+
z7dRd(4x#~o1ZV&|U<PASom2CNgJdDZfucLQ)jFp(z7gi3QG82KrU={_8B<>kR_RtC
z-|n~Km-F?e$?+f#X)Rb`y|A$J<usDJYas8KT!&VZAu=_3X~;sQmyNIO*tT47C755A
z7A9{v%a3G#c?x0Xpe+fssE;efG_RoUy&KBU185;cPEo-BN}=!!127vR!ZGXO_EaU%
zTYwCTL~y7(fnF4exS#AhU^`S!TLtUhq>w}`_=!wZWcU9UC%Ld5mG?z`l?2U+jFSp+
zb80@knE*mHaZ&rrgi|38Yq^Svh`+-H-SwXLCZ!tEZ*Q|BF&r#{4xQC({+>#W{sos;
zK6AF|+BNCr&FR%GT5d#SF1Pgy9<woSb0PrsL6_QZp$r8W$eMK*)8jb=LcGk;Vd0Nm
z#~ZF#7ZKaU+33TK68P_Jr2C*0<`Ul+3gsbl^>RFns&g#lJQd57L{abL3f(FJ__f{G
zZ$W1W#aZG8soL!S5KR~^4mG*@T?=6q_y0F0+zYe<vsZ!KTev#co6OFTytcm7pl*Ks
zoDXmAzMh{+<zm(~%B)Zi0o+`N2B;p^hchldMaZMPv2@Dd@-E*Di?6Q8(Oa{K-$-Nv
z%fM!roa8KKv4EVP_=SiEpsgq)i{q?d(58u-r#WNrYy3<_D$h{!yHu))E6~FND`y~F
z#^r>q2V7Pd$$nr9*DC7diQ#*J2rnxrxyTjDN$cEJUB(qF2I?^qe<^R@8CgJRBg$jY
zAa19HyQC4<3uqDx?|%a7g6r{IovN+BWTcmMUPY#!{AXBaXpY;#?5GVkOt`~`R_jIh
z1fA4n2~;00o$SeWgyNEX@uK1Y0y*jKx+)CsV%`1UelY5?J&nk#fOQ}_#kDC{S!N8!
zalIe|><VL|%X1mKkqGBjOn7p6I_e7iH7T55m=F^^Pd#5h4ElR&ilP`qLg2TCHxwBK
z>*tbf3Hqm7Bl{QWs*}0qn3EXAuEkelCf1w<Yrw_-RDsC|%}4-pI#^&s&J#k8|BE@w
zzf)fl;iK1=#`M%tMGR?V(3I6DX=0!8$L$HoJUOaQrkKx?cKA7#GfO!5b&EV>Ar<H3
zeZm>yd-Y>}&B+Uk&`zf4yPU-E8{Xe%XeC0rL0+c#(evrYB5k4qJsIfu<sTC9^O>z5
zkWz6hv-qQm^MhPs^g-~FyFL$JACsj|$ASvd!Y((g#6d<GCAvY}Ko>ZF-!O^kmC;u?
z7Dt(u4eMMB^s~6hrW~OurR}S^rcs_ha&v7|H_Tib*kFQQ)id8sQ3+}|K6$tLdbUx|
z`W3B3H=rvQ>`mTC35s<}JRxk=wcbp|oAS({B$qI|&tpUbee&eim#|t1WP#Z8s9Pa;
zQ>X2pcQvk9D6+}N?Rp6Q$y;uFfFB)aPha4S;UmMS_`~RKiibe;hd0JuN<aXyTLySF
zOHagR&qUlhSlW+&GrnM#7^%2HM27q=?-)fXWFXzn7-%v-X_^~T+9ZC*?Sh=lUO9L_
zlc-`Q^NHri{i6?3P5O=~bcppi19M$E^@@yA2HtgTvs679wEYW?%tK$^%hsrV#+l4t
zu5_XBs1!Lev{I`0izg-vA1NwHvLMhWV7QH(oU*l+SLZ}#I(#Rim}n)DFv+#OJXN{(
zI?5}TVU<*x!tP#uTmPG*19L!;*K*p+f79GMDaPR?$Q!8h9YlFXl}J)a<?1$THC)YH
zx|HVbI5{XxKRPulYG`33aYL>&%WWeXYtj}so1zfPFAn8I$B&SOw3D#3Iiss~0)uKj
z@t-P3&nxgzU_fRJAC=mPV482W4pj21`}-Do8yL2Z9?TeTNEY%XVrBee2VRly*IhZ_
zZQzwo-iZ8|`@HA$p^G@~c2*t?N~OJrrL}iZCpKrS874RsK@Qgw|2b;i4$gBd%`TX0
zXds+$i2Wmk#u1r#J)!lM(Ws_l8wQl^L(&&Ts|}07lj|SzZ@dawPK<EQTC<T^|4etS
z>F@qiiBZGjiqAlM+OR(#Kq&pYC#^eB6{eg4h(iA%<ba+v0<QbBYAdmVAKgBd;S<6f
z(C$*EKhQtmdlyyfp_)BCC0h2G=j$Y)Gh+FFw?M%XQkuyj7EEqY_{re_$No|?TWMRd
zH}_KWnYl-^Rxz#yTmNm!$(3NCSM>=5Cxzk(C11+FFY#`PNabeL1QtTPvJ)q?M%Uj7
zK{5NR&0JwrI2xP=VJ}%mCrqzTjc2}+9Ygt5gXD&N1P<xaD#2*=@Os-yg#K#D;Jx?f
zR{OT$hAiJhjg%r8S!b@7i!n$LxV8?eh#5^EB@zuoP~RW7=Sj3Svmh7(o%aymGq`H>
z860~~Z{>CtK*<Qi4uL7alOq^d$nX+E`&|85mRW|7rk<rr7D|lkY`tnK&^kTQS=3UB
z1A{)b!D8=J;<l`=1Hf^OvXeBj?-JaVOt568nC^)i5B|aF|4?QoFZrno(bt|ORk-D_
zO-2OTc|pmrxv+SWD{Hklzx$Vo1gB~Di-7!&Z$DF3eM-L+Icja}!B@Ss%08^~NC2~-
z#ewi$(DF~uYo27%{G-S*KFF{qKLbgomm%EjH&u>YG3x%Zub86u*$LeByidm=<_E5U
z&$tz>B$U8%2X`S;z{0ii-U^3SsoHYhK4#I>7$x0UI&1^hh0wJ?Lj3y&J#u+~!%JFr
z%m)Jn{c(Lvs;12?J|n2VP3n!}n(ciywVmi{ksfS9T+0UOS4;tO{MPT|<I64DZoIl~
z>m-l!jod(0J{`wp2GBF-0Y`Ec8scOE=fwBUDmjU!JPnYk%w*p}l#ZycNP6f73P|V8
z4vnS;?6I!!LNz08UC+{90k)(W#1`d+rSb`kyGCk|V|;&nc7rr7Zfi4(Us<|79)|_s
zy2tr=9(#0+rru&%Z(B4qQFLc%7LZUVMZjH-^abR2>`_5gcpPHwWkGn8fW+~6GECfo
z`t!oKLx%j9PcmPxEe}8F4H8=GyHeTW9zySZgu*T<$RM3$fz<tt^JheRptUdGkmTPF
z`k$`P3%~RS17QImr~u1!jX>Qp6OGn6?!|1Wsq(7u>vu?6XjA<N3C6k2{K#VM`+{G%
z$r(j16{AFvUjh~PBIZ!S*i5HcuEYG{EqVww-8mbgUX&suV*!V6Ts)O2ec))fx|v`<
zw86n!AIaxE$`8D7l|VKEM9P<<3p|m(aDbvu6q*o^`acdf!oH^H4)}0zv@9xb%=9{!
z(SFqe&A5NPKmp*SF*1w{2W=6z+7o$Yjw`(l)1M3lp#nO;9e!4KQX7REjUUMDK)o9`
z9!B|K(lY-5++87BqXy#JCXWS;#oz>h=dFJwLvh3QrJBa(ywepvs8PB!QX+E%l7hjI
z-eCIu`$2X~A<`;#j&$cOJ8ee1G~-c5F-x6#$cc97yL%UMUa&enMAC?86Iy>NjLbtw
zg#?Y0Hm%WrH8;VUlGWj)%`As93MnyH^>X|!yqdF+Iy+ouB6djm2DRN{;;PDkptG)(
zV9-(NgK;z(-EPZsjTL|8@9Y`wyLS4P3p^lCZUySU{nJuxZ@~-m%jnWT9A*v&;e4o^
zGSHXYCaY#?T9xeQap=5ZdVu(@P7w=J-<_>|E+>jOF~JQcVq!bOaX#k4>RgwC<Qo9N
zQ1a0&H=@w~4sD&qTdQU0MA7Tb9{BS@ZqOh5B`evCyb9;^tb&O662$KabuK)W)ydZ^
zH?xh7*U4r+V^>3wAcO4(e2~B)%3gcej@idRB_n|Y6qox3I9pSA{^5;WoU&78oZopt
zOm3g_{Mb3s(-m07CX3%bN6|3dx=Sv$SBbO-QlGnxRWc3mY?%kuH`tYYU);=h*{P~t
zH-T(%Vq|hj{b0e;*lBUU_jXa~>-9E6ZVP1abE^U%vn7R4$nGJH3JfSsO(9))7M?@W
zLeD3c->o0iMpmpsK0lKxzsl}8V7(R(4XTKZqW*Ltl*sFm2b!tYu;7VO>v|mPKNelX
z(Za8uLR0MA41QD-iKz=+&%$)*DSN}UqdHBp^d2T3|IX&5yIpsCHWR=hvYmbDPIiV!
z$=qVUK#tJXTJp(}*H=vruwNhQL@H7afpt8_ja_ev*mpWK-7Qmh{%Z0#D^267q<T=$
z=Ee*~2I@J@;`eED+}j${xTP-w1(%>J1jO=la{W%)iV3i)1UP6D-&Y}ATOhl{CF{D3
zz6x1PV3dp)dMs09GVfsGG3YZD%aCv^njn!2;e+gMsL>3xI)VNP%GF8J_~XuJiuvrl
zir%4UF<HQcT@yA^wmncij;3f~%$tVyOSHa6uAY;W8dB9KILuHZI;R0;aq;yW0CZc)
z8{}irbgkia_=QNJFErym!RE`DLrG;aH!CVm_8ZBcCcro5ocjphes+@f%q(8;6L+Xv
zsBY@Q9FVh{%SQe>`g7A%6Ry46`Wniw%`7B^E9P0m0w1bArOEeK%yQzAAX-4gU}8JC
zwtCjdt|!QnnM_*hgyr}G3q^&kuc<`=lulO09m%b7-K~|5BiV+4NiXpYkWvRy>cnWO
zih#`psy=Xm!&iNWqz*`b^d&l1F<3udgZbGY?DWl<=*EHTEkMgo!?B&;m31C$IAX63
z_tP%V7O}}i^(f-=SRlDaQn3F>ad&%FP9sw1tRS-VO3EGtKJ#4BLFUH1Tc1bPpkHRK
z7ni9OLue=*RWmHF_#90SuSTGT{WjgR)?I4}FbS*n>pGeyAOUJlOBZzRLga3zYI#0X
zpVUH^3}7$ISL3O^>mSu`9_Qv3hv7{J7Jg3H-1lQ^9a{dSAThgsOd}uT@H-9+mL#qA
z@Z>PQ`Yc-~wIDPQfIcpv-9g%Zr}rq@7w#UU48PWn5}e`n3Ti$nGlmfZbmK{R*F2oS
zvpld^cq^^)X;@8c<n{njOOfh;_{sa3%^7-p+{O;C)JNrJfTtj~E#aL1g$LLO(Mo+&
zt$6Bd<mXu+u>f^|$U0N@U2-n&D}p!neh-3WsJy@d2JEQtPE0_gE<wIYl-7HjJqhl_
zws_287XQBhOLAr)U(5lf({W22)+JbmrDwCK9BZnB<5>lG8k0!P1@9HR&@MZG5uM!Y
zE6~%L<(bRB%k9?zEVWe-6pHi&0%BunU*#P`b9|;ZF7&A#yc>%FIdiJ1VSWW6kT-h^
z<i1R%cpAU7xJvXc(azPZkgjD)fZh6*Z8@t^a?&{~XdBCZB<B4M11~2`I@R}^cJ%aP
zt#cg|pY4YWBjmLqVTe{-#glzl$ylf${u_T;OcM9xCMFLr7xPSb4wOaQuG|5gPVj+b
z)_ff0`Q6y1fNMOjEbGY|7YhuqW5j8SZ!W`X3%9#j|Lzz7x|!3X8)U!Cuc&5Xs-T;v
z=81wnYGKv^?qX2pbQ67dLJpG(KiQJ_4s9dBS)2}-lOLzwh5=JlBcY~7OR}mbXMiK>
z@xZe3py!UJh+%Wop61$K8N&Ez)`<OVA|AZlLcE=RbM3Otp1JoFN}wg_3*FWvKO+~z
zRv6=C=yjTmG}o3(gDlvFjB(PI6HkCOgK*?%C!No)XNTo>JASXb122@oSeg%4>|-ZC
zwAUz<n%%wowc`J7co^_|eCnmSd0@3YLt&}(QbrByD3IP$oUp29Mf}Veva;fsz8o58
zJ(tW-->uMK+K^caxSZcj4n~S>9U3IA4j};*ilz*k9BcZ;scvi4l5cFL4~-7GBG?4~
zkM&Lqv9$z6O#6;Ps553Jih9V6@_W5{KdbKr<lfgN<e<m||6D&rJc%55Pe;Je+1SrM
z7M{i39y=&A#E=x!$7!t%#9p8RYC5!p1I>JFg}C3f_-Y8(V26{p@)mGR3t;}B>MMJC
z*tMPsxs%L+YgHJ-q%hk^-2h?arA5*gbjNw|)XHj84XVB2!fL%FQM!5ADb^iNcVI>{
z+J{GZ{u}`26Wb7JG`d;trD4&?s^*|4xmm3UZt|EvhjPf@!UV`!1VQ_WSeJvAp|Uvr
z>iy54;ONr@;Y9yi&dX%X#8a(X)tHH{H^mL|a?#ONP0KjbD>eun-=t+{>?x_g3%`sU
zeY7X>{u`}1S1N=JfIWj0<K&9XcZqE8Z~v_n3ixHJl8$l2eo@Oi?$+S@-~&3#pQyS@
zkpg7Uv#S#xZx<!z7Jt-}oP(Ws5c%AsQF7bx=_uV2Y`3xiS<PM{u?iBA2^80I{?%>|
zd&v4x0+n}wc%%+gG1m|b<<C6HVIn7Oe1Ob9er7jvVsDRpv~LQl_Q>l<+(iTZA-wj&
zA0HuH9myTS?2^yfF00a$zz~PRova@lu&6`1o;;1r3gtN%069R$zlVXJ^%}zY<X`|X
z`78TcRXikA&rlr}A7dRv<e(BYz!HpGctP$9KgUL3-gC-1CM`>*O1TEQ)~ml^QSN11
z1ydA&rLDI4!In@Rb=QIMFX4Lc!;RVZVOCw)A+ig_2u%5KaUW^~ORVfn#h7a_rBMF4
ztM7aC>MZq{Tr1I+)#XVkx_i4bGp0Rt%W!;_>Z<iEG0O*#wGseAYtYhn;nnCZ0j|b?
zmAzCPUnJvGGBQ&uOc+h&nb*Onb#v0XmAY*;t-VEBj|>kuvuFalss&#LofXljT0ZH)
zr^D)<yR!y5dK+`$fX3Rg<O4A5;^wu&MR<;U{>_>XJ21Lj1O#ci@fuUa)ormXeV{-7
zg$65qt56HDUNMk7_v<ys9iM!wF?wg(f=O(rLC`TrTSqdn$zFs<ZlmN{+4!8!MI{z6
z=yg~sf+Is2S&8OsxM^BFCvB750=&{1{*edDI9JL9l%qc?{xZFCm$ylI&yGM!C1~k3
zB+A~~dY?Y&D=2or_)L5Giw8c(d8&(T=m(v8VRJ12uw>EI{;%izWg7_Jw}{@jyr_Ey
zr7#J<?&)!We-VU+&{#fa!`*_>0Ai1bQv*pIz+-Wb>&)n&JOA_$iFbwowi&Kko2Yrv
zy@mZk39)2#$;BC|>~!aZ@mj|O$HJ=-tb!O3=mR&Ja!OowcGL9;#m)At3xXQPc$=q9
zdBWPMy27U@d)UI%OE%o)3erdk>O;s<Ej<b(ugI&%t1sqBr8OiUYR7ZR7(KPgP4#W`
zG1HjbFH2~H@nV}6B>CD1E*97jo&3?<k|&H>@RoG+$p_hunJ9!!my?wE&bNw{zv>M3
z<M3yGvUz$B4xX^<YKeU0m%aKZS7Q+P&o-8_3@KxR=cw9#iw*}ch`Cf%nfF%)MEG??
z9VC~k6`e9r)_rSuOeU9Vs_tmTtHibk2^$ajeP?Q~NS0lQ#nROQjV3M0HY_HlK}INX
zx*)5zvE^3pTR=-1(0RJle~rYz@buR-wl5bM%XusYMg3TlT($ALV_UWdd}FcK8U`8Z
z5Vk5D?dX4{Tg+-?D;fjosh{8i>}vW>m15C*&&K|(R^ovP_qV3T<bg<0_*^3CSRm+_
z!S?}JCr%8sf^>VsFXbn4!P7#L$1|gx{Ft}4Bhjku`*UT%RC)L5{$@R-!TnM~=qSJL
z5Nkce*VGv4<lcLt+g1w8Uen!mA30{+&-uZ_Nu(z>k*CMX8+Vqc-vd{Lh!k*W&m~)J
z)oxGoUvR2-5_VgE8j5DsurKWevawapI3RZ(>q%kScuduJ;WJDt{BX>fgw|QWQpKRh
zh@JA)z0HUKBoTiJXfl8cZ#(8^;tW)0$olhp3aI-`mV@#bd$Mq)lq35lZ#+r-(MUrt
z`kP{|+KnbsHC>-8H4!dnBNFN~M(`+HkVbLZZ7G`lbuSWixIOI0i5UBr!J;FW;JjcZ
zb~+6UH6@f|kjC&{c7hKD&ad6@ylVB*JlRnqe&YV!A=nTAQff4ysNPtclJ785F@21~
ztON?s5a~-Dz(Z=Q$CBk|BU6i@{tyTUf=-Y9>#3d!Nb|H1#o`^=^%GdS;#&<9%v>Hk
z$^r9rfq@EFo+ZiQYvL<}U?-L{)XV~yx478|p^1;7%d?*Tva72T+9w$LYpuS8Pdwfh
z-Zx@5q|u~MowXr}o{l=(Kbtn|q)2r~o{$6IGs~dToYhu7TXiEcrBpb`aA-2a&eFEZ
zonEl%Sx#cbLT|nsrDx@NKhnxKZ;S))wcIs*=%yJXJlfL#LJRO;)lg}?$Z&*Jp4MyE
zd=gLB2cD$K7YlKAEMKWt&NtG{%+B((UcHOKkfIn7-VT;n`d%{tk(O-c1rh9AtRAM)
zC9S;Jy3*1rKE|dTc27@dl*YE2({7Wdcd*DB3(aCXI5(Q-RKEdipZqMBEFn@cHQf^?
z7Pw?D++|A?J1Y&T*EX1~?q&eLu~9KHU@L?KAuA#Fz3s2v@-KEhg*lHXvHfT8Y=2U)
zu@dqM=!{{EH;4;SJ-Y**)?K8?a<7Dskl)8w9rQJ6`GGCef7chIN#DvEqUdZFfnoLT
z6139W<T3FcwOY6$E)(QXOJ)B^OBB9Ri@*u;jO4nn@q!<(-aDMbCfFnGT#%sD@*GBK
z4{JN<#j_t>G-qgIeHVOQFC%BNJ54th`MPgF@O9Z7iwgSxP(U|a7~U5Ru3_J9b1ZL`
z72sAF{+-YS@=Z!6_kEJGsrRPCm_%o#m;tbZUPG~-)2sp?7BHV*nKSv=Fa8I5pDJq<
zk-oun2IaR59yeTX553iwg0dH1<Vc#-h}5)27#-!4YPnrG5Hr+csQ~_@kX?ppUboOj
zMC&?kx@G3l4G(GMo+QIJn5vq)^TXXqp>TQ2`o2zNn%r1xFbk*<vV>AW@d^$D-sOU$
zlJVBzDhlgYwZ^yJB#=jFX)7hMEpr;=v%u@O5W}89J^CMmj3u!P`p36|)EA#QwIgtg
z_`aYtlN)y_nj*Bg&Fa(U%be+aMuLb1qgeE-WZeyY`p-3znzxEyp#@TQ*{pXNIE3Uj
zp;r1-WDhK;v|=B*_slw}30!c;2)dNqDtW5~`07U}Qk=Zp8%bLd|6h3pso^ABQj2Mq
z)qMZeZ)8%QcIp=&$54a%gj3%9|5FK)jRET`nJGMry+gJ0So%1(RQpyHOh(eQasqV3
zeLR<G4%K9?G%Z4!;>j#hBhD4rg35-;ad))i+?XlCoKfKIA~a?TnO?n|m63!;i>4er
z_r6LSX<M8)=qjl_fM3zK<&ME!j2h^UjlX8jDpQ^N4$!sVH`FmM+SG}Y?<<o0q-&dQ
zqvytcU`lJ047mgpu2q!w!y428TlA(9B&UJD@f9xVM^ZVjGn)I%`H&sNm4@1=Bk@)G
z_cx`N-iVg6*|rdV@!lOhWM<_>3lq{JJnon{ZUhsG*g;1>&g);6y4JqI5_9TEQW=ka
zg`>>*3oU#1Y9dhc-~f9Dp>3xbu<Xn`PiP@pT(s%svIP5TnLPS61qDz<`=i8!ca*B5
zH%ACBNMpaZu0;Z8nv6g5%HR_sDqd0j&&aHa<lr8601q%)HL#V_2cXCKa*8a7%3r3)
z?5G8_6kukweTgMF@~xoW>!_42NBOdg_Bkt3TuS7dqWc@7lfmd6wBiWwh11R@`hmwS
zAkETs?Ot<uv(-T9xRR)-#OT8}N5QKZ^?EG$;fu%DjpXt4yANr3)X6}vycH0NdGscP
z5%@Va6tBF#Dd@_an_C{9s*=W=%u5KLaf1##UaU(r#m&3v8S@lI!EL3eh+PC1GraWA
zf!|eJ%Q7zA$kgo#1Y?1MP&!&*{4BrD>6>+B861!7ylZ<d6+Lz7cj9(~(RALh%nO1r
zI$w6x-tOp5E4TPsrmeMNSXOQ*-m+(UL#tp)D>Fit*7s3N->M`DE&+Wv<heI{a+?X(
z<x?N|s9q>c|GmW;dSt(pOI%x=hGlckmQU1K7H~KHA_K=>TYgP29l}_F*EL>v>}N^2
zVMN;%0#$k{@kIs0Rz5X+>N}L1XGhDJp>ns2T$=z5Bg9K?WU)&C$?Fj;9)Z$$&vnbk
zYjqIVuBwddUCjA!(IDJG>R?vUc3T(haU<tPY3!xBnT{pM994-;`nScUTJ-h5Y=1xa
zqS^~ckR=Di13|BC)YnAl4Gg&tkmpUhuhH2a;=?dr9y!7>TnmIUtOvoKj;-u3-S(>V
z+Y63Co6j&y+>zxplM@z{p-q0n@D;F|Ufr&}Exx!9M~Li}B>~rZt&JHTdMtJ!9xFgi
zc%HzwFgkdcvt7QSo3(g>Tcb#B=g5R|Xd)lalHsmxlA!A+Q<B)?-Sn!VislSihYI0W
z=|w781TkqL>&P#<OPRHz!;^a;#%_wKvhivf`pA|S3H9%?f?B)qqWAo_k5ASw>CmMe
z6di>IfqB0**+@US;J|l~c2JY{suV6M^EQ9R2j`NU5MR3ragXX`B!N9g_lvunirH$W
z&Dg_yRHVlPh9xpZcEAmxf6<eANr>R1#Sf~o%{?sg7bnRWLRfadx1n@e1IVTiM(5--
zqkflD+bp&r2kYCORaaaH$tKNIxKHtxt+tVHFj=v+JKkk@j}pj^EZjQa_%#}1&-Acc
zvjNx<)<0Px{oGt?svAOkUzB|A=YO!tk@|YfR6Fh299CTGV`j(3<+D^A@Gk`K>~QcH
z>n+j`?^$Q{k_s%~QDt>k&&fF|3@PhbKas|S=)r#9FlmuwDC^R-jE7%@w!2bM?!>Kn
ze|GeVUOz)Gdo8%J4Vg5E`xRw)0HD#bn>dOT2W!8ErRuR5-FE@!jwH1_@}<*;3!}0I
zpM!Pg)a(b(ulkL(U<-C)1`d-^k7AILWHX;#VK{o9(F+2KEfMH!g-Ss3dzsk6zSU6|
zP7O)!c%YjhZ41ZvM`@wOq@fv<N@B9B8taYr>>Y0=w}$IaIEQ{24|{K>^ZBLy=EP@Q
zoG%FerIAo=Q-~mIvlCs1a4%4!6*Bfge&~qi4)kL1LU0<gCvN@`g=Rkh3Y<Q9<gi>(
zea^EjRI_X7?a_CJ2Y3C|6|~?mSevMjh|q4OAI=ow|05i5X>pg`mD`>ddQlJ(IaL+j
zj06-L79k6l`V+<kBrKY*s^)?D7KgxPPw=Xc<b0k<!UWSN77D(r$C{>Ud8o6}yu#bN
z<*Bt0A$~yC1n)aUh+ok^0?YLzTQ}rY)%%4{7I!4Q9mN#5C83o<AxVh*5>Ww-HfzG&
z3uzg+I-J0W8<~o9i$|_Sd}ok>J5ve`xre9fq>EM)8A4_FR4u0+hmi9D(3hdFWQAfK
zpSnu1H?vTq<+}n2y7crgOFibZ!r(fxroXJVf`o(1zs^tKSVxEYXkKly^n>Qwih@nd
z{LL8L`u7FyC+EWgn(I>xY(Q?4P)@tu+-iz9#yNh9(XCwqWg0r82QOmgD!G5KCAJX4
zoFo;UTRfel@J!#R6d$9YLMKM1Jn+aw@20;%Cys1Z%>;OdddmDhEqW>9r_U3L6Z!=|
zzGuur*za>f)A>UxsqnrQs>1QAIITe##e(IKCa3l6WU%orfHcJE@931*_iusgN~Pkp
zA|~wT0A|yD8<OcDe;l>{!lj&9q{&|3xLG||E2&}Vn~0TGk^pVJ=5n88XnJ3UBU%Hq
zVQeiy7fsLs(N0D34(9FWQ~T1(j7K92VWmHFPccGZh-$}dH5T4mBk}jDKZ(ClENhaB
zV=Jiw&v}j>y1;>Z==>TT#WD?tGr~4V-j}5&@QbYHgY5D)OV%x>?ayc)8Ch;5o-rD5
zk7g@Mv@vX?IS{Ni-WLExIfBMSFkXgN*$0CK`%$m>A4((UEb3+@wGZY#1nD-JE4Zp1
zSiw<)ckbo|aY{`^Oqmd+)v>`})IG%3R0S~yYrnqVXNv{s3b??u3)6d$%O1e@T=`ks
zw-6Xl9mG%P%b$)gqKJvo6tqWiRNal{KReca4u^qO5ynqnm~tNwirQJHyOtfuPM2*a
z!!>T{@)U=Gw?P#^!mYVPbA$IBFU{-QdKiT!B!)#ny)X9moi5fY8Z|0)J5Fz*-EyMB
z@{cw~&qu%ZaIA7U6R9U<)0!wbqqQ9csA+o7{k+5a(zq1!xHfik1JB6wic02D>uymw
zAOwQzh~TrXj%2v+!Tx%{*AWHOys3o|FWyxf3Z_+;Bw7>*8Y_k4qNeI4p*rT{(ro_Q
z`GjuLqISsPnJU9Lz*^N!T?RqzGMJ1w7@xv_IwfUd^xz?{!eED{Dh4N#Nud(8y-BqN
z&kc%}ym5j|Nd*mwQ9?Omk)8^dEDm8^Z?;4eM!kmfxgJcU?uCaejZ9y#4q~P4>?7Me
z2WGj=Z%}^?o3l>jSVGK<+iLB^>?vP$NhWRx2E{+RQAx04x#cdAmz_1IJzBB3seieP
zG|oW1&M?~VLRN{HO9VjxM1z%VUK`AYU9#>Z6XJ-HVum4HZEjLODU1iya(<)1`(Rk1
zlM@?fTSoCeGF86<`)FoE#iCqkMBC5~SVJ0u8m$C{Y45R%tmm!|IP;&}8x}zXmk>YM
z6ZcaPGk!zqj$mtG>;4V6*mB~Zhv^O2P1}nUDB_~B6~MHoTg^=Ipc{?$4;fnPTR@&Y
zCYVLMEYN7Tsnf3snxT~||NG0dB$LT)>MA`1zc?xB3QqyLS}GukctMShN<@)Q+%rQ_
z<)@GBs+bPmj|Q+i0p+%&etB0Jf}=8MgbzBy2Y6>c^pA>B1JSVNjaQMJAQ%JbBU0;{
z41<T5OGW^9Abavlkowdh8-<;y7f}@My<@91k4X*BIN9dBu5J0U9>Jp>fokn*px4CW
zBWSJC2L2E+BeZq1uyE*Mg{MB^WNd6GE29)k!6tk&-Y6F-&DJd}F?JiwM8C<!w<yC<
zBK60qZ8e!r*FXFOQ|+K+OY!rNIK>de&G~7BOwn5#9Qo(7?Uk{$U9p?_eFVP@RQU4y
zrMYjopA{)|m}N1OZie<2RSjm@3G1J4O1TimXy1(MD@`QuDcf5&5tB;u5Kf*r9IsX<
zpFuL1yPelo8FVG~F{)Z&emeV+<2_WPhqRxX`PZl|#dUUmpZRrPn~~baQp)0=+Ypx2
z5JZ1BoyY7hFf^Y@SbCIs+;Wo(QaH^O!6z#rHW{4kkb(o$9HY^_o_ByL5Y*^CoDvyu
zp>)V=t*p|@im}Ioq-YVAEv5MRO-M5rLw<fiQmq75OymS-_P>zX;XWK_3Wi}n@dMdF
z4TWy1VxGybdpnBo5iwF20@#k~Cy?`h#J0xGOEEThK_KHpe+K}Om74-A`eaoi!|fd3
z#e&qRGNV5DBY@e-|1$vpJdptt<*pR!?nfeLlbcYQiiz@j{jM~OBh$q`eL-~H8d~U7
z1xLNRhXWNcrGhxQJPEFo*HaI8w4An{yz3$Wjv@P&LXZg#RTQA>Tc)?+isPVOK0H>N
zhdypcZ-qSF@3w8W&@k<;@~t8hu$wD#i;vJQ)^FsD@V%1J)H2K-x#3m<%qNv8A8XR5
zEyeFTqmC2aILp-Y6Qy*)to}hpI&+w!l)mrY?O^q3I_{EoCP8aKtmF25j7YTd;;7Sk
zA)?PA5X**5&2ZRNiD2OEHPG(<Rv8tjvn*4|_%8)(m>*mRo#X|Ma~)|p`r4#`=$@Jz
z&dFF4YmVacZaeSFUUTWkCnNh<Jd^Cxhuw0v?DNT@3PNRY7S-lfH5O5^hk$vtho~6S
z_w4e*6*pCEFgwCrgT7{=3E--5q33aK-cTV8XMK0)T@@meQlfp;{*d6l?{k)$<y7D%
z43!aN0_^{aVQPI$DAJ!G+iaI*1Pa1XwK9ME!jZb8epxE$^(q5c^8HX+qhpxvNZ2!0
z0C~H*!(mg#Z~Y|ouKB=<dhvv!LI+07OE5$aK|7nnRiy%97qmU2>*8k7B_51xeb5g%
zJEEvCoC7<V4X$2fIc%2q^X;M}fLOoE!nZ2#E`l_2aC!M!l2FmX_CDcIQSTuE>W7dl
zG}c}#JqecNmO-~hYQ69^-2{YFrOJUm(KAp=03rkC7*)sp7iN1AUcxIv+H?E-o|#1<
zr3^Hr>8H3o;Fyzo^Jf%}#K}NeuCO%?hqG`SOF2yAawpv=r|(&H`DuuU3}pBNXzmCs
zi?^lX`?ofHY1qO6vIu^c0`7n$_XqF?4rAe<iH>-t0QJ;6w34$sNcN~Xl~<c)U_W(d
zlxg}ys&JkQnwWO0CN{v)-_0B|*+ij&03XiA)hkT{qY7vpuI>qu9vSS@mNXP5VTtlY
z5&YC+zP)vOs8ZpE_ZrAPU*A{3PQi9(Q=+She$gL*5=HK(PdvMp?Gq!*2yHMy(_aWM
zMrOm{fn^}1c&m7J#Z=>#$x6kLRuSx1JR;8hn0?8VnofRLnL;}KBYDHa?X<>f$)}im
zSp1P63|G=#t($X8!@w<<v003c>I7KL)s+ewDQL0>9nMBmnE0B2Idk9Tnu~@LaCp-p
z%>!LEtvAjd<k3^x*!r1~&T%yMMfNYyK(9Z3&5YSYURvjuHDT>~s*mFoWyvPi{G5ui
zD_c#oB37JT8{I@LbJ(5lG2g3UL~(FvQA!#Fz~UuF2xG}A8Zu>-Sb4=0fA$&A>MGzn
zE}F-Bp3x~MbW;{7JkA)RFZL8;&3JvG+=XFBtVGxiVkvR`wi694vJ*xlL-7~?&Oty7
z!xVtpplkE$&z4FW8pGN|7*QAQ)zx-ArhKzVHk_l<u|(9TXniU+7=EfInny7bN9J2q
zJ<<c#qNDN$Kd@P;f(m==Z-&<T<G7?nMq#!(1r?BZ4ltam!mR%bG*0_FutjFM{#RON
zPW_<qPZ5Z!0D+!@QSXzu*y{a`ZZa!+FU^2BFM49YTbUz%KDDm)9#<WrwW(|gi&?kN
zO_(*dk|F9^NvEIw#^`9KPF5!-vZ+uLZDuO;Oge%^Ma3l?f`*nhw4F$aA~v70DiZB)
z2q0B2ueV8~f@0)h$Q5d;M_=p6s#&YyP`x83<5H`lp`c_tJZDn8gorsn)N-#wVjdjT
z(Q#=GKzZZVvNs@<O}o4#ScPsyu2Ku})!ZD!O*Zf2PcOQLnGMHpQ{v?PXYz6(u#j#>
z^ZET>5ozrt&F@_TDx79&%(^@nu2LxCAvPth+l?eRFzxV<3<JkQO6Uk6JNQx$Nf|1R
zA!jb^CeUByW7y+#+M|A{AHsAaQdL!h0kfmGO<7CuVhgN6!*1wTMd!|u`R~dc(VD>F
zkGAYg-Fdzv0Ez*S&JLk~0)OzHCc@V3{Y!UJgp-|-66uQiM;2ePGwGNMnOW{n9Pmh2
zWc|Z)GcjdMV|V_Kn+ZPH#xm@1fgi{*3JU6RO7y7&LW$r}!f6(o59Ru_KwbO=XU{AB
zdoY@_$Zl3t3S1)S_af6wiv%p7rzA1HR3`CcP^JV?lF0z#XDZYAHJax1QUH0nZZL}M
z$@Wa7(l5d^>s*3aaNfRZ{1gWBb$bJ6a=v|8KC0$XgS|s&o`g6!xdyF@>|%;!cX~@b
zeUe6`h*LcYF7l>nr4@a)g$tYYOs)b%p}PS6ek=R%?}2NRJY%6X6XkIX(SG~MzcPq5
zZ3pcV`TtsLOw0GemC!;Q*z1)@dd~;vkMJfuBY-1M?H&V_W`yqdLt>UQ16g)Lj|gtv
z<j*Pcl3$5tEKY$Wz|S+cE47M$3*ZtB)X-k0H<nt0{gy6eh!t>YOQ;ds`Mwi1;8qwN
zqXe2J(Kzc=D8U^GoCY|i0@31`F8YOKTVPGR3suyOxF*=QfGmL*m0NQh!doF$>OI`3
z8o5$r*cmLU!qS^KN*jeqhi2p;i>-$7(AEi<TUlq<rMhIBh;JbIOG>b0&bu_SIXH1s
zwKj`L>^>OxU5*A6D2;Z&Uax~?T9dv^IAWupF)9cXHW(~-G}%o*V{i7*LZnR&a#^u*
z(7Qf$Q2a^;3q8bd9NbPZj88A3&33%WGo~_nD!4;O91n<<BUtVv%+S+W1+-|V?zr}a
zHf`(+=W6Db*oBu&!9EM83)Ksqm;QhF0zJ4Kp1{&vb4h-A(5oF<g{xf&i$i}?GSZTS
zjr?U$f+C8_@mV@c<uKZc8U7BO{5Y6;1hASto^)I(H_=QLPTz{_Pua@RJlWI#kkV*J
zIzb2Qx=2FiL8-YQk;nwdmBH=l$)C<CtlPvhViGRluuZ#6AvnOzc*<W69cNletdnbg
zKsCSD`!;jts9eB+zF*Yhvn5Fk#XZnnG`&x}NSL~X{D``a5#a0H`YP>SD(10ZgD)&Y
zuZ%SM@J~(M@y`E}o1kqBEQjo6wq<+=wGAauSc`>6^Afo!*#+hr$JV=LGL4hzG4(~i
zJU@#L0O5uC&gvbX<G-?JV@oD5WmThKnWLjrpVI-z7ut+G|GeZs<+daWS|}jFxTRqI
zdw6`(QQC-3f_EwOgzrL}e|1Z3{>iw{$o`nqyM+UH1|x&_1!==lm?+$|Wb1RdbRk6?
zC;U@!ajN{9Yes{#9|-G+3~Cs4m3o!1P18?|5jzpa0QI)1z_fE%It>5+pE^ePab|K5
z1I=hG+cF!nl0#wA>Qz%cyY|nSyXVfw4+x^>I^r=e7>G9n<z!9~Bq%!?=0&2cfI*s7
z7GcYi^2OUP@MS+<JH;^EXIdkr292nZoQ&IT%JANeu5B*zh@k%#GF63fS{23-NYboj
z%xn=KI8&2$j2Q*RWm5_;ku$j^Zmj=(NZ6H@u;Zhb9W-o6c+AX+u`uX&lpv1l2lihJ
zG7j;Z7FVQfIzb>MxV)7a66xC8J5Oy@5iA(|HhJSbV5o=bMtM-N7>7v)$WkqJOik(J
zpJWi`#A~qjRzOD703~jGb8dPlKO`&p?_KpR)wFmL6x@C5OBgD^TQYFQlQ~U6VI;;j
zq&H!K&j*0`us@HZ&;QVrnZdUX(~}4sN<WL%o9i*Fke)2HR?@=p9*t%&pY7YA&t9H5
z+|FF$B*s=UuS$Z=n-y|tuV(6^h(-a{(e3z4p%I&6&P*FO?M@yH&$_low>pg!eqbr&
zYx&$VMbo7gB2*oLu`_D7{;~q+jMKa399^hUC20MHUs5Uaqi1w6uJkYmCW2*k&0zN!
z1m+jm+({}fzdyY4LZmAczc&Haoc2<qG-=n&QqiltlP#TN&%5b|yGGmys{6bp7u-53
zAjXxpLY7E#V~@Ana+1!wDz8@M^{D3&5-ZsL5GPG>I+*H;ac-=;P&-4?gkZtk5VB|)
zA<$Z%jY-0U0rufYo)42xD;wme;~n4<%aBeO$Q`>56Xed}uG)x8R+SN?juR!b(UXm^
z1py(l(t4riA68OB1x3jl-Ln&Dwt~2D{a1-TUx}5?IJaDZ3z$%y25&nrs`(^7m!9ep
z$#)Mvl}(9-E@>pG8Kc^2Mts7fnXw{xtw~A&{pJU6^4lPimlPG=KY7#5YPr?sG~M=F
zH{F#;@kkHkb2{-e@|ZX#+P0!?Of~%7=o?pYE6FERFr@%77sNH9##|)I-K-`vatg7h
z2lH&qh67#3$w_Yx)Vw0IR?!5bwKXn`wY8n8f$HVj7ijyC(gs=6HPY7T(J72v0$(4t
zWe0c9uvB+F%Q{DMz|z^%cGwP%v^b(A`6!xxh+vrW``L^S6T57+tkzFQwgBBIPGfMZ
zBr2gCTxzEV+GBOnogzqdC~Cgvkfr7gKW|vyY?WdPCOQKaRE`7mikYig0J!=FJbfSK
zd@=A91!L&HqZa9(9!&0<hu~^SC+m0HqHLa&9Kl*vp%j(n6xLj^%O<vfx6g;O9ayh*
ztFAW?HN?Z=5!2&Jtq^lzpDy;LEQ)9eW%17!Avxeo2YzIBY%&ben;ve1e)nx{#%-my
zVdP_eX@kKL72J}L$)%y|x{mU2^UwizHMYi+TtfQ8`X<q)07e+Vm7WKtHS_f(0~$01
zl`<c_<1`tVx{u1>!9xeGgFDurgjsgLpBXl$T^Nn1hLnO(ffqNN)!|yFl)ol5qJ7s$
z5TdjYnlIQWg?I!U(56O6W8r0dsV=)6SgVIpVnQ&Bm|!Ml`_!mnDUnv_1YIBbq}h%m
zpggYpL+7QZc`hq({6_AF*E6Tj_(J${nCR0Tt`e(f{(@@s`8Y<IK|}$k(ljww*#mrs
zL(XI7ws%=qgyv{}eMVgj)VQgRf#pm=_PgiI2-bqh3Jj;!j2a`#g_-qLWV0TJ!!#EG
zOiP+)>o{&KfgJ^R(s5I0;vE@&78nW&TiKSeM`r4V=oCZ?Vn=`6K1rY}TKoa#Q6oTs
z{yd8S<cD=@Kl0V&j0W(Vuf_S5rRkOsUF!P_5rjWh3EITtx50c9$9L4csDUgRctM^y
z<fC`h3fWx|%PhLHlGbks7{957fQ(yid!{V)VU}`)c1ng>K9NCpZ4OP9F&?WNSL{b#
zMDHO^s#*6TW1950=V?<G4_Fjrf{6j}<r(N{Dx?Ttub~(}>6XL+dRegy8^@FWUD|{-
z10<G{f;^$L4NG&U>Fq<<dYq!Wq{W1lWcsL&_)&%~TNaEkMl=WNDknLH^fg1Lp{dSS
zu^!~2{tc&6o|ydv^+sR~g|px4^M)R_4pE$^jG(YRaP^chxD|^hzG8;IerE(*q~z(%
zX=P?laVk3MI~bYwEY0AahT-ShudV5R9tKlt^$+BQ_0N7gCGa5dhzIlQZ61pxhHizE
zr7b|sD8!m}#VD~BZI?z|!Kr2JXGwy?^=f1yr2<&7BDd!87CfUw*gE1b3cb1;pW`|}
zo!a5Z94MXQ3o)m44pm!O?rA0jL`xYkUx0dD3qBjWx!3!Y@e!fwU(Kt%_6*uTTG6ur
zP?C$l@n+n${i#2&15y`X->*haf;&8(GGg6lczL3C_Hu$mP}|uvASo^$*v_59@xTjP
zI32X3BeiVwwjnBQU4jNIWGf_^gwgIf_wV*=oCYo!Kmx#d7kXOg{ou2qi=+>%G8lcM
zrPy4xKGkS6-jf)5DV|*e+YBRMMac~?+ZDay>#3K%DJm}stZr#J9YlCRwNS)-#+n($
zns|JY7<c3}cey0b<3cJ52Q|?+{Js$gj}uEwIp!HFSTB`O=IEMMWY`%x{sIL@CzocL
zRvVVr=9+8l%!V7kGX?&1HQKbH+}h;>TmT&UINMux)4pbdIG~gGkM9CFr11(n$XFeR
zzOEX>fuDLjC@zq;+4?$?BDi~XCKzt~q5V#ck%-VOpk+23^N6QD;xM5I!ZKe!f?o^n
zJnG(s<MQ%oB||cwEWSBKB6YbGF&j@R*gf^WdvFFmjoP%{N1f&jM#4|YU^wfttMTOc
zt=$J0llPJS?srO!yL%D{3d2J){F}xDCyvbN?pa2z(xYGPMm^8!St~Ek)^a@htW{^D
z##d<ho~wsy4CpLeOtQKFEL_(G0-F~Z&`x)Ypd{n=7`VHGlj!E4fXg-5iCkR3COMw0
z=Ac<@uS5GQ>&^0dla22+iKy?X*~TU@I*E?TO_Cy!9$kYxGU<h?L4-2iqHmF#K-Ky1
zG<za${8DP))|W2U!QTs_xOcgj9##}^O%RN{(;4ZjiJ|*qpJkpxx&%?c$WGJ&eNcdj
zEPAf=ntV+zTCMZNx<;XKR_88-4*c^1#tdf{@E3enz(5wVe)=qv%u969%fQAG-&iKY
z(xnqU!Z;$30daD6qh!Niz<pgr5Cs9%b%>N(ZZ*C4_eYKL{Fg1+IN3#GPYpJ!=D$U?
z%8a$A!p1HqUSsS0ZtJ<!T$Az`6e-|-XeyIUAIy*!%Oq(isE-Ih-BeR6+?N_YRO`i_
z(Um{jV3|z)v>t9C4|EudJ>d|=vgm10T*cPJra>Dw|ITB~GvA^(KvjtgGQ19iC$5;A
zdNb2n#!v1xElf7Q862{)pa14xz{kjVIo}U2eBG0ILo0TM*Xs5z)D@LtT<%hmm#F=!
zUlnJ)LIRifZp7(C0^H#@y?B2k<~p%9v=92$1g8e-P0gtn-mu?y%qJO^tCk2PzqlyF
zD@&RnBWfkf5ARZeZ|XsXXuO8WF*r^4128b;9v)D&k{%K72K>BL#=DavQ4+5l$;L%^
z9LgU)Fn!-xiNTk*=>=z~Eg*35IB#N%Q!OyuI>DqCNX|okirk@3qa~HowrU<YCngz@
zt5rJL1vAx3a#UvtY@~%_1iWmeYwHdaK0yXNLYbDNA~H?3)cnW2XC_iVE5|HWOv4z-
z(IBT-pG)&2lOQp=!aD?icY423WyI#|F5U}asD;&yVxE;h=Jc3)Mym4eS9fak4cpHY
zou%zXT)K+ck`{b%Np?VdR^xIVUi#e?dZmJ_Wp6Ju4!-5U4$BzBP^b6~(&G>AcaWaU
z3;&G>m%^`l=ja>KkQg#R@uf~HiLj_7*lycM4#d!20!eRq#^e_KDm>GhoTWLHT{lzC
zy;M)$xSBrW45bItCH|O_mTx{dU9h-ma>3xYaSFFCdHMmoG_JA+N8d^$z00a2{#gHN
zetwHrzuOQRkQdMQ_q^MNQ1|w|s8#I47`LjIk{@<EP5um>M9;r!c5Wq0fF1$~V|yJy
zdymU>_88NjkA#>D07n)syfO3(`xs!ndo-&z*!qdf6g@M^G&5;T6(i$4Cu<MTpM)z8
zXQp{w5b{!@t=}hAyUAn!iSWa_#v{7&6Q|e?Gb3HUNt`?4Sx)_1df_87;7n|74*!ze
z+8qRx7E7uRfk8G?Pkr#r^lyw9(7T>vVe#2NR{ePFLsFMuwFC{G6?GM!?4hQh&(t<G
z0WwzbNRjf4#?_$MK69A{aCqlD6XOM4{LC%}Kk3G~*7ZGHj%E++3kyo^r1I{*x$-5w
z)F22@3t&F@%5>c2B>9lWW7M53=~x$Y&e8(8x*1#&x!UAjnx%Ndl}0sv%%7}ib`b=H
zc?U;DQZby&p~WQ1k2_bISIy}kW9DXI98_r?+<h8odG?2+DB0lT-yczA&Ys~+_FQ*_
z$hv}oZ8p(=swd_QvmpoJA#C7n10w9gL)fIF#j%~C1>99DZNxsFzOcU?Z^_}(OfmV=
zefv1ZCzkI;p>FU=Fh`ipW6s(6;tKr(Ynah^FLO=gGf3^H-9oF<PMR{nrzQ#t?ye&0
zM0M1oaT=z}e|A`m)_4}UD258iVa^&hzxm($raUo;<rsUs=p3(?N4-SB(uY%+33J(6
z<4Na{DZOw=^mhvbg%_(K+Fwxb6^%A_D|_d)k~<69p$K{{WMr_7=Zp(=*_9s<U(ZhK
zPUe>DLYpLbP<+ZnNzPI2Ra)ycFMYEOnXRsK$R_DQA2!k=Qpqnua5x$y&toNcDc6lh
zbi$dDd5e><^{R}{Mw_RN?se2!$XW91jyk&C_0BqtGuSHUgg&^X5nKyFM|(qg#`9gZ
z*wZ5oZ}VdukHo(vDr!o73SSKh22ZxY)5>p|W8bta4h-U4OHP?g8snl>jZVQf(~Q}|
zMtQ(JA2m8&i3sl~fHUYYz0n9xIsiMihEc9T6G3B>?=&lJaV3x%^mgspp6jLrL|q**
z_IUx&Fe_xSBgU4LHWmB%q=JS5yyq=G&PK=W99pdAeT!=$vUo}ZF_o9jA^(VHwDvD4
zny>7cIouBRIWSn#|4eec(g`OtJX4<5aui_-0g2w_=w|lxRUOQdQ{Frxg;6r_nVqIz
zjn8u`vqYjDHh9EBuKPXM?~r)>HUz`~x+7E#I4R7Al%5o9vvzdI3apsi{tO>T{`=~d
zIV<MjJWV<Wl_N*qNy=Duor*>*yYN#M;@?lf7rgylzo_ZbMZOOrH#tTGJUVy`0O#i}
zyYu#tCfxEotd&Uo_#MX<b9aV$FWJdHt6@N3s;V~GpTVv=3<zjtk3JL{{=^FGcV&!y
zr?N~3lyEzYJ-fs{JjKP&jll<)>CZOdzG2cjDAoj8ynx^{%JV)6Cg&R0Z|RUCSzSTD
zXUiiTJCt!BgiR5Z2dBx`re&Ac3O|U3T-RkeE?BTsK+Z3}K@v+1vxz>`si8sc1`7(e
zC~fS&CoIneA6L;R$7;jG%w+0+{$OhtvkaZ+COj&Ig$*BAyRDm9H0FafaxH!L9+i9C
z{DKJeQHZodmM)3{+KOp`WpAdn;KEuZbSHN6tAY8?7v|l?nArT<bd;0&v4F-YF+|@c
zo<2LcXo_1#z7Zv9;c%sGFPwBXh1E>Eku#3*RYrv;TE%Hk<n4GmKnKhTr@KaLJPOi%
z6^#D`^h{D!g)eau8u(0$^78i+kCZ{a8`!;>F(}s+VyP5m<F%d+1iUrEl5NHAaAs8t
z`Fo87Ziy)M=hfr+g%306$*qpLm7h05Verh8pD&6&_HZ(FWpL{3<inyf_jESk>Kgfg
zzBHD8up5$j*g?ZWKZVx!=f5>hK{5d9#bj~emz+d{q+&!mSbU0-dR~k0`ju8n{1?2f
z*zq0FSX=uSf`Ru@X_i?T+}qbxA7`<VqC0Fx4O?bj#`!i6JY;e}6U1(k;p-M7Q&B?a
zkNk5upmrh4&G@;?B5P`XTaay6%yyF@hP`Z|PvX^{GxeNak>kZXb!n?8(TzNmR-d)v
z(U|eIw7nISzx_{fx^ZvR=p&MZwBwK@kjtz4EY~EhMmP?%m}TrbOKAY0DQpPgAfvm|
z%Z1)UDWTH?0{noipaEB?_9sBP8zc%hMv^!AE@1%VJQR|N5=B9tRVq3GYi}274oD$n
z1Ip?WMd@k*VRY_p_I{dJRzPGVFQ118MT8geZyZ3#y}!K(cL9v9I|?Ad8)z>;=Z5~6
z=)inv_tQ2B-q>vL2B0$dbJ$-WxsId!C>HS%1Z%%u`NSgnHwNVa197ys*11D5O*`>5
zqce@<GsI8!<`ntSrTC1(GFv2IeHXi!Mv?|8DPLLCMs*^$sLx-~tUg;BAX!e}P9{kv
zd3UDvvFX8sL;lYc%p<}DL9zqr{TXzUNHre%x`9UY8{-Ed%$3>*x#IgcW|HGUq`)di
z(IGp~E(a>GTocf!vD*PNmQ=vxv^7%A4#H%YSmVpl<$_SLg*Ed}kjKewooz0?-RwwB
zMBsL|mrV)blPpz6;J=$+SJFHy_5Xz1s*SWy#y+RGg==@0OU(|XF9oq^N>%A)`@FK#
z7#?_OQ&9e{;{Grrhvez%u&{3pMX^BS_P1N&ElsUDdV+XfcGJ_s9Kc|&ew_TI9b?lm
zDuNQ93)+1H#Cza`i&p6MzMd22;<2FQ&Gd*geKSy#(Do7LV_!-O6g~*4m1Nz{L`3C+
zCbJ|866SOf)e2=gtcdwY)o@D6k#X=a$+Co}TE&<3pQ<OBGx<=F;d%B(Unfs*X1(4L
z?G>uG(*Y8-vj@xcpSy-k^-!@Dn>t$ZSNM+T1<)I~{a1C%tYV+!=>-|Sd~Uv&p&nP`
z-8rVPdFGn8r#*mAS0p_o*6D+Imzuv!OAP${jRjB18IY`S&Y6G)cw-|52ABgoR$(Dw
z;N)OPR^Ar>>8d>M?xKtqj$;C0T<U9@WcbHqOZ@(p{yJ5L7QCcuj-Of{nhuLc5F2Lr
zCOwK{t?GRH_^)1p)jedzAYKiGBM%T5uYB7z@ee^iJebQCQSBC^=>OP+bCC=CKQqAw
zDZd!lOCA000)q*SD%h6P<UDGA1`sq|yFIL`TRh!>kyrQO49bZ)YCaV1F9d+y<l!t{
z9RiIsk*)CN;}7TpsCh95*l9&<T_>QY^l3Mr;aPK*`>hB8BP#=21Q0b-l>3Nn*C?TJ
z{r3ywPp^D{D{6zm(s2LyH1>fX28p0pB&a=|lir6r^W_f7{vb8OrOKbr5lp_&*~Av&
zaWcr+Dtve9@Pkf(MzbCyGkkyiC1Xrnac;2EZyzZ&TtZGK-lw{XU2OYg=1e8Sm0e|2
z3XptlfU)vZ{^BeB;gpM|rSs;$etE!9WB5@r5F9b$tLpRx|4EX20r7N3Mg3vjtif7i
z%)8THs{#}dSGOq7`j)>rT$=)Cr{EjRhei26t%f7Hr;oV9Nlz{WtQbES%LETS4lFVw
zeq@UhkaK%ES{}=nsJgAtJslT6Ez5#{cFP(x&$FhS1Ed-ivhdWDIg3}-Sg%gNCSrIQ
z)((6ULHj!AC9uY!a4T70r=6i*c+Z1i4ZrYO!%@E;%O87U;9sz)&k#9bK<|d0EmNFX
zCtUTaxmEJ}nu7Q`ajQ%0%8U2>h?o*B4$I)(95kVuO;L28o2(g49$Ei8`0-Rrj@$2Q
zu7MY$(?|CjzfqPG9oe<$QW3_n37Ij0u?<np38Lj`M`7Rh;EZrr5&`D|%G^lH9!zl>
z{KYt<HCWVkcz4k%w?o|Y0k?u3&|4|dw@d6#QhR7*xpz``Ez}i=%|A$LtgiG3*i+JM
z3r6qC)j(v?<{2UOxZs3qxlg!C_5Vk9Lp&i&Hf*+}qb~Fh`Lzr$uhIp9U)X{Q$=S})
zY@D=%tk9_^)LsiP21O#^vbiu&Hw;v?uL%`*O4%az3!}b6LWrzCvM*fMNTR4xnh%B@
zPLcjX=w$fg2j5)AXL=h%l9jE{fw->ti#|7W=9ZJ4ea#FDAAdT{<@&zDi(dQzn~)ys
z23B=-C6mQcjbOX6fCitk@Euc=7criof*z9BQV-N-QF%M<_lTpxWvUVPR6J`s8EgC0
zz8=~ym*>Z;?WIyts~+ZqGTd;iaUgmp%bW!)<8|vrdY>8_=D7HK`;h}Hv<MU%E$~EA
zzxrCE?}(8_@?PNbfmlhBW+FI#I*D+D;xG6{9!_fXwY)6P-fM4iAp2)|F*xekC!;8l
zLsFJg6|UiuJm{<LTzFRI<e2ju7%;G(GVO$3OYx*ASr@f{AZ7pFVrJWN@~SM6wWFGu
z4ziEJF^Kd;&Z+v?`XW%Pn22E4oN~mK-YeLfuisW7egomlYP)N)e8;UVG?1pmqBwaj
zlXtn|0)ST!Sq#{A^FCPD1%8l-%U7t?38cRRWtm+(U$b&zN`rkbK=fJmCK0>og&%Ap
z_G9q5T=R%qj1@<tAY(9%j~xu&uN#YSqMZnt9?YTrxR|yT?KnNSjY>Zt)CZq^Ff9Ye
zJ)njY_L{Ggx)14r`aWlh6B|(v9U#~r^`l;|*JubEU{KI{;-!>LQ70=<Qr*oVIc_}O
zL{uxFcL$Gp!2x!`kebkM53FD>O-Sq~@4n=zD<|Pyelknf5$BuBUYEjgB8#F_`4v&^
zI?RUDCnc?iE7BgNF=mBeddm$N^6H8U@fG^7slS7gP9#@UfB_Re%M8hJh=*^6V8#+D
z<iSTE$@@ur)zp=Dt|l=vQm0wD3ybc!{whxS-k|BO7b4)af;>-~m*znO48sG|7hwVH
zQe5ra?tF#2y{mWf&s@yp@fag)et)jUy<a{@xe1a4Ivl;~O#fHlff#iam6LJvD~Fl|
z>-V@LP3B?@vVDGE^D?GKw~?OphADnAOXc}N$Jtlj!oFD#dXlRXR=C!CAs_aMyzGNv
zUDG&lUwPrf(pbG6%(N@ExF^E~W+tN+ck@o_zRE@&>#rc}B#LnO;C3Ek|7Jv*QEXuu
z6Z5&ewUZDcC6!Mo<l?fnC|GR%Gq>6NxDskjTLQ{eY50%O$sWBC+jR9^1ravnDUND;
z`Q{BeBoG>|=d?&iX1pAnmhw&luxTyT$~cU0(@m7-nA#FID=~nd-uJ|0N7(JWyJ$3s
zG*os__ku|*AP2>+roj6QPH<)VkyUk(YNd~_=`q1oH(PCA+yFfXIJ38s-zT<$Yaln}
z#m?C8+^@AsS`m;qsIG=H>7wi53bKD_;nT1pf6O}zH;U#Z7izhMb70Q)(#g|BIEpb@
z&qvl`&?~BmwP#GOXT^IHdjCwvz$I5yCGvmd_MNiYC)9vCX>Em#l{Vfp_>MTUWQm$(
zaCg%eDLDF?iq)D8Wh`u)w_vbThK{1<&mb4)3zI^(Fw*NxVk{DG&q`PuXHAB{)tUdf
zJHfT++_{#f8`1*<iXeQqPeEYg7yge4nBCFN=k@Q29^cdrsC_v(pf~P5wpBl~*H^uv
zoRD}Iz`8XRaZ~_9qhVy%Pue)B9K}~R2h!->DYUOSJkq0H0n{8JF=jFXQ8lR1J}sL}
zX#16)7EIqG0^9=@SujHZjUUm6$<_6z;}bViN(yN+iJLp-dI#TIG{Jy;`lR+fZ-VOd
zQo0Bb%I(~ys$?&hqFc$vALc7Dh)d!Q{bhnlglQD#S#d_!2+=x)bxW5Mdry|VK3?)#
zn;xA*zu@rUD)@83N@p7$-bn@Z-QArsug8~8ptn<+pqtO~Y&B}i(agx<m)iNPBZsW%
z5fQHtDXp8P#K)W+CVJ6O7{Frs4}#6|IHoH8;LszBVuw%deciQKezs}CxQiy{`;)Eq
zC-w@8saxl4a)$e)OGCbR9R;`$JZv5_m0U?+G|NxL6>8Eop&X|Cuk{Ub`@C|dtSxbm
zkgg!tuASRuzMHE+Ii;rUc_m+obhwb2`%k5HHzS906h2i-Xq74_tsXw6H4%sy>Vmop
zJGk}%9PAc|rKOKg#8Dt>%G9I;8Tf)<01LAm!H<}73GmmzR2K<D?|nVC{dvDc#8v>U
zU$-=$fQ6&@%Xgd)%~5BW`iBTc_PDO1$dTGgefe;w#oqm7Ya^5Ql=G#dgjoq%(>L-p
zPdN(6jc*PE69pyjn6L??+P(Z^22MA!>m_2;yHToaeSEsFCd}^_m8cgE?V?(N{OYu0
zKjSFw4-s<+CB-xV`(Q(2Ce;(u9$kgg-YY#k{eM(>fK})OzEQncs;s9*2MB<K(TGK8
zU&TFt03qKfOxB)}`<7^OVzfmV%tH<rY*SNGn>hwQiqWti<WkFxcvSE;){JsgpSxL_
z+n)Gx$E*i3E;|K5ONbyH5Z|th0&np00jp`1hazF{zP5u>BRRk)qGz|eHfeVBtT{^>
z1%5p-O!pw9iLx!}<l|t(#Ke%y!qMb2_ig7#YNqt6QN94pw9-yG>En!GmG*b80v)ey
zdRG%ey5Bk7a$CC)B}LDD-51|CxLt<v_aoATBm;q@dRL}eQUP1?Iu(6^jsm2Kjp6mF
zm<EWN*dog=``#YA@><O@X-CPJQY$=L`&!>JVA@7$BhUG<)pGI{h(#cJF1OMZ`ihHA
z1qfFdx?QK~(taR~g?=rL)15BuTZU}z^X?juac`YCUEV1au!<)WzHP{QHoPTs@KxHg
z#^L7$GlEvb5$nmA6egD;Sta>O({{w|csqqnt8Ale3^EEQn-38*Q!5WCUFiOb{fPgw
z#?4h$A+ohyTbKiNx-{o7cJ8crF;gjb^j9lklYrB0=ZlimjMJJKaTk6F+l6Rkw0&PO
zB!iV!Oq*LRe=4vi=o)~7e6?r!G}(n6`IOR*LG67ah=Fsg>lLE#LX({ZCNsYPV-Vek
z$g2ED?(@w-I~@&rOv;3@rxpu1LS&(pJRhM}Ln+9VDWlWvK-*G%`46f&@t~%6y}14)
zS;)!GV$Xo<P7t-Q@NPRGhlEByp>S}sfJnce=AeO;2ilgGbX*I|#_H^jEK`I8w%9;h
zhy~Aa_~eAkI32pZ3{L>$?9+u5Xc#*MQnnMqzs-KGLHp;`!cvV1S*epAAc}S%j$=cV
z;OY1us{>JEr_uF)GUA`$lkKi<z^Motv)xF8$Z3&>E$EjFdT`4OeV1jLo}X_cP6xh<
z9dOCbaBHnK_S|5s@X`UU0L)Ugl1l}a%_Z~%eY5ZpnJa--<IDsFV$w)X#x9bNKWOA8
zDa}!v(g-Vph6H_f+>o*`sVyY+l?sh5n6vt8cueK@M=_)xy`%~{^ZN(H&9s73Z{r6l
zu4IJAORFwv;4q0?`{KBc>^xe=zukbfvoF1xbqNDOEz&dL=<zA*W9ADD{?4jLk(^8j
z<!-nczoO6rjZ7<@->5=TzM)rsi2m+F+)z_?s!LBRfH?1xFa4nmWHLNI7I~z0@0a>_
zHl_6@+08wigJrgMb#3$1yKu5$rL1s3sL`vaY-S1*Jd32jIE>?ABC;HSsNl+Z>>tKT
zxr<UiB`SgJb(?EKEuP7G@8c~>DcN4)Wn%%x78;^7GrwSh`OT%gYwucp0IT(s#l(!&
z0s_TEG_^7=1w1#!x!CVkXq?BbgW%gf9UnUmXSw?x(*;VZ*efhYS~vesLl<K?-oy*o
z4F}#p2d^ou_#}~rd8rhk&FdlD?{IYl|HMX>*ke7sO=qyr%k46%MG;*b5Hg-16T~0t
z*}GzPxFasd=1&KZZM4z2R>H;wi$Qj??=;hHJo^Y9u+Uwk^KP+&aJ)+=leH5Ryifo=
zK*GP8=&>FFv;13U#<cz5ptINTj9tMpw&HOVgZ2=kX#Y)1Xh}TRtA53pgoTiw{_{>K
zz!Y%<DzVoV(m3DsP72K0OT^|FgU_!s$3ZE)V>?gr>Z_@lLe?rm7u^fBtjVHc+4oX3
z8bCqL3e?o>qIF6WzI>ZhHA?520zr2W_6$5kr8m>np5yUurF5n<vz}CU{}V#-vC8ol
z_T^I1cMhCLr!!{i{GtL82!!s0kcOcCS?f1LJ{Blm2!q;3Ca=qW9$a#mQ<>l(l|XIt
z5#Up64kXM;`oA8-==g72GkE3U@z$3HB`LeN->@7Y{V~z86Ce&R|NV=KM%tkX&{{5*
zn35>nsJ5{4A0eQtw`QSdYeQv4MJjMhEKjLf5s`wG6k+R7=7am5M+rg}uvST9s?<Or
z5u&%S_@Ix8g1jXYv-vj5GE;dI_uIS*S^a#=JdKpz?r7tzVGjUn!i+B6)0lxLLZwII
zQqQ1g%VBKS6LHpF#i5pPWwA|4^M#$o!uoseVj4qql^z$Q(0J8?zn=S7FvvKO1^A}i
z+4+t}%s9vS_dD}})kfs7bP=8NmqAz%J$?T?SeH8I)=Vpy<og&5613@I<U^1bf0ihD
z9U1O;WPbIsp;&~!K|(=$kbQ!}f%Z#Fj`fqofk2j$Fr=i5lIzznXna7EfuQf5+t!98
z1k`n3QyTB<Y0<W{hQ?R+lE@(u3F+{rxQTF9ujub+>HJ5WEGxQpz|lSP8S%L4r=lP{
zJ^g;@X;CZpH=C4F273|DI_`x(#8w09YzB;2<I+|B*|)1h5vv3kY17oZml6zpHR?=$
zvyn7hAnp>1CeXNw%aW^s_#~xEj;Vt!K&56frs0VoXkXgcqQN9y(Q~e&*S&UH^xy#7
zTEbN?EiB#l@fwW&Y5W1pywC>F=Zftz6p6-U<rl0V!2?wI-EBoTu2su&X2_+VzN^2H
z-0KA_m$_8CUW2+=#)UxA=VyNxR<V6by2uwJH?9nOg9JQ_1chd@oo9X;zp`aZjbS3;
zVl!R$Me)_;+ozfH7a2GRNp@Wj4w}o<nT0v(*t+%3(9nNt<C2j8$YjfyC5H-v>3N(}
z*4%g)hs*5imtBP1RwW#qx{f_!8^s@4poUPvG@6qI%GWY>&dhPlqVUc?6%FbNXLCIu
z!e@r&;Bm{69>4c*U?{)X18-APRF6w>IN>GlcL0QP{Jv5S?6eaZTeH_(=8h6Jel#d5
z3;UM1rU`-H{q4}`^?;JWjumx<v9{lm-oQ37|J~{>9Pla(qaqMHiLMos1srmN*bQy#
zup!s63cH3qnmZ@yb3~OHk;@};3CP%in=-=npJ41^BybucA{jK%XVV20A4ESI#!_vX
znJG>?D0YbB8Te+EW~%+3OYt}X6;j7H=ul4O%gCKek1nIiTT)oKrFm=q+`QXE`hhg#
zN;fDYGLtQ;fvDwTH*IK&6ZncA>my#vylWYcql#Y3z(miLURQ1cg>u$}cxoznUib6P
zc-do*V<H~kfh-8qbp-ZrrJMgq(hi;|YVp{cZ@Cjdz#^3|CZx1zN`t6ihghi<vcU!H
zuK|eQ&@C5T&f;Hd+<P%&fCvXR5NhIfYI!qy-Btr2+)cfjF(tyhL0zY}w4K#=uui>%
z{f`4ux%NL@-T&UdDN-v2{5Ch^wKSym=0M7H&{1Sx=|H&Mzxtj2vb&kt;uA|hC3|pN
zwT_|EHCMsV8X<5b9rYmDh1ZbX!Jj_&t!$xn9iNQE2#c5)4GY=%lO@J%5^QM0>?gXS
zK2m~JKusqdB)rP3)!&)3Si&~yDCRu+-i!Z)D&CVA%AE<gol634LKOYlkhcRkyA+&w
zGlRF~ncI$MIJSzeGWIh=9b1J>DG-78GNjb2AbAz3mh4Ekgn49qXR5IVPDO)zB;<@|
z=)N?FQ}CJRCJ}I&oB;IL{zk?Kt@SH0XM{?;jCbUmcI|*@iSx8Xgg;}%TEY27g}JS?
zOc=mHxKpr*o%3QbZJwP|u3Scky}VXVQV)E`Dp)5TUHu=pL*+;~v*c{V+}_}^2p%Nw
z1l{_)Fnjq_lP(J)Hh*0yP{*qkZc#Ly`sp@Qbn>}t!F>Gze`#%RFLzY9ychgg%C154
zFy6Rm1=CZM#UrtnX#FbFj*4S$HUr@$6}KtFIOtYLOHzI;*S!haO#U@)2rU6DZ(1)T
zNxzdm&5n21lZ+%$&Mq_K^7jTdgSSooJD5uepj;*JFKE0XnEvlfJ2AEl1(O(9IDo(Z
zJH53gyMRUn|9PWmkK3PvVjPDglydMETVO+<Ct!<+YW@7bvTFi{h)VjZ=A~k4vOxsZ
z^O`|C(0WIL4G^!og~1OgFLBfCyb`Gs!)q^fgdAMDz<C2pqJ@dw*lcQR;LGovaB0;C
z^$MdjCUr>ae0U_6KY{BU#a}+Hj6I-zW^q3mVhCE)#g~;mM3<=T1(ZEq3`&vDo5j9j
z@KpSBXnwC-`LC;-@NKPklV-f>X`uRMz&UY<VD15j?WyKi`k7gme&#-i4iMHx{2(+#
zh*zN=x~GE~ZorG2?K|&j2I`>{hY;~5(SG|?AT^+RGk`j$X`#|5Fj?D51$xyn=~eXL
zncpEPsyGCxC?@=Os&pe>0!5H6k(B%Vr0){|Q4m$R*Y&^@U&RK@tMw~i{q0KMoam0S
ztIj$r0#MMrPKq&wYcYl~8X*jo3K=*{e(j~Rx6J&E0DBF7&wUN~52uJ9O~;adxf_>v
zyf!W*tl=V2VsZ=wiGT|o);{J-ZtFt#pSKeo`QO>~^Z{15!E{qFhDMw<v+X3HM6Rd}
zg6fyDsM4j<5UFQ7pmJm-0M%ZscM#y1CzNo%LCXQalg_K){Rn>LFfY;jhJj(TUQ0zf
zR@r7=+RMWwe|-_RSx%6?E881qa`H}6N`yY(oDCST$nl=r#~6;<^wVah2B2n7df3-e
z4)v2w$k3H~LHcVD*iu6|O8;fuwa~LBnjabE8**$X<BwHqGd{gr`)VjMCISo3JY_~P
z@OM1M=J8l2)nn&k4yiY${tgm54>!2nnZBZQZl&M$j~A^cXs>N_c!f>!srU-n()!B=
zA2^@P0EE!~X@h4&aMVP>cm&ECR5}nSfGq;OsFEm%bJuv!D+=7T%{E@ftFUQ^s|$x9
ztc#2DqP}#ZU#`^MKk7`<<{l9pAIvpVw#-*-gF@Jrr*h##bp9YQvZ=mcv$PA*J@4g9
zyV=jOA-x;&9`X;l4_?s>6$LmD6Yh_e5Dv=4Gbxk<{yl(xZ1>0p^jo6nL_8ec5RKIc
zQoZDd@!4~*-7n{}zVr1Jyd{Lvm^P5ohJ)dy1e9lgs|GRy86eX7sQ7cRuz9>h=kzw<
z{;)Pu)#V4KfsI1<$|&KHE|NF!Oh?Fw00bH~yM6!(uSp!(4$$4tu`yYIWzp7<R|HMq
zfbH=kK||!*`a#1bFH3AbJV@1%BE6m)vfrx?zS!3bkjfm-0Ee1I!`qZNG%&_|GK-Mx
zgZDzAbv<W|t@O~Wkl!K}^uqI~Euyd-CYNZydd@WwLGFS*XCdb5ENnAy3CZ;?mhG7W
zdx4kRh|Qg;jfUV{lYb`z{Ta!c|GelJ8yIAp-Z@*snnkLxiHtxtdHiLBwt35?p7e=y
z$|xkdKro~}B+CSWc|**HR{@?Zk$^_D5iw#z$I9R~d16Yvyx!{}CC(9JCvu0SSNvHO
zQvW79w4(}(8x8zf>~fi;Z%~Z|dQ1su<vW3i2u4RfDFqE``+88K!ZNiYXJ-lM`VV6+
zx4q}3n2T(?m>*2s3j)3MI6riIh54`sozhNyIOWHO);#NC$}6kM<@zbXkcbE2x-ZR6
z)Yd(;Rw?%~9omz0(hPm8sMCuVUBb^=sj+TLDq?{Gj^4{Rv*rV0Z_wQAYAY~RnQ)|?
z(EuzH%1va1A)_-cRLfbK`qt2l=5-Gu(WkNCwug<Z2?jx&H4VyhUEk<{PmZxxmY;FZ
zwK(j%1%1Q!sDlpfdDI6aC6<3OQ4~p)m2$r(?<+_Ekx;H;O0{*35aAucv)(Z3Y2xjr
zSWS<Cr9e3rVF^6_<2GE5xKp=tMEz$B*Qq$V7FA6>Ro~t9Iq>|0OdrJ=GY>z{OMCjc
z1_I?(d)c2l+(NdT87UBefD(d!WVr4G5q0HX0y5hK2vazzac<g`4{yWY_LB|k{zQ$%
zL?lO^Pw%9kBv7YUkg>oshw9=0e<UFNp!Rc}&eSL-SB7?ZZ9A^`?en2IkBHzWQ+-2g
z!&xf0c8FeC*Bsjb7s7*ZlR;0%n|vx~c8|XMMKXB5)0ZAK)rpNpo*nTvu@n{)hS>cw
z?~UFm`o183V5XU7M+KPuz+sy|MF-jzsc!nA90V6mv-UYEv5^1>c!5J7`y3RxfQrsa
zEJJQ6niu!7#^kWKk$v}9^J%;um79bb5;gY@@(Wi11D>eRgvUMBFhp)CRk#lXW!Cb=
zV{&CO5sK6r&yl=o9S0j@<^cv22t^R2+GwI#ENFJ=Qp6*RtPlmW;}uhj>YhS9f|@fR
zK$AeB^{t{|y7Y#f&9)Ew{RF*Lo_nb<jkOU&3wdiJd!!sQfYfyVF7q6O8zs{dkfZPn
z;ZtBnHG&Mia_vIQ{I$VW{I=hHk~BLl-gy(-b0G0R!O2lZv7%x^U|3vxOem=8Uk8zF
zH|O5*l*U^sP)wyS@OTj72I)eufzXA%14^`3Q&Dx;OcJ)a{|^T^+7z+_BJhd4N>rd$
z-Q*=cqrbwMc@PzO2_PH$qdK+wBRwuCc^_q(cug=}uif}}eR?=Sw9bIEkuO1Vq1!D^
zsZ)ok3yl)O{r@nLi|UaFFp-_;6X*9m8dFWDhtXa?wf4fUCLm`}WFb0?ulQD`O_5Qq
zmZTj1GhqP`qy;@UX!>X)W_(_XjWSP-5B3(y;a_aA=lY-oIls`xM$)`%br&EN+>rr*
zj@1+Xk+%?uDw@dlCqYUlA<@6b=mseKUtVO)#Mjd|!mXas$<Am4J|9;kLa`^Xkg^22
zyr$D}?0FL%TUE`iNLSOS)_0QXHo|6^G&S7nd~Q;!INHbh&QW~UO~bpbBSskDv(gT=
z)Q6B12T-(y-&#MFo}x(IqXm;YEc=KXKO|5OS@rOZvdE^KOL}rfyo`h`z#RKiXmV7{
z!Xe_Vw#nu~@S7A~*pLo>jf;LmtuQv5vjc+5scsJa@$jbeV|D7Ru7DG<ATqLWl;(tK
z;f#ULnU$+f@)&3+Z_-H5kK5Z%!t#3kpleWq_aI_Fd>={#65|J8mU9iF-_}$5C>#x2
zq#2NQ>?oF(Mj3WmL^X42<F`m0#*qBb?ywF@WHy8x@Q33f^Uw?&QL8EJ>M*Ahv6b!v
zjWv{CI#;-59)py2-;K^GDWc9i$W6&-s_mq(dDl#*?Yj+ZW({e^S!m2fIw;}@*JHD8
zO=fIgjQyZ$eRg{B6{Y4$l}qC+$A@iYaxsGIitf3-652aR3(clG!0ubbRFoG0xyo7C
z3x$2%4Pt1W3Y+72wK8%`6%eZJe#Lw8a&4-RnlOh>1T<I@IOl?hzw`mS3!p7*K|#lJ
z|E&fXb+Bmw(8d}8NPr$dubFEl9+pml?Nd5xOiPfG&G`@W><^k**uWwhA4M$8XOIOr
zQ!vp<0f=yc?aB8~MLoj)Fdy|vO{l~vR}2IvTxkk=X*8e*u`1y3%a79Q|Bk1TTMdXk
zJVB(27Q`gt;il5QB$<4)7ARLkCVk?xHNUiQE7ze4cUVb$i2yLR3Rhbq6#ZY4LDL^D
z?g$OVwDO?rAva#G*Rw30qt&#W<W$N}*-=GFWH;dz!J4Dkzs^b%F=`l0qL)<S2A47N
z#b5PUT36P)NX)1(NK=GL>@_Eca^bMz<{vR`mIf}d#}0baHeWw}9Aa@y^dWCN*RD9X
zbyBbmf={tD8J~9eJo}tnyEBwnBi|5z2}IgIK7on^u5Z&1Y1?U&-}=N_U)Fm11y71m
z>bgxWUaZJeWY?JFt}a~4AoKU_W!qzpZBn58*fiKU`ykH5DwUG)69XSD#)sAR(QgN(
zm0J2vezF)ST~w~=xTi`2wI8t2BrXo;>8F1|pi=35j?IdapWL9DzSotiCqq5QJrz51
zyIT^EF>V))Yawr`>K+9HKEhFuE63XpgbwKDX{-VG3%}kZK2INB&!8fR@~bncZ3d5q
zh?9dxjW24A03-+M8Ceb@JMCEYY&ptybMLiUtVS)k&mTPq%LXK6zusFtI%>hgCLQ}`
zasJZI_;H5|-&V?3uMj$RF3@hv@#yVvooJ5u$8MIU(|5pm1775qAu4lg{ZnGlFkhkc
z8!if&-CgfN?c0fM^>w@_zy_Q<5+*ZSSzVjk3OGKZ+lLUjm|ZOoVqq5e&vn-r7?QkE
zj5w(ny%-3=A5h@k;gf|=GB)-1!<652j4wR&P?E@I08~^23gk>4=@~qNir@WrmpqCf
z#Pm%d6ZJ#xrexsD5pD3D$l$mrKE-_nq6?rqGu*-mI$JOf8P>GpC2Tc5%|GL6jn@}x
z4YlUpnmPBEDmkX>*2rFRkKId%$e+`H(;@CM;K)W!ZKr4oeNYlUxJNJP!rh^B+O!pC
z({u6me`LoSTzy*~N*Gt~_<_cyRr4a3JULs#<qV!pn}S@H?LMFdTJqp3iPYwbZ#;T)
z$>!XD(IGcH_UMPA?;{}cBU>@GWJhrp`o&c3n9M5W)BV$qW(}`Rwmpew)eJ>FFfdGJ
zqX$&P@hkw_1#eZpPo*eexdd`VRF8|dN9W65SJ5nOf0yusqIWzh#+$S;UO`(|J@Nf2
zF9g4gy^H+_ZCx`M>E1;~1nQplsFfu%+#ZF*zS)y1KYjVRxjy2L5u|lfY+!YMOgf31
z8t93KHYs^lHdCuC3|)EI7epFL3-M*9ctg|uEgmX8wt@R%4xq`H2xuMApmfB1^uVNa
zDxx%KmC6FLou1)s4$QE$f3kGIU=2>v=Srl=M=xSe8_s+wg)~}Nr#Fsj7A@&mAdI{_
z+7%wZ!NKcHj6#3O<Q`I*0uh7`2;cWee{>Z&+EcL=>kG0OR8WL{j4SNA2e+*e#pGh5
zRurYB^2g7L%<)yqG5znnWbkS~{ZgBWX_kHmK6ty~-pSwm8;tbf*51U(O*fTg=gAsN
zRyuJ6e%wGaOTX{=*}_e8ui&=BNscW!0@4+npS*kjW+}$vz2h6~k8%7oD#&_B=p9T;
zE(*5ghuhGK(LWH0CxrV<jEHFIyd)&%>saSQ-KD*PX&`93?awI^bcQT=tKZl{*Av`x
zD+F$%!B>S2=|724=5$}`fqZ~~s77WPQ-5fg6wehGTclUqgU{%`>iIlH@JJR3D+Xyz
z78n9RL+GO$iNcXQ@&HpPPZ8cKH-1n_qpI6;V1roe&;7>U)+UVhN0;oxL7vhCJzq8Y
z=~`{}Y25M*dowsBZrx9fk;||Od>$#o1r6MZYwRgGCzBlDciV9jR$=ODq$wK}7{Ohd
zm7)?|X?v;c5k9uTGScS9u*%axq*bRT70j+t>8WFL+O}78Tu&7X)WPi}TK)q#FDSJx
z5KhUl8<?v7?{o2vj!PXo46rTuT&XfWnEuLC@o*vC=WtEcYCz-j!OVt(Ti7uzk0X7M
z!ag`^iSVcE3JfSSm_m7aP)X>gY}2wFplR4ab>#b3Q_yTja)qcGX#v#)$1Jr@Y|eS=
z`ybXy%`!1>Sgj4Tr_LM17)eHAssD}VPasNE?irP_lrlElmSV06h}5x{kX?L|`VSw}
z^2!GousN481)p)urJii_EIS)}>Ttp%Kq516@^9H=V1B^WmReQXz*X(=$N8sstJu5M
zRpmY3!b0exX08&nUaXPnZbu`ZlYBRons{vaHAYVFt>|}LvmF`d_Y1N2?u78$%T;U&
zTt71lAaCWN_Tb50`#~6{?cR7lWzfR$LmW^3BwsbmPz8_rT$gA&U)aFFP6)PmO4J~O
z5m;fB;hsmS?8y{^!6=-E=|})Xc+wULIDEYd(tHh$G)_q$t!GJ{5zX=)ZzM%`wd#Gk
zR1zGNP|8X-V)z^^%{8A|Sqwr)-LKwUpSSMclkLaGXH`c>ekd*<P^#X7grWrcU@mJz
z{A_P1EMrQGZ5v%*9h<h_;7X9tU8LRgfH3r|eFGin)XHzGGS$k(Rbj${O9dF+jbG9V
zI|D$rCgB7AahKw7nW#mUs2Nfxj^tgLkg!WqFSH(}pTdzcZaO2*GxH_5Xf@vc7r6mQ
znKm(V!#fa%L7dE`o|^X*q{496glT<4Y6fM7Ye@{d01Uxe;z7%+QT3})mdpj18XQtQ
z$&n9orX+-2YcFf?Prctqm<1`f;5@@qdJ7*}!UX8u+lQ(BjMjG0Bg-HBlC%>uq5yIJ
zrtUS@!57+}(E@{@k<dv)!MXSNWK<^9-1-J+7j|uV?z0FSeloL~E)DX1rR?D-aE2EF
z)<K#0hC7i-a&%w9qq8It`-rQGT=`m(H6_AhO!jwGXM$~agXMb`6s#j>YrKle|0m>L
z5rYG9Y`MN5+JEyzPoCxPS@1J2?dvoMi@CStS7|y2&VYTFO>axQ2wbbQO+rXoXTEig
zZkMw?C#`homzJaDU8`iYt$yIY+g?5L2X<cB;n5mzk4aN{xtrmSfvg4wf;9{2@gn!*
znUujF+e0m^th6SU$!hQZUx6h^rol+I=2&Z*F;izAR^WPxn;6wqMYW>vsB3x0Mu*8D
zq0(n|W%%VoIK%Y=FX6LU%=p`kY~}zyWRZ^rE)nlV6DW^=pIIHRN1?FfBd)kP5zRJG
ze-$G`X&{@R3C<8ps!%H9+k|O(KSXM;;Q(u}FNo<Q9r1=sVqL~_Nx@VX%qiX`3){X{
z=`hNNoYp16knd(>&ZF2K{wZI|`B5(n-;PI*{lv^rM?B1yFS+57p9I^PVzFyWOO>7+
zT1@kwR3ncx3x~F2qTOZ>2ffZRTDX`DY;{+`cuP?PiJQT1<T|BqmnAed-&jSwpWi;a
zk&Dx}!%LM;<j(nQXWEOYC_D3Fhqm2~VUvY&tvYlQt?>-SA<to>;8BhRHd9Xzz1ee0
z+D{q~2)Kt&Aw5y|pL-J-;QV2IEp(ELIOy~!RpQK()QeY`!wgMmo<SZq&)}?DM#}v!
z#l#>A%d*vN0R*#lUdccY<diTyhWU>gknaTAgw&v*T6@8gi!3d8kf$J-#*8h9+Fs7H
z53y~qUUSux&(uExAnv1<Qf*Laj5HAhak)oaZ+d7#rHUn+rVw>x4L=$GcK5p}wXBvL
zrzL|Z<j1SDlv>%~;+Ibe48pf+!>0XK8&(&d*eC%X=8uh`)tm_bTvP+EWeE3^-w^^K
zk4CKLR6*fktZeLV&g*mB$k?qieBk_LdR!9&r^d)mgtC?-{{apzNUh#Ii5Mp^$_j7Q
zwU!k^8E=|ZGzr1C2j2wTf*;Jy7M?DSQgkFz!G0XW*eiHMK=*80ZZ+UC$jE^OFVn~w
z##uR!D&&0)XLMreT=g>_dZDn~uhL-6%EGQ4_B`tK9|Z^`De%|c7u~qeooHCt*NRGU
zPp~SKzsmvPAK!C?2F7JL^!q;aU_(5af8G4yYh?5_plhrim|<C3*rCax>6_(`bagh9
zdQDk1rm={w;JHK|C5A97o0NV$^&gyl7xUmB<NUq(Nviqk!!q%1Y{}w5(|6|12<&M?
zT(Ql17VXg-?q<fgW_&y+M-$r0mYLKx^j!Ppc$S-CzmD)(Z_<77(pyQTHY}kx$gwf>
z-@Wtge=4a_0A0OE=)_cZ>VwdwubE!essluP7@lPz(Ny*#fky@(a7C)lp&)8yp-VBe
zeI{Gkn&x=^2?Bu%&Dr1T4!bU98=J{j6+1b5uu!#39}e{N=eF!sTFvSV^yg>y9AuDS
zG6@I}BCz=p9%oD}t5Xt7SFnjw9$4DpuLl1+u=*%GxSLDi1P=9oo7?B7>h@9S?&}M`
zxRqtP^Midmd;f00uV0niYDGlv%w_7@7Nj!E_N}q~>32^}a&p`A#>Rs-)b7+JZQBIB
z2C#tQ*o)(m3qlMz-6GbR{aDJ!V`*#K5Z{~x;m?>4l^wWqFdrlh<t7l$IQOk7+M;?X
zUt=D1IDbiWhagn!u}Cfsuy<?bNT|!f&DkIIXnsM*oN_o}Y{1s~Z)d?IF%Gx>!$dli
zKyCO*X(8+dshgdlKbal<Q!;f=)Kmvs?+uOsmW$}9H)h!Q>tC(iXPZPO3sL8Lwg-3$
zkg}7b5i8vBmA;dds}!qGe=2@{3m~&zLUw$Bo_K0s4+sM|{`+oo{w&0m`<n2L8f0V~
zBD(A8bsW@am;|&R`6_l<!Hczr5dq~!^2q>e7GIKBwC|5AK&7ILOWrts6bKx(_bO_L
zm&};@xPAD#5&z{1$Wt6|_y%VYHw&EpDDaY&L!&bzsocuXvO~#O(vlh=3j9%Lz?G2_
zi@3&y-71To0jGRn2X24soxSHBQY3cviF;hy8iW?qQ@usHzgM(m$>45!c@&E<V8%f0
zCYXW0yD9W$f2XZSx6ag@ZDy>)gt8B9W_@zIll_>|DPx_=V}l|0lS)x{2g%`J{eD_@
zR4N{UOPD+5L*P3r5$ov|IJF^lQByK2j#{lspv~!4g(udsE?1F}V;$A>3N;4vTM(}&
zvj`xmdJs5uBF?FxkJ07Cl~)4!JT$<Fg?SBXb4hAB0P=k5&X36E16(M-%kdWV<MiDF
z8}W9MYfTNF)1ipH6?bur8zdX&*BrlcG>lqcp|eUC3%i`oM{?zKP`w=SnmwlNc}f^M
zRT>-9F4<G>YKOpQw3C981d-N=W1af?Wu&iy?-wn)KFlfP5O?mWE{THarTKK$8Qsx|
z%7U6x1fszL%L*^<w_N!l(%=qjh0anUxqv}Dwx&3I#@#Ha#`{+lnh(P}&hB~7FKx5%
z#NO6Rcb0N;k(&-0iFd&N(dw3``SKvuDL%QV6)9Of&dINTyeX$IHvZk^h#ph6B}O`W
zj+gQ_cOt%^oMG{|vJ$x@-)nF`@H24*!l=W_%dJY<zzpABg9Ten=k5EmtD<ul+f8$1
zlDTk5Fkej^vx6FsaN%DrJ1mOC^C3^3ZkoAEhIq8^>?nOX8*lk$`3KNW!vTq$_i-5U
z+^Y(qlM#z@gNKE;<thgKZygoe^24Xb>t>oK=}fMN<qWn*1ck&d;PNDKKc3iKWUSOK
zB0k>Nbj?l<3X-3$hRdh(`T*(Od{G_+5OZbmo@o%go3d!`7e{_T-8t@|WCoxaws^Qf
zAj}d8F{A4o795x-i>qEAk7*3UM??w2Da}w<>TU_I=1N*AX-!}PnXBp2L`ZBFZ6~}E
z?S@U<SNwmrbpSGSLYGuo2R5MA?qz{}3u+4!BKZa%8t{>e_pOSn9vQ!FG`&LRciQB5
z>0r>StG`wZbFVnx2NIm{q%pWr(LQ>*+p@6N3$LwNX_#JJ*8gAX;pS#b0~;uCwSzZx
z4?ad9Aq8JWcGT`bBo<hE)NA$7_+qY18@}8Ch0MuA0tg(eJ{vVS@xmOWV5Xhb-b`$9
zseBJ<DALJuOu3m$_&AIGX-ERqGIB<?7DZ5##Ll&dlpLJ+PMiXKc)*q+rRo><g|F)X
z%tTJLeK&M4f{5Z7f-$9I^-h-;R{yM!Yejn{Rx;nQ(x6Lc;;TwZ-FSpl)tn<Z$4I@!
zC%patPXfe3D_meM_0to>d^|=-6`Rl+2rQp%l+(}>F}--*c22<YAb->PXgG~lSgEtG
z8(eNC42fqJ8h9?0moPaXagd?E!BdwJt1rn)1nPxUP%-ieVYVhcC~2qeKc@!faQ=3{
zHxzfW3>HzR0l0{3IJ4TIp~zm6zYzOrbC9Y*#Zw!^!`1Tcy7@nsN~Var=4N~@W{IiT
zNuA{}?-Vo7##P~E5<j@r40j2`KA%Ra{MeM+DJ57*8*El}uU-|Pk1sThwVYfK!M@QU
z&x}B0VOq04$H=6tY<%+R)ogmMVKzjBOw5KdZ(H*?uyDZm4oBn)B56+Z(G`BIz9Ohk
z^><G5(AxQTSKs}WY_7!$c`8_BJ05~MXJ3;cnf_7!AHIBrGUnD-_@60ukE$x(ljr<J
ztKH=i@6rec$GA|L4e6wzYcuF>qCi5x#I1hmLoVYJ1MV=ygA8uVctOc4C$?WweM$>o
zTdx7a705YJh$b3-!JCPxft--e7QS<I@uEkl8%g59G(_<ScFQ>9(Pm8I9IGlLeC4pZ
zVVeHG9hEuOSBGNY())tz*hr8x#X7J(0=&hWKCYRzd&n(t5$i01eB~z#G~>0UDpH~1
zD`A7dy6$F)jNr?^8>c{onmc9pg`?;ER@`>t`^c7(|68<kVO_l?kDsNqB#B&jo%y}G
zXA{1j6%4Hh%hv|3n3(5s6oPHHDqgXqn3TK*)r!$g=g~rmh_eohHofLDPcydSq(V#U
zpWl2+5q!+%@rX_OS#nhTt%~PEGw+G!=iIXY8l#dy${0SNQl;->axc(eGZi?o2Zwt?
zz7xFs4rP+uT<}0m9;A|_S4Di}#h&eF$a*3~=W70e@FMCn(^P~1GIVumwp=1~kR}at
zmoz(@L~{{fKG*PmLhQ5Chbx)J=qn>@a_R_X*K|A!#yInugWnQHmOA6CmU4kN_l+cZ
zhh{<od`E|_&_hgt1XJB)=?S$AYzJctg5T4W4c+9}v%f=*nRjJAg1a3(;0u4m;rmKT
zhTU2*rWB6j2M7Bqc;Ly+cDVRFJK+p3{ZZm7@{^A@o+*ePy{Bqdq5rpIJA~is{KfMx
z@hicRi;_DUkPT0XBy4~X`!_?WYhkDhkAF+1U7$o9E@`0I8pI;AVHZJ-OegltSly-n
zXLj~YH=LD1@aZDzYHP#_2VuVcD>$Z!l6zK*5JJzb)h$!M>p$nX7ea}?axvG>0jqgk
zeh2`K`{DNx14C|WgN3g)`Fl7r@LpX}cZH_-uKL>8DWTv^V9VNDS{*~V`JT_cIfB2)
zNCD7OP5zjpR+9i)0qI`EwjDeem)f(8w(SpBkYJlRX+QaEPFjR30lNmoio|GMW9QkC
zbg0GF&t&77%;05gY9A4h0)uwMz35dSguWNkSop;=9@jDAEmcr<QoLuKM{#JO61V<)
z{_3l=Gcc1XFDqGw`$8J%BShav4gxawk9K?3h>-H#oB4fLqj%QCNeBt6^Q6rwG*T6W
zn;!7Y$S3}#5-mY@@$m2@>f?rbwnG9HLP~LBA%SkJeqG1i0r$>5E9K&4=HGj;`-x=n
zW%f&i3^{JH97JZ4=$x^cq7PL^Z~|AiYM-8VA|I${g$Xig+is0`pg@L%-b;yxm;Z0U
zYW81DF5J14{pm!Jjt%1Ffz8D99RzMPyl-04uos|zhEP8B?9fJ`i^IQwz)}@B?xxS$
zSXJfq^FaGpy<U0@S3(ixzo2)BlKaAJDA!eTot5ZTt=arK>Ov;a(y#Z&FJrj?lSN=L
z=?^~w(jW&dh<dN0sn1v!1MzCfAF}BM^jm(`66lVxwGY*`UR9EMB?jU4;YeB@sma^Q
z8LUNNAsVQEEHRLHz>_KlVk{IYq_9Mtusb)U#+q9JH4usdp*;Zuj;~-7Bam|Ln%6LO
zSQ(LO^m?w5peS2`(On|u+MU19a9Un6qx#K%yGmAhnH8e(>zC>W2=-0*jKFgrkha!U
z1)<_4)sr1;Ax|)qbdxtP8#?T<f6;Cz7J27IKO3RdH2JLaABGGzr8{k497I@KbPl~8
zP*TS$Vgl?kDV?FKU+%yA4wi*a=3=5(<=4d)guiA!X;$ML5*2F(^p~TrDQg))iX%1Q
zS#My68!xc7hLk!wtuPf)yK2hae2vg}S3DI>IRG|R&$aFVn0nBO45!6y+;_3MBoBZj
zb`zPX=vx~i8107H`j*be<Qw2|r+UTV80vr|G^43V5+`KN5G=NuegsSq9_~#mm@;Ay
zmX<kdfD&J*vNyXL{=FaHFTR`sB~oE5E!ra^l*898o>o1w3OVpR-bD-Qa$9VYm7;nG
z&$k5x6b6}+Mo#l=1L+d#!TT&CbhlEU0&>%sp9FiZKsz=Lt1-KI<0%$3sc2C21+qqp
z?Ruj?$Il8mwBT%FjJms$fu<{7%)_ghJ`T(&Cr-QbSr(q>0x3n%+%NLWw>Y+s^Iv;{
zr@5MB?=m++n!DiF&^~mIR_r7Nk#`(N3_hrBUSPw~poVlA6@30E%WZg;gkLul)h#)-
z^=%Rfd3R^4V)`M8>u;#&cK1&F&r$PsB45PGWH$PsOtTZQZL<MJR5BSAN7;$3rV|f8
z%Fs~NbR9gOaF=a3?gW7T+nJNu(bxWtQxf7yO^6AeqIxgF98@?B+j<y1A@$P3-Pz6u
z!~^55NAQW)ZpJ4kEX4nbX;ARSZ8s!k%~D(Y)_G$6(8@)kOr61>45a$K+ho|jjOS_;
zWK`EzwXzOt-7EyAHFh8tC;3-PEAO+oF|Q}3`;Km)6rrxJK9{t%@VBmSG2ksizB<?}
z1qWA%x!Z$|@_wIDrZqzg7zc~1eCwYDKzSVDn5lx)Pqe`dURJnWlY_<QZreQN+=$p)
z2In0hxBR(w40@spdHUGCI^4hNNT!N5cy)be2*y&<r1-aN@#kb$^zGQV`P$H>;)55F
zDWHcS(q4PE`)1*{@DOQY*_p4sp$6D>2NYu%$~vE-<yhr(LdD%zIXsq|zkl_Fr`b>e
zO6AYI-WSE0sa}HyV_MQDvOV*pHrpF4@0KYYsxBHBcaqv^vRN_k^B2<?de*2=XG6DX
zb&9aNJPx>mGFEpXlHc3fEC!rk_-x<K0o#v8Qi5VP;FE=MHZf(li82?514B+NRi`Pt
zf00^ttb4in&oUmEnqxP983KyN`LO)F@MwV1nv`OCcJ^4?I?|QPwfl?y<Am{lU$ls-
z3#O?{vu=9V{c#0ljk}*&51NH{b$pYb|Fcp89oX-Kj9ujdWKJp$vR*yDx=QxL-8ljX
zp|hQgsV_~wRj>H_828kbtGTc%Vk%2ad~F~NS-@UuO~bI8wj!&H$LUjUFQI8zEO#s_
z6aCnfM-WCiZK&gjsnT-`LGb+!a%=LceAfFrxAj^THw<J1%|KhVFNp%7o~+rIsUh(Q
zz6_Hzwf94uRe^lG$siC;to~8jLtv@7We|bK(?O5iw17Vrzd+hHRG)3_=Esj-bbo<=
zwy{ph@bgcAjCZ_o<*o%+2E-yT!rJ{FB45IkAA4lT*MzL1_|{yBCtlXlYDTY`;KV6{
zpDu|ZA`o4;;QRNSo{9sBG>tW;l_^u|J|Z6m-pjWyN+h2l<b^Z~O>2m-O<$0-7>;dD
zf4g5P0(_9N+L^%#7LLQwe(P4067I7leN+MIrJRIZn^h{h*(Xpf=+^LuJCC*vaB2i`
ztJC|>NC19ujp+2NW`<E(t>Y&(-7uco&jvcC<3uzreXYkYj{jMY#LP&KAgW4;;=EGe
z%S_2!#f;@51lkjA4kN$KXG14Sws^KIr%fQ{kw+ZCe|%{-8zEvMUjW4*6nfW>chRu=
zNu&98UWjf`J4t#fGT!}di|Q~|V3jOl&zJ36{YgT<o@8)J8+N0dJ%MO_+f~_YrR}+a
zjoP;BU=%PN8)|T*i^8PK3a80YQ>t2=@^@~Kz|1mz4flpBc<V@!;;8@!b58`%zNF?l
zPQ10AEzw7rN)$%Dnm;M#@@*LkGw(yv+WA{IXFEvMFL5jx1nQArvbke;nsq_=#wtva
z;9h0U(AP8K2$Mh;bf(veDnd9xqI*r#0)}v_aFt46gG=z66zEkUec$7x0cCq=E4b=Z
zq7Uf52k399o@DLq8S<;?HG6cH@z1nqM_pxU7Pc`#)#PuW+e+4%U#g;HsOmLD)9mrh
z7|N29w2rtZf{xzt?s%^sgiJ5DYOCuNl9LO#sO9$)tphNFrX0LAba`#w=!+B`)FBCh
ztd5R>ct_wn;oE|uzFVjsYm4=S<BeU-?~?jGh?&f^GOlR(lTpWcpx;-n9gstsh~~Do
zYIx@2#Hf*1n)8hEtF=;7pJKJRHM+&Q%XTwK)=c-{SuIiZrC^e^c(zsCIn7~nlzdJ0
zMt_kE6_Gb2v%qGWBJTbHF}x`#&4efJM~g$#$N>ha$*8;2%96_~xXdzPK2YJw>W;9&
z8OcSO0nhV~HK#v>Ik|Ia7k1u#5K8cNUAs^j#P%#9@@20PvNM|aZGOs%C>6l^E1-Pu
z6)(+!-|mpTj@ePp&|*Vh^j`~L;j_j77uQ3!`OiUF#Nlg<=(|l;DlFAsKd^vN3TBpk
zq2*YfiW%vl>03CAPuJat&jEOS+H&Hn!Suoys)r3ndu*2meohhxh5LCI_{v|X%kd1G
zjgw9rpVI&_D)`@}_co{1*m(hkd7L!Q5-lsyMKC5v%f8Bk9~?81?%q&8sMvr8MRwn&
z<l}6AA9rEF7lKEZhn(t1xuXm&G9AZ7H#Pb*^dn7P%eo~S)kKWJOWX9#R0cmr93=;9
z;$U&+L$UEaon*mFvIv%C_=bKKh0s5y{D0T9YZB4kHEM<o_a18&f5n_3J;OY7VG~|)
zBT3%fBujWpZ|vCZ-IZ>|k`<=xsL<c%2r;yFsr;sVSP_)MyL8Y>;6bqY**!evg2UiX
zr8i480FdtRsJ+ECmsXZr!L+kKW#RZPd3yoOglz+s86pTWZ!iVt+O2gUhjFk(sn1=w
z0|Vo^XdQXq>z*CAif}BulK@#4ZkI65%Y+xUuQij`uA`9;9xPH|_qkxGP$joW0MQe8
zb`j3~<zKdKp4CFL=4DtTfvU4G)(frnI`^ZqLthdyR29d?&P1w)o(#@0LVen}>IS}<
z*iq21#_QeNtPjSi(DVGVUXhH6ZhlY@NH)jZ(cP4HArRtpP!oX1*i+6IPbuAOFX@FG
zxX<|$<>1;8FHW%1xxy$AKCpdXuaDZ(6#*4j2jUuBix;vsU=dP)S;(lhwEKX$^+t30
zT{5x^vZyss_%eCK$BZ4Zg33;Ef;KRVY0=D!)8}^+(lfwel^3)=w(joW2F2lPF67Y3
zj%$z|(L=2Ikhof7<(~p8;r-KNx^a@4r}2Ym2AShmXS{)DMP97rnzP+&BLSCHVF^0n
z8Vf8xW*a8^WUUrmy6`^$D9wFDXRgDCz?^V=EYJ(xgG@I}iAxvNwmYH9v80bT&>_S^
zXJb%nW5fq(r;^$tOCA%~8m}C=6fe3@zRD>G9K?suKk=K*q#yrjlxRNEK5%=sH+|A8
z=oj>;kxwKrYehi^h}^}V0ch6K*=+f*8M~?zg`uif<)Nzz_~F46_PaGyp=#;Nc=y5*
z5cr@%6cKLvXbU!R?5%|#H6D_lC7Mpe^cy|i{6Jt*2jQ0$kptamTr_cM?LkgT7isNi
z@?Is%E)_B5q1%JUnecBJSNXqyN?LjGk(1r^v}<}V<!y(MQ-6Y62UU;FW;-z6#L0Jc
ziX?-SVcDuzRZ)8kFZUw|nLR)QKT9gHKwxh8NrwRJNs|nzpKf#rOQfW1tro%^$0;U~
z*<#ajH~p=wEeX65!(tcrR}F)r!i35@_{=-2rraGC1;`wV&zciq<YL5^!h_>mVG|v;
zdraLr!eJr0nA)j!sPk6XsTT<UdLnDp>Fg(?D8bb48pjvHQbIn0FH#mc;y!C7Qv@v-
zOIz@Z83I`4PR@)p`WzE`Ph_eZQt2r>p<E8fq9`0fj|PqKkxU%_Ff;=JkOafQR1q!d
zvP`i5(EIA;wio^72YoA5iYeMnI<FF+4K`!@?%pq<a4}z{W#4~>en{lP0?QqT<j}f>
zv;+b?bOrPUk|5qhv|%nEfZDfUynE|587}D(?u&s@EVpcyXN`ak+0)WDBuEdK0!B92
z95qt+(7VdJ@O0asjT>Q<)IzZAHdTBl)6pfstmU(E04%npJ&>)`eF?C`Hng+?oDX9O
zlh!wZ<xY+ZN$gC}CN~4s*MRRcfqf}(>!$1>njk<rI&Ay7RhAXjtA;lws{AMz0TK~j
zoMLK=|2|;^^x+;#7AC~Zd@%>chjxwm1Id69AMAaeSIw=B1slE;`=UDcw#*KSj~Fr>
z4)~36G6o@2l@zP^WVHsZ$T7;3VwPF_$$U}__+=ZXMUlLjQ?Y^xKYG951{J><B{J}n
z-U$WTxPd-AH9_pZd$^P?%hA@&$1x(z3GHwp04<LRv{H@OM_SJUZjO)f+iq_CK8xq}
z=fx05?Cj1-G?<0mGUd_lRCj(-l-*7uuZc=(BK*)+N&9b*SQ?>uPck`Mdb_}5Iuko4
zvH$sdQBWewDLb=cOgD?pjyF2+@bG&GK}&G7;l3*>IfecH2QOz-j8+<H=svuSjA>N?
zJ5YGt)1-W<wJu62w(=6K6VjR#ML7{Nr*T*^sY#EaPYSn$j+uquJ?4G65BI>vxdwIF
z6{Ss?f^J$N9Eu5|UiIY@Bfe|V*WrTBNU3DgOW5Q~ezxr`^vW>fFm^1%BzfLkw|6<9
z1<x_dOhCTEZ(OG6WIxF+rA_T6s3O#qc-mTCC1u!3kW)QP@4dNPY=+$uOjP@^ya~$L
zY!U4r3xoe=Yu5!%wy4ii7Bt+*6H2VtS+;s!@Wx5cg!4@<v*)cn%BP*|uNkbNZU@~<
zd2I^tSF$7B6zet%!qKAJuNZ6dP$*a5e1o$x^JrI76q~fE?u`_Lh{bi^ycgwWftx?8
ziH*g}_!Fvw5d`j8XG*evZAt2HMvs6F>QU0MJ<~S!o5l{5R!gk{ZR}RG$@@Y9%MFo_
zWFd8gE*37sZTmbQ1@~kxb51$TO$mI5NH8x1*)<tx^bo$gT==QDcD#LmUYMxqSKE|e
zYjz?qRQZC4-sikhJDn57(PN@sHih8M!#6rJRx1Yq01AZ7ufS$`8^o%5W&If=2M2rS
zN#%c!4DV5tNn!%fYtyZbUjO)v7DbpT+57C^Gwk7uh_OTk?!GkYo<X;@`$oV6xK2Mv
zl>U1epsnOk6lt@P1*hr|9ICzWix26mFF1=;iIJ@0&kD$G_^4D`KTuSWgcHgJM1S`v
zV1!b^j^!?;iy9!(zMkKfy8C+ywr<a!1|%ImPrwz%HP%7&t09ZGl#v~p$iDMC^6b`+
zs#@B2Z40HgdS<7(a?%E?nF>>KQ>nU2W>uXm$JZJFg!@CYW}MxwfZ`ITLG>>oR~UM<
zhMw6tEz+)9KeC$SxGrQuf+VHOQ)KI1!|X>liqE?=EOvrs+$cNZA@Vbev0ax2yLK?5
z>q|HSMFt3M<0RhRPO9CdxqC^iJY-rf&cK@crbZ+42!ogpH!x|3gNW&HvF0t1-y!Gm
z7lIrHrof063Rj(u#G43Q&CzWtLm42-x*pC3nB+xe{IT}iDENq^vo$s{{OmO4a3ADw
znT^gMFA1Fl>oYAZ#VsRCIKZAo1GnF+$h{5A*L{RWZPyMFNu{dPBUJO&2Zi>KsPYCi
zP{JaaBe_AzWcpsTvY^&W<HPR_MAjC+r6}uL8bQ$tYP&J}mhHRe3EzmCIix7HO)E`+
zDZQd75@5f^_`f@HGxaukY;lW(EYK8`>Ob84VcT$wd4EF5ai_M^+hZX#k!@ri_P$y&
zg}NK14oZ;kdbl$|WcL=R7>bv<!KAz*Hhh7JV`YfVD@F#v2mVMhHD0vIU}`KJL}ZQ=
zO{N<`*h$4r<+3@*g!hr41ZP9^Y>Fj>_S@>e7<1w(YyzIku^^JEvfBo_(PZFI=In}j
zNJdk2H4+{GXC{Ji2EB+^R0jDsdrDyWYoFb|O76{5*;;nW_lPMd_}3fTL7&$}f>J;J
zEb*n0FhiMCa)L&F{c~e&n7CL`#Sq>+QEJim>GKCg0882PjjwoXyk4c70VEyYYM)?`
z4NdDmui{#;^_c)MVU5d#i&WQWH7kETekp3SR(-_Oj{_OOXhPTUyFfWCY?YXkgLex_
zJ;K~+W|`6mrG@)Qs=IK27}bI=u^}vhp{~a651wH0<O3;HD>a|jUB=ukd}rvKej+&(
zBgZn8Ex}20z6sQAa|DO>;c0$U1l#ZwuzpSPzvCPFnQ6%uHP<$KB5c(1`D)FxFU11>
zrCYoSCg|-ip)l3Qgd5&*MPgy(VFXr=LU_(L4v0aMRZC!TJr2L5e}efga>Ytoy}b|w
zZn3Xtzy_`xlHALw*$7=*O>o;$%-%|gc4|HgB@qW-uZRXTuiH-Z{HNy*lIP49O6$H*
z-V^`Ns~pImg2dO3DT22DamTkpt*4}4UE^7PjdtFgO@zgqrL^rG&&mY>pWIZTDCb;4
zO>H1`1REalRMTX`O6-BM>Zl#W2+bFV6|VZ_^bYN2NqcFeoIzGHWA*xUy)Lk;eOP;k
z#_~vH|Nmr8iPR+AfZG;{Unt@jc-1cW#F)fq5@lr#NR`mDSP@KABvJ*XUi+Q_$Q<*&
z7yt+{pq^5j{u3Z$ny0^i@tG=>O~xYS3(0)^9Z$DPP2IDORk5++Q6aePVwY>1ztnFA
z2si;QT?cU3i}SN4p!`ca&a)TYECY$j_o$iS$mg{3`|*M73F2G%LgGKXEMp8cK63%n
zEMXsrQuS-9{eGUnjx6|&B&H<h!m)K4A7bwOK!IZutO3j`@>)sx$sO>n-$Ua!DD8D|
zEaE_E@5d`z<dj))8`5;8&sA*HqXaRf9Ez6zZVZ9!-34iX9U&!!Y>(mmC8n5_#WTg@
zNtz&9G&7O^E|+jh7`2@9SecFyy2X~Y!ybO8iF)WbD^jP(jw3IZC+OPL0kNt5(WN|h
zbiIkV7??K+uazIyro>O=3f0`zC*kN{?P`*P*qLZJ)_Gfz<6;!MqJGMf;W&a2s3Re_
zwGz!oSC=;5Fh7n__Cap(Sl<lbk)`)bPAy{pLHZZuilc`hwBzFZ%d>~%C3eRG<Zd+x
zrS<L8ZZDYtb}OmH*EHg^!&cfr#OQLg_Gf@9k$HfCSHc>ikDL@o&u7*e#yhdjf}<)z
z{2=?uLw6%cI&7}Eugw5iv2s{_p%F-|2}WW7E(PKO*$fGB)H?OEj7d~-xm``$=1Lbc
zfeen25}Fq>V99ai)p1$9w=W4GQE|HJnnr;R%54j1w39b%bo0UVXUpU;B;yPj+yy8x
z#QJu<A>;+a?a>nIWk-2)@zewe=hda|EFT;8)#9ggm_zO_3>201-dQWn-Pq2~1-^=P
zy?2xtHxvqI_6EI7yC`^q@pr@O;x&<EhS%%di0|pB0d{EWEpPq@bJ$Q@8;gj`sY9{T
zBY+e)jn$}SUj)sCkKS~p`aQI#&jB*-)KKIqwg^Tjix|E1;0L5*t!SyaXXHf2+hp*G
zW-3diMS|tj<psTH>tmCH&hdn|ShkWz95Sm!!z7sNHPiEP1K2Y1X)Y#DHkFSd!UoR#
zEAsSc6~*n%=K}aDNVjjLrU+<wuBi&bsPgVHSZpwe0%Wppg9Kx@q`(-e;xx$`2~D9B
zL2!H6q(|fLnvIwrH3bf+2U<10iBl5WF+Dk%eR3!lJ4K~WUkB4it_@B?!?LOAmow!h
zXhwc}U?-NxzrUAJ>D_M|&gE;u^%<>^ES!Ar5_u^drykspqd$zq^!`=SAtFHoS%<b=
zDn*ogy|w#%CDAt&O^dLCvo^4qYdo4C=9fu#z23>kWp2I;mYawZw(Wa6oKn!-==v2C
z7T)8%Sg#&(JL_^9((ha>0kR6${9HzHC+BD7>q!fX>ymOD$qlBmaGKW#-6LS#!9<rT
z^U7s3G7aXj6T#q~ocJMj?7atAQ%k$BP46lSh+rXtAT6X2suUrFn$RJD)HDbsfh1Hx
zs)Zsbf>IR`DJoq71yrO-5d;L0q9`4aDoRoK7kh8_+3$Jxd9U;S<+{HA`_6FPS+izl
zO?hVKnP(E#T3q{=^K+uV=}(?3Fb}Qp<T&@_HMeLN=eL*mQkB|=IfH&@);w|^tQ{d*
z)usmPt}%VCesRAU<uLfg{-dLxtFS2f_A>%+S|9e%UbG&sOMjP3N8tAr-Znu8!7CdN
zQ%400biQqN72l3CP!v`A+1jvI6639q?vaTwnhW2m<z74zFPA;6pku)2m9v%<r`k!;
zF0HwJGIta)YV}&3$w50g(!x3T6J`B;Z<_c(XLfS@P4t;Q^rIW{UCtabu!~phgp1Uk
zEq=$3IRFpP-J-9&I~nCNbwkc6@=#~BxL=lijBP7;h==)2T4ZQJJ~<cUdYp48`#ZiN
zV&Qh7a4k1sFJ=E)bva82>Aunie@hZe@#^I1=Sfm2s*M?)3#M0JUHqx&A6x{vvwWb+
zSavUuapaD4F@AVaE}?}@#YEQ~__5<GnUm6PXXd>|S{rSkLKirO-*uZ1^+<t)1Eay&
z$xW{`#i3CfxfL&U<?9!DqjO>EX(OC*%luQV{7(KIJ$hX0<dk!Z31=&#vi1+}<tVV9
zI)Go}Dums6cf4jh<8bef-u%Q53~ZgFYnfTe{H-4<eLD#~8f?8~Rx89aD$Ex*68#w)
z-WC1ElX(6T6JGC#<BE@!<LqmkR2pbAE}Nqjt8IjzQ*ZNX^Y0km@i#m<5OJmeF17py
zFRhwpUrO}@m&I0ng$qyXPF0Za=YM^ed&m9U6Vk(@yoXpis{3Sp@=T=HE<10za;bS-
zmaEU|K@l&VJinuz%NCJ&U~g<L+)yrYlgS%@5FYUSV}vRT_vDGUuRVl^Z>3v5EZDmt
zj_k4R^hLi+pXBbF6|4|6s7Q~zwDrL!km36I^Rc4#FbTvNNX6y48?5jdg)YU+q@J;(
z-)Zj>zY+&aPF!eM^ILP!__<24?JVg%irB}!eWu?7l33(GiQ?)!np@VyqLW@K`F1O=
zw#`{fsP0h^SN|U9b&DV$dojH4TfeD1!;32`XMXxKy^)smy_AR<RKwh!tMY1XI<7Rq
ztd@70yFjyq7k$xoO_JiS_qwCYuq}|^>aZZ)q4uSa3V~(FD9NDzLE`Xeyf(5vhm|)w
zWpsSDa-GiqG=hJri&_7TP|6KsM7i=-@O#-&E{NUgowhwMq)B(8xA^V!0<XS4_VN93
zMYriy`A32}QPOCIW3z?|GFkWCq;S(&PP~0wF3)C$^Yw=%5?|k1aICrI6Bhrf-CCKT
zK+WFAa!pR{!-daNF-22L;mYyn&0Q*)u{%6Hr+(J;pIlQ&GZb9%fxcrV#f0?EKXU~8
z$-W3P+*%{XXoTIIh!ZuAW*0o=zgRwG#In>#{3s9}z0^HoEwZ65PblakA57|H+sx<>
zN`RpDRrGdFBX8X+=s}ZM$#!75okq^R+F`F_o6ay2KOFXW##H=vVn~B;PjI^FJlpAM
zR<-z)yjS37&r=H^D}ok$$28^Mx@NZ5bhI*aGcmCMumZ3Fumf-aZ~|}va0BoF@B;7w
zZ13#s?6M#5^Z(`iClDqGoC^UQ1P}%|1Rw$+3UC<U2*6Q*V*p|RAb{fl;s6o=CjcY?
zqySC=NCU_K$O6a#$OC`@6aXLqPyiSJ96%8O0iXn+44?v_3ZMp{4sZ%U13(i%3qTv-
zG=L6(E&vih4*&(A4`2Xb2w((Y3}6C)2EYKA0+<1q16Tl90$2f91K0rA0$>5`0PF!A
z0L}n70yqIU1GoUV0=NO-0Pp|=03rYhz#YH?fDGUX;053f-~&JbpaS>;_yN!W=l~1=
ze}DjhK!6~CV1N*SvjCw0VF2d<!T}-xS~l7EIVI0d>s=o3i>-Z_SzGYD<=}j(S8iRr
z!*os$Q;MgJCn7*=`~elgd+AGTdn@;~x#sp7nb6=c<*`RB+0P}`*b!Q9wG$mR3}N(x
zB)LP)^}4vqJA5q<WZEafUq_zaSD9hL>$|t#<nh6j<~<dz0tz6AR<&Kbx9)8RcG+U5
z=pvAB$evtS#1HIMyCnD9J4r3f`j(Y(^;^l~uLW+2Fb|-ezg^IOhPixR?v|p1{>eDw
ztD}~5Y*b{#{gfynf;G;^j18+GnBS}avZ8vwu`XW@CKY<6vaU7$>uBmy&8g@KEDn`7
zQ58jzI^RAV-6xb(nbAc`C>@T!U#DW2ipVlp(col}VU=?-Jm?}IQ}nF4PWDKjTEqOu
zvfLcsi8sUG>5h-W&r4S=ZVJmySL6F_YGV1ohp;-=m1-l`U4R!<=VKm*oz@=sd2n;%
z+q%YQU%R`(GSzRq{kefHby@tyyNK=T9--CQ{jY2|Zt3TqKSy<Q*mK3f=xDi;Y3lhm
zh_~mph-Fw!yZRQ}N`pu3QyEhN`n<#eo2!#o5ShngU#OTJ5m0h<xF8&Vwx*S%i=9yX
zE`4HY4bN61V(*R&KVmlKKh;cbA|ANaT~Xo{gOA28cV)gj_pwx|DTFwsaa?@sNM6#r
zo_33*(}E*0n}<vHE=SbLzw~^^?{D?lyNlJjz&F-Yob&rTmDqQmDqsIttN96P!#z3~
zf#>FCHmlkPE9Q8o=zv%c7)IzVcrtsj>F75roKbfv6TPZA?eM%>U||2;uo!FimJ7nu
zGxP<gs-~P%dygL<SS_La?AM!DyxHo%*=AFp^;qnA<tJoXv6o8*)z5k-^7uK=as%$-
z7nyj><UZFD-eX;%<kzAV0-^jPI9pK~2u&;+rqs2HK4$fm%T?Ddi9fS=CJaBp1UymA
z>Q;03^b4DP=;txTw`8vmtkkM@C2K{;=vqD&Tk*X6A#l8Izq@>;@h#wf5<5A9H+y_Y
z_mJ3Z^_u1W4^QW+^cNFFYZTN6?|c^%NEf+e1!)S9aa?vf>(L`Hw|MEY-RpPxKO<5f
zp19iUGor}EcJp{xTeRKtgquatQ;9~Wa5KEdI(|I+ea1DF)dtF8(CihrvC0eCFMe*0
zw(HeO-?K+e&%w3C_!qSuy}-lUd@M;`-0MEXug7oS{31SLYMdnEY<ZlWMCm!{$aflH
zirp@3Is58qA7i`l!~?v=){mY}wz`B<>XS9}x6JFV6~?9Ux0I&a@6Va^p<AJiOyz2@
zphIuU)fyj*E^}7>oO%4<LT;0=<^7-9nvf4KQ(pU7T=RUS-;|PhnrqpqBs_434bS9y
zT%_j|8)Vr5eziwF(+|farV}>YjLOjuC~fVW%4{4m4v+tG{*g?_^m)Tm>>}P^t50;-
zAKTxgRgP0_tKWF#iuS=9R4-?}_S$5}#OYR1q&&0_ex9L@T}vw4%H-`@d>{GV@6?fy
z;9UBpQ(T{M7}@(9ej45v-iDrg&}Asb1^wJPe0LxMYHvtW+58?+B=jEa7khNF%2$zc
zP+Pph)AH6Og||YN^1Q3vr-y?5x7v93Jaf4mqh)c+Fo?pniU?_4^7(kH543Q4%<N9#
z49xSO22Zfs7W_q~sVQTI_lOK@M_mHTjrX%JV6|+iaa*iC)>cQqDi?OCm2Oa?^pktJ
zGen~HC_c9of4dp?MiEJ$W@RNOz3#EaNRQ?9$&OK6?%Np8x7KA`9!K2Ag&hb2-ozZ0
z3VOIubo7?%c4?ulqW)DmUx~Q~#jEmL!(BHkCvSxG1GeF-4TzkSMse!aez2haeDu#d
zu{X@FD;m88lO&3TB-=tH2BFI9YIe{E%{;jUTH`mGb8i<stocxQaq>i>vU;D@y}eKM
zN)TzEme_GaTE#|MF1Lm63voV+ZkY2k)wnXId5oZHTAXqPtc`GZf4YVL_=SO1Pm&<d
ziOuVU($3r;9JsTKuBQ~&URdv#73{8bFtC2+mpo;1)!9BR03Oq^!-36+jAeN)w>7+@
z_p#gV$1x@$t=djsKlu!)6W;f9!-feuC5;WCC&t84R!%pBRz7QA)Y-AIWL~VX>h>z%
zYJ!}+_+7&*IL^dBhCFZeE$6U+W6X8Ct@6CV&5BneF8jM#*LDOZGe0GBW!+5svJb}b
znQ&9_!J~)z(W!JsNl+bT&2l4FOuiwiHf*4wB4+-vCAfqr6?N>^>ARtJsuDsKoOQG2
zgr~-wzWMJGl4oB!X)fFd<v-b$*-+99^`9EiBI=5`p&R{jCNZ3sr*iqr#-|w$aays_
zxpwuz2ep%b5H}QNTz(FR%)>bAoS9?CIc99do!+?Y=vrFVoJgMr5ewNdE}JfmO-H_b
z@1%sjmm6~!NvK=Aub$t2RVv)F$0n;MbJ>drbmpLOrRs>znI<*X^+>}UuyORr+SkxH
z=1cuAyz(CY@Q^7n!5)uz)xRK;WwMrAE&WvdabMJf13SLU=bAY6a_)7<Pb*3HwE1-9
z!25l^TqnS5$a7b`j%5`=;j`{*Ii~l*v|e0#Rz1#is!h3%rQAZPahwtNsJJ~yzI{pK
zmW`vrz1TJ13PRNAY1t1i9VbwW`x0w)LU|p34(c!d7){$|_b%9z%wAQ_G340G<`XRx
zovQ#p8O9k1?H+5gTi%<E6h8qyt6^XweRr>8#kQ-p#a8?oo`jd+AG2Q+g*BEV%QM~Y
z+_I_AxLz2252|@rF=+FNUU^qciqTd1FZ;t3X{XNhaeXM^(84mGapy8?mwEeCRvQt1
zHeo$BM=5E4r<`!+itf2ftPeZez790BrFBIZsot?KO=r9PY3GTZ$>ijG{(WLhUlM98
zk!mLVN^l6<gKPV~R|Ymi`VrjKdeyQ(U4!GYx{veYK<!B9l_mNiZmy!RIS0Rm#*bdF
z42!r@w#9j!Ld04zUriLQ*5-cU43jw?oH?~Rl@R$dwNIB%TVwW__5|$u8TY`x=dCki
zSBB$Wh4`Jh&ipap2->kv&^f{}OYJUx>Y|;!RuN0eX%%;=;Gv?@*1fSJ<vC)wmCVBU
zL$q1SwRdSQ;?f!Wj}}Fy@tRA#?l@#fNEZ_pR7s%Qi>aJR)Q{7RIN^%>qypt1Qy@ni
zJC|OLy?^AxQR;YAkug26#A+?~J=?lc;@T@Z`K#4J?uOrpna1<WIHO~q)p8`OgE$~8
zL;lT$a;9=Qx+OdaJW9AJLCH#oE#~+{)^_Yva&B^{BRfeiWkh#9-`uI-!Fd>Sg$k^<
zzVl=D>x;5X=h3XUg&Ts>#?RzvzS#E=Bx!T`bXDEWVD&pr3ZUpiil@1)<9xGO+eB^|
znD4MDEJbrcI>z-5l)t^HH_DRq<LS5{<n?tCw{q1_7B$vK&L0kxm}^}^qEB*?(kGj?
z;FhJ^VYe@zIK13-_OzXL{qp)SGrYt63HEcN`;J?{j4uQdPFe1~X`)IC>*JTK_|VW;
z74v>@kMBMsW{A_R>CbTWj>~aU>fz26d`D)6{8t`D@W@P%(#Pb}dV<s5>&|LRZ`7`W
zhc>{OgN^7DD~1gyM<#brPvNb?{?9!7l0FEDD<30m6?y2Wekp4w3L`K5=xN)T2JfH2
z-<!JgqfrX=NY9JK7R(;YQF=+>tw)*YeH35Fpr*O6q=(g~Fy1c*w<j<Qo;_Dz3^*TM
z7v`^4Y&>05#J7iS${v}IKl^woT_#^!AKayK#<1sdyPDahx40J#mrtHuJ#OTRiHe77
z)$lmG+k|hfT0HRGWABssJ#<exe{l4~!&=l)Y`@fD!1DMO;+{Su`QZA`$1XnS`RnwZ
zE;xkm=XgJ2^zOt{SyN~Rrw4pd3w7xRdYsp@vY$TzoXX@jEwSLV;2Ya37n&k#P_Ozd
zs)}qbw@EYPD!HWn@_Z;fui*_f{^(ev{#1B=xzHuu4=<&BM6**ncgV1JJ?^ra$LftG
z!DmY{H|{K{yyT`yZ1D3|^0q_$Z8w*!+qxop-U?-kTO^v;6c$$M@&6FJ(pk!<qmf;4
zD{|kcwR&yD5Pj*nA4SD;aaLlUi|<VYh4UKID&}H;!3kNO*}%ZFyd$FWB2@y1s*$0Z
z_+sj@{&ej_e7SuS0&Q)c6HhoIBy(n~#Dd!BrcWbupVaq6tE8#=9a~lra(kX7n=TN!
zeC-QchtpL)*Vo)EYh$7%PVg6Q@6`6dsm0ZM*1AHPeE9FyG-RHvc^h1fxyJXf8(Ok{
z?WjkM%|gF0DO=9ISOx8#d-uSVb1dPAncMnJ-`VeEYO<K>e|~XTU4}^(q+l(PauNd~
z!e$7P5}_^3YPqyh*uv%Er<SvFclj*r+>l?YVS{+#W2%hui;q2RQ9o#UA`UUtD583u
zXkg$8T6|wj0T;_Y1;omQzP=5~p<`D$*oW0kEtMY5@R}a`Qj*}jb2~oJ?EN=u<nclc
z+dJFnE9qBR3r;@*r*qFAn#10m(HIj-xY_hNgfl5gs`E;f0Lfs^)+z_~x%2}jyl<S_
zrWN<8Q6o3@hP`}|dsABZ{yoJ8j(M93y{=85r9e`QN!wa4L5=CM{{fhKkS?Ydom<fJ
zpwdBPTEb<yt?^;xNOu^IbFY88!xr=H>BpC1N6o1W_Uc=o$`qfkf>ItF<0sUfC`o#3
zcjkiL#qoW#YQMfS!RNuf-Pikt=~0pGT@70bjV0SXPiW2g*RQt!ICcT;aW+Z3v8ptz
zs^b2=#E@}St6203ul{(v%;-UL_l2W1^FqycnC)>MKQm2-v!C71jnibsy59D2KRd2`
zVf)k#?10gYC*h-)E2G{$rA4lPl141WfAnEJRGKgN?OOcBR`<KEiyhY_2ZK(Z*cRx6
zDhGNObute0$J{hDWBz&aG=J^~+diF~_c5L_Y?Z-}XKwjdi9C1u!h4rGHZHJEt@DZw
zJ}TUYH+yJf+{F%WGc$1b>_j=PnX3-m{?wBwc_8C}u5Q$=bzYyCvDlO&q(%=h*^?n@
z+R+a)d}}BvI!s2HpYEPY2h9if@!%!da4NG_Szb0i-|MwWiqq?_IgddRdDz_RoQK^+
zc=SU9M}P228A0?p0&~ohr^{|AFJ9oNZIW-PeXUw$kemK!?c%V<jKbJpj0~0jRnMWK
zg+IUSL@k~gI-Q9|4XFmi%e)x{$9{C`L3+N}JQXx;U(+m>xz_usOkLS4e01P=p0hxO
zN2y@y1FG!2N%`?K41U7P<(c(Cy(Pv(91H4a^QWM=1$^O6@efBw!5jjyaW~!;d@SpH
zZ^3^`<xQ3=CwG>Tu~X~qO-V=5h^FrEs*OpUmX*QJ6pJ@TDQEV=4df$u$?D}HQy)u8
zA%1ca8VgTv%7Ug<YQ_(KVzwl{sPZ^n8%13b<P&n&Xop9WxxsI3e~^nW<XOpXLVAW+
zId%50rAa>vUwH8TG?U%_>T5@6npUJP;RV$R>vXi(wW}tk^&CzwbAyfs9CSVuv_;w(
zeC=X?K0kylA`<uLPRz0HeGM0eoA}|nj|wg{UHtL&awnKd3P?d@9iB8yu{$r#U%X)0
z(5W`H_$rC@x}3}ng(rudj~GncyW#01O@nL`<4R^;4sa*%wAMAZ?Q;@t2;A4((jwD>
zh`{%__?S>w-+Y!|?{VC$nh{JAe;1^VP2YCp{FxD#b2a_h^-K|t>VftA$MPq;-~6C}
zGJ}3Ne{We4I%*jD=}Ebb|IuS>tCRYwH}52fSadd9gDP2>a_3&88XW8!)#Q-UiuKuJ
z1xGpr^VE$gT`PFpNWauQ#4DLNvaj`k$-P($Bi{Pcw>E1YHZ5OxdAel0)b!?KyTm?n
zcm2Gq>%&LuKQ@-jeD*72sv?^MT(KTx?zQ`VQZtt$CAHcma5WyK`_kAG?@zYNrd;x0
zs2Iu1q8v)MbT>DC`EAV4X!IVoJ#~s#SHLb}S>#ZN)uXZ<;OX&7cl)**jlMD+L<kVf
zi#)w~DhHuNbw||1%iI*>;+y$fu(9#Z>6LF>-@8vZLf?s<weY5k*T=0hWEqCe57Abf
zUfCRt&ke6{aBZe*wmLkNIkhw3bQ0A0?$yGwCuvZ_@l)c5pNpRbE@$rVe_--uaq^xT
z-y3Pd=bwQa@GGmbUDr;ol(knbPBk|iRo-0W>-Z|kq+YQo{8g!E_GOBqs5%S}eNj>p
z*ryp@_ZD2f7Dw{ySZlk~uHOV2X&<nTGgy3tdv<l;VaDZ)FOH6L(DZMZi%4udiH&Qo
zgN?O6tmK(o<@DgnT@!u%;j2<4iZ2x(`qNqL+|nh9XJ608ryxX+PEwdsXKB-?CM~R!
zc&qv?o+G0hm(Vq<$171c!OnN!%tlt%@BxRAl{PiPx5UJ3+tKryhCfF}m?ORj^X_lr
zOM9cH)bX7>u@U!F&>In$!1q2p=GsHC2lvCwT$^2!I$6iV%AvrcvXRm$@;YJ;iTSD_
zhZ~lvGrWy@IyCmbY<zEG_o`~6H{`|m%X4MN&t4<E8H(-1TuH`n*U@fQvY8<B$5{`s
z$nSvEjjtt7wisp+quKJuW*=GvJ<0~NLJxq<TarKCd8J(78PWE6L+Q?RX6ikJ_=(B8
z4WP*Ig*%Y7;GA-6^!FX^&q{pUa+zPt*E&RM^iH|dv_7A6CKu*KP3+wm!ZUe^akhTR
zI5p@2lJ@?dbT9y6MdT9~;p#YlJH;jn9Jb>fmTIv5#jj`C&d~nwqWTG~Qj61bgHNTN
zNCv0JeDr+#=3<l4@f+H!wx%;Z`ufI&5GlUAEZ1;#cdVA|Cu`4%DxEW3D)Bd#p>8qe
z2cMpv6^FYSgsBGUjT(@(*6>O>(uhR$m+Y_06NYtljO)KD^`lHCDhl>KOW2zPebXt)
zau=6zs^4@rLSEufd;P_BgqLBQM54a0gL#h4pxu6Lqs&#Y+6<EHE0WHpZe1zF$n?Mg
z0_I-cw*{o$o-^}fjY~m&uP!*5qcgtUI18J9DSds-<UQhSxKDmSFTYGmYSf8}>ih9p
z10Mz|Zp!F&TMgMA$+MAY6{A}ezxv^vGXv{BS%~ZA?-eCQcFeVO@e6gVv_|pNcjoi%
zlag_o9_`HH#oj$nYCfaaQ1v<B=~I)zwC?gJD7djex370(sAWbP>imi$ZMg(^!r<O9
z=aw`}>9XGX2k#fG2(*0%$4&V7l&Rwc#lds~`{|<&RavdppC3Gtdi(NI3@qG~rA@aJ
zv$td3{+{#I>&NF_9sPda)3nl2MRe-~$>@q?RKeQ(N>^3OG1<qIy!GpiH|U^`OgA&1
z_T1?vY2F6~=zTPQk=nX^PD0ma|5vQgl-2cjU6Mk3aBsQRH2ksKb4~@$CbZS`izM>5
zJ)T5!|8EK_!Y6koP%$#<UCoi4PC<EYUwyun8O)$+9K~lZ>5INB4BP`^GPdi)+2qZ;
zmL5nxZ2aWn-kre6XBV{Pm(%H1C8Bpjiq=!=1(P$Le1~mLcWAdDQn1fOXr<u~PJ9in
zi8OxC+4^LIe`7j$LyaW8FrTgvXjv^0IwWroj~~}${5ZF#&=sHm^z_m3?5UJ5i$#ui
z)p1<X3k~9)$;$?Lv?1>rmPxkaS^HQ6=Fc2n*$2K|C0)0vr^wi=(9|<Ze-s}qe?rmQ
zd4lK)y$#Fe>9Ncfd5}ZY582PPN2BH3e%~CCh0srO(}#3m?-biliV3bf&u++`)G886
zUgy52l^OBy<OlXlTeI_bx8lUsNBvO!+F2$?>X~j_%5cdm;^JzNwAT!`-9)!dJDmSP
zYymA99ygZazZ=?*I1a1Y(Ywa=)w+YLo{%<lmEY`}l4$zdM_d951><>^DRo*M??#i~
z7VKBJ5tDpiep&is$hK0Q=hTne!j3(8{04{3UUCkby}R(u@A{XOtJLBh<(?y;!ox1o
z%K@;sG``}3Sjyb<?K9AV98jTwfdxxSkvaDfKG~~}9~0Iz%{VQCbZ(XZP|HR{6cAqq
z9!t6JM_OQc+*<ST{YuvOzE0drfjj(-$L7k<8^ABf<H4UpP23-eKXva<a;?<34k8<_
zm8S-2QnT(WMO)>b^sL;t#-;ltZ~mN>z}}}}GSCX5E+!GPblf`OA&(+HW^lpLQQ_@J
z6PRD3wMxn45suX>;%`L3qp$L>o3nW>jy7sBg>U;Q-EZ{blk{Z2kXaBOp=@9(bKjS_
z$MqEHy`6I4z?g!&wbla4E=MGjQg=9#B2-8|%W^mGr3q67mxa|z!=WY1x?JVWkzpG1
z38E7$*PcS6jA+p;2Vc1de~^V8E>A5!Hb!|oa}Q<v_`J>iu@6u7Ol<Mv<WfQHTQ)}(
zO-%FlQ1}8qi_<)@`&(~EIKB#}I^_%S4`W#-o!C}Ac&mi{2DHC_Hf;xgpl`lSy0l<|
z<v04G%=BSuR=fvhl>6ppN%%(T32*ASMFv+Ery1}}V4qyfZG*elj^tk+Kbg@jT*iiR
zqMfwf7ddv<ujwXLNfWOp+}LX{lkQ`!f*x@FQK2rdrnRAyY7{*`@UEHX%q5WNK}s0c
z&et^ApWcyb5)RBscFyljXxf3?*`~1}u;c{Q`TpmH!v13Q1KyZP`2j>oF%P0e<MB-N
zErWz!%6?=pwc$=RZ-<0PBj&O~Cib)P4WA3%-b34u)tdJHXmqcXDpwFa8Vw#P*?Jgi
zm%MaSv2pzH3(nCv?7eskmFcW+rlEs+?n<97r*<BUJ(uv<_-zV)urWzO*iy1yR;pdB
zJ<6D)rs1qaP5hae(fp8_*tozWJT!R$mM<gz!?HPp%hSaI{h^TqT_e4!$NYNxlr#3J
zk!^i1wn&r2nCcE}z~9g8jd<5?a`)n)lv^+C4o*=QJgbT-UQ4EHL<X6Wdqd|3F|4y(
zmZA3icYDu3uvG=FQ1(%~@~8Jo$?r#Q=jfiOs8yGZ3aw%KWYHIrnZ=Z#ux|XMG5z?V
zzF3Iov-_2W5l<fViq0>zsXx21k}CV@TI?(1GH7XE%fRvzad(lxH_;up?gcMCYffgS
zHp`t|U8j@nDiiATuM!%0Ov#^f)*~dQD<lHWzW$PQ<sR5T-gynQ&3?$bAW(j_px}|7
z=98&tqMFW6F+uy8(|7H#a`}UYU+{o#Hy71j$0x)_e2`Z(l#$F~srF?_xG4eGa0Q;5
zdh+ZKDLhC?s7`5fy}Wm5*xpZiG&O%y@FHU)rU>0R%K_er`dW{GZ81$|HQc>NJKoR9
zoXRqLd28wcYO^o%$o>^>-*bb*h$j3V8~!_;(jsc>B94i}H||t(HM1QXx8z;TRgwB0
zQM_aKz0d_880zOF$m(ikb5eMo0t?c|e@WnjovmT2m3(<a;}huCK>QZ$m<y?lTV|yB
zTva_`eoqOD9rn3*Nu8(#OAk`rJNa7crT6bb56w0BbRYZKhD|&=l5W-!zBe-DHvDVl
ziHAZezF)LL3Q|-&>dKok&YDM8uMOPsF!EP>kLGaL0p4ozEMQdyk`Ra1&3$g;)jmqj
zw%dODT=m7VxVs)$!i9*$b_=!lA6`h)q)9~*w{G=5U3(UvePw#l(d%Zic10Sp$iB(Z
z)?NcAEl2Tr_cp5ZivvIR_>AOJ#RAJyICpVPk1mHLHFDVff~-$E<u~6nldSQ=#|Q2_
zc$FB#vUP&>`AL-s)2c`zF?MpBc<UlP&Hgd?WTbzc<6Y}R{%d|)%pJb_KExBE#eZzj
zEF9ZvNvL7XQ{7MepT2MH9g_=!wi%<f`+QqP>Z*2H81G}k20!%~X0O=)oOyyiZL{8R
z&t-;fT+uja5N)LRiqWBIeVE<eu|V+kkDSZvAc@UVaWov=buj&t0<z@;efj1>_J+0m
zD)?-cpky;yK#5JXo7wTg)9Un##-wxS%J)4o3)`V5MgPcU=J6L#OMy4sJbH6ymF-34
zmW6;pj8eYe^}+k~sV5c0)W`KYGU_T39yoaBOt0}o=a`1?wU!Ep)k$Lchl7@6eWM3m
zsN8I3;>CvU^bo_LLffs@;Y-s=4+4MeREfvj4vHysTZpkk+QFCGY_Eo7u-U!>Ka?za
zOKw}47T;mP2<Kgl(?h@TmyjuLs&qOc<Ec^A#bMMUOPWzKZLeG|?RA+g3<EzI58tyY
zDi;Lom!!`?9em;reGk2`Jv?H!ntXH8>Gm_(gULIh2pQpRnKj^c%aMWRjgbZ2pjl+~
zN09ZU#8Q`Kkp~f8rTHFAF&u-RmC1UKLTin)%Ld#c<5Tv(dp7yPknM}t^KJCeXU8KV
zzv%BHC~tU6Fn3SM@pc}&<@<FmRs5rGV|lU#=HSO45}P*)-?Jt#N;Tejn^z6C(S(GT
z)xh`5<m$C*Kc2!|aSCaY`9wl@KC~|U_zuIzdVOx%d2d<$rrm?^?i-vhk;h+2-=CK1
zTpCEY=;(P_xcNfbd4?3^GQRrY!68ScpGWO%OP9DA7x%-@UUsCc?^q2p_h!}DpK!d>
zajL@EptQEQr2>*Xcy~lNaNFHuF4F7t+$*8WB|qYdJh>Lnw8uHV8^H;HQo)Gss~v`G
zW89ikPoIr1nR6?M&WSyy>T!c|`iyJEu7519;vG$4`yNJJy7H;-d)p1<YS7LZ>=B3R
z$xO$m)}?1;e3KU|L0#-4&+opzCakg1Uw&lohzYx$7$5W)g)HGGGIhPv^2L=QK2ayx
z_(U50QurHZIYZyfdXX>Lx{ufHv1PZuJ6v>5@#gFsqj%~3=|z#+QjxE@EqQ3>W5Cas
zty<S@a^yMs$&Td2sF%9m-o>oC6_E4wtpp8a1dh=hFov!^hu?r3qHfP^y2?~?%`SeT
zICehLfC#oOWShH)WaxI|GXvU+w!rE}klEJ6E<K^7Pu9V3gh0C&x5>0Yejz1dX+zNq
z@>x`*_0*y-_>EkdGGsGkvaP|RcN)^p$J=7wJa+8_@jaOJ%GGEFPTlZ&>Zt+4i%*lh
z4@{+;S!CK4RyNq+XI74hJ6n7eItiOdeV{aA7!|2^hobiQiLgca`^#f$ov88WP(pM|
zd&X6Xq>FX7&U&kfsy)F9ca~hP<>>9@ji){m@h_--#$T;{1YH~-&evAD6+ZJbdC|Ui
zEqUd(pa9kEq#vj~v!MTpf9bd~ec)8QNSmB83~`V5-rkGonXazxsH~m&K9G9zTr<1i
z0@F&g*T+{Rv1^dbPEKnIuT1&sw?sGl&K?VB(6QJc8zbEk4Ta=U4AxbmaOM0u`@`!$
zynB5;;AWP27B4D0WT)O7jxa_o6j<>Jv2LB_hE=CppL!UnVHAh?qNUR2inUnGjSF*R
z9eFOU`)uo+@rkC(4%7w{-n62VAD?BNO-L5CRMROo7@!r;2CYxniC_jMuwGjU)%FrM
z*S_CaejyDCVYU!a;ybmcZ-KY?3a1a3U3dX|LB^Jfj(f@R+Qh{4{m)4B95ycY{rwXK
zt`ANQbv_jt%s;W&+xq5ED2kTz;(eaZ(9W@jN%vBJ9D-1}W&Po$rwS&o`B9D2ml{aI
zmDM8GKr`q)?nlxA>S-4qF1=o}XlI6OvImx}dCC_IO_s)cExMd^G=DV9e=Zv@n@x+p
znL0Y>H$|_11k!0CLi_lN!HT%Ib*}Q8H=D%_ZG{Y#S5_!*&*TxZw$D>7*fz0j1I`!b
z=3+;k9t+A0U0U9s$E~F|JC$oD%Na>MWa?tco1&N6fzC<ylq4W8m>O_xOTsb^e7(JT
zclmKk7lbt+v1jtAmNcooCyc}wD|urst<%Dq`Q>LGp3N!G7a}EU>$xI(5Ka}E{oeYj
zLDhp7CO#ESI9#Jjp5#3>v249|x%{vw`bfeeuC!+HC)FnUjRE&_|Er>pqU$Gx=Q(fw
zh>pEU;|!kmdsE9k@)ja}WIpo4*ytX~{xp@tGDx4x;!7)Ee$MT2c&vq`DhBaS*RQhV
z=W-}>XTNX_-7}dIeEz%tmB~z@O{sD9FBuzV43Zi1Wk%n3ULm0XN)YexaKiYV?&(_#
z9Sy$sc}jVkj}^GPPi8?iqt4=`gUgrXi>7bQ<7Y$`+X<Xx-RfFz1iRs$xlKK9<@CCX
z2j2Vb!_6g65}P?cbmFA;7VfFJb*^dtZdYdTp-M$7I-g$#iy6#1^B&8$$0i<foZwLO
zi1vHoLoLETyK!0Fi|$E*GnkF3nt=Z3Q#w<8imy3^q`U*{X~x0He(q2o4F7Uiv8=e+
zqc8m{tjI6K^YRkFzxG$d1tsR#A=7F=S71*+Z(wZw6qyf}OLUwFI>&HnCZ2rYkJUId
zTr{HaaKT_B4|Gd-(It94eXKG%0zPyBeEr6zS_20qD!uJtoWjdjkV_~i0(b0#1tr+_
zNtS65H$sc;ex$gIr$e2y=IsZqcY<4_`en6WWlb94*vJ~_^iyTsKi)^L@4cqpq4B~r
zXhpHL=W|TKL^Q$qUSMpJ)lmPE|F=j%{o(q<VUbxK<F|^wySx>=(Lu?WEPHR;pc{P9
zhUjI)YZt!b#rCtV;oQq(<KA*(it&!2TGwsQ*|yZtHACh+kQx({A~UBY-+q`}x9U$5
zNgWgkMzlvAS-Rm9CE2~s>HSdTaBx7&-mFz=zpEbDOm++YS@=dsp<v5*(%#QZ(Ph^P
zES?o|xf+6w4YZbLg6pHw7BlT_yc-iRt;Wm8o_04)+>5zd@%(EXZ)JxyynZOHv|2Ln
z2Bp!WfbW4>-c2K<^NqI2Tc_g`&uDJ-HuEUPaU8q;Lh_6t`N8c=2-eH8`uFbNyBk<A
zWIb>6fpkEq`qF8>vqE8GEFFPY5Kpd?_3AKlwU6In?R)y?t1MuCL!b9cG6H23UEUlu
zxWjxuA-HhA4D^%x{v^2NX#4wO>iJX2{A$vtZ7-x8@F!K-hiJ%%4z`?<QKf3i-O+E#
zdlSLB7KuqKiTlvZ#UEq7BDcEevBmId$qU-q#}NUF@3ri=uP%G_#D~LDV3LW@VcFu-
zp)&hk`bcN@aNDytn(6OiSWbg2`%ah%e8w|KW8o8(8i(S$<$RB?OK^aVhg)WMdO5nD
z%ZM@~>5X%9svYly%e2PbKv%04q~929Ts-}<R|j!*X?UMK_0b63FcD+!7@7cruWvbT
zaOyN_$)pI%GaB!Iba!UGWYVZwr^wQt{k3CjbI9@GK+{xM$fZjQJ1o8z3E9gu?Du_A
zcjcI9flPWIeT^VHKHrR8;fBU6{MK>B3O+^lXWtKABn{zXr~zyWp&26sCWn6>9j)Aa
z^3|Tz=qE2z;Oqy38jh`-S<JS?b)HCWx6Egcd<KKXp2XMaKbN|&@WP3E0OV}<1f%jA
z7HY(MvQw8bau$1ZH2qCNewh-2!}Rq>=Of)$9t}>M{QAJBvtMR#PG~<)4S4_CrNA>w
z_gt1xEzlNT;XHXU8OW?AyVOg2+vX3<Ssx2hPH2(ub;dkZQo){_d1FZs9^cX9{4U1r
zS^B}ng|*1#`0?+e+2Lc)ncMB39qF8wyZ)6mM+j$ppEGNMyKJGTWcHBm%-iTo@E2w3
zz9a4C;(-B4w}wLFtsl55SUaUFh0|4X&+<4-9hgBLoGtinH`1YuIqiHtY3eF)>kBop
zBK|;r$$cqms@1EI&#u@D+Zpf6hw>y&o%@_gPo;N#cI>&o_H!2T-0q3L=%xtYR4?Y3
zPCzsT#mMnwZgkj@k;)qrO@q&U+A@QTJ_vpFDl>3?TXqBcP~iK7<dtFsrtW9pq9gDw
zIlHQ(S^HXE%wKtA6MgsfVLm}RsPxMG1&cG5WtK-Qcf{Qf7cxh=SeNn|YZu}U5FNn-
znmx*s&9g%*`u_I={G}t|4OtIrmmt><Y$qBz+&3ACmN7YS=Um<CG{xxY(DkX$S+OR^
zx#SE|jCo#UXBpD*@d6icUxmMR2%p2)OV?~~53h`Tu}O~9nBbr3K37$>l!iFeqVGS~
zchSBt;N|$nFgp}@)M7b3%l!hT48_l)@lvNzAbO$&-+8IZ{@TMMlpkMeF7sdo6siy7
zX>s*}jAzde`>MQ688d$rpzwL`b|0ih#3-0&woTGr!3K;;6CyU2Q!rZ79K&DlCtuAj
zI<z;=LfSNf@Y<prRgB>f$;%+wetdLxz|Ak2<7}Hh)F(AD6O$PzCiMKq!7nacH23c}
z-#n5Kk$BJ{g>LZbabcT^iXB(#v8Xa#kl?P|9xO?C7zV4N-B3RH22tmIvgUbc;!;^b
z^+rmQecSA{5z|BKeGUgii{z?au8yx<pUzC{$b7bb@hIZW=~v>NiAQcXz?M*gX)D7X
zjuObrGF;j!23w|<p6}jL17#|}w6MvFok@@5JT8KnoKf!2SA9-9{H$>*s|!KBIKH;A
zCAS_@4n8}1J71|HBLRb(eF|>w=r^yfzpSIbcKK$S)^wJcl$|;1Yi0O{*ut+{nN|my
zwyxM^{t!^q#~l3BL=qam`}oV)a<<o<X#Yg#f++2a?{aI85HBrH24*BVL(`ML)YAMp
z_TifhYm6Pmysn78k4RNDiV_ULYm$pT8Vp437tK`H_som}7k8a9H9{;crp^!e-DSAe
z=Y~ctAVsO9w|$%+Exox8Zoh7x4>F7#91-Myu!2Vqm-XiPxJlI)Eow@CBB#B}ooOxY
zoC!+4baz4Jtdj5i2cuYazZ)tCSiCJ5^h~8w>UXE?oA%b*Wxscm94y@*EG&{~A|CEs
zcF~#>K{hPAs5>DqOg=wxW3@0!oHaO~UAALHJ*~0NMnG$%aqF=z-S6t@?1kjAG?T~8
zyjJ#E?Vf|SrDdtiAfkc|;pb<~jkkRTzHL-p2aSg^PsVHIV+UKa9%HeO7<uXm!_OB?
zY+o(B4m{;*r~cWi)+)B}GbmN?YXRrc{Bb*Wc<Aakcc%SdHAxJdNy%opL1!6bG#1LT
zlQi{d7NIGf_@(n=%Y^i)5*{hjYy0gO>?Wb-3|DX7-p4dN?B*fQmQbsEo3ksom23Wt
zUQ0>~o%~>3m=(>g713DBCOK!ztB)(IKM01_hSppaD_|wod>eylfX6CruH9%K9!Mdd
z@%(XqXSFYe5ShGqVV*NEKCMA);0Z_l&Dg<W=8n>w6U$-DL$!fi{jQ-!wShRuDbaIv
zN!|{}->Wm9Y5^DKL?ufuC31?Cr<`-XD&_K(cPQf?;rq+p4B){IgHHTWFU!XFWA#(^
zXKea-1$it(IJz3f&!4RQ9xK#98$4hvCOs#g8jdp+MlqheNm2cHv2SpcK=9Qbx~NN-
zh)E4|<4|KioT)N@;9+r@?!N4%`t-$eFQ3JDu4h_c3diHw3SzWHU!0nZIqE<!{kx&K
zUQ)^Vw@(gdu?iU>rMF$mDT_u^7S7(eUy<M2d^z8UAZ+26a%TgdtZRKe@iiwHH+x9%
zJMn1_|IoTGtntP2u^bWjj%)qvit_;yrG2k8Cu3AxKkTtQu;+qljJ~2~Q8(n&oEuXx
zF&tFZ<$V$lQS~h4iCwF?l)K%bqoTt!n<D!m@Mxg(=-{=I(Ih;{S|^c*7o<_xdf6?M
ze&Gl6^?VCZuZ{4v<2^z(J+^FmXq};i{CCJ45qFO}@(&XFH>6PU2Pp$mv#IwuBhg6B
z!V@}6QZc7^wQvvS*^V|z*-A8z9pBQ%*1f5@di+e&0Si<unz;Gib0HgSBzjzM-PJo}
zfoW;b^h}J6zkG2pfh&J~y+g@<s&_bpo!mL6)~@xfjwR|X{==;cQZdUJ!8Ofj3+eAe
zq75B_>Wk|B9el21-><NST?(F+EmQpX+K$oFo_CHu=nFney?qV28SUF`j68E+#!4^q
zPMwH==eHTDJ#4qbR$d=%<aKn8Jy9gj7g)qL%e-M8W+={gxk89``dARD%x&6`_f#>%
zX1R}lk?DWj|B(`423oy)KL_g{$6Y@M;O7M30sw9i_$?j?{vY?hp#(I5{>3nnnea?B
zCMpvhfW*XLQeZ*?J__J-1L7!5L?BjyNe?*N4Y6YK1wQdWD4l6{{QLs&{@ZSMjO||U
z`o|GCFo6J2K&iWR3I@tz03{Ka%zrD>3;1*g&Sil#dQ6r;-Tyh|Ki3mT{9m|V<^QYv
ztbuyC0rjB+vY`TgpTFd#p&jJo4GJLA=wvEIQyiuM6$cS1cq)NRan}_0XOO_E;vhQ1
zjY4qqrc#KS;=x3^xVDxC-W%tw?(K#ndZWp71_;Q6LRa4n)D-t%FnrY^5IWw2=;KCL
z@FC-AR63Q!P{31tAXE~Gj3+|iP&gFgL-s}Q=71qG+z4(AH}St_3nCLV#m}mda0H^F
znlc#X21kGqcoj9UDv>|}tHG5JZcvh<(m%@z1GLrmFD?AnUQs3%=3U*v4zN2t{&ni#
zV_ATM#~%s*xqKr)(z|m0@3|vP%*?yx?&_;uz4dqQ3eOCdWpIf3*YU4u{-2H^d7%Bf
z<^OVj&HKOdvjGvRe?<QC*!s8I|C`)*%ikT#f9HO+``7WWY0yA#<AC|(&Ghe;`zsH@
zKia>$PVCm<SNOj=?v543-ANC)|4RP<ESKNY|L0G6Kzr<#yX$!VbL1cAzuNul_}63{
zfL@^iI?e}>!>+dZcin;i8~rZ;2&>HI4*~qU1^!L?-&_Ct=ifyC%OI$dQrND>a>IEO
z0fhk*2l)^g9#p_<^_$Y75dif?W)O{bwTTLxq^7Eh19X})2?j>M+yF%abHjn*1Qk31
z3WE`F2o)eV8qtRuu$vp83n5w>kbl&5TK`ZVJK$_r5@>+4z^bFdqzH@&eI^~iug3&t
zf-)&H!GLox69S0Q1<t|1+|dO>5x>PE0UsO))dN0tev458&cc{>OZmHX4Finz-8GB=
zuzTEH)pl2rzZ-A6_4>u`oMrldvCnq1`(MFD0%I`>AQ~VB;5@(ufQtZ^0Ac~+0OA1>
z04@V00we)k0k{f~3~&t~1t1mRI=~HpG=Ow~41i34EP!l)n*g@}asX}v<O19Q$OE_w
zkPlD*PzX>2a1Y=<zyp9{fD(XGfHHt`fC_+0fQJB&0IC400crpq13Uq!1*ik42iUc7
z|Hu6<f&ahFzrV4!0Bg#QhC%;sLurbO|J53U12&PanVvm}5$p>XUzlIE6v&e7?!lmg
zezTwca)lybziDY0Sy|bj^sJ3AC@sLyLV%$vV3>+E6rrvN*MR&bQbP}Ag|sv>w>GoX
z(lFCCMj@?%i}ijLW(78|G1B`>?tf+mw}!*i;Y#9KXQ40>LXoJZ2FBsk@PJAs!oWCH
zyb^FqP*%dj@lZt=Aq*%~PfNp82dEDk3FHrhDk`e)o`R563W-c0QW#`6Zx9&tAMHa0
zF^Cibk)ZyoibiIpAU(iH1d-_=ytf;jP9~9w1Q1}Df_!OI1`*F75)}TDfxf@DH^`do
zLj<9Ge7&i`L?Rs|t#6Hz`Rx)4l>#RI8IE_OfQSS#Lmp85zTUy|AQF`p=tldMJDI{z
z09g|8WM48+Q_yZ|f65<)g78!dP*Vmdkj(G^F+7MM+HTK)JpJhmpoVxi24Gh!oZ``d
z{MLL8$S*NNel=`Y_P_PXpMCHj^4GJ(fUSr$z&zjW)&JZvT4!OZ1Okjmasw+X!WF>?
zB{wJ-M<A$y5jcX9DjY|E5lHyIO8-y!{;H0So}MMj%Ic32Z7k8^TD#^u9kAaKsw6z{
z;~W8uS4H5!2!tCRSS)cWU^fI_iAW?7l-%$z1)2|Cf#Rm%=0>3T{AS;~1p46V8jwHo
z1s2a=?KQX2MH?YaQ1)6HI%oqkOCxJTjFzR94v_ZGQw?(+OJG!3qbxxbHy>cU`}*U&
z$#^g^$QRgqP#Ay^Y<18!sK4w`fW9HR6KRUTL{U~!QdH4^{FVYJ_|Lqw{wZ4@D#72|
zpZ+)5;oRs%WyG$@5CRkrhayzPwd`Sf{sve-9aCjvI#k!q%QV<u-$G6<m~4izRPr)~
z)AY!JWJ(Chk4|8in)p$ma^BWn1mLxuW+Xc}#vP?gq2hgY?Uh2z5kA2Gk$K_>!44{c
zWF*o|$x7ACD$qzDMe)GdKn!s7U=$K-Z>Z~F?5XO7wt-<`ZgR!}bZ-<1O)@ZW_wh5d
zcehr8sL{}FMz;D!{sebhh5=m<Yw2n0p$|hDd3lo2NPjC8eT0cgZ~(=}&x%UKqtVLx
zB&;t(5orvSBT;p1lsxQ0%pd`F42Z2YM9$k2?S{0%L-bL$9%!8)oT32{=O1DnXyk=-
z_oEp?kos2cYIIKogk)?4Q^MH=S)k!czH}eFAH&$n$JW}|0Hur#)K`P*d8nB>xSJ>;
zsrDh>W|j=Nim`!#a*zQQg|H5ASH+l-Eg<&#%0%w~VvsUaM^p1}y9)A`abkr++5qFk
z9*wd^q5l{Wzt0A+?e7~_KsUL0`vW}%>|1yLezVv9#bs6|Hh*4XiLnB~|HUQNfKf?d
zfPYhfzZde~wI6qF#$Pj9&&bN!(n#0F8qi<nW=5ufg8h9){4wRwz;2jACxUhGe*R>@
zPzAIF__t~Jchen8LMQ<f4+>UPRRpG_B9RDIgSsKWM8J4e1T0uQiKz6~=?<t5(C-2R
zA%XGEAkzN7o%ax6vI4CEzB>3j4FLHYS^Q1VKZpld254>+A_M$y$w>{NtFNZ4rUORm
zK!I-!5Cmngjt=l8f)Wg>0)wl<^ilfo|Gng7NhA?zG&gUs5rstk`?W$(NmmB}g~Pyb
z6+LAz0*-`&brj)nFaoNKK*9CZU^=?cKZNoxRs}aNHw7O$1X%U{T(^mTEY<(rKL6bS
zF}E}_MH-pwpsfJ?{L2s8Rp&Gc(2m`2e_%jE{$Vs=tib=XBL2^c_<!z-h%(gytSD0h
zT_fvXHXEJj27L1Y_96y@19o={|JgwLPZo_TOj%qDOSHGQhnVQn4Ag?%^>xftt^7S~
ztwJ!0_SR%2Qxmear;;(8fiw(2;dJd`I6D=D4H`qkqU=@NsQwJBav;Rm%^n(L1E&Vq
z+1cwVLKHm=<ovPjUhc}iUS9gaa+bb^M&8gsTR%UFnTNkMBuFR3!_d^uRE_B1Nw;!S
zF~_-io0~XTdHCz0f&+1C6o@TBS4D~8Mzd8R!E9AwW;%orgrS`Y9pP<e1SR6gSQSe|
zupta?$JkwBj2XT(lA5oDFT+yK*dT;Rv~$;2@zB$yDeK93s4-wBo)Ds?pDo4!sS|=T
z#aNKYP%i_tyOA!=-7o~Es^{xrU`Vp3kuW9}HvU)(Q@D=`lA`GC1JhNdE4q8zdBUhc
z6hC_#0tJr`vI#=^nBmECw!U^WH#t8gB{^WzK@TA)LM^P^eGL&xR`#lfAy!0PU7~jo
z)L73DqHAVH_p_zx24U@BfjVj)ww73m62=BYH(?-b2myu$21tg7k&l|b1=bp4p=tmn
z0MgJm@<ZBq18wyuc^IjfkZdg75q?yCMvy60hl228*w_<7d_5Ql2EvveVgZGjzzG&e
zcb#C0jgGy$FU05{EULc_6fKQ^VG;c=Z%F;QHvBTG^!^M1Rt~J0rOB^F;%|3Iz-~oV
zMOg&_m`p@BV21<+OeSSTWw0_1M}$J5N_YZ-_{XaE=T-&Sf#~SzSnB{8V@*+iZp;3X
zzYT@%3+xAXcc8zSoWJeug8khnAs%iN_tXFIlgBTU>(A^Vf8+}Jk8&Wtw?oIq+7M-G
zZG_aZM(OR=;I|(^P!v2Z*caH|f`8xigLk*V;#yR4h?)V!(1vE@@2f^JBv}(xsqR5^
ziawQ2mvc}FwuKndf>0{DbYF8NFJm)n;{b}O9k6F}Cpg&Ht1>LzENo~Lsv&~{G|?AJ
zH6$Tyi6|W}9h|4H2iC_D<{m&ZhQn2fD)bPfk}=A{4XtQvug3^+K-=jfb*Y9{C@db1
z4$y^Ai6L|^loef$;&0}lLQ@U$^P(D}&1?;kib28107ErZIVEppw49%x2MTQr4>VFy
zrPx>mVc<|DES40Y>VUAv`j{a+2|B8NSWkTug1s5hi0WtI8Avel_O(`KSV2%wst%4~
ztn5XC`w~%>NNYL<<`d+pXpYq(nR(zzq+leVXQ&t(3kt*lq35OO<AziVM%s{c+{tv$
zV1|ReNsu{$;f-+9)%C%uQ9V6vEscpjrh#apF$N#VFr-op9MGN+6aOGsu(>M4UC+=*
zpBfOT;-jKt=8Z?$0qPZFjiUNm8++@Z>`l-*NP?n`t)GpmsUOq~O+et?txb)Uk@m*H
zwsv-C4{VT?my(a13eHjv*eR;o(us<?CV?h6RW#YwN=eZtNX1?iCx<gf8i(kIxY;V>
z<@AxJIE;m<A|A-WR?c53Sk*YlgkfZ>XY8*UXoCsyq3GZ&NY(_TzMnG9ji_P@3_xQ8
z6+1nQm$$ESum{=>gY*pa_t0@eAuT8-CRP@<7HSsOB#aNk-xN!7Ff+A>>LNYev8tX>
zcRxQnQ$(<zXNVQagX(6k>Z?SAlB|q9481L}J~S%_qyZfX!3H6`ef5Kk0?;TAOEsLC
zwO#-s2+1%)2AV3W*_ayzn<zPWsagA41n3x>ntIp-n<;zgt9YAwdC;jCnxY9-O<$E_
zrsGBq2_X4k0+o@T45Yq49v*^1qCJC=5L*==ggMa{;s7NZlU1#C?NtKx43St}Wm^PN
z*C9~J%ZF&D=kGu;vQU8q_#1oZd-~h>`PtABR_0Koy^WiRmkG{K$qY)AQ*}er%<R+x
zgVYF$L|YUx80Dd(3^lNZsX&QHPg@IXFGX{p{vKw!UTUf+T{r7MA2qri6=Gy#5E5ub
zQS_waL!e|uxW66L#+c}b@b(B%f_otiAYL>ze*=4Cpqfw`&Q90D#@;p%XQKCivG?A(
zk}KPm=m*iDRwlJdYE3UGl3FK4^6Ot*zl?rB-_tm|wo$;c3RqlZ#GFHlCboEzWUffW
zVEC{0aq)fWuo1kIx@4QYqp0^lDs+_P_;N<-*UAMKV&(hs)FXHfLW~1OlGI64aQfzI
zXs1mh>5w_G&h32|R0My88H&EKmpLj=pQjJsVN#z*aPLG|%~xw|1pzL=;KvKT5KeY4
zh-*qDg`y5kMu;|?ndtiwv-u(1-uiwynX||jnRde+XJQo(-W+TWi~r{9<&XJD68Wfq
z27frMc`*gZ37CX7&Vr~EXnUU3@6XNMKEqb|kD<-NZxOpsGuE;jnj0obc5e9(cW<{J
zJSZ+I&>FWc&Eo#te9&IF^u<q1e4k0Oq5Ah~`Aqo^n)gO<DB{2l40YPkMdn4invC2_
zAgb0<?)wDG_?lK$k=*KS{z^ugol%cb<;y3A;I7Acyf6UDJo1PWGRpb<s!qm{**ra}
zbJ<+!?GbGtmV_Rx!pIwuO5#b@WIY*@5qu-YA@8Y1uK_DtMQ`74)#@PDtKRv?9`nh>
zoJ^or*~Q6eQ#Y)lmBehUI5E`E0)OoRkEk<(BgOqimi(2~g%|>@z=ne8)2>|48Mc;z
z?OIcCe&G@%237Z}Y8EppzdjcW7ZJWA;4$STi%66PS?NRj;P8H{7+%bu>fwz%_M1NN
z9PRRnmTsN`QPIu1j?y5;Cwf<Qi?6Eo+=(jv6vI4wp9E+CHX0QU@FkWF*S#VaOX?LJ
zfGJDpn3E(guUIyP?}vRimjr)e5RyrlbqbsGehWRdbztDZdm0>z0aW#5rP{*zoKtk&
zWK4h~eK4*gaaKNqIxf(^i6E%t;R`M!8>D9s{e|KEYTq)&?=q$$YF@vrrf2uTv=@FC
zMCKkWeZuC_nNDGiUx_=v%ylL&CWX2E%FFHQG|G?3LxO&eYt|@Fwpo&qDy3#ZPL?At
z+3xZ=+ZT!7N1;Nc_Nw}u`f3RF0Hkb_LfZSqH%$mCYpKppdZjN8n^G-O#4LD2ByBM8
zRD@{zD)&$%toucY1Ki2adN6$;Bd;4q?+WIfWkHD7ORLoqDRIs{Uga#7YtUlnQ$a{~
zwy7<tC<i-k>9U*n+&z*l5PV<X&ia9!+cgIXNo(`PKQ|=F@cYz#6-NBJ>-x<53fk9>
zX7Tc@H@m$*FvH=$ule5NS1TIsS0qAu?B|5`pC4SmA`@=s-|Z`dVjq*i7O&W;z+IHz
zr+E<7cKLk(`>)<8zu;@Rb~f=2Y9w;JUFS&(PlNTyT3<Ox3AcGt_gOExY#N}udme4*
z&Nz}>oR$=S72}SGqZ)m)2Z2$T$~2Rn9KZcE6^Zqt;VY$C!Q2nU#=rDUzdw<hPS11S
zPme`kkEGR{H5eAAES_CI_^cEJIj6`b<YM(c9UN`4pCU(Rhsh3I?U={C&qc%W=H0o9
zCt|p6pR?H!shyu=x6ng5cuN#^pFOWp4ZT;YSjp?I=$4=*jlxg7rtf1Mg)ct;&%wQA
zV8DBDZQ!rPnZ)$Vyy8dRq^F{e_#SpSF7d6d`kC+tto<V9HbjtQ%%;CcgDi~al20P!
zeYqq{>Ly`PN><)b91uQ1#a*xe95a(WWca)}YR6u6{4qk;VOx}IAt#*B@4&2KGUp)=
znQ=#1Zu&0wi@)=fip^1=RVPa@g|Dm~<HUw?DZAj7Ef1njB(G^;oGJ6ged^@OFilP*
z812`$R{8nj2LYxD;gex~U(xpRdvz|6jVi0f+_eyl((aljpoE(W@)v)9_wqrD0UM8X
z#BVsguc1PHC$@BCi(iaWX;<*Gaz&Tb6=DZ3osoeV=~821FcxXIE-Y~$k~%B>PSgMk
zSCw}9%s9G@-$lH1c4xznnlQG^fL9H&wIhY$FwI-t_g>R4ah$skg%=0DjD&35;NAPz
zJWJnHeMvt5#pCI2!_|wkr#=$QF#FRLOZy~8I%tV6g}S|tSnzFk3)>M@l_9MD3?4qW
z)z`<hwJP^W2M-VC9CY0?^vE{`j)&*yJ_waAU7Ch;e`98l3+Q~9#YeuC+C_e9v%Su9
z{8hD~WFPv1Y^t`q^bP-vqB=X(TumsNCRM7x472ruKEu-ck`&3scDXGNaCd_bi{`7%
z!Pej<3VQPX`oGcGR4dj<1txH^eBmW`VT15H#e2J)<VSd>szt9eY;r1Xkvf8f=e5|o
z$xHRHJHm|OOf6vj9H$pNFvXme>BcNR8~R+gM}+Zu51m9`n4y>g<@C^7$YM{(<sT0(
zIcal|fuJ65eR4XFe38WW1v&})b~v9*pXze1xuAvqnONA8Y4KyZQL!=BVSRMi({k`s
zL_LNywr-m-iPraTtQJgZ$?8W)+joNMhQA$nigRM-Z><%MvwSI#tma8A^odCRU>f|1
zXfqQdRxistbF_F&UQfcm<Z{=&fpu@)WR+HBw*?CcLW6sQ(9^18XU77swZ4sFa(B*z
zbv0W+#+QXQYYHGgdTS{r4|JIZKhnZ4Tm}={{i|GXlRd8XY|Godr&2c_#XCN3hTvcZ
z53Hx=y2C3ML)LYFMT<#Z_y88G=3S|XjAU&<O2D=HJ&^6LqP!Bm3lu8Qm(anEca`D$
z{n}&n83{?fhvCCGxbDFo?)L<>n~DC8U`S7jE-WU!=4-J|(mFbsvXd0cme}&(c|~^q
zcz)xXiE?)>-NvZuT3HMCCAQG=f@k<~y8LPA6>utyf)hvJh}8bg!`0rn#TB4}eZgRN
zF;ZRQg~&bW4UCFK&zDyGuEFf%a_SrF-XYU`bdfC`mKo)i-scUY87Ezu7m~fQb4{|X
z!1g0Dy|mxs_a$13l{VGKP=Efst|EdPR40fMF1@Z&ao_eZzC-<ZlZ*oKuZoaOZrafd
z|8~YrKk$gRdm12qq(sNWfuSupp_q=r%=P|y)5Kt{cNLav|G;onqptvLBauEM_Gdq`
z9X{IeMZnTdw*l;p!`&J((Q3}8lO(S(YNMyO<4G$X#&-5K`FwYMnPFe~#R_+N{uZbE
z*=DdHsmAj%1$M#NWzZ6t?a}hLqm@$h{+vdK{bAJF{K6Tld+G>2-HZFgZEm(ldgQhd
z4Gf|BnGUGFGvMO52q`rjAR2?OWyHb6O77c6xrGifcLVEDjQcD&CiaZs1<Cm`qQe_)
z`K3bL3QDW^zFMk=KAk;eL7OCk_VlfR4j)orgnohK@nGtSgU5zw4sd9W4gUtbD*Y{|
z6+2~tHk}I_Z}$s+;|luN5bSC!*<DdkB8ZmoJF&l$kL01xlJX7w7A<v^<|oau_Zqgy
z8fiV)qlW?PtWg1}hagkf_i9`nQdmca+smZzh#zmtLC&92Kzla6-tgNT0uF(r6fb8&
zG$@Fw9y3C=Z<Ba}1V1Fgn+jO(&oup&?hYU@FhHf!hh5FhO(uWF<ZNCOmMt7Kc-Ow@
z5hUp6@}b2`&MsQw@SET#%@fDW6fe$@lw8fpn&H5xIK+NNoD2h3?of4T{L+|Pvm<CR
zoEvhpqFIdWm5;M((ct_oV#OKo+8J%~+1{CihlWN@XJcBo;417CeaTqL0Or8Y<~8rv
zNf!zeUm2b?iPrv-5KB<7qLgxUq)@XJT~4HI?Lwnd@YeT8R<H)Deoi%SK0d<hBvLo}
zkTM1H!-CeZ2K~BDpSo8Z#OrV12xp9YgSoku?W%$oF&?4G>AJSAL2W<Ik0kEJntM6-
zQTfqo<hEr3!t`XmT*a`;-kYCS(riPpXX$foLXV!R`K$HbQJm{#D)<}B0CqnddE@LI
zB5IafrDKFu9@Jp&2qjtViM;{f+7>FAeB$BB7x2X_Ju^p;t_g<tXKk$KSmm#S!Iooq
zHz`h$)c3(*i=H4y%JN*J=1&YBQu+lpncOjZaK}C|i>dGV{#4~6+p><$-k;~!KkZL*
z&>=nr*6gj{I-GfJqO%>k_H`_Sk+D;e*{H!_t5|+XDvo16I`PRQ@P{5e9&0jFxt@*P
zyo6>beYq;stTEqH=1f9@pD7*MK@>O`GT%?}+JORv9#~uA@j-)lBK6z=rHUa!e*iWO
z7dtx-4EglVc|wn}zAex4DQR?|{*md;M1*)Xk?31b&o}KyK^I>}^gAKdK&~4cEMjDg
zaRXVRQCujFSBJ>c#}d71CU*BhY|4OPds*x_<Ld0P$7IH?$KL{h1@uME0{yZ!L*8zo
zTk_C9&KY;YR2)QcdZi5j&T;!ucdw7yl}I>pM}xTR%jUo+lInek-ZDg$ds0(2l(+_N
zylxYXGcDeT9HqE(X`Wury%v5XE+y^A-t^Z=eRrg?eyIu-YIQOqlfU!A#0B&nl#^OD
zSmybBv(z_P0bVq6?2NDVA|=2RJXrW>>e!<WTgb$A8_4nb^3SHJD_>1oyf|nP?R;&H
zhkST`%fZ5AJ$kbIp0bv7@EYf}`O&+Z9g~DXQluh303nJ(*;kNV{mO;;?d?(hbuZSz
z6gt(xj+g+!cO>^E26oL^VswAtA>ogIzhdRlt8?8!LyWAp!`u5fRJc;{u}hEw-2tCG
zTu2F2ql(O2PEzj)Q5vC!vR6;7E+4GpE_n;#p#uVRlTGZdBei`%t${6(RrR8Lbmlj%
zVNhGJA){igejy37!vJ{jW{toO{uTZx>>i${N8KDUj71wBDAvDeyy>ubgZJo)m<R*^
z^r`vkO|dAv-8?{Y^L7TJxoYg9hR%H}TQTn~I4Ya&8dD5_m!IwDZSDID-6vO*I*Ebd
zOw2yrW6Q#zgKc|-<M-NMOk1nA-cHozEM_5>QrhH)e)z49Th?ooIFATube_nitTqaY
zpeBT+0Pqfk5IvuS<=5EcXZ)1H7t+-$8vQgQ3(4PHF9J9Mtf5K4epT;a1D{(d%BDvg
zLb=nh&{$C#?i<f<!Z_6!^5H%xv3$N!CtUE>G3Y6L<rN1=MV~gm0D(0o)X-1}oT^Wb
z@|dHbQm_xb(%XLK$~D((*kzSgXx45oDWWthZoITvs)>}*M{BIlgkt(PF>YW5yfoVf
zk}ZX)v4mir#$9~3f!-%Nu8ZktGyk;d0_`FdsC?onT1>ZjKey!*_+-OLl?1VG9eO9p
z3Z27ej+|RU<R0RN0!LvN4B6b<qHkGXHNyBtMJtSvU96hn4t5)4X{;SK@d79CTWjPv
zV=gk{)1Ng6>$ieQEez*K9tFoPE|smoi5#WZ?ob45<=5uDzu=@=6s_o4=jQ<AH{$vS
zUu1g9PwPu21Zh}T&rbmK`m)ndW(}%x?+x9duoG!X+U#BBu&jc%7Z0HPRRZ#6(ywkJ
zs)@I+_HdD%L&CQLls9EGD*UPDo!CS2YhypKxEQt*US3ZA2z}b%L04<WUZ`*DC}vh(
z<}rtZk7+3n5XxRNJdedNFt5ywnm3}TZv&XL<pwLqEPxM;Eh`8WX6-kT2hoFJ+$HZT
z!-5$n%-*G(<;4~x4ltLn5)o!`AVv}wr{Me&VkOSWH=!Ob53|>cc<UNFoqljKFUs1X
z6M9`f^r(w2>h{O#c}RP~@NI^5t#WD$Wfy?N&EI2VmwoVkLF!<`E+Sg-b6Lu?u_S9M
zLcnO${&9YhNk!*4REqE}6@CQqxksv@&o7)ZQ<|5eqTKNN^U+oG`Q!UDd{)0>KE0A?
zZ-4YLa^;^2^QK349aEn;MSJtwhPJ~vNbR>?$5+zhU{TFX66SLQAfQ40s;2fhP`-a{
zO6xE?x)DpTItX_~zLYfwLrUykK>QLecwa~xXv%y$?QnAK(uwf0A8drc-))w_LX=qu
z*Pmm-DTrw9&vzHMI#a>ip-hQf-Tiobimy*qY7eDJ#oDw#a%s?Mgt(2vKqVLO-QZPT
z>vEPSmjuS`hpjT%F;_JG!5ke^aQANZ4>sXHk1Y_8MRgD(X=qb{AV=!*YU3;k)z7d>
z^21N*m;QUa>jMAw8S@LpN60R|Rcha0(<NIxZA*=%MM(>>yD_joSN!WwH6*~uLTuaD
z1<30?cks)4Lq<q-EN9ALqonz1drq!8<!HL+f=ABRXBowMPpVoU98kW7$-NY_!@f#U
zp4VuiM=_EH+@fIUNRF9$HHk`t9hK4=2>l&jF(U$Y>9=Q-ubQ2%uP5^a1?|pTU0p2D
zF@2bofajDzM|$S*WOsssSQ$JPRY&-n_+@SbBa_Y*0W?CzA!HOx`X1qkYqh1_-6?;(
zzvNu~Uj8nOus{sqQIdOwIkLR;-coFDqLddF6^r%|%S(ByeUBT=`CW4yFAd{=7WW#Z
zW=a>ns!dC>ZJenDxg%#xxu-!0Qoi)*<>7~;ygtrHFm_G&BvW=YCBMpQIk`LKm_eui
zteT0f*w*kbB^dNdydOU@zAo78AM%Qkn_G<W0fF#Y&;1PAO0C|%&sreeQ2Tsm6|&0M
zOO~r{KI|x0`jCBCA^4x^Gfb*7^~ZvQOaS>wPn7k|`)tl+7NAkJT_9b2!KTZ10E?&g
z{(x8P@d#Y6Kjc+X@a5d!<$HmXGFmLGC;{#}$eN;zqB_t|7=;YkE8K8*HQ_2W4p9o9
zsVhO~y=@%HnA?bI?{ziHQ~^Fg)a~4#i&tM|*em{3w-|x0BHrvryn>f>Jv`&}c*A%3
zd+r}rH7H?2cGn}$EUMb=$9(bp$*Wv3;bR5oNNoLrO<F29Wrw7Eitm|1%i|*uwy8ka
zih6qaR42R*^lG<6bVFG6*e!T1ifwbTN`l{+!BBUhIT`Z`J-4#YO~e2JWc9zY&E9-}
zxjgt$cTB_!b+|{HCH#~gdD0Ow#ej9fT340e<(yviSe;PVSK>v1-B@GNd(xw_IOJS5
zf-$GRUzHST`UZ$UI48N~ybe7ATQm5`y4wT0;X5&~L-pRD(#5r{#tVLINZtCKFZw;Q
zfP!gj{0TLy0>6v9dCzh4LAznR)9bZ~uf`^SpEoMssw)L!90B4f5`XY^_rGQNkeyMa
ze88jRJfc#ge=X?b`2jT?{B&D^GzVJ(za1cZJ5(fRC@ddOSf}mNxASt|n>oh;AXsVy
zj5eP5vZs^#=(}*Q_bCZkeksMYt4U0lK0RAvOy6ETkI?`lx&_#e(kn@{F|ubOXwg2g
zulzZmd7OAU1T&*9z5mD`!HS5Hxm3s@4#P>FVGxPop<1;tAC*3UcVnr5BopAIF_Zf6
ztVfY$_-Ep44}9bw`~|*p>2;LPggAYM1DsC8_78he>r^Z0h#pv!>)R@(qW<^HFU*Tn
zWbb1ivXBsbH|`u7cZ<!A6Z6tlnMat$ggf|M;rGDRHd>Z}cRi9upl!o<h<;xH8Vy)o
z8$&+%j#4zd5i=PQSanw-zU%H-93(`4E-lXm=Fq52E?<Vqj^at#{<SWDn%@92_u9dH
z2rtjC;JD6NU?q{T9yY?W1-xsBJKdsASFI~1w1%sR&ctq8Ba@{bBeGtJacBPp9B#hp
zpMrxE<7W&<qQG27%(q0@FD99|5Xiw^Zk7mu$y&R!8N8-G-0bKer<uxpY&0G0qscBT
z{e%)Ew6n*qs!xLF7C{w?tvt^n8!58rpFFKYh<oIO04%<(3j6T|6zpzPGR3|wc~*zH
zZR8RNy~5bT-(@1y!8I76O8ilO!Tx475iDK^J9im5GLU5kUVMNUQ&&Lbv~0>BlMm+C
zDizMJ!3y7#^r%U~`F+ziR}BCX6S?>sK(Ps=>wrz6Y^VPtenjaH8eE^ZHi_Qn_b`Aw
zQ2@{PCZuoh+Hxgv>>%P#VqW_;aY*o)H1B<490e0Td~zp#)MZ3Z=6YS4_%W%(Uc`8?
z7{b~1`n=mo#ps3s1ar#z7rj4Z##mp9py>(T#YO_0Uy<-E^H}#sG?5fem$6;X{6nj$
zfYKYpeAMF8JX4cC=)(fd{2h3@(LOy`7b*|&{pN+fwq~>Ra78(Tf}M%a14-!D+}2=n
zbVY63(Hiprx52#z9&DCa{UJ~^ldDM(WEe{$;*aO=rSE27MWZjT0AsD{7nK$yA0z1r
zU_r$WhG6~qG_>WG+7%-J=y-gCIat9)T(qul+~e7e&*d0~b^1=tDmg7L3Z4;gd5L0+
z4VRxEdQRoO+PZpliIuFfopuZA$5S;xUbxIU5MN3sR*qw(dsr7-<gypo5F79TL9PDY
zt}%J`!Iqax^*ZL7Wzc-W%~@~s#ExJYC<WG+?QxGzs^F<fXLuaSjtu@5a@)p0h5R*L
z!(VoygU5^m$oUhCnY8BwcZ9N_(r+H_lBfr&CQVCV0JXMRoWO36e-sjx@hO&;$^LZz
zukouTXp(n>lvQzcXQ{`otZ2`y<s6Cj-w{2B$jn&i6ibW4qWO8tdsJad%cF;hqcUb@
z0}5M;r5*{%S7^kC&G*IAULw9Spf6?S9~`g%yA%8;jet8V@-nqt(8AyyAza)~{m1zQ
zH|ny`5J~qfVFb{i872=j7{{<}ywjX}2=Js!w(Dc|F4$1B8wm4;ST6l$Q+I-=5_Y~!
z{*8j8<x#i5iJqB&{Fhz^*(WKD28m*_qm=K@I_JrW9G;!q!jj>abM;357Hn&)ebhX@
zJK*+7D^%dNT>}Z|e)kx!v^ssc*c*tYzD<WZJGc2ckXVI@iG~G*<^h`&F~69!Wu7FB
z5R^(29cx@VU!#O|@=q`)p_f9g7{Dn-&TD%o8Wpk0`aORHqK>7~`T*`hg-h^1@RVY1
zm)BJH*;2XX(xo`>?!&whzl8@JKq6Y{Abp#;a)qT{9BnS3@IFi_Y)!5RK#m4`L86O$
z+&n3KhRHbM&oYva)nV?j4mkIt8b1QiYc07|<<^U=LV0oAI;}#JqhFk0LKBk}!8-sH
zETpxR6%>%&S091v(}!C8`H8#sBCz}(8ufC(+noxKk8>k%+YIa_vc;x>&#lNA!D%}w
zn2GZS%zy`IkuN_KFJ8h{8&V=52qyWFatJ6en6$2$v-#1mHfXWbk9=k|gd)BUh(25>
zWi5!Tfav9q=RcVxi)xdcw1jU9nc>Z8^THt~j{kCi7o&5IA{6iGhh{<VWY6?H^uQCu
zM{!94duVmq1eef(0U%Kez_I8`S4xISpZ1&>dP!x~uUFRqtJ<m_5YBeLvH{A8G*{V$
zW%^HI{Rw}h{>a~C%Eufy2KWWJw3(&$jE(pm`UWPf>9-0>aV7yz&B*)mx`7`2OH~F%
zhl+dbZw>xE@!1ac47(y9Y2K*NPak0SgJ+%eqDnNN!}G&;@p9k9s|lrV9+4iKib$h9
zgnR?BIg*y%rL1i34B7?Vyzy-OWsS+X{;o)I44|lNZNLFna%wAmLpr#UlhKvd=SU<`
z*3|ip5f|w+J_RT6MfqKano|6y{a;2)_(sEfvU(9viq*zd=C!@kBLapbVsW!{G`}K{
zY2<Y9C;T7ZUm4ZY;4jqm81?or6v~>(yk|i<P0L%MK?bTWh4@C`;;MD2p>QBT<ukLr
z3wooH8EX`yDgrAH;LjT;KeJXl+L!~fg(y)|PjWb?0U9_~(^~8>90-ENHKH;?uZf7e
z%;90(^$V^^1EAbwn@00DTaA%Lz56}TPI(fG02GYMU@!a6%}@9tYsEWxZ%QE<!#?l9
z4n1>YtVtv8H~^?*??;jbl#gd>rk@99eBR^o`^W*74=v<jzMl)xdmUOjoC{aD_A1Ew
zN8*PIP=Sz^{B!Q1wxvwyGc=-~CpdGp!2!>b%*U<;URpP)75Yg5W)h05sBS*w;`0SS
z;oPb;&@Lj@)HvAapZ1;zBK8qbDO9_Sy4bl|#LS%1F|IRH;=qqU2x>`@@FA`A9jSO&
z<q%rx=uY+Dxd$Q=>d*M||G9oT1R`~1_<gqqi6=a?eg<LTTsBvJ0QB+@ww#|5nP-bZ
z1u<E>xi^r4-rbN`Szw|S(tyxJM+P#!pu!&?V8O?DAzp_?C2svNwxcHN70~bflm7l5
z{7_yu6Gqc172t!1_!Q~a(St&PqazfxRMB+1E(VOf<4*s``xhO1)a*l=HGikC|8zZF
zp22jXM48{)q*XRIOos-p#}E3q^LLgouRzz=wcsBATtM8>&Ui@vJ^1M#`MY&Slzsr_
z`H@xQgWj)np;hwl!M`2_@F-w~Boti=Ds>F%wU3=zhl8NFR(qjc<6=30dh#{&^I4rA
zIY0Wm8w<DbBR1dbk3u4`0y5TQLryNPtGG1)MfYF5KlyqAobh=qufNa5<f+ccAGy3=
zlT!{y7(7+8*)fU^!*|>ngvM?#l@*3ey*5EYVoi(xqWi~mT_T!3)(%rF;R$CkZo8^|
zm2V{RU+O`JCC1KJ?p^yoH@_=MA-+~w55KL#c|1u9LJxR~Z+&vB=3#_;{odp|?)kKw
zvN43|FR;a)Uw0ME1p;ae0c}FND3r3NEJ)NPyQ6$KvCF&0BDH26BY;nyqXL|hrqAhd
zB1T<6moJswy4zqQb_B?401&V>?f?O4&&FBNOx;++0V^#+{5;*vG{Hshkbt^JB7Q}e
zI&v3vtwmRLdr<#O{3iQ`8e;YqzIjWo);^(q4{f12vIq`{*^*@Uwwg6?j{1A%7f315
z<1N*Ff3VeMjQ%I-CR!Pcd@O`ad%wLZ5x?S;Wk3d6DKh$X@b=RTX;u}VP;i&OoWF`X
zFEdmc`s9#syf_^nle_Bv9{dEbcO%d*uFLug0p5l&vuz;<gkJJUx0?@7U9&Pekg6zO
z*lj$V=s7$&zSwjD&n`%2{b#;ECI!SdzahMu*}Y#QlMaoY3>8`JyR$2wc6(!SH6%Iq
zk+a6zKR58D2_b)`gctx>0(GhBdp^%+qV|Y8pAb4H+W1H6A1%7^Rb{}|d*X#9H(nC$
z?8FUUDrEK~lx<?80yX?ppaHqz@A_@33Iwq5?O-2bnrb#LTS1wfEp&^MtQv~PGYdkZ
z>xa2i`T_Pv1WxmB-S1!r`|sxe{)k^4ujM-)PW4F<5h;U741{bruTeR5Rx_goxRJ)r
z<#c~~VWOfkFf7%ft1$V90+ep8@=n<qOUQ)JnzEN{oP-24_y0)!R~{hPk|}9FlN+!#
zOCoqz$V_T}61uiL^g{ywLExA}H|#V5TBQZ@8FT<{BZb616heEk({#YO=fA3#!Gr&0
zN{R;WFevGEg5IPP-y0~`4hKYv<dl*3D{=jfW#@==uNY=*freWe5u9Qq1#rc1#R}T1
z|AmAf#HyJ9k)<<sq=#FQu~uKmH`)<a_8$<m8?Y_<K-w#rJ5@0}GhQ!cQy5nV%D(JZ
zU1gcq_v@$;D?epL_%naDn-u&;A_%tIccFd*&FXt^RXj^#I{wwZ4%K?xPrTy-&7@8~
z>>luqd|<ZxPB~DTmTpPC7&$^UrYBPm_{6VD`M$~0arKH)e<&}$yF`hVFIN1hxBL-o
zg%{n=`T|Da=7j}eL44n<0`SuU)yczkSqJ37A!=+VrUc^1U|)dg&fzg2$7)qU%*8df
z`1$?)wLgQ`Y{e0>E}LH{bn42XuQ;tRg4j<}+MJp-K#oa-M%ZhgabvS}4aA?p6~t(K
zHV*3VEBd4U@QmBfIH1(IkqIRSjA!u~SU*AX%m-1H^isNt@!Zq5g)K_7dKrSrXoX%6
z<{pdX_SGH2^%LV(^P=%%+L0TZUFNP^azef=8?u+x-7}dyoU{Xk#^y_e4(Ev(1Btf+
z7bve)b>N-vZWrVZ0HYh_RU}4RzOca1tD&+2IchSi)!xeg$lv_0=s%#Pv0XC4AuIzV
z*qkknL-HTV6;R+2k0UlDP^E^us(*`r#Q#m5o;aiWj5#Lyk2J<wR@4vwiW_a$S_yn$
z(btW?T;%md5TZUa{?MubSK`{+6)i`AR5q}JDD@DiZBGX%_PAe7{_B7E*Z=UZ|KVT%
z!@vHAfBg^t`XB!FKm6-|_}BmNpY-4T>woyy|M0K>;s3IK^I!kNzy61R{SW`Q{WJgi
zAO7_}{9n)S_}BmNum9m+|HHrjhyMcq1B(Nx${CS;)AH`DGIK~^yj}&qikwtwfW*~H
z4@^qNhdp3GzFKfm`N|Uy<MPKyvhu;Wz3bum)OoXo`l))Am7Nst*`CX!^_#qg2nQp)
zU-QTO0{j0wf9kwz7Nm=+d}P5eiecq>lwXv`L6&%wgxxOyJ|PDb6%cQ<vlo>&m&nxK
zlIfGDqNl+?R(e#O)FkdB!y3&uHgRuz+pdoK0}F(uPs#H8DDKbnBuogLjPp)PqB-@Y
z)XzTaQ~$*LhWh(CA!A($)LEH&sUz~`y)e1U6~rDSpcDl;(LbTuT}S(i@=un}h)2wa
zfu)1g%tJz+gdpJO>zSGEggtmAPUS^_<}&mz(l61_a~(7evNHu;Et1_W6*9&j(2#Li
zwT`hTC`6N05N%Kre@}izqhslM)@b;%G+Rfe-`miw8o%DVv$c*2-;FuKz{9DfG4=Q8
zuiu_lzG)2!NNj;i1JOaw|FjEHK-nPPaFjjfe<B6*0&AeZCx76hfyRcxCU_95n2TO*
z1ADMe{pI=%>TlOS{-5W+cqw*&#l^E_iq>HeZo5h1@AbFqXPd|(@(ez<<M^?AF0{hp
zTYry#Y(k1{HctQM)s`J1$~a#?ygV*)k#{HY@5%|z2c!um0inB^_)U@!Da;#$5u`K7
zo)U_JpBn`BeNes=(ODyB@mG}pfAn|!(Z4}{f3!61AF5y`j?*6Ma}T$*IKSaVw67Vp
z9)j{nMiacwSqG!D-u6rEvJ(`VemFQx%KAmV3gHdz%mfGF^S`}a^5H%&4Khs6?pjzT
zFIl!$0a2oBmxA|96QFu2ef3H{!yS>~F**B!@6#yFt(neN_NUH8P=tWaoTS^jk%1V4
zg+Ou8YcglN5uE<SvSYr!iiCCkp82J<kKb2@(8=bzBaipg5P<IS!A5D(k<_gO;|FC<
z1Kn<csbRsdXZ(=9>Fln*Q&%Bo15NF_>~+7{M~Q9#`3_AiHj7pT>^(wJp=dAikkL3z
z6{b8)J0Qa2L}A7T<q#k@MgC*{*dOyF@H~B8Mk|$vWP)7Wcv!et&9H26Kp7N@(sXFl
zo$&!;diR?~;-vCZW_O?Z=ZQ1apXf6csWpJ?z~I-z^yS(;d+|C>BQ6Kxk_;i?)szAv
z>bdW(vri+Lp@>lb)QSz_+oQJ)B>S@7w6YTh!H*mJjFam)nVH)*Ck+$t6itb)!e?ze
z{*n1NMw~~2CF){HA#c!NB^|;Gbp9QwszLxOxRBnd@m$}>;{i1zYTL0ObxLB-U3Giz
z4e!d|^Zuy5S}fWj%;ZS1sv3SkOk?|bD+3D&jjkGWHq^%rg3LpZ{L<x`_PJiRlOSKo
zQ<>IYl?_+45;WzkIB$By7v%8gd;VXpe@>s(y8<H$1f>zBBfr~NBCCiVsNV%$8R(<f
zvW$w#Gh?7r2%<Cu3FB-jfQp0xE9U40BO%Z-_aN_uyXX{Z*P$Aa_gSP3=9xevEZu60
zp#FW_N1z9dZl%Rt5UdM<Kxnl<+;yRFQUlrW%=<Cq{@NJAGC(1Z`+FApQhzzOzxVv+
z#+czJo#s&#RA?TQ=%NP`rpEtk{OT9}-X7U~Z#RE)HHuD!+Sl8IVKLR(zix$?dC-g;
zHJ}3cVL<6oal6o`nTBu9pAS6^e^36D0vb<tF?h68PWMid$v1;2{)<H*E|{HH8v8t?
zRJ`!oZgEqQPFU_*n3(EoghVS{$6z)-NKFC;nSSBEh@LQQ|G?g4je04^FN)~VL}7f^
zlDTM{aKf`y$I{GQitJh&7v}Hr&zhWPQ=lS_u@Ud(y5om$6ALl*Tuq<fFi}iSUOKj$
zQ7?^uJpT)Hg6KvC1(v1iY%_4+o_D#uHZQb5Z){VYKEuCx@~zF@KQX@^#T-ShG}ulw
z@&LD_gS}*84`gZw9dY65N8B1QkdEi{@xPKElZiy5ADGS<(%`tDea2OLHG7M*rpln)
z@c~V6Y^Zfu(8zzp|0QVOk`FrRd<J^vc7c8GZ~n6^qx(_GYJ0;s)qLA^v2M|<BP)7G
z_=u7GTXJQr;%BM<IKMdNw3_Bg->%`F;2zLEHM0(AF|+L#TC$Xdv18oQn;1D~Z4eqt
z@SvQ+<rBi)&;MM0*rPw<M@elN)bCwqQGh~0C9gDH^}Cal?9w+xh%ROxB*JP<B*Ayy
zf-vT}^-W5c2>$j~_HNZoy5HX`kg8V@y%bvcN9NahPzG22yZb7Ot!x)=?yojb5xqJ%
z4wpC^Bpk9Qmip;({5|-ex0#M*I(&bMKQ4Vm98>s{%nHd?bJop?AR*Jq*-;ve{O>vc
zkRfU7U47$TWQN$azBObeiN6QG`E!3q7=fmw+LD`!aOA>oGygW-<L}9zcqKI4uIph1
z)TtS%T=|I4wm~!&c?YF_#x0;kzV;g&Q~#d*TR<V0Sl6u!q3s6>ca#1romq;24qFJG
zFu2~@ODM^KN#?(&zXNtc=BPmI?QS*_$a_vfGt2#@{2H`<2=A9T;HTgNb8vRA%U_Ov
zejk<oeX{R>c6AHd<coV^+w5<@e^&lJ8sq}~FU>Hlz9*17)WbF^-F?sce&u0IdbUKC
z$Ijo=|01qy8rt?c&R?$`p8Qu6xDWs3{Yih+->==TOBLRS2$4SuQ^ucJ&x*fie)%*1
zR0j&{4jDHnJ=CvZk0QuCHEqeK+hQyp@ya3o=e^mRSpS~<HI1STB%$MiP;B!1zU%qr
zC6rPJWeqxN6TIrL_;otO#@zqN{EPf<UQj(mA+i{3sdWxSe&ON^>b2a1#O;p@dD91{
zKsVGayE;<(m6+xCbs3;`Z%qAOlU)-qQ+fP+c!`Vk>!*V@>VM?>Gx-+abWc`w$5W`B
z=H<wscHR`0A4bY-cm0;H>5H=rwrkB_2g0Q-<dg7W0m@I$k=!b^gL?1fzcB$HQX}f<
za^}_2(X-y2okWuy(UhtOJ)h5id;iHF{Tule8<<=54vr*fys128B1#PME@N(7nW03~
zsYNtB?g*Bs9Lkfv`j)<`s9s{{i`7zzFvI8xpe4I@8T0aJCx$KPzdZk*QYv-(j49t@
zboCyY1@;K`$K11&tr!U+;xkX3%1%~4n9DF{WnbM0L3IY3^Ml^syVWAkVPXQ5p;B7k
z+4TZ(MfmsdFXZmpIPFldZ;mlKhc+$1?k{$$fS2gs_AWtFgwaJhdKvYcgWg|ee)hoz
zlF{P2uvg`e*>9brL3;w>1}XPG!FlgOn4UnQ3NkDBA?oMJLZlG-q(RAJNQOK!rA0EH
zi$G01{}c1WxzCR^=!x~*aQ5G`H-RXwPF2?z9G+$B{ibbiw<`1YOR!+g+!j#p@)<zc
ztgIMRv>Q_xxhD2`Z}(;!I2_+_b*1p%)4%s;{kDTzGfmO7I3%>4XWcwHSMwjtj~)eP
zJlnRd_Q#n?h1lR5^toNR?UTD%SwJJ;76i(5DPX?;g#Z7sKa_YApj=Q>{)Yp|ul7SZ
z?`G>Im~F1S8>v3&$4-hVki*2Q4>Jt4pxIXycC$m;oJmaE+X)_)4Z4<1K2-;J=3zdl
z3-nnK!Xa1{7c!m1MUeD*{pb3-%wKWg_Xz5(Nn?NEs?){%h_`}=%rxYQQ`pw<fg4<!
zNx#46{5=)vq=YC6{C-1`)`aO1XOYkN!TWKhy)^(ynbz|Xi2nZD@r(B(K7n{;uZyV_
z0d*Z!TJDcKPy{CyE=PifQ4ADC>FxLz>Cg3um|r~hMWR5qc4KTU<EZq%JU@SsQ^}b{
zFHH{dPNaDZ_dt66<@kBpquHboFreLBqkNmGG?#4ix6co;CHM2^B-xWNh@G3N>?2cu
z5&rq0&TASPBNsJKi#J89&pogD*?<gpY%j8;uO5`kV#OQObo?#-Eq~5GFK&pLuskbM
zLhHr~H#0aL|MvUGsEd3qP2RYPEPMC8d*sgI{N?_^KjxpGpcFfTY`-gXE<+iQ{$ykl
z|2_J-Kle|}%#87Mcplu9Pa<D3ln^I>(fsnq{IFEI&k%Hp>fYik#-LlJW#~jYxv@d{
zYgh?@0x$abEGpw~_iupCN6?n(s}YMYrrgpGWWZ+jm-kP2p-`&fRAVtyn8K*VBrv%M
zd?-3QJEA*&d7Ru9X8Uo_f8_h4Bb~n?8|)$ac1<1OKetZ`9k&+W!~3L+xq_bNn&RI<
z(@N`7N%m8!=oP82so%)sjW-0mNIo)t>n|A#Lki(<&clOWoJod={&?|vcy(uU2LEsO
zk3sQA%&WtONSNjb&rA+nzG6mhzrDJMEGx6odS6v%@xwICL#?l;o|HUEd<7wzA?NSm
zU+iWAm8j&%rQZV|m(%zll~bJNn^)f7BS+gY^hi9tJ)G?w=Y@B>MxN)ad>+GOi@Zo%
zISgR=0A=1)tAmng<5R2hU*vzuCGiVA(1~>V@O{hTah-@c^lE>3HnU<AXg~00)GrHR
zHWX5qV8f*Kpi}(BG%cVJU&dlx<;*vcYmeeIJUA(yxP?J(d$Qw%%c9KCpOTlI36pTQ
z{3@kM*{$rA*!8UH`ya`ls?6yhBpimaA&sk)!M>>7H`T)E3y-B@p=fQz$1pd!?(-83
z>Ww`K3Cg~CuRVrbSWr0>tqEI!QK<dG=>EZX#rcc+zy7Gd?AYLKLkDz`z#uweDW!Le
zR{iJl3zquSH)5Wr&3q`^I}Dg9PKr^U{>VkO^K-pdZOhd#LHHy7KhEz?i;06yL)M$)
zi+W(3qP;tRFhch`uYHwKTU%c##*9}@M%!(Ea4Y~VFN7pyp@ot-<+)BIwo0Rem%`yd
z&Boyn19#1>6xC}-IZqGm5~qCPa7w*R^b3hD?BDbY0yGwNh5fu}J)ijN$0Jf=3Mn1`
z(Lep4>%X(pg1raBv?1WmBeIrnjfRl?^+Ys#=<LqpBqC&fYxV_lL6RCjL!J8SS$=?<
z0nYVc_($IV@jD2AUT`9h!D^G%5A9@!R|ZqSAZ9d%#~(ud!I4sN;lCU|eOEtToz(cT
zo#P<G_7mS2RQ&DuX@KG_yqoGfRQ9F}=&#D4KK%FSM^7M{F+UIW1<s!nI4hNnFTgqI
zWI&jm{W9;O$yKdq8Yb7b{`E9J4?f%FW~JY;G@{l2?f%_A@|UPxrj9rt;oCsIrDW^=
zqs^7f6KN77aHT^^)C}a!y1MZ9=>I<MYhMVMnMjoj-*mxIO`8f!=l28qZTWx@&FIs)
znMoAJ-;<w(tiIT;@gk9`5!{(jfds;HoDrUw;ew$&C#QKt=aiG?|DOKqKkBa+4339J
zNpXALK6w1oEs7srf6x8X4kPMz?$5=muQKcv4<s@e0n^^aZ)r)@0NPozRr*3&^tbyj
zi!6LDkgs8cXYW)$|JlvUa{luC!rEY(;|E_GRo26z%-!#*wZr`d)01(ZR)Aq9kTs3J
zc;YY0|NNu><#AVI;97!crblI*HB46vwf}Sb@Bi!m#gF$p>Xm&-z`Kq`$-FY>t3;W(
zGyN7BOM<c;y>YJc9FPB8{~|o%uidY1czJ#W$92vED~a@<)9*RWROVx&>H6zTc46r!
zlpvuJbjf?vUUJRy^WT+5n$VDWrnJ9rP{VWPUkP$PPw5Ro`}e#*;b)j{!=gmttH3m3
zw?Cd@#YN2IwBqu{Y{F`-=LZB!u}x-!hlest%ys<9LljT|3xjKd=x4=$n_spI=JE6h
zeU1K+`D1_1j{;XYb};lDd$RS~z4%2?hya=M+S-tmkgSDyv*XE6;Y8dehe)Q+KOD0_
zhb^nt;}R$5`nw{<F`8G>+TpZUa%wAmLpr#UlhKvd=SU<#nO^5NMqH%R_!OML7v*;y
zYDzIw970CHqz^LG#I@Se?(UTT$M}`$WS$c)<ubq%+d0Dt^t~qpn>jE`9~FdD86ajJ
zaZ=cw_=IDIMC~MCIkbN65x0*d&7f+T$W)OU8c#r))Cc>8<Ui8?0f0{B>|Vw9b-Qh%
zc((ElzJt}Wj%TpUF<w=qHxzn>5?)@2sX6I40vR26<s4e_1a4|swB*!}VtUc$)Aq*#
zIdI*p(%Rk%tDTJIm)th){aX-|2`HRUgC2mRRxcr}qzlY{P=C(8b?BWWD|8N@IdX0Z
zk^BE-|JidbSd;9PwI&A(f(Jj6&A&?RdC3jJC+ToO8EA!0=y&(${$^fi!bt|!z+^9l
z@bwd^s5zIvhrdSz+Nc~@hrCNx4xF>+bmYJ%tG<P@mN!<bhSJ-|SmB=kmHgX}gAduW
zy(UZ`Zg%j0;^x=gpYZ#n7111Sky09<hsu3@+%hBnBmU3Rg`QVW1_eSv4+gVqoe@co
zQfqJKLY0jIRu<;UTQuV8;9JVu*n5#4ZU7zvo%C&@MUbEeM?%1OEIyAc;F%qY5-fbP
zkg-Rqu1r|s^5yt=`6=m=RAMB7yu~scc}7jT0asRWRU@LGW5PK^_K=F%&*B7jd;Fu2
zsEkh_NMW)+-TzAe`JeOuk~T^<Xt`+pbo@Dwy8o}e_v&$8&9XG-rzFl?5?M5&1u_pn
zBYN-2J9_U$BmVkfO%2-B*FZHeRn?vG#Z^EN5=Dx7&E9LRM~4!m?bzI#%f~sTy-F*U
zD?-Ca_~+!;{j&d7|M2{0Jj6b5DT3yu?hdEcx&{M=NfMqbI4&&9nD|6WJ|y`56aAe0
z69C*ub$?u}c-7c1o_LG)?tjQrkTfo0^CQK@k+JUwjZ#Sei2gyA3zv546euG$%R?8c
zaxpe?@<CZq-PhWuj+)El&@^tOlfug3XnTQV<jPMTu<i)_56T}4I!6rlul@$|rF=Ob
z_A%IF1l@Z;+vJN}dnH{48}ibp^5^7_y}n!}%<fLxY9pLb#4Xau7C$Gy<Jb9P$0uXr
z9bKRUL($}5qZVY=5|X?ekZBzz)_f+p@!^|{$<OKEeW6#$u*8^Q6o&~pSS}~Ez5{(r
zE!=bKV*i$)B;yxNHa}<nA&q6OEfimp1{Rc1KNPOb)ya1Y0V#=vShph;&Z%0wHvT#O
zyI<<p)6Gcil!KuyY$1Zg1`mb+_J{k2P~oIHOHXKqbsJ|0u4*at{Cro5U^yKD&0rZ1
zc=O^x7yUWwmv-G&yZpp=6%hlx3T*Y^%Z-|A#mR-YST)-*xM;a~qW;7Cze}jsP88KH
z{D#O%o&}4E`2MH&e;Hz6F7TrQn=W&xj(k&j-H;!yAGo0Ur8sJ}81a7C7cAcNfR0E#
zmt{3MPjd^2BXx^jBhP<c6Y^z6lD%7)Qth`5O6^krL*_SYc$dAuy?54=b*Tdx^|cZ9
z1y*dExd~;nCP+~9VTzRIdUkNY3vbU1t<S|``Ka&?Nbzcu%qHEQnt_<pGKX{ibM*UJ
zuMJ%h5t%0-m89qKi@_v?q(1#VwcCUrhax-dKsgWRh9FP!QT=-6h{jkNoGA%lSb4d&
ztTcCLY2U(rsH3$CtN)Pv80JVgf`-VizyzvvF-36bOxJ+9S-o-Yi|}3b&?+jc!AT3h
zDCu0Xh@L@lb$UapHFb6+ZzXp+M`FcNbJho?Sp%W?j+@Z-8(^1p|2p1>Yg>FgQ^4D;
z@B1kfF}ypm@>2dF{tW$g_w9-g?(_Jy-tu@x{hf2{qs`UGIR*{^$k=@4_?VG@xqb-s
zhp2|y_%em|jpGjii6Fz|=jiY9_Nv3iy!)?_R>E;p%~h!Ht5~HE#;Z_oDSc@+IRX&F
zzl(py0v<{1rzsy;kP8_l(=ix>1QpIQm-oiBi|b6Em8cH2(_hyAPmqr9`#V{U);@fp
zVP!)@Yh30KGF+p9rmu%A<3YX)cdIGquW%Xc-Dx{uaGM&Di)-T_6doafKN{EW()ra?
z<hV0f=~jK()mqZzbYd4f2>mj@={LV&T+6O`A|kF;n*x_T?h0DV&E`~NJm^y1*lT&l
zDmG3}AsaU_3{cG>CY=k2%dV!u??Fh`U)P@7IR@8Ce2*x>83*$01CDzdMuzadTr9tn
zhc;oG(&?ZLQQsLP!mEDnpuizm`p$Uo1%hE3BLIfHJh5m%#?Kv7ejvRW@Yck74Sva=
z{LODLv1ovwJn@k<1%xe`@CtwP8*U(wKT)vCAa{ML@$^amH@~6&x)3Olo&<ZWYZlLt
zn(x2)4Zryf=z<mTMpzmC=-jGs{{H4S%<f`B^yxeAxZX+ZO>Nn4e#5_+U;CTi@T>Xf
zH^0HdTZ-0r?{UGThw*rW#7CX^o8Lg2>B?69X(PsRqKPd1(m(W@-|#Db_-}p#KH)O^
z5e?$a8_E&A0c-fpZ}`n`u;*+|(43zsn9G`-%TFN@yY8is$7e}juUt{MQn!Bd8$h~6
zr|XRyDjANn=OL47#UXpz`qCbCZ`ajs#d`~wzxfRh&$?;f?t~s!kukQLR3E0#ROXE=
z#^VVW1Qufk+(du#8!BoKF7Yt|fgp?^`LX98n0Zad>4#qXbsv$VS#u1Uz^yThj5hn4
zl)N<uI|Mm$```QqKMd76xSS3f03x*k3jj!eD_)FpK2UVE@g3|nTtq~A!C(vh_p{be
zFupwftDyRej;F$Lv-Jxg^HJu|H0dP#o8N$BIWERMFA2iHi9K<9zDHu6K=)T$p_V|r
z09;^VaY0eJGn73XQUel=ttuuS&;Bv_4GGx2Ko<O(FlM+}Keh@spB5_X;u1nW^@XRx
zLdcUoP)Iz1nltgc-PfQ-@>HS#NaFItH@@oY4*E9@xUp^t9d{F@E%I7p88VMq_yVwP
zZ>sP#Vsl=sIN$@d2fke^a8cI3%aCH0Kx3xY@%B`xtrpn-N=ocu->I5e50~}6jvADx
zHm!pHIlw6%Z?5<FRzf^wfeEmyZKw8vNFuSDE@5;oKYq)e;M$V#!G8GV^;Fu&2@pns
z+${jMcq7xx`kg2&u61`(-sLdeovB+0AI2CX1x&EXgLPaq^0jtQ9CFruOV@*r)4g+E
zzI_h1lJi;LqJ~Q~0Dt!n7o#pUck8|KXGM+Y$A0ocaNuENiHn7}G9ver;4-w}%1}q%
zHgAo98wkBk!QudZLMKm+Sxsa*bAjQP{=KaC;V<fM-fYCjjzDE+9tWR_pVQgc0c6qM
z+jDFy5R>QU?%%lnso-C%pA`(aY&nA|;F0ZDPm5yJARPZW`Zsv!V6F2AO8Xv;{FUWs
zzI$Dj-=;SJF_cFG@g?ZgKZN<`_^0)F)?Jx5Kv!F#CTpBP$uM_65uOrDlMBg3_H)U@
zJrerq`FjWTBxsM7@HD1&#D5fB3m0*}?%&4+u&RvrbaLOH$9?|z<59mt6G!a8EI#^>
zc__JQo%@5p9AesX9l)zARf62C7^ZjHDfUI>aRqx>tVm<VKaDA9aeiw1<n<0BMa)|q
zJ4vx^3PD(sooX?yIZj^tIkEU>7$0I6+z~1-0GOSm?}+Varv|)*U1yBA(+kx)3pZz#
z%CMKf#a_Wd<ZJ@uo14vyc5;Av|Eu~9W;6J%_>`rjR#}br5@j8$n#qF(9POGxrB%f`
zKqPqP{yF*KhG!LP)0ZAQKq4xW_#n!3^V9R6zes8XkR?dZP3M9MPzq+bFh4wh;g|Ux
z5d7-bbfw!C^iQRw(5$|`<<FUaex2X3u4}Nsn!vprFIAf-&e*D9N<XGkvRCnIS!G)B
zE^GM;@WcHtycrfMaGv>WC0`ykcc{F5^{4w^etQ3Zjz69RX`TLB?Ku@I2bDg%kv1`_
zsiAcT7a+bE{xhDX_|yG|ov(hrA9~q1F*HQ$_U9?P8CkaN@~Oa7AoPK>pqYbmkA9B-
zWgwBnit;f8I5C5T(U<Px+Ub$f^_!jW@k6g1#5zhPaD=Qvoe(jyPc83PMif|dE&q`I
zRh_6EQRtE78X0y@74=P+8&RxZAwCA<w7^Gg_)#hpQ_f%VBk`-799ja<bi-Ha7UfS!
zPZWh{<z*w`<fv;yfUYl<(ARK^yb;I>2~qN{t=X|^AUWV+nKe_In7fH)VB>ICWI|hz
z0-{N~smX8G!D{+lyn+Ah{1qDr+V}LDGzCh*!@^ZbTp{(&#)`4EZ$N{ogXAqJ%NEgI
zNuk5xp|kUwy{C~9R{>iEr<UlJsP}u>S}hykjBQ^J#sK8SxTvLlR}V_}YS5K18AGJ>
z(PEbEZSZU_vm&;DL9%ow*;Jw-HzR(UvzGDs`vIBn^6oV9OV`!mP1~qT{3qA1I;9o{
zhdni!9`p@sx|dbwvaDo-Ie+9{WWJ#ol`6QB)RTn&U7yf&iKCw2Q3xOJ_8JGi@>e$Q
zRMOJ7PCYJcw7QGc%ALM_O-Z&nEYa_KO)lm(8matb>uMpz8%$z_#IH;;V^Z~Ot1yn0
zLu$O!yKmma3Dcbx^ZY8C8f1Gi*unMemAQ=_gb$6uy*Nl?iSOs0AJu9o4#4XQ?!?Ch
zk;v#8pQ1sw^C_>mLrQ!;BE}KK6<kF2Ug`NbciC6R;wf^qmz~7#Bvg=Hw39NoUea2<
zGG?eTS^pj?kqi{|a+>OOd%xtTFbDG1@lZFy>a*%7-<aop_ocp}oV5W4Rw|H<MZ|k8
zl6&``8rzr-a9|oqYJT2WjHm||AazXP2iY2hCNOX}BSN>m-;dt9<Q6}A_S4{-$PL@D
zQ)fZKd6XC8y9N10pXc@6_788pHl^TkN<H~W?5C#YbLs<of&EJIkgeRaSG;F)`29uw
zpZZQ>$m$I1wbne)n9K7dI6Lc{;HQhG1h4U>#<-KZyfgD#Bbj5rWxsx?6v;&xbkT!}
z#?isY1p@8Dp&QPg7{IRih8_~aFK5bme~*BA&Ds=~Z`eJ{L>f7}{NAL@&O+6;3HtuH
z>Y56nX}CUfpwrSd;V<;JVMIng+LBn-4k)vdV6=tJrG?8^Eo_I9J$4RnbbQ)E*uM+E
zr!$-PKt$s?IUdE0XG|AX-cLqVWj<rLnuT$&)tIsI4leUt1K;H4eG*&qq6Iu1As7FC
zaxlm`zR%g_RN>{Cc&a1)sr0ia1@Ak8Vsy}5_>@pyL!j@=y2IG0h-K87%#NpFlcM}3
zv@MYcO3SdY4+xoKoL)S-)2EFHuJSWzPqNt9%{gUlvix`&m&1k8=!b2Spd3eZ!);<O
z;T+&roFU^#3z1;yq3GeiUehZ@;zZpy-2(u6t=h2SP3fZfvSz>3Y<_zcZPW?YZxpvN
zQey4aTzaL|6GP?N_z;43NrPUPS1P7vY!cw#@I{;OcWdUfzm8J^6wNl;2IR4m=k<k!
zgkS03v{BQ^xI)9iSy}43QMigfXw~J40d^J!OOr`_zLg-@+Rx#~q}MO>7rBUy6eceQ
zlypy01DAcD!A<+={6%3qN$4a6hcqRo`gq)RDOm`~#ZJ?&H*GlcMjcPKT{Qoo{1?YB
z6!y&5ocAvGf!s_F4(y2)Yebeyxh2q<DfxVxufj;i12&1<cv4~DkcC}dUW7ohTsMwU
zeMou_m>TLSUMH2qO2y0Ka$kkc&_O9z8tAUmhwO&m(E(GWF@vBzvKX;8|FiRJ?M9SM
zmuxSq^(|SWaJ#?|%nle1r=fr+D$>6cxqp0K?9cI!|GNJy>p^_&CRWQGI|i-5{PQGK
zwD%kRW^H8ht=~2}QB=*2@4^Q4&g#+YN&*@G(JbZpcA+ge#I)AzcfiH(Ek)_w<5`hN
z7_bff&c`!J3Lh+a*!(hojvmfSgM;{C@1iM;)5l!j9iQ3_c)#fgGkjxx@^<mh1{L}@
z5`j!C4w56&Bz*$oSU7R>Q7mdCwjHLPs|zbgnD<R1W-2+0P~*+)6u8$_VB@>N#$2=Z
z*l>TCdzHk6DMsm+`D=Y^$BIY*WeTvnO3SYyyo&bUC4X=SUR3+d>u2vDr6M&`WLJjz
zul5hP56p^r0al#Vvl6T6Fo`-53#Hc6<oOUsqNf+o9Dx!fo}(b_5`79c=O(PXN0Q%W
z^@0uhgBJ=;c!ITWi3EP{;Anbd0xgd5C3_HvyK|B2CMoxeVUaVO-?zgrS0kx}@R}9&
zXgYb?jIbbOMM<eqSbk9b_?P-MioEr!<TNM(qj_kSBP|IrVxQn7fGowVtnaaoZuq9q
zALRf3rT--YJ)}L>V>A46!#;!2L?A2v$K`L~k@`&lMUnAa1KKWa4p3BqgV`|k8G}%0
z_{PlLdaPbm^{>{?*b2BMse%$1c9{MR3T=JNnesmPb-N!1s7rETjsraH^-<5OD*0%E
z>a=!Gp|#3zAIE#C_G1N=hn{NQuB14sOU`~wFVl;-p5sO}s=JPV8MnCEo!=~INMjr9
z26>m)JAz|)=K#bSLn7Z{lCZ+)+5cycpTTUxnZGfWHthUvI}Hu8qkhYe3+m3Rx7@p1
zT4|-+UepkVBosjfR(3q$d%Pn+oA}`~?b8{9_-$3nL<Ay|RlN?&H23)~M@Ijg-lXjG
z48Z<UzmhEse72U=OOO&*hIiSeiF*qk?Asd<fXijVoAz)PuSJfW^6}l-tRMNXB5cK7
ziF1jxPlER9fqknLAB_r)w#B5ahxMMyp+&U)bTFsnB_TkQQ64EGjeJ5Oxq+;;*pq}J
zJEMAE9J%`Y?qDl@?yy<vf8k$29uK8F)*rdfW`Qy4+kQKV`5$-x|EJfVqF?zZe|mnH
zAY~n8eoda$eY(3}Gf#}^p?|ROsqX4$$Bf}6eyFj}<6q`C{6p$LsPS;zgH&;S0}env
z9pDycnUkL&@{R!{6$CHMt16Kee^CA&z|7wKdLn#Qk$(n`ra$OrZaHw?cFKpq&pN&J
z*BR>&-TfebOFn4UF~5BC<4~laC!;7<JMB207hZEVnUtDy{IvMvzf*q4|CahoS{YMY
z0w5??<x#a?yD6xpS+dF|v1K^Mdz~{2FXp4Q{ha;pulZT<!oBKk50=lKEW53!x7~l{
zpPpZNr$s7g;J#$E5a?fbeb0pzQT+qh$Ua8|%(nvp$SNX_pxT!6yEwqLCl;eY{R=>f
z|I_<Fl3qOLVy*VQUyR$V2xE3~rM(tq<v(`<^OtD7-68OgUG=#yxL)0No=dD%vWRgR
z82dT=2Gz~Ux4P%|2$@~{qJXEjx0OF!zxqr6@oZ4TNUE~PGZ0y8U<)S2>-s_UlV9?)
zHfrBQ@eW_9j^deM2=_hnN(9YvnMRcd&^I5Vkl-33`*ZrAj^D;;hdnfmTzl=Kh;CW%
za(~y~Nd1GO1TlgeS3enTL>4l?>u-bgukvT;Sl=P%9gP$p1VVdL)-#dwwrc>C`+#=w
z#n~R_EOvD6n&xw%?o&mPa5}!UNv`G4@P7_}Wp?W@siC~c&i2UVz~Tkzo}`q<;O;ZP
zNAGJf1sq(i(}+La3BUOTGB*soYcH5bw77>sUC_ln#Fzs18L$4R3}J_y8gp|^PG8Wa
zp4uJj+>!r6UcMcR`3z?YW3t}-&*p|-=~rG#m1oiu=jiC{@RSBMFT8<X+52^6%=*~8
zCy(pojcT9l6I8_blHXPz@VQg3;)XJKNKL24B=94xxW&~q{d+<IN0oCoF2h`@AwR%c
zT=;w+o%3k=CPPh4rt_d`o}JPqtf8-!18e(di!&0_JppW*#eEaWv<0t1sv^}wk{fD1
zbqkvty*epWuwJOaUWUV|ONCj$%o?F<2Sz|BE)r-<DW}X-FsdKS?M|U*M}Wn-V1#22
z)b0u;+^53jb9^70;E)TAQ=t*eo~%=XV}w|3TH$TEMtnm@b9P*9NhXlffc;CP6Dc>L
zu8A$aKq5QvSL-VLlFZq)P6gJ$JJ5DRncIT;j=;kUhv9Y419s~zV(m-+qQ7|U_)qDz
zdRs+dRWmOFX|`W7Ap)Z*pERohBN=CI;*zriNDZ#L8DMlp$<keP<Fhl}LED@tl3tH5
z`7|H8Qp5tziyr!Y>#38YvQ>J%Zdv+o^?w7dLPk|Z9`%<1rCti&-N3|pjS8H)1H@xN
zj3^zz3haNfe!${z77dJk&t9TK6S$g9nwdYRfAxynw~FVmOL#}gw84B`s9JmPPwHbf
z6>(54-H*N|X9(y&&OgM%Ie5X|HR>G~1X;1tg?6q<wEGwgp|cf7gZAOJ{7wn?SM~oF
z^(qAZ@UgCL7;6&A$wLuF8rq2sb6CC)-VY5O|BA;hGaL{4dSR-uv^KdzEu4&nY28ri
zq`#?LZ~A29QjsO(r%Vr0nj}H&TT4=OFY83_NRjLr`DFQ8+f5aDh>6OE=Bd+_f^%sN
z8D#pUhnW{f?SJ6-Q=ndb&H1v$r?mv%<}z-=Xx__Qyp1~-;nNq@v0Je{p{lC}P4JTV
z_Y;JQeI6|uJ`U)$nw&LQBR-fJ<E#L~6DWLzTP$y${fr>5fty3u=o^{PuF%<$N60C;
zpgCIaGs3*Ei#nR~?6A-)Rc&ifNEh*c%l<7sd`F^#LJ1TC8nrvc9{unzb%WXp@zDv^
zMT4KU&NnRobN27GSydY88)~c*r7lGsi>I6|n6dxLUTTV%O9p++&vH@i58`J9%XWi)
z^T_xBR7CmKah6!bEQ$Msp$BE!^(+RW>8bs&S;kB?1Uin~(>@W`d>ni@9`nHqQg(ie
zBw}$XUe7w?N<_T{D7#3~(iqZFL(G`PmtXQ@vCo%yk6Vdn<Ve%fjh9z{>Hl&1!ys|J
zuk9Yttx(b^b$v5FO+*gMl6u**8b#TlK-;Hb2nIh~KZQa{Gh5PbNHKYV9Ns_5)ZG2)
z{mZ4b5+|gaX9=7q#C|i)b2AU3modu`+?b=8o8@fy`N)3%A^Fu>;vAX>xmDEJI$FdA
zyF5$#-~OH7{vAy6yvgSW)-<wHqzWY@{OH_F90m3CT<zp@XX^aR{`Uq;$_S#nIQO@M
zbN%q>@8SLbocs_FE|j+Av~^KT@h!D9LFR!_!0!bE-W5JNd8h@<b?!#d;mRI&S%q>A
z$+5-9CohQ|fOF~H_0t-y$dZS8e@P?09%mL(l_(6yd@-^t4<e6A;+OgHl%?9A3WqHJ
zq;<zAzYO<fXBN>jg`zG3hC;0`AE-uui@(g@d6FAYGd8s^qen$@E_nE|eNV`D4sma-
zaszSLo@xXI`TqLK!bfI%ao-?fFl)h|bcPGuu4QOF*V}8k1!wIl@LQ)nq;BOs!*0P+
zYPqIpq7PSv<vpC-&R%FHe_5j!wA)}lBG9tJ-;XtXvad#zkKtwf@QK@7DCyUPKn;#!
z61rn9^DgT7gseo!f+cN$b_O9Q{GJ{sA=lOXRzUo@s6b$P<P)S{J63fk<Kv@K#w|$;
zahP+zwGJZa=L`ez!FaCkJ50TuK(0$f6(e2RwSRvnre$JJ1ha_|%S5-=$3K=btnK<P
zY@}cO(GxFBrH(g$Y-ZS(Dqt@GH4mRUi#}s0VMi!%-|dCEMIs$`tP=C_Ar0EUP3I<<
z=`DfDc^11Xe5*$|^>07_FUHGbG<@1ss}^y5DkCf)Oz)D%qFGUHhp>GVv}U)mp90|H
zvoN4}(I3Cn+l8&1B(EF$1X=Tl<{8ShM_10K5usjt>w38LScR692A71HhMT>Y82dnx
z_Wk;e-qtMI;Bn#ED+Lejn|+0^aBnb4vs!mhBLvz~Zz1{!Z)i;LrVT`8P-AVZ;<XYK
zK;dnxDl<bHtY=n_4+o`PFr;sN;W_G~pKK_0%j53R0V{hmv=mUv>G}j0Erp5?RMEu3
zru5L(Zm`v2z9QaPEeVWcXK+xg`qoyV>9kJ?CSCE@IFDcUfCyY74=}K8^P-Go_;#KW
z<%TrrO^9i9{OO-}pQ0XX5^k@9g7YT217lv>F2h0Z-9l`s@t9zuBoCMcro(*%7<Xf<
zTFu7f_iz7MEQi_3vobnOIgBcb!RZQ(_W5I+0lw{70<*+CyYKB$)lZ^`i5p?CWinDY
zGa5!B=*l^quVK9@IN5HYbh|Tg3$n(+*@tA3f17uAZw&u#5W8T)Nrsw7DM*$VPosV)
zkkCW6>dO)Bug%>!zM*{5^&!H#A2J9}V^I)35oM%8Vl0gfb40-G0?Qqg;(KGH1n1o0
z^F4Ct=+W>`x8WSK#aEvSBOPo{t&llRrK^X{DehO=YtDGu*cl>@%+e|aayoUDDQ`?N
zy4Z5}v7zJ{DQ;uLUou0qYEVkWlid|bFK+NA+}>U~u*Vy?O;*b60FL6XDt-_c%G)TS
zuWInRhrrpTVfZbcACZ&TtzZt#GW%D>#m44yJ>EWpjgWl%grTs3WifnZ9q<GJA!H+H
zu#dQA57L$H&;TFpZL9!TdXFNV*)F-S6ST@B_6k66hCkSB-V6JEMRWH!9IDZ7*ZF&d
zEZn}v92Us*R(Ek4jTqY!dk=T>K^X-M94gKVxqwzmpZJ8ULrzJ|!@?)IYhOjB!o@7l
zLXm^csFn?2g*gP-0{2_L1zeU~xlhUP(Pik^<KwBN?~T)i>gdH)LzTiNYfxNUxzvZB
z6zdbEuE{5^=I08X<I-EHyB!P`9m?zcXvx55adMwoN$w5?o8RL$CXI;rH(Gp&?^O(3
zg%@Yr<ICfcl|IVbv*nxGKuL%T6{|redwp2aCc-NEIA2+3w{agln-Z{5=;44Yy6Y8C
zgojzmTxy3&Ea~v#y>_x&sEoTW5LB->SW_8%%#v7>fpY1=<EX{2Z;?Gh&$fE_-CD(s
z--39x`GfZk{h0S=8$VWhm*VGRf((ks3kb{~{hPUcV@~=GTpyHam;~OD-m@|ll3hP3
zdmn|p5R81s!&q_DS__>W)<<)rI%(e%EesS2p^F{`Aap#{8Sp9q8-J(Il=NA`5!7tX
zE!^;_saw5OC23MTh)#Onv#%_icYsB>Z<w|<2bmcR0u~{%pY#KIFIPY}%cOolWbCd1
zcx8$_!~Js|CvM1-CX3I0N(Au$pY)JaN}H|8IH|FeN?m;jLE7Zlu7|0+(jSfe6lY9=
z-=+q5>A6(;FrH8LF!&by_96p0oOBjE4joh)n?Trj7qdd7ARFhH<Jn<DOp3_oLn_e`
zj)a||Om{5`Chj<$s^Yp27-y~c;S8sq;QiuFjW*2QiZaR0=c|=WM_nkSY_}wg^8jx(
z5rrfYd4i+N+l=W|5G(F`8`rFi3EJ1nK)gs_&_jw}Bqsu(sC8=i8TcXhRF#=fBD($T
z(LPHLU}y)AS%$5V2jO08oQy{+f4NdM!qj(*51+?=VZ`|RRThAh>8h}J&9nJt?X)J^
zNvs&CvlHliz7&_gyk&5kvs2jO4bXc(5`7ah<TWFK#t-BtV8W*3ux88cnW5=?fcV54
z<Ck2yj6;C;*Z3%4aI(NoDtFljoRogpH68=u8N|_SIZ1?w=TLTua4v0Q1G*#B*tZ}A
zWA=X5VlYcik8$|u;7{a1@-v(1^HPa7^>&lg`F_wcMUW@-kALz6m;Q1cxMvXaO~v2j
zsh_l;TP@HsOTrP?W&E4yYu_XC>pN>xvJ)~o81J4u@%8&~dYJ3UMvI${uyF){Ur#DT
zh7pApL=_wchIz?fYM--jnSKDno}LjUE0?)_1Shed{SBl&SA6TP#M17Y<7k)u^Kbv^
zp}&mDQ2hN5t$8BAx2gR6ljcY!`%iYU?9E!(!$zOUTF~>{H(By&rty!zH2L5EpiR>;
z->k$->>q!A*1h;&I-11&%d4m~^H%@(lX^7W#f!rK3MUBqS2QE2zmi2>{*^*7G=a(&
z24UF$((Aj$n2aAO|L=}MASFeTY57+YFX6wUaPk}gPSU?3Ig#ZM4Cg6I{PHLuV{p-*
ze{&>3r(Mr}|M@pg65fvcTuoIlY{?b1KOK=qF#LJ?e|h9@CT-K&+kM;r-zCnbycw&{
zcP{?;^KU+_dhfp!<G(!k_dmAJ`uy>aKev4?ldSmbzdZgo@c;e4KmP{)mlyljPfe4p
zz|lYcvNiYfK|b%|k3W~bQjuPJCT6^}sbtjX5gzteWGHo=j`9=C*1K#?VsKmi{l6aL
zU!Rrj(0?%%*7?8Tzxwb${qtw=Ur+CUJcIw?Z9pjb$DbLsY-H#FJlz>BC_HLR`P@QS
zd;nD)(VqB~NVvU7qT`E7f}F{RVUjF=YZ(QBVhp+!i451K_-!;gK=lqZ^;X+v+9~`_
zrpT;Vaqn;B9JjmG$YNRO0pH(MohHcquunDZibLr`lB~jzjYPwdt+H^Q`{ypH7Y$(s
zvp?gtZF09qPEw72AE$l|&)b#(FT_uB!WV!Eell5-$kM6zIeOCdbo{t0^S@y;jLmUG
zq#aL7*oOw=5vcD>A92$L7kXN91yWTW6=LtQ-b9+~j#Q=~uC}2Ds}%-~K<+VElEA|T
zi|mT_QZ9iJ)mmQE{Y-fwi{ALYn&Pmt0kPfY!`notFoAZ$`ul(Lnf*66B^a)n`se@k
I|MSoP1NX6AvH$=8

literal 1159971
zcmagE1CS+O67bvBv^{Oxwr$(?ZTGY>ZQHhO+nTnGY1?}J-`yASz1aQYMa8Wfbu%lY
z@?=(?bAC4!q(Q+@fgpgOfPjDqfrQ9$9bv(MfUJ>$fKb1GvA1`ow|6vkGPQFybhZT8
z(fzWuIZs`;+h;=zzWQ;G3$}?KE)vf5(*gZfa0rCbs<Hv0ceIhXk_3h%OSb-RhnvKB
z9SwG0{)MhLn&Z*3{B1$0z1Q1GQCXHbnaR+4S%e+PvZ3u5yJ|;9yFNY)y$f!cMMoYh
zV0FRUbne6X>5RT*vk*n5UQH1^hRa}n96GCAUdjb!JLM3?y0mi_*P5{9Fh38b-RKwq
z_5uGWd$CUt`Vp*Fwa!oPbL8H=sYa@O?YP~0y(Ch*HYv=fn#I%V!oSa^Gjx&&X8p{p
z4UD}t_v+Mf=-X`l3X6!y;6Lo~MUh7JtD-RMPuHH)mW6m*xl~ig@B-Whw;$=*6ut@-
z86V)X2un26irIyc2wD<)_$MsyAEZ&l<u3tj@;?IDmQ}u%rODJ}{NcE=vweqi%<|WG
z*Iln1T-V{AH4`&^Jo4*imK3BWwG_sT;|Rc{7`MU{CqZ63qvppiPzbjatp>61;C}-^
zv0$#j1sPBSF@hz6LGI93vT%{LdpHk&lroO*G=Wdtx||MMCZ0yuv1F`Fz(W^|BNASf
z!>!MGSK+NhXjLqyZ*D5#YFCMDzt$tm$v$BCH*GC9rA;X)@h_Kx$_fv4`Rw9qUF}#a
zb--KT{oQ|^io_iDP%URe7Q0$cdp3iQ=IgNC4npmu<9-&Xe6%fd_F?z|Ek_Y%7}CR-
z$FEUqpODg7%_ge4TwD;tow3~SUd)j0!RUDqqhh8a-sM{Rjx6^8kUd+JqCN@yqZpu=
zL2*c-I8Gc*j}`JYT_FBD#zG=7m!<QzPQin3H*N;FKPe`7?v7BLk3vSFkRMN7AYBT9
z0t-mWAwBQ_W>o0}ct~6TvqUj?j+#Ka2r>~Ch?GRczkBNA3fPj0H}@WjBJgDI-eb_?
z`@#l@A{rUlTwNeJysa%;pRohF@vVcVF|(_*_%a5H3LBM{i9Rx7ka!o_^92@Ti{{5I
z$Vh`lT6~YQV9=;Yy%L7)jzj4aB4@>OdO51jZB;v^`+Q2Y&qxpRpPO-&7>e45t+2BB
zIf&$DH5H2GjWORs#&8UhaUPs0=9t{oxrscWJ2T86K}_1@P_QdyZoLJBE@Ov+tBw6q
zTH#?u<%ld%TS=C1vF341Yugv*rL}ldoTkOzl|EFB&y#$c<#?`(2g|O466_9|TchBC
z*&lng*HGD_dN3_N>9tV}k@7U712*O&?ge_TD&Vj$ZSLh=(buz@hUQljuR)^W!a~IZ
z+%MyJhV|4Yg#mSwjvyn{IWzSGi86!_IdbE#myJcD7hF0jl|c=kgF_i-&N}_R1uU#R
z_<oI*Q!QfQoBMBR(~@{c-Y&mlQ<HCS5&RK~DL&bYi@iY(MwdT%1A}|2Ha_5hfWE#!
zffW8f)g!$KVJ`|22#AUS2ngl7dKkMnIRk7pY;EW*olR{S|5ZG+Rvp*bP`$5YzWfLH
zq&G;U7er24T{q0I$kWzzx3~zPr7R=@2nDr2-}LPDhh#5)amnH#$8$hpK)Utivv23<
zi2v#rlqhY%NGhU%Sz#^{?HtgHOzm0;-|q1?uFsO>4d#7(-rI+~3)Lm*o#21Ur)Z`4
zYFYS8?0BQsS!8z5pYgi<)Z(egHwN>bbhYI6IwhvcqN%-YSuyqKQDx(-+TGTzwzFOy
z{XyHJR^{71l=l-cXD9~%5{Zc(yR&QFCk3auM2JB4;9%ub4$3aa?7X<N&{U^sX#9II
z%BN|w+D2CyZGFi_8dZRUek09>9`EO!TRiG;eV}woDllBxR5F<hsnz=6U_8}?dVIvs
zdPHHRvaiTdQRUEgph^VHKEwCR^g2IGq=CHW$92F~rjT_?EHo@Q<m7W<ARp6BXSY!u
zh?L<uO{o351<JVwVTzrx#kiJeb6z!jMUxSAyQL*IT8*u6vZ^gDj9w`j-F}ePZH@?N
zEj#=9%ZvL<C9S3Xjv2)q{u4fO4>cA7;A{pLAOz}qHMFQTOf|e_RDpeKM4EAHM7=(2
zWNo}ZK9}^crtrfL0tmcfeJZI=0TmZ0+@)zY&Ww&mvxV(cZTUuRrX-@34=!~F4TZIo
z{{+@Y;)xTFJ2ga7rWQjQ*#u62Zo7~Cvb`;0w+4wM>b-3|PIQa+c9!tdKKcizTozgH
zquv3XQw(hYp8YkLlS|Gt@-yBIUz!=JANS~#Lu0^|!l)RsMMnrROzi`=;fTKQC<=;w
z%PgrwFi{2Bwh)!4h<+_Qv^Or}YbgAD`=@~HAoD57b<E0uAgnJ5-3;nJ<rZ&WNshv=
z&b%cS2)_56n+bC%9yZzE?tkUkdm48O;|E5*YKDa0=}4z@Ci>WLP|dr#;~8igiZ<L>
z>;ZLAM3CjZ%TSzPR04YFUv)BeZKC_1I$M*x$e>xbftMKrqoL-?_;tkQn-V#Sy}cEH
z+)&5`N+o0Fr)l<k8KWG)FY%?T(FO}~o*y}nd+0Fi4mc(pt&Kpn5`Ve>l4?G=DB*;e
z8rFdQ&h7UP$;88{Jgk(@zKbVvQYYJZnE)s0C9L$9$#wt(4eA7H+r1<<ZAEof)!;Rm
zrdFcHYomJQP{m>)PP8=8kKsDxN|GMHI5lo8i;qMshRG}&C+4gBQKnSh6GWlaLqRID
z980}WV?J0UD$Ka2`W0&3TCJ#_-j%J$uEssI^3rTB0@cV675W?f{tT(CJDZxN9jin!
z!6HyZ_WDc;;}Fd}Z`LeRNH!k{hPAJzWU{e>*}zZ<(iQIW7IY@P_3u5fC!{NCb}WkE
z50@^wG9{zdP^Gc0f?11Rro+uJ@KKW$WTPBDdX?d?a#E}YXe>va+b^=e{5{ZCcu%N|
zBu^s>AQ&9oq<(9o+#scgku=^z;tF!W<iGYtmWxXF&YyNN3qwa5%w0M^JQXTjwSbSZ
z>PtqMEx@=m=H<ZvKk`KUXRh@k1rZmv@~-?y^IF+tYXiDkm;!7X-(?pc*JQHDW#kS*
zR#^5Kis8r2tL2o_cL~prGg~=4X*M)|9u5m7<!@$9*nU!@<s}=H#_&pHvK9Ia_H#%J
zchJYyVWsc@>m|}7d4xlZ(*da9h-wxF?Mq)szwU7zGg-p)XU8R*BJSDs5a~^z-uY^b
zL^p2=dcz2lDT}Cr;_Fok^J$;8%TAMkZ&Er*gQ(_|(V32uN)=7&rso`on*;gQBaWb`
znQ-<T42^ZH0>K`G=F|;<by+0!B<o=^rT=;f_*-LNleWjSm9wcRLmj{9IL45$Z}EI;
zzQqnmOHvhCuw8as)J<lM0RWcv#mJPnC08f8$Pjp}D44Ebu9A`Bn-V{m{zyG_nD5vo
zk<H9F>|1fk{Rluraa)^)a`Jek^^mMyt|*aX>`vf|jO?i$djdysZVJbKrR?|Vqn}}^
zJzZw-E_Y4eC%8fsRLW!-+tG!@>YQvMHI(-CwEtNT#2*K3<F4U>XX@}BbQ9^j^P<_C
z;~R<oLXjUk`hn7@Fy~Nd1debxPz&fn_h45R1SVp^(td`(FWm#cUT8oh3Ul7iVg?RG
z0%#~i_~U4p-_|fjgC#H+m|{3r>o=PVx0c1@wt7{?)_Y1FpHH}(_Tt|M&R1&+Y1oUh
z;+*gdDE<^aV>;t%>M>2d+K#=*u7WQ~rEF|OuNIW7sgNHti?9b8zgE>5m)oY6Pw!@Q
zj7OI-H2_{3RX&>h>1>mWjkKvWL8tJoJu}cTPXAs_PBYBNbzKiv+k>>WgW|w{?LHoH
z!Inurr|;ud;;u{_oIq438qV@{0*H1PV^TU}3V-uhC?|Jr0&N(K4oHvIzVYdP#srwf
z3prl)!#OqtaHdtg{^cg?T<_(YQVB-4C1YAF!jhQ3-b?Gw=shN_3?xQ5#IV`-d*a9%
z+mqfZ)A*#GFVnDvNUoVIF<Sl-s<%r!xv^|;DkoRIY0HLJJN9eh+*!oA_JDbgtKlSv
z<Pt~Vr~ZU|r)M{qh9Wa7ZN1uhSO|jPWNl_5_Kd5`dg<4*dTaVx?*aZ_v-jK-`B>Ap
z#QS^wkNID-w}K<U-sxXccw?d>V4eYSWIOH|K4}|w-7;fkey&VgAbpSoOn9xrSbr^a
zCE6w=0C5|a{A^-HEX0reEOX<^*X?ut7(-vS=NW|0d0H*h6qUA@s)W0vVzy+xCAB~_
zbk1s(`v+P*ysnL257+Xp%mjt7GhQ`us_5F^IS*a+zi)@G+Kz(Y)z)hJs%cI%;S<RE
zjLmf8JjeHNU;gNlYh*H|vwXw5k+Hdt1}38$Ky2PNS?o;3vsa<k>vDn@3l_a%@yc3=
ztYq#^<{ph{r)@KzK(@ay<%*)ZJqwMv4t4EqCli^){XJ{_DM~Iw9ofj*)&Zadw=<=`
z<>6je1XG`y8DFb^5(g?{g$xjK(;T~#5D~kvU-3<UeWvVX2URbjI{J|w<>&npMH|X&
zhC8BV2|~B&vb#M__<7JtgEg5dF(!kdF<R804wDs01ZIEpbn&-9(XKFwJCzn?o-jM}
z8Zee+yGgL`6HhVbc~SuGn?$px`(<>CvV~Xpnpy63z>Dw<UgB_oP;h0Qt_Jqnb||1R
zJeoryc1@N!`O8B>x1DNhJiAp)9_)4^DRU1}e)x#|JCOgqQ1gut9_am+5PgUHzZYsu
z|18uZXZWoL1YkpUYmDq>#w>Gbhh2lKp;6nN(af{FV-unil#cgX=swt8=WqG=7w`cu
zbDfHdBs{HM09|1m6Db~qODl(`ztP6}?Mg)oO(JVvsFk`uH;mM{fZ%?Zs^ln_<|9u*
zju9{x3)n9=KgEvO3kg4~ZeTdg--A}2oi6`Q;R3AU>CKd+$a|(}z;VvHsrG*@p@>sj
zOdRp{GOHPv%lE4t=G&c<LodtNn44r;b{L%RUbXCV|4)ZO%|_R9znyId{lDh+zq~F~
z{$sVyfa;BZjvu*YD(Si>Q6y)X1r9?UStq1#dcwunKtfD8F}%_vFLxW?B+Cu~;Xs<@
zIn68H-Th)0e2)D*%dJhEteohtD);27Trfg!J*kME->3yYEfiHL%s%mSRqfI`$25+Z
z74il}CXMZ_b*0YwN{LzX_ceJxxL%t_o88Il$xwBt!%UTNd|WK_7GoT_N!C^<s+lob
zJrJx3oLKl$toEeVX=^l9s)w-p%mbXd#1+DZ1iT1Mu|ouqJ?WR6kWKu`?7Z8VS$N^~
z6*+W2-m%l3N^LF&HZuGwaz{|L(d*CfiAhLsD|Nh@DFm!wM5h&QuA(?;xoos0sBPJI
zbl3a~%`2Yu^4%U&wc<X_$B5($Bz#Bq7m7pQzG8We<yHYCM1CeR85L=yc+Tb9ivINu
zxF`e8<d49^b6LZ;55Dab$iMRg;{Aa;gHoV`V*x!`r$aKH>urj|7c46QUh#Zd*HI0B
zI(CJMVPU#UwZ7ksG$vg`Lg^q@G!I34LcfTwco)07wt<6~C!R&~uk~B@{~6V;KqKPV
zZ^`=i=fBgK`JXhlndXJ>XMhdft;oGx0L5lHQA$NrrbiSi7c1YVVB>G&r3?TryEE>}
zsUzO4+ArlhRfxZW&E}Zjp`23dve9D^=VVE+S_2Ku;L)_CY@O^cXpV+9sb3|BSKO`p
z4Un~l8(xbaHoz}@3_n@jEZgJMX_zui6M81Z0|+k5^95jh=^TS2e&VqM{-*=;d(A9&
z-xB%n)cn7c+<$pt5<6uzz<?Nd71aIv&t}|yVHtGuZ(pm?rpDNc*yXz3Ijjq=#>8$<
zQx7RmEwhj;z{>l*VaZ>JY}j@o8}_i!Ud!{S4)nc`st9HzB<ke~Xk66(JdUIo1b6un
zy*eT>1ak=NpdjeG4fMUUqVnvH^35ULbl#yi8~qWNWapb^yNtrA^u{uTZ6X*845Ly+
z;ybUz_<Ja|KM>~jeK@n)LxQgrgN6)PS_={2BTTaKzZax?*CVn-+8$rJe1iNh54CJ>
zj_`-DF5>KWqQs~zRq)JM2;Z9%uy7&aeWwYQu}DnPCir7jw|Vp4zlY+#3zkuJzL3Fp
zh<$qhp;Z6oQcgCOCZ@86PR^!|PW1oB#lQENy6bl9qsiX*2A}@36Yd<!4x991B?!MR
zpkwc$*DUXuY5ydXC6*FelArtrolKb=@EZR<#?GnYkxiu=&l_>Ur@)d+jW(b3n&>x%
zUUvaGDQ#{UNsIX!UD>hfzxGTkEE%;ctM%o5K4J-YZ_2rJr{+2}Ol!#X>#c5E@V_4P
zeKc~^U(R*47Bx=<aVt)Fym`}>A70<jE7PYNOtreGmR4adb<qx)s&>uYz1gVe<rSWo
z_zN&68cf?YWY=yF84n{WDu!4h!cV4{v=?PbO_NJl?|ahemsHi)UsKnXOw|NgtMBbn
zHnMKf#bn6%`wdDkUM79?_1JTIOw_lG9)H>y+c*^-SEtcTN?)-}>C4mAj2)bh;7_kj
zUL?`#RPiTjn$@Va@F$%`JiN^{UEf{2A)hwVdQ><=%dW$0M6qSOwY9ron7f7RyQQ4G
z99KA6_83<4{3VRNkNDteuv|S}%U}zew>@?KeByO4x%(x5*--7@pjY6kB71y^5aK%U
zQd@dA>6ue9Z=-j>Y=FZqN(WeevifLF^{MPs1vYL_{sZfhQ1G+I4RkQfFNtP`>$UP&
z@52->YN0u<IdN)D&!(fzEjn;Xg^B$a9qM)8r43R*7<ywC1Ys(phdJHcor~rozv<9i
z14a$GDO(k;c3}&kqJ3=5)IryZtDdihA9CnCV#*zQn}G$0I57v~@CxNhIjx^W<;y)G
zd3A7NyOK&gqP>HnBVs~UDl0_vl5Tzx)yn^;<%-kA_JU}=#oHW<8Q?(GThVunnSH0}
z!+wm^nN<FQDz<9224l)=fj{`g==D#<5BdyRtD2#n3?~h;Ty$->3oZL5lZw^1Mj78W
z<urEfM3<PnB|EA1GW!PRNoB7A<zx}>WFuc5>D9LMMhjmMbB77J<OV2nA%o>U;Yv}G
zyzmU=<0^5cg|+yvr6lLD7;^@0?dYCzTnKB8V>{|-iGeB|lX)Z7yW4ZNiI~zjKAruL
zmwcY?{$%K2Dw*(%`fPk%V*dQ$p~Wqj9`s^47}!zfYOco5`-u#Ty(x?a&87ZHVBpr)
z--EJkzj$B7<7Wj1p~azf2%|xx15&XQ6^f0^<71g#<h9dB?<~_eUp~y1P6$P|5<Vt|
z8fnV+%6(XAldF*boDdN_LIZ}nFE05pS+Yq40|ImT_QV)bL;VO*Mkdvjfb<f4o0UPl
zFS|D>(t}KyLEXTgE~)Mwj4~CB4BRc%5z2y^`J>}cAS3V)ujgkfqQ~>PI;9Wc;^<GA
zbaiH|>1oucHOj;163C@2k;F1*H3-I|Y;{56ituw|f5Zn)3LGEACE6VyWQQ+hRDdGy
zAsRNZ1zak3UP1?Y)s4gd0Mm$5-y+v=3Pqk8*FA{PtRKDOwX*(b6Esb)IkrqNNh>_-
zC3Cy0(Er0DZO&L(7B#8k-!xmzeL~ce<74L8L|nOXyLIncp>s7~Ie&uc{0PBoYnO2b
z^IAu_5?-1YVC%zvqORUs5<}TZxvNE|w%$K6R8H}vYGB@M+cvfx+5NN0v>09=0eA`)
zNH&LJmWawI>6tOU`%fqeIzg30B$S+U;wT9rqbFgmqA;oJ+FNKdk}X1h)DCcK8cGm0
zi_C8dH7H|z;%U=J8O)K;dZ^hW6!eMbpdGT_R>E8DzN*gdjardJdn8U)cd+>ukon=J
zCP<mWllPOnv6xmlWHBIN<a2+-kWqw45eJgM1FbibYker$c&c(|>$52P*M<SheXUK%
z5@pt!vS=1UU{UD2SuTPfFFe2;lvbhip}B(BO7_S~4D%jtVy5<B8^V6Z!hQuMR6P{M
z!HoVO_^5(-qhR1t3aEy)ftYb*;rinfb^Cc(!0aHGguS+S_vfHE+={)Fm4d8b6VyaZ
zBAJ*0APJbLSV&Mr(81kZh&zo+=|0Tf4uk7Y!R(BI>^|jNqB*371T0KpB(q!y0tGCv
zl(cmK4%z<LZp1Ap#ncAH0vupBlAQy@9W3M=ydC>Y5gBplJsjb);pbe%08xxE0*O?7
zhqC?@5S$d)yZ>khXDcTtdn?GACW@e9A4rcQ$s6IHh!_PHNd<s~5QaUpxGV4?@-q-!
z%tW#92C}&1OGr!P?n5m|R0#*SK6;yk)+oe^NTvDpeI2_!wjfM(lWvHqe_8rlQk?$I
zv|0%%UO;FI7Z8oiedry8nq-LtyGzPrL07sqhg8PCW*o0ZvJ)Se8aBocUM~ywR=}am
z5d+?fH0agAB%DGH3xvY_VMJPlIs@Obw9nCR8@PUBj~)IauLKK2$YGRG4XlhHF;rR>
zNg&!!aabZ!)dE>48`myt;Cs+QTlR0*P&tI;S?x)p>+s18VikX44|0|!3T7Ih8e_fI
z8A3Ckf?o$yA~`OQi}&(E*bDm;->ZO%r=lYfY7q^1VQ}QfqGuA5YDR)erC#y(WaJ=*
z6-Bw@bP*C~a&f=~1<fkM{eT8Vb^w-;66ynzn{5Z!HY!M<8y%q-WpDEk2O`NWw7Aek
z-=2AbZYbzL@h-L^PL&c!y%@xa<}w5?@D)d+n6Ny-73+YFNmE3wVPc!`fY^a;-1z;+
zLuAESq@*|sDbz;1dZ3qa5eewwgiymN;k$RgbsHP}e-g=}7jEeLIih|*y9fwJ!{tln
zBa)*Mqc}w|JaDG?7c1T?<$d^pc3|7V4q^ej;p_zW3;!Jp4ynaN2^Nea85GZa1)j_N
zIoJ>M!x9;JF9l{WKh>J5dv)m)$$lGqCs;`0Z&`4x-*hPG7!(ZXIO4ItSbBgSWg!U}
zGEd*lT}W)BpD~U#r(N;Se~hmvAVTvl62vQrBBgK$2qOL%)Fg>RQVb9R`4W~)gVvWS
zDvW2W9-d+$-iZd=P{4%dUSvQ{3MGinla&-~b$}T!+Fc`<3WbI>XEC8C+tn#OXiYN%
z+lc!f4`Ra-Eb)BU!$b-A@WL6S7_Z+TMZ#eH!Mm}J`HRxF7^Z%-W#T1cP_4wk?5N`X
za;(vTB3hCP)JUPM9lEGa2P5G`Rkgt;DBT;MHe^tFX3pu6e%#3R!g46C<#H(FqR3PO
zh!4cDRmuS%$zY*Bk;N5h1_byXTq@qS4ZK<2S<HaGkbH>WqXY2q9rJ3HUGgk!Bq)TV
z1m^r^?*#i6pv@#i>*$g7MZ<Yq5Kfl+VvLEwf8tVo-w?PRD;$(lDI63icwmh$35w4{
zKnNowr+`U`rS#k3_8^7Si}XE}Ein2r3CTyiA28b0FTdCoZ&2h=N*Rt~glNtuDkvoI
zLL!+6#>d9;E;c7`mH+pz&CgvolK0?D+IN#I+DPp2RKZ}%x67|oB3wrWVQBMUQHR_E
zWqk5)(~*0TQPnB`GHsE7z`rQV=MY=UP|OEYSA&RP8qf&O63$7c@xr*jE%Ab?A~hhs
zJOR~1yvyEr7?N|EoP!w2lOuu&uAwzU-T=6~H7<16BVP+7<bFNx=Ew9A!Xy;?fAxVw
zb50=$PC=zZ5(!MV<;FC@u9?{yMdy1(5{DDTw;_BkqdW@EOapU7b=~Sut_kO{@2-*#
z^xPC~%kcHA?IQ;;-$J2)@JB%IXDI5h^-*@ob-+_`-=>3!ca}%8-Cj;~8GoNh0Z#j;
zrWvndF7#YZ;MKM>(Vi9tYVf1D^P~H-f)qWvsm=k*AG`vM*ZO7+VJX_5wdx_cZS3Yh
zmZC4#`*?r0%gu8@Z4P^2(fq<}k2*H4y++B+0ANJD&2Bm+yK62)7nMJ-Xaa$D%2ur5
z8C@V>2p;=}#8h<pwb89n3jh>9yXimje*Xz8)&j_h1GYG~aO1W%t*0fgF01U4FKeCm
zJXW$Zwz!2hJE$TK0iv9DwiDOfy0UrR26LB8l@nyfigL``0Ja+R2^X!NAW@q&#cigq
zkeQyM!*<b7UYd{NJ)`XEr|}9hz`*n)*i(hEyuJLL_0E!|u3V?4>jPm|=kv$IAcGZg
zBd;{`wrQ(OMe*jwV?8IO&#R9Xy9ygG=kg39OXb{5yT9pIweO+YI_S%WF88z<PDnIs
zjZaGrVjXuNJ7nhi`Lby{@Vm=m_1SV#3tf3s=V=cVnZwuGQcZ=Aol%Ip4ARpg8#q?*
zaXaNN<&BDB%j~IU;qxa3>CJe@B)O{SR9%d;r?ZT(7QKae_jo#tHn<ibvCQfD`f;2X
zR&qaec}jD}uC%GVfgQ-fli^&ip}%g#@^yb?7_g;;B|<qCkzgofV+kB8z2s6EM(iwo
zk=)n1E|$jUFBC@#cyJF-DCEW6xyI+OWV5R==G9DSil4khGHCCw=sI&{3{^AH-4)f6
z3(6^L-$LBgO!0tbJeQ%nvLb7EM*rw|rcf@x++__&7`W4RV%e!iXda=dU%vj<)#r)L
zby4$3>dIN#%75hRgY`&BbL%KYPvJBPu?$IsS$c!jdPW1&J(QhKLUXUq?=jJ50;r*%
zxu|^>*>=%|ci!5mF_&^XQzkQH|K99*P_D!uo;W?BULT^VG6?9RnlN<lWUfb1r67rE
zoeLlsFoLd<4g--RR-lbs5JZ-!cGWfcs16ZnkRWXi{S(^Yx7uX{T<-wqpW97;VP`?X
zJW+gnt)4jhwqAM0UC7gZcWR?OW8xO{OJLiQldXy8{ofk{q-o%|H2o@nJ?$a$40j36
zHIueU4C|2}1Pwmg3r-^>o3FM2k3;w7&PECP?MaQd$qK5H9t}EwV2V|)y^3})wRCn`
z=fy1-GPe9WZ4nQc)ZO@qM^RxFr()D~)#3IhSWer?t}@Ng8pRQ|(+SNEhSop?(<2cN
zaR|3XCK*IbN#UJXziY6YQHld{rCbq)=>dT^!U)=dO6Z=Mv)Era9hDLCnr(FG6>E;L
zcB`8=FeqA1<%L%F3d=2*o&zl3o3I-hy>98{twUDJ1q=k#$>oGq@z(avVz#I?7OVN4
z@&|Og&0t%YO)Gg@m@_4fl>QFXt)fsmQD@3}>A2j#z4doUWCK2$Cz)TK3A4JZeZaK0
ztLyjD4$3`gO^JVt8Ub9#;nsAO0m|9ys5=THdyschHXiP{`*_vrWqNueQ6XofAAB6K
zIFl8ww_JF9sVQr@7qWWC)7(1r30<954D??2w_L7VJZv2R<Ah}%hMr3KA1$r8m$d{R
zlLLv$kAM2v?ifxM;7>*wE>L^RQeJ@f%05kE4NuE-r@j2VJj~gGPfG5mZD3IpPH^*K
zm1nzfe?`PXQk07F-+`hocz+fmC@4HpN`z2Kyug=-P*S)Nh<=}4&5ct7jLfr77{H58
z6FR~QaYj3p?-;;`;1yRGz{^hLaj}aDl0NKM$Q!iE+yO<^g6@^*YM-n6>bcacoNn{S
z>bc9)KHZvJcMg2kvg1pQnJ%YYss~wP>TPGDS>~4|%+hvF^-W*5+)Fw2f;|RH?XUIs
z7gQAdTovq)tDRQ9YsG>wAaEBSQ{{?<@LHi&C-)*KH@8Q}MvIu$vr}Ek_z7wQZO&b<
zsYz<41#-uAX1@D5WtHwxfm0Amm5VzWC#RL7HCjuC*+mu8be(q$F8dT~94-*H(n3R9
zBN6K*zeB1f@{sinbsoJG6qe%a%~?NPUhpYuv={3D!JjT|LYl8hu4ck5W|vq?*3a!D
ziPp!Jts{98jb7FW5wp?#*Jl{wmEf3`)D}Q4Zg^v3+S|c*Hr-I>S3LUsJ3wU>AMl6~
zAUmN5Ik>oV06L$ZE1$X(=*SB3f^7pt=4ViAudM3u@!L*&-K`h5kU%!fyaEI3LV>f`
zy?A~3&!--4_P?eha<mLt7-H)%Zxqh69iW|8hyqW94IW%3TviG=K%x{!7x+!-JM%z?
zbSLO6xnUhA_=0!1e#5F90cHpm=TVkTDOa=&EnYLtUiAJ~7ZZC=*SyZlTR&euRi3k3
zT`UgXMsB)HACs?MlCP>%jcB9ZyyRKftPb9k_dK6UzrX(@9!kD~E}mrQO1UX2Cf<*U
z{OV%vK735RF`c18S28$DUZ>)SL^`8;-~Zr>F<kSEJW7dR;oswYgvbBb_Wh7g;3_1;
zN5N}6PHZ$MO)gT9rfDKYA9$Rl=0ZMe3^k=(K$d<A9g1?i{EE{k5uuUJOV%hBry=G<
zG9p>BM4C`44YOQ%by+?Z<((OiO2Lro1W2@xH1w1;PSu|w`*gmYLft;1C3V<MDrfG4
zM)OmqdCRa(&-g$pvP18`pSzJDn!ysX$sNk`3qsP!(So<cw2nY?8Kh|d(`1W+_ySNG
zx3O}^EvyhUaLE7qLCBF}h()0|E1apqVp|SFpIWASAI^c-1NQYF!Hbp9z`}0fj8?h}
z<3tJPhP#<q2{{Y{D5G>q?$V*KEAQr~jFJUOGe%Wz5=T|mM2gv(^wz0#OJg^E&v{g3
zPRH!d9THruo)|V)JrJ3Y-liC@GiWZy7d>mB7uoVs(Jp7^g1y_-5`UNnvuXp@1k;YK
z6fOa?D=W>%mWmg)aT?w`qY&Pg4dN`N?6RT9R{iI=37cBaGPG;I%dpH2j$*6_bf0oP
zDAus+JDofweBOQkC&$#q!90)nZW)v5{{P2w|KjZD|KK@^^lp8FZU5Pe+%*?I%nR6G
z<y$}}*#vS0HI`w`jd>!plH4JEKzAgbbummaO!D=rqDuL;VZ~W1hO?1KVN^?D4`2Ep
zke{j#cl!KQ%vWTz<Eq`98F@K7lhW*WUUh3aSyMi~HU63Irb#yFlF5L%hSlT7%#Vjf
z-_Mbm^?4@k_w+<ntzX5_vhL}bQ^~4Lyu6&0#}m$3iTsD_&c>IzM?+j?lQVm#CW<8Z
zvYTh;V8WyFOJi2d*5eq$<Hso}74BGvcV{l`Wv5c%EYei-Uyf~S$+ouZgiW>)jVz0;
zb1fYQm#FMVVSmn(+*e-Qn`^f*)E|yJ?&q{=`O?-A*Ko$ltjXXS`a2}+8&-$V(z7~W
zUkb-IbXNNhAHCy>AFZ73r0aOMyJ>ZP^lWz0%49W*0um}^=bJ&?3dW9n?Cds%#<KR*
zFH9X@PwF++0nBRICwYV?=5Ovs^K<e^>@_IIZwoKC0La_vlpFsIa$8XHEU^pa#jK7m
zj#lr?rwS_Rt`<!u`4snNhRFTk(L>ueJ-h9LJA|T^v8jgDyi$CZlmZ{0t2IP&rb-j{
zr9b8!_vJI%^Ae`mmQt&gQ$yVukRzdzVVn*K@@WiS_MVN10TN6bu%N~wl<w9v@$<Hd
zYCVN7YYiCY4MbV$(X{ay?53*bwhgUxi@2-VYB>R3H>*dT4BJP4U@>K1O!d6d-0>p@
zVTE4!mnGw-JI^1Aof}KnBJ#UhSBg|LQ_U}#Rwrd?%|xsoH(r-jtJP)oPlwN=Dl4Ze
zW;9Rnep&PDI2yLcle(fyu<tzGrL}0FEoQTqs~a|_`(BrCNMlrtTbqHfznb+kJgllw
zEhiWGSG<~hwc3Hbz64)B569<CupO*7MB&D0{{BmDkI+P8+y<%G|NWmb&oEyoF-<8J
z_ZLsRWplE=osMJ*M`YL@-POvjW2G|QPFBYh2Nj&{5l_}}Mo>x-yCqw$-Fs^LHof}L
zbvgDlrdrc<O@tL^tKDm9yLt+*D!x#8#<}MpIvTBkulo~My8FbUQ5>6ulLkZNM*d#A
zM%L74H7mSECFSf9i~^<t;-Cs}R9Ix)EFsxDelyEn$sLi4(d$FLDm!8i`QCDcdtAzk
z>BBsaK6|@Rg(K!kv<2~|t=pHJ%)S;R7DKSNKoS9g0WdICbQnDcbL`@mg@V=VhEGRH
z>2dNV)JD=w3we4?$`TZ@sadKS$Zovkn{n)4KCSyuoE+b^MiuyrLtUz?P%k~Su~REe
zcf;=0)Kw~a9zG?h28Mj75m<wAo3jnXv^QWVN?|UNap!1+LT6^OCziTt4O}GT5h&^+
zqvu#37kM(13Rw>wvQ$a;eQy?KSmes=&O4i?*$Nu&+$^;mD;2U;*R%!6WXU!7bI0YL
zb~M^~6Qqo`M)VA9V^kJqsrvEDlAIO2&3JXYfEv$^<vaw+*)cCWl{+k6*>5g4cW<m-
z8>i$Ap7CxsOHU7%!&iJ=9cazDeg30HJ)@ID#UFRI_>jx@<NiTe+sx|b0dZCZVfH}6
zAKeiB$Hj=>n-oa61W=&>qkzJMgj1EGj2@JQh9P`bJYSxz(E4u+;aW&Lt3rEbxP5|f
zaKG6QKP5a+v|+|x5+;i~q%ik)A$#NDZozlYzN*&tl{%3^%7{!V9{&?hf6L=OE+8@$
zHy<yHTVkpvvQdLjY)^tf!fVhWK^(^6vP3?ZcMKtv5s)9ND^4hxpXc^#?g|KfmX$}W
z$#EhSy#mBGTI{1Be2WlrAk+uUgZ7A>sF|4NBCL8@l0P$no)C8=@OQ2?4l#l?kopC7
zutj4bbbbpkz!F)|5C*h{@1@*2Zrm!!`epp1>U!k?4;&qdY7Zh+fQ2<dEyM$cN(ly1
zga(E719J~5{U0t@h=}aV?(NXO9uv&I6vED>c9k#hjL86<cr@B52U?&=1rm5LtB!ic
zFi0QB9tc)wGDkt)3kQaC1*#*vcLNMR%tgdB=ci<$r9RG%RaEzv2puf_8R?M7i?UZy
zjv$L=9NHcfc=;(CE9ya%^(ZcyL8bRN6{Or4Ut)^TPv@_|0E0-~J0E?y=N=?k;YV8>
z*;_1`SU5`*$WL*xs6-|bKdEg<m=_Q*E@UC_!FS%Ch8}mzN8Vkww$~Bx;_gxemZe&R
zusVDtq@QSvOjVFn5W_OR{gCu2B8`WCdb={P0^=u~r|+;~+Od(macm4@J^CAxc;SHi
zA%npk^+QSIa~jYPkc5ICXYz7yV8!f%wLseq>@Hzo1dL!|1Q<#XqC$ld9QZkg`TOHA
ziTxC0M9rIn`c~Bn*$-@i1`OORVQ_q_av+b)A~Z3MGQ^<eE__qDO2SY=_zw*v*~DMK
zoq~~=Irn4G_A$UZ`a4i~);myfG(r-NxuI7e;$X3nN(3BXhJHvlAIENY#Djz_j4=u9
zCIQMnO1f(id6sHp83d3_Atbp>27AXEFSW60O)>*xpP|Z**=G=mLWyp?vmz4SU;h9t
z|NEJVzVQvzwuVWZBBrp7zVZkbg`_t)qp80SbdVyI>F-GLURghE_}1>$Z`-Z0P}sPN
z6!1i}GG~O)e)K9}V8kloU{YA+$B-L#hHqf4(DuK9|6>?=94G{p%C8CCj|kR3ybKKS
zE%8=hkHVvD*5@~92bLYoU^);xtiAUx;jhMBLXzN6fdUDl1JLjfAPFf{0z;sm>R3V7
zMIdzyg~$z8&5a%)8!-^A-H6CMONht?%>8~SVEsTS0+s~+gJLx%nZ#&}<%aL?gd}h~
zP(ktX5td}VaG*FRKZyE_;fSC`Q5E4q5y2Qi6Gd<+&@B;(?l2r>RGyWnNRI*)7-@^s
zfY=f3y$wlBDh)}58VI6gGjOnX#p)F4(2`&z0#tG-`Uu?_p^t?~ONLlbb|65i>7xT9
zS))ZLWEl4rDB}6RS#Hsw0%84;*ua8Qi754~+9()T_8cA4W&E(ATDv)rnU*+^Q6>AL
zw4ft38YV;u!F^~LVnL)5D*IEkb7V1vG-Txx{+0O0EQH1`=?3G@6sW)}F}aqw#E6Kv
zK=}$dqKpWjp9>di2v-KYm_EqJpkL5FDDMz`F^_EuqZ+yt$W*Ae3LwOmk+XME0hFvH
z0wQ%Yjr2tR+3msiXFK9~d$6+bNzgu^yUWK4c?B+|xeTFRC!p1nkZ=l60kK4gVjv+J
zf~7f~n*HkiF%m)72YP8c?1(<zmuOsSPvOBr{R&2i)`dW%d=UO(VlN_GbN&cu@I49l
z`^eBdoZ4j1aDn<c4MEXMt3svyffTu+wVq!in4_^+tf-3l5~z>?{0}bQmgS+PMh`sx
zZ8^g0uLj1;;CG3Q^hOlY2f}iMD}*Hpr4&(kX3X1`d@)IN5+z@r0PFF;KGVJx9%(-y
zXA#SeA%X%KtvXIv$?AB=lqmJ4RmF_&Gk@|ner7Dj%+R6#9+UnW05Br%83@5Sb}~F8
zNdKjrq@>ACiH$|Xpno_+G-FgZ!uv+FN5YwDz&DWdthfB)oaer~BA4rWtURd0*Q+pq
z9l(4AVg%)bN&CZ3Y>Uxtb!1HiA`yJK$^hh}d+v^b?>mKI)*63C<yOFK^0nexA?@b#
zdRf_8lI{Cpu|dcP<%TXcc0$(Dqx*ya^rzo9i_T2X>}5a?_xDj>CY*+LGXU>$Y}O@x
zSn==Dk}{xgf3}JjzbhyQXw!z@awFu@e}6Kf(~(Bi?%2Z=b4ON54Uj<O5cXJk*OL}A
zLBnpG#jXy~<$iOh@G5LxKpa-Ifg7uL#krLozqM5nBL%p!tzN$DbUyG{!O7a<6y5yp
z7JtBZue-LLIC85`%XoxKXihOyUHExtl>O?{^@~*>kZ>B6Hh4t)KzrBobuX@DgB`fC
zKj%9!lQQ<0+gX0MbZ&#-(1YU<>KU*5(=JPWXi~c{<ticKj^3PEv^Hw?k!H#(WtWKZ
z%$0e4;<fhqW!+s>S<~e}hh12qL5lqhK6$g_vnazh=D^AA!f9zH&JI19cx#jQw)5Sn
z1+k7g&@Ciq{ajtN9`s#xb@EKTsAXy*tMk+jtYEXJ_@Sac1ABD@M`_TTRrV*`fYYW)
zBi&`v9f>r?oA~)7gX~74W7_05meV^ddwM%dYtdD`E0SBPm<-m&6w9Pf$d|#5StR#M
z`4^VMp6VXh@f<vv&V3Kt!57OGB84VqON7WnRG=Y7G^hj?cA)VJhf)?!Y3vE*v32Wc
zx^?zlxFL}zcjp?Lm&}&Cy%$d?Szqi#`dRU!8#eCx$KlA#MYj+S*IFVI9SKGeNU&GJ
zMjn>QXu%E^Aj3CCTur$sJT+%VfXvMTxP1wkTR+&HL*#mxs7fP!x^>QJlRvtw*D<N6
zI)vax`>ZQZhQGaNGyr%ES+;lA!m4!Y#U80jX-;mZsqqd(1+af^)>A17f3^oTuXXU1
zdkovUHxMtQ9VW8AEgMLNAs#eG0$OSugtlyfCRdgvUb0kpET5-HJL#3kDYckdD}vJk
z1RQY2fxtqo1c*ufYB)jDk)#F$UJ1i!nQf7}W@N}5Fqv)dVl3;X)HB9!QEZ;e9#SYf
zT#FR}I@@bkxbvCjKSr1}Z>;Md=&EN|ZEpIY5DQusZvPY-W(3<}HCrB)I|yBLDayiZ
z{Wv5GYNRZb&9jBERo2MpUqjt0wkPJF!g=U}4gRQ4@OjjC5%M&}pPnVs?v&&^US2#C
z6%Lb=YVc=6Q&F;edZ3oG4d4AnSiJ6{<Tb_{*`4(X%MQl!dW&Oc0*)*-wUGT+{~#>A
znnh?=_pFq^zq$(FZ1(&;9KN+nvO6mi)Oll{&}la+eLDv>%K1AcKN3+o*CV(xpMIIG
zlH#70WX0;P<w1s)w1WwLETEK2pRA27C$vc;FUa%fNw7Qd0|&LUPJf`HmUB<LY?#R(
z(Y4)xqN=piJ^_KNrUX0#-)|C0dEZ)p3ly(GpF3EcTXO>5A7^>}de;kXfWTB!M8EYL
zg&g?-yaIwNxNx^X;D#xpXQ2F53!UuB-^os?{tv=R8SB>qR{PVD)ZKY6^Jlwyd74U-
z4okYIP6NGa$>KrSTr%;}L)EnG?WA!t1NLGn{5)Eb(1xb0E?LLh^41Im6+e?P>E~*v
zrO#S%6rSmQOUrVGRveerFBYs96xx`Gv+c;;%S5dCsoxObyUD*Ws@3u5`pa!rPI#8m
zE2lo^v}}8=`j#Z>>HnVYT16q&=%^belVvPzwBAMA9s91lz<9`_2d?(DsJ*4gjYK7P
ze^aamXC3U~N>bAi%$JGR9ziwMa^vOpmkAHhxdZB{lytj?mBmW+JC_j3mT8FYk-W3Q
zU&b>8vC;iU%iQ9Xi)Mz2M8dO=)5M(a04DB`)d>5?s^w<!^V4!38+C0|%;;ZVV}Ew{
zUf(CYE4GTQ?{sjnJ`C}U3_nwXCC13;X=j+154FE8V`sbf?I>3;DT`ea_Tp#EzFxPN
zI$ZzMD}&0IZ%At!Vg$i^xcNPSg8bz(VUrJ$k%of>6-I)!yu%m1RS{^D?u3Lh?T7mU
zOUDOdsqTknffO(XOiujv0;F~Ade$F%+C6Vw3i|k6$+}%+g<XyGKaEZaqipj>e^V}Y
zFZm}gdP=oSoIOvHJY<yZn6Rr&?AWj?{E?^RRqSqa&u(!<6ww30;bUa^NPfo8nCa)_
zb?o6|+=^5Oh>L0rPw)^#6Wy`xt(rT`;;s=3pE{{};2Lqj&7YpH7he~voOB+N(}Uh!
z?HQ?WL=~)IBu@i!p(*u?XsPudhJ`5Y8Y-HE7%wx3g;7Tngk@9)Ux!)}S{J6VPxQ^a
zaOZ2E&g|sxtkTfA>1!x&n#oRpXFjXv$R=!4uJ<?9K}XkBRW92ZM>vMXaeOmT426+C
z@AsWn1Q+1@S@=S5p+hNxVxyE_<`HI*B9tA)E+`x3fpF_&DuK*qi2QvUfw^qp4Dv{t
zj~``0okc)LGMTW?7~y7-s?-rnThk#*3oKoeq%rWjVthGKQ^Q3OEq18|ayQ>%L<nQY
zF9*wz76Oq739CSr)8Lj~4n3MAWJx<lRUW?~mX3JwQj^~5KM+fI>6Aw`a6KyEVyaCS
z)`>irmxSi=>~7Fab0ewZM6W2nOa;+IJ<BUY>jJy6Q-f2vLa*tM^Tu$3Zvol!E?HuP
z=9idl=x<vB%NA<Rr9gS_+fcHDY9(xu`zR_^$TwT{6z>MMb4wA{eT4_sruH*<=V(#=
z44NJ?(<JnoPyGMYXvR_F+3@~NvOa@=fYAQWMzjC4nEj`@OdGJlk?f;y@bz0kz5~JL
z&Ig)|cebg;zmPk0esjh#$p%A<bWuub@7}=ggY|CUDCL}xa&b!4byW^$s1Bt=1z9vM
z<oGsgK=>5k+oP4(7m{yz?DF6!<kOpwTUz{Jqo>=M`Tj^J?19{<t2cF9Umc#3ATP@O
z@)q;;g72%{Z84z<<feWR@qTzvf0j%yC%1NDS~t3me`>1O*L2sed4TI>ODAV0`-x<w
zn@Emo>|Q^5yja-N!+G@i`tHR?8}ISzqo|TqQ%E`9`8&BK<<69Qp_!++*;KhvA*#c(
zLXux-rnuyA(x-XCO;&NG;B-KK>el(C*dfLD<+>R9h&gwer1Ta%*3@xM|8GQF%_5|m
zeZAA$kbP=TD;EI$5#<$Krz;cahJUq({87hY5nS2Vv7L{*>)l0u^~AKj<bLehFCi*q
zP48t`_bS><*mnzE8S_4(9*QOFzRG>kRk&k|{VpZJ*W_oENV-E}AJQJj9)(n!;7?Po
zBB}_=gs(<7loz8l)aWJtnqR@A*87dA@)_+_GadNF5Bd1l{s4nesH?W&<_CNT>YyY<
ziX<K}9aBtEDr6|~y6~uQrp(~4^D!V>JU(4|xmUfX&24TYYe!(0X}<1ibAgn1Z*^{u
z^T^EEbg84@Kq{J4rS;#VZM`6J?R|tYFtkHUh==savg;oz3lY6|otZ2QAeWLakQVjy
zT&Q&=>+P8{_3oPO^vQmrI&6I*onD-r9R%Ko+C}43&rtI08V2fjvZ~JNo)xvU61R_Y
z80md+SI4GtGjmqx&N;~fMKCHugM8MClVpOLDxafC=eO?eGGi#~dgA?eP6VRzp!_&?
z8tw9?yPglt9FWPa^?R))<S))J0dndtLYCU6I3A7dahpEI`aYZai&J_6cAf4nA)b!9
zRRF!oiuP4?!BsfW*_5ZQr!Kwjzt#C3k7HYI5IMbhvYVVIfRuR~_=0;XKnJ^fLPtXG
zPKW;PjJxJ{NA{-$vd+?!{@e8WEkTw&8bryMU_tZO8y~=+bUdd59jdBqNda)&<1ogM
z12(nP)KF!;_$I28B4;f0W0Nq^vfYt`2XH!s@521!B4O84Pj>gEH*~;ogSFdWQznAp
zzPwtG=I&C}r9BhA0Kj>_xrp!Ha1LGu`t!YruWK@8h|m4j^dhJnUa)=U_(N1)eZ<h#
z&FbXxc^R#Vijbb(PkTa=fqHuT(7eRAD-%<!Ex$QT6{CH^-2E&ECM){=df-on<uRnY
z!o0TnfK!P%LZXwp?Yj4RxRsgs3oT3OWYttQ8pS6*0TT;kB-X428-U9kDInhxf=ZX=
zMXH#7O|L<}v9I3FR`KcmXwPOSD(&q=+u@I0GTF)}jzh%TUwqZ+ie6TAdtc94xx4z*
zs*d*6ej>NiJ)WF^aSmF#Q=;dKW69b~xA_Sg{YmM+_@HDNdPlO_9G^F4bzL*wYI^D_
z4~?$%?4g;;LhRT|L=eKSc3b{Pq+W$$EKE`qhAiRAMMyD80*W}KqY`7B^NMEIx{;;F
z>*^2pGi;?+y*$a=om+ZI*J?{Xbo8FovzkN?hwnqy=qqW*x<$tjFYV6lW-QcU6jb-?
zC&4(snD6&H^2aOS@69%W?|?<X1oe_1$Rp@%*}csHsP$7+2n}P7d>5X)IhRZ@xX)nK
zE>{^unAB@VnmA^G)QJjsgmlE={R<3<l9^<2!(2ZSh<_H53)?|6*GhRoJJa^NLYvJE
zobIa3FW}R**QT3INl`1=5j8K4H8^(TIEV1Ur(+E5O<JWK9j_X~DB~L0SOgmR11lOO
z<<APFpvj?)=p>{LX7|4jy*2waADh-^)<{fV$rx=U{E{BiC(gMFRIgQzn8bx_(N*@t
z(>DI;wuKe8+doD|8VyztW|JB>PN+FdxzvA7peY61<v}p98#@-VyHehKfsN;2D+9|`
zCdVp%U5PqOBB_u%gfkXN5m!qRjlvW;cId@MO{Kj#5OTo9$7iw57M^9pz8}l-3)Zt<
z2`&UKOjK?wy7xlS8|_yi7vBeBFwF!5MPMvcEbdQg6C!wGGN$Ak3OL5D2tw#ebeGUi
zu^t-)Q0n2v-7S>)aK-YLmlUAA+)B5Eup=cOI*2WMx#~P8g#50SeZqSfUTsVsoL`fj
z;E`RDO`|Lw)J!hsZjrkXJR}Qy)yyS!>dEJ7_7ZT4Z|_M>1Fdift5~>O&I8_kd8~i3
z(Klmu^$i5&_wI4m>bBhq`~C>H4>mp**|ks1(*dFbndHL=@xr&Js^=DoRol53cdSwT
z3uS~9nz)4XiXjy9S>=&sM2hi6PmqaF4U5I$HtbJMHLP{Z@<b=8b;;n2g-s6LRNCc*
zHiuos2wDruv-o*cwXaTB8p!$I)$pRRF3J1;N`BN)oq090PCnf|jadaBk}Jri+*t~g
zMiDeCBmSny(M2r~eI_A}XP}B@O7-I|HbP~>D_|j|0Zq02os+`|a?PppF;K{2z+l`5
ztrQ0`F@_xMTnKAK6&ESGgKn}_Wy7!2>9;+qwuyq=y_FV!dvO1h<6&jj9E-nuw>>hm
zeT*qN9_AK_8B#r;MM*{0CG!jAA{yTy|LIp7`}h!y6P$l-ol!M~Qd$_4up}(P(N9@L
z%m4uc+#8W1)QEEp@h57?{y`^#^I`!^Glp9qsT3&qYZu5l$6Ad!IlNYZ)Y-|g`ET(A
zSU<&<%ea7Pq_XfJw6ta<czB`|A_8+T(G&-=l0hw3E+O&_h2BpJFVo#1xF95%#??R1
zA{I2g%AQJj44ypSMe4c1z7gK#IgG$}zg^-bkA(N*bq>D!7Ejm5ICs&luY?O0w_yZ(
zVU=CnmD#>UQf+Zq<+S2y{)Gl%uN@>V#8Br*b+g}H#vzcDE!7yf2lewN>qO1&QKqF@
zcf7saZ{!lIXZ=i$Ppe>{r~jnU$M?Q+SDonAL9q^-oLaqM%^1=$FBB~rISSdDh%=fr
zyg!y8Jr#9=1Ze>z)jamG>Ng9F9QoPZWhg@c&+o<>n7IWyi2}z;0@}Sm(rf4chpu~U
z4lUZ&1RUG8ZQHi9W81cE+qP}ncCw=#+fF*?-2T#4w|~Q`nl<LL-to?Of{^xoEX)K9
zl*nm`kPJd0UMPv8KtLiCyb=RAsGX2eb_J}G?26p5zP@#jyq<?)p-6+RS^7$S4VEYm
zE2kSfNJ4&IDjX<6{+YXLw#1pq17Srz7;3%=$c?Q0vYEy0*evE&WcHVGKkrnqhiKDG
za{(Y3f?DQ4nR1Rre=rrYJwvwE_BVqf-qiLtfI~b&Te^tU)q+L@WvZ-gzQT6Sq_uxS
z)>9+u%IFx9&BK@i^p<yOGK$Fn-%L<=SqzyY(J?YqaNJ!+2~cU3ZyZVukXjMTYX%qS
z=+JG2SD`H)-YpzAWu?A-Fzsy)hsYr`B{GVH2vZOo_X+(H%4mhZ^Fw@u65(%L<z27}
zJ|bC)vafc&R;|dJT-TZfOy@KV#oLBveKu2ste#B!gHw!{laN=rdX4<L?yz5K1e<lY
z1#_sOGgB;+VL~KYMT`N!Uxg6)5W^tb5+{_A&C+{-qAT|@&cp3&RTh?T#fmBcC$)ki
zMkptgGLi|9OK}P#gbR%##wdw#$YQdH5QRxkyW8U2<U<39u(wz3t*mgvw(26NFSGN>
z{rf_L@9P1GMTFH$i^dY57cgE?DyCv8ge6jP?{u*g8CzewzDkAZhzrgwZ%uap#y5xE
z4@_-X4wu5l1ON`zo+El3HKZw$61zN5c%<b{<0*`4KJ*oer9oQq14=-^2Q(AH#Rybr
z%Rit>z_GOw;L%wxpm@55pLZKHipCl=ltZc=s(7H)$lko3QMdI)O@MO!sTW9IKnw7c
z6M9Prw3a>g>?KCf&)29t^u|_yO%HdsTJ$6fCY~$QNJME&2TJ;EQRolb2J~4@P!V{`
z9iI=KP2=Z-QY?K(^5G^78}<bZ+X>@{YlK=dggcj+zl0J^{BlNYqC``&aU2qkN&ZQ_
za;X6SNXTE8UY66g6_{2KwF9S-m%fg53J<0Rrn2xLQNEsRwGo{I<1LccQ01t&h%{J<
zjfo9a)^?!=-tJP*KN@9aI!SZ%bY1-c!rUF!CtDX}dqz6$Q0mkN!wAU;NQ88T0?9P3
z^5k5mL=!}YvCE>=oBwhR;RIho(Q09#9Y17oyK^f{hfpu<+ogTSTdlTNEwRhsJLZC&
zEcc6BX0YZ{@9eF4FNT73Le6BEOEtHdPL`ezJFyhzUcj5PcOil;s2N_iA^!D;;vbF7
zeE2xeY}-&bH4Ke?y*y%Iwff1&^$>OX9Pab-#<suVd3jb_bePG*PbmiB?4oVem)kJ6
z7QmN5dh48_M%T+MfjHdy4?x2(qa=zHfRGb`$TKJj@wr+H_s7X%t;4ASzLTyBI!Od#
zl%xm`VK2l4xl|Wnhgo)rdk59Ff?*JKEz@OhWZz+2lp;x%dq{XdP-!s_N5Eb{mE=RR
zzzPp4C5aG6T_p}3+tCc@Fo{g!5q3%!Gev)#Ui&({Z7%3EAn#nYHDm3IghdN?u_2Le
zua}Vng#<Ey(5Z}ij4Fkk6<G-o*AsAu8%eua$e>;oAy9*kceHK^KLQ#`4G?xI0@hM@
zgnb`UBeM^?y{X4&V<?9}@-RnJU~qO(NKsEG<TFOW93heGIfTB9OI#y3o(n6P(UVUq
zEOl+MgB3nAV5do0u6$hW6*%=wS-S!z%Az-U3o)9(Z^7NfHkEp(l(inzG|1r@SFA1%
z14$Yh4l6V8WMa;fk+9jv@5SR`M|!YmZN@#FFo}V$%=XJ9Qx;k~HX4!HTb&j$Eww~Y
z@U1qRXCjF)kt(Kcs-O&FLSfDzm{%u<kVXDmF!yGOtbB;9+$}jJjFi%sg6LIMw83r;
zdsy8MZ)itjJT{8KFvBb-r(*rhpzYB}#t&=~l(-Y^=b@c7klh*}8r8-mqGf2B6o7{Q
za8CwGTk=w#6hP8E85u9Vf3aNc8t~72h{UOR8On9>b>Er@O{DtnIs&}y{=C$61;^la
zdGik(WLamlr<zi(TBO=VT5{2kb<t$$&w?^JqyvDpoq>@INnj_2f{3e|7)_BAAIdk8
z#HE`_M(ZpdyWyb#ZIi_vu(7nEd9Dj}@%yq!SG&<R+-m9v&r%SADSyah3@(w53z(DJ
zGvg|yA_}^{a#Y1pf{ulJz>)_Clhx};(}1`$2-iP$ZAI9*6%4gmJLs)7y}gwYcz<x6
zMvgR2ckM)M-592fO(4PC6`n?t0jR1s&qeWEM+jR>jmbHls2_GkNTCpl04y>9@Nmf1
zz@rq<z;!^zphfR5d@Kv6*S%C+@qI;axwO#X$KWQ#wz^UOsnv(^j^$Xxs>%UjnS~{F
zUPn`KFdgoXj(hnNz4Aet-Jbk32GG7q_AlZKh<O^QOWFgxaxRZt>T!u+zSGeo<6}wA
zHS`3I)#EI{%x0Pdf0Ck$wqxkp#7o){9M@`{U;uK)KD97h1Sz*x(0x#aa7H7WOa{w3
zHV223szdmZ633V7%779lT9U}xc)S3;x?y{OUE9J$uch%MglFyzTb|qRkS(Ky*|=@I
z8p}%PPdIVT2#08L>H19#q9KD%=txGibGm}ZrDLctlNbI3%<KTc7vJsHttJ^+i59n=
z$?~-|KZ%RAb$~H3&TI(?xX1@fwVj@v&VU)Fk3#H<Wn%qY1J(r!Au6O~(|Z2;F{=F}
zGf1s(phz{$D52!~g4m-VCYW}B{J|fe^`1ZBF?*LBpX%7AZTZeoed+qb!DcxI_T`Z-
zp#uR@*GUE~2||lz>Kf?Q%tMydnBYn!9I{3+62@t*2nqQT!6^DF6iQ$;2n%(m&X+HY
za7ObDBHU+;(yn}K#m_c__o`_rQC1Vbe>E1#7$J>pA@UIs!0B29_C!n}lxvKtFGq96
zsQONFdd0ez(g+M`>8CMja^2qFBcnE~Cx@Sd!?7-c!zGJN5z{0rfLBS$Kt!36{s_k_
zh%=5Itb>xkXCWX4Q!`c9scFJU+po=r8&0pgwC#?|>0#fTb{}q!Bj-ZB@q$-ObphGt
zf<|~1?d86Jd51ZP{H)vr9JTgsy00Dh?YgA?>)Hm8u6x$S%|`7?^_$Ybtn!;gF(pia
zp+rI&ZW`{@UB(bG8COTLkZhWJJ0G9Bj~yS%iijE2(CE>6Psl+fgxrEH@-Z+wTDKTd
zRdKo1{LIBS%6^^Ku*OITpBS!*B6jV<&uSM@!Zafp**KXV{z|M<=KV}eG3y(l12R_G
zYGLz@GMo<48*ABbHz&T59_l$PylTE^I=m+s8_98BLkYnxDM;qVdM1mEE^dfb5OEK6
zH$<5ifJ%lO^}sn}Fs&#VK*IBteNG!&)YtH%$u!}u>$Iwdqye-xXzRT&nSZg^(WFlO
zrJV@(jqcgBK3{t#IQWZ5GS{-y)c)SnPKf?UvbxO<o5nBK+&P--R(qqv?h=IM@1OrQ
z_(h==oy`1O6h<BWzjN9D4SQ)hZL|HJN0ndjI$zBn{tz!wR@s!g%(ae4YX3;)RM@r7
zrPw!wm0B+=DmL|+_^tgW@BoZ=yH+~YOHDW%KobZcaI&Y|W&!*AzP?QPu)W8tJT=kk
z!v2Bt;QSjY$B~bkS{vHkEt7x;cS%A$wElzkcCla9jraXE_VXFnN2|NibO(@2cdoW^
zv9G#BqnnenQdH%gyTYFw)$Q+<)R<`o`>Cmu8&h>j+{~4iqZoa(!ISkHD119lKAD;@
z=9)ZobmpCl8f8~HYN`&%T~k{U-Dzp%C}|N*S(}gc@+^|(9~>7uX=?b=p#Q7pVJkfn
zmRC9QcA#@)`*Xjq!<rr&pgSa(FcUyC)buQ-HS?wEZ6DH9Ge+NK_<U}vG;<}7v9)*n
zgb@BS@$F?=cf>xU|BpWQkD9nz-*p9dr_}Q@--WJy>$4I!)o#bmzWHj*Nt-uFk}u~J
zcqZJ|-|m{MTD`TE$ERC83n}4*Vw@5MA)GLr5J+~45*c!p5=4{x-De9Ty_m}Fh4-06
zv+(VVvNvay6c<hlUyPIo*Fo;y07|0nBdo18Kg?>BKSKE;_Ye*#hA5Q^1UTYUOjI%s
zNS|G#z>ggtXJQVkv7NZze=)TZpv#@^?oJ$GoF{6t78i`Hj{m!;NvdKnki3~KG7E}k
zzaR@|pkz+TR!ZU3Qht71)}0M+z5i4nh-q&($tRHJvr-$`qn*}t#*s5?dW|mK&y%Sd
z1ix|lbbFB49Amefi5e7l>ly^=N{eq**s-w{d?lE@qSm{JA?2H`=D{Wxd6)mz3_yjN
zPZj#C^We>cGkrgpraeQJH7i%)Vft|)!I1$#sfqP^X1}!Poq6P|(szWcAAwCB>m`;L
zBSvuQyg|0y+Cs)qcocN`48HYVg-4734CMH@e}sHJW76R1&PO|GsR!Itn&scxi{FF)
zbfD^loO&q#+yVUxiKCekll1M$C{@NFZP(Q4k*1o_1p(FjhWec`EtT)Gks2CQ)%f0h
z(^&(*2<c|vSP8>o`89V@9axdsLupCST&gMD74s7#9r|XkV6)w|-ma!SSLAriLiRY1
zS|GPF-FZ+<b>f%0!clJ*y4z$3asw`Q8L6oJ7HPsd8Ps3Z>DW7-**5ZKxIEK)H2=cx
zXSz~|S`21<n|A+6rS<RQ-^5xAdnD6uo>FEjE4Maw==^wlap$hC%2HK`tqa692NwL$
z`<}0h<LA@U9OEc*lMYRG&sNX4#g7_>>v0Lb#I0yl-m$Ed{TdAU*UOfj+-!DzcJB?X
z&ED8g=V_YQyt0c<@db=e;V@Y97u+>jXNh3$E6>ZFHB6*4daJc&d^O<FOl+z;U)0jj
zrEO()@><c;o;+;=ukw)b9QZfYW=co;UDWJ<Ui0xxn!LNQ&OPBDrYoW(*?>|Ua`jT*
z_FmYB1`Ic&YZtBgat2;87&cC+s?N9X;@G2}d~%!aJBusJT9SI?{$(R^*-Av5!km3r
z0E;Ex=3*_(QxpU*P)H?<@hAa>C}I#3lb*<gRSdW>7UtURrWW;`3n~H~H+&vHJvWB7
zH9nslRJH)ckSb}-?QS>p&+^z&^RiELEuM8M(vlL<&)=L_IquEO$K5;-QDe<#nE+3N
zBOro!FjDhtI9r6BfqSWpuV(Q~lSQ4C<32ez&rmcUBDb$;tG(sdnMai<#v|1#$asXe
z!%#vY4JlALAcbLFu!PGSC#S+>kjjivEuhY`!k>etOTt%mNvo>*HlGe!W};HlN_NDq
zr=ruFE{T?LTYD(<OrD_s=~A&94WpEC@oy*~j06D_iBJs$0v7(mp@`!oON8VB^`N%q
z0_QVldS}>4!q~?g;UIkgOWG&Q#}84bFOHVM4Og2*1<u<#$aLMwinJ5c<RX;~VGOy>
zK%64n7_D3#vLV!%4CMJFkSd(;A22Iy{<_d@U?vC45+Tndc2@&(LK>rxAdWSbN)Fff
z&8nOo|Fh)6I|;G5-dApnii6*5ZLu`V+TkF9#T&|{RUI-AHcUurBffQ4{|m#Tbd~1|
z0hC&bfg&UTGX9%CV<HU0M5dJXNC!#(I}#7`Uob1zYYhuPHQKbliLe-<Sjqa725?YV
z?VJ#CqQs91Sj$erb-osCesSdq)-5!H4(bXVo5t>6&r*q!S?VHEc5|7+s2va%qP_04
zKX<j5umufUMrfJS)8LHGy8T_*-fsZEhK8$&cy2cLh2aYV<&8>wF`x3?O#mYYKEhi%
zNNcpLoz1G|LY(9w4|S*TWZ#lfdr>(%U-z$*1xaLr6IeM%0nNk`iCE={Wkjs-MJkaF
zR|w8PW3?YDu`()gDG9}6taHv_iFQdyxKTdigLc8*i0<Eut#p0=RI%x(F{01?derjZ
zu;|PKEgCx-GyG$E7-P|!*C(HfnVKiSsUs^6EMx=HfER!fyz$C(Lpw-LnGmcPkURjg
z&4^mye+NMdX+YU;js5984AF1Y{vIZ2(XTHSh+HfLnwm5MbEbeftU`kcJwPkbqov{3
z?hWcEyyYw{@%l8IoNRXD_qnX()D!jzlJ~>s`^`5dp(NLBG|T~$V_Q<5{>Zd1+f2>h
zFLHC|7&keB<m3`i-)mUQpi%(|DeM43e@rQ>fZ+e@W%uf&C{d3p|KnxS1efXrFwE&5
zd5ffhz}`E7%{Vlv%@e@r5XhOF9-ffFJ{bZSBU^Hq<<Y*D;S{EjQS|}^N{k1BlM3aS
z;zCd`f52HpXmW?CfkWzOy6X!V0wdV8u<{^cK;13ps8CF&e$S{`y^uw!<$Ywq?*Y}6
zjWA4$v$a*%+myD`du-quUkKj{VRi;B-J;oEoDGLPTXYRntBU2ewW2c)Y!MScBKW2D
z@yN!|i}V8oX={ctpl_wuIJ*+9j*TQ+osMJ^MS!>+R^PU@9PdUs@Vuaf@@_s(tJjop
zZ%vg;^G3&vm1}MZXpv%j3@a2Z<Ov57MGO#-g>@43(T04q{%-$fJKSPLdoGQx>sScl
zacGH;N&;D%AQq|*s6`<;br?HvNTqP>+62S~!2pREm2^y^<s^R=DhvXleMPL}{COR7
zZ`cyW$qY-6*N>>2wko$=4GG5bi!&2O^?xhgnp-U|ZNc$*_^5Cp@p&iS>{d}Trf*^1
z&kWVCG{}u(`DHpK9hmH9*3`Dwihe&du)p7kb-^DbT|m1GBtyWV7!bBxrGKW`&f#H5
ztc%{^0dAC6a9bORwno^5uvEp>!7J|ISmt^>WIZ{mmrh5YWEH6lpr?F94^h+r=5>m~
z-DcVxi*c2?g5&b?S(Iv9X{Ib8(q&z$_-{y!o;J;PY%8(X!>gmyUwKuJ9t?ZC!*_Bh
z3!#icA%avS`+vd#38gdwgt5egMkPRw=ZojyS9~N&R3)FiLS1?>_ciVf3mDD?c}lk}
z4f<MMNE!W^_E%2PVva(ZrRrDm+q<IyIg#S5yK<xTb+x4lWZ}w)gegcc00fHTA{;^(
z<XGT>!7=B043pR7A5NRv9X`rB5-#GTi9<}NWCr<31cC-s0_2vM1p?wgq>9E$rW~^F
z>mfp=4^wWc9p(6>2nSnUSw53hGrgURuU!#aaVLH~<6?d~fuR(meMb*S{x<;Q6eXj}
zHUGn989H*-{tg4RN)yT096Y>~RonbuPJg~w+X>lR@|#ltDX8}B(-W|v)KHb#6hK9P
zxvc6Oo;4r#4%XbTEwL5W-~Szq1@YV*_&;1`^~+_}zg)KEUp#%q&&vby%Vog-;WDt|
z0atwmmURsJtq<&cluOSofAV}AfXD2Rt6D&Itg*+B<NTgpHr1UQTSK)zu3n9ZS$0eU
z7nrf|;@B>f)J0lojZI_vVmG*0yyel4$ByQxBfVBf?}-{5ZcOXdwO=kn9C3|O!+>_@
z{^c^HUoNYFJ5*>2E|&j)xXkrGTxJ5M6-a%je)nZZ$0n64TRlyAFu;SYBOCQe=g=sN
z<UJ%EB_EOI@*ggfUFZ->puH~7J*r%KD4i@#Q=9qavMlY^x93Kz+g@89&}vjiLx@O7
zNJMl*0x7hOHe_5z#4<ug^7BGc8zy<iuzW3H=$B5|j;jJV-QT*#>sS|#ZCZYlELvO3
zmX@ioZL>kn7W>6bQ&{sUcaGM{cLoDD1Fog$3beL=-si5mX~^eq-~Oo&-~kLapvSr3
z0XQ7DMy?*8-EpOvokk|Ba<A<_8F)Hl&v|DJY9j3TJl>^aknp>QGI6N1FWF}XoRvw3
zTZY(ZEj43okNYM-dTO4a#55}`VmLhdw?IKCpd^1NMjIgdkzrEe<#D$VZpY}b)?xl%
zF0=aOGMnl`>@dy$a2Z`3*y%5q*=B3Zxj#NBL~zXW<nsWe)L<SAhq{C)&4Xrw02)L@
z4CRivP8d9_rR~w35t+y%?2sy9j`}#e^|gCnoz|{LUbl*CJ~1p17WH4ph%mB0Uo{8>
z5WoaLr#R*|iWt2A!<vVn8Am%<pVz@s7Tuy4RswXay}CoN@lRK>ACIN#S0#R#_w%+m
z=zOKSsY-w*s$>Xo10w__He(mH2;oFxF)S$1K6s@zb(fF+=So<{M&fekSq{Tm)8)g0
z&=R)MuA)@6Y6lLVb75oJgdKnB$T&rg;`Cg9czd1BdNk!?DgF1{>YhNhxs(h^0tuNg
z*MEOu+MkUuAwVb^*wd2Yc*5F(do9i+8m=-YHiJT0WMgC^Hlx3$Kz>q&JA&fxn#lqS
zVRW%n;jbwxLYPtLvxw$5Afcr*B$F52{iUcJrLKHVE)1if3ZNu>{Uh39F^@N^6-GR2
zNNza&fyF4NtRSyqX`D{buaQU))FLQ#r#|SXNm7>CA0`^z!6v0?Y?%^*hVi|tgr==@
zA;}3Zt6!04$XdfMzx2J8Q|6I(dUr1~t+*75-YY|~v3R2eNAR=z^Le8)I2x<do2P%r
zs72<Qsu8)uH09>Om^u62Mf+baQ$zp;Yny_Vh)iH3frNl-kosuNjehjYAoUn@NgZCN
zwfX)h_*;K*Phl(TWL3~b+`M(4q+!@&6A`io#Oo{u$(X+BHVN{VP7n+zt6$bdKtl>-
ze_-j7uM`Cb{Te<S0jaaUm9_z4Z@_tA@#dPO_bLW%w{hgF14o`b4{X4WA3oE&H{E2$
z_29W{{m7veK$vGPs~gLoYWgBg77t!RbBmeFPEvEJw^Nug)*^BVB!ndS)-{I!nFPvW
zwvfbhQQygO{-wCM#awxbPxQ8anZ+m(;^L00CYm)>%QK6*=8~M`+1vadDg9UX!(!V+
zb<F23QB!3dv@8(LIm;kqA<Mw`v_C)=1}0hw)3Tt<QN>g<{KTaXi4z0h>8JRZ-Oh<=
zda|v2eTt%&p<7zDF8Ah$r!5>6aQ&jM$3z=_S?xhoG@tp^IMdrgE$*4sc~E3JiG{I(
z@k2@WJxTyHGBF}$kb{7sYa^nM!f`Tnzoso~7q4)j`keDr!oVhjS99*x@*v0s&zkD-
zqXKf(^jUz|b(5npE$iP}oQ8QvpCbu9<_aZJ4oRXI3G=i|WW*u`kYAl5K>F1wrR_Ef
zxt})BMDlHP_o{mDm8(WWGeto?Wfu}6!C_cH7NCRv60~uML?W4%*!o6rq}<9+T{(vH
zJ4ms>@RV)_qh?Refm3SR#fFN#8G*WUtNgWLrKWi4;%2}LB*Z|W45=zYiTt5(BZu?B
z*Dz2|(EUi~kI)pfoz=k<=0Xf+SN?r=$H0ZnHt-va2cJ>Gzx+(`oz)Zj`*#GcdQw|X
zc<*i)AK!J)*7$DKbDQk{zCUUgc5m+W@q2ib8=d}K;vK=7mDGJxDyM_0FcnJ(Ajlhi
zY={^kqyQQ@l#|NhKP0)w-CuPLRTY06RL`44|BLvqNx}Wsq?S!Er^+o)T3(xA-qT;_
zEsXzTQtMYQgwGhrT?9cSOj448OJmvwucZ9QZ}&OlMPrA^Vl6wudvUrW+OJ=fR<TiR
zi@q=$+;sW;Z1SES4%&EY4reOCIeKZ6=QTUgf$7DI2qcuC(n*%lKq+Jr(mDF|`7|&$
z2kkg6YPLs4HaeDB{4Lhg!3ow=Kc-UVi=6byP_-*Y9`rgyAsAV5yt5J*VH`TXV4uM<
zk+S*Qxl$WiO|rGl7Ll$9FLEu;|2Fe1?{-f)-}m-aqSh9~@q5K9O<JYyFH1F_-7{6s
z_%-zC#m-R3-fjM{qoH+0xh~w)-Od^R0jim5Wx??edh^(I=~G$%dzA{c_R~FES%NHm
z2^lOcpX#sKGS=ti*4lOAvw5xS!0Q%E>%e>Iz0K<8rj+u)KV^xt&TiM<XTxYorPoj`
z=7G@81o2K}^%w0VN|F5|bz*n-Geb4%4-ytap`KJ*u3w(OYo{(rbrf&MMI+TMGTBX2
z)WaN`kx)kqo9if$+XqqAmzKeNL7p!~4>oJoALm0`28Yah0baMY=baauu>!3J%Zi{F
zH~y$XRbX)0@zNmi?l{*E;un`Y{rHVda>&_-DJJ~SZ_^7W;Ai{QnK@YFI<enNu@_33
z;|VpW&ki|myhIRju%dOe4ygzyl)Xs80D$IT@&w7*R;I~jVE5R4Kg)vp!n3ogAPVVL
zS(PKueCN)VC<~(s@AWaA+rCc<_sU<zwUo}FOCe&5Vqp}dTp~Pd(0(PTWT;UOlyd^Z
zh@%8hf=*mKjch0y^rNwE&E%!Rje!poW!fEZ?@h|b?)vkZoRx=-^@hRfcTTO(_kjg0
z-PM1p|LACGfZr>ts0h?m|12wSnS5-KU~9=*f!bbmmLN3$f0Xfous*WvR~cDK{&!{k
zZ%5uG?}p={SmF(K!%zSGP;ZLr%L4ON#Nf&j;`6#eOV1nvWCTPK2)h6K?eOP^DJq=q
zK|#?<yryG2WS{_UMv9y1%I?pd2OqZ2^duEMn%&$u{Ht{`?dS-Jo^~Ja$Cq&6<3@Sq
z(g;ZoYSiV`Mp`x3$5`CYm!6+qZ-r?RVs}sZ-(tJDQkNcYCtux|vJIXZUy9TXAm1*k
zNe|7TwflE(rP93omAA`mLz=l0i(U?^U3z(szV^<^F%6YyyW@>QTP(^Z4b7qPDvRFg
z&ehbi=2n^}sLVS%JD4-^^o>_THix{Gd*KX|Ys<SkosMqxZ_W3-pQpPu$7Fc`U9%!l
zF7W#7oHqXExVO5fxbFk+i>HfgCZC75%Iq%r^sUo}EoOjk^p~5Ct~8%o@x$X|cNaIF
zucK76v8C74vbip}*)^^ZMPFTQnykB!YezGs#;g@lozl0bX1tIQ!-SZNLL5YgRk-W2
z%Ii=M<zu_K?;H{q1cyOIAhqyA|0058Fw*3+^h%OqneVY4*?(CM86NX}H)#k7+~!#)
zhmGZtRqtUAjCOasw8Z@w`&UGcLEmkKkzk7D3G=Chaw6f@IG_@t9L*exkg<b5%?bgG
zZh5|FCs&VJ9L)+F1N&Ibm8>AKwWe?P@NF2Y3KbYjp<XzObQuTM$W<Utve5^yo#}ho
zcKI|uO*B>SI)A3cuMe&^X!MMGgC2>aJ3N}bhIevl#q#p$U#%EaP@B9H|21X&91vuN
zG&w#p=JfDZ@h7!5#gu6~DQe1Qg^}5>M0;eGB)KzUuIQ!KQ=s*O&uZ&6T{JDw0M|0k
zk<A3TWX{RC-)_gO4mAT3d#~!5YA{FbHc|_e2PrVe%p{Z@GAh`xd;T<gokN+<_l3vx
zt@GU=I=X;Tf6&pt*uCaPjhr8O^ioW2VW|Ul`}Ah`Fk7{~b0zYKWi4OMm(orhEMbKx
z@hU*As7oM60Wea5Dwq$)8xRR9tp`ihGO#_`qMQ@z45fwI8PI8~;YGnV(30)M?a=4K
zWUa0OctfS6iC(!AOF+GHccq+$#6xjELz2jXsDarj_mC-Bt|0KD3sDQfCw-C9bmO%>
zascaR?zzJ5<^XOd&0jFdqpvkxrnJH@J~QFBS<&L(jBCqyRY3Evv74}2*7Ndk!GWS}
zs|TbrA|AlhvJ`+RT81wJrjaR<FFHU+EDs!)8Gf3vYNG6;pedVHkrEUx)OTvdE_9G;
zc5LxtzRYWrAABE^##^*??>v=zC(Y0^r;ES&HsTMeXpO}Jfh55K4pND&+J~UTqPi7w
zlNbOSd>@xi>R+DGXdd&1zvT!<Yax8Fu2k4@?^%)Us~K>9!xH?PXsDd3#*<fDKDgmN
zzxL(O3lkB}Dw>k#M@Lq-JCoIM7qGS{k_kXMRIfZVjWn!yB4a;9!RWBfz|>~)NKZ>)
zs1?SsR&2j>(Yf3k)<?cjcLMPl@lT=<VuR#Ngj6IlRKyS~9-3gulW7dGy56VQFeyEH
zGLip|_}MxtJ;@qc7l(yS<GJY&UXl9IS(xMgz6I2UkDMcBQ~1`Wfu?DJ8ZiKBMy7~i
zIbwu@jMGOU_z6@#>JAz#|AuL@k@QWPv`bpL;A&q;%rgD5ge&yY!h(*aw4x<*7n&T?
z?6*3Yi}Af5X~KUEKJ%tpG9lMCyFpKB+c>{2yriT1;C`Z^;gP?!va<-#PU^nuu~?E`
ztL(LB8k?JUf&lMwc7=8HTAkkFR~y{XIIsSY3?1|fbooJ-$>mBpUToTu)Ls1>=q#_7
zX3=+9SLIruqgG_1$Z3*XK7@4Fsp*&NF>`hb{athgRh^rFPm^D{&_%V^9P8so<H$Pb
z#Lrom`)U3I1nG%4iXY##Q{7<t?iMsaK|Lj><564xs;0QQ6vai`CIGm3S7(v&{hWwC
zY#9sN;JJ7yv8a5;I3vS@-XbG9Xg>p?gc41KM+Rb1O)7-~2fAO-$l<FxrJJfLhPuA2
z-BbD7x<sqIWto9P;YT2%IaM#frXs+dkUXx5NPz8xrH_V9bE#ZqqQWS*?`ia<M3!t^
z{S+-Vw2p{B;Z~4(L@&<yk*D$1cCcjVOuu3c4M#61=#}<633Pbl^Mdi@K6SR&{<wZK
z_<V87|Ey?o8rNw1l2Z>z#wFSR5UqaJnS3+WG<8J=qPHAO!FWzz6n;9I0e>B39g8QS
z-Y)o;V^-#=U|3?JQowOO+8TvAORxex$T}gD2}%@(jR@<=On}#Q1Nm6-Gz-q~9u!=l
zRV-+Cs(_U(AlFhnb--{_(g>OVebs-txL1uD!SjK&=^N$IGvxz5V=jMAq_-$#5O^m|
zSO_4I82zpFVG$F<4z!Q%$R9-#O6ppw3rlzFY~d@miQFkM3DiM2tcqtQjz;RiWj7FN
z<%AhdaDMopmh~fNxl)FNCly_cE!|BSnQ;`sqJWL_FEPj-1|hDd6y^yxD$c-;9!^BW
z32rzbN4gDK<omD7K*mxNc_4>rBW5q8n{Oy&BZ5Sw5_}lXKcS^3WV2X^UPKhMwKb57
zKH67C9<pUICKSB$5Fa8nMvJl;B00cPr8a022m#g7MyM8sp(8tFnEqr1A@a!Ls#%ts
zkxMl4zvB-FtTe<Z#zR0Sr4lxBIa`{VBbjo<c+7MDdw6@QGij*C8^PUeeo=lWrDhME
zRO27brDxTnU%Ja%>nB7@+HLdz<S_>kNLDgBkMSr<4@QN}j<5uVM!)2t%DA6~|JzG7
zS?%$0(){W4m;q4Sz8DL(r!)Ws?(JPl=Mq8*=C-foV1s4$&<iHu%MNQkn0$^!uz2*S
z=%!X41PgHmTJ}petLy+!KEGrmgM$M&-D%N}01vtA&$2EHLkG)NT5z?64X}glYlmeH
zaEg@=5QqjgIyXxHwq-y6S5H{=W#`c4X@x!ub)RR7B1g|YTH;(SZBVH-R2n<qO5*Vv
zvD0V!mCcu~!j-}=X5Oa-0(W7HuyYlaiN^yKd!B!fA0_ZAjsp@HMIl-d12T#@R~;|6
zGJ%IiY|MYoU`{4SYB1#Q?AKENE{R19fJOPe;OPyiSQ_p84SEgn>;@(M5atEuoq29-
z*&9(;6ul!d$lN-)SEPL7QnEZ_$b0tnC=!<Cl?q5Ygm6`Y6pG-sWt6}YU_}jwK>|<>
z)vCM!gafFQeAcF86`@EyVQqhf0e8C5{8+0Dp>45B<CE^TE!36Ok?-idT;RI?mCjHG
zC?gORCM41@vT#2Gz!}j1TB82}MD+ei0%2=jye{*w{~BZc{W>kld_n?|X1MED-+7*%
z)=zN{fAtdonF42UV*sh70AdT9K>jOW7z2?ANh4MBHWh9p`2zo12Zsb;frJrjU4}yT
zeXVEefFqw0--q_ooP$noaR8rL&jV4FASYE+A>K@5+{UHE@tAbRd#_AfTJWaHpV@~=
z8#)IyuY)ccHv8VbS$&DLC2t<b^COa~QGG?wvwxi%K>F^1!~;Zsg2l&0z=-jv17xBx
zBa2A%sbXnQ3FFE&`9k43_)QIrjfDXl<v}NjW{E<b^M7-yiP4~$K?etd8a~~=z(3%%
zXK3-aPqXpKC+L3NRs|h=gR>Nz#WH`z19-^nD8se7k8TVa3H`~)xAgc0{$8KTyD?U_
z4MhQyLehXBLJm<#Y4gIt>UaXggQ$`$FW*a?D%aG2W3B{Kjfy1M&4nuo*_oUmRM(Hz
zaA)dA?kCt3X<A0;AdH&4N{9+DZnIX}*_p&C`k+i$BTqS(o2VhOvNSe`ArkBFs~aY?
z(1;+G(m@E6G?ZO)KM=4$SNESfEmYB>xR|32Vk}|#4C>pqCeT2zg|>C6nZwRK_NKs1
zC|Sn*zT1OlLt_;KjU%<%-rY;8aVS@t+Phln)>5y_rE9!Vo@-iE*-kmOL6KJ$gqkXt
z-0maNKN$!;ENqluz$2JUjlD=9LA3VabUSppYk9l^@8qA)mH613#+Fps;~S3%o!o3Q
zQj3EkZeF#kUS3v{a{Lx;J{78|Z^1d3h&4=%M<6W-VHMxm07U^As9d$(%V@)DF_n~6
zNQcIEbGaH^M+RG*S(;ScF(X=)HL%kh3c9&XR^4^;$7M~aZS-A?U-qGM%1`U!J!SAk
zf#XDqBj7Zc4t12Y(z<dcT44+ji#?@}PhwxK=>VCg+%bjPL*7$QtsK6c>|;;#Ci8KE
zOL*HQ9Pr2xvmkgxV7&k|^Ei>H8i|@X)CMPyiUt2PQ+p`{GeyMKYmJ@7V77jho`tP<
zj=kf0a-W`z>#sXymgWria%m3?K(<oKv!jAfm}B#dWM8mjGZpZ$j+)!u8lTrRf8a^$
zTAtTj&ELmuIM+V97zd!j6oSzjfC(zbMiK?OQ!`>Ti@=cz7jyZeE?xy>7L*g(Gik=$
zey^_U+@);EM%4ypk{g?wVGCR@;Tqh0j{4<W1Pf%L8!7?`Wn};F3Wx}zTm&2*Nf!uH
z%`PdqFzxCN#jSU;BJD1iC)vx|w6IGn!x<khFX9)eh(e!1n-l3hUTW_fZ}1|fDqGX1
z(@F~QH4omN4(Bw#*n5WsV;dOz7o2Kh3#4fEc>gy+_rO4khHy+=@(3te+4YB8>iDnR
z#{tz?1bSw98eGKbtLjTC@nXewwb=O3tCU*X!WF{jWgUcLXcFyxF!b8MnG{)uGLL2x
z<lY%z7j%)%Oo=rCX1E{UB_CzaMUEfcD!SfM{!rve_qH~aeWWN_T}jT;?j6lYrjjgz
z38Tzoa#fPYftp?-gYx|v0O5~dDHJipM>*mkpb?frNCpwykmb?W2r48FL^+S!a@5Gk
z8Yd=<G+XKhu$F(X0Z{aAYYb+wyk^iWfI9j^pWS(qqaQt>TuIT~%q}}5*p}A-=0*i5
zi$qjF2*U<2J>)7w9LB>TD2#H`^D>QJv4;cc#yZXKkTQ)$njii$jaMpB1@DyUQzi5H
zKG;GC@<Q`+!c&OEG*Irpm62udlz7JRnAH@n;0+whP=P7ilg$K+82eIoKAFLa!7s;u
ztl|SoNMoSuJy}HpN1Br?8_E)R!8QUA<nxr)!`wqPLs3Xl$yF3cG7@GHNfq;9MTw-4
ztc8lIxmb<P4LV1`JW)~#h4*SOd?yHV50B#JbT%NO-gxT7T^IwOG=si0lDDpZgdtDo
zJl@Ml^7-8!bpewc@ye%|bfU}R3RIs7A9Sm<J=(Bp9Lw=$1hhyqSo2jw^TR6C383?x
zU5*WCDwZR>r?=C^7pTJWN@Q~xWWDPCG6>W(x&g6k9_hDf?`3L@B8jv+*~gQJgmyU9
zG{=*`A=zj<9IUNTkq#wy<fM3yWEpfyf@wSHAW{XF+61x=sJFsRq-au7mPgobVd=e2
zK;F38YE`6sXm;pbIpsy}a=wRoKI<2^BWW@X+Z>!L0}KGhkVZyCm|Oe9Mk)t!?r!@0
zWIB0`1Jkq&mhuKBU|tn!YH_v&GjDkM>&!nI;M})7zlE1|$w!^??g*P820I7}#{)Vb
zai2#R8Utkzj2?hk)v6=$&Aee;XlGLw&OHC+#^%XZ6#M6jIqGKQV|bU%9JgnoJ`COW
zb*jn*M)h`Pnk}!?_Cc#a3gDSR7YTK36bTG-3FVZ|7-okOw9+sgAWwG2lh;vlV2Hoe
zT;1roqGku)lSd!bDAvzoXPV{p!D2ekI|x%(&yV^X)jhkU@vY_>_JGS)@S%+iorf^_
zT&I`1V)wEs{o_K4A9^>mMEs_?s&>JeprxBs;8}v14*<gyV2B%Vh5&+OkuWR)DHGis
z5OHf{`ppv=Q~xs_RNyXq`nwK8>><mBLKW)9p7b`Un?zjPki>b}3b#WLQ?U9^qEJX^
z5JL2i<**A;yqsa|_T64KM7{lK#m6Wwss+xvrv*dt0_b~gItv?*nD8{t-+PM1f=-l@
z$ns(Va3+Xs;snjKo`3`>n`$9ZLu?+8V+J$LeOtXSUu3lipR-ZPh@ouA^F)$1oXEB|
zhZ6?Y4Nma~|BD}NyQ1=v!bmI<4+(^FFfa>j(r{>O@<?&SkutIq9tP4_C)3Zr$Nso-
z9oCj`t8#&;fsu4ucdVq>oZ=N`Bde+1FFZ4y{GA1AY}3pW5laa$hR~kv!yv=Vii}Ju
zRK@vf7PKLVFm#@rpV{r-JhkMr5nJ(Oz$$D2E?HeNuq~eQ9oyv)?=VJZN{28M*o33u
zSm>Vh9Es=4AXng&*qI8j99BK6G7{Z6%%Y&G?XvT1iBqcfjZ=|YR))l`O{u7EzsF>x
zZY>jM=P9WRcsO4dt$cb(y1^hqYix?YZ$vZ!$^-*s14PUpa(t}Y7^5t3wmkP38z3JB
z;?Dx655ugB53aVgx`vrLv@LBL@zo3(>vA$^vSF}jL=slB@fCprfOHmf?B&UD$C0z8
zbQ)|WA<KzV*Xu{FpqH*Ho<H8-?K4VWyRw>W+TT@IVfTiylj}UJ{~p^{r#R`3;JSjl
zd8$9mx4!1W-{59LIb9!VuV|ycPq$VI+MLUe#ftmy*%FDc9OsAHx9&Mv^lj%QkgW#h
zQOcweeZv0!J$c<+K&4Rja~4^F!X8OyyUHDnM&8EDZfjLUKaCm1T|a@HJ^W@=XN+;@
zaCfFHxwg;n!qd6Pj9RqZ<Y5V@GM#?mS#-S#syo@b=G}Ge8*P&^ox0etPtswHbs->q
zv{eOQ!9p-b8dZca?LhdWWGNq`{!%u{z6{yA+vV6{a9x93(biG6V=)OQcI7k^#|>4u
zhS!$D*ca)xQoWVb&jvEtt~nLZK3*GT{rK_mHNheN@5L4VLg}M8*A_V;jul#8VuYhA
zR%-7GPBXVf+*Nf7-XxW?*m-I|&!sB}r2j=2H^2YNcaXTKe>(|?G|&MLY%`R`HOdpx
zb#=B-H`nr-_CHOZH20!CM#0Pj4CrDPrpU7Vt=CO@-RMmbdR<NTC(dtE;_#`Zjnt2A
zsj-Hc;%adK43o}^N4DeFTdG_R(sO_oSG__1U)h8bI~u4)008*s^}ov|%YWZY)VZ+T
zZcqH~>+cPk@0%S6Tsp{MiFL}ilCvjs3gl?|(7H~wF))^-o`_8v0Qg|}(ElLOA|Z9@
z+UX^YUCMR#Z>NkX9yjzEF;q=>-`cI4mA+xJ>nf~;GkYcXJ3d+|)J0o4+rM0cr&MCD
zyJ)h^NO4KQpXEE+xxA_S{@VRs#c@7b3|drmi^rXveedN=pX(aY@XdAk?ON6yXiDnj
zo%3wBmOq(d`+#W4O>;W<F!aquU9qOv<tz5~aa5wYZ`ak%K2g1)vUp&+C^*{DSa3G7
znGv?M+UyRpv_7+v^#tYB!by>S*kZ-s<YBKkzjxWfVZG7(cukvft5Kr~&}FWhoDHC9
zdb`yhH>IzV&PumK;m1wd7+8_?vh^*n`@6Ca^P8Rg%*pb4Q@x?xo*6m6KDgA=x~H2>
zr0qC4gg&;SXPv0#q(-xVrp5ng?QGf*9USBH9gm&bCbnj4zCNkN-||>M3v1e4N)G0c
z#FQcoNyleGA(JUeR!Bj}5DSjvm$9IML$k59_%S^oq_K_O@@O!>sO3BJ(_B6Q29EXy
z5f0tx7cI@{BbP)H%|sF@RtYCfB*KkHXkdsDs^C0M_!$#GGk<us@?ymI<bgeK@ibmD
ze|GA5t$C=#3SGAM$KIzc!2wR+y<=r#MW8k%Az*@2#88HbQ9)E<>8C)Qk4t6{gJc`F
zWZ>qgOGD1tdpB^lJdg9(S`Hb3dIne0F+JLke#>S&W~K{U<@T(`veZ~@_SxH+iM6?<
zRgQ+R#YD2YWG=03VlY**FTt@=lENJIc7IS`64+}o&VI@$S}8J-w&Pf7wD8l0<L{px
zBN+X=hCh?Pkwvzq_){^xOQZKy%NU_j%yGc+gt){Zs3{d%{`^HCtHd93gdb{Fi`v94
zb2Ox-+cvWJRG=>Aa+Z+>o6`r&%Jru}{tF{Q1T<XG6-A#C5!UcvDSn@2583kkUJ}5l
z13=;^&hY?@pp-6J2ghr*?eE6EjNxc|5=akj^EXv>TAs`~hHuUG6x?KOTW}+K%op&G
zeQpcCmLO=v3!9>D>T_FpDnXJB6ScenAC=i(CVs#Hr^h$@QpTdd+3r@ij)%(=Dr>(c
zrPt!x_kOeqx_2x~kbNcCIKm5!KRG~<e|1!%d~v=Txh$=hx=inE7k=+k!bu4f7o3Bi
z#>_WdU$sXNa+e5M-99JxwMW>wczPlxAN!Mu$FB#c4=OcyRje<{r)g_`miI~4fJCo-
z`N*c0p&hl9?;{$SIq0PNkpRuJjjdB&NqCdrK*+7KKx2dXn<NSkJz2?@>gih7@X^v4
z8Jzre^L643Cw^?hdjefX(gVBqtEb@eX6~yraAp!hmKx1HIW{<gHgy+`>ZPI<4rXsm
zVX>XHPinD`8XMUr*uj`iomHx&t~i(S-1(QPx8F5u#$s4c9v3+%Cbk~SCXIWQsW*FX
zA38V7U#Rd;)hCVBJ)_9tZx%UTeZ6<SbaHd=g14qtnBRxpLLO`sP&=bRqU=)s5vH-6
zIM?JVFHw*kLJlS3kF|7s{^n*P%wC9c=o&2?Re}TDcz+LvN7w{U$JW&hsuKn!qt$Vc
z(y=?l0>UYjl|~{#iU_PP;^fI8D&_+X1k1DF+N6g5-sPhD=FjT$O%v+Te?AM@l?CUr
z4eoJ@3ivuE(!=C+03{_;Uxcj0*G;tA1x$<XUemF`+Qk~)Vh=is{4HX*FI=w(=#G+i
z@KsU~)l=*1zw9`n={%_}JE+dTh+LXXH+`-)2~EDzxVX@$s+sae&=}D*?ErL1P2x53
zK{Ya&GRbn==|W4tu$)sioKx1DQzjS9@|&K#{}Rn`^UC!M9eK>lE1PYi;+~25^VC^G
zpZNu2F1GB6-ivF-n@pRXv9IdpuuZ#J$cQz05oP!mey6C(z!W=o4m29ZD0<7mcWqb}
zCUUbJPjg-y2f*y{K@11hJ5=$23r1{}>35vxJ09>l8d@a|H~jN8_w#LEBv2gq4w>|#
zKlsK0-golPSGNzZkfJtB&N;^EVK*8kL3vqZA+3YlmBn1BM219r6aqShNGw9c0EHal
zFOB`U@Br{#e|`jGX^E9BbUa1{OQ<M|+3F;GWm3UHydCYe{`77PAgf+Tlq?4Z{Q;BR
z<a?50-Sq<jofFE}p(iP@@1L2>IG6<t*9IL*w5;d?@llLIs_rdf;9e&lSsKZ6aio$&
z<zWayi6oRFkzk$_#w5vmh1K8MFU-N{X++Ey6+CCz>uzP_G#M5x_`FP8yfjf}sy(u+
z7Vx(>2RK;UU7E8iK{O&bqFIK-0vP`}qevAB)<Pz<<j}~7Ww9;eouf0rPk7lCV8Z?T
zg=Cb6q91Qw1*e`6H+4{1I~w12wi|RaG7lhJANWViKZu7xZ(Nu-Jgp!}iU(FT5iyem
zgK5#$B1a0e(+A_AN9~WE^BB>8ww~%9-nW?{&H0*#YwYRDLMGEq^uGZ+fq!;Efq6n^
zV>tS43tGGc@_FXfUm2x}=MbPp{FCP>4z|$&#~fsqjK}=@-S8mX)U$K3AT*%^HxP2b
zBwG;mB}oYfIg()EwBIou1nl<wFDc+Y(~Au#FrX3<)Wh~LKr<~tG6SXB(X!9=$LtB*
z@W9>HnR2nf^DB+$a1q++L;BHzyO;=NupU5ybyPEFnyC^c2vN=Va?(X5sE>#viAzkT
z9Rwa@0R?Y(5Uv|Fc{q{00i}h)Kt>_amX$oj;{`UtLEP8%n%`#W5Qz?$aR(g}^k-$J
zSp=m3uzqhFKK{U=s6Ijj)wV4*Uw1TfsXNO1z}yd0Y)Htcuf1f1k?r_^5hg%Ocu5lP
z5ypJu%MjwR!<T!7%w52ZOtz5`qwp|mdPR3F>R(~~g*q?_uR`JOWB9wPQ{Lgk+dvpZ
zCG_hU`!~SG)##p}7-9mVrf>|=_N*aFzKHsbL6vM**m@4i=5Jhz5kR@Xf-pu%K~#xi
zFagzxJf#jOBXZ^g>Dj1LCb}8ty}lB*@BW)hhZDfbn||y@t|x0*4%j$sCc{^wq*P=V
zNXhUQ)Ny}n@BH)-2T;ujqm+x03lXJ(Vge~r8I%$vTA+wyR)}F_avNIGaY=25R=DQZ
zYDBfthVl!ftTobK`wNY_&zdDgA!B?l-7$u`$wyfy*Y0mwTG?sU|B5TP!kMY+95L5<
zE4#2cw&5dRrE}z7Kboj$HSAg201~j#{>m5ET8yFa>jk&l8t9-db5uuQ70r=J1UL{}
zhs`|C!w$6kmi58clI>p0(yW!GIo>!xnf)%-xbJ4oN!co=mmS~-b9W^T)m&>X^U3BD
z7ebp@c$}l-iqKjeW4_OMx@4W=37&N47LNT4>L&=}hoa8F!?XyCnd;5}Zr*DFy*F$h
zL&f{@=T5krsVD88$K~}u%5T!2aJJ}l`0JFkwkr(6-mD&IKELs*>hr@fENi_%4BHLQ
zhLLjbG3R_+8SplG@4kmcN&=jR;QVCh==41l3w5)6fH1CzFNvUSpVYH{_mJ@TS*~*{
zQXQJxOtHfutc*A+*y@xK4EL9-vY_ie`o>io{cg2Ey|{1<8yv()c^}VY_pKIO`3u8-
zNWi+93p^0N9c$>&H!RCNbkP`(rPZ{N-?{Q_3o`iTp|;l?-Gg0^v#nLEh*xTu;U_e_
zW2gAmM^vUCsb-(FUU#Toz~2P2T0BA|lYFy`=oZtryyF{E6ecbD0@f>wB$|@+g~&8b
z;K?<z{XtH4d`EZII*pl{Ylb}#rR(ix<UZ~MMJ{Q;8b$8XRsPoPnY2{Kv2f4D!Z>wE
z@;8VAEn-Av0Yq(>6FNtiU5&EH7HlW`vo8Zl_dIBk7VqASX4Q!<Q+IsP&^AZ!YOB7#
zUaPtP8C=gmhVv#PO5hqS5Wo`pP61`{Z;FA*&d;{tkeY6LHOa+{XDAwGijFA6)zO09
zwU>N0aBdX(Y4-Zz@%w<`@%Ud_r+jT>?alYQ00nJrWf7okg5+O-W#ci9^R4M@(|ry3
zIP?`&&>`(Mye-usuo&gMaD_sERE$w+kP3)DxC~uZgBJ1Sj|FA&vdt4XBh}p2_SgN)
zC$ujq9t{pNFs~J<hs?Y@8V}Jm30}C>R&8r{P#0E*cF51w;Co9+jppBso8aPc2#=BR
zgq_jIdbcyDOhVIS>S0C-o~OL$LyY79EV6YVrfI|JsJ*Ha*}yxz3uxzF;gT#lgY&p9
zxR*6@XS<o|;LJ|m93hZrA{|p2?4Ski5h}T|rJE9|cFdLNs$SkEIKZ^9QfSfUHyRAs
zUMBU}QMN77`*iKc`!@L=(+8CyKaM*!QGd%@JA1aM`2V@}xb?7kvkiXmWoH4q>r%}w
z32Y#5DiAS>)2yPLNk}G>iHKCN2>6u){UBt=srN=WBGW%y8OT*6r*ow<=P?zs>C?%2
zoa@uIZ@|`vz2P0h9WOP09u44-Zv)^G^BX`hrhrjEs6>0?ml4I*hx>f;F!-fz;P}f{
zAlb69H&`!&Ro3alC3VCHl_c6v4`Yn?hP}bVKcH8)fcK^b&LbewDi2TRA#4V@BULC!
z)ToQ}VjW+Ym(B&6M)=qk*TLF7Qm$byXhO}GmP%qXmv!AhWXifYtmbscJSSLv;T`WH
zA0HzOra?VWKrNwsP)c<~D62{a29gj#Ag6>Hpj1he$U{AxEX<&WYIw2iL(e>lK>(AI
zNm%|Ly6!Q!vUXh?cC3!Aj&0kvZQHihu{ySG&e*myJ4ttJJDudqv)0;g?XPO>s#$l9
zKlAUXQOA8==LKU0&Q0lQy|_K(M`_GJS^W4-FPoM?76%z!nGVHNr!Xj7Kt?TD1!IiN
zOtG>>k!q)?Rd9-Lu7Q~zF~+r)D?J-5=vxQB)x|K6=cCSBLhv1MOC#D2P`iAQP1ws=
zpdI3$>=Yk{T#yINB2qXAha%EpG&r`5k9Wi8Kx<Fxe!j{rQM#!`_)V^oVh9WIar<`5
zNjJ{Ha4w?s{QW@p{oq2VgxPH@Dx&<UXs7e;ZZrwoOOvxZQ`F9gen8m@3_eo{bTMR<
zY6LXCQ_i1;z~()$E;rxPj&dinHs2F}=<j~H2~1rktZfq_0!ag};sZ{5z;=1C>7GKT
zBxIzuvu63Z)G3oZQ*>)sdpR9w-XJb>GRzOrfuZZdw;qC`(CnV3_LJW!F~8z|r&Ij_
z^6!LXFj8*BnWch($6e*w9W44u3^OH~*fI5P%?fQXjV~P|HV^4XbJD$!<*NFQyp>XI
zuN!`c<FMLZ-&tWrB$M7%J4GL9bPfvVk)SC+|3PKKqRt%09{3o=Ov0v_?fXz~zx<LS
z8T%b*f6YkgaQ?1aKR1`na(36+yy~zrOo$a|4f&TM&truHBRa?xH~4To1R|~J@E&;{
z7o{-vM^re<+8kOiEVfB<SM6VPSuIIm?JF&x^W+Bhg0MgAr@;ru@x_?L4mh`|4-f?S
z4fw$ay6_gm`SfwhZ!&i-akS<M)5k=@XXkm*qx14^a9Oy=dwf7)jBF|>q%uH=IRXz^
z5K|0dajR6`;P%ibU|}zRmzR3W*cMPfK?`roG*X%U$*keU$|nAzlVytN81U#(Z}XX{
zZZDg3^EM6aZNQ6YP>E5C5}8&(tD;s;go{@}bag<lA}X4A4&TBn@Qt23H<92fOI>mX
z1st$;?Uk2dnZI$^ez;o`gD{@maWu8#hFYb&|Ad6l%2v;Pr-|?6nMkvUXAQBx=q>y|
z$3q`lrDisvK|l(`{yT55|BE;D&K&kQF#q8V@IpiV0^G9z*i&k<jV#2(6No){sI9;j
zv9Up!qO_7+S>=L+#y5yJf;TGvWCE4s@4T~Y)E;P-5--Ne-S`A~SHGmFUoYRPtHf*v
zy@byiEqYnl#7<)m#r>IA1@g*$3Wyn;a`%!~&1&?~>ij=n>jPivxc`{P8@bIWUTf*X
zE#$;X@aZOh4N|obv$xPwRW}6bdN5Do^g>jrb2q^c;i-32v^wzlj(Y*L&~Y;7?bMTW
zTEwua8$o7YnykDOYrSDwBTx{{mXE)u84OJ}X=hH+I?mz{H>uU{G+3<WFt7aGdyOq5
zf%dkp7{!PZ$8$%}=XBStS2u3q{9DAhn^Fx~y^paPQ8$VU^QrR@Z}z<tmCBa3+1|d*
zFR;L|Er;OiJx+<em8Di!Wqx_-QWL;^6ix-p(i)$j%HR{PQG;zOSYC<IwY0pTN_7&C
z!t2B5F2dh>Ze;UfZL+b==+bhMYZgmI-M3{GbFw8|LBk@!tskX{Q_EA~8wctnSH6Tb
zaWHqe47*DdvcV5r`o4pBKcDLbz!_O3yV+%G95mzs1(|zSuQge&ZP)cef^bx@eng75
zffJI})BVN4ufufEs!ig&6%-qms=QWjuNGdL%1e)|$vjhkK<3&}CF7^!!i=^?uFM(t
zSJ{pUq-c2YUaB@Q$C`>UV||d$AfFk)P*PiD3owZ?ST(9U3kgOI<(LX@n^Iqv%FQ>9
z5VVUr6jKaXC+AUFN@%l-_krv*l+Q7cCmB6HfaOVva0BJrkgQ^gH|>ltmS8$EtKtnt
zJNq*%=Wcl_xnu+vn>k8~ei-k(Gm1aMxU+yC7OELS<9&|fZS>NHLv_{)kB2{(*8_~O
z9G5X4E2O)`Wd#}S@DjBOHv=UTrFDS{NUYen#$CS*x_G6AEH_Uo7uT-BqZUg}g|Bty
zUOmLB?Y(-Sv328K)!T7H5Pxwc8(tAcl?}PG&h^Ap6@^$Jn~C1XrIFrB(^(l6e@V<E
zok&MrGZAKiRsI%&-V-9EqdxTx-30PnU&2oK`=2(5+SWqY9`kxgr(T@((>qIOkN0+b
zdnnyNJ}*|08M(8I-&GaVykZ6DJq2AK7pFk=9e0i><-!m!$EFq#f36Wdsqz9E;>(z)
z>t-tI@hlH=1bXT&ZZ*a?S$|Vb5X7P1R4;;>8K7zhz^u>$a9Wt4I;$)EIgWnKhTOIn
z1>K%1RGlgzIQ%M-d*h<>m~Rr*im3-lIXIWjxdVSq>CtNXq#<m(RML{DY)px2ap@G!
zv{N3QWo^0oUc<DPHsU~H-jZh1I=HR4?F~1SmSF6>mEGcM&5(SZPe5FnxW?`_5VY#;
zxqHdEtHsp}f-vWp9VtUsM(Hn=c&5Z+92`%0YZpYgmwaC<H6~o97XL5}2IDNHD46#$
zM~>;bj{fv!aDt-XA;n59NN{9dMkmoN>!6Ww(&7lpqG#R{`?I2AOz*hsE^;RB+-L&v
z)gA}k*n^-q*A~PX{%p)1Xq3~F?k|Szi-_MA`_b8dbqV=lCcT>ILv$py*LwwIQpP^Z
zOBZVK3{J4x1p+R@%TNFsIby3RBmO{7uxsegq5k~VUBbZ+<j2Sc!LavqWI@iiwH{=i
zK-h1IGS^Kd2wfuH#}BQCw14<tWSmM~qOI3eX~X?SvW9~%!wQR`gCYqsJ=mO8cHI1)
zCT=n2?nHnN2{@5{=Hr?X{~Wz(rf?@46NyE9!4-<m^!e;XeWA1mhPHVoxc)`Ap!oE3
ztz=Yui}>a|H#5UIK7fm<jhW$j@TKO5<pg^m!V;BCv88t!DuI+T-JFLVuazqL)HT@B
zRZ<_Nq%lbU5o&6djJ<XKp9^w=_N<676Dg_>LD+DvRkxzSbM$^BJ;G^F40lAY1oob<
zf<?QpFSk;r3HtI6SiUTHPW*13I_gN8A$8vL+&=z%$1Rr^nQ-z02phErt+%VdSIU#X
zj9*&G&v%kr7p@uLNNk%h971m*h3cKO1!_@X>Bn1m!;re>VEqJ2A0|q9=zJ+RC)@3T
zP+o>C-Hy6v^bS7IaoAt)1PJprXrq9A2h+Q(9glWng0rrGv~(>8)J}js__ugyVBEYD
z{uV3!oTnc!cUbWSX07el{Ks^_(9>YQQ{?+-!w&W%-cW#Pl%+pFBrDlKR!Pl3#x_3S
z?ZFT!5ZcZYXU=`PU3*s1Z3MOQ?ZJU909NVm<5}NI8By_!sX|9W&|74VJ>ieUz8?<z
zhp+Gz7Hc~KyXIr0s`nnCtWBT!kYfq`?Z@Es6FU+73+WyW3vO2}M7>#eu^4f1l;E?5
z@U!jul!G}~Sf_4#!pLukc2h=y8g)QD&!E?e!pj{+(dMzuTaf!0u-8Y`kD-mDe4g=J
zM0~SONuNXv-AYrO#`<h!qqA8yxchNMRsQSgb@p1ed-yxpor`8LR`|%!nm<IgT;sTi
zO%Xzm<MQJQd~b&yk1keY-kepHvY+-pwx_C9u&Q^t?rX@R9@gDdwlc$d2}<*-%j+(<
zr18am@c(SAV$SVqgrgzEtj6_`))M{pz>TnUJoq!Y0P+qR)9d3y6~<m}(}mVl<ta0^
z#_Y=JE}+&7A_aC3Refb#Xx(GW1JsyF&($5C>I#!99g{fRt=d2ars5Ovzg4RiR2nn)
zf8BMYMEv)U0gnH<>)0Fp*IfsAVLmi)uh%e^mHW3ls!=lhXo_nC7nh*bk2be75_hT1
zJ!xbkLenS1Jo1Dl#io_+6NafKQ(Fr*VY+C$<gJwlb#+b6pC5nIyR1)tQHXO-G_Qf*
z!Xf35;T;xBd%XKxFGa$f1gmN|b3`xk$r>ODkRSYJ-1+;~_wMasP(})UIXijx{9vS~
z-h9{G?82o`=KMmFPmZJ4H5p^AH?X$*YNs|#_@{E|KK3ioU3No;*Ybq*_AB2|Up_)Q
z5y`PkT7w;lI+?Am;OM}Mg|@4F=FxkzMoPv@&i_dzy*D@sfpIbEoz9XlnygWB<09L{
zgV|SeIX$q$Uy~~ZW#0C;*$w(Q3zscp%gky0hP}U2o6DQKCwBghK8ETWtf}jz0aDO&
z{`n58FGFW_j<Kr?mmn|xXGh_M6TX9$|7y=~yFaDPcN=Ewj}9z)c*tiG5LngOB+fA3
zTY9{8HT3%&q9@J<7?s8NQ6%uiox->txo$-ql*BR-E2I4;_v;@WNaiBNRhC}6@+_nD
zvdd4*wD!#d)O&Cbm;P5_#FAmh*<Mf;h&1PL6s>vU9|p<7Bj_;5ypp8X)_)a7)JT36
zMs(u&iAJp_AKDB2tzVpQ3B<Qt`=L9VY-~;m$Q<|HJ2<&eG$>2aW|LNZWAi;nKbp8_
z2}Z=)iL+wWHCHEFak4|IFF5h_5?z}47~I$mr6Y7O!y*p*Q+5b$!e#6i?pmRiL9^rp
zQTj`YH0>D-N-uRKn=GH_5#$v{zp|XS7m|lvzKh}^rM|8}d<tgG`eT9G1Ut(NZ11(#
zhXPHIJ_pF<&mR>j3W8(JFtYOWQo*f={%ih`L&0*dgL}r=cXhGISLJ=Cw>opc8)=qj
zFz10!e>Urfwj|BP^XpKFOmKBVYNh_1DHj>;OLBOWElCnAgt!=<Xxw5n)EkRCrRk*h
z*dkGA8dqm=viZIaQ*7?(61<g~Hg4-hR?LI&+O|p$rqfDpdV;`84PySo#4{g#b<C-1
z*0Q0+qvBQ^7zIgOt%fwq{nAK3j(oHY!$6f|h*{cUevTmI#0pvVvdUI`9ggXH6d7Jm
zOw6<YXNhviU&r)(Gn}?dhqd-BS&us?6n<9_`kueD#DAq;L{a12e_NAbbf?gw67R8o
zZN6atmf@WFNZ3ypU%IG2g+7I9@7%;WK`?@@8F!u(VLg*>j&xm>+JwO`=44<fsCR4D
zi4h@xl*LfnoPXCC6+Fbsqz0w%mAPL%Z8$}YzWm)Js9GA3w>bnwbtw;7Z@sh4=gKOn
zyEt;ft|e#9dOkyE@BzOJTG-ZK)cPBuaN{KEtSP0ely$05_iJ8XI#t6H!Nq=R<gq3#
z^J!Ztu%%vxGE>!4br}o`pozG*d|H7haz~(Z&aPI`>&;r(`;|qCHcPwuF^vG>lw8yR
z|Ad2TA~31%Vv+7m?h|^0&~WO-;ucmauYwp%VZa9vFqlDy3J~j-BCWy5&`lx?>MVsZ
zaVYRZ#op08AD^ag`<W^MRmaFRF0a@b6}m6B2@alIDa3MU%|NP>($w7}5c$dfcAWN=
z?i=`;s>cfSUs7>xjLcQiBh_NfDrdv&RKl0|C1WQ;mNtc&Jpl!#VbVU9khqQ)+nn2f
zy!M@+>6nEn9vu@U1{)zZ5_<vlCeivg85C5uQlSOdG`Dy>Jm&7Pv9jyoxBkKYXqjxw
zh>>fCE-QJ}9fCR$(MO)WBAVTahYpv&d{e*Kz5k3$?0x@p`pYYCwNO}qP9K>`A?g=Q
zje0yrS_ll9Ofw~ePt`C&t&QEikXFG42|A{NW2U!6Wr^Av>l_zaw>JKqWu6l#0>_K$
zD#dsB9}+_LjRs58FEE&K?5w!o$Q3Dj4w_f=v~AcGc9k>YHZgQe_Xb&)Y?<8An8eB_
zD)gmCQrr?EEZa0?58bTof0eagrO;-K`WQEus_*ba>dZN>Z+9$xpZ~Sqmj8x9;Nlu6
z`F_Zky~CGl=G_QHv;%S$J4)DRR)X*LM4hk2@FUOVGWARg^4w}+#Vb>>jXxs)5Q2(A
zLm|3Ai||9RQxLwU)f7ZcXbpzP@|A5rC;%@!MfYws$}|k7`)qsc*evezsM!e4bfVWL
z9i=YQTf#VtkaB>r_cw;fl3H>e!jv-vYk#-{atS9OZmBbaz7;&I<bd=b%meiWRq6o&
zX3fWZ0uZcq{tQeK4nhz_TH@nOB8jrC(Stz|z5R20uLEk|Hfza1+_h>m<T9*Gc>0=?
zN0&KPnz;fe1Gk37i(?3n=Wxh133sPr^66D!!Z&*2zXJ}}8=t!fKWG)MW)QE!Bi;H9
zz9x`%0zc=Xp)IZg7+wwYYWqGjchCa_az{4G2|?^5AKx>r|MvBxty0=Q;pMty%xUoU
z9zOaE)DaeVJbGB$r{}}fPbj*U+^VKTz0sM$L>fIgDMF5ii4;WzG5>}RhNk^_l%AiR
zmV>S#)s&L27ZU5g-?k+kP-pa3zCl%odKBzprIMY`xU}~jXfh^kVwubz)VqJc^IEPM
z>2W8nb^<^Az*d=D<o7VgGN*uRtxo!ox3552X&Pq)OG=k2i4K?Xki?umn1w&><HhJ)
z*+0yB>&=F$9G&R#Fx_Io%btwV&HjS4Ce_8YcMHgDxVPAZj-6*PFr(ag7v8iNC!#yI
zw~48k(!r$rWAk*);REv8pGFY{rbS<k^`d#x;LIj`)`8DuBzi=iGl1@^Wdfd$?mB&L
z*uhg7u}77spkm9j4vRM?o~h=#{1{@^pnJZ>Iw`*K#2xFQ5%gl9ma<Q9@lq;x*?Bj$
zD1@gB;1sRj<c5xY!I3!W?}Ju6LW93x?LXb666CEJ1V-jFB-=P<Kgnhu-t7dwy$OEo
z8T}5ZOysXzGbOZ7D*vIImU1@DGu4av{q4<>kvJ{S*edXIOp`e@Qg(CBt-tSc_3zWq
zjgMCT8}{h(F>JK_N(6VVn7|K;y9on<#%HXl-PPg0xHx~$n3(&(_RiK2zyqwnew>OT
zb#Zx*XrfBBS@L(EJ3z<%Rl>s{o)wMYiqSKJFO_1lAX~_TUFq%mK8Hcw$B%xlMRM>k
zB{s=A)0j+49mtp^RP+Y1gNVI3IUsI?Z*Ntns2@x&nf#3JJV>^<DN*iJTuJ0m@PmuR
z$S&cA8`CH;{v{6wCx?Z?Jo`8hfBaZf&)2L1!_00D#^;ZnrJ-+uIiyL5wgn03?N@f;
zWx1m+KFW9@i8$15Zif%oYWdd--@MXbP^Fly6%hy&)n9Wf5DzJ=6AeNELMA!FuJsij
z?o}a_B5+3d5D@X{u&BtdMe3|b%9`TC>3U)ds)yUNiWuS_3uP3kickp`tJEtDqY*yi
zSnKWHCd4iXno@t1oTu4ue(WS><nN@yx(O(RZj_WW2QtMu%kGs{l<5~xMbIN7LPWW~
z+`Rcgz+>&GdCNy(bSRPjTr5IBSUHmhqy|mfx-L=~>+rK6mM6e(ku){Hx>pR)6ry4y
zfqw&_U{e!Srow3beiJ5bGEx{#S)iIY-y;wtKa&OQzBU=oi$C<qFPO@1twTjdQW&BB
zvNWnY@ZAXN-%G_IDAcoRps8$hf;0MafSQO?=pib>1n%5aKfRuJt*)Wpi^b>6{Ku9W
zYZ~)s6(f7}(QiGb5cd@Lwjk^xgaM6YT}YAN8MS4t-wMev?02!0(d|xEch{&>nh$iU
zR-3AAYugh|?eD<j*{5{y(j(AG<8XxaRN$&5=7_`_?@5_(M9>6?$L;Md@W*AbEja{w
zGjAv-p7dfB*qLzg{B-K`u!CQ;B04~Ft<hfS21`36Nf`>e8YOJp)=JGJ=oyEL12@H%
zta1AYK*qQ^URzj^H&-c@uS@rX76ZN;)plg1A#$(Ml?l;k0s=r{r09{4^28X@;HjxI
znT;VRjIV<-ZgP`$pR&H@?35~MWfPqN8Y00eHFP9LkEf)pnH~c+jqATf03xbbr+M=?
z45r2d1lwSeF@x_k3^lFicO;nY1c+lc?Xf$tD-tai-Ojukc-59iGtfrtxw1dpYaF6B
z>M=s-C)x2N(2PRbowYZ9CBE+4tEdSM=2x>p>l|Gy^y3_j%w^94A3^v#c(fFttY}A2
z<XbPNMo<_sx3;ZqM%~x42A#KB&n<K`6G+{WfFds6*bj25N%BAF871ocS^W~4iMt8S
zG(3+r#g~{EBYvE5tmxWj**##EtTtr(e+xqL42+4<j!A~Qeh>{{j<>|Cj%TyS^JtSs
z)I_4UZcm(ou9mN>xG>S^d^niuIA@`XFkpRmx_8j3HG`%%aId!^29)aiuRQjg0P9R#
zS{{o9x-;~u{o3kC(q$)-IuV-Q(nMn>28i~;XGUZ8c@%T<dv!My%>3MWQS6#;6W<<Z
ztE;9UuBg21&JNsW_y1ZP&YRYz5tS;#;l-B_G7WE0iET3dAo&hJi4oiHbW`MisYsp;
zajk`MTrHPyWzg`LfholY%4BJX(-g8>W6k@QT28S2sePA)#ms2k(7vmh3v-^ZpZIwY
ziLV5*d5<@pt9q~1J_9xrH9RUVfQ9QU7@b(H|APs0dL(Bm=)xAZr$x1e_~u~W-X*(4
zft?}Q#qOxFKFRMk-GM`>G%;DLw|%~$?U)9DZC*5`YnPz-u_*Z}+g@KHcO`e?;yBaj
zqtGxA9P1Zc;fTHqM+;G1g{+)Nl?4?h)$HgG7(3Wzko6Q<b#Y8Ld#lWvB}`P=S!MT#
z^u_r8DZ+Z{`9Tx*{cv(l1m8B-BuGh!ommPZ>03lTTw*+gWbYL%0$fn?{JY$A$b~Tu
z<rdN*N>Zx!XiW@eKZ*Ow%kUYy5T0(3dsn*8;(K81WxK(PhQzWGm*@6c7q!RJJr{Yn
z5f^e&OcL3m4BQ$~IyE6AO)MM7C_;B6`m%2htvW7sEIpKCr?wHoXMNglqt-U-Q_ZS3
z({Z|ovrMk#e1LiO?miViw~S)^VoLG-nMdlSN|--nRrtG@Url2;!%YQ;ao8XeJn|Ep
zsDsr5@u7&<wE8}G>u(OtqtTITD9Iz!Sb)X1d~B}^G{-;rYJa3L^8PsjepEF8bv7w~
z&93hBajsu#J!R`*vM7kes*RKH4&EhIzr!fchTSxjKWqy>E55`~0EZ4+eos?;YCT1&
zL{~GgwBIElkDdoOeCJrB+EiWtMQ!J>)4+{))7iZtn!s)~ixiho8srIw=$Mcy!IKKs
z$)%)%D~N2e!`D<!`#u9dV#gkdIW8pj*_By7lUKfT?(L}>Ut2a+ho%(M=?Xb*!O6z(
z&DJn?lDfXAd(QtvX*QmHPuvx=LWl-k={wjYKS)O!`pbF>gzZpV-<9GG|My95_MG{j
zgi_ix<$fYBF<@rGOeK|f0xxS{yUsM2Kt9!_Zy?xt?RvM5k}PRTE&X;ljh0ZEoJrRt
zN5ybA)?H4}zDxY+6->HW^eqSODJb}sgBXpJAls{vU}Sk(U6Q9Z^ewE9$~()w<=iZ7
zp9K4sKm0%vSLvz+Xgny(g3qxgzix^W{6X0bRu%$hQXw7Sdg8x$rE6i!7?@fs5Co<}
zHUBkLnZA|QsCA|oNL3*%JziwXW}fl2RrXGbw+SmBdAd0t1LE$+mE51HvdaE0JL!gn
zk!z@%1URL?dtfBgI5dX1{rRfL<a_@F{cq#}&O>0ji2?%hJ@>zp2j{=ZL)#T7(H79B
z{v=rN%*M%X|Ik}8nmKq{GMU*yVtJdG1sxUk)u#xG2;wbGqxh7t-#$$U2sBnO-6KgZ
zN>gf(@3IpX0zVe;?`?L^5AFN=FvRD+O)kzo)tpXx3zqN&9!DwK9`7#qdq9|zq<_HU
z$3Nf^FF<i{TyOaK6!>oLY*2>wZ}2#<(ov832R!)X51n5~49Wfl9^QHb^&<}(B~d#=
zsz)a{BU*Vgd)gc}SBzi7P<?=`xD+D7o#~Vs8v+$FYdzt)sS`V84@F)4+ZOSp)a#7b
z%T@+|1X4W1612Bwy>9yCVFL3j1B{rMk?f-0zwMrmaF!gPK5;p8dEnX-mKWh|+V8fH
zbpl+#j&}fW?3|z;hU**J=%Jq%H`s1q%V++E>qO)v4kzW<RP)}+lkR4G`Jc2^%dKy-
z8U_F^!|74`D~ml{aFea5-zM&=WQc{uZJhN}RcCAR%)Z>O?9mmJgHgpW@yKHYk_O`l
z(Ns&s>Pd>3e`mJk_g^}sY;*#FckoH=ht>jkSl*e2>Wrf=-MQECjz-Zij-8{A_nMcl
zTm>{jiwMlSGB{=(Q_9CLpvJ+J)+GV96CnPV0jtGawqw5#dWpsCr0;kLKOIlZItAmJ
z&xYx-COVqXw&eDkZeH&nDH)eGNU};R{j>NzqVLQCGKC^z94T8eYny12ZTMOvHRtc4
z|3e<9|B#3I|00jj|4kmN|0a)WvV7kEA&&rPH=8UE`BO?mec_lil)9zAJ*vY@Y!eWp
z5B?8w6ahM1SG)HIR0Ij2W+k2InmY$6hkVLTqCg;*zTDm++t`J+Y|N$fgX5$A3_OFc
z(<;hg&C!X=g50!y$zpu{&TJKWhfjgrg%80H@xpjIotPfl4>=+#l1*%zR1G$+)Jk3)
zRR*3kD4dqjiSIw@NY_G)Pt^#qgo-B@E9}?wYLEbrX{W70)dF5G`=&Fe*UbVr`Q_&B
z%KmaGuj%3M^_LQ$Xi1|Q)nquYHzxaX7UHd`Mk{N=O;UFWvziXtvvsVrd$PO$i`WO!
zWV>4mhF!u}N_o`%z~&FKsRnn?uHF^BrhLw*<4ka?lLJEhLFh@sWTzT%MbgUOxq3-3
zIQb|gV71!)u~RL9NFPpgKLuLk8W|QeD1EcfmF1jQ#tE!5R{iuJLF#3wbr(b-jvgK&
zW%KCT2OCcGmP&!=N8OAjzpvrpe<q~_WdCgCsR4u*@phcgsa58eKQ@3y`>GDuZnksI
zbt6fp_kl1AMbtW((NhXbc+mU-oQGMS(77B#vWwZL<g7$ORkR)0_-e$A^Ey`i109zC
zf{t4ZfM)#Oa#aZ;^Av$j1$$^+ZvcCBZ|6VIkwgeHJQoTwwQzw(`Bp=<01U4WA}w!j
zB&Cy2c7ac;!&0n^tPUFNPl&>@4r>Lgrnv=gs6rQ>Mo3iz+k1;fn65J6m9{qf{TdSL
zb)Oo;1tV3$-+-10M`oIL$U?$SJ>|J}bUoLc-~bETx1F7Qd%k;BuVYj9*pTAi4zn72
zNNq2|fF6m`9+HXr;{ae}(G(nnF@14E3UP;tXUE9o^Hc;4r4KzSWQ@`nwb1Vsg+h;l
zlnJF^Vw4VxVMEbxqiSZ<fE*erK9e~X2^kc^WD^e`a}#-9)GFlf+X0KPaTXg>6=k`$
zG<kDJ7rM3|PKp=DDMa}n;P9e?!KM^*fRLabgOe2wgDvGo#^P7sjnH7{@FA+1x5I#=
zE%%(}D^^pfI?J@of!%)YpUR}v6AHCAPSH(4j1VI&@W8ILKJ146XtIznE!;n;Y4`KU
zqP49pljehMmOhJOFQemQ?SYEnm@tSxoG5Y6*wywC8e#=jvsZVvl-Vr-36sBoWAkHY
zuiH~GcvTj^jq~#1H5(83ICVYX?{Illv6Evtm3`Dq$M^^gwtus@pQ)f{br<SJOX|^G
z2fz6RyEOH;hcxn(P@-_22q;PhhC`$v7Sy7Meaqg!4LMM+_b$b^3dN##PQR5FN&ur?
zK3<J6^%u_Uh11<=h2Xu%bOv);O|{OAb`)n##a@dOeYC<F@0J8z)tbj)J@`cScUwR}
zw${<_d3_Al2BgizY1sKLkRIMa(g%w$Ne+dhYh-x63)f&~7jP1g0UD7Aln}itb#y4U
zdq@F=Flbdfrz2@8iH1$4%nB8MuS`~Yx9>XwGO^`<*W~rs0M7)*c(Mu7E)N{N-OnQ|
z;Yu0orkiN<h3&gIn1P-{fuwCc{B=FIiHPg8C>b$ikjcX7_GZfxV!19kjLC6U(+Af)
zjz@(jE0=XEyC2@iujL4Eh~?={mwVl5ubMa5!z+qJB<DJI+%A~TY3WXIz|xdBK__>p
zZ6)+M%S!dQpb2ZeRB7{sY|f|9&(F`dEu8abO<r6}!d%p_HgLpwFCJM+geP82NU2nt
zEG??JCheY&H$hKvs<lxy$-Q{)@~2jG#CVZQ4R5#|6>p0I8pZ$dlPZ`0@ssz%FF%<*
zXjIF?bW=<X3Q?t%FTW+L7?EVC$Wz;fIu6v6+okD@461tLspgM3I=RujnT4D(PF~M6
ze=1<~?u`$4*e%?0OD;OjDJXXL1l{$?Q<GNieYVWBd|Hr_JdChhl=8psTavP=@QoRS
z`F4O34rVcwHC-z8_WQ?x?+;l>ioB$;1t~FV5uG?PcuHS()FddsCSEWC&&m@28fWjV
zX)PbttEby}2iiG<(YMfLV1$^KcI0Y1QEQ-)?jHNQL$QVBHz(~jlbkmruS4r@n{3r{
zV^{~)@IHLjx6cTB2Tr?(QE$n1gNWEi+3wsuT@0`MK`tyvty^(+*-NF&{Ex6a-o847
z#-yAv;~mo2xnRNkH}nANjIj0uK?5@NhWlzkU$>99r+h(AFP_<Yr0`=>?PnNpz0sif
zsj9JzuARI%)&xYcsnXBqyU;OTZ{X*r-txf`y#29^t7&R})+yaB+eVM$J8Q1-eC{0c
zJSqIeQJ^0R>+`SM$7Ar1r>mJAMp-U)kN0${ynui(>6=ofC(7AXO2dc!>O8-dl=|0`
z=PJsPTUahv%2pQ@+J7Bm8njPREd<Z_+uQWFnX^C+%pS+Vj#Je*K)2QiC+euDCAZ*}
z1`h5^AqR~}P9(fDX6HDzOp?*GR1rT~m1z4UJ}s+<=joUdi|NCi*{DltxE+l<JejfH
zle;gE(fWBkyAeDG#$0(_e=@1`*H!^zRBQWo4%dGp3pO^Bha)l}9FtVNL3|9nFbHmU
z?G8J<**&#AKg%){i-#tN*CB~S@1xKZ+%QD*v>4dFbS3g#rL+Ebl%b+v;?VQDH5P0u
zw@d-apa@hbIdUCQaAs=ZKlP&E4Wa<HAFtP5{Y?J5vYLZV6<x7E5WAURz|fh|NC=>C
zt!Mef^f6EjT~NdowQViEtEg_DI50Z>SiH{L6e>NKIhI9x`+IA@p^&V76{;Y9?bbre
ze@6K6@*<xpbhO8&HSL3Y=eva6&Sn5a?L$Hz>3|#r2i?`{{ba}o85-eKH$XE1XIPek
zd@ZhBu5iRUD1<OG&<zbiEmP06d4sSP=M}@`C`4q}B3A?3Gd2?D1S5qc`-uwr%}>xu
z40C$IjU$sR)Bo3A`F@+Mrk>#=qQ2VaMw(B<YMj1PhvNW-iEFm!vS-5v+0g%1mi`+T
z*zs7UE@IM*U@mSoi*tr+B@KOlXxl)>Gv1n?0S%=lXR>kI-cBdbU(7ND0Q+K=90!?f
z7qBrqG$s{R2V2P%Ya}t61+((}Q@$Lyb`VKr_v#Fl+ItNdnvGwJg_!D#qou?nQl=8f
z>8T-0$2cWaX#o(JqE>^H!yPkII$+)id((#+9IPK?2l^VU+3+18ZO7`SBq8;!D4xi0
zM6-Bdvd)BVoTE~4mjIXjl7n!sTSZ+>i@Z@r$$n>rT&W#_c6)zR$b8uetj#Xa)u?Lg
zlf*)cerT1>#Ru?f;#Q#?U(`-5mXZ>)(J&OPumS#CgeMD}ZR^?);}Z86xlyj3uXx%&
z#*%(`O4|JUX~3p6>{+JDRu$?ozGjF4=stqK4f<s)LvS@)HXBFFb#;7v_|>^sec!9&
ztbo3I4mBJabKBX3K`U<5<PN6pvH;6kWIKfI5w0vywC?z+$vX5E${lj?2mZgFKM#e@
zy7_Urm%5+Lf!;uZ0%%RiGw%}ncgv#6Reuz#LGtEmUU~B4OC422Kv&w<^jX$?$)&L_
zflsN5n|{E4d3Q#~<IJ^hPTZe&qGo_-A5B(-H?x9X`wNArfZ_0pZKBSe!y`S&cEB?=
z117x;P5;`?ZH#sIx{g_cHL#(1CZUI?<*#Ut0eE{E2iN*aFo<OetxZ>kx`Y1<3q#jF
zuyIXJ5WfdU6EE|iT63#fC+gBl)3DXw@wLs7I;BoCQ(NC<N0%3%F2I{R{xG@FmL^|5
z_OyLFzq!CP?qyzkL((~mb~NV5sezW+YQ3s~Ho!qk=(01w{qis-_~<t}oHllDGVwAq
zSSU&#Pw{_{%e~MSxgfQ|%(jwrYvTqXVmBIhqsnl%J>1krtBKey^31<K>5?sl0f*mp
zB29v|vp4$wrhPNkbI~<+ekVqHu8BEWOYh1!R?_^x(B-=gEWfARKj?Dqe#;=8YokMU
zusmz}d61&o;noF86P`MJ+Y=5&8SPLMqf7zF!n(Mj)_WayI&n~(ydOxdbBMvQ*@wWx
zA0NkxdX*rqYY_RZ9v&4Uw!lUtmL)o+ELi6-1#qMMO=`bvubpzCCft`79jW+pcvZk~
zH@^L1_g$rm`Qm*w`}^VO*mlILHtPQ=FJjXnTU{&)0K#cf66)sI4Yg+tH`eE2Tf%}Z
zoiBJv{WrW&cI*UcivIcaQfMIG7*jr!iXQSuNQ^-uS&EigFI2D0550nEaUGlU`chT!
z&ACv`x`e51(@wt^!S=abyEkrSvy57^{&HKyqSA0~Sah$FH;q~$cu}?B9-WFGQl{@*
z=tMw#U6WB?TX9%)OXnCh!3Ir&3VsO0S&?-=LW9tRA#6-fJiZdrGn}WLXGj+;H-Y&y
zi`>t|ZsDn1e^9V;FolNipW`pSx^a7p+qehsTW2jVClJBCXTqF#k8D^fT#tl-kFawy
z0r@}<8_8FPup9c5TF|J&7np;Yv+;|t>$akTS-$h?=QE7)bluS^@DNwrcay{O>v!D7
z-L>cH-x!JLzLZ0VODGF^g^s^XKpp2s1?l2kP{I~KG+bzHruejhT~}I=t*adjFDB)!
zbN(`f>AU?aRkix0=?r4o<Wdi`c>^+TYH(AtT+!LCs9W(Lc!|imF5>>CMuY)Zfe3m)
z0HP-w?RPGnO*$ACc%0szk9ZKm63W>Z+3`pnk2aZ)K|~uuET2o59JobhZVm~4ZTJ&i
zQK@OD?93n6x=h7q^vNHbgB}!()5YIRt|Vzom%+bih>Gw2&StL11K_(eVSRxPQj>vR
zwDq$?T?F<``q5(teXK<hN3b^c!`Qmaf4##qKHcF)i5#k3`nv?{zG`*`LqiOF^9dCl
z3^OcQ%AZ1>C+gf?3=PXv8Jn$N7FZyp*+2*wtoZ`t2i{e+CG9qLugAaJ=d%%%YmcCH
z_I=Pkok6V26{*80tON<j8C|_wm;1yCu(4hh{1+j;qpt!x`M!Pv8A|p78OjlpGmi7Q
zw*v~cyydOAOPjOS_D5*iKx!<<n34$7a`w|=jVJHCq~)~&SC|SS0&GZ+E_5o?SXV;y
z#5s}bH%ud@okjl`(Thj%4*_b-7rJT(Z&f+d$?%0TS3JD$?dP>C&R8cU8qU@?`rXeT
z`ZH>Ao>yz-m>P{7^6BzH*y1@q-COnEfa-jW#|>gS+>X=`il0dTbyrGzG_AbySBv36
z&ws}tuK&ru{E}$;2n@PI3=4oNukAGqbI0ta0L_Ur=I-jN#F5G3Uv^3>G2<29CZ9{D
z1lnvL3gE`=qnIxUmtby?y{Q<gySuAD?0kH@P`F<vcW0O_wNvgR2skI7P~j<-X*wzf
zykisl@1mRYeIK*tkl)Vpla5a53;gW+yldakPKy8T<)f1`;;2|R<>KMtqZ3<~lHK8z
zGLuaGt84l;yCY2Su6oItATXqTyQKVUv9J%CVj1Pk-HX7SWqNvwGOAfIFxyOLm2o14
zjiK;h<iSj%#WDNhu1z}+{W|OPq?E!Ri61Yw-1Mz0!+$zuIIYZ6aQ`c&^41M_Pw0B;
zWW^cs%H>*mhKe}YZ|Pi6tNzH@Ru5nLIaa@E;`jK%(%0Bm=s0`SPRaCacs{4<OaG$B
zQ~bJX72xjnJ{18dK64ViSb796|3;XbJ3~?YwKjY~CsGSY+M&ID_(SwqdMV3Oe537*
zBfp#fh5tViBok$tK+3oeC7ybcST$ZQ_hFn*ach@KxuW&Cya1nMd*{ZAbD*81pXMmB
zA<z1UeyblHWm_rE{^aV{gR_u&Pzj#N@K2U;r}X0aJMcj;#YL(21$gk5&UgKX-Ifzq
z;ENBD2`}4K)50g#EZbfE-ii7yX0w^v=8rl`7Xxo^pRO3J6EjTt#pT|awA{aRot;tz
z122lEI&&Jzhtk}Dwh`HiSI}N1&gL#>z%z+#B;JHLjB!WhaS*lwwqYSY4My4IGP*D|
z=VBB&APDhD{6#c*i>nR9KCDdbE5SR!wW1EBS;=N(ER+z1(X@V?m@qy5C;f8TY4eqS
znaS<q^7lnekN{y(*@>RYZ+7<2rSdAUw$GWZ+k0ghn^EV*yvVNVJ8wV5$!Y)H@;zfI
zzAQ$YpZQFxlwLnDCzV>sUGc}}17Cz_Q4*teR0joWrjU|Y3-dBntyKe~aywsHMk^Tt
zpVg0KpmI}~9&?0k`Cpb$W||9Z_J`AK^}<?5$sQA@14~A{z)Gp_0h(BQ%`H@OQ;gOs
z@664DRTle9DAsnRGA!bKdHGy>(gw5KS}*>I(~IXZce%RgDb<w+H{lohTVtmf6K;P6
zX7`Y`vPWTW1N8z@$k(en?SV8j8}fK!Zo{CaC+7Lz2YqG!p9N+A|1Ibf<kjh%%HJW%
zB(s=a;gMpyIAgc!kbjY>_J!tZV6Z|0SDA#Xo(6x`r!4az!u{-&qjo9(jyfTDxV)e;
zhwDUfsVF(pTz4EeDDGJ*_fFS3f=hjA51Vh@YtZM)Dh+ImS)x_STm<Z7TX#PrL_l|J
zg2id%pmkW#lGR10<zmj#g<2?!E>jrj1k@GU+A^$KVk~t(1)pl(Rl2dbS6M_y?}^++
zE9dACub5bEi+t<#L7%)LC9<qW)7!ssbGsN$HwS~sQkay^Q3$A(@>d*pz{aMWaFzYR
z=oEC=^J^r?<3zt`i7XHVwKp#o-*}9IT7u~-5Yu~FKMn^jNMcZevI=+KFpeaIqzb{z
zsU!d!dqum-${%b0U4|5V4GSN;s$6e4xRm4~*kVGB2<MJ19i=j&siTW0^eYf^YC-g8
z4mzQPkN@)sX~v47t-(Ca7F^@$kh)chf=mwIT8o<;b?U2u%M1Z@Y9jlVl<Nhm)}E3H
z04WU(4}g!&8zeD7DGt6tCe<M!U_nS77D_>*S(XdRE0>xxBKARwiDt<M#e_=J*~G`e
zES_7sldycScgDbNO2IiYCs3@blO3BYQ+<|8<84aw;@4}#n_J>x8;@j102_o&!VAWo
zY8+HSHWsmd92V!Kapu>+;NT&mi~T1N!{C_hEkj-k$nqW~uV`GU@)o!Y`&Q8~G2g^-
zQXsVqZxf@Dt&po&u%N|WysFgXwrDM&yYjPCXHA+9v3$?sMB}XYdiEYp?KcGaa<<to
zy2f2;faHiOu!@|$s{!D+wTU!AE@#?mvflX1aR;pRh|7-Pmo;Stq21{m0wR)khi}oV
z3rDV?A8V$?ivxc{rQuWWWh;3ZX4Df&6PiXg@`k2p)~K;ia1W_GIN=RQMwc^qGzmty
z%&Rgs%m$&DONj6%Au>0S3!|7vSuSFfr9y^*Sw8-TCY~ZX9D);k5{y|87YgX2fbsa6
z&>^}S^TDZQe{qWC!C=TUs#*nM^><|5S4-JI1QY6FnG@VbwQsP1<!JvXTw{30b5Sik
zeVnoOy+<&rs_dbxpO1(G<^rI#-ORa&1zS*?7in6Rn)HoL91r(MrLng8-(r*SkU^=`
zQCMP;_f-&FSPKdnua)T<<y32G-YazaWF@X?mWArm%C?|Xlxj3sB$-DrKRe^@bhZWN
z0Xzx}f}>bRecDCHaLv9mHEuK0HaDJve>EQqIIaZgyGtM+L-g<Yq>aZ5COn{rF7>!Z
zsItkQHbn9pAE2E^dM<K+f9#*YHGbQ_R-ymLb%=aA%fZY<h?T{deg+_WHTdxhbaQSH
zr~RHGZwQifxJA4+2!5(>cGjbqh0D3JJu6X(&nq9<ft)aJWlWLR<Wzp+9-cLO4Z0zp
zTbsYy#^0PCd9N*I_k=osrJzpf_PV>;{n+YUqfFw7k*7^kGn`>F4hz4H5&><FP(4)9
z!VFo3-63bd$ndf-WSv=(COhu5;3fYG$1F%8rAu{D?d?|OHQYazxiS{jdM+pc-eeZ-
z!-?tayli7CVxqCW!ZDst91KdloE4h~P*V0fwZe>h%JyeLo6gR=)4SFh{TOnMk>niL
z*(ULs@35Yf2gf|ojue&Z-_OJJ$GnqLU6(y#_suwgUFGR9-B;xI9%-SkdFfy2n3I=U
zxy#JEHx)@+4FIQb{V6x}{R>Qw+wYyw@;g|-BUl4qeF`g5{rUBH%3I~K_AY>S$?tJ3
ze+kI;-WOW<RvY4h+~9v@pI18JA-UtIKKb!*RBa@eM%@#Q!=H24JCFGJVEMj7tBat9
zJKA3d<?#@`u_BwZF|@HVWr&PWT^KyxXH3%mEox0>7b&XI2L%)GAfMx?^W(!5JkrOi
zJLB{(F0cW6M00nf4Vs((N&xf!O2@oujlsokT!yZu_hb8a_hS#lp%x*&AIRawYl;N+
z`4~+<Ug-548kM}B8kM9ng&1KCQ1TB;mn0^!3E{GGHVhc&5RL^Z=?JVs@Ho!~HP%MB
zuu6xehJOCmyj%1N)Ya1s292$Dnw;*`i*61mRlw^S&c9srZrN4TMX*%<`>@)z^B)mH
z?6CY2p`LGF-z><S^J4dMf9)*`{ZRr-RLK*FJ|Q%sm#sZJ7SYlBKgI=nX+GTySA=#{
zmsPb$ummEx)ZseAUdNBt6XejTibIOW1xqV9)K(GO2B{J!Lqjiq8~G;S9dCDm{_FV-
z@U`Qzta@o>Il8Wm|7Mug5_sDx$&3{RYq5fdN~9<go}n0bb{d6^`5>oB3S5GCkkGaz
z<xeQ686e3vm7x6-pOG3-M`f$02GAqltlqs*0cOl<EgWv1SD$e&1Y<!72a#Ba3=avB
z&SXYbRFmw=G87$CtMbh-9(X@ajP7Fo6W}>z`hNkQ6Dg5>+`7cU!rctpU9>&|lK>B0
zviWB&1d9}h*q6{TY);ee;Ze_E5<+$%E@YzFk@EazW@J71EVHko6Q@E6no@BzyRtRc
zudQ5s_0lauuuG>&dGEP2-QniOXs1d;Jee{?eDGw)5)F1x3Z-KGU^_@QX^^fi{5T0I
zmHu0M<!1UihniTqHL+EJ*~14atZf5-i1`L3@Osf11{w&RkV(dw=#56HMDwl@<S<vn
zsIi`}dogE@4pD(|lHlneg*HMr7Tt|OQubcWfb)*9h95b&-(bdCQl7!nxiVz!IA1du
zkhE;?nf>KIFvNthrHd~9_OC%6Ni~lX73-ZuEK)k$!)FuVy3U_QmcaV!hccX}fP5|H
z{OpvEUc5{Jc^{bcox8YyQ-MU0MbveH)D{&LL^(j23{S&XHa$=-AlXM%ni0K-h&6)J
zdF!ouX)_bn(CP1)y(*B_Qyntrad6xy2Cvd(Zx-YlLLLApFt>nc776bkj~*%%Os~48
z$~ZKSsgX!pQ(Og~B`O@R?1PYYxTc*f-m3HLiMR-aya5cY$l|5;Bcfy=4Uh8p4?}EA
zL@;(?mZDw~W@g)AoT|UJV01$`6=&<Rw+FhxHHycfs+Q9Gf%b&h#7#^Rz*EL<Km=iK
zC-Xx9A42*DJ$|D5{Yn(!`)Hrh_edFaR1Dh2$79)!ZY+E3hcUn;UGGV}TwSQe0qlNb
z97L4w{NZO0FXcXTKAA<TX&uLg06vF-ioV`^kW6qsKP79Sm1VMG$08`3{BR0V@m*4T
zqg5d$;oRd8r2VQg^DE^v^g~EX>KSkbw-3uH5{pVg652_4c_wsMF$5?nNoC`y{2c+b
zOPi9m1}$%BsyR}Ft<^1D&HY23N%0HO&s=^4Y%SUThL3TuW1nMV@>Uj+d-IzvD8NqU
zym}GM3MnHfNh)+%Qtvm2^=`<bsM#@G1oP4x1#F;$stLU+1I1Nx7n%Fy86S1sg`CHc
zA%e!}jD`et37LHsu>v}k0WDn$%Yu$o)~%8GUmuOpRypmmdOQ>wA_MdYbY@<`UlbFI
zgQXm+{T*6>Lc-fUEu8dcUSiwKrnHW?uYbUOa0|*!5;`*Cd$v%^**VRD>UlC0Z~e&k
z=eL&e<%2gPN|FRanzw^sSytLNm9HcWR-hWfD#92y4s~9GBBe{p2siv`oJgyauM03j
zOkSi~>9{c3swsn7`1~mrXvtHV=yd2;VOLRBe~1ch8#ZngTY=f&;{+*wEhtI?1HLOs
z6SUzM^mm8);Y!mq4t<p1(9&8Pq#U)n{9dOo%Hlw=0uXrM2;G+zC8}!Sz^t&UVg(AP
zTk~^Os&hw}!j_#^yB*ujw}ZNw{kI*5`D)ruE|LSM`6}RIHWG=+yv&vK6hQ47TBflv
zb#ao?tjrd?;g5w?`txaJq>GF(Fqkmi8p<@6y%g<;XDSfrwzUdvG_aLoj?utP^V7=K
z+i^~oT#p5BU5_wpbGuqm!Tw6#(XnbzReELckZdJfR6Tc!uj@rKEkXay{23V0Y|gD@
zq<cTrU6*lCJnVjUH`Sc2t=F5KHz#p%t~>eh{9@=VU@N2q=JS!1YdF>%7x}X6Zu_;l
z{Ng}#&P{*b8KIac*bc3{RClX4Dn`SR!297|^yIxlZ{Zp93XqNw^Xn@jYzs7Kx7QRC
ztep-+5@c^}oN>e;nzAfQe!-l%ltkob$Kb(X4BN=3)YRVn`?@4U)Z@;ggIJO<Cow`i
z$1hxG)%B?!BV2u`hQ|_ra&|*T#)g6t5Js{~JNy%@HZvT|nl3zfzT~~OM3D%*eS@2`
zE|gP?o3MC(1?Vx{Z<+4}bU+RZCBldJLj=<&F1&t8yVX@Kwx+;9>Gp7Z+Y2|LB$m^K
zN^0l@;T*!vQg^Ln##DpmzXM6U+3x@Faa2S+CMRJEbIjr1KY0hScLg=Jd2%pJpbCJ9
zzbNasgo4Ige992sL?9g&y&zpf;7TSq0Fw>H37F(xrv#P!WL2LxwW!j9kep*-M**Z&
z4HlJ_Lyhz+<)hB&_y>EbStZhH!6-3Nm?gVhe5bS%rlJUH+r%*+tO=*5`c+pf^hBg@
zlImzJ=q!H6dm6Co;<K=&8#U%|bcbIkeuxt7O7`S#OXQ|c=Z8vEc0sJe&>|`sMhtEb
z)2b3H`Q|_@fH{$avud`W8vRY(S{^(ZnoN)|`39;m)|d9@4?HHD5@F&sqMyR_;(27)
znNi`BDS7<)FHtxpHvBOrbx~Szk^bS(yBjPGp-&I$RJCB$0Zs<wJ+jiQz48|aVtxFI
zSGw(;5>7xgT?6d+@7!^`t17xlPkabgGtVo0@BMpcs{#T2&Q8@=4M!aOO=yvMXRX`0
z;H*P}{`rX9kH^*SN5(()JQbHXH!8Q0x0l>b6H{M+fctfVi)`@sk9CErN0`eJfA%J4
zdp%qgyCng%Ve-=Pb!0_Inoz=UVdO0THPUYjx!-O!Wra6n|K#XXJ&_J^|7h84#8^r{
zF?%%af?hh7&~vs)57po_(PJvsfNz0twRS?=tfXe$B{1wI2Drl9Z4bf$klWJ7;mB%`
z`Q+GkgDH^{GGg=wf(fyUQ^~}<B>0UBJbTuGgLqYOG4<$Y^cZ{S&7+-~s52VeU`ts}
zUC!3FQr>;C`@(d>DjJrr-?av1&0&G^I3C}=YAbEWF6UV#d1bOc#*q?l?RMENrT0xH
z5|fj0&?MvpsW2Y*{91(w(9Ag>YWtx|Zq;{uWg3$o|0Xa%|0Z2Bz6w#7m8JDyYa^O%
z-(-bKI2=f_b=t?p@BDhKRcX50%954dT$8g@kys2MbmnZ)^;{-Oc!j_T&I~FgZ|N7z
zOC?K{U6GP5hOODwL^}W*b)qB>_Mq8`5tczzaY;-LO~o(S|CXG*Wo&v;#&uyE#&?IV
zi5p3Et#697K0L0@Ae;kxZbKiw|3>l6?^haE4Su-%qINwA^^nb4p^O^pi~MW*x>mU*
zuau>6Jv2z>Omd`IAD7Ee{@5S$%e*b(u6k~Ju(Q@f=Li@q(A{VVm}`8Z9fZb15wNy|
zz4O7EVyC^3$ylPVPB0W^qPM8XgdP(!%|3xc=~9vQ7K5L-!#@8gB*86A0y0vphyxj9
zv{C1{zhalbH+mDxuzFIDHpk6)?MLbf%MCM~I&#&*X(sy$hhIHaZLNL0W_jg%a2eJg
zu6%C?by@v9jh%-2S=t^-nz@?61LJ$v%Fdo|Yvy0ANcPaye*oW!z1{-<Yand_oLQy$
zYdSB{_P-k>_rDEN*AXa{_Wu#~jzN-zUAtykUAAr8wr$%svuwM%Y@1y+x@@D%wmtQ|
zbI#0}h&N*X?8qHEGb3`xllywsTKBpaz`*bew4iJ)Jn9U<G{X0f4TW$EZ|Ky{aK|#L
zwS^{8H_1KQ{=q*_WjNZc0hddD!nzuEwQ!7D{dVznI_J>;;~vm{bM>SDPal2_>FP&e
zU}$t^XQ-W_==GIO$n})VLT_?aLVtZdklB{~dL7*P+9z1jYRd4M?X;YpzyB+@p>DBY
zmArK@(d?z7?ghM3JMR6v^`@mKclzvsWz(%aLpkQq_4jnN)K2eqnZK7C+ss}0q<y;A
zoI6Lwz1aG|WLB2f60AqnQ@f7ZG2G_Jqkh&r!j0+Lu(7#7)|pDq@l*L99~}*hrSNsV
zuhT1$%P9-Nx=4*;8NvzEb%T?v_PXI5o(y}}UVQk4ruQmuD}mj$uJ?Or#P8@&o|fag
z_vML><e!k{;^<gn-JIi=q^4{TXdzYTQpGKK1AxoIJ3Y!9%+{-akemD9;<eK}SZ#m)
z^J||;3j!lh;*dFoaUpTRnK&p5WJguWh|KN~HnPT=s;BWvc4Bcw4wk9uj<xjI57pku
zY0^KP5p+R+iF(ekxR>^_*k?piiX{?I4Yd%DDV88XC$DB?^r^lO@F5va50?2vS$$7_
z4hnSWBMgD8>jJ(SvVpbcH(FgERy8>WQFrI*pvrWuD_7DJq{T`Yx8@ZGxJHfb0_U45
z?bqA9+8-|ZUyH-Q9Z5<&7!PYtXNPj_$A^8>CNX|J4<j=oV6=Fo(@#^RuN3#bYFCLF
zeWRCrUYUC&mo@##@VZQg$*lqMROp&HPB!Du@{H~}iPN26&tZ77;=&XETUYxJ`0cmH
zPcF{3m-fz{p5UHFbIj*gfdoF$6f+P7-ZgZMT@_8n+iId;x5>_zk+_M)+vBte0*A8}
zudDuabR*ybBHBIQcc;ha?W&@x>4~4x!oapy<^`;$a$=dNwW84!zUrOdZXLlYrz4p#
zWg~BQW~mTNJN<KRsFUh^2cO4b1GMxXHLZM35UTChHG7Rw1^RUq1QeWY#cq$?^ZyKE
z9;#ZY)vMK`u}?Q@cT|QqKY=fh+oBH}tm@GH(q3lSiG$r)AP&Brp}2I!Y;{|yuWs6W
z=DAg+uWI%)&{bWle@kl;*!s>~R-5^vBRnp<+as^J8&#Zbxm;a?l+~YlkH*u(3un6w
zE$Q4hSXl(&($fWPqbJ{{?R`tp*Z(kYkZCV;j}klYoJhA?h=oDGbDcntAZTpWIS^{D
z)qAYVcHNwt)@yOOK1#!2=^Q685{_OxThodg@CQyb;?9o<5O4C@;-<PfbmLPz?U0vX
zG~npw?XmBww6#^?0QmWFIh*VO-n4W%s%oHHe^eY!1fPo0Uc2q5Fxzg=nY4NbP2m!H
zIYznMPEM)jgv|7J=giLlFOJ(vudFT7Q|F$5W0OA9H92jL_WeBhRJNV@nLW2+YYCh1
zZeVA5D88DHll%|<DIG;$ys3DFTPY+LYvC|oX}_V8q%j06iN%*d0_lHdC3yue+_ioN
z=HDBhV$kYQhpqC~@pRl%mI75-`jE|O;(nc1duhwA)NU#V?PS{{NARK#5&phpRbI;q
zcDZ)7C20EgbUQ(WUB4~#%V^^q*id#D2_}G~NXYg=h9pg<64C(0Bv=%IPtUqjxv&*v
zll8f~aEdI?Sum_?>jQDDIxSu!$?4HvZ2wmAeIB)Xx|${HcBZ(OUNNa+V?Goee>x%q
z*tEcAkSK#QqDV~wkC=(#Ql_>Zu|6Q4midTw&zq>I$}qkkTg#5lVAtq_+!XdTdum(|
zDG|iQmTeMl2V7HOgQ1(uUY(|X96NslP#ymcg*{HkxE9W913qtm!S>FjWyXDcqrx7L
z!wxkJ1VCiIG1bEiV>=ZIcAd@=V*jN3kZY0K>lArVVPED34IP=_fk368UN|TF1FVX`
zH*Ny-(IC80AkHL>1oudj3T6;XdBf(64D%pi!CB)}Wo7@p?<V#O;`6~S?iv!3QU(A+
z#IO)$Q*#r-x@Wb4#Xr$al2cyuxfE0WV=h!Cg+}gS=o^4zgke0Etl}gMG$g%QVxiTY
z(T<~^y)jKVW~v}(G--@JM-*u&mM`X~r5FXFG0H)z`buRT>7uP>5w}neBG*w0W;^a_
z+NnXwzBmUHc<E9873zcThIcjxH1q3WLhLvRx#K8_e<&#zM!4lU2Q-zwGRt+42w&TN
zr2Oq>ZgFaGI0pdLPXjs9aNH3J*bD>=uK_+sbQ=C#|Eo@dbZC)a;ZhGzh1!$gPnNVo
zBE~0$z)GbQ-Or$`0V^Tm=gh_;(Nyw?N8|ieTatj6-A=09!zk?&bk6~5ngWE;mM*70
zLo<=0pPZ`JLk`P*(-neyz#tZ9)g&Bm{`T(sG}>G_(fLYSmvtIX!YFVg=cQxe#gg;m
zjr(EjVm?KZ;#0bc1xi!2%C$TOgW!Ad&Maz#i^wPdEk-^MEK5$x_zTbKE*os_8Hr~x
zpu7Gzo^ce4yn_0W((dH<W$Sb|f+N%W-e>pVY-d&8ID1bXhuwXik1$my1HCtE=#wMO
z3Gdl$bgTUF3P;WHirecN=wMlZ8NE$BK~)>JQ4yR52rqXfQkfJKygqV);(O8%t8!EW
z9}@dK`6cBM?=n2;Ff2X%Ts6N5CwDCktDe}w_^Fzr`zt%KUEDD9KANZNH+CaU@UKzM
z#Gof}5VRo9?_1!Sb;AOmdTF6Qm>&~(hTUNOJoM%mJX^pUVn)f8U{^a9=D8ESTbG5+
z?Wfr7GFulO2i_Pf3T56K-dE#5>PbH;uW3B<4^Qqk|D!VQEBWKAxmTR|b_7uXX^st+
zBha&k5`X1XFaCH--+bRo1QUMW3Db$vh>0j_B&VP*rc@8b_@j{GG}nH$2Y5MAwyoz=
zjB|`sxN{+?+DFJ8%6M<k9n;p`iinpiI7dMQBAiqR5IhmHdb-R$i<u)L<XjI^+ZLt6
zx?Do1c9w?X9d^Xuj%vIGO{XSkf1+6QZZY|sXiwf7fr5`2(N`33ViSBTN5E;r09G>w
zG;m)8IE47KUueKSsxgvW5LDQRkt5-8I?E<WtVvjE;<;pU2$KnwPgFZz{5=m?d{>*B
zmrhQheZ2VAS*~Q9xZ`wG*fl}44|UztNXmA?YUya^!h-HNW2>5tZm=IwdAu)nn50yk
z94>em<ogH=eCpb^-YbCi_a%|6XT&5s_$QGl#?Yd!Ne2?T*YG6!#&~Fh$y8|Q5J$Es
zw$wP*9#a392DR`c<3H?bHQ)Tj)&b4u38@exRR_$z0Y@=!&<xER?iN49noX=`y{R|N
zTKn_q@ZefWzZ&FE9Mu;^m@nU{Pg6X0wqh0-kIIZkY1=2oh)>mUhq}R521zs;vZa5e
z0ZB4hks2jpYkgR<P60nDWT^(W`Et511DZcaPg|)|LFY<5-Z-bP-4*Q~Ztvd`m2bVD
zx-~k`6#Sn(zHf^@m=yA#)OrTmgT^~Q<7YQUGi6JqRTO6+)+CwsSfv#aq2q{Cp^hdJ
zLX39?Ceu&tNJ!1Qx79N-Pxs~#yf=Du#vBa>oRv2z0$+*+KT<HP=DZ0e8ZUJ}lLL6E
zf!om>O-HdEQHR8DV?-N>kewXS6XQ5JM-xk#ekElLg+p^9|C1T?fwn?T^DP2<KUm8K
zJJ<$sp1Ipk*5obLMAdO%zA=IGc?+ClieyyIMj1*~NKh~fQiY`>8I(l5(&4=oZjeMX
z>DDZ!-(xA(59f_xz5=iP`E2BHUDPl~S-?yl@=d$tf;-=wyE1!SjcsevuRYD=U(%$6
z`=4NB%)k>HE6CvDuacvQ3F9l!<aamYVNP~5r^`jCU@o<9wsTS&+09eQ&bNNrtCuHT
z-(jg6un~F1`{&XUtz>u}4hVPSbwt>crkG)pP)3Nyfx=-YP|(E4XcD*-Up;703@LHh
zmYVtU+%V)N+pEk6rcrqz`+rdde(zD3H5J&7TuMopxm0&1i*rAHk`hOR7YJwfpFn_d
zF()C7li&{R8r_A8I$J@Q6$x%ZX|T5LA1;8}WIcXTeUth%5h1n_`kX$s`J(;_Z?em=
zdM^cWrM+jb%i{Q6NEvP_nHed<1<l-Q9aON*ug0g=v@5y2+6vKcw^yK;wD_kDsVy2Y
z$|<^@0hCC{7zv#r`OxDDn1h(J!GZflwkH1OZ&GA5VyY3|-ssR=3W2lT{T6ijBPTiB
z8APA&v~M)wIi=vp$N2>Pv%1bvdD!p<*#qw>SRw9&3^jxTQAG3O=LhYTV%h)cxHCT~
zP$0b4v-EJ@)$OFS2Y+W(W%~OedTa4_%|i=_5G9|f;Cs@JeGH#9z{6=AbC@aQ*Ls<9
zN$Ka4Wcd1qqHV+S72T`;?-ta!h#0gaQBa#iN#dL#Y%-<ELQ?s1@^|u4gZP#=#BCUx
zz(PaNLB8Y`s8sEZ4!a2*c1_Mr%L6(o*p^6sieOBR4>2EO-t@K+4lapp?&Ta7I#4mv
zJ*Z?Ll4&e4p*}`gBKVXPZWzrE4HO;5B-WG%hp28rTPLFCHRBq!hT+&F1E03{_r_(-
z1(wF;x#fopMHP8ckh=aO6vldV4Sr+s(8M9B^1c0)2)|69(3S{ebIy0&hGDL`dCqO*
z4CPu56ddfKH0-MAdM-)_J1iXuoajR-(bO0v<Ov{KIyuEYD3QR37-Q~yBTw6n&m=dJ
zvtb5RB<YZPK%0+26cQD?mXwh_g!-Peww))Z`Z{xM+)}Htv^Dw(l#$)eFzDY9Aa~^9
zO^k*}-yBSr2jR-+J@rsjB=>LN^En&wH@LxEy4sA{`5qlRu86hyTR1hz$Sn-J)nlOG
z`)@xlTSwG)nLz;+?33#_Z+Z|3?RiB=N}$~U&N1Mdu42JR!|d?DClQ-bL4tv{b}0F)
zQ8BewuDUAct1o}lem;`+mx}oi#Y%6U1v$GH+}|bNZHjA!KU3BKJua-_4eMR-TNUHZ
zmMaehQf|x3R&$e=F_&#suI7U(?Anda+sIH?Uk?9OX)_VR&=v7xJ7+=$1Vr@n4o62<
z273orGZ#4{7gsZ9m;dvG=|2&#=7#eIC$e8&<trrWv6DFZHL+S^nX8<ti4L_?#g<=)
zq@*!c7c3Nwduu86PNTy+bZ7iK)oaovgj8fBUi`&S=f2c<<f<(@w&4B)Tpge%j%$rM
zQNn6|E(S%9gcf?9QF<Bg^3r(mhBZkhGbE)9`rML(b_Kxy`PHeR#Un*FF=Ivln=qg3
z??!WxUGe1llsUewrtEz(s|mEPP6=@-vi@)f7R(!b^JtgVS;t0<Rf^@Ir_<z%YfBUe
zyJT=x23eybF=iREdxAqDZC$h3sO1FMgitKDUwyI4suANc5r6vmp2vtfDNJ3ze20Ai
zm>tbj^$hr$^7dSsjfhQdk9FDrS!nRREfJ;&^;!@58gCX1+u*P}wID_LqNK1%JtMUu
zfi%-&rY+iB7n`qMVzXa2G82D4FPJ*iv1f3v+(CoQkLxAYMSH)wbG&Um);7sjHM!+7
z`LG^ZbY~}C-TE|+xCqc#%0hsha-6G8+pzVmmwOsSI+v94D(-sW>bZO&BM^TRTp|b7
z$yNwR!fQ{_r?(imU_Gw#7?pAF*gl=<8{Oc-M9zl%uN%jDzx8QRdV?lba!FU#evpa;
z!8VI_T2UILmN?_5YPvcfE6?C08PA~9zEi^wa<pr<fl;aLIp4unBkKzN#RF`lM}~=D
zhNNeeo(<rcL)~r1(i1ukLv7(#?Ci{{$52}~P;~9dK0PX~0KdYE_MnAROP5x8EH9pA
zN%X&lEQL-({qSjUPpgWFEbZYU1qz9WuHbq);-$1%Au80A(^FIsXlbn5(`?A%!ppO%
zR3>WT%I-dxh5+z-u6SYb5hlGR&=jxUc;<Zb3fhV<h_ulTF9-^6Trd~>xcwIO5U~3>
zpk`hu5^xy38KFfy!MP<r4L=D=?bg%%2@AtS;XZt^Yz#}OF&;4CDpBFwAhcVX5_f|6
zzT))5E;cIOvjcx{N8x0k2iImnYJr_W*=}B%Y1nR%bxJv=r6r~#|47N!q&8wLV9NJM
zq$!u(YxWG>okbl>BXIK3+b!Ww0`A(&IKS6ZL<|)thz%Po_zvlmkc7$T285v=V;+Ps
zx<$A_bXP9_y5)*@L?=u>8Sg!1xqw}evy4-<pxeUcHg0q$oM6s|*z=7*q~YbDD_#4X
z;M8A1rdIlqzVj$6UV51OlBZ(`af<QI#PEp*HFFKobEF8A7Q5SOXXif7r9e>gWwF2R
zD9p)~IKz2AX9WIwp+>MOXe2$TB$fy-c~KNka3Rfkleh#u=B+l~gk;CRH~sZx)=s#;
zVi@FV&q(NXwP?B;Hs;O#77g>ynGSOy964TSx^)yJXJIyQ#c;q#UfTf>Z*ghKj_pk)
z#4v~_uX%Ye<>~^#Ro`a+o8282W>RoWY}7nMF`2K`#8vdlc!V_zoq>}opbb_e`^cz1
zTB|kkqZ>|r=|$I|!KW7d*t*;Nnr#t>^IyegyXdj!_z2{;jCs>rIQ16sKWXo^S~>->
zG(}}msJXXqjv@+T%)D@CP`E6G{&rQNP~WglJblF<ps`KNW%|rSTV$x;;vMP`K0Y?a
zLvk_rYQcy5Y>W~)*g*f-k{W0|u4K)>almx{U22d3dT~zY3fy;eZQAp8OJe-S3qv0%
z3;l~kYJ37T5@KA*51?S##h1suU~-(*L?|abu$Fd9;#x)grMVR?M;fP5^Ut;VOv#(<
z;K*{TGL1*uquE>Vk)(Tp`(l8;cJHtTc}<c1Q<oxC{g>;`ap`o?*5a+(&irSkrn_tr
zZ`QbiU#Hp0@`SX?=;FA4dCXF<<O!UQy-EK2U>ICt)9xeW4fhFFs|jY0UA#LMjf5*1
zP{2O2x|2=V>etJzfq?JF%{4=2?P5{K6zF7mkhao+wCJCf-0Mugx|M(&L1z4y8gY*U
z?$|_=HTT|QxA)~6jxIyi3wOedN~uvJHyf)}k1M+U$|yeQ`9EDicIKx%5M*}6SAuZe
zU6N{Uy{DP2Ha?{~T#(f@-jz#*ZK)nvz!=A@Boi&bTS*}U%KD&a`XDX3Sz|1T7Q_gY
z*kH3pfud5XxJ`Q(rqxj<YPg+yt7xMYobtm?G;zQ1&>tvgZ7RaW)v5ed7^y3vXtUIu
zM4}G+Db@$Ic|2Dawd`fM5|P)~JnE?qVe-x%qpA#YC!6x2Ec#g!LJx0~%vTJS!8&M`
zTni{4aHSU;qhN}@x{p$GA=A1{K^zWgAo>23w7WgRj=Ddm9SP-?N@apVR(9lG_0{Qp
zaWFmc)z-W-$z#WCFSPB36Z#X1Q_gP^q*`V0Uv-@w;DlXymVPV4J9@E6qiC@RYKW!~
z7)>9l5pYIr&G7?XB>F!yZvqG@Zw)VR4S(luGoN`f;%@mf!GFRbD2#vx<qrjSkAj-A
z%{-lX*6YpO_3Z8{#6yA!MM7G{L#{Z&W?$*}zO4V}8~!byK`yxX?rZG{b(=A3U%6;v
zv`rjhFe7T0uqsxW=cn0WaW7vQbO+8-mjrfs4;P##nDk(k*GpRw_L>u}Sgl<(r5rF!
z30kJ^&Hr>4sMif&9-aR8WVQN66B9c)5Rl<d2lWrh|ATQ$BYRT^H`o6S^8e52e^9=u
zd2PSJj`+=Qcr9pYP^IZ__qSYSHEt6-_Pfuy{*r`lE=}=lMsh@s8};P;0;x6LCx!oS
zTngr>)pCm!dov5{y=w;#e!Pdk-N(b4n$TP>W3I+wU%dh?Xd-jPeAgyiO!VUrEbI_C
zy^3sA5^RjkK&(aCj{kG>l|^3-{V=SH5GDu@+4X*4BDB&o4_>Zmao<OAr4;maD;mv@
z=BV|&7`7MU9sH6rZRrw~lOa|;&o2tlvULQ_Rh2Xmlv2nv05uG<+}G4~w66V0wQMcU
znW3~UL7y{#ot#nXym^tigSJ-4+Z`mSl?I3Wr;aw6$;>kTv~Tsow#enJc>$&^MfK=0
z6N$LO`8#{bsoT^#>=p30k354_G4fYL18cs1v+-HOCQYG>gkPD|X775Va2z5&82*5~
z{=`n)K_X3HQrK_YKT@rKB-sBJ`V{kc2Tj*V9adr=^XtlMFdT#TQ<07(?S+`4r8fIF
ziC*&7&HOmlN|=F1CpTCwdy~w83C6jF4Y|R&H>C*K_h4c6>Ka2(tyZ!+M{#n#CPMvg
zy?pN4XXG-Pfv<Ld&D{wu=8OWqT8W81E~ZZSvB4sVR6GrMKGtO|)E4Dh_@nqdyi_h-
zS8@O$4u!Uee`0~=V?xMH_u2<#HxpbD>aCcJ6R`zo;_@ar`BTV|CD9%+%tjWqt%6f3
zmT{HeT5-ofwt-e}x_U8Ksr@&s$E-kIh-!h%T(eS%)+jLLNX#~$)k4@TJoDFCnJP|G
zs2x5g)0!HXo-CZ|G4WsWKVwu-o%lnngE1&hV^xD-a+|7suKB7L{JB<qIaU^$2}Qi;
z{NlMKdz@3+Kra`rF2Q~0>sNkeul|!9PqV%o^Qv~|b^0rrA#;ChAa+fSy}QTQK?NRU
zeNMO&dG35S9=EZ*(+#i1^b-W-Ca%b77=|*Cb@|168qIx%D^{HT*>IsdzuP0wS=`kq
zGV6HR`+~NhoUH#=P30YN&``K$s<fcF%6C=ap9Y=dK7r@~6?0YP2QWO)b<z>6xbbT2
zzOLx;L#0En2GR`nhHcJ^2Ci{|k%3(Rp8%8CbVcq^9#=DlY~b@VNL-}eLD{?V{K=qW
zm=G<)G=2Yk1S98-)Rg$$Wx|<rkV2g)Vu=H?gtkKLaV4`?DMd`>u7i1{ar0^c$JUIZ
zR8D+Ybj`LNL6MR4ph(yD>EpO0w7naCO7<axbUd>&ORJzcTva2uAGL(0g0X_aT8!G@
zn+_d!5Sn%=<sD?caBGdkKyJf|(-ULNYLHJ5UbW=dlPi9Ug8JF4E5?Mluy*H*ol`Ij
zGkm`LX56j$`2hxJ(yX8V7!4(NoIGsJuB(9Ik{`$xo2VLlWHZdm1+)X|M7hX`y1+|j
z3DB~=%2&F<v>dX6DZK_I1*ggbmjp040(*Vor`c8=gVny<<(%cg%NPLqbmll?2AXQI
zxJ4!&KrBq*JJW392IuNIe#e0DG~2^_(xViGOub)EKR;gszIQ)61$w4c^x!&5LQ+%+
z%PC#|I{!2#p}OZdF)~ZELavlG)my+*=<Q^`)E>u5^gCXNJD8>0_<V*Sg_10&woSJ_
z3*GBl9&kxj7G4hUxIJb9!5&s3wbis{X-Hm%r5%R@R_xMBd>4xD)X{A=3@K8k9AoqS
z!tUh-X<!)<(mON+?cC!IxRQ<~@fA6x@+}}E(`IocT<lGCr<~YE7jP9^e5Y>N%Br|#
zhs_;p`(Dc-K<#MW3XLo)`%7#$s&7vW5*K>^Yy9NKUk1GKbH(YWhKT;Z9=s+Fc6Mg=
zu0n3EmJZG?{}VLDB=lQ@GQo;ohkgamb>Fgwm(rfYg(^}$tO5dVteYTo*wd0q{SA_v
zXE&Xb#V18r2A@(2xs+2A*82A=K}9a^Q9ZB!-S0o{V#QG2g)p&jy^sf9diryuY?q}6
z)3^6TXNnu0&h-~+d)o{%q$sMlBerd1+X&m)Y;9ERX%v-NuIN3RqCkWh_;(NI9dmiE
zoB2x)c?YUSmD2^%7K{<pYzot)78^}pRi%&kL(660+V(M)s`rb5qHtRFQOW_MC_UJ5
zb7=<OHsp@Ntvc0fh{X#0*V{3qMz3TF0tAE%0R;4eqW^Hn(b>#J(b>WAKX;-!#l~iX
z5jCtA;fWxqw`zGxBNO#+no)fmQwKr*nzZo|PSU)4%;)pZd^Wb4UuKJ6gugYokGbmN
zeEsfM*{gg?<hDF)5cGr`N;(?r&g|QsdUntVpVUXjYm?-5Dq5apu&&MTZwDU};I*-q
zw5+z4>%0#^+{jaH92_na-g>B>D^rgu2~>}p?do)_w#v3&Q_~RWg*IL=2WB12w!H2E
zpJ|_;?mFqz*ApV=KygCN*5t@db&xJm>|JE*3*7Vx?6s0j*95vw`!{0Ne00wIa_e1l
zdCP2QHknpu%%-v1x-xBjnjCst6XuszYF_fs-*lMDkCp;BJTvN$dUf49#3DvR_qaop
zBLU3#z~qgvQ1V1SlQrcF1xx^<3*y)%qp&XR5j~WDYGk&u05)~wJvlk|;a@_h1$7kn
zh`gyZDn%Xw(?epwTP`7hB-_gVTYckw;$zMbBta!vV6-4md@`m8Fa%>{n8eYG5WWtt
zs!DBhb&eywfAK?>?w*A_aml@3r-TwmjdN{pH-+mB%O))|A+U)+@`-uSz^Fz_v{1tj
zv`~oRPVyLFAYus&WERlq(SM_fiCDD|MLBzZ35$++xSyB~(C}e~{+6T!B_hSjk1*~-
z@hCKklLX5-h0XJ+uau*5d#p(1A*)<JnjiPzop1lvXV;ZS3??$~bHf5n`3F{iyY4u>
zM+nOVi^$7TS;NcfZaf+OhIh*dK&u}ERbos7rDO)S6a<qr4g!MXBG>&BI7?!fkmgfy
znUi*?@NDo=+Pb;bau$R2fj|ye8lH%Ddd1oK_}Kt`e}e)k%7B8Q0zm*l{VYHtAdJw`
z(c_<gr_0aP|GgyLt;{_BpCy@+BI8iRh&Xyp^T_k#)g&mX93@;SU3FO!F8%k(K2W3!
zWaBP__wAIY3mK~1Y&aBa=Hr+HFnRWxVsX$12SrA5#`h=15vxjcjJ43e&HoBix{vvH
zy{r`e91G-ISI>LP{I1Z=ekTznA(1K4mQIz(XrSke3j~6+OQa2tnX~yEYeh1qyXY>j
zi+OFQt1~&N-Q84*Z_7qx#<#jtqKlOc(jbdD68@90NL6WBxz!-BS>*-(Ja$&Hnc<UC
zi{?6}P3rDnoE<HYygzF3Uz=qiXzJah-!Sz^ZWRk~Thw}D5H26$#5qQ2W1<6f=3Rf2
z)`<y!Z&zxNBr$ht+p5D)+8U?ru6d>sNSkyU6J<l;TLqLbjk;82p70@bPm{@nk4LCV
zI!B%O%Kzmmj5b4=N2Lv(2jSZ3WB-LQsa?4fLTyWK+Eyjs>!-d$U~=g*s<j34_@ifl
zXr6`&QcW97%ex@0to*1BcXjg{T>$aW5|<8UPRjxwSD-jw+L%8)`}384j$XKz?T7|_
zv2@$gg)r+ZfA}mO|1(f^dvxIWOg*=!Jty5iDDq|AiIVbODpEay`&ZCW_cBq-f=;Vg
z9q}LzpoxRZeptK-QvxRv=?X~#x~J}C^J_Wku}k;AZ<rglB;Lk<9#VlAKtMl@X8(Cm
zxmudpnKAt5_@Djpq^6d`1}EZ=xZ@kNz+;8m57iAOZxwugi%@=UG$4&qhK|fyircB<
z#D9l~>Tgobs?|D37SM7;Hc_~XFUw-*^LtDo<bc@tUF2a`1D)tyf|ylLjwZpidUs-I
z$dFeE)x_T+Z{h)O|HpTS>l>Zl2{D8TGs8N(4aii{ZJ#|*MwrnY)r4G=!!Z_`12j8N
zByj{rTQN_18~6__*+=N(P7o6SX=SNdyuUC}WDT{Ihv}#QXR1X($yaSUd1<T__Yunx
zAr98guRo$Ir|gNAVZD~OC(%XtK@J=)<8z>;C=<*6>fdL2z2^CMDGnvy(mhE;Z+p2n
z?L8cDX^-BSf#WJYhk~Cg=T;E7VUG3mc;Q8%26yZkuwFvp5XnT{C||>4S!?pq1}s?f
z0=pg;yPFlZ%ZALRjspVNu-RU-dn>YGxY;)de2+UnFQMh`8IEgInucP&oPK}yEjfTC
zC(fABH1ih|Sp*FuvjtU0$rtR?4CY}O1m?SQr&+}vs0bP327P4OVhIs^i`pcW;E0oy
zfB<A1gGXUQ_bh*0U|iFV(w|>@4iRXqt5hvk(#F=qGMaKWosturq))Z^m7M9CnS<t7
zwfpk{bIL8d(O_fFz3e+;L^<zP^i!*ZoTj!@U+ZRKK_tpyR-s^wQHPM|sdM`Ac^eA9
zFUK%h9eN8!BiZ0L`-F+;$<<+VL78a^BgyV+LK(L}w!<1#FMcdg{v`aOMIJ0IqmKBC
zAT9V6_YJ8Hi}zh-<#aIaghm`d&@5Sxr53CQUpqPjx%g^wDzUIj8Ye}WhsD)3kgZkh
z@&x&N=~pq$?m4NqC{D+I8>Z~VI{-+HPdYSY-)Fx7uxm)PlQJ0giDYr7LY?du^lJ>T
zk<n2Uf{(S~U|wOg;#woWkBjCFG>^hCPYA9!$fQi3rx`O5V#h_F#H#BAMA40L5=v;B
zA{|jF51yONTVA%dR9yfn-vZorihhf#jrlreZ|Y?zWz)OzW3mzbFiilo=2Zz_w68K{
zH}<paxqU}l8;zJ7crD5)i)_X)^;BTF)6UVY=S<>Tb|&^6TB+v&nDYIKnf%V#MUOjC
z&Zjkk;3zEu3`MnZF$)K`xeB>8_H&g#Y5^Gzo&yJ#s!@T`AQz~`^ni#BKVuHh*01u*
zhay(zK(nAlgdwqU5pT*&j|=p!cxy#rL~cG6%Y<<e5xcm`c<u2E#kUuXxA))HCv5MB
zd6u@__TddP4$s~u>8caUQ=DgvZr`k8YD;zNB%kiiB1Ty=_0J&dHF#_!g#jEQn~u$1
zAx%M@H}Z|qEwvY)osHY7%h?qkcEch6ETQQt&mPIu;W^l3`qjmW17wnLq+O)5=hGdR
zAK%N-D_kr;jOS3Yp#~I98Yl<UU@|;oL%aHM&xQV|kN56Ul)|<el7TahzpT_c4I?~D
zW`O7Xu|^vb;DOzuDD*#~9v8o|EatV|{s^>q|F^WfS<04v-N>b)W?)k;g$9|VZaS&;
z6nSe|>8@VFh+yPTiH63NzRAdppLD9aKr}&UTzl_^q+U^W*1z?IawMjOO}aMGn<1~D
zLQ7zcg6|oNQHBWTq%Du#X-yF=5*sh+3%bl6nkmdha*MZJ-3ub?T`S<43TV$hJB33x
zm*KpvhUvK>r&Z~mt~<J5WhX1os>=?Qa}a{QT{5ktue_7e330TK$^Oelrnz!VuA3uL
zX2GyMBQmL#NG{vwhVb#n?tz<lC`B}UpN-9SEAOldjanItoF=;j75-dEH5B?N=p=xv
z+q7F#-j8_}y=E*c$(CDR6>Q2uDrVl&KuniH`;Xh%Hues+Xf=5EL=f3G(XEZqbE6}j
z(pH6yk>BBkcEB=_#$8rM6;2tpfYmn8JSapisABsy*o;MelDz>`>S#<jjSvpbBX%l-
zT+KVbh5EV&PgB!+D|nvA(XSAL-O1qo&K#|G#jE&it@OqPm<2VcGwl4nE@Ifbwtri;
z1vhSwdM|G@v(tDygZJV#`#GnH^e|oMm-+$xm4i%i${g*<%MdWQqxWYlnHBcl%^g73
zWb3!C#-BEjD*jgx_qlv9X?#2Pm)n#X-rZJ+p3}^Z7sHdE5E7|UM_{E@%=KCT-Q|4>
zf{dm!oGqO4Q9txiE6F!)O@Bl8&1Fb)i&>nVnUlE98F%8TNW|x}h3)Rk9;%E@9mMtg
zQ^O;Ah`6RRa2fyA`|w~dhXaJ}?LLFmsuC1f^ZPjtOI6l;YDd0NyeaRm)vV`_P?U$#
z``6~<8S_>FY+CV&itn27(rzn4ntRo){U!hZx=D|c*-AeF0|L_L1p-3(-|RCowl!06
z^|Cel&o=!+TPnUt9JNPc++Q$TMWo?(;nEe7xfHS65##A(&J;T~`mZt9c=6Y3Dj3@?
zAh=b}6Lt)ojk<09YrnejX95F|ytku~NQ_XI%ugVzak$H|+kvI*uj9W!5v56suy_mc
z!XEPe9w=}7gLS=|SsoRK-#LKitx?hv#&pJZmg5I*ISvol<W(CE#$<%K5x8522}<}$
zRR0)_7?iA;44;22xFIa$jNJ*PxE@?({t?upkwN)DQY#jM|G?pC^8<j8F*2!fu&eII
z{T~K%ZL4trp9@yqoCY_4Ve9Gq+vA=c1P^04VHBh6I*p_oM2GIV@3tr=DE2POFoe_m
zG{ueH*7THf@0rU$8Dfludn1!oA5G4(PG_tpI4<j0?;U3@PFS$_&^;s$ea(Jlf&y1`
zKmT#uyXf~wr}9Fmu)w8|58_mIukTNz*o~r05bZg}%vE6JPdX^mk@8WM9ijK9`7^q0
z&6l5n_s+TwOHpEIFJ^@eJ{U>$>SMIWbww~3xsH+`0Kn2-PA8^`zR<DPV!L7cd-V5N
z{%qGyv}f1{w@PDdgT6c=SB8)|`oIFdEkD!-QAXFXi!bAz6?J;9ev#T|@9d#UGj$>9
zku<ZYDaulewPvAiypoqiP8X(Va9m2ug&QU^EuALcjGhC1cDko}ogg)Ly~*{|>}@Ax
z>Alqa#~_F=e&j6qX@KPE?y|(e=^{llR41}+^k{GY%G-*;;T7TPWWI9^0ld08FeAyl
z-ZG4Ewtx~SP>nSJo%$E6`W&3p9vHCoC1EM2&?L06JYv(z(e(3l2GLPN*fprJ{&wX?
zXvUtL@Fcvt0%DVcQ#Rp|8lm}$u01pp5i@#3I%__$JV=l|rC=a2U_L)0zgR>>8G-0X
zr8HYbP_{KBqv=xU)VQU^7DJf+Sua(u$qvfpEoNGeUavF8AFw$4$Ft4Y#<^BRqbqCm
zc6?lP$OT&hAf{h);fA=nF)S>s2Wk7x#2s4u`Jx)I0En^vXCYwj26T^W&xXhx)A*@b
zdg~@=(6b}!-^4Bv`!<qc^eKG<giipGm?Ueh<)fW)RPm%+{)CGW{r1{SKz@z<9Q~Lr
z56wE<t+J^jPbNTimA-zRb5}-nm4mr7)Xk)P4Au&&&FL?H7H`56Bf}ADLgP~9x{P^O
z2?xM34LM*{(xUx?)rUfYkE@0cLOQ{mzy;b62I1w&D-4LbyS?Rr5%|RSk+0i`{L;$p
zc^JFP%up?Mf;+UzT}D(VHHJHksM5rmLVwon;N3Tq1LCf85uEh|ra(XrD0i%;rT2uh
zo;QNvGw<2d{}~v2VMYH_No6@RK})V}X^4`rs8$<3kTbPjaOEebSl$~Rr0N0S6UgYZ
z<J^rqewf3aa@6Hbe;vyPmTgYw(81f2ibjk#Igj2M@X;{%tsRLQi$bkwyLDDrXDN5y
zU%PxU3=ri?B!Gt5*JDOXF$-pv1FI{-scXPuSviXk(9PWK2+2$lF?duo?58O8{u~r$
ziegm6+ZK)MjwY*G)@=^Ym$a`aVKcR_ZN9orpL|ZDWSR|sAF37;BSlmL2NE`MCy+@2
zb-@+{Z7{Q9ORVjmKX}XrmFW~eZwA$QYx$(2^ZNGaw}XG12A865Uh;mC>)ib9?OSj8
z*NqS_^>*{$vlsjxzj&;Fis24u|8Fte#n#HyOxDQjCzI~N@PC~AuLxl)euEv^U*O*t
zq%h>>giwR1QsYImie_WVuLL`cH88(YvUPNIWUZ*DtJafmfQa%U0Mb4S#H*f-IGkm0
z*MYyhO<>cVj+=>#wadV3H>*#iy3TX!;XU>F(B-rY9~<@3X8kU=ri+K&Q=sepSYSKq
zaCVvC6i<K}jQPz-N@H7ysv&zS?5vNQyK6V-k+E&Ru?R;05TGvO4cgf09u`da+pYPu
z+o_w^f^X+CGs@1>?LxDz8u71oW#8BCY(&2l%CRI$5**=3HNZCMcOu2A(@6nI0uH0D
z&zKLSPF?Lf_G5GK=}fFO7B+xO`ELTJ<1pN)yTi9Y1D^GnjwU9UH=Q1~i{`epYvJYi
z##IA{&$Bx_b9{<EZ^TRzliXw3v$AfajFs!RXGaR*f~L9MEXd^0n7RIYGLgAL+BKe3
zdK=H$Da8wFV5sAR$D4oY=xU8{Dqi)KMAe`I!;O0Q9{AO76-J+YRa!BX*k!h*1-PlL
zF#1}>iD%p`T<qb5_^9Z45jGs^zA-TsDgK)r@3F$>ZjzYT^xe<>{7w0|MlG-2RI=&4
zLQ(*9ib7D#i<S^NAhM{r@1A*7>8?{Bk9<O!IXDWTMZ_b6S48z#)=TBqKBQEHGk}Ve
zB;#QlFmZItt@*FdVASg$3ds5b;j~}Zh*5JylUyQLZ+skR*4Dy>F}wHQ_KA)-YYV`^
z(qn*kE`epQ#ktT=A;)sHsMn%3z!TOCGCtC5gT2spU43HtN7=A!hn2w~un18WU_kb}
z5<YVi_?%+aA~u(tHHbn8do<s}$EDwfbInes%Em=lVHTqdY+$C3T7KUvlYhhrlMI@?
zVHiXIA1Na&%2*$Uv*I<@bpm;xVg1BO0fl3MnH%khs9hS7xG4Mp_o-L55u^;xIeSd6
zK)|jiN&+FBUt=x>Kh?n4jAO$4X(7}&95lOE$P8G<1Y)q`O%UuIl-jfmwkmlwg5(zT
zP2xQN-E1KItCM0^XG#|e0-_ZL=D^>2idzt3<!n(1q>O)@<l;koq>>pxvPbC1MwpWr
z(Faz04TZzXTjpIoEcIa&*)*3`py9TSkK)W4$`tgS=Z{LajaW)18YhuIeHmx9W?}p-
zyOthP?s?+=x2+X=Kyc2zIrF}_s8U*SM|_4^TMT)8h?S?1;~`%x*rco5%6i#a*Z%E6
z)vJ<jc~MK9dtl&G|InPQCRR27C2(OEn{5oXd51WqxFp=Jtqc<74hZE9k%6)D+_ah_
zCsrVSf&*E3h|Juck1w#PF;(o=umF9Dmk$8<L#WMxC`;cI{{ya+%oayiQ%V83$|cRr
zJuhnVHW*%sEv`4%K=&;FoJA<*rk0SDu$9=02SIRC1+XG#_Joo2q$`<q#4;|HVAFo+
ziuL4e;roY#P1|mP%>Kd6!iCjcX6LSNowLhJ?M`<Ueg<GJ>;MFV2GP-HcVozTuN)U^
z_{gT-9Q&~*kC@JYMG}Akuok6i1qFpQwQ}|@2vZAqMh=KApuV+T->%&|l??`1__DeU
zd=@7Yke08OGmzaHxTZp|-=-hCK>rA_%k9W6Gu8KlfcW86;U{0VDg`*=9(REUQJap3
zA5#q<u#G3ho*XwbJ^5L(dzanG=<|)_@d{#N%gk+JpOOf`_jpJ#F*+9PP(9t_%Y{*?
zIzkK5?$52DU{X1S7kgfxd+k@g+5B<ns*uPbm4G;#ci?dKe8QiqEt06!{maNwP1kTS
zvL+e!#ZFLk#R1YV7vY#9T*RJAAv<z2VWb)Y9A}Ph`P{MV^oLp~WhgkC$Ec2d1&mML
zZ7~aOK%dq}$4sn9q!}1r-a<!Typ%_zgjN~h?T@@#L80{&>-M57?YSRDE0D{Nb$=G@
zN6?q8FSyG}UAlz$PPq-Fzm<v?MrAZ|NMlu4N?3Y*UeowWu^c_P+ZaS*>1UYBCA~6V
zwIuUnH)xN(I%JIn4MZh#OU`+zn<v2kd|<5(x8q}cgh}<|xcIrtx2<u&3~)sTfj7ja
zG)(bPC=PC|7<Qy$sD8LI>mNBjC&|^^bHc*pz_q?R9xkmoN`+?k+-ZZO>bgH-E}Lk^
z1B+F`jAJ;)gy8hso9;z!N*;(u;1Jo9x|1~ENNqwDw}YZ4+T0`oJS|5zzSn>y+M&93
zv^D5f=!%>0g~^Y*=ciI1Jv4IeLxC$F9+h6WX$G9^vRaiqj(7$ia`qVTvX~eJ91R8Y
zRvAVi-nvsEnWrS6$gB`vwU4)i1V20yEE6FV{6aSQIS#dHJ(`#O0&1~Q1iIvdV&jnS
z9?@&<m(Nn4D?jRFT#YX_RAze6F|xYGfWH*M(AU-}=E$EGywqR*W+#+OMl(ywAt4%7
z_eysQfFKKv9qhi$cw+J(*i`t?&Few5+sY1tw}lz-ZA=(~c*I-mL>dwap1$fC=2(=-
z(V;{a#H5wMxLp^hi7Mgd)f7%HgLCPKeca^^kiKN0k~7c@dERnxIbErq@a(lI8=XLU
z`p}uk6G-oT68yKE?!zr9z~BeeZ$GKK|E*g4KiK^L0X6gg6ksMbw|-K2|1YR>to;-l
zFRGdnOe=Kq*WfbIpJip5=|qv+Q7=b2SHC~Qipxpm=kKqc3IvT~$95gfU$PL+E)kyf
zqT^Iy;m$SUzDHaTFKN^{KJ5>Ezf?OSgCV5eGMlT*XpTi8kHf2azc1+w;O#yGvsZ<P
z6Xp<P8l9h%?+$I*RejbIcj5M%!`tal@DgvR-J7%%7zjIUECP>*o8nlzS!yxTt1UL{
zROZ;K;PEa?kccg1NKXVVaQHQ?K9H?+XMu-KmK4<HS@xjN-{HA|+98Hh!?S4^yF2V`
z7L(yi1=t!(EME=<!Nh!LNJRpV)-EQmB|609{19aL6l%z2Y7nP%0^^GHxUzDtCu_H-
z#g7t|qanYf6f4WWUgU3d03;7r0(cH!V~ZVFbSXf5OpT{2U*(Z&Yj-(hfA0V^+>c;&
z#IuO--^Bn6>zHjB)!+SRM$PNrA0Q4b4Eq0a*Wk?K*$-v5Rg2u^-0WvJv0eS5wOdUr
zDaN4N%m2{hsV)?NB<OOa8iH;}Pu)5U5~p^M#I+>vehw1W5JApWXYY(Nj};aU*+Zv9
zcf)pS1!CA^g-9VyPVhqQ?<`ph=&J`=Yj)Mqb$z~I6?0dOXGOV@u+t3z%kksS70bTc
zbx(H>#UI&6C2tN}<#t%5nAt0VSs{;xUWdM37wrgIyf3Oxic@GgV9g*MP9Riw;3&@A
z@tu0G;&Ij#3x{#NLYfDMmua@1WN5P64NjEWrP_*-G!$=z1-<S0;bjcs7w0#w(>VXC
zCNL5xdSER8;)Pab4D;hKsMUgl?6i_{D^oau^;HTY`eLmtB+aDwtAhDvglob(K%)uP
zP=-Yw6UZ<`xTCa8Bo;7`pS~TA+aDUX)M$y8s-1}m%;mUWd~AfSshVlXq4e<yOdGL`
z|CEGW&lazz`%;hvu75=yJwUUvs&j1QNYrN=g!v~FgEWDnyis2{e_p9u;%=y4Liu$}
z$cOnLT&VF%ygp7qxL7M6nr1M2=vRbf5a(h9lp~^;X0&Gj*po@X-%Y`R=k8Zyq`YH1
zl1zp}zn@qyjE#3!SIXcL%QQKbC8-^i+5xL-A=uQ6rEsKL5#^H5;jp44lm91Y=ONcd
zAXn+fT74pMq5ElR58T-%x}>q*ndd-M$0p2wpzNiFTR?6#L_{u2hHZm7KP@KR%EjM=
zuu`gx(z0X#>B<VM{dxx>oOGq7qY`+dD)j{dmNJ-c_u_U~-bh)Y2&Be@>r0{wh7Zq5
zKOlx{cwKD_Oz)Ty0)b(a0pvWbEH<NR&-~sKmB0`b&|TWdQ|`Be(9tC&10`cCz85bH
z=_cws`yVI+5|qp;5oQ--ab>d%WzGgKj&4vMOxIn51uyReEtLK-cO(Y3#-44)*ixpo
z$lY`r$r^S7J3)}s=8Ived9D|Z`M5|&J>CZW%6K%{ghUm>enHCqy$%D1W~JuVFv6#<
zz~<I1zKDL)?)<g%Xiqa5X5z`}B;yfNICEX_V<m!<QWKc&h4is^D{un@-xYYKnpA6r
zM$h=qL}5s<WoPPXB=%b%Zs|W@P9J`xD?5NUo)mv_Ts`sZVf+Cz$1wX3nDO&bVoTkr
zLLnmYIE{6NsP-$h>_|P`!y`n&q#6SY(i%Fgprqjh1b@JMEO52(eUjIbwB(o*3<ZSy
zqjrd^<txCutRPHU-my}OQR&sBFghxYrgU}EA4naE7mTl`Z0w?pYNqW;ul)s0{=G5w
zd6`?zYW)^tVV5Co>qwT|2OKVZdj4sjP@LNa#mo_(57)Qd1;p^Lo##1<>&bEN7+}vE
zpPo;&D!R_*K)$jsaN#}k=L^jP+r)JoacPx9-frI$ockQ-hs;Lh^P@5zshp9>d?n1i
zey?eIh4}U9%r@zz;^`Jxs>Qs2Hz!ADBWf^auhN|k(v%{ca>=al(Z>&Qb-!RQK9u8K
zo<d=!vHd_><vG??;=7^3Z!Db5<#&a2z!m=VSj)EUW!~h)uTQ|*D->3!;fD*=HUe+T
zYRJ><ra^Q09WHwOC;<Yoe=Ta}j|32_fgk?j6d#BKb2r_CzLd0-sK@JfCv7B2#EZQA
zAu}IpBF{~dH>c&qI>A&xi7gm^#<JQ(bExaG$k;)3dSyHF*HxtqKeAwI509gUnHXoS
z+yeVuu>hKE9`@IKgBAEaA1K5_;+L~!{*De8p^Cp)LeN7(o!T}Y=a4^SBs$g2BIMYm
zi(c)kvyAl;WO*gi?ch17=CzV=&vxJ8gk`t0e(JYdq<V}O&+~<iQ^RyL?mq-E!^DyV
z-<8Cy$)<tWV@zfz<rMwGXrO13N2Aj%-~=dPas&zgk-@;n`lJpO;!C%<NO2C`+2`-G
z41MxGM<2#&ApGQF_pFMl$a!8GIp*J*tR;uJ4h0=>WUR0z*RRh-8m*K~&3zaSNZq#J
zL*E=5!~m~oLQP*5iK!YzH;?ywVYW{wjykiR)2zd#@Bf-#l(5pElmDr$+5VJU|NrRB
z@_*BL!~Unx=J!)*6Pi62Zn;W}<qo~n+yauq8M=g=MYgjciTr7yPD1~D&LI+8YiD)z
z&@m+VA293Az)E<%U-eYv@S!ytUk<@-ztoCs1f{BV{{E9EaHxO8t(@3O%4Tyq<d;A1
z=kfIJ;P9%sd`RYH$a5GFqaOEnXp4GyG&qp9wVCMd2g{+|Y$$L_H`MIG$_YFPTZ_T7
z&kI5#mCKjY(JIqTj~&z}Tr}=*cBwyDmP1`-XhTa^#}*L7#!wBy^m}WN@|L*h-|usC
z7t9Ub#Uy%$)n!O?J8dowyi`c7tZ1sPN;<1q8u{3sZBa>mb{u%VMZ~h<Iq5>5&Rs<D
zXo249U)vBG-Bj|_yi*8LE?)oi=}-UAwk#odS^+V&PL6R#&FA1||6IRfWAb$NHIZWO
zF^Go9LzIQ24apYxcMY_1((Me>q=~B@eL0HZ8GZQ^ItQvTaw?CHc2RSmSMF7ah@8(Z
z%~!02ad~V=D~-CKYqX!IsG<YK{fr!vZEWE-SF&^nH^4LV>`fW>ZbVrc`pi7urPVrU
zNC!O}{-S*{kM=w`G)kcxFycojdcetrpLZfE4;vJ-GQumK$zRk|*+#8CWwa`QqlDRm
z7dzR|5D<tTV8!%Of)H@Zkn5(ELScZD_)D1+AH+G<;}!^-b*bXRbW&(KXeKPdn2}!n
zCslspNN3*uMAccFG9*muGjI)Pk133f*E>y3@3yPbCMC9+WTaV3iP1ne1^a(O=W^;+
z$=bk2hzG2qcQ{c;1}G<3Zw(KP>X6A=Yvs)|SUw?xq+vx5Y;~zL*rp36_+U!8K~AO@
z7zv{@n=pJ+#9u^9KI7Ps(2STD^WJ0l!j_tJ(d<Z5^P=IBf8`Q#SJuV`=26?@vbNho
zN!zDDP}ht8=@?=9#D3Kj;d4ePQ;xf}icWhdHyml#hY^rX<IaYp8o>hS9Cs}_vElPX
z;RDd##{v>%k}O%hvD?#(Dr5AELgJS`V^R^YA#Xwi7cpuU!E0%WXd4>AtfJ|Hk@d8k
zYr*U@Fy%a8P~9pRm7R*xtSj)XD^LCKT=mmj{Xne`(<5<8EPD=yhaQm^B}i*%y27~U
zVApFyYf!V)c63qv6OX)(uSnRtsI_yV*{B5P38oD6YdQer@$6}?gXQ<HAXgys%#qR}
z{znuyI3E551pW5lt20t6ONd95VU7-w395J<1-FvP-FcD(uQRt2oeYczU=9ZB-g)V>
zpVS5LbQ(EyPmU&5y4<oEK9!yQxUqDQW?A&c4~{toSsFQKD@J(_^%9hNB0uf(RWj7s
zFBYmm#C=PzpFR>Hg&^;w>fSF+6U5j;=Qnw}w(;Y{QH`W?`k$6so6sO%(yqYcuOY;*
zbJ~vB#Pls8m2^bIkXXa8qu_FSG*&<k4eqOYm;8N0rFsI?6^f(c>5IR>TabzwQerQz
z=3-qrlQB7AH-06@bZ}@1FYkj=FrG`4LBcw*-k?mzvo{g4Z3`{8o80HFIKBH<n8@NY
zKCt;{>oIVVwJDmkHXhoWonc92CtGU^T%1@^K*_ne%-TYLGtHQ9(?+;3@DspwTfrww
z=88J;=9w*cHTQ8vK;GVSL7^*T1#@;51vN>>9|!Kl3Uj~qL!C{<7a6Xmw*2;hUp77u
zSkvbCt*wjn<y2QRYB+@Qe=+vX-<AK%)^BXP!;Wp+R>!t&b!^+VZQHhuj?uA`yS{s$
zaqoEU+0QuVr_cHa)~o70YtAYL!`VloP{v6On}BewodFuSxQw=D5ExTSZCD4|A=W$z
z1%XE(aq+d}xta%_c%AS|DQh*u&V;q(p_(FB(%>g>te#+s{Xv(Ns;@;F^$FL}Kr30s
zoRv9HEx;*-W*E=Ta5tr_J8)3h1J_YrDE?6A>WU6U#5eAeZ-h5_i$#c;RyeFIoVVwi
zfD6-u02#oZJ}?WD;#&Oid^sFVAv|FB2|Vp@;ceO%cUdWG;jq;l0$tC3O>w#N-{7bP
z_1HbuJ>>tcOP<*4H_OAXUW|}0gU|iuY>x-0Jhu(|fOE=&95EQ{M9<8h-hF{!y}x&F
zfWm(k#oFK55#eq?6)wR?H0`>|D0l1*;yw-oZgs;AUcS0f;DS-`68MzdYuIL}&K6Ks
z|0y5%YZ81*@hJ*ZzgiH%5;mY$MC7wx`twm<HEp&e@&!FOgAZizc|+q{FQL)*KNh2{
z^m^!jic#JFq8PFKyBOKn0bJ2veE$@qRoUj9&j7Aq6D=LTBKU)+e-)#6k(8qBHqr0*
z81Z@61rq62{k2ea@;i4o9=_SLwAP#JjE!{#Lh6;6?Y-z5t|nS_jpmE`_gAHBcx`d2
zg_I&wTD(qAs%<y3-mklqSYsXCINnVvNb4p?k&$aLO1|?)<NAE~css08+NtU^^RNK5
z`s?I?t$?eN>)@W;Cv3%L+g9B!V_vQ5ihvpQdK>e~C}csaf}cL^<!wzXFVa;Gf~0Bv
z%g@3CKk5VVAZr@I9U%NK;M&dV9t{;z<)pFGzLd)|xFS2K%25xF9Bq7R&nC(zxYZBe
zfB*PlK;o<kYbJhP->D60dvj@1t8`7${jYjN+uZpaK>v~~&`RK{24ZdaYowda4>cRR
zr-d8sH)2X{wS<@(_53M$(V{=p{?hYXYw74|wj&I)I<9!+^r*OV<n#yfRgTLXx5I>Z
z7gfh;#le1vVrTwjuu>zd(@MZ4-fX(wagCCq1`rorr4YloDh#U+JC#)ECNNea+zqDU
zdbG7Dt84Eck2KPIo+rn+uC-Z1`pi*bdc?whp39R(2C3eQWkD_~Fj1bYRE$-@H_#Mp
zoQcc;Ry+#Y7GN>Kt$qo+t4*4SM2dT6`Uq1e`kYxWy99_H_KQ+xUj)UR<K50K!KtV4
z&Qll3hIOWNVy;xos<wE!$r7A}nllkVMT&-Vx)V1E41NFEa>`Lga}jZ(qGPqG={gj~
zCJnP6dC$ZWN}HTlv1aZ7Ua`723+A0R2gHZ9zyQ%ZxhbtW&`)QjxU~n(3#7*s=I<U>
zVI21W8TifsSHKc|h@iXAAmgpfp%3RsSoB+7<Io%!B&2N)aa|B5x<aKN$wi&Q*)M5}
z<V-vRo|X!JlF^RC&V!_#7kqEM`$)@(>lx}Ry6_2ChSFxjg-t}R6;P3+>OyjHvo!ny
znhijF=p6Rz_%ELcjBT+5cA5fav=c-I_Xnq%WeAdQt+M{ccTB3ci{tj8qA29HqP$jD
z{j92M0<nmM2aTYs=1>umPs5dMfx&eVH>f%f*Q^NMSVjAzgXi2yb9RosHBoECF6Hu)
zfN8WU-Na91p>uW<#|V#}*Hor68S`XyW)ERdY>+S#yR744=2)#Fk4X{^xZ6k9Cw>AO
z;154o$~2!oq7SQRwXr7Tj$QC2(+m}ePN|RD%j)~P`JAepCtZDxwQ%Od=>;J^MY4N$
zZuSGr=kS{TfjF(&&y~}n0$YwFV!w!8M4}?*T9!!x5Nn<!FF$#MWTt<xICM3?@YWUB
zuMXnE@N{9@?O#Qq+-ET8iQisb6jbNlXra^}K@>OFkRY7MG1GR`&l0;uUxMo}aFGl~
z?S*({dC?A9Nu@=OfYB*%iHFw9jGt$K2S%M`V2Xf{4Cs8*5Zi$Pc~AZg`%6-{Z#K6$
ze-X*SAETlrh?sAKf@!-f&$+lLKXiD*!L|JpXq(9PGiaLd7-IdSQ5zqEzTnuQ-*@Wp
z>3hJ)+da>I?{d<;doO7VXq2Y$kE_K?Rc9rp12#d6Me{VQln!i)i9p!d&-;d-Gu`fN
zm!63{vRypk2ksg0WQ*oCS`7F@{4M$nFAW$`japP3m47XfUUV=+LJ8mw4481i@?W70
zt)D#1oAYW%iIgIx2l%fUJmET|fv-N%AUU1g5uC4$T2<$QL5oIgJwO*6@y_di#RmU|
zBT+=_!=F0^<3`zt50o<&C*nrgj9-f(aV4oIF30nK@&Lu^@uxWpy{J<E4E<4;P#rT`
z%{pwZC=72MUZAu>rL!s9lX*beN=|{ou5~T=#)-SyP(j^1%DuFY@KhTE51M6*MZvN9
zFxe6?JG};;={~6#(9|#>AA8id7?RRQ3?$zkJX09E91yEov}7W2_?U-S3psd7OzzSh
zbi5=2?^aQI$!|BG!Dxrb{EkL%y7-E=hp3ilz;=6Jp5h+p!}h%3gDZaD&+`oF&blvH
zV7GPC>L<eBIA(t*&xE@HXH{usv#>*zURJjw4EwyyTFe6H&m@N47igkVl^R+Ai0W(D
zPAmz6lQzB2iN3T&x~KJI!0O1?f5Q@W#q~zazudM3qB%STMe<}$9hzz9c{!HJCl?R;
zYR-HCOwj+`iyHoUqO}1E1cU?oKfjDv|5c1sZDKPykiL8tJ|QD-Xwq5*maNgCl*w&s
zD<_{I+xEbe`}j5`6IDNN@Nm{rty^S0-4?w2>DOkbc<!hADpx~mL_MjD2j7B&YqeqL
zdyG{U?J!r~I|pKDNzl)z7aDTts)&<UE-rR`J%>*ks%^*Ouh2lEbZ5o~Dv}SJM&nIn
zxru7AN_o3B8Rn6}rR!a&1o?nnSGjU7#N@;?cCc?ErLP;OODNAGk~?FbEP;@lNMSxw
zT?YRIjnE4o21xlaw&r#i?}YJ+M9~7~h%mUTa2l&fzuRr80b-@@E^9?G6qL}93v|D9
z(1cxRsmH3_USzLnyWsZclP}f05~i|2@5vu}QKM50yP4rmj^5m|;~#a%+4%m5&g$xM
zErmW@zhm*ys6waj3|gypvpKa^Uegz6jQc!{mBm>(o_TNq_Y(7j8;w8O;w|sY$uoi<
ziz&KTrXu_3^i3gcvDYl{NnH0|9j>P%rtS-C-`HY~i}T2seU%dj>>p?<b(CPp*2Q#^
zt8o4>mcyY$1TyAtOw#A58H?&xU2@C_bB7fU$qi1mIs`eKm*i(2{=JX@df|yCgE5P8
zgY%LKI%2Q-pir3oslZh$ymKuNH@-w%8_(sqCt(pY;xs7D?4j?W?9WwH#brrMpwE(N
zyd%}DI+~IJzKVDl;wRE1f=PRI^?X6te$HhDSOcyIH(#M}N*f;mV|*#B0vdr}54D&#
z*V927@ZkayQXy6*zOgrQIL>Q^GBSAwMdlI38eprXxRB9|-gfvcKa4UWjp&(fHd=lY
zp#CuzV}`XkX@YXdG7-Tt`dzGkbQ1jd90Mhh{sbk3h6wGhz-opqj0HKjEHixAhgk2q
zK+NFkfct*?>jSAMx9^|`9BvI0Ho@xka`PSk{vKp`=ZE(MIS5{no8@rbi#N5ECe!I0
z?e^jmh{(-on41eR9pr;AoO)gMugBrAe(<pAV{X4$*fqFCGb@ya^yoinC6Y%b4wj`H
z6qowRQ<o;l!LG<}f^o&SO!rPYF}RSklgMoJ)Z#OI3jG>JJ=be^)Q<8j(K$Dy&~gR#
zRe|}J_+87*V7aDBF4gYRFP+^6Wy~EDQy8nwe7N2mAjVJ&lVY7!YB-7(f>sGRm$`)|
z$$x%`AnH&_rn>IcI_F9_ac6-0=Z<>pkCaF|;GX-Iuy>Xe06ES|zfgC%gVKYZs|w5Q
z8jxY1*7=POnZ3jspim8EdK@Z*t+No-e*!tfHHA#l(2lGy;W07?dRh+fTMa}W`c4bE
zuLvDLeD?*U^BaDXzHWUl>G}fx{{I~e_h53EyZ}oU6Wsp{2DX2|(4?y81OS6?Z~8j|
zHvV<=UwQq@%0<RCXInBGX4yAjv^b*@Kj(zYwX28DT`3T5hpd(Mo$fv&SKoJEHM<?#
zO$eK^IM$02Is1L?Fjvyb^J|}TuO8a1B|*jb8Y1|M)1`HVv##!s&sKIXqRjJ%%Qa2H
zzSE;1ne1dmuLF+;?fH~3*bxiJ?-ZFPk^a)QXDUH_piY~vxo6Z`QkRp5y8~R07VQ<%
z>_*4!1vw2QL7aj<pZ1D&+_@J{bM0Ty3}SEPlE<-Yexv?@D*`k9_IQLRDBARP889wI
z!Mm-^mK1M+O&{_P{w~+s9TsH;=!(vjaE(W;0gAFNnQj5Qf2|A{_^fNdE2s<m4LNnc
z3(c5ww?~k6;$J=m62@IAH9tev@~)Qr(XJmB7tQp+sICk=IB3-f<o~8r4ny18{o3PI
ztmtkS;dL`(X)_W|<mkpzQ-sH;7Ugy6K^ILMjs)oh|3&x2d}#{H;~L2zg}GlgHc0VW
zQygfl2xHmspvJ1K6~{Aauaz1g*`ka|YW1%8g9;%5XOFLaW5N!3CV^wd)OK&SF4F9F
zOm_5sYC4ig3+$CfU1a{54@m$1FPpA=cW?KhFcC?w;UCO!E{O02k7kcer#0hqc0I!8
zLnPv2qow=x+z<|t_F9nUY4zqssp~x(gz=*IbFnLIOTIQAEM_p00>Tb|ixZ!o`f-(1
z52aMSIKwd2W}%yKW#ylR1YEekngUm31BE)zGobFypx{)Rf5ln`;zUB;cjYta(jj)y
zBkDk}!UO2dioS+&b@7b}QZWchd~vb#>M0A>R<;OFil-i^7j+jd7O_Zzy@>#AA5=K6
zAP??OP~@=2E{*kSfp&11QolBf8io%BoLbb9kbx2J)uLKemMmIl9lL0KDvJt4WEtMZ
z<gMw3F2f*;eaSlYQwtGY$EP9Dh<+I~2-1&12K5`ALbFLc9D#xZKe$$KzJM2oFOS3`
zs|P|f@`>UW*aTPq0~?Lj@=RQTt-FZP-+&)qZ&$11myFdodACXDv3exsHGx%oKIsM3
z(j2_ai~yW(jC*Ir@T*^m;6Ko5{#DtCEZg}3R<D}__R$P&qC2RIKhlx^_9w~YkYs9c
zY8phl&7BXwy^$z<n<$21rqMY?9JV{l-7lA(oP)=X)8R<~+^o5M0?em3mrZ0<7#CcD
zB_g4TK-(1>uWC6E>6*~gnC*afpMaf=rn<am3)i9hmFB`9Jb+Mw+{&imOEW>LH3VTH
z@m|Rw{Uj2%D>R!oWI4Rh<FcgCdY_Cqs!+6p;$!L38h_|5;Kf!)4Nc(5A^clbTL=d;
z@^>v^s3$6F^VuCbs^0#>2#K<H248QzKQ36GjD~|RWPLs01iOdoL!^N|W0Hbn6+KV6
z-R0<aBA=I{9#YJ}w@iLM!Jo5Yq0QY#`u}`+d4l!nj1<70J;1Wd|4FX>_Z4QfZ9r}q
zt%sn_?Wgms1X?+Np&a43B4eITAgMQyYJpLHLRowhYU^odYEco1OV$)+OMag#vEtFb
zn@=z3-SWj|4LCQM@!)%L;0zCBUC)8bq8@!Vq8e!w-cR&@8J=jfc@t+Y?)7{<SZR#4
zdW$`KR0ND390gNn#L5l!I~q3XVkVgR>U3|a+fU0DdJi_L!Mo?zbS~a<Fgx&Uew%U8
z%W=-GUX&P8>)LRyR3eMirBK=QZm|Sr&4(z>LG%}e)R*?Mk6(vnKVfm|SC&%Sw1vkx
z)#%jHZDKz(EpDo@;~sTwyYh~;*i54Rx>VJm<kW^9nX20DMjrfQPk6b%>xK!!(j1I0
zi0ihIHgsv%+lczS_wvY79J$$iI#m`3Vw)N>v%TY`(^wJ>wA`k?U8|b;EN)yW>mag`
zjoyZsgk39kh~IfQd#%k{VbT{gv2m+fv0hMZo-&i#@X(k?0ZsD=heA)xKrI0xO)wfv
zklY?SSbNL@gPE+)#@oB>l%D@r!LqXiMf<LqtJ0l)c}&}qt1?VRgH_c>QbF}aaIarQ
zih%@p#vtMo%P>oPh<d=!{pA7;$mX6$lYVP_cl?$U+0lKnQXb_&n|$KPWok2fC{2bL
z0VnS%FeaXfG2>`Nmb*RnP8s~1?eKAj;<Ze?Qv$PEIn{EP>76+(mR0yvq-lvE_3`iE
zpEPZkoL1RKXbJ@NZHm7!Qo~?%Z>-I%5f1jwi|Piz+n&SMS$CzV1XJO&9<?mFeWKFT
zE&Ddr=<&Hta7g0?OR+|2wF|f?XsBsP$RSYT9w<qI$O*npa7QP__a`YZ*>FbjWCVA)
zwV}jGh=v83DSw!VI0SZp-$4oTDTatEC8Hby4ux%F=g8GI^dqcScUWUn)p8hTFmiYl
zJwi3Dk#biZ$EkK!^Gvu`a{SB-KX?w7OOQ)J4|*YJURBGc$HR`mhD^QDex3Bx(wF7=
z;%0%m5HAJpd>N*Y&(`yNNowR^w%-ub`zdt65Qc-mp(>Uj)h+~)aEMr-d`!}`{<$Mc
z3FVL*;P6Q~mNb6r`)2u$o%^5!*)-^Joe8!!L&a;Pf&S!~(GQV;9;XV|*9-xs0hN)+
z8McUl6&?kSA9Y@eES-1QW0!&Js#kM9l8xF@NIXM&eOo|(V@4F)*w(UYE4o=t0kk&a
zq0ihn`7<jjwy6+<j|vaEB9Ov!x@;rH_pK$(l;)^KH!HEhCdD|xPr7d9B+`Wal|Um3
zs(lPZV3-aHzw56QL1Cr_Po`VS(;?a;rT-E;+>W+Im90WJ`e4}4pCVK;w!c&n5Nn_R
zj**RJP1rEm3>|tD$BSmH5X><9v$k;~ayd1CZ}~UYQosl8%ZBQ&0(!VvO(1_o{|tf1
zcllkrXL`<m?r#ino3h0K0X!M3|CurWKJKOQ|2=$$++eVTe_FP{*r^oTbaq&~<l@=0
zmHBZRHDm%FKJ099MUow<-4~Bk+ciy-`mts?>7)3uYpJ#P6^fg`b}*`P&YobUSIx8Q
zyUK1%-$FN+{<>777tKhHTXHS7HZAMve7;Rinr@`LvaUDCnd=wYmKvAT2Ah|ZteaYC
z#y^2unZr9#k5CisCGVzll0WNrQpp-?<Y>eftb{&(Bs^L-Q!!x!hCAl8zlpO_M1a0r
zby%*<tJ{Y(2Q6Stm(FVm%YXFvhuP>{2t)z5O~v_u=bJ?`ty(JfKV0!H5~;eXRCgOS
z*I!N~z+_kj@Ie)CvbAO@QZ8q%c4@G%Yp1)nw(o1kQ$u!BZsU?cus&+qCF$eS_Tq>#
zd8^+_@e#6a49Y-4wBFTHjsgXxJO-}&uxR!27iLx`GH)E8_VL(L6`uEJhXjt;+rla+
z%96?Kx7iMdl^qVtd}ozVI47dvP)b0w2w4X~BSfKb`UH?!1mWI9YTI}&Mk$FdWO{8`
zx3~$}s~BfBTa)S<S7EzOwC($8;UI2FCFOpu<+|q_V#ythLc{=#ZbjE4ACiQ5`(6)+
zKblAY>Eq{8!8nDvL3xoB*wkn|)h}B@h)C*s?zm#}rr)hsvDVxC6c;)+pSvJWuA9Bn
zh|t*;&navhyasc<S~cEmF?pxMR(IARhx#z0@|>Jj<_V(NomiH3uc#I)F`>pV)KYw0
z7~_WlhYXP>f(5OPMvUAkZ;O~9dM|@6neRf{&{}|*U`5ALMyMnDe0ojXrwlyasUNs|
zi5cj`BPH&lloVU7n(B{i<YxNz1O35))-KQd85?5{MDG?RW7PYdD+ZThEn#SV+4jW9
zOxF<q2XSZ(AAyHJXClgV7FuLU3NR|EXi0YqC=NcQeXtDup!87M&{wF0>QyE0EOVmp
zP`tD;Ce(pnh&FGArv%0pa_?(aQ+HKZKT*$NhoSFoa6fJI%B#OrRE166MXzIB^bIAZ
zxIv?sg)i5D6;83r{^+wNY;cjPDA=k{OsIyoE01fKIBE!_+O(U>s__ZzBXJl@wMsSm
zb;nf(=;coF3O7R8A!p*zL4b_+_c1kQ;+-G~+zF%sI|`~Zj7X$#PqEX4J&)rq2I~1s
zZbHd5t5w3U^AUeScFo|^yVCCRuG{j1)&7*GSR9?Rxk2j~;uaY7Jk5!$3;nuK-h4r;
z1>@Xvd3N{4)IxnWlY0Ddieg7kfJW}pIwl}s;5L@yvpRNHQIqjBrQ>udie5R|O=CWC
zu1$Rwl7gv@yKt8_yy?<U&t6v3JPKb@b!g~aFRC*AJz!YRWrbv0%hgMmCE<#=YT?m8
zESULn<hkv6r28$IIYJV40Oh4AXNco|z$tdh9nRQ_2N|k>t2vKoj@`Rn_s~70gpDx^
zP4+b8bFH4kopKWMr`^coUq8P+M+@)|$vbcFR2Sv~f(-WZ#}K3EM#}vU^$n+#W?2<i
z`#E4fJ&s5kz%8u3HUj$gOlTzruPN=+^Z6V%R_21sE@0Pz;a>agQK_vDomMSrCbV6!
zNqwa=o^g^>q^^1-;8`1b&s3hN;^5@YTjJvWY(^a2Esc?Qv-;4{IwXl8@j9Cda<JE-
zc82gnqYh^3Uy}GFX!e{>VQ(hq#^||;%Jq-Y(O>V5!=B$SXmux&jmlR<VOBI%{rCn0
z4`{xdd6e({Gtgmej`FhYxJuM^PazYEC{P%Ykd$cTds@YhBRki7G{<?tQ1{pEzVrw*
zr>A+|^&7nH4G`=3?~lyr&PkOy!1FWaf6?guYrA=sniW8OLi_Al_<|gAgZMZ=W>o_A
zw=6!BD^C9cf{_b=!TLci+j8!!x49>|IX)vt?F&5;>vY3=g8$QQC+BU3Q<1OPTD^0R
z%pQ+xsmdaBd*ky({dfI^OaXRAg%PMurx{nfo!$4x;dEO@$8il;W1v0B2t##6b0?;u
z_Uo7OjfI{pyLC~Z_9oMgn$XT&_U_;F$f0X)0tms=XBF<YNsq6Ld+Sacs}6(5{L;WQ
zL5?db!u#B(D~=ycx2)#GrHMiFrM@zfwSNn%u-aw>5!jg=hT}Y`rE3W~Mt)T2(($(x
z6wZ9kWj{`^@Ht8?n{)IW9uB_vUx4}&@Y|Q#uxxqFJ*EbmWcJ|2{NDR^_A(1uK5zQd
z-62JkwYZV|JA1jd_V`qi1K>;5GrjoyOzwW{X=~VI2mZJTsHiwT%1H&4<zz;Tz|S7t
zCXo??+^N~FHGyVUOj@J<Gd3s~(p}XTt|o+r$w1{4Heh$o0;R@Us+rJ>y{P%qi_C0y
zB}>+t+SYP~-rHb9nhN@FLD9tB1)0R6EX|;(hlV=`Eirwx<3X@S3!xzXD5pd(E!bGr
zw2In3{Ucp44q?e{%yKTdnZ6=L@kQ0<VvL523*K`KM{ELdK8NPhbmVV)1CKKhhY58j
zRYAV-%A6|IZ4&&U_QE$)WqvMry5Li)KdM~r1O%oI!!|q3k7nWwp={OmJ8Fq}Tl2TY
z*`yIv_H;@n`M{sj`o1aJdNTYtTo2~Rtdj{y#}3CPK&kjUBnc}_B)XDFBOVx~oK#6=
z#C@}($%(b7F2;Hk1R9l}2mzw2M$3{b3P_}kWE{HY*~6X2m1yy%%Ns5q-mE(WtTx@I
zB&$k==V=}nCXpn8YJ*D^Nz2<UmS~R=MFhvS^9|#X+N$)PyyJ?9h48lr6x3Y|16b$|
z3J~?zkH|=mXx?t-I8=f;?u5OAuvs4I3T`lptv(dFCf1sr3Q06p4HDbEUeA&%{P$@G
zXvOZwbJp|3@DI$UP5M%|)dnN5WCF+y5E)p%goLc}elnCvVyz2<!%~5f)P=&pQ$asg
zP9jh-l{MsF<sX2fOSWI;qXb6$vPN89gArZJsr6&Tkc#6q12&?Ks^hf+KBSe&<Fyk!
zq|N&2xf3v=1t##XPmq8oFHm%=1lXkqEVf-R(8dL@c^7&?UruY@ttu99B(HuKI+_14
ze%y{>SMoRE5q0LR?^GnC`x&qpz`t`cd$k%QQ4<2h@cYdF%Zl-rJu5_%p5o)T(CMvP
zF8lYR_tOLa-ILyboQ&d&e!toR-hFULKtM$Q6$AXgnP?dq{t=z3)cy~jPW@0Momloj
zLv?{b2mH!7WF5e$Q;8!n60P;H>n0H&zSt&EHy1dB%*m6r`9tz%hrcD-?MP_FyY+8j
z<=nHo+LOxm73SBc4suZsIr;_F$^)L>3pw5A^Q!OHt!>(5Nryq{m!OB={5Yr93uJM~
zt2Nmqs9k#3Ipj|NMhzyd(qD?FMyWbGzil>Vw2<2>6PJ_C&jZ@`_w5?G*A99D&7E>&
zk-s67b$a;cf?Q4ewB~_(DEd>^sbuNs4q&mwyPiM}@F5paud92%+ij?7jc94?v{qPh
zDpUr$`?%{&PvEU*qcd=?!A>;KV+e-o@N9$EKc8<^-Ca!T#L;|BF{?5>E@Q;fJ{!Dm
zMA&?{!c}9D&~F^}h419v_!gZ$6g>WLXz<OZgwA3*PYxajJWb&-aC0krvSL4P;2mwX
zGw%!ZG#`plnau~5VSdFH2ykwrkx&T0NTenH+>N85K$2sppj3q#<$t`U$Vm;z{P3#M
z&KA9`+-h;5{Jnm&q_W=HBB5O^s7Y+NSW*2U=qNI14{nBn3uzpfD%deqp#OtNXu%{Q
z&gE+n0?696@Yc}uvpJ?yWNg2LzE`UDf)F4}8|~z<j2NFgaJZkd2t>(@t9LuhL(MAm
zq#0(Qlqn{13!&2XNU#+fNEKMi5Xm8h>zX)%;UAwf-c%;;e1MCM<-M(q2NNVR$cWF0
zRaA4aZjFtSHDIWCJtLM)-o*X=wMi7Js1~IVsO&P*k4N1<-n-!&D7H?NXa=j*bJOnj
zjhr^pp*tWGHo#M4PyQrC7_zLH92(H<Qiw;ix8@H$zU&kpbBuL6E<v07ga0(MUdL}A
zez7~+t^d=NMMkGKqvPYeeCJT5x=UV$ijJnV7-HVf2oDQwN2OJU0Wa8zp|&EJi+EQ5
z;Of9y$PRK9LtEv?xFhjwBUbeS&ls^Hm~l2~e?yqXuU|4_RPw3RUGrO5M0XiD46kgq
zaG&gSAw6uoEHJdZF;)H)!~sefifEhXxSW5jtLd!G{X#&ZUxq?v#ZgmMhHOkqAY{7~
z9yI`(kNQ8FkIzPZM64A334O3h_eNEpr}+<!9ylo7#h<cwvPk4Xd$Jvr14~U&gavQY
z5BvEw9DY2*!C$#;d5m<#=eoif2q?ljPkqTG<CoYR78`zRzQEt39CYI-^y65<rG_M+
z57efHjD)X=1|=BG1JF5eEKYezBZ>Y(nGIzcSu&y68p>!2+qq;yq6o<&$4>g#%G;N4
zRA>**WkUsq606Q-OZkRba-rwu!Kh4lwM61HS^H;c=$w|wG9`s6J`S;E9j|i15xA`q
zA*F{Hj#~xD88KR84v~s1I`BV7X){C?9bh?ahmkXCAmR>HqXy5~f^l09NHXdm03VvH
zItV|l?y~(}INkN`muuZ9Lhn!Vr%cc@$7IYyvo$S*DLQ<t{G);1T@vzxzX#zIvgF)z
zV`c<Gz3&O0Z;`!UfSb_&y?LqlD^rXG@NuvLTATloR{s^w`+sTWKR5VfpjJ<}G_6%y
zXIu#t*CLqc14KOE@=Nka@gJqC_a-jsQafvDyCo7Lj0J_$EQEP*FkY{x!^W~Hzo1f`
zyM7CGROnw;j>+)HeX3R?SeJw*(sB)H@|6_VmC8lH0Bw9!M<*wdR!bTT%Z8l{)rypq
zAXZGLz5xDA4q)Yoq6Jtvg2d}_0agwmSEX2<QD|}aa?Q$B%+b@v;R34DDD;bvmIXg3
zO;qSFx5@}NP;7pPXxI(lsFj|Z1bk#1^?Iv()-Yy!ZP78V;9|^FmvGI6zP~D@RuR_D
zud^9Y5p=3DOhx1_A5y<6id^qC|4RE1HeGK{2Mef_$HRxPo<qJ_ywz`;8$1YjbA}mv
zbs|M~2+Pb}4FxROEV~r#%xi_i+&8TC(yHDdOwp>|gEoo>`p@GPTB?k+k52XvI@ToJ
zMrNQn51%K%9BFk+pJd}^X+>HZde1n~!yj|DIK^3C7OlyhaMU}^#-8XVndK1pC~Vkr
z(19(7b5Vx|I1P$R+ExhF#n2u}_Gk2Hh7<&TbhORZI=(bA#~PAHqT-yS!=`!|%imjD
zcK&cJwLK@nGShog_nRHmsWn`p?~d({ON_~FJTMB?gy2-7WTV`gX7EsP>k)FCB-CE5
z+8Q8xXQ@|)mZVB@i-TJ&GMJki;Dd#f{u#!&R5w#i@FM6(pbY9NjOgh<-hlbaCsz>K
z&Nk;oW2a;<V?hn+LYv^QJucl|U7o_;4C|yIJk(B?T|sNWOsQa1y$fPwUY$U<Gbqw5
zBL7<2Oqg07(+2`$V)(h<<Vx#l78QWuN!=}IXE%3$@T>ZfS`}WucBAmc6Af2{%W$-S
zVi_O&Mqyx1_Ta@Gt$3pl%rl7tYG95ZU$h+iRZg|72Z&5&?aJOprYu$DmdoY}G1XKg
z$J9l|OGH4ksfy&cFjtuXiOR4uOrsKn%o&c6w%YhFybk@GlVJV5;K+(NtKoQ0%er5Z
zogiu7mMSh`R(D|jd6-`OXW)i5-MoSV{nA5VRN#kD2>A2VRRD#n++T<u9D$kyTHH}o
z0oY%85_kziLK~!Eh4WSP$9QI^1D_KUcP^QLbU49!c<S`!&&k5A$OLPQSzkWl+X@Z|
z348r&iPUQD@eJ60Y`SN6`8c$W9*;q(K5dwWWkFvF4FMs!Sq;QBs;EG9M9LPxe5wK6
zI;P{mLuEBEYAB6u6-|h8MryXtMe&zLRZ^Q@`Hcl3{Ftr2Gv?_J7?DSfO^b>|&A-~C
zZoKYjgPsc*)DVAYAQ=-4*T!fwYe=<}yInwE;fo?9x`Pmk;s%h+J;z}a_YMl;%!Mso
zOv`%tBszbDmai>8c-Z{L_A_u%L8!kRy5p)02A+P@L;P*Gu}FfTBkE?hmq7PJlwc;W
zo{08hFZz(P9JLSq`8x-6X_Q(*LN231RUFG1Z8#z<=KPW0n+3O^FEA-|LTb!Ae_TnH
z(l;*T+dEEWj`uE5zz0voWMztL!XMAdKTo2PN<Fg1V%pZH=L(P7hkf|Hb4A{5aEE@P
zCY-=H97oI*+c-Yjh+uP(Cc*|$7&Gnle#_+>(lwb%Y<H#za<h9)34TyD5;_dAqx<KR
zaP7@g9zoC^{^r$H+U15m{$3d<-uSbvxDsFXYZB9D9b0aicyd_}Jb{kzLDN#IUItly
z>Tr2>2S@8IjRL$c)|$tjaAod@5(S8g&(?74B%&_9norjDuYQf<UU{9;T7kjY9@J4m
ztRXVwjn@4hYUY==B^A|3_MqO)(>c}-`pF0C8p}<YZFzrvs0G(#M-5(DiE=DG@UxwF
zVS{v&dpK3ZPA17xwkI=xJn^$F1mdVq51!d<^&6>ci1W&CfMuG}@A3fUBel()j1I!3
z{O2QCu;U*%1f^ZX<@$06gXGxRB4;jkJ@&$FG+K+I(7b%`56v?tw1_t)J0gd_%oqU{
zDaYbkVF;S`i40!`WCwv{JhQOAY0xi6mxTl#<IH901XHCi=E`n=StXa`f%(T)b&A1W
zIF~4M-ezAb{&1^&F12iZZn?bC|Hm$P0R8zy9-vIp10KcyV_o@omQ2kGU=T$61Q-PU
z=RzL`0SmFEb+ZQ&iird^uwC9j0VltLqzc3q<hBaFy;GBnPxg)b>p+;1&LU!kcbpJo
zlm2lCVqZ~WqFb4TI2quCwFIH7bY}n1vvp)<ii>NbwV&4HVn$HLx}o#^{A0t8?&1)Q
zXibi+-((nJCPrz(-b^DXwW06O&$S`68*&RF?S7<Hx%Yxmm$~6+!`+0f-8{mO+iS|V
zX-y@B8Fh)hF@Ybnh%LR=OHnBoWxj1S$0Y~ece;+)TIBhH&*Tc%6lf2O1Bm9Q#&KyZ
zgIhX)ZddlYrYSYiq#H}PMO=p{RTQ{>=eSkcjz0p{N0W-H<Ribghp;-s4L%rkuKGWk
zzq!KQKG+W8xIog)ZBO|n;4LjH+C0b+EwCpjQB(3~|B#-zoHDo4?(1kRo2b~`T6F$k
z%r+4{l5<cn5|UQMOu{M43lK1|n~=(rO9TTJv+G#QV-IV7+y?<3)*9lV;<!M9ibO<}
znm8k<2wXycjSz^EI6xRrAOcw~#HC!qh#&#hm~Cf(V5$kmwOGHkH1(QwVux<nVs{FY
z*_HER9{*UI(xIQ&lFaGQeG#5^9iZG-mOiY&BE1fhH(pi_V(w?V3#c=lJE3s;m2`+0
zp{VRV+ejk8L(WcqFKYcJiJdV|<UBQ(O;5DxFu*Y71E=E08|#)G%o@j6$6q1nyc*?&
zUS^VqL0Y5BGm6|@u+&W*&*S{7tcJ+GqIVjuSf{)~89fgKGDyQP{yNBbI-#*7k-Q6E
z1d?3R4`ij4Kpi+uD+V#+LHrz!XSVgK5gTw`b3sSS^Kj4`{NSvkrlYIkf>F#%Dw7qQ
z>Q!a`$zI42uxft*9_~{n{8BImZ^ip(<!+mlzz%5@hq-l|Fw>(7^@Bwmmp$I5leYVj
z5x1@6xWJ4foYJ^T=z#gU7x{V#w(1R`ia70&6u?`4=zT@8fjw2rYPgJ%w~ybo6EKK0
z&Z@m#!?l2!MiVaLsV&TE{fHyM6{CK`7r<%71k>>f_qU==uB=VxIR~7fswN^{y1(_J
z>6q8N#uxN7&|pGMi#7v3YbE{Gb1|bCcT0HdLVcdL@N^O#i`+Kd4`Z_#mD{h9|D(MH
zvKt+ZWK>o~c%0WBLD7(|Y^GPQS3YmH_M{^A#$l~I(ln(q!{D)^p!(GW+*ZlK10|zt
zDdi5wwu67R14eP~lXB7h!dFZs`AWRo5>$LOKp<Te5O7;*GHvDey(*;UQy*Ud(<Fbq
z0KIJ(_ADIURc<I5`^@dI${M;RiX=CU^YlL(%{QA_9N&r({=3c5Ak04N+tVpEJU?0E
zF+*NB2G47gD2OIgaGJ07CWkcIzn3hC<xxYx@1w<UWmRZJX*FMVXt97eOHe8(UXH;~
z7LJiDLQpqXt6dG2{|g^Fy=551sml74lr$GTzb86Z-pIn41&T)UU{1DhNCuam{SzF`
zGbhwP9Wv*pRFXx$TL!wy>7x`RaAXy_%BVHTt!hCpEr!=zCbRgYJqL40aPB1knQbRl
zC}38&x-i4HZ@aX+q<FroxT9R@{3<jj1n38DYk{JcsyvQ%83<(peiOj!5^qXrjCevP
zcU*Eq3&Na1lKw-^Yj?7Mrj^+Hnv49`?$wQ(iXiaOnDk#ecLz`1-%Hg2OQUn(nPx(a
z=oOfS=Rq{NJuV3z$A}~`!p=qU_<;}*9OlKlNk9MC4WiWC6VM^Y<T+IJ-sJ+rA6o#_
zD`%zzMu$R70VVpe<1Z`0LS&Y|pO^wCUt6Bg%A?Oqf3vb;zfX0(;Qv#bFVzOks{p{U
z@&5+L{|*nSUHmhR{^AF0u|6GrGg5L+{Zl1pK&goQ(<YG28z`fIHb1FM;a~G;K$mY#
z?!bJbs1IR{cYAlM&F533*Xv=9wef3ywJTd=C*6v014Vb`%F@)kgZgqvsC&pJ{D<Ay
z)W*WjZ>QUP`P$C=oa9ya$yF3!vCZ7WbQQ_<Y;HMus*Sy`D7U8I9#TyBl)qG}a+H60
z_1ULxb=Y08wOdyh^s<<8=~G$rQ?sgYHl#p_C<akJZYn!2#G9_sn&js2^&c)r>CW)$
z{lj=+tNXjaMpZ(pV4<?N8c>?s{I56pSJZzwD>;nE*LuER%l)dTa=lk|ZrzTaOWd)u
z1*?#Tw;<D+nPY@oti2M$nMpjWoF6(tl%6jmCjsT1qA6Qf{p6~M=93VSAzp7yI3J9!
zFPeyravcHB3KUgQ9%(<>4>IClXN|W?h6{nN=AbSIw3416#od+X_%2-1`uYzQn~1-I
z-6vbjpd7n|wDT1IA^<lIG2|Bne3fuPRgRm1S&N{!NvNVBQxKp_<hT4Hg&zAolg>(V
z*pX_axl)j$p%*zIU)Tk81wzB^yf`O!Z*Pg|6L<7gH1_fHtHjh3FpE}pI;_CuydIu)
zUtSXVn?wKS$NsdyT>OauB|R=hvEn1^*rFF-Ziwr#Xbv7kYJ2unVf&Tby)hsB)?Dt<
zZU~j%?4gqQKAa>$1AjyQO%3PkR$&UL7Fs);hbu8$;ZkE|+?FeV$YgcZy;C%zx&R`l
z_JJUVY3%c9JtwfU2e4;v9sWSFxugV!Q{U=6B-O70+c_`dH!wp3%fG<?W1b}veyzBL
zqlfS#Y!<WXIwGTfUhE)?4Hl*xO|95&?>A)`NitI^!vittg5M=qmhjI}jvA0SL`wQr
zY@8e<xK2yYZk!@EuUU8=0^Q-Y7%fGIyhhw<8JOjK22DOa>7J_4W%#0V{qC-0EwScq
zgB&TXz~N@Gs!bFQ>%Mguk`RgfeRa=GWF>t^VUi7fh-Ld_Gl>P;A;VAnB@ObzqRCjG
z+K7u`s#aKHO`t&yotXB^Vas?%0|D629|8pMN&_2~3p56;GgW$-E2fUWV!!eZQ))Ow
zb87@R9VR`^9lY6Hh+p7CYi}Utw1fp=wwB<e@ckU)U?OwQU#8#4fKYSClj{*3*UAa9
zHS#S(mNi7R-WO@hWND9b%<qJxC+OSGeE2J<Bm^^cN^UWHqbsPa#Ile2<eK|_6{w)@
z6o8w2e2vz2D-DZNb8`95<b3`X?xMNvr?_=%HdfAc`WAPQ9oU*ZplMlT2wJAU59bYb
z`%5fUT7v_w>;8JUtWtsd=}pR8k}Y{K>YpO#%N0$`??aQ9j~U1(DkcExdmx^(GBim1
z(W%**$`tJ(Qj~KVo_m>mvU@YNe_;GX#Ed!quBlpP$6$0W6G|aZRO1t+R#Ts~fi00<
zvbZ*zuq4-A2c#)O{?rvl+!+?YFtuQu1Kv(#auPf%2_0P;-*EV>?A*1osyK`1UJkwz
zI_LxPktqTS4)^-BLnYRqt>_dR?$-8RH?I*iyyrgStW=6+7jhjczyxOduGwC-lhUSq
z;wQCG_+(_!K6M9I5ZcWpdvZ>PvOZ2SedUf4BA9a&oO#;4;St|)*{ick3LdAUTi~03
zxqCF6SA$lx)4_)ej~lc0Gi=$Qf{SqCgj|JdR#<po8_C9^s5Gz6sjcks3`XXgiDsWP
zaU51!<er9BPL~MxGY9Ogw%<*l@#n<JetF(J5R50^%Pdc{xP0N?;=d>RJnrL4HUxG1
zp3Xa;++8pKacH#XM>c^20J0eX*Z*UG{O<sbn$AD{u{S~8x4@}^cRG<$it&0SU?-9?
zn#5+Fq%RQdJcfegk;F#0(nIe}LIQxujrs!qfBHKPM)$izLqjJv-JWHmU6rXuHroT~
z#SjW?`lVNFk7rglx1#ZiSS+L!?^9;7c~xdQCjqhxwP^)i?O2W-D@c^;^w?H;69)6F
zlBg(70bN@j?L&3Dby$d6`>mAZHBe_cuP;kPS4iE;*~#SU)X4=a^=Sg;W=Km1XnYeH
z_MI9!s-*yGtsrUwm0x`$L8-Cl5dzf+!iG>=&=9=v3~7??))HXjE9iEsc3y<^Qy*}t
zSiwOC@gA&2iIt@|wF5OJt3szI{cv<!3dYgmwI-431}PWA=mqzi!Bg}0dY>ngH*=7&
zYi~-l2MFh>&vhUE^>nS-#%Z^h=&CxdR^<78dcA0J_Kz!gSa<TsjEWAx{0J59k9MPw
z9jWLlE2a7HMS>J$vNC$zax1zLuND&0gBUJkw_sQGGbR+r?oT=eN`K>D8JFbB$_xCm
z;tGuiTBB^p5^8AZb=k^9fg1xg76L6!bXhr3)WwjREeX@vHy+pI1}TuX2=O>k34O8+
z`sc@A95Wx1Id6xjq3O|u8ieJ`6QPcCJTW<ERR+OF5w(w^{h7LTf!BhD9H*qFWp6oV
zl4(&6*K!z><v1i3M<bI^o$<ZuBLGhu#e~m8ClDv1yjJjP;!Y!fnP51zu9s5TpF9lW
z8abX&<m`eeC1r^laO)&}aNPUQ_WS1)2^-h&<UA0#fvPa6R;l}A%{#GEVqHkXz(NuM
z;L6U}F0iR+5>M$jtEF&np5VpRNjfO<r$5SG#w``;V;VY$j0wyeRTOm;{7F8crA<X0
zWio9c`FiI0+;PI8ZZJnKoS9pX-UE}}!y)8Lz$H-21M@!ibJ-+)MNF5!AeRX=O)lox
z`U=m6V)s=Lt||%RI^;ZTgcmUUSlu3wN;ESN8Vx5gwWe3AW}Bt^oR_3_PrYSrx+?4U
zTM6$bh#FeJ>fQDpA-c-v76z(Ya{DT22}pH({W)0~UFEc%FJxP1IT*BSs~(eNEIWx)
z1auo6^)<$)sjB^9Kv<8SYIhS84R-1x;NNLFUr0O+d=bvxeQ?v^^j``!xAG6w<EsZ7
z2y;~($F^eTQ&;G}en!7sRGIutRCWuZ**V`;n6`B;)J^W|Px#3YGX%3!fL{H&U90!5
z?-8qdNAtL&u&a7U|K7^~@?70M5Z8Y96}tj$6=jbRbj^fd#2&UV6uo#m1b(6|gW-U3
zbojEWW#%^BYaVVU!w_Y}kF7-x$JmA!lk-A|zt8dD$v^ZL^L^z&j{Y!Lb9Ik3^w4QW
z9N$ySEvOS*muJvycukt2c>|JgA;IDyp28Dd3z-u1?g(zKrHd?qhq;VAbg#<i%IF1P
zC0Q2hW=k~2eznMIgGO*<SC=EdCW;keM;sN5BfBNSGZV`Mft+oIj;>uS*>h8dnYk>b
zz<<1J@;Q@tI1*2UzCN#Oho23E*ymo5s!JgVf9Yy$Vo7OTVuL3BuswBviX)V)Op{#i
zs+P3a+KGE8`^2T4WRcGQ&C#%Eybp0`aypVo;#4S!6xGNvDPGUp01|o(`u&-bj3$84
z74#j9*?U+lyp1K{86XVlm7uYEQ=`$pzwvOmrY&kpvGj3?4TEWs@SKDoY;Ek2ONX4T
zV`yEImP;Q`9!cYF0F9Fyci*_p`w{5;3Q)BFgQT65m#sw!K&#{b2Ce^&gZ%%|s_<WE
zRrx>AO7UN4O}ZTVzo6AMs+Ad1@8!SHYWfdaWpS4%0pY}B+H6kG4Nide@O@RC=IY`h
z`s7uKq~EliG?gVq$@th+Q)VvQ0ZV5N>up7cQ?RFE+ohPm-Dhh_|Mzpv3d$<mr^jm=
zuzRmDfX@A&Y$8oq5vxL+uNvb#y!ipExzGZF{?uhDWjcO)U_^aj3liN=hv_&c=weLv
ze*|p-w~6Ef_=+}TMBF?}5~>;wkcl|MiV{;Ha$C}3E=#wY;x^>fg*~qg9qA#d#)x63
zuAV{yQ{ByM=&r=GOhS^y_h#z{)EB{LX2=$YT3_C6u^V(MYa<71+KO4T5sc-#DRVpZ
zKF_AInhCP!t}J_slMHlAYRZlpNkMAeRAsKRA|2pPZ>{<oGgy#-ov=fI4$=Df1p<79
zGek;7iU~DD_707n{2;%ruvGP8x=sdC9#H_|nj}@EptZ&UK4v--yqM^)T<)JzZOnY)
znFDFjG$qU)ItKsA;=E|W;c%~?L=)(c177$NniG9!L0BF?8R{6v8<Q(p4WKKYUS(te
zd$%d%S>S~ITBVHABd=bG0@px0cMd(7ZJKF)CXM0cNWWM73)ZMZ*T?(~$Po{ZEV{1z
z@7b@s5IODJ1FcX^1k3q@h6B#1x`+jN1;S>`I)wmq`vn5inO!ZS<Q-Dg02l_SMk1Y-
zD}g_&3G706w=`kUF$qB6Ro8rXC=Bcgm+)ug=g$6W*2<V*l9%t~T*JUQU>(a)3{fM;
zf9m1JomH6Q8$0j~NlF1Z{5>Tf3ed<^N=X%kGkbX9-Z>!+0BN7G#v0cFUTp7)$?pCT
za%C_CXqQ1k-+z(TqST`Rp@P3Do0Db&Y%Mn`5KQ;aTn{!#`FYeTVDmk&I<q*uK}pf|
z9CeFVkBZmyo3;%|N8$BS^v3GaP$#xk2@X*$9FdiDTsL?vyS{R80)%bzC)kM13&q(R
z>{NO9lj}x@p50~4;V-9dCNgEF@~Lumu)B<8(8=trss`+`pTC4{zutH~Sf+4P84Yra
zqX|str)CMgsX_7_&DMWdI)ug;iIyM?hVWD$#kKz^q>Fa?5X8P+)wmbnqV!CI`-ilT
zwrdKtQhWMxNal8i;CAy7D<9XZwcZT9<kTJ^zi-Oyh+k8)d9boRRP{_Hc74CaQ6C2>
zBE;{f@TNbP;1lPEvgI+-GvB|MG{gu;?q60j%ew#Sv5YdiVv$NB#YPc`NwUZ#pmGlZ
zMihCi!ch(!=|iQhck<a*bs2+aoMy!Gw1YYNoqdtwFI5<x;HF}4dBU1Z!F&lbTjOHF
z*$|wZAWgKj;Uu#kXGd^Z$+aGEyJ~|a8D*)a8FB|dr4`wS4X#5X$Jeq?9FC6XDc~Ae
z(#;BsQ%d^woh*b7FN!E%@R9?V?=>Pmb+bq4#1Dt$3pixRx;d)AV%IHo`q_&W^lAA~
zZavJ*E#U0ZEl@O{UH^^RO~&j7AFV{i%x<zX$#+gojCH2K^Zg;Yg?5}6jQGr`#bTV;
zL3^-LvS(B$L-3e~(XV$}YDzy`_wX-RdjCJe1-2|joPF`2Y~xW^n_8;&-kBl!J>d_(
z%3jxL(WV<&S{FFr7~}hSb%^*n!MwD)>V$G;Qukr0(_WC-`8T%)zok<D^Forj9NB_@
zE|Q>O|1Wyjf5mGqHU5v;p~;U(G?#le4T*+-gO*<)<y5_l#FBC&{9j%NNmn}COjE5U
zSQ5lr3EUaD*(u!UKPSF=tLPi{>&XS2Eo1REggZwC6q%Do7u%u{ps+4fRuNSw@cb<;
zU5#ISub-_aS51`>i`LXDF#gdcnWm#FQsu5(>CUeas~T=3nmc_Piep?#_LTJG!BaJT
zt~#=1HlB%G)Hqga^aKrhG^r*tW<+|cT?*aE<CQXkAKMkyo%5RSNLJNHcxjBCcA>_q
zM-Xx{G))kIEVxxr6)MMXA6@jaaZB}{Hk2}2r{)ygKLrZ<GiA<K!AIKC)5pQqvzyEo
zu01<hlFAq(ws!p)aIk?H?bd8!X<O?)oDu5}zbUOgp~Lbnj9^h(m%qv1@OxD$ZtRZV
zJ73SIfw#R_`SW;x;K|r>ESH`KcKYJ7;hzX`^H(-x)rzRthvQm7oi!;L*;{GgYY{9a
zja>7XaDYQIbDMJHG$NHQK_4&4qn^9xKG+_}I*rR_=wcYPBj4yoTri~;ph~+WMgA^J
zu0Q(O83ez+4D1_q?0-09>t_=ik|sJe=r0e2V3UDF4<j5}Cl88&bpK)@$M_?LPoLqq
z$Vy)Ht4BE6FY65LnR3hG!DBi13Z~o!)}B_RJ{aTO-ukm~rszOX9CG~UPF?%1L6A2F
zLW&;_14;;4YYk>lj&~`x_UOG1_JfA&XB=n$w(@hzW_d>pAzin|sF@UFrfN2q+GYff
zhZ6Ffs0*3A?4KlA;9|R>s*WJJ@nn|pn+=}hNkJ|pyba^!p0TIO$VV%Eti!Us$yR->
zKoDBa3IsaOS22p}SID=#x=PEy*d=!6Y2&W`o0)fXmjq>#FMLXWcLk~kstX{OA{MFa
zmURnA?+#D1YJbz9p}dDbx=^FK95`Y7V%+LwdpZc(ZuL~$OEq9az(OH8&7Q?(5-iJ4
zP{3!}M1%^2qLF@<f9ec|NxzlokB%t>W+hB$6{+`rjs@@`sN49ppsBNY#`w(Bkt`9$
z$SPjWyN75b2w{fgM<;4nZYpGeNhW-~(1AhluLZ>ft7@cHag&}iQ=Y3{U3r%<&L5m7
zQ}i7dPqjcic-lzu3dv?FW_IMf7qhvf&3gULOvqQOXpo((z&0T%?b5aHQ|h5Hx2sV~
zsPrlxCN1mv(~hlatDUyR@(_HydJmlCNqPhct1}MAaK$3GCA2(Q!pvJMCKxj?02Ku0
zA44FiLOSq3o@9m4@;d~J4u$kF;b}e0yn3hsx8O?Ho#%6_G&wU$-%*ZbG%whL1hZKA
z_=ovVG!=~~4!1kUc;$xD+NF<Z+!nRWC_pMm-TNg8BBN6LYa<&x7WN(0J7@DL9+AeZ
z?J%~=_M1zB;1pvLSWd6CqH*4em%<N^*FSH)Jm?mR)}6G*r|Smq^V5uO740uSj<q$r
zDO)%tf@yx>kH-^+MG?5pC5MkSXkIt`kD>k&0<IpDx?2k3IcWLBY5831v1_f#Mf3Y*
zz6VN|1iy{7N3ZQrLBB%#V*`{nh0~23%*5AO9Gfiyh7I>6=<*A`X*T)B=|$`Ni&?h!
z`4VMx@dveRvod~ZBJRGR|A)MH3bMT4l0XYxwr$(CyKLK5mu(weRb94i+qR7^+rIld
zGjU@g=G>U`exLWl|7mCDTECT<hy)F3h`3V=Sh4wO!?6d<6mWjLanvz$B->-XEqo)0
z#7+UUS2sjN?7VQSVHU!$pkdq>ib+vzj9t%{_W_dKScq4P^!AYrGG@==M{>9Ll|1)M
z-5_`khJ|^>`<xFJ$b+2Zv_m%NZ=6zm7$wyM8psfe`;#uRO~G3=RIRVI=~hE%sa2Fy
z9Y#h7rl#(($UHXyU*INDh0o<h!4jCG9$K+8^((dYjtwkrQy(2ui<WL}*O?wzZ@lKh
zZ*CKxrb*~5Lb&;=_b`J$WB_L*LKXTjlG*g+PyoS9-7(AG$siACq37DxH@J@|7flDo
z`hg)ISo+41q886G+1L+46U&!&Kfz`Ye6LuXS|PM)@9Wz=ammc5qB>=!#5%7PFrJe@
zg`Iah`pqDE1MGJ@{7xjSoRFQVQUPo@y!(Oyk{Ik)@jUP9dAFXwnI8bF_W!;{N#d8~
ztpqR%9O-|+DF0=e($cmsWJmR_S^PG*o%I2@5&HZkGb;VD%743Vl&*aO{{T!z{$;l&
zN!3q1&#QuF?0>q7Bp1|Bs0M%u2ncc}j_v6M_<F3YoT*gw$DRiBBnE}@=}a`6Do~E6
z&S9M(9=Yu&I#a4R9jnEzc?CY7GIH7vy6N@*uKX%MTD5pT_!!i*-ol$P^Ql9Z-6j~5
zYh-LrE+1ptEMKZrdDX7nT4YI$H&{MYJ&(R$N}WudFjWn2qh*h=cr*}=;9lAF>#1({
ztzY(uXp)P-pIludXg85qB)drCwgBD7#pOWyC1-d(<e{6-Zg24Ns09_!UOtOMra+_(
z2VSML(-lfY(v&Jtan;GA?0UtJY7VVh)Wo~$V0O@3YG%J7O*3gHt1oNh>)oUh(<Ur4
zyA%Oh*1=xGaxbG}sRD}-b-7^ld5*tj)U{f`mw}#kNo(cG#_8t9W3xVO-SDEBg<(W@
zu0(mrRUi#G2IXo|T#C4-pV%DKH-R-LG!#b;O#+K@`0MGt7pi&Y+2_TQ0X`Cf%&y2V
zUbbuDKrtq(O1U;s#7}L)qBf!89Irn<{DB>|GX!(x5i!FAwF%jf29_3<ydU051-DOm
zN9iRn4C0+#?TXRhcy0_^ocXXNt@*KCpe8&m6B&lOZ2{}Swqh6a-~zGN9)HBfx|TyR
zO^~5unHLQ>OTms#3d2%cH8Zq_df9|4HFr9P;DsKovbxbYL1DnHzX(IRf4NjaNa-;4
z`R%W7R)0H_V&tpy{HCM7(m$Tc2By1scve)ESx%StP?feqbMjl5CgY`>2DuKmh-Ir_
zqH`O4&Go_P9>ySAw-j|^r?(jjn)RrVo1SZwr`q`m>_KR+xZKt|*&_{y7KP5&i9h;e
zp|Lu0Cn4o$@^A5)JN*3E#t0>Qn<ujXqOAd=EVwCDWSk=TXJOXI{xwKgp3B`_rH2sa
zS;favZRs1(U|hcQW~rHYoAYy$AGHm_N_k3S@W89(j{RDcw?SBx7ivJc3DZ1<EB-?9
zU=4V+>mUx6wKm7NpVA%i?f8$7Qx3c2PLuPn?TnF-a>rOijwyGnQ}{hFz<tl`M9vG`
z*9)>WrcT8s3#V0GajfL+?(b4522MqH);JG7wrA_?E)nMtUt8>^c|3u)&J7zSvotPC
zrmDK~%t|BqZHS2SkNM6JPF-rk7}g~8LXRAZCv``~0c+KH@~i^o`i)(eHhfT4$n=$h
zP`6wxRXga`Wubow?3Jpbi<wr&-3yNDvGK4fcL+4ko;qpB4X7S~Xm`iqO=Pg&`$A9}
zg7!2ZXzHuSsmi;wbPJoXZOoqRg)4R0MEJC{MWijZQI6k>hnnyamVM24bt(%5?e&0K
zMzz-lQ1%mpUv9>S{Za*+T+j;1Co;;L$HIs;j>|Dz-v{1;zH=l7yCB2IrA{x`YUJtq
zy;C{1;=F{wef&cZM`pCyBJdi!M+0yWLHi6ez(}EW!?n77KAP+W@9assPmjMbKcO&q
zW0m?H|BBVN6PR*F{0zjnCpBhz{(1H;|I@F(rdVL|-orrfq}MMy?OWj&p`iX;SoAC>
zwB!C1mf3dT9wiad-`h+wp?z@DU3m%rRT9M9Epa}^Tu@MM#@ugE(7P`u*zgx9LHm6p
z{y5&rO@{yyWR{DLYz%Te)R!nfAP<3YfAC*-Y_Q?V2(`cQF=rQ8ax>)J5MWR4VMkrM
zk~@C93t7CyI{{)jfRwLB666C3^P)<O1;0ob2`yAoe+)=8L4Z3O2tt5A2p9-zgQ%Qp
z5kBijHe+=bObYLE(;7Irj|t=6M;{P6ab=A_Ne;Z+&Z%W!ZXMvzU&YprdHWA)mr7Cv
zuowqUg?rIE&-lE=biKMm_#}$09%^GdR=A33XCF~>^xl{4Z)v+dG5h54nhr=A%aTc=
zwo=JE2y2F}@dj3!1;nxJ7}LtSXL`aYE905ESwrLdYRb9*+C{S}FWjz^qfJe3nR4+d
zx+O{u5sDgImKO&+bl1nrmMS{mALqr3>I|hX3#J#(bK6w|G)g-!X%6bzwEq^3#YN0P
z%sh*kX45OJ@;YlJ52krI5!^Fs?h=|zYTt;7w_Y~JzWs%O6R<B=@=wU9eR+n8;t4jb
zZD%H@aE~vqFTu<V_XC-f=49jJWRXx^z0Xn}iCZAWp*|2Fl3KpHBwO7kE5!jvXb$di
zgUYo*XclH%d-%NRiw;dv{P_`tbyT2;?ty@@Yr%S^ywYjkU86{Io%}H3dH2_xx8&bf
zrO{!L+_C_|mfPw61Frio^PZNiQ$aKOm#_Ji-|UOX`<~vAFfw70EVsX`xw-3xOv5`U
z<S4r`tPYX+f$Q7Ob%Ouu8t416NyEmi*)s0z+}xaphkNboZApepNcHcl@nZfAcM6k0
zl`IZ1O@<kAd%Y4383ptD_R;cUHS?sZGjf5f?{|HH<`P}i&dKJfVZvHPx01Cr6H^&4
z?kv|=sj7ynLQ7RR<0$bO7SIw;E;{EYbeozADl*cv>W2Dk*!#zkNqh7tX7vX0ok~?(
zPZBNFKfvD|s%x$VO;5&^O<FDn!&BYoi8ymBwZ`^=?1a<3jyQQ^TsC|?mC!2Y)|he`
zG2*s=GGf#y?X5tcGUZmfm!&kzy1z7AQZGYXmHpbfXG;M$w%day+_11#SB>4S{SR5E
z6N-~^_UN9rafryyPV51bwwK3?ddeK&N1sF9ZfyFWo`M|uQwSFFBVff|QR}*o(_1_6
z1TFXL^uCIwZCY%qd8|fBeMPBRSXmn<cQ$wC>GP{OCAcMohH^%+2VAL~MKY6?Y2?XZ
zers!b4(ZlMcMtiP=Tk6ONA9|R+fUO&xW+Ob6=;p8ggp893s<;5%vmv_hq`-7bCK`E
zAvA)s!^rX?FhrG@<G$GjLA>$f>@XG#&qZK|Go3Fd$iKTpTtK-RsIHXVE9Q=u@Hfzy
zH_-cCmQb}%>I9|%DY7Q(l(t<#ChmQVZ8>|vy8jGP3>LdgsoMB&GR%%G*rhY2i1{=1
z#{&dysps3yURHKS4wKW(@a<ZYauw4$>9$3g-nt&SQOkdPPo+vKVM=`{%$ATn$vD<c
zyRGjv=)h0=olm$cTveNKy4F8HFb~kF7xy`8Z3{qT0fUtE(_J=A)jN=nLMxp$2B9s3
z8Ty1u%#O|z$zR^G@eel>?83<TTy;$dLy6(gvIcgZ4#Avj-@4@xGuViz`S%Q=*eM4l
z!T~)28HK!d+}W$g@(YCyt6l^|<_Dh+<u`mbmnJ?TARg&O3zd^%G3_umyM8IlM}407
zjw&EQlBA~5N}ymu7*`&HCh%QmgS9EHSE-HJf=S~+X-B~WtiO`bwv=RjW3*(XQYZ<e
zrwc7af-ima!LC}Sy7i|r4c)U-?QA?=2+ri~p6}&Uy?>R=wJ{z<e57=9l!QNf{UDmI
zA5PutcL0p1x>jte8pAwaV&zjrnEfUu<mHq#H-1P%LofKq@jD~$XgJ`sJMS65czTOj
z=Qb?Ro~YHCh|Du3&G+ZtODEmWVM&7)6&6)XvW-kr`M4h^F@F5DDvzcaajl6N`079l
zPl(2goY8c^bvP&2X9h)O<3_MnC8_F?MP3<Y?;Ie@-RY+IO*DC64_9l40_WK3X03Iu
zUZAN~Ym^Uv!4#q@?YLWoDI+2fa=c&Up-{E8h0W$|bk*X$z&Vz@f1k>=0TOPWzx*%}
z5kLs3rEFcFeVwj={&v`GeK{Z+&*D)AbNa59%i7dDD#C9XVM3z!OA#ubNU2V3l<2>s
zlYF!9Zn%C8pU87!B*=vKQYF>4GbrOqBOkod%6X7tN_u}|oyxzAJ%l;NNfO6?9KXKC
zNyPp*LBUQyVMrv3U5hrJ{);=2_LDXrD=sJvoD^|J!v6&YG51rBk2#kFl$$x%4+zv~
z2N#ss7j_g!nbs`PP;P)Lg>-+lBszpCDL~*Gr1zZ=^bF}*8B;-!%K%Y;Ik(0ic+0oT
z%S4dCOfb1#R3Y$_urY@6N9-YOZ}ttzX%b<0*XunK;WrfKtZxZE)@%YW9@eaYKkzHy
zGl6Wu1`%Pv-oWlY8k|yCeRZ(;9{rz`ugG!P2uy_Q$M?#Z@uWn8mf!Dx6M*>`K-)jX
zUPk@-SHm57@5TBtQx>KDfs61{K(ywig{jQyX2gVZ;(*5}3<Te^JWT{8z#lqcPk#F2
z2LN4m15?WuA%05LsRbjM^TOXok09S;Jv$BpxhN-+dW&09zGA%WO{`-24Abxjf)CK}
z`~G}K-!UvcMshc6Ml=yph8EBB;1AnsO$x&~>B8+N+erv_vr=Cg5-Vnj;<={T4stn$
zKfrM@X3u0@Q~~TE$%%*SMwCa(VFSj&`Q?0uJ&>a)4V|==t46L@P<1|9)2%XEq*`Q8
zxA`7M71a0+m5`aSJxxBgt822dTAB&zEBb%S73rH^)~wLeT4S^f>RQ?MJ(csIL55DB
zRX5UaG>ECK{#Ya2YV)O}Z7|91y~<lM!8M#V<3~5-9T6Jk%82ri3bt-qzQ4rD60jc^
z4oKK&eaS(=SO?6F?TzFT-WJZMS4IvJAD{-^0U6}K=lSt90sPw40nZyWczQ#~Sk5`N
z=HmwC>i`uO+E+lgN3abRpEROHgt?W{cOXWNi}&a)ErLH%iWyxWFQDgtWT67$&X=P2
z9@W@z_I`2uWZ!diSrxjy1LdFeynape(du*j_VMo*mgg9O&&q(8A<X~8n)NTM=A`;o
zEWoPSt#7&0w{P@phSeJiv^K30AgF4&9?QJ|;m|9o0PGc$^r!Kx<GL>3!+HL)5s<(y
z#<_cN{oxmCK0}a>ZTshfdRtFxJH(o38NIV|eW~d2ioS&e#wD_utjc48z6$TW@>sp+
z`$<NoqrJ13r&|${aotXep{hyA=!{dh&J6C7zSV%PlCI6BG*G+kmz3l+a7P*5MLSAK
zo~kw6`;qd~{ZT#jY9>ZTXj3^vLS-@Z$My2>6LHpCR8}HQ2u8E#GHEk0J0hbQVI0Kc
z-PY-N7qC2x7Qn;MdheYr5f<oz4$&wwb?K~ucm;}EZE=z7yKtnoBgxd?l?|MT@_E5$
z!W0%-SgXIyTiAWCHt$xbrw@iyI6fhTxna^URxJzPvA)BAxUjddp*_nwUnlVv4RiCx
ztT}%tKwQ`o&ogJH1?+LP5}QaK+l%8?*<3+PC4E(#M{E+|gbxqI*wfZvOVVWAC2kVs
zfMK=~^J}4-R}xj>O7gKOSMwhZ50&*|YSQZ$C0*1`EKd^~w$k!r1l1)y-{@mS(Hm00
zY0FPrfe2w9spC3VqNq<;3J*DcI4Gc;k&1|ZtbIHX0+_i7YrW2Eg^4_c_G+K4Cu|?4
zN7c%Nb*RyVc`odSH!%|2dS2%M&!6sX3*zVwYzU`~SBq8aOOu<BpXQtK3gPKzW2RM~
zSIrF7?NaCE?s2FRm6fQTVmw2n%uj}mz+w=qVP##6{?mQ6EGZuoA<xetD{S3mmVL{e
z^nK8;VqS#3meG>wYli8F8}d#o*;8h#@Jw=@lA>nWINu-mvuI$RpAMFv4SC4r`CUO&
z58)xpjnW)h`%^K8F$xg946GAa{NcO|gmwa_@&1fIHc{*deJ?r`7iT)-K;w3I@5ip|
zdgjB#x0mrx@<Ye1MMzb(L0YWlF4hk_RoxKGc8u<^<xogcY+lh_Pf3A3V+UFMAMX;7
z7S7k9DKAdXZLSOI6VC)4&#cr^!ec)^dbG2n>HL(@tVq@*SBz_?+d<$PJ6x9Xt{g;r
z@x=ThgRXJ_k9SufeYf?(I{8Y!0(KRC573)5SN$>ZJ3Z=;uIINvMf+KWMNK&3naOpC
z6HCPz67Ns<v5%3(8+ZU@-Zx1uiN5NK*yf75Kbc)(BHl@x{_cBoPa&@|wAMGU!|!h4
z_#K(*-<IfXp7^zf367L)VPGLXLy-gpyE%p$%1P)h5aPg^u>0^4;!#GEpzgvq{!>n~
z!607#wSJIKr-W2_NGnQO!Dj+`Dd++t(>V7V)3(ul&2_i(96SLbNM^%mD(?>rnXETm
zjxDOb8mMp2Db5MdoaYk$?sQT>$rupb8wWjP;EF0&ac)wDn3i;7QTmTb`=6@`=`8&|
zSqj<Wgl3}OxiK#tIZB?qs}#W?Og?x@=G7~ni7v9h5a2*UD1xdtPsf0Rj`SS@rpcty
z1)bsN9Y_Bd)>(zbL6l7Kh%9$syZ3v}M)OzF+I#;O-*nN2WRvvJ;A4SeBKH?oY~+t@
z$v&F<s@*nFlt05nD8ii%fn5%mH`#XZ+g9)a7(N5+P2OTd8C8-R#@o3{_dhLS&s7ls
zc6rH->UsL}4l+6yzjM+oUV+pUkMtr$zFMcuNt>KW(A^Qz28z7vB--&`9LyKAoq~P=
zU8^c&pz%I>f!AX&SNHP;)vSd?*03m)oC*O1D4*;#>O_+gB$$))q}M#wH2{m;Bjgf}
z0w{vTZCD;iz%Na#NZ{r-#?|nx-H|`xGwC-D7TwT(;c)xeO?fk6*Bpk21!k{GE!RCK
zHD3VW{oflub;~h@RlqM#fXbQw>kf+fUvAk8jsF*tfgR;RSN$W>%U-I~(k&%q-+@pw
zf1oj1|4g@Ba@#S+`N^Cl$FiYm+q9nHz&LXJ&BK2?q5j@J@0#pJW{uwd*uTiOeppGF
z@hJR#!_O98?c%eHsyT$+K6`CZ($oI-2^cdvD<aP?Vr{+POjx&gwNEm-?T;HYQ|&FX
zTo^Q@abB8@I;TC|kIpsw8fFMPs?C}$+ZzDSM?R}F3~MuL70e|}6D@4Eo@Bub)aQL)
zcFN6LlvQ1#S`(HKMu%6*NrxESpmB7%8z5Lgd&I(TXsy`{6~fl_*!&RI(0vINy6@S_
z)TL(6=`9maDbjyAI<%{QhoBa*pEm3b^pfjmWRaRZH`hooXI!gyqRT@DHtV0nSMc2O
zpjbQaShs0SB2>Koy~Nt~PRiWNj)69lkP1;BZw<T3oy&SQ)mNNahTy60@NKl1m<ah|
zlf9gkRI(`)#9D=|Ln2@0P{K(Ve3~B>zv8Id_;t)x!i?vKYOJYw6{NCkI;}aP_8FDA
zBqAGK1g6<|6E9|Xq|P9oV%ZT80E&Qv`C5k*zsR&7zZwvMJR>~ULIj9rdr8)t1owj&
z84-29WSbCh(HbCBB(9;hM+uWEc5lY1>aivg?+TymE#a5iM?7kva)k`dPi|{SfU<wC
zkExaR9#Pd4?T(@)*qSLq-kN^*8I9zrdne&FtunnYKTrMC6(j4asO*altlkz%>0lsS
z0s}2vsHBc+tfYP=W)>=lwC<<`xqhMsr_gCoj3uQw4dkC+k0dBd4jQILi3wvL4lBBA
z?1?OA{w{o!DG*z;=FnVGt{!s`HU}XR&K*xr265<|awne@KrcokyN;9U`dx=*Og!-5
z-sGj+6t%mfrYXl!N!^S7j6wGS2oS+c4=~hDur~-44$9?ZL>@uNg5<)#{qXC)5vx0`
zPyE_6!~I2388qLdLY^H6eqpr2To(vBoE<Srg{!mEL@Nx=iMVm+^KHJDyM)z~l2va5
z%}M*COgI68=8t`@-MbucAF=~pJR_6$W_Q4VGBqbiN({v^$sw>MLE}0*(oILnTR^8|
z<f<pWp)fh4jCt<@5=9^_@Jbfp)w{;{^VBbYWzy02@P3l~6uz19$Kn;@WmeW}td&`Y
z$g){^W25xEy&(e-ay^3|jzGf(nW1JEKOj9Q(zx0A>Vf?9&ajD|pfW{?n7w6$2kvZ;
zxm^)kp;C%5Si>g&Mh89eaIeGD$g^)};2oZbMCgIP5}7Vo{Ne_SndOtZaEoI!>iB7h
zei5+n^o8`-W7KsTj#xpn^ITt9%{oxyM0HI;6LSq-1|R#im$+}iB1Z_$k@q-ELM`PO
zsElPqjeTdf@@Kk{g#ny_EXJ>jrfOBx%^FK4K{A>O7)&tyjHJILj)k<o66zu%D&zuY
zMTh7*G_}s_oDT&f?C>AVR~2Z27gQM~cuFkR@EPazh98;!1H6nkG}pgZ@@I#aZwm1D
zc;`uO7}iPRkA}=}-@)sIIo*`QF!^DvLXF8H@Dh_XfZyaFAzyQZ<9~6ci3b)0f60Ib
zDCfwC+_b^}`gJBC4N+%v-Jhp^wYJPrsbD?GgaFz*`sEk)y22eDJ^Iq(U1=l<=ME#X
z(?kNKVX?Q^TX&5mbjB@yMi^ZX{{u<t$F>%XfDKx$JJ!0^)1SMP-*@Bv%wcv!cy+QX
z_X)<H2fUSxZnbKh4VBPPZIL@Bmm68Zl61%QKk1u5#v>nlK}fJ>(yLL)qgv3MA%>jW
zed%cdktw@;&I$s-e$$k$u=^nqd!CpD!K7u9CJ?rC5;{M+wo|~sh?I3Qdr&a6hr}dx
zVG_>P2bY^tTo9>8em^tZuwj%2=I@@zDNAw+p%#mvN}x+hDk2o-D^j;U*eKarh(xFU
z(%51AGM(MaFe3CINBh!5n{CKu;2h<z0fo<#a4s~AFU5(Ba+ZO*A^819GC}5}60`$4
z=dADXi1BZaxXw&5hFbtHLE8U;FPZtjeaZhb+6sG{NU;G8v6R|&L$yIwfX4t?r8o1k
z5OA}9&Cwh{nsLG2;zrS=gke1M&dXwa_cqmC)`VAFNqni(qW7mgbR!d0wIlmH=bD9N
zk!@H}J2$=2y;{JaxTo#)K5k_zdTEHxlTf=lAUb7gR%gdydx{(-#oi%km1ceqeOgKw
zXK?R#H3gX1j-acuyv@P`1zfpS*Kx_pO;Ua3uTH|(<~}-gVajSGi1)SPvsJ>X4sk6B
zCQzot_eD|<VYl77B5Q38`d$YlqEB$0nN*j&rqY0e_sA8EARtTJ>$c%?5bFwv*W|*=
zjuOl$)ebM|4pTRYqF{s$o^sWY<Qme`q_13xq?$`Pdh)o{l>y|bCo<bX6yk!*V{XzL
zp^vO^K10Q7_WJ?5?pOB!_MJkEQi`C!u>_^P-^^E=c;*hrDAT|k){wDP&&`|6{2EO~
zOFG{Prmh!7f2>VvnRQrPV>n$(#LajNtspdwc)sNOY+oBPjsBFl4f%6S2uwICA0;y?
z-Kld~de*|G1wCll<>(on#!>1PMp*tCHbRnzTha4>BAkSE+iNRBDM`pM6?iA~pDHP)
zP&=Uwoa8Wa!^W;g;Tc|pGai7xV0^luyi-<B*W2|5|AqoPcXO}BbN#Bj?K>otSaB^y
z-{oSK=QE9`@R54k%<Mfyod#`%{{t4e)bd>Dk6Ue(?Dtt;*4lgLqTqx#(=v%K?0XVY
z>;X;6dQN#@&t%D3mv)ZoPdrqBw_5!Z0=aJLr!JbN>dKwiAT$M=>eqeO7K}h%x%O=f
z*}kq;OJC_vu^4{mT{W00nU(ITM{taGwF9*(Qh<BU2kyvZHgEzN_k>RUHp%f2flaO1
zyPpimt|oot4-Dl@9vGb6Pb(qSz*CZfd+XusFN3+!%JFN>zX>8%<d*?$Wm>`vP^GW_
zUD<jbHJw*x-ULbeLN`^rQ1SV}(u1}1Gt{G3bVeWWiliKdK(}!>C6!Qv=?^rz8;Eb8
z^WC{&cLB;j;l*ap*YveTiBumuQiO6vcwmL-)$OaV)2gfIk{XuAG&^jOiD9HPC{qPR
zJosp(rP3LK(GzB2uS=(d1PC28$TO*hg`IH4%3~6XMLwE!U0>sU0xsS^F+@A?zl?0W
z2`AvrR1)~gLBuL{ac#M%D!vqkREeW+i^4kwYe>=9qR-fJo0gkEQlBlFKKNHkVlTm)
z8S9P`c=d>i8v_^Wqy#FjepM&(s$7j(s*J0>{K(=(Yo^(7&<>~d0|~Msy+Une<7Xfm
zHHf9t3Q|)^o?y>6lnSG)qQZ{yn0jlgGt-htBmDh#>dBVRl=SUMvwV?;ot`jzZ;k$X
zqPnD7A?d`YUS~}!!A1{XjjtV^V1q$6o@YvXn{IG<&(kWR!n<QqT4r@K0~~*ZBZ`&s
zqDYe36)eAaj;V@ft?4B)Hb(yN5s&V#-hwgLe4RUS09OVh!}iUQwUnLusw_|&BL*U}
zJXKtbq~&Yy5=$W3of@Kvm_2!R43NS%bYnftRb&oz+|m6B!m`r07wn&$h-@XbH0y99
zDjF2n9a59Mj_e8yu<~wa!LdhUNM|8>h@mA;i_d-f3@T2G_aY-t)AS|-m0Z@%B2MF6
zK8x9fv3Z80kJZhh9TtdPzg0Dwz+^(}#^uhk8ot&I<3v6MYuA1KEve81Cy>w>qIhv7
zy;Qr@-gB3lMf4X}%g$Il3Q+sXmnCAOV-O(4<%^i#N?%L4{E`+`zf=!I2gHV&o*CnS
zzR!>uOqlZoflotJ|Hi12_aJTVG&UxZ-YYLS!_LU?4LqXfA-y&m2bbB)lgvCOy5D}M
zqGK=xM#O2<n`W}QG1~L^dW&>5*LN~D`W%n-|JvQZ;_2&Qs4S5>1zOeL(o;X*gLe^S
z<8mNanIvn}7kxI&ed0_#>42WRWAd(sr%I{7FLmU7v;{<rOrY&ZF7$>o@31h>IBt=`
z7Ys^*Dez42K~UT1K`h344>Xee{^$n$i7S|mlv#qMWehy|s8R6|hN0v8TH1n*Wp@g$
z4&=bg5|*+?tK?7vi233LX(_EV$!O8-$-MKZ@)tg(6*WmML8e7s<qjbE!7#Fsz#Xjs
z!BpIqX=Y}W6D<wAw*_MxwyFk*%%MYGk{UK>=wvQ*qUHK1KreUe#zA*qsGGbUpYDpt
z=AVn$KM$oMxs%SGl<+2yr(Sy!tmIu{W~G|FT~gIkw7;CV>&4Ev#+tZso#M}a?AzTd
zO&q;ZddTP5e<)u3wg0!Yr_h(%)efLNz5j&v{=0(n|6jEC=uFCVenmBGv~;ySZ@0Fk
zNOdr96>FtR#73$4Rw!^Xc4*y^6g5Wj^jIs};3J818w|M8XoIKnM)adFl3z`(nEI&A
zu;<syo#HqJI~&V2_*JOlUKGvaHiEVJ8tf!Ejooj2-bL3Eji6?0$+qHW@(0h$@-H@4
zCG1MHE{WV$S;CrJ+PYB6YV5bNgZ39~iH6ykE)(JO-Aw(a3Kv;)@`tKiIzBz<8DU?_
z28D*k8;KN#rIA)~oyMT@KodqTA0*3wuDjjYpyi?2+6+IW!F}0j1R8e~;eE_%R%qz?
zU@Vi%z-lcBPc$D-<j3OgVhqllK0o2UH#~fsuq;0tZ$_@sxhA}FF!$I=WqGVa$(%%f
z4hjcuum_-O5wifJ$4fpc!mtYLBmEv5>R40gnt=3k_iocC#5)lN)+uGeJWUBKzbMIq
zh#{R4AXF;+%U)M8?)Y$9@w4*L^7a%4Vl~dPvOB+~X0JU86&ISXX3<XRb9PL$veNl5
z_)V+4Kd0+0ZQHxTD^{E3zY7mb%WLv7VYM7I13|lvsC}7ZKk|mhQ{-EJ^j@mIb2<SZ
zak1w0!Aa7UN-_GFpjI7XMDu<2<tJ$V-f5U530ss|2X#_z3f4nbxCi#)>$=nP*qVCb
zCm#yh)$T(f6oX0)H`L8mjo;E9e8J2AY1a?APp~Jii4x9ss@~pA^zdHfBZP1SS`v>N
znY+=@(;O~be&$9OBpBw38K_get+T_Vt6M-}UXj$`x<M+6o?NRy9}s%ysgaV*st-v=
zoQJiom=W~VHXUZ#Uq(#II-*#(PHD+KXun~aim-+;+P&i^)Ofzf06qdyznLqCwpKu`
z&<H&}my%R}hM=lL){m(l*(&`ZrKC7est2lNtxMwou!T%qJNcZg+8My0XycC^pczTg
zaN<=w44ly)Q;&%pWoL>P*@Vc?jwu^<)WfxejNVZ&mWuDI1!y1KBL~9%UCn2+5EE;&
zA;B(o4xdlYuS;90%)zlPb_s@3D$A)>C&6ZUt!XiuiY?2-g5v8jONi4`)on^=U2#I|
z82+Vlu)lj&7lJwFs+f<fHH=&XwaniWq%AshFB_U(4*rb`q}eT$Y#2en_G?Z0MYJnc
zQME3mi6c4FMtBCn64>3v56Si&zMXeFzP(rF-fuzk(&LZ7Bj|<(DWl1jjTLs@5k%<q
zi_oE$W*XSuSf#HoCN<Db;s?!w76?Yg03{$cpb>S(ZXpg-(FwXEf6GB8#3jG3Vh|SB
z9Q3jO#<@i9L?atFPwxcG(4AYthv4H;m`#FDz}e>dLYRFry}^u!wIp*v;!^Sq6FXGr
z+Df`H3VcpmGelLp*95cTqHvq*yaw-ya}nW3#U(^qiV|=mE}-&!bReNoeaX5BLCcos
zK`bV#oIi;}3aQe{=WulO#oypTg}NXvJudy8LsIuhpG}TcM@7dA;U4m)rutTx90eLR
zUQfexTf_8@rtec$nnsdYfK7JfW^$25#~ukg!JbDv?d^&6PKO}^<J-^D5s4)2C7euq
zSkejNzWHE;W6_#s0!C!REt{4Wg8r%-<>S5IvpgBz|8wc`_jMT0BGS@fua6E(>Z~u)
zR#?FLflmH4HRHs{O&fQiMzv?|@a<xY7-%e=x;KR^D9O0@%qZ`OOA==^G6kC8CG9hA
zX{`sI0?!@XLafRi%nq|xW%;o2I??88alpcWFz}s0l^~XPwlweZ1K%0{l}R$T=61y9
znJ60NJSfzUp!^ioev@0Zeu{Kr?yVlw6tP6|UB1O@*4SNbhdnGq#F9{g*6O5COS8~=
zU!Dn+o{Y{dH85}@W1Y^_!67wAMWq$t!Z$A9c!p~}cFJq{zNv=uI1Dn!<+!Q<(dxod
zmNGkrr8?TVtZ$sMCzTb*Dw7%YR1ed(BY_eU?ZWINor(b_h%z}sdJcvro$9#6XVkah
zogup~0Kfh3MW8}ic{ayCZ!-W>&;Pjy{BMW)|75=LiayaPwE#hv`DR_07J*(Exj=YE
z^GsIDrEg!rCa^xEtGH{SjKCFZvXhs^*X*Lxx53`ZSi(cU&eg8H26rLXwr{*#cV<c+
zp)EwV0Hcsj5)c={fzZgYv-$D0ac;M~azw{fTgBKbu`x5cxd}NpWz)gH-bnOGvpk31
zU4>~M?yuh6EG@?$bY0xcHv)ATs#3+ZdT)KPW~GYeJQisyqMeuJpoIeb@-DmdSkQ8X
zZI4&N*Q&UD9KVRs9Tcs*uo~F<W4B)TFI=JC=1S3AA~?T*N`5go>L{W!Lv%NF*{%Dm
zygb$O7HElz)a4c3^;HK?wRh*vmSX|6>W|Bb#xR7SbWdA1soI>h8i|C-Cz|b1ipAm8
z8QInTpbz^AwurLXs3FIuRqxhZZJT<S^(V|;ekf?l=S!cG+ae|JbX4r5c8pAw^B6{@
z<>p4jXq*5p!H&xz$X^o`ZLe%IT|Z1c42}pj1CoBIC4$xc_Tr!Jq?G3q_#m&^a!_+9
zXTOU3MVgDlzwuBEh!$Cs>ZI0SsWm4hx@f_HeWxSxll2K6fCPDW#1(v4Z9qPxK#w$H
zn5kzR=6qvc{K1$bBCmVFP{7-mNI0yvOVN!6!CALCIskQt9>oZQ`jCju@?wlTdwmj)
zr{;_4Z9?z~IKf>^l%}|OP)1wBe==JwG@Kw0%u@C)+!z~vN^L`bp>)QZB1RC?7*BOS
z7LSd3Y>ALJS-#clEUIKGWaKz6FN(x6fk<mQD<w`nUw(l#WQ>egI@i?w4M<Zu6I+fh
zW?OL~6a$XoQ#+7x5|R8f=F8_SID<Z%PW8ELy--SZxHGGCO!!k(KhHwiq}-_e=M8FD
zy44`TDRgVoO3(oh<?rT2E#UdF+1Kv9+?um)Eupy2@LQ8S;)W-SO%=L>RNU}SRL%4A
z3zy|Y%LAK}FsNH^-j@S+_jsAM3P~Z3N_r}Fk$ZJq_^4h-vH?1V8(o@SOB=fS&8GNN
ziiuv`L*MLdxUkd?d)!SQw~0sruL4uX)wmcA%aiTo89SERn}pvGoC!UXQ$5YWFymz0
zk~PLFQZQuRHEsvJLzorYVzVlQ*-dtsp-72cbU2tHtIvTirvZ%2dKV}_<W*#XtH$%_
zIN%hXM6FL+&-=bsQM#9bd2@)q72={xDZQf!)o~lov)1F~g%xpcFBz4M-uqR`-@SO0
zGUk7z(k8@+?U@^!__q*reUg?{Z%c^MgeIgguYV$#;>y{dHlzYSe4QF(Nx8@<ntsk4
zK9T>bm<X`@)Q_9<&CFYj5T1}H=Bxub)LMmN!gV8x?FtEMc=0o6jAvtxfjeEWWzcXM
z(OigFFh0=|CW-Ev^-GxPj^Z1Ml6#5H)^+$o%kc}Z#elL(M#C6^`O~WSqdhY2j7g7m
zL|19Pw}~`Dgdqe*av!`6jrL$v>yW7a*CB*Z`mWfSd7^a|4(~BGt=>petWR;L@$dGG
zj%h&-A2vskLw889z1oI!Wr@Z_N{2eN<nmXZd7srXYPNC_<)%eRV(X;>Xw;yj<{DCy
z*XF>DWHoO69+ec+^rCpaMuSY+-SuWs^w`8n=mNqUmdqn~HM-TdpI`eP9U)PCoPW*&
zeT(U{tD~OUQ|KQNfC=qKJTVCoy<ea$%ZK;RM@~P)qFBe++$hk<sMO`VJnJkO^~!)@
zaKD&`9Ynb7^dl1(SPn~8hHtXwDhNWpv3~8~b-vLj|2^)ael@w*GunBGdiwtuI7Ib|
zwh95TJNuu&?!SEKjq0bd{}egu=Ux+@*ym}KFbv|X>Q%ti%A()?1qP%vEfxI?&Cl9G
z^?8O5%fIA1Z={0NDA;qLpXR{r@^M?aF_>}ImS%!V;&8-d6f#wfnj-!1Ru&&%w17iG
z+f%BQbe~zj*&3P==u$mMQCC0IyOIIo7UdyNa<GoZe)go>st;|nFEj#KURL55?5)^-
zpqA|pyb67u=e&BxR*I_KsF_(~SUFFxmzH#cLm8%;i$($cYT3|g(#znM$e6DLV{3iS
zlWxs_Ms!35=OJY1bIi!Q0TC{d)&mP<t@R$m#%k=W#;mSnzxqbehH!C#z}a8DA~JRk
znref83YPC*B8T(Bu=mPxkXW0lYM+bNl)CU+vMQ@)TmPu-S<Xe_`_)_pqH{8Mqk55W
z!nfXiONzBq<zk!@KLNxWOw!Zx%{O7}MxGlh8K=|!`4UaLMW3B;<pJ7-Qov4qyt&|@
zL@+ID%L$VxqO!fCrYq^W0WK`e%kGV_E!00`lVgRG<^@(Bt%?S&JwNSMl`z$m62m;w
zWe18Z0g*E$$3#0{7-wkim{Mf<#Hd(6I&;t}Ey$0JUa%KL8($Z1I@Q*29$i}3mN9m=
zU0uBk6|s9Q7UjX3J)5oJ5eV7-+duI)#j*GXSZcxPv_H{-4NsM8K#Q5>6_<$T42lCG
zp*LvJ<Up>`IZnNnZxCa>bNqm$#lRdoiMmm-ecdW;yXZ6aMqwnJ;EN{(r5P$)R8jsk
zf~RZ@&8?yh$^kAnTH4w#KgzSA*oulR2n)_MtDCzdS)@9?h=`MWWKZOm%tza8^^--q
z1@tVc>>mNtNVPbFs9C{^hC@Fm+-<cnJ5`$4HEO1xcWEf4!NI!m<0k0y3Xpeg|GeaL
zRDgy@xz903U%!`OYS&<~saNqK%o?+V7qyY2>bw-alI$1Lklq;xiAFo$SjnTO*pO)6
zyz)60ug}^_rl)TtP7-a>&C#)pkhXib0c}R`ycHrRe-6CO#<6&f!f_kY*Y*)*S0V?M
zX9|aqT}oqByt@=)Kon{}=s1Pj(0B|v$A3f4ZsfcDzBQF-G~~X}a(Ely>9b%QO`N02
zBAf^n3sC$-$lC1y-a+&U!M0ND^Kn~rj1*hw4i?KTw!V+lX=z{ot(2Bjo^_Tkn4u^-
zx=hRvW9}$0y?5&ODuDjrRMng97^xxQFA&&*wrTOJcfS}6mz!AOF0C&NqrT0F%y399
z1Z87rdNm+!8qpn@uozk!>4btTQ+1>;>+QLbC%l@+8zSwJDX5po@;Jb&3^QOkqLvqC
z`{m{yN`)UhTBUa3k@Ulf9p`c3)d77fu`~K^VvaC9<&&5?igxC>Vb3|6?yJ5)DKW0h
zjMKBL=3_SHP=2_%xLB+Cm+iK~n)AKB{8)_)jphMl+Thk~Xh|ZRM38SL`X6bwx4$_j
zRhPt!J%&AdZ*KYgS4^77!v=6po49|Vt6L44B*_h3VB82Z**4R_DKR%`8Jap5@BE3A
zK`I6FNq8w9GlOLQa{W0z%ue!>+v5s3e&B;xpFxj=p*Qjl?$f&4!5vWUR>T*vK5-w<
z!-F<j#RY=)Z1?7P$fUw*AGwqhi}wW^X)5=yy>e9JpIrYwU7hWFRSOiniSSulV)T?3
zo{a!)niFkoszUDN1}Zf~YlNlDwt^U#0ZJ$vwpLmLH#~nN1T-WLSrm|F)<AZ-=ncGl
zBz~>1d9qzyI-2SC4;^_kh26~*{9?@z_i)t|9q6+`dW7)ErVEW?#(%=2hkiGGJcp-7
zO2%c@`N)7R;U7>tA1;3&KvY_BN9sj=rE`vfr*C;VZGpE5R`O(iO>Q_PzDE2j7B5T_
z2UnaG;hTtNo<RvH@bzepxL8X|RQ%;Dvt!Qa#~&f~aX>8kR*0!*Wgf<G8`T5+@1!+?
zB~oMw0OL{rgR>{*e;MK%)&FN%Z(oz%XDFaKepNT167KBbUuC^{KT`@bTL-@WyR6q`
zg&lZu;nux#MWSTI{>mEtqICZE?g67OS_tq_2qjH7R#=W5dX^BTg^0Uk+O9M1RT=z_
z4nSC2bIn(F5_`?10XaMH5g!0B9@nL#eRV$lL|s@3-pe}A%4k>7w!MhhEw{sLi!{=6
zD_w=xW~RbvI_jU=_#(>m^j`<bl;h#R?~l!i>()uf7D<s-3PB|V>A^f!5cng8vp^nD
zp&O7P7`vWzCZ@fTa2u(O=mBP`l0iS7)o`BQ6RLyCJHtp6P2>}hu!YTKz<BzH_pDID
zwxU+H)LM%!4C(Aqi&FMGTBPWYn)<Z?X$5E}q8Xc)YQT1lMlYjoKb;BicH9%AuU5*N
zX+&9oV2Dn=-Zz?fJ?#VgnW9KqR(;)tn^&iE;;-Id+9^`CYBC-5JCfYp?5GDU{0;kj
z>}yig^IMmIF?QozcG}$H9r!m??LZq+bH_DQ4Qt6fmn}%ntjVk_W6igKNn^qJv9i45
zDI5{D<O*126CVt7LmgAZ6mk4*I7h>RAQTBn=+V)Puk_p^aR0oQQ9ir6fzkX3>^i_c
zu;9((t-JfNH>4(*Q_0K4GH%z3DT@t?f#ue+V8xNfF5O^`dWsj-=kH$&hspvIlvr&)
zYV``X`7_BE{EtHDo^G<vZCU$}QN!oZ#>go6Z~NSc8XP?XQAHO0@%}YM9gN}MFO2m8
zj^J6)GPZ33sE<Y?TdMc?gb*TdYQBv`#OS{%uf4TEr~{@fXNG-3#J7}8-&y)(5KEEa
zON3<54{DRNnewRs!3KRInp8oLXEq2|f|{E%x3_8Z9j073Vp0<#TKbj;;eybk(hOr>
zYszqTSGskYa|@szb_I7+pskH=0b9V_IU7n1^k;#LTKEU9R>ZnBmWI2O;0Q@!x^?7W
z?%xuhZef3#L&t*Pw(|-vZG7tM3UP#j<gbCyX_Rd+3aisDLt%-#$fT5=8V8ETho;do
z3gjad)(L23A34jy8gr5Ug3O_5uTe9Vj#DMC%63Q9*6D%&`2b=D#3Eq1H=|V+QjhwA
zZ?F0~iM_TFjVquvpX7WvBVs?jTk?7X2hTglAD=8S0Oef|r>B?FEGpb0>orT@l`tAS
zI57e(n#9Q7MC){PSfK}I0EnP85~yFYKcrbUM|7bS!?gD8`yvDE6BT+5mjaR{oGvc@
zD8s=~{Forbc;&JOk)|6^gpfbr#@Zmu0*M>ws^`Q&Mh37vrkFQz(EG9mj!T3kKx3=M
z4EPl<7&80;;EH7?9rxN%?am)sPY?5i5>56Dc=874ubQm+eH#_ZNT;2SdHHC^r=>{^
z^$=vO%Bc$B#mk$u-}|xDRMeRQ2c=n<Of;YTjfU`kwn0IbzGB97;k_5(4g-t&qQ0w!
zl|Q0)q0L6In8`YIKrs>a;B0p<Vao8sj_4FBWQ{x`j>u9VP^q9#sN*f5W+Zu!36nhK
z&HyNH@(;>iaq-OnKdcGc_CfkfV^)H_FEH^QIo_RU=|+>o&c>sNn9t_qmcY5`X0qgg
zx^J@AgU+SKSE&wBH;iz7G9G^`EYJ3?srd`uB>37<W4@0NoeU~&Q}(-<M*Yyjdn+j>
zBLrWRTkBn28W~P5V56erU;V{5I&dJwv|UFSUG>xPyfU=!lk1bg`oU^*;b4@11wFOl
z6}DX9oHlepl0ur{emYkm%gs}v>eQQ2Uo<G&I%?B*smnGOS!j%?|Mfe<VV}gN$*xlB
z`;=HE<Qh0lzb6>}cy}wb?}s8KelSmyCSI={Q`RI)m>vXDp~Ce6O`@75gWRRybLPA^
za|ZpiS~|a_8*j9J{rh|MXg0ho{%1JG&m7W6E)8z)Dg6(CZRCG%P?)4s-j@Ky1J3|!
z<^Q=s`IjBPQf<TTfF03?Vb%}vLCd15!alsA7S9@oa0_n#@SnidB?VIHIl0cLFRw6>
zx#=dzbswa#fj0bUSeK{Qy1l;a)8-T-Wb&MSMuWida`X&IcQ@_-DdY`oUtT{}^rshF
zkCxE5Mzf%LLoG&3knLg=5A<q^w3p+bl2l}R*R;+;F;~xIYvvDuZ8$nphaG!X;<bXa
zy1&A^b!x1~=}EWPWH8M|S>#{`ckHZ}Jgv`2mXpos(u6LLiS{D4MTR9YFZ?_Gd+CJt
zxC-S`JE4DA?z)eaF2UPb4`AU}vtM})EDP!K1<K)SvoR0<T+KW;kbfc7v7N7V^Ibj<
z<{77MIa6aXqpJJPUsBSwc7Av9tLh^MKibp=b)SvcQv>MuE`@&}o?xZDj;0q&FxcT7
z;{8$+--{L4MaFY~{<4L`<ka;x)Om*IgwN5c;a6Xm9L3`)VWiNn$?=hmavI6&4Z)wI
zBgNPAJW{Qhm*vd?T$GHaH^PB*md72-qkpv~#Q!8!D+}(U?q-~z4iL+}rMaS;4>98N
zLs%srdf>VN9Tpfe2?vlso6wqQI$eEmQ&`#Ho7Z!%E}&Hc{pdlZ+Xuiq9{}EwoN4kD
z)v_~jY!Pt97qWmQhF@LPE`jZ*=5aay(eRM}X!xanX?Sgbh7V)?N5jhkG(5&X8veR&
z)g~yy4o6#I2)z9t4Nn}IGNh!40nt?qKzGXK-d6u?=t-M40gOkZl7*!!nn~PX?EKC;
zL?oV+wD7AG#uUQ8mG+MMh6>Lz8{o3H<d7;6K(>g=&dA~+Xe4w8O<6{@WmdMedb$^V
zpqKy&ZzsQE8po(Gc0SJRSin(XjDm5Sub;yIRAOY)6}slIwEhmngDyln#g>QIZ$FiT
z#Gy-+U=BfSRA^oEG}f1BOA2#EZ^*e6Y9~FvxS3)Ce`*(D_lGOs<mMMtD~{Vkl9a+z
z&|{uHvDYAY5aY4$u%Waj4|o+<26V-`It#jc%L^8`4+y36e`#N)jF`7mZ_X$)Nj>q`
zAqzy=316h&VkyV>YYyBq=zbfH>4(PUSaK&5<1<gBer#JA=~ipwO|PP+3w$ViWCUqy
z^~0&e5glu>&nb^E8xxj)J<*KsX~eBZV4^*6MRmS~7F+o8$@ZEST}($f8POVrYS&2t
z&WbR8rZ_=IP*hmA328cpCf;1gqMLPpQ3-bd97_C|bYh+v<D+=a?015mIrV~vt)Nrk
zW~HGwtWEiF8@Wjaz~CY_clIw(Sy9*wX~SN*FgFo_yEJyuookgJH#Du)s#DfZy%dix
zq~A5x13<^xP#}G9@7C%AFnmyb<oxa8D09miMOA?qMTTe(P^j`vLBL$$wmB8I=_;<-
ztDb!015Xy1KFPuNXnD`{R_;bS4d2)3U05w%5f@%Qj!gQKc^~(sxKqW7*}AB64vgBO
zpF-K@QG5B(VLmGuA)mnS^+8fUNF;)zz5^Z3kebyvmJ7ef;@d+F`id8KfaRe8F$I`C
zUt}O+ltt<bb(yjlZ8%aANQJW#(qWdz`8kC_2p#_@-&aG7wG1w@g2R}dP5|Ec;S3Vf
z`=*N&<^Yn+4=!E?eE+F8_&1;k9{Fte4FE+`Km+jq35x%6lmoP{(>`FovHj-@BCf~P
zdv*A)ZR{pcfVJ6t$7I4gurT_rc#4W-yhGO4bF~_JJgy~+&ugGs#n#eQfe+KQ052Qw
zI*Y9p)v)6eeGCbCX{A*i)`<Q!#u#C2G+92e4m5i#!sH-9weQDX7dDpOR$|cR8l(**
z3-N)wbrrS?cc`7F$Rtl$ntwynB3xbVQifd77|E)gJB9p$UI|fCxVFzHx=)+lO0uqW
zyLDRacDPxl#?6k6wP_&RBf7N|3#ggGdz-ZTKl=@I2_C|lKF2TxZ?L=tvKnF`Y)(Dq
zv&Mq=^<U^m?w#u|I}A2>OG_vgMP<sQBo84|t+7wRaR*D}Q9SC`JXH?TT&4wAY{s$3
z?{QjmOIgEF0+-jUtD-HPpwmG3jYh3#UZmU%iyQ%@1tm>(o6!E^yF{JufDRGdIKH)T
zPjWuT)2Dkd&Gsz)_^V(TZu8Xk(oUzHu%s{t-dISOYzV)Y_TLYEqJZ@Vy*I(OV*kj6
zT2su0Pyp4r%+Op)+S;_n+NR|irPur;^v_J(&Tu&{%KOSNL$?JxuAdMy0oZ0@3B`0k
zLk<e?io4+;SWs=HT+h#M(u<?~vZgK$B{UkqkiI0a`xc;ipmosyLPiy}fK1IxcwX_O
ztdOY6o(*jmh|Sd^K8MhUZ1Y_~(HHQ$KO>4m%g-iFAK-@0_rAakd2}Nkm~CjvpZ;Ti
zrDPg676Yi+6-L~6gpd>)X;UIS1y1mq_=m#EK!<sp=^0&4zjRo`v*gq}<Y!$F0o#qJ
zpzzk=LD4%Gs2C{kt0&wm8t1bBOZ9xN?jHfPNV#xEk+BDb&PIcbdL8`W8Rg69_e<~i
ze1Ub9`uk50I#;8P?CC18VU2BU%P0wnH}qYd7ig)_oBXdPPWi{srl$(8+F&~C9lh6(
zK@7U(ZHRDyai3yyTG!;9jg?$M?B?dSmU=l@_(6cJhkUb{OC}pHJUF4beroL>=#1*#
z7BsJ<+oJ!e?4%9{M%YER&ggYFAn<!+nj)iQCQ+e{Kt}fSPBCsKP;Rwi)}Ssu3omN9
zQ#J$)4I0Y2LRa`b7+DM`A=0%Sf22pgWI&G}M<&TqjW%)Lb5))^O79QtxSir;anM*L
z&-Z}KT_vXClmqXkieatEkXu1fSy_sB^(7B=hO4+svbTxW81{%tN^=mHe%t7KkT>V#
zeKSgcwV{}~u5l1j5MBJae)wCbL@lX|m99Fyu76oB5D6xc!Vo$&s**XbI)Y#od)vWL
zY$^}FLa<VrGvOR^KoZ2XVlfWqRxcGu31lX-!+7s07<}Ux-63@&l+L~d-Rn#?Qt51m
zd>)%K>mK@ess?*fe_$5+RcN<qJcp>jg$l?Cje8XUJ-vDzeLrwt)N4ZFr<;*~<TG5f
z=)&nk9AMh)x3;81DjO$agFUX+LXZFWRkAK*ePx_iF_*4Voz&+1U*LJIfjF%m%<o=f
z*xF<ET|)=X;`@xewlco&$(|$hgfV8snMEr0+%5zDdCGhG7?saMFo|)RdpwcvOyEc0
z79U}781C>Yk2nq5KYcd*2R4U8X=RsoHTg~ZVuKvk@CS-0kw>l1+0@x8FUG=H=Z)^k
z|HIi|M#a%RYvV8$AUMGZ?(PJ4cZURbcV~d$!QEky;E>?1!G}O_cV}>d%OL-`?{m)c
zto5wlhx5MOYp<TwGt;xHr+3x0t9D(*5Q@7J=qIy5d}g(N1##)pt6`vTJlYx8^JJGz
zMsK_c>Zof&Gsu4R!KMnld#>fJ+uaQNA@(0#2SFoF?iX+{Fp2*g_4#j-^3Tjw=Ufg#
z&;|V&Db_u1zz$ZrZjuylr2%uZKMW=i0iB~kA;)>8bCPha)M&vg)g|<D`~FerIo{)|
zpRK*kWcW|t+>R|4SJHoTrBsf;_L%t9pN!=Hn=7SxpR90ywe!+>?M!!al_Pp(bip9Y
zY{TQ#8n`(gV1jS3pzb#;v`|&gOMreh|6}Q)v=B39eNGfDbjrnczGD_}nQ<G?U4zoH
zHB@8fBqoXQ!>;y@y;X-Ez1knO8b_Ha&iExj2_Su%4(j#tu4-5RNKUn9%&-{S+2N_b
zQnB4tcBZ$^*y-Q5G-ZFUSJZjp9FY&P3t|RV&6T*tpQypl^1Q5^dkqBD2Uz5IdVh|!
z_N^l1kDSw~1dx1v`JPA$C?^z(HR&F@I~ZIu?-b@-<wJa?E`F^y7#(gtEzfAg(K-G)
zc})|3&42G6tVd={lbl&Cxl@hY@0$-=CSeUi+lKYkMJ}U$`OYH%_t471t3%ngck=pk
zYdp>Q*Dj{AXV(l7QeRrJNVQg`>4$eTXu)?9F5|+t)-Rj}f?LfG@}0Te7-bFf+?<O>
zc~v8Bx6^6P3#coj_Dh$4TgqrZ(u-V(;iV4+2<S~%xTNo8M^1<Ox}~vqL+ih>?(Q>1
z4RA79CQZ-RFlC1dM?^fUecmF>NbVp?>Nu9v`D0k-j7vM4<?bF8jGN0o`o<YYG@<?t
zM3}?aQ7XZnJw2%1-Z~sd|8My>6|}UZDPmlNZ#m(~B1~BoSV_HPc*M}^Z_8GZF=#q?
zO(IPB74oHHWa)%VlJz20$#^k!B1W*(ENK+}qj0kNgl7ITaIywj;{Ge4vIhJTcTMl&
zTabhQ>kx8h4@2yfjJ!09&$EI8+oT6SWy>rbBH|=bT+IQ8@6c<@tPB^+Ti7%tQ_7Zn
zoH{<lcWs7dEYvIiX;N>u^n{fzC6x{)&RA&bZ5$CrbtU-H;mb?z`*qQdjpw7UcQ<l7
zJM{k%ZRp@m6B<EFLB{_ts3*DpyB6f?Khczbr(h2?>Atf=pIuBJQ}E?;DHOzlnWtOo
zQW(@5cAch!E|Na*<<6};qxJ{$3X<eg`W=j1o#iU6BG^<$>U$}LyO`sS)M)FhlV%*Y
zPIhug^>M`1e272Z`yet3+uaVij9mT7$ulo>S)pnHL$Y3nrQ}Hh`id<h<(F1X=&a2y
zM7YYl9)s<COIg+Q0Jr9ZlgzJLq&r8N13p>&qX!8z8jWXCt3Dl$mL8Lht9#x4d>>|U
zVluGcAOI7e_i~nU8YMcAz=@)Y<!rir5I#lf*!?`GEkUnO$VNOZf-u;BA9(~RUW3L{
zLQeTV;SBcINYs2J1<Eu^-y?+<b*|c~=2LU~9f~<Hs?6nW9=~e6Nvwwc$``ZUY8uN%
z`3NV(QNFx-?ihC1d4xm|Gh|h3;1LmqW*Sj=U;LPWM#pZUu4?*-$C`LiyO#kvOFtdK
zi^|7~&v!w!@A^0_fTG%ATqG7lr8XkS+z;1iH1f%hxW@ZErVo&-g{@&e$N7ziK5n^a
zZf5k>V?TWO)J3z^t8%{ZZdavprQN2;I54?Gui5D%$)u!#h<twou4vq3L+{Gke9fmE
zo>uyeLlfz@S4TCi5HC+7A}iR_?~P#)c;ljDSWjYhEM98q!q&bh=uYv$>U}j5k;fL+
zPEt9^G1f8G0dzmdI!_v;e2<c#vM$ogn2m~ZSM_KIXUKE$w7l>%R3XDRcTh3DZmjLD
z_=Nw94s6|R6lTw|wm-yV={YdK!rEe%!X?|f>`h?vn}(hbGr5(XU!1~kCiRV6<aY^p
z5WtbPz*hHYjINYc_9%>)+mtXD385FOS&FGy@<d@9lFc~upYS{gFS{Mi9tUQX&3&{x
zmlsg$O5RzjKTtSM#GCwyaJ@v%?DkW*Ud>tT=Uly{6vV=coB3V)bG<uA(e5B|emSP>
zPeE-RH~x5~n2nhYt8BKIgBh50I9kjF8_b%a6|_M$VL*cO?*WJtBq9!M^^JM)i{*Er
z&3ZV2-RVl7S}JIby4FoGPZZheO5dvok-@ky8Vx8RK3g)sbVAJHOaQ@`^BqenF0r+Y
z$tJ8J3QsfeFTdssFXxGA{1xVdn9X)=YWd!7j300Kj?dZu<KRq9F=tbTy20!I7pZ34
z|D9@P0xi^v6(n}l6E-CD5$#)V)iP6(dR~*0UgjB+Yv20{M30u#^`>K=U-cp5ufJQS
zD}&C>uCWmPt%dV9|11ssSZqa?6Qa{$UC9oc6h^9V!LnL+ww{PQ`Im9qNoiDO%z7f9
z5qvvT5Y%-%fyd5%WbDWbM_Mgd&Rss!AylBOtx^B2ihH^q|6oD#llH)mHDyHw7jd5f
z`W~=M>bHez?vXLAy&-@Rfg@#%(}4aub8?&(`rVJJ^SO#@AsGYuY&c%sr|$~hvgf9t
zB?$ux0@Jq3Bo9~vcHJ&%Rwq+HpLblCeKeN_*PQ<#SLL}rmvx2ry{z|-b4C4SpHAlJ
z;~D#NFaA_BbJND!vxyI>ayz-nCE!+v<t+LKg!KuMU}u+Cdh57#d+nRBA+x564f1W)
zs(tM9-)+5n8%5T7-EL~FIB~1(HM}+>K8QkW>13=cqkw~e-yUM<nF4Meg@!w&gDROc
zZXRM$nXf#P&lFGgC2pR^^48OjKS+wv<kXU!jwMlO7oL7%jbl++l)zSGp%oG{{~APf
zNrqgH+!p(trV#o&e_(UxOYA3sNZ`vP-+Q^jED4LAvC$2Djf_teuQ=DlEx@&Z2V>=W
z=GM7;*vB(jBMI0HNo=}I4r8insGccmPboUOk!T^P8|=H5vOHYXPV;a4E9bi+0hmZP
zJ`%CX*l-hu&hKwG14-6De!3C4n|S`>{9fJNUbCS2JTg6ORR372@GusS|M8pRHx!)H
zm_=Id6#)Bfj*!Eh?XG297I>GgEA}G}l^ziP=ZCKFI4V;Zt#`QJPO5ZGv#UQ<eK3$0
zo4yix8c}x7Ku#h43{vJ9&ij56)93rcA0w%}0=rtBlx0e7P1{Q&n`jAfU-vx&pT_Ku
zhXPqwLA5Jn8?1&$o)BaV@VW4)xlcmsl*vIXM?QPdSA^W9u*U7{KaVy_rPec_k$4gA
z=XaN}L^a#{`R|H*Gia1U8De%LWzZ}zLEpu+>4CoWi31?ss>MKncj32DC4;NumT;-w
zBwc$5hN>X*JbmJNF}eTCjqD6ptw3uNF_lHJI{n<A=sLL%W7Z*7M47g70woZq3(Wz5
zNif1j;e9UL9p}%X6Z~ad^k|!}!4eVz%$Qb?p6CNhM^<wOWJq>uA15?H*rK6036*2#
z(fC-#7*1`I+Sv5ftYtwaeYWgi%WVmViHQlX(fAk>{dTumRW?(MMK9w9GYQJmG_WPT
zHiGK>i;NF`A=tpRmo-jdPepCe>E;4@66>Fn9|gAXEk5L21)w-Tl&ZcWuAzN~cix8O
zJB=_-0cN?f_r73kq3MGzb`fPw+ql7pF9B`oHeGC@l&o0H4)GhB?^-!a#?KUp@{ULF
zUM`vN<6LSR%p+`-2FH0J2=TA?y#3Y2`86C5J^hA`r8TMx@~TsxYZIBm$LtJ@H561{
zg;%*m7BQAV4_>BSIR^H&95X!8&n&9zxT$Njv6jaZ-zB`RIVfn9cKz^KRKljsuA2IS
z`(}ybRM$9`qgTGl_iapBEZv~NjjVCx)9pI-xX@rM<eZxhDXq%6K4y4d_$;u-$M^if
z@GA2^`hv-_g{EMj^D%XNH7BDCT18rfQ0yQ>rsa?6{ge;w(Hd<ZmFKQqhi5S(WgnOE
zfw3c`1|#y|dM=lh$GdQEf_*#aGIkSEy4b<V1ghneTxhA$mHg`c1c-d8e7gz5Mh-=C
z#7oOf^x@?I+SrNm`&!ng8SP(&zD~cxVSiRQc_+7c{apZ}aq{JfOm*_z%6jH-?0+Ud
zlG`naQitl|j{k+Pn)~1ME+Euby~>XjX!1{au+E}btH)45nSc{S`IREoX`7rP7E0XT
zw00opY0P7n)6BCZ+&lvU)=$Vkr)~L#xjpy?_*@c6rI4yTnIBk2*=CS6RHf&y)>)nc
zS`$FnGl<tH+<iwZf*PdV-OtyFeC}0Wyu#GXU9cXu05LWi7I8qjXgc(>x*n_)_Xl0n
zc{BK0`%G;VvEYjYTECnOg-8Rk+mrc=p9Eg(A3AU?H#MBQaAb%+1)K0y&-LX#le%bX
zpgXS}gOk<>yn>?|k<TOy;aqdSAAXRe|ENouAoS2>Dk&u%6`d!Z(~ReZznb^<BJD7z
zEB868%$qe|kl(WpSJ3oRY)hxGBHJcSw;TKNkp2dvV)Y>AMcUd(;^^7S>tBr!wa7mf
zbr@@r8-Kd5!f;Xu#(X3OXDzA)A>lwOapY35<;}t4!)c10^gRuw989r#+VNxh1%)LF
zzlKWSXvWQ<{uNiD8S<g`?)BqT)3+kRYUf4lstUT^<kbv@?=nvLIfSvT<@IA+U7NNz
zRLeiS@dFKNuOD5T*>-s4-I6C_eS4VbE(OWs^d4=yN09b?It7`_r8Ph?Crouh%qE;w
zsOoG{hX8xTZ}8a-Mf9ohXR8cG7_!Bef<44m#cd4uyS^#b@Gz<6`@$dDGWW0i3;26U
z^4VfaCN<?V)ks@@cVX`tL&KZs2SR{STH0aFfy~$GC7d0Bba;^oI)jB#ud%FKC##aO
zrd7@0+8Sn%)>f^?T+(n1Z`Rk)7vaNeq_M3=>M@HYABZb6Q^je9nfnFPO=#eN8!TvY
z+Mb^*VR#oT{0Gr0n?P!^HXtRllAAvj&Ha0mpPWqOPnclX%vB_Eiii!KEdD6`3><*0
z{ZZ=86L3Ey!v}xdkYsx6&v0kiJn}0im1Mqlrvn=901S4LU7bV+w*MiXL5#lYQcn@y
z2NF>Y?N$=*O-{B6q$THsKiGGFs}UQROte2UUQVeS9@*$%RJ?VL^zC>F^ej=|#O9=Z
z$wqIu^3#Yh2io{;$EK7PYn=Npzp<d?yPGNO-kFk!1kVN_z!(P{!_-LrJhPtWZw?|$
zR~e1b8v)Wt51SdvEJU1B4KnzIHgdOF{c2HSK_GB6f<Gp6E{q4RQ0dV7sBgVzj5vqK
z{v;Xr&Ie`S89LXfhXbGHI4pit!P3TRk=TMbQ)ZnUW#RmVYkt4e&#<X4Lto#%{ZRo<
z$nokt!K5xF@S78L0Q)EOjGiL)4`)sywKaE$?khnz5^aMHjhytdMm4}nT4k9Np|16S
zJegF9e6>?v*v-G~9X=y0+~2{0YaXisPXK-wlm#wFcAPX&0iSC&3_(j-g?+kPV}H&W
zZjI#b@==e+1y4$UDVW}4mPDkvdRc4t5BE+c^IGv{R5OV{+(3V=Y>uh*s&SU3+9mc`
zg_Z@}&GJ-U;o&v!8lk@JSBJG`v?AgqscF+vyAin^_w5It$4Sg4exF#7UkjEZ%Kq@g
zyAE?S0r>c*AM#!yKMBN$98cW$704<NmzKr)=P8x3=x;q-MGMj%&4m-eU+NQL_bqWv
zs>jT_$S_P<#zA_qeWMc+*?6^J3WgvT48==v%KU}(nT96vh?)<n0a+P1wnu>;SG(uf
zKb`Dc2i!%HD-Br0NDL1UfSm7M+_%$aj5}L89r1PUT^$R%8l#AkwiK<r+UNImkv`BN
zumMb`Q6*B5#+R+Jc)|)9L(7nJ%%;%7%FuE?sKWn!KM~<CU4ehfUW=@GxRUr?0v+$5
zqdB|9g}3JPv9UR@s5JuJ=X~rx>*Ga#J<~U+KGyhO<Q;MUn|HMKdENaVW}MCJKqT~5
zp*chZL^Yslok}aWQ_gY;CPkPdH+EFICCIM)qDKx6o8DWKezkkqFnnNon*QiHKy>Hy
zrN-P=DT2jM#I4Im3TavpEc2z7ZelU_Pdq6NUL|V3uL}KyNcsfidNWAKVK@b^U_@k-
z0fDfYBsIEGw~7c8k;`N@X2hrKJ8v9odqq^JUOh2x=o+l|5aO#VAv%-hf-2vC6$rCZ
zwGrObZqj9qDvV=T`em3I-()+^Xd7P$En9vHGT@>%N2R|bX@Ye_{J2QwKCylH$jhv*
z!bGS_^xI{cR!^Ji_h@L*0^_iAy<}|XWEV_lM9WE<-p+Ge94*rIPs=}DQS;`b2rC~x
zxqUmBBmx$o=VwjtryLxoY6JdA5=l^x9muLzl>#6VJd5#U5$ndzwFpe89vR+?#H(nY
z)(6cS#AbgjpGIRWy9{C!#VAp1kszK^-LGOC2CIx|t)tHpxwXGY>c<zasTbfodre(5
z0;{||B0=v@-JBJN7_J~%%P*q`IFl~4RRTac@?RpxF4Os6#BzBx@6p8>(dU<&!(@Gz
z(0)2u09x77>z#(}Gp}}xYukg%FR6*RD{JOOie)#rYFBk6GK1`J107#_K9peoRg`o!
zfaNvp&wr_F=CV_UkZ5$?@vK}W2j&Wi<(ZMK>;L?TJ^hY+$NN)?fLW7o)YvP&SN;63
zfl^8sLCsN&*3B(7u1e*VmuyvvggiXjcOx9iO27#ARf}JHz*tv^S2H#Q#@3IWBmUK9
zhl+yX&qK(<`QnMUotLN;t#;c^6n?2>LA16uMJioy983{xdI&E=6I)Fbg<wC#w1OdG
zW$b2{CPO7RMCBTsDsq}?q_=`M_1?%sx7WBX`jc&^>+xkg1O3E3%k`{lz8N3<@1X(Q
z&La|f=L4k6HF7I0v8b<y%f>tt?|6kD>gxi|Wspep)7!UF*ylTedZa`Ksz^^au5tx{
zflY3p>@-JC`zwo*A&HuebIt?~A8CYfPQ<q7LAjWqPjCL&EU>70W&`Q1sL)G9QZgu)
zKM0x(uynM3=4sYlHJUhOLTF(^fGRydAb~q{X+d|>^_>7Dv8D;U@Hb0Y`fwVp%I*~>
zzA|g<h&!n`a0h{B$B7kn!1AK`+ob<iVV_w^Fgg(RN?Anyi)^|-n2<zbuvV^#gJOp|
zD&xsG#MVq44HLVY57-eQAj>US-CGE5UYt#sU>y*=!ai#Xzw*ROb!4w~SMe|=h?-`#
zqNm8o@guslHj0^r4J&}R4xpZUvXl;hGjA70dDu+mYuO95gR6iHnoR!`9&?&Htd0gc
zm+Z`^Z|M}1!4zzFQX_zgoMWFEh!EA<$L~K>e5&1V;Ydgw32!L><eHLn48M;z(?5tk
z)s~}3wOSJt$l=#c`i;DnMFC@Vn_vlN{XLv$+6wEO#HmHKK{3bR_K3u2SG+8>m|K!B
zPZNg=#Z&J|$;2XwGc78!YI>cB!8k83yIPU8^b$%9M!&M5BbV_H5vq19S~L0^@z`<N
zwcfb4$!qG_8s5i2H>s%MP<fOy5|PT*)0IJ+TCz!>40csNe~0#<?#G}{IrJ}Z!bKm)
z)pB@;<=QTi!v73xz&UYSmDJEG&(d6#yB(L2O&AI*$)3yLM>yjn5~|HUm=pi;Qd;tT
zsG~*Lw_`OMxTvu8wW~SYs5?PX=|JGWOJ#_59V4)Ixm#}i>iX-`>BykXOu#ZR`z0$L
zT$G1>8oDRYw*HDv)eY4TGcz}OAgv}iz1FK|;ZYyy!*7qagD@HT&+#t2-72QMA@im`
z`gC#hRcv{a=cRi)ldf8~XkT2XQX0h!BGOr^#YoUY8RS`&&g@@WXd-GnNY~_^EVh9v
zV67-(&j$s-_Kqoj$0b8v=QQ%JDcNMBnWNzIFzPK*F6Kv9ir|||w9OA{zv69TJ7$vZ
zPT&Y=ePKD;9}b$DlF=@=32?KJF!&2o{+j1lJ1N}K$#TUC8%>IJ<YPKL)ap-;_&fWv
znLyOc!2g+8t>Kqj6fBg;A(#ag2I^gbadq`%ce1jyGh?@NGPAMbWV3RzJ~cvh)z--o
zT|Wv(ygD?amW@)4437}Uh1=$&`RH#>XbQI?tnHl^xinynfbW1lBlJ$y1#b}f%V0_l
z=tFf|8wPKk)`W#k@lP3R0^ZXR#V>U-)iK#CoUz=z82fFdrOeB3o%g_rZWZUJyWP8^
z)z)0Wwbb*Td$GWYx4gHviN{F+w&5jjMJ+}@#&~v%Qw6@*o&y)xdWHD7$IO~1Vhc9>
zN{@Q2h&Vslo}w-?HnX3Z8}|ep-kHn?1Mh}TA?XouWWC1>kBrm1)}3%{x(a^ew5_#o
zPHQdM^Z~7eE^Tuc6X<Q}7nSbRt&=Dmx>D^ZulG@P$<JLd9?@VqlfKBzhF804>+=FK
z^$WaTw__o2x__=`;qq-?GkPCvdzd)bau!FI^zSFkFAZtQv!_R?@_dw$>*SkA*wHZ^
zemGxe1U&(UzQHqB`K~%j<W=Yt2@^z*LTqvx<gRV|iJsecvIp2NH%t8zMrN<6@29-j
zN^REc*E2Q!&x@IjmP%J(H%nKb6!M|+BbX0^-Mfdz$#RrDR*<SP$7$iwPw_!PS;n>}
zN@*Kg0JAcuKLKDhixu{~Ga}~eOn(OhvBwuwA78j>fN9ZsVOU#>2FhPS**rKT!yzw0
zeR)FRioU`J1FhQP(P7r4>cEBYtY3>TKiHbljlXv+O75DpDPvwM8;te*ehob<d3!l^
zZV7#L`TlhW_KspzcC)S4?Ygs;=NrR4myWgX!b^PHq|oKh13R%Z(1nF#!pSyydi!1e
z!#CTvsJ01dBfw+>rZd}e1YeEgmD;Zk3!CvpwQZN%F9YRbk63<hCg(pHBNEysm~OwV
zR715G%3rjO8WN_Bc~y67C(F+H$;ukFw04SLyF2x(6sTToH<;{~-7)Y&4pkE!p9$7C
zyF$*$%6qyEo<9U&9{D|WjWpkB2y1n{ZN@I07o?Jm2tFrT)l_<%qi_3tmrJKh+(G4{
zzZSl+NkI&I$UTYkCw+;$fm>IXChw73jPL3;H)->+`s3e=V=OUR+@EPXs@{KMm`0Bu
z_9k~!^&Sl+u#r{Or;7!%oJL3k*h3mNJJ2OXj$Y1U21FsL;GgdzB`9|wO_-%7DgSXe
z5OxDk&fUv+&e_knVvU{)!k-coGZ;QzHm6;bT#0l~bC{7<<cq)BKo@qw2k&dEvfuys
zV>*PvPd@+4y!Pn%$8RT0Be2P>51Aq5F-k${*dm|;z1n7CQE()XHPPTfKM-%v;qmuk
zQFwrf%*Nu($$motn!?EdrBG)8Yasb~JV}973+4sK;ebY>?#=dC=j>|auHWyQ?Zuko
z!0MN^MF1aaAnRc+tJ~8Ml^_3pLnBdn^n<=X>9K=`hqRmEh#Npl0)Hp%B-iQ8?#1Tn
zl=1fjp6Z-k@T^!pa(S5DFk^luimHE`NMM-gGuulqJDRIL7ozHFdP@zxkwJxPkqi)f
zyf}!#N7%SzUwX%dxefbfp=Yf^TI??1R)4r{n%A>}u3dvqt6gJzgum%t^UQs-l;Xn`
z{Dv?eRG6#Ii?oGIsTQ<?6R>u+p8f1t{8!tl%;Jse!?8qiWfzkKFzsxn*xaWtpm@RT
z(Ren8Q6TFY@{_fmGYxvVq4%d<9_)e>naC%@l}9R9>Mh(gh7;G(+wq<|&rE6m4kZ-6
z2Dox|0neWrTiUM09?JW&i)gOI1s~0NDkQdLuMY(?Cke8*W$T|un4A&1o2mKSZzpWM
z9!0A4oq2e8(m0)^8<gFOZH}x94EAM>0yb>xGIY=vWUVm}lap+8DqX3Y9?cXXzT_9^
z96s>-mz~(P5f@&U7iy0`pB*GKhiuB#3drsd4d1DB{qYt1<c#K3S*^8~{$uQxj}O7H
z!yDf#KuOyK4Wcpdv?2W-J)z6?p#rW=$FJ+O!`=Rp?JA;61Z#F7tVKL`Di>+ZK0EzR
zT&Pf_!f0kl3)FAR_IJ@B$Y6zOY(ui8`7Wd0$N87%t`ADWYnj8-^d`?s+n?rxFw%MO
zk;u@3s!RU5&+b;dSa(-3fX9Ee)2`fHYkX-nVt*oG@^JsI1voQ#h{WcV=<K3FetCKp
zFx1n(Q6&&3OO;vCjrSWR7j?aP-*@kzs+8rb%~|+LGON_q<4fbgo$Xhi+_8QF<>j@H
z6*vr~m_kQkphw@m-=>lGmUZ9T*uujDBBL+mBkZH~R1@Vk_&zs#n%ufEJ}Zn&q+gDB
zVVq4id-S#{t3w9-k2(a#4uT_kmOqpyA6>bQT7gG>_Yfl?M)D^Dss*F6K=;7LY7r4{
z#e5Ok<#sNz_WA8Q+{=@?^3Sz;;xx1=p3fbl@yF3P@14WDwqzUllc)3`?nR4UK-=Av
z9F0XJ{k~}X3`d^vXbd-1?LiP_G(27b+QQ?pr2L2vE?6Mhn4KN%C9z4Aq`~Sz|5xGY
zPkE1LK&AwF{)vZTAEgNW@ea_I162U~X1oR{PpsO0>Nspi)w7`WSdSWk16#f&{d<?k
zy;BD`(!wu8-gxWbcb8^4wk55*b#sB{dYty))fc@{f+;2iPyB~y2rPZ=ck=|-^7+W_
zSCO=%EjZS4uo^Y6nU&sLl$4&B48=MQCwbB;2S?<$wki*spjs2igKKH48kLgr7bq1h
z4d`B*Ax~R~l=7}|Ez&{^^sNC^FS0CG>`JR~q~p8@j_sI1?_@fT!T@7t9y9PTPAaf^
z$&YFa7x;fhNGo)N2-)yY3q-DHIgyZ_9{C;8CV$B6TatO^?-(kUo~{%kj~|MSJBa<c
zBR6FPnIJl{SX})1CAFSkFvTi|Jn;QVdd&Q1yL56dh$^C9#$rTL(#5CxUnPwX(;&!b
z$)F7C^1>bXBJ<YE`H}9aVJMLL<uO+~8*{NVlRPl1;9l?P`nR)JoWqwH3&SEYy;|1i
z9CQoADLsR`?GU`hA<17);x@xie<zTPdFLa=jD8MF`j5(*fA^Op-N;v$a<d|Q{}{m1
zq<et#>vR20VF{rUr2(SPD__;0t<#&k?VjfVDk1%!caa1!TG91Q)}k8!s6oIa)BmVJ
zS8y!&+QN`PKvhYpfgNA}5UK+!OFr9D8VnO=;_-Jo25XfsX`PP4_{V%cq=wN$fh>%J
z{ka1oST&zk0JND8Jzlzl(x~0d?0hpI>Dph_oEFz_@vYT-<MCKH=*~3eMbW5u_u<C@
z>1H&0*PPS!07m8o&5?|4k8ZhizuScy_hPfiyM2O!X%Ff_{m_qA2FguSe4XypcK@TN
z4UHq+sm}-z+pt|xoYR~*rzN55%G79wq*0f-+LH13Us49zu@7QR)v$58KO!(3Jr=zi
z4DXF2PFu45LqPdS|1JPJ23FmRma-0Q*#75%qNF1R$`4B4hu`@EB+)lUIX+xHW*vU+
zPQ!Cxv>f}}JfUUfUFtUxlrIJOJG{DZ!jEmv+85oxx}bTOYb21&19V?rj+>PZsFsBX
z3R)$a_C*J4xfboYJxMqI`|RsH5eh(i+JdHP`A*e<)L!kKYNCffAiqY8nKL1p?IV0S
z)OrjX3tT_G3ZOp3B}c`Ok*RtIY5ed_ak41Rto?j^JP(qc%;u)IaPy)W!&MWMbW!eq
zowlN`pYHxX(6galw?-~2`Rb}zKV5l#B4Ra~7R9%vYG&fnT9em&OKRXkbJ78T&!4Id
z(V|K)oJ)Uz)G`F-ikkHGd_S9!otG#k;6U)(z1^iOTOkvo_p*KB2q3==|0;E3^DsWe
zOhfS2ywkWuu=g5O<D<pZVGrSmBaamp3>?WCbyCLESu-0orNgm`I!m3>yAQ{B%t!Z1
z&G&-fUqPPDhC6oG^hnR|=EE^H1WCGUzn!CIBnFzO_&WJ{`H~*pb-25ku%~+%0U`P5
z)yx;~t4ncNKy()?n~wqV=@77T<FC$xuS<y=Q;I3=4P7a&Ito^Ik%?0-qC5Wie`)iP
zNI`h$Xd+mGbf?`F4y^eWPsmav_Ku3$o6-Rx^H0@h-0p5`(hK_UDTT1bFgt(?B6|+G
zHkhh@291%=@T7ubwS_QLDvy3<8UA0%Mzar>_!bmRPlX<vKcL6BMAo~^gS2Xo2qD84
z3Pa_MXZr6C?97r?*Oyv<Tx!NxY#vP7x6f4^>^yo-jhmlBq%oI4pq}n?*n-9Gwtj=y
z@aN$71rq|`&upi;3s=7{Op^NNBTl6ue;wnIo<as7t|j`4GHiI)A5#;N^v!w7KIxM?
zdMm3O=90Pz-oEOUZflQBSOe*}%I@wlhAO>JArc8%gBJ9OTD!i5+OAAD<1Kfdps{}d
zN=pWg6-GHdiL)A~H?n^Ria*WFEhjuMv^H)$n&XbuTS3|qYeA8wMU`qjK>o1G=@H9c
z1r%xT&}wyhI_lIsh2jx#NCB226CFPDy4S%XzrrE^7hdIK9^JYxt9>iE-Au}34mbo#
zyg7kifXcU<YPD0B-(P^3-41<EQQD7KPzw+skFOeWYPc=+cBBooA7<^14A%Pl-Ep9D
zif?sg_Gxl&Su5qAi-^DjSNuq|sQBM~GE>_u#B?dTkwI|)fn{x?j~`jEYocpOTg_|a
z532*)HKG$fR{H|@E!Ls}*k{)&ax2#=TrF!xPQ2Lf{Tz~$$T{k3Gd$X+|B9(OeEE8x
zr}^YgY4B~5cX%VJOHBp%kux&E$>~S+yj!tq!sA#Dmrd9t?ag=szttZ5Xn$o=o)y2!
z3ix;_!~cXPC7T&ebvwxFqbk%$Easo5*sA#`Y|H9ydDg<J=5dv;j-4F|D7MZJ)DUg)
zylz~Ys~{{WL=kq#jE+WIF35lGOAJ3>NhVKkD8kP)`6aqjoG3a<C`R?A>;Zf4ag9mr
zc*jHT#wUG}H2dg>jAXt}X@8=o5xLvb&5@Z)Aw|S3_PhTJel(%rXK;?+_ptR}^kX#r
zHGQ;(xg7tR%4B4<7()>Gl<L!Z^>9V;A4UH{(kZezwxgXY3o{;qgL~%}r^>V}FG>UZ
zKTkgomOaYtEEaB|M1r%bLp3?|?UMp)eE6SQfhZkV-eVNj>v7{wg(dk*MF(}Cu-h#c
zY4thj-a}zcR>@mpb==YY(`IvlmE#3|i%EpGa4sZJ^YFuy>obBE8wx-FY}2}bS!G!p
zZ&dj6-Lvr<arS+B(3*btWu*JW=1zlEoL84>`lETy{nMLXq&vfz@L!MJxxm!d*qYo1
zmaj(tSe}k^kN>eeabC}(+ZLqqE*`)Pf33cwzjd_y`%l&e{(vv4&mBpu7RoayKx5Z7
zk)a&prCFh)0ad`L4-~itsni0Vi0)ka_-Tq3PnL@q_)><V!+TaTaAa;cPsdiQEgcIo
zh@8fhJ&K$sqER0C_p-~>Io+tp-KZ2tBCq_PL5KU)I_`HE1ph!BU0~4NuYZxl+IZkw
zR|1ZgyQ-(an7PIO1rFo<Duat18RVVn{7@65n&$Oi-FyN93B94lmL7_(cdvl*_2uBh
zf$p0$2L+F!$AH8)8O0_<a~`ZdHva<Z@3nV%^i1<^Mb{UT<An571!Fw)PX=Y~RHxg$
z;Aml+oa3%)37WlD@cl#L^q3978f`UZq$5#J2A==(q$dM?&UA}1D4NWMi5|c{W^Vrf
z^sQ=g5{D6p%>RyFk*s{-)Pv>*iv4diqM?luID!IX<LtGosr|J$Jl&W7ie&T_k{>Fo
z$d*teApl0x@VtHymAjUQ?BoSz9B#Z;UQr*`us%+&iM4cmI<Z(J_uEU38=6jL(Rw~a
z+MRpp>`RnBeG=EobSY$1?-7m)56GPBewknLN<3QfnyWOoaMLkg6j2zi`MBuQwdD0~
z%YNBwKaQaDRitW*>jQ^dzx=7-G5J~Wop@(S?2iNYQ^BVMp|ao0E=D66#GS^o!jR|j
zFuQ1@&8@#~^1vVPx&H8YH?#m0!HT_!c?p(ppV`X}<{r@Yb}q`3?N(7qTYj7w4K4)f
zIQVP4(_b~1z-an{KR`CSm}uo+|AsO#6YQkz<RV1-3k0>6JtBbGE)OphP*Zn>l2hKX
zlgsz*cEOeF0%=l|$9kL7tw1-#_rso-`4xPZ_ZS_oys1IM2~%O7z<Tb5N5M9GFUOzU
z-V^HZ{TJjXr#ajz2FngAlr!yEv-$O5g5;36Jggt@T}tQ3x-o4|A4D!EmY@VQkq+{c
z4#GRo3Jf+XK!~wJ)g{obs%-CmFu(p<HkHW-dPT$>CI#!#@)Qo;e=J?=tpDoKhPSmR
z^rtzOUSD!L7R*21<|lA_|D3xp6tzJ5bg~*!u5bAmkd#+3dH(}pSZen%z=%87Cg@mg
zl1PX$@`4^c7r6lQY(YsaWSndqEVWAf7?7LZ@`~@D1Ta4P{D~N;hbllQjoi-^dolMB
zvQ?)0$4gx9EcOhO#vBqBUZ1Bb>Lb#UN-nj&?do{3y<{x27;%#ZLaRfEm0f~X9dO`X
zAbV?_dMh4UGH7S-no=@wZyKrB#h<R_zB{{&ClU+&r0C^>IXyvhBKVb)ST0vl(MVCU
zgOhJ~SMEvI<np%Kx%Lp1nlgwsNHs&(8gg9?sY)DM)`}m?;ADS6I-TdC@4lptyaHR+
zA4@iibrsa)HnQmIL7}M|;51DbnBquuJ!9>b6Qy?B{hVEbqIwZ}p(%}*?)kHZKd{_*
zd0vK;(j@CI(6b|u6*}^6n~fJA^;1_-K)_hl@>-pxZwuUD2hyD$UF?Eby3ML0ms>!P
z2^2>&KXUt;-(2-40lhRNy=$O;2aL0UMB}`Q>*kKOTHdUt+UB+)CKJ>rYb79=7$xR^
z&%I4fGNE5wLQI&wC<~vh&KNv~dQYlF)}Pvi{S_NLB5+>(UzIh7@_Q7>Uoj#+MSYA3
zqN^n4rqN}mGGA1CGH)tZqFZ1?F=}QdhfaIQb9`@Yhaa#W4ay#;QkD0mmVPPiOBDbh
zx~-6>e)*B095EkyS@zZ&q*ADfW*wO9h-t>RJCOS2Vf$vZ1oaU_=9@B+KQ;FWn+1sd
z@J!GN_{UQq`hPqHVkZ`nJGe5lSCm`00StaX{YG!-oFMQFnxu5+*@`O)#jC$u`BnYf
zMMN+Q+M;?aIGnMA&Zu;iD}cxz()Q2j3mTS_?Lv}1PQMc|$Q`_Hj~Cf`ZWj!QV#g_=
zrcZ<RXojYBG_g(>ga6RvtoGPsU8qqkF1$+&bz+@SaeFO~Y8BYYU8*jEbcE%CnfApF
zvk87BY=t)HJV78Aaw#g{KoH?rSzp6D-bh_~QDSwr!;{(Q#J0fJf1p|x`YC1HDC1^j
z$Zu3(t7=@wgD_g#gW4i_xeh8soycUDM=Oi@Sx0m1!;AhZWLE)c<!3`T-0-C%`wbpp
z=-H58ISScYSlTCl$N<#enDe>Qw)u>duk1|5$o@pz#UFIE@}<lvq8sF2SN$-qm|gKz
zW3s|!&Y#IEZ|v@70LR4HZGD#3>MSaW)x#*O^}FBQRm#oMtSr2L&Ix!)C7Vm8zPv7i
zf&FxWIZgLt9Pjo$;j-3Gr|!(=MwfaFdns9EZ%b0bQ|g7_QhzkX!|#EY{$HrRvMU)u
z@GyTx$4N8`u8|KD;*Q4R@ZwJq^dml~?48;qhl#}j=fUbdQBPd)k7F5T8z27yq+d`9
zVn<ILkbP?hDi_%CPS)zJ$qVA?(L|5P9wC^e$Hv;tqZmkwnFD_W@0SFn#6lX1C)RSl
zBAmr_fKUsl-~O}9eD8thizk!`s|~tT_&>PJx&CpP$1V6d;>nO8{e{Jg6+tkd-nPe1
z%21LnG&K-UT9B<npN|P{YDtsR56{AHmM;kn4MmKPCN93jyo6)7r)?(09>t4^p`en(
z=9FfcTO5dOy@n)gvUb*X3Y!P~rtiGY&Cat3f^Zq7Y2s;953gCqEvvH6hU;6zOcJJE
zCvq;fd`#tWk}cCT(suf(`Nc7a_EL9Tb7B(1@cY~zn_~0dJ8xbSRt=ddY1&F*oyt)G
z#b`j3UMWBmO=j9_LZq|Op&}9@On=Vm<1?CAuZ0SV@gDuXo;JD<zmq3wWQTm~p6~G1
zR+4aHI_dk4XV^|`%?@l_dlh%`(*ANLYBxdr#DDF(#$}CqKfRGEL1IcArvUCf@e52@
zWQ=oZYLPEzYRkXWAPXAf)=d?5Aie)$@xt<>y74N_OZD86e36wb=v&Uvt=u7>9qJ1e
z>-XIcH@5Fzq`jYiHho)Bm`%4u*NGtgyG&J6qg&3o@VSldb851)74^VqpL8P2LOU1R
zawp=s5gyz5x+Ng}USO@UHLtsIGmv|6j*+1TF;S^tbp)&{bYUsb-48Ck^t<?*GyWrw
zTJER4fbIMUpKkSOW6P-V3G<2yIt#h!v;P8lGWCLnUCHbX^B9;Av!N&bOn<p2{UvmP
zAa1dt=i6D;a*v?7D(y<vrikAaEZCh7>>jn4u9}Z~c<nAWUQ)@Ui$p8)M*Gr~fv}G5
z_9Q5M^xCF~S<W+R{b)Rlnp`+GrKe{aW&CZr0|n=nNx8gTd-O_kn0z{&tZ{(p23SYi
z5quWQVKNC4?uKdfgz-yLu<IafZ5VeI!TBv1J3OnN0kMedAv+R8{33{QuMV5uVEBDk
zKsHpavn>N4{L{b+d(ogMC~>KCV6D^I=0bIf)8^vU`^pm6!sNtydFXZZrr@d_<F}3e
z_Z*L<QyknyKmk+RCrI42yhOaJbY2ha>P_=faj{!4#x$lOn3FU%RS={6vyc9LFMCJ1
zoH`pA7aRb@m@Rd{aP1y_{B%n4I`+jQrag<@8zWPRB}0KKzL<z1Q!;JD{7=e$7Tphy
z6o3X_2Kyl`|KvSD7CeJM-0M!Vi=wC0d6RL?m2+OQJVOVofxYP<3QjxD*3z5U6+M<q
z6z~|$wA@oLQO-n|phP_S5TU^n1!yFh^o_fbN-LT29W@t7ycGD!Zrus9ij*Xg%`#~!
zoOt`_n8{v=?XfZ>fbMZ{1NZ9(_Q8(m@*DM?s7SAG9$H^H7gjFqdvb-K0E+G-!0~T)
zk}6u_0=KVT?z}xk>rDmwVKby+4K>M5Uo*(~$M5o1_S{t!V@c8rNz$MspxtXKt9IN@
zrt1z@i9f*`HTxcmitLJmf<$p(D+c4F+{=`>z8{9*laz0*mLEjZDl3weCs;q4j2bQV
z-FIoZ^MkUNsP9c{_hucLhP}UxG_&k=;O~&0Z{}+D+u&`>F!p+^ftno`k1p%H$WHd(
zcd;=4{U#iZ-tZweORQiDL$LRO(+}4s%R+^uHrj&kx92mHkE<A$Yp9>Ex~y3yTCA_y
z*w!RCd%_>Ek~-;t6$?(5-?c?tD8x$t94GTR0aA~mWy^nSEr737s2+}*qJ(1$Gv*e@
zd?V2rH|Uow>tV;aVo5}G-H!VjkPqJTD5Wn@N{)kha;JL_ltOdIj(~Ed$u<awU((!I
z#NraGePID}ibmcJITDycU?A@}a`z>N9}{CVTbN}mMb-A(rYC^<S(A6KB{LW{1sUE=
z?_-#M+t_?AitOVv>un|Lt3xc1O&qx5g#<<hUWsg;a?Xu03QDQ`8Kh{eo42v}919ZY
z0*PKIQj-=1#+_{~>Ve{_C8`7du)E+iJ_H8Hffxzziqv=vFCf|xybscmePH86l))?=
z`R~a*Ihx~&mVZ6DmVfr*UL%w};YO@G#|+SAKb~rZuKt0$!!%`CSEOdhzU*@hD$b6i
z;f{4@5d1S9<_Q*@78vVk?@)?FVm5Qk6uL0p25POkyWHgIo%uF^PlY0fXUiwre?>30
zcddBcEibm*N(w)DGGtbh?p&JKoZ@-CayO9rfSN$iHYs|S6^12X{e^)H!oD<G%3|61
zoOLcZ|848d*yelVgdWwxmr33gM01D8r#Hj$$LF`&S+ZGUaH&N`#Bsaqs(4z2<L%#x
z)$UeMVlje^BP6J==M5UZ{U1&N6le(dpN$d*j9Dxl!UhNPPs4+r`F{et+-&x)RyJ=-
zZ(A@}in0o_FtD(&Fd5Jt=4};53I-Vw5ee}fG7=Kf`}fEwXt?NTsHkW}A8;^nNr}nH
zNQp^EC}`N|DX3VeNk|y@7+E+tp-~WWdI1rBE@3uq9<F~b0{i~`do)xuLUeROE=m$g
zuK%C6w_X@*WCRNY3wT&67&vTLcx>3WK^Srv7}$5v-u~0!|K4EX;1S*-A|by=L4|&x
z84Csu79JiB0sh@P1ZV;=Y#{V~7zFHhA1FB`5OFljkf_{nxk8e^BU4M(_u*+y|E1wJ
zcMpA!f=@t5L`+LZ&%nsU!~2PkUqDbwT1Hk*UO`byTSr&#^A~*!ODk&|TRVFXPcLsD
zUq3)tc*M8JsOXrK)U@=B%&hF3qT-U$vhs?`s)oj<=9bpB_KyC6!J%Q$$nVja*}3_J
z#iiwy?Va7d{R8mf(edTg_08?w{lnwaKXSps!2g$6|3|X_M=orrTyO{o@CZo%$OQ}M
z18wlw2=6F45kE+1Aep)0P;rGI<4PufukU+L&8_(t&)j_)1)qjzoA&Y_(f*a}e<xVz
z|6h{*AHn{wTq`hW@UYN74;~vv4Cd>Oz_<wcCU4?P*>07aCa6kw04eN5<4=UA<F}DB
z6+1+?gmhqLeWRtoK{ZSL2zTdg(cyc+C#`SjoZ4g(xM!tm&G2L&k!E?~M@B&UNMbJl
zSx2-ubvTz7M#37AaXx{wxExI=57qi005W@>ycni&c><jKasRa^4VLJJmx@k;t~kih
z?I;GXck3VtLtxUx9xsYSlkX1<Vv;k-ESw2Xh`gl`;QCBs&*txi>PZ4Rb40Xs`0e;d
zyv}RoU4&V8?IeXKb@*k@e0wfcff93o$Jv=UO^rPNkvQBf&ndL{ow^p;jj2T~e^D<t
z4W^>t8%)GI-(vLqu0UJZfm$_y>(L_anwu&N#8e#~06P(QG`Ce;Nuo)H!9a*7)WAIh
zgts69Eu^|l!lnKJ;|3?|d}B1K@2hz3N78qGz7`MO%P+{2l~G29%3%-VLJIrjq3qmF
zl_1(QOwWVnOI`WQaQ|$Vm%t^1CR%t~2rKLAzms8@FD95sL$;Okb!zP(m~f5#rmR-d
zA4RWsh+;zENE|sR54jMyHLFH$VxRG$@C7ghZ{%;Dy_%?4&jzi2?s8=d3&D#d(SE1c
zA~;vIBye$|(dg_fMxqX9AtLtTx$ljHRI6`mul4&VM_dv4c1S3wjH#WzT;KVWOl@0y
z%xqYMQ2~APrfL-Y{k9xQwA(H!l`JeqV$wLUQYrxyqcT9$TWCSX`J3>WNmRs5aRwan
zsBK1+D==9NquM5{t&HK$I9lTKVi%e4ObjE{cDqx&;?Y~_Qwwl*^;j%W6z8ZkZX;K;
zrJl(@S0gM7(ueVd`5VaS$|Q`fN_1Oj3H136fM~06frxDQHRcw1{dQ7lY|ri@jH}}Z
zr>Lt^)T5NJkUVlmazEFH1OE_3steTU2bx3Fr3llra7Os?py5u`_=)fY&V+PD(jkuq
zwGS)YNgq^2+DkGAb$1b|gM+%7K_Vl`ZI(z2=?yvqzuS99pLE<QIt4Q>m7^(E3C&K0
zw8Mt(mfr1914+x;3C~O7kxfb1UDVuEe7?w0ySU0p$uZ$goNo^01XSULC+~h|PKGXW
zgH{rXf1dG$aeF?A#4cJzioa_U4z#08wu~>P2nL6}%<7CV7tc6eSaik5;J@>=q<;6c
z*`+}LI*(qneb)JEzkr+>QJ8Dd-zE@!PiV&(m;{JXWu<86L?RVA0v?oJ49Nyoq2R))
zJ?@m~fS+RG{mx~SOKwOjqkP206s7u(7Jvezw$wcguwm4#`aavT0?&Yhkltg!ec?OY
z@*L&snFQZqSzD~xzGJ@<q&Tfyu>yO$lQ?zGvDGp=P+3qZk7<IxXE|nP92ggwGkGKT
zrtl4hTYT#}2PP?S!<M=wh)Du;T|$3_+p8Lg&bPUdHv(Qs3M;UXHwTc-kzoWe@sGS}
zXTe|q)ZxFuAQjjfUSG)j4pEBn-4sef4idO$LS4DI6;76>I9y!xo&9%lu?za+{@TLq
zlEUJydF^Bh16~-m@>LmNh|W$_=vUG%rvl$mB8eoH!jKQ-h>>XGD9mZX`ree>?Ey4x
z>fT^(HFuM5%Q!hfin1ior8q+Q!RDzwz9p3E{uV0*dEH`)w#L4~S{-o-FO?xwq$fk3
zIhdb7)gIW-<zjiBD@20`9-6)L&dBBLF!#6vvoYy7`;*n;qcef0Hv*-k9yuiL9w*Wk
z`HX0}@HW(?ylS=Enp`Q7&D>>-!A>AWby3HuaxWBt30qi_8-cRS?+NI#qIXDA;uuob
z9$FZFJ3oFn1;iv9T6&0MnsNmml_WIbuPx!0e+;aQnyxcnXyf_q@e5v{(h=#2RfhBB
zK*no&30%QLvKM3L2uw(0TzR}LWo|9QaIm24B6GJb1Cv;O<xxk<Y$7p@srl<J%Xs8H
z;<_vBq4l#~nSbl1240JIdht6o?qriP@JA~i^d{BF3G2M4WCFM{kw|}TS)hxHf2781
zcleqbGF!0Ft_jq@oe_V=8A4HU=KYi~B`Qd4C%j;kQPzN7<LV&iYnJ58TRQtmh4a{T
z{RoUc%g<|A2S!k@o%^aiENmGlGA{f<jM#p=L4}BU*cSGbTfIflx@-*v8pp4qM?%7d
zCA3Bgwf9ORLzjjHsZE5<9?8Ea;&Nw%r3lhDwKlZ;Yp=2umYi6P4=Y8kG26}4`bUMM
zm7hd2F*nYq5XtiP)XpO$d7Q&@n321{A_kF&WG9VJteO&ulvA7}?1eE!$PaW=C>r!M
zm-V~%g%QF5eFd}iIXT8XRIOXUJ7l$5ASNVV;6&a6)q6L_fy|vVA<Y@h4jBok&Z(x)
z;W76WckS-xD8{5e33=%x&P|zBjm8O#NAxrW7meWx(2C9LZWC?BHsu$#PD_q~5d<cK
z01l=F0}JT}32kM+Gy&J+FxbEN59RQf>GUW}byOurM3{8iD7?mD7&Qfb3isF*)tchA
z61o{_GMQ(|(qQ`6w30(iX1=c{FivmfccCEi@BS^@!&pBuOzbZ<Hb}^CLI$>usb2yi
zui6I`XaKLOi%$Z-3*VEszo2uFPZV!_ehO1Xzy!dg#+fI%zTZho;1Xf{9z~r4<L~vV
zoh$2+oCt_6SV(H4t~?RP2^G`#7Qd?+<Kt!9PT-7zN#eM;DJOzGdYt>1nP9tysiqI(
zVN-D=S)hnyEPs$xXE?<<SfF|Xa>;C#g=%wU;a2)`dl(-#Ek{_7A&L36GfgLVRJRy$
zYAhALkXc+$1Y)yZ@J2ArS&kWG%`(wG#y{(9*E%V<(8I8-xOSZLWtGrk5*E<95S|NX
zf_I!Nx!e!(+rN7P=+QN7_c+Gg{b22})7PW+2IT0ft8>%I^V2^qRNAVHV2z%Bk^czT
z+M3PLv$$8nSU%AKa*gPy7Zg_F_`AoA>{jJ}3nm#98&xk0tU60?G?blo9<0yj*6x|5
z<JkJDQ*JqMhBd*zdBt&$=c>@HkUC}C!Z4)tE{*Z=V=<<^JcUxOLecPY(c|Jvt%e@2
zX@fp@$aS$L*{zadQuCHaVxB6qv39AsmXl$#8S!uDWSqR+qp%fVQe~TO*7j#hx9JE`
z3d-zk0MetIlGjICP);}u0QlGb(J@+06FsDqGV2=|aHn?3$Z+L1P4Z<z+o25SmI9rf
zx>=lQoacSTb=DV33e)RE{Y=Ym-T<RFm{r!hjtD4${Vi$L_M|bWmUn3B7;fS-&F}3N
z;7#8#bCJ^7m7}iim=`?n=t5b=oI3ZAyudS4M?Hnb4KG(RsI^)iCuHq9Mi4W|crHd&
zFzEKk1Eg<CA-spee_OU^kq_b_xfz0CnA92<Dl7{HKw(uo(Lo68xf&kPB*I+w$X<+D
zArgG@3=k7{I?hdLu^Wc}`dA!yM!v8GppFhB5Ckhf2Y>SvBXx|aZ%RH}SNaU_t^m~v
zzotE3#)y+Vfq(IAJYOoUY2>Rl!_aw5^4KKUbrlRwKUWZ*ZxqBMk-CY4XELds-5#dk
zgWy%1^PXlCsW;n84mk@-VJHx$pG833sL4li6xZS??}asO3M7uicNYr!CKX}gzbQ=O
z{t5C=VUpd`;slxW2Y;Nf3!1PK-whd}B-xsROYOZYd`cY7@yNIHS4XILKh8*KEHs1h
zj?Lrdz7Rp(Coo9ys7ch!agmD)gL|^u^NE0?C6MVeF@3cn&CvhH(3!_G{l{^9&QT&o
zj^@bZPR<y{5Jv7hB)N@b=Dv@j7DLE2LvBLKLMRGD7&Avgn4=NG5XtYiKljHTkA1)U
ze&5II{d~PYdUI-1FHN@wYWW*=A2o=@ZcCT08a2p8{(zrnX}0=W+|HxpVs&lUr%^fq
z_RT38#6iCG=R2)7s>F%akP@7{kj(_uZaLggub@shh=Q5cBx%)k3Gj-aC_QXjDXZ*O
z5o_iA9+n)~o@1N8I0knAvWBnQM_!|#v(0sW5@rh&S<=I-=n>z6pX-2XK8GYOnFcFk
z=4*TgPVCpjViww76?bt-9$UeP5?<N`s+XlfX_M8Q)qcF(_E1IF(2)Rfhv3_h$6bi^
z0-?{RGj$T+IgH<}tRrVymDuph)Ve)rUD~b(-lermD(n+@>h%W$q_FLN8p%(=o8LWk
zb#e0hJu`}WFw)A!Ime@?E;ZSzj(2uu<KedTIw%1##$W-9Mz6RPQy>?n7v4X_YoiZd
z<&IY%?i(U@0LXsdc^nkMl4(42RLdtCH7V#4At}m4Af-t1Zx-soMNG`=P_XlzK6K}v
zpC}GXl86eec4K5Gy87}jUbq%WL34Ctfd2uU@;eIw!Rz9M=K;ZhwX})*IMhVfm5cwr
z{nBnh>x!65*D2^^Rx(S`ixlQMR%P?K(y+QUn=#wyev}EN*=OYR39GfyRK0+L?kP29
z7z33O(1bfDoA6^%cBWYJ(7e(GfW?m452CAIWs0V)BV-58{?*L~Wc{e>N_UU?DMB)k
zt5TB<JH&8AL<F8Dk60`1ql5A(XgST7cT-R$LlpyJHIePmX!4*ucr*%S(hVO;i+9pn
z__uLW6S?^xV5(B?-2V64Qs5=F(!?yQK%fBB!UX9CbTt65M5kFA@<}oYQPbra*3m=c
zP%FV)V3vus@x5mqVBIQLr3<FnjjZa8!uMQJ#i=4rAsTbznOCc)-X0E&*!p<MVwWqP
zZ(qLqUTu87v}dp(VuB4d&|qVBPjF$?Smef!20dFG!dL-BJEV6SI_KQ3#ei&*Jt`e;
zysY+I&lpXRdo&kC%Ig*vOt_5EIia;n&L(2yIFY3MAoY=}7FsA;h2!WBf>|ab4guqg
zJgq%*v>FXYu(Ox4xU-M?^>nYRy2#>M4$^ymMnHcu#;$~jn0O@PES3zXOH(DQsW1-W
znx7JCwq#W}S}-l8)PsEbgQyw|eXU@QNPYP$qLz|m0BS|RjKu>u4Qx7bva;Sdo9>@L
z8~f`;gHMY0@ebLp@im*)2);|K?#<H2e9*WSQrj)#$mOfgr$W!a6&~EYYkg;pmDz(F
zWzC)a=>@|&@A>u{*uN+z@hqmSr~IR=>e{(tfgE={(}ICW%fP{&tHwJs<lS}`S&&Cr
z74vvmj!N|J?wIPoU+_LjyMtJo*5ry@M($G2KuuFlWKxKTZ0ypGMd_8PN%<RJ`<1$V
zL`KW-HcU?jmy)?E9b4SNcOAsJI-v%)HlNv1j>|_^C^g%%W;cS31t~;7OH8MoCe!MI
z7&g5D9jWO(moJ*x9W~)O<RVu;p;dTwgPo6LhSrs2)lZvvbX`fflb0e<0Om7Ye8|CG
z&9V=^))t}_D?J2z<@mn1#EhwGH~}I1Xx_O#ZSOyT0*_O<{GUC=>D`KR3${bmERlWs
zUXIOLNceXL*|u%|di%Uf&gDEh3L-b?=iA*z6mu#m&%XK#3(Lgj@^`zQ;h8jVh*<j9
z45Ju9;osAyS|>i0HaZx5dQ!2s;^On9FZ51=rpFxV#Tzk$2S0cve`De~$S_V6brxIA
zggX#be_>?uD1bt%+*~MB&Tu6IcGH5mREo`!$JWxqbF|8x@0E<4(PQ&0LLJc)7WexT
zc#&8P?JOAfQ$}$@Wn0mdNhjmI6o|9L$-Hwtqv0kgfsa;-gQ}lOa|y4{kVF~)Ah+e>
z+05{M=+A!j3Wf}GWvUqwbS{kD705G(4Ix%C@u?I;e#ZKa!YiOrV~j~U1eJEmZbkPt
zz35UGj<RGFHhS=#Cx4VhGc6hZ?Ie5zz)xW6f?QPGG$X385-2eCWUNiX0f>|$?sm?S
z6S4#2Rs)^bDCnHa`fXue45`{bfF75!hEk4gx-zDoto(!4_99{2i+iyD0Gp(Le%%yE
zB>@i*+Y5>guTG28&H>Pyd_I0?cPaBp=uu-TY|!52@HL2uc&ysKbU3@-rjjqX-KNt3
zN&WhV{5H{$m?u{16~=!A#LI9MEmTOcjcBL}NikITG&%YIo3o`abhQw1Vigxf=LzFM
zF<I98*>KiS2(9YPsNc8a5vl&jQdZEf?h2*^gb{Vil<<|{1knGIY`yrfZo}~-f3Qp-
z)`q*bI)fHgx0mT9N~@*qX{D%|>^3V9DEDl`ARB4OLBPKYDtp>FiEpHbbk!TPxgVpZ
z4_@JnbV96PAn@l#1w%x7-#bI4F4^0+qNB&+yn1-MmkY>~!%&L4q==K=mp_s9?`Bfn
zzxLFbG2M=`k9sBOo8HdfFQZbt9Fwtbv&9^YfbbecdA_BEbGyh-cO&Xio-nyi4Bm9$
zX~d?(jh*9Jidd>QST(2Y#1=hSiS!3;e$+zU4M@NI;E8!}i|_1x6`u=ZQ)KJc^=-ln
z_#ygPPPMN(U&u4rNjtWUelO<8YwnYL$>}^*nr%4~G>D0!pug<%x5r=)Rwf7JZ<mO-
zolLBWw0IBmA>r!k+VdNR+POry6FX+=7&X<@6H{rpr@T<;)gL}y2vn#4tu{F)Y5RRj
z5|?fc=@Og@+$GW8$@*@zJ|SnJzqXr?vc|?9CWv|`UR-ahd5)sh<DBY1*vY#WA1#il
z7!Dh#g_#>|TKFDs9#1f4MpnADF&g2eHb>MA;hUzjQI`wl`1opn#(%ETZ9#U|=wVmR
z@EX4r4HC|8NrEQM{|At7Ii&|)i?7{OQ)WNT;o$glP5W6#h-F?dzbZ$X)yEwnDudu>
z$6$6LqzM?xiJZc{Lt+YQEt!Z*u!|}J>z^v253aKfo{)$6re}-Vq!tfK&pl$W>CtYv
zwTPF6_?-G_BxfIwu~;|Fkd{p+(<u0BIudXYsu1w?Q@g_L$W6zaJgu++<NCsuh8qJJ
z(2bB(ue#moO4OYN?@PJgo<4MLt8tyr3298<n)Zfo*?Oj<GKQ+Zy|8-I=@02Q{*E&U
zJ8bobes}||e_lBK$%Jky^^BK$534q7>rjT9j1q2JDsEc6WmJ$RKz7U^qsYFHB90j#
zr1G5dk4-bpcWKrMvC;{r92o6R(l(Q5Xw8ulCg=C&Tv!Ej`Fb@Y!+;hB!6eTKIF;ru
zfk2@@8A$MNqFfDn7n?^BJ^|PhGUqUx&S?H+4pE|$&#ZQ!jL_c?<g9)!iOfr>-Xat;
z&7RE@a`Gx`{(pdViNvQ7{5Q-v%Bk?I9d)8pbg3x^UC6uL-apB+y!S>FWUJe~a?UX8
z(>a*?pTec3w~o03`{q;HlV1jGk%C)WgN^U{()OHt(=#jIwMCscNURzSS!Qn*w*8X0
zE$$X9V<l&<KxuNZ31b?#8ZYSg^zxT;WtWey8vZPaI`J;Q1elRA!pk8$U21hq^5wz-
zKoPa3N`P3aDNa+Z@~**MiWddSAMaGP+tseq+eO_S#7`Lr{L<aAEzU2vUf<&CDY<h~
z_Ka6->6!j#9odW}l|fxMp`hpnNDu|Eb>T$t?d@4MsV{3b1bXp=>nKuud9?#MJzJR(
z@Z&?~ad7QYt>n`{%Mm;QIW{(**_*umRv0LnJVXB77#q1b@z|ob8kmufIVkscfBo%3
z5A=e*m$*&J<g+>LT+Q!W^ws0YX(9iL=JBsdO6mt7k*H7q0oYEHBv`e!cBaaP`f6@P
zuKpMr+5p&m;fnI$2KjT#)S0glqJFA22-x3}?dLSV5Zr2FPvMx0T5n*VE0E>eYQ1*s
z`I&Ce9%wu=3wt?uULjCpx>#TMPfywlqk!Fesi~n{8X}^5u)63=A+Yr%ge9vC_YC>#
zM7xMnVpgW@iuE>KOQ2vn8K_pc3bZ@lv`+d>^|O!y%KO+_<uerA<1J@gOB~b}l!?-1
z5?L=~mV9qKqUFKAWx9>(lcM|wXo7JPR4UxoGCi=?V+=ThYs-09AAwU}bs>5p@d2HT
zC#aW$RpM*`1r)NiaOb``SdwYeRQ(35PwR;KeF~$D-8W9$Ip~uxiYFxqL)H(<_bP<w
zwTgML=0Pbigh?VBSGtCo*@Cm5c33hd&t_6Ki7EyEG)Nv0?HmTB7qPo{aQPG{;<^Vm
z3fHnv42o5Rog+w=IHflegro^L)QAd>E;%3kWMF`-t1K$^M@`srYW(y2VNnSHRy%2|
zPq(UwY#R5EpQ!*AgBD7jz}5L_2Q_W|QMSp|l6Zj5jC-q!yr(4g+-EB0$C9&?c%r8|
zG*((cgHJrmy#JzGXiY)l1AF8XUM4XY4<V|phc>OuSRz~JmNM)DGV9M|<Od(p>swHS
zG>o2dEVsmP{Fe+A8Ai<*niZWqc<CL8rE=l@<#Lb@8U{UEy<M@4`yvYmYtk`_i5Ejg
z2zyDD#m8~Bgv~;Cm0#?87i>R>bO~(P)AsW(*mOz`uj51MO-^k)`+$~>?iWrnD{JA3
zgPx*1D>G+FF|Vm{BF480$PW(PDv64cjdL$oyMU!@I4)s?O&3YW*N@fItBlXJt(R2F
zVF>#*Z|8|T98EV8VRs`B>XiDDlN4fQJ%-iS6D*uk;4gFsYLUP6pCzj3??~-fUHH~7
z>*O3<jjohq_QXKz<UGeVqm$YDx1lmCSq5PRuJ|l`B2n^p?Q(8;K$0Tt=~`>VeP-mA
zl@HF}Max0D1>=8fZE`69Q?Q)-*zhWlRCOPVv}-?=@pUd)H479QGuu6?+h%i#vVVMs
zP*WrEG!=~Zlk(-0)vYmO@(@Qayd^)TjxvDDREGzOJdf(H1P&d8>=hqs3f9hSGXJs=
z|A#V*{N7yme)}FPy!L*$&GA%!y{&ZS3I~brxOsw?DUj$|j55Fap^(+Yq6}o~H6Vep
z^=Oc=fJM@uyGM^cC(Y4Lr7MJ!Fve>MJk6(ZEsHCdoX=c<(1S|mf5<J^rAu=nkDLrp
zWE{;0Y8X+~<hmGbse~jpk4R1nCt-64TDx>%Re8t-W1z_b>)A0K6dI8%AgClDM}sXy
zMsp#XW)8qlT{7>TC3ygFAR-_Xi~)l8s^sVX`7-DMAlnH1=_WHrRFvJ@Zs9182Gs2Q
z6g*AMX*Bq)g!Nm+LYwRTl(}i$%qf|OMTc9THi4?2I-hgXUW<)-_TP~JgC-dx2dUO@
z0wBB3=B4ZBI%|F^)@|RgSn99aQC%84&&y%!RknlI?IlVc&c)pvFj3?typQ04#xU+M
zW)iY&u84Y~w=|x<olCR!Itr;}-$2}QH)2iTXpI7D9ae>}9F!^$Rl4&fM+iJc=1~*b
z)Y+_p2q9@ezFgGbeKW=Ee!m|#8{~lqfZJn+wBOQ0j5M)4zd?a&<`YYWx$=)tnOiI!
z!if7hoaWLTb>#p{#@ihbRq)cw()~VTVJ^s8Cdb~cRi_Uqtae46dEZJ?!SMT0a~~l1
zOsXirs)ryce&Qgy;#oW|bNKr1j!Q@LgW|pqYwzxGeQt5Sq>70?3rY0+6)%$;ro4DW
ztNkn`8ZVEB!BPy?#WBmTuL*F{Yw9A-h{eOBYG$v8L)CL04Wc&^B+@829l`q5W24m`
zU{X~T+Cu)}%ynl{wIaKPKGAgI{KfA%$kz9fuA4S05BST3-MNp9?$^{`c^?E{)OdrM
zv+E;OsvqA=!try_&%mK_Wxc!Mep$5VdS2BwKJNUTl+SM#!?co}r<~OCzjZ&d3&f8*
z{roc6eZOjH_Fbs8ck`=n!%lwPbxUk=5Z-aWS>fI}L&&1Azx{-vV_1i%`Y*FbMvN4G
zrhl_0;Ww<`uLy>{OuE*^vriC`wR93&$NUE<*5CyvMbtAGMxzTf3+XX&szqvn@1^QF
zIHXBzGT^a;wXEo7HzDeT(YH5CDU%J%+WEClP!YXIKX6dXrus&JkG-0M)`m*RLODbC
zT)AplmFdGBaIRyG$EXbX1PL5w%9Mq=M^p;f>=n;PsFLtTia+7s$1Pxn2sfAjuU@~!
ztx>fDVLZ~D?H{yWRD3HD{opjBa-i=T1f0>IpMp!4$Og{*lSW~>q=02A92&c)wS<LC
zHxvnr97Ce@I6^8`gd?jHbXUSosZnV*4CS>v<<MB@PsmSTTZK@UFGJK>NNSS>!a9};
zA(~n<==A3>5xXQ~4n=aMxB37QtU)>&`iX_eb--fugfZyEQnBK1kbwZCPkuaYx1>RO
z>tu{cmvS<Wi;9&3qcwyfCzgzy6&L-YL)WskLJ2&=I5ObzZa38oxVG}wGUDJrfM6hN
zWGOpplvUA&vw&cZch$zL4MVnIOf<^WD~~NAsUpz8@Joq{B@=3lvS}?%`6&H-defxX
z2my#3RXn!#sU@haZJHhmi~uBz0w*=FNu05D!niZM3}x@A6nImJfcN($9Q~68*Yv2i
zmI1tbD!S(vgJt^npQzVdUqlx(%qr70byKnztL}~kQOk1Pmr+efI*n7)_VFH<lgBRH
zU22_YOi_{O6cRBi{nv17f!wPQYz7Ao#ZsRirNi64!#(aNNZWcv)KsdgZx!b9Kcrvu
zZ*v)T4f4tZlwHNj1b21SN-uK6>JzaLUVq|rMs2UlTa^3cv{Bwnw5(E2BjwH~j)2Z(
zV^<t>Ge=79e@1625LB#!ntOD3(2-gw_(&nlJSr}?H#A#kPTW=iD$~#Ig4(hAb-+)T
z=7+Jt+AZa@6H=~Q?9U#eDA(r%?ga1!yNYB8A?gE<Pj;Wgq@)m4$*KK`7PAjy?N-d<
zw6PZ37Yx4SdNUNLDlcJvOL_b*+k<{tJ;)2YnLqP(g?wOAzSzw7=O~ljCw;a0xqtDt
zUQT$Aw)Fn~6*AwI?{QwBuvedj{G}G@4<m)ylM|n@4-TbHHTH$>)#2js<LnZz2Ry?s
z#vBuzQh211=t-G(Mp<9uLN7aSg$DR&2^Ns1eum%pK2V-MQ*V$mCpeP%D-^t6U%PLF
zC3gv7(1AbIxb9a<EKTU7ND)-p)>YC0YG3;!HsPGcLVi8w3(~xBoh2BjIHkb|hq8Vm
z&KXRfzK-gc0D`o95};5&Bm8a0<OvZIJ0XoR=0#A*awdl`g(qxtD&Lscga<fUM}^j`
z{QXAg5`#xlAXGT%@>pC5$Af-knzct3y-5kDT0goP3^aj(P(4Rwx}yM<B!fQ4eH;tG
zIPGR!uJDhd33Oxt$G$1oD0?YeW699dtTBvidMEa4(1`QN{MyW+bbqviymK~vR8`l}
z!EYBe6MT8?+?@AFDWUQ~ud--E`0`AwjF@MNN_08%ncdwof%;~*er2mRt89CcfN5XP
zz=<sfTNZNDUTBb_Wh;K=K}(Q~6I1=0`9nKV8n5SiW8_X@b+ri1Qsyf+7KNrd3;92&
zR`2&y(pb-0NQ#xNruHeOi`zv0l0N1sMZo~>N`U2@^#&;`Ol0*#p+10u4++a3qzGpl
z0g8?(!I<a*38kd-f?*q!Q*rAKo*oN&Z#DrBs#bxj0@fNh9F0`UX(lQ@91Z8M5CNZ7
zqrE4IG1i%ieE^Ggcuj>DMl$SIdsQHq=a!IwIG~>6qA%0%fwa@|;a$Z9XK<RGnEJ|e
zXsz#+k9R&KF*fRl^Y-(9+$Au!m@j*BH;r^d8jH*(v{vq`T!d550~3q;@|h2bTGOR7
zu!|RlSbVHws#?m1J^llH*2&(xDdL*5`g^4kqfUq`opwGaq2V*zAjgg6#(Grwiy%fz
z+%ZxSzS?2stUHN)_fx-IQc8YeFC-Am-q-_94+=}%K^MbDHAGDE?xtHB3DKK`9<A)8
z3;xs-tBiAZ9tsUK3`ZsQRC998FISQS#;ws{%qV}t44SJ^hU_LyX``9~*A7^7V&*(_
z(#^iE8e}dM%aGNX7HXvVg<>zbJWEl=<yMHBzH-%rB7$btRqd`q>prI?4lFmklf4|s
z;(yh(*|~_%=8K2uR2yy4Rt@g-jot%6js5k90!t;nJ!3&*LH0N1_|3X~j?r6>7P&{X
z5T9gG=<W~iwJmf9)`d3TDygr$9t`n&KFcC5R84g%hICUM3zdsW5_8d01JM0G$#(EQ
zu>o{>U~wYY_wZ;f^ZbvJ{tSeEmPuFi7}J|rKV&jmgEQLNM?i%wQ>5A?h}u(wvasK_
zXs%*<8=d`!bQx1@0G!R-CC7yTI5`yuD|RqBJ_qGLrttv&9gK7or!oxO)Fq^tfPyox
z9BeIQmo0jbuo3Dyxsrjt3>uh{2L83=GbCKciB&Rw)sRztIj{7H;AH-dX%lt<vW5kM
ztmCxF-U*jacg?)0BfykC`DGmu1nfM){6JmOtw$%_j+#_e&7q)xG-VQyWcpp9W8#{s
zLYb%p7-3>-EOiA`7TNh-W2xVL83fv>{{g0}LO@}(YV0D0Or#Sg8h;OJ9RQR@gw7OB
zIW1lT5U1@b>#zGCAOm~&+ETG+o%BBB=AYw=?w@m)MMWC!Oz`xSXjUQgv;%X&;0Gz{
zJNlQ+136=*A7}T8f_2V57_HD>7eb-_K!qZBL&iNwMz~lTe+?pVumwv2ag;bk(P}Wi
z3bW$200#2mw&*ygXM<c@7NAN1ydlfdRMGk-u+Vc<84Vzjh^+M+9&18xk@hW}m%nG3
zljXegy{>$y`SrlES0+MLCVQgrt;+XOoyjq|K>F{s>kDxifMJmacMk7lYzs<r>=(bv
z;SgrISy+`lDwMkFl4`6lI!6I+T4jFgXMuQ8rqO|GlB7iTH@LR7C+3kl4PfQ$?uzr*
zw8j+s6^wv9V+q1t8+M7!FMRjR>EO*>9!w|MP*fS+ylTz1|7Q%W?Py5JUZ{uG4EFgC
zKH9`|A&Nc^7+)xfvcJ|l`eKqVSLcZ_2ikC2ReJAxQV;@sN!F8-_S$n?sIPVRhE+^c
zbAwkb#h>ZVq-Ko*yO4DDgZHh@tn5U*zkvcyE1XJd|7bh;U9%yLL4B>I+M!$m-W8kw
zIqS4;s~-3Sc|57Peo0Re<98Cb)xqUrOSUg)5b$?j(o<62fwuz%=>CksdCMGdy=^gb
zk1+@|A#hcz(2jz(7dTu_;5KHGJVkqmxJ(?L98rxE$3jZkek<x_<CZJt6w_=Jpc-_t
z<E*M^{9Q?Z4g*0F(=w5M3bJG(m}^X2g=}Ic^0MHkf-r^T4e8Uw@93x5Y3o!N#I?(p
zza65o0`4;Ep978Y2U3{FSY99m#Mxe3RJ&NGf)?#Am?J^J=1NH~q?#9s$qG9XGDoZ9
zP&640&)$UhdZ-RYV;g>0jWgayPkB6#i?%ntkkSC*+SYW>0#kxK25X-BS>W&R3tP^U
zaBYDzyl?eo{$by7oWp5)QB=+fs#Mw_tmzj=p2I&ATBk|XvS{Ml&a=x7_x6Gnoh2H|
z#?9tAr4xy(R&T=wN@M07*UE$RV=20&9e3k$RwSqLGHxc)YK}nv0Tf}ER}u+MzInJ@
z;Wc8{HE~Pk$F-1tX#yy`Mpx*sO~G$vOj3dfu1mL)$a^un{h<1hizQ?8>Bbe{r>Tnh
zKQ`f>i<e>N%JG`b$7W)<sEJk)6PSt{w>jvD_o}uA`id?t^{20Z&@vDo3f7U{agA51
z$t>&X*>X)4<w&cp<^Akx2<{5~KACQ-`@--1^X3w#t<t}x4tzd)ciK=m+2&SAx`nH(
zAi*3o@tAg4-wX=vvwU89RG)?2J$6vmymX_Ssn5xhzMo{twtVR=Vpg4M%wrk^A>5C$
zO2Zx;Rn^k8CS2YdPSAL|<40P>Ia|_Z)MtaFyFD~J&T_^Uktcuc*fMWvFxkI)FeCV?
zB5*S^Hrg)V++26lOf*_h@e|X2z0~n~#^;)9*J7wl=)-DEuJ?^AN5PS`$d5{#oOInw
ze2_OxVkpV)(x|c}{(B8CVc^^5H1886x9tlhbtl^2V(kU0`RW($^e;7yH}AiRW_k}h
zr)DU$>#TQ=Gm=nCnB}@@8w#rDoNUI%%Bq}xK<l`-jXaw5Q&VdWe4<NZ4s9q%dLGU5
zmm|(LR+`i&uGDE=F8;j7TEj+p<QnHG^-B{E(PjUipKc!j4n>&_%(4hjR7j{Xl&KyK
zjLSLQCl@}&sh?6E=wL-&m=0%4I|Z_WIpC*Gpu;qo3IPgmqDlh#ev|$zrv3*SU>Pq@
zE>D~)!s2L4$%J({laA>`)X_TCyg!1P;S{JTtaA<k>0?Hf>`85HZRsvjKx2xfizk+`
ze&!L~BI)#LDXo-Qr}!G}lxjh%I*>dbV+<z*lBc&!VyW!ZvFNBVhNI{>NG+5N%*zkf
z+JnltTqqy21aN`NMs)ZIP=o@V2LN=_hwMQ837-D|%ZstnrSzeTcIRQK?mrnZwo^m^
zGQ%YO16Kn;R76ccWmPyOEAB|gRhrTm9c`)D9n%?yuPnbL&j92#@R)nNKfPODcvtMf
zG-f#kXq{$?70kzmuGKsLn>(>X54$UKwk$|<GL+J`2r2-Qc@)X#f=SfA8UH*SsIUW9
zGSH$`(XmK|_>^L-AYh%xIPISl>+PAF=wMpS$^p;8->L+V;?%2L^Q9j`GFGJg?zIG!
zke9uG8XMVi^Ca5Mlo{g@zaDa@xlzzRtA3>|EFFf>%70O*_A&2_a$*t3Pu!cnWsh0W
zKW-X;dWIsnzNG-wtNvj*mvi1_ZOvu^iO@f<(V&|0S|Pvx0HQ}D3T310Rgpg7HfYv6
zIUDf|#_KEqCaYWlYM~zMLXHc|Uwz@6soZq_Q@=T`22tiPb*j01_gc{l=Spy(&Od}Z
z&nHU@p3mW&@q(~+ktr;&@>=FsUktko)6~1c2ocWCs40TZ6J6Amv(MT0o+3?aK|^0E
z<<LT$wy2)Ey=SGwuh@`E^tvPmY-fb;W7<f$#s*`?PnntltuWP3T6eTOlVmSN3<nr>
z>5rv6=bp=xshG;qEcXhE-DFgX8HM_Lv!C5d6{t^ZYL_((NZ~9!nYbIvqR((GHWn)5
zJr~JXF!i2CSbfuCWxdj2U*IZ_K+%LYjiab`K&ZV!lq~EYwVYLf07M54P|aP{2ej;B
zhw1aWiZt!W9XcY!N~`&Py`4fTZb>Y00_+f$r5J*uPpofgW{`@r(pExiX5L%eM*u8x
z4tR<vOgu#&T_Z<s!#9jf0FfcUN)_W#r0I2772i65GMjn%IQ@^kL~GEkt?h`0nDlm{
z>d401z@kSk_ICGP85nIBRF^bJs-z~H56HT#tKW_blC{d%PSvtE3H~C{;;ao9C^dMD
zY+V!OqzTaJ+o*FD_y3^KS=a4c{mma_?+~NT?PB*WBNN6uB%7u($K4lT5>{BxslB=!
zAk@fYo#$beMOUESj}BLVr+|fmYXeZE(S0Yg<1G_`R8#wuSLxjzJV{E%gQwK92SgM9
zj)&b<40}?dXf=67w5N&VY6rTYfDiMJ%5WK88dJ_IQqV?QtI)n*sTKr0r&tIujp7>0
ze4*)Gl0tCtE=q=R(lfz9O+THZ?V>|xmlQ`tId-RtC$iEel(_U~vp%)}1cQSSAZ$j%
z9T8V40cqg`!4=iN@v>GN8VZe{v^>V9M4oO9zf7_N1`EgKOf5dpO&n02bR5jj`y?cr
zor-mvwx~*e<Nmh3d0ZbAsGMQa(qOv`1o)&)R`j8S2HH}qMV{4WW@T91cdARDNSn+Z
zRR9W;IdUDD$Z@J-A27+76|z5nfFiBWc%@cSvdLq%@B;IE5~q?TxA~8`M&*TE9;x%m
zm`Rx$f=aJmeH*4)RYQABeV{^yH|k8RU`@_v#|NWcm3hyRl%6U8Mi)Wp+xN^DuI-!B
zr%&%1W9%NX>FDT^?Z=<{Xsz>v4y?59)$f7;MsbtfP7y=5a&H%N#dx0EY}rDLQj_Ec
z+dnYI=W<@)-Vz(ZyBRqVcI{eAUcF;@smFF=Ux$7X?bX@xl9dug*)8+!yJ59@>!snw
zR#?+er$|GH#_PN*mb%QBRA3yd5refY&eyoGFQk9)JTXVyvyAt>t8o5rFLl%8b>pl?
z(4bVgjPYo*d%uB5K&w#v$K34f?_Dk=N$I-JtZJ9&?rm>ao>C1+HdCg?81FMi5HZ#>
zxl{8P7gy}}b+()yO8-&2v;TxOU>N?j(MQ#de$ml~<*knz7_T1Nq*@V80%M!+{F7o>
z+)uOlB(GuXu}ACE64tO`Ku)VHb~0@lH62tEhav<@nP=7e)i;ga`x(KaNWYB`%xX*v
z*$a7vuvlph;3uB8qw)jomQIQa;In3U6|Sv1t3TNIu*yTA6p)xff8;=?UA58Ho|u%x
zbdL$igHkD3Tme0ABth0mIl}aJ1E7+Yy?||>1@6%s3i3{_1LV{f;Mz&Y<1|+a2gvyE
zLMlr?hVw)=CbIvWIH-m%Z|N=azPC%%nGsMwnRtWQ!l|d+o3su0K-Zm&Vl$eX+~uOB
ziF-{dZ5<tLYmwJ8<6FKlmOQ+e$#}Ke&SRQtTOI_3+`QrC#jbSa(Ff(JSDj?BmaEQk
zi;JQw(;OMAncs_KqSh--RPCM`%Wn-EP7(tSbesaOoG;1~7R>_H?u{J+d`eKJ&#l^v
zV<r@z0bP+LXL#gJ)ZORdL}Bt&N95I)%v?*OEViC`dM<%s&70v?8FQ|$+t2u@$5ZL4
z=#j4OzYlAfItT+zTKY<-OQ5FMRMoKa_|eINtPc+#pc@^(A~nkwLgvlCTD`yErD43m
zuo7$F!jiBexO?7AFB)PGzxTLciM%-N|LV_zQLkD8D9G`*zx25OgW9?62(2~D50j+X
zjq`Y}%gH~4`b;fK``mo5orR3S15QZmg^K-1I50V@&`>~hOv8icm!*QMa|8IG@_r|3
zHl^Q8@uDY){8WA9_RO3)q?YfANQ0<QD^BVKR%7>evN}P9A>3T2i+9fXZHtUUm2Aoc
zMuLFYkh^#IJECE+G41<1)t_~LXR+eixpa}Drsk;i$hU$|iwitkE=elJTV9H+YI&+&
z%U@K)U$y#SaV!w{;Ezq*<k<)#PYO88d={Bz%jzD<Bip`(1~j)q;li|sLh%|IYn#?$
z?|f=U0Fr>e|D+a_>8$I2fNL4hbg*7|13+RIQ*c6#p1~$sxFxssDGwVE11uFC#OX>^
z5-X?g<tB9|)vIQMOxaTjyqP+dY+JVSzb127)Cm@dw-aijalD+Kapc1G8<Oq$L})uT
z%gSUSUa|qvVz8gPc{k6ht7H57-qGuoLWgVJ6*YrW{XsIzvH}+;ZugMgLa7b`H-x?C
zaWZZv7t0%;{H&NQ<wTH%6cf{y3l3rGJiF&G#j+ms%Q^%~@{k<(cdUQ8{yFMn0e_!O
z%#9!lRMRnzuTR{7I!+Hz6FdNhpE8cEJ}0(Uiza@c4Y1j*{H5p3enr#_5FllC#3(-(
zABhA($CSkh$M+f}#rsbFHQ;2N6krf!Yw;o~qf(xS!@E3&13Si;NE|^2jPUp$^(@!U
zjXIQjkluP{VT(u2ykwr2ae5d1XuMVXy6A;xPWGKZl)R>G9$alP%3e7;x?t3-!E`^1
zRza+0t@P4yO8=N&qr}bW61CPe08fY2asLN+&0kN#%AhsUl8kRn@V<>)F3<WHC}o;W
zG|@=(yZ;vb=6ND9Dn%~J_H~buYwjzlf{0D0!|jij^c-p&-r^S8(4g?Ho1IoyEk2*s
z03BicQd6o1mD>9!{T)VYNKe@wBm~Y>*9?q^ZWh|-@)}DDlK~Uh#gHoH{^$Fxo3`7J
zCWD(XsJq*H@ZgnyQrAYno-TbIh<zN*7{wEV@t1Zf?FNy4d23?NLP+gJH6vWDwcY0r
zYG14gbz<Y7vf`h9H?3PX_Xm?_Z~ryEy6o%x<blOClaNNA5id7=cYHuo%oluyYVLvR
zlRMiki^#NzNCG3Scm0J9g9)FE+1;}HZD)4wiixIyZGBK3IctGy{5=F!-d<VgyWZ}L
zLk4$xP6YjxYUcc0{BHfiFdMpeD&Eq)fZhtoywT|vAL0OMx?S=RvwW>pa*coIp3r*^
z?#08kSM?w4HKZhpOg{+#I3{bpGlT4d0z|ruCCYg8SqRgrPZ~q_9cS!a)^!^08XJyr
zAy%q(g(|>TpSPCQSu77?Zo>gY@qGtDYwzGDo+yrBPQ#^)DC{WXUcBJ`*Z9lB&dl4|
z|70IoOkMaA0N!92sFVo=r#lX8Ou6X_96y1U$Y%9<Uhh%b768xU%jsq`by`h(Lt29&
zt?t(FwosRU&WCCFGPI!)ljPNBoA>Vh%k);doDu9_RCv`kTi7x8T{o1)Pe9y5Rq_?2
zKihgze2D$};8vgC>>tF&ZPxH~P7SvgI+YJ~SGx<m?G8Wy8N10}uQDTBcO@b|zmdQn
zzWC|!tMsFU()TZ#0EdE^TMV-bvSn|^m+;+t--`YigTcEsWm6$FOWF^~oeW8Q)0K|R
z<SW!qq2Le6r+1QMT&l@6{X(2C`q%Dvfay~SKY|1&@<%0VYEKDraMbX$VveDr!1`JG
zGJBEHC;#5(!RF<%W1jX=2r5cRgYXWj+nDOqB8bVB6K4&*n)w&Kzxv}*@U!e}8@1Yx
zLh?2yckJHp+L|V_tBuNPqt3FW*LScP{Vl6`!&ATdb!EyW-tFX^r*{8ZYk7tDR^Lgv
z9!Fl9E)3Mhk(YL6TeZd)eJbS{KqQ8_@jrrYYUv9J)?rL1)^D`1B+u;Z*#vQ5g2qH1
z)Z+NCCY7GH|I`}IQ|WAR&tT<FiHR>!cR=Ng)_t!W6iO@I(`k?zpl?fDNaO&Q3Q@aG
z{@PYtL?~kn<8o3!dq#mdO#Kso3eDMQeK&2e^kL{VQ4mGthY3;~D@^_}hJ>^3S!j)K
z5$>C~YD8JPCBl09FNo5MKaHm78fWV7ytbfr0jBmwW!qiVNvdK`zSvKgR^cUX5<=qu
zpA(?Fpxe(NpkqR53jO-EoqfL;tbWXJhSy)CSC3<S;W6&DqL=gB&DSMsB@5rNd^FjE
z(FY{l@=A?E2KVhA$$^r}vCH^0%@^|thL<&i^f`_6q*Hh~OnuM)wR?;)wte!qyoSij
zGC8ZKfbMv@vW%^G`IIL*ckO-AR}NjKkB)X~R~=WjDkG16pK|`GlJf(*y^lXf3{I8m
z7Eyq#XHCpjKOYiJu>;SR`8(+5xPM$+v6c^CzRi46TW`|a8vG-(eLm2xdwo@1tdjq4
z+7n`#Yy8Q<JrB<K5CZaNlwgj_z_Zmk`4y2~psbVZ#X%1w|7=Bqy3BkX+2+b3$L>O1
z?%g-w?4V8jhcni~*8`DPQ)~YI_!m{?xS`Szw@g5!gxNv>w*+E)&T@bFX-nhDyw*kx
zM22QeEZeVmeOIH)NkzHuh^r2z`Q<4qYE8(y=7m{)IC7gu&p@qmR`P6{(D}Yg^nGpt
z%H!fc`Q!EPb#)DgbEoK+=xI*Nl`bEsnBsE0GeZ`~=|OCRRR)KG|BGuWsBV>%$iK)D
z*mEkQoA9deN3=@ywk1=yC<!9T`pPKiY6O*p6PJq=sRTGTOKv$5t?uE9S_g!?HlMcy
z+><_RM2~I`#rW{zp=m3>MiXjO%3yWRA}T_8r9L=yD9&Gzs?i>6v3_^Hyqi(P#X3^9
zwUuIZdRCQD(ztKQGz{-tR~2yVDJ|3KjcXa>k*5#t`BsSLu?BE)SB=<M8KD6Skqn-8
z7p|8H68nT|A*ulZug69JmzV^<A&4aiPaCOT9ooXR?Bq~>kg`%Z6=6fi?$P_Rd0)L%
zr9z2u5v+M}Tuj2`1hL2KxP=3-VR`MA>0IBtLL)<PHX2~(NQk4W3a}uc$>ZMce>+k4
z<qmdCfdV;hwtUW#k1-4c{_11qBkGnpoC^iRJaiWe%P1WQxfPithbknJ8`8Me%2w=C
zN@QGM?GL)w-lAKcnhfX9DMF<<d*d}q2KAIpwD1Hx!q>qrEFh84W%_d1;Uhv{<K~iy
zd}IZ4yr(G6NXRd4v@AHHY<su6?yXA)r{)+-vLFLFw5CwKTk@k!bJkPPayC+3U^zk7
zB2ru)HoCAd>G<O^xp4diw-`?6TyJOMVhm;V%uar#<JI)+-*u|R-v?mq{$1U{<%aKN
z0m>mf?a$V{J}JBzHM4GS@9B@N4Gd&VuSb8)`r4{`DInmkkGJ{=tQSMuW|8E*!kp@C
z!kpCDV(2qar)bEL46^TQp`ZO343%2#P_Avxm3a#i##<ZCnX5NEG(+ywUf&9MZ{Ty?
z$3xtVONqh0F+ZU+r0)ItQK|dudz`S^4W$AdwFYekpj<@F%)WWr6|J!p$NjLzD`nx~
z8)n9zF@BXjRNHN4^%Vz)ig?1C5fsB6!O2##_3Vwdbza-~;%~2oaMf@}DN$Rm#Mk+%
zA;C->_6ax%hUC!3#}hNNKeL8v2Dk2JzcZ6yI7aL~A6~($IQJv><3a|qm3v{Jqsoif
zTTbr79!Z>j4G37DO4<+uuQUH(h1bo=Hd_5BAF!5t?eLW=E7|6Umkq*?<LpGz^;fe8
zRc{@IeJ(q#oBvq2A49qXtTfv;dHzTraxD_eY?F4-5Pc8&fFa|CgGZ}l4vUL>_3f+e
zl^zj2H-`Gy`2|kM^#bQd%!87}6V3kWaVMd4Yn^moR#!ZTlz3^Jv?o(Pd~cVOaN~;U
zZyiCjyGc?f3jN~xz~F}8#LewdVAt(K4TY&g^y<|Pp7z!k^aEqSo91trzxA`P^Q&rP
ztxJ~Qbh=|F^SbjQ|L&hDs9YF1qqBgs;@%DCA*M(XX=r_(plg}tYQEdisQ>%un_3uc
ztDW1;`R<x}30*Sfviw6JqD|qu-_`lyb6>OOqwF(I!A`!G+9*s<UHP8`14Re>ti+$J
zEV}WH8@n2>Z+&H5$`$pT!u=(GJwlF)(LM-ab<|##Vhor4rgl{x=1(RF!6C2HZ{6A4
zGFOa8ia!3g3ayXQjO6HOAirYD{DsV-)xOx5xuE@0HH11Cz`72Ka<FknZ<Kw~ShgB=
z05mc{gEXf7Dl|1&`FjNDD*_HNHK*blG-pf0#~eqEGHW6--b@kaAYP^~{Kr)JXYZbE
zWNo^fezSJhxw&MYRrJB<=8Y!}tB(h~kdXU%;Q+z)rSTPS%U!d*!vGfH&gqatZO<ZO
zhS=zd3FG6$z{!|?^TGi1Rn0p);&+(j6iO|>trDx^`#+c|&8mZkYJ2{+Z_s%XA8)X3
z2aqiIEj`XP7vV6+t16Tlz~6l`RasbEt~Ducm7p0fGtmmGVXF<3eu-XH#4Y5my(Ju`
zBUZ<_dCY@iBb&?s4;!uImNCw4-!MWLU|Fr7;&^W311fr2aCz|G1SZ%1Pe$w9Mbv)w
zJ>e3@yPZ1;VYP1lxnc6Z=4W2`n^@t8cS)aQE{jmm!5H!w8)L~#)KoQna2D(LC2P7%
ztqH-Wvt-Kh$mG%ST1lT8-8m%LT#ae3`5TMSJrzI80UQiy;c^b3`=&s;nZ{}%|5At;
zmXpOGQ&TYela7n!HId&(RhPR@4y)BHOcV*`Ie@vC&Lf>%k#O<w${PgIE2x6GABTP5
zJhdaE%0T$BcP8!3HbF5v>v+l>-)K;2)VeeJBNPf9F>XMNQ*T9Mri%B(^x|!P$&Oaz
zoa<8y{myrQUaF87?{s{9P92_BQilAK5qSV-)yN{6?i(r?+5AM>GJJ<3;E6u`7dmFF
z1U26;YS2df^j=@g`!<1LtA8BWJC7cYDK#zn5Gu4`oBwf~J1Dg=g7t-Fc)L%qvDJi1
zHveZ2Ee1k><?8qaqguHS1sENfYt6B6A%7)@FwNp{pDvI}J}7NsI(R8>-IY?tEA1i=
z6SEhX&mh}mGcoECj#5SK25?udp|=kR%(e~wpo(K7kMN_DDKs;LyPwF<60{fsq?=sh
zwwH`8Uh0wsUk{8K;}Z>qVy`Y#-+L$2um=ay1$I7nL;fKj54R&=r3S=U)8)ZC@=<l5
z;-|cz(v+Xw?uFwuqL1YAm%5}mP%yQWv|rluIwzCj!LlHeO2=?sLG6i@nDs96^59&;
z*aX9`DlN#m7Le%}jl0$TMPcx7wU*$s^Pl1I1wg8~Z0<at=plhMn{nggc*{DjGp4Gw
z#Vm?qp2gE1VPprb&o>U2j|5i>)qQTZ$_a?RY$c9c1%C^8v`7}c>z1hiF0rD|HS2v!
zn<Po9&uGWJS??LTLsfsCxHfQBb2_YMa@x0hUA^LarehMWKB81olE+%fz(hw=lpH?#
zr9vopW41X!sfVWkKVw4MEEl5CVCGL1uBG=5;NPFM#uUvqRdeowY2Ns+$L}2Y+?_!0
z208;({sZ7mfD0<~uZrK+7ofj<oW6NfQx$OZ3gazr8)^9;Kq6ZJ>bK|_CnQ}FGqbq^
zFDtSTAd(6#4+i_p_M>C{s-bkFf}5U)=&o@KI&Te3g%1VM35g?Y^m69qnb6AnIg9iX
zG|WJh?*jd6x&%7HsFq=#Bf!I%!|{}1?x3uB%twWt52D>A9WD*&6Xg!>qW0pD{nB=M
zRT?&(y{9#d9ej&NDvO?@ddrpj6e7U-c*uf@r~7%p<7iSs_nzMwQb>_jGbm@I)4+J`
zLwd#248%~&%|}7DAXIn5>&pa}DT4upd07wMOZSZPP#%%&+lUV3_1gN28iV{tAa|^l
z1szVVsi4UKk3VEv*O$at|0|A9<yF!v-ScJa@S%f+Ug91ZLoHglKc!Ptg@TYLV@j{>
zt6ZZB-@b>%ZWKc6M-8;v4ocZ#(n3#Vx<+0Rg-MY5Dm#MedDH5$Q5`23>IF69GDf{J
z|7lq_t>JmCZIk-R6w3L03NwyH-zj^@>#9%g`EzArO4|Hx)AvB<>J!xKrlSx;6?B!c
zI}CzB5=|_A*Q;F#c5a3~vG4PGllmn?)ga))P-${uuMIwtrrOH<eC1r50C}di_PyJB
zqvjMVRMy`<$QIxavJX{LlxP)&D?#e{&fVecCWrml1cGeyMCgcPF<!v<x0IcG)S|V{
zLWKZ9;&IBet8Aa5RmQ@Dt`zkIgw~I})>Y2>&>)+W+n;7g$1P`;A}bcXvBUgW8gE(U
zMN$^#AEMpvE1Ddj5klAg$NcVn`@Y|B<2ly7!hlM@s{t>>;9*q^gFK%*98+9;NDad5
zTgENQ!3K)zb5*^i$Lz!?-;U6wegnsLy!u>v@=uw>xrS68mr>(ar#5BQ7MqrXNUnm^
zjNLw4(dJ_=6W{zKYu!SZ-hHLN^RxY|iaXYX=<`AR$h()mJ>y)_d1CMDs<nudMk&^%
z3tem1i~CKP$|LHIC#rtkrrVHDsak`HOX;95haZjfp*;}5u4Rfi#$R4@8e}|B|9gnv
zQ{;1@U!fu5HU{3qT71cK-%JDoI`<YER(1CQ&y!`W?Q$-s0;Ez4r%4hF3zzQW|BI+4
zN}{u}2ReeH_oQ2WZ7xaZ-!RsU{B0Cmt-kaGh4=9wudOF#h4FzHNX1%ya$XiD^~`PE
zLjMpXEUwFst-F2fm2zYq8v$uO$TTRDEe5nW%)?IK2Hz`!Rm-vW14cC`);<5Kpx%Fo
zNl3_&^Js)M+<eFO3ZiwehBx6SGo^Qp*k%V{j48f-Ad01u9+wW1vUyKFf8@zSLX$q#
z@!ENl({Kt@)}C-ZFB|=Q6Xn>LYO-5iWlMoReNBCR+C8J&h8(0ijZ6HzNTZ0@*u>^v
zbi`@czb6mA%Z-M#%CAub)U_tMxiJ<1ifY`RXw$x@Pp0xzo##b;My}e58Pb?osHBwR
z;aZb{n2+D4Ew4lP@Em7;eb!?g1<CI!6O1(Z28mJBrql2D9`pv2kb$v9ZaFEunN{wW
zo*Oba2*9*AMq8!+(>7}tSV#Y`r%@e0ytMxt2Qw>u39TcwEBI-?tvoupm5aRgceul-
zD_8)S;9o<2xE*Te*w84NW$P&s_QJogaKZm>q4cuvipb|Lh4Xq=PFVbg^jF<Z)Sd31
z(y$Y6O!0pJ6OP*_*2s)?lSqKIFbhCRk_StvHgVIkIY}Hi{R!xg+%!=aG7`@55GlU7
z)CYhf({?9FI93_e6I%5@W0h_fH&4O1AY{o@Au>tPL=zKHs+Zi)0x$KTTKO<fbkqGW
z7qpAbZabh$m>>kigC#?4dXT#WS)WD^PT^-%o&pF3K@@g=dSW(fK-5+^32-T?%{lG+
z7u7b&3r0Glgx8(}S{?HErY)df^1?RaOKH4pS_l86ES-gu8{n`E=0)%P3q7?S=QJq`
z`67{@!M8MNj1_jF5BoBs-4i6!^%VpLp}Y1)Ax}ij`44soq!-`RI9LolPF*H9ePh~M
z)r2CMnm*xuf5-)hHx77942j%`pqozm3N4h(e%#tYIqX!2v4o|6{UPLkeJ`%dqRTV)
zxkqpGGxg)t(AvlSw|>olupxCre;}i5KM`bWBMIhYX4(U%zDz<h#x=qS3JOsb8y!<H
zPGF`*rS&^x8gd2pzl7*Bff9J33=Nk>-#cpX$OuHy);DD8XLF91ua|G8(aJ9bZoYYG
zUWS^W+Jp1N70%?_b`FlJ+ujTC67s7cw(11r2)O=sxa4s9>Bik_7?-!jueq$g&*r}#
z*A@!q;sNx}ei7%!wA9KP{(vm*u~ocO7MQDE(ZU{9TD8YA2-O)nUD^SGRzhoYdE9#A
zwGRxH9M)vJH_>=d2a$uF5Jz+I*d-Q-T)^p88ZjZYI5%fA@?*XZh(yLpzcpx&85m^d
z$Usu9`|mwFlvq@%-glawP=(wOPal7yoY_rN9W_uBAn2zE=OV9q1X`Q=)STgq3~)V_
z8^{g&p)ZV<+95=XGrTV*cQxu(<@Mr~XwTX9V~hJ=gf>aP9$h({gO~efd`wtpZAQLh
z7&&{V>MqA%iG4(@yu*KNCMu#F_`vi~<r14f1yo&YjQM57zfyPnTUo(NF^ih$@r<~g
zA{{5+mv^;aJyBVRw)r5BNC@Sb|3a^kA|>;Wk1B3ndt}m<S<@|1ywVsHuMs9-e0SF*
zJaost6Hi1u&2`ls0VwKoPkcfc8tOzO>Sp7lJMs?>N?EvTMAV!VN)MLvzilIFm9yX0
zMbZIU0Ythv?VMSiA0wS8gK_hd71k=a>%)P&HQ&sQw~Sx%_c2NC<%B?MKLh5Gc1Q0c
zwK!XL747H?H%2&OKbdeu01BT+N~-USsJC~Q0?JiIjhHf4tt-&Ox^#hK3{!DbdYdk(
zwC&veQ2ImIP<hjdC>*ti$epb9ecC5+;T|uoy>sR_muhLS;<PrNco#l3ZNLSZS}YP3
zyyO1h&9ZaQ3TfwoAst(wqsZ~ON`%P9@`FCZ35e=7HzZ*bW~agcEE0wGT`PWiobDLg
zMz!;_>OjM!^H0bU9wVw<(jDwuaMpou-I70%<`~nP$7|&eMm4QjC?!LQH@?cML3rIP
z_7Z<oTJs-NX>~-|v>OyOya+-$hMypxzDPz-+{GSINELH$<wd3{EBZWgAVB8u`exJH
z{KC0$d!Hc;iU(WhVTDc^eXjnue!T@odR=oVrqOl^tcbhN4SCrcqwcGXF+J2Ri}wEA
zOuv^EJ0hc%ScV%yFk&XE(0d%$Uc1e=HX^PV2!XO_`nzY+(%AOVc4@8VELtx{6349H
zZMoRZei56o%1|w@G}WGL#d|3q5>-)fd$ocJT={eI=3z1s4~c+K_2~V=pyQKn-mwt0
ziw6cTQt*eY*>z%FBmN&C9ROYPUM>rvJ5g=e_V2t+P#*RM0_$*op3htYcN{97$9TbC
zQ$F09nXhwAQA&S0IV-J<MYq1!%sEDO98XFLRDa6`J?WCMQ3k&tuN>CxTy4^)OaJ5Z
z(xOXGtX@jE9F&zRk1lQQSfG9EN2Im(2W!4{)fqI`KT=1{2!7=EIQ3_g)@xI3;wj2e
zP_+tItCrn%<$za5K6bA!{~r!P@xFdJpp%-jQoxWgA%Nzg5y=a(C@mZI6wKs|XX{sO
z<jUav;5f}^QFS`-)jq>3#>EL-V5z|sdLz@lRJsSu662`Brz4ac9DOSjr)OhcIX0^k
z&<@9%d~C`=1boAQYd#k{c{%p0(Ul{=wtG@6ljmZ213d*pI9;R``MopNrRbb+J5rcK
zV4P>Mq%$r-<?uKp<ki~@F(;hWTgCnUIpVEYILHK%j=WLO7Uxr7<?YOU*O8i)rj-sj
zBhc1eyz!$eBb<&gTUQrWF(P@csk@Pr*0oOP&PvS2yXH?&c^=hRleFiCZpN-^lG_)F
zpl#c@Aa|<G8)I-8{*^3!2$g??_Wo5oC!M799A>L1!vMtYCxKI>dswp*{V4-9V<&<@
z&qG$?VVr(7ofG!R`c=4_YYg*LnVgZTpLZDJ*V3wLFsz(7`^Z+U#6eJMuA+WbtrIb}
zrw4C(me*}=(ruPEAQRrYn<*pLo;^18Rf~clpZKG1ucdJM<VzNy(-KurEJyRLKMYAM
zI@P13nL^p)y>`M^M<qzxK)$fJ(=TMRx{RdJ91waRaq10M$NBZIV%K~>4~aCDA1YoV
z<_S-)q4qW8cNVi+T*+;58%H#4wUG8T5{;RXWF&U$O~A+b;+%SW(|dAoYDyy@1J<0q
zIrQyDaz<zw2Z{iH6rBw?5-~~sG{A5jY2ybt>FG@9d*YwP0627|A53~vGv6Rnfx+qZ
zphLdBO&G^+GfBIgQi0E2JtzTl=}mW7(7QGi0!gJRLHbq~iZugerLa;rF&NKt*ne68
z<Ge|z8~stfY@~b-LG-MoQgDAENz9MAvc-;mrk%98Dh~sfBACZ++S^ks-lC5u1Q{^x
z>7E4{02PP;JF%ftcMRDS0VkQbZ3lKcDB_%;gUG=rJAcNUHm4Dc=czP{ko>kY(L+-}
zX~2b$5wy2+j9_|Hmki4OUjBA~aoUIuB2^s^UTTEQ#!QT=k;l2JYV9!D5nM6OM_lyn
zRpe0LFdr*+^s7>U*6hp9IRdM$2;RSUzqM0D+^AD)k(~Mw-i}wN<yIYYBB=wPy5G{G
zaf9i_X4Q%;LonH}f>+S?sdfo?<Jg+0n2>y@4m*y9risVgU`ME{izT9DVlxz=?I)0F
z%oz?;mR_FZd(%nVg_x43?zi`9MBap{A%Nf-vPZ`#GA=$x9Wp<iPazD4a0fj=>}sr$
z6<zC--yhxo0P9l4H*UwVr*N?*3Z~(Lr>Llk81T`Ip*(ZY)t*9@TziUP!wiqQ-*{31
zv9MvCqagAKr#gZ+E-(&AsJ58g1J8ADT6&dbI47?nkkK@9XBi+jV^gED^1mvcqtdAK
z;ISZ&m)fUC;11w(?kX8blW5<#e7OEqJY?+(PCJ88jIycVx6`#OWk|+I&rf6PNTU2t
zj&}{Gu@%>Ne^-(jM&`-s*M=3x08b?2o_&w4U9z2_eca@8$7+VI2d*oL0?4Q3VUbe|
z?5qzDYD;+lT>QXfjMo1ERLx|-VIu;RHx$G5`ccR@IO{+bApZc5h32)71Epj|#Oqp4
z#0qGZNTgu;(iS9OQz6OZ)VTDj5Z%6}ihmu=6b$mOF~OkB`57HK8L5&G26^Y+hmA?d
z&(|2HGOI{Q$v=Rm@_KVtS{xi>^Q2htdk=F!5P4+a<B`^$AtTnM83d00fK#@%<D6h~
zgW7;02!53!E=2?{O~ff3#Ue<G!Bpqi&;#}YeRE6XjoBb)w-nzsRPx-OnKdIyyG~dI
zUcB_62ADefQ$zqBxy?(J9HVX+`Gq`4rz0mFu|O3X+wdPsjjeIhrD*4mpv^GgiU7*m
z!Lf=8wP|cpbHzg<p~%m-u%JaG!5JMzNV2l~^XpAyDsj`^ko2T7$dqT-=}+QBBZ{Z|
zJbyYCVy(?EFtr5xJ@8;K39U4dS|G#Hs%yh?haE*4be?Pg1Nl^SA!#cX(n1e@m0-9l
z!RD&%?~W>E03Ni>301)FibE>n8Rr!n5zrh|JbIc}0%Iu0;Z5^bft*xlZYi5aXaYu&
zeJVGUb`*}Eh^WXI=hBcdHxk?rr6w4fd}ESn=jA+pl*ERJ+iyK8H$Xb#q}<1#=~1|1
zIiO^0_!t!)S&w>=Q0F9ZPRgOhA%gA#p}SCGY>w4!STOBOxC6>=J5cr$*ySV~kbP<|
z@u}w+m504VM{HL*M<H_4JGyaGOb4Dg%|m6&@l)O9Wn2nhXhmz3B!P~!)AAry9GaR|
z0YR!^n6^b}Yci2I$_&+MWF+;e4oLZ)qbfTL(8ffdlbY4ioX2o8R8}LJxd`&gwrMRG
zUsJ9Q3TN7)X5L86MQgd?Q_WB1bJn&xNJ!(Re+qId9@Q`kfN@A$6vjPNo(()A{b~^H
z^rs1V=y5;~IL95Ttg$Slh98Ys=e029div4}T+5o>qxTfp*K92Hq}XAD(yCk_j@^L!
zrlG4DI9pRTIavuRezl+(ZX?fDto^t=_os#^%0c73B<x~3Xh9pQo5n%nwHp!u!yihm
zEE~CAGfki<^W0Xxn&E*{_|{u1DbHG((tj#Z=~A>~i?ptEAwZ*y^roZlL4($pZ>g<L
zu=!Ub6!m5FIrXUN!>1TD1<75}qbhpT3QoWYIqCRQ&up4u8(0u)IYnDTrk!ayT1BOO
z(SUR5_*JOfs2fQmrYej_>;4sGMnL3_YX){EURTcz&N!<o>ap|CbgC<Z%X9QKF7+IC
z#wiv@c$t0bbB;}BCG*8_Rg<rvtyf^Hp5B$4B+KS-2U@7BktbtP*61@S>ED{MdB0GT
zCutyIaz5>2iT+OFtif_a1q?u~6jxIxQJZ$Q%M@yQuo%g!>WazJ^Q?$&TR6yJ+nT(y
z-~u@#lUg*o5~_C`*0^DTpXo?q+Hg-MtwkpBoMigbnFewz86wo~R#m|ubnRAQ0G#kW
zDFO`j=A}V{jM7LOFT~qZsH%FK{G*)bj8w?rE^~oYFQyIv&w9~pXZDUWTtM5&?kT?y
zBAVyKA{>^AK5%<fy2%)q*?7%$UkbE^j?!E9AH12cK9$u;UP#8fN-Xs|b=eA!L0sR9
zyePWle`~Y>Z{u8GoC!eeef<q|<AoG<&1&^Hj{}|wZRU7qiQ<(G8604(Lcsq3O7`7X
z!}?~lR$IGZ(xAX_NI3i}nY{RYr^}OTbvzB*b{tglH?aA;o@z(teW}24T}|JBb$D2q
zS{sGzRkokV)+OeTsOjLFt0|&f_1ls8)VQ=eqL9fPdUT~DJanZPJcF7z;8FosrbQ_{
zb~MrVzO=Z`dHPTSj-r#F@Sq>1E;B$1JAg$!Px<wxV`%pErvb)kfgn6%*QI&4i|@YO
zt~4lrcMr+I;GXs0-du}YIVLA=)h8#lc|@=Fi@9Z0+N{L=1p`As<7#6hU>`x=kP^#*
z#6b1_@u80G*avQKf7&#>Mw{ivdwWm=$3u~|e^W=BkOF`J9fdmD*5diTRoa>AYoNB!
zlqV#Y#zDnHnntRdW(va2xjFU~Y8de#4Hy|doYv~-r>5S0Y0IRvOa=yhaYCrBH%X%>
zc?t+#jBtC@Q>ibwoaBNBrCzzTDIVZA5t^jHI;l`MXRmBls%fnZ+*)N=vF4CZ%I6<S
ztogRObm*_hsijdB#v6d&F!reLmwamD?=LlXy1AXK#bw_YP%+azL8zP(qE0wCVM58d
zRl)n+LG`CI1YqCt&4w6yQhJYKni7(GA4;~MI(q*AbpHTKj!4QA(;N{<kB9#NWcH|9
zI}dWuY_7&RQ^qOFxd@G$r`&H!hdJbD>7KPJFqJkOZpL%miqSF}CXQpwa((bRgVvhK
zw3kDGY8KpAkOYbP)X_>AGDlCmw5~f7M=&eT4x^uOPRJiR@%`XCk6Ny9t(DGtij^1?
z+&j^5u_jf9-p7%TT8{-~<AxnasHXC-x2m336*^*6-GRM&`-(0*0{Vg1rYS;|IU}IY
z(wM8UuusZ*5;_``F<z^XI`L96MIlJR!R<;{<^*Sxkw~D0Q_Cl2$5B&8ylwR4QW<6k
z4}fr691l_HQp22)k}>yl{Hm-+%W%L0lb@lhM26&gb)*L7g??==m*)N;Mt_xhVmiu!
z)9$dyuO5xbA;$!D73h8#)t2tjU}go>e5ce@Np%Br9`v~RmYgw=c;l@Y2flIAphM#S
z0A9Hmtx~xiD<&`X%k`~Y+<j@GG0HK(qLZGq?Bvq{IrO5AD4-7?{?p`ukGs_W0F5>E
zh94}7>+Ias6dRa^QO|s5KT46ZnB+D-@gQ+d%+|=zTlF9ScMN=>0%|#RSP&B<h=Am?
zFZ8Nw7n;B;bvX)v^`|zO3p|Z0GnV0k^ceL%ze=kUp>8c=(FhD#cMO(24MB0QM2q)a
zgU>z1Lp7W;Fj%4h0gcVgP@PgYXwi2_tAWP@-}9ouWL%R~W_2qbK^!PNFTE$*U835k
za!)xp&-m3?AdpACLxKl9deag^<>63lT<kR^ShH_&G|}g9QaL-l>c`q<JCrXQdJ)MZ
z6_S(4Cfrc%<Z;ubOC9Mk4Zw+09OJHk{Zw5J#;@Au0z4clpQT-gP$o`rST|b8X*akX
z06FKs6ssb%B*F&bcYR3U(<a8#-vGr_{MjIJP7^zzI6V8-QWP^V1Y@2_>?%Yu`DJ(K
zj-Y;DjRLWGr^m~j`&Dx}GBR#IDd|oOLdK3sW*KJps8JL#W@QY=pzTO3Sl%5+6w!i6
z9YqRJ@&V$2oadpSkyrvaH5LYVBZ_+=IU=HPK;xPKtEogJwmHclR$h-M&d5(gTaux8
z7#~XJqCaQU7<9>~dy^$+bEhFkezXmytFBoyp47aKNv2sh0A`qR?Lw~LX?&7?v<!@q
z--<=Xb5a;v@uvAC9O8iukbr6_2*(v8#>CW8Ay5S&J%xzibnQ<pDbdIBigAwzr7%Px
z!0kv#&q|O(&)20RMsbdm41+$LRAf}fBio!%A|&FF$bn_)(v{?685lKSL_2|s9aU8N
z&<81YKYr$`5=CCWAL$4DDvN`R)(qs5)Vrs*&&^GIGQf`A>J2>Mw;W(o?<U;X7&)Yt
zppjBnJu{k!6OJmw$B1`Td<=6<gC4lg%yUyC4uDiEw0qNmY~WQ~3j+tQ6w@!E=}lOf
zhcy$#Rq_odah+bDbH3Pm)w0ZatZf{fnEf+bD!g<!tzzzuh`XTYgPti!6!4=Wm`2mj
zrBOgm2RO|zum`OS+;sl{>(fZc$E^TLtVtB^IsSDL{Jzwz#Ppy9Y-goGbW}pyg-#C{
zG|A#J##DVNJ%si$3H>_Kch5AgrZy_WkZ1%RD<hO5m7|v(zm-{IwX#0xs>BXyVUu^r
z)YB08VGZ*wRoGXWw~~afQBcT1Cp=SjD|1gzlYBu=Gu&0eJxyZS%wm`h)wTxU7;}+M
zEZ&^1tR@CAidD($N>l~+pmK03jRYY69@Nq}$29r~`M;$DPR`;d3(qw&xyMS0a(F%J
zM6P*6?u71(O5<rgF-T;<;8aC`=mkb!aOi)+p(9r<2T49o!f-0H5Y5TY6q3q`{;_~3
z*0ZM6;y`wS>OCt&pF=gPyEONyUA|(EV^hN-#nw&Ufq%xi(WtDXg35!h0G!mK_!TIs
z?!<hh7Xq)9mCX){=UE-}0I76j_w84pxriZklL|fSiHlFvuLxr!LW8k6CbZ(wZZ5GH
zo<M`|5NK)l6N0wZI;%}WIZw#o)|ikUjhytZTGvW#IDs1yo%bF^Y(X(owTU$wk+G?}
zCqA4}xOYFDK#zg+qs##3uhxqS<g-uZ$C7I_+yj%I0IHgnpbVZ^JPx?5>2CbEo0FCt
zQ@GM9YE1Vsv{8(_tP}y?HSFFL(?*x1TifH6L7MX~1!>1q*2TjvVu0s9tzO9jgg^y%
z(pHVmEJVHQ7dulocBIb~&DC}}?n(|So467-J!)ofpz~BiWaRqQMG2Gd@6x2+2*DtN
zI#p8Cs^h&?fX}_~-jS#=X>4OxJzg=e{*{e$@b=11ZEq!r_6!3G>Wr*<Q+(nNCX<R_
zdG+6bwP*o0?G4I~%G+4}2Cy#l>)RIFb!jwM>A4O+K9%fCHh2c4U>QDe7<wK>L!^hy
z&kr1o`%;d$uUEX#^n1d5>lniy<BV-TrD9!tIT8aVpL|AoB<r8lR61=9NZ|+4p1nS`
zvwz_oYflB9(8`0WLU#;(I@Tw#>-4DDtDNtQ?u=SeK&J*~Ao~Ga5`u7x#_mtjx}O_Q
zy6PB#`>EQwrBk;(&+9<YsHzAcbQ}ZPp@t^DzYF{-Y4<E)wBYk60Q!#RwLCXxxr1Y$
zT8YZY(wupnj*7;>A}9j`9+kBPuR;gbpKWjQsK#qbD270;7b~8WVv;M1MgH$m)}Xk6
zs)B<U>P>4HiuTPxExBYpaz!M@<Dtx6*eqABpTf#WKZSFJOkjWj+Qm=wuGdkE<+qiO
z$_@{;a(bP=mw7xy5X1sLwbf2%El3%+@DH*i!v`lPim3|+O{_Y5){>7qPbf}C59TWw
za;>+%E20uPW`=Co?-n>bueD7X4w!z2h8~8NQRb?;_TbcfhX(^|b^6upM(B|N$&JQJ
z@C{dVBZ{&?IDUk1XpjfV1Gno^!4=|Scs;6I;e#m0arN}5ir{V>5OY@117v~n^%T%C
zP75oJLk^W0202IvE7Vl5ugJ)Hbx}$p+@VS3e^E?A?F^s}hwh(BSOEtOlg~M%hy@uu
z^Nf2{fB|sCjC3@HE5p5hLCW**^q>zYi5Hdrm0|)!styM@Ij4DF>k)qH9OK%6B9#P@
z95-zL0QKn<84waM>(?FX#kzjv$AOW`=dLN3+Qq#GKS}_61p<`kW^zZROjlv&(;(-q
zLI91_=jAnRKp-#i4u{&1#yWzYxf%LXk%G#k6N66Y9CkeCwM63)?p~na(gM>HzjE{g
z1P<fYv~;_-vb_0Q<qeR)^!Kc2CC>!?D$;PEjvG9Vl$g=$T7B5Mfmr?V!+X`P{Bg~2
zo*UN1yn-nh2#Ll?<Qndkm4IQ-p{&}lnk0`ta@L}Z@!GPYIGJ<nT8enjdJ!y}fRuoa
zl)&Ao-Lq674_>rV<WWdxg0mI*rERU$DErv{m1Y$)NUEv<?dZOyswyhTs=1O={70$(
z01CdCg$NIlM=kvawN>nGYnlt?!Y~iBIO@mHQb{+;sGx8#6m(y&y;6CD0NoeU)9FnU
zFQ!It7c?ncIZIMM?!e9vW0BR5wN)(~JIjCx`H!M~eN8>3+NANG+3i%v`b+I@Asmu=
zwN=TnWfV%HdBbcy6Wi4NYG1O(s7nA|PQJs?3arx;F42vngYQ;H?`8^4a0^IB85Hyl
zL>93=UDx+X%JJ9#0ImKt57|!aDgtr_)f^1e%W?LclmNsVYM$J6H2Eh~I9#p=EIXfH
z!jni9$S!SACe+)7Bz&i-{{RZ96|A=M1J{FqD&4CB;OB+qiSz?CY8!>0A(eLLk3mb2
ze8xI?%Ok4-09+4KS7D##jY&9OxbIh*$~i+a$O-9+tu31?90S1^BBiE^(Sg1be5gY)
z9X$`$klOixZ;+_T&N`Z@k0=%+1aXggNaU5*86a-!p1e}OaOE$8ZHNJZ+tk#nA(Q7E
z5_<YnP|awg=1(>8jozNa+O8}OAP*ym&<~XqQximOy+_loeQF~7^1Ri^?Nt1TBq})E
zPD!Xus2roddxl(!O_R&mXvQ&`<@IRHH;VZ0T{9~w>>JymtUYovW8dDT>_pau>p6GZ
zt~&cwfCC@Wvb2ed#06@G_wPXCsw~E;1wUvVu~pHIeZI9gC+kdNj=kxp8RT*6OWTw6
zq+rD7Biext+A~z{{_p^2nzl2Jy{d)b{px|mAxmP+IS4<kOM#AgsFA>oeL1H2hL{s5
z8TF)WW49i)2y#wygH2{Ty3jGjly{^BNyS6S?rB1E+)xFMIt*f?kqZxMK;#N|aX=i-
zs|!asVmj7*gXPV18r*y1&O6o-T&-m#sn1b+!EXBy^TjzwnI=z4j49zqQfmJIk|Ts1
zRP0X3l4uKCWM>$xounLMw~pqr;C8G|cbX@-nJh7{dbF_uGNPe`4c#+Wfx`2FR~4WT
zn1~e<#5>f_Iww}DlHLZ$QA$=Bsiim)?H;wgj`hvx#QBAfTIf8+^s9!)L^dScM;N9t
z$fP8(q`^JEI-<rLo_{KG@!#lZ=LbFM2^qkk2WQiYZ*%pf11A(<XPN**oO;ltkMO79
zW6)DE&J6%Xb804C!-f@-%E;Iwn%)PGrBu7O4!f7{R&rfTsza(Xl;nMBq+^jv0bGOD
zoB$)9^(F(9?~gg;QV<w&DY-GQ$4Zg-`G-#Q4Klt8wn44EK64~nKdof4WMowKGHsXx
z#!ocXjJP{9X!~$|X*+ZLsLt<9(jGpQq0%AjO)lU+KT2uqoYH}w#()r#NXOw*u1Mfi
zL~%knQV8!-)y*M3RyoPtjx$k^Gyc!9t0V$5jw%TT-YX{)rB3LrJ)oR?_+SSW0@$MQ
zv~nv&Nh)$_#11jeIOd_rtqtL8T&WeLBaNsr?cSzEg$6+i2XRvrR^*C>piJ}_>r|#&
zow^rbxQUo;B(dmge$kXizypfr?bB~Xt%zkRyK(KBPEC;H*{I5gxarob;}3z)J?V<f
z*zZ!J{GgsHqM3x*BK*APuUe(3->s|!k_#}xik|x6E#hezf~tz+E^nm2xiWGPaHHCo
zC34A_wq42Qs!t<LBE=p{xc~|!Y$i#?ZFnO}ZAV=DOpBPI_U~0r4suAT$wD_hFTxr^
zX?jdi1^L)+bKIKhQvg*vXu==@r{9Y7?QId{IbGe87sq;!cQqMv)|gw2=ADIcE^Zbi
zC5Z#4O0KT0%CI#J!+Db`4&7<&fT-e~v>GO6rCw^D=@jtXd(_D={vojbl_Mr34hg2V
zG1i$UJo@*h9Do5iqTynAa8BxyM<j7ogAh2SX$Tn2JBUchGT`(EwW63RR$MFItOnqU
z8n_mo<lyc6>n8h3({&{+cWD#8Kh^<;ABd}&6;}394UNQ~+=-9rM=As6{{SCa!3T;Z
zirJgXP&2saZy7(%xuyB!2)}iD`__kuum0Vt+)mlXNawl#066@rmAKg(H}N+;E1FxH
zt%`T&b>7a(LXXP3Zw=aQiCC^Ut~FybYXlyff&DAeba=K}pvO3_YVS)OcxdZ$Y6KVq
z8LRO}f-o_ftq9|#Uysyu?_5mpKu~Qxd8U;lboS=01s?RKK7A;-7<YF2?Ph>4LzUvW
zO<of5+uR@ra+rws9V@=Lhc0o(c@@mxTgT<yKtm3brU#+swx;zlsI)k^Qzl48H)G6E
z@7}R)W7%?co)64EmA`)(v((mP`=pNf%GQ3N0*6;mx^s_V+PdQPIHt5IMleeAhCKTk
zUn_R>$33b=jEL2{=A<g$D*@MmT9}Z=KJI!R4LMV3WX3Vlr74F4vyR@iAx*%ZGt)E(
zqGH6`dgs5rTDD!$f=@x7DZJ!&DtP)-_KWkn@r+Oe8$wD6z)*00hNs$9i36`tX|f{W
zSf0ESQve7Kf4PJ8r*T-U(UopEIX$Y%F6@9u_|rD-QIdBn)6<8^<7gBNfBdrye}w)b
zt@D+YafUc-e_E^*hGirgwP*`Q@V8OP_cQ>|xNt@|IOE=%aF}FuQ_o+odYQ=immbHC
z^wh+W7~AXDy(@tp)s`MRbf<<p)vz#lH4-s~RtNaGBOMJ*##wXnk)C@{GRVRD`cy17
z$T;I13K7Qbxf%Yn=>T=f{W^o~ND7P$67mU7z*dA3d7DbUSn{p?@BY13k$lLqMo8<5
zsSM`P_Q<5fPu?HGXc{-|m?Wd+&h8lFkzKBfs(B<sK75utRnKEwG%|9n!)K63de^bJ
zWZGDUjgAj*{{U4(DWlS2VA3wq2+vVkd}Es9G^^s06=GG?jCv94U1hz>OB!Thi0PU}
zZ5De{<ceeD0g9I!kb2Na+!`s^_o9G2E(pv_SpDZ2VtX&8EV8LW?f$Pg3O|U^EQ99x
z^BSL+f%lC>22YtN+Nyq4^c9nnXJU<nEdKz0LILatZ>37P%9Gcy^r$yuH!_SfaT0pd
zH!)L^OPu6`!1kt?nkH#P>|;}roE9Dal-H40Y+!IXIQ~@>j4jntBm2hwFYd3c7W)E8
zGi1htfsVC&#PXI#ReocV*>C>8^r>!Sc&$Fq6J}{n9OI|A;Z;^+9A@Fb^Iz@`!|C*<
zt2R8wVs?%X)|!x-F0LX-;YRsl`9~dnPxGT|O}DPxoaFZIYQFu-6mnaI$ES1sDrSAL
zv}EHyFBM6NqGCtcBqx@T;~w3Al|>U2wwhHVmf8XK@A}kIOrqR2bCx?#_p`=nm;72s
zXBopN0ggMKzs{=U*p?ZxBYcpoFsD49O3;c|$!5!JJsXf~E*u%RWA|{TK=<e?O3ZJ<
z7REklIsGWO7N)X}So#inA6l<9my{PE9E|nrRvGt|W?}&6>sD>B<-Srz18wvfsFFp*
z$p}*gV^Bv!)~6F)Z5eH#937yOk9yJjKbw%T5Lbd2V+Y=&Hcz`JInQHRy$x+~meM;M
zJdzxLeBe{=07fTp80ZP7CAQWqha?Y~RDX|ZwGt?8&4I@xjG8%<LglfY<w)mpWxE`$
zP}QyXKtnH4U6e~_vm`4wzcgG$Wikc0A17r4pZ@?=E7+Mr=<_`tB#vJ!s~?*K1Fdu>
zBk6)_=AjU=efBn^$tUMva=`xpK}iAg_M?H8{w#7Tk&iDfg=CBhlQ^Vr-L?-=)}m%6
zm=p1uY4*p`px^IK-;f0WJTL?Q0IgYfXEzmilBca_N%LI#(qzcD{{Sq<9jT#n#Yz<H
z1KXOBV*}op$Q4|Jig%RQ&uXyPA9ocKF=4>`DS-(?>+MRQ4_Z^4=O^%^%O|HafCvPR
z<JN;2QIY9SjuH-PY<9=fGy#pN{{X1@hc(aV0=jKnf1?wOaa^>7<BExHV^eZlKpx|f
zT6aJQhB|hv%R{npp7pD9%zZelrMa6VjDup_V~W9V_08X!+k@t{Y}PExwo~<|K7u8V
zQk^?c@<{&x#Zd#^qzp~~6wnbEnDsxcAcQSh^4RsHWx%1t3;H^3eCNGy@s15*=_<L-
zO>O`NYgnrzqMyPy`HD`UbNbN72AE03QDAsH(h_=6>E4WSNMeFO??5L%{c2|J)B;JM
z3A2Uk_)`a7ywQ#+!Ds<E>DHbAJ%us3r>Px(N&u;GWxp*L`Kvbt7=ytTySpCMO70OS
z%)LctDD_5Dhg4BK{{W2<o_3tjK3)%62>HPsY78tW$~M*%;G0}B`qP*fk0bbLh`@{-
zilL)oCM_82?@#OXs`j#cm^~`c89yk=>48?ZI->L&)6<T$fb-V1tb9MIUyx$AWnb?<
z0=Mlv1jUEiu7DlY2lcIEN^;o=%_ED+V}bmt{f>)&e#7kcu10?I3<~tCPYr2S3N~9S
zF#adx)|6XR;Z!P)fC}0;W%ij4qv&#aZ-EBP-%d#*?#EbK{{V&Vw3la0&1iq+qK;SV
zUZuO`;8Zhh@>yL&D{w*YT1tc@tb!G#7jwi){P^kbPs;}X0P9y#;y(@~CGM<O3OQ)K
zK9$KcY$L8Zb+0m|Hl3O1(yE%eEP=R#oDZ!|5lH1n6-j329-Zn>JLbU8N|?sRlAX;s
z+yQ{NJ?g|~3K(OW$P&H>KKZK=Ou%!FI@X#Ic5KAJ3~)Vwsf3G+hRLk7oE6HGlf_ik
zH9xain1Kdo$OLxxs?g1**_W^CX7c3Q#NWC@hR1VM&;>vMI2@X-0(|6?-<q(`wMp&i
zSiM=%6=WlCo<xc;OS!_2TJ}!}=&Pmaai%_Y8=U*s2jG1T@9)L*iTkxbCV!oJ{752<
zFQs?ksq)8}^*C`=F8NU~`9>)V)DlaIuGb!w(sCEc1aNA+juakxRBJIKtwB75;RjRJ
zfD#;+E_>CX(yPVkim*CRG8vbl6x9Kf2Bwf@ew7OGpQRy?gCa3iCmxk1_a`i%{WzwE
z!{F4sVv<7-v>@sjeiXxT89h(sO_Ktl9X%;F29y#bFUr8w+2iY3aJJb1>z`V<(i9^N
zk?3lc!f2a3b6CDCx)z=m)Mnkc5pB=Zfm(uPBh&S+BjT0#w(y%qPJG!oAKoAw59|0)
z-H?&<{nPok4d~6%r7kwUKZlB_8#5AmD5VU1rWxyke>&x6#f><5nv$^O;|9GqPEXw^
z^shJ2Q_Q|3agM*8dTodS7t<BVTXVM$v8NE=cOtLEK3+{yh-aXyh%g0nGp!bv830s)
zdHU2!YG8dTMn@_fe7Gc5HmwH>bfe`%ll16CZm{Xw-m6U#lw@EGY(8P>RT){3)z3QA
zVU3^xfIe1Z4~}uveul9pwh~xw0GC6^9<|k9S~a!YkP<N>keM83v8+am%VQ=!Njih;
zU9e{y(Txmwj1$pLPc<);B0Y0TgK?5S?*a$bpTxHDw<Yn{+*a2)tVJSxp13*9Fh4th
z>%prE1HwrMImQQSt(}fzZZp6%#3O*RE3Z#ViZ|ILiTqsDvW&;+-1}8|Fi3uRJ99u1
z2HhKX0N{$V5zVnv)N{>d!sT7p7|Zml_U<u`frm695-;7!$@S)&@~ejD3^7Up!8sUy
zKN@HwX$QSAljmxN;O*f34OxtzG!f4n=cQ9zk@J!0!}(P3HV_VSyc0l+S1X3|R1?Mz
zxT*o#Hp-ur@(y~6(*+t9Q=Xa0?^&{@H>+|-EB+LKj_i%=C~TwP{SSJXCfo;JdK!uo
z=0am`Jt`>N#^oQN??4w$bDo(QsbZVd=hrm=ZO!U)!1eW^!C3<#;P&f^0JXnk1_XPG
zWy}GhGDq_%A2NT1H62@NJvvm8v5msFAounE0PD~+Lj}Q$Zh6NBwxF2|dxq2P-m>L^
zTnCK%;Cj;`k>Pw2R~#NWq*ljQZ+PkxYXgD91I{Z-+r)E0w+A>JDXwY>M5lW3j@jVV
ztgb@8L-~(tkb0eczm70Zo|~7aPDN{4_|s2vs_Yb>TJuRqC6xTj{3Lb!d(<TKApVrn
zGide^;w>bM{h@z4E5~#0D5qg+BwxKdv4tHM{P(19EC-rXxfg&j)cRE6R}74HqI}Xg
z>GZ1jH&3`PmlE)b4^RHRaoqF>m&~}B%`OzG_3VSvk&2{yn3e~HQ{U@W93a9e+Z=s;
z&#r2*-0mN4NAM@9s!W!Mqehjv<=>Vh^d6Np!vnSz$CV#1=uf3h8hxH7?;$y6&q}CM
z&SJcn^OKI|ox;OGY3ANXUKK@5xFfJ$`0i;!GA`BOm}KMlMGByuxx$Xau=M(xcNK{d
zfC5YcSnX3zk#{gr(;txTY9wOv7XuN-FrZW9KPXTbGxqC+t4x-J%FlTWd?azHY?06k
zgxvY%<;M=>52ZTk{EK-o51And2dB5-IjV~u>EnS<$egkCrsPVAa!EXkbOFA38+olu
zFWp!)t;5LNpY!ef>kS9m?)MCZCkg=VTJt*{u^`IDz{hjk{{Wv#o^rWK^Y)DG>_&Hc
zR_>h$NTp1+PaO2e9X~3{)1uy3^-?j9O6YX;48VS4y*^>`li6DoW=RLiO<ZdP198b8
zsHbV5lHta3$CFzTT7n1jJ?UELwCrHZrGd)x#{_k(i`^xa!9YmI-2{wRZm<En7$DPH
z%^M?cTFOb5ta<!*4;;o8FB`A$oOA9yYQjk*O5l*nPD7E_w{>3+#d#hXcE~wbUI;$5
zgKy_qJKAapSx<54*@Yy;)`G=z=N~1&`GyWSD^P%AlY0hW0UYD6N_$$gR~w1kyTA?y
zO#c9$l!S$r;Xmb=!;{#a<NW&7Me1WUbWooJZU-YI4AdC)=QTSI-2seqp0yr2*2g&(
zKT1)8!kxE0g&<#AU=M(&IN)Nl5SF_=IITH8<z_*}(LVj@F*8sOIHxaOPwP$3Z`Pc+
z{QFZF*C26G?)2iNka3atR2V*;Xb`=>8kqt2{3;Cb#W+Yu0MG>Z+xSq;$4ZCHVlaDC
z3zZosr2tUY<RTN3T+#yVSM__NG`j)mRiI2Ram{A+W;1$<2FX<8@vS)y=mG6n?a0O|
z`txi!tmnC!C4gqsfIC(d$NKjA*7QLAoq)|@+=3-J?^QjJ2&7<Cs(Ij43AaBntC6&O
zcpT9b1HzIy98+0GdYBBar7}PO^{ZpCb4mm`z(1XA{d-n+naXD!D@gR~im2>w4}@qP
z{{R{Y0B|!#dE>1w-lka|38Xv@M|zYg$3K-YfDIrb@4(M`dd7O5^rH$eFeyu#1~0WP
zPTrKvgPL#|9C~J$496t;(w4;p9DCCUIiv)Mf_dvw1w-Ez0QaOUSG@o->djBj9zE)Y
z(l{fhTGB}lIU|Z>(5#;_@M}3osxp;6sG}2Xd>ToRqXGv9(uPtS7{L{-qF6q&e+{y!
zVY}z{6r!%|V9Q<_&@Z*Qu$hhl)<y>(g?fgc;oA)+6~tm$f4<|I*s`&P#?Ck*K&Ydj
zsHT0=<FKyyQ;ZR!zQdH~01hfpHjLD9ntM6)t$BjNKQt)-az#eOnr`eGT)<i0zM`X%
zvN$x%f-1C)gT+*|KvBI>BvOobuR7LXOL^JxwMou<SEM*C3;Nd|tXg@|$hgjPT(eg?
zDZ3n|I1SWejB`&?e}|=0f=7y1w_-yf!1t>gqz9?4NodZ<rq#=8TLaVSLrOvWzz*cq
zJh9_@W79N+27d3>moZ+<viHFU$O|{OO3#_3xs=Hv<o=a0UvJ8j0AQL<O_vxXMyMlP
z4*lxJnWsyuYBAczGq~lCpr*qFw^J-Isb_8g73zKx@Z5S;u#wam*nG`fP^Hf9_A;+k
zLN;5QdM=q3n`InPr~y<8yDXRonpSP7aa5+4u&+e&-l9Cj)L`eeL^8&vQOCU@*pM6y
z_M{x;&r{RsO>S5x=To@b7Zh{>sCgA-O;khk3bmdoL~K)zm08Z##ZF18^K_>61Vf*j
zH8Py7SI;#nHY!sa8zl>kha#1aG{$Tx$9fn7F!P7CS#y(~)lNUYF;=t15PAa;;=G&V
zCHBFm*oMn<G3Tdm>t3^r^c<S`_u`JIx|fV65r3<<K?pv$>VG;_9ilkyaRA|1`kEE~
zRtLT*GB%H`G4dll^IYbKLE)%b<d#4`ioFug0RR}tu2;hLs~wUSz-Q#wVQ&yV{`JXG
z-JR4`k}t!}UyL60P8GoCsH@R}RAaYV=VwYLLBKugMbFll1`nvG^MRamQUk*Erj+?f
z#%bs>!16ItV{rSv)WGIEL#G>yLo_)O#CL!@<F#@dR_R*+t3Fvrq4xZ1)2EB@Cb(Tr
z!0CFFg;)0yo$(Ra_h0K>6s4t%D#xkG-l$1dR2T=64`a~NZSo9}@z-{Hb62&S6Xz`P
zoX0TT$FFf&X(J?xI`$^IqVA3vD@dLq1eqg(*gW*A*YS|$hwz+=wp22*jsqO$-kBnq
zEtXP2IKdT3iK42%n3*FWjy>uIjGr<u;Ug=7=~6+3Vuz7SDwJhx@z*rTDE!+?^kIT(
z=5fgM-B8Llzid4`5@H8}SA+Eb063sUo#UwBWMZRpgOlEy836#0oMRc!YL$>QTN}3r
z{Ad_Pa5K-L_Z_NT;U*aG`qeeeWbyM3qO5`*J)`QTm>1xb7QyGbf;!S%sV6D{ILOa&
zRiKmRDCcW0Ao|tN=^_OO4mtxs8E*bWoPx@E1bS2CQ0gQ@ob~iICB!9=6(2gBfIE9t
zcqG_J+Hszqlz@B^hup4k>(?HhwPhK;W(4Gpao(xT3E$_%f_tbm_@`DOm+p@J#Q;yp
zIN+mo&lNKK*pHHN^5?JTQIew|^BZ*-=xQ<3Zc8ulupH0@@Y`}6WmsXc)YBbykX+;+
zyCD9x5=z(+%0X}8Cyf1SScVs4W6NX4Pbg^=Iw>TJ83B=xL(}lBTUle2ZEWNYjBtPY
z;<4G<-d0B+Ap6JD-mD0Q?eVq=?0O&YGy$n3TNo<s_8I1(bY&T3AQMqqU9dhxfaHIB
zwM=(s?-TVjkfez4Pw@Umig8n(zoiuJMTOhvY>Z?^4snjB)YFI~0Y)%LP(M>oVk1^X
z`^WFLdV5oM2;&d@N1*f`mBe}kFR+EkEOYXwO#7c|dd3v_j6r_f^!ihR75SVE#AlDw
z@TD;Z;GRE-`q6M8*k&XFxk2RgQA(&IQ{^t<oafa40EJo+{DGuU5Pj5MhuqSY+{Yt6
z!=)Ds6rLQmHy@bpcE@^aD)~x^FpIzgxvT9L$O|41;h$kpKF#H}Z*GdJIQmmeO%>Sr
zYO#)bGm+SK6!iVpWn-CGWDieDlqS*$!(`-;KJ$NtSD!fByE!=ocRs&CR+$zmINvi!
zc#a+yJ=pa$!iQ;(8(EH99feJSxmWlTk)QL{q=Fwc{(SOs#)ig`J)Aou5|9TUFZ8LQ
zQqnNw^R#o{y-NHP3OVdO2dSspLzz^Qji6`i-lFB$(bHGTm}lrm;agS;3v=7~)=jz0
ziG};mpQkmoXrUuwF`d|?<Wh;PV;BgBILSG!=y!QRG0&}KS;jWTy)o9dB3yL;0QJ`N
zoza}uqr9*>W0BH;m^mO+nCH~`Q^M!@Q<5bRJ+O4`n!?p|ad!(SP$W=x=hnJqTyxr)
zIs@|x&BUvoX6(_Z^L|xD{pud%fA#8x)Pfsk41Q@yU_0ag0M&}={6}IHgu#DzD}M0$
zV!Yo|)PLe-9DHsKll166kfjx=omp8L-eG=E*EEFZwK5=NfD!srgl*rYZgU4C{{YuY
zq-P(kAwx_G+3Wrk41D<V*w$^LhPZ5c=C0fVAtd^7RCL^#*q>TYa$e@9-g@#n(}FO^
zdO98lLr&gDAZD1xGLpS2B7_>T=ATMolZ+8S6__7dVFY*ls=*-hQIrIIXaO<rRd3}H
zLQZ>kt6Nx}YX@1MorA3@J0VL%WtEcRMq$nkSc9er=CrhnFkvjisLwT8`q8cCE~Di=
zYAtO{r5!Fn`NnGWKQtIWol*=Oap_jA{{YnyS=2K`&v_lR1y?N9gFJ>uEJia|R~~Bu
zd(~T&0P#)ghE?2mb*m{Z&^CjURW|^0ij&V`G8Yt(7LCLGDXly7&tFQaU5#DSBNsOz
zNX{y?W3ka`V`Zo;IW=&%JX52AQ38RAlgVF7*yu{cOM^y0@7J|U<tQCUrWn+YC>a@(
zCjiqK#%bm*bC1@OU_8(RM?JGn37_$&s1+z9JuyJW2!QLJY53dHl$@V_*rguyfM!Mq
z1k-R1MgXUfH&ia*5(NM<OoLFibIm^|Cz@Oge~kb{y=p=7_st-{Z%TGY(ECsYdz1$b
zz53Uu_zy)EmJ4*~1d{WU>0B<AWOW@*8+>FI$**R&g>9maH5gS~R+M3{F@%@ATaf&{
zJ63e3X(p{m#fJwKR#iI*HPFDG+y;*|Ar%#|`7mmFrLc&K(;0Z_QxVNZ;-#UGaw-Xj
z1l5DqqLc!k&XCCBPu&rW@z$|#;32nQkK}7zqh>0^oxO!txrz3=$IeIHJ?U6+dY)UY
zSs1l(B8&#-H4q`Xo<(&UwW`e){1E7HLFy}wyOFImAg%W#UOu9^YeT8qMs{{BZESJL
z?Sn{j{?MgYRtt>e)3+Z^E12sd`MU}R=U}P{W;g<sw-bSqPXmti+W2F`Ut(3%H6<Qy
zGZZ9r_cf(DZf?d^Dkv+nPr{xWHZh5(0Nltjar`6FyJU<<7z3qX+Fs2B-eV2Xo=88^
zw!YAkL?w*nNUusMC1iPXlasp{GvE<a9ObfVcaw3d{Y_AS4tS|Y0JC-+(23AfCWsf<
z2_vbbF>S`?E_>CPzU4;{0-ZVHhV%}j6Yo{5;cA>+YS&SUaRv-(7a16-3C%|+<1{cu
zQ^6yl%{@7&+pcNx9&0tZY><xi6rC#180M<UjNlq2u#m8Q?A46%P({Er@Z5eh;jo!o
zSifB_N4vdqk0v6(`{RoFe^a^pRqVGLiD?c_d)K}ENxSkqA#jJEG;PPP`OSRyC*36d
zKDC`!t&4)thxjS+#w3tr{Gy}J$_ILDk^+IoYch`7+1l1LAd$f7(z-1xT90r^c+YyT
z;W;AIv@3Bs2igp6pK7;x;cuVKv~It`Yn8QoGqy36u8yAFmP7_N7(MFbU=H0Yin47=
z!a$`NkP(n8rnS@(ROL#r>MIFHvAkv6)d!&!ARPDf6;=sDbUkXoY~!_NSt76ueQIz)
z9R3wmn;7D&zM&jMg536|ftoTXDt&S3Sh}{JF71p*<!`+iJ&2`$5JI50BeiB+c!^~D
zte}C(tz+EIM>6oUM<t}W42*I9%X?QS;o+T=8(23!#=8Ac<hgNsANs}N_Ku_0u{9eR
zCx~4{xgByl*IXILRyQgK$Okye=B0__`H{HY$o4fvF#~A8R^>g9rC5#9O{K=%@t;HQ
zR?MTR1<XPw-am()1ujI1w1dyxHEw9IirCyS{zXti5z3Fc4@2oq644y%=0q`^j<ndm
zc)=e-#aVU6ag24UszOXpJ0Ga35b`$zjyTOt41lf=Wx=Sx{o%>`r>C)|^!dTb@6TEQ
zmCqw52iBbu1!B974?jap07)L@!5*Fdlqn!&a=pRo4InHKau|K(_3u+dA;!VLJvr%6
zsSh7q<AQyE`t(MvhF9Q@{=W3Ux(c_jVS~+4n%$ys!#;=Jrru(4yBlBIr8-pOa-IjR
z09N^<JAmu@(hxt^C(G(F(xlvDd@&^-vFGxmB@Q`O2ZNrXkP92-a9ad)Ao27x0i2My
zIORI$=}Yo3%77c!v8EL&L2ifc5ztTs!^@N%q?~mIo~#}+jn86n%AVO2)r2|8ZKRA6
zy${x#GD*WR*(XJl``=%GdH}HmrcaTWiI;$T5$W`$P!Y2Z6qEBNK2!L1su5iIoJhN6
zQ-H&a`&FcMl&MzvyQ%I!#(-vupS2b97s`-**CT=L?^~Ak$H)QHWcm<AV_HbEE&}H~
zZN_n39+ax<<q|NXj(G-^fxQa<0AmM`arjYNAK9#b<)NaTh`G(IVc04Uk$RKd(*l>2
zuo=N11Ky@81|wD_hH}HX?rFdX#uYwe@~v<lkrqcFeSPU;LUMNHSB!d}N^pRy`6_bR
z{o{N4eJXHQBLHn24|Ckm1Vu<zW;tWVJ?VU~iV55Y^Qlf0WQ_BGKczB2SOLp9>Q;a&
zY<ZhIhdf|^57Yc=Lk`HsIP5s+Kl=49#Y8Me9RMH1eFwEgDczFCf!ErYit{ntss;yq
zoK;y6srioQZUXce@Ay=_l;4k(pOg{SoUj?>GCLl4%~i!>qQ|~YI(K3HD)NsiHNt{@
zeSiAY;EMp-fHPy$sh~#W^UQ~?dJ0Tw0&m=MIq&X$D*d!RTv<FEWsNf0Ez)^tatBsD
z&0COV#AA>-Y*dzz`(g9$8PD*7D|+1r$b+9+%d?E`UBi*n70_A0Nd%FSa%(pAEhAFR
zcKq$>z^zD5dB;wbN+3dk>*-fxBRq^&^yOnYE0#tx)2%7vKgxt`k5fyE)w3&DRX)D7
zkCW6=X9uk=bDW>bkXXpo>_zUIac|L`PSQIb)!>@UO$G611Uj}DdK&sM)4y8sABkEh
zwY>XeV-Zi!P6K!U02&NyE5_z_n=yN3Ijgxn&0^@1<{-7MP7hDcw2sCRcR<a^>S+TV
z-1Vm9p2rk`9RC1X1{Y2Kj(YMchL}Hi#;;xf0H`%jOkPhN={>~vH1adgUrItpPM=y`
zzmL5IPB_gmi-1NrsN5di>B<g2o+&n;T4EWFI?yqWdenh<1J;^Q=K_J1t{g=PZgE_*
zmb$(58Lh2uaTHrY_N@ID*vU5heJeR?>}Mx;V|Lm<Diu(?ijrtjWg(ZXNEgr!l;E{y
zh7HD+(J^THdQ?z`k8of?#dL>m2sMpz$>y*eaah%khEjsv7^NOdvKQ8$b8b~KMNMqT
zw`^R1D#g{^p;DxbnrSXmG;{khc&XCdmG8|z3%s^ITDfe7<A~JJ6b5(M+2ja=B-c@;
zX{l=#O8n-gvC@(Oy}tH6D)C;ztwzSsjkRD2CY{j#06J#iy(tTO8lyqZ*aMo6c|2fK
zTO@naH}l0HCdkHd??yKcl)y<DH7Ld?7^;JzAEi5PI%btvdeUyqFaQQSdr}r0p0uRk
zV>J;xk%~Y@(q*{q-k@Sh%}!UGRBa!<07sGEwJz={-d69eF`^**eP{wA-!~mSDf@{a
z0g`%SoYSL#vjtI>V}J#EABTJ^1)aKGU7%^$WCA!^sKv>NyA^y7qt6x5ytt2OBjg9I
zciXaBt6C`D#0+3nkfesK(z3ELdX8V2b4;9kltA1OPH~ZnrUVx4jw;wSNA5^IwQ&wb
zG{ig#WP^&5nEZ-t3T{qnJ>1~btTM)+U~^D1!k}Oj@s5U|nhYLAIvH3Ur;%1Si5D5q
zv8T9>YgW@*_BMDpxKYUL<NRyQd`D*H%gzc!kTyu~j`i#hAC*4uUIlZWDbiz_-R`4Y
z61!zy#Cp_9H%73XndVk^0!W8HtzX}gI5mL)dn?&3-;IsOxb0mgmu@b#3wZOxIL<52
zan{GArS9D9yeptb1Zk+=AZc5ekdM3WYo~Bza_qzCX+YYFia1e$Nwk{uVHFi*d6S!)
zyCOMkj@0`}9w8zV@|t$QxIO97sA;xzC!AFx38Dr06)LXY)C|SI;~l+fVf(@u1D@ik
zJ!}MIgiYU&qzXdizVYi)5E@)|U*}D8Oa+hWQO?;rY3gt)2@lUw_8KLItmgu&!}n@Z
za4O@lp5qw&^gk(0&ReAt94#O!F*~X8=9+W5oV<0c(PYKF4MN8)NxPg<A6im(1cz_i
z5j`l4vle}73x?ZogWTes6Jj+LYeX)m2k~ZXX%It`fUO|_^%(-ZMqCav+nV-Iikqaj
ziHCL&kIz5OylP$?<n*j(xpCN!ur$^mJ`eDYYD@u)_NEc?ob_(CBRkIk%ww={%tExR
zS3N7xp_y9%9D+Lf*PQ4w$7SJ|S(KL{nLzGyQ(5?;_9am_l3UPqu36J^lW6UyRxpZ8
z^pP4!20+iPSC-f)$X~=)9DH#!JAcs;ln?LXwDkV~7u#wsu)Hq>jh(#iQhv3YrzC2s
z#q4VN%?yC{t!r8Q(UF?KxMsjS6+D6tc&$w#$x+Q`BwA*?iMcr(Rvp|cBj6k#rF468
zm|nQ7ElC<D3`bMerZ*eZ&Hl|sB<DHpR;=`UVJ2ii`01Kr%m?G|S8b)_bII;1+h|;<
zxBZ=Kv*m>bJB6-R`%Y~h@a#?6eCL7x06g3LE3%EZE(a!yi%9P6o+nVsMh#RZ(<X3D
z9y_U6t(D6tAGni|k@ruvQ;n86NRfQRKX`hNTI#i{DQw;C=Ti3Pgl|mx``0NfEo(N}
zGqnBI>_v7)S4Rxs;_g~fBTc1?!2JpBRi=k6{@QwX6&RhZ-vn-m^<PhMQi%cil>EJ_
zmV`Y@<K|Mlk~?~euOwq>1D0NXwQ@yL%PNDAdm3R<<9Z*Mat1$2q{txzH<rU0BL<jT
zWWW``Zl79RpaRR#oQ!ro#Y-{?VcrH=c^uOM0PPIf2jyzC>K%N@uupZWkBMR(k5B%!
zKHd6^fO}((XaYobjzG!|Pu>QtxeP|rk&dRTGcaXx10f%gr$@=!GyduIpb6LJ%u+Tz
zGI}5IrH?AUREx)cY8A^q#>V0IPk*IZ$$m)Waf94Y1Tu}0mN;b257wY*Jg&UN{G5)4
zt`NbxWMiE7s3t{tNngYf)PIc@0yUFkV6O+E%}dDysW>Ae(EC<#Eg0H<?tef2y;--I
zugVTrwtE^tUXFH)8CH=o&N{7JQj)+n5h9+)tx}G7&-%}h{{VSv$B<Zq3Cm-hr?0r6
z3Kx(qyNMriDLfI*DY3hat_qQ#yu6J607}qtx+ae9H8?+bXP>C7R)||lcE6URyAnfC
zGj<uWL#QO@k?&m&pL|0HU`fXXYmv8OBx5J3;PlOG+1zX+B!GQr5#QU~8Ew(kSb{s8
zQCJaAJ4B^G#yH}N39$vVc~+2&FF;RI?@GZ`n~ZWkSk(Uj06sy%zB;m_a2Nyu?a+2L
zR7Pf>Kf;_3>t21&O2bi1Foj%}aDH!Y=B4uaR2azV=qaUHr7w&Dz!~k@pSO4J#&<B>
z`0PC>5NB!vKJ##(`g+itnoliG8M$MQgV*{~qaI@!2*3;S`wEd)$%Ez~Nip2*=%b*Z
z3iB~{$iPMU5q$@9^{Vp3(k{ipP<iL?dsOd%w*ck2QRphf5D>wz2`4nbs<s4x^17}+
zi?aI)oTM<vy9cI0Za+@-GrBI^4>9`z&{R=d%XKbx1CDn$Oi^&LO`pt{Y$>&SwsK8L
z4Xet;e9E}xu~*D+#^7@^9s(x={{XL7Qqo|m(x{Kqaq0B;qT@)YA~2%I3UwTM=lp7W
zdti)PJD<J>Lsp|iQ?)~L!FKET3cqV+UAKP#?OC}RBqgP=Jnj7}ZrUAyXQ}H<x3>tm
z>^l3Jy&7Yv>(-@iQzb!)nR)G;)M}@xH8APcwuuayJ_k`#7UKi0RR^5@l{yjM@U3FZ
zq=YA$c*kxjt=AM_&`SpVD+9$kGV4AcxwYC1z;B42%sH-svFXyGZoK;OR7+P@K6laO
zG29ex2y7hJQIJ5YJ~7jOvOHrsjdsIuM5+e>XQ=$@%p|lR`&C1097%Gvg*4D9<P)9+
zFe`89IIAd*@P&g16<16=6Yo~9Q27Usr9q}B+nS!Fz0D9tXe5)<G@y>goC@`-7|;(-
z%;J!y5A(-re*QSeN`;?14)g%=jP=N+FSQF}fGQ&@M!9AKHA?$Zh(J{v=Eqtt4cO=P
zY0bsv#Xakw(k(ojWhbsVHOwGCYV%v3b6X9pxQHqYVzZ9-W@)S3-YPNF3TpyKY;>+@
zYV#@1b5`y3w9oGc=T~ynk+4U~ew<bf#AWXeJ66PZuu6vv25T42AKH6C>(dpTO@%#$
z8Y^8A*(2#qJ{Dlv-r26E)l@_<IjLI%oYg3+0)ny5!=NgrB*FUDoxPM+plx5$th0gJ
zG~9#h%~g>~DF;$12<JGZCp^#_)`5&F268`6X@`S>#XX;`MBE+?0};976%o$v1vtNK
zP#ZjB^PmSI8T=|v+~@G9crD(SfI9O)$+-3B`BO`JR7J8mIHcXrS^#q~6vb|73Fkei
z+&WSL!1J186aGyhZh!jpoDuzK0eA3m-jK08(+RCz14)-vy-~FJD01Y`lWZ<@-VN~a
zY+qf+$M7kx(q1?pN_CuR4XQ?i3Znv+Mdvltl1j+Q?k$?&Fz;58c{!@q+&L9(ah_=C
zBBA}&$FZr;G~1QP$n8lJWoQB$gySQ%O9O(Uog(E3s`l;4UrK09yP9k8w4<dXaw?v{
zRAcj0O;3Irn0cre>v73GwJXPyk;O4SQYyv+QxQ^Zx^(%0sAY*}grhE1h6t<jC<;jQ
zs^DR^o{T6N<X$uI>)Kp>rWGxYM;%9};Y;9cm%81)?tHLVeQVP7jWus<+A;?2s(lS{
zz8BHH#p0nnWGax#@%kT8T=J*yrgcWIxY6H;{d?2406J8mX)#>~DFZLHSCBH#8;oRh
ztJ{0`sHcnWk=W63mLe%|pyv(VtUe%wpVG6CG-NXMsorLos$&3hX{IX@CkvC*)Na)F
zI2~%c9GV*%CR6g&cl*^Yep-a`)SDS@FT2eSXigUu8=so4_C$)kX=FbwBGO2HT++US
zAmb*SI9g!f=A?hS#X=~HJkd=*do=Fivl$Kd`ncEB^Gg}v0a4!{-bB9HrzaJ&*pzW!
z65+>(C6wne&KMEsf61>BnGXE0!1S+t@#mF4hvc<#s_%lVMt0+#eXGGI5=kk^3`y!Z
zA6mv+mbM`nE&9}R9(L!aH8I3Vg&lkPnuMt=YDRiKk)yr#fn~I)XM_?@dP#g5;$6mE
zkM>7;+whYscyhsy0K^C6aa|73aBG#+Y1r+JIJl;8cNzqX09j&L0`v0l-;b?Z({wnH
zd4@JpMl+n8eS246V_e~Y=dTpsEff=uDtX&4ks}=<TT4?Cf~nXOoL26LKXsmeI?BBH
zjy?NU?vV-dRGtr7&Sk{fUL#{wE-l5)yCV#mxJKChsf+Vwlt#`ERgQZ_V+?HU4lq4E
zYau*R*7rVNl*~J1V4uRh2KLClT~}>!nvaI1y3|(es6i0<6n`6fpK8`Ty-1Ulv?sRl
zrHbKZ-4kaRWi_Q2i}dFqR^>@OzHjiZ4qXQFONY(8fmf?2&Uy4S+YKu4PDp}g{t#OW
zjMe)%8T(0{t>&*`s3RZ?E`Cx6Ap08UH46?3m>r^SK*!8Jp0%Z-=vUT~yTcMPvE?79
z;A^Z+C=fi*LpN0&Ds+y;YbB}Vli5iC%H~Lie^0Gb+p{18jQ!l#uwD3a+Ecw#YY$#4
zoWJmq`I;~b5rPQE<yxw%sf?(;hX@$-Jq<M*%af0|Pvu(o+9dY!6=+Hi=lIq<u{3*w
zp}^}}DI+OCt;vdH6*$2;2i~JlLKVgtPd?(Kj&?zV^8xp2T&Ww!IT#<|R+*6#N0eqz
zK?j<F!y^V9k<ZqyD{X!{Fz-syD=y^k+Z4cO$W(vNHW^{*p7hs6Dgh*8qXW{J9GDm*
zE1kW1REr^u9piEiqrN?80o&QIk^mq0WECt^5O%m5k6e$vQ3XC&1Ljl6KGb1fD08<Q
zdV}dm3yA*!!W%w^*V>oMQ`8I}yghyWs<dvz1#Afie#WPcZ(hAIO#xPGM@BnvN2m3w
zPK5|N4tfwf8r?fxIU!p;`WmZqYS_vHyBXNr<a-)y3a~m%KK3LWZ6gHL>vq5h1|%PJ
zo-^%PZXwU_RpN2nf-zTZ-C2}0n~(6ip0un6#B(}@$;cgZ&JAK~lCoT^nO4uBQb+h!
z+yF2DMnfOG8lkz;;F+0ajn8}n1}LzMODB23V9w{E2dMTHuWHM<5ylTRE{G$Hn|1&I
zdY`-N`1{pqSRqwrEx7Q=a6unhLpoHNO@nDAdvirmwX)5uW?e~<$mL2g$Kp7mkR3dy
z%86qi>l|-k>FxZg6+*ETAcDgLf!DeJ01CPz-6Jz&KXjkRnsJYLPI=9F=b%yY^1(>X
zIedP9=jlOGHjaj4*U?8`=~K#tlB21>Kac+aTCA<MXX-H+3IP1i^q>l{!M;$u?P3dm
zx+=WVd9p~&!k$PcpdAHkFbNIAo&%Dqew}L}V)Ixi&em=}r7;U_Zuc$bHyeg>c*6ex
zO0xW*Rrw>v0rmP-nM&HmV+bBb;3)4;wX>E+-8l!>9leDY0vmfso;}Bim#-a9rCSyk
zS4C04g4}bk9$V^vrCnI#jdwY~QPVsD?@n1>OnFF1Jr7Pjy{cR6F^L2goI?-|jBg^3
zFLZ>qS&uyR{{ZV$fHRyb?jx%c@~upb8jz?rIqKixQc@BtPzW!U_8bb)hBCu|6?<Zt
z3`Rrqap(<cMIINA&XPrqhAbSP!-}-4^6)tw=@EGJsQ|#~&01C^v7l0P>CHIg^`txw
zI#U6_?c|Osb;%j3;B(fcjq%4dq!|*}n2sns98g$xrk3EE(V2rEm#;Mo9Pvuh0C7>1
zmB>BlxLEUliQ*6RX<2hJun0$9{c96VnO@X%_N$)~W@&GXVU8msBR<uKqDi>`&$Uz@
zrxjQG!(hHDF(=K?5&Wu0kBs#1QL5nf{{R}$L|3j_4u496PXw+i#pXP&DhmU(J5=>0
z{6*5dpL#Klw41+LX>JBNswj})RZFXtw~Uf`BBsy1U~7_*h0g|)VDv>vucVqncMvKf
z**w*CB%h^8liH@{B%F2WNPFUd2^gnhfswGl$*4%H47sY(WE>3A0ajK|y2MnGOj2Pd
zQ&s7?B;t^cmfyrGpeqbxj+LPvvjn&Whf3oI6!DsT#VIql7f?9JaZ&~i(1ZBb4kdN_
zu75h7El%PhK7N&4#VMVJPJZd5IZ=whgIps4)Yharq%#hqK9pS)q?tP$V>KCKR+OFH
zIi~G6&st>>k)BRX8;Bh##eM$(T0@XJ=h}c1%sKsNGW%0-)R;M-W4D5Tl_x!E0`v5x
zJZ6v%E-}xhX^h^K!r3?nuUa|vIG_bQ{!}O={{Sig9cjb=0M$SeMFY(uMH=PY;0pD<
z2Sr^cNl2IvHHPOk$aoh@7Z=}cm2#2&(0yytUz5_eryDDo$?8Q4{Dcn1gUXtHzXg_w
zRH?}6R!JOREP}1CP6bjY<_4~*`9>%Kj5h)*6&qU^sY&LVMrZ*~-Ks$BoR3<%I#nr#
zB;7z4l<`62R8c-wq|G~st0?*Do$7g4IU=Au4Ej(pcVWd^Q<1@{MY#s8MA<>jAS7Xx
zHCe`E$m%N48Cr=)ET(`X$D0?vE1gIUw~8Yme6o+$x+wlhcAkf&SDM^4>{1cRwnYQE
zbPrlgW~B?70#y=57b2S~{IxzXDk*WZ@u?_`pxcrus0Qj%-z_5WGeX<~Lr|W*YDPbm
zN17NR{i-p`3UTR8U%lx|sLMIPs7d*$?0Be$EmtNaNDUGZOeY41Ii%i$8BSxxB_Zij
zGBZvT)AXeTR3Viv*nO=*{^+W@j-?)-Xwni1UtR$E{&gksKiUVUC<qnK_>)eXQL`!c
z*bqYU6b`tpWW^JM@fN>vsl2Dn4;fSPjBq}O^Zcuek;X6x13fF!FRWr+4(2~4A!6Bh
z+Xc=K9Qqt|73Q}JM2<?81n@D?Rt(V<n=HhRfN@VM6p%iYh%<rx<5J1~vyVb^K#xZF
ze|jd-8r+|r-crAT<bPW2Qw4GlO7d?4-wSPN?U?+x3PAMSITh+qF)P=ndgQ9DBff*Y
z3j~bx8TY7UKQGdzIU}CGO097C9{&JZ$lApx8>St3J?p5`qr_u1%)ktjjyu;|W;UQ0
z{V7OE7s>*lU{Wkt912E|0h3RLP~RyuCWO-)Bw(*R`wF8is0Sc%T5=2utlfT;*ds98
zr%klPvxFRM&pGGTv<idTqbZ74Wmt4D#~<AoHDp8y$R63M@q&5%YTSKBXt*>uTL$gM
zDhaHWm!?iQBCjd!oDWJ#7y-pQlWk6J_fA(rl0q3s{va!g*7OLOS-h>IvoC7&tDG?B
z(y*^%7;Xl8RK{&R3vf+pc*XUcmTpJhi1c7ORa<%R#yo%zPipUVtu<xb3U$xYy#DUp
zt?mfN+&FLPU9{)Sa8;+u%gD;<(-=530?PO~$UJ+Btd16NN8NFnv_T^v@;i#y=V&E`
zO0<c>u+BaI0LGi0;4lD{A29V4M<(Vf+#KMaT8*~Ear{93Vt^z;<hIuT09OA1bmyf=
zQIUwoaxzHnJ$|(g70?0Ok)P#LLh9+ao<B+eYrX*t0LOZKWH$l6U@{M_62?qyGChc@
z*<?{7Wb8jO_r(BcB&70xTCp6xQIE^iZsZTfs0R=G#5hyX)XMBnOcUH5w9wINL|F&T
zfY`|6ck5a2U=BlCuRP{9+C^CtsvWKf^!BCmqL<}q6rRLYh)Y-`O{y-PK<vOaD|!fg
z#8~{_Hv^#nenz?R<%Z$O9?jOTLV<=?sT^haq$X@VxQFHmBIg^BMtS`@QywcTlnP@8
zP;wg`GwM$j9ktEfxFKYdZ+!Egz|}oPZzYjRTdIcT0-k=S)caJhM_+4oV{2<118kcY
z8@FRWg%yVun{XmgzA?uj8Y*=QBcp{tu~&2RxGaA<kSSDW8OpCi{(b2b53|IWAe8{~
z*b$%QQUY6h9;9FoTHt4*Mdc4NHO_nI(;xn-omc_J3C8oDN%W|}Ep;Ir>^S4wttfB<
zw_rQ>{{SYC47y;jM;3Sk=Fd6*04Ai<;8-oBx_+o|GwX`3Lr**r0g`z>^`&tZ^p4#J
z?$_@hQ<^#mt8EKUF_pem2bVqlg<PI^?c>W}0De$uvdpoCMFjEkqWAZw+1Qnn&$`5y
z1nx+?C)eJEuAtcrR+8PyE-uMPLCkRHueq%m09cDlh~xCnE%l;nl!1t144uzqC;HZ0
zw_bY^&HJ_PNBPY=TvsJ|-sy@&0!9a?L04_Ir^y#Riyrln9Oh>QM%2&o9$VhF>~O=U
z{{UW-Mv*kE(EP=@^{pgcGx<~&>4^E_tuIeXNe!^aJaI=IX-f)Y9lwoGfVT%6)NDpG
zoSJLM2PF2Ya$X`SCBGU6V%eA;_@=GW?&W|3-moUrcV$$O&*@q7-^f_`XKp$Z&S|TI
zNb4V1f-#-r+upM7d{GpA7!prKHOkF+;FSzzB=Pdqn++aYm-DAPM?f*nTXtHImbx7s
zuCVuvK3#*aHMEB-SvDGMaAO>v)w3FqG3nB!Jx0;welc%9QM^4zm_XvW-5PH$Vy3!%
zay{3VppW@#-M#CMw_^?Q81L&_y&7kiSL3<YGh}h;>rwaXO^oh{9OjO5S`3Qo{a@0f
zv>zy`F2M+CwrVzW&$TY3{i0HN=9F}&6&T|bqaA<9rcls_@~j<l+>#i2*7UQiE0TGv
zOR4_U-1Ma@3R@Ww#l=jJXQ-=-5^<agnM4Dr9cnI!u}{gs&M`<*w7`kGic@NgI3uU6
z9LNlEoO9Fp)mc83vn7Ld9Mw5sW&RpBC7Go&)Y5Gj;MJyqu~8WI{b>OhN*jZLPUf0M
zI^uvDpyr*>(VSM6m7&k7F<^E?I=A>ya-$a~Xqnro>n_H~BxByX$vg^78=$*8{TOg-
z3gg4NrL?<Eqc@>bkxevIsML<=vty|L00ZW=m6g6_=QWEDhc#y#gi5{eTbh%|)O6Vu
zE}&qiqjePSQd5fek*wIL%i}!anv!o^fzBzU9+;+CDQ}lKrsaC%b4}XV$Gs^`_ND+E
z+<r8K<n%O~SU0sJ6X`$=?}|5%YK-peF-Q>Pb3hXgyqbCf#3};JdI8>;sKkH)C$=lO
z@UMo<OZLmP`H$UG+L}#?v!n2hk+ad_R#F)9LG4?taP<X`0I2EOtVp|sbaXNmK3RUf
zDt8-}sw4CVsH=){C<26oY5G*^{{XubmkHjWSHLSw3mMHQ_o&gbwDCv<Zk1ATS2~J<
zW#WJ#f%(N+&P8YEYgNeHGSCE_MMCM`rlcc^0H)yM6#IAWPmw#-WIH7MXah)8P4dh=
z>O?tFOrMN5y#O*r{vq0z0i8`Nu-lW|R547RU|#v)(AXEk@lGQYpwR7spGsgv-D(NG
z@8eSwo@yDoDEFxu3G}BP1t(MVp{kG#YK--#nvC_SV*^OPdV}vszk8ZpMoh$Gtubh0
zO%+Y*A;i;3CW2`{3Rf6p(jJtVr9CMzjia>`l_&}~=NIs|OsAzl;4s1H4N0jTv)kZ$
zijJ;NQ6m#ow2okRE^>sA!o0u4x__5H%7M2K44`m1#xv5rZ&FkCb}Q5aj8_lht2BQN
zU0kYglPd-+Np5{QW9d-JN19_3Dgu7?IQrAvkC@}GfBMu#6E~MA<wM|rI(k!AEOz>g
znvssSxqB<vu44P~ICb~$Ue#lCmoP<f8Olh3$Kzfi<M(ThqP-KqT8OyPn$geiEt`S<
z!Rh+eHKTak=)=m=vE3`-Nv!M18*ow7^s7O#00y9zHFgJ{D~)b<y@~YbKxD^i>7Y1Y
z<yks(BVccD&bE>gNC5TeN$v|`Cw4Lpa=xaOWKeVHdiqqeS}?%JB-I;>IoAw@xIMip
zT4PpbkJ?q^;Elues>V>~twJJ_70CoJ>M>R3eW!n^=BoD>Dn^e4b)+j*p`UOA)~qXo
z_|b5%<Xm*A(YXT^3Y;$#@W-g4<FRARz{N!Jnnr#qq_UC8H7$)qE+pfx*0Ux%v+q*L
zAz(uerm9HYN8w2g=x1I)vJOD6J@G}7!*r|%%Krc<uSJ~vzV*j=sy+63;~?jybkcT_
z%~@V28HVyxILbCE?YoEI9x=s3G-vEmNC!MNDiv~`TLaW{U8wWfJj=FY#x~<WN|EDP
z0OzRBwrH0n(nY~ucM<7NjYG!E^f~@i$txoSd>#P%-2OyV`74<KBriNv60r@q41vQ6
zd{Pt)4=CL~*`Ny{!nWYqM;Qasqme#+%f{i3y=jGZt`zatAK^{~iR55`$o`_JWI!}b
zGChx@3bdt$8A}!JJt{X+QyoulN)j>$&BwlaQm~63Xcz(4ueTHrCCM0!=f2vH1&CJp
zv(S#C{AwnNv+}Sx>^P<}e=al!YNz3m^{aNkE(#D7_1&7wRAR$&vFDtSL90;4kv>FY
zo=UEIQ$(|%v}nsJm=<1gcDGNhUB#`$k10lrZ$lW#J%9(^u<eN~rwi-%e(3i;wW4m?
zFi{dU+BtKa<I~Vnu{SnGwzhy<uOcyyMo;HOa-Z5kzHcdxPf)Z{vncPNINy)pOlGBw
z<qU*?hoH|uD?52Ms~Vr4M&rF)oZ%J`_nZN=4sn|E4?uhj1-m)OX$fL|iO={{Mn>|}
zpvx9Mz<>4WE+ytTLCMG`1GYcHppcoS@{=QR3IO!~06)%<%`Gtxn)7lA`4`*N)!7Rq
zWI~x{`+)a8rjjVq6i8PbaKqND;u}QsW^8AHp5IDaiMtH9v=9>{jpj_iWsd=Bz2>7F
zFXh6;+?*Ywoc(Hz?yDupVG;7<9Ou8%vm>7j3YAb4lY_|v`44*0F61)gw*)ZWRpnpd
zA9g?fy;f=3ZUFf~<oeY`cepv}4^lt9?N_biISPJWa(VqIWknZkV0mOzUP~MkU2UbP
zi3c3jEhfw$^9q1S;e7>eqGP|(qjOQnFa=66gG^kGO)h)W5QN}$s3e&bWt*?+YDdlq
z1P@%+bk<&b{J`hC6UX2v1XaD%6q2EW_Rec9mEZT16Vv5P_N~OyEyM3QKJ{eU+pj)a
z@$1b6T^z`>l2tft4CfT+^udg=Ij(|vK=}{>Ro7^5pXP5t+L~>JkwzN`;{>V<^(2mJ
zSePS)H9Wp#hXL7rHt|eY2$5Ow(~>E;u(_uI?^+QIuhO&OUY)zu*qkZ$qAJXZYL6`O
zeupGJCAyeiPaJcfHBnE?&u`B)!``We^mYTKd$)>of9+i}%!Pl_p!tvw;vLq!Pg;zJ
z-M68w<o(mmuO6nogqy9$Jc_lRdS<e;Sp!A4Jc`t1JGiThx*|IeUO6ex&{Hh)w}DQ)
z7>}CFhfxqV)}_>!@f!y{YANIp$CFi#s|L*Hp7oJ=e)kQ9I9&Cn*-l9kU0s=(fNm<O
zkn~!J911huvmv{RWNh`O?rfi!(r4xGNuKl)JUfnzYH03cQ}?q~iNMI96N*4<L#a5x
zZa}MvG#3Dd02=2KOdfMmiOR5|*A>l)?0DRVBC_R+VZjx49Y~-6oQl<tPhCbJ>brB?
z)75TNBPqK?=8RzUts4&w-0A~)Zz?{-j<vaOpxZ*gxiUAuL0h({1_uKb4qcAQSYER^
zr0{G}urf~02W)k%+e>t|jbcR#qksiol<i%_a0N#m90nu-SxQZ_ww)-$;YH3CFgn#q
zrW?BR=~iVqh!o%f*EN}Ho@2bSk{38%dUs{mvlM|(IjQHjOUMd11xWAKn+?2d*ao!H
z+$#LPjcF4(93|zm*v?Uh1EI%JRkt5X>-<S%8&C5<`H<$g;N0_Cql%<?SfWA)0)rvX
zN>w2Br5jJusDXk)dt#B8)Vo)=N<kTw)-+tPI0M#zA<t5MD&?M+eSY8Q_Uyp_01+4!
z*yx@Njwq7rP#c)?Bkf&nym7*zVvSKi>?>H){$d=v9KMI)HL@#lbT`e|b`{qoTO$J%
zB9%N5Qk5HPUR0KZ-Hf&3R;xy;LH@YapW>lxCNfCL<$Bc6l2B%VDG=evphKh?TF;af
zY}T3SRIV0)B7yUjt0J?}wo8v%yrzMYj+Dn46zUHmkQ60M6G;@9Y#OmDb5$SZY|{ez
zwnZ&giR!|(X#k{Vsm~b)aP3!WITIp)3wPZZsU{hW)hJ1dU8kX|$L3l9hXvvKRXjX%
zpuxuM=B`3;S!pC3(rVzDd#w&WQ$qdGO2_4@0uSN*DjAOe)XaL-X|uQrk&RxIr==L;
zko_vU0K-i0PBha}F{Y7z^(mwuT0<PhlQ^V3e;OzN&ooj}W`GVmbMH!XjxkKlF6u)T
zn#=__wLtClpbA=%{n|I9(^r+xYIW${Y~!f|H3Sd3H9oaWNP_s{5^>Pi6XLXzO)5J$
ziSury^2+}JbPTaSKnL=!;^}@v)A6o6TS=<wx`p^V1V~oZzt|0jC+qzxSxECYZzX_8
zwmvrG^xV82KVQzP&li(8!OF7kQ=Z=b_1SpGMjvZSn<)1Ai@A|U-Ecl^dXM5CQ(SC{
z%oLOJ0iC^w=yCcQf{5h*09T((Rqqe#he+0<xXJQQ$sirn{{V$kkbdl(^s3zB6q>rQ
zCuekfq;o3;DsrS`5$R8N4U7yDE0FL;ulC(I*-H7E+wSMOcKoZVR~uXFTvCTCvFOHp
z(Yb!g_#*jEc?XKyhfxZk?#p9}<W4vA{{ZV%`yJBrlY#G0<J6@thUA*8zGxj-^ipZB
zt<N4~Xe4DI{K_-Wy=9CGvQ!$<A2<gXC(@OQ(0RX>XhQ5~muLj^0~C?lJ4gG{GJ4{y
zLl{mmQn<<EiY;Kdk@H*1QNHhLxg41z)X{MVnHl4r#;QccI41_Bl$oTj*pX8s@l=(%
z9<?U!GEe7Ia*1SOK9x>aJ+V@|;B!?aZg?PM_oO@6hF2iq@l_wMwNEBXW0CJrJ~93k
zaYRX#r8yn_`L1KcVSdkw=&l?An&mu4I4DP;t?8{yDm@Nqh;1%FMpz;5S((I8A4Mbc
ztLcZdkxnp0XN)(O-(kZ6U8kODK)}MtbCJ$!NHC#@>IXFpED~SC2Nf(XeAWkz)X6K$
zgq?`S*X!+3jxq;hfNDupW!Us13=eO5ivSI*-EoEnfG0^ZyG}?R+={TJNCzPLVDnT_
zfMdAej;FDw`Hur(fN|5F^wR?V%#FdgJ!!10g!MV@hlBW2AeCg{WZK85VVbf&U=`yH
zkKzWH6@0~F1gNY%ae^tJ#sO71Amaxlin72m;x=6L!*E4GEOG@O^3A)DGnxR8_o~@D
zO7zJUGETS(#O)`QQ`W1MDH+~a<aEvf{{RY#LW`Ga4%Hm0jAz=IjfgLhD2_Y@2Zd3<
z{{RzIHEmlFc`$wR!#Ql@)DM4p%r{Tvm4OQG;2&y?FiZu*FzVRgRbN3{QNnrfHnf=b
z28vHTzr4nZn~uk_z?<$&fP9gBgZk8|kneKCIq9F%^!{~bD_<(zVO;Ga9_Rl6*G-ue
zjfaSnmTdJu=Zf;~dL<@oW<oP0ydcLu^{J=Y8)Y1Bn2cw#=913Ke7<w02_G(h<(Q^j
z>Y-RcVgWhB%y<eZYV<(#E!^EjVYx;mxIFdYKDCK)buHU@lCu;8mTo^PrzC`yNW(sP
zXMT*|;Zbh$SY?c#%Rm0Q(lN0NnrV!sSNKN(PXj&82&jo7yKj<3<N?%wp4Az}y6<jh
zZ@Q=We!t;Pgbn6b&fb|led>frq=i`H1QtBEp#GJ;q}YstdvpH)>#T@lB6SC-_O7Q)
z#A>KGC!C)3GBk<33}I0~0~KI)BBP9Fr%y_d1M9)4EOvRtCt7w7N<av2!l;%+N6o<N
zO{tH5DhU{c=mjP;BS@>(v+i$BN}}#>tv+|$4h}O}mlr7xcO9$xnw?pqNej9`Atkpz
zTqi(1%})xp;BrX^w?SDWUAIVNXky-DMw4kcBn)Ty)&{fU4O-zRg3ztL!?cy}p85Q9
zTT`bev7JiLj^}Z6e`jG9W|SAk0**;PPwQCl_{&b1hzu8hXf3oVN4r0d_}4e2X;+d1
zE$seaTmvS5i_@O9-sx5l!Ed=^UoiD-b6dFEa|q9yQuVxyVOC@*k;3PZ^{Xnyxuz8g
zar~*v=m!F@lGNQ6VwXQJao)V!;x~r;sASbF(D_V%et><(KgIMl=s0C;f+|T8E2v%>
zkUVlJM??HT)y3Ud#;r8b^X`u^Np=&CYoy*z4QKd=!;*MgUl9V&Wij1tA?`oAeZ@L`
zK_Y}6^>BJ>a3tfS9epqE@sKMHNg&ukBR=%`&CSr=f~i;+q^z4kC9~3o$$GO+7=(@T
zo;~Q13Nc)R?^9{kQyX3ENI1_*SAnv34tg3^Y|X0`Gung6<MgMp;F@poQD6|#8h8Y^
zAB9QfaC1UUg~$jbfCWgl?!$m;-Mz3a(zH?_J65r!eOWF>7_gM^IH+fZ;eVJ`^oIwJ
zUrKAjlAoMro1(e}%)L4vv|J)%BRto4X1h=*;0}VhyDMnz?zb<e71ZhD&0N<s(@w{w
zgh@i=bH2$HdJ=0!+=0~f^sK!}HebT4-mTjb7!rD#$t_O8)}+jqdz5wK6&l7CBxXF3
z(xuhF7LhM@ahz3+sAEz{!0A%-k!xa=)xeI~mnV^dPqd5(#^nT7W~DdGxj)7$pt6Zs
zS3L2WT-Rk<$gyt-I01TlRnZ>E$vp>AQ`^9*xd2u^wSLjv$7dJbah5)Uw~mOx>c(m>
z_KSHC0#|M;f|3_W8BZ8EuJ+&v?bSz2cNN3yZeX9zL-HODD$}urc<FK>83LNymYHWW
zT}To%XL5Qd&2;vD57h3)=Rpep0JYY&j9mT`lbIacYc$dXi5b|Q6jyQKUkXq5q`SRc
zp?Op_r=s{`Eh<9nM3Nq)_O6;Qlf7>Wc6VgCT$<qrmw~_nt1M?cRnxXb!Ki$)rnHjk
zLL=EvN89qXIPuz%(<42_N*MT1D--Hz?bjlsg^3vMDd6UqiBy6GG5B>kr5`EwqEVE{
z?MMlSN`m2d&MEP>R2n52LqHi*0uJv=u?y}&P|7-rZM)#(Gz`!Ons+rCw-o&INCvpi
zTB{;vt(u9~GyzEt4OvI1WLzB32&M(qIj0_#UN^@TU>u4-Rk)A%hf&Q-Zy=IBy(&U7
z2&!P1C&BxsfG7Ktdm41TMI-Vu1rq$x2K1%{q;HUO+MMlBLjM4|6ym~=4LwamCo&JE
zOPqsIw_`#Whl-5UhL~xvLk%$Io@s`pV^5%@6u#8jLlmBAGI2>oAP}C}q{yK3rqBYD
zP&9|2r@7**G0Ri167OSCv+{YR?fTSCndDG_9EOdQ_Z33ZC>kUDClzZYPbcuIzjo&%
zqf=msXHPO26Z^o9D;m_QT1DlR^B`TWq;v<VBe>5w_pQ;%;;HI39%M#ad?f4hA^u?c
zgXvPrIqhFghHEy61GY{PxAOy^yMjA<enz~$?%C4WNh5qNV?1-7zo_JXK9%d1MQ<T<
zBxEk{E_jLM8@7G<A5cYdJ}uG(w9j}-;$h{<+blUp$KX`^{c2fA;GFP3pY^J&xZcEp
zjB(u6xd+JD`=p*dDy!fw2>FTN`c#80=^C5qI;0nfNmMv>AH==IdeY3ZLbF1_qme@?
z9l@_0iW4%*Mgffr9GqwW0Iyw_f;E+v1EkLX0K8GU0(*|@S=Eiz&8W`K$7Hj{ga>>Q
zI2C@z^4N{4<UefptP98jsg!5stjTYl0g#MXbs6bca@`%UNbleb_aw+yByclYh{}hN
zjw{Te)}C^^!y}F`-{V`hn&remDI3?&{KBQdm&%UfH}vP$r3cj4IcwruUIekSpH)B7
zw3k<~m=7*~eGe5jXqK6Iit-fIOPH{H#q_H0sX~kgoTQ$kBBe{Em2eJ5Dp(*x(>*Fs
zMmhBBQLk_5P8jNOP|<0Pb^viznB}@--lu*!?NG7nMS|o`JCJi#r8o!rRkrEVzgnp_
z6;EtcB3Ye252)j<ab6*tbfpKSbsB}>iCFH(Veed|w$F0x@5Xu$O5P6Im`_~{2tMl!
zo_bYu$Y$xC*{el7w<*sIL8u%AY;Za6U1;KHvKtKDPC%g;;am@yd8TqvxacYAk~q&J
zBhsjW@{isJUN?%b30aZRlw^Mo_*JCCua-t?tnj+CN`#&>kxUBbcsmKh54ukT`%|Nw
zugb?59OJDyq)V8$<g1RL57w(lm|#d5>{Re*u!~Anxs8;O*Bl?pr82sntO@DCtfnlZ
zhaW~AKN@Jem3Z@Ae;kT78MpS9b^F73^cXb@TuzJ|KOx}lV}V&l>StCv%aP3@TudJT
z?gy%o#wfTJ<kTc58~*?W6wkFv?ej|^^ckob6{I9FKzkaHDMe>&jC9X>U_Mz(Ny$76
zXVRivvE%NFh-L6SI@IU`@OVMgdiznk5b=^Su!bFvtrcKLAsGMx+nOr*5j@QI?Ym=Q
zSTA>Om>!i7NaSI0D+ul3=W}%W<GHN?qc!6%n<Se-$c;`1)cTs5=fYN3aV&D9m0!Dw
z2*>MQFE!6&+1YAych~0Q5yE_%a!Fvv=YLG&pse6_DP7=#bMua$g>2q<8hcb}H2dj7
zj<L=21Nil-3E|B_!OhMa80AH3oKc&DC`{3bPncEmdIE9zRBJMp9$LsxL511{X}*W3
z#>0BFgB<M{%@1oNC`-WLf!#V9tD<>Xj;hZ%Avn(*<N@@l(L-Eexh#5nQ7n>^xJR=*
z0gu*}AR={q<*-dqtZ6{sIw@j7J#*An)r_DxJx(~TZDuJdg+E%{vSu#FuP3D@R8GDL
zHxEj(F^(%X%0N_g^yaiw<G<lqnpikIifb?%ea;0q^`szUrfG`6PB<s@s9g(Zp0zJg
z{HShm-`1Fn=7155n$Nnh>cK|repS2|o<?YB)z^_vlsTEjNvA~9t0++W3LV3<b*k;7
zTLOk#S7HZP=Egwj`d4ghq9X+qpIWN=J-bP}=Hs?-D_FTLnVghf=)<;vyGI0YDqF?M
zE_2U(`qxorimIRt4#JrYqD8l801gHPT#O8TYfF(~vM<a?rl2_DrG9EK4nGRYTbf0T
zVgSP)53L|_t=F$gRzgYWMKGbxed;=vL9A&Oo*>esv%6oH?<0@B8;*=C$L_p8d8g{{
zX?#9p<y*6_W)<y7`wu<p4O>XJ)-61lFtPxAse7US01Dk%>T^}3nd17q(b?IRTmy>c
zw3{ZryYpY}gT`wA0EzAIZMCU%+oUNhO@<whp&rJxbc<mO3&szv7rQv#_BCRSBZwdz
z8m)D1y9+PgsmBMO!k0PiS|?zXRFTWf2$vWm6xB}sD^pZx;a$WGn#)_5S$S+$ZR%#@
zVONIfPXx1pN~yb*<W$i|lgK#lR~<~+E!&N$?NWv#H5fZrIO$2d0Q=WUAV<qc2U=F(
z@loWLAI_g4z&!NtNMz9Avc&Rhe@b(=9jk_2NXK}I$X(d3uHO72{JxdNQTx|DTrIh5
zT)mJss+s3%`c>OFaWHaznXC(`+wDmy@5Nn$@$-;QD;~Ey6^%V|ZKl^a0Le(#U?BkY
ztgTjdmIQO0sRpes*<p=`QZre}UEI<wBvHSRlNlW4$Mde1%IogqwR5*fzGPsW;ks4(
zImo*T7=0>I)UD3e+Fk36{G+I@QtI+KJVzq~ori687VJEn=a4F;wvz-%@+@Jbb}UJ*
zw6r<fNtu_jO>^@uLV?CR)&$yckZhfajgKR^71K__34FFpdRA@Y`Hh{pKDeW)GFL}e
z;mr$4)9oXY&NX63-#nV$m5-P5*AL;HM8ka6uHU<FyOYq@WG32hc@^nXnsLzb=MGs|
zY6FU!7*S4NEr%RbimFd0m6)zV7^&dYt1fsVl1Q*}y(yt+)d4BN92x+oV2W^WT1^N{
zY<%`K@xu{DLk_es$j@;=3!EGpapg#+sSYrD(>IhjJtzTSf8i&kSUjl}Nt{O}@%K-q
zT8>3^%9;S9Ao-0`A0)MQ;9^RpFW=&j%kjQer3R=&ClzsCfF-0OG-os#KtUp88mxX(
z$g9jMtf|gu0auYvSHZ#QP{i1&Tyabb3c&ZM=Zr|c{?!sW2b!=OBdq{dhEJ5EbsSXd
z^C4P-;xdiqFHzQ=41n|NKoVP@-I3^OLfmmspxYylQ<{Eh0Pe<+^x~JX=8;bn&<!-s
zqMYPrnVj)Sj7IBG9yqC3)J%P;3_^3>nbMqdO~IrvKczJL;+%8FX{V=JKs20prk<TB
zBy^;v0~nljs5|zju_W<L2+VpKU^}<HM(h@+5ua*_;Ta^q;3z;;X*1iJiNV?%9Xi#o
zEi=ON^`(3iE5!^5*OAcFtM_WG402aJD$@H>8I^qs+1{<#z=mu?I3tcv1pP8c<5-?O
zg(mRBj2-s!DO2C5>-ZncS5bWe-P*}+$B7iL(>)L2T%U-pl=wd5dEF$D43ohpJfG5~
zjUGiaY<Bb{jw-Pu%;aYrpGuN;%#G+O7?w#S2&=i6@G1&5tYQ#YJ;bWGZa`yzPeJ*0
zs@gW4dp+bc+m?@G0<v`J>08#ibeA^J!*ZZ15<-lU*~edDirWwyK)XOu++wq-Ra(f}
zofh?G*#_p+t7CI652k9RwX|1QSw>`D4r*%|_i%U((w5=|j$gDzll|~Nn67lr*l5N6
z$!+8WM&l&(6&KhPe8M(gLMrTcttGpmexnEc{VLp7iIQfBHb+%8M@5q`n$l-nuJQ-1
zShmvKk2XmU%$ZK&wnf}PD26g!PC;|W<xhepBoZ^|I}gH!?YS~Z6m0x9vp=6W+PzdB
zwY?RggasUdR$?u*3>uVRbsTzDE>|(J3}**v^{I&mgZPS!j($>Uq@AY~45T^F2L_=z
z%_$%O>rlxi2U-AEeuA<!3y~Tgee;@{^7$cBSo4bJZmyc<T%7F(IISXxlPk>4aW3Z0
z-0&$`M#I47oEsf~N{!zqfmUX7x{N|AmSNG3e;UoWh{+gX{3occi%^Le0o97<@vLM9
zHz@hR>5A!tx;d&w%w$iIllOWWdLUjKj<_`u1}T{c%1Ai&G@~Ixlgj?JsfhFP0gj;O
zH8^yY3n=T<Rc*&0;4<R{YAFFsO95raQP=dQAfCmK?=6YkImU5SH>o5tc`|e(7zh6V
zuUF!`QZUW6yNqyZM)Gcx=P1N+jPfW0CD4P1P(2Cgf2CG2kU!O*!<yP#H%y30$M;{5
zX@=J5^Y%!7q47W%%am+%Y<8z2vk$sKKgH`?5y7yQpU90zQW%p}<(k|Au`cI53F$x;
zgd{JR{3?#8`g+t-N?74?6jSGv$syhI<Bw{H_2ac595Q}U-mbwI#!uW|)~mr0ILA}^
zRnWW0RnEchT0s)U-0jHDK9p7TwL2H6<DjCovm)oypoq@IP*~P}r++o149GxkfMTT6
z=KDm`%m^SItMnC}tp<>Tfq>cKygO)nmiMg7mX}i)LrkHvGDsaMlgSz#+*LU*%o<xL
zQ|FYx9-j4%Z<<SVE{xJ``MKa4CBA}+?rKY^#<{^6$8Yn+X5C(ihSE;c(Lnp(Pw}cr
z9MZPulL$KPAJo;z?b`&Zf_rTr)b*r+q-0*(yXICH3&>D9RZd28)c%6EXSHDy7Hl`5
z?O7L52xq_?8qzW%Q7f<C>DszGG7@;sJCEg9Vg}n8E6Ze`t!~<27`Wu759d_gf{Hpz
zQGv$;JXV6_e~n~XNOtW10KRKZCgTnH)@hnpn0-GQJw|a!laF3$GHHkpT0_S;rm@KD
zNuEG7?iM7;%`XRm(wI4?4nChsq{(q40+5UfKuF;F(iY&=sSx5P6!rXRgB0P?tuk62
z&v8-6`*1s&khdRES??ivP8;wwGGl@!-ZM&DHCQWS)}}z%<aVh>t|F73+4@w_bqmuq
z7s@)2IG|37)F);pu8u3>Mu{BLS!$|-%tPczeMeP4%vU3C9@CD4wRhe&zeA?SZ;)O|
z1Ci`M{dL1ad97e@R!K;Ck08@Z9Pv_@9YFnhQzUJ%u^ySN431-5mofy;dZ4;%O=@Hv
zeX074o^|O1*0(HS#h6pxvs$w?t2zB9>7$&(Dai*M*GRC5Fv;oGxqVg#v%C_Hg!5ev
znRu^itjq@<wM#*yo{W}A<Un!`J!-QYdwnUIj<%|Nv>C@3sO%Pdv6e!h^sN<6hHjr?
zbU8HnPY18koh^*ekW-QAP&@pDFu@g~l4y%G^(bmkqFV<8=FeKSrCgSc0~5y?s#=7h
z?e_cCy*d&0U~}5J9<1r7HyK?UvVkla2R-<yt($VG6_*Xp&ykLQ3bAW&7DinAip`_Y
zjFZ&YxI-nYt}=1fqSGhcZm4>Lj%q}>4G|vLtotcMcN4}>e2RvRQ!Y$1cNhn${&m>t
zdQF<zf#oTchc0<F#5|x}M#mdL<J!ADKT(K8nQ_zBu9{cWZMzpIk!-ZtGmNRht9F-h
zy|V5jfn0xyHIXYNtOOi3=QUp6RbdesZ^E`xv(U-vjjs?~Mp_-G=L~W|?O7AtFPGG3
zII3575=z1L@l}3ucQbUUle@SpC1YO0anzvOlEsG=-?K6?z~lIo)(3=iM;mnurN<w-
zL;UNini0Er{A;$2HlcQT^`@Mxh*m=x8@W@?eJawq#zCk=YU#I)rlW|o59Pjg{{RWC
z42$VE_l-(6u;QsSWrjhh^C}(*pbaczttQZGJYTvTGM~z)OZc0vL8-74n2%6sUCY!`
zE!0P&3X{!^zleTx0LBCyigyx^dI<z^Oe1N?Gzg92C~?}GxT|hnzMi#XaFK9o61h81
zQP9%?vdoewIRN(+pDSaMIH_)S9E0+=sI1v1!xVG$G?>wPCkK@^Z62{;m?Pkx4Qinb
zGwVoY#BBGeGn466RFP9Fde8)v$6dmnC^UegK~}2@a<odB=~2em;L`z0^GX<l)|WkL
zF`59AA(sZJHer*Fm1tyBWlihSfCYWdt)8N#J!*<GB!C{7tKCf@fTS4&()8_32j-?B
zuhg24Cp9zls7`y(zzIDm0+#7Wed%NS#-yOz&nA;-r?YWUlbQwu4_ay4j%X*EVaIv^
zPmps-mHy~7*1*k2ngEct?w`t-Ti=>Z+)@+lC;-hy#B{|erndr^h>u>mq~mr#q+`t|
zzIt|`WDY#J0|CJ}H8_4VP~03T4d0PW^B4|4I#wAi#lpiGk@_Gn$FR+LPm1-4f3u>p
zXUwn5s*Zy>$MUYf#ai?lZIMTEU6g>U)c*jJUQm$T>zag({7iD~*?p@yw2O+log6aV
zOd^E~u{gl4$4T(xTF1HYW+Ucoboy4Fk)p$<puh$3^D!N3W;n*`<(*6Dj+j$RRyR-5
z(%LQO=632&T5a?zA{7Ik*%hM;61e;-8RG=!k`Jw8b9Ah8abBBgOmYpZ4}ONa8%fsU
zHDQd_Rpy+t5^<dL0-@7omrl4bOb?R$XZxm@+0zX+-gYFe(tCr7nRH;hqc{h#=M=W`
zf&s=r>soQl2>oeXwBJICSTrYT3Qtmd)#zY38T_hH%H00|N|Y!VCZ*~c^%Y|$G~&GW
z6q~WfI26MsPZa|Yj`{q%QyI4N-kT)BM-`oQs7DGGX9@>%KoiY385{vv`i8L`s4Kg3
zo{B3YQt<?`6CIj1JIY5-rDCyg+vIJ`-^5Q^)-dj8DL#eki^(oz-66-IsMY!4)nOns
zyRqMjq6<5RY7eleQM2Bio`1%Hl`j+bihV&Gde&{~pjfg;nB4_h)$Y<2L{b`XLk0Br
zHHKy{CizJ&S075~r3bmqR!d^RWR@H;!zb|$pwvv^fMVy4Gf{~F>f2--1C9^WQ#WmV
zGVCOF<xOv60$|u|6VJC#tt_CAop^5RRoXzUo_OGlbgAQ)&G}V;aoasdwIm{p*hk37
z&my9C5BJv$Ka19^+{VSoBj`m`D#NHWzyy*f3d{%l#*a2eIo{{~1x>>b{{U4c3GGM+
zmdNCj^)%4OIq8mqoD)5%4gtdT^`Js$sXSw?EMs}e;+jTI-_EXEL>aPr4ox(!z?E0a
zkNu|oD?-j8jm_JoREbQ}`&G+{L{WqtPo-}ZLmu~7asx2>QB<<M&p%o!t|RFE1+i}=
zXFG#1Kb;q@s(xdVJ!(5G*7x(rp0B&=4OiC*g^6B-ab5}ZGhX$~S*~QgnU5e7$Q|nN
zwGcrUnnxo$JwCK(kj7QykPIl}>r*?4-?=V$<F{(2jL_K3EI1h>s-7zBNb(Li2he|w
zXGpJWeQxM^M#C@nf$LlC8yqpjN_zv7S-ruT*EYL&#$5L6S(mm8<%89_u^yGsZB^XC
za60>%p)`57VtSHIQqV>dAU44K!)`O}T6U;Bv60Z@9+?$dNcP6ad*kz~cEE=!PZ-Zi
zZRi#>A{$dY99E1@N`anhIw6oi_3!Cc&>g)wQ&DoPTUN;9oOhs*TRilrfjIZgJ3Lif
zEJ>VwDY?n*O(&i@P)WzVJB5da=shV+n8~Pf^`O6glw3JU_j~h3{tq<(B(T8XQ?s58
zQjnZUw{d~f6!q!WtAo40N|8=@trU!<5z{^+Jk~6dv{!>XX0>MIsK?_`OA1Ob>J2Gs
z5or;NwO*W>ic7h+l0H%DYDKh-8!8XAGUJ8X1_`Ltw<KrDd@@13!)F^pXBB~{c;e2+
zMurGxn&39fvh7fP^ILkQr<FgLtBB<p`X2Sic%w@Ut9=^%<F-#@*w;#<8(j11Vya!G
zpv%jtuYtO_eeT|!2e9_6`*zC_?@xt~*#>(GiVh^>)~)W08@}bjSas{~RqrMVY}GN&
zfBN;6tjn?@4;0(76WGCz_xJhhlU-B`wjezPbGlSsWc$C#t=o%~wT~=%4wV%4xiH%1
zezy`y7tM^<JrvT!zEo{iuI}Z&n`C*#QrPylDqq%{)ETW~rWRo=ypvr73?fV*#ZtA9
zNdo?SRgh0#TBM6bp*bpj>a6IJ=OT>biW#st%{u{us4P*o-sZGy2G|BGA5m=Gu7CYi
zr3KVcKmk0~YjPvF`Ox|CoZ~D8MQZALOX-3;l#n!J0&~`}*62$j?O(dU*Pz|nt^S!D
zPs&Rd1a>uXh0`t*agoYHcBMf+l~tz;dP?UEDwEsX>345ua;>xz<v;g@TNYBX3CU58
z-Rma?cSd(tF2!&U2lcH6jQxq380Q_0X4z?ST#)8<PIwrtRfXb;NMD>UUs_5wFPiAf
zjDp!D=e}y>M;&WB&WTRdId00ln&`A`2Ilmv*Ggfx>x1{2wTxVzhBBIp)TU(zpX4iR
zLeU=TWw^Rsu&D$oA9}X!v`ZKpdcX-C3v*gXKp+k=Tf&W<<a5rw)sc1yHl3URIssPl
z2*+btihp^ExUbr~6S>O9XUmYTdh#jFwnZw{4e#9EI;}o8S)vRNBvdtKG)Wwd8QA=u
z$JVD3q3SA`VV$qkbTuNW#t%OABQ0%>{VAs14{EMM4nZ{EK2-Oh30m2GF-$Q5>OPdy
zeSwmunr~x0awrgt^2f?ZPqC*iqEm@f{c0~dH|W%dVHoNt0`go%Fv_><Ph*jT$n~sw
zB0=*b;fJL)H5p+zkOp5`Lo^z~IZ1CZi9YpSZ8|Wdws@tFR<_S1gY>HUhPMQ8u;g*n
z(Ao`dWC=&x9v(ue;MUch#{qMaI#&^K;tM$Ca+{g6+r3)Q{6`%3W;s4W-*+{VlDVT=
z9nf=AB)zlrs*$i|1XP`?LJO+Eihg_5B$E|jK1W(WIJGdK&OpU2A<ifPr;1I~9GYh!
z&;+5W+!}-$cr?Id@nmitj%su{0Q*#Dk&0Lj2vbN2TaGFn<8Y_XGN~)K>S~<3vKfBw
zT317{aIiS$m~mAZq*tdbhrgu&O4P+Teml{-ieWsA(itf{eQGjx)3<&V8+4!pH5qKu
z5=ACKGz<?Wm}*Q4Yjmaq2{aE{MmXoMy)e1O064Y<M#sH0xL)8?Ehcy!DTqlM89gbW
zzhlYoOOA3y1LYZ{F_N#zxSZpyWa=86RyJ=eudo5@f_<v}^sXVoDJ1sIbMK`!$DG%@
z9$8ZvQS!z;7eCIE8a&HVyS>--Z{4A3WjI03)luAgS7W1Si>F#5V=vX1^(M4*9SRLT
z*s}c6Kk+fn2cYyH<60679su;N3Y9MGcGIV2c2L`cw{2LA9N=dpR18YYJ5`97W0UWZ
zS=`pd=@>(jag&_;)G|sH*%;%V#-y5HWBK#PbUYfuy`76~MsnS<X(U=V1Vz4NATw}1
zs;$nK_LXGh@xi8PcQQz+9PBq^gX>)sN&B&ycMEknSY*4>*g+;`LH7yjJ+oSty1Y}V
z+Qb#%m4*m4b5XHLt=ncdfslRcnOOX(1d2Lv{`6Ylb<tj<C?JFMHEC{>83cY6l?9wr
zM6wPtJ9no`0>}JBA57HpkC@VXr2ypBNwpM2``r6hb*pXES}DGDVe;p(tG8CG&QyB<
z4?*z0QOGW1me;&nJ(Qvdt&1}a+ljyf{A)38j;FR}m7Jcce}w%i--<0aJQ8i>w$qQ!
zvMp5FT&u=7$ILxNX=QBzCv$$^Py0sIEy3z))#id0-IguiQ_`o?WmnkoC~c%1S7eD4
zwtLF(N2L+4=8qf<$s@-6G99ccK>6?ZRlgWOH17~bz->#I@&+;U1B%U4k&tM57?(o;
zGmrooIqg}udbTnxut@76=suMl?1hTPPspQld)8-{E#<^;NAi~ZlzP`qDhaM>9QA87
z`C>q_ZkV&NEXO3b@lwmVcVuILKU%!{U9<d_*HS#nr2NB!j=xH%tPEy3PayGK7CF<o
zSRA$q<2@-x?t?fTvrcpamE==!J^r*<E-v<Nx!_|t6mHmg3z5*$5C=|8CJrd&70HFd
zK0}TVr%G$Xl?;reA5%~f)Q;5UEP%Fu3Z7Bicaq?8q||J<IL|(SW}Yrad5ur86*NT^
zJjR7adJV>l0SQopZb@op6&H@Dx$RRl_~?kE=~cHgzF7X00I{b$eifn<$+!144Xj(_
z>5wYi${uuxbR3*j#b_o;ZUhi-ZV9TdDR*Wh`&5^+00e4!RcK;qqzFG6ruq^g-cE2&
z(u&mGZ4lU0lDuY$e4%sS<Z#O!>_>LdhXcC$)VhF6y*zX{83a}~g?q9eA&&#@`;SW0
zm^27lF_?}CUru{hg!Fbkfi)=H!)9wmVaftdPik}*3MK<M%V1XIR`%DHK3vEM=NYOo
z=+MmD+dX*aimq!AwIP<~CX@le2iKBoQrA?9?L-WA%sBr5dZ^s^Xk11bIT;(V2D8^l
zxsKp0j&_V;hx4g&Onj*5+>#D)o{P;_x&*0Ea0$URDll*qoP^^(rlXYZkw-u(ZcU8q
zr2X_ukG#d0dI45#5V?0edT~&)nXVbvB}d9Wm8EYVmZ5%>z<dgKHhAY1YZy2OuLh%4
z0z^K&ao(p?!7bN4jWD=l1B`pqPdpC3^zu3HO~5?ozpVpIOy`;l1IH9|&lKEHF*DB`
z&^=FDTyg1|O}v^46?%2|rvsDzO*NBpki$N_&;U?5rXj()4wWjN!kQACI^wP-autT=
z6sA0m^q_M~p4b(kiy~p)^r+;Ic<J*4kyDXWbuC66Hs5*XM*E{Q($o@ic0{*cQL>R|
z!1;2%$F*QRs$N>lZztV#+w?xQT1(5V(A?iCSY>^npW!E`9f9dqJm7;0MnTE0rJ^{o
z3MzI^_BeTAlGMv@D8!MmQZd)wtH4I{{Hs&N>oUALj3`RvM>ie2AL&_9511cXhq;Bz
zM>WmsQs!N`?_CtUMqAps3;8$PvCm3X9+nigFKO~6wYhf3O3%8vmr=PWgzYD-Q!~pu
zh!ejR(rJ2f!4k0_H}j!ttP5QRS!wHS7-j=CpRGZ_b?sdogB`0oP=rft+*Mmb?V(Rc
zn|xbxdRD(d*Y&P%NRY>H$?wv-OcDX2EK%41=bn`u^DJqWKJ-s2#F-|tB@$hhJcSfC
zHp&yXpLg>5)}^kUfEoD&cdWZ)#qQrjT{<RI4{C_(sS!!Lk*o-V09SXR$@ZNQ7a3@d
zD~?F`=DQCMsgFx8yn@`;)ZL_0LfzTJbeNVP!`yN!9&IW}vLYMMpS#>wK<>MUQ%a14
zfOs{tf{^1k6Pve&TT(p8%7S<}>sr?KhWUUw3Pu^dD_hG~9N>ZLQh~5xNEoE3E0*yN
z+7MW1I(D2h6}pxm#N3+HU7(HC0>2sS>&;9Pap$FLWVSH7dyi)?!0GExkAsuikN^P!
znp+$W^az$S$v*vRV8?hM)p+^ho=y+7QUc7RG-Z0^Rckz9l;m^4r!(Mn;-a;1w*_0F
zr!f}^-IQ*lrAD*0yKQlm^{J+ak&t=ys{UYqk;gRyG-H-IRA7TnXrpSwm0b?#$r$uB
z#nf(;;9%p{mB(Xkt(1CH5=9rFtj5%?j~ohtuBT#2etiWO3m2q`2XHE@zS4ew)~c|b
zxh%kX)^*+Fc9A@j$?~sU)VWw`7iPS2#13&(t}oI6%{1t%jP<TQ{{Y4FObm93v46a4
zo|@uohTSx*#QK`TReKLkhiP}?SS{SGviYt!-P*D)bvwOB=ayE%{t?o-!nJC~=VNSR
z#boM9?o@X#Y#<tvCNW5|4ho!%QWwukZcb^IdcKW)_L~@_&T_b|Rebg}=l%}9aU<HZ
zWOYz$xk&*P(-(AP)r$wNMJmWgdW<+Ugw>K<Su;{@2C2r~s&zTykP`9hO<*YpB97e9
z19SROlT9O>icHf1+sLGi$dL8m(tZ@saVXD2Ko?|RF+l?$^`^9Ii~)h#mL?r3voTY<
zJXF|ZG9loKgp3-S&C2xYQSYV#W}0b9rW}4WhDdt$sIl))&lwdP9%&3~7RRkKBRS3u
zIG*0r#vD)s_YvrS8bZYM%|-Z%jkn_<o+*K0xg7COGo0Z^6wxc^=H{KbTiSpiDsz^m
z^f>KOxWTB-J?V&G`q7*m5-CqiVw<=B0M|gq$O|4Z#%hJqpR!7z;HsQfjt**t_sJC5
z?!0EEUkfT95+SotunZ2Oqqu`H{GfyDj)teV$CS7@<I=1U7-Ns6c}J#myG*FWgS~ho
z6ha8VEsXR%t43=_^Y_J#<M>bUkMXKb(X6Blp*>NC4rm&)5?Gy=EhJ!fBC{n#FXhH^
zy<N|xT$do_cH`GIQTQdKa7S<|knD#8xA%%M(`|G*UGLf<3d82^4RE@Lh^;Jcl_V_W
zE=nNiDQrA*r^kFhbv$vo#_|RL{OY+R^|2n(3EJnS%NA3yY;*>>YxoRTEK2PU>C(5M
zm2MM0X9NNWJw+E9c$V1bJv;i;Ee$MWX?JZDo<pCI{onAdsiO}c$}-i*UERf}%wnEZ
zjzl>bIQ&I)+FqcScCos)<z?W5o+-4}r0Dc2-NmzPh%m@=#cM|5>d{}5k=Rylp&)lC
zy$1yL6qYxS3{7s#7aXf+lR^fHo*}dkW4i$DAm{nlJeI+j9@ws)^^L?OSd-hQTHs&A
z$zgjnozxBtEK_<MgZNcOE$k;HABgMhVG-ezD#N&~$ZxLEK1ss<6~IU1O)(I2FgWCF
zrri8NwMfXdww6gdZy`lKNnc=fp>4(S{F~JtNt#KFgKIJ8-m)~y&$L1VW6WN^<5+jv
zozAa(ZZ2OZvW|*91zNFV4qZO>-~jgTTFM^nj$dhc-E3%F<*p<H*BPeUpR--ZIr)Id
zE9xmFe7nfKTali%9?-n8+{dx5+H2fLB;UNt@?2R*nJwOFCBeXK;d5B80cG4yNjW&H
z!GFE@3WDjjAwYS>Q$!+|l&k#MAPi=t06OJ482h=Zm^;53nOn;MjtHnlkJ*7uJbQXn
zpow{2zMbj2f7u?KRS1s&o}AQE91MOnV;fb8?f6wt9%*npo@q!ButmN15%Q1Lrj@&T
zRQm*Rg##Q_DG$v{WHF@fY<3kYts<rcScMBeu&Ehx)iy_xFij#h8d;BHfl@iy3W7cA
zl=5tWQ@P~UyCOFsXEMv4!0}p9ui0($pWZm)t5{p^V9n4}mlJNB<DlSsQeDCJ7ZDG<
zes28HP;XB7qMg9??K)%Ud3=M=9+)1L)W>jI*ehqA2^GTW(zn}XUEzXp&$V^7t(bw{
z2qyr3mE%bsyd=@H6kB0djPvR1PK1#r!^e7#HFZyr=Le-jA&gA2NJ`-2HIvZYG|hK&
z8~}C4LMnvBzXLwpVyB&h!L?rp*V3Y%2^uC@7%ZDZsrKw>WTj#rB9A%XRd#k_+d;|T
z3U%Y+*;R%MfJP4nookcxu=ZL*C63%G00930YOY45xy3U%RZ-mWinJGM00wbQB3l6$
z&JU$b-&%}x&*x6;IpeiZfw>%ytwwMU_*A6i3T82$C>kSd<Gll*;M4KNAP3NU(jCU*
zzA|Y-jOLwz=}Uv2yb5S{8?<B6lmqGdQ}M++Z82OxqtchCp?c79j%tw&hxMQw)KbW(
zjKtu3*FAsYFat$ti6rTecok@f#mVSvYP!4{WDM-%a2-7>gZq8nwWxWG6A1H#RvgxZ
zdUe*LKKr=_f4WZswk$NeTV)QcJkENIj8{!MZ*!?ZL0Dtjz0RK2S4wusn?rX8u{Bb{
zHh4D6k2)e_lpj&h{xz?2b}eHn9dK6_mv@V6xUWYMN(58-XZTzCR`S<V%EZ!)8f&R-
ztzo!^NF`8Xb=q_9Toui;SzkS~edyZ*+;%nHna1Z%j6G|e@eQ|`3g0UJ@&mG8b?j?4
zj%~~f_wwzJ(zv->bFm#*@m*%8I-6by<X1mq2cL10I0mtvuEfb*mb6_o58k-s^T@5^
zfS4UBGy*gVzLajQQn6`h4}w3>6;@>>7<*NQ<Yu98O7r?qGnYf;>VI14gn&W`HO=ZO
zV!u`x>skUwnN=63err3~lC-%i7Q34Rg$AdYRtr+QYIq=6qaLTdL8*|o$C|5I48*Vj
z?@7mc>XU8&_O4?{UDpMxq&!lF#KU4;!?kq&9lT%c>Frr_yPVf0$mG?{KKZRDAKg3=
zR<|tZ;|v|SCkL%tjDm1+ny(89p;-`v&UmT2gNoWLO%_utj&oKK!9O_aYO+6LQU?G5
zTP8(|XsO$Zlw@?~swrG#v8k1~%F_{RkeMc%jjNMU+qm;SbHz@>FP!i?QUXW;CW-z-
zQ(CVZh&<JM!}E%0LwwARIH;gtZWtP9Zg{3b*qolYp|RN3TY`gQ`fzH!#IZYV<TtG&
zH<=2K^-5;Q&N&@wTLg)OjE4>L4_by$%-M}k<xNYI7v33O#;(P88+0IjXxw_Dnps>)
z_p$|EhRGotn*@(qbKS<HujN@9&a`bUS<y?jI8jNs#a)Y5Gh5Z*vW1Jd3OiSsYdW3A
zrztE*gniT%9;ttIs9bNHvf%K(m02GH2Ds-@$%XnAGmg~Y+|`$bTxELIR*a#+s2#`W
zjME$CV8gW_VkyMsYFa58w#+4nb5iW>RV)S*f<0>AbI%o`*wDGA-J2WerUw8Ky1h0D
zmS~mG<S@vuB{)1+ZQ)Hs%W7@ivdPowTT_=pWR9^;f5N2#pjXa1RO)h~w=*821Y)NL
z0-?{nJRUpHB4uw{enG0{p0C9KKOA#Ov{G*OqjdlTRB{8iaP3m=%{97u&;!wqLG`H^
z?pm!G!s9&+OP(nK1~$3p-xR`mr^rTgkF7$-lg$Gcj?{$GXNqed&XC83;*pQNH5-x*
z1cE;rLmE##c<)Huk6KL9=71t_dXBV!o`;&0ieXNA;+PC0G}53B4@!CC{As7&n24O3
zhs@@re|m+507<-e#UXqiIQOVY!Rzft{y_f#CV(d0_*D&5;@EqzQ&xj#@b&FfHCYdr
z0vvqKPv8Y-RoV>FlDyDcu_^%KuBiD&Mr%6Q@U^2Je@gQYMUlF$dzBsW$g0yuuD>u>
zUq%_LkB+@Qf~edNmpJ@EpbR_6qm8i|DEbpvceh43Tc88KsqI^L&5Vyho@<Bk6~hm+
z#JL-o$lr%b)|_taXHr&170_v~Wt5G(uvi|)p{i`H8<cT|LxK%oM~Sbu$r<uo0OU3?
zo(ZULNpl>mz`hDe>$n>1vBG!00r4L7T`uYW0C^ZbOCRE2PpGd<whwe3GQcAB^)>T^
zQb`QSByPy)+m)2^53PF_gM3{Ur5s5#ikGpCvLXI4{o(6e^QM!z+eWR|E8MT~2gBxV
zIj>_w=URfm<C2}n;numI1M5u`{{Y$2x5`0ii9e-#CakgQ8cfadyDUXndU22NubSYU
z?XDx5FO}nM%g?1!k2G9KocU&^zGu5bY%UanolbLAuA&xltCrg$oPv7M;k{BlOHYdC
zB0gcr?ycNb>uJzlz|S;goq@s50IU>Q)a0#m5_go1rLrHMoh!%uQWyRbOU<1(59BM@
zTTc)}AbBJ*#@JQ=0B5oHuN&4%%dB3qoP#r9*7RcT&Rj&j+Zhzm$*Ck5G{hX5*_?=c
zTs>@C46i|f-m#ahY*{%f0Pk7PV_0rnZV+<A=}b+dkO@BZawtrPrg-9^bLE~u$gQYO
z>cm!soygs`A!hB+R#V(7$Z~t~dsU0McaWrzrLb|=6qi3|bln_#R1K&Pe|pwWp^`;h
zV<wY4b*COyninUfNC<(qWD+Xk%#si!AU9)GnC%=?MvK@9u8tpK^Xf%UZx5D$oNhH0
ztVNs5Jv&vW;8i8m83gTx$4addZaa@o)UHgjZOQ9a3WQLjj8wf?(H}~=0&PL+YP@T{
zK)C&C=pQ&4#wo=KjJj`_4%n(;eCf$QbW`sfwaTLPsggacu>;BEnr~JMVrFq~XwT4|
z1!l*-XTl8o)r;NNH!E!y-9hsjy96t4fmD3n^lHVi8rYywxa9YutbJOFt08K4*0Ca8
zkO>S4$vyjZ^{%P}#7VS+k(|~zwf_K4J3i~SNgu6gq`OI*?yB&ho)4vX%=MA01df<e
zbAiY`s_<B)i)4rjk<NJ)lWOKc^I*0<@Zz*%muT8R9`!7wMKph8i54Yijehcm%VX4f
z{VF$_X(CxN#RB0&510(`{(b7iha(_>J#$pcTB^0iq2@K34bp7;#XI7n*LF0%mt=9P
z+{mH95iUxpttAShKXpLw+N;MUl;J1Sw~I6WtIW<o^sA7>WWzVz2Y`Q_4O!SPb#iNH
z^ZUkJWN;5*Ry+MEv5!iV<<ClFu;XujXvgW&lO1u7YB}mV`p^RI`V;R)PeM7Sf-*h-
z06J00&mUh}1}9U4nmT*-#V$vuS~$)II#4kI=lWB-(s%WvIWz#OGB6K+T5#*unmS+#
zGfYId?@T=?4d`iws*wz>b8fdPBVu;-JoTz8pxLW@k%6B<T7Yw((t(hDs?%#=QgPVL
zI(E~QbBc~gnFiD+&<fI!;B@>ci5ZZe=Zd8{H)8#?l05HN*Am-W{?1@pFm_Jl{oIa&
z>6+*?_gn2cTPe=wPu;V6j?62J@y&zT_@?FANRHqMV?MlK{zO)Xhjm@?MJu1)L5QaR
z0BH|H_*Y#SbZ3)Zq^D828n$yt*AH(q54791$Io%uzY$tYVsOz+qY{m-DweRHW50t|
zMFum7ZZZAS(Z2&zT*$mUcqM;PM3tGEXPs;Il4;j6+P+9r@-{lJV^y?R$KLOn>bzZU
zZ*;}FM9k1|<JEuq)z0ZDwl03PmA&hac4;seH4(={Qj>vDoc%p&%M|qYsE_ATb@VkG
z{Ggfu=e5NGMPPf@hMEC^TZ+imXY(ctoYt0-{{XlZ9YxgEE!#DltGD_&&0i-!jc00+
zPbzGVCS&X=$>=w+S43Z*c58je#}z|H(=OF=VI%8XgG#t?K3%mjl1osGUA8m9IOd?b
zxL6`2wkvUTNeKCz15A^`@JhhVBQT`u#TV@4%x@2PqwLov8-tjf;2Q5EnmH6QoT(Wc
z*FFCL2-cp1<c|e;=~v@pZUPa79Vmr#otV`bC8@4l4o5ViP+PYZMQ2tA=}!`5{x#C3
zLy4yo1K4%^s&MT804VA0S<y+8o@&y{K*El-s*w&Q;Ol_9aqm{GpUsoYZr$rKBp`Fw
zHD);<17OFgr*c|0m<X5AK&+`7%#oY5E8iDiDb5dbQF)PpfYjW9AXCd8m=xH!491$$
zE-)B##Yy|JfmMMgwN3RKL&Uh270*#ml{1_Qp>s0DsN0}C*1VWf8?mM%DL_X%&J-GC
z*AU}y8&}qwtK35f<$%p|vR$;D`0a|qrBw|LVFx2xTkyFtjQf*SOr`Q)oQ!i+R%~_t
zbni48;hg0y&X~nVVQ#d`OQpjg2c~Nd=fkfVEdy>`^fkC81HCAmhQa2NlR}j^%X5pG
z8EwuPN}qa<iAD(IS8X(KT&^7f6_0bFC?%k6r_!`l5rn8c(alK?DiS#0_N}>XnlZ9y
z$oH(tt$8I62A$I~Nv#O2B`Ge_cr~s$8--_E+5mSP=QVr~0IP~LTMw&xW%F2Gq@eMh
zMN-^-X*13ZQqX6rSl*=YtEmhdky=RE83cY6=H4FF8s2Xu*z9hZuJYdGGWM>BO6F}E
zA-_)5C~B%3oQjcJtdf1)((a~qpl9`_B2C7P-t@q8!KLVV&olubB+}<SsiPDT%>W=c
zd}pmmo;j$Sj2!o;WD!VXCFxKz07tz{^;M5wYC|2no++ifnvZuJbo$U+B7xX?whbw7
zZ_1%9$9i_|lz?_~OHl*)Q^BAKDKSgVJ!l^FM2su?)MaowRg4OZu4#qJtT^dWu<eSl
z>&d7}oYDdY8O<<*pIV%uq$%zH0M?{36$hMiS$dljcN%|nIv;cY0M@OA;jxOqy^u+&
zO^!gq{#Aw{+7>s%tIp+{d}9RX>snF$-c4pjoaYsN4mRML;5(T!bI|eHv#y`zKDB(G
zmmNJTGVt(CI|#tkTjYFo#bj&RFq^}6*NT~u3ppTjw;+E{*01U=aKH|8fIa(HSakmY
zH$z(~6LY}6Sy9GugZhluO&FZjnc{YcBrO{vy0AOOa6*p1<5e!>c!`ai{Kq67_~>hH
z{?<<pc$K{6%10o45yX+V_>7OOXKL>Z`h=2O`JZJhe2wSk3D_T{ZeVAQK=$IFmO!k9
zmBGrgoDula0gj`kPZ|f|x+$avwB9e*<k8<wZAr{5yI(3dvi|^dw_H~}yC78Tq&Gbn
z^Ht>eWWnN?n>w!t_=Ec!Qu3#LwzmWZC!#lFUfZQ!pk_uPl>F#(!5zhX+73~B*2bIS
ztz%1tVYa&c(*4zucLn-XN}F$)9Tcl29$6miu6b}uW&;Woocm)UzI5|U(#qN8oVff=
zb(+V-U0YPr&67n8A(Lasq?Tdro|VNTZE$L$tY=bu#FGyH0EnoUin9LzGLh|(Rk|^%
zk(w5@tRx;nkK$MS>nHH5`fBc3PH+$dSx;j~d`DAg20C@`RCQ!A%n0biu6xz1DRUSD
zwNut+LSu*=xCM{Wri*H!ty?%55)gBoVxRzS;9yjeHUY&(y(_VtXj~q+rxFx>X)-aI
zjhi%^7!pk^Xk>hL?rEHo034dV1Y176X(e_9$h#K<r9*Q2S7`567~mi4RIp~B9feyZ
z3vV6<<{X+F^HaVRc7avN%T&DzEm|STd{m(3<LD_-c0vcWM65F-4#SGQktKM}>#1gL
zfZ$b#n_@{jb?CnJP7+;qj!PP~Gpf9C54wXUk{czqj7FQ7{OoeoHvF6ltgdAC6=47Z
zsR(dhKZc5FWzYWrT8dzM1-qoUd;rBsC#D5iF&7F{or}>=dZ5WHYE&r*r<`-U@T-<{
zh8sRi{{VMAE5to(6CxA?XgKfwdsX-($O>|ODghgH1NG*oh~$7*AB9Op)rnsj8By4D
zu6xAy7i`O->6(0xJ=V}=WW+!pewpK+O6g$07zZP@S;5a<-728eWp=J7s<A@HPD@L8
zEz}0`&?#?I+=1G(0*wCvN)O)8BAkvLc^r;8toL_i0LM?tmpS9m(r!KZG~KEkzwr@+
z?@R}0=FVuz^fbbA^&XU)hJLh$ND08}pL#RL`&sTP9FRJb^`m$h;GX!V1Ian&lyn^A
zds9gn9R3}s&uoujKo10tgYcjdPDkra&lsfyflLRSW3M!s_vVc8%>a+{-hnXP!NoUr
zc&B>prVx775-R4M_53NDdJ;c6cR0l~A%RKj$F*2Q3Nm`r7Xz<ad0<Be>smmW9GApR
zF>f>vwkRHTlW)(e9ti$N@UJk^ua?VDSAX?S@<=^FuV?WA51`+n8QpIDdhuQ{7Ljt`
zWij>ZTE<p)IB^hs$)tKtoauLEErjGrwRRKz^gRt%utJeZWg*P=rv(21d3ztqvh;?Y
z#@-pEB%6PdPk7JxR_3LMB!^RrkfUU{?uWnOT`tm%(T$pVi!4Y&kfD)=)(76Wo11Z`
zYBJgpft|_jy{pg=DUXgpITg-$yH0a!9rO#jYgXLA54@fK0LHR<7GZ67KPsMmslv|T
z&O~*&X)IS3(ajhiIL}J7q;%=puyvnfp;BGWT-wg9wUZR)(x;VikTc%8IU!jGJx_Y7
z@ktTfrz=qFNTo_AEZz@UB;P!w<krQWfoE)>4r=<ytZ;t!p{HY<gNlxM7wq7=3muKJ
za3crY)WRrtXUkA(FEFX@Mtak?XPnfw*;YuMSwZ1I9)MEr1mIL4;*Hq#pb0*Q@}?Z;
z1M{f&o!*!<!!A2;XaZCIMMA(4$;~v%J#kRHyzpoMWx*v5DoAH;j6gp1S)85+;ZZa5
z)1_Qy;wKc*w-kVywvu+w70e5_jN}~qREw>wWCsL(HPafX!c^JSBLFus`~^sExc=y_
zVRidu95qJ%BDT*m6OU@w+M_oHblz^_TR(}YUS-As&2tapG(U74R1e}qw-H8ndYWA5
zIa$_;2pgM)6$@VlY^#nsR~II!e?KNp4{Aht+m?}u`qFih*riFm&b#eVEyCPSI4nA3
z^s5?&jA8PGP=d||GupU<j>jy-`x*pf)^fy4p-PJCXw9fgc_ETlC)3bVR$O<gYZ1@V
zrV)^N&2zVXO_E5oCdupg)4a}{)F?6trNLea{OJKdo_q73N`Ifg=ZdY4dFk4n$R4x|
zvF7vMq*=($O;iMf#XGPasRfHftBg2S7~~qEHk|~SEAq8WGn0c(-N!uBO`$laxsf%L
z(DDXHsOwd*dU6kZ*Fn^F_o$_{j!;VubJn$0dzm_2j8Xd1o}c4Z<g#VuIUbc+kf&ZN
zRV4N^acglEnMfmo4neN>O1NjRicVYBxE`H8wb^)DV<nqJdD?iZhUA?+wa)eH!K;eh
z>lu-vZR^nWt8mY`bDk@7$Y|6@Jt|>?$9kb0neSE=x>XWSk5f+VQ3j`O;+Tae9Vp$~
zG@nXtC;{wp2sB1=xu%L#`B<;7G?>Br)mb>saf4RhrB;x0NNA`SZoxeb1mN|iPByS^
znW0z_&tBAuADoYBK>5g~=Zt#xrW1z!DFHTdgH8w3;-d#0sd7iHG$u?N9YshF<5jl~
zl)Lb8R7q>M^{Cy5sMcO7P8<4F2#uUIAYgmaI(<z-QNZG*jTSHn;*TtK#X_#Y^XXP&
zJC{G5NXmCkw$MpC41^i_`U>T3-+PyHmt&T|t)COzgb><B+_%pE0MfD`9E#$^PVUEU
z8a9p12)cFcR?y=Z{c5aZjPX{N^{#WFl9R<|UK|2I?bfuIuH5FcZ#p+mLCrKH3f>`g
zuGm1_ESC$o`vafpU6uZ)6|~Ch_nhFU<mdeV07~QZ=$c;;$F#86tlSQIV!FvKVz9BA
z_TdC^#HE?ru0O{$-9dZ0995sZd7s25j%h6<DpqZ+kbk;=rbd4gTvRQX%xr$?;<ojx
z=hbhgxRmoD`A47~1z;vs$GF;SN4c8VnTAGi0TlS00zDd{-II>qw5oRk3Hp0fjC||1
zW&^$m`uD2SC?GdHaB9@KaJe5a;QeY6cVv2wJ;el&#C}YAQ}NA0hYZ4{&S`+x`?V0}
zr*ZNMiD&|3KfCGod8iy>Rvz^<U0XdW89&yX(DoYKDtkvMFe5z(Kb2P%Ewd_4j7J&d
zR6UAYojshPV<m~&qbKQDZ9ClE$vb}#;Cc?itXxb|&5#~k?ff%T$H^ES+LajfDy+H#
z^T?#+()Xlefn5dzSelH`Pc-ObGRgkP>r=T!n@G22Mjt^|l=DgeR0E|mI6QjRiCB?l
zY$qM*Ax(*zab4^^1uL8{(~1N`BNAyKP4W&n>S>Hm=T@zk2wy!-E!kZOpMg~v;?icR
z<ZqDGX$EZe1IsolnJ7yo2??3I4k`$@PjK#fX02S29jI041vb?LaSY>;lT&VkEg%X$
zlo>!Baro3F*^bm1H6q)LZj|mmfbmu6A)jjYZ^+SBH+m}L-iiX}&=+>F`Ld=!0gg!G
zvztx;oq>aQC#k6~%ZXO%-a@Y=VD!i*y+>`WBT6H>Q51)cyf?V774CZR*nABv4i<GT
zzupI>Yeb7GgPeoTX`511z$5ai!KSl(pf4HcZ>1rciwFua&%b(|4|DXYa9<>&A*#ok
zr=~fe362{WIrpg9SyY_h_9B>HZ{79nOXhCHD-3!$bOG=i9Vv_EZ)K1v8TnaHU#&5R
zrAOzSh}{o87<8lsl6dzW>LzRxo;aw?j0p#!=xK&ePG|x^{A2Z{GJ<iQzO`0IImoDt
z-ngbR_><eOr5o@#$sXL+c%6ad{{UKFwR(yy7c`Z*=rB9fnIGiVNW5J2!KaJi+=K5x
z8iB#>ic&|lP+O!YsHp|Q^Uvi>MZkUk04iMI)kU~o$MvVIpaI^Ch_UaQOq~A!g+=DB
zGnyJy<0PD(Fe<JhVofoe4^MiDrBR%oDuw2y91)goxasRnFwl!#y9s8|1M^Gr{vGR<
zDaHV)u5TXZQ!Jc%4?*csf)7K-y*6Uq*pZ!&^Bu}~Vd^{9u9YIm1loMxH<mCn{865t
z;aQjmjzv65(3tL2e9#}8-ZR(ou8chF`B~3iH(bcSrkA%e*ht^Jwm%{M@*bbzT4@lK
z@Z)mh1RA5LMi1HbJ9f#7hsW_odj4H&SxOjzLzQL7HLXu|*v<;)DK(JN?_LBLgq_ik
zLH_{Or*7x}0Iyq`t(#t0nGk;ZFWxV>?kk&D+@PLoj!Mkxi@Gdlo;&oV+%b;z2y#Cf
zQ2zj!sVF3YB*`2%tyCgNFfqA7tDyD8ChUw6_?nvz<yDkOKcyky{Jl*&TV;Mz<!Y|-
zJX|<9>}VM`owQ)_??;#$p{nJBjH%8#)LV$}_|OHi{8UWGzhhAOxfnFNg&-VA>)+Co
zIpaB|lgDaie=1@e%rQ~7KnccZEypy%Pf<(=*zwY;OamUqt`VL)^{ANxcBTm#azb;F
zP%;%ft!p$Vt|`A~&j+O!6^aokZ+f(_@xZBm!_HLgH1&#DNZz}b)}Js~Y;ceP+G@f>
zjzFss2;c6X@v8zQ9jLfitgwRE#Xs!BKP_4j^cehVQ5fKQ_r*H_NI*g9{{YvZ#e-M;
zynFi73XD>)6pCYzF^W$wobigdVd#0}bQK?#aqEgeM2Je2AY-*Kg01aSVEc+frLuFH
z0B$o$xA6M+r-jFQUf!aR#(;CviZRoUX-N8gDXl;Yj1E5vO!3zyjFLXTr6C#hpa*=U
z^{8DHh6u<s;y5_wf<1cBD-@o~`;Cuk*znB1XS!(Q;5SUwL+Ovwm2#vJ*0zOKo~Cl7
zp2v0+NThYDqcOhI)3syS>t^2zK6vPTt6gqjyN`5iG6xmbrlhnmadF(Vl5ITI$fX9d
zqm!U&m^nuMYSSg7We$3N6(_Y&f^bFwtAVmQ)tR(NDC6>`=bTd00SUp)Cj2ly^p4%T
zR4(5xGtD3_o<?e<ydPSUId>pFqXwzVIaXkMoO9ZuPQ@fgFx;oqaw@2D8y$^XJfLi2
zHBL}^cL$1BD3@@@G}mm3g=EhMwMY&@9q3F4qXIq0YLpOo;;IlwApSJuxK`nT4eL}Q
z$^7ZL=bk?bg_wbrZha~znT0!(V#(v2(h0V<GuEmZ$vCKFk-A{faIvZ-1a%mv1_ag^
zyJR19)bZbg-xRI}zijc%FwNxy&jXTb7%owd%zs*gUb>FoN??cglO2on?rAq=am8~x
z9L>$ayuFfk=X-JV=qkhujz{BEVIMbM1!+JqI^w*^JG-8wRh5fT0gPvgvWBamIH^>g
zl#nt;f0vHcopwgXz%_Y^$Mvl1o`et1sS+oI!T$h+g62Wa$T81ONUWcUJ|t_2S4Dx(
zmkAGXwEgDnKMJq^00~Uq7rD4-Ac|RTS7Mnng~85$TH!7(9^&Rnreg9)#hHofO?p%`
zrjI_hvk;u0QCZRqODD5tu97i;c{N&3^~c<EM1c)_4xCdmKwvuKH9M~yfmNFz{&boZ
z%Lu`S?_cLtocU}Abu{=}<}1!B8Tx}#F&l|<>(-_1P-iRjsZix}O$d@f`;clF$9kSm
z`1TaY#uxFX1d$J$HC9oHm>*iSyfs(4;&b$&>>Wty%5Z6vtJa{SMrBhlMQzFeVtvTw
zf!9BkLxvFmys@VO!vTg5PpxSMWnyIR?j(GT-lmx$6!<^Y{VEfeZYjNlGy=_lI@Y8S
z2$TVg)HbkV<~3xV)Z)5>6z3Hg{<PwF{{RYU>CZXoR3cU3c&Mdr)h2#kMOR~%%@1Hh
zdbT}k`hc+k#{#NAyQK%P=B+z+q9Dj+JYty5vKWu6Q8D8c4dL5u7uJTs33D#>MIFv6
z#AwocEkSP(lWVx?&{l$+Vv<+X1w;ritAS4of++`YdUy4$5iDLkKT0V%JoWr&pbu+6
zWYe|+cfxx6AO5{(TtX&YlBi&M`qr#z_Gy3&9v9#@s5KPO?2)+0uMMNwi?Kr5_UBAh
zSxZf8{o~6Z{-gD+_-<plMRjFmVZp5LC=rebJdk_Vbg|8)GhAB+dvbqy2>u^&NTZ^A
zf1AvR?Qdbh`qYt3Lv4@+VbFTjJ1s&xxE11k%EKUvzExx#g(86yh7H$@(&Qd-kH)JF
z(Hvy5`gi{T>(uH*m>_dZM9Ij(&lIIM06@hwbu}kpMTK$_fQ%8Efs_JAr(SB|01W<B
z2E`0Ys0F(F(r9UwU3lm-RozJE^Q-Km6<yT!<Fz5&q)sXalezqA+r~{-cye*ps7;h!
zeW#3*j)I_)>Ems!m27@hs+P$bnP2!uYn^s!BxgM2<kKO^qUYP@&)&v*)7MbA13Q5=
zNCDHmIZgoM^`=iVFRrOFjBE!Url(D8@)-_0R#0w89Ft8e)cet7E_QE!ZN^uP*`}Rz
zC?qK-=~znOoEnhwF;2)i<Y-T=TuLyjx7Mhc8dJI0l6#X;XWNQy>>pu8iEX{fiuGZP
zbf&1u>q@c$I?>-F@}NS7#xg1K$f3a_BcTVlsDlDM=`qefI%(TbwauL(K%QlToyenf
zM4!Bex8YW_*ZVxu>GBhp{%DW)kpBRMVI-2rws_C)ZO-mGvi|@Ot((GRf(=I7=6Jqu
z_mK4!*#7`|4rS2gUgWu1vZN?qLNQ#1t7-NPO_U5nFU=pPxUQ}zS)o}YZOFhfkyQ1o
z6Md$YQJJIpli%8~lDamFvpIb9;{Z??{uK(yUNA?{iagVtU{(gi;qci9udN$_93DH>
ze=yU7aA^#eIXTTn&A4HPeMTvv{W=Ov=l=k&NC+f=Zp>#5=~c_JHrYl!>h^f_8KiU!
zxF8>`A(X!NBNX02;-r$*ljeoGb~O-@bG6rNeJBBUhTx1EcFz5C=}lm1xhv4*d(#2?
zew3R*G`qufr)};z6u^%h;8GOLOSGPOr>tNO{{W2uS6K3LMm?%zgk$;Qr&zPo0;N;}
zorQ7%ZZYpq5e#$4srK>30Z24h3eRSb$QW-?Mka)O%e{TN)#Xu<>r!pw9sBW4!nsx#
zj#a{*eGN(@JE<kISvd=}yAe!Nb#8FzWKPE%)g;AqOnB?fAyKy-s%X^8xd_YbMF!pS
zHmyEMK7!_5%DYGz>*-A(6!bpzckJ?Kk@ct^0*p5bP7+G(4M{zjUv5{EQ4}G#=~jvn
z(-hsH_2QtSsm@PNYHsd&eQL>!bg0aD;Ps?3EUNoa^0z}uW9JzBX}bqO+tPp&AO5;r
z4YZ$8_|oy$ngYUOJ%t(L82u?nB8+~1lmOG$>rPL`j2`1AoTKaSKnhehT3`}D+o5u&
z>r(~w=xMB_N4L_cI|-s_wW%W^ZWQtSLbdI6I44XjfY&_0Khmqcp#-uLr_>x)v98wU
zZjyT)ymRy`)3B`wu7U50^Vqd5Leqo$)gHB{ZQ?kN1euMygImJ1S&XSPcH(N0WXP^|
z-&BrJF(5hjtr)IDbRgEsXv>zx#*})Bg{1)cRd;6UD!a(pr_2c&R?>!6T=YMcNhEQ<
z%)+tYxMaA&&JP%?pJ*Pv>RY(%S#l6yRS8??JoOajn>AK>K3(31rr}~YY#ffX^p`yj
zezgRLBiFq_<`K~TbgogUyDOT4QZt%`CM0#m49v%joc0x0Ce|LeJAU^{luD23P^OcA
zayLf<5$br&N}3*|t^tSud*-Prb{2yjILhR6OcD@q!||<nbQ`n8j*Il>t&I}iA(`dR
zu@y=ZV&+FZBxuXhs~8xZs*~w~U0_QXTjh*D&{g|+t+srz1wNP+N}qCDI5ZN5!iFu_
z3eVK$l3TG9g#PP{9>>4*uS>d`#w%HF-ZV#r3+@B1J6Dx7jWq8w^3KJMdgRwOC*6uy
z-08zB%H)u*&CO`UF;t>ljN_iwekJc-dpnCLI{yHi)QU1O>+4Nge>BjT!cQQY&$}RJ
zn$UJQ`?Z;N+!3DDNQQ7;Dr`>>$8%iw1Yp+hia*!EpZ2Q=bgxE_z>XTf8xx@Q2BRZ0
zj<^D*+Dl+{$0C}_3pRT6`c*wyC_~e&R(=gkRo9gvhox7Mv)A&XLPJpC{V6BpeiV!M
ziS0`$`A5>TD1~ZR&lsqA?NTAb4{<<?XPa)F4K)|#6!?B<+#js~U{!zsHx4`1d&R_|
zyD+OAsh2}_xNf^oUuqt}QmG<c(g9J5vu?jBJ<k;hU5@0+Nq$Eisn{k}2i%%O>rP+z
z_#aBuA_!yRCLQxrMHg}fGB5S4J?h$wP>{!P6bc6>m`OCf22D_fJ#k3icv22qno;-Z
z0OvSQ=~c~3D}I$8GQmLWLm6V+ZI5yODpoytryrF7_Nc0fBbf8YrA2v$5TW(vpC>03
z1>=75G3ijsEu(Z5VMiI}t3Uw&nzRK}M9Bp%diAD^`csB+Rv<lkAI^#~o~IO07Co{V
z8W70pS|isZq4gg1VC|6y@d3a+$FZOQ0O}M{`CEoYexkfv9=O3DW7e8i1E)?o6)?(x
zBpba7{{UK(8Sk8XQDNNXZy}dRov&>ay{jMJ#5$?|@cy;Ar{BeK5;{0#VUTKOj4<U#
zBLorDS2;bj`ZdR!4t~cW%P9W<mS@_NLrm+}4f7sPZ)%ihJ$XIrCeHO`MQz+1W17=f
z&Oa(h8D(-nE!6N0E0<htQctIPVxD*vAUNsC_o^f^JN~`tgk<*OpVewSk)E`eA*Y<w
zY&p*#T6r9veW^IxidF_ivvT9VxTyTFGwsr+Cmd55y5^}O46SNm2A|~*y(!1wIj(af
znzyQ6eX8w>^BR1sp5xZ3j(Un@F~PrDQO!nQ&{ByqIv>J;5)L{Zl^|f<`4tzMndD-H
z#Ee3U08*J_?M*v}3V&LdA<i4~rpTD~Us^5}8XFW7k~r<_M?u`<^QIQ-#%KZCSROg2
zsX4*?sx@#aPpF_m$fvPBv?~l?(|pjl-I@tj92|F`Wr&=k1_wC(Yfng=K{MDe$`R&6
zp6Ys!z}6UMUO~-Hld(m3^XEW!p!FTaZ-<?wXVk{DZmx71dmCGcYzg^C?;+>-Pf_?*
zqMiw?ONaYaoHzD|GDZ8v$8p_%D$=*OON)5rL-M%DHFJ+FtV|uz%<A@^V$};G{^sN6
zUt`==MojVt>s>~<Yxcb<$ouhp>T8#c_r?evs~1XAdK!B~w<Bfmo@zEE5&bID1tXkt
zDxKWvZi>e^EsWxy)#MJmN9T$%N3X3|5vjogsHnD|JSXsx#XqY);`+kuGk3K+w|wT7
zblDkTLHbkUjirfM7a19+^=I6ltS-b^JpeS<jbs>Q$*VJ4zmjmg;+6=*#H5f9N~MMK
z7uGzCr-E3yk1W21m12>XJ26`CZUkozGuooI`QzHz%A8fKEJgK(P!^IA!kU&lSwPNs
z_pLuDmBu>p(xQNsEfaN9$I`7~U`xbIfLbx<Bc(ZQbAk{50A8*Y?diu#OIGsTq6?nj
znze?f*q2^?$d=USH7K?pomy6M#R@0`oX`e1Jx5x#LZ4!NwBJ$%woqz8Z661<N<Hbv
zfGU+JE`;;TxW$17Y@b??M!uaXN7kG;_NwKI=q_d=qW=JPoD^p~Qjcm;)YGySqeAr<
z&U?@o6#n!P=|Bu4{ECKXgotX%9MWTtN|{ATS&lMk-5DEsApZaj1~J~QT}OlF4Exjr
z45N-K%BcqlS)PqK^DC9SvIctMqht-qAC+7vI}uTskESv!BFeimI@30D=tWuDz>vb2
z`v+GX@rpMYRnt6U6&VD3kEL7MtbS3NL2V;vYM-S(Rx-HuKT3I1+*GE{RX=kdjRH0p
z+z(&Mj#dOaM<2?Z6amP^Pvv~vFh2DvLUG!fiwhOPpQ!6g*S%c(I6j{A$G2d5XX#Io
zh^AxiI_8foa60-`-zisyQ^hnutb2p?qm*`K7Km~%4Of!I91zQ&t!tYSPu?TinAVc6
zO1?+9spVs{FinK;eDKKW^s6@dzM*K}ItNkTy=WVIfy*%Z0Z_?rakL$)&$Uu>j>Nbp
zx;C``025l=fU{;d=tBzCF9hkiNMY(Li2Ee1)mQSXR(i|mv!sn|v&0+cLV6Es=%-P)
zX&m#TWq6$gk&xqPV}sactwm*dH!<7DLH4f8Ns_}-)8f3dMDpYr;B-Efd_)I9U7p2t
zXD_rkk>UMGmv@u_^esT}-TaC}1YGwfyR}{^g=)Q&MeP~J!{HeS{q@Kn?uxXY4YST<
znnwCpPqvY`s#M~-3z?X4cw0?~{{X9J$M>3+Jr>s1UC~AceR-{{(^)|v)hNYu71>Gy
zyK;92ie$Km?vUUQT88rZY+bgD$a)IOlH%g&i#I<?cMBHh)H9I^ocfxeWM*y5#fkT)
zt-P#yRLNq)k~5ELokyWtV==(}D&$t}x94C5F2;;-I#Ud!`umEOGb6><X>X)0tbclU
z!T$hsa(|_9F^>7IZxr1b^>GL}SP(Dbc{P;~&INh6iE~W!C`QmO!O0oV=U0>Ob>ls%
zoI~`hs=W5DW1z5vckNI5el-{v;}raHRET6!9uHhrb=f<6aas~{>shyh<zQ-&EZ{s*
z&BQ0`SVFh_P`|u{`;k}yfCn6(TJ$M=2;r;ol1Gx*1Lh=CToojB=Q%X!n_%7Fx7MTN
zj(N>!h-^kaynQOPy-7UPmi(%$!>_F=YzTx7xbA81%Aq5*F+&2q@@i>Rji2tC$fB=$
zT;pk{GVlQFQJjt_5ppIO&OWs-<5gg6{uN+!=jl{{Uf87=U{v%Y6lXMm;DRcEpz33h
zkoGlZ6Z@f#)Lte+$U5{j90!IUjY`pj*tZ{Cnm+8=rH-2a0C*bHp(2hhn0oV8NviBe
zog066b5gYk1st5xlg2Sk&O6fepktJAng`xJ@j&2HbJw*1G0s@jmg|=-=}~8`T7^o-
z=uHc7V!6nubKf-f%|!h%RLL0KdG)IEjrS<Nrl;;Hk)eCl^jwor$}|x|C;$P+T7K_(
zV^XT;)~yMWf<MWiviCI5pnBq$YWE+FF$=tV{!~-2Jt&|@x5YGbsCZ>r5ONBzBCMeY
z2d}0&SBThZSK4giOF7vv*&rN)_;;@7Nce?sE+N%n@+Aj}V+5)Cj-tHzQEOwq71P}A
z$2~LjBbq}V)7%5vqqMt%?lCQ_=`s<Vqh_rp9dO5|ddrm8n1SQK1dcsGs3eJ5SsY~;
zVAb$2IO$O|L#X_!TuMyk<bq8ya#eT1oSbz}e0qN>+qAh7DxSIMM?+4YA2CY(*B^9|
zRAPYJN(^g+C+1F|8kUPsL!gPc6*fjXnxPTTBcDpLtVS`w^rneqrzN`mX{6F_$3acc
zIp&K6#LfXE({qzZ&5vF=sMwEDNEq_KcKmT!nzh)5+sjtNNx=Gdt8XC#pT@Zx%}Jj5
z%&J6r!XH6K#IR)@Ndl`DeB&HdqQQnq$n~cDfbhSGqT~$013jqeo;k%xToJ`Jh{YER
z2%|XMGg9vec)>MQ<qOyFsLa56=72AG`TRMk+Eed}r{)~{W}YVJngE@TanhPjN1&!}
z#wi)FFgc>(Vc`7+ds6Pm@A%brerW`q{VCj5Ct@>?T4;Q7dG@FzkoEVd+1nlQMZ(5_
zl|u4*(k#L^S3}VH)_7(Dl)gD5gH158)M)oAmj>J)+{_G-4@3M*R_vJB>JnJL5X<}6
z52vcvEoU<vMvb;qK4eGSbsvp%mkih1WOsJs_wj!5KBK6v<!Z1@<9DYk8^i~Vkn~}S
z;KG<L=7j$M1Cftv?Ch?R@(Au@$XNzRKf-&8=C$a2jc0xa*^@twRCLgnuB9{gPdyD%
z)FAV%BvIEH2CoCof4n*EOkg&BI@J<Kq)+yZIT(+ae5W-$>+%NYDs#nVX<z8toyDtk
zZ=FVKZIl(p-lLI1Lb#q+nI2X!0}iI6wL5o2&O-x`J*oEFOl=&6i9_4cn;<aUtcth|
z!N{txiO5D6+}zc8F&ym{(!seI?N@O4$H`T$71XSo#^pV!*b5;KXourf_OusZfE8bY
zeJaRk-BrBDBBHpB9xRR79Q3NNiwAc<yik9gRFnv=7Gv}JfmUtg62z<`>A}r9NZLr5
ze6YTTn1vZ5A~B3`Y73MgteD%h^c3qt3KVub*RDM(c38@gcQ$$qQvnpl%CanMz|*$m
zWn*RaCZe@2uJJSN0ObLzH~@1tK@<TP_0JUX=qU&3>xxz-S0HETXc(*MlS_^&vAyT+
zgY8G!*qq=}xE9Au)4A)=)i1R_prh?FW0Q(57A}Bu_|uQlsCn{dmcXR*T%KDQqType
zgGhSgilM#v`HoMeAa)EJapIN2#n+5FGUKlmfim7{@{k9e4sr)^T@o;nLk{Agy0$I^
zi`8okL^+{#(AtFgWoBmD-a~RWh6?@FhAPB`RdU$kvu<AAQ{~4PG7sY&s%VDLrbaG6
z?rY5Dx#=Vm$nL+p1Ss{Yh+~a`f0*Z*wKn;9MKt?+G3A2m&1oAVk|U06ACe++YV1?Z
zjEFl`xGiB-`SFUpliEfI45WJstAjF}+{!krA!@9)w@fyjqn=J{bm~@_z{$@{3XV(I
zo9@QPKkU@7OvM(?i-1WWQ<fLt7U|a&aL6QY^<;h(Dj@0x57MUW(?Y6SF&PE0Do-Vs
zoSL(_SFc(Nsah^86<R)dJX52ELCHD(Mx|kf$UI}3VFz|`)4plkRvrKcBd4t>3eER`
z$DpQ+D)j{CB-4Dr6p_%<xa=b*%rG(asHNIS1b!a0>0Q|O<E>VAb@j<P`U+PI11RSJ
zaC3p)vaeze2q1G>>bV&p?)0jcV6ZqHyHmJW+4yCuHMXHXkt6=@Po6M)9^$=BuQlPC
zT*poE6^+{Qi2!UK$BOq&!GI&78LvwVH!6DcJgig{DrwYc;LyvFkwZ`obR6Sx#YG?$
zH)@ILffzlgY;82caA+;XFfyM@65KS*<=CG6s%5fO;Nqk=F+m|R$f!NdGEGX!6tTIF
zj=wb}ZO5r%C{ac+nt6zN3g>QoU#G&`BHb$vyGIpKyk_T!?ZEeDquNDv4pz>kp;9td
ztIcH@8-T}r*EW1zcEE*-F`rRTP2zjMvq}q$l{^9MQtHF0N)kA`>3r=%;#`lOMkAko
zDbNlozkhnQ4_~Et(sy?~Xsat1p&8(cyB7d+k6Nn`;}vavaDOVyqG6JKed%}@$r<gM
zL5e$$YLN_NgM-F>>nigbO=?JTFul4~ZQtEL)~yn7z9>)J1|P!p%oBy_U5AMy-KWak
z#t-XUXWozw!>xAFe&NSid&G;-k~ux8-2fC0l&9%k2*r(VDx}R;WH`-KVi@(PlNuiq
z<+I7a;-<M$8B@_fq={F|RO#H+hdZPWam{8kGC)^o>Q7o@@YwX?t|A#O9r2Y;YOBP<
zmLH7+vl14>gWj*AZdV?h)^0J)Y1*8e`mI!V5e{*|r)Hl#eB@MF?M>(egb5)kPi$2f
ziCJ)dm2pW29<^5BY`7$M=7-!1XmLpY0C;mqjggvchmlnFB$)pIt5)=So4-ngb8guB
z)QsOQMKBXNKT3aY1xFvPNl0K%{{UK;Ps`KurxTv^$3C<SR9(&h>DH~Df}ntHT>8|c
z_4KMlv90M)vE!PM^VXw&lra(dQ|*WEq;F0shp4G7&fhTS2Q@2liOKn~Qm+exRnsil
zs{@WrQWF<AG`p$1b*F_DLKk@eU_qb08~}d`DR!RJP$Css5qA^NWD1cbSLA}HJdkQX
zl##UkPo+C*jOUDV#bQ~br|MUFbpCCP+>o{~+Z(9&9qYN$ej>-YW7T2UdU?={srru9
z=D1RKf>ia#YLz57$so6&q~fKyQJkZ(@76cA_x6c#YdT94jvZ>rT;tZfGfCI4v{_5q
zOv(uxld8AWSEuM+Hq-S`BAES};E%Y?^0D?cgsC;L(F&>VZb=?j<`qh0A-8`PIsX7?
zR;wom>A~$)CQM@)IPF+8Zlp(U+g7cq`jJ%76g(a?)7Ga$&!IlGHY~B6XPRps_@<Zn
zbKkuo$8K{#hL%3u8iqy-&*$w=WB&l^s&^BJP`e+O9MS^5rFK@|%LnFhkHfuSNgBwk
zuDPiuo#vB!;B&zArfvlF{OVgJlwBsYY^GW~^r<7b5~fu2?N(2xwNaYXg3>~Ew{R%|
zGdRZvm}Wh5`qU9z2Q3_<WB&j;j%Z{f<UCVMEKJg`uhyC+8RPj>3m4A6Jz4TTVUNav
z2(C{>rypbZ`c$Gk0fAAnp4gxS$sXSHXQ1nv2*>{bs*^l@XaU&Vew5O?ThvnL{N|K5
z7(5SJ0BKOiCm8H0*x(FO5(grae;7ahs$v>YXEb?v>G@KUK*{ElAoSzfn1%!~va*s0
zITg|9*J3&Ryy827y$7TJ01&Qq-=1=6&79k_2smtqi25+C=uehbF|7`0-5ph<3msMM
zx<hl9i_kxDOz|{6WsFw<e9=EYLrh{dT{UKe?VS$v{{UsjQCGtzsiV2a%<G0<M(#g4
z>}t;EDta8i$xQllLjYKe{o$G|@(?3+T&bxD!iN6o!K$#XVrm52U)tU;K-(Yju8~M(
z3_20lHIu2^eWK1(11B5T+O24F{i{rkk0nOd2iAz8GH;q2p^PfH<kRkB4-*eJE!0xn
z$C$TwUPVryy@^>+0K=)Ow?PqGG*Uo>sVAW{_e3aELV52|TW^kciy;(@ty{xm{b;6y
zR<UQ;(P2iz#_vk9L$*P5=dDzbBsWPRY^mUZR>+G#>f4%NRfR-%EgLx6-3Pr|D;Un_
zV^CbL$|jCH6gd@b8QvvzMdW9iXhlK$o27Wi4f2v|=@OHW$%9c(8_N?b6&!Y?ws@q6
z0T{A;tw0c8Ld&w?Ff6B_J*sqI@rD>GdSaw1jGIJ9nyGD=rF(bk4p%;u47J~<wK#xH
zCOv;jdgBAyga&-bV{V^HXQvf@;w|xK_?Mca-#(QsSZGoCQvGpAGJP@HoH3kI7=KD|
zruH4F$JhLd05ibpPW&k8jPpR`=NZpTP%_1<`EqSz@}JU^QuAlDmN*|_+DUI(h`3eB
z{d-j_txL`S07ii2j|_8I)~U+5PK-SzC(Kc`K(U2Umo>R%rj`Mu<obG47FNj+8Q`8y
zYfbMXwudEv0CewOdFZ`_dsxtR;;BnCXxm~N+olCG?GtJ;e7Q)0{7q?F*s8C}nD?MI
zF{N3Ujl_k|Aa<*9TV!XxD)U;XCvmE>+(!xf{XOX-jSEXiv-2Q4Rk3du_XS}Mav07P
zi!uHc=B&qkb2;3oBL}k@tCMDEJSZ}8jMZm_K{z~PflV!PS0+fsRh2Hv;aW5G$fUs%
z6pV_C2&a#wRs!WQmHdrL18vSKOC%(1_8inkPf_=cM$$7Ks<||nWdk_Jb3loBZQtEd
z#sxDVa!*ciO)S_b2+8E1N@m=hzn)D=M2f`axE;+z`-G|&2R(CA6gesn9<+I7c^UN0
zFd7^MZV4dcH4~5BjE<w4m3oywcdyh`61d}@p1tT1mw4=`or<_Q^sjK!=kv6?S#$TJ
zQ~Fnl-Hp(&#t)@>w}viE-WjrN^gur<?7=%-9605(H@DJms-{DlLodB|T=UC&#wsR|
zdevhu6$F!Y!Kcg?EHkJz3r;!?YLt`U_02%ncx+M5isd8J;Ev*Dc^8q=s2Jc_*-gA<
zPkdFoi-K1@YKzH+`=<xgR7s+eGj23kq+=z!>|^{Vp{&VmXS8r7LI<cER{50y=t0d$
zw=uG9a0>bnS?J5uz>UWTAC)rpMHW((132`p$#mO0o?>GW?TW(Itf#cJK4uvizzjRo
zREvyTDx18Ki619}-mXQAj+IU>8>L*28OCeQXQYeKoRQ63L(V&&TBi{i$E{mk+0953
z=bX`zO<r+M=dDsDk;&>mD$cs;gIY3r`qq8PCwE?b>c}~5YA-g<bUo1j04m_49A>>6
zQW%Y~&3XLM2(F|-&^2{o`y92`Py>#XW`WX~BLx|*qnwIo%VRYPFF8MjAtbRho3d*r
z?ouaK0kfX8^Dk4LaaHrqJt#Q98ShAD<(;y$Bmu`CpS>jda+DwnTU(V>jfX-o!_d~g
z)o8?noQmgdrgg<D9CX&L6qq~%Q`;$1hCKysURk8^_6#~2#R~Avwf>d0Ii_J!or%vs
z{;Gk~1d5z;C}rF$p{t`3pCHqn1kq#oha#Ng)}vM`*fj$i0}_}$R+3YKDn?96y?=|S
zs3+<vy@k}d9yW~hG=%=_4)oMNy983VUMchfLBQbBjQ%vt{#5n%G=L8t)gRtqJ!x5~
z_RE%LBd1C_fnabkNKOR@2dy=@6`>*%QL*NisivBiG&jE#DZyYpXzF^?H)33R)RbC_
z*A+i%g*a8kNE)pYNI2r891d|zPL%L+aa4pZedwcY6u^xMVbqNBPXdVtP|dhwoD5RJ
z0QrDZfs%cyGo9yho_b^StO_24?8xUMj0$+=akm4x^rmG&B=PJ;C~S;|;CpnSM4o51
zIrZREmA0NfqL?yB0~pRlFFnWNDS_MgcgNRuA}eh}b<McKnF0CGe_Hf-ZY}Svmg3q~
zmKg^Qr#0Y<y+%RBYv}$Vz0u{}YazioXwThm{=dCvI%-=RLaSOc*a+L-r?oEZkb87B
znWT7v!&-q%ZWerHp(m050M@N65PhqXQEAzoagu82e(V$csilD9Cyr?|-0}S?871Sd
zwMj$Wx{PouoYiiOw?0z+)b2Z<{<T=wb!haRDr>eN$Oa-z{pURg_53T(bpHSmm5rA5
z*tT=KuUdZ2QjO6PsTjL6tr=y<w`vzXJJmaTw77|7h1JyeQ&SlmJ$|)|O>R}uIXiLO
zcBT=yWllM!h6k@F(wrD$ibE^UYO}6S4cOITGuyY9a59~mv~mtqeJPT}91y?|XaX>i
zpO|2S-kqJJfI9J1ic4tQq9voxDr(Ggq|5Rg5!4>k#7n<E{`Aw&7@*{K=hBlW6vQy+
zIqQl;(~5ttJMm50M?xq8ha!;VoDa{^o!8s78*(w)fFmc@^{1Q_%`o-pNuK$p0<&P!
z0txH*(h>>jNW%kzkxW2HJXCwxToos9ITU9HJx8adH1Wv#&?BYNFM`|#JSEBGc3B7b
z*0c<4HDZVUJ?{A*?705`5nN`Ua2c8gZM)7@zq-SruCgZ@o|rS0oey8`xUWW(`QmWY
zk1UE;7UB&~;vx52_lrS5#E<U`)YsCPme%l$I-f389gQ%Llz*^mbgqn<T0!zD7~>$;
zZiykZ)o!d$-DBn^MQgGQvU>6>7gEiprDuM;0^1zY+1w79mnuOx&lO(V3+6=b#G%Lo
z(yWFKHw<9&Rp0kFXzIUw?KM^q%blpv&NppC$Te_nJtI7f<Wfl+$r}e{Bhr~>WOz2S
zVVC8nZA25Gk|I2;U~y7g$t;%YODH3QnvkhH8AdUTRakbxcJZ++AC(^T0cn)5+R~1C
z)q7p4?F+di9FL_~{o4Nk%QKVjRp&lb>2Q&e&eM_FfF}YB;Io>FGSJ>(K3L`IPpw=c
zYyzsM@~Cd%l1Q>h$mxU7(*k@+pY_Trh4L86+$&{}^N&ik43SL$VHrJ}p7ipl=v84n
zj`V<yaOkeN!5PS>sxbZ&`BQA#RSy8d2+sieRjf^pW>NUl3y^`4&w8UgMI^{lRQh_>
zhBlmJ9y-y1-<le@?q!5-2E+MNgfblbht{<A@#{(lYMxQt&ld8N_i5i|mpH~d)$xz5
zE<H|Z@`cJG(fWL&J*gVm)Ms!Vs{TDc8mD(KjYdJod{ocfR~&Vfhrws(3`x__cdFNx
zcF<p|M1ex5&5FPFxE9;Yjzk=Cb5tx<bvYfkZa{b*r{1_``L{hvaZy%9S?(m4a@oT2
zFzQrsRHKGlf*NeId-krq<bui_h=8~pD%LABaAltxiOB}Clr6EUmvVhQ1Z&9Sy;_%2
ziUhzX{A-!K*2o4pSPb#SMQv++d&viHpzl!P&~qlsx|Y0I{J77|doL!c+UYl!^NA;y
z%ZnX9imh2&Bs1)ILb{w0TZ{5z6$Xz&2(+7PD8F+M-;P-IH0a94{G1a~%XX-Qbv2c9
ze;VYTJ@ZwtlQx4P#v7--S=yyD!R=hNzOJ$>Y#{TD=B%!$2UGgdaa!ioh=p;H?@$y9
zFnI*$ilZK=u0ZcrR^Tzn>GY!DlSDEx1ccywRaYdY4}NOz4Y+^+BBE#meBJv}W4T*-
zzzQ%($s&!UINCmJRG~J$HstipS&awH$33b-<NyX@N7I^n#O5rK$Q^3jQG_{iy(w9v
z3xWLU*e+x?RF&v4l6%!@nB#K}2S7z>Pa*(w)b^}t?v+`YuupD!QDC_g(*i#3Ju}|B
z?*rWL@XSD;xa_s&lix>-mIID!vG5(}eI97~ZIqGpHPeRDM<y#+oynJ;O);herYeY?
zPw|R8z;n%Z+~Bc1mpB}nsMid7ReP(2j{>u0zHuf2!8M$vV&fA<<vHj1)D1s5991T|
zoA|$#MAv7z1DeUnny8m#oa4CWqc?xv1mnF?H+!1|ia|P(K<)3+r=5?H7GB~boR4f`
zqVprqQI6FE%(ywn6<zKk0Fpo*aYs1$4HcIMgNn=X9m74Xykz7TE%^$M?Xi+}?!{;7
zlX<2r6UI+8r&02>RXBUemE-4%xfXaMty74KyB2t^Hg=-qK%RTmrOM+ReQLCPRfWz+
zdPoZ^)Ou5oCp8+LITXEd&p4_?F|u?Rsuvl?F;|})pXpR)>DTL4NrR}2qXX$&R;On_
zn%7AaG$(?<X9wQ9d-dEH5%e_%jT*@e%EKTxO4bu_)XH$?(DU#?s`9o@E4kJDFAUqI
zw8SzD{J+9~!nn)ZIqfAeTt>+LhrM+wifcobRNP*r9o>N9mpeu~(z@+9riCniP)Vr)
z(Z<j7bRM;88zSH_Boodkw~fG6@|llt1#DWv=0)8bDL$gJl<aE=UvReY{nW^^D}`3A
zKkSRxBG@GJ6myRC(&*5svqW_JxvR275>TOdJbfz;X3m~Oj!xRZ%trEa=xVO5rXY;&
zP#6q?E3T5+Rm&*Hy;0Szyz3|FxDGw(E8H}(=h!HAusIa<KjhW@Lf`!zWdoEP)@EzI
zocW`3hNO92f<@0FtGefo^<z9#4mql1p{Pp@xxpO`LpRR5fWcFS9+fL(5Z|3POpHps
z2*DoIx&?>C-@9L>J2`K{p#&fRbUcrxN(Ni-phT!C%y2lQ+!Rzq<j^o<R^w2yfmNeW
zWgnedClul)FFmP^OWPTwJk^M4=~1!fq+^Z<sJqf&g{tzBCqg}Haf*q?=~IsN45HvC
zBBnu+P^kI2smD$#(JYrZ7|&WiI%hm{PXyJ7TxXx_MH}|<MKKY(1&sXJ&j8a$UU)Ro
zo!tf$3Q~Q43g;|#cpG^7)5jz4E^078FF{TOfzVI{hydevUZXu}z#YRG9_FIR$j|3a
zQHEd+PxGb)fXC$?oc(FtzUb$u?@=LL*u!vn!KpYI=ZtaBIi@1To#n-i%3Rw>Vwrjo
z-_%#B_;<uH>z05v7U?*V2T!Q4CgcvidBLl8H+LF!z@FAklHlQmOyH!8gxp!|&TtM!
zYMg|Y;B`D=nPq&Jx?~p-$-FdUE#EljHHYGjWazpylA*=Kzq^EIqaObNfabXQUF>#q
zB(8CuH`RXKtP5D5bQYOjIy3(O5&o6R%;fN==I=`(0f;4uQN~Xuqlg!i%p)Ll72Ore
ztZ>RsPVC#!wF6~vq_Gh{3_E>mw+BBm5z{#p=PXrl0P9^2iLR_E_G_m*K>1(LdR7>U
zT;B9eXjMzyXG|9-ARZ~h8QaZ46~t2~nGA^Q+=EhXB;<Fl29Ck!?|bKrQ-pwxrjQKs
zF-_<}=71dQ!0sxP_MbPI3ELq2ja^3M@J?tT0&p`x6yduJ{#3(cosX?fP=lIew&^g#
z51}1JK(k3`+a(*~=o`|2EFLm@Q;rG9;(@kBFB!`ABdr|t^rj(<yylynVxDu)6xKK$
zI{MQAr@y}#H6I3_k~(zlLE1(r0xZ(?80$z^1A~fgPJ7S;il6?yL`DuN`8_fE&_-9B
z=9r4?FmgC<pw~&G-vyB+=(3QKk4GI3<6P^nZ^+d4Qh9Qi+~PR~53%fPYBS}LjaYLd
zs?=lH@4yk<56Q=RiWBBSr=OW{exjtcxm)`thHQDO^0%`N^<LX@d6Bmajhgh}?r_MF
zxK(4=?KPdN+WGb~#0Sg<<*imwOR2}qGAb7vl}Y{}RjITjMWEgNuSteO_tb4~tzEi^
z$pZj(k;pZLpp$2+-dHyPpE5kxMn*}^IO>GR;dtbQTq!3Vsu759zG87Gz+Xd8wce6R
z3V;ClmX`GxL?j?Hq1?RC1pffL!TC=WUgsfJSmQZEk;Pn%-bmI(#u#RXNf`)c8-BD1
zU*56?LbxL$n=DS~L$dHaY70yRXryzwPZ;#=Rzk))mLh;6wB{X>$V`ZKpIV=6BZBN|
zuw=Hp+*Gp5^7GQIZv*~Wp!dZ9L26zrlLTNYINUumS8;KkWkKzlqj|na_a*}`BX0oI
zkvNhikar#E0k<*vQ%5sO2vhT8(yU_Hu>Sx#<Bn=Ft0ZK0BAaVD`JmVVkETaaKohe>
z2gsxo>S=NR0PCPTo&x^><Fud<K43xmb*2Jhmuc-raxqIl!~pTdE)G3uaCq%TI?y3I
z;}q6F%YvZi)}+T2V}U@^DM@J)p<RoE?N#jHxUrdxMH(~wJ?l`fw@N~t^HC~smgbSG
zDC}k4z3cw~s)ZLl$*dcj9a7-_@=&9`+UyGCW};}6=Ydli5Jry?HgbAil^wpJ8M<J~
zdIRfSlS;O!@}MIe0n(|xj57W72BOq#B$CC}31nAMk<VJnr5RrFHKkoeS(PWcjyc+C
z9d{F+wOZrEATA>LnEqAHdA?`gELeBWX-oPH{v9id$6Ko2#mV(+iE;~oPjOk&JG+9;
z&Gj_9S%~>hwI<03#?$S^8Y4G%xfy&6DJoB)#YXoNFG-*Csm+|^ecD5(OvGg=IUwa>
zZLPhx45a72Yg*sLQOGgo1s;ckSr4Mj-4>hw00{ie)Ebv4nnlSSLhC5tW<?zI2BbQu
z80RCka>K(DADeS7J?ZDent~7A+%f+EWsmi!=0)>9$3`_(1oNKs4OK=m`21^|k4!4z
zE@YY({{U$4e;UzW4F>?3os{<mr=1jO9ce)Mq#uc@@_2$AAKtI$P_Kop@OPF!Q&X>p
zEdb&%_|v$qXHT!k(OY+>25TaHLgH+Mh>Z6&)c*itM;Xc>!1k#>vf}CGidPGq43?KO
zzGP$1Va06d*E*Jt%+`!ZVahj3=)bYklBzN2YFM=Gr<KMHQmZAgoS_%FP<W48Zdp+W
zu&Ecs+SE=62<!B%HM3mcuRiqTuua?np8Qsx+Gc*v1z-3`FK#2t+opT-Rpr$0UBQhI
zdhX`5+SLPO4ZZ0Nnh}g(_o3C0DsegcjbmCJ1Vnug6<7OfSl!GKH`2PVu%~qgJ$R^&
zogR2x52Zt?GL#~7Ew1XH!)YFSb6Mw8*L?P6+JK%$E3`HM54bVvDl=e!V*@$l5lfy!
z<cY}3sOwV4fWdLpflCF=`tvGzoOQ0PwDka;p!XvkX!`<=c8qqRRFV!zoZt3_q&ZmQ
zQS_@2$vo&D=N@Kw+B;V8v5mPY#b#Zgj_s9t04Q^l+^EGTphP+69+h$~PH~#27g5Dr
ziz9>5pwzb=SVlX#XYi`1PAbB&@6woyN_rYqagqmN&lMV;M?YLtovD(>xXyXSQlA{>
z@T+go`gP=0N$@k;trBA1@(8H3P(s`cb$%*qzCrb*(#F(w9oU+#g!L}URDCN0Rf67B
zWtb}{?nP}*+#LE>AFSOpl9W@%XiRM!)#a*-h7dMWJZG(G*y*aM8M@VreKe2@{o}|L
z)9HE~Vm;56KIW=bF04c;S=?@mr$!epqbH!pO5JTb2LlK_jwpuL$z|sl7!`2`ai40)
z*sB~qNx<NJDoNLH4N@`Z=I7p;-N$20MSSiU{{SMZ-5~N<XPUFO3~|<@ln0H0^rkBu
zo~3G00|As_iseY!<$7S^y%uOzYj%yh*9WP<*4KqtW1M|!dNQ-Ig=pPet4(AWr3Rmo
zitF6uE4SUICI~2c5mL%31Hq`+V@eQ(PgFS{Lsk`l=RK+yB&d;kjtHdO0OO}oObJ=2
z6wcK3=M;dR5rMnjq$i)PG<={BN?h|+gvU}7#V&n0rV~^lu4+1QG}@Ll9R_KtGcwbS
zH9yvhk(U>zN|8X?J*p+?Qx8hf6362p)3Lz+02)AerR`K9+eH*nOhr&~@*X%moYRL)
zjAo-xm@&ZQ_v=z8L&r7FST0US9ck(gbDZLkE(zv^Ba_&7pa&cl$Eod31;4$?7!<%V
zao(QTz&+1e0CzagL(tTLa=hRJ*F7nO?Hhvfed$AE3VI$*FeUrycJYJTy-Vh9a5(8z
zzyO>Ic6xU`sfg<QEvuUw!)GzfQ;-z)Q|nyUi}jPOc!7Mfe$58x;u!0L%YG;H#X1+k
z2S10UWonR!F8swGyJaL3>r=|Pxr*j|yrl`G-sf*QJablI0b}Ig4tecWErE7oc+YB@
z;$Q~BlaBRExh#9iPJc>#1pVgxstA{iwhML@GQUi4J!zp6t=#&3(%jof%B1}2Iv=R6
z<4M)+^=LAmB+4@JpXu#f8)4#Lc=o7t>#1z-5?Gw8q2jWuNl(<$oks)JlziMC4Ly^B
zPkxnF)?smL9O`f#cW`sfKYIg?wdS>FW6)b%WU_f@AoQqLP)7N2^HiG_LP0psy)*1l
zqvcnhS_DlTo^L^eLq<qDxf#baAS=M&gVv-VpYfm!^8~i1%(rZ=c}lSb#CHqWIO@KY
zA>4<aMOL`BSsTnlwn5Q_09bCgBc(LAARG}@;=C%t8^4tHZ(6iKEAsrq)|iO)U=j~}
z^GqO;4NTZ4>+MmtLFr6G8`79T#(PuSlb(cDu9@M@OH{#Fytuo(oDagPF_fK<oYYm>
zhF1si=|)CIPd!C?UZ3##!2-4I%SheEa4ThW4I;r*#cKn5<0iUegr8jwd19irJb_}C
zQG|v@J+`4V@9cd=&&y$OLH__?*Rgq!$HGR6KiL%4y~ja{rG-m&N7h^Dd3B|pt8H+S
zwT;dgY?I_afvrg)nP-khf<@i(K2ZJ@-G68U&g@Wcko6<+6}&ATrZRlT3`rYF&OyUd
zNXM9fboqxh*~l!eLkX?pAoVz`%iRVu`}-&RqnOX7Y^0eMXyA25Hd?iopu8z<kNDSC
zK4l%j<YKb#tXAq4iPt!6f!?}1dlnYa1|Kj{kxo0YGa^{z`&2HV<2zUiy4J^O%dZ2q
zXp1wRpPf7GeR!%7jb&`!Tdd9o*7<&wZ|u>IvYdS?_t^b;r8deBRUeH2WD7-G{{S#C
z@`&2U)~<Or*$4NB+O93S6NPmobs44mJZsg^W7N^0^)l~mA(}9;hZyH1)s<Uqpgb(Z
z4o>Q_O`?74s8_!%Dkr?sko?#1kH<8wg<*^!XxUcW0!9JPN^PPgtXl*s{Nxkbv~8ob
zyNpW&yU_Onrxs9-yT3X)knG9=a6aw4L;eF*(L{G<;Zc0X1a#uI*3JRIPu89-AsmRs
zE@T#FSKBB50Azg>R8l;XuxI3f#szM9aIf$s8{k39Mn4fpI9S10T=Y}<Q-!RDq;L6F
z(Y>@^`EMTs)}w7!$$#a#oO)Ech<vQg7Blq`8jxw%1pUB28oB+kXnHd@(P}fS!a7AO
zW7?(Git19QF2rBia~`Ef<4^v|elsG{{{U-~(htq4t*T9cL`XiZQt=V)Qll=!gGw0Y
zQ~6WBvSQCNHADTQaNGusbM2aAUfgFMXa}$Yq2goQuVEt5(=CTk$G2Jqjkjp?^)-d4
zrlE8Jw$x;W$5kK@)s`=1jl8SbZX=VXOP#Iw(s-ziVdQq7WwuZGWP|Hj`jpntz{|ch
z$RhyrSeqho%enfwsGca0k|Q5lhl*VhYYh6cHFT&?DuXArFZN;s!jF2oB`R=0K9w>$
zxW^go&2Tn$EeyZx^ar2>dsD@V?dUV~tumZv*P*8QU>;9C)C{1uXbwGlRD#tM46ZZn
zR!mvs5zlH|U~qHoKo!I&ybup=l^}&Nz`zwJf2ih{9mnfP2%0^ZD!a2ttQhBR2=%G*
zMo&{n0-k^UbOp%T80JE<B9V@SW~q%jTXrpFF;7_Am8~tj_4*o87@pr;(O|ilx`&kF
zJIIVDKX~$|@vQ(AkTQ_UdJ#(`YbunHLn-V=YLjWN2{KsBVsGvqRQ~{l77Le3gV&`n
z$H*t8Qe8#u+imm)HvanZrnC{`l{X{qQ`~f>1Yt4lQbwSjl(;$LnpGI-LJ;pLAG$}c
z(wfN2!y(D3LY|oe-lWMR=IT3|vTjz|3HgEg8bcWBYSSj*3UGUa(xGJI9MTyU;-KUV
zdeB)(;du2FbOfAWbj3x#=E8yob47rZsLn?j^r*-OgMsToV~?00W7>jq&I1Zo0U9%m
z4n;6!eo_djM?ZA)=}jcBUY+O|Z6}eAohzHXZ0Zw#y^84f4oVz*8s=`Z_WAuonngo#
z$$~xV)Ly5xRF99x+O5VgI24UbXn5l|BBW9{JX8vPUOLl|^V*svmk{^o>r(FH)~h27
z=QS#xywk9UIT*)dRPGONda(UJtyGkqzQU;zW!`i-;8NKx+jR%28O1X6?!u09#aV}F
zPHC`27ex7O&q3>4Y^c)DkTP>!b<qbuPL-|j{{X@<YdVYH-)$B)?ZO}VYW;`McdCS3
zoslz|in}>$Gz9~YcsM+CuBOdEjX(o6)cE(q5GppeVGvdr7f7FXZZIDnqoJ-s%5V@y
z-8&jngM_TdPNJM{jRF<NJRa2FyPkNb@P8kAY2)cqP|}$m{b_@N&r$1AV+XEtO>xf#
zfFPAfJQ0ITW!yfsGY&m!G(Cu*4CmmH`C_@h5!w0H#&pKy<ok;0ZU!YJbgb);9x|tp
zYU1q3lDa(oTO&TSyXp6E8(Z07KX<D8ih$Q_UD3eRnC5OO9;Tny9MOtw2-NLveukRM
zv9LOIT9L*Z>M4!$C%EKPfaN@YDwYwK`c-8$ZXOptw9pfF6r!7+eW}^25V@uk=}ylF
z6w^-NM%10@T9fNiF=-?J09q&~ib#2r@T3K`?NbVgI{j)<*0e;i^!i}yPac&*7a#1J
zDCB?o=%ym9Yn&5-QZGF-$>~BN0A~dIcBwc69sTQ^v88Y@P7NDdI2`uHDL4d=sH4z=
zPCJSKG4g^q$3sphJ#aaobB~v|JYtt-4;=TV0x>xNQ-{pF{<P3Z9Fa@g0kg#bNwvBV
zaZAQd4?V>L?x-M-e9(Gr?hZu&C^#gZJt@~vi|a!f<%b~q(qtZRLB{}6t8J5^<aMA%
z9s~+Q3^3y!^#J+Yk~$jE)?jVX%%E+5yg~0&Q{@=N10*MNXQ#C)w;e`3sxaS;KXA`%
z`co4mErcVjK^{!Nk6vlc{{ScTqR@Q#KZPAbq0;Hv?DhpB$C++^@{!Z%Yp{Y?ZsA#C
zZOFr~aqMf&owmvjbH_YY-9J>g)27`6{HLlOLHgD;s443m&1qI~(d>8TJPeM0l%qN1
z)lDZ?w$&5_`6dhVL{IYdtrHGwf>CjHXKIp?x*_t;duJVKcH<cw`qYS{b{JFIJ~$-Q
zfdeTg1oiJsF%j+utywYg(9?DhITY>%Ibc~+Yp>%}fttaO{IrMDxUHiX8-UMYQ8YxJ
znV<^M$sFh&CeC|jr7ql_b4;60bbmV4w!d}kY6-7HSk5E{Io30PX`wTv@O_1*r##nE
z;z*!<iaQhQUW}}%7{CAynCV|Xcpt_0IvjHu5X)}T;zb9M?_RHA;~f`Nh%9%j6QAL8
ziuGvnMm9&8SDCxBqqw_8U%Wl*BKuplvX6Z8qWTQ-e+tFabe&rMZ!*_ZwvsNYo3V<`
zo5Fg$u@fRB(ssjxT3yLLgs7#tdT$-s#QBXGuzf0p*N=qKGkuthp53a5@Lsc@`1Dc#
z00R{&_#0Pmy&MQVT0vayH6K%C;JOL_013ezU^OIuH-wzLZoZkP4+NxRH`=|N3OeDk
zXg0nC(njq=Rcp5&!5@Fhg-U(F)Th|j)3xZeGqTthW626LT^n4%qu5D%e=5X^GlF?1
z(0ZEld(VnC8hmEk!+J78Kj*BYllThc^(}u;*KdUP)3cx9LHAeaDz2f{?29?Q6_M(8
zSAy`Z;>HJ?^99FDn$!DKr>V!`Twa@Rbv2wmUEHy*!G&H1D%i1=obJ21Y<0`vRDER{
z`vz|6cUP-o?PkEw)l`wqbH?|?Z`JLi_cB!9*|BXQ-b3zO)Mrn(AM(#XT9=9+)%%*7
zUF*fByn2oFM&XI%KLW7~S0{(p_|HUK)%dNTQGpU?x64vwD{!hku~P9bu>P*QjnU_W
zOqOY6ytuk)Kpdgt6)nQ)mzNDY+Fi)+*XAHnqkP=)pK5W*Io*n1SdjgML`XE`I87UO
zyR}XviY3f?MXF=gp;sgC5)W!{arLS8^BSWP^ct1WO|d1kOa0Yel=i*UzvsGO_EfCx
zqn)P|<(5EjPDL+mKI8UL>|Og!<D9kg;Pt=*6&W%gzjZm!`*^6;#F_pU?@OE$xN}L=
zlj=Wb9>8H3EM7+M^Estdi>}P))X;h8bMH-HI-b=IO_q`#JhdkZGARq-{Hh1xP-khy
zH0G7YTHlgL;EGQ>@CKpkI`Szy9FF`_xa?T-4`YrxdeA0p9m9`WgzzXF^b`ukgmOCa
zDgI`A<keB~_cW?~MokwTi%fEIe+*PoqDvV`5IXe16xCtZIQrA~4cP={kQr}bHL=aB
z?u`Ec%P9_jBT*&TGWk*i6up)E{XJ`8fjkdNg5usggbON$$NA!r(<rbX#n<aej1E4O
z*0Z{|C7>pFhg5ThA45qT(ad&(wZ~L$4I;}6aOgI-AXK5%`Q7+cbGZHCk9<%%0u2Hz
zVEyh*8;$_$QKZZP&wlkPlwq1+Aq$b$+<MRn9s2sxuo?Bwr)p_F*z9N!;6Udb_Mnl^
z6x@O_&){iJ4?-z`&~en`-kqOAk6JKs#~7yL7-Bon1c3fy)}9Yj`cy>o(~h*Ev-JAV
zAtV8ms{mB?HAVE+NAoP?Xj{6DRQ?sAl6!&mp<Joz4t=N#nd_*_Y4YE~RA-4(mHz<i
zR*X``ItPuFfgM5Olqhkvz#xu>s7a;8<}=#L*3x#z-9J%9hjUK^4uYPp2L~rLkeZdv
zk=cK5^8WzOSh*klYSMz{8>HU^s`W{d(J)M84pg3=l-A+8^Y2I-9P^I!_HFC5k(vZo
zkZ(A^4ej2e3A2DdI-IH9^9=jZ(0t_Mv7lvq<E{p2g>pdyJa(%Oh8=$qP!v50payOu
zB#t|pUE`)f#Wjfso@s|^B=pZBkjJ=I9Ah=i-Twf{LSg>ZbPiZ47|A`wbC;Z7$bC+8
zLn<4R!g6qb3bz^K1CM&A3j!+Qa5(KyYEC;0(}AeD9=ue8IQI0WgvnI@0FE<K2S2Su
zx&HtfLfAO#REZ~M80*DVnfNA=<>sl}PE-+0L=IL<gPwz}O_CD^tHd@2W636^VpxPx
zmToX9g~rDN-OeIjGt~MD=&fWrd}$rCG-`v5rm5Roi+J(;N0(}wamHCe!Qj;`3}vaI
zbF1Fm=~q^bCiR*oO|9r_m9_a!GxGXY!IK?_UbUNcf(w<M1|yK*`yc+j6K-0u(zJ9&
zgf0r=tP#9>j+I6R1+psQAD2Gfm6^ES22}G&+nRKWGq_Z2z?^rWLvxR(y+bF;`39wK
zM?q0P-3Js5qj*4Yaaq%lRP$OlxoEzXks%|~^QuI%nAhUrCLehY57M#0$Q9G-QHdd7
zdJ$PV&4{#XS>s$obqdJ5a2ul!&-vF~C#8-ms?5)&rc;3!txU$r(xb@DNXH`;7f$sc
zF|rOS@{OnmwNnFguhy-TO#u9#{<SG5tuzsyXwOkp1Htb|PrWo637`g(%_e!Hy&Vs&
zAO`740sZKqx>I34z7&AIp0y}75>$)UwM4Q-9+cp7O&w|VNJEC)at3IlwG_leyT0%r
zk)_;w9<<O&T!D-ZX;&<`1D~aHmJOZCM?XVO7#JrzfbJ=)_c-8z#~7zCEEsxXfF<B#
zj&ajHY9esQJm#g&<vAxkjYJP7n1%i>MhB%XIswl)G;J8k$@){c&mB8Z1F&*_W14S4
z^gfj3ZN9|!pn~5p@791EGq>B*(v)&RAallh(hR8ic_*hdaz-}_0FhB=f#84Q;Ahsk
z*-@jE#>1iMT?&$?c6sZ->sh+QIGHXG4X!!*(8gy1K^*f=&piHh7(TtJ#kx=dBNDh6
z>zcD~kO0TcRQ~jWt%Li#6UgG46CPjYK9uz<vl*)Ba&w+)Kt~v=6^n69@wjv>t`2ez
zF<n-d;=mD8QBqG&HAnLm$0<K_(}Oor#}yN&8LLRB&QN+DuMDu=#3Y79kz0_;YCw#v
z2po#@T`yL;(&a4!{G|NRo>j;A*MFt!HhQ816uV^uEgNu0)7H2u(3CY=qq3b<Js#!k
zXFajhb)i&qkJr6OQ1IWaIWWTnel>}x!wQj+$FQb(M6NOT;-~4`q3cp$k;ugYC_1vP
z6lJ;r+Nj;>#`ZHD@t|yQM_SsDB1Bq3p;wZ}iskh$6j<B4C9HpFalvfie>&QlPobRM
zx}34FlG9SZwK0TJq0?_pD>7e^&TCHdRk*vjYlhmc6tBoTRukW=vGWsacO#*#?C)~~
z)vRb*>bI71Zi4P;$n;}VN#bp1%`Up7%9GCx{VN<x8y~(YS(Ne!t5Rfg#q>0r#X9lh
z`(EsVf4@=x0B>s&D<kTcY_0c!l=E5KXQ=$?MmK%oihR=UE=cw!l4)FnB(C4@F*O-(
zaA_Vy+rtjD!#sKGnp%~jEFk8uK)^_#umqkx>m1%TFryW3LyhmX%UFpgEzh+ap>w>m
z@q*jI91>dKMmFVJn%T7RKA&_#mw4F!0C-kM_7#*Y#m?iL<*FHVT^CI|T2Nd2kpN9k
zv5Ok3Bz2FeT8s}fcJ2UCoYa8eWD}2i;6LFhmFL}U8rvX0DF<_YCc0fCTwB~lFbgs0
zM@FpYOO<G83YT_f;*lq@>?l8<W15GF7mga79mn72J?jHfO!vkGF8=^iie`BLbnIvZ
z9!Ua$lVl&qrfH>4P7WK>)|gJvc+E%{9{C@rrU0&UwD4*Dalkq3DZPMxK^<u@%6?pt
zK#6(esLf2Rxp2a(Z)|XQ?@m@fbOAsXe(As`2c<NQNzWdJo0E(lDZ@GEnm`PhG|V2I
zed<rU(MeP3+MK{=lRyw-XvpKSqi{WQPGCnE1%H({86LETJ3Lc&;O7*h++u<_paVTH
zdUmB8522<oBax59(rzP;J?H{p!ycd3lo5`jIH-4fQiIP-gW7;BE0gu73~a~iQK`V_
zNTpu9bf5<n!N??I)4f%?vV!XY)1J({5%|@>K|CCBMn^&a0PCbP72>_K&U14Z{{X&+
z_|n5HcO1mykGu%MQ|>EV@Hy|=sa;q@ITB-JgZR^i6j*7Ia-d{qj!hsSbnH7Cfz8#U
z5i0rcfy9xIn0-Y{8^t)?6RUkYP%>{YsOO4sbt94Z)I%e#Iqyr3G7f#H0zv^fRtNB;
zDsl5JF--^1k?tw`x%u)yrXe$d*FJ)idCocfX~V8T>(4!?Bjq5Dos9w;!(+eGgH0z4
zc@68H2&XRLjlVHHMM}0)%Yq^!+?u$;QrQzJ#yhc!#~JV39@GaLy7d)mO)g}#l20%e
zMcuRxzO|9RJ$`RYR?))E@1cybFk5O}G6BZ#&YEsAxY`K!?Nv*VIOFPSHkk)k&$V<%
z3kAEmjIlF&7G#;(a9Ku2Va-x&DEIl0Ifhfw)7RX0sN}wiFmr+KO;c@D&v6_Ojrq=4
z9tBk6Nk-Nt5~$_5th$Bmh(BzP%#8m4%V>x56@Ck=Yn1aKlsC}yrdpOTD!Iu6oQkhL
zk!>sau`^rBe~CE!#d+3eeukHsl{|Av^vLG1h28yuDR&p05a}d+aqcShz4RArz8Mv}
z5#REpnCw|(`S$~lYG(lY<Dm4XhQYz)RAeu1+zMof0y)6z=xP}dryylVP<vE`Gn_H!
z(vUObYk)^$I?yr(U{{RsSh}nPvd*J{!+UyG;XIJTo`9b9PUZsew0)R<8K7y|n3l(q
zO=u@49)h!AIAW|hQ-fL&ob{+?$g(l{^r<>8_*7%_$>)ktaC*>zkK6|x$E`-s@{i?6
z%yMcnMgZcdk&efcllj$0UCov`KU%Qw_*FTi=N)}2keH?Og;AC~VzlhyTXZbzx<mR^
z8+<}HWEVfh=~H?69Ov_^NXk;Ve9RBs;-P8I4oy~O-Q0tkjI$xmb56t-{?OSfPfpbg
z?dHbn$K@mP^r#G@&{IsLj-7q_Q?M3nW)7fZ<_89~k+Phc=VEgWz&ZI}`PSSr0vGyL
zEm@rj-4mWU9V)zoXCtBMR!PXurx>c`^O26Cq+=EPp1tWDf(IOQsGOKiPB3aFxl#D^
z27%a1fz%EKWlw9rBm;`jl5`*v+3r0mq_-sf-;{S_{VCiGE7&B66OWg;&q|!y4P(I4
z#G^MBQkf$4$5KBLpUSOBV`LzVliZ3l%fIZFln4Z{%t3LUN7A;ZQ75U-R+DPz^T5G{
z8?ZXn{aa3GbqU_mH)~SGqd4RP+wiQ-$2{>}DoLEJHMsKB!fB?I8e$(2`Sa*1ebrtw
zhBYSY5E6#XE=@zbig0RRNk(b8q|E?3y)Sxi;Y9!s(vsi(aG}mcEvlEF0A%B)GeFDA
zc*RIPsximj1bsz0Tj|Ych-9O$)|@(EQwRAp@M?rObnits1GqF*2x#Yp8P61>A-%`F
zIfu#!&U@hVO$Q)nAm`G#%LBnbHy>JYV~xa&pIT;cJ%?jXPyxU>??4I;-1Eryq#rxu
zAY;~*vJV`3aY&;qL8c->_lQ%0+LWmj-KPtVNI9nreK?>1XB?lvj<gO*Cj-3$Ip@Dm
zdN!Qk@=t02ReT>(eLGY4fw*HEzdDZual5}bp^5yc0m?^Q^XctUT)-|Y<d1>I<v8eS
z5aW-RkLOdtCm~y*pblVgDRaltpLq$lx_J8o#X!dZ^VXzfkTxU@?^YeYUzhQyA>e1F
zIJazZO#>VaNC?MpJw-%1Qsiffpe!S0R|Mqsr>XZOny#(-Q@3%CPW0|cVM)$^8jwu!
zva%LZIuLMbvNx#U@J%?$ft>OD>4Dqm-Z3hR7NEQ190?S2`1;pd1kg_qmI)R}&v0wT
z;&$^h&>u?GwAC)GWD;A-$&T6J{uR$WJY}qOHidSydY-Yt;QeZ@p?L<EXx9_J$U1+t
zeJck|@ol`(V(<4dk4{4x#_>(@zMVvF8WrFWcs0!$GUl|6<yCUs6*WC-?^<^(?6&Lo
zVh8!wSVr{7rYp$@-RNnu%PhFuNCU90q>@%gGrQG~XG9-+pFz!K-^2`tR8kc6tHL~T
zdJ3m;dl(FeyR*SG#AjxgwFjO>B>+G1r2OeKPM`&#0!RQ;bMI2ZR7$0Y0-9G~PaG>6
z7H+g@`kcC5;kma}^EQ=T!=`Aunlc1&wp8*>Q`&cA@tUdGJ0e$d<=(ZZUa@KJWI5~(
z1ymAJZ63L$$NvDTpsN-kmB-y;E26QUXv9nj+z2AFY^)z|n<y&1hjUxHRjij6Xo@m(
z$DsE#0qB;~87<<OhBvQYdX%4=oP+C4MNtBxk%R$pM(-?)cJ=;s!uLBC!^*PYsRa5{
zhyC;TRD0P^A22-ir96(k_#%K6NnQ^ioKcb(5x}Qsj2^zew4@%xiU3uUp2yTw!-19M
zdxCmZd~XM{4z(in9h;>9IH4bKWE0YX&T;@W<vbCbXQeN<dO$D|4o4%cS<e8}T?Ydr
zKa~sX(wGzO7z_{B6u244#!W)9eA(irBlwrUQAhxhwC92RsjQvFI2?|gicFm67-8Gi
zfFUH4k}^ArKzQ}3%ByGAqIJRd=qU_oz)l8K(AfG=S8h4U?kR^IJt!Es<ZkLX%{!jM
z^rnWwkWXq%{G=X+fF%-Rx#RQ2Ib;Xh=}-(Db3h<909YsHJRicIth;@`TC5y{oDP)!
z817S#Q9z3XjAN1wAs`M<9gRe;G0z`LlW=th2R$)B5w_f(cGWrb=;fEqLSdV<h<g1+
zUD!8Z9)F!Ll_UQEt3t!mwNi_gh)zjvWHk2{XBTmTojlmaN8&qGq>&|1@wnU9An{sa
z!g(7kRaA^%jM72j>saOU0DZ@(2MT`*+BjO0@-ujtBQtmpgVdfeR-&}HnSNNCY3R+x
zZ$o1oKzVU0`{Jf!6l?p*RDLzIaFJgVF_tO4k%=CWHU{|s`g2y|(&PRh&PVr+Nj|fu
z+h;G5KU&AU@uV<=vuONlWloej8M)M-Q=yK{P;iRA^sg<n1NV}suROc)oz&#{A>aMc
zS#N!+-jYcOr@nG%b>g-fpx)=CTzH1U45<0|!LAnPS+|6r-l#d~4oy%RY?E_5@-up8
z6+AjTYDdU3>x#wVI~pnouO_!7r}q%Mlih{|R+eo_Va6i|&{snan-c#354J^4wpbtx
zAE@bBI?b9YF-J9RrAcu6rgoFpCb~NfIxBE6nEWc#P%M9W2&t7Z(SiJHHzv&#Y)TFX
zQhNhWEPIaKyVO9D?V504Mmk`1sVG);^3ORK=~=Srwzo~@0MN_YNX`%c0A8=>o_3#V
zcHxZU81<!VjLd2E8x_RpE}<XC7{d>!t9F`&z2H7nfHpY?gH|w4IV0$JsuwzSywYXC
zNrxfO;L_AIFP9^!9>d<6#ABfR>nF^=u|G14sC`Ec2h+VzZ+`{Y0yhE2RBp6fb}YDT
za7NO48m}YmIPXr8$m1FOD!a2W0QU5v;<1saD2nUOQS!0*y^UJ7eaJZ<l``@#HAv$f
zI@VCTYZutr+v`KKE-uGL94<&a(;3I8=CTH@3n<Kk^Qhldgn^d_=qRw;H5zPlpRGdk
z@z=iu)>N9Z0rH1`psH_ub2EIYv>#ryXe*l!ak%61=Avh0ZO64ziJx!GaNUhqR%~H_
zD~<@QBGD4NECwWSc=n|Z>JLLuE>!%#FdSl@+>8#DT*!`6b)VPpr*0>l{W+?tK3wyh
z)3;%GJ$lh_u`3bK^PbfhAn-o-tu>sL3(vhUGhhH$iY^u$+rPrJ?5=|*3BesjWR_()
zBQ%RMEAK#a{OV+`R9%jlrVhBt$@HcfLe_j2VZxr6sTx3IVm|k3$(tfOo2QYsN69_$
zO<gutUG7eCMUFnw3jlHJT?q<Pj`by+v)VEo^HCUa$se6`Q^XHJ`PO`}k4({Uv69f9
z+zO1udVf09Xt=11VDXAB7BgNTM>UsuqeF5F6x!e3TIh^f_NEv|Vb+?HPUx2e)tSUi
z;rY{;$Z_w%tm$m$fZ|Bmexkh*t;bAts&iU~7{>2oTSmL;VJtf6a6l2-lX1;;@@X(Q
zB*q80s*-3io>hqUBDGcH)XCxGwmHq*Qma<O=raER2~$wEiE<D6zt*i)i|S_SOR-0F
z8LOv9yX_hL>8+(+FZ{A<eDUrtXD-ED`_Y<n+s_x@iH1F@9pk-HXqK8D$Bb6jh2q_R
zB**v@1M#dK*{;9Bw)-raVmXz#`U=jov<;{$%^fsQM&t%WZ(Yk%{{Us#O4w^yNk8lg
zAybfZ(yuDy<n}eg%+|-C;+af%b4rtgXrJ&Lia+5H(x3iWN~HQqYi1B}-=AuoG0u8b
zs<T~4bfEei@BASeVdOQ({rsZ3VVr%_MOU|}+@E6($Bn5_;~;W9DGoT`b?PX|<EOtg
z1<I8TpH6GM^92NKAOVBeP#BZxj+7koKe|6UMJFG3k=lS1jDgSNN;8k8CO|m#rvb<R
z0A84d1O~=<BAfvyzu{4iJ@L>~i=Du7JK}&B893)FPG7uw5JfbxCq1!8Q`CV#2g*6m
z8SU6nj{S4ekGe%5<F6C|(sqr*^`|TPext1z#{lG1EOtmo`7{9ruM0?0Wd!kt<B?eh
zmc?{3V&c`~=OuD0pGEnyM@p77Og>TVNJ#8y3k*{Mpk#pJoxAd=!*NUc(QqXh1R8eW
zc<<Vy&!sB158gaexQTPva54GN2`mR3`qK%(z^8%1B;*RA6RFw&JoD>PES{WuRbAb>
zj`XF!EZ`b<6^kXw;Aa(PDRyHS+It?AO$f$&cBhBu1A&@gUYX+wyn&2z0Lc|Z-rDB?
zvHU7yCf<Moam7?N(A=whf;Sx*dQ>=eDM*r57ZC-4*C(hvR&3VZNdbWjI)g&_w)2!>
zhErOG-c3T$c762q^r^61#2^8jkxZ-dY0~vlr~U;|e`nl(aDHNt%CuFVuv~w0^%U`^
zTp!>A>cW62((_s$*w<hJRX{xnYLIC~NAE5oT>2c)24Eaku9qwin`^~Zh>WWqs%gom
z*)BZGmOnvOt**3-Hao0E!w<XWwg9HA-J1t=ic#rO>KCmZpA?csoCd+IbD~A0Cz*F7
zLT<>-mj3|0MMykDs9%8vxm#Oq;sx5c`t_)m-X(IwF30$s<eDcsaaLNfMl+VLL|e6q
zZvy#h#oPFtVN`!w=``zDtP==+W*;;6HIHVe0N~c-dD)zPmCY$OZy2O$Lopb~<yRGz
zhEMBRaq*ARu0}JAo(*Enkzt5H0S7&E*w6vS;gEkrQXmWnZha}maJ*EEgkw8co_ZRX
z5Wg=wO-6SQx(6MNIWxB%KN<jCrzD(l+!{jI;L+ukB#-{FsWt{sP6s@S0A~HHp|gX~
z)XM#s<Qj(<?Vm$PpsC}L*cx{N#sY%FBvFyqzr93~{X-g*VTN(fY6LrsV*}gXo(cSZ
zwHY`VJP}LV89z+W1mAlNkU608aC(mPz)JlMD*#5}*mNCe0mPC(=tptT(h<0kj2`3G
zkz`yB;Qo}P?LRh3o`iOw2#)~dbf(}jIc|TIO2B8+(E8MDHj)Uy??A={9R?42UY}22
zN=>R)>H1JN77O=@>48PA7ai}6`r?8Hc**Zm!(lv!J3{?UTU{j%Jjo76W#YAt9;CV%
z%CsZY%q@YmkItPOa!LNGHgCeWW3h#P>{%nbRiOzB&J<Sh!hbU|mM5|>(@mYe{?*5+
zs}bp{qYWb;YQH7LqyzVpDfZ20TzHno+l1#G>t#ZedVS_Dtw|T6vPC~Ef1OX{st=jM
zisLUlaxzvX89e~zvFFz{The@}<iX=Ca0OGV7^?|Vl(jt$eL}+5@5%`svsm|jGqbk@
zMh6}1j20L7hcn#l&t(4q8lEo?Ksk|F+ttp0O3GN3(9uxtUApna^O7LR^w=vdT~AiK
zB&sk6p>tbMY0;n?5CM-)D!{gk9v5%nSjxPavZWMpt@fE_^6#aRCUeF(Q~1`5Izlc9
zP<_uiu8Lb|q()gIQlxYvgH#_*p45|NC^7Z&WI12J_N-jnG*Lux*rI>{86A&mlv^r*
zK--f@mx%5nm0B5d%1Phod)2RI6*nrxdjM>4lj}}Z!2<@JvnQus^!=m^gZ}^lJ?OYt
zkyAP2r9T9y+yTc=T4Fl59aN6g{Bh1t(tsWaW4CwU!kAG{2P5#HkVj%YJt;CkIPLj<
zQ~;%2M;!WMo1Uyj52&RZahAv)s%XRYR#SmM5#g{K9{E~b=Kz8AIHzt?_r69Rl@l{7
zZX<X5LV=POQO-*JDX+c94hs8ssMwAe9A~vNJP-ilfF>tDdy|h!p>bmb_%4_u?#PD>
zKN_-GhCe@AM{wLS=e|d39G!bO)Bpd*H|OM#qR@t#FiOtmForO4K1PyLIV3i7oSZ{x
z&AHGFIm;pCd<co595Rs{k~xi>&%)>T{{H^*57)J8uJ`NpeBaOez8^*p18;iAY5lX(
zbdV_(`4l(v*fM_YWe49Q5160wytR+_A5!>cxbydT`;@4575>FfUgfX)#(P$%3EI-D
z2Nu#Wh||XB9OyTT?7Y6V0OuIHI(vAw24oI|GdoGr`{GTb-(?D5Hmxp7XWEbuNO|lk
zHI&$y;9M^-6MnUZ4C?>9Z3ff`oYAxgy@f62txOlPg{LFTFbLMM+MBP5=rW^M&u)bw
zI-ni-3zN#Yr5`evgS#~a9o5LH1nW}vFJb?D_SX$vm~lt!LH9eyY6TXFQ=A$u-rBi0
zy{k-&FQ3~%>?w-B9u&oyu(dcXZWMom0MRGeF=VMx$UL4a-A%gzi4QC~G;CBsAQQd3
zZf&KF3u<QSg(h(t`vyWUiB~`#&qeBMd&N@O+CqhAS@D_Dg<V+&BE);0g<c(a0i44(
zWx53OUC{v6gt`ydCi$@{MJ2^1Rplg^l|w6z+-T&Zt4OW%y51q{+EzVAR&^Zuj6F~t
z%42fk<t$l0ob-569d983PFxst^nwXPetcj7&JoA#laO3?LQEyI_V>l<O1?qiLWK&D
zxkqB5a__MhU5f%OZAL6)@W!@13Fj^P&02VmO+pe&<z-F?N7JKFQ9vKx$NxY-^k1Xy
zl#KS#ivL*O)vpbl9MYpqJ-Ty+q5zQNTvdt+hDer^U61(l9YiHGXRg-#&Ex6Lm1w6$
zb)h%rxYR~Ab!$MZre4OA=M7%vS&oESH^c=C)iUWI-k~wzK|1>FXZSA=VwJF4+Ag(z
zA}O&+_z{UG0rh?UD@W#951^>GQ9{yIagrt>Gn<AisFkrwRf{JLOgR~$=E)<ji36>c
z6o?ip5u+v;B)*`T4d%j7L<l*q#t`oANN7~c3<I*{c+g90W%@Ov=p2r2#LS35dVV29
z82VZc;n~g5J^z7rhpvQj_-j@$5`>;EM*SiXQV>GqG$mH?QaZ&R<iJrfC~D#67L5sI
zmrZLI$aPQerL}^XggOg#aoJH6t&x#z*?wk&r&T4$&><$9ttaC>wA6LG`tOIfiBYk>
z8Q|ga_CIctlTkx1nWfp^zl`tl?-a-*NW)Z*QvScxC`EpSWl*X@D?O99C9q#cv|rs1
zOBg|I|4zW{E@ZigBGvv47a8=f_Un^#FA&q_y#tFeVmHWX^9aWuY_6o7_9Kgr<ji91
z`Aau|YIgF4`qZD+ccN(ORzRhRPz{wqs*d|={gVx^<+y)m*e2|n6Y?YuM}m-ElUuy8
zpl+-|z`3u%CJT>ZS)m`Z((Y=hXIhwX<yxWS^R%@~=6@B}Sqfg57#ez8$Mx_6z0hTf
z=}jW0yCkEMs`7M`eixkRhl16rVHqowjge8t`Q*^js9)bYAx`A9sKun?$ei4MUjtr?
zoGiuPD+zc0WP;BKfmfoY8<&+CJ*06L{=W8U&b)K8_1=dMb%+#OIT`h0t%K3>KwIvw
zZ~?kSHiIY2!E=K)y`xdCiXBC(o{XCQS{PgY+miNoqrXDiL?J@EVsG9X-SBmhndDyg
z_sy#$U*@%*Y?B+Ad?!#hDkj5fGF#)4Nb=W+t2pbeY}6fLn4}Xks1^oSQg~(q5jrfT
z#?tCR)M(BYa;W9Eki#g@eyQ~5cjvg<?9(q-f<=x3i(Hu^LzX<uaO7fj3x*CAz+{pL
zbmp;YWS@B5I(&UNl5<mAZ8I4a$HJ_Nn@+3L(}F=`rE*=gV+Osc%Ce&F{JXg<bBjOs
z^F5%4NVqT)Ic&*><~bjl0FvXU<w5Bk<0#w3-_?0ZJkjGjSKl0~A5j_FooxAUtZL0X
z2-zz;5Scf@{vz`$n|?VmV~+fj#yy;qq`zHqhIL(HG2hJS`G}j@RX^}DXs5^*HZQfa
zpJysS5$;Qi>=epI>dNr)nV}C~Q-`y@U6fl*lxjR(Rq%OPSEn?l5(NE%e{-+@$)I3;
zukW#lwXWE%TW?K`;=|_aSf9-M>pV6!=z_<Fa_jpadv`0byYKU(4y^)@rl{zu$B*Tk
z$ZVBARn30Rr<5v}E*m9%(F~E`vj}tP9)ZY++OqH4|5)lh>r?!XB5Lia@HKOAea+2#
z*I`ER+Oubp+@-_6gJ;=3RIjqUuWYdn4May>!-TPbN>*z;V08ZD#&@4PcsV$1<i2Rc
zRp%xXSIh1}2Srd37mQDP<skjnQ-t>$Dx)4VR0+>nzJg$MU6u{jymFJ%9~Txx1YUy#
zFx0r#gD@Jt6?SGUtRVMVO%WNUfW@nMAIfjNkD5TNT9!Gj_V)bsm@L3=jz0AX_d#x>
z1I4Uupb_jo!<V7pWjGsSp@i$C`?6=`<hd_G+^tM6vl+r6md|?HRVc2;)-w{Ku4G*X
z5%Toqj5_0sGhq$o>mR1==Cs6f&H=T%7G(YJZQXTx+R<99nz16*9sC`d$+-`WE>)wa
zEm;g+mz&7^KEXF8g>Q7@@fMSIoq^3_DD=OA0AZb9B`vmfnmA<{a*64HMttj)$=0E;
z$)iBA$S(}G2*xCQLIv}jGR#Z!n`%CXjK*y73@$}ab)UE0Dm7%zPjx#XJ?Bbr50YXZ
z^C<{~OVWiTwt%6}c)=pQ|B8#vRH<@>@qYT@Y(@31L?r!BGY@G$m(_>%C}7729!WU;
zOZ#DpMYjhc)dU}%Ll1;!&{5pi?)Zb7txS|Q#)S@w&j-d3V!Abtc7#m(uzyE5Uhp#=
z1@$WjJvpA9^3u~H(OiYYCFK}S{t)(|l6N`@bHZ<+q14OQ5#E3;1gWRYby6Bj#Dw&g
z@_$wqQYpC>CB`JjvV&wR-5!u1#B1ZCLrNd;ex95l!9sd8W1CL>4=Vp8*D1NC{;TRT
z9aP8Qt$cYcI6sIuA@RckSNPXtLdj{<GHPL}f{~qAANj}9yO2Xa;A=FwU32}suFTg-
zL@sNML<l<z@Ee5onfWtE)^EAZaFj(YNNDH~vkkkYXxboz2#>pdZX5<hFL_OXcaZQX
zrCrhO;f#bo%8O9?3d0;%$PS-opC2nEpi6H+ACeABHJOEN#rPvthk9eESw5#Scgd96
zTWgowOyU*RE<%RAg-0_N*7+e+gB!%KPc@%qFu@vc(<#nSw2Gy5Q6hG+>WTGRwE9Mv
zXZa_mzg((&1wV)7u6^K`$nSf<r0@08y`>)EHjQi=eIwN^*X~}QSGJ-mM=G+z6NU;p
zzMyN_9?X!G_wV2=wsWRrIq7B!m`Uj;sRs$=d&6HM0;J$jR&(ob8D1}gZ`zrR(N?Cb
zD41d<o^^+wCjZY4#mAg_x^@XOB^)msJzpveBs&P1z|SoH2LgP0j$ACJ8nvF%I$Uk(
zS6^h~jN7OB^*%TS7W=Y7=^(l7=~ULz!TH<G)w5~mB*3zR6;}q}Cr86d^1!==>*O#k
zAqbBEsvSM}u10D~dN34#*g-~I+`Kz06fftMgk)BY7BlA9?(a6KP@uCj`QOgoJD^WZ
zpZANs<2WN9pvDkQTWu|gl2`&mm^_O6E0J*q|1iM^02+TsB?``v3usmShAJ*NLbz2<
zXHp2ne;KZIxSi~nH^;?_<BH%hL3TK}wpHk<M&(o(5P_&BdkZbW$$5x)a!~BAzBxI}
zk;0<FkP*)ShUypd=Hh+^0Z8_Fe$a&>YCH<t4^plw(X<C6b_<avdbnwVJCiUD#V*G!
z&<<Vd5r<uuCkUccBMjy13B(#u3u7em`HCS}1+vK6Di(a$Fqm5a+LA-4h(*fv%1$;Q
z4NBLj-`@MkS;f)nE3^X9&DXh9R&D&MJS76J1O{|n$r!OPw~!sNuoz+>*8JV+msbbi
z@xlOV>7|<Z*wqZd*8m6yq`7iPO*^#~GFa_bzX;jeFFUv3#9FJOB0zz)c@a2Lf!1yF
zbVkTfBt}i&9x+AUX@J#3;Q%3br|ewEw!_|x<qH9E3k1jsZ)FbNzK|q8S|JU4)=QjZ
zKPNl$;7Os1z*i+N?7lwIi!H5$X=|$AcpuxdSZgmD?k9h&;LGH;vs+S6JEC4%P>)$L
znXOiB6ffm3O>x)jNsd!lv9{YIa@jSk*k1p;CO!C?Nq3_0FI=gjWH@N(2Q?rc(#tut
z4O4e-plnx8Bd$I!f6>ViL;SIbJMg{tGUz0#z@+hI6ynG>&m-K`V=vAhE|JK5$7!<*
z;{p>-5Pu+kqu^4Oam8`C!}l!~>#;cduiT+|a)m$T?cL`y0))DokbT_ZRrp8hJ_1lJ
z2d6lQ;JlJi!qiL?!T2nTErhU8xD~e+%$Qeha9x}_r>tszGOiLDhzw89D_$PDU)inU
zkiQNK;H9o9HDCCkG>ctdMK^L27K!9^w|w{aGytd2lFOT7>IhGfXWE|JG}vYUtyqAQ
zV}OGybM90u>ZP4bFid>6)CNUKB~M!W$%J&P;S4Vi%|>19*gfIoV2V_RdVwgBA-jrV
ze{TYv^0F~f7_fb!n!agT5VEX$bqWvULiw06fUX5nG?=Jgr%jW&PT2sd6U9sEp-t49
z<|xTnH$rhEW(>TN7*=HInM2c!;Zhg5sitVpyHH)m3*RPcb}0h=M#52qfF)p6f+Ymf
z*A1UtN_RzF)DoVSqUfNz4iBq|_z@R980!`i-p9-RdR{2LkU>BpMct?obTk^YXJqj{
z<e_Ua!KS#!gx?#P=&B>eFM~vuPTIhwV_n`g!Z=Si-@Pw4e5-(Z%JrF)$yh3u-n~1s
z3TwT@Kira}$G@XddqJOKB2Thv{tpzVOTpfbE>6q>D&aGp*)m3I9qkq_;iJ`NEVI;K
z_5?8=jyUWK<hpKwXl+2EI`ua|4O@vJ9Bmq!!txkvMFhiLJ396inwxx%Wwl^+NR@o?
zdUgMG6eVttDU|AmH5S<g=p7$%gW@A*jNOPUpBf7<<Nf4~SGqNYMqEdu&T~|$hzjlO
zI^k&>C3<Mu*1Cys5E%_%EiUk_l4#XM0VXUV9V|)mH-~c?G<|B?O{{3F<nB1LU{Qj9
zabzdCW;pf(tEtft^W|nX>5*4D3-DPhHM<DG!Z%-q_`}L>TJvL&6#RIn6fLNZ6L$4g
z&!6~`yy%Akt>2UlnpkX*l!z}@#V|thpy7kjOy0@|Oq83RW`Ej_fG68Z{+?ZmwB=xY
z4WQARpXgqF@ly?(*uG!n(+N@H-Zz$myJpD@^;G6h7aZR4Q^hARDahQ2Luj19|J_AW
zo(Or#;TeLsCjE2OxU7Iecr)2M&d;G?jd@X!IoD5I9vtOdoi&R|#$t9d*cj^7$a6BF
zXf5-OK@oFmUOPZZ<(PTd<%hJb)%)3Po2A1O$$@4z)*J8Wp+K9g-eek3bjB3ERcb+m
zeY8ql1!`pIhg8JM0M(Mj-O~1~Kt!nJpH+1-#}4CG?&EGYP}aQ$O;fyuoF7K_%1atD
zWJf`@ptR28$Jp;$mDl9yafNJ_U<I({->vrXy4NE9M3bDTQsyn6vzUqtiR=EFFHQJ`
zo+i2)d8q%m5*e_g02Z5f9*Z&ZlP6(UtzX9E-gpeZe`g{YT_0}A-1w|}y47lkIR+4E
zl(=Ie?*#3Z#*N+k+Jj^(l6$WLi9+!`=V;((9ojUKWhf|N6)wE%X3PIza7ouTWqfGu
zSqyQiOExKrFcXz!+&CAs%X`fHW|3Lz)PGC8ZZQ@RP{0=l@AoCYhN_J;&^W>~mm&lo
zxzXB2Qw6|?Qz7J$)p@P6(4W7iS^;6{L;G&Wps%5ECX#h%Czsttrq~CqQL}y{I>j)Z
zv2?{IL0ZFmbJ?><Gyo1*`lgmV1k6`|j1gQ)Z@cw$<zM5j^*kF86$t#-<Sjx%H!cAa
zT}dhO`QvM)@e5zi91hWbc>QP{dh%FhkFVllil`<6u|H$|FHD+E1Mt8vqbf6oe8V`d
zJxiFdRJxYgt(_I(uFW@+w-POdb+HzfjIujwsr&k9yPrSV#OmVQk0$nCJP;#N?awmN
z_8x^zF@47$S`P>DetkHy>e!WE_s_d07|#gR+I|xSOs!7|i;0FT_qezP3I~GKT}q#0
z`;pgHj)s`u`^mw_>BQZ8ZczA>4ibKdnJjxu@57q202(rQb-Lu%GA<^kyByv-Sg&ra
zd$rJpR%H)riWetr+vrPz)U6Rj3=+A#^jCGWpW$3oPK%}_Tv>Q6aUcP-*)ee~1n2~1
zB4H_uM!g_La&}{(z<>$2u;I?2h_!$Zw^p|rH4eWAfsRD3(sI1alQ6-@9^iJ4u+Sk^
z%O1ecz_hzaPGdOh-z{<O)2Fmk+oPZ&;pX<a?Jmhx<a3R*c44*F#6{ypPXK87&w_l}
z6R}s&yExyYxtIV7GDEWh=ucJOjeqXRS(cF`$ecgjm;<%Tng9x!3!>F|US6N!88p|2
zf@mwlX}RO%PJmTllb<Y^O5sB|jh=UBoP&{1BtI1uINZ$R-DtmK97CwWTF6VkiiEdY
z@c+8+<=|eS#wctE@_-D-Dy+eAC^p_Kj03?vc{(*fY|Vqg2!ucJ#3k>Pyx2Bqp*CFP
z`@B;e(x;hG7Mu9zHqoP@{I2rZ$#8|lE3S$5mAqW03Nz!(#E==w1!tEpj~eS-=b>KO
zUBy<*rN{K@$Y*ye;UbHo+o@R|M)f4($YiAI?y8}QY5+q9iwQQT(C*4MI^2AeZ2Iac
zxy>=n6*L#HZYC?&;IKJl;r(DrZs4)rs&lMgfBT+L?Mjx?3$C2Uf=mL8rKg{E`-3kT
zq5oXE-lkrh_(1pszwXz(0TK<hMcS>n7NuRU?7q$}o6ZR3gq1!1$`R9zD*eDl2R!bC
z#e>EZsk7Pa*HpZ}w*t*Tm7}J;dd#6VMM{fgRsX^>lLW#}si*AE#kpv!!@A_j<bI20
zs>Q~0zLs}+`wtztX)E`fp9MlyEd~4FtW%)f8JEJ(f2zOU_1gY9@Tw`L>?0-x2wMD$
zxeMSQ>imk6S1s;&Bs+Zm{%K6-__}6=Q*BXkZf{2N+TV_O{0Hu3Ne73Zi-fV@L2=EX
z3Oxf$ib>|q+u^mdOZ6yPkals^a1lI);C6wkz*gC3_i=1VjcSMJp&<2LE!^FELa7;C
zbDO9hzUWB)<NPY9My(h|7T~y!j3ypb?+VpqiujpKVu^1fuYr_guxpxyNc0~Akv&8S
zsxOXz5m^5>6J_-Dy@wfW68T{u?!Gs*@vwPcFS7$jJ*&+GAX-#}+F6zWzli(O5aFel
z2*b?ncQIkfw6+TUmfWxIla^o#Pywuhps$+T>0Qj*+1)Q>b~El=U?dT1`6DEa8xD;@
z1~mb*SsL11@iSi9p}PRH7pWQul$m^BX>Z?SA?n@oF$n>Uc<0g*^9nfQI`@~t;Loz%
zY}&CgKX;g@hxC!7k?ZO|{&gY~D|nj0H8H?*@L=8{R1j6boxJ_mOUZi!?0s4z6Cf~k
zm;g#j!KG82Y?5T1<9<z^a9W3Hv)$!}yKvufpl#+UK2j2a0^jM^?(kZN4}YcJj<e~R
z=+n@BT5~+>S!tX!*^~lHKdaTHh-{Io6o3mloXY59a`(5QQoDX$QHa~3W;&xlha-+W
zxvg)$z6LjR62gSZb}6I|c!FBC>xE76%8;4TxqzL*o*RT@G>)Dm0oJ2#y9>V*o8>kV
z>Q3Td99c*e7aq)VLZ9&o-+*?ZL5x+78S7^LzuNszJUfW1oq!$0t>-TSI*2owyiANQ
z<~yIH&sgPpyWVpk`0b1#x*Ov9z16e4{F1<6Jzh6S$kg$WckRsK-DvsxS_XbhA2!bX
za6}iZ?uQ;2Ej`tq5pF%jTRjM3ObUC`3VP^3|K79Up?r5h^EnU!U-D{f&iWSn=^4|Y
zyq?DWFM$=war`rz1D=FSBSKy1{)^DQ>KdGg{{w#{J1IerU;H?WXe=YuQb&ATu&gIn
z9-huU;dqhfch|g9Ft$&aQp<QFpyQW`D&Re_(}#p6_{hEa9>ZO=TW~!Ld9nniEZn2b
zdxy=dTgZqqL?{X`Dhz1RQpaGWfP=MXm*V?5i2?-3rIz7^c%Bp_Tz)+VJ534}%5Q{v
z={sktbklb8RrtF(RWLM8;MT1v#5=_hN8+x=koA#%%nEs{!z9yO^}YN+(_-&o0RbES
z8LAAP$3}jcQ}K0>PGSYa6@GQsLMcoz0!oBWs6i4QF_38^X0kd6Sm_bF4Ns3uXVreZ
zJpe9CUe%Hs+FeKST{cNMqy9B$YcO}-^bcB^3^@y|-hm63Pz9v>Dz*@|`Pg3_O+3-e
zB7%i>T9%EbdaPH|h+&)7#$_y1OmQr$iA~{eV{i)Mmt>tI7T@|6MZFS`V^1pANWXB)
z>Y;q1nU__vgO45;fP-A0rH{3OES+oCV4ldfrz76Qo=$A-Jrt223tGP!SIi8m^{=xa
zIThag1Z*}owj3=Wy>KT^>F@0pK=63$+f!bPh+i;1N&BFO>U(@On61#I2iI@e{7SDo
zM<F9Q5%vlM_9~%T&s*kmGZAud<8PQXPdE0A<?ec-(AhAfYtP<HXv;t3Ig9Sv9AGtk
zqNiwP1tteWe%Ov(4g31w!oX?6=hFba+wY1*Cnt5h;>&cu+Voy~EBm;$|G9L2RM5Aj
z7t8(D6AmF~?n<d#TV0U(_4d7SSNY>6362jDg9Zbp^XA5(SVU(};D4ZiVBRmD_wE^A
z(e!HD8aoZSyL)VG5n6KbBD(zhbN=5llRu2u+a7r<9TFM`QC^b9+RD--$h=GRltS?N
zQb);=Adzj-siMN@J8|F7B?j)I;<D#IO}&ewlVg7=jG{tLYj)Ka6@5E}ct@WYh##q6
zl?p(FK1XQn>{i_yI=$q1(WA=0B2;9V3b{G+wkGyW&-2+U+?EuPguBnxn}g>vfwmvP
zSDJ;s_6M*p^(a+O`M2b47tKY-DW;2~Y_Qrm2`lWgA$Huro#QX{w0p80mF4rVR8G=D
zcr`g|_k>ky632@MxA-1}3oQTc3Vqo2LYVGIdLTg0O8r*%4?bD`Ks=h8FT%R$+0m3<
z$m?UNYy<4+n@5zQ^^M#onm<r|lXmsTXX1CNbgr`vU<WId)f%P}4K*r^?%yp5={&gU
zkeD7V-f?;+ez(kWDXTT-XjN(6cI@kQO~YLn>`I5iyX!fhald0MHoh;}cbk@}XH6de
zGvz>Ztk}lPxe9AJ#%qpO#!b8kE~M-a34UwX*n5o-yD2x7s2va6QcUeM@b1rl@nY%@
z?YY3epKt5$epc2Zetl=__-!IBr;{Zi(N&|HJe`AE+#Z~67s39@9#qi;o*4ar0VJoi
z{`~5_c(TeTC)R*s>A?M7dNNucgFCQHE32|>U&(Sp$Wj~x&rFcDXrv)F03nGZ(==m2
zYNCEB0_%D+Tx&XlzI6snn|jz3l?8whul`D{ROcLu6%?RA3RwM>MArA+{uK%Bqb&@C
zc{Z#J3LH^WIUC&YWQj>YH~~E+op141DK)Q`;+iI>^UUKHg<};VKC}`Aunu4$NqpKn
zpf5B+s5r@n_jIF*m)+iU5cM=A)4J~)yO|FRkHonSQ*nA;dYa^&z@mp~IffvtLT14r
zQeqW#HcQU)e?R&qgleMGHm4&wX43+S672(ZK?w46&B39QYLq!w<8he>-aQMDS{axG
zkjr;i&cEADDQ7^fSY>3)-j<=Sb|LX82+F)U2TgpV6gGcmr>vn|l!$^M`VETg6<2p;
zZrVC&vX`$?9NQ`aG&pL0V->&O-}T}%1;SG+R=wj6C3;)v9i$*rf^a&DpS=MZ>v3Ku
zh?ZC(H>xSg>zL0=Kec7rbdYoR6Juf|5riaBoe26Q#9B91m}XI)pSWV~_ub7c5y<B|
zs)kAO_jaFQDX_qGV|6Lcf6xz^qSoLvffXa}0U6m<Qy2j}oRw6rCIE5I@|os_gj%p@
zeklNX9{V4+dZoqoxlb<brS>i|Z7mF**OQ4b;glKgyRi5rW9f_YySq$6H5~3K^1H=u
zz16YEkFisO^IbMBD5g@Cl`el>c`E7Xhk>_soY|jdAV=S^!wB;PH_-?#88cPljZ2b$
z->ct<w@_pJX~oq@Po21$%Z8VC+CA|M-`KxDN`NGBojH-brHlAXBc`=Kq@^ygV2QON
z$sclKdb+X0+5EcqzW7l3LUJeJOrl120@W=*0sMVQvSUKE7u<FsKv@>0&LgPouZ!wK
zQqtSv{{2>@1Ot&`+I%pZEno*&d1(N&&g$<AI<Zrc=NDSUIZjj1Nw3ef`*#ykjot6b
zH!QU%%ourBEgm<-gI>C`_z59?L_HTjk6_wFWAq(js6<`KykGoSVlIiw_oA;)4c8Ak
z+sK0I%h4GvWE7R9K-pH&Isxlr#k?`=J|b>pI7h0pclr!@q_QxQI~|bFoO(`$!eY^t
zQ*RK$_Ac_$3b)ddAq^Je9Z-7pk|D`J%xagh)mt<k2|khd^(}~J>!0;M1N$-YbcYKr
zpcs*(fMOMk24UG%iec2$2OIS#t-*zM_wysik2z6)jUs-`FlZLa%pDhBj+{;FQDYGw
zqTcqM+XWHfk-aS7shs^~WXsH)Ykh@X@7b|JZ5l~=s$2h`SX6TQVekqajS%stRcJC{
zOdaE5wl?$~Pf9`5t>j%g$-Fy+rY>yA_E-OKFJAznT&=)iGXrs-G$%LGG}0oW4TJV7
zLI+D8;5z_o;4j`XW-~=jSAl^INScZLi9FN32(e%=a?jY%+RgRp)~_=1gSP}QVb={7
za6JNpkRhg-`A%7(gM#sBOfa%cu9F`DtLELHP&Hr5T>5G&;CDBtFSFWKDmsuDoxLBW
za@cH!IrifY_h7gRL$UxL++5u`YO)a+o4NnkuqSu$59%1qySWYp@Pdg)Pm)x^kjE`2
zOLx;W{~TCcJGvfyxu@khxAE_QPjR*EGVMtHHv2eqij`Y3W8U)1;bhyZQjxOJ$cREc
zv-3e9?)v+ExuKU|Xd4qEOBQ?6HV=eGs(%*{uV!;x;Qo_JIN`?I3W|10Fy@L^NNX|G
z_f0jf7-|i$gr{{2&{qzJ`Dc;A6cyghL5B<G(zc(FrF~kO%JwMDn3NEv%~T!z#Mzz`
z&s?|de!~`j0bzSkVo>oSs&`4A=w*@j4{WZaub!xbW@P+?3AIeXZq1N(ko4Sbs<5Gh
z4`fjR%wwKZ5IeYEBB_5Mm>CIsMELjp{gdY4E|5*%Vsgxp8IGR3YMExk4`Ut93%nEJ
zc}Xa3*w<O<6-}Fk-Xq*O9g9LaWCJKJmX=-(i*WH;MZ%WM^u!~NKXdy-eb%#eBL)>T
zy=kIrs%D5OZz&ct&cp&ch%7EQSfh+kGl#ET%eL09;%o8H@^O{i3gzHIcP@Cd2S-`C
zf$l=R2u=MpAv_nP68~sr6&+>oWQyuP;#qc>Z<G8XS|<k#7rqLe-$)R*SL%#bVn1eo
ze?V>{R{3e$<srp&)Ak0}n!@w3?Ik&88853>pPRY?7AO}*AL+GBzu_*A_{PJm5@c7|
zcJ12ze^en&$+rgL*9|m^h{su=k2g-f#Q6LNx)IS7!|-kq>8WM`tO(3|S8f}a#0uJ3
z^SWhSet)%}B;=n#=~GdB&rW3DnQ?i;+|+S#Xi8&~f=`MeY=m`%{3yfq?08zvJ-^V=
zkX_yvo-<srq<ZUDWxcQS&7*qn=9^~u6*>ekDW}5wz+(R|`D$JAV9&T^au1W$@W(7u
zm$G|WwT-Lzu)@~ZG_$+i&(BN$K&e_)+~oI8o*<_)*`B@5-luOQ=-TVJjNX`lY=w?+
zUegu*xo-UnJEri4p#x`hbKRP=ebC;s(IKF;;jjJ8b>r>Ohb4+VyCqpmxPDVv1Ho`#
zB-U7t5Kx{UvTmdt1NFpR+4^YJ*RW~;=Sg2ok+&1uCKqMj_?>YKnE^>GX!Z490ctCA
z@KREPLPZI-(9G>o`J9bHMsZED+Av541*>u$&90e=LBB_EMomm-55*AKiU@10?{|wU
zRow|g43!{YY=KppI@XkNJ9dt>!n?tAI<UxKYzu!%ZRp?x&>sb`6gGhY(@}z}?@kf8
zhrjzwes&Ajr?i4OKRo#iFEy2%0r_WkrG2}d;#(*^jnNeL^4cB<qbM9Rc4LzhKt^#Z
z^qnqS75znV$U^axm;tbPOuvrI3|eDj1;yhicFTmdf9S}nI%$|~KxuWNOGEvu07^@x
zU%Nrx2f{F&#zFCC`<t5@L)2B~dlykSl_E{6O`7=H^T2_yU;bH%#1pghNG|Ssf;~La
zmA9cFUxCfR+yIyYIKnaT9DHg8!oLWt%bUjL*n<BNi-3ADBbQMg47!?1*sL6p&BXse
z_fYZkKx@e6(Y7%gPWBKbRz$xjqibvVs?;H}#aaZmJig+XJoD!MK?(~b^Pwx1%Fr^7
z->tg8;da^o5i{koz<(flyTLySg_}?<g1+ECuD9=uCL;M&2A%D%gH6H^3?+t<b<?Nm
zUqu6NMRMi~O#*NLu3!jz;OBfGIVS0$%`MbeKJK<62D)(+R2n}?fhk%Ep}gG@r9+!1
zUV0`1q12%be*Yz$S?O|c@g;TIXwn5%5KS`<Zy`3TViq#U$FDvINdIh*?Nk$5HQcqi
zRAnv|EfWm#=@RL1L=VoR&mixlt|WMAInVrWsu_++(eSnR)KroIW+0m@LzQ>%JikiO
zuXzL*uP`yLWR+ec_;L0G%I++A&0#ZW6Ric5z-7;WCc*5ct@o&tFZlg__VbGiO!UCA
zDtUJWSnD3;OU0z%1`#FKYU`6X`s9}prI^1kZcmsb3UD#dv<?0P2}$mZ8p*i;w=Pe=
zS$g5iNH<C)q7>_dep8nmbzpJnAuNi5uk@ACaJ%|$aygMbnX>`Iy5D$e)p*BY_&j4L
zfj!}t1!Cq1Z~Z9b+g}a34dh&i&=>rV_O{P{Y;=PqW=A~0O!#@~KOe|QN?um|@$n++
zP!BtuCkyX^2`|>NvB2VIWL)4Tm#dhBT9>u}r=|`Mfw<G?qT$Dl7?6C*N-Uu9cL^|Y
z6_B5PC;o)samJRB@&kXeK&gZc95J64!;LsTvb65#ya|Jt`I$mhH$n<zCk}QUbLNI0
ze8355ov!L(*hF#5ZGTKuXh{46&&Xyf;$I__tqaby10#cXOS(fKa*GE|3C;rQ*wvhQ
z)CKpm1fGO@Q)8Qa_wKwpD;B(j?Kv7rpp|HvYcuHLNNbwu@b*LzhJxcxKCU&~#GzG&
z-<vuRr|g*;M#6%e3KLbCxtA4AZd|npn}>jNbj%}N#l@wl#fCauFSfSgw|U(ek@D@L
z79ml0a~VrIX33L8Ijv=GFBbu7@{W`t8w{2_8JJ5BSqoN(^uaX)w&sc}FM32`X%LPf
zw%#SSRVpur)skXvETY1Ee*xO+0iIhkry_a^){`T{xD6lDQZy5?37g$vClcV!g+Vjy
zklC4z4*Ji%BJwy5dIG=0aXb#%fz@6i+HuiRRMsR>6HSSIZy#6eN3xDVJ;81&ULewO
z{=((>Dy;GNq|;FhDv2j4gs~VO$Zdt7<>l(|gIe}ZFPQ)B*%dA+y}M6J-ez|f*;3(+
zLs>;@sW@p0#y#?=yzn*oqAt=;g)fAPS<C_Ehp-LwUakj4>9q~%u4WF9>G%pag)K#N
zzmn=%yC!?yB_klg@qYn~TEmz5jJ4K{H3{?DrsurFsFPuw#tDr)oF~(ohB6UHKfrNY
zUo-0OX=_FiMa}<)QfHd$n;xD?PYZb2;CuiKLFtP^KNUqJF)A#{@%N_G7P7z;M&yQv
zfGjO5T+2ZyLa?$brd`ueaG9-R@&LA3lp1<w+{egF$ck1c-!IRIfbp;VOehvBDSnpU
zyNg`@IEYi8e!{JFSMMqLh`+DKrkjvTIR`Y0niRe3E#XSeJH}gUO5ny6)?dl^q4;V%
zbpQXR=JKo**OX5}!kKi`Nk8mr)$XX=Y;1B4DYNjZmrI?$1#<}7uSmJ=DmF3st4}YN
zB(Yy+`N#&N)RhGI*QQJ!vD+opt-Qz-^IfZA$W<<HTXscvtg$M5@t*XuP2uP+We_S~
z%o<3U1p-9E=X?F8V`9s=MN=R>e<_p0API)?Psz645=m8$^Rvpo4Se}{KFpwKkKWG<
zdYetnvG)nduaf|OCd{VR3eZvP+(`Iu%d7`CKsQw?rc}S@CJqD-EC>jFE~Q_L@X84V
zB1$>~p;^o9463%$S0f%k6|U@M-Ud}8dZE}~sUDmo?jzPkv3EAgO<h!nL+l1cXb08D
zCsIU;{R5W<9~7){-L%dX`d9jL<jlw$gF{?5-pV-riLB6<P3`ZA{`m0pvKGnn+J-Lm
zf;#G<t36K=o5_!!Q;W7A&pwF`+`e0vq8e30+XOnk^j&*OnK4Zx!&7~IhBC_)9c2-}
zzBheTC>7))910xS>_nekdh%`}xbniV?ts+Q#rC5cv+v{XzEkpfBaBb%cz1hhr5djH
zi!`<WqGEMUw&1fi_eP9e1<f+&mHI!M?6J@9zNfmD{u)rb-sh@0Vq^51tK~LV#H{0o
zf1Psm+gIPGJ)F*h^7s$KG~{qUI2pSo4f<pkM@zrXoP=M!m4*CCDF`{WzSpAoZi_2D
z<UdgO-D4@`Gy69Xfy%JW2hEr-i52%>IM%!=C__F<xzGNH7;Y>EG=fcBuyNiHPPhi^
z`@Z&i>V4a{;o4gli;juCJ}J6=O8O-WMdu+x=`V_ol{cd>26c7!?c95hBP)O3-r)Nt
zp;;3UkOc6O**1@|8n#=%r#0Gq`#c>cQAvLyRZtdbV*~rNR%6prKA0&i;dE0#)6$TY
z$sIOUtI#`$LY!X6vi>Efr;0OjA<X=VgU>+bV%E)Pd_XBkgW~8QYz#1VXom9C5Ek1C
z6-ZItKznt2YAT7i5Vg%!Fa+)p0eTN1Gy!qQFu3<Gx^UvSH1g>hgljxsQ>N#5N&F_s
ziF+U#0}_5F{0GfQ#!k9zn%Y``S0`OERD&2H|ACHx<@X0wvPRk$WPFi~zTyQRkIaxg
z=(1DC&=myo`EF6};}gsXbKhS1#O4H(6*~M0B+>rr^$#aAMOl8LJBN+DV7dlt%XUrX
z4ZE}!3!k&USz8}D9z+<7*qGMXeOU|M26b}xHT(x+ntB#sa0PZl;T8wiQ{26+raC{>
z%`U$mHpwl}Sxi%Wr^lz=blT05B)9PN!O7rDccbivnKEswUL9(t<7b@T3#sm}8&8qa
zk5P(}e!6}|!PW!Wp$|KJ9zT3Wev>Lt_OlBAK<`gGLIqY~)%3mQUHz0ILGHX#ikbV)
zJL~&ax1(ku78e|gOP^>^rL8Wj2>k$d>gTg)yS^-5SvGW~>l+-WTQCxMS#pGWrHk~t
zRbu6K%&#{&pG&mA|4QHlNp8SrGgK{OWv<x=t|8%(d#hT=kErMQkhx8h<mQJN*{s8)
z@xeNz=QHagoa59V4<@{Wr2LllJ4Y#RvfF0vA`WP@*?-K#VZ$y9sM*F#j}3f0dH#I}
z<Mwh-J99a{Rh?8hxtm`-fFI>pvV|qf$;gsMF3Tp9(>)_a19(3prNmy`(qajr43m-a
z#*5fRdY1$($NrVM2tR@{N{C5r7B=+g8AL1=3KxaU7I=i~0VhgFq9e&&VL&zXdx}ay
z->u#_5e8P?U0N=EEbFNs7Zn&nC?=X0(5(MvVvbArS?59QV4wms-vb5;f0*5l5f{p_
z$I{8OZ~yAyh;f9v5Psf~=r4y?!oobc*k)E4hu=Q*c1H69VV05e81SN^*R2Mkq<m*6
zmls^b0NbcFSn`h1V+Mees7PfOnmPpWdEN5MwDgqhB6wTvarTt=D#RN+=_Uy8eeCj|
zm;WtJH<s+=7j;d|F$^?%MGQw+qklE}TH08_|HOY|d1SCk1DwI8j-1vh{X}*p_8nMB
z3C8Ibw;4YK7t_(D7+p<~>eebcURG-QK$@Aua35GkipHAZP9`6|ZC9i+!bF0OM!1(`
zljNf%H|w)4pCqB*E%jl-<8o!+?Wn*KT%<@TZ0n<G5}+80w`-wT=Xuw)IckOwm*4oz
zVy(<&g7oA|N)&~6Mv1JYQQRt?5xPT9zFi;lvhAe^BWaUJl7U#clK+_?gB8|VN;=k!
z)i<nsV8vApxh~k23tK%vmcnDOzej{j3MhUMNK=n7a_*LG#IE!dF`)C}jgn+^wV$Wl
zk!5XQC}?+%QxQ0{Pm5-o21B)gXo~B%$LW)Ps)BXJ@D8S+L33-rLnaj`U367)685hL
zj|xHlL2$n|HoJnb+Yf(b64j>a{q$>%a0~ZuXj^x7<jYy9_D=XB@6f+X!ksI0n<Td<
zzpWLS@|~qo5)=*z{-;GUfqxoUr?Z3?WE<34=><<OQ)J29wZak(_1|LF$PEQdnJP>q
z{5j2Rg`79cn9x9$G?K`T=vI0Cv#~Ddzvx_Mb_j%+{cO%sPCq<U*eh*I!vzV3F3WwZ
zsC~^iw4-@~2l0IXtrB-O34we4GF5$d!bSFqW<YE!lddWSvIkD><VD_CBFabKDA{-_
zIi3~D4Y64574<_dfd=>eP>|U|JB|ApJExK_n8<P(X@B-Vw84)83Yg|%i25a0Q`LfT
zfW_+^-H1sj7Y^G{6mdGkAtwQ5dthPZCaAP7;K+>$r2@D;;t98*1z5$AZJFB~&Bh)G
z;aMNe_&(pjf10iWSw#rV=91T@C&RZM(B7+44O*k=KFXfr{G$H?%Ia;D_I2dNzp0{I
z<Z?>Ns4MSMZqRP5{m8j7HPsFFyF^7)Sf4?DoARi5@mR4d@jUvqxj$zTgnPv()yn8}
zK|UuuC*7O}Pa1h+t&h^EEyrx$U3LfL1orJo<NX}Q_d7+`@BLg<<QUr<3ZsLae_F#8
z?c5O2*SXgfy;JV;*G(@pfVGyGZE`H?B4-+IoP6(h{_5YKqcQ*dblF-buq+~g-yz7y
zSoU&?*Vy?@4mI4541l;Rt=^frmN~d@wrM4rWuWmdb=3&E#4z5>Cd;A4S~@p!6V|)`
zvwB}q*mwRm>g+^<qpF2FVef6^rR~Dibpu_HaJs--Vps{N|Ax4swg-58F~R6N>R1Ad
zv*_Thmn)aa3-aka91&|eVKh;Cb^0Xcf}twUzU}baf<x=CPgOEr;U*@!Uwu&!<!+W}
z*L>;m*a-|dvf94e>DPRX{gA)Y(tn+6dUDd6x&Rjn$4XqY!Y6K2o;5VpY0iRk*ns@n
zo>klx=3Z9*>Grg{_+aj`pJsMomTBDezv=g04`f7KCgvDUZ$)1L1yueD*7%56cKHvK
zH2b)P+jqaRIB3u+ah~tv<3Ih<L)?;m*Z%{BbkmMTyJby5PC~U~g1od3Di7=n>K}3y
z7nMJ7NAI!lGjT8`M03Op{s*e8uhI&&Xho@XxfBft)5vjYGgbaPsnz%k)WaWNcFWBE
z1Cgx1>=h)*^$ETwgn4~<SZwcP+>pHg68!<OZk~Y2J@d+4xJz#j*{=tmP2y&vmPS&S
zz#at)2~JNQWxu1cs{0huM5_n>>=uWuUFL_j(x24u&jgexFytfsP+ekcYHs`8xLe8Z
z;F5vKMwdI<&4P2!fcwscI$^wY%{v%twX4KH9ur7YBkRboTmQSqBb#vqY&Sd}^KTO9
zyHN)kOo0R19YWifjpFL*6>&=L8)}cD@~;}Rs*}TH`=z%BErAVzd4oJ$XmX2F<Z{SF
zySh8ca*KTfAHecDs9IzfD#5__xQamZa(x9p>{*E#vE&H3|C$7eN^n6BHMDEYU;&_7
z5wmG?P<`q)-ds%iea8w(kQ{6{74i(ziltje-PqkNkhi_nsPwD0AeZJHqq0LEZ8dkB
z4w44b6YV#D-hKzeL&i#fO}==6F48WLV?eFn8NDk<|FGRQ<vgJJkNP9|$PM6|*cWVp
zo_v{$I8WOxxZoTFpL{v?tGc@4t8ar+7+%otTQ=Jq2M^s^eXAv=f#-J{@CuXlz%ptO
zdS)4ZN80gbJ*Z(Zr$TQHJx-L3A?rz&WC*9nAMWzL^@ebePHX<M%2x(oy-a`E6;s$;
zKdrNGaGKubh3CpI%-MPOkY_JB#PVRQJQK4@IQN;f&*u7bSpeMu#b{Poq~5AYJlD<1
zw<Ne8v$_~tsc=$_mg~Z8)z?>7g1_hc5!v4(MD{8yjpE9M?J@ld76~q*!bTQu?!1vl
z7QlJM`^Bg@A;_kv%FuDA{rh*<?SL27-QgJQ&O+<wuTmb*{MhU_+t@`?@9Gd^j>f9H
ze+L-5nlJkrc-+$=V=dq`x|vk8?7BrXX!Xv=JQlT~uS8awp{XM-%Tu(t^)`R!Ulz}{
zE~>(8gru*D{K!a+0tKA<o3}xI(`XWOnznlEw!d4T7H@$wWVKxF;icx7cS(pR|E>Vu
z^{ys`x=--7bq<QF4_^S@bg%dH<k`hQ&Z}|TqtJ3l4E|wGGZ6=rqeBAv#WcL5dI}Vz
zF?zrnOuG_1ahQsl+ZQ^m3DAg6qA;M>;L{J$Oo1zA&9Q^5#D*30-6Y)Be!tpJ<r}PX
zcydOu@6k4W#cp%T_mwW&a?j7hCZ1(vnT|4+<XVL@Hi8IX+C;F#v}_akNL|Z+`u&7x
z*>1HFy11zkHlbGG_H)fwtmeJ@CD}55Y_lXHL)c%Mde*B^;kqfxW1hpDbzv=gxIpin
zH%7zPe%MWs^dAX58PDJVA?1%(Zd#6tblM#RQvAIzW5(YTtJe=t`3h%|CTj7g?e8&J
zVRaYjL$q%ZYwpyst@3u)C>umOI|~R{W|_n9>nNIL-XrbMtLFX#l}A|d^R7HLj@<Hf
zdUd8_=EIEgf1vw2mC0^QrA$P%{Zfd&$i!72);dJ~s}uc4-h`xEFQSoj!W##m_T4C`
zLj1$ahWoFfvR!)K1?F4zK&g;8ODs+%TI&d?0``*WU=)oAYQ2{=0o7tX{2_lfzI%EK
z8)NA_=^>Q@Uaa&yGez3ytfpsS1~8K<NZe>fXUQHN#fV{>qaDPXuNZQf$bn#2;&ssB
z*5D{g^+IY={17P-58{V5sPhcgicA8%cmteBQxTTEj?=V=i>8R>FbQZk;Ucri=;<1q
zYgofMe((>veFir&kIoMdw__E0o79drkHq+CJ_{1smHQJf9<yQ&@$Q)H3GP{zyms^K
zj9+~9Y5J|#BT+-#Ch(WNFd(eYDSJQaSZBA;`=Z9D|3Jf$k~uq`fjLc`A_2uIz{is%
z%hD}d9;xdJmqLVftVa~wy(1wQ+@uBn7TbWvgTJg^zUIl%#lMqHo?LxbeAG6}SSzO5
zbpCRix*$ldPtA4We~~Gsd0a=)#y9=R@B%zw4HXb^h3s2WH*#4o{$#lg*(Uk(K0POw
zAiIPQ=PdzsKsa_3%0L1pR!LYo+6@&$fvKMhHDdvDV2MSAkBdKrZ4PIZ0lU{KK*>P>
zHEUxD=A;LW6p^7mW%m>$_u=e2;}9m{m1_bkk$xWkKQG+n2w~P?P>nJDmoI)fRA}~n
z;g}vOS{|5A_{>v|*1`q)61D8h&WC0i*4R)Cr1N~e8$2(;K8!v&y~1qRdC}D6(Yay=
zQVu?-FaQ01g{!s{PTbzqC1m&PMC!I-dmzI*Z`N16gMMBDzD`ko!yL5SvYX{<^=qyO
z%`cCvQhxT=?JFLblU#Ch%<Jp<Ls-I?odyH0XKq)bq3K?EO{j<<A=8ImF3Q5TA#x(m
z68B!3Wzok!B76BydCM0Y(hshqcKG;n&%O*2jCe-~eYNmWTJiGpx$(=gNB-}4f9P5!
z<z7H>86CQY95z$qy@$DK+U!A&*xSF0S>9v?fYh>#j)t+f56l?0br~yefNt={Y!!Ba
z_!kJF7Kw$@YFQv>fbvtoyS9_9Q3EnRF4Y`Vyiw8e`Zb)%^*Uuss7BezKI@YZRb#?m
z`kICFv(4@x<-)*wAJ7yR$-;s&4<18g!+t=q(WVu5m{P)Ba0h~aN;NzkR-dX^zo=8X
zQR47SPbuIb6jixzS{paaM^pp@Z7Z>Vnw?&0gz$TEMX)c$*aiw_5ki_izTi=Y`|apG
z^|f@9>3UdDU>%#`S`px|02TS=byMDBHd{36b%j|9rUh%H`}(z{6^+S8O?v#<BtlVb
z3f!(}VW4xnK``^Ll`-3!(aKv9>;qBT39UTkeGf*|N0z-l2)?iRVp6kde$ymfB-gd;
zhJwZL`}2$@z%=lM3dZRwC4dfgO1tsY>PQ@QG+L&73KN_!00TtTo$~%$>coR1volcn
z1bK={T7YB2dJO7pO#6w%mDhPHyTvypx!_tor)girVX0K8q_XbvQ^MY=#f%ISx7YJi
z%c%C<T&Ax(eL2p?+h?4(^#7P}U|8_@p~fXH<Pun!hFFB^+hdaE&Kb+(!bonzoPB<5
z8r?}>Jq`z<4aMFDC<saDXHQuVZiG)|wt$P}EC+D^1_4fBJ3Sj{@L=l$Rb&gHQ6qEr
z9sOo6VNQr-IUnl-18s!->V7lAE(`tb4<TZ+))b`rkF4&?d~<h=kaZ9<@^g;rQIEQJ
zGj5Tcs%^^E99h0temic_=0UeW1doy3=M;KMMelvnLJO|%*^Nhn+Fu@|R$*5h>Xj9k
zI#ZtVX(ksuid9b?n)zpgN!3(vW1KV_o`1i{TC0}O^&d!mmy_bCSt$O?7KtUdjE4Bh
z0iu8M(1_7I22B%wdFiZR&ZENtjf1~>@S?v$IEv2SM^fLU8R3J)$dYX?y}#QOUN-9O
zlVZ;+kph(6%G+O#ZVzI7E0UmJ|8+Soj<Ao(`S@VF6pLXhtH-y3%8c{w%&4%kqzSJ0
zmS11zd44a2Ok|C~&#ygxP#ad+rmZUYLoKt`IdVT&I4g^-(BWbc6L8v*xJ>Px=qo0U
zZ~&yj$N$(AyVp@=_Ogz~fyX@h)*|>vdH_!vd)q1E#8xieNHulyxK7&QG$C?F6k1rO
zQ}CJmF$v#(Ha1f$6rbOqutLi~oho$l2yOpR<FL@#A+;_HjvR<!H(C^L*v)S%VMrC^
zYytNcu$hLFhWGYXO?tak6YW!yA|WTL3(*BQs=_AW!YDBzqEL#%L-Qq?TV-cw9i8j6
zm{-dFN2^PUxf3%WA2XW$^PI|x`D#Z`7s8E$JiSw{7XO5?OH5CORp-~6)EKht0H;_e
zc=QGHmnZLGiJvpOWq%LH_X6?X5tjQIRr?VfBOhjOH*80Z4QG5IY`4?9w1@q|Yk5*t
zM1(6JDS13UD>G?8Z>RB>T6lBjtA|?ay@pl7nF=7otqHZ?3m0=Ors5sFf@>}F55j2{
z&k}1*j4;@t9pTCd$&QvLp1TI(s7op(yN}-X=i5onp9iZ|jbM-I+wuZkNY1lnA~nQo
zqVEMB`p&wJ<UAQ6Ka`EyE&o~cIP>9vDL;SvPI38Zfs_Ak@wfZ%f)8Zd2|h_9yc;R7
zJQ+(RZQ-qYvA+vF1yW`nQ>67xiWA=3>B-(no^}^jQaN6p!<90z96$0HSTJFUewzed
zH?J*sn~TY@G}l*dgH2alPcSi6531lzmB+$+i#o58%MALp#L~3-KIEWmYBS?oK`bh(
zV-=8Uw{g-=R@gVMOYAE-O<WO@Pk#**V_w!B@hvo23Z_QGnNU1LZs!EYesG_RO1J9X
z)hxTTnZ+TY-BAVErrBFIj3W;}E>K~vP3mxZeRaXikeEyMM4|~RzyY4T$Q0H7@9T7V
zzo#hobJ!K!*z}tkIbhZGWJ^lPoMDYUFuG4QYQ*BWT<(ow&TwIS&$9e)q$i<eBd|Uk
zp}+|1lq3jc1Kcc)T1mMEktz|tn$8^KibJZMUq^=ojo=<*q??4nz(uvLf|GObk!VXP
zaq*A%h?g=BO?B*ZJSg_OyvHw7f&D<8dq$HGmYlY_Y4k>z;16(3sDUkyTk$~(ag5%%
zQV<z+o{nR9I|Ot9SR%@q`q)Ge>M>o`kM*X<(PXV0lLA3c<@ayUA4z_ujHLw-(gyd^
zBf$tB=Y$D8wC0x+UH97&LAdN;K1;g2q+DobQ?<UX25_^EC%0oqxQa@QXRi(XbRIC>
z%<9_O8uv4;QkdbBAL7Q3D!A0k2e|EBHwOMZ$)OA|_L)dF5CU9GapndgO!q^&^}X_x
z%Eu=-?A8n_&fj)bnwT8z{{DX)oqIgf@B7EcFbRt&G>4*`D(BiTCOMzaLK2E8hZ$jV
z&LPd5BQaz%5>n()LUKN4bIAF8%-Nih&+q;H{o@b*@!;NlUH5gpUe8xQ;J}xk)PUY&
zP)m<S&J)x_ZZ$0z7GEN1rkS@5Cdgg#eZsyTcSU@Bkbh%7j9$$rIB24jbs*nxsp1d3
zXtxJse_M{iRXDf0_%8UR>vRRU->>Mi7Ko=Z?K=%rUyOzrSDG?LN}_8E$ROniz4d_%
z)qe2j9+-2Ic|7QWhXgqfTo1Rv3HXB~fC^Hp_-i=c!Ibe-u`>IwbDAIUL&f+o4f8gh
zlq9aRrp$LR17FplE4j{9yW|H`oxq|C^3Zm_PBZ9Nj~qypMH;{O)x6fI8SwoNd@R3~
zp0KQS+m}1r%Od+3FSsKcJoY`Pc;ZWnHkPVnZEcRt7Iqx$^vgMjC37$D&)@Qq#jJ9m
zKd&QJ93H%=lJoW%@~!T=Ji#yCfVoeq*tp+lLy65w<65$b!jD{UMxsyAK(f)079SAf
z9+8<p|4-VwyVTdM7SNt5k`u3GZzfYqty1CQ!(@X@iMX%x;;EIPm7jH!*6-l5*@cLE
z?cGg2d7gctwBM!plGo1NI2t0O(|xSLi%vc>ZKG5;`B?A9<D;9Gr;AUo{%IbqV-;31
zb5(TDFJTK=B|R>^Tq5=nsL5CLCHOYbv_|wqF=)oXsE4^YJok1zPqRp$o#cp(n)Vzq
zxL;k=AR<yr#;j?c6MOGcLN9h~GHMy!oSYnw=7TgKW+T{Y+Z-n=!9aV9HR6NCn^5dP
zfvWh$^t9V1tp#o3UYH@0wpesKB9HZr{ti?h)tEgP6$uxVl6*L><_K&IWiJ&STj(EK
z@OHbgOU{~3(m<!mFaaH~=-Ei9i#E3Jxj7xIO88BZmrLTLw&j;_UAWG093s_VSkB*L
zfWHoGhu}O6c1NIGpGJ=MmU{zkSN0XYreIdG$bdd|g&o2-r>=kF5m)C27TqO9FUYe`
z5F?V?nyy1RK!_q)asNowI?=x*Sd4-%*1Vy`wX>`KRKLB9J{xo7%D05466I?p8<AQH
zn|RqiSo}?uv#-sXCe`g8I%(U$m#x!E#Os!d*Nt2e;}qgv*#%KY7KS<DdFuUF(6>=-
zn#Z(E#IzIPU4e)j#W*JC$IqwTXZpf4Oh5Z~?DNX0ST0o*-4BSg5!OdUccKPd7S`j7
zRpVEx(zvWARhN)Zj4AT_ZnzGm$~^0Qboad*83BMPI@r?atc)rw*t%;Z^_2JQZ`ocW
zyZ3Q^zcUMo(0aM#0^bkH0t~ZX6mBWr(EMYUtu^K$*Qz&LuQoX^Pr%tEjoKl9kLzsE
zb~o>9CHz}R0hKOlL&jbDmTWE4EN&N)U4ErF;9Y~QqBCH@!@}rUUHgSMj@Rg-B11m~
z(tt&2NxJ>A$L(9UH6_<*e#HpEqvIhD2g28gzIx+SnR3VMe&#`+5#SjE9uJ_eTMn45
zwHRKt7(@0L2#7;OqmBpWmsZTK=O-RgzcnBG_gqemRA^r_7KAI=su}Aok~n2m9w(h=
zSZR^z-!_XqSj9mX3>v`Mp*)~z%$OoHtPJY$FqE|~%+70O3Mr*8r0WvVQCI;^Zjo(Q
zuirG1cYSvJIQ-*>iGLiZBgI0%8r*OBR2%2FZrXL%7&S+wD4m}hPBh#rKEt=)r*xK`
zvwr(trF-1(UY!bh!7~-STO#g>fBT7+Y>El;>tgz=S_`|!_vO+8oD{OEiagaMYQP&>
z-fSY^f61ozJzpa~LDLAnfrS&@4O^-A8GQv<b(j7{+!<Q#I6=SOfiJ72^J9lqX`#+L
zC5=VhB;k64v_bh+U=^pcVz9*9dj?Kd91BL5Ik3*b=}Og4NLs8Ma+8zk`q$s+U5Wm1
ze*BB&!w}ul%u;SXnj+zkhbf4`g^$;F^mo9<!>nKT_^UDdLsHY+9QMk#q6=bHnYyO%
zlA>n59&eVqH~RnB#Vg)0u<7l;|Kl2W(vI1it-E*LcL7IJv7A?q8m(L~aZ!6*EgRj4
z+(M$eZp{%$I~ePYJ<{`U;!ijyN`!)g&IMsv%qAjQ#Qn@a%bc;{6K$~bjTVK!ch{Z-
ze)COpNiSJ#W>{0_JwJBREj}D>=uz+Mudf=PA(kNdC6CQ1EBc>He6%<yHMRGml|IB7
zFMn~Ow{?14p{N)`s}F4q;^z5I{T)M;0oRRiw28RW|61%&S8(!*8NM9Co^VuNJ@Dm$
z5&sb^%1Y>m-}S(?UpRq`3ok5289^GN)z2*iWP>bnmrQnYgneVIPsRRtlodRGeF5qd
zy6=;B;GuWxPef(<Nb0zT=cS<D_aoD8Sq0a=i?)BcGx2FcU24g2$3b_X(?9`6FJaT3
z{88tkccVAR%G)`}yKDpd-TdO;f(X;6Oea56%{qeE9|W}tzE2x1{#&7Kl3!~6zv`!W
zYHDIEB`I_H#YwNivNX5BZ`;s)(}I2h(y&}qI#B$IxT<e`z<%M|-L!mMpB{5HQ~cwH
z;o9V{(>S)+XC_18H<h}b7A!yGDvBIubyi1&BHsbCX2d~3{Z$@N{R&!Q1$EZIhzw9z
z|L5QS1q`4i4#<5odOb28AUiW%4q;<=23i5nsHr<cn1G!|i%dP}h6I9iz*E1>@FUG{
z#at78o$_M(Kq;RyD~d&Xg770;!BQbx0=Rd41(k!e?OBm)=5Uv|=W)#Xkb00+tWk`b
z!v*ALn-tk_P+kZ`UxSL+r<9k1bd}xUyp)HR1NC7Wj$v#)f}aNpzr5|pF|ksG4f(tD
zoYyz6Ot{E)0swJ}jD&0VN+r1-BolQsEf<(z42J^KZXOa|u1;3*Kw~pD`E`o@Fh}Oj
z?}<;P?R*eby}g6|vdc7~F%xsB=$aKiSohJ>bG~w8+oh70eiOfVC5uZGeiK2BpZt(o
z7H`-h`2=gH=g64RiwX0U(k$d!fVewc1R&!Bj)%jZ1fYu=uL3ZCz&7J6JrHe6vlH@L
z>4aMFM?jcd&o_}IpdLfHhU3sQ4alL1$!XPN1MllF`Hw>XiuG?WqVZO(C?qcaV={Ow
z{-rIKwJ3&IQ!G&&QgC&#!z}AkQNv(&y-tN-Th%S;w_k;1oQ`ya{DPzpk3*F{;-#!w
z%&*+F9!~CzNNxs?3-l9ETBe@22FHBxqBu&|NpaUhDJ(BFL=bCtEe@SkGza*pVFDdo
zQ$^E1{sX<_m8v?N9=m+N9q&w|wYOrmXYS3E|FxGmZkHTWVp(SkvCUmE{!#1qU0U62
zaJnLK(Rt_g8E)U+5D?`pe-2iO>Qa+{Ii`wMR#iFox2iS|X(PP5slQl0w4C-0mI3dr
zt93g<#)g`QNM_zI0q2L}5#(`)q9YqsdK=6fybH@drpEPw`4327hzJz-b44(c;<KQ4
zQmn_Px}~mc=(5N&ps?P;c#+SV&XN=&*$gRXN#*lW>1X8XD}j1=QOCB512>c{So;iJ
zN<n8OK}*|;^km;quc$=a%Ov)Qf#fs-ZjOh+={+n4=C=KQ*Dielu^FNN2{1Tft$F(#
zM^1_u3lA(_JGc?j4zrb~cmGNC(l9X#A<UXrzjvpLMRoLfI9Ua>w5jJ9_>A3ZKl8Ui
zQmBf#@u*3-WzD=D>v<lG2Rgz|`xs^4;6-v=#5K$zTOt~Q=h`$e=Hq5j835Pyzs%5$
z`w!%o-s31IWFo@ZJoM??wZH3+V-akPbb47-*X0NY|1$kLqa4{GiGqsst!BjLnxVVy
z(|0EgOJsM&uwd}~`ns7Xl6B=?7SA20>~IZ|Y`A=s=s<ZIN3O;&fw<QiR}M$wf`iTZ
z@3u@ah3UK4zi#V9V(pwS_eVlZ$U>-bFeenLo-QJvP__ltTr+*^!0n?Azw!kSQ3VAp
z^$)zld<7@3p}G~G5as&3HO;D0U8Ik2L)%|kQ4YW<N02TYdc7##BlT}MUAhGp$>xk5
z$o^t{WC~JCuiy955IGt5E9Ry`#C$mA)%*0{%8f5hX~w&}ys|_QEWX%$tLgh3x5@>$
z((u)~3MK|3?LW|G&*?;OvP#Dd{#yzA@FPFHE8c3q?$rGKm0LGQ1txtaRkj-jOy;SV
zn_DNW>!@DP8%daEhLhFkQ$n@vYlZnq@o^vJzrpdZr!4MfXiEQy?`oUeYq`6xkD7bJ
zsll87MEYCd+01WmfBx+t^5Kd%q~=Dammus|(~bCFnQ`8wy)Ly$7=U}R7GEV)QG6%V
zpJ2#o%nC0leX5@ngw(RWHP8Kl<Wj&!HrGXPDF^1Fe{Sh!s-`bi-Z;@hOOA+}{`B)s
zJFUX+*YZ8=m9x6`(HbnBMYgY1>#G<gAE#y~9@Gt{f3uj{Ra*Kn>CX8uc@8)M+vaUW
zt3JuQCFKR2RgMGK5%-qQs`Jx}FHCbD@&3@6HHhmtZ}&yV-{Z4z{0&=AZzbqogBEji
z-1>#Jv%@PUe|6VJjs@m39#keh&p6v=m~E9dSb+H%ADV!&UB)*O-@RRO$tDJVkXdJ#
z0_bK2|MFC14@e4bz5FwEp=mLu!Gw@CzDdc(UWwbWGyy}>lcRBZD;j^Yn>}RvO_aKf
z{;}-pR&Nw9bCfy1w8b-&#?anl@z-{&*GQ?1Mg2#5<U$N)g<kZEeTj+2qT^jBkM82_
z+QaWs6@3#k2{WH^<UuR<Y%J!iKV`yRig4W?H1acBk=IL=WP_SYt(PUDpO(BB?+m;#
z8qGrXwXe<abn*B3eYVO(b*SY_GSglD%=STlA1Gk0$Qe#CvPvrJ5S44a^)6g)G$(Qj
zSI`SRq{SaiTb#d&l2^8BH-P~pFlSk5ZI#Dn*%p=?;wtBLZZaExp0>LG7BCVci+3t-
zKFMG@;@Rr#>a*+R_Dp@^1J$&)N`QC%a8IJInd!dM_@XslsUYBcoA=!t&TCJzJT@k{
zq)fI3t@WIabeE2XW}4QGJU=wZ^8Cr%7+Qo9mCv~|J8)(7*HGUjz1FN8dj91TDu`cb
zkn?(#nD$u4MwZpLWMH*yPY7P3^6<8=9MSIWNv##j)<ZVgR1e?sA%m@+y&{~?N_e*x
zk!VMn*EG9s*r~0_wv)*BBy!Vc=Zg1u(+)lW+2j9RjApMlFpm-66gv_X?jBC=x%}A8
z*`(gv$lp!r@pqo5VICwd_MHh(Vb%P`?e<eUp~#P(ze$<x<IyWwU%DL@UMdwwpvy!B
zd1~oOJQ?!pOhD<6i3ceY-QUH7B;KWjUx=5;11tW2eV<GnjR!q*@0C>0Q3SmMzR$dA
zpto*-V!k0hl!igEsil3})$0Mq$c)j<1dx)4w502NLdkd*sC+6b1y0m_ap#G)3Tx`-
zqXauGD?U@uejfYb-o9%4$UblAC0iHRO_Sm^bDzK~87J<HDCA04Vi~$%Rl!(LEe*8Y
zhG5J_*0d<${CEoJd1o$u4^5k)Gx_s04c9Ei2d;D+_k&xNBZhJaD*o$6ePH5L4%`o9
z%0m7y>G_d^=7ZG}Q9JB|47~rX*6|~?nV{uv!rvq+J|_62uY~iS;2yc>Qo7)6_PMMN
zTR>RLmXb?%Q>!d;g>Sb_v*i)ifPYNe<hjMVOxa$?Nf-a*#a`V%Q)c~x#h2NArAjCc
zyX%%@PqUl1f8`L;w|Q;2R-Y|EgC5Qc7p<MFRZ{68DmJkprQH@~2sU3G+Ou-*zyp`D
z{Gv!z-<K`{I)Z|nL%hQ#yjKelZZWS$4$yvY?-^V884XLH@<R3vfBhS_fov%)SgR=w
z?+x&bzshVwYnv<$)dfT2eR4{|DDA}ZvtHmWxKe+KMRHUDJjX3rH7tlPl!q>6c}qyK
zzr2xa>RrX@MP`#Vd%5v@4hbD%CVN*Z^^kAg)=lsv_ewoV<@K>|91m9q8|=gT?r5oS
zTi^3AQ&Rt<`S~=h!NuF`$b#X!zf4Yx>b(v^iOvX#&ht}=GX7RqZSaE1LCKwtdh6VM
z(MgnKgl6(+eE(m@gN(g*5%+Sh$bq&yAXzNR(;*7Fp%3xgl81atd@EV)BcO4{c{jyz
zUmdcln-3q;--AM6Hp~N(F(!@=s9Ehs9QJDiVXbm=qSS$Ko>Qj9B-{ZRC6}B8FF347
zZUKRl`+%*Pt_>0Dm=<tkGGjnvK(UWarC^PPCELuV6rBjVdz<=}>3u+FDD|CfmpVi&
zJ9DYd@&=*4j!xp(HD&s22e@N&y+hOQ4Za>Pk<lC~Z4*aIxoKtHGG)<SGh|Q5!w0P0
zae+(YPb(WFI+LmKkT7f?4+Aw&U+eFapEj4~jxejpCm-do)MT1XZeZw4DLoDf!9GQ(
zIt`P`<SM!Cfo)pX{or9`N#ylAC6!CC-~m05|8*9Hu^J^8bT2EUL2%{Hx{Ar=*d<$m
zw78@2(=?t&h_D2FuDae{R{A>xLZkBPcHUwT{t?!vZ!Oq4%`ttOJ#^&{dO+KTf5Dzm
z&tbUC=yw&{Pv@bdx+;!y>q6Wai%}Gi51J9%2A>}M43_c?ot%)22)H%CvXSkl$e!TR
zJ_=W#I89^aS8)n(2$Rb2vX#6Jz2BUb>!r;n*wrrDP|qk$uKTFEgL7#ZAXbDo=_2+8
zL(~41e~#`@&8g?m|J2$ne9Oe7RGP<ntm4x@zTIV$y%G+gXW=*;oeUQ#W{3)H_=mfz
zezVow1_=bav7RHqTa|Ht<E^4porpM`Fpviu&nBP3dU`%_x91wb1XG^=cv_hysi0s!
zFw+prk$eS4df6;V7oNE%+k-`8_mL>(<hG6Z<xg`pd)^*v`mQP1ul#dG?+<`&Z@!o3
zhNV1F1ID$1Tz#t8on*|SeHN1)nwH2l7AZ%3L1Qjc3~H%5lDDt;X#@XvssHamshoh?
zOig4Epp_$<*Wy3(iAO~dgJ!d~wJ%+_0hc-kKm8mQ_}4}0%!_%3UZmEw_*$#d-I(d%
zC^N;g{d4~Jcd!ZHFbCMg&WMXXCjA60O|5H>>+?j>5TY+`@Y!dJK_Bc;wKkti>gI|W
z^1H^5xqjMee1BsI;NMGgq8B|dvQp)sjMaN9ilrtWS)m_#j%7rd<h%<qOV|&Jxa_Dg
z#n7YleJJY6qA60r4v&8{QMs`POm5gsU;!+}mPxf-8T<9xH<_E%HzgG5gXL|LtRt&z
z$u@ZK$M!asB-_dtPw#|Ak?r2M{OK$ycaZ2pLCZMwiI+Q?B8|i9uy(H}d5OLP4;MJ;
z{kDM~o#RmpF%M4+r7g#njlOl~Aa9oc_;hDE_G|pIXQiK^BI&dLeknZfcl23c6JSsc
zqR&+!!RB=u+>u4$0W0R7f(+ncC8<Id%pvs)HU+Tx{7wp&7*(Jb%XJ8%RT90V>;+?p
zD(2I3N7TA4L=VD6T&S|_0)Ny$$yL0GaYLys0p?%Abypr<koiok>O~}css8DYyfW7J
zrg)(zTG~7U1KIe+GOeo(7^}{?Do0MXxocVNB#b@wn%iUitM>bI6T*|Q2*c0cC%=jv
zxjF)`MWc63$3r0-xr;e#I}I)t68@U_I{Dd;qNO(>9!m|CH~kLAd|yx=GghuEN!+y3
zueR&{ZoYviJQs9@)Gpmb5;+xIO^bGJ$nt@dUhWdCh51u-8@}=Hz5k<sLG6&z_pqo?
ze?O`FjU?eW@0}<74@HWuKGC}>e1%Rg;cTo{#ak7UG>u?@JdTh+NWWKT-r}(S)L-dy
zuxqN!8{saIrTCeX2SrseuN2?v_o|u7txe{{d37#9=59Rst78*b;62{FQ>H>(tUVjM
z0wg~_&Um)ul1j^pWZo5%&;3!y)jl!N#U(<JeV41J#drZvMQed>@RQyFHQJLu4`OyW
zV1_!YC62QL3O6u$Ci4Sd%?z@<(7-GF-CJ`puM??M)ER@l5{#`}6E@;_ux8yk@!jrt
zKZ~FBPG_jq+)!B?1^-yP?_)_gJLcG;6}y+mqQ#EcdJn1Bhr_7a8ck#f(Vb!3IU-Bt
zc-#2F0tzICnarKaay#mg8HNEMDnN33JKhHY5EG|eDkxEX!kq<>|3Jg$H^YQWL8@WL
zE6r<oDg;u#Vk~_69u&CVrf!G%pT#0?j|><!8<X4NqRICA183v7B4ESn#E{jA^j*7J
zotNYnyE_EykL8zI|0OKz4^)&~*XW(d6CmICT;QW-_bYN%C36@2A^cgN=vFarfQ*>1
zGlI9}Nlt)!bMF}lrCyX{A}vvWBxL|$Nd!N8FMqFtU&SYAn)W+?LOvo|w^#W%K003%
z@1sH(42)qaxe1?BoR(KeCf2k8t5kdeD6ElY<N@^x36Z{^$FW-u@Gi8c@Y93Wr1`In
z6EI28$>O}auhonE^Pn)ly^_+i06bZvsGBJXbL10tOxO41o+U1<J>XsKXLuFah)a=n
zoN615XQ=Nu!8+7_>2h5vcfcC#`@q*W?cVR)H=N-69_tVJsrNaSPc2$UDgWY6P>@LQ
z!jqnsT0vdP5ogWxZX=?^_RV>EAd&c8?G^0Lfr^pJ>G}2_F{80+@lU#cn!}uOrqXpQ
z^g22q$Y}Ks?YSjC_Z}aH^M_g)2J2WoXxsgAM+W%`)Ps>`PiTh=Rc?DHr-p}wNQO9T
z?sF-p&Xw#Vb{YS|!lHS*Up;HP0>sSbV*c{&t2RvKtsCGu8}#LG(NEkL2qyexRJ{Bx
zSKr{&(bQGkv1v10beJiNVGe{@H)Ix6Ag0M3g;sLydIG8JI-*Dk1_mh%QS$dRQK#R6
zF91wz(6>UsggrFR^NHqCN>ybhHsh6vAhMt@j$t7DQq)wUhVeM)U`@kpS!WJ4KOd&-
zeCY%kE%X3H$Xm?8XD5;kYpmumhHO7`#w|Z~jy25*_DV9I)QGC3wRN-V&S4t&N%G&m
zI%+?hDzCa74iT&NL4OTD7S_Kl)2RU%TeEKO%<EZwX{ShGR~*S`_0dw1oW$;BzT`&n
zV}TvAXu!nD+OKbjXVuDL5_(YKj$8-74^K*37t<=A-D+Aw^w9xn5%mip{CO1@(@6mx
z2&KE0&37)~gi-+kcpZ+l#>o%Zz+PZ#{Dap|x%1$sqT@IVy^u@{jlNDNTe4}hBGfWZ
zRzOYJ>0&YKS!M|}UN$v*2gR9ZTpokj8z$GRGINVoB?M@%5xQYFBAj$O(U~Y?_#?Pl
zVUkOXIPrb+kpNa$_Cl+VniJrCvSzcghmVc>=iTOKa`Go@?t+s~ikPiB@w_WhBLg*m
z4EVYq1g@_liwlu8?X4T9mEnIv^~QA^e-{f@-;`@_650c~V2(av5555E7sN&HOA$>+
zngAR!-2V@DfQU~Z;<juiliFn3=L9d&i*LKBgzh6O{&~pfv7fKS4pZ06&*hyoGx?l3
z)eaZyJZBtQP*bS9p)Mm8CUaV)fM$9v>=#gM%7Pa<eM6E*<Qo(@@)xj^LtP(c4=br&
zbQB6{A$rOZVfae5w!x6KqH(_Yln>v8&CGfAOiRMC2eBTSwXb+Oq(pDB)pW}5003aI
zhmjwF;k%*L*&gLNO&N^KB?C%D_m}1mVe8_DR$qgQ%GQShUAe^_2n`9>;tjRq0{)&x
zX4*ugH{%BXy_9DxpqT8gS&d#!P0e*_Qo6w*U)|o7e9$0;ujPm}H?o)GMm3FwJt$Q+
zu$*btKLA&mNZLsL;nWq$ipZD3am%gPz2f^z@`XT#((JyykN|9<$?4s$M;dV|fl8`4
z!_U>@py2q)FVun;uSd_Gw_{Y&nr8c@;m`X!3L2Y_znGR13<@lTf5?ww5VaE4|AN{(
zHV=4jZO<I{T212$$-y<TYZTDd;~4G9*IJV$RGrv-9FbTf{!L>f67BHp{Frc#s1ihs
zsQjy1(Sh|x>JaHn3*3p5_BF;=lGS#0Dcf?j;94H%Z<xiaWIXj_nVl(=<wI);L3zm6
zAj0BmJA}WGC2s9-uswHS@w2(<$l`~RbIg`rhOdm)jo7<}v)rFgn=b*EkB}=%X7iP|
zmH#Af-;%R@%NzH&n&4zb<FdV2ceeG^Gdt$iT6L9QagS=5w&ZVFa|{kf{!)r{pOqc~
zY+3GpWszqym*V6<UU@zHLpu6$KiA%edmjp^Z~Z^R+|u_yWMLGI<!_MzZSk#`gosT`
zPk+~>BP>Ts@ZdC4t~?wd-@GLZjr*BSpX9mJ>%XKCbBg1|T2(A5@Y3^FY%V`SDD^!#
zmh$jPd&C~X;WrjMo7E2WD0Az7b(7MgCcd?IY_<Ed;#0mVTbCABo~g18)$aAnNAG`_
zFY<cHUV_DM%kTx>+|;Z^=UZH@KrnHp|2nhl-fNdO?r#qxYF$IWEe@^9Pg-@Lx&!sq
zXw#qv&`713GXC1s!2z?yUx#Ku1?EY^u4I86_be;My2Q0w><BG7H-i8u9_qrfg0<-9
z<l}^b$#Rl@I0#g%1+pQuDlUBY_>?CD0zvcgTo|(@7&Iu*QU%3nUr-B3)f~^c_v=(k
zMQsnXG4;>GjEdjYWtOSo0VJ^}XdTDB+|%y>69lw5l%Z<w|36_PAPNpVwusm#t<X*x
zGxGoEKjIUu-J=kq)(nNFO5y%%5hy4VXC-|a(6;lfPzh-zrx+Aecxf^lv672(7dt43
zLP24^#sH^ZGUn0qh^VMdQ_iR=^^f8^q`|?MoSfds5Vf;;pIdvF=6$xekB(_~7I(U&
zgP}PWPw04GNKG+d9Qv5qH)$;U#PFI<SEP>VlfJa;e*&}vwD=y!tf;n&aZBzMv&h9q
z&gmsAD4<$LvAxUxfdCd%O<i4uiucSE^huny&a85LO7+M$&-C_7y51P8(e6my>3>o*
zZY_C8j8(E+a#U7ojQSkPq3bU~)l)du?!jl*M?i5cbV(FS*aXba*LmF5^qXsw_pOlx
z9T&q}z3Sn@&eGm&C~nHEie;{w&QtukFu6mEk7d~ZKyG3O$7cJ6LJ+Un>Z~r&c~GLh
z+iw;C)U=H2m(C=jI)HGUGLn60jc{_Q*;5>|aJu+N|4CEeh89Eq+xbuXVgXEklprw}
zeh2<^+s=T&VFSoPU8uekbq%pJ1~fc|Hy_7k3cm@h**vuDd}G$=+Ja`~JrtG>FqeEc
zvN1i=P#4x#&nU?%3-?7fw7;u-4v_!;(c>j(I<Xs|9TR;=(24tXm8ibF{6NwE;SWJS
zuwTo97PGAy7**JGz?X}a@$>zlGxIL0W@G#(%OY-t?v2MT0F!2tbuI<>D{2J5SfQ2@
zdoxybuO&74up)~m_xjb$)@TC(g6@naE+e}rvqMYwW<Eswso%e!PF_I6rYZz<YIYGK
zfb6qkEeVZ;EEsB$FGWd!l6%Z(oC^srflb(B`No(w1ijEh!tVEd)FophwFp`#gkQ9#
zO);+wd#a_Rt*1sSP^nAKihOB-Jktu{9XpgV-M?sd&UlD}*o?PfL#(AJb3XaFC8_?T
z?hZ<muQwRBZDC<6U;I^fT@zD%2>j0_5sol0Q67n2;A8hZ`rM8bNV@*?1$(-%q+kn1
z5S5Uf?^!xBa8mG6yU${T%1BIXZ@tZl(Pz*a2?g|XIL)g`iPw43Ftnvot<PLDx=g1!
zClb3CL4PhK=FR5sx<30oGQR=d%db2mr^({rk{e3<xM8X4mLdsDYZQlXn)tA53`Z*e
zljKq0W|8~CBFnInm7LAZ{-T@@F6hot3u=WJx&eNBE8PfR@NLI4dn7q_@9;By!jk(W
zqg6E*A}-O3M(=(gff#FrXbaH}jBn@di3y<K^15dFCvAy_w683h;DPt+qqhrZU!1H>
zAWzd>Fy3#V-3a)yPEj5Nst_!T5YMUUpm;uhSS`kt1ff*jy~e~*;9XP<-r~zm%f|mt
zDJvZvo|1Pi)Eqt+@9xYuhY&;uT<CI33F^~6J{EYIoU^)$5-ki4=F)W!l<VrBiR)#S
zxSlC4E*c4Wu)AW|w(Tjk)&VY3qy1~#3Oz7a3DE*y)!Aj?4SnjHw-uT@V=F*NR?2Di
z5YYV@`=+$+I&tn-iBlnUWpfSac?8~^3Ds-ntlc~faW`Z)Qa6j);NId!j9rmkfaVLn
zpG`~eUAP>>0IAn0aZePBHKUSk%TY%We?R?|J+0DjHZzEp)jO}F>c)+l3R0gyw%j_C
zvH#-I=f<Tmp5+MxIj|_cn3B*25?muH(4e>~<~+wKJ1w#=Yw7P^-5*O4D>g%NeBf|&
zCl5QrUS5g`&)XYfFXbT=9#{(MWTi%ZrU&k(7z1NCDb7w#1-g>Z8q(;qUCoCN84pe?
z_sC$yt#BMx*I7ak{S(xnZ#eCo)s3k%2ere@cP3cWORr;=u7|OumBTpEDVm=v6zdO*
zUp&Ve@3cKP^O2q>M3FDwAm(^X$GNG|f((eXjVqbVbyjP^P9~y?k#bbtd`~_H3;U>F
zY+qi0P{p^>8%242RkzKRr3pGp{VDEEU)-Xi;>{0>#j2&LS<y3M{w=V)%=tGCbE*f$
zpbcrx)lNF}jkma3Oi4?r!)QZB(AhHeI8F}Z65sU@LMEq&7AV_VQDE>}EJF)g2LsDt
z%{MwPA>TV$WgV!=sdeuj&j6eqUh>R6+OPY}pDS+&3oFM~y3;k`7h=pUg<`77reF-s
zN`c`>r&{U7JHOUPflBvdpH3Gal<JmQqgX|TgeYEww_)ucB)oxXr~QYdsJ<eeS>lfr
z6N~zB4y9W0(N9m6biL-Fm!j6}4CK?-dhWM>jNS@)f2MSuF5!5Frpy(|N-;^P6;2nE
z;`NdEUa-)=od^r$HoEfo>nHP}KfWkIX#jSy`f~l<x9I#FO;L8I;e^1YMhkS=!I0cW
zc=jj4;NY1F56mFBb0ZO1pg5_~M!p$56vOyyGF8=#NCW-(WmKRDS_RUlt_Sj}KKrEZ
z$PCf|p0{n$O3zeuhl_fQL12(6v+kcvd@WFpCl#0FLyXkd3;>-FI2PvoI>~Q(Akhxw
z4_?vRG;Sk<B>HBIdHRtnVSPNH&E26itPy07PT>rH91c@Xd|+o9rtCdqkOc}v0#3?i
zzGJEav2p|0gIDW2`0cOgD)a$aY-8aP3_79_Ko6g*Z_<iq7XStJl}fB^8XdH#h_U+u
z*e-uyj<yvzH<StI7hIXn-faQt%A;n}d=!qU2#|p9I_&Q@iW7#Po6HH<5iBPC2U3#^
z<BZ|~Z4(Rl*W*nw%UTNAr!b3poqCWXwTz>FwASkqe%Lnf(pRC`8cZv)q-3B>?bl;c
za*a=jG_f-DSG}a)&4`ANs(U2KbWsFP0b<@$^m`zMQ+ez6{IFbYI<`P(F=(GK6d)L&
zEuTQ=WuSRIjT6YeWTU>l&DSYhPWH;iZLg1JJRH?z7NMKNucXKJj2H8Cs6I@wa_`f$
zaPg%#%joyL)l9JMqUd{yt(vm8PQ`lvD7i^SroFmAW_UroV6|{*8@Mjmrd*t`NjmVo
z#dOOkJf1Tru4wj+m}z_GYEXNLN;*|!37Nq3k(*;AG^BBnY+fcG`aD4Nh$hCOVjRYW
zw}_O&hhxVeM;2VtS7vlU`73=Ut#1~RugT>a`nS=^1dU5B#300M;nfGCgrNDbYysyh
zBb2dhS3tP9X0CYIc=}HEE-~f<vkEpc#29V4W$B5mAV6n~e@Lg)3OS857d)eUigCCN
z+B>E;F|8vEfxy9e;e680Z-$+A;Xk)EwZap-(tOU$#%G8&WI+oV-o0Y}J&l-t2L6~Q
zCxsc!Vqt(m%N4(Vw{q}<K}&HutlN<)JCfg)z;v>@jM*vA(EMK894eYQmY$CdH!&Q*
zotr@GfC<_`c@X(6KrgHagHr4ivRwdVHE$g~&)E%G3(o$P(<}<x)-Y#nL(GP=B3dOt
zY|TKt{a7GGJzeGtZUESJWwOBcC{7`=aI$bPF=`-H_53*XoVvxys^Lp#_wC5$M4XF+
z<fhq=nMbBmr69L7QL1PuvtIE6-<z0Q*+is=LJ9&1q-fn@2|kWrJz<;LR?6@Z3(`?H
zJSekIIRmpXo3?#JzxNw1eIejH0c&P4^GI`62WKhDZJVa{E!o7CZ=A$EvN`kuOpN$j
z3Xgo1{XD1fRQR;YC&yKsom8f~8iIZim1_!r_|M}pKA&6Mn-)Cq)EWW8``c+scX4-Q
zh_ijq9ZF>%frIu%>s3FCT((~gPB!#qVFB^abHeE))9B1;7ctyEW$cTZMfTDLy+v6*
z<<o~37sMq_zqd^m%DF|}s@oGkGQG&ReH5nZ0Wjbs+rgBs@#h~@a<@<Y=C4yA#Y;Sk
zah#@eNJ~OxIEY)sMpzcc)f$>s^s|^Fdta1JPOvNoN8%1x($3kITMM?)^B{j<AI)`q
zloQE1l^=2?#`aEK21pJuVt9Ev-zriI5i>VN!zQ^iUc7VPRdZL!M?F5A^?v6!+4*Nm
zSC|v}U_vGT>i~@<7_Q=owadWhsM6dOLx3M)#|gx?QQ~bDHb^%MaM*D1C^D<lNS~uZ
ze5S;6aQof{bm$e><sRF*AEI&nMD1Oc&bAN4G>mLKU%;O9eyWY2_9DzqC)VW_!1a#|
z68`6LUF;`VBtuw6Gt0L~dpe~vL_MQuzu;*U(u7~+*qonR?zLAAQm1+#J;oq~BtMti
z{!jhKr}FDJyk)p&&Oa>*Jtm^|4tPCpcXRp{aiRc`(W{8)mRp^8Z7s%kTPl{FjY2AB
zco-*g1qvyYGsBu;@x<0}mDy+}|C59pmlK=dAU{g<96~X|7{M!I(ar;Ma!b~*F!vON
z)JtmqLEGB!$wGL>FTg>GxHqPlF`gN~kNrnFDUM(woPcx&1^=ayEBXZtmy#`|D+(fp
zk_IB$6iN8KJSKKr0BNePpIReM(Klq@!I?SLtp8i-{Jm+G?H1Mls|MUgzHs*SJ5cs)
z*-st)UIOY;sa-;>2N-LuutPxG0coQcUDP7^IxC{oqQB$aLlMQzj6$iJ#ua0T;40M_
z&F#rwG}+4^BZg`oH~UVqXfH9puZ!N3lTj7-#Jqk{X{^kvl<Ak?W`u}&fPg$M8-yzE
zgW|oiZ3oe%LX?Xas#ImZtX{wq=B<BTT#;wd=Gas6ogLt>@w3SFXb%zZNcI2BEB0@4
zFf~g1y;*X;=*A1#B}kTbvqUmf|6K<6SkC7%o-HHWQNE4nR;oqKQ|r1{((NZ}Qo5EY
za!sYhW@C{aC1VGS<a`P?e&{LvhQy82w6oe2`IeDHGn+jq|LCfij_8r^o|KW_wzk?D
z`%)wnxBDN6?@(~|@nGfi5AgxYH$2Z8+1bA_>g3!W+4IYVi!3QA!o>qZ=?g+U+fx~@
zI83BPR5Xw!12@V=(|PB7EcdSDH?^!jIn(+?)3kyk*|7FZ07KmR^DRq4mF0N4`N*{8
zwr=@LQBj}L<=>Nw{ua91iNb+$dqF)5-&{2>&odkt`B>4#;|ikewg%@Fq+X_6nM!}&
zqV)CUh{UPXvPT<BH7$}*g}!k{U9RK|<K^j4zi`s)9d#7O+Pok79cvxfa#IVW<f1iw
zQ_4g`Z;HnhT#QyP749|#N6X+mmBTOOY>vJG65vDJ8PF3Pw?{MTf!FeGywfqYMiJDI
zJCrkgJm4mrBMgKCO6oN5L}fi_E(OUvJwCQLP3trpRs@~w(##iAt8U_4D)N~7$|P~e
z7PtWNKX-<?C_07B{aQ|<#jz<kmdZ0jFFa_&tQao=^U9H>tgzt-v&dkJ?W15eAWsQ+
zBl!RsIEC|b{EZZLHjtxSyJA5R;6Z+$<hR~)Q@tY(k{Bv&p<T06_U%((=)~uHE))td
zJu{0Uu<gj{>#sH&_bz#nTvQ{KqXsfS&)N!cme%J#Z0Sg-$~Kim+kjk>Cu_1QXr#L!
z&D5P^AOwCcj|qsm<ZYW+*=#Sw??AfxCXmnplFN^>NrjUZ#a1%A@B6yjTh$`ePsVq0
z56_TSji)hMu~-35*5=C@25<60x8*v8R{@>cCG-UjeXyq}4AKV7W)i$TMV^z0a5^un
zSn#K|<S*BR7`Ei(Bl8M}iT0?Hn{=mT9kX`DJp6(&Qe*vI`MW;%Nv~AjU&%xK#-@MW
zs<bYYFZ6!&ICtsZf1uI7lw}(8*GmXEh`>6hK0stR6)LEJUwNkuauw{H0LbC4w<nx=
z_WHb6CF7DGKsd*ARb{6W%S(0nva=-*glSfxK493=aPAQPTmYkupe#DRB}s4kRB%OO
zRL$!mwMclzP_H7Pt5NlwluyT%d8ga&vz$3T1eqSLheOx2#4}R6b&Ys_K0l}=kl6S7
zJRmU6dLu9)=Qv(r*C{)GkMr`>P^!qWQ<i3XhidS^+#(YpM*<{{^-+r&CHR_<0Zu}M
zvBNPPu(@$^qUQJ%IW<7%FvC2;88wRR{)(VKn5ZLxC%$3nlB!$E@oa98hANOkHhaYS
zx-pZm1tBd0OHihU&y|I&gx3NY9?at9`V31aP&;QB{BPr2)wTYfB)N6nGh#0ARmrA!
zIw0b6z9i=8{z#k?@nK6Bc)yKS4#rFyo0L9s_z%?9g<oPR)Vd7#8$O;9R~`1Aej6s$
z8Qdy%##Wp1aco%qWtqCcrwq#m!hrC%HnG%j2-dOGjnRIT#HABga7kaNfM7CbYxVlI
z5=GF<PAtXcQPZE`#Qb7Wmqss2xK7w<LzPy#tqqnjYUAUnKpOk!a}0fAl4~2twX|__
z{rS24X7(_dt-??9q?a9nh&5x#MzI%^?QrdnmdeAIabv?N%-~w6jY<Un-|w+wBLGKT
zuq?0CRunO2CirtEVr2z5TLM}fwgp_%POU*8YJr+tS4ubXC~sawI`Vs47OL56R(ocg
zodsym1{lpT;qAXq4<4Eb2SebZguueczZbnH#DULQw4yFf7J}qd{^j%WgtwP<Zw3EX
zAn=G5(VSQ})j#MQkQAl%TbQg%u80=*Js@L7a_qaW!qWZrR*@@fO`<Tms!vGUp=Iz%
z3qPMz;M4zggO+b&WN~vsG*&hi7;L|<yh_B0;v$@{xRWO-y$ih)M82PR@cqpu3M?Yo
z>Vt$zZvu{al7nQUbeqVpZgZ!ki|W!ifR|xoG$kJ?8|uDI9XD;2yv`TNIi>jzsiphY
z=N4V?GxbDE`|CYUV<eOUToxsIm_;r=aNzXE72RjG*N27fHS&AUH2tMC%$T(SD;u57
z(X8Z?-w$gOuO>L4p6!u-lU$tdnrbt{eL^dv;7fRm#-iG1d=~{<ZX#CVL&xKdvghE(
z=8qWWp-aZPv~!pqsX}{5w&hHSlt$cpc=3y%^?_WTdrL})L_+r9m3#K?O#dWrh5Ea<
zwbg6e2;y*5E*4JrHl=Iw!Mny>+dvb%V-F@XB~Oxej(Sv_RO77$+YvnZn5lA)x1EAO
zF18ADyDYZP!@-4u%Pu-`|J~}&Slx{vfl{++f8nQZ3SX#1UsE*TEmn=PPMPTU4W!r;
zL8W4B+8k)6H{6~)Hlkn91_D)Lm$j`+rjr8a{Yn<DO@HFVqplEzK6^i`arM6bsKOz-
z4R5dWP4<CUoaN55Ebi228aFM=elI_aXe-r6EMpv>tBI`$UeJEr8faJhXzrh~FE5EL
z7;DpYwN7F2)$g26HF?Q}5`kgc%CBtBIreJwATLO%+7pPRbSkmRb_wHz^DE9mO+Y<j
zMPUbuZ*NK@%<QH<jS`7pAlIjAeV6TA>TpTFR<|{E8L<X@0OR&5!XCHiY@U0Bv2g9I
zf0g9$l6LNQJH2?{Yjfz^lJ54!eb2rTnM+JQq~QQ`h~N*#((HKiSN8GpCeC3pPuvEw
ze=;4_LLw!{<)*28p}Q;Ql~Tj11+ykEtOqk}J|=Qi{F^rGKOVl3AJ}F(AZSHGUxB16
z?J>8IY`%Ciy$6nKvEY**sunY814==>3_G?PCi;J(78BmInZfn9k)k@=F>gyy4fU))
zpLe#AJ&roqj*`c(^%ihAUWgY}7Z;i>{A<|q><wvbrDnjg_C8f+?M8{7(3{zEzGm;j
zE*JF8zi%>J<g;H09?{EX#4#PJSt<horN%)9Z^rE$27FEI?9N;u&~jFQN~<%FDM<sZ
z+IhJHgXQX>*I7V#2j@vK`d!8figR6`6Qe7s1yW9fvAMUR4J1~9VoH|rdiQQBiprB8
z(Vllk8{J65e6fL~z$rTbT~Bcaz;LhHfqYiR;{9(!#zxbCH~IGAU-LadwaQ<)TNF0X
zgXXLNS}4!tH!gj3Wl)l<kPlj?d|omq0q(aLE(CoZnpQw@Sei^t1uz<RJ}n@)TVg2f
z&tLp8Rp*H3TPT<eQW5$OghDsYok$iyjxEC59_WKieU#nSOu!W|s?N$#8g4!rb*YZI
zsmoq&dZ%hY{A_YNV2c?I`#dhz_;0A=*aizO`AHyoKKx41!VVIuZ&7YsSLJBqUmr+n
zA;ORS0Hq#k1>g+(9s;^<>uVVzqZ*^l@RJrkQ4!a<-4ede>Fnt(lSAq=Cp-}~J@9cu
zNmq5(*p$@?r9Kc@i)e(5)x!nb7DaCF^01@LOKMHPgmhTHCWb3MF!@(q0Y2)K_fc3c
zn#_YQXF9dCJumw}>stl(TB>iW`q6&&d|0FXv4E~W**@Y)5LZ=hovvK&|8AP<_S3DS
z5Z0oy(i>H*&r347E&r6MZT9bzool})6%^l}fB;9ESapRL6Ao&7>J!#i<@!A#tT5%+
zVKI=l>nV2>4jBCo-VNW2yr=p${mGMvA;}Ey1+6x()*9(P;TY_lGU3bmAyUYn*?8<R
ztzv<|Fm?)9N1<EqW<Lf|Ip4C<6)m>=q}25#<F-V{hVZ*73hUZBHM3b0>H>QNu9gU-
ziQWC*jzFedCMGwZ3=u`N1OF^>zM~+-=8C~d5mPL@qX3`#5EVrMUe0Y@t%$;dJ_-*d
zxv>wvhJqq>VXmie5+?*)j9j4rEXrIv6ap^72EyJ7f{-PI09H7qcy2{6=|W~~K<k+k
zcf;vyfRWh&Z`C2oAfb-5MvM~_W^on|{HYYOw-_kwPQpLJS$DeCa*nO7S{+xm33gSM
z9Dp~)uD?>!Yx6Gk?hodpT0WUQdhuI5US4e87BTCKT~L;7JJHKlh~K9AaM(&9HHOJc
z5PA@;@kGc{ns*XmO)u8IBJSf!i4h{s*355g__f^QF67s9JhPCtPhpWzXdi1+bpc`q
zb+O;%XC4UlYC_kH+x^FLbeL_idq9aAdc<8q`dZUFvwIWwPZB?73i2)3kXzb%|A&p8
zGSU0&I4q+0?u*=P_S?)A!>bZCf8e@h&FHafYMbSU@!+DFQ;Xxr`C^q#sOEAJ;n`z>
zx0|gdVu|1QeAT`K42WWWaj{)$K?wR*!kCU@%|_Vqo|m-HOe7`z%-VX^v%$CQ6!EF3
zy?w<Pk!y+^;hj2C!GJk<WlZ+MU4*szd<eS8_t|&s@3<!K@_JPk9cG`feQy_Cm-w9D
zs;M0m9x*4buN6GehfHq5KVysjSKnKG<-P_K1}EaKOXF8swUOA<Fy-`6XI=us^ey$A
z%hnUr+)$EPCjm8z`xn-SW6}NK>|36gQM^y5cs924Z|LNc#6#tq10J8oWRa=p5u0r2
zR^HvW>8;eMiX}ziiM;Wjp3A@IE#;MUE=>DqtgKlb==n|GW`$1Vk=_dJR5d>@sZs&F
z<-bt*+84?Cuc!0c`>IT;y}=DiH?l~{+^ulF;vt}?GmmJ~_l=0yH0`=nUG7C&a9GTM
zt)Kc|$sdc?z(8txBpgR5b7b9Ot;jh>j&E$qkZyP}Z!lL@x~V_R-2KeMR%Oc?K9&MA
z0*7AeKrwf#9{!({C_kcv*_V|Ja#@xnU2A6wM$KhmZ?dS{B`0>`j%mJfjZ38}Yzxm?
zO%&Pqc5~PCh#HiK4gtgDYm&Gu;}_JA4*HIfZ?lxy-LhEt_$lvvIi-*j^-^~q4y4EW
z&g&gpwLF)(R;)eEZu#|a&B$H6Sizu2k!z(#n}YN}f#yox-*9j?s<jraDqkfQ^V`Rn
z8*cC3aA+rUVy#IAIyp}su&pn3zg9qgi^_wQFF0Hy&v1Af_+G6-pI23NDGgyO?^FDA
z-M3KCDmI_@{ablIs+!v?b6RCbm>;!(vm5^J$(OBzpZ7$^E);^0Z*Vpw4@W_&zXTp@
zFOK9Ko%U~t{=-YAl9tMvH8HQ}cX}@gw!E(L4C70gw0er47O3Bk_8&Fo2$VM{J#^j^
z`?B*+a{fOM2hKb8n-)vSQ#J2NhW1U{UQXpwLOj;u*M@&*5T8rDU(HV6n$_jZP=C>m
z8YW1p1y}pdgE)b^$>Uf5h@Sl_Mxafd4a_pIv86a$9$fp{cW$LC=;=0Bk`2o@!iK^V
ztQdUMbhhp?y0v?;I8c9i|Et0B#>~Ad&!_!L-jBT{2e!VNRY_2LWIkVBk8^xe))dC}
z2@V~%K3_Q7o8@o$>sL^uQjb$$-<>GSt-aKr>S3%m4g*SdJAr8y5sbB@-`7?#x;7i&
z1hP2Xwl~9Z+1=KOzRlh|@YX<dGdZ_V4^Ap2Tz3DTWGiFMsE_AyxZqShPY$pbzHt*>
zS(^tjUwk{7aRN+&kIfGX7hi|NB(-kkw18B$$SiM0b5OjlwV2E1a`A3CM1`TZ#gg|w
zGYrSPXT*ViqrrDRMJgQFWnE>WzyG3e=3bsN2-6yZc8P!Nd~4mTNo?Ab<pp=5g3vds
zGN@V9J!jj8r|NQT2RLiI_jjd-{XmY9Km7!a&hu3;fi%pZ&K{fpL#vZz1cA}Dn=00%
z@40^=6xe#f15TD1er_8>vav>j1hvX~<!xYlOi0@_p3Q=jXTyb)i7Ni&gTin?wHl}j
zJdgD@_2JXF;{oux@!r}Y@V-{1HZa6{8#)a{(AyP3TY9bNW=f$7RUShJG+-#ka4`rt
zal0(H`5>Y+iv_WBD6GH8piWt^-s>uO5)2EU=H`v9G93J6_RP(*u}PDLSux>rYi8u5
zL+a)Dlph7}Ff5~go>Pd_$zONCFKZ6IaDy<LxR{JUyYslr%2+gS0y^F;(m5C40u$k{
zh9<EJ<rMu64+Q6S7MhC*-l{%Y(d*nA{|}@ON?dD)xe8naqSpFE2eL0Nj#Cmn9-4A$
zG||^l9komWJ&F;j%fS{J>qq7EVsJpmF_Fe_K~T4STshIqsJ5bt=Crdhs~7vYl`j;T
zV9OTHg^ya%Fh!W3S<AY95kV!b+C7|jBs1o@n|wAKE)>3}`1ii^(88$r4W?C}UmZ=5
z75fon;L?tgjT!Yi{py3NM*fWGH=KfDLRGh9-qwVhB&Ma*f7Eza(HE=4qvA>baxSq(
z=z0>s?JY1{8Q<<+hp2aEB#g8H=S;W^Jr9ulX6r@!_@2cq>#AZ6dSz{P^CQOkw^1G7
zQ~=`48oE4BU)M1y$34UDt?OF4t)W<d(%07XRfK5aKJfJx2{@#@--4k9wKld#Y7{N%
zs{&uu-CNUZ#nF-O=O`3NDadtqm@=as>OdrBk|yP7@lNXBp-jQ%Lb1m*BN+?5#oMKf
zSCM+a&Tyhtoy+WEAB69K!jL@NK$g84SDqDpy6j|6m{=Qlm>@85H7>?H4=?oYTR+3M
zlbSM0vvPqBe?@@0<OJ6-oj2Wf!lBNqx6O)QM_Y80^Ba~fv_~F^eyqMF^Wd~fkw@j8
z@%VlpOK#`0j&&lvy*CYs>HK&ZmuTv4dfzI&?aj#k!)0`h>6`l_f1ns$?MptY&`bg;
zI6mcNVqa}i(%M1VY^J@>4Pmop23i=gH9PMs1pG9|Dps4v^@1nm34!&0h1#5-b9W)u
zqS5Jt+<{3orAjwZJd^KsccAs@#eK!MoU_~OQ`MaHn$WF$6q`OcQq501`7{L0j=Q<u
z1nS!^07BR$9_^mXnTruUrkb)?bv=rmNFo%RxL^I0xA5psqYo`S$=PpDWC!^l=tuIa
z%gxY?a`FGQdAUCmzg~W<3JVjaPUdvoYUO*rg&jUQHdWLL$CdfYHg2Io>^7;XjYtJx
z3QhU$jF3!HfdWC!JYl8QQ~awEU(a4hio64yFBqNtJg=FdZOw{wHXOEvU<a1o%#$r6
zhhcYA{tDb?dg;q+PgEB6h&PzwmW5zM`IT4}Gr9H7tQhQ@iQWtX&9nQHg9Ri4_}P8?
zuFX+D?U%;A14H=RU~I0k%rJ0cNr{jZrb!TuaQJGA%C}i)12O=?YLzGcf^`@Jyig>`
z)t0%YS8~R8M7UJlttVU^M%|_=hC7RFT09+<Gq&VkYoe2X_dWQL8F$nRnp1js?wnkY
z6h)Q6{9W`4ij}9_%L65kRM1!c6%R6HU7Aeu=gGnJu+Qi?qT_<RB%`;2o!@u(e|cX&
z&EN5Ew&I-w*6jZ{I`4m~ANP$PjvT}>qKso6WmK}AgJWi9o@10$Rv959>)3?SaX3ap
z$1#uN5J~2{6p3SGbc|%BjxBp-_I-W6e}MDDIS;S<bzj$YKd*Blq4N~;o-8}OQnE|a
zf*?aR;jfDZ3em1~ZuD^Ip7Ui}KYb);^wNjilGB-Y!D6+i(n7M8XD}ZIqMPr()RA~+
z2Av;I9NI4YU`?S)&Vxn03%nLBhylTtTd2k=^E<-c8L$V+SIX@}H-@P!v@?pL@<Y<Q
z=lhhty?dtsxc25}ZEn6X-&%}{YVW+}%N^Wn9}BzVe}&&i?}XW>8TVv&9fd|lp23t9
ztXr$iq;Ej~0xwZlIleIF5$!s<;!EIDMFu8?#iJIe58QVg7lBAjxYURLxF2WA9v?S~
z8}{B#`K?wJ(Ai@9r!;BB<$#oIty+Mu>$>sxr&*JhWp}aImysc-=8`zSm)u7j<kE)A
zz!k`AZvK&&mSL||TUvJu(0Yql{%iYHwaV19&5iP8vk4{tY}U0OgD#0T*0Pu5qUoz~
zT^O`Ydv-mi2Kl?O=>ym9#cw)!8ky{~Cg$60KUIH(l0H)#{5ToKh}O%qS-wrqRpEj3
z`pYr~k19M!I}gxxH(r+r3Q0B9nLTWNdNBc~Tw0tnHitKRcYB^yBXnDhAto)aHlFbT
zs&YH6>TkkSUu)dUsISKp-_vjTd>RwZ`<harZuAiCU~)NZz~*QqFS!EsiWz5oQCxNU
zZ>3XHf}bx|ARnJ<G&@nX4bN@efIKN3w$VS=<xfGZ-Y4;K+}HKV;jh0uoaNvixdmJ=
zm#dt`9m~n~f;3ajflH&>+A-(<;XC-p0A2@~HCK}kl*6M3gUtc@H&L$klQ}4iu|w`v
z6&otp(BmXY2KsNzuR*z+-4#d+8n?_d%65<!8dB)hA&<>(u_G@^bQVBPkKc4ZN#hL_
zr=7Pf`?{LZ_d1Gtj^c7(xb~08ihA%3jmv2p$3QgfM)UFmv!*R~uXNka14p$?D7US{
z_TtpV(I5K2q5~ab8rf~vs`qX-(rN&V>iHcqgkUL3jRw~0_^j`B+985vt<r%bByK^V
z<Vq)-m$p@M$0_XgHmDethKNk{qA=knfca}h;h$X%2;MH;J9*f|Xt)g=S1ri3p_;LS
zkkSYW^yPK|#D#&ww5|ry7A?RHn-u8&d;<_Ng9R^|NC(H8jepV}j04IP6}@9qBu;Wf
zG)pHot@SiVDxbwu@1%9;*0jXVmK5i=dIOCvX736I?j1Vh2=#w0Db)F0_pUA`kg#m;
zTf4B`BU@SM)=gaPpOT?gr2eX5t1?4bB~?#031PAh29#MNkL6CTcgmYj?~=LFb2izu
z#ZQ_|JEj#o5i*;qkc(|N{L5{McGSk;(QZNda|jtE2%a<iPS5^@A8F|X%9O`?y0^Dg
z3sRQbLRnvMN_et7+*vcHoK9TKFfyCnND%^m!rs4%Kz8nImw?!45HiAL3on<T6GX}P
z-!4e}=`HFd*a%4O3*P4v`{9kK#mSEkzM^v+A)&!bvdp>)@P0Tdz9?^2PN+raZ_x{J
zt$!fsM992qVpdx)E_f>I4G{m$h6W*M1yx%(<zPG!&7Bk1@;iZ2W$k1*BtEYP?K6hF
zabiMZNZC*;D-;&f$PyPBTEGH>g|rm7;6moIfU4`@UNz#`>BvE*ec1d+Mx%D<icP{-
z6EZ?l`^*sTUOd}Z(-xNBS)7xRd(=$rNKblVT@X9)QOuG;9i|A%<Ht+krOiWuaViIP
zv0kBqR~c_roiE)O1&Oy`YlP-l16`&poP)w588LgaMxWcaWcF1TsyKr#7D~pmXcWG#
z$1^I<+=3)+v#-scJExyi-e9$AvQ5qYQwMX8#_tDTl2-&*LzM<mOJDrW(?*ektvdo|
z&7%N1!)7xTOVvq%3$zE9WxHMv-ut*3xn=DkAuGfJtB8)Y6RCfv#FV<J)DdlDA=r3$
zIEq_wZA-VVluSQm|JcP5oP)BX6W>Mns&^vO4%HklsKkj9vZwt|&Mf%Ygx&o0*B+%s
z{RiSO<fm$vjZ1}qw&%+LlcQN0mH}bGrfNJRpbf6ZMb&Ws-aQzKx1V^O$oXM9Y){})
z7_a`7>}mY1Nbx}HvG>aQ^3d;MFIQzdt~0lNJvno{7Py91Er1pW!T^uaHI3ujtcTX%
zI}+pPk<abo`$RmgQSHVBHfD)SjnlmJq$xYxw7cM1y7?t7_3J_EIfQDHNmqM~q^J%}
zA^|TlMZ!ev$LlnauSfKQxP3&Q+DP7w;C8-3MoCP=7(Yi|OT!UhiJ=7US0LW;)D*Z8
zza9@>scXfd@X;Sgx(`8;kzvy8WV*YqwN3Rc>;_rIW$phivEL6)4X^<rm>>Ue=Aj@|
z<AAw%VJZTKE?Zm~7<y&(vy#oityB}evVRz8y#SDx8<$DjUnD@glrm`?T|%%QW>@|J
z$c^q`&bY;QMCJzJ05b&VhHr$|fen*ErEg1B1j;wBbwr{Y`BYm1?ave60`$?ac{L}K
z34?gz;h=$=864PK$1)M|52of9t)3=LG4)5;6)AWBK)?(CXKGgnH3?x$2@fJb$!->Y
zUxTP^@KE^F+k)mMy1!9!c@s1c_7Bu{<*)FvslzE#q(9~7NcqH%n|H=hd0!)k@XE-8
zRD-!y48ld7giSnAL*G}+l6;;SzFmH!Y5nN)>F>&;$Z^p=Wz3IH9d*yHzBHbAhN2nB
z3VogOevQ`$M12daa93oMXkOqT>bRomnYfyHXE8j%n(TJR`!#M{Umlxpo+9Fl_9hbR
z3$13wuLStu20oZzJ;3z;?xlp<$4_V;4hya5b&7KPl-UJ(bh8)pSZSIn27j;9eXt?d
zNxfS?8cHD83UY83`yGW>bvjxHKYQp`omPK!Tq;59Ug2g5?qqiF&7Mf5*<5A-12PmO
zHww?uc37mm&9da(e+~NTp>(p*QtYn#GdLZnsvsSD+^T94U{Af?;p(@1JP35RC)phq
zaF8w@HiqLPK%(*G#tvgDLY!7Q{vh($SLHQY(E#gC11>~_wT1ZUP$uh^Lf(eRS0;sG
zxz+n|*X>!u^$&6lI-8l?mwZGK&EEp4vVZ#TS8tq8T43_DiDs`1_jiB3`X3Q1y#K2z
zSDnQa;A)gsj{SXVSMNG&(P|Q^mR0!U)obgA(R}ax_!$aEk&dZOQO3iUI~~W4pIoTC
zw&C=P=O3szZc;uvyT`r&TUs0oQ~EV7wD(38Nc%kD7&ERmH3TOKRav9|rciG;wb)SV
zg1(O>wQs+g&v++}o#LH!BJRisqnPLI-v1}vqXIh|_VU=AbJ&}EX>^0|A4Nhq)Q3z=
z`UTrWQ~;=~M57Bp{2F~POSKkMi?+=L1r)1h*Mf?3Rm=eG8NdBMp?Zkp0X77r;EfG7
z%XI?TE?e=B0SPYzM%nvwoan)@pD}msjcVH0eC6TP+sCIsK?3(WEq6=8d0%GFr;b{R
zO<45JRLe+WnVfiwjN@$$t`zVykq%VRleJZ|?(TW1$bRg%gsIbk^|A@+wj)HjZP2u_
zZb$Y*;Hex!hV8Ba(Jf5M?Fmf8G7-}bx`GX0&@;2Kp#>0Jw44d$4q4T+4iR$lvH-%#
zz|psNN?^bSJpiQ91Sy<*u-#IR5dH!nl)Wma|2wOU=465MJQ!d}{4N^3$cWEs;lJ4y
zjGgsenQ~uZ1s#xb=!+*@5e6R%18H|IDC9pW8M~Qg^zN0x-3%j+4>jVya2_L*&y(I%
z>D+HPOAu@EcRxNAdKMd9N+R9*Ajikh$__agE;3k;!7PuC_&+EtN?5u#>h;XYmQ|1`
zc*JD?<tJhKz15eH!3O%vyq6&E5WsAH^$Eo^|91I?x>v^Mo7w@90579@l4(K<omXY;
zyepMWWyo+Mx)yI_Bd>2CEg2Nx)QpvT@j<A?2*@n*_UCx0Gj)cD`M5DXeT*oC>56hU
zU%U{(l3oesSrc5t4~se2I2MYA&tUfa5YmU3T(#$yj|>Y%y&pePB?QV&kUr+9w+FuH
zA1U4v7LyjqI&3>gHBP$AY$`q0mf=VSX{WCR;<qy|dWe2PYtfAYer&GVP#537rS57f
zEIgKveY9PmF8H!T522GCJv<>8nP{%wbVwElhWd5C!yep5E=aGu4dI%vZzS`qIep2i
zfScHIDp@lZYK(-FhCIOi;^u<TM8Tb^t!#FQgpy-#N<66}ySiU0_YZQ~LzqQN8cM`s
zEMByX57|Xr9;`!L5z?NEXHz!0^O?k7W&Dk_Pw^88(1n}RjZ>9lie50&Y6<y$ggp5E
z&BRp7`9ab5K~~;Ha?&hW_=qBgOytjBx6K&wHY?ApgsSDkS3bjX`gCvmgy<;&<x;1D
z{&Ol~gkB4oC*QD5TEvC6%k7)+4@!B8B+EU%6V$j(o`LP|l^y-9QJltz&1xx90^Tau
zYuO*GV4hnx@yT6K)(PJlazHj(Y(|jJvA@sydw>r0`RcQ<BXa-6s*4%JmnPBKMQyyC
zMKhn*mI?l3`AkDPZeRasxrj?hXkK)~Stb3_>ky+!=TQCG3_jhbz^n=)^>imFB@P~O
znGjbvg7LM}Y*EQzc-f+jEt2`(B}Hj47Y&Nisa?3H!4!Y8tU=iWyb%HCYPj^?w%SDl
zkBoURoCTVkkbM(!)xNdU0Z9u{{phakYITjG)e3-V1Xqz%2L*lcoXe+eBwgrldT9gb
z61_}Q8T^h*DJ$Fj06K2`-FT_D^EV^jM_?9aWvxL1JF;bZhni#3B)vmn>$HM=)r=gf
zw||@|#Vy22Hmy;{?opp9n=~!=n({*-44ctE2K=yTmwTmGMIp;pV@lsQsJy{{V>JzV
z&v;Sop%F-md`4TN>NI;0CI0)e9_UsJqf|~Z$z5EQp;M=5o4#me+i~iwz!&z^2uuyp
zai(Q^+5FrrSoP0E-09jwbexX?@<?`iyB%bb-c3HDz6!u%l0kE2gz4?l_tTgg9SC6P
zE(NA$CS_XHIhX+I0*A0g))vR>uea*ugk+k}vi{*S4Vw<>z4E*^pd@i3RF#mHNT{8M
zeDu+e6S-s(<+)S-HoJr=h<{#UN9WVD_g{{e(uc&DJBIookUoq+#B)i46yZ3}qr=o9
z77nEj-5>CylWg)e1*`yac@VH8EPW+elJ@)I$X5RK@u$Hl+o%O*WO3^1WO1h2U2RQ5
z?o5@Rf0UNeGrqyaAG6q6U2FTQ=C_-j%E~&v0l~{w9%lR%Qqw!zs>yjct;iQubR_(4
zz;qC$Qq#0m+7q!5U7>tvk#9`8R;hN{Kt#m}f3kcc5Hx6$eDLk=lLm%F;@<Po0p*<4
z{0!;z(~0@+H-c`ymoo-w_yXN>OArX&zMQyguCHY^^@twWIP^LQ^W!<DWungH&!qnJ
z@kL5wy*$?Q0UBa^<2jE&bQ@w%;G#jU#e7MfAfh|p=gn*<5eM92<?`Z*XY4!@ha57>
zetXJ$zdUhUhq=(VhFlWYtTGi$@0M};rpS-(stpTMSA)&7ZgRWTDEweGGH}b(ar^(-
zoIfXr2uw5&(iFSsE_DS#$V_VtRi%p=CbXIqP_I8ZcOO@2IAdD5X_oU3biWS7s+wNP
zUWSV!a^{m!MdBUpR2-wALzd|@2%ubE*z2D~cOQvihtXb4D!r<tAa6_cI1bs8g3}J@
zKd-zOCLGAF-~_gnn@T!=hnu~aExyqz0q|CB?a$B8;?Ai8w?|j7PX5ur^b2mktfAUe
zaB9`tTkD%1l%GSt_X<M~+ACB-21XOP1VD80FL{xL_yLT3Qz;Y)*sS5I#ekZ0`xQMq
z(gsX(3P*V-5OtkEv4-YKC;Vdp0K)RWLrlE3XPr7x6Icmh?gxYMD;-)GliNzYTJ@R(
z;A%j()lE`a*BSa_10GuUZqp6lvY5#?H|S}U?Q#pZ?NViuEqo!r>K;FsJ2ZHtLG@u#
zDXV|{4|Haewq8}*|2a1#mHn2*V0;FBYacqS;LTs~qw|J0Ho3^;$4Ykx*6d0*fD%{&
zVjHK%+nzjdo>W|F=8qBh)^g^aqS7Kd;-mA_owDvsAK3V1BT0f0R}m9m+2a6ae2$6&
z+rzb?*d)acyR$eC@ekQg723Nu^JsxK4!@5I-a6OhfB1ClW6<Ua35t36yY*xE!Jb$x
zU4v@_Z*9A5=q?lo;cC*{8p~}%_|6ZcqJ*?U`M+*$!o<ycv*UQK`yUC~CE=l~DL8y~
zyKHX)n`%kUS_U?ikP5B>w#hXss7l@Qti`EZX$D7-QaV{Jd4~ZPZPv+VLWnrRb%tgF
z6SQ`AOW{0?Zl)*e{L=wVXzra-DRemloVaK?%WdxEM!C2pxrCB;X>II8F3B>PaxzUP
zjuhUHe)Cbv_C3C%#B0BMJvNVR{%_-n9jHA^#-j}Ky^vDkCw@@R6x--M?=3jS{kF8+
z<>(Wk6x;xxy&gOv44rP|xE1Sk3xK9ZN*rQd<RDt%L!kv%!wvh6qKyPD%xGuo@*07n
z29)}^=?Rdi!-3P{@AuvhiX_Bpt|ARX&2~#+2Z2@{*S9*tcd0yF6qFa!+kzPvpzV64
z^XX#$FIzK&ZG5Y!JXP782BBPdn)H-!636rDq&&`0web?0(2`GhCF?*hZob*#u4%`)
zOOtxA0Wf+3gb+zG?@)tPmo=C(SoR|rQ^gk${W5_&z@}>MDX7J|7HH}1?4EJTaIWjh
zgy9bAl<8$dKjkLvAc(n}<d#q$&pW%PUe?MQ(_A;~>_zlwu|A;@V##?4vr=&9G8|Dj
zsH8G$HcrW52;T;aQKe<gF1G`Tma{@Z8ord{m$yPy%0wR*^kl7|TR9toUMm{Yk=mz9
z{&4)svKYSmZS4bf-6gnB3(I?J``pJU7iptW+<Lgokb9kncML1$Nr?KCiPU-Bk@s3!
zf|uQ{|9WBznr3niIe&IrOKvc9sN&T7oLTkEXdn6*CnuB}TVG~|Xc4QErvcFg`L1_&
zPYcjRDT06>=mz;jCvSElq`~yOYKBBG`bW`KH*Gx79(88m*hroVfxrTL73dUD=v*nI
zdf@4JLadVjdypdV+Oxrz>>wjkK>duvc~aCa<J^kk5L5^4S$y~+e(3l^kgm8BcAZ^D
zXZSJ>C)1PMk5amZH*INILlf|9E4?D2TlrLeP`g#${+gB0WP)ZGHFO#fN|;v*n6)2L
z4Q8KW2ME8m&~czr!ev}bE4&UFU1rY`Ew}U`!21cFLksQh&$N849S+MClw{v6rOpc$
z0)y>^6|&c~OGB(qL|rq#tn}=>ZeL-h{o+XZ3_jCYtf)f!(cZzJbe3+CQRWPc2jzX;
zZ`2`x_TUZ1QofV*R}**OaP*?bleliq>XqYPmUzqurgW=j?q(+y|CyH6o{rX*wIvi6
z_<mf^&r)ov={LL8ryP?Vh$HWwydNO={2XTBFx7*jG6_2Qo|Lj|4O4(>F;Ku%b$a<e
zI5Rl2Q9d#@O@moCCwXC`RrF&v8ydmKn_;bgf*ni-gOHd#v*lGTN$En7kGqQ2JLC?f
zglINZP8*E?>_c&LsZ)Yg%1WDAClMuletz>3o?L`M0HXEA+Koeuf&#d+@!--wivE#j
zjw*78Yt8sD)WtjhHHt60iiesnK6NRdnT_A$k7wIY6rB|LBtG(#OAA(?M>WKf4Fs#C
z5SeF}QjRX_5fc!T<5Mpy!=r91HrK>T9YeYqtBu<_!_QsIYcoZzkvA0>(;bt?w6cOq
zv9bX#?O`D9w)gt|d*yOHOutlpIEx~}znGO!Y~~0r6j~k_`28ZwYnJndW#xFY=Y(Nx
z;^@XLfyt__8(Hxa!u=%CNfZBz7jo4c?w$Mb<x%`lNN0J?O@W=3%6=J<erJxNB}12W
zEstS2p5N};o`(hYp_4+LGgyZY1kd#DvR<(uMU|VMi;d9<^7~~BWIOUsdiGqwvrDkl
z^7BgX7znjNp)J^Eik#04Me9oY(3Y~{r+j8JxxOWMq_|TJTV9QKHpUXfnwg3<l1^cJ
zGys;9Kf-!EI$2NJh2=JI5tRs={yLQ06xF9TzTNn#8xdEfu_JjO(1yHtJ!Pao5!@E9
z6mRh|SnSuZr8zYeL-DXLN^C8vQ$CCLmId}k4ggfuuUeaJ11>8mt^;X4dj)hSWm%QZ
z0f)T16wLqV7zKkyTFoFtD0$6t4G?<U63r1MtiT`8>STXsg!IZT12gr&1xN{l!k60-
zF%O5AhcHPX!~rIyPGc<lA#lrcN&y>8f0@B*ZS6!F8=KqM9lQA<@2NY7t}r-A8}s|8
z>Xb9@hnm<B*1%hrQxbFH?jNRo0SY}4f5r12?&jK^mE~i5rY4q9lVew}YWEXEs97gZ
z4seIb5X3{$pB)`KI#L$uHL)?jCr^h3_lQ%~{BF8Requ(bU3sB%tLYLJzw_$Vy;M1F
zhqU0t&OctyjG|vf*mmjE#+yt@zyi1s#w9a~{my8?x4}bD1d@7zsrculwb-__JF@@w
z_WbX&p!o-gavnnU=ZpXopQy)z=k7ey|2{Ct!>qyDiBhq4b_YwvNjQo$NX+aw?;K!S
zA?FePOWybF0e01r-rB1C`3w4lo;S;AMIcAlaq<YQ$hE|_<W1vL4tG-`0{2tO?lSke
zZ|_|4@C^vvra%PuAJg2ev~JEy1NDJ|4u;97zk5`{d2vP8&FUo+^Kkz-qQ+pNDRI5|
zz1VgmC*sJ24AO;5yChC<SgasBo%jBDLE_jMZ&&3)@kfahVFi!}JEu&SOl+?uh-B67
zx*$~J`I!;|Nu=z;mi_A)nl5-QCBBPW$tNK)5Zt{A-;U5<&ksvWOy<FqLO{;F3nG1T
ziWLG>ZzjPV3U!;-ti%RX7jKtL^yIY#9SjbFLu1WBkW!uO7DWmPxx<f%BL6Wx@+we>
z>TgW2Hry!z?(oAG^^wy|{fkzZYH_C(WYV;PwY9$eg~s{QX4<q>Dx&Q7lM*EDFPcZ{
z930tu(+IR;bm_}O%40j1Fy@>&I}mR?J|R9$4$f(MsK@ZxA>YGa!a-v-Q@%#9k1FLG
zqG`V12f(JZ&i}>e@JEw=ZI}$b<eCRK{{=px0tQg_ZFCkyx$Bg;?9d<hl)eKhp`uEw
zs3qjn@|q<>{5FCTQ0*y0h5(`h6?*QO&hTkuFrbqgwcI!_ANmGkyCO5^jvGpS9|1<J
z-8z@@LFGc(@88qPPFD;}l%r9n<jjn2<p?%u!F5dr6zU>Ag}#!6aLFyMr8{l=T`{Vo
zPoHMdgSqB69SkquL{$3GW$onOa6t4O=#rmF_fyG^@Q--{e5#K$SfWpvOSN=hIfuFn
z0)P%i{;bTvRN9NNFL$r;fLa731Z8lH2C_Ej9HdG!7h9#*GT(fG=7xHed^2&yn0sm-
zKP+owh3wSc(0kJ0$&xs(c1|?8+*5R;&wHVXg(q4C{f9G@G=xu#m06H;W)-x54B%gM
z&BNrw4^m?$i{I#whWuOB^q7PUCQ)+dxLQ^)oEn1j{3Hj#V=oW~2PZ&J2qlIBnc{Ne
za5BxuO_)_rXGakX+`gTe-KIQh>5zNu)yFs<3kDN~LlKOI3mFW5FQ$UvL@S6lb8eNO
z|DBOMLdUO>WJyhA7XwAb1=6z#+hrau$X>In<p1m=q=j^bXjw#0fg5v-N(qm21!Vaf
zB^kglD0mh{On*N@%$MUH!tM%q^Nb$X@KEs0ay=5a+A^AsKGqgwL`JKO<m7lfrlO2h
zrpkKpeaaBSKHbmBf)Xp7lr`>U+nh{Q%i^!Lt*FK684VW-VIuOIE0Y$hiH)w3UI>9{
zvN4QiUy#wpsTp=>PIj!s5AMC%5>jw#*4BPpd!11y)TQ)Ee$rBs?}B1b@h2=MMHe27
zPa!LDG<Ar^++_r;Y6(B|wX%(~O-u(|_9n+MgwP@oS>kOZ@-~L-s<sF6xF>c>#6|ul
z>KGL3wEP3*&)NpHA=^9~7l3Hj^J6yw--q+dz}Jsyx)I|5ne8{nR>$bUQQrA~-n-zq
z?@)eOgXH`u(xm);emc)D8u-npo!8Nx22br$0>zvcf??%I$oP;0O$+*Kz~g_uyoO?r
z3v_?Q>bt-gBJ%#?pDNb;a!?lcPS8IPXX4R)V<i5#B^fgjS{dzVSwCEvJGG?Lx-Y#-
z8EN8HU)K9@^OoTi|0C(YjD_e$r*=xPzdfJagl5Rz>mQYR-7v=6itgFRce5mpM<A8Z
zrxK@t_{(*=55tP4v;Jb{uEfzK^rBAqNtEB(E$spJc%X2`ez?N@;!w!$Yoe1H+M?x|
zf))3#8=Ea=ot0f~=fh#CWa+4Xpjs`Pyhq;>rFbIxe$L)_&a0^&`-oKct%oN}f}_8&
z;hsT3NL6mgrQp7E#yU$LHMJ?1f>Y~refz9T?JI1(10_$jKB#<%Y!{R@d$II-o}&an
zBw&5}lt*n3Mt=VI2I44)WI|t(R?zeuDIEUeMGaG#rWZN$X&h!bMkN`Y(i21_S)GYv
zD)DvqTDj4r?o~kGy+aH@l#CT@FFLRaX?pS}E1=rVu5uB<e=(mEl1z|frTPi+mcbkj
z{7XnBvx=yBCbvDJbhu}9y_IGRyu6Zgm!AID)N|g`b;#DpR?>*yhM7JX3Gko?WQ*cN
zjm}>NX*Kg_7Xzv-xpc6M$;8PCXioz`{sVLXo8Ar(qbc0_^jF)I0p`IDxx~RbEnwJE
zf{Zja$S}ZpO${#_S_?=O8eJDKHmmH_{d|zK$fbCADZIb8NBnb^x4-JEQQD<4oqLR_
zTHl9$hPLqTIGWH2GW;mT=}+w%$LJ_QiZ*Ydi?_0huJC5AQpcsQGRW@olWFeOO}*Yz
z-1Uzmo?qU50=f4~|G?3N>pvs0FGio&`8n;HM4Fa~Fs#i4PQxHDx2vls_-f{;I^5+U
zeCx=^qBD`uh&{0L4bac<fP%xsoq``&zu@VP1e<!K+V0b)v8g8UcYsigYQ}Q^uhGHh
zU-je0Q<n8Ozl?`|Lab^H0__6aw#%*LDQ+l|ERS!3oVWfh_n4XU?oF|ZHGM}uo*(cX
zApT3lY3_+Gc3tU)ILERtTd=#^?wO&2b2*prjt`L20NiK=G6M%A%S?a5k=@kYUaiMb
z^!@3m7k5$7a*sy?N$hi_n+%+5pJ5n(+!w0>y^~dMP#3~wdL4Uc8~25GFJ;EZ-X^GI
zexyP`GBt5vs3zrjBM0HSq?-qGDF*(_VeW7(TC9^^n9JVciXQt`2gGpI8>nX7^JF=&
zK?)+}x#5kaexswEI;7tjXIRmreb(d)>Z_nktxC{EF_Yd=x^XLhWExMjVJYS;`Couc
z!eV-@bz3Tnn6vOX+dWXIEmjl6=CThKE7tACt-20h51{~;u;FDB>P(P}qkH@<&tnGr
z#g5C30y9ka-wuV9@6&7oO!)opVro6Go|ViB4|a~^kX-NU3^F~xPly$ja`(S2WqI{(
z*+@bHud@HmsNH=|d+qLGpWKB2WySEaU%|8Gd$)(>OaFmhrW>|Y4Q3}@Zcq%<zE>Gl
zL33R+BLy`pk-R_N@Hf-mDPVo4au=f=M!tp~^@g%y?Q`^?Ca^%#c4cz}N^_8@P{7!R
zlOvQram%xTo)y?S4LtIk42d)D_-xQw6iu+hTbXTouo}B7woQL+)~{{DM1=7K=6WMs
z6Mxnr(tmg83VVx~NIWdK>KfItjMt(kiAE!IwqswP*Po85dsFDm=W~$oMPE@yS!0u5
zJ@Y-xZRXF@DWUaW!+HKyJeB1^75_je?!S&jZOlcly_i=7L4m0^wd@*f2xa#6`+9<c
z6~86>1zOP+St$93*#eIp6g~vV-ztEe!OP#uGj$HMP|`9@2^|(SsdW2MW55{Nrj)16
zqmoeY{`C!#Tq{Tj#1~Eu5JYO@2#d>T`FH>)14ZzAY-}=)a|O8$3n02GcJbEk@uY3v
z9%idhdW|?{hsspWQ6GtRnFp=<W^Ge4t=~PI%S|;A>hVODG80-wQ_OG0XS*;C2G_^K
zu(^aY^2)}R62gi1t4w6-t~E5SShH`=mB?!nH|(DHK9U2G{*vul`<;nf)=QI!cEs^2
zN)sTsNHBmz9@_#$^}B?e`+yyf^QHELAPB~&!^%om_&yJWmGEka!T%~Ta8WPW@`J(E
z>)fNc{MBhuUp-;R-a$$WMh2U}3F)=F9GfxM%jssM9oXj9f{|V3o#&Y`*_8p!Pdr|5
zB)u$|FFF`x&QzZ8U$MSzw~jzaRdx7ZHF=`0&IF5X#)yt|fBN#0F-Bl+Zj%(X6Oi5$
z(BiBTGUn!#f9wGll8m=fMp7<nO!+G<4yvwy!RtwjsZ3zl&@FOfjs11ZO^Q*>6I<i-
zoO)fPWc-rmu;tgref8bTL>#7pIgA;xgz~CB!xmKvQWDaYJ4w!d4qg>E&@UUYZ1F=v
z-jcWUySML(aw$R0_V`Nt{9mX^j&~hWN>_guD^$JgpIjy!pjl3_8DJ<7f*zlWauW1C
zEe2WQ0HaFd3u$*ciXAh=i7xXn^sMu&6)dd4BJ$+Vew?Q^EDR|2Stnz$u{(>(F&j)b
zn?$)3m2Rl>wgt!ANisy*!d6yw$-405+r7!+BSr2R=0PUr`jT#y2@uz*xbwF<NBNXi
zk&9MSRuM8Eb=!{Q&ucRz<|z+86K?wOe)ncf0ChvsGJ%~Ep)Dslr)FQDt5!Y7_C{nQ
z@mSs@fQf~*m4;dbGbcfz*1Fak1?q@buOj=odJ>!%7MJ6!FX;MwuO}fHH>6xT+rHQN
z)kuHSM#uGZXP9hNnID?JAGmw}J;<X*M%i$P(nx;m*!0@&Vj3QavfeDC=zXc4*VYga
zB@byl>j^x~YM|qynf|#l>b0V&jOhDRL&ep~-H+=!m=$`>sw-2<OyDi;)Hneba}v|*
zSB=bt$eD+~-v!=FHJ1O(E}5(cbFt%dqG~^^M8%~)PaG@unBOU_x<JUi)N&%3?rMHH
z4wp3hey*z41?CQ>=NhwKyq4vbo|7a#CA#=JZ)2z81w?wcY?sx7K|0x9l`2+{S5|SD
z)OkR@x_|qB!Wt)^Qm^?rD5Y@C5|@=r1gJ{;17Kl^A3|W<?+ONMWl>HL4fn8Y#zL7i
z#75P=``cp`$y)R3jrlnIzPsA<5b@_KAjIM4`eKD-HTR)6xlR_}ZoW8eGLk9_blUz;
z4F2CX{NFdT|Am^e|HpQw)6xHnIc-_;FM&cXYiv>O#hoQ;VoaRrGf=Y@U<?NUO7OM2
zl%GCa_4FTk)*}7DX1i4T4+O@Gow&oHQFXt3?y8A)+dgp5PC)vXY*rRU<bN{;GQCyL
zt=4Z1_kC}E-fgvE@_j??$LQk7NJhCnvlLXZSWxXD2<kW}wEg<7eRG<<YJ<vl@7Xph
z5tj!2QDW53JYTl&f<OtA-jp)JwcWI2zL4wZRE=MA4_8v~;<5#Jh-oz5fj^-otOHV5
zqR4E<lI{a4M<U?xw`=CgR^c=&P2uO>lbNh0%ND+zyFv?*155xGSC8i2D>W0q%D#-x
zejg^$Dj7T!N;Q`hax#=c>A0o`THosV8MI4tGT;`HIQ)iZg9t4IPQBnpNC$4Y7p|E+
zdtZZ)b{W**<W_Vc?f)iefIcbuV(CmT!kesuhlF{DJ8lI;H~Z+>;J|-{EgK;yRBT6H
z3;LEdm(`8F{zeu2q`a~qcg`m#?53hIH(80NDY!1(KRZ<mm$)h)UGT631a5($h0f9`
z+Vf+tni{7f7KtGhEaFz#^mr3#m#tJL&MpX;Xw!q!+`<nPa^Keb<K40~zFwku`1fv*
zU>F%5%GBaYCuCIswdM=n`kaV9rp2jvw!+qV@jP9TWT^fh?-xBQ?)|=D<W7ipU!*Vy
z`!U7=q0=nKE|So2`wLp}GLAEU-m3drt2Q3st^5w>_yO0}sANi280;^V)A`jZbo=-7
z00;R9%%Cc0ExXi^$(E4P#>~EEHD;F?m<WWhp0hkW5nnH0GDSED>h^C?5*!mdcUI*U
z%aOMon-L)`x>nm?%wdF|>qW&Al$v}RziohyuT3xk@7=-|ZMI^Hv<036oviwhQ`pp1
zq|s?SL`FQ%^xRuSiTD)|{!<<@$W%I=TFQ(Ij3)*}m-+tbT#`GT)uAhI!|gsqXA-Hh
zykez!FwjB;!GL{I{EJ?@5=1X}aU{Nz_6Gal{JSISjmC}u-8>LihZQTAKAg{>Y-S_%
ze1<$j$mf}0s;p<n+}euX^=E>oJFBm%z^g&rPCI@OlXUB9(}bweo_vh+r-W_eOzRc)
zbMapyPC^!{+mp2L7t?vsYdNB$J`T=b;g9^LF)h04+_!adr103#&OM6z3<Qji$>|Dy
z?G~T+fdRwpZgh6he8TNn_=2bMYR~)^&zo2mOpMb+GgjA?rm{E9<G(lST>8TSg*YD!
zfX;ER9edwg1Jj90c~i~Qz)f6w_lqhe@B`NlEp)XELI_FzrOz3$Xg#LXI*;-`)w%mj
zf`AL~t`fC<$q$1<utbGFXO`)tLw9s+4xoXr4CnHD3L?71a_&isD$z5Qa^}eP9Nfqw
zuj*H42C&~6Am1<K*v(`H)A(P)JU{ukL9eNM=dtSyl}zuHy?ZtjxVWsB<W?hRNP4ks
zFO}w^<%sv`auLi;K`_-Q``j?i$h3aLFy-zcq^7-k08h02(AXC)R@-tz`VUmTBr9-1
z#kMB^G?PkcqWG)-P7+D<KBM}o@7(z`#i(!R0^{>aNW*+x)ex|V6*St%qr2%;P$p;m
zLgeshdsmIUWYO3U>8KKdO@;C`d^wF6BDOvHmOokf2d6S+aO?>&{=GCm9Kz4er{(+5
z7o3RZGlT7{`kY&Q+XCArJKVGUqbW)`^3p@*Va}(6JYc&e_^Yzxcx7yC($!H7S&>r#
zR@_*ueCclxZL^%`@9fVUNZ@U#7X7H=oAKa~xRaG&-bCOKTHx~$&ZH`$9c0-An$-t>
zj<mAVjnXrm)cK8apup(S1aSF)Y2&TUX`$KbrQ}~(`@<quTbW^aL5Ea4R>ArOSB5&+
znJd9u2=$flOz;v??!3h&1bNd~8lPeAqOoYZAD919lLT~ina8NRR6Ik6L&^$HDZ~EU
z{h!f#61uTx_i$D2rE#}nAGd*=%B-J6rb-$h313Z}PWv%08Y%v!S?#gJW+2|^!hm?d
zeAxL&Veqsk0>;T801nhykuBcDxV90Z^UT>_!8q|{%OERb9sg;uscdl8xG3l(IZk>q
zj%f)Mjnc`!FyUIGG_WWBTdpLni3N{@mv0@F-Rp7L>1Pq2U9r$Re3c`vxY!XZk9F-B
z0lje+%kHJ!$KnIH#gh;MVC`qx=~%sB&5utnKdJ<%4hqJLeuo-^Q^kXIf^P~g3tf~r
z?2Z&(Vh21Dmih6irb^7!hdFgzD!hF<N71CG{P}?%o@wdbLXmHF1a2Gi1rn(+;cKG$
zS4^JE^7avxHEhuquddgGtSXHVjMyb<poe82-gUZuFRXCM)VP9}PBjQlV2wsml?j%=
zB|Kn&ANlCboh;xC5-feMD1iIdpi~CGhXGbWo`*v{a4_|wo!??QSzp=%7jO3>SN@lN
zAD6OURWXQJ-rF6~qMPG*{%vB1+^Xq7;-z6_6{yJ_tPeKkVa=K2soDWPEfPOr-_GjV
z6~VHvudu1ssv!umAw^aRZjAkd;-5TO|B2H}uVe=6_oS7$h}9bXn6SKcy?wErf6=Bm
z2c_Sx{N75^+gr{HMCSh=%b7n02qYI}kpTspEGnlfZ2P~PTREoR&*Jzo)KhFiGrV6a
zrBjL|x>P}{`vw11X^2HS8j=5AwENUH$?GY;XWc6)Zk6!<vUr>3y=O~Z{$ew+J!T)>
zVseP(9Ty1X3lYZ+DIu@MLrJI4@x~JyTj8T2YTv>=uYS9gGIrWB{8NM{1K9RLo4M?G
zb2{PlcWNlUK|3kyopVpSosAV^g+JSS?5d|BDtmaxOoW+um>}!%I82@r&3|;|x{^=B
znD(-F1#L5H)9OP7_u?)7GlqeJO6talxpx-zudfC%f!|OnW#I__k9E=n*C1{%S;ebm
zW!ZwD-wIL($Jp&;ToF7-@R15-wqhes7fPQ6Hw0R+w}Gs5<zGULHG&U@Q7wLb=DV(A
z6o|Ax9Hn2tj>wXa*|U<vJ(A^Ax%Qo9y{!?bTmLZ+!GElM<OnYi0&S%_`0}t#?@^s}
zz>+heWq&W@qxDf`Op35GS!PGtc;G|MB;rNBzbyzbjt~W4l{0t*aBpX24KU}Wo_n3o
z4zR}R=lFI~N;OhJSx;Ey3ON$%o*ZG(XKH`Fn$`WHg^ueCLh`q$)JC-=E-qRv56nb{
zk{wxAd^zzd1K(<y!{_37&a!L~(dYE^WIzW4Ul^s<g(V`=Hry=139`%<X^kwNZ`B-}
z-v_Y$i7v+oiYm)rxd>x~uPvKGRwV@t=S5Xauc`P$PUDB-Z<tsN{&yUS5mGiUrcTD=
z?3nP!U1`86in54AwD%}F_~#pQJz0?sWnG1ADCD^eD;~-{<1M2thk`^6NCv<CJd<x|
zXl!`y&KI|w7!OeF0X4{2gO9BgoN1IDn*^7Gc+*s0%s=#G*%e*<^17=59xzWTpo1_u
z<C1`<WQSAub<*SZ0&4Z$$);V;acy9b*>uJ;nrzUi>xAKP&jyQsk=I^{N&xI<qS;5~
z<?oFJY@uSavAjlBGLLYXDr-h(xvX>X?Aj+f+3PXxgrQ)I?suNrytxtEdsSN*&H>0h
za_7z>{beI(K%lA0(3yT8Jqy-5NHQZdn%dL~W9X6*(;$7J<y4U1JI*c3KK-M=#i2oV
z)99J_@71Nu54Cw9J|5{wqGs)yCSw60>AkX?Fi+&cfaE|&*jiNXw?SWzp*O`1HZc!A
z055C>`w4OEG^_jHKAbChbw4mzK4$ZF@WRKOoEw|QbG3!Na5DYRv%V3;fGZFg@)_cl
z6TB-E#!sk#j-r$tK>GnIx9^8}mes;PmkvuSggfu4{^8Bg^W7;mFK<6xYEDdCi1u*?
z_x%YgV09<rreo#BQT&W4(m9-GgR1;nd26fBFOq$=VIin!dA$Oc^w0UV>fwvlcA$g9
zfeT7@^9c|in-4DeC(UNn4194N+`}E*pfl73-%Ny&XsNI6tt&Fk=Q3v?7u$6OwV^uM
ztVO3z(*lPu^=~kVsjP;uATBN3%zV6F;=OY$A!HWlBsI*#&gi``t9BzQyliqa91?F^
z5oGd46*sZf**~wxJ-LY^nUIZX^V0*@L;Fli*O^x3lnQ#pMoU%P6PKrmYYm0V_Onqi
z0A5Z%{X{yUY{J>Evr|p9cT}i#+0OpQPw8pW%bo3V+a?7Ev9Ru>u0ALiOR}+2_13w>
zbow)uuGZyNn!9bsN9SZ6X7%fyZ!6wrg<WPAOfYuPPe4&Q+>}7lesjv)YV5l2-I{!Z
zYeT7{iK;h1d<bzTHxY%H8*w_H80|U%rP|Y3I3AR|#{Sb}<POcn+wdOf$3fOeM(d5c
zN!NnDcn*@)H9WElmy8+s?P1JeJ7%k}ljUHCUvg5#Q|oisiUHG~5>woV72g<v3*jgq
zx$9}46#i7R05wcQDQljh*uz0kpC&YaUUi)oh<*f2bf|za(wztbM7#jyJ9FEjr<h&B
za4;T-0XABeFYV`*-*WA5Gp%%+vn;pV<%6&fTM7(^sIBmTle3~;(p0#NzplK`zK3YR
z1`)SIalI8()dpN)a2gnL)quiFr9PT_XjGZ#41Kg6Q=Es#=L%kH2(-V{tTYlQ;JkJ`
zZ`%==fLd(HAe;1(fLGhAD{~jvBnSjjZTaYJ9oO-Zxay6}7q>aq9q9?Cz6nec;M}x;
z*I%1Dmzn@|YG?6q#HgDTP1`Df@bSm#FAokb8bS@BP~aT-E}pqTi1MIi99O+EI>3|}
z(33aXx@O%1p6l%T2LkLXU3J5)0iY*ULh-H(D>op{o|18Qmw7;4u|QJ^T^QN`-7_Zm
zujf9--B(>RROqDkkCaQ$_`42k{qd<Mk|ODX45A(Sj3Bh>&YflJGc$29%YpfZ7RF+4
zi%hVj=%&pFXYv-OYFs~Fnj2Y&&@k894qUoe<pwoBDiQCl3Gq`9wNfztfhmTTM;l#0
zD^Iv*D()|j4r%Q%2M=xuh&E3=+lqdQ25Fd<(txK5UwVczN}qb^UIe&syEG#ZA8Z^h
zq-!CTJ#82;p^n&AJI|BT4<rI!bem~!Q#;|M(1_A{wnYn$S32%C*6fbmz?Sw8)QwnM
zv(*vY%JqIytm_R+r}1}bK!g9t?|wycGKq2-Y~b9e%EEGqn_Gj3xxCpFAs7bd`JfRc
zYmwL&y;u*9s$oS4@b;PZI`s>xi46co`5Gp0^lNiEL1N)^*~k~_+|{lGpsnqa;{B@Z
zH)o!`_PhAxTB^CzK&PD7|7sm%SM)gKyye1y@n8DCMZ97xhCuaseJZE;zdb_o5YUxg
zP4}%BBiGh9eR|dXt|2pQmB)jdx^VFWJx1)N><u-o#DJe$T{?C^>grZb9=Q&8+K=l)
zz?b5*RFJq+hkfQKUG>$(*722JM_U5V?HV^3x|<zmx(*tAR#cC<tq0+!J$>K)1J$!$
zKeon>Ztjw>yteVRL~y!!2PV5g9fuypQDKU$yC>O7j)w2^W6iVUeiw&qj>9PyjQt`0
z(^|#`^&+C&Z$?V@@7c5^i~a+3RAf)6^!JR~yzbgkFi1C~$DJp!RjrJPJf>goXW^wc
zH9f4D6gE^R_M+Z6Jj#D*QWqk!SM_Tmbj@;~(AX!OG3eDtuPeLq92Cb$cKBU8rgpbG
z@TBj))IX3x@{)D!7^40I&;cp%v8epVeasK%=qz-4cTPBG%yML+Q3pLz<UCaUZ98X)
z9JoR4u7!qAiMmLcRME4uPa#4qCm~mPEA9r2I-m|QoBCjo*itOnsLiZ4kd#cM&Dt>L
z_&L55rmvGC6Vd7Uai)x%GFHK?{EqxKruPY&yn1J#COzM^6TE+hPp|*%D}t@J0KCxS
zcj^CmKNb`KL8BKRMNM#?K^G^pkhr%BIs^}dLGkbMt<CQR4mTak-wqSd#(Fl(8ZEH(
z`_hF3ZTkiL*AI^6M!Q9cV#W0I7f~e`9frp|0RJwbekKWSnTI9ry|w&Y^Q(ylAHqD5
z4Bt;7gG2`Exw|8=n0jz>+2(5^PTX)Ro3BKmlV%IJDk9%%bnXHuFTDqOH6`wY&9X7Q
ze}!Y%oC8eiz(P%@dAO&&)nT4*3(8P$cS@65B!GgoIMLb!wxe=A)&QfcH3$|BiHGhc
z#POI_{bK;*H7eQCs@mcAt$Mt3u~#uUjB^4%nI<1#>i+#xrG!{otsi_5-Ch1Id9rf>
z<z0-ALsw7W3PR@jJ32bTJ7M&ODP^XvWm{P!024h9&|lMw6L^VTah<Tc8+TrspKRgR
z#6%0UI(5(Dp$vcobbzObU%5vi%vKY)Z-2~T-xqOzs9UL}bG<{kd4U;iL#&l1{VmFn
zC*;vKi{f;A<4<f-%G1AMo_g4Ee((qp%aIp7O1HY-I3rd-Vv-1@+AF2~e7Ief!G}Wm
zxP*ftq6<vXZ`&mgDe2EuU(Q#7D6&HCD?re<IWna5+65+ih)jkhyvb3%<jfR-A179_
zrN?|Vz-(t`sGEZnNBTGvcd{lZRgx-`X_UrvX&!`~dzzsB;c{_3nJVcUp(NT*yW_L-
z{<?OZ4FtsLV3MrrN?v@-anCS07{5c8-M^nuyI+D;b?xE(Ry9E5pH}|aGxlhjX(iYB
z?tjxGte*oQs)<5<h&3x1aV{fjg6U^&D3kd*h`$T~HPs=~UMnh#B(7M)i6B`XnBTEn
z3j;(t1qx1ga*m><cf6DirPGwp@V`n9Fr(I=tmjsJ7S-WvHN7?Q`*q<|A<b~?#c90W
zv0ONCQ)Rows1wx$Ix^uQK#A%Ly^~8gl3YZ;Oa=f{6t#|#JC(c&fanE-iR(sMU>J0J
z#2M$gxMt3%ZfQJVNaapkfrU|7)k(-TTU|Xp;7a$$j_Ty-N{6fr5lm~=zm)p)`x_sS
z*}V=3<2%{iM>F?k!i|sqJ*2ujjw7e4M-v~W?b*dT&E-wq&|WmVhl(y6bsQQ>Ua8V?
z3(o(wU18f@!rL{5=nuS3sPE&S7Bl9$gSUQv;d)@795v&&m+8FM%YX<@Bh-Y6)T$6V
zfP#`|>zZs3HI5aIF>`QOJV<??<@UK=a0PNI0$eAn+hojALluek;lDL?(^FSts`r|d
zzwzyW58KN|?QXWoVbUJT?ue2np&jmA8SJgwrRElHG8Xd*qYFM)ZE7+#tB)2rJ?_Bk
zr@>+$YhM>=c0;D7^L=ilm<UP3669`$cJy{aGG&>hkAL>|4YWy>bWcBnx#yFWlHG0C
z#sc)oZpxiOf`q|Os_m{D+*zSIo*?2te{~$|9FVsN;O#?-)h@J%D;>_b%sov?E&)CB
z7D2+GL;pb8T*aW>Qq_3VQ`MSc@^U5Pi99{vi5-6DOV@p?g`72RH~R=(s83Jf5PI)l
zR+3SB4X!KyLtcy5Mm{-TnyGPS<KSC>>Bm<$0&q*#?mrg|feMObPEB{RBf7&l{Xbl4
z7^#aCL@7X(HC}&F&o)JQL)LK1Zya4qG_P@Ii$S-gn}^Os`HL$8@7<o9M^!*G6(N}>
z6UU9#!j$YgBUi>p2zVaitXYQ_lQGn`MW-aJG$Us1!7tT-%EsugE(2C<m;`PET|xnC
zM&}Q0p!4riz9P%cf|qs`qP6TX8=LQouF@CRBhKHH$#+I)Pq8nr$`Z`%?*;<_xZ1~~
zZ5kFkqG?Ky7o(dq9VTzclAqIeu`at5)A)6>nTPNOV5sLJqcpgFPS`NJLt$b{y-Ir*
zXF~oMA%oAj|Bc>nEzN335tr;krIRnPh8!m~A6>#1R7KG2b&8tiytgAxHBT$wJo9*V
zRj2N|DKYs@Gfn{D*;NL!IA+uaDa^oG#D+O*UAvg89nxAI=G9JfQ9$#{^y1v9XsA`%
z<)`9Q>yx@0=g-@!dT9G1;0NCVGyMBSf#>CT0LsKCHdDOHq>*x}wUs8yT?xKe;{gK$
z_VmR*pC34njl`)JjzstPshn>49F}Q(vv*bT*Opd+yU!EjkYyGzwa%9u!u3Q?iYhe!
zXcHY8a<VZr3!p=6N-6zC=uYtqXEN*Z$$Ba0YO8>1MuyI9()L6c?SEf~o7bcCSE%I+
zn^zPt@ieEgz%76A6alM)%Nvl@i&%6m&ZlET*?V&FlT%0t(bdF9i$1_)#3pRA`P-P#
zZ=??#nB`2Tng0X%KDW3mrQ0_A57dJ8yWCMUMN{tM-^6Z<)xD*Jd)g0;@+bb;;617F
zN9+pxTqN-h*479k48Q8mzRp*wBwPRTM=c9EoM61Ztp?|s#Mdrgx)x+PaU5p0XENY;
ziw%GN`ezn!e0@<DE};!xNFmHYx%D@5+X3g@h`;_qi|AX@Cx&%@x7{{ssTNJxtPdO?
zD?#=LaZ|QRl<nP$??-iFv8m6QQgq`*%UNU^v`<1L0u-SJ`Sduj(DKjmX372MoUA6c
z)+_+<Q*5f1zD#V;*^YbS*dvqwe21TGH~#>wi5=Wc;MTPmx}%&Bn7{=xWB(i+7n$x9
zYv(J5{S8PE6STzd{DsxiXSU(Zl9~SKQHj+xo5>$Hf9kn5;WT$qv_U%QIQE$?8OiR#
zsw@kBm3exNyWvGrm2WWdABaC>VDX^&BN?<mG!Jm7(yq6FMeTNaUGId)^40Y{J29eR
z#Eq~{g^QPan=Z!-3hkDErFc8`=}(V@zO2fU8C@&(@`Q-o!5v==wS_Iu8ApbcTg}uC
z%5i50AVuF<o3VaN?-|L-u400P>SX`m*@0nkA*E7R-K0_92OFvUIFBH1pCm!tnL*fm
z8D-UVP)N5@>C6?2vOaF}0PT>q!N#&;zh2z0x8Fye2V4S2z1CC%S#CDA3LOmHQ>K6k
z#6)XOeQ8`Ie!Fo0B2703^jPSnh~V;AM%+>${k3U)%I!#D_l+(=*CG5i6Lb=w_xf1=
z@JHwjEA0G85fUqIhR5;quxhED741+&>$na!7R(D7PvVQ7Bm8KC+8kcuN)pj*CE(|z
zzp7E=H6Pr|N@Ol?T^UFXlzGc33*x-S)0Su@V%7pjwJQd9B6mx3BxWH)!mMVpApaSg
z@)Bs^f{!x&V%Yrm!m>7B7WY|{BOS=0Uq0uf*T@h8I<yI<Ey4W-s3p5>E!X6qSQZKA
zAYI{%M%(v7JLLak>@C2eirTi(fgzPHhaN&YhY*l%lui{8DG8-PO1cpV2?1%zK|ll~
zr5gq5mIi6*#<K?B_xu0rT;FxBGr(rg+AHqoeq!&v_Fik@r7a(Bs|u73$8;tW*YEl?
zn~&uZ;9wP3pZGIP<%Q$9{ea(%$?nqnNfowBJ8!p|d+|wR@dIP}B*rr^xdsV3jcNH|
zK3?avUsyS~JzIj3eS!4FJRND5)wBwA+G6|2(_kgCtH6+XFAA}|7(9bJJyhJjOs8&p
zXsId_0b|9gSC`R!Mx%4#EZQNYF+TMk4u)|diMD$cy-BqiO6p(w^;PjNBWPI3PJcqM
zG1h8w`L!jAH)M*0-%em}up8L>rHjNWItqXXGQS8Zmk*4a0xl&Fz6-I3600+r=*)}@
z<=7xL&Z8U|-}$d9c0mj(CY~r*y`bS|(^cribQvqMv~bldaR1&%T=-NBZ7hS#g2c;v
zuuDA=PB(YuwP@vxt|-vSp^Ba|;EO3+D<aMJF-o^a6nne`0;iR@AFmCEZFbq(fGYx9
z1sZ2BP3UJ@m*}e^PmDuu<=O#B@Srf!vu8B`znK~Du%J+~DG_n!`OE`5$leb7QeyK_
zcZVP}G7M9>dqD01qzgtfM2EAxt0YUPX%p^l?{`bx(dI)mTMsQJoGjxyeLXMWevFBi
zqC<RS)KaNelxr@3Z%4Gu_E5A8B^k7GK2mf>L)wS^5w`o%USTHnXSD~n0yQ@E3KCeM
zNrGD#I+8!V0*rRbkY`L5CW3E=Ka*SOH|e%JeYOc-hPGb4$h2n8L@3{O9{@{)gcJ+>
z8R{NVR(Zawfuo`6r8fuP`lTBbjkd)WO#|od^g;4aup@&lwc=_n8ys<pweX13o<-a0
z`SWQuli29N?#uuA;_oY~E=RbRd-3)aJ=JA^p%m||kR1%Y)M)@Khn|l>XBCPcpxybw
zS@bM=-dYEnM2{NrF@*J-Bp<;z>x!enZ<{y0MNetKcr`QDkLY}p9Z%x8Zz*yUUNF(P
z429jbQp-v-6S-tx6q;pz(Y&c_cw#%N+yRzksD>`T1cUPhk6WJli0N3I)mxlX8NXdA
z6lJBvKG&|<l81U4i)c$jt3(^!MCth`$xbI=JuQ^xXG3-~H3LjwI>j2C`KZsL1Olmk
zJlQq<qWJ;g((3_%HfBbO2+skQ#17L>+3zJ2DUC{Df%nbw;49%vv_9;*5HQ#N$Dx2k
zdDQ|ieG0hDS(^Iv%#JDATbs*%v$7mo$Xdlm{0dibp$CR9C+`<*^_6{<DX9%DuG3o2
zvY9t&^C(|=+MP>SxwiAwJF&<YocUw=Gh({^CiLziq8P98k>E}ErD&Hie@rtO1DHer
zxE7a`ruJGIo=Q{c+7%JG1TPsqjWa5CW4&ZU`?yLSdl{DIrA-7wi{{X55Mb!{lsuek
zSV(y0PL}}bz`joi=HZNV>YpKwQyi|x4&8q6(A<&IbW{TjJI3!0a7x_XMa`n4>`#XV
zkNNKRmVt@Jxum<}egSO^WT~LMz|lff1kI^ywu9$&2cB2-;fay(7XIYg+^=_fZfN7H
zN6>F~(9q^d$7|7}_Tr<w%)p#KztWbS3HS33d+ut;+Mp2(a4qi_oPOiDr~Phk#?i;N
z=gc|yvY?>6(Ek9dlU9tzHMcW7FYNo(bQZ@fw(Y9@;n`vB)N1#gYViii%m*98yJz+&
zHzaiEd4>@4rg|6s^w*;@b6%*+tPh7g<PYw^iN=!;I)ik-T)gw6_*Xt|0e21@TckeX
zn2cT*u@KimyFfU-lUNsTJZ;(C)j_76y%fE6U7`d_QPdpfBFe)uCXYXEEs3uQ*+|nW
zh@(Z(x5j?o!xo{dEi9;hiKR6>RH^E1$n3V7xf1nkned4m-!Dk-V}ml=Y-V|{@rQTI
z6=#A1Jz<3_<p##h7F1A|4{VP`X~24mKesHIf`+O;s84+l%0{+n_*_tWfOV9gvr>PI
zP7!{fpmc8Vm^X}WRa*pmocv?{DZ#+^1K#JJ-<W84frjfpKH)Z6NTg(OqDUIQvwx-^
zE7-3tsnvY>qHwqYSG<&3J2`8^ET(MnMP2om>Pm&`XtHSj6WJ)euc~kY=WieCMjljn
zQz=Forkv}?o98ojV17}Y&4n^wy)f+Ka_8-19S+iKO=zuF|1L)LIY^wuS(H59eP(EE
z;uU%Pi@;nrXq8axHjdJFG5ROTvC4Df6}NEh5!l1!CuG6Wxn<p#UZhj0(>Xr9l24a}
z?!Rsh<Pd@f#-zPE&RL>ukEHa?)#jXk3wjt2nWD7OR=$c#=4bAI#V#wkAK5-DoVe^2
zG?vzv#wWh`G2|8d0NY%4(fLWsmX8h2ODm?BhWpxe#aBM;A&y|-Ta8Y2F=3IDEVHgw
zmo!(_q4&%rU@{uC$h6E;atVLSB~0%~483=J1x)wFmWEO#^`}q5jJ&QmTGSCA;a*h1
zU7^_34%bx-*&gutcLjg)T4)Ken@$G@G?gU3;X|I;tA^6*`!j2N2x_@@y)M8m8_K!p
zicTND<dBybK#d=}^&~X?MG=^5hX>{}c_-AQvpmU1NjjE$%${3}t5?kDMPajq=ON=q
z4&ekxFs*ISuh`+=h~DF=eeRYPopl}RSI-{c1sHAr3Ujh#GPdFE(yumeIoF$|Z?~SS
zNmq3yprj709Nr<2(8{iW`xh`37Pi3YmcE&|MK1E~eI6*^)XQKoU^<O??Pwbg%O#Hc
z3)v_L>sedH{w8;T7v;V-l|B;K<b5dEu6DqVsjhomfUR@laYUDhHcQ`M+p^Jkxb+En
z%dyp;RlBd{EQI5$M&S{-)_+TXY6u726FoE;*Oib3*o?=ShL+j{_N`gbmUV5ctr@z`
z!1@HI?sZk1WS3YeF;f`p3h3&nX$|TJaRd9}@%c|2f787ToZsNRjDa=fp8B|c2^&h~
zv-mx-P$^2$4hA!v?(Q9%4`Jqk>>FKRyxPaHSb_}^!7<~mxF8w0FdEbFR8(R&7;Ocm
zt_%WK5qQ{r79=7<tk|$MroF79i^(i33hG*#^I>=VF52_R*l0d4om&LOWBxQUOmL_&
zLWWIQ@^A$Y%)u8=yB@B0H=g;~U{vXF8r{{pG>wardI}hb99Xa_dMJ1qYDD#Fw%28N
zd?>q*p=F7#vRx(qH(?`NzGuXY3m6dC2#c~4vi})MkS>b7uICi(MdhqK_;p3(x@y8X
z)zBa6zLFa9M)_AHJLySyK`l8V>ee%ku4wSOR8ipDSuFf}*=z8%y!#{PsnQ~cqV(Q*
zkIO&TjPN8)VgB0kTngB+{#;%&VxRPD3SnFqH>gxprt@bmEPIGs1tR!e@)c8Am6di*
z<bhCuTF)7UAnh$~mUcN<pU>(`XN^<+EpzOQ!x3rhv&Fn9$6wb~Z7kEZb7b#6*PMl+
zXOMCpW|=by&S#~*3k_*LT+PscL7oS-bcz%p!KFJykjcD6`Od-iuC!L#0eEjkAYk|#
zKi@4Sk@bg_d@VhB%e)fnrHf?v3~*>r2Ol$J`xwj<6fK>Fu2bs6erYAuAAry5-|P};
z(_19k^$jey`P(CFiPi>!H6JLT8XGHv{U@&*O8Y}FZmtNtWy0c{BAJkm#UHP1#7R8P
zRHgW%GL6Pt6Qj2KIzPSP<;8?3@|_U}A7vNq50|>NH{7mo%vZmz$IQOP0bTF6Y`MQ-
z%qHdUWFw#0jD1ma6YHYFd#C1k)fH{{<el=CloNWI)#>ylXVkb`@c_~HCsvY=F3O`b
zO-d{t4cvYEGfwi)Mc>teq1e;Sud9;NzxE{_v<HPRi__`V2kkzYHpg)~sSorr;4gT}
zeB8%uA^1{?=!F+$PO2aYKS3JS5nX7*k@sYJ=?`N<x0$v^Z{2+U6Nu#MCoYCN;HDBM
zKUOE&oqp(3PaLx7C0$$O+iCBYT@nX6Ung>4{Rcxyuuxsn0c{_Sp}SwmwLjfq4!rMP
z1fiysUQt(29?Nj*O|MtiUCR@do~^k$Ix~!JJo@nVO;o9n^h`;hUe}5`>vOWT=-_jm
z-naxxiRO=CmM>p_1IyXv<2eg=QLY7wNJy;XTut+;l{_df{rQd0QS`E?w<KxcJ0Wy~
zW0<k^^W2v5u5!x0(&t@u(;9TK=*qau!T9brDjq2M3OF(GcZkr(ftk#@^P&j(%f}&+
zM810o8MoHRb{I%^5=BK`25m~O7<ti+{BGvbJ=gRv{!$BT?zn^Y={Eky7@ci78XA8z
z8u0RtKXNu+!dmy>QSAlNv2urjQT4K)&kIdHI@dJZ$W?IN(0T?;|0ZUY&@bM}1kD+)
zAqqp_XR9#fiQw|5p>4+N2><eT8ISJ#h}Urpx$U;8(ERG|?P&0rQF8}N5BD(Z)3;YK
z&+yp@5U;>Y6GU@-Qopou)?n)oE*{|*;Af0{x_HEgEpo+9(6&XLoiooO%-7`<ADyss
z4}YSEuJXfU$o1WmJc|LQ&986#qqAbcLdQZF#DN;$?;kT}AO^R^qrZu1@86-Z%UNVJ
z+Udk1G#^S21kwJ0Yyq}bcPtqiwYDPV;VPM6WKK=b`E2`IcLf&v>@qY-+QZT5YGG5B
ztz~}M<uGSnuEJb^Af<)ulQ6nhz9)8-s^UWDJ$JGY;j%&rv|J1Y#UcK<NNY{WT{&$Q
zYz*@ZiS>7wMzOd$>nc%i;~ke>B@`s?VXVh`jRZhw=={<#aHbtab=ugnurh+pGe+MO
zTeH8C9JNX=eP46UF=vUFqVrBl3k(IfHQ?+z%)L|IG5M4-Px$?t6=Qhw?5|4x{xO*8
zba@HBl|qnqu!!+{97zMMZpP0gWz2!5=0!Y{*fZ}dG_`rQb%x`VXV|V8E|E6o@GuOQ
z8Fw-+>?^Ztrm;9VJ`o8U4{ed|!yM%(zXq8Ea8H@US9*^ieH{;rKbBx{>I02M;C<o_
zi8E$i$;QLwsa&VAfJXr%cKFrIZjvM7XbH;S>LTCYu7|R&>$GP)g*xZzNO$K1<C52{
z#YHy4AOw=8TAvhDWL={5bG6d21};V`Re$A9;z2AiNV}>yE^C*+nD6H!W2HNFM>eor
zGQ3v<hyzy2dhfN*D&?X1FXQ)&OLQm`kHo{yl>UHK6BO^TI?r2x$<`;CD485e)M}hz
zmR|F^7KC+*Lw-z3(s#g;d9q~r2xSTCp=2|TB}efSaz=6}w9HAp+ZBEd#`!(d+&14o
z7R<YK+1GjBYk1OGxLPvf@aKalw+<*xSsh|lU@DV(-t^)SjJ_%l+J4wVt=vLeSo7(T
zL2sZpU1P#x{VBZ%-RM(39e-!S617e=8iHRV?VR?|vL!XSP?(4WQuCpsBK7!K4%D3%
z=0;cPAG;>*=+wRCn~=#aN<%k4yu=CTuhtqK3)QM$?OYnHr-Fn>S=GfqNIMjd)Yd2f
ztI<;QrqM0>lgF-cwjAcs-(w1eW_rnuGX-5ukq5l4#^2nOz7-r4a2ll1HBz=;xIDj1
z!Y6jF6BLUkveslSeLGMTTXM1Dh?{O&&v<U5RB1NR>sshF3BkN%PMU7C^rZk;KP5Tv
z`b73acaz*od`Pm-*!j4cgB$+Vvto3@Z_MQiPEaKdTr<-HcJls#eB<9+_JU(Jc3s@K
z;$=f`H4ozkf1v5qkSM916y8c)cJ@ox9Xk4L{~mAV(9#~KME|YD3gsi>xX9dYo08tV
zKCAL|S#)(Jm|(`^141)wRh^dO`C(!fIU-s|Z=KGS%>!QBXD>lNd*%~ptjCgs0y?Ys
zpBl-WIQ5R^We}T2ISfn3uU!|L)A;hCUvR)o+3PhHjy8m}o?Y;tu%Mv8Z#Ix*bn(w;
z-xTCMXsjGc9`}1gGskk^L14yOqNsZ{5<W%JlPzmMhyAB6_tqc!t6-S_3W$Q14&mf!
z)X7MN2r7j!(-5!!N_+KXTPiyj-A-F(Hk2+Q#cf4n#4NNIz62gj5U5jXV1w(G+JFJ0
zp-`h(kJSvmwP->wwKqMT;QgAuxb%jyJYJm+d3T0cI%Nq3sUNbn&tz!V{lC@u>RzT<
z3HE=4FMCsII(y8YYce#W<1jBZRq2_poXphDkA57Mz}K5_?qbTw@uz|Lv*jacKdyCE
zk)a*jGgq13%Zc0;y`7YstWn{lFBK$lpg;!s3o*$P_gOm3iG&=P;69#~%Zp%&(3?U3
zF*C0FF>5=Ot&}R0RD$g_TbiGadSoOgNf+IlqavJEr%eSiJZx!OdGH^ykM+|@di``z
zfuDe;0=ljNCtrRJUZM7mWXnlm=05S8SB&cdFKLC|J5?G>Z3xPI!j`2P{j^Hmz^-3l
zIFC$IGL$f!C;#hEDNCsA7cPrp^XxKG@08Mf0S!(Srv2|-C1eK1yumAFwc^GyyBgmV
z2y*dgBH54vhSYR4aUC;pp$xacJk+nW0`><LJgcq+hO+<Ak{K~{Sz>4tsIZn==e%Qh
zJ4L0g=uw0owM45xre7GU+Q3RboBtVWQiZ-lft=TryEEoU>)z`n!5Ub6bbcfUzI;qP
zT!LS_8XKA~lM|WqXdXLh#*bVv_$&-1vAmz>(Ni106(s!=wtNOJ<y=3HNMG!<HgIZ)
z#E_19LWwKB%a}jVTdAdrlYo^TgtwTa2)CefQXrcMMTVxU92WI*gmGkn(pfkUiBhoB
zZuu_l1AU<Jt=apqzw6B7uXF=7$p$A-77+23%+XrsB;(IKC?-819?Mrh1n;~Ji!4dl
ze4~zDN(Eux&(j+%)$j82^J^Z_oJcvdht1Ani<u)VK5RM32n1R(o>Pz(FT%WvOdH+g
z?72^2bL-y3paPs6TZjc~@F*t|Ehv8VX!p_iRV8Ag`>D`fPwbkUNL43<AZ~8z;E)m*
zQkio5$=GEl=wME<h&xE!QhJcz%+=u3L8j?X8m|@~_S#DeEQ}gVP-V}be6||N5u3tv
z_5FlKM>qXY>&ZvPk=Mmgb#Vr!Qns8>jJ^0u7y0h&$NnvXTGF8zdI4MP5#Qw`6SSmn
zHMvW4@TfnDWFuyZYMneEMq{CEKZvf>l5T&R<*m~-GvLLRi(a6$E3fL#E1`~0rbEof
zYVJ+PPCecTB*p#7PU~aa=kJU&(3i@VP0~qVI^z}OZ_5*p=LMvdTY*YFh$+<e0*sl5
z&C(lbruAxG%~+9Xsp2xOl4xjY#9x_QVgpcaRKcqPn`23uPzx;uxTp!a40&GrJ&NCq
ziQ$;<qsB7c2u3l@Ebq_^D%`Dgm{)Abvg;Quqz~lp1kG4m@LlcS2NT|VMpP(}wKHA~
zZ`mqGn1-$bhd{_QixVUqUlRfzA*1vSOw~p@)4OH09c0?DWH92U;L4OX0H~c`j7t5>
zvvWYHe7W-@x`ZeQ4ITgj9hcZZXk?B>vIlTP4d2!3qAkn`h^;5HoC5b)27Cm#Ig!e+
zzRVim#K)dd@l%oPZ?cY76s>`4|DDu)2*n_SU_o#o5C{WAa7T0A6AJ<v!G}P|K#HTI
zE3ciUg^ek%jh(5Lr67-`-Sen1&zIy1G}wPcDGIS=2Rq-q8`uB+qT~T#Ir>T@8;$~z
zG8xBvh1-hL7&zSG7*!+<CHs|~;rDL&g-2i$Gt38&b2?k+nN=0$VcngWFS*!0Pe(Y^
zPm`F%Ydp7lRXX>bw~RA{=#5SOn&;c?3<H)BSl3#9ro`@anZ)jChwO}B`vIf*n=%U7
zNM5hoPWTu1+m)PxKKtd%+~$v5nm!eIk`U?4ukrm3F~6Q}go2S}V@-M<QI9LjT`j4L
z@1~2c8y}JfzG80{OnTkLu5v07cquWZ6W)_H|MI?~7E8L-nvmZcij>3<80?XQF!{u_
z=vR}RE#gP_PT#{EI`Jy_jjT_!WR6PLQUq$lZ_})Z(k-PBm`cP9n2Vi{)OS`eI5B_1
zQOOqQaoHuaW8mKlt2b&cAwkDgpo!;Wn`hNn2p`|M{(ZGVcRcl)n|8&)Vrt>5mx}e#
zyY)-|8V4)oZy)|xNhj4%ypLS(Ca;KPec*G3);3vC*f+VIC8C}-D^F#!6K?f9<Hux*
zz~2lBG0{d^1}Bqop<|u&Z<(;SSsxoR&656p5j@*x_a2Eb-oZAjt~cIttB$}rPbDb#
zP2N^Iy)L{c5?S3TfR41EGkmT7<HLDT^~H~~t18^*<=l^x`iZjWtIe5G@6;CYL1FuN
z0Ufn>{J$)@_U-yr<4NLwQ*q?JTz}>-4!yEKsK?)t?NgOrUZUquWf|rgyYs~dcdktK
zO9SE63R8E2({kUFsC;(84@V&{o75y}G<OW)oUiko`7d}o-hR2Iv*JwF2kRW<qvGNu
zw#*dt<kYsrB_CEEJBYhm5yv^qXOwRyuJ&>A6K||mX&ia%vLVdz%~nKhlzZsN?9Ksc
z#``Z;<MQs46^2$W&-waJ@>(gP{d6*-$1UhzCa`;ict4_FJVnYaHXbpMqANZN;%a6|
zX%pgU)u(JxKTqDET%${g9<aosI^FT730D+lYZfiS+VSM|ku^5&UnY#H<o`h9+u7ML
zzWSzTf$^?W`bG#zVjv<h+F4JU)S7PdA)nlAkeMFnd!wKn`EZ>mB*Id>N4tBPm8KDI
zjk8JlQX`<R{&$<FK+$GKr=tdWfP@`i)96fJ7+1x1MrRR1Rr9W3TqK|RidkjvBHd7I
zu{M8fe}UvD)^cN{xWCoyRgz?#cT4fQm~#eSz!NL;?vJLQVobfqCF~Y56elGldd1IL
zGluDp)9lS^Rq(rtkwlxLD;`=aOP+3&mc#Hdfj^Ov&zMdsRgSt04|%?Id8JeN&%UnC
z^l8+EI{9DSKN2e%&?9`EPZO<|Cg;o(QEek3(cvCb_^WW$r)0T-bM&sRzn(4Ijy{u9
zS>3G{BOc=I6~$WdTE+Pbm~K$v!jze5u7>Q@X9By&w0gas4juYckm(USUG+pGD@^mp
zEj9Y{HW`yos-j%DJ8Y|9?t5GMUrY*=e2USLqe~vrB^~A)xH~6cZih6_6yag@ue(}=
zi|_+v%BGOZ_H&^-Y8#53z7og$CmSP=UTS@;n;q7q?O$u!mRRZTf1QzY*M97qW~mO*
z@Oq8mou3$~UFRe-*}E-9#z87|6b719N2bQ>wwL`PF-2#B5uu+mT8_yMM^(D#8|2(h
zUT2iHoz2K)bgzYPeP1In4xOwEX3-{o;L4M~$+g3PZ|=rXnoHCB?3>iIjw{`}BOH!=
zlCi#tr!6OmTX)R=!n!&fX*Y*KJv_@NdhI(!Z!h@PT!Q~rP)xWy85-=8k$uo@VBac=
z*0fIlx@jW`f{lA$Ho89D*LiNOCdRd*{vo~V$#2E#00Qlb>t4G-HTxIcujUr~<-Dl7
zUb>wOcU7j_eK^A2VKH8_|5-o#-ZkhV?Yh&rz_92o4f7|0h|{r<cAxvQjEyF86j(FZ
z>mz0mOHGy)5e>$Hh$Uw$?ovm(wa3`pNBB-0KA7s{U0iLJ{m#)b3?Fh5)Qes=`CkpV
zQS4>d7idSGl6dmXB&~kvSe~mWwhXJ)+s<(M;$ULe^f*RCozSN~_1Jp;zDIt#AJ)Nd
zhzl}w<*~)DqspfaF*y!lLOYwZIeh9zKfXCXJpC|P$vP(Ft^A3)dUGt(VpjAi*=`l}
ziy6@j;t(gKN5{ja%UzEPPu4}+IqqMIowj5M^^fIkMT<wj&i?MDx~Vl7kEbsQA@o1S
zI#Io)4ZP40{~(d3ur_h@V>j6Inh*l{`xmT84Ng_Jz)1=9VSr%mr{;KngFsM!|I4XL
zh{x8^>hHwg1qe*R!{#{zqN2iabCUa49@Mx6A(nSDf8hy1gJ6I}agekC4X}1~brj>}
zwRhn$wQw-A<S}=!<Ml9g<mKn#<AsPzc{rMyzp!+Ln^{`f*h?_();BT2Z7d`h4TRMA
z)Ewn3t!<ROoGo>{)OF3hUYLtoFiJ_n#XZD4>>TYZT}|O0b}#K+#5^PzZz>l9`>14I
zM)*w@*B26uGN@MJkJL2bat_Xxa3LOHZgYM?1pJ;T55F*<C_<16j^N|J$IEw*mtTOJ
zk6(;WSWG|^{+|ycXwBK;xtO-R;(yu#-y|6SBb2+lJCC~nkAt%nFTbd$C@&v^7lGgg
zIk;Us?Ojbhxb0n-{#%2*rHi?<jialLgFPHoqp6vLo2vvPK>AMvJ4ZFO|Ec(YWy{VE
zCD%=E7gue|{{!QH&F!M=>1fHTZRz6R=4@^WvNQd+FyQY0yCGCYfJRKi*#;=Z^rgIm
zxtpD(y{n461f!6wf}EhNjIfA|sIaK4po}QLkf@N{JvqU90s=DfvO@nY`+t`KweeWk
zScnM-3d+g~$Os|?`4sv26+~qP_=IHz<puafL}lgq73BY0R>j`M)zseH64f56tj+%^
zEAanWR!q*>($v+#S=Yhg<$pD=Y3<<Z;9~9I2$z#XX<7u%W?*A);o$DVj#AA(N#!k_
zZC+VgC^~}`NN>0mv-w{zm<sX<iwHfp;5HQ$L2x5P1%<fHECkKD?}_kRh>DsDiJ0C4
z^8YJu@qcml&o)5{ki+r6aK!GJ@tIqQm|Jp-@SBTr3-JjGbDNn7@N?f2;^(&%MF@!8
zdv3<a3n22M%;o<wpZ_KSn?&vYk28QT|Km=U_P~dnfwTPGhA96Z3IurgAR@9VY8WU7
zg+K^t(4Ih`)OVF=&>;|X@N;wQ?#(fx%LV#~?&=;7UO_WK>__gKe|I1RH_imHXa+gZ
z{!T-JAy^m~7?>DXn3!0&Sm5tA4i*;9ZM<8zZiBgNi12PcL|_mV5g`E{DJdBlDJcy#
zH8l<W|9sG}v9a;-@L@zmFe-9la;pD1@c(z`Z!?4#2b~6;28u=uK_^Co5~KZXhZF#D
zplIN8Bg)MN4IPSsiG_`WN=1GC-$#fbXc%bd7*I@1Y;;U06ca=-Vo-#EgkOdfQ_Gam
zDF8u+6_;Hu%hWQcZ6-jD{Z40L&smQ7Pawq?!8<vvLqT_mZ|X%yM@NH#DlkDCXvF9Y
zP<|2_3{U~76Ino9HUjg{pltcVo;JA|^WP~59uy6rh7v=hAQ!%)NAx0Jk@!VfQ>o9U
zQt^ulh4V}Ci?Uy;sZ#3=W3~VMnjcmr$X%2*kxJ1HzK>wtS`UV|#LHBnRiRHJtrZDU
z@guVBbg6Z8ZkySJR0%elm4d=pBRC!C6Q#*`I;z}7g@&5cI<ixxAyq_QvkW!4BR42U
zZreg_F{?Dc=7*FE@qNt>sRA{~@~aU~c_Q%(lR>6J{Gxn{k>Oif;<4O?L8!b@TDNU6
z%mR{szd==ml(6qu7_YHYlPMRZCe?kZ#s?sCM*#@{R3HiX{Rg<EN|0Lb=U0{>Giza%
z<cLVyXH%ug7@#qBkP(I5Ko(>j83E$nwzU?{Pd3z%sS>(vn{B5Cz8j)|18yir_@aP_
zw%M@!V6)VaDor~zzOVWDOkhVE2&JP+4bWj$8Ka7js-naVN7aMQ2eK6xDzaxy1;AL6
z71@hIs^zsUHB<1suHLkiIie8c6UW?jl|X`~WUBRCsX^(R3Q&iDG61F2pd!FjGJp@@
z0megs$mBpXsQQ9z>uy8^5{6U>VU4;1U7_Iqv@?)@m5-8+UrnY8;}ycjzXN>=sDg=1
zl^eMZ@&bW?<fe88I#?q>bd>VAksDC5QB)1#Km`%mFqR-&7UIZkJGtAow#1R_Fl0y-
zTD3fA8bI*cBmLnaw2eY{0}-_Wz)*w*0qvsX0e}DyHJlC<FT(jKHKJANau-sJV2#R7
z`A>xsN5bS8pYiLqPNfFfS}U>x(s2`UI`F7(>_(B}H{hQiC4%fksws@~Mkg>sExsE-
zrm$j^iJ+>^0b-~!kpW;g!VlxdHk+kVjJg4_fV#jzfRQ_*P*yCz=p~>-u&Zq9PQW&I
zA>EB3LIGUVPaSdKjR632Ri&1NsfOd}p(+RJl{PC4-yQ{q1W@x!1C;~4Xu`k-t%~%v
zEliOk8Bep7UtV4Ttx6D!jRFXl3hW5jeiq8?g>X6qm2B%wU#fw0d?XMG9LXn+WPy^)
zPK5%~0+vJ^v0R!gT!@kb#ShrvgMY(-I$%vG(O?I_9_!4<?VjR$I|A!N{mNmD@S*Ha
zI7>J?$QCBd0{8&R#OVMk#c2_wM!6C4CT);5ay`h*7T7!NpM@LW<hxN9%Igh*i~O@S
z0Ievb${1h*)&_Flm<3QbP|?k{^oG#?n059Iv*1uNs2~d179RkU1KisTCd^@q(h>_k
zkO}-pfs=SO3S9PUevpmyf6$}Ch+qq_?xK8rU|W!GEEKs}!o>gr9(SQBY$IG4i6xza
z$0BVfe<M!e4Y^Pfl!<@MQsmeG!O9NA8vq|*7``!O+Zz^9VgS^kP%>hEKq`uGTNI-$
zDA@pTpbOwRrU+Y#QCA?rGyWTY*8}znj2#MW32BPjwF$B%eA3r?Ja55=fEjAGR1p#R
zTL9h>Xt4kku!MXNsqj(k+MxXM0kC^eGjK~#8l@x@k1U`$6arLE0IL$z%!X3$ZCeO%
z%5apIgK)~P_s|v~1OWJM+6G1Q8O=(8{(gQ<0P+Qc(25E_|IxsWiI@Te#h}u{n^sZs
z0R0N1{9**igpXX0dDPcd_KK7xnNqO1Cm#!CUCESqc%k@(&n$oe;l=@}C{es4V5&s{
zv8@&;%Qw_){cjNcM=DARJXHL%Hq^rcuu;JR)Q^fs|47G;Z2=JlL_**(m{sUg0d{)e
z3;=>25DlaQf#ry&kk9y~zamj$qnIa-{0~L{m;qV@#(qOrK7c>CDO^T6W2lMeZ-JXA
zQw8a{acsa16cq)aELj#m5jMfS>jAON-K20JL9%KnmK>DP6p>|t8;ci8%7`Ku3Rexd
zQB;bt?7srZsu4F*vgo#2@I?U!A>}YdFxW|>j2HOVKd%Mt14{x}f>4s8Kmp^i36`}9
zh~rBUQoM0kQid4)zV2gG8^HatRQ;z4QCkbpq`!qU3X>+nS~V351hk(BI0{oCIPi~e
zV9p4Jf4I;s&~So#gMk84G*ckmq>Q8t!M#8hQXmON?*^81xO6yx3L?O0>r}RXh$;*4
z4@%%0A%JBNKY@7y8a2Ub7o0V{@}C+Mf?9w!G5)(rA-dU5fq+IZ&_S|10D^)QFAY)x
zfDxmP-!KQGM7NN&L}5p<mWUh6BF{*~qRS$k0+Ge&DGKg3B|@4aYy#p9fEcKP*+c;d
zYf5wmbOynH)yT8R(dE5QSqI<HVo|D##Y6G`PxOBY;1C1wAlx`PxGEB~%aW{``pjaa
z6{x4~rgB+8p>hB^aJNDfj5u5X1i%0=WibF^Qn)gphZqMCjBcsQBHwBOWeApqJqYf#
zrW9;t&;g;p8&DTC^5x)uux0=vOB!SZRRR+sWyJbN%nd~;n#rgm0OEg?2KK^*A2#PC
z^>~oG@kLqAgWv#D&}BwPBSL8gMG6Lz1TFTitPB}WFe*1tC{ES`z$+h!Q1UF&C{EZB
z3>=u)g+{ckXedRXn$o+m39R9Hf3rwce=~o6rf|?K4$w7YC@6)1$Y-GaRCEq8-HP?!
zi-Ydzx(N6dp1a>NMBEQy^lQO&yL&9>WGs4k;>&br`uk<AyI)*mYJ}~IPuH0(KmBzD
z`H*kfOTWw{>ZYEW531##zvoOnn8t8BmIsTJfEn2R1ph(=ot>q6zO6pdQI{|}BuTmG
z-IOxO+*tEDiunuqaHaN)c~zb1jH6U?hoI!p<&tZs+~kPYx27uPEG!&d0IYMeZdtpz
zb{h4o?8qv~#3j}nu`GIBs+(!z)hHEn&U)RbXFOXc9dW`y^n<0bhtP#{pmeV5isV8x
zGr5Bv8A8HOJIx%_UtvwRmV9}~;rPnrn!oL;i*$dGeqY~>czyUoitvJ{>chW~V&}{)
zy939+5TEa-V@SX6v}1)ay1TK9Tp`|uQ^GwO0PS_yU&znQ4sXBgzmV=ne%cNljl>;0
zi9tN!ywoq~Q>#~{1Px-2o3zgxF82?8o3=HqVj_?FI*)>JiQvjWi-pPoK!wtgI9Uor
zu{b1f=|o*k91NT+l+EGBGHdHHgSVBdH!qS8Kbv3X>#%CL%5F+M@niR?KDBy3?lTcP
zF(U6Wq_h_cxOEuV&s^C&RrZS&V1hPL#7hyg6V~fVO=~Rwg$O|}6LI_uNSIG$Th}Ip
z6a6Nq{|sCtbNz*|npdyS$9f)dP5*^#>-#2NYn*6B`z_C`D<AIJKx3&_eHYQkFW4_D
zt~bxwGtZd5QC8aKLn?5UwwGA-eKXnpo)=YI1{^WhJXVm4Ih?8fTr6c6vyr*Bc}{l^
z<Tj`;=5VeYMDjblwjeDVS-Ya}?f47Pb@uD_(=nvTN!G<VZKvK%;W#*NtUb`axM(8&
z-hCdki5K2*@SW-ME6iuqzfQvh=?nYj&AakFL&>$<!*He~7NbFaRqle;?Rs*rFT>4`
zv;2OS_x65pxywEijFyQ#-XwXF6;r)-tt^GYr}nh!%U?*TZ+T_tz+1xzxS~*uBZQ<}
z%5YQ)f6o2OwNX@4p=4oAoRwo=vef$`wwS}Z-GSn9DdMg&EB6B>i(Nk*Q}<iWdj;|C
z>Kc~X0tu|7dy3LYBdql?dTTs#qdxDp#>YOL4}VcwxTAb}YdR(^{PyBsNMvIvFx=T^
zRj}tzvHBnvIn1Aq{B&NV`;GgI@%tu8C>(N&67n$f#1C^y7}B}a`uH4KFyC8ty<3(a
zuHQ~z+8#6YEu(4dXgq#$XGgT^FXWvsvb05XO<iwq`fJgPRUG5pbtkK~;H%Q=73A)|
z`^eWY<hnNW#Zbw&>vsmC=i(YkyW2;;L}i;XpSU9uDz>ArvKNeS>DTqIt4n<;yz85i
zysxu%YrimFug9@Lgj)r~HW&A9{e{G2_%ch5T|a(`xc@0GBbWGf%Ubs0d%sH(uD73w
zh-SEGLY&ZV-$`9ZT7HVapct+3DOQaoFBit9PlEePjvSmyjnbrT(LDL(_=Y}|n0J@G
ztE?31zO|OJ($#w&!_tf;<b?ceM2X+EHUG`X_fw|O^6qh66T$0?{MT#e?<plq`gV-h
z3R3oHc<al4==hAy_-GHu9($A=e2;P)MSkTL2;-RcSL4Fpa)ru!d$MtL{%9g)OiO!c
zsji?+n*ZC{oS`{HY}E~M$+gi}v2uR<cP7&Gh~6UFG)#jh#npuqI>Zg39lU;wer<GT
zP3pzqHP6A`sn72CiC=vBW&P&&9U>eOj6&sLf9Ze0HHTOY7lI_g2w;5204HL`g#?h{
zY64#+M0@V)p(r4A;ZN^qqUg2RGhUUnm4fT#Ce<q9J!4zv()QlCD7LQkI6amQ^hTUM
z-#$})fNX{i*7x+Bd^#&$q?^v|tjnT4_|erA`9VtPQ&YHiu*}9oCm(Z&^oeas6Bd|~
z{zs_V=Uds`{`(ht?W3O)-k{?h9zA&7<n`liYdx1ghJ>Lj&Bq-yR?KzP{f+2~)AU0-
zDd&;Jf?u+sYA(^S2ub0G8VyCBpVQ$kj2bz7;m^e%NyQrc_DOv3{aNRa@rV1{==|8f
zZZ-PRQSP1XCpcUG!t`i!kvwZ?vi-4o{lcZFk#W-fe%4?q5ech_GS!8?R0nUL$x6li
zwTp0%;HudS&Y)D+catVPMSTlo+3Ql~x6;g+?&PH+(|@{r!O0<|_M|h*5@7|uP+D>O
zeRQ5*<1O)?X5*kf#F?awvHM}T4bitd<3G-#Nhe26^SEXr`h0R9$v7)RGHq@R7-i!6
zB+YR@I-{){QdhOqq!D|4bzW-hGIF}VK44^$w6Xu0Ahv12nH6E)7h3LI`&8_j*2?Ib
zlM7KKAXy_`B_Q_Bch#6zC}QL(LWVxcC>-bzObag*Q|xEqYfc9j^_Qehi+LgDW2aH6
z<KR;G8VkXcCjVjgNk;0x)7^#C{<U`+`LfV>dBPUgjO30J*PN}Hdfd5}F%{CkR%$m_
zeQ9<piqEtdSC&;{5N?K1y3DSFx`irjD(SPjc^gnY95Z=^o(nCjR>Wt4l+Zs0lvU7|
zXiGJm5nj@B6n1%+!;}}&ym4>rprMWJt*+ZXLPvhS=YEX($D673IQN!R?U9|=Z2MB*
zg^a+0vn5?${9Kv}j_)7M##CG}Tq|xhX~jj&-JO~2zxxG4^<Z7&;6kJ<<U*=ou6STT
zs&5ONY!0^e_MVn_(tQqKBtb(5<}CjJBLJ=(tcT7(#!tq__zojn8640>*)&`kgI+B0
zXBvjEG$Cw<_qeQx#nVG_s5PdyIRO9pYd0<-=Z)DW)`&mIS3B<U(OUj9D#z&*xzC3p
zs8h9P*AIi*Nf#4Tm0X|7{~6a8D=H2<*J3^l_CJo*J-953Sun1J<+D0QDP~pt{xxcm
zS035FFg?-!=$;E^+ePoX$a?=t&$#jPk}c+rMH40MqZKPjqVDdlPJ$OMi}W#Z1}R=*
z6$u=To~e2k3_4#w;c#E)Zut26s`$>~>&>?^<P|$Ygo_i8?}-RRP%Vs@7tO<BeKvfK
z7q1*Qa*EzoL{L|;#$bwVTvI44k<!TT+>Z{0V=t_hpOpBR^E!R4Td1jYy{z+eHkQyH
zlSnu3H%Z{CtAz-+=`$(pu0_S%G2V9l_%mHIVKaEy3^y*EImxJ@%LEn?Eya<29b2`M
zi33~u3#lSJ40)X|Yb!M!b1v&?g84P(c;PxWL#KH<T57xPia|UDr}JNu2F8eAHT_}m
zzK1+WS-Orbi*IES1WBJ+6aGZJmD=vwx^<?30~_rnzCdr(X~iP<!|-h`9qA4T@oS+t
z#&jd%D?3%1Ak`w(GZI$#7GV5oSt(EB!s#zWSuI~?=;Kw*Uq~*?FryaoroH?jl}kar
zr+oh)et6-mq(t?JL~d!s=X1=C(RuZm>#D}W%=XCf#AD;n9r?lr3~Z_fXl&hgFerY8
ztnD0K*6)dChJ9|^6?L|oq@aJf>}R{@wwc*BKJcX;cGcPgIaa<<F%nxCbDevt!nDYl
zzEW$@+4Z<Ho<#GWG(0+-1T!bwI)IE=I+j_M4Rvipl8uU^z#uU-<8ZORmv6rD)6|fL
zn6;homW{stWiHd@4@vSPqLA#*)N`q(3NMdH%X~~p^6T(GgSe-ASFyHNs8j6PdjBtE
z#-sG|yn3be!b!n+lWR)CDatR|X4kN>C~ClNTzX|~28M=%?G5#5aXLSs{W>ndF?s&+
zPMr9(-gNlVsEZ|uNQ~LeV!9mLom`Esp-l;^mFL&ATn|@qLM=GnIxpRaV7@0f19Nn^
zgVXul#P?Id^5*!%F}TgJdhg-r`<LnNtxdb`iWRq(x<VI~X~vpbgrt7xgpJh3emHzF
z^@FXW?W{hLcjLg1`Rc=^aNh=vs6ic;-eaOGQF&#lxZCe9?5hXfo1D<B#o(=NXs;dC
z#XTR{9`8sFX*zBijXB}5H*x%Wz=$=`-PkN>e0tQqH1}mpgM9SIP^n)Y;knX$&E(41
zYbaw;UQLdTz3vb~Rfv?iedt%Rje`N{LuV?(*q;w@-XR$uFy7Ub&LP%imiBigjT&<*
zvCUtkcxh{(L&_B>WaPCnosmAnbxl<!Wpv+VxISz~#J1tead$wyQ`nIkxin5tQ6QTZ
z>se~>UggQci%*ZnN=UUdoG~l{?4_$2DVA|($zm~qE*Z6O(e+fMIf4V=M2rFO2f_X_
z`x}T2;ncnMCp?A*&uEVZeWGh?R}MTk2Lib2?IWgXgMvr~mMf0pN~(01US5$97k}^R
zn)vjE;z=9Ns7{J;EQS!ZKWkXkdy@l`c3|9h4jygA*dq<)KYebZWt3bqw%n+l{BBIJ
zW~{eWN)mhRT<)Vk$E{%z&m=YQgxP|LNF%=FF9eJ+DI(ZR61mmpcqo6(Al1?P7n1bR
z!TCqU+bA3}Mwm~Jgi(8Af3e`2=%swp-l%IlY*v9N5f9pfE;KPC@<$DkGfYJ;NBj<&
zud$=XUq>a&)C{Q|S0*9|SI{B}APJAmCX<y;hx{hZA(kOQGHT%<!DT!gJ@N~QB}Zqf
zJ^a(7nbIWT$N0##ah{3-lRHwO#bHKb2g4N+faw~ywrYv{k7`S&N@<<9#oVmBeP1NL
z?VY@>&*h-+M%JeMgKtPcRWNE8pL=7W=(ZUa(lpmDFu5+Gk&fd^XG`&vb>!mCQ`{rT
zc85qGjV}^T%Vi@MgvqFVRz~(CjnA9G=b2`r&>qQxiAD=gPLR<V9UPQGkZxo?bCzw=
z*^1~n&?q|QP5JNUb*>UgO{Phy^zPu%QjgCYyVvW?Y%2z5^8N%XY4k4&hT>~NYAK2D
zZ$@Cp|Iv4mV)tqalVZHsj-PP5cyI3+ztC1%a;8(6DU`2KAOI#g$I(~M7HqE*SnCly
z4~k*6_d@u@6dgjubqqFqMB3v!<pNW`$h)$JMkdG3!`Nha`*vORtR6d4`EshF6MWoJ
z{9MH*D1WY0Zb5(~%_7Fdcz}Uq1eah$iRi$}P&fVXe>c?GG9o>31_m~_g@rinDCOx;
zamd(6ymd*htJK(YeXgZ%0eNuL*CcU&B83MF=%D_=`lw4tZ|9LmmDL?3J-(rhd@5tz
zHm!}~(Bj1GzC<S>QrFiyq*|MVKo4{D<c>r4V#wNu?sawW4Q+OH7zxqU>}eF`I?%DB
z=#Po?(NX>-u6Lel>~UH!Dp&_*LduWp2FYqnarETAU?2BLh%}b`Jk^Acl+=VbNln5;
z^&VQY^7YD5V>KOprN9hxTOLfB&WvIB(xm5FV}Wwn*m}$v{<}@)gn3o|;z@zEFBO4g
zr{VMV(6M>&G9e3(hX;K*QO<d=k%S6w^MQ1(M}iIP-T4K15k@zG2bQv)RxFQ<0c9e;
zHB>vfF6O&_$IOP|uS|X4!3_8GenG>u3UDc6Iyl-r0Q$&+J`~4J%|7;8d>uAltG|#F
zEbT8t5<spQiIad!gve&YK=pm#g;PQ;$xyu?0dO<bz^N^>3bWq1H=Y<gK1wRaTX-3$
zFj9Z;H0U;~42tb)p^1-7>YRxyL;A_T%HP@=TeK<9B->Ey;LA_1CfgQG-Q!kH{WMDs
zxCT@|ECVE?=+^qjG_)CL#6$=X&q5WW$2T}i#~vE@RnjIjy7Kk)a+~5GPyYbQuG2uA
z58}+^Ek-3w!2!pdOv2d*q<*I%zC~ppC?{6l@FM?k9w`MDrt$JGim-zPuASi)szG9z
zdKY)cKG~9WHV#7HVN?<jAg{C!OYeOrt*J4fOlRVXh|eB=2i)VX>k+|HNBr$kIiH{d
zawp-Bq7M|7jUSWz#9hh3(7dY|?#o^n9OR-)?298t?x#-Ia?0a2#+*fjgC!k_p+(FQ
z91gmR;NUt7-0)Lj{3d2&L<MCVd->t0DlNCtH$t~5?s1ld#J2MoD?NSjEi5r>)bkt_
zlf4jaPDW)s75Uwkgyb>BPd;0m6&)E%Hl-$8Z+hlaDeelk>8YQI+TYd|u&p)br8wb?
zu*K@hu-dw{X#I;?hv^uTU$0jorm%#icvfmrk4PZ)awGe;@<<QA;E$$$-HyRgrUMqL
zh(`IZ2U`aCv~~?Dl0*4alFxaY>8no)Mt&kp2dw}6EEu_9rG6&&!Azn<_4=*Gk;G{(
z#33db5+eQ=a(n4ad3HKy!2F_VKHqihPnbb<{rQJ3MFTM_&)4Vk=4X$5HrKmCi&#5s
zf**QtFm_{)LX>4F^w4l}CBj3^l(>nQpj&FV;bKVqMr(?g#fZ@DkG6rN7;hOragld=
zo7jg1JXD^2WG(NB*<UB0A`K_PA=Z`8VbsGV62tJ9PDgje9mM^~ss}BkSdqPpFW*B<
zqK7*OVdE)%Sz)eSz4YsQ?Zi4~@tfoy$dz%P_yX;yh5TY*imua7-BUYOiiYJ~#K(L~
ze3H62e^_md<sx1W<4YwU=-komcSg(*gxCtm-=^1JT{RonaV?_s4s~kpsDQWjg~+)U
ze}eMeE{DhEM^rc!{iv{7Xz4wFU(+jX@TimPY0=wZELP)w7$WH}1bdvO&$o0(#3{Y@
zu_k}G6K?aJ(dI*(xcNG#A58=j7p#cs1uL-H<FfDMj58LGHS95osZshyT67e%FUhr(
z?e5&>q_FsP+4NfR`?j$M&!mWIB$QJ^-Q^Sy&SWl#eu}Lv1P^?<D@><q5YKxdaMGbs
zd9CuJDM+N&Z>w*M!{_YU;L^wM*7;+Cr(bYZT`%<;2Qy0;?_!fiV0TQg?6zd~JSdiz
z4~IPTpS^QIJ9;7CFmyjyMW{iE1c$w8)G-_)RS>jI8X@&;RIt@_XyfyGz2yAvmfAr?
zhS1vD^cL@P`F6&Bf<UF2Z={owO!Q0FkM=ENjE+Y&)BGak-!sKv4yQNq_*g9{J)!bV
za9#RTbuo5uo}Y{FLO47<-+n!=)3bo9Pn(A8LDIWnN@Zt-r-aW;xNWeFCuh+z0y;jw
z2MMsTLa~S^);g$EqYVxF6z~|J9EaiVrx83zvlR0m)zB=i(u(lZe6+>Er5yuR<za?)
zq7B>mi9xXq5r$ypskMj$g~0kp1ZG?t6RBgj+ezC)etZrm!oijy(IdVKEJofK-BtQG
zDUz5CoWa2#X?FHcR_O>moCM;#=<+ysNpi|cJ0F)9J=y4HO8xQn!KA(^%@{9t{|Ao#
zgGUWjVlT?>|1jGhS<j)2`SE;zX8pBu!x)#XUJ%od=bd021RsVu{*NCoGPI9Z-FXYw
z-r^dl2A9PiCI_&!H{BC|%*)TJw>pnlaosBB`OzR84`&q(z2CJ;Jmc|cW`N&$H_~9`
zv9aM7s;xNDF1mWcJzEPy8R9)o(YctQ(ya{Nr@T#8V2W}1m364=8n?xBUq<zY@xenU
z=JBqp0lR7%fy%2LgS-WAhg_-dJ7%dD?(Sc8I$8J%5DGu!f;7@TuJw5OG`>BcS2}8X
zu{XT_?1^-mT|`teSeY08hr#2kA7S46GeeqBg*IG)hDjg)JZk7WeX(t|!kbY^xcN|n
zME6`{!LP?JQAw<=Kwsf<tT9fi$1g!$p(FWwjOWsp!6xap>ZB)Cn~O)sz^{CTUkQC;
zjwx7-+#dz8Q^$w3FSvA`>!lKNm$hkDiAFs|R#=v7d}wSie!=L;{TK2b`_1q0&@}h=
zd;5C)fqndz+{4{7o=FJSU;4RCt<zG8_h@h(V$-4`9GBGT9=dG3-)Q3}dUCfb26Id_
z?z8`#mzhnt!}y|%L`jy_A1!r$W`D~KH6u}Nrtkc4F`IBw7(_np4~PGgHG>OMe32*e
z(orgsFMA>iB(rJ!7u^&LHWO5sv6jQ5H>qQ03hn37RgNLVXh?WEO$O@^AtxiIYVXsU
z3-ZdiFRVin0j6?U>i!@ep{zz%Ize7VmsOr1Knw$17FxT>y2`quV}uhcXKS%x$f05Q
zYiU!lF|)|NDQ0rIWw!C#B9olU*rtr_^wY#hi5vLV-=*?ovzs$LI_|ZD(WX;Ot^3PD
zrH@a4%SvT1L`V@+NA?S@48L)!SI?SINkOo_R2Gv=8<<FUV^p{8Tf)&9d~<k6-pcT?
z5So<Lh;&)q)VDD2{^FRg|BI<%Q?wzdonqwuNZtCteP_|5y{dzq&36cwZ7?F6!s^eU
zkA{h8-~7eJh5HL8TLUFBi#K%dE3W+J?%NCUE0?j-mBVC(Lt}&e*kUh)FdcUX#p;gE
zn;c4?oA74)@E$1=dbMp-GQ7v$G{2u5c3NY5CuVx1Vea?2WQ^;MpMj%=ew+0h7dT;u
z)A{(vZIZLP38L!>|6U(X6OTks7WqJCr7M}|`{NRM_ZjCBh?n5&Oa_Hr7E7-~r1h=Z
z=~(|5GY|0GyJ+xGH_l(jj#3>E=}7aQVZXK>KV=`E-0!y0<7npH@RXX+-JI<m7~eg$
zeQ#Q*G-^$}M@)EJw{{Kg<M2(!4Xz4qhkcKxZ~F@&_Zt}h({*aK|7Qp@J((A|2k#Ev
z?jcIoRMd{}ND?2k3aRR6ZY-_PCl$=~i6YmFXUe61f0<;}n@z!_NuRP>87%Ego1DXh
zL(E4xomyu$`Opa(``A`CJggxn)^58a85tqD|GG75=tH!)D4D&$<V!}AOn5aDt?Qss
zle%QfDc9UP9XD|E0IqGpne721Gq_)4V8qsC1=kFq3z88-GXO3R9_pFhvWe)d68iLr
z<MC+o3msJhc<-jr<9DC(D04a^SM@oaN>j-D>pG`$4LFTOt)n8>j4iapAI&8kLx&xq
zv?g-vF-fVV?w?LyY$Ep$n4;t@Yg)pmn>E~VHjANaNT<${-Oc^xgWzn&E8?QhmHtU(
zq%~6bD$8|CcRH@4O<sR5D|oJIKgYQlj-(D_oIbAMW#Mcpi0Ks1tk_Da-`_)ou9H}Z
z)Y7OI|8AthlKdJ|bb61BJa)(d!-kV(*?F*1n`gs=a`Iaf3+1C%y~U<yVOZjzqqZHW
z4e{L}#&UJb=f%21v7`5nc-Awv{#=5pyI*_SD910G0?!(Eje*{jCa?V5C3`Ln+?I`l
zaTaNax5xFmp2idggl2UT@0qg>&!ko)9RGaQ3LYP{dIXBoSQku{4Y$4_5XHZT_xN!5
zeYo-6(pR!)eg^B5O?Tb|W;(1$Hnkel%?nA`pk*<u1ZLX%<*fOQ!eW^**7z^$d?%1^
z+#iqF%@tfyE3VlSZa=;hs#?DN$3$WIam*Vxu<T34JM|#-hZ1g#{dOi-$e{rSh%fs?
z|3`lzTrV!&C|_NAy!M1AjYvy2?t|&7?p_n-X1+_L{ld>$WEqn7b@1YrPrX2*|Eu4Z
zWDn$R>YP~(_J_9~U+=E?ef1^l-}p#!2=S2L+#MZTZtC?Z_>;AwFX#GULSwqP#OKAG
zLSwJ*0TFzAK5i$RiM~I<ylwqIHmE|(o=84NXTG*qIWnn~6=h03DL&Hpg6JM>AP6u)
zK8>X$!FWe|#yTq5MH8`uy<@PEX`c8+T!fB6)#OWx{N59@>d`AUzac5i-pe|TAXjbF
zX)%WcLywp(SnH<C8!jD-gMlB5m$R^?#@At~_W!VSmH|z_-}@gSf&wy-?p9*J=nhAh
zbb~NLTDntIy1NA=1`Gk|l5UU~laglA-Qj<q@9+PBz1be{0B+7X_jO+9I(&>;ItFAt
zX*n}GX|-Q%&zH8Oq9^BrVJIARRm!U8+AVW_ZpI#EMCn!bFix^o4{H19EypIlx@Ne3
z>rf~96D7oS#z;?qLYcBsqDbv8H!%?TBg%gA%ZujAJJtDDyEcVX^f4dA6-%Z3ThIOP
z;^`(Wwvs&+1QnmrHIGzG@BzVuAql_nxb~ZPwni%o7S1|WA#y}X#GO((PDBqvR2W)5
z=YKo$(K5it?mP0qf`Z$S?(NejMKijWQ3hq-GVcaScQY)6D>7att?EG{Btd>>vi1WD
zvPoc!CgHF%g{ppi1t!)nRkZXLD#U1W<(#lInkrRwgYL^QUs_y-Q%*?_u92O+!!vKm
z4Cj9U7L*24ZuIV+P`c3Xl+}rL<b~*?`J;3|O^ifa!-JKz6?boD(njs%(h^eqw&lb;
zKEyTH>iR)BhTG<O(du8c6dgmq)-}~~RDgifPLlnWE%DBiW!U{=X>|fEIn*!T(pRWw
zx$Xk)8xAZK7c6n4?}AxzN7tjkA@8heFShRonkr6A%@5KNAYw@+D=DIp=a&2!M7|^1
z%o*WJ=!R{EdDm#(!*mcRC%Eh`Abxpbyro^V9v-r}chH)}Ps_OIP>o7+X{A7#*Zc#t
zUGX?yE}qc*0}Qf{=-VOn+~QuCG8Y1|#aq1CYl1a914ZYoRXo6~D@$z}rU!cEN$I)h
zNCso4+G=y`b764%6)>-AK#~<|#j?)q818k#T}H}iv~BH)XrJ5Qh-pEFPg@3Plv5^d
zqWZCwygXscUH&r+d2g8+K1aO4Zp9OeMq=H%9lvXtTUR1xe2IyH$?=sT3f-uFA_u`G
z#sG}qV1n2fO5t2_@^;4kNre^u7O<g>f+znwj02}e9b8*ZZs|Pg6Z+9)uIfQ5Uc5T0
zlrAycBdA%+X6`{yRwTlClFWcW-`PQ7#L@J?ds_(cWCZB~Rby&d*kS6YcE5X6u;Cqu
z6Uy<yQ_{tX-n3>UKW1sq&{Rubws3wNE|7j$YCAa0GNQ%JVaA;-YaZReI-_(z$uDSF
zBXhc%7GL_9*eN=vc`b5QH_nLyZez}<j-?!fD>_2D2QS6y6AFaxo3qw2t%Mb9Nt@#a
zKj7GDQ_z7rBn&36JcK9L21dju-@Z^fKXiVP=`|;@tU30Ug4Wjqw|ih%CJ$Dju`?O9
z*ehE&MQW7Vd^kl;v;m7Y6<k}5p*3H;kaq80#9~Z}#{<I#5!bh0D%|&woLx05NNL31
zfDj~Yon_tMeC}Lk8)xgFD#NaY=8K)Z;|sUDz(-pFi;D~>T>SlTXHRzm1R&A*>hU>0
z0=X?_v9PX5{upWbpqjMA&D>~}MbUU>J*Kb|GR+16IPBLi<xX<$UH&<`9CXMXihV!t
zBJYEzV8QEf9>y+}XaoNkeR3z(G}yb?m+ag+&RH|hB;(t?yUf?0HP$dQnLRj1>*Z#r
zP;(%SyF9(pSAQ=dQh#Q>a%fthKgvCnXytjlN{+}Kj9w_xTHW;H2CEYo%l?A&f37~1
zZUOY>{=6zwEG4W9v3iDL5cu*!P`l78NYA=Ko~jG`g;R4F?0v*u1{uOgyI(;uy?WR_
z)dw>&@v<-=QTe8*(coC|H#x_WG9dInLW1}|J_Ze%{0Bo|4^cB%J#$$9tzYl3e*Jb&
zxOCILhI-fv9qEcFI#u&_T1KwdZ@B(s=T=etQ6(=edmZbov)`=n{Uu@`z^Z{0y=r_~
z)U*3N!ZTj*ZH=B+?t9p`7?UJ83@L8r7xy6?<yd8mIa&fPYVn(bFFM5~*J&@-!PdA7
zk5h|0e~k`yd!nEjfg|v?*DsA;b;G~oj=gdE<TZBB#?VLS%IegrnsPhmzuT_UWF48b
zgJ2{g2+f-T{Yl!zAJxC{NZuBCSOi5aIAQ`LWaqW$ihp1=r<7B-c$hr|F8N7zj1RK$
zadSoC8al@B7%>ykvA<=akNO2Z==zecIaE(i2mU)xsbWBY7=n1Qw#s-AzoX7lM%+Xp
z`PUy!?>?;2o+f^mBf$*8Tfn_v8Q*N3SaOAHZhe-GdYS?7G;uHg`wvh{iWwaptq9S=
z)o=$!f|J&O6&%L!7025Ej&5W_v1u3)HDoNl@ZhN;e*2$E&+7z>%8TkV^LqNmnS{lP
zQtCA=OL4`LA&LWcE0OfI)pkiASH1J*3k|>isj{HN1xBj(VQ~TqQc+_Bc;45BT*gaV
z23L4i?<lq~ZG?nWYG+BJxEoD;UFe=zlr3CK4`1XPpm(h&SQK7*dY|70s7mXU9Um_q
zd262dI^Lgc98aHF(KHF3|H0(tC}rZ<-Z)S<g$$r)l!1KF6hi60=xZ@%lB8dtv9@TN
z5vjfz;+ud)Hvm9JEZ@P&ln+lW6VeB9%OnJ9RK0_8Un&>*?i?VaGm6|36zL!%IQmbg
zA>Z!=)JsrCr?q{owBI&;Lz^bmd?vt&FOp77Jo=Oqr5m&uc|G4~hX~^A{sWZJzq=<F
z+aY<2OBIS%IMvE2|3_po{0A_<A<|J(5v-_;u~ZqaR+=%FPVV1n88tKfgFcee?u+`u
z$tZsp_ZfW4)s{bb?40t?$xAy6XEC#_h@<VJxs0O>;hZHNRpe=NqMpMHTlOQloSqHV
z4zO<%NM)+8Ph!kij4^xNS&HSEJ{CBW&nGeKM&R4De9Tgd1dP*q`XD^-lqG620zqYT
z-Or&xiMyK+B<Huk)K=5;UwN3<h-#4*gKM3Boj#{1)LW;dCTF+aQfeEpvaL7Kg-}Tw
zc&~qwK7+?j9CbqH*rEXr?PO8@_C0e1TqmQL@cXdCyld_30craWaAVWU*RCTr*6KM#
z3HYhY<Ov$D`ADmOd%U&xxL<$r51^p2CuW!NT26k^sWN8NrDjLWZGDOC!F?m6b#ywn
zs`Us)sCEQ$2LBS7W==S+_88DTYMFhk5*AQRK0T(P^mK#eiZWtbTWCi!>NO520KrKN
z5P(Kms8JJDN-*`woq7s2cj=JEyX^h@&g8z~+>>8m6tXS^v~=sbEh#Bk+%!WFUW=<o
zkC;O7@r=Lz*n49TQ)5%}b+Rmry8jZIWyDq*>pRdP%OYag$ThfR3K#9#GuyiT2PkY}
z)5k-+9+}t2j-nZuMkPdP!Ug?T2z)Q!II+74YG`Gs5!zzSnx?yYSLPM;mI>c@1f&Zb
z)&1_J57J`$ZA4j{TU_DWM_U4K_ll>RaK7hw9Csb@@<&zA>|O+!35A4R);D!H-gkPC
z+zU&Yb^BWN>KzW!N+#zJZ(Y-22=v*!jk2;pW6Zce>*XK;q<oJ0)YH9_(IaakBSl^r
zk8^6ESHd#N!vvSrmfr)Htt5<o0I+Y%7C3G)2wpX_hy)3oqN_)%e6=CIScv6nN{Ze+
zBJ8Fs{%c1xx+@WT$_~PA!l7c>?BF2DwB-s+gDUOy>uVvS3wgt~?q<}eaaX+{o*a+4
zk{^#vE32;6WqNQztqD@GIM9q51{yz=aZ)EHZOv}36KGAZ+VbR^L#J_L$AMGB4q;Kp
zO6p;c4q;{+!;Nl_4lyOfGr28)7x^9l*PbuF?hNS|HswC2R`#${hEl&}GdyXc*0@!X
zqtY?WE7!!7%-Kbub^X8m{`XUQk%|DVybO#ZX~&5A8$S_lfmVzhA9n=}Msi?EKT>QD
z)Fc+r9jn%4fQyHAbH;B{RLEFuRc3K(^FQ6PwN%N5I){$v@P?JQ?EL(&)9cjyey>UL
zV6dQ*>vYqH#>p+GUByfpt4=Gn15^6>7sRzgn;T*<W3lhf74;ABb!}q`H|{~lCfixu
znE#zJ1FyuzW?7IivL=chrK=LFvW_32uH~n|Wid-X9TI5|LoUn(Cu>R*YFMjn+L_4#
z!4epRhQ6T&!R8j$E4|Driti(F7><8E?5T0p6OW)MRKT&DKcfikGM$yQy{gS!iX}vU
zKGqb50I?H5gkCy_U8+18MF)m@zkCMdf<z%lKo*R?{7lCC0==zEpBkS^WPF~;+cblT
zUJTuz%gPHZfFwSm6T8)BubG+28XHq~lE7LY*SaPW1{J|@Ec>AoTcdkN_s8eF`5hEq
z=UZ3=>-qxU8pRH+{DetGuYc^`B+8Lac|KTqi)+ZZ#4=41V*GyOu;65w+eLYKe6st-
z<#GF2K@OZ7Nt|0GkVuCZ+4=`Cu%8PlHZ!YvwWeh9u86#4o^nq_>5Tbvg!l`8R8UHw
zph(MB$SCx_X|!F+D62p{cI;jv3wq!a!fhA(4jg}^WVzkBxBcym48mXWxfqcl83bD;
zNX|TVQEC-y#3=b4@p34OoOO6z&$h@HMg#<7eTilqdoS>+0aJoBGKL{+y^?h^5(4{d
z_=5ax`N1|RG1V(!y$6xIr>p4xU*=mSrtGjfj6|XT@KQ+_4nuZxqafEp9q1D}+LpZk
z|7AjHyDMwVj7NI*$(Qi{or+P&YnzGlr8uIhC+Irh-E*;}&qc*d;W^K0vqvpWV&_!#
zH%Q|V)1vySm`hfbG+Jqh#CnrBqC}(W{%}=pmS@op9IQC_6}U#PT!?p-l=?<pW+;*{
z1HFO>V@jZ~!6av41Z57h6Jw)(W@h8M;iGL#@Ky_7ers9|laNs&<4k0HTM2Fo?nzFl
z3{85=3B}&HU0uQbq7VWvw}{GHbs8UUX+gNh%f@H$R`emH?ZJ?vhQ*7k0Pd;zi`fV}
zjE>!`%`gC|3Qf%mMC<=`tgXyW)~wcQFc!#AQvXK+L9q&|-Mu8K6-T`Mk}^6$j8{>5
z$A?io%>fy%ZR0^+2^?W@d}_tF$GK`HZxk3De}vNiX&PUV{sOwWUAq68l)>pr4n<I{
z9sk^ES0WT6mzqw=&C-Ei?t50W>aO1-(t<nG9KwhfgoB~Q_BRI9La4PJR8@{$hR5b<
zuy*#A(|&3($p>!Qy8PN8>;iL|EWgefN8}_q)h=9DPGBfF3HZLN=3UHC7O^V5cQ%(v
zr<t9QuU%RlT=;pBosjtJFzlpNoY<)hDNds<JeR<99@o0%nY!<+rp3&TqFi|AO}Kfq
z8f}Ric{g4G`s9!7B`PzNv@MK{8cxc#JPe*&U!PCzAB}d=Tzhg9lhap-O&Z@|v>p^5
z;Ez$upvK)BSI#|ihrmoOA2mIDAy3yDW>LLn>K3ObyG{#YaczzcwU>^)lTmxCU2->=
znqS4fYH>vT1DryzcmIC92jV3%;9g)H$$S${>}##i+6-qY@Gpm81NCr2hKWh`_D^IP
zhQ9NnjvxcOgFA!higt$tLzYeEm(W`wnV<4~5xO(PMCztW`t_ADP?dDJfPv!wss=s7
zJ#-yAYUca+fAy?38IQVBqhM%lwUrfDX+spCC_5Tb4nwhOK}Ke{E=kMBZEIcljkuq?
zP1G4SQNZvst9jjO)r<_}5IIz7o@{$U!W@6ovZpO=3gtKj5zvX>@oBa@8qyVw{E1kx
zB?8>#G<tW2)@VSIOxF_ks8o+GcWfKm3ftuUIUt1hX|(Et_UWK+{?NqB-Wv8ekIdz&
zY~xXdh%VCUkg3U<^V9yk#P^AV1B;zKQ08`}9u`bMgu<78*Qid%jQXk*O8>fIr~RZP
zE_ackWR1Dl98LE**Iw~_hs;5z4Vx2M<+0f_@cW;AxCim^G9MltE&dMpoo>tJ!wuWm
z%h3g)-iA|%hEy_RbGjYEtBFk!Z(_OY%!4~ldn{EwTqky7M=1((P*dlN+qhRo?<5j@
zo`*IpcpY1v6jw4>hTEp182j{Tu=SZvMVyECB<RXD;_vw2EKT)KRo`6-1&}aCU)PC!
zLo*M%kIf_9r0zu7=}|TzYomck)<iwyv!UxSxAx%+DUJ3O*B}0898n7M&-O~6tP5)*
zXcM0d#IZ3c{sU+<)Q0?8vz2gi*gDgWA{{LW;;p>^zf(wB(rwERWT_AI^M2J^hY4<0
zX^#6TXFT+Ubr?JH<7JJo*->wkL<r|jn)lD1WJavx$j|XVS9yOm#*hz=R*fDfMlhPj
zLWx-V6pZcZcu1~aR~~<wrv%0lc<zWQ@aH!6VSuou!!_)-Ghn@l%DXbv>f6`{^|hw@
z^J|xlnkUG;hc5h((;K_qgP>k8+nB$4T3^`fzsxmRHkV?T9+TsNhrS(wVj12vP7V%x
z8l&7GZo$UxGA6mL$<~WNF|R$eBV+UMxDe!8&dy#6?V9Cv*8*joUDVAUqPSD|@>_pv
zw$?m<>unxJ^BDpQje}qV88KaJbrr`L<blNh04?@-nXhoBbb0@5VL?a3IfJzRFH-BT
zkHZ`?qj8wBt>ifDqi|nW#xNUaH|IK_m8*eI1@$^<-_godecJILS~3u3R`&$?l$JQa
z)BcOn!2d;QKGHl>A$3z$OiyjFEC~zgh)PkGvaS}m0Vt1d5gKuGx=nmvX8kW_bD6Pt
zG+5~I2|9aMK(!kX!lwJ4X?1mbd0sK$qaQ}1M?+vH?*@MLZ}w+?c2?{_#LkI-bLLAb
z1y<5+5NYh-jrE9q2$Im>wkSvkO`hxVTj$r~&NJ6Rl{2FVyz||CX!IgCEyAMI#*a%E
z>)2mYHhh`k|N2oezMTes))p8{XWkJw+Olay%<DWcmdmUT@%KIf(@+rk#y|5yJDVnT
z26|lXt&MjzLszJI(ta$1zS-ilu<jrlhd#Kiw`p*lY;Et&PnvrhNVjOL+0+f~;>KXa
z$_7R3Li_rpf53A!*9I3|^N`@miq9R=7R)syUxU2xTjxzhcNGKbys25^&J-E+5=1k5
zEc>>AC5^o9)&kE*53c;iPA~mK%(sue{OIm4qvHctO+hK<P_r^@pi@_!5A6FE;+@rx
zH5F+0bf?%DcUY^g0SS$=Gj)j-4ZUfBwoNhpQ!~+RkFy)Al}6N>3%het<KIPozMZsm
zTwLTvBcWOEy*#wb?s!G2$$*@WqK9uV^qeo4{c|VQ@Ae0;F3|lMd(R?knq*xj(f7Pi
z%J)nfU+lN{>-k*foB}OBzA^LM?_|lE7j*&WwtQHiPT}?nM)r72&IR6xjv1*{0vTh?
zr-+&RJjA`ulqKN%gZwR{U`zwb0p6;x*D1u<&@#NF%eFgmSMxx=<=WAkrG)I@l7E1T
z2eV&0&aQL>lhFqknQK?Aw;J-t*b02}6mg3(0DoVMVY__CGQH8Urxi|2Hnb;yWW<P`
zpD_B1T*uRDf^@&W8jjG60ak);*P_tfVS{EO@8d+qUOM@64&Tacjz;*3vlY1P8+6ac
z`pfBpDW}xTsna8+^MS|Gxe2vm*tzPybcch_{WsJ#v^Az8ebMq2J@2Udo{&|MW`{2J
zb<xaufdlpg5!18skK`wMDWFFTB@$5sbdUY1HLbCu|GSXX;OB9jX4ZxrItKW<=*&UN
zmYG<gZfZiMA3PdkDL1}TG4fYyv)<o9{&>)+Ly+n3FNy!l8)z{k$&=Ht!P<nPZlZzd
zXR++8HY>I=1Tu_`|4UAvGrYnO&V>F+^4iIBOfhT?lvO_JE{bB^fk-2o)+(Xjtx6jX
z`K7Q8vBpY4?SXHuMUEL-i`gq`KTIos*hfuSHDO0bZ(q?Yl;?U!8M(#&h*ic4d%-<*
z3D0$d2VF(qb*j^LVH??}-k!jR^QxGX>>Y`%4I?hj{P%jLR;)Mjsybl8)^elpVgB9~
zN{C#&$&r{F^2p@UNJ4q5K)2DkYw<DKeQ&IjdW~uqrj7HiO$E#bpakw;dm3*KO?p%w
zuP<gS+3z90)cGbZKIft80W-#Ai8p0rABk>nb@2!uwbU1U$!Z?TA`!`}<C`hSoC&{B
z9N*E6O&|`uN2og<1l0xg%o||(=P1K5d0OA3Br{2FLFe~x$GtE7YkZh@&FY)97Tato
zzEdAWKyAED7?~*xv=+&@`p&L+V)hTO5cg77HBpoNruS;Ofw5;v7;{A6Og8<Yk%a=!
zSQ%TI0`1lduB_uhA@fGD=7+l8k0vvg6<d-e{wPjC@xiSZ{U7$`rB*;oZfkG>V<=+^
zuTbV8DMVrvt6^~l*xleYa&a%Vbzjpu;uzsIkEeX2sBZZFmTTD2<fYt=v7My4Tl_&E
zM5)&?GS0NXz0pdws_wJIQRxnXQ~jgwr(}RW;Hd}J+SfCa#pCf51#gQFtugXix&5cq
ziexa^gdW_;tI9#J-tMA=$W7j8u`d0KO1sJmipN4=tYNYe(&NMinU9u5ef|W~Io>Vj
z+1^m!axHq(70BOH$K2)l{{!@IY@uOWbbI)srkeUIRaN|FyE)p-v$bt<n$`=~&(x<)
zIYNC@t5}mRpH-VAHVVuffSr0tcodi>o>*C`1MF9vwxxMl8H<4%x-xNqAKN0r1eAF#
z;FKu#g5k@?>wDhG7ea&I^_`cw)iA^g*v#w#2gUoVb%R8gx#JINVd6f)C86B=g!*C+
z`OG>Ox7BIhQhT}^&yGq1m8()-?Hpj!l8Ya$KXR6wdr5Iwc6~=Up(LV(#BWc&5uMTx
z^ZX`5wOx0e+1_?#p_@X6U23a~flyn$UvSyt)@ryWz*^%Er&+*l%6iDS=!I&qNu5;Q
zKB;9dnKv+<&H{{!<DZXl`JD<Bc-PhxLYU`&ogxj=y4B$tVXA~QeTmFfnn@WFG3#1V
z<T*yzp?6)D?m+tzPjG&r^ev0ULYh%%?O|BD8+k4#t>*Ivi+>vMeqcQ0NzK`5!CJZI
z&Yun7j-ZC=8Z}k|A$PygVeE>YUBUaqw7wC;bYAMH_^(};t;id{N27lLdW&AhW#UES
zH?f*Tjoo4VJ?u06VcZ8gdVl#|2RbCgG6k=;KUnZ6^7pJIY}Q{|RNQwZ2gUL!CKuS;
zmQhKh-ht5fB;jxU-%Gg6v-_vYxfbTQ;w)_u{o#!08Wm7q8TIL9H<~kzR#0NH4JWQO
zB^~K^BUPF0L%26MlIW=*KIl6ckm#X56qHY|R_d=ZFm6>sIX;;KC5w6)R%P!n$H9CY
zevIsv)S9II8cg1rX#%AYo3{FF!B{;!!{winNKwv9PPFokIla?V(2j*td|$TiZLta@
zcX7%+_;BdupUl%*WnAm_*|~0V2&R<;=z5#6_&18NP^7O))wyL|*e_YLVWGIy$5hNg
zq{SrGDS{1wCm)ZpryuEdMD8{2+sz-Q^!x62-r;H5yiF~4{wzd0ficw_6tg_}?M(ck
zqD6|PDz{>p!54RjA`U=@FR<P^;f6YD({=2&AGQG(swgsl;QGY}s6Bfcoe@HqYqxdo
zS|YAN11l4z%bNLQNUq_LnY!P|?)aU6_S?Ay`(;p*Q`6|dV@*wNy5@o7M4K>wyUs^E
zT*S-+RiV((?~uqOZUD`kXztlSn-5~I>Rv1_<;VJED;t=5IRgxJX57M<<#`njNO3$c
zmF!$xJ~=+vz0j~LNYAZW{Nz5^3k-Ybw2Zl_^xYe{zGNWfTOcXy-vwljvH2Cord8*@
z`r<Z|elUA-L7}tN+iGSe)+sY4k%?N7YWH5-OaF|rP8_{~sFGSeZZ}rp_pZ>PRQFGA
zO*7jo8k&`glS*C~HD|n3V@_jBY_q>?(&`ejECJcYBOQDr5kjb8ck{Fn8R!IWp)CYJ
z0gSwgl_}rvkS-w_8wnO|lWV<`w?8+ba-`boIk9T{sWE*CYrldjX9o9d{MsHm^4T+<
z-l0A$H*K?{hp5WheoY)St(hmBoZU;TY#rSMQSVHix;(k)$v+hnHPP7bx`TubI=u-G
z?%zB@+)FM6l=a^P;7fR9%yd=btuN9dG%5hBWamRK2ptQ|hL86q#pd<#HH0-tUXCat
zUsH@2(?|Nc+f3Y{`8ZHY0>O`W2(zMq*nS>HTnwUBhmC^x$_(>Ss7DkTO?;$-qpQZ+
zcmB@o>#pbt*HM!K{LlLHbnSo@h5>+h(t(+TCca;%>3z&u<A_KJ9;Gu4E_7$p6T^Gk
z<HmjW;@S-!Z+??vnHmaCim4aJnv6d8fPPAA1K5t>44HjkVzYQ@hq1N$)ZDS4e(zpU
zgZ0tTR{miie`RjCt`fj^em=x*PK@x__V6FBzVOdIuvp@E$p=XyCfb7#ik_?_O^9B5
zhS2&!u!&S)!-_fU_3@@+*Y<{B5S1a;k3LMAGyD$vHB^nbdB~ZUgtc~X;dr9eJ3;Ip
zGOJCGgy;|<Se;2emBmbLETk(8Az%dsn_t9lq1HN`c7DMq(o(2gN%(o#Qut`RYz7vC
zp(V+I`d^>zCHd-@X~#_H5HLLj!b{S<;#N>*eA#2M;{2e}c1uxX$kq>k>;1(@=w<bU
zQ}ROpu8Hky0Y$g>kx!?As}kWsDfn+CNcNk9FjmWccTdsbUGnk0HM#?_aOxQMMHs2`
zF%)HT;II^ZYkBGNmU>p3UyVqJGrYwZ{_LB3b2iL?^TJL~WvfcvfK#t;mLPiF0jCd5
zSt6`$=S*Bol41-GT0D~`=ER*%l1Aq2hvzo(%EiiC;hdz+f1#(Qt=?NRU)|s*FjmW7
zO69QcZne9kqpjbi>^Oicuam&o7zssy4=z08l6fX9_ivD6=_})Qhm_|VV=8PGPmN_`
zgEV(AX_|ex-TJGpmbTW#)1AKQA7$1FO$N-Z`m_Edqw110=t2$_d>Oq8kO-VNRlw%2
zmx`!S?UnxI{l@-RXF~B;TL#aE*w~Jz)3gc9(ybd~8!_+wlJJK7%W%`Dy5FaJZ9UX@
zqH?wlAEf2?Dx7}b_R|)@R~DI-Qyoj0D^hq3Cwh0q0|~cI#4i7|BLAQeqLCx}h7(o(
z--w-(SY)qgYnPdn9?8*n_bk`!xyi`Vs=%02XTJ1b)>iloG}7C|py{n~li4Ke#)e6%
z_Q1@(0lwVsP$1G36Fo)~jS~OeWvcCN$Nc_}Q!`Ga?II??nbM*H&f`_j($kyd<R;1I
zo2XX$oNVTEyFoFMePc8u;O6)Qy`!@E+~(FVZCPY2MHjmeV$_(jLvubAM6XGGjh3N)
zU!wZ`0;}%8PW(x~S-fVG$Hq`PN9J(f!O5d}f7`UQ{rOd8@6E<YH2FWhus|3rtI&S`
z%3kQe=(-dxki~~36KFtQOcuYE&Jh>nh;3QI#LfuZC(I{zC{9WA+#SAtp<6K6|3?2!
ziw~|L3)q$H>BVz4)^hY8QZ0r%?zgnogZf8T9dc<VV(w<jECn?I-{I~l)xC^uLGfJ+
z(q%Md#2KWiTf*~lQ^mURIx{j#{s)kGp=Cu;u;p;)ZyV2zMZ=;K=VXx~amen^91fN<
zF+6!_jru=;{>|0+Bi$f9^R|_HEmvGK@(bB*1ioL`=xobUK4;b97U!$+^e1`>UfOEw
zkT3uth)E><Oc^QdY{G+lIf)LLUT$^QMne2d^TakF@%SR{t#O9{vHCu{or(LeOX5F1
zo{!n6DPf8)&&M2`rytw+UW7<<UG0CUcR#3`ClMwj4E=H$K8hR!D`w0i8kCwes0!$w
zt2uZrSjo~T@~@_&t;Eo)$m`mmY@cko8@+zwxDrt(2u|JyQ2zt4>DGxiD!MhhraCV5
zK*(a^Z8U;BBAey|;Nw_NNr(bF@&asohV@lbR_U*Jgbm;|1uq~eSsSBzRtgMb0%#9_
zpJ%Hr3rm{s(YRB$K+n7EvZ8Ek+*DosG}#vHh*aG$Erl&?wWPPH2zmYn2MB_sZQKFU
zpawS{aMt5Y8}Pz%XwHtR<(*ZVAyClgjDm4BI4C$n8xbuu)zCWh>w#VFTrpWC>s%J_
z8L%|7%0L79HC_Z{Chq=sy2arAG+_+kC#H`gqww77V*+Qliv?(jBCt~82T#ArM2}I8
zWJXk465^AvhDUBx{yKib3yr!*a;dEyRE3ne`E}EJi-C7w>^xy+T@UsrmdKwfL~f#4
zbWALu`bAN{j{KOF)BdbQ=1=j~O0CxdHWX+BN^&&Cs8tNgy^})p&i~C-zkypb+9WRm
z)V}o)5e9F~E%|LWtxfIceUxrB;ZrBcWxBY)QUKORE;F&*i#!=zK0-xpw>@_4c`aWD
z8T`1s*BA_&f@RX&RxUu_;%Mh&U@E%Y_}0W6Tw2(fTnC}Gb+~`autbBkRsr|fFyD6#
zqSRgDc_oiso*UHw1JT)gvH4&}HRd>)cM9`Hl(;faQ=z-a*<Q~drU$J{DI|NU?}$Kj
zTGXb=Z$9oH8{Ia*1Gjxfh}ej;qDa4__N@zS%dCg^?=TYzdmVajT;2>s-Tx>Q5CV!b
zW18zL=elNuP5Da(ckE4O(A)V*`1(q%flwJq63cV=AKuxuB6ENKk}3ewcuKq9nrc{2
zj&9$vdp~s1@17Y6nFO8HO-5_8#N$88hMMQwDt_raGH?h7JdCRKNzB?8Q#WneZYom0
z^y1DD2&UD@y?K(~nmb;7(!YBh(De^Mdu8z`{4i7DbA_I+-4{z-Ih~m7Zgv<&cVya8
zM;HG98~5nn&98p|JLJp(DkSb+g0zTv2Dm3BRs&5Fx`q;AHwzQL?f+g``uyH>=phox
ze`7$G1yWiY+x>bP=M7{!ou${zu^$&m8F_)HbjWya9fdFvfuzUBRer0yK)$ID(pkO}
z-GMH@w$zaGULQ3iI}Uzgb;dnyA|ds0{;}*p66rJ`e^OVwS7ghk74!G!!P5j%sjj{_
zjc;dO$jWDm{MHPhdTSdD5iFvR%x24dqmJuG>RdmU1gkXt#Q=l1TpVe2Oib2%OcM7Q
zJZJj@WyPTC%AF-Jwriuek!@$F626zc(tF8D;Y<H}g|fZLQQfu|HsvW|*u|LB)TKe8
zKoDoaUHs8j+u!wIV1d&?5|I-{?*~6kojN|$ZbqMWK-;6{$(i)Czx&NXGV{SSRueMR
z*Dq-6Hum)&2X*=?BqdgaKwlj9(~zdFgYb$8F*oc)!FS46t>ae#+$YBQaA`in${)+7
zPQ9>~)29i><|)JiVg*`sE)7?Q7Q#Av{nv42?^)y<;|aRk(*>)TS%6@fCJurTz%aJ5
zE+kckNQsn6c@}q=6i;1ON1Uug!I8@(DaUBP!9{^vi&MYEY8HQ_Ia@*bb2@rHWQ#z~
z-GIQR(NPPXxwDtt8`9lPV)bnFm4Vin=?%<!e1`C(&aiHG_)_DXf!Gc?9+!}UQn^+f
z<yH)PGPYML3`Z(66lY%i-rBxfY>&O?Y+xk=G)TT>5Qn$ymue@UK6qZpK=%RoVmE`p
zV%Y0m{X;$XKuGz?8r6qy&MVwWo?`BUaBI(XO;ie9u&Q}{`wBJ1L%g?oi(|&JxDz2)
zMQMs!1ZNY|{G`(x9J<KQj13;U2(ODPl;fAS86Hvc2f=gXhg|sH1aGfk48V1^;aUMS
zAQnR20KJrkW}TcO_kwG5eAdo2rs6)$x8V+yGEp3tk7?M%4%?5|bSRn$(2$Q@UIgVG
z+yq$|kRS&%BM1zew%@Sb#FS|Kjf)Uk+rb`1^eX5aSP#vqdN-`toTU~C!l;Xs0qDtJ
zAPwNmbTe)iM}!GnacRIvRZK4K+x7(`^F;r=Ss&^eYxRyX0n_F?7A4t|4CoI?H_z_2
zI^Nsdh1E!CL(ddmKhr648q?N7oWbTw)aKS-Z+ct5F0tZ~)oSIJiuG(_(SZ{4U4JBw
z3H~}eolA##O9A;~g0#m?!NrHW1b3Kt98+r%^LGX3s`cPkVcbFwdsBn(_J=!`Yv21E
z^^~-__gTc&{Y&{QQkBbWQf38?RVnFb#otlgy4UXynx}>)U{Nt#v7=5USe7#i%ViCA
zopp|;%1#Ne2ds0n7D!1uarO_8C=&^#l>5GVh#e@4Cg!_--=X-|E<-dg%ES>j{s}n;
zlXH9d@S_B`<-s-EplaBuoy7~6Q*?-Miez^4*ccB&4g7s;wKg#?-Iw%Ke_B|&A#`mW
zp0lR=DW|C|Wk7|6SucM2og#rkWV2S0HaC$njW%SGn{?L1o~1ED+)ZnSNU$&6mKi<C
zI;f`=ECe~>ir3(Z<@(agH#%y;!gpy=CIvrO9<9fR;oB^&Gl4mIv8;c-gOc=xfKR-3
zyIlVPM$uEaK|ZH{p@_T;<<51d{G%Dd9u1Kf>=MltNS&O-ZIi9vIX%FlJ?XcRcm@DN
z)ljS$zZ#)OXlF1-g#sBCC%a`>(o@H<jz#tALgsF>3QOd(3ciSUbXx1dgrKEn-|GsO
zWGnD!yu4eSfzYW9HBJJ+By(HaqkwnWHen=kWW!FYl!=`!e^9JH0b{)hwU!mVKUDYT
zeBDl6>peAwpW5E*UCPj4Rc-X1P!n`rkR3@XgQ*0>R|4dTh82zL{3oeDcmLWN){6a?
zn1U9gnSme-o7JJ2BQ3gHZQmqzVcaH0E5@iya9R|hpsE!k!%>=TSvnk3Sn(NF%c5%J
zY#ghvieVC~?<cSSb^%^W5lztuG^$p}4(~^|`bW{jSOPtcq|;oxTn#{>au`@V57<Ue
zq)(9U$Xo)6O!-Nfhk@TPNzQFoV{1gFqvvB}xZ6v`a$!f2IW)0DuSCo|=e_%_<-tJs
zR&ZtUa7gg}YpL9Z=%&#t+C@>`Q0!CYZYv+r8`m1ME`lFHuNR%*Le^8$Ka!ZmsdWAU
z%4L!<et~F%Cry%@q|Jl%<M#>We^}{>AaNzVv4Bjn3up_8ll9#o3Fm5!`%RTY6qnz#
z>a14x9DRV_P$VUV2r)9rFu&szaU=m6Br}R;1jyEw*nzm243jt3oaH9XIRi)IN(JP2
ziPp`^P9So8Vy9=O?dW|VOHYWbSX&wg7>n%KenFnHq_qsx`wwFAw{H&Mc+EO~7uIeW
zV0W^9OqY@-YbP&D&~@(|j6afo>(eTqW@+;5_%MD40#O<tz7SnzKH^;2J3k3r$@sW(
zbQrQ2DA8#5;c#VYI4?1^Lymo>q#=khKy;&^w|k{&{=|{%3fMYI7mSp;Xc7lG+cs(h
zYS%vzn77_Av(l-v`HE4&{=43VXEO4ZeyU4pYke~}r`K+P_%C##G1i8+N5RfQi6xJG
z;-O|f-TFF6bMC=peDU-$&GpOsdSYvpDDx-DMdBD}i{hW+!#U^`VJ;VF+9uwua?8!X
z;PtJUWY_F6?P6nnTi5BaX(w{4hW^Fm9PQw6aM;PgX{tli$Cl;Q7^ZuNh#$Y=!3ZO4
zrH^Fq{J?SAjgY=LflXrcN))Cx`T*jI5K=+wBu;g=oB;)yW2rt6>?TS<lh9OI-A)gW
zRt7apVtnW7Id;$#b5ho5k<Efdi7^!Z^}h@rGKRxO>Vr?U1}q#Y$vfFP9zHjB=`yw$
zof+J>8w>a|wS4FEp>UEMoHYb+0@ksABepOAJ<9rZ<Zk&l*G;Bw6=2v83?za-$_dR^
zxSNKrxP}Kw3v}EJjXx~3xvN1?Zg4hgW`erZk53~XT|j#l>%;ea;^~bp0tjkwK90=!
zj&tBsK%noFNz__bLRuO^t#+(vZj3K+u^0=Ujk5t8Z_@YROObA#dAp)!_a0ki28Th0
zj%APN#h+HU{w^-BKU|;IKg9M5gfcce!fdhpUwPs)xD>jCv#CT<W8&uM^%-#9BhXjl
zM~Ag?>i@nOS%Z~X)uxddHc(WZ)q2Jnf4*oE%e97aN8?2neSGr7BOHHDzmg06#lfmw
zwT|;+23J;~Z-X?)ILVWY+eLmVh0Az{X$lJRZdD@q<4D%T)MBw+Uk%Mj$3Fe`j?fdj
z{~Wp3wQw3>cf~b8yD-YPS0tpu`<=?l!rEHnQ+yb@^8<JJ-R`m9Mcnxj|F_kuo>E<#
z`&S@M4gix`Q|q0q&FSL|yeUwsZ0<}-q88<2NcB~mk=c+H7RmDt7-S7GO!g#fbK85Q
zxjVYCjt@4yl3QfeGtj)%i=2JO@S>!CbWXp9<altQ;qsnQ@3R{ZULQ4X`c9NH^hZje
zx9QyxG|(gdo1T$1)cNGEW%sCvyCT@Po=*Nlhw{mGo95nef7UW@?Ue!>t=KLTyH7>T
z4h21k)pG;sDCxsIV*MZsIcy!8f3_|oxJ;2~NkQAHVVua;_uYJcr%o~YuDzM!VN_b2
zZN{6Y=mR*d*Ee>9UO9dGP;j$@JZkL3JUA%N%cW2Jvt(k?{H8Uo_T5e?A2xx|Y2?($
z0MhlF6T+L5?e<dV^ZBILhL?xHSrQU5dfcTKgf!$eS=PSdyT&~bW#5OG;_O>DP&1_h
zH#t$Tt@gE*XtKW8t~@Hod~_$FuxgK{bFY)6Kk>We+;nQFm_(5$GSr+t<ls^C{?X#i
zMVI#B#r3^Z+;pPI)saXwNnK{2f;JZmWS?O;QbNE2d~qgaVX%jK+xEP2I&IUScFU}a
z<>2SZ`cr{CRJY%w-amj(@k7>q=gQt~Aay{<i<NQd!H|O2k4o2~V!)p~%{OmmyMI7J
zi3OkP8b+m}d4%_=CC|lp=82W9q6)k2Uuv@w`FY4({#AV_Cn#acRdt^k%r8%P^SkrM
z;c}g@d~qr_maAd1)t^AaYc8)oc<vQ+=0WmNFV4@l6BR@Cs`ej1hdQ-|g!o0hTysDW
z_3^>p)z<0li^+Fe1`oYtCrRo_m^q5&ysH3qx%)t5y6TB}j@_7su-6GI8N(6+g2N^3
zUj~n*0Nd&<$2Kay>{)VTU^T<(EXNnd?MK^c4CO0^FE#ZSq`L%ieum)7MnD+;pea$B
z&`Z{+$|t@3q<mK4Rt_8{J-9hU|H)2T;yKx~Q4U#~e$_)073p%#6NUfzIaKKo&_V<$
z4WnRAX#B!aV&5d*3uv`ug+L7JI@IWr54@__f2*KZ{whx;_EI-0_N+pXPq$K4O{Uw<
zU{`HaxU`JDB}06sWb?M_KPHsL)v#gO9d1PDC^j2ymnxw<_r1RDTjn)Us{0f3WJ>^Z
zbKY$R&!`3s`Q+u1+3$<nQ?!qo&*8>0XSs!jVv)Ph#7FLFVoO@@W`ZHmO7+f04H<h=
z8{1$ez0Q@?w>I~0or5_3Xo83C;;5i<z*eH*Q0&n}+;#3B;O*)Hfp88sZrX>;Wg<n9
z0S$~h#DC^x8$D>7cpk@d)D3+-4J^S2?t6u&G~pJ%`w(cuSV1?{Z8yKSx0l3jde{l$
zisgGXoWEF{1e~b@0}BVtzy8Q)cY$|0ow<ix1-NYm6a-PGt6eydO|zPouqn+qgaW0q
zX#YG%C$a}~^M~X|^B1i?6MG5<`eYOX)+25!?GztN0*l6rZcY9DYEK{j{Ap>UsnR$I
z89PcVWwX0ro0@T(4SnNb=6^Bf*L>x5dE>vYCNiU;VER=YhNY}(q5jb`ENPx-fi4(p
zv=?b&9VF#93}>_R7#M2Ro8Vu;skAY%!Grik?v!Pa{zb(wk0a~6+$Nf8C)^v~4vr>P
zQDRZ$Vi0XA-NjdWEK6r@1c|qBDmvf30ek-gY@_c=T40j)+s`>g*ggQ8SI3*REBne4
zevS!<-4!Wjr1!oW5O>k2@mdXO)?~^^Tj>9l;_3Sl_BAGn>l*SPgEr(C`chjmoaUQX
z*B<y9H@cYGrM0(FJN_TQD9d>>W4*oJ)x^AVBR5v}3I-_(@cJUo4DQ9x*`$#xbAHUn
zhZdT2R^FU2OI&r)=`N=%xw}glXT>_<!%${*b=1{@kd}InbdT<TfG5H2!(BqGyNd<U
zHI<7}id&BklWE?&_P>^o54^8$4o@@>mnUCeX63A%0%W9A_av}nD_>c0S#)Eu_qnZx
zQKbC*YRT)0_Tu$o*2Q3mr@Ah*R{Ac64YaJ`AI8Ft3m$lbkNH?liw{<sI@c<ZMgBa2
zc#3NV97@(OiBhCzQWS*lVQpH~Bf&M2M%$7{=(*}Gd`ITfygy$*DaAtd6$ET}g%ZXw
zmEHYX&wOsLw*CBrENZ2AzM#GSvL2+DPU9%*Z=g<1&q43;hW?rog2njLDt6n)JN55c
zb~le_&JxL#<TL>q)4oZg;ix!=Ynud8KCeJ<`<$DXr#og$#l>JWsF<^-IlE{qL9l|d
zAshW@p=iiAdhX8eQ150y`HSoI=Tf#((6<iWSyn46<022^q#RupM|aT$W~M#2&)Lz%
z&abMyBJ_GVUh%%w6M6Nj?wNgTBjj~u>=}mb`Ro>C2n`pOao9l7lnRRD+XwVJ^dos`
z&e_Gi)X3bCdp&E*uc$oVAp3>npSxUG^AAgrz9`iS@&yV<EIO()PSaZ-v<#X;Gi>*B
zBj&3$N>sjxD>3)uLoTv7pT)gnVY`>gM?v2+))uw)B#K?@lDlPn>?oy%uoyCw8x_T6
z<%6-E-NIrQyNPe}nxrety~_3s?Hy#H?~}hG+e=B@)uh~aV#j2KF?)cbcTdRzr7up1
z1+{g_<aiT5DO4EBX9L}bxL+JeN`)Z1%+4hAYRo;Kylt~Ve2)tVsc1epuYZcw?|2X!
z#A8nPW#_0&{KH_~V%+7HYn}ouG!n>ydzjiRiX8Tnd^~JogU+Danbqt$t@E$eCyXSE
z1D~2IIxToFf_)qq-w{GO#0$(-3kqn(=0T^e`IBMu_|A=$5WXvw<x2$<5wbKl0;XOw
zeV!)xKfrqXZCTAD!3|}a%^b5nccVfE>A-f032j?L0w#SlN_27*e$;1EwiCb!)89}C
z3rdMAddnQ-=FI@XTvTQte7bMk`450H%ug5_cN{EcstwXw1~yX-B@w^dJgS?gBxr9u
zHf%KYOd;1;(u&hi&@j;>CP2DeP&hl+aoq;(k@&DU+&jaL1LB4Bz8?bfJg2O0MUuh1
zU?%gfNPk(3A14N#T#qyPWd{33Euum(twafOJ3Tr>iLnu((o+#Q(^mLV2+`!g>c!*A
zO?Q8KMr49!HF_`{p1-}i(sTRzDyMmJZd*#}_Jf7q8k43ZP&R7amjUCL{#1?t1F?*?
z8WWj8*H3hL`UXQxSO6EGNp>d79?9Z{J53!^$Et+&v-wz-Rz}JcGb#)LDMAgCaxcY5
zFU9`8%BvTNrLkl#hY>!C%b~kK9f2!^aejXsMdp4W^S0|_s(B~Qbf^%;0=^Y7MMlAn
z+H4i*qd6OEJSp+N{|v(VGZUx=zh@t!_EklAp>-)$M6{JdR_ko+LXADATXY=}N3oe8
zObCIk-z+b0j2Znb8t!1+JZ^8;P(cYwG(A$EFm(R$1kGw~#V_{!Hv_?)^;~RrD}Ag$
zz>yM_wjEvMryQPzo~ZutU)|bkZXt#4l>LzxoV0(R{5+}2T6wkY<alHDw34$?^Enks
zUXtG!2H)ynl!VBWYBlfLic+&?3$94lPu4x44e!=GFZAWbzb$_0jNja&*|Q2RWMHS`
z`Hh)=jb*QBF;0g<Wi06E=U-Ih_DFqH&&ZnjQM{YovDF$m8FZ6sDAjf_AydkHQ<c@{
zdq5}a<vA;Nqwob~k>=;hzzd$yFZIZLXh(uGV$PCM36jBh&cbdgdbS+*>+s>{mEo1R
zx{uA9h<!MFid3j$4Qb5Y<4VoiTtG<ML9ljN`=$<lWTpyV`|Yg`dIjc-k|Fif&JMKE
zCYRBdKUHN^x}(gmdOTA1=jva7SYTy~&G}Pi-ht*=TiC~KyV|Wax}Dr@mASpN%Vp+`
zKu}I5Tfg^J+rd`mXd%1NZelFaWgrgWFN>+Y#KdwZ%e`+VVHdsS6F69T(1AobHWWi*
zt)Ow?)(e1jVxe@Fyl1Bu10jbOCrxM>)jSAaCxLS(K_%`7)E|4yPUK@VS$Yyn{my}D
z`^p!W(!lP#AhwPkj~aRkjo&>**iAoyxA}RR{LK|(U1xTcXhtI7AK+LDS_};=u-M8b
z7!26Io^Po@3m?)ImnU6Qr%akHK?V_{-$7x-8Xv=>1vW!dl>jH6xLq$g0Qg>;VbY;j
zMbtwXcfdE&M4?oWzZ?D78u<t;;tT<T1Oa7S+Rh0jA}dd9roJyP$RLB?dWW1G-W*4S
zJQ<k;ovqbT+V$H}%|)NRh@Jrbcq2ZprZ+Wlre>y!3Y@{#ut1;W>6?u0CW=Z%$7()f
z&Xgj7?k9z8pe*zuW_z~oz*bbrpbZ1T(-dGZSs0PE-V|<ySad{by~9xHC??9$9c=dg
z#Pk+DvV+<*C+D20+8Xa-ABP$zh3^*#QVocM1E-9fhR*aMc6oc+&uskXm~htNSmio6
zhWPj{D6ZTbHM>BC0kQYLm}DG>=TN=EH<pJTyRl0aiLfY4T=yk>O(5`2zr=RVkOF$n
zVky$Y&$PS2U7r&ACUn1&4}{h;>gLsNeJ_<Vzfd<OuhJ<s4=?j|8i;x6vr;KPu+IX=
zqnTfk@UetXWfC)Mt-;v1*>u1KB}C}m5(%K^N+K#;gsTu`iD4ryfB5(cM^-#YE%ZBW
z!{Uw2(38dZtA4b%M5V;wSGbgFsfbE}3TrRt=dWDeRA|pC4uK(Bl3k6&zvIK6w*_7u
z(y}-VRez}R`+wE5Rmd4$PGk{^vq7&xX8vA_1wjR*Me$c?V9CbglaZbYpSWWyAPTq+
z{gF0Uqwa&c49Tsgzb`ucc;9k^49VK1CtscHRq(c%yq5|owm_k-1Md?^5B)-2X@N@3
zVjmzsk7#`hA*pyntA%#5y?SauG2+K9asY#W0yd-xa`%>>)>CR$m%?SSw;SLcy41ty
zu^#RJft4u!<L^&ly~0c%8xo{{)jVcCKF{+icwTI;rLS;W%JF;irXspgl)ax%n^Li#
zmoH@-rk6N$hE}IwE_&H3>hYD_2<2b)p<ZrexNJ{n^zd~fQyregd^LVvOcegJC@YzR
zxYl;AM8{^V7JV*E5+%@s{4DQ=M(8-x;B}%|l!0D`o=Ia}oa6GAO$_-CL;M<B6+p;=
zai0$7vpJ?>D@HF;ViH;T=H?qwOteRn`s@lZlXCn=&*n4ZrO(a|{jgR}{{BHC_)naj
z^d&3Rbe4iYEf@QPE|PESIAO42`#Nw_CHDoyISl+{`C^r<!yk2!l)<(ZhaccXOq%kl
z58{l!k+E$CO^fwIuCL%}IbB00h*zO(AsxoaB5#)|zOyJm-}+X?ypKRJlJJ>I$IE91
z&+^qxnTcPjR`N<Q2w)Q(tRH5#lyB$+O-FE2L%V$RqHND_6a41u9mo2KNr)S})Y~H^
z(CVZCtrNPf>q>9(KugrPiRYs74e)V@0h^OuJ51&4h=qT2RE%$har7pc9_?2<YTw7=
zzh0bTyBX`{@0#kfDI_JHVn5Ho#w~csyTGNIibcq5u0;27onSRuwk04sTmwT7_c~7t
zD3#7V*e%b;PAKaB%98jbNHQ`Ua)w)S^0bdJzTxS)BiceS_&MoxAlFi{0!z5u`-<l;
zU%<j*REmC^#?H06p6T<O;RnoRd6u_@SGAHFk}6~p!JofjVxh$T$dJj19g!%xCs-a)
zWrR*t`z`6*p1HNl$>_0fG$DKnzW?9TonK_PZpp)S6rCb1n;35@qpD`mtxUbwm6335
zUA@;F(PL>49|kK2d?U#o-+6FdJ*5T<7T&4v=_#5NdDQxOloZ9z1YRIqeK&S=%{9T+
z6m-Q`!?TMo{^6_cJGHUyoX?n2SO>;qt>b&p7hZ>+Hc%~n3HIlFTdyhUGyqc_QLd@A
zlY1KSDE{5+Ny(?e>bA^g+Kn@~`btUD%sQLdbI%+SbdY!xZ@C<40;#j#(2j{Qr?Q)t
zpZ{XSh{X%)`<#@)EmEvi*X{(n<<IpjQPR+}H)WdWe`Frja4@bn@c!I02^+<W9R5D{
z<~?>p<jlC&#YGzG>ZBbB-$~mG+*EtUV2K8~Ii7@Fn*nK0H-Y7`-}r}Zte)II8%fz6
zD>gpC^#4oF{+02yJ0cBX$i?zyDs9$~=AJe2$>fU$e72aUvLwyqG(-T}z_-E@n%H<t
zeyvY`guY<GI`!lu*$j##N_oGKDnp+hY1x(V(i8~D6QEg^6KnXNO&6De?($2qP*0pq
zoXr>ROj_CHQ+ib}VJ-LC?41qs21<Ay`3IBOMx;aY$o20`HZC=R{zw)sE$!VW*>%8L
zE2J{124doTM-<w5X?mnlpTW=0TA+s>>KPdt*?`4~Hf@oN<8bmA5NL7Y830KHA^2$!
zRu)nfm7<oHKu>&S*}+M66g!Anmhm6p2e$&Jq--(spv--a!8Xh=guFb1MKpmyM=5`e
zu@dW5EyrtwnRWNW8xPIj6$#3Au7eTs;KV`-$T=r<Y*PqXr?ge_jc5C{!jj4RvHs73
z+{(U2B8{j258yx_zs;<Vy<JSkj=nY~Ij&QTL<al1afl9oD{*p9HJtPP8rg*lE$$zy
zIPArkB7+m@VpxOtx@IP=F~_4EJ(8G!m2rS$DNZHB0q5>n;@w+3Jtu1JA3KaCI0$4z
zOR5Ff_>UsKhaGHuk7plR*Dqr&xz$pO@KqJeXo9mDaw;kZsG`J4lj^d%9HP7+mxmSS
zdlKAyed>wDw(->j#K0^NOQ;{&z$>YSOiBDuz{TD=heR5`2J%%#j0%Wk#kAAfs-j)I
z6c3hzUlbr9zYRH|h_`|OOF&8i$31zdrezj>3hLvhN&Ogq(mw@?)JfD+bOWGHfOG?*
zBnqgu1gjFZP)gK{*GC>jZbmDmMEEVp#ci(DaTmtbaT6A(sS8x9n6YBkq)Vu|b<?cm
zrE2BZPQ3EZZOe`6)^g|MU!hq0H#u^0Z{w=E);W0>9af@OKHEuJjHr~#q8pV#xdcp*
zLPb$riXsIRnM42}<M#qaWcKO9cltuHn>?!82r{q{2{?)KRWkrFVn+eugl)&7cf2v`
zjO0NUPG1O#U=F+rtz);^@ZpaM3Dyopas#L}1;8xcTBbG2W_B;>#>1}DvCjYtYKw?>
zs&c2&w;IW9$By|%9-}*CK#w)goBWnD%9{mKw%Va?M5G}Nx-cWv)qZ<IznotgtMNnz
z1yd0f?SV0X1%pY0GrttyEd5z8>O()MA+pI-HlJpjSaW5#&*gm<Wz%O{9?4f|(m)o8
z8Xc#R_APU4_)hqpe7$ZqXUtI>c9;@9Q1F*A=DmFNvtKXS#pdE>WchimxuGjZwFNSm
zDk>(%P(;c3sHEjZ*MV|9>&*6~AD_8VU?Xdnen=!F!-IQJFvPr%y#OW$0PL=&B^yft
z%fU2AOuvgNVY`h^qmmXJU;b!d*G+wjYg3wFjXe0KuhgX=2!0>4nis;ODL$ymE=NCd
zBr_=ucp*cQKlI2gj$TASh?k}zg8|7*U$Ok|NAaKZkKCCT>^^rTzCC;xe&ooTN6zFw
z$L-L5<j8%f`P_|tTs(*FOg4|4$m73H1|PXF+Fv`8KRbcsKXRD5U)(ZB{m*a_{mP<H
z?j6EJZJT-RkM3HM)_Uqj{A;_ki2YLE^uzZq{Q9ehe&6BfJ8gMn18nzsFdwmYp19{d
zomWybF$(=5_NVi90qK|EpGco-25v)qe{lWD^oQDypUQnF_Yd5kNPVas%PaW);ro;P
zac6ZQ-17eb-20>ZmT#+{;eW}~cWst-T%>oAR2y*++({*X01tZc{@;GTRNFP{{cm5h
z+k9UU44&y;R#C46PO9lJ65JffZZ*zQej0~is`wrL$Fu!4_Br%&!FP7Yl{bjrKbY#q
z81aMzqHC-j@^k*<h8&XnJCo(F@$ll^o80mt)Q(kn@RfoQ1Op?d9tYC=*IqrD;{O13
za_WB!UBkKGDsHPDQH|Kq-F=q&2|V`1hGpN^FU`Iy9e+ojx4q>U*E4LrU(^CH05|Zv
zokxoF&Rl-T4D9L0aI=YF9iY4Wmrtx`?MgTID<#v6{{T=HAVeKQza=nAG4B03t+LSy
z?2w3&jCuJ0>fyD!B0njODO+%~{{Y*VAQRy64#6Z_T#?-`mBt|P_#(ijMAc&_y3WyE
zd#58E+aUl;9()wU+P@B2ms((L&=xW=01vrY79rfHorz>(Zj6k<AVdu{^BxIeZDkqx
z#lWyQ9uaSLiea^<7G2jSQ5BNXJ3%oGr#=abHC?s!4Ch?Bvm^sO0CB^^!4;n($xM+w
zOh5n*UdBOgE(O^n8rgt(6UmZ9&kcAPof|8Sap~4%V|;^=F9|o3BtF&Y`)zejeJIGD
zG6a#VWvSDU3fAK`ZNE2AqSH84T%}aDk6fh?+lP=mR4<m?dD}8ZObCz>(gT@sr!~)7
zaqf-x;|x4|e@ZeU%!c($k514%%W{5MwPqFcSB^0^#&N9a2sw`61M$~SB{R!X_+rP#
z%eyX{E!`3coh1HY<1TA%c(S~iReZ7T4OX(MZUAR}q-*L5>U=#vXUL4O`f=U9xe-15
z-%v-A^!k1t589vH*k$Iryr_~qP(-t!4%SgoB&Z{+@kMxTktaglOUU<)q-h;|M+64h
z`}`0yDMV|*P{AB{`5*xdPXqxYim0+O1+-*YHFQpahpWJ=7R8YxcBfem1I5!?<|AW?
zsNJ?J{LRC~F^keNlOM%aDlgBPAxmC7LWl$N*UbZc!2$&E2il3Cl6j*>@(6+aLm*Bx
zbMHp66JX>Y%%+GLNby8jO=eOWE%O-e<FSQ=WX>0>jvijRcd;=c5Irt@*I3J-0U9%T
za781ybAM<2P(y!~sE8XGQ%K$9q9fKEwfoaYU$^#ycTUUgjZu_$#;5&L9z~l$rxo*m
zZ~p)#&#z?jf9U!@ulgN#CB8YX?|Hx#eLn$<d@$h~Y^%6s7qWH7rM@tTan$PdBek1V
z@ITMjx7odUwtPQ9>iuqge!Pzj35syVn9&&28O!A|Z<K`PGZ6{sH+r5x2@u1Q>Fncg
z_58VCjg00~>(Ba;j?)8WXVMHv1)^AOeOz%%{{U~{%GJ5q7(KMpjw3UdU#@i*l&3j>
z3%h~=_*qX^H`(X#z2xxW_Z*D;dB*!C4buiSW9<fDfuN8cf;VdG*~WD;ICXC~%YmIu
zu_p6dK$7y%KDxLbYu6)&d2~B@qH&3yNQp6hu>t@$pAxl(svX}G79`?T6KsyNkUsWz
zWfO6lUBZ~*RT#^CkR-~vM@M%B-;$=W<!4JEiHL{@0(QABPaZ01Mh;|gvmuac6K)`f
z3L|g#smHlXGP>d*eH#XWxbpMWT{p`io<>G(mQh*i+cz*8hdT02TvwMoiQa3=J10@v
zV0n0e%4v0dv{f5nRDViS_-v8<r-37qFZ5rUVUJxkSCnp;4e5Qb2TdiRQLlvYJ7!)?
z2#l+ZP}Xyi5dbmOz9Yd5(Js@CK9zLZM5OII7zq#M16_O)rfT_i9FCC{T6Tuq9lb<w
z4C6;s`ls7)Z?aMwrBRCw(uj~IBtP7J=#kN${4)tx5gf5lj6l>FzM;5ysk+seuo%~1
zkRp2n#QC$!U;34eSj~x>A#Aek8rg43$~jC%CNW{+>ld6^cje5_?iJmGhYB}SI9-2M
zx6}bGH*n-qYdtnbbwgzkCYU&tc8HcQuf@Q~mC_}x8D@)nb#jHfc5Rd=2Mpem_Z|sS
zI6_i|!mNU9fs>mx5+Lgt9(+*ObGK&Mg*jzpJfJ|2Mcty{dPk2n(~hyn-Rk>H{JkDF
zRu)xJwu$eIgRm?|v@cY$zGqzCZdIqJ?DJY=j>FH~qM&y2P*zHUJBo{s6hrdY#d#k<
zgtXUEfR%@z+JT8V3;|bJ!xqW>6IT-eo)K}+lB*yU2{))j7tjYq`l=^vhzH^4;-;c;
zvT|n7@K;6Ak%<oE@po0Od>#2QvO%-}06oeteQF!zb&9TNo_t&&0S~GrB2OQ|3@zI5
zK4>KVC_*gXupxo;J_;#r2$3G4<@chO9Z)e6cq@jig)%%==MHzgbTILrTo<E`9)7yl
zpu(g@muTkd)a{^URxDyQ=7PC`Pl!PVZYY?Eh;gDALK~zb80t#^1Er*nu<iKRG6wo5
zm5~org(Pf_j$D!Xe=_(Vv;P2->g?mkKg;cUKSQ2mz4@!<mE5wW8DaVaXBbX39mK+V
z?IvD{A09z`dz1d>(7juHGyP>8{F=LUHAksT@+BGF85xS?V+g_ohKXp0a5QG*x_+m&
zP1k>9y>ma+pSX6(oTH06CUQDd<I^pTF$t4Ctah6~>czc9$Q}y+0GjbX=YRG7j(*9$
z9KP+*?Vm5(iLUIj_0G{L*|rP}2U1bjY=*mh8Ec={>%H!|cRs#9E`CN<esy(b$`RR2
z4m`7BW4beWOl<_Yk^V0Y0`_t0pZ4pQU2m5nIMwA_JEc_3k=qMFB!_2q`}nV4JkDNw
z=CXIpn(N1oHDV@qOZ6BtMmo3Ju2ZWs!;?7Iyhf=W179+=T-UxNaSSC;>dTF%j-CU>
z)vFxx4?Y3dAKtQ<VYZVX+qpKns$$x)XJ({`*Q?C(3N<3BLu&wcYp&f=vyRtl?bhEY
z<XKsx8l&nUn94v86U|Fo;uQxL(~)fy9Ne2{DG^{kn7g^;=+apK07~S}JzUELJWOl&
zi*w-r0D@~XkL9ZV(}_`ySalw_AoXU%abo+6J8)MFX36cN0v60mVcWECa%UsU(f4>J
zC79XT@$ql2sLV%gV{wb^kTO24^5S*-k*VdnG-Hgx8$lv_rwP8;i3jxT;rX<6C2H{K
zm_odG%5nk7BbUTkpWd@-{{TlG%QCI*5H&EOu{x=YbleBTW<9EL4);*L%Ig!Hr5>C5
z&b}l!4S24RnxxYVy6QV;4YPPe`cAP8Bgc^7l+9CKC35b&8WVWN<GX<*7|8Sd!A)5m
zOtCW1jN$}aU1h*-4agsIlIO{0{5bg(-5AHEAqs4Ws(i?9W7^uSPbt((z3rzC5#JMR
z!HlFqB)H)Z1WWMqkiP2W@sLM>(7Hw|P7Z!nC9$%ZbmU1QLxFu2=Gf=o63;JXgWusO
zMj7LyY`9E+OzHef)6cj0c>SNPXUCURP9zD$gA=Ss;8$0jv$yt+<=mlc@haa6N3LXu
zhi4H4@saQgkF(v+A2r+6=<nJ80Bm${K8E^_F6h_LhA=GhzQ{*H+K9Q4<KVph&-{m{
zne(pRztQ&J#ya2p6SVx_%KYwA{68_#k4fM9oPG{pwRnI2uU|h|pX&C1{O*1}*IyGG
z{{Z5>&M*QWf*>uqz33E!YT6GJFpZ3Oy1I$=i?JtZ3_@#5>$U;_5*&|mt@C3&lKoj8
zM5x92DA>iut;sbKm86h-nO#y6e{vy-u+Xw-mrxx}s_Gt(!-51zZ4eu^KyGbMA8G~E
z9@HWxWcvz+fDa^)OjRPcIb!vTV?%Osw>V<<x)mP<xyv`I(^U`cT_-GB=;G1AbdFWn
z#)tqdjX;Lg(NUGH!(Y7wda^utA{cT!0*Zc-%~8<B#-va;$j2)31u_7hpA)-6?m*Fe
zZ~TYt*?ye=0LAscL-l5T`ksFu`?^(U+1Ro1P4vbU<%yh$5gR6V0AEsDb87l8fq%Z)
zKM$>X#(-*<%Uo#LnUf-MYB7-7A_<QDtQnqK>8kSgZMi-o$r&&1cGYYnbv4&kBV<UA
z&1_<KY>{CSH<PD7V%IXu;;;EEWwX9nZ)~$=G{++%*7=)eUR6df8Ac)pPgbs9)1vhL
zzpt5g{HNaM^{+kkAJjt=xL<>YCGxeCOfyL`w%FGrH|iGK5@!2A(}McmpG>k_=KlZ>
zH@Dqo$>aLGZWnko31iM@r#TWq)*+0xk?h`As?RSh@9@oMd9+_;m5qXN*xZYLe`!W`
z>jdqb?Uk03DM;%h#SnmJG4VfQE_qA!co1b6hLIYON+mmLv;ir?Q49=BgFET(Me>X(
zl&y%~BIj=FJ|7M!I+(q;v<Hq(XHsB1qhG>DhT_UKIq>OKVXtWI*g_H7W7e1gM81*_
zuMTXZbHqlSzuh_+`4WkpZ(R;$0zlE^c#_K2H1M-(wk?e_L5TfO00c<*nFGu%B(8?W
zg=V=*y-bfiPNb8sA7agF3wp4Tv`Om{0@(&E2;$sMx+&GJoJhx2wq|9EBT2IspFlP+
zGLhBd8MrGo&iSo0Q68M^G;N*V{mo$VW&pALHCCp0a(nJ<wv1Z;08c8ZgE1Z&F#wUr
zRSVMmYc9;fkIoWgCm|@EHtjALY0RfQ$bGGzTdJ<O*%@mhONna1$Y6fXYIR*Xj!sPO
zx4KS%BysDW=*xr*NY*FCr@?AD_44T9+67id<GOXoNXv%c3w^0(thm7DUE+yL(-~Db
z#siMQClBvZcw6PZt1dQ3LIO3(#PxDP8mCDmwH%+97&#9CXGy0mqg^EI8_jaxF4vik
z6tQ!AjG>i~L`n4305tI$a$RI`>&ux=KUX4k1GS|uN$~{etYaHTYlj%*iouz!tYZAM
z4z3m>J2LCMQ+4cXfruLIlwDMw9>3_{tfSd;r7ZYIKN8pqtJX3U$Pu);544UU*Pq|V
zU2~k=Z<)_MZJPSbdzCkK>}z{QMORT>v%1rd7Oc$bM57V4!}D*ke2Z_NzW)Hl>y}CV
zs&jkI9jMzZn`M>UvTN&CVTh2dOdX;T9-c!|6OUKlKZut7etuZL`3HOc*}LX0>o-%a
z(T4v3gQ@U8!M{!%HD%ZQTyMl@?Q!upCC49P`wyH1w{qdl0^{xRMZ<X=8%9LJ>DGA1
z%(4~{t~|75L}m-=?nIzFw?0Tjz#RCu+JzwyOH0${id!Z$8ii2};BhEni%KbrW#q1+
zLPYaKJ+I9$(-o_Usm8Uhs%eU~;IGv_%@C+~EzVr;YoSS9CoF2{&=#ahwiJ&AtY=zk
zrD{aAx`+S*(=GLA0;;!)DJUXIMoZNG9@JcF?f4gFWk#5S#icXBpx{2M&-)*<&#Q~o
zcJz8Lv$@Q5vOAw-z=*E<AuPKjAsJ*J(}Y0Vx=ry(frxUyE9|}dI=y~Bqx4+o9L`*R
z*_Th$A5&A?EUvq8sWQr(Ymn%HSsK|nGw=cb0Ail+w;sD^{nx_r{oP}?^#jAX)_T_8
zJd$S;HvnO@pVN!(+TRb4v3Px4PG(%l>FoJ%yPifyFaA9;t`H&PPLi?|?cE?C^7x2j
z?Ovbp%Vl!wW0BnZo%G{%C44KgT-=z(Gt+L^7GOC#_5Q!AZ-#p7!^!34&_schvNhZD
z3_uz&5eI{4zNb3!TE&%*R3#(6JOP9QnH@ZM1-5fO8N@ESTSQFc+5ibY#Web^{@s=Y
zWh(Z>xdKEF+JJ^N5HUAe1#ZSMJEg;m1xXg-e9ZEUaDgIk81DeP4rJ-(rkJ}f!AxUL
zRK`t=dS)}+ApD$o5y3J=w*FODjhWnXBU?rQM}$OT1WvBnKZ=HHzB_+u!N;ONM#)5p
zTV#gd+z$r>)TNcuWK)xxZl*?(Hd+TnI1YL0cmd=V<Yx7$;Nz2A0j>bq68A;tX1^3e
z{4DBe^>T7A!lO247k0n|X94MnAnJAE>bdNCKHZZ8hdbq@1WU*c5#)Z(DO(>khubPK
zw;)PV9+wX(YVV?ATaH#Qa;K_ps>zCC(z>!k9eFr#{!1N8_;lyFj@@=q7yvg{D8>X?
zJ<Rjq+qm&u<+|OI91DA02Kh^?WQhiHBz|KiA=_3fv~l{zjO+_Xb;blvaGXVwJG7C|
zAG66_EOc`tkBg3DWTFg9>>PHDPo-n#x_m_#Q>NN&zH*&Ha%e`uw`gE}A-RQmxWtUM
zPpOv;yM+YKAQlEh#1MGvyNY?k^5u7^Uq0gjNGG8f0WrvxBKPvUA3kM_ob=dECxMVB
zfc>i-I`dP$>!pu%WVfqy_KkRhsrMwFPQDkzBEOasme|S>G6d=H7TV*EtG2l2&2WY!
zrHvfQi3QJ5wE&UCo=UmnUNOX-HB$}0HK`Mh?j&mbl-BW=y_thVuG(@X6RcZq*9=?D
zD+*!Uq$!jqTuf!7#4sOXx<^N{ch2|Pq-?>k!mEbcX_K1l1->ZoD;@ghUn$MJ{5|#`
z)f4)PvxsqqCGe~DV+lw`5pk?z7A8FOa~EDdy<bl*-)qy|{{U>revi(7{_o5D9+v(m
z_J1qx+vdDqe;c3MuKxgEAJy<bQ21Bde9-UWJWv8mN2$T&6jRg^IJ%+6XNLz-5HmW1
zuQg0DA<u#ZCL9AlG)zQpf7*gZM`_+Yg$N@cPsQwXEJj8;xB&htq9K(MV(O)<BNb##
zSrD}&I<^sTw<9;D(XDPqEn6Cvr!4CDQnevhMzySB)v<tA6IVj8saMwn;Hxb)#7By&
zi{mC{4uX4#9D*p{=7>f_lvAp!F0vIv<C$U2y!2S_xy-iwM!4ejWS=#w>VEh!aH+!W
zqE$+>6B);7vU>;ydr6gmN>kw=7v}o6+1=}}hv;V$*UaX8yj4AJ?cF6-b=zrx6Q0S4
z*u&Bz8B0QZOBKGZPY!eYua~Fn9fKbpc|Fj=%JKeQ$|GLph0r5ul%yg(J6YU%kBaeo
zecS!J<=@xFZFciA@#BwHMqT|$nC^P!W3+7ouykP^0|4j6mxr5eyvhFnugh1j%gWbe
zXGqGhz}pKX))~r1P(PYL2^|UMSJIqiv(Lj4_}81yw>IplM!0nWlt6$Uox(d@N0Tq5
z#~B`Oy0)mdwd9#o8_a5eButac4bH*1uA0x(t;fcqHNvoR?~x_}j?mm0n{o=}KH*iO
zqhO$usEFDD^G!<6nOj))<i`0BPod<*o(`)vC5MyKF%ZX%paZ$Vk(25ic_`N_k8sP)
zwiwg4G*dYZv1WjOD1?h{*Gm_(V%1Ep+w(Atgn#K{wnPm_H&WP0zqy%Hm5&T6A}*W=
zlw+y*Ob9LF6LoC<9RBrDpkq}T3dG`NID&SGZ4VuM6=Jz{UV3sJE$yc16QDd9lSa<Z
zMovtmV{XVnqd6Hfj|S$DlD5yZ&g{E!=dVx+#@`77?d$;ZRX(hJ$0sKeci~qpwA~PH
zZW1Fx-cA&!O!)Y7%9Tv#^2TJj00-6iBFV2o+WUMc#A(+V%)I4eIA_pn>{$CdbH;qS
z1Wt9z5{WUGV;ADbU-&Y=D}U&7q}5d-R(fFZ0mQsGlCH6sj%2N}bxs4PSb-ah0#2U&
z7A<s>%Z=P<ruyl$#O;KlERMdRZjMXxASuO9Z1_f;yzHETSR1k90AmpQPS6CvZ6EGk
zE1%88^5u0#7Pytfjk{veh>0u+{vzsH-Z^wtk}}1aMnG9(OoCa!(Z}Gm9PGN)lTTFj
zBN==nZr)A<XcX!<&GMITh10V5+%}lN&e)fK5JsL$JjS~CakKJmw$7N5^qC28539P{
zg};Vq<zEU-akKPitfR^NQJ*6g?21f<TxFpo4L;O`rFrUC8>MWgZ~f3m05lq_Rkj0v
zYS;kWND&$rJBJ-OtN1(!-7HLV34$!$x>2730b<``m3gaiue%;!HIHoi)l1Vcpd;dD
zJe0CnJ>UNTlt=cb`565Bba!=a_*>)QyN~la@qe`Q^WoS0xA=H-xN!D|E86m4-(d&_
zZ`^>015oHdWC(A}4y6=vj=YgE2b5c09MwU%7w6<u2AmKYk20twAVbTKBBG(XQUl9C
ztY(}+T4iiOT8yoT3vm`iEl9^#7eXs?Ioqu@hFg%<isA_#D@khj!D|_{Y-?4Ouz(t~
zpw&#O9~Ex?34>L0!TiwM_pId?LOs4**!xIN?pUy6VjqUq@^t%9{z3$LZ2N+J%p=?E
z93~U)xSbuFF8PR7N2&EX4FQq+A{}t|{^zgNH>&IE{eHcdByG5M9?#o4x8%mmtI6o(
zL_Kj4lL5q*BynF8_CIsKea>cc{6636{;xin_Uq423*0-_E#slvF{Cmsk@=jf4&!Wz
z^-3h2BfE!^y!!9vo%J`z%TLlhn+HF=$QaI4;!Xo5xe*CUR%myS<~7BRgHpKu$Fr_y
zkIR0ZCF$z>_GGHBBPX{?xl|(<&mJ<C*a*m%uzGzg&Bu?D@bS;vC3p5;;lRbex6_-E
zlYJ7psqPq|%WsrUq&qNYZfn=auH%%lRe7D_*<pGyzFy%e9DB`ii2%*RGX~R^y7@0x
zr;cZh+Q+lIpALRtvRKwzRf2;c4*5mpxH*yW^*Z%$mkeR3gJgP+aq5e}$i`B#axO>`
zc{6imeh->i*NXCGk%f+CVgv=#gqk{d$%Bt#lGV>He0zU!?iY@vkL#UhBJum3mbHt`
zZN>V39wx(aHUK|Lb%V6n#E~LKgG5=*e7kkW60uzsVa7EO4D629fg?jL%=)R7e0~}1
z>>a9@7>J7{U~Tdt!6fkD0&31$;42v>swZDY5HY?nJRE8?99d%dy0au?j#c)~kw6%@
zu$hc<t|N4#0L7!=d{;>rwdXsp>SRcZI<SO`*cqIT4jejK#y58U*lfedfH4v<iGCYK
zgnso_a^2he1(m{?(LJ)B;b}3~O+yY^DfY#jx;VJhV{NJy8CrKwbdLEDV%qXxPm0HP
zYo`+&yzCmX`?PieB1EGiT*chGe-{^8=i#2SR?~?LY)YY2N!6z=K*j_)_LHK|T{X`+
zS5bUw#K?9cAVu|ZU%_$w$9mCdwAKVjuAm}d4wF1V(}up)(rXn#lxo>z<kkZ%wa7UU
zE%3x?%Zk<S82W2Aer=PoQa*~K7mn>uzmt`Tb<^vN*&>@Mm3IdQQ8AO9q=0z+ycOp8
zXTBwkv}IKaZ|RV1j0?|)mXGA8S5{1Ntev;x(PJ16ps#CyIF~y6R{5S->i8KuWmSd-
zFq9-9B`F_hK4+5Y9PjXsHPgt+#@Y-`fu`Dr1%Q`_CQ0&dgU;?S!ppKzb0ZcGJtRbM
z``Iwud8=m`IRS~0KI6e0>DOG0;sb7$u^f>a^1g1$?Y6@b35k~08jna|G;yP=R~V;d
z-2x<i5+iZ(+rj?T6Y{p32!N`x(w8p=Ac6@#NU-g=-IHAGi@d%PbYsY}F6(qIh!>jX
zA&(glD<R8{Ew42EH$GOi8@k)2(rw$c@O~}h<guPL(`MoXNuQU3+r~m5^B{Pl83Yme
zkiaD$AKri^{k|x=Qjy@uT24cvVj^1bbVJ_$;(?d@d=XXgE#bu^ElHNxsYO&<7|5+i
z#a&%~E2QO%()h>8bdk!{(2tVTh|yd<>qxo*Y9(l`QGH+)QE-bOm<T2U2@Tv864dyW
z1^76bIe8JLf$BVE$|IR8m%H81ub;O~`n`R3ay=eDYVEYuC|hNgTLT$P?ros>fLIMV
zuY>OY0Ll9;{@Ek!dj9}Ji9GGBpHlrydv*<&5XHCV?cO6`6A`RPffz)@NEvPQ$QIFf
zy?(E~`&#-wIOj9V<(=0y>n^e}+$bY$Rmh2$z!w8>=Dvp<yq(`F{-64Dym$WN9^c#Q
zmA9Q{<VFyOIm%Md0H?Fr&l77tzgJz{kE{0H&mX6-u`xl6aw;b5o5U=-S4qGU5`!2;
zxe!;!_Ip3e)xU?+=hyU-eq7G!Wfa#7P6Q3|q(><4h%yprfg-?eVW1w;y83=|T)WBm
zdCD%tzR?kEZKof7mqx&B-6JnZ-ZXd9g8CU_&piJCqVDgV4BWV1iBxKoYaLv8MskR=
zcMuN11c#YjeO|w>Ece#eAGyY|I#-$3aH=vG(HlgGk>>LA=DSMeV%!Y6uxk>A6J}WE
z6&3~}BUws(qoTNKiFd5KVg$qmRvAh_Xu;XR=IIjkTCg*5Cv<9ziIhP)MWYbz@{rMJ
z*GN?cm32(Vt@(k}KL&ji#nfuY81&3;J4~b0jj}QzNNFPEH?b4s?!HWC7zw`%WI)`<
zShujQd*{S-&*q^!qg`0yQ3ObdLbyj=2QYZ?)Vi~8mO8RIw__Zv`A0Tj*Nq`eD=!G`
z4rFDohOW0GH=SRRjUVk73V_&ZuEP)mlG}Gbf&;criZE(>T#{ohIuoR{J{y%u7WZ7N
znbSOaqD+J%D#T>dmg%s4x&;=iqFEK$zamEKj3L&n03%-FK-Zs|&(*2b{I^f3RrvN7
zBYlTp8Z@KF*`QeaHH;9(b1U|1WRA_noDe@RCAmKZw{<%5DvmX>u*SOKX4@@~COQJ|
z#nt*of5}<9hknJKP?ZfGvUp7EA_su|srCL@{{SX@C5d%eSn{}%Co;rM_b}5*e&vp*
zG1rULinA_-w#K-?8sgED=;XGG4vMqIj~LciNRh8CIVUSXsFGYXp|nZ4$4$~c;+mMx
znRQ<zEQ^r|fg|8{_<63p#~$y7YKBHuO?6ID=(#(&ZzF?yO4}8l&gph7mer3UBO?2c
zA21)-pA6c;WbD3kwq%ndxRcD2s;nvmHr_hBsG=lpau^;2c%oxYAv3xWnFn1Az852!
zMfp6+;S<w<F{W~Nm+=h`*sU1l@s~dF!^ui40K%zE&ux)0F@rn#x{XMgo<~q`B#AcJ
zaeivzOO@66ynm7CdV1S@zAuTL_$l~re5us(`%&j1wCTX}C}K=QYp03@!$N?4M+8b>
zl3AP;Ohk|iA8V*#2l3a61jCDch!)^Z(eFsN!ay#O%B+M5T9KVw3YO<A+P)BPYTS%o
zmck2iFt#It)QsA?5nG795LFh!BbunX5ma3e0q_WmVnPdIVv7@h1XSyU=Q!60yyRLj
z@hV=Vn@KIX9lQ^waxSs5Wz&d=Efyq``Cou67s>sv{I?uW?el;2<@7y2`2MZ_?-A0Z
z<KXt|t`QX+d35F+Zk&d)gpaFk-3e|h;rqS4`+M_#Ur&!;JWPsyn6vx6`I-6H^wryO
z;3r*H?h&?o#A}J#2{CcZDc3(tlKFbSTb;XpBgyv;@7yx`u1+N79I+gWva&6r^3!*e
zsv+z2{zBh+_jAmgv)5OytoeCgsQR_{3-QFdxbzuE7D4ukkFF7q4iT7LxxOB6WXkRR
z5#4^Ev$o`Re$pdMvNs&OnFzu%grn%L>vWubP<WW|8@x*Me$3{7cTZ31UaZLWpHqES
zaQ>XH`+e2RxMrDOn<}i|3azk+8tHKpC|9wMCvX|H^ZGwtci;C<5#QhJ`t#%FyaYa~
zy6(>^aw1Kp%j9pIqQ(|VCSI2Ky+0G^I4`BgqE5B*`uAHf`$c(plzi-}g>>CG!yen@
zAtGubL(p{EPZ<!N%l5ewiD$`G-fOcq`OZSAStBVJL<kZ~kq>9Fcay`F>ua6$K0&)G
znN<myMk92{3_}9idsK<ijBIZ0m27P`Nujnoj(|kz>{{}fTJrI`E<G{EH}123`G~xW
zGXWwr;-g7o=i=1^@>up+AR`&Z0GRD}JV!N6S@T`;dKp6=nM+`Vwc8TMkmNWidRfhD
zw-Q(0BN<PrAsF!{FB2gyC4nR{J_)I1t<%Rn7(kea#(uayqsV(wE%0>LwAldx`fzb0
zu980pQ+(q7981Nv_x_#L%2?7Mz-@3$VaM%SwU0XLSw*6#JPaXRSP2*1uQ-Fi4-%%X
zGklC@VrtVK=#g;;)OC2t$G=3?`k-yDjL2f)!ZwV0<J8#Oq~w9AIxu&2Jgmv#t`ZZ!
zWQmX^%mL6u=;zq8ZhSTK@~b;H9-L~dzeBjjxg9_NAA}BUr!yC-=N{{Q>?<7#%NWkh
zcSW00H4e+BIenG)X+juQz!-@}LEtqShKX(prDwwJH9`=xB2OYWbo{u69M*ccym1?+
zzfoL7BNh>e^=a;0ZF*$zbA$}xBF@fuFd&4Ajh9<w$qYz+2BZU^*W9e0Qq-~TtV4J_
zK@%g)HmYZmUk+XJs*CTU*>37b)IjIU@Li*iQ(RlFoMtx6zZnst*0|MU;(3zA$v!2t
zNXcD2K(B{~g0`6ovk@R>9w(ZbmM1b`2#3Kg1b84-#%|yeBgK(XvdM4tJI6wOsicT{
zS-&vmqO7(;*bW=vp#EU5%1;YwhE(bxKt{6C-z^TBY4-9|YW~%x&EdB7I@?P(21dTM
zU_M&-sNx9oPyzX$awq}#9twq^9DT(=;!lGzp-W9U^C*b!@D1Xj5pqiod`hwx#9Au@
zg6Sijt6^AWsTr%I23;g#t&A4rbG2k*7MNKO#CWYlSrNf%BKQpz7QlHbi+}^(sIoeR
zQYR57@k16w_>~5%JX`W?jdeu&iy0jvAH=R+?{_}FcDj1KU3YRe<yYGKWj5K|ZZbS5
zg=7OF+)IK$b@OljORlr&Kj!yO(Ubn_?fp4VY__4DjgM{f0GJyF&<F?NEFyn$@c!TL
zdpiE#`(xMo->1hn?dH~g>2G<br}B`j%hfw&Y~}v|awM1t#mt%@a^s@$^Etk2*LED=
z8?@2=#)Fxcm_?r_2}lasMD2_~J9j^-MQ3-b_3<H@Jg@Ct&$!>6gE}fTbvn?VG19T<
zG1j=9V*m?r)Ft9gcl}=f0KffSPb;-k*ddxTZ26m@E4mo?!d){dHHWQWff9fRfRgre
z?7c+qiN(HNHv96kZ@V&lHyKVKFo=;X7-$BI(ag^eA6DC~KTFHG<z=4HjdW_q?%5c)
z`4N;sC-r?3iEmEL$6o@=9@#VPe;U4?`ulxn{{Sl=WcokoPS2b4$JM>FFCIA~7r5MT
zGx8!Tuw4q{3C1yrjH1RRh?d#&8Z!C5&vloZE_i)TJyQLpo8|Hx_~27HVfMLOOlq9#
zl=4WNr5Tpg0km*tUs_9>)8zG^5jwGOvF(V+n_Xy$1epm57>|g{Kmi&LKP5eTVqYIB
z@+*w7#R9QqmwYgUxHOzQx8N71*F0}{(b{b{N&_UqF_mr$JoajR%4)eX$L={6Sqm~v
zRh9-2)E6YTB-Q%X?0(vDz?BpkM!83I$Ko#U%YbCl8Zo;_G{@FxhO!$=9mj!T;He{J
zxRHi7`eUrUT}gsV?c=Mu=hfEvn1&6u{LQky<2Y3a?I1BE$5PSrDQ|`5B|P8LForCq
z5B=LmP8*+5uc-ZtT(Q;iw<l<yT5}?1J7ZWa2iIMrQ^%UAiaOSH#M!1IS&OmM5S6J9
zGP`fbu87|%?6e74H}wb?a^7k)jCD&iQ`5zPs}_ju-4VJ|+wn>-px4@v_-CsQamJ3r
zS;)A8LDism?>x&MYU)VRAR&2`QH-q>h{OkA90H}SNa1(<=-rVVSjTas$%s7II68SG
zjCa@JZ*0Ycak|owjHe)DS=GSM>Fjj9V)5&(R!m!D>J|v&8i9<18B2lM^6~NuGq+B;
z@~mHvEP>35_DG)<p7yuSFQkcBKp=41-dw)L&Cyk6X4=>tu?@?T(<w&HvX~|Mvf6f&
zpdKE@u6|RmhF;@r=-&}xwC#DGKrjG(>!;VtkKZGKmyvzOJy6n)kNjR_^ICGZPy|MC
zlw#l)0$S=361v%2U5;YF?hpe`TopBzB#jQB=<6!B5Q`pQa8;AE12Y(sU=E*R9|h`x
z9(o@yG(;V=AZf3Xin6+8G3ofZH}6$dpG=G&P)H}(p<|;=EQTLna3TkMYt`6jeM5(_
zZ}7~C{{VA8G4s29JuZ&c^tze(b^BDMEnF<P0XFvYL=Vid@I|Hn07?W{#rPg*8<I5l
zpd{=MG!X#LPjM>AsctTeL_h$07g-#wTL==hB3iZ}t;ofzV-cd%j9Ri0T8z}=A2q2N
zt6>q#RkT|e{{YEU#h?-8_^OpSpZTDelA_4SzMRlsI%Q2CF_C0wqlZ?<0o{lU2`AXR
zxA%Q}lg)Z3>i3$s_fMvA>5t0g9PH^BfB=<s>&1y2yw`)-`+nZ`XV;(ly`I0;_4E1O
zmS_D<+WSvxrmo*)GBT|qS4I}f!2)%0B0bB&&#$if{_lwOUis#Dc?+{L`?Zwg$%jvO
zP8?+?JC6B&W$T>ITyIyW)4ONP{FiIM5+Wo*`w5hVn`B%70NWUm$$ZadZLeh9k*6yM
z8!q9IjbVkf%+m|5BFM-H?wqTDj6?HsxbxkfD|x>S_}6zTz@r>>rEH@bFR-z^$@Xs~
z0T{ubO&2cbKbGfKGQ+i1fh>&tyt}Q+=^DRDfUMgCT(<Hj)Oh<>Px5X_JTDXLcYM6B
zai=Rc>JRRH_JS$TXyahlBQMjah(-m8iHzeP;w=|m&%SY-vF+>oyt$V4`z!i`D!!IJ
zK)%kMkun`QPERm)gZV(<73aU~pDtgVcm9~|-KrntUeqzL;AiNzqBjbw>A=o5Z3mH#
zuDE->oqvYycl|$HzV3W$?$~j{H0RXgc2v4%*s(FPRd1BUNFqc|%{0+`%ic))*VTHq
zKR;sqINk3u(+J(#J4SW%PP^q;>dL4{(qs>&aTZ2BKs;G}&-WJdC+5e)zKJ^ilDwaL
z%I=oh_S07PBwqj-iQIJ1H-?MZ>ytb@J>M=&YtFjiE2Kzc>pqr%JCFRAS3fTAWUs9&
zAt%TZ_@-i52#`o5hC94GmU_M$k-9X(yo&?|$iR(w^V83QlIv~4@BCXNOpe`5PJ@9w
zy^CLzr;Kb6nUN7_jj<Y-moKjbzEUW+Wa}`n?-dsj8jdH&M4XoE9WoSV2|0}xorX-&
zjervpJfs7AR(qM{u6EpS+rEyZG_EDwoufw7$tPM_jAu6n>qI)x-B=>Y#F8I~8;eD2
z8T%cVlaUD15+1NOyF6c6c%D3zveI>lbg?l+rbg>*5qa)AHis>#GCWki7oL2fi`;9v
zsZ|Hu<O?Meuu0C08&9<hb&^$9_176n(-+^N5%LWX{{Vus`7Zn+DCEvFy0(pRj74yP
zF)tSJ&=q&^nfY?*rio`AhF1;G9lC%&n1rlJwQfyzbSsq3(g`B5!~vjl=is^5q9bUO
zs}iOUBPi%OhAKs<#v+>mn0bI7PHn+HN#U-mA_a4l3}#rE@n!@EZzYzM<mc6oMe&Ip
zQ9nc<i^Ku@*5?}M*Rn|BQJ<eHw#L?!o(588j^nSnbdkdMS|^=s^5Sg+q{6GD&Lja3
z{{Ygr8S1F+vY=VB7_~-3^ucfskxGa~<a(8clyoDAA-*LHWyyhsx^o+VclRY#0LVvZ
z)Qw8Wwnlp#0}v16qSG*H!d^T`P!ODiyg~d>uw)qSi38fnNfDH+48?~wO4I{!1-Ov^
z0AN9)itG~rkYys$kCN0z&+U+H{=SzD&FS9k{yTljuhk$NkTfI3b8;XDBke&QUAU?n
zo+pBVlMPi<hSK_e#4#2!nTNkcWYoSIAyi^C3#^V-rXj&<MlD+y>bE00vM>u+ny^LI
zqn%nHK+{F360C)9z<Wtrk)2xz#B(RvqS7b1gAEl*km0Z1f<VXqC>*YZaWk-i5veE1
zOJtr_O>(oop}0;};t0kZ1=^V(F#H#b+4~pbJwCrj=D7A<ZPGKgW^z1Ci=VxDWO}Fr
zO?3N_1df5YMMk61{WsYAr&<}YtJgP<JY)o<<bk+W`-^ely#C*BKMvl$FU#GJ?myjU
zX3esr(P)<ADP3UnjXoxhx@f+A>V001I_ct5m5Y~M{ldYx)?rRHU-ro$Fpi|KFXX)a
z^|Lu{e^)avBe`dNM;K(;EKEva`ldw22ADW~PLkENU448>$M*TFcGo|@cMQ2l4!B4{
z!!TinWw_2(YV#ztK^y__UA<gSI?qmDagT8B7Gqargr$q|ih<q_s#XYq()6@fZgZL8
zn>Ai;Mh!W_So=O=v$tmLj%;HiFF1p@UJ7%~v&%c>=zqtScOK#Oh8{#3G*LS$y4Y%G
zIYh^%9PW@|$$5Ws>(3eauXpJ6p6Op{?Q@iSoP@U3MRiza;0t3d<N#zi#hIOauV>-+
z`JONQA3OTfveS**C*JY0YL$K3vTErVLSRn9#9JmTYpm`J#eF~3>#Nk|@;`5x=IiAZ
zXZKvHW7_4CVO%UW^yLs@7<^la<Er~pna$tJ<lX9G$aY*B?5Iw|b%1FDE}#R6Cx8jp
zWZ~Hns=7=o02%JsIg$Z74H;)k98sH0#O*SaLqN!o#r=#=CE7+cyCXV?QYB=Caj?W~
zlSW6~EmovOur-MY%#tjb0LD9+wQ^4Zs+O3`lxwSHl!yskFI=Wem}*Add{p}^;<4RL
z`Iwi8Nuvmf!q7<8C1&?N8v5Dg&o$e8r-_+t%-~}nOA)vDfKqrm^12<nwqscnDcNMp
zN>GUo2oIxZKIN;^GuQmORJ`X2L93LTXBn0(OC1J_J8#2TBHWBBWg|Ep(s1Mr#5XN;
zNyXK@cu^^eNv={cjermUc`*FC@h`>J?2PiNc`%G*I$|?Et<#a^{Gpj**xZ$#%PytN
z2$V?zK#d#?JhfT3%Tg$XldMEXZDLI+3fO2zFSR#G&M2HL*kUz|h?ss1bV0Uc0Znil
zMPL_y0{Q{%S#KPxGpe>*q+-yJ6CN$eZbv_|uI1k@vaglLVN7HsY~dpyKMhv7nC0Jl
z@Wb+%CI;&vF$NMdJ_P(rZc;jNh9SnT6UCUg!*p$dAV?F$`wul#e5s91xXPl|R>Mhu
z5OO`L$d);|bk!N|tdU#1cLpOsUq|BVCH{)4zEFuU4ZXy<mLp$sLa3QDAc3eHl%fET
zNgVj7(!nyo9b$AUvxgEycp$oo*YNBTnfPW&AbXWdaa3k&wnkAB@o?cqDLs=Bt{$m;
zF^_;nYQ)B_P_k1$3?;e@Ng8qYD}?h~yG`^_DIJ2t4R^~z(ed(J?@sfCHs$>L`nsDs
zoh{|Id`-v0lDki=SH4_bSCIWDkp!SXkaggIE_{k1wwmaC5kv_j037(MCat*DRXcU&
zc&^;@jy-j&gjVr{gjS<9U<ZI&k&2vSr<&F?t0M^>0cu89#sG2D{lRKPwPA8wmodp{
z2t|>U$Q~%TVYm%dNX?ntX~(WjD9+LO7awQ3bN;U0zg6q~9)9cXzGlhE-^`Ws`s&-|
z?VQOnE8KW}fn`#FZDqi4P!gO;fB7Qf>`Z@{uvfcpGozni1D}G=U1V#SudVhj!Ig=F
zWfGB@kRZxuWtOyq2M%KZzz`S5_WP$-Uf*99M^ZNBW7!INTk_{!la%2ZisK*%Cvk2Y
zTXN%Mzv$fgSCia(Xtoow=$o+r0IPT=5px}40n`Bcc&pE@=1<FC)x)Q=V+@g%-1Du;
zwsHBnV17|w#Q|)lL+u1efIOFL?y_ey$Hucc{%ZP1Zp+H<SrW(+t~J2V)9ai|Z`r8=
zO~NYPtdqgxT)e*SCETjX?YMVNKL$<nsLIXJhSFp>2!SF<1aJ$dJox_VTQ_3ArGA^w
z&dWW=xkkIYeW1ez`?Q&qr?_l`bBmuPpV;@wKD_?`+{dqtyI)88avig`WZ@Ch#>TGb
zRADd%(QNj<l92Td4p+<Xdbe)ZzxDH;rFyRPGJAJu?s+sk4S0qyG957(iApis5;;TL
zs!6>^*85q_cpmYaeShKZ(eoJQxx$QWYJ{Rhz?7yekt95XtNeV|x6#-C0Q6k`ub=Jb
zeH&jXBDv;>)dE^&hXTyaqWfK4kCiel!oQ)FY;5$*?}>@=BZ2p<tI$)O8H#Az>YPZK
zeFFylix&Alz8)^SZp6qG-ytzwlZ2xZ;IPoJUazx+j)o6sIaFDbksthvB{B)nz!J>l
zo*u=UNgJ@Mt{rTva-v=0CNu&gM-nIS2}c&*@kBC=YBI7B3=E6A4-$M<Z#wBZoT|IJ
zU5|@?9acn3C*z3*QiMn^5O@V=4E58MkCS~_g2QI{a3)&3PJ}JFZascIRhY+Q1nSx*
zB0V6V2GpKDDP}kF*8?FOex#nlT<!k=_>BT-h)X1G+W{J*FiZ=BB02CZ28pX8y9Kf~
zPisOEh%*db!|_~uwbz*(`GzsBM34@z&sNoCrEYGzbp{ZCmA=3q_7$XN$hdT?wVDng
z2?4IW{fP>eMdFb=uRf^~2Ok{<zDoS1vN_Q2lNC0-L7<n5m(^?P=l)*|amKp%iw4@@
zNhS1iue|VEk;?gLu7itDR#k~kY#<5Z2-G(>RGhk%<>TE=P>>VZw{&H<SV#vOhMtn2
zX1<_P(xMgEdX;Mk*a;08YBcflT4yl}227};;VB$_dd>haJSCvyQ5cO<jq&RcG47Vr
zu($*c0G&CgXO}lFxK(7f7p?v3UkMcl1Rh}VM8u{dOScztJW(TFHXl|Sp#ccM85<^C
z5Zr@!tBofcFr{oanO`Fi&e0J%hGFhk!ByQMD1kN-gP6tuI0unsn^)`nvc$;SIXECb
zo-e@?;&)`mP^K{r(tl74OYwDWF>QHqrn?|xt)Rq%{3pRQit+L&j<yLIZuPeV6Uml*
zH#$$|asGR$)Slhn7d@@R{wnxB%>aOO;G>D|F8o;vMDEp*0h4h1P{gT(t)CxA;<e8@
zom_5(F^>Sd&RlOxHmzeikcn3lQxP22q-NB>V5=#{Joqg{#nFAC%SCOJw+>ttN@8B*
zLvhTim^#1>1C=#no!ztL3i>gL23qfS_h`J|vFy(d{*PR~TwTUbDU#>!UMH>wU{5cx
z6hwpN5%;JpC(;}MI5Hya3@p6s<3=Siw&@TeA`1X?c^*T}XRfC+Ykc!>i25hfJ)0M_
z*O6XDCnqk=f;GqZ#9WQh8=IdY;=X6U+j{u%9=~51^7WXw`6hG7vu-9lYTsm|GdqB-
z_QoSn4xp9f>#5>THQq)k_u4F+=Z%mo$EF4~*C}qcZxRWZJ7W(JUsZYZ+4J(6;dWdc
ze3|6si)Sob;(FN8tWID80TSRM<S+oc7xP}9Z+2w-vCMACySB>~%$(vQ(c3}dB`Lv+
zY>8r629LFJ&bK*l#(8q<#KOSsH}}dYxBF&Djd>PsGO|*z5Yd1wTzT%0JePUBT)!~m
zoS$#QZ_*!9VrJoA+bhJkCuuXj>*Wa<#>ub}Ew7|=UVq#4*=Jjg@!ZUMyy;_OV@EEE
z<#34Gi$Ij8w8(9Vghv;5)qMVX>h+CVCzUbn=95*n<I2cL!gRnADz0FBQvr!F@GF0R
z;;iQ@)BRiC@+kUqGb-3un^$w7nk%YMg_E3!B+8iqx=_@(F2jd4uU9{A=i?t=uB7$v
z^70?#Y2;J%Z_(5PIYzu_UuE2dlE;K&T*OJ*WnR9=;=YII@h`Kt&HcWw)0fULqbc_o
z8MDSk;#i1=a6<Za+<g3unRgrV1Y%28PR@K(-wjCZcKI7Fj0gjxSP_(t(ByiF;_I7N
zV~H#AC4IID2v<eYteE;@bu54PFI1i$eP2(1#;T}O0Pq?Mz~<aF=IJM$X4fj)1=tx^
zS!{)Z!7BkeOh~sbC0&VSa&DC%Mo}^|E=fA@;ls%gs;bM$kc_1v>XGEYYp*3!%eC2#
z4K;NQmCDza;UGW^9h~wiYjSGA-l1Dp2I(0QyqzNx;5<CmZr0{SSNE*kz;Lju0tA^G
z0WQSuE=tsncdPhEw&C3#<rrQ`=|q@uHIUk}Rpxo}?o&LWT(@l|x}*f+8YFRf4i3sr
zV|S-NE~}$^#o{HpaWd80@8+@8^4~RB$Tb@-umKYeoZEpC3pm!J5fhCWTOGAHG2P%b
zGWK{SnMrmy*|}F|-3UTHsQN&U0z6kvW<34(r#w%TnT_z@w31vF_+6N-B#W@`z!pFm
zOVUo)h%QM6Bgt4S?o{2=kgbGgdqN-`0UL(C^h*-1xmSnK6~0F8YyrsBdSn}inwEKM
zn~~YY#EqDOi}!Vy#?lX-;p5_yb#3tFU)*DjIlzG`Uv04(NRaU^4<fe4x%oZUt5-%K
z8o>=C#fGteVwzVzTcrBAEbp(iWiS{4GZ8W5+#N7qiEUNg6OkUKk_NeOI%vdjRw5SJ
zah!x+6%twxpd4G+rjbcvWM5y(ie%4ryiyjU5@TRHUC#t5+(f0mI!BsR<Vx9??4GTt
zD7acX9b$gaP%Y*5zMpz&j-ijA+M|>jj(P<Yq(f=NRg37uveuOSF!1KObL+Lwzh*Yo
zL@NYDdrI%m7~y->!V7rLnFyL-0mW1U#Z*o$%~*-V5FGI2wIe!iO1c;*9^}*^ss&|`
zs<}>Oq6gdLrRqtfmfUdi^5v5;yFnj>a9~%@_Ioc^%iZhs{bGaQ{^iZl68m@`YAVPE
z0r>MJ5xckc<Cz<5vgqT{NE@a>k&%}O#vz>P<D%!^c;6gr>R(HC%s$!M<Y=&T?$~I|
znTg$G0o~{t9lW^eSIPJHdcJ?;_WJqAmu%nHx;IMSm>X^u+YuQWV<#~#WJr$|3m(sp
z3(fg)F8Y=kSIY{3aiNir^12e3G7<nACd7|$UHSCqo95zuo2|$g0x-et{Y+`pdUs8u
zWt(Oh=c}1YMP^U8&GOe?J`(Lcr@7*0-%a*Wj&di}h9y!1VUUQk*5!!dw^@4>>)Fp!
zXW*P!SbnI=&ab-0noV$)LHT<lwiayK!ax!jOV9Q$o}Buf?5?+M>=#$`%zI{LY_`VJ
zl`2U67)ES%83P|zq)3tM;LFd~?Mv5)?Z-damb%@uwv4?8R8vjYHXK5LfS^<bMF^ov
zCv*^q5IWL}2uKI%y-8O@dPjPZ-cgaRL=dEjh%{+Z1f)ojD%EeoeLv6pu77>&TYp$N
zoJ`+)UwhBYo^xjAehfcgfDzo&iz}l-A{Q*sBCo#Rc^;y){XoX{^}f^kpy?S^h9J_w
z$6hkXi8kz#2Ztojn|iMfBx^}$WAWbd_gmc+`#h)GzBL9THwRk`LZ8Mz3pV27M=x|R
z#U>_7X5uToe`(8jMR;ncGsh^1+2}#x+V`owO-1X@&P|H!I?f((!Ox*F?WvQ7#2+y#
z0<0MkhI=Q!8oIxnWp(zp>|htO1np|;5A3eLh}FL=TuriMT$QHwo~{GsG!!wl(7$pX
zmiy>*z5PVWIQyId*%m9RT8d=36Wy;c6o19y&}+0-^mfm(mFdn7MS@2YylY}Mi$~on
zYa}k)GR>G>Oyt{U%4P&q(vr~pmR&`TTeO5*akP!^`uNTIKEyWnv7~hNxT9+|&BDPi
zlDlatQg=l*_sPBE=$osR(mq5d&+xUB59ilte;=r9i_-VX7448nZw|zp-?}TmvzbBF
zbp%e8k2HHvu94Z|AY>7UZk`ORxb(_x$!;&f%f)~!uuR$E-Bis-2YF$~R2PmoZL*rT
zWA)`XxCD->zw$pV5g6{g*`4>wW{^kqnZA>#!m)YKswQb;{5-x!E2f#!L@zZl{x-?3
zl~>43Dc?;=mB9xAq64SRIs;X*h-9&w1(>zd{&Hp$F9AvBVAq81{HT?fh}a~iXd(-e
z>81Xf>I~{1F^}xe7>$cmyK*J2qF@dcnKpO1vwld1yk;otgebFn5FT(cT(hllx}A|e
zVcDZVw#qj+U9}X(*UER@wW|T?Im*m2Aw{ox*XWm4wW+hUSF}@1qpbe}nJf=KyMcQR
zM_P&d1dq2L@({WUGZfICJT_X2t#N*!H=%!t?ac6Z!u*SE?a?O;)LDf$K84-6j2P@T
zQIV~m<w!sxnaEk%_XXVb>uGPj)>G@l>NZQaIY>U;c`c<HW6AL*CW5s&<?4h<y{@G|
z<tv^!amosmzJmZ#&Xl}}yCswjwXkvY>~SnB@vh7@icLLkv7U(sGv5~?ZL}Q4HzpOr
z{K8D2S15Se<9S&`qs*RZbN^yIC`n&E(Z5G%+)RDlRp4%eOZr~-lbY`}B1i5A{sJR3
zq4^K8{c07=+Ktieq>A4|*R(V=>{->BPD2*z>B?2QZRo|g%Fz-C(Xf$@@26C9UY^~|
zqD>~|!r>GW5pmKxZ>49Q+GMVn){e42XP2foAacLlNk$|@6+*e|{E(ft&k7^IIES~O
z@;pg8V=rx(XUcUWj$Yb*-HN;SZNG>7;3_787OxZ9X8X(kbXJ;S)}ZnvxUzD#HO=LH
zxCjf6K+BVrWU?Z#6&Fm+H&4IvS!G<y<mza0hj_CuIPHzQS-nTk33X(7{e6oLgmSCq
zt1p(K;I&_m5v{+Y!>0d9%#C79qmlJHF<Fc2vF`<+Nnm($`}emsqzz9t0~9>%vC_RN
z%?f=7{Vp|vlr|A85b@o`+S>RVNFNQ}iNp0W+Kz!YD*UC)rJU;}0?C`vD(Y53>|M6m
z`-7}l+ZP)%g-eY#Gqn9|ETOctIU$f`?bEM3<qu448v`_+J@9j0)i%EYj*v)f4RCw)
zxn3$$y`M4q+Jm6R1z)G<vaL+5*S%(Q93{|c)FYyfGbNky;ko<GgQx6g_P&FRyc%x5
z_7CZk6TNjU?-FVcw%T1OqX;y1UScpFcb3Xich}&4;8nU>^J8j#lXBCqagZ%rr8<^P
zfGT$dZh+tXtzl)ACeQX7O5w~z*}H{NGtg*nKmB!QijSpZLJA!5S$<HBJn$~_(uV=d
zq2urU-U0Q$w$cVpmd?hT4;fFhr&<!Lpgb|3Ucfuy<5VpQjzR?IO9yAS18pqh8>@G^
zzBY}TXraO&0*P_onw;I)v{{b$6qM#0>dnnGxnm!b$3Feud%S3*IK#fJIwT$~`Q5yv
zxkpV!67OYC#?|f1uWpZPM9k%$=-nF~*S-5ReUlpkqgo~VQ!6*{$bHwtsXup>tiG#Z
zOpJ`mu<B*ZKqeXTrrdTq#poW#vj&z|MB(uT<*_rBOIGqe`nKX!EoL``hW6=)$_aLk
z)IyL~`YEjmB?K5>?JKL!H#Qs^yIGl`!|uhNJKn>7t4S(MbtXGh(0T)rLS6nu%)Pat
z6~Ge~&Lb{@N2UL<3cBfcwl<ne?{`RFsL}s?b>o{SJy99=Lf~5q+A}RCe0;O?uLS$c
zl_C;njgt5b?GJQ)LmM428H1U^x0&)xx|@yYU52_6htl0g;_kOa@tSs2tURUjh+tdo
zsD$CU%(J1S=}q*5h+GC=>&3~!It)b1OFt3XlC0)^P`EqN;qN5b@>uX?&kB6oI>Ut9
z)xEmHhe9VpP6;a`R6lr$@w&GgQeeTBC87SM`S1;l-HaLR@~gQ^>-h$-*YE-l>OR31
zo&7#JS@?n&Q`Nx-wy8$)o%rGfDVc||Z!El<`kPduS(XLdUNz;pgy_3x#hqWiEX2-H
zr=^vm^aE*yr!O>jXlSCZE>AUQ1z~MepcrHB9a&97xy8-AZ_7O5PNYr$bpZB0zyEwC
z<lbdcB2hhx7_U9-WlkQH<Mq4KyT8#-V!^hkx4)Ep@Ndi3^n5|5ZiEn3DrbA;EOGB$
zT`7}fbWZ@73k<LC{mk6;*_@?#3n9!id+>}*<ZP`ZKQKz0GS(bQzp|o(ULa;lVpa8y
z>A(N!Y4crvN<|iq8##l*m@q{GovRA;8jqV2mrDgDS$Quj%h-dXEclAq!<6Y$NHM<`
z^II937fl~X2?#dy!et@iEYBeX63xQp!h13$(%BnL`}^`{OCQ~+J~c&td<T1`K=H$T
zT&_J}@Y~_kkKd<YlfvV7?!mzMkr$aaW6K#QucyOo?9%A`jrQ3TREn4I?Ui?a=Q$pO
z^W!$JhC`?P!=AZzU!Be3BweX^k5ndzE#8YDI3P4}@%C+FmND5q;&N>@VZ7_<aXe=I
zd1L&ej$~NG_0HrX@88^|Q<dL$e@9y--o78%c;e+od+%#)F`cX=1o`@&^PiZ|>nRP&
z2W`ryR}CBnbAB*nSFCN6xW;A>wCp^+vvfVCKu)G~OL-&t_fl;!c4hsbZI)Bg%590x
z$UmB!%?yI1w^!`A-Lc~zm^F5OW7*f>Z1_s!nB<G}*WwhZ!g}}C1W4iEArh+SwDCvh
z6MsZBI1BT#oJs5E<4Iz()a1iGvPt{<ZYW6?ATOb?h6e-e9nH>(*>1(Ox-9B_gBm6a
zQpzH28QA!wh9!+XgBjk6GHb=_arJ2?5~~GeD)V2{A^Z5pMJ%K_QU)G|mHhV9mdh6N
z>M_z!^*TZY-_q$d^cPw3Ft^Iplpv}-_`L70cK)7Ul77+mp{4gqhB$vpSf!bSD^*|z
z?{RWvSK0*F?Pko+@7+6>4^NV(*K4q8C8)4U-;eIh-s3+9P3_mGcigt~9Q(tH1)6%)
zB|0%T>EcTD2Ct7eZN7;`z>eK%)|O)GiPTk1?`L++%%>*fITi)!Q%w|-6UQw-+%fu@
zCcU1RjLv@_pq((y-t#2i`fE2e{wI9FMa5{pvdWm>g&0ecL$y<P7Hl$SU(@id#5dr)
z!aGE=apT~LstNpC#0p5W@Q2B@QY4nz4>u-K=Pz+JuvgPjT)nM`5B4(?*Zc0y)iT*4
zIBRUNz#OJl&qP(bvb;`d*{Jj0mm^*4_MiUWcPS~~Y(%m^#bj89uPyw@vhfampHmuN
zY9a+5t@&7`Y#PS`fl_|Et%SHaYu`{WJ{EA_lD<-Hf1Zg!0!#km83FO_hC@nqa}=Qt
zf8^w)G~2~jE$eLJ88$`|Ug&7pQrmZeh%Z#XjK(EpxSxpWMZ(dKme@0-<rFZf@~_)Y
zNK28{;^K*m$G^3N6e6<%2|9&Sx-WBAT@O+?m<<SFADGp16DYW946`p$ETt3Y=^CkT
zvk_WYu;`hx(O5HTa-wiIjlOn2F}KageaAdj_oo`yLq$iXt6!8D0`~8Z)DZG{wq*bC
zyMq1UY-ayTV#i{A*WJC&+_RL^KIN%@b_ikopBDkIt*1tM>a@+96r-CW%uJ_KDt^L)
z3}uLxDk92=#qsa-_%X|QtO$+H2n%rZ#A_gZC1}0X?}Uu8Yo@Y{Tvs$0;b*WHq7ArP
z`?zfHUEPuoLtgjtJBGZPKfY(Jxkjbk1Ku@S9Cd^zV}-)VjpfJe@kvOc!Fbl|d|mR_
zPf|$*3H3757DDrBREQW^ti>ANX<E4)If#h1^Ih{^%-I@S_?@{ce>R=g7f3~Vid}fD
zGt;Q($&k028!tPUuo|!%7jM`yHSM(87WcMoYkhm~(e63l9mdVPZ)SfXXWd4l+neil
z+d(F^jn9M^&j;W6?8fC19WtJaYTRkFt+dstZLGu&k4~JnzV*7dCH+0<THcBFR<IP7
zaamNP=k(*iNsCj-Ok4F-6Zi3Xo16cUTlLXj$mT)7=4S4MXNyZ~+CJD11{+@+&bNR2
z>QO*m?om$W-i;qC$H%RvW52#HZixiY|6E$-SlQb?#D4Ppafba7RCp{Zv*SAbHgI$H
z$Iiy7gq~NM26NC>_KM=NL@*;oecs(^Up~I&;Oiq}mmbaXDeBlN7W1X83jT$NZ06N2
z1P+{}1<8n?9<g_1c*?wqPn`KWWpiFAqvJL`P#Z1s*5vltY4Wk4nbUc<Oma}+V6gJx
zhLchG@=5R`f0?cGW!vs&e3!uM>@VdOC1!<3>#Bcmte%^KH`2PsgW9l*yBXm2xcO+1
zWIM>`McUX(K%v}EX@{bjzy{Bz<8x`Awcm@ak9I%Qmb$;K27Yys;DujncFj$7=X(1#
zZ>zw@Jw_q{pNB`+T!WmC16!(J(Hwlw8<4YfTszK+&kE-J8Dt{<$7@Gg(K~2xE`Dz+
zer{cDT!K;XtZt}vsinbj^7Ga;gS@bHW3`gmt3kQ5ickFfB<ep3FSr~%+&kD@Q(bVD
z6#CO#SE!XVZs$5Vf9iV`<LS?~l_8}+(V#K^-fgPap28+a$z^8PW%!)U&NbM5z$Hya
z&`00IW!-sS^7MAz0PSincFmyfhx_M9s@~xAy6~T)IZf`mSWfm=gV&s-Dmimo^H05x
zwTuKL@&w4L1_vi9k2p1+&z=TV-#Fa&ek6iTyW(-n<E9Mv*Q2~m^2w8fJ2`(ulN25u
z(P1T5z1KE}9k8cKmL?9ue<9*KU*{XkBw{|Fcm})I4{o=UWfi_VcBy?eVxY>mBtf+*
zGH@Q-HW2VGT5ZHNXQ|P7K-7ya<L#ajyVNWy$oycn`-zOmXo|gv-q&wN;S-XQjjjFd
z%#P_do!@2oIPGJ*8hw_W17srabx9uI2sF`Hn%?LhsTA&izF9ue^?7VzcE`}bziF>c
zK}P&c|Ax0e5#e6T>i7p<$nrV;S!HHQ!{*^-dTRLAVL^&%@?Xe$6g63kzZ@bbtI;ob
zb+jz(?KxxrhE|!B>G49u-w91sd>9GjpAQp+1_7O0p236QzSJPl)zy>F$=b@!oX^h5
z+}2uz*WT6k@3+765L$U(I~xc@S(y_8|2H@8-``&l3XGSfgC7JB0t3HqgP?i*(1)I$
zt`dBF&K|txRxTFSyp}Fbe7@$cd;+}ue308RzOLq$4%VIs3u{|DXDQ@XD;9~cvyws@
z2;b$u>ndmc&`#-*yS2_EbzRFx4wm9pNEvCwZC?prCs!wHPjiH?lcTeTgs&9xqHqat
zj|=8QA}*46I!Gb!;A%zOyQ_(ib8)vufD;yZECqy62vKof0TF(2ln^%p#V;Vr$1ln!
zAjrcnAi*ypAt;Xc_k#qrxm(#tXk!%qtqc5;LjFsXkB<+pk03ADlZ8(}TwI)wAH|14
z@qiRO9)8ZA=Ds}69?btK0b}i9>2BxhY3JgMz?Eoj;o{{fg#<1AhXg0ryLbOv@c)%t
zPEI(wE>e4VYFqzLGybosJ#_tCt@*UAJzTupEv-Rv=Ko{{y!(Gwgi8ooBcb7L2ZUno
zh;gy>a<X>zRK`dlg=OXCgk<lCh}{tv5tkLZBQ78;E-WW1CnPE;cn2dZ{GYu4I}a$0
z*UHXHLRe4;BZ3j<M+pfC2?)rG%L<Ci$&1K}-Vqb$2bl%_lULc<!_(Z^(i&GEF0b8x
z^NK0_Kl4h+xm%liy147QxH$et@|q7_JY75<y0{|b<ZzM}LvR?_Ia|5-c-+E?<{wHi
z*6w!R)>aDcE>4IG-b&d0U)sQrva+@k7Z&Cbv#=K8;TIMX;IR-Bu;JksGB+3I7ZMd0
z6$kYHli%up@$4ULf)GH5>wlUfA!H>YE-EZ)!(%NhD#9Z!EF{KbjuJHIL0Jj$i;3{_
zTcRw?k$j+ud^ouLFZlc?2w)O-`(I@MKmMyu*3LkO+<~(E-GC_l4+{i&`5|Jm%6DNn
z1%*Ja(Bs{Q;NM_Xq=!NvQ1EvV$9fS*emc(>+0)qT%O_+ZM0C$*{qH8^@`W-%tlonZ
zcz>rLVGu$X3`PJWBp@IpCIsJ0a6&@(B~lWSOC%(u<fIoLa?;CJ$gf-`rJ|yyrlO+1
zapML(<9|PRL_|bnq-3<@<h0jmC}^(#H{$>A&ENMB3OH1VU>YBf0s^JL!>7Re+X*QJ
z<ly6h&jl$L7d$9FjDU~`jtj+o{=YHg5Ih(jlmL1`5CjIjga@GjS(qpV?r2dFm?Pa#
z)P$jlvdk~E1!-Qj4_Oeo%duRYf2<?)I|;+OUC{B>^4d<AFa;<W`tJuH+~Gs;D4<OE
z0+gT-7$}4~6qP7Tpw0Z^mBnM4zmpJBe2|_3p8_HSITP!53?qZ|P$B5>(HW2sD=1z9
zX^0g*f)3I{fbPRfy|^Ppqe86FJuu<~I3fBA8yba6guCKyAw7g3C%B+!aXFbDTcJT#
zT!|<`wa~{_q#@SsglLcxLmCQFmywf(BFNz|Su}zi6p{!kgi|3LLs5{hOPL5OZEMYc
z%7uXnAo*&c2s+IO45=myu3=?#q*P2H5o(|ukcksiK^}ny!4$-3)C&|X8=4#x^Hehf
zswD@*15M2!r9wQU;=E`d6-?F&A5b8I&LBs@`a)AQ`@&=qR>o9FLUcnIuDx(ThAfAb
zEEA+Jodq9(!L`qd!m7veF{~P$!LJr#)kBA(;>^FyK>-gXk1*g$vPQjljQ7}@A5bdK
zQzq5VcWIIwlz+ht&_cixyhMCt_{Bd2ErO03H28vdI0i%i;W91}j^)IUIdB2Ec(MY#
zMCDX;50sn@J%LLG{(~5IdC~~LJRHYy{AEM;5UPdsErPsI1dhKr9)MaY@yIVk1nHqf
zpb?<e#JKiEpixXH4l6u8AVVs^f69C-Vo)uHMKeMz#9G#hA1(*$A;hqNKyo%+(g->z
z8U^bCyu*-&6DPDg$%AU}aiu{C>d6Jr8PuRSoc!VWAPk=quoG}ltpc!`8W2sK@ZJg@
zh7SW@fCoG{keY1yV;p@@Q0;p>6crcxLsB?CXILLCX_;CEM8BN657tA?ufT*dYe=Y=
zLr_5Rh?=eE{qM}-giR8PgC=3VN_ajwD*z%H6aW=R7UCf#9wY>C2hw8(s3IH!vh9KW
z17d9eL_#!<{QyfD<f0fn+#Q?%9f~3hMS?_-3m_6h`a%Jdxe^fMEND=a5{QAKaq&=H
z62yO)3QEOCC;>j|!l^(UEQAA)s)>SK022vigNH=X>9Wb;kpmt91e5`;!1GD)&`~cg
zU__jFksE+O4MgEs3jhl6i_<)i6o@DtCt1MI2%r~00QqWV7$hKx1tQOa11AWB6OO`^
zFzu*jV?xdMdQg~bvu21{IC1i=XDxtH03~qHM4V3HPyo;X3w@0v@ga;D5(=b*<|Nbv
zk+@`lbfC{6)=*tsYJ`<0s2bN2klE_rmIB;CVWA>r*YnZ!7kP*Qn~_xZWuVDGn@K{G
zIn<(nkS+v)qZk*<6aw-mkVdG40`P$-oV+;*WUZh~|G-@dcMrme-(W~XoHW}nr~<iq
z084S@XFx*9%jnQxuS1X@64s*xyRbL_r)a=G3^gE+1+d;)Ruh0GoR}Ozp%jKgu@zdp
zAQ2uGV#Ti#3XsRIm;?!<z{jAYXz*cbRBUP##0ja;Co_CE#&8q@7y$Y~LqLreszojY
zC1{6U))d0oq8mUS^6*exsW_GbhyjWzaU9j9Pl3L`WxWs|&Olu70%tYRJw=nijwHZv
zK@^~T&4deKz$wcByNQz#OgQ$^L3$Ga=Wx|WT%b%3r%_BeKB-l}06@SO*fwDGE{vpF
z1Y8~&L7@zZpn>PpQNem%0C@b9L5*+}$9T;Q$VI#o%ow1N9JB<01rP=J%n2~eNeP6G
zGa{f=Bqd&=LIfc?3PxBK@>JIBA0o7^AR|Z$wGwz(-*GZ^Z%7D6hyo!|p;rE^<pFyU
zf<hLd3x9zjjiNzc;0Pa`AoLHItjM6~FDw@<M26w2yg(HQgBOKh0L2iXgs>1@aF;-W
zrwOEg!A2^CFphUn9QC&@m<ud%z7;+j=nUvkW(X=ad|=fm@sgQPIGj=bqoJX=%upsA
zRue##P(5H%a2N+r!1WFZpg&PEyFf-yIt#E2nxRO5Gax(!Ig*@!yg8o^5{eAN;aV*U
z2viT(IAXjCSQO?$$<YYoFSr&1JY`UGJ{_R$LvrBIC=X|TUqB}>4<w04QbJ6}+@=45
zO|j*HXc1`nH6c(D-~o<qG$<7Y#Un>PMHj#{Bgo+|$PqM}1t185;{X(oIsqOE!6mw2
z3m&Kjg-7m=6XgY0V8p5T9E9kHAwy7Lh=I;rU<KG;JiLMnCBlIgGzg%K67p2`0)51|
zf?@w*H7J(?j^9NdRRNHGQ4J+9J1j&(vcMc?kRxL$puo7Jqktg|12&HoSU+v>1{W1V
z2w;T_*cdoW8$%Knf~LNN!RMgNM<>dH9)$ov3<flf9EmfZ2zk6-ggg|mMw0`irl-M2
zCc#!yF6YDH=2!3Yll!MGKDxjIjwSdEN({q8cnv1xH>`)Ch|>!OUD)e??r?wsqWTv$
zIIsZw1H=uqg_5WOnCsvug#7ga5CT#vk!fBKi$(yu0-6u-e4%(ak>lZ$XUvg6IxHhx
zqTnie-OH~9{-m_0Uh}(hLy2&@rQpn}UZ`<C?_s~obe_w|eZSG<RrdQiMy6q>nRSC(
zj12|%mhjhv@1Nc{W8D}jJWQL?o=?ep;_m$+?YoSV0@Rjk(wBX1`dv#z;QYa-r8hPT
zEZftDGK63c%cW7zpdZ_m!|N49V`_DO8jfYys=a>to&=Ys>dqGB*sR-r(6Q53@X}a(
zE%@h}PU<}G^bxc-8UBg{h=v3Z2HqFNOTFlgl>koxF=$N|=nGsQ1Nv~l0-Q+<MaV;<
zC~zEyhh2z}6BmO64z8bvM1WW&fCGRzN)BBXa6_R?P7S*2Yv^uJW&*rO3s(j?FC5@f
z$t=~FKz6x6YM76!$#MwFCU8_l)EP!?w8+nSUcAj1aX-^&JMH0sOjCdmem|Sc<B_$g
z)x2K1r9+=5^gO}s4%?1-X?i**gPomkFvV-N$0zJdQSsl;WlZXo8Y{5tI=c#zZGYZk
zZ4&YNJ!qPbhq9)-Y`+KTYd`G6AGV)93%qwaDv$N_D<>3%W6|{zUaAv@)<557$eev@
z<8Ay?IxLfvFTJ=cklc-UKCBmf8LM_~lH)>iIA*P{z#xm9R1bF}RjgQ=IDY*XGCHh&
zvU4yp3-*9qvtl>?(D`)!^=Gb8ULCEw{{<BeV{l-;{|9k6ldKd9x_h8YI6Z+v!a%?a
zauf&7uHgchfEa)V<Gye(C<R>rLj+mr{O=(GeJhI*hN<<CHEYKG`$;1W3iR<!=d<1C
zHI8^Iz()gZlxW0~ejf<>=5(^P(K3Ch^;yDoiSgqT#w76r@P-p@p=&9Lw###cJI}G>
z=Q=xLhaj-cDtWSioIVs%GraHR{;pNrPbT23*CW#OdixT2SDNxr;kDN<83mWv+4B-#
zVpn0+j|K~6dX3T?3r{i{dh!lwSg?1E_<L+)JNipyjw87OUY+TQz!NtNxU2`&!G^ak
zDL>||>>K0`ehclB7)d+m$f(Z8I_4i(z<2P`>p7DF`ioelY_6YF44;@T8^w4Ue8;p*
zcH7Vh^=|f5pqBEvs=m)sHb3fJE@oa(p0!b9dxSwLV>^u+@+|*C%zulW_iZLHXRERw
zPmKjnu16RgDoA<wS{u>k_(U>p-^W%r4$EvjoRnF-6aQu?$7)$zDd{RZIM}ue+gdvH
zYF=j9kaX?$X%*~cm1Ix}Qv*Y>`rx_K{->SKSghdSvl07-%8I8WpA6-nczI)*5VdL6
z*#<*tw>Vw^M1z3`1UFnlh9aS5Kx0xtS3nKy;SiJ~4Co8c8K4U!u!=BvKF|+5oYexo
z0Sg{F0|yUQU25WsPO3~Tlv*?5CMXc6MNz<>z#?eCldzura#0YF6Q?{X>2T1EiY=Gn
zem*`r`<*KXc0vEm<*{EV+VX1VP$s8|0^4w9r}}davrMx6Pou0H@8?!3!IUj`t^Qa{
z=D*Kn|C8#Te)Gjz5OFf`^+ko2%Td;@F$I&9B+Y6_hz}_Zp753Q<~?<F5}g-$x?O@a
zDm_V3HCKylzNYi!58X>8<bIP5K}zvW1Uamt+M<paz<FT9>|s`Kv2~*v>3g0o(a+kL
z0uHNiBbJMSFU~w(fd8V?AuA?7$c-qpLpyPRTPG=UHs&Y}t2@9nOFgB|N)996)b_fn
zc=vL}JW9JIB4DgDK*b_MkB{lcLg0k(livnk&)DBc?7CJXg%@Qp+mPb1!N*S5MRH}j
ztcyJwGSB^)86yp7P#=P)r7u60&q!@rz#Db;atfk*mpPaw$-afflRGK3blAAu;&41Q
zE;(D}0rrDS3Ba&@DX_VzH0qUCTzBoD-V7XOm?qHf=qSiE=6vmL@X_IN^XyC>#ci1*
zm+th$j7Tw!#41XeD5t-W!KsDJ^Iu2tiVM=ew;A*q>w|3u&vV+ozMaXdZp(cT*LLQ;
zJ>)Wtb<w~4Yc2XAI;nGYcD1&*cIv9ZY_Owcx6jBS(TT9p_`VO&*E9D1G?&xrgK6Se
z*9P12xac=$H>YbiR@!Bbp23w1pCTn*8Reax91NUI>}>>s9jp<5YNb-S?+{yBlbO?n
zQ~u$V`U@#<G#*S}A3l-Ta^3so%g6Nv^iB-D?j$ga_C@cwVqHCN1y-#Yr|mFBN>wh_
z;z{wbz|n&ltIfgkA1|P)MJuzb@%^=v*t719XD-#@Z)fF$$7fe%M6eFO&lgXEnNGy_
zmExGaD<wU*Zg=Ih%+ffu*?!Pv_%vB?{46QC)?q=|C(m)`ByXc<E#RrzBV~u}t-Zm;
z@eSkitrH6hmY?WTlDhrFV~v5*$!O{0lLxGAr5;4SYczS)*sno>#@W~-qjufvQI0Pk
zf1fW{uU**)Xr7%M{oHtd|4ov>w&jY|deIqU%ixKrR%Y;y==21>x0Ie9{`+QwGbi@s
zU6%my39Rc`dk(q#?d<g!(+O3P%KPgzZNjQq;0322Q>cR(E}4`*#WMrL)|??ldzzjM
z|Kfga*)jJdbKaS(LZo+SuUdUnYMSw<OM7_ARYvv#g+lE`=*ZiC#Z$Wb6MThla)j~s
zH86)yzmD$x_=rfpDzGqpmG^U!Ip+1tId(}~yf4y~L0P7x4`!^E!h=j9ir+91bFJz*
z*)G5AQ*IwsF^pJ}D@2)&4JMyu_9h;>B*vu<ERFDHp66nDjm|fRKhR*^kNl+_RMuq-
zl(&C0ZfqIy?ua)AjH&LLc&&|zZ%ozOCN{|TCy(|`Cy7tl!F%kQ;uZDS6grFyWbw&N
zcjX8X(?+^|>G+`|3`(!Ius<}8Ab<P|=ie56I&}hvgLF5oPbS{JQgDQQcN_#x#xUh`
zSqmC3-k<ugah;r%l9di($@KooP=Mk$&;#M7o&?mWG9_pz7?<M4WH=8A5)1@%z?>6I
zs?Z2v-$0)Z24%o%5ktVB0sk=!H*f-RpbrBB1>D$;IuVQ)UXZ71=BtF{D_vH?#ZnW4
zP(0l1Kob-Urv9K*s9I<rUSFBI4)e1nGBiuA(P#haG^z6T-ekPqK6qBhV!Bj<IMpI8
z*II7R;S#$a|4MCzKVn(_L(iVBfN`7M3Kbh%mfb)tou7;H&|yeiOl=Ax6qUqNVJqIR
zZ&uHIwbGA=NrIS|p-Le?j*0YLe8|byiq&ww#9*65Y;?Td!seMn_S)Y5;i*AI_YN%`
z1!c(}C5G!EZ_`w7cNaKuPN4+W;?{X$6xo@Sd5r5!mfz~hNMnMb>pHa#+iAW(tpZo)
zD{{XneR~wrqA@=C%HJaIY^(E0l~wKW6#H^4ZJzI++ZhKZ@0uBIghx3YpLFF+j$4R}
zeSPLGiXIErpX-m~DzRkK$oVZcINcK+Cuh2SKgZuR+<6CR>DIg@QDjQdMt#((jFF9t
zca=7HHi(~DL~LhjbX@s3D-b-~su=w7D35VbfKcyhr`$d<Ib0@ccWd0MsitL1BqL(U
zZ<ZqV%s6yA4m+2*zY%olZJY@<;7`x<ispObxtFTW9t|!<1aIAQgm<Sc=dI7aIV}&~
zdLWK1=9#%EGhVtBGZuJ`hkUC&9hq=Hullrf*}8FSkeT_!^CSKXi+Y*+f=3mv4#(3N
zh0IL9aGkf6E>#VmU<XyS6B-Z<M!r1iu~a*bT`qaMqDpkuN+N|0PrrJtOVb`y*e<?(
zv$)gq601y}+mbiI;m62j92%#)plC>WQ_Abu^w-c|$g3mp+TcF#6=?^VXw%{Y?8EUx
z(~RPXUbpv~qoyCK|Jd#r?tp_{dKmN{FMpf7!c(C!n(Fe)Z16OBsf5&$wsVJ#$#ica
z_)WjdcdV-+<q?0x?GQjj>98o)RwCH_=$7<pZ{D%;rP8@PwIKV@-S4s*4eQ3oDW?L#
z!a8RkdhUtbu)S%V^K1P<=EuN;V(yqJ79Xp-*fmxG_V%oUvN2+|>B#=kKL0?uv49av
zXDLC-IQgvZ{sxSF{aI~C@V!ynyw4OAbXPZS2X=Yn2voN^@SH35nIMN79u%cEm%Peq
z8&w=Sx`ZujKYH$k4YZWb(v5%CFF@!MLWC~;IldZ9IBP!`U%@!i=(DZwJzEk?ZAedw
zBxXtMA;_Al^QhDo)*+YoS`(8l-w3i>XMcLLQWzmz8X8~k!hKxGedEM(DeTH8WmwU#
z3{|i<)jcnrtCpxouJ^Mh)0C+V)p~gDL0nB(-CLHFsR&|J_bxdu)O678TMwtk8lSxB
zQDK2zliF;s7~30mTvnXqI@$fG$WZ9WJ|hs3Zn-N`IsYI!?OWD%MR1T_Q`9TcCw4po
zwe1>Rr}g~=e<6?jn#HSRn|4S^M%G7OH&00W3@#};zCLJc`}TS|b1-bLaVct+Dbs?W
zS^w%$(IP=P-K5eFTfH3XcayxY|1j{QcnbFRHv|BXi$7b&rzVU!181Zggp6e0u9V?{
zNyAc<$Lo0{GX+IIx}}#nwV_lomG(XS>lo(rM`o7iNkGlJZ+}erL<4uH?NCATHlE5m
zqi4}Ubf4v==Q-%;7*j4^3QEoM9gdD|yHTwFMGRBp?-af_E^}#_IHKwoSr6n_-Hp1i
zS8JWIXz+?x&l<7e<aB+>Yxxd$k#v<r+K>-g<@f61c{HRcV|C7R8b~T#JZN~1V($j6
zFe=AEqQ4P|E|eZj1XodFn}`}6HFzV1J8U^y9e;-s$~)YOFH++cnCiSNQA!-uaMgSL
ztSNRzWguf`x@kMld!m!>8{~RI-=m&pkKMMpSVV{PoEYy+aCKT<-GS?ZwO`C>sa?9k
zmxl&*>akvaqFYlo#Il%^A`JtR!Z-?~K!US<@jZ5_EO7=_HHPty8?*^EIs}bcl?cc0
z#jsD}Pf-m_bt$R=dTNl%Ul_GRCc7f#+n+#`oJr^u1S5#DXtd~PCt6te7icv2UIuq!
z9~ot7oWILedo3{EdUd#SOq^!>FXWi9TDWbuD=>KIEV^;8&2kmSmwtRPPbO!<2h+t0
zN)FIvfLS7L78&ZH3nu$iz>&iQx(!WShe3^-X@dR(%$=d~z-NZe!39G@IYD3Y&$JTP
zQGi}3j93?$Paz8{Q=%j!M@A^UfO^Vuz@QaMq0|YW1d04RU4nU(@4*Srj+Lo}N2wkD
z_+oj_*-Uf@RUNCo$hY0frtJ-+W1r!rPd${PJbo0qKz&eJMFt6cEdzT1?`s%&ZIP;#
z;O*Lf&z5O!@RmcbF+IMSz`?UyVSNp+O;>7(qbwo?Ga%FlQmR%r^L*Nk(^Va=q@1c`
z@EaBQp@_%Zu79+U&QH_c8Ig2nx4guc@_uefxpvzGn`*Qk=tEPb`$<ftpXEzjj&?7x
z({|m<V8h{j!vlxWhb1p=BF~F0CmYv^Hz<T7d-P7@3(BfwZx`0;xu=7pebVjP<vUQ+
zl)Hyi1IDvq`+3M~9Zh{S&m)ftu29!;iSe^33DEnMr#F>KY|4~DiYBkAlnq-pH$Fo&
zZb@gH`fP~7G2&TCbx!sU(mg6^wj;a5z3r+ES5S{i>>@8q5+516tJ;5JyPHo~-IvWX
z__e%mjy|?9UEe&~L1>rl#Jt7CK)EpISD6ND!BpOPjjE1<^DiIki6*#G(50fU;wEca
z1*^{*j4Z#n=}c-|5^n5sdrJPbDVevzC`ey<+a|L_RQ>%Gbnf^9U(r#SQ+tS1KmLx|
zMgZ+7r?nwN4_R$dO7p!u=Z<9^$Yn`iKt_eLSOPCYujg`oZN1F``vXOHNq<S^k#eu@
zzJa>!mp^nZH+dM<9i&IG_uNV;$)Oct@hIKTv%+rDOwL8pJEB1eVqsls9am>KHol`7
zGcCC5sU+XffLY26NTLH?l5qHJIZq=feJwAAH5wCv%1D#);}R|R3S-q};tQ~lsEo=;
zOke!0F7VxIMS~S<xYJ$V2IGI-?nkVmSldVaF0*QV!s@MB5z(VR5xJPEbHCr$Pw93I
zM%7sm_FF32D-yi^E{)j|1706d=?t8Bz0-<%QjL|dOfj=JDT-a$)AV>-XHyTy0<LUb
z?YOH;<alKv@7b@M!+AQtfP(n~67}?;z?8ob?<UG!NUTP?%l1bZVVkt92CYfrNw4AP
zr_DoPixP|GBU3lqF>i$r6<ek24#uKqIR&o{O%o*y;f4%m)xo8;A7nN*c3NgzB!9<<
zsM2HXCc#-8buv1P{r*AUgTrZ;RQdy-Urik8KOJ{bQzUM)-zu!oiA-(jS%0%*cvx-1
zKBacsn?;EaH66*gQs+~BmszPK93tjSI=k|!-#1dB%C}W4ZTI0{$Xs!c$;(ZbH>XN}
zAsDbz|G8>i+@^7VO=Mqs&5I6g#t0C6Pod&y0`<M{j2!*ri*E*FH`qVIrUYqZhGeEh
z-y}&lPAO8m_ZjScUolew)ryB2|K>bi%Cn@qp}L|`@rZ9x&-$bKj!e5@p=dze<W6L~
zw;NG3xlFIK#(cEXk>ztj@gKL6M-tDYtG+jzAY~NMbJnLaLk{2T)@k}Fb6=l!A9HQ!
zjB$zSu5LchEj*(+EMFyE7#%bHa7Hy*T7`f8#V71s?r5NSpp^4w@MC}7{U>!qJ~Hi6
zX^>Gu+gm9eY!O~E1cAu}d;6>9LsH2jt>ovHr&JTJgu?zg{pXA;xua4RuI>3rYDGWe
z3eTupM>7>N-#(yUBu;7HV?Mj;V(skJU2tNN86cDTEU7E|Ge%*iZqiJ#3=$l*b2!!3
zR=={Eo8_<grR-!_Wc7As5mi^%v%iqeHm5T?hND@BV#U0ckG>zaiOviphnb6hxl~H)
zED-%R-i#f{G<RN#zQ%>8B@6tOxD`VbFV3$_2b~P%2hRM+g;3xW1^y!_tn4N^Fu=g-
z%EE9CiBQ~{Mm{-iJfDEGyugs+K{3GJ=Z*#oBw!>@fkr0b+})U!5KmlkMqPNtixJtm
zGW83`1}l^mg7ZLVA}Hu7FhVoPz-x6AOZzt*BAxGum%?vY2%o0ztG;IEG=5_+B=seA
z`1bx<y|9KE4-5a7-CIw4UATu%Rm@S$!~iuF_m$F1@C}tUY+fd7O5bZ<TNkg4h$#`r
z+a{Su!3yyEw~3!{E(I&C)C=2e#?)kd;U_t++t8X3_h99>iG5C$&m>5y_c*J#Aa|(t
zzU7T^J*h$26p?sG<I>kNLCH@uh@O8DC&*eG$zr`!+O##_<7U|8tdjDJ5*$i6S5)bR
zzF}00&X7_G{7vZt4|{%9&%Gr?YG=gre&(3-@Dir(Ws|_nxL)&k-L*!2Wj}bN9nDv-
zrgPoyv>u!AP#IFwK^5_ajN84ee8$RC_w7G_e4fmPx|Fkyz1(uJzEkt5iSGOxOPqs_
z>dwG-+owa3M{)UUb@vlK{&e@$@+0iGAddOQ#<XD(xwu4*VKd5pzML4{)>okVE(s+=
zQxzyElj?Kd>b?X+sKdRFQ??xfo!L*Cd8=oMg({iVIBpb)GRWIb@jRO6$WY3N3rMNP
z5UMTl<dg_3uN@an@Rc+?nnK{sQ6DCMc<}s4&CGmc`N3*KSk?L6iqG#Xqz>ZWKo#-c
zgQ--XZQyP)9sh0gVxw?k_M}@x&3z1`cJbnN167@&n8$nWZ>t<NO^RO62i<Pxp^LGY
z^qr>}lF{f;N}9~#iCh+9I$3nyi2gdiDnHt(MuUANH_vV>o+SJMrnvL5ctiAqM5&6k
zU)j$#zgf1bU%G1f!TqcvXH-@@BoXYHB5YNk-H9oODaFmpls;kY`@|z&L|6jFPq?>t
z;;<9QahyGo^EHvIho<(fC6!Z!NI%jel9JoElI7`uG2xfFlV>#XJmoFg85Z|=*7-m8
zOESE_Gko+sFmvBj&6{5$^0L%bk!EK#ik9?9GQ73bb;DM1!wlJ@k1hL&JZ#JFB<$9g
ze$Ki$U*cR_FESuwJua%roN{+*U}H{3*-EMIaSe<4)v{Pj(x@n~NW3nlB!%8_=Ke)T
z4tWl9+vmEW9RB8QtL*59D+(GdC8T*?{8p{KPkXl5NaJ?WQIfq+Se(@uI-Lzh`Upo|
zGtiSYR2*4U#3^J^^HPZ-Tw#5L_Vd~KRyCygDrJ$JFDN6_LnW9b@J5M;fJ5=IR#K|<
z!-|iFubNFr9h2ar?o;~vHDe4eWCmpQ-s85xM3Ui^gAKI`t&)HI)F*32CR^7{V*HH>
zK6V=#nX_La!;Ikk#xQNLe27ziJQ!=2W&#WRF9f(IaSQ64q1RxzaTHMZP-+4wIu(5}
z;Nsv6(;|$z#d)!~apC$;ARy1V29}>e8r<0I7UE+14zBs=CWLhq@-{g=Zgf{hf*a-m
zn{wx;wRa8l@c8Y6zE8!xob%bqN~>L3Ooq#79j*{&O^IGX<tHNAm!F_ZIG3qw=n<6m
z{s^_capFGNEE@&^?z#=+@nk}0kL{77cJB76msLRE>?izP!*{RBN43vqu8iAM1nFbp
zV)uSu@5y_dmy{O;|FMwpoA0;wmcG}TnE~D}3Xf3@`|+wU=eUsc7J8=JQAZS|m@ZX|
z!bD?*BwjxrixP|4@|O>loGXq?>(v%Fey|Z0<W~OTYI!$l_+np`?<;Ul*)m_JVAGyf
zWX&_We>lcbCtY`~`UB7B)}5b?F2iKa&(#u}ax33_Rm^kR&^;I|bFK^!h?eW#S5qxR
ztMv3wkt_u2CGx0ei{A@uf2LX2@W<i7+j@f^b_4@Y^B({7cc@y;bJFhqy^J7+DAGhW
zd~Uo;ogA&!@DYursd2bArmJqE<x2OC>TBH*GBn9rB<AvPXH9OEN%MWD{FhhG=jx)y
zELN=k{3gp+>a|#JFv_wE_tScS!8&flOIH?6t}hLaPj&QIj2ipMA{C$Ha*6ui&s5T%
zqUC48PEx9+IdV`n%rN1<ahq=Jv=ql2R>GdA1W)xo;PkkvAVBTHTFk2$HL%k(SDz9%
zEt8&a5n@HUJm;xlozQhJ|2gj!@)B=D<a^h`{K%loSA*+<M=x=ez4hJW>^FRUi&`H}
zDLr=1WnljqndJ}xy9rtJt5$i=0iNjBW>?yFZLGJvmt9tn{OUY-q_iF!dE)K1j_>NO
z$eKMl#zOeX_wm<h=Kf6g=9tE#8;%bZ8qW0>^y}9XV;kR;m-JFGLv6p5Ov#Vwmzh)D
z+>zLIR=xJBxqz8$dDBXfKx$B3J4Z0g<ULVTvSWHjpWB?*^uirmr%LTBFTSb$iBmp8
z<u)0S5>IH&+@s$&e3xE5z@sLcuJ@*EP`XmQp*Ea8q%-Hl!dKpBwBLSd$rL_<vG@^^
zv0zYo_d(#{hs!jt!nX%pR+HA-nmvXcgHv@-D9K3PdS;Oniz}t_?vJ&cZ;@zIGWCAh
z!IZ-<vui%~N?@lv{g@Y(YVAyA{Bk4tdpb(Ag!K7dd(!uGwYUYdo=rB=G&g>$*r>T)
zx)LgmjLNV+Hl+-tN&!ngrXr$%;tq`#wXE*NB0A7yQjYSEY6Z159akOg^-mq2Gwa0`
z7S(*eY)WR37idyHv3ffQ+@=LS$nkzefBPA}-tv?|phM-|nrk<1GAkuly>SlB2a8D|
zXe1?qgA(=_wGc{uDG501SfF5e0XG)F&C&94+N}%h1!RR1?+Xi*2^of;uM!HTVAoi{
zQU*D=RDj8ut~PFk@89tQQ2U6a5YH=7@B~>roUzHrt&Re7vFjEo9ldgYTPgji%ShEs
zW@eFDdrYTdLGHk#@`R$R->v`f`0G19mI^IDe00mnkm>VU;W2upsBap9GCNM7>F~$c
z=HL~^N8P>UlL%jqt$v%hl7`88lCI{x@%-(+hTeg?xc-JYC48>V%Km=LYt+sD7K^K2
zc<P@#Pu$m@x6ueNjOot}y>_k{Q(*PM4L?$XRhdbp>azQx+m}k-{`CU4=Xj)Ds=sXI
zuj$1jhhPNN-c?TQ9WSEq@Z3rRe%$?dCDSPjWvI5Zyv(gXDTY6s;$9{08Rfi+9#s(=
zR};F&V3z8<!(Lrc-PIFn7YuC_O^q&odfgp<@J!W0S>O9KlvE)vDPy$Cv9{6Q9-pA<
zqnmoGi1O5fD8tmW%Qb}hM^5$W`$K*w!pDyuH4Hwl0(&{);o&nzjCzb4w`{fD7Bq2O
zByG!;4x<@1j8Eff7;OImM)JaVQ<+&BOTyR=RGV2MM<?d=reXOnlNF3BLGt*m4W#I@
z9;0iRNi$bX%9L-J6&*$ut+9&NH(QxK!Q^IP@{UeTIMv(Q1cA82zpM~7fHbMlsdG*=
z|I)LTbTwbTLC)qN9wp>ugY@vFU;~fbkREzy+)j?8s=4a@$&pkdmrLYRRVwEsp@6{5
zwV%BzugodGdn?Lc?~n>VRGmB>{<d%3lU+gN7`|W}aCLtv`h!%)&R5L^v3R}m0)O%G
zqktE;NET-dOdb`+&7^AXinFT{9vGeK%**gNckMK3JJ0c_sjEIe^AC_%ov2jm>&|YJ
zk5MG(TQ@q0Iih@RcF;&Ub9Fz-&(=9WJj7O^!{W+G=!5w6XID1T<QRL0bj_y=o$}YE
znbOEwHh!Db|4RPk#r3I>sn|GtxBv0(47X2~N_IrVQ7-DM+^B8e$XcqKuOkcNSjm9A
zfw>aH&lQ>CvHIEhtg>T6C(5|U%}4e6jyLW(<JYqG^{m!lO6|t|!6br;yxBSz!x^|>
zx}R85Sv1b;{i8pA(cK2m&N+yYV0~?L`PW2OYLW!Q&1)5knZse}jSD1AhzxMVP)ejW
z!b3|dJ(1gwi}C}0d_h!9Q^>U5V@Pr`L`>lh5N;6Nk*A5f*NsG_Uj7VBFLb(w+*u9Z
z-HfM)tcNNew>+ql51!J&D4`?t$T`Bwz#1}mnqmUdhnFae_eBMz<vyfWrSE8Oph3kH
z0Y(i5CJtZbthYz~8b?>gZ428!eX)Pry0+&~*BqMyzg~00euL|U$=t4Sm9yUOmo)t4
zksKu}FikK!0IUC@&^vT);ISVi3Y<lNdg24?fB?^9;B|nfJy>NmuLCug2Qvs=7QzT%
z6v|Y<T!KIo#6uT>QwKMC7=o0^<5mK29)H}x;h&$P1W;yOS@1{@2nDVl=$*xnYHG&4
z{$~y!ens{_d8kp*mMXPC*(*~-DW$isiv23^`s^gkbcmPumkphQF~&s0$za?uZCEL9
zI$fi8|4R3vx>(a3m37=SZPoYw?UD8ICF|fRfB&50me1n>ja9=iLH+{x!OJ66)?w?c
zHOt-wxw~r3kkW<8s?AaJ9lk2ggX8i)e<9DYqT4l})``DD5pJ$k>oMOayS>H?kz$R6
zCSGHTH*2(F58j_-$A#MW8V*F7ELQVR8H+sWy8EcK-^hD5oMDC1Te5|>$^F2N?&`z2
zD|+$wX6rGFThH538X^Ycq$k!+NP(klM!n3D=&H~BWQ_A&HeQYX{DZeolt!)@ftT&y
zSx3J17Eg@4-M8vS|C0xHx1sM#pzH_vCQQ(D|1MZW2d)7k?&*lwQj;6HnewgQm;!AL
z6W_See_hwsPASVi3rp@z&4^4-?5V+DLNQ0>Hq<uI4D!A<Mq?{RhIm&3^_7p5@eA4#
z^Xy0UZHy-oBH1cGJx9N~*y{+ADpTeuXkX(nx@02+m9Vepj<l}&as6<3X>Q47QgHpg
zeS51fN>W3!`Fn5p{(7}StFjHl4DniX|4r_4Z?z|J%t`(XW%L1l6t_B)j#C3`J05jC
zUtB<we4=~KQavS|eOh&bu$EZhinvZS;5BaC?9@QN9xzfBeJx1dD~H#oIdhObneSo7
zq=E7{?Yq>vYmz;12a%fF$_wCtq|srM1C?1muYB3p_ja|t%-&_(8s{gidR|&fV0~=F
z-xW9<!OtQvk7#kIF>aU$Y0WXN`HTtFWUeJ&p=TFkw2IhMMX5ehywbOfju6Ba%wzTI
zr_^T(-}v;A_hiJ}IV$k0<qcvU&U<eBDVtc)P9PoyT`g%9Xq#*XZv+Xv*a)M&Ovu&v
zqrUt5o#4#ZS~0gGBEpN0PIVqc?zH-tKFOQT*s0PVdg2jbl~-NkZaOhhNVOTxAE)O+
z@$rtw?7no?@IlawMrC{N6$Kp?W90GEpL<iL0<*J53$Kh8e-(V?X_20RFqV7gpguF_
zY;<RqV4GHI+!M=s7$ENVr}mwWEP_789JRTuIq+Wr{-0Y$>nr=smO)!~&rnm2EDj$O
z9z-&Sj~eIL;qmrF%4#k6xvO#Z8bZ7OaL?=Y_0Ulr@hD|Lzp-5tpmGgPd)!tvsr%{h
zjx#Gav-{!-4FxL&r5-#5KmR7V1nAL6$beIp4UH;`gd=6kLg8T*Kx@|!Ub3EKBbsYr
zD;ex^%<gpRRMy;v_g9)DjDI;Bm|o$zuryBIKHGJF?B7m3+^X5!WKWo{*xe{>YnAwR
z^uD1oZc<_(Ypstc^QV`ye!B4$;pppqE8j@cbvsjZfMK}_MdKzvFqK<K$`@dYf^!PP
z!FUA>GBB)YFhfG8K=ZXO9!&ykiNM%|;vNGezYeA(AQ{fo;07e22rvubxG*+qAOJig
z!Eqy>97!YV37$^`RtWawLqC#&Mf%;f;jV!1$eZ(2Ef^>KB{jWI5#1uFJy`L&a?4fQ
zw67SEkV=XEZ!tXm8Aw9y+eN-yHm_LgWr_z7eHfW8+gbg0A{1Q|lEtFz$)(LJ*$+EW
z4wvHMyKFWZKj;|l43TW-6y8BCs{C}Gbxv~FdkZI|2s6_Vjx(BzU<+ChiDRWKra(tZ
zhW=saVzKFKpdh38^K@A0XT9ZX9Y)01{nRn>*?D8<hJs(q#;GlRpB;6a_2SeXPmgBR
z>+NF*88gQV1-(+NBJek0x%N&q1|}~@^%7Is0;Tl1o%NPuECzX0y6auW=(;MZ>z>*S
zF5lWp9%rD)D8anF$3ToqBgswpBudfAv(rsH;c3YT-n{MwzPAj=fu`^T(w4i-*B(_i
zEAz2S$&PVJf1w*W|B_x}7F%7}yppa~6?fO_S=`&c-1_o5Yqs+4DYIvq29oL19esEC
zeIqy7BPF<}$4Z#`*&j|?QWlLme;VFllYrp!CYOIcVB((IxM4vY6m_hWd+_GRc;bt!
zM)}w(&oTYJIm@yyyT(raMd@5l5nl)2Keghq6-QaV@z+>0AT;Eeykk4t?Pe4+&Wu`B
z$IwxBhYmgR9KXVQVjZWBAJQUT*hD!!dfn|cyKX(~{qLxclS|d!uco?Mn!D!7G>9(s
zzNvlCV6JXujZ}_%+s*opb|&hr$qt(uQI}`y{Gf^ZOW&4HZN6Q9#C3MYu+;eN_{^<r
zkVoWsd4Dw8PqR-S5K!FgKg929z9s36z4WL)*S->4FZVFaN0hQ&YF+f}tyU3=ae7DQ
zA%_RpH?3!a6B(%w9k@~PJKIK?%Jb3hD&mS~x9^*USnEzpgey<4RY36(5s?J#mcOku
zm-hMA)?NpV?aQ;npJ24n+1LU$xr(qmavYm$G##`InaH{RJ$Z?+)&#dt!BMHq`Tbch
zs3|y*W%9V?5dw0=!|NPq1U2!fEGtX}NuVpQi%CI;B8lXfzVvvaZbChYzg!L>Ab6Q|
z%Tl{RD?yIeTa>FbI#bTR*{QOoRg$(%F}yN-QqrNdHg>VezG<Vdp|z#y9Aj7Uqam)&
zRv~82uf{-Od0^BUf52jGx>~b-jN5?=GtyDojFy0{5TSD*YhdKB2`^d+1FQI&7gK^n
zVruG(u>f8{nGzMyO`xoxv8=$q@CKcYpa*~I6!>vvMf2ohYw0L;iOQ$F&hffxu|sNf
zJVR)3+n$8NU1n)qtz4qadjI|Qh{yx~N}?J=*L0NG0q>#?(aTMFV>YD;>V2u`CaRGG
zW-|kD@kEbG>3nPbZM84e?a5yLOET&>w<k+y<bZeWQR%B2!y|_`mt1qZzB6Y&s(s}%
z408BXG-+6fGL%30*4kYGO5SU!d@?c5tR|=8?(Q4XmTM|QVq@9Vt-q*WDD=BiGDJ00
z$5Jm<j-i#s`S98of}HBQ@Wtdl?OyV<H;D{rcf-BD6Z5+nR*$)+6;Uc9!yCL{cXEOn
zBe(y<(p7*p^?2>kU85UDHw<YI#1R4#!a%w~x*MdWV|0T^r_vpgBc)qf2~lZ5!0+<=
z{*TXq?e4k@&pq{?_dUnm)4lZ_v`r<)3%V)Xms<3?y)Kpb`<^XG!;_jYR=q2;m62D}
zPdep=JEi^tUA>bEg9cmol&Ma)W`5I1N-8notZ%w3$qn}2@)R%dn|?TQH~e;&y2!A=
zaEBxU@+1w<$oH2S`-1HT0wd<s3f(%F)hCp?(sr}3p+A)RJ(C&=QJC*GXkk%ovTU~w
zvq2xkuRPNVi(a^Am^~le(*r|-%A+MqkJ34u;?I$3o3CUjU)0h49NXnW-AeYaHK)M)
z=9?~~$LYe6ME2QAXs_bg7j;2QIeNxiF8k31BF4UK=a|Fd?*a6()W$F2LeZ=q3&!5f
z{0&@`3in0f{jtDG$khbvy}g3iS124zR3OF}#SbP=;UdUzFc#Bz;_B*QZEVeCWCndk
zmS|1$lfmDaj`Kf8J7Ue>U|LM4G02i<vsLFph+B?tLLX3g5jOVh)NTYI+0iodgd(y{
zH;2)vewmWr7Mt9)r{X*P)EnnmN6k`o(n9`afu%%@yF8(kIAC$gFO>meJ(Q=%(hd6Q
zyPqZ^IM@A1tN9yW){isXPQP>csWqRakaURRaQf*6^6ISRZS)V`zLG=3)oB}Nc+>{a
zcCcfi41m+}K3I&uj<+ecHNS`5!TXcXwqD3lN`h6$DGqNSSU#Sb^q^>sx(X}%3Mwd?
z-Cl@bCisb3mQo{21@2z|lR^_t1|+*S2sJi<u^=WDlZPW@t}0tFxkR)S+EaP8O)R5>
zJQ_3YW}0aIJ$3*RkECGjPlBU`Q!9Om_@K%w3Yd9O3=r>tbejYaBNRD@tcR?JIzMM?
zM`a_9fj>s{DlovmeeACS=J!a(!)MB4m(LL4d8vn(v>4uZ`oNp$kiRhNc(8keN(-Ml
zI282~>PjNeqi^!e?Pz=S3yG^zFY^P9zB>W0dF4vB-SA^pr!TY{Iy8SCO4xVJnIgMp
z$4@|pvvmtvIjdo`3!(^$10bk7w;9q0QiqRd;0kBkNMh|rtmA~U0S{J3oCqW>Y8%ve
zD+_8o-;dZ(qvrqZ+5bavzCT422rk8rZ|%26e->1RvveO7l&N;z&0#8k9WvEk_A$)?
z{!<xk9K?o<Hs0eGoRnYw<v`K93HS-o#HuZ%kCIM5;wwFH;OA`_kvZ@a)~CnUQba@Q
z@H2hcftPTO0w{d}Z1%Sr$0u6gFfF|Q2XGxf2p%oJ61Z4B;N-Oa$Hx!jSpdKVScr;q
z3xLxpe{>6nfU`2*@U4zO`UC-O<#yny6mYF<>z8WO^wV%xtIqH$GbDBRq+oOx9P^h>
zU(now8oz3rWOam68!4u08!3v94E(=~1c?$>hLW1;;idd6BV~L1I~<vfkBTk}yX|z}
z_?~{o`~W#+>SYT`#bhz|#?fa&_Z?Dg38WfH<3FQPeC75Jq{{WA+9$rnkGtisgS)uo
z`f-i%uFO}(l>z535I;Wkw#<e`iOja&2OZ`UO4<{N73?6e%Mc}oK<-YAE{KYp0!Qgt
zu~pxygc~OnI0<zWf_HRVlu98t${Ym^9TdB%sD!Oh2UyATs=Ug+R&GBkiL)EpjAfQ>
zyOg_zR;JLr2YZnbkmFBOh6X~v6VIR(PtLTr-|ND|TdBd47&0PJ-DM^zSCpBs^Q~d&
z_qnz%Ei*Ac34Y4JXRW?&bN{3bjYn$<wHYqe3z|!}we#!k+^XwnY#GBS`IyuqTfNiz
z&RX13U3-%$z@?<4()*8oy@XTC_;*M1_JJoXw{k{SSzaysT*`CUF#$X3C0zS8+x&+l
zSL4rbbuLY<NyejP+xr*qpJrYE<xOIS;ryUv^?2!ja+d4;Vtc%oeGP96R<GDGy4`YB
z$>GLYD;S+v_3pr`?YEqV9Mkhy<_2!*72>Nj@M>HrP0XT_0-t`>tEwIaXzMFtbUP$8
zOI>6rX7?c5REwB4EWHwpkOC_8T*xYczLw4h(x){|Ls2bEu39yygB18NAv1gjaiMKJ
zd6LW_a%QGUWMGt0!s6<l{1z9i-v*1nzgx%)v1nIOu`s$~n{&c&-W`Eco=6T@!C@-c
z>5p|ZDC{vgmk07=b)XYB^WQi5XJ7z<BL)PH?+70CMbwn&qh?SlTFt)IcWBHZs9|yq
zA{3til+Z572Qdl!l^x6fv-S4I^0+)t01;3!_V)hW=xg8RRNeAl_W%=UB-G7z{J9p#
zOGr#<9(EA7*SQ9)&>x7sYSgrIn5zC}W1Z~A`TF2_eBe$G5Ae`Kp-z1dSi188{8`s;
z&(C|U1yyF4)_<zQS#6K9@LXYhUn>ZZq4fPm)U@|H{mC|U_#Xg2aeey;fPS`WEyGVZ
z{LgdvkYXw?*AZC&Sm^%_B<{2U!0LYoUDVitj~)epQ$@RQrpf<@N`W(!+yt}vw;t_r
z$koaR3$SuwdTkURRKQ7~n(-gCVK0-S(8`-*uV&$O)uH}kM-M=TbXINA&z7NzzA!>}
zN-^XAk&5CI+lIXkSaKI|YKdPNap#Z`HH#Z?^*!2{%A0JiRtd9e)Ub8`M-%1VLec^`
z31SoQKPkU%0khw{)WcK--f5yZ&4q)8y=e4MZnCmu!n0hg-;&k*cKY1#!gd8#>Uck!
znqJ9jvtG<3aSBHX!H-Rj)_nT4cQ0G#Jux@Og6h5n7@t8h8Lp6W<13wnfsgy)eUS2k
z!E-1|Sk^09K^gI?7%;2%KM*-OgbLZtO_v9fJcFsavZDHWsPStjemUa^n|!r_YOML9
zCBd)Ao%e}+wfj+nS-~5&fmg**grPqbphirs6fv7N%L$kzHNRSDmW-Odx*ZOHD;{nN
zW@Xm^uu;r8P^^V@cN`;Q#f-M?(zs+Gp`{$|{WE-Uf`LT8MTE_vNl#5}Dn-)ipnb}i
zp9LSi1`&a>;MGd#k#W@JW7BBeK)4F46KfSCS@hZ+&F~VeH@jvCLQPdQxQcb2W`!v-
zqBcvebjMbYA|Gd48FUP@FUTwzLk1j<$acggwcg4!+{B3~)OyDoJ6WYmnHu}^H?+U5
zO}DyA9S@^IZSZB+!@(_H_u9&4FL5AYB4mTM329mYJXdr6ej)TkZfjQpd5$Rbv2Ctd
z2I;Vr4D2O(+p?HcbW89v?!Epds*l<{Vc<AoRB)9*{~N)-o_F%X;JDVRxZk1|ciKGC
zbeA>m*f4B<6gW3ZUg0SBm?B#@nPXN%8D60VOm4CYo7zhcCoLkoqoQ3pCLw9U?WLs@
z=WU1*MwgH`cr-085eO}8@CFL3g;Cts)}Iz>IRI%}v`PhxLxBSZ(Nxe;cqIG-eK%tK
zSU^;ZJ{B=*wjwvEDN|u~RnhjJ<>J``{<ty>Fk#46HYp0i)gF^o9?#qyPgI0f=qEp=
z6g`{wZzx`Z9>H#1^PwQWq=4wm!D8of%Nt694>fg>9y1;T4q}xdE@~Lvf)tmo6c>GU
z9t%bgsWEfBwk(v7Ofk(y)b#WHX)pT)t$gIo#@N3AO^Dx*Ay^Mn2?&dbHg;0BuQ=iV
z|A;jk{e=;vmgy(+_|RtQBArM2gaL+${NEdZ6M>DG=1{4xvD@y(zhIvU&j9NKTt!b7
zmY*P{pAp7aHH@!ZAqhi*Xl}rpPyhGKh#jyu%x7(7_#Za7LTFXY#$;yeP&T;2S)F76
zvs+)E!_*S1KFVf692Jx|uwS|cK-`IRE;Y<A!ADs#2#Lq9(O>-mKjWMN{1UTufN^q#
zvtKa;4=JFEdZC@F)nTp#i>qbHUDHP2Ex^Q7t16Ri`75&dzE@H6jZ~E>?k=DLrBVBP
zyjPxZ(jV)7M3c6wBF7qsC(foh1*btgLnrKNJ#l^6b>Q%%*)l!s=bB3DxQpi0*hhCW
z_M}b9w?OAsacPSbFRgRrB?`CMD8=C5U?NwTPB`KasldV>$E`(8@_-@8Tq&8Zxe0^1
zRIr>rgHYX)lTr1QI3Q8uJaFS=pMl);UoEx%hGSD+ojqe>>sL_5{)mB3+NU~0Laj_%
z4yt<PUNzu_9y)_%iu>nYBGS!{9tUrHrCz$5#_4nWwl04Bo`xu%$z|bdB?@pBNmOe}
zKtc83=^Ko=F=@+DUW>&)v6#}0HQqwucSH8S4hniEi*tmEEU6qAEMtuLuWe2BsXds3
zCb<Yc?oqzvjd$YnsIQSbSr<Kb=ILo38$8aSGxV6a*voKKCG^W`{s&SoOG&NUeA0>B
zM%lA@K~l%uMji})s~~E%H#u1H*(hv%7S_3di87F{vPMB1??Wjq0pTDqDN`{h^A0bX
zQFykq*Dy;q1*||x=5R>R5oA@4J`gX$cBQ^8(SoW5YSpkv2+D4yKm;n56ciG`_Y`oH
zNxM8A#L^x7`JO&G=jcanEitqm9UX`3zL8|z)Rd-Sj>HfQ3ti`{l><7y?Ig!nVwrn~
zN10aE2$lhbAnny+{w&s0HI8Q0o>QPvMBn$6D}1@sGfs>ZA%kdHQK6O7g{?VO(FDS6
zsCdIxlX_%H9=LTsc+|a&K>ZJb0$7I#9L?-UdHEy24n;vcXAZZ<2Za8BwzlsX6PdOZ
z0iZKCiw2GZ_Dq6Jf{h`sg^G#GYgc9v8N2Q+XkB3>>a}nf82Cp(^mNnUf-3ckz|)yk
zJ;nBe_T{g-F4}m>Hd!QJfjbz8j6g(uFL691n62bf^&UXN(19*sq$>$0#hzM1Kk9mz
zR1{p!DocJn)I|=6$$Z;_B%h1`O9##a*<|7Qo3TK$<Tq}rXw%7JxU*;~%!Hn!;6rw+
zih_0Ue4fY)bFypzfPyut`2i3#7k3_+2z?sb%ZX}0*=TW_1*FnSOgun-JP%aN#)k|z
z;VgkS=>20a*?pFZ<08~z-&2#RAyT;6Ury?<2rURkX9JZok`_qwi=6<TPLj`zV8K8q
z3sTUUVQ&rx(PO_g3Cm_4mAd8WOZv%y#m-{>4Vh(;xbhuRrlHA$76bTi)m1XB&KW@>
z4?A#Ntf4c9a+!ty9QpEXq%h4zxwtyY=#0L5#_NjFjzww~GiR<)H1i`Mk#`TC$bz2B
zG(1}ffSzqRe!;SaW-!gf@HWN1*sE|$f@Xu!F;H5hUU;*FSrNyp1!=~i-F?W3O-5;R
z)heEIgOj8_&6B7~>yPtiCfQ(6X508e$eRVl*pSa+j)P<wCEjeUvg2q8rxM?iyM{?J
zWt`|}4e4OhfFv==bi%^C)+DD6D7f|0(_I#)G`Ipv8V@!*y;<Xh)PAL^8w>_g(%*DR
z9`A}c8Fz9~Om!Rg9Z@)254=*d#_w7~pM;NC87k_jw|^`9d#5Bi&75JemY1|})T!QW
z<YF_?&~ZMDq}<#0x{NojYQI)1EUaq8PcPF9NxoB&|DAZwd0QPSsPV1nBkV=9mWo+u
zJp@tRCq(C)l5Nwc9s=bR{8>C2F9$K;Movh3?jk9%hx!y`uw_W(W|r?zg|R3+?Tm&y
zs)>t1aUEJVk&5Z+M?0$Ya70{FEJlNmWL=g=y4gpn0#$Jr&TF~3V)H^XXXzCAA0Z8L
zZadBI+(QwPl9g$!TUC*L+!1KSCA4s|Hi-76T;Fqy-!R=l?kskJgXosRg8#Q7U!!~i
zGGK-V33r4%Ixy0~>OUp1CN%a@D*GJezpNFN8I_qhSs5LSO{Mh`RE&5AsMA^HxvPKz
z7S@!ngOtR?jpI?^(EMbW*h1Efmoe3`RMJ<7@$IXW{jVJjxi%;IQcs71xb%d5n@dWz
zZc<ht#mu<q6Dz~eU8##5O()nl!st=i#=K!i=}|$qf%nDarJ_phg*s=#HRJaribC^7
zp5U+gm*Hmy03}|+wh_D5FW_0?IZz?q0a;-$xoh^*-_rA+_Y!h|0LEf=l%<yG>ZOON
zrvD`hFkQ#Yb9A7(Ec~WMEw@aVoBkQVroO2r;%*`1-cKBr5n1&Vd1@~NB^@a--;pi^
zg?1IZ08}eJNNMs*nTQ5jW5%t5(iLh`7RC#`1(|eeRJyQg?up}rDp&MkqA_I!Ok*ZF
zScxrz8+YVJ)LB{|#`~UE$Z(d<hsVP7Y!BBwsM4o=lnkh@^Wuc=Qc0lrjtAO;@``fy
zRggJp5!`)zJ$`#@E8!Ln&A36OHVFm6f}u?r;Ik28XTS%B0Llc?`B71%27HWtB|Qj0
z%o<qKUxagB+xS&SXR|maJpl^g@v1hc@eXGBV;Mbqu0}1CYQ{&6`G@P6!bRigWS{jS
z?$@)?rV$^HDAvoUZW5%lT0VfURcNr%<Hx?#umWPsTW-KRxP$VIjhMuAR!`Nm**3y&
z*|G3tA>9I!td|eC#g)kqo5<JEPW%-gQKrK}sS=fm6DtT%-YWA`EGl7I=ZU28ejIJX
zM{QuMpxlwD3OA{W0NgPsG!o4@x@?unpqOol%s#|D4CtMbW1HUwYAP%I0mf4#hq|a?
zwPP%k=X%(M5aKug;q^9hFg(s)RlFOUxQp0&hRWO$Ij)*u+)}tkp!+Mju1y&$1Z}5X
z>1CToBZqh@mS5zW@@}&S{vI9pb*2k^laQi14awZj2Lb2B=cOE^C7w}b;ubUSgbpJK
zWpj89@rsq*CmJKiUiCoZJa9z#k)PqCZ@gX&cV!FheR%F0y;N*A_5ne4TkHSHnS9eN
z)oH6H{^S$fv5hURZvMO5E@?k2|JdI-UPXW%mXe+^7{z}WZCpj#@M`B3tfhM1!$2)N
zt)nPr2SHTKiv@`1Ie?)X(L`0;(AajEGItSrgi+}rCt)<&LFk*+VghWrQhIu3^)Ld&
zpQKY2C1nicJkTQMw1z3eV3B||0x=9wtOB?Y8YJ~mz-|U;xWd?ovxz_Bplf@fd1@YE
zr&Pd-;;KTwz|yeOwK=I-Bsk>qi3bsSa6VlJ_l_)YdrH0!Wz7e!{P>iGZ+_MKxC!6`
zsc2JOy3ZRRyy@ZT0;L%#0DA!UYfMOM8M)Dq1$`1yx3?HTYPh6{4CmmX-ClUcaP9%5
z)@+`e>OdS(T=BvQ=gejG&G^F;&PhG_VC_0(N6Iq%hAR5InL>Zo{HiKkLLA-{44pN{
z`MC#=(X{h|K{zI=`(t6MRn~$UPwS$%1{thX8c>PO+2z;x`QM=-`eRX*UOwT}p)ne(
z!2D{BzUv5@WjTE{^v=a)7Pp{GX&%$*{oI1PTgT_`W~$6w*(T};5ZC83i>~m2b8Vp@
zd$$iv$=_HORGai`Wj_D|h=p(ihAyfVc|kYXwqIMHgv@CsHn7Q59+Nu`1mP9#H0Nhu
z&LfKivBKQjA{^_p?^4P6NzzVBOV+DngI{e%kqwVrD*DWotq6WYvZ;E>d+$cKoHerv
zS0t*_S<JfoM|AusxP5P9!Xxd&^JKa6sN!3H9{AWKJqbx7HgUx30t1+}V?SzO*Q~4>
zs5%XIyp4ObgU_AocSx}s!ks$|C_dc@7w#KJ<iiHLDT=kpO`czBym`q*Q-^axIh*Eo
zrh$C~(CPx%-OlCKK4R_YTrC7MjMAyKev$1r^?fT7HD{gmDJ<ZqFv+F#)2T!N`d22;
zZ;dxz4!?hdoa#@g$#E3-=4$_TjOa2=g%W7rR^K#f^!Lsx4fsL5Y8na)b$gdK52oLp
zG2V-6pC9!eJJ!ABkoLsW?$qh6Z@?PbPY@#*dvMae4@z5$L>M{~-cyuY)tGcjBjy~v
zm0Q`|rz>I9s<*Z?P;)$HGg;=hD&v%kl`^B9gHbwtD}JEpjHB$xG@73XG&{9{#kn7Q
zPd7?ag@PPXo-kB*j>VTkg2;&hilZ7UOEK?@WON8AXNh9fdm*{cpa{(&Vq%FR7RniH
zL~Sac8O;hbOSNgt+7;ho6CGb(+K&wH4F*2DsOJKzZ*LXKrDtFKH&~Vj?p9Mo$&(;b
z>_U=CElpOh8BLH8N+oCFQuJ^ug%ZTg9WDA+K*0OlnV}%tYu_nTQ9{&^(W@nqPT!I`
z%VjO^z7i}Hnin?_SafDEAYnGvHt|bVtoXRD&3(1uiAG;t;+w0Bw<>#|*&B}b1!K_e
ziItpls>axvwZPceq@HpE;X~LNyMqt}RC)%dy+}zx6^A%i2M5jPIZGG{s&j0FCN?80
zHYGsbW&#2A7}t;BSSn2L3vJx*)TqtiwC5icVopGuZQ>(xcbek!jM~N7Mr=-6C?l9J
zRLNmz<6BK*?lmVIaRfR@3#yMBO#Z~du}<2L?qYd`j0wi{2sFn6a!!CC4)kyy!DfKq
zMMlE?9)eErg|IjQ;G{sTLaDhSM`fz+?8-<|&XkH6&ghhw6i<9IiqC2~wJIA44$$wG
zC3RB_fEYJ%wPWmLXaDzt>zbZ^W2w4n)psw?T#@Ij3=U6gt>1L3@xP*o1nN^#JjA*h
zwY(omd{)$qjD{o2rR#UH3t8qMO~&$5z4>b%=q}SbHG7N?{E}p5;nH@QF53OE`4cGT
z2{ePca1KaulKE>_=Fm%=;(pHn2=1pnQcSIkmqI>y&)wX~`_qHh1>>B08t!EJSyf+&
zc4j3EWYa{tS~CEwaP9dq_G<w6S(YVtja)zc17JqV)e)Fh`N2;<XJ_H>Pb;AP46m3G
zw5EPJfSOzpLoxykc<wUXSEE*HGZxI|dJXS?^Huo(NFf3XW7OD{ye&hy!nuNsCq65r
z0RdC>2r8l6;6Ly+sS-K2uDvMG&61wl+)7M-5%WuvVjVL@HmB#4Oa(Rg8*V{)2Ro7g
zfF6>a8WFr%?^FXfbE~7R?(fF^EBnX5$&8iLLq=?32trkq1q$jqN5ZX<;%vjps|yd=
zeyD#M50?JRC_eBk3<q=omlu|NbhK*Iu>MpM^uWq=T6PgonHm)(LC_|Fc6hQ>iT#nQ
z4dUlRwlZUkI;99-HoL*vz=HU#aO;W+1<~IcqAHspy8EmKw?)0fQ*F{io23&gm+W~H
zn4f)l&8@xD+u3(cAFqA>fiMJ&dI?_sxRL#(E7#;COD>D<a3A*+t}$r^R&!*t_Z${@
zyXiQ0=7;`MSn?mJt@c5D@}$=)F#Y!eQkGI<gz{_|E2j&K8L;9z!Mh70DaU75QI`v{
z__88$e(jm5Ffq1ZoSTZI+`J1CKL!wiPB-gGWw3jX0nMIaa%=&j-aoQOWjV>~71kp6
zRQpwCLs4M!_m`3F0q{FFSvGxjMTJ>&u#B>Geo4Zyli}K!SK*tUPU%yV?;*{wF?o7z
zZYy%)xFTv0D*DJy1va)>t_~^rV91N5WNkiWtr)in=E(eye$Z^e(4;moHkGuU^$TT^
z?e}sHt+8m!yLwo$WHHfyxG4@!pL6*ziD+ZOvol%WG-b=2VeORRr<GW3XcC6;8*8!e
zPh$RJ47Z;9N!mcXFfB6D*r0eZyLwD(yCx<6bYXu)KwY0h@=)q;l8a!+3y1tR^UkNQ
zpl(Cn`OZGx`jg|wzk!A7^EljPy0CF|R^G+Ph6W|M8G5iepACnx?h41!3@P&fB=r*a
zJ;_`wMioXs8V2AWQm_lS(=NB7@gT+WAPALoGK2^w=r+$}NDrm>Ob*%!5u5=5Th6rE
zu}^|sFf=!#in*v$2VkGkAYtti9>~`jWay=5QMw3AwFJw4#f&Jk9}V-7?PV{XagC}-
z{&pfGkDYj(`rBX}N><8Djn;Q?&~#d9_m1C_O|-JE_Bi)_1!{!?(5Gh8jAiBqT*{Y6
zzXIg_0Jbf6Kw1PVQjb=D>}0)DbqA1T9V9ixDjoq%+?V&nP6Ha;F90G)G_eYs0zixB
z5f$MHq9&O1_%y4h!6=dopE^1e^{klMuG$A2is(Y_(I+o^#|8Xecy6_a^$hZ@gSb&G
zWo6`;{NCq%<3>NCuunPRsgooOPDnVGTr}n^Rf0dKIdwFm$lBVFgd~QB(%OB@6@mWb
z8CqOLLw;(R74CM^`74!{5vhqAp`A~E=Zbxl?(=%MkDFTYJlCj42+^N@KVwj-#670^
zlBqenwjd>2xg<<?sE(9Fv8s*skw#t`on95vLFH3X@uTB$SiNG5g)hDftcj)mEo2#?
z+1@>m|HewtJbKW1ak=(Q8jw71itHL31pyQ!*6sa0d|6&hk?9|!+o&Bbw^wQ-PYc&_
zjZ7Fed-0gqOjh&+f9LrUceMpHBpx&}PU--C^!TX9tQ}L0(&}aSf&>0uYxsN_ezEiR
z30K6GhUZi<n_`M!uTl&^hF?*2Dq;k}Dfw$)jRnAuhh|r^<f(U2YrOHFp`Jn?e71j-
znVv`VH7~*v)tVo~H7HSO7?-U@((nQ7H6M{XX3VSmwwNhErTrb3%CY77vkumj>}pGO
zogJKdb;*Y5rnuu~J@bZ!*=UB?saN9^b8-18I3v{^SQIn8BK)h<d=8~O;0&VFP&-SK
zKM~i9cbPAHvTM_u#~pWA_~TxwOin0Dgt3(pAKj9A?&d!SoBb#+HARxq#qP71)rT$B
zS}fP;caA3Z>6T@wew278>10+A)q?H<Q03;!1hWNd*G_0s`(=o{&dw5Ehm_GqQIk}@
z&NsSoIdj|2+EWXNki+o2v}B{JEQm~<ze3}m^@H|AH7N1luTp5wGF;L&?i-=kG%2!v
z6qqh9_!Lx~o_igYFhnBU8gQP(a+JL!E^(u+v{~q4fOGo^^+~df?)~e##Abc1o(f}Q
zgvc@j+X(vSabS}oW4Xuq4r#aum=)w2YskwH)&()nH4Mv+i(pgR$Rkqlz-OH6r3GoP
z1i@D{>DV7)$1-?CM&w_h7?okiTF6WVX{QfH@o<^3=>JI<(i7se(k2Mdk|i!(+{`GO
zJ1ET*7UCQhQ4TCaiS-v~OLW%pqChZDaCt_2P2(9y${_ct5>vPwm$p()rc`wH^!|Yk
zX`}Si#((SEju}rh7BxNCTLg*Zv>x%VH2Q6f#7@_^tZq*ebIkZR{4Q-^xz|C4BGH2Z
z1qu5zz6x{BdFunR=6Y?i#?-S*wJdQ(e89J4WXXI8<DyQWm4Bi}4WeAYP6&OSj)xXf
zV>2YzQvCuy<t;Aff;QVh^pnT&ji_v_1RG@b2Yhvy9sm~FioXAqT&2U@sDy<O%Itfd
zn^{d|JJC@=&^*2TTy>|lq;*_siTy_L75*Nf!%U6qY8A)Kn=#3%DB}GjLTeR~5i2T%
z62*q6arw@`-rk9Vl`m(y8coe|Wyo<yh*fadW>fsOaH#7|yprazY>L2c#XVonlim8N
zo<ormHyie~;vi#FkHr}C4F-0OEuGwf+4tN|@kU85@X96)gQ{mbC6mA9($S7av0!Rg
z|3C_4>Md#+^j^+0d`4`m$<o>YY8FkWGqz1iOhkZN8J-~#jgI)am90wl;*VrSeS0-f
zy_K*kFQtT{?vpKFz)&{G1~n#DIbq?HYn0M6W)Q7~rh~ZfGP!3faiz*FkVawQ5<@sS
zDJKEs2{Q#8isfpcg7Bc&B11>6((3LYxG7#+gQ@k=kD&2ISWvoB-L3W}d+aI_pfd>3
zWYf$Cn7YMSa*`-t#1tT!Fu->b=YtNcoS%{YcT6p{%E}prbbihXFnE$V<YIt-=>VAy
z=uBY7rdf?~9~j6_#__z=XZ6tUXy&ojkMMZi(JJaxF128BG{4eN^9vqV?P1e#{_NYM
zlbr#aY@u#<rV^WmZg)l;Gp7XaGyTtd@y8DqbzCW%MBnbT(?(<JLmOk=yVyC@o?R!9
z?fZ)B<MfRQ<C8TEWqoYz!-C@O6eYrGex{;SvJ@NJi6)7Ce|ntnebwcMn&H4F{eb%-
zZOu_4tJi1WkaV{^o_8S9gTiY3rgR|IX@)~$zgE`%A83h=F0hX88k?pwM4M(?HVt#j
zbEomp%GrBt(pY=AKYvA3saY#14}Y4t*>8<x%ElpQ=LUaiIQ^<%G6P`f)X7W70vb=@
z=rivtx7;D$^~!8xiJ#Do&#DIw;(;cUwQJniZgtgaO0|DwfBi_pU-tVIoFEB1vNj#4
zI={LI@R08Q2de#R(q&3iv1@B-ZSh=y!FVFz`R8Z8bs0ua)4uAb^%TGFt31|Q9#)k4
zne8f0Sb41RW(NO`p!W;W>Fe%*ppKW9w?@K3-d%1x8bg+|_swF3FGik*$QGe|8<$Od
ze5xeCW@x8*mwLL{eAjr$_%krlj4`Y?`fl!!=x6Kc@>Bf!otT^Y8AcwzU1C{uAb*<g
zsrS2yc=4^@RE^=R`d7mAW@=)nQ850uptSlj_v;ldFDZQ)yZpB^>CL(fm0%6Z86(5}
zT&v&36Vt)%`+riJpLksBdMtm8oj=xab9Vd@9g!Gb2m_R-S5@f|gM@oo{^^y}&9nmS
zyx-N0;5nts@80ULw6u>AOUum&81?9VoyO7NfXuR4mG}h?u{W@-ZgSVGv$En`EG)#R
zUfTj|Q2WQ=ahB{(eW$9C*>T&R*I)-)UH;n1a0wfj(gUKZ5&|88F2p?G{^h88jt4R2
zCHxv+z85EXw0h_L`X8vZ@|&)UbFF%J`pWK^Pgd;Sy}rFStlN<2<R(mZ&b2U8`_!@U
zs?#pCV~1Ij&@^oFR{}7MM}X~`{i%$02CtGUF$>Gc&UpUM9u|-4ldZeW_5AL+=I@>{
zX%;xP(u)^Ioqm>$t;Q?~QTcm;@qdF5YiXfr$o+$klcl;knk%Q?&o$Ltlv6p!w8hHn
zo@fgW#?I86c6sLS>RAvmcH-A7qUb_tS%D(PC2pOTL;f0g|3I968jKM_4P4YIU{*s3
zVmaxwZui!Duf&Vq{dhd?cz{&tgEOp-c1s?!co<Mdbr!r=&jOLsB$>;oE;)4XZH(gH
z?CrWJ&}xh6#r(oIl{NkM$uTer=IM4skDE9^4%QeVy^q~U0zT*ldyIvLMpTa8i@$u^
z{_W&#fGp0nQrNkd{1YS2F-8&5fMAZDHmBN!qdC9c*kjXJBRL7ChvZ{Y@2kbQE@v3`
zrerDZaObEsht=5EP8Ol?1jZQ`u86nE%K7Sf+Uq&ggK3I6y@29YB|^v<Q~hgBwNJ!s
zb%v;d^^Q+y1<|CborWPfw(ZK>!~T2+$<gVn=3;VdMObw5I_}V_<cm+<!cyJeGJb^x
zIK(q_+OluZJAG%@;j2h?q?^%bJ;)Z6l5^uq#nOED9r5K2aF?(St38R{D|w?55E4Vf
z8b9wnEJ;sI6G;z$wTxK`og#AmQbx(C-~Xo?x9pX-fk#D%EQaQrgZH2f60|p=#ToIy
zm}C+)7zX;gSR9x#B}RLM?&>)U_n@OB#@OLBVX8}uYB`SbNl;yf@=!aRWiD)vlL=b~
z#9&X*w)~4=;(QAt(Xrn$)p4|NU-tf2k9;@XpqmjO*!bgedY|5|qYdFUgUHklmUS5J
z^UsRk2se0$O8B|q&D0D;w(mbf57b>DRN?BI$j9MS_zVlBRz6;^RxxB2@C^<tm6MMN
zUSHK<0i=--B``a?{PJO+hxXbZ8O>Y2)>e2>_T}>?;|&L{a6i;LY^@puRPywwij8{0
zRm;7B9!a26`#epVX4Ic4egLJen>@PE0+Waf>}OvFV^cF>dULd&OVUb(Lnv2LhCLhb
zPPW9A8^9Z~V}_aBzGVyMRpj|qrlMQOEyeQV3x>u#)3JbMQDDUwRAOXcnHi@cYTi?a
z@+n3-;0N%6lcm%{F11nJBJ%7h9JF4hlCXmJ$SX<hgO*9&Z)LH6*=DYX^{2~>_|}@|
z)eSGok@mg2Tl99&y`20Q##*ERa9RGxHpiL4S$Nit(hfSpYA1_FkU$@as|TdTSkGCH
z%9PUp3G5@i6cP!FRe2=5h5}M^0D_1m7Ggt>j0xvqcEdGypD}qsx9D8^GRI+D25=cK
zbE+pV^?^WTU;h}WmKtHgLAuV>KQ@vOT)I{wgyW)O+}jA567O{{{Yz8(kQR3-ZwfsU
zVY!49$>(7<R88uvf`Sh?Tw3?TZ{A(#g{L_|+FV96mI>{$EbahC+@zX1d?zc<9bawq
zsC~^rJBq#YgNgJuCmx&GTE!QlFw2Z@>mK`FzD-LBG;%^;mE8W=fAVhGXKzrWoVoHa
z=NiS=q<)vEq!837n>t79u|0XF&$#ZK>2h^?=+^Q){)WH9;aE14VY0i<HY(?Q1>E2j
z6R=Oxbb&8{adMFI)a9p3o)X>4>x%xwhi=N^rC8T`Hzu?`?nu58$cV#9eP>`&#Auz=
zWRG;=*J6W@(rS7PQ}uRt-9e0>yt@7bC7}rn-AF6jY?IhX|6z!FZz|>D<jiw??6qpc
ze=?8fNLXf%L?L^w4-<oZ%af;Ad|1v<(_Uqqf1btdpK8VCiDJuNvjC0qS4ZK0h`lYd
z`}wgGRXcLeu`>W$`A%E#veKI$dZVnpDo_fWLC`}6b_!->cvx%m@C)RK4dF}F7T<u4
z>E3aumN;X=X%?@iHzv~~w-iNQOg-Qls-dmX*dMg<o!Z#MG6@$E;ILMY8t$wnOB8u+
zl8&TgzS82^B`qtdhFEi-Z1$bV;AWUxs|X^6uMo`{PH|)7+(;6v=Lg`|ZRI8$h<s?C
zy{kl}&!X;klSMMOyXY)hw0tU#mde8xgWeXum{IJ657|77nTr2Fg#SQzFBx5T5meDD
zD3vMGt;U`?-U|8uKs>jrBu7X7hrfe^)2hbC>8#jJnN`bb9a<**{(-!fqOl_s6?Pxi
zu^)H}R!7&rE+w7ydQ6K!v?rRDjGhPadJ=u9eA1k|B0N5L<HB~SVJtVS?wxg@?|*xH
zZ({Ow{gh7s&yT!ZONH~*w`S_49pnes1IRxoJ1x7mOL#2{^b3}KOG5NGh^_Ibz0Rvw
z9x=bCze@+Dn=J(<4hVOEP6d#Qx7U+{mYwx9-`Y*2MvSxDVsMX>XxaKb*8;_lm%Q~d
zlah?CW?bBQ{M<bk7kyHEZIaEt7ZO_AvFYo0w9VltdweMeSg?O3g@$@G!6%u_qsF$*
zz0P{&!KFd%_FL}^GxT_0Cpq;q3tGK9P#4u>!Go9x(>?oBX{qh_wD3yoE-B8*?X<_g
zKS}&!xu9L=tV#92=1kzxt!eFFQfJY&ASk7llO_Twwu?Af*pa_k)DLvO%|TwL5nZ)n
zt%_z^2Y2i~Gez{3**a;ao-qrUEbZmzjI}&<K}Xh<RU~~AdfhD*)O^#dvdI&Qox)Y+
zD4`UaTJ6%@ozs5hcQp9omQ(4*6R+vu!Kgm)mh`M;EX5qo;)BwvS#p$pV~QLZcygCv
zUegy_j3ra;QD>dI;`-sZvB&Al>cn5&dlAb`8<vc|*ewX|rGHS@(@|CSSrHq(MYh#U
zZ@#nRd3F-M$UJ*lU@)dZ*u>Z92n!sq=kd=gl|R1Y7JZeb{KeiEqGOF^QIV!UuVYJm
zd#1~#YlYgT_TFk;P*;Azv6`J4<O@v2#inHr(<uodj5f0`F8Nx;nObZP_VdvBARpq*
zH-ySBk1k(?GEVSfFWk#SSb3T~sI34kXE)$&K8NY*IfBN5If1_M;jKeqU0|!TG-qqC
zIT#__m>0G_X!9*ye2IS2l;oV@g-^tS($#u6HFaWOd+poT)4Mg^bDYXUiFtbZuN!ek
zxyxSF$+_{Sfj_l5%m}tC$`4dZGN?3;l1J@?y`(y0tteWBMOgR(ojp;hW;vDie8Ze<
zL2Nn*je@2kSa9Q}Ob<uV%5|qWRPcH70Zy0|7NmxIa)Ryv3r?Jno)3#EHYb~!9LnDz
zM<}mLytUtk#(auPHmp)Mz?iPYQpX9?<j-ptS7U!AgA6aC*OZ5=8%T-4(p@p!R*JR<
z%d~Oj=zkNwci1jW|1o>?T_NMh)mD;{4maIW<}x7uUAJy?jS~rd+u%C`b;9iNJ(k!E
z)=KqMYVmp2T1y<uB#+xjQDZ}64@XG|e<=7r*tsH<GXj{UzzM_=IZ4b%eFCbdTFQUp
z2p?t1oG|S7XjV9=oF!TSgv~_!1dt>^Q66_M6wy`1;8a*!IdPl2w@@aR(Tx4EDyV*1
z{iBCkscLeevJngMHx9XFD`&C1pz_gLf6KbVpsvHqp=p1lvD3+gV43lZlxjqZjATm7
zz5Um1A$&<={cn<L_;r1B&qtm-?%+9_NI%hg<MPaEjkU#=;i-cS1w@|u2RpAk%W=Qy
z$es1JP<m{7UB`u*A0vCx&7LUKgZg$imJEzJ6OG%BfBov&_B^1>j=W8}->*cr4{Eaa
z^V{N|-X0{(WgM<CF_VlY&^vs`*|83Kz0>Hdvt#S&x$etr-1vFYZR|(ergebxo584c
z@l@o?z~752Hx{>5?v```wogy|<zEgGR+rc2jYv<nl?G*fHWZ7NBN$o+%Xf@T4h-B6
zh^xwML;Q}5tS|g+F9U;DdsoK4q;Kr^V}LwyBbgTz3&Kxay3V@DbuDw=De^_RhO#<w
z6z{Jr{J6My7%68Y@{9WiV!m(BwBq?{9}+j^9iW`*iih+UO?oeDtMbcif5&!dV>qj!
zjyB(Y)!4Xc)oHuFHGu-XD?`}Wt;+Tj$=O>T>3S@}%`;R#a(;u9Aodqv0^$#^S*-eZ
zP|fzu{GMG$X%D!&DhjdaNBwypUF;t6jkcirmBbp^CNFhg%%ICX^wMC_iSDXnQCtsI
z=F?qUUCR;|_O9At)8Oek{7OdIaza`9atHatT-d1847>sHL`j>*v)B%GRK`p(%^BG%
zbn@5HNI*iNCnOA7DEezp=T7IIit$9e5txs->$oq-JRo8W#?j`JAwAP*ocp7C$dA%f
zAeV@dc3tRje243{-<GXq`wx`Pzlp3Vl=p2_oLrc(irK-o%AN2~mDu4O9jnJo4Vw4n
zk#;NywFKXF1Xym5cm8t0wWjEzkWwG$clI)mTT5>@^@P6!_fj0Jcs^eO`6j`~9eus$
z*2bszgGWtW^#i#{$#b*3ch8dav`<yXwL8A!0~2BqUG<4mD?tM+;C8fB)VFWWQ9S3W
zoaj2G?j61;{R$@9W7hTNCyTWDG?KABkdxuBX3%jWC4m^9I%~DDHgsg@*kz9tNs)`)
z_HOeU97m+{I;sg<xj<VEpIH6$A?<f~;ay{-ytQYI>z;^S?9}7>)6lc`#Q|lxvG4f1
zwcRMm=s7NZ@vag)kT`0G9`zk#V)5z+Z{q|mSpKQco9fni+dBOmVC5FDrwa|Cw&vN2
zxwY-@mFIqb(kqcT7+Ct%B*#@c@)P+Ci<Ol`>S&$bi`ohArH(5N<GhLORGz=&y5?%?
z%P2)W{=56rjr^Gje=Vo1ck~ry1ew3;DmP+`2QSYVj<=c~|7sfi{bTnJ5ytj+ojPDl
z<fMyNAk3<3&Bv)XiAb^A;PCsnqH&fWG*K9Jt+eP%zP_ctOU92yUq215Z|5I;PMkuS
zOF55@*UEJUMpiaFqId6Yv{+*b_{VFqe($=hF5lp&Xi>lfcjOQ2uKYYUUj&Mfn2fGa
zhjH|I7;{*)68cmj)7S`^YPY8a-UpAEzBS)kVkG*;LpuBqbP*UsdUC-t^jEgt`@6wy
zaP?mU<Z)9Fw3lmpLJYSmjc8naG+F+)N$ta?qL1B0*5v2p4Z1f}|3JbuU%Pu&?{YRH
zJ~+#KL6B=>?pZY++fLf++kS@6?Utc5=#132^R3<3zYLBjjoY@e?&L;giALuV-8>BP
ze^^i&xo@#zy9`tFuQi#PE(?<ES(E$gy0R*&$JLl2Ln-hNWSi;o4`dqI-P_vf($U>Z
zo_7Td7e5{t_{bcT*^f^wI7;Q#|BS`6{~8oLB%{X_$C*iN0nCgB#rp){B_SzszeDys
z3=n)I&EX{df+_^v0A(^DwA+uJbU7i#1@1Zp&*Y96NC7r}jDj)Ozd(qwOH@Fp2ec3n
zak$Q_r5wzWQ&>L*MsGhxlZBO$0kP!4cZK{`L}hKQ>8hH=wE>I39t|){?E6j6hv2xM
zb=7FZ??}=*kjuO#lesze4XKgwV)7`r<M90M7GpOu)7%8ki7|GCn*v6RTF;t|-6vh8
zLIlRPJ6^`J<TsXQ3QFUqV-S{9jQRo6Gq~-TwXpLp(sYRQOh>lOO7J>goafI@z=FqE
ziy{p1bEjrj_yo?Ns;q!|O^BhR0!9C{dlcK-N`P}mZOi9hY(w{ME9MP^pufF?ADu5T
zsn0`=*R-b{Wm=a9QVHfm$3%;5?2ic8lh!w4*Xcrj`Dh@w=ru!%u!%oY*7VN6gcUdG
z>4-bIuIoA(F?042;%3RSDmoQccw93oP-2I8>GVbLGVeT5)l?DAMb(GE5$J<rGO}!(
zF-gSYk|K~wIUk6x7`Ud3f-bHpbbE-|{%HEs4ZW@%`LdY2f<61FVp|qNSNfQ_F@*h<
z^yg-gxbF`AZEqS`O1pU8w-Uv63ejBiJ~2e#e1T{};KYv_1lS802Y?bDSV>Y7hIj%~
zeG#aD^6+t(7$ky#c!dngMJCV5q=j7tt{@{ovqIyn#4ZZZ8B2&kkdlpt;_m0fGGS;5
zL5lZ<pzqTWA1fA(ruoJ8U>70(K;TZVKdvWdeU?n7DF=IoW?p9Z`rz%};gJbb-*VJ7
z^tJ;7X7`g02jRwE-OdxY+5jWfz%mAkiHXp_@8_*lk!Jw`B47W3^rLUP4V-EomUvtB
zsBvEN3q~k4sm8pGqxpSkJ5H}7f73Uz&V3W#Y{#Fm9mD4N57d%tOY@!anix;mQ#z9f
z8Ku9J<Fltj*w4Iz<~%*G;!q3i_xlv7)#%EGWFGf4_OiHVllI*mU9nVz5}^7P4zZ2h
z-rl%%HUH&`hgmvi{me3No$;5vob(IuNs*R06K;W}cuDKcEV}*)ILU>Fh#bX-h*&*i
z0$m#DU@s_)$+y${akeRHMieUo18%j{NNr01WKpV%HGx9uEnftzaNlFd?d0&vAF#pR
zxumECyUD7t_g;KXx*?XF#}9Y|o<T1fELO6lLwAb+QPd_=lZEH*K|%G2x<|pmxZ58t
z=A6XaemiHVv`Sl<-jXB;W1LX3#;CP6PU_FE68xqwggoN40n??T*4oS`6)}WDJlY16
zKMK{(d*mnWQR$Eio`|I2?UuYkdMfEMI#0Ze)gLEyx0dOj8i%Y}{>CeR!FoM>zTNJB
zb)){2WiYku1=}Tm=}%z1dH>Q?N1K^EGy)3oK4q1-TNG$Mr?4wulRJA2rG-5hi+R1i
zGZZ-~U#*sICXsFB8{|{Z`R=o{&G@rL`L3jVJLX5!HSIn-`KXwf!JYPxT-$9=D755Z
z7PRxiI<6*Rbo+*}^V6r=eE3(6AhY}rnzWUMIcmNZ-vwlI|A7SkxH-X3<Uifbg0cfC
zz8|alTDq)U=CwU&|4d@LmLbWj!EA4J4=uveuCse}6);6N*5%3F0IAxc`g_b`8l&1{
z%T;e8Es((u_j>(iO^VeEO^(8Y_OchhW!Eq!;quir$vJ6VH|pUD-$4H2F%+pz)-`1;
zb3628(FkSu`Fvz;%SE2Vq%7O_?ZYj0b~onNWgltU8^PlvZ@*5{u^`OK5~nZ9Z)@o0
z^m8-3*P=*~HyU8O4}=vzJHi~(ZoncYwNHACq@=utIWmH)TSqO|XdL35$F}WghMbZ0
zX`LJ8H<kmyc6$Lw<*`w)txb`*!CK%F-;>Mu#>uh4Y7XV>eT8^sSF9WU6kB|!?j_mr
z2`a*EtltdPU(QVEjReq~;iw0yt!j9iZUW_Ul=PiJ!Q(CYdUl0TRRgCt)JxA9DLyeW
z>b%~cj*k-c+S?5D2<-N^^KL7kuPNkobuCpVY7j|iXgY4sEb#hkv{d!$xE>Jyd$@Nc
zBb$ba5jLx52<fG2$Cs{W4!JGHoo_ckpMGiOhl*M0lX8Wbuqe^+I;?naA9V}s7iLZi
zyA!IzN<ZrQI^iAI)v@e(JLL>on2Tn_y%x?wv8;Fw65L*xWpgfPdKsC5YLw~ZGo4A$
zbZh)+T)1J4<lyPj-_B8AyjJgF6W&}e3W7nRt6q$O&g!pz153B}Uo*3_t{=pH{c5~h
z)S@nX%R2U~NOkb=pi9d0%1-=Y`oq%Z!iwKRy*^RP)8&@N?1X%&ej?mm+lj7!pc9v!
zk@EYO(qq#XRFvUrLcCRGf_ZU~)ho6VHeTbyWQ<MwR(r}qHKKWAy(e4$K-!#EL6yuz
zcW;t|RLgpsuX5iO&dCHjTFJ|MNG4?^{Wk1v<`KU1PAFXa-rQ55288azX3MkbR*jLj
zc|T|FG%!xazi&Ho1`)=IHZyyN%vYy<)~e$7YshBh8fKEMQux@(6lNNQ;hu#m#Fn%b
z1_h0%bC<%Kb>-2g!dSh4p}NVT#K81)O@N<cANr=k|9}h(5>5vV#2t{h5)P8g7b?Jx
z>ehY`hxpMy#S=x+r1E!*XSKQB1hoDGLC=kUZf<{dfCx)K5ixJ{_&kqNaokyGM#e<8
ztXW%9v8~rQ2dq6<AByWzPx9;MvZdIc2)lNU?x#c3`k_HY@ES-tR_q+BvJIR>b_mr9
zyO^LqnJ|pC3eyvukh0~=6*+16I*O$7TdDo?<`T(_Erfm54$LSYwPrY$I)=^Grns|-
z^-`BiUM^(IYk|{7DuxLZ6KNhjqoe4RPgR}Pm$<P-@~6tWh=k<#YdgcP-hSPWX%-@H
z1Lp;8nBK_)18H0o;S}<QO2ui4gnI=3<PJ;(@7KcOh<EF;wh~w@=}~mab$&!x44fJu
zrsk*x<Gs&Sfo2^N{~5tiLFJF6K!vL)I`YrP$&r&qbns8?$l-5Jeg2j2O65gmPWiuX
z(Vpr~QBCvxY?n-}dMqnr9(!zBB%I)iM?f+JSl|K7=K@qdgpWUBQz?j`az|(a>RdPu
zP;s)NVxq=o#b(11wKj_-uetTdUt=~QBelaC8ZELh+&?!oXK3khro<+zRgFeMYfR(?
zT<NaD?^F(#eBFQKeG091<G84+bACs(_Vqb*bntmAj)x2-;q>a9o=NY*rv1gA2id<)
zrW$gzeFDsbDLtmPK6~x;<qHdkbu1X(dxoAcW==h&mI0f0-oeF7HHd7d-tC|?<Z<NQ
zrXRajnlH>#KYj7|dOXONIKg;qRCHySV?U{CH-NA0k7tf$y51V~lwf2-oe1M*<~g5(
zVEd#sGM!rA@GxeBq=lX4Kq7rk-^w;Xv<qsnhgX+&)D@%St^NwA7BRZZSTb^7){_hH
z>72O^Q)kDAZgP2INdDwkKg>Ql?{U998mg+Ail5{7CQE*NnB87q_}9?VNGUUo7y3n3
z;YVPFYsnaE$}lI>Gw@Ov247bjWDpHf_fy8un$ji1m~4dSWSA`Fbf@Co?38NwAe&L=
zKal<XM*h}W2vl@yBGgGqm)@ey`|@S^+2z~b9~<I5j7Fyqdc!xoE*1SvhFUukgSYj$
zO&#lcOS6+@7We0bFw0YIp&A`UMY+(lD)2>O)lN{E%a=qsR{}860PONX<In503lU-^
zHsPd<ZtZ%Se*P1)?8LkbX8=Kb(qlm(5Bt^n!h`44J=@ZWek7|z7N|OBy5{-8u>dnC
zFrvNQzc7)jkp}$bopYSF4S$6ygWREj-4-J}DCNikpURCZ9U;B|IG$H-1i)-&3j3a%
z2y?J=GSj&Y|EJ~$+EhlC&U|<Vw*C(~BAwwD>Qz&|k7tXPU#tTil0*CqC<$(Nd-7Wc
zKHv8PToGGibtMZ(4ep+UsM5FW3uCW)yMcm#pyp$~Kdv9mZIg=qbeEm$Ie%t)e7kl<
zaS1*dnWG6daXOp+=4NhJG*vPBF3n$&p0wUkXiYf2X7B?8g~s8vV{Ms*Cn4(8T2P1A
zF-N#Ww(h<X>xivumeaeEkn);gobFbhTCtoGOTM(x?&PE?ED?5^Ysu}W^NKB+04(*5
zXr9Y{e4spT$6Aq>x7r&SP|g*&c`@V$#I6@*90a*E?bcR*%h2E`gCKzKLeguRb8cdA
z_wJ{%lb?8<spxdrrI!PP`nYAJF7xO(snGq$Zw%$d7XcRH4s{OQaCnY6uHB0G-9x0`
zNxMIL%~OMw5eAVZE6b)M4QQv=an7{$AOPHQWg5{?&4HnDru;4k-86QE0+cRR1$6$$
ztsI<sub~Z}`xvTg+uVohKlsWv?c={$@LPEX+F(%cvGw`kF>rWs;Wl2r=Nb8WUQH_j
z3~`7OI%@a2-xN^jB?%wf+x^_Otwl8~5>V>d7Lak7aW(?n8^m`uGOwQpGGB_W{fsP6
zzIb_sTw+y4&e6S@(o=VDS#B?*N!iWm4zL|CobU@Am+~F|I7pRMm|1+A^CvJaelfr?
zzX6;{T=z<iwDXpED|+dUn2}5&xn*_l6oFwhM^Y?t<?MIY^?81yP`Aq3L=A^diDc4Q
z=hCZ-sPL?SNVF#2E|&$ZP8zu^|9xdaEUT{Dc+G3Qr+iy>UrmE`CZC0oWB-I+jPWJq
z)aC{6O^|x;!#m@(r{`BmtII6s;I`oMJHWKsrqi#zp9y8~f<kFhCvJgdB_%huE^EEG
z@2|Z+K6FDAji?Q8Q~uOUul;5GTc9_-9OV-30p!=}LG^#V&OEL~Er(sx{)R_$D4g86
zq)X*~dU`uuq8i**K$ux;>rokZy|0KWHiVQMeKY32SZ-A}Y3k`~hxogtC>PN2e>|Oc
zG~18={V6r7cI~~XP3_s%tW{eOO6=HskJjFMkCsw1ii(K6H*b_6_Fif2&HJ18=XcKU
zFX!a=i=5=X?(^Qq4dgM)wwkT0uLT%vNmnqklN@BJ;VYpZQLwu)Y;V3oj1@KB{@|z;
z&E()pV~bda(0s!zjm9@*8!+JfNLWe4X#T2A?f3i~mCcLe1vdEm<hs(GpiA!}1IT!9
z^*7rV6|76;zVPplh09iM+FaRe*IZv#nMEQ(pZ_N|`m$$qva3Z;+|pjH;inxwYjOlM
z{BTVs_%iNPh4w<Ru@3elnN7Z`SU%zDW28SL+Djg&r!DhIe;gr{Cm2FDFKx<6gV{$5
z&chob{yCj?14?RiQlE*GOSvR(koI^ZG^JJ=Apuk_OB(%kS|Itkw~e4UUK7olP5<i8
zy7Xh;A_+t)B~;yTxmo^%7^>?EL_Nn=GY|-5#l>so??bmX6;ow@D}CjHy<ykst}@MY
zpfELCc*`r5WSv^EPW<zybXG{|Fbg@^COeTWjK_iB6OH0*M5o?dSYWS}dN79-C@7wB
z;HS&$_n0?&cu~pfu$y>9`tf9?>crXnH+;vP{I!eXT@t)Rsn?cpec|s7Z=|*!d&~0|
zEZ*1)uNp)O>qw<z7+&@1RcEEnB^Q2fq)D7NH&#azL;M&6tM}5MV@HIL;BdgcDvDRe
z=1INh`8_!7<MG6!zSDu=vPJ`$(2H@pWU+DRtv@t%5*zKsqFGM=b!5@0Kpax^bXq+2
zN2O9yH2-p#8jqc|!qDc^hlx5hI0fI*a>9n*K%H8N3;J36n`8x`p?IJQP&;dyY^WLk
z+phGmR989S6Q$=WRWE^f3#+()g6Emi^;H!qsmP{gVYY3U>`WL>pey1~M))+8oSasq
zT5dcRED~5xx$;<Gxp9p6p=JL(Y4waOHFClL#VSG@sv!fiJX>vA{Aq1JxO7zeCFX~x
zJplH^n*)VCnOz{a`fxL8q-ZuPiI(wwpT}JSrH}J>rh->~9vG**uFfnZP{W`MB}hVw
zA*p$k5(7}RqhZ3>sO4g(&5hovc5Nd=B~9l@&AL!}>3XC5$9Cje>{wg@bUd)^8G5cw
z52Vc-1l}o<5sqCcp><r~t|h>><(`*H8_$~3ToWkDEvBzN7d?FlnJJ7I8|HGx^QAWq
zQ+GQ#zyAx#kq1xR%82Z-*%>Hlb{Y{;)mQ7pO#E%L02kPJ@+La7OK<`k&layLj6PdP
zE4;GBl2W^G<urQVXo$|vuY7oo;U0=dSB!BmO-iXe5<x{vqd-Dxr`Dea!-<bS3aPrL
zSS22g>$SW=kkZGVzI=GMvoa@<qI2Z8BL2i=F*rFin&?t`WA+vU#!ST$Jki{TI)Vm^
zsi=Ce<<0`B#HZ5)@HlRs-AOl)NC18f>cGyQgGmHyib5C0KdXG3o!4KWUpz*-)=$XE
zr=zawy6bL|mC<`9*<xR8B6s?};ArKg3q<|S5y5W3?6DhdRLNx`Q_?C$hxAQa!eZ1R
zCHx><)UAOn-3|er;@df|hoZcbgB$qiPWSjYO0D0RSyG|&$`N9r_2+f`L-X5mTTiqk
z3a0#Ph+dOXE7r+N@}K=hyv*{AktG0a&JpD=pKaOQIv=l5`RM*$K{4Yj!6wBge5WoO
zWp@QrdI!1-z1VnFWUt@R{wkjf6i2mL$XmEbUn0ycqW}PX_=c_6Qy*?($}>qJBXHc9
zg!9_Q#5o(M??)DoH7mL@64XKInuV|l3c7$oy!}BYraXRZ#r>tWC;&APXmgVUle`+7
zTrTB(l{C#|^k6JkQvqM_94YPL9|uV=WAsB4i=hHuJ8j+m&dc}C$L|-JG1CwZ1SNK7
z0p14(Z59j<B@Av!Wa1ei!nJX4^HM&-CMu>34&kkUTc0gtN)!#zACnbxTLv9*;ICQP
z2UYor2D>h?-uvozG#@KL9{?HkEp~9D4;S8(vM1-E{d?3qlc$}W0a8p_Qa@{hcHdx(
z&4EKsMRpJst_-c#b6Y3Jk+#d#rCQlfU(NEjM4SDZ=H(r?y&_<vrM84Kw+YF-hd$$~
z1IL|nu}f}0U#t&mQaiQy_JgJ`6q-9H2L{IbCq@OCyOWj1K88I%yYI3?@ugJVb=7fX
zcla$!di9Pb8EZ5vFAcf1d7ao<$k(8l-nadjKieua=hKW+<<7>^WgW7NKN1a=)M9V{
zVVuxE*@+9aPaxZ!?)DC?2L9>Vu{U2rUx1^vGC`waTXSoTWTcVS)X%2?#b7`3*qvL`
zvz@HQ$I{mR0)jWu`N9^-ZR{IKs6yk>;6f1nSfobMkn!*Ox*w00RAKi<I1lrQKPY$O
zw9UfQ3|SOdOTP?!jP)i<EPr;&9!$>qaTqQzBYnD?S3$XTOP?>ol4g*<bQ!^xZ>BEn
zxsrFSS~wvrv1%%dEmwAG^58LZg)r+wo76P9XbZ*ZF45ui%h7G^D)jPikPi8EOvKrY
zP<2Q_%41%V&%Ti$F!}BZ3@lzHb_3^x4a|Fa9>v8B`+<KvKMel4W&A)QK?^=ruEJL&
zqfQ$xJ&LY%6WtN!paI!vKV#x!QWj_|o|iL5hlNtVN%nT3TPN!-F~kF)=^5XtobLlu
z{gcrTX39VJiOM$1Dm+_TUw?5z8~SrtGDHi>>{YIm;4F%Omoh$(Ay@eXI$!mjDuff&
zEf#^eK8ePW)I;5VL(sO9kD>m#Nwe(`<8A+kw>|VP22e}m!-%bU3ot{dy}<Yuf%ses
zz@3=pc~ad_c5~s4OWTCi*c#Bf?@r18Gg=g<xaFgQxcXwY8&O4j?8C;C{&NS19Sniv
zR%76^5nllTjga?Bnyw-_3}U7QfQ^LO&X4k3sKu?nqEUJ|!|dKKp0qYY<%GvL7GP<U
zNn-tqv7c?tnux$&;Anvi-k%RwDgp-gQYuT#Z>swSytB7*WY66%7A!sdkE_{4KSAu(
zl`hS$7$p87F=xc)rNXYp(S4~}|4QFAEIoeTIEzg&PJnIB1AcZOzM++;L(V-*rYh1b
z_M~G=HqsjL3Ewn-P++cba_BbuWE6c|+J=`33~8&`Bz}KqB@&1Gxssr?6xgh!UA<>B
z;7-ieqv0{S#jkscAQ0DdI$ljEI?i=<NIf+&6OT^w6_Lf_+DQvzs8NlK1hLt6D=&~V
z-TsRa^`J1yq`Xy)u_&cc<E}H(d=hv>ncuFgOD^O!Dre-?VeS+$(w+46rP|2lOUe%4
zp$w$?jhP@1sSq!OPVpg|%Xn#Z65uv9oT0|#u=(tu-rU}GwB|mlsI0c=#?$n{i|<MM
z75)7}Ka=COKYys?R0ms$IEa*4ig&+wa~$p*1IH2BY36JW`T9&Gc9Ge}e<)u-Hw&pw
zM%(0srel}USrd?-7~|*uv{5o<xl4I2hbH;{i}7*lu=#MP5yYH|`SAO{R%#IZxjQgb
zyg??Qf_xFv>iJEUK9_6)yIBmnq4Sem;NcFvQsyj*dF#$ADH4(9qgiVGr-s|b&ES0^
zF(Wf;_*-emQ^g@eQZhAJy3)!BA6*yH?3;tKB!fCIoiUf<e;p>guW?H3?^w{gzW*V$
z|L0$$Uq#OqV-sS;DwU>Vf5iK*TH3GA`tF6TJCuT~39N4ve_+xkt!2uhQ@ZEt>I5@r
z%0AIc;K{UWc9J?Can9Z<s?An+l`^f+Gqe8vR>{nC!u1V;%A|SL1YtlW1GI6hekUHj
z?u_GX%&>9^(;(WnblzDImj08%DqV{bmTj(ByaCfW4Wf)pKOG2om_IDTH3q3bfBz0z
z_t`LGmJHat5o(T33rE@c|4dpGO)#cD!KyOf4GD`r<)0eUtr#^Wjm^t$EAQsh$k8#D
z5J^mUod?y+ifq=6!MOxpHpvRNkMB&3_O*Ysm1`jU3z5|jfd3WQYO#DFBpfu8JXj5~
z4CAhIgHq3$S5-fF$&TKKZ)>8gW+RrG69#U)3bgIVif9i{J&KCodBXj024iTteSlu*
zl26Ulkfn_IUf<M?F|SK5WaI;7$zmkz&vu9DvaH#^7+@QS*2yqr)^Lg@iG!?7Bd>3)
z6KbI=BrJU*J6(d8R$8I>Wf-$+`?H;lBH2HT&&eqq`eS1=Q+_>t>k(PS#(v$L=!Z{;
zzh10)mn90e0l>Xqd@8Ws$@Xy6Ffb5PcIZ9>z(mQ0;2&e9`x##30D|G*MQA5u&Cuh)
zwkIoCR5<lkQ95hvF+}8IYI)^%|9#W&Zy6&@;du?ZCrC@~(GL_#vd;T)k47y4yrhyZ
z;CCt52kmMT%({G>*!n?!jx`8W?XkXa{{5Kbbc23$q_Ij=j#ly@kf?E3{xgFfHXF9q
z>R87*3pV0xo?SBRT`KQ&6TW*l#n1m&MHk6(!}waji+qIuy!009bKZcZuwv;x!^|)z
z=~JOJ|NYbt1r2#)6^}G=TQj`*HyGz8NJlP0Etj*iMN5wW&BV6T(+1usiUZ(xM*2~+
zp&Z`A8%_IZ+AaK%xa5Wue0BHB*0K6FLcPXZQ&0x$&V>2p`m=+88!=e1c|HI3Lmf$^
zmU}L3qQ^PuyhfL$MRQ+Elf#hD^|p5FyEOCCL9?(PCoo$P^p|y>%AzUnv#mSg1Ez^n
z6XXGGF(M{=*KF!HQ|?rzj`CDUS&K!^SdFvCj^W4ZKJO!TB+H3;h38-Ap_l&tE5`*v
zgF;E+@!$Q?rguLGP%yS{d3q@c6Wg&~%zWQZZ6-j*m3kvsaxaeZikW$o63fZat7q^H
z^?_xt5U@~F8%v%dfW|UiwUdl>Vpr{*UOOBz|6*(}E80E__I?>;zr)G$`L4)|f$BCG
za$mAg(x+u1Iv(K0ljmGTeiui@cHwvyHF*VwGzwNAQ5Fhgx9a{0I}u3X@U#`l;6Yt!
zg`S{0c*m}#Ok2z8nh_uUGP10|c#ej?`Wo1NCj0rQGaZyd1O(=|Ia>-UJeEn%+LY-Y
z8{L<WDR;Dirs{!#ZofL$AoUD(t|oCSTwhZP*4slK+c)L9>JfwB#elRJVyaD#{bAwZ
z%<kdJ;H4r4|GTCF=MXSL&SzjCNOrA7sWU;|i-!8<#C7`jXIzeLL`wnV<RrxQ&fgLq
zEN<azj{Xee$92rvk5NV)qS9q8oA2&dLwQ?M(zZ?>3_QS@zPcEkxa0x^Q$B6x2p}i?
zAmxXC-;JzhyKuIM763=kMK*{3x^V-kGoKwKtFRJMAbeggrNTw0Ms=H_d=X|jo*Vox
z#?mYqGFTqGEqppDCq=!zXq&bY<b*EP92{NTv`tZljbSDxV&UY7%@PIkE-68a@BpSZ
zpCv^q_4tpbUxBBeg{_BsYIrJQ&Ys{s!@p3x3{xVD&0!hJZy>MT)^~@Ji6IF=Ec<nw
z3xP~%s~}WozfA^osnybTfY@v}VoVuxA9$c}?}>%8=SfM<!8i$YywyV0e)izOMl^?J
z*P}`tH_f(r+gzDE#mBV1Ej)d2u_<hVwAshBo!+im4o$0_>HSf$EYFR(v;eH|Z~Q6p
z)du3<!Zq7I79-2QTQ>!{%8DJZrR=niN6RDGZMlnBaiZ+aQCiS+DGP~ln;Dm=sG1hw
zX8{dJ!R6>=!NRP48btDLk$dTBA+0h@d1^Krx?I(p)N8ywuUyJJXC<BfNYVC44hXKB
zj4k|zr5@$oT{Nh<_q*2d$#ix8C4J2<*9%^X(IFfa%XK)a_SV`Zl&pWKrRlX+uYPn>
zo?yMQctztD!6YBVadHsC-`ea8n4}#vw0)PaSznP8&Tp<=w%H7EqbTZ}Go(R^%2W!A
z6X!Crm_4xXjR3dGNdLu%gE9}T5|GJJAl#Z<?E7AwSWyFLTNVYrQ->SvPKFk`BiDnk
z!V={Q3uItJdh8)Rj~@<D^t<*suz``G(FzG&VQ!6&xD=-5YfpH%EXu6vo0ZwOF31s0
z0Y^8!i2)(oXB=~SrB>tBk=73+Y@}az<30-s_M{4veWnz8o#iS|sjYsc{B6=+IjJSh
z4hrwBHK$gAuJGfRNbpV-bP1ekeH@*Pr7IO5KifP!`UX7~Iin$`RS$n;Q=a!3-uVlt
z?_7UB^?t+^Ow(pyC8bv6?doW4i&xY{{6|*Iko+IhNp)#_BHF5x8h%P+fo1ESV$0`T
zvMst<1!hawQW!vXyE*X%&a=H~CryrOb^2c9n?hD>UCI#2a&q!i{-I5D#+&-o$1_*4
zKkB>kr6J)h_t)$f-#n+WgstZOQO+Y#P$DCH$TZI_F?gAS_x*jNXr$b-6on!S*QY#9
zKBQFObE@Y^{%TwIS{y&x>d{e@%(@iWczFV^X`dBF_(yj9|1i>MWXb<#H_!vMXp4VZ
z{eM3He*;?1@#2+?y?H{`jTOcOZ0dS*`H(2a1S-4TI*P43K43w9vvG3kN|9a7)_YHr
zHVHAZFFYA9ucA#8jp*VJ=zXoA8sFWQ8UY+LQl^zz08C|vO1`B7I-d9)Fth<)Dd5`%
zrlKa~Xdd1h@M@k{;_&_0ZfK4PQKVV8H}Td}kIb9G4IyoWP3B}T680?q&S5k<D8U*D
zc$sKcSx+mI)J>pB)Hf%6w=-#ajCApcamt+{AEb{5k^7P3leTtH5jOY^oLu`{hM7Nn
z%esF4W-~v^P8^Erhj~HDfq|l0*BQoaOj94oV{`s$uh{te_Wo^oKXThJu%nuKA1$Vd
z;KomxQ5EY@uoMXCYDf{De7cvyq&5I~Pr)bYtV5`D&<`!qf_{urmfIo<O<RwKACsbc
z&`o_0u4(NK1&%(3`zQX8!nY-M#$N10q5Bbd8nHQI2NxMJ>AovnO&OAQ1Txu}q~v9c
z1TDnR3--iPh80~Y)!NG^R-8nCb@4^(*=^UnlAOl;6GxxIS_vhq)(t48e@6}EwR$1f
zxGafR{K2aIv^POyJlExuBri?V>m7G43vSpu{lvV%4qcmG27t2a4SJ-VU{HnKo#jJo
zU&rRtRw+3oajEMR>3mF^bJ$>e<2MVn&%KnFy{TQu-Jqsn+GRnWnu{+@3A$#ONxD2C
z89u*jU?y60A!>b6)fo_qg24<8SZwWK+R<#Eo4}3-wS@!!G*Ny;^~x_bXO@=^WX%Be
z>sdv}?!pQk4t(zAp3;+n|HwGMRGdyoFP|q5I{Os>qIt3LiOe1&D7iR6Lj7!c?ZElG
zF3Zk<aXW7u&Y0MK|2HA_fTJOPe9^MeXy_Vm$!eHs*Zk3J{8OhsB+j=pKt1Y*Vql#%
zI4M_ZD@2|hl_iJ7$x`#oF)}h=<JWH2Y;tZ)qaW#4xlIZ~LsHuJq6O(&X>R>2Gp#fg
z=`4)NAE;b7xdavLu2x?eYrYH;E<WOb?B^g#p%3|o7xJP5IxWQ0&KEz6Oav9|ZGxol
zR`5an*4h*Y-piWjwnMUTpnt#T&KHLwF+F@)4yK$NNRwL&UEL`|7~99e6Q5q;$iIo<
zzhF3mhcHL4u9KtoL73a11mJ3<7qcl&w2$qQQ6wOkYzwJCbcbFaPur5eIO`O7WgKE{
z^x+)~EcTqe_U|-g$P(pJPobLI-#2`2KOPtVO-Keo^x>f6@)FcS=XSie^ElutIWjub
zcCbGnH?H2_<*Vogyg1AuyRCIuOI+NPCC+XW9aE84@g4O2pkmZ7v_$m1z6@bks5*+8
za=U7t9q9dPnB*&KT2?znuArmb7mD=ag?0pv2-LLu%G+5MG*Rl2_K~t1GMHaXdm$a)
zOpO5pfzYA8dF!j{iSD71ug;M7Ehc;l6r0FA=b*b&@$|NUn__{rHf}hbmj9f3zoHC8
zx?4aRSdn#cFENi|zX_C@UOk15_VJmS`J`opKY07>UNyN&1wPs$#5RJnU3~>pCeIe#
zf>b{K_~e24yYY@8aLle@bFJ&nE*nQ)#V@{p>U38e!QJ`31r~lh>h=o(=B+oj>})*R
zID9b7dv$XI<g*yi|FUG`&j>M2X)4$`MEr|EOn7}A|3j2AOv9NCeQ1X+kn(RIj#K^f
zC@>}{n1?RS?icv{i($60@!)0?@*|i_e_LgXTaEZ$>#1hn%^CH?#8d-lIa+HWVE$k-
zY04FA@ngcecm-czV{MLy7_21mMg$w!Gg}QaFI^%zd_MFUdxb=pQjvW2+(2##+=Cs}
zk42r0pLJ=>%c(K^@Tvm+h3CoJsmfX=Ue-9|@HvD+)BGgUqj9%aY}BmNXt#WcZ{`ti
z%a$g8z-Ch6O&|}7YW~LCJ#_U<idnN+>^w6^?*6;aY?%{Ee@m8;QBxh4)g$@q5!J47
z@!!tbgZ+znqqLkPyz8Syz-^82OCV_e#_6}<xqseSMCSN$J@CtyD0{;>1@^_<+n0DI
zp5GsPX<=ir=n^mgM!_!+&vTJ-Fo9C3Mr?}V8qkj3cj?A?5PD#^vV{HB%zg9O-mjew
zkvTToTaT=)?)h=9yTWr`>VEHAa3{<NB(<spCZ<ul*ZFFG+0|Du?sqF|eorV0Rl$Z9
zBGk(hffdU<d8ht!W6mQmh6Y^pVo7sXpTxY9)sBZ#Ui~jZh3ZdW*7~jQYa7nzT(n!R
zvT_-GOyMs;n~+c=z;@&Fkjhz_IerO7nT}Wan$3QlLS>xCMZ~^uVw0Htp9lhv=&xFc
zyw4#KWN~z@U1Bqi^pCZMk4RCE%!<E*^cko9Ma}tofBs|+hoVsnJ#Kv^Sql~#GI(E-
z924BX+#9O*EroPlCrLFW3pk*5ir9p|+f>jYoNoiIxPShpS|63><P|}r=b7X8W7f;Z
zvf7eR;GBrL4>NndzV*#Oqq1rW(Q_(%lxdhE4;b99YV$IryrzZ3HgCq;WB)3&e0=mY
zzec5X1fpE)v2ZDM8!h1~_59Yxbc@i*40Y0xGhGq?KHFeyRSZanV+)94(JRZ7EP+w!
z0>}yRvs1UB@rbpZahfz#5c-uV@yurXsW_gQSt<Okx`xnDDa9jg(=2_`X`wN8ONFcu
zt%B1o0Z3kU9&M52TeU6>H2y=RAl-^&wMI{*wm+LIrnEA$kN;g7DGT#^Xa80uVde*t
zD4yXWT%x$}FB$dN%xtBUEG%OYrdgS9=i<K=x2N)Vv#9)i!iywG`Y17td7_BB{rS_u
z;a6>y_IEsPFB!}^^{^S<&MBL0vgsxHD=uKHZ=;#hjbwBk6n148^L<a>o_K<p_>VHI
zF#cQf`S0$5Pm+gTK1Pr3v7(P3=#?$>?1i^tyb}&<LS&RpRR(_ihdeNTyxglROM?N%
z_#naRVYJ>@$(i#OPEk&1LfaIl9h3r-8Akc1k5n>EUPiGWm$L;X)7inFnzDKeK&8K{
zOx%EM$&)U7@kjLHpJ0%Ny~T7}mkCOAc7n*r#Z?7fV~+Bfm(Vx;Pl`Zb5Z^X6XiaSy
zpNV3YZi0)f9~l7Tm=}GyG|F4Cn78=)F`Yd*JQJ$2+a=aC1RA8S5Xa=7@y81-Nr0H4
zrieN`!PVndTN@#*l(<lqSb97HnIM0&PUzkXj_sfPopz%;m_PH?*5RQtY`;(lO8?r`
zP{|+N2n&Ta@!KyR2PEFMflYr4)=|gv2kf^2%cdf9;(M>s$jz<fxqb`Uu6i&M2A=!2
z_VN1zno5OXE`sMo0{;BK?Rv5K6^~%}d1<0)O|^{<-+g)8N47)QJ+SpAP@w6_+zrmx
z=&MiNzV^k5s_b&B@4gKgN7KZT>QGS_c(pR9<nCtJ!8g%726c%OJKIC1gUL#7<Qks7
ze?H(0NRdZwZvK4Q>5m<{x>Y-wb`ueX`r0Xoig(5%SZDK@Gj~|3LfT1nl?4s3q7@TJ
z7%0fzH}YWkm+P?^Xr|51y(&`vP~%b&bdU!Ln_zg6EhgSDbGqhvTT3TloW?U$$W_T(
zykd#~hJjq%DE85e?`>-~8XIf;#k;E%uz>MpXU%N=pT~Z$ux%@;W@?J7yyVj=z0l?o
z-j+X8vAck4h@V%hp%{YE9n<?kTLEQRkwQbvyYr1N!ljRO(WQ3Yl#~$yySmcyzwtXb
zYMXNPyeMW&A>8z|*H+GGlh=J}KtH-{qT2q7%F3<K9+dBmX`X$H!5<Y@d8RaKb9yZh
z+UnB=>SM3`)hn+3F9vdxgHiN`e>X&G!!oVXY%wcmRH!b=TlJkzHQashTplRfcE&qY
z>K(D1`BsdvxF$Q@%p$?LQ1)Mp{4?yiOVLaal3(1SxU<v!?CL7G9b(})Je*{0*&rnw
zWvW(>K5effgO}wLzMTI0wEm}^oR^(_YZoj1%=ZddvoehkOHpz`<>#i+iIMMyEg2UO
zyY#D$TG7X99Q>8M){LMj`5i*8)v(KDmv?IHpTd-7#Gjs*bxX0&pEHWL*|7Ml<wp9V
z5mVXd{WU9JVtMDEg3=20@f|+52QZiWaE4YlF)C7(`>p~Z%MLT7^AM@}HOJMEJh3Kq
zL0|+>=Ro^GylF*tVkR?@W%2CuMtBdvK<{~b1pzvwojiS)s5+G5)5aoGIdTesHSKc*
z+r4#1?OOXAe_8)|0R7A_QlWFn@(7WXc0+<`ebj-@FP;9L6&1QTxuilmEo!n6v}c!>
z2mBi=ZQXm;+jDO5)j|t+(0e)mdRbI<nEj8F6}QXxoTF9&a3eQ(<^9O5WlYPQJ>X<=
z>_ObIw^~0_d|a;77%a+CnJV|pO=L}bwXh{*?V2(y|6YOi!8v(l^FZa65r;)*{vh8M
z0Ghj(yAG`#V){cYRbad*=3lGkJUWu{XQHbTe(5tcf(oT-3X&F<g`?x({%G~M5iHJ?
z)Fd!szrwif5GulQ71ej;ibVMi5&er%wJ3e}XrEISB_A}lzP2HdDg1XB$NRT;YNccK
zh5+0}ys-Xy73fAB6VOGs^V8Eyc)!!5r&NV<xWqB_pQt-R35277R4BMb>k_IF0{B)?
zVj1_Qc-f(4TNpPWw8r#6VA1-@1(JIMk()afjuXi^4JBxrIH|ZXWGIzJBbNLk)yQL6
ze(?hA5&LKMSRaMwZWtX+=duc=01iDH)0mvJot3HRV+eiLyAYZ*txYi(GF_5Eod>ci
zuYWN(a4Sn;3)=f}m_tS;OZnr?n`88dr6gQ0*iWZcRN)T7+&`_;n)*V;e?6{moA0Qk
zV61M_y&~?G?#$1me>f->gCD?d2dpz&ixPkF<9PTYjX5e$bPRA~?0qOfm?84>)K$Y0
zCqUO_s<TPz9js_3E?#ZohmtLNSy_J3NrB1GjeV=PFy4)va+TFugV5(8-6Y2{b0?1f
zs}Y-}$Xo9#0PVq0p+}U>{de=RY3o(b1Fn}R$^2C4B#kDFWenFif4omCt+z8xQ>nI)
zeOI|#KX3GOLzsyv1@9e&YU`a1LDd9UM5GUg&`$Zw68^NMTeMuL4wc)VQJ+Dd{x@{#
zhI7gpMGZ^NNR9h|V59H7Tp{8rA0c^kpTt66Xk58Gi1smxPcANKC<a500DbbU`kyN2
zs0Z1{62C7$YyW`<q{$uZp{$9tRIVJ*=T?;8#M~a!v;w^JP0}&6HnG<9nRy?9YrxjB
z-nrX06uMIHE4<0B&bD3_cyjF@0K3hd9v*B8vClY^=UzG)N=#D<C!MkUjMvHni&9kI
zpx%!)<KydD3&#_i+q4N;6o2t;+{?V)ZMOF4-ZACs!O}-}MYz{<w{;P^YWmdF+j?vE
zQj`6S9OaJ>p+@?JzG>9^frn#ZNmDD?zN4PDGb&!0?0z18MjYkM7z4lFlF(mpr%FJ+
zVQ_HyU3+O_8Et*r4tIN(5blsB6CELv`%a&9I?K$xHr>B^P_1h{-23YVx6SPX>HC<u
zXY2m^pK;!OC|8Q!x}gBz*eDlhSK5*@SEZ`C8Q_yF!+Bteo9}S`e0xbE`BjDaWZFO}
zPBkB6s+xug`)%dsXCKrWBSc}~Lqmg?H~JRwzu`?ZiQ}1#Vg#Dc$no*N{f=ko!vq<#
z4H>C!Ef?*GJ}>LOo{_+WS|{~Wf`nZ~%|?76-%3F~Bw4U@s>z~;EpETb*U~U;-~!Ml
zb_l2LMB5YSUrNU1NNCdIPf|p?6lrp`6^8gpB(*JGKsJi0VW5x4;`s0`{BWbG$P>jF
zk{3Ul|M5$e)9|dJ1|=L^<0AH-GeLV)mm>rG?ht9j>tSICoyV(CXyp#KANZ23F1l0G
zTud-Dm*JyC|CtNGX(Yj<C{@*weq*oReCu;6jAJXaW%G@pf=Vf=LiHhs5PDf}0l!x<
zb@z1W>%?M$;v;q0(^Y{+kh8_H!kLjozJZgg5a!rMszuUD?4XcW$d>HpLukOx<eB%*
zN}2`En=*zZUUswWTDZ?5Cph`e%!7I-#u0w+WlNRlJNLdJr}_XTtE!+;0Jgy4PSi>J
zc^uhi96#Cba72ef-!58=y6(dsq#85Jx65n}g&^#cNRIA1T;PvKi=gJ~(V>{xYjA~d
z@>_mK0ckJ5l;j=Q1vXx6xIGsamq4>9%A=!#rKieV3tgp$h!wV988qwwCbH<nCEtuC
z-jQ{f?hRVV)uQVK)IThPf7_B8*h6{&pO;~t@I9(tI|^0C(NoZU_q{dF-V6I;(=BSm
zi0+pJDE!`|Sl7!j?bF^Pxl8>6`>Z+WUkp3?dYY^h^B=-^-QEI6kdAbi+pIm`dH=A}
z__tqxGX=4FhpDY<XNaMRmC$SoNo}i!Z~zO*QYou{X)iMdiBhK1yVQr@m<CEwuY43U
zKT3Zs5+;WVGv{`}l%#A6{DJlY*C{7Wqf^n#Z|UEY5uL5YSpe@nWY4ZHFYMju<$zh1
zaauyX!rzCG_?OfEJK1N~BR;vme+mn^AHt8nERW9nnhAJrKPy;)_7_tD*-J(XsfMX`
z_GW?%gDT_J)ej-F)M;;uT^vto-q`ARkAozcQj6pX<nk8|<~--pxNYt5w&$%qCJ*za
z)gMDB#c~U!UF7OTd&iH_6T0x>8Ei(3pUZ*L^ZC*)UP8BPc||#sqgME8L;8}fi5*na
zN4YzvT_Eu-BEK(v!(&rX?qpbg?fo*(AuHdL<xI_>Y=`m^1WZiyb2RwWgl`4jUOo>l
zx`OUp{hC)B2}^}p15%=N!dUfK$+kJ>oWPTA(Z0u>Y-O7V@WKya?MUj~Qz3ec{no#>
zU5LIP=KW9T1AR+&#kjvJ719C)Rb)`RG&!2t%h9^$l(apwx8aT!(=m^MeHrA6hX?PB
zHKpKN^1Op>>0=tnBSi9c{ZEa7UK3|seUtWfpy@6~(bU8gzjj>hw}HRr5hWoFeKFd8
z*96Da4{^8-|M-)h5=?tv=B4cx6(cC2hFg`raL&b~(|J9St;5z8$SQ*zXN?QAz?RQh
zGTpYOW&B8bOsX#6<bqmq!NmXl!CsqyF4BQssVghsdI^Po{eZnN!1Za*?gm9B){WQM
ze)GBYPUe2j&;NlzWP5If=bkt3Q`nmVOMLHQ-7_PVL8>`;166^8cru^CjPPR1(&(9c
zbx&0GLA*klBGDtoz!alt4(<8ID4KZoFkWk7XzA-A1I#tr@tHN($PNnnvrwWPlk{i(
zw$_cK#Kw~&SuKj=3m?j>F0D=ij^g)@Sp_KEYe{{~R0sqydWl$>+tvt(mI8&*Vby{l
zj)1OPTs+H?9C|N2Bb9ZDAR8agqm{dR5FjVzy220UueN>5r$h6)f>-DlDl!hc<*P-l
zM$_J&i;w%ZD;eGQKOJPSWfo??pk{m{rq*b<r;?!MdPMfN|0y0hGfi|XnuABIq$fD=
zv4ymhn*Kxl`&|Rtwy#%tMtI90BuVZL0~Ov;OR9)V{fA-9!m7mL8y>X}Y4(BdKHY!S
zj#)3^EvEFpKRX&;`6xaVm!ep42Fiw`vRpm7Slv<9e;Sn&OPe5EBb_exl23Y+FOI(B
zt0u<W*4Z0*G$MsW`xVYOr~$&2+0|NmeST(Vo$*f9WlGMXor9mm9<p5~#`H7=TTr*L
zD$8wh4aq-40Cv86v4O$!rci1uplIg%I4XJ=Kl>tIP-E>dMXs0!AxX9-Ey@#NNBL$|
z4?`!hAl$Wv-02{8!r}CU&H*+#5*mAAn*Go;)N9n6=pSd=jagfe(!=Sr$VM_c(1`kF
z#)Iz>x6V{OH{Uu@-p)TFG>8G}U%*3h4@Fml$IQ(Att;}(%4ZW_*XGeKz*k@(nlorU
zo7@>g$1g%&*VjPWf=V%fd1#r}JA2*n<oL0Zi4wj=zcJsXV)$fRz!Puapm;Um)o25N
zz2AMGqL0e$bK<6CjPc7oyy5#_PuzLiss*Pi=?nN?{hrEwb?Xn~?JA0S*PDyw%_*lU
z4KZDVBSXWbG_M%u78u!I|E>Y?DB!*Yr6Rq3UUhkSJ&T>C11W<X82W08Yl`yRBz0{Y
zi=vGd+saN%Gsq)bQ05i(-(f@qdK_iWVR;768d$!CDGf(%P@hVF>(TZ|5c1a0{S!`9
zXxNkf7Y2IOlWMEkO7c-@k{i<*r@(Sf$P`C$;}<76_vit6MTAf}uibkoW4!u&7BWNb
zxm3CDXS3DOm=M#jc$*&I-Mb{|3S-=#oSN)TXr_wF*Kre0P2NIQe~q`_UW{h*c*+wv
zvw|jN16e*VzgJ+4Z^|HJc%|>HkDFZbnORvVfR(N^PBSH*<151w1-30#bz^z#KyMW}
znXX=4+kXUSy^Jx>-9t1;9qWJEU>N;IMw8SH*s)m2nKdIszAB+rLbzhy$L^24x)HBU
ze<ys?Lq{cNEu>_#1tum;s|PO3|Db;!^<VsVm2iyaD&6yQb?THXE1g)WHy9N9Pcj&w
zFB$S<hpFW{wmrv~nh-4R%Jj-=du3}Q4IPRZVH1%T=nICIh!kWA=DfE=WwK!qD`m`Q
z6=I0aW6nYIjb(t%a}fCdBtjx3zpL_RUVagKwQCUG0vnIgy;N#*P4RVh$@8oPgG86O
zw2iil{-|V>%L!_>vtfqvosr6sAce7@xAhx$Dgt?S->ZR9qmU_W^-LL&B=@U9)e^23
z+6nTe|6*7>Zvu@|Pj40U2{4B`wVwxyURoqMFM)RUnp^}KUzz3b6;!-VMt)IKJLRvZ
zXoZj?<w?3;1nAWZ3{U!YZc!Iw0-%yw@Q&7+*AjccP(IM>Gx2+@GptwuY+mD}9hFD3
z6X$9J+S+rDt4SQ$R3$O$`2IBMrO|Tv%Ql1s1`1J9;nzCrTu6nq4u)zql$f9F+?sKz
zCo6S%=EuFkJLP~uI=p0M(Vb>Q!FV!%o@g7buO&KBV6}^@*f!zeAK-e6cyn0Mp0AAP
z1vZ+Jb46NbFM1H#EZNmw19Db+Q`{(F$64(wI^-q%<10<|kAR1$A#w>j@e#LJ5mAKx
z1Xw+9EX8iM4Wuip@5(ZgRHA3av|7o)c2pf?z14eXZ+>ex8mS^?Trl$U2&nW>+fuhj
z?R8u-Z+_O}ds}?50~_%!(KfTEss6rW^l`O2`E^wTn;~Ar)_wxsGY#%(l7S*L;g@Av
zQ$<_6f4Df}LsQPX5^{${-j2qcF&)uq&yEu9rHi$kn!Xc?^*OqUPupfBK_SE{7W{1;
zun?kpME=<!$p1JkXktL0n7fNudB|m#u_zE?Y&Qc=^8MiP6JP8j*3M0>V<=tI3p=i~
zMv+LBKQ<1{8zubD$UF14)G`b~dXgo|iCZ~3qC{a}qMsh88%=yg^8{i`xMH*7=fRT8
z{>A2pve5x&(G58?vj#Twr`S>R2Xetu+AAFmITBO!1t+K9T&7nToPVDB0pSh2DWT4J
zH4hYqc65$WzSM*AW7Z}z;OZgQ)lSpHCO`Y0o9cFDU!;suJsdcO@hB{tQ_#}*=feB)
z=*O*h@POag0cZ<M`ZvtN9zYUeEYK!376M<DGu8!ElUGz;IV76;F_nY~9Z~M(AJmf;
zupNw491M<~F@edXAC@l65PW7^{G>l{*@DG$PyZ}3Nb(^;6&#@YF{0&${Wv5p#iE?{
z^nlxG@I2=qmnVHuS?#aZApNA}&wuO95!r6Gi#vaYf0=r01-t#EB&El+$dk8VXlWe`
z@MTdEv;k1}`U)kMWAv*XJW%n1XT`F`Klv+yXzLOozZj<BeQ^GV+Ex_uVztQ9O+zO(
zny;!@_7kQ;mj~m*zZf&^IgO~DBSbw_^b}jcmaMa1{vm50%nSoFO?KWJ;Zo#>1e&K%
zxy83}j`w9rSH=a*vVF_pKs35=3T+{v&^=k1X8&;o9${afv^T0N2B2@G+i2h2XH#a=
zWrBvrf{T1;(T4U^6p0k{UDYH9G}koGt7734u5skNC^xW*F^F3o$JlQBYu9ueP~K)9
zER#FuKl;PQ2HT#_+MZ>gd)Jr_1%h@qwzsS`4l}+pd9!GKG#s8g{Qb?>o|}5N!^NY5
zla2dpD)OD46AJ}-lZLUWRO+jdqnfAfR#%_drhq~nK_=}2kl0+Of2Vd0D4m0nj>S9x
zZ~rJ;pm}D^O^_{TgU$O2k={#&>J|066?8?n9f%p1!UWv1PygwKzUfu*bn|YNKB!oo
zF1oygeG<ylAbGoQv^;#N98UHW8?hj9Y9Qe7?ZP^I4zr$&gdGdVJwoV#RQ2YyTof$N
z>nFguEnPu+Lp*I}?5vOlfFtrfo1Z#H_EmE&gGVtMgqCRaVz7}b!BeA8#I9LCEs2_1
z?}GgCJ;`>h3vUG!6b&jUNO4G#aP>MS`!rN#Ja5T|w2xY74b^M#mvK%*q==LwOqY=k
zJ-!w`SGmi0aE@Pxa4nmY9p9EQZNc=ElwZzuXT+C$(rG6IGLFZ;*XEc+eM1e?;G($|
zAhi>lqjWBpmh|54GfsXwafIOS1L(95!fEAYAcz|wa-N+2Gn?soiakKMPpcs*D-@0C
z=-W+UmFJ}akMVN~iM;8~V_*Y&@EYbl@Q(iATU>5pCTCE3V`P#e#S;$_*p(yZQF3Fe
zf3v;m4|rJsQlmbNV-ITa&<v?>p%?8PJBqBEsK1KfuP8T5i4M56in{u6u&D3&C(-Cn
ztyXIFLHr(fUr2as+V)f27qNWb@i<0K({!Vgon{rzVcg%Y7fN4ZKZzYyrxNzJ%1*yj
zVqh|GQi^FY5TZ|2Wp_CY9Xb<+jJXRmsRvc##&okAH)YxpFrZ_7dh2_iS!hVGPTyil
zpqClhU$zi$eim{4kQw=1lJXs?r_bCA%~&(@CT47c)ZtH&x*B%ynoP1-SK7;W{k~6l
zpZ>+@tL7o}R#Hj=kkMfFxT$bg^nuf{Jl|t^WPir}C$if|il3UshvW5OUgMB3DdKak
zDP-I^9s36}F*5`tVG6C~<*WCu1x?$bqQ7fTF^c2Uq~k=*xB?9eogIkXI_-1VuYS}T
z`@ShBvzcc5{CiQL)oSD0CS2-0GkN_h4H6_vKWsaauGwHDuGoQ{;P4eoGG3X%do*Cg
zK&cdiv0995Yk-ud+XJ6Fx_$0_HCHRyzZjKa@s`-$G@d^H?LGXb9R8ntP|QP5k)Z>R
zdFb0i-ZR5z;WmV6?$+qPQKMLu(?*Cl99^+M7%8BGkKXw$`U(5!U;}4evvqPp*5Zs4
z+N=LxA`<>4Dxt}uDn3S8WS-bM&zv+?pOciCl{dY#O5MPir_M^G6wQFh2HUi-iACQE
zq>b5&pAY!V_1W<p8mnz7u~eI?Eh=ji&ml}!v^26Hjc<CJ6M*a{%oV1+?_S%wSB#T*
z;+R{}m{I#~+5jR1(4dK%9`9R+GNR&@vLG5In(=5mgz_ZHv&l$yw0^R*q#`an5t_kI
z%Uh8<e^#K;66xH=m_TU8;Rs<Sz}WTXtIck4E)-o!OGrvtdKMr)X7RgZsaXvAC=8ti
zr0`u#ZfX6B?Nlzi;-!bTnl{=i5P6A*aT&-~$bGDCKo-aqBsVI=o7Fi5jr9H4N|`ls
zfi}<=^gJUKw0fW-n)EMb`(a70@OsN!*y$%y^P39<yt<{=Twu)D2};teZDBP?G#M1a
zro;3Nwe@RMFKlnz-Fn#)Uz6IOc|A@ptT1DlQ8#|;wKUQf=k?*}dE*<IyzX<`RsW5R
zrQP#h4{~@)RkgK2x66Vz29c9L3_L!5GP^k`X5zaDH`3(^s*d%~I0YO}G$4M=gF_1w
zj{*AW&KR^6jA9uz-oOi_C^45^Zfh|C_5y#jm={U3QpXur_`ZG^&7DQPh)&veXEBvF
zEM}=&XJbISeZhB2Txj^iJd&Y-zEz-6a(Pbg89O?5S6UTmGqpdWzV3(TLeh(!Zh5X-
zk5`2A#ejuMS-W#}qa${|Tx4HkKwol>-i+{SJPFmy46(T0LAqA;BXTMSP8V(#W(Im8
zqUdP1(V{2sP>XGg*u}5I409b`kM<A>XQ(?lys5Tm;f@d0Tmwn7%`+Mk%KygmL3IV}
z@N68B3>2Lr^abQe4fe2H^s@hyh8?z!DD1Rl=@;J}6>m_nx513@gJ1F<A!YrQr|uK5
zPF}mn8*7~G_Ypf2BBMN+@lt^~GA(_-3T?;ErTqN?&uDaHZ0m9iBph!9I!sr75G%OZ
z<m8aQPINGJhL9&MV)%;3U<cmStF##xxEQUi3pC-#-R7DJoo8MknJxiE%O`UOP;2-l
z$mR6+&0l&gALW)MoJOv>fIn+XsHRRh$P#F5xW1>vA3fvAN6Z_?-%>hpJf%Q5Stw0S
z+QLXGzQCV)_4{9p@|(t;j)@I~del|ysEScH7S>s3<R!1dM)d?S>C1chibhVb{Gtr*
zLFwG_<@$rga`o8M#OWd>XimumzK@~9++2|nkUz0{<iY4A?tin$p5okyxh9!Imm>K2
z%2AXtbfTiUKU&3^&4s+)B`EnxkYywX%n=X*-N{ZAFPTf_P_j8sIFVy8YZ)3V?g&N$
z3}jug|HWvXz4(>4WrLe@_F2p#bfT+X-r`S(!mrDd1KR*TV&ZK=DYC3qzmlbxN7&dV
z?5KRzegomMTVRb=23>4B{KIzzD)Mizl)73Bi!KqGps{)jg!5kCctCBU)89M1zmus6
z1OyR78G<_IQ2V|S<gcmv96d&?F<XCHA)&3MU&A!3-bk{5tkJ6@i3z_V86am<bX#y&
zYJc0oBu}zDg>`|*cQr~i2j5HcJ&TsYbJOd_Eqdi*L0l0k0^TM&9Nj+v+mdgsxPY~Q
z#Ng(NmM7ZR!;BiN$4-9lDdU7Xpm90d?*i|}XVp>ufNO@!jaVz|tpb6Da?u)<_g}J#
z^H38%LWamhHbc4sgeN<PSEO(nV|=lq=Q`R#S?aaUT@80WjrYFsy)u)M1KobgN1aX1
zZWyo_vF|0akXXyjY-*gEw#YVZMH8I5pKmP=K}>o}cSmrZS(3qznh^zKRO&6{(V8U`
zJmjGcWO0Oa9A&W=K(XUH>&vyAg8Ojmh1XdgB$;yIL<!S#IT@W(F?dBE4mYupD(h8N
z*{L44ERkVfSd(orBp*mb_hU6baF<}S%94JoaW`a~3?QXve|rNVH`Y+LmOmm)XTqx1
z3ws^qE-W_KN9Aer!KNv4+bV_ngZ*{Nvp+8bq>GLFjeQk6MbNIw8WKZ{1ppyKx$(?N
z(SEmO)BQr-?~zeuT3BD(-#uBGC%M8VAUJ22x2}UrsYtM`Tps(ALF_QYsk4b5jx!B(
zuOLh8A%w-uf#`Q;Wk1zULMePFJgmlX^buKC8!l{&x^X{ov)cd~*%c%W$F&hS#9w85
zsj~5Gb_P$?Q|w^rejbE30=davPK`AaCz<7#-@})e4Vtj4ohKS4Qkktr!qKNFn+^U}
z?K4m#nd`-6@~V?^*N4XP?YPB^Ul?yvC|`^Rb1vR`{vhmE`3YtY+I|QnsP$Z;ua5+y
zdbSW%nv^5``cM&Ud<V(rKV)raXq1$4u)^Q74`o-*eGrbLJ=ZV>dMdpgx~a;3GzzCv
zOV`03(|b!FH1gYpKDFwFy#=yNa5>H$^zFqEe{0a+mf)#tdLi}4yGJP2Y&cJJxsUj8
zHiu!ae$|+(4+oF$=2DWO5MH9Ub%Z3X2xjRr2@7CzBm@6ySoXb_{%eQ|DW8~+F5^ZB
z*6Z}#_GHB@A=8L7*({L+&Egl|2FcNI8qKO9TD`4On_dtt)?0quS0kS#Pm&`U{CP5-
ziJ`Mf=si8j8KV8vl^3RJxfM`>{^ufA+(1pf+SG22ta3f*<ng`GRmM;{>>iY6sHhW?
zF0f2Cm%3-S#XS<KivP+aOX9slEU|Ep-N0y4&ZM1@)|bvnjbPCuy{ro*`S9eonnsVM
zdAkJ6)~u`5cN+;^y<ceCY`4$0DQ~^{d%uujWmP=G29fW_S$z<pm*joP%Ef*5Rv1+I
zAy;6jH0d47XUk~{u75<LDu~5|*cDlR3-KlZm}1fYLKil$fNRA6cBuZpE<uYElK&<Z
z(SSr&zDgR5Q5@zxbG{^}|0)?238rbKa7q^^r#ZAR89?ih6>Wvm9bZ?KLx&4<=;FKz
z{1DT#xwU$Kz6tEf^^<SM9Zy&Hb^ItR+3Rv$DSj0LZLl7Pu2h}cXx>5#tLcPGf}Ye;
zpHIT~<RBx0@9-gpyvcIM5ucBqP2j-6J6>}rWNGlOX4<oPNhNl^A$wZ`EpZ6rvU;>B
zg@oAj`cv02nw-HeDYf;+3t7)fg@bG)gP$F6a-Ho>hDFD1ziXF#x5bTc*0hj)UwgL;
zw@)@{kL18Zq(rZaUK2B@k{N3WPIw*XZSwREAZfRF+zPwu9k=CP%-;)FbP?)B3^f}5
z1LEaeX<R+QW%ArBy!GyyKS3HAEGF3*;6v}U7YCJZ1dJ9vP7c@yP2A4hD{6!DF|uv!
zkl&dcxC{{%?Yovl#!yYbPJzPs=yE~Z8QN~$uFH8A5bJF^Ta!$))+SN%(&(`dSS<g3
z2=s>CcQL@l7%-jG)$G~TAkZ~089>uYErtk5i%KJ#fg(2BCODU63$83W!Fi#IXE{LI
zvX(S{@N{@A(B|TFV`t3~>FQs;wM5Rw>Y_NK8#kl14|%vb^U(}AS<5R}s9a3ZjUt<Y
ztHeB&wmL%G1Xb;B@`~vT9L6)PY~mWn@R3ATeg&!-t{o56Eo6s>e-Pvq*$UKIcISN(
zkV%7aGlQk+KP;DmrN0L>oX=FooFks`E%&<H&3mHiIRKFa#g$*X?kdUe91<d4>`7r@
z!A)V_9_^X}jTEkO2PCIN<B$FVX1<^t7wM*fv*W4$Pg_8bY^f~w=mn+JU7(Le*qHO#
z<rBZ1zx0E{>BT%a^1CPdc7IFd3*ciM;y_`n$<{-pHtvNj$u^PazZhN~76BHuY_jp8
zr4mPrw=eyJl9P+uKTYu)Ao%ocs^SVO@DtUiM+f%CAi^7CeNtKPZdXr|zPGE-u=pUU
z`jT6Vjr@m4%@S+Ya9KM-zWdk~A?n9MDJW)hQt;oy{{H&h%Yp9x?lq4?megOLC*`Ds
zDsc%5I~V_)WJ3?u0%$K9=RPKi@MrlAvRshcx(r1JuNvIOH#BJT8)$T7vR@7=eCPK;
zdbvdhvFG0V*vA+tQUT#eHip`#wK#&QzsYPJ2vISs!A6nT0SptGuaY9;OToE!y6_FY
zh>+Erk$zRl3$wdkrPD*QLR-n)ZelChIDMx^zKVh}US8-sm0pwL1WGg#rfbMBE+tO-
zOyE_wY#H?_04dSeWzhr}>kk>qOUkf&aLzN993Rvt+al?Bqy<Q&;2ygO#-9c}sob6M
zMcQbYv)-j0QndjkgI6bREx&BLjg}e$gq&j?4r-nk{Yr0!T)Q%aF(r$He+}AIY3_U5
zR%Px7+c`X(w_yDHth${mUbGRoystF+s^5WLu&DW=AdEOPV<t>cG*9cvlI_J(Lz`El
z^?0iZz3NkO0z$aL&Rj;UBimeh;f>)X&6_o0`VUuEhkH`N#teVSrUWguS6dx=PCSc)
z+an_JBZJ&4RhMw}C?!x^FOTM?nr5fB&O9E}$)GaZ=EX!0c>%6x#}`L+`K=`jsIkS+
zpds1}_?u_zcd1l5BV5sfMget3wi~y!xCxMkC0cxpA>|aa`l}k}B`ZAp=_t*gT4G-`
zVi~%IHtTZ0+4eRWq!SgS&^AbB+pHgyO`Uuip+hfP>yTx#NLpcXlI0mA*Au}IST%mO
zGH^1HVgcyll3wSc-2_LuRLU7O3CHmJv_f0GH+NKpY|WDWoUCZ5p5H+bj)|%~0-iPF
z_Wlb=_7~SGGPOf#A$!x{8m;Opms)>8sXfti7L%enO?8r5hi)H>CrA~OL|YrUFU4m%
z_xbWUa4UMbX&86*bEXpf>u=AG|3}kXhc(^)|NDT7bV@g)q=X@zBHbc2DPe>#MuUK~
zbdPQXBph?Vkdb15#72n3gn{H}l)fpsf4kqG@9&=-$BzBG?e)B#*W+=XoZZ#v3JcD7
zuF_<fs8upNB}D}`T>EJ5B2hbVJemG!WHl2cn;~TTTvG2WEn}EwFARksH0nI#92x9v
zi>GI`8|NzB#FWsuIQ>*Z+_*O1H|KpIV91!Yx-qgvW`C5o9b(11SF8H@R^09ZsJ%=1
zXlpWA-OW6h;!0nzYkpzUI(SZRH&A@;)>pM?Dtr~W?3fX}+9gFc-$!`x7jbJ1u+ar3
z+K;}R<16M(XX*xheYi0dCa*2RT9wmr$G6k;C04hp9nHo7RbjuBym*E=W-V<RQtZ##
z+U@xMK9Z8ii5R-Y%Ox2{&s>u?aX-9V0tr&gdqUQjGnI4kVf)ZHbwmp3*mC6Y)7Ft0
zq37IopVn}vdv}N6v2;t0Yk1aOqO4oL&kTunrVK%lFv-*0WkP=i-cGu8xPkDfMQO>T
z!@d<z`&=aH^y`M9S!LA1x+Rl;3OXnSn#kWD)?*5w{eB}|&N_2gMF}PD2)ZFFa*Asg
zcYq79!Y$ZyC|FvP#of~@*?50p?KMH7tlj374|n$+s7H7dolT~4mafdKiHT}kd<xCZ
zw1J|ILzAKw375`SH)_{EA}1z-<Ue;bg^2+%y+q9OVc>7WK8qA6`F9T9#)i4DKZUUe
zlz9~FI^JRYQ5Y?k&&Q`G-1mH9)hJ0F#J5d&Txp_MA2Bl@^Mvz@&f$+`x%I8=6C_&<
zUWJf?7%d8?-qD1MyK#Lk<|3-S%m2UuhRP-)ph1&?e`EkPot|?_9t>`WFOA`21?GYy
zY@8B;?x6AxHXPAJ%<ud>>*rO-YB4adr5FNq3rm1Sb=uyK9Uup!A=Wz#JGY*c*Nn#P
zo(nQEeor(3T&7X#<FsQnsu#6$5~8WzCOp?C+s;v|U{qhu*7-`{cZjrlx)HbgO&0|E
zXJ|U{J{Lz&Fmdrgn?uvc@t^ckL<`98uI)ydLz6<hI=Ryh<Q*7ENF<IID0!B$|9`xg
za#AFY7hO%(cEA2t?+5{3O2712hrkQQ_ZBiOVjcE_VZpAgkbvjZ;<~yz1y4ZYDNHHw
zKpTMCdItw$*3efLv?<)h(XO*W?7*V%@?GrhS=;Z2B<%L2Z4C%UvVnzfGlOlv1kHEv
z@`y_~gd#5o=T~YrA&B$@*1$K3w~g+XcTMRm3mz6WTu*mzv?~m_z~`oJseEB5c~0z-
zc-R#&->3fDR=E_c-adUR-W=GL^sy5>+_yc5p_$+9H^_PvTsom?X74cyw9b}{<ZI{<
z4PU%^a(Zgt<FQEtX+U;jtJ%-se~gC61%Z59UG`<khB7&wYb#}~gkJs2{H&OJZHg>S
z0Z4FShHmKaVt}+sCim;zniJ^g%K8u2qe?Sn%m}haVS?`kN<Qm0uaRl1X2Fuff-_C@
zv%Ey^h&4wr^%GI4cPc7Nj%Q;R0sA-{d)|yqsEE`Czr&0kNx#RN;Q;DqP_TM8qywAo
z(+X^@r%h7$9y;ZqWTb`*FL8p%FF9|>yH2jr03u&NT<`AlN-GsQob`l->`s|05gG&+
zOd8M?U**)hj2^{CKk@{57MUXE^0o=x*0>j}vjg^9%2Kb0D852Jz`Ed%{XNpZhnv8T
z`YK;X;ths^R{8sX$c2<beyQO%#S;s)Ub$DVlFc%am)BfHHE2DNL0L3@*5gmFJq~s+
zZ%=U14+YBRWYk_7PG2+aC*mB6AT~KN#3+dl#+5MHe;8amcmEd+sqc*YXsSc#-VJYM
zU-@;9)f1IN7X$Bv6hVvWfe0iQblmBE@Ib%m$xK;5LY)L0F2!Y5mc866HLEhG(0iUa
zL^dDL#BnQ1Zi=^mPzdQnlu6%6h-%#X_2NrTEkH!%XXc>L4q|*^c<4j<vnd_bzg<qZ
zpMQ(JxdVn|)3sGeI=L?VWVbbx$q2a%qmBxUY@PG_8gN*`{7tp4GpV2^f~VK`{vY7<
z)MeejB$>JePmLe*e&5j9p(_97mtTCy`O0=G89IZup3M=kQ;BW$>EPw@?JN(h%I38!
zxfQlpdsa7~Qnu)qI0bDe_@y{>!PVd;zxNGoev8LV-9~W<bYmLQj{ZdN$iY=ZN+Mfw
z@zz#iu6X-=U6sJ??Y<-^6AA~ULFAS@c&#V+b!^4cDQV4t&CPRFbpX1H4ebjrXR$01
zrzTq>V)$VfR(GoN%3x76G@G9lP}eS527qNauE5x@+&?o;I);3^;X>IR@%mvdoa<zV
zo<B~PA_Bi3_}Myj5mx@}EwN`S1|!<;?bk4-WbFb0g6{BB6Zh36h-b2jlfpKpYwmfb
z+^if7=V#s1Q$Dpn*ER@tNsB?F&8%MM4c{6?%Dsx&U-@-97PC7R+DlsymPaj74{|a)
zTGK}|Za9Wted;)Dnw<2g8lTyr&uMXHG!5tx`Emv0+_5c${7aJDGf!yaVjFo(g$J(L
zWwYa$n?EC<A3Bm9Lr}_}o=`4X9kdEjxA!EyUhW1nmkt~cMEE>+F-7YEx)^`MpOHH`
z_I?B^MH_|NoVEGoH-1B!Dm`8oK5_hz8=%(dSEWgfQp?WCWGKo==y2mf8##dKr0<oE
z64OG+f4HeoI}JTK0)RXUVzU3a0kxvT;lXC;g);Wz+!5PnF5j$zq2zC}S%9!gbGrFf
z0iR}sao2<506%L#4K{oEBO0(6EYpF8GOSCQFRhADb}gXn0saRv1P~RBfEJOcyl59f
ztd67{_kl;lt2i7F(Vc^nJY0DvPDteYQ2!-pdv=LuxY~7-$shF7+npgN^|@h@AA6*K
zSsQr_lL{Oi+r!4^-yHhh7W)C1yfsy|5yv1u!)ie(_FSh3d{JWulU*Blqo4fk2`?}F
zemo}Ok*Jxsr2RrRq`k#2rmF0I+!olP<pVXboXi3=EGU|m$k$Tc(C<p7*A@2OO#pD1
zknp=dc-@p|YZa!L=`qyoA2^S+ZJiGx_6`s!4_yH&UB5Yrr_Ridbd^1?iNo_#3QCK=
zgDk~IYP0h5v*;gD@+;?u24p$|6@u3sVCd0yeeq+gD~>8w;o;`zVWmlxvo6ISE_x!g
z9x@rkZ-NK)r{#9^2r`qyPD7ImdN%Lgb3)8L;0MytsKAN8YXjESs75^-T0t(`XV<Tu
z4H0JY!?_<bh8(Jnw+g+8z61Gjp00=+bL;ud^?Z#Li7yg`FKkT|srTFzf-g#JALYC?
z7mvW`7DrP?1jW2|+S3V$UdCjhG6Pk!wq?HG`^bd&{S{FqT;}nJ{5zP(Tfon$iv!>0
zVT_)WbN?rI&AJPbW$T9~6<{)nnhfbsdwXW%YQTHLJ*PXIm>XAiJ^rqM)e+M6qQ+*y
zA(bk$<I{D1EAE+Pp-$4WLdQc`Mf2oq0Es@Yw@rJKcj1N77RF|>Br`y5y;vQF4iJ&#
zI5BXt#wqLVoMry_#U3qIa59gof6*LCQj)Tu!qUYI_z2{RH4!l=T5Gh@O%;nxu$+(J
zr=eI)O;}@pVHj)^=k7DELF!2haR1Ib8)`_?#LuG#N98cYF1XUyJdEqgCLvufHh1ee
zfEqnN6Npv{9H=x*M9Z0ZnAc3Z*3fjL-s(N86k}a{DyB^`;!w|oAJhHH&p=>MX<`&6
z<3H5V$sV(+#@yLSVYvIchN=26U2(PgNsfR;jltSbE~TcE7)Pon=cQP&SbSKL6%AdA
zixlbeH?C&s`TZ!&HBaE*;m!@sZ<2tBjV*?UMBXuRa-bn1s{UUFV?J*0sX*G4M8cZk
ze}POevHV$D`oT7n7^Lv^#@YP8;USDj@E{HmI%0M`^74*Ug;L(Shw<Ou52FP<W()5W
z#)%2KrNxQY+<udg)>sqxETa)+{G@cu#XduB^!*@2KG9ni<YS*<V^6ja2&V~ohE)PN
zMj+-<icg&HV7>Pd!T(nrg-f>D8w`sz8X2W<G$ml^qDI-7gxKS7mb(#yp>@zXU_DCf
z;W6Xt+gT&1?>&P1W4dDd`;5w0ru@Dt*R1W8I2y-~woh_omxVdkBt&>Wj$U5d_+aaM
zKva3E0_?^5UCO;1;5R&E*0b(z$9F2Vz;o<p+o>`sG&E)UPp6n=qmI$+Z=PK^=WA36
zPF{sAU%9EA*!RgQgY75IRvSkd5tx7sa9*u19ficR;~Vy+?4tsO4WoF9ln+TH`W71Z
z-A2Z;LcJ7tX3c=vv>9uG+s$;Uql23AluvaXOMl%-Y~_^OTJdWt!)8Yg6cgEU?327(
zdRi~ZUqAY0jxD%mcLxqtMOfL<{iNILWcbT^7;QIt-W1SO6ZYg6H4eeA`DCYl7V|6D
z@yRFhRNK80#@7a;<g*Uirf@%;WZ;o^e`4Dl?IFN2ELD0QpIo|&j0763_-bVqcrknj
zl>U<CKI_A=KT!*i2n9)X@Z5PWWm^8bD%u9T2I3xG<1zOA8N5O~_WA;6OPzfbFT5og
z8}Uju`kVt=Qai+~z{#J*X71TY16u<Y6a7yQB0Yz++CO4>EFnW!Jw3%p9h}p)UFh(M
z+KFA6%M=ud<EE#N3keHYR7=0x_cQMzw)G|6H=3uu+iPenSk!}COx{(`#@NE7%2Mgj
zp=%t1Xk$-aQ!Ug=m$)}8d=;uhdMOHy2qR2(7h~Nd%J=irzm4E;@fiA94>}h)b{%{R
zmA=!Jr+{1R)Bi_u{jTm0sGIBV`zAk;?p0?fSUaKvLpECe{`v3#_K20HM|wZQt}~mY
zAI3eqG3BJO@Gl7uz5q4WZ9OXtSQ@6`N}8;m^nh?p^f#ENB!*39h$~Ea<f8Nwx(*$h
zJ*B6R=9J^|tDpNBDt|9u|3rAIO${Yos&UI6Zu&xx3ku_uiIAXSY1<w}#!ugb2z{Us
z+-oOwL9JovZ5}O&qPh-wJf3kPKTv9T|Bw0`PR}_1?ooqHIj?Yf9<IZlmj+kzDct6(
zrNnf?DV8bm9(d*JSDN>+-y?+4Gr0!1cwbby^t?oQ?Uihi9B$Gx9Jq}b#g=9HHqJRY
z7@$`NpA?Zqu*|NlWJWht5j64!M{Uh?HvJemm>f<VRgOD~c(L*aM}79g9ClI{FIx5s
z7_ZBlZJmn4dQ|1GbXL`{N6id-^?aJ}U8Ua6efM&T^04#6`;N>?nYm1KpHHZQ_D~bH
zZw`NnGF5R%j)L!l7a2L^{s1=?*~;2bi>*$`zK<SVS)a0N`97vvd2+w7=0P#%0HvKl
z(yE?pgr#Os@yUnBcL!lV!4i~9UUYUueC2xY>|*c7`4M<Ju+0ZO{`oFbmoLh4y1*@O
zqR<z&_9dMDzF!6$w92rbL-8(lWv6s|-@l@w!^tXasdMK@-e~*h_hBhwWS>zZq3M%3
z+-p(csN8!5^%57H@J3KiUY{@>0GRZcOHDwZ>knD4w^V-;v48tmoBsvoPe>n|V<-;8
zYYv15c+PjraEo%#30*cJ#+=61(;_vbtsXQ>hu+enlYmVfguI*&^F%sJX?Q5kzfjc?
zkP00*d@wC}x+*^hY@ovK4Rz0bLA?mDNPW?=gV`7HoKjgT1grxdHBR2w3kOD)8HTE{
z2RlY_;3LDr|Ma{#`eiOMf>SSUA0RPj3iGzDJw3yLu6sYVBCnRz)NGu1-K|OyvE-iu
z05xZ0bz#1R;VwWlBgvL9d>Y|Gu4WA+oh0K9(Hfq)Jkn<EjhChlaC0EJrKCd@OMgQ_
zT0`2^9XnS~%);#5yelC50jvd*Dso0$-@drh|4VhehX7?~El(Mo6#G3rd|l_UKSaGd
zAvJ?b&kWxCsZ|*Ng!gA<6YKoKK$q75rrsLw94cr*|EmZ-I6r&Znl8lPVu#7dz^0lU
zU9*{b9t<uKJ~54|Wk8nYGNOxbNl?<!U)id+qs~Kdtl>`zHf8IqUD+@mq_uJb*Ea3j
zpG=&#RyHnrkYtJmpbuBh>C%^{2FLq&2oDI>EXby_Lys1H{eCfsqwJ_}Ng&Uq+~*(P
zX~q#lL?+&^(4K-bC37fk0pVzQ*|h&HNpfP}ChGl&q4G%k=+`D8w@{5(@zEUZv1Se?
zzWB`L)VMR<Az)4$<xGn~iKZ5k{p@S+yTb(VP?|7tdMAjn(UZVrI&orJMv_rftS-5m
zNDoUob0MZA6JdeAmb*3Xf<GOt%E^9k)7RM4V<F|Y4a++;*Xz7Y+Y0hwj2&LfO79ZH
zrDSNrf`siUQBgZ1B2Tp^`?{bh;GWk_uYdLcGhxv>Oc=XgJsPP=U`cUN4$929VH?3^
z`x%QbTH|T=Q#(Y1O>#=OAD;6+MFp)krYsMW#gOYXX4TzWvLb<<zsZkv6IZz#^ZAYC
z{ED5Gd5wsE4F#|Gn^0*BqgtMISc6Uz&F}fI;^H55+Nn^MI18pb@M_t|6xcMxkJ~}3
zaXiWZfRg~(bR@%P;#+us33uoH_#ElfSiLNHEz<LQb^$b7ZUYqz^AC33a8<`x$=K_!
zroQG3@{gZSAJ=5O5x1%Hby%b&DpX_LZ@F8Q5a$I3@&9rb7;?e*fY<K|z79|CDzyJ^
zR9Gy9Maq6;^(7`UA>aNlk=e{1OiXB+K6BCkZ|wlznkFNLFIpa%v?nAGwX!m-f$#3H
zay2%VhzlA~<Pz!HX$``z*37w6;*z=39*w07?mAzm<V{u)2pb50hXhNd|FeR07M~f1
zw#0&Og-~xjjGc7I4+UF(Rtdy2NopmCkdFz6tpv+g_gnJ*C4p+=R%=n#)((UKGVK6P
ziY}tz7T@fo9I(H{#;9h<*|EC5AW_kGv#iD!3tFml-Hw*B4><)7mK5j3?A+bB)d-rk
zzu|$FX28d+GRAVzp3gc0)u!yr67crQ`Vzx#G!dg2pF&kV8Nc$~#u?^+EF$3qr)ag5
zy<c`erhS*5JD14Z#>-g0*HrE4rzK+Zwok}YZll3xYq+8i*C9v}Jqm8*^fv#ZTrPz=
zCKOMIEW8*mFSeBl&Aas*P}6I?QW@|KJk(z@f~PcD`$F*fw7Apl*m+}zbBalvYcH#D
zaTpz~-IJZxZ4b%xWs3^LCa0dh+JwQnyH|B;%uq%AHviyx0i2NijjnSg_I{11y&$on
zXWM)NTf6o6B`1ljk5BQ%lM9$3Ok$Y=nR;ySR@=AC7-%RaoE4;7FusWgn%v*mgy(wp
z+xj@!0S|mpi>sLzOhu@a1N;pE=eUVa_9$FfgXLxUBANRe!He0))8x%#h5?)9Wss`N
zL)Q#Mxa$l}IzS+#*1u$Ps~tJFQt{!m<RWknjYUN_h*)N<@(P7;vw6wN^7{EK{OHDB
z7bIat+07VdE!DKP-d5J(m&yn>>Z}+Gc}m|@SAD)OjtJ9`v6ZbBQ8jO9YGU4Sj+DZM
zZIO@twfek0VhH2xWfdp~MeXBdM__$URdwcbow>SyeegjCdmFZ@Zh`N-8-<&acVKEp
zEANL`_D<I3{LU87|8~Wl9OM9j#3NKybWCA`lMBvm&22BCGKG|c9$7gfnNW<#eX|Bq
z$F*Dj#R^=$Rf)7YE{qB|N^-{$)^QFJDPLP&@trUr+nB3}ZGf1>pS+ra+xFD|yozeQ
z0maRLqt*{_P8|f~d`tE7@}z~*<QsM1vcXo@74hrkt9IReKJ8f^aRcw(O&l1WVOtOi
zZ`QyYhK1y=6`Yhic<XHqeWdf;5X~JMpXo|v=)UqHn|o{+i7Jx!Kyi%t78X)uzHJMl
zKo|I<L7u@;KX{k43J=UB<Y?}b3AK8v+k~vow=ELZPEPf#&xq-T>@vRx-+V)k#`a${
z1NcV1+CnewmlZHwFDQ7_?{zPR9c}L`5Q7X$>n4Gp`$GCzQD$4Y>jPU<r>074SnMm=
z@PlI~=id_V`>>||@+FLRf1QaG>);Vy=|4Za0#@8}(NB9h;Vo*9)@>o8{Syiu6Y&Ye
z180a47uf5C!9fu*=(G9t4_~_0I8x!eRA+Xi`_Xl@gzCQkl1<x#msxtW_I^AW_vv@&
zRF0fAA^TxRml3<!8uup8W;kw~SeG1M4_%*5oDAQ1|Jp@<BATEyouFvHWcbm;Tj|{1
zh<kGnpmIf+FX0b+3H!eSk~PKj2iCOK=Xsr{8*kb_#<Z_sHf<o)nxa;;CyZ+gq08Z?
zF<KoZ4Hr^p<>SO#i2nX>3^gfgF?AF%L^)KCO<k_5Sl_!dfS3W-#-2Hr#k1hlbL6PR
z>M2barDLJyZ(3KIjojk{C#;goScNhwNpxy(Za5Vq8--Nr{?%39wLd{Czv8~0I^)i`
z{~4NSt@<GX@yZYzgq$sv<TH~f01C7(4bo0}AUl#A#Nhxz_@4r+x#JG&kIf0Q`oO(U
zoDZ^ifS2h4QpW%bgPrcN&^Bo<DAIpD{CZcs@u`?R8<UASTUOI2n-V0?$Kn;jr%o$x
zbxb1K@!P*7T256)N705cgt4*u0KDfID5@@aw)F$}p8#$ZDHInn#Vz$l?2YC!<E@c<
z{wfLDqN#2cCI-4+$hEx9YseQqrSS*!pS-!$E#?JpYm|@jln(SYVO8bFohBSxhUj?+
z(iz}hE)|Y8;Nsq_?8Eswoya#${4M$7Qb70GdOYL{0$)gzVJ>Vfh@Y3oH_A#x{CU8L
z*^QhH$0<W3G@dkkftFehWr#6nExU!dYH2dmtR+@77EZlbIfr+S@pM0ec4rBjbf`=S
zwg8w&aLF}7UzLue-OOuX@4NK0*lwuJLMtrNnHk^A8d^%o{BoDu-%3oGLB+`aL+9=C
zuDf3)YxUuCxaZz>K@gd~F3_M^{0W`n3&aEJ7eP7-k-gI+i7%hI@T#2HO70E0=eDF8
zr@0FXEG5B3nD$>cZ7J21QzYL76v7dinjqSq+hLhTnI3YEojYc|@$HGK5sjUU3S>fb
zwefPLlN@d)zNri0^=#6(`Dnecl8@;K_4L;|2Axde#OCvIEcLB(_#8uQ;QSj!{zwa{
z$zY~m{W^kOY|>A}t{I;Q9a__P9a;<rKGA8{>V&he#u>csKh)9xE)Xw(sj(1zFzs)V
z`Vy;X^~L+0L8W*#`85N7*e5!pxX&x^9t%CnA#xrBY3$9%7`z)D{w4Xw5JxT<hq@iI
z8i$U{k>UGZ^I1!*m|Xgy_T%RiGo%xbYvPV3Nf}aK&+~MP3EQCc|ARKzg!?%x(g<?K
z)g(OD6(S=g)8gm2onR$X{=EJfEGk5W*twXore^Jshcs~n^(X?Y|8D^RKL-;-l0nv!
zjdwEIcZ%an9Edn;t2vXndn&QPmcsW^wJI1=A33DeloZrk4a3Kt3OA0~X#bGNx5l_Q
zyg^!ilY0-cYb_-{)64D+1E*cT-brgjvjWF5G2My?m#(LO5@ou`3I6W9tItPLRpJ~$
z1^Qm|o>v||8-fngn8hIWYI?qO=2Z6vIca_T{!CJ>^^~epq@H}~?ojEHg#va**o~TT
z|G5Dlrprkw6jy0>+2Dd61+m*{olUIMeyh?I9xCjplFgRJcp-s(lgx5&QbJGNryQ2(
zLPwNe+>EWFM6Hr`h20EUIea|$Fs&D%SshKrD_IC<RthA>-7NucVSnr>jaMT66Pa3m
zei#ZJLdt*6yXCa<2Ijh3)fZIQ?2MGO5KBRaQ0VoIj-*U2uzu{sxac$;7Do|D+UmKQ
zeGWP59Db_MepU$5n+0t4G-Z&Cq1SiT!DRq4BK`9Syj`R?0tU~Dzab{)Zno29)oo6G
z{DKtzMTL1XcPc<HXTxlXa<0P8L+1I5CZBG(fh=%}H7M-!PBb+zD6u1>MZ3hE>NwDE
zE;~5Ab5>BeKhoAXU?5A**>B(P&U$2i%U(t2xM_7YP+6q(Rk-Pux*wg5G;1&rf@aD;
zdJyB4r|)cyht^f~CzXPNjxCPB!$xa*UW+QpSmw9dA(v~imHVL`EXlkwinJSgvbW<O
zLD?Le={U`7xl0Dqg|kWLVd3MCQ#Z!jb|<7eqLs?!Egxk20a(f8=}QB@6Qj0hHJj53
zHfP!b+yZ(bqXg3%Mk+ch;#Q$WUC>#aH9xwrM0bvAI((<}{h^DVDzq75Q2F-Q$p_>c
z`4Ptk@}#v3NpDU%58aAY@1d(PQ34MB!x*wTk>GtBq#9rd6ZNSTonIn*e`5<enSfR_
zHPC+bmvm>~a(Q-4y)G-rgyeGj4XvzQ{-$$;Ke2h@?8A<^xO(p)Nmm^|gofBUn6ahq
z%TqF$=%X3A-FLJ%S`jW_wICqBXbG)2ABNr<vma?r*Jij$sIjr93i-##!AGr+8felT
zma%!yjA!cD;Hplz+3oa2_e1t+X`ulx3bJwS(f13YXy(*>05K?iDLL;C51%p8Z+VnM
z<GzFVab1Vso|ua&8V50kPqW{>$gbHRC|91i&!@h&^S6AB+5aXZ^mRLEs(nLhA4m9n
z^e;&`;rY5*ulJo96XiU`b=%tJ)B35>qtNJ?ABVtW-p3Qq!zuL?CdEv0I7Rg}@9a#~
z?;aifSwa#S(V<!mY|{QeJ-ap0lov+3&9eOv`8mhV&p0k<%P3zZ$pPhFWtGG`BxshZ
zXNZrpIL>NAKIWUplJn8Fh~L49lgeGrdymQA*~2uHpQiF(?)3I7T)a}*5E>wCOBK4n
z8OM>ztoj=%X9KrBH%kun<I0Y<tt&WXLYWs+i7n!XvgdS=3Y`4BpOD&%54GyKXt`P0
zyga@W(0qNPIXQ>2T=$<!jqk$08Bb<FeWK*^8|~{JPf_fx#cTs!tj`x_MLMvrplT9L
z0M;K8Ir;AN(*xw^O=0q=mhrW$JDvRjfi!LoJW)1pCkmrlIS&VUO%g*v>~7cVWW1uw
z^>gJD)RKswpwlXVl3uMu?OWlF7rqfq=ugu)Ut2etw6-i=jv8`)j;Z#l$>~|FY+_eY
zT2iRbZhhz!C}C58gSnCaP-?_6WHTS{V}e=>?+wb7HB(Jnuru(~sIX~voGA448KPJA
za5DIVy*rd*Hs_a5;D2}$vYi`HdbDwzf(_|XE=KX1Q0+Efx&i{CU52cG7(O@!zw)^m
z=gU(HSshq=?DL*?XB-u>WP-<z^a-shcilD~n&GT8dxo*Mh?aPJG#Jx#XWFdh_UiL%
zvV|@%i^Gac)THb=96q9}Ak`qGMd|i5XOhXvFo!1n3!A{bAT8N-i(#Bo3R@2{rMYfB
ztXaxBp!+4W+`Fo+YqoT!G00pnO7_WGt$_O!Mn<T2SPf_V>0tBWgfavjX1z98yg>Wd
zo?h8FceHS!!zb@{(7{@&npc0fJA$U&)7-ec@|Zm^kv%sfvEJHF!y-)j*9;bCDfmhq
z#Yz##x8A-t(WG8<ReXzi^q#MYpb*!LUY)9l+xX=REGP)?5SX;Bb2fxYg+1{3^3vBZ
zkK5%zBV$x`9A|xCB}(GAx*1)AHcP+8Y}<amaU#R+2d!Ma%~fX6&js0UAK#YqPpEwC
z7y+-e!R5L8|5T!*lAIrB!I(?^P|5d5TAh!52V;8qTAE6Hmrg15r=d^`i<e+&1L^VI
zySZsL&|jxpD))?1C`4QUh{rXxDg+Wr?l6JZLj^5m`lo?5vRU@Kjd~)XAIvWh^ZUs5
z-;vgZptbFS#C5&o@BYs!SuY^ryb<E`hgxxuM93d}x#NZcmK%u`=`b!^BupGwlgE(}
zhs_0*cz(Fh^`t=v#p_ar55hUhI=8-kZwx%u0lbO!eqDOonlk-G3dJL)7$FLHZ0-UB
zQKQSD2P1_s-R6&3PN#p=z-A%az&Apobxl>GJ+Ca0qr=#6_=vy1tWk)3ZIY5XmS;Ho
z$&I*mW>cA7tk&Ya{{a@rhe=t0ohFY=h<R^f5TLL7zaumJ9q~jyj5npO#H$$K9R&i3
z4|E;z|1SQY$3B&KJzsCduY22(Ecn(Nv)GV({00EQM!35b{H?XFrFCf>RgH)^K_)fL
z%~q@_|LOB*8MDS9U*%bQYN<g9wFdYsJK6M?{I!T;hkEI!)O*FP)BPYb;1k<N9vxKS
z3gA)fa}>FtARkcxWvw3AH_MmVpQs4R6Z_Md?bEH1ac^%)jvDv2NZwa8eeh;2Bt!}J
zk3HbaUsgZ&Q*3=j(ELiY+irz+`UWJ!kmu8eFE!`IDCCtamgc}~_V{Vamjrq?N0EQ}
ztKJ@^v~^^dwv?kJU*KF;NS<;ZE*CKuz+#m=Im2IZPK5N1JXPDg%RZ<-xwhe67Vziy
z+BEqQUA&gWpOEr#n-O2Id;us=mG-Tr{>eVI<;Y699Kq}b&!jSYKQGvQCW}dp2V$$<
zd%RLM?0G&aW}EfWXbkiT_JR7D7kZ&>4qxA^%zkfmBC?4wODYTB2epkN;u(sHkdPqH
zv^izonSl4zqyUESSd~ayrISc8csdH``&Lgd_9aE7CwvBFa@{76o;zrg4xV}~?weCE
zgAEo`zH94%@2|Wvl#TqReAqFv2G*{*6Xa1$cwqfr^2b6O@hH>=N>tQVvgv0HXF^#Q
zV-z$$C^9tv?doUa3@FkZyO0dupl*FhDQDkPveO;n<@PP`_kQ7~HT#^*B}7;jz^fA&
z^1hvr^|4;sqE<z(qDSY9Ez>j37Ru~|O}6g`yREzOAzrxd{zM#T)Gqh_MH>$lHPqWH
zAIydIh{y~SJpJ@xuqm5#5~uD{-u>r2KKXquUC<#}`CN*FFpvJuWLW6Zm52J2^KRNm
z%ybG(WUd6?8BJJ+Wj7>Swj4xwlpo-tOzopk+?vq`qN|;OltnVfnb8T8DJ%vPpue_p
zBT3c9AA5C6N5*v`3rhaM(jg4>x%oVFhT5m5W<Ax~UiLV+G!LA|2&+O1+GH#GefIh4
z0gu`P_xEw!DyOG=`;UjpC0|VG_l*nULxjVB-{9nbg)Dl~%(1yq4w6+1JlOdaMjt<m
zl7rf3Dox;BfEn&r#8y;V!PGO9k8e@f5c=ll38?CGvtUS7a1B_t&U6yQF<*OfEZAiq
z<J}j#qYv-8Oc%xT(rRe(39c|p007;Lni7}DGDn1`sYm;3O~I=m(IN`7yevf>uMcsf
z(%lfD{z_bV?`96V765&dfql!-8EbygY?gZ+7T$rnI9d(258A=9fB<4Tz8Nuiq8uR5
zj#&Jx>ld*OYT#u?{xt4<NntxE1cA?XNcshcN_K_Jv46di{_SRNbMg$w%k;PXyi_16
zr-A>k+M`!eMLS!ps?y3?70)(S4|!TsePi;Hlm_wXc4Vx>ULyaI1$U7_*s1MMJp0OC
zKtqU35yeyTY+p4+g}5+<u2*#^v7s#eX|5v=zYODY?@rQ@ML!=fqx=MRGHimG=f}io
zzE<T2E&tf<Lno(k?7t*-C%X+}&eRfd=;6^nc^~w5i0siRm=tNZ4f_Cg@z!M#=wwrA
z-O)p>Ov3c@L&?7aT@rH3y+_#WXzTbnd#O&uA6|Fwk$*`fu}_dn&$UM|ma(c;CtKwR
zlnUdwLxytH;m+L${4!NXSxv0_Yb!rYBL`%*_^c#Hu*?}B+Xp}8GmqGZt#V#$WDD3}
zlhngz?TN_I$=buG_Sf}?<?hT}tqAnTLt5H}+25ZeH#6LGC*bg6TeqhAxyaVPLLtvq
zCKO~YXwrW())!CvWS<(Y98%Y#%phF*e#t<5ov!1q57B1k)H;epxo`GF;vNjUuNeb)
zcUC~dA0iRKj={4>n|(*CE$%DDc!|0^DlW^rid)^LpOV#2HkAX9UDR99;bhC^EkV@C
zj`IM#hSf9aPOkcwqz!N!W%*G<hoGXu>r`!lHx#VBn!>gsq{5g)a)GL2ZOc504l64=
zlvu#$H#CnQ8gb}{_Qc$F&}dj!J49Iw75%mqQMuAS^qR_Y+V2VKhph+sZ$f666v$<{
zsdnqzhoJR#!W!#_nLgKxA+W*OaF7_oqv>b~D-07FD;el`Ue7dNjP@@^wV?x6CMA{A
zeK36&e!Y~&W#pESY+BR(qj&YoS$EGR5;3e?W^cDxT;~B0-E{|mvaN)WwtW6elT0JI
z5#|rX)w$c_N-Fu>mvo~^+9U^VMj3s6$2u1@L;_r*jDah|?JoZ`0ZP@BT;=NJVQD<*
zUZ{sz97co*nTj#frxQax%>8TxFuN_@7AMtXP_-Q2N=3pqHe9_cK4+^O$H7D1M6dJm
zny++d5dS)I9(YqevfRNPcmgZTq8>N^#J^eiMzTfwjSO}=`9uX$F_jrSFz(hyYt_MP
zW6~4O=W`aY0xglc9}vgQR^@cP;PT@XTm}MOYc)UfWhLQ0B6d|KipS@N`&Aw^suv9F
zUzF)i0b3Kz>(i>e<0_O7waUzOD8Js`3to=bcA?2qW4L|#h}9$^%95n>T%4`HRDjK@
zTD!)qR|z0w_$*DoT5OCvpW4>f=v{@y8xo~P_T?0xUyW}xd5!pQ7g&o-#mBnF^_AYH
zF<?Zd-L*XxT-3J8+%2nqLv%6Tn|v%*Y@iG5l)XcIl-vBrXSOVHkjkW1bpN{bgm^FS
z?LFzFLR_wM!mEo^+bk7q?WIGz4JIj&#McjZ3XFB{rRr!E=onh*PEvj!Q6Zf)owkT$
zif0n9dB^euWX&L!lJlRiiujPX%lI$fXNSyP2twG5g}^YgpfO*4RqKCP`jut9iyaV|
zaF=(eExR_b<p-Ro9TEnwOWWr3u6buCG!bytUqe98d<-c7aHnKVBeSD{i#+cqQrycY
zG^sP>!i@<XZPu?m7Z`t&4OBKo1rZeI$C)@--SAWZ5>Hn0{*lfCb+-}-UhM&jS=sX8
zC{^v--)fq|<%gJ`nP=b<?hFVZI5@%84)Rs!cJ6sy+bFmJ?N^K@ah(AOejCZ%jtn5A
zhP!6xB+7K~ahB-!h!#wSa&EC1*N3-H9D!5BTSn&`t&D7S)G|g$s`QODpbnb@tj>=4
zPnE5pBZ!aXvEWIe&2y0-6NIr({i_!=Rn6t205;}q=G~fIRo^yxjlXiQ_ORlS(kwx3
zG#EEF<OtKPEPJEbmw0SGuG#Rf-krINmqv`Ss-J<W->c&NgfdST-v>)8u0Ew(Bzrlr
z`2bt9DI4vG?rR&8HdQQnnzu9r`_LK4t^3y&qFmhku&YQmTYRgEg;Vfrh(BYV;boHj
zY>ZFWAN0fiGI!ZF-Yz50V6!$Dm?*$q?To-SOOBa`x+nH1=Z+J*D#e)1p^Qh3z7;Dy
z4mCDJj$c2hiVrZjLg0R<M_fY9t}ZaQg(vPz`FYkHMzfD&<>Y!`HQ8IZ#-;NIqMo5j
z*?!KZV?ALJ2ubfi8c&K8j4YFUbRO^Hm)68^8Sh_t%oVhOyS!|C{|h>RK`nlq2zBD>
z;KuQ30&8`Selu0HsX}DPwJ5IHq8@HC_Cwo%4Q*9rCeRFW#jH)A8}P;ZSEgadM5l9A
zvP~}+G=Wt1(w|c?UdVj86FQfDwEqwrtstTxgMg@iNfjuTR`m-F!5OmImdwEeZu#&V
z1`Rsj$u{Xw7|_P<4ma<LxN}%4QtXT(W&4#Uq@4@CjvbY-A7ma44e?${q^#bB@8dqq
z5-)j{nxT7}$<KPdm%-vrEH<1%I}Sk((o23iI9|rYn+ucI{Lx;pn$G1i@$u~7nR#f|
zhF|kKvTEd$2D@A!4f?CAc6TuCJJEOCMUDX0zg-8TN8}gZmc3KLavmc)K*^dBgbl~w
zmLr<L4trqOR{tBvkUS0EsI%3h<1P(=$~|LI@fCJs-+HIz1@;GKJ-g-ldC&)C4p$<a
zuaE_W=<iBb8WK&3|B@&p+A*^HT6y;?kYRUi+60`_-NOZ6|3;helSbcHD8||vOY>=6
zIq$0#Kk=KLzZ3s}l%Ji9XQ8=b>5AzWpYiFxBu*n(C%)V-gQH5Qo?T!aPr+AN(oe#f
zCumRhtnNR;gF%jIE!Q7s`k9D`7qi{pzzcor4SbZR{4dj9Ri*Pz_79*Zs_$>v<2NOe
za8RV<>8xR5)EuU{o+NI-yxNwV;C}8t67WLR<oPWQEWSVOS8I7-_N0qD$mz-uDHFhW
znXMb-y7p{{o-Z#{2Z372Ou2&8m|`oNY`wAx<B+O@$@Oc)EY{&sqGpW;rkPgy2m9)D
z6=<e3_p|lz{QdneA7Ls=Yrm;2=Yl}1qq;L;e?*tyWd?Yw$F0vbS;{^P8Y1V`uhHt!
zGPYd6S5x^3i2*5RS&_`ht4OYq<`Gv9_cBp8mxaN$jQY_1Q=8#7VpNe%A9gcAFWSx4
z=kVcuR`!8o@Yzrnx5DY!jopfb@Vdd#EXb#cK1+v!?@ph3OcS5xPXrpoLa-ITVtycH
z%yd_0P{zJ|h)q+lOghne#_b&=*&IfQM9cA{h+flulkA=`fNBoYIO|deObv(qOJd}C
zuXNMqsV1MEa%TQGh?&d8jb0<GgZNKU#RMi`tKwm(?$y&dmkak=onv)2a||H@PE4Ip
zJJG&hV5Nv9oab$op1qR(E9WeJUC1i=0<k)Pxe`1hLUg+KgD`$V2dg>SJDa3Ybr&@Q
z4hP&YV@v1KyY2nA;2eUYN7XWP--(v)@BFtq__Weu%!$xPBS%nLNoL>)8uK&@C8V>Z
z{4NpGp&Be6TV`UH*HI=YKwH*+@r2D%JRhB@ZdA`y5y1NzE^dJoHFKbRDiu+Zm??JP
zOXc2dt5%Xb1Y7>F_K3FniQC;L4R;JEbl%S2&!hC`yM2pSj6uaaE|$;gb`78QX3e`w
z9Z1QtQezW1UGA85tJpzE_A|e6nsxeH3HYt2Tf<<gW$;3{zq<81PMz&rPY>Ls{2ZZH
z?rb8m8o$-4G9$jIlH?%b*tl6d6WJaSn1ma@cfT`xLUN0=`|;5ex6hT25*`=jcL!Py
z)~_lZv~G&#CzB2fDMU<s5Unb>zoN&~^J0-n-euDML#5&SK3>G%o{d^IC6qd=rbZPs
znx_PM*k@Doa?OnYPS@P~3y<xNN$~Scw_&|fVL@Zn7gRldh+|8LU;mG=i4WlHV96sO
z^X5F?MsHLV(V^{>sUl0{gj&K|T6;QNe~9yq&Ue(T`Qn&xhN&xQzh`}fnM_PV!dd1$
zZKYb<vO|X_e5eOrP@U*gl>?g@@edZ7FN7N{cUhs<i`mIAri1-CtZy91N2;K7iS{L=
z%QXJG(&xx8-l0Kh5&r!uk_ecakmj8(yRV!TER-d;HtQP`qWSJU<B8*cb3477cI^ub
z8(l`cKKyow3ab{2RdE1Cu}-{MO6>m1n3V`$n!EqQU@bulCSM8*C6qvpl>>=NlR+M2
z>y1hLGgO*OXOPy3+hdn8N+txUoBiuV@pB)$7vE{(P;n{swv-h23%>qmfuJ0$19sYT
zQca+U2Jioni}KDiL6aVP(=(B>g}(nsY5WhsSZ(xe?j76L7FMXYZfhDb1Bj9kFKc8J
zdu!Af_g{6uEXCmVQ!TOT?>hMmFe__8I6v_Nu@vHkzgs+0Ze#t3lnw$tLfjy5)pr{Z
z+FiOKZv*F1<B))HxZJaTWdT<gAd2-qap0JdPv@FNKNTMD-dQptIM!BY+MMTHITHZs
zNL3t^pC=7yvSx>JmExe^*w|J3iDRmU>1>(?p#<M)9j``N&mMn;0_$1)m~+ky&~riR
zj@}DGsURwXc&#d!Y6y+d(jW-VI?UGm+^c6u|KLjgh8GeMbTqiY6910;H6^7g{j9om
ziIQG`;&TPHSMog={Zs+NfDYl3a#`(*P)~GVe%*dTMKQ84a8p55yp~hYV=j7y>#S-_
z&MTy}sSk)e@JilWP)Mm1odE?Ydt9twkL<$o2R(icfBD!xaQ*h!@x%NQ9ZxAl?L$;g
zq<6PmzD^zKv2n`X*NB&+LuQ#R>wib+rD*bsxGUNx3<mGSI(DlEWT-8*D;CY$ifg<a
zCJH%4J@zkoKc)RSZy$GZKI_P1;fzdTA1L=}AReKrptU(C#&r|C%ub5|ql7%*wLK&*
zY31eLFVc6H+YzmmSmac;WMcf*dPoW7K)<0z?pECa>bQR?s?M5)$c0O6{UolFv`V>!
z-MAU+`+3L*K6N{tDBWFNad)5c^~^`v{hYZ)p>@o3W4*Z)E-k-7^bq^0iua7JSQ}4v
zH?GA3D7`&LPIeGG9TOuLZiffWW0))d00XinR7%9~GX0K5lcS|^Ou}#Uu4dt(ZWz0>
zo}ftR@4N2+)>sXkbm{J{jQ`;oA*>V-25SmRt4ckWTs&;=cg|KBoU@U=4^OcXaJw;z
z=Ef<HL*5pz)ZBA)i!JIn8Rbo99iEjkZqHU8Fil;Kh^F#D0;Ldxt|>OOV0i8|QiH;t
z9gJaSRCw&Pyv{P{N9ha5D<FK>pX31bUJ-anq~}ksaS}iAd>qQFwvrjOrlAn_9+vdp
z3C6B^&xdWY+g}DVSIr<ATjsXef-JLm|JkWoAm(xp*5e}661jGI2LVo!9@o#kJU8O7
z>nuo<PkjxU#6`)j;&`ziHq5yFL^CO7x*3*W0-ZQs25NMf2a(jHaQWBF!A~?U>gST}
zI&U(W{BITBM@3MD+*P%|A8l{&{>w(`62N@-qZj7R@h6)P6q{_b4=)rQImbMs5<;B`
zG1i&?z&@(%_wgo;`mrnrf_+V4pVY4ZASBN3Y>Y4FWz&1e?{@V$rGGj9mqd;rY-VPS
zY94f;c>Tio;F>M3qs>vN>MY{29q;Rx{A%cL$691)K*ht<UrKXQ20XT9(SJLt`ui%F
z?Tf%YS+a;GKKtwm={o<@P5Gq^e?m&iy7peJ41GsCbA370ex)q;CR;vgQ*6fZd)q%g
zQk<X03^mvwLo|oA(&vBGkMalW6__X<j6i@vOvYhN3Iw`YUJa$>7n<Si*VCiN#^tU`
zpNwHI^Aref|Hy2MhW=9Rmj3kvGC&w&U6|iqS%@6?^QA8}O)P0=;(mwjgxBt9XvtDq
zc2dilgNr1)%XcSPv=$}n)OpjKoZ9;C+S;80SP|E&sSGsbKC<|FHp>Vi05u*C-O869
zMi|V2BIY*PmPt*OS4Ebv<kIe4>`%WGSk_!=)_sc07PZHNr0sC8JUHss`pR`OA~y3J
zUYFd>lX|tenM73A4TJJbZJc3t<&q?NDBj1@l80fL9v6Ypg(({b|A^-J(BA^XZtZkm
z`4hI~a*qLmdj=L-N$-_sYJ)=}TBXfK=aL2Q&1C19-5*H~+vT|Xa;tk&PRW0uhy!vI
z<_0qLa2;)YMVKaSw43tNG=(<YI1sz^8RcE$Py9Ip+bq?|_A?CD_MwQI$IP4<KvdwO
z47<*uuiN`=AI~WFjPS=IAr{_YKcjMTHWqD8+a&#@MY!>YD0gKYD}B$)*bo(D-U~un
zk{QPv>-%<+tRyDj0iiDMQQdHTnwA=1Dz`~jlkkPH=U3J!O<%H)ixacg^j}15Go-6h
zk3!a>99jw7(N85b^Xvl(n;i#@>FJgP!V-frBqeW~pV#9fnw=_fch-A@4}hl3#i)Qy
zUP>Zv-)T(UmxX9+8=K79&UEECwe<k#;|M;#U-dP;g8o&F08TXDa82Ae!VDE;CF#j$
zpyd*sRC{>l&Y<%eK~be1e=X~_m!F)7G-D~^vJPzK^6Y(x+X{C~_&-_3EI4C9^_?-*
z+IOiJmhwKW)X?r#Plhk;dj2DvYsX9-?A<jazntS!1xT*R7^U3bSRFmNJyLQhmM&mC
zkXLO>`n7^mjX~u;(h{gbag#60sT*RzVIa#*R){DUXF!@a(31TyKo9H5>!j?C5pB%}
z@Fpbdt=7*rZ;krz55wMU)pJgK1!gqxgh_yMoPWlq0K+fEOx)QqjW_Sf;VNS_Jx4F0
zEJxGu&3()}(0y$9+83tpbW=U4TdCfbup*2-oYMO7=NyNlJDjBrT*Ji(zHh*0mw!pv
zFRq<wH$9z9PR4l}?Iu3-G;8jKT$vyInf&zrUy=tXJXs*5xMWtSb2;JxO|SY(%#Q3P
z1xPhEzpgPAr(4l6kyyH7JG1s(eP$5&myBOx*J~djV&ed?gTa2Av<L^|ob2$v_k0t~
zzVIC9I|p3YT)1FcEd9J*b6`(~;v6^p*W9qQEeS-!8(4NEq+tA;G}eS{zjOOgOD`yO
zN`E80a4$v*>Mw(0L^E-Pkj@3-;kJf&u;}-&y?Cv^B|JpMV(t=pvLtONCSinrPH;He
z(Pq=_!Wehb?{4$?;fmOiP!e_EpiELZkChbPR1HayE(OWsOF`j%qVa3|-6KjEtDBDb
z7puno87m@8PfRF;4kjkx&^XD+zeG}#vl{b-f^_@5nqK#I@;%b@104hXLtPquI&pG0
z^2Dct4F#<lwbxdC6kEWJpQJ1TEI=1oG9r;F;GGGQO)s9fOVRy4^uJ-pk%rh(-Ro<r
z&S(pTP_JbFk3BtE?YcLe4mKK_LrAj35(N}Qk`qFREG_4W<sB^*l6*$t+eS6Q48%T#
z1zntqxQKzE8(iSNxI{jT1p~3u_3&QS8Iegas$mkl-|}8hLih)<1Hnb~R-j!zAYnru
z_EZZ&a6{|d1-QG|m{Du}JA~b~M0K__b>a9tPA|U8=TB2KxtY><rpiA9ika#?VKKRD
zbMFVEdAiSX*9fXULj!#liX5OElWGP&uhrJ{55yD3KCx^ssJFX$H|3ANbg-FV<LGEg
zc`G3-G5;Zgk#t?<&PVx+p+bc{f+Me!^2_#z+VZx1J9$mnx_(Zg@*#U?h>JO;0vF6x
z;D}sdnU?5d_-rmdL$>dSxn!7zHpefUG#8&l(T&1Iz&WzaYxg}e;_MYPsae=B>(F}L
znp#v@r*HKku4eNsK9U$lbOauU`>n&7o0P1+T?M$*oI=#qhSI$*M7dOML<gT*%R5K)
ztP*QVof6re9=?F7nVD3nMi2K*bHP6ic+RFNuL~ku<AtewF>!gcv4Y9YIAXw{tgo7S
zY(#@&H>(|ymn;2;P=(HmpvZ3}Kf7QFB9dXrNN$7mz3x*(PiY<;)R%i9Z#{4qb@eFY
z{tpWn|BW%Sulr!-Q{R;0$^?s<HP>TyI(1uz-d`OYkJ8C@-s+a;UEFgh?ES>TCOx3W
z<4MJ4>xS%hQxD0UOxf(rqE7t%t$(U{7b~aMSF(I<Bbt8rvw@A<XpU~Z;X$F$p);Td
z^{0I-s;{!EzK!AdXhn?UCz#^#qDvHe#Qpm64)kwzTYRWnAb_gr^IvJbE6od|6VRZB
zgZlffbHDB#>G6aIf(!6kqAOS@gfERCBEQ!EvTULdE1pru-Fx1Wl#{a3Q?n_pG=t-l
z=iHefao=0KZw{3o-p>rsYz#3)SJFTUXeFiMADL(N5=R@(;mbS$J@}!Ng<12XA2gbQ
zPeg;WSvOknlA=1|`E~4ra+1b7yAAgx`=xCBU_)`Jpz^bRQ?BXvprfG!^i^y08yE8c
zjA!NdwHK>xav2k}4xUuPQS8dHNg5jG3*_I)SKEc>gFqd#hx8-sTm;isv}nCYpML<R
zVUv#XU-ttyE;5?x3Mh2+d=)T^dGUZRA-lL_4SZnOjoHm;magpENj8@F-(*Ed&xEpt
zAa2#Z{f1U$6C;`YEF8@vLd_q|XM~MUZ9@K%S2Y!dsa{1=inNb-*y@90RyK*Jvuwi1
z_|eOa;l~1>Q^IKN<Nws>In!%;hT<=tC#2?-V<`?#?U81)cMC>`2ea;Gy_w4~fC2LS
zrF*Zog~xHp&CP8Pb+=d9eE*X0fiX%KmBD{)Oy3w;-Q=h+^~HGpcJk=e|Gx9raMKrp
zThoT?NU)?lWpB4wCvoEGBK)3p$qj1ZdhmyR<mY3A_QFttZM1pd)AkS9<QvwdZ4mj~
ziuRH@uuLGmbVj>SMvOGHcEnw;)51(DK-H)GylO0@vTZ_g6sLcedE2K2V_En!^G)tR
zrHDl36=4dLh~6~o&M3B0PX34Sz^-(o%xB|#cf~{fbh5=bbfd&opJ^9)TvGTDpP_Hg
z{6Lf!vp-PZxXMmkw1c{a)jm6%%{o0O@@lVC6FZVW$3nB5B1hn&As#|0noUw(Rg4vH
zduN}7>R#ww0{^iD)PEKtc{Y$&JP7T=C|oqvduOS?+DrX=G0#qsrDk0b@W3NdiXq9#
zhWO)Xqvg<2O4-@f5WFNL?+UC*7h_vCmcU=-k~_a$#&+!PuO-Rth7+0xFN{~1`>KBj
zu-n&WnO(EK+|BgrYz7Q#|5;$cnfC1?C}OlLQT>Y2Y_O5>o?)Zn88Ps@7BF@ps;Mv6
zWe8H1ovb?i{{b;U&c0#_FYL%nO5>%XF6X22U3A+q%Xy9(VU2bEF3Rp<om&bE`<vBb
z?Iz#C&2878EckvJG-8``Eqv(~+S+Ye+q*Z94C&R0&y`d0*i>0$Ylm=I2_59>3u@z%
zvwKt0MfiRbKK}q7A#Fmc8S1q0QufJP)2jO7_;XGSj!f}|ow|SS5FS#WAi7=n%a5lx
zTan^w&V@U%<BlsPCwbarVzWCeYW2;&Fy%`V#!EZ1lR>I9mXvGv1M2IywZ{xiCUICi
zhCU`PPj?E#C`7yrhXuVhwqm*Otd}v}w=#LS6hj!9<jz06G8!cR0D|E)^|wAAk8H_@
zmA4}JW$%a(x)R&%Ji%V6CLU{S+37N|yl{<K9zq}a7r-4gBjOjEU9X7r-(NL#xxOpM
zRSfSFiy6#BiB5VE*Fv*3+io_e8uP1z{qDc0{@~yF8@G10jjO-o;~x$l-`hVe{{T^F
z48T7%)tZj;w15Yx=7@m@i9C3sB^XGJB1jz6Se$WemaN0oR<Mx9s1PJv^$CQ+==R|W
zcECHjsa-YK<p|0`Bn}6Pj+kV!V{wl{wBuqsrPD<a12RYhMWzlhv;s-uf>gxE+<!ES
z7D{GO(@AnvT?u<*2}Qq{sHhVS-pvEKRTbH6<Vc8d$f&ZTU6UFZlBPuMzUgSpI-zMp
zCdfxkPgKfap5}0Lm-(W^yEdH+*p2}f%7md@HIUqWR-+Z3O(IJ-K(kUD0}oXiN+6T|
zO0Eh+YX{V&WVaE=nhON%5pY@xH7T7~$3l3ORUiz5Mq6dXOmPG(;lFMla{mC0e)7cf
z-ZB_jZak(OTWLDZAPrZ}{f?V29xL0?+cuo}dTaAZmhKP1`Yu}N>2_eY?{@MxYR}Wv
zcAB}`t}z$cD&`z<goib4!!wjkO=tpO2zx|%Yt3J73^LzDO|rIg9nKKjpwV>KZZPL(
zEanDtleFxg5*G5#GGhx4rWT#n*`#1N0;j#c4@nwhg^k+~xNf>1q;ii{k9(dP^_b_&
zH`8KG=Xn)WbcpAo-?jK=YcH2F(O9-(v$_DZPonQUa^qES)GacUESyV;5PcM}S4S|I
zZMHG8Jog7HH%6xP#t(+bZQH3QjGsj=+r`#vRA>FUDu(Pkqmc%32NC(Jr*?eIF5O>M
z$hNC%`RkN@Sgz9L%EVqfTz)E{INP`a+{+XlD1E!-=Ylg~Ni@hjdXd#~{MzRZ--B#r
z%_Y6EiHRIR47#|OkmgZCI*3k3!B8;hnM?x{qv(JQ_@WbaKyCCx23_?G5HKH#C<C7c
zM1w}v0}s*EQZDVm5H*0FikL{aW;&>*b<>(6RD<1s{{V3R02HKj#bt5Jwh|R7mBPr<
zRLbFWC|SEKi{X#xvvzK3(Oxpe*{K>KkLa;>Yt?jUSi3cav7{+>UsZyjvzEP55K}9I
zWiq%32S7Rj)Khc~)B~W2R0;%8Bmx9VA_hu`nV^B12pOs&DXWCasaUmyR%Wgcolu=X
z5~!|4RH`hJv5LuTmq^88xUP}Pv0AqrYb}d$il$3UR0&m+jFPOa6;D-)=_`Ib*Da&A
zwbRF+1;=Rbt!=BwW7A;AVf9xrjJfTPCtSAD-hLgm+GigvIg+9=5xxRB2UyBHSz}p#
zJUe!4k1UnO?<bNYGH9-`x>AmWfyw%<+-V%~?^$yxuDsKcBM1t>5i%Q$<ITug(&k}{
zt}bd>d44*|B7Av-<^vj_7?jsdrT)$BWuMi}@>9Ua!i=&&mPGzqVjFM&0E+9UwY+$F
zyD_Zi${4;w3&%>Ftfqxl0kW9sBK=c+F4GY;-(4|lN1wAND;V8YET=mfHN${ub7hX1
zCB|Cs&DV&{<37*C!rME`<Xj(V<a#pSXYAd)cw?jWHPUD0(elzX_`0EuR{q?^&^eb}
zdggZJ=<L7OhZp;$)YEjYqh-=RJcI4kdOsY#9&gEKn5RF==VW&6#<CR=9iq{}kD}I{
za(QRBw`<I<Bz%eS^ZJTF$jStpY_n0XMd-SFOn8qk<n-swb8|eNMqQG!XJL`|Mmj{U
zn)S%?_IGWwE3o1~JeJ&YBN&$(o1rL3E3Q&4!UK$(M761|TRdln&CSRLilt={FJ#z&
z+}A$N*{tTf^z?1L;&AuBYk2A_$+ns!{{V?Nmm`Uo9eyk3e#ZHkzF%MU`sBEu^?FR~
zyl)@kw&YqNv}s5>mFCw=w%k3N<6U`qKP#6EzaMo&No_vRH7~<e>+9FoXNR+F>bLET
z8Zu#sErf+w>~~97mjVLMe%Q->8p|er9=Ld@)0;bC3h9-MYPvzm(}s(~dov!-PIBmE
z95~be0Ffv-8VPXS)p4264z^F1I@`qI34HO6y}0xEF0wOOZpv#t@!DnbL#M@RYUgh)
z0#X!>^4bQZ4kRr6x-sMU@qSdHWcF4FoqM>RY`Sf}BNJTK(M<7;lO&5KS`m(n7cAw|
z7*TB&*W^Wn0VxLG=vK9}4BdHGkzH8X(J{yow!p#o4}#Xb&kWfm@^#}%5VlahCRT9=
zUMgGsEZ6F@VPxZ4ET{_3L>xw9EI}M~TiaU`U8UpY%Cb<&uE|$iryzF7y6Yw!tjutH
z#g%q|x)oL-)B;O<7pJORyxo|Smm4R}cxce|U<q6!x46S=^<Ih7x7*FPexDKNvN8>)
zc7k08s`N>RlI?BfRW)0YkzExH)>|PMN2w}XiI(-&-XrhdX8pN^;e2&{{CLA6$UT>~
zppY0Z&wkH!-uZrq^}k+q>&)h~AKAXcDefFdJv|pMF~170x>L7(Q6{K|Vzo8nmCKu#
zmq?sVu#`=ugB=G&*IjEK(QY@?0}rXAZE*y^0zU^+Y<w)AZ2m%t+|Z)AKuo^*7Y?qM
z9$4F4_*Hf--S|;`rp$<q)2=7lTbi?Prfj*xUUqgs6>h9b6@VH6i+U_;t9NR!VAp(Q
zlRC`j81AM$f7(+x;i;y1Q%8fQ6-y_#*_^esSV3{nD|<c?bx$lg6<dBSl;S{$Zud5k
z+O;f~HO|Y971@Q6e~FbD1~yC)+o~D{9YWOFO|uMJIZBH#Ja3M#9{&Jk)0VVTq1UMj
zZ7$a&#<6#n$HKz#J?g}+w<1w8t9Q5#g=enaw!-#nB;n7%$?`@suBb;A6AirT!|+`;
z*I)9+mv0Jc@wxc76ANmYnca1}O9^sitGux%U5LbGM>=)pp5blP5zW&x95c>wS|?US
z@cVO&h2;L!BzO-+ob&uQb+~7aH<qgSPa=JZNunf9fGyp%#|+73<nrhL0P7CU*<LA^
zax)x0DX)y1c{?&C*to)&!!|+8rN|BmC;k^d`C>U!?PJc-7?N7q%y1n-*R0PBGiCWa
z9D5^GfL%=9a+P{W%0Di>7WLBBH{L~~Kg#)N!jU15hXC&3{t9Ai{#u=zZO6lzk37tK
z=O80>@sr9YO`vntbhxq0S!G)+?;B?6WlmDbcM*SRB~MH7;lFwF<xQBkUBA2rJ#hC*
zL*_8*;cGuh>wZ{sF!6COgnPByi)42@KM|tVyIRHTll(cA;^)lD++tx}f22qO`7XZG
z<;rV*87R$;K4;YS<7JN0u0g}~TDs;luK2lnpA}7)i@vuX{{SNB8Do+|GV<?n;pozR
zyyj*FwL<ArDF{T7IFjN07o%O=cGkx)=(BrUyE56u+m}_pXwEN}d=UQSQDuFX)yPy`
z8C4L%0Q!{)6P{MsfCGcaMH;vuEs^#X4b3Xbrpn2l(Jxsm64rsXRR9Lqw-p=JU1lI_
zt1AyIbB^oeK+u(3?Bt~uV91yPEDoQFCKnBBZi=o>G4_sLh${q}fFFt@Mbn6{YqXJX
zhJCUz8%yh{MpnibM?n__A%(+h2I3K{DV%$jG5KS~GLuy6rlMa!2PK@h>MgRJ+d*R$
za#m}u697QBR7|PV%iLe0WsGu@NR0;t7YRlOa~%q%7S#&1k(c1AWnA`5n8GBeSguu*
zF%zS5QE<LB0z@Qzhk~%PBDlh-$VtfLgqTL%v9K^A9FV?UAGdzvx50Uuv*0(vAc@3t
z1#{m|X@^aB^|^gEpZO#0&m&}eHcKA+7<<D2e--D~rq3?dzF!YVRQG`Q5+EGN0kngv
z=Xm&ZiAMg>J6mkEd1!wG^~o+2<l9Ho3uiCenE84wYc4RGS)94`PRsITKHl14!1Wzh
zYcW5UDRX~<rmpRikh8T2eAD&lmux~zlxK_qjBGNrogdLTNrb$PeTKT@0Baj|m*Prw
z=)3H$IFkA?ZS#~#KG+ROb$z+SPfj^kA00W9*p#Fh+>U(~zbD&2k3JBGkI$W(BShbU
zEuy!xSv-@kZ>L(Hv~wq9d-lQ*kaM*Aza{6}_Vu0}r|R2ztx@|&7A9NrWJFG}(@?qJ
z+`kdI`m^m{{;i8U_S1Z#CGy9RSN*GwVt=hO#Z!OV)>Ut6tb%37-Jo07_A}-)x9j7@
zTQBYy^mgv5tcddiQo&|jcD!)c_LH7ir(cV>3EAV1NdOBjliGOMi*>&a-WE56%ERqP
z9=b(;JZGWTqVw;z`rj`4&32v_UF9*ctFIo$g%ypoN7L0w*Kae+SGOEjCp!xVI_TCZ
zg^@bSQRDm<eKxws9i-a1^ZRSZ&m(1Z*#XUm1=I6wk1l_UT=)m<OHAb1fItF7K@ad#
z{lDR>`oGEp?5a&*!^jTt<56uHKiawR!$0dxc~g(}h1N)k<cI;mnabYZv5$slMt)PX
z?E@JB^<!RoY4K8i&+uN4<pcJmeXt>x4nyl1FbuW+#rokt4EtlZ?T;o4R%2t93|8lU
ztX`U`&kN<@BLhj6-X=PPow}#v*@jTQvU{+UK+w2dC6$XTLPR^nxGJHI!;j>IOKA~#
zM2Fz~6cU8=+Yn@VfP+pyj`BH0>BpHJTSbk#HJ)pxy>|GE{+hfyNY8_o_P}-ZS@!n-
z0IJP>f9%6K)bcSb4*}72j&{KTG6~zD=2Fy)Xdn3$j%INm#b<8|JiEgm(RuxzpH-2^
z^jY>_Rj|fA7H-W*z8K@8&Dp6MAwtF3sjBEyv36=jv8*iRsTK&SmBK&;6!cIhMIu#1
zNkb&+p*nzc5(Py!MGl}5NdSO!5hVq3ny9K%R|tWcxI_(!gvz;CwIP*Kv1<sd*sc>L
zy)b1UQBBkll#o+7tw_bJ)>yS87P8x7=_3}hTQ#{H?PRd6$12S-w;bx3D$PKxGC-iZ
zxhz)WZanxdb=z9%V@+|{-&UWX88^nx;I3jjYb5IYOMYve?Dd#-n&#!Z=x(UjW=#8*
zk82)4a4Vm_c%B`tx5>^`Q(dA~N>^Y10O;`_;-@y5ll-{1oKqu(2Nzg9)^PxIa=Xm=
zaqQY&20ji4i>BM5d6eKb8J<0KOTOFG*IA^@bMu66$Cgg$3ntNraIur=!F1P)hc3(Q
zJ)1B-)g79r<}8HeBl{J|=?L)>T>C#`pXj}Rt^WY#>Ukd_ja@VD$}_hWqeP*pFTsN2
zrk6Z?y&LZ&=i!S3DtS_!`LUH&LK;bLeR0Hd*KclXjDG3*dZmpT<Ym8Gq%`BiFGt|b
z%gz4YKdu}fC-)Xzme~l9YnGC3eyh``OvA<9`&T%QOfv0=AZiZ~<#w^=*LtdU%1(Gb
zgeDEPLtY1hv5N?|1Ps8Iai>&B)r;h%ja;ggV#=k)C1Y(e@7LSw!_|GU<$SM@#Ipkk
z!y2l?><r{}UN6|wU2nDJ^uJfTZT0n>J<bLcJXeeW4f3!Z&+|y0i|22@zR#ni^p7+5
zW<57oj%7Ji#2L2`+?TWU_OmZ9?9Y5UI9?LZHRI^EyJe4!Ssy45AU~Pc4f}r`zi!&~
zeobe?(&69ZaVeEhu06`bZXEqrkAH2hUac_|4<QcNHHncT=1sw0$H{hb@<mzjm9|Dx
zgk)o15MP;Hr}g2=&u&{hW-RNBX%8)@bZnO)(R1wIJi2K<8orykl1OO=JK{B5?%X%)
z%5>9AWF$c*I+A!YmfEsK23S*s>>kqt#Bn8RXTfY?x6aXBqOlVz$aprfe^R<mn_Ryv
zm4i3Q-HrsdM(cigTOxFAS#;N{EN#7Ta=f|EKT(l<L}FiTPM~yNy?VWPk>=aC+s$Ol
z`_j5`?573iV~3YP=(VToXUmq~w<N@Jaz6aNQiy~MBekqx#z(5_KUO(y`<D1+qwdcm
z8B1i$E08e}8t7L~!5E*nv~lHjMTW`BW==^aMD<<dk>%Sq<(^jPM>I870hEM5dC0H>
znM+!c^so54?CPwx?<M6iiJm$C0LP5S>I>!m_v~Z(>t9#&KVSa<YadDScU&<@t|B(X
zgIo^+zHYkm`kk4sE_Pp(l<Kln*COAzVqJpkuDZBwc2iz%Su%l%w#zs$_P-@=u=cGO
z*m8ztaLTR|+&4+j0#+{kaJuV?ve?3ljIJSxU>`x~vz)bfXS&;Oun5Xj)x(CmbXQq5
zV>Y(|;W6<ml+47L`-Eyws?GMb(;Ckz4Y;wgxz!HrPN1KZKNYNBl;J<_comx{qS%=d
z@sK(RbP9S~<oBK!CyhM3o%sMtvGZ?{jDH4Oml2CId39ld<BdedQ0<8DfpyE?<=56>
z&#D+E$j2SydENV*fE+^U&&!;{lVtpMJ(tdl4VRKc>t_$~U4OOm<^5-dc-uxn7aFH!
z(mPCuJ7N~GV?NnW63Amp%0x}o%$>45d4)EaU2Ynz$+9@nXu_;<#FMM~EJ@3EYlbUr
zCMNr2BXmR3MzU{Ew<Df@)JrexsjTdn>}xVZ3AZp-vFgp=Dvh|A_ncgVIhw$oRviH5
z%UHV1#N%s$N0K!6yP^;le$_$#QT)kt$*%Zvv;4JYux$5Q{{Yn-CL_Q)?XHe{Z^EhO
zU*<97WImp8j>@-tVi{Q`iS2ivPE;ifJY!~6kep!gEM9JU1=jO;bD!37uNKOy%NZT>
z9nsxfVq8D_lW!PjPBzY2Jl1UNlq{<K=D>TxCz#>EZ?99kZ>q^|Ze(bycpGE#OPTns
z&1PKvt|I!r;LO%Cme@)=Y>3xzS-nxY-*V49{Af>YaPDHrd#aP@RrRdh`TiJAO`>v?
zW@EdAK`gh1b5M=eK*$2(TFEd<=)=$57}FV7yj90i{{RKf^~X=iS~2spZN$EsO>v^r
zx>1qVD>qpwHn;pV_I~L4Z|Z*6X}7T3+v@DI?WRv%{{Y~DAZi>hLzo|vpt2-JCs6$g
zrdGmnG2OMqc%tOtky#*opeV62D>8l{^j9k(M6|&D53E*eddw~&r~(f@iY^@M;j+?3
zf?9>B=eL%5OuG{7t0xjqJvt#$jixU8^g>hb%cG$VyN>fV)0!D6+qyzTXcHx=Lf4Z-
zZ3sp1Aj#z-07aR}%5i`sbKsd<5D|-XCx}p4z9E}I)oB>+n3Tzima~Lm2IS<SgsZMn
zlK`OAT~dHM;@rVhis})avIkiNSrE8FyMrD)LXw+IE&?X7U>uDcD_2!HZyO;a76Xau
zvln<QoVJNah}ZC1WlV38kOx3`l*(AXB+6T57mq0_kgcFa=N)7Gt2uAd`D2_QWF--(
zFYBT??OxNt{{YH<PXe0pb19AZ)rOYP1c)A`a@(d~4!Zuwub0w%Pn5;;SkcPFludIC
z#D|BX;b*JUt@iNMnH*YU0dKw_wt-D8tGtuT6tZV25kS&MY<f4rb@j)WKV_%J<;u^e
zAOLmS*Zs>sl6hZC;ioQ~Y<yt!@4JLZ9Ky!CTYT{8WRt;FU3Nw{*+i_!Z;<ecTaGiq
zCV9s$kB-5*cH3q|0jP$A4==@W?ChAtbkke%(MBc~JNEUmS{L97#@(A=E$gg{uF9^u
z#3V!*=zV&uNtUkCIkwzkle#jMr1aodX)_#c<qNU|jHgqZ0N_rF&3?;NPt3;?VUgW7
zc`)Es=T2C?xN)+)<(J9eN&aTy%h9h)jvIF6Nb*^4?2!-hlgIH}{BfVjTB!0~YjKQY
z8)L>%3!dG2H?I4&k2hr%iDcmr=UD<dEPgEbuAh?=nAIOK;qs%p$nTgMM8xQ^__x)s
zeKueA{Jc$<?(S{LFSZ;4&wSq>!+k!M`Q;q%D^50DkhT)u3j-3#r(Ls#ckGh##gFAY
zX~_DC&QO>?DJ~anwBHzGUd?lssChpN`<IsP@g;M;eV!Wk)5|=3-;I@mLM9?UtAB@P
zKQ5{#<}t0En;?DM{TAm{iTNeUQ?C;0#H%JG=^b3UOJ|mBl_80p8U!IT-9Icwg-?BQ
zzPA|pYs5K~W9*qRp91B{E1uZ3y>lVi<FRk5Q_R``AnXHDp7vZt^_R*}!0=tT(_Jxn
zox@FCXWM@@eRLWA1I14|77D|_IT6w%k3`eEY%cwJ<qV$>gOz9($}xx!7)RUqI@Z0m
zP8r*(Un<2|cr+1CAe09S3ljeT6?1mH)Z<y<rdfHHVM2^(ily@#A{n2O=j*K7HLJGP
zVl$r)O!4D8qH=O3b=8*t05#7XMEp}6^Haz09y&L7PCk(u#Fy1)Ztbz;om%I@Ii4Df
znjf|)i?<-&s_Wfl`!?&AeKKSHrHf34M}NFv@?oZ<P`7_(-Z0Glc{$5a$MjhCYt>|E
zS-UP4MuE|0?6_GPf|+Xxhyb&d!axNYH$^?cLnCrv8<Pe|$qb@os$~--LUaS5Zlar@
zdz4YR6mCGbsHA4D1Wkc3AuCnFWmK#R;Vn}uR-|Vt&5Gd=HY<czD;2_8s#YywoU86D
zgvwEpincOQsZugga;D1}SsAsK+m_^WwU*14<YLxqE?bd{S?6NZj&`%oYjQDanH8p0
zNUFs^s>vXn3e9ddP***jb#*b11;=NjS98YSO>%^75i*>brw&B4=DfYS+u`Z!s=T~q
zW=GM3J7P}juZb}cZCPHsiInV|;a8Ef{{SApq@q%~(YDEM_YcKuug@#J`HOr`HY{Q#
zDEBN6x+hW(H!D56T&|kTJg?jyZzB^n%BNgDmRi<!y7qMSOFx%~zrO3XJ`e5R2cP6T
zo<4VzuV;@tjS(fa919gY`?c3wuD)9Rf7jb>y|(`VtJmhs63cs2s#jSEFql5jdM^%{
zlP{sR9Q&!2duz5enU^s3>N+lx=a}Q_<$2E~ZBwQK8{$9$BS)XA?bW7Sd-t;u=W{c>
zjx?-<@!->m5(SF`&3g6MTk`PscI~ca92f~i?hL&(;L|Y!5FgbFu38jId$|-X;D9CD
zR78h##Kpksgm3U3G9FvXSA{wD-~pWF)JKS1yZb#g%hUS3Uz2QC(SFzadWm@}GqL{w
zZj5o-2Y{B{bzdv?JO2Q#FPGWr=$_e+Ly~RF$cUhVaok&`fF6s>uM?k_s`E;pALD?X
zxgc9EP$A1Hw`SfV%{BQtrz)zHgoSwW2W?OszXh8!f0ni3%&z=S^lLDbsGNzM#}Ilh
z-nR_PGTlrqyjwhh^pr!}R7R#l@LcXEj#{Z;Vbl$?h?FTKQzON?4of@kX%|b#_Nk3g
zpqWlzH$bPReplOpD?XBmJhsYZ;#*VbvnFc$VmaPN$W&{COzZQ+9wBzqO6RuD23M9h
z-8mS_yl_3W2L?oXuTH&KpUaKkHNnpFU}Mg3CY!<11QVyldbH|!yE|l=`C_-sUo1&k
zEQpv$H*c9fi*u_L%J=^OT;=EN%k8nN+DLgs>Kv~`*FIi5zC1HmrLIYckUTV99OWzE
zHxM)(QEv&*U;v3ND5+LhqT3GXH_Oo$+|>c~WLK>J0FFE%&hqoioJ6R`4tEVV9t+3&
zeV)4G?d|<8zippfhDD||R{|kaJ@$|p%J~;p*_O)Z+aE9GJfx+&Zaq3wK;n8Xnb%!f
z*KNJ6_)Ek1Y^-doyE3gd<XTI_A7mlXmODFTlO7q8TWUXBO?eW<i7^o`8N?P6_^a!g
zmp^WB=;TJr@nBo`<EfD1Lgg_lty3&$<YGcHiJj-&wb-~<IIP*2aK^I83dga&b1g_r
zlUmQ2feR~>nOjKq`(0VK4YX(N*+d?wNY^OrX%+)U;8wGrE_k!U5B8XnEiv0V#+5{I
zmsbmali`b}%V-$}sM2bjY#aofhCEg-9Xar_J|{Zp%86SXJW@8s!^ElYCq8RaOL*}a
zA>%MGh>bVdbi}>H5<%5!?{Aks$0vtA%o@MFN-%+i77f=+;=22PRy{wneC(qh9jscU
zK?R`h{{V{Ti+s0io*65wi4igd$5~c1+7-(fLU&-u#uA@%xAH*f3H(*XX4u2!yqz>p
zXxc8A0Lixi4<-w*UYTdJXE!^}eLW)^x*W$)IWD?&XO}&@B#s>(PE?6b8F7~FB^KB7
zUGH9g95w9zS?kEJFCcgBFvX%zIliT8>xscHwf-YSbG%*j+-(ySz_vU?^5(JYW#QA?
zTO9c3iCY;7%-3Jb5_Er1y85|$GTo6W&URfG$~L~phS6CVyM439QK;w$1bcx$;J1vi
zoK;hud&#V92a>pEqq;<ZWLR(oFu6HfHXhN#L)9>`RHWmBAWs$qurdB9rwZ-1dmuf>
zRV`SAo}xs72ZpJV#@swi(<<j0&u-JS7ScfRSlei`TgUSEAKNm&w*4=1O|`lFzsS6v
z^ErC`IKzWn>9jN~+atm<&@WW%`*8I7bjN`brZbLAH<0^ZMUT%j;knVqa?N%G=pa}(
z4n%NWb>CX$bhFB#3tCJz$CxW@plYTA-6xUc5fO!!L>-ZJ8i~TmmffIJ4NaELLA2mh
z!?sv5ZZ=LJ{(!+)<9w<E-L&&niqQ(dAaOj^G0GDUVT@viIa*>N7U3d_j7%Y3-_%Mb
z5`<zjZQiL@Sd+wY05?S&#|TQ$527cuh#8qkbO_FJyw9NgR<M~@Y}_{jrCU^hqcJGR
z#G^~=x<^7=qbrkN<nK4_(C!0?=%<C-4DdEW&B8i!M4nQz7GF1vQ8v7#OpHN><^z(U
z-8jjkJwlD#VO$6?lm{TIoQYE!hxHqBMfp#-VqLULR!&itTuCA^(CD)1oJKa32?vU=
zF_H*!9n{LS;Q37a0zQ)Y(-K_39SXL6na78_@SpO0W^wR*g$>+l=X`Zye^#r8-G4FY
zo!R2O=)djUb5)VZfRPR?CqlSey?QaMPbbXyIa>zuRl-p^o!Xy8jb+D%wzKVT{>%2c
z1buZtR>nhiq?M0Nnw#p`Ke&7x<6g|#qYHG49SQYVoqIQXB2n`GD(qQKjOyhI%UB~W
zX*Id<drWy(ets>muDbFoGMISR6Yg%MYh5g??YyYw<K6(3h1h!|9)A_BHjM2m*q_*m
zEdty<R(@OfVa%>IM`@YeX8|A57hNt~_LybA1m8fe4kAkue^T7v70+!m6lP#Xn*?D|
ziK;%(2hH(Y(|ohGm}RraWqlviO1&makL6t_WX>46TxEBT#j@I?9AhX=-g7)Z1)j~Z
zd23BGICQSV-L@iP&A-$V<<)VUy4_a`yk%JXp(>)mfOU^ut!mw5a(>_6cbMD*fw+=B
zRqFkYG;rwWe7c@WQ`<W%#f^Xy?vA=IH(&8xyD#wI<>O=6JCLq)$cF%iiC(=ovyU$}
z+Dpp>tDFcD4B^7<E?jYhM94fp1W8hbgh}`lqG58|<8#I)Se=pG7xtc>tDk0`(bunh
zSAJe!6COt0-R=5_mF4_a@b7yhFYdJ8Yy@GmcMv$M`0R(|%X}gQW^<0pH~}s?t~vhz
z%dDS23I<n?!-UBOcJZ!q>CtZMw#@r$tDEI~mwGi$iL}XJBgn4ZU3l{4*}i-=(TR~|
z0$H-qe67Tui=Nxbf2(s_XDzew(|{Dr2vH%r5gbY6xlYfYmhWCa!gb$WVimwSkIn}#
zip`d_Hj!nWw%ZwY?4RoB6q#L^@5r__7~$1Bryeo`LVZ_Fb(#Lodtat(Y#%M1AZ&?%
zePw2vdM)j~n)qj4y|%8*d|0N5%2P66cDDx$&3kiQ=T;*ifLqHLNI)r-!HA|>!Lor8
zf+lL=GJ&;RCQ&yg436?($nK^LmvJx+>40ufH$^v44uIUEmh`|~#KMC$a3X9>E>M-;
zs^K!KSql25Rm&sQYt=HUS1X2cfwf#FP&O-s$}+JqnN>R#!evyfTEjU+Nd?f7&1x+Y
zQKV;MB#CP!*Dc7!tXAH-Nac2Aoy&4L-IU7JsTj3XtXB-$s#01+2}W%|m8NPX5Rq0u
zEY_oDI9&F1)zrou7ag9BU2JQqqq93Bzjd2WKs42P_m=SQt;1dR-<RbMJx@+1-B@WQ
z&sjCsKQ6a#Yy2t`#jZ1qB^#}Tw%1%Waq6{YzrtoQd2H(ZW<7=yg;rb!;101RZ?8{!
z$7a(==Hh*za`N#!mUc+D6b|5^oe1bxUH<@Q)?H-f!hWZ=(|cV^+|M6gWpch|a6Zav
zA16RG=(y{q)^POgw9hrR@s|iyJa|A<KdAf}bCP_zTW5y{$YxI8Cp%&LouTYMq!sDY
zTx#;~zxK>|yo<6g%$@ejxfmVNhv@}+wbn_8j@_==u3m4Fo%1r3T4za)qmu2XULH=)
z?`r1;68`{2)#mX}xe*P`s8bEirVis7#B7KiQZDvc#8O~E)GFo5Br*1&bk)AdM9GAt
z$I(r%4e2GaK7;me+c>Amz*B6<+Fsz>ON~RXnfqP$)%Jf^^{2NFqvK%W<KulLV{Yj@
zNalL4mA2O0zNWg#Fv;aI@i41~J#aC$N9Ty(u9EG`J8dH_N0b{bx~eBBRal6aA2hlZ
zx!3lWelvt{O{d31$|5#g37li8kEW@<J(|+-l(29wj3p5c-BT`Ki9J?#?2E3hpvK0k
zjrYiIh<Lvh$KKn+rPfa_ee)+W7gi3*fDGlNegSmX#u>k8X5BbmL|`X)_f=5f0@jm;
zZN)-xy7&Vk)_`0dMoRcwGUn#v;rRQhH{Ba8+VZXa(mtVe((Sj1<FuN%{!8v0dE^(O
zxmOYF1BRSkdNk>{^5?&IFDvE#=c4EuYsH06Bf3MF=)HY?7JR%t-?N@D^0vwwiG#O8
z$$H;A2=0plHIOc-EW39A0UQxxGPYzFF6t@($=qo!YORR0<sle?WiA7%maeh0AH(KZ
zZ*F6-NZfbmThVj9l5*)f?XRi*kK+FT{ZqFJG7;B(gfJv=)qJno?Ec)pNBTdntkW^+
zaVp5Vj^0#dPBj`wMwHJ|yxVOjhW6Vvf7g8sB>O9%4{1GlI^$=vH*7Fud0V67?4Bec
z^*8a9iDC~$(_J~|!xw%yQ&l<jV@6RMtH>Lzk>ME*g>KoBYhs~1>g$*mY&_@w-b!(6
z7FeH$g_l_g<m7gw0hhe9vb)@PjdjnrLni!6a-)$Pi2)sLf#D!mDV$>tmdv^%$y4-u
z@hgdioJskB>alg_mi?wUV9m*@+JzTm_a!b9=lmA+pDue=3M$Aq+GCb$uD@ueEJ6I%
z?U?Y)*ZDd=;LMhVw!pT~HPii4^~Be*rJ3Y1a_D<7w@Y`i+!pFo*I6%>yIb(%Lq9*q
zWZyRx(V&eo;OC<6>o$%))+awXRp3Gu)NLW{5HBLL`0(H4QT3T49{Vuqki#MSt*9f2
zSJr2rEau}g!;z73vNc^)ts-C6aqeBUjycbUPc>zdz?Ia(RmQS5?$87N)xNonu+L=U
zE@8^DyjaRGhtyse+hH%kcJ<}Y+TqX4!_BM3%Il*GBuj5{@rmfSuF~zpj@sW|Tp$4l
z->@D7s`NNvIwy+@A!WYd4NOPsKC3mYaOqLx<@FZi!)$92+t`;4M<tI=Fzc@T<~j1r
z-)S?55e3+D9T!O)_S=?wrBvl9LM8{4c`F&XDcNC+Wg-tI9Fc0SI`L2&&!&pyFtT%i
zj3f@{;~t5V)m-ETqnc%Pgf__NTjHiyldruJY_2jpPNZ;BtdC*#&L4;KSx~DoB3IK5
z`$q%*)#UEmZ6^;;T$?)ro2k5F8low#!Sv$2OhfAHhqh)~!@JwNzT1x%f70C-Jj^=2
zR78PrehcV4xLICCL>!5qQ0a)0*tQwjP+%-F1C+H%Ft)mQ{zJufn$aV4w2*Sj-L}al
zxFbh!@5URe98VIrHgnrwp?#8rjk|OjGcD#)%qxtgDD4pU9t9HAr2!Bex#$$F>s<Lc
znH=2`(q<r}X0(~KUxb-fs=DovF3v|aa=}hgnJ1c+PB1dnv^>!l*8y1omwqXRvW(;e
zh#IC7-zdr?huZ3;gWDfPQll#g_Qd`wRe~^_&%=pPEKjqj1pEp$B2cEXWx7m91Yc7X
zz-l;zS*e>O`hG~biHk}15H;eiS;B)mB1nm6Dhm5^G9(>Fr5ML0I^<!zoj-~$c@Z+(
z?cxvSfleexbhx6*vNMSRj*Y6RZz#wJd;b7Q;G=f%uG@sjAbYu$ZE}+34cxent0hZ#
zW4n;i3?eKci4HoVt?!vbY_6H;42uPE45*aJlkSv=;OBx`krF`%i0iKvm8S{Z&D@(i
zfxChvm`=OzfRKgrtR680u}ns$QigVIau!1>!D!%j9Tec@=sZvSkM}=~3~u_EGi{i1
zKN7j^)2(#ZyJ<Ogd}sW#mkOkF>F!E1-&l^Ec`3I{_-kJ8w{si*SNnT2DpJm_Sk&lY
zE-u5-bNo9=!>8t!^7Q^c%=qshVSWZoZl+p_+yfuMbGlhMbk}Kljb1?AZD8#$5c|21
zop^@%Qyk$6&0V>6BNwnaB$Bo1&VE_;;b)EV5*2PWiYSq2R?jJXIw{$w{MP#WIC8dm
z9L(Elq3VG?;(8U|I?Z!jF?QP#s^14)X1Xh?R|EZ931JekJM+!0-kfmXi&j1@5`d3p
zsE3rsvMjjmZq?IWX0gx6^3~W6yvnXs{JJjM^<m2PWsg6}Tx%O^+f0Ko)xQ<fPPw1u
z&$F`s0K=0ztRxet0e~yfBh7Y7GZG%Cuu8`pNc>Q=;y{a&!;&m+!17b0-Ybof{#gJ@
z<-cBCbl(a80CMlnQH(?{oV~K(2cn;kAK^Xo{#*Y5_F^%PE!BSHLvD8qm-_tXI{yH%
z#w(F!_S|(O>%eNgGg%yMwcPOj3E>=!h#3>CA@cqud3(QO;yoQ*KQ*f>Cc5R_mD>$^
z3dnHlmb%-<8{28+Z2XLg?oJ1`29qV6`UNLi`>(;o$;+2`kxfzzV9rSD>l^Pi;jJ{c
zmeGxgO+n81LxDU=T>b5K^pYwWLwq4rSWVnVM_1R5S<g6tW#wDCsE*xZnbl8OIX$i5
zt;(`Bc5E#WK#aec(reC3w-{9GY#XT2x+xNfu2NMhnayfORLa$<6DrNiSWJOxV9G+p
zoEc0>Man>^sRE*;6jOBqB^47TL=4djdbnJXu`p#+?OKsCqIWGw&DoxL9;;Yl?5y6d
z6WF`SgD2cf86#p~$`Y|$CRIvmvy@#7r4W@@L1wH-$&_5P+iKK|+QW6rtd3T(TWZ{n
zR<q8<tTAe{HCf6gN~TdIR3cFkDxn}?D6%fDD>k<yc04#PTUTvkr;i28YVE9bsl%@)
z3RRm$a}wT1`(g(*=i7X2^lPqlRbQ3Ggr;|Hs;G#w`-$PAUb;>7b29R=aWY|*ff+PG
zo=G6Cy34f2&O7ZT&ZyJ&)O?()&dU>(HqU<2PX}=7-v0nzCz5n~^Ih*Tn}v;4Snwm+
z9Yl2iehbalrME9fX3|VK_FYuyuO?89bOPS^`<(C~71m4PjLR~o%UhL^<3>GFF{&la
zpzU+fUb!aOXR|k4N1L}FCW<3PWX{s_j;)~7zg6p&TbGvWWWx<L=T}to9y*fo(1Lyo
zcFV(-vuQHJljCfRW0R3|VlD<zZ}44p-{L&m^ndMYtREGVl4l6k(r1AsmEW>PI=U|2
zP|1xLhBcUzdl7U`0DTqK+x`=2uAF?aM3W=8hef9#MB;Z7$C4#mhmQ;Lp<ULBYLmT(
zU*M+uSu-2!(rs~gdatuQJvMoRx(4wBww=%-C)ZWt{jS^T^!i_^(I)=@Z>UjDE)F%4
zA~o&cBESN^J=*PGXIV9lUT2lg&BU0lzo(sLp=5pAhg}y<beh&K_h?oOSPXn@!y+Xe
z(3m@kJoO39<{U{Sb$os}$bhb)vmP>ON<p9VTzfXduDa*^9L-}Q+Npz8TYHvyvo&$b
zQn;86fSCTd63zH2hO*6)Dwwi&7PoK8{5=_OUOY3mK3Oa8OB7NfVMRXu@-ALpi&xHB
z^DxgFE5eknvf*!#$kM0{cEt5tv)hT`nP$J`$NP)Q`3lW=IDXsb?y~d11IO}R`a0*D
z<K4dACzpx)gF34+VHjmj+?oS-HEGMEuc6bY9yomO*xr5e=V4}DjaE(bw{5&Ds$+0F
zxU;UC>zgBwS7)rY-du?jGGs|}sUEAek3QRGkdBJ8lt?JnN=#0OLUKMTDpRh=#x_bm
z$#6W>m9Jg~JYOO&XK#t$#hEJWiud1V{k55B9%jiLx+FVr5(iiKub=xp@_%0sq59o7
z{@!0r@cuF$69D&Y238*6syreNtjpx~_IuaX>z<nVXUp?~?&P!;4h5ZuRdwsbH+M75
zW#i^Tm=J823u}ncxfR!|TymY5M<x|nT`&+Z6tJd4f%t@%l(DvSWEytPW$TXZyd$FL
znU_XM<k2dso<R|d`%AOS;I%dSV=;XgIJqR<zjgHolz0z<munWx^2<9jvm<qM(;nnN
z8i35T#=cXV7MiQ8$3_`e5Nix8tQS9sS<Y_@@UoF~tE#C)foI8KI>a8TTGWjB*?4|C
zC$mvAoCm(val7EPrnhOD#@N=mxtTO$%x0ZuV*^kv$D1y?Yi|r~WaUiqJb<ck#uAj}
z?_)pH=vKWa%Rk%U=dSWu8Jnr{HJYr6{{Y6G?HqMpiPtBG8^6ZI{mwWP!v5HnYqi!#
zhR%w9KWqFax34aDl>4{I!kXuYXs(=qOsQuMJr`X%HP0?xpRu%@IQc(tc^Tu!jYO6*
z>bq;zGUK;(!#$pJ$XN*2ZKhR3HqJ{^u10Tm*UA@WU6o&QRsbr{KxmR+yIU05m6bY#
zEwV-cdqe5?txaZGyIgY0Bu<h#4hu}9ARR@EBPfWl4ypq%+q8ZHC|*^K#F97_7lW?3
zSv`@`N2+8*xF$U~vM7W%NrtDQQ7b5%YmCeYjJO`EWn`e#S{tH7WO$}i1$}Uhh84@X
z9#R3nf<?nuj;A`<T4;{ypwX~!`Lqi=+4A1H--pq@*YGrWpBp@h05WGC!pUe{@(#Xl
zcV*jbd_BE=ez9&mGb2UN&ycKJFl)LY&Zj`(OOJ(;{JNd9x3jiec5UCU9;=(LuNZup
z-~AWUcno}XRT1|TL({Lp8d;B#eFV;{3_7<ou$(jxDSehi<Q?(hBh8auJSN=vb*RUM
zq48}NlllkE5Vt!%$=0T*L`q^nk_iiLY~M>6&Sc0Ah}C31+dc(GaC`Sl-KRxHh-{4{
z{-TRAqEcYo6v}vLrbJd4hE^CbUPZ$dRzyIAW<eTtM8Z>;Z4hOYw@E~`F%sjD>V#cf
z8No*NfR-A5N;E*ZeoCfN(_i4C&?IFMz)ym#CkVOPcyL9qvT6{B0P2`$IaRdA8~E}l
zwOw(Hj@cGS&4>w@%W2>XDUvRc2ZGYGObx)q{t6{T&RoiwLIAf74>U_x2u3jloiNg=
zyoo%13K%WKM{I_QfLAtVXW&r;p*V5kignXDhb<WODi{;0A|<5qM!ivmXG1Os%!`F|
znXnwSD$FgINYo8mqBtE=tk*2Ei4th=JeEzh!e&NsU_GOX(>TglxjC3ti*YZN6L%X=
z6`W-zb@2KJ+Mn_@)@0X<=P#T=A~o3_AN<-bJ)L-*N29N^oLc%VxwuqU52u*AHn}Dx
z$qUb}yKUv(?<Wx|{I`yxk!^+&vDycmQuXa_BK}Qe%RD^&MiaDE7bllLQnh+36SpjW
zL+&iu*%)KP_M&$mRoAce<eag;cG=*veAaB~61I-eBjt}Din{e{o+-C=`HUw#X2KN4
zn9gTGFVsC(PfuQ4ZvNaV$*#(Qrp%9b{{T;t*0x@7&eI%P%{rzc3DP}ROtE!DMTZ0E
ziGv&Z6iiiutM?DunUNX>;+darp0#vo$*er7nEV!frTJf5J{fH?+<k^6ZaLU188#M$
za+!}E6t+T5n{g$Tk9T%7lOQ#4v9>J6T{O(O!>^6!yuH5DROep<v}(Njbm=}`iQTpM
zI%5m(6TZ2LJ3@(ZC#sg>a87)?ai*EvD84)ASb34abPLU!CS%d-EyZg3xY10zV{ahb
zhpNY>Z!VtFML5!xmxvSGtNF*uRoY@Cy#D|Tr;(42WhfYv2ls!H%+}VkC2=qNf$VCc
z@f=V3FHHS@IeGT&W`~)cMfF!L+qZ^?Ku)Bs-kGedeoWjt;>G86NLZqzCZds&qN&MP
ziYFzg&1am7++|TEX$~Z)tDv)0Y(mXcz)_^a%A^nlMMRZFa+0X3Qda^dN{GrzqMIyQ
zku7Al)wvw)W}S;zV$?UQhH{vaik{^cD4C&@B{guFM{}Yl5b8A-LMt}4BF+ItQ)HEl
z);sK7By+Wb>laBJZDgF+Nat#zRc9!=AXNzjN+4BCMMDcC6`NX-rkd6*bdkP_*E?Oc
zj*T$jxmxWa`sa{ytH-9JF=SfV{*eMm{MS2-X16n(MsK=)mjb${i5jJBB+-Vh{54wr
zeC_3)`!$?-bbL>Y83wDfYyik^zMB44=_g#fdojdz>eD>cUSrC`8yo1OKG%9u5Rdyu
z%CA>mZfbURO?YuE$;yo|jBzEiiMB)LmqqBr&zGL<ap5!dw$3)^*u(}DjsPAGrxU{B
z-z&1|yI=(F#@g(72`uY>^4`;jKB+@&Tt>-*v>57R6T~i+%2U6>SCySbaR(a?9{U?f
z9XN#7w-Wr-->cfpaTxKB+x2AReP`}bKq819y-MER_Dnd-*DcS(E?<>1qPgSanyNC}
z9FR2iTGy|hYa90QF+b(R^IuK%f3<PE5ve?i^mS((ykE2H?ZS*qEAp-s&?067lgJNM
zt+$%Y);jv`_YtGWc-(v(aVbhx-#s6UU(sVt?$z6~t6gW^dw;Zl<67_WmF9T>`4@ZY
zu3x4x)z{7apWnvV*Td-kr|3^y?d9#L$D<3!PwDnoC>Gv$x1#V}uG@0@TI=gLaV4E>
zzwoc3bH=^*+b$vcd{=KznR#*A=Zf#)VbxcN6bPCsj**nUa~0;>Z0(n$O>wRn@}XWe
zakjdnIn~6=r!{5EHe<nK=G`iV`4)ETl#gza)2h2^J{p@}l|w2=7R;*7?anF@=jv0}
zoFvbc*2+T?2H$89jP0;<eoHgUS3fM4U5jK5^~Q3r#f7Js^jnh78O&E0-)uYC5;W5Q
zJA?U$Ez4X_3n$wSSi+(=XJQCSb1Y{k(R9~0isQZ~G39*kl9iQqv25?#Cfzt|5xbCH
z&aFP)Zr$yid1S}&u&=conxX;V{7<Usdo$sUbjO&<=DcCPS4pFf3cxUj09%+_>g>ap
ze@=7o^1EfUOZ4z{>&xasF?~T)S0YA|Mxp>~qKlByJP=Ao$x1K)xGcpL^)I%*!lNe!
zS7ldI*%%r01Jl)fj{gALvf@6!N9s$jFLO>-HXb!TFU8}7jR@`E5u{I2yc=t6_S*9L
z8rdhToG^>%my?z?nO)0bHyVNDwT?4}WtQMeBN{oodl7~ev1x<GMKN*wx5iV;h889i
ztO7O0z*@-h0CN0RW^T!G9QwS4UrQV10}OT%-!4O{>9&_RW^cmFtj^Dn+hK)OFg0_N
z@O36NF>4*(GX~oZPDP}QGrP3<M6J#5iSo_TUTdXX>dnWUl*G{zH$M%`xnmcW^OZSy
z_|;*;%8ZS0AYCYNCzwriw(@&$%jSID81zQ`Xpvl_qx{75T{`-$xUPMjnB{}S{mbEH
zVY4$P-r*kFM+f!MbnNKc97NN%Tjse}ecRdd1Wy#(iND-P{tKqP8Q0G&Ui&YO7(Acd
zknhG>UOG{Yk|HyJ;TO@DO*$?(u3eq{^AWf1j~yf0#<FmZ&8Bu}L0X*~d8hjt-Xn{5
zkd1&u+1=MbdM@)!INjw!S;Oh&R>QUU4vNiF@^ObY=wsYXktV6vt#uwBirma{w_D2=
zPHnc??yLy2Y#bk|vs^QF&n$*S=t9#tAay}G5_$dzA|x4z{8J_m*N8+7(~21)--;=R
z`E-6rh5-`P>H3?B1S2BiFeIKGQD>K8KX2yW+ZdShiHrpAu<(n8$MVVMyZ#$|I(WV&
ztX~{5GOZR)K*O~@5eJxDw%*&ruDW7!;R`K=(Ct;-$Bfz&JlwMG<Dah&MNis(N>|S^
zQL4IRA8feAdA9GK9p_E*^<F2$(@qS#ctDT|HppmCQoOtGZSwT#rXt$#ZO+4lA$QbH
zGTSr%0B#{mzADWvj-8hH{{S1~;xdF|3W$CDB!Aku&uy;`nVQaCfByh-zx&hnN6@za
z0QT)&{{RH_{#?I3_VL5#F3a5Tr>SP*Razqw&g}eDFjj2@0jM0+N<-7~K*2A=PG~KR
zr5OWE%w^OTLbl_18Ax_-8l44$h$`m`t5oQnA`S-P9l?DTrqY*N9LdCjeMwfiqs>%{
zjnUd7+J$ny5RG!ON+pYHp4NkK;;gHM<c+|ES!a}snM;eQRv={OMHJ#a+#8}qtu-_4
z8kI~2X%WpG5Si$rT2MNGcokACjD%!K4isv{0f~{2;y49k78EQ7d|8mm-G6ZF#OSVB
z!XiKd9sLxm6w8Qjo0^SPbK-iGVv#b_UJ9~K9c8Sg8jQH`NVr`ZNgp#raptM&f3)qX
zWKuG$M1UE`1!Fri#K_ns#11Elh`MG|faC#pM)*cGN@dACvCpbA^1K1FP~)PRb(*SZ
z6SgB#c%~B6;{qYKPee>I!+5lbapsYXE|J<ACyx~?w1`vzl!@cWE32N>Z9*GKBU8m`
zFofbPJQ=twTGys|s;r1HW6Oc&u2RQK!F|V@<1(Qs&R1fOp1DZy^eR-B7njjISDE{B
z%GWto;(VzknP>Y)Np-HoEAeuy!WK`zrr7NuGR?a;Ca6muynOI1ySG$^;sD*EzS-A?
zaVFkd@u8J{HpcV68b8o@?I-bEcCubPx??kw@qRZl6wKF-Au>+OPP!*&WY3dMyN?So
z{@Tg5XX}h#U8E4<)^`1wKkBpf?eg9Io5Y=wu=h=W_T$&pmoLw|uj19T;$uX6tBhdZ
zwhTjs%kp2hPgo7qV^{mIgseX#wh!=5cJOgLp?{GTQ}s4g7}+mvaS<HTT{Ff@zBypZ
zyw^l0Q;eIBxEQ!yb(z1zme+=?aAjOYk%w>%+cpFIS37xh)^MFS8DD6Y$x=4FV-Ohp
zLY8n#mbRwI9_%9+{)m7bV>jWvPn8#E;#emPaUT6zcH#!VlGN7EJ`>(w4A}VA<XsCy
zJ7NXp7jpjq6}`8TVVSO1j?Gp|J<Y~P-9BT`tme}aC1upgLWxUllHeJ^kHtx!D{**I
zJlBt=&c!ZkZ5U_|#cT2Hd8zp%;v+k0oNclZ5-|XPO9K2=<|V@=l+|_HHpjOCxI!I%
zA#|OVMlQ0R4KuD59ID|-*R`lJJv~(4eBKRp$CaXJWjM`6Oie{IBvd3-6wO&!s$~_q
zQ4NaZ!f}F@m|YkwTDVylsg|&q3Mx#X5kWx$s;Qc>l|-!wlBz45m5Eucn%rX6OC+}(
z?NK7M#iS7y1saJui<BiKOH~;yGn0u@tZ1!bw;ChCWw=w8h*n#sw;b(YzH6j%+Ob<D
z(m7Un6{adGp&}7Ll|YIBLklAnm63IDS+&we%3!(L>8x(1E1h+X)dkMF#y=(J{GJ9(
zFz{$MODY>&4hBSluPzH(bnCRv*TbJ@cG}!)GnZ4t{iBU33%tbpnN7M--K2gihi~lP
z8hCc<{dwnaEi%l<g_Fg`tWE=2N+rgew*`+|W^1k5c#c2<c)2%Z2v$Uf%Vb201Hb~i
zUouCZ%(k(4pCN77F@<uKajq`=Pr6=<uU43>_ivq5c#jvAcZ-&8d9p%fjyVQ0^e(S&
zWSe7FdU~zbJ3FVwV&iz~>7Ay&@ZTAqc88X$%{wjIFJI%6R|Cc6`1~p}e10H&?3r!f
zFz)($UxM`ZYqr(^2toJ0ZGY<?POn`hlg(T9^`2gN67h4aO8T@p1ir}h^;5go9?f*^
zwZ6D>KH~8BnBGcQ%q_Cg(hkl~_%6L2w(FN4*y+}7kCgHLhYto_`X3`0p3N@xj!sVn
zowK#$#a$%Ub2*M5lEci;$nVC8(0@~%p_iktd925mlfSEN?qtI*ABgg&HmrPY(Vemb
zygpWbt6TQ#jMpx{jpo>oq0{z`4Oui`=gaCY4P~})0FTla%iH#Lvf0DzPuA9AZOwZ;
zOp<51AiM`|5CcIN=oio5N4rYHd~!0SI%8}pHP3N~X%ilVF0##8xwT$49wiw<$xpjJ
zguGvpn{RA2)=JlvX3K=7BV?r=-HrgRbHjU9I*r0G%D8SalM4MGm|M8<8J}$urgOS7
zhS@}Gu<{Ez;iM^@5S7NciB})cW3&l$31z-bP{^k{A_BQcZIA|Ilw<yC%OPdFE{%2U
zkg6MNfO!%)H$btUwUNfV%lPQkIb=pe?r6X{+{dEy&b_`IuG1X38Ge4*-#@3ou;I+@
zvStJTI<oDrRL3`$JH7avFxPx=@-6OS#N*rtZJTra7hhj#<&SS$;g8ArDzB~>v=VNY
z&0&wp9*cTuXD)m8XNci>jNc+70A?lF(j<o57o)FDUS93C!-H(6bd8%f6T}V+(<UAZ
z{i>PDF?TF^g>tuCD3KB%vK|4ff$cvOOuAkcuN5n2_4|onD1=;-Kf!bCyJLrLnXSLs
z>webzI=t^CT(co6Y=`a;L20)RE5+aYKDzMse!uF?w*Jql&J@Nmj6Z4=hTFl{$d9q>
zBc0`qlz95bj(`?hF}^_Q`L4Zu-|WX{6NR++x?@FIIJ<4nkZWdJ@ek;+w)wce8ua;y
zRfUr~=5pr}LE9byqwrU4r^0Kcw~#UHh0~_t9E&6W0NY2AexXTbGEF(<M5(^0fuBrk
zk(nZxkswdOYdP>@{IU-d_eI$g$uovF2`*!%=>fywxA`=aA1r=7@6Qg5JUk_i_gA_H
zSuxgM6~^{r@agHoGQbz$Tn*62_XzFW0d9d`Y*qBka(?B)&yS0v8wVN|Qw?U*WAQ7m
zO`h4cj_oYhhbI&5zd4zYD>CI6ZT^lpE@SGu?c1)mhaEp#Yt2`iFD>JxU0y%MLgsGm
zlWoNM0u|EhxBaQVzPxLzxsS6a78hn>S51fd&@3Kai-y^kiu6mF%yBd8#NXV_geOc3
zRa=3_g7j%`!_V0#%gA}#XqBcNh*k`m1QDS1UcR|-@poC{4n4D^xZSqu^owwk?aPI+
zK*+EY7?+&2b#R{671zqyiA(_?I4dI?+iICW5a;5nGAT8Z@`k6FQD#(-M70c!CN`rq
zFyw(mwx>{0Nw*y|2oMhEfC!+N1}~{Yl!!6Zf(h!GEUi92B+-8PXxzx)v$V`>OY2^P
z#d%|uPDV6xWekh76@l}_dapkHc;)NUw~GpRIT;nzk7aLO<^nQ#0qPX?la$A_!_fF&
zwJF5FCoTfeXSx-;a4t1oe$MM}4&8lHPF+teA2W4OuAQ--K^4FT_P<rnORKKZvkNY(
z40zn^*&E>?(u{V4uCdW;i*qAC7`4^M&c?SV=)?^bRSo2Uwle<!=3K6~8E#*P8_C-b
zFJ!A0im+)C6O8zl=<Bas^#1@Zdw*~6^WWX8?0qlx`TZXL$JJ{4ejPnme@=6rT>k(k
z9yocRK@3-HxE{K6R5K^h2mo=aB5VM5<G`w@=mv^pO1i9{$crLkvk7~SypXYdc{fud
zC>`VV32;>)ouX1QW_}~0+^lT~)(){NOwJYR3l$cxsIg*Ls|*QAj^spVGBpJ<s7g|i
z{{R%qV8A0%bU`p&^kh`Tn_g&!Y#@WxR-!$~nQEdDp1N}6gd-~st)dpw6-<X30FotE
z+L6qmg^>}D66(YwWJI2^!7{m4Y$i^0Q6(b~L%-sQP(4sMLUQ0V>Y~We+A)UXtWPCd
zo=#6(Kp&`ZQK9aPBI90X(OjfebYnL${0cK-xX)xvK-BRmlz>KZ4qsqUYmJrmV;`6O
zrD*v;T?53i8Zwcp&t#zx^~+Pl6)Pyh*NYNdaAa9gGK(MQ=82Shl4dFsYlIA>?mskU
z+P1rlSRF#SYAqJVI**vF;nM7m%S)3MiQ-DsjM}6`nQe}$BwbXpDV%Jm%Bx~@kX1j!
z=|5%p>T~k3>B_LjFaij61a(~dJUVsxnR{w{K)X80?u^^y{$Is;w(Z2j(>k+q>R*?I
zi9}<ODA_pih~O6ub-P|2ZIW{5=6RcL5rtATQzFA|g>~1ePdvHa%(h`}81l06M8<|Z
z+o@c)^TVc|Iaw&<;+RVwKh$YTXO607?d5JKgs#i1<rx`wNQ=Y{0ZFe0+j7NbO_IBG
zXpxa0wrBFX->j3%7OsTvvQ&$s88K;)G~BUqGlk8*T240GB`k?<-SW2}I4t{pH|zG5
z_haKg-y$Ocp>8T`E#Y$`o_ww*FcOVE$-6M(PXbq8$8XD@yoze0FytHZE)f=w+kxad
ztzD)uB28{{PsL(lV@o4427FlBPK5sewNA~pxQ4n(nvK@kU0+iykwjg<>l3D`$?=4|
ze5W{J<4{j<*(+Gea@3M~DKl!~NX?PtAscJ1W;?(Q5%UmwElnA_a<b1O<8bPZHIx`i
z(WJo8I+L$$xys%3oH;+;v2x^b&Ep;slM}(fE5GBq^X1BKHsG&`hD5%W+bV(9EOn9e
zO?jNA(#yj8DJ0|Gas`q$Rwud4pK#Ghe9SG^$1b2NlcGXJMOY-Fn35^F2#}dXOclyt
zcGD&j5K}9J#8k@RAQZ}^0%XEWnNm<9sIEl?Gb?cv$gMJjq^P3FEk<o+wrg?D)@jLZ
zIohq(m`W-Mg&G8*l~XFla;&N)1uDjv6^h(iC!)?8$`hKh7P4J6xg70bwo7r!vP`YV
zI;gEONQ6)%$Pf&M5&;!t0+nQFtSnbZ*HXo9HdI$S=^Cq&&2)_;FR?+CVIAPSY>?sb
zT&|g}lWZ)Y+fR7qT^j~WVnck|o&{%VpC1c9m3Pry0@!1Y&N%mbbTg8=+kE*vcyYW$
zYs}4^wvl8jEO8|4<AGiKf2_oC>;Bcg`YpF6P`U?n{rJ^Ehr5#JHj;4bb<O3X{9h{@
zE6B{cP^<>+MCco;#NS^MH+9-`YZg@U@5jilXM3OgZh&$tuChxR+S@A(vGK66E4L)q
z{lVU_2BXz)+U<Do<Lil=<<zeyZWy}`%Hx%6nq&gxo~wn|oL>%;ZZkZ&IsX7`cP^Z-
z$urIVq$dKwxRAT)--*QG$Frl_^La+xJj?NEqaPgIOiSAkJ@S{YqI=16YU0_5uI~lq
zGNq44kuj?rewYF#M?#;QS(~qv+pBG{Ht_Z|cr09K)GU{3p%5v6{{Rxa8+Tgv>(?Vi
zvGKLep?v2%pmz&F_UYAQJ6{dre6~*5-BfR)(N}5rMmjh>S1xB2()i)WIJnsPJ<1I1
zyD+}<(DGfq?VS8MdgAf&*>)8)W5mh(fVhDEF0nSvZ`TRdXLDO9y~Eo{^z~V{95*>#
zD&$1xGqY;}4sNsTVCb%@e|Nb1w48aRw3tfcQHhOo2}t{hm&>O$CVpD6i1{kP_ev3>
zKh>W@&@P{ik7qZ{=jNKt8231^?v_nw+Y!-q>g$=!jPJGhu3cH5Y~oQVPdYgnu?`%#
z1$Vl3ZG2)mP5Slu<;2VT-d0-}eQwG`PUu!z5--7eHT_I{Jo|p+zb+?``?9&1nAT+|
zpXv^azMrjQ&Dr~!-ws{=a@oe&Qt>wY@;p~<dY*m%0A}Nc8RlDfYo#jy;QW_atezY$
z_W4meX2v2~4hds3YR@9Y<;6yl5{m{zu^=LJc63a=pZtH}D7x&7+YD{0h>qOI;XWEV
z@c!Rzl1I?}KCI@xk@nR#PdL?+d~LD-${>8v0esHu#}BFc^OQc}&Yk{9QAAH}3@n-F
z@KdW?Yns<?*|>`_d|p7N(Pf)!usu~iu^yhPZQD4)`hA~{ujr_!7|gXYoQ;Q`<u}{f
z<<niUFnQUywc8w%F*@oSrCfe#a&<J;_-AdI#g@a$Ln5Igz9vRTfCo?(xb?!zWpoGs
z0Cfo(`;sGZob}_;bI%R?a<eBYHf0KO0qw<_F>O98GI7FZK3uvyhIUp})m3aNqB1ZR
zOGtnhUs)$C>%F%Q7o5JlJdM-|Wp;JG$rpqAFGpYYobcnm*sR%c@)qXTD)NmOx7Qii
zCUgMnqSls4<Cb>X+vkE3rdAkJ<tJU+gpIqjVg5?zj}6VI-!1o1dA6(mw%bKR=7}EX
zSeAIhS2vuwS$S5=BFNip?Q!e?{H1l)OgU}7YsYztZ5Mv#U4o)r=5&6G+t-YEcsr%f
zH-{T0Zzk>=Vs&!6N1E-FEv(c;PtC+KOOniR&neC`eg}ymR4T4{ks-PH^HHh7=}HU)
z33J61>@bWTscLwtnfg&9qcim=%A*m)9Xcqomlgv=Q#xokb3{7q?HAf4PbqL&twCkc
zn23x-NaEbph7Ov|*2cI7nf*tAOK`GVT|XO6IL?iEQa9OI(lPme70Y{Z!>+PtlJnMB
zGUpD!sy6VGXu&%CCuO;7@fcn|4w0KH%<_-6nycgSS?t=|kB0P;OuZG>M+**7@fh>B
zHp<PnTV}F|99XYBnZMh^wZ60Z`FDI==$C{3=WUad#6(t0j^N{>;l6#nU9{(1wD|ei
zEOVD1eCz$mSI!O9V{bTbPqqwPi?VU@?7t8a@-<4q!1Y}=l3B|#+m=u7hTk6_9~d00
zvNuju4I)33lC|lJpAnnBW)By}+b`VBj9~&lY#soQ=1sTyNv-*4?)bjn(|+%N`M>Ra
zJ_=)JOvlW?iQ&hh_Q!<yaX~1{T@?uGbwN1BWH8l|E)x~(V=YfWt_HZtphyfk1v2aK
ztiVie=!uM@T_<**DkrN|F|0~5vOdQGQ5xyZ5^B+Y2aVfxl;oEh(@-D4rn}Z|k<E<6
zw2;@T>z5hHkVc@RNa{)SM5IHYaq5Iw3Z*9?=s2oGqfp}_$g*V2005HU@Jtmgkk|{l
zq=;>SkWnhqKxPc;k}5VzGt+{ZQ|=R|E~r!tqCQ{EDpgYI3Nuo1!9|G3#gM`+`66K0
z5UGXnu0pX9#G`Q|5@Dwi$wsrnz4Dfa<_Nmg(v$m7L>cE8#w_enilobQKq+f6Wp=O;
zmjIH9WC)WToJiEGNQIFE4YA?HLYB}@;q!6<5npb5n}I4W68c+5%s@PNtAxRtOKv6o
z5vi&%j^U_t!IChrW9?~3Yy7EWq?L355e6UtPaY_!S-41v>JGgSFKLLBJ)|nkOj*7@
z!16r3RJEup%bqq>SurLvfdsaMfy5<DzT5WC-u^er_<;;yDZ04rooD7h=DZtpUu@U9
zcI$QFn%Eqh<za9&Xuh&Mmw9m>d;P1oi-mkJp((e0y}O6Xyt{8bzlVKv#BA}NKk0Go
zzbZys&gpLE-4;7LGjSa{^u*0dIXK(vg>fR=iP}hT0?n7o%L)>Nte!k$x^XRR+pi?}
z$@~wgu5mc=iLYU3mi*Hg<t@(w`=>#SDv#^{`?#4&Ni*cUE6B;m#;zjiZI#E^0o|!q
zYi;1RL3P#GV~IIw9c31G^eV|`C9?2^)5We)re+|?ncMJ5E#)pe9#z%VI$>-C<s+<}
zghFdA@LP{8IoV%UA%%?-8ejKj%mVACzP#To?R~h2*n3l~HvC$>yCgnhtmpivg1-*?
zVA&RmxBmc6u*HItc{~?f`581-jf)1b9IAB%fg~okH~3AaBHAGwj6-z55+BSp{wp@(
z;bhEY#POawd0V4bdw0!e01DpSn_-=L=2~qM1GPYeW+o#kI3$lnoo~%<&x4|yD#w*G
zvLx>kb`EuROSW!LTudxv5(tJARDnfFK-5!YFl>r!plBFC!BJ0g2$?D(WQeMB3c*a~
zwHZ|@ts<#SRJESTt;Q=Yl3gR6XOy*Dj&_hLva%>F0Td9X1#*h0fr20rMT=vi#u}9^
z%3-{#vTEU*S#2v(n^`Pdj%@P_QJSoUS+I~MK$$XN*#H6}Kq9PwQnb+piqiN=X16Ou
zCbMH%XoZV5H!5=SIQ3U5tdSBUbVE4k{{X>b(%Y9=zPQEmrmL~;ggg0WVlsWK--6Yc
z@fpOvXvxg_k1GKzfnFR2;0CTjn(K{xa=T3J=Y~5x^kb1=ssgw^(=auVT_;x@xnACQ
zQJLj0w)|<5Vb~tS5=mOuu1QmEu48wa^HZY|xXjA_?y{D;d{-{6oZqKT?%N?@+vKt_
zE1ot)DaWv}fnr~#slTke&QnXZoL(C0qX#R<cdndj$HyCDWPWLpuOC&5Y}XUbbdp>A
zI#ovkS3;0B$@fWyn|iKXy6ZJzzwO$yyrl1zMB|B92tnQYEza*<aq{Q4PImqspB0Om
z@-$P~$B(pGJr11MuP<)%=DT(2ejQUz4m_okY(?^j(npfvHrs9^x2&FCW662!>$5AI
zNUshOV;&|?z%O2%TFLyp+xA<3hen?EMp62j#9#w#<N^Ilme`YrSu^F6Cp#Yt8ePi>
zfv`pr15PV?>2|Db*)@wO%*f2mHEl7B3)3PPZ1h>%Nvv*LvwK^USh6tp%<Qrx@B>F5
z70Phwi(MK;G)6Flx7A2<9)FtUWv-E&TMUU_Zh_kkBgksCW-*3*vz&`!)xxm|50*z(
z^(%5@&K#dB<+GZo;e&8}wn`iw`L_kzudaN!?Y`d(IaxQ`3uxFQ7{nZcHT(kUtdo?x
zW?{memiD_5_T3}<K*;JnSEggjj@OJlc5jaT%WN|}?ZiwDL~&*A*RzMr?CO@<!7NOX
zUw$wqh@B-M%X4|0IDRXP&k78UlK|+;Zhj*8QUKpMF(=v-wbNZVS95h@I&(<Q-dW~j
zyG{vGA{>$kQL3;+$cV>MbY!eO7liv#`H1D`V@%Ti+K3<@#d&*s<l<MmqxG%k&L2j=
z@VM4^vE%$~K9ZYBmPCgb^U-|0`)u1ga{7Ap%wlla;_$Js^PyjkiO9{eJ8Zf{fe7<;
zjrO*4;nS~KFAX@2A1ORpL><TXE#d(S8~*^;EzA9|o^&bhWLa&4vlyMbW$r(M&bj05
zE<RZ>Gb-|+#(^s;tZk7Yo08tz`uR25ZQ*q|`1tai%wu4pEhjDqqQ$ni7T4tQg%?Q1
zAjp2mj=HIIwW+@dVPzU|`?<D{s2<=41}j@@o+8V~E_T|fl(OS8YPgq+yOq=UbM=#!
zIbR&ZkqFpCBOmFu-F*n+wTxlUIj&X(J|v52%Z#N}gpg!NJBJ4gw%cv+=dZ2uqsru4
zn~8QlHFA~ADz9(pjCeC~S50KH)ZW`HjbCehrEzoRYCWSLY@b<tM<nm>pZdCV^#1_)
zJ73!=@txRKLC4xitey@zFF(E6*V1b88Ft-^A$1To!q0I${{SWJ(q?k<ZO1Nemz471
z3EX=iX&^x7&sEp1diZkexsNTAT~*&Y;V$5b(tI2*R<|+p_L#U+C=$jlPflu><Xu#@
zLS{gNqYfkDq^nfzW9>SsM4;dN$WI`KayW8ApycY>C`2V9ICDjj0!z6HC@v!WkT-o$
zFP206QCeuszNpF&Z*U>`u}d<uYZ^R$L^15Ha)|m+e|`_{m*d4_eRCSqd|%<{yzWI=
zRO4k)R0cGmw7?gZ)5UP>*Bn=V>z-$XJWaUuXXDcfTgK0vgU`9l2UC3G`8xQ&!_el+
zSpG9E%3&I(lQ1VKNwz_lv#&n9*_VHcKHHWyJ_Iqb;&Q0G$XzmY1oTeq+nd7mStcXV
zc<dW7qA}pmz}xQLT1IE%#d)^gUVdJUHM9I2{0Sa9N6O4sk178E<C@RR3E){z&oli`
z$Hyt<Pr>-SQBF0Gk&t_;tO-mHh}BJQ+g#PYvT)?iR~zd%j~sh_)>|;<F&urRcF)_3
zpZ@@|c#rO1L-hl*yZXCF_^tjev6J6i;q$Fs`LAooQr!Ol6>^EjsgU3|RaGjha8Jz0
zM1^t(Ni*^YECg2<;!h-58Z{se0Ia)Xf{i2*8E8q-T(K6)sX~5(iZ@a2PN6vnyNw4h
zk<WPL!s$j&!Sz=zZB@+8z=y?YFp&l)Sdb3|sKpJb)dJf-VZy4Ec|?tQDwt0}5(g5E
zNS?w#53dDGl!0xeF$x$m(ST9AI93`mAn{f?)ZoMi{1PpQOvE|ntz!zz<Xe);ksV8V
zDi(wMlm^!PP$L4)h6`OAiU$x(fa-|Xw8S>wa8<NpIWaA$QE*U|W#mV=@JyjIl1XOZ
zixgcU)zOXWmOPYaDeRj90U+~5EwbQv^i+|my2*~vLv!l1ydr3XCc*b|Wt$q36ry7w
zWv}?A3v#kTk*OP`epAs}&Nyb92{__-g(`{+;b!1Hp)-bc*OsYSD*=#>jKrn6cJR**
z=EB?`<x)m%NXSfpT=FifIThVhcSMbOCP`W0J0U&MEzLr3EuQ}Xbc>#W8N9Xlk1KzS
z%NZ4O(m-<vONZ0G+55l2U$V@rI~M388xKCAdHZ#^;ppnxW$y9vJVs1K)aDF{M7-c6
z8U72!jl5y(mtV5KHrd_2d>NxhAUdlwm@Tz8G}RewX`MumuO&Q_gmJ}@re^cmou&E`
zrr7vu%y~lZC5c3~mz<aa2NCL3op!NzinDXab`@6%7&!M009Q`FGMj8Kja%VmkbR%h
zl(=s7O>^OI-Ac3Gzes!d*)FPHAtq|8Xr_4t8n;?LS)F1Pn^_sU=B>XHqARZ=M`<m*
zaCMz`zGGWy_O{G<#vs%L1V{!anChh4?QW_!S7p<Lq5Bo;Xa4?cT*#9OW%TuDiNkg8
zq<0sLU210P&k~i^;{8ptlt+3Yq7O1T1e)A`2G${ylZ0?;mTvl7{{Tt_q*d2jo)c>^
z%N4#u`+Q>zdZr<94Fjx*D|1h8EM2{PM$DYtdPP0h#y8qGNW^dp8tHCv;nv^$iXj*S
zeZ)juK%`5LAM;k{#7s1@$%ABE9@NNSDUiTG!h%5*!YPuVi>eLCh1>`tZVKSa61*#e
zDy4e3OsbXMs^K!OS1X2ctk|v*2~AuIESlV6vfCxN=TsRkk&2W`tS*66T@a$BwE{3f
z6Iun^Ky6V-g)l0ZC@7p&MtQ+$il$Ii6-o$*7^-0%sF)j2z}kikMGPb&g2;sxWK>nL
zD=RAKNlM&X8LZZ$E^&JY{XgbbwP$v2+<FCBMs-7W=0d48M{=yIokw^(j*6KViOc|J
zB03c(4PB|!WnFQMWMU&N;kv12NpRJj<!#EwhCP*47{rZX7AMtXT|I7HHtx*E9;5A?
z>@4hvV+!PNg<>z&y00I6y3D<uJ8O9PdYQuq1W3$?O3pIm7mGV=^w}aOA`-{$*)uA}
zk&H`j{1uw>h0oiPB`mwGiIK;yoouY}W!o5>IeDzKc~1}h$YWKD-l_v}wnIn!R<B;(
zxynuT&M=NfXO+yElw%xv<a>33J<|myn(O?tcG~{{3UD!?NyqXgHd$Pr6t<jst#5vH
zO?CLMK~6ogp6f(wt{OxBpGD-mal_RjKT&Q*K(7u23Y=SS>D6CcPE$7V7h~ej9yZ1{
zgJkvGcm<2LTAJZay}05^k!JE_4U!xI<jY*=DSS9yOE(nx3b5|VFaSR2J5T+q)26o>
zk>=ZZoLa?aoTtVaRUg>Iytt9#<EdRISHC|j-s!LSaYkV|HcJyKHw#a?ApZb@@9W1g
z$KUF*W_D=q=6mk3nh^)&9M<*chdr#Ex!GC6Dys4!h-)<lmY*|*a?7T=V~n|NzGS#_
z{Dx%f@#7M?Gzs2gEoJ$xx@*o{dpE|oj#=^d?GmW>9612+UA^9a$60134-=>GT1=30
z#G+8piE*jop~%(WkwwE_j`2Q6Hzv5^!cut;-2k+8T=(ByXD*$3U9S=L?;V11uptj2
zd6=pL*&eLE9{c-VAAebi$#{(Wqh*oB#hrdWZVpA-o!*LeX+Cc$*S9=Q7R1A~Z0kL&
zko&|mGFfj{4;u?9zCuQGmFM342cq8hEbFf>o^2FS13MrqpAsa;+PQ0O@ZQo#HhBhe
zg*X$AG$aX;tS~<n(oeQL_)8Y6ZO1i;%3`zJvQg8xRNIEN)~dn9mu~BF<JvJK!kB1%
z729u!n#(-0_{*o{ZL)V$C{d3i6T3~sa$DYd&J8cKX4~?y&9JCfg<F6$f5BtN`EQ#)
zhdMb_O4{v&L6l@;D94W8rF8YKS^09aF(p4Q8J*F@1Kv*(S50=tzssH1`+p9>&5jMV
z<U$dIBsNtTk95fOT)lm`dS>%pT~F_K!n#IHGOiPl1d<*v)pGoQP2S(Q;br~J;-!~$
zR+bRqGr+G#y*pzr8+U5q`42PV9x{!y**QMQ7CU_xqfWh^efu^0a`UtPo?|YN9E>ZX
zV*zivPs8{wn(LlCR}Rgw&%@2%Dz@t=xt5WL)xB4zTJr4_cLZkfJOc*xT1n+Zh#UvI
z^%N-y5KI1OhZzUzh?azqPJtC(;K!grSuTqS^=HvVMcks8^azNE$el_xl-xw=#TjYw
z)I%cjCogyCf#y`&tem|^jm5^tt`%m?O3pP`2%S$M@m^i_x5Lw>nDX>T?QHDt4h|MH
zv91!`RhE!UN#eY>_BGdTZeG8`ZoF{xJ~Qm<DaWSYH*m|gxU}hxkTc|D3iEb;&9@qG
z?brJF{{XVV<a|6WjaW3*j|$1|Kt+a&KaYHKTh6)R9PcxS^tNP;w#Fr^2Y~z(*RJOU
z-g#rn@|5{M9}H;8p<lR{;7+Tiy;n<?Hr{O<iZgsgLn>1dgy9k=apO4-Q7g66YlbHJ
z$Ct?aw?61(QYYBQi^e4U#2!o4uSAX)y4<)MGX9@;YCLx{YqzTHh~b-r<5}DRJ6%jH
zS|LP3{NEK<1n<Z23ZNDTW5E_vmgz8$=7m{Ra0C~51F8}=$Px1XBrLm&EPB`td6Z#1
zdD++^ddO-Yiz87*@|>t9A*Ad|v5v-G%wt)Y)?;0#qOMpKWJ<6E2I)(Q=(Utt^$-E2
z^B>@p;Jctrz|gBJG~UPb^;MOE*vN+(^;J^b4ue&4h6n_|6lh9XdZ^Sy$|QUc+VHAY
z4kwB+DVrWX)Lf9%IpmCo(@qGG9t@2F+yW&h0KXD~GLbsEFN3ZIQeZgqL~D&Of!9(s
z1zcfZjO>(49z0z~Od$gDI<s+Ag>!@O`HGko$j%2+{)uBVYJn~eh?ZplH30GGh|?Lg
zHWQ%KCR@TF#xi+o>5|5raa5jL{vmE*oK;rJ9m6P{0nn^v(*-LllQ$k@tClgzZ-i&;
z;lR3$NuMg2rVjzdNVZ^3=!+kb;-T$@)n-6cD+7UYRmm|_+iT2`py-)q#dcdcX!<5u
zs`dO-3s==qCKA+X=%UI#B@msZ#E(#h8vK8h&A_}}jdbBLt8OG8;+GX>XNS=I2mGJo
zDS)@iMsv&3F#r=EiC%urt9YIsuD<y^y~ZcqpK9GibEo8ED+&ITh#N`d%g1!zIFpB~
z@@wZRe5aYKD)?33+Yg*u4Ri~)Usfh?<=NTJGPa!RAqz6)ST@9Mr*}V9o29%O?I$i}
zK1)9)&@QCgDyHXW55<>z*Q}mg_3XB~_})9pW?$XPvt?5GXdD1uZM!wrVmo^6waseG
z%Z4Es^uS70#rBRb>a(uC+|}D`aTVa@Umu!~ER)K7z#fUdviz>QHRQ-!jT?l;byjys
z%R>DCT=nANyEt=h^D&$Ou2P?K+XoCu;1_As<92cKr=8>TBP^?c-UjMmU4iPm>n78P
z<F&fpT|<mSsItSd5%<Co*G?}b$J@+ylkH5ao!QgO-X}~yQPMwwTFxdD&C5l2{{UZk
zl&UsUUV>bS>alOE^6518GvoJUlV~s%k8H@%k3{^OaF<SbM<&X9!iuZz-$XYXBs3s$
zNt|Y%JT0(y#d&#RG26Bj)(;6wKz}tS97WpanzRH&fKwt&fMih0AV4@p8-fU%0=N~*
z<#39ndbmuhmPe}A6Dp;X>aVJMDwa>G*Q-9t&Pu+iluhY_CEawwWOorr$x&R&v6{<a
zTaI-^j;nEsagy5&70py=gppRoMM;qlVv1W3BLxHu5m1$ADV<2lnbfK%ol2$^O0`j0
ztpp8d7Q_a`Ll8j35J*J?z)@0&Qju&{ZFGwwRxNJ~`9IVhTm06wXKyM>(>O+7!9xm6
zfJ~S|QVy)F*qms-aWaKu#yn)&DYp90HLY~F#6P3TAQ4#)sCCP4+3S}Uw?AKdGa_Td
zWlp1R_(lWu6Qiy-{{W%YE**9K9?Q$t_$$0mf${LPT?3PN{o8>By#nxe{@%TtW8v@U
z{adEL%Iu#phncq`H%3**QwP-groFoB!&`Lic~y&*PF_SWiH!CW+klaN8aQ2j^|KPW
z`dsrEvTyRacgr5BigNevv_nv0I<H2vU1o2G9k$xsPa?7-k9BjjeMlrcS%Y&WPn`S`
z@Y&<-o$#Y@GVO7Y54iPQ_n6CiTU|Qvs<v{IN-~jhTc*5M3%!n$UzL-?%FVhaGb|6d
zjsPsp=B;|$TLpeU1AlJVnSk<$F3hq0wshh-en-tyek|l)Wc|Cx72i&)D~{c=xY@p1
zHDJVJMt@E|az>?h)2}y|ExS13<}LG+F_rMDFxxX3K$n?^pgh;Ibx#i+?aw%8^7+Q>
zX<}DQvLhyy7ZId->aSjyxlQ-X#xmw$cpK}^$A$Ng-}z@5e57i{b>FsGaU44T0A9_e
zZ<l&F)LCK1v_$PcC@$c0UVQw=s%y>^X64t5k2qsj6S4K<qSm_R@|*4JIC&hL@M)bw
zn8aBv!cOPly_)Fx+xCART<+wD0!P5Ej!>gMAfaKxvpERB8BCTD8j^#fi{Wx4Z8z6C
z<y3d}$oCQOT(<3>4!ZSUmt(^HqgR%~myyZ0=&|>RR}jv5b6$Sm+4Z=by&Zq8?K60N
z8^B>h8^+mAEkZD?HC9LgBQNG(H@9r<n)-bjVsP8zv9fCh{QF`aK*W=w3!eK+#CDqF
z%Gu;b*;xqI)kM54hsx)o#Md0P0K}tdu-)64I=>U>$#=dCMLGUc=<tlJh=r2UxRA$B
z)U~dj)t&dmdH(<;b50DhXKBb89@A+p7?a8?(btUO!))1?L&V@&hYISpV<J|FkqGKQ
zT=&~9{d!_GM*EIcv{w@W50r2pn#GeDYd0bmSu0Fs5h>OPi5kVvs$+uXRn=P@8zFO<
z&B!qfT=ZpUlIw8gQ}sAiM;@zt)*WXl7WVWZbhy0NIhn#(RBg+;Ro4j7IK83ueyZ(w
zT_-tbzCW=n!;oh408;=63d_zg#rs<uC5j?4X*OfYrCDbno+*s@Z~nesXYSuUmxG-i
z+1-sO5nLZoc@h_^qpEE`my`B8uDs6=F@KTIwlSIg)^i~c<UdvEnn>~9&8r2*GBKS7
zTbp#F(RA1Oa@(H@<CkP2M5JW=B6urdHn<q}Q3+YyuXvPN9*3%%OYpkcJg6Ezin0rV
z!OAKC*c=$@i-U-8^3b4AoCLiP!ZVoNrv(fkWy~W$K83iV4II9m5lR05{7}Nms-3eC
zfO(xG5yX_rJr9BV1MV*`lxh?ldg2~;TkQ?#yuIJIrjyQIp1;-KXTR|O0P(Ne{wKGU
zmvPCu9_h}{Y-8!7`Q4wrzT8On>H2!><=4WF2)e<EOlidh<B(z`-l5kmt@-lnte**8
z<)KuKkgit<mhP91?|>RBG|JuZ<axh2=B%megnK~lktL+Vpk2DU^^RNiR|_-D-z<t{
zRTC6i8dHdUTUTACj#skf%*^vxm=?x44|YEjSbi&}y>_vCG3A7L%LQ^cgSBO@Ym|uq
zj*EYf?T^Xy&*S`sS(7-PPQy$iF63n%a_F_TxaJydFB>^NOE!u53uRmObO5&#9t)<E
zhduB1<HIla4Bh*;^4j0+TJ?-&((c5K#5g>U6^y!&oF71R;0h(66C>(^!3dHG&>l#s
zZ8}CHPD+cZj@dIjx%w#7jc#Eki1r_uMyi<;6YbQyk<=>AR~XLdcdF3vQNJk1E{dnN
z=<6?-daB0tk1U%k-3|jn-4%(vW!Wt@oe9+(@V*hP$dDv(b)}Oj!URQ*kp;l!q@~pv
zN>Y(xw#F9M1GLEKdLqP3wzP(anloa-Ff}7o%HbIjOOwS^m0X-@{7}52VowDS07i%;
z1h_J!NCCmr0Su{81n^}OD`T=GOK-QEs-=Hyw4fRJB{I6P2mk@rTvINZ#K}7kUa1z$
z6vz>a=)+QpYcR5~2`7&vX4GYLh+s6}3b|oflaTy+tgVH)rJ@lMb#_FiPMRQ3Br<O(
z@H}{gB_m|H{z$geL3Behm>T{Fwvn*&Ne#Ctmk5~ygQym|^F<mmCPJZr0M$jo9zN7S
z2B=6I^F_#JI-+F54{-dDun5&7@_>1;Op-dDFYX-dEb6V4&6Pm3>z1QxmT=VDm%N|+
zpW&cjO+CoAk<o(T_-nlGjeZmUNbq;%La3jj-!F8hsF%f;KF*tuwzTfoFQC&iY$tU#
zi)-2lFg<!N72)lS82GZPQ?gMuPRTyvb#9BU+hxjYj!vw&3CLPn!2ZGM!Aq~xTGaES
zIe7S1NR9VPbx}HveG^anXW=)_8L{g)@TQ4IA6YW?ZV$8$aa-EwH{mB7e5?9D7iMkQ
z7rn5gd!%&SM=ersw3vzOu5(t^o8v8vqBlnzX(KP2;QbbEn@{r8-&_6`VP@c*d$D6s
zodo-15(b@9eKyX1S6!u;W<GX`GfoyQa@h!%upeXeTKqQ5)_*Q8AxA69TaZM6n3(uR
zG5k~4Sq$x1a&q$Uw@)5%yjobDr$OjfU3Hsza<=Q?9~-{u_atR8T!*lo0g>bQCj2h9
zF62Vs>X=Y8P@qJrisd#`S1VP*E0yZt%Bf^}t$MSSQ^@sNnx)x9@_kmOtlgAPC)H~V
z`zn@Cs<>y_S;#8kG6kfj45lVZi<H4pQwj!(u4<z-rEW1<rzN=MP!=u5D(dZ2X|Baa
zm`z1p5`w^@n;?5afoxGxHKHq(NGY94if2+HiPWkpl}MOC)~X_4fowz@5F1nvYGq7C
zX4R1(7Hw`sz*xICB0#QpXGyB7!7~gWMqPTYW1nXfp^1HmNd7AA*{;57YuB~$3d{>3
z7qIOofL?CT-RslMcI*93_E&ZtahxFu3AlO5*bmKlfByidGvkM&{R<~PQJuao8g)iM
z*=&m#za__i-|X8yuG;>dlgnmSencvSFryh&Bk!<$u>+9{#W&k-cD%h_vQ8%sIr7=l
z$i9i&7{b7Nao~Rg$zMtT0BkOP9&gHde<O>J3}{MI#*B%u{yf*etD{Z1ao@7e9GsuI
zGi<MH8?p<4+}ERD)7D(L-`GZ<xjcn*N>tbkqzp`YKOnko`npzU>}-WUa`{R&P7;+w
zabv1~t*_F4di35O{!z@sF@df#l!Hog19={@S=*xhr0t(iQ{nv2i}LhY3g#%Cl6ypm
z2ajHhUe;b%+gb4U7}iG*0uvAy&Ll!Tt_9bRf9+n4IF5`l$dq#OZUC6PapR{gU3u>R
z01?(qa>tqHu`q#^Zfmv;?c`T&I&R)ryW!^ZGN`LG98n`X;AD5|4vW{Ow$6SWH@Lh!
zr<(GDR>mgTQ`(N{R~`mkG+y4mw~M=Y<J0$MY%P?mJL`l<uCc+-GP_^an0Yn*yPjP0
zpOIyP`CAb=9mF>U*V1@#y}NmKymk4x^x0Q-G|>o<;A&5z^Y&{suUAiI+s~%&3xH=J
zWf@<7GfDt^K?kd@eVc#b=<Cz}05P*OKL-aQQx;bq=-V=4`(M>_(_3SEc1c`ov8{|H
zc)A9O7k*?F=$GN=viZ*rMt_I0ENPr=uE~7EMs?R-*PpYZ{4(3%@~VKa$|k9Pry4EJ
z$j03l3?h*m2#_*_OG-g&E?aQ)o)f_N9E^xtg^k&SN4FyG1fC2E^7i*@JlCtIr*ASn
zW-o=v@%Eo5n=h%&uS=u5*|YwW$$0kdn}1ovdvxl${{U;vb-ZVQj#gzEhG5YWWjs;x
z2QC~g9i7;idNu3K%cu7*lN4dh<Fs}bJ4Xoo7cQN1d35dDju<0}o8-nkO`C9Ab#XdK
zt=*=X`)3zyeKcfw{CqnHfs915C9EY5K&;NIxA*vK@?-k2`Hvucbt1fIeO3PeJ;abq
zNL@Pg_VdFXo8!ZueovJ9sMC`=PCZzSz5f7HElICe8O~U{UeDtVw}@e39G@d(MmFIp
zu_L1%4$Ct8Tx#i@PFmsQWsR~}l<%tQ$rqo}<3JyR&C@<wotAi8i<vBc8#{cJkd$o=
z3n8Hgp({ISo5OQ_Ys=5)d919<v3zzdQiVJJ0CxCjPP#7o^~o)+AClW6tDl{A9U?HU
zbI7h+At{%OdahdQn(e=5ulZMxm6LWx*wqS+l}o#Hz#yOYgxYYEvo3#)!^DhoVGC?5
zUfU%neRvN=(|xZD=_kUkEu9Q`oO&W7jci&G8qarE3w?U$n$G*<i1L}U@)hHW-JN75
zNs;XtJIC~|RGR0A@$Yt%n#qfgPm;p3CpOb&L;(=4Cs*oL_S@FtILYrbT%Q@6pO1am
z_|?W%UF{-6koc~<$!9ESZ1AeOvn7!#tApGRxCN`Uk%_I!ysF_;_Wr-r{Esx&<#v$>
zcV!t0;ASJnKyX(ptW`TFEhZVbGKDd5gft%K)%qgK!m~NZ?j;i3pyZcy2%VvbVvB$o
zi}6ql!BZjS)sPx<;)Ae0)$<dsyK(51u#t>rVjM)zhXuy>>pZ(ojjQTkXa4}k75I4!
z?CT?um_x)7?62Yq`9HJ!*M295(dhk2r#H*iXJuqnvl|9I%Ou<7#w@&g$$76;x5RTY
z@&)-P6u?TDf!?T%WiLXz$&OjOd^x^K`>|!*qP>xXOhqSH0D8rA*IfB>+SuS)b8p8v
z<31I_5-&qA1b?-9B$JFd;@)!e{%g-?<yLQ_GO5n34Ka&oIIjJDQhYe}Z<)n#{{Z&y
zGAivndwS>t9anF|tBmfhJ(+h-1~S#o<0Hk_PgZlsDGw)+?c4;me4(@odd14C@`bYA
zLs<HrUw~S|UP_ruxOR~sL!I0dTo=^M-)MduG-Ov=6-q~^Mb8c4GZ&B%4?jgwDAr*T
z{7OYm5RBvVGBt+$XxG@3WI!P3dZ}t*T#MQ^`*{{jx@)T9HU@udXron7?iuoMs$rl`
z&4v)rADIZnok5k5l#595Rxz|wkPILrUcE{)d<tU-f(U-9lT<~b7H;DnX_E`yc>-HF
zz(3%Un@$;P-6<060^5#SJFz2a(bFyA3kYsHjtI>-OcpZX!3>S#aU7E@;Tg%ea4C?4
zomO(Tn)k@RC1f&{l6esjz;jC6h?fIiJd{ia2jUS?5(9!InFc|+dMdPmA&&(zjS<Ki
zMYZa+DxqbTI?h)rXE`1urdb9fM?6qOlgSVf?RP~j3LzK#5eDdV)c{EN9$^C9{)j+E
zh*(k3`ltz#dGJ*!7h$Rx4ja`)z#Cb(pibcw%rtOa6Urna)XYxQA!ywh1C4+NWIzZc
zllh=$q;*9j5DusTrlCR{L+Fcyj=&q5sDzoc(Lw3H+WY6tcw1w(!*(HP*;I-7eHSjy
znX|WFZI7eieeK~qoMBcR<@Hn5r=fM`{5ErZJs*}{BcX{AKOx$Sy&mgG;CFRXZZ-b^
zD<?RPjlw4;yY2(pcGU;q7cFlXb;mhi^3$?jN}B7WwPSShc>%?pbn2MbE_>%PDe_rx
zyhgf+XWgd)x7V&bruQy=)o164?!LMq5wsUzx=p6P4tr;3Ps8|1ql*Ya$efq`&vvpN
zo{NuXZMXP!>*?XQHwzaV$5;Unycda%q#lc&o7=Od+DR3e3w(Vw+ia=lDG<|{<^Wg5
z+#ejXUzSD2imL*MjkUmPOuyW^Yp)r;Si5{LqL>Qf3SqJ2C2V8C!G0^9yz-KLHtmoA
zv17ojWxNT_HHWZ>0mREe{8gNl5q(A*#NuK6&KvVgRfY8xZQLgl9<CWNM0c6TbUo4P
zH6OuT4A$NRcM{Ry{GDn>YdzTl0pxa$r$xD|HnQ8BTw}UZjAQ)7fEMPgU9inRDU1IA
z*N6WAn18C@rTSyuDVLMQJTHOxNPnunm7jU`sQDaXSX}~oZXfEk=~?%mYNzBefn#(Z
zrs4jo`qq8t+6Oxu{{XEI{{S%m09Acy?GuJYGG?+R_%RAtvaXEaB*s7y#6GJl7uPz>
z!~}tv53~^N@L8?J(w%j{PRR&B@RW!H^D917p_hju1aGcJUnmlZe}<`bq}qM73T~5Z
zu2Oys33Z=n)+&j@(<wwkMp5~q#mB{JSk0A_C{Ca1#Mb;bgCFr**5|_;OC0+$sDJ85
z^9!twHpPEYS>YgG)oTpoM>iZ6HozbHg4P)JjTQL}QO5WW{$c*A;eDfiHdR*t08VkA
z{UjgoOf0do6CBEzYb)b8^N{@022&PS{KNAKVNw&X`G@8c3zWbIn#q&e6cLmH3Z)3D
ziYFNL2#RMI^$Ln)Bh(@)kcaaR%>`#?^AF8bM4JBqn0{eEp1<ZFnj8m*^AF8VSAg*9
zKQ)_`m_5+y7A(I_%zc*lbqh9a^whfj#G@lJ(DxC<4Obnlo?W%qJ_L-T^8!90mzwwM
z_Z{a}-%F{?g(J6cj3YDi&qgc5`yaKpjV}*hPfW&aV8`>;i|wKnOu{9rn|oa7ORqNC
z?X=CVx?+4DMoF&yla#J9;}NKdQcJU?;mYz@x7#5|B-BVUgnFI}zPHwA<<D+N;bUS6
z_im0xTs}yG{l7%_x0yIeB>w;+es;RNaIYGoXA<O|Wm(g9ywtszoH%guP`fHw8L{oL
z(l&d2{THY4afs(P=ajs!nX58!sxT2GGgcly5?5}HtFJWd-!C8KYr2W;kGLIJaCP)!
z=j}0A>$~1$W3-J-6=in*`PJP200gGBIGT$>=`_ZGCKtlVWcKU=n+T5r9F89Z!JNmj
z`z!uO@*WR9nC4q7pBQwqxoap7_J!u}{cmZ<mil|{x1SHQ+xHjS-ct@aelH+o+ab7C
z`ap9MW#H@S-dtC^ZT0gWGtYhNjbJolQXwkzl)wH}^*Vn}`LCVd`?~mwJb$0Q{2Q+|
z##;a#>FF(avex}FTr;PBb<2f*RaXhhG&_<Ej|S?!I_X|(+b_e;<Um4G5g;+td{?4!
z@pepjW(V8~(~HpfifzQojPA0rNgc@8WyB6ac{_H@;qU0y>*vGQ_@jxFPF0efyX6;^
zVk6%UQ47VsW+UINmzR$79!es2VO54}h?ll9cW+hg>(}Qm2X}Y=xKW4V^6a`5M<P4G
z1{Lnm?&bI^w`9g}&Yf2{%hA{N9!2#rzE#FCd&&JL(Rpv}$n^gJtCmd9w7g9?md3oR
z@5phsi0h!@R`vajt?|KsTS+mJqyGR{s#RiBhmmCE9kx>_eAXu3_ngH40QJr>U2FWN
zR(FjR7*~m2G`9DN+b9568P_%2K634Lw_m2;6^Tw|cS_lPRgsVE+zBw4=<A<m*zv=C
zb3e<k;pSlx8D9!#2bAfoxjT6mTze*d9s0-DRb;Xa)W#CHHB*=8s-B(?XyiigxxS;n
zIn*(PPh^=kyqS0P(-`@3{{DUzcsvMQoo|t{*$l86QkTmA0PR`r-xCwVeR#J&D{b*{
z$Bf3wTjVlq5rv#t{{YEmc4z!V+JEF`<YoA*1BHuRvT|eYvJn~rc#_Gkvum2R-DVN-
z*dN@nKe+i>2?{?<kG3hk{<qgwb=TTvx!E39C&=U<AB!EhfQZ#N`t@CAlUbYPF8<da
z31#Bo{lAYaPc4-@#zEa(XM`PQZMS94v22=5ZCbJXjt!WDFU1($EO?P1IBFIymRxMJ
zd5r3ax5{}OYVOFeRZL6D9LVUc_15Aiz1niahnby`o1IP3h`OlkqAtxD511`)q>^DK
z*5%}mf87;lSqy8t(g(I>9dsOu_WJ3LUOCy>HsR8%FydtHz7xpuvkyFY4bhBwkh$YC
zkNUdJ{ck_^QIq2`Gx4VkI;AYjrcKkcK?n_5S=lwb_)WF;@LoS39|G$vjc|>Tr0(2E
zCPSc2?b)3*n%5)FRZy-uRhZ+<>$GWPiQ}T_*KdY9aK(j-p9-Ouyw#0i+bf4Ji>>Xn
z@Wj^nXSSTVn=KHPkOy0vMq8FfZnw(H{JgR8=T0<YJCNIHJbo)XX`7by-xCgQ<09u%
z)oqjAAntTg3DHQB=o@bNiXH$AhEt6;SvbZcbmgRCIFgkm_;l<0U(ZT#g_t(hZ6HE&
ziw#QUd-VHuof~~U?~VTeh3(%|v!?ZsC3m9mZ~p+%pAT-Ir;jhBVfbj{#u#1(s79!W
ziyv2Rdas|h{@m^5@6)RsYvEs$j&3}rFPVik$M+*2nnS1yI!TY^t1NSlW^d9;tQf{3
z-;(PzBy(LoCUaP}<A*ORFFO{k=FQm+wnAD49T#0>u6Ee-erwF#Rvmd&+6c7&08RbG
zgVB0=`txw%w%D0?zd!dCw%!F$jdPShw`nYXE7{lAi1PM!TI1zik8ashUutdphgKzZ
zlMY*1S%sTRoqZOIqBcx!^icIiCMV#90z-3hLkAtE$b+O`-SA4QKk>e$we0@@6*(S<
zwnZjgIIO!T3BXj<#fjoi6&k{WQFr8{HX$mf1HG7ZRKsmHLQrW3Euaf6NI<lK<NiqA
zRpeyCGTpm*>Cs#>wVBD$lU&Fz?ozcjm3%HRgor-v+P_6`nZh?@LfHwOPfkkVn{v->
zx)48t3M-J5i~dNGt02Nn#w6;DRq&C4-C1W0ehAiLku9=*PpZ_eRxI5KYRZ{FzU_Ym
zN|d80@!)j`mKlgG$n#XgM5(4!k8?JvwT4K^ikV?#Z6onlB0!=PiEmy=WI1<0aYe}6
zBdP(zpp>N+3^hR=(&9=X5(#urNZ@!PB1`BH@)&~0f+;?_a74+H7=;vp1LBE-l)3Xl
zkOYl2C>bY#2}5u~8OadbHA17Xq8MW6rME^LN*FEyoAE@kC`<vWHIkHsxCB67hcp1J
zvIhnPk~kp|aQY28AOR1r9*963s6^o%z^XzalxP<NQK8_02@V|jDuDZRDkfIbZ0WKy
zsz$lTQ8?&Sysk0f>M%d#&$#fZl~L{488Do-jl@UQa@(U@U1#j=Bj`VG{oCPw;KYP7
zGGm2w1KA1jC(yd{Z`X9Za`trgYrN-%pCR{;+qHpJH}_0Evjg=3p<2`Rx4hGT*z1h+
z*9@y8cxv!vr~tg1;uiL}<K@b8{vAIXjp1V%WlAzQ`1**QcNN34ef)gaT_%&CrYZTV
z?aaF)9y<hpj4K0O4<*)h@ruXg=P^;XS$Rh3+GiSdoJaaAj7&3j&B|U%aLdTYol%*r
z=^5(7P6~C;S#ocEu-S#;t*;z|0}CZDX_0gBb<cjx*0s^n#jh6|5@HW!fcxh9IpVnO
zZLYHtBcJ6d!^4ZncWly_HskSEO)k{ivk}P48F_fsRe9Md6S`a-_%8a{t;}=VHgc+(
zU}y9-%$P)e^_;&2tA0~i@g00>{7xPmXpD^KBkVFi>b(11_S-JA*I9-MdALHnjALAd
zwG%49Jl9{v;;}op!_9fz+|0VGw-`uMEjA8Cditc-%gx`t+Hk>cP59Vws^cMN8E%&C
z!17y~%UrKzla@NpUG<p<lsUY(ehaS=%Qt8##>kyhz7_6;Up$n%&jixrDov%1$mn`4
zIpkLxEF)-WkC^aewIsDU<4;3h?m}Pp8=plc&0P^V?N~7fyRPnGmG&;YCs4_tz*$^~
zKIlYqbuKGf<~zOV#)|E?8bZz$)(+_scsnmXImTX`@tiw8E5_U|IhI%4x)2haI56nE
z-JO#dck9y^HBiR#K2IpMaiXf<ZAGLB{1(0S)-iRvS4v(p3m>s&U2v8}2{DWsAU{>Z
z-rVEEw9-#LQSyFg8jMJpM8hIF#xXy^0M$S$zh1tpYW8-?9%spY(UCsgmC$I6w3LZ*
zNM6l4Cx?rE`{l#(9!AWGna=ZNr%k7WdM^5DkB6JHvfq{|PF#8VF0sbbjj{lHi1>9=
z1gIA}oqbhhDM`R$;R{;4Ww{mQz+-<>T5U%3dvGQr9pm2K??R)whvtejbP@!E!$caX
zu$>n@qOaUP6_q2XZ_O1<!RV?ekW~~}9w>@tJrNX22q-b)>ZTQ#ghC@#P%;Tdt0V~#
zEEL;$Jk{4rd_}fn_Nx=Tn8bo~51?Ky@BW6Ge=lcW=<l@3oNpt6WVYiq)-#AWb@O}w
z0Qw!4am0JNKTA!2m0nBAWZyYagkxR8QF|gZk5^^lott^u<?Z#8i09_yW#d&TWaP&C
zPYs@$@>Xd!zA(+(3S;K0&$7R%fvTy7JGInkx3@+o2ECbT{_TT<Z*V=6V*&y8h_;Rv
zHS61HhP|Zao5$Ue^tpEsOl0Oc1pc3b*4Ud!#M<)YLoOELeMQ+b?pHIqF(y9HbY6?s
zeX))l=F-gNk1xx3%QD79w^k;7q9<4CS#{T=X)w>^*DB|g+p2b9-M;=l@05N8be%ck
zr@iwW>G?yG+mDq3ag?4rG$gM^y)$19TXx&cUntc@W>q|6@p1y~i5#u9#mLOIcN)QZ
zoy3n6X6FYgqdHCP`>rB?)lxd%Hy0RCOs5%GN6HkfYbIPw`rtBW5Pi{?#TnTV0tWIv
z1tQ}yc9RT8x>|{Hb*DQQVQ1&~`vmbVl|&bmVp=ES6vI=-9)e$S)tDh=krm!UOpOP{
zdOG_jit&EOR^DeVn7P{^D-%7kUu)=BYoxrq-CelitQnL-%M8gC%UH$q)lXLT-enBW
z1$9?ZDOx99SGqEetU48)dq4gYev6sUmuu}`wtRj>^DWP~LcDRLPwEfJaQ%+`rX-$S
zzhCvG&96XwSAvw`hlO8u=nrJ3eU+bA(Rn@h^Iq>wJVty>%;AxhL83LvfFpK9WHy+)
zdm<LM)?!vB*EV5C{<Y&ivS!<7o0D;P$|Qjp^K|_CW9l*ZHO_A}vWomhE@Y!t450`B
z4n(EGLx}-m-K^%ft|jp4-RC?mBq4lqPDHMd7FWsFFU7Uv4!@IG%MMSHs|xFH#>6tP
zfOqi?KlEKS)7oOzZus#P;rLwfk@ez}I`8*N;ikzRfi~>d9=SB@xyluI?6c&pw=$6$
z;u@$OVK?SSHGSu<B~5g`*{l3~tuwm3`=d@Q2kl0PZDaT>?~jiyYn=1pEL=*j$pR6T
za{!TKv@;)yn{9||u4{I74030TZHXPZFr*f6Ig+{SzB1n3c}L6nD9}y@6k&X}{@rdI
zbyrO@&0Y8Si*Rx7rZ}Q?zC=HAbw3vz)-9a<E}G*E-bcz+<NSm?hi-S~*gdqwosmBU
zy*mA-J`;WMa^}LHFOiXSjr(Pj?lA$RH*p_=>vq;i#x~1ejq#M%PGuJ4PU;~NY=)u!
z3zqxaWy0&OB^X%reH46$j*nvoscj~Dl0nx*w&xeh>#W9ShHtsA!19>J%zSxf<X09l
zW)UlWI^8cf4EEWy<CcH6s*W}%YIR2%S${O#ZHO9h3in*!yff3p!#;PO@%TA1@lZ3J
z0!Bvg@*9s&MXh?Rp2@#vviim;;mX>jmrc{ZI>`Y=P$n|kf0=G=jy@RX`0~|vjmW@{
zcKZIFSJojo?hYh4$<}7`ZXGt#>&;}$$ngF*4!oP^D>CK`PRV=N^^jWDZMDSk=eFAG
z&&r<z=jDzr$T5{z(*#m1a%6rbYqP67CtqecVUOF{IkTRBlFIseCi14Z>SQ0$Z}Q2+
zjLxracCJ5=t1i2!w(}W4$ij%oIodQ1yJ=&OWU{>o@$`RbfSsZ>6WqSHa7Uozy!UVH
z^-Xc376)_9`2m9*h~r^W2{MdWNJoHL-ug`AHOpV`$B47;Z?*i6E*w0BAyLAI24NyP
z^;4_9TaTAc?wgNqhnl*JYpSbfM##()0yW+E1>SAT&u8$$cTAJlh+AQ1J~Z#Qw-NyX
z_4HEQEaeHtQJI0`6;W+CS$P&lx~Q3zpDu(C&1UZ+%`4GY{{SBO7}4I%zBtv82z^eg
z&wpxoj`Q{J%hY|h{{S1?g|o`{qmd22`0*jN{$=Lw{mFl;)7ARe<?SPbZ7`~Nmx<fB
z7{S;FE5+}h5$pA{%e$GAPBs;j$h3;?4Y~UCUTrnD@awhV&cVsHpBH5qW_4L)gsHYq
zxChnOZSkDfUY^ZnxO43DbGs^dw@<m15Ye~v$o~K<E}xH#x$D`Riq{!KD#1v;FqI>8
z>jAbm7g@YLQ>N`Wd0)A*=!Q%(Wt|G?uR$%YC#MEpj+t?cJYC&>w>I$k&)k`Kg35*^
zy}(@hM7sJtQvAMmeV+~uv#d17x>EVRE3I*uR}p2hA|sC_S=x&!FoyYX8ZxFTlfgv{
zSpl!&ftflOE&6()hpI9nE>FR7da#XkOv*NH&~oINUr{N8pySO&TNuW5ol$YZiot=~
z64HH2vB$#cfePeAo@6ay9H{QyFIAQo(NUDg=|zoJ(Kx`$N7>O<>}Brmi4hD3L}Jqx
zds~_>vaSW=#Pe00rVIOJq2y4g8Ol0;6lW$R<6b2}IzZpWYb058;kY)ei%QvvL~Z1&
zHi9?AN&Vdr_&8Yzkk9H0E>%iE&O~Stly{y;i9$z`WRWe}tCFl70;T{m1rq`FMZs|`
z$w1p~gH=M4w-3ohAV)Hc&~?!iwvct;stzU5Z~%Wmh+9Y_m{5de5u+hMkQxAmMabZb
z5{}>rM1TRundFNhZak4Gl1z0%LJU0+z#+ID5U0CFBo!J%LRe_(vU~$^K|Ks~3`aCn
z2|PbF0(Uy_3Wgl;(1avN#1Q=YsMZbk@zA1S7uDa27zR(rk|7p6KP49=SeJ6@p}22U
zW{u7@<ckavh<ZD@9|A}CBH?r_vH^sgA60W%#C1GR-5y)VOK7m!k0ukYT%!DzE|Rye
zW!L;ZkBk2RA$_xE57W^zO{OA0xuDc)yq||`=Dq&_mrP<%Jg<w#?HpU`yDD0lNaz7w
zJ#F*h&xzy9qv55Ab%M-D#$C-XJxS!b_U2Ao(_g6V!k{dHkOLCA9mlEYJ`2xp{#|6}
z_)hy~4c7oH1bZqx0P3c(c43rmjA0vP7*RiTjCpfo@mu5J&lpi<v{$;x)(pn9iG0oI
zwI%p7BLKHE$Y#SMGJU8++f4y=#MWXt=IwJ`TsqIw<Zg^%vPF+yisiNDJ8Q#}nUz?t
zzS6rhb4G}35Eor_zCIjwzxhJE!7GWn5Qa&HkmLuis<&VKGcP~O3_PT0$DS~xZLpIW
z9;>IOZdmvDb2Dd)6CbFkPHf~4UTdzh{5fxD%biRkVA)3FIGxh|U8|+I^5-PJ8}PDh
z6xoL}wz+GtaVwtFoVshb7-zom5JojIg>elzo+WEp_T_(pfwv~@#sI_yF^~9_cj2u$
zbYoocJblJ;gt5tL>*w)Yt<80l8sDPA!?5qJxQhXc#z%xf3hl9`m%~m5HP8e=oUD(R
z+o*&;+Oxjj@f+*X&*r-q+hsDM7+ApNRv6Ah+)3uV@=KiF9d@@oMuU-&Rd#o6g>tkt
z`^z7}XVza0ds!H%^7La+BZLVd<0<o$irwqB^2F?u!<}|*^SWPCWNfxT7*_hlx~`s+
z968&|i{!KK%E^@Aen3GZ<pFv+^pZT?yW4nkFUY>ujOV^F;JV2ph1%62iD0zB@YM>i
z(;*N~%Ps{>uc{IT18alPT&56dbk!M|bbJ|ve6<E+j|Cld^7j+@kHsC4lMN6l5;!0s
zx>9KVNHtemYUS1~X?W9$$disrD!G?Bl~GK@c)BxL>;d?yDX?@xsgOieVhRf75UVw2
zHWk?uYT!&pvX@26yT4w&bG3Ep>Dzs=8L~WwiN(k`c36I{&um+g`90tL4Y$|&aQdBp
zqo$Ypa-%;l$YaD)Clpt&cbvTn`S-T=b8cSQq|#$phm-SJxIQ4=bz<8r9@@_l5z%K(
zxxU}Qw$?@;1Uy|>w|QIW`de*-z?~-Npj|tyx7J*ymSZf`d3;LotuvfsD~axQ^_d)%
z{CDfaKJkKC-ZFI?aM}j4cM|Sfs_m}3XBE!a<bQl3!+ufS0)3H>qV;RhF^I(N`$9RU
z{`sJq<6v<qbzA&+Pkgjl=QDq`Rf#D88)$ASYx?^8WZSai4p^%w#!(j$1N}qEg7o@F
z8*Ul%ZKAsOP=9lSg})5dU)}fD80-MVjmM}>Yc})4CRF1*j^$yiCqc+4)wQH#<jR99
zBm{Ur_$rd{zXptaxd=)3K)i~lmqW3SD?e(WD*=qp0<&6?&$LmA<Qf39qWfZoWVv!B
zBj23K(no<+&fK&cplL7>B=tO%Uv3bt>BI=1l=DVcMssi*+x*9ZWnxzT)cxbzB&#y$
zVP<R*i7!v_3wrih!;fc7w=STrH$+Y{CMSaHJ1fh#T+cDT2P$}SiP|oJ3@e`vRyMY}
z>5W}q6Xl^+Osuw`Xm{+60dnk?#`NAw^d2|Nc--8paWdl^OglsO28G7}R}J;DW^-PR
zcGqq%4?W~-xOsse8<kk9EeMA@BpsZuS6<WC`#jtA-+$|PdmQZBJTHf?oLVDvt%Kxb
z!%_<IYpmaF+V*Xob@0pev}O2--<df=LM;&=n2rlqTQ<aU_Lg$tc)ug|<Zs8pt{vM9
zw)Zkz5ieF<x6`v0*Bv+Oml5dlJg<hLXB!(LSymF(Kr!0gJr|y7y_vHQPvq8d5y<<J
z`YMpb$%S-6Tkeg8i5$R5(Jz_HJ9gv6M=S2?a$~y-9yt_%JCZ-3wxlM%t!J9Ix?c`d
zzU0l0R7Nf>bEj_OIlG^V?K&nou2;I}h}Yu$r<?N`LnAhWPCZ4VDEzv0SnShHCMTA(
z?AvZ^Z_2j($XQKx$`B-o+Is&0qU9vlms_@6-?u*5vmeY|k)3I_%HOpjeT4BFmtOAd
z>xjokMmEi^hAuyv$nw|cPcju^(g?R<(YS33ox06r$1a%L+c|E)#;%H|lb38oHaV+*
z^$O>`&BSY2j%%5R<l&K*b<{Y@i^7vV1c1=8-uhxmd^0zey52Ha{mWr=#^}&&oMXw4
z1;=?^HNw1qHHQzkWo<a-?|kDJ$Z4r<6}?vP<)6tWt{05*K3dA{@$^+*KYm5;Kct`Y
zUXAqDb9r&odw9d0g<eJ`Wbm?bE4CIABxXyw{#Da_S(zN>w_A+0`6~NX)GEag#;zhW
zxwL+(8eIIhQo_ii#N@zXftBPfEi8#^7{*+JS$3T98tb!L$CZC})oxxS=Q&8;A9NwZ
z;;%;)uIcTq%f$GcOq{HSEop<8(_`(^s`l@+k@LFsw!4|wR_0>YZcY0urdvf7aEai!
zYql>BR@z;sHM7WPc>e$wfmQ?|E4+oE3ion;i=MjOu6`G7rn3{vm5buCb0?5In2iyP
zM{0NJwnw8bx3W(TbFSYiV~b86DXKF1obfK)VC2S8R_&YoB-a!9U-Y@P0pqErG-iM-
z5|0KtkQQ?<KMi`>!hUw!uEDOETV!G&0XFDOod=?wa}|3oW*%ZUXG(CYt4zoSF^?^J
zFHMun%Qm^g(c*u{IVP^|en`g_)+bYSJfytae%I7`=jz;Y=VSe+pB%{uHPytJ#&PS&
zpGDI5%sI}Rm$&ghVPJhtIav{n))<K0Om*7ds4o`(0JFD<_G|k3`FhIyFNUJ2MV?g#
ztUwJv+Pv3otI<03j9LB{8p<*4opQSE=k{g5N7Y?-vn*|-Uw(EqCb-l{qJgwm9sqP$
z(@T7{n2tqM+f{KO-F=c0s-wmM-&Lu$D_5B9$LX%4W<`;muncOE`6cMQ*D~<wC)>~Y
ztlO-%5yZ_KD<T#b)sBq2_31IpbK2(OS3b;~TJ4TEjjrt6;bYlshqeRax=DQABUf2G
zd1U*e$yehxUxQ)Eza(wVgmsZTHkH1OJ-nNDZKU>`<>kKR@ww5(rg^lSVU`4O<1IEs
z@LsO1x#Qu>_BPDLn9I+3KNo|CWq7q%Y`P=&Y#PMAtI?*`^Ikpr<l;H@QA{N$Nq}b(
zTFL1!ryBi|(?-+qTFaE2mT7r_7)OqZE%Kw2D#-XCL^rRh0m25+XVF3GC$?4lek+sL
zR%3hWFQX{3@P<Wku3}Ld9UIkZ#$^y5(hmd0Wu`2f+RxkhM>TTgw+)z7%J|Ae@EjEs
z9Br~Zh~SAe%E-iRjGd*;GQOx=cd|jr^h}J=F^dSFh)lDDhyqU@d_t*J$ZB=b86M-n
z@aCpe4P0|fm^epJkW9mDxT;{L2H;|<SWZDz65LxvW}GD!55-au15^1Z7Nt-}a6rt%
z>%}EY2XS19ixE->M?%mJs2i6=g#5aoi45bK86fY}p$wAx@I)edBG3taKNJY=bTT*}
zL_rWpMH@&62h|V_&f!LZJ6*!5VTnHxq7aB_D4^{nkis$=`h-f87IXlL01^<wJjqnS
zlKhlajR?iT)hfgxA^`|ZigI#aiiJieR#gn{65xoLB0<1nqS%adKMqJ?7u59Vt2E!L
z00YZ{D!~`xfiQ_@M8UZ{3;G~5Eb#>OWiooi<0*|}A{h)cV|g6>X^ByhWpV}BNU<ti
zW%Aa$+2XsnpYkW%xblcLi)(>#0zW=$m-_m;PuSW$KaT$Zm2q#D%=$ZLZrMsF{TCg-
zTF(zgzq2owsKN4n2gu+K)=-re7nmia2;jJFcGmcHp0+JMFy%a-Y+?N=o?$0;566~T
zZp6p5-3ZGoCb1}z#e@1SU9IE9V;JUnM>u5+Av)#^toO>NX&3Zc(`l1wwm4CR_V19e
z58T-!6Dbp+S8v$XGdea)$>75pSi%Fj7zeuEB%X@(_Gc#AVZ-uwRWmUtkvRVVNV5PJ
zr%3a5RzAfxLNYVn2m)uB^jppu^=fQ7rz)$7rlx64oUC(N;&^ebsx{jw*C|Mkl$Q<{
zX>#FbEnS;CQF06<HxvF#Idt_|<LQ-iu+>p%umSk>S>CT+t<_`B+U~=RM#%%jog#iK
z7i@ChuNaH`b{*J~wwVGhm;y{*A}!TteWu*CrnYeEc>6D+n_~#ZiUe3$p_GsKt~*I<
zuC~a}iRQ8Ka*oS4OamBME@bo9qSoDaXwJQ|R!=*+s*X(V7aL>1aCN?)ICAZnnR0M5
z_G89CwCgXospPwFr!IYaVl1~Uvm>@b5xjon+i?V`HQ>8)=lKgPrrA+k!K{P3+Rp2)
zlRUZhTP_$OQLup%uOY#7wZ=@M#w3Hp6hSEs2~{?xWg{KCo;+Kki|~gN)s<!xq+=H)
zf)(m~Cx@r8kDV!Rlz||0M@?tTzbQVYM?`f#sAY9fAE+$a(%>RE55;F8g2;!sjw&e|
zWx#Vq$_IJkQ4o;iRYh`&3Z)Gl1u~D~Rb&inCe5HdS1tRs*Ufg*r)|7NR%Bx1-zZt`
z+ZSQWPAlW~{{Zx@mTLNXeuSU)aV-0bKHc_W*m3cp6IdH{m7I$4_UC{5Jz8rupVgY%
zt;dCSQ(SX$<*k`Bj@_jC9*Yud{v%FqRD70XjhXodF$JS2pKJUA?WNXCYZ$XWYW$nL
zhDJ1dKwErAvv&=#<DpoZ<7|8_wZO~sR!-j4)yud?ZZg+oN5g{m>CrsLp6;%U3URHT
zO_>5#?LD}0a(OPcdrTyZIoVk>Q!IGKJF-UUh>w-j>+6>1>C1hv=VReYHi+a(LZkAX
zNOkIwj5=bvs3H=V&GP&fqgRNpH!{3>grgTcfmaM&u;$z3?lIdP4EZUOEcI1&)@_I;
zTwAJ%jEF_9?N8d}q&bCRJ5c*_lTadM=d2w@v4irSGORBjI3IT79i{jstLun79T1jG
z0Jb6x`-4YQYl)b;JrwaUVTEL3L}JCH{{ZB<OJ1uc9%`B4+GSLv_5jhD^j+}sPF!4#
zZ8G@oQ7Y^m);^!MbSqJxR40yWnFRY^MKDY7(HxkF*<42E18@1Ol~G-SQjc)Bj|CPj
zjG-AwyMxJ8%Y9y6oKYUxGLvWz2U9rkU1jp^_}?K;bs(0F->NINyGrrzrPaQ;n8>hJ
z#wA+LH4eG@x0D4D-OL|N62`K++2l&G9`yE&HtsC5HEZ%;wYB*y`YLMY5;O)fi|7=+
zd0)+9Q1X^fDmU9jW^CF-1$``-$@z10hKTvNLN)`36FGm}i$t=`(*3vjb^2jBJ{su}
zk%>41!0#tjbG-1){CjzfwcatKb$FH<>9~#2ZU8QqeEE!iIX~-IXJ%|J?o)9reZ3pt
zx9_jhkEYqqT|7TCpDZEc?YdM_T*~3hu3Kxaa_y#U#jjc6DyQjVRTm4S&P1lqCiPx!
z%bNA|bz(N-V|j@9kyczm%(l>M5jt&tqtRmBeYo)7rqf=0netR%Wy8hpGB*3A6CDRV
zPc=O*)7gu*E*f%jC6x=V-xx?~7?22v{{W?8Of_y?pE>1g#lpmeH4W349mvONB%N7x
z>+8+AbL`&|I=NDxa~RI3<3nJKq~mc1T}L&?U!Rvv_VB}z=KOfFHNqPxs!b}#UcZXz
zI_np*X9#`C_azl$Ry=)MvLzk@9J;M^^=9(D-ME}Q#%^bu@)hIuF^1|3_ZwF_>b)B4
zuDQ*5w%cnaBfa0ks#V7}$>eUV8*$(c(`n*21;ZEPhj}J>Lc6HJ!;VB+7|wUbLFEwq
z9WOTo+ttmD@;+DVgk@$F!)%c;amj(=y5IWa<)1re;X5;TU49NFBOc16ES>U*22p3)
z6!qgZF5Kcougl$)kChrtShbJc5|7MB`%e`l;|=HKb$A|M%Xtd?<`xs;M7WiaX9Ji7
zXtR4Y)_U8@<880BoGkJdS82A~l4COBaM`#pQ(xfT<$`&24-*W35sLTOKkL~abmi#(
z04m(q`)6v${<zf%_^&4_>6O_6%*tHO5z;^&M1^N$`r#(G=gC+0?S5+b+2t|@HZ^6T
zL}c=j9Q0E5`u_me$@u-RC+A_{ZMwWaAB$y29wo04Jh-P{yyn&3Yj}(8&a%%5O+r&S
zGoNNVfh0run5@Z-ve&)F9clfq_U;BXldjvcas)xPag?GWNPm<rQ@eeux8u@J<<jvG
zzZ1s~p~RGhn##*2T!Zmk_p;t=dP^q}(afBys+zmC!!CZ~CmMWuu5y3j(%<~C=2b=v
zr;~0`yEkZ**tB+@foofD5^&Di<CV47PF(`}z!<j2bYkA^%Q>>*n#|0j<2<!O?1Ph!
z+Zf~aruv<#Z`Xb)H*hh$*W6xL%VbX<6K)Z5ZkM$DSg!kZ>8`xqTxR=iw~iRD@)*82
z{T^Mhk;<7SdJVFP(Q0dU=6o?X^sd<R7_|845C+)Do2;)xFx)o<%60PeZQY+QFXG{k
zc67Yl>X*{v-4iXuv5UFWn)PjQJ$_ue_Ws$v9S^^JrZ3#SNafZ*#-kcB#i*U25zUr=
zTT7(FzwB+VZOr(Om)LKN=e)FB`?!+6jE|FdWXO>-ZQFx5DM?l9%S2M#3Dl^tJ0cO0
zbyov-P=*XMY7sCTa7A}3HWrk0k2YMLC9Tkyje2MsijK0C*TzHNpybNb%7Kv>z?XkO
zq3(npP#{N%(b1nRcvcFn536wKtt33#M6BF3JllecuMFhNmjr4lvA+~!XrzWe=8R=*
zUqbpTmBOi+ZaoSn4jnq87>M1jh$cD?3aUDt59We!B$F25%~J@@Bzw7YNXF3}Q7P^k
za`i<pLprH~G8_>yTZ^DiuBfICu7(ZON|xj-OMfMDiNu|B;(<9DbwGgTH9#2xOY%j8
zBL4scN^Up=3PcSX@j$l#bo|gVLHP4S0wfJb9*P2UbW#JKBta6+IUq#1MFLD25<?__
z8;S(v>%kN;BZHz*$3zSh5&$}sT%6=Mexx#pA-zx=N#KGd#+^`1LM9--p#%@{Kmf(`
zL`+%Bk~IeAcHp9XA_zbA1V}_4C}Sx^#E(=_D$gQ`2ufp)sJJkBBRM#L3#wG(HZS}X
zX(C)WJa~jii_4n;i9pbj5Qh^G{=HQ&oi|&JE%1?p>hUUBlf%+@-@p9UFpMs@y-?6@
z;s@lo?fUxHeS7wIF#h|;va?V<izHmx9zLORzpu-tz5f7C))(AZ*ImAfJJ(hmTRtIU
zZmTCX(_ZOs^66rI=}fV*A)N@rBEz=1{+8fZEx%iyJUY(#j!OFM%&w25u)+ZT>yg9#
z5?pyrrhGY`cQ3b8rG0fyy1lY6`HJn;#d7U=jBmIwNwPK9q?>E;8n0$D^2)O}?hfqZ
z8fy`RLrwU}U3%p5oAzAs;fC)g-5|`fX%W$Ml1Ck_snMB4&da1lQ4R!nx|V$`{#vW^
zW)OsEaX6E#xU$Em+jFxX9ei&mm1aDpMSEii`^e)dE?a3OdL`P-$dL0hs}f|LY#!+T
zuvGkcr@fKPr_9_yoTVZoq=z#fMb`DWPR<#!yoi)1T~ug(Nz3LB)o)!s+1qY7h-7&?
zEX1oCItYByJXP0BT(fqzVV<n1(+Nf(6D~3<S6s0+vS8`T5R9MaJP$@osWw+-(!OR>
zo0G*^FwOqR5dd3yxiN)vopCzLa6D5npHer}54I$aRXvvo%KHiSSNJEfhKxTO<}+os
zinho3h|ye<eLJ2b>|D!cXXGZ({!pIsEb8U#vAkA3JrJg`?11*HUEOB5SaE6thN@<+
z59#9==)k5-7iwA&tD%C~AXxw+#Hd6|J0OW1l@OOlL`Fhif)yD8geYU#VLI)I4=ElC
zmv?r(dgi+H^ljO39DLtDi%#fL!eF<*iEb>uM`!PEz5cvM)a(5%b@R)Ko%fbdws&L1
zPN>AgY`8gIYt?rD0JY`c+H2x7-JNw_I=tMS(Uw_b@E^*#O+U6HUfgo!<K3AY%dHcX
z>6V!F^gfHxWXJO7Gb-|Yjr7L3N^rT!m^?Q6sjiyJ*DAcFk*gF+f@cT^oCjW|bn4d^
zmNvLy$oqoae0u9=wqdKBe@H95{dsO&_Uz%r$;$E~!(E@dNiINMoi(2hH)?eVfx1)u
z(nrn9qU|Oa%x|w5;$=AlGB}Q5Nie=q^Ae{Y!^Y7sd5{qbTGe^UXXIaCa!kMgGG)(Y
zwByS%QiQBK;2cM)(Nxh@(zaE?vt;9=ESRq5FO1ImdZqxXz+O+qx-De&u3*H;$?{U2
zRhbybJM$o@xW5ly*qoz4xa^o=wm;yr8~*_NN6g~UXOFs_B6jW*JwlUQ9(=r4jmNrk
zj>&fA6Ri0y$mR0t#{A=*^f8BaVV`#Z{M5vByW7K?<Y<;Bkd;=AhlvA%xo2q6O+Qz%
zfmj5MCOE&UspXRRWZ>Fy<QR@E(MeJ(m8M^ZRZ0Zs8l@=n(56hSqBy;i-I<Jt_P11w
ztFBvQM2p9&A1TC2*zW`7EToNiS&e<P+9V{?2Y~32jh@@a=TVtZ*ne^(-Vasi*2?kk
zt=96|BDID+lZ<((hP{$C>FA!PvL>R*g4JTF1i>vSM1;ZYti>>U4{o{zFuuyfVkF=z
z>l4{A2uy7;(P!1KW$~y(Y^ysZ9t131GTh%D8*%)XmW6CGryvWlIxc&3$8CROZ?(03
z%byG0`YOD~gybGeo$Ga<vG*6@{lSAjEA<&w*%%V@fcZ&Ty5C$z=K5`OU0d=z23A4x
zM=BHgPj)^LIvGo-^jzn(nEQ0SdRv)Cl!ks@6g-KDy5pz=ga@K^;#@g)>9#Y6Bkj)}
zkyb`s-cmw!0A*M_pH<tpX=IwX^=W2(o9UwL+`MdnKAQ%(wURnYaUaULTZw1Oq}JOn
z!zOo{%DXQs7sbY^V^Dbs1G+$SD|&UwCE1<3E^O6DgYuAw+i$-nQYJK4`lNa~*JiBs
zZ_92!i#ANd$jWi9M||j)6U=@~7k{T+bkCKZL&U=~Hn2^#W784z;v9V)O?y3O^3~Hd
zW;c$Yc^&zJcV<%^YnRAJC-qYA{dn-Y$)0?yv&-RqRH1%6vND_YU<1Mp$w}92^4Gli
zoTVQ-_YaoC7#O4IwiY5Gt0Smc{90*qc~8r>(;gh-;QY2MqGgzJVL5OdH*_nf<<|T;
z{yRQh*y0Qt+a^@b>xTZ!c-8RrTs^(KJ4x#tybNk-^JGz6@+`{)O2ep&e=_N|-`Agq
zEhi}Krw7QKT%1~nnf6~Foz?R*D%p#Q?&Rfoj}Rhm+h^1P65lLenOr8jZtZN<gUxwA
z5##5NZ8eOp-~tkWc{$`3`t;ju=Y-#Fb?}7z#%3+sGQ4b|ZQyq5h}42O$ywJd;<I<N
z%yp>p@V0f~n4aK|^dZE2S1(L*>pMOiuQP=$$1*j>%jNP_$a=1tc25p{pKC>QWq6L}
zT&uG%`z6}>V;}cFMUH0Ncy3vB<wbsb2MQRTBggK{zxrm=s08#{y;kRI#AbG55;EKN
z=ax2IJg*=sfjfW&wSEgzyIgS@{Ci8AT6}&{gssQAc8e;Gpf=e>V|nt{yJyRV_Xmye
z_hiD^N;8zC8o8bwN8-EnZM2SEnrlnLVPn;sl}=_!`X=38AUY3EigsI$CnsLK^5K2Y
z_g}UiCknGh9TNA0q@}MF+oPxd0BhyPySw5!V=EuZXX4eo*G)tBB`qIC+ZS1vDSfLJ
zed4@}=#5epg4If6mol|3O{9)gfr(?OT{6iS$()9dB2-w8fdLZEI-=k<zTPUKx41tJ
zXcLXziUW46$(6&<#zcEZ4q<Z3(S$`)F*^Ey>NABg_syhua#e<yR}rZiD%{m{L<~c9
z;G?3eWe)GRKoJT>;z-mWfSjMvFwe3i10o+zs8u95BceIdjE?|x<cpCfEJ_K)Fwqc3
zCQ{ltDnlf~TS_FR<L2N|QWj|O)2g`<B%2ysIVqK~T#Fw?a^+%CJ$Nb;#L2h-l9nW8
z9t3<9N=2Q*nNVfz;F&^k$rQursso}14=|ZjgwF+Xm_6G1pm8UX1WOfA_miTEdH~9Z
z9d#(q0B2-W<Uty7>Y||J5{3*1{{U1Bo=AwItPzQaLWWg{xzz$Oc{ET5r|>|;+e8WE
zPsI>zAnJsJiE@GMk<@C67>+6cj=!1!MWW!Kk1crfK#32*y-*Dl5{sP>HrGW`0;5Qm
zhMZ9d6U%}kLHY4TF~#|!U}_8h00aS<JdnylKylzu$Y&@*0LRq@nm3{V%WOd6g@}og
zb>YboAV_x5gjmy!n~{zs+mwNphf=d<R##sS?kK{D)si>H8iB;0#b)Z%*z&&ZvSLug
zs#L~7oJ^@Y{@S}|!;x-QWu*6Rl#d=ImrO=+OSocTDCl{rVcM&0wZ>znsO7Z9GgI<b
zGipMPfiNdtKJH(NShBQ6i$;)?qo%A&Ea9oWhB2*_OGv*mm|w|CzZ+>EGdj~52gPL<
z0!0sHc6dC25h#~D(q%3pzwH?yY6`b05k5Znaf#JVOvQ4<yK@Mtl*R@@;}WhC)a&tg
z$gqN7_H=PR+_uR9Aj6utPcKX3{?*2>Y^DJzYg0#i9~&Ns?Sw=^&8^9W+oBX`jgV$c
z2$>E+Q385|L`;w=8Ff@t=Tt-tzcdju41}onI-(&fN-A)HFz(7xZA5B+e2=78llK1r
zZgp$_0Qo(CtNNRET>k*-^LKgtYVN+A*_c-n@Po13I4^^4`^>)F_0x&N1~w0o&o@e2
zXvdH4cO=`4Pe4|8-(6=OS-GxPn#b{Qg(ei3+5!Eo#BO86uKHc<^5e9TSn_bY8mhBv
z>_QGJ{Y|Guo71$p*Obp3xsmfY828G#!gd({06>61UcGv4nPc)v<#u1(Sdj686h>cJ
zGEC%M+mKq<_3yTCg}u3)IaPhrkr6REgUj1KZy$o~_$6|^_(Q{CVP)jmJc*j=2XKcH
z=c4a?aK^G*%Wg-~*9&7ro-z4B<MCEZExCEz>*G5}kz)>Hny!0to-Srtu5g3PPhjSm
zBu2{TJR)*u?f(F`2Ypime~7mNyhB`~4TYXXToN_g{jVBv?Kghl(PO|SOEBGCG8;%S
zjN3*5OgAqLxcJoxz{r_Pi=GQRTrRTLGtJ~<Vq`+>awCxf@~#@V^<<R3ShIfNvnvi}
zh>GM6=}e#SR}9<Bk37#Q<YouD&@>F-e*}!%YVW4ZuD#c_bns!t)yiFPd2zZqFuNQ~
z%2C%s55*QykB2<VP5Cl2nD(*sOeBux1~oYBBkeD)j{g9PTGNf^@UJ(|Dzmx=Ne(Om
zVVhilAv)zESU2WS!rXdnofGY|0P+O!LLm*4tU!%=s#U{pU_ucFT}ssO#hjFdmF*uZ
z@oiRG#tx{yNCdn%nJ7rrPGywc-p3?HGWP!f@e0kbn``YkdfyM_>hd*7gIivf4y)0o
z*?2oT{ar|p$!Ud+q7@(&QZS0BgsX`ugjQ*brV}OE35Cich^7)#6b?#Y%6+{VPgbVX
z>yFW<H7>2q$W;<a=CgE*H>gUHuT{?VH}0ZX@pl?^Z4|mSH&4BnR2r-282<n(k{3JI
z8=bo^#q<7Jzig%@81MvfSiN!EU)bB_w=eG7@~Eb)j8J=DF4=9<ri(iD;nx1dvlb(X
z<@_aB*2b)33+)73B1s|ny0&d^EKRidUH0XEBD{)hjorH;Jtjl@e-(RnwjF(X{k=T#
zvwWwNqBwJ|%sPRUx{c%yMdg-hE_}Tgs^1rcypNK_@Zj7A;Udzk4dyZGn(KFCZM|8%
zPu!kA&Ce`A#;H@SV@>uj=gcd=P16adX1iqkdCH?Qc1*%`-Wn1yAGSvyiksPH3AM{L
zzjQ|y`PFP8D8b=nu^>xn{{U!OojHm5ad}hce(=h($DgFf-%VRgHVtL@Cr|51w>6&5
z+m0g^7vC7oY%{!7m3M=SrMS1imDg|AzZIQ7VtmI(?cchq&d#&PVBt=jS%<eI#FOpl
zeOEr-pIMuEb?fe%TuH-|=P&UX{z%zY4f%G!Jd4PFL3HYyS<S<rX4=c+E{-3NpWL)c
zc-}TZRKjA%hz-kLD;w)N?={kI`6m%}Em+rORSfO8vY`IWA*4)##kU-CPdv6_*KTHJ
zO|ufd(FsP0$-`-*EZZcF>&;P~KeJ&`WThD8T`jUETA#%=zV^m<{;^k=$&id_g{D>8
z4Z?8_egTy0>z-<DhZhqMBCH(42dasHBsUpL{;x&fZRTT^vdp@_Zq*zdMy5T&2mb(d
zII#tD?76(U^<P->-h0b=+?=~`tJTZbx?5cJUY@-*lP){<ZEgi}^Vw7kIZyupCYtxy
zU7Qd1b4+WTrJG(pTzY(7Z;__E<9Uq5hBJvSM$*Lo3$@-yEqd<JqayKT-$ReS6QX|n
z**M+@K(QyyZ)<!uW_U_-JUm*1Zge%fCx^6k3p2A9_+7Nj{#>5lf;fLwP9=uiZ)p({
z+bKt>T{E_PvoU9d*|YL~dWrzYjx7zPl3?I^sjf6zHrxC-dAJ7#`nHbj#F@{^PsMfD
zY`N{OIA7$vFOrQTI{w^husmZK4HVb1X9n6?%aAFVhVcSm>}J{ziCr?wpg!EqmN$Nq
zE|B9@e&hTWKO}XXcEwqK56NO<44jHhRm-k~d_rs4t+<TcZ1Tb+2Bmao1Y6<gpk9cs
z_iE!k+yk*?$<?wH(Ho-k^>kbz<nduug4+4<3QA#;IZ^<FuS8k0b!46G*OC){P<Nb!
zx~i1Tn+e<Uo=T*sivg2x2ZEUdq(n#`niT>60PIncZ+AotfJTU50^CsqWH|FiqVWJ@
zx<o%EtO|>bc!SA9!XkT8Rzzk=)fFj4;#Fl=E+~ma#AwcezPfPrLd3ao)FKc&gL73;
zAje1es3sq7g$f+97#y8Y4yc6X)e{q7h?B=fVMd67!9@sQ2$E0%_$Z-(FU6HY++U&~
z6MYH-K#dVgabyWV0znLfGE9pqU`PPL5Q#6Mi-i5$PX$VWZODrv7(2H>qMHpI@l>?7
zsIdkkf+3L+sszJpwuJ+P93kYGemxK)xM~il8=fTq9Prfvs3pP#eK?|18fuFHiO{+h
z5hs#~fDYiqGa}<DMni%nNSO6h4hIt91Ye`FDTzM;!4n2S-Tn$?uS#Uin4)1I-xXV$
z<l+fguDWVuvGqcOWSN4ldpGz@s0^VStl0yg2b$is!)a^S$Hv5gDC-lbD{fJ2e0(2*
zVJuq=7>-F}QE$<P&}gO#BZaRG69kK^!w<nQtuezL6lrJC2H+7aN*Gm<s0ezbd~FjN
z#Sd7o`z;1s70K$hJ|d2RGJ3_e_{v~hL?&0&ro39g&}ybkFA)PnqKaE$`kfFh&>WB>
zU}Z#2+>-`SmEka2tlT;xN=DQ8BGe72h#7@ZT;@0+tl8BNfigQs8EE{1muV(%!%|zs
z^66%MsXYGxr}CaM;XK?ZZJa@P1`O@heqXcqCue2<0P%jO_5T1~&Z+kK-f!BzT7GB$
z05TogWf@G^IS_qUUAw2IHS*(nw!3mD^BHyDVV!^Y_|e%3Pgie(;d(Pal+B)84BshM
zR%o_PX73m1zL!_)*{?4)-LopJ@)5|fy|zXqiA(u@3#Oe|<u>ih96Xj5Hbs?Asmu)^
zWI<xJwwB3<IlPwT&bKIcO`;%z;KZ)l@xz_0k)r8ZZxJRVuLZ0#2xZ+>#>l)$;@lCe
z^OG~q`i|zZjP)myCnaqVk)6X>X{V~H*W<6nrm4?%+kiVs=kQS_a?O@V$js>E#36jN
z;bBiNcFAmz4#^BMTqbQGk|kD!67cC_`TWXdTxAg;2ze37D$47hI~((&Dl#<0d$#Bb
z#M1n_{!gKuWplikRTxgt-NHF~t!pGr?X^xX+Z94l?^<k(^&%yr--?+@u3a2D@NliR
z6ieFP;m9oB$4xqw<X>J{g*9WF4(AeY;<0vgx(upvF|y%({@i)TZ)|bsx^>*Rc58}_
zG6KoMnn!9typIv;x-*3sQIumS8+(K~j=B)6j2x~10JSjCpBXAo<>$Pv2V&rBknGP<
z=vFINhHB+1OrZK6X%gNDnZ)mXPb4syvUV^7-^c{YVX`>cMwgT|h=0KvvxM>`3M+t%
z8BA(bW@Sw_*HMv|yG{x#XMo7a$IR~65^Hvt<R6(@(`;5dG@DFUzOUU8AY4d3i`4nc
zKvbuv1VhnKo+yU!=!k6-z#^gAB=P)}OoK}fB}GKQg%q~Qlvp;9rD`J}Ih6zm3SnY0
zh-I8Lm142UX2zvLa0{K)xm1utsp{0(D(A6}MT@IayMJzd$uAM)MqO|cnTd>|co0_}
z&cA7gr?0yX?q8q#bIe*h@s<ULjKOHgoi+4a^w(`amtD5gf8jiDwR~nRcIEh+>bEA&
zGaPoFEUoXh<8KK%HJrw)JZ4Xi$2I4jk-j^z=5+!`;IVd_T*TX7UMi0R;(RqYc^P>y
zjzzE}-zx)>f6-pe_O}r0(^)OUn=iRA{;RQvRa9f^w#i4@AB!%Ns^ga#+l#{Mymb7n
z0@&o%acPT~^p~p4-`4nBud@7qH;GxR#`v+^ln3rzPMY&_vwH9SwrX!D5nb7_@p)j%
zGRnUoJbFZ*(pB}lPomsbKklD#+n8~Dc!nN6Q_5492#E3ExA^qNZ#ZMyZ)`!CUy7p2
zug|*4-xJ%0WksMQI=V}>;y1LOYcH3dn8voNv2%r8#x$4qZS`8xYk0Ap{iiai^L15=
zjZRj4=j27CO6kPBVb9tVs@rimXMQGcDa*`w?;<hl!MC<64HnW(&C~JSe6G7qyf$Ir
zQBFj%vM#j1g7j_;HrG|peX}telO9!gk1>Ci&$^l;*zvTvp5Wf$`a-+)`p@N!HoITp
z#QVnR$I8)dW;NGS84@)u%kf>mUtj9aY{h8to@>W`=aJ5|R}YdkM?z!hru}!sH0+*h
zrS{iqt1O?9#TeN6Gkiy3DFS%^0IKEN&xc;GJjW~UUnyoM+;OMq>zR+Y5)dBQ9;J2a
z)?GZg_ic@n7~gedS8Q#Je038axcWQrWcJhJl>YW}!xw|`o=!2h!x1RL$r(>4^Z<FS
z_HVEKj=gXFTP*SM!N(M4X2RH0?br^Q{{WiA-`klM>y9mXpEpKb`Bg_6B-Je{k0t2q
zvQAt#me(sjy!?OsOo^EgK``P1+{NXaZgAV+vGTIp7O0tE68SRzRgTT1=jFX+ygQkG
zOB2IVevzxn8r3N9ZjxMPmv25DZqrG}mppl&@AELv$k}9w6N9u!9Kc)rex4Z5x0P9*
zDxV+aVSkQ<a<Qw9@-5ac(Oq}8VwYTA63EB#zFH!$8(z%kd&%J3_WTu=>&@`q(rx3)
zkNryS>-T?W<bHeq0MS1@PsFpiA-FANyefg2kn6=|WLrMuqS7u^g^YqR23xfXxmaKb
z%xy0ch6KTVHEwEURnE;AaaSp70#B*XsFI}Q^HizrCLkUNh4TCnK#&EHN^)_-RLHH^
z9W^M)?~?$F5{$QKbU_&s?hvE_GDKJ-WCru{s<>AmHyv3Lz!)B(5+%F=>V<?P<Y=oY
zN>Obzk^nj5sxC-Aq5cS@WO#E-m<Lt_=!O6#*c}lt4A|@Wra)xs<ibKhlO__3#-UuZ
zQxc50XcHnt?ez-e!X)wulLL1p6wKez6qr8^6=Z{h>YyY@lBNQSfy^QieuxO|XDAV5
z1WOm>ijgif(EvDlp@Ka}1TY++wlZk^P#|?gDTf*=BMHbIMv5qu$vS9(2PNGDV#p72
zB`z9;6x@*LsLO|{u_*!@R6q|e$wDSSk2O@|sbUl;m>-Bh;z8GfCJZrl14LXAgBN`Y
z2U7q?B^@-toV9MK>9N9OkP0#ClzEO}GSt)wk;8{I7F;5I$5mOpl#3228QS3yCO-vS
zo!<xdR$c|LjzKqK4lq1I)Y;DJ_TDq@4+-Q8Rc6UM2+!K<d1gB1m;>_Yg@9Kch`3Bw
z9*C*N5gM{0;k0s5O@kmz0to_L1+hBnikLBV1KkjcjI4+%p?3k283uZwgsmM>GOktx
zGOW*D3ZWTDpox(vq-0SLB%q6yK(#zj!H8};=@G>AT>CpFlQpirF4qvF<?!))*k*C<
zWCps@+u%5R2Q~12d-pc%<6jZ?{{Tz%b?VLAn@hy~%?}+ru)G~+cvi$hc@~lhkUE`t
zuba1B+Gai7ebZdXkKVpR62BXVbr(w8a%!As7{^GtW2jyK09#Hu^2cvxBh7e^xPH>F
z$K+vMiMKDd(a4!P%hlJ=om*U2m-B1k^XojMY4SE5gLGU*T$%YVp?q-p{x2?Uubq}z
z9B-CqbjJ;Nt2`$k3L|xpk+Iy4yj3b9yo-sJpv!<|JhO*K7U512uGfr#&>!(yi<~I7
z+<4Uqw{}uK@xW>7nM^Ia$bCjQg>mglItB@ATE<A@+$xn`=Xa0+)>cfqIG=6g&NbO6
zylgB1<MB+UE0N@I=Zl$cAtGI)^L%wo<(kvtudbPsGoaT+ruDH-O``1UZ83V?*mDX-
zZzqqI21%SCBU?7kD&;KT^DXULUD(5DA>=q}qDbjR+V8`x$>m`pQ;6fHsb>z7x*6AG
zU5f@Cym<iA99IpVj=L=3ppP9Ihin;1hUrU3D;r$i9dwpXR>pV6F&N-NZt*Rr=C!7*
z@3gGmX3T<VvT=CEBusL0y6JOXZT0ycGOF%7jL3^0VBmD>w`Li&=LNHte4|{udkGqr
z995Mr7UpDMD<h8?ji*<BX=+R|c`NR^HC167Y77X~)@xOiw-7f7@Ff_u4VE4|K-C&u
zkCjz3GKG7rA1sO)!=f^>vvx|RuWpkgud1lUlUb}rnIGJ8TbCY1Wxg7z@m8E!<lp;M
z4Ii0WOkvQTH0bfKRJX=jmg32jy5BX``)kabTMs3K+xAZv9T%goZ;J7E>GK|mxM;e(
z$rzPNTA+!JsD>hnZy<<5WN;2u67NX<om4Umk1&e}#3<6a0HPpUqRU8=s(>msiz!tJ
zML|@crUh0+Ho7cW-nO!tw45CmD(eNgGBFHw914;xtMNRn=&Z!fLPvuVrPZxBvEIP@
zzsSN7jzxnmkj+(xfcUN(bx)2RweI_OvA*!|IaFC*Wk(V==`PURJ}VcmX?W$|Ud=C;
zD(qhkZGHTFpiVrA$BcjmMD+`_?7l2=->Y9TvDM?g>y^`p$;UX^hu$M#1V5l%KPO&1
zcygV4=lHEYI}gct0d66pGs?)2m2;%`32wa<-s`_V3)j<hW6qb{c^+>YyNf)0b7Nls
z2|PHL;I$^RTgyB9-KQKiPssSJO!Ix!8)Rh~r6VH}473du%hPKeGpxC1^B;8h%j>hm
z<UmGIu<dO|-mbcJbzl22+1s!EYnSCd=<!uz!^YK(-l~>0SY&iR6}>t(&TVnqvPp>N
zN6q8r8u94=0LHRX0zyQ}2jct}U&n;}nd8I1JbxSGJcV+V@R-Vnx)5SFdJwqnn;op0
zw2c1%7iCbVY^;_v%&nMxv5DcT<8|4uX@+|~;JVDIRpMYa?cECE2H;2Y1*z4E{h0ih
zJULnP`3&5=JfANyRd&qB+w%hx&MU6FNi5ZkrMH%>%luD{$~4awHiKiv!gK++o{Kum
zwDQ%u>u}_Gzqzf;@)f`y{ZN!d3`;klWz$ZntY?1CaOrtVA>#6}bFu-pRskSRrU0&b
ze`#Y|Nv<nZmwBHnY$I$B(d9J3B*)thFVSXAb^ib@bGP_ki<#sza%}OKCai2aM$2y#
zc?ge+&f3W{e6DTcJlEV_0#siiMoqakNb}($y&YTTeK_`MkL5od;XKL45WZ&^@v6yw
zllZ3Hn*18+QOg*gNh~sB{m!WaEUBOBH!$kV=RXN?jC`~B1DD>j$3rAnW>NQ77HKxW
zGIrw`!Kc$lk^5IFIgzaARXS#U(lQ&X9-&P;raU*dRnM05_RrdQ6<3uztk3PgcB;dY
zd2n2(cKcj-boADLE_am2^11l3$;X7Kz=7FRCN{`=71vuQ`D1M@=iv_z_Q#)~)t_9A
zF}33hq3#;#?o)p4d@SnPa~_-j09o?g-~RyU&+B_%KEc`B{{UA9UT@8>*ABmq{qpkB
zCUBYRy=f4wqhNkqN*PF<(jXQ@XPsnAMOd(_0o#`}ro1h)Y+&I=s~IHxO0G%QC`4-)
zC>e;61Zb*ZVG;*yxbiA3S2y9w1Xyr=P#cT?0D>Sg(T@}o-R*YK6DWdpAyGJyA+-#b
z%6$-DT*RU7)s<=?ky(^uA<K#zMt%iE8{8u)f(N-$!ZLkTOc*36xJZ!BIHKSX+NvPr
zD0l$s>ZLO+b>N{0N-x1s&lVqw2h0XlixOfP(NYrAiYe}JsvewK3Imh?I<x#y6Cy4f
z^F_dL{Xz(W0X+~!-&76Iqe40%gYCy_gRevZhy#wO5d;JPI*;OtneFgIL=eOsPbCA4
zdX-ehhg4*>a)AjDH3%XdowQMKQJ8;3rc?Q}iPZw#Ct|KpNx*d!x3J*h3=x!cD2E^b
zamSh{+z3@LV1{y_Q+IK}OInb|y6{8RqpSLJOs*EhLEI|VB2$9~2ag12)mH-C`6gNQ
z!OBk%IjLLIc|3@f9g_!-QiKu)Fa+~N+9BK#^;OF6gbaz6x+=xFGFblrnuQv>s?HWy
zajtQ)I!Xn?va@689uxjS!k#=T@*}rsXzv^tEqfDJtjEm5$*MO|F=bNWAhi;lr4B`v
zKqOBCqJmr4@j@ls2&1|a22Z)qf*Bpq2Nc1QH<7_GnIn-T!rFnpMO-szjk4;5Gi<t`
zhV=szMIFr$F6XK#8H3FPO@R|A?>vymc@zF>TPKoBd^6qUJa#36`-G(mPZ>vx@&n?$
zUH<^RG`O7X_H=%w-<`OQj&4VRqrl6{LoapUkx!2=8OU<n4;Aq@?(FZ|`*?lMpV#Z@
z*D^k354rEV$eg~-ahGy3jaEg>L{C3O^l$6yuAIEr_AT3ptIhq-<Zr(!>Vzn+BY73D
zgPw5<J$-V?mODGG@bh&2&*kfB!oy`pjdp4W!FSvB^}bwZe$b4)1yodB-#0vTcS)y6
z$Ix9vDb3I&T@KwHf`pW`QX)u$#Ly`S(jp}-jg)kQ?-{S_zMp4(>s{~q&RKKjoSpyp
z?Ku1V_ulU}4ss_)1}mTWHpt@P1aOa)u`-1`b8!~BG=RxcX?iI3wFHrWY!q9_2w7?f
zEZ$FR3E)ZeeYwfysCR39Niec2{)~;ncAXH{T>U`OuOu4$!&6D0tD=eKvhkB;*|}cj
zrX)RDN)~EWnsd4M3#7PouYNNeN%JR(ub)WsOn}9S6I8)Xdy+Qpn~mBYaw*$|{Sz~m
zK$$Njn>BUsd7MS`wW89aO|sLi)gOKMajX6wlNd)oaZg|Cg3OCR<&gk1RdS;^=OMt@
z1Lgg0RF+-++#4$~cbC%4&x58cXdWJmWJ4;m@zl)Pxlg<cC{U6WIfIs=$5F~p``_S5
zc+518<C)70Tcs`xvOt8t*NShMh5o1$pEzlj+A*LuZr<H~vuEQz>+H&L_dB~kH*G?#
zsb6M_`E7qaS=FJHp|tfEtu-A-&@oDx@qAGdXRhct>+thO8X6diY5gjx4fKCN{?HVT
zQLUFBgSX^>&65R<p#8Q#+;_4~hV)~8f8&>g!leLvctaww!9KsbD#M+D!AXwdBs~d<
z99GfynF{shJlyWBwIR?#wPzB{+C;d$QSAPh2Qi5^&qbZ5fR&YZ_@qVO(l_y06Y+>2
zGum%@eiltrz>fiDzPM436I$rCxD8bM1qQ^_mG8$cvLLzl1X^#-#ifMny|Gh3wGuC|
zV#pI`ion2+8Db6eXXId=-FP*``uV9~?59#&5(dB0B9)E81X{&GVoYrh8t|}6HYzyQ
zW-v;`iPCefd62`)^xjM=Z78xlpxUZM?};uB8&Qq|YR`V!V~6nA)rn{2w+!4lHiDYa
z3lo}m)|D@ERDOO@6FQto+PaJKBp+b1+BwSRFk|*?a+r}mIgMVLF=f>pW$vqdU|ZRq
zi~h|Ft54f}^!4j0%}v!vfAGonrZ!H|X;NFxE8->zF3$xs9|J13FwmD9@ve+|@pC1^
zG|iW?(s5(EndQ)~rXi2SJ)FKkDQT?h%%lFekP5o8SsculU8O4(YxRNPsagC3I!_dg
zzJ5{CxVu<tSf_F7k?D(zg?#)R;Ej@(V$cT5xBlIeP8FhUBbvuo)wA@tz|PT|ZwLF^
zKX9#b9v@^L^51is+vA$K_`4p7`DOV~Dq}wx&@i$04x=1!e?Ba+m%W|Qkku*5+tR+%
zNMWt3lCJj*W}qU*Pm4XSX)&rX+R38XZ|ASJ?+$&Pkg4ypkBSMy#aMf{_t?y3M)1BP
zHhlHy<VAY)$Za0^XWMm<kUv`Duus?LUkUanH8`Vl8z(!*)7W2*S>A<#2nilnwcgtq
z%?2$B2M>mCvmc)%>P?Uy%A8|Xdb<|4i_G!x8?}opXbloJ3D7J+4Yi*$Ywzmq{~jRR
z+r9O6mkeD1_R_;<PEBGTJH6MUQSikx;BHz7_N%Tp^Iqt!*zEjq>r%sH=ae0_856=g
zIx8j7RFD78doSb1z(Ib)(Lrma%Y8P{ed%aXAAY>(O5Ld$YwIuYnm_ySS3hx7_B4;v
z$|Wl6ZW*Bk4dDmojJf&HOoK1}PHxA=>m0zE2z1mq$yT=fUplZiyY!kCcv@kJG@2E+
z^({XFB!Uk*I=VjmY`xjpygxbCd&(uZ)sd*8!R$8u`7t>WNe@aEay>hpF~{rLEbs(n
zI)keFa3PN#!PnBQ`WMtXyXD>>)`9TdN=T6)ZyB}->G&q3l+P7vGx&{QEhh10t!)2W
z#+Tufg-p!qz})LaT5%6qB?vLKd}(u5+#&^c57m{{1dk@EEedVPWI56eDWuQJdiSO5
z*O$14qJ(7}@^WxR$gcO#D8-hSHuocU$wbLJ;cvntl-^@!{Bmbj)CC=R5idR3^)E=t
zS12rWr-uJ5ecX^N8c<07egB53xRGm-RCcuBXK5^m9*P;ULIy&Ad#tDQ>RmvgmMKw1
zsRAlVd7+ZFIA}>*>-k1xi5^k`zA_yq-GL|*MR!56los(Bw8u3$o(@|u((z-=*D&4#
z#fI%K*B_X`Zl(pv^C<3$>BLN4cX1rzZFJZy{CHkUZ+@2T=Iyizh{yjFjx&JSS)yD0
zqFg4-1XY0DK0SqqXgJiGHs6#ssEE?aR~zVDdwH3;5Wnt`G-O+;-7q{xej@wIZcdk^
zM9<XC{1A<D$mFM>3)?5x9Y0nBR2xl}Axp;hA#`z@QfBlN+mf#m>V&l|f8e}Ty-2t1
z6%FjdyUc%mLiCzfMl=2912^*(Sxckt^z!o0N13Ri=f?I7PgN@R($#-!L$>Ac=-4tb
z-$WCpzlWASot14O=>ge&)#8%U8jK}h3nQK;bYW|ujzec9QaX%dbkcJ8fW7B_Fvwz%
zpnUF<kwWmTTB_p)=*Z5kl$>AgAFuYEbXt(qi#sQ$Gq@y-^(z-%g|^(%XF4VkorhYS
z+na8kZ2FJ$$3ppSZEka`8kMvOD!uWWz0VIi;JZzRtN!`zu+wFI$_!a7eN<H{#aF^q
zysnzRmY!tdugqUm8!Vb@RJNA`pXLb5Sy^VhGY(m5EHv7!+V2-Udy`-$1<Z0Ov^K3@
z2kOY5$NgIIiA+w?bL)2>=7QB(G};^|7BKn@P2@Ttqv%hh556wX0rS4=qs)_ooSP^o
z4%QtMK4}&mC<F|Xu7EG>9(%NV`&QD1#}nYiY2S<}X_<k0^?<pSLL;y>J}{_fP1h`B
z=b7zshov)8xokbaW088|pPj9fKJY^BLLu1zKM<xBE!F?tTPtJM`dH8ZGbPzqikxNB
z0Z19cp>l%=?f83d@|7a@{Tx<n`WLo?(5D{U&BIADdfKY7iS_u~s%S(KG|#-eQQbI%
z{3FQ6P@kfHd9c%g#w?M*doFTS^<Yn<Qy3$|->ZBHQ-;|oX%LVrZ9;CdAP)}y8bh%$
z$=}^)RGO@tmEpt+D!H1_Px?qdMahV4A6=R;Qmx%850#C2S*~#w`~htmD!!Do2F#MO
zTrr2qjV=br-&&j1ivJKL+RYH)@q0$!XWegC*%Hp@{Tk>%xktD7z2j{p>+Yqet8WE|
zx}VvCXJ|(oreQCbIm700JD?XlADCKe-*bX7eAa^D=Se+w2g5qSE!i#IE9w#NF$HAZ
zkY?r_hCb%ReNd=P_E07{!V$3A{T<v0SXek%ozYesG?gD+uhdrydkd3IY!kmS=ZM=R
zhd>72Vz#~~)aJl|;JAhAk?XKZLbZ-|;@KsE6`Pdjp*Rj|gpE<0?&R2dF@&U_hr)40
zP2aO6^{7!Auto1?IYA#2P4F>%WoFgZOQt2kOzu&H+7tD$r+<Nr(USgD_6sJ7dc`ho
z>G3j#!_tF^`fUbRMO&Sl8DNNL$%#c(Qf>=k!ud!JReNj9Zna6f_4q0=jz_nG$)qtq
z_1d33qa$k4pKzQ`?y+g>vdAIt<5#B6<yJy5Sz*1(M)Oa9)wqZ%^ln*N`%8GVN7+B2
z`#G!o_2r7Q9n&wNG3Tk^w$;$J{hY7Ym^LP{scK)6za%^Ssz7e>@x55bZ$0x~$XdG0
zoRd~QG(oq2Ia)p9i08h^%8;a(H1m75CgFqBA5fW3jy7Ne@q^yYFO-PG6MSKi{=1W*
zb7oR`qsDdrSL32W&G}*Lsd=?taB~pdwZ3pScHf$a%8<Bp#p?`nvzlr;1zy3WTsAXm
zj^pOzkhAD$g)ncxYGxoaZ#gtdbS_H_bz>OcV9K1-kWMM6fiBiI$M$h%4qMHk@tu;?
z_cruij*UPFBo$@C<$S4j*!Ut~%vu=V4iELZ&8bz)pO;x}ZQg^csiEuq${u*zbIm09
z1G3M&Ogf~E?Y!8AXIgxba$CRlAC5P=j27o9^x!86;fgY_TW9iT;(W4D=0=o!6f+qs
zTP$pao~vgUJH~?d=v=>u!3v3mZAv*X{}t*peLcRu)bgj~87?yHnA!SET0Q$Lj^(7;
zk)Cqoci&VZM2{dn5rEBnLT`{4a~uP?46T&5W+;>3ZZz(IFDg{ytqMmv-Q31|-2{&<
zBVetCEUWLEJ!pZNP`oo)6^9+!$AxSH3_)6qPZ%l7I^&{QP_?<xU9ufqpFmWS#hnD@
zyJ>QT6h*U<2Nbn!@LP`zxK{a;f5ruWQaF)y9K=qX5l<uW!Pmsc%wlFxCip^TK8XGp
z7oA2cHd)OqTPy6zS^*XVm=PJ*?~cgL9p4v>ti90Z{!}*1e)@`0rHSH>6so4le5?n`
zjtMDCLrpz=z<lly!j?sYUpkSi@R9|T`W`cOn$AA+G4+&+lRxu&2e0jEwUYN5b}V5P
zBH;I?MF%`VgclX`dbm}UC<SZjlZMrb`^ic^CpI7<wpmQI9-505q{MK2?YtcCGx>_w
zEgy)U^LSyUVkZ{mIh6Gw_dRet0%M6gknut2v(mURd<nH#)ItS9BqyAw?yD~C^o;m=
z2c_mKFFu=o{`GOL*>k~Y^B_7{N$nZWa{BO`jSKNlIUG?V%|K7tw!G3XLaS#-ib%4T
zb;ZT)q+k&yn@gs=lL8S2k)$ukhe$o736-%KLr0iB(hA_!_-Gc!R#R2!_%FBg9W`cs
zc?$sGt8S=$G@bivWVS;#kFP^SEq`jb7iQC!eag3aw|P;M?sDH2=*oAq6tFj2QeCZ9
zeSCKH%fuF(Q$v7>+)aO?E)Hvso;3oWPzqljW*0prb91C!Av+VlIo@1bsC_B_`bA8?
zj)a=u37T&;h6F#efT(86#B~|fXZl4*A%vk{=0hZ>Tgsc^{U+s!CAF-fSS33<8Q$_o
zpNG)+b4(9;52a%<ijJ?P!NeB_v{<{v)o%xlKcpwnWFMp{ri$lv#U*Ts(0ny`6pnW)
z?v9f&zi{GgoqZ{+AzABG{@ew8%_KK_WHM>Wde`3RP#f6`^J;1is7{oR|8#4oe_MR>
z+^>AR&e#8$ZNgmXi<qB_y4<#LpI}#s_HUz~J`aO@80F;0At33A1QUjVs~MLP%LVdu
zcpF~1Pf)QFWG-DjhBQ*j%jPPT3*|s<nc4cmG$gF#x`ZN6t3tELtf1D1^=3?dUliEk
zvbp)3ftuxwZ^)E_TS7%-BBGvc;|;7OfA+o@c}#Sgl=eYK+#IEi^NV-bizm9@IMcsN
zko0~|m>J+v(oL)b?Ok!*iZAJYsGomA-1tPLi~OqU%Cp~8b$wfJ+r}Dy{~2ZKghHlE
zD_en4@SEV1i&-8;&w2OgO<+;_`s3r(a}njsO2z_B^q<24BWkR(n{h4nwo6>iD)XDg
z-|)lvnZ>GW`v-CX$-@no8jkV4SO+Y3>hBj!;ucOsS-WKx_GjW)KbE%Vpi|jc?Yk#r
z5{SK5xb8yR-JKuE>{7LpHt%nPtWq<`z3$!VNO~6(VY5g$1ZIBwSV^8O<`Ei1MM|qw
zpdj{@A{h!LL*k%#Jhr@?EZY=y3^oU=Z8IZL3QGW6X{I71q98UF+ftif7l(rtY08=H
z(N3|WQQR0BII%1W68Q(zqo~(#ivJP!JzD@n>?=VzIMpB+eTdC!hpwEBps%zvk4>Im
z7YWm;IG$aF!l<?~%tov%DxJ+xmQhWFt-6OA@<VhhLrB<*?d1CE0*AkjtF#$Rl!_j#
z&r`c%K1?5a6!Hw%52}&hp{G@N%fR3P!XlS?W+4G{Z{l?c{xCYZRvFb~Z9}A0yiL_2
zI_<iWN2d<Y_OEH_+^7-hBOtSk(#l!(`ApqF<zaqU-DR>5Y&6(UDH#-0%_CMbaF9sL
zcc1f46j`anaayGHU{g|qhKm4c<1T&1R$(~8IsZZFr#%X9#9o(6>+vgYucpmCyhmi~
zN=l)+o6nINJ-&Z<bV4Lak-EHaCvlv#5zHHY5E}AZuj__>;fILt9r<Y^pS8uUw4T{3
zeViT1kgx9^x9Rp!j*1!D?!^0)#`5pcS&}?y?)!CeqNt*&|6FdP9EpOMCIXZHTAS#K
z4POQ1Pl_bY2UU5dh$3NQ5iW-uA=_*#FTDh1dl}|A3hmi3_1p-@K#F63HPIyqX_9Gp
za3D;<dtiI?sjCH-EP)AUCrY7-FCel9N?h4*u@Mf*!!3wi8!f~Nw3sY>&$mvBzNYmF
z-51jHY9sE29^~Z}Q&y%lrVf~;P$k7KB$&u8M?|EMsYganKZ{FntsL_P*pyP)?ORfe
zY{zGYhcukP<8SOK+y#m~Zsp-%xoPC-=+ZDqu2>p@wSyNM$tSn?NMRNH_p%>o$HY$b
zP>==`M%ao*1ZDXcfq7h|wO$Gn=Re~k*DT&VLQTXi%otUMn2`LS38;v6GmbbYRYdO&
z4kjwA#j2eOLe8@A_GAHuwwWbN(~A7cN1r|(D1}gOJj%sRuuDlHcE2tkh4XATO{>9q
z2!XcdOTGq2*c+h~t3n;OLqU!#sh&&Pr;ku&AJ{UPJp*n^-*>O~fYdZA+|=G<g^4y5
zVks$T?O2xdzvDb1eM;l&058e#&5@4m=$4W-zfA7ilGc&W;P_!@LR8&F_O8gZDlv#)
zgtV2?0=HacZG6yvrdl88xt~f9X|JjaZsBtmhyX*JW+Cc!Il9VjoXNSDtev*LF6G$Q
z+@d}TFpc1}`{ChiwY}4CU^-?^7wn<FH}jGpXQ(NJPG9&gaEq&4$DLzA`FSUW*$gb(
zqF{M3;KwnTGR?yAb<Y6R5Jvb;$85b>*YLoe_tVJD53$d`0{e5?1bzy;en0H=thy;;
zwDN&wq(YIfyp@x%E>tX&*1x*-U^s7HEL(4*Z%m(d0%LpgihFaIEaMZ>VM_1D)d#Vs
z+AP^d_o_~^YVg;|tkwJ>;g9*417rJk3Fsk%F4`9d$Vf?i&}c&HLc=!}$$B<rO1It2
zh9gJ2FC8j|0IP>ONYd6;yr_}cRSG!gb%{+p7OkPTTxfb5%B^Wd|MixYT|iyDbr|Yv
z)g(}sbyV1xJnIv=feDWFR51TLlnTZ@cHiPB#KG-yY*8fbwNxIG6TC0mv>C&huVc63
zS@rrq+c1p`$VVl3S>_$?$rK5BrLyF(z3bPhPq4XF76NC`us#{q5-qZb2z!@eWX;3i
zE>G%|W8oI;&DN~JWa9nJ17fDna`3%S<oGc;r0N5yRr`x44D?=7V#O>kjyqY6+(n=Y
zvKX%{;)Gb>OTC{<a8XP{gXeYPl#VLI6RzFskc#A%EDdlQu1d$|OH?nPf`hjU$7bpD
zMov1-`A*j2);@m}$XW{~HtmOP+UYB?hV)8E=wrFO_7m5jm;@$pNfsw^j!3vBvzCRz
zRhzg2j^@_(ZX_{h_1=wWHshlS+bK@Ohb(R!ns$-zz<1xYh$x-D`(&s=gVSH%^W9mp
zsJR)Idz6OXPw1NFY3z*CZjtx(xb3IYp|-Fk53`w(_hdbRi2dHJL3IgJ+fLLsUaVI*
z6Fla4A9>gou`7ufQPl<%<rzf2V81K`$r-JFQHmV`V?}VF_Ena%ywX-l_G8*4-bDol
z7-VH*P)l35Db+Z{$;gPUN7Z=rQt3E^(mfa()F|~0Uw*bFMowS?2DD|vC-|~iX-PkC
zl7K!^rQ?OCqAN}F)n$D1FN<O^dN!@bPM8JK#Yz5%n-(3n>H%SoN+&7Is}P2?h_eI6
zM2saQUo`bMgB2dA$8Rlg2A?igF0hUB^S`z&hR~my^UhB?OS)Y?bk6?)4gUyUU#woJ
zEN`K^3(lCL`AQc*J}GAYE1w|m+B5y)cT$baFJ_J>tT|(K1cQMMd6$&_5<;zNtD6Fz
zcO_{fImdOlpSoX{V3EIW3P~QGsIE5}&wP8}bF}B@`j`NVlRX_AB{I-L;~}{0&to#~
zYbFeI<4>1;hPzx@mg18Fv0tO-wN}i|o^MJB2hi^?0}~-EZjzQ3e$2Jy{Q+%XRZHIn
zt}amBbi(i!yzS2{lq9u{U|-VMGaw3iaqQ(p!NSLovcU5Pu2Od|qD)~eZY}0JZQ={h
zwerung}s=}6+7v~)bD2B$P;|`byE~?Y`Q6uySZ=IgKUgg#Bs^W+%P>_uUQL=6z+;(
zNEK(BJc5)^z(fnP7w3;v*z&d~h_DVPfNwyAy<m`Z3}~keV;aisy%WV3K9E}A5!{np
zHV{|%{UI?z`p{IY!18>d2PEP$oAmf;^3o{fm4@c14&~CqYy?Mry&`dnuN0xQ@sVO|
zNCF{a9~et@W$6pFl>VItHepD<qNN7Uyt|4{ehr-yZ%=+&D5*42eC-32H)1lM?kQnh
zc}AN&O8ylarSD{1g@#0v)5{b5Eh$oGTgF^{j9vOKl$(~Yw?~Sl4)bnWrHO21>K8W!
zF?LGN473~8_UW(6d&rkc=pibZyaC)0Sa2w+m~x6ssoW?TPrw6a!QD<Qeh@7_S#E0=
zsjP1oJX_BvWbsC(`jz`_dy|`aV!p+-f16aN`J~cB0F5#?k#_1%SiE#;JpT4X2a$^F
z1|T3J#&e6}85iscgIN*QbHipar&sPBBYWJ%z%~n|AJ%&a9pV%lc47qO&IsVZ_6Wc4
z^(}N(Oj=zQP0o%jvi^X61wL2+(-R1$Lr*$FDFB1Z%;BKf(an&Wki*{(GI&cL?<Lb`
z>1Wv&PL8r+=YoeTwFB-~FE$QFgQe+ka!%&#Z4Yl~|A5pU4(_Gs^*Y>7H{)~M)(IYV
z@oz1by5d7PEhw<g)6eher_Gi^4@RrEA4&>O4-N(vfbHZo=ztYMJ?&j@c=ug!J4kw?
zP7>6c|A0iE=-EM<1e=1!sDFNVYJW$sua}gbyj0<SFN5k(wbIHx@K!I%?qMUa-9$+~
zy^Tg>q*x`ohIdnutu23ZYq#HLh}mVb3FtI(=%w#(_P*sZ2y~&AA%&t}5cI%zUU$<g
zt=)ii#Jz(tzAgS<o;SL=VGa;my_oH}KG)`$yEkxf4bI7iW^0+nA8pi`Vs=h8B?)Pe
zPuy!SJe0^p#OpM*w5p$UR;Z19n7t0xN)U4KyPyvhR#_S%4W<vV&~6L8HHk|X@@=>K
zU7Gp5%ih6fZ*;n%CXd#5VV7l*dg)kMCDCQ&J-~Txhc+;y9D6Cr+2vm5&H#VrLqg_{
zLwlc#dr#+<><$XEAh%&2ii_&$P-9@<u}?k=6*ru^=?{Us(siAO5B=lwE|TP4{l+Vz
zu1CM`OD}~FL%(GBjv3ANY|D65uZ%1oRyKhxc+^Ml=OrxQO^bK5P6FdiSkv>rhpi7n
zd#3d(ZUYHCk8DJ}JEw2POW-TN@)z3TZ+MmULswVtyDWe)!iDL0o^dAeQ$1X_**NxR
zo&ijpsk`xdx${i2CVCku5G2J2^-(#JJ3?*~h$AhOh$qfstuRFn+7yDV!(eo-6hA+3
z#Z^wc5wFD+^E%C`&~GQk6t1leOuCXARQe{Vjq~;;<UqSrF`4NDL<<v*9C;`vUk}yh
zD--3k;jH;mSL;a2tV7M*Vv_CUiJccPYeVMMr1Us2yEb9@%e8dU+5I!=Wmwxp&;ziS
z`sI1xU8_t;sO$dtZS?Ph{D;h@Xkc%xiks`Jla8waX*ymCz+edIo6w)Ro|*qH{?!J|
zN(wzTySVr=o*5Bv>sB-J2jusFFgcz9K6IDC-%SXfpF1}#@Y6T9(W_fb)w?Dx<NmJT
zoX$BKJ1lun20n%d%TzB7%g78*4F8$adWM3E4f^L`1Qpzq$Gn~dfe=4Zz|qakix*~V
z<7mn22(z@e72$Dmv;Xts&noDVqMxH32&AgY0mA$@HsbHkK8Oh7ZSCw2LIR-z&ys-C
zDoVJ6mzSG3FRzOykEM;Pl`W68D~#9A(v6p&hmRK|DdXp6Y3*$5#b9M?@8}}M^t-K#
ziNVoEipfAoolo6O!Pdc1CBVa0H$Vew9pG#&X2T>S%^>L~?gw*&*?L(r_`zPdc#8W;
zG5t+k9Jog~^D;5~4dUf2#UzKwmBCP5i$THF!<IpaN0{51Ul7b7BF4in%qIpG<YEBx
z@r&^CiSY6ZaP#qt^9hR!h%x+oFaf!F*w~5dK$QN?3wV-Z`j;tRUtb<y0UlQmdtQDq
zF)>~~FfSO)4TRwK^mp;H^y7B%Wd2VI5L-`c4@WmIM^_gHM2ePHuHIf!OaP_-umE#Y
zSO0Iq|5s_jU<khch6dJcu>Bu0{;#1uq5f{RygIg?uHGKjwm@*^|3n64_y5ia5fGq8
zT+_o5P>SUXh^w_X%+|$A6(YqXB(JC-C@&{0Dkml^CNC%_#xEo$q#&XoC?X&r2ay;0
zPu%|<2S|;_#?eMxQCLtxNkl{uEXXgw&#x#ZCJH3R$0s5H5fK%Z6B7PUTvZoOFH09|
zTSR_{xQ_o57xMp%E3V*SYw6|c0d;kK@gL1=Ik<YcdOEneF(@b?G%d=&X5i>z<Lc|l
zj!?}%oI-3p9DQtUlssHv41Z-S?)ZP9!HSQM-%3c3pIg}0N`%|WR#1f7QV1->ZEGni
zBn-9!i-`h*O#jBW`Cl^o2b+Kkz=zv^$PpJ4<Fn(pwX^013kX?q3-Ad7%Os20T65cp
z34j4VQ7db(0241jA}<0i{|i3<aRM-jxczTo03QBZoNQfyGUNdimOlp|mH!ce01qEX
zR9;mbumnLI1T;v-AQbAy$~4Fz5HfK7^?Ur+kMM4lKK5(VpdYWGl^}+p@7|w75dPo7
z1hVM{LLmKF0KEjEqoSgsp`xRqp<|%~KO9VSbW9vvY-}8CY+ORzzXu^MJ^>*CJ}wCf
zDJcmF4K+124gG%)Bn%7;JY2j-goKZ%$cV_O{_FAo_vTMGhzJv@3b`Exi3o&DgoHwb
z^rsJ00kDID1RQ@^`FlY^MnOeG$G}9mB98yB4<QH{2?ZGy1q~ey85Io$83Tv_B0^;(
z=9eQu)3#)C4+oQ?r@XI~*J19N5Fo=?wL0=(AwQ0IqaavVr~CQ)2MF}BkRAmQkTUY$
z0|^-o6`%oxM1;(U!cQ!xO@eC4MCu-%@*XUYc2wIlv3jgyMfPVNgo^@1AwnSn$$;+J
z8{1l*8%JYLso`k52~Y3|f9rw04{t0BZwy;dK%T;$LMx4gAvJ~rj!q~rT)YPKdE_Y^
z7&sDUnnlf?iq@FTC#=hgKB*Sfm<>4N!99Q*KH*7L;313JF%_+@TJEpUbJ#~+w8m&0
zm=;VB=WmJyijHa24&?JT+;F+ZaI%l`3u-U*tJUxt1|t^KvbfWRo;OYpzI-~#9<d+`
z1AGmb9y_LS1HPOFjAV$!N=+Q_8u$<wAn4y5|Hd_7Ktu=J{zhU1uJaCfh0!<;AJxc*
zTKG)V!2pTq^N+Y2zM42~bT23nI67Tl2O~MzkbjhOvgw9{adg?Z0p|I*Wf77Y40kGk
zgZ~i{ke~23Aj)4+09ijbj^S271N?Duw7L<O9^=^X1}#8_2p*`_0U0=L^uRs>Tp>aO
zGC<YO<^!^&c1-?<<bUK+tp>=U`#*FSm;hoaSdeY}#@zr2tZ@PdhP)sfH_0U7w24Tj
z5g`*O6T%NxV1h{LAAtaZ2Z%#3kKl}{VKBTg8<8-OS==NetOB8~e=`C^fIaO2Wd5(b
zlk6MY3H%mhjl<wbfT9r^FA)Al?Gy=<g_TFbkpH@Zft&&1M*h_^Sy|d&d2#A}<yOlg
z2k`NTQ;WQS8^ZZl654$F1>8`Ci+<sA<G-o(5Geozpp^o7Yd4mYl|HXh%i`4L<A(Mi
z#LUO7hv2PBHtriYTpmt>=7a{IqCnB9Py&EaV>O^~fWN7spN$9}5lA7Qw?!b0XhAJv
zY7mh3N3^o!#_6vnj;YANGgG!a99)dhv@Js52;lq`4Iq@i((au*sKJ@{DNHYom_mRW
ztrQ1AYyr0{4EPxX;KI?Ob|CwYE5H`O9N?~x015d=dAMl-93hr}u8hXfXaGYHM3^es
z7~mRHNLGr>5#<E%0h|RuNJisu<FW`iE?H?7rxvFk_S6trDG@1VTq(B#W;#&l;uHZq
z0VRa63LrtzDdwO6`@iJ~RS^t`<{wxAibb#ji0&`<2CQghsb~n`;!34g^j{#@00<3(
zYXLt5h5w5;2sywnjuyZRK;2({0X^Vok;*xt$pX}sa;rrF%vB^K7-1tTMfi0iRPhL*
zUj+T72mw_gPAI1~8bChwv^*d*h&J}L8i0Nx$X{IoMFtHKLJL)kQ<niCf-vT<WUGKo
zhyZ6!pqwD;9P)V};RrY~6GH#`?_bry{mtJyp(>*Mm+F6|jzHx<wGj>=H?+Tm{i7@(
z$r%0rBwh;8hA6oD0JSZEnh==-as%-3^)KBJ(!V&v2I@6F{qhLl@1GMht^ke-1Blc9
z>w#b!L1JtKknJN*Jw7OqXIUz$A~FKy9E`?cg4k20WPn@%nx@tMMKX{V#wUP*lz$2l
zLt(r&8mSg38k7_}jxAzJ8zEo>A3${AiirCUADnuK|9|rQ2R?uG1_<q6yx{1mks%kb
zMIfRh|2?4`k2sL0h~Qd8a#R3SaF8N^nJQT#C<g*-kC=ff2_bca^4X2c$&diQe=|VH
zo&y=6nP{JL<O~}*tbh$0LCD|BzsUI~ALw5c{X;VQza#^R{#8E!gHpQhe%RPxk6M2H
zYk>jKar(5(ZA_Iq>?mV!bL8C~LGjwR%SSm^%KkF9a@DCHLO;szbiEMx14<4=Mz$oe
z0g0BQ(G9oIM>&Ob4s0Z9XkN=fLk3(fhk1|ms_V}~Gk8OfzWf2*Gq-mP4a7g%kXKoW
z*RR=gmj3QD|3zkYMO!+OpXumVw@i%F)O~PB*VgEMms9AWYemtN?IzJ0@{^+quf2RF
zpDruSvWMc=Ms2Ul+^esdOagZ`I$S?5RbKxAy`#GKU9qyN^ZnArtp~i|AC0e@h4yFm
zSIgvSO7L2oRD0pn)_?b<&n_Upg>uXEG_60_U%wsCDD4_4j}spx9e7*m!FcO33~W*O
z;4^SNFZJqssIgCe+4JOebDHMRnpj4(&qw$rr|id@W9?nFHw)h8K@w*V{T+Fd9ccbb
zQ2?0!DM<jLffFcM`UOz=0w@}CA(@u8b^#lX7PD*>Q139Yk(FYj0lJkX0@R3HfQMWF
z)hQ&?MUJNXyw~K;?7G{T5A$EjE;%%7qcMMx^`VJr?GMP-$<Z}tbY98*oWhEAMT+ch
zw2NwXZQ+*;YZvSnmqrA{+hH6-2lH0Zs=sbfCg6aO`0+@T%2dM7{MPfbS@_kn_WZ|D
zD-udx{WNMt8CqDs;v+5lXOYi+b{CA^k(iIV#x*@@x!AXOP*T&rCa1VXhi4aeGA$JW
z^HN&^fe+y`yg&YchTvC?H=2I0yPy}CSDWa6Kq*FDNcvs}XZddg=&J%B3Da6(Y!Uss
zd^>w}`(*R=$-VyqDQ(uNOw>iGjDMBpOqXNe2eCgOhR6Mj=%?-ZgU%M~q3qXPQSs*w
zJj0!&amz?)Nlj13uVxQId5@BTfEQuBT;P5Tk{y{o-8-{RlGAQrrBIDt*Ll@qX(VU}
zx51tIgXW2lb>?06%c7`WXM9(t$P3VP*^Tc((uo!DHq5$IMF+Ah*_OWdnd$1iExDG_
z*8Kx|(-!`afyyCiuJk}&@xa>U_@H<r8G7=fqHXJF71+WtE%G;-I`6N0W6dA82B{A^
zISI|p*oFyMcEQ16+-9NA4vX(=O1CzGL(hXgT&x=^#}(qqoE{2&4{3s4TV47Di+#V>
zJx}W{J5+zPCTpvE5pHI00KM|O-0$LaduY6=z?<~(9c4OBgyLhKI%C}K!fx&ZgDk58
zee=a&`FHQmC7khDC7-IoC%&T0j}9!EZvQ&Jo1eZ<c*uEObMj;cUt_U5ewFm8%uVBR
z+a9phfrdoLxcxlshr9T5VG*}z)0{E^{z&5>U(lgK{|p7HJ6T|;X7yg*7mcpDWs9ci
zm0k1hu0J60gpK!EdmBhKNmmy)!I};OGBde_V0mT1WmGn;&~qYvZ@uAs-q{7Yxp3>R
zs%%t&;Z<Y#oA2OBGWieMzxnf(xI`D@S|#(27BT>Q1~lADxsI6wmd)0VcYFg6Cci6~
zvOf&$<hoe7hcdz|;P-g${T`bSc5|DBt|u3sp~tHO-)EQKIImZ)I`#bl4cs?{dj2vE
z-J~yLMeWb(f$k2I(0?gk`Tjk)=svdsm^f{AZ}jGifsp$*lN<L^>zZWi%jx{8S!sgd
zj%(|X^A)g6)grh=UWGZZpyQw_25zBlAIr!yyH&4ZZ5<RAZ9$#s`3ID<cz?FN>MjlC
zlc+||KiJ|_jlhgjaV|{6MrtW@WDzq#p~V^Ywix!n62ARax!{UEYi7@5t~piu!G+~<
zn8@-*SjcF|&6(p()5GrR?^|F@k3anO56I28jj&0i?w8s2p3`cmy<Je=dN%*V2egZ1
z^^Wt70C+xrpwB^wkx`NJp_OuWhgYBHC~IQ5q42e{>_r%xWd;25#qwl6dI)L<SE>3$
za|GtJp{M>&MeF)%SN<TO65E+!$u9X|?sHc9DXBu9)uf%!NLGCJA&j!%w~O@HcPpXl
zdkZt2e?Xcq_GkHLtMLoN3ZU5KWI&ryj*TWqg(jOoSV{(Rdani4I;B7Z@^1xHijC@k
zXp4X!6uT6P9qw7!9{V+|`U{Wl*`e?)dit4^Ij;>0^^Z@Q?bAK!JD=XDUm~p=HZ}=`
zeJvns!3owqS@|JY+AJ%+*FfTmCv?l6ioNpK@_9Fh2y1hP(=($+`Rh9^9@}&Jp{}vK
zcfoWw_gQ{9E;@bq(lwhpn|5rJY#Q+;C^gstlgmh8cLt>W4t~`JCAA+);aT~huD-YR
zPhoSEA4k0<Rq2bILe|ZM_B<Bq`h7B)?7n5qzN6*zG@?0Z=#F}!N}VKz-??j7%}6bF
zCT}Y;wcLGQ_|g3|l3rV=4yEgb#eq5Vic@ArJEyNcvsDs1OUrHf;6+B2PR;YZDJwC&
z0;Kg-qpCiej7MQuRKMQqq5Kwn^L-AhE{%I`DE`L4MEBc;q6g7Tcl)bYkYRAQ&R)ce
zni}H#g~Zu47Yur0r?tDO@$Y4HQsSqE4~F0Oc`xFpv#(;^Ph~SvRT_;RCp%$DC@*qY
zya?uM-9GT#mVF5u(Dz*T2)UhMeP@wzzj37@y`F45!O{B%#0H{oE#AwQgiE*%VA}X{
z6{-Igjx=%XUF6uC=KTy?Xt?(DxSet8qxlMj4}sLb+`-Jwc4nn%M1C*OnQs2R|4FEJ
z+buG`TPf)u_xnLOUxVaA<W}DNAXPGaizTJ6O!8_+6&WsWllA&w$)~+4?70p967O*M
z4ZLf?(r979;&oHy%-!m@gy+moPv4}sv>q&2uJ1Nct;247-UM&TZ-}wDu-@@3r)+?}
zH|_S7#rlN#e8P}}5&V!zx5u*~H!En|qo0C>HqLy+tw?QFCX4ul8lvYGdh0Y+p>wgC
ze%ro~_(ktjMC4YrI<+vUW%>4~(B<ImjVm_BWBRcsaiQ1d_Z3`q!>qt|(H^X=>Ndb$
zVl&s!{?DHq`t=%L3N<g6Yhlqi5l%HOOgy)DHvNJ9xRe5PlbC1jt;<IFeNk1&ZM=aI
zoc>8&v2*wNJ1LQgE(>4HkG3g{31B`C8fhhg8&ziYuj_iwev81eO`*ExD{CDxHMfC)
zh3JO^3$=UeADtgwcDZDouWL<OsR$2c9@7lmW<I?FDz=&~y@&Do$y=%m4cgY9hiqho
zKzRZhayb%2LtaQ!PE?4E`K`M!9Vl#wQl<58QIjo=3P4lrAwjhHTAbgM&d|u#i-&*k
zXuo<@G~e;vcC(2d_YY`M%V~MNVdf8r*8W5`cakvGV|E?Z&|$)LIE@w9Crk9GmWH<m
z_>Ac~Ea5vItvvk3BqN!?@qui{@kwvO@=ChN2XVATO@V^j1m_HD{x-)HU-D0XK(Nl+
zS*bR+y%G&$4LS}sG?v9s(OQgsq45*rUjgU&wz~;jpAJyX`@-*lw`NUx%$gCh$H~`*
zM_mcKi!4Jt-$;KjbM(fO>t5+)KYL9Wjau)r%P%~YdWjuq9PqW=2&oxX{$W7(5E;%a
zoD52)>qA?7i9=tPPLBVf_>!=(mZ`osD8&#-B9ds_*e)xkrGLTp%pJuXH8?GshjN99
zny}uiC2amay`}2L?m&9F$Y!7=eo4K%<r2HGC~hlAMGm}}=R3RPR4?+`RFkEK<tGo9
zlXd5tz;-`qyMF~w5O)%K?+onnjk8E?OQ8iDv&IKv(xc`F<oe%v1Zp&*$IT1PAM(&=
z${J_5rhUIEA=y92tfhK)Kb<rjLUnel_jaOB1f~Ajam&%R$zI0CO9F}X43-T33MC=i
zme~dK1HnGO#ucIFo_H>&6V@#TVwYYMf2zJlKbOIv3ehZPz)0}byHN4j#zF5G8dF|i
zq<wj1tOjmB11wnxZ?#&Uy!&-vFhleODAvdK+t-uxC6$cv(W1(({tsRkC6)a6qCbl)
z60%<%m%VL{$qCYMtO0f~7Vn&vvXbGB9g=BBJWQR(<h-z$xXj<ybh2V{Kkiaq4$ZZ2
z8n2XHUw=sY8w3cCK}Rt8H%MMB3aW79lGMj)Ahc!t+5J|vqmAr(w;Z*XwEgw;MdeLj
zh%WV6@Ly_*c+>jt>HiW_r0RAoHUK1{JD>NqK`|<FjPrKkdd6kCrO37aprb6Qoca%F
z%l*zdZ{gtLSM}R_iKYC;iyXCPPyRx_jqaYcbe3eo&~qnAxf&UlTNr<k#5u5|c%Jzs
z#V*$`?oJcHhFANJa~n2EcM#}YhT)k#Q1<(fZ0Hv)>p{v!#<uBU)uzW_K$dCIBPe<r
zdK&iUa7WpOa%M}}1mr?y*;1mvjg+4J-#?{rJw&e>(Qhu$)6!P?_P15T7<(tJRJWKR
z$?N%$e*VNX=yp#3qkdoeEB6giXsi9_(b~<tpw5CbhzPz<N9WCQtMz6=<M?M>h42<F
zky`_cI=JYwAp=Dn4N=R%FsA&&{Qc5Sek#JMpBN8h)kdp@l813%Mi!#oPpH9{mFDd;
z+jgvklrA&vjA^v$l_5Z<eJJn`2oGJAQo-wDejZPA!Kt6cRS4Q8syZ(vd7oakJ9_aH
za|2~+2p9;W&Q-4zns)E6#r1Nb%BRO3uMa6w5@h-=K=I@mNP5?9az<G=<Ny^Ps=T)`
zyQtih4lGgBVz!}65tLqxUHcwG9t*x_Q1UXj9p2=gCs)VjbG*1g+ZF72mOAQn(bSur
z`KH&c*(#LY)@RbR#kD?bRy@D4t(iMXgolre1r~Xdt7!L&Q#X*7Mm3Y`?1bTo@59y_
zsG54*+}7v&t-Ixz#0#8TkE~6M=}9Z4yx;wAZ&&zz&hywF?#RI)duwO%Pq!*1S9kgO
zFDG{$dW~umKTDZc^*@Nm>$~o*!1L>+-x2tA^SeesB@}O5y+SulyU^!0XHWJLIU>*L
z7+Aoy<ez>BcC|+Ws35NmwG%U18ZF@>xv{x{E+$I~&2&fw8~Wc$c=UYi^7irYT2H;u
zebBx#pceDaLkegHn<S7tZjFBCZAuC0;LGMd>v^-HM#+8dmd!nd2}fp)i4}t2K_L@q
z>d560VdxQkf%-3;^qW~3X1H7oObEClgsLT+_NvD&$bIpg#~TxG_7B&5@u_C>VYKIS
zvjd~(^Ru*Y?{^|!-VlgyT6;7UHC3)wRuO1xdLwrrFUdA(;{Z3L03w0@5*4EsM>(Pm
zVALYT1Yii|Ko0+>j|J5I06x($hM05=)4rO8YBOIMEHqsOWj|CoToa+R5GIOz16I}d
ztTRx}a$RJ^D&V-oB*#{sQ=Rq5tP@E5d3&h%D&6bOB{apf1#Ps4AzyrI7RyJW;&D~5
zRJuEfkm$>inb&&*G3dp8Cv_&PC1qS3;_s>MuuxMB`#Pyd^K>Yy?=Vg9R9J$irC6lC
zz4oTQWPM(uiE{b2alMaad{~V{K2e9L9X}BM&Ei#E%K`Vva$^ws7`SXFx=H3rNXmV)
z=EarHmXRE=vU{jmnDk9O5s&lRK*-^SWK5)%s^q|3!K~{j^Q*PW@q~Dy`D=;1i#ql@
z^@^hTm1vi`Ah`14Y8>~wWx&F(+Ms;?mjp|et=M3D)6)mg+dW|JLZ(be5d9@)%Nk_n
zr-|=r+12kQ8J3$ThaS63aiZbmbv4I=xw;!2O{;GmH!>C$yeo=kG;z(U4D_(iwVc?9
zbX`bsrUaS#OQoRb{entYhs;|3NLL2pd-!Ma9mwTGf)Le$1g%n>3G6fMGqfEhhnTme
zv4u=d5ixAoAT8rWMPN}Jr)VoYtNu-IeoxFs_%O`Od+tZyA&pQqwZlR6*w_=d)hf3I
zWtfkTyQeG6IeNZzG*=YNJJw?Oi_=)uu(q;tMHk!TS6KY?XQF`TOlLi5kyUUZz819E
z{w#28N|0kDi;b}**bH*~k%BE-znbLnH0e3m%%-I5jR3clrqv#HKsLH<#cm*lnd5FC
zQLf`|-q-V)ypm7XQGg?p2S&P-rsXM)rtTblmIX(^f87;<xYsF~x<3-tEfkhWQZ*r$
zyl+e1AI1(<?Bs2DBuEi>g*Z%~$uI^@0It{KA3K-5FZMQ8`J0h>V5<RfSao}S(>TFb
zx|r!ZbO(Zk4c5}o*TlrGZfFftM>Dkzslx$VSIS#fN;+6?w!YK(oODRRG#yb{VbSu6
z)#}|;&;>lFO7D-U6CNrQjg3vY<}7x0)5qPPqC-jzyhUba=;(wi&FX#$byM;sko|Vf
z=#mnn)01)<U2E~oHSyC~?~c^>E?)k$u{A3E>RWrVTlM_;*Y(DWx|9&{w>w*bG)Gi`
zM%Rbp!zW$w*i%8DFPp?|dd{fM26r<d$j_Wz^uYB{pW-V+J-%cdOUr}8LEK!5&xIAw
zaojeqX0mz=ofW$;+}}q>NvG^rmMzB^lt;;yGC2TUv6#1L5Q=g#SuLe<B47}ktdtfQ
z79=k~BNKAge_=R5)8|?FW2)-MwT+4Kwzt<i@gM#r>duMtt$XzyQQ5u5rw0|CZ4%Ad
zA}GeIjn&^<-PMadYTJPoMn7-dr1iYnoy1BDXh8g<>ov3<SG*izbro+0$EN9`KPzXC
zWU(dvZ1Z~AtLM!g0aY_N$<S{SE7^`tu;+~c@GO-g;6FJn6<;aobd$}~d<<X&2o{jd
zEQ+`lNTLe(sIoyo)%j8TI(%JIm&F4kK}s#<E1giVE?Z8x8YN^S3Gh?_t^wJQ4gblh
zp(jtqYRb|y400`?Lo$LgdQxhcqrAI<=iuwLBvm@Sb9yP_^=F<`)7@E|Bg<3h8yjrQ
ztue`h21;1ZUs#g$*-*nfnVh4)Z}ZI0y{0j2-d{*FWt_4wIXNlwEt=s@rM1y|OpEKi
zrb;2aUQnrCyZ&~iI_Q|_9W(x;5pD7QB6kXw`?OiJs!^W#G3Jc#>#-We0~ygBBqpz@
z8&tOB3n%)7)>K*Z6YnOMgCMrUZ{#fD2GNn%%az~de>?MQX*7w?Ebgmtm_)<D&E)5_
zGHX*r+V5#F%PpBySx5$=6mk1+OJ@l6TV~2JKDC^zIpUB-_Qh3xtmdwIMh*?A{c$LX
z)zn!{GSBAN?Hpc`>*Dlf4&}`s(4N7x)Gw|>(Y=6xyy->(zo~12&n+`=I!J3Eq-e;3
zi2geO6++`uJz$6x@v);2M@s^VR$8QpT)+`cHO<GJXhJob@N~y&Opa=n`$JLn1->R8
zP&c$Wo4>+gmaFo=m|ij7>yeH$UibD&FSa|aw5%)!UW8IIfI1;_EK4mVbF3P-%pZNd
z%7}!GQaQntRa<};aoyuh;Ir{o<g+E=s{qh)^bt2xKTEC9_7u1=0OBMTY&k{^QW~7=
zVw&k4-vWVMy0F=}Lf57Ud6q3;MCfTX)Pe9Sm5hoPZ)DgjcJul?=+EZ!%J!2+#O~n1
zYMDmk>3lXLZ-b1lpq~qECxJY*9A71vQtI2&c?TN}dOteSRbzJzMY@>88j@JPEB`s%
zw>Q=q*^h==8N|kd;s?d$-YE%g0LJ{V@!S1IsTEQ1YWG#`Pr3YOGY)cQ%N<`U8l4b_
z$Dm&}(FxbC8&nH)xX+C?J3E~#=NhF%5|a{mn+l{quS=rGE^U+y6Fn)j)+wr2GTeLa
zWEuQsiS{aj!?MhZ)vuRcAfOZet^r#AF86cQH0#D3cQ8gBP%k?EFf|M;+YPMPdn$H6
zT?x4;ZLgCdDT!iv1~0;*;Rs7zhd`#~8K`Ut8R7~s(s5gfLe*t9>7zWWQ#gPD`>?`D
z2;>`N8aoE~sPK2}z5psG3ykOQl%_(MoMKWTLlULgswT$qoTkJ-;=Uvd?XTJxCO9Wf
zEExZ`+;p31zjXrIg+5BFUgJ$bxm9501ncR_N=iC!DFf!3Z8b`Cr{{x|?Y|;9%!4)Z
zZt5PFj|?P}xn;|aY<SSaOj(tH6+mv$_&6Qu2Br<L(t}lloYq*KSdEmo$lOT;v5K|;
zoJ2|-Edw*V#K%V_(Y3{h%@?9946_R~l>7Rw9oQqEoMHjSJ~z;F({S<pRUhOmaI&4H
zo6gE96xv9Pama9d4jncxdvyGzNv#vGpQ_SyKAWw)g&N?J_`6=|jjgDyThw)ubut9~
zet?J8g+h6w`o0F|A2|Udb~pEh7T8;(1sC~i?DwfR_aCNuQ1q>WUfoRh59X5Pymmi|
z(9Hb<%5|P8X)I9334$OE!+<g2tdCZ_k~q)X<c>vTKBpRI$IZh=KX7;UT+Y<KY+}n@
z=KKRH1wJPazz_45_B5@(x7X4%kRABPd|EBm8VMta|H1Km5DV>h6#&K#lw}ooS$J3D
z8b(NEg<ntINt*%P(s7^n-mGM!tqsU1CpqJjNkso5@1`jn*z7u|y|R|^v7bS(U~lw-
zZ4RL(&di*WRz)|xW6{&n6k}UrG;L}visJ&jQf58OI5zS^WNuk9$tcq(>#?wT;Byg0
zt;mHopOo|p6{hrp14rK{<v=%SC18iXtAT@>Pa$MOO~i0TQZyvl1Z@%sN1-4Z;$1%g
zaWa~R0sTM-bt#j&E{i$|TdE#W2MT&Y>yugl(yfms=ck7TRLz1+hfRz(8>{Q>b#Rxd
zW;rW7?S7mF?NR7&jpAf)8=X7PJs&zPiyBgRGWL;zVI07ZF3WhE!uu+f(V{wj>5omZ
z@a|$&qtmw6hK8f5$(zqLc*x!zYB{ouQRLY6=kLxinvgSDTe^L}QC;nk>k`jQ#O3<~
zTK2EyR832cNi$t~Z4-aO(%88>Q_p2ql-(}qLtk~P?3cN@p1i&Zpo5p4!u6UuGDK)0
z<Xz=(lEJ=nN1rclPOt^c(+AQO+kw0rK7Q~K_robh{~u7W>61^yD|%h6XFbVknbRgK
zy8Q0ixcgo@Dn}K)lJUo=gv%f;G}d`)>wVXkKYrW_ezdfOq*E+bN~)J7kG!DpSH@XW
zl**jRanoeVh!eAs>nqGa*)Q`+9m6W_Bur7W!6KVF!Q~3MnQD2)ze&U@BE}WeQ}X2e
z7CQM^$gcUW07t*pXoOw}^HWpBTz_7}MKt(5o*ns<Ze-b#Dyc&7IQsgeoh{8*l&iO@
z&#X{5_-jg+;d{D29;}FAwXqj*d2r819-W2z&0Tk|)8YVAx1Q6PMfRi(IQ?zXr?Z<b
zG4$cPU`6;rpv9cQO#N?~`E#*21~_Q~A;_VOt%)kl`@xB2K$q$e$>$~sWpmry^;w>I
zlH)5Lf82!Tosear6{A-;9z`=LKB6skRfF3<(d_Nu#%^_XZOxdGW;X|y*aI6WHP4JZ
zNXRMXc9WAv-O#R2s`g;kj!d~nj=x}{H?K~r)=IFDa4cL_R|DxcbyJCqVq?FVUU^p8
z@+q+^6;mw>3y$z>&D`zQrEt1XO+jai8}NL!-HAD5RBJD$OmOTrSlGEo7LoM$iVHJi
zsLZE5#yB3EqJ$We?3X{ku^$O6x9QnuAQ|=7b`xA^-3ZPo>`hdhN2*2czAdv7!h_OL
z=~E%lZXQkom3_;^GL8B6FU~uF_bCHJf7%s7@%~K*Zu|rhYboR#lLK=ALkH^Alzz-6
z9Oz5Gc*T<F9Z&sExc9BH_?PLH`WHsa-tiT>cBQB70OmX1k_e2|dpo^o@o3)@7U8gF
z9;>(7pqbX9aAd8VWcN);Y7Um=TepO(ZMu@$ZRb|Mko@KSa&C*j?RS!3<Iry3UL$m(
zH7XqYZG2c;Qm@Wvh(4^n-JEPZt6z9<2yN3Kg;?lJ@bz~1mg4ny=VQF4b)j|Xf<rt3
zF4UzgjFboJjM>#mIcI~3`;c~zYx<TYSA0yXYRX3yWzDw243TbfHP3o-3?@2(Pfm=&
z&y*M1dc)s*u^t$<wDs_6C`t7{t)X{S5=$xrY$@Rf{mbSXcirMIFG!00{Q_$ZSoP(T
zv|^BcR@^CC?a5?p&0ZM`Y@sMwNRiiHt?LGa9~#k!{J2IkIPN{wvv09Ux?gv7tGFte
zl*za+oU7wIH-k?tb%j^_!kN=+3`n(8pP4k<J{Ah5?8yI|4c=h=N$t`6;9XW^b)Y3C
zCZS?&E7^?9X<jR!wLE(^e^EPA&cu>s=#6QC)C;V_(I=o9HaUeva}`2nsm7*{;c0qJ
zqRV1v(^Q<bxK|2S6MCbcaL5De@1`R?$}%E-r1aT{j(Y`@|5L}a#uYquX3ek92cNS#
z`=xzf)=L^}xbnI)Udb>$opUp|^iZ30tf%E}U&&9tnBfhXT&?M;S=e5I23rV?5G9v+
zdMEao(xRB?I_sZhhVlfzb1q3Ve@1)Cy25JO=%epY`vQa-pnrM1R8T!@bhKK%U=B1O
z_7WAmm-zpOrLT-@`hUMB1f>N8rE7qa(w)-X-6@RG-6-85Eg{m3h7A~@bR)IFMu?Pj
zH}bpp{lD(lo@{%#y+7Ccoa>x(U9mIky%Q)cnW}!|EyBYzj&|KGw716tf4;QzMJ+||
zI39rk&f{BBwgn6$9~(Sr469-a-!K@DGLnV!&r~S`$nN@py2u~G_I{*yh?o5!>{Uo#
zkvHr?T+_3``<!M%{O%JnEXmkPQla~?MH5$St>2GbuU2r|QV98v&*8z=uetr_1vSEC
zM?8`{?p_~PPH%W?eOW<+^DX7`<=~VzWPCIor_Aw$IDr?!eQ48)(GoV9<leSyw(3IC
z?c&co7mivV_8<7R*saK)D$n)%KebGcYeo9N^Il9aQJ<lg8CcMMa>p5cy<w}s@)Evt
z9}>ggVU%QZvlYJI4gl%z(f>60h`v%VgP&=Vl6_>>)Ft~EPi~0wHzpVhO<wUYHL~|B
z)zBms{W%KV>r$9SyURYw8W_Z8KZDD2@EC!&4Enc2g8={Wm*q;y@0+I0HLVt=%EQg}
z-tEd+7Kgqm1TsZF^}`lVm#3-8vRsKgb0*CQbMrW2zhX1bIjUU_IM-Y=^F|n_o#IiL
zA2i$C!AWth+)Lix2p=brv`*+p^IG72oq%w=6AR$DA=c&lzkzU9x91g!pD?JY_rSNw
zpc$cyr!z?(=gG5AFAH%lcCGd6EL?A`o7-S3e5e#(Pq`mEZ<~)`ymunJ<YbZ-D<1hK
zhPuv5OxNu3Y(w?af4X5$5O@2(e&NS#!XeW`YY!1YKP{F#?9|#6QudYi;oUt2mhSY&
z4O0R6zEHUV8}<@%i%$Oy=G!_CwKQ&MO-jL2%?OvXW;wBux{+J`ft`Dp2tLwlZhg4i
zwP`v-O+LQQ_X&u6IzU*0N_c2A9+}udIX@E%y_>j{yN1DsG5cj)cors{7(~-&Q0>6V
z)l9%aJ?Qcg()?EJSY+ecnD^X1psXx}!2CXg#=BFdzwu6HNc*SUVI@*f8Hv75V`OCR
zOJZ}!loBHHN8&3QtU%wbnJIIj$A(3wr<(y0U@r+P-H{kv{pu@CY)hSkZviaFb>KoR
z&3gDo66e9)+{>kp%tbxK0K@dt-;mzY3$UfnfKLdU#pVAnSi)54tvIqRHe{~&Qqrxh
zh>Ob!h97T@s*E~1H_)<=0BsjlpRUtnRb{xPJ*+$aa4;6~%j{_P6u}LhiPNy3n7DD_
zUyfFx%U1xk1YifHlbNPH7|*0FTZ&)ZHH4rxcBJ_G=j!;CS(bWx%ZcovsNk!>j=&SX
znPahYyPM3VL+pNevQmEGDQxqoP0Kd8Wsuk5+EnZ7P`LE}FphgD?;0QnhnIdg?#s{(
z)YF>K*9cV3zukY<HxU>A!<gS+oK=hRDNWy~#{jt|lA10tC$-YNy{PCgrQ<_=iwOfR
z7AA1{mqK~PFP_XJW)Wwj1ryYj4HS};<9+{xJ8Kd<lTF1MJ7O4l8F|qHpbxA`orSNJ
z232&>mg--_(%&{N{)=-K|LTLX!-CJY23Ln!a`Z}3D5p?$S~Z`@FSA9(hKP?ZJwU49
z84fT<Qx90v1??IfrIlNlC6)bv;bBPGYW2g&Ji4}5yqG!ZQ_FEP9NuFf!AXhauHxoa
z`fvs%@Tp!%q+3)KxiKo&tWyB}A8~BeXGep<{~pm7=-!gxOSW2O&6ka`y7*TbiHzvp
zU}PEof6r?o)&e27-1}_)4h>~}&PcsV;}@i^js>y%;PQr#Ep3WSV53b79$=C0B7|LN
zylekg1F*<1xpfnwqy_g^iK1^De}h^JMK9_VI>_KLcyDSFS^FY{Nb~7sxu-PSVv*m3
z)m)Iz{hXh!X%b1A54L?6Mpq&BBnhNzV@9&`-witcGimNGQA(=xyu3-g@ZcL`hGm!E
zE(5R3;fVuuV}o9V$K)^G!h>d*$WOU1b%D3k%&jA49D4kFwjimlg_Izd!=3|~)*ZsH
zO0QYmGKvi0HyrCT+0J2X^Ta)tQ1!g~lllK)==k^E#5xRJPSLOD4Fh9S@&YgDaeF=7
zVJ<;o#YI<Zp8Fp$b?JU=I3Z5jeXgG@!y-OwLWBu>0WIe@bBhI4vn#nP)c3Kg)zEaI
z62D95cP~YhmmV=OK3^y96^wu%)a&wT+|yWp?#T808?F@UwLNJ&(|#!N=_zDQpeFEq
ze0O_!54`ZW2IhW2N~_{~czU4EWfk~d>iR*Go$2szrebAzlW_avk!fp8A=*i>5Me<W
z<aE^2NN3Ed*1ya^rAm+HwR@*g-mWf-#h{J)hw?vKRwCW%7oz1eVlG*3pmgia$4P_s
zOA+|uycTDg<8+6p>GvUnc)x__l}8{HOCOE3-$+%8v%3fPL_FeMks1HrT1?@!(u~qy
z#p;JWK6$>d2qH^p>tz8tnEBeDS;1X+?oo{V+F0sAU;zDl@DX1-4U8D1s2DVnfS>?(
zrl2M6+r|C-8Wd0SF3kU33DcUt3oB??a0Ra!W99Ssz^YZz_29<NyvE8R-6kis2;Ygd
z)&--EN!;ruNGZ@#yba=*dOYP!74)<km9;9-V!v6D-!SElX>24SvSE3HbZO*eD_A{d
z`73k%D8&;u$vcTelY%NGlt0R`K4L2PuB7nmX57M~{>XR&tT8xad0v7VqxTyPbDH1S
z?op!?Z1cDS)DZqn@k+~p(D<z)e}Z^``QYHXIf>q$rPHy$?OOkF9#wUH8b|AU_DU5(
z?h&;$Q<qwz@`ty={(E{<riq{6msz6-o>d<@!H%+^0kVM3^>0lWE{)W{TIAq4_aP=U
zzadi$S>^Ry_qd*!YwMJ<l5D}G5W|n+Ln0L`kU7VO*Y-DuITLGL9B3SfW1h8HO78%V
z007VCr5YTc%Hs<xRvW?(79LxFKL%_SV$<QQza<AQ8x%>;YL9vJ-)pyjW`MFkZKcBD
zKi>B2hk(L!5r$m1ks=iX1Zby-8sb`G$eD#U$#i7N@1ai52o$rB7V#~rj}93wxRt|v
zT)NNIkDwQ>SEyu9eg`}lFRsgr9Q|-qRU5**jP-+9sj=oTa;zD!Hgbe+#|(EWdrEe{
zL%+Fzrhe_N4Q_0eh-JHiim#LYEB_zH7c}9#^DQRpQRG}iH?YyKm;doj76p!Px@c66
z_Vb~geFQpE?Sw?J`4#|XA^zSvO6sX)r@9>cspZbvFzT6>`#Rrt{u}`nZnNyfZ?&BT
zb8~`&oRnP$G`42jzy|c*N{b`^j9`R>c}A&1FvmXF>Ymg_NVt=I*#fkU1P;Wkob5)e
zg#G+L^jQycHKba)KJ;n)(r=koLa^6#TS>!kAc)73UI7;TwJ;K=L3ZH|Ua`v);w5F}
z11o#6X@t+O>o3Wa@(p|AH3Tj#jlA}=zKuA(`*%Bnz5`mPH5W_?odjqqQ@hsJt!ljQ
zP#T`q?)si?LDbb)WFqvTBt_4r`Se86afXg+UYFe}F3OYP0ffN5lx36LM^d{YZ95H4
zOqf47M*H{213z)n><Q;JtXk%(=iT%`AG0XsUu+Gb(x3kT`#&^Vso#g5Su1O==k0j!
zSHY!P<Y5DYQ-c{*c^yL2PYttc;cMBh|309s7x;C&+K;)y$7eQ>p+a|8ecUV()P_2&
zM!n@L1pnH<nyfhjHL?a(?f;0Hk2l+U)r9nU#TUf@QaVluN^fd<?9UF&9t*XJ*?lMC
zC~y@rH9J?hJO>TettS<SA{*vgv}lFlciycM<yrQn{4e)Wliu&2r=<SDCc^PT0o$Lb
z5ebhSJtO>*&fW=v9_gE*%|{_i`$2pQOU0D+F7<tfGfqnn+vD#?GR5^+eDiO}6elp;
zxw{^N5aynn$*0G*gOf$78TK|ZAaxo`KRkE9EuzHr%0(K<_pOATHT{Sb5BG{4G;fIl
z)j%=0O^{=BLivr~cKjt-?dhpG2GSTzw^L@J!(f6>L7A`48i{*yx3Bt$`$$UcH=S;Z
z5sC4cs=^jo6HM_b6_oN#HK=;Xqt*Vs1V|8FDBgs2^4!nB&}BA`jQ$}hM*Md<{y84j
z7T@Lj)r$0k`$+0@cn`zoY9(+?#ts-3?tSiK6X5prM~Wn<V(;X4c{3pD2MzvZ$N@O;
zpFhey9Jtq~eErpZ;UDBhmw;wg27o^Ygx)yh55f?Z<dNju4j+EHYrpQ(zS`*+L7}Z{
zZd+H<#?Jqo^#im9oTktqV|`%b%6;?Jxa3^J@c^yEKk<H*%nM^%W*%ZDZ;$6fUG_qx
z>BsNqEP928sVWL7SveV<Pjf%&50V*1o}qoNc1J8Fg17QB*e#>U)WSLj>myzOgr)a(
zdtR{g%vGDPNl3vLPtXO1J0;reMJaMo-zpqDS}bO7%Ita8)YVn^Nix2AMT2GE<D~3&
zBAJk&1>@{ng!lT7f=&(27AwT{qP*eCgAS$r56qg1O6sikQTIDSM!C`bkx^m>kath(
zX3nnlI>8f=fr`TG@D+opbeZaIh*6mPn%Q;Mz_aBR7=td-4};wGKrmza$bd3zI|Y4M
z&M3eFV_<J<_w_{hv!sLmib_gR6p#jI7OV*MIRm3tF{Dmn^d5Mg*N+Yx95iNw-dlxA
zR#VyFqE-U+u?RV~IbK7u%by*{CZO%%3AiHF4r6`2iOW>~+OP3<&EsUNu@%sICUvy|
zDOxT;n^^y=L<BnTIXL7v96bw$^f_aaNV1)m!CV$T8~V#(Mh!CAPKOJNuJ(6EJX4xR
z$-zU*jXJX?`b*6@j_s~S!pZvhE8fdr6Hx`a6;tYF87*%PvKzXFmoht%M_^aQ2LG<n
z)@<AA-J7-Tq6A_NENU?kNxnw9H*bkNUW?=JEmp$J)<LbRah#m68?oKHz<emD?^c(q
z$|HOZf!2|LY*wHLk?B`AlHFj*=RWNJ?8oNG*&?yO>2L!>I4y%UAy2ds_8|?B-3P~?
z(|#_`^u|9Zdz;WOIbG4IoNZgxORr173X?)bI~~pBCk8*l5!N98G~tVEEX2az<m_it
z;dR+HWL<O#o6>LpBqGt%>si;FfX(1H#>3wg@Sc%=qyDVcyn0k(q?u|cz+@4B9H7G0
zvUH9MpX&rwhDu3=-CocqLH}uAUaMS*4So4Y&g5Q|3d_}^7urQ>ZX&88ET5<=PgV=*
zuo}Vz(s>f2z?hpqwR-Po>Y+ovJ;<@0w`uzwY`O0E>R*uVhREK^S%c>s+NYIBRWZ$w
ze~nk$s3Za2vb6M{;)$jZ8J$W9)~5RH1Lsih-5;s01FwPsHjO!4C*=U$PWSIV?<s$)
zAV$)`_mwD4K3P7#iBaQfk&Y(NH6@4HNC~~6kB^2by?xisdq)-UG?$_6Gw!3&X4-n7
zabu$vJ<r;-=ZSynGHnDb9m5}qU$YTH6S$tyDB|=#4AR5BgH0hQCqsP(J+C5SZZs>&
zcet<i(YHbGkK;VZ$1Ap}o?rta-a9GmtW)u!vjge&6SUtajn!NtcIS$o0xcNfJM$yQ
z<*en69qh`RZ;VF9N4{1F33U%fE=oDA*!E38Aj^S4#T)Bd(p&>jrP(2J!N4Ir!g*59
zL7uw#cJ#j%+;x8u(K^u=0Dfwqq<nS+=oEXO9fUQ+v$KL)!tT^&ltU{vDG$;t69`0M
zp;)jM3RONdF_sDX7oeDl(N)Vc_hJ>4(A6DQxT7Ie6lMiMZSTQEd<H_lTIVe%zh`<g
zZ1XK;i^Jpy1M@Wc%6rwy^0K4jE{rE_DVOX_2;ETceBXD%n|T-16&8`XJHL<eF!vyW
z%%|a(eD)am`iS1^GthS@aK1?!_&<#EJ4we1!hZdpbt8c3r!ypOH}G(cq3C>cn_7T{
zY^qVGQ}|hlc3O-(pDEyPdO2zJ@8<-8MWXP{obiJ3P_Y9eR$rKM#Pm@MaXv2zHa2;y
zr7y#myF{*zFapSpNk}ZSgZ!j!n*+O{?U3gC15VB3Fv*U!C=k3KAx)iS_?kyr{G~U5
zE8<c2Y<{TIhzEY_u6o|)40x7o(oc-jkri>{1rC?Ivknb(D&z^Egc8$6r1%!73?bqE
z#Ik*uX!a!~E!@5z|Ao=ylVtT9Q$hI3Nrh};l#K~Vn65cw_0{o(klrG?r)Q)VNpGN!
zh({07G};f$Fv~7{=`4JPtyZ1-J5ZOz?A>wuvql|I+HY%{2EPtpT{MyUFUNp`&R6_r
zrT?!0p%Wf*t~_J}|J5Bjr^WuQ*sG*gJ;9MwG(B?KsmDv&Hi3x<S#<Oo7Pji6ce0>A
z3JIC;9Y{~vyoszd#s`?8M?n+*=~Cv-W2KlAU1Z_`nmQBwNo)ps3oFujw<Amt)MlN?
zgV%4t@Qs2Lv9O=wnW|k@#S1OWrA{C@JCgl>Li5T}JK=^^N}^`Ao%HHlDnEOe##)6w
zzxVML{LQg~iq28ZVWM@yN~3O8TB30gu~TKm6u$h#rP5H0;F0zl@{wq@6XPqxCbRft
zzA#zJ#|$?I+5sD_tlST+XuVP^PXIKTLTlrtU?B9*pCBtFBEn;Pryz9se;9KlpA(!^
z@$33(Sevh~WOWk!dg@2@Ji@6^jn+9-?-ywDxnPlmI%%p5q^H-$*3LADv>bk1=x<I9
zQtVYl*;!pdJ#hoQg#}}6$h8Id)10J@Jm!@cqxJAa4K&8{@F-)wu53N7>1eh7z32Bd
zdaW;WsCw~8JRG&0D{|Y7T`T&je~r8~i;D*hEb^PIgSx|YN%-Ud#RL~Cq$^KYuh8^*
z;r1Nxe;617HgV4$_rYYMm|dUNl2E_=IJYaLxVw4VvM93952P)=t?UQ2A7Gm2Ro7#L
zRBi4oX^<}8t5A3dtbGK0{@Y)>s<rB52Hs&(56D@0)4CG#ELCV7)}<*L*cB`c>-iE5
zHR6&@+^-ZXR)3jEtnf~v2o!>U8d3N6!8v|4C3ETQi%PLudX$#=TXaivpSjo!AytX)
zDp)o@)oP53^Gk54y~<Tp$A+KTpi8Sg*Y*yqDp;{VVbEhe1Q!?$JH^gJ2DtKC_4YRQ
zk;pi^iza(29FGAe1oPD>%2RL5tx!-4o~m4qJ?PoSw0h`W08HDlSoMD1K1uQ4Tajvx
za900S_YY4vLD0jz!A5Ok&1uiW=OyfQDcL@R<_hIG)Tyq680y{)ugUYSd;)7LkIo-6
zN0(rXNk*nUgqXn9_SW$44Q+)!+bL}wXZ<pQ;{U@Cnzf44TNm+LUFhj5tUqo)Fu5In
zSlPWhzgu&tZLPKuVO~z+<2*DvZL9%roI^Umt&@`p9R%5%6^D{>_zTIP*7wgaJ*CW6
zj8-<xhhxcf0#lS@Xa;JQLh5V+US+SlOGdNF{t+%g<ESrlLXW-4$;sb-)v;h0Ms+YI
zB|2)?KnA_GHK>%Ur_l2PHjObUZP0}6wVt|Jo&kRInQ-lxuX#%MUUomL3Uxts(%Z9d
zx^sw4Sy1O(RQ&DU?K~S9sVXpjs?mO+1V8_Mu4aBBN43{r)?+oCn9JqOOG~Bs-w|^a
zOPLu_>NILrNTTnWp?inH+qvwtgFjM3V|)>A&5#Z!4iX}gRWqNT?u^LlbQ|AY9rb0o
zF5bQWq`K)Yh5fgs{^;NzI(hYfF)(x}@xQnssPY4zMxF|~?-El(;RG-Ln2NpeUrhie
z(TsPl7O~Z5*xeaRw3aW{@WsXWplgR2BRxe@t5ww;R#nRet}NQk?l1=iH%|s4REB(Z
zh2Uatqy0OOZFyxMy*Z`ovi|_fBCS8zY>#={Y{Hw>^kd#HA8+QbTY?#knC3nL>6n;Y
zSjWA+!rPXtC0ssVhdMgEDN20RI?0)I$bK49PMR-Z=r;-kPoo0wftH{d+U6au9YYm`
zq-QTY*v_#`T-|V?*QfOdX(hQ*7sZmw`Nz$TXoGk?SV8-pr8K>)w|K$T)q32_Ny$yb
zRPGx<8BX$NQd>WikE3`#&aDVdmN_c9(<Lbxeaj$n!Vj1%diLJwl#Sxid`G*CbB}k;
z4!(-rtRLkYY;Tn}#jXaiNmQf=zP46btt?LgnjIt-9_2qZ`2L9HLNd$`B1|?yYk$#1
z1;1!dg*26YuVEzdte!WLevwDPnyH7EqPA?d5~lP6bGjLF>x<C%A4c80eVEke7nWW8
zBy0I;jaE2vl!h0Ll&kQb`={O(@zc?!bV?zMP)Cf`C5~oVZ7J1Gq5g}f_I*U!Wx`C(
z5oye-T<TyM5l(JAhIfw>@O*Xc)@6uezp+C>)~*_v`NI^9aj^xYQMzo<_D}Pfzz2_K
z6xaA-+do@~Uh(k2X;=-|9)LK<V7E+U2@C9W`iW$kkn4@AGLn@q@%`~Ix*p?s^C;pL
zBB8snU3Sc0?&>x>Sc;?b#tZ9EGo}Mkd_<pL|KOqU8MJ7i8sO~vE9cK30RxRy$4Zwf
z)pisg-;9^PaSG&pLh3*p4QBuK!lM$D$D_vYs(6NTHRRJ6pzOIRy^|>w_9tl1GWK7s
zf;&WOqlT81*7VrvPHL~Rr$s_h26}!*+y>j9zuX?$D9gYsVgU(I!Q~juHQ2%eyp%M?
z*@Pd-$F@N+5pH<aelX_I(<0T;r3zH`I{r8EV4AP0$}V9|iPOoH$3dCV_WT6AhiHV*
zg@_<sO4?xV3=4sQCU?w-83|?<0qLBooWVL4_phsl8aGT2QJVF!1t$$H?QJ~>aoouX
z<t$wNkAE-|TnzndM?kRX+}-}>e|{as=1`zOs7Pp<*VFpk-=`xq@uF*%Ca`uULEJSC
zHy<@Z(d$8;B$6Y>&Q&Mkmh6{pc)EKaoo9{hESnb9_AEkEOF>BoW&^Lk7}6E|Fe#y~
z?yw)N90c`N71bJDZHSi1OPTkraJy#rxauiWbI&T52-vF{g93y5zDvaEQN4Gzn|is9
zx7$>t+_C5+CAy@%Q9(h8KFpTHFL^#+c-2O#)1?;Nq7@s$l}E6sj@)++KVaY@I!#OQ
z#5wyOTJiFNo?Q*yE(rz#v!QX~N%7TPv52@L9lSpTAyJ^`Dev<WQ_Y$<h9H?dQpHoQ
z_f;+2UuvmXtW|FeulVC9ZC)_{PEp20TkvqlZMbrDWHhY}Zte}?nZMVze8d+A?UAM7
zGveUy_50EGR+3U*#v&;q&(6!l`64u>KA$!i!UMHReTf%zU7x%Dm)?ysi~lczjqS+)
zCN-au3jhbXD%RlqN0=%lJvfGzJL?Qg)(oc)R~8{$A>IuE&Z^X#v7MHM8Q#O3l+e!{
zXwFstqb`f^*tONv(RJ?)SU|`()h|)slBGx=YSw8_V6Qe+ud+yOEMW<-Dr;F$`>tbE
zR_0ok&Bpa5%lkVe4qnqU0t-5^zd|)ZNsYNOEZp1Z<#cE#P`8S9T@Vd%v}bQ5!qRUL
z-JJ0E_ReMH!=4g&Y^xx(@5#o6IA8Ic`*t=Umy6kXrEgrsx<yw9s9453igbkT-_p$P
zQA))0iJqP{+=KErwhreXg8ql0(8M<<8h>y^j`{Huf66@_SV;P(epqX$&|)Qf3D@p(
zI;~w1f&hMZ9Pq%L_CDm(Vq@^gpAsG=lenPwO!y`TA*tB1a_#=`_1wZBX{xbRn^!AD
z+SDk_Z_NGoMMRg)ry@1kKSNvBCgn?RXh^(-DWnRnI)mxwQ8~{|8ElvKJtCB1w{n}M
zOGqn%LPRD|i;GFQW`tC%sm{$WaV|x<yM)#>r)G8}K^DU6Bt|_!A6KZ2hMn}qlT^vj
z24!qzNl<_DW0yKF&R5zt6DI-TGyn8vj3fBH*KZGf>vq&v`Bau?la4GQnNhqpr38_~
z*Ah{46`j#}^?M7ewEXtDiVKrmvit-sN~(-W-W22Lg4ota$vg66I#dK%M3MPhqV^c6
z6~i0ivN_P-40XtMf((CAX(r>cLxJ{^`8pYig`fOV{kLlp`oB>H8I~ovY4mmVBUn{!
z?N6i)eG<l4XHFq!(E#r9<Z$@Ga-2{fq&3MB5QJW1eWm3#p7(Ol{xcArDL&y6&R)#f
zwA7pm2@VGA+yzPe4+Blp=2Pk4+HURaB+#pzEe@ZtG$G{!Ngmset_wz{3s&nE!vqM`
zzcBFg>&D{|ubRdrsWSbp8A#{}d^n+%T5seF3a<KTwaw|Mk)@7b+q=WT#EmH-Jp7`k
zalAXr!!-UzQ>wG?en9!-z$a(Y7J&iU!cC_%yH=^CBEQuL>KP}v_+EqA_GD5Gv4CBf
zeQ>fwHdG?^%7UrAvk3SVu`AhL?3GGt^@k3rYM&{Z_e?_xYp?rA-xKTNRo6d(0Q5K|
z{l#^-6sSkKk#h~+M-#O6m5q0uHv@*pilUA|a=qwV4}Lg1tx=(VPc$9<l7vy2W|1__
z^w}pH|D~ndg6Q*K2+-uToHcpXs{Vlg*7qU>aOE{a*uJgPm_Q~`JicOF$7273c!{bi
zbHFFu?QVB2sSz_3=k3G$<iJ9Bx(VG!8*r~6<`T_(^~GE)C1GYAkVq7*!eaA@H+7z&
zO<w{6q<g=J4c~Y2wB<Z@1ty`xbNm8)FuKs%Rvn;KwVWKs+dM*yCqYu_H6fdX*QIeX
z_~6`4g)uUYZ$-G>cLp57kh1FZ3tCsA*$B-rbTRRpW8>hEkBZWf&=JQ%(;%z`-L?fX
zG`i8W>v38vXi$-?6LH%5sDXAm*3@YPt{En^`WWS%#l_g6>q(_3x5e?)=&y_@llB_Q
z7_8=;E%6j`YJ7l@y->jivt+ocrf;&*ySj33a3=nWUEM1up43+Jl(+rO=1JHFE}RP%
ziHQlNBbg3Y!>D{#Mh@=OL?{yR2p%y9nkS=9$FjP?pzxypT)yLuP8QcC3sheH{`6HE
z-&Pi@-8)7*H-bV}(Iu;Eq#zr#k#xr0or-l>X*%zXmGhVC1WXK`^7orzzT&6#ntgTI
z^AA>USX_9{RjPZQGuGy?_6SR(19D(s#lV-D!c!<KUx7r7{<pVkh2$Uu46QEIswsS>
zy*o$rB;_3qQVt@#3{b)5-vg~++^oSKB%$V}Y$K_-hPI(8o4<&ntOD$`+B+c;vojzk
z=$*O%9|J&>(Cu&Oi*0W|KiU`KAu*bMn-l@-B7Bf{URp9!4vbzDkRL-@2d8YipAeip
zUUb`eQ>jS1EuL2&e$o38?*K4ThR1xWG4@<9Rx7P~d^_A?=`z6H6^oGS{FtSb-tR!n
z0ri6$V+o&0|IFLkq;jBSE3X<VHEEx*Siu5HH+Wu`yotA2P)VpS*<+;FIw;?oDQm!(
z85t=2)wdF5AB`{#y7LPO@UZ%PWgM<nver@*jq>jwBrR<R1LK^XWd<MxXOCU)P|Y?@
zLD!mMlqp>P%o+BM(n7;09%;m_s*-ow?~<EioSSs23zbmZS0eP|)2&1xe%8T3Q$`p0
zQl+j|SDed-J>fnAhtW1rN~WGxHBupo3OURA(~@hQqV{oUlSE`qVwhI+V;CnNtDcb(
zF^f8}ECph?$1=<xQ3&f&Ih(t|7OZE19%&6Z04>%KtlHd*M+LSQki!{nx>VND(M0w{
zfiw!FqTSFk(MUgLvz5X_9UYWhhWk=u#rE(al%F>siC)roH0Eaf(1h{DTBcgku{aUl
z1Lr{dQ|H9rtAnueVM}mLi#QmtPWv*Hzp;YosLk5EtXQ~#Ot}tJC$7124vRh1i0tW+
zb0T{!Q6X|gU_L)mlwvNFRl?=;;1#H4!j~Us9HFK}hW9ERLr19>&ork&V0VDsbHXAz
zflT%cc0U8=Q|vuaA%exkc$mfpp!ii<cgVNH)hkzt`sVk8uOE#et2e9Tm0~j!rkf<$
z_Tz<HfTLd~1rKRST!xZ|H#%XoLY1a>1{tlH7(E@x(iW-x!MCf>#G*i5JN`*WMAU|D
ze}chs9JU8FMI8+bqxb~vVHOJ(mzz6Be%NcMGn*5K1}<D&rI%1NQCX?*453!qS&B_?
zTB_+|_t8LANX{EaHUVB85k^X*!}P7EQC2Wn7PrQgwmRCZmQl6`i@EkSHIvIg|0h{|
ztbwC%v48)+jj>BH(tr^Ex$ORPGz`I|tTe`ZR;dACsmW<-w*@0RtZC7NM^8vG?Z4g$
zi$&nm{{fJ1jOPsjPFrTp_*3<^HnN;zres*(b@tzp>+1N|W`8J{6Bu<J=H$wr6EJ0^
z=-4#{)DLrH!fX50S-DJ&%G;A@vV)}#goQX3g>teeUd5L+Z~d|BPCTOGAKg!!oTjKB
zq#?J#WXNe3Y3iD3Fd(!LjAm9~CS!SR8CNO$Th&fR{MHa1RMV~?_stGYAa#j%FkCU<
z1Bz*W*Yx;yV^lRyV;AZ@@pbbRGneC52$*XhtJLO&2-}V8TFEk62YciPS29!EVSK@s
z!E9pCN)&tmn#{yHKIk&k&zXu?2z(&3z>zfo0ip)?-8c=?zIM)b--$)G9Wkgz<29Rp
zf8pCfjk|EskfSOos<GNPA1A`fmMb>cU}d+Z@g`ksei9?d*wQU4t|SbE8cnL4dc!6<
zdt<JiZ9fpXvLdSQnCZ2#@-rp+ls3k+E4lfyTtbJU@9Nb@kILEVi$<QCq`1}wAO4g0
zdtSz`$9!3xeruDMh9Tj_7E;+e)1gwuqK5B66lxpJP43k)4MBFa8C`>?Plk5$AAiR>
ziaqlq`c#WC*mL9rIG($a1amko{~QkT<MTq<t<RHo5e?V^>HKT3Znl6kz0(Ez2rTA-
zUxWA=-`YM_ZWvhWARnfDdVMV0zk0g7av{&w`@0=<hCO}Lw5iWI7(bSi_)3{v#epN5
zBa`yJq1~zTPAX5JHC6CjmGgDcD}L^%&AaCmt3H;#^8&HLD2knsnZ*lbhk;nyu<;2V
zfrcZ@1uS7yiTIV@Q+KbAmGlX+>o$mM<ubbqoXEBwAZwZBVu{xmC3J+)kd!$2QW~pj
zxSb5u%vP9_0Jg_pRxi4*#5e<E5LW!xbZIX(<nx&gW3Y&}>j9G{_lBvf-!-L#HjdU&
zaliHuaOZ(J|HZHJUcZxx;05wf*;>Sv%f69^OjkE-d8enq`At&G+2%W1G3n}=<5w7k
z&A(pvMn3?>kHV>2|0J}&Qg>EV1Spgi;_8+<B6*L?7hv8~i$$x+CMR6>K7zt9zSUAA
zZ%Mzpv{sQn+;Ofqcr2+*?aavEM030ZHH@Im0e!t&*C3wme==Y8$6y<)zWbm}s2}90
zFMIz_kT!7R?E3`D+Uqp7`(xgF0Q>AW=~o8#WRy+x4I;Rg`WB`ii24W8mgN=eX<c9V
zH9>mC7xkhHsrQDFD=xzoKvn)ry3ajw$<pdfSKg+MTX=tHP@9@&sEGx4k$Qe?(*94L
zKQkogleM|Q#6xU|jSvHv>b3)PpoZP{{Sdjs){E_s*m$0!$~8vByVb%$_p8kb0{_Dj
z-DEu3e=@J1vg&<rl5H~<>L_g6<6im-RjQBQ8{%K$o{-9(RDLDlcv1A0!a(8n7mI@I
zTH9w`S#vd}sA~iLC&|AegEFB1u!vztQ7wm2sf{inw_?AoOLo7Vc)kT&vypd)NmD_-
z1-A*Oh*M?V90{7!ps|Q2S_@J^&<df6O$y!{iX`(48?$M%pU6sM9G%x?8G@wTa{BEC
zdc(Eve9RI|w}h&v9KXOfi)^#eaAY}StA2F%i+H<dzBz4sA$4{wJJ{ra)57U$x=XRY
zWkEpK)R_|W7gjO1{_@vLHx=C9XVT-%oLtKS%%in{%y+^y1;%<(oZdBkS6*m*VJ`xF
zH6g}gpQiKT@3$Yny!1d-+&HdEpa(DS_kTXw=d&qH0b-UoYL~3fGd-%Mv0ziJe1IU~
zgUknW{Xvq9B(&4BJg_<4G>LR%L5MLev2w*io2S4>Ae7H>D`8+udaefGNT?TUDa42)
z!mf?K*U+&s64ulC6u#21k;~^#!jvewl4lHxC#oYbp$|Q1DCk}-+?^V{^<fV641oOE
z^4tvBv-he>IjEnAZblsTq=~Cc%O9F-X1Q+h>5;9I6AiCOGl*}XR@q66wUw48kk@Od
z_%{wX-Q)NP0L*-_TF(3$XkfZG!0BdWVBha*=IzdQ{$LuuDyRKRx-UsNk|xcN9NaZz
z7cfnR4dp!YW1xT3r7~stLs874NVei_<Qh(X`>m@-cZMH)rAyQjN`e>R{&K4+h$tp6
z!_EwWFx%*JTt;bi);VNpzbBcOF0&_1=L)<}lkxM(R61(UC7=&A!FE)mcI@<OV@@hj
z<M>>;4g!X7ZwSH<#JVd0H2^1ojT27L@vjo@bw>btnlCCpPNu`rIcXVBfssN264~W0
zA$D-s&;_iMFuMplVdwY&Pz89ZIdC1$roZA~FuW`F+dqIyhN0F;7;^Je-?EXtN%CDb
zg2OBdi^@;u)vgcfc29c44WCU-aAde=YUB%lX<wdd?6?Egn>+ju!vSFqP0MW^JbEMg
z#^h{zqEJBfA+L!kYtd6qhsL$gr#(>k5M~}Kom!-C=@b<F7v_di$Y-({k)OP_?=F^5
zisV_OZV&Wun4!1Yt3m}&5RwY&kkSh@rwc8*i(SwHbGR?I;dXr4Zn1trbZReKx{{VP
z4@FKF68ARvcyruL^up^PYJyEkhdL_S1kC^e^CBQHE!Hpd@mmtELi&ibnB(7fB!F+f
zR0h4wW7t+Y^nuc<0+W`4S$5@wSyU55M(_O@S=_-Y=48qollkMQn2@uR^P;!C&Y&l&
z_4bIQhyl>b(G9%w;?&8RBpbs2xlQV_@7{PNRJ|roj~(0Ar;3AzeAeQNIWeWAD@P0J
zg+1e%$B0>tOa`0UQZTfAIC9U!&k@#kt2f{3K0h~nElp2h(st9z9|MhK|Mym{K=_9p
z^GVGWo#0tJOHd;uj1whYavY)kdrOYNGVw(VRnZNeZWyqlet*M??g0v41|k}*Ac4Lm
zf1gIERN2UsxC0bJ>Q4qnPHJR;AsZ36trK#h9s5i}hOrVJAAgaS-Co$6?py>}v6D_t
zIj?fyvTb@Ay+%{v=B7E=-svVRQ&xZTH}KbQH&jDQX}Z~<XeTym(15?ef_@cXUpYev
zT_B_5-u^KMYODKavU8O0m1%&d<Mna+1eUgHUO3nVmwzG5Jm@W{2#WT&{)Lm4LRnla
zh>vuUL;K{j={yY61DEjA=?y=$%brv`*L!n9#&Dh1-+??}{z<3NK&Y&d$46C@g%@Az
z=-F&5O~Kz`(PZR4rD+VH|3A%XEX@?g^BREN-|P=u^!{Lq?loIvz`210*|K1>g(MuM
z)T>tsr3vVory$$&jA}nIf4{6UxI<B6u{sgpy5Q72dDTgK@a)9W!5i5$!RnhaylAQE
zx{=+iTJJQx?H+Yd<OhfLFOI{MvV~%Qvz2u&-v!>baJHt_y=${68Xh#eHrnB=EI{r;
z&N+{L<l>?mvzVX$Dkl@IrEKc@(<qe{sJCxOh!jklO1O3Ab29}osZcB=*xBt2F8fK(
z;IEx)U)k3lLBHCTygLVU4n@WUz={U^p&0dP6^)zqK#Neg$jqSExxhJJ^lIOBtbFhX
zYxuW36OZ;!`@pt23(!}|2me){2L1~@DudoAEC`(7KCTx%BHKS3&)eH^1(03nweq`g
zB?Yq_t_VZzRK<K2w(lBL+P3^jG$E2%`$@H?_rjXn?`pMyWuLC9?Lz|6Q_1;6(3Lg8
zKRTK63dBg-g~Y#I?SX<C7((hAfaT*~##ArvGd0c!sQ5#@YG0>5q!UXRmtY>%2mi67
znw~OQQavXCUOG5ss%C>0`41d_2cGuWqn+oi!7c-3>Eok+6g5IX`)7bpm`k5_|A!$!
zz2Tp~nd`!PFW8YPWLf^!NxJbmY0n?Zu`32rw$M06@(=UOMZ#ZTNObf1m<^M2wE*;H
zUS&>jWsC<5$K$7B90L#Rx(?7gy;+1czOP6m5e8+7{xG!w$mzUW0@Wt1ES(B(8*7SL
zUT=&Y(@kLVr8|zWa200%2@B+{Zqm2iMx!gY(~UldtlW(0lcE|(+3;Mv_R$~#5r%Y`
zVq=695LIO~L%ez)=D4#vYFg!-ZR{eE7X>0N#o#_{G{{S%LkS%|kl4%|2P*hqN%dj0
zke6^A=NSH`c(re+!ajhqB0fIy?L!q_-djqExcrL%KZHzbt;eC7avA7_%v-Lg+PLJC
zV5DJYz3!;h2H+mB9B!jsxM29qT~<y}@)gPoJ4UqzG99`smicAG1TNQS3Xm>|{egXV
zOKLmaHRYTm;6bpwk@{ltFP<#kYnzI0qABDWEsz#9U^L0+{}lD+gaQS;n$-D{R>KGs
z8s6SU$BR-t+%9r_`zJe_Z8MEhRqlh7eRU+7U1)_joB>J1G_sW~%TFmF2Ytz<VZotn
z2YFbI9$4|SNy_w3q68ZMdQ;xKsn(yq{KCgA9(yNuJyY=Z>vd2g&;{0?A6Fkb#>~Dz
z`+556dYuuXHm%ky86`xiQ8-u|2J)G)^0j#D@_IvYNvxpLZjeG~KIH=eHFNXI5_$hl
z-b+QhmFuX+6g<jWp~FEe9Qba^RV8(r<&)_B;5E;|>}a;#(em(oYf^MN0U&q#cWB+z
z1D*8zUFtunHE2ohqCQNn&?kj|I=5wvoU?w0$OCxMD0wiF`+Z#+TimyNMWnZ!gvW-u
zRZKgUFgd<JS*Nt+?FuSwIryNVeZsZggn)_}>$is!i~sz+GB>C3KmC8HZXIh*sc)l;
z7*)le3Galhv6aI&3oJWNcQjfoU~Ip%w;`*3P0d1UCY$z3GOov2M5mjb=I+EwvmVSK
zQxsHnr(GP<%VK?<demtYDmdD=?H$v$rTO#WAa`f}&&Hge#|8g@%>3Et@sPuS?$bP1
z04<bA8D+^H@X#9kbZeM!Ik2_$B1@cr^czhQIS9i%f*Ka^$C*NCZ)({78~bcWO?0)l
z+6_);`kA`5?CZ3F;ZE&k$n8@D^y+G)<Zx4Des%P{0Up~)G;S+{7nJ(suHEa=pzmny
z-d*X{r~WOvQsnhUaCn&X{OQSMeF#H<!x|p|wORTkRJYoQ4Cn66$ZEN9(40zq@cU&N
z4~>6@%z|3C^@N1+cMB--0^Gk|=?UH>uD97!VEiCBqtL;n_P+iVOlabfMtY|B$T`)%
z{TJ>D+ujcm`g|8$JW><??l8ErDaa@+mmm}EqpW!iz-sk3ea$7`3N$fkPW+Gj%9)N=
z{>PdV$Mb|JI2ZJ|6%{(l80QRs)R$M1nyaFdoSNL|6zv?mDG{mGp{U7f!DgV!iUyVT
z1!j9JMPPDOOMn-$Y5ZzVnbY6|UPom~4hMR7y*cXdbUUj1j&00cbmgjVfg=3a!0scK
zR`N>choe$gOp4Zy9WMAWvSYU&=8_-)jC1ngd%a^D_jB0&>Ma|8PvCb<-7hQ5^}~Ov
zN~AccJ*F-_!UVuK#`*bCX-VfP%zym!M3NQc*cVH6w>S<epwgNTLRpj>+dk4|I^mXV
znJU7E?r)Xmz506!E<<}GoR75ceFl;;R-8EOVvwRVe^OMDE63~A2ZM;9@}PjDUiMgV
z)N~6@)N)q?%ly2j3j6d5hq?Kj`u0h0`k{&K?~*rT0Q_ec4&zaBlES5(5~6EY7c$OW
z7reR1e^x0@TxZw&H?)T}57DA8nakz5XPYGQmriAQzBXF;&S{3#%`UgYf@g?Iw5}=8
ze72Q}Of|ro_K3Jh-&=$r=?=m3bOMauo1H%p^KA)9QzEBi27|+yrxl}w=ZzMS9hw3@
zmhMZZpFc=8*L|m08&J2v3S7(2aBJK8$v^xpUojqoyoSZxs(hWIuF`Nym@pv44Xo7k
zt#hL-gaTxwuD47Z+Heyc`zqmCtOR&YcnedTL>ILYPVpB}``Cdtcb8;cK^=#S<TWUC
z<yEP3n4l!%0p|0Yu6vF9NA|_*?d3to8&}~pn>CRVlY`&QU3unb<T`GR>$KsWK_N0g
z3$N`R0oa<qf;?rGo9x~j440bM!mAaJz{N(ZmhCMR3{*)cQyQL^)q7LU>-ck!lSiLS
zap=<U*GiU!j7Q(R^$zT*<lsrO^Nhj%SS$~Hu3y}RRVS0iBR4e-(07@Z(3#L20=4c!
zyL?W#ze))@R1K-`FUD7kgm3mk0m-Ya8_u#n&^Wri4G<$D@;fpG=hgt`+`mR)cioQ6
ze_<pQeYDQFPbs_r+`A?LSwe4}T+X`)0}oFG`(@P+#mU|TTDS(K;phBQDu2+YCvYUn
zJM;aftuBIfGxr<kMen|4^R|@FMyl58`QPLyD-EM=n=!AN_OFE|E~N~9?j9vK_6WkD
zAY2REG#W*OF*n!jp|UsTWeig!2E9l<kk5M>A%HVGgjzfhF|Kll>S@BEM14eeo^=JD
zcM}>Il#3l$nzx9hiJjj+@ir=SbCmYQ>`NtUawO|hDeS#}kT7a0W-y=S8~P#z`-&{U
zU%%6^8)hOcjwC_Xy3$(e2@OJo7;NQ0$B%4lezU%PEp>0SRI;i%P@d11K-+ro%5L66
z8QlP@F^MTux#4~!YsvzD6RjxRA8yTc(DQX<zPIT9qUFXwVbV6KcsxJ>Zqo34+dI%a
zvVq2Ld1G(B#ai0x6Rl*z63@?9gm{GCz1w4R&N|_(kn@N-eRVVYBgfKJvgbvG_bv5_
zP2#AL7@wYw?pt@ivqy*=ax>L@tWAk{kHP?Q(Lbrp;OB#a@y+>dc=xisMbX-rxI>4$
zBU0=i+z`~&p$RGn+}GL7@`EK#Upe)(2~nX<4mX5L*l%9Jj+b~t_PK2z4<KE@(9WaY
z`GGWH4{ze3at;LBk6Rzwo~yqIO{);dRA7+U;kV>(hcLJpbMM!bg(RTKx@E+br65|%
z)vXOpn0_-lF%&o7_S|@({+6e}8f604c2hS)o)uDG2sr$eW25~@QN{q7**8Dk;SJtx
z=w9}isC@9^y7!KYP=SmH(;+3Y*9Ox^io5G(Z$Uf8BvYwe2H|B+<}XOye-x>1oYaSt
zY?n+u3ffAVMz^eqF*kdcub`)mqSNJd=p2=^BHva#zu>A>BTfg9WPaq%n5M0dIMaSB
zx9xh9Nrsg+>Ib)g$zRc8%I*H#R*&{apFM@8o&;~_7)H!(#zWm2>W@`AQj7KOx7me)
zQ}Ki!5p#*UxQTJ`*pXGu(Xpac&7c30;1>@Q%1UyC@Q}SsES`uS^pna_=r?Q4?w7?+
zwE3kXr1;+T-ElS1;;W>2EH*V8qq)T&HI-;p$6(&5N1vm>wL_!M1!$sC$B!QRp^=UL
z{(Lcme}ZeV^G$oIX`Q#2*$BEds?2F>d19Vy)^O?QYXKDM_-lXOU@qah_tOH{Td!{7
z`)uLW?+s;2e<zn!z`Rlo6}mh9O~n!SMxx%wR%_}4VATVFJT6jY+1huh296&IV3kr}
zN9t(K)LHq}JAzOAa(QW11uApca%-b|ua-vfIO`KSe-#C}SRMBOIzrcuC!D-5Q0_RL
zRz2D!%*4ql6S`qUe@*RPH}?_S7g7037aWnSz`k+<$TXAHDUmN$#>-<mXnAlB;tu`q
z4~Di6{#liTRXUT@U#|@>(be$1bTguJi~SY75|I8muaDz4tY{78cyoUr=GU*87DqVy
zUcn;A2g<zfa2sH%O8wDq*Yq0tk50;=Z#*)e+;QB1ku@bBDz-Xyz2|jwy*QZ>G+}NF
z7JKc-RBl<<o#o998i~9ymI)oYVjBm-GJ6y#6ZF;JVYrL*)a-ZOdBI|>d`C~{mki}s
z%RyD<46>3lEwDXss)V_fNN<4Tp*%x%L32l}?6Lmx{ze4#&E?gB70(l@k@sEU%Jz8v
z3i(4EP=K_$9So{kwVDz?V~}Wt9GO_A55Fujx<*U7b6tF=2}KHWO40PvABvP(Qt1JA
zovJA>R=Fl$h1``mI)lpd>-Q><e}cjgEpiO*Ka<Fx%VA)RmkLl=r?lOEAoJU`ehzuC
zK>WSGKe5PU>mZe#-F9@&*Kh%3k^NBi|1;<kfgx(d>lBy)IxC3far=m`W@zUrE9c|*
zh*lipsS`nU<R0yLN5q;1Qgf;=?5u&oF-IO<6?vxPdm#os_T`0<>UE46i7RXOZx_r~
zIHhmvEd^*Nd)N8|$^5&M%C$<N1KxP=x>1%M=-F0}p4*VGZ4Dgn_rH#g$=S}ccwx9=
zX345hBtcJCN+$9FbiE(Fy-G7jbRj_rcI(vbm)cT9emN7|K3x-oMyqd1_ud(Dz4jr1
zsfLMgd<shQ6Km(C<$JuAo;VD#c4nB0h#N`Ufl{y6+w*=+uXbNM0v<}c<L>y_mI{*X
zkt|*txVje9)>*1bzn)7H`k7LH#@O*KM#FlpG=}l7?Ado=#=)Ft?I(jFZ*%gUDeVXH
z=wBI_Zc4+}R=Pi`4^z0~Bp7avXD5>~KY$wf#=pfGk<^8kex{TR42eEd#6L`+h{W%!
z8gBJP>~;1Olgb!}X`>h9Skxic7u{d?XlsV&u6wl4{tLMBmOfiO7oqvQ-yso+`#Z_I
z=C=JFje=25BzG(aT&4k!8)JGHA9rOZY)8!oL+V7T%uickACEU8^3D;SV@La%Gn!1^
zk(O@KjDbRSPu(8YOO0|%|HBw9(R3Qm@DTOM0td;-I>}TFA<|Op!|MwXP;;xOU=UaA
z+s%Ad%F9=b+{b><<$8@XemH-wwophg8;^*ZeE-f32F;^JIIo00%G%xa&;8lUEQr<+
z%jl>}cEfSu^(RCpCRZ497DW4HkI|W{)P%H<Rz^~|WQg8_v3t%hk-Crcc8ylK(?QOy
zK~FO>g}J>-$m&;g!X{~6^vJ8d29~kqUIRQz1f-V&!Ve*gO&F+=xFr+(b(fgq*yBGC
zd}Feit&(8RJiMKs-R%+bXgGd_lI#js<v8rUlJU&r;;>(@oLD#a7B`r$brG|Kxg+AV
z-jG8#uPRDH&oQWelC%-auRBw3KoB7bq5%c>Guvf+ogYY{p3hz85Ze|<uIz0F<G(?#
z#y%m@mKFb3qa4pP4Hep7dX(k4ev)0#U)51)r@##^tI7c<WRr-Xr}IqJngzqDU>q*B
z8~jl@c^ajTb<tx~?>@g3{PHuKOx<-M*=&q!aZXvnWIG3n#?;d{^~w^4S!NFS(I2CY
zI4c`sMK{nP^TpZNPUDYrqDFL>g0I*V-tQ#5cFE(;BXh$!afbIlO&fHf@EjT?R-Sw3
zseQOA8hedY%$0p*64CXi$1Hdxw*_Ru)w|B4{<KVd_OwLGLbheKJIdYu0PKZrPK==D
z{kuc?9sMB#k*Zn$wCG-j8M7z!w6XL<8=c!XM#9rn3%6%j!4Yq_!==an{+>s{-0m*g
zbXi&><!j%0ShL!x#q@R`&=qBw7VOQ>2Xurv?;TIYEQNR$sEkg1;+}iQx@y`6h&188
zJ8Dc=Ukwp{V)*uVuLyl5^7XxI-6hT^Z5d)79-x#Ez#1Nml?1u_HweH313G)nSo()j
znfPSclaCBL*7t?&wmiF1DUy1i3`Cj^W&jf%H~a!<ou<lZ6XFgb>DW0y*eZP;b_1wM
z*;>58p-<-y3jl738k<rzXhryjx>07m!u|5MRYRB(a9_@N(B@5n(&}Cd6+P)?C&62N
z=nI}254vxaW?WwMHza5>A*&0+4z%!YtUxSQw$eIYz(Pczl4zR24;UTI)Gzf1yxs5!
zVn1rM>iQ!|SNLGjn&H7`W=qohU7egP=&K?Ym1Vu7It1+Y9Hn=Z#;pq4xa=!?O8WXo
zapfX@WH<v+(JNg%OJMCK8y0d)fEfQ*g3Q1A+S|A9Yx=Kl)nU8T+v^NZ{T)BY{(hAf
zWe2_C#a5rtrT-c#mrbQI<D7si(ZNR7WWSn67Bzmqe$<dT7ANVWH&e_7T6O*~uWj{%
z2ZHS}5T?y}pl|AW)D}nG=1Kls-xm(y>%x6z?f+G?utYrPU)C*lBOytbPQXNuT46<p
z>zp^e!Jp!nxlFqDnHWx)Mm8A=?y#W3zvf<$FPZDCPqeY)AD!QqMH)waAqZ|mioBck
zZMd+Q>~wxjx_chd-Li#r!gJyXw*-T`d0rSI?|tSL{}x$zZUk&k9LpFwF4+&HP~K5b
zC&ThC4+A*QdwORr1^*TUi~rpWrYirNS_yZ*PDM4IrqWB)-yl4O8faytm-STrpCOz)
zdvs-=1s*6ae7)~>6>`ahX--GG$j9Vyavy4wxwd8o8J2U8?zsYVwqhK&zacWJ4a1y~
z&zXKKjyrtHIX{#9e*k7dnZ7C*T9NJY-NM&2Sry8t2A3>-)F|4Z3oYA$zl{tmju4=h
z9<OEXMb;uCR&B>!IPj>rg&d8z?zPnLI{8|eNi$H|ti<1G76R0ZvQHA;%dazk3RLyW
z(EUI4?|AJoE(^b3w{8bxYVoc3BVUJ=bK9?5a@6eFOg@3zzMzA;M;y?1Akin}>5x}l
zH!9rUTF<1P4b8Liyg==i1f#DYMKPdf4Bze08++>eamNR*Em3wngEY>uyr_V5)rbkY
z+zTHH=X>TN&YP8q^v>`;V<8erHANO?7CL|zjZ6Dj@fLozeAbinuWXE-tdfOakJJGJ
z#@l)LS3mOhZ~R?JyBB900<7Dl_;)cN0maVHDgI9X0K)zaKb0|d9^E>$k}R>Pxwlf@
zk<Zk+d+S&BcARj`{e5pOIR5}m_Jb0W)Qy+}b0zh#@)!FBV*b|oYJRqcoxit$zuVd5
z1dy^9C3lT1+U>u(m%DHKmUV0J+(yz@!%wog<-8W^1X_V^stwfuT8fD^Q4(l?P)Hh$
zC3=cQs36Z&Qu0=$Wu8eZawV+NOInf6)eS9g4BCN^)x$X=^udzdQvlsX$_&<~64qH>
zw<8v@%JsPAYb&v>#wxOEvr34X4Qf`TYK3@KE2M9LaIRI_HpXk6bc@4QTO!pJTv$01
zWd<b#5^lKKSd>*8ufoTTxZay@Bwcj2{{Rk5j~o-_2-sv~saYV2E{oF(c}qQkW4GCA
z>&=tmI9@IJ`d8jz%ZDEZY*|hk<VMj!52JmY+>$N;-G3U_RhHR#!#&#EOFyn$Zs&!3
zQyw!)^GLDDFg6GP78{w#H{xy$yeqd}{POd6b!S{m<b5^Rdxk`lZiNyQkEq#aR@=hS
zTjIZ!PuT9(C+hyb+~$9~=|4_(j2_L{%n_)O)l9QwkO6rc)LU`T0KT3z@_YL>?B6f1
z`u$U{Ohn%uGBeXASyTes(PDFQ7<x{YUr_R_dtzcbdgkV}WX$in5P_pm%H&?wQ*EO9
zmOgdPPnPe}p$5Q#81$oc2n~+rB>Ywc?)6@^lK{lUQDNMWsVrqyyAgIgzfnB7R&(~Y
zeKBTFi;0lx?&&iHH&rr8so=bIu<)+BOJh4+JkNI{C4tF@CI}wMI=U=n*2ilN!B~QM
zSFfv&7<s!V-dtSljA)hD8ZGdujlkVNk$7<$f%&gqjdi!nj@C~P8Ia2IG^(2wi6-{2
zCx{l()$Z4a$+I_xM_|X(?=@2kF!9oSl!jS4NXFa3mp)ci)ZFP=+Tt~=&Buq+f5+cO
ze5|wgOy#qn2@Eo>sK&<ceq66#EB8NVGHV}O^#1@?AKJZ!QyC<RDCJPO8=@2Xc0!}l
zp;u5%_-S4#<Np9$z4m;4gN>Efj^qc8ERr*?uKFDS&^FuD_LyrGo_HQsIVGf2lvp~l
z>{i|IqJwh7#DXfzjv4i(iG$osyJf~)eM_a?UD<AJymI61rrT?dE=jK6NhESaBah}(
zvO5`fI*Eu;$P?)ex}~}JYHIV3jo-V1G%l?SaL8GIaZHvis6|$N7yT>ME}HV;`1jcX
zg5Akf=e~Rg4Xuwn(nJ9O+tahd!k2Gf7`a)exBXtz4>jGO$H9(fgF19(+D<yk9Y9cQ
zP0qTG09UK8`+1KqY?|j5ywusxyLp#+{M@W=4Z&M+uT0hCy`RfG`36NPs1L+3zdZ=Q
z3e=2kwfJJ_F6(ms6<E!6RbNj{haGA=;V>NBaMFed2PBQd+d`352E~sJC}9@~dyNNy
z<3vZQbzg)EWf3IbQ+kVpHkKm8k0Dhs(5R}W!0FGOM&wCKv15A!p!d<ND3qPRog2ha
zjf55~4gUag`d+L=jP7-?vC`W8w8@?nF>v>`r;r*{NJS<#^pS2FT8qjeHYY=K!qiN1
z(1_$&o5<K))O10j2G-@s{9nSZ5w8O>PT!C+aoX+$titNc;M7b$*Vy~-Y0T{@-LcGX
zkl{nZrN3>|d@aEHt!nV^uGZt>?bm6KZ<d9hKRPCsVB2GDB2nTmVanqCPYPpQZX!#y
z=DPl+i55bUNXnj&ePEp}uN}s`+2`%w;Z&EB`==49VoiY2`3-O3uC-<U62pyANRC3%
zGq1qJkz#jo*IqZNX(Cc&v&I$&Q00w?u?0uPZE8(^*FQ|H7UmOVNF^xyVJ&c@c7=UB
zO>S-R7{}W)%?hVRG+7~qPV#^SX&;aR*8q9e<oWq#<NccAYea)^Z%FkEfOO(7dd+JI
z7NCi01$wAp)Kk3zCV^E<3)E4#PzA*m29#C8D`_ghL&;l=+RY@DsKsV^E2Lu8Me9+E
zMe4JWOfF8Q42mkLDH*kvTGVE;NGoy9v#_m3P_d&pFtl7OMX761sv%tKak3+7=Urn;
zJz}~=ol4DWB4ntlrp&`hVt^?*GYiNP<=87-c8_-p*0t8zpM<-~Wcf-QX=IdqxakX=
ziP~G21e+?GHHGyy6*k-K#(XU9U9+y}!x}uNot(U_C#EzU2;N%OBI4X?X}&&iyY*+|
zEinBfjhhczNhLi?2Qn5|is(KOW@WPQ;as-;tF6OR_2$!-<;?A{%=p-`hG>ullc#Xa
z@cM71hqBem>$RD#vdrQwpE@LnMVKQhx+t)*O`F+O2^>J-SejeRZto`*C@lEEMxmv0
z2zzoT&_#xW&a-^AuZHs!afCwKq+&v=aM4ew+WvLRHPXcmn+`loZ?r0s`&UbWf6d3-
zD}I?zY)2C>>KjMZh%}1!^gi%HHTAgXejZidPLH=M*zw)l>YV%;CtO@;h?o|WE=%<Z
zCx~mVp1>>L*ZTVH=Dc0sv$mh~$nx1gQTJID(7#QjB#;G*Za2BT>)EePuLl1Bwb}lR
zGfR~y4=a*&wfWrma=mntPYyd>uQiTmzaMR?)*&jf;jQ=pDlL0|qCT3*8AG^D8Z?nB
z7%_F~w2U^T?_~qkt$06czGK!thwA>lm)gFAj?WKfml3wWOsXZ4GSX~E0EI3`#C6bD
z&AjcG)Ypx0wrqS%B?~Gl?ReX+><8`vb=nW6;=`R{ZFXyjkvR-gaaf~4b$c--O@S8w
z0CuZc;jHB>VH7U0B!q<mR*+djh9s2s`BLV!7;`h_kSfS_GfEgDu-w4hC=Ka0*ZB(G
zx-oWea%VX+O*8cI@zgvr<E!6rWg$+hc02fz+E=1XPq!Vm&Hfp?L>W2R5=W1L5rY{1
z+s(Xn3LT+?>Pa^`e+u7a#Ld1=yxt`6edt4oW4Z{E#iX)=RLOgSEzezP)onX29t*wV
zq*A*=iXmbxC4!wr^cV8*uc6nre7<LXxVer~D@a1BokoCbb6q?*`A~(?uYC_H60O|U
z<$K@X{HWGlPyse4kB5~<aln(#+ElGbfM6P{B<>HxOtV$-8tYI5TTc!Y5g-l*^cF)C
z5*XiT=SZ<}zTy;)8dy=KMbuakYjL+aCUBx-xcPX|jjthMx^CU5<w8aH@RriV?&EL5
ztbrKUX|{kKANbV6cY>PRPox9S#+5LPJJL&nF2H*=rdM5lQ<wJSKE5`!xM@(ePs}R4
zzzlW0T(gxzM%u~=DtL;9T^`5Za{EN)NIg-#y0M$tfc6osOUW)DOzdCfe#I|J44hdo
z<Xd#*EFK_vTnl?^$-nE{e7#zJ#PNr=!<Dk56GnQh)@3>|0Goz$%gVglNjQ47mhyw;
z2;1f2{pnKPqv=LwYx^(GudaFUmv4y7{njR!hMGN*D=YNw)^I>J@wwnFTAf^YW80rA
zq7kGkEP-K#REWW{n|t^TdGoB_I9QV5!ZC><STharrNFs5@VVVm?{dDA3VViL9xl*Z
zMqmnsy@2?vqg_F(rnhEx+C_^Zl?8MJXey}RK(9bvf<Vw0s1a(SCFme!s)!l9>fk`n
z=T`}o4E1nj2AY^ms(C9?GS4KHsLibJC3KE<p}x0=I-0dqSfYxUT7W4<ROv*l(nnR6
zX(Ou5P|?+8106D81g1<Tt68<F7bcaPT9JA+tDUa0EfQBdT_iI#X4d3Er}M1kaOCEl
z*_}<s=s{h05II+?ul|>lxBjDpJ1?n?9Bb7vNE#&C2`#_^z-~SqYVEA#*Rtk5ivvZ6
zfsS4z`NE+jL^>fLTyC-9YWX)iZF%AKCli^=Hh*`3qPxgaFi%i}c^E3)iUlp8)0JyZ
zx|?qpA<k#r(@3%7oRx}2LeH^9+!k@f*Gs4S;m_Hl4+=q$B$%|9w2M4|F^$<Zu(uyN
z#{0}-HKx4gx|r(o6<F1w##@J!i!mcjx^No!R}HM5e7nwn(OynoHae8M6pA9fLT-Zh
z9JMTJ>#eDFk>#?x+;U{fV`bkNQ;zKW_7%9hDD)3ro2%KcRgvVqyzujD^$T|lxzwbn
zSbpga40m5m!)a@H*Q@aQ$n#GB0Bd75b~Z;wLm-AIBR{dbMk{T$zT$j+`qs6vo%Oi*
z!_4;?l5C>$NJ%QY83<qi91jjv>(XL89h+wI=bMvo#E)-<baTo{1dbT0=sqSqHRbKB
z+Ok)v`djGC?2LrZ%yz-Y#c=Gb7)rrTrB>W8UQYi2*^**&YuWnWt!>TXN7SQPI*{bR
zRy5jf&vuqe+Ta30jSm|WUn6VrUt&v~tCJRKdP=9GvCHaNQJVTSmrL_B_QLw`$=o}h
z0<>t6b>wCXa+d{w;-Q0X+D8#u*G-w*Xq!Oo9E(0h-b4g5{^7VAb=7?!lVECR_-ohs
zRU`yU7z8#naTk?6Ozz5T4fI<bbgM7?PyLv(awC!$TTSu>5~G11NH&RJZfp;}w<j#^
zWn^d(dz7=xJuWsIsVJm;OgCLg7xz}>;}MxLwpufOsBYDak>yJmk&&4q95#WqY{2WS
zzb$88k88typRwyXc>d${n#z|r%ES;FL}m(2`P$9Oy}Ew3K3*Qr+Lz(y`;T%=w@`y}
zxg`Sy3>n3UEJezL!sfjiYh%s6^JgvG`j*z##Bt&5u8vA~anw*taofP&h8;zdmm3``
z8G3L`$BpXcGOF6%^${?wU`~M54AcO(7OEtv8^|_;w%-pLEMClj0M-LdJgDChL(aR2
z7dlv4jN6q@DQ!3p0ZUoJvPFosK*KeKsFH<}MAcf?(26XmnHZ5nAjsg_<Iaoigc*sk
zqd5egXN5({UWh*)G!D!`JVgPv)K;8M<=inh3|y(84lL#=88>@uYd2YZtlG~N>H8P?
z2QLuJdxUM6?_(5z?O<(VbL{6?+pjI_*^8R=-%fv#zMq#lqsqtm29o<HdrCKQ^>JMV
zaP8{a&pCGL?bkf;_c>BUBb<XO%@U~S*xfB_+-(}(yt??q)3!X4%pVcNU$$f&1h6;U
zTU+hqInx~SXO0;k8y}-4Gj2e=HOOVSx`DWze=mR@`sp^gm5U}YjB>;gRx60W0RcB5
zM+?&Am`qDiQxZ^2Jw;1!phf5^X)2<Zn$@Wi)i06fT9KTpY>ztD8OjGDt`jKrjWA?&
zO$?&aQ8J=QD^Z%x(pO05Q4&_;7Ost|qfC0ySE|rUWkD8>prPWbGszVhXLzdQ!lNBb
zm`7zym@8Vdc4}&nHm-MPNvZWMT<*@3P-gS4cDhYaY>zt5T9HfSj~bb41(llcVF{Kv
ztN|h2Zp7}f@a3l;vb<fryL;VbuUB7IxR%J`caNyM-VA9zI~B)~x~NC(u+RV$Xxl-p
zbac)9+m+vMNyKn}@9zE7n%M-rw-&n<B<bVI_3WReq>n%ORj&j5nciS^87jGvL_;KR
zaxOIDEY0|NR{sFU$BM=6&zSa~PJM0k_i@XKvvLM3tn6ADw{0xPPhNmq@`G9I*J-a2
zCNlaeByq;CBzsy#06`E2z?~Sl<E3~l&BS{>TpsJ*@+aJ}20;q6a>KlI!tD5&S5Qf>
zUsp_y8}9l40CW1ExI>g#khD?~3dpPdFm1I@nCD+hPuG?{UvKPft^OR0ZtWzKfWZpA
z*QUx!F7vI0^%dW4tVfq#`)(ea1`d##Nn~b3Qjvtv^yT#nB5vWda{vnQ?{newHJI|{
zcO3j&hG<?>7QiBC8A&GByD8j94S3gWHM5r<&dGRr`S2j>KmAJjbpvbNg|2yV<6Y+e
z0K>_8=5H-Mr|FL4ohd|tf|V>JkeJi~t;n%%8h|x5j?Vpco>x!T+iQ$Hk8bR}xpsP@
z$=+kLLlY`QQ0_+p+PKsm&0ZeP-M`WA>*>}#Y@p$G<QU)eIW4uaa<ug>`!TsYMX$oV
zQu}Ss5$*o~rf|;v-5_K#O1aq?k{F_mG)TE`Tj&6{zO_2@{78HM0KQqL?%DIr@>q(k
z4nj03nJY4sBKxF8uofDPD$cnkZ<cQM+(dDTLoPG{+IbK-4<3sUD{IK+{{R^rKQDz_
z&ToTTjuVf*V>irg2>CGti6O@fT`$bB;-#;z-%|BnKAZf$e$}RSVqs4<L~%x4$cGfN
z?L`DCgQn)bxAUv(Gr>2qX0m1X3}~7OW}R`bITu#=tP~y0_qbAcFWXwzTXT+hX7<U9
z@aFd}>~%O&hFA)-WDq1blSWZ+%6IY#E3Tb?Y;W2B0P^ygCoj3fkdic#%ZIq*Z9s}h
zAUSJkecXn%>zLCY%fq$1{{XX!&eF*ew?-KP?2sFcR^XX0`Hgm$4mK%{2A3zL2;NDs
zEI=G>a(D{9*qNy{&BSMCv)J2B4Y(R*aDzxm;03t>K^@J;{$6w)FwQRC<6Pc^<6Xs+
zupSrjs*)=Ww2*bNrdh(%F5`VYm2$Z)=JYaJ^809H!2t2K0M1Vl@8?4(-oyCNM*b8*
zanFSUxbdiA9ZCLl4BGnX;XsPFwyI!&(~k;@2w|_;KoX>B#(>n?!rpWRxZKbij+gfX
zK)_;k()14GY4+4y5H~(zi0$?-tGmByXw@ZYaN{KWq=fYU0P>DTvA0~Vn)X=w57Xb|
zUdx=L4<g;NR8<kpko(by)roMRf=J<N^6%4S&zGyKyIaSHLHqAz&dQc9*ODcgQ@zdh
zhU9f^bmSCPwd>kU?3-_;zt)${Dmg&c3P=QLdscAPS0-5TsfEh)$sRSFD%HpyH5ERv
z@u+1MoOsp3Wki`Cb-5X}noN&6+>F}J`4y}&YO^`5VVsVsrVOMcsfEg2N|-W>Nmm9`
zJe8>!wVmF#Bb}jJTHIlxBUEmNiyEU96=+&0DNt7FQ5ocpnOrkSl`>(Sz^q-GnyF$d
zH)f`)S;cd^H#Jt%0a&{?HB{LatlHewQ)PM9a@>kvE6$@>Q2AbT91iu}RVCRX^;J%u
zvYRde;lZy-(VLdN@f_KEjE#@iY5MBR>D;?@J}SI*73kBeU0n9<wZjo4o8&>$I+CQ`
z_cr^htBx9S<BkkSq=s<PF(9xv*4!%Pal(a~LiclW<4znY8M^TG-K+eQ^%gb^eXlbi
z@_Tv>u@Y@0BY@c6UVH|cS3P=kn|ooa*|pahXu$8t%_&(oi9l9kt1h=BYoRu;cdolm
zA2x5cyIHr&GX~6u_FW8-Td0hEL=&`a2IZ~JwVzizou(tJ*uIv<lO3{h@{}=WjbK#j
zv9SO!9&Pad0OMYM?)xqzcIf?C=GSGFn-ep&tky0T^E{)cavH=4O~-*2usUmAf0?t@
zW@Xh*7t@#>x#O2HozQN18c0H=wD{SHeQkRUMK<rdcw<hPr<Y=UzS}HJn5^=oS4@$N
zn|h&?vDEst8XDs@+FpO=^k#g2$%OVU<{>!^9Mf-gXgadAh^fO>X4h!Zx#^{E^6Q*2
z__oGdF(Z;VrpHAmYpX_fiCMPZ#3~|2y9bTyp4U9LtiyAplSLGh%!;yECzOG-#kSVk
zPSI;?T;;{#(&qV5+dfV5y8XT-j~PgcGZ{^;<%w{hTJ{$sb!&X%6*R_kuY%3YA*M(n
z+{CCe9myPUldNjspHVHTTT@Mb%YKwcgEIEV?e10>-gQG92+qf=r%baShWt$~{{Y)F
z=_b5kM|oM}?TL?o^23va-}NIL0thEYc^qvcjkwmj@pjGeQ?oN(J{4tW;^LU{B_?c{
zQDSls$l=%j0Cl$908Q;~HFeV7J`-)E=jF<7*DiJ$4-|4>Lgr_504f%Hv|E^ieWv;i
zE3Dtv{{Sw2p7Z!&d2rzQbj6XToxk|_nET2gR@B{Ez_$`j>vCJ1v6=9WTC~q3-LWBu
z0yPQ}<h+hHvjw)Rb{es@HRFxEmS>%OIXF1b%-NF9BvIreZ5J!)D%ZSVTY{<Ot##Vt
z7<1EEb82w?H~qr~Y`i5{f&;QAmuoVuiFYmn*x%9xuTuAV+*Y;e_L+}8J}X5M$Wem0
z1xc|Qli}>H(&fg*QNr$63td5LUyZyf<sj%w((3fvr~2%6{k1a=Te_`cr-3@wGW1ls
znu};{#;RopB$7$uc+mozalHiAPzQ}vNH9DNQw9jupiTFR1-n~Xfm~a|%7D1H3(*L%
z_jphu4>|(l!ixa4^)xViH047G+>d=gTbDW*GHwTrP=LA6>*ql)NF*Lr8sQT9(I^J@
z91ooky!<F&UWk(1@cZbvShBjXWhGrr)Tyxt$kCU-?cKrK4;`I}a~c*Wi6uqr&9vp~
z*6`>@o#$D@d1{Y4&a;KfLS~N|m|U$HgT|&8B-ws-WK5}(E6%qgHnYA*oo+`vRhh3^
z!#05TtA=v1P3kJZXs3FHP-9mKYL_*s7`0Ibw-~iFLwcy!3L2wyDMe~UqQ$^eP-`l!
zs#>^bma}Te$1@7&c5Z6NEPz)#vvXECW&*KxZfeUWN1bOaO<APL^Qo4w&iP(+X+!0C
z(*l;sJ~Y6or#>}sJhyfEysqs$5go&7f`r&@Dy04O=+ncF-dW`B*?73<WdTb#RJpjd
zj-!_<(qY`j!j-TD{*?%Y_Gk%hZcV+KYgxN<hh22zFFV|$^dp80jO@r4fVtFrt4>#y
z07)bP#mGZzaO2@xWnwZSZg$+-T?c`<{uEp;#mbT<3>bME@a1DkQ*CAP^f(#VlFSw<
z0%VU++u}S3=Upb*;pg8=uQA@k?tQ`t-6NgXdv0<Gxg%TOjc0zjQ(oH|)4Vfx$os6g
zu{4nZwGgywEzZD^$6CeK`g*rFp5E3j9sT4?waVVZB>YkZ$SO4C+d-`UKN$G`0A{ab
zxzGOqYjFGg$&1sMDGL{4)i~#PTMHstm?iv$O}gfME}QY^{z_!}mpx?a!;=_CAtw=;
z7EPPCdP9X(Bg6``uUo}Sw%-;xlKn-KCQYT6DPnD^UO9g*>zjej+)Z?ydgF{aUd^-4
zUY8Rt9^r{F`Bs+>B(!h>B$7o@eN_NEk1F$BaeVUiYb}?K8^$+n$6QEfg=5FWAs`G&
zhMmA+bp=CMoq71yGqug0Yj#PAj|+2JG=?>bK?XECrruC7lVIjIXbINJG^|Pg02R0X
z2alSg7AaCu6fy{M46dY*5z7_a{{Rtdjd@hM^N;o>{5hT4e&5oQGcz^vMq?CgFvN?G
zhTswKS6;b%NsKw|W;1Sc@WF#LbK*Q3+6W<-EK|x%O2WjUD#h7=*G2NKn@n7>uRMG$
zpD&??V>Xb=5J!fZBF5ZGC#!X@#EaC{X1aS~IQV_1w&Kk&S^A{4+<?lU5xFC45xb}k
zg4Ne<%VUPUdduahF$D0#hmOx41)5IaG2$0T)si-0qT5bCWn%4)Z=Z)xOz}K?v(MY{
zBaPK$RcN6|!oztoB(nejA&67{?{%up?PlpBFM*UyvBixc$eBW8tc6Gs=-VB&3J~!-
zu0=hk+3WPliS)N`#_sUr=gAIQvW1!mWGb=9;Du6uHIIdBZtHc-;f;D^+n!x~Z>I5D
zb?(vPV?~ba1QD#Pg{=E-V?~m{mGKv@SGMEVHQseh`(izx%J$EY`A?Jo0H^pZ(SDun
zyKT1a+59WV?Q@*HezO?E;w@_peO_KQ_44`FARCn!JM!n_RHRAvQ2@C2P%ze}OeP=3
zu1q9YdqJvzo?NJ)d28Zmh?C$n@t|h*1kfT$7UfY#1Eml!VP-z+DH2AU4FE0UK!bA}
zd}xMR=Jw%58X5(qjrjP`E(ZMQBpmbiR0~pd<Kskt5H1Z20Cn_}>@-vM@}fOP7D*V;
zi||GK1#z>Nd3bG1!{b@QS!j<m_|(GXp)<VdVRF55yy{_ce>>+_0xg$*b*UMs{J=cx
zaf+JBdaN&vuT>gSim(b`$(5!PD3mpDnLx&Bvp|NbEsh$f*Az5XsM6F`>L{sRqM}-}
zYO0aNV%DT&no(Tt&a+oPB6{U^beg%-<XXAf+|`0?pE`|Uj$EHQD=e8Nt`VK`JnK>l
z8hW@)pk_627gDYUTzpug?$YH=FpH{#Vw(WM!4IhTTDLqg^2gr$pKQs%Tu8N)5JOnl
z6*knJNVkPq64p3nSYv|ny5lnuGgvUSfg3}6>s2MVSA&Bz(>kL60MoM_uEUC7jlY!<
zpFSqU%aa)xnAG|%EpTZmhHy^PeLX-C;wXzrxo1@fssJN(!R2vP4OpwIBOUhuk@}CF
zLcNb@?(t;*0MpDuWUiLv*7ozR`fZn!v##so!?KDEZw^yrj39$gQ`uWUK&$F|Dls+q
zRP`q4bX##DY3O^djZ9;50*}Np`c3_!v3l~}y}0n({m;3s&AATX5K2pF1;Frd)yHm$
z@bpjEziZ&{@+5ObnToj)<Td3e%^Q_J5C_#@dD^*NtMTybJN3S2lzWeN!tNNcq|-}@
zEw(c%4XS|M6$;+UEHt%EHM-vkz1MG?ItMqlStp8UpQpKC#8MEFPz}=WDScOf_tr6Q
z4!*O@v6~ooZ|->N=dUBif=d->;w6Bxh`=N+o|@@>eQTW8e`xAQ+A-a7aj(>9%Egh8
z#jX_k%5l(hYhJkiOT~4XMBfe^D6%KVWR$2_x}eD;0k-`!ZN+pvwJXM_y}VV%Ia|`m
znOg%RxW@)8mXKrO9)Krk2U}{Mdj9|l#j<lJE6w9PD8n7D8K%dFH8Qdgkex|W;IM5s
zjqJxwye-PLx3!tG5uI@^CFMp&EO2(SGy)m=Q<e(7H%Rweddl*hrLV4>1zBy|6!gZe
zt=zE?MI3PB$po=(cIqn;DO(F$b;m0XHIGaDx0ybWf?n$nNXgS#6%prvLKkJ)(V`N=
zaW@w{s@bh2u8;RQwr;xo-tL~=ZPw$re;e)cx0Q3p$HRY;{{Xw;-9vGH74=>S9>dfR
zw%#>a!7E&O_|QuFaMp~G@f>-IDefLRRWLUV1?Y#nTDdA+KxvdnaPq1GFF?RP(aMGq
zB!i_43*29Y0xWHB3IlN$zPF%8z<JQZOTeC07X%HB&V!W^E2%tnpbDGYmoY_0Xe5qw
zL0|_Rd5Qw<el!Oi4FWm}7%+6T?S6C}tZ6L-fAX*4T<fgxy=Fc&6>8)fm{qHj=Ti!`
za*vHnDnlsv(*gX+@vTIurbX*aR;Z?`&2ENE)n&FOy#|yOQ!4^c9V#L8s);N$QEEge
zFGK=@)uP0=R8$%3HngSYtXkBJ(#||<ovyMlPm{-5<!h{tW=>ZfYn^UKGJKvo)M<uX
zk2<mpuQ#1)M9VwNT9FjAm2is8m2e}}s+mYV23(93&B<8H7}yQsL8<ie7dBostl}89
zuf)T_hkTI2*#*UntO2_McUg!Y`o`Uubkn5rFr!2h$dUS`ZSaG=jlt7#;cH&5ma*Ba
ziXK?8))GjHE0rNZAnGl0d5<dV9PbRh#6gsW8PrUQ&lBIkT;BC+NZ`iu2-!ip$zpw?
zvMt9G%ECCtxA?dLZyIF7T(PVL%!OK2*J|=$b-(bTgfaS$Bxw+|p~EYZ1+B08(iUa(
z9@&yIu~JY$ZVnfKVaC0B+{ez}Ut5OI1!>G14kD>Q2!AaQgepm~pc)b?Dg|w=X0;Gu
zdd?cksUlJ>YQ@#LRLc&WE1l7~vJpun4jl<nwy_r+D;sF(uKxf}Mce+fRqc{?{Med!
znTvHqgh-))1P$AR4LBO}ZPop=9=&_>F<QGh`gIro0PX$6;|ZU9i<B53WnBW;vJ3D&
zG~aEnm}#!R6~804;)t@lhF(0`3ZXt$J@!zyx1^(MW3A0|*L%d3Z(kPJ;IZtPYX1N?
z6c|(4n*B8{-7Pk&7BAtihLzv@&m6d8Tjvq5<aV#@f@H*tAGbupNU_`^nKj$KOM|y@
zQ_ivLx3`{KmU`zLCx9{>Pl=BdSeONa^s(Y9T1f@JtieLs*V5<gskS`cYg$Xp@fp{-
zX2P&di!|8qm-&2+@QI~ezwWTz{?;FjTco^SEc;)FGyAytuAS!p0OoJ`-nrYm$7bEz
z`R&`rx_&-BJTdLh`@A)PJBFgYE=x+QrPo7k0O6%pnfDNN<580bomOlx#{M-)663>_
z8bGx`794*Hs9@=#pqjIB2THkRKA=2!(<Tqjs9@`3!^Vg#yePOMYfvL@bTD?k{a)$<
z*7KlZ*4IHrAOJdX6hyDD8YLrZ+>d<(PL?DcYAM_iajm$}BW<^~ltN-T=|vupY)`U<
zj=Tr<WB&k@eie%AJS^Q&Of?K7B&ewgXdhJg(Q=TO_|cWAJyfl5%~mm840-EF=|L@4
zTjFqPjVeW4BEf1204Rw7C?+jIFw_rqMTj(&n_H1YlU6NmMoF@5&biv@BLw+=b<WpG
z9Ndh~I@T+sb0^F5sfL&($iF&BjL$V{M9P+PTEMNEsw!rxii=f3-9W?C8E4Np`32cT
z$Ov7RwXVDf^W$5ShI3^+4*3h&Cw7exlA^_ziPEt;`F6jt$BtTad#`JJB~>8G@(bGc
zQLd)^>r!I5-Ln`w*Koz36B#k&FC+}bt~44AHTGVuyt8uV8Qw;_5DS0_w}A5DS1B^9
zYP*#Ii2SFR6&D8@p<rcl5p*gBw&B8t9h`h@e3WGf=@emAv>jG<BTr$YQL`Q?AutY?
zKq!6jfxKGVw@AZ*x7kxXA1z&k{GM>!+at<yf-|7;Tlx9dUah%#yZZC4Ubm)e*6<=$
zh&GE*sGXqd38Evu+!l>QT0(rQE0tv4vZP3?x0G9LMaqd(Z8qas*{xV)hE7Jf`nye)
zD9DVBq<}ecsp?Iz*^S<NwkUpt(n23b*u`!*Sb?FeUab5&>)mIHpZ&p^B!X;+p`Jyt
z4Ky*i8*~;VX-~(G89y#=ZWEKf;mZ@IPi%rv=HXPlVFxuuQ?w6tF|_ek_G^5|r$4;U
zlJhid@pS<JEBqqhi(gxUqSbYn_%8Ce^PHK&{Kia=uvs;=h3{QwWS%39(%&^_U$}ga
z%6!NDKK=XluTyoc@!NGjB+hVpZH#A!IB?UJq*YXsK)Qo*=R#5=PZ8rm4Xu3z$CXgz
z4aDe85fJP+`>#NYYpBrBBEsGjFpz7CsFlFytpgGZ{xwqxZ*Oh9DV4&(ChaX@#;#E?
zKS&0EK0>L2+AIk+sEC_`;wS-qe6_VzGD+0xJZc4fG(7lFG7g0EpnCA3gbn`y(t!e_
z+scRm@b}RVaU=LqpsRCXt?Cigi%5`oDEuoG)<o|`JJbc}4b%qe1|Eo-y;NTmwNbta
zxK)h0c+>E$Mr)@8)u_vCa@MemmP%nVn39+>kdl}Z5>!*_R%*ybO2w_nt>v|IyE;u+
z=bqKh?CUjia&oQCv1@WUc^PM2YBh&8e50<kRvB_C;LAHoO<V{Us)!b<Ak9Qn%~chX
zP)Bi~VW>FWz>l1AMby|I{UWs)tnmvgUr}xYTO0GM8L;hfxZ7#hZ#pV^5J(nhU48Wc
zkf|yd=*G=%RZKk(_LPYSOs+lESi9e-cW@%wikWn}@UBc)v2$^fIE!_zB%H46us7Xq
zUl$sw9S9aINLZbbNZ?5`-I#y|muu>HTC>ht;|23CnqD|VLykiPw+FfAd~dBWgv!GR
ziydU1P*xCsa@vU$+*^*f7V)g>w=1@<Puufi&Ba;O841zjZYslwHS~44kB`2-w+omG
z(-m7Ug;dJ68gQVj?i?yA8=m|sETmblV_96HSX5~iValc&%BDV5oGw+cCzVVrs+kQ&
z)Vi9=sBRo9HE^W$JZdTzd(eoRnknmRR&djtr0(V9YoUVz{zOnPNY{a)7%hDbs1YQK
zH!28}UKiJhqG1No;PUdITeRUoZu=^jJBkJynBze(=BZKx)5K6%uWkq1R7-f_$WtkU
zHYbm?RS4evZYm(%u9^y}IRjA)?Y5fLQY_Zvr-eWpSRN;x2v)HI+E7QG2@EjP@Sr_B
zO%)<i-V|IqP@BYu{iE=#R-$*PqVxsm3(zaj7od<eSzLtGO4$P%)Qs0h9nEe=Yo`R9
zD^f7q9JQ=6y=JBiq$Z%4mZe-IC9GQ1iFGTTu9H$}YnIzO>#B)nt~X~{tDliRhg!$8
zq}9sGpN_Q3;mXLI>so`KETq<>EbR3}H&sI2K#NdT#;Acc5d%d=h+>0{+!&0<+s@a&
z{GzO8&Q)y<y60-12gHt5P%hnUZa&HpsyGq-5kzH?fl`3zx@f}R#;W1j?R~c$5VY~1
zn2e3+-wyys9(FXtdbj6eu`4O~hwa>49z+s+D7Z(xwp=X?uoV%&470Vh+(-(d!<}>1
z<g&8K3bayBlL6l$Ran%95^mFRAC!Q%t#ja#d1}KEr*DU*c10Q%5th_#Bx`z^<uJ!I
zn{#)7Na=?}W9hNbu)pRtxf%Iu#Ldmcn9YuLU^<Zza>^`qzm;!Y>|?X4ZRP7B%#R`^
zl`pl1pz#NoK4QIk+{et{Tdl=1<nR@y5ocR#K}$I0MMS@qWI(n2Dpf?1YBiKiswxKF
z6&4`ODq(W1n4im24N9fS;cCtoDwt7ntcrpJ4+@wf1x5H&!sQ*K-Apx?C=kM<pd4?<
z%7Kz^Y8V8bd}s}A&(458BmHO|>#oz!#)(z5V#8_In5u~EU~EN2E*x~LlpBbqM8PMW
zyef%;Epm0BkY(aEG!g@Gxzo;p2T{zLxkZUBfCK$%<S{0?f^9<sQZJyj3j*qRP{HbL
z_Zlt?a`WOTmGuOGMfe}Wi+EIA-@>CP+}hlz%!6^i54MXzVn^_ymW9ui6<2E500B4U
z@2Q5pkNb?i3FV>wbi(@&?lW5UUuBQ;rW4wq_X)4TeDpugo~iFg_X%~;boT!MI+$N#
z`T73<O550foiKY3?lS|ybn-vWm@+@QOgM!55A&*I*SqB(g%J7J{{T9&Gi+?f?p?`<
zv~m57{{Zf;+V$Guzif{G0B(G#05U3%`9c15-gQSm%WJBxR8{<N_o@8rsM5#nr=(AM
zW4O!Uzkl<mq&>&?ImhK+u>Sx$emHy69om1=zhVA$KNMNnQXSrZ(w|}eb(_-~{MD-u
zGb<(74w|A^yS2a<HXP3rUT@f)eRDfn^mJa%%Z+3ioz4cy5a7rpR4TGF-_>>~#cge>
ztT>wZTmIhH#C?5#T79wPcO>X!IG!bzDHb$^gA&0(>p!RRjW*Q$`{Hod;n(fNpSpKx
z)V@41i28ys@)9oA;cJd{*Iv(!uRp_{+Wj!+_g64K%BaYmCEYnvHYbSVbM3C0XFT|4
zZ{fh3zs^+~_P~>f+Q((QO~voWO7%@#y_BBomdm&-dw5%0ljW^%)sJL9xaT&D8gJl1
z2anrKE<$B@MpSbWDmef-xLtT_dSNqN2~vD)c6_S_9}6$Q-T++QlU23L{_Ms^P@==(
zz3*2MJ(M?g%MJ#_7Z<gdpT?#W+O%TjW=|(f2+8ujzT49aDjC^X*p3!R&~CX=so-s{
zqLwGKKlfa%Y=}tZW2fItE>=OGn=^%uG-6KMSn>O5f?9@5MV;g}c?lO))pXO2z7$q`
zi8l?TYzb>9<am;3i9v}x#0ZygBJFNN&W0Th*_RePi5z0WL$Y$;2t2H9dudh^XQb`$
z2V$GIFeH|?mTne4S31(x;+*`0m5v}uL@JC@S!{HXM-R73h2^UrWte{A^mJ3S3+t_g
z`P+?i%UE)9B+NMf04t7FvNscvl0FfjQU^QfTa%o#Zx~&M;ygvgnXS^b?%SB?4Yv*e
z9yKw`Q^ziRFPWE_6r_={izzp>gUgkxanB3j$|7gQlIlS&kIB~hHsft-%9wg?&ycTz
z6<>R+5d5ro*Qck$=l<0G?Pbr6b$O8{f(F;)KoGSR5^chuiQH-`3^nIP$|j=33oS;X
z1bAsta;?3!8dTL40xAd*QBWeFT<SF9f(>QVUzHY%ngZtE!iZyCL7)cfjd*gP3me<R
z#;O2EyYQw=86%kcC?a;TzNgthjCc4>gMc&zm|L9)F4o|EloBk!S%<!;19+W0C>S~t
z4FV^^sx4Lq*0}Ma<11Hffdc+jWm^^tUt0@{fybR(uCW&&J-_2x%Xz}Po7j6Omv5w5
z_13GMM{(msCf43H5NmBk=pF7XG@t<>9YxO(Lm-pmYACq}hO|Mag#rHn28)DCsPjHl
z%HabeA0TL%N;E9PO4hS1?QrVh;cl_pUad5FcHQ2?!Hq!XYqX3yXf_Kdw~(r^7GcNn
zy+IA*n5u+jw>lywWvCZbXl2sC?Kyc$lGsO%ct}Xs*tflSzi0RQ`m-(m-%n@j{+|7u
z_@8e6eg<9#WQ_L0Bc5p`k0&N(3Xm*umt!u_cDB}1yl;C7{P$<=UhVU@kBI#j>;9zb
z>*LSc#beI!!taJ&c2{D#QZQKMV!!U&yK6AA4tkn)>6<hE0O_23#y+Opmql)y0ki^v
zm0d^#5-vkupM@-*z8vjal)bwG7zDC!kw0=|a4)%lvV{N@3P--3dEW8Cw2{Qm$eK57
znXzLK$_jwj4JC#4y8L^KSF>3x^_9ZhUS4-G0>0pdV?1mKUp=7k@UL8s7@2iDemRv?
zgA!bB3Oz>STat9GU_w0J+l9JF!Jc*}i(CSD+d+C^Ga`r2j9^2$K`BNoV+Df(4xGFw
zW-(^>ADFjKaE(DMtbXrcsgm-q10xz7=;oa_#yG9?_R=Guo!c57>T)87Za&c%QQ^ml
z^QueB6Xn0n%O*HwSsvmp79`w?nOha*<V}?*5{{cjc93*o?Y%7)HX?}@IF03f7j=S>
z!s4NRn{rz#0w^QvqRV5oBDKZzyAh>E{42!4&Yem@3AOIdw+q1PTZLGd$v<Xh*s#hb
zkl%5((P7}k`l?eFv<}(a;fRPB+Q7Em2rM{jW6xTrsrKwiWoA?fxqcxckO>CQ@7G!+
zb(Px$r0Ne@Vhhq^#1m`y=}hHug_aS@3xNA>_rJu<H#VNyMzMuhoyDGK%8-$c@^qw*
z`mV(w73Zs0J22ek%*@Y;a4?Pxg$vC#@<7~nwSm*f)}^^)X&1z>M9Tyv7I1g(el2}V
zA1`HYC2Pu4@=-|)s~nNoql3Fog@(VE&Xps9)pwLdl-{!B8CKROijm+A4lB@hp5X91
z&yq^wkQZ&W01!7{nXbKi;phF1uW9_f8W<&wWR6YowyMI!8udrbvd<<}JazM`gjIZM
zDg*(}pn)|63z~{c)R65&EO^;LC)=e<aMYPzy}P+PqAn!m-{Dak5`OCEdvyDbldEs4
zt0MzG3-z(3j03cmjexl2ds>?I>wH*k*R=C18y^l;woqew%SaPZVg{o~nu4-LMTqWO
z@u;pYoc;BOVb0@)0^}%w5Jia8P#kY#V?b{5x#vYNb-DK%Al^56h5Tq9<-PAz9-kW;
z0D;6_^Z-219|1raINw7+TpJ5t@2br)BJu<5qTwJ14Z0r+rT~SSz!0F`*EC;Mdy27J
z@Z(b=)tQL}c=%SbWnwu55`A20TGpkJIx`K2fC7zgx6%epZU(2{S1w2&8{E_YAetsf
zlg89c4dVQ0rVqM?0nl;dLj`eT;p0(DaPgu-G7cPQsFF^k&=#PYM8>x@V(o_fJZrUg
z(?_3e^7J@3;9E-cNaX8800P3Q#lC0npsnwFeiRk$)`*EkxYG16TNi*79Te?&ScMxr
zv~pZGK^J+m4a<8Q0Bhs^&;Cyq%_e`B)ad^J$MH7bkKwj#+4`}zCO8`k!rRn4bl+9<
zsNA<40I!9$yK}XDT;mc>6n$%#oH6ilBUuz>WD?+6RFzngAu5a6v;<u69yhIip8DHw
z)6v^))=%Zm?l@4jv7ge=q;No<pn_=}my|~0J=?a8ngM?vHM!gC=6vPLvQG@1#w6{r
zL5Y;4_XoUerQ_VAYO)tt*eET|`qp*p-+%4mIqf}ozFh45w$Gj%!;5LsB9D`_v_eHC
zuGSj0g@EDXUf!;}Pg!v?=f2tH$CfdhF`1>2irHBY<!f^1$G}&sudZtzeXX^hy~_kR
zVgLb>R<*ZWg&LFXCb!CMj5zG294vBN?Fa3xS2e;MACx<T9F9$UD*4i^tQz};{k0MW
z3RIg}PM-Rr$g!o6?NMvr)xdb(qR4|IC4(DlsHI0+v|`DTI!OR{qKuBL+7qDT$Wqp{
zhVgd!A0sMz=1VM%u_GX9d+zZZDmPGru=h;A-k0`~bW<s_ZT|pIZ7pVNTJk$CEE`rP
zY@C~ewSg;Z*qaVQsDonVV8=P?lDjP7n`Z9-6}&l91<Y&hxKZRLIk_7K<&+;;+<0s7
z?cu_UCS3^N2P>q~I)>dMD*pgX+WK7TZE<>%t=6|LGDiq|DqP;+Yp)OCS+@%uoQ#Pd
zxFW|G=)@i{=hS2)Qro#$)Y2~HDG9#z3Hh4hz+B$`71AYUXwxP*S_uk;lIm1y&0%KN
z+H<2mS=YCt_cIeF;MSOcKo@nh4q9$ni;uTgE*mOFu_fcN)Tj$<wZI?FlKq!orzUmD
zjx~xQ`w}Qk%xo38n|a$xvy|Fk`@|v)MUbj>*li}@ZNCk^G%tq;cO2W<<RlI%+JpAh
zm5SHfJJx0ti_&9j{{T&iDtPHy*Lxg$I;P%U%LBdR<p7g^)8wE1mO7m{gI=9`C3w3!
zF0K2lZ(DI&kBga=ykkQ1beDXa7W-Gk);8X2=DKU9+jyC2!TNK*=g1Qm0(T^fu|ldh
zaJw~ya_s$%y=HFF)35dWHu0@@V)`2j31wXF;ntEOvGg%ju4Q9uZej5G*UsPn04JIK
zXZ&9MKk?K4>;C`;VlLT%+wmih0Z|{(^EoAdc&_8QlSgBAQD8K$o!k36_FV0M+3f4+
z*Ga_XrCsr|GUXDqvC0gKE094_r$*dtEO~rdajrXOY;f%5zDIG$&N(>Di;IZ~z8qm+
z)Z9q1+BYD$H#~S(X*I?#oAS>#<~+Z4!@gQ#;$R65R4FP<6pf6>aV3*W5pia)y?qX@
z`zCGh@%Hq~c#ISFY-qC%2loh<Ia7N_Ali&=eTd+-+sJ`ljel!1IN|6202>z><)Hl)
z-$ZErHEys69TM!)Twg^4LFR2q`<-_AU-5StA4GSYS)ok6lmb==9h_|j*Vou9Gxs#U
z7yMnPmtzy@p4W|-G20kqlnA*qWENPsU72>@ZsTpW=HK>qzc_c-^|hB5mes(*K-lp?
zf+ic26&fYqA|TvkYwms{)8(nGer>PYw9{W0in?9*sk{4T4_{{An%Fkp-yQmPzx#hz
zI(zH)PfMQ>@xpYs-CsrF8;Ipq2Lt6%a7RIYBgTPyDxg;c9V#i`h~v(x0CXeos0}Ts
zI`gUxq-#MS&CiVj8*i^VARu39phwfgl@J%P@v1Bnk#)EVMU67j=$S$b+T>^|x2rUS
zbz4mdsKxS2Cel19l!>(0Add@G%AyT2i7bS0KW#E4yc4g!stqr13Lrc@Xr;JcPJCzp
z!->DLfZo3PEJV52z|=w)_L>O@*z&DSS+@%o4;tLji@M~8%C|IU-KHont#sE{J6#-D
zEo$o{m9EYz00xz_Eow!rdwVFP(%XsBf<0@CQ3c8VW}=u|bJnSb>`XQ2iHn5Dat0!u
z2H;Pri3D5IUoZFn0B-61HS_ZNU!(eyY45lDI@o!zU_}FW2n+o8Q+(MQ?7M)z+W~#r
z*jMKE{?^Ix`(Dx~2*N~%CmeM8(jS(`M%&fc4;42z;(e9p?AqIcYdoowKOd<MGh-D@
zRvB}KH!9^wU=(~--*OwmuD;UN=VmxlH+zn3NwTBIl1}3CtP3{fRaA*=rC7b~s*8bT
zv9A3cQs3=!{3pN8IeEXSJGXAc?sH)X*C#I=m``w#5ZtRXv5f#LZ&r*+Hnr>PboFLS
zd|!u~v$q$IKW`)3`_o4Q;K<{o(ryu*EXlYjxbkjw>h+n+%kRc3D|g<U@|bQTb=p*)
z&NMAmk8WJavSglSl2-LG)4+QNx|I+cfh22Ubn>F(lV@!e#(;72y%LjvMf?Y{<oM9Z
zq%zAgq7Cfckf%*}QF7|y_BSfYla{cXUPzSgZKwWIYME=-hPdPHFl}61Q<nQkGPosr
zm(bYyb>mUFCKuxT#JR1BJnN4Mk9y+}71*fb>CkZdD%K?|2{Djv!0D-AOpI4?x#U11
z)vOY_3}xDdWG!+@>T7%P7B&EQR9_`2beDT5+E@mAXtx)+KJN<7+gA0~Fuc&`W(dq}
zk&OrS9YvRZwzju67poZC7Vy6t8y!*RMR?aE;#*j#@fRMQebs7X5r@6^2970IZkb5n
zx*v+eTOSIGc3lo;PjSJF$mTJ)fT^b4hT{70<x^b?zGGZ5gqcqN08u574j!U7>CTsi
z_2tORn9JOs1x3*u764yzk+@&YTT0Y(+smhf>d`+|%OWzD+xkYAA8!g-mbJKG3{QA~
zso5Js$PY5A*S?h@e}?3knHg3#D%S;?#@8IFw2978%8MB=W-q5ihGL}pKsx^bD(CHT
z>vfoLvIcK+bey1y74*j+B7D5hoph1QZhSd$<Gix8Yi~(Bc-RxARxsMVqbY~&vN{Ga
z-R__tD!433vU5y}1i=SMcC=>N_z-HO;q88m`j56^=X}4^IO0rpj3yZidq|`JuVZgt
z>LR#z@7e49X|G3I+dD_p_d(lmahJEn0z~q(^Q>$bFyuEAyV4D;FX3M%_iesz*1ekP
zu9N!1pS=G7Z|datEQR^m5Xp&-yOK0QJs{gwKAm;0di8tb9vb$?n#Bjy896u)JkrG#
zqh)Df+@I7?%CUzQEVtWx`0HIZ>5{SSnahWQ(j2((QI_o+&9pj(2zN6|)>R1B9-H&7
z{gPuiXIst_mp2nIoD#iM*$BdkPohZ}6tI+wF;il79(0=HnaA4uOK|37_gpMf2WQ32
zL{^nzIQZ+d@EutsmCoWAd2;ZrYo^!xSk2x}GCJ6;gV*hw@{qCUbS9BhL=Mno8ZO=Z
zcOM$K=NJC~WVenUAL>rznG=|qfsz?+R9V)=N2Le=fDa>H-kmWXUfr^<v;9-vF*4Jq
znArI7lOn~d$6!7kn}(IH&Yf)LGpA*rFIOkl`JK`UM{~nSlWz2!v1CUU9<gJv9zfc>
z)1qtt08M&tb=q?sxW1;t?me^ncW!Ns07EK77~bpwmiviqIB9y}dTzHj<+<B7n2C1m
zKGY@|1Vs6v!ov<q%Cen45qTYw{tPN@z3{s0JiP|~&(Qh5my2)z03YS|$=1IeySke{
z<HorE0B;VwV=si<YtPEQ%jSy`czdW2DXx@KvA37uM3m2f7Bm4oKErA*0r6fGOaMq9
zh@b_C)X)QlhW=bAi551u13&_&fVYhT()Z^~m@;pn9H?Ov6laMeoibn;ybhwMi|)OJ
z=#*TZJZMD1jd^l3DFxhZdlBPBD>%5fw2G*RVdFyvB^LfvTo{|mu2C)I(FL2vhEHKN
zaAhTrP8EGqCL-3as%3gYJS%fnF6)vXD(N+I_FS-YHMtq9k`Y%4mWZLP$jz<z@z@H}
zE%9gtRb9u~MMlE@bp%NQjElCGpt}<mY^;TW1=-HF7qI4i)z7!Kb?bJ%Bd=Fg-)XG*
zdIFud9Td+Xmo1r67z1>*3%7eWEjcLE*W|nVcHetv5&BNOeKnEB87uV%)EM2CMU(_{
zA&FSLg%;OR%1A(MYkAf?E$h<nJgolPNbGm%vLNm;vB^<#!XXG7V?d`xU^Ut}kUXo!
z)7Qo?`?~LOTt4ZQkpw0;h)W9st2D%)+bg-<uVy5HZz}YDKkYGGcDQo$yM{zq%EC2{
z-k9QTs;Z1Of$9Z@fE(JqT^(7!X}0!9lI|ITLc)3alitCQ-37-VGp4t%t*7wu+n+9G
zP9sKHi2+msq>;FbavbYy?7f9wR9)9UJhajvT~eabHA8oUDBV5uFbpuHfPhL#cS(qJ
z_s}5SNXO76-BOCa<8@!xbKk%Fecs<+@E$&#Ip^$HYp=c6I<fcqE-?Ox+L^I|+v(;|
z8gCVN4Eaj^0|EnF*^#LbCw#iHZ{wUOf3&g!I^EP|Uh<)`7Ia}8T+P9B?D0m^<_P)N
zHAvIDgr*{!^&v+Cdh3Pu?X@M;X75!ddp{;RA8fcWDu9pek}t(mvO6f0j6lreiJNF(
zwPwTOUg1s|(iE7m&H1r*G9ZN^gD`nnr7bGB{T`zAWP#4fmFK0Q6*zX-eK08qmoShy
z`iVobzsVjUh{EYDwVJ&2e$IFL&bx5OvNj6LiNQ!~2(%jaWsV!ps_LZcVNbtn8Y{H%
zbp$Q8(2}5}PL~~_9-EsI*Lory%6kh+so8l1j4Jn-9T7dPd-8HnXoy_xn8o4g`jRvQ
zbG1;@wsS3=_>K}Z?mSCrKtHaM2~<73OV~biK<94+XB>!W>L%RLNx8Px)j(Ue%&%j(
zYci%+S);n?X<9^^UX2xE%>qV@x~Gt2JmfnEr@Om9Z!CLlw8Z0^kxkRE9?n0?5;8>6
z2g8Hu$3CY`1^9_nPo}NicBib^WJ!J_ejj_9>)3itukb|Zd?sq?<9xhld2^0~ZCjZ5
ziNWF=)aB_=!ghf)Iwj1oy@8cB05{$Zy6*mpx?f)gOmk8Nx~xcFJ)CT@=_it8Od^M~
zKwzvHXG;n<Q6d+gGo3#?Gkee`zr9qY=+c?6{Q|K+yb|FYV)&>~;B5h4XQ20S2d*A_
z(ZyL053N$IXJD~ZUoi*ba&ETmqULjNbe|LTWeR<G{QyJ0xX!#Qc|YQ_>CbNU<5r3B
z`|;rK_>7jltRfu5ktfeySUgs?^Y8C>05Jf!ewt;OR{R=UotCJ7^YWo@<RE4rj~PuI
z)go~67r@Y18j_;7(E5^g)l9^df8+4Rzxv!ICxvqq9UJYPGKCQ10aX)JqJa+OwFq&o
z?@o$;(bt-F@DAzg1&t9SQxZtcblt#AT+{d*&&iE7d&RKd*XC<l!J)VDqGnjg_DDTx
z38N66!Gu{g)@$vx(H`HTRIszLIA;h#qHtAT`qjpiM7EXNBru%TG>Eo!VRKk{J<WM^
zFxgeP{%b|+YR8V~aYj^HTuOZPhWNwepp;6AJwPOOO{@?hopg2O3sk(@)AI#La00rV
zKvxY%>U@z$`;@cC?(B}p3dc*(WA9@kq2bU$n|Zbe$Z&!^GjRy$pw!KH?aa9G>Su5q
zvsg|7xMV5goqstZ>S`KE!8$vPLgXm&4YB4~@^!}Sr)3ZW?GaY?G(Aa;7yn*Kv@vU9
zJUn&cG!mVnR`VOMn9;5$^>JbDzyx-1(tgy^fXogq&2CstxPj5!N!oJrINtHFO7zXO
zk>O=J)=;OwG8LX!I_Bts>MPg*^d2RT%NQuzq@Am=S1xq1Lp7iQH0Xz|QknR8H?-bg
zd3#^x0sOzCd1AiPb%~b>6%7k|qgZ6|u0I&lsB_QvyiKQzDgAC=0XOT%yB1ktn)kRP
zuX+zZX;>8OEMAm^Md*??)T5$&>c;U`D>y3Zl`QGy*&a55flZ}CHWB2Gj$`_HlDbW#
zl?Dd}wlk$vrSFHf!gN)e1<y-{P3&=KN`v=1jiWHTX<dHUS6v^-%U9>FJ@c~By-A%n
z@0s;nR7tNjc7B?o)ZvxtD~YLwe049qSeaCvs#1gOYFeZg;>CczfwlOzc(t!y`b){o
z&4{9A0TwnG%+^<Z6XZCkG&#@Jq1)1+8J;r=ac=e{2jQ2V71xvZnP&nuwd(`PoR(4C
zf*A@~vWm0wy<r#^qz|f3D|rHJt+ORfo9lZKJnCrzqMJ6`!;^83t~{Nrio$IGkM^)v
zNkq@v{BG+S4k8iGK0Yk0331t=3x4H^+7{+eW6}prG(=41vJR04KlwzqcYG_HYF<pF
zUiaWGU=6e*4IV@Nx!d>{px2{dC;UNC&9D*2o)flC?E2B0^NI!d_rkbvZ2nJ!v1+`m
z55DdLw))L!xOv~ht$X>)c>BqsN|w+UZ?ov^lcxn@T!{SAWKBrPjpM{Q*=ylR-cy!L
zW_4_u6<1t6=ZIj{*>bgP&hrWo9p9$O-GfU|?qbuNk!lNA94Irtsms4zog{~aUns4z
z2<zOnSDsnIr0-zE?hSq)&t&|lydjZ!@nA$}OpSMN`Iqg3wIIW{WBChIAytg@c{eMi
zz~Klkd1K?EKCu$0m@e!^6e=Xqp4cKa&7ehpY~z_Y;m4vE`A;G7DCfjQ3R|>^Ihjv4
zub4iSq;j^eC%jFgZxU2VgtfPDbLy(!nB{}Y{Kd=WBH*p%(4tW{!QX&rLB147{Z)}R
zS@>parJKTN!|F?hZo}b<X8-1xA94IuAa(#FUQ}U9$f{`Su>O9ARkISYOYWC<0)OTK
zS7tYj>@fIcFJ!-#cQMhc(G&CqW(uB{*))|#Eo<*!@~34xSkyxHCDgH6gUhumGHbsO
zZn93{Yf_Oga}aX{yyt-QZ5~x5jf<>vrZGIC8!0J!u-C(_ki1s?w8vOA4Z=V-;={i^
zvMRz?Hikw6y*w{h<c69i;5x59J}Snr$B>2kL&TKSVH~`8V^bj%SZXT1rqD{<^m;@n
zhZIOp;@Kg9lkOR#N&Wb`u?u27OZ;cpSq8Q8?trr&OrO&RU%c3LK1pNz_F+fCFLLG|
z_)SmJSh5Ut=OdixG!;LxPvj}kdX~PYSLZ6oJI1(~x#9gNf=;JB{hb$*C`!zYhFI71
zs4m24va=Y2TV!8rUoAarv;jd==-kUr$`;*P`)9?3rs*U04WjjojuNP)2mO*2g&Klo
z_t#F>0Gs9lZ^|z>{O-j@3s&^juEk$8j2Lc_DBx0A1<5H&$L{9N+HsPh!L{~0`Y4S#
zG8f}HIXOS}_k7&m{M<QU?G|<(&xw)pJ#N$+cdx$1P@vaVh0VllVllh%8@NFSf4P0*
zf$MlrG~q@ZA12;GbIVCbS>yRODrB(~VMTy-^ut-I96!GoHv25EX{qo|JmR#kX<iK%
zSBQGr+KmNl?0F=FK5gz^uJsi(lxPOUstF_{u&}ZtmT+@Lv}+bk&MKP0rqw3b$s_$}
zzfwj#Ov2923NZz!&I(q_ybLm!tXh1698bgwL#6utnoUc0Z&RK!d-}M3jsp2LQ$`N5
zJb#l4;$+dK6cVa1{?#8gn<?H*pRgxxVzMQo_0T$s>Z7|@qB8)y?Klskw-rL4IXgx(
zg_^8DWFz5^iMF(WA?UgZ=qeg%d5RR!2wJEbAt%(tW6_R#PA!t<+_d&bfN?(2=y%kj
zZVzOK=SuLMzeLKMM{#CtOz`(qzwVT`7nOOZXfA@1`|RSvnxxD5fz^UqZT)yOjF^Fb
z&nzgW?Zrp&sR#ys@F*~Dp+A_*Bo2OiFn*l-#FLI2T26`K!~Da)S>p>DG+@&RJ9qJ2
z0Q4amV|jmX_kwgxvEOe%rY5m+eP=GU1q|*w04GQ92-?)4v;h7P{)$;VefNq7_d^i0
zJCuNDQ%^u0W@O{IiVC?sLtYd?rnhA^Q&itXh2Y`~GLGZ_8uqZ<lKoP3mb%`tUpJ|k
zX3sSryC{YB0z*5lLb&SHH%6a5ZJ<6k8;2kN{YKVw1P<(;A5VMf3&Sc`osAUK9RA>E
zvh*6-_0$TL@DER?Xi~wY{?6Y3n!fux2Z8$T*WZuod!kD`M_$gocdO;s6iAJWVL0H)
zn~z$=OUU<=LZW~X%~lTz?;rEj-<jv5UWMCHkqG_7rM!-p>#A>+5(Ju5dtRQKl#t3i
zC&mb5Mqz{R6|73q`-0Mb<X?7xBO1Nx6*AMwtW8p6_MhA+wnPQe#G}A+PmY?$#4BH!
zd7fYSUp#4fBc9Dcl7Oh;)a)z^)#xD?1uY9_3P(Y{9k9*a{&+34*&mAjkk?p%(N3Mi
zicyM(N=P5to>bq6-eHIP-C@pkeF(gr&C+x=9tRGOj1YACBKRi5^jPTm@}SRNS6ilp
z_k|DGe@8g_jjCubn<8`HV?|QQK)&`<5jaJqKB7B>(^_jv8FQ<ZH)?WhU)m0QTC9~b
z?=y4iqnjp4$Yvjpc0oWB93^u}BvHb3J)L3QlQbGHxw+)#L@~~H8G%W84lJv+aqPc)
zeZssoM3QI<_zr`RY8YoF4g!C8F&*8fGh~T-k50#$S~F#*>~M6t74y%s+QRZ(EzNZz
z&*Qv@_Ucw+A4lz~gY!~1p1&~?yib<3o~CaJMmVa2A?ecz_~F7SY)`sFOIcx4eod5)
zuN5-PgxZ`HxqOaM{&6+&RZpmPc`O51y6Pd6Lq8ejSX0x`w9d&*TLrIH&vFNiePK2u
zK`h>$2y@R<l||fBM)+j>x^4YzZ#VA||KLp4p;u%57h?cmE~+%^s@b75ZduI9hkl+t
zs;87g$psW|9F7QYgXjsxIdkKCr&a|DDfji3m(LI$`8YzvoMzKE8o)2Y!zF(`_@riH
z9D}==k@C7-j{D1`xhxj5_Sp4u|IC%X3WO3@C^nq44Bv4C#8*|_kVkK@XWXLPUtS{6
z666D7ywB6p$yV<dur$c9nS_MA2v%Y8R;vMRfwUn<nDfT51&G8|lM&FyM|-BE&$|1}
zpa?4*7DuSQsmr#y*f>59m6(zAd!w!T!8XSiv!0Fbo*48U(JyRT06C!Drv1yW_vp%>
zxxJ{}EHiqTqAPyIVAA-(FKu1?<F3oa6Dzr7>9Xu%9pjkl;^5)op|$w6%--m{18`Tg
z{?Kz;XU&G|8|}WZxmX*UWEu3X_T)<fN;M)WebLeo#iVBZ7THi1I4WQ^`(uvvq)8?^
zJNP3HGgkgs*tIU>;79ANzVXJ-w9s`A@EgB<ZsX53nxcJVo1a*GA8W8|&;i%;C24L&
z3jL(+B7L0pbw1G%jNUjtDDyd=y&Dhxd?;o3b46>-rXOE(oXJ9uA6dZ4znqpDQN=K(
z`)#$5t{^k}F%g{Nl|z>H;?~OTBc++qeR{9pr5Azd#Pto;W(<oL3)UlEBdvbL-NKpU
zf@{mPL=8C!k8wGU^$F#E%`W#(Z7gQO^u`Ud)6)l?CF74LH!5WOsuPkpI9*k%<%{WD
z<LaDe0)2^Q$_2-SdrYg(2UnOnsZ}dO#Z$e{ir)d)Q*D=9AkXFJTbz8N9KRpAZbxmQ
zKHjuvca0|yihK15OSCk?KByheBNY!g@c4IuOR(3OZ3$Aoa_Zi9Np6)MJ;$tI8T6}j
zBVfGjk)`D%Q=XN7Kw((@s{=bpJv9!&`&v9KNf?N`by*J2swwI7qEhi&CfYQ=TiuN1
z#*a@6M9N1O;jH}Mos3b)MmfWHM-~rcCn?y`&&(eg{*3F;x)teYxvUJHX&=p0ZYM}S
za9-#R*e>&R&3a{gc>Bz9IMd(my?In|;uq9I%`Tujb@Hu#)p}tRrc4_di6!_jm&*9!
ztLwIoQeOyxVNeGRBWlqvJ7&%)fi%)Z^7EAjuMfrvY7rCWD@mNQ+^w{m7zRNuu5Qh~
zOL-Z}Y2V#&3hY4Em;hY%8fR#KU+j<xhm%fn38zM1nN?-9fa~i$pzUFsj<>!FUBz%5
zmb0RMu1lM}*}Lv2M*$<2ixM6M>=G_r1pC9F<D686J7x=HlCGNTndJW4Ls&+-bqK*I
zO9uN&b^GE0S38Rl#IrHWEP}Qc>%%RzU9rc6z8V9a;{HwB>aB_SLFv8+%71r9s(xGF
z_YMWVU4|3xPd}I}hhC&H5cyiw*dqeQ`co>o9aeFV5Ho4dHcR(7=;`(AXubAJQv<`i
z`XZeIm2n%sst`0>QC2#qtDLSc)SvELwZ1%Af-`p?9dItZ^z6r1RXZ4e34n{2`Wlvv
zx=oojG-jFW9h#>4OGU(7&{8(NxPQ4VcwA)cP?Kvv%zTG>?(~a3ULACn+Vkgb?@$>}
zmR!GYr+OVi7qKmkZKBqUR8KOt84domxT**3rX8fiL~_P;jaAYaZ)eX<S%PzLTLmZQ
z&MVzFQ}FGAGfxCaO~SJAjcE(vQLI5923w}vV~?zaNwGZk4thEq78+m-bkS=@%BtTZ
z*{ehC{S{?ZSk!`l1bZd*^|bii*F4bkVTpI3I_eMZ7RbOOsjtIOEwJKRp4H)tw1^uT
zQK4u?%BtTd#<mEqjed9%O&%woei&))I@dXyz|}<>b|&9-PMhD!Nc$$PxHx!F2EV#<
zJ#{Fa|Lv#^^QJ7PBn`8+YI*{7Y?MF7M1OKKiOB{3-jiG176z(KPZ_GDAnu2pJ3aKX
zb2Iv&YU^mfs_~5ED!$z>k@C#Xq9PvokD%h1qXM)pD=NW)#9k~5Prof@@-;;mJLGiK
zKa0VlQPQ%$Y?@r$MPs?#%hys^9&a4R7RW=}j3eW9*T6G<dneO$UY4XMe&L~KQp%zH
zf#TVhm7s8dRLBPV>-vh(H>qx}TkIwITVILvN(&bp$MpJGm7ph0i)`R}*e;72^sE%P
z?z~hUk!KO7`d;kt5aks0vYi4LK=&~_f&E9QXE(`bX=DQskzm8*@fBWJDtRMIt<BFi
zNJzJ84+$I+c3I;&EITTT+G}ekvlHhR4%VrvA|)9QNebuPEtPT$3`5g$;<;5Oo6aMt
zXWsJ<XWW885LLRoh1|+h4^=zztuc{-P(=0hoH{u9dn#RI+57&zBR#P}9JMptS8+gu
zXr7ncJJz@!@|7RSvXTsR63KaXj^DPd)l)czcGfaiI$s5&(5PsP`lC)<H3T6NUpQdz
zv&d9vTr+p#to&tI58Hx3?FGMdK1Ay%zwZilt6rjtfOK_LU~9WF%|U$J>Se4#Nd)uC
zzgFf)7tV{b+gQIUXFD&;L6-qhXuYf}<>qj9Y8*ydg;kc9d$i}AkwF|gLv8zEiX9CD
z{>DL@n=eG#KV7cQoyyM7-*4mMhmZ^|8R{YwrOZMW85s3LTfW0HDt|IW`SL~nY_o&>
zTE$h$K;qi4If^@rexQ*}5eqlXFC!?EuH;6V)4GP5T4#~jY<hu$&s{$U_e4s2>%Gje
zW(t)4@)flG*p6nUE&WD4|HirhXv4&F__$^ppP8&#bxXwt1EwAq{&i(%0~J<)8`x*`
zeG`~$c0_1q+1uU6cXdW0g<u5R*J(M?hx_iTOwU~QjGm9zAs*wlMEywXR}o<OK=oBf
zX?sP1kEHQV_IL>a0$XsPJi|=RP~nywl3Q061XH@A?lf#nGno5S{H4ez7NV~jCuhsl
zf9XSEZ^KC@Qh8pI4w7<ycyTUnK~Oo3FSr9JLk4Hj1k`j4{06u#wY^HcjY-{8YDPAD
zwKcjS+G|h7DCZ*ENj&K4#5s;7Ef4zDG#F(z`+|M|bG#Y?muR>FoLDy>nB|~F#Fk)J
z1t4ec&nRL6Lgrsj$KKM0*B7Bx1kT@{etI`eOn^@DtuHjl?ZGb(t;}O5rK+#Y3Wwh5
zAtVf_32$61%l;HmK-C&y>mKEoqKbGCotcNf$crCw=yCj+`mA?*(pKM8N@+8I3I_lz
z$*pGrx^X!&Um6uPQTEkE#5qR9Is$XKv_uYM9D{RvF0Z0>bP`FWHPjdYjt+6tUk<4k
zw4gS-6<@ciX8XVRxqmYwLIH^keE&W!QmL=MchdGP)DGt{Ee`IBL@azyLu<=@i`66<
zB)9-^t&f_~hFl?zkQ8T^cgs?hl_r}*m4$hs?K?XIO!1OPbXexyTTmhgpgP0~yHK4-
z0+PJA%s0+scQ6iZI%BYFyN+ya-<ISyA?5tcW)i+47&T*M5dg(4Yf+9KexuaY)(l}?
zJ6v3@HWS*%y7jv~9b%*kjt4~&X_@VA#e^lXXq$d-iebB;B>WBd8lYjju|6KYP?h}h
zdn&y-BL{V}nBq#pPZHwJD0k@MDf!NQrp-6Vy;<e-;>~P;UF%(TN2Sx9zuPRyQ<t%2
z9#!dhI^Ec3G4u;+QNr1H7vkdnQk6o;o9v5UX3@vPW#dRxYp-AUw0)Yj=1QF$g*Ob>
z)f`#OwS6_!G3xq$+58)zr(Sz{3SCb7S>s7H#9CXyqK?trPnV4T)LLxFI6}Y|QV9J<
z65YD)N8e3-;f8O?$f?5Tip%4I_6>nF-C7@8F{vzZ`z%tW^2kghhYt`)_B!y#zWidX
zf|SS5pdlH$G)V?`hOt}=(r8$`!TRc>pPzNKNxq>F#0_l^DNXs|K(mYiq-5VEJFu+i
z@!$YDYUQuEIaHiRS?O`iZ)nk@8<rU-n5>5(i<rG5a5Q>Rw^i_>Cdn||?g75yl8lfj
zUKRylWts!Bsd9c+FjXhg1ZqAPI?FSb*HmgsO7ZQ=N_JLWVz;B?7U1958e%&cje1%@
z$%Md*>S1e+7FstNe$1VqxQwMhFsbwKNvFof#&Fl2E6Q6IzaJ2y6ULDEDJXgIvw5sI
z+WKZb|LeRH1_m9Cg@R<^xymQQ)zj|*kT<Nea6RS82A>ZNZ`B_FoH@RzNCIY^=V7Gh
z{O7p_Eb)f8Nn(26951G`{Dl2yGCj7TaN|~wat8k6`nR=r&Rmd6ZrwS;H$!4MB%XV*
z1SMm5pTw0J;(ZSCje0-wS$cYUPreALG5X<$gSgc};1!ygKKdbNt*j^b)%k0t@Q;Jw
zrb@k9;uUg!7UP(b?jDl9pjUie?O*nu!oqN*p-1G_T!t8oSc6S*%DxA^P)(CGSr%*X
z%g%?`YuKNZ*I_j+N(2SoZst79Pw9mgVQ@rTx#}irCj9tCRNq#X=oz9tGI6|SD7}(I
zZ)%3>D&@Ng##pXFf{|Db;9X~?|K$J+_XFlDns^bTh;z2g<v=&}N*8Za6x3-cp6hoV
ziWl;6Zv|}tyd6E_jw|ZkhL47sp$5a`jAb9uqsiSwsSGAIhhFd3j6)})I?KnBz*_#r
z1L;(G%4-yhN7MR%w-4Gsitig)s*qYA@hgvodG;aJ+9|}J1C8O`rAW#AV^ox%ZT8K^
z_@`R;4;6O@UF)joxB(UPZK5aJHq93d*LXiG7y0=te(f&UF=>N2RY<|b%p*?RD>!QU
z5wMAxRg-}8BPlDt?b_yh<Hv*j3=~$|Ut$Bm^q+4HhB4fhO*f$-^_ilasEOe#81k}%
zl1PBTVbbqSc--~JcOUc0<YE+r_-f9?N9`aVtxzT?eSYEbwErmolO$I?xwJ-ECN?E^
z<k=BclKUFhrePa=2O(4`khXg9Rz;G{y_zaBuzx79XY4NOJt?=750S@fk4f*^U(Uub
zzo7#2qP)T5)CD;{mz=ajn`flsw`IEn8Pe*U&R8ll;kE+WNFg4>`&E`7mA?TLutVS1
zv{$_~t0AM=C`88<#N2Pd<<Tv7Kxpsv9@yOGqLcZTVwiQb(T9gPtOlp2WZJAQ9Y|@^
zlq#(T1uOFY86jo!4|QVaugF*I&oL^c*jdq<;!$s2XxO=dMvJE<M4A`qLB^^<r3OnT
zk3~O$vR2&Xy$H?y9~eg+3THRRo~B0fqybTJUL2M3ofX-))KDK`PV2Rrm3vFcAqMcF
zUSnd27V``phlWWYnl2?<J5bZDh~X~xOIL~f?DcF2#q+1piM$;QB5ZM1;c6|rB^<OT
zz~ohua$v)TC>L_QFT}7VM7lp(g0vHKRe#tVW8-(<ac*>WfLdVuwAOqA`RgFmxN7Yx
zgoV#eM3Jvai?6HmjLv&50_7obE(VqGNF7Jc-K~CRTbccawIqgc@1Fk(9_ACvOPH=M
zDJ|x3gIbX}pI^_7WWGKc?Ouh3iC0Gtq|q-8(%22oMldk91U{Ws0r88!3%;y>_2aDa
zOSFKIn7*eRh}m*8CU#(7iH#fid@;0uI@SE^O6koz^}36U;fcGJaVJ0hm|xS&i92e`
zc_xM-gRgN1Zb`orUQmBG<FgV1mLhK@3h~W4)ZESu(`t6MRbq)*IY;Ypu(UfNZ`8(G
z4upM#kig14v-RcXTF>^S658hRh{&f+hAat1y12wjJ@oI0aK9}VATrL9o5eg+W&@T(
zr`uD00~jo>V+te-x`*usjwK33&Ev*`GFhsm&4`V?I=9olR*DtReqUd0-?N$Pjrm;p
z0?B{hZkiDu`hk!Eb5kU7khXOqY&rylCG(__fWTkHv(Iz=ydmCI#QwuWQ*Z>w^Ce;w
zB<^}5g@$L@YXCQ4>t)$qc38uGt+fp4CR+9T8rm*m^f?q<91QP=`fI3L_ouI#i+KYB
zVIHdNCBn2pT!>I^1|WZhxpvFYq})Rj`%5}b?*tSu)rV&8Rs5F>@=l@nZ7QkG=K36u
zw)=`hTDj+VKinKmXsJ;$Ix0r^FBMrfIO!_mVa&RDIfHY={IG&cvu@mH4ZH<jEbvoD
z+E*1p_c?_~+&nIT&>rB&47>G2YmJMcmmA==$~Umwn1+gWYUI!@B2)mjz_6UlC|o~I
zA!(PS(`(BglWwSLIOE(B*n$3BPrml0Q)5x=0Ophd1<Pa!46Z3s#%D8%FN^Qq>cYM7
zH1<)^Oc;h1PMyZ-IHBN~!UgX8t*uzB^pOGgC1}@@6Nljoy&Qajx_5BlNI+1fn=;MW
zx?$t#Qp#}DcLpadaf6(Ut`R3rnMSg>=+T%4u<A{LK6K((R|h`az5Ir(#Zqu~w)m?$
zYZaDh8}F!C;2hxHu-bHn%U%QGNjuwsx#<yknIHi5#MO6&$cwOI9gsb*X82;VtWy>_
zCEqGdb2d9upsh4NX+CM%@Rrl_<_)miuV955p6{nI(Ce&ll~V;kyFM`fKI(SW;{u20
z4S2YLlm%liz(#H@Mnz8gT8iH>Y3X@31WUT$?KgRgLAvUlbkb9qy2I=VZVzVa+N=$V
zIAuf$$z4Ku7*Zi6Su6{3o%nk_asCpQ3SKyJZr&N$o0?h%3&H)p18|^All<Mwsn6&#
z=RiDqD%6T8)vhz9C9J-U)`xf_7{)iY@^D*|)<znZYIIB)Uo1-$K2Uy>u{aLHLpJ}K
zfk7*pZtWcA0;BK!oXfd-A^HR!vAfOY#txrK#Rbm&d#^+I`5csrxnX<jFb<t8n$=-a
ziHap1SM9!NPtp69ef*IJ^2%KX7%-~Il0hn868|zP7txzp&x0gjgMMxA-MhV)2Vn_b
zgeBHs$?I^9h$78XRxdrwUs?*K{Rn+q1Wn5i2qGo#h(3b?KdiPTz$KoFUcQP6wXVOn
zV%d<@)2?ZaC*S9K<z`XzVD5s(%x2bkqt+|(XToGO3tbec*-qD{q9qin{n%huC?LyB
z^>Gmj=2>=LtDBn;KdK3A%44Nc702CeK4X?KgMv<(%U+#}3H@~2-j680D7|liHv8Km
zdhfiPZanG_Vk%Zmns@w9Z?&E4{gnbkGb^S0R&-R8Tl~ru<jq#2Fc@^uIz+LBkY*G=
ziZF(|#{!MbjWA4C(gCjGJY$#A-Urv3%Ff&UnY+w$O=r1J$~$PDgAQ&dNT9Pnp$aci
z!9|><{M}RGNDjpnkH%56hVnjcJ+4yMsAR5E%@3*d4(auv)v>w=ednYCeI5>7ipo_P
zzM=1`)jo^Uk7!TINow&e4XD#1vkUDXo>;-I^|P;dY<bGEfBps>o=l-Wf*+5gq9}CO
zR~;Rlw`4r^?ig{>qWP8Ker;mh*G_r(%j7q}Z~gn7)Z_cq;XZ#IU&JfQZ&-mmt;>jP
z^KVo3le0*Fj>1=!-4ac={&>}X*Y_QPd@w}uk8uX%QAZILUHM)5_lqB{CvM*zvJKyh
zl{AhA_MNvRRS^a=;`DwHs785=)Z10|8Xaz$U{RZ54`aSASj?;3-XqeRXxXUdGV||<
zTwe?j9*$U~6#Fr?sPu^H=`A1b^Y<!~{(al;DB6x7uS+NTsCUN^=WF*Sc2YXu7&dC2
z+V6EYxePU5g1D|}pO)GMb}UquzPgjDOgbK~zw_ypDDxuRGL%7~JN}5ECC(;Us4C)W
z_@z7P`+6Laz0tg?_&7h{<kzIDeE;Lhm<cT?rQW9Pm1T>=8&UuI;g<6^9Ge_>?Hws5
zH^Y~Yo#;QVdrd^@Fw|x0$+%O8zPbPMK#1sD(IyIfSls5?vtRg)Q<$gg3Nv+i3nDW6
zt^wI#3y8{8&>H)cj=YNRG@Aq7(H`x&UfxK}A(Nyu6K_B52EJ-413Tavzey)2=w3fB
zcfVO5ukKIzQ91hLH=r1%q=@RWlbefruL>{j0${n+wb&cAOmEof)oIybb;;wD{W~Hc
zLObRWV(2?h^0!b+*!j65XvrMfe%JA|3*{<CRKz{{InUrWi@9R3GRaWFJSoQWIO+2F
z8=A9*2Bbmiurc4d^KDZDve4$H(tqWb9)iJxn<nknDS4T-<4cR$ugW(`Qz<Bvx1(i>
zgOKW`4dFdQds+`A#kswMH?;N3{h1)3W`uKTn&^gqc)eMV`!TdW^fw?+GwoaQfHUv-
z3yd>^=S)y|&%UE#0}9~V+M432>CoH0*)!HGiVgPh=Vx8=TWO)g5d`6NE8oUFIwcop
zl-GiYt|<;4b@(jjEPrb;1JeC6+S$Kc-}947fzd(&*uR-&`nkM<y^^P2$wY`k5!=NS
zrSA&ozWW(DZ#sK8&_4j3sG0pp2_<?zOQRx{cQ59=^xEPE`na$BT!~-m_+IXwYZjW)
zRyj8NbGD*+bG<tNmRO6Q&AaUKRx<WBN@dE;Pt<kYlqGr0EI_e82S%}pD8kVmUUt-b
zqd_lOa#&yHOoN2MXx?%B252141cYXi8~vnf-6!`dwfo$&@{5AbF^|iO*7e&_u~uG6
z(=x<oCR`)K_N)P=gT>16exspEp-Fl(drghb?TE9YC|<vQb%gmRa7#22Ue1iOW)}X$
zt75dP+bc=6y08hQzr+1ANQ8N4RAs@j*^u7t?E@Wk91W%f%YBn72II1aZF;tEsKr8!
zOBsF`tz@=SmWe`t)^=nwypg=CaJ3d|_G=DE@!HR0?>RW3<(l~ofSy3!kd-Y-#{Cix
zD51nPmXE*s(f%cc^(_BT=#V|02RYU%RlAqHy}NtWfBIeF$EyKTOXgSiGY)R5=JtqU
z795Y((oz3fl%v_=CT@fm38BcBXrZIkwkm5C=Fys!Pt^1MG3W|={o_gB=)7I-Ql%CG
zK1JP^mil^h_?A0U?!g*<1$cOVLw@5n0pA4tUeHj(z{CaoYhwaTXHE737EouXe=^jM
zi;FuC)W+JulE(pRX=fwM?dW3nd;a%2fJ(vJ!4?2eQDFx>_`CF<pWlZ75_u0W#0P)|
zz(k#Mpf0Ur1lha0yNL4eIK#OutzlL+++Y}#$J^3{hmV_=2Ouux?P3Xr*tj!V+1NQa
zOE90bbTBhISW7VL1J!xeUF2-+9h6_Y*=WChsRMou0gG5OOGz?{dy9HQU7$AZmW<v|
zCug{*w*>QFm5ZW||6Jx_X8bFQJ4Aw6<_}dy19c5XIhdObBaj=!1?CgvXA~0Q<^%DH
z@C$M>^7HZu@$d@q@Ck77@`>_-L<K|`|K6BU)ZDCXMYZG=|E7gHlVJY4QC?nN++G6Q
zFgH6MJ`oWS9$tPPets@g4lcNlv%94?mouE@pBm(C;9xfg7k3AkGvl8cEv;Z4?h?!>
zPXE;esEfM#|5W_HN(&18)2_dA!`-!P{>{e!nj5a;<6^_3WdnzKxPfg@*;)Q6jFR2|
zozS0*C~ibwxjCRZ#nMS02KIp3IJ>LJOE3dv732hEWkA9*A|Mf2K^YM~pa@V-NKQ~l
zKtM)b7Whxu|15*5joaG6T2w|(7AVWl$Hxy;<m2O05RnlU5K$D8mlNR=5mXQn5&EaB
ziZk5Z(iv>?hu)vE4*xF8`+qGfD(7Zn=?-(#fx(>q>3I!%m^%z^4|8FZll#-t!i>-K
z9h|LUUhwCCy5?UkmA7$o@U*d3bb~<||B|h!!~enq2q<FB&kN$^;^ns$;Iak_@^M*N
z^PzSEU@H+Juz<CIkPY+S<*oliX8#(Ss4J*;xctM8sGv1SL<lHk%Vh%;0&$4|1%<gR
z`2{Sw_^kzbg+aW$V16r0W*!uaJb#AEe+-|0E}_QcpTqxA2Gq&_sFRH|N{8G~%JTaN
zp!{zU2ypWPgk@FKG5;ti06;{CW(2^XeWFB%4gjE|{{BjP@>d%1&-KUQ1BgLy9ziQX
z90RX|-^T#Lzmy4J-HFP9_8SR!55U90!Fhm#_uv5@G44ZLVp2jpJVH`(5)x7p5^^$P
z)Si@>jEst!hMJ0uk&%Ukk&%a+o0|vtKN}i8E-pR+J|R9nAt@mtAt@Ol5fLF74GGC3
z5)v9FN;1?&$wdE{hKA-bJu52{6Dunh7Y7&D|C9&*?gWrLK&QZ9#6V*Ppp&3skf8nU
z0d$~j5IP1L8rok?`D=%PiH44ajq?C?@vrUQDQM^zm{{1v05lAA3>4b@15B(xd2#;K
zK!V9cip8h-NG6V1i_FsXQ}qOYytWQGHf7MdteZfBAjJj?T=$FB+ew@nIq)ef5R~iw
z{$1^qymjIe5;Op+Vk~S-OiV0Hj6c-SNYI%`G59pK9%0H@#(mNza}8qVKV5&TBOAXV
z@MXd(m%N%q5bMkh{Cg3AkAWgjf<Xe10$gx#L9*6n(ZA6L;>K5%?OnHpz+I?V<I3|q
z1OW*VRsB{wKbN%Y4V?zI5<rS6Hq@CiMg-gLh9!nQ8#i1d&fZ)uMT~;=qdDCvpywyX
z+F$*+d5PgY{0I;bEI<&HZC$FoQWte>RbA+C{W^2YQ}4yb`14(aMb4s$4?y3v%#hmX
z%yteN8`xB=g-tZt8mG!3MdYVKm~{5Ib?ZaJIgS#G0f4EZQ04O*s(cn-J!9)tCsPlu
zw7hY*9|4<0Vdf^a#-zNA5`Cc)M(U`=B#^40o~()dok&O?7q^7oOpAWLU7z`bP~d%o
zw9&J#Oy1k&>ex@4i~ZEff09%VLb!S_&zeVjM@f2)V_8X;jDvQM^kT1;KTY=5f>s}S
z?zJ<mRUA1x9b4BoTYm61F}h-qEr?KUOP)bM@tufV!RD-y7TmN->Yc^y%rha?WhRdJ
zmQnG^A%aIkeIY_Z?h~dp;VDL}BvS8p4LRQ3L=PBUw-9E&X5n!uCW+`xUYe7CF{0o$
zcFlhBvZXfqxgA6vKKK5rt&(sUK|z`uJ?mo+wsZmZIPD&>o<sG4LM=5&*_%kB$ibgg
zKSzc&WoK!U=loqYjZK%Dm-fniX<;0-tpiwS7?ifi!RqJawhksjK2uwjoLaIMbmg4h
zi$q?;dLNLL8RR4U#`QJ)3vY#QMu~{1rrSb3A6bZyYaAy#8_n>l;F*AegX`5~2rf*=
zs#F;9c{QmNB<hDPtVj7k+5-H*F}5<`1yT;to})lQf<{98zwa<Jv)&Lr4ml=p=qXfe
zDfz5l4%9cUc^1Jzr_j5gOy~(tbw{9cD2UZJW~MjX2rKiy#jwA&CFpeX*3E;N2u%#B
zR+QaclWa9$*GFHZ1>?CjH4#$P*_OonJ1<9Ze&7@FeP-j0S(ifT(kor6pcU7e-}3Wg
z*k-(}Jd}qEt4B~TiYj3R4?t<L<Wl*Sd>81|?IAG`UL(2oHFP%U{mclp1Hx)>mVq`d
zF0e0<YD!L3sT=Cj7n+wCwauKNLp3Myr3`D#^|SQi%k4UiVZpb;2G&01G!xn(GZVJ8
z7_^KwMGn5HMi|Xp_`v0c`u^rz&r%f3U-Vua`jtGG>5|Kp5y1z2u1X)SykZ%`&P@o8
zV8An(k|o3>8K~BscW%K5gnZ(&aeCkOo-(DCMx?@}b8{s3O_RpP00!OK8i0l4;pmh_
z0g*`cbLADS<zFuyFfCj-?AOyx`q(H#@W&aQXopZi6|cP%x7Sh{1;zL(xa?sdJP^Vu
z_?#NN!LPXOE*liRoL;}Mq^fv%bi7ion_NH6%1cR%7e*Uc%#qJs`{*48m$C9Z&B&H;
zC=Qe@HL{S4V(OqgB`W#RWAX|M0!DO(rH+yA{FK9dme-R)w<0>sNn}Mu$5H!=NE1;O
z0Wdrl_VJXLOy6pjUwR;`U%a0xjIQgwkOa;8E1|-$<7Y?p6w>o1yAj(6$mbY_Ajoj|
z*z!GdV$_!Q>)6sTf}W3n<0RIGIpP79WFf_CpK_N^65C&GTaEg0q~`|q19&I%a42mg
zzL=0X&7_eVl1UBmYzRwy8G9<}g*#=LPa4<S?VDAb)MHD)N|1*yGN+P0WlR=%I6@dN
zp1+YaewA4ZuKJ?=;nx+dh|}k!(S}CGVd8u`<7(a&EumXRc?Dv5c}#if|JM$yb~FB|
zO<Xh>Ax!MYK_KWN7A8Ji;1L04i8xvoQ1OA0ulG>%vDkhYC{udfD`p#Q{=^5QYcm3W
zo=P!CV!}=-lU@c8Zk~wtt<~(o#f?`|B6x?Hp^HeTruhNek(8u;tf{!EAzjF<C6pMo
zPxwI*Sm8@I+cN5kiLqi-5!$-O_aOVx7C620^xIn+Fc~(}3yz@%+e#=g411dI$i>Bn
zsRw`52mN!Cd>)K<b$%ze-q(kI7z|+|u`Y%OQh!ugRMyo=R3}JUI^>tZ+p-YkwlAvK
zE}OkTcCel`3&m-m;GG$C;c7FqRtB3{)lJ7kOZgRJBdMXzy3U1<L=w4Oz!(DJ)9E_D
z0UsJQT?${5Db&IETE(#&qm=;bBRYyjdFfs+*1iEFbMmRaPONF>a8S~C+?QFYW%w{z
z<`DX-DJT~q+Z6D6;7Uy7_;3@&JDSqD*NIvN?UMqm1%~g(lED$unArHHZ3g)i%zULE
z!#=RQ!JjEm(&u?(c_F&Io!fFk@uQ>4Wt=drF=_8xxr4d>FY|mY6}HTn+@EDr5)A<g
z;peq4uJ-OJcx+3|K}S>4jI4?iEP0=}Fa!BN)H}!iXdf@U+#KEhrRR`^l*;Y7H7xLT
z`V~Q$Q`b1-tIeFu%;*aLcs-r&A+uHJ;XWDbE15kNBNX{}wny8xDMz(;oMxl&Zwb0K
z!^@B4)||?Rmf#ep;Vhmed&&~oulD*g#{9}A?@_!IpVz8gE!<O7N)KmRsbW_F>oLN1
z!-`nZ-BK)*)NDLZOPqI1x|qXwNrEt&-&rnPK4HA_mnvj{0sk}tRq*N1D0lt82+DZd
zIjQraoA*Ga_vgs+od2Q}*_u5x%7e7KG|1)<>~PMWusUhKHjI1&NLo<&Y@noECrnTW
zpriOYUMi_f|BR$RGgo?kklO)L4ZLv8)grQ+x^vy+k@#C;C}IMCs%lGr`x_87U$|zw
zu_eOqgL;YN@pz6?yLT^q;UkrlZr3orTP^u7@%8QsHz&S`?U`#QrrVW|8hw5tja|^<
z=-LZ~d6Y>Sq;aB^d7828sp{AY>&GYFY5gtE%zukB?O&}^@aa8FaN+11IHm{f6p*RP
z9Nq=I6kk!=w*4!^D->CT`fjxs{$1NA5{ff}SxQNL^tHvwOnw<pv;E|*ADWGg5dt(&
z)AX7xt`RhsN^aAje|SFmZ=MNO^7@qMTqP#Y%vj;`ZXtHNo7d`&)$~_|&%m3J6ymW%
zg0Y7c1N+Tw#C~i4@Qm>vto)I{Yc<~}Sx8Z2q`QXZmm|J7eGU3Ti*ozQ{J*=9`rlpn
zFR7a4AVZBL8fHiv>(C!!rv<xG9qML+N)|Hlov_N8KK15z3Vr@LvUS<y@=xo%{+lF&
zWX(fQ#YQ)wCq&5Y(ZNJ``IFWeQFt%LAlEQ09sxUj{V4Lozq)m2?ce&K_Ln~B+i*?i
znoW-6SAG_KlJmh$A4>i{kKr$E*!;UYQQDCI!+j-!(pSee?_ek6B~Vy>oobYM!&THo
zvvx$I;benS*~X8@3CfS%H{WZj_jYOioaP#(B@#q0#g_v9OV9^`x7=Gb;n$JtOL0H@
zCR69Up6CW4$o?j}@!u-wl<EAC6)xjz6CmGQgIz1oKK_)gmv!m@N}cgwWT*-SyAoU<
zD@Z3pi~dg&{r*GcQQE?z0s~bXBrAzSiSL`F3%+EanHf!(|07L-|B|LJUWoDy!~Al*
z>{J{wbD$|?(-0y*`abl94BQN_Q97P~8|L%(5OQh%FKbaym#ytT7`;PL!}jiHC-0L+
z%NXv7CH;TK%72)Pe~s^&OOsRMg^owz49jV7{F!4-_{V#AAzp^!<wpjz(q`*R(?J>a
z*6_d02g-!~Wj6jtAtf_hJzV-#gm;N2yHnWMngYpt2=+Jrmcm)+FRsZxwmS>4a;rZA
zX%0}xQrO?#8<R@3wT3cn;^NR}c&?Ac^V`mgMEO{M3W>4j;i?!y3;){y?3|-)$2b&a
zJN_1DL?chV?FZ1pXjJvvr7z<?UPgsIu3Df2T|agH{w{tU&FU19JV9d6x|ZkpKL$(c
zzel_2yNVGJ=MIuIX%E!h@12=xD3;~l()1qxuW@oX@gFJX|7l+S*OWIXyWRW0ru?z!
z|7XhoVXXd-GXH<d|E(APKcq8(nhbY%Kh-cEb8FCW`>ODV6Utar!#;}bHx%t{!E>B)
zsk-6BawQj0w0cv7=UUV)`Fk52!{N8X!#@kB?i*mJ+jI7-tA#d{uKFM?qx;|P*?vMd
zSbSz~<o@w&XB!zkW15mpjO-?}#Sjls)V+Q4<>DO*fFqwN?d#sAb4svH_uo`0Do_t0
zb+c<QTht8;SiaM6fb_0lf>_1{pLaa(oLQ#Xlzj#|GJSaUJ`V^}n_8}YnN8E(OLX)3
zl^Bn0|IaeRf4Hw~bBYe(j7yU<o4gYI8Ye5&t2kfD9J2SdieE_xh4s*N*v;#(+M3Up
zl_LA}hbBr}o}<DEK{HV5@~;*}v<|mvu^}5)L~MwDg2f1}?gDqtu>tHd^9_^%B!L^d
z2K(<~u}Ng5ncFxW!c^tNqcbK?OUM699^4m|?JSYiA=pxafz%l4G>eT^Xkzw!TP1@n
zH-T-z6JZNISksX$Io{<%t`*cqjzam2Tkb1~H)=tD3zX}hTk_%MLWNy*v~dB|Hy4pb
zMH9$?5VIC-bV6Zj_;#NZMS?mV*C<mCTL$|l(WF#z_^wc#LPg=7>-F1jd$X^aTAGsM
zRJzvdtH(x0$+3Fs&PhwZ?g?qvdS$RVpO&m}G(O?R_evL_`Jlo5vXG98WMpo!pM}+)
z6H#D=`j+D1>5mIxeoWsdmr9kb3N|6!qJIE`K7FHX16h5sptuMl*G`Wrjp8`m@yPEs
zo8l@1hn&@kX0jcgK9{E{lQ{`re*TzcApfON09PBo5<g-3D1lf+GIsNEvR{r4Fu$xA
zJ<o2*Yl0_d+SseV8WSf3CmxRW&335Ep}9yDA}E&f{Ij8ZU1C#tQUPD05R0gEI00Y9
zE8MwSlhX~l=aENV7Z+kV=Pu)^Qn>hvk7WrPo|ViidG@s~lbUPv;m(%XqTOE~u}?nO
zX+pgH=s?ThxJ@YLP!FSB;GkuFNy^t%4p*0<?<(5YCunGl*0-s|*63W<Fj3>x;o`Cb
z)h^68H3^r;DnA?$(C6KalXfs7_|RL+C**7k3v1>&O7Wp&!-1?#TF9Y35z&}RivnF2
zi53koHl8zjdTqrgqLo_!MM}e$gUKA`KIQw6z?}_?9)3<<uJnymhYT0-dwl$2lK;(>
z%z$W)4%5di9@5K{W#_Ixw(_n(n)$sBea;3k01J?_g#l>d@$5*oDYA#ulJ+rV34=my
zM@kFP62DNV+Qin`VJG3FSP^{1#YK}D!0s`m)o`4{0e!Zj1h&K9L0SXr-<^g|ZJOL`
zQM@Wz==lu*uGPh<er+xYO|T-2g`4ig9-ozry7XI^ltw_J*xyJ*JV{>-c~OmDLFgi}
zNbGiKDiph`)<m}$=$qS^<H{oC1TUmux<ZaoW<@B~rl`f=o_ECPr@KC&5)ITU3CdEF
zzUjV!hBfv*o*FxxUf&T*%9|4Me<Wx-j8tt4rQvSz>2l3IKz!t3^{~^8vc~G29*qJB
z7Tb8ezs@^KU@1T28V%2(C*DW*aw{vXE!sU>HKmR5SvH#a)XL%WjyjY}sARPP{Oh_X
z;8&-~k8(wW1<dL?8(;5uP-^;mQhl!)5Shji?t&Ic6wS-gTU7kHC9~J@o7byC_mR=Y
zalbaK_k4y%{PW9_-<||yh;`=yfqNnb8@+QdVKWU!?N~JnLVFRoU^*#8c1e7RqWv;a
zd3V{FHUURCo`%3}XThXIcaoWznZ?@Td#io((YJ?v5fv*gt+CUEkgUhF>~j=vAL8ef
zV>y_NZ5j6$4VlwgzvruIM1`&i^!fn(f>X-lY%)_M2#ECj1ef{5NN$9@)V%J$SKT5L
z5Ic^c$rV35z}yfhBS%mOQi=u=<gJm*72#yx=Mgs9Ut}!;v-jY|sn@Z>kq4M#V^vzn
zW#pKe@kCrZ%8T4g?1=p}!NBuxb_P#LGA$}JoHb0AWnhVt6>&F8w2F438E+rd_P72?
z%MCSnU)6m4)Cj+~9KO2~Pw+gg{?qaEBbdU-q|z66nV<?t7HXMFg@|X=$0Fc{(kvdG
z_v_6}qeMd5sx6L>s3Fvqs_lrU&`B(cB(Xmc<-R?827@iw-%#y{{It{T&57;%zPwaY
z{YXGrts=q-q0VH3mkw$qyhT%@>r$~rEnR9Vf9h{U|BEB4#6SVK-P`?9xc=?4`JXw$
z$sf_+FWEVoGBa&2f@5WRXreaBzdg=3lrv-bc=D~8JA!%w?4W<!nq+Fqww&A$-`Qm{
zznzF~FXEfZp_2FVG9uR&8r}!`ITsGliN(HnI~PuA+PbdbftF4YQeO$Dn+p*G*W4$p
z8iXg4_F0qgeX1uSw8zSW5}rIO?oK@cc22pL3^GC)y@pC5wDf#U(R^eIO)LP7R=uWi
zxLfqqgETQ1YgDbGn*t|{oRLzq!p^gzhq3j67=iCV(+giFXm1ZzwQXFrve8sL#amaF
zBVo6sP{<=0k>C-5el26yDhj|NiF)IPrY##=0$GY7xjO$Z<K1PJb>cc33{n+Va2-B*
zos5Mr%~b5y>sh@xXu#?-AqD#32un{T8{euJ;)kyD*iMxE9K~CYdRg-?Kd4qU3xqx1
zvVSJ}WkeX*nc4ZartvixOgWpzM3O}oG)B$4Tbt``!Enq`S|naGqz^Ei$j4q%Cck4(
z(PMUq{MwM9x=wymi#(Kjr`}^ZHa~g#@Q!S_zbRKq?kU!WQ+$tGTaQ*9Od5fY)UW2y
zHw5)odo6={metc*?0ZvsFWiw=y;Bq?8NO`36X9$8F7G4xqpEkPo01O_Z|wXJ%ilLs
zHk~jnsK8Q1eTH9)v;>>hgzQk6Ak)0Z**?vbV+nnIuAC2fj5P`@FuW-Pei<dCC1j$A
zeS;@9l-zporEqef_2nMb>}ePg<40-kFI<sx3iV-SleJathYiafY=_kXYM!G)q7Pbs
zr7vrEHmqJv?sl7!GfYVv9W}i?Enh^fn`o&IuX)u2SIJC}$RmmWjGItzd^qfmd_<|;
zuw*Ito%z6OFTAEv>*tf17b5CnyG5&fm2C|~U{(w3{4OOM`wIXESEX)Czp#v4)m&@i
zTPkm!pxG$?2G#g(lg|=zChDMIJGFZM`lDfns}2E!Q|juR6nB^9Hq}j4Zu3GQxTS3Z
z{!Za#Z$cpJ8aC@OnuFAO*3DVTVq4iYXg&4_Tq{z~!i!;xn|D(P-Okt|Y4BcVY2Xzm
z_3?bJpVd&`VF@v&eV;3R)zrC77V*rrf{NTt$Z-^MquCZ^U(Bz0;#;&dO(>qp&bXhu
zHRw~OL^X~Vs!YfTQ5o8pMSRW}FL#-5CZ;Vk5*$`Ep~x1tpdT>73C8T4BJZG3-+%T#
zmn}TZy>725H|l94?(m|?<kyW!A6bH%%9W3HIM{QK!tThJDoAJFCJM)#8G3CBv~E3e
zeca|~Vj2!K&;@eIRm-FcFT09$M`{X?x_yZEeV62jv^~g0TGc-Hm~c{`Q)i}>k3mn8
z69{JaOeeg{&tFmZB8y2Bq!0&I*t<YNH1-4U7>qbbp)n^!q~=aYcchp_!)`P4?!t3#
z6c73*M!7=`8y&A*&D$KqK&XQm5-fG?%gqxkZPoUMn#RVXm+K8+YVg35!e>JYO6-V|
zHy{1i8dJQSgN`7|P$RQ%!jInBKd{HtDdJFqIPE;dwD=}c>wY#W0(BAp<bLUB{Kegh
z+FRD`OBA*~sraEj2(Q#QZE@D<(wZAv2_U`%QJAYG?j>7aYv86P#HX5=w-DO+u-dR}
zY_{0XdX)8iaYevfv0X@vqS1y{>;uftIQ)rqPM!R<BL7TJvekw(6}*HF4`&qrnlNoE
zxjx!m-QLA=NPKE=sD-DY;f<|GlqWaJ#qc*kEYo>6EG!@L!m+njz-Th5>%-Wrlaal5
z5_UA5kZzt%>`@PPd^Nnx7^!L%SHTL_tbOk6+0yE_a#w|<RTO#_rkz~Rx~8Barv6ZA
zabf8HVedVlntZx`(ICA_F9}URS^()qKzc9Ikx-;V2rYyv7K*e$Kzdg?2!tAXkq!bu
zdhbdV5J3eM^+f;Q`@a8kzjvMUt$Wv9_ndXlT3N}H%$~h}d+&MXnas@I^X)Z={S>(B
zZfL=Z<xm-PDRple6L5xEWnr3Y9-C_BM891f_UNvXxm!mC^)#rsiDi&nF;%fmf45jY
zYw;ABAJLjdpsoTrIQtU2?OevlsD05^Ap6NLe9!Vh6;){fVSN6>q3o>F$$Rb#O}nU&
z{-U6&OzASW2F+1N1b&YD<YCin#X(TU^hyIf<MFe;@Fp*Q4@woZg`2c{`O5OF%b3*n
z4(bl`Mp!?2eT^1?^u~5RTmD?hgSpf}oBM2r!(u(*5c5TU4YP?EPa6_3d{awcPU@Hq
z98J?6kg68x$fk6=Nug=yB&rPZeTZp@g3><;F`(~2__Q_Q?Zmq=lm%NQWXMl1yMZbW
z2HCsz0W(j1+pI>wr_@>ve+w=i$Iio(Lc(d>=I&bnnnleVE&k+8a9h`r{V;HLRuHwk
zp0%o9a_s>hxZ-%Hqi078#^~kCCfbMJn&_0%H+_^&RVF1*Uv5x;Bdl*@XM5DlwDb9K
zeJO=<f-g_9D#9dv$&9AsUY!?0?wEUmNXEPzQP=Za!&|257`C$8dJP;+s4V&Z21|lg
zc&UMb4(PUdt>AP1B{~qR6PTHQ{sfPx?lJYZhaMTlR~_HwV~}c~ii@*rh76Wma`xCc
zDup?l#h*Ma{w!;BttGUJi{#+|zZ5*?%?LLeD?1NEq^gUP6Reo3PYg1POwL}v*`3XJ
zuiS@aW@zu(Fe?yrS6Z<N|3TEZuBYMks{?yFs(QgLJ&c>smP|s$jAF|1XhzXGvQsRP
z$$a#D+73%IcY3?oD}@=-c1I`DZykJ_QQr*n>~?)w&uz4Y0jWvC^vTd>R_Ug&rrH6~
z<isob6Dqp4of2dOiMPk5G!U)vGW6aa?SfPqe%kFOLbiJsE-hc%ewJLgyb|#ah*_Sv
zuJM_Hp(;;MzUv*Msej~-2ywgCO(N`wxa62qUF#2llNGO%J;)dNBnUJkjF=kFVwuF9
zn3jl#6aA;;Zs5w3+<b^S!=n|iuGND-zgZ*`Xi5)~JNe`+kXd$Dt6WZexDJf=5q-3K
z*_U&DC@461()Em_yg7v>hXb^%mJ`UZw|PX+Ls1mfyc9!yEZ6v>CSZM*&C_0Vb+!S~
zKf1gNSBMl5%nQunUY7N{HcjetPBoMxpP3R1-miz~1kj_obetmE;^SjQLc^CsR8K?#
zs)2fZOw{cuqFKw^=W01wcs3sG{ABrKi&$Oa&giCkUA?#h=6VBo06i7V)>82&3@GR>
z{ruEuLb7c)QD@vIg^y7}BAO~daM{wEgui*4)PJEthFI1{YAF!N5>6D8Y}b;Ua%kEv
z&N^R@LPT?mitNw90<r8LF>PYn%z?Xrh*hYOM~O^(Ko!1vay@EP9D@YB)y$KlzL$Br
zwk}w_84u37S=EnVbb$C2HMk^dPiPUFmmsNqjYo!}yX{D58C`DmVb;v3J0{}0pB$Kf
zI6f(BZ4$GL1jUzesrG4cLv>}@%^lYL70+>@sPntW%^%{T5<~L8f>NSm+GTuH*h-j^
z*Vc68i$zB_9Y;t4DJc&uT?Y-n;qsy`iW9p=tMV+WL3|mAy$5HUs~@IlF7L*M9WNr0
z`~l?U%k@ckMG70(&}hf`50nJ7)dswn+Ch;PNqq~)jx>Ygju+{*H)`5KpMQ}TW|``V
z)bAZVj$h%C=!&lPpU!x$3LdGFw{>vvx0ncxRNJ@d5eFKjzG90n`5<|bW}(@;Zu5O%
zXsO((^T3LPvhctk*@6&j!DRSKFc;sV+)#lC65Bj96_<1DiT)@sC3Lgxi@Z0<?Q)MQ
z#eRyRna1v|UUV|n+epAh;X)=&*i%ZjwyF<xMClF}DPR*0^SL)y+$w#XF%@-T)Ly^C
zdHX4AU-`2l{b^o!A2@n`(xzvL2Q>w<6hq&dfZ!42wKfePs)F;hL<WcA4O-iri!Al<
zUBp`J-^n%|vniBB+I_tTlr918HXo)7m$GgG-23_8l}FKz?S97%T##Q37d&G8dT#Vf
z7^p02_O*`BNU8N>Z+P1yegVYxz->Gy9akL;UE<T*t0PNxd+HMj!t!DVife~Qnwc5N
z$4@rE0VSdLFGfjDtoUdJvL^UQa)yma#|11F$f5{>Ol_8J8?@soRF0|olJ?JB_-N|T
zpFyvM3H$&vG$Pw(w41=`pD6iJlFzNS{fVHU7=?!Fn`lbdgw5Q}AWYJwWVkO#ECb;h
zU&h@mQ*|)y*4=n5$RI_4$W)gqUQ7~|rlfngroE5mP0vzHZo_^E(>716o1eJkpbPhm
z%8tx=AQy>$&_Wvswshq70=oukuTC$#@(t3uGCPib`Sfa4PoP`C3tL>vzF@7p$y;_;
z3M;9|swruE)&_ZuDnIygTA$LklQhw<%({J?Zhs<DKY;ewV7f2oxER|fzLL@P$w}=l
zZ+=tzK{vd6<>XC9kj7eN>U~+oNzL`F3g|c?KN!Mrv-sUZ^$`ybcVAi4tIDpmpLslw
zs-I>PT^DxsEcqbM5U>5#SqinZ{PUS4eyXoc(RWu@E=O1Csn&L0+=cu4^<K9S(*^s^
z)|oM({)DX~gc>XJN!&YlQ5*4QW9Q35U|oHd=H<C$*wtM5*%!r)1Iaz>=A#yk*|?Gg
zwzx-a==SAt*Er<Rs?87S8MCA&&|*!Ae_;{#Fm!PSGHtM9)6$Gv?j;G8Z4qwGp13i6
zTOR`8%wuG!6-#EaRd)*J4KMM}Vap^tOEkx{_qZf^I&)y*WBoj4VK#WTnEgDh^L28|
z4%IEBt?T3c9fg`lu~VM&Elv_EP1Cqp13B9O7}#;UL3)&x+~!Nf5vB@Kt8VA$R8kP)
zE`o2*V~!|V5FmGMjq7Q3mDAv#*7l~73V>on;F62)#ps@HPlL%1(7}F#Uer|84&#Bo
zJx4wA?B;&+IKrFx+tMF_^E<KBw|R2%);{A)jocRtQ{#LF^p98bAaXMwrXapOwLz_x
zJdwzxh^+v$p`lzc#6c)iZ*g^X2O2HSC;f^a-x_<!<R?;};vv?OvlET866hO$(tJ~J
z(5SczqhM%*KJ<}Oh9Q8@jXSza1}12lymB2Ky^$-RP}aqO_&&&2lCdn}!SsTen7p?+
zO|^c=^QKS>*=D2NPxrosXAyN0o6WcgR<3-nTdhYY`W|gZ9V>{R$~tz=S}wUb4pEOR
zrEMB+6unX{8P^{lFp;N5IgaN%kq|2-QZvoTzWc3_Ot|aV`5r5IoQMzwrCg(Qx|htS
z2<rojXIk9k!Fi^ZOb*fXFlZf_(Cbp@2j&5gev_}HBvD5wW{?K#?GVrcB{*%!q*F5@
zT9w{xajs6`9UW~;!o&8{QjL?1F^?=V_W<XSM5r*Kf=PwFvGA2f5BZPT>wYU>SWZ?{
z)hm|#J<j<Pd^k+FHBb$#r`BSbZa)1fda+yQ`Q|}M50RPX(AE^HhBuw7^j>#cKvQFx
z6QY$dY!xmd7s6nS9tM?oethQmSci2DRZ&r;gKcP9Z2@KuraBu4cfjb%J=d7VE#3#-
z)|HbUzKDs_a(P7gp7m0#p>9VmN^Hf@g(uhPd;dV)ivM5B?<%IIS42NHJHO6yA|T$5
zqtgV*^GSVeuvNQ^U3^3e^-;PMw#DAe_OvTf(^7kq6iu#-JC2rE5HzM^H`ElBlq#`e
zft+h1*y={UBW_w;jrYAjkPs~$Rq`q3Mo|k>zjXN3y%Lte2L|qauXNjdO79S7HhT^r
z9cL{$7ss7%)^$>R%&@=!WSRUnYvlFYeW?4TwRCtIWXYu4I(uvg?@qTr%JI1;m)d}R
zPb^;X4kd4*$Y-lq5`w<YgBM3Be-I6Z{kVOo7YTQ@qECWB4ipy5+fadyVuJzllIwK{
zKG)oNDrZ)S5|1M3*uAZ+L%?;OXAid*Xr^j*gxU>e-z4t5VGT5Ub_7$M?9Fl%_3~i4
z-)Mjn6=>CEzpFCr5?!~rez8XV(PSuw2|(r9?<%js=)dwve^q=tgnb2`D|9_Tn;}5L
z%xvM>KWajM*Q^xo_?LWO(LlW(9U?P^EL_*e>aT4NRv-&T%~_g$HELpNSj@CJY$Iq{
zW4S!83n*$tmh%a^)@$`=notM5`GP+?LU~$GElNYXY=FMQFz2UaiaKx%vYV1#WuwjG
zJQQUU4GNShW0XRbYer-NgZJxwpk7{f_~NcT+Xl+R>ADe^PPf~3terBF7*U|hB5CDH
z6JrJ`OIn8869mvm7~4U<{;j>XRKvH|Eu7{&hfNomKMdrY1{d-~C_JUr{$ONDf9y#K
z^;HxzBH|<a%6J^jOAYBEhtsd4A{f6`<L|FWYS+9?<!7jh^YJTgFN2Uc5K#Bvj&vMt
z`J=5$$-4b_?8hh}5twVBBN4vOBMq6XJLeA_yp{Q=uRkL4u}7Y;)1-1%@FbLMwRgxL
zW=|fCj131GA@HVZ>~)}MISJ1li-yKZxd<0GGXw#{k2kPE@wio<&=qc+Cw3_cTBs61
znOboi_Yjp!R;>tvk@bpQ<t|M0VGPnKfSeS{jG4^Hn_I1vP?>pKqeJpiYOo|jp0-cB
zcBaYtH?4m4s@yY^mZ^JFw-|lNdlI?&1V;u%Uoz)0&VOSoF>!s^wm3|zK9NXI$-IT~
zs|o?lvG$7p#zRtl<j_dhs=#_FYJqX**oF&g4G>Hl<Y$xf6B>H1zVb->#^@)3BXs@^
z94J2#^LywfrR~j=Gp`p60vCoLR^O_!gbBO(S0$al{qTZz&Du2;qJE(#W1S;l)zZCI
znGtbhx0YQ<GjJg}%<HjN3~fy9Fo#YJeRFdUG_{z;SL-x)p@&vP0~w<wrRK)Pk-+2H
zM=tBo4??Bj=ugZA!i5Y3j%59XQA0JT8hH<8dB%}Q3k`b5<fdv+4u9oZww3?z9k*eR
zQx*#s7M_8*rRZToxJCesZPte6;cD-IPx*~Xx<+EToN6%@cnDi>drOiKyndESoUJng
z`Q*_u{2oAo81r0dsbXx3Jp=qmNxNZYdCPm;=ICp_Zltb*av7tvfrxK-SgY|GO)UCJ
zug6te`AxqsmN1~rc*eOS*Dt{KSiSW|pjEv4w-zRUmEs4xG4@u0EzZMIwX~9*u0HBO
z%-3@KFKrANOG|Za*r>4XwnW>eLD-^@){kgUZa41csEnn?RvA&!cnasX<B`CGMB(9V
zAI6(+uXbEzi=rZAbC`#YV7_>c!nNOb2p@0Ig+EMYCq)#;t%p9}oxPKQPl0EwQ33UC
zxjuqB^&U9i(4^#=<yUom=4jo<miZuW=xKOvFhkFCGhje$sND^B#KUDz4pp+B=hHS@
z0zQUqkqKI&@7^@J1sEt4og0Q8FAZI1V`K$uQRznAXuwES8w|L}KFXPo54J}V`EGez
z%(h1YQ{(srRL5d#n5|h3j99TlF%yV9y_f5it^0Z2Akp+*6cqZ@6dd<mtDQc!L_=_H
zL482onsHhn#^+({?da@)o98F8nij5AK>5-xh3hw&Ebm5ZqsN@-c~bCJs|#(8rkYoF
zFSDy#S4zEF45pT+ulKnG3BnJTz53Pi#6<k<8Ta;Q$x^_Y?S<AT^rH^Q5oC8VaSIaK
zJq%PG+Qnt+peMLS(i4<vso@g>HB}rBhQjay-6W3jV+%nKJ+yr=Uu_n-0dWTRR<mf~
zFX?-op%w;Wr;E&s>pa}vZj#1Le5{N|GoD$H-C@-QH=^>1_iXz-$ZY{zZf>-L9EU~5
z<aDc<(<i};1?uIjyi4FmEth9gg=q|9S*V(KWG8d<Uz#rfq)Yi|+@R_acRC@H$FdY&
z7Lnqn-0{QUgkp+Cgn(!HjE~*`bwYi(C3C;Z8w^?EuAtkZmEzz;T<HK~YA1~@+xuX2
z;nP$)zZ85!o>>{!S<+tsl8cqMWM%Ec-E-jy;wH-4lp>r)Z#An@f3kdN8KTd7NpKW0
z7OEp}3UPv0VRcYPJhZrgr>B$lfmN>k=0`(IQ3-K<VZ;DshW!q(yUuzCgZw<TpGI`$
zLN-CojbnU1<~fYWC|DnA6NI)c^B78oS24P^s~(WP$zF=l%nD+1pmrH5Nq?$NSp0i1
zAUvOV<r<X#lSGD-MpaOTp)lgw&l{+y%Y?xqj6D1VJw*hZZy~}+vT9$8xBBx;_r|1p
zJ_+Vr`;YCP4#l`+85}d)CQWD=aWniW@2L&5<7~YlU~2fX4v3*x(%9xz>``0JvgLtF
zNnJM!YCv654ol@FodD918XT9NisKEmNCEPb^5lmRMVKL0mA??xZ??8!@IMfCt(91M
zI^C?XP;3Cm>A^{4-u4?wG?xPe!AAAVUT1B6ni+LWvJsSkonFMd%Lj9NZxAZj=V>p;
z-}0{O>!t|PF4G9a6dgD{bOR7_7_3x81b+s}iMu?Kjg-&}_ks|@rtz$xRCqnJY)?IH
zGOy%)gjD6&cc&smfe$3z%a?7z?kqmuBP_c^`~nfAe>S_)GcC-2VVr1hy;(1ckqw8q
z-Y6a_hrDL>YvDm%_fjcjU?3_a2-2)Gb0qaaX{k29@`hPTS^_;+noJqrl)YBq7oOs;
z{Ni?!+Sf$AE9vd0IZ4_}IC_)8Zv4k|uxX=`|8siAig5FzH*0)R@)8$1TPg|$2qyrN
z^&#wmU|06{lGAe6#|Jnz#%h5}YxqwYu2(F&A2l5irH*NE{4Nn#deMHDjI782THjW$
zZYVP1Qf5E8Np&HdC$+lSa+A$wH<B!*HFz%ZUjiBSyz5TJF9+FsujV5FJUPHKdoePd
z><Ut6e*;8Zkjflk(QQu(S=X95zJEy|Az5(Wrf}Z5SrD#2SKt+73Pk(C5)+ersi=sH
zfOy_=IfrK#>CgWqg<7h8%ljsZ(~*D1boC_IeC4qcUVedzhyQ`D<-Sp%n|Eqo;~(tg
zX1agZlrOnPxPW1R-La*pYAGM5Ti|c&Ma<D6YyX9YoCgT>DkD$tTd<;bmLgn-Cu2jP
z__W~8Bg;QlH2jUjNS%AOJi^uB9@e^7nDchz#7mDDRE@%uo2VKS>+Av<VwabEz-NLC
zHRH$A!4{!^te-2gF>{<IFYAI~&5F3zsA2iXMSt8wSoz<%jjpRk!~q{*5Rx$~_y-wS
z@wdAQn$&T)fBWR$;U=4sfY^^rMLoQDwygn2v;aNvT!WhuvDB!+^ZFA67P7kd39pR4
zsQzypK=F?ZbyzR+m3N2mVX7p=a%)YFbL|T>=vG9qm+<(ZWLtlx<BLXlTvPgYI2kL_
z%>U^2mrWo=)6%VO6{R-XI3M5)o1eY%8?;6QC8emO<Okg2`JZi0kmPf-s5Gah2Qdrl
z!ZYZ!Z_Q5)Zl^idrtH*&lxq{DRCq&aZ?c*U{&?xlpJobHfF(NE11td#IL|D~f2Ie{
zH2J;^Fyw>}m@@uIjY#^tHHD1+E{rd(#?yenC_L7B%KT{JpLc^h;T!)47?&X~w)_)c
zEQ(N58R2KrLH{?DoIc$vHzt6)l-algS(&{~j`e&V-M;tT00gqNjNTc<_!gcrDE+PF
z{9jsIdJTf)T3K-qE(60~_i6rLUeqxB2_DY)@^E%^bG2qHLtngYWts7BVg*OA-dgy(
zL}B8%TgaqFa+uYu?)x4_lXt{kwyTG1p=zBqO7Cx8{O{W@skfDUp>SBno#N6l+&WR^
zlV5<joY!qmqP86pc%k9K48149tc7>~R==ZkenMB{StE-y^&!#$ITF|u-*25p6;A?a
zkI97J_&aG8Rfo+7@0mKH&9y8aL2T=+&2DbNvZah>J}oKz$(F|7ZqonMIE??^6*<pG
z=Y|LtHYI+}j+#Yfv|^gtptk4_R2qN!BrwsnW!DM$&qbtOuS}FacUeCg5bNO1*D}Er
z%042?Z{s>Beir%3*xKjt#f9}xe(A(*7QLKdb8MMI9r9xSFn_|>m%?S$IDLQ&&mhM8
zw7GTGK4Pu0RSt_7um^y%@-PEa+U>khIwZD{24asv)^_=y`eo-(Y7ak4pfnsvGOtT-
zU@oQg&9VD}YO`+fsK6l89$-_mb5!l6@OdI)N>;H;wuKJMyLnvB5xQ~s?DLbmqvy(p
zoSnZ}UG?S#?grWvr|q4)mo|4aw^IdlqS8cn;7~NlI~74LPA<Xa^wT;_z-!cWbVfqL
z;IKrbFNZFvw-QCrFv@&hMC3-3k1MARccg~_iT47{T7l`>D<PJimxN_8ROWd3HOUR_
zyqOs41-d%63f`F$>i{?UBPz<^ex>|q<|!ELTilb+qZWj3qwykN92yTwybXP!j5xD&
zl~Q@cV7L6UVDDRM^Q#KEpCydR=Et>%R8L;Y!@l82RiOW;_<tL-IOnUp`OJxHx?WF=
z5I=NQ?$5IR0+^6%SAJReOsq7U-}K{uh4O~0uZGIx6@HOnm1SSOZ-(6tZY7qbbht50
zWvcP&4{}{xs?Y*Sj3ho}zCz({&nvb=CF+ODLf&56aj0k=39XzaZ{x8IyU&B;t%wG>
zUMzqSc~p7%3vi|N3xG@L`vcQ0U0dHBSpQYLZKCu6SF6aHM)S%eVWb8t#yb~{p0P2?
z9CAgJIl#05Zr+C%^Hx3-AMv;a=SQ6FxgrYY%8=S8+{wGQ8M`_Y>1##E%=h92q%Obs
z1m#xIUk09-JVrU(ln|W(Vr0XPCT<-#CF#tO!^<FmE0nOf*f<Zn){IOXM5D}R|0hSi
zyZy6no2S%v+lKV`VmqaxRzRXWk^qh@z<h^%C4QjMLTfuoWZoT)89W}bekr_z4ktse
z?{ii1;859di{sHgnC_fmEJ<wGQ~V|xV!myxs;$J<%9<);%xf<W8gyWv3dnN&r#I~J
zu+PK?!EZ{#jAyG?0u?KLcq#W9Fmk;`O(2^?KsTo(<-O&=36f2wteovH*X$O2#~`b7
z0c_FaGc!x&0gcbOnvO$0pLFwzj~^X9NXl*Bs9!nn7=0lV@XD!WFDO04Ku=@#Q$z2g
z>m=GX^R05VP{hOCxu>6E_#xlRO*SE`zHGhSA;`H)6RpTh@Z<E2)Z!K)+4F!v3%i!x
z-Ik-ktCO>GEY@f7`0Lt^9qzC^^7qwkURCIq;N=U<o~wTSW4^o6#;KVM6_*HWi92{6
zCp_LT*5#IoQ2m5LG?gn7$p_X7=mw9^Z``?VaE`G4BL6rj#PlDmYXzXihe2I08m-&a
z0xt%AbSXY0m~UEE7UGWB6yET=jCV}5o48=tQLfSTs_e`cVK(%x`5MZRoAVDfrT#-r
z`5(NvlvU2&T?rZki{r<)m|YL*OER{)?(+5DKC+?sQvM6zx2wf&DYYi2>Arkav%d=x
zEC*}(J9c7i&py49`42vK{^5{w^rf}!!)fKQz;127kAMtuypS7c?DOn6kThDj8?+$e
z;6J(C+Ef!N-iq5TRD8ZXBpV~!k`XsLwdNCtQ}&kLf7VruqrZJTBY9nXy-pWD=jezS
zoc~M_D^lU@Dd-D1%;7CBiN#*2ipXSZ)xSepbP=-(jOL+%)6Wo6P{`Qq)$06@#EtxQ
zv#)LF?`*H+JFEKV1Z%nVqFMG1;d-kN|6Oq&N`zVNTb{`U$A41r^s{a`t}@l*a{8{}
ze>nK=KMdQcX!3GodMon9%fVal|E$S%vr0e7R{Q@W_+Os*|FNk(e*x0Fxq`>BxA|m3
zt#7aszR0<co0{-SnoJJ-c}>WtFJs~nKE(OvP#QpXTgUdY1nEBTtgS)wILU=XN!zAu
z?e@5H^w-RfdVN>Zmzm!^A3u#d*W12-T>p*smOoGIh$9vB8Ciw{gdM`o0b0q9s&VHr
zGj*559WQlos(OBFJN;JV=l4H?blYEbG$<Ca5WrW4^d!hEx^DZ}Zci@l1MiUoxBEO)
zz_!xM0>M#p1V;Wg*1rHc<RK2uGB>Ny<SGN1!3!DRTyr$U9(ZQwI=UfnlaEpj>na4V
zB6ho$0*Mu<@eQv8-HV*QD_%Coobn*>b0N`k*pM4tR~?Kx9qflQyWR0Q$Et@~S(^+9
z^~CY{82sd&@YZC5EHnz+3wxK2rbyJ3R40<^$?15&CoV6z&$T-k^ip?%o4X=8JBM6(
z6jt9Q@|>MPA(Qeptdy3?6>1;MVw;thD@Wodbf4~(3*1@*JHyeN{l%|N%TF`J!J&#7
zKuHC?6X;jwY;3b;LmtNN=<DeT@2wuCvX?JwEz<ZLTeg(*kcq}b#x(4pKZnb?h@JAb
zx+_JESJO}>UFd@mki_aRixoI$)JU@K6MPvq8Y3=acwxYF2iDQb%Q*0n=NYEy$h}I1
zAUOjgFKXSZ_-@+QM*TXf?fLekUN4+-e}OWqXb(A^YCdaI7y!qYO_9~VT3}(_$`rAT
z4v*m#gx1`;k=?wsc+oXAt&bUH*A7x=-zCW#SyQ^IEh>0lRp!7QmdMwZGBF?7kd2Tz
zinP(T{Ayg$&ZBN*8~9=8iyAY_%UiVF-d|?Y8E)go*@eCVBJ1l^-oqAfZG2HB+^}J6
z-g5F``A_a&09@{$pUd|_mWwfmwim<+wTVv#)H&i$m2l1Q7ApSeE^V{pmqrOa<rRGu
z+i$fe4-1FOzu)n;D6idTY#8C~fQfJ-^b=U(plC5l;^ce4&zNOTNK}@DhC+nwAvs*+
zHN+^tFeD$g^(2<JySu$5V%@@~tp-&hqlgF6>lr?<i{FX|<$6&q<MP4`D`-rJg)K|&
z!J#a;9d$7Ged}VcZx6C-vtzTc%obp!yMx1O_bXo6{ZKSeXja!>3A7qYjhW4Q-)vCh
zxhY*ZF&0)F4_+6cC)4w?o8Efkem!AmL2+p%&A2;A%50*pF*IjSwa?0?1eIN{@YyOL
zy&jg^?|vN$tKioToQgP8L`wexP%rCwzFr*;yHG5VP8>@Gw&!KLTb#q@soQ#&*3!cK
znp;zp*{_uW4PWHSJyrZJal1ycR3HiNDY-(!L89C<E?V~1D59U0ee%nZFTo=)KcOf|
zSZpj=b159*<$i#6IHn_(l)e$|(TblGVx`WS6wlL?w6*g37G%bA9$(&Wf?E$iH;eI_
z#I01l8uz<11rbbvkH><9rh2?0*ZLkFr=t=*H^z!JZ#+`_snWlRwdgMS1(=;XwZX14
z)s{B!E@juyo_}V-Hqx(txYDb+_nta&LSCY{Eqj|+LdZ|t)Yy0H^)2p}s*}rNl~60^
z8!7VEd=MSCJ0ggD&#mY6p00tJo_3n(bz1Z~Q*ovjmsr13jQHXBR{VneHdau_7STr`
z?DEN=k;Y=(a2lZnUb!##oretc3h5<&XM22PrF_-Orh#@@Tx6nexNkUsXy}3|vnuFm
zRZx_iMczus^9G-|PqHGrIYR;*6w<qFcj)fLJ{rig&Sw3xy&O{fAjxE|n{D>kdyzNe
z^#T(`7X@`TAT=sQyO)Z?huZQtr}4EdIe53B%Sz$OWsK2`&k=5h{P;luoX+kvm~e_H
zY)CI|;`H(Kd-?4(F6%5C$UcjgV&0YZ+XEXCX6{fohJi*H*~dZbZv`24266gb8M@46
z_cOiB-BuJ|Y3ZJ;x6?xi(OJhpPPt%3h_&pgrgeme*bbz>7Ha7S&3Rr9mkj!5jCes0
z-(?~gaixOw;zbS4`kk}ncHXq^6c}rH^)Y<Bqhs^a#S^-NiyWt;ya|GarK~kL=(eMs
zMA^~Kh6j`7J~+ANzV&^Zl`$WqMYPxEV+Xb8ye>gg=5PKoRz(9Bj00J^u;y=~uG<of
zdzpvh5aV9dG=ghexEJ34T3;XC-E5V=+iSdHd5fiSIM+*pNxBj{9~JoC#3743YunS<
zMWhtSN;UJPF_`HM<_$`!OXPKiMas}3HxEWGe3;I*^3C{@xGsOC423GxvZ;hf{Ui4I
z>oMNgM#LyrW;C;v37iNWnz#P2Lyk#Jf4YO9L1*B)IOZdO;M&=Rk|H>os_5&&KRCQR
z=h(h)dwnNKFfUu8d#v~<bKiRHamA0x&JR~k==(5;0e0?v&Q~iX3Py@zes}ph>H9UW
zEFSOM8EBVYXoW76f3ZGQ6B5&3O~EL3C@aJS8;kc%p+Z3%s;aEJX31HP3R|mJ?Ut7_
znnUo(KVEyfDcw3_fAUhl-X75$ohBC}G8kRP1ux;24va!M#I;$OOp2BU9<7&b4ePql
z^T;2tR#~hn?=d!OrjUR%1OovL2iE=KqA_@Nk;a><$!!G<7?uNS*1NaUhjGA99k+b_
zs2BuNvWy+AV;w`8&u5<GOp+>I$uX|pt1DiK<MfZ_@ggyikxZOl=AwW{Cqv{j*$)P9
zHnn8;P7kqe)vsdKB3AWi3a>+nFon!B9+S4#vd@-)ehXp*My9NHr=z%CsIWeRZ+%w=
zIbiK_q3@jtZWfkCf>i*f_VO0N^#LnU;MkqTW*juuXKMUhn#2}i3vG?r9`E%WnJFBT
zzvlL3Q<vZlE-4_KplPnH@s!>@Z=2_CYKb+G?blH2POf{~rW<P_qbjpv-PQXhftJdr
zyuCzSqagP8-@MpZ@WC>BeEEhr48$*7dIKx2-m_qIW(J<IwTUnG@u9n)9)5y&kqPCB
zK*?ut|ImMOH;(uh0DS9{)h~c)imRLFY}syePIkuDmjxPMXIMP*;jYt|G9S2Zz|yg^
z^;>##-hm3GkEi$`XCdb<m5-hmINf%(ro1I8nrJsghlNc5Ld<F)NE=5-*AOUN^zPL*
z9t+Fynr;UW`D}staQ<w2qd<6TzT}yKwVT+~&{v=Yv8zxSbI_Enq>cOMrEFtvkRSg7
z{Kh`!nuJ`J;P!0HHmS58>7(n~Er9u18M66qKdMm?y{4BgGY0R(P9yK9eI()Io!&(@
zm$x=Db`3onrfghCFiH(XN2Zq!Om0itM^?tCyoqJuLBFPJ^$T+nDfYN+E~U`LdTo8o
z)@5~a7`L1H;aApev9ZLS$g<cf56w%6?7>#qE_#GxcSaO@|I-{%0C{L=uI0+=(2{)$
zDn$m_)RUh`h<F8k$o-??%~|$4Tk=yj_svsEzga&o8?@@4_KYxU?t4+oQ-|zL#~?gR
zdIy)A^Y}yNZb#_>-TTY;Nqzx58?VYj=)Pq3DXj?o0th_Un5esq+*&!Cz#Cl>L!GJb
zFP<6@S<0Gv9Dad4F<ZB9l3oLOx8;2~?Nj>q_4!;|J{#<kE}?&zhD4YImtcJ;xPO$M
zCVd%G8g)xn`X^SCz(4%*b2jE=vTpJr^{4uAaQ<0*_g~!U|DyR1#yZ=nlD_|C;jE%b
z|I$tUUpRFB!uJ=3w2uD|r8}2=)X9-`;5feZ^hvYTPg8}s?|NGt#~Dx3-f*QhT7N4$
z|9?U8zZesgu9~>EMAQ77zSR2e@?u9~<OQai=I4^zSN$^qd8t>GKB9(LpTpd7+Dy1k
z&N{Q!zmPrtXO)tp`JXR4d;cQWwH@Sz1^<tfA^3}2Ac#I2z4i3TKjrcLQ-9=NGU@*4
z{{H~t$feqrM58W7aX<T=^<Ry*Yz8v_#&14s{u3n;KI2QdB5;lcFE2EM;TOQ|N<jB}
z<-(cOJIKGx(SAE~Uqq?w18wONdS5AR-MK|_cnuuDefjS-TsvJFTAdb`mZ?6(o3IG|
zV?c{cxSrhqSkphvJNtibkw0`(|8o=n)n5LqbfkK%|6AOn&jlp3{%`gqPyW%*{kxuI
zD7PHC9FoFzo8-7q5|K@=2C;#mK%?~m-x@DemwOYON+{gjiw%fC^DXzQl>9{y&7rp3
z&VjPav+dSAl<luvo}S^784Y&H#-Yh=*FdVf$)~B2_@D2sa&vPBqeg*XT&Vcjau?+Q
z@L?^{A-{7lbkqfAqo&E59o>TgdZ%o%3JZ?}3M=p$p<3;W>9Dmk(lgz>HJ~?r*Tqs_
zYG_9)`_Qy$yO(i4ID(=vx1Fq=MB5@uSok?36FE)&GS?p5uV2CS8c27i2-$vnm{Y6;
z%AV4D)t99C9Q@g({F}!#%$ujkVq||E=oA2u%QEnL+t^+8{rPHS_JoM=7z9scs#IWX
zYPpt6dapwbgJ^X1-QOu#<mV?@EeXs7Z4BI!d!JK?#+T7z?YN#>Z=+8C2<r*Nx7mHB
zgN^dgR@$t^{T1c9_V>5sr{uA(`#r|%uq*QF;zRgZ%)6a*b*aW`YvxiMedeCk&Yic$
zIPDX2HDLEk35QhtZltg{Cc?SnOF~P_oL*u3ThU9R{Q&10FAr^R&)$MOP}a74>w-lC
zL<zjkz8s!q2238M2b(?|H|?&rE@vD!a3d+6p(EwYYXV6-m_OT(?!!fv_6aqA>JOXJ
z+`;!El(T?QeYs@H`h|OTs~l*zjAbN@L1xG-AI!_5xkF1()v%5DJOR@UI|RMTK@woo
zFZq)nC*!e{w=!-4Hq+x=wv1m<i}p_4o*~a8hl$Q^0VLJWLLtYcwHp|}3(JJdc(wTL
zK)b$!R#Ql~v{hRl+KVNB@kw5u?gwZXXt8&|DSSBDI@d_3^XOwwA9;N6)5&X7rY|Vu
z;~xZJ8=pEgq4XRB-vq_?UkQ}B-!_<PoZUe*u`Km_%1}vCa+fUjKOijGp6;?k1?BXj
z(|0DK&Qw{CYdn2~pi0UXY%e>9zM@LpqOY<8JKySKS>WFCma3zgHY;)ZUeKy=%0dQM
zyszYm@WxAtgrW5>!VMc+na?kg-wye4J9_s%-pmE((!gwXqZMbVf_<5zM%)H~(IM+A
zHIm88Lzg)uFum0`yYk_w67hk@@9cg7qBzVDgoy+<mRh|kb_yz!tLVR5_;;++8a&wM
zv?_li{5I=?ohPb68q%}ZBBI%xf5WDV&ZDJ^#J@}Dg3EO!b5(otgueEfWFt`myL3x(
zXfK8E`Ms&JFp!ZN_2LjRXOn1lcbIfE{{t!fBYU~LTlA#vSiPJAZ=LMW2sf<6RmtT;
zUkCDVzx{L9@!SlDXjR_uN}sPUYD#LN;N*7IjBhd8Pr75DE}TT}saMT6g8X}1c9x+%
z66Tj-OPB^Ly$?E`ya_4F`|B5Xw3h+J;(+y(4!0obV*dkquW=e3*QHAXVZ2mV1pAbQ
zALEhTSQLkG*Z4KxVi5DXecr~Wa&Xs{&}T}WnS-hJGbqKEvTfx(NjhE+lWZ~iceeb|
zl|#|FFJEXiefD+Wp{zb9)>y5YG4P^WQXYyBP*aImXhglf-8DA$!I$;cyJxakFp&Lz
zG6pc82HjuaH`RV$JcO|Oa@#c;>6w81ltl@b8memS!Siq=bK@N*ow>gU-&P=Iq+TYI
z;hhv+#O3wgG}Q_9zg(RhkLn5AjWo71UbnR)F(hmIp303BxkZdWp@64$|9d{`tMQFj
zROURHL3c;|7~lB@X%=-22QgWP(S^||c#F%4*{sEtJd4=kg@`VI{gD3hSCxjs!yr^r
zc52KQ=>;j7Gm%U}x2M@};mJd&i|q9!p3tm|JqCa?eK{otzjzFpS=xDC^Yr5r{^u7c
zv#pmh=8ntU2R;h#xuwr1N=6!()A=XyJI~Q!@}sL_Zi4Cji7_Eoh3jV7rh;Zgx7l|1
zgVK4;M*sY*%eJGFE?%n3UAS%%6Jp|`|I#G3M}BmKz$`*V-o0hCF<rM>l`oS<RfpL9
zrt;Owo7)Y$6{~}eI#E{Kp6J(Lb<|4wThU#=wYIPV9=tkpoqj8tDzjq4jPr^5ne~v-
zTrOwbG&S7SO!>URj$XeZ(5#64#l7>igU?BFroJ=L>HLwuODtNMP6F?p@S?IKW3G$z
zC@g2>QO!MxuCeZ;Fi^y$QmhZ4^{UGBd_VFoMe8+B=iP>HE<S6Nc%+@q@cIVrV0Z?t
zyIvf#;vBoL?Q?2FS~qdoI-C3InnAZAV$}zz(vJI6_$4Rim=;T)hj#&uPq(+{=aVXg
zN57qkydvNO@CL6s!?!y+P-n6cKf#Se?HE^piyMNhu)Q729jUzySa#B!q_OY@*Y}Y2
zkUp1Tkzefy%`H<OS)D%X0p-t$1jyO0LE07^=T617Vw9x#dPY`<x_}X)?|K6U1p4$p
zwvKEMBZ6P+CysxsuO9s%$@rs=@V4QO(S6v3MT1n4Y>e`29SQs!P*||o%yG_U7cl|9
zK3)=h43d)oR;{+BTTJ!rpICaRh5&^sps#12NvaL-Njz=5BhIgQ56?;OGRgFLsI`?7
z(y|j@GAx76vaOukCb03A_AQ+>i#81{VMcN3rV&9gqKKj@t73#?dc4v=YUjpB<F&`t
zKPF2WuXN<GxE<_l3x{vk$fH(V*4Lh);jDK<S-(Y0o{FN?hD<8gtcE3xhL%XEqgxpB
zAS5qAiR1-Y6*Uesoc?(_e90#ts0Cs;6$c(?d+ss8?MUgF*^~67S>wx*oCyYO($5_m
zhmt~e!4FO8f$-w>5age?4f;W%Jok&|j(^@-2E|m$fr@)sf8Nj^^^Ksv>j?Z+(WLah
zO!^NQOEpvsAV#=4^`X+!#zL<bKa{pJk3tuLJvMLa2q7!$(t|_HBX9KQyaG9M&AZdz
zJbx1{-h>YHM3@wpwx{>{`B3&aX>=jlj-g!XlzeOjRhEn`3zWVOy*-m22N_PP9n7w!
zgWLj@j#|x*+$Gr#x10Q}wX>d&^k3a;_O2eBigHc;Nd^1hb5H9G44HH?)nYvUCfJ;K
zco`>~jLRy5$kKpjnR<o3FJ2PqGHpw3ur<l!Gwp0xN$|O)_vG0*m=Z5ESBsc&7DIGl
z7X96b>h)6Zjk0ne9mGteqOlEh!?$L)+`0X;;jYR=+w)ye_%jwzN*hp=Y6np_5R?&V
z)KN;n5OQw73e>o+*A~0jo}co5PCi@y=0atVIF(ba4{&pegij7ul?5OUd;zt>Wat#o
zYOf~oMDT0&zcz<8*ghyn@cku#7I`T5F06t0wDczC@geoyaL7@n-OJV2e~>@ZEB)E7
zR6c;#1*Lo`6Wj}We%sF72s&xNcI0v-%)G4yx6K*dZ+Bpc=NZW9dfJLxKjD`ume&)D
z99M`8HkRIo*#dRY%L^k*?94zxDyW_>18DX~$}d1H$1gxjkLh?&`n`r0f5vUTXM3)Q
zL}L|8*$%u<1*N>rmxh)-2JBW@&m^43a`}hZGbk&UXYM`1_B#eN7QwC-GVw7?WJ!ho
zdO)ZVC8gGr2NT9^#0=l&upJu|SlW>To<s$-aDjaVB3kO@Y7+;|C}_Z+CCt7G;z9lz
z#L<wZ@V+IvWH#J*OnqxuzfD8N$e5V@gH@+<f<H|pc^*WEU{XfJZ<`9hWK!jNrM{3!
za=iMbey6l&E6ub-^cO&Sa301yrHR2yq~B=5XO@<{UP#ROP<w{kiSY!HcRGn5J#0C#
zdZaM7Xw>iGg%^SfV`0mGx2@N*U51MgU<N~kk$nIU7b`238ne-6b>NPEp=a!kR`<=0
z{g0I)<_Et3q#If&GjpJeewDKdQfSJB+A&TeO$B+A(ZUF(UbMs?3AxEQtIIhbPj79^
zA8Eo^8vo!XwN|pY0Dqcp8Z=!Tz5n;mWO3m?-;-@x0IE|PA1h}q9Eqdpv+qS;3WYIZ
zz`}$??zG{~5lw|Ed5og>IIE2cRtPE}leo_f!basmO+0H1kX^lEjs7musljBUfIr{M
z&oMpEZ%@IvBurqu?fe#&@$3XQ+s@!s5;9j^ue+NREs$#{|MUHmLG$(>#@`EdTv(^t
zjx$9($cT<8Ult5|B)<QwbrLm|#>7OuqWX0&IFY{>u^Iv}x_4;20Udu8Ra!qv>SP;U
z3Poa+xe@`WVd|z^VJ#xAJF6skdR5Zn){;36AGsWPB|Ix-YxI*S$8^skFftNS6VG-;
zo9$>oY#pNVWa&k7WoTTq;GBnJ!!5*XsK`ss_M#G_9M8(VV(-%CagQ}7TU)fp{c;Hw
zQKXM1RwwBZh-Fk_FF*s&o#=(3ONYn`kC+~FpA~^KTQTkRID6}RE@M$*-(6e7q!(Hl
zhrkll$O5r)(c*oCMHAYiy*@`~IG(D@$wtMgA!2hO2eAD{mXK!ltyr`6q8@(E&5%-N
zQmKyu23>JHIkZnEd=(uMi7Bhta(bxUSH;RaNm)xQ*(zL7AGcA<#kS;Y6yAu%>7!PA
z0NX9H4C_YvK5kGRIeui67$T1ugzQHj+4Kxk?;;cI0y!F6+~7Xk!Z)QtpqwuB0ix&-
z`9F*jLuXhiv#a^Oq7yaQ&<w@R-Vh}-R7zKkx9c?mLvOi#(vS~i0?R9!b(-XUm|Z~5
z+b&pdL$R7)BPU*)ZCaQd9&vlL`v$u(RVn*A-I>!&UmA4uZA*Kz%rRkP^tVyvcsFf2
z{k5JJVGP&Pmdwm*kB49i<m<%o>E-#N8ni$ngX|5QQR0>t_uu*3@1hdn#LtkQ?ut*f
zFcF^CMVs7X<Mn*_B|1O1UC&hu-zhy>GgS_r+!r}PZw0fbu-}&KmS$ezWdMXxaj3Es
zKMZbZPQ&`p*U*cL)o^;gB-5bhWp;2@RaW<+BuE}<+5VkKM@`ZviE*Uq&$XeDZQ%J+
z3C+uop7C~nuK!6w|M6#;(&ykz-VfV~j`B<P%`>f24O&{P;lt(6TovN0-^>pGtff8w
zhEDs`k&+mj?aZaw93zzG?ZErk@JwAF%b6XEoS=U1{-C?CLI><4ge`zEUt)D8IBYjP
zi{9U&Jc)t(!B6;I#6rdwLAmqCw%@JeWAAV@Andk`hV<lER)-wPM+O;|HAZfCEv8Qn
zUS|@<w?mM9#Uy|7;y>KdAe|4m0hU<Vp>nUbm)#W^(X@0q599NoIuzk<>Qd!Lw9mHM
z&$rG36PggGJ^mR1!jSD{i)&wcY(X6K>cntoM1>RfwK`jgjT>x%a4Pm#FA~LSpiFhG
zG%UG^s=h*t$19*ozqGSNte{2OX245jNyFN({n1*nTd1Gh04{nvyo|xZh=##S7xWs<
z#+Ft@9s#kw!2lq>b|mMk()lWh>EUHY>YaD1&CE9Q*ZQ_?rcWRas*GorD9XUu%M9Gs
zm}fqpl76TV2HiJ+A^JNI6zbAR?!ug{$+0}MA`v?tK@(NSPL$VT<kw8=Tseteirf;Z
zk!<5>By5p_DSMGJAYf{-=emua0~S`ev^vR6QyQbVM~B(d=vaw_9h4*-5$Sg<+{0w{
z78m~&QmN-VzpA{r{e+*YqJqbw)j^kkrX>E2jM+TFP5~Sr(S!z2;9>;6Hql#n-TG{~
zuDMjiDwi`FwqV?<BoP^VLKYEO_a8Ivq83$-b&+5&NhE(f;kB3M#d(-*uzD3N@~Zq1
zyOd!i^u@hVbT)*+$E-3*+*S9ciMe3$cy>yZiMeZ~(3o6Gyji+cWrCb1S>%Ii^tDB<
zhFBzpkWhM*ii?BGHC!)l<cRCExhUP!e)rt;x<XUbj>uX3uWAP$D@VsUp5A!@q}->C
z=Z_@SNPkLp^O{h>AftFx1Lu%Y1L5x&2m-GkYX9n1AwGv3xb3Zi=!L_iH4^TioY29L
z(=PnZnRW1+m$#T~uQ-%Wz1X6Q{q@lI$?s8;q{-$?zjD!%w6ySg0vq`X#1BIjP-{+P
z3f2>@4R+``2H;7_;wKI=%)Ibp8-!OyLy-8&O)?I;TEk6y&keOpY+sO_d{A3vo;=~-
z%9wuT?%xb-a%eG<#W%svyGKeumcYp2KAf1lYV&XpXtt&6Sp<@O&48#7qpT<+mfp#@
zlVOVhxjgi#cx|Yv!^g@m$9R+>lbSp?w#Tj#6<B=-u(wBrV1GOlIxBBnr@5F<=fV7=
z^=)jS`ZtL52_182<!H*}w4m>BY8!Iwq!3!_p&?=KOMEQUJkNN$ng#DW=T_|4Hbi=q
zSGJXQn+T9>&{XOk|LLM6U_fQCaL$*3)B6LuI639oE-(xVVJi+W6K?dOOhCj55n*=t
zyyea6)wx9q`Q%=rML!tRQ4Q_?UV-_u3?mb9L-ON*0sbl;cS_|W-Tr#r`IueU)pBw!
z)pjjtjTM!gHr~eyZYYHLIk$JnnBK0HlvD08G9~clov@t}v)=X1pZqkATc0_^<*LGf
zz*)BR@CFfqlG;L%(T7JJaaP$U3AZ(K<dR2rpYKD#Z=^qLb2BS;9uagzHB`SbjaX~3
zrTa8K&|Ugv#osVEF7d)qDO%m3FcTmx<7zKD1l4?p&#ug5GCJ3sk!&qB*vGp=#YuK9
zEPTQ)<h7Go_7%hoXD#h<e16)zt;6n}X6HA4QLS!Dn8Q^OAgjl^D>Wem4e{dln=W|%
z3&1tdp303%qTqQYDlAJ45!8Cb0Jk3+4#5(43s$k2%mNiM=yZuG3yyBwm_?VT#<07w
z8bG6n1#ufo#jltoVpmaVbS!8OqU96K!{!<|j65GD3JT}>L9gP);I<*k+(0p&)=@r!
zuc2d%vQQYR_63B$hS1ooy<;*~p?qhmFf_Tji)^LQ4VvA*k@;~O7bIxlxi@;#Ia-D&
zBM0C?S}Uk``7!8CoMo$w_(m3Y{-jtv@e~TmlSz~4YovuJ(cvCPrOBNT$jkc<m{LSl
z?vz$}6>ed6<@J&TY+66-RM(cabmhjACRaPftJ#fXp;U4jtkZ9G&qSsh{l`t*2;v=i
zyBcoN&|8SN_*(rHIs9kXMt;*H(wV>R9rJjd9R?2BZc?vu%c(%F#}j}_kfxJ@gpS6O
zg6-OUgBH58>8dZY-F1hYi_CeQsf=B%iEomX5o*&53tCi<_WL%I8#R-G`D2UfEEskB
zu8sDMQWX7T_OFkkO7z9f^&ftfl>_&qsdciQ#9j0&qg@il<V*#*Su)gSxMneB*OcE?
z##3h_jVd9<wvY>YD`YvMto@rZhy2^{ZhzyvwzzfGde1;Ct!pS(RfFyF;AKPoi;y0{
zGg!O&<43D%Ka?-i;8$|R5?+mVL7kZ#q!uit(CTxqB949X`(Ikt?$G>%{sJI=h`kl|
ztVR3W=V@*rbz*_otfdb^1HKhssMb>$Ye=ln0f%<HDFIZrqg}syAaXk0t;VhjwAeBV
z7m>-Zw@|=UfZ9SR&M4V-Gu+%c{Pf`!uQg2frLYUO@3E<t(PRSL^2hH&`V0LZftO|>
zUEQ?=t=`W+2o(ATt<V>^R}>P(On@vVTJy5R>0((`3~KtxOp^n<W|XRZqW-X@w==9Q
z+YXG6en%{kGp+WV^dL{#KTv=}%s+*BeRIAgqksu$RJQ}JKgs@fd|KY__P(VrhR<>)
z6F3iDleZS}tZ_eil#@wgXu4)NgRqF`VLhZ?mItOtpSkSVCi%Zv_=g-hV0Ui9EpKuJ
za|4DkL4_yAn>?gEN6rQ)xGJ7`O%oe=OTgC0|IK^Q*4;m~s5EQKMYunBU#BU|7O+VY
zh8Gt0MP^hf*6bz{hG+YZtMCB5d_f)^c89H>QK!}4%N}<;<o63u<da_8nH;j++wp#Y
zbka@d>iPq`I`mKZ^9{=gvt-*p)-qj__`I^EwsLr?n*#1Wcu})K_7_p;BRf(Pji5ip
ze_^@qQ`IX{pP<JXx9*8T7)VbxBZ;o$@WCliP!`cE?C5TI+O<`Th2ZWe>r{4cjWB40
zS%k;uxr)>W)@E%R5;&h+#km?RBmG2J0~UF(rtA2LcW7-s0TV2O6rB{~{1gamj_2wd
zf3ocT(*->+Ek0Mv7rlLt^|;LgZr*hu8tS+e@d0ygk<b=~)%A-sDyqq~_VaLJxR!om
z>bR)E%o&YDCVx8KGaD*$j*K(L*N>I}Hv<R}PF)Vm#kn_}AZ#EKs<hPD!X@R11t-k4
zJl+{^?gwkn)IjlBlhYm^@*U<x9u3cv<MHd81|}z?9j3vLH+VA66x;4OAyhaQa0!om
zFcAm`+*DG6e-x`6mDFO(Q5`@H$ZP;-O=t07;PcpNOCp?wH6S+)ujI&9H&$B#Bg-5X
zDSdBEu1`ixVp?8<$nmI=;+<K>_Er$7(jwk4I2TfTEg$trAPe7M&YCl>x%r4524EZH
z2ar(!)Kw_{jF8fByT~%0d;<LfSegFSYr)_S1ZQ#i`3*!n<HL-z78psD-Otu2=!GRk
z;!*R4WO%)ABY?Y%<t55eb!L45A~kR~Z!C~^WC_|Y=P~Tr|14c-gR-A{^+XJBsZPi#
z$uRvu*6hd<^PO>VV1N1O>$;r*KAe*h)t^i#XI&$<sSz*nY-*~vSj1*<2*cI1W4+V@
z@jMQgi7evWb*H4~u_SY9@=qqtixv)&)W-#~C1?}*DL<ihWmWsB7G?>qWu&XeQjIT5
z(B)m<d0QursTF)*L?sq9aH9;(gFBIl(|5%PPf}#byeqxAmTkqQH3Z>|7)KK@QpKyu
zW6+jX)V@XDO$2kEeu`V=N!h*Q$%89SFaH~9?;X~}*R=}=snVo{-lPeH-VsoGlU@Rb
zfOHZ<3!#XBB1rGOBfW>3PzC87q<4^xC`GZLSbitA=Xsy^d%tt8>zqGkvS()RJ+m`2
zd(B$wUiT`2DU89Md)<6=NIy*PY{3sNfm=`^T59T|1mGy^7j91NWp_rL2n84O+Mh4z
z)>Nshgkr6L)f5?ZR>JHiM3Jr|WU5H31~j)kIDyop1ZhGb`H;yxz3N$CjWL`#y(Fzv
zm_(bZ-BmYv5<-ubSgdibb+VGK<h9SQrYBTT9l%nAuGk9IVz{`-f#E3)Ax#ZUVf;UZ
zJsBB@ge0mGWP}6A{G5U3Z~y!t3-e9;nZd!bc#Lx%BjjjRYz9wuo6$(aNd@ZGkJrAU
zaf&bamp%)BUioOl^K*6Uz3SUOoS_FUD){@32KmQ8H@)|H0f6dyC*&i(tkE;B;|mXh
z?&}G9UY-(dG1jy)6Y8^#x~G;odIqbywUW9=_)yntNKKEu=nDzCcXEc;8=aY=`iYv-
ztDiNdW6^~E)8?p|*?a|Ok#5i0#iqrwcRq{4u@5N&=0$S8wL1i$I;5oV+99u52kc#2
zPg-q|4mfcOL`q#7HTVZ0*qL5&oM77=`noTUp}yc)Qy{snClNz(%io`{vIBKBHO@vo
zC7N66I@%ouTi4?1W}a!l+oaP&6C@ED%&8;>6W>(Q^=HU@y9yZV?OLgVET)-s@1Ni8
z_co-c8`2~uN+IUfdFNe|ZH0sMY^bOU6JNnAAA3R<QG9$-XTy@G0=zx}n3KYhlz9|^
zF7>HfB-GRs_|kbdxYu9Rv|B|N4twCUUm9b|2xUzP=qO8&ci}7&T1HUltx<ewkg0W%
zWrh~gz3CY?aq5sdT-iy(wL;i#btYl`O8-v$sY8L_t5G3^YJMZs@#ziJE@e`Cu}i~;
zuvM!}v7-=4k(B9vY7|Er_~u?Yz`_Hcu;Z`SExA-?JAp5Rn8uJ3&qDIs&7)2oA59a*
zOSS@D$=#jKa0rs|(~_^1hWR37u2?J+BNGoR>WlAT_BL}@S%N#{kZB8Z7YC5sEi^k7
zc4Q6|-mTeS*QL*^DA5ZdRgm+{RdOUO)?(tTszd|uo*O<UJk+8K1FbGS9#OvTh9gmt
z0uc2Ok>$K$nO<VN;}9TnM9iMy;!LTuFC^32IMsLWTlvA{EKkboGZi2DJVFYY_;DPq
zfjce%P$=T1U^2Fgs!6VC2;zDX$=uob0Zo`tG;>9Hv9VC5PDDPpVZQLl$U_;TQ+Acb
z;+9-}wl9^R{aA`N@;bVtgXgK-V$>Rr7-EhQCPY+E`As+HLqjjIhG6@<yRVr>b6mqP
z_z@HGF_T?&g~N@r;{^#d;jmScEI{Zb7iYx1;n?mVT~I`{s6+he^*q_OkUL1i;x+-N
zZ}&S72WngiuI8H>e#boDN(N><$u8A94Oht5T%7%wpK&VN))KKY7ixnTnKRAFWq>I<
zQOc28u=027mkislZLodX?<yMnUKEmfTkHlXe*}*;FZNYe&g-u_GH3E+=T4{wDFTN3
z4K{T(<?&20){@rk#rc@t{iB<m*k<Pzu3U-T6{xk53Xt&$w94n?PPC;5iHEoHgfilR
zJf#so4DS{C_`{o5A}m6!l*t(RRj9T!YgqTQdaGjgCFUzv8L24u(+3hYpWDG5L)od3
zxaUGy1YWYCl4a{xI44~~*IrloK5Ga+Um1FkBLBF2kFB;3Q^yV4ze`C}$UNt|!$$Lg
zVg2fOg}gFTEJ{kc=mfP2il>X8{iwQixZy@oXQE-Kt{^S5MM~MFyc!ZJC{CR2O_5MU
z4t9$#woo1AO3S8X>cRWyw`$BeCrxCnCe(D8fa6tN7bFj$1el~RQ~AzZ;q0}%3nC#@
zKQ9xMmA2H;Y?@QQZXc_idUHC@h%kkYdi(%L2#kJ2UJ1|v^EW_Ri;Z>DR4uVWV2N5M
zaFs?-?DZJ8C}y;-*kTpH63>m^JP9`w7Dq*e5!yM{athT76^{MeC5^qd9c~VZeA`Dc
z^Pkz6G+)l&K5hMGZdJd)(E%*~QS=YM_xVosFH~Wey1I(Vu3_-}e&6ZNx=a|4D1}EK
zLUk@?p>f>7MTswC`vh+?s8qfuNsJMI&JfE<PWZ5mqn0#IJ0U&DaXNMuia9v>T+K3y
z13JDvq+v;~D=~2Kjp`Bd`|_l|7RQoG9M@0mJZjtpN#QSdXkqQk4yPoeg7lLI$;gzz
zdF+vOf>N>ZUY~_0)lKx?E}51BN)mu){P|Vw$uSu1%l5LqLNf*;_AOuFuvO22*9OZS
zya^UP5Dr|+K<o%dY2X$1cyoq=X1`>UWos#6Cn%J?nDQ3jn&bDm{hT!yJDrpVwL_vG
zFaK5(f9Z-OQK6PN^c~0LGu>wFCV4|_R+H7#VPi_9S?I7MQ?7x{PBX`AhkpPT(I`<&
zF!(jec6=Wtd7_tmH7o1R)-lnHbu8G5!J1muDgJy2y=3LM;oclHH10s!nWDq0KlNVo
zxIUO*IwLZ&Rbbgw-phE@lY7f8$nZc`V22u#aXw>lQ(GdMyfitAurO{Ql6I<Tb@w1f
z<^b7~L+W7KN!Wlg<nMQ_oRn(Wn0_aCs5qJzr=kS)g0S(=XH2L_1IGl_S`LP3H&g-@
zZuaN9I>+hs-zd|YUzg1vEBTNipN)SWBjq-PmR_@tOyix(7kc4f`HofJS&JHakoRPX
zdR@is1&KVWRc1@W|JaJSxmLW#zOq$2z8ewdx5JVkOd%y*&$Xy86n(dkn^!Za$ClWl
zBf!W<g}}^SA*!e~RNKKVNco`knoJg|DhX%qkoci!{eI_e0n1$yNo)f5<O{=hmcO;a
zvPucrdyzUUPNR6jh{s-4_gM&yTwg>yWIqw=jG5var)?IWpaUfA>NA)D81mybR;};&
zx_D}~VP`eTa)vblh!8~XAw_ZQbD<eEma_ET<kl(VGJRe5o2s0nj$Dwm^O{ggyKpR`
zRmiwQNE*kRmg7n}m=m7y#QgidUHa5+Q{44B>1BhSa$0pucJ}pzGB#s1>#PeSw^$vQ
z2*!z&XX0U3cAJ3>C~X2($`@rs#;&~avp2=IY^KR_$MBY0{-skog$gz`g-Q(8<dj3?
zKr~S`>XnutGVOtGJEL%ge*om)NvTR}C9X_T300zTW+Nfa#i%AQHDUS_6|6DBJPCI~
zGC|P)?u{M((Qf2{vt-1QNW=nl3&(`a1;h9o&2tL5c#Zzs%lq_u|G%wEL{U*8#U0V-
zYuz%;a&!10Qqsbge*CAtN;hY|Db!?b2LLGoD`BNAo!E}JQ5-*>gFac7E8cpYRTV^E
zc8*}u-Fp$#(N@#V()20Is>hkm0SbWE>lOwqkQu`tlKenbPLmu3cgG_lCab@zti<rw
z1%WT4xZ}=0r5yJtQgpH^<PSzb?ls22kcEJN&j&25yPqPFKE{OFTU`!(M39kBtO<OD
zx9SEw=!)YYFH@nX4jK|-&!xqI6PoLS^~I!Mp^o^|1XXJ~Tj{QI!IMs9IYQt6oVxD(
zc@vEhn+Mvv+->npy*teFZQtY5dZAO?=}lDH?g$m@>XQArWozo7?FyQirY8qweluKr
zemuC7u<0C#Yt9n6C`PoDhgJj_1y0e6AK0bOv|)SfK?ze%EZAVBld(@-lL{)%q<k;o
z6abP0V1+8CZlN~QBkhGJov@_o<K_K84K)pon_9;+Jo9oMsJxf^(gzYMM`ol;BKy$S
z5V+8*XCza$65B@n*QOg~ipuoZdE$rV#&%fL)HbfBoXonk#?Vt%Fd`9I2m72f@I&Sg
zUT4=A?0_|FGd<gl{Rnedy-!qjzoP-gm9%l_wP5!%VNpH<rtzk1THdu%+*RDPoxdVO
zXGVl|1OOEA8k`J+S3DjSXNzp`1>P?T244HMS@5-K{U3magms7Br+2ECg6MfWlv>z5
zwWwF<;_eu5rZ|ofQ&@=|d~z3#`K9}0-ZoF+voX<<Zr{S?BPzz+f0G0p*5g1@QFsmP
zXb=tZ;NlyV^C#hQn43|G9~TCM0`s|hU{pkLTSjvB5N5c+d1pm0Wl8x9d`CWp3GZjL
zjb(K`CwmsFlOiX35rdMegkA)XM`|_5#ae~*s9W8c`9U8<*)#71cWJCP`?foK<fsSV
zGh0F|RL$S@i-QlgI>)t5e7~*dfpVT!PkF~802dYEnNK#EmB{(hFD%%Kncl%>=?$lN
zx5+uoPE3mroX6Cqh&qhz3>Mqq(+4olxiPPK6Fv~)`7i{OEBXv?k9^-O{`he`%Bu#-
zGZa}%dcs8sg|G>ig~DS$H_NzCN$kv05K;n*V+<ovV_)P>ub)Tr>kRl>C$4<u^)n`<
zkiBy(F?l^T%Bc{|uTK^a4KUQX_tV_O2r_Sk6t3Xx#dxm!O$)sQl&cLbUY2<7DJtKZ
zKk%zI^8YZtRCH}46CAm#Zj2MKp$#~TQ+1q>xg*-h-8>0HW*g?!ge7wXllG1E{ad*q
zi7Mpk;~Z<g`oq%PJnIqpqc`b9A2rfUfp*k_A-IX5N<%Q+vU-rz-e{^Y*T|`}pLJMi
zYJe!F>RdRh=c-~2!&;S($#|0?P%=Q8*3CU`W1-|JUs0vvEQ?9+$l=leou(4R;oH*4
z^uq~T***(9{&vGVHU1m(FK?5yEbiI}fAy(N_;Oh>c}G8_#}Q6RFr9ZgVX$c)`#*d(
zblvoGY!ODo>1ux%SXj$i%Nne}qGI(*Mj5DwwEN%a(oCOf)L%_V022Y0Vw?(r^8NxD
z?8j)4B42r;c>zkhlZ?fA+aRYfD!_KcbU^1zbC-VrKJH}*wY<YlA*dcJGwiCbtbJ+B
zC#D3WCCZSbLjYjTy6u8~qVw_FCbyNl*GtGccnU72Lu<u08>jnYnV5u7s|YZDb{F?L
zL`C>Gxp8m8!RrSc;EcBZY&{wC#sh5~>twgLDz8tA>ERAs-Z~gQbQ+2hjJPLXbl$CO
z#p5WAsZ$oOd{-kA;XqC6Ji)4rdMm=xvv>Ez4};ukEmZbXxVnjzT`bnpJOT(Y<sm|b
zg{cf;_%@V}2FUOGgqIDF!w6;GR~h}+ESLl}`Tmy`{*lo>7BXLo=0^G(CjoQhB*jN%
z7vJ(ecE8M%H+r+`Gkw#!Ev_!PC?Y$NY|3kIOp~)F$=YiDre@#U3sp5oRy2>9xy4Ps
zH03LR#TXxmw!4})zRC|MT}uXiM!;7|2_%W=K+Y^??WOg*fb#rUlBnum-#KK&=}xxi
z#T|bC03LH}kXp;W-T#3pkOn^A(z;O1)c+>`2z?_yK(;G+Ipdd-aL4o?z{s^Dj?0YM
zUozcz5_G)_u~!L?3sJk%IQhfK%#1lMNS<QeB*I__6ERJrX29(ZbFG7}4<g7a(vpT|
zF$8(~M0noyd83Cu$(TG`s#{ds35|3_mJ|(ez43KMV$A(<2UG~|1BXB%vk&W=N=>_>
zDLfyY-P*zzbltAiZzyDJv3&qAEJtkiJ;zhi+Ddz8dEa3j1jhE{$!r1TeL(UYIb~Q>
z-j+ZV5<cF1O-excL*N}aLE{znX=OQYj4ZoT#;jK5ijFF;I~n9MRV94@+v%Uwd`5O1
zv?D2Y^QKD`;L46N@MXl{3l0ja46pU$IAH`UH{E1fiX<4jTKc^c5ly4W7XMzK8D(ZK
z{yyOb9m9sd>-tK$?Fj638!7Dw5^^WllXabe=3eG)bsBtxZfc`Z>UJAhc3<)&LZ@ds
zX_(l&xP;XjQ{#O^pVBG$xH7r{vqZI+vlaR?6BqLwT}Y;^oI8%Dsm%Mtm<>E2_B=)+
zOzrXO%+H|-OX?VG_MD~;Dm%4IO;6x4go0>h@`sbP2w+4^id;M<n2-RyAj~^9vVK32
zFHV><25_3BASO6>&s?WN>6xM1{#1%{a4V}er);Vh>8_PJ3mQCb#`0595CW#D&}KC)
z;*ba65}nBN#F<@l^C}$w*mrj6KP-@t^rk)v63gPvSUPj&kS2Oqlmz{_c}{WcRkP}!
zHt?S&m<HS&CB!+_$91Kd?0Fi__EKG|@!1Y2f-`?Zgr>`R?^c`JN2`Y4)uYD<sHO?7
z5$4fn)tVKX3#*Q6OP}()n$gOdpsHY>#Gk{S(ID1!V@KK(6L;uaON2yEO~S!GIlKCN
z397OK5VPE3nWf(B4sQ1#wut{wSsKeaT#$Ojnw=#EIPuK39xMCPm;<7<tTC1zV&>v1
z#3qMo-jvX$B%qPmZ3nlv&1cKpxudx*hG)@X%+3Q&8v{>oKtBcWJ_}L){BFB(M>kZE
z0tOtHs$&<wM}*RVCq9`Q#AF!h9%K_*F7A`}kh-numbjr;Xt@A;acvmdd$+LfYMV|O
zY<K&8wS^uM(4U+N#nyNW@~}t-lS)0l)W^hM(NfwAt`31`@-NF14T6M<9GqY`gyspK
zg@&cXB2gaD#b}o7zCw%Ce*h}B)~m_JAZ@hFd0{<YswcO%{JGPB)D<x}PsZ_P(|5s*
zJ!jObmttndZK)A#o91?{RPs22={h72fC9;476lq~V3i;qIs~jnG?N#~g>E-z#Nckv
zzx6^c&UDo2^6B)hexXR{p$)*}sWFr|+Ecf^Vf_%T*LJ3rzLpAV74~lRI?zL}%V$2S
z3A(R{<5f6%=l-8ZQeVGhC!XsFvU2j<8#@_?;wq<t{3#tTTZbQiIDJaLV%;v$>Am!G
z*VsmX_AT_gtzd<U!4?Y-y@Yk_&s}6zZ79%3&qVyAja#=<s{mY#y{pWErE`xc@4eC4
zHMaUe@W|(WT8HQM_;<J>V!Z3k`tPYpM`_*YnfOX<o*+Kt(Dv3V0ny#Tm$!IvkMABa
z&WWunK(UXR&05t?FK)M)#RXu+^?*ndD%^TmP6raA-$k^^Q4!-ZF6^{EHEoIMU7A$1
z#96+|rR5(k2qb)<pE14Yiju#_XJG-#RrSsjyvk^2j_t0oLx~bGsqGDuQa5)~K{RyP
z?8ofivZ^@dQIS-kS{4c|2%~&EuWH)yX=WS{F4G9A^uJOGz*(w4)wS-f(R#~;axNd4
zTrlI!7D9&6%W~#t+a`sP?u1woqI?KvcTDu+hi%5>CI-y@duDw}1<pD~`<9ELr?{vy
zI9<_DNQx$7oJ?U`8bnRe6w`f!7(*i{V<tS!kD(+S%qwx-P<=5!y2;K%Yy69MkN%nV
zWxu;je34unT9Wjn%m{INTLFhv!h$`tx2eY?<4vn6UZ+EFYQ=*xaJp{cW(^RsAQ<La
z2FBvl4RcrBUT=!(bmIfP5uR#u80j({i_n5=x(XKTim9H&=`VoVg<tudiGY<Xmbi3L
z=DJw2oMrqxW&E^@X&jEV_9~-3emFwc%zeFSNxBcs8NW+MUX|`d<sj&ESDkUJG1)Cj
zdZdYv9$c<T8oEWYX4+IKqbqzru97KSrx3VL=J>z0)6P&+A=0-8Cpp3Cm36)PZ*+tQ
z8b)#EN@YAwQviRN(dHc<nHMSI78pD0(DHPpJ?ha4T&x?!yD@E?O;8ZDv5bhBS#@@f
z=zs$70Z7gT>@d})GA7k1(EbT#v25MK&L)vN;3hOi-j{6l28vreYF$Enk^)JH#V<wj
zt|i^Q>7#i=(%B6=CJ>8g!fqCO<O|jBLNg+_@ZrX3q|6b??S@M0$vR15CUG_Eu<3i&
zUA-FkzAo}7ampw~Gqahtn7F_~I(io8MaEdRG<B#KW73X}yT5&{puuy0mxyh2<-?#8
zj(wJ?osx(3$+%cD#k}4XeN8~pK>;|2^HuRdt9g2pd_tU#>JA%I%^l^h#3vvb3z59>
zye72Q2%{@MgmUwXiqjto#$O*Gy6u@~<T)03YAjg^Z>x{$+~26x@gN!zIe2V+4Emy-
z`y!B+E>o<X!QNwc!0Y;!YB_9aAEFR7nJxkDXOl7^hsX(K+mY98DMaAyXdsX^_SV51
ze~&FCHK{~t4#jeTfqL5v=F6ltyM?pEc#igs>qPlu)8N={5k^_ef}1F>*qSa+pjB1~
z<%A+varJEI=Frr_Y49`ssAquVP6~w>pC_Mxf2TAAfWg-UK^2~#slQK`{l`oo;PbLS
z^K$n7Qc9rB$nl-u?>y^NkVSlI#1}>f;Tl310*WNndBl!OF~xHM6|kap2&(rIc{K;%
z7q4QOw-CASSuavB$|B_F{hZGhb`UbHLSD{>qrGqGaNueQuAP#l?ofSu?~pm~yW|*3
zfUDb~VoQ6tpI2~w%V;TyO1ruV>$^}+O&4Q3nBi2vAbB^p@wnc;w!<myiTunCD-@<(
z<qLwi6NM3C9t4*fP$nqW!Ai7mkV||{e{$Ddm5pYI0ecLmbdpGddDY38bRw-<bs7Ma
zRPs=EL7gHv(o@F1j*B$xPLq49GdY(~?-ntY3Q=*S$JNvPTj9^BRcHHK>D!Fn*T6!v
zX5B&x?FNe~N|6-OaHW|pryT22^$vQclt}JL>x{w}fWd?x2o}l$vOGR<Xi1!iGNK*d
zFy-RpCrEBN(3?Vdv1qf#_*$;5jr+XkaSH(0AA|<+^X>M&VL2lBwI-~vZ~jPqNpXJT
z&oAh4>_bKN#_lAwUu%dT=(aIO;Y+T+zqa<ZLQ>lt*P_9Z40Cd;#u>~gEAIR0w4{pJ
zf__U^YCrvd>Z5tFC6-I#`!C{BR-cO>xf`29+FDu?ZYU*-*U^=PDJuj%Hml~A)~z)c
zOcR_msR8Pikv5xE51Le|)-DJ(npGRsfUcV90`2UaXu|K3*<#7O!ayVqx<J7u(m5Q|
z2dHD7gO=p8O%vR#GB5Ya?)!-Wnv>HzQboTmOD;xmlO)%o8hGdBELa6=4#4QGQ0<(<
zp(VM+QVcDYw7OM4x}ro<nX+<|MT->Qx=XlvA(zP=5H-f3A5m!JL25AW{yO{BljD}n
zs)8s}!olbCzp~ZY<FeHWD+sq%yA;zltvx7za9vE?bMR-{w>(Q+1~{_+Xr@PQ_3meb
z8^7Al{jUF~F+TmbpAAUk7g9xT_|#>G0T}tkI9%Iy(4VY4&0eVAaBBIe_d(UxzI>cy
z03DExLA(bDG!^w{dN9`fYWd$!r72&Rzh6q7-WKOyz4YrFiCS~y;J$;JCU|Q`|Mf3K
z0Ev_a+ho6RVbB>R$^kfrgJ`eANW0QMTtE<_yie9fIeGg20m!#a6Z^x;mNXh=4Mt*W
zHJrH=yr3EomS_%6L{*~T%#uXoi=+`UD}lr(@K`NSfU8U`?2T28+lD)wRu3{im&=zK
z<Yh$xTb_AtKMFVj%(YcEn*`<`U~8Sd&UMfbW-ArL_d=rqLK(<ODwNF^0!Nwjp7!$W
zw|o26jMh?eR3r*2dJH#(4Rj;unV`!4>a2t;S^lrh(DOWg;J2$B{F96#efgpaoii#Z
zybwB;$}~n>u^w9>iSJcCcizVzY*Vz%Nbxe-;jOL(o5z#9WNMa{j))r5GzC#@Z_cOu
zeIa(uc%eA|4xuanc!z9wQnEPfL;hSm2LFri`|w+%d;7-y0lsP42bqnhLWDgsPZ*Yj
zWkQ(43S(lW1$YYGq(lf$MCDarOzi<?&DQjv0`P>RzdYr<QYVa%oFPnuuIZ~HBBc%h
zehD~t{*Zk53DL76ADr>@mrNz7j-NN_*q%b@5Rg*Ui}-F4?Jo@D?O4s$xyj1Eo)b}6
zee3+1ZfkO0P!YYJZPo5ywzk`Qh|aATKG*5ZtuzgjHL5&s^>*^u!yV}Pzupg)qxB`7
z1NrlT=j=^R-fdx9eLnv%D5Ve%kC&sGCQbdLFKYb9JZ<BC2HtD>r7fDDod)tGb_h>!
zwq&Soq>pNuR1f?zGo@RDXLk<d9iHG1g<4+a!*Kx<3YWv`#s(i=edyNe^tDR<p;F=v
z;=!fWx(au9rC9gfP8S+k=~JI<D+}?@R5(A{0-Jl?9MAIv2F%b8rWoV&m9Q}JE1gRz
zvp*O<7cW^h<m|}BfsM0rr9A0I@Ixx)me|Hu;4L&(t63hU43wz#^Bu8)h2p3CHr;g_
zBo!c$k*_%X(7BJlFRkR{r0$ECbQ_upizmBCx42-)9UJ8yr!iIyWT6O|OwJ^BeurNC
zM1%l4MMo4S^L=dYM7TgDNDql<4uyyzzgmB6cHgoiY{ZtjaRQ!sB9dN4Lw1I;yxXz~
zu)b>eLH!$3GN4=ETE>=$6tP<wR79L|5}jT(@xaYrb4hq*6NVyCU8ppDN+J&BULQ<&
z`_U?mvcvmr&FL#p9S>vEQ9ZEG$L<9`E;kWs-9wVH9@|Cfy(Iqw3(BYVR=5nGa6HVI
z;!G47(%pk~iDZ?vADl!)5M%d&^Kh_Um750IFt9Z8dAD486td*PSv|63PqUvQD<Lah
z?=X358i}{O4Q&G%!*haohvXQ^rd;eG`Pe}ZA-8@xdwR#$`*bQA&#9N&<L|p=LsyqX
zS8>4up9S2pomRQYZbQ$sRYYpM-~=&pakoan91gHodR%<iQq$sTfz4j~IRgyFfrZ?b
zu@@FFIL}wXeo00eH}`^Vca2@wxS|a58Ao8!IgjRAsA$dJ;bzrKYTpB>Oz7Ww<pBZ@
zI^`ZDwXfFSe)nEsEWZwyKZrx}S#>NHL8N<d%UL=OhT5CpCyU32w=$!Je9^bwC1q$Y
z>L7E&X`?38pa)A7U%ad(G!GTucg>vmKmGhAf8Ss!;2%I@_NKYEE7e<%^83P0xdlu4
z*b)3{g^%VXpA+>1S|sFp#w+tdY@%8Mh$qgn30h|5+UqX)r>%%*{{V(3&IJ8BUwjLi
zI<FR8_|PK#B6!}e)=%qZoAbWsbR$u{gFqe=f&Io5T*Rv+XL{Dr{niUTzMt*iq(av_
zB$oEZ{PuBKJF45fLzNu#JL6h5Z4VE9R64KvJoF_xeZ3CkTlF)xe_b}wY|cDsR=m(<
zQlndD5^l91h^aQ`H~*hEO|G;MYLYGk`RI8Yy`x{;MVjwDP^T5RAIqg-80FfESSU6}
z-0V$O%eHMRBQ4*#0koKC%qt_UeFv7SZt>0@!|07GntPDtW(*JnNbKtMEO{cm->2IT
zoy8n+QYUe~FPoUX$}IyeJYZxu8`Ga#e!hD4AGf3?$F~!_wg%N*63;Xq1<AwvJiO;N
zIBhXuJ4zy!YoOAtq0c3midm-75Xm$0^6I?=x)%x?Hh=Dg*`Ip@J@W0ksSvg0hEASU
z0F6Th7)Kl@-gi7kxYr-~Q|3uHV_WvjPrdMZB0l7<6ZY_FZ%a;H7-Bac?H>52D_9@?
zxaAUHam(7pFlxdvJ>F4@>3vxCu&gp(yrwxeqsHm}bvJM6W<wSyH=eldI^a<LpoHeG
z;+f5Ve==V9)!<8gsoxwX*+#8eilbs#9ZIwWkc|AhOCJtju!`JIOr%4pA12|qJ;6w}
zZD|Vb#SaB+zW(!6RQ!EPO3vc>rR!ylBf19Tk#Y>=6bfMv23v5j5|&LHF7d7jl#Pa0
zK%4@l7IkPgH?qLL{?qTr>R%lkuD;39U$gg-rBL)%*Y~63!38AyfT}WNnGPQemZs?N
zB%}(%rX?2hI_E8Z%5(vtXJ7sXk>LP-`D;##8%Z-Hb?e4-V0?%;fUq)x>ik>$)S3MJ
zK&6QA$Ey{5tM8i|j2yS6KT4rp!M09&M!I}?hM))f0k$xFVR(8Ow2|5}>$3*pAAtI#
zq*T_^1iCvb=zg{P?qi^E*)6ah74BfXc$}I*X!VAc5Rp!}x2a^LIt_$FGZa|}LRAik
zk9;d{hr;lR02eKlRTE-4=JBs^&Sk2E2!>Wr){-oeCEf3yf>ib{k61@GJdD{p(;|~5
z(l}AXj&^+&TwLJcmVT(>sKrP}L02ZA(x^pIYc%#H*W`;B&zuuNMOWCd{gDgJ(0Z5P
ztr8h!3f3K#mRO6|R80mzvUTOrlt^(YMvv7{KNWHpDK~`9P@&OI%h-%AKp^TAc(?Tg
zNkM&EAptB)u7AfckgDVYgEt_@R>Hr3B}_VSps?YMf(4bHdx@(WJlq=dnf@#~G00PT
zl3K)xLY!OREx&VzkH1Jvp>*6eB?h^i3r#!(Q3-2Gl=bKE!SY<Zs_}?*Wfi-(Ll=#E
z4lK<vwvwj82H!|GOd0l@bw{~<84Vz&lkS8MQ@~U6%zXzPHx6BPq>T2f0REo}F)^KW
zJU+;*5Qn`aO|?PqJVZmxF@#N{5p$L0+r*R|g`6|Iu*|=(B?e<L8MqriAryq3AXF(T
zcV+em{!GRwc<}O>1l$Hm4nwkSo6kbm4k8V?tz)6nB&Spz@Zgs>ggu)NDa~64nBDvF
z-!t~-%xT4G_(kGDoc1kKci5y8V1(z=D+YcI`z3h}=l~?CX))Ys@Ed^jxM+ZZG$O9>
zW+b(K=i-ky4YiJ124vovf-q)ESNBbeAgGwVJ9vue#12*MiDE1e$cP74ot^Wq)xSEm
zyWfUa2ri|D9G7V-nAOi7vjc*zuUIZG>$@&C9KhgvgRt)`ddWrgPpDSucU(#ELK2IL
z#KnlP6%6}s?GY0_G-M4WR*N@exo`;hXJ;vLPw!sm)ZPd$-4QeD)NSy+8WUb231wBm
zy(c|kk6(p%)jfs7jyOCf60#Omb$pRGPT2Ov_2{Xo&FHTQj`i+q_~1z6uH5dR`(tEs
z1wHCXJPjAg{p|e@0Ak2|ZirZ6i~bFc!REjR`|ZNfJeao36nXdv{cpQC<mnIPN7^{%
zvf?7<u;Pv_>j+IsXp{7^voCCx;u_yV0LoWqRc%Y$nfGy@s*J<tGBDm`ClDdP+v)*V
zfx*gx4vCI0&9kz~0+HHTIde@gOl&$IR!EdQ2zZp?EK-E@Fgh;IePBu0Re+WrIEnr=
zB-2K-<Xp9qWoE=*mm+d?vF_Dsw+wOe0Mdhg@41M@{0<Cr^G7jn1!37U#d*LEvgD{$
z1gP@LSk2`I%|`uB%Y%Oa>$W9^;)0Gil$^Rc;o-+%%2^!Ma8PRda#S>|jO=a}{Y3%0
zip^tlABvQdy%aGrus&byOJI!Rw?|~F16)3)BP&JMXU5c^DB^59FF9rl(ExX+w}bil
zYa+Sar6?Gb2PU64yR(!~#WXeeDv;&opaO33Iq+{kKSV{HaAT}C)}U=s9v*T7Vz>-B
z71uXR*3JEcgb@V>1m|jW#hM-0wa8O4IyA8_s+eN^>a~_v76ovNAWC5hdK&O@O<YFn
z4#oIRfXE2*;vT|gJ(0q$uZ~4`{+j@dTfA2>S-f|`3$Lz*BL#g#ew*CB>xP4iWd&}j
znK+Y2wI8k(su50ixz(YT9mkgN^qP_mWncM8gI5=(J6aH&sK<P1@2YJHvpZ_&XDZ30
zthmx4(#6JZ(I)XYe?FI4353tQ1CY)?Cpcx!>FT7Lrj;&H<;`bSrLHVo+44J9n;{Me
z$FpEvpe?Cx<mt;WHRonFTL*U9gR9i-%4{2Iu1E>#rkM+Ym`Jg|g0U;eE68i0Qrl&^
zf^WxCUg$fBvQ;t^aPNu}0hk3K3-g0RomZF3w`&#`(LNMN9&oob%9wApZCK4|D%Hio
zZ)bS5Jy9g?ykTec)T;-r)eoNO)^R@wlIXt6d#wb@ykeC+gRScqmJwC?^H&N?oEhN$
z%CptgM~=sKXH@UVb2VJ;w@kW@!5nY9FvCg{XF00JFMOHT`y;q1IK6GJ1wRlOnrbw_
zEf%<xVTY)x*6rB)pFJaXwD;qSLUpAF;_4knDf{ZC%yK;YGadx5dDsU$G+HGN(e{ER
z%K7s`WJE6h+=i-Ox1rA?Zl!hwao<1_+P&2nNgQ_?h#xgfx}f?p9Gwf+LUOxrXm&75
z#l<I0EIRvf5(8g-{qrQr=O2prD{g(Zp)Sajkd0v<WoBN_6Ce?ZkN?UTU*z<he60!G
zEx+f0pLIB_tk&j@%o0S>@&5bzbAMfb@7uvzS>yF=y$C_T5{6o{YgUY6ux!o34sz`F
zh7Pv?Z<yS0s~3UX4LJAD{UNCE)ALF9c8ELsgs4sG^E|^(fh&TN&i08aRZ~|thGbkp
znT7gI&)_rTv8c5yvG1&C_^eoaeCj{Uag*Y)prX9w?5{m3SPxJ0SiPdfcaLTi8-kG)
zF~Ym@B#v_CL-nbwFp99&GeJnAvBv~^^iI&<4HEIXI82^X>Sn1d11lDO>aOCrvPMOu
zOSA;gu9Qpi4{vpeNE;K-HEoA(N*i!jrN|BT)`<{v0*Q}LzLJqMr$T1t_(JOnMMUw*
z{{if)1WXSdc)e27;o0Z0_uHWl9b2fshTw;|&X}q++g{Qc2M$Qszt7%(GC;x4kv)&!
zuFF6CEYEfJl<~b<52dd*!R>x^dfui`)pfEv);VY?#R|_LbSG~cC${~LAAO39T}-|0
z*TP-$wkA$yR`HrBH0z`BMr)O-7+GhYD>eXsABtE_E7jpc+pz$c{<R<hV*=+*V&{n-
zR4Cg9F)(7aXIc|-@IIO+H6AHwrowWv6X;E?%$8@Agz~JP#UA@%;iCt$q2*cjg7Rh~
zp^V2TyY~Z`QL;`tQanbV=|*s{u26H;lf)BBPFv;T?)Ie+mP|8?zuNN~QxS!ky@z`v
z-+wwQXhHsjFL5r6Yqx*;FdYBOZi0V#FgV&JZvXUP5R7f~{>y)%b*h*6(|^&6i#IXE
zIY&5tx<-<}CN+M|Xt!#+j_@aZ_}kSneD2FhpvI`6rh$7Se)%wdi<d;2f4N)zy8=_j
ze}%``!*2NOz#I`Ia5$xh>#p^-^KUP#PQKTh@_xEd@uaqt^@X9_zL<KMe5BNquARDy
z_Zlh)%|#;SID?O_vrNTtEiO1{mx|o>hw2wyIkShnbNyS_G577@ghT0lh2hhX+ynbK
zjbz#!&`vK*ApqylYg)7DrweJ(l-}A=0mOXgAKA6Vi>JW1y%OuF48T+7m;EIma4Vzc
zj}pP`yb|vrAInQ_Ra(1_vi7p52=S24Ul=_wvyt8CSgOvQy?tuv_r|8$6DJMZiJLTb
zgV)dxs=By;>|J<ZUzdMK{F)TV^FP+DYl|DF&6-n%N1s&}oaW*}Bi<LBEOwb~CgUi(
z16v^<O&@4|A5r4yEXRd|{Qp)MHA&PuJ?g-Pjr^+j?6A|f-dwiy(fYspGAo(++Tqa|
zB=D<Vz5MA0VnP3i<Ko8Os$sK%-8P*;Ag(@@Pr2JRh`$57>yeKp#$=V3X*|$+6f9_b
z6rOw8>(X@lKG>?kKf?%ooVZE*bIX{}X6Q!)M27gL#SlrYPu17unrf0q7RVoo)aF!^
z9<Pdh5;!ABljs9!qv~wSyT7wO_o~A6klJ8&O!<bepzmbcN<+}twDEQ=y#jf@-L`o*
z=kvDagmtYO&N1-&sErJlZCOy1)XJ<EMU`3ZJL#D&-*^mLg+O#%o1gO)=+=__uBcye
zEYf`r_#`_j=MH+=@y#{TVY}2?MNsVR!JBD%ZbK9Q0HjQ07>wgtwZv{}(Z^Wa2#2Ox
z%=657ipW`~Pix~yG9(j(rVQx5nq5sfJsCn+bQ0h$#h~|w<$VhfcmX@EZ{sn3HD_p+
zep1S=IDtSXOZwwv0h$hA44L(<`TB*-sl`paiT!%gZ8=olA<<r88UJe9xGyL&+7c~p
zbxh-%yA3Xk8>X_8=IT^<GqN0Hitcx{enbzyr!~X_Pb^952#a8)M1{%w*E9v0`(4P$
z2@iP7Xp%h^@d&dPiwaXYq|d3j>F>{T&ogkA>i~AMYp8~9cG7btXL#RMq$X;8`x8{&
zLf_ur9xklD2)e?>U(A(o;J3Cm>UEhhu%s9ws12(l;nCQ~oW=Os;9CVaao0H}HO7xP
zykF&wGG&!GAYAKv_39oKn}Lo)dVKWph$XX*l1!$PuX0JQ9{AAURXs{PNMB*&iH**4
z>NhP&Lx2Bk^u)TKPjHYfR4n`D-l%CNx7Xwtnj_YOMce`HO3<VU8EfC5cd?~o%=AtU
z^P}6h-ne~LvVW%dz1KJMs#}cCGWei~0Q`Gd`=V~P5@AzE_LTc9x5PVB;u0q7lV>$2
z*wrBH{d^YfJ;t9+yYp&V1F}yZX#R&M96NL7A!_+GdWXuHx3Q@-4@Yf5R!zhgi})$G
z==lVsT>08CIJ^=MK&OYI^js*E70-k7_&T@?p2^$ks^b;d(_gsmcVR&0EMu`szfL*=
zIqq?*=aneTXON8c^>p>VLIL4+zdge0isWe@(=rTNM6!BE64R_>##Q-=)^*9gRkovp
zC!Ee|9;Z*CT*orys92bAe4WpYg(h=BO$Xyi)X*>9-zjiOOXRZ^8`OsZhsY2=TV-Lw
z<u+**p-iOGka&7&M&_<Ep1l8w%AAJoNvp=&QKphLCNvB9fH(Bnf~C(=c9ZzPbD6u$
zcMoL6@OsYYaT!`lMLM}u1Vm~*IQPd@ufp)V=_mq=qi(&F^H5%)ppbiV!c_C2@Q7>w
zQ|H0Jp<HLo`RpS7)=ZL*pLhBkQ6Vknu^E&4&xjFqb(%W&ul;=Khg3rcoc@FsIw(&F
zn_@f;G4@w$5<o3}edx8j`t44+A+2Nb`jvAv$OB&h80!?c@zGw`W=wP9EtETq&m|*=
zowEjCHq|=Tt_*&Xq`j<WGm|EdB}${Hc+6C`tVLVoc)jtNbRCQ@@<#4B#uEqDd8;hF
zX2G<+*w*W2@0Q96kg!PlXh4WSyrX~WHGSw3QB)ckXO%UZFn%yc>5JINU@NflAiFOa
z!fRJWIo>R>uxgNZ$dJX7)&2rGj7xlma!9x?E_McfGyoQMOn{-zorLhp>nS;%ag3uH
ze(4KdMcm%y-?{aJ$+ieE0C8@j*^u3+UMs%xGOjAA<NrGq>GrpfAGkTY%Kf)@E*hPW
zqhZs1l}BWnCN=N=Rk^bILD@v_ixz;RPe9FhEA0;0SIu|X@z`84WqQ?pu!j{{PAYp8
zp~cQqHi@J}RT89M$&&9Rp00&JVx8%U8O#>TJdQCj22v|p3aEputUhOCed<%*gL<+s
zg6or0mg_i3_Ie3}nW?nSqy}%<Vm;3Z165;V8{6ZaFx{AxhvBmtky@mneDlQkvz_+#
z?A2ap3M7)!&4;li*7R1bm5DQ@gnpQnX~+-lB6o@Om+Gv+TxUj^Mr|=i3ka<o8R?#L
zkv=2$;@|9Vf}UMXt(}1`1#)@H*X!@Y%P)b*`%mK@(kx)nFz8BDoLh9QqL!0%l|rU9
znNauVR+DcTbEl}q?yo|*warTFqIb{SMOU}K4Sg})T)l_w{}O**pC8ovIkv|0=qXoF
z+n>V6K!eN+@xAk}1r?v>b}mJ`FwYT@?^*T@1K|&st{upZb^D(0?uekDmj^}vt8jAj
z-uiIz>4T?hhOw`@Kh1ux<CySFS2`*C3ca26Qt->tcw$sX%a82y8~-X`jvk@dwc1}l
za=#^7{B`Zlr?yAp-DVdpnI~R99D-^N?}^;vdcAh(GV=6qp<u4;`$PcyVbyoc=kD15
zX)u4s@UOxA9!uc=`%v@=7qC5in_xYbuvk_$wT<F06@Nz}YVlU9|1u)d-Iwi^t<S9V
z#CE4xp}TmG$b*er;Tigih`|euTbcT7!GZO$o-?_^J2kUhT<1!vzd$mf91H7@N(Rhc
z{}J2z2M3<dwM5qi!Cy+A75|dhwbmONE-t+D<#FNRr+dr5V+GUVZIyRsC@ZV3MsNU`
zM!yQv^_tHvlJS%?5u}zs_%SI+mg`APb%^~}`*2DJt51!TQxvLU4a!_k%-D(mtdEfg
zpNq$2Gg_F+V5^^`jEt1l>s}A(zG*xOWd5|X1W-ApWBQqakq*^M_b#gp7UWR|@w0WM
ziwX$=@DpC)!ULRKO>f&0UyTX@un>Z<zg+)zgM~g(_#I8pUVMwu{v3EkWml_V?%{qH
zNb<Fn6FdhFmKGg#TAFRQ$2?Hu(K?aM6a18sK_Bo{4nbZw^&XPRwwG%D?jiTlp~9>{
z{&$xL8o?Z&>;D1V`}D(;_*>qCN2lMOdhMu<9lQ^Zn+6xQbowQjzYPlzE6F3X%AZI&
zKvImsHgXr8I@%DM+(gPfBqjMqt~W(4#d}?T$h-tUN_~&`q566*o#VxqTPFon{H)Uo
z+bRf`idEuRzs6@4E=j2-hu$<$oqN|}K50#H4TE}7HmvWA0Mf&$%pj(hi?@=&FTXqL
z!_l|Lzm&cF%52hMop&$wq!wkZFs{uF@(UKk{)%ya@eg3gF`sWQMQ7JL=Ui0fS2*-r
z1pNG?$Q;^xQt$%qijq3%PMZXlsH;QQ=<Ab{8@dib5JBA)xT0_lH%m0Ih`^nIIc$oG
zNzsF1SinDL$w#Nct1w51B)KhzGHKw{NXP!DfI}!GRryjTeauy2cjgowyhMmFxp}=f
z#7?g*;Y@?DL`t=^s}MhJcf8$oEsA~m;F*&zzP=aFsd>@t3RzgrWwOzoTnOfz)$amK
zlrharkjs+vK|^A@!J8Ea{9*6UlJ41mU+L$+NHAkW^=W3)gPYmINYXGmd6bbarJ->+
zlR<vr>_bM0UR?W&!0HQ=QYiqx%BuwZC}AxSkAqD=xXrxA$z*n9ZR}#H7`E8z0k99u
zj%f)==Z^y7fP8<56L@hke(6h;C`;%pA&Et@l}D~~!{p-Nj1EeU_Ocaq<H{rOsneWB
zx9`S;xA035m!I2?TZXSUCOTkwZ#ok+I`=1jZRTD5Zq=TtPn++L9BB<||FxO=_;!uI
z#8EM-?o^)sEK~B=rq_*+9tYM^2EH4^TpQ=J^cj6ac_c6b0jb|$k45@FsE<Y2j<Vl@
zB(ol%(=}Qi@z(3eF+!b6R;<-;4a)V=7ovXvKP_=|z|yvk<~BaP_f}M^dBy0eB0swk
zS&?{iIHPlpcEJue!fJ*UTes;1_H(6ub%tQe+0mt^&tYv3N4`22fWqci?jS6W`~Lwn
zSC~QNc0Pv^Nr^cJ7WADT5|g80aK__$qz>zYSDlZ~+iuCE@XFz*_m)2{A!oZ+1h#$x
z1tkW^d_N%4b(WB8g5FmY%4ZyrvyesVUVPKMNa<N#w%i#?nnjuIPx(JqXM1AiR@N1~
z{%&mR)%6m~OQZGyvrEDA-*COXm*3P%j{K)0F1H&-4kD#XSvAMDI>tx8-FfTNaf)8e
z_U5D>T0YN6@k_l&dQ{?(zcdFvY8f*SJ4D}1cAQGbv7MLAd_Q?R+|r!Ass6X1ad^uT
z`Ze&8&=>H-KLv~W)alEm`wtCeWziqd--0${FIxNASEpP8X#W-%^1s-jPENix?;B<?
z+}eCOe#>m{!!7J4NAl#GV9+BD+2X(b|CbZ}?ca1i{6%Z)`HOUUrE6&a$UW49m%1;9
zCtp1e3=%)7J@8My{kIVC@^9~dPiJ7L_Qrbq3+ra<Z0o!C4@5U#k_RH>^Y;w@7Hs_g
z_WpNVroTs{^=B~khMzMv=IaQt>EljWp~r=6VII>RcgBLG-|DT3REj?JS&7h+<g{b=
z{)iZ__egJ@(>&@}b<aODh+j>0@^z2(sNH6Hq7KdfmoBV!*_rs^eoVf~wb!S&XLbah
ztxsOO+W#8v@oG0kF-1zLJRJ^Xw8#7v6~ivDui1ik83`U^mH@;-HOqbt-)|1-sK0oe
zkY3uRhyhomyGq52Y4y?1MEG>bYuvO{$k#f%&xPXZV$1Q5$$FC~MXQ;qlur$@GpBvX
zGYhrK(4zX(zS8CiAR_8yZcURjeGs}UB$U-Nq}<cP&&({KOaD3AGz0*!B?1WI+sskG
z1!}CaCr6I^%Tfj0LAf$?t7yo2zb~1~<CT(N7)-NYl|+HxNcYbi@Ea|j{f<8Rtm}3o
z^1hPHb0x`uXKB{bQ%id(3gk0wjVo)h`lOp_8w_hQlOlCAlkaHVXMDf{af;8!K79@N
z*0^t&zPt7Um$cw%%jSbGN?iFZ7fYi@z_WvoHke03iqL}G+4t$Vm^z^9YX+Mo0iH)f
zwgz)p*V{V?Ba)Lq4YqGxC7m(xFKM9I!qnS&?>I$^a8YaQ4heE?wym8@XK1Gs*>_NG
zm>-g#LOwsaz50Q)!eT&|Rt?8E$KKKnwYjGU892Ls%nqWNY?X%Jklbwpi%SUHz5Ylj
zz&y|}y0o*+je4A4)GiQuuO&o&*}dY9>+?0w;GlwJu=In1Ny{I&h(Mlv_NT3PzRw<i
z6EBP>y;?i49&}3MEIi&ydLP*ND+a<dk~hP$+$T}g%L|CCDg);J+{+LN_Q=0eeuQ2a
zvgwj*5o!^Rv7&w=rLGaN+BF3e0Z`4DnrhUuh0;o13cDl5TD^D^VP9<l{zjDp23zfs
zpy)cv0p>FcQvY)4Q@0gMxM}hfko=LxJjXsiUpS5qLa|Mb6)1butSDWV<^=08%Ikc<
z&8l%taB?W$GQW>v(g>dE&dii3ZDw9KLkQ0^6>(c&f<rq4--u?%p_tY3jszi$lD0Cb
z272Z?QcEMJH>jk)G&{krW7o@%-S|lJI1#vv3`3aH3o7lE9VE9H0o6@Qvt*+y{ipVh
z&u*A0l$ffeIlou&_lv2T9Swv!Rsy8^sf_@`lu)|!RT-Vq986%&VpAuxl})+~TP5$V
zhB7XZ1V%oRZ(dRrz^54#6Vqld8*aiTqdib}jrA@eUPZ3SHIYl9-trd3vi*8tVgKBF
zQf+e_&q60MsnlnWco51=(L8Q)=59_=;Ck4&-f|qM%h)4L)7FL!YL(NbfT!!x>oF;l
z64})|{}2huuM-ij2quj7u#bx9C>u&cXz0{U#y%9fztBS^xTQ^i|IC};r8Ouq<#Ab)
zbV(VMOlKn=X_POcHNlf%%y}iWgf`aTRt#AX3}#4;aTi39k`@-wXipK6xa$CDG;n`(
z6>nIMosYbZ!+SaU585KA>eG*4rTGW9Cn|>}kyj$p%M?b0JN#s9fUMS;;w3r&f8CyT
z97U)b36Javm6)6`FUBpU+e8~xvfWA>vF^`SjaS|kDdtZT-&<Z%rb?)gRoG3!NgX8@
z8f&?hA|nY$DBpO--|{QT=zoQAPyKaK_5G{VmBP~==n!P+M=_}<KCne+8VfI2VRb~T
zlBw9Cyp;BZ4|5ql-rY4d@-RX@MY!!idD6?~tAKTEvw~<XDe=Zy4_7H8AKgZkc79m_
zYN`cX$`*CKMQ;0NnTzj2Y_tg?5~5dkl`(!*j;n_O9u`sS+ML8}@l|J4b;7#^w^&{i
zst}exp>icLZZ&MBj=0t2Gf;<`yi*_#tr1pwS7F4?4~UdwW~Q3c;wbW@FLMFqjXcet
zEJ7(u1C80}N1oj-(~Kl)>Y~ndC!Q^DojW->$bbzS*x#vnmXpJ|xNF+nVw>X6xU4S-
z@vFue7^OUIlo$f&E;F72zv+jnLRJrI{I)6|&NY5ad>cSz`F*q`Q2B%Pp5c0qEasZV
zrpCQb`H8iU!f<r|$H5NY*wyK8d&4%Tab3_}@Wr3t&-f=>e6MhL!?AUK<3xc2HvteQ
z6DIy`Z2gkvsJ0F142Nv-AH*pvSNyF)+?S#D<GA1&7sYd5_;(#8>V3lv$RiU&^#Jg5
ztXr2G?#RQ1rjJec6{BRnFI0Tw`Jk14`%g{CkKae4zk<gXN4L&7*Dk<M=Tm3c&HmOz
z{5f*t#7flaM%YN0=bz3^|I{?E|8wN&pOgKcFGKWbHH|rp{j*vQqjz3kR*h?UZn;{8
z_;K`<SHJ`c1p77p|5}m$(SS@VuYb25zEsqZ&CUKT)FugJ=}$wQBL}%*2L(or!I$z6
zx9=A0upnFv#m8CQYZ4X$DHrZ}TQZ2hxRyM@<a*J*67D*ES&(7kRXzT}T7D;ji%??g
zkX$0dA(0bSoT8+=ur3bjR7_doF*Qz<!sX-u!9FV8gg#TqdYMzyZbRW6)0wRTeZ}n1
zbl{L@xkS{~welD_b-36apjf?u#>h0ZkZ6KsFhk{~^C^Y`f<&)BT}!TwG3LKt8Au|$
zmN|u%DTPdBi@0Tyk1ct<ccw#yp_1mtL&>75hil*|jZIp<)QIdsVmUU-7R8u53L~Pn
z4D_cjXk&BOo`Yg3ZY6~}{<IGL`T`&{1UIFeFNHBt;50Bl+d9G3Cruheuqg{OQuJNu
zjDD4`fHd-v`{w1)ebY}HXSFWjcTX-JHuuoBZd|?q*u-6So*>67I-p0lNF_{VbR*@L
z8AvmkbIyQd4sV0@6J4mlMvGnBQ`fE+hn1FdP_eJ@J_Yu{vK)i0W+(u(iC#ebhr&-V
z3UP0*9+?+77(kT1=Ag*UUQ~6z#23!3bG{w6AEUy}+H=qv(QB&Niqhf@Fnif@rsSXq
zLg;&24Yki`ZzqMQt)=ZqO3fiz=)QNKE#AM<=vVhuuOqO`MXM=e<PKe_TnZ~0_~NI3
zi!WO$C7bQ~gr@QConP{;;PN2nq)udUHd#NOn%YSNI59-R#t-C5tDDdl41BEn<O;ur
z$|@;olMN#)cS=gK>P1UDKyIepDjpnW#@f(Eg}*V&C^j33%iLy<;S6yqb!Spsm$C4k
z(sUn_b=y+`3+w4AC)~L5I)fo;8nUia^-h?n+Ptv)Rx&Iwhn0VE+JXbyYTw=)S-DQ>
zp4U0|m;$if5-$xa>?sUYQb}~I_whj3!yjE2fr)rb=|QkJ(^)O;<#P>qSxJDLSFVZX
zq4!~Xj9XroZpPB>kfDh95CW?I#ok***Rd>HqDyQsTg(<Sv&9S+GlQiiX135`W@cuK
znVFfH87!7XPxe0h+;h9{9eujT8}H+d{!*<{MpR}+X3UJNjG5}|p&<<QF_3dl{!Z`o
z`sG;Q7WNrX68m}g{t(<<R)0rFe?|rAKl;Jn(?RurY*JVI`$Dx^I5ERQcg`gI>y`7$
ziUcz@z9GbtL_Ys{nT~6fmvROx^WqSu+Rx+)wD;9l*+Dd;dD?B$ZP004>}`)3#rP#e
zT0GzA<@_2Oka3q!m_2UF=tYG#FvSR&Mp8rmc|)Nk)XG^imf}(3ov+l_DHmYWPF9$N
z(<dsv>w%Q+y2$bQSt;K91*2?bEh=^98Qr+LIDT4_)Pvfo2$B%`^OM|AjD@+eCQHZn
z3E@9#^ldF<Aa)b+Zo$1mV8$0{f@1wsR0lLzbH}qj&9sRatpCE=bD%AX4mS_l&0dvX
zb_`9?FaQEMgZkqa8$za+vG6|02k^ey;udjkpq`irRaqW}M%V`!jU|rnmBU=?vXH*6
z^RYjuR?e}M(kgsh(HZFb&dsI~9kjGRW#3`oL4RsE<MotSD)^c}Q&6A2psiii(vNRx
z&XwHUth!=ZyTtuW+Vz-CfA{mTqdW6&ZSHsE-LL(;?C&_h_fH)<)&hrX4==JF?G1Ac
zJ-@UFQc&Ii)&!}~l-Gi~XFJzk{?7k=VC;V=;B14+b>6wf{l8MbU*~`KHmKiEN{ZdJ
zU!HLGNglIwX)}~9Ie+ba&|MrTcmv!MK45IU=T&LI)cSH+FZ0c&t@};2{QMQ6t9iV#
z^+I<d!_VDK2!Mh2!SFfzkBnF}q}Pg_7kuJExqpOI*6hrGutcg<t&*0&lGVkIEg;~#
zoiCzI{+|fTlC_s@{yf7uXgf^#f*YXv<4i7AAi@=kwD(H#a&kxl9#^zBk*U@SjXc`y
zBESOL827F&Cjy=j0|7H6*}I&Ajryg2!FOrYTl83d0Fh&=MdfR=FQiHQRyk<iJ=>hX
zgmsUK$al&6;e(X6IruS25I=q}02?iz`Et`#GI@e@1fmUT7Dp`$TXy+7+udUG)+wK<
zMLBoS0_!>usx1V8<3XX9ciP0$uD_OJuT*Q;*xhCq9yAr^NNuTlc#(eq!&__nKp}s^
z);$7kkILb1NO^Z9@A+Ucrc9z#$G&A075NVG`<B!i2IX~S^5jNM8Rsp>2#%3XYquUm
z>Sx#I)=W;1_w31zV_x=X4Q<1G@LyKeJi7OXcc$@BJ`l2Yx0v!T{h-jiG=FDeK8o!h
z)|euZfFgp&1c|fI)-V6D+B_>h&W)2iwIjE7jQo=|+FXZ@Wcc35yyzIiqG0@3<z-S~
z?J8tMps~g<Wq43aMC*!LG_1@DHyq^4`AU1%0gTi);|6K^26s|(?f70*C<JMxw)Ssh
z`_c>d@AYX<1&>O`A<X9d5^nH^WQ#OyJV65YSP3%hb3ERkCAs*yvbn}3cw}S|bIAj;
zHWWa1){>4$S^m!fqVNJS_K&sOvgn#KC<4SSz*RLGa1InVO&L>9UnEto?~HY6VkYCz
zqf-L%LvbnLq4-xppt`u>U~v4s(Mcc?+j*xS>x%WckGIWi`&Py&S<{$B)kHNWXPqf{
z#ED}SBPf{$r-${_JWikeEZGbiVy^S8yRS_U9Hq2mAUJVq-ZOhOqxVz7gsyStR<u@>
z(%AORi>LKyp%MbkU@~s}D@Mra6jpOjqo}@2E6;tXZ9qUUmy$9C0g`|Wx`+I=pXzU5
zc>kL8PnO8Pz8BCObp+Di=KU=D`=WG-SZace{<x;UQ0^btz?B~L&ly+~0jkzX{k*hi
z@P~}e_6Q(WGs{XatcqsJVLcgfjpQ0jfOQLPjUyRw33H?(G_il4S%e(HTM#@K##U>!
zcMtPM7DmcFTzIuAMo=9!G<4M!QcjHSHW@f6qNo&e$IbqEC{4;+RAstR6<xmixUgn~
z1TXWu)DAlQL~0!3)rHyw)}uqp-k8R>&)h3}<Fdw<1s1iHb6ZXGB4cM<Rii(V;NK63
zUX`JiUZbI^YiOM__Rt-+hPa_~1%ew+TT&0TSq93Zu~#%2msQqd6~Mo0I?YzN8_j20
zqKyMBMz@oR(XaygBi`N@D(6K;P|fM|4AroOWOOtYK0s!gW0&W6meA%S06iis4Orl9
z?9)V9Svn2;@<J1FmnXx(Fw69OajCR4*!IC)hn86j*%^Zy<#qvn8q@KWga-n%BC_-D
z1FH!VctmjBf~$EgX=TSKI->nJq9(SyG}OKa<)zpf&So+V?+F^}SQVMyS&f@2LJbV4
zJ3eTN3^zKJ<INQK=l@Kog`Cf+J;E(f`#Oimfx-d_IG(CScu(#qX2mS;ohMdzK(^22
zN}EQxGBgeEszp0Wu|(%aV;CuiI*9+y5;jZ7m3+tM9m!7bFTWr%7$aj&lBO9y&7#+(
z6#;%D%G0u-W%0KcfB@$!ZF~cW1r^W!!!M?ejc#~G=r*b(-dVQ)h?yFvu^5A=!x8Ok
z`{NBIlFPrEAOSFAecJ-fL!B>2D(LbuBVb{1aBbW2x5MoTB&g1#O5GpI8n#^eYO;44
zd2hxD(Fl#~nHuo?SOw2={Jbyxb?${1)-XiiJjlZ0Y@x=-k9SfNn=65CG+Y+b60kqw
z<Z5AH4%|;hkH5j@{3q5V@2ocSba-qkGX@w(+^fsvl=%KQ6}E2K0d605xodJzt85i_
z*JBsOb*SPkZEB}OgXp&2SpFubT-p=uhs~-pTGqi$?0r8C{Y1Er^S|JGElm@|cmknX
zsG0m?KEtV@*qRPBt7@5rG1&wt686?Gj2)h-VYhyQf?}u}pcZ$@c2;s$Xt0Vz?{QDg
zGpzys_)L||5rNQ^2M4gG<VZ27xFkD9H!?#n$A)KM;YQd_Z(I8UqjEN>z@7kauT5w}
zIMw1A|A&Ve#vCYJJ-AKjCl)UB=i|VE(^9E?RnGgafsmu>=Cy4Co@sAv6zU+TZ)ion
zvEegXQ)UCzG)#5fjSKl{jWG<1b@;bMSS0|2V)(uRS`GJ9<r{&C;9sdhJ5a27jkw`|
z_F_>Zr^}RC3Jnn|FA3PX5SZJmilGT8Fc$?#>x%IaF~R`Aj*r<9B;`dB3U=gE2@ABw
zOzlhfiB_6Se>3BtXn$oG2_*(;3ShNG&y9R^qAnKvPuB2N`e%UhSCo?e4}J&#zc1WB
zS$pi)MK|?(OAg1@m~GT)y3M-@NNV6xh=^|2ZHdfUGYAx#)!&xg_&SwZYfOmKKFB-b
zjH3Eu$hUSeFanp$+st_h(@R$7Yo=j6(X>Uc!T$(J!)g3gp8PN2jXwe$e`LWv{#73O
zFX4ti0<ynlA^t_<!vCOA^}iPb?|iSvw?FmxAEo|R_4r->y&k`X|D_(_oqhi&jaCHt
zr<Cr$|Em7AVgK*c<A2rY-^POBcEx-u4P@-<$qr)OrTSw!h=i*0Yks^_B$03aX>-Tu
zs)}1Wz#2^v76S=vFsU?3If4H4y-7l3p&)9VKc>dT2{nIeIT(FvJll+6`_YFxP_}@#
zIEgEITi9HP9Mqpb1v36@g4&ypeY~Kz+J*>2m$eVw9a^-mR{)lnSMTl~+GK5&>u%z%
zjfz96u?z|gvO?YD;I7<IZj$%$nW8!TAElGvx&Pcl{i}Og|51_l`~NVT1~Y%%{Hw%&
zlESP#Q(3Reh?1SNJW)S_=zyWib@jE$Ic85HgQWfMG(!7?{#73QFJaBg-vZ=+WcA)3
zrt#~2fC#udTIhGHSQ400YyC$xqZv_^5(#QGf0r=%>yP6D<L}|(_j|ZlC*vd!UfT^I
zx5fO7_&#WeBr0J_i@-PP9x*fIySrlQ{P7t>%o)u(cz_ZSVMHrFCN4Kp*n3^_Oy}f}
zJjZWUXcIVzG#9Sr#P3JAJHsWM#U>Xp1>R`Le)YDOOEW`1pR)el)P>ES_mL|L_j^pa
zMmI5WMy-8Rp5&}V$Rf8IznVb48cDw?rwp{U_Ua63S2scuLe<dPT#kt5NTFDqT%y2B
zuP}Ajmef1n?j8GT+_<Qf>H{`bs_}UATt8@6!%k)x0n--e7Ru7k^s+6rj7punA0y+&
zJ4_w)PT5qR>ZC$Z#gddhUHTzSocZg>h%&BkwK#&+yza9vwI9QXtaQuV@r7iC8y91~
z#R`VZT*~}@9V_z~5c$$xpM4A%UEvT35>8_eOq%PA%$5Suo>rP5_XG-R3xtbsfln%;
zJELi<*&h%U2-?HekP>pt(7F-qjkFm^jWmGtV2KIy?&ZnPvf?089bPF$Q#oZFv|9?4
zZ6mAVc23GM)|nP9=hvoe%|J@qD`$n}=5SXOVa8ih$=T(XW?KnLuVwElGTP?F5#=|6
z$vlUgC8MQ*sRZwVVNWXQ6`Gox$3gD1vUC@^v6h?W@|&&*1du|?{|g%#WL?v3_zhn$
zwfzasp%=;$W5M|`y!l^0R1W6ZCtpeN(p%2XR$zCTIqS+Imd(sV;?L*|QyA#LRojsa
z8g#1K1AmfQeKY)qxUHel{Xm=Rf5m0OAUAlHFX<;}W$Kl*A@mSG;<7@6Ja|@VN|ruZ
zk{;Mvu0DiW`yB(3u{GBYo;;y{?KA=?Y#lev78@FAL%a3yx}VhlamUeg(}smb>qTRJ
z+kC{m6lGpZY>GJ<fXlS0i?fqG`T_SO#Q|Or#}=>b%+v<b<)I)3nL0y*dVelL45!XI
zw19YY3MV733svCLB%A~(kf=749EE?J5<a2=j5(rn?PP*maF*1gYQn+T{}OYDE=pf*
zL|Q@7bSzx(u;U98aM^+-JZ4D(Y!%k8I_UYdLL^*jze9wwx~6XS^z^)h#^bVGMR*gZ
z*ETm*Q8Bnb+kxZ#Q{_0u=d2-0$Xw1|l5)+v(D4>t#BKQzFCIcHQqxh>NlXdyMzE54
zC034n(sT24%oq|JW7APJb1hL8gmomHkXP3fZQL>z7Mno<C|ig{+9#0%?To;mbe^eb
zSqJWEmy0U|$UBs-*2@K3KTs+OS88<}m)`B>^w)zla^PG35+FBiJ*jy&UdjJ0@@|0t
zU%i(JwF#kzgi@`-(3B+Od^yYB#?gaBmP7!e7z|>*nSHa?1z}@|9tDFY4FS(L3Z|eS
z%2nX<x4EuwGt3-vVCiGsfzf%N7&R9)WtP<JLO57ZjvK?%N!qk>T+qiHDb)*hM=b3X
zsN2RPwtxCkXdz<qRE<a3anwf;HR8fBZJ%P))s{*P*>|zRkD7uW=7bcQJKM5U0`<%_
z;ITb6MThU_%NpT>D^XFY2T__O69%;NYGABXTY&;CR<pPZ8>>j&6tFrQd*1fq6z8#D
z2)iU8ZY~@=q_bnV;@_hY97-+9HXTX$!GA`Nf6WgW9S+M4wucWAW?@)B&0G_3Sd-Du
z02ZB5ALtel_IU29R+$5tnX9vxWV;2+9HfX>^CJjTqLX&QZGS1L7^Y0CwuPls=)-d}
z(xIcR7j7a{T~g#uZ%1s!vK0m@1{ah0<Q@X3g%!;{G=i0RKzHI9ZYmIeczC~t&G5vS
z4F0q%D$$$Pn(v5=)jVSLR36&Ss7ilV?{{kJM){;EaL3VxJ}Y82K`u4Z@TfoXQknIH
z>lxxXKlv?!Uc?buGA*56c4IH_9}-k+?U|P5NC8VZ6h5CAvlQ~xg-cbAmMrF13_c?Z
zdw|S;2H$)GBt4)7g_CT0B|V^ea}9Ln2_s)Zsr?^btHYB=gKPa!{N8d(yB525vLj@h
zzxCx0pAE&YM2Y-vwk+U;05p-hflSp(00ZC{>BI5<5@56{R+F`x{<l<6t|rU=r)M~m
zDgN(ipl(1LJ{u(dZ7lNNHIe#5+(a1q`*ozfHwJ?4or9@j)tByfm47z|t?3U})4$ko
z?>DE@|A#6f4ruG%S5xS0{3BdV^WV2;!;Gt1X^en<4Za*+of@28XmFQ>fC`R$m7H1E
zfQTOu_wmusm%%8*_!uBWfZo+P^KlZ@pPwZ=Ulsm6p-%`deg@pBY!n(jy4PnvrSS}R
zr1^ym3wMVk<MO}+o+Zn+z<^;dhlK814N%>uoB{&6capY8-#L|ncN^X5Fe(st!qr$q
zZP{A@G`{@f-LmvMgNX_XKcx4zRC?V&D;sfm#@OV~hb2Q+qVdC7_&n8U<LYI;u{2~2
zFnP)OI1Trh6;Ah>w)1j{Lb^=|sL6UR-j?*_$5l5Wl+R10P3&<fAYkcn(y*n{S-$2?
z*1x-ta(S%}T8=75%m5gYHHiiVwhWc>X~n8vyuCe(B5ybc`&XF2j*WW1^p=teU6#9I
z2)0KInxh$o<fl~a=8)WS_}Pi%uut;6U;(#whoPp8fy_ViAwZUNlqc$eXN+5SzQ;Nm
zL$-+Uc`OUSB|*x;?^NpROy~UlRi}`RF+D-(PgDoLyNXKn3|V~~?>G>&kp(#zO|`nk
zF63Z!_0q^54EJ)ZVsz@x{^}k*NV5+}&I~I71ZFR-YmDgWa_<e{T<=|XeUdZYRTO{=
zGq0I!8mD7H!@MF~@SXB;#U0_zd>-hmVU0s=i%cOR+3AZQ`FOQiZJBHPsXFg$*-vNU
z)o>KG=6&>DLo^tN&OJOAFB#l=@=?L4Hq_5MtJF^?Ca!aTG6L|El$ED?T@!#7dS#2b
zIs@&K29^ji3DFVHRT`<+66jTTuCf;X=m9@{1MKs3S^lNRNv%yca@d!hiL9-vS(5jb
z7ML%?RwlW)6*fe&in*2tbI%DXRj@o_k3O?qHtCCb{`P(z(I+19HJkyF?Z8&w)QZ!T
z?FGqA4O6$zc&XeaY8=cpJPH^rdNPn}L+35}<fzm&DlIkztF>!dN(pzin)_QUVNb4d
zo|^Xwxo3)=hOH%P<n!maIM$@2<4*8!4iV&S@d~<D4<yRohu9FU*yUmN!ng#mDIC#h
zG5X}!nju9GFSE;gajUQct1Dyt=eQNo5!t=C71@2?{9a*FfH!yoGlNIs%>azXMxP$5
z+jq~mw;+8Hw#O`k*Aw=B>>(3Te4g=I@;d9e*QUnn`fT;)`7GteRvlFNtS95tskN>?
zt}4d8+~fp$99^ovcADTS$T{^dwwnACm4cHmu|fTf)uNpFk>NY$pA3sM+)skv0QeKY
zkMXvKB&qnN*7lsUxwfD}@9CbYB&EUT$&zSOqz%mvC#o$oAHKy}ZUvmHc;Z}OAD{{{
z(3w-fAS%YU_!?X74bIYTSh{~MM72xWG*7v*vF{oGDwm=>)}?ypcD)xJh4FdIm;J-)
zd{7{AgnP=pWf2Pql-FMwSa#rC>Ej9gqX$@FmyOuQ?wAWdn(IJo2ciXaf6}9f`ihFL
zb#n@g^SeMSDze&To$py~z7wR_(|o&RMa3H#sy8%+O+5(9i6}xt7}F>zyWdp`FEDB3
zeT4NBw-0Oi#4C&6i?{lRRK?Db(=k9>l4kjcght;I0*n#s5y1qx#;%fP19_H-tg%se
z(`c9}5m|+UwNuW|7vWCj9QwU^J2H^@%-_FwEN!RzSAt}>lFdf~3+Q-Ci;b+{)5s1L
zb_lnx9GaX66Myrnod0G*TN{dRNsxzR`c2rf7bg(*=jrb}Y1GaXg-taLw5WrFp(k-1
zJ{pw2Pp^Jh(dLciKVaHko7ChjryKi}7Ldv)aQL2wrVI5xaxUmLAJ(0OSfYOjLBkua
zPVJvVe4Cz{=9(v$9LMz!A0IC+=)1IjEPMmBeR=udbtJIc^0hKbVxVzQ0%U1JP;^S8
zY{aolB&<eDESyW$rQdr7wXss@@^qo<Q06o-;m$Eb`Xzr1D?(+4%*4()-a6C>q7rB%
zD!V}Ba8~Rd34^_pJ~pH!`hmmqYW7=+^{8{a1B*FgNZrt<P{}ilFF|007I|{GP-&Zu
zCx;uCV*|#Xb+(C|As^DPZ7L;3uxmUt-vCy`*2$rk!Dp!j{+9J*C;JI2sE#vh7AiUl
zClU|S^UeY+7~P_l@F=Zr(nZuMXJU%xq1yHgHY|jLmjVQmFUY`ho#y>ztTSQ8HA9?U
z?=8vs4CTjz_uU+O7hW&I9k)$V<Qn93b@jb_W2nYc-)h2ExXIl0!+9-f)lzE<jzUdn
z`tHVJF~5e<1)U~j{M`;mnwuA=^KtF~9p1`D`($&lyjY%m--?ktv1z5upF7xZfbiOY
zRw$NLwyY38pIu$c=BAeWwz=}w^57^gW*iPcfG?yCo~%Y`Y4ONRiz>~UWpv7O?Jvs>
z)?CL1qcvp5MRkj__H!KfSNaL7Syr|fJbMNbQzpLQsta1N<$~t{SJn16K)OK$U$Dh@
z3v-ZKASXXMkJygy<M86KT8%~<FgnpXf-D8gD1OY+8BS5|YlD9L^y=W@#{S@tmWBsa
ze=IKZk$tmErhS*a#-f_3kjJ*zOdb72_Pv-<$h4`!D2H|2ESSa__0r(<?tXIq%vYB*
zr}KQuFR6X!tges5)E2rihj}8zhL+|U&+#|qLUN8nkoyKqnNJbt&Z;`x;i7^<<ViEu
z*V=npcqH#fg%V)uRBk2H63-@+p23&Om;kLTMzc%#*Ih9pt2T;fTfWFz)yIc?TVYIL
zG%0+R_?Dy&8yYigf;_mB&_X?}RM<GH?+`7;GaAD)<}MvkWV6gx`R%e2#!^@LTM?qS
zPxsc3fB@7fD=kX?R<^eHtpvve^NIZmq!an`EegwP5-VXII)>{Sk##bU5m$w+bp&Rq
z*LZu%Q~3Fju4bR-*!Q`I|7l!R;g7s~MNdi_Nf%V^Bl35}9gOSB+DK}D`|aYtZJ_KR
z@L%bK_`fO}Lhe;kMElULhe*b-``dP7R{<rVlZP}j<ra8eM8WrGs9Yb6+<j~eO)2JY
zfT1OL4bf1<=H&`l+GsP<LmH<0P3PeFhor!ji?$qHnRVs%!fz|*EfQhE2dv@t*lvVX
z+35f$82FGDFxX{$yC2cXohp8DQ{Zjw&jxg)H*0(9f7_}=s<?K^fYz6s|DlM)(cTtk
zq<8gPi(yweiw0HH=o-w&QAC6~;sfd5<^O40)k&jyzU`X#DJQnpUbg}lR`U{NO=G*W
z!y%qMb$OQs#5p6&8C<2XJ>kax)U8w;G~J=U+E?aV*w*OTSMT%vS}rxC2~NDO$89CN
zjwLDu4hbpv{N0OGzU>slsO(!fdA)bDxd+evZraaBkuek%utwXqnyM1edbk{G9qeS&
zrOzU)an;?HOi5QT#@$I4yvuTEXy5+ssd20328-IsR_=_>a5Bk{%+pQwD)Bi$4V#V_
zm8Nmi;N+{Sri^W^dBCLjp5qr=H^dM}P0{6W6zOrc=>EmrARp9EdLyb1^?St}mJ~dT
zvyLeIX9^)(iX_E5ss|18dQhy_!RCJ2&kK`KDD&-wQG2{|Bfij9q{zZlJBq;o0EEP+
zbJ(nhx{-i(N=SWNp9m;I&XMYfqikog;jFPyx3P9Pt6lfipEyZN_)=OI%+on(M;l1C
znn*3SV~l|e$&Vt~1Zf%BP@tty=FE}+7beX?A#D|3BXkax<e*(e#ce?V6GvEfe&5+A
zm_Yg7lq~^`Q-KMm++x<gf@3p3p?9CCR6k>$XxzOl6&wno8-2k71!t<P8I&JlGQf}*
z&P%kWT3dmez&>B#BtWx@N`Sm1RNbDZ466SVy;T&L?uctyVA3=JPz6y`Mz6>%N-nZ0
zxYm6G*sdwAsid2*r5n29ot7D0i{WTmXR>4lEhq)dA_P^;jn_VV-E_PL68a+}!Mmz1
zzX3MCyml150e-#jgLtmbA-vH=_h>yUf9dPQShBf(XyTjbIx@bfnD>8AjutupjM#GY
zTmix4!YPlW9UGYVSUVzrpb)>iTurGcsd{GpOCIT+xDypk7`*Ra78~E0;XdNU!p*Ks
zm9yPb1^H2L@?C#<1Gr`WLV5#C2l@3BPz1raf8I#Dqoebx>mJi^w#y;6@X)7Q;%1Xw
z%Vdpy^22tjxY(vb7)#o(c+W1c6IOBm>~$;U?&S2X17WTWXFcPl{$A9}<p3|$|KMPE
zxNYij?+x%c_Xc=y6qYZHeQ3EiX;ptJ4PS9F3>?UJabzjbqSUCMB8E*-ZG95Bce0}8
zQU^+Ur8H7wcP&U;+$Rxp-S8}{WbO&;q<Z~4e?4EHIP+M4NBAqt*Zzs^*ZZN5A)P1H
zu*>5<eRBm<a|qglo2;+eJ=7y{5^sQ;DU1*K+@BpC<}1|m`Lvllj;nC7BVR%Tom~X2
z-vBhxCDol2&(}4)c&Q9Ab?5WEMZsw2*M@>khG%E5bCh*^(a6R}|FO~Jf9uMU0E6$U
z#$<Oy<Kbi5jWDWu^Vc=eL!1o$^HAIDi^(wbry)n3DWb+8D4*y3Sp%1HI$jLR34UM*
zF*JGO97hb6W$w7f=2j|_8);wMH~YOTo?4A&ZQY;`{@#Ir{U0G1f$WT&y0s}^g_Y!H
z;iuY?)?u_T@CkdsZuClXC}1?d^uGb5-T+5-#E5T8a#CR6XaGpS2LJ#-1o*z>Z>SFi
z08pX>0L1TiY-}9p?Ja;t#?tz(){YML|N4WOna;)1VpMG{a)k}Wi*NH4N)Y0FFH0?l
zLfvTxEx{rmr233Fbu$APT<;$*oRHJjLi?*@BMQy<LUps=b<nRInG+Ym#PeF9?d7Q5
zax!|TeSfVRb^{#WKzpdPd4;x>J`<MjR<6=ibt=HwVvG03`qR-`$J?#S=u^Qjae@Z{
zqNu4``{v6#$>2w$=|uPW=~sA+GQTF;L|WxbD(6_qY3`^sHdI{jp}c&@1Nf6Y(vwFg
z%|wg75up(-V}J2^If!5PPZ~F}DUHG@QDsn!UvCZLN5go!gM|?BytRC`mj&0kIow=l
zl!|g`rM)VYd*t3$d?W*UGpMaN*tnnGf-U8>*Lu1MC(Vymi+Zj^b4V;du73?|8)|8Y
z^>NL*+1Bw$2m_XIw<m6kYDv}H(+`+KGlhRufuik{hO^kO<Hk0)GI|`3cJS<oFZcA7
zK{owR;Whb&%G-aAPIac|icNdp(cY<fzCdsDWfd~EM&`D-%x)smZ_Tz$qP&hjGP2DM
z8_%fi@|6N6t?$J50YdIGG}E?;Iny;PZoWAWtsO3@*YTV_6Fn*O`imTAT)+^sQLQ7T
z>qNt`%+Lym0YWh#BnmETQsdQUN15NZ_HxKB<-rI~)HA?u^^3_#mRhu4yx7A;7a*&~
zJw;JE;2HtSIpVNSOlSSBXlIk+O!cH8x`#`VuMfW%3WQBzSrmVH<}=?-NW(%*gJAmn
zGDHA}`m0F805BwW@BtMScc3?jgUI{)5Q|LVe2qS)v`Niwu~)e%qv}0YCH~DZJWp3;
zE%iMvsQV7QQAJ*VAn)x}mWw<!^=QQ;s!XNTtWXc!H;Zn8ix5jb_`7WxZFI+(B#fq&
zuqiaClROH@+wn!R!o67L?3B+d(uaICe&B03CH90T&-Cp0C1%C4L8=$?VuLu4l|fRe
zv;jQ6VdhZ@mg&~_$o+ET{QX~b5d&S|pw5C%0un4HQbQz!`(56k0Mq*cv#(FxGsRMj
z#ardqXs@D0-5_0%%2PC5pIl;80m`3bNkU5~Bte`b`9%)!7Ak6<+CwV2CAM1Gp4^Ha
zCvVB1DaFLaEFiZlK@sbeJm1%JD?l+ajpCBW=L4Em+Wa%6JPMb_wlIoP_YXgM_wQm-
z!DH&isjx5C6wJ@f4X;aZ<+v{(9$7DtbZvcLrugIs6A2sK+@LdEb^uGK#}=tiAP0`M
zIk3sxhJGxy{Nvc6(f-z9>kKZZ-h0CTexv>xhc(Xs)nYr~j6+EGGrw^@-o>rDZ4?CK
zbL>_in73b%audC&COb9;_+?dLwMqZE)05PW8aE<le^MJwg*A9?1Ck+K^;1uO@3sFH
z&9PljeX|GlWHIbvDbDOAo|yBK2IFq-tujc+kM{4gE_;$woT1b5%q+kSpfa3aoV04+
zvTnKfajeJ3M@seb=RLQSZ8&-pDG#7BuC!PkqqfG#{U%HODFpSz^i=RtLBT-ya#A(!
zNI|hbSVci}T8&d~HZ7l00jwW~d<+OEYZJu$mmeEQ(^i7_Cb@*EDU<u>A*x)(f(h-c
z_-+XZ!O)LTGW~L22uykyBnid(*>JY8WI=mu65#z$=iK`>^PuH0Z<wAYNs=b3xe{u^
zII)l)S@mS`81!ZFvchFVIq0Tjul)EuLcw<gotx`?qc(_2kVHbP^oq8gop3?Rg23Wp
z+20<wJRfr(HG%4N41Ljp`~G(=0cq1bS$HQ&c_GRhlqIUbAPJ6<XJSIB%uR;dnmw*t
z#-S_X@ES^q>kEiEal6|NjWg>zr3L4e&wPGO6^%BTik%>``lq)ZzB9&1qc-~oj1CQ-
zk}6*I!lYk-KQdyx^Yroe=dX+qu)C8@Yfx@Y-L4X42-Ide3}oFgSANC|X+`LBu4ZNQ
z?n(JziZoZWIm}5+bFeCMeOMc52oq%9Ja;(P3c!}mFrK8^1MZs;`8@TRvE3$$pgf7-
zBFC5<F-6WV?}AFd!kum_gu;3b<Zae9edf+xsRxLG$EqU<*JCj^HywO1Ykb0%X1@vv
z(T(gM#x030qh8bN%$i)%tAWMPafD4&GG+Uylk4p}Qi0#&26w`kWvVWy3xNx^CHeyg
z%axcNr3rakGzcenP5e|8g&kDg5^-&eR!xGBr*>~_!l_f94)lwd`N(6nkHfsc;BKp8
z^GU;<)reF(1OJnYJ5u|2$YzDi+U#+chY4nf;xkDD7Q{6#6y#0ti&N1SarGsC!Q+SQ
zPiKU>C#@^6L2n;XXs0)e5u#QK3nJ03Y0Dk_N>-Ai33SA|zD9yx-9m<>&be*1QN5j@
zq+>qa%~n_T^-<{_0K6zbYv87BYC~QeQp#V9B*klG7et~`hzYyZyyD%w0H1uLrn-M_
zR53VxoL6wx$a|9PGPbk=wMl<jtC3+7mSOq<>XM-=mFTLnXv9>FIXw8S+26{qZjvHo
zr}6`B7Fu+ue?R>R9vLL~hEeG59xX%0H|81Xbh#Jg?F(4e8!QE#5yu_!ap!mE19*D_
z1N>)zMr)ZE--84Iu2BCCfM)p%pjRSx*igRd>b?0)f<9GGs^t`grn`Vj)I)+vlZPK+
z?ItIfYMM$IQ7o^?MtN-zQx0Xck8%ysL<QE5C{(E>DhBqwz6K7|3y6_Dr8r9sc<pco
zIg(Z$TQxX*_M%$t6==)R7QtDs%C|RYyY5->dfjoaI!rwV<NfI;sF!<!;c#>sj}p36
zMt@(H|AIrO26a)dRj<_br72Z8=Ck)%eX{;U=vUfuZWA^7O7)3`m1ZMq9ej;>N^{}r
z0IJK5jfEV7@?i5a=pi=-Llv*17*~==q^gT7upnw1Et5f4*z81S8Go+j?vpQdW|+rb
zoN_}^i}roUY+P**pRi^WoIS|<(i`Ky9z_ml1|JV&){~_zT^h(S^R?t6fBlkhAsS7G
z-%vfb5ruNo=#XVc{=zvkv6w5E|4l6;GvO&yXOi~*1f$ku2eKwq#!+d$>0oP<5jPb%
zonmJoP$wM!9e^D?sbSLmPkb98#OZ!AZGSaqa)!nIWR8o$iIB5#YsRM$7n8i*S}7X!
zI91bK{~rKML^7FG@EOajr0p3#kUG*uVk?FvLaX`?jJ-$aob0+zwJfM%80`5e3UKNA
z%qBk?;1bw5Ab7J4Mt|WxYfBMVQChx|ryp9}@eaVT-nf+MBv5C-OaiyQ70n^d>~Zrm
zP?9v}H-n{~PhIkQ$HCADLI%=l$o$U~vN4M)^Y?8opCdEo7g9dL-X{G#&QrDC#5tC1
zv75-IXCEirmo)QOESmA#7AY@dY!U1*b#p9~g=fC1`U%xRUH@WA^zEnG2*$CX7p5h2
z3%gP*(#h(CGr~K}jwdNwFNm3H`Em5-TP|crM@!I6*IPcGe(wIx6=0h4%9YgvJ;{~W
z08hJ=!HymqB#rlkL70UKx%%s5dTKR0X%^t``}lyf1?motqXmBb0rdi!89*nV1pX02
zAPQjD?hT>sAh%jj^$xR9P!dEsQeFsV>&|W2$gD7SXl#C$V%dHgRD77Qj;aE|6Kum_
zmQY73w};}X%#P_BRtS9EUB-e9A6O^{_-~^;<TW--CsH&Btmp4!rzHohc0CDyXh(tv
zBJH;yz|)z&>bsJhtshURNR;Z(H3}|yz(0AD3<CJRryP~b=}reIA8gXC&5-MwAk{&5
z(51iCrmqzFEIx%|I9m*0{d&faU|asFGZ4}?3cD2x=d}pN5u_3S<Xi8UYbyXCaHn$r
zdS%tn0DRu~Ru&2cqd1|nu;A=F<$hRIRr3zFH`noJ?{Itg4!6sbQ;U=A&P7|?5%_m?
z27@9esi3&}-=KG$nDNOHsU)4p7)W1aCh9nPMYKkPxd(g@53nWHSV%K8^YoD_b4NA%
zc8BdP#qs8baDlWNLQ`tXuqrx}Q|e0!Gl{X&!s@xh1;u?Iv}j41^v*<uG}|kGi11f_
z0s}X*g)Je_@5s&{z^IWDN_Yp`tpL>&C7=8Y8UKtaB1T%TX@d{s+ldy3P{=k$rb|c@
zw!2vVuxx16su!5n(H}eYFGo&=BBKOLxk|Jc_ALZ=7rc|hI=?#~1MH1>x)?>chY&%3
z(xQaH@|w-VXm|z|38GOp`-s6G+|Q77hH!M+UhQwZxk-006Hr^0e%!ao>uhCsoA0C?
zgFaIm_@rF+D>a7;#*aAoph*)v;{YY5&nh9R`?i`wma)H-qQgn!sUsI#qQbLc?$zqc
z?V}acrU}CWIh|G!nkm0LrhEDqn;5rsToWt&ZV$;;m$L$Ul$NT7h+r`kzI*#r*J=PF
z5!rH?FmHaw^VY08+ihju45Xo(Qi71KtR=AKs+L~Yte0@|U|A|Lo&p;6T9SS1VMo&`
z+m&H`xW6%sC68xBPiZ)Ibj$;Qr9NiJPMb4H+wC32BQ?#Vb`l3G{>c0z)SQ{_0W8*c
zVgHqjY%Kx;oLnBRCxrlkqehv-y>tsY@r&P)=(^m`nJFVIHouICF_P>Npz;KjWs^9L
z+!4Ty^CB)IqkO~Cbxawn|HqS`4QmVkVrp~o+>lmMA?&>_%mzo&1t&#T<Y}T1JlM-L
zNa{Xa`KL4Qdls)-&|gIm-Ga>@=0G@@*shb*EP(k?yu2T!e_h%$S=>>0-?Q0>t5t4Y
zy`;QUYT}M9>V9E<!fsc2<buKkNgl76CGDbeh~?01k(U<#Av^D%h{=TRS@hO+buOn0
z7bcB`@FpGbGfCglu}~)B-jU9nS-z+5Ty+4UG^z7;vINw{qUM5aW)ZvK9VH9Wl){Wo
zKd%W!#x9#82^R=fV$xPS$W*Xlx1Tn=!8Ziytb^`6vP;SEV9zc5<g=a~#1MB4XD)b~
zYkQ%8k5T_;kPMl3B;<PsNfzXP10-4h0g_fL97unG<cVP2c|tgsf4<rpKmw=t3~Ca^
z(wrn%E5<42<I6o>OwOs+*7==2fkF7-mevHEnCsitd;FSVBR^xc|8T(r6<v|1yk_}z
ze1YCSl}lWFRk<-6FPRfjn1f*4^X-f`HKd@q7tw(ndGN3oZ6d8a&Vma&*iK4=W?f#C
zYf)2i-2l4MgSmvG9c;;x8HR@*tFG}p?Ujdbk4L-mBqnXfZXre%n<$M%&G*GXlUYB%
zN->X77CdOGkRUbB`2nBj4zCvM3Kvcl*>1e^)^16usE5|VtJqj*vbvZ$r$Ghh+FfYA
zsN#I<`$4ggOUW6bYtIxuJF`h0blTL?ll;W0;_(kXT@Ip<<2wRQ&1&<Cc+X{B`>0|W
zrr~%%+f>cbf>mYkRO}9p)b`O!O2aX9m#`ku?z6y4#4L7GVi8N|o_^h`r>9TDDxJ<I
zzB)uMN&Yak;i|ne**qSql-K3(GW8-Utu@3k#Y65Y`#C&rzsaqU<|hKopcu(Gzk0P@
zZX%%j7;t2FtBf-%*w2Svlw6ji)8C0ZDU5u__7{g7DqjdsUlu6Rz?M-CRsh8&P%N|=
z7^ai^U1sl_Xem@(i!V8NPSfG{h}>H6hTdV6#^1XYjEsl0?CSIlST-c&K80J6C|j}!
z((MTev9wt~uaAV3S@V}au-SJDC)2BO+OMh|_4u;XmE7sDKsZoi+`w*>LBb8J6H|t)
zuZdZd5Ob%8veF4m6P)Q<y&vrtlp9XEB<I_%!#}hY0h7;i$wVKpQS=7eisWRjZUwtK
z5C5GrjBr(R6e1dG5-XC0^P%{V<SqHv)VV#nU0Dk5(Q2g>lrn1~l+j2{A3nBUKWWZt
ztzWx5VK{A`kyLrtp*~j!TP4?=b<byfy~-?yHGYoz+TsslQ<X&ke}LG*{RQ5Bj7{N%
zSXU)os7(yG9H@1i2xft8S=+Cr>c$<+XY^qRiUZV;T@!PVx+GmQ=yzxgL1Y@1b~KjJ
zmeL1US2-<epMCD?E7InpD&`*$O`L^=sM~U(hzoB-n??$f&ju~*zU%fUx{yggJNfB@
znsl4H02V+9|E#trma4uTpagXgG3Kr_u=bW8p?u}7U$iuH>^AhF-5<Lqp4N$4aRMdE
z-9V<M`BbWcE>q=pQRQ|Hh1Ef5YOOv2yvfv7*_%~3ZnC=aI7U%m;VMZ4OHYh3UBTtT
zzQD<;HG^{_lz4Dk1i1;~eYw{-I+ZpjSQA{o`9r@5{`Vn7$K@{tq~y)|+DcA>*Rdvw
z^5!zGs?+rZm8Wr#V9^A(V9{4+?g^w-7yeZ^WXTtzo*w4~eZ&qkJn*d?GKv!uo;N`7
z)H6kQ{pC3#Eiwl+h?%>357=Z9`z~?U*;s_p0zO{+fq-^nbrqR08aMRthqzj5e``<q
zqiEO=5j#)@rCn?_Ykpnb1t%eRLqEcq%*o^P5S5Y|!P53QEVnlDejtx*rZkLa5`S)(
zj1(N1z&39>8YadSNj9wlI3}DEkk<u~h@~uHugEgOP52msn``-pc?r~)1cAcwnbEQ5
zBAeXnp~Z9ziPMj^m?EwT<JUIXojuQooGyAlSuPpe#5i*6@F%`i4n&?yW+#FVeS+`)
zF_8)~)TI$`l~m3uitXvYbkGI~?ccn~U~u3T4Z=2Mwlk4-{PC;)p(Ar)G=G<L`8;Ud
z$0F7&8+AcVsECXo)IQo+E`lv6%khI1!cL_1)K%INr;?!eR4facK{0L|rZTB~W4`$`
zIfxZ?dk*WJd#m~qcFPj14oNNzdz88iHtuWZNw8ZcQ5DK-vsVIM18^GxZ<LnHogPv?
zAZt+_&a9&X%uq(h)_6m<<Yv66(2x-GF)-LX-i6Bou{bB@VKNJi3ir8Yd0>342)=a@
zpzLEX!^3Lux@?t0UYa@RhU*!kcXiDi6BwMG1S!X#Qd{I*@LP^JG#iIFLb^qoDO#1-
zmG=jZOYe6OqCN-)d>D8m>-Gu%5z{PBeAa-sSBEdG*ZH=e#Qph$Z><T$B~ND0fvZZ=
zlfB+lT*8x*$YphiY0NVd`tkdz>!^Hip2?Gk#w{<xJE!RAB5b<C)<u&y@(Q}<QaxVW
z<F6q975s3^7N4#_008w!{|5Z9{bLc;YK0B0o#2Nvp#yhO{iorCu;2J2;++S-eFtJ1
zTwf<nEHy1VopaGHq)@xYGPFvI>4bbD&coyN+%Cjqy|LB+zbsE=J}=X@IW{R&ORcW#
zd{TV>sJKOr9~0t$4pb8>TnCF^Z>ibvavveDE~Xm-TcHAH<KiSzw9ZA#goCVJolF>H
z51T>gSCOt2?kZJ7q!KvqbXtMy-m+mal~{9q@vt5CsMnYy<u%!>&rh!w1-A_Heb_75
zpH|-~RNL{DWH9{th8cr}%st3)Ir*{I{)3k4Ah+M_h=^i#L@mQ}u?oCMXh8)9%vjcL
zCV0NavC{>F?xnf@zQ>|AtdeSfPWlP_FCU$;Rwr%}ID8ph?r7<A)ttF6MG(!IZa<6=
ze>rD$Ou73@K2`B}(6SR`PSUbplh;CxcWn+9j}JrM+jA954I~gRn(S@IKgYy3pg6)^
zO&zV=++nksyzJuS;d3M@EXM`13GZtbtGUyvjm+s+r0abb^8TViF3UhuD#0y1aO9Hq
ztX9O*=~9I50J6;?shInt5;WPNtSGhrSDoyG@R~`P+hnekiy%=-sB8)s75N8pnsokV
zyB@%v6#2g7A&6$~l8O(B@i)y<x2$NhY<z69U2W7GbrlCkFsr?VVvKNyhnPggiO4!W
zVxXdVwZ@FO09CqA^j^M_3V)h_S}p^=K8{ZT^caqhQ=SicV?*71$pGrMn(B!)d6L)#
ztgp}a?9ATgX|lx_mRc^rIfwAr-gu{;h@|*-<lUDJd0vCPsZQStERjrl@3K5Yg##Rf
z8hyBq#y8kN<godYRkXZv9JQ?vJ(AWzQA&8LD+buMx(2ia@fjxsimutJD|tfPZ`a*I
z%CxgSO2-!MehCH?K1n~q^Q;*MJF$T)!!AEO8+{V|;slmP!b0!EW+>XNvT$+cm6Qmd
zv3F-Sui<LjErR8gTsF~*P`+1=4N~Cwdk14+Vu?uLrj~ieM?3rSw<{C^(s#i<U#Z~b
zrF!$L<ebrIes+l_Pbt%DQv;8-emG%jTk&-!m?`iX*qfReE<TrP$@;|>xh7o_TsJ;-
zT&mIIQ=D?TV^?CN#b|CO8P>1T(Pp9(-V4iKH=k0fCPu3BI+e9+WCfICHLuKu5EG15
z!UP2jzi-4YZAO!>j^|RD0%;UVQ-4R81?fl&5#HN&bdjXKYtSbM@z3~Q7bo^PZbKO)
z_qQ4cdrWV%ClEwq735}q&`~+p!;12y7iwS(r^eL1bd9E8Y*L_azEb4dKP3dnd+(_4
zPE4!s@6e<?)qIk9cFEY`3GW6+%)NMF5*$4TR{uCVmZQ_;$_YJk(`@&N&t)D0{)U+0
zdcGHzsFi!#!fFe%^T|@<Ph_>)W*(uTRJ9CIl5*bJA62v5z+T;ST70^yh*mNuug*i1
zn|}igEA@@Xm#|ouG#;)z@Tm{j#ul0eNddWAJ3=rR3T=gDA{yS_M07iWr&-@s=8AFa
z#snh8ue;JUw3otX{m4hM6b~f!O+e^8JTf9))EPrwh$9%rYm5@a?BVh8H#57y2)=+J
znm8-jsHFORV>tb3*sOrIgBHjULc1Viaoz+4oi+?Fift?MFpv%c&Ebbf!=BkFTA<8Z
zRJ&(1?=2~YHl|*9vv0X$HKKTq^aFO)stFNjBkr!wUgyTZ9{eJ+tDA2PI?4`*HVOYy
zUB1P`c-vXfWKJQ#rJh>jzYCa6P?@CAM=qgd39VW}crX&7YMVF=s9gwLXw%=xC6uWF
zcUdmlvb#!qNu=dszB{uu&g@xm{X798I+-?YvA=W3a~EsNb}wcamh1XHAqxh|@&w(s
zUB7&+(9|>1-FnDW;&4EpS6NujYsp}gPld-DKh))IQ4P>fx+wwR&%pG$HEpo&sAr(_
zvZaSahpi3Jbr))HI^3Ai-2?y;9t4ak@+%F{`0$(=m^j?~MWV;{A0RM9KWoe$9JalA
z^(^WBmyt=R%(2S~7yy6*`)@!4`yXgfS@}CM5twWtmS>+4P4AA$H}G-5DVssmBVGPT
z^*b`z`4gGM#B#`*S+sPv2VuY?nvADm9gVF#RXE-$4F=rWV`xKE2t9?&$#f*Q5L`$i
zwnQl9y>E+h<8nq+YPPQQdOL&99I9_8f~r?U(7Uk{-9J~M{CxdQ-4ZCai@sAE=xk2L
zm7_<==1Dt<(Rr@H2j@F`AwJX6<7zwPTCc;7u3c@mFr}l8B%qno>D6S}h&%N_YN{m%
z&9Hx?m^g}46&MtKa;n!1KENt;&iY-ae0lju0;=)?drkrBgPq+xHGmm1W&>LCwrryV
z)uYeapY#6URfR*wQtr%kfj|fD>(`}=v0gsTcC11pr;d;5`0vXcp67zg2)~X_c-<<~
zhOJZ(TjuV1uvW}8)2i+UV4uYjkBiFeCwia<Y-sRONOuOpm2$<nr$*PTjj_H;$oK0&
zGt(nfFOGz`9LMW_54BO)*N^jDD3s?a1!qlu%*96!m^M*AOOa$4nm;ZvSR;&-H;$4+
zLxi5w@r3PRq7St@(%1T=6E;(vNb0(qjh0O_7?Z_6bno-NT!$-z_KI|Y^pNyn$Xe}I
zor~8`_^5Tc6_3_}>2|Oog3D%892fz~{WL9&uZFLbb<V6pa6_7@$C7F^FIlG$n2-Xo
zfVdOjEnF*%L3`E~Nu8?YnBE|ByCgrF?U<W(FHA*+YtN^|nso@UOoH^kyQM|mtwd!g
zwEFIr2XDoLzjiIA-%1nd5;q`6GHxkF)og4De=hu{SoO&TIfns}H%$a2h*Xk?M_^Es
zrU26zsPh%#7kwXb$M{-@voQZ~t(aWSAlatKTpAD#IwHF?IYi7hE^9MS>^-?RjKm_8
zz&EVm2L}-3<CB4a9c|_}_fy77=vtRDsk6A~e2*Nd(nduaq4kqZY7IuyQQEbcJJ8<C
zfgtA<Q7r__7t9|<+}ZUQB>fnKY$vLK%!P8S{>r%`U1ppThLHkb($46JoR-^9JFcG}
zjZ<8VQTl8%wnXsJn_)OZGF6EzbX5G)zGeH?^n1+8GoWo}m|_cLas(+D`2#(01`O-E
zFqY6Xsn=0o^{p|F!z%1*`W%BbXP{6Cg`#xWmW|sqVl__GVsDJzaA`+c2Z`KFWoIn5
z`lb{b0?RI^C2++c=!OBQ`@QlxUh(T^DJh_X(TTeomna%KG{>Ss5t+JV*rsLPL%pgG
z-}F(aKBay4qwKZ#6}jjE%0*K?L_9H^of}5>^{dU7%Aj!_WP|4sEAjDl2KepF#;#F<
zs<#-Ah_~v6xBt>Lw8n5j34#LvuyFr|YvB0p8p>2G?Nd3BUOk!b30OQDt--;!``Wqi
z{IcztfvLc0f-G-bW{A94qXDbJx0f5x`W+7T@!R%JVwH*W&n=~ME%z%G5IEf;LQlzH
zl^#%0?KzG!eB)`A_xY(@{Nk$%jrqLEoZQ4|_X{0wcM&oonj4#V+EQ5zZj61*CZwdP
zZW%=?c|F@9Ow*-aQp4OdbL3t(W)YcaP77{67Xvzhsq0vG*HU*gd)38*zA7gXH`Bg0
z(+0)Q7^MNh$l=<){T#?J{imMiF^@g$R0fCMbto9awqsHD<${&x%h)%KiX9g?ODLC6
z=Zl$}sAp?|jw>h<W`sj3*v4JwoJ1PO>;xPwh7GHF9?PqCle7K4eRi!|16f}`KZPT=
z#-2sy1{JQ5UfgKfg4HvN<=YfyX6Pu&dJog71kRb=K89J<QH`6r=Ym`e7DWtm-7}>b
z!3`*&a{Cdm3r66VyE5B*#u-P6hy<@HNYGs|?|y|yX*5PE5Q&O&Me66fwZi;DEi0Yy
zS~6hf_cIjES*EWzOUhMw%8DYsYFo*U2s@^<?HM_TCL+h;T+k~*izO0;J)MS$oqnXu
z`w{n}{)0Us|07Sk4BGl%UZTs&^j5|@qvVg5IAeYH5~=0htBifov$*hXcZJ9ZG>FQC
z4Or#Q%Y%MysUkd<{;jbs2}y_r1pV+8C{qS&oq5h3>r1=CC#{wx*8B?m$D+QGYU15K
zRh3*?*?)P7n_JrbhY@JZA{@F%Ge4|IvHR941|53DT6#on=my$~!I1j8E7H}4H+rO!
zBYCm;`{e6;Y<u(^*#;`0DV}Hi9&<QazAZ-;9;kd!_ikPx;f+2vgisB5c4hzwmnBx{
z3zN@gupxTPqz=jqvG3SIOhS0=2bD99G12u}IU-+#Yn+)v8QoG;=}<`b@^L~<L{@dr
zD)Ir(1ppE*z?U%mg+1%A98A)MUqBwE6+*-sPi_)~R5tg9mcs4C8wF2}3@N+ey@bkV
zgQc68ekGWvou3xgyyj4Ae0{d|N0N+fq#3M<mZ^%&1<mxV_F`1a3t6N%(>mUGtq@P1
zbC)C8G7CB|+S9CwrJ+?a?Al>#G;a{U_K1vic1-cVIFZ0#Q;v|?MinNf3Me(3GD@tv
zVu@K{`G43`=bGpdoFIps8hOn7NT2#8>@)JXsi76~B!TEGq`BFS1STnibk5dkwf*5{
z`DfTU<=(Uu+P9#kgYc~q=G(+n(t^Ou_h}IY6UVtouJ*jHl-9}l<R@NDKCuyEdOP$s
z>=jg2UirqLRhA(bc3C8t&{~R@*)U5;l5b+qKdj7h`0rYU-~1ChuMFe~Sa)3<b6Oe0
z+jE{<nj7S^OL%3VWYDWQH6C~T40@`u$F9q83%ZI7K7qNL5pkI7Z;QR9LO9HW!o_T2
zNMk+*y(|oycm;R7{+Hht4IPxT$lg8B62iaXfjIw6PE^;d(m2rCb%7gQ+v^~PU|(k?
zAmEg!>sG`i2)upC{a}*ncw?nY+n<&p$$(7ZWbzufkT_2d+#MUyFZ*Yf3%+=$)mtyq
z0wx(?YPvt0k17+#3rj&2pv0B$9G9*#Xw!LP$5;Lz#=a@I)^6=Gwr$(CZQHiF;~m?!
zZCg8bvSZt}lg@Wech%q3r>f7*x_IA<b+gu(;~9A7eebs?GmVLMFa5K3<?rE>!vY;H
z?BbB%^Kq+z4yBx1|3^>zDN%K*PwJXYtt57=PHWxmd!bh9%&qk4NagAK$By!q2=(=t
zM=KD-D%#{0eY*_7X^R0$i$DXVft7jw3={W3Ij<<3y2bfqwhfU{&gB~QR9o1$hWT}M
zb{vzgO*dYNR@(^_g$p%JN=_Zf;mNA)ZsdVO2f~Y8KX-H>mgZnQK^*tBw80De-bUo-
z{@Zg8Ejqj90_H+Es5V_LE_bhc*QpFPAeDV1*H$fCKD_v9wpT<;ceR}@Wvec%Xs?SH
z{!Zt`vJ^mMD(exia<j;m0!^;%h(GdyT?BQr%o1HmeJtdRG~P1K{8UW%q1#iID0Ec)
zHlAPQ$4tVzg$r)7q-_V*u4=b-74hv0E^3JB4OUejDS0f<fqj9MK?V{)S^XgIC`MVL
zgA)V4f4#h;0NCF1Xwh$sZI9h@B0Bw=sia4G&><f`aGhKiG?FR7424yA7aWmD$B=c}
zFUj5z^{4=H&AjupPx4+W)TKeMR!OzmW_o8%i)9r)5oszmq&wd&onUM~<FU>>gI2()
z>rmVgrbI>VJ6m2@q8RR<lQj+ob-70AbRPH1c`=al9`-7J1)*DOFv8wi(n5R{o&bnv
zk@A)@Y>{G;Kp<tHBZ5JUY2cs;;34U4f;m_&zTa*^;ldmylI1(#*M%3Sz*i{9OgUsC
z;t<#ZegfwcQVbJULymBaIu*8yoh4UaGl;NR#>*I)8wYkJUeFCxJbwNB%e=HYo+vJL
zosWe*q`aup5b?}vu^Q7%Zm|A4H^Qgca`1Hag>x2k8>*QTGm{6pQ<ER?lc!)r9x?kX
zUu5QP@;M&8FRVsLq5xnZ4Fz(rl7x&AP7w*bH~plABS-WBVV<MtL9%2d-V(Go{j@h}
zyLRSG{rK*j`6alkdBA%&>wI~d46Vcx=M7WVFhT-wj4H-JDF~1TNJb*%FUdf=;qLEI
zW3;oOc@2&mY%;K|l?l!}GNLP~OBPr~5r&BB`x;hTJb06NbnA&`HE)X0SZ?gR=@eD7
zRIq^?#RoZ&5uv1Ro2a29d)=jyDA_1q4SuxbWIOmZkIl?I7JrahAc;bjP(u-jX-mCd
z3r{70phrXZcIyi=fjEDVx=3igFj5d7*94}o0qL+d)mh2V^&hE&q;;o%eon;Yx-FaH
zI(|!Y7=c(Mnp#oMkAY#?nk%7LAB9+P_`$U$K=`VNUPpK@O0aIe^l$vsxdVw0AAbLl
z=Oo#A%Ch{ZW5F2zf0SWi_y=V!H2=p4bS|_Qop6{ZXSf*wWQkpce8EgRSFa$skdS2D
zdeTd8-=Morx#7aT4h}BCLKMpEY&N><fA==kQ67y-)b!_a&_$oK#D5JaRrQ^L@%q|{
znhAE?K>H6?tA&vr0_(QU_t*OQRm9RE?8Z(G=7yMb?arVM(~|Bg8*NIN{{!lk!o)FJ
z8cW=*`kg^42%postgTlJ@)~TFmU1oman(qqsA?Vxx=)~1Nfd&L@bG@=L`7j>^A(OY
zu3%DTd}S}J<a8XW_(g`;%uo_I9g~Tk^T|*ZT{Ie-_uCaBHe}6v2`k^uQpU4u^iK{f
zWJ%`i?^O%|Ns-%Qic8~FiUcygTI*n$)Tux^lPz!l;(>K%LV!=*hatl5qNgC%?Lj%?
z5^|!t1M%0IQ53i#idEf8G}=Tgxl5#}o6tHQ&dN{4kqUK#5y$?wvwA%iCXpdi4EA_P
zn5UBLB)!MgkYEZh^>G4d7KVl+*s$8wtKw1g-QfK|tx+?!9xBKfQ8#ty)KQ2ys9i;X
zK?M4Rsy}wOatQ2*^*NBPHsWC_MYNdV$$Lt!XgMen-Uy3?e{z6Lme?GN4D)fN96+qc
zFDaCk;Yxq_;Ji&(IzGk1p)Q4jnhHB@SXG(ZixjYR7ann$1Bvr;Ny>|cDtAEbk+uy8
za_6t4z?+H^n_)KA1p4e3;sJs#1Xh$|^yZ~c8Prr=a#vMvCJZ(OO~!rRA{a#Bw`1@u
zZA1W68N^@~i));9;jvsgo)t8`g_o8PP_4a=1HF&S>924V$ek{9pPV$m=eV04QNmX<
z*F`oTCO`5R2?Rjjg~Kg(fBd%TeoIK6WoIHEs11aufl+QA=<x?f(<pHuP9mxR5vS{U
zyEW!4bs0?stM|vmy9&2<(L(<NF}%JCS`Txif(FGwi~M43v1rsP4~rad7ai_kkK6^S
zkv$E9uY#miEmIG9<E`U1Q>I>Mz3T8+bbiW$$9uZ9el%si1CZ%C_}prZ`bk6OMQo3~
zNKz6MM#2f1X|FAq#bKJcJ$X18l<CO9wO0TsmrJ*qcYImvMHzPD4t7Ricnr+v>!*Ud
ztTgc>PJwUF7(aw$_@_TuTIo<?5nTIRuUmAldI%tjE*k#mGs!w$Vl^=ekQ7+Sy~3bC
z<WMnBi;;Oo4%6#LgaYi|bOQcTz#!be4R`!!-+L#H0*(ui6j&+@LaCsBGeh|nH}GQT
z2^1f6_mJ1p0;W>iq>qkSPf}3-akB~5HGh9jv)H`DDkQ(E7iMoj%sDp;f!atBi&iV+
z8)%u{_h`9JLFL?T>Jpn_&EC(cJ6vr!<aKJfw7SKe=O4!Ub6pprpTudlPa@kUKQf~O
z9VN6KLCoJ+Qga>1A!$tR0eJL6f~zERD1M@F@^dNIX!lJ%G=9hb{P<3Q9~-$*b;tu#
z`U^rHGm@VwQjgk6&?>-%r#a69Q^j)wD6wae@sdu!kqsRK35U-UyW{eL7!Rj@$6ax5
z5mRXQ7XqYzCAP~yf`X_qQmrmgQ&$R4Iq|vfy)B{L>flTIK!JQEQE9XM#sp#IuT&7t
z7Fr$3h&0J*=B=`&WFpP(3FkHTh%)qxrGaQ6N8=wv0ADoIc4Wz|<#zuUuFsZQsljNQ
zdn6um`ke8|hBpEkIDK2jauawhqq}r>B$=UTJj*GeM7TSKZKW84jKTIV9o8}l$qe3y
zo$QAlPvUER=iOWvMz=osUvYPOPq}M+>wfq;KY_9TV2Bf#o##*gyovcQm>mn_zh=uH
zzLY8PV~AUR1Kv&x=(lO!iu@+jvTQ)MB*PcTvn>RO#=2O+KHP5Y$RCj$=H?E68)EU{
zRCSfZ?X%y?=~&`oVr1*mUq2acq+L?)vU}TH`+Cvfh_{VaUR^ew@M>w9v1!`g`g$G7
zG-Pdg)b%(D9RrH;)k(JY;+Gv5cO9{s>G+xFfX@wWCq&id9DY`i(vH*r-fX6O>gu~3
zFKJD^-(x*~bz4`l8K@K<d9wujp?2h>ejDrqWpg3Rd9VS|0EKejX$e}0;$;}COMoHR
z5;{yK+d`*{!rIzCtNnMz%*~S>*Xxa1n4#kRX*iD~?nb{b_#j+&uJ^$WS(^hg;n%Jj
z>THx-KNVp&a$~L^>U6SO3KG=`{%}>>&Ysiw>2i+9C8|y(E}FKiZR@XUU*1!9>f-i&
z(v?+N$z6GHYNRsX6Pzk~Y(ytcpAcj;e>PJ%oE?L@LSb+&NS7xbvA99W6ySu4hDhGX
z=7{xIAjwGHsaI=5gU%dWWJuk_+m~iWxJ&DwJOPm+>Lw*=`WCZDv5`<@O->+(7L2+l
z$SQGw%2HIJI!gVuhX#ym?5UvIDBdb|pdIAcxIMeKc*F@x=$P){y-XWQS~j$oJqF~+
zAQ7MF@lb@NqoLPj$X3$JHI0*ZP)$6nz%30u-C%NM9>q@%0U%sc>PUW^9tqXlIA#0c
zbB(Nyk&9C%-Si{jkkUio+`thu4s^<9`2d^J2JR_3x-R_ITniS6tg`z6=89)UVQ6rh
zgZYUl{?{mc`7F|fB*g6~t^yD3Wel%eir`<t;r{I7*Q44lyeYJGG4Y|m^aL*Xu4vZ@
z)hZy96;0Md?@n#}RBK#A5+x;ItBm(c6KDj&NuMjDNr#&)RiuvzMfgXxa}8s6FcqPC
zvC1cG4Y%18GS1`>l%yU>=z2w-J_0@75k1^2tiW;PdLP@npfg>QW!#YETKvDwG4Yq(
zFoq|vP|DxbFZcvMnPVYkB^n&cTFc^r-Y}VU7zDkI)8+!gB_yK!hp`r(fsOM<=gS-s
zGK58;sl<BB;ZUtr_!VmDn9D>8g@iMOi=n9i+b8qiu#)3OaVlC+A<H@S32kYRke#Q6
z*0hoooR@^wv=>H>x`LZqEo3G=psnp+Au{jLmbUJEY-+&ko>K6MoVWh0X#@T_@&vH9
z2OVTSrmgBm4H`9ox3CATH?ITl)7D|R!3WY?)%hsYkJ^%kXW$?EYxK3@D;xG=1raom
zig(hB7Whluc;|#v^_xBj%kSCaUVqzM{+rnT`-f-!zwsC-;@BADpE++B{=Z;gO#eoM
z)gKWW#RuQuOK|pFpuWw5`3xn+7!~lZC8HeQ?_>*YWm^JFcDp&hYf{l+$^BCkFwZ&{
zQ9Zn^LmVmJ`=@-{E@1SAtIpt9I-%`--BoqhR_zz}R?)b(9F?j{jd^$PUHtZkZN0Cr
z^-M#$%(D>OcdtW0G4f-Z-RoqmqsDZa=PuK`0{ma#&g*(jGW~@sQ&jyu0B-A(4j99Y
zDT~?m%aO}f*FV|O19cyd?K`<>f&g|I!4D^W_`mtEwSw3nsQ|`m{P1IwVZbI)-q(1O
z)c?4Xy+I2TvdSK~)`p(*4JEfK)mT@cTRE)S_6FQ`8wU>59Ls9%zsN(TZWPlN{qXpp
zYHMJg!uDn^f?SznH~TRfb5pLf#*W~%=gzoQhP*UhX1fY|rXMi;6!bXZQcCBXzIUVS
z+x2sAbJ}6e<k=QAqx-vMz&l;+WI5~X_uJyfMP2C6g1@UN9Pp~4u}};^Stc#xYAw-F
z(u%CJP^e}0u02^Jj*E9n_?MISF(dRJTB@bzCVVUD#(SDc9CZR)h^*Et3O~f0ae{ZD
zo{C7|PBLf$UDERnFpZ?<O%rA-KRRgv1~0D2BGadq$*!;nLo<6mXu4}c#ZG%-e7qho
zGRv<Awv<NztxPD4KZhlavnsq>h7_gzi%Z;Dq?%r<Ruxf7P)v=HB?Blu=f)6!rB#M@
z)y8<<lD7$iFS?SW`^pS3;0j`wvz@It7~^A^5LdiB(L1E-=kMmnh{6?{ML7nlxsvtM
zQWK8xuk{9sX(o)3BV+fRx4XN;N*U|Y8<Gqf;)yvFKZObdH8xW{gIb@9k&6)4^CBly
zB8!eVM7?4Zwd8{EpG1c13hcnnn`2)GbVgsRHY<?hmQAQCr{?l5dUaJKKj%me1*^6$
zIAD3247N=fSe;o}j$7Nyy~S`2H+;<8(+pR#z&nXV{?;><tfSeZpdb=DrIJsjZdm%j
zNAMZ*!|=xa4*h~g7uL^oMhaE~0$&0UBo1IK5FnfAi$5;4VD;FIV`i}*^kVboNCRpq
zA);nxv2cv8AxEbOG03iR9euN$pyK1=#phQ~sa*5~T^*>8JDm8PP)Q+?=#4uFS!|MB
z6Uo3j^5-|v=aYxKzB-No-Z|1|ZpThN9r2l*aE3Aw*wtfRD9P9b4vA$Eom(!!cYTa>
z2Z=P-(ri1%1i)uhx`vF!mq}XrkO&E3qQ4m&OT^xoz%E5YnP!$uXao(FSUg`Kna~g%
zYs3__AC`(w9;OPxgG<>$0g}bCOIf@yDM>cm;#dTU3zse-IZZ<RX;N@j6Gi^Kq;zkV
z_yUA{DeXm*C^J)bOWnL$(2dL5A31HspwfK+x3vf)mVZ5sx^cnjlhbB|ES*RDd5X+J
z2%golN0Su?oL8;4aI+1qx7z)3rWdta3s+~+J|217c+IM9V%{pi@w({$wf#h}yUOeE
zR$244jyCLj=W#E;Z65pGOaGsTL`7M}Cd8ivAKQNsb7%SAJ+%Kz4EJp#1|!_^cI5&S
zCjYk@E+D`r19%#AF?jjVyDjxQ8=c&>_EMG^StIUgb@A$KZZEagE)&bP?1XA*8s>eF
z3BlG`P36+c%)3o$s!t$$a*e1`Q`&qu#cjB9{wG8+R;sI;Wv<<l0>Q9mmoXKkB*m94
z)6rEVyOhl!r;VY_G-rZ@H)N$0b^%tG=@~#fk;$UDh!xnwA(l&<sw#(0qtD)y%o~>X
z^Z)p+srtoUaBDo<mWSJCarsVnidgTDx(=ol*ak478Wg3h;pwZ1UN(h=(Nkd}8y`;h
zt!W-m5Sbtu@=z3`4=I(rV5bM|J4PS0<kQ)XP)5b#6l*9G;%}JYYs0RU#-pGgZN%2C
z8zHtyNOt08CUDkr#-(_DQZ3@~&9vP+HQ^3^bY$ve@MOZm&~B_!UEzLp>onSyMQ!>~
zFzuw((2)nkIlS}NgIxT0sUQP0cOFIDE&+)dbc{qzWRij~Ki!C2qAquM<+g{yc0Kbb
z;7lYN)wq9ktB{0Ul}=+M<&MOBN`cmRPSDqu=|G+HV^!*-FCuW3#L{Mf^mfVvYetrv
z>}eyWDlYD20s;EQqw8E%CZrgi5yScKt#gXsg~9}ZIn|I4lsofVR|PkH{Du?6GAngU
z-5B2#jH*xq)FCd(z|}m1m4#t$a3JXp7>Jd|@scC%GAVq8{|X-2%4K7e&j?}uH^VY7
zOYZnO1dj6BxS($2YSYz0@y3$MMCMvZd)e4vJ6(1KtpPKoqILB)kg-K|0NwV0NV7=Q
z$NXB{gqpYkWH1x+myK3qN+5H002(-TpkNn!nBz`)v+s}<JVzNE#WY@UTTjeNJ%yC3
z0HGJkOyd9n2cBp-9K{tLse|r}bBwrRMYlIOwT?ajGTDV&8ynfegv>3M?G$_}7!?)a
zGYx@!VnM=*?2;fPQMpu!a$a`B?6R+Y^f?pegs}SL{oqc_po8L}Q?-QC4D1f*rBmKl
zWy2Z5@&%+&h~CX-5qenj;}ZxVcr5~Q8A22>hsR)^f|B6360nEvAwFW3nuHn7SV92~
zQF#h*8Est~h)K2cU8E9{+y#NIMt%CU@J{jU?G(ZY^nCPBqt6$EKH%V38L9RzFbafR
zE#39DBeAL-p=#GD_8CMv|2&hu3ScsMw1w*go)cPQ6ieb9P}jpB`-D(beSbi=BVbce
zou~TDGbujp?@@*j#gL}ISDPFZ)xA=<blO|aQ3LoYtjrY<?|^?9pEdWCs}l4|3l8=`
zA;z}3tsWDFIcG#Y%D$Z4syFRw16I{@+;(3DMWy;|z=6^O%$nX^m%M{-ymZr;m8(Tr
zFQG&yW@!7$(uc<;J1fAzSp|miYWSk7P9z@7q95={x21d|M-%F1w!d_T5sD8-;53!B
zCb&I~jc5wAI@5<SbX%-?TpWvag;uuVtkQug8CS*f_rt0~7;x-9k1VC13GDYfL1muT
z!A}{Nt76=S|C|EctqL@NsG7>0wxfi#^YyjGz3OEX<@&;te-mzBKS@`3BwBd=erhz@
zClLgW@wgs8ElmI$gIm&S{TsMb3boMQ{BPi=-fz{Bx<w<1y+F4aSR8oxOFWh!gbm~M
zZrnuO=QMDRGXd$l?)7^5+?wx{vsS}RKVv-Af;To_*XZ#1zY4yJD4rZ}M9dA6RtchI
zT)s1`%FF(G{7^><AQc~NvUsWZT|6}(9GyQ#sgz&d+LD5Qh7_*New+r|QhA2O_V9bn
z<j%R0x+d+G$;YNxXw96DW|h99>iXxxCkjN!=vs{uU1h1M8pW`>V8`>9f(Du+(!iOa
zddS=c$@CvqV16l?8S+8N0Fq{)ZtC{SikYwF^NKuxhRDcw{k?$qwudrm&~kRlBx-Yq
zG_IJ^7+F?`N^fs6(fgwBuJnr%3rS*LkVlxEWvSdkg@s%&<b2Vb`km>03f{E<zu5p>
z&whAjL>v}>#wXu2$d@CWg6sVo%!L)lL{3huMLZu^;YaO0_&Zm1N;(fXSGl8U=N_w9
zIaU5<TK8V}?603_#sABB-FFWQgn!sD@_#b{|GPJ(e)&%(?~~u)THs{l%~<t;R$B8X
zdQnXzum<M(2EZb!EkdeDY)Ni6=e|u!y83E$1WU~T98cE^H|7ivpUiH5oq=^(78lj3
zJi+ZuE28~JddaS2={WO`91RJoowUw<id;2s^3r;wzMsc@_C!b5AFm!&2nH>Wm{PT3
z756KS1eK=#yD0aj;1*VNSTzL{>{65$w7Sf-TU~ZHtVu0v40<`tnPqFSldMErVeQ30
z2rXmK^HkLHgRrISfF(#Oz~Lz0Hj;TFw>sk)A#I4`I)|w^S3qs@i4GB3yF8EAV>IZ9
z8tNJjrs#%F#H6#b&2Hq)hE6oI$<WPafhv};PmKvotPs1Bl`EMY9;_ZrVQ=47v}j*o
z^b<QP!SScJ(-SVwQiN0LvHBDh{M=LNiXrCiY)7Euts+nL&%GQwa-3G@sjxLGIx88A
zq4NYN=wub7(F@rjk~0`d1cQePZa2^1U)t9*2nt<-I(bSraQ=0J40#0sJxj1fW(Uwf
zj6}iQMN|<GCb3XOirNwhKqkyblUSo|306g>)GG^bYAC*Fv=Os(1P#LM(3dudC2qUm
zV}Ei{+VKasA1&zl$OEt}by5lkyI;bqu*5)8y{o4o?7@6un7~CncJnA?7h8?uMKyO&
zpG?@~FBv9`xzk5-aNip}_B{1)Mk23;(F~^c*DwBHO5m^HFA{W8%k@YsI4MM;snh2O
z$LcA*ZK_IKa!aU;KxCcODob0dpVHJLsqFYOP}AI3t8}%ab)7CC)`BzkD<b9nUcB_u
z13D7h=_dS)=PD$C(0$g79+pf>BdhMNchL8L@m6iDF>vJ_mdKhn6ZMyJ)O_R3QVF0^
zI(2~6<yS25j1vxY#veUJuVK%-V$!>UW$Q9zel(??vQ!|u;bp(^riiG=Yc1L%FlP;E
zN9qtXZt`wX^_~h@^^(|BkZx9a&&c?t?v>F37D*jAx`xEE5x9))fKd?SU%757{sxk0
zT`&u`90#lZ4VD1MtF{hrFdY(=P{R+{C0B!PZKvLC4hU1L$>~HnWR|>K08Tq;58yK^
z`)*||(ik$&)$D7p)u|TfHR=T`-LZ?}(*v?UNSms#|7Le2b^{a2zYUw0EGPuEQHQ03
z_uDxR3R-gN>;3f|_Tl}!{cPV0$L-B94VBAWLtnM2nV-JjHcdf1zZ}|_vUj)SeP2^u
z5UYdV6wLndxs0pPr#2DI!GRW{$&&Gpc2fas@8_#CzRqpGObp>HXT>&7SSl?a2JKf!
zc?Qw9-&u`i%G<ptSA8K-*abs0uvdz_nHyH%bxAn(yXfuxrmAI(p4-&1H<RQC2Ll@>
z=^Tk9o~P-Fs3jJx9_EnbPUz|W`derVTSrO@S|C>rneq$x2qn7`nC@Hx<pZ9y^DCCD
zM6`Rt?4<RF2-Ye496<q%v@yRt6Zid}KXAu!vzmzFZit|UY35@z@Mu~h+30+zh$=Z`
z1u@%7bB<;`M7-{^@r)wd&_4W*0}L2{S0WGFw5kDKKv=ZOhrBj?HZXy(2PEt&xT<G+
z&g-G$2py=?^&04^9m^B*Bs~>=5-j)L@dH=8HpQ!xaDg5s<cT(hBgh&jM4BjeM$>A?
zqHpUTn<>dC0&qY6aR_?vak2QOg@p5hcbyZQx)H+Q+ueM0-9#z7G@Eu%w<~T(+9&}p
zSTv1;q?w&?-1)L0)b=}kX_)vd3#<MeKR~pZhgud47v@;n%NTT?2Li3xZh77q1Xl1a
zbY7zaS{I1bo|n~2d=~uor0&OmlpVs717H<@-kAJ15d7~}j{5mO5d8IjAXwQY^{`6L
zkWvYez&4P~2Oy(>Hb1FMu?e~Lr1Ls1$%fpK`C7>U%m(-N?pBA-w@AO&!vbSXVQ#rA
zTXQSjns5zCZ|R58`*cuW3<`A*+J<A=pH8m*-STw4y_c`;yw6Eq{xz|T1SqziyPvKq
zxth%_Cr`Du^Ysq~_mHB)rrc1e$x+_$8n93P3xjo9ml*W3m~!b;S@Tn~s<79jfQcvu
zkUp*}JI=+Mu27ofX7LOjE=K51@#_7<c%iHNyFf-%L#m)5vNsx#n%n%Z*7=t-6kL=Y
z$Kq?f-ml~oDyrP>)m&OPqh}Mh?Cn4*q+u<|w5MkoVdiTu#jvLnPb=pJkKv`~%E(E8
zc_(SgR@FYaDx&!$L}Z9pTNBO(;_HjXW24-LL9+ryRaJ(6%Bn%e9PF&|*2yp-kkuU2
z<#h^@UO>g&m1lUaT+#+VAiNI$1Huz6<`7O@LjM9`z{Wv_{DOe55-y0!F>??b5hQmB
zH55b&d{l}276nqsQP1ggR+9aWRAa5Bf*ei#$UpLhT@aT*G~6!pvvT(iR_MNQ2VX^_
z9|T_|W?nz;vWoM51rF!c(9EyJ1(BN^`a{g!DS_GeV*yHf9ExJ4N7m7KZ@%0Rw<FOU
zT(H#k?8(CROSyX!KG==f+=J~9s^2sF%Hq2)lK2h$4f)qKoUa>&DZtt&?Jyp0#4v>m
zjg@g5ZVF{JWOdcOlQg1w<rONaeL(PGn!9}3&k5}80qofu`<Mu}7nFc78XLX)qy{x0
zTW3Z5hUO?B`R90t7Fi<US4tb$`f!+GGw4-U5gGM!VtZL^&`{+l>c#duo|I)I$xNvX
z55%N@e_wEA2@{NP)Bwf7Q_{C$Vdo&gbXs|JV;8Y`&%pBF>kX~MXe&A9HR4RkKrQAo
zXz}Sw_f&;0!WNwwbay3di#2x}=16G=4mFEats`;R^sPdXgh=G?YIv<9DjPTnldKtl
zEjlckOZ>GPH2TC_&?GM`nurCcjW{2oYK11&0vOQLjcLCavWjOk6oCH36u^g7{<CKF
zm&UMlx=KHD$;?S1_A75crG`T^w?=@|al*^O(TClY_ysn!_8M$fTUZckV*y4A@3&JN
zRAkQC%hVeg0CMhFay`7$N;!VEX1-O(qNb?!`#f!#EbT###hsA!IDOlxFMkD<gkYv_
z$t{{+bOn{QSoT4mTyvj7fhzJ=0jTN6*GO%*@{l++Czt<p&Znnv*H5CG;?}*{L?zex
zTijLl&&JFiP0Kt(&?5bPIB&4~4Y5>d4K}FWuh;!W)e4+XA5z|uY{|V5{}eetu4rO@
zUz)sp^gupQF#%w|J@K5S!2#lrPOa8drf3h5qMVcP+>7Mn?d!?iJ(DLQX7sUlEwwUx
z2IDiCPzrgX8s8}On)<9YEQ$1z`IVW31-b4z04*8vr>-#K&aeQ6$-gE!pzTDa$H6m_
zkkO^_4g1e3E?rB@N;9~>ELGN}jo1T#=`bh^Mq8iN7@@9`GQ4EE1~x;Zr-^95Mx0AB
zxrTl*yYPb~5IU?ckDETW3>I^Nt0dqx<4aGNrkEq}UMyO2sk_II%8^;xjU+O_+>y|4
zh+HpDM=qFtUv|(@{=T?F`b_M4A)^O#Ehczedffe4r9KEISOurN2&u@&U;ftv4-4rk
z#6p^w7c@9~K(tz3-QX?N5RyJ!Mo)t%!`#yG4r%w~nPk=vwg)%^RFMx}9yA(EVdcKx
z@5qwJ6DycLm>>SQUpmL?{Wt7(;r-S2?ojT3bmGz7r43+y09g|DztDmI-BVHT|0j&x
zO<(sda8lP@MI@bKvZ`HLXHp3f*Cd$e3qU)ErYLog(1cui(t913@Po*W!$6>H;MO8=
zq0IJp_{q=sc-A2;B2?p<<@@?DI3gJVsZE;l*|pE@nH&<98%b%mAu`#xiqoMJKN<@?
zS;P+_kFaA2Mv2MZER;8)A<rm_idt3CwGqHhR<~8vhp4yztpC9$aGUBfU<m8Rnjb!0
zns8paUyMLAnU0i|#o7dm4>E*(t&D(L6h}T5K~A86FjnW6ADbSfRk`4{06xM&Vu#>N
zRq%8iky_ZnD!FbKKuvuJ7sd$@8DbUxjs91K*{D0YEj0+Ea@99!Pi{jB`(XY_jYw;a
zcFiDWS=Pnwsd-gvz^mSSGxOJ7TSBu35XXt*nE<@|(K55~fns3+E)86v=;LdUy&|pL
zFRxFqt+|qt3byv;!yq5d)}~o($)Cl*pyeFY;Vuf2DuC5JwPk0sK){9Wdpi$sw;`8w
z2nIc3It5BVqkSx^v}Iu=ei`8bb9>s6Y-kedAgHr)MDgKk0?RBSE!K2da8cI9UK(r(
za@p4&ctvwW@S8X^>^MdFnRI{ZGr<Q;5TovBFoyXjt@v|L5;SUbl6j9mUr=YPv?OX?
zr1Vj`t{~R$@hFZ$afe`3w(mu;iiP>z#T#E&VCQMv5<M<D9T_sofwyD#f87?I108Je
z+oI}$dxrYXfRWaC+{)&M0BggvYu#P&YKf(nmc?yBS|sIx;@p>(-#>#%+jfXZ8~DQy
zR@IHON!`Dx-D#Z&cd>=B!X*KK(cs(tf@EAqx~4ffuA7JdV9e@?aWiCTpdUFHNF*&J
zDvf$%OF&klhs>j>9nXs{Z6fI?i)sg2rZ1Ycjr$C8#~HPDW@|qmNlN9$#?Day4<k~6
z7JnZTghv8S7|#>N8LYuFJ)d2=0pC}Q>#MvNN$n<No#1FBvx5p_b#<{f)5?HsG#)U=
zo>Fg`XqN4hVJN<Sh(WZrPq)9RuJ39=v{VLKUEi^RT~o2J9H3>-6{w`eBh~crXNAG$
zB#(Z7thsE&$Er$I^OT}$z6=A6W7c}2pl;VQgURbt5Vrg7$iZp%_@rC9Xt22~ya@hW
zEyV|sv|$2xHg9hG9Ly)u4iy#dsWQoJf1FEIqyOq_emO5PAxKp53bN@s>=kF-wCJ9e
zGN6|<zz{6}wVzF3__{fN-jd#G%;tgacHe0&{#bv*eR%V+uVFB$>H02o`GW`ShbVT%
z6OP0l)wm$rusaHRm=$d%iFGt^uq<uvHPuTQPA<YAl|X=}MH=O;z|HTQANtiNUywI1
zjQ^F;C$({F`k{P!)@<hIEq6NVJY^B<(Al49{=&m#_JjgJDk;g@(Lb&?o+39M#2s1q
zH0Q_lnBAy0(#wK7BA8NScNW@?Jv~C~o-z`jDL(KI=BB`+hxq-0*T07co7vCZffs?2
zyF4!8KcTQ-b>zT__OUQs{!TFs)q!>0k)BJ48pEdHv#0fL9wKfO{-e<8%G(Bjg2Wz?
z5j3?9l`1v^D>5@I@6R-YhPeP2>XbFT;lL5QVUk3*@e3tnK(t{LJe)V_PwXW5#|SJf
zB*<zZ(kHq~09rEJ*;-JOIg673WV!0o6A>y7-7taVq^Yq^{*gMmEX%~-F4ey7$Yz_3
zRP90XR*VekgJbQ3Qyavd`rzi+zE@56=Wih0um9+<XKswMVEtgJ>VJc!|1Nf@>)QX2
zTOa&?u+-2eok;NqODmN%8dOmv*7GF&{)MHI2NY}J$`8HQ2}u`&Kg%Bl{15v(_C|KQ
zLqkKy*WI6Gquo^8qFR~3^<Ur$Z2Nx{hM(H``i3md0_ES7q9fXDPOml2Yr3CqM|GN;
ztB2^5cO`;B(`M3SmJ}u9V^>X?g>VNnodvXyH63=rj;dXkQUZ6MofZAf=ZZCib+&Jh
z_mp>!USj~=uX<aHN}8}DR>e3!b;dbZi#=8gp}%kjlNY6w>3Hpd5%qyB2y_Jh<hLP<
z(b-+Ywf+jYk0<ZJR<xPG<K$V9P}Oh%jmH^Pl$Z&T+mRM?S-D>qw;?Y7-SJ-2l^&F8
zj2Lq6>M6uG(_7Dm>`FY%BqW)CZ?<_rei3|T25)h!_2b<XyGEt5F?O_}t(Y+%Mq9j_
zw6NFc^J*%q87F)0%5tDM&Oo)IrtGMZ6r|QmRpBZt(gp1F(XOvChXxAR3fs?P4{Lq=
z0s_3m9wenAMTZz9dxu0#evsc(T&Q|6TO|W3k0=0gOOpE08df+!N6n^#=Mx<l%l%WT
zO_-0pa=<N{CWYBUM`1r%T;@$V9PbU1XaXH`Knq_&bE5Yx3CrUrLY?AxV{#>{4TBGG
z^(!L-*t^ZZPXostRw`wbA9?jl6uJJibLY^L*`=A)XVMs54EKA-zhI0wc74oU10C@2
z$fD}Wd(M32g~;jL?rDc=!CB4iHSBRl)kXZ3S0rpkuTu;_b@+>KHodJ)l)Oc%768Qn
z(MY7*aw%}QoWL%GdrK1r8Iu42T6M*Dhs401Z~=Qte&*t@Zli(@B6;yn&NT#>1Jbbw
z!4NfkbXX5F=Az0R-`Ig?L{i$Msko!;O933YOev|V_#-+9_s$Aw#tDZ$V~jSgo>MLO
zj8Am;hmfm)z(KkW5c)aHW|Q<;mU<MxRq!`ubJC21tmH-og6JL2_Fw^(pG7T`k=O!i
zFpI+)mK0shQnz^b{HPIcI<`O^g;xvFYs(9Romkc-*hIB3MAp)A-JrGX1}eb`V0O))
zAj7sV6sK>{ljY%0ZfhO-_7^ex3eMe3WGYPMljZCncNxjR6WJS84OnFaKiK;9#_Pc{
ziLJ(Hm|Gl;Z%RKoL+C>dl;>o=ifQE-8e=S40yhxCQ+*KEj#)?-?fmhRl3Uii7vQ4w
zN`u)t+g5zETT!f)+A)wru&_4*wV#Vv`nX!I^<n5Gr}hZ(ye_jReof8h!N~eh(>IgY
z_WKq`ejK2P5Wk<qo%&pWO`IFdmPbp^eE(w76eAqIe_75f>%P%v8DVzAAeBUjjlvg`
zWRXii<{speE68gVj&kHkA1rOXlh3xU%NRK2G$)p)9mp~0?28nCan+ifBm@xs`=c$y
zyBxW(S)H+LRFYWX4X`iNIg*_nrj{gfj3z9|I;M5*8Zo&Yd;FX!EKmb9vPY{H<%i@B
zFFL-nFI=yXzT(9@lir?2z3O@Og8(9I0hv^1&)XFjX;mq3-fUR$i+99`x$Yso!w3oK
zWckImp?IMH=m|}@^O)zYtdz~U)-gFvxyGjPw9FKEaEBz>ox2u@?PDCe9k(1X;tmW>
z{EVSWI}&~~z1s~5K%@RCC%v;s8e0F<V=|brICp|3IXb%~K$p?YFwQ2#;Da-Aby?<k
zq@B-yhZ2%8wUtT_ny3E04n<cRoquKWHUvfH-#aqT^m=hWxx@dDEcGYw$`AZw1zuqO
z7cBK(y_o-z7xkYVcrrzeL~*@m)0Ft%$jUE}a-va2;zYR?uKlp>E+OegXP0TF-2_bn
ze=C7A4Kp)|6McB>r_av1#;~f|#oKZdZ%nv^)>XAOVSK(RY8Hxirm~gdF{SNhW2<TY
z>2vpPKQq)+IWg}&u?*!O-I94Uvh;(lKW?DWP(~N`UO;nQ%R$2!s?PX?B;`GI-R1)F
z9>-VFSmhGd(?saS@r0>r9VYz}thK7WNCTHTf?sQe2)h<Cd_5V-d0*734>w685xawt
zO+ITFGlUMYNp{~{<b8*T?N;C25UO|q)q)n2%8i;oXW`#)=&`hvwJB)I>7jHMZhiY{
zk_su~)>Z@AkYK?nofd3jnJb%KoFQ+|?xg515Ruu(deHFovu|XdSY2wB2lmL%O{2%7
z-*)vG__H}taAfRRXUdQLoBVLNvCjF~xr-kCYF%{cA~mc*E^FnCZ9jKTRmW<IA=&3B
zas!W*$O&DV$PsfB+i{Q!rXVeU7r7hzX-Sy<efU}D2mAi4w4w43DpnK*unSj5k%F%d
zxs2Apy%_Vr>$2Ypt=~$T%%{D%VHntm!%5cTi^oTvmI6YDd3>;xroo8gGyJ%L;mUel
z*9sGa=3M`{fml9zkEI%f&8Ps&0jb&+_3$H0{O3AUWUel8Fc<Kd@3>+s=DP-vzX*pE
zO`OhO4G*~8EBc*3`-ly5P3gnRu(xDg?KNc<U4a}=r?~i(BVL=X7TVXACPy=|0_m)r
zJglfnt)wY@h>spgU8M4hB)!Qaf@r}{Wn3*1m*0ujYw4D1{SBiE6KJ;sY+<3A4$8RN
zE)KEtA@1QH1P#>}!SKuNk21zItb4gz6*MKAYrS2W=&6JC4srWpQ2L5wpTn;<A%Mpr
zLi&#<bP=L;9oQ89M2i7DS5f~yq*GH39gLuk5g46gu2=UA`K4_ii!eJyx`&jU01ZMy
z9STcLwwmjiUsk!t3uGilg)UM3+XukU2d-`n$dIzm<_YJs;4?HlQWxC3MLr>2b{^)9
zJ_3h3+cXB*+%m0XHTIf+=PK~>Sj!^W{j@{5i!-qc(aQdsnKm3vz4jL*8@*`{Yu>iC
z!k)1aRuaeHeK$R8nKUp~+`0*ju97-Y<v+e&R)bkTfc$F%Nq4)PWJyFaT58@~3aXVw
zi=&~_{4DyKo;;Yt6>2IzjSH!BU(-AXBlIHu`m{?Y7APkaG_e6r2$wI3YPQpSx<U=;
z%2~T%n?&-0^qTp^e)HahRaguB?(Lv+u7aJT|1{^)MF857Vb?wwFkx+_(_njIYGhLi
zucPUay-98Nn#sc*L(SO$ImrSIFVpfB%~M+){~UW=#%>J%o!EzK9N#Q$3UF4BovL}^
zvZn$7w<nNbqcUh9qE=mo{^zf4?zi_Dof^s=KeoRddP2Ba2;5nsHL{Wnp_XJNE#f-t
z5*wq>N4xSkmT!*x+G1F_3NYC>Eb||O>0sAA<vg&g`j>sb5!hkFjlF#HxEWwBIWk_^
z;JP{PaJJ=dK8|5ox8O0Xy!XTg?{i8rO3RNdD_$Q<Gd>lR%QFb?D&?3+(u(Vm*D&_`
zN+5^bcxKGpaL7p<bz?g;AND;|ETiyl@xXeH+d~k_!A%@P;Thd_Eb}-;kd06}28&}e
zG$(^kyF*bGtt!x^!Z&dcWiVaVwgRmtyrXK_#0R5U7Gx7d_#_7g<rt=HxFUhLr@d#U
zc~bwfK<+POpLZapZPjA8z1DRgend$2Q{Tg3a0{Pe&^hyx55}O2?zgQjkML<_Kiqe)
z94bzzxBqHn1YiS;U)VtEpzvDkhWbr--%{x^`ev1$$_0s4r2P!v&m?_JnT5ATDP@$|
z!8`*OXkzycSbW8kWiDs2CTSqwtLax?BLybr*7hs5Klq{TL5;q7EFQS63Wod{Ua+4#
zT3Z5KmE*o!JP5s1a>;pFZb)MIN*Dbh4_XH3yR-cUuH$$3d8fyXxCs!J4|`$11&h;E
zEMzQ;)d6<!UAxrwr<C*Ef8GbRUq)_}{d0uu5dRlP$iIqB7h1OVMJ;Gwdgb5!djprD
zdgf7#22MYnJb$a=O*ShxKLEfP7%BrRp4B4N?{{9dxO7>w&ee^Bl4>%g5MVxEZ*M)k
zT#whQ_wyD(bs^a1i)ozaAPxza;;J({pQA3nRO72WL3CYJmIh?=>1d3sYki;3MfcCs
zSrz*T?Dijq*0I~f;moG>TpBr~U?-vtL*9Un8&zFo1r6J3)m^4?3s|>qCI|_MW~=Bv
z&7#k1(xX#-rbJ`fZYx?UjzF3r6!<w%auteM?FXS%I|#tw_B2Aais%Z;?S|U~>IfNv
z4bNF?aDMo+nxn?T@MTjB(*LbvL7P;8k{kB7n&ruMe_VV=CBBN^TrM^D^GKz0@Yy&~
zEXK4ER@%aat-ERPQ1<D$CXHOJdIhWc4P*zOGl2{Hk*i@&xOMdStzo;DmYpwGp0-^B
z@LHsY|Ik)}nR=n)bL+s-WfyZ~F1sitTSIw}P!4nYgV}7Oqqb@;XYVnm><5iG2RI~i
z0z;Mw%^%LkUt$A1#d<fP>6c)o#Yk)lwUwN^8#{V&>m4dianwFa<8I?AoTmgmbeVhB
zFkigWZO5d1BP4l<W{l7b@Ve;YK_zww;_=4~{ABvSr|uW8j2LZw?)q^O^Zke?^uZP+
z!_pydG5%;rGu9lf*~j&q_UooLbodj!UrxTdYE#fA)x!nsg3TW|hM>AB{=~lcO8w7Q
zSKa_)ft<*(dC=Ylp+_j*4F`FA*%yeN{3>dZ>n3E_o>o<8<T3^IPcp?cUMn00(VK%k
zjhRcYs3d%-(WbDhiWkPgd`~7ss>n`t;7=+n+$3ADyEncdaE#F_2G7j<*yQ{RvQ$e+
z#XV+{wt9Z^QEZqsKgKe_Ll2l13|!OWs4PldGwJt^S7;Ts4guJSV{Mq^jR?d}JS<T*
zGFSP1bwL%hLrs%Qtx$t#=)n{-6)D1(ZA;K1LV&)NY*YFKnk;W*5fEgtCP1l5JwaHg
z$s)4}h5KdtH<VB4BPcNc6^(rWTLJ&De*!GSRY(Cd;XXc~*Ycx#)QN55gtKTEq?yY9
zDhS(gNk>LHrj(!mcs+-2dpCF$#I=ne+=SC=IhJba-rDskAelQ1ZEXOWY^JjN*;0T?
z(F`gD`3U^&>)#M3$HKFHp-!P9sr>A*$<i3LP;NmF`l8%ja{|F`LF&@ZxCf=;hgO^u
zVT-460sJYsT6pBjzLK%jm}j>87mALM&%ETM(}{Rd<7r;DB6*I*Av>y7tLAJh4)OCg
z>#qyC52vzJxwsUd^3$l%5{C?RRvK;;I9J|iNsU=8oRv>Ho7Ldt<@TiNyH&~Qi49zJ
z-mjS~`*k>WPcEg<Zhz?d6rgTDSY6S%F~A%IDWtst>dY@nf17h_2wA-*SK~l<$vVmf
zf{Uk-NAY+5nPB*Rz6pkJs<khEa7i$q!Qh>dnZk^|7%h0Fos>ZV1{^iv_aHh^Vt$_Q
zwN{c>e&(L?<6g~uWHX)^r9X~WqIDhkhaBM&0ga{!jcHyakDur^-hb%rywi^F`{HKn
z?>*|LM@UDOj-jdI5ZPmdvVKX2q^C0Ckdpl2(Q6=)un++Ha;k>+3RyDm6^ZShsek5t
z;`<KT8hKxT<QtU#?TH-m%5=w2Xc$6_#C)MV1C2}%^>Ojt*OhzWGu(0@?TLTo*;jp4
z|Lifgb^O%0VSIi6x)rKKf0$&z4<QTc6ti!EX^{Hvc#udSv2k(eiT{o1iBF*@6>uB4
zYJBZ{;S<w6!=LxO+RWE%2U6gt*fO=-ZGtD1IsnuXl*%*6IKv6&G`?w?6~_{ln`_&A
zJ4f6zv*%JEdjw3nWhlE$>R>k6gy|S7^vF}vSkJDnAXq-7CqY`jEwRFa0kak8G@*A?
z8)hD>Z8@Gv5)PDc2SQFa!Kf{U(9Uz?c;yvU3>m9T&+IYZdEvX&HxPO#OV1CnII-rN
zd6huvDyCOF2~QL&@`cjQ$nUn4k*Cj+EE_A<P5YKxQw6Mj9>2hMCaV-v!Hwz=Le-Ja
zMwZ#Bs+dlILGJVL5vQGEneyi<KdXRbcvAZ<EmSfjFpiOaUsJA)wsh-p${xjcWhogT
zPP_Ld_7)oVlc}Hv_FxiFY4NEn!1$Vd#|cur5FC8J2+FI+z3Ig<<AB(GvqEERZ%a1-
zSLaW$;f;y(3wY}9o{KRx2s4>&_*@v4EJ4B>d9ZPE1vC%&;~fj2M_sEeG=8*&aWBfx
z@{F!e)9K1@p#PL?Q8d&YA^7R@hS2{14>#6-_vy4Yoz~fqyRT)o0ShCa3h-%=_(^t_
zPUDhR#$^6_o*e*MASG}VOP~eeRA%?Qw*p8?$0QHSUACQ4<VZ+6)dRRa<KRht?2eqf
z2G=BAjhFCczL0N$lylifH0b5XZuLmkr{ztXxW=o>R!@^@FUtCQ-#)7IH<jwDc8#}8
z4HJYZx|go5{#+{H#g*;$DplQhRb;6OyNnjCXATDU=%jUWfjg+DuDs{b?~<MTXo69D
z&D^6&Gp;k0;oYd#d>Uw>Y6`ZrT|M4{UD*5_zGSs1h{68$l(2#71IqnG{v+zcpxH6A
zcmQh8&{qI0u42)ZPKgz^OiqbWC$TsC|C%nf-nJ;NQq}(~T916v>CETX&$d=UqjSJF
zV#1|^vAe44aT<Q;-kq46l&eMewB05oJ$bVMN?u=EF6S++fgOKOe7&;ic{}`V-;;rV
zlM{n1^Gw#<d4}%p&TX?Xjm`b)k$h;is1p1)OfH19`)snUEt+nI%&&wp{FTR)0~DH>
z-i#xMIb2z2C@aWP$l@jy_Y%CcU9CorKC*uMV@ED}*|a9JMl&t3OA~&I=?N!k*<9G;
zGT=MvDBy1z^aZGh5n4S!<m_|(gTx+qeA0rsA8h+?*4S%1^m)T`VYuN8m&;1B?`mOJ
zVAe*`E9qbRbIXf8t<)whv_<C)lr6vO`KQTx?U`(oS}FsLUiul@@OPthQQ=wu&`EB}
zD`}xQlT|jZ!2VDo3O%SkaejEXTWyBg$xpe$KsOd%0_oD5m8zQ4O|~da_f&Y_h@Q*z
zI#nw#fj;ywH(Ehzj77U8U$60~MfP*C<93W!=%!xQ=-K&##W*6PTHR6)wrBz>#MBHV
zb$7QWEp`9q=h$d!mX2#7XPz*v7`CS;E2C&$ZSL`4q?ZcRGsiu^#T-q9-Bj<$Epe5^
zOx(S@e`bgyhM5MJTM-75sqMh|bv0FSq0nh16WBL8+j=>Ds=ctV_>+U&rBN(Y%+Ex#
z#hqvaq%L0kz6kE3y5Ige<d`%gC!tQj@9due6|M7Vfa5pQ68$Ive1v??UMb-ucm`-B
z0e>rba-<jMpcjWrBs`n~LLB%Y_yH8DE|F$Vvz$9`R%tgzJ_E`WOt{x(0vXY{wzx|2
z2Py0!Nb&pu{=(DW7CQM=7pov3soG+xsahEQP_Cs<HCpPc8ONt%-o*4eo&oLfsd{Jz
zu>Q-i1OLR{Ahsga^_am{OgMJ9m|5t|*@#j9xKix73?B}uu(~i>jeTyICDKVl9RFjU
zvbchN&D$ht;~@&jrey@RaKumzlBd)E%NI^Dqk?9*$j#FuU8N&7y~B@K^|DiQO0g47
z3&3rLY`fZ8Cw(_%?NYZ*VL~jwm0nQA#C5(OGxk^g$Zj(1cR2XeQi?)4i*_pNLe8H{
z7JbtWWxMy!kIy%Lx!~tQK5>R^lk=zdK%783MZ$yIeMMVCuUaqKosfaPIux}4Z=uu*
zt1aHo4R)N@Sjg=^uh7VRyE-CFw;*!mL96XDjx^mEGv<!tM1tKx_vR>kyMe**rhLgc
z98|f-DttZeNqq3X3GP26LO4p8Lol<MX^iEK5T`V721#y!ZoU78^7=olj+`jI<227G
zzJGu>!GG>G#f}&oY^516CZaGSP1ipVg>dGxM3uw5d@v(igE!01{DPn312pUtyeRX@
zQGMU=PWM{i!(ZkLniWBSzb9xyKmihWLNn06k#M4iF!KBIUJK>-fBL__<$JFQev%MG
z)*I#kdT_#UkD?ea#uQ-+dARVv+56-p?upQc7r(%#2puT-sn-mzdB)i?H&fp?cI~(j
zA!;8J9kN&hi68JX@l68?pfEQ`Y0_v~L?}o8eUyBb?;V5JD!1^-L+{c#i7%GG$8Gy9
zsYEI4L%Llp2(gd`?lx)&sS$IZqoA*&Je9;oOoC$7{3U&21;^)4Ax{9vKp_tg3GbkL
z*6BN*w^j>^iKH@=6aY_df%Qf|FhEk<Rj``UJJX+LLG%61%GQnb7nhARM{`&o<Uk_Q
z@G!@VMieS?VT2065z5ji()utYu2!G<w+p-NzOna5+4Z08`?gZgIQiGG)%z520(YFK
z3)sD}=kLa?TG|hh6%Ln*r^}k}6Uov$Yo;WQrCRGr-RIMw3Hgm3)RzgDb3YflA=)I^
zW%DPcXfnwgJOhwpil@zCju1s1b3kAgIy1`i?(QtSZSZBk&X>@jfV7W6e<yXt@zMJ%
z6vJ{l2^31Zmj-lh;S2mUu`$Avo(5uFgL${x8~ezkIB-qAPWEWfpFb&A`YFAUz+%}z
z`MaPI2!3`EFwkj(#iph^=#<S=FZ{~NGlGy3e)<KOVyplO@~9zrNk2tLb^LJqWZye*
zSs3!gFZsLidFPq%tIfmrZRq<yZgY%|?PC2WwuJs)Y;$D&S9fw!T{||D1I72JI~h3i
zqd#KO9c9>-K!H@mmt2-He*(gBKvEghIx;1yeO~{Jj?(0ta-G!+JVC&GU(=t=Jbt&c
z3l`F%>h*3`9Oy0n7TR?UR_e<8o4R&lU}q$j(n^gfa?!Y#QRu0DU$<HE9UWa{+%56{
z)DVP9hP9;l>Z@ur=0jZ2qvp|;Qe;>}{#0vd785-G-dsqrUiV*&t6&ZJ+@pM7b<#w2
znU0VZ)?WQdjv_;Txt~Y46Jz;7VWBqxV|2eSkaiQbAk-V@!G<|I=$MYS1<gjT|0G8(
z4PILik^(Hr5KSOagQyv*7jL;Wl$APtC|_uM5k2qEFQWxi%k#Yu2C&e;Sbf&*nhkvF
zeOMz*?&?sYJA{;G2Nr&>T`u$%=gfhJM|>GN{?e-2&iY^Ey;G1ZjMgmJ?%lSz+qP|U
zw{6?DZS1yf+qP}n=Ja>|6ZbycGchM-9w+Ld9;zbhp{jDNm1||@EcMbVhLr`AE)Is0
z{NofiEGcGxYq_DcyeYJ|ri=Z9DPdXZE&cT7z_k7J1U~~e=j{a1y*{IhU1F<VRvX((
zfiq_>$XxljgHp8B5lD>0x?+$nj>cGoKeJ#=WF?rAQ%7#u*m%q>S9lH9fHCG<=_#?i
zsmLjpGL2zvN~?I*zN{cn&+%<pe$D^5>^pv>p<Ht=FpwpdS?Dx(is(o=9a<2%VA~TZ
zMT2#E%R_}w!D->+Au3-b#(`=+3Nn;(x>33?FS2TWnz4c)=aHD(n^|<VUq(>U&bLu)
z5st!BQ-*2B$^7wa@ItrZlLvg#qo8HVaiX(~BL4n~q43&Oin1~PGs9diS>x|Bk9)Jp
z<ZPGrS1(O>UeaMbW74<^qs@8`1R;yv`QzM!PYL<tv47#kMG!<$*bQ9aL>IVHJjI%0
zG!3g4lLpRL$1IuA6P`Uf=F)raH=y3H7Savh&XxN7l5Dr>N1Tf{9U1SK&nTXSyC!Eo
zG-e@93xd)$#1^G6_hk~3$_|g2chvM{+ceYKg7M}WNn*eg7ose{ij<hh6Kxe`K0R3-
z6A!$kq*(Cqgp~R^A;W{?@69_`%h&X>SS)_owk^=}2Fe}2b`2GrGgwiO4TOhCJjd+c
zOH1ugAj9L3^nMb(Z2p2u(Cx8XO-24+mB~=tV`n*WfrPC^CBE3@cE+(bY(+cB0@zJ8
z5!;S;HCXS~N7GUnhFzzxaaJO^>3{E$r)v^~9j5PnJ`Zlo*f?FUp5buSH@fxzIqh0K
zE%2ca_C5fEL{FQ&wT18L$&}JNd0W|({f#ZX!prTWr+pTFtfUpgfQYn4MRuT|`QwqX
zEY5FKtGtJ(xIHKEg#QkDj()-`f<;}m2Ak1n#e1h4E3Q$2!Q}8eD7xCHKFV<1yyu$L
z3mgakPxTt`h8u$|GDeQ@_Yf$5O&i59vZH>Zn1x@HP@L}<3<T$&dXW|zq_O#5LNO;g
z1-su53KG%a?}2joMK*$E6OZb$byZ|LJplM*KqZh%U+(iz>h<r0!ET6dXX7tloUk>?
zV3-o|Y_{`c^hm?w(l)puM^td0jL)^lh2l(-c15P4oLdH%{vopYzo)KBcPi$#A)~qJ
z;;gYR0{H=W9z?U8tvaq&!M5(1R~PnBc5RwCbfUcdBpwN?$f{JhOZaF&%-SW~Dz1_X
z6fZ079q&Fgm5<Dl1#bAJ>=+oixt{%S6DFVqru)?r51k7}|8jP{0eG~QN<iYjH@xu1
zqc+P*#<cy3O)J+z=bQ3{=s+(|achLs<4NQ5NhWdIR`o!kHY*V=nesj3><Q<EL3v3C
zlVF67T@2|JvHTgIg*=x6_k-W^Z;DrXp470;Twm;v)OpO4tDWAz0>17T|Kmak`%G?Y
z@&}ODk^hT<=U?*G3)Ri&A3*-crU=kZ7I?)sEUomVQaP<DzsL&!ECU3E&O$8BY|&-g
z085M^VX9zV&8l$?i!JruXUfIW_0?QQWi9%y%5YMkSv$2&Bs~Mgs9yU7kGBA9wy|nD
zji6jr5bX`;@<B!A$0)5X(?!WHbF<c}+Aq2&-2}>O{`u0A<@^rjXUYM!Fay3;j$BrQ
zi}B>9bbZ2bTwa`Dk#<owG0KO#`#^MSQcq%!QtPTTo2MksP*#Kca!Ied6tTJ_UQ?Ih
zlp`#Z)rz-yfhA~iw1P5(j*fsnRe^W!s(`E<HFw3SASV*7a=rwYDa}dSwAi9q$D;YW
zeP!LEjQS@Dan7Va!cUrqg;RXuDy&+RA^lpV1Jy;$ze(pruAI{@GmN?Ix>1w*C}h#|
z{tDWrOMJ?9S_HVBFrR?paHHRL27M}|uDZndJOFQ5i`Tv3@KE48t;qR=h@9n54zy+P
z$}gk~tkNhkeGfB3!sqnZrVY2LQmSFR!4>7?_nbthzYa^aO5X$~k26RH7W^pGT#E9p
zuZt0JMr+o(J3akiBHorDL{5=xM9#W-1NCwbR$>4zTw6xS^}n}%-_*iuc})JSOqb}$
z5=+X<)(3LK$*(R&&ac%+<Z11hZc0<)*$iJT!*Kj_$&D^84g2Oh%?U3Mx9yZr;;sqC
zMV~E76`Sw9@#^+u#J2mip43^Y+q_q|l@#aN$1pd@PR_U$Ti=1ywQTvoCd=x?#>?X2
z@(`KITAIcwLanRqZTpz99>whEXif;rD_g|!v8j~*qH{IS^Uyd|lDYYutbI|GjeR66
zF-D;pRd<fIW!X!Upc*5WAeAY7CjM0(;vJ$^xOElvP!Np(*;Z7OVXdI(34f1ZanX%u
zgP!cEsT^UY<Im-n!$uF=50MGPj&c3s-QLK{bzG(Pv1Wu-LfGQ>P&cpn5F0i?YflbS
z8aKH38=BG7ao(ORJTh}P(B!%Oy_&py7O69Crpf|p`O9CibR;0Df>n;yt2k{FF&4Yc
zOTT5aD+uNfCL2&p6zLM7BcK^x#Tp9&e7nh;Uzd0UJa-I1E)qJ)fM#&n0lE~yIHKfc
zknY&?q<xP9(a3vjA7Mc<_w?9f(K5jj6Vo-u@(e9x*^I1#ep>GC;0_Rpwl0Vrz?5!A
zu<-@RFE`R04rlH<0AKAh%->HCmaM-SJf#Hs?<^5HoZ(v_lB>{|LgtPl1D-iK-e4(t
zFFIH`Pi8}KJE89dM~m)<PvuPpuH^N)+hq~fg&`Yu;4Dj@pUI~Mn;fnh05b>MznG00
zNkW6PlVFmf;x2oP207})9+=il=mfE+-RyP7?y%{cjBUn_u+mV(6`+wS0BcSKY#Nsu
z!v$WLslfsbjhq1U0Sp}&yojO`hp$h~Q$xoNhdUBC{4GGUWc>U2+@)-HQrvVZ0rYtZ
zxWvWAE7*T68}+}igN8`^?5NC^mk8%a<?oha>~b*>-q3Oo#vTqDW50vd3aq#)grM_e
z3_%Y|AaW9s*8)9cry<<+^T*yf(q%$KL%uNrgEV<DWI9eu$0k^PtC55nd7x!k7EUyI
z_d_;{VBgyUp|5^t(|xZ6#$jM|cMj7eFZedoJ!o+P`39lNz+k^;Arw>@6u|beL5joY
z3hh)j-t@}@Mx^9c8fBB)sF8n5svgl%8{&_MWSMYul}DG&HQ(~+S*xKS+N1a+G+sL+
zk~DIq2-}yU$SGHVqq4={R-8)g*14+pI?72EpC8X5ii(5G_JceMzHo`u8o<*^K`-~C
z6BCI`6Ofu(u<zMSpIfQP$uS%bzH++NDrqM!HOiHKMXj_g)xpkOx7?9JbxeYm<&eL;
zIh#X}hW0tWRG_O75i4=ego{+d&()hX>Os?MkIlaY-_i!aY$Jomn=tHVGXpZ7zs3h#
z+_UH+xeth7f`z@o*u_Pa0(|AGXWwbgiE_Vi!%OoLSAYFS_KTIp^QP)&wWIZ42!)yd
zEfoG=-8t}HX7D?)c@YqhQlS~AdC^%tFbO~C#F`ApeA%~Gj1~T<p>bN~W|DeoK<)IW
z=P`D|vdz_+$hyIp`5d+5c~YrG3#FKvOM1}PD+{ZDmI1aCvAI|X+8ej=TY5R~x9jG#
znu2z|N8LW=$jJ&e^#k?srzeZSAZl}HCjs}>P6a`OFt+xovGSh>7{lhtpGx4fl-D*7
z?(Gi2TUyrEBl+h-eZ!78a1YF`Cfn*fD{AgdvfvS!5uUJBRyv;45e`?QttsFT5gH9)
zuDa(@e=$)#M4hdx(k+1bSM1O&&a$eOzLghkc6{PvGqOSL*^`Y~_nA#e;*Fk<U}Ib2
zT@sNO3pTXjUE})r;055jv1Z<@maxWc;E1UU6b_;*?bp;mR!xaq`k-F(innKA(~5D7
z+_VU2Jz-%VrO`$!=hVp*sV0Cm3p}<4o@J}CXM?%udC(W(^yR>~{ql&OQH${&rudPF
zh&894F}RyK=a+1+)$6^#{@-Gk!%)_7-f=q(v_!f;w<@4!;5Ct{0T1d|vD$j4F>D&f
zrDlJJ?EeY{ThQ`*z#j#-KWt2h*R4$6XA8pj94X8zP&y{_Utxt|1qGiIMI*H8>8twT
zkYwQudml;6OKMK+^5*J(;>I-fPw}$wq~aW$tl=^Pafu$47DL}zijBsmBe7-nxq&SI
zuIH=$ddf<S?RN?Yuh#j|*{OCxn^*0>CbRR6z;(_r$@&EzaT|S5lT?zRLS+KU6}UEl
zucMrb5j0_#oiS9Wi*$vm?l$C(`FNYa^~si`$$VUfx~42y(Ni$W=Rb3|Eb>#%H`+jT
z4i;81w<u7GkIHXq3b11}?vw$6gN-YF7-GMA1td{t+k*PGD@^WBfGQ%-_=~U-HRhD{
zJcP}@GVk;G)R^ikA3jsv5Bz3Mxa!$h!pV(+FntN_^wV~$?zlSsp!t2+xuemKgf9${
z5~}AFw;a1^G4KMDCuZFTu!pxRy9gi3jG^4tMEvk>@a~U01}^iP9htw{#OD$|NRj!P
z1I!Qhk`AO*v$M6!psh_rc4~>#WV1>-jEYPzR}%>4aI&R>%&Z$;eMo?@BfkpZ)3?X&
zuYK7s2x?pGau$g-+}m^OMKpsa&^nvzF8npP8#IG`U^OfG>hKGG6f$+tW7lDECAbiZ
zDnz}=YM~8cZ{pGty#-5v%BZTOmNwz@#pfVg_9m>AzJciBJJ+bxIY=2&iqD!h@)n6Z
z)mGACJ7SGpB*#0&l`6}AE%Le#2x#-z7KNRumkxjY0QM$R7<DxTn)T3Na-95zTvLi8
z7_6hAU^8w#f5o%n^vA#<%`dEql^O$cQxSpbYPACcxy6M{lF3KS!Kzvy<`%9Ncgx=*
zby|ugzR9(HSpJRE*E_KC_xkDiP1ZfU;C#xK2u7-VqEVVph&=Mu3W`b<Mwd~<r0FyF
zg6aU;o7zI_U4Aq%%?0H2iyzyL${yNRqTae#<H*4k>7qpl>fX99(Rc%0DIsp~Srcc+
zA-O;|%;a4Rm4vpn9Fcut0@9MV7tQ@_@XW<Elxr}<imIfT?Gh6sb}Vvu7+KZ_fzgMf
z2xmds@WI6n3(vhew2BT3_kzPuQ#6MA73>yG1`ZT#UNcz*(Y1Obk6pDw?WPEw$x5m&
z#8SbfV=`x%^}B0&vVxy{HCtZ3X5=V*;|M6U5nLHRd-ee3_ngHhL7jz_(lbW41mxbb
zCDCZ9D7arFvV{z9HLp_CqS7Db6&0;dxL}CLzHNh0xl*QbV(xl>-4y<g#(+GtR#q}i
zeoipq^fNL}+jbh64s>0j>m9AjU$kncQGI`}?GcF3-62T2L?%3efmu(-RF|YAC!+;7
zU300a!ES7Lk-j`9Jt|V;z`vKDpSv?^=S7zogJ13Exj|p0^lIc?6VQzhzjSgGsaApI
zkcc0w=K+%@Q}QI{^@KWXGultvZT@q|FbX2)G0qK6VW|zakmcFmK-&1x(>wuK&Y<69
z)hdJhclH+)=tw{#kkO43&F#v}bIEs0ioCgzTd{pPno^D!91%QpIEOM+!k`A|wrTi@
z<9BTh)jSpGb*^_lQE*Iep-CWrJcjp9n+&RPE5_K{CAI8_<(;!i3VNWF-K{nvn#Q28
z_~x&;vu6;#u8x<L98We-*6Ax=?F^Dvx@Hl?*7&@sg0=v~;W{CYFPnn3xGDto@uF($
z`!V}*9~sfE2`<u3#Snw&Kbd?R*4pN+ns~(5<PXxk5n7)=cf|jvig|lxNTcqj+G+nc
z)$ZTvkN^LwcGX$YM8==ggQ^v6pBih`Z&(yYo-5mOl{AH5#FE)C;J|-9FQ4q`J$kw@
zQcS&7W|g^qv#f0jgdlH4bTihHT2d?++pSPH;o;>{H?0yb)XVo?h?U+*V7OdGGq&AB
zp!sIN1P(8OYgA$2Rj$pt=YEekaNgE!Fx#tQRQ+uciEoXITbD^)<<DA+{#LNn`0B_}
zH9pf~Cz!gMuG?4wC5}}5P~u+${IPw(?@i_;QdNB;oJv+RS1+p7B#GNylbpc~Y~7{d
zW_5_Ca=!mKh6ky6U3gf4%ruI97ugfZ-Q@@~5VB51SJn*)Ga0VUZk>BTM00qNB~$Gl
z&cCd=kBNda24`<;5{&|wj&nOB58%T3!*Fl}B2(;(+v_w!C0EhiNlJWRyP30ho?<mw
zE4523=YTW)^Oq6uJ_#yvgCt_QCf~QAH)F0<Jwf&*7|iEhsS*=Kteq57NcmaU-w6*u
z7Q-lgRkJ?fe*~7D4s1t<x|nUE<})BExo-z(;4m?2y*JHhXr8GDa5ly#VlPe-C)UeD
zRZ-aL)@TmO4#jP=s;=Har~tHZF7ixi@(BY<n>q^qfhvQP%0?Had<FggR`7oP-xs{*
z|JMZ%Dl=w0Q9)SD)Nfz4QGV_zRL7;f3%#B;*307=bk^Iq8yy>O#5}@X$q=rLZ<c~>
zm{X?AolVg$>6d{g@gB`BrMNImzA><=m1E_=BDH#T7wyAH?Pd=ui8EL7u*E>4vMq=F
zX~?2<uTuQ*7&m(q<tk)$PC{{?vk}&nMBJgQu3W%CC6LR|F$xIAM6IyJ%vhTJstA+R
zDS9D{umZi!3LPtp)HwuF!5`ku3R0${yKUXUU>pTOMnre-NdmlpvZ5;{v#MhX=O~nt
z-oxHS11S3V%RB+lhDekx_zEv?@aE7ov~}!8C*Uu3fI9t%9|<e3`9WREO_+OTUYS0%
zg$)(^YG4-L9MH|#7s1*SjH6ozv2<AJ(RWe(+PyvR9q_tp5uM>C7emy{9dN(P2mVth
z*F?aLp)xNoG>UJv_-&FIj$g#09<mIwxq7%sH_nh>344&%tTkIvAII#9lD<fEz2Do&
zjUyqcBb98l9PNWY9am<47u=V7Zd!g89!Hal^KUGZNws>MbcNp2fTtg>07kItIf{5q
zIO3$SqOXlok3mYw`OkF*%rdM8<{7yE;}x)!WGR4pbcw6l!LATT31-6@cx4mLTi%e2
zQub(i!7t@T9(zM`Pd+*~ilo_)NfUE+^F19Sqshjf1!E4t0=M=rBY^;cIjHf8^f4)K
zl9p~Wt3tCYlcH1ftiNu-=hT9PPgcXf7`LPKryu7GU%!`8(dhl-VpQ7<G8$NaQn0)|
zg*zJ>I_Mg_jz`DrcaE+&d%LSEip@`bS9G*=UN>FCIP%hPT4ExO=v#EaY{I%CdZ_UB
zpU+bDTQPmph~jJ_U^7&!UgW}o2&cTJN4STb=7}N|NRjw1sh_b+YTPj7JnmrTvli}<
zwi&=H#zKXSkyo?u+<+;Nap8s_V|$NV0}TYX^S}1B!Ag@BGsh~mk^Km`WBI7a&Qz(X
zP;F2=^T_k&KZo<`r0S6~LhhpC(YruXvJk+;jbHrEIn+`QjmgHFo4Ib=N7uEq^x+wT
z20g@8Em2U3od|`>vXKB@?zRj9?skzkxZ1y5e{LN5S1`p7B*Hlo&S3xGj3aKocE_2E
zwuzWhdvvu;P>xf7v*Wxn+-E%e!HH&<__@1nbt^rz_e$(2o?-o@aeid|k7Qq(m;NEu
z57~$MUwG9q|64R}^|O8XNky3Z1Rrq0?CD4?S*3t4ky&dhzj^|9?G>K^JhCL6Y&!Gl
zu7x35O|e+x%zV>J>75v7+&3ATI%f@Os(ng~NOOW(_c&Zby_8U1+%(qnX`{rp)DVcT
zB7iwR>GRI%^LBWAx2b+_H7&Ea>v5g~!plre2<l9#%bqsQ+n7rZRjDY(@zh}4Li{Jp
zv7GG{x@+C|sNI^$LVR;IfV+Djt8&>%T%}^8u_0jyq8KL5SI6>PJ96tyvg0uW(l)<x
z`u8cVCme=HQzNh)Xpd6R1*KSLhZRLRA+={$xsf0>SuF7>zj|I(iPN`kR+lpBCr+`V
z_~sY&waq(Ll~>31wrzQpBgp=E77QL3^XJ-SBb|p~7ltqcZ-rZVmK@f3O^qHD-op1^
zb%j)kdR1JN@yies$8oE#$R|r^I!*{kGPq4En;Rnu&kRL25+_RbQdSK!ql$A=a*Spm
z4_{~MgJ1T;=RrT7mLE(L5k2I5_CTyK8BB19#Wx63pDiPv$X*Id+Dx?Ui&)R1%!o4)
zS(fe^DH#w=$<-1|uooEOzuqrF`@JbgbQqEM$bx&w#DPMyUSu%y79jQqXz#cr=%Tw}
zm;on_XBgq~l{AH9Fo{+m<iazEdP?^Pd1M5AS|jiH1glNiLwJV(KeM7&^bSLMhwJn4
z*4Gk5>`p<l+|CH5gF7);%vS2cbdQnoPMzy&_uQ&L$s)OyYewJ<Dh`faj|ZzlCY!@#
z4YwSAZ~s|Rmrz}i-jtt&t^=PCaZ;2Ymp1VVreli~tRzuYP!Zl_dJ|rZG=^by!Z(75
z;#S_5a*z~HD);s}@yo)AWY&1KVrg2G8|f}g8s(2~Yvr>miaibgOVF#p!?b|^CAQpC
z8GwPk&0pG>w1gQe6MXdy1Ma2u{D|p(AsR^vh4a@*bie5e-Dk>=ODZm^Yjn%7GL>Zt
zj9x0Vcporoe^-Y7u;@4OW?fO9CfuZs9UB$!vI4Zr2Y{Q5Z~cJUQP6RqcU%>ajam)?
zCl)NN%Qjn!u+QWeZ_pw=`o-{2I+K)5*$?unx=xpYv&D5&U35DKN{*p$2v-{{Q$SIB
zR=Xth^rN3|!Q__maanAVh40BdHkt3x^^L&A4}<rOxVnh}rq(F~=*5VuSYu?I6dnv&
z5FT7EpuP_Q3zidqsK<o1mHWmKYF)cr=PoxW2`}SK-m<D;ybfqofBSLDrA{$q(y2rU
zZ5o;$d$u)JmL1)>ZjF|AlodWk|0>zH^`tBo5T?U2&3oinrWeh8;;moLUa7PJFM9Uj
zmdGc9V`PoSP8_l|1kF9xW$m-w5@x$ip_xkf_M7{&IMUQ4WXSnj&7)s!eSF^G<c~-Q
z`a6Pq+{{RS*ZDAMAZ+%A?H5X}PiSoly&}>H0ngd6>pZrLxFqoM98=f_v^7yF8nR4{
zguaQIP_9BC*{?ceTE;}msz>dcM2i|%jAi$yzjs-SZ}wNMz?%=Xex7ik)?Ak5zZVe7
z^dU6MnX@s!q95>{+Jq{tr=@5g!v{qkOMsGg3XmH6%D0wmQy3(U&!-m+lMXQoU_Vm|
zBwHFP1;B^Ru7vF1bFhztBAmV-wM)FOJ2rb8aWkZZA$*F+y2!(C+vI5`rvY@Wr$MCP
ze(`t)F*&K+PJTMR1&>ovL)(%5tX5QFI^V*q=(W#pAwj+vhHeO$Ep@`>EAHTpQik}h
zPEZDCeS)#w0#pw8&AhkDlVw@1iJzpqO{%|sW{CfDx_~BE%P#oA+LZqWYyYJOZ&0y{
zS!aR%;?e!?y;<&!(zy>l3MWEy0kyu&ZT$imR7Siu6i-UpDD3}wCmXZ3ua;bf1tbX1
zBa7b?oc#$cT%K50SXA_v{Wy_6@km6=`_bX;`LvD(<X$tU-Ne)No(}NN4Eea+p3~YK
zw&)$Au!m+o@qyb68SdFMChu!klQ%VxOk({e4{2<aW1gi`O4lwO!8xf?qlNAFt|mcw
zUjIDH_|)&Lf^;Vj*OG2+l0Y^R3izCCijSHnnVuy<vEqZd@-{`RD&cm;e%*o{k)->H
zf9M8Sjv%JwmN8fDDrmgHR8B%xQO0`z{#(^q))4}uXZjRNpT>VI<>t{x@@0<n-Wk!{
zsoYXHaU`-uCIK_}e4V5@W)WoKy`e)n6Nb849|fdoI%qrgEcSqFwapeEdA(f5LO3u7
z47EE3chqg-`k?I*WP~beUHkbEX<4hqMY!nz{vZR(tgW`6)rQ3BVofnwg65>n?t$e-
z9KJrZ5A;EQrSZ%GabAycxHJzAQPv=T=%Fz;;Sz=V*ofG;Fx=@3j3^469VNpuu~!mf
zO{y0^V0T9+mro|$UjxI(foYt-8$cFIkLEU*%Ds$BF#P6CG8Ukw)%(j&7tb}oZXsGO
zT9w`ZMxPRZm{N4AkpYTDWIi)Epn-ecoEfTOR?<rs`II}N2Oy>frhwtTGrr1Z#QYUz
zLu`*9k~Np9zn-jhkI^Y&)Ocoa-OSW~j1^$_9EX-JujDVSk=`X)6_k~NCvsYkYJd!=
zG07%gI7jXNnfWsUBy2Ed#fPPUkd$;D*GpYs8VC!i7t%8drjuk6zeyx3KfWZ}1sJ`W
z)CWGJenD;p12Hs-Q6bY&dE;g~u+c1j|LJYp1R^E{z*cY=Qlpv^{#2hZ?{wy6vA$zx
zQBarpgqJTa62H_WGkH(o_8Bj5(Yg=;9I7jyI8^nKp`JLazq<|(pHZ1(?WDLCeL_5W
zOFMB{?i;!g7VWujr=4WBp+A#PD&Co$Vf#uB!W$42_TDJjY{?i!V(J`C5`DXlsQc3I
z&79*jKNF2!iL#Cd6W=YO&dJDX&O9b1Zw>$bY;6dU0Di<M?NShNh6#p;GoKQWZJ3v|
z63PX+Tg0vQ{AdNLvm;_EAZD#|m4mg#MH)2CY{N@MC6KX5B26YRH#;_{cRk4b_rmYA
zndu}Thhchs9Kf$%TOzjkVj+Xlz-$eHq=WSSaCnAZHVS>AnUJDI;hD9-Ay4=<1A<aU
zB!n|l{&ecN0nX;z^JhKlXE!*yEX&Y9S~F9?&wu^^6(Z@mp?28WenJ@Xa6~3HD=ZFt
zTd-g~?!VfiPUJDc&5h6EryhM$jr@cg9@p<WW>I~yRQ^efh7zuQe3NS{qL#>RuyRr&
zn+<LBRtRmo{C5AdAx|tEM6HY5B%SW%B%;TQJ2099%9eU0!nA~pV7gtiLH7tAm;HoJ
z38+=$&te@d1wot9ye5Ry-4R3zUxkS)1%v!x6^w?ZZRyGvmj|HeCnU)xbHSD=wZ|5=
zUl5(ZA#=p`cmDwgylfiP9%@Su+tY@6<vMwnOocS2YH`qYEC<s*?-ct6!hOwld5~S2
z0Xb$p6B_>w(b__(Rsyd^=}P?)uZ@|>whIM+$E!%k1;ud-3C~fVw-RMn+9)0*2ll1Z
z3<3q%zIcQGnvqX;>^3d2h$q$Y@<4Bme2CG$ZzUYLdCB}FOK0x8O{92e3Rm=rSXFZh
z&0*w=X+*T%ES4lijShPPmER|}XjK0vPf~BYkAM+R`PwBmET<sC_DP2TyZskdC072N
z7w<2nT}}Y$1J>;&cGq>fRD8(M`+~($lX+qDaurg4<TEc%p$&>l(Xi7p?LTQhU%`iE
z;b^_HX#NRvd-rwd!|ROUZj7tn!)RfbVsabYS;T)fRxM<Jzy8Mu597bV_<!lt|H1gR
z|LLbg$aG}M-43OVDEs<K=d{}?*70-^fm@v{mz~KT9KSz@_CZ!IuadPje#hBy;ZAcg
z-qUq>*H`~-&X-X62jrFhH^_HrfCz5S2mc%7<u1Eh-#(j{?JLyW1Yz^&aaVTSrAWS(
z(AlpZ9cv4jXR8AXu%DI$76*F%Sh*JxWcNBxy4#^Yc`%o@Y-g#YWT2fpDa}~OGcg|y
zVaO*U0DqlZ5j&YkYwJr>l=VVqd7mI&mEZ_rziI>TF|%1C+*RX0=#NUoBw#jGn^AL3
zmc_f%UzxcTlQkl4f0iEn*`naOvv&DuPJ{xkO13Rn)tNQ#a3DKHhgmblhTa>?E|GF>
zo{;buoNKnZ-=nXhR9aF7PpxXbz5}gmGkJ42&uLCFwaoMFr@U}vHi8^fFhn{}(3Os>
zlUegxmT}SGV_>#}To!EU*NZpYkMMgFYl}Q>Bp)hfMHZSR7UnXh+JMP2ussnoEmH^O
z@%m-@h{E;{e*X`GgW}`B)X&}kLK;pC=IKxTd{mr4{j{)KO*^G45c~!8a%lc3$Rb3!
z41UK7B-x!3=~QGL7Hqzm!4ARxm9z3C*u1eBY-C=C0Rr0&LX)3_VVBC>BaRw%Hy^q<
zm)LKlF}jY3c&w~)4=R>*><+D9RK+eo*bXaKztB9RuEe1G{1)oSW<p(KWOdyP!DC2v
zEnelz1)28pBb*yh0T^xX8h8Xr@<edF6h87Dhq>mK>X}lHGE0ZSR0trYzFnr0QT;ve
zze<E@bz=<hRAUkt6)MN=&lr)y0njPMKP&Hd<9so*?c55R20MRJ(1Suelh1|1o;i?A
z`a=N*4;4%0#}B?_HN`GB0K7}Bo#v2UlcojB&^G+YWYUc(t%7rAYG`cX8#=cY6pKH6
z4?YV%;1dnZQn;2kzVS`<kE=uR)*z2OU7#}MQngyKZTd}EfB4)b6N`=xLL`&=r%=)p
zro-jdXsM(h*-D2Sa*&Q7OA$0yG3iamFcMd!wb1koI;9v^;|wkLw-`b#DOJUjQof+O
zYCn&{?-T?RbH_q7o}2J}I3S|H0*Ej>`2_xf`p7f1*clfGY3T(R^%7Tz?nF|oV<z1P
z2PS|y$0+HWNbUA^b5#HI`m)TjaDaaCzMv*)yb!k)I0aYd?1yyFPh_Z7>|rs+5$c%K
z!*oYG{^RUK!sW~ESjsMA@U6Oj7p8h?Mlx*v_KMb&ctl+*%khXcEWAxqkfa#E`~&8)
zw3qLL*Al$xV7FM&Qv$JS(E#1H6O-PbIBCaZxZ--luWFpyJV#BkaKZKUI;`ishjPE_
zDoEl6)pV7hlJ(JA(m|85f)ZQT$Uf(d{)&eL%fu(qT0u;$^Q@B!Vg&S$SnJfch>>T`
z0mv($vD95k2;NHS?F_{;eJ-P%zOY=z5(m?QrOUP!L#ZH=4jV%Nd9hG;rP?uUTUBn@
zc3xy|4z_hjxf`AtS!vMv>jCg|wrNb^mMW^183wr!X6oE~d~hS+{c!*&&FJNV1~21z
z?}d=VS-P!S{K!f%yX%f%z!&y+T8)c|mPG@@Y|85MRZlRbM6d{X9+<fU4yfP&PuvG^
zv$TnjdttVV_PenQopfF-^wZuEgx!m8d~BCr8s%6Pb?;F4ib0-`4m)Vux1b*)_^CON
zg8>b>Eaik|RClLbRu=UN{1BHsT?E!qPx%9|BGVX?MfIL`wX+A}-TCql@!Q)j!f#AW
zYA=NHIiAT2$7}B|DNkp-|B=#2x(ae%`mx{d{x33Mng1R1xNg1A0`EmT;{*SoZc05G
zZxdQygJXe(zX`K<0BjomGj|e6&PI0%e|PrhnsPP^*IY)hVZ*|iz?uZNy>wK&)flvu
z7NCcW7PCR8=G0XTxMTBdpv~e#V+sn1w;)?$<EkQgcYQpjKrx%U{vfcu1yB$CWN2i6
z6utSvDU)Nr`J88bIE1Q(xE2zyLg$Yw78juNB&QknGY502(8|>^-YTt1d3YVAcr!E7
zke}&L7~prhbRlL;5s!ZnlLY{n3$F`=$^$HcOrI{)9txW^1|;oo$F?0Kd@-1DD3Qyn
zoi2uq-97uuE*DD_#Y5buf!a+GkrRk?JDiJOcp>9Xn9ek`9F=yItCLY}%aLm07hR@}
za?O}ApKa}nzF{)0`_uq54aRIJoX8xsP1T)ZBJW96m%kjrc7AWX^?GwE4?mIQ$cW3T
zx4k|EQ*Tae*Ic~-bC`szm1H<n_ltY6jp)Z>=ihy?oQcd0lfWbH)$X?6M5EFebCyZ#
z!b0XiYm3$Vp0r#?SKBsMqjXq1XUVa(zmayn<If`DhHl4lx##C{m06%0tz)x>82S0l
zg@TEqj);xq?QLY9!^#uZXOG?Ks-(~XA$+JajpX0@KlRN)3C%<W3aGi;88>LzVoNuH
z!7^M~hM1$d8lWEaV2p8Q`2qv(T8tRuf)Q(MCLHc@2F^;qV{8PnU{C8Gh)6vWlB849
z&B_=^mZ=J&Y+Hj0iy){`Av<}`Xqan;!x>0MI-G3in$Lf>ma=kI(lqPj9^)_W9A*}V
zt~3n@J=FL%f$+F^BtH{#JdQL_&mi0Q^CkaUfiVt`?k8(DF3{_!)B2~uhB+#~=XM3E
zDahV`aMW^!z)9+$s6-@n@8m+Y!=3gJ-u2>TH7G}U2u>f`0^d;uqi0qL^oQzR^by%;
z2ouVp4h@ZK>PV{(0@aX2<<b;%D1+WaE~sje9)<4Pgx{odAeg;91hQqlI;fYDdkT2X
z)nV{B0L!FH=^EA(SHli4g;mf~ezzO~u>s%i&yn#BQig15!wm6}E$-Lmz>>;0i${@n
zX1)+j$V(9w-kPjib)@_2bo{;Ioc0q&fZ=>{KKJ}Y<gvJU9&WxmlJqKMw8?{nL!6ze
zT-TRE5VpP*{hSPa&o(*dy(}Nx^@`BhcnP}3#X?Z^jeoWdyBdF^epc3Cg`EgFhOb(c
zV5iC>keSLYw&4phxq0@dT(T0DNPxV9MRyibJHdT&w&<K$t9rD9<UVb~!oK>{4Th;4
z#*hP<5>~G!{==pCCjL67c*dL~%@$Z#2s&L{51{z4y$H`u$|4W1nF8nyMRU1sFNu98
z!QC_dd%iI@pgsyDU?=*sv2rH}H^etArfOD*3B}kfe@D1f4Z;a%RKYrz|H(k(*t~(D
z@RF28C+3Nc8)zQ`bk|e-B>x^WYvuXIC-OvZ<AS*UdU0^kk|*F{I!~W1Q%LQZA_na9
zl<VxVzJe2PBEogX!6|MXuZC7*L<oSLA>$jmztm(UuZp_hdo;EU$OKT~?7F8Igky(X
zh@lrb{#c2Zswly2X(^GFAHq%tH?AqClj!mrfGK;TXfTAo-R3P58tKFBT_<{EtB54#
z68NrOG{@7q^t!QdKj!(c`#+*0SwAv+@((KV|2L@kFO7D=PcruZMn$q@L-8)%%%IDa
z2!K=Tnx9mXB2x_*;X0zjfghI-PHc&$1nDNT=Rxf7{{Fv=tUfO<iubzH4W$LCfuq9M
zU{Z2w%KDrT*VoCjbkLE+c|@9!ED&%Lfq1k&pN9dMSlU~$0hX2k=zWo+L>p@5L!DW<
zoXSWJzfq8Eo8sC?P@CM>DVg0sF4CUo*l67U0mZH5>sDIU^nXAxJq_ZVpJ{)<|I=87
zd_K4IIfr}_x@YI|m}EC>D_~e0oe5vtZ#O#k22rz^QX9;F!L~zxVH5U>Vq7hDuU6hA
zjh-~@leAL#OnJX@`dtG@ky!t2U9XzkbkUabiR?jJbK98!gV)OOQdyVKH7yXnA>jS8
z)#hRpY{93XxZ3gg5Jjs^qa$zg9QP!X`>f+`$m?2Wt#w~qELz*?3Db%2GyozH#3$o@
zt200Nd9~6UZ6yGR>^!GWS9GF-UU{imeQ7M~>J5r41KKkw(=)YL+|T-X-<u~gWI7C!
zSPgZU8gSJ#HAZfC1PBAFwSw*W`b~6Ug=f;x&9>M=)$f-#HT0b+C%;Qy8&YTvCxlzq
z)j;dwRgVLc6&07^=Q{2pj;(>p(+}o(WcdOD?rMmM{9xYtM%?2WR?Dm`IEIjbMzjsR
zJ)!X%V8Y~Lh-q^zp^|0pFB>fWIC&vdO5skNhvYR~SpZ{XPW=x4V@Sp(x6-xJOqu0L
z6H^Q^X4Th4c_B>|J%TnJeigv<_n>{RC=qVD%QMPBG58Tgz-E5wS#k73nJDxj%H=>^
z1?4sUF8B2SQ2<FWc5B&Pd(o?L<%Bse!PO1)^B_L)P|3I>;UmEv4$yRmORYLtp4E)A
z*B~yJijQ+p&9&y9D}c;ttul5r7~+g1(yb|J!*m!&l$P)Vy_*^emO%gKA8ZubXkwSj
z!ubaq>n2xw!>x#+uBvk@m6CtXu&Y|igP~Km5Uf(US9b*uTkl7Y4(o{&ufP=)x}neL
zsZ0YqFWLx|>-%d%kLXcQ6;;GkH7@5GWy$1;;0tqR7l}T8rgoH5PqqkS@utYS@>%>e
zng}lSpUFLaI(XjA=eF6RU!0{VP0yyAroA-QaC<VSEl(Y@wH8fr>C*R<{B@)u9%U+(
z$hsIvgne|5faZt!G1Wj=S*kRxJh!C7uK~CJ<doNW8bReU{+qQ=3i`Or(wiV5J*)sr
z;jhY)(${Bdepz+uF{CE_Aec{JE9kd=9<K7_D|pF<>@()|Gi)d1z<V0`u%Jwgi2q7u
zd#E7kQ$)AQ$FH?e7U<%K9|LpW0H73!Vl8l_?j8Irfm<h}>#8NnsD|*mQSMLlg!&#1
z#fjYRG<>T3XiK9#iWO07z@99UU+Nyq-_>mj4d+jOMC%`9z(wWhwtq%DQBX*N=8J|t
z{tnq~Fj&d8#xZ>6<v)Xr1eGf74(j^uVG?BEM~Mf2kKL+@(K2OEr(w{U5=BXbe?CMq
zgHk8*TISvcnk>Fwz1z(BRJoK98I8I4vXM2cR!A7;-3J{r;rA-<i1G2F{m<f|dlHL@
z>z~8L*#9Ebo8@2P+=`TS>vTHw;cL=M9QbEs&pr4g<yb-HQVq&R4*<9f5E!~T@ignT
z_G$EuLaimI1RMX`-RD=%k0=LkH&b(y>A(ut^tK%;TbzG67D=CZcj>s*o{wZT5m&m6
z|9OrRf4<xMY`?cAIloKexzoBP6QML=a%%S4p7hi~)mV~q8{%9ltNk&Yzg#R|c`3|+
z3*TJef%c!VF<oq%cfU=3^!%Yyn|21P^sIOVK+4UkpJ<zvNMR~Hpem81C?d5#Jtf_R
zE|P|OoSe&A<*@Jw4z$UZBih>>)z?aPJBlt<Hp$yPdRJ!5pH=eO&#i;9-pza{Gs+eU
z?4r(Pf#;b%*RGuUeQG@o(j1*tBaB_k(Ah#3luF&Py+3nfaNLX0IU{sB2cM1xHuT%M
z=+{}nJ_z%_YBk1&8ZU~I>yebsyr=Jp0`J+L?R`~nwTa?VDh2i`fAzU$4X<KT`#|pk
zx+?!FBK*u{Vh4I@reaq5-EwgLRk1UfXx+UJC*{~NhXLN3n9p6Qfc85TK<XFR8bl}S
z{X+ZWu;Xdy@*d%(^%F<hnCkR^ri)V<(eR?ELYo?`DP_6dc>j7@vSr3Y$G4&?>iwan
zTTG`?ya}!d)ZU<c*F)bggNDeIa(vj~npl2OmG&}2$U9`TJ6=0K15J^$pG=lIC?#fx
zzisk~QU+tAzk&W(c9DG#vl+7qV&EE>7M&!6bsCBwDG+aCGG?U$2#;Vg(aQ-4SjfSn
zn<I)mmFVUP@Bw)!nwAhPgrwk5Feoa`Je9cS5hT%gDC(E|8hk1dQ6}qqas-X6k@LSG
zhe9{g3%nGELbuWbx-^5rwAuw(okwL_BLG<Y*AvKEIiP8SFoCYD#*8T?$c#1&Uw$P#
z=u-n|R8!wC)e6A;N;(LtCEqzzw4^rSGFcY1?THY2*GmAxRW6;V=BnmYF_|;~I`>Py
zZ&oZaHZ$O%YNJOR636!w_xs}a)p_2qi0uE^1gOZ+f@%HuD@OenE{ZJwE2r?sMbY!0
z(deZr$#s5E)kgO<9#t$IU!2#Ma<-`^o=mQ8-|8os>^HGBOKJNis%LF<@BwzbLvWtW
zw&ofMn<V!_nFfI;Qa+z^VcFSLjZnAORuBecu)JfEsUm60i9GDd<Yo--##2OY=~kGi
z6DIJ^NpO&A-agw?1R3U7zU828zWXZwy7sAZ<V_izeBmJ4j&*wIfE{9E-qj43cDHfI
z+V%M#YehG6BUTwAbr$`=SGeIeJZz0`%qHz|K+}s8n_@$a2Mpy%d0T&5U?f(~z$@L;
z!{Q=Hj#&YR+0d)s_^4gHQr&omJSF8&577pUd{h_M2W_*xYD|)jKKNv9?NL7=7=~bQ
zpC;6WVQu#sn?7f}rs+4!_uw!Y&KwH*g1T5oKSs5j>-cZhFTFwfcB|)0TzZ7SslQJ?
zO}z;NM#s?;kyO2f$M@eUy~g*SB(6t@L$ipZvS^{~JFte>A!XXM^LWDvWJfqC`+(}T
zMp)c1tDGU=TrwD%XzCWztiPE!BUkel=Efc!4g-fSZ2mMml`iHy?Ms)gwHoJXd&RY>
zG*V+>|HM#m(@Dlt5i%9mQ_-<LH`GUwOkPH_zM;)_^R90y>f&grh^PU0lw9n5`KFY(
z17r?C2~GY&II*JB|9ON8sR^9&$FSS}vKvvrJA*%iKl*uG!C%D={Dy#xmfqy<q4^6A
z`Be652BgVU{kA&yHdrFex?o&Bxvs5ffA&D_Ej=~q-VU~?+A<!YG;$IgqNZ-yPh=En
zU4Kb46)!Gh4I9@?y26L=Hka^?$30qbJm5~3xI|O)q7C!I61{GKMKnY&guIjTR;`3r
ztu#PYMMP1}K4+XxKnR~lF{ZQAOP8|FZN%AUxe^Z68cZfE;8A9&K^)ccD(|Vf>C0O4
zRxH#C@V^@vF;arIe$?6zOPC$SEUtzZO=MTsFrsGke`N$^HliDSRRm==qmzDh2xl~_
z%6z&-u-Vv2ef;Z5=3^1SZflSH>6m)2BT09!8Z7i)S-`+&i(pDaJe+&U_g*=E7}o-z
zqtFp11^UI1^0WP&Zip5~*RzqvdEV-lnf$JtoK9SaW9C}}7E@=Ezb-}bvl*Gi+qv_#
z*yC`1yQKX;cj&I$k}#}4)N$B<p}S)Fx9&>kpHmDU-qWstK~5~_;GVKoidb6?v-K+L
zX1pFy(j3Or`pk<WrSA7A7|SPF_1UuJt^T9m=pG;UuHK9WaMjw|%-ENI6&p>_V0rGb
z2i61<o!Yh7u5IjDonz-3sL9c&HQ2z5GM3SPlvib(DjgjK;I;EV87fXPXflOPE<EX_
zdHOI)CV2+bkye40B|mo2nMv_mK+gRpUB|-p!Aq5l6DbNu5tBtUD-y`<!HsR;aghoz
zZ{=lI3!zKW{O3dp00t(!%A?UE+!yGarr?t(WY$y%nmtPq7TS5qEOZ_E9z%fYc~Xhc
zkEpc*W$kg1f0f(61)Y~SlNubhud0d4BqKHq*y{Ck;p?j}w^)p2i)@BTxVzU!hPZl3
zPONtUoWSpS8NDuK^7F2#eh8e$t3XTnN?Eb#Ay8vDROa@xB#*94-Hj>fN_N36#uK~J
zhmu*DC8%SCpSsyH6_zeIPOL4l;V6yB`W)bTIek9?mp5(95<LYqO2z4uoS(9Lf>AH6
zC6+rNl8uswp=tQQgpZQor<i|O?0Q&f?}O3m-4LmTXfQ3^r*w5BpK8E6l1FyO0|y3>
zIb6IsXt{D-a~t<-Q7e4UCP*Dn2t(Ur>x$T&Ve-dxpT|*`(8}^4C%nwExWTllz?8!)
zV_mi;D*q6Cdd8)c49<8L?xrF0A%oJZ5-wx)DQlm<G2ZIy?DK@b*^C$ddLlb1nUA=b
z<U#GctJ_&lP14H|*~<<_q^mGKw~wuT&uJ7|-KG$?wcb32V@f3EwQf7`+1o(#Abj3m
z$v*{N9t2sp%y+<6VG)w4epN(CAAFZo-J1_D6=DjJUoPMTJxrvP(NTf^#Kwsh@SfaU
zh*A+8>H)Y}NlVcfq=~;36wr2`nS0=SA>bz}QIrihW%3xp)wabkMIN<XG9&PdLnr9g
z{&U--=9Zfci-#t|$63*wB+5Bf&^DX9>!gpAK?Qx-8+j!$P#j*^?t?8%?_!tjA><+u
ziT26vg-P^rWj-I6Sy6i}QKgv}8>q<4<Z`P|+{EOu*WmeNSev&asbRum%1Q$!t5&H5
z$$VF6g)j`IexNQ=vY{Be@3V@v6v2zl4`j>teG%e`zGCnkbrl{a%*4BgpP!vF#_T;e
z{K(Lf+5pS;Jt(1<o}4Ynpe`RCYG(gc`%G9HNOqf0TlY(^VM#b?zUWBTZUu>gf&!&p
z`3w%`abMmfe-y8na{VDD5tInBUzfn<AgDQeI{mlB4mH~y>JZW05t19$<$K?{?7?I#
z^NmP!$6#t83AgMnO!vX4PS3yI$aNRoIU^Y#2KX$nQH?)U<MhU3Z3^P&;Z(Fay=+uD
zi&eJ65!}$qLk?UfvoV`ZW3Za4305P}K)iP}#0|LqjcVC)HhwzO+st>YPwK>sk?x7~
zgFlcD_u(TvLvSGbmm5vNn1s>^Bhz~e()6QRbrMHch~|o{aKHj}Oxni1YYXT&B-0kq
zCmG5Hj(f?YG7C={kWax3{URm2F;V~|_pi3O*A`*<O+|byM}^eHEuMnyE*=);LvK39
z?Hmd{4|$>pbioCcWl>{CR)UfVF_Ce&kJ$|46dEQq9%P;Ij;HauC~db~TJ5tLvAQ_b
z4zx{$Dj|aRL1!^I3(f%cHYqnA7kkgnr}E8U_8-24hE@s|#0R3qvTiHc={9&G$WN9E
z*&E(1vYxvPlJ~hHn8KFhdpufwysbieLA;hhI|q<F3%c9g{#Lv-Unv{MUr2j{{~2~?
z=T&n4@gHdaFNhJAe<_?Yl(qhG>G#(8C%H;1j(9xWa)I1(c?~AEK{zvSnn_qqfGl2e
zE_yQ$e9huw)LATiN(YUa<yXb5Dcgtf(LVHc2lo>+PRU&6&OKQtx^SpH!CCb6(d=<M
z1r1>V%n`G(|Gb-H9*4Wf&k3B(fmHn)SoXjc{!Q;A^mP8u&Q20hT7AvH>o?KiO(jCv
zFqrltO(}{uz&5vJ-E4`N`^K%QYPGjfr)gUBjEnz;$5@n09$7!w&3RJ-higLj-ajk5
zD2-3-`1d?mcstBo?$B$1mPt8B(A)%=a)e=SPi^|#-}nOqGWe5iX&e!kQ{UcsFlT3k
zRM=4$>Rb-CC*kCdJ(jpuE^3LIo#J5o{B;qH9SVu+VR&D1_Jq6?&Cl=sqM$rD3^BbN
zws>HS&tq^hV%k*Opa|2^QD>J(_Td1(6Tb|7kjnE#1432eMXAkrKYEfI&hb=9^#Tq?
zi|k1_8FJ1?#(nSLXD)}1?{hDqh3VC|l@ZEHNqXYeqselG4YJbEBV2N7#~C`dO_2yz
z%dK&}%F8U-)l}Rx{g99Ijc{p~Uzw`v>{_R2%9U7Xy4DxX=m~$M2%5`&n`XD+@?O67
z{6f5PjC9x|iATVHEiJd_EYoO2%PF!@Pl=`?5S_a#=2|pm@9Z^=2MKgM@esjN`{#w@
zpw%Ex?@Iew{<8XSSPTr74SI^AssGWZV)i`6i{k#BrNBP3Z&_!QS-~+>VM9sCod1~&
z<msfvnFZt%l^5KgY}xaGbaBj|&8rHQjiZL!-?bj1Aunju44vSil8bhcp2&{PD_Snj
z-byuo%q2A}9CwH`U2U0$LTF-3f^i^Vb`OriT?YgJrfH4m>5J?>ue*n@t}26$URo$S
zckYl3s=oEpvf2slGh$t@$q>E_hyHT=vsuL~2MsL5S2PHAs(g{FVo83+ruUw<Bxd^}
zBtLIA;W^yGhNs)k&LFzd-;6m@<|(gNI3Or#SDCHEp7V8003NY?_@W;(BWwPrK$t@&
z;#hd}o<XvH1C1C*OWU|B<#Rf32Lmmc$r^5G7MN|42CyeWmb*tO)ajFpLiA}mzfN53
z9`kQP;0Rk}`AFN0SKtp9Wa|v(a&hb&7PRAUg~`X=1Je-4s8R5C01L_WyKu$}zfZZO
zdPhbtmG`ZhTX`o#%i+>JAHpB9kL8!=b~T6tH;x04b`A@_CdQ#g`3W%#t0$qjZiw{O
z<}H-6{YZ^f;Pqh9;GD{Xa9(HS@uI#BesRAjUZ7+L3zmca!r|Co^}dCM*8cU$Wj7`q
zlhp-nq#GEWGLMi61|;{bVeaNhlai48B3<hKCkB4E4>#Zx2wOdi@G}_<R?3Q1nOzR1
ztV~>vXBk3rO?PiP*2!6g^)zl~8E!)Fwm$CQDAnP(ezwt1^8yItrpqAlCuF?YXbu<>
zzHFFHh;SaA{;1r5BbD7Q1Ng-i+;CJ%X+a*u6sY0ua-T1ea))Nu3=_)S0y*mo%^XmJ
z5e!o%P2n>r!_JpcU5yk<**h`e;i+AODp);#HnY@#@xz7@<wFMTA~%%d>!Os~JPHy!
zW{l%kb2S>}{l?4yhDn`iez~tT?8H4k0j|vU!oqw#<Ti<dRkqAzH}=2Ko1@e1q76;O
zy(r_%!bR4#AGWroNVX%$OcO~85+2uUS95NP+x@M6Z&QTEeEytCi$=;RYB*x4@GYl)
zgZLoQs7xm5b~BLyByee5rX>7~5NQOakZiDgWNheH2)QCPyqyGMxmLWvV8V*2=Tk*%
zUCb>_;4`StVOz>9nr+ozKd}3Mp2@8VVPaPNydsMD|Li}&@-Gq2hU)r1fb6BC`|US#
zF3{-IXt+R5uucKlU^Y{L$0yl9Ohs%iz9z2zV@DnQPiRVAxJ&jD+)^ke?$o2}!86_!
zrHr#w*`Ec*aW~ecU*(K(DUZg+Uft4{BLouj9L1Uomd4z4MqVv1pUuycinkw(Uho>y
z0Qt%a9QBZu>8GXzb^c0<ok%d{yQ}IW;pQz#>GCwEIJzpH2hqd3C3!|xPVa}YKZkNO
zj7{*XP5O=2{6zbT0iR`LSd010f-{(-$UUi>G13gO{}+329aYu$?h9`^q(dYGq?^s&
zzy>5lq+7Z{x~02B2`OnMl}1{mJ0wI>I;6Y1*>`RHo^$TG<M)m?#<+jHcl@?4*8Z$H
z=hM$K*IG>0TEP=`=lF)^gcM@>w)nwok%mRVLTj`bVx>y4-ozmV!XJHUvHUDjj#W>J
z8o22&nn<_YBIYMk5-vqPM|ES$<abH&ugC4MV5~-&MsfX#5n5Gh@Bdnt82LqgU-ai%
zUR_ex=c2hPR0UH9+egSBG161&N<5?<iA*(bN(wa@^<kG0SRp@rE+V{ejyW;e#H7>k
z@v&y*(l*vyv3AA~^(jVVG@fLc?s7)M^6B1eQVMiwuW4&nqu(<2worz%mBzKj&9Q9w
zDsm!^_Ua1~OO#5w;q?$EhUvnNsJ(||VUz=O>^!`O=HM5pz9Q9T0=r)}jR5p0`f0j`
zpk9Cki7VwkEN;!Zw=Q<fGFLB%_jypi!;p<gA+q1RcW_F~N%zI&`s1~c^dEgGDm$C4
zjvmB`ssl$7hS7?h{$CZpkMjnz%$7$PuUs>4M7*?=lq-spkQ1SKsi#u-QFIhj#L*~k
zU<$S+Vc+S8tRgC>5NyQ6O%&IzNTqELtW}pWl=EZJ_2XG*{9gI+?P@NQQNf4;ksA0}
zFer3rnrevp_s6A8dDGG4qdv69I}a!tHYv1&NZ+i#e(wmuE;9IeaH*LD-L_1rmn~QD
zdy3Y3)*bH1EH75AHW87u2R!E8@Zy2T(?#C+Uqe&*jrr!xzEbZrKFNOR)NSc|G3I2W
z+~4{pdcJ~|;s$ye52gxzFk_HYu`7N2E}fxoQi&-jK1UpERNGs|MQ-d8z-Rb9y*8$;
z#Y%TakY$<%x?RSZ_<{609_y$|`+}0FxRdxw!z6(Udi4G~6A}@Nr`_aFRaYcAqv}eD
zJDuh&d>|d!O0h4tcULtdzK`x^bOcZIqWGP*mkwvTuh3}NyWGk>cr@%6y&>f&y<_t1
zM2Yt5?-ym-vy(IQPHObd1;H$rkO|ITtZZ%Hkl%^e<76kT@?;x3kv~^uezdyDlQ$hg
z?a~2JU4L8ocp0T!@fznxGpC#&)wIt8SGMYxWWg1;Fq7nMt<Upa^ZtYLT1@W*4sXez
zy%8tq$NJ)9zD2-mCvpoY{6M}zM@p~LOgA`PJ3Mzpa$ytU25AzwO=zklp-fIb?!mOO
zxndAiLK2H4GxF#fS2>SoM<q68uV%>z68#fYoGYgXnGdcLyPQJ(bI!1X;-1Pr3Bm4Y
z=V%uj6F@=>qEX<;>Yp=%IGINDNXKZd;k_U$NFUdEvT*xqEW(BJdbs#u&%n0$jsnYk
zt9&3YrPhr4=vA0Jm$~d^psHn6(;E*~dTO=XP6cyC{>mNDw~DOyZKGZ2Q6J`bJ*jM=
zYrCNhWEeeKHECkv-%csM=5WTq*M+_Q#DKnaxe{P~l81kr7*vzm$^%v)NqA5*x-VT6
z?s6}M`+W)tN=MJwAB^8{-s5y)v!jAvs$)iU<h4u9@=S$|G}=8~b^!CPE(w{eNGt82
zJ*KJpJ>RCgBJ8QgztgiyHtjq2iA7^g`n5w61(hK1>QZb}i4omIE6AS`>*(7z;@;o=
z**GFDo$>y3lv6P$SMPHoKTTnff0}mDToakJDFEqkUPiqj>+0qN3k2>g6QvQ8)kMih
z)Qk7rnd|q&jj0$u6A~+~zFp#pzAC`t60>bzaL&lF=h@SUG&9c3SjZ4=dq;kDLmUaL
zL``;XfTL_IIsVHVl2g?jyRE=tX@4>h2)OM5di~m!+tte4-u&;+`@0;!v~?W+o^HcY
zzIb#C`JuXDXHKF`&(SIkcLyf1$m0UVUC60^BVhgsYwtJC8S81}RM2=>8adwjMaXEw
z`AlRMbGzivqu5pbsfTo4Jz2a)F~!Q~5d*EypDziwC#;&8H4&IJwOroTcwFc*G0<bK
zxHv^gYtorJ&F#J?2&t%jh1P4rWg*-_WO!Lm>2!nR4V`wgZ<y$RoubFmO<s_$LM58z
z6GuuS|7uQsYn{a3nRWD;%;if~=G;izrxLu2#*`_(z(p(c7tJuLn9b(KuquArL=o%i
z2G;Lb^KG#rpW{+JsEXIGnxOzjqh11$dTHO%{itBC5@p0u*nS~gH`Aik1oPUavO?_R
zC8J|-?}zSs6rVpu_V!@%k*7<UxQ*evJBPMR5?9hU9lh<<%sw|My&uFQ_L(}SyK$K$
z&IYdY+7gC%1B6><QWz~xV)}NTmO9WUNBVM|Lu_ToBR?w#WHI)RkY*EZeYR1s)Cy?<
zH-mT{J9GS|>P>#rDPR|`iN0X_hEmvqg#<%l4rNRy#mI2|dUT)HCR6?Cgn!T39N3()
zZZVHyIbkH%_sdG~P#31uZ!4tWD@pk=2W}$TzSFZyF6_;AWf$u%@3vAy+q0Ulq*&2m
z<W%Ycploe_vsiNXtwWb>)|$rx!E4u!8|2u`uTdVnt9_)y^8&A@I7}+3XX0VIE3Pr+
z&yn()+HVWb2g+q|QZv4SnC8hBCvO+wt?!$c;k@j4&jpKLq7DT=#45#Z5otZWxO^+r
z!g*_jp4Q2OwHh8f$Nr0)v7}P0r`YhbK9&*FFjRLKx20p@)%-b%)ut*NgWWvk+35oe
z{L4IY{+k$q_)N7=9K`z1PG`EtIB`!}r~E7Ba2xV$T_~;#hEQH-c*df$22w=FI$!p@
z(r2>kcZ$tfe1jseS=9<W{wZ7Gx%y+Zh2GwH?-Y$Fy!6+bLa`p36o(`O+()10emZx=
zjXRZ1JbXvCnJCu&B{<&(DkL^G`(BvPyX?1z6*~<ReV@zKdq{Oi<S^q8W7EPK6*+wR
zYPg|8K$YgFvyRu;(IY3~3sm-S-Gr|b$fOFRhmDc-LeS`l?xzOAwtk{T4<Sco26kF4
z{a>l?fV($bszxYu4%g9h3ubWDzD?=P734nDLYkh4gizNB-u<b^FKEU-zom5(${VKD
z2o2GF>`IgSvsk4IC<oUsU?(a0tC<^iB{e^$){}i2D&=hkC;EkLoZQZ9UuaB}MN41p
zZg{tA8X51BQ`PW~Mus8(!Ex#v-XcH4UTmlA<vOcBTA9~8&8u8fXtL#ILX~!@MJ=rS
z)AMsN#e#M6rwr<AS!W4rrEs+?ih=q7niIMz{3s(1@1V!x6gC_WC2M7nh{cSbIP!FR
z6YM1%IbMXb1~Y2QB1J;(s_gX-I~a*9+L%hCv4MmL`OTaau*TMhzGwWI&gRcehUGQE
zSX15DAN}UuJOwvD`!7ry)H1rUJeE_IUD*}7I#un$Z%@BysIRCycl3D5beSrKas)?S
ze&CKMXA>F2->b>w;r=;J+pBr^!__Or;!?fgb+>JnK!{z~Z|9K<4Gf(fZ{HV7dI#0k
zqa@Sh;roX+m!!rcF1O7^JAJF#%4OwX`SxgLjiYxpCOTVgetf{+7h8+(`mS<tcw<O~
zmF2y3Q%mHYrhn_QyrQ7Q+Ey<HTil`&N^f+}4Eb0|r}#0jkGj)oPGCEXK#gd(dgA-*
z{X2D|5|!AWV4Vey+;ScKZ)^%+vKP$14jH${oVS95&a5Q=B$+`EvgoY*rC%jT&9E)&
z4!4)cpAU3uK6%BtVepXS(&L@cgNEdHw&7b+1`oE`EmM(oQS^Hqol8Xp#x7)!(Ld~g
z52ylv+OvCRw93`{GpbWV_DWH&Ckx!vD|nmsuHWeB%v1jwcWB`D6#7_3;4cC8z;nd6
zcq~yTf@v}LGy1859({pNAoB5ha8C=yz6I91vWWfm38NtQy`jxak7?0ApMa;L2i0WF
zu@6b7zgGA>s<^jdg@PNsY<)`D?+O#qH3+OBviB7Fc2^Z#A?6lr-A#>p9KC<(Zb=Z?
zG$4Q}Y)LI}X1C-YT=J8_1=-~*q+G{eXM9=OD7lh%MWI~VP+V;9n}CwU$XNT;_P6Cd
zKLdB~^u><14m}-a^do7Qho42M#U}SO+E&KjjH1i?5POWfq)9S=yuOW|-&cH!(z5U7
zefP`oSNdnzC%oo1@gLyxMnkaPFCm8^jJ3K4Gh1j%mXOz7Z5)pjZZ~)IG!*q*0*hzW
z(y1N)^^43d2eAZ~fvX#R%6~cI-QQr^(NT;chCOQ5+6pLN!@Hbh*eUJFQsfUpeo!>`
z?8opYCkqAP<=EYwI6bs(xx}v{Uz6pUPF1QTkqgPLY^!r^3OkK9YzNICN@+yeDzV1+
zlrzVT^E6%}b)K7szlL}S<BoE6#|E@SUJzws@M6vUDG`Uy=7r|8%LbAw%gm$_Z5m8p
zUSvmj>Pa#%VQvuDMa>xIsMi}5%Fskt2oI{owN?_6@o1KlnlKVvpk8zpzbw<#OMLXZ
zQvxeGXt#ej><Sf^SKiUGtFe2*C@V+w;FG{eak!*Od0TCs*owOQr)S+Ct3*B!AH*Zo
z<qLO~s~>y@t|2nDrs}j=!#?VY>t$`Hwxn?}V|KYoFt?kCYj4A<xpqiza03g?^~)x<
z&uq}dP+FVulPu~JDx&TzN}$U+$mV_Kf97l|r^^o+?<nOjN|f?{&we{VPv8VVzfDnv
zUJU}I_FZ|nH_RoygMGG}(rrKIwyUDx{}V_j6@N&i+g%x^fJE-({sU_s^<s?!X{|tx
zwE=SVqU2}Qqxsb=d=RmIvDKSVUPk&Il+p<D$Jk%d7VO{1D}SRm;(BbYBXjj8@9VCC
zB9D3})zQ+XGIxfk6tD?3!B<Z1%JT84)BeDJh<l<jn|wOB#5cM-p0nK8@17S6xTvD!
z?z<54zq>h~Z+1q}Aivm2l@1W~I@y`wzPmd7g3`=>P>w@0^ijq&IPJ3pb+A1ik{OF(
z)GGoL-MmS~=i$V~)>IoA?>SDQSS==lwh3l}YtUSg$PSKHN^=iX8JO7c>(Ck>{&@I0
z(`9_I-TF5lXVK0(S)%%P5wheSVTTp+?jBE?n`E&!6%05U2rEW~jR~Bo;@-04WFGQ7
z!Ta_!LDzpSzj+}phNNCX6+<mw9vwJG`<=Fd9rc7uE%^<BV;}6gMl}>lb}iy;NB@Nl
z>{7w-%X!&cSXIE?Cel<>%CMWwnbnJzw0ZS)A??T$6RJ~Wy4;AhypOtDhQWJ_c-Nw-
zUHmUugxsH$nGW>zh=}e<2`Hrt{bpb@6^k{MQH{i_b!KbZ#UAzvLs8NUx#nlotTi&6
zsj;#u<W(lPHKRKkx93~@$V4M_H2v61OT|)_<7`o*_Q&4LD&6OO|Kqui_?5tC%>f%t
zG~WBylRjEw$Mugr{+RV|2vdH*ZSh?FE}RwlxR8~8BG-D5C;{*4wH1Fz!J~oSm`Qa4
z56H0XfSYBftQy0rZ`BCYphV9<RpK$q)xBj85_CV}KbOPqO08VmfnZt{pLu<F?3lnE
zjz(GepkLCJ$w~sMtu@*8t`e)ryp=C^EYhZL1Uo)`<d^iGVgdTwQ}#gJqKxp6$hJt-
z>3#BG9qm7!VP<bp;<{yKn(SoyFYIw^HXqDija2i_KxOopWz3zTNS7>zpUNj#;H;^R
zxHYImb5wY2pnkU*Po+L`nm&^PE4D$Df-*;OF)P8=KFvQBy{vh-DRz|lblq~>lETzw
zszS{ZR6j{qda(5B!@VoN+#Xoqymrk#{XRKad>f<tF~-@d*Xo6D)sk6rf97F0-4YA7
z($ELR&L`+iZeQPsASE88n>Z^vqN*2oAwO+6I%d=M)r!}`u&{o6oRK5%YGHy7+kTEw
z$zG_n^UyUwQB9$@<%!x)>zj;ESx~aB@u*h)uf{k8k2b07ee?^$B*^6Gx6aXU@T4AY
zy!*`YT`p`BHmIxREWEEr9#h==E><Y#2@#1<`g_zT7;H7ijK6HWw0^PETPB=;dT#K^
zB2&UyVe*-lqx{VN7prkaXX!_?uZDK~_99IR9-JDa`+ocGHFjvs#gc8LrCqq0+>Bj4
zkk`)cKW6dRRu*_5)0vh%b~1hrTzomN-SYU-y%qn-Rl!FVLWZR}yMt%-B$Z<Xt^;^b
z>y)vX$JuL7SXP>UELN`UywcZweHIYm<7c_f-Z!x->|9&_O+U+9IK{y1m%}C*i)iD6
zZ|4hHye4uMjtP5h8kJA4cR?3sM7Wy+|N3_j|2LDu{Y|caPYVB@6#hLa{CiUP_oVQD
z^rV0d+yz5?o`6<QYqZ}03-u5iDR2aFZ_M7@%-V$8+TO&{T#(D=wYepH621T;kdu;?
z0wEzGfsBEFAovVO0)&Qwii(PY2K+!nLqo^F!NdSQ_zxan;Sk~z5fS1O5)wb8A|ocD
zASEPx^yCr6<Hs~KG{j_d40O~CRMa%o2qH+pPz-boJWNbHY7#;c>i^dtcq@ny6XXE0
zM?s<kArm5@5F)`lK{Ox`5*i>aLg0TsNXRItfRvb6*bjgXRRkbpBoq{6Kz=|0ptm2;
z4nieFBYMIkj!vv<f<fm*0tt%!f=U0pqK)+B@Bst#mGc`c?1yBJ$SD|^m|0lac=`BY
z0)j#kFC?X;Wn|@mCktw7Y3t~knweWzT3Oq;xVpJ}czSsUzkL@H8W#ROE<PbKDf#24
zl&tKW+`RmP!mr;dzgJb))YjFvcXa;f>h9_NIr4jSY<yyJYI<>Ld1ZBNePeU$@aXvD
z^z8iN@(Q6B5(wq5TK}op|DqQmpcgXW7E}y`UP#Cuz=lGIiuQyDok(02!^DZ04ibb(
z@;vrSMH?19^yLBRE9YVChYY-njE4x-?lt>=rr4YRPn!LwV*jPrGzbR;32+_?AxI2#
z&Gnw;GcsbU8>I1UP&$bI;IJ1Kx26!`^V;8<@(O8oLV^hn;%sbcIB?(F%$O=m^k<|Y
zq#-kagW44vc0XN$;2=%<yT_S36X~B`t%l@#mKZJg;p3T;9COG=>FDx|m6rYPYhdwA
z?i8vCt72{*<623a`WCzQl%D$iQ|#S45?{Hxp*=PE2?xg7kri5oQhC0Lt5f#fnJTYz
z(xcG|4QutYSnoT_Ezjag-0+TD!`J#voWFlpoY_ITd0BZO9I^EwT52C!PiTK{uV=nB
zA~ZX=8Q!?+jADx04O<aTeHCzKv}*KRg2ClQ{PS%F2NZVJ9@=x#(+goU9+kD|Th&WE
z#{|tjc4uYnrp$l~k)bV?tolI)maO+6#KxX+xE{f~k7bSP<vFwNThdgYnWA|YJUVi*
z|0BiY?RR(JAw$Qant$e$``H7;w|umI`Lj$^(GYGOZF#57tooBm&qevLMYlILcJpYv
z_2NeyiDrk^dV59QmKd;>b@%!g?+cS3+G<oEGW_;@BO#jU#biJd&|ULI*<{wAZ|e{5
zL08Oj8U7a{DgFFUmR>YZU2aCtNss!ywc79>ZRuLn*)NW3)t5KM+el}aI5Z^BL`!;U
zQw6~GY`4j2)Y4Z(`#Bs?X4Ck-4fD3>`E4vVN@v?p(~PZ-oXRMub$Q-xmszOIQVgIH
zesE^rsk1Lxb7B}jlvyx_(lX%79g9U#qmAq}in*0pk5^33PqQW|bJ!EpUbhC#Qw3{<
z_vR`=(imOq$yXcAl?h*x*mfi~u;=IA3UQ|jBR6p`;&)o}VwnzCebPC}7l@YVt!9RU
z%+GcWttGv9*$3W^E}V)MJr2r_&e|B)Qa(7Ao*I^=8fK^vYP|Q7u{VMB*ztTjP1uMP
zq&sW-W#y*Q<Udr*&UQz&hE!##Dmeb9?zTIxJ!@Z?^gq7JKAfFrDM`{ibK_ICoWH|&
z6?)H7TKN;Z^>Fb0_kFC5T|eKMRl8yW*2`Q+@!c(-mlyLtgdE@Ty0^6W4ft!*svZCQ
z6MU61c1-jBM!e87Svy{BG<SBl(<%7qMN?wHAm8em;F}IE?HlC-(ag|V|NqIK$|T!Y
zG2wjSd?IoNM=;Fby{@K2>0EPFN#C@bmD!wAF`axRlFwhz%&Nt8n+e8R%5PNjZGOme
zeqT((%T>m`BGyq?B^T(Gb$C-EFczH8nNoR~X}alg=AHglYn%+r$&oEYTH=GG)**i;
zQ_14?Erj(gz8gyCH`1P$QqcFuMpJ2-JCF6vmUnHtZ$KJN0ZSwqk1oDA<!&h$$)vDE
zJH?|Ao`)8k(!@;c&_}*4KP=Re<izj(YIa(<Mhd>L>}T^o+S|1}-#!+8YBYR`i=mOK
zF!~vI&WpFZ$yCrDu1Z;<u*aeZdp89UX&ldMV!!kymq_3Nb81FHTmGbnc$t1KmZI_Q
zgAPvg(&Xmd1@skV>0JxVp~(%!hTR*VxB}$Cxi&FLS#$nHS3^I_lrF>%$xm2KhusQw
zPHOBV*`4jf;h-t8WZh#XO-;6+8lk9!Z&=w=-gynBq*3P=Mz;=k54+m3=U;eb?`+I5
zM43e;4hNc>3!+jlr5lO)(q2SgQN?bgto*t%rILVBrJ8O8Ox_vET_MAC=ym9gdpg)!
zR|vO_Oy2(JAjY%WAESw0n^Ls<R#RE{)kk#u<~n<&jKcH%b?5ZWRpLsddWAN<2wjXY
z3(er@IHxzpkA0-s3&)qq>Xi~qu`W-{jm1WJ#GIO%@D~jOjA+8&$!OT*t?!WA`-<3c
zFos-k<|ii?s7jIs&621}f_%z$2H_xDPNTc#2{`B(X~&HZ926Jh0tXo$2C(gkSp-}n
z*}y@kXDwHtQkv!Yn*^WCtMiCUt-3HcDAr!g=vb5n2@Yap3^;&;j+iB`g*`(x>@}6~
z8oZ`G-{mQGf0Pj+n_SQJN%So|_}v+?81PVUOO0Km0-d#WyP_c`*N-pXwx0isSxu66
zdQLfE!|Mbb`~c;yhHt*l6RD*+wN^aSOajw|9jo7pOmR;5*BlEEp1nKx5j&jRSzVr^
zrSh|4mh{oFMl_P>LhN9ZC-6M>?ifnztEl&$E;6<9iN`OJ)ufy=xnE$k2p?{+ciVRL
zGb%1o<{zJm_PtvS3o#%KYuelO+x>ldiRNw8Ar>C*=^~q~Fq$Oa;L2w2wZ=2BI+(BE
z?P6&2eqbxCc(0S~Yh;}AGc=!x4*ZaZ<0;TN&!j2y#`@`Y6gY^3#1fc#zPk)A%5&u#
zYB);H41Up<G(wSoVE3xtQF3DS>UK_9xw)#Q`FqmH9!Uz8dU0%RkFk%|01c@xlGEbT
z4lj!`{urqL?$t-xJM_EICO>u+qiH>(sXj|DWMxN4VjPSd2iK1ahK8fgalSFw@2tO7
zs->4A)V9}Bn%_05<#MRp3KJ!6hG~9TA7OHwlO630sGT1=FQsS}ts);zeLG%o8;li^
z8<|z4>Jfp>QqqEK{d(JwXXK<I<`g=MM0=|8fbe3OCh7&<IwR@mc$M}@K3m)r)7>%<
z9TqdTVZMTeio8VKR1<8&Pg#*#Rj{bD`8s_4L#*ze$g_8DQzaelyvjjuUB_thBS%$j
z!<N9YrLy{>s&35k7*wjZbQWV><Vmaw!)&%MR&+wiDEJATnEz7twR6E}bd2Hdv2q_|
z=P<yoQ9V0XQH0z4iiT?>#28%M>Wv~Jq-w<EUrJI?yjSr4*RN+9C=8k6&x@dF8XTPq
zAc$<4&xOdroa@^N!wD1Ig7P_39I@qD@60neD0#fT{G;rWWgkuIj+a-py);MmE}P@9
zo8#47^o1BO#w^BQ!bEfQqXnj3tOLHw-TYD6%dGd;RHD=*v|mvDpT=~LcaOUji5Sf$
zn*llF;6z}<?_U2da$KvN;p~`Ihu-N!d$avT?gD!mmJwyD@$n`xY%f>%<KQ_BVEVE=
zo90||+k(k{Q@{W4A*$BHdl#PATKIS|xoNSNxD``xpBh?ro!ZJa*Z$^vYA-cbJ!sF?
z6Iw04;TI#fEy{9%x7`lA^Q-kb`ILGNIpxXRgSC9w*H`rQlXLkZs$(^Lbw)`nK`E}D
zcbUz-_3O&E!-%+%y~ui#Zy*~l)0xDpe3pL%-<SHW*5ku~CCyJ>*~*_i{R65fgT5^-
z`Y+|Xsm*32E{$q^(Snt|%&c@j6{dn=8JAxq8u0Jz#ZR(o=zL@=v|t7y#VKMx0BfLq
zOar0I^6k@L_)|u4zM44QkT4>w|1%fz0_D2<wro}ZqXNevbTy{`OhkWzFFR@YED^R*
zUvum5<K9oXfS<nL`b%y5xRVp$@6#asG?8DVD(M$ZgO4LjLL1ZVg413tT3MpAeZe?|
zMxv^h_C%6I1qs;D?3KEHzbsGbx<bwPW6rj*O#A+_aw#BiUzk2%{W-NClf~_?IXRkp
z`xq%{0KEs*%2V3!=9sHL$@Nl3W0q36qdzKekDJQ)Bbz?<b8F5PqyARw)8P*m)DIwr
z_&^NrojYbv3S}%CiQanIol;7$!{Ep4;o5HM?6O>M{I>bfhiBFpVW%D;d+tcPuT<nD
z?}mF;Tf}dgUnQZJ$o=WIs1Z~CvHsCc6!+D>>)A0J^kg1kCcamP=q(^vjze{|(_K!0
zSIhLB#x}32kwIuj2R<4mP3)RrlwEtn|DrMmd`d+g1@*r!+WL-P4k<nafe_ojxM<@6
zbG>%33|CQ-#>J*UjKY<bdGQjs!U;rdn7~R1P)>Ih;wB-I%S-9!pwa=VO#q-;iYtnP
zKov0$ZcKpR9f7c3%jmd(Ku_@y8`7`pFTnt}CD|9^>Yj$Xb2DyKu<AgQChe7M34tfS
z8baeFJ`y}?f7^;ff-Iqei4*jM1vM0mL5V9zf~#xh@dZ11-)P&Yxp&8cv>ax${1Ui6
z```8XaB;JEJ}(MCD~o~OU1aX`cf&)pGE1BF1L~Vwn(O>A%N$CnJ5J8$GZf%A6D~$K
zHTh!j5B}p57dnT~-z^RDe=Oj&S5VOgUt&;eo-qD_a?q{xGdMfi8r;oP_93I}tmK>8
zE8o+ARTvVeQ4afzkT(<AFIoIfp+!tGp_8D+_Ob-YSmdZj6zv)_vhL(1RvMJDmy<|B
zA0?Lo<PtB{r212~ja#Zch8tyRD=9zyS_U(N02CP&81N}SKdaWgh6p*ZnH5P4t@tA<
z=|RmIZ|@CbsZ-q&=rt|tMt6<{whGV7^jGcfBz^C*XPlWq#xzGn-M{4?i?^UG8-A2Q
zABxoeUE27&#>w$W<Qp8+`s1cxTe*@cfHW}-)R_5lLTl+$w=cIT3I#|#yfr{*T`Ju2
z<?<hIHqb$^+Cqz-6KwBW23})4W}rFYMKWv-E`W7f`W+MWn>fhGFOxfxUsV?~aFgKT
z5}gs*nC|GxFDP@Lw}$*0D^Q$gX&v304unpRcB?(Wdf-Bw%_*76*8kvH%nGjl_+e%2
zaCO4Fz&|Q`i_vTkkkUWIm{uocJ}u%vrIMk7r%Js#{B~%A!FaBsgE>jOO6^|ojbP{z
z@FWpCe+rd{$ox!ES85my0aJ@T)Tg{4yBDRWdegmayfBb{Pj_kzTw{B^hYbs9U$Qrp
zxR3$0k&uyQ!0P*^)lBXu6wmNDd`m4^OvIk-r7R{(r)fpit-d1T6ONcTd@Z0wK91tf
zphV(B5xL(N*9XSVqu0GHtXRhWN*Hy5ZSlokF1IS)*kJNEVwbjzNWY}g!sDo&?Dy#A
zjZYFEffM&oA|uQ*R><>2O+T@OFj2gw=+|D8%`iE6EDMq#;&vpw>FtXYCGjhCW&a#t
zcR*Kjy4)gmm+#8`*$6e@TU4RZ6knu&_=1sbEkn(4JgA<5A}>~K%FqRQ1G~tt=Qgt0
z!i}K**#Yyp7E$YBC!SGiV^6Sx-(a)}l|<U^vM0uoN;ZBHHP+7C;JF@u*FY+Fi38?q
zHKJDPoUS!<F0)YYDdCh?*<@2S!_x8|Xw^V#_mG2$-TSJ$6@h8`z}@oMc&fokdXT=H
z0*40Wqu$b}G4EVTlzr*BOe(!&B!LHR0nWbt7z?)r*YU?zqM&{8xy&^AV<b=Ft-F=9
z6#Q1PtUcuc+ml^^_9j=41#;l%O$z=qTwoY3FpN2iU)z?2VSO}W)#>?WsJ?P8Eh_89
zyapv^Z=sv($x`QgP?3KRUlp5`(-NO^RfxDVt|BJ)`*5SUFSxIY4lg_Qd9c)NaTq2b
za^j2-V>E@EIA4d(w?x!nXtWQl&hNJe$R95lb@+aS5HW%2m97{rl~V{Z5`RY<<<i8J
z**y1rNp&W56!j;$Jczt}IeA4dO55bQC*25c)lU3MYSc&7c8n0I-OQDzz*jm<sjiIx
zLzh=Ab^c+O>Dr5=c>x}j?1D>;=aa{==YE~bz7&|k<nT1O-xc(7Fb|&p$bR+DOOudc
zYPm;kA0FK*n>2?GBKx84Q~jb;TZ>i-e<Et6r~9*ZK9|+_g>!ewtoE5b-uL`KpX6Xa
z=}t8X-?E%!OwP|9=#lS-;VNBC?+N|=HRkcMuQ|h3)PE|)wdF`PaMV!J$2z192duAs
zo?m2vQ#sf57{;?I+MiU<THuINh#NlLtJ9-DSeM=wm%7@gn>JKn(DHYTw*Efh?7@S~
z^R;+RhI*&}wBvga9PLm&-rq9Zm`DUI^38C7N8Z4(fW)VDDuy?LCnR9Z*g{*_hi+@e
zcljga00!|)7taY(=cB%+(-ash#m6{YyV9#m+#uxk-dDp~z)&TE$dGG=cDnr<%P%Uc
zO6@XD1R1_g$#<UZ{3yg$FaI)Mj-H*eMMxdFz_b;TL1_AOS3;Queo};bfSoTM;XGuV
z=VJk>g+=CFX&`&17qCv0l3(+^QmpgaKuRxgWDE@G`n~O$g0mNPB4ZKd)-4BWVKQJ&
z{ek{6bq~{RwAp@KM>OD~iKD17YLF$gVwJ4^MJmgk_9KF)oyuL<Y1b$7dq)pUgvk4U
zoZsFVOjS9R{j~3hO(;1VOYIb$Wkc$0;&MFrxqiqD(>o;<V<(akjlQByfONkkFF>Jt
zH0pqNeYk`AT9?s9PwM2F^H5P4>#%NBZ|D6FoaF)>SKfSFK0N>JSr4}a%&UBQ;;a`g
z8_m%dH%-Jr%+pShXQ~dA(XCtIJihYCJ!QI)M8Dd^TWq|MS&dxCaBR9%$v2(}bHywc
zVSP^UjGI&T@A8No_PShC4Bytc#@l%*EkV`J>UjdwU70Ut3>03Xu^W^BUSlBTt2$lm
zD|!u`eo<!&6v|8|-wcpkq2(-dO{!lsswO%`H@#Lgr~J=GO*qagCD38#xNQ_XT?(1K
zznt8u#3r-<E>c_Ff%2>!)0#>RW6HJPAHR#(%KE+H!P}?NJ~)^MRD3U~?Y5O1)h4y2
z6xeF;N_d1`;q#{x@b{3*9fO|6an%M_de)Y4InISm{j`AEQX5N;!l!}>Kg-A4y+H*>
zm&_nzSO2VJ)*JW7b?q7vZpF({@X>3ySRt&QeawLrY2KOVygl?@+fViWSlUfIDCBnq
zLCG-dWIU&|-x>%Q^UM?=naZh!JSH0Bx9vI<^1`yn!1ahFRRn1g1DvylM3Hqj_{YwT
z;ca?rhYj^-(k=K-zh+Tj!qe_i;b-i^M3oYHW4?(`yQ^lO+sSg&6dBkZ$;cniQmqa+
z+1J6$bRxqhQ#YO96}*G}s(Vxu<CZTtW$VlF0!_8@P={7P;8S>o{TNpgQ&bqW4Oyyi
z`^OzMxTPX@nDsN)+UXxmG3DmWuu1ZnFpX8sR}TPoFufA^`L}FASI9<)Hd1GX0)1n*
z=HuC|Ou>_oa$HqnbMCI?rhcQFL``IS846OrLIX2rM?LqQlj9QC)J|TNaw02s;fIyP
zsp-c=*#Qq8uMNw6#tl!g-KC57`SjGaD7;Bvt@CGQVFHN1vs8xKdb|7b;<9RRwYKZG
zeqB>7W@zgnZ8kA;YR109yO}gO5T%JZ>N!8g-3jKrP1T@>QZ9{hP5gARSuK&2%xvEr
za=?c-626+dKCkgStfec7V-~6+<Q>dyOk-Fd1x%H6VBg7GK_}5CQM*c_V*QKjWdoXK
zd=egJ=I>O7@OX08JYJ_mI%tv#<QBivi~MftO0&x%WhS^lqn=87Gcn?@fEzZT*HD`_
z@kmgz+&AXZY7KKIU8zy>s8_b|=-OH7_iZ)h#mkX*-$nd+^wPh3VQ$^_Q3OwnV87-P
z8uT8B11-sR6$BX2yC>!ax`g-EPybkLjLrZ#*LAm=doc#$%Fwf{gE-d;uxR&n1WULe
zTkG&F&V;-mmsrraO93hY-`#K2GWVaEi6E}-Z*`|TqDVQPY36zSCVYZ2%gF7szduTg
zKrPQOU<$;%sz|1F+sYxr4=6+}M<QzVKD$FDm@l(aX^iQ<NuJNd0oZ*2jaOb1sk}=g
zU_cRt{U{v~e$7Q)GvU&SdO+11sDriO%n*1=C4wYO*sYc`->r0}0Wg+E)*jR$Y9%IW
z%aQ{n6O&bVI|-IlG6pg)4b`7q%c4eD5qY8j<I?z$gcr?*_yEt+a=qGJayGP727Ma5
z^lN2$Z#k~C(1*||992bT_qx;_S0IR}byWtm{b|puahTnGwi%e)mAbGZR~ZJbPbRoG
zTjo|DH>$daCwIBZ_<xCt8}bF1$3J!7U5Z=xK3>*{Wj**KC78!s)4@XAdAi^CB#K|t
zfqOs_d4Ve<gSxph{<*bxLwrnpsUIwQ%df6VAbBGp@qs))A9FB@oK#$^uoNX*4JpF=
zGBGl!ajjHcH)?gc0?D;uKmhGo%b^;bE1;r_E~l<1zb1Dgv?WUxZr4^-PqENbx<<8o
zLp7P01clKf^o)}xS4PS8;+JH#vIA^9gf*GH*?Yp1<d9@B9Vx?KHE0Rn8y3yWPs`D6
zYF&xVV>r+{_6lM_(-2L)_332$b~%JJS#ijqqH6>F6&z(<=U1EX$a;(mJQdu(j*9ap
z#3d%E4bu6e*ud-?nQ4MyiY@UkG@Lw_z-oE}74Bi<^XlSDHk2syon@99yksJ>O83~_
z0XvVg2*{91-dlUJ1I<UbuTj;W+SjwO_=PYpihsv2mas!#W~rWKEvAVy-7#XT!6jQh
zOb(uOmiz$B-`OG{O5&J_st1Z^X5W85Do?Oz;6#6J>gjS@GRtEpxuu=-#u-zO8cF3^
z_{{v+?+N=WMgr-IRpCJ9#k(rh??}UiK%v>`C&@|WL^@%ZZP5hrwHAJ+`jJH6dUDK(
zwyRIv$_Ym5a<Z#_!m-ttIA|)Jr1!4mFoXdw3$?sJHH*ClThEm4BmLxeR9E19^;+S~
zq|c{C*!{UPsvbI0e5;==axLQ;l0YD5au8eaSqauc*9K^3&LaC6%I8uI_&m}vfHbq8
zSt6a5T*2`^Vi*rrQ=#Q$?rNVz1I;KgZ99`BIWxP+XD2fyo6R*(Q3=FMsRKnQ#6NF7
zFyTPj)!GOB!KZ(6X4N;`auqON-FWU9<OMpj*d_|>Ah_1N4N(4t;%bfkrb5=bx8tWS
z252?Y-#-0DwN3b0Xp)fC7D3H0>(>B_=X%_5wY$w3S9lZ1!Vws<5fNT~vY!_~VfFY1
z#lFe$x3TnX0HVRlobd&D)4(UprE~k64Vt3&n%*fC!=75Qbq15T$DmssS&;ItB+R3p
zfY5r!NG{vVLD9$+eFxGrra6$K^j2?x3`jXL12d~*ziO#tqb1;+1!;-2k?9+B{sSn3
zSe{ZXkaFE~`Q&=nYuXf>%kXZb?xz?=yio4gv!;sy)PonOV~qnMxA3t{pU+;X8O>V4
zbqQq+57uh0VCdYd?u#tNA2xcR#K2nsyWgAVct|t7#k@Iud`5K`uznmmzkF;vA94F=
zH+z<cDx`P8f0hNQkwI#{uyStAY@UU6B{0?B-F2%;`dW;z&1lmS6Q7)FVLvCj2xl}n
zis)GsOYBOHO2)(XlgE252f}Da-TCgZccO2uYc4#dPAus@tq6vRmEQeA3J4_?aeTsD
zmpqX;M{Zv*3!zfn8Xb_`Z+lGK8Y!@ENp-G^6;ksVXEc<kb*ht=Nvv?Rl)VA6r^c-u
z$&y29s@ys(2eN!}5tDnQ9QuO!>m0{k0qTJRD*RCWZZlR}<O}^{;AD>Lr<8!bJA-3s
zOX5uE9~qbo`GyQ*V2x8s<%lK*FQc6;+$T2;s@CK*D~`30ys|9Mp+`L~aUQlXv7wK_
zhSaE(z#?Ygr+P%L72ksLLFi-eLUsb^F1l4L3eTSsRT-)K<D0aOii|I_&{%ZX@&fCE
z_HmfUqRUIV18GRH0cCVyZf3B_id&;9)L^YbP)>yK;`hFO!$T@9<!Y2A*3UHAC_iq2
zhaz$*T`Mnvh3M~O)2nv}qVogqekr37f-(FdEZu7BpEG&uo>sDkyolqjp{6JN)Znc)
z6*b5FcJz{dVcno1e@s~F>H#@V&UaKC>8-{LWOV3USsIB_8$WZ%98&^&o2d2MmakIq
zWn%FhZx_J~M!}qxmcib|(90j-OGchpa9o{2JdyMbAI9m){82!R*g45U{9)zDU_bW<
zS?seL2OIoozegFK*afrtalRVaa4#16rmHBXUNVZ?!MFLKI7eQ&ASrnKB5UA^9`99V
ztS5FkUD%3P;h7kB1$K`2Z&`@o5xQh!(6`8P?_=3g+fKyw5GT`H*=8`4zm{m5JL{{s
z{BcZ~(!%ihAK)hn5QR4QaOeK3PBY~ao)7x+#4Qo8o`2MznWRx~M@s5=3$82XIV?J<
z6mWu=l{kG!o7uQ##4$Ekz>JSTToBibX?6pBqP_ZC!i|KxO`KLJbdO`$DyVD6jb#Q*
zMEBY{xxeOw5XOX7g-AHRPCp4ZG7$|-8+<hR!@4y$6{XA+K=N(@jSr5IRv5bClyhks
zBSwwCMuo3{r8cDxx^+I{({^jl(U8Sb4Bz%iNq!4>d=jDvrg?^!S1(pgXGp4LZ^qD|
zHb;{RP}-TtyxY37dXt^q+pLJSQ0=N^>|;knf6a>)klHkqF*;d{L-%y#J<X0>F{FU+
zMcg&p#WDc{($VYvl8ZK;oDj<xkXPjJIcflvyiK6ffM-cioL%-pj6+z|t3q+_Se&|0
z>sC^~QdhABPyg$inU=3ni7OUe&)BbYH{G9!O>!z!L*KL*G;dJI2F@C`(R9#aeVAdr
zFcrvBvVQfkQH8kqQKE0;cgCz0ojjybfN({HPNZ+mux0UaH&q&cgdqPL--thJ@5t+}
zTu-Z}7i2At+Z^7ASupZBOUuTSrf-EahJ_ezgI2zF&78@dgVxr!*0xH=340PFb4O&$
zoI1TH!Ci?_3y#5L<6RKd(vAMpV7|L&ZH*u;aLiTqAIDt$1E}2dG#y5o1uYgVC#gi=
zz?y7^PIC1lqyYxG=fgoZk0W*rfYz4@Zw0dCL|ff~UZ_AXsf6TTo)pHJd8#dB)hJQn
zgql?-aTr#k_&bVQc7?}+ItkJ~+y^KagfX+5!!x$bb!9(Ao{6zMaKcaY2{crF_)4C0
z7xjuclQoB<Gb%FClHV06_zOp;y!svz(=)mSACik8tlscv)?sCzrbAls6{26XuCGzF
zwBi@Pdr@8so4`jFD;KC}m!Q+`!MxEt1$io=zGJ~q4@U2v*fRjNWHpAZacKstqhNLO
zh)n%xBDp|nOx36U*5Jt^ztlV^ZsbSP`Y=IuIW!q5v^zD}pK9#2iyQj}ij_1rSd+l*
zl}_(+BsHiZe*J-{fgg`id8SiI{MHrd>Ps<Qy&BW>c$&WQYP#Bx))LatQ=)b+><dty
z#Pb671r+UQ4dV9mKpGe30R3B50B30T9;v<jXp*RE*9kb0&p#jYOzHx3fJgV*Um2%@
zwIq9mAp3H~6z|CTMP{-Y_6cYx!_y|rm=Y_CA$&%7nyWVpb*+ri+RUXj8X7|v-ig_C
z<8tYdFLrzaPxqI?+nKt+L8AWOb>9@UfJP&FBj)ww<fCrcwjzR!tfbP5(&xr+{`>vs
zpKIt=53zvvIRV?hy8q0><>GEB3~aRS*5)419X&<pz_egmL4M#r9j&Lmor8-Aot3NW
zYawoK4-XG64=9(Tvn4kK3<h%pqyFh4<Y{N^VEeB+@(2nFa^JVo(OR2{(8-!QI=C1;
zH!-s`htknHx|=&&*g1LtBdyKM%pK@Ng<V{|?94@RvAGmoEL@c>Ox3OIjl@k&%^h5M
zjqKd)6&=lt_`pU|)^>KZKDgMl7Qh!FdawXg5-jkP78lzO7h9P7KWGTQHgUD01-L5m
z!ngzl_-T2-5)c>{m<J4@732aW<K+Vmae={n{IrPUU?}7tOp6!*6a0&Kd1?6txCHrl
z1^)IDfY1u?0a%dtzMBB=J>>t}Nl@S~0`vXd|Hokde~$D09mDgt^)G@6!u}f+fc`i5
zw-E+`-LvNb|K%hA;r%Nf3`WZ<04Rk}@BSOm;a)pI!Fyf^Um}$K2i}`OR}py9H5kfE
z%O}Xi2Zc!R!MLDMJ}52lOhgzA%16t`&jsb@1uzen053ofc-0pVpf2#3DSn_A@M32{
z2n=Y2a`8c601*fm9}fcaasfL4^KgM70tm>*52581<bnzULh|zg76vR2m=?yv&x61a
z9swR&UjDzm5s;RbmkSC3+;ZQ@2Pgn=gz(;X2J-`M;stXF0)7BU!vGRcKzd$YfHc4f
z$}30<72x6#fZaEP1;7C2=MsbhgP~l!JTQfS5TH3!0_X|h=K~ZK<bpr}(*cxVe1EYZ
z55l56fI)zfU_cyzD}+mshYz3&n1>&HFC`xzKp((@0)WDR3isv#ARscpQ~)4#-w3!L
zp)U*}Gtdg=2e1GaA0OnN79YR}u+BfN{9r*IT0Srr4?jPk5`r@z0e}Sn%L8%>@&Jg3
zi=PKD4*+=uflvc14}kz41#}XGAjAjEB>+P}2*M9gz#Krd0^a3?2m*V+4p6`&fOmNX
zf$#w^6c8A2E+2v>&<X)Uj}I^=4ABc1EeHi@Ljj(ENdVd~;3)9(?+(KE_aGSjk6>WH
zBY=QVejcD3AT|)Nz)p|{icnIJ7qA-udBF&m1LDE}8vq#0#|zjOk!|;pA^@lk7!W3i
z@U<WpKNJw37myFgRRjjY4G|&;S_lN?Q$RS12S}rPbni9<0%A!3*zp2p00!J6319~W
z^9bBSK_EN<Hb9I6Y!I;x0fYps1o#vf1h@|&B18~4$jc?b1G|@n2a1RbfH}gs06zhQ
zuX%x(222D7Oa>U37f1*gkokZWc%T9R3m|S_V8Bg0faCxXz*`8z@&Hi@L@gjXFJM`O
zNqL|MK@e0BwgWI2h6qW1AgK_D7Ys$jwg4aOp0*$#U{e5tc@gdcXan(!NZ@<Y_c;ZG
zI*b>nUw~jRC}3Ft1MUJmj)*Q=C{Vq?f9(kf4In-~paLPB0<4ilU?{>&K$`sR%LC{M
z1L6w8hiC)T1rQiv3@BhKgpB}00+D-<?#&1I_P!?=0*pjN59FQ;1d#XM27p!wra&VQ
zB{0Cc021T}!Wfaye7p#05yAo*LIG1FR1<(G{09Oe9L6Jo=qU)q1{4BRK7c%;E<g}N
z?=1~P2ZRe?!UJRnATAV$C!iQ0G6@lUfPN65C;}J;1<EoYz5tMx2nb{W!tV&@+(STP
zz|s6*gf|e`dv8EN=zmg1_y(aXz!XT@`+VX<sDTg)APHm=FQPM$GKiskh%5vs0a?e(
z4>%6+2|q9x2vRU04gduZN&~@)NE{d!A7VNJOaVodS^x|1AV>qp5q<?~3IYK!0R#@B
zksnAWggK#r2La3jL<V33m;fJ;b$kG2Ku>@Xq6i=&7>H583@{j?;2>%`U=<)@?h6f=
ziyz@81PMfJ!S3rH3^DY+FOZo)XFv*mAUJ^1An>=MBWe*)lY!cKA2<Tg`?3N9Bhnc$
zcLEj!6hzcagh7G22gnFPNCiaXUuys*00P(@V9A3h-H0j;%&Z6t^8h<U@FPY+xq!kB
zU_mZ0Fd-v&@&G069wT}q<`7`4ATS8g3g`quv<d*l9Wko`zD3Oa!2ZAHK3%%|lL!&I
zf6gN4xJ7|82zN`-|9&Es&A@$r0Ia-5Y{2jG|JT*mJdpq2EWZu}1^s*Z_5HH)|AUra
z|Hm@y|BF5PQxn-Tq{Eh7_MA<M*(-~8UwVtXQ6TazXF)^{4IBJ5=L~ZXeRScVw*iaQ
zEnnGplh|2N4F@`a<%G*!%^;%&gO9pAg~ieOk~-2dnKA(#YI6ZY@icch%5V^&qT}?}
zm4IIe7;ue!*_6^mv$)>IP2o8sVc^iJt*s*`=ES%YiPJI47JPI)p-?a!+G$FW$lwk2
zAFB~NVUUJ{f{EdvPBrCSBPTfMxm>_PCmeK0y6{Kvpt@#ZpP)C(_AKu~!Gv?7eJ@=`
zWXUY{`ihNQ)I;i#FDDKD<61^1^xXgrdVq$y{k5I}_f1dXKUnM6H@@fnYCEinyG(vU
z^Hu#LaL})ae*{;p+4XU4Ii}0M!)XBo_e=R4`&A?zQn%tKHD8U3==qN94i^JZQNeMB
zVmDw-JO&Oz4~B!n$`V&>$`}%<e=<tF6fF#xVcYzt(Gt<<enEIBuY6Iss8eMtFKEYQ
zZ*eU$_C2bhFP^g2aft?8*6&5pym$NdJNM3fFouTJnQW1fyqH+$S9k8aV4cxOFGc!a
zepr$uS|U+z-m{3XptQq5c1@-`Vt6IIA7^a0v<gb#ApPar<p9RA57SK(X9MG+6U+Tj
zDb1goXHrr$yK=LD-wN2<rivyyq?10aji2X1q^@Uln>TMWgblJUvKO0^9rGKVW;fkq
zb>?R9D3~Ru@x<yUd&=HURgX^u2^*ALFn5km--W(5&7i-YOuaSeH2Oj5L*0F$$RR0a
zO;pgABt4t?$e(IcjIa^Pl<KSb=Zw+vThoK%HfFo4FL#XlMi`zm9Vy*!ePvxfZ&!Ey
zIYJrmUx~Qk%D+gsn)m|;Vc&RV`HCNO3U$RYO$;Wx*sPx?9l5b|oMP0jeY+F%<sP|X
z^t9ex)2JTXjg5M@LDe-s=cw+mTw_?(CRbc|{Y}V5A_W$Hc}=g5GnTv5Ppok;7{>Ko
z#Adj}?SbY44*Q|?Y<%_oOx<pa(kYp>RV<34UPg{6jU1a_BRl|*8I>7Bjnerk6>RQ7
zi)t|7zXb<*x4dk|w|cM`@a~Rc$T@fCWaHI`g6qNW4r1y44mXs;0gH?mWs6b74y(1J
zbP(=qHs3Bds9Uo|%_OETlJ0iw5owfS6rHRjCu#WS^um&%-$j&N-rv1x-nl6nYGNn3
ze^YR|`?>b65HfjTy6jMOTX(3{sr7RvTd%t&=5`Ve^0*mIS<)#;u}n;{riAp!H_$AZ
zo_~F4b57Pk{OckpCClOquocF0Cu}y8UmWXQ_$+;_>Zf?#`=Q3&Zk}<}Z>$OPj(Da_
z?s|T)CCb%^+S39zK%(xL)}>k|HJmnJDXRMw`>};oY4<`)CqAJkMpx2A3XTWa@SM;O
zw>;@2vWVg5F_)XS<2U%E-MX2u#;C%+gln3!pbP1|8-<|<t#scHaZ}<=Jv%5X$6==u
zGuQc<x))@fLKgX-x5;$*E6h1FzF4dYe)(W(i<hb5XM0MlPzOsQnB)6?wq}(ifzwwl
zbB<r%QK=PnH_?J~5<`4JtaA94C%3sNYlhr34aaMko16IRu)%sqi9I7-$;fphO(+w)
zmr*meAWrU$R7ozqz}qMdhPWhIw#GP3=UDyxq4{#rH`8TZwo$KSg2i*K2Nq)vdg)n=
zZd_$AwKhn7fkZ*w1(rKc31gI8L@jr0k+m~8URhEs19gVeNPQf_8wRYeX2cZI0#=pP
zPn;>YU2nVDf7^meTV;!=SL?w+k8urK*;kEbB6Q~qJ$*Vh<~d|JXZyC4#*}Xh^-Pxg
zRl2^{8T(H5tM-gS)fL9JWR@xE)rt5RqD3TqEL#E2#|DS_@x`8>99$joZ&#l4&(6h2
zV%+KmeD^A57U-;%_;~CX>W_LT-HB^^4eJnc(MNMyH<10&h%%PhGURqvR@IDsLwwNE
z;bY=Kfvarr;gx}$+iJj6WB~H5VCi{#2Ia6YdzM7@28A6zze-sjiA3S4X#VVk*rD2z
z$Gf}7oAz!chV1%~yR{MePiA6D9e-+9UuuYqx^@vp7jN?^KJQcbz1BR+^`)xnorf$(
zNtL=!%EkIw%I)V}U&*{bo?>m+a8PC5C0ChVFyx9m3l0(j{;ore!dLZ>`gEzb*7ore
zy>otWH8IT}(;Mm8JB?N69*jeWtFf*$lS2oE{9g=+q+{?dp&#ujcpIl-&A=-&R<dCK
z_(pP>lTt#G!?BDmFla*$<D}Tk#y`=&FM|e{h8!1^-|ZOElT_+3{wnYeO<otg(QOhQ
zQ{<oHINA2m{%zAi(N%OpYB%B&g+}t~{j(=!!2ve7F4vaJqU91v(H-U~-o6n@xB4+9
ze#2i4BrWp?J)rjQS*B*Mkc>WE{VC+HC^FnSCnx$daE=?FMrPkte^9hbRU7UXSH!0?
z^gT+iQ>al_>0Q2Z!TdnC88~lEU{7{YYxYp*h|e$R8h2_Vd+{tkz>$hs+fQ=2(a!(S
z6uVj1^4mgux9?hYky;Xy>$2BFfAqTnZ><oD38TZTA4RsYH-|I9&EsP&QyBX-*U~3t
z{*GL{bBU6Y`|V%Hr6X^&K3_;k#cLg+f5A=v<~l32E(*M?^^Ek;vfF5yO#d)m-|CLW
z+O-5Lx}EfpV|lD+Lu`u5&wGL{^6S<>v{maFO?1om=;X!kwL>@L4Bkm!(Yu=-c^ZrD
zz(Ky(C)B4$uI?E^7uid;pNj3=l!<IgLOy+PU}=hg5|B9k=KI;l{`8^6tny3miHXbu
z<vGWW!wVy$A>FlUPH#n(Sv&U!4ApCo#@yGFkj9lT&MW^^#jC{Bvy@u<bO+Y7W=2}(
zcl2uq%*X^>)JNSR-<UgI=GW)n-h{$I5oII0o42bsn;!Y+$;ZWlE7rZl$8_5ZG+hEq
zUPg;|UrD88=ZUF&K&PuUv5L0BN#`nksKY!u^sa0@K5y`8Z*9*W$}UQB97}x_ifaYj
zH(zy^``Kpxv0KAFo-AroDZLIuC?!LpszhzKer)7<m(S=Qg%W&P&XlwL$@q@#|H0mS
zM@7+e>*7sDL4rumk_3s8B^t;Gf+$g<5(J4#h5;0i928KZihxQ6B}mR7NkEe1BsmN@
z&fMz3_q*>o=R0TJ-}$X?-9PT>wWg+bcZFTMs;g^iKlMz$w@)wla}%aFxP$pEv^eJA
z)!22p5zi+93=NYTYyC*M&<{6adxq+V7A`m-x}AM>Zju&#vVQ-;4B(du5`BBW&F@mz
zMUfeO2xLzsEoyEk{_Yy}+jeUQrBza+T+Ox5-_lY|QnB$noxOm4|FQ_eQ=EY1Xt4X%
z(ZzA`<L($VG+By<N_6j^Eew_XT(4ok%rERUknp@xf0~(KDOh`BJl`eLNbuKhwm_$0
zeNREAti(eRR4aAbwyY8w3Yb6*t2+#BB5Qto17qTWPvqV2IkZC0qrgs!83zjY`i=YU
zVR~iNaf%cj5;{!&N;JDCwh1v+%S*pcA_X*$e-fgh4Sh5;!Xtb{J6`%X`TkAvXR;bG
zpKFqP%3{TzIQ8^|7VNgNOjm!AEA*K`bY9myrb6s~kEk(E8bCvd!OSQkxub_SKSZ!m
z%nplQMhy;Hphm>^`#nT&-9QCUBlZqznyX73hGIdN>%4KA*zDwmeYeRAEntNLFsb_<
z={B0D;~n`c^ZhmEU)0_knyI6xueZiNn0Gb3-eI2|971d~?8$B4PDev^W}vBFAsR@*
zYzDlT{#0H^rJT;%`$?7UcG@oY#@;SzEgzje*_p2w_i~)tNG1eOSE(wy>k);PNfvoG
zoTf>sRXz<V)+PQTl4Ea2wF_C+qrUD0y|J*((lcD#z0FQF(DPy{1fP<O7~;0$Yk#7p
zpmOaGb{)pA|5u;?0QSary*<PYSW4l~KU-`U{+EHh$*cbYdrv$a73=eJn$XK`e-(Y+
zJFQjq40j#J2i&KV=XC<q9MAC7ag;q@Z&<k=QYpZ`8q1=LT{E9NKbywJ)o2>T;5SL|
zFLPNy>}ztzyGYbbR+5|pO4ieDOVfSdd*AcuU>CW&w(I3yCM6xX*o}}*LLJVlb)$y2
z^3kcj1Em<K_k@?SujFCNRQ`U|7UB%_mPdf%*u@+z@D8mWa)1`I;HN5AmcHpPG0N=Q
zjpl;<bXD49V}HB6pLh_Pwos!<UM>j!UKv$`?}wBaAI^Hf9D*G3<Yw<mjhLniWX<!x
zciyjB#jUF6yGonD+Viw7is^;lSt%`-V6gWJ{TW0m2JCHe0T&wK<T`#;U{0=6pTBAo
zb6{&U<K2X1s-WE)rO^56?X<?%Fuakf*KQ0xZERT3V+ngF>D8Yx+v29-fq@U8FmkV7
zU)@R`hj%)KS0W%&G4#$(#qdkHP=lLL9@pN^SNB7tL_89k4!RK12&28jvhG;e$xuT3
zQFo>hG|0!JW-^TKS!7VdMI@;M9gOy7Rl@aK3u(-+=@w?=bbbykkc6aBe<Xt#oknW}
zkXx!zLNh+trdee(R(LYxkQ5uo$xs(JvN)7njr@*eC1e*fLu9mzbYW#H`4Z@t`);fu
z=n)YX{ggXHan-S1P6=7TMW<tjZxmrs5!76lhOa+nearDnX7uf^>$UaPdyef)Y4{-B
z_YV~)kvgVsE{1XinR8H_#O~qa)!DA_*E?@iP4UIu#L){oF5QpLU=6;XYl!@L9-IGW
zd$7!B4&2IT@uXh5YJ?I>?ZFlYui2PslH7SqO4HImaXg>u*_>KvW@zohq6vPr&#X!j
zz|i@c$io0iNuSV+|HALrCCNDZ8&|Vvc5HP|`i@^$^l{tXUECjxJ-aIY_lezOYiOjN
zn|I9)<E&7RNVlEIl(a~?<a!IY;Bo4#h{f6^>>&;$lBz8&*{b8+Yc&r8tdSNX;|KR0
zP?ZN#ngXU3%Ba~ZnI3a2l6DD%x7*T;G&He?*ga7X=yT7Q-WgiGQ6l_1aqQX<ZY%(Q
zD?r&UWpc-B90JZ9eWP2=f&;8wyU0~z=ergpziH2i)YsY1x&o|sBJ07+kvrt_MA`)h
zuZha9^+gO1O5gH7Y&5LSsAVfZ=VL(=#&YoT=*LL?$IvR&tnYRtv}9JnRW3Kfh-J!O
zSfE2J7@H*Kx;$q?Y!p>3SMHEYV0!)#HH-Sn<hR_j$92@>3FTdzNLx``#wsK9K@@4`
z5=`FOK56p>5eDH1gPxG;!qH0$YZ<79tg24?ZS=~WWh{wzJ2xV;?vVw&I%W>Vx?W^!
zu{JN_M;;ROt)<IP+cA1&<n>Vuj`P)8>qe_tRsU<w#C(LLp@9JOjW^X(hTbsb#f}T`
zpVd>me8~zw+z;Fk_{t(p2qV6G12!N%fcO@f3rgnvfkAx7Q$6>Z+iuPuAZ^qA$}-AL
z;>G6iE=uz8TY^etyRCZR=Bwk_hWT65gK@t2d$zM@iRu|+@PC$QR@<r{>v4s;nvtZq
zX+eh~&WcRtD|A%|<7v<ZxZQlt%BLxIwcZGqp@^##sh#b4wLkC8c^hkCu$9r{b)nkm
z$rdFWf8OK0SGS=<QFC@u;az2&jow;kBMa@8$b#|^G%em+hbZwgL#%5kkF^e0%`-q|
z3!Z(~oT`j7zm~>j;lCHvU?M5<`8~Al5bnfezY_3dFO9QmCY3<^)@W7+^Ax2Y>XyX{
zx2dMYmX)1F{ea$N6)v7Bu|@J$v_)Up5%WMiT#6|%Tghg$Mf>aMnR3NxgkoicMfg)D
zSGzb7WzCE_i{SAwUz5v7xpasabnYnWm7$BW+v7D(rOY8UyRKcIE<qNH(Pige;x8b*
zYllJ>*KAiSPR^gLb-c>s`SL@fW2F=?DV^JbfZGwh+Hp6CO)K;!n91<^Q5M@wQ*K2=
z!@Xb94)36Ft8fn{U%SAD`G(S7Qzzz36-s8aVTE2q2)1BqjP2%z1yN(Yy3N}%C$}eA
zXu7ktuMLRD$zpD*K5KmZrg?FwFRE!&hU+8&6yP};?e~~WB|}7c^tDa$X7tl%*n*ih
zqiN2BrnjawibUi`-=2k}wCSyJKAib@QcO(=xqcA)fv>F6ROjHOg=MOgS-7WBn>ch-
zBMfe3iv0*ZJ>AVpXT4X~Lwe*Ah)tFj5YC>0F1mWQc1V%r`#ZmQYxK&Gcs!OdmJbtK
z?h>YnA4m_@?<rwTYEL9J(>H$LKZh@F7l!TVdFA-Ln`L)RK6Wj~{VUZQXSv@DofL~x
z^F!rhTXM{}+ECetF8oKGi^ysTn$ZFxN<WKfwD*2utdr9%Wvt0w`<=2){vPzir#K>c
zcGR{Dvk9;&4`gJp4EAeLk0#XYT4!KKukQ<tW9LAQHVNTE$?woLcjhnnZNFgD^tE|^
z|D*?j=ckr5UF-UTO5zC7Vr&SRD`{4bM4h>J{D%4?R1i3TMfVn6V<Er|p*c=;sh{TG
z#WE#gqjJ_W<?am}Ku=`nQ~HgLtJM4+!yDt~f$Tn5u*NH*5iPRRe)AQ_uU@}I@=Y$O
zpfk=whBQve4cKavGXh6qoXXC~=Lq}5lM9eo&*EDm^CG8E5Q7#OeFNufx#ha}K@N6p
zkO6_-*%O2YXokyor1c2&o_o!s9TP#k#2YxGA@|ub!fsV(Vb{htTgEXkeN^!FuX$3~
zwx<IP^|s!Xl)fGI#H<QxRsl*a#v;XdT_LB>AT3=vPcXqFGXk=#&rm@IH|GlO=MZr}
zNhLhL+^1Kp6;_~W21=+z%=sP(c}EioOBX2Jb`|%tvifAN0;d2hC4`qx72v#Z0R<UI
z`SYBgZ%yF8;t>M!&W3avscvJE+%XzDYk(JA>y&wVy<Q4R&c?14-R76atHh}-2hDUN
zE8yPb@9v};HR^;)9XvnVg@*-aUz=j0g%7ow1$=TRdhK!-DhnFN&y!al?``4`xQjJO
z$4~3l5Y7LAw9Ya9EHt>Waj+p8d?s_6hOi61>q%dR9qB)5L<!}+!@iA$=LhEy%I!8M
zSf|sA>&0Viw0Rxedyg&1e0nb^ro#EPDUSyB+`ml|bXFek0tDyDlQ|mKfO|)UV#NwM
z9ZUTga-^j6JGg|Y&|MwqcRJ*lcNWss!g?Jgib+71IaEL>4bZ$9VQR*oL9KNlp0}rw
zdXj3lv>*vxJiqLZPzM*k`G3e!^a;ZgJa4ifSnt><Np-<E9jKa$pVy-h)K<`0mxMxH
z0Si;VsaPj*Vkh#y%tuog1GE&XgEO~v-<t27fD`{4B^>u>Hgp%KV-r9f&dH4<j$eTk
zl3;QsaNlTC8<@pxHjjbxb;n8YgzBG0d3^)dMdf9OIF^Jy=pwhArr3WNG&b?xf3SI;
z5)vDfl;7F7LNgB@m9OL2c`vYQB|(2%jTI7S;G{jhiuLhDLY)NMzasV$oL`uVl>|5k
zfljf^2<9gtmX|MaeS!);xs}Q}yT7HXCT{)&ci6gw+9eCF(>_|_$L|+tssSE6wN=Of
z$_j9X`|%?z_cJTF(>Fn9z0%as%|Q3@R!&|5|J4J~DGc9C*ReXPnX$gU13IZHQ7w`A
zKTg%m8T}~!T(w~I8w5{5AUD-EI-&V0gn77k(DbH%t{<ZL3P@@%gNFFRP2#I)|J}@=
zqmZQ5RtG98tHv57S%xYV!T3?}Abg7W&v`a_;ygIL4lXB}%cE;V7vIap;Xjks#hQ#|
z@`f^H2C&>eorMyfwC&el)+3nA01ra%{yh~E0+AV1gM-cH!ENaY(C4%<Bk8~gEO%*U
zvP~n9-Qs>QCGw53@q6srjGridS_ix>FazZ`qw~r_<VB3hduxJ7We<#|v@0((y8#uS
z%c6?NzxeM1gV-+5<)1S<zsW}l4Gav+8D6J<;Q*Q})21Wkq*%1K)}6~w0o>9#vU(;#
z7myDcB=eUXeUrJM8V{6X`CZ6kp-{AvqBa)fRQ`b1jFWj?&X?yLUCTWzQ$Dtq*>^2e
zJ^0h*;I1{&jX;n1H+;G<S(-A*?I&;-k{GENS@&oye5$TmtpmF5<C9U^RP22)#7Slf
zxvp%D3kn_BsZS1Ftc;#et>HQna#qo}JVcR-t=!c!hK@vDkavz;L+z<2pI-u~%?o$d
z9GB+1R49+%NtCf41jR@>)79A{bD`M5rL`JnX}su4MK`nz4DbxhoLvWhlL?=4d^=i)
zv7T%%W(}84_QGCXSE<gRkdtc3K4Mo>v~RV+9y7o8diD*KFF}2PU|WL0J|i(vJ$qDh
zi}C15lmhSWg=hY=x53p5MD?>n&Ekw;&gG~_#u?mSFCaTQI(B^LEJ>^ny^CBHR(Lp`
znX{n96g43);maACTxO!0{Xjip9z3G9>M!%m3fiX9ao9l*n3<xy3O2$natlr)3ob~o
zyXC!<MKTTGw4%c4D<sZIXu3>3%^`^P`LrIDUBD#2`>t9puf-E8N9>#kQ7&W6`u6X&
z*ntQ~Iup!yL4-ARtK)P!?&#2Kiq0;I%SxL{cfs8e-3jKfsRe82kxc9j4o%&+vQ&X>
zkC(g=BCL2LGaef;M%`sX?R^w_sqPg87hbTB@EllBnrG{Cv#5w|^+Yn~+&C+}P8hvR
z<D$9Q^6e7#0~Zd2T~Ncx)ZT??l1Mf~cef+9-$tpvwTIr7=>1PLIqccA;s!#4n_qBB
zo|Oi+&4tgd^O@MuDfs2&&qj^CWxP3XXR~GP#YI!I*U6voOjhD5rCO=9oCAd1*byuA
z>t~_|m!I)3oM};vPN1E)Q$a0|5VXcPcu5c4+EmKF>6d_=#&AE&)0~jREjYLrmqn?+
z#Ypgitbj`D?mm}KGx-d;!?_mROSg!N+}L)jCIbr#Z@pskbUPYjLa<mky=HT-T#oXs
zNs+D1w?0#7_0`*N@5g!bD9>W*G6p`@-M8_ig5-RxYx;c5ru+uiN7D^t<z>D+FCzdE
z16!HjAVq2)C$1g(6fo-1v?x2Op}Yo3-;ytqOWmq&*=kcRxpE$HIFs&5T5!IF^vA>)
zN+K<J_Wh$hXylsV3%)O{M0S*qS@{>Hwx*JBM*Siv1fp$-3gZj6I*9JqcKx85X87vm
zM<PLmt%+NCJA`?GEYQy((fr0V!Br*JNdYkTOxX9YQ;s?`xe(xgD@4v*ewqNE)7AYF
zE)H!78q9w^_OT{)2+i}|glrtqo?g_oUbA<Un58M7n9?=SsD&`s_A`v!80R04D~u36
zL2C69+>WTUK0cA2a`cH(nRw6d*Q9c$`Cf0t>)2|(Wau6%q721a%J^L+^lASfL4oLd
znprNK$L~X{t=E%dt1EmU!}+q@?Jr5n*UGM+VU~BhMEH=y8)^`Gbj|(EMwG*>>OQ2%
zRV}uorZsfHpRT;!mNk>`#kt5Wm=w}=G&1T6G_!4*N?=EW_cv7?hbLrxO|=L)yYXJx
z`=Io;cePJP$blh0ol?{pDO!cugYGSpG?WL*EfPJxXq9~4>v$!3l*9dBwkqP6;Jv?r
zK9?xRLpY$n4;S;#ft*dj4_aLS_Zj^8XKPC$|M!5LLjM<moDwkT5rg48MMnw>!&d+(
z3*b)v2H^yFIv9l_a^(+%@)V2-5PfhY0Hnd-IRQiuhCl%X)*li60tlVIlKv6@<okCC
zV4?ml0&vgY#Zx4xI6x_3K&AkL1Lp|fJbyF=z@7gFeiHy=U=$$$z+eDa0EYDUa~MJ;
zC<$ZUBmf=|ND?A2#0@~7U^Ey2_lN;t5<mn2m=KUeVDKG)2T7cY;sEl7K~2HXLKtTz
z3S-#-91sRr0bC9Y`2mnm08D~K41f>dL}3&w5CMJ^Mz#q_0%#LlO&|eWn-Gj(1F#$b
z7Xx47Fmw=nV{oBxEP&F(Ai4lZ^N$3h@UFlxFA+&NDbVx^z!Cu&AkM(I2#f*)N&-M3
z4AugW#ZyTVfOugMz#K7ZU{Ikj!s=8jakzYd*@MAS0E`DPk^qe*0c-~(4E7D6)nG&$
zs4IXwfqS9=Yy>1x7$634TQIip6!Hfo0NR5k5g2$1fPOGy5vVDKkpK)9Xb0d(lCXL(
zJ{Gn&fLsAQ8W3S17C>AHiNa7gfEE*n`zvTNfMEh)G63QNkzqhGhzzi0aAZs)fvf=B
zQ3Tcy^jl$2WgrW}KuZ{{2R9x7vB9wcTuK<gcY!D>c#6LSiohZU+Xf(5Fu?N)Y|Ja_
zFvJSj<5U7@D3>SB4z>^Z+-x2^u?A>x5Jyr{T;%@@B_%vPgFO%axCQ?Fvr$U)U$z2%
z!TYZja6orbS|YD?qSvVzJW1A7qp3zR^}Lph0bAISkhqRj5I1m=jG?}2s6Sf0C%Vy+
z`nG$AXfs{B$%-Y`5G2O514vZ<RYyqFx-V*RMicFUp4dZ=NY|icq<th#oc5;HkZaz1
z7gD>jG|djd3+NUCy$9G%D!S1pcMkOt&E27CZ&1TGHhs4S`y7zN2T2g*I_KesW*9=B
zSwLjf9wWwHONEW9NZ%xII&?qeKyyNV4zU3~xSiep)$J^3#hQ+b&MkoM1O?Nbl*IS|
zCKQ^|pK7d*U3O3GdxRQ=qgAm5#ch7le@eb^Y|ehX_)y+xOnSs4oTQEzt9FQRztrOm
zWm9p*AS<+x#ISLvHdNs@7Q#UwtOL;~+@;9?k+1_Ek)P^VJc^(1@D4?qk2^g{Q^SUS
z6+CvTT=_}9EhYH9{`wWaM~$hjiz(F+MZ@1)4{#vyElp!YqRc_|B?a6`PiJG3P%Ea=
zqHr8*=r%hxdM=foJ5?p3Nc1waL7GsDE||6%eOP7Wp2Y^mD@>Y<>!6${mTu&cLz!II
zHOI0hG*2%Ml0ki}8(Wl1gnl7IyX!>9mA$!L5}FWkD7l>5k8p@4{KB?{R90>G{qS!W
zp7Q7lKr%&)lSNT!apB)M_;9y_o{-Y>@ZmnGcV)yZfPW!#WN|uipbKegZw@>6%I@74
zvLELc0o}<LvfH$aOuH*$^wCt<t}xvRj+giFWGj;>J>+WMzB2;oPQtG)i^kQStCXuj
z-_J{9yUc-W6!wagOIwxDokLqTS&N%>l0f;u(KX|_Ujq2%V|M8z7~sro+TC>#&3IlQ
ztu1RbW{p!W2`xusqi=k=1_)0cvx)=4li8!T*a192$%L@c(Mgqf=?R&+cx?5cNllbq
z3Y5v#EBncu`m%IeemLXx9!uwCtmY;$&CPR}VqgJ0h?56i03Qi2NvEidZfrNiMQn<t
zpHndW-g$O`nV_=O#|Q44?VUsm)OBe&7LRoKV{g>l#G^cJ^GrPRR&DmUP0WBoUKg_f
z{tGOCFJRZD+2w0M!7iZVHL(h8vfLSQF{f!Eb31Z(6Y%)hgYOcCOE+aMUc`K#CD@V>
z{L|+W?vDVS;mVG{l^-I4M{MGEOcB$s96n9QtlU_qQKZC0I1{H(HRla2YeuFEV-Jyz
z$h0BDg|TaM8|$?T17cQw4do^z2|3DaqGpE-NNba#_qbZXvUZ-*cv`X&Sog;FKsfV*
zb?>{aM=xC-$v_hd;D+up*1i}>acn>;e+EQ22O?a)D6aPz<~s3&_?1thm$@mQv*4kF
z&GA?zzxM39(A0)Ds*PD#$$xSN`{}HY$Z?z{Y9BS)&Z<&A1Ka1wj4u$?u-_o6&qgB0
zx(f+)KEtdh+Seoj>j^JlJ;}qHQg9r@X^W+LPF-6s(Dt5NY*x^p)~S!HZQbUY`#pXx
z-wa=6-#bM0FQ<#dWAnF#g3opMQPi-T*fxSCZ;F_+V97f+U(8&Qgqen}91*KaC&Z>i
z79QRs*YKE(EUV__Vs~2VvW|pW<~K7cK@ml?8tp^I1TTe#TjOcIGAAWfIAZ<JjM#kD
zf4<QZRz*A5of$15k&-I<pq1vFTl?ZB%Oy(Q7I8W&+}}fEl>XnE+N-xL1CI7Pwsi%_
z4Qgqi+3A+sfFosY-jDg*=8~2VU$0xMFfR88l?cxSH9&H5wrc@_@A6~);v^#2yJ~-?
zrdlpoyeam`sDmcp0&n>D=AA9;8U+I@hmv-D#;eJy#eQ`|nR9^w4<;fR_SHU2w1u0V
z@5ENDTR^CDojvXjnNaazFe&!C_9FG0j^9e3wI18-z5~Zeo+ZvRTPi{5Q?y+-eUr$N
z$zm5}v47pIhY4ZlWn$gTUlB#!rzOfLjyeqcFfq*X(CGg8L7`86>cvvx+OqAM8Bej<
zmOn4>my7Ta)La$&-a?;n<*Gkx#MNXqG8xvBz8WV@O@4k{aOu`VOQACHi)F9QhMj!G
zx%8HTMq{T;*xW2r=k|))xvcO*sZ^?GQWqoMjvfj7UG;NFCyAPKb;a``J8Dx4Y^+{+
zkF&qOHs49&q-e^(_BbKzoKg{E9`^;Zqhb|;=m4*uA$lK26#IoFl>J3dBummzUI}`*
zV-nHv)rR3qk;%VW)T~iECquct@{9$do7blb<ZPcpJ!GXs5L@(mA?1EA>#@^KoG2@u
zV~rIJo3|uGijINxW{9<4SVpehjoHlEYi~m$SrF#*z3X=mnO3@K>}Ita$cK*P;=P_g
zF`UDS^IqZG`2};<4oRICs&S6)&@ITTC$wzFld#Yk9MT3G?-VK#?DBMAEB5x21v{!>
zl^vR~Ok9vpPbQ^7BKo$*?w~C1s-(>sXJfs>ze>26hO8{X8S0f`OpT3Le^p~H`g7eW
z+%qxkT&{A&kF~Tq@23QgD*jJoup{+VP$m5fmIDpzbcL6wX${Qwy4_I)I17AZTR65+
z$Guj{IOit63LB1wDipDv7~g0ME)Dv2f$!?)<DKki-|E3667$9nMs^<~ju&40X5+M$
zqgeYG@0JGBEfA+a^$YqyVE;(^Z3YPo_QJ<HIXgk30un*LPsuqrU#_DN>NQJ{b9K%3
zM1<v|<9=hZSl<#iJYv&Tf9T4A{Ov-rp;D8perg+OzsXE&EQ_g&pTu6aW_*jaiJqbJ
zcdn><T10Eq*<<p7N;Rzwl_N=UlT*g}0DUdui6U-$Zw>vJL6{%8j%r#9|5Lu3k7v=t
z=|bAwcc18XxVH%5i<b}G#t}f6<qsGT{J;v&7`b-Y{A!2&E#W?+TW%cMYE9i135wz0
z6@shY*vu2o7Y%Hi5C|p@U_D|*cc*stKhgc**W7zmo{u5SYJOmdfPYmowS1v~E3<xO
zj1H_E-iWlayVuqfT=j!&sG|JyTBxU7>RkasqquETM#!S{o*}O5d3TBQ4rip9zzSqO
zIPeR9iT~|X&Qs0@HbCyq)G~?N!=>L3x5^!!ERw+L7|#`565gP_BmQjd1*81Rm~#K@
z(znYQ-R9_lZw!tqE6+{WoBeZ*?z=T~xEZbD{vwxR9jXxJ$5PuFXDzt)mBLzy_j#d}
zE#D#Set33@yp*$BwHJ@fgCYXkIrKU2=DP$1Y_8V}K!p8Idou>M_sW>~{VlrhU4?#A
z{V43mT6vyAwlZuG<`Z*|$A_t<N8gXp5#O)sTg2ugk<HgTs%YYT!)tD}I<Kn?Y`62f
zy5BXJN=4JXsrs?f-Fl*%I6ZPA986x}95bCOf!D#5EA~w-MfF2GXt%;AbnXP^iT6Fr
zX0-->?J<8`-=cZ=CXCX7Lq=I3z)UW6J@xbIn&4sD_e7k)htZ@D#qV_-5h$WvXbUe>
z^Np*9m#LB_*x7`4*sd+TXrB#7&1(}B;9P~6R;i9JuP-R4vGq$P#qc*i{t&eHY2UF8
zUvVSfX%Owg;F_$%Si8CaxxeBIK;&@0p6jw{%rpA#e)*G=#QE;uVrNhxL)_Yj-jVqv
zrUXwQyT{p+>(Mi#OOUHPL2V{b>rv%6lEX<$?}<p$daY#m<A$<x5zli+N!D~m=h1=f
z{sOj!#o0JzjEs;i{ZroIm1+K9dTK2KN2#mOfQaHW-}+<CG@BYU&k|(M#bl10iY+}F
zVxM~%((Q#jNFJgwntk757!s@p3}YB^wck9U+ogB@EGq01&JY$Ow0EUHqb7-OTb9kI
zWU}VH2KGcGiJuqE&cX|~FPYs`$GUexK}fPN(gg27p{0rOj-T#7nbQ(vO*TyQG1cC;
zyfY?g{*#%Y?Wf^45>JAaH^09!i7jc`iF^GjZw`wpH<-+Ae1CtcF7{zxYemyt5{~zM
zAzfMfRb|N|K{%s9B!2nG_K#@7UiBL?b82@|wzc>FXiH7Xurog?aH|dR#$2~}Ss{~y
z$$W7tHaPN-B4#~m{q~{#gXM;xJLgFYw;jvN2v#?Sqc^86|HNAH+soK27n;_PWhiXm
zDrgVR-zmWQu5Rb`nTRxD`3*K=OUk?2^k?^F8N2(Bc(fZX%NX(hK3Hq}n8x-do7BGP
z`pB>5)}!djG^LXz=6q4h>~gB9d(&p|OjqW`u-COJyu%MYUJ6+>$+lMI%~KsmweGd=
zxDb@;U*5g;%&7e}lCjV)UUpCRYHF|B#eAWDwk*HBi*%NYtS+)_`=wobEv{7}t&WKa
z6^q2RkrKouK}xu28YA|I!}9FHpjX*6_MCWuy*GYKi;<!djB2#xvKNSJyJ#{xZI>q<
zes+IOT}OStd(Mk|<Z~!#(v1<3efphZf2|hhhz8@KGa_kx&k(%ZzXrRh6m!1!lX#i2
zy7RN)^(__gax<6wBzb$bjPeP8l1QxD_m+;BTVElgXFp%7ktWRyKM3WW=*9_uW0~ha
zL@zmtd>pfvus*M4zeE32Fok)9hOxivNa>MEb()e5R@p_WfR>U+<0jQ<jMi9XoC8=v
zqMOL_3)#`KGsros*j$h=ZTXl`u7`MNjGWhPR1Fs0k^2C{NehvMYMM%knE9Q&_>X~4
z{R(r+H!klNbIqX*O&Lu^m|fadRc8%Wcg+M8@8?ui(b6tM7J4q*%r+UlR<Xegpud4Z
zKj^FT`(D45PLUzx+17i6AjZRa%@0r~H2h{0%~weBqsr!{&O^22K$G3fV>H%HKW<9=
zqk@4~63)39-E2`szs0P)ah4$;!<n12u5E@>#jR{{XgO#ZV)V+}()ej@-PFxS`sFvb
zn|B!aB^Nnr_(|S9=WAvo6=FDv{F(F4O<QfOGAQT9o%FJ9g)f({0y>r4+%9)KV~XLd
zuOx^#*)VDC#k6NaJS*LFM72m^wKN5$hlz{dPPVL9@RvFah-xjpRyu}WMQ3x7G`uUw
z6XE%+<XJsXd9}CQ<mxrLkIamrpTLEyei}O6QWsrQUY!LG@7$r)0_52{CMUys?&r&^
zeyWYdKFAyoKbzXcwX|_%ymY50Z+&`pl)H5q*X0+}NSs7(GA}_(F{$|^Z*ejZSDVZ?
zkbmS!>&uT_nn`YMa8uDGeZu*ODeKwSy&4N6YVXRcex4uZvvDMb3<i@;xjy(u-X*vl
zwe9^BB1l{+X_^=>r18%AE6#1|nsWjAwN8I!e5u<_vz+FKlm<R?7Rg(t#e*e?q<5gZ
zPLN1Kkx^czcdH+Z;VlsfK_l-Z%~J?gmcY@ET+Nx>l)VG{SN0!On(0nR!}aC8{>1p9
zmyV7JF}&W1o%s1rjQGr<DUhv-%>Io+NBz$24zwksT6fY@_3n|cqzyCovDowb7Z6PE
zxdf=Ls89i3jx)tjY`%#0V?fnmMkT)~3fMc8JFr&>FCNIuq2`-zy<@M*qL<^E-=5mG
z`ZTGM_qZ{L0q}HC0iKQ@_3PJxXXe0&s3yz|_;f5QSDF?OeCCB&dbG;?8G#cDg)HiM
zx$Q){%>jU&gUT1Vc5-mCp7H&fvwiyNyr5qkxX*9NdyMT5965|^JHVA=LLPQ4<NI}I
z{?!Ae7#$(mI3D6Q$<aKF1Lu=@<930LlQKzOk}Q%9_*}MVaVpBrNr<~lj_8rH%xjM`
z>zc{<CExHs7)9+s&faq;$a^5#49|L0QX!Lk<flqG*E&x~^7Yz&i~WaCog6^OA*?MI
zAm`fT2@Th5qCN&?!-O1+wLbQFwJ5y{oJT)TP}bK!+eHanW(L#?{`&T*@;=i~%syR=
zwacE2y73~{GUKdD(VHmO<4GFrCKp9N>1J!M0J%s7E_pHC4JGkp*;HQ@%HAfY2SnX&
z2!*8fPEv`~G+ESkn)ySH@+6@jp(XK2j6X;<h+gi5Pp-cb_@>Auzm`84Wfo0xaqrGX
zi{ni$;K8ZXA_9~g7!S_oImHq3V<E9F*n<<u|N6|JVsyUn+VJ^fAx8dawwiU<!lcP4
z{gAW9pZCG^rJq90@oE~A>N!87y8<qC+U`~C9>X(f+jL4fO38GQ__rU?%&sVoxz!Tc
zf?vnF+unN*qU53rB|0ca6;EQ;OZy1+>9|?Da$b>cuzh$gk*=|eov)<&Lio}gP9-@v
zYb3bgcv<^8gBCZlsT_z9pe-xUv8iU+fj^XG^K(6LRsNw7TV3k$l_i27FGQL&BG!=)
zE!Yid{pC(}w7wBYyjaECp0B7e7SkyD+zY5Ul!*!hsXY9RW2np(G?_IJ-)he-BumJ1
z@-<e4r&y5yIu2I8M#EQtj>B}Bu!C@470=i7`V-vayifLo$F;Kyg!^&x6<q$zdf_7d
zHG|~5c4v>Z2ylH(&CG*?BTZS^Hqf4jeAIG~(ba&V<@>~R3?^A_SjR8CmlvMt*WqSf
z2`>Vi97dh-OwQljFImuA9WJN8B{db_e2?sF_iLCL3#eAO5A~~H0soDL`n3rv@WVga
z#0VYTM>5CK<P$eY@PodGcJ__GNKd4!+PYCdb&ssy_;5*_u`9(QS>Ekh0zt;B&x^2S
z{pR$(-f(ByD5WR|LVrl<EuVgF;_CKG*gl(myPUZUD-j!5lV?ks=0=6K2PC~IXXTPn
zFBBa8nIMDc0J{!`)Tih7Os<BKx<yF}qTfhGbn=;UrBfUn&mZq4AkxrjtLTd3a5dAY
zw3KHR5b3{aMGx9Yc3Vd=6KmTJ;>EJ2!^Qk_|BbGj=Htr%Tnm5x*~+Nc|2_ZBmH+4c
zH~)s4<KH`TFut7s?Y;TKz5zBRpZb|FtL=ioG4L1r1|Z0QPr(AcB-pY1=M*?ngak3H
z8xk-h2uy_m`~<)c1GdQjI|;1+Ujd#Ea8D3+6#);21aK$;Ss1f}A2?B93JM@gfF1N;
z8?_|7yB^*u4-*l99nYd*$20Jg00s`QUs@EnH2~KEkYQ#8c#HPwW_fW@c<VRV7%z0{
zCjsOa;5OJWj-d&;0^CJFf;}ISus;Oelr0K-9RO7VCLegyHgL26mjxh_fVXsu0&fGT
zvM9XY9QHm)fDFL57+e}4<q!d$H#pX*Cj+JzfcJf0fn5_~z~cg!4IB+(Fv$b(xk&)R
z517^f<^usP6!;vb6ad~8QJDDvs3|N6w#ozT04D+1)(zY%uuBT;4F?`QAc?^?hW$I@
zKr6UXFewSlwg9_~U>V+(4)(dj7J((0M*#Rj!~hckoEmIxhvh4<uLj5>VCOinFJR|@
zB|s<u%n7V6CIMv7Rv32_XdH3iDFm_z%vb<33V^h*?*wethxhP{oRTky2m>|<nC$>?
ze!vC+yXj$348#VKAe<Js=wLPuU^T$lfQfts!&(6xK&Q6>!2@g-j9(Al?+#lDIJ|%_
z4NeTGJAhGvI|}T;2L)e&2@hbN3D75iLkYu*0XQHqj0|uOg*{Bb;|6yj(6NNYF#b1K
z0xd5pb^};RP#pGzfgT|Nd$iyRg02tytN@t;rXW}=KuZG13g8A32Mq;8A<R~PnBf5K
zeZUYxz)J={6L4%G!m)w>PY}4FU=gNi0Ok@C1;hk!>MJm90ZfwtDginI%xnR><N((J
z5P^>mm>xLwz_SAs0X+~{9wzYsPl+&SHXs4ln((P35O7XlWZ<5}7*h~KG5}LbfRf;7
zm`4b1V)y}rNdti4VU7~G$xo?NgkU-lU<eQubY;*@U^4(>5zyCQ-zeO6KnoFIHSjco
z-URnVF)$zi2^5Yo3x@Cp$bvAX3urvhNT7n?>4E#dI81N=uEEU@OavHaFx3NW5Fjpa
zsKUNeP<;$%33!Hp`xDb^L7xUD15`4=bT9!0Ou+#6ao_<5*8!&lrn{a#p0E=T=1vd+
zgA=9|PO}sjfnA5NT0k4nhv0`6*aUVV0ui(okU@WhEeP{<fSf@S!<;EV^*`(=AWK-1
z5QV!PaFmL`&oUSYVA2rKWI%vBGB5(@LEwRhMZgAuF_{?57XzLFxIe@0SIk%^DWVRd
z07c+|Pg3OnkewmXjz+`<{7(V=`Dbre@qg}jB#49{oKZp?@YW6~u^a+l|JC0tU}fD_
z*HHkG$jHcOX=%X;K0ZDX5fM2#IW;vk0|UcFa9p~`$HyltD+}&||Jplq=FGWs=RgE1
zDk?fUI`D^ifC5QIM#jX%#LmtR#KFPA0sq5y_Uu^@=fZ^xARks%R%vPJ(_0{aLPA1N
z1PKWVhyV%&$u%_8!CmlId>~I78ygA=3K|+3Q&Urr6)5f>2~Ud#s)B@nzX;-kQdn46
zPBl5b1#|%MiHV6%3j&%@Qc{9!fzFKJU}hE&5CA$qdh`gy$HvA6ik-$MB_%!89K;9N
zo+bgNI86oqLJ$-LY6QwUO%B4pD+5YA%>ih2ngggKDD*$(zzz-$b`A~>pb4;#l9G~!
z#w{%^Es!CoJ5VejARr?nqqMYiZf<UOcQ-Krbsdys`$Svg4#dn18s*O+^|#~JUx(p8
z4r_3@y1s~yPd_~h|2i7}-O=;Uj)@{V6;Dv?pFiXvX@DS-2CNo`j}IV-Vf-%-^`aNO
zQoxXzrOKmOcIzK>tE_D=pRvfaaVFW~+;+Ysm4q8y8R-&`?EYX_c!q&~nuS}nWNu}J
zv!Z-UDT|(0R7FMXX2{(!mWjPE`Ir^^f;57ftg{h$9H89)IsV52|6_swvB3Y67AV_}
zr`NHPOvZ!qzRc~oCM<n1Tz@W%RolPwayP+C$0o~1Dwzn%`<!OC9?Wz54PtY!ei)j3
z<T?K=i}j3-)su;Rnn~58MFgS3Th)oDl?Y<T!21<@CfCV6_I^wV1o#8W?X_nOWVk#W
zEs*Z;uV*$3SaC~Y^|WA_B6cP*+QKheJ<|4iBv#%P$-Fa?_+{T`%Q$CgCV5`|o0~<{
zF4E)Y+KI^r*CdXcaNu~xt;ngh^*{ypkYzWy<36qZ^zK%n+Pk~gBcl%ON#a`9QA(2d
zEbc-rX_fTV*B;ay<j>LgO*Szgcv?b^Ep;QY2#voZBR0-md}#rxIvd3WG2m<@Gw3Qr
zVqI!;x;snb7yI8A`0OJS8m^)QT8r#Bj&D}A2|*bOZOBK$?bjWna!V`ne=hHo7))7N
z7X5xSq*&DoZYR#We;wwH{WV%PvK~B+-_Y|WF-~!2aeE>#?akuey8Q+EwnqaGCGp?t
zj4<RsDDSLzR+sZBDl+q>lSK0tt!AcDROqeQhTj!Q2Q(G@F2l~m@}FEKt9R{---s67
z%NktXWnyGhuaBwv+A}-ZMtvaWm2z)<)^clX*({1O1{mP!cjTku;n7h#;!QHQ;G>ti
znu;~KmEYwAg1$ei8?dadu{E1mgzNEb)}5n0bT9bGM8?aLjJq)_f-_h%%_nX>|8-5C
z<*orRUq5S$LTD-YE5NKHhkevW5}oF54N9SA#5jNY9Ht5$k-9|@8Z~m#>h#ln%~8Q8
zr~$>Li|ruyM=q7xMnzwbzI?kNCyw$gEo;2|Fb1@ncAz9mOO}6am7xidzP}S5>FSvh
z!8^P&09W)gL%x`J>7j{qo*LM3%Y^8e_@$@jQc4C}>sF+$_&Q0oyY>mgPJ6Rv^~zHN
zZq8gdM@mU!o2Ra+MnkJI{G;288lfz(0^8u~SGUZa#1Fnb3oNA0E8Mmqn^)2;ZY4oh
zyLxvBq}(Qmlo&!7aBiz6&%{NLM%Cv%vfti0>HMgx4`=X2vby-IVasx<@#D>~k2nwD
z)FLfzveLvy`ov1i3M++h(l;|Bd&^#uJK49`cJ+YCI69E4M`6NRC!_4fQLuL37$$zn
zzD&at8m^{{M8AhE|3K2%USNEv%yGz=q<b>p&n4!d`@D(vRH=1%a6kU!T>0_YOjT9z
z@)Wm`AY3+2ON9MULp`lhVs1R#(WP}i3_k)l*jro_&St>6?2S8t2yb5J;IowINE(k`
z&JO0E!)7S~<^7yOmKC4>lXshQ<r7<}6^nP_qj5xj`@M7SLS78H&CbNNA<rd^8<|?N
zLDd{DK8&Q!Zy~qkZGn=N6K5)0!oEx+MJyvgr6_D%DxYLm38n!`7Ac|A7|Amkb31rv
zHVdkl7AZ9RVSQ3&@Xk0h%_z4sB!H(-`;b9EKANHtSV<xyl%YFdG}ksJc<h1@sEx)a
z&K8eo`U5f#hFt^Z8E?~3WpWEi{K;3Jos*N!#Vl{vWvP7jM}~u3KMS_B+?ZY4=)lsk
zH25OXQ|qn>%zig<W;CaDEHo>(rNMrhY921Hhyks*zxS{`LO*uvQt&fnZc-#~Q;1>m
zsd<mnYqrui7UDM9nUy3T#zwU?md|qY!%r|Uoz$U?`!-H$)JwOn=R5&DUCU7+y1EU|
zh&WrISFv;MXj0$vOsE3$WN&G=ldWfM3RWH>lHPiDo?@4LtAvnV=mqBHMNIcdm_Y`+
z)z2J+a$4nT<hv!$Esj`vh{)`F6n-+!@B7{*Ds?ih^zxdpbhRFM0J!f)7Dw&vcK6J@
z>CaKNdNVib=oyK%Wql>({>M14)G1!6dF8z>C4$21+(41@zunh28Y09E*lixh&((jr
z(yc2Zacmr4H5@4}D;-Xy`lr`Ow|Mo9<+_kWn>^9}eK1~7$F*j+N`+tmgDU76Yg9?h
zh^-);S)S2q^b=RN^YG;_lKisfKg$_W+2iqp>%m6fg`mQWF68)l-w~0ZylfSFF#`^n
z;UU9%M75nm<?6^ct=tE>yBi<kKqc%bXWbnfD*KizYp53ObscP;J}&MXk*xX<2&dtY
z>{4ots#$p|mh_aK4Lt7ayVc&_nJ+=YCzNv%;y#H{F@~avUya)gQtG->QxCi@fVLd^
z-0tKwlEd|t+qq|YysJ-lY+Ef7>qYK&25QA9H%p?cItPlIOLje>Db&9|s=-R!oi8hp
zGjuN-&bio@-TB+@&D@D2Z$3*4)OatLVV+Yn=$U;*T#8pjaA`r}dT#$3NsuPz)FtCv
zaITz^{OXZRJC<q!a{~i;fhLvig98Jh_b;?-Z8I^RIEE6z1&DrkG82*Ueyv+Hf!L@!
z5~q()-16K%2`l*3QR=>RLdvv#bRf&bRQ=mL0u#L**<md`hB#iy9_9&g6GuoJCNJ{Y
z(-kE~1%(wkjHf(C>Q2axr$w6NHwwcEo^~L)U*;o(Y^`e$4(T*})DP{&<~1Lf*orl1
zhl`7^?Hrw$)0@bq$O)bBU<&AV5=>?C-D=lQsAy8(9qXhQx6JkVN-r+9PPNt3QnS(S
zK$4ZU?%`n%#}12`p-As>cXr%f=$rZJ8>Pt%-YU)MF6zo?Fxs+|D6~7_!FHc@=Le#g
zWGZa#Taojz7LfVNnezYqmWSdPuXJ!2m?ON>o^vnv;gltM@Js(p_mnw2%z;PC05i^|
z+;hjLR)@#ScI11KD6Sa%7I^ppBh|OBjJt)m6-P=NkR~E<59V(n8lLId&2`+S);Jwt
zv3DiRF~bnIOQoYsq&_@S-0Wo#(2L^wGZ-b!WEieav9Eky%alsd({<{EpX)|YxUmCi
zi<#9^G1?Nt7}=={@a3P9`~hI2+!?KN5$P@P;Kbn*xh!|ROR0IeeM)Zzey84@b*GxO
zzweMJxsv$;9vf9fCA*%DetZ}cMkTI&I--4Mn2!uIO4DC<sy`im0wuc`sXaV1)#7Mw
z^_56)0gHU@bh4MUefq6RRW3rBcK2J#z4)RgNw|`{Ej8pQpTIcYc7nEpOOgyXuQz>^
zV5YLtUx^Z}g6)*?9T|l}nVgF<eq65AVK{$_gdq01@wB~_jM`NNA298LWBlqN7_4tt
zkK;NhYwJljdS2$9U)J+lj>kAe#1VdHfPo*qkTo?$dO4BdJ;S^2#U#wZ`=SI*rBXG_
zS)c*rx$j3RF^`{#GHKxb-kp7nv^wf*TTrj;G83WG+><+UFUgo8Nwac2+&$3}(6|J@
z-aa!}F|S9gr+Ec_nBfsOST)WUU$)unQ&J-6TbvDElBT<r*|%6X(;bCKPeQK^D2k2z
zD4*b{_CcJ#{0c76EONs9WU}8fzB9mcruk@(i5UN3iU~J*ZL;o};CXwIO%tEK#ovY=
zaC<Lk&z1FbmdgIB_N%yNVrXb9o4<8=Zo*b9$u@gxeqwa<&{azv?!6x*$4AtP?)5fZ
z8c0cG#Eezb3|t148>^H;ByMNH3&310WoCvYtA=3UASW4az!w5Ok$bzDqNJOu%R1qp
zu>H@iPKEJiS#eb-U+)R!Smt&O<MCmJqBbxNKFAszwj0Q8&F<{faG38fxe0Q}|IDzy
z8WCAdWA`|(-!i%~@gcq8GbJUfi~7-^z-<1O^0t=(hbOramUHQ|{gy5k*%K2oSB2FW
zK`$(XUtsR&q$yKJw_^RVthD%~BsYR*Q{qQ6j_LxK^jBMiU&^6|?Vbj2tH>H#9$3}*
z_J7<5y@#d5U=|E^#6<iVk2Y1~JLALY)`HpgW#Q-iYn#(MW#{qP6+S8-cSeO5#SytE
z+Ye=!aWI>Kx;fb6rB{_k_6uiMETU`4diM=4mkcjmSiW|Sv}QhcIsw+KpT9*o{iGpS
z;nmTJ7rnUs^M{G!){WklHqE{@gvf@5#W!SKZ1A|+&A?0_krk{ICF@iD!U<tJ^Wbii
zbW!KmuV39JeD<0nk^({MS(BXH6n!tDks+Q0Mbvgr&(ss|JThjuNwQrcHEAO@#pF=O
z5;?*imIS1-s0K~hgV{br+)+Z>?<my948gN2HNt6fso`4_=L|hC10_-HOhUNg%SBY(
z)YMc@X`Q&zfi3~)w}u0I9GIalapw7dK3@HoL)ofCw%VUz%RVin8~Y%KGPVA%>Dd=q
z;tD;HDqiV-Obg0SzAY0Cw)=i42lKMYn?(!)W50|W7nhK`tB%Li;MH;|qaAsD*S*N+
zGQ&wAJPkSHlDy~M^E;bu03LW^uC%C?t_$3Y%KFEwD`SM2DUgvbz)b3N#DgbZS;fVd
z99T3<2NN2!lvv@3z`VOnMnA1aeb<s5otyRP1ji+rz@ti7ny?}}yTMFq?FVK6>YXp6
zVVxNBxi=B^t-0HE{c&R?W;g>=XoGLnh5ZvU#WTNNukDtK<ps}#s{oDfzMRR(=(n@5
zosa6q{e<6KGd}jK_2L-i79OxIn6S@}4=-$cjveOk3LSo<p+Pq}KIwr?b{3Q`*-p2-
zx>j&_ZPR*ab!XGxsfY$lth00yXWq=cZylTZ@R>7;v%$W!YP|LQEp0h?gp8fr7kG{^
zd04K+US3+9cIdo}L}}zJJF%exe+s}u@h4~R)%BCOjRh}W@uGXOs%s<^q8{GSq@fk7
z_wFfRUd><@HAo^?M#bb?6K5x;-j(Eip}4JSW!uj88}jN_Uwe!*AEqRC^ps{pgJk@c
zYMujS-3mz-wc#A{3o+8RTXSOR*f*I8{uS^<a{Q=ezU<7lDjV}9=BQUL4n7IXGsq3e
z8`3VeUKhAAgP4A#-1vwTda3R}xqL&qU6>hBBA3z;?vj2dG{2=~B5@6|>$HDR?-VpK
z8Jb(!d^&vtgIUbH`+7tIFR{LC$uJoB#_Ve*R(CzC$VNwz)J=%_2?vLuv{aA2u{?))
zC7^R-Ja5aG`4)BYqbcwcuS4}+S;WReRy69-{&1;NwoJvt*YFJM7sL9ki}{NP|IK$u
zq#^vf$}Yskh&Y=1Vr%<y%Z-_2IMODFw8f(PbU9*BXSCEs4|N}YM0)4J%uRZw#32}+
zpFXm>w(*l76%2(#U?^NOt%&n%3mPnreVDu2;P|Qqj?eQQ429ib09j7i82jd))xWso
zT2C$u8nW@8J{V3FCsuzh-JhLioJm>l0(3R-<f<Obz8dVksz{0lF6)<!qf(Qc;MwKf
zq?yqNL(8t8^_}*IRMUI()}MGycv;xN!`pY4WO_;>zE1ngDc{=Ki_cT5DOE`;-G}EQ
z*#HHs*z{g)F|ks6^nS5k;xvJpG-fnPV(3m5DJNe&nO(NkkN;Y7*!0%jIK&E8dns<_
z4bskOdirG6T>nK_yR$4yR}nKc^TVaxpeW6;c?%M_RJz~pmb<>rh1TX-qK3uXwt2bt
zNk^`x_5Zf(&$1hsvfraN=}t-U1;2F24DY)zgzrW%QR=Vl9z7#itvQ%srnd2|jyErU
zBYybhWgxYc+&y=<8T&$P=e3?5l%x~`W@MFa>5ky)Ysk{9Ii@ZypnCS(SWcWqTEar`
z5~@^=9*-bRS~^+77-4=0uVM^QvA0--E2cZyUwKpg;0kxOFjLjA#C|{KmQYIwc<Kt<
zkVbHOJ4+`3t$+o<G^~-c#pOT0wG}?%M3n$63IE_6^{tS)dvD(CvUDKkmkyY~+4#`7
z7Md#leU#G*ZV672aOwZYe9ebbj>y~@?J9u^gMT0O&bcq{o;1-jYs!Y+#Z1jWlgr2!
z=i@nU^mt7T38bF>ZqASbL)!`O^PbZGJ=#ebHZ;8{NL?EZ)5E0v#UPMt_l0^EM>Ab1
zrL*7hrxrY8gC}wZ#uKu{QrX4nN4d((j-HsAVK=h3cXhXGTRr5F)swQm5LbmA7kHEk
z0J(g*Dm9Tj{5V%VZS{#cX$0mv=11r<371*c(<>gk{m;DCm3;anz{^&(e^!FjIsWUf
z3eDxGDLebi`S@-VH6Ahy7O;82s7HNItmLp_Vj!b+#=-5#Fe$_UGw9y^T}H!3t$=#E
zQ#|leuFbGAhQrngRt@gmswL&3G%E}#Hg~ks(^Kk9ZH2=SI|H<EhMNrY_mVon>duHq
ziJS`k99Y^J*2o{U5l!OeAHNEw-tbCH;B;?Z#j|VqBS*(h0h%09nNf1xd;RpIj~{*t
zZi0Vre^!em0&~aq>}1kc6=PFVB3+`!Gi1{m<5M}IT1ZTdH6%&y73aj{I_y-8t?70%
znG792m1RM#O}JH@OvmOLJ!K>T-AVhLi?<zz=I_qV;p3-kx)Z<C=fux!Sxd_t@9H*j
zdR7tajo0W0V_w>-UptY7%T32m)16#qjB89f%+d_=2iGS?%7(2)iolz{{+{hMSbyo3
zjAdI}g@kTC=5zTO$0EpO`280aJJYTNZvX#Yr~ChuL2sBOYTh~d1+bZ?P|FFg_p??|
z>s}&B-^wE|{bv_YySL#*#a86Fd#T!aD|mfF_g9!?=0#^>$GA49Tkz^6XNxF!_3FN1
z7<|rvWAxD3h~huq9IhZGxlZ~~r+f7WlviN8mm0`)J40)|6kapsIixoUWVxN;a1|k$
zOa_Q@YM!h+UBae3v_i-vlR|kP5liNI-%mCj0$*a)W)#L&RZpN+GY}hT5mDKqsC>k>
z8)ClHmn%8eqh25XZC5;ft}9v^)rmM<M_eVj|Mt8ldIf>%sX3QrQSJC1>timjp@UoS
zOXNX#7ypiubGjp^v6{pn^z&Y6DO+yBefV_1*S+cYd7^nbzh7qsh7$V9!5<JkpQx6u
zFUNmdQctw|P=v|Vt7`3FCn(|Zp=`1(^yqS>smb-3)t%uiZ@T%H=;p&+j%6oIuI_c!
z&x63qRqDi{pxsO?p(fF3raugG<c1c49vhvXvcbA-IE8m~K6Xai-2f<pNs<JTq_sVQ
zdSMNI%tVb7bt5asM`Q^{%Gm3-uut{ao=x9z{JMRR<6u&PcjYhjGDHsa_t}vL-m+(E
z5H`<U&dEOxq_*QPcFY5{-w5b@NYy0@eWf%mDDU`_L@YrcQ*XBfhm(uO7vS4FHRzGP
zMRs1^Rt`#xj7F`a4@}TA-RSUkUQp+Mc1(uq8yuoJM?L6n-@Q}^$N1+MxcFAm;EUGS
z5d8VK|Dj<0z|q>_iGvWo+XF`xl}ao^kOvWjRfz?WfwNff!LG!Gu)sHb;QsC0@6UN8
zz}5NxIUfZM{eVi49uvFv`m?{C*Zzs~9^9+@bMAW&8>;_v&Z3JAHT*fph8^eNU~d?6
zz|lad6$Z+<xkj{+>fXAotf`|3kvG;l5k%mOK#n+Mz>N(KGBQ#}s2<0{jzw9y0Z&05
zRsoBM;3Hi(gA(I+9y2vF4Rwt}tv>WU;d}drg0_(DMcZD7Eq}qlvw?4dQ_<lIk=I|l
ze66m)t5j^fHrO@vYWVi3EqY1_tmrYJH{>=3H<9SwXS;oS{OCRHz4v=3=zZ4x&Lapq
zdV@X!rP0E{FA(4|!19?)5S)z%0hs|T)8&AGei#Jot{}Ls4T2lDL2%Oz1ZsmIFuMZ+
zi`O7{pa}vSDma}x4jeRqz}p%GFVsO0Vh4gycM!zTgCHXV1X=YU_(%!|)^NIyp&<Cg
z0D^2uSk9vWK|ZYHS6dLY1%jX*zR>{}{R0V~4wr!7*AEa(K7{3ESeF$z*m`^fVH2~0
zfSdykz+G(0-*Cuc4+2(s5U`iR^5s|%@M?iT@Er(b?}I?j6a@01Z0zfpI7*=2*vgV1
zQ1=6YjxU6J-4D}XSQE7npxMBNAVMHxL4?@2s-Hi9Hsi}>iJ{Pw*SS<rOdX1!)5{!G
z&Bkt)qg;y(v5=|0R{Vlr@A#3P@I@xsp8Ti?Z;)`8AHvp=koA1#dE7?9)Y!0=0OF>h
zTYA%Xb?Wa@Uu56`nf`U;5S-bZx@43|&hxq8ZT{If2~CRUL4qN7?*`IJ+%>D`+;|>-
zk!eOgfSjk`H9w_;Bh&d@GuF$5%q-Uk;}V`vZN&PXubsm4W)Z8${}PHz7NU1MDNym4
z-GN5=w_xfBq2qJa9B%#kkJaRI&k4<lY>LhJ9)he=x+rx}Q+%%EdrmCZZmMRV^>KXT
zOA%)#bQDT>^E2qXzy|;AgS3vj@jSa3TeBH%0NFJ~@`Cz{G^+m3C2kP17X)0H^qXQV
zj62|rnww>B3J(Z+(bwis$A){J(2NbATrhxz>^eS~88J&jI^kU!b@>3c$!H0AJypBT
z^X!g27caOg$Gmonr8rO&Y$8*-PDm3VM}zg8*NjDx*o^T7YXBjae?kAEw8NG~y<k~0
z!^IcZkWOembhzL}Y(anGpGstnWM%u!^t`GXCT9!jDXt<Ff`iB|niJAAG123)w0Q*b
zNEmg~$m3rMWyK}KN;vBMKzOss^Tzjv@~EjB3XKu8ggtEBJcaSP6kVY_0_j05sV_V#
zxxYow&3oh5b1*Z}vEPnKS17zrYC=NCD{@m{I3n+V(e~a^O?++JXvzQ+>Lj#Kgh>cR
zq=XI%m_Vq4bU{E&=v9gh5H*C*dle9sCIW&61jL3AX$mR`Dn*oHK|uv8R!*MZ^L}qR
z-?z>mXPq-yYi7^PF8AE~p3L6&b?v?N*OO+dKAgBRx~#vM;!qy0Ny|RuWrV$%`7_P)
zjd~X2@Yevw<)7yZyrKq1*DaoSsU^90(u|n@Q~Upq^U#Pb$oHNqQ8fgP$?~&BfoV%h
zh8krnO#MypqHH-y?NG?3<*s48Lag(PPqN!;ps}-RxIuv316ZOgT&j0@_m(Fb0jhP&
z&-d=QU8o|q>o_R#`Jshag!G!t7y+`yZ3l4S&~>Z`_?(Sm+k`?2U<!ygJ=j|LCZJOT
z_z=S<C0o{D-hb#lNCJ;*g7Tmvc!<9CML^bI$1mTvh~r<`ayEGrk94mNELuMc*Z*#L
z*Eyp}t`=(w<-8x<(&zF<r=q4fmN|ayJ;|i#)L|fQJvQBGTPZ%+eeH-xaqi)i$-mC`
z-7N0Y+@E&ae>=+x5u~h$d}=1}ZFSuwx(BVBDL)^Oo|7|6V4Z}AY({Ku#pL&+(4S=|
zes;*(%b$DkI^pJj*CulQzn}fz!#gn%>^j!oK5cSAf$b_`%C3cgw<I(BgugSh?yB}E
z2HpJXH5Z+IR9f0xz}(R2^QMZ^i8=R~@RIt%*5Nkx8lpRw%tXjK+r(i|45jwhYRFgY
z+5)OD%-l{lUC(CzQyvDD9KZmEk_VEPtRJ3L6|a{NWzqV%mJI!7Ls2jiw@m}Ou|eI0
z^J-Q!u+RCT@peA|bfp(?d27bL;IJa(<74#yk{b!1n^KvLsYoJOL$(T78qOpUd~%bR
z1M6Y*01k@}xYK7CV>`SiFO1D%VVG;lOT4rID*>+F4LK+;a_xG_#bmp9m<{;~u|(L%
zVKP1xE*LW&GY%bJ>R)t509-$YGEClOtSp6#T0o|9cT5py|4y@Sa52kX@$jrZ6}OhA
zJ$khNi|2ICWJVa~af-+@{r?h>_aVjgU`n{o3p&Qs`4lRiN_uZ>u^6ynoB-?t0stp~
z$x;ON0t(;*FbM()F_d{<Q#t~Z3a*`XkihBD%QXmOdts$WxZo^TdO?ONX{-EAOb#?e
zgQC6)y7x0TRTW?VyEq_MPDRW1TW-<wKZn~fuUV8A7)ADDs+9E*PY*SBnJ2&ko3$%N
zpy>8Q27Xvt8y^M)Qx)i0y7U+mhu==mpKGDz|J4TJF}c`|>{J#8*lFt<smM93xH3t2
zd39II>cx@Drt*ImM&i|4q$YcCK`ADqnz<m=r=$?Cv=I#!gAQEBzHK%0<zA|S7_3kv
zJZ5762q|*Ka^*?a@HYH-i#1*j;utd|_xM`z4KX(BA>fn?7-?Xo-FdZHuC~S4cDUQV
zo8Yx8L#dk}G-f4_Rlp`?OOZ&nPjYcjIuFCV)Fx~uvrnbE&>FXmEsAFQ&SzfSMJ}7t
zN@Z<N3+gsV!5jWcj}HCx;8e!@I*@DK*N3PYGj%AxVG`ZHLQjeC?=qghT<VejG4b8M
zALrlu0*4my0d@m7*o@5&YCzpe!=Z$a;KPAj*jX(e=B!basEG7j3`RUNlwl)qvwo4G
z*KHp;M(M&x=K@aIIr~p@;oQNma6!VSfLHyi)6yqTxStDD&gH!u=PCcapnru)xLS-f
z@Vigh-@kV)gOgRmDHxB*G^yuC#?+FqrZ_!$7G=I{$|{~3lU>UYk5?lyd8v?S8`aIt
z&r>sWC$8E}#kxf+YOP(2g;g4YDgv?KVM2fQc*#*MwFd+N;X1Cq;ugNTz6_;e9Goly
zDH_7e<GpFvv3%akLe?$Cn<&35qpFk_a~~U=-md=hL9VR+(w2bkam%sLDV1FcaF%-{
zc1SFjm8T<+MokbKpgdh-+woJ0Zwh<%WJ(0ms7ho`(M?CwA%rldPYxtlN?2nDK{^nd
zp_X)aK{!(`v?%T=3&s1KBm<E10)`e##ECp*hpO4&v1ka3gjh>#ILqk%Di+V$injpr
zg{e7-1a`(mkC8+Wp2`m)*Xs-v6=j~Qb+ZIvqH!(BIgcR71?0Lu>p8?4I@YA<J6!d-
zUl&<?#&7m(Roh#o+Enb9&^DdS$f`_v!%Xq6A44)$jopRo>s+;qv5#f-L^;7Mt6dLa
zP7Ol|zNd~+sQt5<j;%h2%{bdbe&FETFRLpk&WEXajkZLc&R_r(C6J(`mSL&{ve-cM
z5=c%HhAp|Eb1KA%r`x2(Jp{>IL2^otONL&~68lW;+^P*5rpgM(GEj;TC3HZVg*@?a
zR0(t`2*jo_77Dz4y*wvax_FC02rHjtDIB|Am1L2pu%ZqArdSQaoW3k5Wo#%Z``C9o
zPdj-<H@>F|UD7Myiy><l-7F&k(F!@6yYF!-r(^lpeUph50cm-gEq~(Oar&{+Rv3BO
z-z9j1vr!XEOv{r?IH@}@7*WTyYW$v6<7OH<u9TK@hxRpK6f68~KF=DUL_&9Dg<*ek
zTk$y82ttbL@PRIZB+HCCn%xSOAnrim=M-$sp(9ypGW{-WeJd<K13>tC#m76f0>0(6
zKm;rJ?!;TQeo9yoLt{PpvBGJqh*op@u#$_a&3Sgil2o1qSt7J@Ph21yE{1v`>XN8D
zseD>F-g${915ia=2Vlz#IADp)hInm#Eon3!$)#m1u`|W3@2%y5gh26mW;qd2g=gcD
zfU_=0g{XicmOq10>4U`5AS4Q>1cK>Uz>A1{jitf&O!b6W+&fn67rP;B7MUdsE8W5S
z=TPt5$?I$M7{SzdYN*bq4Sv$b*2Yu~4oBL~#0lHNN~zS^u<4alnZfK~ecOu21cy-M
zLXItHCK)uPf7A2EX6_cXX&_T_^iy^o)@E=QNy2DHXrcRIML8SMUrr1qxp*5EM3c}m
zHKq)L7Q&1=BdJY{3||_<atSV6fDXMkhEw>-{t}j8tYxH(A9$0i#DoLRe-ptO=9W;S
zb6K?U_USF@eb@EC#mww+=dhi`I_r&(h6kR4dO~7?I79KD3+U98Hx+;V`vP)m@8E5)
z{jnuMQi_U_Pv(;|u|S5>LJ5NptF|#-Kso6H1QG^71WSs{6s}EEE6k=1|0X6HQ~B^#
zL;xn!b8{7V3x*X~L$nwx$P#9uk;iP<P$Mq_8zr4(s!z8D0`Yh7@xijXxtEfh$7`);
zm6kFXNEz$c41E_DDVvf&nV~e7@<0UzSyRKGYuWu+d?6c(Dmx>tGEbDJ_cH)LGD?k$
z@Y6fN8;JiSsQTQA5&dtu`u88JIPW=HP?5CZ6^PT&&@hfEtYbtvEpyJu@DEuoYG*8l
z&KNqG|FO=M)lfT<C9%V8^JA9*TvR*e+~_EGTVV;Z-5A!TE=}#&A(X*NO&!3fxDv`7
z9LMVze#;B)c8+a%cd-0{5lJaqe*o%Qgds_6-U<9m6k$Lthee;+aW$Tbkit__!8(a}
zD}_26+wvuZ4lVYR%E{*rR6yPzM68Vq>WN_KU%{8wP#vF@FavKpVpT`$W2<@j`U{<r
z(AfEr1u_VDIIReqs2?+<A3EMOvzWpAd&o1Rx%|`?J(t5GcP~JpOF>#XfQeYZiThcL
z1!3Ds(?;D@#cB=ae`oGJSuK0K?S#0jt8wf2&BMA@qB4Af($YWOy#m)Q?%Y|bmmw`b
z$gG1o_lSZ!`gPK)Qzg`53h!`(emUDt8HyA?ZyaYV@GM;D_wp+lewX!yg_5bYW%b>u
zsr}i4Qc@Bsn1VqCmb`5tC#vWvBeuYHqi~(*r~>^)Z&uOmvKFY)&TNXiJl3~q_dU6L
z3o;b8%e;Cxt-60sOB`$m6bvpjCs0|mISUc%WJKLQ*+Wssb`<o9k0oChWD5d<#k;R^
zA3C#Kd&!o39ekaq#|(=vbvMq1|MBmw3V*x(!ViHnf0|npB#XK-x7r?iNbk(W)px$v
zC*{0IYcB0M=gPJ3j36k6mX(l*-CZ)DO&ViBjW6|c^wrkDKW3(prTd~ncT>rv-eRov
z;4=b5e8-PLUN~f`(P~fSuaTo(B73R#u)?E*tF4>~5&*bQuXg4vj$uq~v@SWeYy>!S
zM4E~8dCIh)1fDQS3>`~8>0$rVpSr-%cF(m-K-C~>kQZ3}>4TLwTKL&00ChHB7PVa1
zVs`lJ^{d{UQJfN`w+o?0DD?KaEe-5=Y${HcZ7GBjv8sD`Xsl;x<c4eb<uZkp#9Jj<
zhMyvyPQ=C*2VtD6UDE8;4WCNex$STJ&2Su4e?gzRmHlka_SnnDh9$i6-gjPZoKj7j
zH#r)N$MzKl;pghcCeu5t)UF4+^rvuDd*#EGf6E>)9s7K*%X{o-t>5djzsA*d!lDc!
z4nJ_YbXe{FR?SRu>^7w@m4RC82i(6KCAl?jR1i6Z8QYBhUgs1$M(o26+yNcH<;<r|
zSA+R1cCxk)8iZDbl>sLmy&+KW(GCnwwbr@78OEmRHl2H7UL)KJdYFQj#B6e(q`Y|Z
z*VaS5x1gBo=FFl!e819n9%1R6wQR{?sOe50DY+QVj<O)ckzHGaSHXY|0i;KtZ4k$u
z;NC%y-~*K>ybaHuP;Pg*NS$z&@U};lbzFYsRl)q|+1*lC)Z({0`T2L(i*jdB+KEnX
z7ko|>=h%G;ce(x~Cw#GwUDYcf8><aV%pCuK_4QhAd^Wjg(%ROfkgM>%!gKGwt*_Lp
z{D$98^+cVSsPhFR%}>{No*ACAwZHcueAnF5r*jrpwmP<{Blxj0dgOIFO-W7}jL+f_
zvAL5(@bJO1N?{m+xze(Lu0egrC+F)saDWs^Mc;1a@c7m9%X!(RYgW>>k4d>K`+N(e
zl9t5TZKv>9L7k856%EV<djHj?SNhY=!BA6W=jL^9?}!g?eEWl}Rb6y9(HZvye2RZ_
zhkU|F?vLUpzC1yuW3a_cHr`aj;c|UuWo(e+Hj@awd*)F0XMAyBk<XFT^MPTv8|<?W
zU1~pD*z_iUMajdX{YZ`@Dk*gG=tVOP&B$6G!S159n<<>abmNOcGNp)s1Dg~zi=iu)
z*}ea92&HUYJaEmAvP>D&;Ag9?6$GbC7aL})3+6kDo4<^7zvz8^fYi&ot9iLqLm8A5
zpj8$<xvZ(vc*h}}Tqh{7t=Q>{wS<^#31y>zA)adwC)tuS^R4Pz?7psK?=~Ae51Etj
zw3XtH+UD1B7XlkPn^)8Z+@z`!)ZgRln`cD>BIIJ6;h4{R#$(%2=cWEsC%Srs4K{0~
ze(F2Fx3e?woV}j+^RYs`YlGi)9d!7_s1vSEJ3At=)mL1?nlk<4POxztpK4VR{oTbn
z^H=%^IRq>I^6zi@MR_E!jNHdJ8fv!4c8onrHM_Y@QvJy#O~j|~-B7t%@HWAB_1^$<
ztk=kP!d`VK5fZ7@7AXZ?SdW&Kemx$S*`bO%l4FP3<%%~=^dA%s*L-xnDZ%;B{nFs6
zz4;;EtyT02J3oKl`Mc-()h%7&yJfNtTDSU^^z`KWaqT_NzG{#9%i5RSVfR6E#l=9j
z^GIvY<HMo4xs^wphS)TaIh5jLeL?Tu0nO!oVTr;hKu}gTe%C9zLxDfY5-{2{6k7Pr
z2O=KI0>;N}r?xR+4(GXdnIXq(jAhwrn^UzMG||kfAp6q7pS#>#{SG|djvpi3`7Au&
zRvkJywtld^!h6Xet!lXTaFIV}RQ(RQ+?sOlN2v7diCJOpDSHo%&X835w%uEK%Lzn2
zG|-ewW3qjf7ZpX2VE3+mGrhR$^{-p}^a^i0Bh`Mq`lRdG<KkSO17k((v+>2eZ`V!B
zS9fPTVh@^F{&9f%Fsv;A8YE$@O`*t&rNp?ucg4i%Y1YmZ|2s1pCY^D7EDYOR3(Amp
z5YPLhAr-^ITf|e=m>P)>T)g)hd_GW5`n|Wc!tG*6^pCwhcTdu25B8b2#*G9C-8LAA
zQcSGFkeLijKUah;fWEPf^w7=x?`3P-?t5K5g)?tfHvePmR^Mh<GsH*NOJ)({DGlQ`
zT|?=((yzNGESH@%X23TA^CAu`hJ+SYxL-Sqsb)XGl3z=HY@u^l?dvi@PB5^Xa=v@G
zlPwZ(PnTkD(g>pvNIWAT7+m$jo>dEszLrl2<YK#CLt2Mz;9XTCGv)Ij%tWTjBK$27
zVcbVLd_PC}pVW(G2)qojh@&EP1M)k>HjxZ26~&Ta3n^yKv^c(x2>jp?HYcCPq#r!t
zZ+)S<PlTn)LdsrL2_L!R!0Q)^ZE4w%E!?BCK=9w|r|H1VpfO=)#ryCe!*M_myn>=1
ze100s>q2531h+UPzA(LFKpd@S^19(p=wy3^zuRXnI$yCvZmyxzX%HUvqFi}ZUYM2l
z7C;HG(JG1A(CK5g@EEn4Wu3d{X4MDISoh|Li~nxU%;k^j=P$beZh#@5PK3C!ObE|m
zU_obD<=c7PO{|64eS$2EtfumQ#lvSg8$8DWg&y}@B})C;@uF`|$L~?NNcO>LzezzC
z?C-?|R4?7&This;v#?G~7Q+_)Zk9djdys*y1Nj>JA(KLnwgMG;;8i>|;MrZFFUJS{
z$CFbP5CUwUavDFL()!3RuP~&#f1m^5wt)}K{lEgXLK`zuHck9lSe}sy_{ca|?`nC_
zF`&}N(qM^*Hj7V&{C*4U0tA5f$#HX%;jMbEO%BXtID0<z^}*kr$ww-%U@A%$C;KEj
zND^*D_UHJ<1IK$#26iN~w}DxphRXDzZ^75AU_6zR91#8a<b8c$0a_66)qa<{{HySG
z2zUxiLm#;5m-k6_=kHs$-n^-~7Wd}wFO|(h1_&;e9agMuESDYk^xLM^{#%<zI49>~
z3MjGbPX@D1`%JMEIIo?K8$7U`Urr;GDA8W_Ms{?!`M7fcmG5DmW(FHSMT08%a{RoJ
z3y4u9zgsVA&H5IbAeXCAdea8EUx!o>KFT~^T8tRYNl(#WDo0r4Yv2jaQ>&R?(hMq3
z1AM|4gJpu&4*3kYJM=7X8?#yN8YCHlhp<}#+{4Wm@-)PX5_kg2fcLzrSNh{T*q?Uk
zb54786~UOoVg8zJ(4MU43gjX#e@?Te2`kAHL{@hzAk+?^4OM>m9SKaU)zMr0b^Drv
zqX^HIdwG^-1S;_R?@!e}nbCITrAx%ziAgG&=iw5^`MVVR-{^qi32RhBLsUS>uMVC;
zo1A7KRj*CmdQI|r>e+l+9Kk}0Z&4W|Q{c=PCIeZK_4d@QF)BTq?kqd(sh!igu19)B
zVzQ7xm=LOp)}}w7DXVXVd+b3x>%3^H6d}k!lr6XR_+@UYxC;wIE#=P#Wd|G#v1mdA
z+N^<-&JsH@7a0?iG9R@uB^fqOtwjGuEQ|w&U^=K0KK=Vk;0izmsBAIi#5kwgkron3
z-!5B6MT6Z3QAM}{@7~?((zxCyz!G2!ebo(_y7)u@nf&~+&bZWR3`Pv+KWdjvDxvWU
zp!0Q_N&U7mD+1>HQj)Lk>TXB#v14)4wnry=dDG7LFQDQQv0{*uKTYYx3CUBSysPZP
z`*2`iu+BBzbP4`pcj6I9RykuzsLCp&zPcg{xnPw<-0TBP*)xixKat(!(ueG7|J^_B
zSTa9DD#!>8i@$N|5B)0$Uc$s-&nx!?wr|Pbfhj4Ue|hG%cvy0-!8uY^0iN=jv-hPt
z(|v#^Ola_1&s?c6V~f`@tbpMrWbu#VFWx+VJ*i|4xk>G~%iPK5H9jk^IIo>4Ypz;)
zCNQ&xV^N*6)$4vmZ`*ps>+`K;;{ZQ+Ld-6TSy|SfE#;wpYs>*MCN>J5@euo%;6j2z
z32T(bhK&7R$2V^!zKDF<>}?w3-=Q|y+q*<j`ek^(hsjmvN~3ezZrmf3kdx^#%z%^T
zAM<_hJiirP_0;|V)(<Ovl#*1XWB!$^%vBlukoszDJZMg2?tRkp4_!43IR@VnM@x!8
z{)RR;RQ+uJfxfvm#G)ctD!tcdO~pG=asUeKkyP1@EOyFlmK4%wrm{qG9%Zaa<NEWZ
zJX|vm@odf5tnhhcpd><aAk?KPnQg=Nm>uhRj4b&Zlg5zfJ!Q3MC{B34<JM)ro`CKt
zHNNOXtW5nV+-;qH>&P)gi5!!QW_|v+SaHU}Dl&FzezTY7CIb%hCokL-YYpYWYU;B`
z<_~Eg_<fss2$%SHc-ol*RGusC|Gy1DXh`$rc=0^VJTz@WYNI0)fe=hymrz{L>||Yj
zhsc0<=p6;oTh4<h5r{3H7eEAh(#Z;BB9L*_|4l694JN|3fcf99@Pd3ldl9()r&7iU
zVPK4RPWm3Ig+M4jyJT_92Nc;xrZbV9NY&<-hZqnF0Z>3h|KQYzym1~{`i<w^MP@4e
z&+PucJwsyt4=`d=s_5EloD^4xUz`dT*s-bWS)lY*w!OW~#`|u`;cy43(&=&p1u`6I
zj3}*kU)UhD+%0W3|DmoE`b8$~bglEy11ly72orTL)K;@?+Q$U^&CR6d+zF%y2X}q(
zebMhlflw#_;_}55xUpq7T7QnB(D-MU{v=!-R$#(gj;dWso;Un>;N^*{e+PMsEgnr=
z7ZrC>Yngp|;HY0$dNqK2)#~-uP15AT2mZSCh|{8*HeZkkX0jf5k<9!IZvV5Va-(9K
z<k!PdpRUSmd1KdZ;8WzC|4@N>v25Z~nI%1kSGdeBR7+n>#3{L}%^T;iYbr=23JkbO
z+`>iNTtDi??<8;5Ad_<DV9rt7$CZ1JUb}wgLlyG9892ssoG<EFxcS{Ke|s|C{}Y0_
zyKUFzZMj~kfBOjsa{hr`T<M3=$mEGV2h9$jThfh<*Q?W$agI%U2=gz|&*fAqQZ8+w
zCnZ!jnKba9{9VZ8)v)0I`zlpr+2z2sY#g1czXX;rWO7K=Tw7t1SE@Y06y{K@k0u>h
zu2fsB#aqj3z$xD5K1TCpUsS@`r8TC9lt5e=dmkzqE+F2+Dx<0EC*oEuIenQ8Q1B$|
zy8qN#vU6rAh)t{kYNUD#3sj`o+W|-Fqj<GlP`i{--5tCy1B1005XK(=HnO26nv$04
zZtn&P(;y1)?6mu{pecJrL3vZk!7=^27N=f^J}m%8$r2X15OQJPt%?rO*uPowr|&(L
zXOzT@vo&b48e~?!SUy<vc;!OF^|8<H(*`?l4^bPJ3tgB3aLod-YsA7`zL{fNY4&>g
z?7sacs~>IYzdRG%8<0cg+6c48tP~Zb6lWH=<+R7TP?Cw4Q|#E8K$;*C!TCAvOp~)7
z*4^8%Rc+{G_ygxoM$AaGb{<}5Nj?S<nE9mNuIM_w_s*%K+WME7YE9Nja!Q`*1K_}^
zjJis@oNj;B-_83qweN<gJaPk+eGq5lu~)klg%P5^y_>b`o$75wTLriOt^TiCRLY3_
zACo!#YodgIZ}I<eJoy=ON+nL^^R&%ntl*6atk;E0m(SE%H`5kBq&$g+zv=(FUpn@5
zmGy?wzo=$%%5nx}G{)M#*O~dyXXQyxQ_Z_!7$d&+@OL{9roO+UHlR1~8!O~X@o~q3
z$fSEVl~-RgP2eqM3(W$-YN=-qq+heM_!Hq7hDp%x8mceRkE)>iP`f2ga@W6))t7c9
zHI5(Zxa8?Mk{{6U?#P@-i_(#`{<Qur2JE6up@8VS(p&5sYL<u!<Htvwov#Ic0;l-j
zT-i#)4ru$_SK_PJ3ywS`y4b4vrkZXNL2a~+m}uUPoTty=pW^<`7!4+vh*?^FdMSTZ
zzq6;VYj@a?sPDv;1Fl!}tBJ8$mTn!{zD0|x3~CdFG<QvFMSfl>3E+PIIeutR=u)Ok
zn^7{qd-DxHvBn$b)pA?5JdohVgj6mXN;UP19)K$Ia?X)`djCVG|8e-=mHls}o5rNZ
z!D-1zBqFTQ20hFbn*S$(DiXNJvRqJmg4+WMV;f9>g0ZY9_Gzk(n$jo{U+y5*rhr4!
zi?s0tyCYHeKq2n-U_t*M;Qn>EM9CITgaocP?74zC!3Pxg1+$R3fB;w~)dgyxbCX2d
z36r#&YQG+AkEkNxl8!nFQLdt}GC7wn(X}!&MlRH(Lp!t&HSexwTH@XN>jSU+FXQ;1
z&-2e21~|=CW7#giYo!Hi)&;a~%j&`nTKU8sUCf_MV5m=*Y`vyIG$jfXHg>g;oM`iD
zRLDW)h^aYL4ojtV#0y6}4cqt+VA)m~fRacKI6aKrGGWbXj7l!TTgh|mfXx?}(_9a#
zC>PBRVDA+J?v>Mw`Ur5cgUV^Gc+OvTOZTbUhqX5AUe?Mj|1TLaz{G+aRlnS(+tHvp
zW3dlMmEg4{_}Cr`l2p+Gn=$Hq9-J{>aEc|4?7+$&KK<7v1m>kxb#gps^0ut&tpiDj
zD*(6v;?Zn@ok?e<)TSao8B>g$6Eol+4-Nw_A6FXMu6-&*edT_i7=-=x*eO*Nhw6i_
z!Pc)GM3n$lK6bTh4YCFLBBm}*?mo@@M=nAivY>zu;e}+9u!Gp+^TxEE5o5}Gh1l(n
zqpzbIAk!B^?By$~oo>s7o%_4p!5<{nPRc(iaio3U{13L*v=-M&0|&0}wJi)EFKSm8
zVxVT_Pk${Y{}bt7I~6VEmu&UN*W%V972S{Zx@=8-TNHna+Nk4DtQX>{nNIr8nE!iV
z_obEA@7_U0{1X^SU>946&YBJA<@Mbu+sfx6Z+&_RHQK^hoi}kaJ3EUlDy8<Kng7lM
zMdjy8>%=gxty)Z<3w~TNs<%HZ>;4;y^UjR2p~#%dFku?EPc(AQM=JlYueS9ujsGlK
zTv|5LLSv;R(b=iXO@H2`z$&V;OL52kT|HMr(#;vP|BU#52!IK3q(i1EN0kO48TL3;
zKi($ZhU_Sxv_V^=In$=(C3s{V7q%`{87?B*INRqaYhd}ca6~W<{0J&wMNjY;3>e@(
z!)ldyx=&IKHg<4_h~SWg_Gzv$3oC?SkXc0D7lSLn#(}(+r=OND%n^olYHq)*k(mGk
z(cmdVtmsiTU-16h5fY1I1^-A0Bx4UH5|zkL1up+;246xeEd+jFU=n^;Lc4JRe_y+d
zn(|V4i!cH%D5T`@QaFhbgFAtTk8Fn#76GvsZCxkY%XK?R(e+34y&{=qH$}s{$6EsF
zXCaL&Hj*NNpzz*e@C^?rPd>IrT?dbYe1Y-5sf~Or^l%maUlQPL2?tSRSuf>|6W&(l
zKkl>}(_%sR*Jxamj>`D%ybux^kON)V+7^5QC7=u-?hyF)(DowFr&EKVhDGD7?t{z?
zTlX-t=-lWWWovD%vdnjWR0){>HE7jeQTP>3t*_Ss2mryj<)6p>AG-n@FB;iu!)nb^
zDN!0c4a!IR%oRA5;kILrvRN$Ut|VT!FNc%<k}I<p7-A4O+4BVnQK!I2Xq2c%fV#Ey
z1rj2;{8ZesMHLvx&p>zi`#2z1=l>}KT5sUBZ($Y4n6wIke}2P|>C+*yf?<&9r3D?9
z0GVl}_Mfsq^BF-7nxdF3+t>+gHrJXeM^)ye^x+o-xcXcRD##+S_%fH=xu&e_SWZ?n
zP{1`{DKqc%p;$&~^RWm74x^eXN6uNFkFgt8${~G$R^xf|63IL949Az7O195YvF5P`
zoD^h1Ysgfok=W=(6qUj;r22$eo&i*ui+ivDwD8vKFe(r#U$blzCiV=-iTk?S`;eet
z3+Pb`3HWt8Q&~Rw0Xky<8Zsr9nuH9OXxzGxgYy4!OmTOn=%@I<%?xk^5QGLD+MI?S
zs29YfFR9fV3XTd-6>YY;ql?X<)@10EP~BPFl0ul88{jg%mJ*P7Ft}J{>UQ1nUsHB!
zRQ{rhv7--!4t;R08c+LA-TW(na=;x(;PpojZ@qqvD-(z{Hx)DOSHSo*zsr={Oqq0H
z2~7u;*(^S!Fz4&~t+z5iXj%c}@|}Eq2EovSqmuDb1_#avTOygr<Ldf=Vn!o?&_Rga
zeZ4nJPnbeR2hGBPQ)e6Nv#c5KGdEHTFCT1)kAvxb$jsBj(?J5E$KU;2s=yOBsG%hu
zuLph-&)%@j)Kk#6eSFjiq2L%h)&DgA^=?pNFaflui%l||{)gxYL~Llbsk@hfMv23|
z(>cVL&%E2lNXmbYL=sq=4me(gENsy9s*Kb#eRZyQj8vd>g~8;-DyMLgDb?&n2GF0D
z%m9*u(>{AMc5)m6C{$$+_(mGs1V?ypm@rlaN>Vxvs4z6?*>GXGwHJ*;sTC5kKq6+R
zU5a@bA@vpvHfRtnf#)jQLLsvlk|z~ZWqBh2afzU{=0Z&Bp6$fZsL~g8?=d1$pr0Fm
z(WKp(qW2zODr^Z-y)QHT^rP#(ep#JgQV7cafE^ni=4DCYSvW6i-iBcdDewVkadca2
z(X4*C?JAG^GG@7!$zjKe;*Pu!WT?hu#?qO6_&)JXu>I6Px*Lt9#NEQPcc*isJwp5`
zQ^20be~MdLPqeLVEy%-JBr^ZW_n#dSj<NMhf(tqEmY@4Xm^N4cMoro+6<7`G*&*~-
z*?V{0w@5kHP8IH50P;l^{whV>b>Qa@zos1|${(;duA+g!!RV@Vi+Sycg!-|<1e=LE
zzrsf>kOzDsrRx7F0p$}BI2B~sL8G8>l7nA|M9hUcIy5VXVd;mJCb;bt?EKxOq3vLU
zIV4|NDdAwr<u(<cDIDfG7zp$Jj|S!(ZL8%sM&HZ&?(B1!M>z9-oc|J^#|Y*TR~G4y
z0zJs2e*7Ae?F#$j85jsDNX%j2t)(RICTBogex0;fBvh+bQxYUknok25DEuAc-W*0r
ze6Wm7dLkS9n9MFP2Xh#ra9V%tojVZ4np*CU`9o!=)Vm_6<T|j?GKWwLS%9_h5Eh^k
z8RGyhhXp18LX2}i)399(sGRC-W5*^XZ%}w`@>&qfmLiH`>GxEQf>*2=fIL+IO1I1F
z*~6s{*CUdz?@nTJX#3pDeS%-zOE7Aj4avN2=wVk{@y7E>8nw=#!;$?)g<eyaG*#mq
z{V0W&$D%LmzyJD-U5-3ANUi0vvxRacj5j|oX`uXbI)=yHU0lf5beC^u6d0yCXLhqe
zJ_YGi>s&LOSEL@k_;b+MN#Sb9L59Q<06b9`Q}7UI1@fVtb|F1xN7u4KEkeftSu_u0
z7`tNa8vq<cNhrnSHqw;%SSHDW*lz1dB9_%B-<t|P>vW@@F^G_Ee3k)QlMc`zC0x8C
zav?(npPX@B{@DCyd!6g!JrANuP0h1ev3calT7eNlW*QFx+AF*f?t*@|-BB+x#z6*e
zJNO(jhRRJ%HD%8#NJYHY{>2ivP^9)|!j^PUS*jA?$3+}H3pHY)<oS$HD<x1BbO$pi
zYczdgAzOUe_8uZr`p8=rp++JHE{9`yD^Y<oaErm0tJKw%&n$720vsxnj3&bli|<f;
z5Eh*&z^?S1)35VX^tJc#7&M4diLE9`OI01q<pCZYOT!oUl(@AX<e^m$t?F|EB-+~+
zUD7P4csSOGW1Jm)&@F!+Qt}RkKz?T39*&*WTVso5tI7CKFAY---ZOuoJ1ebcatSqZ
z!Z;+7JgO&rCsRZ(inDkpJ76Dwrh)ebzfbmOzJ~MT*2P8$8R8hcEm?mRe8fYGWdVLR
zzy<plHPV^BUzF4|KnVd95+$HdzpAiyW(o%}_?Mguh{%6J^P$EXAWMikmf|wp9p0;W
z`=6`5YSy?K!5$0>BVyHwG*fli^VLEOwZ#sFMP4^0vKK-ULwl1c><Q<z2}iM{OY5cI
zW*PJIR(fOX7haIbywKa_V#iUZiEnis*0zVg>&Uodj#|6>c=n0w$OL4RdRwQXkf*Xy
z%W3ivOGKYNTlYM~<r_R{4K58SYQPmZA*mVV_EggnyKKEjk0+Ghua&S)<ZdRWotoHY
z_IcvF_wA>b239_J{~#9GAzh@JG(|6l&fTA8pHmk_wIQ448m`W!*Vmv^-CN~cmS{I!
zevUkT&^>+8X-{3m>b<N&Z_N^@Ii3p-IK71}YE;kns9kzLVnC<ThdSD`t^VA#h0~Xw
zuyMIw`X37K{ru$GU#2r`{C$jNkF#2v(7pM-wYep_W?l&;Oq+O~AMW!m*{ZVpBkuic
zgC@i2nT}TtP1M-Lh>6r{)sl$tPMPf|ZN1-IIl`{bZ;SbY&z!Qi@f49%pV;p&`q1dd
ziqXo-@b`n2Qk<^*M`3nh_Ro&gv--0yR6VO^IpJw|+C3)SqR!w8a(YLsR@5ZX%hdGE
zyGnBTcn4e(zw^G`j$5t=1fy;{7?f{iBO0_bM)TPGfRqr0JAw7_EWbS{TZB2Jtb9>Y
zT0zf=g8fz*pq#$v*XC<qCf}2@BKT@J%h!75axou!F08Xm+3|sox@~9lxS8kSmNS<;
z#A>#R%t)#0H*EIP&dbzEe8FtPez>}I+9OCd>{8W8ee;dGS1R8gI^CLJqms)XN6<B&
z`{ktDmZp}P#!jJrWbJv(z8L+azAz!E_<#bQ(tL-)?1dsO?T|iFd@mf5wG~WgrTwgW
zT*F^C@g$x*lW=I->|~h@-UVf>&~rhP?m6f3b-$lIs=U+Du+u<?&~Ux*`HW$nGCpwb
zUQv9<<fYS_Y0cr`!(A%xvDv#zC)`gH6R$0SDPj)eRiK$Z_F;mC>YJ{(%JxooZ=+<v
zPT4Zf)hC>`qY0sw=Y^CVddj0orZtUMEgrf@ZUu5c4HKc(PrHkM<)Y-gTs!6(?o1L6
zS4&o7mON~ow7fm6+rBt#I9~crNpkg@J6&A5JlXVj>X^J^_+INhO|o^K{eK&BCyTC!
zZEslgb+~)p(>{FL=FLwH;mvJFg>rp!uj=KV|59-+a<w)17Q0Q#JL^gL$l%>;eoJ9$
zwjUM3Mc8MIEYNC#dzv!pRD2bZQ@kI9UyK?-3CQvbg?5KOJC;8vgrpc*U%BBJJ)2tn
zmJqh2_jbG4z~%55<zZL*tE!|K*^W~d)^}aMiN9SXm68~jJmOAmoKZh~Km6U?EtzYD
znLW-EmGNA!=6(%l9ug(TF9bSZ$M*9;j48601wD_o&M9C3qFOj%IQc*BM`BwHeIDoC
zY;rS4Pszi^Q&Sp0ZcpD1J1v>42wJej+3HeSstw~Icg15eYv$AYMA|b=bQF9%vyH9B
z*D`9orzr0{b;~K*JVeY8vg4wS*Zo6EjBOAL@`5O4_3HUcK@G|JyE;zm7rdXoW)h34
z(c%91_nv`n9}*qOkc{kiyePCy-S)}0X4lE5a*b~r#*TF5p1D||s$%!~=s|;B&pmHE
zJTx0M9rvWGzCaFx=k@AcSl}Bl9l%?US=0g82Ut;%oLil04JuU;<spWgRk<iu7}6j(
z7Z`U_lx>zD{!ZeDgnc7LlWwoR=tMX>^YI~^9e2WaD0j4cDUG4{Af6l|XyI$IsOH)C
zSEHg<Ul!+N_E$!txKy^&Nzh#w&Zy3aVew;kLydSUmI^KKoWJF~2{n0CX>|dB^0mpa
zVL>pNjg`QPLKN=Sk<cFtZMxi`ukSV;PA)OT={216r6Jy!{pn+o5Wc{AimKO#%DmRW
zwEA#5QT6&<dqWnY#+gqL#v-Z(C1gUpocHH-+@2fEg4BA1H^wdac&osP!vX$*Iz45-
zVr$ug+9^97Z;8(xIOAsVWRHu%Sij%7iuUGG@v*l9-91c0Lr!7-wH}!@nYCD@f#*ha
zx>quAl5NQnRthC>)~t1wqHjk2IcQ8XhPj6K*3zg_48ei47T+^v$X6pp)iE}lbIkb&
z$QRx_(1ks(K~!phB+SIyI9Y30PI_Q=%6IeG)%Ept;vI`)8ivt_BmYslimd|A88ZTs
zAZ6xA0ef|GXo!o<&1OD4r5gOFmg%gfE?nf~b5fZ~_AH!@;*_HW^L`vs$Fymv51sgv
zrpYpmFPOVo#E+BTc?wcr|E#Grmobahf<5J2ugvagR@R7EUOoC&p|f>g#QVw4Ca<dc
zFgFvkQpaN<x1Mz;yQ(}glK7%3BU$Jv#pB<Y_xUdYSkXkT{FkCakH>=`5tmI)UkrRq
ztdc~YT^m2xKg}4)foR*FClCS>uHGuYA%{;}gw6#nu57l&1wGts$?iP1Ohk4y_y@ar
z0sLqk&7~7BeyfvHc`J*azGyl{(b=X*aMO;hs!=&5CHxAbe!EwY{K(0T7nEDE@NqnF
zTEG09rBa8J<7^lc<_2O0`)Cs63RG;uwyv{!s$z~aVJSs5%C{ZgB=(d$B<ly?-_`8g
zc7A)~v8|=&y?-B{Z2hIZrRBKGUgg(j4{o@He3mTrIB(2+Lus0LeoEaD9dJCSt6__H
z`-c*WlwRfY_L89+Z<<J{$eo7G>z0bryv4}xyWg`z>a^p9o%ZE>1bo_fB%@Al)BeT%
zmqqJscEeT)Dap?uVy3X{Z}>PzvrsDM7z=PAq-@)HbUoq;&Sr48)45C3o2_#p8i==!
zI@oG49kkoaTgu2NgW~;`qm;?Ai33(D>P~K@O_}L^Y==iP21Lmgb75l08dMQh<1*9v
zRwzHXYV~d4zwZ7;-Mp3X_RlfTD>JRHb{(^OIwAgSpI!5`)RFcUf5A7}q;ErS;oUC_
z8pPd_FFnbo?kKV-w-Y_jfP&Pdu3X-G&EezsvP|o~7nHN(F7X|Cog*qc5Nkk1#uw~I
z#H`DM%fg>!+W3<0j-8S}sH4EN%fp;KIGl0hFRegnOXI*}{V~hFF}zaMF8@y#i@yAD
z8tk&|x#piRHIrNVE;{<?pXcwNc9Om*J}b*S=o<N0!7DF|`)tYXSC-d+QKtuUz2i*K
zUo^cJef7}mrNo?5`+ZNp&mHf%aUuK5Q?qS>N0wQQ^<@;aoR`Csm!k^V5}Mav+rdO@
zAvN>6o#6q=II=g1-ch0BFsswv&{!|x;6|DVda1o0IAu4F(Ss7al-)08SL=@vkqG$f
zt#}#=CV6fwE@n^x4Sv$-tuP&#7?Z9%<(r)=(>o3N`!aK6v~fj{r4%kbyW>Fa`TL}%
zCf6bh9i0>v6>{Kskhj;vgRONxW*kj+;4U=aa5r0yv`2j^hY>;;nZF~E1&}Jgmp?~S
zJ+Yr%CKeD_OU)OSzMqjqnIB;8Zg+K#3%Id6pPS5>mhw?1nEm<wdrJN2^XJ>|r>$e|
z(fmq9>f(Z?+Y2VH7Tg{vW+*XZWQ!tt9g4i?e9Oj9EJat`NW79?lI3Q9|5*veE%wBc
zwAW8Kcf<Y2>{{j5hKlpfWw)Y2@#VYH&_)>^`j4W^B)4cx4mO$lTHShQk56n3(ShJp
zW`E?7pDWS?p%B$$qpJZwsta?pirq)fdmQfmYjj+nHr#r-Rr%75kMf_k5sT>MXD(?5
zzMa0L`b%R_&dX9O?8c!B_j0f8Y*z`S;13559)5kxkxV&#Y@aMMh5`~w!Seonf>Adv
zFiE4-p^rvSEE|{a41Qjvc~?BflO*jL9vvFiVbJ)yj?979S^}3FJ2!rxd|rKSu=!<I
z@pPpZMgLt}c7FI{@oztbBc-CFZ}}+#cJ_7%mf_~FkPDx$oew(HgK3iU2va{xdz()#
zZaQ_k$gVdpo-jHgA)4k)ja@;|+BL$9&-y53VJKIC!?R0UjP|(7P_YG5@Gkd&%6O)i
z6`&+ZZ>hlV!BR!megwV7*n4)&6crTzP|eV<*}9*ecG70Ml{Mr*v$C~~03bvZ;lhs*
z+k%-G;3&`E+KBok{}Z=WNJe0mPO_Hjrzs1EHYAFj9TpGNmjYp=KR9!U3*=&U*xE+N
z)eK1(UD>*&j2i6yT8ApyC)x)}z<w;!9&+-uq=@=xBvIMUeJtH{G<{R%N$~qG#wsqb
zW?89Qix@=NNto&p&;jg50FlCi!tF>nwt=V{kvP=q6BRJr*si>lRD@VZW>B{zN`4q9
zY#<bigFdad`GUFd)VEmA0ZCt26Z$<Ib5b^rcG!GU6a}(kt3``?@*9(T3vA>T<))%-
z@dXq^Ihp<{_P|Mee5e4&<nd+24jzkz_KPimyYNHHDxV%hjRyFoqC%S*TCfNi9%o9i
zn-ZhD-__^duJK1@!VpNbN$DGPthn-o$20S0_6E-ttI)#qn_XQCAPahqduXXijGvi$
zR6=HuL0Aa_!9oM{8oHj(>8*Y76H>(Ho5PAki&v>Fwhz9ZI-kr2So*J1jg~{x?#9H>
zL_vO${*yt6R-Bqfzg4@+5Ipn^L`5Ml;@5n!$II(tc@Um(91uc$$Z5YGl)HCvd)MwV
zeyCi@;K|z&0F_&Iko!|^Tjys_m^Y*i?19vd-wH~M#%=>?SVby&VCM1i1;$t>o1J<$
zzbstiz;-!A`bhF!Hz}oPuh7VH;VUl0mEZ!)>U1lXfYimquMQMg%%}0fvRQtPhv349
zBfBd)zn2a2Tn+n5!~6TpG+(k{mP(_%eap2Q+wiQ60;!w*=MBPCfQW%U2bAQ?X9Lax
z>9|hf)kbG>Fm`a<z<tLY8VN`%#-y0ew)2`&77Ha1fAEjh<ZL$i(osbDL(4=kqyq6G
zfpzqJjT(U1VG_AttiSpIs%CH5HS}rl#T4aSWyi1#ogIAY^?i6%%=Xb9!GTAgTK;8*
z-Ik#&F|r>;F^F36-trNBQv1rOlC;Za@}a86f(2u`Th}=_5D|F!+1o&ajNjY%j5`90
zlG!Np(4XRLS<{)<_HQw24$#8^-Pa+OPLQ!hKp&#Nzq@vo)g;R1=z3o6xXX#jgz*$u
zMtQ{!$&N<n7Y1x?dM|)f5SLrO&|$lsmFD0ytMRvMw47|!O_TFLM@y%6HIA*iP%h1C
z&75i?Tj6Qaz3!U9m+om!P2a|t?8F_lpl6WNt+?ntnQvDcL$gu`?uwb{(#|l*mNDrx
z-sS9(c2#_2WWncRl2r?4M9ibdqvJ^)RTR$N+43{so$DZ|j}_oBOLctwe54HOF8UFh
zFlt4nCl^PZ`lrXH2ppOb3+<QvX0Ib;S)COud&Rf^=~pVQgx3SMSv>am_?OQWlm$_)
zqyk8oZGDy(%jILSS;*C=f3uieRj%YYP=GdjIHS#&$B_)-qNn3dddF$Rm1~6B3Vikq
z(^my~tZZ9H!uqlNBjpsG^_ZRapWWw>b7NTFb<vr_<p%`B#pQk+^@`&SMq|Z1gQ0HD
zX7=^WYKg67*bazh!g^NMfRZxbxpY{mMHqG#_L5#Y>QG-rTqfwWU6oRA-YNIk{BV1h
zmwHvl5M@E4Pv{|P_36wyR49_d9P0aN^igFdhSi7aXYnnc`9XWdl>t=Dq1~zpdnHyp
z@Lq%|+8!>_^S9q#T0rm@(qGlDp$^b*V#Pp5l26=P=cQTA)(9(?R-dgM!q5_URjO{@
zcrN@)erDv}-(F|hWi<h5FuFQfyvl8MWgsF|LAuSO_Ep0jI=jGHGmxws5X<vm>5frc
z8(m)*_Q`+2IPCs1<Nm}{xyECWcAlVrLIul@<&D1C65qBXu99p_(MG>`&0cVQ#T937
zAEU;5y@`AGI<~EyZlvOS>$)6U0Mv4TcYJ*FS%ryVQ`yvb*zDMgt7?NPDh^S1i+^30
zJ8jfvwE4G7?vHy!zDOBzJnlpYg{ufq#X-fyarJ}tmo&6&4`iQG-pyVRW5GR;;|i^`
z(j#_W1~!w{@;-xsrl|9&`$3gU>}_9e#jvR0T|g{iqr~IE)SA%zkskrB!86pxf6-$(
z$>QZF6-Vx=_~l$z-I%fs0+hh}-v0B44n{l@M|!P{*Zqkh3&Z<RXR>onq{1wQtVU^4
z{AIgz>zfXImbZiRzfu?i<lN|5NbSLS{-ciP4qYpGM)0!Qk-S`Z@QXz{NM-L!U*QgY
zJR`C%_<2_!&!4-h@Xa^6fg4i6^)dS3h2$7le41?7h5|)y4;D#)@dan9UfR06j<I<X
zvGrA!+)D3c0E|9PZiahBT{~@Kob*_v3YIW*P34eqCYhggVih_9LY8%uvmt;HofT?n
zH9f{iyw)Y`7R{zBgaC&(#A%k8tDI<^&}Ffg0~aOow&btcD;3kh`P9I^f!rnz!>sbV
zDb+v|wIIaOm^yG*q@;DDIB4R`WF<Q2;F*#!-ayx^GJ#uC&}A+s#^O52|8RY^DeX18
z#bz&Yg4#`mbDlf?*0(qY@0J?uZ?Rf#OM1Co4%F&Z^$&PyhXeqw@wGZW$rVBjYpFIC
zHaW~G9uNQrwdYd<VlM6?LEYWulU7#q37T{&(g}&@KZ6#KGB<Q3s_lWg+sHdZ_m0OV
zQTz6!2Gme^vjZeQ`QUUX+%;ry@Xhq`3eGA#WsT3jEOf19SswPHIa5fpU(o-W*ST&_
zsHKKoX-w*ZFjwqR-pjV5Mw`X^Pu{wm%o0HMEzTI!f6eQI`XC1S_pi^dq^x^u=5^jn
zO)#uHhty!slrZ3`Y^3xqvxCSFK1YAN=~zMniJ|eKu(Y=mk0CUlGL*xSQBL|}VQM=b
zg>!#|xT6Law#CG-Lwh9fM9}x4+|SxfOm@Wc7PVca8;6%hp}TsXO7sPEwv@hmF(Msi
z(y~Qxsi=2RwCW_b=do}@VMw@wQ5(k(o;LJ?UA!GYrJFOBwlksntP~(BR}Mt??DMyX
z$<VWC^nF#AEdAovF$$M|QfLPvoW~e6HP^p3euo|}4|n}mn!}+-2-U15I*ip7d{+Go
zfX*_n`DG?szN^hr)A?j|Kk|&0Gub+xTKC3TDA4f4ML-OljqVEaPE2Ml+4TBo&F=Cd
z)8c80EIy-z9kn@<h?n^$RktT;aw%~3M$55DWGbDWy<`?nnpZP$lW-Z6fpvU#jSG8S
z@)8XT{1b;0eX2Ibp>RZ06}B?dHLykM2N7IZK*JRE8Ef4UMp~rQe7$#HTr!o;8)=N_
znSRyy{;~ss$Ao0Po-}=_eF`*%gkkb?Vq)ZhbHCr2su-HR`CwE#d_+J1)%7Fj%aJl;
z>Kc=ZOj|!S8|5KSn6g-71sgiWVRcE+5y(`YU)%(9R01S+EBNk`bloAsm1gtZ452Y0
zae@24Dsu`f=UGc3=?^b2abn4b%LZB=0mA7Ph62$)MVg-EQeRw@4XG@g5Rk>m8P(of
zs<xnFm+GI{4np|YKDk~Bfo(1>t2nYUer3BHV8gazqZ%|mcn>Ry<RV7)Hue8#vE9le
zJODLoX3C2xY(Ygnv9g`2n)h{xL-&_Eu2Q*r%)#Do`|Z5Z;Gm)g-^-dktcO?zD!UR{
zIqE(IQQU@dl&gW1%+QMCb~?RWaRqauT@Eqi6blEh?jA|@WKw~}%BA{HRhB50?-P}8
z(AIXIioP7sUl%FjIwQ%6Rk`w)!uBb9B;*7v@I3X~RQLrS-(@A7#ok(x`79w;oK5Wv
zWjv@>w_Of<9dCUQ5U`R=#;R=bPdp@aZ=zZ;mrE$1ES$?7uHN)51wNY+p8^>Emrs>#
z=tn+L%~q-Q95MX`g|O9P{>}SycF7Me90K<Tf2@Z0Zrf&vd8uV&;iHO6VT-M;>qcx5
z<u_bB;>eF3nq7XM!d5i5Es#6j?tDxf^!uV&zMwIHtf=&;v2Ngp<T>kC5_EVPIkG)l
zN>%3&U+;p*{kF&hEuvV3B-n&EBXA6z{Zmf)U=+v8PD(1=VK<}^A1~$mwSA_1L5_hA
zp-VO|revNnJQ?)nx~REI<bjdPc_|p7)u52bHr}ekTE2<7BkLkzfE{4vY;wQTq+J+m
z2x_6OZ=<YK#7$+GymRaj4sD&1bBhy&p1}p{>$dL;B!2U}R>2ry+x_}GkiHEhv9p$k
zHCnLO*k(N2l;-mA`=~ORQxS$B@{2vcG8NB252Tg<eLB#Xy*Y4sBu-F&rz-&Ego>J4
zJ}G9fO!`zgpUf-)YA#z;*8JPM`Yk@D9fz33I@^xyX_!F1CHD#TCoc|uigQc@{j~p7
z8lbzosalJn#*{0;xsuEJZ}zYf)R9w9vlpG0x;;t)!IKszR7H~kfw6N9$?_28(;kN$
z6>~SaLu4^Mmf3ppbDve2<3Ba!nD1*1YaW<dRgR9v<gnxbRZx_>JGtzm^UkhS&Q2$1
z&22*sT&b-^nhtw}eug+}EL5_XR8+6pD0sVKnqQS9J9KZUQJ|tvj)A(e{r}?aJ)oM{
zx<~OeVCYHcJqZvZ&CpQ+69}PK0RbDKcR^55L6Z=A?}(tG7eNCeA}T^?BBCHg1W`~?
z?4YRF-*~<E`@Hx2esBHXTW|f(S~F*#GH1@&b7r48dv?KVy*zxRSrCES5TVB#99*25
z=!BzcAk0)Pzhzk<HUq-d^Kcg2v`bZhfe_UUI&O_5Rhut;CzbCUd54MSbo(iUw-lH8
z^a^v~!g8`9p>+zNl>`+*l;5+>$-sU2q)~_P6ku1SviaRcd?HI3zA4l)o%e*mL)(pS
zy!JME5~<Q-q^EMG^|9xP<{08QcEr_z2YGq}3^370%Jsr<k2Z{!<w*f!TvbpV9y>!a
zMYDWTg<Eu4i4MuL2W*%r0_|f0B6qZzM#PjJIC?C{=$lPCCv73ovj4|ZTV-pU^b9Es
z2)J@+sj}pnWoS&ZTyffd#~r+rOH6BLT_|*_j{Z^08X~?=)62Wo7M`;xc$Fr~ggZ^i
zX*Uq}0V`QRCMK6<XP%1t@-R6QBcX_@3Pf6)tM&{qm80aFuFzG9bWrzmFl)H3XT;cY
zuYn0>6ES7D`g1^Ly_HZRW+EFOd@2jsau&D>AOtI~e8M}QB+O8A3GmVU+iq`s(%LM)
ztL(PlP9Mn1moz9)APHIXv+R~79xZ*wJKkQgSlE>_eL`=9bb96@ZL_TAtsj-fmaFWf
zNNrO$FI`9XdV)uvl%MA0)MX(rOh)WepWJpV5R2SdYF-B*KiXz&Nf3~eYMT2Z*KCsl
zWIz${71f#-DniP}!E&Q%t{yicHG?1YXCCoP<ja!NRPl1C;YD?rK>Kf9D<{RVLETf@
z$vtBYMDxO(7t`y6?rKc4F$}*+CzlR}UsV+2VgGWi2b;z>b0_^hMpTb$TDsP%?<Nfj
zGJVl&v#>y*Te6Q7EifKVI(h0_ebMqEG@HCLkVyP+n9*bYVMm-AD4(*&?{4b^$z+JD
z$K<IP+!HKsuXv=>OM!1{E)rj=yoeYrP%ox4MK^6Nd{ZMHWhZI4m;2=0NjRV{s2x1y
zErP7iku<m!yJ_FSBaC!P`YKC<<Z3bU2-AyhKHj?TMFdgykj7N^)!Lia`GA`;3y;jB
zFM0`caXmi(D6@awzn8U3Dk{ms;-h7O%7olT-$zUH!{3Cb?=Qbf2Jp5_6bn&4;S%WN
zI-KC;`+V*jYe3ChJw=Vo9ZT+SpKkStqCU$7xQf3bC4`6}aswCPKOJll&Qu=c3I}7v
z<}dGFJaTy7p;z`C5nvt%$;3WI?A3)zTg<*q0Twc&60JPPX7?Og$D|UaxAYu2=(a4;
z)$lyn@P*T@&?*MPDhHmH`C*$O$fn~n5Yku6XQ#GCF@~_(&q47o;Wbeei}h&(5>?|v
zE{3s09~yl!5Wex92veb~?R$HLLoz5<mBKkW3**&u(LhGmo7qVqPzS;>k{7pyBQ11k
zkSr-rqVQmbH&0~a7!brl&uD%?_c1QGj~Sn96Z>4#9&8=NipHz*)eXa5ldw?q1>mC#
zbrE|Kb>G2W;6n$`yMvp=jb723^h|Ij7_;FIyhwYgbL(Luh6%&>fbXApJ3Outg+elJ
z3((4umoX^ifILz!v~O2J^_WGE?{U1H16&hnJ$+R!%Yh+Zv_qpYJMoxz+a8BOHd8J!
zDb@E$2$n;}xcCjWNf-)Y;v_0mk`PEw3{r^dd!83*jd5P36=%qD2wJAZU55}TUJ-b_
zuw!EdFEEG()RPBIyN%dn6sQ{1ffPQoKl%j%t&iNmMC{?$4}0}0B<)a{EB$=a-Vn+d
zq+HnoC?+yVpqz-%Z^95iLEdQygnQ#3ng2@4v+{~o0A}(6QgY?;8Qvx1f0g_K(x2KP
z2HzE4DN3E!XhrDpWd5TZ!iPvj>Yx<vj}2Vh_0KX0tVC(8kd`=bQA|HxT~iv`^Y<F~
zkN%-O5JA=3nLQBq7WUr@|4V99Sr4d|FbUy1A5VwyjO0Ru=8p*}Jdiwfb}^>~uk(^R
zGdG9-c^&$6PdV_P4Tumv)U5nx_Fp*&7>rMxmyZJjg>3=eKXT<PIp1e7ASkU|5widw
z5D<(sMB-G;eF<^=-2-4gw2@f70LDLq1kqm%<^zGqaE{4hz%+^ufrLBWEchv>2o3&#
zmvfD5Y)&^hcpg|dFpBEhr$O3aalHm^YVw_YJFP0>>KnnEuOf#I9g&@&^=2aAS3|p6
z=nOi;(nWt4*b)S={c!)M6raSUu>Bn~Fy3G0!!SM=5__wQe@A)M`FF|b-%IbM8A5ts
zB*P7Zk6+grNn#xZ7NX}$NmvL(Tvpk5kVcbd3%~OC;j1uL?VT~blY)A8EX)UN*6sl+
zGT`Ya5idHJ*r5jcJ_BP2efbYOs>-h`psberPxwgS=si=_xMsX?D+i*ybLv`uQ()87
z5*;1RH{;>s0v||O$NaqT|AzoYJ?QzV`T`>2Z?@$AGW+(=m@CK?C~|lAbh;|QTkG!b
zAy&jaf^KR$%`XPlY~B#WwToh#=3voHr-6(lZDadWto!y9#tZRn3YAJQysi+kPzeH>
zP7)L7n{iR&;*G8EaMk<8Vl_K#VVhW1iZB%)1On&jWG8^))VyG2cTy^HmPJ+wrAYIi
z?&F~7|3@g{XNnM6sh|YTPs=rA1i?}o%0%@e_Kdo6MRIZcBq-6^TU?Z(<X|3z5l}Gz
zz9aBxuzP^Y2*1EdOesVRVaaM?wTsD#0Vl^CJ}q<6MpOul*WMCoot=s*VS^RCcobH$
z*r_Yhmbn%_%taj{IV#cD{F5osB?q)Ig=OkxAckq;{k@9_rd~Q(eo>?xZwI)cv{A`O
zd2qvoZ6(rsDyu(*Uxj&!Cu55+{~9^}3@*DIv;QV~hd+RKJ#I~U!r#UXjVkk0URD;u
z0hradi&CKeAe80RE7r?jj{Ax$RW?zM$Cg_7q(1cF(9L^V9`mP<0B8&3H`1?Gx55}S
z=x7?h@b(WW#qV}j6S6h6O}0|g=tmW$(1fTL{(H!%r-kVJvXd{)IF~aT@ipPt@zp-#
z&U9r#L4j(u7M8%~OwiItf0~%p=?|OZSsvGZHtgK!%TI*3_~!=xy3KEAd$mja?uct-
zolZhH776}=`ie_u8m>sU@oz)i>D|aVF0CA_qQJ>o3^M73u7IpD2qf2m60fGg9|T?{
zMuu`tnQ&Ih8tQ8#_;-Dnm2cv=^(Ea0a%fT1AE_(NkT`|K21dhIvWXc!3>q&}3KYuS
zse+8dAlLK0-tX(xKAFD`I?<}$Z69psu)pp=%QmocNvvTNNU{J;$I}w&Ac;2TF9R1*
zzzp>m8GjR887*0gWP(p_l%+Gple$7V4l;}+$^5;GeEo}W$v*b`fy%EK@y#c5soPj>
zT#H_La|##3<VT3yic|c~TWZehSM&=3(52Ml*E~s(yP6i}ZO-(cnNYExrlNiiAC!^4
zKp)kmYUOZ`F~HTv`tk9mDULn(QE0v>OMV8#UB~mQD!3YBSL>7OH<m;g7jg>b_2Mog
z)u9csE8561O%vqwJow|;dOr`VRxR-CkN)$LR=_lLyky{hCq`-*Il>V=kLTr?->n*F
z-_@LQ>~m1s8N5w}IasqzQ2B%W+=a425o9@<y1ThzL#2z%`|rc=ByTN-Mh=K~^UE5q
z)rkIhjzHSSi}OZ{(}qqnH*=xw?A;&Qd{+ToW-m_<X=O{Aj+KV>T|G*3alJ_o(|{|O
zznSrPSHDdJ6G~@1I)WaTtGp(n4MX2;IjFW1m5uDQP$4DLl#^02!mC4cHY7SuzrKDr
z-zS}z?6at@ZToUshQ5IDdK;9sqiyoow+_3<UELLl<?06DH<}orqGDg%QDKycEXS;n
zW0u}K-aRqM$K*m~@xeun9b_SpsVcRhNL=5tdanwchnXg);<Y7shB#(UWc9*FP6T$g
z-zSnd%thE`HOk2?q#h2P^fu_L*A{;xm@yQ=YlzK}lEwAXrYF#7sr%LQMT;U?{c*SW
zsd={^QHtK}4-S5&J}4)g59#JO?GB#0dQZ{>dZdSeu|(#D**kqfC>q+ww0jEziM7#D
zbQ0Sx%*5*35wd8Ok=|fV@HMR)m{z|@ca^wyuf4^qYT4Q7nZ~z>hj?GnX6*d!qbk(L
zTsVu5t#{|d$*tMss=5zTd9<NC!+kNrtD8pp<)~Q(huR%xT9zhMZIx|433gsKZM*5z
zQ1RkgW!<pf_pdjvbdNQLHyw(;E?8UQ=6pYbp68yn71YUg>N&df$X~tX?F_$!uM(Mt
zR3iP#c+Wwr_iyE4k&ePY?lw$v@9uzEdY%&CV%Du*#*L}BJn~U-Pg`lmiL#CkWx<;6
z8~*Q$K^sS)dbB1-THHZVCzY6GU5fM$<+)|Dt9;*ss=zA;GLVbHJx2j?q=rIsV1+To
z`8!jTCG2{<T6OqUn(X(rk-MU3PWn@JYK*kJ=Jd&TO=XiOB;YNhj?W#cf%+>5Th11d
zSN)$2cdp%RU&_tEXd=s+arPJk`5!0E^R%*g-uq|V?=q?+S}4$@W(^k<3y$VBMeCSK
z;#Vp;X60C->Cnbc8xXQVzy-yz<Jq4iy<DenUJQ=X6;hR^yow2(xAT-XU+plsk$y{M
zk)^Iw?Z4G_W8+Z3qR6vXtbH>l!qN%z{k()ljw80UJg7^OyZ51o+(EG|wI$!t7HT_3
zN*YCYQF2W6;YYHhj){b=FZ%c2ca5~iZbLY*1QX=D+fEykOu;R)V7Z_6ZS7{NYGrFh
zb-+1sBS4R75bvL>x@pPn_NNz3hJ+AnLHIo!fHD#PdU~7*<?7xt5U$9&;^%0FTV6FQ
z4Nu@g1-E3ys0xrIQSFw-Gg+9A-$D8!^MAI?|Gw;V;nzmY0eHh$wOq7=rO5?J7=kL6
z#^7n)3)tye=$xZSkY1Hy*HCBgHgYoNnlfTwXjN(fX|f;usNk))gIW&?dJmH+(Y^ll
z!#5snLpER(+<ID@*8J$P?ZyIk=@2@EKlH<t`}wyGJrGFtZtA#uutc!D#2CJ4&NYY*
zgOJQs-Q7vxAY^}%%KvA9p9v^u(h?<+iI^m2-&)8fUIM+ibakK#TQC=J9EaQo-buI@
zWH!=R;lxy4WGli0lSV=6z<yeUqp=Vq<M4}x;fX$XDGwYLp|S)LH4Cjb-bN|YSXJh7
zEk)!Ia}Gs3U?YwCh5Mf0_rLty?IW&_3ho;{trx5PX<z&u6ezvAbD{$>gJcoiOtLvL
zE<j33V(sbH?PFvmGJb99)ibKpho1u$|AhG&{Ta--a!9*88cT(&Hi&j3!=>$gK%0Ac
zFhIIDN?oJT;z8{DES$^Et4uhhYOHV)r;gS|IKX!F<RfuA7A)Iw*?>~l-Ffjn0z)s@
zlkIJ+ZiR-Cy?vxCwg4&|u+-$|hsoHO3&IH1E*y*pYQLp$q7Nsp{q70HbkM3Axo?u9
z9Q2LE)L1q~ZZ?o)0mDer%bw2<A1o5$U`jhXmM_?TKjZi~skU89QCm_am=J9TkTv#Q
z!)Er$W>yDRwAptLpVzF!ElDJV#%70{6t)nz{FGTVH5eSh@yJuAWQgu62?%|FSB(90
zxLY8wEfC0q>N78DJ{Bg$^J>nXGaU7v7*ud;%#RT`<Oe&W<djfD<HIL6z6>;p6upio
z8*QhMOM`E((mJwfx}FC_waXj5#5Ue~J?T3nB%P|0oXM3<txi5VJK1tIKHS3MHS^={
zfs!1{T50M<+%EKTWlUc2Nb<L-m`f&QgK$5~X7Q2qm~dW6#PTb7`*4M`EZZD(sn4I?
zgC8nQ&V|UH!sJ5!wlU(P|5*XIQZNhcLg%?|{ql8gI@(1ssT8eL6})slz4XMf%bz`p
z^4ku3_;Nm!;MzSZ@jOa%lFC;<T$tP9Jf{4(uVNu95O?i(dGKrb4NRwfLg5uhceU1S
ztvY0uzT@=w7Oa8gt2glOsj;`@k^356UiN$0fvvY-Rxj)Iy-nMz(s0C5)SCs~)`!Q5
zjUKJFCHbyHN3o-}4K){@G;{}LWM$6z^1@tNFBo1+!!0cb7^nYxTyn>&ts%i*RUne@
z3q&kWn=e?+=I+1Ehz!hXkCRh0`+od!+%rcqMOJQYNm9u3`J<yxf^R!3oz>qG9YVdL
zUwyr-+`#qX)J?yo?5y(s9YIg#WIorP?Hy@vQ9X3YXf(_oZ*69fJ~KbWFZ&YZPKt}^
zSqGhi`|qz1nuu9!Czo6l+x9+tP2AgOZA`-~o*x71Y*dSJ+-F~u@h|*|*ndU;R{Vtg
z`3&OzRR+=xxqp6K{rb>)H@6anLIz56SuU%R0*aNvn2<z_AQ^5i1MwW$IBFy*w}#a3
z&E@HZRU_~&Rp?>$4*tUV{O!>tSEJ>vuj^)^_>x!|*^1|wW|F9(WlkQ87$K{ESn{EJ
zC0aBmOHy84Kz4K9w=Z4iv|6e9$V8-drm;V>Z%Avt^K5^pE>IY6eO{iB4~hd;Yodbt
zrO>z&3fG;x@qNC*ua*uRTYv!=4i`f7g_-H4k}U{HG7(0R2X2OIAJ#u*%o%yWG!-|&
zs!B<l-%Q`KToUPdV?OQtI5+*IR;Wsd*~?>+27^%HX!<Rn3eJEr#}Y|MYg-k4n(Azv
zMKHw~0}6UN@G@ZC&s=tY0eMi^epDhbf??#sWYPp35-J1p&s~%oV?2QI!4zbX%fQ-h
z(UqxWW|Io=tk2x#nQ+<*i$ALmi;4tfay&~HeLb{azZ89(^SJho5zf>pe~0>cF>f2O
z99a|fWJ}IA4*dp(a-l2Kc5q)_T`ywc2HM1J@~NSL^0u8%vziLyNcI@p{_bV-`p1K5
zs$vl0;C30w(gkO(@it%|ieu?gDO3qmLfAzx{~Xk(PBI}ElZ$y>1_Vv``7v>B*cEIc
zqKI9mGB~n6b$aio%ShW`q#r=>OXW&?_bUHr;cg)&R)UfhYnU}`;EiAw^5V-HpsX0-
zWg5iVR|&5gxtBJ7YCEuyl7%$CnbC{WtdMJe^)-zubk?y=|Eqcc-Z$aut>&ODT6j}6
zg6ZQb%J7xPiPuII)vBn?^ZVbQ+=L?Rv6%jxcSzy&0O`pFO8)79kXM2C>R6ZF@3oXx
z*kfnnR2@?Eq;t#D<`s!|odpt)yTj6toq@4n*VXS#w-h6SOoB{Vw2^0zV8SqL8DfvQ
zXsB}a(8pHCObndZ$=obmg}{a!d&)wiIm+swtvGWa+r-#XazUsq?ECWvHVL2y#IEj6
zT&PKdg^#(i&9?DU5>+i>QErS*Meqt+6+Uy0(QYZLnHX5fd5U5A9H)Gm&tBQ5=4iRM
zXYi@Yg}U49x1J>x`3~cC!JV9RZ*5)C{iA6{o6eQIi?vF`3|F&qzDXF)>3F4Q*2<_<
zW!=?T6t`ZP#S46kw|k}xSoNAe<UYinPrDl(zb5f=CeJ+9<+A1vnOlBgM)61j63~Ai
zrQC#6R`FpSzmJ?jUVw=So5NvBFd@tFRk7;}EU8pwoj!;@R|?hdqL=d(*@@c8N9v)E
zFBBeG#8zspa^(_&DO6<V;AUKEG)_%0k{1z=9qq{<*}nUoP~E9n73;k2Y+gS^>d_^h
zfp*6)_u4&SZOLiRbQV87IE!o#)T#>pxc$*>@3%J+twaT0v^`P_>rRtZ-wrp2Vf$o`
z%*+N-U;3vhAwi1@xQy|t`lz&!O3>sfHh+9|F<m)N1F_#6y^*=Ol3(f)->spP<SeyJ
z)D&Rd4LoP5?3{a0G2Hi{$W$@Ms-?ouMtUm0`1_rmu@oiKB+IKy_W_-cOre<1Az2-l
zdU?%O$l0ihn=-d_2csBceo`!vMCndkJ|EH|8A)3#C5y-mBn=whn%u3mg@Ir|Q`ieu
z=NetNZ&l2&t(J!ICtT;>`l@e?G0~IOV7{?CO{f~OefS=xKaQ)0B=>{Hd#$laWZJnA
z(P48QZ`5T?zF;VKP;d_b<!;zcN?Q;>S|jzJH1pW>r@Yz~5$1lugN@|Pe``d2EAAE~
zmDb_V?@*+_aI$E69&P78-WCNAGU#N=p1S1x_UcC=uSUJD;Po5sMbq#Rw;!PWQa%x-
zP4sVf=S4_Wv~6fzO?&jnAB{UYVou4HP7HC8j>-#d1dZWaD#_{F7!+1Z52)m;$#@Q;
zqmat$MsLD;5e!IjQi~6@9n)^z<t=z3rYBVuh$W*>rHgB0k`s0c0qYhkMCDbHe1pMJ
zZd2Zw?*%n!$Qp~DF?#Bed%fnjoxWTQ$ygq@*hJ_Ybp(}uELQX}IC=ZP^TmCVoLpQ!
z8HYS&K-q<~J}VRaY-H4CpDi*+o)DGxynK7E<msXcHHRk}!7Ia6)Ep8XE!``~Pqao5
zS%)jxxjHOGuY)i8dNp903|J);Jj7-%P<IADO&t^<FiF;}g>l<C;Ko6WA@0oD14UB2
zs<tZO`4P+HIh89>NiL_&QFi7iN?k^B;aAU674W0c)OjISYD}MF6%#m^T3)KcBk%W6
zXN`1LMyr5n?t3gxFVMJS&)dD<BmLTHtS5rZgmk1oW2keTBj#6o{KP`|KSS#?!ynGt
z%UOyF0!+e0p7IX|-8@dzxJB2!;{DC&M-%y)0f`eH16yJT9K+V4R#u+tCj7e8+7#LD
zFK(tRm^Iv=m?;h47{|q)yoY>di}0dW@>Ol~j??lHz5CL7d=W{8A+4$~d41q=bEJH-
zgfL*`?}>?(M+@_@i$ZpuR?0q1`-<8HBqIb~ILYD5ccYH$u;j_2$Z85;JqQ~7E&m9(
z^CbY?PzJwyg$sZ=rk#wI&bNmO7+M@P3@*DlM>EZ(z+~auCEC2gGx*U57Kk0%W(4bR
zRkuH0^FNxyFI7`pFN+SGOE}B#pg-YCt@|osLg<jpSNG$*zS{WgtlN%ff{wRho=jeF
zTJgLSti171J{3(v*Rm=h48;i#&}Yr1k3jr1L&{}=+_;ce)2x{B5)a%SujFGOU1xKw
zEhyVGow*ih8wl2lik7;*4wK@7q{xzvK?4GocN5~s%cS6T45*TgbQ{I>A61nWyD)h9
z!iw(vr*fTqk4c+x(=hL@kL5CwiIY2)U!+Ew5S%AgiKiZXSA0fIQ#T*{<o{*s-peYQ
zXIkEG)_-k;*Ag^sDYcH~H-lQSNH#0LV$A|VSsQZ4nddd&#Y#b+g46@_9J*C|YjWm-
zaG}IHG!U($)}sN?*AYikp@T@?2DwzIq*-q(D-R`|1uoM*Nu;Wt1qK<2#z)uJM`f~^
zWPy-I-&8%2BL-p0FJf<yMN;FFC}!rIRMFfV7AXPsP|1?ARRY}2D=#9IQlAgGsHTrS
z?wu5MHoj&g!}}gSDWWSpNUp;Re%ht4ITRGR^<o!N7KyVt>&63*6<L;mlIG!E2#4cY
z&90mRsUT=pi5&c*;^f((Wh~L63-CZuRT2g+T#Q*-i|@E4%zt>~=wUT(RlEj}xTpjk
zioYim_-vlrBawgI^a|-cJToymH}cs)T5z6=`#q~cWs-~Aly2OYj}hnhzbwvg5a3-_
z7*mHay7*!NYE<Wq>DCTF(Zn7j(_w<#2|Ia-wVy~>NteSTBeqr@yTx)skP&#DSNe*=
z8(c>{aq%TgjbSlh;|jxD-{A6*MZQxs@kQu6uCSzjT;v%PjX9P?&6i~<Zl8rFei0U1
zbTN})kymnl9=|8DN3y={d?TFVZLsH=o_RH@X~@apO1-lw=@I6hzuaG_{Hl2(%P%PQ
zP-TY)KKsKS1taN~J2G64nABh4cYQk@-j(_7RE+8D^ErW+Ey345T(PCIBN_8BHbIVk
zki_x>1>22NU#K^YAQ!Rskdqjr$uKw~K?FvWS1}=rMCGm`Hvf*vzoAursR3W#Q!L~n
z`p-Vixwc1W#x?El*qol3*HZ)_lzM*M@E2lncVtMs8v?2TVnzqRi@X*j%F=pXdhDVs
z$kId6#`ayzDZX1>T)#sbt%ymXth+fS(LmkpMeykVJyG5(IH|}!%orqhUNdS?WP?vs
zS9sp+Yj}l(;T7H`gtTZ`+UKw4jjJSQBhqVzv$*is7PccDk;`Ee@#;jSogzzYA;TH3
zkwC8L!q$CDl)CP+)VNU%KrRcR#wW*zz+uYNS~2OnR?_!y=sow4^0{g~Aiw)3R<-~|
zJ)Bf^G$$oDoo@8EZv8D$%7`d%u^HB$?I&$IBVxWbZE!ys&Unt(Anz}inRpn4WOyH8
z#_8hXmi&{2I;X6?PVDjYS~9^>@5I;DPnjvWZHsOyL(RH=^EmTt=i}91b5h{fLv$nN
zt8qE0W~k2~4w`tEk<zooRIc^T^F*uMVlEHy+_!I_K2QKc?~PCL(N8qJV@YW%4Zm1w
zKiO)3OJr<Q4vMjG{djhM^Pio%|0ik<PqW`JoplOgLf$sIIvUv;+5E!fuNM_H8zgs;
zeX>P3v}M~<yIAf9(2S_^hS^Zwc6hA_s-G8d*mfD3tC@(fU@1b=AfP0xz`%_4DQOBQ
zjzU97h9cv}1BBMkWt@W!X5_#!?2gp^&-1O?dB5!40T1npKVRUzf6hDEs+MDH@@kx}
z-FCN!bK6hWZq{xhTzH_bsd`7_(eRG<d3Rehyl=g-{N|rw9`=i}@cfz+k^*&DU7Jt?
z#4%&?tPlI+_O(Ce98D(tr^=cp#{?@Q+2^#x$G{Mt=*#RJ8VMhNskKLgm6D1bH<J)s
z^rR>O>)^5ad*TuD_!?e?$8WG^bX@@0&Hg9d34TlfZnDB%#V)=6x+fa_@Zw580pimg
zs`g@);4$zA;rpw52bZ!gQ(N_vmiHa;ecaso>d+|{u6_@5j76fmU`Pb=jbXvJ_M61a
zp)f&Ep*XYBM|zO)Fcu&7ba=e-1^P=tH6Q}l6ji^4K#_c}ZU<%|WF9V6lJ15H+J5PG
zQuBAZ<BRxUh!6HEdOr}9_t4@mLi5)!s>Lglz@_I=>?*$Z+^hE&(g!xpygpXp`#|$x
zfR0(mXi37HO}7HIHSLZ@Oyi-6IWJ1{k-t%$w6wwggPE?q$VF&I4RS{%U*_hNtE1t#
zU>tzmyeC$c7!XCwA=2+kZ`NDT1tjK~h_{QNk<K*GWQ$3JUbn;ik+T=yP5<pR`&;64
z`1Y=qu!!eQVgKy<d54B?k!2cphIY5rTC_YFojxCMB}ccdsX0vj^1i}a-C7mG@04HK
z2HdxUEEcHzZ=3u73PQ2}_w3H5I^?W9mihs=jUO}xvTgxfwI)sUKTh_4a(SRCsyNxL
z>HUyz5H^0v_ktA+NqUlkHBU%n<zL%RI2;;l?pTF9vf;v5VZXRSzDJS2$}2t|O4Vpd
z?+(-02?+dhXj}<<(r5ufM<UaRMHo&Q$Y^DQBf|aHVf<fb8X>5})P7VhR~mGJfr~~s
zV(6I|W#A{5keMpV$mE0<v|U+5y5Ioo%IZE|O?A=x9a5_OKiOBJy{MiNaojT6^)uQK
zVTcf68OHICWv_eUV#RJI94D{hC;~#ZI>{Npj)d<FG3OHTP_!c=je%RRLZG!Vg>b;Q
zcb&YF<kWe)I9t{@TrAe>E6NmI#==P!qY*YFQnp$w_Oi9$u=`@EfWAG7nwe;oG$bhK
zv=^{s=VDf{Mq~QH$aGaxKq%p&2DVA8@3i&a0JQ6YnX@4W!EJQx-fA)pyPQ-7SGe=|
z#z7{z&q2&;`ML=q^-k5t`#IKbJA*st*K+uen8h$NSXIFq6uS**-EG&>)jp)_HsbCR
zjHk8WS@_(yzFf!Q8~lk<mT0Z<dyz%YZtYjkwTkJ+AHTe&-^yD#?qSC}QPx-woqXYH
zt^Gut$3}iJP2N%WnsB_so}3>8tCp6GD$5Q0Z%Usi6nN4ZF8bCtb&@1B&ihv+1}}E2
z*r~PFEvjTg68l*Z#WC5eUM^u}qB_UQR_DWWG)=`sRe<2<vq@_6ojv{eDwh(Msyeb1
z#f-B*5PXmSuyN!RV@ow~lYD%*u_|MjL_=O*O+~5w?T!=QMMQZEMV9z4`)sD9HYn{J
zl&SVf4G(FhRVN&H%@j+b|21cL%61OsLaq|HB#78Ub+iTZNBlkVr#*#jns56zxkInU
zc=)+~5&Lq7hJDb`x>4ExQ)5tIPvMm1jh%z}(pz1!939l9864*=&6<_#mXN->uq?Ne
zPqZz(NQ#=Esr*jnqn^)N_)B>=eMlQrYYK+M_?9&4*a{aWo+)Tm)OkJb{!wcfasu2r
z$|K~BGcQ96DpV4$K|){c+I97QSx~a(PPZdo(NFwL2mB$XD%!rw3#>zH<qmEIg$ZLr
z*wm(`hEmFnfmEsCTPsS~8@pt=>Bnx|JQoxi`7A9sNU4RI^*OVv`eA`{dDkAD*pME-
zXL6y9UxH-wv(A)xbG;k5#+5Ia8(UD%8%Y++<*w<6H^c>>SHA;otbT~Bn`V~;eHt~M
z4ONf#)Y#FISZ5kk;C0Yd^4cTojRy|we&?uvb!BS-Wj<h=Wnh8gMb!rQxv}@&pG#El
zN;~O4a%_S>OW4`;LU)(fC+m=-uNT^Dp1MrB1wz;@Ms>11aF4SmGO|J^55WqG4)#<Y
zo2|VqIi$WY-O*i>FN-|ae#F3Uk70hR_1`$fKcCs}rapf$FMnrhLY4nJ3-ia_;u#zi
zFu||@T<;<aAXz2@QRBz?_1+vNQan4;9udaP`=~+RO%n+jR7_{SX7FoQ*4x;~G|roi
z+@ST5`#z37WG!+}ET**`4Ld$}-G@OAR*yri$qI)wKHGburB{^wj6gAD2r%G@&d5Ag
zA%`p#h?1dW%5hC7O+dX2N{<Ld!pE;JKoPr2DS;4B6Z|L*Rcg*Bwg+$Hy2mcwC~`_p
zC11m-v^^zWqW;>Bq0A#O+uq(droZHS-dlb{gzA}=>4LH!^#Tf8yiph3U)`S*P{;<T
zyH_t{VJmKWTB8u45iTae!_8k&y800wh2db=!2e$epz8T_KEL3>-1h+nO^=(Z%8>$b
z;FiVORMy$+b?5x1#tjYalf`vi`CnSzo$ET3L(O7Gk=d39NvYL>-pJtb2+I?1{CYB$
zN!KvZIB}o;Xc}Eo@_o=Jn{#H*^PAM4K^wQalg*F#9Z{LzS{9&x#%1?MO|%L{DW&PD
zOo2HyTMYB+sC&`T^T!80KF6v!bK1oT)_FSmSN!LC_!T83Q9y!e;PwN<ph28Z6p){2
zB~;x4jNI2d>8pGbb(t)Jq$mSXl~q7Pe1LS~BW<xG%hUt91N{(7B$?u^dpS;pA8yVM
z!^cVh>G~K;O60kHd(834;6D|>Vdb2Il4GcCsFvyET4BkagzmA-<7gpiYyV+7))O;%
z7-aFpg*3EZZ*llCjp`?hDj}KDGyvnG?<f3juUpu5=^Bs+ytrT<Y#~1OluAsJ+~RfF
z#!&G=%{1#FR2=rWHQAPs|9O5>tPm1jt#)IF{ux`d52;=E_8rz*biO>=rQ7`BR%M~}
zN~L^M9+x`aI^*e_s!8y)&NKJPHC4{*Oq_IH&(pU~H__bkV;}Gc+-IlsgMW>J^NM$A
z<-cDBO%*0jspy;+aQXuuTnp_^^u;lMK5B-|ru#kg-bS{u$cx2|HG9ogFfqLiBsN@a
z@OHRyfeV6An(ZowkX=UdKME^I$1muS5+8Uu1bBo$blE_-u*YWiUBFDfjd26ZJkwMa
znbvwb-J#v0N1RER)uPh+FclBCW(cOCbw$KlyRSSL8tg?{p)lipDanps?4sEcLrTca
zIPxkaKivb#j}R+0TsM;7<L`cv(DKE8H%jiv(UlpMH9&q0qaP>mt~MpX;4G_swK+n<
zUH}1^={dE|N#pxQEVQ**xZrABR}^PntN-yPsO|awW1K3CKiCRLeU}*GwexyGWgIDF
zae;%TmydsmNQw1sI1daDv9z3(;y)bKWrjBzmQ25h(7)h%Ay)VGLr}~7anCY*9dxRx
zCtA=&EPnmkgy88fZc53LpeB0lwEtQTI-j_=UmkB`C77=8<&b5j5bI`S%fw;n%kt6%
zfZThgX;w5(%EGYS_4WJFeMsv8rq3eMIaOn{9d7wG^?du6I-@40-pLVKYG%aiEEEM&
zt|*u7kfn&!Qg^f}6RI_Jw3PkgdD!DXY8U>8-l)OyWtVxk;Neu+9{WL={g3BeN7Tc<
zd0B*bsGL1q-Ka7fR@XlJK(J1t8k26Kwxkz286f7m|8!Q~^r!5$Giu}Is+l{rBHJ>L
ze9%Ih@=4vh_vQ)x#x~rY<o4@<$~|7+bw7T+IpjwbjDEJ>_%@=In*>Nw3y~HW`f}+$
zAroiL2yM&b*Ec`aUm9e*C~NCT%P#H7O1Vbx1HEZo)QMKPr*TS9>R_h^zuDo?r=pYo
zXl20)!^c;533vS%R10iKL%2-a8Xx|=U^z%r?xPaZDCrt=I1w?-IQ3rj-ksS@D*+=9
zzC1#W#{N3n+hqRY8}~mD%B>Go1Kw)X6Q`}2kfiTrsFN9F>hmWlr5TdCwcB{@-k04c
zpO}w8Jf4e_6c-&z61t?z?63F{9`=c}-oDo2R$Qz(G|{E0>{58;LGr1-J*}*WZ=i)h
zOO@qYI46jlABDVFg-I5}++XCkm>ZMtgf!RRPzg%pTCqQD8<(aSSvTKy>Uf)%hinC{
z%jkJ?$r<5oKs3G7^RQ+)U|04z;HuM@g8wy)DN-f~<6@1|6>(B0qmj=qT4Q^ln|_{<
z)l|B-@Cy5Qad@%5qbh?R;+)IJAks@yu4t*B*U-3Et#eAv)P5u<I`GHNxCMI*9=k3E
z@TW!xaBdypJzsXL+1qXAbUb&SpSMP5sb=t2fFCuHlt>EI&VLs}1;m{faRA|zbbijw
zS7F|Fr=~hqlDOz`$f^rP+X>HOVR+$n^xgY4!}%@l_dJI$4&STpK4H7jN<<##V$nC>
z^ioSFBB(~IX#R`xv4a-9IT=}?nFh>uS(}*nG;tMsae{rmJcJ9`$|oX5n22$v9(f%i
zUv_XJ*Fu>~N#!oawJ{(Jpy2!_mnuRDLLhI<(0RW=xb=@EI9I|+I<|5H|G`lcY=53;
ziMMO&Q&)TB8RBSN3C~&VkW^uF*`vBI^56CS>+CnDpU)Yv(flC%>}6!8dUIq^cVB%c
z`=RJd+6L^?!s}vNje7;esHc2A&andC$h@Ip3&Xh<;}{FvwY<^;DN#g(EG)73_>z^t
z9Z^|m4=e7vn`cL4IGYkYb4B$g6vl63s%c`NGF5PBU#>+aVj=VyfkY6+Sqi4-PfQm?
z8y_1J{_*18lfw}MgXbTc+iT;Bm0aIm&puIcU5ApTD2_n{s{fe(su#$-@OpbpLPK5^
zm0a^^>FSWK`#Xh;9<E<He?G7H@#h2w`H03Ca^{ss8xIx9aN*H9Fmcdlh(r2!+OuVt
zq}D?tiv<2yKpzl1S%!Am9Hq|@QrJ$h3&iV(oZB&h5D~S}IKu`oifJ#7c1@LW3Z^24
zgdJojoOtvUMp#;0s;mLqCad~K-(_mkv3&((1O54Z50pn5gJt(9TrZvRC+*gmiHnbm
zdnR^abb1$=JEYyzs&Pz7*EKn5YvH!azP_iE-mgsVTsgbr{ZnM^YjlPmKJ@U>Cz#Gk
zbE`p@-29FKd0nyvt5;H3eCzA4I)g6NtW+{G`r?yS96u|m&IQtbLq<?~6w_*bZJOX!
zg6TNM0X%I`n8T)gu{^*O?$|ZVAQA=|j?2U#bVPyFR8r2*Q-*7<WGzO^URHAl(O+{1
zfl({1-&@*Isw=tuOrw?)t?j6$$;oUBYeEPQaBWgq*?E!>PM~I)>j(cJaFzPg_U~z+
z0jmhVLMGdJZ{-7XwsT}+m!MABw00YnUmizbY-+8V*u7jApY~l(vM14e^Wk8m_#^%}
zI(wSo%`0j?V=CzJ7hwB5qD=Ne!LH1}_k0b;*CKW0K(^T<Z0EIz1e!|u+XH7~q-+q8
z6}x2T=bq1oSYA%&;a%RsZV;Dazh-8=jF7cfbf+8nLQh_}{#t}!Y_ZQRI=DcrzU@4O
zi8epvrn7bXl$h3qBu|n2G*OL($-$?`c7T#&ogK2OZ@1j&g^$v294N~O+~>ha96MKE
zGAwcS#}ucAj77jrCcxh8JuRbd-gMjUj*Hx6j^n8lEoVcnsEISqSK~dFyAsRLFP@3(
zk7bV@s_zJFp7)KI4Nz)osR(<{p6AKL+0EGS9gAQJBjC7<{HgQHE~!j88Ba{Rj|x)Q
z0Bz(Lmok7Wd05ViH#d{Xof+PK2M9EdjlXjV7vei){`ATMYwz=oQ{hp}$0xQJCl*8^
zdj^?s2JpUzCL|QD#FH9?)r7&`y)SMOIGf!eWaaC>^jZGi)|nJTr9lh#&2cb}d}sk=
zA(aV7u9ry8`Q+C6Rh=ow%s%@1R93?WS6_3-$o_j*q=Huvv{yp@*N;t<cs5LLh;VCo
zT{jWk<Y4Nc6%prJ-72*odTy`(*THFiOyYUyJ#<=yn|TSm1yI-!p<sStYY;pm_g0--
zfE?j1;aRQhnxuve-$^&De&O}tJ~PLx<tC}m65c$)(x!qwYg&H+nl2)r>N`1Sk~BhF
zw!8Te_W%94?^XGzdt1sjLP5?j^L_XE+UVwQl<BZJclMVh&l@d|Z+H)8#G|*lSf6mZ
zsn)$kcF=M8ThniI;(g$QX~PE--@jT#Hrk4mt;u6`Qg=4A-@cQL436U|41P3a%t5f}
zJD~8Mz24h(bWc=m^GI_znBx<3K<`tItD1IQyTBOnuw?JD_g{b~+up;ryS#O@<H7b+
zuN3FQiJ8fduvf^>MResdlfS8t%A9S>XmF{Sat+^La;7;vM#ipj^}4O2!MAvi+?<r{
zyY^Rq$4^C_^A7HR74~9>=Oy*i8cl>hX7H~!XEk;FU6QXctH+dzY*wALZaDGQdgkly
zMBu1r4yMC7&3v9(P$9utM9}*x>gqOc0rkL436GC`4kNX|`6|N|lTQByWRprtcu!pU
z=4-F~`5*67@SrkQP&M>fn1O+2qr*4!^U{~o_)=k)uIm>Zb~sJt)l41iEB#_O_i<>q
zO@RP|+$FNC{s&$=Hc$`vg?DUt=|j$(5hxy&?0_5jMOtOoG<TKAnZN>WlVobd7f}>}
zzwq@h#O*K}K4Iu^WTV=pQqorPpYQeFKk?U{6>N;7Yw<@L-3c!b+Y$0A`Rk<J(=7Fx
z$m_q|{G7O7Ks&_`WP%F73b>HosMIP1crQV~f;E&$9e>%v@9`hE^}05A*4NH0^dATa
ztp_=gu-R0NSNn%LSlb4T3I&A64w9V-M&x;(*7oIT^uDi!$h+OD?>C)D)b)|=%$0xN
zb?iK!gYr>%Ocdeh(dz*-pabN-TAftRzsT3W0L#X#*ym}DhO42qGXEIq`CWVout$h8
z+l_@)RY#-;mnP5D++l1bY*KCUJrQv_$jz~<fce{)TT)*@sT+La#*ayDeR!!UQdDeE
z+o<$zhx43qoH%@)^x&1Lr+v|>=@Ee;{E?3N7yT!XM{%XAy;pUzcYQo^p8b=Ub%>fz
z{RIp^H*{>xIGXlMD@+ri$=H9V!IV5`5uJOV{hm)oc+g_|-fqcdo3mXyNqeV<0z#TU
zms|OXk(8yZckJ=|))u}0AXWGC(er^VbrtTGiQz2@#>2aRA&tbI=Zlq)&Xmc95c2^k
zd!*w)|7@C`X&Vj3=$lJGrnTW|JbJ-Ay4B{hoZO<p9W0?+MY8B~M`?}g8h=gMf6d*>
z$%yw3n=VW2X|9VH45XJe6y%eii#kW=-t#y5tH*=ajmQdGwYZ3hXf^5fiN|xhTKuMD
zN6JPD_3B%~_UoSt?WheCABg+oz4|qYHLpXY$J=Id+wu^`{Z>FaMjItgDhC%S8gKN9
z4o;enrV#cYeaWQcIyhbG`UhzWUa)1sYfJ>HJ?`xu*cVxGw&q-NRHMUh$Pm|Qr=eK)
zOAsQUTA>p5lk0)_g~Wvuty0p{MQrMD*#5R%F_R!IWQo3ucyW6Yfs_ZVl7`WI!nyR<
zReQGg6O(xjK}t_qJN3Hm{I2Nvdgtxi9PoXa$>RqyntjV4r(4}~PJ2Y0i~1g^G`nP(
zID1ld@*K6qQIB%y((B|bzsGL;pJ(5{Uf#U_#=iIO!z`J%bY%SpKi68RT0vQ-K!!2M
zT~z`3D{wXcOPydWxI0@IJU?JV_^*6C=L6>a3db!w=Kg@-5+!lciX9O6Oag?p;v^~4
z?EGgH-bsOjhY-OlzJI1sckk`~6Z}1rd5P|LB4p<I@K{XDR1G0*!^O?N6<cQ)O_P45
zp%PKi@^)ggB}6dIYe&7!24gXklD!{8SMmo75QC-AP6c6l42-?l1D5;@$ho_>enEen
z5!g%;ujfaJL1PE#t)DC<=wNnJ`)?Kg1cj?1g>(>xH4BPF{bw=6#|QIAE~sVk--4o$
zX{!9?c(6zSBK{gQ7>&U|AgT0!SA}^b{*i(Tu|Ajnk&QT2W2Sn0+<#BQA4%9JPCo~P
zl-qtL0VxPX^WoSF4G0AP<&Sa*iT3s59~JJ}O|C$sIzXi)gy_$VUjb$ldi`g^{9_N@
z?=lE~WWuICSBI*eqU--z=dY*-eAs`%f5ot=QhG*ZIUNdt(%}$Zh!8{?LWKB$N?r>f
z(m=E=L*PFiL-<xBEPgKqD+_#q@EpomFNKW+8{9NW@c-EhpTC;@8OO3gyuwSmN%yq)
z#UV(onF-fwksc_W=Ovv3IrXFThJ=ccJq5xu>%Ywm0w2G_`FY!a_d?Q3Y--<vzf^hV
z7fp@ogq~mB`ggg-3{>2DH(e(f!kc8bV|aPZ^zQ?JJl_d{nKXkP5v0TOPAvTMdfK&1
zpa?YrB8UM8T6F_N&2OWJ(jgEL3Isx^U%d-;(<q1yGF$z7^KfJX1QBly;Y+;HeDV|x
zZuoE1{p=$IA|)QGusB@%Aqs?fxyk=gY_9zD766fgATZ$M3jO@s$baJhUjc{gf#9Wm
zAngZwpyk(k;PwM_9{RsZ|0e*t;eYd=ho+$s+SJs@x_5WKySp2cMU!xMcV7aJ{}O0K
zc|26Tsi`!V&g7*jaRCK^rcx^igL+OQSzLP2<OL}3!i(IppxFsfn)po02?mS0K>(~5
zC~~JcWQ)Ik!YR%L@vHtnb@cyR{#W!pvg#n3O~X;hh*+X8K&OcT*ghEOs2+I?-~yf(
zYX*eP($#z+e2W;nbYv(RhKPo3V(>B~$MT&qld1-Q5dXGCX_`dOR%T*ymXu-@CS6(R
zAz=;*fq!E?-NVT>{Ls5`b3hN%eDVgF06}gpB$NK#H_=`ZPy<_)xrymA$IikO#97aD
zS{j>w#d%_QWH)WrOUHq%BP&$Aho?mW@R*5WL$-pZg$nq2So>L13sG5^BpPu&kC<fn
zZKtps`f7~NQlhQ%VavmpUv)oV=RRZYBmo9YYjdSmG|m{lZuMy)owjd@%cu0<^sPFm
z?BQBdSK83__S(-%=j?JrX{0&<L7F=I_)a_;4|<fQfDZ0*qpZVuQ8|J+L}P*i;sn#m
zlFN?>I4K2G1NXI28x|2B*Kjxp8394GSwr(qV%Z?YNE7=pif&T-QeW)Dz9%+;P*eoY
z@uxCn5F7a|STx26A^`NnNMvoUbz?(R#1eQ=G&LX+EemKO<?%-W(MMJbd7dhu@(nK>
zR1su}n#E(Hq&;_b@31E{vThvEM;hZp&5(eyFqbD>Whc18KsEkk)tjDrBK;7kCXVO2
zNNR?!^-Ia53;|3odvRJCw`%bSD0SwnFhx|H$2*JxdMZu_j@(2TkEYR1jNVfLZfavw
z`Z1MIS#6z#VS~sQ%AC$&D^^K5C+vpYm*V0b`#w=U)m^%985sgk3Z2Kt_DdGF7yMZD
z3!&Sb>>PA{OJZ6yAq9^6O4;ocVWC-)!2;_dlh&j5hoh+aaT{2Mn#LB{C@RfD)tJh`
z5;6ML-ukk##6t0~{wyw$39>b6VttZ?stDs!cY81v!6aG(IXG9C{qB0%*>~L8XK$J#
zWX$YQ2|%nQoWa9@)g|tsW*Q`na0v{7N(B9BSEy&G2zqQ!Jz|>^m4SRfsbwHqKF;1h
zyG_1gBFtowoLL{0e!khaY7Uwa(LvVRlONxfc5cQb(=A%O<xI!s&HM^CK7xD?Lsu=O
zrdvZ@CgI2Km?q)tLmH?@5NXv7i@WyLwZAXAX^<Y&7-3NKIxcwN(5{vpwW7ODZrt0r
zp_WiEuJPl2Sj>&-&{O$r+nHnFhrqwWL*0*UGeZzrN=9D)jSj5W_J@G|))gjMz87|S
zZ%c7^sUL6(LP}+u1D{P)-WF#O$(S^D+S5U#1JurP8;7)z8pT-TIig^xJaxH%B?>&?
zNk0ppNoBk+y>#W$*&PuWX?fCHyM50imA7w~l`nI^cOHqqDx7fhQ&FIr)UrWVz>Zpj
zi8m8x_deX)Ww8EncHuzPoX?i5poEiy#TNrSW?CXTe&`+QdKwvj=*FmRVZQi}uVN^w
zj}3!p?1{~#N?&3&i$ML;);{jNbm+z5d&<oiPtCOj`Xxcw(Jyd>FxQ8}^iPV3zjR05
zMk&dcCe<9iu4;REd+tiA%2Cu!l^kv<>!|o5618p>l`6JurGL_)>ta0qf|gCYWAh!Y
z_1VW;P8?`lBD$1kUC5og7JM(OIyRz&(r!YdHRPUCI^fpWSd$NnnSO`QKRioZlPTJU
zTYruh&YGG&yEA%sB9S1Mt}q}d1FDmOazaY1qo5#AD5HxfGrjefT-8reGf)DkHP7R3
z(lU~|>iz2;C_e61P$tcQG!Gm6OW*9LP)>s!+w<D#UlJbQK#8j<c<j$x{1Pw&rFUdO
zF)BY?^Doh)pYmjG!eg5Le`%=w)rE}HE?xS$#tI#LQCn&|+A>e@gq5~#71p$YL`lj6
zR~wEWe!rzFBX&;Bd*V_9Q?+LjnTZ+QU-gWCf-J(IfV!NL<1QP&eCU-c?ZnhYB83XA
zir$QoF*<A_DO9#-U_T~W+0I)$$|sv>3-F(!KTAH~-b+RgFi4b}lw;k1nSiDt&!D&=
zkbZaZmOT$59v6-|6j&FaN|@*S(Y5&Y2Aro%|L}cdUJe6$&RY(ikJkU<WEVU4EzI!^
zp;tzo3A#v8)XKW}a1x~-0t)t^_xYc?Y_-;-=LY91GdcXqm@Je<w7{^a+qPW1(gpZ?
zfm9Bs>k7Id$7yZzD61tL|M8H+7?bH=>mPk_|KLTWMT9ejLstH=_67BYXfegk-00a!
z5_r=xj8JXBm18^~d?VzgjDM}vIk(&NK_`HbYQT(<7T+koB}CYsc5ppjBzP7`7mG?J
z^J%rbyR|9Fhh?6A+Ydt%>xFzr8e=w0pZw;>+QH(RAra+buf1&rb<@6rb|*`Z8|FHq
zlC>9s9%F<f?%LH$fTYn1odzGtC~>^_#QnnA{T%>ENp=2*)xAy}{hC<p`0W$RZa*Dk
za<{eh+BNji(;@jcqaq~FAx{tczn%QfrZT6lI){XwYA6b;cyEpeDkJSS4>&PPcP@Kg
z-Q=X~VW_QaDe7fhd}F}JSl)jh4Yi{%SR9EC;AfHg5#nO+{Xezh)8Fn1^|U@IKD}sk
zA5<p*SNpAB)xRw2oHXbsfJ*M%qwDUMxN?iqFIB{SUcmqgC)Y$ZXi&^ICL8Ha;|VJ!
zJ0mg4XsJcT*E~8a0rGJ)p2NGqYFxI6xc*9VLU_;P=j(=7jvaYcu?-3bHb&74gnHf|
zSKT1Cw%)mS_nW=TojI1@6b-&9CyW(A%y&$@J`r(ZCK1vrmlJXH9Wi(_3?UasddECx
zW*6i=v@bm#({PJ|0I<>yC9Il5Tg<k+1V+5;%b$T+GMRWGn%u@)^Q+)jHB|TCi~j#P
zv=#9RQ0?Rj5i<wHjEO~Deq&4)1q~rf07x!i3Oe91;6%+!;v>w)ah5K08A>YTtkzYQ
z6AWJ|HkM7u4W2jGX7D646rGvtmQmz%YkY5XwF-)dUuN&oZ?B8QxtgiU3;+~YiCSa{
znMaw}O<XWLD=;$b63PZXz3Idt_e1)e>027eA%!M!yReaEW%z!+5Ob^L65V^Z#7zh5
z>$?xRifJjz%~coADmfbYc=GLTE0~&|-E}oIyV{apG0`rlcXV+2P+{T=IEOdIQzhEa
zAxWp@N><IoIiH@cF!IaN5Ft(>1g@Mw-1PXI+wo2B<|@|Uy+07OH>SiNb$ur)j;`cg
zvU~An`;JSPf?Q22K(SjxU_#t;!~5tP&A?#&bAzJE{MNu#@c_B@Cn2%hk_M!`AeJit
zFEN;_=TI`w)4sRs{*~AZrwG}{52jJr_g-Gyr8P>$nn0gn`Xv*Q&XumQ@<xmJqLwyY
z^vFwKbKH$q)6ylg9>#vT%v7G^O0(1A<BkH&54OcczDcXkZ!+8fftcP>*1DK>{+>*9
z!)e}h$@|X-lec1;laI!>K93|CCmUfp`_aap);Cq$nCsJbZr>Ze)uBxt*+>tP@>p!i
zgb3x3tEj^P`|Bv3)fFilnGk!8&lM?wLUDDOlhK%s(IPTG=Fv_{-Y-VRY>>)N7TP?W
zk}j7?3fUfTU%<R8ky?tGHp~-Rz1naERGN<wCitk<i*$C5Nx(3@X%Jb$aQq2F8gSxp
zs1;W|LAZzqTlw%{XF_xNEq)X7!v$so{3&!pwsKuTwJF}#h<Ik`&hj_j6kumy_y1z-
zJ;0jS+P2Yz3^1WiLXjpUA@pMCAjKqf1Ox=6sR_LciU^7tLg+1kQWa^UGzCON5rv2d
zf{LODB1%(1EMNgF$UnOGe$Rft??2}{4;Qo6tTwaOtjWx*=YF2MxLY>nirrh!YOSJ=
zPc%H7&-KTgw{|mRglxJ*(3+vyB8s&~?HzlfzrFkzrtwN$0>K3!5IqcdS_AQ9Dp5vJ
zS$$z0fAv?rmVvdOvow!D)H}6^Puw4`J$#h#xUA#7_0N2dYnaC_rqbg@xG<G!f}<vu
zPhJ{d-XD5N)#Ps0QEU9q$K$qJdL=eD)Ss*;R0+vDbt2Zr&hFi&>T@zwaoDQSzT7N7
z8;iBSng`>!er2x><PwA<`t(XF9%)5OeQeq-8u3HC%_yh^vEQzT%YQWIxw}llPP*sf
z9==bDq&Ik*omQ{Ya9WWo65?SBI^`wV29^RdcbkO+_8sl%bE?XvXr1DwDZZ+>0tHn0
zpFSs)WD2VquIJk12`?1Nwo`ef)sLNP`tr8W?$ZN1gQXga08yte%9Ufz=EXGL408sV
z`#hDA_Q_h5k^&+bTsg`#cx>X}|KAc{l8=!rCZMVpdt_{IH*N#~G#CR0XP|y_4VLM3
z$~T)|D^(S{%EeN`=ti`Ukv`WWvaWI+JluJ%y`b10rK{lUOC|3sFgVv#jJpI>HsU*M
z-ov!w^pTu~CkQSs1OtJv6eS#UCD8KXETU}F*6b39L`(vf3RauJPE6CMq)FS0*-nR%
z2<A?@Fvpj~mfSy$InFd=B1sm`q+%837N(dKSPGU#Qc#~_&Bz?lTF8R789v9q1W9t#
zgglfo%tRbm(JYzXo++C(j3vm+a?7U`G+R2^rFkgy!mM<U&<cQqIB1XA)NuoWaKxOL
zR@{mf1XAD0pCSz8gOLn0GcGE}Mv0#q0{^xIQ|J|z5YZn=Rb65nrlr$Tdayl6rY`Jh
z%^CjVft~sH<C=w#@O+CZ2~JS5))m<XRAjSuvP2XyH=tnLDNMOgRE{xNq=?DEK2z6>
zWI`07DN0D;n|3tMI<W1U&gdBBp+v<$-GD<ZQ?)xETe-Q|MgZghjxii;plL<1buO#n
zr#hA|qTr|^iY13dWy42zx5r5cEEPH})`G4uE&VXtoK8!;H58n_i$Ify{<NtCeu~Q7
z1{hHQCVHL2e{%!X+Op<;B>u;d@(=A1+l=324*%=e|3umL>r)jh_}fPfy^Uqd5+573
zi6e?02XCTqCt9LN!*;<+vsiB6P&nZ_-t#9R;nNdV=Pr)<voUkUvtoTtUk{7?(-Oj7
z$qY?l4br)pK~oZz(fg+Xj{YDJ)WgF;kt8|<I>^ychB8-M4jkX$h5al27A*QZgF*?$
zkJBW!t1C)@kxIT4%#zh`>ywZ!uMs`?^IC)(o%9p3;X#2sacp+^hK^De(M%RNfVQJ!
zK4{#r#9CWG4pJ<xW~zAVSFy56_I}y(*=eciTBl)`1J)j7QuZj%5@ny1nL4krnb4zo
z4$bmPy>XSSjR%_$OiVx3M{s3I)~HCf5iU^=%^k`PepPcA!to@e?Y@Pv&}z}qGD);8
z{ynGvB}A+ycoE6Mo#v+Un{Z7julAkXdn)`-0ra&x(^0k%arMps{Go96WFsiL<>oSa
z^!8cmNZq{1xAmb(Do!DGAw;h+AoZ{Z>-o~3YFwXp8wHwOv=jBU?XfRjyXW}0q;6=T
z<Y&26dT@Jd9<D=c4>SIlt=z4F9Z;mezfR@f(LB0=i0;8%$MlbWdPU(n$}DldN69N(
z3>?C-o5?gCXB*GBEg2<xx<vM$T8bD===g!$Ve(<Oz#9okBERnawaoUfCXsS?@fA45
zgPBbp?zdd4=1}MyjtG#<QQ?RUo6mBlp&tI+Zk!#{9};b5K-O#ZP>?|2wB-*Yhes7D
zTc!p>Egy@R<TJy))Qv}aiSQfVKVp{~Y*Q0{`;wS+A=Oj)*g0t8_cGgGf+VGrm=u1d
zM7c01k9UnxJSOjtQEWQmH31B7HQmkc^H0Hlg;_j)>}*n%g{T3C$Z_wHr4W|Vo7oa3
z09FJX0pZu-5ZFfK${1mYm?HcGaMncblWSb-eQEwiAvF3!RG;8}OHu~O3o4E|Pabad
zi0db&`S}LoKb|we;w2fmRR4H^5_Ue9oQqS5@ASSVfh_a%9fWKLbOmC1Go70Qx?=&e
zW;{<|Ht_H*V(MS#1u#ROL$P^)$gm;?!1US^#t6>|dzhP~$H+5gB`gZ?BogB<f?-)q
z<)^mcHr<&C#AWKT1@7PD{NQ&fRwrn1_+d5~RL|%8=pWt_u`+z@c`Md!>fUE1#rggZ
z22L^Vnx1vj#wlIjn4L7JSQfhU;KOU$zm6}T#1?gWfGho}d=^jyVHZIIzd#Et7UcH&
zg_Zk+<_11@M-{Mbf{E^!7<=4ajv`|V{6vEVsq<%1qg(RGP!Oy8#F<6FA8!FtkPtFQ
zn{pzM#JJOG(IX%+!$apShV7QJIxMO{G6#!`@$m`H%dklM0K$g6@I!$rLFdK**_*E1
zS&^}l%(BTaOvjq4H4mAX;BP1Q<_Zf+DVh){fE|vNHUs%%Sd{7N*<bOzw|mpt2Bj3!
zEnlan+R_$Ag!UF#q_+zGFppIFn0j-k!u!Crau@SM(Fr(|&9a0|nvS5p^07}jC+xrX
zJ@Ycru<E&e{6%q&c8{n{`u0Bh?y68q`=d#NK@OlCAgb$>rUj$G&Z*|eZekMgx_i8q
zdD5tU)^e6zCVim2#Bl~a!0K9l^P{ZOhLm|LR~!lF6wDK9qE}bjMzVzPF?e0%)?E_1
zn2Tn!J@a3y`ja_jHC*JZ8!V?U6mZswgkK7V^c+lw@A7M^wh^ToRh76v$Lcg|^1kmO
z+Q+iatB)oMR(W(8$lC5U&NrToCRD3>f5-}I`@A4$aFws-*&=za=3v8xM|)!q&u^?+
zl>3?13Onk8F+As~$~=#``2?U)=o(Z4`|EA6@qfVoI-RpMktd~57t7+oUg{rQKBRRy
zOhvW!;Q+$iE_?fd6Y2%QI9FO4H9A;XSKU;WKS5VR;n8Z|+4oIK^BkjtMG)22q57b>
ze)OK7BBgq5+4rPPFAH3B$}1TPc<_wirl0SS{A}#o_2GduD!%c(SEfc`g+SM90rLXD
zjZ3)_RgR`2DLY(DHc~dgQZ#R+KuRie_yFetTJxMR7oif#s^qU_xPpMZPVDPMbdt+3
zlcJm<Z1={q;|l?Vw%R})8o<1&Cq>SW#mCyseFJqiiJa(iYp+%99UzEbkPBn0>ftG^
z8kLD7YgP(XgalA1N;L=Hci<l5VsJ|#^Go?B!bs(iDuxAaM)5E%oJ(ob8~vJkBfaa2
z^W;{>t6s5v8|$p~dOOX|#i!owN;kxu_3bCH`VUM(A_N>u=Lda9A2t}gG*(gD+Nat%
zSSGC`_4C;2%NM-E+&mW_1&zAb*u|?()vF>8s&;9W2iC2hb6z(q-`V+G&GqKM<)_5Y
z6()DTNVuwfKCAt_;hb|Knb9-rqNseY=};(uU3<pj3gFJHKc0w8$v!WlC{wbl9OjW~
zN!_y7F?@QSa{h9u#IqY>gBK-{*}fke%F>+MM#<T_pJa6DfhnylW1r*MCy2xMcYN3=
zYEh`GAC6Vhy70v0?P6K<ffIupfeWRL%LakpgaevyiLiu90Y2AH$(MCq8v9SCWQP!{
zbwX}eQPfm@^)Hp%fl}mtY9q*<NqarmKla!lFz?EMN7N$n?t|Wh>IBd5fXL38(}&s4
zeR{3Yk0(qYtqkZdjJ;Ig_XsZUJNEbpZ~O59VJ@T;SDz1kP-7h=>PoF0wj1$rHJIF`
zg(j>h&NMW+iYL%>-(0(|scK2g@5eT*LTM9Y^x%N3C!a0{mg>3HlZM%Nt<<_R3HDtP
zK3*}kc<_+L9AQ7j-Us9I{?(KKUVzEtCkJQ?)SQ3Qc$%)h#2jW&s;0qfJA;m<=bEUi
zvUbkxLfSf5#ANkbH8dP-h=5h(0=pL6?xron1~cyh=6;=jS+{=t*XG(Aqou*)?)BS@
z+=F3WXXCjaAzx8fp3OCQHx@s&5r3WHEfRD8QI~fvUGax_Nm$0DiBBCG$GJ_t5^~{S
zQ<t-)@@*nR@tETAR-f+s{Y`lTqzGH<;@t8}o3HN!k+6l8OV8U^5;xW<eD;#y#7q8z
zPdQdkvI<hGoGYvCYC~Ht?!1hRud7sQdpaq-e<{)2ym;Iy-zz!Py{TIJLh{~rDbR)1
zZx!-U?PNcr=L_G&4p+aQx#upbD-jF&WzvKxGh=PBTE=JGH$Qtjigu5ry5`vgJzH4x
zI(baUv+BvCEcH5hbnN71uZYuyrDo1iUz?t!T<-FAICo9dyP}T3zOSfxMC00>kwdrW
zLN;@1syD9+(<l|q!G|a9j@1?284*7-*%B<#+<s`(#nK!u(yPHlQF*zO%cWWa9Il7#
z1=>bjy!7gG>BNh5k6mSoIQK6$wNs{oDd(F#r>kvVx9IP&U?`=>!#9-=bQKb7gbd~Z
zr2*gl`uz`!x)YL|TZYoFTtvo*)@_Qvtn?%I?RK_rz2%3a^$y=Me7Q_ZPhyq=&t<O0
zwWPKMc-hqsf3hhvDBoVo>S|DsGb^}c-#~PbJknF4gJ<?^mrxeyr%h!d9J%}vhM$U8
z+{bF6oV=6b;DV%cz!Y`~9iKSITM=-q@bi8Q2_dYo$!1ew(teD@M)7&Z2dcc>+qe$X
z(5j44=7SY)mE4YA3-8bU&wUB%n8$aiV+DOK(G50o<yL)G_X>u8#Y-p79n}W<MQ{$i
zqFl(O<t&>42E|pgA{vf7a0vTwvi4+{+ad#M5q)y;%NU7EoUoROc|fnYH8Rv5rl##1
zXD$#Nb9d5Xpf>yyA+T#)j0bd1N_&p)4Zbv;Aj~}Y#i8|Js(5r_=F=aQyTtP&$`o$1
zAKbo9rfPT1ON2@k;i4dkY$lQ_q-6*~NNIqJCF2_f;kfiKHY%u(JaUj4pJCreRy}MG
zs&wlacn69qaC^^C?YgwS;GzKCw_h$^3|$t683xUFc#k9(?K!|~J4|bmD^|HtFcR3Z
z5f)?GaBQ*PO~IpWBzU&l-{17C=9>hQV9@fba(W+w<=s-ydU2qz-lg4G;?=R5hc|hj
z#1vhtj$G_InNj-6GrQBwDxj<$GKQ_+LgY<NqF>qRIcjXn2#df8zn&Htt3A2yZ?t9z
zdX!YKd}lo#Wbe0G+cGUOjZEQ)q@!~Sj=rP|jzVJm!<i~2%^emSOwC*tmlUX)E@iOx
zO`n`Nle+SIvqYj)`*K!zK%RYD6&SS7SD)0?=)u;p#dyyt7U!M%9pmMwj187sCLp8^
z8J2AO`D>RyD6TZ(pk*y^UIKt7rg=Dm^Q-s1$9GOTHQcPoJ#a(f=KVE4PN(Sb@u{7Z
zjYO^X?g<B6o0HFTgRR2f`{L0yE0H(*UEB4{3L;YLuUd?6O>}g<`vx1gYS?undg7`4
z_a4Jy$}PE3bT3CpV&hJe#+Qg2K4$!+w5=~{j-I~iy7VP|bBdB&`XVqx=joF~S~|4#
ztQ?OU+{rPl0Oy{s=v*B@&hv3lHQ#>;j^VZ-o5`{-?x)`9apZ5_`nvw>n9=>w{EFaH
zs9`o==~WR*%~BEtDJ3yX#YGoTyF_IK5+;TvzOG_4JaF&g*2o&=4+3AhLyf#EFE%_b
z1qYO9Ej5?q-@Gfm`xKP6Nm%6WU^;hp_k6ui`{P^*o|2jFEEoNvPshZ_9dXq8Z??Ll
zdqcvY*vp?VJO{4&)Ys<K*cbM(+w*r!8^6A9e~Eq7W!JY_F3GCe?UDV0d+$7PbrSMm
zDelg?L3)$?<>&#syA}fWPwz*JO4T2`dBgr<!S@5Zht{t-9y;>qrPb@EPVw@p`?20S
zhYoRm`R*#ocXNvZT=fQ5bgtje*T2I);}%((m_L(BEtr@KFF%_j=+akD&^{RPhRP4U
z@Vc#$t^IHd)~>?Jw*AEJn0g@Skb=|`LvO`z7oG9WHT98s&*B<GFze3Nnk4e)k?%Wp
zQar-R>Al%MevHmUcx)z?e(CwC`FLTWJbU^ei)-!Ll^vlc2j&xy5#lXOr5O?+u3g;2
zZ==1U{Jz-<1e{KVPk-7d+`gbY(Pt7|zGYDn8*Dl?`~G4Py@5Nl_DN_7wRe^0(=9+)
zM)}vA-0gcOdz-S#PaQ3(e`TU}@%%@oc#0!ipmm(cqia=oa#F-*6K{e?F8*1By<?&g
zVt#}zj0h1EG(q;)NDCImmCDF$?<nCujTI?Ua!AhroTFEQ@S~1PLAUyT^)9UlR?hDA
z^*935-XGjQLY5w@eeSiAL)#{OH^wOPS5nhiudznWf<2GY7iNSsKA${Wa1Gm1Fu3-H
ze#1{=QpP5#=fd6b1J_Ob1ibGjN$o#seeT^r^8OGJ)!-+$w!MGHr6O{$;o$t_&MTG=
zRDbS*?s|8s=#QM<tz+DzEA%Y;MA+_wQlkbU`<tBWhT4NBu^N#dgYRF}IcT53mef8?
zLW@i7(Ok%5%Tu{O%^s3zwIilSB!!A2I<6Nz4LotyMNMh*?eV_z`CpeEE?~t~pIjNe
zT<_MFP9c45AM1LEDD!wJY7=$GIJ3zaOs^l+R8`+?>+smoiEF>FOxY2)EfLuQUb8Ww
z54O%wx%d08yBO@|RirI(BD)?|TV#1|v)8C}x+dJ3aYFZDON7FEhnp`Z9}j13k1pKZ
zxLx+g79yK1E`nBQeLTGVE7MKI568y?lnwc)LKV9x+319u{rN(-yXSJn<z>mmxOfs|
zF!MuKLH?aS()#x9!q;_xmPs6Mfz_--JIvOYxZsnVf7zv|^%;$5@&Ov8Y1EB>JJM?S
zP@~}I`8s;E!;p8Fa8?B)mrDk3r0XlWmB_gE!$Aof<vX+E(fO1MeRm@ZR&Sm#j>E4Y
z?)uam8N57zl}+$TSIu`9u%Skme}80u@_AXft<{K;kk4Y#CG$Rsd)uy<Ztnkd^ukD?
z{QDj2tt;-M_uqynJ#lX-dtN;`d}X)i_E3YnnUnWi>(ntOG>Opx`8PR$g(om&VaeVh
zlh$i4FT7%|^yc$39>pP>dfRp_#E^JTlq-tlWnI3rx`OWBm+`~l)Mq8#OBTc1SCOhK
zQgO5nRb;V7-}?H8%}H?SyWjl?PSVWv?j=>U30iU0K!2`H5DNtG0X-x?&DtYUced#H
z9{1Hx%ebJxbBqf|TUOSo^Ym%jk~TT9aQ)=v2ygj!JMtE{5)bVP*{l6+_Uvr0fUE*f
zbXmrGhil(woM8764MFS86g8YTfNcfrE9XnhM|*(A#Bj*ozVgxDpJl}Atn@RzdtNvU
zH+D0IK$tLf2o&f}@_<ANepW^0HpUs=1ciyTE1RZ~b6Mh?DU{|Wgk;=*(%x%aa7awP
zBXHyH+ud&!yRLMm`3Kb*78ayS@CgpFA!v2=n98s=ncNN%mjDZYlQ=Gdw(J0sYYcaa
z4QVjZ#foSq4c;W7qwajZ;?UlCtUeMuoqKzY991N6YzvGA=<r+Kh7hYQyoM>dZi2)}
z$=Z5fJF72X)3Yx@4@ckly;;j+K9uL~T6&y#hP-+!!D=oo)Rr3p0S?1nnPI_&h$wh%
zuZ$X8s(x`W^u-hH>E1qpVh@C6?^JFw1MqPKf7;Uq{!Z(QX?wA~ZyMi!BB^2HuFBP>
z?P^EyEtgr@zsTKl0z$zEFZj%d5e+ovE^Y-!t)5EH{3i2MQ5D6sc?)I1qV*PR8I8Gj
z{z1BX;FkmNAm1VliNM!VUTHyp(!T>2G$=D9>ss@=T|c}5<4c}-PBQUM;l(CxgNOHa
zqlI2$YUUDSISgjgl^mZuY9YR=mQkbh&6@4}#t*%>+V;+k<ztYnO;feB$IU$(nQTVr
zz->#?Ys{>meGBL5;ES0>lzLQK_<?i*<e-d3c$sTLA{;92_%2Va*yS^{7=mc6jrEoh
zeR52vzy4v!Q%rA_ytY2=oNI)x-7Lw?WZx!R<~G^-HpxV$jmDb2&zkq0;pGa-rtk+L
zd-oq|^o|?GWe%Q5{(7(Me12`Hi!JEvow1M7mk8|s9OCWZ{Ww%Dn+v>tf7{IcyE=!y
zwqM`)rr~yR=b}T?_sPfIKMosYx~<x|eSO(=Qk<^l*_0M(g*`?LT|MBJRA5l=@9cz*
zI+Qq~|HVZlxZuN9VOm$ml}-oY*oRypciwwTrCtoQL@d1bdMZ0_;9aWytifz|{S|Be
ziZ4mCrZ4h-=KB;6->!Ktb?RU@G4a6ln@h)Y$H?yMZZoH|4iy(Q>>qK;3V(e5RG850
zUh()A^C|5<DR*>cH#w!*L5+6eeo%T0SCDaSql5{g0%e1}Z7MonSwm?|_tW23*#D*Y
z^ohM2{qtd>3OIs@m-?dOs~ki}@6cO;++7UdV%Y5AF+9>MI0hYlR6in#5qi;mY*OE@
zHgZq@!8pAJ<SiTif*_GqxwA<p_isGd#WPs)zGg&*Dcs@?a|770a@ZNxOnxAm^$tcd
zD};CNlP6J!=8tf1R(3J*m>#33Xw->jqBhE#=an15qPM@in@-axVm;{NFqiK)R=)19
z9)2cDl^ejC{7l<;5+(!$ml<jIIwsZn+&D23%rsyEU72T43d@&2^<c>`H6L>4{L4Ko
z%ylTBKr?(Z?ERvgiAI(%dJxHudfAT?5lnfUCZxXkc2+UTn#DWnfqtoqO(!OEfibF1
z<jT5m`6)%$dv><CZQo(XPZlI<XLK{mf$ES|+9S%g6ybe`6Sq9O-cRTtC}qAA=d0AP
zj2{qJxES|P%sw+~Xy|dBEiMs*NEz59!p(1X^ENFD#3wwQl8_EOHE<vpR(e-iq%hH-
z<EO~;`7otuVmWAh>5|v0+Ee)P+f07+n_5^cVRHX1GA^m_TQ&HZv?j>%eZKP-a}*=u
zkRgCk$9R(xiutOZmHz+;V65IvmZU57h%p7Ch|Tpq7mv?z@eZx6eSFrg*qW6owe(QK
z#j%?U9!(K<upHtKiFg@rkq_fQ09&H6s5+F0Iv76M_9zmQ$TCL9d2I3@nOuoVnnvEN
zfXJU0zf(Lc$0(<lB$R)MR5iVcKJepP%g~O5pJGgmgrx-ead$s%+qQ%}SS^qC26^}z
ze_EWM7VhQ;cu*hW+Zh~_9=!q@V|!WBWY>%LN18f2J13gjhmkBb=|jAXZGpkkO&^2b
z$vpt1nofTW^-5$)SzX7C<+(6E^MFR1)7gU_WG<}H5hhP=hbCkK(Q*cx$u$Eu+VMh`
zEq+|z@Cc}`Q|10*b(9ITWNn6HUh@v1F9M8yi&#8k0mFiV3CFruAPsjy%dvU+p)veE
z(V;h7Fc#}>DpOEWZL^#&%OY-XU|;URNV#5^3C19W$uA!G!r=pqbnu;_PPJ$lDIR_3
zrW0CI>w1D$DC=9*o=u8-o}JS~A*FQr^&{UZZf9)+1C^GN3RbE2ivA=En;nCb%S>l(
z1r6TlGCoWf;NX5G;NF$@)n7P;kE6C|PxBo8ARiLQMao!8oqH}C%zMrB^4?>~sa)Lr
z*<(`4gfHKF(|_HIYwJAc2f*w@+nSjT&-N*W!Cr`DWqYCBUi+h;QKWi!w+$A6T%}bj
z+=A#}!RqIyh0{@qM}F*ovak<F%c)=rkCPIO&Owhrq6ycqv{gnP371u21)1sG+esP<
z#|)W31cjN$D==dM6NMHQ)|1Gjxa6r~c@3L09@kD#6ImpV)-4MrO0J`SV*u84FkgT~
z)TRfx&psa#_Ra>}D>&Nsje}wBS&9Q~PW7*%A0V;_0)(y}|J2-P)~(;0+WV50mj)7`
zz(ef;8X;+A!8RmIw#Bw?6Bx`FCh~@sQITGI4$0zLd3tC#-433LV0l}<U(#=N7-=N2
z$7>w+pU6~Xs+GdP5w*RiUt*a!o8>C%3!+zPjfmvjqNmwbW>mUP4~P%bMC^y@>sSZ#
zLA?52AxZ660SEFOz08FSI@%yDY@<xW=UmCOtVLp(wridsDU;A6a4#@RundJ17tysC
zVo$pCGPjjshi_zFJ*q8wCrOwk4OUW6ZNf!`37P0g{qclHC{Ph2KF#f6x_ZjHQT0k=
ztT8WW#0pAD=O5;2eIql~%sc{aqRFZhnVQ-u4$m|@>nlSRZ1R!^*}2mp(}9*rW5AH)
z_H%bs4Hbkpi5N)|%!et{QHD=tVUiZ}3QR)KtA)IsQp<!%PXf)TmMZLftA{T+;QMuH
zmYE_kn8kJ$h$Ec0$Hh;MP~t@6_=f_>C%%G-KjUy(CeA!lAF=b-5^)4;PcKdKtqFtq
z2HzxrtMVOFQ~g!F5f{?aF+VK{as69KDRNL7KO@;A>nQBGCZ_ORCZGC)p^~>%DDf#S
z4J5qamAJtF6&?D92;U25ID#rx-99&O+6O;nWx9zgc#RB%eXw(!+!_w69;H49sIgGm
zZJvu2Nj=aQQ}C=4--Go}6>0g{WW;e$9D)gZ;@1oPq#kTd>@BN5*rqID=|P!tA}@yf
z9@?7zo(@fO!S6l7nw~psIzRaaWeT1dzbJCidx7Q0($UxD_q&~7_3<W0k|i$<Zd-4V
zPY-z)+4ZzBx(8PPUI7IlL(#cvgVyItFj|hqZ=&PG+m@0|n>sK%>l^U0jK=XQtR3M6
zEj;XT&RHS;PNLL{;3K`I<Nz(jV2R~g&@33gS*2orxeJijhX{JQ0AxaV4)fyjw%)SJ
zG%Z>Sr4bb?FO_Uc8r2ZFW6LV2HA&dpTlTT7I2;oWGYx7rXg<iK(o!g5oCyWLj+ZST
z73#l+)Roxqb<LeVS({$0jF&KWT<_kB>x}>T-t>{Zgy0dWs@knQ;L!~hpI?qD@L3k*
zbb@v{4p#;JDz9XoEZFj+`rNudDJhYOYZI2c*35YJ6sWSXNjTQl_x!{3@RH%?#xx)8
zbUF+d%sKcyicz968FQ<Lhmld;J$grJaW5oeZxc56{9#~+8tijR0_WVi5<K(Cr-MRb
z{^mPsE%{Xh(>Fz>O!M@ww(PPj8EV3hu}LZPO*0+qT-x6i&fJH>328VT$6nO9KzY!i
zD|;44CuYBjF1u6v!$g<q0x&*I<fFT1+OsGp0nxY{>jPb`9DdkmkC6I~L&-{-m;}gv
zskqaB$9b6+ojpp?+6e-hkm1qsOvYVy2Wy&-(cSE<ZCVnnyi9@h2?v|`PApaQ2(fOb
zw3J{_3KxIK&`FdxEpOks^4kud!fVaWK1e>%&B369?eo&_3Yx57+7j4g;eh*tyr8{(
zGdW1C#u)W=ahH~R61xV|rXGy5qKfMDpwp#5q6;FEdQwmKERiiaC>MKf@AeaAEEL$r
z7<~-M&IR4#Wd-`ahuJU=j>o4bGUVf$$1P#^iC4?wb>y0-<Ut{fID|UVVRGW`OjFC)
z)LJBwWZ_inWWJQXWTz3-UZOp_N&Wb*h&QbOMivUk`J0_SboZhMK?X-6lZ+2eSdF&6
zdTZXi<z3;=hemq1Oj6viv~$;6V9AQPrH4xMb?&+#%261Q)$}x{Ceh+s@Spl@4pelc
zOUW@|U$eXJJ%}w9$rJ%S<GUyq@;;P~hsVM=@x8oOgnTkx%rb+HTF0ByQUfwsDBm1i
z(6K#IlMJvk!56x-C1}*l*e2k1`tYg!j9g7MBQgX<rA5r+l<$(wcWoA&yDW&xpOcOm
z6W`IV<f1QRag`@`)$2&CCE~M*_+zuzHc<y6EM5`~wbWi#Rkplo9f%`5Yxj?GO0Gh&
z_BmHi1>YMvDnKwCD;`8yMuzAAzU}xW`g%p>rbW65=2MLUmyWZ9z}j)sH%&Q$Gu#P_
z%XlV1sF*Ne!g^ODz;f%_tq$V04G8yoae-w@{WurJowOdAx%tBpLTJ!Keq@WfUzSXX
zCQbK?0PZT7MVN|i53}T&xZH|H@<@l7^`dl~B@QFI1Y10`%6sYbDyA-Y`h1l9hl&}{
zgBm?WGU;<1y^7|T^f|vq#5nh?-kf;9YWCDeUclZScPg{Cha>p2m>iuD!iNMe?F(3G
zH&p%F6&@?()$UkvN_5mL6v6VK)HX9_og|y~32D>bTn&k@>C=kv-&-dH@`E25KrvG?
z9e_2aGWYHocAQ$Fe=d5W5~0XPvVVrm&ew#}2nm86?}EMO)T1C!Xm>`de<2S>7rHK^
z)av!Lv1-!wwnGMQ{m-{Y+-nv4X9vRt2=h30$LX@|{^t!XAQ^z4pja~|+YtM>rN_i?
zd}03=*B*{yA~}k&E_c<Y0DO&F8x&9flEhLpBl4^Gh9oX5MxeT3RqFq=SIOz;-~R6Y
zkBY7!`70liMhedO|53UA*9Mi(M(|<$esXxCzWz&Z{<{oUJq{r_0i!nlRNzwo6E0cn
z8n>+QV0+G1AdvdIQaUewR$vua{$)D^Om-u<><}fz2>#tGG}x#}Zu5vC0>Ldj{CcxU
zO4kO1>`sQ+npg&6f7+_FM*v3RPd{{%v8KZoH=aw$9FvDx!XrrZ`u!CM*cb?sK-fyt
z;MjkO1o+2H2+3gByi}$Boy9!`TZ}ON>>#hZ>HY;k0pX&53n#po_D>v67G%I@$EPoc
zAd|bLDXt&R1AqVmBH{ii@^^?*fja~%s`oEMjUsRW8G)F%z`d>RchcWNPGca2r~M-@
z_Dk%#CDi>-@?W9&`!NI}+V5Y9JkQAp^u>gM_*leXd;U8F;$&o$fbw=F6&wP!<qZ4k
zaB?#e!ANv#$NcFS4{WSNRb!{XE$}w#n)=)2_58VpTqb!zk=2?yPQRPx<wBBwhp?a?
zDX$)({fQ#~Y=1*IAPD*s|G#hGAwu?%606N$H23#+=J`ZwSzV37;SgIIOM?%<RkFw=
z1U#B3GCaY|>|SOiqzY-#(P^?uKgHTu^=}*NU?o)36V=n#T4KBJiXJA1)u2&Tx4gr>
zXb7_9(I<L+JUjrPTQ~X}`h_^G;CT0WH$$pvxqz_+nu;IBLAc-Pu<;P%PYBx+{a=Kv
z{O3AK5Px5`|1Uuzs*y;UTJ)wd1kbN-1az|ZIp5`?fV&ifAxGFq=}NbU3|u`5p4$}&
zgcMR2V~;_~SHLD)2>5IfNCuK`u+{ZxcZc=RKHuT=3+}=iBOWLV*uNSAX|lTUo&lRR
z!N4;F2v>lI2$9G@{7v+QpuxMa{43YpKGTD(7@?>0JDpFz^^0wGKA{+aLUKJ&V_t)s
zV!(yr24S<Qf60F)cjC^S;FEt(o!^B>@c*sdYj1zYe@|{4j)q7~gpbMt@BVd_6B&$u
z<;IXvL_zIZU3>iTsrTPu3bo&P@Qg706aLj5pe{He621Wt+;4;4eqq2l<-y3XxB=t0
z<T9VQVKSMFaCbR(_Oct*r3KDqxOcRe(BJ`37_u!)4ZG197LlEfZ-=Y>BcMe0o{u%~
zU;rpXHFexbxT!cPgD1dXg?IEgDJWuaz2sx;V;OR$n_{N)EQ$;HPrbiG)YHMmOn+PA
zKuEBb06zkS`XBkoEvEk?1-^Xw|22yLEB`+U$auz|IF|xB?mvnD6+s&PzktIlfKhMI
zArv$+xKi&yrAKjbVN{E4CCTrUFO9HmL$P$=tvn0N&KOJt2yUcATOPW(cA7ll6tVj{
zE+QHRbvHMh^Ki~gRvvRqE`pgySnrw{OL_O9BP`1`awkhf(-OY(0Rr8Vk1jN=CnN$c
zG44a;Y2Ho-8Hb~Qh0tr!D7rzcNLW;2B*tPX={D?>o8U$#c(|o;_B|)S_&^eq06^)<
z(Jxv?xwI<NYJFeojO~sfLm&vzGzE6v|9NX});D(j<>X`DKZ#UD>_Jw4@%F2%fa_fw
zR=*F!I>k4hL~66qKd}Bw@SgR!iyacikJ|*UpYiKDe8&T`Lu=jm!tQ`-6$DNwkAaht
zMJ<0k7G0Vew@;z#YExYaJe0_PTc!Tj(Ek6~fw_Y~0)^#HD&n9CI7XI&6VntTv#^LL
zjwp#0MU6@%eluzr#QgMsSR9-uy5r(h3OR9@HO%N{kwtN^hpMg6Ry(L4x&XREDm><S
z%i=jQ8oa3$X=($<r_qVRmDp|uIkB5DoGLj3(x&N2%kt7=kb!o|BlrCiizDkd4i7U8
zp{ov5!~#9;bf>STF*>2YqhB}9!^dW6txM!royt_kk-GY6bk0i9M+`-44cUE}cq(sk
zai4^03l`5kKJ|AuMXxg$sP6wupMOCniWE!ccG}yD3JVC7Ro|jkkX_w;iQ|;&;?h^>
z(s~?lX6-8iSJCB6GF_vh^!bvdgvFRuoc%UHUUcy_Cofj+`*??khQc<%On9Y65Xfb2
zc}EP~cO4h?a`}tAyy(la?ZyRJx?v_@cxA!&n=C$YP=>#yB15YpqdA%E`?37JGNbiG
zkT}tF?znCQmDg+Mi|-hf)EnxMvLy4C1Vy*G^<%!|=)}l_*)-f&o;wNlxvX6y?(?fh
zo|gZsL;t>mkV{T0=zXjYestZ5;qBqdS~YuQnUHxF6Sd^j3g)6`nB2gldlXI0Wx|d+
z0qs}!$!mBCb5ib9HZB#WkS8&9QkgIrRv#qf5y1*J`Zn?_N&>0AQSWAVzAv(@$>EFM
zHsxswd~oWWQ^*;Leur%w+g=}g6OFCNE7@Qf$jPP01J9>PT2W;k1PMhEun0|IzLTGz
z$b1HP=(=O-!Ev}^GA@d&eTUVT{_DcQJK7fbH{^eMgCte#frNXEA<9ysC5L{k^0-+(
zjKsZ2M{pFFo8!FR$<=D3w*fqgSOd@={=l)Ef&G4a)&5nT?a(Kp0&GQVu!iZ9-8AN_
z<Wv~Cs5zC|gDy59YC>7W7`R#twEKCECV%3Ta*Q>YjblJ7|Ig9+K%j$L5krK2;v~#z
znYgqic-bve3jTT)Sg)s>ODMdyC;DS~(UyQX65(MxPY{Dw2XQAMt6?&&V9mw`wyB9D
zi_s$Xne6)W7$9OUU>cz@e6jVK1!O_$82?P&r!PU*U{T-?AbX6gE+iaKxnO)W?FMFS
z%2}l8pJDhX<PwLz0SJ`3y24x<l2L5yK}^9M!^~l8(ITvP7)~ez%3ydf;@hNZv4!Yc
zOg*L>U60*?1&;w{fFdiNOL-}?B9VcxQ9O>;0Und1O8NyL2~l;74u?udOyyL*#;U!z
zo&IAZw971)OTLaM`k$eIx$@X-%P9%+Yiue!pf@-g%-ucG(?qR`w5ilSj_|RU#Wrii
zIjk&f9=Z#lv+^GRJ6X=9;DPC31RChzq{nUd?oq%cP2*|Ctcql&V(JvLdzKYjYOeOX
zb8LHDvx1im1y{4<-lw^$G7BvD5frS*Tw+ZF*P$0Hdgn$dQW9hmE=J(JTh9gA4HGtn
zqz2{=n{qS^cmlSus|$3HS<Nh{lN_<vaM{hVLVoYu07~1<X5#Ank2l;RQE8DhGT~_R
zpOHjrrr|_JVpYS5PIrX~x<TK%|0MtSCb0*Xv2@BuApy&WrUMk#Ln=iR58o8hA6fEX
z2`-&>CQG3)T;AS>(9k2m5nLPj;qUY9u*h;zW6q*1WeRQ#0AFJV!52%m{lq}bijVx6
z7a;S;yCJ0sw5==%V8XE(;^2?X(@If^ht2JY;+R^<hj5*!iQ$3X@sbY=IqK@KTy5F@
z?q0uv@6A_EzZ=Yi5!(8G1JYD(ZN*JC&U2)0IQ5T+@X1;<DtXBlpnb}d<Rwnu-=Rjw
zQlyG0Bon-$-t;HDHf*(vq)5_vIXo39S29qykK;1&TlIy+ZE#(8H;*}Z^Rg|82E0Ya
zdGzy-#q_1<g&eBiGm|5BVprZCyRGa{xy))|pwa;D9E1@3p7oaiOtt>1UvgXK%JX9A
zxoN&%=6a6&5c#sl-e9QRt~m2a<$&CvMEL)j#(&qwqG7|c;`g-_{=y1T(6TCcA^1>A
zxGhpk)3V4WE)1OTU=&+mhH!EFMbcxCBOlsZ?Fm~sk^$j3Z98sp=>_bccDN$3j`g5*
zd6lNsSsuvOULY>~Ao}DPvZ9;cTe_<iN-K>}@Vg+Fj8Gbf0U;3p5+|{|<gBG3Qlc)O
zTxw$AzuosW>&^MYM*^YQb7<*-F6W;@{-nQ8@_z@szh6xM5)sAieeI3|-l5}{(DNMU
z9&M6cf3ZcJjp5ansI>P0<qfOYE}Zxa{-wFWzbpe8!#WZqAlwFCwf}l;J>tuSJSH~L
zuNEU<CXl>Z7=Ym(&+%-#hEbU9juy>Od6t_UI)^I}{Et5h1fr-bAoK16r$~%i)Ru3e
zzA8TNs|#dM#6>>5)z{iqzJ$Zb{D1%W|8ts1<3DKL2c&osvOn*ZRfZUDg3b_NlKMoo
zbHO&JI%g*L2tXDQ(6R!pF;<4j80%g-J8oAOlK{<vAV-`4f<rh41q!TeCZ`}MToU+c
z<|gPwoHZlP0wqI1LDW796RPI6at4*XPT{M;em~F|1(5;e+pt5*V!xN9RS~qw6{~xm
zq25RK{Wz6GE3?fhuj82@7GBjjapE~uT1x=P-m2eYrf#4iD8}ntWzo|)_(j?ht!VIe
z>EW#rYawag-LbOOrutS7r5tj#x=}(=<}kU5iW6%$(vZ)&_F^qq1$YL>9frIh3ETI!
zw&=c;Y5937jw)lKuyU^2DjzMwGjHqs;TjC=-FptaFfs~Qs+|TE{KOogIIhydOT$<O
zUIygWBiWY10NZ)_Y{I!4s_7hR2a88x;Ko_KFOL>HLeB1d_E==<vq}i-3jNpj$EOGf
zcD>p3#QEfow)T|j7cqwE+86T1&m4I#f4Njec0N95Ny0BB+4alUlt#j}9V7f!Rb*Xu
z=wVwIJ4}KAnip@6W5$Yqb20b4ci81nqWHb-RALP)3)CIG9Dj^C(t{%hQ@5ODohxno
zWnIonJX_AMi*1(C*u2y6px!8BfmLC!_w2bl!7v|B!uAOsm0JAcOJCZ>LN)YDdG4>d
zdF}E%d*D+{$!ODVMQh}1oo9Ysrz>C>AbFnbJ8!5*A11M31Z^9>S@22frN+vHho6Tt
zE6gh>fmK$*y0Wewj`UHjhK!7e>U?qW^aS1Eyc<ugi?DzyK;goYF;JET>9uq6vW`J=
z;)ljP_2nsUr@lS>{CeB5!~qFw>^S<Y-H&TGF1fNEUp{opKU=@ecv4Rx=!9c=yw8cx
zqp>$W_i-g{Ii|iuxTXMR6iV&vW=@8FS`JLacDv%+Ql#V|9Fb@SNzYqD00<BzM?)dO
zPniJWJ0<`$;RPD)btx%nks=~22VJlVevwK{dgR2|q47(UH8mr;GTOCvbLW>Ib7vC<
zR_o%QO5NV&wYD&MAmsk`?Wgj*_OZ(JZyuG{U2A>1c+czfwl8vP#Z{Q3OsQGp(*V$&
z2lSYCYw1Y1qtzE#QlMC;bVESh*pG43o2#*1Z@aY)SY&Rh=^ykZdf)<i(v-x_VB;UH
z<<@}Ef%yw6!jknsi2kFZ!}Z)w%H4ztoMAYbHDk5Dz8I5JFH9^w+*4oXR`2hoXcqRp
z>HI6RskIw?SxBR*gFl{SQ0_t6BEV}=D^#s<Nwy&WFPKU}WHtTi#wF{XfQ`fJ@4w#8
zMc&TM&R*Nd-1M@ZpCZG?ACK9MBopab)Sk@{&uK*Bc{^Qk9h4a;3%+9G1GRF2{r%7-
ziE*5MHcKGaJ88Gf2VrsUa!}N4%lrJN_880N%uo=3)NzNtAl;9tOY0JKAs_s&2Uwya
z@;VkQ=LS3l8QpXq|4kOv7x-m%P{b*izMq~<{zb=Ipvg4M%ge;<E*KNIEIhjX+_kci
z&}OoQzUB|U{rmfvzG0P2+wU)QmAp@;N3@-YTh)pgiU>Y2_QP#Ygk6A&vGLAp&uh<A
zUz+UDd2&C&-+Ynl$wM{pdxV+Z5zmv~V@tL^J1ceZ&HLt3mz+Mi7xgEN?yIeA+7cG#
z6_U7hFIr4H!YI4x7v>ia_Os#B+)MBFjZ<*_PFavO;9ZeCOr;4RV*2?ah0g*>cq)lP
z$}M4{I-($B=Fr*c{TxG*xs=;?qfKi=gsdeBE~$HpbXw%iojW;b9x98*q-kj_#kWL%
zI<lqp;}BLL8PNl9jN72SUlMRdcun+SWD%03iUq~va3YzRkyo}{13Q;2Zmjh1ynpIu
zvt7j~j;k&^IX$d@i?GWcinC7r%Zp*d4ToPWj!y1LF>(+;`D5zt_`|sNxCZyu2b^Ag
z{5Lnbz=z?6DZQr2UbUxuy7@o&%z4RNIJG$7c_j8$k>G>$9^r-twc(5pO29TX{fZN1
zg?<~Go@#j!wF5oy2Ne`lUC8oiTwDuYM>4+XGyGMttr1p8^|Tx(bdK+O2Mq;W(Xmj3
z&RdF@zAAos&q5%)IFXwP_|6Y&?7o$bKJ3v}6`<h~IBG~u<3}vqqq#-(?<M-+oJoeV
z363%kWIVO0do@CT<aq?It<^~LP2a=56ysp{>)Lcl79~NN&=FsY-TC8$!xJG2kq<j}
zsZ2b*%-&^3RC+ZpA^P-uO{wzce8{xVamVA{jr6U(@1NZmO;Q$NJ&W9P;j}-)?Bc>c
z{pYYt=ARU$9<g9n(C#eaX>lL%PLmtMnVb4lUM0!mQwPexHy6j{_h0>zX7zKsrD5$S
zOH!5C0qO!&fcAIWb#JCOd2H4`{LWX>p!Q_whv|8rL4}g?OFH|s(|gTy!_I1c(>g%4
z&35w6eza%j;F{g!$!lA4d;>lgXL+(3eL3jc+Fg=YdULJ34!zOz*<p7=nLtL|V+fpZ
zeIG{O85O6Yc9#E+(G=T8E!{I>=ApPGCP^`JR^yPl(F>h2i_M)ihu(Ka?0g=fpz3<w
zUVHEG<vY{qkw=Ywot`{0pitE#@qBxmvrl^$BD$r}&(%#*(_z}u!eZuD%3VlKg9pPM
zakkO)?4G73@AJ~pMGEIGOuTE)n<|Pvo!}Q1RVyRjoV{G!+@>+<aQbEZ{jk_OC*|*0
zVUIt6GA=-?THa0E+{yd4QVx_O+(jGR6LszvI-5Vb`)MJs$1q(snJ?C1;5=`AD0sQr
z1~%ZkdH<QA<HgUPUf7GUT(mcN;O(NAU1MCf4JQc-HxYGOPE#5Ms;Bvc-nd$IeL_b2
z^ogxAY9f2B?k4qa={>H!!avM<sLitf5S>;HV40NuS_uk?WbI6^9MyzG^p!HUgCFR;
zq<14mp?2S$Y7^v5aM3Nt<&N*mZNxa20V2xz>Z;(<Jx06LX9ZkNmLuP!<ol=^=(#=4
z5fdYC9y~`^E+X*PU=}c#4|!M;6gK2a^S`$FoQS(wTj4#sh>Xd7dltiGFU@@W((06A
z?uqd%bQ!-$*qQtD=<@KB&1>GhavQGoHnFNSHsb0OOBrW)&7ZRvSiEFyCq03l?49do
zTbkh5o1cosqZV&&`W{e#k_BC0x0559+seNqnCuR+jr<L}D019*k!~+zg=qG=;TpO(
zrR{)RW?Z2*HHz6IqdJB&Jz2^M_uy^8Nv^Cu8a@RGEsc@2PR|Ui2na!G@@}PAkXN$(
zzW4j~@~1`)xNUEk!p&K-(8a|-72Y{W{rG%Mi3#=NFB|7>!xBHV2^56NZYz8x!|yj2
zt9Z+oj?nQPt|sRuX3X{G1)IgG=CY20tJ=Aa9x;j-b;v)cdei7Z>0cxHi`U|lSnL4~
z2H1`~g}WGbAkQcsHk||S3;@!`T^ToH-`RLP)cX9jYU24R0!X-}$cub?n`L^jN_D%p
zEolc|BSD$4;E7}W8WYYGd3kv9>F2VTyR{fmjENTqiGF+gcICc+%#Aw(mqcoJZsg(Q
zBha)y4vI0h>X~{1;033;XM6`65}fc{#j+TC$f!FvZ()<xg_5sIBiCk<oY=HDm}Djv
z<US`~?grwDt%#`H^7e1w>91EBh~xVl+bJjxzK4Q(yEpcex~!xVWhtE|L0))p4j(?+
z+4RJCQhORO00$rLfmG+WZyo^0t9-rGSL|L(J9St%Swxc<FSa!3<BiG+x6E!R4mqCG
zgi$wQOAL$bCua=LM!RnDt~%5nF``-wV;XjrS6*w57k&DyZZJZT;d)unHi@+xAWt9X
zf4AB4=(dK9^B#CZ^A=jtuk?5Oj28i6P#yL_^zfXL)|*GXER+ePK78^_dw{DLw<|P+
z&ueB`o$M?P-FS^;+(X?%hwnIiUIJfiE>8!u)%JuoY!u7#!p?+jR&Re`w?PTGmZ+p#
z7L6Z!KmHodm$?2gBK`Om+uDPi&4BbUrRC*r%+c%CU^wJW=VolXy?0ZmB;l~Zrx?$#
zUPnpUX?U0DRZx$(C2hv)hPqFAw%ZH006KT#cTg5JZsQm6YU2&JJ#-!S4VN_Q77(pB
z@ryHK(QTET;CS=sr=Cs4=1~G;C%I+}G{43~XjudG0@=FCQxtItY6qF#IuzOKzjp$V
z19>T^?jd_C_n^;m8bRq{0sHT>&BYt#J#d3q*&j)bIhZ|P&wZT;*s_zQ$}^Q%Og5U%
zGv23(c?j_5W52SvJf(hi=Av_*&J6H1;J(jVvEEItH3SO}130#}xGo8Sh7dw%6#KOV
z;z<y(LMXtNK}LMRd@J<SVIO>LahG(oXw;@Hc;AvK-DXaT!e5a>N47Mx-iaOwGcDwK
zywCy}qov!fqOMlCpCXIf`Wq8@6nCT4A;~YFWGNs-9smv<iY=acJ;1__igjTFIU+6J
zF)jYP4}lgC`uS{4_u{T=mR>wWC{A3-vLqy@T-0O9TI-r<?3_%35ESPYyLy(ZF3iTA
zcPXvXcfEB#Ixr7<=Yd-i*tf^Iy$AL;WdL$lc#1oOxLI6QPLodpw``2D;1|=fK|mPQ
zOje4L$b+f6bMp@rWS+Rp8<>2Lzi{1Q7_zE`WR=>H;0+EDW*lSlb9nVd?*&2XvY5fl
zY-E9mf-5e)(lnRNn0A@|PKvTvH1Rk+<9|UBMGWg5e{3iz&)qCxaY3ImFs^=Qqt_|U
zkc?xQ(~$$Ag<-W&2SH|-{I+XCbRvbQu-s~I)3sGv<cH{)4Xe9s@+I{}nvr~a1V<X+
zrzKuyWcJ?a1E1f1^`6P)6?<28tCSE{Xhdb-6jORF9P|2+#+3ZKG8Fif*JI^5u>G+-
znyH}Ezd{G{t^=<wg5ROT&RX*A_emKub0HMoS+l8W)YU?DA$+FL!koz<xmDZN|5r|8
zQiDNG%{}t*o9^tX@}Qpr9)83jx<?0<ZnL0O`OXKY#?6Omsr*a_8k1V6jHyCi(3KDM
zE`PQ7dWqJ|osAJ$ayNYwwFgm9)x6>(8@|tf)L6#da5#!FEip^;ErU_y+Xjm^-oLrN
z6(ZzZ*cluHuX15b6sEg^9al|jp#;J^pQV(UgFAUUCmtMJq-}gNK6B(?N)K{ouqPT#
z(Q2z2Jj+(d_pTz}PR;EisSlG2QwSQqZEC=IORuBP+ng!MshN}KC0gD;4;Qto^^%cv
z%EEbANPf6bEPKb@T~Xxf>$?Mt>%9GZB4T$apDv$9k{Ig#k|O={N=D7XFPLOX|C2S@
z&=?uqy{Sv6pw`60=jDu=B$0vh{2v|xj3gHNJQ(!giSi~jwyCC1QtlI%G0CHsEE=V^
z?guNNOz_R}S(|ragISR?<m{iDqIDnffRaT;YJRLFf#u_8whW~mZ0J(J^>C%<7HS9q
z7=J}bVDu?95jZ5U%UnXpE+xAR`_LeO<ZS9P)+m9GT2qfZ*~*5AVk)N+&HHxFl?rk;
zdl>tlB_zUDzyQR3qA$UY2P0sj%d<>$9S&O<epFMDN)a4n@k|z-v~X;;ilR<<kYx|r
zx@*l^u+A4=R^igeyrQaEr&Xl%+uyNz;Sx(O$4Uj@0Tq17<ur9G^fbQK1)}DFzz`Sa
z0a{SI5>TZj>V$C<6_|yx+)}kJqCzV}wW%_~b3!i;5WCYlQdclB>-V8U#S*Yjq$qM!
z;>6x|#oYrQ@(HpK_*tMcI{Y+YV>#@HW9&{q1cl_Fq^0W4Tmj`z;jUI`gThLIiWar5
z_Ghv^xBl3z!ra8-<7QzM70zBdIsmUbD#?N}lN*<)TfCOjl$GTZ0oaLG+toy|TA7Dj
zd^U*`N%(1n{$?bWgKk7p?mpt%|2CbpgHY|H@yd%Rfm<TGDodKQ+mc!L3})DVbEU&t
z2X@S#m)ySv2L=J2EFrz20cT30*Ei3#VLnhj4aRk33(7u>nd6dyQHfl{;7X^w`jv{3
z{wJ&y5br^zB?0<{-^4R?fz$1)CquON_$;2}(_^AoTQK_US%!e~myxgGp9+WY#bo?v
za^$LuMX_}!QY}fJmBiW#is~mEJ~4VVr|yVGs6+Ag(V$&nF2f`%XHv@jI2`xdOYQfo
zv;KolB~5E(Z%Zi<b(-%K?uUir>oY4zY7AuJgVSg7rnR=JO@_lh^(bnfN|9Vu?sYa*
zXPUPd_f0mU>&!J8!<vKiAYbZO-)#Dt#th`}{~y}kJFbbXT^mk9fC+VyP(q&+0w`c8
z0wO{Z0)(c3popjmMG*nPiVB(x0}^@@11bU{BBFwVpxZ)15fv4%VMD-%ii(Pgm2ceJ
z=h^!`=Y7w6zVCOw`D12HTeH?AS-IDJU)Oa9aMbqx&^k6btygcPCT{0OeP6+t4A8V;
zWkaIJU$xg68q#yZRW7M4I2ykaM|K=p*W1)b@k~k-kMrY~`Wfmtq)1P1TT*Aa!N2IP
z;o6yNFI^GkXOAhxp87&{@-UX0v^jad$?}jSiW4Q90X-L;uMJIxn{1T<rnTyz%kheA
zMpNGh=UlPX-9s}My<CX`e$4R-_8)YDW!!yomuA&9%JV%0BY@alU`Mob9$avy-{HfR
zht?F2K{g8Gn^!!yBtWRm!NAH0=I6D9sH0xoO!0i(8DUQk))~@zph1f9)81#DL5(QO
zDnqV3^@j1|bW+uN_B=vd@$LdA4;GJ@D0*YM%d3mrmyIU_=u0fwMi|@q$Dl~Cj(x~_
z%Vg?I^benRTduq)ua#-~X?5c5Po2xI#GjB-Gl&(R@{c5nZXfMmzi8uFes%wCKm$An
zD=omC@c1M30UC#MDZXiOeG)^jIkm7l|KQrd3;pbVqtC39--5CP{MWkd{jD{&5bC-!
zAi2l=%Y&!-@ibPr{@Y!@;<llidqo%lhG~BTRU_WJDZ-{<?&nkXrD@shJ(}}R0-%v%
z6WlrcuN(jW+G07s!?8?}(yBfjS+o*^+l>D+QW_#OYvWAuo`F|U{j5bqlH6hhJ4&2U
z-@tf95Xemv3qAv-5aLsRUS8N>`Wfj7r<GpegJ|Sc=&z&YG(vk|HfzMFR6VR2Rk0#9
z&}y~UHCDexd?yMXBaFshH_8{X8UhidvFJHKdp*oSp8^ZLYRPdtG`Sio>FE(b|Fsq3
zr5^tq<xkX)j^+M0-wM`-XWn_hsmOjs$C<Dpx8HYRwLFOF2q(fapf32Z5B@897;Am8
z`^D|!>B&KR9|M?+`Zg~lcGTXn{fR}PSpj+WG5_g#ehk8D_5$vLAWo&1&!(tX3P3a~
zjjG_}Ov=OSm*WfIK5;-!yuUep92Is90&Zd4+ke$TkZU6g@xIA4!#4Luc<U$e+mkB2
zU>n_#7ArTO1gEIl%Mk1$p^b2QzvZmwABbDcoOciSOaJ|Ntebp^$0TXpw0zE^khP2v
z>aaA&6rXGwZcVZ#U`xNK(ZbmnCSgmuGE^*W^XbtbR;VcASL+gtT!@U-LgRzIO!lwJ
z+<#c6OZ^z+8!>G@4YW|EJHbf&W8)NK)&OA}eqh8lz@u^gN@5hr>}XRXg)@ah@1Bq@
z5|-g*BPJsTXb31jQN#gcDAxbV#jZT!8IA@kU-YY9smD~nPc%^B2Gjy4fdOETGU5to
zfoBsGb%b^S{+r0|_z=7VmE~NDy@L2^Vqxk;RwaT4v`phv2^;Y_aDdPh%ApFf1ZhIj
z#;Mi<KWk!%14*~f%c+c&c^q-96tCC2mLfO3N<b{0GC81(v}5l(r^hwx3BMpYe=Rs;
z;w~r)L}<d9jrqe;OZqsIL{LS<62t^;3!whJ>=`MKa8Mp2D071PIBzuxhzK@GrmqEf
zYG{;!R8iQcfdMCWHN$hb;2cDmPz)2rXt+`tQN26CYCN5MN*V|g;_+g6V3&Npj38=<
zV4?Zi-Pw2?I%b(5G(zrPwfn$vePBLfIhTMBOldO(<J1?v*kk@!&z3T~@?Q-_A0i6E
zArlj&H!mY76h~QxhwbDBs>nhytchn<Z8O@jgCaNYHw>7%<S9Rt5g1D&7;e5K!nh10
z3juv>$K)A`b5Z)gt3wM|cQ3}%-HqwCe(wjy!UOT#XeoOgaf8Mv@L)`?==nx$0dxSg
zenS|OmoC^2i8DK0&Umyldskms>Ug|BzzZU|DJ>BBfO+O}47JnzGBbZ_|D0}2q#8#W
z)Bn`~rg)CZ=cvxGk5liWc({W?Y|lrX9XXiGHh$&Nc{_e4t%m2-t`DlHd)}h7?%>=I
z>1}@I<meSSRg6Vy?93B1PP9qtH5Sj5G!w^z`rLl5yMq^>8CNv0KQwrxTI){Ql*;#r
zg!5uV-Qx-vpQ4`g4)gR_V@|X9UOhgXW{H3#+s;SIrIZ%E*(wf5dSOav*_9Xi1=K{z
zh#Iu;Wt+***1pf3@4#wYWn6(_-vyd=RX2=g?^H^dDRr9g3Yii%Bv^vd6y54m<=T@g
z9^JCuD8@&R=@73y=#Hc`H4buYMn<E!txv-FeoZL}o*n3)$2Etzq^Cje&$Ks+hesm5
z-uxEo=b(hGa6DT#={8N=s23FZwQqPh+h%ytiRd>~ax8warnqJQW?KKMMODkwj&7fP
zRUW1Un$yCyuuI|{hZDspedgV**5n7hAKx#%F>AGglL49yw^e8Ad;Nj^Z3jxFFETdQ
zhOJqs1ndNA$x}aH*L~gwoL+zLTm1gpaPmDM8^{Bc-+w-Jz;m|EiRUe!zRh7cpmMsf
z?#a&&tBxNpG;CUaN^?3eggN)7A(iFv<+$dIZ5I7bjT2u^+&L82uB_T9<`CqHsxMF6
z+*AuDQw!K1&U|xN-WwX1d^+}96T=YoG=xHWv^#50dQdKrXJ2r5crG@o`r7;5R_hF5
zE4ksS8-u3;6#G*erwV?a>^)kR&QX+&U|QnrPAyy$Fh3g~jey9b*cmxG>j$j)XZ$Yh
zqHE(#u&{RfeErf34aB=}T>L%k;j@*QN&M(OvAJ+$3ua=znGXGn5$TET*ch}W$5*s>
zuI)vR(&g=3#^vnxZAp}8DkU6pE8Xy_8RQ@+u%KiRPU6M<9@(!QJqojzq)4aZ@51bw
zm|ur1S-;m?vk_msm%^uuA6E@Nm~%yUcB^Uax3FGXC=Gy?ILunKEN@ef)57lbc8^cK
zy{kBb?ogUcvFrI4t9@6(si@BxcHg#^v1EKm+E?)9T=56}tzx+?tX*N<y@<8#ncKPL
zM_+`@S~C5EZw8d2low0Q=g~xmB9Ix%Yh+J|+JD&2FO=)JZ#{bd%#q+UWGP-nA?;o0
zL*V#)VmPR#2AVM1#vM{u9DT89cSG>b?P<siV{F=$Gsn`gPc(>6aH-q_xSK4tun8sO
z+s|AN0~_BzE~+-o6NV+FD2|Sn1@o#xxse`SCM3fx6~w2{0mXvWc<#X`pzebARiVJG
z2O_4{`c=Sdv6AX4;0;G9{Uov(O5@%K#$mPeQ^dP?J=Hk+3BcZ}F|P;e`z5yPWHv=U
z-3Q!K-|aZ;`k~ek#H~g^I~e27f|V!kIq{|QX75DluqHvmAGJ@!?z`QUm#I(x;5x`K
zkobV(^FG%(E2eMK<3Jo>xbpjV&Aj8&FNvqn`3mdmkI_`Yj_H8hMm8kQSo@azN@4md
z5|74G)$F#voA-}XLuL)XMlo;HI8iF7#Q5LDKo~55nZdS)xanp`Ps-%-rHfB10AWu1
zAJ%@d^2I8wnUgz?9oneCj>vzqq9E_{(KkEyJxpA)^V?@z9^2{ooy~3xa`~o$Sm)#3
z(bjj~jAGbEcUNv=9vC}|B0?uy=AE=SmMGS@Bb_jh^;z~@twa6Tw3}D*0|~wAXJR{m
z!(xBQe@gb6EtCkEw?aa~<$jH|TS&hQl*7mwWIn(_&fpgSp4uTHHd`qC9xf(_4(iXu
zs?^s<oNAONdL*WYvhoDf|6s}dvSNJxIdK17#%jSVxufT-msc;P7hHt@K7k>qt`z-a
z_uoZaoKteJ5uyFUa-vm&AT2+q6SOFzo?U-o#@9P{xvMGS%g)>VdNKHP_guA%m8jw&
zBl)mh@K9`PYk-=uQ&nbIaL=K`o2#iFGy}^X&Rv8@<I-rjU(mxj50l6xLRwe1x!i?#
zF(V1_p=svly^3DliAT@kN36!YRkV!6w)UoR1R|HnohP0-6Q|5}Pab3+BAgH#w&%of
zYFXK%qtG>u?vA5NzrgH3Xc8id%ufX#6z-iD7%g2mM^qvD)fGq!+YVqVe-+VXuOXJr
z7IXW8Z~DkPF5ld1mVm$9SJ=nsy-ABDId6>xGcV%}vP%=QV|?zBoKd4nOkw9#x|<h3
zAWd~_D9*sfJhyAluG<|U>V1D!NWk}SsFh`E%vi!<IfsLTt>uAFClvrUlmTWBuWl?z
z_6*>ez_j#Fe2C&voEsPKj80G3KPsp;Bihm1ubpOsai?e=y%D&u{>dow8t=63>Vn<x
zb)9?=o_8VPpro{P22UNhW}X8a8#+x0#+a_xPbr|^<M+(33DS9x>XP2_$7(%EumWB~
z@vb5D#i^m@_chnO{lEvIQ++sF=QS=|E#z7~g|>%-%bJ+G`(r($^8NLPbqw-XuYzhY
z2POd=E=GaU{%3FgT2W;ngD7Rk;C~$?>ANy<Osml+o9_myJs}1YHBw@r4Cek5mdQKh
z9Mz2JniBoX*i*8eFJFdzI2ESxOvXZa{>SlG#{>#fA6d`cb9cqJWh8FYvA0<8O`Fsx
za$-+7W=kcCn}^t#Oqx?SjTHRrIlq?*(7xA@hC*lC|2jY>T##GJ*H`XwN`{<xQr{dy
zk_K=As0Q}SEo8l>8%R39Mc@&T0?s*;oi=FlO}eVUvzDlosk5}r+HRLEW&@z6gw}+Y
zvpM=g3J01%kvcLp@rcrQjV}$o<~D8qcra9pY=wT*8mJ9p4epJjpT@gxJNM($=hl{6
zZjI>81bhjrAQNX%iG_+XNJNZ>J*p5Nf^-Qjv`E2$5-yHI9B~7^0=y{@i*HV|*mL!c
z9jkcI17r*IlKdbd&4a!CU`o48@vKbqXQ1m9b4Yf&h!Tjaa&PvC!P_YeqbQWc-|Q-z
z(#_+PB1cdgmfoM~(U7fuWKc%v>XxgEF1u9M8FsE(cNZq(RjX3(UA?gW!Sf3nZ^{%{
ziG)>X6EO;SP>uy#cvF({5>q;BmeXBlXrOBUdMEdkW9`2#_>T)tICHp|gCt<cH_q+w
z-xj-!NvbE%krhY?el6mU$C>?nS^euCWtr)F4><?)?3V-Ig+zeCmZ?FH&(fS8K&%*%
zw5J{Dz?&~mYRxszi}p-P%48hhJW=#c!5UCk$f(1(F+xLQ?!J3x+nF7(Kh?aygO^3N
zIv^;$kH55IKhiu#8;3%@Li^AGTr{GaKrG!}nI=FunU>Tpbz@^HEA&yH6{D*9RgkrA
z;$I!WKF{HCJ=xWCLBuTOy~Hz~AO&_&i^}$NT3N`y_K!|teZ3%yutv{k;3US0gEtrD
z2s>uO+pP%3M#?HA$1&*>zJa=aSlq6Wi<)4uV2T>KGt;C!2%`j4rli2QQpkz&?pe;h
zrN%jE5H1IE-hqvg8BfWv7By!aG**POw<Xaa72qmMT)E!)gL4mtLT|DcD(HWxzWq`0
zgo4R!ogTcC2n)~A(Sby-Uk!J4O`cAFoTXzpQ-3&JRqX(~+L6Qv^=2HqprJ$dA{a6Q
zXV1`<+p{DA2pJE!=Oks)a^7pEhW2d_F)95X%Bvx|@JDjYcgj{L4c@a3Yz~VXywrB4
zS&S^fk+BPJm&v)|d~Ula@LuplZl^_P^Mfz}zQ>RXsw-nw5N3R@bWfrRN?N(MkFn*p
zqLHx{JD#jPF>6@gQaP!g?t$EUhNb}=^9WvdYgQ<`s<K4U-b`jo@14jU?#ob$mT1}g
zC42UT@i9Lo)f-3D(hrI;g?n~MW>(dt>=8b?{>-_vx$m~CFA#5O4=5gPvg<XZ$67Kl
z%bEQbxEFKMfF(M?0fjBkYBJIfo;j>_mgcOail5;ZGjW$sbB?9e*s<d40fod(sFOL|
z48?J<+qHJz+GT(lKcau8+oE=aR8O?8JVhP7nH+xyI3cbg9NO7TC0WM2J`#53)L>%H
z>M>_as|de<JCX&yzP=lm)oazS_BaJEDQ(&A_&RC$COKBG-U@1%opWZASnbFda~J$X
zzdHKhI}8kEpflt(5zC%FK3`}T)%xtisfReAYeXeL&(3muA?)bRHHMV&2_m@(h)GgV
zuP|^}y6}a7gTL6`@l;~HRM_a{#6DEHw)1YYOtCYgJt}jizf$-)??!smRbA5}P9JY-
zuz;<7_jE8sd>gVcrca1H>$mmtY#4Z@9k=;FrHni(m$GZPZLCMxl7dWbrU$Zs^bFK1
z+M@&lrRTfc(=rD^l{mq<Gx)0_I1TY8KLO|2<yCgjV^V`6GIX}NJWMl62wraJ-7v6S
z?d7@y6UMxc#X!M`av4kHY0Z=Jq5Kb)C2rhe;4WZ*Eb0^I<2m~(D%aLtWp5$Z1ARjE
zwE(b6awcud)tKSyExKRDf86z>eCuCZDUC*`y`W2C(g~vJ$2IK@s1h#rqf?KGUb7az
z6U_NZy#5Vy5MoK*?*ItJN7De!_mNMXJ6^vT5_GJvX7I)B9p<#;@NkIdHv~YeV}Q~^
z*Lv!%qrUDL0E6i;Z&YJIC|6J?;8o}&j{}67XX6%=3M!2Yv-Dl9*Ld7}B7;rv3-Z53
zhnB^I4T2m#HH55C8`VVP<*q(EbR#H}E`^p}SIUp9g9++b5ihHDA?M&pbOg`3g{U0#
z(K4Q6ka2oAx0gDGnM+Ez6<Dcf$L;Dd!Uswucr}UTH{c^Y*S3>2U^jDCXAV>l^0jeJ
zd<7$8c-}^8%O5j2E?LSg`C7^E=bUP!8su(Li+|NKCrr|Q-a|3t;Ta`6A=jpmqrFLn
zn-#cJc<1$v*n3Wa7YXn@9^mN1-g=N6v6=?k_yEBCu#%9wt_8LX_@v)HuR`w8>l@U(
zAMu-HnEIVrN>LZ;0QK|Rm9V<kH<(#oTfo<(FHsxLJ1#k1@PbyrvG08)S0osN`7RAq
z8ylb>Br$wS{E-+TsS2Q3t**k|Y&oI>kVW<<hk?e>zR&G(Ugfi`g5^{g`VP+faG}=X
zj9}#PaH{r4$t^@fAzNWGWXOy-YE0Y<#@wyIb$Z*3)Fv0M-)a_Ds|51n@Cpo09Lydu
zXx|<j5y;v#Lhj&Ty4<u;?YMcPPd|PUfB(5<T4&aYg$lraeE@GU^|~rCcfxHRSl~B1
z#?U)EH#zm|Rf7R<S>#30H_ML(+31`yZHj&BrCD5{;TKx>C!f0lq27p6u3ozfFK?bI
zLN>sPE){I!^`RDlQ=40KYWGWgr(9`5{j48RqM6O&>*<5sUXqe0Lfjp@u21b(iPUon
zG*t6@H<~U4x9Z!QZI4#@AXCYo<#a+3R#Y{xC}nox#dIz~kk%+>)1ohjbUfd)A#K0a
z_D=-aDoK;+DZKkTKOImrc-MF+&@?N4b^xDb50$QJ%ukItw0|M)f}1$t<aKt-g4~|r
z0!9qS^14umqjJ&x$O7suXgGjRk-^Kq0YyNJ5UY$A=TJ<`#%Y;UDO3FEcIEmw|H8+g
zmo6m0>~1wuZz{6MeZiRPaNVcUuX^TX-^{#cidIf1X4Ns&1TwnBcEzcJ1f1ImVq^uF
zqZ3}Hb4pFa{`2HKM2B`&>tR01&kcW3_&z<KGVAwqP|U<E1JXy^u0)>W)!lANp;|7h
z8uZv4C{hVH`RDq3;;;7It*^LkdxDp{@ZQDD$&&D0%lqnRZB(#n?T4(h(9|FLr2d_k
zVLkC#Yg@~wG9_3w8|RDJ!0-13G%(kF0JG`QL9axPSVuk=Rs&8EAAkan#=PM)oE5Se
zPa($9+o1Mrp^;1pzZ7@_uxS6q#pKVw>QH%hpt-gG*<56sj@!W@o*aV)U~c7_m^}`N
zf(hesr+uv3sH~IU&qi%Ur;0Ven_(WMy>QV+o0xtYum3@v%a@k+AUSS16F@))Tgd@{
z9$Ovo=*Bd!SmX2g%l-J7iyQ#z!D4%EGOwxW9XQt3KT>nsL5+H_HjYw21EZg;*yW}k
zcZpGVWb}IR@!GZC<>F=E99QrXiW%auW07ZP<VTpjUKy7EX`Qe0%@rp}(^Kqy*IF*r
z4;{W!Hwc}|9dA4R(lq^f$g}P__HiV0|Ay~PuTKzeH`4KtCxBjhu9~c?gJvgY8iST%
zu35x#$LY0Jd*Tw)x^25<n#x@-9_$8G#SLT8QRRmp-QOMbF;RpDAW&QeI=O9+-tjU0
zL!X6iaK$WAP2t^l=#I^W=)qT_?^f$w(-&V#Us-oQPI|7QJTQIL3{~rDr+vI6x9N6b
zE2=fAPHc5e@4qtr9cz#%0@<Su&qp?Foc@W)Z9^x+Nc>xaBg)g0z<mS<P&|j;ooU=L
z&Hl%!33Q?u_?N3*p#s7RA*JsadjN;QVL&_%htiUSPUGgj@;MP9sH=WRZdhM`#7u>j
zn3F=MA|{o;ob7whn%|dG8;cf>ptPpYkk#^C%UIHPh{c~LQE9_Cb7!G>4J{-@=v%7Q
zD6}c@sjrvU=#Z#0&^hk^aj8Vx74#1)?!PKxQL~N|6R8ezy#Oe3K@GTe#+TINzwJbf
zsmdttm+}5<!9_?tO_gHYGdi$ZjdAh?mQ|7LKTrI%nhyeC+tyg}W*0y^#*4QaF{oye
z@U~yrr6JYzB)>7y@^*|LF=f_D*tt_aI~%dJ&3}W&8iDyrSTeAdqyC-f>VbHL`(wyD
z);oS$h8_QQ>juj=oH<H>FX1nbD8aKb;8<36^)@p!T!A|4J=u+t2%%GBfw!6;^|g$7
zsH+d1q0EjbSdgQoJq|fpn$9Pa@wPyel0Fvi2G5qONcrK69MV=Gh4_=WoMh&T;(dB1
zc>5mr%ICr9$==~q&_l`#<*yi_vXC7>?$kZBV+8@%2)p3LGP9<}yu_>>3UUXzcZX1E
zSR_-)EaLm@yIuAsVI^wy=Mw^vRdI9*jZaq#RU>M0uwCz1$b*F6FK8!nd4K|I2tlDH
zYzd=2Hy|I_sr<{6tO6)GX6p#qYG&C4Q-njnpMw|dK<O%z%y8OUU_S9zd_fwdOqh)~
zCMfC<{BiKit}BS>5;FI!3%r?Cn(VidycAI&&~uT>Nmamw52b*pyBZB6!2Sy@Faf_C
z@b?D0(2GIT@l>)woVtigG4_jJiGasit91475`&);QMM$3q)ROg@8sod{!rr?#T`%0
z)qeb}aYS7g1+Ke~F?J7WdFm;rU*~qV=y(C0?CvBD`|Y|#;b4CUE7O+9eEeL`qf1jq
zEW=Q414o!g5Fi4On~(0$1=u~7)?tpg>4|Jeyy~km-WiW8D%Bo#f>iDpe#?6unHaBs
zxhVU=C?KDApgU&U&huP|yebem8f02uB%YoCn>iF2rre^b%_);s+Lq$iDj^pf16DGV
zmks<#X0Pk~qq%930&$iYYeeBYd<7UiKhocsMD#DJ4i8`c$$mf&0mH5oGqc}LU)U)Y
zq)K95KF*6a0?p|#nwcxdFHT)wS9g7&{;UynB2{(MHnUo@0p!!&Eu&2+*nmLm016Z^
zmwRuvj)d6}rYv*!y0V+<7V1vB*uBT(?r~kWZ$H)3>6KGc+<EyVO3Tx;3qBtl&#KI{
ziyVFGnrpxR+ho{-%l<Hi-Whh!Y$lrcV2MWc%8Q44wo&nD+-1)>iRegJ(2KH?+8{na
z<J0_1&h4KUyn2@d8m!sr)@nk!6>Uc;q=(%(+uP&EFFd+tXk}E{-26W*>^50Kp&p<%
zru@-1`Qz_}%!kiULP7;OP4>p=fLFStz1q*1xWN_*B<1Pb#%Z4#yo0i#4q+x{FMD;v
zYjee0hx^LYYMq7ED=#%MFEx(QouIN0XV=!Bw1U7kwV%0bnAZk?6F{6r@<qLL6}Pzn
zn#vXeZ|5#9Er>%iB5R?ngoQ!+MJo@YVumJ9uNZ&6RJ^G+%mnm<q})nznD(d7J5lA0
z#_XQ5DuHTP?U^I-O;w%U7eB3t9@?tm;DUR%E_x`)GBHhvVtB^A?%&pqMB`J%s1ylL
z@+ONv{cZoom#O!j`X=Tyrgxu#6%3L;b+cU|=~N%kZ};@mfXbE9d2frEuY+6Bo3a7r
zANmfHt4-T@Z9EG5{a1$n;0K=sumNi12#*(UTkzmP8+Rg2sMIz6xw*yHFx)Th{MG5T
zo6@F-^>oi|TkuEtWo6(HfDYZq_B?h(6<a3yIAHUBz8F!!)`EL6Rpm?y%`i^M`pJXw
zMNGgwN@XyM?HyWbNXvl&(7CtI{sh0e188hbM^$P5;@eyH`VT$adOyyP<^oCCjdPED
z1NVv^{qp7ha}l9q^^)J=UX<XBLGx!~036=u|2Vk+-%g<Qh5h|&{~s=4m;TPj_s=f;
zvpj)5Uid%UorwS8PW)XRHuAsGoz?%jJARBiD$CpQ3Di(dD(Zr+Z>(OdVw|`;gREag
zsy{;5GctEClO=ZnB_ScZg;><RESx0`h(y{Fi&6eGdbNSdqQtVrz&oL4-7k)`)Klw-
zaBd!XMN&0d*%6g2ivI<|o{6#!H2NOOrG%`LTd_(P{fhE?YSjwoMxkGh<1_yA_W*tM
zv48jN|78g$D8doKS-Uy_irhDo$|cy~iFI-XC1T8H%3hif9}4C1h$5H{qR9x_*my7y
zZ^`Zi#j5QzUqD{~m<q5?K21nx4xK0!Du6r~Whvz(;e%0YbFC|QXXgpn-WMb|{ku^F
zn9Htg0a9L;Be^@PEb}`_0oyQUgr!_@foZf0p-`++d!R38%rn4;X!M;pPlOXv-v;>I
zd_12>>=#|IkkjQ+JN6K2v+;pr%-gdoXSPRR@K1*J)E%=p;T9}Yk@`v5i@=wYUWn;E
z3@~EC13943y4wkMS3BUzIRFeV#xq~wtKj(~^d@Le9n{8~81#EX)UhYcFoDT=7&4k`
z<qK!li4iCsDZhlj-W9-mmoklVX+=UMl$tIY!Cf`RO0tWyU&Jt1nKl;eKih8g(6zOI
zK};a_5@$^$IX}d!k8V>uxBh9WA#|AGxar?L|6Rap686=QZf1})gbo1#AAo8XFo)j8
zTmdi?fIRdMIsxTqR<QhwR#EXJjtOUWo3|5f%CwX?NxTW3jiIGbr?{1(WXt!2Lvjz9
zx}13lzXegTPDXn&SA7zs)v*714jD+$ngv_PHIW^7cf=jOf*7OvQHBZnmh#lfeGizn
zXmpH8948Ke=1`lD6Z9^!m)0Y*E(Qny4+9PtZph@K9~xE@h=<Y&WPaghJ_`GRI0pwm
z<K(8)dn>h;!O@kutla7m7U)TYL^4IWYqH08K6QXF7axKo;Y-gF-5Mp96QYfQ_Xq!K
z63*C)UT{g1P+A*AVXrz$J~MRp#cm9S`nAOUcccHj4!g$7?EBN5@=Q>sP8rRN$#GE2
z$KyFhd-QG9Aly#m(P+7ri+y5M3?tq^4TFMJZMaJ2T#f;UN`d6Sa6--jfEY;MA#vhp
zP}7m5BnrQ=5Zbq9(;|I2engYP;{r}?S(cXeF<tue=3D>@gd_lh<#H#)&?z$4F=BmA
zhgOt{UIwSbYp42g=(3%rW`0gd%)R&#ECv1IbF|QJl1~0T#^QuwB|wPL^MrbBlr{4V
zjpQIJD+8RtqK)p<pwi4wPq&kL;F(p*2iif;1Z_vxC%yrYn7z|SovYyWb>rR=R`X<E
zabe&%nmCk|%mAo53#{ZOT!MLjq*hBr;yP9uik5W5$ldP_)LX{KM-)3uQrPCam7o=1
zczEUlm75c?07;KAUVrgz$<}o?V_vP!jLKU(vye09>8Zl$r(wgAiJec+g68?iLe*=b
z!%g;E@Fn>kG2wShucnc#e!N*quSCsK<%^x|(X+Q%^Qn!TZNe|Fj9LK~oV8yCJJO@|
zk7A-CDQ)_4i_DPX9;kBEUi^A~kI9B{o|^V?p}q{9E!K9)Ak%|Ts#AD>{3dAy2itv%
zsE{i$w&vfCTckOyU0n?<2SfcD)w(LuP~@=lgVdmlv9^2I9rB2k=a;jS%+ZukOPb<I
z=F{tMyArM5O^CS9<_7PNScjFf<YZ%Aw+~q*i<$OBv*Ca#^Cen$VrXUU9TD;!Jq=5D
zGm`h|TrfL@lFOxI*@&>z9(0zC-dm=9fBKqsavw*q0Kjz*=pgei?AkrY&k>~tZxOYN
zm(An`wQ<HFmPel%Lg?JE)U#z@`8MYp-j?b940|-fAz_K@jK4+b*_@gw5TR*k2+7Ks
zt4ojN52z^izoTB*%~<`}zYK2&T%ReO;+W-KE{}V2@I-lhf%`-jBu+@ad$jN3lbcMY
z3;%TFouhA}z;S9H=YyW~w(;#fo2OxQ1Hh8V1Fd9nuRSj3?W<VmJP?Q3OAYW;Qqc5O
zZdiTj>o64HA}zFWcvGAQ0#GvhxN6GRr5`g;aIzD0zVqe1{O2dud0budh<SBWZFNVa
zAfoHK@tHPfbXu_i3?FJeA~cz`lIeG+q4dxKDWOl0!`j(-2d}JiHssE{jen#DeTtR?
zyU{p}Ibrc^zoKa=YN7<N6H_)3cg-Ek@m1VhyR~?C0}3cm5W~3R&DRP)PQOab9L^fq
z-&DDbw_?Ena5H|N&&Ha2iCIt<zZJnLe<NB?zgTq8c|b6NDs6%-h?2r9598^#w_cP#
zJJ>v;#nFTbd)9lbS1s7S##mRun893o^}^xl9|>SGl*mbX&)xApeJCKK3&jM`0Tj%+
zv5B@v{&DH1mZOE?bUqa<D+O|oJX`o$h!F`!UK-pDa!c&aSKo7B+rXF^@Dd<BMQ|S$
zbo|t$Oo%&%D`ya&Ex5M2oDp}-y5dA%V$N`4EvVtUam8qxXMkD|pn2m6|A;s{)1CjI
zddg(__Go9$s=`%$t$!ObKhZHS=|BJPuS_gG4)ogYgq&~x8GAlD5^#v{Xd=6m^(Ry=
zblm)`Ja#YL7tu|$5Ti5th{OYPRe(^h1pxTuI|{fv@?b{yi0$-wy9j60I}nm3UrX_J
z1Y{%NUSlH!J%57La2k<0d0j-WpAYtY4mSD~;chUWEnnrt`)PLh3;CC|Q7>;TC2c;7
zS^;uFsL$koHU!Wkb!Z3H{WaeHe^}!=c$`dhhJF~9bP!JJDG{CII#5{>A_i>`bN3u-
zB!GdrKk&wh(n18_=;QzwDI6Y`5t#{bJNIn6D|Z9sc%fouGHWNFX0^BSWmcj{g%me=
z##r@<78}ZWJ}OjoU<dS(LQ#uX^pE!8%^{A%Iw-vw2$rc=0ae8Iw7v{B2(h#$6cxQy
zKlPF?aILEh+RJ^wBMaHZ%_WMT``57iTNM0p?w~_t6zB}^-!C<_`k1!ckGh(qnEj)D
z-(S_^wkgEdt#$dscEl;5oX{xukulKZOx$5qgj5E|c{2U5heDDcSudrHmt-}CzyHS;
z0fU`^pej4i@AjEiU08lSdh5fGf`C~nww#%bMFn0IuTYdOL-B0%cA>Q*W@s)sAtcBY
z<TU0AB>sInyV_xuK$L>sY#+W*4~~(|kk|(&2>63Uy^2cSy||mYjAK5&_XTi;ABnd0
z^zpkWfc0Ms_|l6elsN=J8Pz~I9G6%a>f^*TBar*NEl)RQHm%E8t!TnRH5p`<m3gU%
z;|UIR{B3WKnVmu$1Ue$?hM=0v)h7sZZXou}?_F=(d4Dwjt7h_4|E5fTYH?7FJbt)r
z91XY|pz}`@)s5<qpm?f2kLBPPB*Nf0s&X>k3(*BuYAE0h>{XRf>VC|KDj%wA7ws(a
z=)VDIkah89iYT4uF&WTdI4J4P(z&6c&Y@QpwE11r81(Ej_oIzbQQps|!^mp9L1l3p
zw}cdN%W&(~9FHFS3JyuHmS_d=sv_Is`LUxIDF+PkRuUH}jN={b`8Vbe(mGaQxg1Oa
z#wpK2?ZJb?QjqlWUvCH965)*lgrhw4Co}&HXLcRD$dhn~&pZX~Dug#aA%|s}Mmf>S
za!{8Ons@v-K?J+NHgd1d++?cFtnglW=zYSRZ9>CawXwnU^M8T#b|Q=I7%BgF0{RPD
z?`8INH=>sz(Iu~%$*cn}sls?xCZd)sh}UwpQa;WE%+buP;!Kz|BBak>4TESIqJt@k
zg~BenpHnAgl+}3I(n@d#o=xFYHR1FGFGj=hE5S4{riZbjvjK?6Ndg!v;ZJ)67?snC
z2<Pjp`F$=_n3X5Q6x$xh$Fk^DWBQ)va+$Uo2BFw)2#qOT1Gv(1x_M^+k>ZGcW*``u
z|J;2$RVfq7*c982B<*#-q7<r%r-Y_NSr}R6zvDiZ-&`w+0$oW?fi~w~&Sy`gW$94Z
z>6C{Gvdn7e-YmwPaG;8oQCPM(eOROng2`U#yuc&em~$_?wd|Ld`wH#-Ri~G#ML>*_
z!e)w*l?&F#6YBG{k7WRA#Yd1yt`hJ@qMuBUzd0Y&k6B2f-Q|wpYtj)TQG>8P$=r8^
zdeS;o-1#EogSsd5WZKJOK>K9@le-sQE^N!7j&<r7oH}<dKr}z3;2LmmfCYE?ygN#Z
zP8~i<i?}WR7Ixv)rg^HU@_9ebM!m>2B7)yk66*Z|ae*x*#+3AG+@j^_Vdefcnn$;9
zJX<P8R^V+NUWhY0JalqxMr;mzwK_K-mMde#k=q?(z40Rk9BjW|Of&g)KHy?)uXHzR
zOKfo8$s^O(mK}W&B<+cOY8dWhuC?ZA*43dED??yyWQob0hHlpvd0)M*XOpd#GhZvo
zbVgK>OX^E^w_O148O`EcI6kzmEDoTBLr%5|Me7$`Z}b>sS5jt{KHTU#sHb{zxwY??
z@meKfoQnf!HRs^c9D3dMbeqHe2FgHG+yr~(jF?3l<#*$=C>0le_>&1(mzGy|n5x=t
z+K4_Q+-Q}4krEiw`j8e9U^D8c+D{TJx0d00QZw<r*+8{*474sf0D>1saT;63Z!R&=
zbIG*U41Vt*6E*uSEei}K><x}OiXBcv7Lukon{CEyjxI{-SVzv*2}(S$<CQRn$14!S
z#9Ul^N>=^dJlIIoHMr2NL)0Z#)sNV-F_V?C-F^ja1twavi0r`MXHm(uYxHm`;H>ux
zmDqIPRp+G1%s+k}MwOUDZqg%*q?{d#qYoo|UT>E2_|i$XO*pUP{J1pci<+a?bhT2)
zSGRoymEx`EzwcDre#aH_-kiRJ8}~BK;L~F2!80COMmJ`wOxIu2r*I@)PqX^xku<d4
zRf=ybZG0-xxHu^{!F%_yPpm)tB)i&%-q|I&|D`!&L>*Sn$19z6iMJ)A*b@>q?eo!~
z{0}GRTICg_<^fj}5ha~Z(|K|xcbol!p@6;}H+Rh`ZE+CG&BP-Z(cAa@6QNM$h+ccu
zx@Q|1-7?T~ukVksCP9~^-0FwrA^=h~s%Aiqnbf2aFSiApG!$3;K>JENb3>y<D1akF
zuf~8}tK4sVR<^?t_~uQ@oz84Bv<M6xMB?KNAsegZInDx?bh*ok<yDmu9qiCMmRH^L
z)ug`m_~{<{q#3LM5_Udl=Y>B}uI+eGDki@eP&z$F!8OFSVBV9{7@vTN(@hc2-Nppj
z!|>>HN%HG7yhu_Q>Cu0u2&^FvX<iC{R@2c|5g2E5s6VOz#b`WnXTXlEoisfL@igL0
zE#eqR-K)`^^WboXHws8``gLeT13)jHa)<wKC#HXLEm4i7G9iD-8xEpktd(tNu~AA*
zO`SaKc^})*>gJDCMY)wOVa_EfHqBa6jzE-Qi%Jc#-SwDYC`8REMsb&5H=6bo03sQv
zTrS?GNT>+oD3@5U467FPU*E9fZ)0p29f`N(i7;RQMi+yb6e-7IYT7>(OxR$&lkaUd
zi3(f8#{0JaAoRU{-go*HWUe?9P%R7n_;U<8vTXu~xp7yMyZ!bNHmIpp-|V{cM&48!
z`PBIBY(;iE8=f_m(m^24{;~Yg_wA4CRA3Qgm~gc$<&p#FE<lyx2p_*VPsX4uMO>=c
z?%6FEYc1`F4@NhN?ayJ%t`B~kNifvU%EU#B?rl1D@#Sp{?}tMDd!3o_&qR>X_CGB|
z8LP~fkWO)j0Z*;$>JT9yw6$b@m#a`o@?<mty6S&`9{#z@M*F+f0o*W(HM9R;l@fpd
zI{~fD<KoQqIsg2#B2+bBVXoqEj(jY9<`4cp!(>gpliW~D4{SFeQ(9@ijt-~gq|L$P
z9PDv2A}gu+m+vJ)85Hb@et{(^ZswDlmwX+kDm%d%hL>xezC#ljxpewR%V>Ac**xfX
zoqum8`Bl{!{e5vIH{*v7;1mlAr+6j<{GpoWWnr%z)`in;Wr~k2*uSq&@&w(hzuHco
zKds4@oiXI@UZ-~2MD%xMXvv<qrx3wxA61i~NUUt-vN9sdZFP6agu>hbm5ep(C<Pas
z7<*l)_$3FSMH#e9clPD&CAui!6miDG<{<N?t;)p(`>Bm$CV`Tt^(Rge&&syIu`nz&
zAou%8pnPTxk&pweLXMZ?Pge)*bN0a@fjB3z*5wK;s&WjmaDwd0fNBJln5@zcNb|w3
z;Tqwvk-&=Hy;jE9n(Bp~n%>@&kar~Lk&pYY_Wvd0NhX*e+weQ^yI^%>0g^5^DMDv>
zhJGtn3SC$}Q_z&(DY7n$-$tKm<P%`J+~}zs)ySkt=YItKX4@beSrVw^OJYuC(e_Tc
z1#EX^96J6KLWK6MFikF8iR$Pw_B|1Ar6aUd1J;3tP}6BYSK&*qtbNnP88q;6L8x@9
zjeBL7S2KsA>3C=`lx<Hhj}8T$PI2)0ev0b=R|Q~`v)rm|bFN^=HP)jj;tY|%O(p&8
zCH?LM3r28$!50S`gDo!x_sm(Ry3f=1=8yK@uj@Z<P$CBblRgI7+^Jj!?zP=IAH4u;
zV|QD@?$qopWenMObRQ4L*$Nq@GF*+t*s4KZx$)!7B^sVgQQ=yQBNrD%)!MAH3#F`-
z&andG$yYs6#+nl!!2EVWRux}KvNXWPz4&siMv*<g>9tL)FZ6O12T!F`$W=B~+YPWV
z(Elc)g+dFL;R`Pzn^WjVIOO}4nR69?u5#~?8@xaayH$B*VKiFw)fg}Gm!qzmZrS$`
z?I%HIRQvpCDt#&Cy{zUJmiE{3Z?q%^<99lOyTR{n_0lts$b^%yHS8{=qcIB0;lf6r
z-G~<f9ny4>K=dAd)4GVIjF`LgVm~j1_Kca9CNp&aE%GX42eKK-%SCp=s>sG+LAD6P
zBwbM<b-`W&Xcr4$7!$+SK9kQ+bQg*+WEB;2vs9^Hklx#BrsaJ#xtUy{$QYPiHRJ~^
z)Ake+<XB{xA<W@J@c^e``-+5!5p}u$s7$SnM%jmV?4DIJQH{bfQJ}vnOR@n9EH6Ky
z{v_;F-=CfOwIUHT@k^1_DD=S5p6G4BRhYeIe0U2V<q}NMVyIJAvf&8|d+o^~y*~bL
zZX1(n8KZe1VsyyytJw{y?ye}5PJ~+gh{X+yvgHHYy7&8R{O!#9{SZ%JfTPt3?w0<w
zPsi66c!$EX+p!eWVA!XVcntlFUKRMqab_~e$2hZ_P>mtF8ZDG6<qT)pa=_;>w&+Y1
ztL%a4_c%t1edxQlI=8mhU~odROjFL3E92u)8pd%n6lM=TKp}<Dd7QmG?74htw44`#
z=Kavj#;@2N8BS$v{M{TT$VZU`q11pW4ol?j{^XMGM?dqm_zs~J3z0D+WP0qxqGV4e
z3N863e*pMEScRlNU?f<B*QC&Vz;HfRHGcfhny{?OCS;<UOu?h%QxjDA1z0wb=5g_S
ze*+vhT&6~AV_YM?38!27QRl2+{eJepH`r|!_pow{5?F}?Aps6VE=K_>KCsGkYA_aM
zEz2E@wb*vW-{a<y@bhvePA>O)A<CvH6OD<PQ(q8ud(p5cKYtG;Egp^?%~#EQOns~%
z$D=_>t*uu^5^dg<aI?#R*;pP+1%!?xakeTTJEQap_orPTLJ5`ZZ<b;7x&y^}t8&T4
z0KdmJ^S}c8xFa+#b$IpMSVfE&CQ+5lWk7YtrQNV2NPNub%p>_UGZIH=$L_#Pv@SJ4
z`inu!rE6dYh}D3i?<>Pk_*E=FG9%MANQ0N#=ufsPc@P?9OtQ2O)^~6r@?kpJLrsy=
zRcL1jVi5|vTVf1}d0^dE+ckv<LWT;3G$8yIYzlJls7%}pMoi)3Z@jXb6#nX67;YNM
zYOVwpB@rg7gv|l{ef)m=5gk+#wS<2|86+l|c`n~v&AZ3UE$(BGju9bvCI$A)NkWCw
z&gyv)-ab+V((0-@<br#Q5jBvP1~?UVjB4@AZR#Y`4<H=Cf&o|iaDkEy5kArh9xx1#
z$)c-qlB#d+pd7SV4mhFF6%j8x6VtOHx|%sh-<ea*yWc{GF{~`S#x9oFt1~mr{*6GC
zL&u8XbOa>6E6PDhZdLDIS9kad!ky%5&}L5%o8>Mzm&aUL3TOv#!C2LLz+?V=>Z;1>
z07BVbPyw4bJRgoNR?O(E@Ky-jbQM|ylofJ_ePVZRP&91Z>X+Pp@t*Zrae(%rRXw=G
zEa1KV4QgB82f2UrftB^MP1Q^-2hO<4L?sgih1(4w`}&3CP9;5#dKD(U;(d5Jta@I5
zS6$`J;ArhSqkt|k;k>Fov%6M?SgR|;9NLi<_dv&T+j4$6PJ(1ufZWsai-1ETT{>{T
z2Pz(Nd3IU`HJ0=rs(3Nvbi+wQT&_0O*yP4aXr$i{_h{dcng8aobGw9}3UJS8+FZCI
zJo0gD{yEWO?!25kGnDkU7iM%L3%vrU8nHJ0w!1#9ce;f?VN<T8(i>+}YGn}PF_9_P
zYrz_H{@h{WSpCzQC*O6*%7%k1=`+-_Dtg_=%ASiwR1MFsu3zFlMg}yx<XF7Iy9MI|
zc5~#Mbv>T#qD7Ph)l`HGC^xOQyRAms;Vx8$v0IKOl~y4JXflHl?4`#o*`XhXJ}12D
zA8K8Gb^gn+qF@@J=E{sY9n?PvWkO5VFEiL3-(U?IT}q?TKIZ+%T2|%~&1Dtn)my64
zE+c1pL2F6Lcgd25Wb$6f`DH-M(`Ntkk?+6WAv|T}&wTQdlvqxRcwQ(p_Rp2jQ@urD
zp7<qB<{BR7j}8<p1)c-g^J$jb-_OZR61cs8PRG(8wM`BX?JV{vsGkW|6v=}YX|ryF
zzNy-)Gpti|Vv4TrynAA^@tvx=sts%~adGsxDAe=bY!}ncsw;S9hgDLuDT-f37EY*<
z7b&Q{p~3;ufBIGRQ@Kth&rzs%8?b;}KCmWkkkc4imeic!5q~Z&v3fNtf}_;l(aD<2
z-+vIlHV4qgEjts!-C4=wZWpf2dGB#lJu{)V!OGI!@2o&%iUd@O>I_4vXIvXO?~W^E
z3Na5Y&;YmjExcVH$Kl)@=`;P=RkRNOAht1yl3539CG#U_)xhFi0L&?iMO5!!cFGSJ
zGLd1Wjb!^v%TPacL17imHv$f(17~4VPcU`ztLgOt|BFofp9<@LE|eg+6C8z1lL`-f
z61<NPUevxEGv`Tw=OE`e^>AvjKw2)A?h9{sk-+mFr1fjZ3ZnBDzYs)8B9c_?Xstee
zl!~(A2GH>1YE2IATh2)W9`#h&96M%D(X=Sn?GSZe35gJVRw|IeE?tSzV>{X3!E?yu
zigP5@ud$DAn+wt+hvub`fv9#m4>5bzffy)PtQ1lC^thKMj+bwifF1?x8Q8x4DN-b~
zR6?5V9V)UTs0Bgk>q}jP!~HfJ_{j@Q1R*&4mDUJJVqvau3&xfJ-F<ig`vtQm_*<nY
z7N+DtTR}8?^N|%<yB0<Vr(;Y_brOyT7btJc{lV#-FFs6w2L@senS>F~3WEX5d8XI)
zld4y)1zuP5C7z6%v+pEO6fwp<Y;JyQ-KGm`_iuXB`tG~otam5bE8Fg20i{1b298Sm
z{1Kx?oAdSU<+%Wbmz0XQGSoY>$7>G(S6Ts{vSnSl-yO47v-fYeyi%T(uwvz-=?#u1
z;#GB8DbU>Vc?oStV~EQ9P3A0jhsvz?6n66IXIk0cDiI5K)+GhVaLIMayh$G}8&*bX
zbDeS^;_=;idobBpX`fT*YDvT>;1WumfoAWa#r^p9D8S7f9x>Q3D#WE5feP7i#$Szf
zZF}GopEiH@JH5Z{bNI*H^BMW&+u^-XIK6fCS<r0e%<qDEh~hM$G$;4+Pdaf#QI2aW
z(04MEI&pfTfQuwtRpr*50>4_>xr2=h@P_<HaV46IPLU;hz8!)(&pBwAK04K7s7HRS
zdKt^WuQSzdWaU(frzd?3_G5KF?L+f}NsVJND%~SfF7+J5^<Iv;kTBpbMsT`coXr~&
zSs6o33B1X-1xAR6fj-kCc3>+S+rdiSxEa;rL36FtH*txvY{<0e$6H-wgv5SN8C>SO
z5sR28?s2u|6c`-ewiH!oNI9ZBCS0>ny?r#Qt36^{UM|*5`pzxno05z?qL7V~-CNXC
zDZ^isU}W7x2b~S@@oK}Oi{0O*$(CNZ$$d?47tO#;rQ;V!0=N_6s0&+NS~da3rW~AH
zS?_6P&D$EV?gOeMGVejy*VkWQEFlJ^MSDw#z9FzpE{iK{bX&5npIaY$%Py!0tK|0L
z=d4{9!d~e2^@Y<k8?(Q=4~yo!Sy7a4NHvx_Mumg+dv^3fi<7yPu+bIF+w9V{E>owC
z<IZk-4tOOHnIJbj`N7fK!+-h%C?u2ul<1E8(?uZQ(^IH2HNu}>12L34u@lew%aK6U
zB6fp4-dp`^)Va~R9)d8y*k!S_rP5A@$t4)vmA*htJraPoj0t_(6F_&}efvd4=?z41
z4sovmeRl5GyAV4C3rY7IC6yxiYxl_Y_fu%5Z5{!XWz7n+)}}5!zHRxNQ;)vw*!}J8
zr*p@M{yz{e1yNkb<CI5DJMMq482Y^C&c?TE9>%v$pMEBJ+jYs;Lm9OTnc>ONg&KXB
zq$`#SqVr2{|EM@ba{R!3elEGr$!p1N)jrbQ+WTqUmn8XnS{GG5peK7ED)yM4W=Y>!
zX~XLTjiTq<-EI<;r5xdVAqFO7FP@nE`hdR1g{liHB{)3O=)OAcm-3_d`36T|zut(d
zTs1Jhu~5C@zwhCop!ro$|A^zj$35-=y<3j&Zk{bhu$~`xW4KbUW8JHbBJzZk5&XEj
ztGr4k$BM2OJGf^i{=*3}-Hy(*#J@sPYs9c@f>Rl&b~MXPa!;@#p&JKh@ojEj8dxSw
z(Q{_as=}*@NXv}RX|B)_zS6&A(_-~3cE<deGf+v1+T^NrJT!zB7%}sdxo%(ddJz_D
zHi)<LIfxOZ*7W3x*zKnQ$pq(xA7FS7rY2hKtt_a-V%RWohEO|e1K8L}^zQg5x46Yo
zsu1Jr#m#UKiJ-v{(tS8eML<Zfd>My~1yC<Wusn{P2W5Uli#8WGhJ;|4I)h#}P4OOb
zH5zMLu6mx0YEt+?3{aJDzfqJ^LsBjiDu$F`aWjD(g!^wvLc2{13HG6|vh$fLl43gu
zn5JW$La_266a`a1P52=6$U?IT*rC-U9f`HG2$>U^IVemvG&ozH`+&A86Mb3mzb*0q
zrGT~Rs%vb!W}7qW0k{uY&)+p?-BDf-21Cc_Tad~rQ1qfSulMat`<r8j=ONO=UgteT
zsB6M--8r+dp+81iRJWUyERuoV_wx(ueh#%n<JcfhNva>EE#`gt`p};=<9>qL<nF7U
z?!j=W)m$~v4m0n}go<x3FNF{6-{>}X9xm&{m3{jSL%)l#M_;%|uiQ9{Kc4*W24Z;u
z7-!uqlB=t|v~kdBYHWk7=FRHJxX(7U3?C;?BPCQO_~op?>Wp0J$1uT~t_Oj!Yf6+3
zzPWYa0919bKh}Qnp|-qNYn8`Y?W}f93?|*~I)^uC=6vq*m`da7yXv*KswS4767~;&
zo+^2RF^ZoNyt-xUer?U%{+jlNL7SVw0%pna@??xcKchKm&d)n-DF>exGUd{h2Qt80
zt*-VH7>pjt37sbR4A~nTG+6KLe-PE--$+$Yc4}~F#9Wt+kiNYAcsEML_`Rakew{KH
zm=4$|5ZbYd8>LSl1eM1mDg4=4Hb&LfgEfLRc@e2H44}3Cy<oo_4R-1N5V)vllW1~>
zOR^68e#8C1fY9Zk0gvPAr3EENt549X?;qc@Z0%QL-Wcaq>QS!BF?Yt3qoxN@pphLC
z#jA>oF(SQMH4*&a!0em5!%lLKgxzZyxuZ(>Qk#OIlo?@%!#wY&d2245L3zBetDxcS
z(8t0!o$X<09v^Ja&_QLFYkz+tzZ#}}|HY25w^vteJ(go-0>$@y)#!G-`PEcoEVkoA
zj_%q*!FoW8oA5aNUPl2_3vNF4YJQ=%EU{w7YsWs-6%8BQwjYe>C3w&dZ*V<&tD)%I
z?y2lq7d98BCW$VZ-)Rvp{mKBBut{!|+N&};#-%>t{>t#YHI_3yD@=O%z1bEa`uQIF
z342bQ-0hsZKc=Yb^vV=5arpUd`036{ZD|heMMz?@TirT3Z3}sW=7OhQsXY394bJnN
zYvWeIg-Nuw@xBayFw<osgOP~G;7$)bO}1A0m)y#)-nsl*VKiUF%t+o=wT~40^}a%@
z>liNW>;c_vVT&G}=X#VkQyov#745Pu!tKFo{dx7&Uy(B7KkrrQ`+%n?;640ck-NwZ
zS;{rQMb_~ew}R&OKo)){QiT_zBo@oa`=3If(Cto9z@}X7(Y3?k|A)5s4r`+M+eecS
zU;_a*p@kx(0TBU16$CX2p%*~`k)nhqAXQNj1tBaDniLTM6=@=Z2r5lfgir*r(4{HO
zf(=0tQBlwOe4p$0zQ1$Md(Qdi%yludyE8kxv+PWE=5yco$H74w5Co+0T-eZi!7W-J
zuv31VlX|Z;dH0W3_o3s)r($N2C4%uFBaJh&6;IA&sgT=P#Jj?Y#cpGJ#0-pv{07VJ
zO1+s|7s8-6uq32+%7a}(FXT0fQ4f|~3yMze`E{Nj{NdDCj}|u4w65@O-igOPwgX$*
zkO-NBoMgt|doTZ|0sltITox10Q47y<V9>MZ7Io%pRu?RZh8A_~-x|Pp*7kY8#yYnO
z&=B1tyt?BBa0&KSv0JI%>H?|X0<<JhgSeELoF)IAE@dITZ?|XIpH<J>!Eaki<j9&n
z;Hts18d&hS3YKLu8w*TbD)z4YmU3O;MXKM+bq&x}1`PPkrN;YsDV=O};pICRR$JL^
z4LoF%YsK^!y)eF6ewpIrM_4v)uiqVqIF(m}{L|$u+{5!tYWw%z6_5zwxPQ0*TO#mf
zDD>jR+~-nzc&JuB-IiPiGI^@yLvnG*75q8Y=5)ZUpZpGIrvgkIso-O{#v}L*%mgp0
z-B~I*5kN@H>a8gTkQay!8d3(XYXg+;o6r`{DT__^Lt``CM=w8Kw0B1!V&W~m<$~-<
zdKFm+;h8)tzD$g@hZ$f_C$5mAz^%A+pb<@h#aFz$-W1=DQ+ya#Rw`E;x{lYuAmQ%|
zW6TB&`V?d)iP48F&}qptDRn7RR;c~tAV9;O9#=coTGWf?@}<!SAt4|XcR>O;4+IM*
z@hO=)FOR>nwN>h`&m~H-I$WNIEya7)K`=azMj|Y+u*AYW6S}mty*n^8(ykw%SaI>z
ztT%r;kOL&u%O!$PX<PhGV7;h*Z~aih^s83~8UsR(Ex4N$go|&h9r$lUl0e&kd!E8G
zi5z8)2E2@<Qp_tpN3e9wV((o_;4c;VoFou+A-NMU>iN#dy|AS`f{mgY9%#hyxLdi_
zOsRGRH&mOL1DaisF!?roP`=BMD2I(cM$lZ8+P}oAb7jqB)mb%@P1Y>(E%Rk?E+Bz)
z7bo$}P+|Gq7~I(f++87X!?w-eX}60Zju2N3o+O((FvEFX3EppJ55+BglA}ewPTU%4
z|3ig*vo>gsZ>UIA$WvNlKNZX$7ya_E_zqCNI=K+heZpa|=w(XHn)T09asSn_|McYl
z+E<0~LBTi!+;wn)TnXc(44Gc>93j2}a>nR&g^2J8%*5qMbZ2l?H)jSuX$Lx&FNc1^
z)C@1ZfKLcd-G;sb+uP;Nv>hyeMp6i_sx3P6`p(4{5=tUc@CSFiD?^uq=;ZoEXn#Jw
z?P|51`dOV46z04?ex(z?B@PX!hUVK0ftD{2cy97W=yx1bxA+_vGPFy)*KfJl5IRx-
z-Qqj9%QA^G`5x5RU`l1PDKU{L9((*WzJZv9fF(HpHUzDnV_L%5u?yp23V>)XnJWmx
zzo9IqpBIDH-3GhGxQ3qxLh*+&*<7ng810U;2LqZ}CW@dOdWEU-2|dy-!gu7)|AYzM
zDSy_8%dhdVfNeXDiE9_RT1iDB_ArO}w963l(DM=$PdEN(2>AD^{|OjaQe>{(aLF<q
zwv}gD8j^YB+HQDdS8pbs0hd4~Sdd=F&f_fN0T?QyZB9%E=jP^VYimW0TvZr-OXQN2
z2&RcxH@yS+nPeuKMNDNgA(Ma}4IM0V`3#1SAgA+zh44-sS}2WYy=_aXb`siOuAA1S
zq%3FA&74+!=oDF6`S!iluk+@oWnVyrlK~}U^IzKurSt)DvbC0Pdg*i+aY3EO?R)_J
zTJ>6>j-KaMe9+LMI^?uu(y87RK);u8BDNH8=$6GnXg@-!<VrB;2$Q7PxP>Ql7AbIm
zz&2!d;_{P}3EH!0L^zLRzGX5A_ne-P<x7}j6FWg9C5ed<PChopBl@thUP+)Mg%2_+
zn?KP$53etx3qIyNynQD5C+1*t3FxP&ZPS&SDfTC1gS=|0yk5Z4-REhfb8Kot#tZ%T
zj~vkAnmF28pBa>SMsj&yu<LhBb8Z{E>+lUhiA-zSb=FcE1kQ>Rxjf<=faoFffTh!V
z$0kcU60a%lERJFd;XoceAsy_-u~X!OT}U!nmI;_O7z9e=0wgrpj;4A+^imCfo!@+6
zVtP6fTX@NTu@rm!%{D}G1f`>RfOYi#gQO@uheRni>dBo?lEr1}EElh*Nr*|ZnaeHg
z`5rxgnXM$tX2VM#Z@dOkh|&k6TMMLZtU|`W_A|-^voH@S;<#>RVVbxM_aWanpV^~D
z>!tB%{#?=x(^z@}fz8FB$vnr72LrK9XmmS>o&~XvGCcBtDG)HrGcjx`0<Lk{gq?h2
z_yPNMzPKqg^u*gU*pFXZe<%3TK0;?)^1yA$0iE;tb@5XxmJQ0>4y$RqZfj~ZFnrQ#
z^X?>VqH6jL-ae<3VNa=x-h9D~G`<kg2V{d5C^pFC%Ilt--_jDT8Q84;<M`QhdPKW8
z4$Y$=mlFuuSh^{sBHh{54yF_56d7GuqR-sRt*4rRVeiaz5~YKd4nM;PzU3d)&=W#1
zMwb^M0Xs6#KHx&n@diF{1QQ5mICccTB|kE_x#y<KffuX4a_ldN4s|6t$`__=n20c6
z%jTP5x#npZ?<0M^1}?aIiz!J_#%%%zx(=y*)MYcJqN2shVhBEH4Ql@^-EIRqL-Kb5
zl7tRBiYBcy(J%rRB%uRzctipEqwTP0_8-xB9+{a+NhjmrmhlJ=@LJ?AZ&6v46A1~Y
zj%_l9+9}th^mhKxY_#z$JPbGvN3j#;{Wg7{>C_v@ckOKN=(gLW;A+K35aVI2n+_oX
zCby-+Jdd)Z2%RyqH{cC&HTvum*F8K!b}Vn1ePl`mmy?KmRkXHXH!U7ZWFd5T5umTK
zWM8(F16Sv7uR-uhN=k%zDPP>lvs^`Dibbazk!O*_gmfgZ2ch}&`FXT<64nRXLGYCm
zVory4EHS!ql}iuFX*?odvvqeoSkI9Js02QWn39Mk3IK%cQZ>;FKH1{1?gEA2@PwYg
zg8|3QPYg2TqAs11N;q--z)=MSi$j`?8S(~`A-jM27TBHB`PA8!p=cYqZgpcnI%74q
z)J!5(M&5R8{5S1(z#30Wm&dF-`kU{St>}@T<xDY4Dhkk_&`I4aPqiE<{Vtw8A5|Z$
zEM=l$o}n!LXQwuU6t6blVUgJBxEwJ{PQ<LV3DHtX><j{qEEUBrn|{qV<T)yuVz~s4
zNN#wy(wC#e)7lU&imOCV07yO-osL<qk#N_oV~YJH4LI;O63UV#BvL*qqmL4WK;CzG
zzZ6B<IhaJ2iDg1CsE|-b2wxhwX(gC`bL#czF{5tGrJwiFwJfjf4t_GG%zSJvGgUU%
zk2`Obv9jjlILk6zYo3-%EZ^D5DI?}<?p&B1|H<Yhbd^2`m|bj2CG~Z)G<sodl-A%`
zJUr+ObR^%8c&(za<C~5-mboE4ftE_<AyRB>fpl|4co25P5+N+H6m1XOpPxyC2M$Oo
zD!fw;GCZvpWiB)40_1W4a1O0Sk4rBF&2od+`;P9VGbhxx>Ks1!WZ{#7o^9+_sxO#8
zt5Fd8ox(>G<3$v=oI9g^wV4+17=0RNR;xtkd1IqUu+}t=w*;$%P*5bH?74MY_w889
z06HE-ifHLEgs9SAo6XA<eF?1O?g#=?5G;du%=^nifTJwkwcjCL0t^3$oTgJ~yzQDJ
z;mP8q0K_2yqzJyEA0ff~WStobKy(sl^du~i3<Q@YioI9gt62~-6|?({bk<ILkMV*#
zs}GG|m)un7+-V#kf=hB|XK?SkQId<tT-Js-YqpPN<+?K^XK8PXQ307=Yw6pmD`6!I
zop`F{S6OLcu}{Avu$#@9r>VY5rTqELmmc+nI%cuuO(<gWZ0picjcD4B6GE4DZ;uht
zprPIOHRTPCK7r{aKB0tus_H}@e!=p^xm#$C6-xmV0LqJqAtv;!?K$+M{V4s?Q5iH@
zsVMq{X^a@g3MI!9l{dk!xuSlgaFO~z4x~gUhFeAj>3Nfb11$7NA>CE^7dfIBlq3tN
zB<QK=DfVvALff$vt7QqGYJa)4O2pUPQ@cXmA9A-k_#rsgDt>l`^IJ*3#rxQ8l1z7A
z|6^wx%+)OcZkD~Hxi#$j<C~m5gq^L4^d6~r=PS3Qo?b0KqI&(UMa|_=FyGQY`}{@p
zR!B)6*?<q&ZTW$63owZU3mDv;$hOn~=Een)sQlJt`sqi+<!+jfL&Csp0Apb#Iy&0=
z#K&X6JBU>DZn4gE0BsR3mI3$y&WlR&p(XSrhxq=ufdFQ1z((twz}xwxrF!!D8Pixf
zM%;de%ifC~dsa@WNf1v`8h_o#mN*R_*;jwAhB}J<mK6mFY#-_B+B1}9*j8=fRV6)|
z*KoV}R=NZp2^FgAMCjMzqXmwylpc&JnUx-GI1MShS5SW*@ovAusLb2<?{I2*wv7c;
zx%vl(i_<F^onQy%B|zB<8iH51_?FxKQkCoxhLVXq(gQdK{*9lrh$W!uL_KK{CNwB{
zETQA5r!@^$%4ZhlWFeur1igmV2RU1w_~uN!*~sc1HMmj#psk$|$FmI(l6gP;u1eF8
zxnSXQgJyAy;Y5_Wk(hdS`dJ1FtTe9+iV}}T$vL=uk{gAXkwB3_I^f`#Nbr{w*gPU1
zElwq{-*BJ2mnyVX+}kajCTS365jZq=sA%Hchf}LRA6suEO8I?~vv`^C5LJRmE^E`v
z8m-7Zln;A8b0F3Y3kpQY0%-$su<gDDbxo+a{_c|?p<!u2S|*b*wA<4z%z1do6V}iC
zZ0sGaeD<5maq|)A;QSTOk!=U8em<<0_B1&1qYFyX!xYFHtdp`RJc_mRP5loXbP1-I
zveDD>L|HiOu#rh)5San$T{O4W2AY`&{I1AAnr)Eb;Ly<FS0QEwgF;>A1J|m~o3}w#
zI4Qs>fM%&u9W$jyy2R2bzDi_O%3FdBhaO(30Y(LK0Vx3O#R`7kM<)z%ijJ!+pKT2`
z{6gqF|5jB7LH;Gs=~*VXi?!Efai2|Xu2N$;^mQ*#IB6+*wW38TJ=423_wvcx=UuD1
zH709I-d)#^P+g)Jz1Qg`JZwNoy5cSmAFMPb`4Oni<A-)lmC4N>aH)^6Rm;LdxPD$G
zv!X<x)U?dNWA8e^ErhnCx4)|#YOh@VsP@kb@vy0R-O;&xuxWH_xv}^w8&3<fiQ@(z
zV+u1&eRO|Tt3}3W``DbcOteyMt;?@WmCMe#hJyeitlZB*iL&Hvo)y!J;F(;M<spEp
z_)ok6!%|>rWB|T0RqALIqP7*4B~<{>w;E=~4|K-bn6limw_u08RcX-E<=o>Lrsyyh
zz&KKMq1Epr8ijTb5`sj~cIe{Ivp=3@@p18D@gf-lJH-O4#oqMhpshqvs&IRT28awP
z>ZNf5>mj$B*F2mzBe&vSasn5ao}6^$$2$u8c_kZ(>@&{^VC9344S-ptc_fj(f|gMl
zV(j^vJN4OSp}eJ9s;b4dCgh0or<uFNNI8k1tHCaYySM9^5nj0KtNm6O`5JMzH~s4e
zv771Sipy&1k30MFs%2g42V<z$i+1`+M(5qyqE;#LQ9tAPwrgQ`d3;i8Ru`DWo+4$D
zdq8KkO_|Q;hM+*RLP&{QgyeQGcK&(A)r&_FOo<ur%!YN@-CX~g8*lh7odv&ZxkNf~
z5fU^E*u5j=ZztuE#!P29G&4QYwG0PXkWJv*vZUdyQ%+}NK4c6GPk1gX?GD_WMiLfg
z35%bxHEM0BsM%%{a(G@5u7@ZIq0oY=gRxSAZW9|_^v{;AuI<gZ#F3xS2-*O46CRcM
z;>zI(jU4&_N{}UUPAvzRgA6cErO$(M2d+kW#XEq*Qosfk0nx}!mYFu&G>j|k1IA#J
z_DdX$??_};vU5ov3KJM~)TN%O3={0pB5HNJjz|5OJA45YN*pABAf{el_V%e<A(gX3
zYJr8<TBmGYMN;k=sUp8x-6_nt(2|8^6Z&50?uSGmR0c~w9-S`W&SE4?TYbtDVoF2X
zmGEdS$Vwfo1Y6ukH14%UkCX@(<s7V$mS!JG&DeeY{_bUK?K;*bJ)jDbhfpI4-E~3w
zM6TN~$$=!b!3%S>Huv}bm${Y9N`@D^2j<6sy%wbuhb$?TCETJdG3ZCM2((`huLP+s
zh|4}}yk>o7y?ECdRl6-~dP2f1srRle=SLfBgZff@y9+#g3$z9c=46Pce-{n$H{@Te
zZFzDu@0MW&Kj_<?V$5bbc6j;7?Y)oo_+IRNcq?YV^><nA8&w6rzOVKjDKgmYR{KRd
z;~MqXi1G2)l?6FJ?Pm{!?i>)ox?0(rWy?8zx~@TeHdtk*Kuy%WJus6n{X%V2(3W#r
zKxqt?zzk39c#zyGqH@P^R$huvrSpY?zHLx(`0y<B;e^j;Qlr;uc*3k8U!WEc^pX38
zdGfIJ#I7T?f2tL{;+O*1>2<X!^j|+U?FCcw<Z9F~Y)S&in_fXtjL%i=8#oxzpOa`U
zD$eicS4io=kimXuc4c;+?fv)R@iQGVz<a=Q-`{9IpoG=_dq}pXJV(uKR4pF8?-!Ab
zSW-eG5r6LcYJ7S0@jw)#&3{jH^uZ&yWWL_}xN33m*{wJh<T)##9L0FhMq+6pMR4q{
zP;ImH#pK156HLJc^0Stu#KmXw6+o*nT6eWARA|#HSQ}IrO?L!E<BvHESo%K2_Ft)E
zH`B<LMMOp7UO%n@p9Co3azQ#*4)Q}|iAhWa4hV?=lK@2Y^eK%<X&F^-3!D7xU}y3M
zUMd&#vXvB8`w{5uabo+vmbdP9-?fThM_&x8k<6zb>eqCBx$SQXiT0<Qx`IzIG9kJ$
z7;2Cx01$HJmT9^vyu00!>H69`J_W;kuAYlw9H78yuLH{~?T&vqr2R+<q<7thWYH06
zVn#D@FQYd7PRm3)!%WTqA_(kT^=x_zD^+vSB=Cx@`mrOAW|rcUw8q`<Hv~otowUuj
zSb(yZSRwOGB(x}W7}eI?yzBwWPJb^>2|@2IQsJQZVgUp5-=4zUj&s|=O&oM)q4vF#
z7U8Gw1(QU89WN{vE?TgWPZ<n_UL?37x1j#ab<fSCa=2f*n+`PkHFih_ezMg-kV}4D
z(D#kCpRO6J&-32?dgS?Bj8tEG$?Ke?^k{nBtaM{hjrg+lv}H_2spZ+K2Tf%KKbAjw
zB0P_ONExe^eX=if;_<-~9*e$H7s*v8RkM1k9<4`71=zey!Nfi8FE};13r5{Z4!!{x
z3*$)bkLazi2!VjBq7rLMYa2Zw7Dy6SR;7Yi;^9KIeb*>UT*;e4J<?Dt$T|qD6QOG*
zZW(sn_0i7~^%QGZO>UQ!j@@SU7FQ%p#e4QhuUKCl|8=nDieK<omx_V+=*OyOf=71*
z+mGn(u06F!IRA-9!h7_Ob`vG9r|qw?uQ-$)pCFW^AZ(OX@(4;v+o_XbMgJVrmnJ*4
z(eTg6zq+ZvB^Ob+i%+z3DX<q&U_ya9@w&o2d2Y`y1?tWam(Lu4Pkj&<DWa9z`ms(v
zB@Zyi)dx2-o|o-(7~ejV86N+*7F_fg(A_`>o(K~h4?EmFJ$K$_ny2Hnp}b7m*{!qj
zf;+XdDg}HBcl|x*AJlAX`g$<8uS4XOn9rKCa=Y)Sj7vq5l?;39weiI?PzbfBW5HiQ
z)eter@^94(dyw}1(^D<nlqK<{Te57+<HQ!O9#`P6^lw+!<AMA6%y1(Z--zsu?-_|X
zT1g2egYg!9!2?n*_YU8$09?fNz<i37*Ay|Td?)T>?Be3{(GgogvpY|RLRDr}1-!Z5
z+Ust;F?S0u()XT9^($(So8BFKdVE9aw|fVk1a8h9Ikx{u&9TK4=B4FLt1dzHpDyow
z`PSx6aKYtbQhEs;#}`h(dIa0%*IA4d`EOoIc;TWN_JCJ<`DfH>yG*vB32_z1%wmF*
zZ}Cq6_M#dvXYf?=yTSV(pRII$i~Xfvd#0G%!BODzUq{u!3m`ZIzFz24L^S3bKA3Xl
zk8~wGUbqfu$}B6?Za4Pcck{%@k6Wn=tzDXhbH^^PQk}ky+`p;g^ZTIx^T}New+wcz
z`ACWeuncz7^5^9;g4sFt@t1%w3s^K#$K!UJPvsz&b<=SvF&;X_M5_UZl3-UbmWfHE
zHQDXqmOi`=z`yud138<biY=7->hjz@qghosb>MR2MW^6*c|rFC46wSZVTW`LMjhnx
zsxd;E@W><tnu=qv5g-T4H-<R|8DQF`?#Iq?wum~IXf7bD^u5*hVz$oCHEf7$-wI3z
z<rK(|=#160&B@0~)u^9)R4Duhvuz8DykH!smv!oo<HaXBTH0K~rP{9EddDG^jw+XL
zwl}7-SR|RSY{G|_uT#YLdaQ4`N5U=;m+my&p&hxAAv3P)S7_opJet~}fxId}8oQoB
zJ10B1pS)D^JjklJ@@hPCxjx^1B3MSuWl-SHn(L$(S`@Deq@)&oUR8_rOxByfdm*zM
z2JL@Idf{dJXay9T63zeocH*P6u}OnDFac=#c+FbMhfRKig>(`kqr|skF00%uPOnSo
ziu0PwAAdo<$&qIY_hz7;BJ4I-A2PDp`0Sa*PmkbNKR~<K=3kD|K6%ed-xpX_)LW~x
zOdRSr3fe5UW$r|a+UEg<t+_rriw`dSmU?Vp`@$$j{ub`Yc(wAx<m%XyHv~z~9gWXI
zTAWU~%MKyCubq`1gsJtCkGb(}$%hi_%$8UjqEcr(_4Ap*S*5nkGJuePkWtuX5_-?2
zaL5nhDhJ2Lxv70vV~?@4>*9P}RSrnKh$82c>KK%vO!n6u4MM}01@Q{cu2(o6>(yu0
z?h2~Sz0_K4Eq&cCewW)&AZq9C=yhCJUS`!B*X+n!{<&a!lhp5T{`bq%tX1D0YPj(7
zkh^6yW}13DCcp1Uz0W>d({WSQ`9t4t=NT+FT~Nbr$rGnMh;Q3Q=<BRYgt#OYtQa&U
zPUgx&W^sJv=gqLsXl_#Q(h5_20+88qi`C%<9N&}%g`lO!JmI@$!T`A+&mqLr9@#>5
zEQrX@+CWb}47;@CpzjJOSIkNss3h&{<O`yA2GlK5@4|)$*G^C=lrMNK^YQ4cOuKmd
zt6M2(^~op0vYXu5L#9ZB>0MR~ZB^a^JMhylJFv#`i^>N%`w+Pls8V0a&**HZDt<;%
zrk5Z4!+n>V$CpiAB9Ts-+s|EiTr*HFYO7ot@x#)_{#EpkAF-wWk5+$se2A$ze1+uN
z`^zYIFn>Jd;#tDvr-8|>=MEOs1PlbVHf|=l62}-QNx%cK4XpqmShJ#W!dX&6)1o+q
zu*6iKBLbE9os}ZJmz}0x4r-!_C$#8{S<~?du5c)(3Ek)}*7{uJwLi<~{Ec(v0eQMn
zH*_zHZdh0D7F+ik!<u*<{fZXmJp5B?E)s7F1rrU&v7^T}$#{V$X1=wTCx(>w13CAm
z;N{rK)apR9LqWbnL01KzTN|GDP+t!@r0(3zoP*i0f{+r?huik1xAT>=>+q0cOzy>z
zP?P+z_#Byq_Z2$tP8~V*y_*IdI9%=jG&;ILRS+#=03L7E(mLwd4g6M(HAbUUfuG8G
zz){fk5TKBGQsLI3D><0x7|wOCpn`iuzWg#}h0bNvH%ac_;h3s-S#RRm!$8BK%R!s`
zs}eGAA2;L8(c-SD>v&p5t8U$q^`-kwMAX8Mcj>n3^{cg8A7QlF6wt>f*n`wCgr@d#
zajo|Grd|p2?E?N<s;K7%YQWw_Thf3D6Z7jjbyoRh#w1$MynXECGPXFG2@oBjqd*Jb
zv3;|1na{QJdDd4pr@XgnW-PhpGxiDGoY@9*sNk-P7^_wmy4hpKRp!kkJ^lQOuRt$2
zy!@Nlw=%5h-ug!R>&muoy`YiGomn6o!Q0=pXsusWUl^EJ{%$g)!C|De&E}H9ZJ2Ez
z_`Gzgwq^ShgQvejK8)|RYt@vr9`?+*#{OVBwl3}B_emu09izL)8xRkQxp=o%PvW-O
zveU@u8KqJ;^M@nV*AIRw(}}#?v?D0;>WK#LkQ27Oflv~nf-;?!^`z8EqXW3F3KEpm
z=9t29K2CvNaTfGVK4yg+v34{VMcFiqX#0tbiX#3_`hExU%S7vJD?Rp20Z)G8^IH;D
zNOt$lP!_nYy-W@T&RY^k(7uJ|H};LbF+)Utxt5ZoMRjM2aV1VZ>*Nb;N$LY4()e=c
z$eABV*(7qr9PQ)jF&gT|SB=WgL4pn{cWvbBDuU0~`c`DVA9Qyry6<*|*HY-IT9voe
z?o4|Aa@ut3Pia-N4)Yu1zt;^&Afk<x<jUoE>YsN^EP8xHt~td2;FULy4aU%c*3!2s
zl}KDU__O&_fxLT}dl-KDNSMYCA_w&Qq<j2-b(><Y*DTc~S&WZC_MLsYk?hv(rf7{4
zE*iVzq(Qv1@}%ly?>m&z6~(mPtzKVF9hmwf@GTk-D2%?k!xffr--M&x3ta0nU0rjn
zFt}%>_rNA?tJ=^vH3!;|wd<mOvA)9DT$DLVYTG#iF?>AWy;)Une(E)s;oadZzh9aa
z>Kth6*%EAX_U7f#^B>-R>?|89xN<WuDW`s1#Zu*6?P&DS&cH)rOZlDxM{mpdWAA;Z
zgv*r*7dy-<sQq;JX~c>sQckqr6TMr+IyElUR>I%XyyfJCtxJannn6Z_0Q&U#gJ)Gh
zKnQegey)4-Ya^=NG|9^q?u2;#SJWJakGGKJGHZ-U_MVDznWgNThxZ3q(*&Avpm;o&
z(r`}_KxWqC{8#Lm0(hsW8$ls*t^yDJW**OKdoz_5!5!w0vBpmu-`@oDiP<_UYBxI}
z#X^RVpEBm!E?L{EM{dt9T-~}@(?}$+`Q)})k>?k(VA&|ECZ*H1T);}^(kUmbj^N{|
zk2agGs_4BKNV;(P4^W&iQ)c!!<}E7$|J9{D5w)FhDLjDh-HYt-ISLfH#$5o1Y{?Kk
zjw7Gdk51sq2SN@>Ad)zfRLGGs1rS-`rdIS+kdL4$f`k7Q#0aDH|K|+@a~zAnfGbk?
zr_4zr6Xc))t1MJH#no%aQ?!y=m%o|UoJda)84Qm*_mV493Aq|FKRy928?rSLzM_Bx
zfXK3qtK{n^3B0+scgB#R(^j#~EX>p3_~2#DIy#*hZV$8^emY0vF9eW4BQCA!<9c-x
zIhS@7Ug>3+KQ-EQxlu@j@F2^y0hcO?MkISd_F8HpueieE3{}vM=Q`7lh;J)S@y}&H
zPKdAOfTgXLDleCXvKU@v-t9>CNec51%b&Yp+eHO3BjsTBQB5h8o&tvzkhNX<z|ysm
zIKG+o3D7={fkUH~0n+UZ3Ii%k-o=i$wsE8i4+CT@F&?9XDg#Cd5?qpc!=7rtl5w=D
zm;;MPyl*^E@TZOqkBssAHSE8VYxtyYalQmvR2h%Vz&D&{n;i6>(Ot3mkibpG!u}<j
zfK)&#q;FE0<uefxasNi?j|AB8jD&97L?AY9{?`)x|B#^nhdfWSdmr2W%_9@h3;=<H
z_x_d!;6J3X_J8tjzI!bQFc=6VoGbE6X^&<nn{+bnKY9OC9ESu=8m{KeAQX)+AdrKD
z>pSc-XW+uJ(g_bp4!U1Z^LY%!U$z{Yy;oxyhe8SbhY5pVGk9@ux&POIO!<pZgw-Pd
zOUz6_hy@@HAP+5}VLdBnBJVe!v(gD#1&BN>b<>I?g4R_WY&n0&2blBz{j;=MTs*!i
z-%_9(cUT=5E5T?`20bDxLNU%Rc)8seO~92Xg!ct|7~xg<+S~c!J7%5uwp=+tys82h
zrD*5u>^}0&*^;uKUUHOMmwDMRenXX{bXKqPsogDm8Y#3xZN0&>vTbM-Km_x$eeb02
zF|0J+fsD7%o%#_~el|$(*0C86_%X*ZxEtQSn9tcJ>UBtKAA+#t<9mLGrRHqxI-F<8
zm&s?n`76ayjTxFX4yHN#7%sbLL=a(jS<qVe#YU;lIaeV`6rZD^63Z9thoO#MhPKBr
zHnTD&<P|QC2LBUN|6iZv|5N}r?bLI(6VZ7<eH+L^$y9g)Z3qSKCeVxmEO2mG5+5jM
z$^yhv0Kr$J$ETA}$hN})4zr^oYM+*v5Z;S}<MA;<#55rg2kCJ%+29R`#*|AZ7Qy0D
zhwNWZXD_W~6PySM!)Edt#zRZyK0v=ep?e`4ZO9Q+)ME<I5G2HJ*N-wyF5(SYnK1c=
zR<|~Le*Y3|7j}$GAed9wOvUikE0|NBT)PV;&Dmwp_!+;0ODFC+lIP8OvO83i;>I~I
zje?KtP50rvqkfd04;XHZ{2!VtJi`kx2dUD4$2NH=0)<53Bv{HQIh4dtx!qPDiqct`
z!P3u`*mWe3R7dW?2cbP#Vl0+J+D4kCYk&L+G_Ue<)9VLkJL48g;>s+NPRDYM+9DN!
zMo0@XK;xl<b|^8yc+~Td&%RYXpV`L(iu`m>Z5c&GMrp_lma!b-Y>z7*d!icG|7-UP
zmmOukgO+awZ|w>{URxu$`_|!mlGMu27jJb7`=3t12N}ie|J3$>-wfm`-iVmlLr<9%
z>!og(#c^cY1^L#quydrDWEY$h=s`S|_-T9d>t`X=vdEYNp8P({&Hxz?Gcb@x6!YSp
z0X7Od<ua9_a=sDY6n5m5Z@QFnlW}6(+6gZ%bB2tc<qVA7zkrel*tf5kf7@?J{!Hf)
zAPyGd2+VtPQ0=hT8rPeHZjT0R!vHBYAH9)=<s$2xdks#d@BPTfwmWR&?k>l}x><#=
zOe#h01InAQCgH_>M4rb|1-}E{$T<>k1|>4+ld6)GYpLx~F=2-kqh&GHsY38ahoKan
z3=9FWIA73^V!38PV6VeKfkTXm<dy-|qw1GZpc@c3ipHh)=Q*erL6=KJ%i2sp8cFTP
zBlr1rGuUy|f;d&J;^jJwmAQuwgnY)#>5Qc`1K<ykx*5`y#5?RH+?q7^Uu|-A(<qrg
zsjoTmOJR0NRaIUdUxZeN5WTfGO59}Cq#kS^mpG{R<XWTFt<!e;QD?>!?V-;4?(5(4
zmG{qVJ2Az1EE*aly|>^-uR@pOuHhR7Vb^v%CtZKqmLN6Y^7*!<^(}gw|E`p$)ml1d
zhb~p%8zv{+9^?1rZb@dv7F{3fweGhaGQa1P*X;QG$&c@QJTv4q&YG*)hZw)mFd3Jf
zw8#n1I#GHx_w(VFZv4(5MYPNQu<Tc<7mg|#YWd_8vJkevZhxs;-gD$}Z-T7Mmu(w@
z-hWmkHciGL!p*d=waRoZ+V-X2e;d#^@HQGCzWi^mk`=+>U!3OuI{06(wErFVr;H*!
zGDo41h@Fa@)+Agb#Ab>Fuq!|eT3vf=+_4_5v$}isVM0pwdd;m*GAj;ja10hZb~P;_
z#`*EZGUTI_VwR$%`frHuJfh`6J$XJ@%<cAc#ek0wOB7+QS5I<`^V%3GQ#WJVm?tr`
z8Z%pMAJu#9+q+GnEpmgbU1#fm-5xezg<j{Z8N^BSw_hHsd*u34_t=|56#1u--hb+I
zQj*VqwY&p_wxl44w{O_JZx5mTw3j;P`m}9)OYGKtUYn&y@K`Baac#Iy&xb6AW|!pe
zRAGMX>HTVh@h*F9LN&Isc*q=waMdsJSxb!I+z{E`z3=1Y--hP6CHW5nC65l+KMN|F
zW#@WVlnIEBtmeNmzFecO*YoB`mRUw1B)}^O7c`AKFHTzhI`4OL?bBP~q_zL`Q2*KZ
zujdIPsQ*tPkf|F8-P1;A%pf#qsv-1q6~yej2olpYmw(EZse3<1M6q3M>CzA&Pb?Vq
z+Lt}U`Uk<5#XaCqT=I~!qmp}o({6f!f65X4q=TDm1pV%mG$zmv(=QD(b#HK!buqu#
zl3RC9u0H=WH_~`dRZ5y0MNgU)ZkyH4XTw+>GdhEw(7{A5mp)Q0<~nBaHxmEeAysk!
z>TKUwe45B*ZeWs^vc_!IiCOIYW>(anbB$6O{G;LLbli7%_fS=FH<SrD45mzeTBaDU
zEM=>e%+y$};DNbMj%$SIaD=&N{}z2C(MO+VhT)|tTBj03&On6mGM%h==A^HTzgPPk
zP*PHRELDFHvzF>gqB+LeP;)Yb%*3FQyIZ>-w0BOvD(q2>#>7Ae_IhPEo3B|$>pUWz
zI?CKgkDrx#3VXyztBdtSJIh{Fk)@}Hr!6I4YIB0U16jG@_3rK;t!ccG&*<@1dK&l7
zwf<YgN(z&N9fs7U=9^_%n$T3x!yL*jj&i#M%)2)`)6ZxoxibD1N2Xb*t@wofmH0;f
zN8<YzVUmwv3dBubN*s80c*jv%s<sd_%N&=Oh)w9=w?wdU1g<=VN9r)-Q}EkOOmy<@
zg89bxx78#{oR-(1*~%MqWF3I<HMgae<+pEs_5C$qi)mK^<|_Y^U1{y@rSia^+DGJc
zfGb3c>!!`tJAASS9U*`tL_p^Hq<5%YlpOJj7m)?a5|b05(|Fa6G(jvG2N7V^tWv--
z2~SF*cg^X6P%0CU1t6w$KC`q#h}1p6EhY9o5kRx(X)o!#ItRY+O(Bi(Scg{)zE-!&
zyR0k_<C-~pCz37hm`a#oWXi_%8|>S&0vc2LnoA7C8#7NUDXe}@ku?8qTwQATXuAeE
zqs*eKGxdj4Bz~J&mtz^f{Aih3XQrrZr2E6jOzAhry$E>kQUZd&K@mF40n^iXil~^J
zg(;d%=bhv#)3vc){yJ(>Of*58B_Kp!N|dLuCHH~zKoJE?N`zM-&ShOXMll~O4IAN#
z6BE-T$^eH)q|Q_@C%x!lpWmGg=mgt-NCIw8vKSYL$WSD8YZ3;#S`JCkGjs@T;A@eg
z*8#PL2BV)imNGR{jdp?lzoh5uvp3`*PBIC;y5`yBE(`e>;dQI1G23U$ihej>Ia=L-
zW03OqPZ<RZC6xNeiAFAQpw3s0J*cs>w*ORT+C`}Q2i_0^fqeQd^Hcd%&2vCHN0h*a
zaogHIOf<D-U@CE2I?=R)4OqxZ>5400am8FbJsuz?biiLx2+C<WG*$L@6fAW{RyPa=
z8TV5$8&<4bL&}>vAJ?#-Z?#s<$++@Jfh^@)8jx=oj90xQdU}Vn$=P+YG{<4faiJ6*
ze<w}G9q6e}r>6>m0{|Iz3y7#o*V541bO!B9hv16?#2&g2!7C9+pl1i_;j!sGEa4?S
zoxpaA#u80ydL!f$+ht%_k0KMJOqfS*OyS<&->UaK?<KRW$s*WVFYLVjN`ggsvVUg;
zpU1D&65{ta*(Ey4i<OxV)CWxNe;^@(*RlwB6m);!uZBIN^RK+UP{hS22W<dfuEsbc
zq2*`vZ?q|jSR%n?@Iq_!mYzM2DN@RluwfUjQNIjMUJX3cqw3uEZF<7c2$FbtytcXi
zr5(P&c7B`6^xQA~5R9L`cU8N>@py_f7Q+=}3G6hF7v#ERVswn<G7biARDH+g>h|+a
zdoir>v$BuKu&W=gW<0KY0kmNBAMSpKid}kwJISY*gNAi(xZ#I|5-c&~(E0K&e!NPv
zev%fd1r;wm^dg@)Oil$`gwQgO`tZT2{;a$1v$FZ@09YsBz)2u-xGtBJi{>0C5_=L%
z(j!Jjn*=au7?=8+&ZakeFAF~?OaJ}M&UbC)FjOdX{qXr|N9yvzhY|CN-f!yDqtjo-
z+*@x1Ep$J(*1NdNE*ZS2YM*D}le+Tw>MX_G_^R)GYU72BU70U+8-mO2wMOV7R;?~a
zS{rKLC|1T`Vm@<?FYc~MOH3+sDO9_XT`V`{I-w8i5AxxUqYDJ41XmIzfcC{ra76p#
z0?%raF;vcjLU~9YeTs#|Fdmy%a61l%mc*7sT=j5%+jc<^Aa+Z}m7odJ?7MgLPp&E}
zjn<zV^n7zfj#M;oMf*3<0-3`jzN`a}M~u8PL*-Gkg#k~26Y&^d@EuX7$!GAf-ANgl
zqNazsKSH7!pFO@NdS`~8$q5@Bw7a4>6&oFrcaCuG;Sc`9>=6>nw>}K(g*7CYt&p`L
z37{J?V+m}szOGJtwauV@>y*bqsR{FTwGtp+vOgt&B{Fb@`*`AWC|V1>cbjG<vv22T
zQVAwrj*-Mj+Ap@#&2OTP>kw%zK1^(KIPCn?ZXzapapJN5cWliMYi)-emk{%*W%k~$
zjh$(Vfbu$ZQT~06b6}L4`PD?L=ZA93Yj$V!K6+hMQ}F5O5ACMEjtVnQB|Q_!@}^*j
z;RIXqSd=h4Z{L)&<yYf1O69@H=V&9_X4bR1)H*|!zXmdRM|iKI7v*u-t@ZE651rk4
zl{^iajJ&yfyzpk;2c30C;CrId*ZLrJbo~uz#7jTnzhC3K?NNG9btWXM{hQ-?HIe1x
zr(<dFSgCRC=-A8?aJ}oD<=eLv2BHS0xSp4uiR@gf`{Ki8yDY5@OfnqQhp6p(S)v=o
zQTL+!cQH<Fy!gZ?7}N#O6s7<@j-~g{=E=KZiwZxJz6uOWIPCcI=O=gfp)g;Uc*jB8
zh<@<~X}vDN+=SuQLsW^Go8!>gkvOhWar`O3UPRccdlVM!)F59IdJUt6C4>t{`yO(l
zP!{t+z3a}>Mcq0_-jV0rV<N6Q6^KZgAMQT<2yKh7%wovrD{j}=Trw)8O4T!cW|h(|
zr?+5+Wdgkmca;A0?K>B08L*+$w;}dmQ(2k>Hx2Eq$i<)Kb}SXeX8{?I8XzMe3mYB&
zw8RpKM(Gq!0SOe+Mtw92^^z|QFfsj!9j1eKUMF38j8iaWiis_*+x>q3>}nIiQY%g|
zV^^%LV-{rp?T)W;dDsvB3E$w62ZBb5!$qu&lA(u4`-&TCvwXpnuu1&A-7Rygg_l3>
zeZKXBSNdVO60&Ge_xtxpuKyZ!S-ZYv)$?a`Q<|jNjl3Z{0j_ROq4#BPOWe78jfS>f
zYeKN#2cZv%>Q$hBmq6**<+B&K5`WkkF~4^@+q~>dhS?H(!~#gWp1<26wm`fco*o`=
z;lR-Ga}ZCP)B+X74Mdf9eExawOw0i{Z&>(&7|#^s3w_4v1y1QnepTFlz{Vyh>gv52
zl=f$Ckk`?74Q47zEN1Os%GQ>~$&e~C#_p!o`;464S9rJ2Jei{#jR{cHeVc?$kx`X(
zf9|J*=Is_~&YiY0+H(A0#K#+RPNlV3qkY~8-Cjv{;Jd<G7l^@2N$P=ODJ?mW`|^cV
zRK9DWH)?>_%z1z&o&n@ZzvtL$F^jC?gctoL2i?D`MOEhi5`$zGx9S8^LPw4_f^$c=
zptn}mo)0<Q5i>=4Yu2j`)V7=Dcba7%yA*P1UZd*C1Qv81nD^++FQ`brq5l$95u*0!
zY@p@Gce5e4_M1<!bR=#woGvdch@1(CVMw1p?Rq@>mSOdj<JXIsP6Mg8YHyv_`uU*A
zbMJ<gYP($p_;}5<O)3%A-}76)_%?J2t9c|$%8sZ@9+@siJdNU0^j3dQL^a;f7YCTO
zL|@W!iEcOfO0SDxW}f`(Ij4)Q=U|1;{Kx36K4U*3$}tRI-_zN3i9^-lJn4tsgg3#Y
zqNjz1W8Vn{k?Mu2(~N^w@AsST#?;=0GEd|%w~hWl2HBTijd!!kT)@?S+P+eB*_%B1
z()0Zlsco>p>rTGiAqN5X43mx7t+aRek)MrcG&FNp-?&*-E0|h~<vpT$8=vK~?0xjl
z<z=yY5P}?GdK|)=DN01h@I@ivT?fJNu2$f2a^cOZA8*sSe#vq5`$Y-UTXa#q$hN59
zvLhiw+-u^XPEOrYVvJW}7DDuJ;)ST-qM*rN{j45j8b|EuZ6C#4{>!2{Oa-_+ujt$U
zApKBAbeWvt9HF1<+h%mf`P;h!qJkDknU>5sBED+_8$_V=PXAglvh)TGt%f(*(O;dT
z+7`&h4E(IUC3~#(#pC-g^Us`m6{waybn5;MsY3Gcsd8<Yq^lQZR2_12d(%cNOL*_(
z-li)@2aY%A_iK3W^=K#7WKG22l+I;uDeAG+zK}RjzlrHMz<rb(J^aW1q2m!OFmWtO
zJ9ZztvP-=i>^>wL?oT$A>)Dr?b<-%iV0$^8_UxT@T8ht0&GIZb*0}D}R734}QQiv+
z(9O{Cui_h93qIH+vC7?!*~y*^olv+Eq1IsdtU>miMbFoJl-LEBKo4ybQIa%PH29?~
zgGkNTfFB+cJW;HqqQ4^4l&#R`y9Hrp{y?X645e;hbXMlo+|9EOH8w9Lsj9qw-~964
zo!ceFMpxWA)$|5XA;`z_p(v{}2lqYSGBG?TsSsj-t<YmU9<sXcWgen>4|<__@W;#7
z-4*j`x!pWPpqqEwHXy$323P$z<&t}>#?bgseQx7b&98UfcBY@Kfgy6OxQ)9mQxTM~
z<JfE7sl`t&mVo>PZ;2Qgm5P_c5t^&)kB!>9EI6D4bv7e|kNlIXF6)$A;@<5VvP;>!
z;lV_ZOMLI*F3UWj2<NqrKD+Yu(+CxXBXR~q!)V*1d5H%`cQ<YEpDEy-C)|$CnEDgc
za4@^y7(m+`xI28AVenKg)4=|_d%35Rr9f8qXx8|yhdt&eCIc>}ZFKoeIUbyJ!AO-%
z-juyN1i3@%;p07vCe<44PF3YLwNa~$Ew!vjtDa4V`)}R!ANthUIG+Bl4i}<u!OFm)
z-ADU!R$&Wjy4q=El6rs7zPfx=FreN<`!)fLTaQg0a|$?hqGaRnD0M96`B}w5<FgTy
zLDu)SllNbq8`u?kz2?W&bAatfN>O0UZppivp{={E7e_E^TdI#rv7cTpD3ia;Zu$14
zaf#8{cE*^;rzm(iU_v*UGQRyhc3vKfO(v#X0qHu5Tq-u1Ma3quR4)nvSOM?Fhj|Z<
z9w8kUL3XiA1uE4l)rRpr2{&`bQ%FLl>B4DI_Eq+0Y%?=K{u*9Z3-sz1JqOTzeEC?y
zh}VUD=8ZEO5T1KPY0J5>OU7+&vwXDxx?y+<H_q(s^@6}#Q3ORg`{d}#Vnq%Q%{YQC
z-oPYU6SpyGg056eSE`l=u{~o;UXIr*xV~|scA*{81$H{G0JD;u-3KQE5PH791ZI-W
z8;Ua`=n((Sibr)~;&($*z9sEaeBXm)*I7i|fs{}D*N=9|d<%PaFZTH}57rHOs)x$c
zL-X4^!JZc|<Z+YUte6W|gmwJw$g={sx23Qva1EH)si+nDRM&`vHlTWt2yDMPtkTP-
zHS4zTGhR8zErqq(5%=#$@tSWQD3299%ar6`ACR^g0m2X4F@2fPW?)biY#sqV?*Fpz
zb3^yQ2TX4#W7DBCqgi$OzoRA5k)%|85LKW)nsdzVjLp?AB&Y*{JLqFLckiKQ?=-Dp
z{n_ov8c*s)j<W2pQ^(x>omHJ*hv{1p3$-q$FWw!?4pTK7d-!EnSAB?bh@85rU7EhT
z!hyw~hkgY#%51LQwfp#yjgqhQ`tL<rc3pLuo2pePTlFY>H@Y~8i|ZaZcaK*9g+MF<
zjp9mLk{PLd$NcaYIMmKm?s&7Rw>8Yt174_PbKoz@rN{ZieCD4M_WL?-&@=0_$qZY?
zJ>2K7`x(n~@b9cZ++*dvC*FH;*%wIprm6tewsp&y#HQG2ps$}D0y18_@7WqsY};J<
zbT2HUcGdgY5R;$g7M*hTO|xO)v%JY1dn2pSnlDVOw)9jzA^T=l-{<=@zv9lsg%?UU
ztbxT_Ol91W`is2<OG(FjY~0Ou(QK-Z!H8(jPsiSUYfc-~-1pl$bd!sAZXo;*`oy7Z
zSw7bam{VUR{=Ac-VGKAbfY(l4OZ@T{tp)!+NI(L((}r}`3^Eu-B?w49t5mW|das#c
zE=+0j`FT;r<)f*)B7qc+Xas|aNM3?gdA{ZO2)j|u6Kv+aUTPMaxhPI)x!|r^x&BoJ
z3GY-d2j;!6IzApFqEWN)bjez9iGU@{ZXXJ5NO}lv1>Vme_#LzD)#Q)RQ!%!@B{Q*H
zVkEAez&^0nH=P4S`SzksbY$Q~|GGG)5U`6+g7p4gR}{U2=o`-Ci2Y;vO-lLz*__n8
ziPK!F3+)9-P5c2;hcI4|9(VyBoo#0q99AsD+n<nrb``Ob<9q`8Ui1aSEm#4u2y?zH
zLV}5CLkAQ48QS1{JnTOL;mv^&7{zg3C<7RYh2-s)w-wYbi@*Br;Af$MW%JWQ1M6@j
zy5rFv|4DZBoqySTaf{MJoc2vfLLQAfK{FG~NdMWrZ%xsV9p3@jE~9FG-@m6j^kjNN
z4IM_9A~PXjS@~~`zFKs{fVePJIZg`(%;~ANX`5VGm4rtRDuy{>_v!N4;;nZ)UQmnb
zxjX@fCBZ(3pw0c;$Dd<yn<h_1R}Wne$X0jlBlTvUsjA8!>hbtHk^~C4VD3JP)qCQu
zFS+7)AlQfSPUl<Y5CGG!L@z`a;d*;WzH;y^;tyI0&^USS%Q@LUnZV1J;7x4*nAsNi
z1u(?}!X+Qic=!WNb@A=^8H(vF+VPJ<V-SB6#Fb)-wj)=x$To$XPe6PnvE1YjYTLLo
znp4M~v<9|XpKS`$X|YpX=_>g6QfQ3P2$+LiXkpbOXWcW#u*BQ+1P-dr@Ayvt6As*;
zb@b|8ryR~Wx;s9!yTVV=XVkn8IW0-VJ`B0{Oz%el#j_&voJ{xPfz2fbFUHLVZn#w+
zn)W+~AIh;GI_cw9K)ts)$>dVrlgb+*_q>Sr+vLLT*fyrue7a2DdTZKu@z4Fw^fP~c
z>yIAGkO;8-Jg3Zc<lt9f98ek^xOV;>JAqF#LhB{KM&>9pVPaAi2Z5IWieG|*u=@?>
ztdta2o(Ul=O~~9VQ%iarMi_D^2Z#Un4M$5-<v*vDW|=y`MruPd%ztW}m7@Mrk16E%
zpPCiPDgWefXQe<>TY8+gdHs=$_3RH%ztV`oI7>DRh3k0Lhi|Sd%P)ut+K5s^{zfk`
zVc0IBZ{4WUO&f1lFwe-pZl;{*^;SaVc8?kti+hXASsRw-QS((DP(=XU0s@`DS>VT(
zvYb>{6B&a(8QcTSZ`K`rh<t2dk}7U{DK%w0ITNi&>^HkavC2z!*^#mw1?Dr1i-vZ!
zrCr(?RjIs?PtGTDaEJ#GHeZqPC!1)ey|>PX6&U+o9xDQvvo<GeM2Mn=fLi@mzK4V~
zM71or_3eC#4-@Xk9$9@L?JZVYD%6x5tr_b1T8sjT>Kks*q=ewf?KRiw3!L7BBH*Zi
zk=Pr~85rfLw2=5MM8tF!AM=~`l@gb7rL-QlT5i|>b9$%Mf?DF9nT&K|v!e5zoa|#7
z!Hs>&*FN?DQ6$(?#5&Qb(6}Os)XWNO7yNymysFG@mueRPctR#b-?lm7KXEE)f(m0a
zba1xb^>|1EnFpXzvPb#a@&2M5$(K-d@KfkswCA0BmQy(^Eg#2C%iB>?wlbnu_htsy
z@rv$}^P{l$#l97%%*1z&PRdIR(BVaCJ{g$_$k7esm*BP6^nVs?g&gYsrndwd;(T}r
zLB;*go^JePvvQ~<4Kw>sf&WAs2HPXzwmkWmTMQC9>e0wg?}y|5$q`bTK?v#{pXrH5
zNVy%B#jrg41rN&;Q9IKag7?b*tw8{2e&W<W5>fH@93&6=YamC+>}hlB&KA-@`I&8(
zg!fU~vwXLCn}`}Bh(sb1(FT`9A<D_5zfu;+X}xe~UH)d1JUYDhHw5WKbwm0df%K3z
zE74#C8bA<15I)YxxuDTIw{+t8lBTD~%;b^Av9W*3!*z(yYL0|$wLjv+`1i=aiQ=}+
zvmf5Zo_Y6Tz^yZ@;mBe4I5<ZnZ0>lDP#c48#pwLkx{g4#)X)jLVN3tNL0k=eTJP_+
zf>yZ#J&HHw?wqgg5AWX+sfr2dOTZkJGDsZho|(@2_k{nSk{wTz?(+~vTrLa<*t2@E
zXZhm{0*OG8|8qGM@vj310*n{<tIUc(@ctea{%iY(0}f8v2;iR1f1EtPWf}0%zo-0v
z3CQgK3yuJGipEs0d7t^I-s!U20$C!DOUQ6QBDl`<jBBQVTp^$0QMGMcjU4$g($_K#
z5eHdwXg$_IS31S90V#xU{_-USMg|O;8NsSS|5I?{(<=G$VbnQiXL`Z=O`qlbNs#$l
zfcWUXWfT$#oV9&>qsKxHtuNGYxiXvxSyxDEK(^#ZS*D##WD(phWX}JW#{J)yk!V-z
z#0PU|-DqFX6b+IfMGlt0_LgFzK-L=U*y;31LZ(@9nmMQJWvA7TQ>pZ19v4Vw!Xq4m
zZ$yA~FTJ=_f@KNXmA(&GkJ}9ueyr$B!{AK}l<StG_yiMTLI&*KUI@VvoIi9rai?Ku
z2WUCafd?We;8R@Ul|QBQwI@26{|9mJ0o6p;whJd=fB^zbLJLJmLI_CFP()PFBm@W@
zlqP}_iWI3TilP$2(0dUP5GjhFAfSSX4I)K~3QD(8L{TiLsE8o{_&o1<-}gJ``_4LN
z{olX-S+kN|CbMVu?3v8I@9Vy<RM4@&0teIDKa&MN#=mF^GoLN|3dT)MNe8q_N`mFY
z`j?LvkD1Bxrit@u8ou%gQ=Em&s7+52>x>ey=^Nl8`CHR-oK+P(WpqyPvzzz*t7hGL
zdeeZOu{J{bX*!(hXz-om3c9a&{oM=bQIyp@D(atIGXKxizY@QV!A>NG%hZ~=uC$6y
zWDr?2Bp`>lTN3BfXk#@X?WNEn*g;(tU<x2i&NB3DNVN+0K}3?tayUpiFQUa%nPRMg
zOUws)qMMs!I(<f7{g`(UM`H{dK@*ULgp7Kc#kKP2@lj&vw6Ckamn5e(p-lw(LGx;*
z`2+k1j8^XB9#{w_zL$js&<p2E^E5Wh9l{^M>HhFcd(ks<DAiKSjNdt9Z~5VroPG1|
zN5o3g#vwh&!n<EWFSr`8O+S#>=G#@bzZxq2`8EZdM~C>Fh!|@=c=7nh+Z--`+$dNp
zk~x7=h{==GTX=VX$nyHfnWI_#|MdF)&C>ICh46f~n`JYFA_jixx1cfRllOrhP{*WT
zhj<U^5_UfJ1|ozq7z%zxSTz;EdxE@PV2k3`V<mQjgM&TW{|rz8d$7w0hFpFkK%IYI
z77-WDyjeb?CI(w0|6(Tfac!6vphU#cH{`T0#@Q#2Xw4^$!#sIzBoYwOyF&I$d6NJ9
zw(fni`+qU-3iC}FN^MlH9D+H)46<CL3`50~6L`gqi=;T#ts(>A!1Dd<Q{U|~VLn5S
zL!NFE<CzpOusk_n2Oz)~fm!=M(a*?%%KS<6hh&kT4?fe9n-KL8kb=WPNhCSMzE4$I
z(E^<$BfXjoA>l^CiLNPUh6GQj>?%WSBdc-9BxsGeZjVo3cb2J|U3AB#ea{{Yuidnc
z{=&cV>XomW$MTn-pRHB!m6zuJb=H=6=HE0%|K0}(6%yZ^K|y$4h{);VIhylP)&Zm}
z`b3TcW6_34I#(=+yOa{zRP$N;1b&BzHM|qPp1?QdNb&?=J@lwW!!42<v)^1=HeF$Z
z><-N%BeJV-7%~Z>K-z3#V~&EhJKV5qdr_Lg$DwJ}<C-@=EE9DrCWU8hRBA<XxA1kM
zdrKU1q-jN_A3&X+daHZCaI3FAoG|1UkLAb8CwNtXYj1k)Ix}?r>BL`0{qMJnz%$Ac
zM=;4>L+x`dUzNA!ufyKW{Rq8RhHl-a56zhGl#<z!`DwK@*(>pd9HK63UkbNI42H=S
zx0U?}DWl%5lQ%2=vs-j7B8>QT{0ZiuwuuF^{Mb4Xk!j)>me{aW4zMF*9eD_d&?uIX
zvQ8g?xXzpfRox9Z&`y@v@kx9dxdA|^LSvKA1F?8xy%mWQ2VN&XRXd}OND77yH2n&2
zTR13V*>)MH>bqI}-a%$THX-1Vpct4iE5nARmNMjp#l*zx9i>+7X*gZoHia}EKw+S1
zj<9wy5-ATv8S5oY@j<Yiz%ceJR}Wh@-f9#+KR-~Bklr`}0}Ql$0*#Ah<T>0Yr>wz(
zUMz@I?1Kdpa25%U(r&Jm@sbktRcBAgcOqhjBwTyiJ+n>-;VN*|9cB1S7+-maSX3mg
zJJ(XJ0xw&LCN?Es3n<!zr!uxscH>>9&T0)9&gS~C+Vl@<L`CwF`>PO{H#jvdB0!V5
zFem>SMb(IB5byUfKxCH0$1(&9=wu|$Uay@~?EADGcQ6n(<AH06O~E^eyNW5y1rZhp
zs8tf-mdG#&@6!m@pvcP~<p6tNTnK?>dLE*ue`b{1<|<BwF~`2>aK@&vSpnk|oBTya
zT;NwBMuk@awFqw%d_oR?Vq^CJo1-4rYr$)mQ<m4bCS{xa>hNl?6Xi>$9@{G!k*Psi
z1E8G%MptONfxq5i@D^Vc#S~7EZ>P0k8CX(BJ0r_q-t1;5ErXb8ZB9hAA0c^`M(WZc
z1?(-KHb=sweXok}rD;BpKaJZ7F$w}I@LJ=uqc#QOc0anf^4f~5Hod1pTfeR?&Q%IL
zl_U78IeU6`+{W2$;+lcmvDxfhdk#8Ww<{j&PpqHqlErU%Gfi+-meyk%M1>E$m=%h)
zan~nPLDVEbKz!!99E4MbiRHgueW(=PhIEwDi6pR3Ra|M~h;%q_J%JBy!jsIQhQVb=
z1Q^wpp<`~UpkYC{eZ?!KJpyKv#r|9X{WMhB{@*B_qPoi8oxLkP4#Y7_|CNlF>(Uj}
zS>LJ~%Nfjj7F{CB@l$oJgTb<j!aD|byc!F6*fk&>UbbZ5E3G4p2*>p>JFPY52LiTT
z+3Q%@vY=@hsO{C@-Z>C^LD~W`BV%+Epn)VkkdU-aRbpjJl4>@>yFlz9+(Y@LRkVfc
z0#TIk>~eGCYr!-+%MsYGkDZ42g7OnQG+=j}w+>?YKy)EmiY|}|@}@LCU4RYt5==Xx
zh6?G(au~TVMk9<#AY2dR3z5YMOdwg_&xo1801Oyn(z=}yG+$+$`3XatbOnuo0loW%
zMM>mIF2S@t6AQLF5)f*NJ73P*Da7R;%Q#$|!`_lK`NAwN=I8YhzIn<Tp{LYas8}%(
zWoe29e(UBvPg@aGWN<w<B&LnxmObY+sy-LN0>c}|iL^7jwpZM<&-#?BSATFDE_C&b
z<2!1}Nu_lZYt~b>li}V5cp9Z+;n&dJHw3(w4Xy!ZqA~n+w4{_q0v(yDkRebC-W7{S
zcnn;#=(N13@ffQ1-&=K*K@Rb)@hw8)Ou>U|m)D<~H}AxOfEbv@m-PV!`czc3@?&SQ
z&F>v6zxJ;m3axWKCVDTKbT(=oHF)|mCE<isQOQ#E$!{^AkU~@}I=)41pY9gX_N+$<
zT-Z_mldh0C*`UaO?fIY~N^$=Yx&aY#!=ze^MQY!00eG~y>?^U~UgvqUA=8gFrRG5n
zgG85d=jbz`g|MGR=~^#FHIY%7ldEtU4ikz65=g#~@!qAeSw)9~L??0CbZhGa=YO6w
zD6-Y1>QO37S-=QkrLXYTjhC;$lO932->Y|>mkyySZPCB*70<Xu+TnUXl3^wLMmR0#
z)$+w4OX9BmX(0+NP49X()Qns*-@fER9Slkzt{Y_evk3b-F-l}3TsThzwqUL&(C3pT
z%=k!@stn?q6>Xq~>iB~hfCrJs!Ne-GIa5G2aE*evfo#Ld4NfJ@+x}$F@x5t*sLB!;
z1KV*B`UwpM%NfDfGN3IQMR!mwbn6dwirEJO{Q)hwK3N4o#@1H&>#N_Ku$nDD<8SYx
zKIsYjDt44IQs~_tu{wPH^x8;^mB7Y52yikciTQ}c4(hyU*K?7!$b5ANdYhFx_vm+t
zLw3tj(SS)y&ylz4p|!`>=v;JV6@EWaczr-8;%-f>Phf$#pKb<<gX>T2gpA3XaZ!BX
zWb^}!uy7fw!ZB=H;oi$9!8PCpurmswM2s^xgIN7U=>=@5=`2AF#Ny>2A9vI+trCSq
zW;KnG*m8v&r#$->&=O$83ZE;JV$!*e9}IrX-?g$}$^|{4r_XNrbVqF8oW#<-G=oe5
z%b%IT+Y1>-aSN*H9-d8BP1oHU&8N5bSP_mI;}tZM8&AIeUS|@Y+K^+{GQFKHQ}}Zz
zME=ph>B&hS`Jv<&vb%KMeZmXoLA#P62a4JJ6>m<!!$Lq02&3meanusw&+sKNMrTZ)
zZ$L4hSD}Mu+&Zr1(h~bqs_1#-9lgY<v1%{V&{&yA)=Y_#fCZ~oxHWl}HSY#>9s6E4
z(DLrFXXJ3>K35Mc=-UHtn_zkgoe6HSp6ARxs`?i8J~I7V@bw4*0zdk+)Wyy3tH+9+
zRa>a9rkFc6e_)^5e<j;FJt#M@xqkot(R{OwiW{X5vrO*jKev^ytT}e|^xE@l&2_D4
z<5bJOkxfrZ)5yBlx*&v+3;d2DfU2XQ7cqH)B>=K;#vqpiavua(PSC5EM2miGh{es6
z^I!sYg4Nxcaw6?yIF}CJs{s94<LIGTP}WFWX_g>p4E`1|SqR#_lJ$z{BwAvx7$Y*F
zHrOTviUXv1dH_k1C(J~Vy$});u*g%Z4zAr>Q~d1I&8L-iS}*!8Z_>GV>gIFBzMOT@
zQkf(-wy*O=99EjA)|&EUi`n2qVcO4Ld;Oj28<*1q_`9#Qc$UBKb6JVX$^?IYgG{%T
zeE2b;%r|;dZ~F3L#tQr-u~xe_eV>f9jG0;$$hR3a)sX`Y-6|mu;Zp0mg0%g1A$!K%
zTW+01LKXjg`F(Hw2^<zzBc73bZ7r+<zBk&xuS{uUlkc^dVee-&^{XrSqw{ocCI{f|
z<)L5aejzmf+}~QZD)y~>(&8b`Wn5-I@Hp~Pp5u+}PmXr~{A{AQde8r70u>ndN}=(*
z>Uk_4l^9(;HJ#hocQ$)-zr&qn+g^G6*qPQgu|zJPqu8-*&5Yt#NkF?*!!y@E?JrSF
zlt}@gBw5_CC?bt<Q#<f;s<UXK5NIq3^0y+P&)Fv6Z&R-WzwC5e1MlcuJ}$VxH_1C+
z-BQ2DYwOVEg-bGSXSQYdb#L$sRt@CtEu1wU&Y4r`zWX|8$#O<SzV`RW`;Bh*c&*!#
zDsyw*Jk_*#jm5=2ynX-M$kPP9A6J)Ki=`pWWOyC&;yO#DeO>D1H^SIfFK!Ka@$FZh
z)UQL}32K{YH>{o9`let_YQM$L`$QG5mZJ2>^-=VDa`P5H=fg@(tjZrCFQ2py$CxN!
z&%P>(?Q~@8&`KD9I@y#Hky^;rFE{0TN(FsWE~gDwUD-Q{Z5eBs6OF2QBBuUBfn|7@
z;D$0w$ff!OrGCB0Y{h8oRd(ASIk<<_{cZ5Z6LrIx-t4gTTW>912VYB%8IkT3Fy=Fw
zonVw-#ve=lp*8tNyTGlu(eO{B4mdtHL)w<|R0claetyr=!svH1+Z~nbggWPTyX|*V
z^`2n<ME;S&NfElE_Y|HO!yKrU2R;>6Ml?sXC2YjYUG(AULy%Y-mM@ICgY)qCDBlJ=
z=7{l81Xh%>2Qdq;2>XcO3Yv*8!ent1Y&u9<WYLI!hy`K+ToZJQh=wf?j}G$is}fbu
z62RBUgpjt|Zmtp)s*jA5Gja?yYq-%;`+eV+M^-2I7%FJc>vZ?891miHr}^dnq6sOG
zMnD-xOQ*n6VJo60>$ne5i4O3m(GTefr)~?0F}tGf{&jWPZQLv231HoaV;LiEfKgV1
zMQr;gisnZM+uYBb$OwCz8eD9$CHC&50B`Gxna+dG`x&3}Y-}FpN?!f#-ks(hRl*z!
zeFMa#U#&wA-b@Ok;IZ8e`XHWn?$-V|heKyG90IEMAv7@+<fGX}3Xg5H&ONbxMadvX
z<II-S70y5U+39E!Tzlm3bu+&gPjhd$W|`G;4}TzD^k%HS=(6(J^G!cy`@WIQ^0CyT
zlSu^xVhm3{n3TmR<=$hBUVT$64~t_xh%}2kk7l3z$~ygxM%Wg;&8E8w=i~k68qOn_
zOgOs$ZT{uml>j&4Y^XTwu9u)%Bn{yvVf8Z*@_VS6X!Q0|G+3MQ6yRY{)^81L6^OuX
zw9MN(*oVPS&n%pB9V4;PV11Kq!Hm<4p|L@45@pTE^`@JZe)kSPe{^_PNKNxds(G-1
z<w<$zvh8eu#-d&Bmc4!v>;m(h+5``_P0Dfv+KF7Rr0}?x5k$p+`ZOL#8sbAy=JWzH
zfCek!3aGeEAo1ttQiuN0)%HhtZTmyHd_4oc1_@SOckGxAA_~>J`s!07nxKejT-(%P
zvuyQze7k07^t#%vZ?`VKSQxpU((AT&<dS<{bspfI<VpB*7nTT~RWV>oyC<(6H(E5?
z1xp|$v5!=!0b`po2lU-R0}rCsSyM7a6a<cu3ksOEB8M|QEN%CJuWd*Xv%Lq+0@_O&
zcd2N7$GC34Z)ji|nVP(?7XSJD?bN_aC+v<^eXCdg-ZC`g!Va(@T@B-?iWmy{wJCGZ
zwAj6DqGL1~#wg3;b-uo!QUkv%g&Wap;cWu&8u$GZ{-vapt)1FuF5b4m0jVyPwTEWE
z&t~tBIrjE_uFUmo_9J(Ht75`ogc~1|&`K}kOfOOQ9DYwUG7G0q(<iv}gUJ~dGl+63
zNJT<?h4%gafZxj(h83mcK>3oRT~+*s2m;e9NkGOd#I3zMFDPyJY1kp1J)V|%DPzwv
zNehpLE>KV7E}Z_AcKZ0S0Wxdh*QE=mK$vHUqTj3wLjvD>6QDk_IfDIdBcNOKL}VKy
zh1Rn4%ZGC<>p4j{uo;=`p8n5FjsK~vE>c(xWN_=t6A&z^IlIc~vpK?&%VlU*?MD9T
z6$x;bRq+ZSqt8a8MJsXd$qtOnsW=*u%O%*(Bcxe;Qo964<elcDd2JLC#I1#!;6%WM
zqs1U{q&ZG}Z_goTT1u=)T>VK@<|Ka7ZTm)85aBzokEd0%I3od2*WpL=Cm*OeJ9FrF
zq%QMa+~}|VOx6qkvIP9U{y;aAaX=}-Yzj=`sG1`jed>gA@D>9HB2y3DTWc0b79H5>
zseTV<#SOn94x9*C4geY)vJk$Wp#Z99dBON+NZb)4jDqb5d3M<`q97nURhYqF|4VA#
z;t#c-C^?B@ltfETzz=fBowN>!-YLLagBoorI-#`D6lQ$JZq);MAk;0y*}SI>4aE`p
zWW2r<6h~kpXx*+Q)p*4(NT}0@dD}jVs_fk<ch0=RSuD?%6}YjWxEH$wo`ju{ia@n4
zlp{2vc$-hV42=GZE)fVAUkfDk=Ru~1Kmu=%^(6Gv@Y=w+)C1IS%eX<23$a?Wwu1tg
zwHL}%Cs_4VvMi=dDeCmO{6h4SzRNYDZ-dpgUq84SW?4iBauu!*q%2U$uKhf^5_Bxf
z=}XbY`SO#c^mSKbg+tMGsUfW-ul|Jq$jS|wcK`~GWzfnH?bGztSJL>|lFKEOrT3oG
zs~1Xj2y9FygK)ZXPIn1kT=EbwsA<-#d6VlaG<j-L^!|TwCW{p3FO$mdR5scD`k^oL
z2_G23&x@r7bNQIpnDO=y^n2E4U_6JBC+U?VC4%Ar_8iG9CfjR~o`g%Y=dn3NEaf}+
zil=T0t_P0*lmtnHBg@Z*wGGIkWq}N-`NS-yW85T$$Zls)uoQrpyl8r#r2D7DF^RvE
zf#F%Vk%<{z$@5tbY$b9Og^G_uh+68}VU3fQ>+CB(d4H09IkBv&O-@7fV3No-#CcPn
z)~VJjt}8rY0p8m9R=&@#^?s+iB@ymZYSiiLPhUOalWFnyKrE1u)Np?wMv`yMA%&;(
zQEu_onP3SLaJdt)St8&^jC6I?qNFj&Opo7%-Ckk0))J;jlX;f6sN)Fo!U^YsM>OvO
z5RtJ0Ie{_Qj-h-HypMwB%c7Nt1rRFB`aPu&UkKg<w@Qigcn*lnm@w=NNNnWY;)SMB
zC5Ty%MY{Mtv@?qoUnot@82?*DUc3kyoG)&Xjj%j_tlB}w8t$KqqP_wwe#c=wD1c4L
z#TS-vTY*&ppWa8s@|`;ILLAy&d?hW5h}@(_h(+z+m){4r^?f{q*zDI481V@7U*1dt
znud+;E|&o@1DM(NE@fx{@Fw!W3ZpKl!lIp6mZ9%vKC_Z<bt6~*4ke_*yoV9NjF-gb
z7p6=tZyOL9K(!CW@dsIXQGr`EsG>HTba_(BaRQL3IdZc?>{tm%R9i23&B81~Ye~H4
z_0BH;NE8VM5mG-6<b|+ElKDmh&Wjw98JsT518woXk4hK-BAFrzyJZHRG2&x%VeBz4
zz)?0csa_UC%WOvohlN0<n1~#r7iMiogpn8kTB3YBcn{WiAhhq6>V5A{$W;Bl%fvDV
z1tB>46y0`5g`^5vS>sd^1&miwhNdw_0rgxQtxYbCOp+jyQ8XSFOq3UF=a9EbJ|t!!
zNco6zh-pRfiJ!qGID$rdW#ua3;fnm@TMYuQ?sPvf1`L#&FWrdNkJx$rR@K&TcMn<`
zC%;l?yOONfa4&8B^l!tnUX!ZNzVzyxD|h-CJD*dLQg|&V>d6T^qiNbe{ZZ_Bv(D77
zrU4aF7i<pAHBYLVXNnrCcie#3^VzBv3TIU^%^sR3ohu)&+3@A$0HsT6soif<Pm@sI
ziD^b`cN&X`Wvb$P+7w_AA$J&>O3>&r5d_QCGa`kO6{sRgn^X6s0UR-i4;C}f5RSki
z(BTLIyDFTERYe1c`ZJLU;*yawD-r)vK;{4jUT|7Olq!gZB}^XTG<XEWoeoV+!x1QA
zY)2UvOT5NFBfH2PNF#b{Jlv)Z*wOxQ%|Z-8dBl8IX<)n5d=GS3<cSi!H>eQMTzIz!
zIRar#MMD)Ju|ru7>2Z6P*t=3G7Y5EeJ-nhQHFj`xv3LjTT+UOWx9iV^9$MZ%eRdDb
zP_>ZEOdcTLdwzjw)I&KIq08|J$$1*NtjmhHmnb4_nCj@z-`u`Nqij-@a6+_2m&#5v
zvRnjpRkh_U;$^c%vh!F9Mh*jHi>fh|giH|`^VER@6ghLoQ4QP8n}Q9Z*aH<7@soHE
zq0H^@whq1oXeSe<6Tdj6hL?lERHJ~-bF-=bFqVU^H%(20Jt`7L^KcNC*CwuKPAu2z
zFX78nis$wHMA&(`3{?S((lS2(d(iRx_TC@IoF)5yZSD5nN}0;BW~G<=*15Ft&65?q
z3Vj3D=qL(ys(n2eK42OcwOC)Y=(*<pm7-Id#OeneJOav8i37Cgs>IVJ18K=23e+}3
zZAaMnD8mr3L9&C1T={`?jg)nUdu%{BjRE<H%KkK8_DVW;*9QIM9-o%VLM5*;>y?1o
zvZ8#ziui=|&kB1_gt1n|^G6M>><2bdK1k_orZQB|E9#^$DvSo0A<FVq*Ulgke3|KF
z+myJ$>O|ylEkvZ86unLpUn-g$NeD8Sy&r9n*#7n2W`k!NK3V+r#5jnn0kN`x(BMwT
zz_L2MX&4WLU<9-rt4lZE=gu8Z7rIc+nAjY&fij<U^+bM($hpGDkw2U_5{7Fj)r}jp
zeMID+4_qACDA%)e`l9xuJ+|&Whh0mhARmMvL{OfmMCvDs!m{XC!4jv#Zq|pMQIzm5
z73NRq-0nSl47(}@v;sDGrQ}C7a|nzIjH3J6Q}mwtx>Q;oJ3vjAmylTU&T3a=GkwCs
zN!-Lw93!@~`n{7Ixdo@6Cdd?FI7DpGv>OFU2KyX%juTt#g=;uF;o}%oX&%va(<Ifw
z>gO-8ss>E3sNsX@JaNH0u&6lwrHD{^psO~{0MWb7#7NQ$z8!bPtAH1K0Mo$SG9bVX
z_W`6-#tOS66y`J)wYg2*LIU$%Y1=n`#9u%6vVqIVjhy^>pMLX4R>Pj#LHC!^hbg(f
z4N=K?5ueC?wO_XYT6SU1hxVU1bK!tG-c61D%VVkzuF+{89?BaqoOA8pvTsiI8$Yt-
zqRw@&B~Qye=auUFp6x8#A6t&s#X5h!bWx2QKvjQFxF^=9P{2Cq1~o%NGC}^kN^iv=
zZVNWd7sn8<sh*EW3~|i`&+!nOwY@{!FpN<EM2}4BYzX`8tBo59TwlKD`0%C17at`g
zHJ^;@9QD;PK?86cBe0rUyYT$d=lHlS+jo>x9cysML75HU3jrjCd2?lrkl!5~fH*M)
zK^`}*jcEF*4AZz^_uap?=%ZHIrggJU_?+5^u>Lgj(jDV;mzCO-{OsD3zNcG1>^KCs
zTsiD=bu@^W++I%Ss+UL_YkdDwy3Uhl{&Wq)qhhUDP?}NJNKd0Zbm7{mx#_JJ?-W)R
z&53M#fDc*OTQiai+ddym;M;DCjjzy%a;o-`ukY$VOfVVDb$RE$)LP0^hh3jrq+Py-
zKo~U*w!{tR1YJ99096%i*`P`;<<UcDO+0lp4;@b<OWmZFzPwYQ0cmb9QGPpAl={j|
zoG!i|H|@aP!-~J__`&DnBoK=Vk~~IPt3T$J0cnF+`>Cponhgp!&rRii5yXh>ocQrr
z@#4AbE_|U0`gw7Er`w)JrmF5bmjpw-4L@!N_k@f*<>*%rpL_b+BYx8L7gs8r&R^f?
zvFB3vNy~TR7YEnO<jf?yx;(Zm-3t}J+oHk!8vbPa+FEH}6aN{jo}RhApVOCo&*hQN
zSLZG?t!C?NOgyuB@OS#o8Na~U>hsgY7p8j~Uj_S^v>2MW+-6!<S1#Fp`WWw{FuvX)
zGSbOEO*Q2Ccbn(#w}%2PR0j19e!Y1~(V~FYyVvl_KxVU1YU|k226T=9FMrUoQCN+l
zGxK}J!tKiW^XD8L-drA?dPw;CT*S({deiOsT-Jwy{#N&j2U?0QDe2{Dk=Z{cjKNG9
zpOYQ~feTqOc()Z_CBX*hQe#T`Ky_C`MBU~FiJiljRFXIGuc%9IPqJwX)FKxix+pP>
zbH3&oalq_c?Z8IC-8)WMmA`v5p5>}g_+$GPdq2&uw+o+awscB1**&5!H^uPUwB>b;
zn$w=Qy^+<L<8_ryb9;6aZCQV_N6WIqIUO;c9iQMbS<h}h@rW@^R0VgxS=HSBEY+ni
zEoe1U#}M_(=c-N$fT2^N>2zJTpT8cdrgtxrr$Eb{Yq59r%&+Q{av@P9r>VExt<cxR
zL(w%%zY-cwy>_hW4Ilyn;0YgDz16lq83;;z-6J0}F`z#}(CFO#`P6N17pPg)q^F$!
z-8t;gx82X*o_6AC-7;Q>Q#OE(#WY5?cfk)%EZBd0E>^7iHkk#=0dgGn57ZBBRRS4t
zF7Xg#N7SF){xiW?c_$-<GaT%Dzy3vV*(pPZ-XaaZ2YGsCy1}87{rP^6BHs^%QBI$=
zZ`}P*%lg-#@!(z1%yUZh&8pDq#LH#H)wq}hFE(QOQDeFBV?uW)uSggCNm{KXFtAv(
z7`7QBD{qz50OxI|@gQNF2B6r51JK1E5NF<3G}w@CRD~wdlV50%52rK*3eCbzfx>NI
z1+lPXgyfiY6esimPA?MqlalsThFKhv7r~)NSFuC9NW>g3i;l-u;BGmL)#v@QLhvS1
zVI(B2H=sV%v<aU^X@%;0ljm!j)d-f{cx>}o(Wg8|xBztct5AIjOLpgl^UMTVB%n=h
zMzME5veUZg?&Fki$^9?e9M?NAi0Kz@)CbWui03hzq%sB#p>3@fwj30~B{<|%CCM6@
zXG-h9(FGb8$$}ZUiViW3@@vuGabSLFF)^F|F%Fh+ksyYZLI`+)8J<k!C8)0m;dB^A
z407yqVNj_?iT=DpJQ>d}46tU+dT}S1_#qm-G~-uey|>5OB%VMl$UY?sFmVh)4cz@4
zo~RR<k>tRz0`^l%c_+avZ?hE!5+PJ@L(7Wy9AOej(*Hfw(t4U*?41QUe>g`V8bR<s
zc9I-kNd_eV68T^I{hyCBw9G5hD>jjXO6X3OEUDSoGTkLvPRrD7WpR{!xJi8DE;J54
zl7Y+x(0}>P|I7;hv8bg?h1Xx&8Sn!o5XBj;7a{(Siod_nSGrIrvm^CiUxuB!a%i7-
z>Hi+gh4zz^kneE6Fms%<*fF}!DsbC}j!hj79gPWZQrAuS13lVYE-JQWylvpmbWx%m
zP%XWY9D`X#G6HRS2aNw}6wO8X>E1kdOC_KHBP0a$|FGE5s3a4Mvzw--+>YA#_ksO?
z^ocI}KR2`#IEc=PVB&C@Zw*MFAK>0u-gaJ#$!TvfNv~}VMnM=1RyF7;;Tkak2y&9A
zk~h{8@&ouK@A5Picrj%nF8zq1fC~ax@>Z}4`ig54boJ0Fv;6Vsn-9H#dJu&o<W$g6
zsEl$!i3EX7F{W2Gx1#6*;BNnXDiq@0q0M(HWoUA=%SdSH0-FFzjjAzK+5mP1?P^rF
zN_%jm9oND<*a2kLXnemUYCd0f0ThGxlkk^Bh2}(3Ir_IKN8qFL@MY*aqMWBqP4)?|
zQiK!h6M~72FgTCE#*nd6{@>Ec!V^Vkz?_)vBLdR$D!>}kBt#^j3uM4iv^*x5$kX5x
zPWc-xkr5?n7O|`|AccHH>oMTU)Ju$2eA1u0pgIaA;WYt!rZ7`wf(So4+--YWmF*c?
z$#t$8o;p1BToZR5)b3Zk0!njGDheh~Z=G?ItQY_GD{tW=9(&8}<~IT1Si}HT29|1M
z5vAulL(M%yFL2RnLpnFU)%J33v2~QQ(sA+a847aEM(-&{yHV&f4?KNj_Si<9J=C(p
zY>&U1|NAnW!ho68uOyVj*m3fcA5Tzce^#p<u6j-vOZKN+Ewq)&dLG;q^4eyDQ&{NM
zCl36~*3X7JwrU;us6O<Lkb2QgSml`W6U8$wFHV{k8umU{Y{*XvFq^b<>p7K#nh4?C
zxKvbJmE>@zW|zA5QAXUID-9=6=~i^qHoTFI0<|apN$!f7*S{{uT2#QlGXHC88z3}q
zR?iv*iBepiC;iR3<InbV&&UT{-e!I+aP4MG+n~?`F;vJE;OMHCCTD$qKEDttJ$67;
zp~~5OBGuP<@fY>F3&?uOI&6LVcKPBUPV>~}S56XxRzU{yh@aQVojsEIlF1<oT+0h+
z$-M&1jpam4M}?m+kXf&sk+;RhozC0N8V)Ymez6D3b~*>na|PcTddVGpVYS=&s#5HX
z`~_2qXemWa+tvhOe=8dCt75KXWJP!(E9S$gi}<T^{SS}E9jg>GTvGHQ6vU2QD0MWm
z+FQBpM2qd!9mQrF>(1s)voGmSi^@)$)Eo)>dArOHNcXSp9!xH|60ARXWsN;ap7O}-
z#9W~08*L7%lKyzS(0pW5^1x<W)X<YOwQlj1wS20Y!A4}>n$oL^_tR|dHm}~X=P>s_
zcIE#D@rU5s9Os2_hu|H|ePyMlrKVoY2_}&dMGB{H(ba!Xnrag@!KxSwgAz-qs}uUG
z$8YjMd;x{I9ch7JItEbUgb4K07*iZivN?+}AKSy-JDUCV$o|k=BAvjJ=HU}WXgtq0
z^mmVjtE{@;BU{-oeu{CuE-MFY`xKgfQ1?up5ew%9R|rF{ut1BzC!em-owd`?J&lve
ze?OtcfUMcQ6KHRW?^YDr(*$ou{OjCgMM#rHT)|{j(mYD}uM!~;$787>wMwK{P#*0V
zktKq)M`{G-S+Ai528M{{D>Fn)h4}!zED14@OM*le%E)vA{>u_a$iN-Mt%HI|Dm)Tj
zE^2I>gYqw)01t+X0mFsf?zah#@Z?7_@9cZy60v<K8rC5-Jx^x>wQW9Ul<h%oR@>yu
zkwWyU#1K>mgUE%hXyOVigDDyunST`mS|U1dJYS3Nm}Leo;H05?1eSuxw`y$zYbZ^4
zX<EueQfWMlkj`e&F*0yIpP7L3_~&LQ=4#^VbGRhA5aCp``~IV*hesXf3+kOG;d$6M
z@)Qk~Xu(ikjS5@+wMY(Dy^2jqz;6d%fEmJY5`PVFx*O0J7KeSN$2lf$Hh@$ue2TBb
zbDOBoMqrItQhyd}b02w@jN+r|NS__yXeZrbDCXfJ6tTqffOaAlC6a!Yf-t0bOm69?
zPtM1hJzBhdk+TV67xdf0`2FA^DFOH=V(J40MMzA!Hj&u-YL4(0CflW-LeT-mDG0~=
zI#?ZkV-W}kK%_ry{I#HoWy4apAZs2+f8OerYOvbI2?rZPe8wna-@I8dWNZmI!dpRU
z#M<b=*=%H<WtN4otj;I4hR20#e-X*!?}YIX7vQP!eGzsP_BRJM7K<2$&H9=134x8%
z6+luaVlT)shMti$=jnB?QuQ}S<{PoXzYzb?{y)E@MB?~P33$P^8pqu3M3%?ViZl=%
zu^Q@#h@uFP!*^-ZtWPKAU4=s?1$o3Qb`1jgpHK0Monpu`wCgkGc?=~x$X)>viP#BS
z!$!1NqyaQ7IXqDa(m>jv;FO^IM4B~7?o(TblZD0-tOfbIeE#+9Ls$GqljWk&iD`_@
zGJ%|p=s|%2FjS#LZ)XsW`K@^x#VQA*xFAA3#_m9DO;BtapO~bx6mBj6(s)8NE&}fh
zSWF<`BF=tuFyBn$fl~=2NAreBMBhpmmUato1*K&PIDE#Gmw+I9zev3qA4T&4p#)q4
zik-IJ<{1;L%wkbcybTr;Gw1H8%X#PKeck!+-UDU}#kqpjV`yo|Kun~`iWVYGanBVF
zx+lwEMswu#s5WFLS!JGCLVAU-oHpJx%XU7S)0DC?0H@uZ6&I_gS%4~7`wC9H^NzjC
z{H?8uoy0pUOn~*<4;zNBucuHp{MaKB@LYbq4FuvmL1|@JNI5nk?R{@2U#LKja1EEk
zz?CDh@fgziGE^DB+s<UjaNgeC6@XW8ZXBouoiBu4n~(2LQjZmnKY#McjvYIg^A{a5
z(h8x>mRY+=kCy5DP|~&vCx_i$lx+xmpjDHLrKhs(`AEv+^e?qRm*NxiM%?i(Y2`l+
z3+HAC&t>09uC*LquX=zBRbsy6(-ikpe6t*Sbi5|FUK%@X>wIhZ%6c<N5qWK^Z1v{M
zr6Xy>1)uyu(O5+~<PL3dOD=u2T0o)&K`BrbJ76F*jeLHZHL2hbM|U_feVjr$Z(ek|
z4afsaVA-RP<@PpC<&`I1DFJjMQ-kpqXJkB_NGK-u2SEYQ#Q?1f8(qaZy46#f1fsqC
zl{NK0l(W+D;kDO)%q@f!cPk)RZ#VYKO!L5i`bkssOp$M$CbF`4eUQN+!yJ!<)MS-%
z^B!#@=V#7@Ay0e4xXkxY?|h$Dvga2sH-8nqM~wv%Sy<9DVkoc!BfJBYt+!$hU6?sv
zrZlbque;8?_hdsCjim|OGi8p*iCHA(xgIOVDgd77#}2Vi9N+AZSLClHCfRU+lhQ}y
zT*sbWfE%LjuixlfaeVv1#IU*wO}_cH9LGB*<x7Tz)uZ`62eNH8_0{bKvHfIsh<y|a
z+<}{S_FM-R!m@xUjL#3C7?}83NkCCTNP*_!zN(=+wCri$BYon#j^Aob``mKnnpLLg
z&6K>L%atb|C)9=f?zC*6`K~c%czm8-L)iO41222MbLg5HXk8chCQn3glh}pYs@ITQ
zLvJKFHS5n*+*z8SbC_oOcGf)43S#e?kR2j_o{Kvli-`qF&!EK*u2rbuYsZSk4V+Q7
z%kIQWjgi)A-8Jl$AK3!jb1aYQVUM*K&0N&*lS2kOTWhb)aA$kE^q~xyzOS<vDeU%*
z0Cx%zmZBw(Qos&#7&qXzVS5J1GC&lG%4W<GD(K<YPjqv$gf=A3?K?AxJzpl<8qZE>
ztGXt=!Qf`+BoJQ+pfVec2iJt2tmi0JOL$8moFxi5Fy84J8<T@|-%GQ=#Zp2mC>(G&
zi#vP5Aaa~(yE^u;n;HAX-=D&wE{;vHUiyw{jBW`iYZ*;S(6i4|kZ8!;r=q;(>PEn)
zz_v&!U166{y3EZPTan0+z&EM+6D`oK4B3Gl)t3*}Y4i6;mM3=gnkDQhFVR)lyDyv}
z4L*c1g|I~QL<;8Qix7~q83%9X6Z?}Vn3V|**8;0f)<q>pg3tBAxWFnYk7Z&`tV}C!
zGi3d?bUv@?Y<n>@>JBYIV-xu;g${%L#cGS@P63E6h>^jU@-}Lr!3m0sY@PIj2TdV-
z%J(k@*}SL0Cl6S?t_bR`iQeUczl<MpwOFun+q_pvb%Fi6R}e0&>6p59LR`tD_R_P5
zm+?`Zif>=L*85ccV^ke+h}&VB)%b6tO2ojx_|iW|)vvOuq4arVRE;}Obi&dv1wjQ?
zcb+`bz>Dsev)|>wE%@Y<{|?vD{}493>gZMUtWEMlnS!GRgA~Sf56bPjkUtUh^utV6
zzJBLh_j4Vh%E)Nk7pa$bxn?6W8rcJz^&I&Lc1P0Y&hQS7X5aFo1Q}**3QCbTYfoil
zIgMo(1hzeHjivJ(>=d{y3UWUG7;S5Ma@HZE&128H55>csoypQ$x<p?eS#ZWvycK!$
znB-XPAOil;;@Q-t?$ELk3vEdI?zCz*{_I$-WxCgkx*efoG9kniHdz{>sgd&S1$G`I
z66jyYKkH6LWrquq<-;>oZ>jcuE{%J5^7;X8<3^o^E@3(3&F(D4&;SS65F^yL&1ryv
z$P{Bx8YA93*HoM=?5A7O(e?3UH6^|+dTC{MzU3Rxn0>t~>7=37yP;~`(U>2h3%$W-
zfY*AeV-bztA4vFqr(tBtKaSqt)wIJ?*?z>PXZv|mt^D_u{R_CfXqgI=*Jd8Xy%L0a
za|ad&L7w)4iJ<V&=-TRP8k8LEvgcKD=+gt=BR+3K%ux9%0)QbEQu=)1dKvkp%2o<x
z&(iuI@909GrI7GmiU>))$oJd|t7+K?&@h{+H?IiYc=%c5&F20#u^%DtUc7yKQt9@K
z9oxU9p7@ZwFZx2IlPyQRfI=Ao4g1mx*ir=K^$SLVE)DTOCld{Dxg8CuNAk`mf1F%1
zDb(@%$K+)bJ{pJyBv&3hv+1~u>x6pTiayp~|K^pIPzEcCV0@5Y`8PA>k#Jyy(;a&(
zDk~wBzrLL>rUGh11eIM<S6>FGrpZEE6P8<RLcCU*a4ZTm#}Q3g>}+?qwd~km+6LUg
z&6IP1<&c{XZ~3qF4bff5Hj~Qn(M+MtpANZpS})NaQdYX}=OlIVdt#rhcD}KvfUVKP
z^|hP4Dq4n`p1!jfd{J3zs!K!1^$~sBTZJSS*+-;jltzLV&yCexP+xQtQ-RK0ozBR!
zEgM7PC<{<+=fd_My8K*r%aqUf;paPkt&ffl(qp%<tD;T2_NHsA?YqA9r^BH_&P~Pb
zn|nUAguTRaaOpJ$@sDCUy4^#$$xCNW`(#K!Mg;Fkf!Kug2jJT)MVGa+7{_V!DetM6
zy|tcs(tN2<P)gS+TCG0*#C(f&)5<7)f|CkM2oWw+UMvdK)DXpR3kwIkQmk7~X~#x6
z2?~hhkFU=S=@KcNb85KvNZJHhuXz62WD`+Ulty{*YTt=u%m%)H@=lY@&hDPkB^t;Y
z^%`5!{L{PrS^8Je=$$m~(KO|jt4wg6E2`^PLAG3&=dYT2sm1S}q$sj{heDQ-X&(Fb
zCO!8#+p6H)RLPwZsW*q)tND_@!=;{OtepQuEPXUh7(ciF@k^V1`QHTh7X0*mc1jx9
zRc&o=t93POo5|@jm1=jj#;o?9{=TZNT~~B})#TA3ZPpX-2cZ&_-_eRreOE5c9UD$5
zdFy$2IPbLa(C8X$O-zFOXB<H7Bid-#?A3-|bm#15XUgSqpxH|4xwE}gs5&{VgB;O%
zPsoc3>UjdfavN>m?LXl2VpR1pxc-1tcv4LaY}jsuJqKa4S73Pr4tX<~@^MazH8WRs
z>+4%zx|49=kH<^4*4z8_NVCp_OrKIpdDB?aPn(Y)XuFpSHZHup)cEB~9a>bLC6}YS
zth+j#cg`lKC!j7x_-N<5Pt-E%%8kyQI??7c1fL+a!)IJl3Z>EzQqh32;2S0{UOW$p
z!_&6Mp%YTg&g*F;u}5B<VF&1{3ThZ88!`O)pf%<i8i+ux|E5!Z0|f`e9!A+@$5hQ)
zp)ZTDFd%<FX9Or0@F)xs`^g}9ebye~bzw){eq3_u>tRm{^$?yq*sDlUx+#qaDbU_=
zdU%{4Hl#`&78v`n(Tx2*^W%9+k=OoiDIdd)+lSu_T^t_B?CBYrGuP|bVSF&S<Iy7V
zMp~}m)bV%W%=>Aga;rDN;N1Ip-p3MQ<D~nr8<B9GCn%CTI&7654!2(EH8|%TWqLm?
z33&{^CoVQz@A*xg6#4<tqXus8xcNIw$%Ewovn(pg>|qH+CJSQOB!$w*^t=yilQ)7p
z@gH5*zu#NuZ`91}o%ESq%&-gl7;JO4`|0>l$j95mPpjUasyf5m(DapJ9{I(lKV0g!
z$;Xdi|Lc*D%*Hz3==J9NegySVb~#^o{&q*@_qv$3YUM>w*V`;yxc7Z^otw9R-_3_V
zhnjt7(l-*K-s?G1=XZ+*Zq&8EQ?1pcYpZ#Ev^Sr4^<nuNr(5~8)jO%Dri#+`j14#b
zuuv}1^YeRm@L;&G=b2E>2seI<boW3|QAY06`rz*S!V+dlp6Dy|u;zD~;<O;Me(Qbc
zo;0{xfbm1{;<1drhU`rz)Jgf%mOhFRQDa-#A&xJX2hZ!Lf3<AhBO#E}C&7*#`$Q}4
zZAjbay~);O@WnpZ9qPRK`<j+P|I5to2(tLT)r<P+?)jw#789w5wudNg@GOdc@bKXS
zU7epjw|3|kUH`esFRZBhcS%(Fp|O`c?cNu?O{~p{Q&Fq)eA@l9tHGPv|88%%QSQ>i
z$O?l-*WtwnerrFre0;uE+p+dWwept@gS}bFIXlm<LBs;xht5{<U9YG3rTLv5RP@*G
ze%$|9bf$T~ykVNRd&gC>=C|p28^9cKQrrPE@y58V>$Yw+j#9Y#YthVs8IdM|Zu;(#
zD_0UO%Te}jO(LG7#d3u7!{cW7QmN^WUDTtCA&drSVMGKRpp0<36c;|gLuI4k!)Raq
z-Hmr0iTw}swWIXey~^0Zo=l-2KZ}I#dD?;NBToNVobqj&J?zfW?5cLUGS~Pc_uIB#
z&wrVIpKM!Rh+O!y9?%=(p^1phqD{lx*MU|V#qSd>`Y|HUwP7B*p}TRzBP`AptSr^N
zx&-bX?f5o2HhJ|o)j(9yz?!vUWKrJ^t*MPEU}$lcZ4qw`M;Sz;;V2>?gqz?(1PjOQ
zR~|472B;S=)>bz8Z+9Xhew2^@V|{<Yp*hn+XUECgZ)P*7XBxJSgnAzJ=B{s=bG|6m
zuo`!F{_t;!)wX+U3VOWe36HSBP5!}WMTp4_WQLqKi!WNwHA_}j54QQ^zTxBG;{aw+
z_O&+F4pK>zDZ%wYySbe)ZL$R8Jrkd|Wx|pw>MutT_f95&!5{}mXBtBwXt7~#&eC>c
z^bH04tEoFvCyK{RpZ$-uQztURH1vu~joyW{_Q#7SFFQTmcHF>VIIY6+^(E>v&r3nS
z?k;Xw6^@zsw5){qsu1_l@|fw%#Z9L}{xtFPO5)x51A5~i0H}WTlZ=^o?RV`@i?4f>
zSKIpja$sdX$TL}uJDuN8Cz4c(G@@69^$`acow?1>;m2<Y4l-Df-?n~im^x&QJ2-a+
z`Q_^osgr>(53aVo%-rC#^ZF-qycfw-+dh8RKm0aQlP(i^94bayuYJ+^A8wt7tumpA
z-{-$)Lo6fXV$6%i(BYOp`x7FNFYUkJZYz>JUvons?_ln1NZZzlkIpzu7dS8#U!QqE
zP=-Zs;2T7h1*<-5GjoKr!_$>Dc7Z==j!rBwB~^<QS-wf1w5FTaJW`V`lG`}6Qg!<8
zEu7<%ml|Fff;&$@MPK>C)R0R7ssXq0-#%q12+{(GQB8bwZWti8+45)`3T_frXYtWz
z0-M0I#*<<%mLU!J$cMU8KIKoBBZ?UwW2OUJWmbiE@nVv_wH-!d@orE9f6;7>GH3{e
zbv|mzxm7v|G;6eG_4_rHY5^@ls3c1<c(Y<D>{bE=^;C|JUpPOqvY!4Zx8leN*>$Bg
zs$vV!knU$%jPuWWbIml;o%V3L?WO4J3#&~7+n%f)oY5Jxy#nUThR3^ngsl2%N2_KJ
zWf_^BJ_H`9>R0mC{%vO*#%wQc2EUb!G9!)yQfdbwcD`&Q;_n9}Wk=~-KLKJ!S8vtR
zNjkh_M7_t~p21UZFD6Bg5o1}Zzc=&Oi1#x-*@HTMTE|0nyp3G7yVgd~q$RE*Qe+CQ
zH)HI7j;~)jzcmib`ZKzaf7t_mlB`A7<u#!q?^%!%$YeF|zyZP-D0`iBI|JPcQ>^2a
z)&3;ZR(6j#Zo9@!4zD8355Y>wHN>K&k{-}*Lp|?EALMbq?m5{lRSXco;AUbKh{)BP
zsX_VGJH~Ft)cfzwJ%h*M+K(^0&gCUE$jv($5Lr+;boJHji?jTWcUj@7ANoy)$_`AT
z?%RKLI=IEM)X<~n#p#eNR@M+qecsGa-xSus*Xpe|E$)n+>e~9%?emH_e*XkVtL^%{
z^RkRMh$EF@)RtvnNx^ys_AEm%eeJ{g{#d*MM8>%D89+x9ggrG%Jko!&R{(CpP;A?#
z?1kE-z3rge-SzbHE<Fo3=KV$D%p6FWxzaSG<#gxOD9+ox;K$W0uQX?ZY4e#`qKD4P
z+)~WQ=-sy`+3b^W%qB0_>vk4j@B5I+e{RVMlIgnOve~nut8uk$CV$+17*+7A5-MwF
zltsaW-pe6l1AK<Ln@1V=KrByJeiAYT8OMy>@_&p@p2s@GN`bP+$WQ9WykaeUM{10N
zckS`^(svbVlbPYKvA^0{R-s(C56qDTUB)kf>)xzy+#6|KG8UpPIt`ohw;hI2lOEwM
z1r}c#xZN>_>dfx+2!pLW70-a(d|)2}*KEy;Gl=amjgYo^rP?F~c)}*`F{vejInH(F
z58j__An7eVE>?Y~4xY;qfKM<)hPGJW-cg%nipZ^%-QWnmKesXf+XMR1_&PxB^P?VG
zIH3eCE}*N{24yj6yb}#grM#K?-!lmvw<`|X2p!$52)M$VhIc=}B&JUtx^E3{5-YU;
zS3nkaQiYG>Z-c3BEVHMiGi;;ztRo5#{UNA=2D{+6X#mpa3AZwJImA~13;_+|egUup
zj>|3s#Bo`jEY|;W+aitv^f?rI2}Gerz1!)3h$RrO=^3H=rZ<KHz(4Xx(Vs=~rEY9-
zL1W|JITVU>jye6V^oXnQKC%6-7dg*{$$!^iNa7yl9i!=oxJbVHb-_abC92R)2eByB
zffhPSd7E1j8lC#y(5MfEI<-83l0Ad&q@!fp!ckk{!W=JD<l&tj&07R!KOI7iq+R+s
zd9!<A`p28lVV78`*_JCG?0((x?k8ua*$7DQaS?kl7wCd&y6ijM(7L%=h-p){t+L%w
zVEAUzBGR~Udtwen4Rc5j3Y1i$OQ48I+5h!|zJimvoHr)DHQzRGOU@tT?tiji>Ho1%
z0ENOUloJ10_>ZpnXC8%u9(M{Lz5f5}Li}G_zaHAw`fsJ^>i=`E@_z;D|GS)vjI@jY
zw&(xOB>K{SG^YPM6c|Y(Ljm3Je{~+!a6;=*<hV^koOd8WoQ8OFXqK&{=?_alADnlH
zn1MO?&3se795}^S<sv9ik~30D17SRY?}$+YGMRjf@NyS~2Zf_*WG9Mz!^87u?%;mm
zk$8iW-O?&_<cO~PH}!xD4@1nk2eM<a6b(LzV44|#3(=I|1HK3|X<tBO!_yf2(j-d2
zm;-8CzNDmyY<_-!?t=|?#N5uieny=Dl^|nMfw2-4K<uw?Ha-^hEbNoXh7l&y%GG^f
z<{qO;^JtW@G9F)&pC9^s0iRCG0Z?fHq_r@_H30$&%zROBV!w4VTt)<rFeC~PHJW<1
z0NBrk<|RS3d$c?NmB9xO&|nA+;C|84?xQ7t<FAUWN4!y{3<<s=PZD-TxWE7mS|#%Y
zR6}fLgmXJvS)Iv8t6xnjP0DfPIQZ821caEMP9k^QJ^BmO=A+<UlqJOsZ-|YOR3cWx
zNTl&Adx+Cz!xUk)skCXx;x{4<$bxshvNgfIh?8%Z7|re@P8$CN^uT3E#liw$Ay|aa
zda#LEl4t^Q9f%BdeGyqMd6r<mj<ZpNxswaDZE~<&rfvpLi9`eGRg_^|8uXr=m^nvt
z&=g7KhtB6iY=W8rUJ<+wK1Q(X6zG;PFP&yxqb7vkC87xLME)Z7Ai~QT;5uPY_JrK$
z)z-hSw-lI(&<x+#2t+mz7BK^?;cZA1oRP$OWlDI#Cb*i32av&W^?x4F@B9zclkzwM
z5Zx<-Xo_YJ<SkF6q!HP=ncCN+4IJj@v-w{f_iVvAoL&7|F#d8PBaK8mAtVck_j7mj
zhhy~H_pjf2okUV;%DGk?8sb{9GPcT-LO&OmG&`R*)G}3@z9lWhsVJ&-qN(KQuDmlf
zHdl43NNWLzi%H7{6=Kh!xO@E?0V)F^qAJ+1cx)C1eL8=XM1hzntT!3S144UudBIr>
z2-Qg@j>@CBeZ9d@4oE@imI>Ayq0Il(B0+yb2E-;|6!`L8=O|*sYXrJdWU=jpP8>Gn
z#`>4(JB{CEJwpWJ+l@)_M7AXoFhMAwmok!~OhxHgS@Q|fu_Wq+i?*XzJdCbpA6#dh
z=-V9OPoCZW(5(MX?c19_Y)T_01xOq;8NUW$%+mcwTFH&hh7(mqXtDG-DYbhIlLBN~
zF5<b<)$`b*4C(zJRj4mDG$CThAq?HA_-weql*q_6xfjmm3*YEnC$-_@mFB`5;<qn?
z?*zwg)LVfINlH}BxPQE&Pp3gJbZ>s|HCbGxL)|x@V2m_*oafUahBTZ&kE2E>Orl}Q
zNE_UHtUeN-(T2vZ{#);u<2l$^A)6oKd;w7Tk+#E)Pq@7ikx|7VJAfGR(WNcGpO?;m
zylAqT9R!oifTJu4eQDfV$mqeJ7tt(wI7tLQ>9|hjuh-K3?g+qDaox^??W|^}9;(Y`
z6dOtfcS3ZZO&l>Yi1n{^V-k-bbkVJUP+TmTxd7bXzx>yJe%FK`s;|2oY@*71IsXr9
z?*Z4uwyzB*VSovB5?Uz2B!nVTLNy{_5)ueaK|}#j2}Kc6K}AtfAq)_DXc7@M6cJGr
z6%`c~MnDi$Kt#X>h#eK!7Ia(QVehl|J?EbL-tW8LcL#n`)~s1=CNpdO*Z+AQW2gg)
zxEuQjW+YE!5P{@$B{`>kH@gagxF$%#`aHRW@^LrP3nrLt*d2@g0`Qmq-@k|@e$#1;
zLq^WX!9gEH)%>_RvcTp*w~4|1t%_7%V;qY^BhC?>u1B^(x^RU5t%Q)JOoQTxolGE~
z<&lJqm_dO<EVrj{Kjt-T%5#7`H3(;ai#w5kWDfDij!wr1;&4egnH*;d4!}VeDnM5z
z({fAJ1THBRdzq8K5W|BYQ13wMfP85~NJ^MgI14;ORnfeOrSya0-$NLc!vO-XJL>hL
zcGb{*usBsFK5+3$Fa<eNU-Tdgl$EkUl<#M5vL=<>=&1|l3zV{VJ`W=R5Y`Hp|9lzz
z|6I#Yh7;Z3+*y$+F~mi|W;U}DY-KA_tN}QDQYq~^5+{zzWG3?KdkwkwCcPR-_QZ`G
zSKstz#5X6($B3v!SeR_koExPI4uI!J6VBbH7(M7aZok9jJETJZ903}DXG>YIw*|<<
zhyxN6VJ2r|lf7=&>f7fqIS&B<uWfLfGWgXB3ypOcDcNx%>#o*MYEbSCWGaJ6|FLaK
z=o4=Z=s4Nr?L1rWx?U*?CD>|;(3iZc<La#|U$*zGs$KME7j1iP+N+a&3si=?A6pnH
zB*$3S`=y=Tk>oWPGk<aZP$S+f@J>eDs?_sFo_R_YW4!j?t*kpF^R~KH^8+uR<>u;F
zy}a2RlFlEp+4jNe))s5Wxw+17)F|i*&DfCj!{$tWuhF%#Y_qo>hTB(3=ZA&NfA}t!
z9yp29IK|tR82sjuNNUm9^-s5g+>9Uj>rkfouf6}+8r%l<Anql^=R%G^=`&PgIH!dz
zfBdd^>H2*Z3VYLjg6dE=Jjr9Sr&|o`#oq-6qi`7%LKWH$zAIf85P>vUNrktWs$p$e
zfO@dGJi&9R_N4NnsE0no8`>*9_B9I5ZijS(*vfBtd#AUaD+LuZj2+Gm9OL?4xN!G1
zK{xqa8h?2eq<}abPW%<>L;2hq_VNAFTV*?YUmbViq*1htIuf>SvQAI$U3$R7nUqnn
ztbjxTSAWcnQ*qrNZTz_w^Ygp>UhDcmTR&a#d@ej4v<o!Qip1SJ+_=5p<k&_FcDzXy
zUFCXeZ0?p#*59VDmc4x1uBr2&IkxDk{gB4Hpn#&b25}nGe($r6OtPF+;<93omE^7q
zlI1`DqmBOD`>$H>KgYq2U9eARjc{QzBH@k0X*Hq)zyhqpkQ`?V@s(eY%0cSSSodgw
zRs|T1!PE4rA%rC);=M5`G*vy)6M>dksFQ?))7N6*HFSbNhX(Exh8UAmA@?F^9EC(0
zK$64_fzu^Mt*Eb9=p;?|rh>_#VmVR;oGvYqn~f=<wquvic3pZQ*B-AFB1dG{je)MX
ze}whH>A${{M^N8Z(hE#RHVM0!;+707x{La?&@qjj<dKoIuu(aoa!UGb)%NS4H{`wV
z+x&=(H^bwjI&6(mV%uFpXP)X|tBTLnvr{R*Lf_lPcA%k?#Z)AD6cQ*X84#6`SPFMF
zE)fcZp?Z%*x&!oz)&x(oN0LHqN0`4_ug<dhmg>^IK7X;)C(}vWNtP<00|8Gg`MUed
zel;C8ayvtO195YMI#2?Wf0mJF2o}RfB*uKkVJV;fM9mLq6{xdmPgICWsO$J$K!zC9
zf{B$f$|qXp#bU6-cFYk<15@2rmv@p!n%WViBJ9?vni|FV7Sg~+p{d27X;L<6$TzDM
zdTMTLSK~!O()4IH<w_KmD^c^6dkR<tpsu4j55YurM`0vf*u(cW^ri*sIgwOTvKYCc
zk|^2(zz@(;P#rZ6&6+%rA*2btX51*;vqWd47G01$3cR9QlFXr1gZw4NVSCju*rb9j
z{qF~cZ@Nveuoq|~BA;69DEt`uVUimJVjV6s@F}<-)TEQFWHR9WOb=0yTj6)3CUPct
z4D>k@o6X!M_9&w}3g_z2y^1?}OYB6Op~iB>C)BX#E)iO?Sg|#AwGAPft@sm4a{|>*
z3-|ndKnp2bw8tZf_%-S8{QuJqo*}U%`cwEMSOllAS*Dt5Ily_;3^f28K}$s~P+qY>
zV8ie#qnkq^bO%y3`5CcUxXuvcWV1=0;SctKM~EiKPQ-W$E~@Y8;r#}vE<&_S(sp9h
ziYnQ#FP57(%^%z*AYdgR2mlnHg}4L#EovAq0!E~7Fn_A)(5B|U%7nl2uRX>YNsOWP
zG99p&kpbdmq&aG!I0<rr;t)*X1`<N+Y+sGu;4U_qpc7bp8DF<TP~40WBKHZ%5J4Vg
zL29^1bUYqbqPR~ai<N~6)@dYPRE3&~;J8|P%-~%kxk}Vle7(CIG=>{AOaZsx%lv60
z{>f{II^OY`S`Pa}dn8r3h06LmwtOclvE&;eB0zh0HzAh0jcTV3syoTB{5C2o&f686
zIZ{MZfD%-QMBJL7kX`j0(~q#2s#%&;N<MouNU%A{)XXe3h4VC+my3Ob08kmUmx|SE
zkFP!bt%bVj@I7B-Y48fy1wT#(I@y5{pzN~g6i&;Ab;u45o+GozNXoj0BpLoZbo<H)
zt#v;T+xfeke-w*DE*&I>`tC6swp{;qLx1I!%lq$4s{ujbAB*pAeX4Wk&ivSm2WVpr
zo30F4M}N>%ll!h4bN2T9)$6qfUF@PnbZ%MS8Y>-U)JI)l%F=iTvt_)sl3@Y_aSW6d
zdC9nAr8>LcS@{X|F*q>p)5_(MCedxS0FOh$b9$1S?RYqJpg1viTQ~bVwTH@})j)xe
z4g>~9%N4t>Xc);cWtp;#2>6x9siQBX@5b|I)A5z5&mIGl5^rXSFu=G?E_q(t%uDZ{
z?<8k=f-F!jTWS|Y9{{nCDd7SxB&A3<8Tvbah*9p34wtdFT^am#dA$8Vc8EMVoZ~&<
z5i~rvK010hq5aLRe9wj;edWA8eJKOy-0ofR&_A4`Nw$lv&!4};S)<Q*cp$$ZhaPE9
z%ih(M>7KGNXmp;&p0J3FIR0de^?qE~I<+*?eCzlzUr5%73=k3sc|MB79sZ~WhhFLH
z>#0zXBcE1v^x)@7$dCe=@d*f+MImuaZ<!pkTzWF#gl<tSlkWtvUv$!*`7-8woK%uJ
z?h1My7@E0$glqQ^06EvP)Fwk{w@CIite~jZtdY#)udovuAn#bE+pf$}jds9Ml~=A%
z7kZy+xO)dUhYYAR@S*i=)AN2gPe>cem6B>esI)@gHbZ4prkau59*5{;KU4qm=9k5Z
z3u}LNzD~_Tjucv55B_!g;+mV~ZF74!tVQGJn(@x%U-aHc-ZXJq(<Z*atvEy3%-Xud
z9pOBU{Q081Eib1st@q;F%xBN$T00CWm)Dfk<U3?nW$McNg`ce}e|4_?*vBZ5hh8r&
zo!!GPAHA_B<KUWY8ys@976Mi0YrAONX9rK0T3=nBue=~@Fp~sPMb>Ge3Tb2SHHr9a
zQO|E~VS^rdL_5&P+1b3W-g%)J^IW1=o>M<u#7_u1YL;?u;En@-UdHy5Wn{1Xu)@93
zS64i9Yd_=TY_#fJZlS9+?Wi7ey)|dki{rX^d3!AG`6R}y^x{wW=0`i^n4F4I2=ZHY
znm>5)=owe{8p-@^!@}y5q=EHU)z-f3pq|rco5m1hUVfv3wGBo$=bS-Y3)mcf)WfEF
zSRGd1>Dt#P$seUz&RZgvt#csw&~5VFo}M=u9t%^?_}%P>KYF|p-}im<?Fe%m>X>sn
z8Eh~j&kUOyDnq2vBpY5w*6=rI*HgFB^R7igDzd3JbSkCKt(~85)3gPQP&EP*vTi0T
zsaZc1aC^EE!t$?<$6ut}zWB+|=;mI9*5+Kl>I(%S2CKtt4m{i!SISRip<eer59bld
z#*P(fKPuCTjbmkjY^TtS!H>HiJeYT4?#rA5gKKXE)KxEakC`(4%}00Do=EL^jh?tm
zO`gNA?@u`wEq0u4*u5j?L}Gvb;Q^D?Wbu**?cdrHxG|RGT&rf^Fk^DArQ)2RpVs2u
zQFZR3V--@pJB*!Wp}#R(erUhA+TCI;fFkt!dhOexMH_9n#UeKgvmm-;viaVt3+(FZ
zB6;B4z3o9&Ba-clk9*!eyTlyY@#lYUYUzBVZJ!#h9a?TXd{IL)<yhb8@m`yj%auoM
z3{khj!u%lH%BZ1;ckbENlr#Byu<Kc~L;4y6mVN=ds%hEs8P&csL-$Za6L-!w-3rsG
zLPhSA6&XS#a9J@X8+x}@qiST(bSP(k-|klDkKK|3Je7j=l~IqY+WZ=y`)oUXuGHSG
z(wfFoRS>#I)xCOMSbErh*z)=b3!fERA}{y^-maWnZyr9=tb`)jLKNXI_j?9r+hs#8
z%MZ{~YLZnt{g0(OG7L@j-!<Q^?f2%n$L(*swgtvE77lx>7-^m}%r^|x<h5k$fi7My
zCgWS)49uH<NO|Otkt1{Y&?)pnolo!e-%2N@OYP3Jm1RDvJ?|~4TsvBtaNd5Qq0g<o
z#<UtavVuCQRZct%SZ2i65uNAvdJ#chGn~Sj%tNgORIm|%!cYz=7KD404Eca}jIwL@
zsz>!qnz2C98o*6v9{_yAG0#YCI*FZ4l?QkdPB$CJq?x0d98d;{gfo={U~G033F87(
z-dE_E+Z><r@@LM{HT*-nW5+IvRN@Rq@7*_j#1kWJ%et-4q=Rb%FphdHaFa)-xz<!7
zwGfEqY>XFZJL*G+fo)cRs#a{?yb8`8eDufEb0|w}vB_5y!>1;&w|pbx587A6Uz&g=
z_5dd0L6mM#G`qrJVP8N|z3^F>0LU>I+VHa<qG(JC*P*1IId{!2{Y-!<gDyfMSqpD6
z&aot=kBH1bBWWNpHRnkBI66;An->pSc)mWNE%apGpaTZ^j?!+G5>`dk35`{C5;*sM
z$lA?sOiC80&0X4mYmI+SX4Zws4Uj+ySW~LKr*zB0#ZfE9GafWM4$!~F7?@BR>dNQJ
zpSd1*==a5+_V<Q_d_TIzw)VA4>zksOxBBaspMT-JG4Mw>YA!41_f`9YyM<k=E1)8u
zcUVp9r;YA;KWeh;lin`t6ZV(7JHC@Tfw?4U`b$)UPLi_=I_lITf5e5P0$oD!wsRGV
z7}=rFAtZVPfcBV4yL&@@wRFLIvB_eN9h|vLYybV#hsSf^=I27$MlM6br1~Rx_pYc~
z>L8yl6B@rH*z?-s$B$#Szscr3ekSnnSsgvI<@u&+%k+%Wr?uyO0_Hlan?3I|ON{F{
zvnen%dE&*2i1PkA6CI<gPrhvW;P@N$(Yj03FTO5~I9GQ`*X4nKaBI5ryHC}pPgf_n
zt^REu#pbh;J*F3c!@NSi$`~T9P_Na3vk@74-=F&&o5Y-)srK?~ShF(VL))jbt1kq+
z(_b3kAPyDjuR>LZ02!_ih3y>U{RE+IE4lh1fq6QDrgQb^hp3(N)?20>9OoaFPA~AN
zvVY&>exp^%z)=;fer^<gCQol;`jL>K{CQ`7Q(Jp??z2U^&b_y?D^_dRwDnS5hQsd@
z4JJj;DAcuIYDm{~D=tGp7`U!slN$S1a*XM`y5+C-gqC^3qq#ZNgVG7Fbq6xPKR5zQ
zDiXS$+-+L7C{&z`=wdExkP?;Q&fd~83bSk2k1->d_Ca^yN}|kZfh<bIxX4&mfsI+8
zN5UH61eWc{h=S#oh3BZnz8)hkb5Gkf`HbKf{OMKp0i=wby7kuaiNol_;Eg{%^w+(+
z`exPQJ#{WgMkjyeo)N)uNXpIjOg8LLov*#*P&Qj8n{F_f+yZ|qK60tJijH9@uq+rU
zZl0k#zkJFBN3y9RL=r=bp<W72Yjo8GU+<n0!2FwBf;FJR5GSz1MhQZT0#M~ml#!8L
zZ<8XpnpA{oJKs;rs%M=I`^dVEkr{8SM^O91u!k4C9}}9x*?1%?DAv;a#B$O}s9Ox~
z^kXEiTx4MDNLnW4&R>QSGyDT^->=g-N$KO$8!|-{*8S<{*LZl|%J&xS(MewnJ~*OQ
z&8#h`yx`3Hp4u0;n(C7WL;5A}BXY~?%T}%&<62+2<<n4n&Lhtp-o8)!8gg$z$cL%z
zEAM+m<=4?`Klqm1Hi?KlyTHdu<!z)Frf_JnV^MrN6n;o9`v^w1LQ!8mRc`V2;ku^}
z-tUK|ZD?}^s)lr4XHM?o9ps&Lyqto;ydONr-;HDPY&yF)Q#a{k`N&?YyRmn(X<&?`
zFJQ?E2Ww_v0{^y?(Nfv-pt-yuX{1DmDo*SajjcTWJudodS@wY(GqoXsdE|}9<Vbsl
z6a3yWyRP)gMJ{P)MB}pMpFd=CJ7-qwr;b4ZZ%qt5+_VjfqVunYUimP6($n~M|C0GX
zMAtvW9R0Ohe?G)AeIvii*uKGkFlg0pS69=rcG!p?T?;;*XZ2jy==_PCato`zYh4-f
zqLM7HTk}sYjjO$A)p2$Bi*EnjtG{bQPQR<Eh2J?8w$JOu4v(;Nr}o~wJW%o>x1F}#
zcG0uu<%R1ak5-kJ-t#E>;04?|&L4|*%d#`-7`T#Q;X|zx%nj%JT+Ok&FmTxHiLyoU
zsmu~&Dqi(V(o~E~-uccIU)^8%Q*Q6*<e&6;P4hm$k}fOQ5Loq!+x%c;y<Op6kKadX
za&-2HptWaK-O_9ej{0o)_~gl}8s(WT=RNv2`fXpl>q=#0*_xE45kvQvB<?$NsH*V|
zTff+y)Np**;`pum!4!N-Cih;(#Ehc$wq;$BIWG)rjR)210-kPLYW~xBr5;p<O}ya1
zAt+TSFD8(XuC<`|YzSs7w_uH9Al5$v5E+UnD>P#EI0`eKb74v=cclzWqIh2rlGy-u
zIzzL$18`HbkRmMrW-VvUTFX()$3+4s<Jv`<%_I2PxM~0dQ+f%5dN@Pk{vJ-K5Rk!K
z24s=|0p=Rx4Y88Kxr(8&xNPH<Y$C?`q!g7Lqk{V*QwE!W&w(tGn+XieqsAD7S=JSQ
z80crSY?sU|T4QcG+_qb1*^jzvahb}SnX9Wa-((E`j}7Mka})dj{0dChHO&;kW=3WW
z`?Ci9KP~*<PMzCj<U;YK2`MB6z}J;PWo2Sy)t#{uB`Te<?|jrw<RYhh$2^~_(6J3R
zV_=MlcVMa`hwDn$y!GnwgrqE9=HDyK+K)lE-zZ})s%E0(a3pGqGw6Ovm{|b_j_Nr1
zULd^>t@yvevj1-vl*@7yF=w70%sXfE;=@l8H?c5G_pE=;TZ{N(ne3UVa;p+UK@ZpW
z^EGHMBY8Q`4Ra6){t3+y%Ez=`<*V;rV-V|STh|jvp_Sclbae#f_~V=RQ|0gH)MGOf
zWM?!q36=e)f`8{yp&(CYpj1`{d@d;`yi^%s>w?CSjXV-895)Qs9EEPIV1s3FRrhdh
z*$QNrX4i+d=LS>ue3K(o0W^A62E0R0L)<i3RLvKp2@7M=ggH$KckGbo$B$QW_33*6
zLBMxDtiN^j8@9?xLxl;kgk`_vwcX`4mygBY8`^I5#(8>M&p`okkY*Z;u}c@a8=#n<
z$(cHUd`|t#TuFcPAoV=re=sy|YyLG78PBBrY>CWsx=#yrkkKDBJ@As<2`I#-gna`I
zDhihlgIuh<+adOr{r8vPy%1Yz=DB`Vb9(rcFZ*!(y!(Ckyuf{!L1lq;=qiU5TXwen
zaKE;=>hQ^pLTv(=|6UD{gUm6MJ|}IB@1}(Ew~#N(ivXoUr_@{3A#yW9ZQY>|rUEL?
z?scJ(6rqfS!m&0Q^>zj1LIp&qX>JPl*Q-ZCoecog5d&YyoJ@ZDDCZeqs|(ui=EK)p
z?>*vTTE{9=oVhm|S)y3^Y|>&aLzE_QuUaO9I^RxZ%*_M4={bt^E=;#vUg~7-58Ij{
z#^MhxOZW$SzrI?3gUJ$w@v}<0ei%$SNaS~qRHk+Cxg?MyG(bYDAJ2rqPI*(O4lH@>
zUnjEl2C0oa-O}xtvRCiVbS8U5v{88g1)l^j%!N$hU+u#}VoclO>1Ku>)nw2~oK;wD
zN0|CNNI5Y6(*N2n^%aLx8GU3DB?jhVzVC{%m(-y}`LAUV2av719wl1Yp9s4lAkd>T
z1QQb|TS)=VtWSGU(!;XlxXlzn>mp6=9nWl`2vjPr7Lq~L7wr=vM^49V7=N>b;%zus
zOw<|L(D~s`_3qF#mXN+1X~9$zsQbME)5uS9FEjPaElDr+09Rz^O*}NJAJ>e5{wb3L
z90zr>9>MVc$w++eiDMpW;)JLv+sNKSZR*$5eOVZ9Yr6Khq8_A$2VZJGSJYE!CNR?>
zR()fB^zS)p=4EeFQ1jcprvVxBjmBlPC~EAX07PZT_E8C2b5x~sN%^_vu(&mmlxI~f
zZUws?G1AwIVEpsl22L(3`3;kKF$;X1H@)+7d}uDq$cr$qp}0Y=H{Y6uz;lmG?;WTs
zJA8HP;3&C8q3yi{jz7~Bpdl3Rb$`A*Ga^_4#iV*Y&aeRE#OvqMGLD=~ip}ew>KRUh
zv;BWT-5ykN(e%P>jIDI={1-rH-=5!Yg6b+-y_f_n$N65BC4J?ZxQexv<@LNq*R%ew
z<PwzDXq?TC>x=P)O292ztX$GJC|T^e1pM9%iKjkfm31HDih$S)r0*cr-u59zmP|5y
zWDF|7K}u&aH$tnL`A)tcvAL$Ezifm!UBixZq5#%k$HVp`KUCKP0%hBjfhOgQ>#Ner
z8)dqC@Sr<K`$5MO9PR`Nu##{ja>NqdhS`fC?C;+fJP!Xy;OyCa*;CZewksJqqi^T*
zLXEhv&uz6wS^s{`KZO|WWmZ2sZW}tiuq(J_!`uwj*>g<Ky5F^{&=<y#HhpsBpJM;}
zuG~do_NH~6r!n5`CzmwO&P{3YmicmfHlDoJyOMv8|GybRg8|lTdW^pkmC<yM$|#J=
znMn~1`(hJ}e=Z;>`fK+eTRoPE>@W@&MZqowGheQYIRAX}-2!D3E9cVw#?X1g=`0+x
zul!s2Bfqr;7wroYEt3<g2OZ^#_r?3qrXbm+818nh_Jv*R^sOTdtBUGZpl5BU+O8@b
z!E2eQcn_3bS?@p474@HT{og(O^RE9lY2sV{b*@(=(Y8->MR7?iR`(<Cz3D4LF}FW(
zmf7KOBQM6d5e*h`F$b9}rvDn`(HV@J6Fuf8kK9P$%8|@!PtI*alTMndhQFGPQ@U5Z
zX4L60qzx7aEZ0!2mz*M>M}bkyzXshi<L{9wqeNRWdrIAW)K?xnh0gWOz?^YBUZ~wh
zO(xSDXOpPvQV`S^Z6Yl}Jh3dj^#cNV*~YTw^qa)YZsQbWlIi&jOF^*oqJmK*<_c6_
zyC>DIueMf-{i4wSrqciYDV8u}8@iQ`H<1e5cCl?+p;ST`I7UpRc$`VW#0rQ?3=Y^F
zg-H!@WiWyX^X5D1X^=-g;KV`%NIAp;NUzci7zHF`{wHt94<iW0L0*H56gINfG?A?;
zeXD&*XiQ48E_Kho?DF=u4^HxDX$YYO^~TXiRWdAHa+NrTV3n-aoIB$Biu;i-^G-5X
znd9RdOY<7>jE15~&vl|mA)&mh)81;<91?-ZS<)EYoMoZR!KJNwQ3yC5#tbHse8SW=
z#lD*BNq?rVhBy*=h$HAg0-#OJn%RCtr-5Xk^k|0+hKZKM7_TLsLsyJCO}fpPQ<+};
z1bBuWiX?DiQ@l;5fP*MaxVRPdb7d1#TZNv>RVRXgqe3-=2Pm@@6WrROWTdMWv(=Ue
zRQ#(TGeN$wm8kj8Z2w$~eNM>}j|hF(iyGbQv955*40paz7V&CP5h}u!ZsgVAMPgDX
zQ2Zl|6<cKbW1MscBg-_Wy+^g8sE2yYmdQS6WYRdUHs+{&So?7tN&089Kqt_(_8P>z
zv~c75C(BO#SW&xbQ*8&Py7P!8p}V5ASYFO39>C&yo7@E76HlOQ0ke?>XGsISOzAG9
zsuuN6fQo>{q~9TLB1#)n)QD<|hzFoXC&|C%8?}ab(|MJ9!Ni9TkE!e7%#{GbY_@z;
z8KhHS+r#VesUoS6UZ@b=G0U6X1bkQ(EM+fbdL$S*sLd?_Z-nMI_OPGvQ02BRMq2Yo
z+Njc3taEa)<rZmZ8)})OAb|L#5H};ayD;wHpY@qt<5h^ARSUpv!sP<(QR+y+Z%91D
z?OGZ2Nr2er1!kFfWpw2TTQA}^VM>g}R#Q;?NNxw^)GUx=!WG-eVMLr15vWgc89ZB}
zJ+Kdv2)S&$kShRD^9&5VS7N+Vid~kDeD(*c(xBG}4MW9EzzLHaMpF1weY~29KjW~(
zFv@Vk_;3$LP+yoInrtdI^){^0OQ0DcvTWF&k;3u(fTe*gWN;Y!F#iHigL<SgsD>JV
z$^5J+H>4P+G9)y}17`^IRI33TBK5Bj0^4jPztJPcXt^BG8rT4+I>>_;bgXg`TI|(`
zX;dJeZ+wmT6paZjk$6{=9+7`1VwB24v!oXJ<{8!qjDh#1QajRTIpPJO;ay+}R=@QO
zZtOKuH@}7KZP-T=eZYQys7xw};meLKoq?H>Mz>4lCOx^NN2nDh4LVzB{0(=L8VXGY
zq~UEmi}ehbYOm3dB^PYBgz^E9O`zOBJa;Y6NWfTtDQ(bXn1UWXF5!N}r&NqbR89$g
z#*a!~UofVGGABD+Xhc0GzXl=gVPuH#@-3unT6xA8C6t%0&;7YwADe_r2;}!xa9gR^
zeBBMWzC3QU-naLHePOFS!eC+Eb}4!^W$m@yv8f_x3LsmzA#v_eF9AD_lAn@=DYr$Q
z%naq;;=LVLH+NYYCxb$UqGyyPdBh%*Bui2UqHe8pHjJC|fCfcC9QU+LjkyUA08_3u
z@0Odwnm`zJSAq#gsc|#>@`{b$8cCcR6rbu4(Ih5aDH6gcXzXe>GsY;Vbd)qVrB>j!
zsAkfXp&LCr?te1H8i&sDV3?!!ROw8ZLW<BTAMqB!uYO6Hw67Fyhfo#p<B&MA@<m72
z`Pgl^2RNi8<D{n>rcTz@QA+ymCPw%u|0AYKi`IeJYsZLv%MSh^HZo#qZ_EkD3ggvB
z>Vu(i?r`r_ZWqT$$e!mzi?_hP?5J|#E(kSCu(1)WJfUI-7Kk%aFArRHU81fRNNO_D
z=FER7z0FZn^{i9wnK-$;O1ulvOrXB5qEBscT!gz;pf@p0fwvVQ!5&G!F%1vC!xyhk
z*|mZLx*dpF>>21uFfG~*&iSp+tT}Ewf6>y}c7O_DtfFZ$&r{f1qu7{z-^$Y;VmjVf
zlI*Y_hM)7dp*hPLoY4)KL*PDd?uLE$ejWwb2t+kz1tA-h<ZnoG5Cu>PGM_rT-9y7{
z6l#%2LD!egMg1o)q>VSNS#$B$t{@~5AUkZ;3VI$^eq#5!Vy}A<d|LLsL9T*1G~Y?0
zkNG$TEy}b0S@gltL=-}uR01GkS&rY?Kx*empU95j`t9QJw@aH*!(>+dvP+mawA4VT
zxemQ$y>K}glNi|cOwH)@?|Pgiz>n3nc4-$DXP{a-E-GiG41~iw)l{WhKxzT*#`!BL
zs5vdPHEl9aU~k?J%1#A`+;rTvzI@Q-Un>Mf=#dh;X%TFBp%%v1Z@0pF=}wcKi@|Ga
zNj7jw3pU4%AtEiVN8Y2>>%}M~4xCtjfnpc}KbVrK4IVbF8p#?Ls6oQN?)%6AnNoc<
zHOtmx!AVYuh?_Tt0GzzE_HF#DO>$u2H}|K}H(T;@6cKva{kqoPLQv>rygXH6Rw_@I
zx0_qQbJt&&1B7P)%F93Z)~`zq<W!CiYzmG<@oID2*T0cBh62wlV93xMfBe|Akv~$V
z^sKW)nt>>o<a^r7)&p<nS1V_&87mR%hcxZzmx>rdfZn0V$Ppxc6}0?uvlEqEqU4ON
zyxINBG%hGS$$Qllm?qAmV<JHMnfX<lrF*v7$d9c4*71;RP||C13jW~<rhqWVJLw!a
zKv5M{$5Srf0Q?blR^Z_rrIlVm)vcXc51vdP3S}#yHpPg{GHO6%QOMV^woh9=)(a}1
zZ8YcevmcL@t6?Z>E`(Y5-)dU7jOAc&=7$fg5Adobe40|!mo7{99KIxf%hQL)3)w9|
zH^56r4bvD39p4=mu~k}Wk@Ji-nS-ud+4xFZP4NaRZsnoLe|;=l)!1w;3)h~EaDs9<
zYAn<M6z>OKA9Hxw(V~@v8jIkW$r;K}t@*}7^D$#HPpmZccJEm1&47#hyZVztvzi5J
zTxdJk^v7c`^!)e&pJSjB$xQ($b{>0j7#w6tv*19Ra|=BSM<-|-ZtT2JmRV~cwjN0h
zg;z_iSU4{+UNt8VusRdoblO+idNT)64>}R}fYs6PDL(3*&=}%3YIhG7fsMQp6n||F
z+=?z-Gi4{<!ZHjSr`34?h?2MA4*WMVrAMjCqws*7H0iUn)Awg<13OsfkYift$qivE
zO^*}56_Mm17IFZ;mUNO~;DO18c|+`h+9)z9BK<b8fVMuCS<jgQ1DrKm;pC{v;P}zb
z-$#kdB+vMui;#8!GND8mjN&qMb3WnySszU*<F@ED7LrO?A+-|=d#;Jl%kpn84EFr%
zEk`UhK}~aFp;VgYoF5T$>CHp((DqAW9)*j@yPfmhp}6Ay8sn8~*6)r?0kkmBVq)Iq
zd-Il1>RFQ+j3lweRHo#M{lM_9%iBX#bq%9Hn8J%yg7v2Z#7AJJTTuD*8%=gr%3bBe
z4C}!~$Jvko06oN-0-YQ9Z$;h-Lmz&uGzVj7gCTItm;qHr71=cwx|Syz<im|(jYAe@
zx-IgZqLn9OZfsg_$-ZFc?R7w#-~#c#ieL2uwpmDIpw))_o_UT*8&j3MV&vO<%;uB6
z*d=2xd?h%UXoK(2M(y#+GDtK*M;`14>@eX0L?FMIdQgdbs*J3LaX0Gf{k<_`2pvr6
z^coZ#l!^-~LBlX1$1@ww!NB}j*pQGDfkg-vA5fYNGIj-x_vvey8=ZMJe%kE|RW1#j
z?qR9EVj1Z?Ue1-!OyT<a`YDA7IgSblSE*37K_)D0Mj;#<7!eW6F>?aFRj&*hegt!k
zYh>0&bHAH1p;)$TGD3#}DV+5~$8sumwT>!fy`t&CbM(KI{pLLz&c-LXoqu=YnE#^h
zq!uQvBRZ)Cy!+;>&-^RO8EW@~bLOJd*F^;+xu|OwcLiCAr%VjAK3g~(e50Hsz<-BA
zXp~Dkwv(ID;JC>}ImGM6%zN7`iU~u$|IJF~c=)>SQT*z+@F;0i{-%clAmK_lGPpvp
z5M+gt1!MuJMDV70Q}Ib2hz9~Qh>Q#dB8N978AD0Ubd-)ll>etoW;-#Rk1>~6Y7!pT
zOmM>4_sAW`OGj$P_OM`>jqLwU4Mer8jDeFrZJT&;-p|QN82S@VQ+qv4_f9{NEZp=M
zPXM{~Nt0<WtlFXb$fA0Y&r=pg)yJr7L9`D;ULXdQLK#i)u4I4~7_bMmSx(vkwxP0<
znJfI0gaiP}Kn5psDH5JRpj$W*FWLV`yj`f>6H*G;jT%vYM}P%ANm!_WmkX5!vcJ>g
zP?xgf@3)L$14|(Z8JsdVRz<>59fA3F=z@?mPXQU^?nYsO<{(c7bPr9%%6HPV{RA;p
zpk0qNE(D7azxukTvnY+$$s=xRaRN|`5+<`<KyGdQ@$0Fcoq_)O0kdWk{4JNF!<T-@
znH?~uq|NsC{&`vNV?+=|=l*jLwvSix2*ZX!e=o#O<Yhy(m%e$2%$@CHV^n4dTxxjx
zQo<Y8J{#TKbOemlBq{#peO`k?-x!Z`s)S-uiYpgfl3(7p*ze`};<+ud7{hg?dwcKG
zfM*8z)d^la5m?P@{yT?%+W|n+(=_5W7Fl0T9qVjOloR6^{qU?Shh4w8a6qRQ7$ptQ
z&+>*%O`9SQZ?kKGp2{X1lDXW~w}IhSk4@2ylEtiXsHRY34k^1*I4`{oRasyF_=Vm$
zy!VTY(3cGy6v($U6@GMG6;>SQu9|^EQk$R?FRtR!iY$n)H^pSk1grd8ss0WSv*+uB
za`d^u5pDx)?R7VWrmaHgc3$ItD~oGJ#~*M})r3aYsc^>8Eo{GbZ@vc$Yg7gzaEx`8
zVtDR$;riGlf$3=ZzI`m{847q`3UBRt&^2)FK@}Rw$Q}_-dc_!K)4e|jQiY;x-RQDW
z4Yo`t5CjATe5XB1xfSpmBV#g6peayj>nuICndr0uGA}#%cj2%diH|o#p;ElPAzPwZ
z7F2WHpON!skXMYDt@p0t?CaTkX-yTBJ=4RQ0^^Sa7tM!r<0g~YnxUa-%Ew+89Dp;*
z>x0Tik{1NID{sE?W<Ohl6M^E(irF5BcG(xpV<uvbGoYY3%_j72;J<cu&v|;S?8`sr
z|Brn@xV;`LX^R7eJyLvb|CyJ?5u`ibVx9_U8{>;gN`IfuK#a*Uh#aN0ikswJfemrw
zFg-g&3Dw~^{p$CoeLYDFLRE^Y2v^jxBng|ydyj=+tWnpORj0K5nFqjx3u~m3Mlm=u
zMBAQ_Kkurs+9<MLxTM8)kjv!1Y0LXg?S)gPY`l$Ci3^ZyR2xun3Yp|WoDtFVjjxkQ
z@3;P$5HVF_BpDr@kAZo_{l~zdUTiGrJd%9|q+2T`1YI;usFq&SR?PSg_cU_J{kXwL
z=rW=FLA9sW@0ilONAk1mBKzg1p>)pAyd|8$Ab?HGJ3JTn&i8@6%h%WoZ`e@HoaqU9
z7jIYRcqk<%@x0D|WtQZd-bZ{gfG##5#1~4DcbX_0y!+kI)SEsp_8nfKZ^t4VU&;Yu
zj(!jO44i&GyVt00Bb@J7(V}ew`h+|L`uhjDNv(Ox>X}(yZ=~I=Z1vc=IohknxtQGx
zniSpvfN-2CF6qx2<8ag#d>JAX&=@(=e6f3=`ye-#br$=`5{0sdP0lgOE!8>^vCsgx
zd=~@$c%=xJv&o}#1S*p$BUlQOrTb+PVF}aNXSvgLtL>5V2($(eSn*(RBS9GB+0|&;
zzTrp$dr<+Xspvq8fb<L_MugRhEkwY?0E3RSlQe4XGL}{j#%}@F?FF^U-Rn5Jq<UX&
z*Zy6)ze<S{`w){Q-kN|o90@H|M?)+AF@QD|^4*B#5^r@j9UED98!NyCII$a(m%yEL
z7jqcdjFgwyq$3;A*U{<>#Zj-}BGk4b&jj-+UV+96;7wv7>KTc8w2=3KB|>}w+ezXT
zV|0h?N|Xp`sMjc^MG;*jBmwil&B`*_&`_Rs2Ua3)S`EEP1$^Uz`Nz^pi(N>GDmvhz
zgY?*vEkr!T|2$i0wa_xbUZ7J%uR<3JR|>Qwu7TtbHbpc#=N0c6IBVd<cgc2uPPDIl
zIATkE#f=B+p9{D-<6AD4jIYD|vHJ|l9r_LyuI@YB;#qYcgQatu=Etb*w5rK>^;t2X
zpmP_{haBmwc53ZRRK8VNY>nTVkhluL#%ydXtDTnt+mwDym)=zOb5^QMV~oAhGo6`i
zw}~j$$F1(AZN87WVuC1Ott2rUY-GE!i$c=`l|H{W-%M{cZTyltsz9k=mg`j+k7au@
zQWT-m06$VJhX@y3KR=nIgzC9#yH6aUVF#i#oSTr5>Am+C;|2(}WK*9RsV`gaff`dP
znJ6xz*LVO7oavwfc`Nty)MP8oqf43G6cCpTQog5*x#e-zA>ND>C0K@%z(3=MeoBZM
zZHRri@%+l+TUFQRzrB$S6DU!I^<0Q_<F|VNAI^|7ovCltZpGxtk&CY2M4&g>ObL@b
zJ20)8P4WPg@sP>_5Gf;y(sK-*Jx{9kj$B%LtyxG4@=b2JU9;;}2DoG2%JbWTW%whs
zwL9BeBnt}$lBYv@EYF{FD3T?kwodR`0=eVD<)V+eo}p4&x!r*moiC;1lRM%r2Fo@Y
ztJ%NwXoMSCf)o8Wme^vGTKY2X3myO}Gn7lpB{h8S2SLg|PYD%u-o7|<xFD;b?sp8t
z&Bixvv5Uz9O{(d>HE`gCoU)TKP(laQ&2RdFu=Qhqa^dKW?(kEkpEgDhh-gl8q?Cz_
z={-p;ir*nnQnt;bv1JZ)M#(f>|1An<=x9=!_yyZkpcu^no1_6Sx(`&b<HrE2PH8q8
zQVIb}HJN8lz8%KcpkbJ-W8Pg@+h4b<wAfSzU1UgMP$u&_+A)-q;k0!MJ`en!9oigm
znAbro0QCUQO)AwGXiXPq)~>D(Z#_4_V3zD}5qZbH;FwY;Sz+~Ig*pqzGOT>U>H(S%
zQ)D68#nIy8$L}wb^N)k>fZi&VzS`$uo1M`z4nZF~h_*E|?lX*>g%A6Rl~38NPH*cf
znBHVcTW}MVNp9OLso3eVAFKu`Tn;vUEzx8Bx>Tzl6dyWba90cVd*On)(t8h$owl9_
z>c`Y~h+eG<e(A5V7)pHnb}pX+AJ`gstEc{<j4+TjLb)WEuD%$d1p6uth5uN;DA4sK
zp6s+FYcu7*)$fPx508R9TTnO~>dmw?54PO?4DcuBzvvup0TZwxK#bN%(%RKmhW%o5
z)<SkHYK-n`d6)V1+83Y1_=D*V&{b5??z(QqbXT<dSv4K*tHS*c_r=svlmx0m5Pyck
zACo`0$DHI1F+`~tYLCH8o+b(AthGwHD~PHI%J6AO_oFR8b6gQbLEvqupKnzO*dUZw
zdEAf0Ac1bN#y#3LyQ<yy{8U$1_w$P4NtzY15s~>e0a)!j%Yc&~Tpw-EnXf0O_25^^
z#(U1J!|Mp`4ND4Zu|BiL*bidqNN(J-%~$6w)eth1(Rt$zOpktffPdut-r?seAKor`
zcg4$>;Tp?$(6&5mr%;iQqrYHN*K)`ScyWM$fj&)%`@<@c!TQu@!B{Y^t@!l?!z?Z0
zerI0W`?GUew4Sxdo}8I7C@we&)c}wpS4eoh_!Y$c1n>gul>_&8n5%+cZRN3t=m)kI
z;ztdtLr1LtSkLckQE!m}MS+vag)$-osygZYqVKErb&Z9ky=~h|<0%)9%;!(pZ5$Sv
zGB}gMv-s8X0@QMNd*BK}1jgSDIZ-%ws+u!mkA}Cw1Ghq>7FPFy(sY3=m=L-D<=FWf
zi&yF=XKXUtQG@uppYTGLxcVGpH@7x<If#pshch4}1sx}k<9M<M(f>5Ms0E3-e!I}V
zIxOe(zZUEFBXw7T<)A3dm^0sL>m*FKDiv!)Am|U!9Th-PnBVAgUb;fV&Ajhtrc(vv
zfY8eJ@dM`pk9{v%J5N&dtknV~so&PDJgQqP&~l%k`c6KP94hKXXja%)6NquEyzzVI
zk-J*D9~?Fx(vJ<gf=}+cHaRs)9=VPH80(3lm$l!!3%?pKU*8&b1GUUf|JSm??b@Rt
zDxWJ>A<z^{ax!jaWzGxxc7P?m3%;GBaObP-9<OaypG*VO65K^bDhCN`?n%YJdX*+~
zy<rl%>WaILBx-7A;!{1PSN!N?Qp)}x17oXCD$QS8r*<EamuWn7V^1@6`}`=TP8T;Y
z23|OG&pUWxnF5Zag)ZC~Npc841j4&d8}gPzP5LpH8k8<MKb<;}v;T7!^jtr*g*1vs
zGDI1Ta4a)1k6D=!zHnYdJg`ufa82bzb!55#FO<bKIXZuv6vf&<Xt+I>MHG6uS=<s*
zZ(`H=u&HFSJlZ~aTqw(AS&qH5IG=iw_8fndI73jxx=MhKR5;Yl`!al(^bMbamu8p4
z$)+K$y`!#u)>h>3)zM;)e|petmUsdF7?(RW9F_A{ffLhWdG)Ma!${-T-NWLaWBcNh
zf=pokI$%d}ZV9#1>HN&su0>I4vF=m^sx?l%Y^F)m5Z?~Xo98OIy5nPmS;paq(P0%T
zs$)jMN)VH_B@8b4uH0X;;#qLimw^OW^MKRyU;2?f+EdHM^G%UJmNZ+`YiN30526IF
zk+e#M;b=Y$+I6!KjN#`Sl2`Z9tEy!FcmhM${7X6a{r0uJ_17=;6Un0*q0Wr5OHqq4
zh>h~i?qyNscBYfujLV;wZp3Bpz7kd@N7`_52cq7oPFuZFpf*bWrek}t{MQwq$Gh*Y
zzAz{UC2CEJS+ukqUHn?q5>>5leD0Q|^~Eyr+U<;Il{Z&^ary1R@WYSwJO&G;X=0v2
z&13Sd-I<^YNp|{la{axI`Mv6OI%j#ygTc7dJMH9~&f`onS9bZjm;shsH5X~Vii&lb
z`(lvNh`Xgh_foSlKjSp09k%@)zTojm6Y{$E6Dy9){WN_1s$31;PiZm>PX2Xg<mHd+
z>*X!wn*7~vSB31ky%(31a{MB^HtYRcYBXwu%6va<E`^2M_aE|3fOM;~6U!x20)>x>
zfuCx3Bqh7LZOrW<=)~qI!PeQP>$HSv?-<G9&u<q(_A589ob&Tvz8Jqp(T(IFw;sMH
zW=oNZi!d_`n`(+#SA-m20k9E3q$oH{B(f1w1DTux8veJ@EtoV3EPzJDX~iI$Aq@Kn
znd;G&?v2>;k7oPz^M`+bX;?qTQjjptrPG~=qzqL*H$oxQ5Sitdmy-R>r9SN`c)GGR
ztNusfn)1!Bo?gIyA{Kc~Ll*&zy%8sJWcNd17+U~aPKbkqM1l&zuq7fn{~7ZY-8(kV
z`a`Mhl;2Uh$p9(Bn-3cvv=|6}VA!>s^aO$#xs%DbjQPi_lZ7;)s%nYx-lxu?wX(hp
z9_An>3j_cR*fV(<(SJ4`{vU^?h2RGef@Wg?H6&eibRmjSaQ&HB(y}+ZdQN~59zxA}
zgm>Ml_ETDiH1~6SSX3}r3x=|!nbI_X=xdfNG!bgx4^*FL(1OEOTlf^i8iX2hca7$)
z<e2|*rT)Kf)cF@X&}^5v_n#-`bv3pwZz{;eKVPCA<wc34nx9^+)N#qqqi|h%5(K3M
zWwJ3*bb47$hjd%_!Ajzs0rEsr4@f0Bpl%zq`_5iH_N|aLhpKrT4N|Eo#j!ZbjIvf=
zpy(?y=TZ#3h)3F{c3kPeesJ-rlcgR!CJx5qSZR=&#9j0dG<2u{LAz(%?82D*h$J>x
zye_ykrri4Lmi34ko0^o_Jp!oWf@QYjX3^Zm{vQMjlK2!_7RYqiO(M-;aO~RS2xvZ$
zmx>v0{$p9L)>dDVZDfY2dTL}%nChUXT5D@h&g%&Do60N>SccWVZ+2+$|7rQr3PzCH
znKwyteiV1oO{F8R-*jX%10%I%l{Gar+`jDt8$!7xQ`DB?UI9`t&99rSU?2-2&DUF!
zwrTFg6{vc`Iz8K7O{GfH(S25XL0qE{fC(T&NU(Nmkpw12OeUl5@`2Luhbe)Jb!;%E
z=X{hYao)7C{8&v+=q=`5h@E{#vZG|`_z{8I7U9m0;;yT19>?lEKHugIDXTcnZx>(Q
z{rT06^jv0G$y?`GnO%x18gj2P=00uE&*$5TzHvN4k~&`nS_8+1==fht()}tnYHUn6
zd*`Lw{<BTAuXSaMoC?1MZLutuC3^D*>Fdv2SWb{%{(jhJh;SgtBt}O6S6x1?bySpL
z9b4w)2QC!0k8dDWQA5pCl(J-56*OpT;msT|+1Z}C<+aDw72BsA!#D1~w<4b09MY(k
zVWd&9ZRy6#cP5kmZv9UZT*BW6IQ+;T`;&jHU7D-rfW68&RKJpu%uw%7L_Y$a<H<^5
zK^P*e3QQ#HXeD#4@W$(o=P$oA02+Oy`cn6o%O=Yom0Dd^-BG9Ncl~-+;SL>7dyu{g
z1ft9=bdJ9gy>g74E;?CRTVP+)VczOpsZN#Rj_SNu*L?n6pYL(>^7+#Hb?cmX{UqE}
z(qsCHxdm5!ww1VuyJWSa#=D$gJyRS$`uL$#Szd(!5ZKpOd)c%7<!Oma_xMZP&VAv!
z%wdnV$@G%=BlM&*J#0WB{^-(7gS&TyCBFw=%C@v%W@)a<@!t}%e>MDPC9#_RqtbuW
z`LC67*81QdlAB+CZT%ia{|T9kl`x_5IwV@aAk_g{EjqM4$DB?N+)l9t6sie?J&FDU
zpfy45QYu@)dMod=vf|+Fs~yqLcd2|ZiZ+Qp|Lj+n>YVnxiN{AGw}SSz`y2aHi(VXD
z&E84M5?-NBRj+$?bi6G_Vys>sv(&#j;_LuU?Z+-X@~Nd->q<nSYBinHJNLhk;ABMX
zSdYu1z1<G`Qh&tTciK72&RuXV`PBHufgk(RYR>I`KDkuw${nhF=3;rDn}@11I`{4j
zc}zRLDJQ2Q)n4}2z;pUT!WHQ9x}gQ$y}8Ao${SVRZy2BWt0Df{&bGnO7H#$nj4?T~
z!UZH(F<q$zXy*Awft&DlU*#$BlhCSQ)fS+}(3BczO1FgcXnZQe%?nh4j*#bkbsn#<
zeJ}8f3e*p6u<x5jer;bejCm4RLWh$!o^wr!m)++WC5(TY_UY|2HvY$t%<~ObPdK=a
zz;_;#lR2Z^0q0iUZ5emF-&UBDLDFav=dN$>{_5@bdUH@fLy%+oHOG6@m-~5!E4^}d
zrk(0te=b|e;c+0reO@`&#A)*2fdlvU@%HXYUf_M8z+daa<Yo=$p5+sSg6<J%dw9tC
zr2!YU3_8LN(bSv5J$L9HH=0VmdG$?APm2L}Yczf2_|BJj@gcJ}4I34AE)8deD^<L8
zq6AQ;yrRDaw8n29%=c#-1gyiEIK;HoTh%x)^?K!6^1aRt=$v0QYPjv%Uysip+rQiM
z-ybmLGbADQDxUlWQiV3zWObHYf~_u8H?eYT`=;*+`KvA!C`g_JiZ50EdfU30Kr7Vx
z`Ca$9%a`r7D@`K(xNlv}$wsuSt!EV;H(p9#OpLa3pDDPv*~HMtBLDv7eGhh)-ONy{
zb@3rzEd2tOXnr*hz7pTmUEgK#FU9-wfDkF}J_y+^0#AWr7_Ca%_xAoC=L;3*{4UU5
z`9`^D616mmhp}l!MMMj1K($lbKS+gN<R(RiKPRhJdG3kRhrB-VEF!K<2D0K9S>fYZ
zgsk1c5pQhUa-!hXr@9_qetZ6n!Mc5QXDY`I%3>`dXKIQAJ#n*chO_hpE;mPSnX0Rz
zL~PWkB~2a03l(#OZB2H+4wZMkHoj()<+#?uYRO#hp&7}{S4L7;s7<J~?b=^IZ!c}=
zJAS~|qu6X&RsP7IRZ&f4B;R;!K}h}c5C@G&YbA>(U<uNNh|$QgmU$y36ptplw{Zxc
z_G<A}RboOFIhW!tCFs{ktJKz|Dqs^f1+nbVyx1IDwgM`Hxb|>E6!9wH0dK=s?wHvz
zw;#1igZeuW8PE(>MdU$!hnOtQ?X&se@41^SIPzl0LdZ?K<`z9mvwqhhh=XKh!zreN
zFyTx5_Ykh0lldZUuCQkBu@slAR!y5FUAH(r0Kd(iwERYD&8SI5qQn?(4->iBq#l{U
z1Sg6Fij>Nzk2=&=y7s3tG>lp*PUwt%{@T<{JkWWwG$X#rARGq9=Gyr-4vlBzTBj`l
z_E6A%*QJ{CPKS%#;{a%#fwdu=PN_r|`3tQnuB}RLDIn&->&D3CCV0i>0xdVdsNQPx
z<4up?FdQRW7Nimgj3h8HoXg&8^_A<VmzWqyl2<U$RG(i6FxXm382ynO<Bp{%iwpOz
znWj+mT;5#d_60e7vV=D*9CCCO#awv3HMsYp5x2u6KX1n--#|(IWCy)WkG3^m&QDyE
z?Fb6j*S^rF^n|fppI7kGHhs6(J?ED5H8WF7U)_bKntieLSK~J(Ki7pGb+3Yv({(XJ
zyNXg>Z^g`AZ3DI^G#nfH$V~87-?Z|Lf(HDxS>xeYtTF93J%xlOVXAZ{-*;TWD<-cf
zYSa+UuW+wB)1oVa4Jm=4?d)9BcM!{Jb&Cw-#=*SKvT1At$14g9+?S+R34+;ht~=<r
zWr{$#GBZlfrlx?*4(rwyyuQ8=Mm{VfJsQk4H%$}}kFI@0<uKDQ&KgW$I8HAtPgPMN
zmS+eug-Ub*UOOsH-N|&V_Ui?kAE0Isj{tYLz)9I~1tn6;Kwo?JjTY0Tt|6s`qONCW
z7yJI6r>#J9+!ocl^fd6CkyDKBkGV6yv{lb8WaAvqVCDTm!&5w>mM*t<splq|vQ}?d
zVuYThDR-}7Yo4g+X`X64N$%l3;8Ux9?;BfXp<AZf@OMEE8>gjboEN0>$Zu-YCRejE
zYVzXyHXS?upkao-j!p58pedWc2E$?<yAZAp-8bK*W9+4#h#uN%FVqt%*M~%0Y14<s
z?E)jTO$%4Y%cm-n?f65JF|k6Bfr8A9I`pOhO0M3z>E0yj9?}K2dKknGM@)sd?P_mL
z^m5a~Kp4f8btAO&)gtET7c@a<aw>IxtGdISY=gvsJR2VS{HQvJbv%0s5I#=uLC1Mv
z(PfP{Nn6X*P1>BIq~qT|CswZdjWe$f;IEYTTOJ(sapQED+v(JdO<#5{<A=$;t6*fh
zI9WPlO!^n2nXx}KWJk(ff4yt$rKM%+Ijqvvhpgk&{||ZZ9o9tiwhbpCz=paBE%Z$Y
zMVg_C2%3Ztihy)b5D7&(Vn;;{VS&&)qF5-3h@e3cu%HkS0UID7C@Mu1tbn43?OVL>
zU;Cctc;DwezVE+xjvO<yv$MOiyOY^#=DM!)3=q!*_$3t2H(F)y)hhZWmG_^LR3I3z
zPG!li)qPlPNX^_5*s`|p17byyGc#;zKhgZgtzsZXhM6Y+y`BZSX@DWJHnykn@P>gj
z(YC>diQ*&gLr>sCD^U8;CroGOr17?rvRY{uLDz99O8C<R$LS0M5Y6iNtv^R}P1iRr
z-0Xm%4(4On=PB5B?_5x%4uT{uH<=`2oi>c%W+<P+fYqH3uiH|-2D$1MiY2PE=yN;f
zwc>AFlbD#8Y}etpD2E?ag^ps=3WCP4fOAD^D!i)CGG`K6yt+@uDqzcaVUC)bf?UBR
z^T0f+{ZUHp7!T5ZX}m}V0NOeX9Sw*g1tioDkSlz7T*^)DUSlQM)I=k~>Rxy{gsDC;
ze}G3$Q?eFL3lAKnUDG9aS#yQ*V!L(#zNY(SpD1Vhw+5`<iQdQaK(Ds<Kr4B^SJEPM
z-`i3Y8%wy+6bE5;JU$i>i4s8xV;v17^77pd=vViUm1T{)DB<Ndm@c4E(yCB-`N}&j
zdj_^Dv%0ZIp5|u}_M1NFW3#`PBK*fFHF+h|aDH=NZfHxq3n&A~X^f+(i9RB1A<hq?
zKtw37xKjsK?xFGBw2r&+nfS82EmGaDK#r!8c^mOwe^d#BbG$-U72Y0pH0Nc9gtH+t
zlhz?Ml-V9CgU#?e%zs0P4>4b9JN@GKIEqMX-KAh@@H+ocJi_!XiWJZRm#6#{M*Lie
zqmnOv+gjF8-vC!2bgUUHFpDE;MUF9S7Ize>4XO>9Jddtqrd5PAblo$Gs2{hjD7&Ra
z?UHQ14XChlmA9vZ7VSFbP$$vg`%QZr^7%D!?NokFU?)DX@3ucSi~zwn0_k2~MV1TT
z+Qu1mD@oug$}8ThuS{zV<aJd_A#FjO!s-OJMuUk-8lCwH2t5#b9iVeZ9nl`rD^eMi
zzh)Lc`E^wGKMiTzZ4g$Qtu5(bz`CN`ZgA!NdiE2F{mjry*KaQ!!ar8Qv{SPF_Gwt2
zV8Wp*kU<pg<;hI6&uR2$%)F<PBrxNS(=BRXWrS>Dk5OjJ50KC20$PA#-=uTr+;N*s
zcXRjI(WJ>#7$H82UmhAtj5l6&@;?%T5a3iq=T0xy{~!b$IGAhSCwQ(CH|+C>&0yw8
zrxUDo9)A<Ti{PO|cgtlK871_tBkoTQ9r#p@mjq%E#&7WzwAAkT`Wkt83};(QL5>z^
z>%cI)0!UEQ2m_?1Ruyt5|7J^A&}yvS{gnfe=5;S$A07Sh_E2QJ<LxKR#~v}ycT-|p
z%+5XQOM6;U3FI;=arE8{i2i|NKjQX!Jk01Fz=fUdD*8QW$(!D8G`n#63whzzmnZe#
z>vn2uZizB<ch7&}33brZOxomt839P=M~o5MtiC>6zkb7RrIW=cA8$GQ6srZJdlTDR
z;RskrQk*$4GfwIv1KY1Z+gLd|fBZnykFW3NTh5&^hL7#DwcW8*_c6=BwsaBdmteNK
zCSL=isu|TH<pc6EBdJhII6@&UCmJbM{neqBXhVe>%f&0NFkO8eX%J(YUf4@wqDi}=
z=61?0nYinmY<xD`amC7{9<N(|@Z%)*jN7_BvBfT$)%*_~%vyHKgoHgcje88<ZCBeV
zN(6m2tx~!Jr!t__U{}*kn|eJDur7GEfPfUdS7J=Z3b0uU-=b~47t^LwoG-jJgV4Xb
z!pm<$;J8~H=s)r}|GQd$z|D>^dLg~gNmcDw=CmcoYuDxbTZKhaki{2S6)r*0uRf}Z
zc4qBTMVsupTwJ1pmSn7nlU2i#nm2i9%Tfb(`pvdi6Z!ck7y_SAkAU^>4mj*H2y)26
z8OcZjJN1<2w?v&&of)Bm_|gqHDJGPvMo=}vB4D{QJkl_2T30NMA-YLw|09O?A+Phh
zw?1XxJ{F&6vhlp-X|wQqj&+5DmkWb^0DA*qCZKFq60i<`koNND2_Vm=mG>bLm#P)N
z>iW4={zElh=hMAjr^OhTI$kU(O{=BROL(oF@S$_ziZ(P33oFv}YsVIc$fy|uho~)n
zwKlp7BTs|iH^v?;N4HGRweMrDKRWcO;h{y;wU`@kyfZ;M6-}jlI9sm0U?92X+_b~5
z;uHj-Nn9u`nxxFry?bbc&kIB>dV+odnzlFY-%mrh(zHblfz=-`-?MCPw#&73Rj%!$
zaz;5TU$lYaGPL);4C^D&b1_e45GB!BV67e(9p(EjEQpRDmmPc0XROisCV2X8(T-{h
z(yF$H0m5a`hrO3Rd5%;@UD;TD`)BB`V*<0D-EZur7PeQ`#OM~+Mj4(v^Y+k+fRD5N
zmqJ>;nEO0kAwO6r88xXf^zibdG<>Cjk8}MI9ry3APZ!R=IiR}dSBI9`VAJ(!-j}>~
z?_&3+%Qu~drt@5amA<|FBquP|ao_FI5E~YO-H1BLRYjy)k=AV|*0s@<*m0>w6;%=l
z=4NzWSYUE<$qB^;2U)H`2J9@y_#qH(a98T+;agNtx{h^vU0J$xW&OY&qdH4xgtwZd
zr>u?<r&;e$Iu+U#YqF7LHgSOKoqjfsBkt#{*%oNkitRdYa&G=;Oa%r1&d;XyqG{#N
zUY0A3&-G~YTNRD5>~9km2qTsgsshnxe#D%~5*yMe1&mJ+L*@pr*T!GmC5zv`<(|T&
z-D&I6m!8SbrP<&oh-INJH;W7!c6@p}vd}n_FsWWp(s3r-q3V4aR`^!v$&<z*omUP`
z`Yyzf>@wdyrK2K&Sj2t3MH+KA^5f~UY(Ss_n}fJGMqDCDj~lkQTl1FFk2|U~Sm9;1
z<flKf)=u#WI)bYuP)JG)%~7}#>p7M+n_9i+Xstgi>Q&qy7VPfPx%25lCs!lhMi#^f
z8wI_7Y|wKe!r1?8O=u&mes~MhX+ARJp^NvKYg6WhK~2@#SuMqV@3CwPn@_()E)E8K
zBm+-j8$)56lM~*EgBz8*gC@rlm3ewq)aJ24x8<NV&af8VX6aIT_e9RN&KKgna#@KD
z;jvro2e@YAcx5hXpZLUc;5t8*F_jqY_<SkI`$`l^Cwo3JYskUNx^bHTD+R3m0IEQj
z#b}?m{?rytG}v$|x#Yw_X~mC<2Oa>=OKkFqsJ1rjd|R9F4K3+L<Czlj{^O*d(~#Gu
z7lu|stLn=*jN7fR8lv{gZhSs9<#}h*u$Ynch0Uq;7E5~$oValP+=i+R{@DYyhfZlI
z`#vc_R&Ea-2}}`$yv|QJz!K<k<whpxVmagUFFMj=A<$~c%S|@QZ}RZ(IebER0qaV`
zw%>CmS35CUYdE2S!x~OHY^lI3YB}QC@(_>*9peC(cM=iZPGlbBOLtm?yh{&RW^H`t
zw`nTUffh##<lYug+g^6Zl3!C<C9VQhWzBb&I$n1*&2Z(y$(h1*;HGGtIBHEBx)J=%
z7UD`K*h|+Pykq4{5q-5bn&i^;!Z2BJm(E><?+fWFzjueP(JfV<fT!Jx>mt)`4|*kQ
z34aa106Kvd094Mob8%&}?dnyxd)B^k5f8&&8~VO$=+Wa9ra!X|1k}gusWkldr`n6b
zE#8kCR-UC8GDC9f<~EGkp5OD-Z)IlreT5g9Aq6F`3teR3af{$Kd9^k|Nn?EsjGn}D
z=&%Ox8o(fSN?i0VI;!|Nmj(&&PbBbrTo84=G+KVx!X-7s=l~tD)(=A<>xD4y?2ne4
z-re%`u;GSn-&=0-?Xg4##Irt$pyj=F!F6&XU+ZDlWnt~<lHHt1qR5K|A~eeiI8Jh<
zpJHV+pZ`3L_Y5cdlCElt)JtqWQ<gmG0+x{Ck5+xpryMqSN*^puXHBNJ{~XGX3RT`t
zJP6`zF8sRkkc`&#(=8aBw&`FmmVQaAs(Sg%ar5439{TdjI?Jp`4sZ9;n^P+REIo*h
zzP(!g=Zn|SZl3Z1t*N{1*UxHfSWFap!bs6AUvXZ!PDyax-iuQ`YWw4X%YlgV0X>mh
zJ=b*rYCD)WUn*_h9*}We>FkrK>-IiqdCff`OTT)S+_kQ6HaWZH(XAtI1TQu{+`CEQ
zz^iC&)MtU*&BwIb4R^=)Vw&%E%07u>GE;ytUYdlAv@d-=?{(ZkQURb?fF@1<>PmYj
z3GoVqWaFsZHk6xz_2G4MQ>?DyXc-43@wYj!hIZGm<ouTf6|SNK@fp1;--1+>)+X8X
zX~OmLHYb(6nPqY)$hzR-vzQh_^q}pA0NR9<h_`u@q6oFAZfRn-Nq{(cozSYcyRUVp
zUn~6exXJiy&BmzG-Xc9~0%7+WOP6Tp_ilTC`n`DlM$dU=v`T`Ckk*Fuhe5~Bv^?-|
zKKU$X^Mo10`{UufwdX(3VlS)KC&YRm>Q;O`^}>Mbmo}E7beyWxe(LG5K3}ITD?7$@
zc1=Cbo_gBvTJ|k;X$RFJHfBn)|A{MkRWT#-r^3w$UF|@HFLw{D5WCU-{h4g-RVj?)
zJ}mc8z(MrIeSzFAxyGlejgKsDk=ArzqINuqz|5R>){xgCSDG6zo&`K=_}(87W$zPn
z*Yr-);1*N;noZpn{B`1*zTsDlZd9E9(&F|i+nd-?x+hKBbhY?_?GBq=9Jq=bRyL1s
zR9=X*1Yg7pG^z#96Y_T*w0YJW(CqhSqkq}(zNyt_G9lx@^YH5a6MNYEGrzz6RG#U7
zvxa#aT|E2qLq^r}bzi>!QVEZ}UD9=TXl;IgeES2|7Se@+h`lFh_{>waQYTmPx|;`{
zXusSOK`E{_@>{sE=f(HWqjNg3hKD3JS6$2BCzGfAax}g?^u*_zF6k{!;VQGZ&k6au
zb#p(T=xq`xYS#OFNlQBymcD&c)1E5|p+*Yt85Tcd?t1gQo4mIj&WO13`g+2i=N}Ej
zughjdKFDuuPT5rZ#cj!Vp?zqDQ=+%|%^ShzcQ{as{ini4Xv#akFA*vC68(=trw?@(
zhE?2@U!hRlT?`cKNK?e#-y2}&pjBQ>yZZXw&40bL<H68r8meX#W1DtMZF=k8YyA=I
zit^GnMy6Z8^LB|9xWs!p!g@oM!_VoK66bV7hMG2+akT{nu`XtJ_vS~>L|;AnOY4UU
zL=n~LEb7*Ef9#_jyV7k>j-R+gqwtQp+p%?C2Q_L(BekdJOc4G(n|rrH?_|6^oM2YE
zkJ4Rhx?;p@&8B1C#|UZM&KK0&R`FGLj-8)(aSkG@e|XfWnQ>XBbAD0zMriQiXS#&d
z%A3li+brw`Dn)#quEY)$2q|BB>oY#h(*CLWI`5_E{3?Q$qh;qzh{*k)y=A$%bCWGy
z<j30&`=Z6Mt?zexG1oIgbfRSTch_8~v-fe2J^FaXn}SIFBl9tXqA#4Ih&lV`Bd$+w
zE4}&tYMt4P_o^PeRsIF%)D2-f99B`5jI*Dag--0~c^sYPk@+mDi@cH<F<4!?arJhM
zps()M={v2@w%aH-f7g3m{GiUmz`VmFAl6)N#Q3e1ex=O$FZAFjl#SBi)j?;fO{;{n
z=G@RL&6ad2xXKPdcJN1K;Pz`;j%@}7J1n+Iy9*U_t_Cc9V=5B+#UV05O8u=>=%%Ig
zSBLh#UoGX<{Pbnbq}|6Wd#XNY@0++ErR`JBh=2|RH0J)2l<$eYKk2dilJ7^0(&t6}
z>u1lzc&{yLF)7~M=n<4!u*a?WUVcJXW`;>X%=2}WMYD@J2N@c-{33KMls-QVoFd4%
zxX>(Jpva3wH}WO!QM5@q9z`+_YjC^HI6%r8&+@%94;99UsUK+E{WkjjhV{=kUYnmf
zRz!9+587B$=s&!xUwMsE$15ZAgRkBV_s+jMb~H~%{iPBsKcN3aj43r6MC)O~5?|+b
zfBzk>@2Q}NJKliG()>#CP5C_#O|YQZZNLV(YH!D$7Ae>g`*!H5688f~$U%ve#thh&
ze1N~xKXCO3RjTeKZV9I}lyA8HBXivwbFnd%N4K~7*XtP5V`Tj5UB%b^jwf}GOLNJ$
z?|n28L<qtyR9D)1J-9HMvgUY*mjEq|zMYzUpD=Q8^?n!m5P}p@0%4H;rhxUq+Dsoc
zB8T+r`y-z6)LHt|$6-Q<u}8)!Wp(ZO-#Ze@-dDekNQX>a4Ed#AI+b>(Y?`i3-f>?F
zIDheYn!C&Mr$-coiqxJd=m?@}JjuIvAG-CsGi+yN*znPijK)QYygk4BwHp&>%$;5&
zO1A71OJ7JPPU|4Jm^e>SFsn0t;@ntZYPI0?i;VJc(lcWB!<)>FF$kYYrp-*A+8TdS
zV`kVZhpn`6;rql?pTYf!-uX7r+7p!?ftQ{0C)7f#k2t6Pe6Bno5q8NTt>c8nk+Ox=
zDyx3+g$@lt-!8K+MuFx|!-TuR7$+P;OO01DYaGfVBaT+kVsGBTTj?kEQyDUV3Tc))
zOrI+^UfL#SxDW?xffm91Kjp(D9KwI_0fYsj5_<urKqO_|-U^eLtfd;QQu_g`<i4jq
z%z}txN#HfT+-qx)ACdvDtq2&&V!yjzDknOTclE@jApSdd?TNfwvRT8`C#oqd2MA^h
z0SP1`tzA8TeE5jiQqrEXJVkOF0&@v2GN_3u>k!0tL%9W!_jIzc?*9eFW<+LZM>kG3
z!+;<H{=AkMHnU>fy~#N_YbhV)=*)fb4iGr`KJOGrD>qe&wdi><`&>uVOm;~BgY@D%
zn2Dg_(J*)(3yY9Cpb?8Nh{_mCWW4-sd0CdI(JcR4P0gxhoCpmMAxaf-%kI6}`wsss
ztd@5#Llmn5Nl91)5S=*HQHe0*_151~u8lxci<!x@sbjiNUOQm>O{J^8sqfp8mcMlI
z{a2?3XO6eI;g4g{7Yy+V!?tTsi5{~*t+B=cFs}Z)kNC$yh4+{1iO?TE6>4IjNzm(i
zs=vn&oyEYu>kN|3edYHxJtu!b9FDmFg)aM|zcwxf(P#iD3whLDyu5<$p<=D4b&Z|v
zCs!G~lNuKc=l8!M>+KzS8&iKdnjp(T>Y`As%Ly9QSGJs@P!hm$EaRM=Wgv2EO&_nm
zhGf57a(Mo-MczwG!AIqF^L%6*qvLrKT;72KAsJ8tg>5TG)BbED*GGa@3<{;RTHa#f
zY@gWjwq(Y(XyS5aN2u(P*5%AU!=KX(I$Pd}<@~b@g>6M{MEk*;q7BKCO<0TwvIVI8
zYxiF{kcvXlXk)BgDrm+Nbp8nZyTY-*QlTpgQ#D9aQ8keq6z@+N4TW->bw%=+aT-eL
z-_gteIz%N4LhAkx0=kbeIF6heeMil6DLMmzV5b*7L1A^n7U(E6@{aNatC!EC2wl?&
zMAF^6^Ljr@Rk%HgGjV6WK|i^nW8i7pitJdI;B|fZ0buoi6(9*Jrn(^7o~j)2zTZrp
zin_noa35kf&ylQcy@?83-j5PKKD4$AN#*lLGO#0?%10QxhdqRN7rol#+U8A{YiMQM
zOF$B7*}V5ROK+{75X$e9y4mu(eB0xM`qUc(Belnoy_k5TunQa{g9P++{!+i_3LBH`
zZ;wr5yqqqn^_XQ(!iPi7@P8(JTzVgf)Dikdf4f}w7elxxr_hm7u|s9>)!XbtDj}=A
zES<4&&oVx2cpo;hs)3z7!au!@hEy%uRyU}15|thP#Kyp)-LsH#*m?Nz@;Ok#(4oK?
z;h;Zxl&-QTX|oYq@~j}|4c&DueY=(`_gs_5ZVwIWgA?vYrCd{Je=3Ia)d$o&{2ea^
zia(()(!?Y9#OuAPat+;{qgRRdFSX>t&?Bq2_Bp}xtti#i3%N*-!Rg2Pu01<}Mx!_=
zG*Eyds#Z0aFhnqN_l<7~Ae8jM9VnDlfXKvy7YmU^`c1wl(HrLD!meK<FV-p4Xy?&*
zsTbo=Ng8U;7tpSM+F)7Akhyk@BzhS22y!2Lp|H6BLY02cz9Ww)V}JJl6{+_ebE%n*
zcC#0{dJiRBkV2wvb>dav38cUJAj;`s%Ms(bWzQ(&+0(G5l2jC$hjK%@K}Gs<nfy0D
z<gb#V_IrOTN{Glo@J^~B20{Vx(p1qiqng-?R573WgjyMv&ANI6A)=Z<3jVJP=n<qZ
z$&={V;Of(((Ed0S78!UBx~9`$7afqXj)N`;-^)hPAcY{Q6q_5n%cRg)vX?jB0Gs$m
z&Pb>j>v&#FYPNtVNb@#;+X1KpjC)>=7)$v&%HzeTm2@$>nD{h9(~GU?Yl}OfTXP<F
zYg}s%J`6w@FKQMYomImxct@HRtiuw7bdO37`Z{{!k0G{HY>QFK^W~JWRfb#iPva_I
zr}bh&Q(m3|84+259;_oNLP)^w#Ay>>Vs&du?8jJO$}qi*TkeItNA#0*;aOJ6FWA{b
zS-OM~x8}d!tpro2i=N3O0$#QVInnk=Bd0mPdsSAGcdS<ToJIz62<bC9)E)29qtNsk
z&XN;*{kVU{REag_kpLIdiV}N@w}qmAUk_!n{xR-h?2%KS>G}Ko|0Pi)+6}aVA_zbc
zYgaPF18vU9;g-kyiZj%#avVjOjgVmjwr6@qG4KJ55Jsn**t!dH)kp`Y@k}$o3Q&NB
ztotVVrUUd%?F-^{38n&ZqFp<dEqjj~-a*a$g;xVt+8|4IeN~4GIEaP87}d6!HkLR}
zpranbh6ufn)ok<0D8Dqz%6jKgu3wwhY~irI^0*MPda?!fLW~U$58EBW%i>A(aMnP>
z0(?yA#p^|;H<!fKfQQL9Nb$q8dVU&|vM(^H1r^AP59fCoOK~mIjnm}iCK<>Tk$|Q;
z){=E32n;caaf85&^07h-`yb@><D#>?`m$hmoFNT}T4Y%;H^yc2IdqM(48)hrDA%@x
zr6AB7%PSENHUgR~&i)?E-}menA;@4hcWoM+k^`TFxwhjH+*PxQtz8;wx@t-u&buC)
z?2RvJmN+_heXY~cH7$GkS5?eBO880p(+<>evW4~$#9&kp0n%Uv^79anPYo+_0@(@r
z0Y)Rfh?||XTRAdXi{u3RT-((ZY<cF-^ZLKXoI~Jf9TbKwB?v%Pe?<lEblI`MG=5H5
za+@$>3_U(+BZyc53qXd0+0s6=7!5-w@iWReZAxwQdzua4v<l%7js*KC0Aa9QVrt@P
zf<FhZ`~VmNVWLsFc#1D0anZK9x07rPKuk)4|Cez+2cN7e5lX#YDve9G9%jZnI*}}#
zJH>E{*b4&NahW#7al*LBSW<AOm`Wb}4Z`K2u!2o&0-eZ~5NrsX%`QtTOM|!wzM_zH
zyKT0NDT^>q%_~Ed*ir3EpkCIjt0Tb09fmJ)Md2-QRt~&QKx(rC(4d1aR~v=3(u`$O
zDuLEN53R)MBw+$ql7;vsdLg7ycY#>EiZqa-P*N}O#|ukV;JOfwj9t=z!7RK>43KhK
z@BL%@{GGV-h7pYoJNIkwS{C$o4r?GL1r>lZ4DulGc70cJiVvTa277^wXebSfAvRhi
z+pOdxNdM<RMm!yWfS|c9Ph*ZcTqSUz>m%^;beurwz+lZjsx6giVcSbzBX9mTrkMoN
zW|P}*G{x`_<Gk6LmB3@HHyzJF)OHS7!tw_ng?_ps^P)PHNe0T;;vjdDIzFCb%loy5
zOU$!hbLr5+`tCv(R@cf(c!TAWdSku_)ET=y&nFyQ#7ovONG*?g!tdm~LlkutYFNYg
zs5;TTinm;V=ZoMqN+9q8dkiO|wMrvVz2}4t&B!q8x4#@vby6IoC>~A`*6B6P@%!Fg
zwIrdj0;Kg~jdWPf6@U_5-0gv~DpTN&J8=ACh>KqLjTY<AxtsDdG?OS5UlPpQ=PBMf
zaVOj=pq|jQTtr)JYnzfeBq^hvG0I~LWf9ke*N4x3^>>otbMj!ZT4)7~V}^ZKKAfo5
z%NdeQQ&WLB8Cf^{3=9Ya?4dJ~sA9XrO@OU1Mjx(lMr~HAG5d~SI@`>YF~YbH&Otp{
ztKvsVAF%FEp`@4#0#zs-!E+gxbR}2yawXYPxwcGH(rk(&*7r>rT`p)Ua>Mmz35^Vt
z=H2`P^==M2Nk~LQLV}2xg2snG?3-gpl}3f%Gskgb<Zq1&DN#A%(vpZB#iq<k?SSF%
zWtH=p$?#jhhiMuBQ95w)KOzB|1u|rgPWqGyv~EL4AE=o*FA&)hpSW8HyPqzUGA@}Y
zM7*V;%rZc*OGu;6T($Bq+voO{su9#s*fl~KSx4eFTYTTRg{d7UQn+H*SIX3yJzKo>
zXY*ap3ADUV6PZM2;<#$7hJ_3lFZBt3$fa#E_*J}ht<X)MCxO0paW5k<JQBq!g#7!1
zv@-hW*fYM=xAjhHG&d^ELY+Uq`Cw*o&SZ4ZL!6Fh4RgqApW)3;)~bS9r*L}*-u-f^
z9)x&SvsxRVxUO*>7uA!3p3%70ToF|StB@G<?cHzXSsIjb7O@i3w-UcJc>Sb>Mw$ev
zRT;p7N2v6;L>r<-rsbB1d*b*D&ez^CP7b}?F&N%4RYE8<h>`svf8o@d^VWSJ&`X<W
z!)1KPq4pglYJ@{XdX(bOWVD#>ErBH!esiLCmb7n}wCQyJXZeedEB0UhJur0b!YOG&
z?MQdVh!*tu66{YrdQNM1mg&V4U)`n-kBl74w5kxx#IY$^S#ErH`Ns5ULadqn^KXdp
z)>;IOd85P;TeoY679<hn2nEcrd%-vdzYmOK5$X4&lzcXahm-rqae~!X4{qavj6FBk
ziVV~FseybrVc}7y;)c%4Lswo(?5P+^-Es5uP)(lc*C$_GZaJKu%aM(Ea_y13&#$>l
z+YkwGc;ESMyUuS}9k(y7HJ{PjSNmq);~ynwnru4<(sS>=n5L#h;siKZsc8$^RN#cj
z8!Y}ENPS1*)7s@p9Viids#%Vrazt4tr=vk{JK7lTkx6t{#1jcNU|K$Y>y3zgyWI>4
zn7J5pC^2+S9AO;g(S_o2cNhUsC<&9CXdi@Ep{Qgs07ZL-5QfBK3h2u<WYC$d3<Ra%
zBUfD>xUTI7s7a%HXY;li;&1wsw!Ek&_2yj!Tf?~MUiw((_;#uh<XT#C*NLFg3BDth
z&|m&aER1kld=0c?2ouv{c!V5;GSCo7wckm!Da(E64R)THp37`T6b+l-k=)9XV)eb2
z);}rTxykXI1!E^&yz?kmA;Brn9C0~CJiLz<YqJ$;bK_KTZQfk<b2DY^URb@krZ865
z8oQ5R#^>k^)9(5A_Ww3|?6H61tjm@25v8Uzwn3wfH9$%6XDL$aM`EbHqyCFW29#%R
zmUk}RC$z4DgT-PAZ^8$kihu2>@!Mju;rZQGoOSXJk1cw7pXBqC4qUsM#&oXyq!%Gp
z8u+M{xmo^OOYyZ9_fsogm9Bj4=;IyvQ15q)dgL?R_D%dFD-W4O?7K?!JGFI9RAr-0
za6~5cwlAr~R$L8%?sZ`gX{(j<Gxh*E`q6{Y{#VDfk&l(s+jazzH7aQB?Ytc!U%#5W
zbU%N-FtjF^E|7$6kXgEf16PjE_?eIdC&_y1b>e*|vnhS<!C8u?PTr}HyPv0ByVZB#
z@RrwklVg1asBfnGJ}l|I@o74AwXSO5qDQDs-r;u{>sV`I;feSpjROv_9iJ&9jkOMT
zv8Xb2`etOZXYJvM16sddZgug_jvU{%zH?;nk*IB}E~U8#xNM-q>s?(y`?9@sfvBD+
zxXKmE2~137OL9esm)p~wY4Re026r%~_I>L~5oQ=?TBdDsC7!*N?3_r<5I2%3W2MV$
zY%)DIdadYO6&uxh^sS}DsgG8vAIhnw+CpL^OZ8qhVL%2Z=&1I_CHAy+NDcrR!w`Ge
zCNMEYpM!eYsYbki=J>mgW_xA2a7#w0IxjBw2mlS+uZO`97J)F1Rm8(^GhO6Y5>Q-r
z9Ll48NP?xjrJ&d{x>}o%lt39PVHBi7L&xHD6iraPuUGJ=JvTkaHF1Odbu|UYOWNBN
zcU>+mIf4^%rLPPcv71n#Xkrm>XC!jZ&4}016!3EkLAoQuV65bbn1JC*7Y-)Zf|(Fo
z8qvTJgXjI%5XKRd+5tkRtuL}hCQt`hAob46<~^E%n`O_cH8a!s$Ql{EcKMJT1mJjm
z@<IA_*Y%2Wf&b02TJe9sex@Jdg`j3gkY<rXBo3`l4f5A}Bl(2u+jSmuC+nE}<&zJ*
zO7s&(>Z4Z2Ot~#Yf6DXSbMDxV+tQ(x`&D|FpMn3y*bxsab}YKJp;mB6YN7bk?(%7~
z)u+UcVnRg7+JY)t5II3NMEW0tk7O@fs3_?_dch@>PysPM*s%EaWx_b*5BmAm9<@lt
zA)cV-1pJ?O^v`(P|Kc?DAO|h#Tn^p2r(gjIQ?dA0Zc4ULgI3@T<kuwwtu|3JI&x%v
zIP#u)Y43v?y1Ojw*8)(<a+FL0k8(djY-kbU%EFAT;`b8aq%kh;rwHDFZb2s}UXy@!
z@Pqz+$W-|Kj}O%<I?`PvX#f79`u&;6yn-Fari)Bdkv_>&t_JOpVV0lLCM2=tpZ)Ba
z2)NqUNN6V)6=!z_O3dATEe?K(SZ~B?y^#Vwp9YPk1e80j^uVOsIf_@+O6=n4DBWfE
zdZG<mbsUSTW+GIoY)N=83}VVb20sxtN8FZZVlZM<ECLQMSO0}e)WT-Aybda)Ys27a
zchoy~9%YtmyaKf+6m%HJB3Q*&R^V=Hyr0C^M=Hh9r-P1z`-x{8o?1964h-^hAKcdx
z*hEx)JX^88(%CH-n#xS7zTY9~R?1VV)CSF1E~jvM8$;>xo-)S6Wl81fzFn(B=_Us0
zfF<!vW>WET@mSJ$di?O}sWuaXY+x<%f~o3V?7haoq;|Q^q$#njesoa@|G=BBRiO=F
z-0e>BDKX^n997ZZSX-(eL&hnu|M85J*zRG}9;5Y4^9Le_j{oh|B*PI6;mC7@GFwMD
zp8M*i(I`_-N{I$^8{;4_ZUq1^k`7biOBy>M#N#Mg$-=GtJ8pG3(fMwKm+yKJ!bg3|
z8r((4np(~DT8%3Feq;{3Za=^1o|dL=4gW|DKi`Qmfs|2e___LI#Is1iImRz~_h;{E
zLaml&;LRSy-AG#|SqOm(J&$|Dw)L#3)%jk-KPp1FuX`?8mM$jb<wThVUV*;&-YPsy
zDofO5%L!xwObs%H=G*d<hiOU9Fmgx#(*+SU=JOmnv9~Px&uju&6oUlo`znC|K@aoA
z^zd@waWWmtfYMkXod?;h_(rg>`xMeeOIk@~3PA!Q1d9WZjjVki2OkK}@9=+>Z*>1`
zdveP5%4A1#+lIjPRU#|Y3*F5LbbYsz98?Gj#rgY6|0S`aCXdpP7GO|x1rK|Ya9Q#V
z?%$P;M~26nRh>4{sJ@{kX4G35fo;mvtnN!B(1o&O9FWnk)E$r&SS$($;z2>o1PedZ
zPsrMa6KuUuE^6G#BhybxrMTQE+DAu_^AXg&RvLs{XgOfVQ38EVv}_1h=w#rLcpztV
zV<L8=lTMcnZm<4EmDHE_NvHW09Rfx!m);{LVNbb6J&BUR3ZdwX_qbV&3S2>=u=r7U
z5#)w+3+&ny*_vfVe0wKo5uxET#5>_L@zDrs^K&VA5t-U9t?Cp)8Co27+DQvcA=o1z
z79`*GPLwbB=WFqY@B@g?eJ#mCNAwhg76%rf%5#8Lh?C|^!dgIza30XY>&qaF$3g-Y
zo%kErg4F_1$-+_|xOoz`D-AB-nsWE@k9BEggPD{Ygi@R|HW--_ngA=4U=)dM;sD<u
z!3dSxNq|LY!WqHaa^Q_{4AvH_0jw2Kf0&C(hBNGS`Wd)t8QeZ>4i^WX70AHrv2EiD
zZ5V+qT{%>s+6Exr33+b-5m8maotbXKd@)hF=9urSg!Wz~6F2Ga;mGr}*Bk|ZXb0og
zVDFBV<;Lrfd9pTuddE40(byS2EzlFJLVOR@^^vC{MNRrKjU0hI3jvuVgfyVpUMHG?
z>%t25@Uy5#iR4<XARqx5rSFk-RPYjD^OhZ)eRL%)yc<B$fbkFqv{gaYWD3>dSVv(`
z9*G3YKpc|%o!sj6@9?Jux=ipS@~$!X_?NnboC^X!r{}=qp_w9EE^rg+;QE)Yz+h)4
zw)zmER<K^<uemAoXKsoR*$d5P#HCSraY-QvBr5D&im0*zCZA%lG#JIefwWWrEGJw1
z_}R=>vBN_tN+fLC_D2KA&7ddkC=++vORB|ktQ`gbHz8Pq{!Zg%hRw}0bs`Jm<&}0B
zx1|N;4DgYu3Q5w0ew&P4hq$z&phO9`IhBON4tHRCC|LseUbyzzFf#?c&ZAi>T9PvQ
zR}LAHrKJ>9%q3;ifeyNqY9#=|DtcqTOvziJ{df~_wGt9p14nar@?3x$Y-xGLvBY#@
zWeTI><~z5-1UofFVIav)Oh#Qy){5fV*K6O`XhBB9kc|W+m`v}>wa*&~Ov;3UiFB;G
zVsf&3!`_v^X}Tnl3&<(5coi_|n>H3ABbXv&9(}yTzOp>rp(Js!9dT4d8h?}wCR86)
zLD>=85s!I^37v5}##nl%8*ITv%aT~z#{p~Y#&HRGkikL>+%;xhAJ}I2kXhL>B54&d
z8A4pD0?{UgA`1n}CWOj!zb>{z_ei3*B?M64INQi|7z)B5Q-UBWMugWDOxD063Xel5
z27IGkXAiWv@=j8;h4f$;R=9+KA1$F+oA)0Xiq0i&KME$-ZB$L`P|^5Sc$#Lc)jE@S
z&c4t_o@vX^wSciaozqN&y{1CwN><3^^g3%LH-w(Rlt3NGgBy-rA5v3_G+13!Z=CW#
zS50N3BcOuOU_;|DxR!&VfB@F6mCg!a7p_5Ez$e=pRYcRRswIFFUTHJq8D02ftAP_T
zO{oA>G}^vk(A1IIc@-@)n`u`D#8w7=sgMTB5?dMO1Su+AXc|SPqd0H^0&M^4j9SMH
zpRZC+1P92@TqAk?u7bcUS^cgP7*p5F<Xu1?;||w!`j70IC2OD$G}V$GVM$hmKqc4S
zGMFYX$N#XfIY$@bz|j<yK(1&nipfQsUl$P$ierWQH79Pxz4hJT@JA~BuQADqqPZ*^
zA(E>y@T!-_=L80dsarqyc*Nl1g@9qZ*>R~eSSbvipSzt4sMF8{1c6&)jAUaN={9{N
z{bzd}+p4;F)@gk*o1_DAiwMtgX>qlG#MKJFHX}nh7%t<Ad9MGb<jTaS`?Z-bAHZz(
zy0*zFd}V|{r3}^zEH^FxBhLO6t*(YFtR&Djudny)5C7jh!26EYgt;xvyKA*CEsKXD
z%niv-oUXLlbGeH6wQ|Pju`HQ!Hzb4YQdlr8nZbk-ZC-+K;C-F{`H4>p7zp%A!Ll4_
z>_pK3pl)g|;wA-FEen;=%LT)Bh6vUY#%ApE?aybclCfkFJU?e#po(-MEYgK0v43|V
zzz(62@E@q`TPgQFb(3J98_7iY6-_{&rDJs|%fcn`j||C#?<pJ=!ilzF!Rp+9ij#nb
zEK<I_3ljp2L{G&w6l`^a*U|wN(4V?oS>{g!Oa^iS`INQNPJWL62T$)8Zs$MVxwPDe
z_(ux*Bl~*C5|sigz`tUQ^*?)pVjIS^jY(?5P}-PUZ;zcA(B1WKUHV^d<QK6M*9NQ*
zVg_?TcM;w&!$cn;STL%5nN|Dy5%3iN{gxx&F<3US!icS&C&k;r1(}j~1mGlhPRi+q
z#v?%1cQ!XV3#5%D-x1)iz=r0Ujv7n*Q9v#YBB`Ur6nDDkFmL#LP>sU<E~f*DaJ0r^
zT<T{O@};0L)?#Fhk^fg({KZkrA(^`ruo6%~1l|%lq@T;kgtq@B@OJ-84!-m+c^9ei
z4>4Gr@-OK)-Ft?ML*3Zo`NjchuQWIXA7WbBj3Yv{5RjqD7QP8)yuOzIYs-K4SFz^$
zQR$P2uzEGHMDve~s?f87`$ueLCsh3ZS(J_<V;lc544hguVMlH}di>p=ZWmD*l^r;2
zzx>xVBMwzvp8fq3WBzkUiqLZUZD`K}UVA(9VSYv5_Q!{!T9HrN%)fj7BkFPhgLOpE
z?f(k7cAGb5LSpvryU@*#6)L4VKON?#<(%U=qd*J>Af=x2G&t?z=zLM~J|_lHHKC((
zRy}gohzJ3Ng`Jcy>bzDg=b)_lsuVfgh&)Pcyp_sZLeQi{@RYX9vb(#T_O<1QN_lWF
z{r+-ooYj71STshr#6FikR!gBmz2*`cCBQ%RO#e;B6KVb%<n#RhA&89SP5`ZJs1tu5
zv;*n*OjV){0Nnzxk-MUgc>kbs5pP)74W@)CK|HLR6g6Em&L(bi5;KQ>K(xBg=tU<U
z;3`2dZ<3m643LD7*`b>JEJx++HS;vZWVo*+py=)_twZMykp@e!h%{`ryfXG{m*UkA
z$1@K|aCP1?)4<OW8DCb;3MIpCmC2HbUr)Nrp~D{)xCxZ-5=!`pK~+!v(w`edukStt
z<yFqw_t%%@9nh@%aAe13*LSt5BWgb=;WZTd7quleZaQz(^sS*6oxe_|-HOJr(rY92
z7>{pgE_C&Wy0GjwH?h(y;Jym&hm@3nMLe2wc(m7Ae(^l%;Yt;jx{`@>9@+M`l(Jp)
zDW$WUPQM%?=RK#3ZhV_gmhRhcrInuK!}<3|ZT0uYKT<^HFU>$Rbjku*vt(aze=n$^
zB!XRwnN4Q4CeW2u?LIMBXfU_g=65)gWf~|fo|!~VAsUV6hqTm$d|GGzV_U?>BEWR+
zXfNklt?#Dr{<f^#JW282F1{VXd9_kIww<+E=sy`bG(*|YceKtrRL)*dy&C!<UXf2T
z&3(n&|EeZY%qwY~*&E8+>$_^@ht+}v!h}`MBP-Tqb?=Y=XTyKy*YwG{=1qr;9^?+p
z;ZM`ZSDObdGR-|9gN7+_YtN>RY_(OBpAx;#b-Y$Txa;icIj>{y2XvFJSVww?Z!@>G
zFkDr26dg)WBFQ{T9B38CKTU+z$-X|M$WZ>dJ(^|~CbX3lp)e*E^c!8QN2Eo5&`~@h
z<}l-MQvBP@Qo416ca*R51M_;E<ja&4kRv(YZQAX+Jxhn~x^yFC>Y;)xfC@a=Gx%y7
z^PTUm(Mq4L73(ol8?MO<)L%Fh+j{30<}c~pyI{~0dF_?TT+H<8QD28^hju0Uy8L~E
za=ZaqB<oH`gmCoOKkxeQ%!*KNkIRZO0(Y^^q}V(=77BgAZCvHn;i6}+Yt0J-A}}%s
z^s21Cadr<i?!Iz<OCwHjjP6MNbFdgnNK4|6ll1cDva|GGLE4J63tmRM7s7Lli~%$U
zg*rs=22>33p9vzsB|fhPj|>an`Lu(42`P=t`_FvYS34hs9QkRp=;V!mX^79pH^kQf
zrAojq@P}xkK$)v3&F4R{wu*=d9q<Q<5A?mQ-@L87-y+a-B6Uy`X{btyyL=gXvp&QA
zZ=48g0qdT|B#}8FMFZ>v_{`047Bwf6EfW}mf)PWq<YD_q0D>extcYSJkQ5bW)#6$9
zqS<mNlo-<3{|xB2f3s$Pd%t-11)tw#5!c+Dr;#cpbC+ucehxwS#pxx%^a>&D;V^6n
zITMW~kZwzmZ0u6flpUt{K6x4`S+ctH#x}d;4n}3_=htsNDs6FV9MY6d8h_3FI+iYi
zcs}D{R1hGE?{M3mZnW6KWrTN`w*&ev$)h3o@Wp=0?uzqV5eUvC$p(%kW}XhuHddtk
zc#-cXbKn_8xwt#z1|2ZTQZnWV%4T`12wB_&*B8RG%|E#9f{-NdWXYt!zIHfW&OPf!
zE8{l4b3Y{%pIn!O(1c5n3BZ1RE0U8+pomsl7YSx-q(D7ny6Gk>G9GrJrT`N<&E*m+
zZM(h?5F|~A3{ix3#0Cb(E0gbZq8NSYMvlD06uQ3VBtmY>Pw@BR@0=aYmR;F!;2{Fv
zt0<b1u^xLzBSy`V+2yxoqg`@!MO<9(Cl!=Y(H@XAXQSeqz#>?<_N~3ntEBejG6~+2
zs!sT67=Nde`V+y{HX3K!_(K9?u);zB7?MPI+^Jx$9?_-~%p1=(N_I=s2)|5+9vQ*V
zwjEtJs$!eWn$<=_7+D09G^LdyX_u~x=OFV6O2bM4#G{0))3O%EmG(uN2H`5zhP8G?
z>o_Y)cOD4rhVC~418fXPOK}q-S{jJ}q1@F6XJ@aZjFq46{O-~D-1zHD`|(O<n{gJu
zO^t`@VWR`vq*0Isd2UV&N|GY8bOegh-oPvyg=gtp%}3^V?SOEFL6t*)meTr*WV=li
zr{ZCT)~?+@zDQ|eD+SP7sWg7{(w)Y3>zUBYmxq|yN~W&obVi);vx%8WD4lpVrV>GW
zF}0Pkin)=0SM&bkJdGHF76O?alnj?DONKS*{|>Fs9#fQyV<MiI90^ho7|h#_QBcHg
z&ppsM24_NKU^Og^d|jY)*3p))unvQ_9hPMxtnPurFkRNyhXveVB2zw#*=&sxMkULS
z#MLA+m|!_a#p0P_SN!eQo@|KKXWoY;4-xG?SD+Y92S+Bg)A;83s)k$d?*E;?Q9Q((
zVJ6(iVD*?fJqp}IiSU~Y>gsD}A&)*<ugkJe!(oNm<kDK5gaC0VwG-Fp$SGI^u1lXA
zqTihqagr0Zc=vfQM;Xw-&)ERHc-K6vSeiK-wrI<o1Z{xr+rd!96nbnEk*+3=p9I+$
z1j{m+&-$4F&cW0;fe1ATpbG$0YrnoSNLR{4T(xCstW1)3y6Q|SNbdmiU>cR&j)FKm
zZnCuWcB@N%t4)()WGIboS;bFvTF;_8;wFB{BNQ3F@rX^aQ&n<m^|&T8Yp*RmsxmtU
zS;jve9Nwd=cIs#48j-AfG8X_~cAUelPQ&J;$-OITG}fIZW0ChfDQhEvn&pu*1rsg$
z8X*D_#N}rd05BK#XqyndGCa?9Z<d_3X()=>S18a<JMn<X3%fw|z;49gL=uI#y=mLZ
z6ozj2E&}-9S44Wg0%it)7hsFtS#jzi(M9vsm7>UsK@TW>j9y&`@$K;jnyLlq6I)vz
z3!XXXtaqI8DF8H05#tkUHMzdCZhODZn|bFurx0)qOY0<EFkB@4nanTy3$PEWHO0Ld
zgH_XV2|iYHMZP1)M{}l?J8<kxZ^e@{=P%rtjoJkC#ndHe7mYbVA~qIRE)N$!$ba+n
zOJ#KFP~t<;!tk_*VWyvN+L+Z<c@=GP80mN3dfxtw-gS4=ma-+?RSKTzzZ4rvvm4u}
znp)VVS=+&KLMz8LQPC9g-0!EeZLx&aKo-}G6xIj_ZAHNOn^-Z~IT3t4%m~J2U74n`
z<P!1AwD;*rXJG^Go-{a`4VJXomP=7n!)?N6Az6FPP}7yT1dU(-?i2$;RNnzZrlili
z3a;&a>*qOS62R`ht1V-%mfUq~PkxF&z0jg)RYK-5TjkeZS5Y!&chc{!3F`W=QNsCs
zD2}+P|NQxcoV%p7&O}s-!KwpS1I{5EX+frG2B&RwN*cR`vgYShf&+Ov%s8_7Q#KbW
z#{*=0vKSuZQYbu1UW&Dq8K93ti&XTLPxG7F*7)W_`79MjaJm_s!jR+UuC8qE(@HaS
z5SiTtG>OvE$ENXHMsF4`*(~@j?XbUpI*gw!ca_{ZwCCrkMIDf+d51VE3jnY{jIH{i
zxynq>G=IXhb6m7sHM_NyV>4t{8#L-AuX~|BBSITc1?EkjIr!dJ9Mrxpjm-j5u$JNs
zopK4|S9#GN_#{60yqCQI{|l~mOJSF|!5!bPnVmeAQ0PODAa92R+VcBxhKJPjCxtqa
z@Rt2Qy^*sPL}+JNv@Yd)Y)JSz<bKSW88Lh+YlW6i{n|n2i(;i&ULl{wHR-hMh%s6j
zqZ;SViuD%;LaXU-S-VI(Qn+#xJ#S;|xNes}>~DK<`f_rnW0T&DyHjRK>8kYrpWi{B
z?JjbUt<U&eL{$R!gSx$@kp7*c7fb<_S;%xYUK20~{(4|lZ5h4Hw!U065${%~8}^&e
zrDcpy)24Gb(#ML=)G4Ih{Y<vNE9&z|haU@Lq!FPKW6+=}>@1p+)LCC<R|RI=-0z?n
z`l$HWoAom*&aF5f`J|ao`j8JB=Tm1%`Df3Zo;(<?fH5sX>+T0@FvoCPehJVRL#`Y0
z&%%`r>^rA{op-cp#*Yf^L%Jb$AZ&pz#}&9{v&+Y5N@qCQpQbFVG{uV|WA@e<G?Wh7
zmb}(AJCA3RviuyhV(SAol=#qQc5kEDd#@O(-yWe|cP4C8)f4j{4=z7xa@<mVVB@)}
zWaF*Yr5D~=Mv8yFlDTc^_`2}5$==$Mj&HmcnkB8bU17%<?|wC#Ul?kY-l3HDzBk+9
z`r}JKdeh|zvLkD5*&G=<*_E~8^_}3&*W3nY?gQSBT?xk9Lc{AD?hRf3nPG?*1_VjT
zg<D;(4N!UEtaf2FY^VdOO^3NlHt>xkPW|g$hT<l?uu>Dfn(<b0#iDPny^@vumBLDG
zKb>)~H!DTl0KEwW2=Zxk_ufR0>mG*=+wZz5+aklnn*!XU4>9Ud)i&?OE+5|Mwvy}K
zrc=n@S7-IpMPJlflv&w!4x)YVxOcl@faFT9?u8%q@}_X63N5=IFU_YVD-^7DU$wAu
zL95Z~7%Tto;yptiTgODrJ?HtEFU=gL$IqBRqb6HMr{)}fb%+u5m9y7E+`Q*dld|Vv
z-RqVs7M3F7Qx1`PtS%`o)#;3Q>G_{;c=>Rf_133Zw#OTf5l-g&IByB_=$wA0(|?d*
z7Uogtbv~eBO>#r|3e~|i?_oCh;I;Aa&!-r1T~Nm?JUPm&4pDA*A)i6gk<l`KYS(tU
zYiJ^diJ+ZlUNrbTqJ!y$9^co%-_kwn3H3UR(O%ki8qGVf!47jTBTj1y@tT?b*0sTp
zPUbdavl!Qlywsz0xtGYI(5+JM+HzOth}S>eS5MtkUhG|iml+J{&QIK89W^@0GRrcv
zbiQ}}8RcnIzn#n>N=?=+SJ@g}UCPU=W^7aMryCS2>Q-&D36rmIiks@Z@OH!QI`U3U
zi~0SCRn>tL8#bDH7P#Dr4Vfe-aJRB9UCpU$Fco=MRq0MkJnOf#b95%W@Q8Q%u2^t7
z_jfjUO8(8{G)VhW42$p^It|Tot_CK$GPU!~eI8K&iBC=+tEk+;uo)_qwjr4IVk1xL
zyWg#YYc3=L*V5=C_x-4hk6C34l|41P{O%v~)dy?~4UCPY&Ys)}1W+BHOo#vcanXFJ
zv|*pF$Iqof2WRJf?}m@$U0q2Vu^jkx@9_D^QMa87H_k+M4u%r;*6qH$?cj6Wta*;p
zCF{zO`Oy=x%=epq-WZTuxNzNKfPZr0X-?9k=APo|XGZ-i17)X%-@06R9k2H)Go0uV
z>9CMT*k0rHMb-9MM0#Bv`>FT7w>6zFZuSvQXg-i@XDyIFd}oCh9X_vi(yVM7Id+fN
zJrDiBr?Vm<`w8-I&-n3Fo*ige9K)#OoLjw;RXlw%I^4_pm+{xK8LhVH_R@_O?t_<6
zmJ_aLYkz*0zt^%OAi8ON(Kan%>)WbgCnqi@X1XcXsLsEXEVJV+T<XP>+;bIJGv-pS
zv^MBO)(?ASb8ac1R=2N=NBr{BTZB@$Xk0Imw7O}f!XUiUPdc;(Yw7VaX!qL8tI~H4
zO@s_o-q&zWe-3SBX8~MeE_CPNk)Uz0oc-`gEpxmU#vCjiN3~AceyzJTO0uwhTq_T5
zW2JH)R{omDz26jSx&6X79kuV9eqD{OU2`+v>r`P(fBp4~j^}s0=zK5#X2R=mSLY)W
zKa@bSo8j1aI}FcHluLcs<)2w$4y1L$d0`qd(_H6-;WgXet87vmDKdpWU+zwJd`y)0
z&uk^$eNN?-4BLF_>Y3kg&p(`>qLJ$%h-bQDfmvP|Krro{Od9Suq9rvnV?_f#sa0|g
z?4hiVDbq<Y=LNgL*?2rGmK{7`qm)UB<7GmgJJc#PmWv6XuBA1TRf$s}Qy|ay1%esT
zejMTMvdeM%vtJgWNPb5fU~Az)T7CO)Vzt1D3?&Aq)(g48B}_Wzj&zVnC63DD3TLZz
zNU{iQJXT!AnulCQKnCP34uEDv2bc-!$9;je{lmTGuXGWa?!H5zl6WZ5sesJjeiZsv
zT_XxYp<8zJ_&j$<wIb}F^<QnJzLr#;okBE0p;MdvkeMn~U+KcLCb@$pZ^}?6*SG8=
zAK@%l{oe)jQ_S7Qh+WT<p#N9RKPK$|Sq26Y|4{&N{*n7D1yCqW^S!EL|5^H<TN}Ju
zk%HB0-yu4M{|whOGcH;3tN*<aJ@;Q$^Mn94aDlL6F5WHwP8(wEFOcZ%<Z}`clkq>H
zAX(WMQA+!+A7Jafr)G7G6?yp!d@6APE?!<fiyK;CYs4;GlbRx2EFepo%lS}`Yz1eb
zTw<XBqa9iEN=Br}%WKOxO#)dj>=EQ3oSOd#Yz1oN2QM!tjc__iZluJM=ma7JkBC0o
zA(si|zQRXC)HHoE76YEdAPW}g`G3ES|D(J#pk-dNo`A9s<Z4ub0t9aqr{JU^KrwHz
z^$Kvtbl|x_zJzWMMQdDz1L#164tb-nN*77D6}d`D!y)l>#qhkHK?k?$2=o=WVy0q>
zf!qM;Qsw0a$vk4^KiD@J`Tx-N9&k-9Ti<XJ0)!r#A~p05p%+1V?<fe0bm<+W2uQ#n
zU5W?@NG~Etk*+AcNl}V|^rnDP1?iA?N6)#>x$k$MtLOZ_cPl%4)}ER5pP4mn&ze~i
zGS%<63|G1IoU;xnS;d~2>x0PFD9Q<Lm?$kYv43!2-sF=Z>F$^r9wIqb75m(TjN^tN
zTtK+V>cG0UpOJI<?FXD5=?rBY1n;fbZnA+u!6F1^=t5^Naujqnz3G#;citVly*3$r
zgEnt24vS^glf!w6YM3W*ni>d#*8>L4!+JVMf$wWDWpZi-qBfQ|v@i^}6c^U;q2t1n
z9##@^{AX0|V`}-~D^*XjgXW^WU}zLv{_Ug4OFh|2VE(4(Qm>A02iQ`HPI12UlH|CA
zsrUVc0+z{VJ{B$C;?U->s7$@CM{waXHv&jC%gjlU*UN9&rs(J<D%<C29H~4Q{_nsG
zSb*0Su!U3I5_kp_v&G?>Y3y~BW6)dB)G#$GzPU6m7Ctr(__#X^&tYDGjY=E=T>>#d
zLs3?=ZS&w5r~;%_@$<mhY3P8w>OuQ}Pw7>9aw;*HEjxt+9OmSpwON0CjY8210RvOM
zlmASN=7$;~BO?`{K@{?B@^A=eD-P0@*+WH@oB~)|WkO#B7QO2T1jE93+Qb2)5-e@x
zP&^o^1j+df0eA!Ab$Cnn+m!u{;=3(Y3<~D~(+@zNk;3VrY#iqN%>=o~G&W{7e-%7(
z2r_glsf&V|MkNIO4zPFelM1!MnP;y|$VD3iX$9}7aelXP11aVRbRs-^o(Ll!ppl`9
zx?WpN2p0H77K1RrsyAvL3P)sPjK$|5RJh~%^qy1~Xfyy#3I$Hd26H$$j3JS$6`?FC
z?-2%r>tRaiJYZZgHR#2*7*+yFB?R+>EYBw3K+m-(RRSD*8dA7A%wEb-o%hP7vdS)Z
zz`+TRs3w;svp+F)tJNeLP0Wi9AtE5Um<5GB8Io;Uu=vt74&_p*L3f9r1DZ|ZP(1CO
zxHcRpV^6XI!m1sNrhs0UzDcwr1&ZY`R~L>|QdT5C2ZnHe_LJ->g<3&HF2N(U(};~|
zaVNXpqE&zcz)1nSbS8MB0uGfAzCy2}B}Cy352GHdA;~wlJtDD+_RD}0ei%-M;I<Ic
zN*DcDNOIqEz0t&$p0qSC-+{PjDp7|aR;#9zB!gNuXI|;PUY9Ik0&;u;9yWjX5S_8n
zRUvp<=~0NWcnh;4e*uRK*K_0pm@Q1$KGO|OgV<BfBftT+;UW?cgC)C4+ujFP)TeT2
z)M52e*4x0ES>mf8Q=GFhSCk_9y1ur5uB{aZya#Uk)?*5R3|)&-rof{|(kLJlGCvjM
z7J0z3qQ33y8jJNR<5){kT$rIjr`WOpOG&7x+fiOH`ZDLS7K%`y&qBZ`>2dnyN#wCT
zTqGrZcN$s@LLsTFjL`N8h>XLMspQkPS3;k_AHX6J2JJ&Q>cB$GkIo6`(Vl-`&d{~X
zo)%K}*!9?L<fOQrW{uZDLhUq-mrG{}&pkIv$;f32`B^;sByBh_#$MY$kv=|D;$Viw
zMux*ro>)_8D+7Xr&6y`0GWvh!OaqWJ^8c1I-y%Z@0t|1x0i#i2L=+qBZyr<x;U87i
zfeFc76@(VT6VYi(2!#i-?H;H${O9a&bsCQrD`+U5cZ|9vmu&|#<s0Uc{fC@p$q4ek
znu-<{;wKJ@29&Tf7`@i6)<aJ71G4Y1Nl-YfE+=hUu?I*rwt#-Z&_X02=TU705Ms;`
z`hUs+rhyiQUJ#j*0L+dDvM2n>FyvJ6f06@a*aZmjqYXMV9$Yr5hmBa$5*a3cSMKb8
z%cahn>NyGAq)H%tb*czvR3RD<{JL!PdmhYyI2Pfr%mWjv%0XLfWhb5@?{~x^($uU0
zz4l%x*F9CZ3~LoDjM+AfO6kY5DqQa`DQXF2c|slr$KB*(M$0EARNf<ps4BM6C=*;@
zer@S7iW@oNaW^Ll2N$YN!^I-s%IIq@T3t9)_*jrmuVcF7j5(aFEn;5j6B?J9wew%M
zp+MPzk<^oR%e#1NaLbM`VwzZr30MMBKlcF98rjN^jgXM(x5!a|g!j*dDk)c`Qq;x|
zZ%`PheyG)Jkl`DaQ=ZtxYPcQ#wZGrUIftTG=BZ}CKRd<-qHa*uPb3$ifM4{1Qo-s_
zz~UM)LM3eDW#<}yF$fp|ARlDWD2kH<_QiA&V!gJ2-R(9DK3~es6iU1{{x?tCOrDmp
zexP9GDJ3|5Z=&KtYGh3D-N=e7O~us6M4RVnn>;cRc+#gdvZ6v>FfuVDFtXxE(~Y3U
zTFEvFhc@VZh0Os20u%j5==nlps^Is=l(=nC+K461H2pPrq-y%pG{hEQiH#gkXSYJ+
z5}=(e!%6QF;J~z5f#^#fg(H&@Q3|ZFwG==?f3AUHJD$ILJ%Z~Od_->~LYuF2(df|h
z3#n4#vDuR2Q7EeqeGoxEgR5^tZIPjo?XXw{N?4dO`I9#03(9c4Tt{ndiW=a&(*+n;
zI9#<I=FzJR2csC_Gi@AS+#C6rHNF{e_o)@DsBkeBkXwOFZz7<7jvX1{nqRCq)WLLU
z_zNpsV9PaYQ=1?HDzU~PhD_m7R5DTahFL)o;uHc_jLfiPO7!Hr2bCNg(576HT-G@i
zDz>FvX3=*n4Q_PS@A93W5jcD`0TAF2)E1Gqf{X!8wS-(@QPv~!IM@rQj(kgWZqAPW
z-RnJy*HXxXtSB86$qIBx$SG1Bq3QB)eK-Q~GtXc&Dx+cdl|gCHdH&qFB;X?l2l*9B
zd@{5OIw6ef41OQx!v|xbwUTdxY4lq0u~BHiR625Upl#mope=m_-Dx_6@MM&HSommL
z5DYBr0M~z!rWXq0(1lV76j9E}6FlG~$Zj*d8D^m%q^~Tg#mDBtVZxfp@?tL1L*Md`
zcu*;n>S@}{P__h4f(vNpHP$J%D}eo~H5Rk1HYO;YKSF4(Rh|I7oI?-_re_847Jwcl
zXfyk3Z-`Rf0QSxe6I6vMt?^Odotq&qf;;HzL#(7$AeQo~g!Dy}OY#JX&@kJ|hf<X(
zNbMl<a}<LF_(UnNMOa+}3q2JV7Z{nj3q~SX(E}V5TVWKUlmukxn`^9@Y@%>t)-o2k
zW0(v4#vDp592dkvnT6tjLOl{4acR}TVxTl-6YV`wN&`Sk-Vypif%U~X0y0oN`X-u%
ziVBpbdmEGn2Qe%B0X;!c&;=3Tw1pjL^&B>*oUfh`+`Nn(!BY~RS6~9Rk|90RSD3ey
zB^40yb9X0T;T|1rw~?s{swSG+9C94wd!(=pn1GVEJTTHaM?qmlmkW!8%?nTv(!n8K
zfC;)F@;Y)eDuOUo1;Q|yFlS^uG8#Bt6EHgKp}@RE(N5rq&T6|;nbe>LoMM*F$0mvg
zMr)9CHh@5~Vd@+dAQZVQlmuxDc3>%JV?jXS_>~$2XcPjfr+||t3~FG>hee{`dSU7`
z>JX6f0m6>t2Q3PuKo%xHPut3cOnj#dm$!^XnsAv6HJ?=qq2LN#a3Oj#rFb$z3XTz|
zGO(P)Dugyfpnx-i+3YT$6|Agg^-?Hl)3m6VnIm9v$a~Ddi2y7kux*%fMVo^*2LVij
zkz4^Sk46NsRiVQb$xT2f9OyR7TmsfME@UJ#jER6>Q8AXKxs3tMii;in5y47fF~C1n
z-~=(r8F6!`>m?;_c_Smkv%#-tNKwT(D}=Y<PH<W{EhI|0@EdlDc&x@Lsn{)oI3OoQ
zweh|+&|orQ!^214R(+`OT%qn61LL`{c#UwFlJ+|fwCDgnOp!T_UNI7Wf&dl(P{ay=
zGM~Q=<#|}L0x=D6(yr3Nq6+cCWZ<?H++)b9-Ev5%kPh+jc@w!q8@&*q@`odt+s^Is
zvP}pP0dIpas}Z>{EghKHQgNC1J0vQpj=zga3tds}mp@^#g7PWg(B!LycN37uD-WZ!
zJIEBZJ4hWZt?)b(l*nT9&<gqC1SZV+FksDGL8ZGBJ+#hnAEw_%D1?R^Y;QY=T69;<
zgW*CjWGE~T?thaK@1r)dgIrazp`S~cmdnH36G9^o82tJs6O{I(L8$|ts|15p4g!bm
zX2zses^r5wdgNI^T=tCQ5ek=jiC8Vi#R;B|&&Aw>4^i1f!NIJOTm6CrpN$t60VHiI
z26+ZVoKQAE1LZ(%i4ZI%G8slApTi;9Ko5*`iDTL3pj=v8IZX>(exqujB5qhQiMk@W
zj7r-Do^N9aE5<hNzBz*EhH!|Ht#3iXbxmdg3j9Q{BF%FazIj9d9F8V%F(p6OWET?~
zjN2yv4I!ycA4y7quZ-K(;+3PWBh%@^HWx`128~>X$``=d)D)5Ta|p<5Dx+__DD($P
zhaeP0z7;>mOi)T^c~4&Pe{cc%eHP)k%j8Oh%JMCd4pHd4tjciVJcOmPD6j>o9eZ?j
zhdLE8Au)@5P8$mz7>drtLFLo3Uk0<ko5v~&%CONRf&H5SL=YU+Fav5f(Z^l)k}uW4
z!k{oU4fHJtgii~BZb88g)VAR0QC1gt4@|i`Qx`DW4GjD&5&43{bZ-e|ZFNIwxl9wK
zp$@rr$}8k~;g5dk|NVt*(>ju)1!xG?m^?(Yz-Ud@A=hpYj<diJ3Je_Nqi}c?A7FhC
z#5&K^5=N;XR|$;rC}b8aQLVTM%p8DH)RB^RTfCtavjAKn>A&71FB1@W0COWh2ZTS&
z<z@=S+hyp372{U80tB`S<SHsW$`+o605iePpzw6GYuE({EOD6<m}&8a5+LEZsl#+x
zRJZ@40H_(|4((_#rl1IeaU1;4E*2j4CQ6EV6Ln1(qEH#T9flXMAp@oQi*8}0WMLDf
zTjJO~_O=Q~U@k|(=b@$bhtA+dz``5M>}CqQZYNA*m)9~95eoH51KKvlj^{9KI4B++
z0)go$inkJnLe+Po!f>GH<k4w>hU6*<Hn)`zuJjN`0{cwBiInq~5yJnM8X+0J@`2H*
z4)X~mLc0u5C0Dj2(#pLKRe-`+3)-Z^Am`W<6fIHEAl3u8q7!)?FbHN*%LHtIBA!Fp
z0Bt`DbvJ*5FMm-RWc#n$gsk;YGDfPd;Z`DdNw#c7Ky+Ymtmr_YSkY+(VMPb=Q*_|U
z@ser4q|g?ofeI&noiMePKb-fk9Vf6W>e{UV3CM&XxB_7mL7Jd29tB`PjrrFqhYFp5
zR^sB#YQsr&f&>m@coK|7s1L|%td?S%^a?_9t4KTrc0Hh#?TES(Xy?PEwOOAan5|8r
z959etn_MWA0~o5`lMiDH=x7Db#|Lbb1B$M@_m;yMF+cO|E?_nbkexi|m~<}{zKI%1
zgmM}e`mcA=_J0X5pngczs?6zJ>Qa7=<A0N}z*84;V1j-BLOL?+lZmp&JB82UuG3fA
zWZR(U{^!QWnukDj#=ur05kl6q$as%X+)C^%26hrjrD#PCoFeF-(nguZ*Xwc%HVGAm
zlCutS{82fXl>`eUWVrT^{!-2A|F^oO^%s@FzolRJpFNYB{?t*#4P8(m3hj(K)-AxQ
z9D<&NqkZ%dES*2@<H`-VXbPS-k}TmQ`~MA?341kEgN6e*y%7(sO5lo}x)>ZF+Q|Vm
zL<&4Ysyi@bhh@q;<<PKjU=AWg!(Ky<u*_APyG#84vuEJLmn1l_<vxfC-iAUehSBK5
zqyCsj{h+7=6DlR97UVF3#)gA6T8b!Ca?OmG>xApD+j`DQZM9$bT$IEG1+cohkOEj4
zAquyOg3?%1!KoB+6!2&gUCE?`Wz6<)|5D8{M^Lu@txzS~s&l@z@z*wzjFeAnnO?~7
z4-1M<d_n=eKQLqZzb`Nq@Z!(ws*b+8-W5F%c}EKvKMrRS<beYx`*FeHWFQm*2E+mQ
z<pbGZK#`#5pk)l05G)FI#DHVLb>OcU!1|OV#1#WcfV_ZgVsI#MWN<t&ILSD#adt4!
zb5KQS00x=`?SY<Ra1pqgxFHzaJluXfFb0nePZ#el2CoS39X>7wp9|j*KLUgQ6n_*(
zfPwMBjA1btz!=5{0s;&H4}l>;IEJ8zV2}`uA!H%cBn-w7W)XG~9%6`Si4=)$VTe+Q
zUK4F&h$)C=h&?gH$;3^>n-~%}i6n_Lh9s7xhGZE-3L{05+F(f0q-CVD7%~tU7uj_T
zSrAzP*%$@{RYYM^2?l4h{FyJm`UOLN<>NoT2jgh``$zo$j|)4+CHP$&V8Z{%<-Zfb
zME@NF76JKhBLHTqfBOPc{u;rB-$p?DxA_AJr291j=HEuZ@=p-3{u%-IZzJIOCkS|d
zjX>zP5eWYi1R}piAobe_r2h$mi@!#o@Vf{Au~Pg87=U0({~ZMegRPSqzl#H``43Ql
zwf;K>ECPeyMqv0)5M2H>0@L3{aP6NUxc+MdR=<tF`kx@M`85K^-$vl{PY^i&8iD6;
zBk=ks2)uudAmFzV-2NvB0)LGl^tTa&{SyRte~lpO_Yi=i|2BVc%zxv42DAi;zsWo4
z@AH1}E8dTOlXv>x=biB@-nqZYJMZuF&i@tflHcV0^zZX7{T1)3-{k%L@AIzy74OF1
z<o)9B^M3g&-mSmK8>kU&f15iHsQth3|Jm#J{vHDGo4?H;-1pzOV{7@)Z}J}g`@Bbf
z#rxxL@}BtnyeEIfd;T|hFZ_Mpi@)N%`kTDJ{C(bEf5m(IH+g^i`@DC4#ryC#c_00K
z-pBuyx4sq*l<<#8nL#h0iHq&DAQ1Ks*e(U~@bD3Iy=m)cCFtmCWq(shQozH_K1yF#
zjf9XE8;V3jUD*(*Dk$t93=g0bbk{ZmKVWY|HAPVQApI)ffZ8kQD1bm!@kA$9xPY6$
zL*3LH1iA<)I9((K_t)j#1rAs?(NI>n;%~k_Em%q4d9<}n%_fo|ZKQwzHt8=ALLs4&
z-W(9}P<aGA5=&5qLK1nfzrfW&9mxxijD#rzL~_6jmWE(qxwAPENIT;(tTFg;efqIn
zw)^|~wr2~2_X3Vqi-9W;`(fw*&4ub*$dU7R{wOHta`f47MC@wH^tZ1EJJ$k7XI$>5
zV`^_4YaIk0bQ54=LzXdTR%4fBw>Q~FF#D+uAN002r!>a~n?2d@>@4n1u5Kn^q(LaB
z-IzVakomix=D$_1L{_MB2FadCogLmeu;zR%I5PX`VAJQ~*?!!?PR3s4sSI`G?rZ|a
z8BjH}Rz5ZN+08B*6p5d?9C5T3KIj|U6{2<K{^Iu8)(NM<=*%GIBM2!s+;i#H-u$|U
zWd0$;N1uU3(ORmIv*VzUGmFDIP|L3RW3w-7Ud8(bquhfZ8#v<^W=?2AiuQ>%KTqO;
z7Flmu4?PNgc(GQkP&d8;`3il>$-U5zpePnZoIa{iIP~@Di1bF&8wR?uYG<a7?6Hx+
zB$Z~#o_Yq*o^rFp2uw`6s7BZx*jChSId(}$@Zkv2r^r@1DOylv@WiDTr!^mD%+6-w
zXbMt$<;qerAuZxP-bZ8ByN7`#tP3FR5#<}lI#hT4yv9M6vI2X6NgG{E-<Dfd`@F~c
z#6|LY-kI|tN!indIMMn{<IRG`&(_Or+x{o7=b9bA5^fTKl2^~W(h8|YSVh}ERdpGm
zyb*otzBI~|^0C6qT>rJxM`_lNt;^vc5%z)2uLsNPJbO2eU7d&;O+jhGhn*X>?<jQ3
zwOyHO3Bo~XT&04y;?p;8odlJ13&w_2eupB-y}B_<nj6-`4>$+H5w1gzGk`slRq0=b
zw!JCi>-QU0M@4{zsBR{A**na+y<+{Fu-9(}h+5!MW7&an6z{LToQfW*+xX}WqoH}L
zvp=5rVDfuI+>Lr`7!7FM>R2VVzwFbp?v2_;hrq@Qka70a$WEHLX>NATMv;6H=@FW7
z>eGcBDW}&G)9tM^u0pjM*R?>`*&e^9j-Mfm(NN!*EI+lmWy_9=rjI`g;p1SCl5sB-
z&$up#y4Cp3;sBv)T<7q)VQu2r(bUVW3pA)XB4(k&a+s95SmTU|6%S&Uum=^lC6g5w
zax>3~76|f>^wlU*Brd*BhHp6ygZUG=QvAHq(<vb4Z0?`7E(<yKtU7AK)YHDr^NF#e
z8!0tB-Y1jUmvS@rKjc`SG1VmWvQrfZN*#fuNdg7tu!Z4ehe+AD7fkh-LbMa^c*5gf
z`EIch6@?lsMUs3%${I&hUwjr5RLHGX25&1c+3WMOUc%&z&S_*Jz1T_8ypBMN><lU7
z`LvwAiS|{_7>{?vsydVP5krS^0^%M?6`~}W3#*6unYu0hk|F+Q4{8P*M=Le5hIgOI
z&jw|V5Yk*)T`G5IxU|LMOw(8+V|FKHgos9<lw?{nE^SG*XzGn49&x;=CbyVb(!<!|
zubFNw9_l;EMZrD%bW-OUeWi*SDno`f!*`!Q9k<l@Am%mj1wjn?deS?c;Wg+78RuPf
z28wIEFMBE?G4M4_*B!~3@qs<krAu-2HGXhkt!9Ts^3g80C6IRG6PTsM_}gsy%m7};
zWdh5W$~G@OpKmA9qb0o3A>TFB#;9o-dPCE^M2mU#<BOcjlWFODtsZ%a74uh0EgyMr
z7RT#p#>FkQ#G2_yWsIC3M=gHJ+K(ZLTSCTV)(XSuDC1T?5XHqT(KJ0Ap^?1!`Lx&b
zYcS|TTa%m=_!U{pBcV+_UA0Xdk8^oLY5SbTh5KNCS-_Lymtc^2R6vMV+ifOPs`X5E
z=Ia^!9A#0`owFsG-Af=$Hqc^?D6%q38C)J*-t8^}Dx1tX=?{sS4-$8{_q_#Cjn*;t
zURe{;w?AiYzQypWLiDua?k;u2P3Z;8Z;&D-^1xHv;>1Zi$RpGggQadw#QJh4o`RRT
zszt&}-2SjTp6`4H+O2I6QoNTf<|a`WhUmrQl4&8m0qIBRDOt-mOY4kT4{5=@k7$F#
zTv_boWj3by#X(8c;@?Stfi;!JOK=KAFR6D_ZD|8?dBHkldjPhvX!uS;_|Z}1=+z}R
zoXf2-7D>fJMDtOexy@U?M_($aT)w%#+)FKTpP7D|!bCQ^!fTkF_>wG^AwMLmYb8hU
z6GydJo_E#u9Bh{gNgjI^z+<zUozZV>08-5>MmfUcr^cee9NFII^D$@$lJW9vV*5Rz
zq^oB#+_<SHljW}-XY_wC0Cm}XxmX4RS|*H4-1ZZUf}8MlH84$T7NkqF*@4yn!|BdL
zakT-x#?Cb;uBDkO)3=^pD^}Z&{LKQm$w4zW?w?T-wj5{&YmhRjwr;Or47k&lEV@=O
zAwU3PT+5)_gfth(D=RcZ*)Vm^*<!&v=5E3lmB2K`C3?Ng9XYG#-IbG0%?Vi!GwZ!#
zK5`SbsK;Gm|IRNJOT%MOvVPEeb+T4(q>i|;cZ~|yvZ?4bdjz>s=Sp@(HPG6;9k{v7
z1!5JK#kFiGsE~>YWvyNfpSdKr0i<fZ{54HCtuo5(F)__ylL6>;|G-T_E>Qly9Vt7W
z3XrnKGd^gnOr7)Q=CMi^1nHF@U&ZEw0?Pe-Co1uye-K7eBK1`+NV}zdZ--u&I9$E#
zVy9(dFN52`9uE~t<G`Dg^Ipqyi`SG<-^<`!!ne-e4(=~w9%l5J8-O@0Yl`ol%{`+x
zT+4v<ytmHjv8h-tdhSPsa&!pE0h4RoYNld)zM9UdMEi^zG=iLXUm;a6&gm%8ZHVf5
zxb2gc@dnV(E?U$tqPCC2nLRXox!3w`&)oo2WV0(f`>E1eP}!?HKTXNP#3$0il?OB;
zbd(h#RW^>lO!hX!kdXL7el_N^oiG=`&(S$jHi>kX3paen*Fo@3wi-Asv+mwF(dhyr
zY1NS#k=bYf!VC0|fFOljNvfDqBKq`V!1HBsgBWu+mb=Q}w5+1gJ^87Fubeook0xv1
z`UdwLn*u=WiKWXwZCPJcW|8H>y}KjEPcS%OBT{#uUI84{pDTAu_dd<1S2qZu%g$``
z?Yrh&5{b1M7iGIxPe0s`xdP&FkO}zU5Gcvctq~JC=W>HlK(24VCfIr@n=lH}Qcdgn
z*^5-DPG@S1juWTl!ga^eWzp1(@?y|dnRuX#{cT@$mNVC}OV5U^ik%Cb3!QmDGNnTP
z2mBE<leQ0^go8Yaj3?IkRXya+Zt38nzWP@+AJ~zK)TvyV;4RE}dw9WhekQNY&fRsE
z@oe!0A!rO4oRQof>q;(h^r4sT?S+Y2y;7I%z^2@}inkWm!E@5a*YCxqQuZD_@!63Q
zan?EY8A#=<cn0#|AK6<RXLRhi+O(bdaL5s3Z1aV4;A09N6%eObaDK8<+=TM;J4P>7
zGZU%n10&V;Fv)k6z;hFfb=k}M`QmRYM(1SW6yzTUUp3ZyV4xk{oD1>@c3%Qs6?Wem
z?7ntcE@~w*g!@$05D4VEeoF5&%Equ|&@`VJL0x=jLFhDQ!QGY`<Yql#$QD6Y8(DDD
z;8QI{HWC!<Mo72){CxA<QjiB_#B26LE>qvW3N48Y5hQ;_sp!+_udnv#32;#vG&r%m
zQd3V<rcCHs28POm>()}4KHF82uS&1p?wk$K1-zJib)<evZuFhW!r6<%cU_{9z(u<z
zH?VV7G8fW9aw>&o+;Ld#kuP-<Xsxc5-pSjM`!2yo2$B$bW%FiUm4t<PmUr4gcT7Ex
zv+vHKt{a3d(Kw;->%%+61&|h<S`h~o7UpN5^hZXz2X8vQ57va{0OYvVJ~gSO@no7;
zuPUw1bFL52AH_uto*2#_Ra^njbxly@F%B5)+}P&uzU{ld8FLNaWj{vzM#aI!3Vq<U
zu~`!`Fb{N6@BcuGpI6{eyX>NeKFFliNw2E9cs2cHI9-2<spshK(}5ZDVn|CIFoMG}
z;{uVzNIV*;T1a}UT=VGivqQlWkcSQHAn-17g(_Mi?ST;gP+9Gg2>ICL$`lM2CDzZ}
z%~4>>H*KcdogU#>te8Zox$37|3TdGQOxO+FtI4YK@s=XVc!TfQEf#X=kj~x+Y)KMK
zq#vr@)mNC&w@t_T{pG{u(~9If%Vj*EGOL<=EvYq=)N2|8Ru?>j&AextyGGwyVBdUs
z=`~&@kcga3b`wx@8M_ptySGTcz|$dSal2#D)CgqK&IPjgRB3Y~2v<gyRp=@G+Sz%}
zS0Sl)>~BzmK2-W%%x3pweOr@w9^Y+jW-#}eqR)rTPO(xq>T*zJ(wH|8w<o29`TJHY
z8rHlBN9WJ<69Yiw+#xo0Huv==0AT4Ey>FQon|5vEjg6r<$0uwH>DL3~3P6?7b$7?<
zaV=?!0*>g1c?ztPqBU3R#esBEkL+=b$GXZac-I3xNW4_$t(EimiDvdQpATz*2=gG7
zQWSPezUy~Kt(HBEnacxr!e>jKKw5ZsKpCu7UCuJEWHly*m-UUA8K_N<o~8dQOo7|H
zO+~uJ@oP<7lo2p$1aj;=frxH?e)%!A?ZmktH6mc+kFk*T<M#WvqV9KCAs4HUJpEsu
zu$Td$s8IunNLG=7K;x--5psrax_)RN^Hgvxz1jLB*Cu95@2t`l4EmqnIRh$BWi(;S
zXZ5ti@!F6N=G&Bd6s|sJ&F4bgW3VMsGd+tf5(+!0?|Su4#Ijs3bE&G?aTif@Ee<uv
zcu4pimQ$s3bMO39)!3{(UwFdL#8EP|PA?36(l2|xI4}GdXS!Ao2to-2F#wNe`cTG5
zqy|b*FHi8^5!gLHbN}llp3|A~D?c$(p+YBW$($+<K8|V4J^)Zye`=4n)9@ZWxzf})
zmEnkf9j7a7eL6e5xqb~7_0R{=UsRCczfk0r?Yo{`OXjQ5aSPx3pc#<QF4X5^phWuw
z>OphPGBb1QUZgr=!(t<~G0lzm0G2A}<^ikj7aclH*MOKCb;itktx8mn{Q0cSzU%Mn
zU<J-~sc%hPqRPj+(WV}m-Z*X%BvSse_Q9(USRt?9_FP(vv;|ru@5alen;Vbn{a#-_
zc=ig&)O$ns1+bE8%!EtrCgAt^ZSB|*XL|nUh&Fc;MW9km*<DO0S>;G^6R39|5!=t(
zskoix&SITzesm^uWu({Uu;SX|hGIXh=Ei%0$A;;}B08R*D{Uw>B~q`~IWrYhczMH+
zNR~^N66h-pR<f7$tu7n0X0_>j-iyTx;-9@k49B$`S3Mgid~uHUc*6*EFD{d&&Jq7E
zJ&%j#l)eSdrU~$#3)C*o@70srR#Y(f#OFbyEH%n1A4EKPv;IUnf-r;PabkR{Zy5yX
zLWQz=35?j&mBMv2n64zd3D+0@qy_@RI0aH_arS3@0@Jo`dOsuerJH@*pT3fimFy;3
zpZ~)rc(OKR37LCth*^rxKY|C;t_r3pPeHkbHdKx2%{crSQj8FF*V2iSVYnG+$0rTI
zG~$FUC|MV|w^oY$6PMhaSM9uc{|Jm7i7x{&mbNPq{>!iY`h@-D_$3B~DYJ~Wb@iWc
zM89=$cucamRmz6?7W~BRM3%!(@i>W}`CkO0Nd5(%%IOjiF&(aDnl!FUpFde8-Omhp
z+w;i6+rN^3L3LI#V9|8ep<mCq)Ayb<W!l#joJxj-OV7EcgPx~2J{6Lv|57Hs+2-zb
zqWZEi6X<ReNqGdZ?+8I}*S3#BE}}NV8a|RmD<F8EU_1I7-hx1X&hf04A2+lN=xVB+
zhB`<!oL#jP5YAW+su_*RO0ljs76`Y?xG4MQ&e;M-Dj7<#H{kJR&D3`l+<>M;<YR5~
z5->_B5UcOBOrU!T+R_GkFsY_->coQ7m{x=Y(3hB+?e)cb`B#Y?snGTA+H)h8IDqlQ
zGo3M+=NL>@Bxsy5{k;*$|C%eNNsYxo@L`yuTOOok<o1u^<=<0~36tf+y=Qh67ga3u
zOu65x^L3<J<)&sU^OzBMu4HYZ6d0JDPb}M{zN=JT0%;kWsC`@4=qfoVFB3h@ix*|4
zgo~=Eb#`A)u%1;0A3UXD^CF=Jz5dX?7lR!>Vuz9He4K1m(S#ri$FVcV&FoO@+=KeA
zN|pf-a@!6VhlcUznQ8$J;faW6+4ySB{`srv-G!(`djs&CR@}iSeQO70RCzNT`7M?Q
z6!d8IWj?(oaoo-3lS(SlZ+uwNkoZhrZU<Z=+ddVdmSv2KQhB+jOUimLI<<A`3NDI0
z|AznJMLZc?51^TPonyn)twe?5?L;IM1HG-rNWUT}GoD_vKP$!hz9FI)NaEEIgtgYS
zr!vB<c6Gswble{`TiJT69d_kZfm~LZGvLl)3*dRV=VyO*KN+Y}FKDhL$%H#{F#B=R
zFl0g0%S(qa2T>4@XEbI>LE(;g%zmsiyyuT&+*Qf_4GEDNDcU0VKdB<5_c;U3#hr0>
zgrBudKBH_`&uSC3Nw6dJ+7IQ1>w#xe!*r4`KqEXbjmM$XEE)Octdhnf2@nGuZw%$l
zfQFMY8lNQMjMs;fe&^Fz4CdWaA$ndj*bWPrw_S-M#AKasW6PF!b#Mci_IpW$a#ObM
zdD8SY*RFZ%?#75`L0r!3eDi;4fBjN_Op&`lDlJZLKqD}U`s4=oW_h*CEe1=f-nPR|
zF^9FX>zpxsqJ&A5^+5T&K6or;04h(R#qV{b!=3A!BC)Ka&t?j09+g+u9a%Zq{KN?I
zE?%E(Hw31&3NQCQHl9r#OPzu<Iuomb#<|y#%=W00ZrjAae%w-Bw;h<zi7*~;IvVLy
zfr}#&DMh`G=M_S>jCK9yRIsCZt+<G#NT3PuJ?bcNxS!4x9T&O86*q*b&75g*mb}BX
z<y^v?NdM?YV7IxPB;|I)LHRy-sUeR3PVyl1ts_Y$<0eiIx$_KD1_jCL5fMqu(wyu4
z^i3~X9Oq%d3IEuWXQM6Zq$52aUw%F{2oH)axS`ZbPV*RJ(|s|I2l#{(P*RmhpU}N?
zmg+qL`L4cv?;IUNuL4be$aNW;zytMI`X}N6?E;ZqzF)(;)V$n_LQQq`Ec*%s!{gJl
zHAxbe+~UkmgzPygS&uput~nVyC9wI~PRxAt(pwAXf((I}sOUI)pQVo-F)g`3ef1{n
z*`iyR3h^|(w7OdQX3l7!%f~yI=%Jo`YbAEm_sP!U{_Q!ycN{XCD+|t6UNJ?3awH92
z6X5pT)eJ2IC@_;3=q1s?DSIv3zY2VM0X{B>sG!Qq2AOP_#jcDf*fLz*9P>G&p<I28
zI^Vuzm%h{Opg|&$1-&CE=8{xV<;-NVe%IhZGv!tlO#q(FQplKeh&IloYC`e8e;~fa
zfwf`*i^u3m#rT{?xtZ&loja3ulEe5=k1M;*xtc-|I|b2QOfm&3^BJjkYo<pN+l3;L
zAcn<AsifDm_q#9!X*9rxi#p6Wcq2_L5wxkwa&k=*?)9|D$P+uh*2S^xqGu9Xtqjne
z75(Hr8f0Hc<`D)Y;qqn0%%?+jOr4aQ-HnYnl2P2uy2ItKY_8+aiKbC3T#+&V<UNo~
z=Ao)h;MuP_8SL-|e;jmKk-qRo;G~_KJPAPND;n7fdQUXUnJwzuoaVoj703BL@JDa+
znJ`CsTNK!2lFP~|1<PLyp`RE8k5jMmzWMy*uqruWiS$(fb{giE0`k=ukw{&1Y^i!M
zRU)*2;m2cU`eX;QbO&lvbW8pGh~e|3+SvOTjfvh5FYZ`c7O>|VK;2R)Ql~~mKRMt?
zSk4uY_2j`%3^c93^#j$I$p>tcXHnxg*16kbuI=<qtb9Uu>`umnp_>t?OZi$Zc~p=N
z^PFQ`-8Zg*o$J#$+TnLR6OyFa{kT_qY1T1W7F)F2I1kv80&g)^`9V+mRt{_|J=iDi
zJ(O+XQ$HqB87^KD^d-z}BFD@Qhk+U7kXMI4PynBYN<_GBQDo-aIPQD8h>vRSStjFx
zUaocC6b<&~j-UgXFJV8V*PQxL;RwcdyN#VyT_c^6*!;8wY2jWu@17|qgXwh|k($(w
z?OuFr?M}On^F;A1Yp!o=gNT82e{)-buYMBf1GuJAJR#$xj?&D8t+gv2Wr&IDQa|w<
zf$te*LB4}ulAnuC&uJ|_zOa8}a9i!c%=;xIsD)7@knH<F;jS%w=DLmsm9${F)osjh
zZ8LhdY;UgKjj09r?1FCq7wA_1e*9ikrNqYOBUe^QWO=mX?L=o?rj|4f!NjYx7l2+y
z8Gk=#e0yMgWi8|ebstxHi9hyB{Kz7ZwDnzFFP}RSc30u|)ef2qt<$3OZb*RpGwuwP
zUy}ct&O0P@#wp!9x&3w#17AN-D$5>TxkTOMecHG`Fpty1ZKA{Q9jJZ<C#F6{SMx8w
zVmzbA1j%VL$vnI`!*D_6iw5IBvF=$!&4?52`wHWgv^QYXy5~ElruVx8FIR6m&h)Kl
z`n!Io@*JIsX7S|I=5@%DppKWzlDM_7z1$lj__!j-S?u=ag!@SCRSVVP_qy8|MQ;CZ
z7Gbclo>^BNgqRnwor^ZR(}X2xsOTz}D_VyA`>L1f+FHI46a>Ql{ijtgDFJU^dl}#l
z;p=$QPto09mIaAGBBaED|11c9R~I*LSr!K$9}j6kK|en~0Y4D|cQ1QEVI&eM2!#5>
zi?qLsqnq=8@+c%FB_;UdEepcYR+dG>#@)@^Lea|B{-!7k!rk|#mz|5d9}v>f*7l|w
z%Ox3ap8%Jemq-W&biD0+^z3Y|IJjCU*x1~3^AWXhx#g<kZfhZiv`}?)aX|!<5F+e=
z2WeKMq=*Vq@*;wSFqni;M)1!#WIU{V91s9k9Z?YhDRE(hsJIgFBqS-05S0)R5|TuS
z3JZt|3yUB`B?W}Ugn(Zm0dWZ-gs7ANa6<}62}wyH#E=3=QAr7`TS!C%a0>|lsTV<r
zNC}7lK>(+en3y&YL|8)f4;MB9tV={fKvW3eDJdW<A}oOoAuJ{WaFGxYmi)m$QXGg-
zR2=Xng~cK)3b@1s#KeFf5dm=#fQzW8fP@GDR8&Ax5)1Ipgj{3!k#<>@KN8O(c<C?6
zl@O2u5-EgK5|$7^3L%9NQUX9hh>8Iu0KAwu0!v4V2>;>6B9fAj`sorCMTkoRX%dzE
z=}S@=At?s9r9^*tlN9~o6#wZ-O7f=*DfaXC&%ok;(8Yd+5&HS|4;ND6-<=}==KSH1
z03!N<UF0VtNior%=&&dxfiz*k{&+%4{&)fs0F)J$_Gj9!>4-@Qh=~IQCN3Z$0Th%N
z5KQv_a)|@^DFg_{&+__r*B{|Tuq7e(XShFIKw$}sDT#;y(j*GRjT8_Q1>{HsV1)#d
z2SAjN0E$ZlkSid=fD*=X0m@%o96$mTF;WbW2SD18Sg8a=QXE_4!U7^dz5!HWF+e&1
zwpbAYq)bHoha5-(((*&3u(AY12^1s(0086+R+@zYNy35?#WDcc3Sr$s0+K@5n1S+?
z06b$QSxoznjQHvLSGHiqSPJoHmi=)3CmF-m`b+=b#uVK>y1ojWdxHJ@4{eMv@_$)b
zj{sUNR~Q7icaBO206%|SS*ObXW6}JEtP6cNwfVJBP<t8iI9{xzj`I1oR=0(FPm`_`
z&>FjZq){u#qrJuRksH_ai*#+-_{um<olR7-Ew3sYWexLlPZ!SnciF`Im60SF0Xx;z
z)gtbG_89-ZNq1)bz<PJPnV_AG_5P{#{ejG^ELBMq2o8cgR+wuX^oOYZa6rJe>>Xf$
zI;{vYExEo3b_dAv#)`xsFyb9Q)b3<@gHtc-9qGa9>f3LE>)|6zo<TbUa<jL;N(jE%
zHLSl4!UjkafTor09&9hRT5eUVYktXDqEZnN(PPBi^!45AJZ}+n_$jrR2)c_01BC+C
zwkqbvnTUeEzrUIta(4J~^Rz^1qn#Q7f)<g2Ie3Sx2hzC=;_V&slrj8#=BMkMcQ6yq
z&HXr5_P6ZpZgrbPrY<x*4-mceE>~$88k#@A3v2NfHh!aXiMPc0Z59IqlUxzyQJ~ki
zTJyo1XI~77&-#5uwU3&sU(m#Lri}V~xE4NcQg*C}xKMHRRr&NsE$5fTFP&2d-!DI(
z9sGQ=uo<)dA)KfhO?G;^P!YoSM$>vr&z;{?!!Z!B)d#OQU+%7a-4A)=i(gspzC3~$
zEY8cWB4{2IZvLeCW_*6}@lNXUl@hHAvOQALM%pD}Ek>_-PPf?7(%qDxPiD!f{LZ&)
zC8PJs2Rcht-(H%|Yx=sef>#2zaVxsMdQ>Zyk+C5?DxzifiluDv$Sfq9Ve187OaXn*
zTJ3wEbFp@}T=nGp1K!BG6TY#yNiM?Lv-s#Du*sP)Vtm8#!&V0AZM<GON82WHLAsO5
zig47~#O%>#zFPbp$;0i*%}d9&7*}Zn%*x5}qTuS%DcQ!6N||3*y93u%*Ww7eogKP}
zBg1cXH`2B9I#kQQJAi4Lm6m%;?2Be9UDkHCk**cA)DOS%JiB~Yw<qO0c!hU;w39{T
zCi{!zn)w5Z71Zp_58&dliB_Kx@z@Uu2d~*1Og9c$ZSuP<#8?+%OJud*!;yD;7xM*o
zgzRcJXiZqtcez43ylt4y(<!2kNp&~qWicleA)Z!y#o6~)GtbQZH*jTbp6-ZNcvncj
zsIHZ0nlC?CPOW$&3rcq`34k-iu*$w4mas@?35aliJ9Tkc!mV%bTng8x)q5R>XP0YV
z+kVNOZ75I4{b*->?a4ENXVdR4I+tN~LkBz&rIDMcRoTg!2B-EX=Z6zL1Z)PM^2Sat
z@;8>!Thos7$!M{{_r-CTrl+Pp9S&K~2;|!!oNN;3RhvFMV+!wMPN)wH+-M`><izA0
z^&3k(zAR4c(rRA2`aW~&c2YP0p@N`H88`969KQVex1VZIQp0;UGkD7_#4k8-Xpfvx
z`PN$}=G@kzjf!{KBexic$b;(pUOvpZY4NZ<_~NxFKOC8TA`(q&=uQf}XL9|{_xExq
zyCWebR!7GZ73I8SOL{!*q@K<bDa{n)jRE|c8`(v>g{6Hv`QOU~m$^z+R!bxB1D%RB
zwV$7)?X0y=X_tNbD&hP3k$TIR+naJm*Yd9cnVTWGa_^%LbS6o9rQajfmq*u7T^w1W
z>n_(R-^!jAqBFZRwF2?qyiAWbL1bmsvnz)6$@ugoUA8#uyQrx%fl@2-NU(e-4KXv0
z-XZ1xXlFl*I1k)J>1O7=*{=z%-OpEP1jTf%U9E1j&N=V6_crrN{dqSAH|1?3Pt%}>
zoE8=I#JgruDMohnlhuMTjF;uE;x2bR+xB34`GSJKyE*R3oStQ(PsO7m*Ls!5$HVoH
z8lQbq64RpQ75(IK)J?y07e{C;?a@ndn&TbQO{YuNq5eh4J#rZ1g1__Qp#3^rTe@;^
zjP}Qz&|o6i!SUsNCK+VL)LHMv&DUe^Qa&Ubvz|*GoH;c8UgHLQSbwqUefGZki_Jq{
z;riCnEBA!gSz9)JLk{L6$e1n#ZEb-W_BUr|CnqPTr(e~-4BVfQy}eQpJ|!t@G;D1o
zDDt*RkJ9C+|M*&w!nM5g>?g_G_>)o0@9r#oRU+EkIKH5lOzU#{%V$kmx{a$W!I5vg
zC)MtWSXvWMkl=uUhOZ?dh6V(Y&vAyKVxBv*LPAjTv*hx|Ujm^y7%UaRd&^aMjtstX
z5z?a>91q%Mg87hupAh)`N!6!Z`O~kwPR^e(I2h`*z{xo1C2m}$oMYtG>skI7G3Y#^
zzAw8}REkO9aj=rfxJ)TI5%i+q&VpMF&R}u6{A}-X;6q<$zq-w#VMX0HW0Ks(93GCY
zIwFnae(}2xv!c=I^1S)?G=cLtS>N4D2PFoRm^ZW0xLqvbkjLpIA7pY04)vdZR9kkr
z%~wyPE!Tt_WQeQ!25g86*XY+OJ@fATJ_@C9JK88A*jm6%d5uaW@hBjqm<WienpG%I
z;G7*-dfGynh`Q3+82q}Kq&vfi5-yVXy)WWX66%2wWe;4ia^=)U2h16_V-0rf<uZU8
z;wJD!s*o`o>Dxqo%t;3oW<Ff;%`?1xHVW08hn0jGdKAV2FBx85N_NrJL8ZYNUM!WD
z5G=)<Uy2pyJ*O`&4JrA~Y-EWhMi}XfcNKNM77_z{9*^wqI$b?@66gduT)>r5deIVv
zn@k)k?-Z;~O~Z_%PMu6#wJH>mE>Aak%k{nKRl%Hl7Pm68q>paIu@?|JL5)-mo)Baf
z)Ad8YLpa8Liq&9-xUR%{J5i)!;<55~Z-Z~jI#;fiWbi6H&2bUMomA4viMtXn9SVX!
zxeqd#eQFbtBoBhsgo2(M(ml!31%%`&E2``Y!^LDMASfizgohLI)VCmDggyh<w(!e%
zE*sE^yCOhhq2l@~kAa|9)Id&<_f<+7K+p+!;Mp}N`e*d=cby>g12$vtq0dn<t6Zht
zoy!!8ye2CIpHGfHmcGC7l#!k5<3%V3o!wbQi`?14B9rc&f{@ue`>V}or;)lVoBQ1s
zPb4;HCI=4Y5Bz0Pt|oO$4&047)T4u9;E#n|N<JUG|2&$2ypFfu^jhvvr}jpOhuU?~
zH6^Ct*CXe^t`%Qo?i6}CL5AAG3@H)fEVt}K)8#)ie1NC#Z!pG^;)Gg5Ptf}-L)q_Z
zRz~zHPB%Y>tf0>r>B~wa<Qf7i5Ncf_1)v!>*=j>`&0!Z$B|1_KR+ZP9jHE`f6VWpt
zO*ku(8{M;gjb`|}m1+4&RR$gl6qXve^?cnU`LM?^@YSl!`oUpbTmxQrX@~ts`4`MQ
z$=`Ht+<M{IXe%pI3O1yE@x6i77-aKC2A8(hdO{Rb<Q${06SUP&Vf%bO+Brro?p6z(
z9}~J?zbbt&T2_u{t)&OX6UQ9#P^BL&8*fhlC6qhwtM}?{+Ir&w%pcDvUm(bh`mpHX
zduUDl_A)DicYF8Dv*9{Z^EOh0Mf&2QDQma+cf<QBJgGH&Gou2<Gd^GT&Eg(ZJeANb
z@x8q(Gy1Ah<niN&)^Zf_<4b8gZ2=o&52(ppPVZOYrr+YJidCD4vvIUfzTh=b_ELk?
zZ2QSJ>A~Wl^jyo}{p7~0pVY!1JUqz}rg_e6Zz1-o&g}tTR+N=XZ%0&Q=kByXu)R+C
zwTF`JD>ZJNjfe2}F)tR@MhntWcF)ZxjISj33z>?6#gtyW^3~uI8FM3M{~pZoHE<%>
zBFfUrQF3C&fcO1r+}E1hpH%Q8^Sw7GGRLR0OzA&8Uw_+oEicmPzOWC8OL5!bm(xw=
z-FkQoYe+(xAb(C0=pkCfNW(#22SMtgz{#sxH3`%+^j;^gg(l;e#NJrvn8VlOzN;!l
zeKKVkL;TN{E)2`th~M7=e|p^6W4g`Zs=%Hry`iu1<o@Fu&lSW%8KgWDydx5)2G-Nl
zQCqI=U+?!H-Ft4nHt<!7Ov9wS+o@ULMJ5IK)p^(Hrbg=3f{tj?o+Iu6F%dIg{?M#r
z68tZ;(A)GTbXO>HlHfE3O?iGkPopiG4&JP-(fJ5pJmz>@D&c6*bM?}`&kcdg4!IO@
zg)Etf&G>Wceob$sO^J8E+1ZH=I#s=Id)6Mu^_oY(Tl-i`sqqp;xNKn8&|zz9^j44l
zhd#sO;XZ6X)?U_2T&yhL*V5{c%=NM|4~N;Dn)E#X7j20+&zxoRPq@f)(htN@nu<&K
z4@naJsCfv&nLoSBPKRvC2TymM1ujqTNBfmZJ6Ub|i7)28q#oCPc3N6keno+#<BRxX
zrYi#xW^v^yJkq^D6D@BwGbj!R3=l=UQ03>M)zN=y8K&cRdyca-NuMVq%X<;e-R#R%
z_-Zz9rnk@F)G1ye;hUow%aO|xSHGY%A)`>~;O;PQ`J4zC>ie^ZyY~ffLUn<rXmoWx
z^amBe``zQ+&`rcUN1#!XmX+}U%v{2OHi?l``UNpmIt~QH@F(>N!S0`ab2#4p8H4B(
zj+`N_p@jXbItWAxht@db96}ofikI)p&FHrMw)Syod)vk<<}52S=-El%67jo@nC0k&
zthF*HMkW?K6UV##cTFxESJQl^CE!vJXFDXDki7P+sb$`<;i0e_PKn5qYO-Ka<cAHH
zzTC;2bkvH7Yz3{WgS89LK(|H^=zv1Gm0Lo}t6rpoWXFofXFgpn1vgEn%U^Gm#&v=u
z6-uqfc6V&RtFM#!3JXKO@stYchnZX|a@BqRpkdX^iO%kG!TH0k;a;;48SU{qQqttZ
z@z##_8vNpLl7#3p2XSlgo-1C8(@ty)e;i4Bh0>$iK;AfASPYEglIcc&pY~pw?0n?1
z|98{i(5{m2)r<`hA5faHm*(Ya@Pt{W&OK5m^0h71Le7t+rMC=ye)HkE^_RDoimvOR
zj@B!8iSEyJDx0<jIC@y$gmoAhTOd*=Es$!*3%HHaxbJ8^R${6nlrA&l^XRW^e~0oJ
zW|M93<bOwI>$iJftyR7EE;o`tjsus8qKfhYI6tE=+GGT`8(}ujBB3V=bm$pVM<Yni
zx8*LX6=boZXc~vSZvuT++y#-5FT}I)X3HQ(-`J0vK3~(P+?swsI&~k)S&_4K%e=0Z
zN#C#ubPdOq1btbs22U~6O<QL!<xynGL%Lw^_Yz{E#OA?Aqm*o_n!N$sc+n4;VGOM`
zH-fjr<Zq$m_aV-AKY(iR$|4t@8;Xg6<+P8BIOeK5y5+`L*2Cy(8g7|$L{<qyL$d?B
z`ShDm4>=Qz6r52|j;{7Zsx*_Rl!5a!=iZgwznegFrO>X9wUnv`?~U5?<}s*PsK@K~
zpSj1rCQU{h-?_ub8L2T{RD56Vs+!JDsCxwKDD(~IH`~+~0b<~U$>T*K1#O_`j%#pf
zc9^_|v%GxYbarI$DS@cEn*~$h{ZXWX_Rm3`eV!Q5?e4krIe>xrtuVHl5MQgr1-j{A
zY&YFa!w*cR_3?lzA?(n44)C%EjP0D5Y-&JIl>7z2%bOhB>)2iz+hecW#GV6Y)LeIg
zYV#lI^6gHL^4l!|hLlfq?C5o?7~M?m_;6gD_l0su(zFR6lrh6kG{nG!hu`~@;{cPu
zb8<Lhp#r$_;LaBh$**zPY*KJN{#JNZqtVx%^L!!6Q-U>@O=nFRhNxZGtcRmQ6MT*4
zx*z?UX5CKSOfZlJUf7bSK~nsA!PnMj=Nh!796UTO5BG5iu?@&^#}JrT-&Lx>do<`L
zUeTl2@xh_z8l~|^bhFX0lqO{W3z@gvmZSOQIH}b2N%f-?uP2YA7`DFNe0uFhA!EYj
zqNi7yZH;yZ7t}q+2sfXpPLp=MnlP)a+^w>IiJ09b>e4a$7?gfxX-_*j?&5;zRT=GV
z%^TkZs)@25(dtnPFZrGO(n-pen=iYS>v0d|DovvJ;oZul^PtBh=%_UZY`EymYPYq#
zO?+DLM89T{f7N9wYkH)NOmDBa)cPHsy)1@cJDySYXnv{Nz4>_U!D;=f@@f9gW_)wO
zgMGP%KDjFbG#{upU*u2~SA)dBB_W9kwbwrdfAdt*bu)O`QT*Y-$HiRVwmsnoU9*y<
zy4Lm$b+*Bw-|)?hXsJJ?=!`OrfKqKN>X}sa-hXCJ)t@bH+_uRSwf=C>h+_trwvd0#
z*>r(3zvaM~iqnkT=oSQplYWmd30yX+Ls8h@U3~4`y<r2O5+a7@^x*=-%#oyz9wla1
z-lWy1fId=QxlOKKFeY*3nXS}Bil1$jU6ZbsayI#N?^$@kigZ-q=!Ssl(c@>Y8XjoO
z)ThlnlepC!JGmCjk{SHUQrN+1AB|(;b`nGyQ1ood%FvtD^WCY`B;{;bth<V*p|MhE
z+S1J}nDlo#@mp+cI8*wrYQhNnh0(Nh)a<=iPNh#dT5jvUymI_CL#-gPF`G-SfP0tW
z-pR1&nb3CNYS`=c?>C8T9~Xwx5Zd>B%)_}k$zvRlFbGZWJ<iBn>bZM`IqW{6O4t{E
zM`$l93FY}Yu7se6oA?vqh2XDV887v9a^8jX##MY)DKg$Bc=duF+hw!&R(3jD6-^9E
z@zI8S<ICzF@-;EE({t~obJ~|=c8~%&`M+*pHjS)!b4xJ)Zg`6_#H^0U+`#xLg18DK
zQ9!_klQv%`an@wnqs9l<3-tenFKXHFOb;LP>4vqwtb-EHQw1?_o{7aw-t^Rkg+Zp6
zi)K~n^0}#et}ivU@`vPuTh-La!|yZ&JTX1}lqnl|FfG_{kuj3r**PO=6aAL?EyaPo
zPbEC9U*Le<)a`_&BbuR-j|L1Wmnpv7vb}e8i@!2b7MegD+1*3p<-TTi_l*J_z0nyS
zpfg8+cB^||=bR8-UnjU+81|y+RP4yKezhdO^}R_Q?}h)v-djh-6)X>fSb*RJf&>pv
zg1Zh05FA1XA;AL#cXtUM+}#Q89^47;uEAk&8GPoullQ*&e!o3$&)Gfu?fL%LoilT8
z-|DWad#mbpRrgf)jpEjOPk=tU#$iF=`}7>5T)EGOU#9K66oV*;GuzmkWkQ6M^y*39
zJHM7kU)C2jsHquEzb2DqP`9v1rcun+KD>v|?uEZZm~D9XNAepmFqnP^%=Gd37a{;X
z(K~ogM5y!;73hg9fu6`rA{YbceM|^_VaRO^z)N823w9BJ&wu{^MHCz(nvINr0RR1`
zxlzvlJU5DP3s5BeJ2&cKN+kuH{MWfrWX*rhjcSToOo<bU#me|ZArv7~qoT->yi~@*
zD#v@phvdj&P;aP^V3q#9o-L#&#^Q@`W!9qpAs%MmCl&t#^pG;-=NKGW-}P6UYc}bi
zDlyqbo+m6{jPKLeT2I8<J)GNE%E4SL{yr$^TG7<+Frx9qQG&re$Y1cN%ZIoo2@9ST
z%z0C^_i5hrpE4P?>iX6!Uj;QxJNr}9L=mCr|AJoZ&5YbzN3B?3DfH8Fi3((R-dCPY
zE6Ar!E5D`I=??awlyLA$AE!l`^cR0UCm5T{Ez~Z?P+VY|R#YJi=IGdF+J70$7I)u-
zSX(@3WZrnJ69tQ-#><?G4H@kN7r4n$=UeGKLy4IqH)hCv^X|HKg#M{-(;M{H{^A?U
z4rVj-k`6T6xr3E;MZq8HNHSc64CHLZc{w_bPu&yd#?AX!J;J#R@MyG*(z=j$$B2>q
z!nnf4s{_w2?j&>XYt)<{h>6!=k2t;tYN7W_IIsJg%LiVtegY?(d5$6RkqsZtV6^zI
z?x2=`+2`@-w45U=eN|2>m#m&`WuU3zfm|?fu>B=jY}es;X={@i29>4g6tYYwYnXUW
zAik@pq(h^Ckm%rcMR;3Fx-*Z+J~DHt2qPJV`#N=%q7hTaCG)In$jTndQJqm@`_sEm
z0j5jrxAMMM&=CInOKgm~6%6mwJpXhed5!)oS8x|kR2K(Lg~Y>zWRPRh1qfud=58k@
z6oFK<@ol;>591CgDN=CG)a+GO*fdW3mx2I|F~{c8*Zzdh-y-12jDxEr`+H^PMz$;7
z9kMfteEO0lFVLga>XXIkF)N6y`Re(f(Nn!O9S_38N92q@RchbNHIgL-q$H?CS`=c}
z0(wQGzcJv;JR}gBB#l!dYI#OJI21RiC}ZLy%ho*+Y*|~LNN$@tbT39K?#dB)pZFV`
zBGe&LM)>B(Sjeehfq*a`w9{!WmDbSihN+MqFL(vl9<ng+a{BUkYJY#OyE!sr^K7A?
zzNO3xW6Ls*+}o=8&c5(x3wmjbGy-)lE9dz+LwI!m&ech#gEb;WuV5fwO>g2a4Ar=Y
zaN)&!%%`d6cL5z~ri@iuV-C}VX<_K&F!}+31G_#2twj6fZ(%8oY@3Bcq};aJqqd2h
z2e9#R>KzRt@sI!K&vXcO-|`R^0s{Q^pPp&1|NKn<FIY*4rT0Hq5>`x6&XD%m0*eR5
zC4qH=7?M&?fFiJgH#$lVl5b(5_$TV5eJUSuY8Idp0I7rku#fN+hdJ=2hPBts3pCiN
zTaQ(9$E~}!9!BL~lN4gq)?(9IPQ;Y|Z!RCKOf)uQpVcX8)ppN?*c}DDK#2XN>fQix
zJ<>S>Mb0<WMVfEEcWFZHkQLRu&w@x;vfe~4&DHUnBcu(lEMC{uHR>9}3V%@|34~mm
zfo5jEd&L3^W#V5TD2BV=E1Q|)w;y?xwyGg#CF8@!%*@YL%{Hx{;~@IHg9O94f)K<B
z-21$fB@ov2q<j7zf!PoEQO}rSqkWhLp)ywKOm_zl0Ub;N`v#yzjs88IpC|oCbu@SH
zU$lhLf7Fu+**_!-q9Bx;2HvpSqa$cdDEvim`A)hCr+13Z-TxPXCK2y1!Fx7l=ny$l
zM{je_Uj$-s%-@Du<Y(~ub^Tyi#V#H~J|i?TLjoZw;RfW2gQzF8;e92D;$s>NyMkAq
zDp|7HL2dvDv&U!6&@@pm(5y~5Vp@vCy3u_(!~=VMnjDFLiI~@C${u~$!r2_5U>C0u
z+E$FH&`D$S*s6n^^j%`z?Y<C|13Rc==2{V3j|IoKWGvAiY04H|%d(9VOW@;yayE`H
z<4O374w`p)?G>$;?XaZ`iS@G!FY0wX+`a`Gn_(?P#AeOVY6(5qN)h7WjxDDX`eDPF
zzJSk)7JV0vujdX~Cs1T;!|{D+!9betRm=h7{XWvIJ3C83P-zG$lc26qH%Cy>l$@oh
zJQ6EHl(ZyO59;8%uZCD)Q#0VJ1$7)j97l%Md<qQ}D3JJ5Z;)->C8ud@T0=m14aOoA
zNa}EqwB!`c=?wsKHhfKi1SasNE|;LAK!SnJ&^Cm6CumMDdZ>cIB)#$=6nKHWTV51i
z5bn<OXFtNj^QJz=I@5Jx4)OtL8UKJ)FW@2qm~aKxP$F&M_M{6!hm3^bD5*3+N$_t8
z(Bh~UdN2r&-{2uJ{R&RTYUhSsc!`D@D!xqL<Gt_&2TlgA?j|ZY8EyTCM906Jo40P*
z!A@{wMreEK5F8`z2IeOHw^;}**LnIMAdsv3KS47MbN>M8dhbh!Klloqwco}Bb=Y6S
zF!5-h4Z7!e2*G%;BfxN#Bpw<vB@j%MAM62hv<&g~!a>ZUI9sy@4%laF-hheOY<MpN
z7WlOX2DhM<5bsR*A=tY;Tw=ZVg?QM_^|EnYfjI*H#+v;Gu4IV!7$94Es3;>;JnrT?
z?FL!p|5?SAmnEy1(;*;Fw~BfqDq*MpH<<h{yx#xslDcyGm!?V}s+O$cPRoGSp20GJ
zXH4$FUFpG>>Fh-C3@xXpefR&b_}?p%<K{&TpTkDrQN1?%r>5q6gX-$gEq{5>iWP;g
zf&CVR>p(MN#hyB3pf<<_o9zbfA%pGXg~8F(BKqS+T}dP0i1~2*&o1V?Ru&kc9ai;i
zP|`n?-h=ICmsH;#9?rm8lOTmqP-O{gg|}Gw3f}|ny`trVqW;l!swqIsDioYaWoA7a
z)2B9B>P?2{t>>(%1uX7w@vN#3I%`>*o6XoPCGcLy1E4MMm!@tW+sevBhZY#19bc{7
zA1}Tgp|_W<l$421eSw4O8=<ZhPI3HZ=3@?lAt0MVZXKA2g@?q#qP=6r4RVk$_-f2A
zqbPlU4Y`L(V0od!o06wZ#Np_+N%6s#$fyzeC9Kd(P1C)PjlerAoU|OMUZtvqq){+H
z#mTs}VXyn-w`Mag_Ci48g9>vX+!x-jzPQik0=2?5K<#Qpndk{VfSOKP;Z3yp&B1)E
z`MQV7#B>&%`6qsH@!}Y;{Kb^3J7W@SI&JrzRsd0xTNn0vHp4X%pt(3a2kO3|tFALv
zQhxA-7y+{MQrC1p-U4V?1Cl!XmXN*z+`qHg25wpx(Hv;AdqMc#!1Cx90U#qDKp@;Y
z^|LE$!0oqP0XG;f-v}km#5@IBEHnVUaDm;^Igq;taV1c+2a1`1cs)x1ISD1&JYHx3
zbQ)5CDhHryU`{*~WTR1|3u^)7am)%x*L1||@#4dg4$#b6_zX?SatEBbYo-g(xUC1+
zUmCSSUF#v&i;LWAK>wV!YB2|*y=$)sXTMhP>`uHvR=u$YVvxCoi8+w7*~x6*E6T~W
z?N`tap0=X0fa7A}gFE98Xye9hQ9Z;$6S#j<i!+@E(F*T~U?|raTE1N%Ab<gV??MXv
z$8Q_B3cK}lAcK%GD8&R-yVbd{bA=GlsAjwWrIjtZ!;ilxwY`A4n+Iq($|IYkypwN`
zrxrKvcK>K^<B?2I!E8j@+)R$<_Ba5%y6vm6ZcSm7QM|vjEy3W-AbuQQ?tfs(Yr)by
z0ha8pkM^^GxbP?EK*mc2yk}@^-@%!g?S~Ez!o4@E$UdPq19PApT&-I9W+=X=&%IGQ
zl$1S`j6Ix;J(2)^-U|Ja1JWT7)gi|2kT7b3H!>Hvzlz*LUheo(;oY};AA##kMRhJF
zc1Yo4E;I$Nu_*l80L7sd`b+)ZT=5d|t&lb>Y%kLJq~(iyKC1XQAkiFL8=u^AZ%L|k
zJ$D`01F&v!aV2FBnf$fqV~r&2D#iH#nJ4-$zn%IP=xsT}9Rj265;zn85!bw87C|5+
zRR<O<)-j;HdnbK~$Z(zq2zzrg3eVFgMC7kxZfp@4F4y7LqZP$&mh<nITEho2{}(<Y
zTSWy>OyMtr3-2zo1>gw(c}4@(i2Ni57$Lxa|7rBY{l6un^!+z015=Ctm{Iz#Bv3A1
zYJN^OP9P_enjc8H1M&;0`T5wmsNrxRLsNm1j}6FT<fP^V&VkH9YEFJO0RTgS6G)z<
z=7Xn%0vUe)IR1l@h9Vyi8#gtubqtV=2ruyoQUiI9fAc1Rj7Ls3fB}%12T#M}|8M!3
z0zf_>HNcJw&PV`A&g7JUUja2gz?GjDjs`FA0H{Ef0w0_P(3<lft+@mM6o3N221xId
z5D);`0y%a-5+%I!_oDwrUjxqeUnzTp2&lk}76Jkd0yDT^luZKx;e8j<e^eq5+c!(2
zL+z(p1pU`kFJ%#=oRH~M2;%%%t|X<{7ASa_645kH%<6Q?uIfLPU3JtH24Abx{*W#!
z`ymZ}f)d5@Nvik05F}+;wg`MQmfRlJ<f~~;6X~QZ<P{%0(iavMT-R1St(}aP9}gta
zNs(-j8WDFw(HGFk+C^N?QL4%XX$TJRK9r~}&3=9*rY^atMxXbL8A|p?Nv4?Opfdt8
zpR`@^<$1LhJ;OLc5pLlVpPd6iDFOWFTcke01GgBsU<0IC?GO(IN9321fo`LLs04)!
zUCAFgd3E`}<AG%2^F5^kL(dgo2FL0RJ%pZy(mf@1fRLYHIik3?ArOm`^8x=;1S{?a
z?D|yJ)*zJc8xze*&d=f*q}n8BuHO<NDW#5H|3o(+>${-OGm@mQ@ytY@d&!1B`Jr4w
zY3OCBAS<KV+E4HWSRq{=1wSBFV3W7Mbs%3Od*HE4>a!IR)L%$uioUBT#s*fYRT$eW
z7~6d*xn){Tb4}EXxsH838`Ewxa+fkn%8q6y)#1oTZr!xABT~OchNoW~$qe-;ly8-9
zOgVKQ=!%F6a*rFIF|;Q<EW{!~bLk#1dG*dV!c}eJ3)^(!TThzEp4T_^mFwoC24qko
zr?ZStoPsE;s_qZN8A5gPH+>fu&sFH<b@3Oy_i{F@SIA_H+uakIe>05prn=k9zg)|D
zD`;z%vhkcou5$gdC&OL4zo)?P`l~CuXr`TRXT`Ioq`QRZ%3RR8Xa@&l?j!aOqH~=e
z7k2NmV+~f%p<-pC?kBvfYZZvQikzA%$Lv0K7att0@cS-$gyzwn&UwDqlY{s$5Wl4U
znE=&Fa7Q0WcoEs<DFN#`&-M8=E`!Nv;5``iodwJGLg+BE!{bf7afo7zF3q^pBL-1q
z$=K1fVC1-n!5XWZ*_yWd1Wos2cWtT{VPAQybCvOtF1UbGH^J*gq`L;_k#D)=qfGzX
z9~u5v8-%<o8-!0Nw<nY_y;Sh;_g}UbUQT<t4L%WE^W3)iaXs6<>Cm+G?sd@8+h0|g
z<sVBky=Gn5<ugT*oF1O;yU5Vzi@6uQJ;5(<380D6U!5@CeLqo`@Ds8y1^H=&i_t=Y
zxWBe&+@G|ArJK~(f%Rp3I7&zjdMd5w6@O6!v{Kxx{o&9KdA$5p9(brAA2u?UZJ5i<
z_eC`v*BoazF&L98CQbilOU?b#b<S%mrP1~a0prKbdeiHJs?m654DL@#hc74#@C$UI
z`A^kP%IF?jGZX9@)0eE#5?8N0`h1+5Z2~$?12@6t?#w05KRLwA`-wbvD6A>3*(tKN
zH+i@re2<OvFv}CcJ8fj$-R%9V@1BPztlp|DYQ=^NjIVWCZj$d&Og7oCo(jOoP=uSl
z4n^Sv5>_nH_Hqq)1-yM$kVL~4HAFwOHAI)XRTL9?ju#U8QZ48E<JzF79*l8=M@n%(
zU|#7%X|y5JTlxm--p!#Js)bFt-$rxZ4Z1j`-UAOLeGjX@+#P%=lh+eRl~&fjH`p?}
z84WY^?p)pbs?%*W$F(pDZv=wyCz)3>r(Fei{1SY$hRq}0q~AcZY`O`aJxgJvi#kn9
z3%2<kRFI$lR*bQwvJ$WUDZjT^_s{&<je1MW^(-9q_jqH^i6DQDS1CH*cmiqB_y@zg
z3GBK!S08?blkvY@v0Tm&b<gs`x!z9H?c#j0e0#C`r}6Fa&Pb}wq4sg7ADWHGp8{p)
z9RdRFo4h<0k@*c`cF0B|yZZSn^<tOGp$grTe(UAEG3!;WOf;N_-AuG|cZmOKa`GRM
z(?8cIkz4H#Tq$E?*4@bb(93<Lhue#l8~H@H^Nv{99T@sBl4^av<_+>k8+~AJ58I&<
zA?XKs2>7BwAEt{`eY+jJc7~HXXrnVl-T7=}H)3OBeaAe!{&WR&m~yr|?0;CVOH-DW
zMYMW#t5)&}vHhdh(PCYPt!Vq#Zq)T((Xh)YWnZw77%MCGjn$^};XGm*XxI5@@kz_|
z>HhwHhiL5B;2;uI(8J1#Ev?&2jGY~KbW<LB`ls85?e?L{pnu&1<0h6-xl1s8XDmY$
zbJsDW-R10M+7dnVe0#{oE8wBdd~Th*eaCva5pmZww%zldFAaSCfD3v+*mX~Y-R@@o
zN%Q`5veu5f`{)DPj0CMOQ=LarfdVfW9R>**g&d26l~O;2bhT!28wKwVCqKJ`-haTj
z4j4_@mNOo6%C+D5m~RugxBTmvNAMR*I{%no*JBPQQKiG5x1`#&zhk>vbLA6UrhdwA
zJ1lTL3AmR5-DJH`lr2(HFD-oYCu0&9^l?h9#AEMZhL?F+x5+4+UAy^{#9Z0bhsL?f
z+(?}qGQR12DsQczF3*BYk8`fa%c&-ZseCs=4<D<ANuT_mym^`pd^zj54)>5ghyDnL
z%bKy252x5o_Qu>z=IVGWt-?v)Gsj!qB~0DiNJf5}D0Lba>Wry0Uh)X1emJFSvev~+
zNnMKZItz&S&OU*RrZLgdGJCn+$%Nr0g-h`xI|#Rbl2&?y>4rqqt(H~Psgy$0t3~vQ
zcP^unLl&d5Q(l2m>)X!jy=3n6{e>Fsy<hg)%r`WxHrc|hE>&oc2PNvvH*}9{Ft>@J
zMBQBV^2_}7%*%tBx&1nG&;2X#BhwAb<4!8#WnZ}O<&yPU)_TL`Y}uPj$Wg<d^BQ*k
zdiUjMdiG@yRp11bH@Q-0=Dsp0JP!mD`LWu3&G%$2za4sq)9USw^?1}!Mfi{gh2A$`
zMuPgLKroNU?_*Qakqndlk&F{LUKTPWG|q@`M!s(0+*At6{tmo!vyVZRm_ZT5QU?dd
zlCz~rI`|*)Q>UXZ)lh3A-Ou{RYG`)J9ss-8G2%ipzgL(1$vZ`pp$dpa;*@^5ENC|u
zN-M|`L3m^9Z`u*<Z$w_yE8%MHLfLCi*Cu>;G8Bz3Auwr-MUFgHgwHKdZOk{FIu;!+
zFYv7OJ1v{JfSo<E9yj?l>GaZ2^!CEI5#{tikb$x--PTKKr1H0^{DLtzw9*(S_IXPN
z5h8eJTP^;K_bV<js_~3ZxH6XGFC^9c7)8y`4Qmn@)gD~Avc;4sQBUcLNR^SgTt581
zpi}FQ#h(xfu^#GnL~z)aP0bJ?MH<`NMs~Gx<EZ71VchIH-I{b4x#dBGC~nHGD`W_a
zZ4C4ZiY&wr$HqMoNp4DF%uP7k8X?TMgyBVDIL>uek-2c)6I9kEGbU?hr&EaFA8p7!
zwu<aWKlP|~MS6VV>f*yl6Xe1rmdW^~Kl@Qt#MGH+v8^LEHPPkSCv?XO<P$QHr%fZV
zTf*<Xhy`F>vGMI^TTm*I{hK7lU37YG$v7U{{Ji%HvN3Tn@73knY;z60p38L=f3RCY
z9{eJg;`YI=Gc-olPR=7f&O;?U2FlBXU&Q?72-(qG#cnV$rlB@Y<Sf_ltEC(dG|s|3
zIcDdIX+bwLW<D^E++0$&xi4;uKbwvvD(28=+=+vpD&YMFDe4h_!PYy0>22l(NoHHi
zH?nI9afdT1AAUWj7uAqhVUjzRRDFggKM*V+$Jda(1+I@{T2g&Rp**mM6X!7>9phQ?
z-mZ>-K2k_^V<kQ&vAOfsv4E}`jown{CtVvO{gJzG*&LJULTZeWC)1gG`m@NkxMei0
zLo}y*)oK?6dOx%eUF~l|?o;E^(DHC{^42utOwd&Ao>W?()7wfgyQ1G1lF(Cp9fcr7
zaUoem<ZbcjaSSgEEXBP>xCzTQq|KTTj`Ki8Czlv-5`V0UD@A7NSK-1$-~^UR$PcK9
zPo3$Zog$2Hi^@46uqgY0k>{~((q&}%J5W26eK>+In0-Wiz=i_K;xE@b3?&{mU5Mun
z3sU=<kMleIA$!kAXg>-E?+b&lMUxV5^1lvKhfz?P8P)TJ(X0pEbN1f(w^s|+^p=V&
zE8nbQSBmAkcyv`plIgiO>Y8MJWVuuHJ9{1WZDf<tzY=F<IZh)2@rZQE3AIOa*xnW=
z5F|1t_~YA#;E#shZo>3lTOT0={&^=qJANrt3tgXc%t{#2^bnqbr+Z(DK!bF-kZ|8v
z*SzNEHNmKJ?IQ5&1baa({$7#M8jjvy%jgB8K5QK9(t2(7RR*m6!wFz!dciHW=G#QU
z^}EPu31V^eN+32%<g)$!*=EHG$AnC9{h|AJ_Ny$ic>u{gS-`@5t&!Xq7p*p&yeU=C
z0oeiV9(~yP6+zInGv?urPkpomE_cwe52YTJ@9puo4G!yZuV%q4%dOMmWC`4k5;&Oh
z+eXx>S>Ou!IG^2~>CP!j79&6$I>Tk_QqZmRxApkYa5iHWF`TDyvH(`((pP@8TJ1Cm
z_6~D61s#C!;wboi^%$?63-&nKAuR_iMVtKf9HJal*n*1xt<W#EQrE|*pTdq$W^lS&
zbS$o0pjH|MjKt4MMDZtUz8W0x;2y0!iweE9Vuie`!`VMdniJl+ig0Z;&^h^M@exy`
zf_OE(!}dv=v`@PuBBMq_@yxy6iB@~zR8a-hGFO@T^zC6ETEoMl=wR;kNXv-zWmpqW
zwzSSe5Oz+Vhq^Uvm~2ktVzb+R?8eb*rLsVMD}2q97JTu>)qH=JsCj>(WnW>0$Pw6d
zF1iGY-ww6oJW16_e2cjRW3Sk(h++Tap?#gDMY_DmT(;YJ#n6mgBRQe|6_k$*t{b&)
zeb4LmKFELE7j0(3kLK~n;c+jTHnY|u=V^GxClHslUg&#?$2hU<3Bl+qT<C1^o67{X
z3JP+P4Fb{eg6mFhN6{Sf@&iwfZSS1DPZ`+QN8Z<-Uo)OfO1YPlOh)Y|VnZq^hOSVx
z?3jL8{(|~!&KPTZ7k+hXIBiLb($wD+!B?@fI7Gb7+~)6P`ys8b9`JS}-{j>l_Q(XS
zn0^_%?W&lObLs&GS8RgfRB^h6^QDc8b4`7o9}g(*vKViR<x7|3KcL9XGU?Ni`f&R!
zReEZwP@GD7ytCCz%WkCC!Ib$Rg8DI*FuO^z^15YCLg?p8oq0Lu{J@RU5S{9e>tog=
z&6Xz@VFRdot8KsD$>LD(!)^d8ZV!1Oc!_$62w3Gc8$nPbHlz%b25zl7{PuguE);;N
ztQ9DbzZ84u`-geo=f1<KK)(C#iL#^1P7u@=T0TF5Xh|F7WrX92_}C$abm2MF^G3M8
z&5>pcZr<M9L0&#kxD|SR+j!4<_8qWeCtI9HL}Yl|N1(02uA|GM5W=GOkSR4_!CoCT
z704ZePQ`jB>EmXZV4^Bwtdn#ROA4K}#^=}lof64O5Z$6l;bwKeBa+s(GhZ8p3U(}x
zybf2^<9<T0L~S`ZhA1iIKKzKBBhN)dN5}&A8uN%)Gl*XdZR8}*Vhr1B$64;XeS@ZF
zfuu{DhGxZBY(>=8fU%s@;97JkA{`<_2Ly#FlX?wx=|0PY>TnJ1s$RCT?ewrS(Ig7D
zO&E%rCqYA@F=)S6(W3eR-}AU3(g|FA_i*nyN(pi&^2Yd78i(>~HE~)cEc!P><hB8w
z^VSLSC#3pLh#1ov+WqyLR?BClx|5lw>5i8L6YQ0stBUySRJFN3%48iNJ|7V46WtUf
z5{$hkORZTgiTc78yKi0D4#xuAmgqmX=Yd)c&KVylH>9o@uM%FT+gEmH#tp_l`+4pe
z5^7hvm7!m{g|SX@GsStDYOoGc?}$7`)QbD{-ntnDoOoIAl)*biLkT)fz;%}MV_SKZ
zwqd`XqQ(5QfR1rfxOh*Qo!IuwvMhK)_vYu&aW6)?SEq~i=ecXa$HNynJKSryQ)@-%
z(k`RdAS0vuirs{@)i!5|t#?+xkBz=cYg+#CAezQ}`l~WtmFI!}aR{?tp!C}F^r@Bd
zV}EkcCT1fpPV?RxD0a-X%ziF19jU0gIKxvglT7qiv5xyCI<ae8@#?;Ugw;mAq34t*
zyFD^^WKQ>{kdOay^{wZnaosPS>x4Z6YHfa6R`AO>?{PD8qFK$0rP<f`<PACC`qvhW
zUPo=EgL4t~*X;|5@e7-D{AY8^rF<01HqyVLrA{D1n?$t3vEl(D8)SQkG0j+6JdPm+
z+kDpyr6UWN*NULQ^K`#7>J(e6qiyO7g<07)n}5cro7A74D^WXY%!=;AqvS6x+B?p_
zhlOzFm~9>3eVWg7BzxTwlQH9#_Q7usce8ikDU7QxEUIp~r#-*pIjni@3(<z+XR7GI
zr=~2t<>6UJF=s(AC__A&to9bo2Y%N=LYU>s?;;n`tx1Jd6(Kb-S+lY-(sPvk*SCiI
z7Ply-Q6b$L>*EtWG^fn{vZuY)uI~Fnu4z1Kl$gPsdc5K$v@aG<t8FREwlgL_*`dCl
z@z8oDaBMl{_R+MzE+&$&Apw_IdMGF)VDnSA?brNGxy=?ON){b<TqK_76|ww?D8X|`
z{(MGn$VT}r+S#3-DaR7ne%GR_2et~^#_q8?C#kBd*V?MmFKWTgN>BE)fdx30#ym2J
z@mJ~g-Ci`>?eSmy=}5zXkV8nS6xCUcO0w5H(CHhW1w9(^{_#XVvmL#ENANfwq}ix>
zMZ7;V!)Na{^WhO@$8UEoI&=wc^6YtBa7~8lO}~&3qJi1o@L3jmeV?nUe3eOPRG*$m
z?zDS6Gu#@W6L{GZQH%GQ>au%e1r6-+O=fBpWWc1$!uDGW{0YrUy;yfjy6)HS`-Oek
z!KUSvej3t>S?eA(w;Q8(oqn`wW9k@>l-Ee*BYtLgZ@881YNX9C+m%H+AKgmJp<`x@
zjjrvy<GVq`HvN$(drzP}^W5=!by#B$`fHy`H5-nT@0sCq0;==UDB`6L@$<6&Ny&(3
z+|PZgR5e-$DnaNQ{WFB1pS?AqA}{pO@M#moU(0UU2D;pVJqI}U<O37rb@i2(^_$0D
zG$gKfe8(VZXdrtu4A%T3EE}eI$xLI_;4O(|TcTjZ#bH%YAF9~j*vi*z&e3;tHk{SU
zp9dE7>RzImO03|`BkBJfVXIZKo~RJES@T9nw9ocliuH=5KS{quU$F0_ZcT%9k_z`7
z*&s|IY|4OK7j)`NxjD~jT|~Kg(<~i&87PoZ`##ck*;~T#5qj`M%h@@=EBlg;pLI|h
z)T)L!cb!)Q-PVn??_X4(Y{+y>lfR!G!0UGr3ltziC8dA)%aA;=e}0AQ-I<^jX>P2g
z$Q;48Y99BN>eposHK8X_2uWC#kW$PT=a{Ch&pmFXfpR|?Wb_VSMx)8wk{ghgQ1bO*
zmTi?1_G3-hv0vDdluYoAno@+x&kikhxzOu0eOm4GkN99-CDcV&a?+M%9~-G;2=+LM
z6XXBouqnVVnHXJnGiqCI{d2g~+MQ~1bul?vYV>WG3%KUPJ?r|jHG!xrh+pk#D2EX!
zwULFq|Mbt4anNRxm(}~XE)*o2Cu#IgyWLs|9;b{ImojJeCttazFM36*HD5q0GwXMa
z)b_n-O1qnuOXE~Pf!Lo@Qnx9zid>h|mP@s9-`Nb&)*CBUa0P0rHL`;3(w%?(#BTV8
zT>)iF6tXCxSphjFQx3JKHhl&mA8Z$}k8j%Q293-a2(!<`fFnDp-Oibk+XPkFS4!$j
zyjF5Mv(t4QC&%{M8EOa2a;{rkSsXg|8IzlRjJy2%lgpav12@wS5+jKM-Mh$N-A-Zu
z@%uWe)_!+<imQh+yEWswEU#((O-#_<-~AhMK|A7HueF4~7rs`(oSz1`{X2Mvbow2;
zR{IYg{$w<?hMF^x^a2aojFPbDjLZh55s~*y$UPZ@a-aJ9!#>bC1qsE+Kf9>8&FB(1
zt|U4Ey-Er8{)7_Zt>&L(OGRBfK{RR*9DZR^LCzAPj)NA)MMaF;uU0o9-TR8v)ct2c
zZCQ0;WK%`uiu8(VkBs-H+UQl)TC|>2np%}77Rt3>n~S;Lu&63UyS-x6JgU%Db&6qN
z4u5nswH#3kl-XtWLr@$c_rKTGXct`I=>xW=eB9v^u<?9Cw#hVV1a6w+jIc$aU^wL8
z&VNxedh5UXuogQUshjD$W?)<iVhCu^ER%DNRC<~@{hI5tb0xC79ZH|unbjd0$lI~Z
zd(n8dw)#7*U~reA4r{KW!Yl6HQqA6T#H}C8bbY8Fdz<!-V%JDLC(vP`h$!&fF_iX-
zS3Ppush@R*(VB8dJ3=$hx?YbbQPi@{YrW^s@-MlIOZ?H@E|!ziY3m1l_e#UoAZWt7
zSh1S=kL;%&2jqr}AP}s>tHaL1?~EqQQZ6!*`NKOwwSyv_2xGYt#-PX6cx~!;DVh{h
z!vT*2KCY<#h;I>Tc3e84-|H51U4Y$Qupa|jK6~SvZ#KG*t3O!my^^Eq*At0&-S1Kw
zY#)&;UG2Dtu&L2GwL`A1uJBY|2tRABmp-6k?)CJXP&JcBnnj4tb_2shPr^^P{fXLB
zZ9Gt<h!}3Bqh68M!9;7I19_|^6KLELF~}S(REc8SCR}eb#DKh<)TDxfKaVEhN#Oa!
zjIvFmlMiz_g`QwJ#k8&W7#^{FNxSi9;q{C#-ckyzd#kvwM|!ThiWj}Et9NXdc6&$t
za-PK2ig)?+FGO=ygK(_1lr#AZG);acq239p)qX`w<(b^P9rnGrE!ZLNx>(?13vl$E
z+$dxb*(Lo+5Qdi4qXX;~pk=B>%XCCKtGR&CM>6qg4sE9kYS<xytdCIT)2Kgop~BaP
zcs7W?0U7+dQ9qb-g&3x+2}Zsq%-+Z(9O>z+k})_FmGVJ^hzMsodS-3iGv1Osg}J4t
zY&bnAQBKbM@~GaPx_qYMT_xf`z*@eoYPne_xs+g;UH^02NjmlzZ?^Rn`f8Hbg(6>i
z$md+zidY&$ynXq1ooju%59$0pyR0sx<j2hI=u(dd%CE)-Qs>qcWwaHS0?@*i0-BzS
z&0D<%pB^N!-Ei~VUJpnu`I8(Kdm>{&Q=Yy#Bwts+SYZ<am1*I(TKK4VmfYZ8-!}<G
z%MUe=bwUCjmul3pIxKyu&bdyx&)m4XKeIhdw~YqQRjn%WCq$N4y?z==eB&V`w$=<I
z>1JhzC=o{#aYRCCYl4ZF`EJ7s2_6EP1Va_q5V&6EDixiUCvD@_eO-)WBG7*^hb$D0
zXh^c$|J9J^Mnjs59ID5LalCJHjzjv!s!FDst`gLt8G8M+fm6!6_wyU?u9j`FKjbU&
zEd~(SM$>fN{l=JhXXel=2n>7d$|(ojw4U_~b)*^=!}j6JmEw@Zt9^t+8(Xf3i(+BY
zO&ZNs|MVh=(aOwJasUf^eY4q9;g5Acw2LtGaV6ZI)Pq!tzQX#4(d$yM{qByYOBO;7
z^qdItTpmKp<EPDLuvbw0aEc{f4V)?d+)S10=Z}xDW}#U7DAZQu;Gw!dF6Z{CEU*56
zUP1FphC%!hV-u(Gr(3{)dN|5!#Jp~ZAQK4fe(X)F11cD%SsN3P;_yQ`^+Oukj&Ml&
zc{-hvF?L7Ge362Nto+fGT=f<;uYHt{HZw5n(D}fCvwu;s03XbtrFoMG%5;`v!r>YW
zIHufei+|zj+-Ss=U<?R;k~1?wkeWf{(qAw?H=24S7!?j?B?$Uuol{-y2_LO@z~;Js
zcVZuYLIs9b&G8}Kd6fH3_To#w5$6uW$yxkXSm5KLL11()v?>-(4IeN0H783vuLR=&
zv?_orf|$_*qcQC?KjHbZziinF(A;@*Ga%t~i(}5`2moF6y3lTK#aH{CfncF_+Zsol
zGP?ejRn7|MVKBvo+rNq$vM|N6Ji_NR{G{MTsmu~9jvzH}F6obUe7es&j#cW6)QfWF
z_lr%Ol31cBii?fDPx|){6V9+QNIAwb7sXF2VQ(tU0t-D47%V`Jgu?ih3KSz&fkz`|
z^y~OF3ZAja=zA5=1XHx7qiKv;^q+_@zOp>_Y#Q7SDPZ);hPy-L$}x5`h%mgwKgTqX
z-JMSb<wENl?nFN10%YJC$z>b-xL5yojze#RoTPFHKEO=ovRzl-fN6ZAf{#cIjc{Ji
z$NK{C1uk2Y+HtWmy1x=DNcO`zbc475_H9G2;vJqHAmPrT;ZA}>H+XB&p`K2izimV9
zPm!8e;ruGNY%A5d4@|)bCZI7{xU{dmAdWs5g_yQm+vY+iS%%%sOn@Z8;H!{g+<D0v
z2d7dqo+aFIoQ`fj-0c<??E0E)5i*FeL@N&wIMGA>9Frp-fgGujLrhnkHO92LZQ@BF
z^xpH>)jay4T<)v4`iP#jFI76~7D9a&<P+0c@gl~O;QI{Zd;6@_PXL9>f^G)yF6SlP
zkKRpWHu7_v%YT&prkM|^udwP<-FV2JnxGUuUE<Ad$#;8Yu`BM1b2#SfruhXvj8sZ`
z*k8sxR3^Jx1Hbza1k(Okp~qfqTpcuXQYnmRj&SkST`X=44fX}utCqlq#0I~<%1hR}
zN$<R1XnRZf`I-9`uPPh(lNmAD!$5ZY*0|i;<{;`RNu$U6bO~OhZ$aiL1Lx)_L#3X|
zms#&xUVq?yV^mhgG(-0#%`B(1%&bM>hN!R|Lw}$ryVlwlwRmw5wNU??r`iOABq??6
zA5_cV7HL7DKjLN8D1BIVHuG$jWq`p+k%mg~pRiCfrp^2pUFiK+0h@0X`s4dteOQu6
z3o%f5j8F@a5W<t7#eq9~8(HCUd=~wM=u>i6J-PIGv*nK`ya(L3yg4N1mK5dqBjm;S
zm?j20)XT8RwxU6vN8J-Nnk)7oubP);^kp)QrOmKj9*K6K@3=E=Q|lAUp;5h5%oD95
zz~m%&QssAMaHP4NPzgiq8N*k7h$9*c`U<1r=19=TI=fVc&_jAy+hVU?dNqXE-ZLAM
zp9s{(WWbz<y6l&^-Z3t^l=l}i4CQ=$TK&mKMqHktG?H6rFrot<`l1fuB;%u)Fm&67
zeJgERB4J<ujM$H5#gcq05H>RlguMu1%BaN~dM%SU<2tizJ}$|1pUbvCdX3Hh5a2iU
zIEpxa^EkQ7fK!%7to*9T50}Q$LPS~kribfHY(haelc{9WAY55ur*v`P;N~VTg`+=v
zRHd%wcA-VylHB=o==Io4c=Fhc@356)6r#HV-r}jxh09Q%Yo(YUY4R9H2l|CAmq7WC
za51@^O&SBw&&ff`DpYmSmd%liMG-Nc<q@$*9~-z0h{a7dNovnBu$P`3$W~7s3{=}k
zX*5IXJcI@pZ%OXKA9!DSd^e=<Ktfa;{znjZ8^53Im78`q@}n@m7TQO#GQ890HI*HI
z`LIJZkNY{ol0(eDN^$>;^NZ7mbZX&TK6qT@ObNNaa|k4PS|^lmdP2Yuiss<sM&a=m
zq0@)jzD3Xb&)1rEJzy8u@6fJhAT~1CY)n7+yvM%ymP+ML0Cf|;pL6?p<a686iOorh
z70OoIvJN=I-TxYCAY@!H&M1qFB8(!9B94}Xo1^>`?e_3I=p@Olo4N9ZRDvkSJAIhM
zd8qT}FFgFiZ4n|6KWEZ}p@pHn-kh4f>ris!xJYhd4wFDiN<Vn#6FAJ~xDQ4qDQOh*
zsrs=N-nyqD%iHAjb4k=Z{y1}7?wJK_MME~>gf2el(+8!Y4Gr0@`mA`uj~BMl43h@N
zF`pL-6+c!#xSG>HnQ`!X;3=c?9jh^;{{v&LBy-|Hc|Zu}SgD8s6+JJ@%ZT#s&5E6-
zI{srLk@{J8T%vkfsO$WER`{96d3&BSk70s*p2SI^$5n)fRNvM1dzI+biH}Fm_%y&H
zlyeHkLZ&VAFH-0&Xh&Eeyoz|KDElwwDN9wlp^?c98oc*-^`u8;31)r^*-;y3>`ki^
zsoE<qDcqzZPF_;1NeQ)uI(QK8->^-dY3FS=%LJ{e-0o4hnj~^iE=CWJrKl%u`Y8Gs
zj>vR86Bn|`^gFk&gpp6n8&^WxrA`XVe;4u+>dDzsbm`JLofFHZrI7gC?v^+k4!ju`
zetQpn3HQCw+XITfla45@w6!PfcJSFqkZvpO-|juj*&p&KRSx%*0G>bGui{-sjJLJ_
z#)i*h1NR(-y!a01`zrq8HL)7p)BYb&)!-A2W9ld9@OgD=6YOkH?`YwFbN#n-h23BM
zrHc%wtA9YT?X~@Ee_Yt^zdO>uJ~i9<a&1QVps1?MndhCopX}tr!0^oP1w%yyVV$Xz
zqudaEP4k=u1V!p48PyS#pHCx6(|3rbR4-sx5hP`nt+el!{5@sKdOwIeTk;5F)d!iz
z`$#J|A1N{*z1O^F?e5~sRjYi*gniSnPjMR(rXlerpYS9db%*Fhk}(R|e-+>hd}P3R
zdAGSq|Aq%HZ%)vU%q3s{`|iTY;WDkjANX%V*rUky4F65=-{d!ow>THv^6zFx8{{n=
z<@|6`Cv$+RUPP1sQ!c<8j3k9FBMzs$gJ(QC`poicvQs7w<q=TD^-{$JC-OR-_~MMa
zp%#USefp0vC&IJONUx}Lp0zf*y$qStrUfj^-_Yd4Jk|)76T!{IhmMaOGV_#Aw`qAb
zzY3!b+Ut4aOfL-rn9z^?Tgq3udftO_W#oV&Ugl-+1(X$}cYd0SFrxR#?8q$t4$^+o
z{tE+oL2wf-nfhP6X&{5Q*&Wio>J|U;UxuaA<$CI7#?`Wm&hu41UOo|(EBJ%L-(i=?
zpcj}jNTvRka95g={J>nA_E7ZFOZ9bRH2fyX-J}!1wDumBV2Y75>^S;c)PWe!GBCx@
z`@SK%7hpH(@)TJv=Ml-|pnRE=!ur1Y)#&#8veF2KPdf!6d^Cdy+2J0#OK#FZo?jMd
zbaBOj2a`s3=>>g|M-X?AXAswIo74+>uNO;e)H4$(-0bE^q~3}K`4J2V<H1E`%#*@)
zbMvznMWr-hA1`{kzZhtrFm*SG#U7dig#rGQ<V`Y6rb*#v$KIxEQp{3)Cpon_#Ofy|
zwzYJVfQgQIS%-Q0Z##!WdX%0Ald1<(gi)EVkqLK09fC7|<=-%~X2j~j$p5RaI|?m!
z_O}I(3*X(hi4tXOCUBa`pA`NusvcI0rH)0SL*VTAdlf4UxfbOWj;*<L^Pv7PYH@DT
z2!q!KGYPBs5zlRgqfRvQ=)YH)$;;>AgegDp+H&ZaqM5LlSc>lpA(E6761>;>>*ZXJ
zoUefnC0gR-cQxqjvZl;=YoB=N_d^b8-x$yj%`FBF+m!)K=ry`t`v_gsO1VjI*4AG|
z^qG)x8`Sv@H!o5n_oY(T+P*c{JlTtL;;`2c#(JOU?4SWZubq`}k{cRSG6}saJkwb6
zoc?SXXA#Dy#P?}wG|YDKWozy&kf0}xSr=<4Ul;q0$^_7>_LNf`r`PONgrV0PF6DM{
zKw;4~FnKV)UzM#*TEh0U^(V>J+;84Z(tvSfz#fqA5r?X<`+`_oa|7_mLhGJZf71Z0
zg1HjbRL|WL?AS^>%dWtH?DAGrxgAfOBTME4{T@@(O}ZevLg44scWBQ41Q^s+jqBD1
zh~-?`V)fBR7!1Cme6^8gFzpE!(8L=5E?&l1f~~3ii3yF!F0py0%WLG<XdVbM6B={E
zP32{123P>w*N2ISBG|!5lE^<UBRIq?_bL96tj9T_+rQP!bM`+oHTTpj<x6svUWy~l
z#rCO^p%s@fN~^yFhS6$TR2`ok_bBMcQ-&yE25!>dk6?fX`gLMnYSV^ryH1T1vcsJf
zn8NdLJB;Q6b{T;pHdgFh`|R|0p7XTk$EH<$=#r5s&=0+e!J>ZrZNo))yuNg5jJFl^
z=8Jc%F7=x?$WNEJOn8t_w>a2PEa~1559lc7Nv;cb;waK}TEpa1WU8O+H}PLX{C4^A
zAF14pk*K8Nk6_0>tx_^-Z;o3#kFz$g8gnI+T!CC-PP{jSSAt>a-(QBwA$^Ty74O<W
zs79|QNT`gU#fwk>ji(jG+sK(Uiq}i}d~F@+`&}lfN4u)_%*uXtNeV+cUeo18?n&8E
zno_!bqTGsg;Yc2NHZ&EYG!=1oRjX6Bznd@LdbY@UX^_{JxoCPvIt7X1wSc;wF47!a
zXOG=3#4gT{o8||$SW_%Q(%8ET(Ihbs3rpE+F<&=!t9_u|dib@fElH+6E_F}ox86~}
zqdX(vdYLYC9(H%-k>~v3?V7a68kClYh#7imt7`e;`pG6kk&?;s-rO21#tD;Mn7PEY
z2iMZP5wuRZ$k9_+KdbUjx~#A5v)+k-QQNMQGSc<~)T3*ASkG?e5tR36YslJjN%i2C
zGEV2(N;%t3t-7#pv*&Bwq0Y&JmBh~YiPeV_$D_^sCkCZL8T;v>(U7>6HR(z2)n_mG
zRlNry-B!0&L@92)u7yjRjoI!?cIhDjyR>|Zn;W_=Ee{nL?4PX<VSTL;*AOfTPmKD+
zbIy#-2YKA|%)PMMGSvpd*^%Z&{k$*cMP+r<vl?dRtaWt>iyHElWk1Wi>ZWChNoiS&
z7D-IU&T@};Z$3GLbheJsc>_cW-78nRV?`8Q4Z;-3-0$9uWh?dfyDOfSGm)Ai+hjkv
zEY-TtGfs4c+>RqHp{sq&(A{4)nG<UhJh^ebujE+oMlzu}j4f=TW}tE!zH^@zi?TfT
z-J$ZLB6=%Tsho4(mE<vhvpiAgNxihyo#TTmHU4s*QRNpC1J$QULBcv*!&HyY<fmWp
zYe^uoA9V<0aqZ6`l1Io33{(jy9-pyTeLbJW6Zda*`}aHj6O8Kd8HqIj04Mfrb)Ui(
z$o~>y0y2LHSpwnUzO8N_C2%gp*FqhVO`?H%Psc*szti11acfgvH(>}GYa@sAB8taN
zd_l`<JlZ#m7N}*;Ia%u3%3IN}b2Zztnlh((;byL*`}4vrG@1yLmi6W#n}yU=nxwCX
z(!gjz)~Tkyms`{dTG-zm<T_fppV3~qD_T)Qn!)>e?c$j`xtoHja$&kLT63?xKkv0a
z_hh~eta1MLDxp}H>Tu?D+}oh6iW`|i#%Y|Zo%z+}8myGAnk>rqV?M=zU92x!=cJfl
z{=9BE6V$lRbHC=<AyQsapYJQov2(Bwx1l=rJnI33&$Zr-VL}fV{!0d`>L0nAv$220
z`TX=NeJuw37D;1q%XTK0UQXPK*AE2EAX0sLQ}Q)aa$Ak_cHCl7HwO?=Ebe8qM>}pw
zHmE}^WU$2Gyi=H2$Vm)9cy)h@wkHKB>lT;uHj45m?rw@->|?=^w?80c-Ih~97gocn
z<>-2vnqKFT8D}vzHX`{`&xp_f<@!*Hi$i@h5wZpI41E)fxJWm#`rR6;_s;ah5@gxh
zg;QsLP8eZ0eL7vnY+?hsl3TEcN;~@<A1XFzQYb&H;5lf=v=`SU<$O*A!-43`0SWlp
z+9RFW6WQk3sN1O)K8JNm^au5;f><+98Er&FZNHiBG<j>D)nc4g{YZ4*IX%jF%S3z-
z;pS{{5^*yiMgIJ)eU=)W?-`F|XhHN-a^<!<??Dlj-30$gMjEjTbd_V<kfRLM;GY<U
z<Yym8L4ID6E9o8>c2AwF@jz~SH>WN+*GJ45!1e_qGw)Ev4}222myWH=`eJ(-n?K(e
z&fK@z+}w#V)-1fEBdbWZuYNEjCQCp3Y7i4Xd%DuMLm&Cgnx0JC9BC<D<Y~WxQ3WFy
ze3H-^<eGvTJ-b$>XCISTlRO~5aDm9`dueXC`9fQ<O<EXYV@Cu=5+xL1$K18FC(BIi
z<!fH53O}}}?<~t~K-qn6vMY7&D)`E#Lhp9m=Gu-A>&1aiU&d1{gJ<Ov6FrcVFZJ%^
z<|k}=&duRokg|Ebh9E^}GVP(>3}@j51rw(Zv`474M!(D>gB0ON=6>&;<W}s@t=2Tx
z9lMG}D+adA*Yip<C{#X+!N$v-j=v|iMkTj~QMN`uZ$;r#>0v<{B%zIU4<T`5Y=_Qf
zcGQXF7J(_s*_H#dW>)e!1DbABEcjm#;~GRQ8cJNv&juVmiEoRP%YE`$jSSk^(`0zO
zlY}^(qtv5q2CfVQ+`RVb%d(iBt24xmT_Fi2*)@AptvZurh}Or3!^e``$C>@>E^5HV
zw-1BI=(kZM%4n`uy3u)hf`L}`_mM7_Z&v4AY8M|#w^<&44iz65m~So{ZZ`{a!5n$c
zmwPs1XHYUrjdmHPY|kxXp$<(+`xz`5&dT^x*!}&Yz1+vBIevd`K0jMHcH6LWu5M%;
z=g-`L+6Jk#Wo~t^Fy1m<n~G^nkzA9?v;!}Rjl5!5+Z3znT=`=0y&h#0{Caq)a5P8$
z+;ij4mQs#+R=802$Wo!IhugU<^zAvb7^9>;@?0Z%{Tfe|w(g<ar=F#Oq8pyO1rQ4n
zgEBr8A~ac-|6^icN=l69<+`62jJ7V-pq6tqkHw7NoHjEI<|@r_pV+?AQhRI2D-6qW
zqIR&5xXq5Ve7W1dG!Qc%yDWaw&mA3MFux}8`fWrQFZq;0FVuA0K`r1tA`e3p`?Su(
zY;Eh_4@eH#V(4-FVkjxYZu$oIgwA_1d{=UbTba$I;=%q!fn9-0Yv~=CRM;2aUdB*Z
zn#4(_#Ki}1HazCYgWSkON%t_c>J{v>WDL$f-tX{=aKSXFU&A;@PH#It9%iB{s`FB~
zQKqOAff$c{ZN04QraouIex?$LJfAwe?O+b$Z`-^j3Bpo!{DB+r5=4c5B+Pz!+wrr5
zF*T}|-+tJ-yaHb=*{ZqzV&J%?jw@540_?%HrdH-hUOnq*nQ0<Yd3toV6MI`;ToU2f
zb!*rJA|7NUduLC<S^-(N*Z$qCpAEy8fBh`8H1#fm;p{i+=GvPm*lzhn-?TCL;_hu_
zzlo0GiAhpb|7B83+`IudXg=vn!%UDRdzfg##~=Zvxcgdd5W|<%T!?O@XWK5MzTLAK
z`zol2=7e3>Vwkg9cDSnGOz<NZbFUHS!BHBGZ8>C=46{!z-Tu69^(MK_mFAmqYJHKr
zbvv+`@?t5))ER`TMR;j%>9M7XI<YR_#o)2Z57_KKy9}36cjt6ynim4%4oV#asF;KH
zuakA1R*JX+%&DwP-C%(ozg!Hij-Z?a>{+%>AnVeaNg11OV!E%JT?kyoU~+N<#y=T0
z-u;RLy#xZa?ROjPTl$CX8B6isJg5$y&+F(iZ<ocJqX5A{OO>$KnbuBtxE$+hQXSiZ
zMxsTTeElrFCOD?d5qRUo7K>J*$8o#6wmoo_xx%Y0Rk?PwULVCqoCc-m^-WNwDXxy^
zSGBFWrGKw*@E!Fzzm--g*kmVKC8@ceTe_)Lb|XqQ8>=f=yk8(I$+0UJO{fdA9uAM-
zCpthL;d~Uk^jm=fae!Sr5C@1|SgYIvo(L_)`^Iw*x7ih50Za05as1$5t~r2Kttf`K
zJ8&XFd5Gf!_?Qd*^RKQ@_rEAXzKB$)9mnE;J8~6Q5E~v=nG$B9`ptJMJ{JEVhULHV
z1|Dp5Bzcf5J=XmVHjqU(FYh_fozS`gzvicZ{wEoYPwH=AVS*jI7SvfOi~_hwO7d7-
z*Xx!SKn&4bjVqydO$z5AqacRW6qym#Q$L%0Sg;t>1&|n%-0uF_M<(pL*)uF5<z4M!
z@b5UmdIVes4<0HeU0Zv}LIe1TJfQF6TdKg{YWtRxVDa?V+mXMYw4}E9I4AO-H*b4B
z7`cL!<8e<jf3iN5)_$IPS&06k|G8kIF8l7O&FbeThtHGeOQQHMPHZ3V2EA6XnzR?N
zp1(0r0sf{UKOFn>+>YksN7<QPvinTO+Q~_ea+-z56AqpUvHjJbdREcjUHf>83&~fs
zXqSV~W+nSYFt2>QU`N+qnGSLM0Ko?JZAlc&z=9Xy634>5;lOeVf=j7e|2+FBW(*!V
z0b#+Y?^@8GN?|0plqh3yS&b&hj{gP{Xd6K{o+OCPwD3>@pYzscgb-FDK5+xrtiCc(
z^|bjGu8rSG9wt2d-EeKhd;ShuQGu)5OF@h$gIxF`?66>78qPGA?LknSb*uT%?RH^U
zTU%FsP54*i4O^$P92?Qjmy|TNNy7%40nqu$Pb$|Z4)5(k{XPgyzx^oV9CAXF=s_G|
zP6K#n=Zt+(9=DS(z6>8b*OV*5Ir;A(1IgZCud{xwmgKjw_*Aj@%CuXVF4lWqdrH$M
zJrH4h&^2v@n*?pvz~8uF`h93YElNZ|1>gT5?yaNZdX`4f0YV5K+&v+|Z5SBb0wh2P
zuEE_cxQ5^!++BhMcMT4~T>=F6;BIdZ`F;0%=ey^hyVia0vDVD&>aMP?u9oVmZg$BI
z7M~>G$qM#`b;(vpkV=qxfMSJT7R2kg1*K5+uQ49MIgnl>f8r6~OCvTtaxjGN89#0`
zGSIsFf+y<{+nrUqg7q;r-I;ewd5eCcwEes&2Dn!8_2r!K$IO<;svN5EWo3$9r<u{H
z=wzB}8s+aTnDMC%REGGuC^sK429y%*1$#k8)zy4IIe*M$TEQ|+-ePX14V^-KAA=Dj
z`jvlhOI;#|$CN_qt*KY6C;oL(%lPGH<c4Str-yOQMJLfW&6Ka_NDkOzrRC2b1~{+C
zPjYAV(oW&QG&YNTxAy)->0GkcX@l|aEBwZ4r3DXO+|PbbCFt86A2Z)WGG(ZWN{xaD
z?arERPquO1Q)7(}%$!S%IiDMwlDcUpwS{_~N9V??Ihj&$G)&Qq!A&XgJZmO76mETp
zniAI%H}BrNzd8w}Hvx3liA9aQ=Ee>SSJA%F3j6TqeMK2oq=GQ#Sj1_FL_9Cf4A$B(
zRc|2lko;U$<lbTY_?5hX;OD!KocxUY0sWKiJgqfrxN~0*3X7S7Xsx$Xi^bM3KP(Cy
z*LgMRvkg1kKkg^)ANLal{Da)z1;6g(kwq~}@qQV`JiHP(CGQvaSa`8rw&h<QX#2f|
zw!zF*mENxgg}CR-#tvHaQ9GY$Tms7=7HV$2&&g|*i^Nc+_xhU0zNZ-73<n|OV@OFD
z$l01N&xMrE%ByXy>^c-UIJBDtfenRT+T@cH*oLA9H+lbK^!;gqU8F}Asg6XfhyUv8
zS$|P+#BuTRWnDab+L<D4nM7=mPfLC33WXElx?5aDlp&plT8%vM$U>xNSZ-Z67wwXM
z;xUuP_mnR!m?^cIY}VOv3@m|${TAhl$Tf0Kt4+<cmWsTFt-bOX!H)fINsB7E+Sy3L
zWK}i1U-x@rcubpP8%$;C-}>*LG4$)&DjwBNM}0pFs*oX7s1Ztr7udQGly7tigLK!|
z2hR=8_3~-N@N!ft$$B-qm~sr8Io=EJ3vJE#AB$4Viw#9Im^R1!9J_vfe<Yo=n$~`=
z5{vo9@Ay>*+u*C22RaAoNyjbD0x)b}F~DxgvXRl85OA*NnR~wC-RH7DqHOSOUu?}5
zZJj1ezmT57d^KhDhZYA%I?slevJTtuis0tR&E`ncL^`Tie|FDEkAn6R(ly!Xi_@5u
z$6bY+5}hty@X?8nY)tc>!WLmTZ{A)2hR}NK^~pHxs`q+7ow&YFZa){$V}gTem{lFl
ztIUR|ClPNTWsd!>ua8fBMp{lp(lIqr1}fhS8FQp-UTB4}4m-?Or@AOdswKMQO@G=@
z``MjFIX|E<4Pl!dCPZB#w}vHs+U~ig7~oh)M>S02&urG_KxzoT@6K~<ZGXs~3G3v`
z-hF;zk-@~$#xo8z9z7nU7Bt5s5j8t<qB|N~Om98<x<=U5FH?k4GdixWE$qc5ZA?O!
z6?GXoyvbi5@{l^XX|9^|T3@D<t2pMy8OIjY`o(=$aQTDl{ZsAk{4A}|{ewe!&p2(G
zty?i;lKn=@qAp0ql#sePWeI2G6tSc^dQSDzF?9sf^02}{%c>Zz6{#yzNH~Qqf9BK&
z{Rt9%H~mHb+Kop&-6JgZsHbbNjx+)p#LRmgYDPhB-#xsW(>-$N>3iZWad&)&Ak;Sq
zdv~yP{IVjf7p4xjENChO+tQE#qZz;vgPHTf#w1a9aF<?xi~YBxbDuKV<LQ+?2sKO-
zXH<su-h*x^0R;+e0jNk(Q#jOM%~I%4p#4Maybr*#_k&?Q{|D<BW~A#r+Y>+la8v~6
z1NSh?Fk!|$PP8SsVURY&(%>K6`ri!m5K9N-%CPsW_BBz_7wZCAZR1z)iwV|ieeM(w
z;rp8bvv4iZmdl0~<#}&DV1dKE+U%~7&(kfk^{j><^c%@nv@Pka2p))cq1VGr&xk`@
zF={q-q%c@E{65IN{Agj3tr^B3w(I<<Mh;^GADUo{TbO0%J}aL2D4TSB3YbIT-(*92
zWAm@(L}T&*t=OEAfZ5YWh9prin|x$e+&~bia!5o;F`Q*S&>e7w_zvMw-$2jZ|5Z}u
zoQlFx;s;P{av10s==ms2Vd_<c{aLF2p-1wj&-F4PHzXoaW6x0VSmpy87~za)M!>iF
zdDk9uIr1E;M<@>&#l6+4f;#hv{jQi{K;6NDUU}Ho9ZwqbpJl7jq=(LA5%i1~6VYY-
zLAB4(FF$6{O%OLAJ*u*;dciInetnq<XICSqZ(R_P`WP<!++Q?WBBX<U-69Bb6oLB)
zF8+i+D?2r}UKZd!7CJqmIhzb3mgN$x>d+&}bk8<nw8AA{#u2n7IOSj2=I9(Z4on_?
zF1SP!u1Sr0Q)#2=pRwApYFdRad-~oet0F8ZuNmNwu|_U;lSa#E2y$G()ZSAQ)IE@3
zIpITwZJ)?CZvs~oU6b%Kmq}N+X4DA4nd@J~(NL|Q={-lP@<E&xUr2<`Z(%_+91K~6
zglptfjD~2o`&*17%A$*TQI91dtS4vU8Z+h=Mb{7FHGY=fQ<Z~^y%6<*fh)#07JSJ)
z-Q}}Dbq<(riJV5=7Bm#RZB2WWxCSKK7lLEN1wB=qAE3wskcM|n0H<comTc8nndXGq
zeW`DH6A^pU>w&Uh)Ei!Eudzo{SYYqMtl{&2&|WyPmSQgEz|6HyEr%Jv1w`{ESVhS-
z-XG&21nKriP?Dss&{=V^S>321;P)?`SP>1xFntmG$xxE9*g@=wGH4brs-5U-mBATt
z4OZsa{>2~8>mKEa9vO7(INo-#2_U7(o~iEozKvx={P|uz5+yTP<!AOaqbRnKOgKoY
z<*Y^|=vbu{M(qifr>JacADL*&7~Vu$u3>Lj(7ZCDd2i4p5%V;L@v}vCj~^gb<RhkC
zruQO%Sgmyz#n13r0$+7n9MwImk?U(u0ZQHYDUjkaAEo78C~Z&I1zV*cH|7QvL{BMB
z$TYqutPFb^)RCnM{Kf@Y>iNyU1HE;97cpTaPa>?JvWX2yeSeER#8MIc1k(&jqz4j1
zVPug_+Z(1G_;V}?S-)oVY(`MkJ&=^mh=i%*etiT*X+Cp0gK|D_4wVC7i4AGLi?516
zxCX15z{rAzU=AgJ?!6d!&j*1q?!3a|a>x*r{%Ne5MYdUr{nnkmiB?j1SW-qreoG6H
z1Cs-pLo-Yo_%C+|JGcceDgg4NwIVQ80}x!#Cz>y)<?b?JJgj?G5%#EQ>R1<Tbh?)*
zLM(Kc%gKXp-6^XMs%FFyop8B4a=T~58}`+QAq_7>EpsM6)r{`=zl+q(nW*O9KC1lE
zUfYvwS=FHXQ3U4>X<qVTQ)E`$1-vmmBMy!a>x5)A!M-$Gho@wl1MV!EE&J5b<eL<D
zGf%<`lk9VPR&qO`J6Ao!j6-sG_Ti4Ecip4UhenZF#Pu?*1zP7eSBjcXTm-F?2zM>1
zwT|MBQQSQbEMMHOF?HYXUOic2_oN6vSU0COx_;-9ct9+?`HE+=K&p|2aVV;qd`unF
zv?KsHs8QdgDmjasa+M6RSA3I_-Qy8<x!N+$_|xgjNA%P)a@}-SS<$e|{6)xZaV<%A
z-hwm!X<aEg%oZFP6}Bwt&U`*3SI<AKWp!XIm=)ZAv`*@Gonar|>sj9{2skN8wTG}^
zZb+n5d$IGM`;WGtJ5*u~=IV7A!kT5N#e^Ast3RQCwaH^i56b_&q^}N4UD<{IRaYrA
z71~z+Xc+r{bQ4<Co!vhgCWYpIXqe5wz4-Y@gD$8Kdi?8xE5!akX&8G4Wc%=UO&clM
z{EID3?HX-@N6f#|UAc}C7CqdXodnYl_}hA1Y7fg7yOQvQ-;8hz^d$e3YI^8{?yPfc
zlAaw~ZgjZcTuGatSK*wcwosce?m%x5O}Hn1syxF}8tdwY&SkUt3t%jh?sxyv<Jutd
zQhEbxl!(U&RKmck)`ReWHr#3c(MAKr`d6d;MSJqUqe;N5)&GS?BnnXDrvQw&aF$J&
z;`x^;b_R&}-s;8#rh(X?5?&q`30=_OuQz4A$;|jJ3wps95&~#Di2Q-qzBBh3wSHUc
z%~EK-c|su{@>e^S?A@hS1@>fg!h8251Z%k^UQb`-hFlBOa_`;+Q3PNJTT`bkiv4N|
zx`ck==D|qy+qqGH2D6#A_<4f!op89*z6$VJ*@g$wt(r56-|$gSU*LEVHlX$k@gvN0
zxD%}~YsWbg_WOxvzXv?M<2UMjqi*?ts+o69F9Ry`^1Zx#dZggPJ%?)fSvji(dtQaw
z6G9b!E`m40^=M_CM&ZliArC;+y)6B@pcUK_v1t*c&F#QD^iPACvQ~mESH>Aap%Q0J
z0i7LM`a^PD)~Qu#i#b(2&B8;YHl@%_lbj2Fwss9>f7c6@ubyGuTJ}Rx!@L^K&48L2
zikdbbqCIkLH5NE{J2gXM5RG=0RLW1h>=71rYUKy1z*<BfafSRMStC6=O{!EUKMObh
z*u1JrP|CJh&~jmTzKz$Nk{!%|QI@Sj`sH&94a^aXS^ZH1vzpfjDq)_iq?(dVtYs{1
z3A{<V+r%y($u2KBNf0Q*Jfn?ybrKXO7<F6^e-rVvih^F{WczmRtAdGCOHoD5i=-wQ
z#UZTqk}har3ulk3AbC=@QA#%XVuR^IQ+)2HuFa0iTc!!We*e|bj+JPb2=HdSz!~x;
zMH#lzCf}3T#F`e>+BZ{ah~0eAu=<rahDM)-N{PEJ!8FYl0-L6ifdFWo{s^wHFrp;P
zK6;=}TO)-ASTnxyZ%11VL3g4(BhTIowz=k#*oUj<w)Wpo8xKIQ+qu&22DyC5P7t9I
zH}0@`)e>eAVa+gqz@YR=DB3g3d~6UZ(JK8A$0;L-3?Rvj13uKeZI(doykY$59HjXI
z1OfY@QLQD<@*bxTduPr0+aBe^1Z$)o8^DCSTTpqmUsq~1C+H3cX?_edL~9#(Slpf$
zOFw1$5NV&Y^dPxU8}`;D^yCe^eK<tsW^RR4spHmn&S#_?eLa9^bL*ftjKw`Z*JGVy
zgEY16K5m<WS^^M{td5s;K}6yHh&ez;Y~PP)v%vJ4w2I(lMC%DuVnQpyHvBxRWX9J~
zFP-I>+y6MKn@uS;qS|)o==8FbX-JN92zq)C1+xrtOL$38$a>tVj68@uc)z~{XfusV
zO|bdfdj9EBHDKBGUA@jZfaxEg|MDNJftfnyW4<Xg{j!yt2ySePGyC)HCX5x+wQ%ag
z=U0E-s6ZV*$jqlbmGx6-791@%Nf&0nv2RM2?xxTzDa{I}$vJ+Ue?_eF+TE=QD$!E3
zW0W3ZpL1iMnL@MD)>L8}zI726#VrwY0DL*5B3V9^+`pgr*7f7cCXCkXpgz$y>~y9v
zrcQiZ*6L@I+qvE8kD3=|7q5rDVdgcDS7m$hm#COu*Kf;Pr#YhC5q^8ftBLdMuHrW!
zOA_qygen3qz(kj|SqQ|z9dM;e2h>n({-oN08>NQQ?}n_yhiuryPCRpQ`+k8r`X0|=
zv<0aIY4Ec^*$q^4r_y?{c6n0ZYnWe)f^&<9kO`yw?Y4gU9M}<f_q=@SNZn|uHLs$x
z#8k>>h{Lc(v1@gh+w8d6$E9$>*A~vk@;b$$whoymF^6vE-5Cu&-KaB1uN`LoJh=I<
zNqs*M+nH>!-7C8gqmM26`s&lG_X7ph7uO<lfiF5BD+IOZi<w?#mSVa)sc&OjBxGuk
zM9eX__^(FJb;_kH=6rQRC!oe|Hv0^%^TIB&7x8nxn~it{pFA2{`JWAWyf$Js_+$TF
zQ+Cp>*;ev9MZ9bdb6ih3(&5|n!hy3R^`?ouo4S)m^u!YN_a%NQqK#CWWeo}bxGK#1
zPV8aeyyey_iz}HldZ)G3Tqjjg7v^N9)=vDN6y<RhAuMstGY^O-x({ZiWEXuMAJW_7
zdvlv&-AU6OJhM2^Yu_(?P4v1}3o$h*$7DSB=@KZLLBhXj)1y$`LkKY?T%VaT8SJ%p
zuQ?^9pgdc}d`Fg<7m4%<v&QWbGJ&aoqq`><x?1zr!M$nvuods+c;w|L49m1P>8FkU
zd^d*Ye2pCfB6zVZA*LnAyY?-7))Xml6r^RlutPyIwyU!JEB$}@cx~FhqXL@85jc@;
zKprgtG(BJ^{>Hfc{rMvopt$ye`vST|F~uLfvV3q9zsh!D$Gr<|SFC4!Tz^j|``{?}
z%93Fgq#NK4c9^#OOWieX?ShKPktG1YkJdldwb=~&>nC=FqhJnLaE19F*MU>cR(%I)
z(Z?-7Ci&hJ412e0tt0X#`v#g4VkmTevPTCqvhKbZ5N{03Cb$fi_2G|?{B!*KUv6E%
z^u!-O#5N=**M-c-e`V7@d~u^`cjWcXYRCZ7nmJu}f33Cb{CJm9L#u;*EnYQ=HgmhU
z%9kuYyo@E+CT|%x+&16B!WyMjiFspxU4HBNa9pd%9RqWQmsG%IygXf1s27!tum{R!
zg|^6KS2uVs1T|MEyIQuvNmk$L2)se0uP6s?s28upyl6c=bGe~JbeHt`hzv;feNbNj
z219G`qbIi)j^f2kEMUwV($P}P;l8<WqJ7*Wy@sPOm{9_DO@>ff3ad0Vtj7a$ljn!R
zJ_}EQ)>mLhW2y)ekc~&e>{8JVZ%lNZTG*lfFW^vrj8?n{{DPv_(U5|;-HINT%1TR-
zBz9%bJ#7!Fc&JK+8LZ!s`@l^!mZC;xKTYw+Sy8&jnIYPXUEM!PW_9Wbli=60(<1h-
zEXa0v%RG?I587;Z4R{3HWjYRYLPhH%xr7sS1&e>BBp&UC2yUzlqM3IQ^p;#csi&i0
zWEfHF97l%0se@uOwEXuCXSDrS-vNbzjf6Fi9N*|t*;~M5UFjbiKvMsE0E}`3Mk-f)
zwl1<DcM!h6fF)QTm@Q(0QHAo?&ON}C<HJIQ%B}X*p35d8{3%;`8|YW@e7K*PO-!IG
zpcn50)C*tz+5fD~!~?Tye1<+af36q(E!m-+kzBMIFevnNi9K(VO*seAZP}CemAjl%
zOQH>5Gf&AMl_>{PHGcl2++E?`wWW?TV`7L+k}GXQgX=N)hy8Ly?SyJ9X#uY|x+3M%
zhqww0nf=(8fHTlSQ<UwBd_SSspd5GWxXne4+uHk_kABQWt+;g}eEr=lqr}*-#^)2y
zT$saly*Re&v!PI}<WDvGEhAH+Mmn3Yw{_xVIP<N>5L40{Xf7z-e*oXncTIQyWwv>}
zYR#GfS%%xAKX7c$c!$e$nQ<^Z`Q__z)|UtC102?&l?ncwy||f>6<WGp=0I8}T54lj
zN~dlSap@?wnI-J2)hU>dwy|vKTc3}nU0LI#dto1J&ynj?fgQyn;&Rh7f452oEHhp$
zfse<$ucJLZs7bP=br1=;a9_g?B%iXcg_I%Ta&=R8*U!DPHM7&%ThXbd1BW9IPP)>r
zA`&x<Bv2*O!5p&liSGI9gz3dPWNcdXDr((-#wXO+`X?Fom8Ku9+<qq~gL`Muwfdkg
zaIsO|@*7sJ#PH|?wr$z`5R5U!C?*-K{l^1d8F>U<E>a4qcG}4fw!SQ@3~Pa|yH$*A
zcfmgEsQ1Tc+hA*=k$(<%^JQ9kJhDnB)J}bm;Ws~ZyTm6~$)&ytwo8wUeNR0jp1QnY
zIYGCm1?}Ud&%bPr&Cy=9n;|#VYiuDbd94@vHCQ$~{Vsb2&M^28=7r@{s#44gLED=0
z#(cDW$Ce5*+Ni?Sm8z1fqfC1rnrKdDA2zMI1k2T=JDdjv3&@_4&42LR(ogQaViS)N
z^BMcs=`P<F(yQv_1f#-B7DHk%S&s}s>t}UgCWI@I{Wrm;ZdBRLCV}VF)$(q(wS6x6
z&PY`RsUzb5ZV+Sa%}3Q6Ho}g0!J+@-h&MgHbC?c2!~X+)=a&Z};T(bDfI4#hP)Gk^
zq&&R`ut`JV`3H!DQ|>+AumP!%zW0q-_yqE*&&Vy<O~59&_G`;36Dx)(#sXvN3fDLG
zekE4{q55~b-Poz73CCy01B21{)6d2~)PCGe^tWtJ@K^t6Ok86z@Oe)}`Oyvg91U>8
z=IH`%*vVx%?(q+Rm7M7R=Je*-Ufo*~S?rTtO=;2V1)~>vR9Bxc|L6+N<J5WGS+t5)
zeX2f__*QEf`OwUw<iOG^*N<@h;@j{w=l0FFu)w$g!Yd+=nG;SXE0&k!S-Wk^HPz8x
ziY}p~0@@L=rK)(+IW3C$OU?72rE?snEv~GG6zfavn@&rzGn;1FG!{2i86UhPr0Nsx
z%iSC8YxW$j%e<-;!-ri8N^O~=1RZO>E_{E<4xF?~=L~CjEl%lCtC_zlsg9nSduzU*
zQ|&mW&TCqdT9qKF)FI~D2h{*RLP;C$A9hfy1HOyi@mRDD)uW$v%y<&sV6N6#Vv~85
zvqqVCO7dl4&As9;A~b0n5O`kg4s#sh&`ltv28o>`WyO^O2DTyfw-bZGe^2>q8zxE`
zcu|^N0cU{PwAg=*?*Crw{{YEF?B6Ld+<d@v+=ZRnO%96z&ST3*^{K}m1v$MeDCrWb
z`0v-J{_4*zu?B}kNkN{0M9JV2`)`RS>0{OJX|*>km^qAjue8I@kJ%(@+}on4fEOZ}
zVkZr~!wX*>iwJ)(pf0gZ;)t5!wvKh;ng2;4nx8sb(esJn1)w&KQ?%cC`Di(LQk8tV
z*HB+w`>Q#{`m3*8#1Q9REi{r2Fxh=zPy~!>_9(!p1|%YgRQ>3F#R>ZBeg)Wv7U02r
zyNQy2y%4n6v%|tAAMgMtgxFsv1V>b_Cx)5de;1^L*tz|G5eC%j$Jqe?vSgG;?=?;k
z;P-_Y?kNe<FWi<e=hUThwg|D(c{hHh^LGCXAoX2O9U(4wc1CT%VplBcfmCzQc2CA_
zl`7p6(2Dc+pbv{COR)JQK4Tzi7@y4CoGr?thIt6lj$rdieY1U;J3|b{q-ZmF&9r^o
z|ImfURnD%oKC7lv2d$Qm#cHuAtZ85dah$M1rd&Zp`?*|T`nSMr!x7po%ZY8^J`-_a
z*LVSN;7K(<R8yTG37Id|L|xaePm4{i_wPl|NKX}AD@`31LCwUT_*vGBcJtFlGYH_b
zXWWD-ZOb^JKssmXk4F)#%M&Cshb59={VPL8^o~P9YMm#54QHDxe5jutcreY?uR6}s
zk2(HI(<|n>pgSbyIzIZ=rDIf>&fdV>tn^)LcQl4Qtvp3Q@u_2ukT9*hbpW&{r#8EF
zq9=-hfBTu8bU*3FZp@-h)z?Kk14(NhtEfdAaDY{umeZ3&Nfw@gdgdZBh-v-mW=t-I
zKCL`K5Bk_A*aL?|&BVkg9145X=?#VHK5nz9EULB1eG0()!{V8;Mo5rirTN!yVb4C^
z5X$_yg@aaN*Na~1SJArAoj*LivM+hGvWd>4lM1sm8#D&<lPrLHP4i-g)N+eJ*Y0Sf
z7hkMqLe09xu6^}GE5_t97z5&jyGG>yHXkX*oUB_q$7n{@tg!H<L$b(f!iXlPKJ}=o
zPdAz@&*vtXb-mb2LYUsPy%l)W-#p^czgtLM`Q)`q(8~`>9u}4<$qwp<wF#2=IN#*m
z<V6k;l1}qqe#aQ&QK_lwHXIP6w^?{$SQnZoSzBi@7RJ5dsuCGAF=99*Ca+m5iLOZ`
zUs#k&pZB&^{QJ+8poyhPm45p(Utpc%i-+RS4aa7kI`zH#&M+g+7Vknb**2*qr%4w3
z^t&5^*%lx(E1N`)C@Z@#WvfqNa#r?498uzp<R7MB)$M9B#bT>G#WkP?oaFM2Y6VOw
zUf&-N7RAi8^Z<q@S^w*rl5V$H19JW7FQtqs8-Rqm-UH#ZXuo<qFfK}VTVp<bKn`cH
zy+biWL`;+fY-zTr;}PXkCr&XpECXseH=wlH?;Y>+ES$N(-c`bW3F00_C4s4KsKh9I
zW0zQAH#A^TFkmB>2xpu2^knd(V1AW1d&Yc59J4;{7~%BU7_6e8^HSe;iq!!XnUpv|
z$K#<vV*1|q-%07F@qj8kllUo2ew)4Q`;Py0#VowMcW^{TUQ}gm6CtMP)ZN=|QjZ$%
zmo4i2SWRAnWW)a4kXS|a_W`l7T^=0MPaUU}H?Nz&@4t;m7shSjUzE<7MBmLz4+(;q
z*U~xeNxllazNz5VpiVJrgs22b2T$N4U5|yYrH93xErC5ldBp2`NuGm1Pg!E76O*ik
z2QIyV1PND7t#<=7hTSy-uWHXl9)K|iiL&#)HlE{^;oX@YcdgD#Pi8*rHtQLQh`M$(
z3)nW6o)?`exLTU@I8-;gpZMo)G#zj^T9$0CCWR%t0O?LZlVKNi8y<BBW^O}0zB}Py
z2_k;1I$-<KO?$fN*WI6eFcD=uaj^TMIU4)AW%=qHGqYUsC_f^^Y`l({kn8OykyY{5
zd(qnaisD|j@8}CBeHQx3NJvW=Q)l~uKJETaw20lpxDo_B0m!YjM(%|q6QA-S^Mcio
z;HlzhmgJOq1(St`*vlN?Vsu`?{?7u#3s>8tc%>2X7eqB!l~WjUt(YGFW^W_y-=F{9
z$kB28FdQ%U@O$z_5&yI9z`K<FA67?RW>rY*ZXa$x_xmO$CF%%Blgg8`X2l@IoQ9OG
ze?q5~)Z)?;S^Gq{-h8_m`x#L^=KR=qW}<($BNH=Yi(t?Fq@`(G=oC)JF?tTk*}ECD
zt+%~RM43WolAh_1o03`RP*YL6%3dzhU6n#eneF-L6sCc$Gsx0DJ7l~8ld`B6JFo;3
zWRLmM1C&5Ka{b(Zvy2UuP-v4T8GT3M1?b4o<o4l9ESu`e6Ge#cHCC_Dk83PS`;`Ry
zgw;eUk0*qAj@oc>o&gHl%b!fcPBvW~U-i$yg*wl})pHSe-yvk_+j)x2!-e`blpdnu
z){L~k7cjzKZG&0~qvN@saa4w%*1%CO=o~N@yk)747{9ha3bwDV7dgKgH}<(=wYBg-
zG^<5F_QAdvYCw_n?dBIgm&SW&TY0(IeXYHRfEvg@2N9YX|8$pg62-}fFb46S<sVt~
zjj2H=F8(n8lvQA5z(GxnL<s+Cz(LWLCnb?Nq{LFFgkxOT4VnjfDJEnE8Z+bG`DDen
z>Pz<<B0?`pe);PZTSuKiuNSEu+eBTgCxcDo0~Ec51%p^31N_c{7X&VKhc{1q!*ru#
z`iXKLjugX!v5YlfvP-BHHG#WKckSaE4<7DRh7Dr5uuE+^@>k=?D?g!d+79|0!XJNV
zH9`EE!iGq_`x!QdBJ>)ULiQRTAkJy1fv{jf4-W{S4^jwEP=IIH9~B6h&}+Ab6a<2O
z{?l8+Isadakwhx>PmH8gCI{R;d~b<JMb1~7W$@*Ci16jGZ#`FHA0fV@PLwCquuw=q
z%p@ohEYl}Y2o@iS`oBE@34wtZfA;GeQKL~`aNH?O-g#`g2YB4f4CMSNN&o&m9r<sA
z|G)p1rX`u|p3S27#8j%o?JrY{>5{p!e>Jq?%ZeJIPm~^F-Q|lY*tc}Gq_We>dwp@*
z>Y??(c$auwxz7PP<B(O!_ZmOY(MAG+h_jQ#EDb_Tj{?A*wK-TVuLNSfJekNXJ8$e3
zU7F&&Jn0w54+@vmS{v^%&gVfO?;h9c`yz1C!=zkI*y57=WbcL<5oWc0<kEJgBiiwr
zjbHv#5FyLtnxY&YL9XyG{EN<Et5v8@ZnhgsYCFx9y%et?0};r3Sx$C+>-LI~FY2ja
z>UOf?gcHWe1=_Xeata;^NXT=mKv|*|(tqci^P}T{Hyyr_BL9e9K^znbexr1om91i0
z<$!y0U(}7JqTGKP>yYPk#^0BdWT9G)06G=p3}P2)rp=x-Udf!c(M63rs%%l5BIv&s
z=*ofvjR=e#YR36*`GCa+)-Q_rh?=5@ewVuT(Sd|WChV^(Z6ruYOR3uLCrzn6MwwH8
z4C6yU-s>ar5n~0vo@+a!W6<unAN)vrKU|K54hoL|6Q21OU)c?gmJCy*oR~Iz<Zo!F
zMgx_3LvBy(tyF(-DE_=uUTN$L(FYYk6;iL>68l>c-(x`!p4B9f!xPfY9ZJ!Z(Nw%O
z&oRp{mGy9V0-_OC3Ec9hP9||Ac}f~Thqa|6goGGJ3u1k7>P}>S=~5o@{Tf_A2KQ4E
z?&)Xn?PjjsZXT24&dO2B0k}m<0u)IHnanmG89!XLQ<rF)crL`erFL_&p3?NIOFTyN
z`hzt+g11Atl=7*WNG&zZ_bi7eH=0@qk%X=WzKSCYT__<lb%uOsm52F!rgkqlg_e2?
zEJC))_kOXHPdMR#gf4KEjvB$Yq+|Yf>fQVw^(;)0L6-6q3mGbi6%9xVau;ziM-bj%
zICU`<z21U!4mVbrpO@k+s1*)~-n0e7`=hIg&F=yd(k@(xK_;No-T0_UABDc>(MoBG
z+S|+yQu-inx`xb<dd~r6ej6L&Qgt4LHd~#3BqUk|5m1j09R+EYG&0;RD9_zyg#G0c
z8(iSQ0C>n?UH8?Gp`#+?A3I#q>qnAcP!M5#SJ+3_Y|>GJ8%R^xl0dG5J3#W#qxD9J
zw1|hYf*79lLt&pk-?_jAJ!oYn_WkcnjL6~|5L&=>_#%7LDK-VxAp4(fp}s<Nq5CZ}
zq_=xqR_!z^D*ZyH+DOvM9-w2x67@z(<Uy>Vz*lllrGb&DH~EZGP!BKvOrDG72i8&J
zPFs-F7L`;mY<k@nA4zBmZ$A;(5$Z3*6S|fhTg*6;u#j{K-hg-Q{d_IN#S(;N>tZOB
zD?6z?2pY>KzjEsf2`u70c;bxheX27=QI7CQ4)Nd#<x3Gf=Fv+U$LtnDqfgIY_>gT5
z$jf$OOuo$8!|~P{l?$ZJiq8m~sW5b}l(S5!-g!1c)}Ztecyp!Zb2r7OIyWg~PZrn(
zC!;Gpo{t~W<p+vzNv@V=W4uDfDu1<`odc(C=$VKbUrR&#I=)}1Nb)Pcsx*(7w8Z!L
zFUrphXO6Hju*SbGw2!>bM2Vl>@=FL{SG{@t={!YA+k3sdh*WJiA|XoNSi6G#nX<U}
zy_?o&D!sX5c|v6o;s;BX^5<-rE)*as-DxQMK}14%6Q(y#_GXCWO4A883f9Tj3pg9<
zgbNAMI3Pp+N0Z<R>$(TXoq%^f-NmaDuKxyfNo!olA^3K6_-H5)A?^b1cRQ7J;A-Rr
z+##MVaj8qt=RkzmkagkFZxk+!YXwN1Y--)p(uh9fNA3rbc9biJOsh4V2(03&XTIEe
zKQG_Td21I#z00xs58GwX#7O;g@yXTfLHYo%yILZYD|Ki}b$WyFp>S?TH$SAFijgK7
zy7PXc9Zf<a<iS3@k@yP2>M<v>);Ix)<`o2oSiw`SI5VvphX)bzOs>UPAp$c7tH+Y)
zqBz%^iaP8ej>K6^EDA>yDfr{@@hB<}wVovrrZW|v(2Kf8iO*qybs1>5PQ|m{RL=`-
zv|Jq>Z>d)>Clld6(pwE8t%W~{J@I6hqhD&dy#f(1u4-J3GjUjGrNKXK-`+VLZs`1p
z%AS|6*d&8W=I#>{=J>=aQTJp=p$)b!9*KV6TF2D#W|I-cV^-VxjhbVz1>&iB9g?hk
z8%Yy-e_{^|Wu0YTmdJ`sge_GU6zAdKjL@jj2Qrqjgzs~v8kc{IxJKrCOP3=osa~Wf
z;tQw>_4{LFU~b;P*FhP%PMKOrK1i#SSp2457eyM0W|Zzl6Mt}_XLB>9`hu9_z6H9r
z^V9^(!qsP-I9gG%Swcg1lO?Z4;7+%}TGbzf#uTGp)AU_fJ!ktwp^B>u$CT_>(T))d
zS&#LDm-ip_YI*lk|6-jh@)+Py?LCSNnfQYmLwTca)L-JR%E!@8igelhRRr7vVjF6$
zK{1$QLhxzd-#-{p`Aj^kJnTdz-k|Ccawnmq;PHMkk!{HMA`;tm8MQ}Xt%Q8ua``VE
z><{?~YS>AXJYIW<XeV;?`1vfJ2(S`jn(5ykdfMT?QIfTxvZy8m9iJLyK0%_R0kVMg
zvbP<cu1u@sVFwX~<EuVpOGpeBnGk)yjvq+}_Gbmb6P2{z=S(SK)Phb5zlgj`o9sF~
zW1KZ>aeZ5&bec{+f4O>{dZ~|UoZV{@R)kw_n>%P~*arXVh2nAr0p-BZ4gQ#T6vpr9
z6SY8wpM}*=B86DFctD?$Iz;A3Ck;Ao7&~b#UK%eyQH<_=W=&YbmS0E%KB#<7A{P<l
ze;+vRJcy2FWK4o&xjm!@ORfx7kmA}R-u6ka7yhxwSh$kqSItI9se|-Ky+Jr$()TFD
z0Tl3Fh*i|E%5z9$p71M0ZPT!bMgIr?2p&93I;4+Oh^^a*Pfn`BPL$diZ`VEW^`dta
zvvWxu{BZe-yq@au2b;ldgUDUe17>oHpYFiXIWT(?1sl5S>ssPo)ekQWi&}gz4bf8V
z7bdVdA8w2BpA(sXeQZCA7`m^~E&9G<|M|9U?JpsnxE;kXzZ$t5y$XpZyljfg!MS8r
zVPL|DCQ6;OcYMjMhCv_OW-`Bac&Tp)&u>YIvOG)pX85aS1oE`eyId+)#?|l}l4Vvr
zyBl1adu)HD>9Qr7Bb@%UorDk)uA%KXgZqGrX)%k2Gl?%ir`nR#7#{VDn)3>tz($e4
zq?$7cO$90;Z%wR|+9BfP8ZHB`e?IxHE|wMAx6nQKZYxVuK~zFlodk`;glhanpo6>t
zD)q<Uo61~DaM*YJBNVa|&Y0y?zgoE$Dl>?o3%p?}Oo*ALIr0bfe&MroQ^(LgJb)jH
z8oO$`XY$_!c@e{*8r{Y)TIoL<srMGyTWWB>&@SJm|F~`w`9%s;N*;T=>gk;~%2}hO
z3*0tUtJ9~lg0(5Vro7nY^b7l*vtO7?5eYCN!hSI8?2SVlYa+;r=mgGDNI0B`OVt7&
zo0{K%)FqFVL>+e&rZSUI%cEZVoXdX=1rVBSx;niGjbii`E<1*hN4>S&U+VtsO|^<&
zXn#K$S)S`g4h9%$SvMGYN|)C~p+%*?v7_Y5L@5{#G`|SYgI3$mirQ2D2r;et_|?g+
zZ304cQ$i|<3ooOW&$z%xB|PDZS@r|6au9R~SkH^l)S1Y1m2!mA$?0?k7Fkhc89N67
z=A}E_faoIhW63R!D1;|Y(;~kJfqKOZ=u8w2B?YBFIo0~rvE?9e=L@PdQCamrv@|J~
zd@Oiq{#Mk#HY~Lgdwno4`5^9;yhK2;H6FA^<|b<ch2nlEf)s{TTEXd`zw>Q0)O{as
zhFy&?8t?k)RVMG)Sx`*0>5*H1#w4J=gyR+J5kqH_Z{8s<bQ%TVF0Puw5dfDQ5qkBn
z4NGloLCUsfy5vt>$#nQr!RZ1k$hvDg4%xX+8AFs`m)fv-1!xL8?8xWWb$T2)^(+@1
zBr=lesGZj7!18+RY{l=!)Y4H>*xQy1$9?1A%NVa$1{pL5eqpt|C>pL>(b^p?s3gF5
zRmG?4MG8R-K`0BgX6noq&40RfvDuX6Q{=0H3T2dP-W#IR9MCic0eNqD;Z0v?)vx=`
zGFTE2bQGh|<m%GLu15JepLUuy(Ubj<C{1BCr%(;lRdXn8qf;Hw9(s56889QF-h1PT
zidKXUGd7hm$_FA@E$c1D9o6^|-sdHye0`P8D-Q_()QJ}RU_Flms3Qgsdr90$avT{=
zh{t;}6M--<6Gerw^S4eas4>Vs4nybD7RaAYW#f*JpI-DhJ=(@T7Dy`qbvX3)2!Vsh
zAe(Viw9FDBrQsT73C;Lg+)u|Mf1UR~$EnTbEtT*C600-O4w#w*a|9G+((q5W)?HU8
z+)pN!;_J3_&ClL2>*D|EAD;TSs(p3wP#RWntM=f;)B3%Kea!(s>edr;{lfMq4i2o&
zU!S{*W5q9hxviUwmszfy=2Qh^QBE}7v+*SMjPM3-E6=MCq7Lk{1+sX$!i8HDK0+1`
zyiMOBmGM~ppsxA$y=7E%zTdgXQ(p2*7Cm#r62W*3K-EC88{cJ5sqe=H4`Q^4G3C<c
z;>tw_IJU{fP}kRRRBM7kvr}tgJ4=A&x`38sB1qbRXlo~OFCmM)!EJWhkK%Y%W6`O-
zGY3JHj0YsGW*T~NM#&{LZB;-km!I2o;EVhgV88*C&@e{m^^A<dk}ADV#^sw7kSHI>
z=+VIl+n$FG$*S$t1pkSMZ1|xjOsCP!k4nH8a-L<iOr2K{e$BJ<WCqwpX+Eo@|GE~D
z^7)OlvSk93hlZd1=dl`3>MxU#pMQO1RPCIYgt|&CpC_;&8xp@(sy{XP<UH$FPhUTO
zoy&C$l_d})7%vOC#3ZNdB+*)?rnM%*oL}T;JX>wJnVo6e9Y1?eP0&$W0c)M05U`<Y
zXrUC4h2GT9w7Qm27W-Q@I-wG<;b@Q{@3?_BIm*3q_gBWUm2|)O&H{^E+)xRnVEW)!
z<igZSzh`ml(w{b7mD*t0R}8LFuWg=CbF+yO38*{kC{?jGi--?&vs-EKaJ^4h^55`c
zKF_LBBSl=mRZq~OqS?p-k3}%0l1S_zN#)`wtlV|BBNS!%ZR4@)L4frw*M4;bE+=0g
zRt=!#+}TBCvi*yDtp3-r0On04umi#;SH)wJE{(*pw;LNXJUM<+w(UWFZmb=Th>nfX
z+)gz!)nLQpeJZ_tzxAUGSYQrOh}d4utE149fqH~r(7J(=a*|Sl4f#${h}j63l1T#M
z+k(`(5m3>=ez-g4wPjcwABeXv;`+lxks{+5;Vj|k6q)^hxW~eU=GwtH%dJw<d@>G}
z_o-=a7awTHmqm<C_j>5v)b)D5ssy8wR<MN+(Ifw(PR|w22iIgHfaxYrP@-y*LFa&+
zsxlL(HnURjfd@3y|E`Ojd?yPJC=-PH=T+?pmV)weO|^^;TIg4K9(@cSb5xJUKX^QP
z{qGh9s&K7H^TfyH^#+NAEPq5jPsnC}*J?rci@O-~PAc5n1j`Dk<5$enYma36cAoX$
z9?a+2S~`ZAK9I;S55MvF^n&{X4>6?{x<|8LHVt=r#?)-*`aPZdjINsy^0lbsBYd``
zuYJdj=AJ|l7fIWk_*c)L4DOvVF?=4aFq@>x(oeP9c+ps2(4Stjd_+j2SY@}>)h{C9
zYXeV@d=1`vz(X;`xd|X(4oyGU!<!InZS|wW>%lv+;br_pZyxUUjDc+X0X2%F-2Tu5
zvC8D?xyOu-8Xr86q_Csxt<Vd7G-Xd>9~A35Aw$Ki3d4nPQLgI|rSCfUg$M5rwcYTF
zejs_kSGjc$f<XQ_wJic0eS>A68r>T=aZg*6yl~CxBVtX742c*;TeDW9B2^;0bJ=(O
z<Ek1G9&KEaB7!!)KBn7bzKpSN^55l9{k;De&Ns_vv0EsCc{Sh`vIOT=)0N$_Od|Qi
z{;4a5XQ`c}1Z8Sl+-<6{o-%{_n%jX?hu5fQ^!t%~w1Y++;H@U}B2PYM_UtzNXshDe
z*pi$ckji%DzZ%L2wRWpN6y=e++T;4;)ULJfN(uT5A(W?5MUHBa;v>(WBI<P-g<dQO
zXrKD2U78=c={~%(s&bveaYy=wONyD=z%UfCBQ<>8yUM;e<t*jrw(0r4!z{ZrT_yd`
z%n7Q1%Szpbhs2(CA6B^6AJmc*tq-hJ8qUIbvd^>~QI0p~V|o19$!CV^OQ4hMQVSGv
z!#Bp~o(9r8$X)pKTcj?hUxSCYGw9|;kPbfr#xyfdocOI%YQ^Yi<y!BCV1KK^nIzVo
z8y&?`(UNQnN8=)nl3vHYwg-)mj+$n_;{qJo6W-l`_!eOK(!gilLiIp6c#1S0iSfI0
z0*Sn0_@(8iO(zirzij^~`Svlmlt5RrU{l~a;cA*6+O_y++j(^Ca~86;a%81C#xTKy
zDm%bopf;0XeJVHbHzy*I#b_p~La$mDBko9HNy=9j4jHAECigX2n^QS@n48tCZs8yG
zOG-S0CtX;hbnlQ3Wh{c|Pwo=G{S0LK5{WixAWAXV<gFVq21lw3v-Z&+S~Rp0Y7F_x
zSVhc$o#NJ0^qXjm-xNF5cMaBl_4gLBkd1IZ9N+*$&RMvFJQtyW#FL*xy#I3tDu>Ek
z!U?{zWVo5#JNj7-7Mq!fOteyY0jo?IlS?EcqI5MADkW#4l#G+7hdzJiYFN<;_-nm9
zRk{?eniF@3BAadp;nLv8YC=nMqg&Vt@;{qZ$fdvM328jODSxgT$R3-B$%kl=A%M4a
zeZg)uO;eNtnd)_#)b~DXH1D8fAET(7`=N14<+8!cz+2D#gv4%<if>v8e~e0VRId6>
zrHTXj(jW4=mrMImw^vC|y)<{+7^RSU{jwOXTz_=B#{^%D5^FBdH8MQ7Nu>XAsE#L3
zsySBh#lSrsxT`<ohdUciZ>{s7eHf_cyKKEy=I%u^CC!1a{AtHHlun6pudLU~;<a-+
z0E`JY(+3I{pB{y$lv7zkR)@IWfkm%<{bbDFQ}Q~a2z44Vt!kvwR!u#z6XWqF<Eje`
zTmlSH(8$>ac5j51Hx?HErwyI;H%}v<@*z^Lyq&lRm~t2T10&ND3*ar&fv_U7tMIr0
zJNgGDf5UgU3;6Ir)uP>dwJQ#32Z?kN2QjhgU<Gq#oj^&<VZ>j7&Yi5Nm?eqcnb?5U
z%>&20CDiFP@rD}ku&SBU>hx{}MQdSGu5bg}iJySo&)4)^Tug!ZA-?Gn_*Zfil_mqB
zPAs+V4mnLF6bWR&%9KG7BMrGI0lW&C1U`o%gtjUE?CyjU3llbWIS6(8FOjG*G`2zC
zH8?=ohW8?uCGnJj+|s#6OSSl*ZVZ+$SP}+AnA3&TsLFS6v^Z}=ZzQl0u>y>VYD?x2
z2$eiM))=^SpW70~*$$iWwN1~kVWt1-6z(jJg<Iqeck@2L&Oa)Q=L<|IH{@H(k>$q!
z%G!h}MEZ5$rlWk>1GHjeut@P9<pAONNxX}fD)Ax`r4b|W-f#M^k^tI(+{T@*p)-Yd
zLi)gssKTKDh>argBA`16upgx$V$zZucbQDV6?NORWYp)Si+?zo?#p&iM)-i;SVLbx
zU~?e?xF`>_PnFsx$^wT~PLcb5v3v)4gdMP)E|6(xSNV$)L1c0=5D}vDR0FZj@ED&N
zeX>Zkk|$dj%^!FGRUMxYIP;wclzkMS1^t+Mug2qpz#@!QPL_M*^-XqJ86ECgzghi3
z3H!J?z94X>?0BLCfu+b3bf=)$_2#X#BPvZz0Y;Sr@PbQTZ->avrkrHCrp`B=c(HJC
z0+t$|5F{}df?fw*&&ueCX}<Sp*a$@Gg_BXt^L?Hym+wJ%C8}JkWKQ7B7Fw5O=#Eop
zGX%Kl1ZLRA_HcwWMLzEInNjo-%jn1$z+8JIaYxYITU|m)YIBjspzuKLz9S4)z73>a
z{&Q?{tcN4=FhMl@?I(4zpi#CM-JU|^Hk%;BU*~|M@%3bKQ{4b!_m@z|@8&Cwc<{E2
zc40K3u^;???%}nS)7L+QFEq27?Qw4#Yat4g790MWFMtfGbAkxj8bk`vc%_k-e;c+?
zv<1*nkyaV<y)ImFl5zs6egVKNUHr5yyu!E*(4kBMc6(-T3}%}h>&q`{8r`+hSD<2$
zf=EI(;Nj|vW(=r@D@Fsr5W`!>`Ub;9RFF(&#JGIDRvjK@x%JPwd?y{%26!P7$yYWX
zZ+|O`bcV-jy7$;(fXK2MU*{h0Gb@XC4l%CkCin>^?jmgk0h{CgXQ3oLWeP7h&(9Xk
zr9?qnVZcH+tuB>&yQQSunK$uG!gib;6C|J6;^mA_?utiX`*M?E<WFTX0i`YA(R}OY
zVV{Fd!<_k^4dzK80KFJ)9T(Yq(VaW-3#%3!&sYSaWGH-_L(_(%)?NFRWt!88F$6?u
zp2IGcyExImuk1?N{FR~<EJ1jLfEIgIjy;FfbWRLMnm%_(Fuu|nM+IViS~X_AenE^#
z>SO5s9rY<A8AvBolE&r@2|{gD+mCPYl_Q4;Z7MUza^Y#@Stt4=X(=%0(ehIecd)~g
z&Gy?%Q!PScEB-E(ZjFYwBkial8$Q6<I~KY3PPCm3C-HT;D@*oWW9T_t29bl{kE%;i
z;)Hyj)Uuf^o#CA~jFpFyOPgh(I3RV=h^(4H!(z%EwV)p@1<5tsUx`2sZz7(=MQv)2
zJ!?K8er@sN>iq(lhl;)~2((3zYClB~zLIv?XW4Yv`A+|#T&qFNzvRs9PKCh=<SjPZ
zu?0AA9G=Xt*dJ9+*JWlqri}&dfJuOtNK$&8GG@_h7Unab>bYsXcqnoVKY4H0DBzeF
zUk73}0W|h^Rbb7^|MV<7k$sGg%<^z|=!4Um-3~1%l*|-uc=t+-2Rkl&x%~D@ec<A)
zaJ<nDa<Z$G29b4%?DRv2KO@L{l|7w@hea!{`?LX^=Ts#e>ov6=aaYPmzv@%4`I^5#
z;?!_vLaw<Ng$(3f18AD>;iLXs?^h=qvPZHRjgHbF1D{s;P$PEyuL-AU&b=NQ8>h;&
zr^9Tf>e7v0{2#|L{=ak-cla{8?*T64>o}ayC6oq6^go9~{xD$6u!0Bz!9M@#pcC@{
zOE_c^T?1o7&i@z=+1|m$!cYJmg;~bl$U)XfU(v);TUcM;(8>X<ZSl!c#@axelT};X
z)WU+&4IPEj2zcP3Vdds{!^+J|iH_odjsgS}{)YzN|B9^)=3<6&L4k0^P$(x5V40bf
zl>-*n7=S3*SSi_oc*js6E;8`=hzN!~L4dHyU?>oN`5$a<PG%@4$6o{>j`Cj!hQtYG
z|1a<{mHU4c{RjMqCJcfAOgs|g=6b~9W(DFivjXgZp_E{5W>z4!^IxuD0FVa*z)&C$
z;2#PLxBM^gznY^i!wF?(XJez}<YoqQaEm_v0DJ?fTwGuvnTwf&iw!~vVP%H0adJ^|
zLYP^Bc+o)2XD&`kPB1eUJB$~0W(XHI0CNDOAe@vC4rUGxRsd#Wh5+%W0g#Il4Ajob
z#ZCzU0zb2HKw$i`fjI$EKxk<;C^sb-0#x)52&M$H1C#;6uuL!|2aIzL0OVli217Y0
zIe@Y-Ty|zCyYxQ*z$idp6wJ!Z#mWVN@z24=1yswy%n61*^3Te}2EY(zFc@Ho6$m&D
zh=mjK55UU(C_)G~>tk6c7myCH%msM_fp!CQ*?{r@T`+```>|<%QCT^GqMYo^U{)|p
zh>uc$g4qBRE<mEJz%Q7Yn}ZV&DJL_8lM4_jAT@w{Kv<7519Dlpfuiip-0a){78qa{
z)&L;<HPBcX%*p{2Vq<3gTZoel7)Jm*9Dt}FOK||*1h5K$0+Ir#uyOz`0s0h>F;Iw&
z1E2}WnhS{T4HRPI1VVrVAO{4HF%W(mh6@uW0Kvux&;-~o7$yuL1~)tVBh1YK6C{j#
zfD{lm92l`+fXja}VGz)IPVnE+4S+y*fngA=huNjU027oPtju6wbOQ2${QEP|dKfFf
zr~-3Qa{L2vGP3~^0lE&tAqvzBn@2DJkR<?d0d!!!3Jhof;syhW0Q8szg*6TUfJo&q
zia@u+AXpv{UmTdMFbJpyfH+{&0|s(%0?ELbV1@iG$_|?@K&W)K$0|8Fq=5#*#?vFN
zC`^!C9DfP11C#)Xf+3JcR4!K71Yl=o0|X67hm{NHcvu5~Q4D|_P=Fa=001)pzy<@N
zhRq}nE&vy31N-AV<KzbB3Q#wM6*jeik;Dz7%mqv>pbTt0!z2o2|2vi;0C`{xfB_U>
zEQ7(YB5Xj<0b>CM!|H}L{4oz`8c;Pm<nJ_Q<=_NZ0oE*F9K*=|Yx1j8KQ4&;)c>rA
z{}x{TU$<WZv;QEiQGh_O&wo-1T>r1#exY#ruiGyy4tNqbJ*BT_>r+z3RVeA72L_{v
zy+Nc-ena^jue6{*NDR2#g7O4D%KkatvnTMtMHt{$?8)PmnCDo5z(p9~CX7&1>p|s3
zrl90gNjqaFV@JVsdx2L~xlY#SiK&UHg2My<m$dEwF&Q0*hNbfGK=PHflETO09W#Bc
z;fJx|!7_4k<=siaOpM`ml6tqci)-G88<88QfQPiZ*5Uc#is1?48&1exQhxGy>zvbJ
zDFO)8XJYh&e)eka7E`H{OA&b~TJ~&n`q<{BKuk#YYW4lC;$r22+0txF;~mC5aQ#In
zG}dUHKq={=TC3(_(W#{Xcxx^OMTzam!D%n?(`KmVMhP4!Pm1G4cX5EFK%|MTb}hhU
z9jZ4u(yWkus47^hwz}!`6r|%`B?^UjwrKIo`K1pZ$}rERbm*o1*dQ3XvP1yA#@wA$
zKbUf>zX_n{yR8YKD!b8Ty6ua^0vQZ8C8k#|7SS{9cD3AOv3KN7@&o_*e)@eddLU`G
zaLEzm?PFpj%s;`fQz8&ep^r!4s6!?&lT#t{dfq))0s)larg)?&|K{`q9+v(ULJ^m5
ztr^;%DyjEypoR>xaqUto4L_WsKpSVvgkIXYNy6JTT?7y}5#*}i-FkyNR*?;>0)ZQ5
zjfHb~m<h<nK~cAgqyqmZ=c`%)F9&A-ZF1Eeln7Q(8(i^<_FBCz;;?E-2T7NcZ;(Dn
zRj5mlp8)*_r+)y5wm)Jp;z90Z8Qn!z?2~XU^V5=}d@4}Fvvj4~y`e5;^Jm4<s<VfB
z@F4y6xTkaP<>@_dlawLFR60a-ZIYLYN0nJf5qo<1M<0pdy+up|TnjF3iJGZ&OrB*>
zo)UX0vDb&ZwfOnf61eE%ZaUm!IL+*s(?10Xm<Ad6H)rj_HJ7S5vfJs^7KSSAPA+lC
z%OjvgG$(QV@@>`#SU9(U2W_P*41PN~e@E`YjdfFjp+TyPJc5&6@<+E0>10GXX>u7K
zxZuLm8Q|7C>+7N(K*r118^Qp}X>+@i&B7$p^IY7t1X04(R4MQmE%b`|CzQA<c;wdl
zq&E`+cUj7%!$QyW%ja~#=F74yLm(Sm!s8!NeUZ=G<aBzGdR~i)fR=oyC`hZ(kl{%E
zsVGtsfCoaftKYbWlFw)(=<i8@X9L*tTaKGdna$^Jub;m%a%1Ihd!ed$|IkVPr1P5@
z8MT)PNc<g##-#bd$qa%w_ovBcd=(g91(`tq4{>iDSJl@odT+V}q&uagyHgaTmG16F
zLK*}Gq@@)Q5CrK^LR#rkx*Mdsd*8YIJ<mDk-h2MI_x-$|_eB?bkG19+bBr;^94q+l
zwO4W^GMdVaJ255c>pdr{ViTkUVSg-&sWdBIenO$fYk5ZX*=d{mas}xbXP_(A!whgU
zMO69NI&hrkLGTf}impRyeFvs6cslsDup7DrVUNGlT{vsd_yxFfBYzdJ{q)iTC0>g4
z+eG0F9zkKPElzegy)6OQg@^v5q34&K(rFsL;2T@NyUL$Y5q%A|$le6OH>UkGm1s`S
zQQQ&Z37V(Fdm+g@ZA>N}rRG=5Zt`PHR(h{o4m_(Y*uBWzgX$1cHo&)3dQR$rDsZua
zK1freHHT^X&6M7ps|cw^Wsi1)gh-f39KV5XZAqgl;*r#s?80?5MVt0$M-2re56tlI
zwAO6lz0w7`2vJ1hkNag~Q(vp1dj<RDwbGdzR~e8d@VczE6e5`Bl9(e*%T*Q?{<>Vj
za(xl#7<d!M3ZK)Jk!=^R*77a67xKAqyqLKXF)YHTFOQoYr7#n(FXa*@j2C_VAcgA~
z!PSuz&@6HNXswl|vovmoyfiTR5VxRqw_bmkKSAd$UKiUj!hsglsHGoGnh>lhpaW}A
z%s33+5)nS8ETm+|4a2_OsE)Uw!Yi<(GUg*h&hwVbDDte^9D^ypgEF<`N+#orr?-^L
znoW~vaN+Z@F|Ti?w95=7<HcRZRIN#-%OrRMMTMMx)i8}#=D>6FHwbvl)>QNTAM_5k
z5ISQ+0^!f-q}w<3!wrljTGQy}km#waaA=+q@E{b``{HrHB7~i`EB=fjN8@ST>EynW
zf1G4_kLsZ^z*An9ws8{teDIp8#hYRK;5pSBof=8Q`O0IuQMQ}5wOGgKi$vp+yDaOo
zwsrWNAX!;S=}p=1`uyLQ29m>BwTyQ1ygEG7CtrS&3eRQSfv<iw|Iukz93G&Sd`yrW
zN8uDwVO_J;k<aINUMRp?zh~q?$dc|;n6@($@hTikv5WefZnoQ}aWi?VWiLT8y3@04
zxur+fnOg@;SDBSMK3Jp}CwD{Nj5Ap$#k4eTcb+^j(6kQv%tNZp#ud<r{itj3I;+Mv
zeql;Du(13jkDW}FO^6zm1<&O2D-9NBtU<?Z@@&Nt5f{#rPeLhCl?%8H6Qa1RQYGlD
zL@2I&#JZG~p5D&IE{*7fxY(@~N5s!qPVNdmo8Ni?+LzfDhU!(x6`a_n7&;I407D^f
zVN@fJ#NAk=Bq&b#40(W^#dhb4>N~N8f!h9a8b*E?S>02T0R!oWlXXV?@xtU|+i;s|
zJ&6@M8V-Kg`#R#glX&TIc3-$-Elr`u#%T}^wlsCoY|~M^^sm8d8Za9wV*;qR6r_>j
z<18@;sC?loo*~ICGC(XcF!t4@l`nY{i-OaqjXQs)ndm+QTmAfb^I%ZgSu<sf2cMr^
zr}*a7T4*YRoge07S7;^9A5Tz2&k%p&q&clfLot4QA2*hDCFuC}8o);!xnFMGb=ov`
z1?bOF!-v8kV1^E}|5UfNLb>UPW=&><BAj);uQ_`$C+3#=yZiI-^B1+ZK_~EOn@O8Y
zj~-TR>A+aGE}z4VS1T3g?`&m#0(9=cqml1Ty&qC*@J$?D-{1UNyQ(6_)6aFQVhcOc
z_;Xwtj`qUzv)&~mF$?=(M_FHB=gnC6H)i*#Lc_}a;c8!v!QXyoVcGlmR9l}Ax}SO8
z&#z~pQyQgTh(*QhtHRljo8~i)?0B){Fh2RXrR)Cm;E=Dkt7|d_w)Ds8nNQ*9VRApb
zDX{Q~*YxX_>2^`K4`<T+*ZiKG+!}u?L^}zvgB@w|OrNQv$bLdwRcDvh%{Uj&%QS6!
z?bJcu;+3K=Yn8ZE2@h*4u4lepc_JT&cz9rHTESjwUNc`7&d+f*`z)M7(3zq^a9Kg?
z`=7-N89VDAU8=bVKX0my_rOv8G$Owv#l1@8e#0;^d#kIfsn?}fb^f%Vb)lONQ3I1X
zZ+gYr6PznKj)SkZ&nnPoPVcA|S8f?l+9mxLJ8-Vr!>~tT{?W+DN)<RXMfsxZOUkIp
zQfGy|)6LjV{0>8#2V)i@P>``Iacaerda{qY=)QffH%89k@>tQk)hLRZYgX`6(YzB*
zVtom49SZ8R7g}+fRpC6?1CClTz1x%3_Zzf5hp@Qb4x)|EM4=!a*G9cH3E*@I70&Ry
zu+6;B6+0+k?^gZ<>6OpSkM{CjM0XkCx}F95rR^^ym%_xz{RSNzn|6x68-d!nKjow;
z4U>0Unsgsce3_`F!9uhyF;3LjzZjD}XYu7||EQID(i_F-@%D3H3<~Uce12N|wL&(f
zsq+gtY1|8*fFYP^Gj+dv3%mWZ?!!<$5tDTIL=>|J3U1)5@ulzKTo^TnOukg@2wHPV
z9<f+BRZn;O@=VO~_sH}@@f&cKv&YT4qF6kBG`=^9nD_3VXvclSQ5$89#)HIxRZ61u
zG=?=Xy)r%aQlC*$Y)spry(~2CjaL%0M<{u4>4r*|cxl^pl1R{+!?Dz-37P(`Yhyz?
zfud)^<K?tYna$yx7?DyI@U&V_@7)d}^+$JEN6I3X4i6d3C#3raM&CQj=vv`7Or;gR
z4G$`+pN<CI@@ee*AjqIROQE_4-{}Osr56<oHcmcb)y%me08I-Xh6k+;+|*7A+;`XX
z9HZi@kH<WPy)+l1;Nw3$h?CscJ`s)Zxf+e)WROW#SY@)vuew4jaMaS-Z`^o<*?ps%
zqM#wg9_x2Q+JIwTmO#c&=Llo%7WIEBax*fq#dSJ;b~5+!)ZIWTYja_WClU8_o#S#g
z;DKHALBn)oGKrZkv4n?^xe(d029fPBQWeql>I(cU(pXPhk4;BKSIjxo3T;MLPCX!&
zO65vAtL=s`FvnBBsjjtZBWzyGJCsLFt1@5WjAsmVHLqpnGR>24H>B|Q$UW1GWMs2H
zc<QEK<i7L-DdmaK$z~2kwB84g8<PzgU#f;*?+o*Bf(FlyuJhjCW{0h*`#BA#Dv$XY
zlbh<L6d_mWB<8nCY;Kiz2;bgPsvl3ktf-|Y59#SqAJp_#<Mc}8VcxFTrc?T<pdB<d
z8K~1H-X|@~&7**sib`P+GjH0js^zLM0oU=Y#%oaR_cE_7<h+D`;NV9l7!s8Ic@&SD
zO{s-pa$dnGL-Z$e(i2B7+(zWyIVIY4^VNKY3y=8}Ry@qWnWW)+T9%;YikZ^Smuycd
zw#(a8;M;%95<9@j<<J6ll#b_wNF0Ag(#k!g#o%ewiuTD0)f4@ER(NGeHIBnlWFXDj
zce#8|V~KWG^|jNR^2vdYer5lQ2E3+NyJV{cB{8wi`Hv@l?~Z&Q=NscoD2!sQQU>!X
z*Y6B?&B&GU^!CCDB)O!Q8{XOGl2Gdddiq^TBBO684~>&mR5&|^V4&}YsOLp?*ir~Q
z*{v##WN{}7&o)yhjx~djI*j*Qjwr4ke#s{(kIZV<4)}4Mopo`MxH0wBZ6%8nQMx>#
zDrR}RRb5rhQ3FthrW3SjR=*3k!~ce{-YkF-%Xl%^hQa&<yEVN#rUOt&+JT4hj6Vp9
ztFuab;cwyF3Pa5(?*i)$w-5SdK|7&$$#^KXK7Qhs3Kbaq*M_&VU*{I@%9*<gu7gqZ
z!`G?hgdg(5E{henO2gU6uKKsnri@BYYmGjfjhoA=I58T8ryqsg>cRJ_O8KkINa5R|
zpM<g-(Dp@$X|Y?624RGzXedTRht|D0S%L*gPIdaYxTjO{)CRRJ#ruboOy4#3JtTQ+
zc)L|uqx_}%b;*PO<RGxL;&h6ZRvFi$&G(0B%@&D|lzu5}OZV!~Sf(rAH*;Ya+7G={
zM5++4f9v?}_d<!b*yKTM@4&#y$w{2UwRLuFk|aUk6vgwM2Gjfmd|#hWLd5QTaj2#|
znpF?aA1qW7?CJ+NUAl}sdEAU-ZJ&AOAFY7jRGF46sIa+29$i!zsBLw_dUktN(S#;(
z4{K9@Cz|UCFzoHTZolHTr(Yc^U8>`UahRU$s!1`y&hcqOl~6Xa9V~^}*Mf%)%>hR2
z<4)btJo0SIxUo9V`3_r5X5xF$L48^dKddhot*G|UQ2c%5kQS~^&}s(%023TsC<cwJ
zdXGPwN93KDN0+d4RWBimnKSH{CpwuQncu4SIS+BND<OXfukRUJch9igtGegm0}jHq
z`>4_qaP`>dJC2@7F7{DI1n%!pP5*BBjVe7+PkfCtH9fW@01g?yJHs~wcyNK0;i$Ah
zrRry{o{CoC?S$H!oAZqa<yn*gcO#(_ZP9rMy3}*+nHvKgj+%@UeXO*}Z)_^J*PV4R
zc7?gb+`&m_PDrA8sqM*{x!`nKV|X!NB=vDwTRJDx>)e8TGu0Qg{Z(IH_)vbYOiRrq
z_UKzJtc`B!_Kd1b^uV*%9IfNVjV}!Fh?a|UUJVTuB0e4_x5L$8{*ur@)ZlF9HT-m%
zQg&58EtIvEno0PfU^8XY_p~@FHLuO%s4TQ9AyT+!!l&Q)p-F|2KKs`ea^cSAe!PTh
z#ix%X41375Q2TLGUKhDFk~I<I?DbCf?n6q(BRicrtu4bv)QV2GyiPu#*tbN%^?T4A
zmVQrGyLuPr*Ke2smxOq{+<9omp0*sjGRkM&3VIFD?=A+%`|!azd^so$XKI&0tDkhF
zRvSx-y`*eH@Ues;=h!GiwD8*BBg=A1evKxpYv#sf{A?}W-3ewEUn(7v9k<xQnEMn7
zO$6ZLu}97IPpWkK@0iyXF9!;El_sc2u!D2M0@jAS5Y;#T-Wa0cMl*+RN-=(9!i53t
zyuS1{96hDO*?Nb`LelH`;_3HXgOxH&vCZE5<iX-&$J`epQ@KC>ZkF?^Ak@qfYj#Wp
zRSfQ{kd4r-p)|Tq7h*-XZAO-Fe3~uyxqByT!Gq&wv&9%6WYD+7Sv8G+bXzmcZx;Rb
z_ue3XGxOvA{cB6!(Ufw(2va>(fr4LM&b(_@S~?RFmI`0Si^VFplS-1U;HL?Y{e`L5
zs_9RrXW}X;V)T3#9;6_5_}|l$ZW#=7yqQo!v_Z154KIAo6y?0Ny)n?~I7-o~gsX#p
z;*;Bllze5H#v_>Ud8Q+>t|vFW_XqcPgYff*Y{I80Tu;h1isnj^=&3xci^`U1(?&Oz
z=yshDm@-!#t!3P3M&9c5;Jz8Uor(lQz<;R7b>E^Ni%(ADJW%sT%$l+-#qf~{8`+sQ
zUIQ_X&DPt%`+`2i;Mkp7w3@IcJ+vOfMD=(JV{v3)Gs}G92SRCE*XXhM;>KEY+`LD>
zVsV<dr4paZ8j1M?%P*WxI0u5siN0`Jp_udmnP3BT!)98lFM648cZz(|!+`mQNl!&}
zE1`fYarHdQf{yk!q(VBz$8=1R49ypH6HBtawV%|!nE8`6QR6T@q!oQV@}sxXz9>t=
zv2UdRQI8A47Lnx90s~p`z!n*WORN!Yc%nwDs2tG`<DE_m<9zBPmP?N8s77wVeq!KD
zLDM@Q?`$^B$_ly?*eQ48Y5eD$+1lWOI|_yl$@5lES5qyaN`w*zO$@`RIsg9O&{gJS
z!ZUqs-Q=-bA3mvV6Dg_z$FVgc^NIE)Wutkz5GqOPhRd{^x6Gl~6#9|IY_el8hJ_2O
zco?TF$u_(PHjVZM2Sr)^G%{hWrPeCPcT!Q9B|kBTM)psT*b52DXC13=!qMvGg#10w
z-b9b%%p>}vDAzo^UlKapGZ<&eX!sF4V3wMGgM4mh=racO*PaE$*BpFW4=M;6=HvDM
zxU?nR2_)t^%u0EyP|kDq3j3qXIUXS<TcWuja76VCI);VTm)$t=y$>{D3Ub%rsnoKk
zX4*iS^QfXtSp`=HIZ9Cj7?y)<d-X>`9#mnH?%#@WaQvy}yp7*r4YPK0zEs#cF7Lga
ztoA#w)3LbAB2`gu<k1gL2THKSJm|>p^^X^=Jk}d;owUwq4pSIiY^;vX2)tAssy1$K
zM#3o<_yx5z!T9NIt1!M~L1Kr8W8UOuw4Y<NKlt+L(x=(EeehsxR`_-}IGE&^AO8xY
zlh7Pw-r9XfUC+OLFwNv5@jBByG2d5ONK=)1d;LY5Y*go}omlG7N?4ZH%7b-NONR-U
z>H};=CG24Mha1P)ee=W)72OdeKLesIcL8*+Q}+qBGp?2_t-2`q*(^m|@mc3))+kNX
z*ZWT|Gb#fbhkj1ziql%6aXjnT{UGn=J(^qlxx+fE>3V-iQ2U)<xX%~f{!J6vT<KXc
zQd0KTdI^R%^CLQ@?_?3im%_ra!b1MI{VAf>Tz6PkYWGSmda+cInxW-iZ+wL%|M*8Y
zCnJnnh5Qwl$XJGG`B8tK%ig$IpDe0uuIX$fDn?Yioarmyq?W0sh`9&-{bgP?ZHI@R
z3y0EXc={bWpT*_txKA2PKCPQXM2<wyO8MkuC&fRYZh>x0X}wMq(<;n7u<CDNpz+?I
zCDHVWr}w?5|3o->jHo8sr>UNz2{)}&P+=eMwWDqx>Kc(RLy@^Zctoh97XA9Domrxe
z-MHC=Ec$n|WI29Y-F)B4PGJU1SxLcJqT5U!2PgNB;dn1{GoMBwWA}}dpUJ56Fmwtw
z7e4o+zNV_Yr`4tGmGkIMw>ed`@hx-}F0m%zQ{8Sxr=(c0u=J{ziJ%Fb+}Kd7cM~y%
zc9kw)tKu#XG^_J)$u^V)HTf!cNa4J{;Xs&2%wM8shBwU`_c(p&o!4YQtBY2M4PZy}
zgXPM!9~RD6FE@d2reTi>A$etdskyl=CjNDw;P#{Lw-n#`Htea9{t)V?HKS_J`&L@0
z_sYTD7-x%pWBLSh7ph&wkEdH@z3(&Gq(6htuvrXCrgk=dgcD&gsVYe{UcWF1YA(o{
zaQd7U^JhAe^49S;O!&(m#^K*lM+tXX#Wg3twdtqUpZ>~9OFOw!dR+^9Y&b63Sn2bm
zTq~P_u#sXYo1UIp#*<#CQS{Yt#pe)AS}{(%!;9f-E*b$?`p_aheV}Z*{E0oX;v2B9
zc$r|3?Qw*0jC7ACIE}8PeL&xtcP>RgZO9&#nLA|qfIe_o?w;aP0mQCgsCj~C-Jdbk
z=rHS=qLf=F{>6w0Ybr0&Ynq3<Q^l3p59k$VZg<B}qVcK^D5>Kj!vEeFQ)$($6z8%>
zemegq0&Y*x0^Q>*#vtWOnPt;Pzwh>;YR6rX|7&(FOo@V$<6eX?)!22=liu*RW)F=m
zzzwv5Ki~rLz#bw0^*mw?_y92;^9oWqj;Xz-R~3QSYdmH<Egip|i%elwWJ|0k8QH#P
z<-P*2L@OS;8zyb(`)(OUM?p&hFy%~8F}pA^=wk;({l!7j@5f2CI_8JC!Jo;10o4mn
zzner7jsoX?Pq6OM$F_+&UJ~FQFgCMp1bkbhH6JPpJ@<lc62*zNnrS{2G=GDJhgE|^
z({q9${|IGmDF^X&L`PBVT)xyiY$4};X;IgKsCNAQO7880XhSJicE|Um#|RNt#UJ5f
zVg$1^4#Bx?{xI_&ynDEP>ZLkypWa}BCj<PtJ?J7`e9gXw^pxn8ZoIGGg7qv-f@{6V
zZ814QRTw>SHY;2r_T}rmFVBo(hy)+^cX!mmt%4j8hJWb&jPP-w5(qLx7|wkpH!R#v
z$=E~Tp~`nH<AMl(j73Y2^XX$x!`*8{k7xlz&uS{Rh=|GZq8pm)L~zF)y7d6t%*6{I
z9TxjKOAyvtlU5AddyK_I?^V?F#z4NGMn3qik`Gz){z3;P3%ysKsPXDqI6JKyrFoEk
zcoecrJW&pY13zNKoP9D}@#|5Plo#xh8{93(kz2GVS)^Z1&_`3E;s~0B9fiulDv=6r
zatKG!Z&H_N+xcsv*uUK5FqE_wE$($;^3zkRbl&9XmMqpZr9S;3*S@bCPNjV<JyfB0
z@9?5%<=cR05Gjgwe5rI7rYJqN>$~|^RL$J<JGMQi2Pe<W<lBRs2pZnapvm>nC-aB*
zKagYi%%_aVwo!=&bE|rhhNb-0M*_}vMN6xyAl8;@L1`8_S!PBQc!s&ipf$Cy0(+Up
z?+g32DdSD%Cw;%Gs5CNN==kd$DNH%7W0m_DQ8>`4+oq|0K#?XGNf(DM?6qr2kz>mU
z#Xcj~9?bPVkdwxj$n2<Kv52ydgo#Ot{RPR65QLfTVVLz4?KE3;qnTom;{T*CZ6ofP
zg{im3-%t6J8P-*19DH)|<G4H*mwLH%OXakqaBb9ws|*%T*@Uf&tMp=(!8(WaPC`Kx
zEx5VDC~3_1RQODq{%j+ZCY=Vp(t!`V%Cj%(^Q8dan8S@HrXg{sv-R5Wz#JVGI@BLR
z{>tD;cE{|A@@Lk&fIiE<`oQ4+3dUS}<Qj8a&gH7<_y-uXFy1b~_(HnL7>V|Xt{NOM
z#|=c5x7Nh$+n<`M<Z0~N_a{>_MQ5w3RzG9H6n|>lZph5%(Y59lRUQ56ywsaR;wA>y
zIufI2u3gl=k5A7QE|9q-0)wA_3U82zOA|r7$zu)lyeFtBs5^zkjltd$Pwne>k(-Pd
zYuo`(<{-^pMoVK&(KqL~u}hXINod6b*QZV$xUd5Zsi5F6(~|Key)jJ^iCGvdTm;;_
z9vfCG<}v+Q=doQe!-?h$PPiIjF!}8Fw-w;p*)QEAmY?8HT{q!%@Vq39;m0|FVe(8k
zD<$Q8hYY&`xY_@_ZGcx5wt-5a`b@T>5Hp<UG1APhsnI1=5novL%V~{X$GTUUolS*)
zx4+hG9m_h~U@&gl6u&QpoYU#A{D*K99<y?ZzY>J2hp!)5r-x>FUc=&{D>3Y!R;QY9
z=kSN-L=>G`D|RuqGilS0IW4YW&v*sj&hGK)mhTmX%)Hh1C(us5?W?KO%(aUtSO6b-
zKXd~#JaJcA`_Idu7uY{Pg~NNvWgQ56>M>v=`S0I&A?X`AeKBv$ReYfo#2NHp+Wf&d
z!S<X%=*uDz&yPI*u;2%SI8*}13!@r$vdNp+T1Drp8n>6#->}sVBWsz*p6>d&%(GrL
zq}YMP*~O#^djW&hTYy@oAuuMA&VFhrNAcooK$I>n?$}fD#F~&b_tL}3Tf^e^)8oa3
zugA$WHBIMW@P9kMl$)_<HcHH)_`m)$^8Y(K1grI1!_i*$ccU*QE6+nZ|9e)f8+9mk
zA3QMvTK+pMK=}VZR!s2!dsd8x`#(T2K!bt*{|3RpTflTcI2m~NZvgDy8~-cv^)E{7
zA0F&KC^6xGV6p#g?Z0&XR|Npt`LCiN-~S{E{FMNZ^p9mC{}5$Dpw(ZZ3?hCYqKpSJ
z6MFY=o=oIlJee@q1H!WYE&p}sFHQCr^a0oyKR-m10VoULCxDxQ2rKZ)^AF4dU^sx!
z2yycKrOEzcWdLCTL>D(dA0U+g2*e9OFCYsG@ct!f_yM&7ab*Bif<PAth61990EA9)
z1GoiHIe-@9<%eh=Kp8=5fe6SNh^XO#&=(*IL*N-dMCAZ%2Eb$hrUC4dFodju7tkSq
zmH7Ap*aR6O02%?DjGG^zLV%+Y275th6Zb#Z3_sv}0D1=4!N2g1hycW?L9iSE#~`$a
z2e4awfU*II4}^39gb7Fj`~Z)FNG~1`MIZw@2y6yu7dNE)ulyIw68@I}SR}yz@BxFs
zMnD?<LrMYG5Qq?+2Ye9#=74^={{fb``2ctYM1ClGz!?EPU>=Y~0Hp`{0$?y;v;ZF%
zSMVw*2!Jo(5-$XaLB?}~j}bx5ME-Wj4Y5^#`{M&J8-!*-Q3N^xWCZ#E^cuva0WJ!t
z0<<1TBw!6M#0v5Obd8%Iv=sn;1Dk=&Eda&~_`(gT;)aksXp{tmq4fKkMSlko;>>^u
zm_iUGpacX768}ZP32+0P5^!#UAeJD)JOERJbb-+QO)%gA7$hD6WsqdxJ;26fK`Rho
zU=Tkbq#(u-u!jPW1t4+wxq%GYfwvGT2UseI+ybI7(D65g_(4d)p8q5b$W$;jfL7o#
zAhsZY4+z5iAi06tLc##^0%HR9g(4yXHHA|BpZM?q77SwIKsxaPvW)w0jD`OKY=9R7
z5-&&_&=f$G00;f6fM57;s0IIGX&{UcrU<qJ8Hys0uporh3H^s83si6e2=y<z#w`GJ
zfsOz-_SaUye>ga>5<p-OH3wm75Q_@zhLA>R*q})Vy>kDPR3c#dfM!CFJJ29PkQ|tM
z{9w+4>BPqeWfLFBTHe2d$^$|QIurs-8dQe<#su^adKZS+Mqn~<5R?lDQiMoDh?V@C
z_B;@-25p3pLNF~rI{uXf`GJ{$U;`8;)DMp^Xbo%!3W4bm{|8Ml0mw}-u-p(1333;j
z00O|qf0BV8OcG!!$VZ?VR3SiMLdJof{$V(QH6Z_?jUfF1xd&_$;Q^HfOmq+opaT>F
zkRgx=)C1@K*#ZU@BoQx!`hgvQDv$#LV5$M>Kg-^K$I<-<OAOrNh6Vv7sVvYd0L=(s
zm>>k{LGuQhM?##uQ1O8Z12hFeH^2-Lz#IdQg#LzC1ndZT1l2ZZkp9-!e~Hlk!U6zX
zg|_lSoa5i}@Xy{*;zDuxr&mzDprG+XDG3D!0v$nlgo-Mpgzq1j8_EWN2ZI^(Hw*sh
z5TqN3IH+aZ5N-*kDTFOTV+)NBnBsp+g$TqNf=~)T!vQk(FVPAHoSPr?0NjN}87jh1
z>Vt{_O;D)91NpBAfJts>PhK!6{{$P#QxG+Pn?gw-__r~XiGU=Al0b+D*aDIS5+LLm
z%4slLpcD|~gAh-EUJ8Pkg7E_M@!yOQf^rQEAC#w1cp+|C1XTOKApvFWZxTRB1_k+V
zf^b7d0EhWNAV7j}LzxIX78Hh<Pp~ULD4)RTzpH^_=y(RX3?Z7}@F4)T0_3s~l((P;
z@<Jg3v?kC2LJsCE2m<H<Yy@e*3uYdWfes*pLx3<;8NmnvZvl@BB_MD}0CEV_XFzvD
ztHFU5Yz9gML69LCNFd7KAOZv)9^f_To)@Yt(9XP2bO53Y?F)`3&_o2u1~r1p0R#dA
z7lfc00qOzIKUgndU_sCSnaKZL!gINM*+~A+k4@{R_||NL4TC`oF*uKOb@kwKva+-@
z<Fa!yv#|oT-QLy820jU2gxyz^Q;>rpARxd@!9N&$1||zbK|)4GMnVC<P*6}%(e9z6
zfgfBfER1`2xcK;ZxOjL3#FQiigyckcc%*cs<Wy8NG&BSx^bGXW43yL~)Q}PcuqzrW
z8V))-4mBYjA@%?D54;tIhYouKOG84Shauu2AmJgv+hKr&ML+@8LI(fq2LTZY8CZ#q
zfr$kgRNsdoA|N3l0{ejjpmhM)4nxL6!KdSqK_z%@hDPs3$ouMD4*G*fl|P8ohYlF{
z%wL3HU=ov%l94kqF|#~m1!q7)!Xl!wkDtiNKUGlF(A3h_(bdzpu(Yzav9+^z_we+3
z>Fwhi`ua^+c*NVtgv6xel+?8MA3o*gea<iVQdm^=^;>mKZQb|!pKa|Oon75My~87;
zW8)K(Q`1Y!E31Fj);Bh{4v&scPS4ISF0UZJ5MW6Exb+{N{V#su0lyHzuppyBejy;f
z1Pc-#G723JD!$BfG&45>dfr#)gpc0kRQ|wtz^8sdWd33ZlbC^jiSZC}?XPG5XO4yZ
zKl1E99Q#kdreXJx5WwIe;lZR}*PM|o*@*ww%fl*Bxfq7%FOj_cT`)|Tr^VDo*w1T|
zEcuFf!#?|*G9w&yUSCdm<kc5qIx+sX7rh%c2j`(yxRS~*=5eGY1PfZ~%B3$Dm#Pnb
zzcT%>n>IfmS3TFg&hb4=Rjt~WptYV~qST0DDzM~ub0t^5;j@xvZO|vNX|~vlmn+3m
zB*xo<ZYZ%%qK8XZ4U8*jm~dE(mq3?xQlV0cegDp9Z2^k`G!Me(PpoahFWCRS=-zQ0
zGQC?0pjT1Tt=FZKX}x2X2qt<Soj+<`){~Tr{D;}n)?R1)gHuv!>IB}*4^sBMbr|Ml
z+zM_--#-3;U|jaov-(E~RmwQj{=UAL>&+}Ta$`51-a~u>`LQwA=~m*k4ObKRI}f63
zgrB$4^fouJ_l!|!mX<Vl!C@i(u{If^69w{5&-dXl*q$Wng~1)Z3-!#SgSF1S^K<N2
zBpi)n`sT!oAIs=BTnE?BTe`K6Zqi0Q`}`XNJ;SfXyfwXpS`UrY@RSA~V`O}60Myz8
zL$qDJW!!J}AA-W^O|@axX-KzAok6V2rBdZ<tTfhA`EZ!ej2z9>rF+(N>UQm{Pik8b
zp^>+I$65XOO>RwJ$Ih1b`ew$&G`Z8C<{UGW)4UJ^pFweF(fbaI!$OD!Iivz7%sVYB
zCX&NyXbb(Hl+5aXON?BHZbokXb~PTRo@di)DY!vOrSH5JxyF#7o^Lr&^ZFFYwi;K8
z$?_@qe_eQQbV~KTUrINOa~Wx~dG{R!9wKF*m&Y`^EDu<8>bKeJf4h$7IifXu9ph)}
zyWGTf_VF-b%Qr6&uPRBL*tu$sNa|>$D6V@VdSY_5jz}@JCgD75v1KufDsv^%zPXcY
zE^ZkPTSW1s!4wzv*IJpAQn9i?c3SUm%f|YJJO16;v`DWGW;rpE^_A;299DV5#q`~s
z%%JIM=rPVC+<N&@^4<PQ6YaL|9P<&&eXcEf?JP|xC8u`A*kUR#Tc2`#Vy2GFg~Lis
z@V#fW(~S>fi;I>2+{}dO#^ssbd}_|P{Uk0oPjm6|Ma_=ng!f~f!o9quxK)SMZ$=R$
zWvG0{Hn>Z>7}^0Ia2Vgn^1UbP<ZSunCsf)e66*W1<2$G6BvbBoOsA4_aG3I#BHM<(
zie8p@y6VPt=#N0!Z--K0CDp}(6r2z4>4@j-VLMLrn|xJ^o{>Ae_mQGGkyvQm139aK
zE2s^zIkWs#KX)9KQCoqU?0(gae#bM7?XRa`H0o3rKSi>@{=JkbEq6ub9Jqw;2?&~<
zrQVJe(JaTuqHP*k+%M9Lg^@8e%U>L?5FeUE=hf8uZ+`GOTB1FC@Y1DqRp)c^;$5{7
z^FgWJ+FIK0qCqErwa2bH1OuM#9Aj-HA8a^RPkTi2pFathItW{DyG2wZ^zLnY{Mbg1
zqCXAya;;$P_mYXjq`?y_3zQ5@VwMNGgE&9rP`t}`s+R<+hs(sZ+{upjey5@?ooiZB
z1~|;Jt?>2hRG06pd<&8+m|FEVv5*DNg6HbXIi}fFDKRqi9v_jnT~%_>4b8<n`fm11
zGOe7xyi$_m0_S%ZHMO7nb>^e{#?ziO+){H_)X7KGg%&=aw_cJv=VFBI&GkNg?fa5?
zY|nD?gQx3OhKJi+U_p4sQjvPQXu_D1%@xtcr^wUaw7RP)Wa@rC<RZDI-ECj!o7*o$
zR*(<lLQBimEbj*2JboF`MATKV6nU}L5Eo+19fa;ZOu(NuQXUbuO8s`h`}`M*k53Km
zHa`vPd2SIL_F%NvEla!XdsYJn&BpHv+x*UL1_%24y{-4<-BioNBv)BJMZ*4BvPWHL
zD=I%6Z9R!4eb(@m5{ANGo-JfC&|(`$E)?d^;BiexXfGPKmx#6&gR67PW5W9CRZq_^
zg;R;`?2GVazbq2(=40LW>D}z=<GkLnJTu2+C79R!wP>gMm|QQ5?;7J?^;c#Yl&v-s
zeY$J>`OTjvS7n*&{*-M6qDp^JmBkn3BL~r@g){Ag{7q+nvlroF%Ea$!eg>Xzu^Bou
zntf3$F#eeD&Cb_85hIxyfa^8Hf5Bf$KcQOtta7HkG8(6jbinXa<jrNx+|(7O0vm1l
z!;8y<Ie(4MnGOokoL_D8g3$;HTmxEvv5kExt+;r*w8a|ln@g!mO$xsLa6I~gYHa1*
za*ANA?qo?s8;Y(cYC_ZTS;U1+oze<6;?#%d1G|k5=UwN)cb<!iKazNla22onnOI4S
z6!Rnll`q7NiM{p9GVY9R_2r)Rg(^Mqq%0Vf`Wh4?RolqTFSZ$KFZyD)M~c4^4)Z$}
zF4rxO@W)s-$U?u!pD?Vs*ZZ1bLn>DMh;3Jb=2`WaM?-+zFRc`eK~dg}P!p1j#ilpT
z-sN5<SsJ^%jxM#iJ<R*^M;iv92zE-uLldnW{q~E$wb|FGpQ8S4{dJf7n6-3L4VTMJ
z^Nr_*7b1%R4!ZSY)oc`R%l5MT%g@5eB-_MwyiBxX$a_CKOgTBP<CrN{+jC}87@hC<
z$D^X6De{<T1^tY;aEHUBzr$e%jBr?I+{JSmoS+R7sXOGBi-}=4%w@?>>U+@pW0OhJ
zmc85ko4C|(rJ^f3V@~|V(wz?9wHaA?btJZTThKSg=V=c9q$E0!J`SNpKXqO|9&k4%
zyii*#zqhSWys7W-dDdQwY|R?!fVuRg*7Dj^lAAM6L7>*c_uW4tjunyWh0ZoJ70;ib
zHd;(#vPr3rp9Baf*^_5}E{e_9djyAxu2oA#enhEc5NvW1fy44~Xs*U9a<mKDi0|Yy
z$`!M^7@BQtx2hgI_+n)ig1#7e`EupFE$rY|E_1}UG^20Dg;=VQjRxQMcbZUqaVoE+
zz4gc5v+r^_r&r=FsjV2wN8Cx;`<7;QX3@MUY3}1@)z^E=5LExf&&QgCD*Q_UsonS$
zHIq$b>qJ4%!|mbe$-|}Ll;laiuP9iF891ZKrv*JIeqB2aE7JLDs3tujMOIbT&Y0^-
zSF7tpi>DS!Ee*q-N>1t>HM7&*461GkVmh3BSd>~MDmP84CDg3C`n{hnuV}o7bZKyJ
z6dabzF{d1e`=xxd8V!$1glX@zT1>K3@n2_H)l12|UJ)*Qvhg#LrI6*{Guv`!8_#yc
z&x@?Xy}tB3IyrK)p6Yef)N13*m3h5B>yiL<D${e9(m1X$_GWJ5{rmRhP6<L!o|VY2
zM6On=g`1EFFj_Vo>Jv#kcKLd#(>!F9bWEOfN7}U~Po<2^dZV5?|2u8%0(V8B=UT3c
z`S){<A8uEp7H0v6(wm;<lCOi_1jsxAM<eIu39WO=mPuX7-}{ngG%$Z%QR8Xci~G5E
zgt$>s>sKRp*F-0$gh9^B*X4CVlisROGdS!G((>=iyKit<a|g{qw!a=6CN-XQK3QJy
zCHLB$WG>*xZTRb*yEFebI1Cf5BkTCq4h{>5lv<L$_<9#qDz#r}qV`<=Y>lh_I`kSB
zW9oM2$R$J)_0Z(iepzWXRvPp09*NhOf0Ek>(nzWA0HIE1M7t86kh<U3p|-&=>JJ6j
z@z0+Sy#l#M2>U-+5a3hLr5Pa%6^0J3SLk3~#u>K(;M&Cv5e6dzYoJRr3l}FR@WE;K
zf4|}3^mcNLR_}A3;lAHUvLSW9vCn@p!STn7!Cn=L?5@=WiU-f}5Z)=p7kA3U2XTGw
z4X01dNNETq>;HA+?OyrdGFO&=(VkT>1AkY4BigTQv+dTYrhwtoi%jw#n;)9Dp1P=-
zv`_|&O)uanEH~&De!z)nHfOI1tzmU;bx5tC4$(@RKIpH{Hclv`dcWFes!b-Z6L@it
z=4$@i)xBNI>b4+ynK;bEb74}Na{D_zd&!M7OX9Pj6xBZG$11|ob=&s(>ceI#jH%))
z4a!O9kF<S^oi6i}&=i$lDs22bzOP{4TY5jKF@G~qZR%cj^Wx^cb_Dz}Ph{-a52WGJ
zu7mCA#0A+H!bc;E<(r$`+N#U>2?@p~mYDhZE-KH7#W>U1xp1s%uIWBFnmD_B<x91B
zPI*zw<T7ugL|^WTu0KH1<St?O0RJ*PzQhjc@rK(-h|!2OwXw&6X-exG!}74st*#Tg
zW(p#Q4;Ve`0#nNe`Xs*{f4$&1UgQEJ^6#gR|L2%})p|i_{s4?s$$$F?7jQS!%E@}i
z2z=_MYl5bC&Zog9YK~OEc89zj)w?0|BgziBUmGfqJ@VViju4cRAVMr!R(h5cmJlYz
z8I89g<eH8wogqv-te;3JI)9$e&+ob&JXhuCk>k7+v9ejewLWi}5_0#$<$KhP+$s-4
z<sOZ`k1#AhH8mBnS&dQ2q4sn)c1{e>TyFLyKJP%t{R^pyt|orEAH23`Xuco*h)gOz
zLA38i_mKVo%T_|16A*Ogejq?=f@5mDx5(u^jV@8K>)VPMVBmn}UYYrMGKabPMFj(E
zz<CTMdLfpb)@>!_4-p><G;^k&-pie_`#&9&MHcX<pB_n~Bq4gBNDEY=cAu>L<e`oJ
zQ}^hNU{)2;&?!c$h(V*^Gm{x*q50pG9swJjN>4e^utIM>;Pg^*;zS~rwf#5~!N;wk
z(Jp+omKgV|mg|o+dtmSfrz;0z;{|hB4xzvpb`h`l?+Nw^2pJh>>wZshXLybG+Z#U4
zwAI9T;pC^kbEStgYE){;qZ3rSL>_0rB<{c1WhN4MLd|L2+M%1edHemF;L`GC%p<80
zQG?0jX^Do{b<v9A)aUMnZ7-{jBAqL%CE(%5>SkHnPpRwY*?X9+ze~Auu(Pv@-dEey
zFEMTsHK@PKJ(<8Q7mB4oIFIJ54+?7($!@-ze!7Jb@OINi?pBk#SLu|t?`w-OS1lqc
z{@g7EZtHex=T%>AmDcKjF4vTCew9D!3fH+=$R9)tHns4i*25KL72#&1wZ8EL+*ef;
z4GPrl(>;l_9mkA%nDNOpXq3@Iq%&kOL-AcapQxWa#F#1^-F)}3-bpdt*XQI=<#eRF
z$I2j7Lb}=S{I>u{U+1g95AU&GW6hT)sY+GC85t)0-ATPYrSs63EcZ9JQaC=lvpJP7
z4B9#QNsF&-XM7nYJ9;~eeSUJ{xV@<`iiRutg{~Y22Pf=C##3LPJPD)L{0X?TRwqb;
zXEq>1!71{cBsE1aq_5v&JzJvIc8K2gYX}xPda&1z*&3&rY$s$AA|jMs+!yk3)NkAq
zzDJR8{q(V$Ej6fJoK@yzW5fEzd=r9_a`WlQ=L@SoP4Vt!o$|77G-S;`6XoSULJb3t
z*XnO-oUku4#nKO2U%{8cQ~WiPIA}-;)?VQTUAUs%Z9JEkd{{_<JA2{2esx5`g|o_K
zLfwm`c2~R5c~I*d^JjlPvlYqaZYa0MUwfSYt|RKb_`&-6Ksp*F@xlE3e5(asi)9b~
zVpa6{;UR(~+eI>)4r0MrV^$W;0p=nS64I*~Ur81g^b3?@Iy$;mH$EC-VpQ?kLou%%
zSee-6!GY@{#gF}|uV}*X*8Q1UTyOb99v+@niP#DI>Q*={xbuZ;A>7Z*z|bljd(;(2
z6JE)1$gKA9^&!Kt&997CJeeyR>guM3B$rC5oIfTxk9Eq8-yD8E6mp&o=DF)!X!IfI
z^oeS5U&o0)<qX=Nmmqavg0E)<{Y;}dRQo9Y%FX65==PK(`W6MgHO59NmE*qtVaVsW
zfAi*&m~ao}^eExEi;IX+-7}e`=E07rWRD*FFixXh^*Z^JAUK;!fPe4cpT0izI+M|f
zT5+TAM-S@lwNNn6W6Sh3-d<g5<=@?DvCPWXdpQY^lj>%c8JzRH@lzCXym*a@GL}an
zH2%poXft0WYdHQs8#%dt_|K+%gBpLiwx3%=r3Tv?b^9LIXJH;)v2rKZ`xF|32=xv+
z8syaT(R=f^A}9gb@7@h;ev}aO*q<jR^a#DXuwbiqF>$C53ZlUDeUzKKYpWbB5fkI2
zBxCc1)|HS`Lc%pzeUQd?<Cz#a&BDjKlf<wP&Y=hLqQkFWgNj(mhtl+^D^_G^rK@2u
zD`-zqrfcIZ!Q5s~qQpj_hQz}S3W<PvAqn?<TnWE3EX;cO-&y<e8tPXgSR|;=24z2d
z5REXd=TEyk>bs9As!(o7CRc7urCM&}o}Zm{a&`Ldq%-FE$%Ki##-P^K^*-mxnu^X<
z7mbPfpn>o8na;_tOgDas0C5zmd@?eV5x;Y$;p_7`mJPmu15^ClV>R5XgC!wCk95hv
z8;*b@OU!^P4^|Y3g5Mui3W9D0LM4Ols8BKsxJ-V1DmNa;7df6p_It#OP&$LpOH`4=
zaVQSkEO+XW!4fzuDGAe4RKa;+zdVT6Yw}1Gt2c_y2&qf3P+`}|9-p$5=>h)Yh2EEj
zGA6ro+JHi)9^P2tq_wBkPhu%ce!N?)2j7R2^x$KuuzGs<mFj``R>wQz(8UXu*gCbv
z?udu3IN}AfO~Uxq$kU~Z-8BM~ZiZd&)YFAuu-&U5_%(yI`$+`f6?UZ@EU4hRrx!bE
zyc}`rxp7P^PdvB&bebUco`1(XcK45lNyn?)ZHb{)-U&B&YP@X6d7WM2WcpFeV%rCg
z$AX#p(hpYO2&ko0FTbspP#gCCi0t6Kyw{y*Jm*t~6O16fDVW4eu&771*qi9Sl9Qz%
z{$B76b85><5009!U=}k+laKlLH0IQlBg-sYHN*fPUKas1@f#mr!FXm1L0CwR6H5j~
zXCmW_%(&{u_T8|+vx9bj8nq9Pk1bs(4@6oC(zv>#9*9>;bS9E1h!1@Xx%+*TCy#lO
z*_&vP>SLaT>J)@BFXS_Pg`?)rn=MHoEVbNoRUqzjM51=pxZH#C=xwS9qhLx>UJr|2
zes;U6LeKs^MmEi)$<&<HiK=HN9}|d)SQJX1_U!Z~`RgYqWEDN<U9(W^m&&oUP_Z>g
zPxzXp&Rd4VIOX|JPcII?7&YlJe_o!Gg(8knPM#8<qH3V3Lfl#s!_>3k?~IIS`Z5bn
zEK}x63MhUXEgXzOV}mILtA2`atEd=rr#0|Pb6)R0?O9YEtl?uMi%rsfnbY3H#wgbC
z{K(*?V$oS%dnE~DqMt@p4lZMObM~sQiK6jYZr(6VksRmsA@--dHdDoV?3}!bXNtZ!
zNP2A#?e>)wit&<0sT35Zo+pVT7?NYZ=z3N){U+hCEa|{RUEP<Rkp$s~$#Y&`N=DC4
zjThL9Qm+!qOf-%VD+1^l17=xz5RvOc`xTNhkfP6F>DOWSCei~vNsdVVcN~m<2pk2^
z@G)$8lM|jvkJ%-$qXuIq@{BwbL9pdPT7^}?Zd-CKaf354CeSKqvNN9aNK2D0BD7NP
z_;b=CWM?3)AhRP<zJD++b=6dtqMLp0r?j2<R+M=>IPMt--iQm0e`Z>RZOI1T)8;lT
zwtdx4xZsOrV;|Nq-&AM1?GiIDy8RRr>NrbVzWhi~E7);&P&X=7*?rlM)>8B79sKp)
z+trbpv4T#??1#-xQqo+x0;pvV4?<Tmy07|}susF^zusC7!0yq8UZO7IM!b2!I$H4a
zP}7!#t?exT;)A_}P7KD~*Hyn2p9>NEw2yt~omY)_f@Q^CNZc)IS<9kqlyVd}pIPwI
z_EWbFEwaA9dJgvyX}@0Zb;3cqM|p*W8tjj}c1;o`Te4ry<SsqcjW9tYih~40l95C_
zMvCm9GhgERyWTARRhx7xZG2qoO{=*Z`p1usyl6==l&BQK_Ym))UZVHovJ!{?F`*KC
zkJKxNBYTe$6)6nTjYbj`x*o5aD3a~C%01d@hHlEzEpHn5v{KlA=34%r)%~qzET*K;
zYTHWTI?p)^pgJ?Xjl0zq>aN1vEzNP+vs-L^OZXm|a41k3p5Fe$n}&A(ZV){zzPbOp
zx@<wLF=x%AdZnUFNXW-1i)>y<%=3A*<3p9oEcKSsOn2yP1Fa@%Z?<RryQPsyRT-Dw
zL~6;l()cOk_Em!CEm~t)t-wgY%dkL{K(z3zXWJv0qT^nw9<k*!mxc%3?MBCF9?jm_
zKFeiYp`xjt&B+zVeL0z2zbP{Y9b`v-X$(`)oHhI85=hBX1vNXjs1Af_@3<aM6;ORR
zC?$BbvFCMdr}#7EMfJ1*W@DOknUJgZ&4&8V{Wi{-&!>$EgX@(y1)ePeiY12CD$HLG
za^9w&zA&m@i=9{!&M%7*V`S0j6Am1k8Tln}NYHf{FDWt6?lzpab0(+_9(<PW@zmAH
zhPeip(rn$kLN>9zfGS;d50m`khP}baP<6ih@}-;=l>>?hGpaGq%N^aE_me?abKhPU
z#g|3aGv(J{l|>#^(5&2|&c5h25S$N^ZaG#tr;!{FS|`K0+jM&GoEg!*O_BQM#%C>s
zJ=5o5L!ah58*afP&Cch6!EOmIX7$~ve5HRR`@4KKCqlbr)5NND*J|#)p_fwlNTKx9
z(`V^ub~5D%r6f@t{XU8?!XE-hPw5)=$fgG~-Sa6v2(yzq!S+X#nyE@hcYC+-%}ei@
zN(H=N83=AygcIa5rcRaEiXrIz={4iseL25>U6&6av=EHBxuQnHK;DUg<elIiIeQZi
zCEf#UN;#NZ2*?q6!l=-;umzR1;Hq~>fh46X-1yv>s}H!Ps&pwol-FDTO<y?*;b_EY
zD1GBV`id&4%#b|7VWAL-=5Zy(CPg~JOQSJj#~CC3{GlJgYJH6xbrBI-r@@Y+&14*Y
zbB6HjPH-6$ta|Bl48F2U`D$x{;IeiPX*B?Dd64G&VeF4a$GO_kOgPDhm#cS*;>6*b
zX{Q3neZynfI}GRpabI|DJwI2cA+FztN(Pz(_AbplFHYR{l?Z*lx1_P?4sM*%?fP{1
zgajJ)e#+y{+Mbj>8MlRpb_6tf8)A&Z$JG_LSG)b9mtLI))UEz(CNNhdVc99Nt<3l6
zEHoikvaUDxzeUAc_-#&wa*fbtaRhTAEFd*=E{dFp?k6?IiN5sL)=>HW0Unsi_vH8d
z<E)~u+keKU-n<CQqz~#>erJNlz=wsfjez$|68SWI@q*5lgs$t%=hQCMILlS%Om?i`
zSzOA8&oPQ8b{HF7_=5$T*=n4@#xOJ%G3h2G3XDJAU*f`74hK2aV|S0Y2%1A9t_W`t
zwlzAeoCJ;p8Lv(#PgX=W)I`O!J|ae-J$@vDzx6;SXjvvs9kv;~{;U&ph0!7)8z6d-
za$?6~>HEIL<cgtOSLrJ=kH%<$6}PL}?Z>BWl$=>!Mav9%l3Oi7o<uQ=VzL%ergY5g
zmy?a9=a2m8WKUDC7U!<r(8wLv5ceL-g?mnRs!T5Q-aYOzGE`aUtf?t%_|7^&-9f1$
z(PP%o;H2vQT*bJ9YCpNZRKi$M*IV*!F{!?OnkdO|k=5%X?8Ler_g-{Q)ti3LI$b$#
zv4!aL)26t=<!7?Lst+;gJe4Gzf3zistjzn)R)jksGe4DW`dOWt9q80Gr|($1x#?Ug
zl2Pj{{hIiCljz0MzIoveiObt~LFWT9=kXP9r&`H^?^!)&PH}!cvs$Tb)B1lBMJ7VS
ztGnH6JMeZ7SB(rM;=WEV&7K>sUbyQUc#_%#Y-H5D+`Z2^wwG}h#cDnKB`ePMP?Y^`
z^vJTO-jJB8A7<Ier<h9p>-CrqWsStSyZog^M8;CzNci|}<ZbxW$Lk{C{cqSlp3nUe
zI^~M;wb82*vI|;`O^7GPoSR4Q{pApJaXUk0<?y6_So>YhH;u)Y+oG!9XXsMxm1*8!
z@fkeVHL)O5>p-@SHK*s(7}Ed!BZ@9B?xSp<|F1;ZK)Ml)r2!AEew%t&#=ZC}+j{|;
z?B<l%?=d4$l|`h<+I+AV8(mJWpQB_>1ixo+=&tJ_=OeHh_Bmb>_q+8$aXYi#vBY{m
z9!$*Z(ur!yag6vhKsi{FJt|%zmM8H$?_<FaJgG!pyTyDeR%D9IdS(Hi*&4d{SQ-#~
zNrj)Dn@o50in*X}uK(E$wsSF?R}LY-ZMONnWb?<tu1I8;czuB6S*Vzsu#0x$e0Y53
zGV9zoy!__LjydNl#f!XYRn;#`%!Y3lI<;btNFIT25cqh0OoA`wf<N+Jp?nn2bLaJY
zBDHCgnUBO10pH^S<kn8>Hoirg`}(TYaf}Cf?vLNKU$sQoUHm*YZ^~j9;e1_)Tgz7G
z9F=-nhogqm&R#qn(dTbPA(q#(p3xCiS=pl}<t`9ZNdGulb*<h?i=g>PvW?@tBcph_
z=LbLks&@yC({|36Bl(XKMBj^@eyyfGWUhbz@OKHL<gxp0Cp|y^NzD4gjg{)PhZzq_
zerOwad3A;kL=)|HDSyihnT`ot8EXyP+uALl^;6Xm4cVp5fY~Y;J@NCs{ccI$&uG$;
z{Jov9p(Ai%)S0X8ZO?wr-2COuE8AMuTio(N=jR0s4KcHi9ygS3X>bzndKt%Y^4Qi2
zrQEX(_3~pa^E^@Mu#UyO?(~w8j!64NWg#)`wz4YkX500!Q~+_>?YGu0$~Oz;A>&Hw
z-Sf_oSaV;gq30z*&0mUxy>7PORU=OGBrY;%Qx&urGDdib`+W}f5@#x@cdhf~75d^q
zWcGRao=}UsotaFRrSmA6QqIzf#%#|=;zz$b3hEA|`X7sR9!7Yvi;(%Si<DEfU@y!~
z${mV0JLbAadY8r7tg&|T9ut<qNLoo-ZKan2<xDz^4xV7vYKe7FAvq#A5pHym&e%`U
z-@HLp_CdM27xO+c3_KT!DvC5w=z<aJ{oZ2v3F3*i_uGwJmVWKI(;CrRB%}0EvEO!E
zmV}Lh-~EpXg=7edjWXRLDXj1cZrd&yg!a0GITR2m3K?ue<*#2vHH&|`Wnwc7!0<my
zdLm<gvNVR3@@1$1ZsMTk8E|kIWXN9I<@GCyyq*1HknYU+5y_DCT+s0N_RGmT8Oug(
z0hY1mm$r?9gDcHVQ6`Nw>J(8mMyZ_+=T_g{5pdp3qZB<fe5U{U%>H&W!{jS^sln-{
z;X(VHxv%%fmf+LPV{I(sLC%MrI<3cnUrp#trLxA#*fT6yX9f;0p4u9exhZ$}D$<?&
z@oor|?ME)>N#Ai4#LxLz`qis>y=vtQLGAbZ@?}wM!@N#`v0M(eF(T8LKVKgxOHhv+
zsub<(l)n*38;JiiYt!J;Wt9bge@!1v;QZ6GkYbItBxIYv%9DACq|TX0|0O}*_PJ!K
ziuj^*9R0@v>LTYVg(5)gC2Qo|Rmxd$`1R@&ZqZ1Y4_Lh)T%%?a5>Mx<5N*lj_LKTO
z-TmupsTGNy0bZf+(*WHzVJ1Qz9E!1tDq>cl;P9nJVprq$^lM*;i(X(-Xra8RX0?e`
zw2JzetFFu3;Zu`N|7I6sgK-&AdTT}Ugr^vN3RhRH!@{eKJ}OgV!+%b7OlK*7cwhqM
zR6xP1_~2PJ>NjrJ_`M*RW2U<e(twOy7rXiBU;?2Q8_C!s)&eq3ll7H6nE{d8>Ab4u
zj%6%?U1y`7*cs7bte{jXgS$Ik&$t)?b44-KBAePR)70eeTDLQ~lldmq(fH@E6(Npw
z>l-&dXP+1bXD`41!QNYkMfJT6zeA4XfKrkQiiC7GNQtzhAl(hpF@Qmrf`lO5Af=Ra
zBS?3r(%lU8uJIf1^E~Hw{y6`f_d3^gxUON(z4qEG?)zSQ*1cxWXH}GbM_}z(spzI_
zF2@*8eO+WMn}Z)Q+J|5etKEFtZbJ-=QoYlm$bEHDi@*{U%6+9(TYOvRTxkWr$KZZ-
z->YR-?Z>2)kJ%=^c{AOb_6@bAn}4ZUZD&TjtfzecsqmrR+aABuP1t8>IGmy!)>Xwg
zA-cju{q>MYSvy%wO{Lbtv97*AY~tzk6F9j$zbMwi{T6CNXerMGP9N#-u+MBvO+Knv
zD`DN=SHf7OKgXjww|gcqvzB69a9Bpg%w>o)MA<|-M7^dlDVk>f;n3>@pM7~@mRl46
zpW!?<FN}S%ovM|e3on<+Q+1C)9I=W?IMKeWhi$EzP11~nMV(<CDoKT{m%oCxA?VQH
z0y9F|t|#b0-ssaxslOci)A}ORjIER69*-#(`zE&5qbWG;LN=Xt(|p%=rE2#Iuam3Y
zo6MAnPx0w<yo0@=D4AcTik0#n9OY_l@6;7A9hI08A6}6&r+;3#BUH5#5#U&IO9&@7
z=LuYc>Ov~1AA_?0Iaz<Lj`P!g3zOQ9Cm7gYGogE*{eC2Nr9e_pze4)8XQ?G5`b$p=
zau!VZNovFv@H-!&2uty!)Ie%hyi&Z07NO-T-+$Vw-!U62_<V&@-k)&-eXcDuDNq@U
z3;#e=DbS?j_L>Dey>d2ro^yfbIWHzR<kx?&TRA=RY9r@pY^2sJ2kz_ilAX0@I(XIC
zh2=0dV*Iul#c2SCd-zYdO24C0GyG}wT*sib<{FKCoRoR?eY!661LC{V!V3mhTQ0v(
z-b@b3%X`krabA0977`@vzJ7N>48O0s5mphk)?I&wXqYJRo-nZCIEI5SIBk`bJ`p6(
z9FIy$!S(RE9qt;-(I&{Bk7+p_xi^112*hexPF3Qei$}v`X}`{1{s0~OZunv;sIF9h
zse(mDiw!=eRfXHkEvTa<c5ZTG=F!k*(HWlg%p@ncN_bpIZ%xgJ`WU)=U+(0MS$$u^
z>8PJOT;_(NiQ2s8Oim_#cCUGYefD5PjyK{01s;O)>DH+e?I+xtv7qW^zl2TP(~$@t
z`I(R)Ot}?|J}7_u0=$JYC$GekIZru(Pn15Q%q7LW=Q>r7wAwxO;x5Db;q=!lzgB0e
zWjaOg0fj?@;3(5Ap~g*ZIkHxqRhi4=99GRC4RdCpaH|e_##7GLgu6Y&9YN=B2@@t2
z1hd}Nw@_NVTsVVgvu(EEf>rPf=$*Dcqv#1;+!TY`%<Ik(0kyF?4>X^5IWWols=YW!
z>W-dQkGstI`in32VPpQ|kk}($<A-`0N~W2y^^?cl<`B&H%~EK^s6BTBi!d6jSaSFb
zX>IxpFB&hZUSpLIGGmdRkl|pc=}|^k_>13uh<a!fc1)4iic)2e)GCM;B;F(lB3~cF
zGJZ;JyQ$rSKcP+a^?;K$R2v4O4Fj#m_+qT})_-CcUNZhKP+MduRKi9QROH;31Y#9B
zs1H=4(+KU}EfDfFrfXAP&P07erUyk};!F5P+@pDYo@VT{NAB5ViVS$rDfn&C(UGw=
zA4yp2QNzWbxT%#MEy%Em9@!ShGJb`PhH;Qth%ZRdp8y$|=PWs`8IcEFnmi1EJV7oP
z+^4bqk|jFNJMyvZ8Pk6Yu;E=b4Iu6Y%50=y?n-22(i~b<5X>~%;cWecYfc{1{n!GZ
zojHLeob8u6r)UpD(^C-{h#<#(1!wxWGV_D5*mu58i)GQ~>^Kv|3IzAC9p7Bxv!f1R
zb&vJP_>(q8Y~KRmAp1gUXzWot>+llM;>AhQF^3WRXuAm(iY@)W;bZ4X`1p!Hhky$u
zFWO!Z<*gnER+6B|B!w`82uc;+SGTwvCs1#p0bM#Uk_7QykN+J$vVB=5z??t^dN5{^
zAWYHtztbB_mP?6C@sK*M(5AG0++g}==>qM#is~1gOZJjuo)vA-<uZ{SbPH)9ha1CX
zq6!~FmImna+qrpp{L*|0+dWwH{vjqLkQqpyid&$U#R}s``7#^`ivKo<f6m((Tgaqu
znI5HgFdldycE`UriYX1^<p_GeF`D3C;aD4T73W-2<6KkZT<doo$n1m!vb1Yjq;gJ(
zHu6j7$&=--Nsc}WS1Z3T3lU{OxzcV)G0pjgx{SJp;pqPrZA8fb`Uq9z6^a7%@oUb?
zel{h-jXNET2$f^3Wg;_e?wf_<b%6`!L&~E^R7VUL1hC+DuO5uZetn^$`IXV%rOBDW
z<l=IPC|z{%;?O}db#9zrI`Kh8p7KMd&}U0Ta!%IfrPA$;iCsC&7T@l63)n91qoHb(
zuH4e~_?&_6hFbpVmZlA5E`xY~`U1bS?-#yr(aHT^eqb!~OTP^xla(|lnD)O5S+n4W
zEfcpfgoSFA8ce=FSDj2am$0HNX;SmkZ{Eiij>Y-($$$NsgE_fj!BE&I<2AHpeixP}
zC;T0%>)kGzk>;O226Qqee(6zR)gqzJwG23jeD%;U;`LjX8=SCofAWA$3!lkr$q2P0
zDGkZbeDX^~^|k!cY9GIwq!F13EjOEYyxFdPgGWrA`$P2w-qvdIoG*4H{41rcEb3Hr
ziKTLfv)qxGaD0Ms)tTr>5P7a8|DseaONiQ0e;Z@VYIRuzHRIBE(G)q;PR>qktrdnd
z{LTpu|H1ccGyU3~a~K9$j=IODyTJ))33v(Z88jxgg;$|_qyt*wsp%YCZI0Aa1<Hgb
z2bhhf_rH-}68jPAFOc5H{-$vm=I*e0_oAVL(aX1Dp+ZjXa|Vn{X)y86lq$Acu7LO%
z-{`@UE0YN8&;!QlY?Yfc!p*!M)8vn*6ZU}?TpbePjhTD=(!;T<lP|i%wrmOWw<rla
zoI+1XkaH?nH%S59pP|*0Y&<Pbpdi2+Vv|YUrc;PXvBD5;qcTDn+rnzm|E+L>Xsq8K
z=SyQcEd1258ceAs&`&s$ewa(>02{l0NqWX-KuVcw$-9}Jh?QWpaBude#h4{c#^_5x
z6^BDZiBl+3<3Mi`aG2{ke(8<|ys4mH(?qs3AzP9sWEby7&$%!<83ns5wd^1ipS1Fn
zm;d_U?ZNOsT_M}TSPgqE-ADS?sDTXou)Xx<VSoeSYIZ5JQA3kJhM^dy9l=#Xm08rT
z&F75WVEdA^2TFrtcXEGt7(lk4Pmwb4D}9JLxIg{k96jY!`F<~|u!*ZTI;anU>4Tg4
z<P<uyc=o_QDEPNOF=YN_zjL^^N;P~(ErZRlXv&5kw*4*d>NU|GUtbwlGwf520wITn
z=YRQ#zX{-%ZminL{50HHwxZX@7;V~^%`a`f%cS(-cy7iiH0vu-Zl2rEI|BQ`O4`w7
zh-z`q&6^#5=?Yz)lpkzLAKF$G!4R@@beO1);5Lv;tutG0;20xBHK9tkTPneC#R+zO
z2RHdbx7?8BiPES{WjpAEJr$f^7R>Y{C|e;|`oa3v1yvYB)n{gwi^gvP;?Y;dCb8QS
zgHK;ViOv{}@q=%5i9ny4S>Zc6EPpcDOo_|-IJa^zb~Eej?@b}!f4Kq)=}+olYIRpo
zJ30|+`eJy|?%s$Ksu8%~iy1=LB^-=7R1#84R$(i+j<P=97Qk)8+D;#1{6TKNbFV(6
zZvUrB6#HnSE@EsIT`uTG-uaDRN%F3((tFcJo5lsj)ptEq-&fJ|Ki_F&f82S}8oo@r
zQhWnlB3&vx@RPr6sahw+<s9y1mc;p_6?%XZsO?kWN!18BU4E3r4t*+kVGydC0MAdq
z-o?;K$h@BhUr3~mLagado`-8LyT;s`bAeOTg;&!INQv<o){g|T_$j<RjjZzww-ICi
z(CO;(knXyg{;~aIiA&wZGfDRzc`*;Z%RMTue06_;)l(tNgmGc$n%UBY^YW3mNOfSF
zo8qL0Cs$>`(3v|{No^$enAnJb)y*&X)J@kQu{@56-Uq}DV=ZT6!Pfl-c=qzkLoe95
zo^#DBWgE(+Y%gPT-l~kZ*+z}%uB(ctf`@bC8OBdDQkLr8?0%LZ)O&gN7iV&8NSUWS
z`>Tg5^P0jxZd$G-bWVoc^2e>~WB5Cxx5kg}3}GMLc|6}cwHPF91BDA%+$`8eiaCyX
z+}v}&5-as{JehCsV}If&I_LNKu-%g(RrgJQ{F_VkEsN@QbQ}wuS+6H=@<m%|?}-kh
zr%DXX-$eJTm@HSHD6cTg4Oo<xH(lx1b!a;f1<73cB$Gdmgbt_QNeStXe1;!)qce}v
z`5Hblbb-$g*8fz(x>pomybIWpJf(Sc6!>dXEd0WQnQCtBe$;8*TwqjQl3$v3+=lD5
zWZx-Eo~*+GTwbC<Lb=|-fBsY2XDizrGqo{Yx3^v8Z9X9m@99?cbsQ9zltzX2@g7X>
zUNmG}><IgzNf`7^YQ0QYMtjUXr`4l(1KVO|y%ahn9(>ffi}7Ac(Nd+ve^pTTN5c}?
zpe*|}#jP`U*q*~Z1$)hjd6A|OkCH)kG041J^X}cS1GEQv@OWQwM(C$(m)>j(j_~@I
z^3chfZ+goXO!_u;#cp2H?f1Tr*@!c-J*r7~kJp92>@aok8}Mg#UE9B-eP4Fv;Y-x*
zUOPq;^PoJu0o%*}^H9$JhNCC<2F_bkLLkW3fA|$N_$j2Ly+w$Mk}MuJIr1tzxu;Uk
z!S6x*k*`~rASJ7_q7fWWoS(}+ffV;qt^)zxLPAjj0x65axikV>aX_#fpT2O0K!os-
zFO;6j^tTWQ#m&EP^im?(@gS|HWa<q~!vFnO<_sl#9ULrvj}{Qn0RkOWLIa%^)kzvj
zMF*(_NKX1cM<C9h3e`TEhn`X|%*~z;iyR7TC`;6{O-^n*Bl?eyT#(Ns{U7-=ESs=%
z7b}@YToe@bsVlms+i%Ptua1_-+pBwzisj3l{#HBR@-I1dxLy_6_7l3?-D<3FM0}}t
z85W%`acVC1ED$+PhC^=zA&`N)+q5s}blEnYt%KR}3FqS7k4`%e9O*>kHv5*#u6<>9
zrrj%cZRclw-`<czAi)E{2pgV6vBLejtxR{DU-J#)195p*m{%lMIgQ7w53l;Z&G0~)
zzLX7?k+=OkDDJV~7JILuR<DxlDDS5~W98nkZ;S#-pdR~?Uv{AwF=uym&SXur`o;AY
zVmO6s;xM43ZUO@7ZYAfSm_;y*lUJ24w!$o7>8C>mR-gJd?bmVGG$H<%r83<zCD!Hk
zUdzOMw$+~$y)wj3w*|T~^tQap&>-PbwNH7UXtbI#J9qmT>V_(MnZUZ;<AlT*F&_zo
zPF%(4@LW`mrF_2})WFp*;HqxWd4&xbfQsh&X=L{2s!G1QTdgnXoo~O%CSnVLBstZH
zTzw+HGWh+rw7FSWuhH94`P8a$kCq%lne67&vJz)^97+Cx&j{`9?`q%9rJS9GK96@O
z5d5?c88Qgc5kvNNE)8PcFb-HGieUt~@BBh|1;W{Bmhh#i*Db@GiAzzuo4Se#UHkz;
zNDsPSskg@0cXzaOWDNz3zAsv#Lez|pb9VGyBLZo}vVI4;qT7m~uoKoTHui;53xD0@
zi`f3nDTwNS`-S51z}_;imu%Arfw;sP@0|Xe*IiBPHWTab57<1sP{boY+ba7OhIZ@L
zPK3qj#+jtpL*Aq9Dx8+mJvu3T)$_`(Ic@~9Y;sX=Y1*OVOR4^Q#(5fhW|#mH*cPch
zV!5TSE<gxX6Zr9|10tEO>oEJqz@!HH&8c2z4K~Msxkgy~TYuI|HkQE2HtERL)$}36
z<%idZAM+QN;B(KIpf(7Vq3o5FX*)@;cATPDPqeB(OJ3qeMsG<VF)oLD(vglp4~{9M
z^9>`-=QsrbMh~bdYOD&fl6d&!u~yDIh-f5LUwUZEfzsz3<k^m@SJhOS<ZbI+9|`=M
zKf?N+=e#rA$-Dj1xEpH0toDRmi)p%^tAHq&%ef)~z3H(f>7$Q(H&VnXP8~bCvwJ$I
z>=IM$#rEEl&38BkFlAg&+2u5YzB%iVF3DC1wqV~+Aad39%l~i_!>~xW4<E%6{)!T#
zMdSaftd;ZQz~_ko4@w@xf~gIg5*f(v4^!pp%Qu_~j#8I-ypBud91PLPzx$Lc`vjiZ
zN(pCZ264YXum;F<w^#AE<4NlXYE_cO>%a7S9;5z<9}Touy-l~YVl6KH2=c-Ni=3W~
z)}AdH^6S~CrWoh;+lg<&cl>AarV&9J#xhu8!LtQ59UJ$4ppKo>;g^gG%-!)<Evq8t
zAva?4YvZsTx-&->=%nqi)p3F!OjjWET6T*Hy>*B+`gT;rECJWR25oI{3wvp*n6cZ}
zSZ>@m(c2|&!M1KMs&_|;(!96UYVNHQaNH@1^m4^miv-vrDXgGiPb=5aLYAfzr1$&`
z(+>{FtFd++D`aaT`4aCfihl=>@KD`#Y@>MG*uPhWb5{7{%V6y{eD&mLlr$?>gg@g}
zQA!DWF6flRQve~|XpY87@IV+6`8GPx)342{>kx9rjXbLc&dMUswt%yuw+_LM=JBg2
z1nIvFK^iqkyH53baYOk4i&ja!@KFECXskReYx+r~tJLS1f<w*IdSd_YEhPQHhaZbF
zE&7yd4<lqy9Ws82w}lke7*vdo&rvqbsG!c^+(9E;HHz8sa)vn5vJ9WI-zRX=JP`M=
zFAtk7$WM{&@(<>UfwmlGOcfRfh4=@5`v`5}YOeD3pm>Nv+ow)_tN(35KJ_~+|KP(o
zXv=V5vMAxc3AjGvv%Ruk4*r4}k&9GYtS~_ez3`cITV~$tB@G8&L+sDi%5Wo?X9l2J
zH53Z^Yw?;a^g=)4XZlGAN6ug<pv&9@d%XOPlW=P+Mi!;xyx_BkJ?!Ea{Oan%O|k@P
z!y|W;fMsSsed*@*^?dDVrV=6Ro|3g)(hW0sv2`KW$wBJ%<wi`Q&{R9tg?o+7W#4se
zxk95hU0Q$bBLQYFbEXqEZ9;YS!fpz5l1FLv-}47AHqQGvlXtIJlw9%0I7Sq&YKuMP
z$IaRD?^^Dk;QD8%^cOwruDQvto@-c+)c660V!x58xjPO*KmOsPZbkJSRP1(g@QXq1
zINt6m?VZZnRBy{eNq4Bw&*ao2_%7uo;GoT5eC+T#x}n9Uk29*!nyviq9c9Teq4&Ds
zf@eoGH`DlhM$i++@hcMS_=^2trG)2_cYG)PalBhu;ruthy;Gx41&ZGnJ_LMGRZdPk
z;>M<3DP)>xmE*pIY8TNj-IX{mP+Vk9gM7)wM+^3}-rP-cu^NgEt9>o^Lr)xq9l`e0
zoABq@YCrl8CieIa>OBKZ;>XyO=D9`lslQo{5yIB^51G_$OoXG~Q(zDDzC~&6u^rOo
z@o)6{vC>s@$Ac^mwz7j4MQbWu`_%fShn|=PF-=68?@@3s`Fz%%oVHRzNw<-Wjd1vT
zoJt3IGWMQM`q@***J*bcM$80v@4tJgB3(m@iF5b?e}TXSRobhw6)K=obsS$HRjH*w
z^teY_(4U~+Acsv})lP9tH>L*<<JWUCh8}rAe^|!X@04+O%^5Gy%-%8eFEcz%_$1&0
zsZ>_ig~!fXDR1&ke8OgG18(T~%TU4g!k<ArAsx*HGFCcnclDMjZyQ?SF#gePX?&59
zB#C$AW>ubZcMU*oo%f>1DRu9=t_c}e?vxA7d#o8g-U`TI;7>>wafN6S9#6(^9co2*
zxoj`z2|fEgN@M;0Ld29_e7v66_fe11PeK?)_#68q9&3~7+2>oOXr)1p2w|b{?8YLo
zvE;7n_rub{1gx?ZBK;z^?3li{WXULd2Ji(TLUiJ(u9B%d6Zdxt)=F%>el$MWUDKg7
z(+RGTH?;{a8(^6bQ&nMCt6GED+WT&KY$E)o^>Y2P=l0yuw8vfs+Tw9wSGMo?XNqq%
zDGK@@lh9~=4RMXx(b+k#+QicfTYf12zUY2Oy8f705K6O;h&eP(_2$JD-=y8H9?$68
z24<0Sy+{SL2!HGpG~Q>2!BqYtw^$5$dK&y@eYM#fJ&0eDat)_UdW;w{j3n$0DOmXy
zplLVanlXEaYGatVGhFw2OC&FBuhk^PZ$PNMei+`;gmt|UH(c?}LQ^q8R9xR=%&lp*
z`^~N1R-LxLSHo&<9y5o(|MC{)bR-Wh`pPy`5RxRRVWP8gL8(}?B$nyy@w1-tqJiR_
zyUObuS9XZDzXUWb@J5S5BH*S0a(rblF%o<8xleU+@3}ULruQfh?Cwzn69&{KeytWX
z{@3SjUTP6)f(-l>RS(6UXYK0-AVY|KMMEg6KgO8>wA43f+5XJo*%4hoZ)Ll_C{9Vp
z<fmEuZ)#E^+W~odWsp%7MC+VY(Sr35g{yUa9cfzs%4h#4<?ejKwgaS0Ye`TX>Ypmf
zr_KUhy%$>&mARI=><f&tNkd1a5(Z$yn_z4jCxzJf`Z`=GsLK1AZ^xw)G+$2OQP|W@
zwsuiz)C0*F00W#=pZP2OZSkPx4<%1*9BL<ZZ}O|jk>?&FJ;T&m?|M^0hojlmc=$cn
zt)>`VAnoVzLHIR+=YBmel!uk_<Bz|u=_KSUdTph@Wqm<~LPpGQOmAI2cmDc77@f7h
zAr8HtoI22GXNq?$r8v3Sx#XZ+<g>8P0P$9M@b}I9DaH*5KTS3Jc5!bjR4@IF85)0&
zj`FBdIvPX2bqQh^nHbuXqn%LH-A|fQket!q;IyZcQ16Z`BE-&#!y@TuM6E(i8}Tv)
zj)!S3Z$=S}ff14Lp*|cjl5k1!5{D~3SwiR?v3Nplea}U4|5MhJ($50ARmU)D=?RjE
zH@*>I191xP3DgBs?}KSjbfYcSAQidZ6(I?yG5tx|Nz%6xoJzTPk?>L$&{Sfq!wR{Q
z3y%vmPd}DA>bM0w7@e*Bs5<Nos!Y!liZqV`w@}fGzGfSv`@HLbL0KtH)pS_;o{(#R
zgb{g;<xzNX5XMB71+~lswk{SSF}pEl!3SR}fsM(jyZMSg*SxeNsh>??P8)GBy=+t1
zGP`ky?_9s$G&Itg{=N84vFx~9b&)pGK1Tnv3@vX~bs|~XL-Dc99L5^tIKv{dMVfM!
zUT>d!o9LA<Ia8#Ca8@ZJIhNBs%$3~jtKs2hn#bNLfn#o-PmR>n2U%qU!uWHJzg|zO
zmFte=PmDZwQG6`#3LzCKC}pg}2)|piyFMv^>yeWw=wC>!IYC7HtM@HN7=K*B2n?Zp
zVl{yujkwerbS-=8O~KHENlfb?X-rb!<m&`NmVjLI)iwLm{<RwIFMJ~9rHnNX8)%3g
zFO~AH+ok?QXztc>uPb`kJyxrHJ3%c7q13avj6W7o?$RG{P1yLHXk9B@2d>%nB_m;7
zBETOwo7Nn1OWs3h7rQ{FGoSd7kgyuhBa^=><GtcPaS9zmv4sJmUPe*7!|>2>DW3~V
zj&BYVRny4;%EG{ub?W^Sr$JYbpYU$p^|Byx-T-_ER3o!eG~VmFbED2+?ku_TGghex
z`9mi%TzumSExp~%hb5<$q_x(RDN^$&j~;-MwC@K7giXZq-ZscNOnFtG8M&f)CgP~`
zSIs8{GE2Nv%j;u8Zt;Y^u+J%=osv+0ks60#juh*9$z?G%JI|6JYGlnq<16z}?WJ>8
z?rW}(W@*TL$&*=C*1<RB@g>6bn6EqhazLq3_L<c00>Z%Tb%SO(T$B9ft~|6<L^IfE
zk(OGT;&{555-kd0Cy-z4w>)s#eEt-ibb(aoTc6S3e{We8+mhz2bvsISl;K@3&PBHk
zwNG~l3J5#9Z>Q%M!#c?@Gi=Fjn<y7?6Sn8QIP*(9!LICyuu5JqO{LuFmLsups)TCm
zO<{3=WncC4x8pV`<fV*EQuqO#$^{*#v2_bpT#tKBO-y5oJp!9@CW?Ht!LvBK$@h63
z!wef}#C}<#MKc-&kP)+HU_wh`X&OBXa3iTmGB+D>8!7tckTdQSrcy=?-7Ao#PnV}I
z%55syL0A#<w~IG|3l2?DT$I(A2G7i5^0sSgNCkv(xnA+^(wKbN<FHlF?F(Y*-j9i_
zATxTdeP0HgESKx=@JMnG*j{XmKY_s?wZSaiLsLXb@l+R=ddlOiF=xIX>TPMx38wCO
z-^biw-H*+M+2X`HoJ>{rwkn^qZ*<~mK$|oN^wRPDx9_d2dC{bXrC`1_cD}+Dc2u*2
zqA5R|08c72vzq73KAFa5SAN}$4C=LhUkM?Uf@L)XTxQj<E2SfvNAuo0W$><dk;w}W
zb6#b<G|>~Yx0@Yl^ww#v%zJ*oIq_0`*&)*rc6D#W?kc<3o9|LIm_nOvGgYMCP*<~%
z{mqk(ko*q6H5MvcN26iI#Z!qHmEZgBDaNHNg@igPKltxM?Jq@gcPJ6m!BqTX(Z9P|
z80=c`XU@1bI`!>_xRiO;ur;*%FjF$nc&{6RV41#K8gc$7{@8J(uX0xWBO0mj@;62B
z8llEP1!xQR5{d_@njBP(Og>E!^{6D7O;+|=UmD2Hqm?<wuh->LyGUDWd;zCF;D1#p
z*84nQ8Gh%tqsq4ZFc(2h%c?^wYUfwVC6+FYhSEx!ph`Ih*~uzv{5;3Wq-@8+9Ip{~
z45J2`&gbX7^p5a!RCDFDH&n)Rspr0wYA28lLY{lJSgNJ<eHUEwQFnik5QrFOcIFLm
z_>J<P*6`}2`Z3qAF1>$+t=+#znI@ieRM{U(=r&EIPwFJD)nAonpg!P7_1L3lE{VFK
zuguQ<?dE;_VocgP$Qa*Aw6ywJLcUvpmM(mIag*p3Sex?n9aFo5XsN^ppNQWo;s<Xw
zJP8Wn?4;wHH<KtXx6~(;TkaX^^R6ozcwem@PLAMx1CZ{Zl*9o(;Ui|ru$Z7PYMM4z
zppwXJa4$?r8Q`lN<Hbf@$(FfEP7O8vxurgtB0DZg`4cSic!WNgFJ)7?F8HwXJN9fO
zi+S*vK=zxQ1Iae6XJ`w7HrgFbv_loVil73uU?Fphm>qAg7L|#_X?C)N0Qlo8<iblx
zaR7gTV$BvKwxp4beXHTZ*@+8%fgt<@(Y*C#8Ua;SB@1`^FfvezFDyB#a<i?vLDYWX
z<Ra2m_9bycdVV^o6{-RO_f<&^Mpmz2LFv>BrW)!c?URa;yOI7Z^`URxEKmLHaM(8H
zt07rRI4J|kuVn(hVD<Ni>W5SXbq`h$bPj1|d3v>I?-{bQX)x-0SqcW!iuCl+>m3}u
zD>F1j&afu#)IU;h5I*c~r>`%XM##hP!b8ZDgN)ugI=afb{cJ_0$~?$M`_WE6dtBNy
zk%v}IhKbc#TGeW>5*fSw`fEqo%NzsY$Lzed+dHcpALie^Zb{EZTf<_WMl*{rnaCR7
zx{A3ws_!a<OM=frC9bSJNzGtG*-1ft`v*p4aG#`W+vl*UJ4^<G{<!7DRv<MHEbzqL
zlR;@+RLA8f%LHw6ftXAWi)sy^U=LiU`!A*qp&SKu$KxBCZr9Vnpuc2h$L3`vS{Jj>
z)?l%0R82poyk)8Je-QGBQ<8CJxInJbLHo&u>1PjB#EbXXJzlOu5R$*;q3jvLmn`Tz
zs2wr*X<~nB=_-r*ohGyPgiLBnPtgBb<$MSwJgfJy2iZMu5a=CGC})ZrH~v#Qx}8k3
zBqX~@uZjQPq`Oz~PeJq&t}lhse*I5-26)%=dl@`#r9Iflxfa1?I-#c$_sjEHhhUDG
z->y4L=dZ>gd-->DxQv-M2W6OyxU95GvgLQt9c0qfm8x>Z)E@0IVYAa3XZ2D};J)Fb
zQ{kkfj0*1jFnIHhe>4R_>tsv@NYF_frJv9oL=CYgBp#}k5)#gTlhdl3^zRyAbsPOA
z21APsw&Y#Ma=y8ftv|Nf0uavK1x3C`E2ufaUT3wc3xrN{VD`)6KyO$u5h5x~Ak*ev
z0c`}UGV8tQ3U@J*;#&#!Z%ijwKU<Q@xue*UMg;RBZsJ*J%w<M3Eiz5T+dN-@3EAA^
zrq888qN-2sE!oyB_M-IQd9TGJ9tl3hmik-`7AAj1%zw(nUwHnJ66}CBigLNp3+ahF
zK5vf7M3-o@D(JXLuY$0<KTnENjlQ>pZZ|X?v)$!Tk3cJZLAhjWJ7iXJ0#T~vPoHjq
z8nxV8;<g>qE7^zaniRen!E*E>TSC{E^=+8m@!c7vT3`pWB7tYrQjaI->&<eN`ELV1
z6j7j+di*@%y2R@k^9+4+6(uS|>PcIR?U2X`;<ZWobbE;hwZC>{K`Yyqf@8@TL^fy@
zB^cvpotSOdZL1p<<NL-ZKuI+E5h%P_dJkr0t|=ap(XQlgY@w}OrQf+ElXJt9ek{&&
z%_cBMDEJU8crZ*7aL|n(UR%^pp}GVmQ;^eB(VC~r+}Q5pUNy@b2Y>3OcVI_<R+$tO
z4I`8t#x&O#LGkLCBbqC;mkkLHZY`+s_-RAmBwik-r)y2}@BuA;mfdd8D`heaSJY=s
zkBp3IjY|+ZH+m%zkXDn6@Vq-7Bo7&APqHxex3*y~N{4rRG6#Qzv8xi6sTCEMHB*>M
zgYjac-ZI@1EMgteh*w=Vh4M=hSa1ZZF5)&RVbutxww;cbE834JuNSGAcf_}}$^95G
z<kfTD64W{!`$TlmJZnk8+A}0`68dx)WL(xZn%p$ZP)4|a2RK(DJk9b_1Vx`jQaF(O
zT+A?8OaZMjLR`3JbDPSem6ZOSD=JtpH)^3<>K^T|-`YltkqRk#V8LwFCSK_h_##c}
zhN}P){4KWirJ<5z-GhvBE+2so!j<59o-e=rh&6G+>e7r~7s?L1jXFxhb7>DE4Fa$=
zW8u<9<@Hb@N>lg?8jdcbLw=mt&2jB@G)I51gw^wrKuIIV2O|1f8A~LbiNH9Y^EaBK
z`k302@r=-S+KCG15L^FQ)@eIu^?U;7ct#q3ma=K{T6iQAnQ<}5IzX&|WyClYrUx>*
zM9HX&S(>&Bp(SL;CB<c?6hj6C-1r968|C7{j7fA@yTif}D3~qyiGxKa^Qr+-l+S)j
z;M=2+g@BRvtBr$lhF)YP&CQ>3ps30&mwEnOEO8k#Sc%m)u7Td;(sUr))u?I>4Xe)X
zF4BFxjsAmjTJ33OxrORO8R1GrFKe}k6n)5hk!@P5wi9S!fTNn$_u(w&IQbL}h|2BU
z>EYCTT7zslKx=;KX>@oQCzK)sQQ;<UpXB&h*iEJGCG`{UC!x$GM6Eq15V;V%DH8#n
z`$$@LD8T8)(>#Inyg8<5CsjZ93^L4Ny1vOVLj(lU7<Qb=ncm1mperedRkY8v!XTxh
ze&X)vr<pQnkJ5~PzEXmmF+7@%nMX#>5k#p$cvvKv?E}VE9LIa85K0tpr8L4!^7oBA
zUOrSj><Q_ivF)}zQx?87kjfmrEo*KoSj28X1b$?Ru?fdlZO;)vEN(w}t7_sb{q>Ed
zEemEShW8PqX<-6O#X9(e=it{K;`Pzjxz!^U$PYB{<}XEkc}_J2gzNCGu@OBhGb?5f
zTX|S4#~}jpo^KO>@k<H4S03h;-9+`G(YB#$>}0`~dZ1>UegOo6F~sVI{Ei}DwYIn;
zBEApb(#+V*#LU#}cQz)3UBouGt6X7q^z15|aCiB|?EMLcih0{cJ+r3bBnZ31l(ZnY
z@Ai>PMZCLFU-ppATv{@aI-Ga3I8Hj6-s0oTMuRw_+q%50IzB!ADw?Z$_>d>(Vk`}z
z*Sf}*oB!JH_b{Iu(P{%+_M-SC`R*hd<miWe?S-eA#r>+$yYnM``kJ*%?u2~Dr`|)F
z59<qEsr&IQZ>F35+{Z;tj$fR7LTrsX<LYi_*$g$I{U7;83<A0AG~RFIG0nCdHZcO6
z>Hj-Ka}s)PwFdaw68ZX1UruuVpF=cr{=bZ92Gqm95zQQ6TXDcR{)>A2Uog!8D)|Qi
z`4_7BkMv)0&B)9C3tkzN_qT-1ganKJEg}y{zA#Ar2jUDwK-WZ;`}fH|(qF~>bM7y8
z^FPvGg(LR?|3iufKv!gW`~W%pSF-`g5(#VOL3RZB4vDKozC}VX0Z{bsw}1K!5Y2$f
z3doSWNVq1T*aDm^z_|Vo37|PSIVF+j*a2-9KrR6u6EJN7VUq_5U<UL|UO-0$GN7OS
zVQqq@0pcwe4?xlaP9<Pl0_rY+U2+0aERs|SkiJM6N!0{g$v>N*vx8iJVO{~F6#z8>
z0+a`|6|gD!{xGEhSrpU+dWPibA`z<qQi(*Z0$wQ~dV-9|?a$eP46vA>jQ~^m_ZIYk
zD*T6t%FmC)m;&%8Xd5^H*z8}qkeNY8009+Q1SiLzB6yK{0y3xyTm)>!j|9mAh$oWa
z3)r*B_W;?61c(BzCuq$dq9@3Tq(~znok)}`C>TI70f8Dwyht4*!KHkFnThNa9~Y20
z080}fcaid6sAXPcPmmG-djbUs@B-v2@@gJ{=L9k*AE2WGnH#`fk-%mo%M+Bz2~fL0
z`2xI1rZ%vZ0N`;Vjl%~V2FTo?K}Z@gV89}~g!D8Za&aR~2TaKYTo=HL!9}1&fMY5E
zaswM7iLppN=^u#;AXbrD<3!?0!CB6~IkkU^1|pIl3)r{7yvUP(NXKB8dnDx-$UI1l
zIOw|o*Pn_xk-%8cDo_DvB=8APGCLrVB7Fwwp}=QA-vp2%a4arfg?}Vqc^+O#B#@d9
zm;q3xfknZXM0OBK+Xl>IekAi4RD^6az#{{SHqt<Rz)(Qs;6Z|G0qm9+>3u*ENG3OO
zOdxY3xz>OD0YI-o#XtmFMXHCF2M}P9S92nftibBXP9RCzzy|<}m=j=Xfhd3+J4i$-
z7(1XLzypEifoB2-1q^9U&;T$DIJkg+0)#Z6`2Lak`9O1le%SxeY=ON%GB6C%oj|LQ
zCPof0B-$1zo*ifnX>#NU0^a+V(m;7g0k{cL4V+v^mMj?We`vp;72H6Fpr}72W<bG3
zl6V0N93a$@Y5{0&&>^G&klbz_kPAt51*7K=_ZBD=w4V=YexM@0Kb{7dvVSP!0DQ}V
ztQpt?Xc9Tnko;Gq*8-mgD&yfnst)Lg1N0B+e*le(Oy~UDUH=-M?8ttC@xhH`=_0N0
zSCM?&fSnCwc3@(lP(Wx#wugfcTm(d5D<A`|Gg5;{6g8593;?)DSTL|G@_vBS?_cWW
zLAo74>2f2-G9R)zND(>Skd6$L06ge#S~#d3xH}kVNS%N&fb?e|{lPo~elHRt4jO{I
z@d<DPyse3?k+ZW1t)jEJi?X?ix}}|ggoz1&BXJwpy4oo^m>Te~8^~DM+S1-L2meKA
z=>S<-nw_7PO;q?lfN)1#dTSbJArR#2KY(z71N{dO?w_f}%_4+V+QZ5m0#Q_iFoC37
z5L9sp1Uc{cL!K2!`E&f2Li-1tiw%WhK{2thZeiizVB^B>62S2BVbmm~x9>i<NB@xS
z9vv+MivT+V6E8C@9j6p0uaJnixHvt#jJ&kyGXXKMCn6G@i-Us$!-G)~5KxIQ(lLts
zKmPjz&PBHF{|D#(0RsPj9-Mok^FOJk%v`$r`0<O=lFo(tvJNzRfnr?V7?d$bB@g!5
zI^{owH81{@Ky|s0{(-x?Ru5fHO-qAWey^?i`Z~8Zg@IP}P&krUcF87W%$MWL;MwE%
zFXi)|i3N^wHl7YPU4GL?DcDSm`|fBl%4Sg$BYc<geWS#HFLA0kbw&QA_lVg;mwNgs
zjO*jp@}L6>C&V~ip^wtO=+{7@!XtvzbMyBykV~i3vG0NmC<jl6e(3eRh?HyR1W3Z%
zcIKAFWqzZ9rBBijmnqpcF+xip?Rlo$Cq?L{G?(r?6IPAX724W(@(ShOCFV#hla6P^
zVm%d!P>%FJ>}R%;M~>8ZM~G@J-|39)zxbIV(#Kr=wXuApsO^N0eWqoW`VoHaKJotV
zm&3=p+qBF5!zGU@;x7iiKliQP5G_YJz9L@KCqMh0_hKukjilw|esc=JZPjBM*T!eZ
zjj*#S*?p0!<gD4OELaNN!H-mp&9kG^G`xcUsrrBAFTLJvf_{PJ<Mkt}gi`#fmr8IV
zcWxA4tIVo^-=D_#2kgyF{4-|~4;;uZtwX2b@c}Kp3=4Do-E0?c&!WCBPmE(Nrv@Y9
z!*kj5d26gwqbGHDy}$3kYhYv5-H`A3*6ua+(|XpV&u98(^)<V0Ae%5F^)-OEWiH?A
zZ)qerd;ehGf`m7sKlv5*FTbz#%4;H<quj7J*VIFAy7D}0J}#Fex^<p0TxShH`^PG^
zNQZ9~v8<#>4$?kpyGE^n3oTlNxf0yv4!JLRsfAm1{ciQBB-^%pQ-qfgFX9WyAZ#I!
z{p|s<vA;0(^nzIML&%JQ)xg^kOgFk42vy<!b^qx*-@}*wG$)3S5aU&<;?xi3zg>;t
z_qw6Nw}0F~CJO@ko9ujrlf17)jn-Za+(6cNc0Z~>d#V7JPgu_ohl(**;!^W~d36se
zmi_9q#&so$BNQ>@Z3Wdx<P174DJ`H#67rr<;B%A~mMwVp`r|dGzo=kFL)5r0%)>?-
z_hf)KS>TsQ*}3yhP&k}JUvEkI?e)EZ)?Ukye4P@Zq7F)!i}3Y}G<?k5^1AP(-{q48
ze!X!KctL0UMT}5YkW)bO`4`x|NNHYwk+9}e@;S~pea7=)|EjVQx~pR<-^>G^Ef6W6
zo|Mf@_EYXX<&2h@ehbShi7d?BbC0Z0hUz<%$MlvvUrcL>(RoMhq&l6g_={#`l-4mX
z&GNNRIo1rDoyVhU(*y-02(M%@t1SNo;Qj@|?b*kywOFhths#`@v=S`f7ten5PJ|RK
zH4<xk$UpVomiVgtlZeUJN_W67%KE&jUH|cjuwDVrO6H?(PTBzFuG<LM{;q78j~0As
z+i15$7n`%R1@`myYTD`PuC_X06M9*+HU@CnT<hl-GdJg4tu3t`0wVOqu}HloTI^oQ
z8&^NlS=-@-Y1Geh&W{LlmuD{UZDxHQ?$t`|ea-46XlSIo%5a4OdZL*Z+jz{bo?UE2
zWs((D(MOJEbnpZjE(*XsNfW93rx%oYsWHflCX6s;WBx}SU09wBjp$X<{uOhJkHOxl
z)}Bv$vGL(nNQ<5nXVB)=@RlE{%?5Vp(j0RhHBRuDb{2&mr78O<5z2lq@unDoFQI5+
z^hN`PO!SCZcKOC&<ZrlamFlj(qBwaXexu)F(Q^?=uz?w;E0sp4tI-TOLbh3y_v?O2
z{HjE7@e<^vZcKF0h*$n`NnD|_#CVAhPoZSq`p{M)*T9kM&KIG#;xsQ+we@fBE9Qok
zKdr!#thnA9h>5v#O0(b{I{PoN98-=~nnI2aLmK_tohIT#hqhG8u4O#SPTO{uT1{qD
zmpSk6ry}*xk#X<++>TVEuhi6KF?VKiHgnWYO|}~M*nS_E;DW-Khpve(g{kk?=$U9l
zT|a!!OBWGzry7hGSwFSTB8b76-d^K{Z1>pln)0Lso`Zesl|v@`^=_44u7RTl@;PQf
z2!jd%h6;oVLW!*dNWFErZK)J$(&NQ07gQYfOI6Mk3d43Yt;Luy$S+?al#LOsxb;-3
zBbzv!ya~O@n9=tkM1FJ#tu)KI`$Kh-4y#sL12btGgbikh{9nG@DB1s4lTJR+eqR?(
zOl10v5=9(8qZ;nKv>V8+Wf}c@cZEuG#2)P$-Q)7x%YgoE$eaa&{#~tzY4z%n4&=n^
z02WGvqiLBlb}5EGDWktK3Y|Z8rLO<6J6`1V=v|$>!%{!2Ie(fhzAiSJ^OcFyh#%b%
zZ6)|Q(KF_;Yt~C)lG|dz+#XK$t5>WKXf`HpAY>;ZS1^&yE(WyhJ-%>OADWVfQ)b%_
zT3)uMHZ)|;xYERXA$+?}@MO9ve#)W0S9-ndH1Kw)L8wIkjB!~Kqw|u^eaLs`xqffR
zMbSv^z=3Q7+!Aft5+IM6#a@oF98ulgRIB9=o#XuFZZZLT<tRozP(pgPz4Y9ye1K*C
zw+bsOyZ4dwwZ%RW%5R;%LZ@QualwdX`;^6>RcS|P6S%OJyg_M*!x>-8DK+apx}eWp
z?S{*P*QqQ}wc{<3Ubu9ww(h!@4~eEz@b-duaAqm-4<E+8_j~;TL*Bvrem>~mOkWjV
zGM}NP=JU+_8D5ya^*%1WXe#wIUUPGD&=E$u<B|`_Q?eGu@*G`{>ftYzT{t~xbX7+t
z<!>NqiRUu@*xyX@X4m88oK2iq>ef$9BTA(;GyFxyn`lTgM<0YK?9)BqvkM4abBv~L
zZmfYLXsnN|&xR^<_X8W9jfg+i)Gt<sxP38xQs=!~vYZG(_^IsEM`iu8CeKc;#V>r&
z4f{RzeKR%87gqVe&-y&eub)A$G23TA&RG7o+=g6M8Z2Xa+2UQNoCC$Wy<bOm&@$UQ
zvwJ+h_E&4CtB!ho=A|KU4Ws272+oESOJ$Ws_0bEOpJFk_RhhB$;`=o<d@^e9ZI-<T
zhb|=w)}o=qJUB_uVNZYEqsd$IBZnX?+8a2B>!@<!Ip?R{=LdEpmj^U!(30blRG$~i
zR~GHV?6sd;EmGsg=-$y7?9w<RG-bXOTa#a1=x@ZcI5{@4t}H{`Adb+XZ+XZYGTP)d
zWWFp)yVTf?G183s(+{yOn@Q$YUr7G-%xF?_#-s!Q%{C%B>bw2vQpk4hdzec{3lJ4D
z<Gz8Z*sM4Nr{KjjU(<SIYVwlajh^f`npLh|KWZ+?wMpDR4Tx!<Bdz|5;yX&SYnO2H
z-i1c;$E79O@5IEh6<y}MV!PzbL{j`n!9uk6R?%&H&-R~XQ;`)iQoa#VV?f)ufj~VX
zX^1_n$Dc=`%)0fwJp<d#`Wd7Xf7i#^6Kl(9HAs?4-p4zeC3uuoAXf0p7qx!FpDxj~
zDq!W)n@;jLa}oblo&$>zo)BS)CFUz7g_V`(-LSn9X_`0wV%Uf~OC2RwANH<qAU1Y!
zyCnJjdh_1kgB{O+YXC*huaylCcKfV*iZRADy9yz7PDxM?U7Da#7{6~Ien~js_pOeR
zK9_b$?}<V_-SvwSwBs2+Cdko0lO-nWu}1qLHaox7IvCALmY>c!#z^MZlw16?4P7NM
zmlnBxW*(iI-#SQy;+e!IAAvFN&+!kO_&*&_8vRL3b!_<FIrdYEU!gp@fjlAJB5w7e
z85aB2K%*nXO1(YjcBuqi%cxEK!!AExUFHjHEUVMHN=G%GevYXGMU^-WT5i5n^c;mV
z?%O=Mp5Egb&RFrjbCS2e)`;x*gKN|Vn=~9j_|cSkx`Vgvw0YGBGs!iHAJ-bkl`(m(
zh3mYD0gZ^lyf}@!>mNSDWuKj+HoQB#|ApcPf>9q+X<GU@jp~H2N9=j)UK+ml@<~ny
zoK8XWTtk1cv)EVTTJd~5Qp;&S=s9^*8%0`CjgW_N2&@u7_j`LCk5C?{3LnZ68Gft9
zP!Wo0Dk*lc<Kd1V`KcU5!IJ*;HPs$RYTKa!w~t^cd3@B7$F1(L*NoKZqJCF#4cY&G
zK!JGkECY7y?A5YL5*{nB#9c98$pN^~6^2h0+*>r;o9FjT;EUB)2OK+!?lfdRN>i(0
z)E%U~Imrnh@xuYl+fP&s8+?QCpA7I%+6kCIT=QP&Rqw5&)0+p#>u`v9Le&wGnbYg~
z-wkNib;1!cxpscm)8>`$p9anNJwtR#jT((}>xw*^ztZTDzeoLPLo^NfvE&P$>b<oZ
z!g??IE)lnVwl?*`p3N^i6J<Evi~7>|-D!n=8XrpYhWe5uQTFv4h|yV)$AXc4w7~fO
zOPWzdh~x1F4azZ{!&1^T>V$l)U6a>WKAKD(Pq@Pwo%VI}zFA6oEh@`-zmjUuaT>NS
z?RUPK?Vex1D(8Gdp+{f3;}$=ynwvyBC5HNo+*t@HP3@dBx_iK4>er8R1No*kaJ(=N
z85U(4F{u99xw3gpyvzNE^{j#CuBu1(q;UjxSu1`3@qUj*Q_OVb)JS5%djrAec_LUH
zA;zZzInQ~a@0s#~tUR(kA?4Sh!oNWMf57_x{m49bjbVf5zL-?cE7SEg>6OJ-F);*z
zLtowPdV>X`EE~iZgO;&^HaG>%1xFgp<qzE*=j;Na=O>>^Szk!+H*0$X*&5x6U79b)
zURsv)(@5}JqgfWG76KpT=v54Zeci3-COpK}9?=t%HskDsZ)#tO7Ql|b)Ig5e{OzHk
z$3#1}A(zR19rY^>re_vQNy=Cr>AMbNYUpvhga_kJUH2kI3!^&fEqzq$8&+lZ+$!9H
zGJmA#q_&|lpbc0S<6Pf{1#8LIOt-jcc6;H3HFX}*W?oO6C4R07Jo*I9c!_d3=P!a;
z-5B=at}lhP$MqcwnilDTx9tsrAQ*^BMf;Ml`D?D^2BQB}San&%LSt_%J!kgpkyaHS
z`^Vc5Qw@=jmLn*pzc5p%+WV&>Rt*1RCjH;#63sL8cV}VhzAYnYXJBH5eUNx$5TO4c
zrqw2or!pYVI-XC62>ywah}G*o?781F2!cFxA-+?TIX=M$%`<Y&Y(f%IBy@d;?JmBu
ze-_=eit;tRzfjG7>J-lInt|L6<mA}~#S-;*n?r*$3e5<pW<cGHue`q5zHSG}9CO2P
zKvBhL<D`inr%>JryE$E@vKbM|>Jiu*#$AleWia<r;yY8VNp&Ejinrb5<-j<ee&_y$
z0<9gLn#TFF`r1?lpP!f02PKqg_(4rx;eyH$M@h9gQUQ-pX8TYB&)x4#-|d4J&bY!t
zYo7PnaZ}jTzd9{<bBb;Z^YZq$S(!q#wrC=3_3xI(KdlIzoAS6VUY6I@9hv+6lpCez
zVP{*BQ<W@ce7d+Nwbh|%=LXj?YVHl>on%M!Az$P#O%W+Ktf&>{+6;ewx`js4sM_V}
zH}I{Gep@5+XVP_WtR8BfPzAR*0ARs$KT?5qH*oKb0wR0GYQ;$6qiCbm$E9xwn;-E*
zbMR%DQ%Z6g9-OiG7^D&2LQ|>uIbEeVmj{o8E@AkLIyta>IgoIokbP{cF&K#bVPXJX
z{Xg!W^Vg0#a=2{5T|^A}vW5j|ujCf6PxYXSc)tUaZg(xgpATuO^b>y$<kl3C)%UH_
zq-kzMsc7%^h*Aq9X!9Ew44QY?y@ERUdTUjwK+%9ZbR3dV^X%WdfmCH)^HBJ3j*ed`
zM;?!gZU5*;j{S5H$$AMtTrOg_ANDbfPq=}^xmRA&bgu9$r-+TZDk`^g-9YR*?c>L~
zS$>h6Pad59O4UJxzKEV9jnl-Tw0@Crf)-;yyD1oEJvDlKVZp~$S1nS-AvWgEFm?lZ
zedM=2Pco@(*Zs3DwVCV&@~o*u<qVdS6h*8*Pu#6DZ3i7puD&A9LmTpaY(+D51A*<f
z6tCNHxO{e*K5g6|8a?EJe|Rh>%tll|&iDLFZndyhm+!;Dti2mZaLG{@SCZ$me6hBA
z^=l>xFx6mf@IRv~@v}U8uE#0UQ{$7MqI~(yUUswESL5)?^#+3L^Guj$nc2!5UKua8
zb{Oq}QbW^R>ia1TmdlV)XfQ{gY$P%h@*o7=Y?4;5M|}15%m79rbAOR9&za_u5oMI8
zJyyrM;ey}%gK@jujX1B0#96CT)tBP4)VwodSH2@C_I0OAY^`L%nh|+cwf9CpI;W60
z3h||bNynaO=0IK=EUE%eaPwJxbRPoxW{ECPmW=KaF{*=TZS#c<UTQe}-lz<t%R8qx
zh?7F_9SKm6{?eyCqbhj8^)vnD!y~#6MDHGCB4~!!#i?IN>y4DdC1pRi=D$$3d6bo>
zC8ltE$rStFw`5XV3YE*&UXuARu~)#U=;ljvrnsc%G@4z0f$@ElWxU&It6q8iI1Qh^
zUUqT5CFD57c$DWX5l@(4u&EU$Ha_U5rvG|T>>c7!;3w8cYJOgIA?B(T$`{N7a3$rT
z+5$)<L-eg^h7ZrVQ8d&I8K?r}{@Nt~rOiiY+^<X+&n@^Y<?Jd^n7S7jb3k^9d8Ot^
zEWF_Xd4HH_Gulq&utd1w@%yVo1j?CKiVBLs6Cc9C-k>*g$K$uH@5Do|0?uVO$gX)7
z65-)fap?|bwzWCcAB-h7<eIKs!89dTI?IYT5e}v)mT?b7tI7IDj?-{rmuaZ#cmm7!
zF=`yetE!tWRT~p73nw=Mzh~)gPVtN-xqS~@#J&?AD-wJPh3=)n-meu-^~E}+Z=4Fc
zE^Q}HJ&9O@-#Vd#?iX;Q9Hq9Tl0@C{FuGUmGe3cXJ1P7X%;bIVnQY*>6Cb3$^-*<N
zq#<a|lZ*=!dK64^9PAafA<_=w9%~XraVo~~=M3#f;%lwd+$g_Oi9|^s_Bh*k;oi4U
z(O;Q_-p1d_9RE&rUGLM_k^)vc=n7b7!-I_ODWcItYwX-QKHWCZ9Pghey}Zp$rEWb&
zxLsCnQm^hrRIj|?DV7ZJb_lAIuvoIArjltsmA==?xDf$n<3-QTy_@Fv>h{bFS31aT
z7#&$z4kKDeyx75ln$}<<EQEXh_C(QGyi3e|8qQVRpur#$aq@C-Gm>_;aqz?n-MEz#
zd@M)6nc6gtx73J!MyfPyF><UY$gG`7S&ly#C*rT-C|CSVcl>A<rd>am?@CFS_XGX1
zcMJO5H})_n(#OejSwyP`KB(RHw5qDlEozrWQ|!tbvg)8eC*PIQ_b6~S;oPa#o~iz|
zNUzr4Qw8SHYhp`ZynRZ{x$EAn(M5_xfgHQ9Y^NV_eebOvlrR(~+GjgwS+na;J~OTk
zXwAg$ycEep+r$%kGISJxlWTQS*|0A~bZuNR#`dmG78-gfWS2j^sPNXdZ1qYvG81ui
ztEk}Li5~N({nJpBz4(9~HZ)kpQ(Vn%?;o-TX`5$S(!zt&;)e>Glur5P=E4kAawVS{
zXwSNpNzX!lha_n0t_Z1%CQn>c8RTF<UPV70emeBDJvqeO*z>_KLw-?Fc709g)GWDN
zj$`oKLJodZe-Y+|puoQLB`nuZG3?rSWzqbcrPpDpZK0<%t$Xf4w0k9iMJ^L3@zS$g
zQOobImajzpHGlsZz@B0qsTfHYgi91;hfcP&_Uf=k8goR+0YWQKYx1^CbjRS2^bfCb
zvmB*;ruQE;ef1F2;nZccV_l1Tjo1<yxQLv~T(d+ADS3LPwvTg7SUZ?){mQTH>*7JN
z7ue<HdVP0&e5`IR6mr3+&HumHdk?6nmTcj_$%15TGBi2oj6j2;AOZrCL9!AgiIP)e
zK$0XCB`Co_lq8arBw3LpIY>s3oI}$zUmd)6=3eK{oB6->{%_X$*2h}S>3u4kI=go5
z3a9$~NMFG@*<!Ynri4jG8k6DuNuJ6+r>$k=)fVUj?%uUjUHdQ<(i50ZW0`mu_q=SE
z6xHW1h*&w;L3{4Ptrr+B2>9XqfJRgrBrtcbPekfq@UsqHg0;HUS*7sr8SiS|7d_K<
z@Q|*0`Lc1=d=tL)G#1G+<ogwe&&D-Jts-WE^giO7&1k?jeCl*dgYqfIP57gW$x~v!
zPkQ}wQ6lP71TcNjV{bOW><&<REr)^9=S3e>sf&RpW_qAg>uCdkIwKUtBGnq&5FNkh
zGL6<(F50$26Ivd@#=}7W2g~>HQX0Llne;kYweQu<mQ886riZKan^cQ05~^$rf*c9T
z@!7|7W7vzwxVJ)lUmeddDD?JNrg-13<D;cI52AWS>3Ls8N}>x;?3UYB9D67|uyvg=
zXoH&Z<h@{p5I@9|^FdxJ1gG@C$2bn7xA%fg<DC+2;Fp_EW%+{Va{0HnmEL=$lXga>
zQ8r;7?xED5%CruCNT8q=!{RJaSm|480?%n&h=H%^B~R=<L@R%5zG#|*@Ow{(CRf?*
ze0^h#V9l%Lf%HtN_9rJ=*6%JseOs(^>6pbIi-LSoi+rxac2s9@@uP`Uh;T!Af3CRl
z!QQl^&X%mR#v)Tttn=5Hsro4FS*PC3r&BzxGN063J>g7Y=bsWcn~_NI#9*5h`?Az}
zpr2J>tu!pkGpwkW<}mxU-sZWnml%bC_8P&pCod;ibce=U9?Oe$yqrl0Qm-w)4*OVm
zanEnv3`M^0@AlSmT5JBHmoG9kZ+WErwO{@zoE>=dcG+tOmT!-LC{^9Pc_BLPdV660
zq!rTwmg@bc)Q=K8=1;D?;<b~52a&s0#2CFUj4n0pW0UbzWT%3)I9QB*FWYl>S%u{_
z&@Dn91BU(&!(<Nw&SUbTdbSp;&2|(tPjFRKJPM7b<2r(+nJpt_P@hy&u+=ZHhIwl=
zh_y%8<?%Rr?x-KwhRC@Fd_>RPzbxCg#8s|A4&PwV*lOi+7%mq4Q5Z$VHBPo|F+m;0
zl%o_LkLsMZlISAp3#RFoT2`p<7aJZ@Wz=+wWg8^l5g_JDtqvFn!Dx3cZ|SgJr|tJR
zkw0=ZJ5r49<{g!t4&TC8o@dI>_O!fyX9s55@Cjwc0R-hNvTPkJ8ce+dKaVh~j_J|4
zqZt)}T=FOYLu_Oz%3>|1d@_USIy$iI2QSIY{mVfT5|Yc7p=*T0vVC3w57R#}i@zw7
z$BE$G999<C5{>l8!^roQ3zQA^-B(uyOWfbN<h+pgYnn=3cW#vD@*fILCm)>Dazz`y
zq?ih&z@FyAZC6)ZH&@xba-sM<{b<J=j(Vl^7vGX8p0G)&tCba-tFWnl+>=<Pr|Xz#
zU#ka5_Ul-&q=!>FC4+Y#mqr)8{8n2PTpMx<XCP2@@BKg<Pr_s+gK&qDd2z!9C7P~)
zZDilfJ7E9U9T~}1Bcy#jmt}-EYA**bh<fuDopNMF)UJ!<!0)F}BnbvhW5f%+?FNm%
zB1zT^WAAL$a*XemU!EAfLe-XbW}fIZ%oMoiHyF+r>RCh4?Yo(Y4;ZW}l_v*{mVa4)
zH%(p*+d6_#I~CgH)NzNtM@*?MP}rGy>JqiH%I~>n?;-6|#Rkl5l)38*`In}Pcjuj>
z3g2=^@I<^!fKPjrCfq;6I#rd{TuYGtVLV_mx@?oxti6M(c2v1OC>C)MwuTm1$$D)$
zKj7+|J>2GcdRv1I@icoEelbMBiY(A@ogxhPtOH$t)DcX`?dBk2say{odwp98Z(2R9
z)X-!bk0(ifft%?ih90FWIOorYSH4%7J-iUCkQ^WwUckP=p~rQJL8mSC<)XP24h6>0
zKV<u@GMaJVsZniMpmxrl(c#Kg(i46Q#WG=f>$W(L&I%Sjym?e)+J<&%Ec$yITHN_N
z<4S2-l>b<5x`or}d$hvv&!JA#GDh^)sOp%pg!(R`LB<Qsu~(JYVvk^F;1dWY<(Uj%
zahBaEv!Sr*_P*+8x|tEg;^`{Qw>k(<+g4D}`le1d4Ub&+(LGQ4Ad0oM<N-yYKWxi=
zXg_SYv~=Y%4H~e|0@gJi2g>(-WTRoc{b*p$Y`;@uoiHndAtoU}`lVKe#S1wuyv32V
z+=1kT?=RUOqE`ZvDAu*vZ=t&gt}k!vL}J-$zUFTom>Sie$S_ID-(b}ekucBxF#>PY
zQz7?pxcLRFBxoo(y))Q(V$2x&+1&Ia*JkUD;^x<hSlke{f|nm_@cI<5`O@~0$~d9|
zJQp_#i?HiEh#0{SYgQlC>{#X^YYdt5AG>}6EUd5%#Pb07>u0nw-6LkI%#_Vy@y#C$
z)w^^FbwV+`nR}Yrw8<`V!gqz*+ggJ(u+ItH{)?%Z{h}qJM^V+$)yr9K#df*kX3gaL
zyIY0apcBrS8dtu*iVr#@<N&X8Fj*H?4n0r?ycWj-nlLB5bM|@}&2Y^P#l|}Km!8U@
z4#tB6v|W~GyG9$ByJg2TPC-L1hBtw1Yh`aVTb#J>W$oo79KmYrCG{BsSm4lk|DCKg
zl6Cs$g2s0Ym&(N-bFN>R+kk&wup+K9&b;qa9BK0OP5da2@@0x2D$EverM_o7mlId?
z?e4a=Dt}G~otl7&^~3LHm<204U8X`fUc6tHoOF-$x@s!CL}lx~@3>19q71u*Ha5-*
z#Or;{w%}j-=HxePwK(htR6fj4+M>rZW!ZMd{72cXZ`y~0amB22EJT%ssBSFjo}IS9
zuDDM2MfvuINz`gW%gil{>V(kD6xf~S;ggO}U!1*7w{Z$*3OtTx%C?kfpE?<TjZPn*
zOEGI9cmZ3wn2K0Sjh~Ei=hb+3A!2eCyqySUv=IDUDbN1TD@V|>+)ut3^k4}3V~07*
z`{5h%ft{z|^H)1wr2enn@iL4v{Qq{m{NK9c<!{?Ae&PG_7c4T;dXwZzXeg3QR%xsU
zGz`;7$!wIpyjgvDboR_{aM}|`ybrl%F~wOwDEHq-FIVT<v9+;XIg}h&D@@xyf;|Z4
z?3Yz{;&AFhOqMgC4(2!aZ7Tv&a#neq3Njx$nLqKPFIJ97r^t|Yj|R(Xqh-+^C^lw4
zjZ&SdL9Aixbt{DE%-DPT1bl(uMXlLZ458pBzI5^)y}gpDd`+f8_E7b;7PrL1GX-V`
z`X73;HVbAq5eFkGSi{Sauq%(C^#S|Tw{OL+$+69NXuSwIZJ|6x5x&)aryql_TA#?t
z33{o57Y);e;cRw0ZRUcnmqW$Vx(1TKD%EOcpzl}S`i0X$eK{?{4Ai99`yX66o3X3|
zVr7i^C9S?xB`!CE5{h&tllL!%T##pR#9MkVI2(O(iYUBF(a@!o-wa;2VUM)6_Wn2z
z$hBH)yDjDl(M5|pIxcgurzxH*!xt2`+F}0R;F?-}OVTNNw=yjnyoj-U<8tVjmchQ^
zzfB>3e?IWvKfc{wrE(f$>>1uPtTeGjc(R&yzKHoAA}x4l-KXg}Q$y(T@`+yer+1mP
zH`tG0PPOUnezDO=q3fyKPQpSbO`Njsgroex{KqNG-3C37)<vW_<&JQ!5%8ufcX`sd
z?n=={kB&Kl#W*Mbi`97O7CvNN-$hFgkN$XibNGvLq)c;g&C9`od|%D!a0TH&9YTem
z0;(fehUhjT!M6#F>B;WDbjmg3?u%}`^^tA=YIHdsHb|f^Fm1Avb^%LUb)c5usY|oj
zINHM7hbpx4-%Z2E=zPVP<+zH|`lrg@9*IyMRl+_Geup#C{qIpF{|oY@UrS?QME9PX
zyi_}TzlC8~$Dz?^0J^-~E$eHDbfDKdW5dTHKf$Pc?E&$T`v<kl%IP}`&U5)-FH>xU
z7hzSO8>17&H=>pFExkd*lPO7sZdWTR6TT;_jjqgb$KKRF|J$Svn%MmtA9<FSUY@oE
zS?sqz5~iGo1t1z$ACP7WOEyujT=s7A|E6AY1Y5UC%MXw^-FkZ(0FK#jw{q0T6rSI^
zwT?uQYO_Ai{m}WUxc*U_d79or&3O108$wl2&-_Y*pF2y_yF4KYzN?<{q!h0;|Go13
zLz#`~)|py7d}TF;2)TM!&QPlPkto*$g=O8^>msyjJc30KPv-f2-AaOQn;Mf&$Gc_K
z9*o^BH`~X8M?7Yx&#GcHz;h&x?W`-K?S8koo4!N~eHHidmKV~|*Za$zF@LpN=GSvX
z=@_ZKc+t>;Ck=Yuk2Df0SFCyW!pgHT!L?^UDjJJ%bzOLSp5wl{eq7xye7)U2t6nEO
z>|&}gk<rsb5~HSfZ&1C(SQ_jn<@lX+3ZLKSzW@G_oQO9)owSf@vA>3~TSQu+|8P`u
zBU|x<x890&U}fQAIdGY7(t>lsLhW^(C#oL@;8++pp%@V~&dr~@H!}x|P1e7v&s+T%
z3<z?*bG&$f3!e7<{Ud08X00P{%Dk}Thm5-dMb%zCZ(l5Kh{W~wCuu%8mx_kWwLLhQ
z2_jA+zE&4DSmC`9>f>1__*nI{it=G`Y|g@X*4Jv$OJ7~2qCCi-I}p56v2(dVcLW<y
zK_H!!i4^s6a;y5+O`03nMnBy>f(1T^-y1NuStDe>o4x2Zmgjx~vA52<Z(Iyq=q=|p
z*#^oZSiwW=^x;0>2G6q@eq3{|M{G{ZqesEG-s?Qf4>L}n$SXj_EbBpo(U6zJY?{)c
zVDGY2cZAJ$c$co7iwjP1?gMKGczs9$=dz5HOI7cx^}030D=~YA&f)!v{Q2`jYFU|A
zRMOL)W$I2JW;6vkXg`!nAi0n`53tf#8DV?Fk!bx!6p5n36xjxMWzl=Z{r(0=-f#Yh
zu7iO%-@Hlt%E=p>;Z55QH|OeJEhCmi!L-UBHkJJszHApP4p}N<M|%KizLY^S+l<G~
zN3k8TSE!Rok?(&k@b>HLKBr}}+_OzD*j1F@m{;Hb@gTOjCUdPk+!dpjZhqb96^;Pr
zN2;AipH3GxF`X>=pLM-|b$$XV>|3?x-f+L8U%MQA-|j4hcnd~*dk$}L*<$ITklwq8
zVg|b45eaUM>H2sCqRCR=ea)yAN#F;stp}c%edTD_t;fI4HqvR?U>ZuHNcyW4NgSb!
z8Z38mvp?AeknE;~S&^i7Qw!@@MBDeqFv{uh6YZ66EUPe=-wq}py?#gG2u4LzTB0mr
zPR<nvp7DDI*IwMIR?sT>Doov@Qx-FZPftu=2iAcPwXgg#toZ%j$jQ(AI1irRA!YW|
zvz!;XzsFHG=qgUCue?T1cp|4aq$f|;M5EHLQ(Vg#QL3&-og{zR%Q}IML~j%Y8cveQ
zHldx$dN~@hkp>G$-`L`<9k2>HD<J686ifrHZ<i*ZuU*p8=i9$#rMJ2~T=d(r8`vxh
zwbsIOd&*Or>AqnHGC$Vsvc)WQh(*u4XUwB0E^fZR`S1;c20rVFbc(l*1;&$|5iOB{
z+^)Ac?N=y9N68PuP>t4D>Arv42NB_{M>V1bgDIR%tX%tFj9r}Apvg;X!^09-$q)Fg
zqbyH%MrYk-lG!=A<H=I)Ww-w<7`Ni|p9TQ@DqJCi8p|4%d26@oUg}q|vh}`bfBnIB
zh~9(i?p{q42KyMNH&9^jW-`kg|Bigh(~ld()f%u$z33y@JJhA;&OO=xq!xa!4R92%
z(wj^{z~?titg?uB<YD_S+`cF`R0p<9DN~I3+L@$i*Pi8ifO$jI#<63wghKai=X;D(
zE5Z>`TeKUG$<zkv%G^?_bq^48k+A(Ikq=E$iBtI#;=3c?#<z0b5%}{RZRy-)<vOh#
zbw5pVYUHw&ApTa|&8+pAV2+xw!Wh@NhhL}Ur)=M<eeAnEL)BXN1|y%BSv`5ca#0cW
z>Rdscx7+k)JIv|d>Cz3!Zs}_?saE%L$(cKvT}t|d7drqCu9}<n&UFbqRTh3@w<MRD
z)w}QuN|$I_1))5uwJS^A$^YeHu{ZM7v*gI%4CXf%k7rkp#>WDeS&-x!XYc-eeV6iP
z`yRyreEU*T*2oVt7g`yQ@QL!{?PuT9@Tw$)ww$)x?j0^qZcK7{K486oF5f6L{DZ^(
zqx1g9?-V3^1Cuy5*)4@bE#V?5*IM;<uP%+Ru>%*ik&K>hG!sIycZo{1g~*Jm8Bik^
zy_Ii&EPPbxGTXE2@UHUgqciN$y*q3ZUHGT|(DLCc<G5ah@8;=}4WggCdwk(80yNaa
zIOXTQ+CH^}+xl6)=rLRmmL+$*tLx9)5V_Oq=@c*j${+qZBo(a3DlHINptOtV1>N1Q
z$}L$GW8#9nRuVQvo1ABB_9AlLJ_=8=nd>vaLw^sETlj<Rk(6ecwB;-q_3M(hc?dMt
z8p&ZxjjHh`n&S^MrYlw$G-5vUB*q_3Zxn9wg2!m-Qf((ZpG)*NkJ<|QKH)~=JUG1m
z?U(hsf81>O_ZDk~40P?f|9q;q*Y?W!Z1u|G;qwz%J16w_n!ANcdjqeIV2-|Q-vo*u
zHeZXgJII<<{(`6vL3;mY1jimEZ<uBCNAhgwf}K}&{RPRTx;{oeyrsw2JddAoM0(lo
zA-BB{L_cH&AF}p~-C7`|SRix#dkOwo>8!YYb2pc<f_-kNx%}Q}u!n;Y-90Eks|0Hg
z49YG$y!fNGS~3me3l_KjsJ@-f5E+3ov(k0_>Q@)e?BMZkb5vcb3E$(SdpbdRaO3Lx
zxVeFJ;3Vcf|6mAzG>X6a4u3TD0p451pKEsd3AMRKh|<}a;B=!>PS|I|`)BAmLXgrg
z-dL&G_KI+F5?s61($(kxC#QwBn&ciI#<Dn#Z#7n_ui0UxhmBJ))HlW{`T|~mxx3G}
zCGe;Ce>SJ8sHwEZeX0G|U0cLu9ks&kpHp>@U>-q-I&RM$@ru@U8lz9vzv&vi<R(go
zwMgGjL{<5VPFs591p4>R+B4cGx#Bv^Iz_}ykCGZED3ny%b0=<dZ8*KdnU7wtZ6Xi7
z=(NX4M2Wx(RBey8F3sgJC%c~d)7anGVRALnZ1uip_`7dPLYVMRY@ev?<>eK>SA6Ef
z>qbrb?qwY$qYn4nu>!GsmPmf=_p~EeFxavdS$G=k38ll*#YUnk!4{D5`$u3r0rqlC
zPo=Fm9l>@dYxi<DbN^o^|6@9tg%msfyIyev+Ole@k{47mzTe^`pl9Iag%kYQHxOA&
z#zveTxc9EPsK=<c{wo7T3WMFFEhV}95v!OQj!5ePnKBynZ)YVCozmaI4=ZYYQPaWE
z*{4<W&hR{EpZ?OZcLWn}#pHc;UEz3to2NX1JEGaJYesB`qeiZvp{|zF9mC|GQ<>Gn
zQXAlQ$piZpjp*tk>hUzRP|z*w^V}14c}+dik<lIIVf5!=32-oYiF=__?tAA0xxM_D
zaJ<+yT!96-9l=6AVFYIfyyJ&vY&%-G9`z0sf;o$w$14-UecY-qH5i;j=azrS?7!U2
z^+#{^Z+^!cKoag{WYnZJ?1~=b+)f_neHmLt)O%~sxP0JK4OMNBWYe(WSD7A`UO(lf
zCk?^(2Ku3&OZ=%};Y_5l*3P&VAHfR2Gq((|vCu!PrEs6g1-1AEHLq=H_1~Os{u@)~
z-=?UvLdrAjK&=+W`vZfTyXs$S6hUd?LTeAbtmdq23crD;F~9yUOp#`K025uNy!~By
zi>FW&>?{HcT%4}4hkmh##CdJ=|GuU_=$ym|4`41)qqt0lWRXF2oHwA~fuwZ>4CKt$
z5(Fw_=2q`M&;D|P>+^^{cAupN`jHX*^w5=x&m&*dvsJB3hJ0_S^}M7S`r&;eUB14)
z+F9j1V*#x+UKa^$Z+6;o#5qsUpX#o5VNqs}OM&Fv(8#Cwj=kO^*y-<H?xADwzPQyM
z>S5Jq8ZLn)kCx<=!_z4e=L?P25p^R6+<sdpGXm)6TAvcLp;@ERL1ccR%LyH6-a7+v
z8u;taq;B#XA#SIi__MG6$EEY%!&6(ZXK9aM+kL3#LHBDtg9NAB5c?<0!Hm)n>$Ssp
z*u9lb@Qdx?eMBmuT1UX+OiS=Ndwm1FO%ZFgAu|XPB_6@LlB;S$NdDOO{pI(p7N#~1
zuvOceP2lz?rEFYHLBVLX4MB4`OXmpl>uPtoqXRlauv9~i8Z0|y#behMC7RXj?t#so
zEu-r{7L98d0+CVm$v4NXnwg9$be_dyGj!G{Q2KkG1v??+&&VJDp&NyF?&W<<HjaAp
z;PgG%#q@n2;>P$x3Xdh<f;(U!Y}bq=?hRzh_LGg|E_-yS{aN%gcC2N%@;!Rhyj!SB
z^>usJf>?z0<C_XOOLaS({WW&$VWDmq_JTGW&y#Awjy%oyIfI7*REsL~f7M6-dQJ!E
zjQu1Ey-?dx(_r-;nXo<^i@7HZW@5R(01n84=h3>jzl@vz2U?_m)<-L%g4a131!FDm
z$J)zOUfuY*-HE}sTj!{H&zI_VnXmWf25c)6Uwzfsh8l+A9!@;5M%g&zW~vGHY8PSC
zKdc{t27MDjUB!_qwDu*38V}_{TGk$;u~NInCcfR|1@=fbzk+j7o?(gR_O69*;iT`4
z%`~RCt`ZG%)=fC9QXDKQKlk_t@AD7dNa<Jg7`Hr8-k=1#XAAN$i%Zf6FMp_<{AIL8
zbSKdN2o_(~f~{)7-s_tMJEnheX@A}t_XlJ7y}rDZ$=-d;^F7cEjZ^e!o0CI^%c8^t
z7X<bfCxXgTrZb;neTOR%F+|&i8IJ$Vx8QvWR{C+rf>XOUfpGqsSV@3b>!AT)CUhUc
z7}7VftXE_)8_BYV9*53zB>%-o>u2lz54BV!#DrH}R15Vv|F-KB!T5+DR%eaBAV|H$
zUxPkYD<M(f;&)o%`36KMeCzO^D)mMhgB!jwg^0oS6O*oBKWxHgP(W5ozSj8+r{SA#
zS5j{YiU#u49hy~%{7cWl`)g0IxABV$<HK?MWo>9p=NJD3UhMhD&f;HA_lVh&ma}3U
zQ(WSUyf}-QBhhUQW?wAX)|O+ki0LcBC1Jsfo;G`w>XTMn0|kLp>;A*vK20vRH2RQz
zH+$%hL|((FboL^^ufouO=?e?Yr-&kZ>X8h|vnD}rt!+!KjFqr=3upN7ny?~^)8^~%
z*3TZ~FBvZ_-i<Q>yOyTc3TU6Le692WBMt7@TiXA+{7a}AcK6>pROkPt4mF1@S<~;U
zBg;dRL5a7i1~F%{!9wBd8fM=O1ijN)!6ycNuD!(5h-T#)rPwSxi~PXbnb&>%ks0vi
zd&>lk>H-U>4)s#7baflaKj@n(x3o<g(`k6{fw*3KC2QdD(Vl&X67HYZRuPSsyk9Y*
zwr-`G@$`yZc2DEbe5;sj-0yig!;ZtA0|T2vGHV6j?J!|EJB3M#9#f04^oxaleBvYO
zkISQ!J(LbR^^FwWrw>(|ebTDhtM6S+bnTs?@ZMH#E4}IYt7rNv8RtLbtst)jch&-f
zr2MQyADzP!hGr$1N3hn*J=hPt*n42&%ia~lm+pzU$oDsARY<r87EC$Sz^uqJ?LfTH
zuaMyQgwby&(kVoK>G}Vb^q2Fv0l$nH3S)(SF}M)gKUEc9ItBip2WX4Ezm6*YrALIu
zFajMZpg+~rK`*7DDRcWAw1Em<XB~P273dNTs-~m$ROXS7|30m^Jh{G#Rm)e#Rx9t=
zS#JMHRAIIFr62kA>BR3c{?0EwkQJ*5(DvDJ?EAva!lHqd*w--OU;0Z{;`K$W+6V%@
zi9pjBKOM;aa~HMsSLXB&=M10AV$VKF+a6NhVmHkF<GrU-6osAHdT|@7=D#(ID!S=$
zOtcy5&>ywbT)proF+}nGFIDolWWSsz{!e%h$i(tayJJFyl^5Tl=FjH+@zzxkHsp7I
zoX3Nz_ixYQd_`Mo_Zi<E!O&nA*idvp-!CU%eqO&+$={Oxa-IeZW&c!}fquV?+8)E+
z{W50o<^9tf$ui?lwcYi*<@}dNBhT@D5;N4mRWOPUHOiwUFJ7SSXd!u<!`o#af^1+R
z`Wort_Es$>OQ4Q2$f@^l)?s`H1N>xso(`C@=^Q2wR2$z8^i8sA>i4+&B&N%aHObZy
z@5`^9;_ownUyuKxamMd624wacZAB{En%i?<dWLhh{3=U}AF-ww=a+>kSUTTDES0cD
z{wio}_7-v6N3cwtAuvVVK^u3+>9Bm^m!cMmzaT4^(`vJ<LjC)+)^lc{Esd(QaRB3<
zZE@~nh8ks~x|gNo-m~QG*vN6pmt9*!o<TCY!wL1v@sE#S*{TCreD&F9XyeX*uT6sM
z{3qT1vFji3Ri8qZOw!D%Onq;Cmf{pKto%*6Vb5dvN;G(dh|Ht)@&=#J1oM?eaWSfy
z+la_bG|2#1@XDVUN0YUHRk3Se1<d)o03Y5D^V%pZW$C>t|ESS;3}xLx?fL|PA6PRB
zmbJ2K-WkRxZ07u!s`_4kYpJ?g+t2V6Z2y|yYbS1RKl<6E7!Bn2q(3hv{LMyxuZ=$(
z|A(|@#X4;>6^%TLG<sL3tR|1Ott$JMqsZT_?Z12c$5ALiZN2UjrcyJ_Jdd|fUsDen
z>pzr2@zHdDT#r+-cOJd1@QmZt78RyAlyu9qCBn+W87*BKE~S|-F(14#B~jV(O)0jQ
znQ`CTq8q$AJg+m$O6{_*Ig6alP*^r+GOXj59{8X2%>Ui<cv*Y5Udfb9=ZnDTUtNwE
zjrp7=y9o=H-sbiz{5VdC41I;n4`R@4n~>ooJrz|x<$ow{neca4eCnMpuAb(3828Oo
zxixrfv=Hv6aM2e;t(ACOsJCOes7rnQU@s)^UTpp8@=&)2r(eJ1aF|UBb{q|m-BRpl
z0YB`I-9P0;fu0#}9rzr*8x7<B#Y6uy&;9@PJdK&z6{{<+t6x#;NInx#dmVux2#{^)
zyvNhwxUECooN2(GQPOcXwdoM`4Ra_!5i*X_1;4x~bV$d4@gx#<k>By>mtQv`rgq`S
zv$4Wp(C4pSfhqm}8=sG*^mjg=uqS)~9Ts~cN$Jg-K0!)j12#%H^yeTEPIB%%0j?g^
zZ51{F$`j}M&$3YhP#?z>$vFZ5>HCe*cMR}5fj@P0RDEk~^yDYPhqu1lttQQxE}CWt
zw?8Y{{h(}*>iD_y@_+xowaiGiY)69EzOx=3T~zL%K;DM?;V5~^<e6eq3{CEuK~21S
z?A{sF+)+&t2_hE5(t{n(LR-Xc`FJn;97vXJeHmXK+F`&<!(b}Ty(KrwkO!LbqM~^m
zH5nIu)sg*aR-dL5_H>6GOan8O4mX1is~EmdMoLreuwX_&64LE#(d-vTJpwwb)#jn-
zA12pQUZO?NmngP3o6&)X6l07q>#ruAV*&w{ygfhKcdzQf5BmA$=SsKz4|#QHVIk`_
z3C{#REXt%7q!ATg^!RLcH$6?J(|YsdoYD{sw$UIUzW5Eic}Aezu_?@|n<v8+X~SAD
z@A_jr^$iU6!zSVJwxyxdvi~f+aPWqF-kO=Rk4x%RqfQycAsiUti&TQej9lBd3G&m4
zMeQF20^dd4Owl!BedFf_gL&#?8!nHS1vGCE8T+kSMt@XFG1y(gfjQD4dd7`bH?`kz
z)Z<?fdS0#9KO39s3WK$+s~$Gg8vL+I=zIYu&&(lfF`SGT>%rP`GQyrc^DncvYbygx
zy4Ds)g1h?_gLcJvvK3LO4KSFxu8yA4p|Bx6>G}i1+5A~?nig1*3cMC^quJ~*C;NWg
z#<NNGkO<r90|QJ?|Hc>-?hYKLg_Ab;?TOH2qgoU}6mb+81r3azrv1{l_9=3>a&UVl
zyU7y&#5{3`_yqh&$!KdL!eU9P#zEaPfF4KXl9Z~F0j44{YFdf)1`0<-ZQgK9#=TnE
zD4ptQ5d&jxq%$jcnKFmNf~0a@`deo@1-;_!s><)wu&<LPldP9!8r>`!2gwER!>H>z
z0`xi`lwt<+w7(3Qs=~UIy_;V6+v(Vb(iF?W?~Xc=cF}FSyc`r-5gWbxDcj^-;*2A4
z2zfDh$;ZN>h}j9Murd<&6hT3p^z*dU*s$)iVTq|9o{8dj;d=L_`5Q5JKkzdRH7*kx
zYM_T*($s?w7{m>Jit;lHrHGsqrf`7CQIYOXR9wAqVuEY%k|qF#pW<i?yavRP!C7Vj
zKB3h{kI!+GbsiYLF!k=Ucjb@_)VN~w8y_{mSuGa$9VU?cDu|zX(I(5MnS@}f(ZIA~
zxe3>Lrnf|z0Ha)dCq&N1=Z%XmKMp<nwu@?E^|Ofx`tH+eQn+FlliP+W^G~j)m@(Ld
zQa*@$D}plUJn|Bnpjy}LJ5g0c{)i3{5?I_OajI(+K>8T_Yy=jj?$B|DU`}`?0-P>_
z3_$ua`#q-0#9JS3@1qd_(nmWO?t3<$G>3DxiG(d^>AMJl2vZg1h;FnBXmkPVxEG#&
zS1C84<eb{bRXxuM)3C!~B(pqs#exy%Lc$A?V244XV!I@okY2vUjdC6_JDjNS<=nRb
z(su!Z^z9TT$nOx>r4PED-&T`rLwKCXTT5nX5F?Gc`%P{P$3tbCXYEeO-E^x3Q{4%V
zA|_j0Gt-$<dh<jbo9bGZVjkYN)Ghj^%orG+cu&Dn3um~cpdbpLg@flsf}UsrY+28s
z$w+8|Qd~IyjejwL$#co=q_m;=(8LIVJR|$+J=`~Swv}^vj_K^S$+=(5hPE%07BQ1#
zezW@+8ZKY4*hD|ECAJcqSpJ2m?lSlyhnqwZqTf)VJmq^83A=Rn&V3J5qsON}SRkVL
zkgA1$6K74Eepj8j7{oWW8AW(tBoHw1Q_K$lz)$r%-URCL=0@j*IJT(^r4p-62p(;v
zlm5apX6lXnITG&I#+`8z1(??#$Z5-;_Mdt)u&A8FyCzNxUc7(Pa3|`0#Y7*D78ya^
zBS&lSBK<e@sm4TN-1UlAA_(z0E?wlgm!+mO!k0T`Aw*B<VJpF|C>+^7Whq5T>G2Q<
zRG5k|onkhC`}=%vO$tOam4Z=v41*9ixgRuCwcIrIoU>u*FjNkXFQN@F`qX&twGh+P
zhWk?Y>5cAO$7`+|LNC?2KIDBe6ds<IM>tWZMp}gq8O_*@4bO@%4~bV<MNsJoy5n$u
zG}|yCw8NUQCx~v%S+vc)6*%he6ju2DGCL}2#jnR3Wv(a{g|pRJhG@hdK>qdsHRE-_
z;%^?9ohI7nWL?<WSnBI2K-EfPwSSAU?aCMR*~uD#s|pqF>ZqE6$b*N~Lw+(os!HZP
zlEF@lkJ_gSQV%Qknd3Xdrh7M1;Aa?KlD^tadnt3(0Uiu@8;t*!`dq_0`VI?Idgl%g
zddS0I*!;DF($!EiH)+_LgU+U=e3xC<3*T>4@OWX65$2I4Pg`mzV$P1?N;H|RnB2EL
zoqL02kR-p?f4@z)w<*-Vl;IZ9%SYuQqb6HehC*$_?VWtxXpe+YX?%3d2Pyn%J+Ds+
zef-X;O>w6`7daO{XtXh`Q52n<o#j83X`j$-zs~oBJTWcun{cPu1x7=Wg&^@WPahik
zUhbcDPgQ+XUsGOl)Z_Tx8ku`(QkV_z&FdI@Ht?%%UZYphXQt%v<`1)Y2^?;dq4<%?
zjbBelc8%e(S-3bjNKN0+b%J5lOJYL~vP=3F=sPc7AiLJJ(oNbh`5I@BdZg)%lpm|6
zpw<{sYINMGZJ{;)=b2J4D%$n;bef`CCVk>hd{U$0NNiZKk@ocDB4jGeBSaY_P2MW%
zJ!CXqtOdTbX9cp^hHPxsNgK|998b63zQt^uni8vYz((--Jw`7y{Q1*}i+F3UkCDc9
zKki55zPEolCO0=kr23MylB%6g>nvl)>Pt^s996ZONZqs9IKJ>UF0F<R#t{Fq%<@{R
z<y}ESH+V`Di;{b}{GE^9<3^Lw*pVqMz5vyC>)tu2-OH%C3~XS@v!^IpZ<{Y&LLG%u
z2Hjc)mep&|?y@^I>vA&O`{4+G=P+<liYQ-L#IZ7KeE$mEH^6Q#itL_3F!MHBp5kE3
z!>4v~O)>#*B*L$eXHLH*3mKocpPu$+GIsY-m^VFW7sSHIZZmRpkbOSar&O*qVokX)
zWR?cU6Pe3lgc-hXFZyCj@6gpJ-cQ-ONb7+8aXPF#B+$U6YSZN|d(ptQNwc+C>MI=J
zO&3?k2FA4u&lJ{MruoqEkqvS`i(n=bXItRL(zKn@YAck1Mafn;BeAT9s7HEf-5q<o
zI%E8!_D>T)tP|TVcJu7Gib=(UDoR<JpKGg(+zlu1YM(nWo_}C(rMa}9m<pni%3NY@
zr_}1`WP&Z8&+EDxKp0cg)`ldhO5GIN3DnZLf16N+xb~J5r<is=P7#gR_S``(rlrX4
zpeD@5;Z&3oS+Rqitw0U9&2&+N_^Oy|gglP$)Z94cb4TWx!<0|LY<UNR!v=4OE5S!P
zK_rSQS%!AfM&!F|xvVkI>j+yO^qS|lYxwt{8R$}||7e&|9uppR^`N(eGDw8SX~6y7
z8pFl419eGQu}|KO9@V!rZ{j16bdP$zyC{yNI~#~qoWlz%Cn;3oQn)SG*-~#5c4l|p
za4}E_k20*Nt=Nh&q-yC_`QFuH?$F{!b>_2+alVda<YX$A!(&{Xr{_tyrRW^2CA=$%
z!wK0$quQrZ9aua=$6&N{foweK{y|Tbq|C!iI={rs-Q$V1sH4>OZM^-CU4x>tKSGJ3
zr>y7oM}76sWiz2}s<4NIu-Y5I$al_+obrx!2B(PLW=D-HDVm4UoGB^Yy!C?Tq}_|e
zWQ%W9b$XOZW}(KZp<O&o+s&1ZcR0x%jqPf#kUT0JrRc)h$z{=WX=LACb74_%5!q4H
zvI+>;bh%fSu6{4a)SyWcT)lghwQqe$|7}|+&ZG0hZ8$d)9}CP6K-XG7s_GjVvFN<$
zcoJSlSKO$^+$a$E){mc}(`eFFHUJS|bk;n(E-0K!YKm=`zB<f)aj@(1Qc_~r=h`5U
z=<W*<kw$7p555nlabLV?8@KIjsG7OjMQcMqnfZ!Ly<=f0Im{ui2<^aZrn+KElJ^4F
zNBT)?I2Z*}?5Hhd3<*^Ih`A7R&yiv~(oLO)q1Yi`a>{1tH2Uz3CsP!Q72Rq6UKoZq
zxiwrVR}Ryn`qnFX3<XCvr$(8g>q=;iLJg_p-sNHt-rk3HO6Dbgp}=tT^VS+~(HWf&
zowksQrwY(rFJI0WB))!Sr7<;%!927)wYrFUf#p06eX+Casz%Erzw;JXdT$}mr^SM~
z3Ta+C?oH&Aity)^*>OG}%$9G3=fmfgy{pW=&6<+6)i={GwWkVT@B5d19PO{TCaQ80
z>@|(#7O^$=7Y)pM8fi7ig6q%osD{&c-Lt!d`N?^LYl0v*&Aim$o`Zt=_5!ypG~?nn
zTE~B7ael5|&&lhlgMv^L{Hw_nM{rxFu~n$-O`W4EJ6@N9&VeIG0nBYT7lFkM;~<d&
z>F42}7oAhLi-eYNQ`0wZH1Tv@a{f$o!_-|jnu>S$(uG;SthO-T+tfFA9qXqm46h-R
zi}knBs9qocz%7L-uF-X|kZXDzmwkD@n=rx_w>1mApA~#yB`Ff}cMWFLFkvpPl!djQ
z6J?>Bkqht3z)4K4l!5J3p6u9cQ8o1ObF6zi4@dh+d3e0D?}LGH;RhBikI(OeF_#%b
z`t&$zqIpDO`g@sR=B`&0YLJUTh8X7A5DzDqQ5d1MKhF?MD8{9R#}$tutbB6!HI4}j
zW5|!B4W>G^YL5<NnyXNcL#b@YT%?}J&5zSYlL=vDLMO@Uw!T~^ugi8|0$s#)o)9O}
zHQg0_6P9L^EC+A0y16d;i3}-NUIP<|_a0~O!S~)y&>(FS<?r%e#49>21?#ybL{`U+
zM$&Cndpn)r;UTMA=z?i=7E8mzFy-vwfey@R=MAg2-h^F)?$*u~M&7;q;nnBKprsGf
z;a3^vf5w)D-G5F!yu=?Kh+>Wa*HdLrO4WCSF}mCuviIP9LMVp|ZnA}1Jh?*7tZ#l*
z);*YaHzDvk+Qvnuqb5&zyl-{*$v|&5#;w|oBJWiZJA06~NEAZ~$f@Vl5~y~Om-&sR
zqn{2cOkc=T7`ylshK*R?GfTUtW_`uTrn7|ZNmGF5I=-5VMm4vh@tbdDk%RZ`6*2xz
zW0#W&1vd7@G%G3X4TY#;xdd#>b9vp|iOS;J8j56-_0^p4)iP}7V;ls9G<yW2xI}E{
zL<FWRK1{YX6w__V+}s{?_=tH^FWh<AgqC|M+Hs0wC!6eiYECC+$!192f9%`fTwS1n
zYR&8rahq)fz2=q1vHW^<bG@02A>nPIdB3IGp9Y};dumFNP<x{Zmj_kY<?78a?}e-|
zM+XxE>Hy^T$*Vgho*Jf4Yn!O)JaqHcz`F-_=qP$RbnP~Ew)PXNuERP4Wa{6Va5RH(
z$EaL6-9XDV-DUids?6s5hd2z^ebhm?KqEDsI02YUEcwe_AggO1ED^WJzcn#LlvjV1
zKGOwE;agNoX)wYe)i?}8o}}q4r!dS!x1G#GnOF;+r;i_Tp|5CNHkVm4CCYn&e@#{_
zGv9ySVujf#_F=mXLk{5taN=(w@1PWbW704UO<{eTZ$}e}KD;847IDoGy9^~G3~9Gc
ztT8P2sT(djyH%O^Y_<y1Q$l9cBxBG>%^)rf&wHxqV$S=e!K&E7)_<p1{i=ji9ver*
zgT&-AkG6&~uO;30gOcJ(2ZQ`beisW@p$w`=Z%NYLkHQ)iRS3NmPswTY!fwcl*=Mj=
zP1%f`79bL}?QHbCO6*9)XX6vYBV`*o{DOdDq+f6Kp^|t+9$`q7^{`s#g1=BPmA-!Q
z`(=<uriC(qhi69d%KFlsGDng27;YI`Tkj#f-c<+vt5Z9E9$i-*W$MpSGl`#3_&_=u
zyc_RebJ1wB=S^z9pZA%R!6kpGZmOQQZG;o+Aml79GwuM(MQeZM#JdVWB@J9RhH0PS
z^s<z_=Xf$7&ObEEB}S$)d=vj%*bN2x@9Fs_n{loz(y&5MZmAjCq8J-in0|RlwDq=&
z_IhWNSVZpqqtLlio}tueZ1+8NtxpC1x67);KzF4o6S5uR`Zk;!X-jQ1nG<$>5lmWc
zZY3q&vq;518T0M^Db2vfQ$o2@xgaPz%uiuQORKI4jk*L|#^c^ubmU<p&lWhkE5eJj
zeIQRMu9qO&sg#oL?2_*)L_-;7kf7qwrd&zG>H6VIfZUz@(&%frQ@T4{2XkVL_e#xA
zD&?g+%hB=axkmfLcU~O1eleQVAD{{GZ+<ji;^CXO=3&%%#{s@|+y9*C%cR>4KLo8^
zUO(BGv)EdF&;=$MZg<{t_EuaeQsdci(W)ai4*qCdBwgP9rEU`QhHcM$xC39HfC!tQ
za96&tF~45BQ(*pNz-){?A-TgV-mBHdhSt+njju>_-XqaIVC<STcZ1?ay|*6$UtqL9
zt$`S_Q39W6gQ>9IVX>q(o89-+;gLk|n97F&44JtFXkeKc8xFOxav>)^!(zfNeWG~~
znp?h=hg~_m!sHI$+qKZyW3{bDDXp^Y$cvG=`gW9@M5__3+Y0I5VAGLg01H3{l@^ag
zU(^bo2c2gB^nvXBvu^U|(H8<rwwLa(>k>#L_3?ZPNG6<+?2St+PmnVD`1u`Av}?qi
z{d&>roes;VTZZ2nmaSA@)_>aP%c;1Ew<cfa-%75eUo&Qi6OcJB->Ms*TJ2uA8?>`W
zQ7n~i_vp4^#iS{rs!g8Oi=?}UBWLj_8)D8Fh58zH4t96a`CmH7vt9BT=8=J44@gyh
zj{@Ue9d}6!w}ti_;T<^VbYHJ2CTk290y}HTcKFEiC}Gw7>vyWM<>)hMA882`%R1S|
z=f{r<>0IfEH4YV=RhG<}h|qpL_sx<?l;fX2!z#sO31_}$bn29#XUxNYk#z5H*ceaj
za=ju3u5GNPGn?SRL`s%&jXIvt+9^3IMs9_jB5#d7L00X?)`DWPw%QQrSx#LnPwC!j
zG+4&$QOI!%rD&=!hV<Cb)QoyOe_nRfdW-Vmnb4f<$lYSn1~4v{lLreXPCI)hjJCr@
zllgOOukK4Y&Y9e|L4AciJMm%Qy=n9*O;xR7+medqp%Xcib6?I$k_W^QPJECOzpi=N
z?nl@s=YtqULH6^#B~vdFGhX5B3G^=-GkW;ibPTVL$H{0BQt*-0dC;~z8Gp!Zky@#R
zwa0bGX>k1E_9z9sa<ye(M{-n>@W<%PU4a+*jy$$=0?QOjl%@Q!321S6r|plse%Coq
zrdG!(M&Xr?HA+wi-1K;`!6}Vj8&L3oHE2N7<pOhBdy4Q3fjbT{ScUo=>ny{%G9<}}
zp?}EaDc3AmeZ;JH?d3%W<tG_(4?f4@89w%&*=YYN^0i}2qz_uaEZkb|)$3SgD7ij(
zE4t@X&!_~v%|J`loZ;m~1F{D1l6sCNS^OX#L{Du&r;GZ9o}RS0&%460_^sq)xEnV;
z_}iQhhhi=a783>r)nL`#=e7|!OWT{TkrYapoQtc<D1-3wmq}4WIaPtYu3piG9V6Of
zMw3s1hnvLA%a*>5aec|;D2&>)&u$pSK7T$rhN*5kvh%PZDqdbl+uiCk*x3v1$63FQ
zf3s=TSSkD(fGBG9F&tD^d7a%I#JN<grFQOt#wzNZ)LhXGJ9>^(6(;ebc)UWSHR-(Y
z#3i8;DyrHdlJctIkZ#>hnclaxQTB2iFHA!R9vsF#zG-P0V}F|Cg%FRY=O?aWZdCCD
z^+qRi7g~zy<dEVQv{+o4`tZF<nRRopcxtI#m#Al7B2P+nB-n<`I`?h#Yh#i~xMMZy
zLu)uEBJ-Rc-Ba6-A>lo5<&$VL!?e+jxVTij(|CpC*4GDL=}f$JYt%3^XbJ#tcV(7_
z$=ZIr9X@SDR%cj9X#G}bg(4V!lJXpLRxTzjfDESJ(h(I)K+F--B@lRBgaKFXUc(e6
zuPxloznJI-7_(cRTrSJ;?P9aVf+2{eV%^ihTsCRkQP%r%XAR57U3;14sw(i9v%ti-
z`3@14WEn{sSkt+5uGn-mija!KKF9xP#Ig#frok3Dab75nQd}}`?OsXngu%Smy5c5I
zxL=+`mAlWKfMP;9`7cCl_CnLxA_0<D&+Tr9hJOO;DX*r-6Vd=nRndVAC&kWb=_d?1
zJUCDl+>?Izj4?9tb}nZ8RyF6li-}=^#n!5g_pUrRu-dRa*~RMZ?kF`+DNfvXFc<DH
zPc9R|&LaTcbcWy?^o}J!aFAzueW~)r^?a~=YD|c=373lM!0_67##613R4~dc>lLDn
z3m<&sT_xG3WJB3|f)8e;jz>eK&^Lf~_jSUbM<_U)i>@0n3E{9+&z)`>!p7l4L-~d1
zC3QSFm3iN1Mxv@SmmhoW=lOFl(W))!=3(+1W}C>_SR&t7WUEc+3*DgdIG=ylFszbJ
zHe`!$ZuS}@PUDl;8(~+9RIbULC}v67mli;^5~t8u+tPbTGi-*r6xa2o)TNkMb58lZ
zsdqLyQ0d=8;>bj?r=H!$q!o7{nsHjx*iuKE*2$OFLaA(`>+IKcq$a3}i{%HSOM<K)
z^A*8on7O0r<2j$(Q1f-IHj}`nuFgu(B~o7zjo@1*w<_?s$8Y=LJ{&{Tedo5^P58lT
zWgQDoG)bKw{2pB~?j1QJSHml&PnG?}VToc<f;^QjtSyCP`=F9c0YCBHO-t;jILa8q
zrk$EGU)1gmqL7zjT=!nSBhiuT$C=;)-|ak#KRcwbBSQ4+<0!wsvE5}+MZyH@;wbH%
z;5%|($kNH^sq3%28(ACdJK2Q{?itK;{HV%oQk{cT)=%3XYJkJc)ZOv=8y;SfkI=}D
zJgT0NBMPZ0vUuENzb<CPMisF2kz$+TXrl-}1j)ZJ^>B=^!kaq4Pzn2V;U4C@%?a3D
zz0Ny~x6L=~-V||^y%xaYDSUe3bqI^F(Nya@vD8E&GL<_V$4OLy!xiJormwmtV-!xM
z;|jMd$vDZzyI@+RPq&<)WR^`;Ye%DCSaGd*Mvnj{ZzCvW5LfPWV(pcH(T?l0v_2)6
zT}G;_Nk&;ci{MuH!gB38v86u-_VQflhsxMQd0a&Uc<pII^GJxJsD-Owbs=<&1oiH6
zU3VS^<#duTdk-fwl0{gY!WgU*8B)ug&0BkyvxfsCUq2vnJkfj|o_fm5qq~F&HX#R%
z1qRo9u9GH;b$k=3a(#j~&_vK_2@9do?d<QLTSQ5Pb$EO^hZMOK8KmNlfSG;VrMZ&O
z8Dl6XR}~dyvI9E1*Y{JdJ%e?T$vjKHZ*2}I7YrvXODf5!C+nEU2^n*8<1d*c^k&@6
z{OUjc-O;6>xdaDht+KR~@xH>*op8fXl8Y**>IShZ_BDylZ2Nc8;QnPim9M=eWYQ;|
z_Uc#nkm@%I$UMkv?qTfC6fcdq(!7Pk=HNnIIpk1eI;u~wd)jPW+r)53G`ab5bf$D_
zstXJ@Jq@M?<7IfJ3FC*Kq)$Y#Vl|yf^YvzWwPA@e+d@)IUAeZJ@M#OfhXLqYSf*}T
zreapp)iK5@Xnmcbfe0pt)83_Lfz3_bxMr9sYml?j+JfE`bYe=Kg1hVF#-Cmrt1{f!
zU3z7>*e5IKN&guKHXjr1KYc}yZqD^>Z>PlY!;yCLM*BfS&h>M{B*~qn&C|<sX50m7
z>PM;H3adu8#`12o1^bjp4jU=_NFx3AzyA>P=M|YHQVx~<X_(?Rs#qRFr!>xAI#+Pk
z`i`z99{%6oZS!dC*;N%{@az$M{_2sk%zuumDES|xDoU^coSnQpKyw{43Z-R!V=GGh
zCLc4v0GaMM6tMDs5)$Qp#sV}vh>a)>!T10w44}A<QHehz0m#^~1UPNS$KMkJDBiJr
zOfUm<#6L>1fK2y?Kv_A-KZ!pBWdVr{0xXIHHrO#>QQ~*NA|RAOfJF!zdHfATIKDgi
zpFlYPWc;J}chI631W1E;X%eacNG2%>&}V=t23UZ{z%of0zy_27{5~m=-!VN7r~!ii
z{l;381)%_E1`vV}ZB1GnlBEF849Zj-0_j1bG{DyZBpX2Q0eBh2bc8U3fZztv-hd29
zeSr2R^D{OiLclah2~aJ^fdJnKanB?G?GQ=~xPuUzPhRRcYuTR=LTM>L-Gi<q3HW&c
zNhdBRdmJn#2l#G)UndVZa-f`2;<8%5Nr0XvsS09B$N-!ixPL&L1Jpc#S(E-L%Zr1;
z0)U+)loEn49<$iw#Q{1IQV+zI1f`UQ_<cZ@mxIuWfC&ez0TMxx!A0djR>y&$`l0)k
zg~|*<#bkgi2Qld&Q5K-!Anp7X3b1y7_XgmD5O)y-OF}F>Aj^TQK{@5cfdn{$;t)_y
z9<bjao*l$n1T_lo2|)h9d7!SJOg;&y9splX4p=LwT`36&SqJnW32Fr5>d6E10kR}0
zFodpy@&ut0!1Msv4lojrV*_F!$Qy$70hK^ZJ#ZHM|9JrP#p9D=V!stk48qj`y+MFc
zsMx?@!9gBkSc1|^0lfiH3PJ}06#!o4aV#-uK+A)g5y%uogW#D!fdKmm&dLL5A}Br}
z>`8;R3dz9SAmu}OL6W4j7F1CHCHPZ1t~N*lwgfQ=0Rj=g0DnrV5UB4M6bS;4QGtLu
z38DJHd2x9N@(HvA>J%gb)dv;vH-Mj<IKW<l{KX|9y8su5Di_FdP+bGQAJjYmW)NZm
zLVQ0!DTK5jE-Cku{wNE8mOzFmgus{q?h%sY0q^pd6$vy8sZ?ANDhQMdq&px3yelwC
z8PKR82||eii<Ogx(2XE91o;FqKsSPLkT<Yjr~w~mecYyismn?M{{;#rD+x3UWKdn8
z#v$v1D39`DKlKR;4KXpLfd_&rMFun;AVd67ARadiNIQ^j00a~;AfaXmNn(&P06kJ3
zf*b-x0?R#?j@1XTNTHZwfIkUT0_@@VDiWZ)$2tIa1zi*b0xOXP+65B8g&wy;2&o84
z3l$dJAplMu-<q5R#N9lWfQ8G7s{-Xn%R^XFz}bYdhx~#Bl=N8Bz&Zc|6%rtBCMW`+
zwn7+9Imq!sb|3+qB9LVzfm;T}mjlfb5<x3~>K&?_V-egjsAw4owhLrPXF!4Sl7Gt?
zsvGED!9_u%J#J6Z&}~440$GBVBn3qVO$JIT4Yfj$6KHi(00s#mA^{Q=s12YfL1Iu0
z=%#^nLJbEHBE>+30#!&#Kvn=~wty@PDFav<B+5b(1cC%fL7)t1PLMi}sha?e3oHZZ
zKo-Kyf(t`V5o!&P6M!rj*eFngtSsbkAfFDj0xag((E!LOR83G8kZs8x`#)JI>2X}p
zGC^ce3K?KXz%|JI^yrW;0u)c+JC6-V4sc1qWo5;n<_zpg8fXyQAmlS4h5kff0{$*Y
z1(9+gZ2%W=OdbVI2Xftzmj*p6q+y8u2^l|>3LrY=AYB3$EI<}R*AxdX?O29lLwyKH
z3mU696bkN10ty9;P~a<|ql7ppFF5|a@B1GIXufj1IQvW!27^9-HRO{0C%gEB049_F
z1R)s8@fRVQ!2##iW%aYLf)3^%K)`o6qkRSjD~>&hu^|95@r?_nw_q@Guw#n60jI@1
z`zj2kDgN6ozHcKBN7ZgBW0kr-P<uVOAk3e7PUCSae83XnV`LWjid>MNXGzfN%gH?)
zY&kh%EYm7|+=ew>G}zc%uAagcyQx1SPiPbOi~%<>b>&OAJ1lxd4W27en~=nJD){n0
z`MW8w-|ik<LbtardbA;WR6CB{DL-0Gaj)^CKF~oPES2!?u6zr)3I3HKYW+5hQQO8k
z!AA$<%KIa=ha+W21E|9RR|Ixt6}$3jY|OHO&ML6G%%f)KNWo`CaeuoIbvPr6of1tQ
zt@0~5#3GK?5owtAaZLM>`O|~xhA@iVenSC%etthQET;1agPlu51>ZQr9-gP{w4waG
z0A58ONZk^1V!@~Oz=D%+#tzZlc*ID>F8vDrs;8C2Pd?^x;9SM{2wEim)tq9hW+ery
zqTGY&sJ-zslmmxeaLtPsy-njz#gd4#h3hCEdWJr`^DgED!6!Djib}YkMr%#}_^iV?
zHx+vZm*}{{lY6s1RYC{*2cor@jZel_L47g2eob>t6v~(zYu|jv;T{Q(mtJ^Q=deXK
zuswp;51wPIidDw?!W&H+4KKfSrsgV*&Gywt1Z{P*X}C}$_h%mQj-!qaADtj$@*t=b
zsllS1StnViEUb()G(O1?cg|3t_8QLIv(-Guy+m_oo7lFeh$r`n`oYeKyE#@Xo8C+L
zfwL+8&cIWX%a?DC5$F-WW>xepst7vRxwvw{QlK?2zK&AEg^_D-wsNL%rY`Quv&1XL
zlmik4`4{qD%~WaLyL@oQC@MwPy?_JXh1fOXmRjryiJ|IGDi>Rc<MN-;c6Rlb2CjW1
z$}|`9i}hI@%cm>`$v$DR!JE1DlBVxRXb;*a;%Qee%C(w%xP)`bkSPjmuUtxlHMZ${
zDj64Ay6y|hzxR@S{P?lU`?cKqX_L_k54$D>n<bvW?^`&8X=57xW+|jz9Y0R(XrDDa
z;u5iZx(K_~JeB-(-NMhDn>$5hk@5z^Rj*Sr;@1f~2mSaJ1zWWGXOg(YT?8Il_cWZn
zvhW=Lew@W4MY_G}D;6$oBLe(G1{!bu=brl{Q%PE;_E8eM&^&x4(df0TC_KJi7WwYt
zMH#Jnxm`}K>-)I~6lQ%sN!ik1prV|LVP&IEf<LxG>l-C?%kFtIaCHuwcLz4<n)1wJ
zP1}nDBi~d~)$gN5NN4W7SxU*AOb%_(uucubOht)4`9Dm3byQT}7q3AK-5oM8NT&*d
zbT>#2%?Kz+NjC@#B|Vf%Nl3@gHGmA#jS`a59S$WR@GjrqduzS_Sc`l2Ip^+u&e`X)
zKc6$Qzwcgn!<E1+IZML3?taf6%wvHYcG~Rndk$whsz6x#O~w_950X|ug=JV^pzB7B
z{+l?tKA4{K{fyJ4YgHvroJ93h==W?=%8RJVM=-W`y*{QA73WLAIk+avFxCF~(DFOq
zp7h~sbIY^z3|cw;uxgEH8<tV~-4du|F{{8Z^EQ31(ZxustiVP~)-Ytf!n83P%l?_X
zf|+ll26Iegrw`LE!&$?9S#SZQT!J5x;xU>*LdSo}2(K^pY*15sOq~o4i={Rcw1N{p
z?aI#V&R+iVPt%WKj&S<$^OJv*IC2V3`9#dpLGwY${XRC#&~6vvsbLdcUEy#n7!!PY
zESsS2gX~5H{;1O9r6f_^<ijV|@=|37jA<zv5Dfo;hcQW(cemb5xUZo=%n2&d(9gI}
zop#tXPNaMcSzx1)<bvn&)^&U0>xRJ}dRp_xGX$d%A`^yvl10)pG=`?#tY<t=dAaEH
z)=bgg3=aanR{x=dBu2*89d*2;2u)A*CagE!xbP|IxLP>mzI#yJ$B25V)oop^m8b8X
zFJWwa(WK}Y`p1|Oig!PCky?AOy|ow!(P!9sa$N|7(08;4`F<1-$?8ZKQ~2pC77mM&
zz-;Q36{m~Xy1Lx@x;vx3s(7m{k1XDM4w_EPq}`v@w$|w4C6s6QQ{d=p1X8;K2QCrR
z2A`H$J`*V0c%7Ppg2Qp&krqs%$_VXgnMq{%U(-B}Xy+Bis?(epm7wmk23NCGq&EI3
z&uA|wSc4!IClkp=qBEsBDPVtr!szyki0ove*6f&y(fGM@f5<MByy|GmI|?FSC*ggL
zT4>R@f9m=$ES(B&U}31*Zx10nXX#rRvV8ZUSVMn!lez*YN$jaj*P!(YsOOE!gJb_C
zj!v=c-hagR#nT`gj5nK&XRW6n@r_-k_3z&2f_qc-)csyKA#!wPp@P_2a)#^BHU$d2
zS4jYo{rUJUh@3<?6jBNK`Y&f`ZS!B76ZxlWu3RZnh10duX-j}GU9eU_4oA}1cs`Hp
zYzIjsoK#9oA;fZA+Aj(v%>wpk>p2R|una@G{vHV4c+)Q8m%~k%e<}r3a`fYYztW`k
z?$3EiYsc{po|cSez3?6w<mM8K4!BrPk3-UqCngQ!eGjc$OQ)?1pbl+$xBNiBfeI&>
z_SF1iQ10R~j0ub?4Pz-)bR=1oh?EWBS&Q7l%qK1yBR*dLo39$3(ec{&VOHc2L)wHY
zM<7<!XeTUaFLVFBT>7>V@rEWmh;S}n_OR_dyEQFx8OG<sx)gM^zj*xE94B|-b}d=^
z%qPxOGwxex%Iw4WzA^^gS#52?kOEwhXDP|c6@Fl-r-h{)uxKCKIL$|5q~vi#IDGWc
z-$WOE!qV$C5E%S_o}Su}<<td|rd;H2S1^ZI^+{c#5_#%%P+(7lu#e%unei{QoTr&l
zGY|;Ap~zT_yD#nNLy{OH_C5cj-<@`&^I-l_6&#pvT2**vR9GXsjfS>Ev6eM!v@SFX
z<>TejaV>(V?DbSri)VwW40nC*>XN~aA~W`Z$+v$GUG_7Wnk+L)$LQ(Nxg<_XjqX=8
zF2409Co}LfQE@CDu||7hj%t_!ls;BhAdv-Y&&eZxg34UX^kn)XKd!y=VUQpyIPJuJ
zRQDpd@2z=7KbAeVG5_Slm!9sX@}A5T12X!?)GHG>vL=zTCW=rB)vfcuBn6uB8v%v$
z^O0&P^M2!jmgCodfUBmea01e{yo-j)s-2hGCFd4|3#hWq{i}OsyX?P@R~^pCOw7{x
zcu6T=HR1xdy_QK#sf3#4wI$mT%N<fzKjW+`5&Uy8#<KizwBh>t-=6f@YQTu=Z&a2$
zP4qC|F7Ze9$Znmmlz8WTg26m|RQdWxv9eVa1oeat&G%>en?gy8sTIOWsjC(_)L0Fm
zgfhb4lz9tzObkiz_-CPVBHjn{vKl;rJZtG4bvf6G;vYc|-iCojr{Ax5>(U%-TrORj
zIUQL3TVz>MDerSoGWI^<g)4H=+H?2uRH4v=pR>w!6Ad}Hgm<TakysI`LZuuCl-K~|
zIXs+$l36VDLxY)J$IJkB<veP9%Iz!4$EkccDe-Ky{a#q{XgnKt$FP)~m8#=~rQeEo
z-za3AHel{&2FrKWDlvtJ%9|e@eQlt6vPHXgB=-n<7XyxmjWLF!6!_Zxn=HINN&B(o
zdrxq1sB>bF@!&p|S(niini$Q;vh3A%rdQ?@+XzI3*SYx_cH7U}_=~;s%icFjV9uOY
zJ>AT~_9YBD(a7hOc9Id<G?p+2>}4_IpV0EXoQwT`_4j!>13TKS<rxSxIfE9NJTryN
z+WhK4yJF-I7Xl%qEwgCJ<DCNP(56{yGv9QYW;;u#7>#e$5Iz}^_*1;0V8oYz^rJSZ
zn$x!9t2p8C4<q{#h>9gJ@~`vPN<}j^bq^>TFH;(mIF(1cmI3u4x417G`EbgBiX`AK
z*=4fS)`FDJ2<2ZDnnThtPV9^R=$UDy!~54~O{rcU-k+rC?1VW!DAc*{d|djINg5m2
zi)mW&xaxT`_NZNZ1#`8Re<OzJIJ?Hdn8jBdTPm7a<CE~v`=+(R#e`LbBdh)R-?2&H
zJCP0qM``G8yDMm}Gvo(ywp0k~HdDw#mDbfz-jG=b=~?^Ety9g$HW4z_*P}9Ql`?Jc
zHCqT?nTw1bi}F|RrNBnIP2<QgE+we}n}QL+_Xu{?67Q*N+uxZD=I8-oi5JGO<s3-z
z_PCZhI6ZTd@lx#Bl<32>+&9UZ@r!=Z5%V!hnc+xUj#2hl_f?DUq|?Eq`z*XKFg5pl
z!DWz)^pNAVi&pqoLiN=nj8_)YhXu$qOy*lW%OtN#vfzepIoD_NPuHx@CC2U_7RTCk
z-825~sT&>P#o(2es1xby>7O{&L-#r&JSsYOZGq(~#gS0%klc{`i?vk7Ea_Ypd%4}x
zhJm6#@36m|&g^5tmhE9*5S}HL_}b^S$(ayeb6Jy^C=qTAiAn`|5j3K1PxNTUs@!lk
zmUs?|&eI1e_!qk@wlIewGjS1EOzP;oZ!b5r$f>Kie``4%zgr0O|M%CGjpqk8V}|u?
z|4-7{S^9FbjQuzUQPSxemEDizL^E<|F;L8(4BnO!cz9EIIS3x2Q+!glcV4wwutlC$
zVQt(4{Bnpd`HOQ>53}2L4yO6*AJntm=K2>3HV6HnIkA&t+fIrA=C##%AK|}XTW@jm
zqE7C3f%@(iW3_Dd@v%7MWt=p&$JC2MRP8uiF^Q7~Eoag9{f*KS4^56vQrJt29$E!<
zu2wxb)%0ksNsCuc8B<+HgHVTBtHUD~aC+}f!@92macJca&*sNhC--4A_Du45U<R1b
zNYKLsBBkKdok=BVhVWM~HViu+#1j`O+&OldNjb{K>z(Kojih~DcmJVN#L!h=U>H{5
zP(z~&a<_4_Q1&_p*Dv)FyX4`XTvSuGb;G}n43`geK##4Q?sqt%xMVMcBkN1xskxvo
z7^kXWJdybi)!&RIO;S%ZdP%8m7pTx59F`J9?DVL8bki=yNWAZF-U}o!=bZ3MQ(&w2
zh1x6V$<ZwaP~@*GksBte9zRV22`^tmk`iRMMwaL0;oWxDt*5}47pPx)T+epaeqH=f
zuuz-jMYV13kT7G&8l;k!YogMZza{#6=J!;qZCf<6;m@iCb_Etyt+Up-bVYK*2zaxi
zS?jxWK^*vX(+0bwjE)3vGtbqmRq?PF-t4_P0&QuWYSxN&1^IfLV@9!1R4PMHvn!nH
z`}pJd*XEN?q6dSRgXx}IrWd;n{+Kyqf4$Oj#<piFtm4bKpTsjNJSK)Sq={>86)E9w
z>gRg6D0v9xoKTC7cneR34g7?TR{Sddbl`feoUj3j)}cSGm!^iXr;MN0{k}e566JWq
zgU2)LB8^l0wLb^NH67Cgm!5?&Js@hB<iDR(l&&Z`Q=l)K=$mAy_Eev(ygJSelw!c~
zk&u?HuSY_i*3&_hnNtISS6u6*s=IA5Xuo{PRd77#ZE=-d6&p0u5}9-AYL-7;UjN<C
z&tR5{(5jCc<b-VV!jsT+vWc1ZH9qMQUilN)W*n^`UsvESGMh5?R|Sj$;k;e0k2|W#
zv%t-TC@))0x2hpDANU)yD8Rd+$;dqil2fRWy#r(x!_qe(7dL#b;wRYUE1#Kk*U!hE
z=||efbw2uibBuiZ$>J;Qd>NFfnV%HopB=u6XABj7+OGBcWx(Zj(Hp6^M|OG61o#N2
z_XV^`Erl8J`YqFLCWK_vp|NK(E$;*?U6&RrPx8!oYF1<mBDY`cOa3%$jrfVT57SA{
zdne(!1{|=<#{}sM7DlFZ7J4!sq&%gXTtMrrJUOrNxi@7>UwSyxmzdnCE2E~W8m|7w
zw+u8W!?Gvp)G6~@JaV?+U4T!(U|dYr;|jYdYI5NM=T(gm2v5Y@R<GdEp~02=-#r^&
z7^&FY<sZ)&`1TzLuHwx*f|!z=s9@doOmJ9z$orx%qpeOapNqjq9rm21c<A%Us2}c#
zj8Mvam^W`GWR5^7#nQjQu;SZL*;Q2<(G=Y6@_>&RS0{<-oc$;~9UC7nGf&q)3UthE
zp~f_ih@Cjhfg8ISNZRUohn+WS^T6?G2HT=zGrwPgNN9OR(NYtb50}ab%)=WStYyXW
zt;6wxr2ULIUkPnl9hLSzdd<KaapTx`C*^1!qu&~>nJrE}?~|R(lw3a3@-rU4=bsC$
zg~L_G7g&f!t>V6&kr~5nY7^7OrLAyWc|`ll=%#c6dn0N{DXZj7q2V%|^fOJ-bwyOU
zzd3ROY6gNdhsfMqUTh`EW-l}yw<KE_K2;#VOKvN|>Rvb3S)6|xP-QRt7JgoR(%#IH
zsHzkX;jw}Jq#=InyT*j(>Z~1dOX=@!eCp<7WGV|ql~uK04$L{3w7!0{>#g2*GME2O
zc+A)@-zhxe#kQ@Y{7?h4VLb6!95q_j)SFPU{?G>=NnRiGt$2~Th8)N5ugRO;fX12B
z(cM8mO}v4gu7MhOR8`v<y|zQ=%(Q`IBl&j^Qk(jkE#}Yx+54`ib9wK?*XT{o)`Rl{
zy$1(B5V(l(M*MX8$YoVvTPFuz#L1iZ8_$qBdB5c4*$f75v19Ih!?6Cbe`yLo-AFc8
z?%T;(N(p}nmR=}L2E4mf*VzYZn$)3o$W1f*gw$@e87ItKrh$uTrMYF0xdmkke4FoN
zFndC!@TUPA_n%L>G;xJIC&lj;)#lmxVIddo!=jY3>7|uk@ZbQ&g!8h#9vwN5K~Xtq
zXrB1>onVv$4_bDgN$IDX(e}&nTt>!~tD@Og_?(dk^q@7)RP7uV_p~$LGaN!sy{d8s
zxuZa0-XNDp+Zz{zH3NN8LvD8mr=2uU1MgEJfkA|d=@X`na5NO1Z?Ebd7gDh2z(|yT
z{46$pS7ed$3*~^3mzS27V4V0C?dX-HqLumcgDV}#s8Zz$w5;{`o6aY9^s{Cq&lOKI
zl+XCyy1TTT(p-=2f+g+gHeQ%ln>$5XO-i&C=3|4%UoaQfz5RnfEKY}>?$w@=W@>AK
z@m&L9TPGv8Q$Ikno?o4wSE0)8_X=%}U<%<5KjMu^THr{zDz60O(@?E(v0t+E;o}Yk
z5F{7uyKchMx1Ktc@ot%zzGy7NTn!Yu&=F5aQuNcZO&eXz?z_rd;Z243@0IL3v*=FK
zM(3=ncVkw$0*N6FTIS;}QmxL{zno&YzL*78F{{K7vy2|LUmf(%xpX+S&vCbJj-%x`
zwQg5C{9~C{&T(^jVrE>#*PR(LZv2}kQAszo*Q<|iXZqAEH=b$ZITbtlY34Ysns^U(
z3AgM@_~tWmkw!%1zDwbYYhQYA%{KTTr`Da5V8+|bd_wTsp}U7SE;ge((@pZ`3x@)5
zNo~5TV60Q0v;srpJDo?iOLoWnu<gNI5ju*?h4+Q1pLC1ld2ZHhQM<pFyCVIMP+ke*
zO9@i5@~@ehVx&x)=+*+U04Of7mLhQbvrKcP``yV(HAl-~?wS2QHH-|OCbwU0)geWJ
zo9TqX1>Yv}y_Tx>ASc&LZ7zhu<g*vUQ-_Hmt0_~#$=@8A4%0lTtz=+W`-O6`e@*|K
z1fKl3exDxFAf;m7fAc9BdD4nZsGOPZd0C~TAEHM>cyk3Tvy5=%$*95R?avNVIhC&Q
zyMt#xM?6%SR%Q;!(#9jwyX)6WY*x3h1~%NCiz0}(<s?0{76WxTY;erw>T{I3!esS>
za=@WW9)n^$Ab$a~CYfIi=+;-f<22}^{F^c5#K4)!e6A3QExf~1%=(}@c<JL0MMRU_
zXj&ylo4=o^eoi&)_sChnv{YpKU<WYdB%S9>)oR`9HAv}nH2cNOsJP&}54pq=U!Oj>
z+BUy%n(h)-e4x56hH1RUY(%v5bp--Ip=oUcS)0)Lheey)ZGv}gQlnp`Prk?aS+^1j
zIMft9X61Dplw{+cP8S!`FA|cCtmPwG*=<-bMz=hQZTmJ$FaOY!E|54}UbumBG;M-M
zl&DiEr`5B6^!>a{@8#a@4lyD3t-GO4mGo7u^pDCpMC)61bq1CRyVK-`1Bxjf|JXRo
z8%#P5->!@1O_Y(DB^w`eR!B`*vL0(&v*YyG*98bK`G=`AELArdD81bXvDj!I*;r6R
z7FI=|!rL^-LvAUTaBp@-GX{;;9%oaH`};AB_3Uz3Ev0diLZss2C2uCvi}l#}ya^{O
z)Mp%(Zp*C6eQy1<@HbyadX!ryywHS>_ngn=InXOJt60aRvkTWQ<9GcA59AASs+ALQ
zxot26{fV)haULF88?t0~C9LoNXjMEQjEnDT?+~%8Wwo{ciBFHx)40?Wkp^PN70Bs*
zo5Nau9}imsQ}fh=-YmjC{0&<wXR2OCGuvMPaIT+MOPn-p8&9u<JD1b4OKvxGQ_5iB
zJPa!q(Q-QyaTSdldCL+N<iexB6}+EVkQao*4P-|^zAH;M^<H7M0R<PGvk7x|dD5Zp
zBSM;zi4!V%$rdosJ%^7rX>MzG-f$Nv;dpG&au$DI6K6jfN%){pfaSqrD$;R82PyE2
z`qEtTm%5*^hn(GWr7KF9q<r3=bNTyeg<>FVE}WHt2p+;PIlTORJx=%`^eLCXV8E9O
z5O(xC!IOev=flP>eHAuEtf-jf2=96_k_6?2*%+Usv`Oxn*mhinvdZgSF|H5DY&I31
zl$wQ>XCDlScYP8qbD?L+<)KXt+>{ViXeC9+5EVH$M;GrX2HVw1K`SxcwjRF$-K7><
z!&K(<0cpV^<kvuV6pNHY(}a=RbM$;~k{ECWfT#*K9`flq!&1%FZQ3!L-z9=KyvJ?l
zi*v;njxRZQ;EWZ7p;m-{QJpvSnK+720n%D{*F74g8Zo7@W8x27k?at`@MUy30d?)%
zXOw}_ir<`CJz*p`E=fO#%*PP)9+&NexNW}ptM82ZOh5X|SIL>!7Y93Wj**qy5Kgps
z1Uz(4*{uC!MUMz4rQ0xUn=(r%5}p0bEFUg_?XmEw=v^k+uXIO}sya<lDps8pPd(>U
z1^>F#x90BjFFV?LaH<S^XT?!Geod|p(cxNkt$T?5z5$lBQ|6Y!^l+&tCo)4LIia(B
z*enLEsv~}nmhYj6K;hCy0E(tvUU=D8#K-wK3|pbnDX%|qvfSmtXVW}MdKh>Ybra+t
zM^x}JZ1wWsch9grLEsF5Kx@7FP9N>!WUUVTlyKR;+islsat*UXc=ZdcQg&xEH`_KX
zxqy}wv0`w+YZhJjO2t&u5Hg!z5%Tr6UcRHE@E-XWhk@ELi@NKc@HrSw9C9n{{(|9x
z`-}U4f7x?+om#q5d5q%I{F7?O>8#nQMd>7XY{E0?;!I}<rydTg?7oq{`lXdf6@6yM
zY)A~%3zsnG<T<Y(Zn0lxk%i`RIGuHL4t=Y1dJH*bE#FinHDKdY_t^p|bieo1r~)?<
z+ox2f3bQ)-;zJrNgkPuOx`@i=F=b<r8!WuGv=FB-QjrNAGHTW$HXI>~#!G5gR&Kef
z11#ieR;QJJTvL5ttG+Ks-_(=PKDE~J47*+S**srz3WilZl~-$RaBqLwux=%aG}$;K
z{s%8Na~<gKD?)q8ygP;jgU%Pc=g1kdKOR0?o9Zl(Nr1E1y(=0pV_9ocw^5{hjD8gx
zoh!mX0g6$6GxnSW{<U%z+nx&M6eaj`D}{Y^A9(A&>YrlTSbKs(f0lixtd=7QRkWIX
zW*9OBjGas3yohS97AuGFo@xr9Kn`J8_Td;_0rQrhZsPM^`5&}ut6=QKaf$Jp3)y==
zC8oCF{qH?u0|pc%cGj9MpKrYIRJA?6LgAb~^Iw3EnV*!lknfL!)UWIs9hbOrtKh4b
zJ5v>=3>Ob(?P40-<TuX9<)@#Je?V%n$?9K`(fhsmy%Q(8XczZM`{yoF@PLhVut&t?
zQj;9YoP%GYpd^9JS%b$SteBKv$3N-&7e~eC{i|$8t?msQuc#Sf{%T)RWGgCYJi(A6
zTGlOp1E%P&aC#t6K9UqxE&hXp7KmiU%tp{|9m1Dyu@@*fHVeN|bymj+;YEkG`sY2-
z{9f?BJs-Xh|M5XAcdD{4=!t4<=tZ0#*ud20Yf!p?rIO)P;H-UBDbKi}GP7Z0ToIP!
zO34qdxo=A0;kokr7iyRJK_|mf*ELKng~{)=9%G<nQy|25Dx%ha-HOJ~qG82ulp{FG
zv?&QjPkJ?c*NYz(%X3rY>yfBDFtB`b)yDK(W!U5#_fJRGS!oOUdH%v|*C^o5M--RZ
z1F}n7957hG;zy+5NlAFv2^a4239^TUcN1_Q!v||cs5PDoe2zJ;6+dA&ilwHSf|9JI
zx9}c&<5!gh%ulXp{7=9!sI8)n`II-$F9HH<b}zl&*pj|Z&P~He)Y645_V5Z&K%1<!
zI&^z~Hdh@Mg?njvj2Oe873vfoA&DPgOe2@M{UxuG1~X~P^enNmG^6(z@MM3XzQxc8
zU`kPtyr>;)^6cU4L_&KzbqnprtRk6+BOID#Fb4DL$5<I~y!#10d8^ncBiY)b)O$7U
zuDjM8gM3Z;U9rFUXxx`z*U@-9C8p|$=R2<<{jp!-pH~L+!CV(ywP)c$I|d4#K%Cb2
zg}2N9lXsGO?8EC3KEkPI+2X)}<yB|_Kztq!%Vd0~yND0hxej7Pd6}%`wTU{<4~}JH
z69*yjVw6&YU;chE^A_kjn$7B9EnSU~LU|urnD&~r3g-p+ClE1Hjec0ZEZ4a9nX*W$
z2`l&6sNhR15ofJ(OfNqk{3iAVv>U6StXx#dxx$E_qeI<Yqo7JU$sOgex^bL|J02Wz
zHpLk6^yid2m~h5zv39AGDB+EC)LXG$O}2er#=_QFf6Z7$sC#q-F~+VobTknu;?{HG
zo4D1O<}<3}R9vx%HSuBJvA}kF7l7Rx+Eh}D7J(AO*od6mq5-)fqX7D|`qMg`>Ay@g
z-fkXvF`ZPfEUmny17-gP8Uew=pckV=4<EU3oN;jQ*|PBXmd!L6HGA#~W6yxvzIOa}
zuk$CHGRw<-s0iJJ<}Jl<Fca0EW`0pVkdY4h=fkCMYUJt>U6buclr6l_w>|yFk;O*L
zvH_iMuKf7FK8wid)H(NR#7V)hOS`nW#<QKqeqo_?aid+l`MW-*=Nh>=<}axHvFNYr
zxM|Uh5;00(2J>PG_nxwGiZba2hezJ$N}X5|gNWyXb~DvuPxyE<*&u#oLwE#-rR;^<
zl%oO-F|FQ*?Ub%y?(8+urGVASEj42aCX!bful^h@cNOYgU&a#Ig4)b8{!RLIfE@V8
z$5f&8!NtjiGGtRt2-vcY=_nrLRbg`=n8F1sm*o?LU)-A!gUL8`AsITx&ocJaA5>S-
zSpOnl*bVQU9Qeov(WqG&U$6da27i`L33G~6$Y?+!=X&0Rp!O4r6Y(%|uRuL<Ax96A
zN}r)5JjeS8R%XZol)i;1W*#0bw)ykuQ76KWd(JBuv24GRt<My7?Fh2F1*Id6o)`0n
zu$DI~$ODjfXs#AL#kQ`V6nq`K8rbv&#)IVw6{nG>T%%nN*JJ&PrGY%RB;BtvI_lsV
z+?i#*i$#p*lV5QQS?KMU=H-O+(!5M8P~3mXrskPHn$B;|eVwJAM-dNlkSwy%rG#m6
zj2GgLw=a4ufMl-<r^^>|mmax?8RaowN+<mC9`fEH^r$9)KkI#e$y)rz&&YV1wVaM!
zJeMqu7)TkGUa98NUSy=RWBpi^cmVs<aB$vj{670vDTx4SjdOcG177czDmnd{?+E_R
zH|xp5s6qUW>V>BCe&-4Wjymj7gvuq;Q;`qI!c>-ud@*A;RTScBrRI^2%x#(aw7=Sd
zyorqVmdcIP?GMROV;0Y8!;kyeoU(?e&|hZcS!19WL_w%VG;6tic>3vjx+VWm*hIVP
zy;$=(lGFaoEd&MA76Ng2`3@Cx&^+>Bmb4#3=xemx$zONTa-m+Bwgt~;G$fnyQaQ0b
zu7UGke5pK}>Xi=^=4e@a0*6$;fo)~F%lUtP^Z3t5>&kd#Mw<<>Yr3F#p5(vz!%Qwg
z1t?i1B`l5;!?kR{=VM41tBl06N!?1;M|+#Ua*It*&1DPR&fetx;*8z}kofcdeC33J
z*3YIba7D5Ije3L3BCY@PECXbj?ph~jC>rwEbKu=%P|&pUc}K=Q8(Wc%`n|zc@rOV*
zL0h}P{&b=U(GuplK9I^<jt7~&=o>^Zipcb}&aj4_n7Jj^jM83R*T;Ox5aatUb6~9K
zS5~p*__V5l`*4TX#u=?v^8o)P{8^U5^BL-f9|!i1XJi!e8u?Et7F?ID&wf-sXlC;&
z$X>2nO+zM8oZyt&Rjo_^>yrLiwlN}yK*qA9G%kf$KZN~a<yF!LFV~Upw*_Bcp0d}x
zdQX@{Cah+9ofIgneCs0a^Ci*gRm@D-m)TZalsC&652XZ;EOcCmFY;MrWU7Mgpbv&0
z7JFBYi#8hsp!V6aIXY`C-*=7bIa^mj()-+`t(^>YG{D6kea9aP70hC;udng3N7Y*3
zsTZ+aomMHy%_%2HAY>?-slDq$>*!VKcxi1S-qVp&yI%L_*Vqur73Iuw&kFRH%5~PJ
z@xxAExNt*+=sQUbW8VU;s*_H&8_4(?xk2U70rz<xYRd1QPgdSfa>&t08XLEhB6&e$
z>=eqvE5-{?b-ntjg3hB=gdXEfd<e4me9}kjYj_#TkrXj|SY|Gdpz;@_`d(TH(2RI$
zW+{PDzKlb9=yyEq#aX>~rR3|47lYiOD4?>LoRXv2+45d)Zl6hEw;Lg!4V~WpN{!eH
z`6^;6YT0kBPCjL}Xb`GPyUzF92>z@}@Y|@=m7_0Umn}iA##k$+b0>!pMfzzKt$aPX
z-*pU{-khDNRhU3aO>ex&+1_xdYU^n=@r#>j`K2Zzi$Hq3;@)Khrl+Z_$)ljZ%fjwZ
z=LI$nNMSHzKE+hD^6NiW`RooOPZIU{?Y8{p@2}au#a#jmWE%t++0;iP;Hg<thrdh4
z*vn^ttTO~lY=3YRM6zCcf;Sq*Kf}r$Ml0VST@<8&tq_}%l=h-<fyNukaI?}K!$(M%
z#alD00K{ul<ou0T7n-$vIC1M($%OD%i?OdfgyR#daCX{ZqG89QQ3fBK%GAnZq**d@
z##70CY;eHXsm24(VT7zs8w#v`Psj_X6ecasiKlo*zuMD^ux;88i+$0=o?a0b4o+9^
z{&!L&U2kbqzm0&i6Fx7yo5{aoj>gQ`vMC>K7zo*2D+tiGSjz|cW+yK5H!;T?wcT9q
zmI0;sq)D;Ft?&7fIpO!NiL>#|(fD1Q=-GSGLBDQKerVH-)9}=;(1~WL9GV87Uj0FZ
zWVaGyF)D;-rY}PF?cW2mA;%g84iR)-qImUEr(Q0|;Ys+i(sLiuz?z?;2Zj9?TTig2
z4ttMr7FU4Mc7_qvrG>?$Z!*y0r-M)LvdHOP&8Ye4W&>X)`Ka_PtbEpCS@U4{eng|K
z)kB-t;tGZ20VA2|fncKui<`raz(87tZP^gF)P8l3`Gv8Z+kcy9>ACK>FB>ty)w&8C
zkHX>Z6o#Cd6_NFwn5(7Rn;_CrSsy3?k0VYzbGBC`5g7|k%frhbLQ8A}Imt-IMy82q
zp(NXZZmv-xEYJD^SHk#3alSRasvVS?hn2sB)?>rgENSc%J-BB(maAg14+~t*EX_<-
zMwR%I3I@ixLh&=FEj^EaPMR@lZvOE>6t|>Q?J>YgaI&fQ0|)_f#iq@r?)>A`wHv@3
z9jOxZ`o13jS+oa>9t>s;d|QZ;svnLnTmXIr9fl8(>wXM;DPt+`VlCxM-uk@(`#QIH
z_^(6<?is`$&2#DG3M?@4Yqkatnd7*~Q2Z1^>j|V(huo5tU~^gujDD`^;4{^Is+Ufm
z6gWgl9Do}=Xp}5Im;rBN)A`7OB}&7Nim9h7%}w!e!(*e=9?fCq!(-^Aw4#qH4PR>U
z!B7>LjHQ2veo*(OeX#**m{WS6`$C)lISY=I_ivNi&wScNCt@Uv)$LLm?<c-GrEUGr
zpQMM|XT|4W$-}AUbZhvM#`42(Ntnya9Y1?-ZKbwnTQjG3HhS2{u#5W|qIGd52IiI8
z;dv>JFW|k*@JU@l08E~B>Kzl<+(wHzZBquyLI1P@rm3<R?BJ<tLhK)q4W<a>R`NX6
z#K3-{R3@c)O(<(Q69w>pd=X{cI*>yvHY}W<X<LuXu)jFZ{h?;3hYxp;J`ljps_22%
z5!J_My(%pnvVbKo4G-rppfVduI@a>}ovTXzJIvq(zqk=cWS)Tv6f+Tu)X?j{uVcv(
zak5;ng`lE@?SI@d%Zf#|d=R4gUr*q{8`hrDrLDmx9{u?LnXJ^>K=1ymbkhK)=zbc6
z_u-eD$<aQ7J(BJ3KmpMFKO6HhdPpHeo`4)8uLl05UIF8UhsI~bR1$_#-wxg%Xs9A7
zl1)bn$H@kV=jK`}Lg#qJMaO`IjAXC@<nRI;7I<^9d0Bf}ZNNYpBlRc@i7``!szz)B
z`KnX%*1U{5qEJ{P8jN1)p#hREmU4iz$+%;xvQi_B1M|e4gz&v{mVxddE4BI?R6PO)
zVc>FoIM+*f{lcs832mthn{Wx?Z7qO&R=+eInH+laT${M^q)+I3(@i_bA%k7~A`01~
zQ%tjL45#W<>mO;J2SOs~WEb5^M5Y!I=Hb9g60-<_{kkOVdntx$Wi98U&WaKIfK;<E
zJb|6;=2Fp<;#a8!KU|ntD#0yM%;t$MQ-?+gpELo+zp6v!@r6aQ6`@q**}=K$;|Wg9
zPH^l?<KVeRF-XV!axbZz)DXrBzqe|N+Y{949zlScImyL6NEZzTEy0}Psn?lv?Lb(R
zNH+&)lBWp|Z}XsM-J(ZwQjxK-DW5_w?&wTFU?z^`q;<6TpF6W9ZjGjOsp)Q?T@1d@
z-e^u)rN!uGPmlCAc-RADMUhc|rI*jOz#32**WCtuE)NeIuTs|50F7fttjMQ;5X3p@
z6(b5Nsg<$>iU2W!)Ut@vm1w8btvxn$Xyq%7`~5H1b)K>z)7@El1)e~SO4b<FPMp}v
z_ckHqGKSF-UM4J^j7Jluo94be361A){z(GP24guqle`r2Au{TXEVkSS7;f||G2Y5^
z(1Z+ag$r49P=jWy5KG|=3zsQ#mbHb@h9rEw#HATd{uDhhFJmd&6XBMaPew~>m}o#Y
zB}RP#tm@%G!zcsd_o}+qWYk%%%-^@%Bf<e1UB$mieie^P3r-mVyf_o{^^Xq*a>oYp
zJS_N_@r~e~@$6A0!_LZvmsBAvyj#Sf)<jWJI&_J>i$1GFeg^RRee$fpr{1rL(JSpd
zxc1np^<)ShOSq?0_n>}Q)a>3Fr0k^dTM$A$-AapKQy#i-JR1xg(ov_)<Og&7xmeno
zXS+OoGheI*gc)X|9IuumA5}_(HB{>Mi;)Xx$037Ge|LrzN~`Ld2dcdiQaL?cF6eXL
z+~hq5pl}|SFBV2+Hm2<2*PPpn2Jn(Zwb=3$<)q<-=+TX%pIbih5Rccu;n03;yhtL)
z*;4zyxV(|?hKI_;b$)`BTRIYTVxFiIDpHY~<MI(7qy{bK#b?fEHOfX;#7^zLO?7Mn
zVIMBEHi8bDe6{+*h>1=wX1=`GuI~@?GhrPNK+j@FC+*ltmbU{gwz18CuRkFfTtMHY
zC1hBJ7E{0$+8QR~PpEwGmcK@qT7cl?pBh3Rps@FL&@%O4?>(@Q$1--gS|J{F>tzS_
zdshbf8gI(OLoEYOCnsbm<~G0#K8e#h!3lVN$q6fe9d8Fxc~U!OsXk>OW51^if$%`P
zyHy>|w*EfP+RKvM!my3QM|ihmZl3ZfN?-Ew?wy}g_T3-#`y*?JD#yq5Rs@o}SSQVM
z!s$Y+?n1{Xb>FimzB?a_uI0fFb@MW+HJ1Qcj{c=&(7(S?#V59inUq8|QgZGeEaw2P
zLF(e~YJx-J92Jna+}qEc6qDdpbFz7=rt5YU&m*0}e|W>YdVJIJft`V+PmT6tSv0*}
zVp@e%8$dng_5QS7EDVmq=VqK|$7BDPiu8FY2U`Ed{bMRB`uiTkv#xt<Dj(`bprNq`
zxWsvuCbUs0YZatF0SftW?u!A-i=g7sUU<z`6b2qvZMitfuNnbQ8SWD+fVhW7c5}vN
ztCUGp)Fwen?QRvV)|X!?2>pCxjlPEi;_8x~J1Hl04BGrF5PUIck_DTFhzI9`28*3o
z^T_7)am6T>`&wGqDew`(@4=<tSW%x+k)tf=+GQq^(_fS-HM)fr)+#X;GmF3`?0vfT
zyHb@?jsWjR?KbzYv5efbO1#V?Nxz@5><x-06skD|dHa%uwtoFdjWOlI{gOZ@9sm~r
za^vwNToGM^4olIU<|#VwjhFuYV_nPS#q-JMa*3Hx`~HOcN%^#afLI}f>oiv~--$sL
zTebr7b6bW{`m^Fe?TyL`?M`iV5*%Aq-<QySvB@<o(xCqgFqO!L9w6H*@05{oqj6og
z6G$hA?g_gpn$D95cvQtapBiJ&x9g4A`Vsbx^~_g`NLK1{Znw#>um6kHU<`sotwx3z
zRfggbjf@QEbkd_q#ryQb&FBI^#v9hn_w#fPhG3plo8>H!e|M!mLUs;Nsp-$!{a~O}
z)NZQyvB@g-&!cQ~v%c9{vdxdk-JPyeOw^sIK>lb#NBwvPptV3FJ)ESYijxpt8YFmo
z4<E>2scMkgHlArAkU6*Kfj_NvAzZH)5WM?kFREThlw&Hr3=l|8$k#2NvH8DUk8Z{e
zNQHqSxdk<LLyj*Wo-gw>kVpKyjzYCW-HJB#fKOCcn);5t#s#hvLFCUtdB)|c>s&0E
z&x=mS=i2#nKh&5yt8Tpxe~|Ef=8|#gQBquc>}_3QymH=kU6IJpDgf4WC5ckmHk=jV
zM&17>b!-&0d7Prt;Ad-Gf_rA3F>l~&^ny1Rqzq5ZpEE|=jeO(eupY3M(p%KG>mU=>
zb+j=4_nNB1sb_d5lC(o?mY7VD23D>Op50LBYas+jZ3yn5<eu-u+nKR_l(O2T{{iik
zYO+|ekK`;0OvkcW`U79uHtM@o0C;+G&bQ~%y>(UYSNwy0PUypHFEvi(z*?z+p<P2!
z2N%Vqbnp5yay2(f@<O?sH-g_cLnfq2P#-p7Thiu)lO-{bWZ)bw-HNql6QfcuN+N_O
z`g777@L~-p4z1G=ft+CTrJm69rH<Vi?HUVip)J*;F?XX!j|F=X^>Lx*sk1RsN$GT_
z%eH)B<!}84`PI{rv}=hEvN%rgz9i({dVo)Sm?Li7$?w|Az1^d)t3`cE{1n;!<ZPr9
zA6q>hq~31F0NPdT3mB>$<0zJjxcSko^C^5)p5cf5qM$&`^jpPowYv1Dzn+ooD$<I-
zp^?Aces$OPBs1X8U+i}B%{&TJSlzX5(@k=n2x(PLRW{z};Z@rC!u&(BQy~R%bHeK)
zplJ^w{UZK5>p<7>#O&TWc<V_1Hp{i@PlCHSQo-6lm4AF`FSY-l{S!PS(EUB~I`9Od
z(GP(1*K4>bc`q#S*zMu<d_BTz^&aEw>EQp*_9fP2@11S8l7`1oIIaeqP)r@%?I~Kg
zl&SYOet3F_jrgmyqMBjVJU7F5Uj+CkBGSOd0MoIuysY!3P3L1UemC^%`Ir$>4yN(3
z-{swq=ctc<q2Np-(WHXeAWJ1{86xMOf)tBVUD&AfZNRb^O6SYjJ4eQ)53TU<;Rs&?
z9Hm9dz*SeVkwHITmz0<>1FR?Kz}<jJz4I*~ZKkr)qHUHk9PRU18*%*nNj*V$`u$gV
zE)qPoGf6ZHwV`&TQ^F_JeQ(pTUt*&az75<P&dB4X9>|x-#+-xTy^rAG@@j^hvDji|
z0ecaR?1TaP_0t-}<~`?%hOOLg`V!m<KvugF#P-#>{XP2m>jHK1U2daXL6I%6_9D3)
zpuw>d7*#Y}H{LIXPkSinH@YlYxHfa)HO>V+7IR{kiSxl2U3}S2L{Q;dhtRlO^SfM$
zcy{uh-HjYrvZAiH{&l+qU(Kb4FU*T<$kL79bA3t6mN7P#;qPlq{smM~WfqQ}Nqq7(
zGPklJ)oMxc*V0nQ?Olz%iAkaW0?;)2S_5#J%x(w2M8Ve-0!5zF^M;5f6cDBay}`yw
zn1e^wbJontl3m>b+Z6$iP|MYXL8TnbQH7l)?_`!N$+}(sbpr@rOl-ve{KeHBit1UB
z24H1p`R2((20#sleLSpgR(#WZotv@;hgDAZVvkF>#*?=(@j{0=&1k^X6MSO|{>`t}
zw0e~*81tUvSH{G<Q7%2pPW*78B#PK1#HdGtGWMCTW#7PIfIu}fydJ*^Pv55AfqVe@
z=-_lBi~2wWJ4yRpMw1*G{j-m5r|=s~@sRDGrbOt-ZmY+(?w~<<q-}k8m`wQl*2jHn
zud>|w@N^izsF=CzTAWjr>(Elrov9*!$X_a-J8l=S!yc5e)G3l0kxf>r`RK=$$6C1=
zrbIAk+4~qPwd3Ov=!F@j&Y`UBz5tYC(cGxgHEo;I?V=ohc7Z2Y3R)@MZ{|)~F7bhg
z!1GIA{8{fXO|Oa#^Ii2IGw9DD2e22Ty5r)Al;U>*M;ewm+v9S~?iOK6#4Oi`$D+S)
zuie+YZ$<$wOTd=I!mZ7xv*Xr-prC`itJ{B>y_xC@7~dZnVm4X({^0KnE~r0iK+0Bj
zgft1_MwPa)mLk|{R$jh*oG{^$TJ_FNaA*@8M~NUsP=4{BKcw@g_t47R%MZRexM<lN
zU0QSPP_$}@=PJ7j?$AWj$z_*a&GCc94+4B6N84@u{0^gbd*T@Q1gPc=%pPg)2%c1v
zZ?kL1_!?4nscee4a+`2lEqhp{jLP4{%N8YZ(8-=RUa}?KGKfz}=3GnUI5F3rHeWsJ
zbGQ9uTqMPH5g*Tzb8zSwm`1CtB(>>1@Pu|kz&lHF#Ficn5VK}M-0x^@P2;@C6g){c
z7sG&|+_L44;pPImvooE<Lg3)iE-_)1gY87P?ds9LskqcNcD_&(xCu>5zimwTj%iFR
zK-kzzk7jJD>xN2f1S~AE3;p?sitfR(&doydzw@~|+gH+%wIf>45xD7~+2ji4_HBTN
z?gyVv8aY)`kr2SXPUwC^Zzo~>;T6O{=#O$Ba7g$~Ge$bGqkk2o7S-K#e~E+a*Ez%5
zgN56_6}K1je92OOgKtKqNctc6q`f6;H*P+@1EavqrUJBL{{S)HLW8VHT#C=33fD+;
z<i{3HlG3#q@&XU(lwY+Wnj!Kbvk&uCVi4Y`jqltb{SpMK%z*`)Pfv2*$oi`4;6YM0
zh3<WdNAHgJ7UDwjM524qUUGHM3_JdI3lOhn#`&<EEDK5;HF!#la0NI-i3_}%LpS}c
z1ot@$^i`;o*ht`EOM|e@UOGRSPD**1`eO7RzCh&ebd@v>8S699C(_6gh{|{KS@`Jh
z*3$<b%D2Zuj5WT1P;3@!pm8avl}r_(;Vm6i3XUpcB5|`<-M`Pcp14A9!rU(s0%zQ1
z?JEV9*qGq0&yk=_Sb^in8ncg)+`ar7>+tkYMIr`SkECqXN3efkTQ{OnyMj@>I#OE`
zU)71m6NbB@F*vFbjmgZ~XqO0`MV<a0)ripCA$cXQ$6FCkq#|9Jow{gq<bpOEZ#JKJ
zj3#Y<B1erMDa}q15!6=i<APak4fbv+@<^$>4{`BUAn)RjkT)bJn=KCNY7N?Qoh0Zc
zBlFc41bx#ipCKP1IYX;!hm41;K*G4@i+O$`tsU;%_7fY{kH^Zpk8;K!5Qrb3bZNp0
z_Svf*QBl%3r)f5|ylsD#_;Xdxer`#DEBUo&R4H6ZapikuwJ)4^tXB3f(*k{^+1ZPz
zmZQJ#Cf*+*YJQ>=Z<UyE#O+djmAQ1~gg^ki`xi2_BT4Yo%@Mc4(96Cnc3D<|E4eN^
z>+G~=-~SWyRIro-V#CkK^I*bv&Ja5ACkWe`^{#t_$tXIJW8H_`<hHdsx4hgRVVid7
zzZ-#lKRq3g%9$i#ZNP?MV*(H4BO%%Cy+4Pw#nO72)Ds8;&Vnt7ATSLg+Y)Jk!OcjL
zM-6@@ZxZ!icmZT=OpThF77vIgc5!dDDE5#yQ30DUYZ_POUhZd-!ff(is!C@}$4o4d
zmEOtlNy&446*tdFovfNgRa9laS!uDUuQ4#-B*D5i!NRyc7<<2<bI-^(GK4DPzJq(C
zY6A1=(MQ~w$Ww*B)K7DL(aOn-amT-iQ^g)9T9Z?13nZ{DoLHID2<(nzy;!$RP07?p
zN72KC3Z5cM-ama0W21=JZ~89&3S%ru8sDoZ!5mtQ{+;8;GNquL4ff!W?g=LG5x7It
zK8YP<`kIdn?~)b%D#g{6eLOJOqJd{yn$T;N=a~Fr@IQ?d9K7GX<>GbnB`FRM%n+ss
zJ@^79F!edvdg<?#Bzii)Q^k@vDefUYKC2wWuqmB5Zy}&J5fu~pu+ZhGeUDAkwv1+i
zvGn+(&SS)hm2YB!@vi^w+w_zaMrCv&J#2Ux#u+9WR+oq+umjZL?OnvH4gU!Q{UKOX
zJ}wT0TD(mXxs4Mh&MQ}R)SPt$*g<+14IqWKfK4c%8hPjnMBTd!%(}sz5frNHMvf;>
z{(2Yz03~a`0EF9Sd7P^30X+TLWri=AQRd<A+EFP}6NuKQ0d;iEy7{o|%z*sNfdB3F
zxheFoaDka_jXR)Bk|-CGAhhW$18`8;!A(JnY(xE3puQ`Ns_3`yqFX;y?rT;s98l1g
z(^>v>9b{f4<Clgi_vAE#0YXYu2w@2sHD-%pX6Co1af8x?sc)KU^^B<_2YXpc(}<D@
ziVNPkO7@ub<waetctSL!lrV0||F8|8KwV9X6{f-m0ji-Z!$)s@=p}gZ&IIR;`?#^~
zvD3C+e#ZH89(;Q~e7rsF?a0Cf!K+-lG?2COYy|XFO+c?7$E$(Pi5wmK7LEkr5#)QQ
zED*^XwlYdU61sry0x8ZBkp8p>sL-Kr`UmCGX8k4K4E?LVYxYjiRm;Ax{=vs>Lj~J4
z3(xqg%7HRx(*XR65sod<4B^cQE3XSA10;N|@M^5r;Bvy~p%dcJ=RfA-UL?ty5P(bl
z`m2a0eH}Rgo`gCS3I}G@0~l|}FOYhkq(ntr-<$#yaj1+$?0l5R9T)p_vmNuFqU=mf
z@<08xZ#MkTP?`q~ej8?hhr#*_svLwzQyCav0tkMctO(+LPyHCnzWW31Lt+cbrWlzc
zPQOT9Zso^)_NQc?l7-tA(hyGhYCwc$S^1A5GLBH(yu4gu@q#HVWyTV`qaf$cqOL#<
zrtMCHo%V){2p`1L2pV*Iq6lSY@1=|&2V`CKs>@dRX#5(fr^<JFwLEob-++)FHvk8!
z#d8scN2cODWtaMQ)D`zc18ytH7jtmB`$9w*q5vg7I-vCvQw;DfX5QsaO-YeZM?*hH
zKEr|8Li=euEBs9_zz#Cq-VEn^X5>?T<Zsj?TH^`Hm};5WY&?kf2@Q*6%pOlHwg<L?
z0Da?~E>14*=}@{XIrVeP5wR76J8b<=9HgAZuq<6m3p(3n=s%-uHjpaMg9hY_5%BwQ
z04kW@V7o;qO>{F`?;ugp1rTYS3L;Y%fB%F}Ix&0?N1_M0?;ehagX`bm^$PY?3KiyV
zzJXIQcLSOoKd77P&JKMcYdQS5=$z{*@7<$?@cYk59C*>>8-gl1KW5h7@@g{Xh^8Tj
z$TE_V-<sEflEB?}fyoSa?J!K*e*=Y!nWJBA{pQbXP0IM}VboEA$0IK{rZrAI-1VU*
z=I&u2$nwdl+4ksLuTNS~Fh4y!0@oo$=vh6*gl;9~kyOB4*kD-kR_)=b5f{Rwm#2?h
zVgI%@&00L{R}E(rpq0VIB!gl#gr@5X7sJQ@bu$7O5hJzSHvKeZQ^18VX0}+_UF!DV
zaoEv2Lu=BBnD;|Teuz|~jJt|a!+*|B5-ex~8NBxWOBc#wsPfAE-zPO6Q48#b#J|*^
zi6*@@KyhUG>yC-kK7X6<{PFQ_HQ>ESt#sAAZxK$DvDgtD%!Vo_#2pS7CUF4b<N*xK
zRhBtx#9vkW|DFfMfIZ_J@S#5#g%tia<JUZQ7l<j^?5>da%zEJFYh~$w{MHwWLa~&a
z05>|XDU$a*F(p<fR#y357A3f+VaZCr_RB&6EK#fbFyRf*0&5#jb|L25hkRK>22ZxU
z0vl^~!jg)qM7G-$t1qYzrxgL}6gknkN`L*OquiGR;VP6NLrGl}UT>b;z5nfM(dy;2
zTIdG|<jdjUVQTW0@WcJ5D(D>|7|Npl*;R&n=yT%G0z*((Z)7>3^0S2)|MD~AI{VLK
zJTMi1m_%*Gc03DhxsJvSj(s?IRLMlH^X}4t66WoF8>zeX<blxZ=fx7c&Artoqiz3N
ziVjkSWuezbZ@H3-*27EP6VuLFls>7C67>YJ5qYXk?A$G2s*CKSTFtW1)6z=>B3Xr2
zHv_0EcMh0yaY*v@@Mw4hs7-v>O|BIOjXK+#bYE)OvT1nga6p6s{Y7r($(mW?8xRj8
zFv~;Wf9e?1jyQ=NxCNnDovlbT#|q*H=GWS=K>J_0;tlhVe7MSp^`%1Mch;!4>wg$*
zF_l9hx`m?yIbq1uuVywEz;y>kH>G#tVnCG2qkO{!j_j(HBSkSnLOAJ=hdxZOF&-?6
z4zXvh7df{tw0&OkY##b~n<Hv+mj1Ws1@fCUjbV)5h}Gv8tj(*^zGN#GbAze~MRTJ{
zykgT=X<3hdxpt_pthjccPnEv~jqY(_^)m(Hs_Ivp|5-6h7yWTmnzBn9DyNTXgN!$W
z2xQqdij~)^fCPgZrr^YENZ$8T27pO@#QM07Roc_l@mK62uVR{3q%9E3WS=8|y2(>0
z0TW}4dw<t2m)u9M-Z^jnySX}K5W+a7L>Jt1wY^vn*TVKzGM@%^nxY|0<$sn{YTGtq
z8pEE_@;#3zPQ=ZtsbZ#MWu+)cU3_%d$0TJcD9^;}5?e6wLSF5+gj5F0hi{}Q$1_Ip
zOV1lyu*R7t-MO38OWPZr7q}0BulJNZqK<~`nirfajNo)k()H8p8<^Te?H|@I{jIRR
zc%*<Okw33Jam>(rJa23W9Be_{w^bHF(s%w0P*?2rO!Wq~4SGCz{7CDn3h1{l^YzKr
z%i)4{i-Ts%D>3hXW=H1U4&h-%|D7;ZcbiO8{Xi{5So43Ih7Du~B>wv#q3y>3dY`*~
z^OzJ}_;8txXa6y!X2QfhtLk=5vv0sYX{PFf9fzD?AeH-5>_b2&^6QO{yplKvJn9Z}
z+JK8F=>JNK;_i_DTZO`?RSfCqVuZ=DfNL-u!E~{ikb0*lA;U)^-K{It5+w4spD1Qk
z=WNXblrE)#jUoB&!j9^0fFNSDXrS6ZsN%!%*uIjM{*Xmp7T)a+gJ=APdG_0b{(FzN
z(JeUPk+d^jP_D=!cT^dw41q{bJ*k<$x!ozN`rP^HaU#4P&*mQ8r6j@K3#jp+EDdPf
z;|<%puOyrXl=5+n`FwFe+=tGeUO*!2xeDt0WlmT~iWlm>UV|D3Te-RDOo0nOb|3b1
z_r1F1w2v(pfxQjO96J^~$q@@FhmRaIy_JXG{>ZsWNjJFb@XU%LNLD|_@_NU}DeHe%
zS7^Z^BDWP;qJ|v6b($=(CAma(*sRJb%@c6C6A9gY#A0#c?9&LA|3lYzhBeW3?WO@k
z2rvl&LQg_~&^w|JViE#|DqTQCx`-%<4X}j}AoSi9LlLP;2N9JHf(1krtTYt?rHBO!
zocMmv`Of?2?CVOhvuDp<Yi4$4vhKC^y?zFO&z5VdbF-J(CQ%zf+iP=!pWdM|`!~ZH
zUrDfFeK`c8Vqo)yxi=Q`EiZ`INnvkPFiltK%CZKQ2E3>e4b=k2`2(!V&ei6O37)0&
zl9M#1=V*~opDsCfTIIpo-RMw7&zhs}9o{z@%oNBUy!TDdd_HHt*IK9FZkCgyUJD=`
z!<E>7!}G}5TR25UbH^bhu6lLoZ1So7fV$bC=UOPb_v?4T=TntK)GJ-dZjO3cbWW2(
zTzhBam%uML-jb5r66^kqp|CGT7cp*cc~l)AUDi#r$}d>Bx~8xCCQNEKs;L$nNPl+y
z>ctL!PPksO<8k$b#KC^IXu|iDb21sX{;@pmqbKStVlDG$`S2cfUiY2W3E<&v-b$5&
zh0ep2NcZE<^*zdSCiz5@R1)%)CNkR2)Suovp+52ojiUV>ey8;eZ^gUjU$&OqGM~y$
z4exp>Wf7@Oqv*5m3g0cW*^xUy_qE!@S{}U!J+oPZGRV-(%e*CPkvtS}2uN1xkumcv
z_;TMqIICnU5*|IcP$+xWHubj1)st^>{``$KNU2prX{b)=+&cN;(M8;ebLRzcI(`-w
z;RlW^o2pPZg<;n4xBlgMoXX`9+bJUXc|xCO+2HZcNn&C7XZ~DXq(rUQn$S|_?Q=tw
z8DeG<YU_@f^|*iL_N~<H1B>{d_nxFPzC|W*j1q=V|9FHk;rWji)oxsH@aOT;%wWn-
zznyn1Nq_kRWo){m?1Qat2s^eM_s^`=N<bDt<=yA2KX3mUJbKF0tthhNZvg3y+`#(5
z?}n<)JT{mi9!JT&(5Y;EZO%UdfLixxhUDZP(X(j%5OZf5MP6dvN_45^xtEz|j;FTj
z&YQmCus5#k1nc75SFTa}*Y_7ZpDo$o5!<Af)choR5N_1P=l3?PU+gpgePf7s)9SQN
zAHRq@ch1mcmgZ_AZjn}-?sgS#B)piwjc{JPI5!}iMZIGdhOPv86e30R<Lam_$O%EQ
zxi1dua?!#WeacWD!sO)^tp|VFF8yk|q*lt~hw=59j)oJSJ}la?zj*J1`xP95*lLgV
z+1Ia*Jb27d6x6az9faS7-&-Q4eF*)nvU^v+&y<sam5Xk9^e=lpqlTT<YPY@~+WvZ<
z_h0|gp3M)Jwm#hX%CqpYLz?hfCE4kVF`}k!2XCLLyR+#wDgM^5v_4IPbSrBJFIbU8
zlAzCB8dZ{G$0lc{ub<m)S$U+;vpyC2Y2?5`-kN$%0Wo^Z&%8^UdA-{_x})>!d$zyq
z**A1=``5iZ-fgAP`iasFeCotC>pbZb1d(}GZAccIw0PS;i|((0K7B{?m*sIwuSkvU
ztE7dd?H?kMUhQE}cgqR|ehI3pfQj0Vo7+Ec-r4?<woT?u=_wbgC)HU1P1GXNO$;`j
zfq~wck9Z~j7|-RyxPtktw@Or{XeG-j<qYcf_uPvYdC=dnJ5L^r_}z)!#1Bs<9m{ay
z5ngPI_x%kB{M`Qy&l#3$?_I4Fx#@W;{KtSyXswM!3fTBChUPr_wWFiY|82vKv&vJC
zWAx>^WA6V&zYxz%s)$uQJi>_=!6~1BlFPtplNmL~pjCW3<u2IG>%NWu{;YLKFybVj
z#yKXMSZ-xyWs#$m5IeYm&5ZcDu%&ELTQ+BIuk`=Q2kOQ3tZjwm2ed7t2!<bzQS1N1
zpqf!oFQ83<K>ofYc)h~HPH7(t@IT_C9poPt6nZLDPwT9In5AVW6yR+Ygg`r?5Rg}k
z;=N#<2ndw-`L`hctIqtluEE<F{cl~BS7&t!{oB8b7V}^Au7CR^^2X`@w|;HUe};vS
zdS8da?Y68NVt1cClX4%m-`1Y7&v_pN-Pd&jstzSXKqwL!2I+zOh2R;CUOscme?%l9
zTDCDlm<)-cZQ^&uSd|Og`tJHoM(k|}g2w#Y0}6dJ3PHe`P@yh(Gesy0ss`Qe?(E}_
zo<3nr*X&pE?J~Vvu|0&~w_1Ok)kJ=B@W|AoRy-2Y?yVP@$3GaNtUMcX1-hvx{K8nO
zr1|)>>(ss;gd3$U;jY`R9sIimP4Ns_J8&#yD*B-tyEPn6S#@K$(G&rhGa?BHs!xeE
zrsc(Q-LsWlJXK%_JckdBq@W?w|8vm)`|eM9@W@;C@A>|>Ky~R398*(8peGg;)7uky
zzIwIn-%WxndBR21iQXqU(8I?Ioz>1Tc^meX6FB^c9kka&SB3;_sBQO)t{r^(c~=)x
zbEh>n0F6R0#>dQ_jN5LaDjP1r+yf{jd=NYmx0k8ggXhO{A<;}Y1`;o;TM0qvCBUR1
zsN|Tc5p>C3dppYaiz`hCYZy5iS%`oYUT*Gz>TUPcMjd$iSMGlb6lGaHj_TImP#HjQ
zm_ZagLmCqd??Cv7(!^kVGia)W9cIsiYm6pY_g?$1`!ywTXQizpLw$2Tvg8ogdkC$(
zD~MU8hf(D6I4f}8kWgc)P7GCq*$wLvWUCmNATjW)hoO>A?6a&bv;+gMaulFKAL7n-
zUr6W#Wz+8srWqW6%KWeq!f$n-V(<QU2J>cZ@Xp`M%}+z!bGu$%z~p>T#h<~(I}M*u
z66yjFvJgpGSh+ee$`a6_RGCGxk)e;B2i$o1MIo?I_VsTh^t^2kTK8LSGV;5uy*O6W
zU@6e|*V`oe<BLYD*@Hv&TC-XQXVUSkaR5n33{)~NJqxHD5)f+uZhq;YI*O%b6Ol$t
z#w=ZUpbpwB526TRRF$m(7E~rAIZfT-#wt$`qK{?#@H|nY!F&JBbCIqsNssbL?lG^=
z1Hv_e7CUEOoqF?|{DlgMOIR+rzTW73XQ#)A!>_+b_P5xb$LhsJK4{fQAa6j4vC&cP
z*kI3{{jGZe;6ZjWzD0sykuXNiE1mXHss+Awfa~XEqcT&&GDoeJ2`9KXx{d`;r^$vz
zg~x1_PdmAZSzVHzykXfQd30uU^j`sR9s#q20v{W0V(P}2GRcl${3g~aCiGCc0hRz_
z7jV%He@@{cTfi7?{8TMSkrKdWn=2T2CyPZ7I+%KnL1Wkd*|LQQv|IHwW2^lZ?M!c&
z!+Z2t8e5=^2tQx|`;$BQmhNvQF*HiUU?FNuo=oVrt_1ywd}+(OeZvVbCPQ9G0ph!&
zvh(-;u%b0(Orrr{2IZK68nbR)%E+L2)X+0CI)_Xc<u@-u!b0i4`}*?~ewBSxQ`0$~
z)hF|j<0CEuEo`%jg+U--&(3o6sUE4{eaV=%pH5C+K7MY#e&$QSk-m}n$VDNDM%`Z9
zlpEyBBZ;cNQlzCd_)2~E;e2*rsxJ-Tw%jPAd~8t?PeTao5nkrBRq*2ggW(f;KO^Mw
znW^>%kEl3V@sJmOrqXM3W~v)M^tz@G6D8;IVlyh-NB0QzDW0TdZRi2r$%R0DzcU>+
zmh>eaf6j_l+HZd?*L`6*^8|x@rds)Hq1RQJU%V3mg^QKjhiB^5geSRV+tE7{J_YZ{
zbh6~HPZ)Nslc3~M=5s#CIJt~R+Bx?J+0`ehstrYo)hYSb)sP16zT~aj6XV{-1ihJp
zRE*VIR@UtL1{kx{6mZmJPmBgp$N{=UD1jJ~4%WRrt$RWPK^4ML5cn}RKR_j_q!~LP
zg2>($oNV7Cn|=rcRRBk&lW^#s)r1(878V50=|hD*0TA{jiGIE7BsWHV2F*JGVfj$^
zc25LEN7&zfMknlveR~h!%_jDN5qL};ia_k?u>jrl7c>FLYPBDO<Irh)o!k9O^g&JL
z<*{jKyn>`c88$h(VZ9p}P;)^x<VBAt>Ut?Q&1n2gRNlo}aP0EqQUJJvt`laW9EdPu
zA21nj?<;tXPs@ZkE_Ue|Oc#OjOT_hnLAT1iwjJDrAh$(PW%v>wT73UPnkPD}2V#nk
zPG+C7kYjwK@^XlM^-C^==$a4sfMJQ3l%DC|xgC##vJu{N2c#AeRT{MPbUHp6KMQEc
zOI40#o2BSp063*ezO!9qt0Ut96f&RMnRew}vw>TVxu;DtA6|H^QX4q;JfrgPX)Is3
z(NQbQ7BSy7@|EX8C~krk+wDoY%neIqnxV#ptJ$N(IOF_Ess!neZ2))t`HN;$mVb@6
zL+vxaTHV=>;6|%;o1-4_bzHE~uBArcP+60-ZJXEG_TncM#pgV1Gqv_<913tk1dS1E
z(OM5*D1Qe0fx;-zgHN?e-DD-U7L5g1!qidbfKK+ginyB*$Trv4!KeJ2_LbF@1&yCw
zeXH-bO6AhC@y^Y|Nf_vu@cXrIE1GwbVen`u^Kdb$+0$ivRPhKw`4k~T-LU!juwzcO
zSktYlZZY3!4w(+(4H&yGL)Bg1ZRt*>eoB}#k4wZ7yL;pJokb|KO%c-dshPqOAFpC~
zsS6NAkrs(nI+t7D^YuF5)%X*H5LXo9Qm&reICn{sX%9vqb2Agd^~`HstF#Tg+VKX&
zVGv1(V4`UL|7>3|ZKZ`C^5BT~T~4m>q7;g|>DL)P)O3XAQk0edsji{ut)u$XotYKy
zYX{$YP&^hTNp*sEi#YTjRGV_m`Hr8HLS>cL5SL3lNCPdS_KXLs<OjDu_B*aoyK&pn
zeC>NGqsAhhn|`+g-LPnciGJ!={XI7i$Uh@Fk~C`&0%Cjs)mISpya$&I2K6%P&GZ73
zJ`J-ZZ5od$W~3csKUy`$;oD^ytM7tlB@u7#n5CpAX-3c^D67#w8dxxb0FJF;c0yGk
z{mYsA^93<K#uvWa6q5k>jgS%~o0I|1Eg_)Bw;Q2DDb*E;U_IWA+h_BHq#vdyN&+vN
zXLpGqphz9WWzfUohNu8rR8m3m&Er={${<UKQPp`lvti$Rreo8I;5+tn#hy0bjqajJ
zL9_vYkr7|vequ(_mkRCnlDX~^bV=DdOIXi7E=D=jaVUH7huL&ARX8Q#hvb>sBI1hO
zi`=@hKMobjUXx+WpFjs-<S>Yi;85=z6$^Y#zZ8Qn=0m^%S<_n<0=QWT7lD__*M-|H
z+9~7+EBt^;P)_VX4;ps}Pu;-V?A^z=`>1F}5qbh~=UGi!9e&qYM?#!dvDTS8P5m6w
zK%!V!=7ZGr0}E?FOlob(8}kd#m>-vv?p|?MTR(VV_o+qfyFQ9^NB2RgMtSFk$~a%f
zwRjopk_nb;$eUw(gE!77!Hkppl2H$#xOHT^dHT_))BPk)p=8$AuMM5)i;?0()KA`j
zV2a7+p4-xy8Z&SvmH+WonCJ3+yKX_wQG~*|z=6n4Q5nUihf*R}yuVI!>SJd6<L;`s
zrFDD>V5ca2+wRPK<NYu<8P-iTH-wD`3tHMEnXx+WlqhO2@!WYkv)&IZexFm`;T)!T
zdK<L1H51<G+Cm%Y+PZes6nnxjAg!}ytz<f3vlGv|@|<A3M9nXEe=eV5k75;63Nroc
zF<BqrI=QFJ?uV{XvZi2$yQ7}LZnAd(yO-b;n&#3hZp^|_{eV%`B{JjeP1o;Q-p;uI
z!t{{&eQvL|lDpUK!!Fs=l#)s-Bh8~7u#XENcS~-${n+#+<{C<CZrtXo%Zclf3Veo-
zn21dw>mq4arJJ&DDAbNz$}Dn*a7)ru-0<z2-kdfYFh2t#Tz~rYm!IE?7e6%Fsw7Ej
zk<uIJeqy7E-L9xA^Dfa`;GR5uR8%uocCTzwVLgS*_FgL%d1SDXZH+vDX0FI5q@(TF
zXC60t?W|Aa#`y5Zx4mrfK6E@xZV%+0?77lyi7VxsAM6fhriIjhn51zNPfW)&Ih5M2
z`iYH;wb`bU$0VeMhgB*&n{p%I-M(Fi<$c)c47#y;rs1P|0eA~t!Fd3A7&6R3-`Et^
zF;GQh&X*2fD3*`Ezohv@>+5RRDo`&v`#Y`|6aHe2c=q(EuRp`6+*m4{;47k<CWSQc
z+5H$H0oZ`c#rf^%3Woa|xB1yYmU^TDRX~Mb{`^483g%ghnxyiS{(RZ)bykKS$9qLE
zPx(Sz!BH&1EKA?j6df3}2-uZWK+ox!D>SUFCapTuu`wF=%x=GB39{jE)&gE$!|zAz
zKQAj5{xn`MJ1D!Put(!32VctHUpscx<Wpsc$3XubvkwEc??)^pD?84b<#JksT57y)
z^rVR|>i3&fB1o1o*{W-4+hq@YNxI=moLX`3VP*h}l`V}#s&TOphrn1qKCBBxPACDf
zpDhAFlW?WDb$Qx*gXYMe>aj^hCY}X)UvD105JB~3dasrCO$O}V*%5bC^LHm0gpZ&!
z_6;?--H^inXcS<@_IJ?+(iE;AJ|eo@^8-Ih)nNt1)_Ts3i}f7t5rTKWXKonSVn=!h
zUtNAI@4F}Dhe>O3VfBH=c++XNk6;fzHjNE4`F5?4>L?peGFv3(7?H=fF%Ocyb*DFU
zttQs9d#QZ=4(G!CWE22?v@00Vz%cN}p5Q}o1(m&WRkTXFB454Xc@(h&@B(WN0H_1U
z-&M_pYX8a8KKJ^~+Y6oBTjyV{oV&AfapIq=Yv!dNhZ_NMa``~X8<(-M1SM;c9XC4!
zKVf5@bsZG3q-5rkv-sSfLVi-oy?+9fkxTNX3t?UjS;39kj)EtHy9v3z5LHjLkaF{H
zFxqp+SecY>9y<7H)MQg%H#M-IcT&qM`6#q&QOxBe35&su@AKWgzC8i4-@p6;68OC)
zNU7?%rcPatFVL2jbKH+XQn*NgSLccC_y!&3d$yhDySWXUwY|9x7N<q#wPn5|M1dnP
zI5?}zf?6m)K}Y@`DSn?ebyEyzg{R&@0Ce}ReOr}RTWaoKt?(#E-Va%uh0_p@1u#4l
z#7AS5DI7dPkT`Il9V>g0e2HHhI`A;<E2Iq7h5WdLLeB;oK$yFtdJ&QOQV_gAiQi*a
zNfmFszGf#0W7x6i9z&Lp=ZaMR-7vRFjZ42KD@+`cH^bOIxNiQqq}_K%WG*~HKT1+n
zm=9TBjUD^G3ioZe<^JKC-`Cs(RJt`s;VaTI7fBNJVs;2tfiB)R;w5&CDI-5V<(J1w
zWp@wT$T!t=4A`VPO5d(MI&{b0*6pJkX_sJdcTw>5gy;92ks;}}N8Hr9?fLjXe`@Vh
zGMQXan__Mi%q;dmrAq}nEEPH{an}NxW9^ETOD?=?W~$ca93|5mU%)l<YBxl8Dy7JC
ztLpGbv^a7Czpp_}vzEJ0Ua{9ex~wvPhisGa6&RU;MnIyyF8Z==G)Dhe{4qn}HZJ}n
zd(2V<XSu^WbzB~zcVo=1b|;FRrGcfWi*z8l!Z}}4<6pW!f^uU#OKSWkA9xY`J=SAQ
zuZ<NgNwwO(6PkFvYbesP9^~_`L1d={yBa=haT>W<T~YBN?~scvnOF&9O|Zz^7G9$F
z^qcrfVl^b)-my!8hACIiQS@EfTZI=FtW5}JI;*(4kNH`Qf=%9w>4lBFL_6=G&;VEK
z;B>`r#LQvuYNV-g<%N{eg>x8nrLVuw?vLYo=5Cp4T~Vu+5Gs(HZ(CiHCXQu`DBaUv
z)2a_bTm792fW+~su4rnwz0rq5ZaT*Zy~+pA0BgEj1gxU3qf0LA?{S)6RdD-r@bxiP
zP;1}qvIaC`;q{LXf1HlFyD)0_+;o>r#H^~m4&Df`cX2xDp97_N5F7sFN(5<SZH<Z}
zYcZo(J{t2?-Jk|PQlpOdoC94bY7nc>Hy$K*bL6PS@6v~gCnTOJH7y@xDAz1rNz`kQ
zvqICD_fKyu@}Any$7`<F=B~SJ{9sepo51;+Pp41Ekkz6z4c}|*HZ^_jjxSJOY5Dp!
z67PYqPbUIUm{H>7jZzQd<H-9f6Eg>E<P|8T<;LFruUY@tL_qo^g-5(vet8;lAvTDo
zI!zR2wYZO(GhYt)xoMayr2J~R(#71WG-~N2zi(+eOi>(4ajax<NDh1xMNb=!@W2Mw
zf82HvtTR>NR^|B)<##kZu*Z|obVbW3w`THd2_nY=;cfrdx)gkq&Vzz@kPwAu5K<uo
z3X^0&`~L0A>}~TILc3MoIN%y#AGVi$CM@F+8ycn)y&phaDdaDkzFj*Xd~WV!(&B=6
zwQlkIenW{l{faYxUVBA<{wZS@FZ8VH?aNwE<JM{L)%%MZeEdC-XLE0Uh}|z5U~yp3
z^1B6fleRDBcTtQ%o)$<1jL9q`+UZ{I;wklCg)flbI~A&v{{Nbw#&M!O3;%w{h}gkT
zTmL1^hgkAWHRZYQ@+o@oY20KC*Ppe%<5@@=hDu*n8J5?LZv6FILwq;NEkP2f?7i~k
zS}G)J*ZHdrDtp8v#>`)*Zp&L14c-4m00g5ou3s^8=Zic*dUCC*ygdWSkvn=Uc0NC@
z{W`(&@uOVw^cTUtronhHhNTLc#i8AL<n;j}0jUS#^OX>MQ~p!NicnnG07l=T!jwTO
zZ~wUiJ)()eW})2oQRx!t(LR7NqzF*U$YmS*!d`r{>!gP`Cl6E&!JWqSjUdSwNcMZX
z*?KkU41YW2-zS4BWih^pq7r#W2Qp=W!lj2N#$E);x{YPAEDE?<??%#C&nEd>dX=4J
z{(DX!5M>~hZOV3mi9zk-Dbd~2s-JZv7+*G7aGFXqI2t`B%iS0-x~wpQTTQ7osHdR!
zjAimtu^K}-^L#*saNl5T*Eti09V2$&gBt2-s;{@-({tt}zRg}zQE~&i|BB(kQ4Iv{
z?xk%dk?Ht%xAas)9zL)juL_LaJNVEDm*xGhGRhJ^zCceD21Z_i>3fw;Di+eal@Amf
zWCTiObCi{JsP9+J-@4H)GMUV~9+j=7c;9glju(JXpb$GxJXi#+{SdS%({Zr$h;J&^
zeChG>=e)>M#Wi=^TAGs%-6g`Oc$sU>uimmcYI62m&gB@L|0^}@RKo<)55qRrL(2u^
znH?AkgViIlerLE`9oc^97)<G1!T#G-3}YJkaLih9D<`JX`rWaFlpn?Cwb<HAj!A{q
z)mIA=eII4Ht{y*B&KZ5g&P_9e3lJAFQ4gg&22fa^UR)*uOYH}ARf47h+Z%l!@zPoB
zYXOPEcml_qJmA>X%{K(Xar^X6SsECHxOa8Ky9W1#k7SA6Z>f_tN4Ec~0-hRf0~sKq
zpiDS_U|^v4gTL)!>`UwxmNJXbDFVa*$3xyGb`tDmM1oHEI9^9%NooA}V+4H(8Pe^;
zNW0KCVM$>L)5$ui^)cPTJs2N@ow@uon_NK_nthfH^N#UWm%bzI%{=%b{>dW*5TH}R
zxBH^)1r00dIwnsPEG&LTK3!gb$)Y?p++np4DKanlOXSk;H{aLK-9CHwr15$e(_RVz
zIRS=H*?rLknU@pHcQ6K`tv#%Q4r$;?w2Y_x?`t%5GJ8PRXS>yLL-yr8FGy$G0(zxs
zge%|SPhsz<xJet8a{#P3OQq@=TmHCCEVS>@b^n`i8s6USSuD=?z`Zrg=R94YLSmg{
zZtOeK((bdFL%D6314-JXtozD8k5)ovhE?Ai<lVe$E19kq>L_-TwDht1W3v(h@DQwv
zy1j7u+THZ4utzUCf^(V}Dqg3>3CfKw8%GWOuUwQ_YUMH#6fG4j8UR>^)fc6jwpj5*
zk0DFMbGf4)Zyh#VD#$H$)ry#7O9WnohfGMVyFF6M$JrIq#k=V`Aj+@&N>YPTRGrOg
z64X4bGB-3b4F_jG6&YSRa$4mYto*COGY|LLSui8h!`Veu-NB&PZ6Df(E_>Qlvi49!
zc=mGaCDSK=G`3Av<aM6n3$?c*-<U*cFYI4i3sQe_FAZ}Q<V3kebez-m(5yN2Zso(7
z4K?At!so!!v?+m2e6!(~9jS+ulozzNBj27&Pj@(G^$#IEQ^+%*?kFSE@Wx>?^IUQA
zn3dPLYvrnY6CZ2*j>}+P4{H6c=B#G#Tvj*7yk=GI3*nL*Aof_tv8#|bADy1`3`29(
z`qs;vrvhpxo~h-umgP2?zLa?3@lMy3JY$~Npk_6k^KvcVB9Xgk(NkQOntgIsU1*?Z
zZf>#vr{=}o33da=BwXLFXr`HwB$_k+$dNxu<VL0Kf6JaypHz2vbUNz^b&+abQg`>T
z=06o0bk^^(v>S4VPTCe+i359OE%0RojvgARAEeQqv%2_6AQ}fCf*y49rTg;xAWP9*
zEI<`XLzY0<vIM|a_V}|F)*>_zaRWi}>Dx^x$Kk2`!rCwq1KPNhAPR+VuBJY>$zcEJ
zSJvZz#y;Is6MYh3k?jZe;@gWNR;+Pmz)ejxu0_TS4QYY%7Si!22<VXXWeOXw8eQoH
zsL4cG@91ur7{B2hOA&P7==OthGIUo(M)K6ARB~L{UcqErB3x!f+@5=bFF`L;Pd*L6
zo0~zvxpaJ3dOrX$_CMVf4WOaXy#y8%=mB+6x}VmGd3ifealRKFe-crHT$1>6U{KS)
z@Y@Tu+96K|bxdChv9AHhdq%Vf?r=SSsIN)3*x9C(1HrZArz+?)dZ;lMa}^({Ip-D2
z8FMlwL$unw4<J>2Tz5^H2OM&)U$l)`o<Cz&YV(sMyK+H4P5-29{L$);w#{U}!|A7m
zmsnk9-o#)i6_#Vx+itHv8{-v-eZ|Rk;S8y!Ga_0;uH5W0*8!^mLsV95Scxh06(1Dr
zGOLV|vtag|+%aiVk>T*+cRA1fpEsFvd+4PV1Hux8GGn^v8&MFyK539raZ(aW88wiA
zP}1iR1OnRYx}d1wuKdfagU%d03x%UEbu8buo@P?$PeCjDa8Z<wJu5CQt(cd=a1_`r
zOna7qh<j&~3_YS8W-K2c9fS}<#L!9)w#)7+^`9%TTyd#PARLY6XU66ez?oFgekevC
zMfs-2+_@8@er#P^TF%%|T2?~PuvTqz)|)y_z=F+HUGGgobm5YZfN(?qw7h7_Qxc?v
zTR;8r^{z-~M@`L~dVCmvbl1~h^%B=OZz@O5l{nUnIK#Bh$QNg*#OEAugnl9ap4_V{
zsvxb6b$&eK)n{+YCRwsL4RZ@`tsaGpMJkOiVU#9t7Xf2JItq{e%5!`bv8S@Kj7`wx
zntsw8&t#oP7M41+>F60m(rrmT?cfStTtaq+<0BvrK!`-XV?p)X^FB!7l0MuwVe1n6
zip_y9AEwZkWr9+vI=)_)0C|v1*wY`^$GKOowi-Qy)S)V(bO?Zfue_o{qLwlbm)imk
z7we{xKcl(z6sBM)Oo1(-0<`^+H@}OHZzLk*jX6{=F$F%TKUCHa$I;i`+x7M0^%s-X
z9_BK8C9PGq33OlWs|do3c<+qBSM6^~Zygk)*k)<`15!Q29sz`yW-bZRZXEyaQAz36
zuYzMn7h+e~)^HZI?}Uhs-t>^)8VWB7<Ut{`esn;~0?%6KwsF3Wi<Re<o%X91+*KwQ
z^%I$5|FS1LlGRQgU9DY<8yAE*M5?VH__(HvI_+QcAm+6=S*el?V{&r^K{?@NqE0!E
z5LQo}>nanKZIOS$$s1i|9{`lRfr3^4FtQc9a;EneCa8Yu!JOt;u4HU64ZwZG4z<kr
zO@E=nIWvPe_C@V~z9<Z`k43Wtj-4Htu!o;X8!q5#fg!i#eI9^VpDSXVC+!oO@;(G?
z(44pKmudY=Vt0B|_B<>5+RY0#j!$vQe3Azxqe=b2mt!4gobAnIb<-b;4SJqVPx;|~
z)*_!+iEpQVkZx-o(4g*4{&4p9$vrP_ydS=#c9~f#=$CvVc~j-u5eV+c`K3#p#Q?vS
zDd0xY<st|6#<28$J25CsfWkSOzk)criwO48<iI3zNAuO>Ss%W%<pHenUhTIp5n3eB
zb5`hZXU=#gU$x`8cG+1O4{zb1P5TE{Ri}SHx>;}^)<PA}{^v8-IVz>0RKDe@92G2B
zZbk@n9xhbA1w9ZoIxKqu?A5=SE3*n5DzhG1JQSeXKV@6agHV5$Ly75@AC|6!KN0Hm
z3?ZIJz#Fdnds0PW>lXJFHBweNGnyh9EYULIQl%@6-EV<LKtw=V%MBjy{NN{B9$&{7
zdLy-z2bacog@J%TXo&4+4TJWE#!1zToXnFE6nv8ICFnNjwn0(U(#Q~2)k?vZ|429E
z82Brrz;g(34c|xkl_?m(>>VD96s>Y7<#6LO&S5VAAppqk#QN(%fnCuqMC0W4bdyD`
zX@OE%rFfRsgH^*AS}L9|={#e!;8NzBw$kwFSgHU^G$1KxdDyr&Xc8*|$PK~peL)=h
zo&?UBx%cn=HPAK@F9-Sn3JXPw>ADekGr0L731cRuD;d-LwNNkNcxTL<Z`Ue+A3r%x
zXOSdkY;l(bg)8en*I(0pq>m#gf>Z*Mt4}8$Au4w$q#?w_0Ddr3x!@E%dkH>DKMv5f
zZ?#@Jck|TwYr>@LbZq05kfUlLi-koG5`PX_b8pkA_SgV(mAs=pW{3Ok1un6}&Sz#x
zh?aTipqW;&8vg;WB!A>qw&cDT>V6lsL(@B1huO`)^;pX!M&#i06q(KNz4y=gzqk@X
z#YcOuomu5Oy7=&oxJ<@BZN~Ufnhq;4!T9dgJNKU{@2%e&E_eig<W_J(krrZ=@CKT{
z{&E5s`zPUk6G6bMNcaJY#nAF6luW~30?*+Hd3Rrq&j4l|a=%C*cP$jx|FO$k_r$&B
zyL}Hf{>k=QkE;H1r^3zXm!zY{k%o;Xc#let6aoW{-gvvE^VV<9N5ThS!G%S60ocdi
zDec`kVo^FZzh)^m)%`j7rE<9@`Vb$8?A>o`RH;VLbpLotjQqfz)>)2RI5LQ`>g024
zxxsQj%FW0SDaGJjSO>xLWp5oZ6GAGTZFv6(K}r=#>D?{ZZ6t$B<f=h&Drv)3%tGoj
zz!aP$9E`a1`-`6#yK_51L38#H$@<qe=Htl8Y1RzD5|S+Q-9D@J>#imDp&HbXnMT=#
zo;tCi>!|p#M~Dp*5Y8IyYYqsX-c~kp%g{UbMuRbyE4Zu(;N7URHYM~#ot_e7!2^=e
z6BndqzJ@a%1e7Rj3E3EF1lfH%j(xO4=)9sEzn~qY0UPrJBwkcd3R6_)p`DN<WA)xs
z?87F%3IsR*4BdUJ6zcl9T>C0*fa6Eb2%59_;smq-&R|VfQ2to@1D|s>zSDn-cf1EA
z&=SJFV=zSWW3U){w!g<9pAq5&P4+3p`<-mR0frFTsrmzMnz}gB&ckvFzvm4sSCST{
zBk=ijH?wKp@62WAj<?@`T)N%zx$W`Ux6kVY>(}b_E&<;h?LWDxa~~2ZH|oXXoteJ1
zr8iY!9l&Nn0PxI_@09rHY?6o5&;HDjp*u;G#9DA@&K#^o+fumK8xvxk5gt0$+LZ|J
zj6!EugJ(>OQ9fvoNTZ8l5aJlbUW4mu?l;#jQB8GLSKvWWh8huNi&PK6B`0TYc7_o$
z#VX3z^F(%M-bcx0n-kx-UD4vc2xF#Ywp}D@itg)u)L<kWr5nn|Oj2~vj$DP#jOP;W
znB?I-%IUh@vJXIGO#=$ww`Otj%-0z4+sn7inP2O}?rq}&vk^gnaVEVvL+p!)>BsiW
zpjVb|yT`KBT$O%)Zs2_o*Qxq;H%@cWm5-&#NPIm`)7E*k$qJ%6fgC(5B+h>XhwQG&
z<{?(O0zBIS{iX}T0~(-^F1Qs%B!y{aFINp1;Y|c!@hrC<u^GKKK+|l!KMly3kxMo2
z8W6Gc#?v0Q)5pK+<a2bQEszqR4=69X=L;D3XT?tHj3Fcp@ff;%V+u25=M&u(%T}q6
z4mJ66m}dz-4YGnzY%N&wnztGs{rtgpW=<1yVqTgY{Fc1&u|t@b3J{8cK)iL>v~0*c
z&+hr}f`LQQy%CQ8)wCBMrYGDnRQzuf41o^N;S8~mg5<r5+^+v=h3Zf&z!^4?Ljb98
zX&q<#egkaz6)D7tnVEERtceNP<Cw{z^mWfnyXL_6R_W$e=8ll38$CrdWTYTDZg3_o
z!^}_BK}0mJQDQDM88g=LT+szLEI1`Q(aMX`0k-lj=#Y3Du~3?|eeQTy7M5^|FuIC=
zO8fz;p~bh?Z7`w>J;MBB?30w3A|knbO?rZxyKgVu%n>7p^20dL<{?}G2ZsgE0LzLJ
zOrJ5y2H0Z9aD!;mdPeqmdk+v$Va4-x8WV>=U%&z(kJ&6)c<!Kh=6B&s%D;!rvs4l2
zyXJ(yNEKlC<fICZCFMTLgk|odw92!5sUj>YRm>Gsy-buB7)MYMdl4=OWdH#N5k_(K
zYghq2r@#1sV0I`yI`quWBS7?C-d8)!ieN6wcREogrfW6X8?-dWPcrUp_sAd|jIHYA
zC1UY$0o4ve4;D5BZAL3CTI@RKhJx71(q_JaKHjOOx8`c`@jB$FKNEkgSKd`MrmZFn
z5!&%*ba(0+wWYRR*x~SSyGYxAZ6(a$O)b&(yXt)r?Gxum=L%02HLRWa@bmsbnDg|1
z_Ju%5wpm!iA#sYN!5PYtZwxL14TVsd-V{h5a~6iWCjEd`z=vRuDB4aCFJa2#`*cov
zw&xw7gs<}U7lZbQCuNrU4rV_UJ%FeeSk<PnL?{`KPt+fT6#ODh2+FfFOP3(kl>f-G
z>%W%qF({qve!#@}78R$DoO2K-8V_g5I$A~J`rXEL+Kzo;yR#EmI<06sBalqGI?eKU
z+_k~jn-=jQ#o)bn{>970&$WrCj|I!wpg(Ix5M{G6dfTghmC5UpZA?fek*Tf=EkBEt
zR!YzDF4unwVs?f<@kZH*$!xd}&|ouF0hogz3nQ&-z-0t-bE}ZWIzs~L$D}0q(FgJD
z3Ip-asH308*+&pQm}fm`gv6#=!?A&VFBdpGF33&7ETMa5t%x)26$`;bnB;#&%!u}g
zBX;r0NUk(4E3Y*^#*XzG=eKW<WNGV`+&L<Gb?_xMJw}RR?#n@%khxsY5CX?86BWL$
zTOv3vrR5<`f)@FC$;5<>9Am~1F-TEE@hBCfw}O+5@ExC6FE0~!<=6Cd^IsC?lhlJ6
z-CwTmnI$TEiaARCvmwabA>J^rz%DLk%N_k$>j3iWNTH~BN)|+_b~qygV|h(y<Ogqt
zh}i+;<^^fT{lTAY?Ui+ZWx5KYbvtJ-ZgY4D2M_Fcv}4>#YdvY_w~9iV<$Uhll&@oV
z6CK0t?xxg~UBJ51hu4+&zZ|J7ZEAUM^>atG<`Ro;fKl#v=6(d-q{UKw0z^TW-=1sL
z_K)41c)#m7B!zv$nFz8gy?#2dPYT-%!64hOe)i)m=4^f{euPBt4Da%W1LPhEUK$^b
z%lcBXJ?`j0@2)?#wnEnwJA9gHpJP|+)}A01dL_N;lvB3=&fM3y2canHP-<LKDBtiV
zJVe-kA2!jh9P?N?&V|%(Sol7*IYp7!TwLNPZ9C+l%!t**PpMn_FM23LO&Ix!N=jKz
z#&ilz7}*Yj(t8c;6V)<`a}zQ^j4h$2P?JB}Iz^-5j9VgJSF&xF->-{}SJ<>Q`jklS
z+qRcE^{`mPK_451+mvrRMIC)6wA-5A=O&nrDH?7)8aez9jBQLRy_f7-<yZRZ_aFJ8
z=w-D*3;wVv(Su4lHTR-k8ENF7a@xKp(t9B;8k-&sQV;<4kl$y27$LC4m;IfeQXT`e
zUh&Q@vDhK)ykD=2GcAWuPJw9gmpK+)_v-DOc=e+~oOlGSmkBj(G@Q0aiz6TpQTEYL
z5g(%H*FmV{n7b&x8>)|rL85*t`P|o~lMq(tEP!wbp0P=s&?tO)Cc1gbH?$?7Gd^69
zob@D=6&yz4kaTGFP>4&3MYByVE7Fqj^~#0$T`1N*qBHah(WV}4VFCEF<#Gj03207V
z^~g5zyg9C1=r}<Upu{8SQ4?R0MAa?v+lNA*NX*`;4?patX-m}N=7Dw0zRbWLPHXF~
z`bsp^%_Vj3nXj(e?|!W~$JW>lR_WATUOe!d5jW7Dr?`K6cr`?AcVC3Q#Oex55DH^P
zccn*}D9Sa5UPr(nU1S4M+Cf~R(c4!5384oQJ`ufO>1=rl&U4F9a8Ukeu4Rmc-s|_;
zg?o}B=iT2pCCu6c8rHeg#L62W4nbk1qZGfr`(eYZgI!_#{K-&z7*-n9x@CfJhrgB=
zq{1DktIuI@2p$jeV+SBkrQO_K#qEs?n18e}$=O%Y(IAGC-pLUJg}9qB*+}@Pc@@dA
z+rX(^^u@rcD)N>WJI%47p+@S~H8^qIsvGO^grNA~?D-%(XdW>|>^wnNIDF50?n^3w
z;*t3XOyV`MW}@>2Lag}sxRjMy&HFyDKr#X;ZD`KMI_wykW_9zk6y9`^kK*dqlu;Mj
zw;wCUgbJx%a3)uDy`THx_39up694{<wPVCg{01hFhR+m?qJidrU)1`GcSmm03$A##
z8EYjsrpW`cyr9Cp9DE`U(a))V_jYNHVuSW%^rHGfJPDFq-KhC)@(sWByecAmUJZ8F
zt~c_~^%D;b#m^N{5I5~=8<#e(Je_nfmWrZ8+W^ls?hq>Ii5P+0G>xH{_ht9f=cN*`
zHP5rt&mF$my!!-b-iH=v)$W3D$mKZ(SVkoC!?~`T^DmAN#CdK#8#Kw(v<!j4votui
zheJc*uu8iDyjd9n@Uv_W(i@8ax*Riw9JYQ?eEY&ELU`(k$g%VI){btv{yW`FMt%R8
z{a5W?WSK;07Zv9jkT*_H&J+L1Ck92sL41r>f)r{;Q4bt}?G{SFl_j5m@%vfO0NI;c
z&mX6E%g{NR7##`&MnnUBhel3?C3r{sz*7(qc7BMgx9dKj4C0Mup)J6@-t!mn{ju}5
zG}E+4=Zk(ncs%-}Ay`XM_oArvs~}WH!sOG&Cl!g7B|%*lP|bF8`%zIlFyuj^PUh-$
z;5g`pKcNYe^#K@d{1&mZyOmW2WiL80o%*xyAGbBG>Glz35xPJ`P;V~DVTYiCdd9K(
z%1ML^G+`k_Z~Nt9b#)kXuIoD7ss2x~(QwSe6@e4@lrxZbIk<2Fv2Rni55GDr3Kf+R
z?+rWwF4~D{n4%5mW?e}kM<^g|!xym^*8?RWqRrwK@g(n<j5|pDobOlR;lanLUq)jc
z_*_H9hOzS*NQG14hb#L`tUCH{-lQz;CTf=Ke~m~acsa9b#Y4{66EmLjxdO3$5FOcG
zP&nG2&l)`gi2S(|Obq?(QO<9!#+R#ktY9%jLlvjeVoNxrfmE16^Ce$*&0qR~9}9my
zOJ0_|jiHr)3#1E`|1p>}As*8)%R&gzuUVGN%_lfC$B!oQQ3IStwl&ZiCLl^YL_2rh
zp_%>r_H@#{%mzRIw%NK*tL$!|pC$0)Pu7@3e+P@_(n7*2n5x+s%*IhZy-XeT{+m@?
zZFypBdNMsH80tj9B4ekmIOyc22OxPxgC_r*lA^4YA1MT!@@@7BG&yLNRN(K1GC}XT
z^8q1p!r3kkumEvH(Rb|Sby~$m$Nu6=2@<;|dI<giONa8|)~wb1m9P){6`rx+;0TJN
z{r!*_;2YhgR~Zwu-}BUhI`_^n%eI^c%{eT(8X6Qkj#XiNCR#@o=f1TS(eu|3EiSL6
zbTRh#i4s4T<ga;`O5APuQ^SW7EiXs%Eg?!pqL}qK)Hk&ufikKyzuS@~^YM*JREo>f
z@W?)vA#>^SL7lZ^SoS*=S7-ukpl;BJ;2n3UNGd^0Nxuut^9;kZj4XGoM6QOJ*J}sH
zds3g6j&!-R;0OU|>Ry}^hFGo~-b4Leb<f5^^ZCQ``E3apm2XGmudBAm0k86yyx8Z6
zppc_`Q-{iEl`k(JxPjQ4(+%NaZ+n+$N8%H3A2wrHB!4jgX7mEzdTDmmc$D^Q2bZ-J
zYxq*>#lSG^$w!!=a!5Bc`eB-027^H-I<G4(7p&jWp?W9k-iv1UwY5ql@F+)7%vliw
z3KR4Me_6hH`)T$SBcrs(ONm~ne0k04QFlP2kw$+VA-(ORvw?qz^$f;ut}{0ju<3+&
zApwy+^>&v*nOgfhua7khep@K3YH|)XehFdZUl)m>c*jhCm#LjToJ`@Lk-h{Vc)vS|
z_pzszOx||vxwu@s-TCK}X@kV($@gaRb{~IVwmO25&Z!qqE;N9V{@GvVQSZR?0A^{w
zFbzfBgyQCO@%SYXw_C8|!L&v3bW+D~B34YIl9%zijDNRz=v&(0*agWd^Usx$&3ktB
zMWQnbmt&okEc$pcD15Ysk;f@!(>llO<!Eh3<5{Xb;_%13oX$^f{*=)=?%HjhJF?65
z!=7&R3`j-v@ZFap5`;e#6u#iAD=>}oeOkl?lUo?#EE%>ftVbmCXW`9Vg`Lau7sRSI
z8myZ>Q~+2onP`1cOuXgFKAeW~XHAPeo_Kp%5e6*&)@9YCZC8Kt??1WiWcndT!Iy{c
zKK*qgtGt&@;a^<P{=8LKcx>#k4H$xVqveJ$@InKoUb6iku9_&_e7^YhF(8lTN0VUk
zfM5qfL!rGBKS|YzJrj|?DV!0CNGwhZ*Lrg&9@ndjB+>QI$$j{(%LE*?KCYk-8`L{S
z2N}N|!lGxu8B7-*6o2`TS^u!)t+!*yi3TxOd1uxitI6Ho%`Z5jim*yY){j_^Yr);F
zNG?f>o8YEg1s_duMq0mM_PUnWXt<zv6;@r7(y@1uUYRgpvP~4ns{CykFOU~9^lT8k
zM{)s9RJl^VLhXpY-)Wn=MOJu~{Te}0ZDm)Ce<LwSsYYJ8C?I8}|NEU&Or8m~e3Q*T
zbu&2~#osIzzB)+_V;Z|p;sdddYB2lK{Z-^Dze@-RvX$jPMwy5XrBTcOX(5(M4>xA7
z=yiH3`ufRJEdX%u>n1TWvk&kkmm;kW6B6;vM_A~60x3Ps^BLA~3*AG=fI;c!JD>eN
zVFMa>3*pOgj56|WDWSCMP_`xfi(5MFw-3fHf~av)s0?S;y9)qO2k1CvkOLp+VE2VB
z0NjHDoH<^A5)A$Ft5@-Eg<~y;yGk`$N6^K`ypo^PuiD59#<bvJF8%7f*pUFPgE`C5
zO3*5e4b906$Pg-Nbz^}%=LN*)xWn%kFjB3h8;fUwK&9SrAqbwG`jjc~fdaHcv%Gl|
z2#xG6s{S<~_$Br(lS|NH9`5Zs`8q$_5Ec^yEZklB^9Ov2M3V9?g;6K4Hzq=zobu+M
zzFR-Ov|sDtvFgHO7q4~kMwW(4@xyV$24L|2SUUgv4imt~1vQr1|8D~Xl27OXx_ktr
z_(7zJ1`#Bu?!KP<b^QOL2ZG+29QA+gB?#nl3^|2wpg^%1%ydYr`dFp@v12II!jrYb
zI##?7D&WMA<vRNZF>=&2=LRH(qIQ>Jy9pHu2(2h9d8E7h!gYCRd65Zk%EW}LM30h_
z?T6UHAcm#I5i678gQQ{Rf0VKVJJ6kLwHm<b>n%shrhP9d44*)fjS<2WNWTSkLhUlv
zqu9pa2s~-nGPiAE?9MgBETs?zLLkV7vp>@WS9<)sGwLnsS1pZ+=kXCHBwj4tb{|W_
zgdYxw7#Rt`vy=r)Ls$On(NL{+5hS;m<R5V^6Yo2qqE#gGEzxQt|4Z6lHR_DM)NLST
zuRTo?%-gADJZ0PiRU81Xg2f$W#Pq!g%jg~fRI&^`dG+~EzeKDRnfxF1B*Zsdj57-h
z-TVW+VPWidFD+gML1{K__hmAKePz^#gHFrP6-NxmJDzFj>sj7WS9*3i9SGuL#hTG>
zZu`d^`ZAxcml<U$^+}WU?z&zmOA%1kpeNDzeZ%&6h~9cP2i^ABxijO^fdoDO4s`A1
zj)-u{7|Vo^q8+@&93w)}<%9eM;AP7GFp<LjNxMn5g2KEV8S;;JBtegt9a9hnUt}ml
zLo5z%=EVgXpK8)*UHNA9BneR_d%7iEv8(a--Qv3%V|1F?PGgy;JaMx=!VRBX&n89f
zM-ReAFL!>Xn0sZBtIsT}xs*5Db=R-UK^QDuh@N3;mU6%h(yf<&b)5CC`1uyq-eyeg
zL6nGGtt)Idgo`}7`iVzF6Y*wt{7!pu`1jssXLCe=lb}lwKlM3t&qoW(lb<&wqj&7=
z1Ix5`Y`kw?JsiW=-cg<Hx1;=|2h%Z|H=$+Z5qMMj>a|-5$9>7Q2}?u8`zksz&rvmP
z->H_TXZp&Pva}ro=56aPXuHy1Jb&`lKWE<df{ZVvKq*q}ki}$&;S3v%>sL1L5ny4P
zJ+=US7--%DdW&#SvZuO#4Uh8>bW53g?>~!nZgxzwIrtcWB#G<gvSa6VeC$SmW)`4N
zuz?>{uypQ?1~=1}oq*9GS6;54#ZmgmY>;J~Veb~!cxA`NltC4B#?~sXb3%+fc}|cD
z?#Bg!F~*aW3P_U3mdzoc-50300BIWXMt%$F8xHj*ifE=(A7>80XOvcn6r=q0Eu8rD
zOEQtIgjt!kSD)@ojMY}TMYlfOIGS*Xs+Lx}?N@7mZJ)BcQ`CDamWyqE`Z#XC!~M8V
zi#d*bpW0sK-g1ppy98E0!*qnWw_vgvvM-u0$QBIIgQcSCGRva7YhUUlm}-}pC}Pcq
zGCE=7bbcMh^LjQ}2qbK;qNCt~!>xx0<OBXlNpo}|C6SnQLHv+Cow!3CVQ$i&PRK+E
z90FuDzU0dedW%XIM|cE1ev9n}$GbJWnSI)vp&&1QH3Qgn2k7tki~=FVK~c!qw2X`t
z%DAyt-y&%E$Ua<U`YNVO{zUlXIsdmNe6~k+A%)1}>2D5I9d9}K-L*w;$(v~bJf#Ur
z<7oo*mWUr8OSc~0?Vbu4e*=q-=4(&Xp&;PoevqXlR+0Qpnp~>e=l3gu?o7bq=gTal
zf!!e0WX~3FiRhBktCjlChy7f)cpM|=zZ-~k7C2Y;rS&Z>Rw)TqVzJ*(4>?y?lvYFS
zOshR&#r^I!_LSIHi~FK}jx2`PBP^Uzt<i_dH0>qul+5Gp#f@9UUzkbjC$0M%AgA*D
zI>+V~RM%k+2QpSYBlpeK+$SuQ#WUYMj=8zFuM{vN*x7}58~)^6f2$twRr89i`}3{X
z4?G76o+W5cIXo`>@$t5V!d6Hsplk#O_}07jfE|jd^(kTg0G&=wc1WK~){Ja=*S8gN
zZ|k6GC%&B?L5l^;c#DuYyIJzed(v+Spoc=dycCkyX6$_kJ}TlPQ{~up;?|>ZOKP6x
zo8<S__qJZ}@m*+*rtS+KxE-4$AJifA6cJTD>*QNoqIEk5AB?QROh7Z%8y_dsc>~Ff
z?4z1P9qW?~dMy++nxTktr6Alwj~BXo$iBA2;yzk_*cR5vTMQ-xslIQk=vyA*?7#>6
zPkg2cpQGaRJ=wC7sCb4_0@jU%rsSK)Fwii4;XQp$;-G!4e-~Y)!$yy=V7+HD4z5T|
z^&n`Tr5|x470$`cik)144lISTp=hpliOrm#jfwng#S@?Itoz|j>SYTYAMw1AX%_*p
zcvJ>{zZ<f*wd850QaSg0?++^BWFVeeh7bt|OV;KsjX@uht)YE3D%<tL!Z?35pIWmz
z{OI7Nk(FO<Z@xV1gxBA>I=qCq#r0&C-BOz$>l$@$aE92sfL<2j4uVv1dp<FFzT2PZ
zmW~jK>p44!(nHLp&-T^G(js^C>3{}Tw_mvd?TgHzO_!hHo-eq&m>l0)W+g&2SJd8l
ztTK@+E;ygj3_H$6s`{5OUO;6iSO=E^KKt5>eIb7+(!d|fG8Vxmq&4{z!RB>f;$t}l
zhproH$G>BhtwNO!4W34-)TOz%7g@ej9tC25w}{kUJVK$v>i1Kfp$P%V^>p=;&vU~P
z)!+JRkGcw0Q#KT>&NKv8{~SuNy_{cF&8OnQWRO*Z6(gmpqshEz+mf{XWi7N|XXcP$
zL*O$?4H4^NspIM>Rom+6ehgUvuZ<n?4oJ?*92Q3#iplOvuxO#RAd^oY<kYk_LaR94
z&ak24@^g6nI+5e7^2CVAS;NwX>KsDOM-(Wz`is*VeqnUG!SbNmU+Bh`0`D4c`6wbH
zVTb$7)dgzf<Yevnh?HkRbzWS7$rpm^2wtZq_vH|eiF)zk(yNwtLi=;_b7Bv=IU`Z!
zUA1a_lp!@MkEepwRvr`5e<y6URrUVxy71fp*yHg3!`^$xHPt=+qM<9OpaLRAkRqUz
zBqV`I?;WIw1q1{YkSZX(grXpdGzFw8f`|fwAXN|xA{IcYiiib4rAzO3R`B_i_dNH$
z_x+rE&U^nje2mHLJ!`F*Su@|6wX^mP(?0#?Q?nw2orQbvjHt!j4>~P!D)Y#E3|)?e
z-Cc!qmmfvny5l6~<xF!p=PSR)&4<mu1xs8{oEEMKZ7^MCIJGx1wj=qM_lFBzCHnAX
zRQpT4JxUD+9NSE@HX5j(&9)<1km5>N%W@30%X(sjD`dH2OF0M?_lex3-Ls@~%1>8#
z3f(NqPn*=oaz40e+OIWCWW5|7QG_eECf^9QqEVH2Q<(TUC#IC;=-!G0w{jOve;O&~
z&&^yoam4?Thx5g_BMIzccZ3bDcE=Ri?jw?1FUmG1n|c?vrh8v}Q@S-VnKNI)WLI8H
znVHy?sKn%}g<7{x)nCvP&KD^aDP>oClF+R6Oo=xq`mlA5J^z*iULwZ>E?f#CYiDjL
z-E}4}jXvmGQ)8H*q1AGzaOd+^CKW=5cqFxY;^f{vF^-zN%N**eZ+w?I;6rUlY{rkP
z5z;z|B1Ntr8`*ZoyXuGFbVW9G@^wumub!bxt+ly(PdIgF8hhMpiKbVMy-!d1Uw^az
zq=EQW&Fs8)ikc2n9p*V-<(<C1>KDtMIew_3r{Y~V{MsT%j6n0@s{*59OIr_1jgxv}
zG>PmS=d4vnbQGg=lumw`_~Mvq8pCn!mxTS7mt0q7*y}Vo;-bW+VkM2mSrkQzLROnJ
zZiPDc#5nY=_FU9m9skyoa^Hb{jU%T|QTy(AZ+_9;@#by1N4t)g3SV$G88L1>5%1Bp
zY?r9Vt<&1op%(kfrt4rL>>i6Y<4f+xzubCXQQ$!lS>Ju~o!mJ;jGuCFt^Qu(*=yH$
zD_c$8e=ZVDcu9u61*S2YgiD{Cx9Q|x=h!7!ps=>fpy`SZh4nc5)!db!yam~$+%F7l
z2h0!ouB8l#8uBF>o2-g4!#)2|=f*AIr!g-$%P{ZVkRYrlZ&FA{lV=)~E!sR0l+D!q
z?OFMI=cDf&J@*T{-Wu11V+=9k9dR$OMq3M5R7vTF50ugiU*I~Vv2i(BB3bN!KHMYx
zrx@RjiNC(Ejh739K`#zC`p-uUIJq8oI4L71<>BUV;ee6$W@c{GYO}7627L2JLqV?%
z@HHVOx9Pznc%$($)mFn4xA6W1g5E*ZP!)qIjbm9pjy6AU^w2rtg~7;gK`)xu6*nR<
zm>s3M8mi`g)}wvW@f_OSl*xUz4(C7Y6%@4I`sc5-EFv2Hsc2|u2nY(YZQW|FDPSE2
zBv68E8|VdT!{Dp{`bZn5B2Yg*?KTzM{H~#I$>G%4>+yns(;GE?=4Q!#`S}jF0%<^y
z|22P<M!QG7p_M<=jPDfJ9C*+vYuFpaZ*#9BYDT*A_)K75S7>Bt6sz&P#Oj;1<yRFU
zAz%B2+t-$~gYKnIy1V6$XNEqPos?15SC(Jdvd~R~ak=DXl0DoK{E?Sn)2I?eX8bbz
zrD%R?Wuj9xNUVL_b6FlXgs+n8R}b)a>@W+{$=)5xjZwLfY7)vux02#C@w#k|aJ}B|
zWJ#aqx3Xsri<0%$pX7U%o*bm397#Gg>r}$(9`)_oo4FI67I9`K(f3kjYwB3N$}sTt
zS%lRlpZ>g=>G{QSf>_IYbGEO}HLdYu(hsxKH)DL_2+?`(U9-O5dR!zoF-g3Y-u5%(
ziE1#eIC(WGodfe+n>+X22$8Xf$A4lktBci}iV!xNd-+Sk7u`y;)A=xrIhGwx=eg<3
z0`LypvM#=lD?+l|uH^H)+!`T6=Ejr+|B^btGF@2rVEJ(@m%;@*56M2*<VHhzlh{3d
z@7c)I_&b$nTm6=QjC{Z4{OQ$kI!dQpe`csC<BI#!+D4kFZv@Gv2Q!&fMoS+qI%1OZ
zEi-hTU;X@<$)%CCgNbYGa?|+XkJ0<8SjbN>9^t9t&kfenxv&zG2A$EaF{M0Bn9CQ!
zl-)fBkE~R4ofByM_?r!D_HMC0EcDZ@o*}i*b+ooy26$=@sl|ExesP6GT-4NUfIx#4
zx%{a^v9OqXeqnzc^W#Z*hKelAEtOsK_xy9B^aGb~O+F~s^feN~)INJ_8W)y5?Dw#)
zNxDTE;}czV#aP;1(LYZ;X`f#?p~E7@Gk}Im$f353UsHRgORCatpsVhty%f!*s8ETy
zo`j^{8M&t7K)VfGG)|9FQm^?ZXV(Q>@p8Ji8?%yh`S7LpJ(;FM!htfLZP%Ww*mz%D
z`BhSLx;pA6&J*`Nw@8E{nP}7>qd%_QXr!~n)lyku|NU(ZjO47DHH#7Nf%%8WLwDQK
z<=$MiJ9YBnsj+0&U}eSRjCQUDr-Bc^OudEOe|yTh4m%_~?H}-FEMZR$l9QC&Nb@TG
zQ@Md`J9B3A$74Xc@8N6N%GdZUGviirB;`=ECHbR-54UH)(QUNbpoPBV#^YleqE#-<
zQDvQpY=e4Nea0ouGJBrVvY8k6WwHJ0eNiT1;!(<eTC)AU{Q88zjab#1#t^I7508^1
zQuk=ZVD>b>{W4-SEZFb(ODK!&Nv>nfU|s5hvY3cMb10AI=T^e;mwik<$KD;^nb2l5
zB4})Hkb0+hQNUNocJ6lVq5$KXXd}Jof>!&pW+(d|-PtX(^*XKOlx^t)iMN#4w-<aY
zqD&?kjm12h3Exq@@#Y2s)0;!pfi&N~JE~WjZcDQ2OFbY?%S9Adz1Xbp8O%X*>FS-k
zN@XMJZb#<mv81%(g=sOI{ziSzGA)}aZ#J#4q2=aP!{C-cTCOY86?U(+M!p+wIc}*u
z@f>^pi=Vx0uY5cm_aWNQ5AqvU-bwz_QQ)af5W>!A)<);>j|>@KHnP;cxkK=Mh|;wn
zVeKz79}UCaBwa4vC(PHJkh<tNR@^Xn`@^qv(<ceMDFyci-B=1+-;a%GTTcu6KKpUE
zpmlJJrSS3Ox2(B~7qmPxw6YC@W#{Z{iGtVM9wu4|`#$EW=Ap}Ps!^`)t>LF!Eg3V0
z$A-{(oGx5SYJa<e$vCgWJ-j+l?yZb*2PU#%A8P|oDKH(LqnkL2n7UUmSE2`?U5h##
zS_5OHoD<$nHZjX??c*=IW!Z7&$dAL?o<>^P#=**Qw5j_l{PqkL6y0=av96pu{+d23
zB{5>)S!}({*-j>ZxrUF?^i^gCn-Zr=irk03V7zjaZcB4+4<9J>R`+uQcfM1!>uO@y
zz-u6_&7(RW*a^mG<hgBVjeOYm^rGpu_>2M|BJLE8ac-v!JUpxJ_o3%!(m*<}=VXkx
zJlf9iSy%jruzxPkllEt^Hi@sewm0tc?`dF{>&{#<u4y)7CN0F^SX{QG-Sb?0xb;;`
zyNul;p@?gM&AuDAG-P_~DdodrQ@aE_)uz4UV1ovBX$b#Z_)9lJBBwF}a|7Wl2kadZ
zk!DCW&<a`JNw=0yK4uh4i#^uflkoJ?F=6F}sd9F!mfjZ^o4!<%4_au^q!x>7D{L))
zs)2d4y5QcssCoAAvA&M)b+lO5^oj+gC~kR8^RXWpSxZA}(A^uuM`QOe29}3t<n``+
z%%gaQXo=Pz@|{sNijB>|7}y-5seL{<vUWy1H6y`wW$u3K)V&y5Y_QPtI6DJ!lKSP+
z?KHLK%)&#*_pW~N4fa0DV7u#<+)%uIhep1!%p+4avg^$xrP!XewxP5lTI_avgEJf@
zbU)&!WHv8<xw_l>V}kn>u5o`9pMB#<s8+?y%8x5f1rEwlk9^rFJFgYfVy#i`+r*o1
zzrXrt$)c;J@k|CMgRS)~+@7di_CmDY-%d2hZS7q=KCk|vS3D|^T?|t;mBJfvDaOsD
z2{T#9h8?S@L=nj~yjhOH_SAE(_91n~!-<R6S8KSiV_B{%0?Rn5%Kp|be3Hx!n-p(L
z4^G%iJfob+=aLwU#KkM=1x{x`&dgA+*$!P#TWnE&uJWNtk-6cb+I2ZQ`-$a!j4Rn)
z?=Sm1g23GNZ$c{9+>B^88PX4U;tuep{It!gsOO6q%saTnW~UHygTe#lw&-Zp?;+wk
zyw_Y;w70xJaR4*u^lYUygO)3?{FD_loAzzmhK<$Tqrs`|7<Ci!M6j<pMs9ce%H0e`
zu1L2td-h*fxAD<rplrv(v-9$4&I{BD!16=;4sF8)C+BFI3;HGf`l?@a4r1gKT{q)4
z^w}vhUKu(^@hIGK0Q2sk-KKZ_gKHn<m>XU{AU?yQ@M@%ZJe)m@c^AkieUHsPzCLj+
z;F}nxd=mllcB0#uF<huJpO!7+cizO$SJ`(l9_el}k0!Y7u>J>_8MQ}}SyTd~<oAE8
zOHw{W^O<BwPHCqJj-Q1e^9~pC)n^cpdaN8h9x7BHdPZ4{fnrJgE!CIwT0G1(slr~8
zG5nj)QwD)Y467f)*7BG!m97SAO095m`{vcDW{d~Z#{)DvbfISt_erc?3P<M$zIA47
z>mlLd6(ktKgnTn;<9977Doqb{?dzYD+>7~Gk-!xC{YnE#H(%o_Z3Ev#Im30!jyI}P
zoo`)2V||s_F|%J5#+K#Dk|mPfReV0zXgw5ugzk)3y*D{7>-oHlwn53jKfRr{SCD)0
zdGq<9%kycp9@FnEEQ155zjkqMnLUK*iAs3X?RnJJQX?wR>U7W;MVdvWvd7riP$O!=
zeYvlTb;<+-4+vWk$Y-cf4S1X1Gx2d_T#PS!SV{L3)H1Ut1GL5S8A*oT75aHvqW!tF
z4WAUi={g#26>PcN9}{a-ugXACT=X*9?2`7wrEAUqG&DM8+22|aW_Z7U^pT~D$8XSd
zq<vb<%ZSw_22usA#uiAx<@Di>a6S`Bvz^qR!kr$J&Wu?ieAhrsj)!>~&WIqEfJY*T
z#k*WtKi06`5QYlehYr-8lcbenMH~aqzGdv{p<j5GZ)cz6ZboC<|6!+hgdc76@NG<q
zdwTH#A%8=c$o}`0aBE+R361Uehi!IVfSksSKpz0QVuqEhSt4bE36Uh>t0S2)OcN;?
zf`?OnobYAYY#@~f8oLh5BbK+#yEu5RS*bBl>Uz6ay<%)7YZ|ZF(Ix5M!FX%{lJ8D&
zz@v_;f%|(gyiW)|-wBWJ<PJIM$LdSnrES<fE!Dsny?4>S;7s#LaP~-?&#@Oy;RoM7
zt}156L}9;c8Er4r3%HT<R|hX*^~r`Mdq2?*)}a1e2m4&2&p$kK|9ErzZH$M&y&>pc
zL+I1~x3>ohAmZX>J=1It{;F8L*;X>}4q9mRsusr4Hk^gAqH$DVG?;1+xmbDXa$vUP
z(3U8@jb^<FvK7!asG4KCv}r!0aWoiggV`~~Ah4>-@DdV$8Pk1`=Ci>5?Y6-=5#&wh
zoeMA?Y#fxCGYso}GdC=XVXO`@P$F(){u(ecfhQEH|L4RHT-%HZ2I<LULUTC#hpq3w
z3@l2tD?QUJg2eo1S3O;oUZBpMr@v19IT^nt@<>WYv?%vgg{#P3d+r@V9K6h}R1IBM
z?2-KlU%%UZOQcSS85E|E@BFYuqN!K;mdt4)hR%c8SGiNHEZ`WIefPPHJ%_K}a#oTg
zN>vx4UYQ%HIu~sHYt|G{X`R2Z>&E)Dj6mYbN51f2^Ovgg;IX9NPb}KfpZKs@X){oQ
z(|xcn#KX^CV4NXg4_SaOYSC0Bo6!#^?)NB2Xg+C<>8XT8Q8paONjk#^?(6E+7IY0U
zSl<>S;;Sz~kF!?3W8aViLQdWH=a|o1$yso)?HbyFM^8Kcc7=fItO!YMr%M;ypH>!D
zoe1qZgsxi(aL+C_pQrkH_Wlj0STwYkiaUA+dST$ZOf!uTDC}o<yg7Q>Wj!X#`rgNR
z2H2YAX3prXhgaSEE@{rbuLcl>+tQz$;Q$d&4n!D!uFxcuD2Dl=;LcN|R7AHtKL~xM
zR8V>ZjhMde1$p%IDXu%`X#9=>%khCH*$A_8ZiFhmpBRA0c=SYBV}`?~6EzDao4X4z
zC9HRg7Zm_<8mq@XhU&!{*Bb%Y&do1`%2Q@l39}J)Y_M+@0qEm81fV~U^qR8004*y=
zNnV>oby`0phpQx;W2#)+3(k>6N?b=+o}s9?TQM`GS$W$_?>cMFx0QpN82uqwEguxE
zz4%FiBKIR_glg6Sn$H%l!~CB6uS>s^scf{37lnQdsX##&aMQBG#6SBgt=g&?1Em-L
zb**Q0jczMVi6WsN5|*pe(h!Yqob}c4_4B`}Q^m{`{(};y7q;65aDYc^By*KWIJ0rq
zOk8e2p9AC8SW%yWG9%P?ji2L>Fi?0Zi);wTrmT(VHtBjl32YQdxIx<x+Y27gZ0ne_
z-5MS@v<cdMj946oB%8M4w$^w1MeD_|uOkOBRVKZQ*XlyGv`~^^yjTV~?EH#I6u<pr
z&bL9C%oy2%qU<J}O1bTsle*%z8I^G4l%?|P8%;gYm}8+Lwi$JB<Yd6O7*r!SVWqC8
z`t2d~D&8KbO`hfwdb^vC{b?u!xKPDRCa=#W4%rBQQwB<U+navA#|JTMfE5qUj(i)t
zZuUESFUG37{C>Rp<+tsUEgFrhwd^`A#tf8UE?mXvRPhb_-+2XeP2JuBAD_pL2g}xT
zhDzn%c)unECH{|$IDHzC<~*0-N0|$?Hwms&!MNMP)sapjyIDnh$W{#TRtL-0`b3!<
zuG)F%{@#3xBU0g#?IAJ>#h8Y6Q;P2W6GzE9`!@J<J(l|R*)K8w?MSE^lszl?K6YHq
zA_n^yoxTgO@~6_C;qZ9C?vl8i0`Rblgxv}2DDzqEMoQ9&`$hbRm$Jnm*B-?E5Z-BV
zZ05)=DXeDBlYS|NtbvC`klcP_!wM3Orq8IS4k#PShNKt!OS5iI#cy?yj!IZoR-7e^
z)@bq_qN%vJ$G_aNP?G<Y7Jy3%6z30JY6jaCBy5dx)0Off1;{+1%};3twQ7EvRnC;D
znZ{>S9kf)Od_MmA0<A~&6<*<dS9Xf~6qfSdGbm(Y#WXxV;}&kd|CJDC(5SDIDGyc?
zs=bSiXjN0aL`S+P<X~^P7GJ9v|C7_<>-`Bg+;JVFrxo>?feI7u@61$9=reX{8MXcB
zjhn4q@%8d$vd$wr)=P-6HuF^!+4TI}u5ZF;(H*0!;VByXe(mbVy0A)*Amz`krh*9{
zalMO|>q0#Ce)XITo}+uwM_Qct=Do*ntgGR76~D?@N!LoLRDw>ojjlxE&C30SAus#5
z4ktk6dUC)fk6wsubhGu-gR!{S__%~}XR&I!=bzV}O<wL1n^6rez2YLQJuq3bHdNh9
zn=X{ebJSpe;!W(SwF<xIvlEG2WK-AQ=ar&Q)K2RCPT+k_z`g3*-h=;X_ysb6_*UIn
z=jq0N&sO??9Lte>?KgTGb?=L|&$jHEdnTZ<HJU!?fPq1xB~f|!QFfqEo3c}Of*38U
z{zg4d{pZhKeOl#WfJe1N;duP549pXGh%-c<hsVt!1a)8QJ(M(XdrO$l-*{-ur@`-b
z%`Y|fupN2NM5=E&g?Dx`RoBvdy9wqqrGK&6d7`N}ep{y}TlLPkv3on0OZ9UDY27v@
z4LiNzm)F<(Sha1w_DYX%za6Y?%UONWma`}+jW5i&WY%i4rkV&PuJqLpn|kH_p6=K#
z$PxDR*PPvxB!%CO_OgLXwuu^c+KIh-X%de54zI&?rq`19W5||#gW=>ae!6%Ahxz@_
zw|WWJ5qX=}%6o7xF7Q;ZJ);>*CBCKk6nA;Tp&%mOjHt-b?foXOng=5@I3KMW^~Q@+
ztJr2Hm(?SD@cP2LM7I1pBK)5v2SjcJ=55g!yOSJ5IZ3wOR&(^1&OotKGt=QP@9GSx
zbp6a2-dZ?E)J=Kw^LKT};}@l;o0)pplOwD4-P%zrv4BYzJ!PK#{PjzDI^H~SS+mQ7
z-V7yY-gT;22JZ;4x^ffy-OjJMkpIU8?=}Og(`!e6#h<Xb#p~_Cf@M2+D0uK0Zr07R
z-}it#mhtO5dDna%C21cEPqT`dvWffOciEoct<wwwZ1b`5G!&`~nQ|1xdcMn2!|4Ye
z{`G92z;*ahyQ#gAH0EZ$We3iFskvRvs`KVYr(u3GsqclfCHmAwF5g0oTEod$EB}nH
z1+%dM0&PkAGYKg^b^nfPmdq@J>IBbcm-tinIyv1glFB>V_fDW;XIj^M@2~V1n~i5N
zWuNC`zq;p41xDH4(pp}-!}{yq=H-S<&7uh_2f2mi6wM0FUVF{ce4bwps}h{QNpSR_
z)pAj6+4wm&W3(m2oX_Hr{jK@ia`7Gx1~`LK1KgW03=|Qaxs7(ux#(Wp!vzLeaNEkM
z30a7r(k=@gUcz+UvK(o0!S@mB&3L`#9&Sx%zsY`=mx$?+a8gd?atYa_s7fdoXWYsX
zIF0#{=}l|CNu%3-@aM#0)@#?`zMqzu=c)mZ3-3xj`|K@pDmOH;;?}1t1(NOC6`b_r
z9PNh}G0)$eQJq&%HuRQeEZNccIQCxJ7K=EN{OMZ9rya@F2Wf1XesV4aG6mW^yY3^&
zC@Y<riG84ZI=w@ypvdzs4O|YDH|&DyfonPB^3L&<Bgb~<wx%h0Esnfp^y#C=y4Pq1
z7t7C`;bybnv)s?c>)u%CH)NynD*H><TZfp|WTl%Te3--G1bMfb!6fj+y{F!!*kkLm
z7(0SGvGcE-a1F|DUdjFxYZ?COYw*Z<G4ss`jqSw|-=%SjpArMbHSw|!^ri2vq}~&B
zdzL*O`LiH5G%cp->GoTX<QK->^2g6i*S(v&G#>2DFQhoiuH24c{a<r=8+x5cZ2THZ
z^E}C6c;FnzC>lmr(@3LO%{KhszfR!#6{?j98;sEF@4ikTOL_S?D8Ng=$LXZ6n!BH(
zAXWe?KqkRIK><Hk7dJ0OK}T<IkNwipzP`RvzA{qoo(|G@EEX#bt^Tm=_j7S_bN)L<
z9GOg(rk)iPa5|wVsB7=;=4GRH{Di|voS=Za&q>cyF7Ce2(&@yBlWu}a3SQp+E+>^X
zGfNqIo$@w5WpD22YNKjzf6~pHVB>Pu)zJNf4H0Xj<>cZb5V)CH;1qn=FNBqo(ZtHh
z3v6Z%-ps5Z{Z}6f9>={M1z=P|f~*u-jwFD?s^ev)usEz7e1v~eSgfo7I)ar!N2nxX
zl_md0k>sSvL;{}5gqq0_ftC~a)88KoF_CcizfPi~B%;7yP5+R8`u$f*R+icXc&R5z
zGXF*rsgx{!eQ+!pPwi0-_m`x20fHRpg0!N3!or+Mfw{?KYIkS~|AnM#f7FnOm%<UD
zCxR4CfIyOxkp(&b<+BV)iijnv6NplBa<T$I$r11}0zk^h;ss=6rEnw}APG`(GKeC;
zK_KvQ>!hq4PF8>*BPEN6!QhK3EKv?DB?AKz5GjKNZoCvx1`j>UNf8Mo0Rm1+PL@n1
zWo4mboD_~sL?_A6BLOQ##9?6|G90D8$r8b0K+2HOJ8;QRNg`R+;4g{*P4Vi$Lm;E3
zASs?iWg=6V2~s3kBqUafK!C#p7=cQW!2=K}Lqh7}q+|$WMB=gQQpuw637`;F1H26A
zBLkAdyy2lkIYg0w1?h^%A&Q74Ac{z$a?0R<6Pm*e!8sf>2a14(z=Jn|89+=Dm6DYK
zvB2DTG7=Arg+ulxf=Qt%9u9*5Brqt51teA$+!tt~91H`dltI!WZw6+Z6cI5~CkeWu
zszg0YmI0N4#>&AwfCtH-$-_#?B5pb8gFq#TSR8PZks#<Ss0_?xDOnPDBXTRe!5>dr
zr;Z8=*t;C}0<8E?!&Xqh%iGi4`J|+;(+O`!fE%il$`S;rv8*WgCzu7Ll^~FP9F+bY
z&ocIDeo}|;J<;oL@C+vQzYWg-FaNjV85N|cc(#sS2nYU&W$TcFaO@vI^w-HhsP!*^
z1c>&pXa(dSp8s(4-<wdWKN$806J`Hk*k9y2hLMPWP!>WR^@zCE(U$6gSRC#j7zSbZ
zZ>R+={*|Wc3@8Ti4KYQOg+L{!6QN72EKUI4WwCN(^o|461ST>O5CXVxSh4^K7)TH@
z0C*5N1c)mlLI((2pyh~oIRT=K6ak`<Bm-zi5Fp}Euh32gAwJL$1tb|NT;d5xKRGE9
z>K0G}VjiN9gaa%_q?`;jq)9R$1hfVOLO3CZQUbgooIuftCr||;0uy*GmH?WQu)rk)
zKueaw0yokU;0T}%@*7AGiHQggi~`^V`QS9bHx7Xa2`oz021PtVZ~`PO2v0dkzK90E
zh0_r6SkyO_MzIWuWSyYq3m6x=CP@)UfLWjo7O)#gSpw(=FbU$oxL8PX0Bcw(NC31T
z>wz*v84wRnlObmyUF2XG0C*XgS9m9p01QDTybL-H!earE5gURQ7>EG21Q3ux^1zHB
zD?*=S0s<mPCRpej0V@JLNB~G0ye#k_z{8>(LIk8kI136AVZOjCv8XG^9$*}pC88X1
zKdKi|Cs77m7D&iaU?u1TjD$#F28X~BAxi;CB7rTz!Z<RB2YrF*s161iz$D>_2H<4y
znJ5MBM*@Lh%0YMn0aS)wa6}{lI1T{|H1NSk-~bnr!J!!ir+_}FE<^y6qD(_|8ft<?
zy@JY+f@MJ+Amj+(+@Q8BLTs=Yv_%#nLll8|QN}^`!J#~aJcgQNaVRr@q(m~Dg`5u*
z9^3{996&uJWYhrx@-)ySEW`#fBMH1}okmu~$&m~YH)NA_N*%hulF2Y#s7fGGJ0_A)
z4FEEdpx&TP6A*YbD5OLgBDe?04YE<E4Fw&VKJ2<vks*A54a$b~NhHGP5PJlOSr|b^
z26+=W8x~KUR2-NT1dt`c8@L+PCXgUubjVs*qzNbpZ~>l8g75_jg%nIM4rYaV5^5O~
z7T}IlnnVCGA?C@58w?0}kO;C<Jshfp^#CIxHDO}0pbCN;6aY{SK@Z3Q2&lk8(+`J%
zhN=Zr04|s@YV?9M;Q#0(xSt%HgEt%?4Fo!#fI=F806YYd&^;)(eg-BMoCpsMP&?=f
z>`R1DLxAuP*!wS~TvR6iTWbABWef(uqUi!{)IkEs`&9dq5L}`NLlGw{g-0+2G&NX3
zAP|@gB{S$QOPvTZG(@^16hzZWMdCjsYA;75!34osJj@Bu03_?Jk&7b>u8#^hhs;Yr
z&Wp?_3yq*;L-30_ky)p)$ZzDp6fh9-m-PX`F=1{1^{`M%p;84wJ@Nu%F#rQ9sGw>K
z8J$|0f^W;As0Y8n5?};S7x@E%YZN4aEhv;xE&!TJ62TkMltU$kW*DXgc{Es!01*W^
zK%z1upCv-Spn)t7WPwPaf;TcVOe@3{au$*diaMxQNq{ggvp53sWhnKKSHeUik4EOj
zQoTS9VWunsK&rbScSJ^}x)K%%0Se22A;6We$Y()gk{q0do<K)xHlrSfj#1`ADua38
zEKD$PK^-cKJRHyxk4yxmEA#;-hv-JAD1#b-8{i>EfrdVShGZd!FcfA8v?ap-U=vV?
zh!g@OC!=w}WC&q_#*)Cuhz1I*4Cw|499oUQ@OXqls4-eQzzhNIA`&gVkh38s1RRjv
zK~sV(iXA`>9OMXO23eHm|LMs8bD{A!Rp&wLT?Lz9ZykF5UDb*E@2fhA|NE;>luC*J
zC_JeYwf2NMgbdMvmZNA5O+cSexkrFh`fs%-Od4V!uUDB+_W%=`X=>5Az6gc_>#wH&
zTCNhPJS1pJ?GQ2q;*tYUq1Kb@2_Fj)zb+N{23pu5g7DX}824`^^h9N))|7aZy#ZKc
z<WNmXkU=E?#1*Q6)`J=9JE&A(`GuSx6@P#eD2yP-;gKxV)gaK|-Z)h50XoT`_=Oyc
zr;-rFFdP=53az?vs8ECqP5`t3S_ZeCTV+5fDha>?IRTRX9}3btbs39_N&@5ql>HGe
zL@yq#fDr+LLjUTJ`vCwUlwh@tgMtS@2+AR<{7@<b4Z#c99@GI4l3h>zh@eIofD@o7
zY74VS&04Ym-^dgw7^&$T2m;_TRkd|iSnb2;DC<Jx0*)XnkO_e6AQ3?ZE}ejtAU}dh
z0VxoSA*&&QQ3XJ?A!KoA3J6ZE%uw(n1pt+)D2-4E8bJ<PZ$!i)z=DbjOigWtk}_DA
zM1~p}dcn$2u>z0kF2EC1d?Khoi5B!Et|tu{RO|xwB3@)apum1)w0ehk0)iW;w-8nV
z4fzKQhopzDfJCJhNcra^qCk5hf+W-y$~v&oIzZtFcvMP34GR|@P(A_+|NCdK&7Zm(
zE&Tsb0FNm1p-Ku}l0k8V2(Tr}6VMNuRg_gwjR*&UqMjln<$yqm5cw&18BpjPDrnc6
zq4hizStvZvNf}gpflp9NL7?#{T%gQD^$t3106HOmq7v%Jkg_P>BTkeFK`jzo8UPwr
zV4xpVoM33M4i;q>qyW0u04`1jVNec0m$gvxgZT$3&~*#Y0hQR`i*gVvFgA&rp-}yf
zdX|N%4%Hyw&uFU1kfl+sgK7}@00CHlgo`>bICb$rO@-hHAR)pMbPi=0DDX&VnT9HQ
zl;{Anz>iV4{|x^B&(lYU$|lxxZ~+#*{w{ss|NGJhTz2{2chLf^Szszj>fk4+3W7=f
zQ`Hmj$Xy@;;er>cwxIr|#wB%Sh(mP+Oc-H(c?p-qfJVz%@Lh;88EAs$oJcf)P{u<H
zuT!W4M8T4ifP*oi!lhn%grl%vMT6r}oKV-?>wt)gwe`{typf11U*x$cLIA2zxeIYA
zhXnjfk^ebQ`9}>7qWs&{X*@M2kpX(CSq=PjJ$>T;&{Ti{6kN}Fa2<h~Kjr@9#6Niy
z3Mgv7e^TZ;6C@avPDzlIsP9mbQ5!=TQE3P~Bn$4}D5%E&^(5HiUr8z<3mqXDQAVR?
zWT=O!(jh6(Rch*mDD-Ll(mNUjX7x|00Iq<;QZq0tCs9nIi@^vbQ1<vY3SEprkhDIt
z|4#kkgvB+wO!FTom{vSd9j&b80FuF*pxyxQfzHua03evGEKDrQp$KsS6<`$bEfQ%R
zn&8SWaDmUQgB&DxAfbpxi%}f-6BTdKvJ?5E46NU%u7VcmDEXnbfWu&P5CE;c!SC_l
z#7I=AWvPx2>kR584OCo!I8csLFFO$6O2fJ#&_xLFh`-E&93H?E7GB6?RO)}u8~>*4
zU7O|&wFJyUufM}Bng2fA`afSD{kiZ8$qNP3Ul(5gBLB~qM^L-0=ZF9E<<bBDzdZUM
zu22098U>wyb!ue;27_LIhem|IzcUU)fiK6`?~Hq@bo>=O3Gx~BJ~x`tW5*oX53#ol
z^4qUQs)*&X?6JJ9OW@SCb7?OZ;AoC8HFdi9I7M$m`FuRL&enG+gO8&Y<MlQw5oU|T
zeyHo1={U0&9(YXImZOz^;I!!`!%GYO%hNoCcFCFYW$zV-TF$npy=YN%7$eWg_kV(4
z=>8-VHZwCLyfD8b?8F-B*ipCL0`wDP)<}#RCR^z9)Sx~qqG^@f>!<%84}JEc&GoDd
zb#xR9K7RZLUPPp^dDd1_vyo648dA37a|rLl(6!a<Cto}wwzsvnx3e-aG3j3yZM~b>
z5To7_yiw;`TH1%9=lu^KJ{(PvI>ub{mLv0xP(v4;Rh7q=O!y)3Oe-s^Lf_%BmoH!P
z-#GB&P~~DmfU~pnu=Zu%h1JiGBkU9K<dE|i9vTnDM;C2ocs@2TMLg!Ot*zy$9!;}r
zbrMJ}@gWe2XHUXUQ-~I-rEq*79NbcCK9k37$@*E}d$S`!pVhW+F*YtPMOajnsS5Xa
zbkNh)b#%kX%RUYEi6a4&U%!5Zc(09Xm$sUkTUg8*Iyej+l6byJ=7}dybVBGgBP;A=
zxmkX&bnmI%7|i@3(G7R+-c8y+8u*^HgJzHzfxY>@-r<ecR$En3xC>F`Zg8fn@BKGw
zl)AvV(<=;ic*o|A8y>wpvVo%7)4!kQ`H42TLCw12jT-E#h&#m=i6PP0?#2{9-bb1}
z65~7mX(h5TK1}QI28zRy@mag1q@=Pt?e!_HWo*}ri=_&;)3bRP{UuA=er97s!%jVw
z{_U7oE#*e^$2X=~&@RG*R8)pFHf3!%EpmN)BPH+1Q96nP&C!iN0%@;Yx#GCFAz9M0
zd|TTbJ^b=hTfpY$=F>ST5!c&glWQpp3kye%#XdV4d9o+DQw2#zX;J0MQg_UZy#KgQ
zrcuI~wydm-|M-!44!)wS%*^21Pm9G#N4n_KXwUPnoT#Rs-+I{Wg9JTR#8e}MnI@V-
z%saZ9BAy`l+iZgheIY#dmd4-$dqQ^Bo`#jBxqU_%a+B#Z4#A>N8oE308_>IQeyOgm
zR>-|jP}Wje?_QCmk<s1WUdG2`rTqMBBH>_g>g;M>b@f7xUXwoFczc7s%2{u3Z=rd2
z`GrUaR!ISsEz?~Y-gN?V(;^Klm?KIb>x1R_f1ZBXHy?4V?TABbR*}!mVFtdRG`u-&
zA3iKLHZ-X0qfH;azNi+oy1bB8TwGi$&1|<EF5>O19k<KX*~zJT+qVMTT^1T%f#Kod
zrES%*)?NpC1sIR~o;dX22KG7K^#1H`SN7quILm6-8ffs#iOPD$#;qO)^sD5Agd$Gr
z*RnP2_P%=c>LdBvT#}r$Vo$nzdo2|d6qdu(&KX1o=^a0Du&&C!Y0J9-ZZ(YNhF*}W
zq^#=j4Yj>b<gRaNCMxF<1S`Xsy>Z;F=F!cXJ#A`kHXE*Qx!L9Nz2~6ehZRf19kgN_
zD7#dKLl~>H>eG&HxGta)5>oF*8{bPk!)G{ftmH|MslPvY;qso{6hYb^v)jbVt+Qqd
zrd26y3AoCzt~5$yxtyLz(`CLT?$FT$!AmrUPkj>{t@k#_>eUILq_kaLj@hN+>?U-=
zVmCh>S34cAoX6*=Cr{K8WkY*LkE-o3P-2b~?t9hL({*apS$HK?gW^`JVzN7O#O}-6
zw<dRf@eLn4dNfh>x{zKZGZ&p>pT(A?f$G>3o38I+TOb}jnH50+<>}clzoiZzSGpkd
zAeK#KD~&>8ryixeoZz{nhGC%b8U2t)eDLO5Q`|XB%zXSs?^C2w?(ViWl@J~=MM}6<
z6=TvG?dWTvvW*vAcT<khAGnO8RPa9SiE2pfeUW-WKr`cohK|QV%1j33H6_Px1Z(Hd
zCPIIJp2lmktBm4vE@o1&nx2dQ$vn3JeKf1`w^mNt|D2k_;6D3)dmdX^GTyJZX18?h
z+O?f`i;7m-Egsv`?xwt=2v}-Qy-AmS<Yn5#KK5?%Tazz|MEd0QZYJDHibm=t<w4kZ
zjftjU!KKpDQf}EA>$Zel4ZE3r$3BXmc6WDAPfeX?dwjMnWKVt2f@f0%6YHmEgDr-S
z3UbTKryZKN4luhN&1=s$&Q8n7Sbps~A?aS>)^{{|*S8Z2S$#EUhqtqRp7HzT;Z-cJ
zS6lFtqmvvo@4;`as9&$SZ<~_B<`YK}B<Q0xl)lcl-B90Qa$=<}k$*R3e_`0&L-&$x
zPadc_8mo2G+?){3_cC{Q8<@R^NF-*eC5lP1s7X|+JRI&WKGvJ>fpbgv$hcSF*~u#N
z-FtQ%cmHg3S_o$BNmXpRDY$H^xnO^m6#aoHlir*IuO!(#v_`F$O?Ojh)m=8X*U83z
ztY=eErQEr*H#zUUj}(1`>hEgIZVKO`n2ojdsUvBwLr*GPd-sf-xUd)eIsTalMFGP+
zrCVa0CG;ZIpVHFO;*M)FO03@g)1jt_onR7vgQ(4h&r!JW)lBW;rQHoLUTk=8`4ls)
zLNL$%y1gjl?xskayo&Emv?orUH1rx^Q2Sl*)={Oqqa$)@Y3b&L!!H|@e+wVX+M^=I
z&aL1z_&QL+Q5zTj=0@(+go%Nh*b@cJf`|@d7>_`|-*tIq%m#tVFdp?MfsuWW2e#w3
zND5X;D?*G}>2i-)ebzA*p)XPA{|<S0;E~EXf9G8k1^s9?6^^jn+_MVX_O!O!52>9w
zgIf?V-(VZHy7pZFvrv?p$-=<EpoWq6;Cj_ud%U*dbDqh-c9X0urV_gIWkIc3igl?8
zEN4Chxv{vj@&&GD{tCs=ZN5{JXHCZzkE772=6IWIP`OY{bC!i>(}rz%7u7I&-kWb*
zZm?B}7dysIdmzVIrB4k*7q0O$hmErB7~L=MbT(nV9p^AtesCYCWNV-ZnAC{TU)SiS
z)SSaG(qDMjxQ1!ksl3A?lYZBK-1^6kVZ=azgxQTD_TR`4hI{Ni;Bm@3;Rt$?fW5n`
zD{Q6n`s)K;3by!NO2oPMV%g5k(XOyEjp23QC%ZiMY<p?QbKSn?guU=yL4n^Jes{=;
zE%xgd{665_>@CdN|FqUuq3_t}2IaHSjK|&#Xkpum8(XSU(pLN)wr<%ZDBfMLHM97A
z`sI<a<;kbbhl*BqZQM3)mv@@Pwh%Mbv*p8`D%E?(e$8+d=6G+Ge#r8R`13=;kQ)2P
zz2ACXM$Jw1%-!nT;UapMZ-rxHfcce&O^@gO%%;Xorc|4R%i7is@0TtMOLJ_PXzMII
z(Pr|-GvT7a2>yst%)`Vey<M^=ckfIcOUtp8i`)7x?_-QmMCCKyic77V-yPa-!^XSq
zb}=2Ea2k7=&9UvXp}tugWlKHxB1tiO{-rSK>Xqq$aPic%mD4fzdoDa|o^33B?PGHy
ziSOlTu+P>7O-}8}g7>nI9P~YH-m;aa$u52lc&I5nw|4G?ArIEhIGuAejWjoZCqlc7
zUTW&B^NGR`J^rs{CZ(rptzMh`Zv0#%mAt_F{petnGR(-@8XX30Z~Et)#f2S;GKJMP
z3p|*C|IeJcxqF}VGIMb{aneirpPzAP=0*<nx_u+D1xvSu3QRwY5w`SkvCljwp&$Ep
zo>pJAS6eGbayNTk;-zk<QvQzqA1P;bbW6S7@6pMGhn>m^k~7E-=hc5tr39<Kz3h>Y
z;^HFbP!YC4|0ThpxAY8O)L?^(nq9KpQ9PbBb^%*&wLJfH==3u^U3%K!Jz9P)CrmAb
zUTxFWVwPxm8H45Oz4EYOo6<s;9(fghyQt$=k5B(zkCsbX*^e|IeRTO9Y4B>GSiqp`
zqK8^3eZOY%p`2qy0k2MTh|(s%{SaqWgK^Q-FzbxjI~XZ;VKn6HLGz-jUDhKOyx+yK
zrv%Qk2s|%I3p<szdO}|EuyIFaQMC5bW@&Slp0*Gd%*x!aM|q1ctaEb547SwiRs<b)
zOJtCKU2&AIE5YR49iK6Bh7pTsj=x@8VS{D31-q#5J|{gn&s`oB8#K-y+*3(gx{a+X
z^2)F&DKYzag-F(Iot)a!q+K1(G3J&hbv_-kJ<{fF;gWt~<~HY+mdcDSY(49(-tZ$o
z3>445_2+v&ob~C-&pMjq*{GlWbCul9EA;GFB=c^|PewEEY!1|$*3P@x@{VKBZ?k}y
zMJ-n3R;bf;!q9KA;;W?g;sr+1$K+W3a1MqhZ*OB&?PSl}9HEzD`^T{<k)Z-2k=MH4
zhUVvXn{G>v-yJ7@##pskOX)^#3uoP|)9tXIVj}5W{TjBXepJnRY!KnKDc$&}vr)xW
z<#x?o`CC4=W>N%!)hou|3!Hn;bAR;AI8V+y%6Ukwi}sG*4U4xG)$vN-9izlu7(b6y
zY<y<HYwY7PGgouoja!}IpcB~T<?JfF%|JI`!)$5juMM_ozc<sf#q4;WOn<C(llgai
zvzpZa`|n&9OMzzWjsX?=$K&n#&jP0<3~Sz{><C>uH|YOF-^5M$x4!jNt87h&7dP1_
zgVJ@wI(9bt3M;BlU3+A$^$M%yH9jPuc2Q)p(ehrMrUFZjvDp0C2U`T$PEB=oN~Gp|
z=hiIUVbk<##yvZJ#|^&=UteL~aDMSrocsFTlLqhoMljbrLbFi5^-9uxpPBwy>-2q5
zhV!9aK~`P7ITQ7I-R}GP*k3g<1&p(wmAaa*%p^<bEM9xhH@$MbfAgE;9=p<t-D?Lu
zP8+{zo7=DG&bBE+buImE0PXw<>-eyij3JI<ih*FNqK1Zbl?79XPm@-k$sBLdVASRk
zlaz)y`H&WVn+i_f#y3gow?kt-H=JWm4*ALZu2lI<`JR#)#>cttMx)1VYwE&Ww=9bX
z8Hrx*^~$(0e4h2~HfA}xp--HJA4K`elNfbnM>YA~`f4&9H}*|hg{5s;;tR#%Xy|f3
zd;7Ts9Dn3+zOHz9F)3`wH^Tkbm(Nu<Bex%Ga&TJWKJ(FGJRzrO*+KURftBa(-bdTy
z7(G`i&WsF(<=)NuHqAIh;vFMy8MW*^?S60z!96+hH@P@jK2zFu)7R1AV&-BR!y4XO
zw{PDao^1SAI6{w=L4Uh3uk^H<Ew{l1KzRM#lAHK{v*dmOtzS?dMpJaS7(GVvzx*(o
ztrLG9Mw8hZ$E(fJ6vd;XdUT6`3U3uf?#A~4IhFfgDWe<2lLgtOqB+FECth9NTG*|x
zK=(DCMM7t{y=b(E@V1mlkuQfvbT*kj)Urwq#W*!y*v>7dnV|ACP_Z-p+NbV&cWdwD
z*WRh;|G7_8UZ%72VE>_+J2m+ZNcaC2e~}GP>vVnk^l9~hbN6M~9G^cuzT2ty;U>X|
zrSwJrXTgSP9{p4OuU`p7@ifvuwb~|o-G5&+<%>tvamFX_R`(bOwLMfk_WOJe<2BvQ
z4<z7Mr<zn6JhII~lee6IW#^t6mv_!7*EPLCY{O5B&sKE-Gxyu>9n{P3H~iE*%u=xX
zj<;hBP1uubl(u_U@mcQ)jnA|XesU_XH{;!Kh4IMKm>*M2CPl`-3T5s*yBRIcNzXj<
z?M$gndh|mqUi17#`~4yt#VtNhY!aAu7TW24u2SiSo_k`U&)#3rbS=Dse&<<7-8Z!=
z2m5;;f2dsJVUORhoRxS=Yq>vadX6rnb>gF3+LiFdgu30c?q(*}4Z?M5gKn8=HkN!(
zVQ8$L{2|OG^)a=(EmGMzhM7CN?8W_n(XG4s3KFe<zsgZ#y`0x@n}=P5n@RbwN48$@
z=w2DQInhyk*cZi2yU7mS8pkah!t7j@Cw_fv-{Z^9&^z(OIKqwRm%UNt(VgbavVGRE
z?lPHQ@eASG_@DAh>D(utuRNk|vB~Ms(~D6SM+0Xc-^!ztt!B0smrC+x3$i_+r#Yx7
zmR7B)d4^}pT-^YR@oDAJuii06PlhT+FWk1Of5P2()f7LnKSJmbyXuo&j&JQVd=~mQ
zzG)Z#dA&GC&*A44viXEWg_|Z_rIb=df!0L4Y=y3Ck@2!sY}5XmyB<2a1->!KYuhoV
z`9f5vSy^eITnXnK+vSu0qyM&>!mBR6pkQ_E=uu6Y(|6c6k8tdoNl_foHy<mX6>zO^
zt21`D+G%PoWM$-&sg8GHiuoRHm%tfJF0)Se`0$iJp851%Dd`ID(>rAXz0-~sMc+%%
z@D9{VsHix%kI6k?yYb2T2%$?$CwPCfk0k8tIwBm!WcfR}yZn`(jnT>*nmX5eXKdqh
z4Dw^*cZ+I9_!MvG7Th*K>_7DF`#A4g7HiG{-gCHoGflaxTQ`58Ys@&sF`4006jBtv
z`Z<UN&%`J`fA{m*pTBFguiDi}*|7v3`0a44NP@*mn$|Qgr?=w4xl28b2fgGo`9&8P
zWM*?FbAKG-IdlEwxoZ!!Z=NHEUe2#5ysmM4d(7ZSRAPwvHvjU;PQO_n3!V0ll6hy(
zGcxGR?O=L!<%L=u^Nu)Ky?dtF#N^#Vi)+PE(z{iR1p0rw2rgC|5H4Oy8?pZKc%y#F
zMoq6-jaz9H+i}i^R(a~H2a0%ObM{_v=Bb$8-<b3Mjrn%Akz>v6Ctr5$e#eqlGIsc!
zLC>R$k=0^;hQu({-{rR!`7!%an`U1yj#^(V((?!(a599a2cI8$-W!e!ywNk>bo$Ss
z*K@64uc9vz#v=Zc7V5vt_s~Z(y|}c}3qNP6uCY!oR&7xY5E1e}x}EkJU7dcJ;M$Wb
zEQ$HV-6{%?g(@7ownV<a$=lqX#wL)3Ez_BE-kPO&Tk6))>lEs!acwW&w0^l7Tf4`E
zZ$kbu^Lj&><q!6uNtbH3Y?cn49KXeVou1mkuATM!s}vq8rpDE;a=dLQ`ekX8${M<K
zd10apBNM$Yv+<@ixt^L3XY4o3k-&I`fRkH!2Yak`m`NT`S(n$b<CE2v%iDv;W$xby
z{`JA(P(;L)&U3#`++j+NS18&@^Yw)XzNacA5POXDBPL|^%fgSZaVNZLqhIo_&KCw5
zm~sl6%bFS5uJckhURH0uu6e9KaQ<G-+u>i!em*O`+1Z>9n|0ZRbwfpusZj@|>$c$;
z(SI(nH~qL+>ilA4_4UJR0nH1OSCsW%7RTQ$>q?ZPl)Vh!MAdS0vv1)Y4MxRVno|Y6
zO7ljRQ`=pa&DmGqbqYFi+I&$Qq<rqaf1PdYC9$l#)cdvBla{WHRI_m(_*lBvY&MJ2
z_ln#^?zfmHEf(jIk>k^@j2+fJ`t-${=R4w#9k6g1aoMf%A=k6%wC+PC9KSQ)us5r`
z<%al*+Yju|2A0f@hfm@1YS=YZ6BpY#HEmKh(%9+t@$H)`ePE|pEAp^RggV!>-F$b?
zhGiC=7B+TPqnI~bv`yFapUv7e!hVLLH?#ff=ayvZ44<nXJ^cR3^Bu#75BRuU7<JLj
z>WajO-?%4lQDN(#uSK<wO22QR%a<D6vr;kP!q+k-sdk{<J#zTHog&Mg`|Bg-s)$kB
zICH@1ubboblVTs|byqUR@yF^UJ-%9N_U^Uge!u0hFP~q&4Vm3VC++6S`Tcz$?FX8#
zD#<PC<{{RbKS<Mqv@y~uRrb~2IQhtxowdbv^G{@1``7s25;Pg)-rb*U^b&U*@|{~w
z?+yQuYq2C5{$08*+e8GKiK=ijYMIQf4kS8eSOtG9y|1ay?;8?o>@()xUoBa2vF<i&
zz$MW64E+WsZPIsrJ`0<1KBbhMw;TmueveqI+pHAz)qk=&WT08JvBL4TQ<tbB#L%q?
zx`B6@hTIP>pEL5@7ME)iGO7OR@!KW7eU|sVa6^qlRi$%@J&c#rP6oHjfb`7rD)-Cx
zS}N%A4M=R+w(D5gvFjM0LYHRWiusRz6<1pNlEictiAg$HUF>cYKcl-Zr?ZA1ExYT0
z?G%<T8V7fH9X)u<dd27hNcx3wgS+xezOObxg*`guE2wuF70!aI?QRDRP42X<Ng6nB
zb5jO$KiL$2_Hsz|u17qr($DvN3;};Tw^KlJ<meH{Q<rxsZLG{jy)nGFdh?>%w|lz2
zPaYi-pPWrnC=!2&`6;OQf<ry+s^1b!J-aQX{Lur;z4cDg-rL-%U9-e<N^d$UwtQCS
z>!_&zQ8Nn7yJlLML-aI>KGYUpH{EYpS%T+zJ?k|FbFtCoK4lNn>TlD1NEKLGg|pvn
zJ9nt$ug+l2Se^BQ9*oWP>>|XFrI_RCvg?98!~C33+rcOQk73zvrJp-BUf<i68cFRK
zOBb1cx_bME?KZX-&;51i#F^TPk6TBhwH~bo2bbg46+O<lp{yk^X8v$#f+JN#Hwt$6
zef#+6_Wc>UB~+<klFV;(T8ait8CF^7{B<mKq*S?Mt0z-+^vg@OmX$HjJ|K-I=pt_<
zOk~zdubKVG)%s91`|eRr7CA<^1DRQKtH6R+R*T|PbkFgMuS2$q6Voa8huYI}k_7Uo
z2EL5(KkI=DH5E|a<T@4A&mmu8@UfJC`LWrQzVxH<0o@q!Wp))KJ*sKhX`Vca_kM@d
z4;WZjDr3TjeqNIO<kx#uehtg_vU+l|HrwxuVTcF!qbNg@Wr?`kx8{H77Etw3QkmBl
zyO?R#vAvQpfA))iWYVYFoakM$N3~8<d!C?qk}2wQIboqR-Hfl%zjAu@<XbVW)xKJe
z+%BXB1E0YAulK+1xN$p4Z=B}qmMcn0cVF|Cw)rfb{B?wCLmx`da@O_VpPj}OCS_jb
z*r!%%YsXOgZlh5XN?l|rUas+X7N6cV!zAS&Npz3B%uby)Te=he&i4)8eZ3#uX(#hU
zvfupA;Ycm1nW)vWk7=GRQ?sV`6&?n#UmA;=HFHH?7ru$DCAe%0`+lKAnf$#2b9yHW
z#c~=0UQ!2)r!jp%y!NxJVUcCO0&~nsi3?iIjuk;>)KCa#VY@4S?0uR<g#3ZM`*y@t
z4Hl^;1yEJ6rW}@#T2LGu?K;4GU`2gtt3;O>)yJWY^~8l(_baiN33_Rj-B0XJY+hY0
z?4U||oi=jHuHZ|`$ui;*#yAhtYx|h}N-xh|R8YCYnex8nk~&jld5;V22kEbvX3ms@
zmPwmAQ#7mS^6q<8r`_Jy7Q%wUR#b&|oag>Id1HydBQ&3~&&^s2Kqz6sa!FIc>J<l$
z96WSBqW8Dvk|ZQ9arn_JSM7ouDc|o`N!UH;+2r_Y$LJg<nx?G+1VR65_ZP_$HurWh
zL{uxYte==sQjyDlv;TnOfYsSCp8F!nOJ!{#cL8KN?qd8u+ulEOD#&4J<ju|II@vKJ
z-LfUO)rDANeg)ak9}A*Gz0ykf{=k`OI$Fn?*;U&UyBOecWA@66!%Rc0N^>0<!_$)v
ztJ8bB-*(KzdtYmP%wFo#7Sf42zliywb;GD{==uJ@sj-K8*-M>y3%;u*e$O`Lv)<ww
zKk)v2vWTw)|5Q@zC(dE7quNUj&xZp&xIeV+f;ryL8ZYy$yV6Cz;&xMrSLn^9^DZ~o
zZHIa81r=&FadxiWlzkgA1Li1b$9xfg;50N?v*vIwsFQt&uee_{D|j^Y-5J+L@i_4o
zdB;bKNSY&*s!Kun-$Qd%S3dr5Mse{=SVhiZw%gBl$SS!tgJZ_)X6p=~UO^IuEThD&
zyZMWlyX@l|A#T&vC<uxaRf6KAUj4?sybg!z{v5hJDWxwuu5ML9Hn2aSEW2op{Ih05
zy!y|9;OJMRD5p)ohP3*J5j5_g!Cy7{6m{EWs8++|FV?PI0uJuG_)s58+-xAiI8}s;
zJ9DoxSV?)MKL5vHXSWIz89r7Bxb~F5_)k8Jlj~OP%|Dj;=sH?s>$?#mJz#qA)yL)M
zKwsmI+pmvvM=Vyqom&L-E}zAGVbOipycB<r<(TPvrO3r<@e3^HHf4^eP7WMvG^-W=
zv~w@(j2GqQu<IZ51jXSy{K}THs=tj|p1GaP6I_f^MMPg;-?eGAYd$_c8TsV%?or9y
zH!lQ*I#7^h?N`n}{emhNUV-gD&*6{N1$6eRKXN=V;nClcFvqlI04Y=yGSEMolT9>n
zF<=S|3|xA5G3KGtjoP0&Putyiglx7VT{_|%;%bs;e#Se*CrpIzRf;DU@9^^t=gxcn
zWX$oaj6*RkSYdeaTF0-FAK&&)4m@seIW@_^GdZok7Qh$gccwBmIc`txNY<`hx}0ml
zgfGDpXMJ2y&r-j%od+eq9emrA_QUJqy~THHygO{lIa>GBbB<x=!yh)&g^nH(+OZJu
zT*lb?a8cvMT$lZ{*X?^cMl?xP17?<Qhx%(yyL*;DFVm4SE9lx0g3<BVuemz)^_$s|
ztt*o`(}R0*?%&d>ZK%P9y_L({dxyXyXwR?1@3=Sj*mc98JTnHqtU^U$zv&%H18}H;
z=ag>AC>eXW>9hxS`8+8+^3^~=8!sb8t0d~fZ_yR!M~w#j6KQVWzj~G`(VT5=7jHHz
z7Bn{6>#${G{kY!Vwx|*%8qz?R>Ymw5qcgUzGsY!z!%3DIhJHt%F49MrUo|R)6{7U3
z{)2&KR|g+9NnF@>v7BWfUNoaP-1#d-$Uih~Wus25ie;ft=IQdT+bsN%TY4-$oVz=@
zaofrBYD_}~B}GY3I_K#@8;kwK-49ZX-iMd7bcm#R-`Qeb+T~M=O@9`l`*t{__MRy(
z*T~~f4A1fACZ9Onz7M?Ft@8PRO~o0JkK^!_%Yl;%@_VeiMO${9RT+v;sOuxPd<~Ov
zw3)Zcw&mQ&|4Un%<+lPhAk*l*n&`my(+af0LAO~m+xP7iD)fHI*<I&GuQOjozacca
zV+DGX%RTlfi=U+?tkUOP$iYTBd&18vlBe$8v-oiJ*^jN{hsUI6T(8}3ZLc?u<9__>
zbWoc-hb_ae)|dG|JZx=MtitIi+yfm44^GK`Oy}5n(up+Z>-p21&u_PT_&NRyH5bmu
zz<PbvZDGU8=Ku6k3Z<B9(<<u&^H-f=(|LS|{qLV;pv|$=-wk(Qpx57BjUxU1b~GXu
z_WS*>c$R^dpP9d_ox2NG6866T?LJxurGGwx0QMx}ad1TzHg}`j#qj7}I(UPP+^~rd
z2lphwE>GC-35VcD7r0S#{SXc|EW<q&f4E`GH?<GAZ3ni0!Dd1d9D#k7<n_IbGO+a;
zvB2JG0o)%R*j)`r@qc*!w192kXj3WNf&kkL(WtOX8g@3K`x4Pc&OgWhZ4}sk_%EX%
zWzZ<F-H|HE`Y7l&P9(|tD1Q`&U5S5o_sD9gsbaC{#%_BjPkWb>0`~B<2?9)wy}zQM
z4BS5L32*=4hOOdcb<%&}miaGn<KgBQ)He=K?Hi~+lE96laI4CH=o|Nk8xMP;L6U#D
zAsu$B|BsUVm$>o&CAo3`Irl&I4#Ngew0EAMj<z)uVFxM@GU$dFm>IYw6!yvjjW*-M
zU6SZC-T)54mQ{6h%Rk&74HWE+hg(7g(Ed^qY=(!s6wnhF$TE`X?iRRB?W80)6>Mac
zGk`we84q%B037W9V((4BvF^J6(TF0-ln_N`GS4Dpo`oVADs#q&%w@_v&qWkUGG#1d
zWu7I31~P?8GKX;1zHjwB?>W!=Kkqr$`CZrly3YGN;r`rvT6^vF-Ftu6+G}lac7aOx
z1i-%%{3JkJ;h>!e)B^sT$e#k7NBF>Divb;G7C<E#pmCs52>kTmxGc0ThH(}GYLTxO
z^4EYv-yqDQ;>cwN4qT&<1gKguKJamYGu)!!<A8)+1Wxdx!`sLK5HJD|00Q^`nMLK0
zYZ>yM1|Ti~=Z?WGOo$IoGy}chw+$kTp<EqvG*=9AV^h(|U+|lT+}P59g^*(^sun(r
zs$&{L?l^LY1UM*;TyDWL6`BDKz?og}b%2w^kSK<6p+rt`zaj7#K@9a`C^`cMV$N@4
z4wYl_2_eS}<Pe8w1->FD9Tay195a58@kI?7E8q>ry9c?Jpp(Jqq%eB$z)J;Ta2kdK
z#XuAQa5@n~+?PY=rP1+Y7!z>5g*M>>xO`xUM^wWUiH1`h{-SY4`Nfe_4hRD95@ZVg
z@*`&$5EbONg{puikWULnz@P;n4AXCT_K`n7loa7dJ%uiaV9#L+@Sz?8BSc{Qfv4b}
zjyX0Blw(=~hYaX4Vk;bMhVlS_-Rj5-1v3P4@Ch7-V2pOh1|8GJxV-O<9rBz(QVM@D
z!udP>_sIV)|64KuV`WAi(;7$-3LFCdxJbA_7SXtifs+wTZsN#I7ZSlk3o%v{e3CKV
z)_{>*i^4EqXof#Xmf=u27GpA_g2KReG$JsmVP;KnG2{pX!iQWLv7`F8iSmpn{Ewz5
zURXi?;V9&x_7ePVFcG7le_9De|Hteyhs<{EGVf03*<B@TTG;IUb;Q)###$`*!Gj06
z5AIM9Fz#dAm+AK^q<w~+lQV!fgxVz6*4{v9XL`8k{Pgm0-lt$^t+m20K6-N_AFW2_
z3V3~fb*x!>c`r!3_$k{wJx6tKPpR-T19Hy=OT!PQDl@lJ?N>f02bz=(A9wUrnZZw;
zTd@R~KTPK645@dIt$a=jG|ArRlHN93y_FEF<Y)uAI8UkExRgM)XbEX)nepap3N$nx
z6l$`(>b)u@o0$=vl3Q`F!*yKZzSXfa*`}k4IWR?Hxzlf`%rvoMK|wldV;7uGcTky8
z*afxesF_{Bly0eF?XJMq_B~v{xnGxy@L=H#^RSP$Vz>K>nylPOY-Ob;D{-%1hH1uq
zq_UViP;^7Z`oeCJMEy!;p~qM<E8pZ9k{{K<l4&$|o}2LCV{B!dHFsGaj2*tmT+Q3A
zoTy*SER=#RlDj+(t?bfo!&}8H6oXBe{b8ym+ptR{4{r&xP{?jVe;u<>;O^(QP{0@a
z*@MttO}2{?(?qM<RReOHd~Dk$I?c}uALl}@x3>jy1)5zIG$;?+|M&BM`S5RKU@Kp0
z{nzOHt>u<mbvxVh+uLV;?PP3EUHUncr!e2LZCsl{W1(Xa@ipu&=h3S6!JEIl<fA__
z%2N02d?C5Hx!p0kC0tk6q+ho-8{Bg9Yy69w1Omq#qs5wAGPdWoL~pL<kZk2nGkUg6
zn3|k=YqD^3`B$#v&X?=n-6l?Sr*0bUnORWkUDu(RsLFg47F0;;m$~hCT$;Qk^wP*h
zb}OlkF)R0P+?lrmee6$I)vYf{PZU4f*wEVcZ80_?8+VU%`IeXDedhEztk6F=X;jRx
z5H3y8*%XUkY07`DCa+O~bmd}c1%uPV{pq<ed=(*=+oeR#1I~f9MC7F{bNI);=07*i
zOc%5zB9Efe_c%j-(0HuV-_AJ7UES!;#DSwbYSDyVN0>c(qFiqiFs&RPE@5!u>GoFn
zgsCcvh`cA2Tj>|q%{y6}-w9Mcv^P?^5^lW34;``1aLv3$#~Vd2DF4EJ<c+A5quqK<
z*>u<oi!=4HhHba0n0sGSM)4?nGvrJM5{!)Gnd9-}DoT5m9cd)^WX(^n@bv9SXho3Y
zSO37QjO#TFp+SY$T+S%2Z97dxnZ3DQNE$BhL#6a0H0)vK#BFzt<uoO)Ba<^8i~h_<
ztLl64X^dUXoMsmELkz6+H%l+|btjp36uh-QqquW((g@ql8UNQ44ZViJ+?LN=$z(md
zk2~><w`;bHF7gOm3?$&)@*480!?wF3(K?*>vvWpnCGnYSDN95~@AV^D_@O;=SrZPm
zK8EfXuFd#II4ChTF8?fLH1Fp%s!dRGq_-j>m!{|bneHadtDO1ZB%N_gFE3|f&y2WL
zgj8A!<<HJh%GR0k0^_;CBg~((GlC07tA5kgSvWKHg@wk)R&U{<j5p7HlPgCi%kc>p
z9F(F%-MCM`4f)ML>f1NS^gonut`;ahJ54#SS2~s9lUfd3p3$@ID9FTQ>*i9HbXzU|
z%6R;`rMBfWR?5-4UEOV5jfPZ{odrq1vxHolNn$auTlcEZ8m9E&KC9GJO}~;_Yi4g8
z!*^igT{4|XjJ%w_ST)0mDE=yYhJ~Ti^Xv;9ITL|-()W24i>y}fSoQb^_TIL*LAHPy
z21=q5>a9gZ#<MPIN~QRr>$Bokk#)`KT{UiJ6pL(EyV5W%7aGNoUZKXn-I(Y(CvtVQ
zKxe=|qRuzO_svAZ2tHxfbff>9iCWC~ulRE@_8Us4Hd0<+C5rOxU8;ZQd`#GLf2HS{
z@n6y16h1gu34elb(8%l1A<_P=V!ZR2l+v+v?`!5~WYd^DkKd!fjKn$KRz}&9)hL0g
zf|M@zNyB2{(wn74iP1dDLmR<oF<CkbyU|#_?ziRNxM5pnRO*-*b=0`GVaAvz%^;@W
z*+mRDLM|O&iGJqh`HRvLhYtVd;fOGCr5*9sccbjUb7~)&2SvR^an>^jvYs{%L>#}B
zSnEf>H9bD|WGBsnzbX!HtDK;+qGFD4C{G&6np*KcOoQ(@XXEj9#)f7_#B#OrQ@cfa
zm+<B<vcd~7?)RKxsgJc_s<YM4=Pd1!%3_GZr7ryWRBDs%>6E`y6L3GS*)EIdE>-r+
zZ#J$g_8nQh1;*6)HWlZtIFg=E3m?XH5U1DYR;J!MX1P3X5`&xd?CaB2wa6aQ<$1#{
zPx|#o?2RS#gcI+a8>^KhgVOV0aAuTRjxP8caXF|c&L7Wuq4e0@2yePoqU&4UNV(x1
zg6<g+YqAcd9u~6v8I=}7r>Kgc`F0q$_Z;K+;tYk0M?Vqhr?viE>vaw+C&@ZPPwy9b
zws0%1VtIu8I|1EkeTA8<K{K%lx<D~rrxPh%<g4BlFrM{x9*I<wzAf?9M}nTNkT@=X
zP{8AjqVNmdp}(GQydo#bQ?IslT!CSRT5w_GSz18T$otkXe1pvo<v;xCp00c;4f$br
zkp1*d#7wQIvQm<Hc*<1kGgC?;a?6atBPKC>SGkmp#;oY0=zIC2!o=5>^~mbD=QRzR
zxC|ZmRR;V6%SRtV^94lY&(3)5J^GB^CI57$qfzd&I@_*Bt1!Xvk{a8zI}e@DymctA
zVc0LfXLjfWE}68nm+6EJZAXbKO_n3xY}o4<i*)V|^3q1L32}X{t6Ue-f|c}Z-##D6
zoY>FXdd6ugbWbCtNMmTkr6Ec`2DKLtr{C~y*FKq6UXB=9-k7jjrrV@%&u*t4q!d0c
zRAxZ+-_QT$!+&Mq|1%j7_Bw*ucUkr@ni=W$_kS}mNBg|Hr^6$hjJ0)3tz!8LPuke5
za$#O0y3!ReyR6~TR%*w5xA|=%hAmGT^7n*~|Gg@By5-q1d(bSSpMQD*7W<<L-i<Pe
zG{DvtSFNmFPBWs<{}S!?e@sKHe#OJW`O-i8D*w^ofm1ic7(q$^(ETE%g8&5Jg=hot
z3-bfiVM1)6-=KN{XM7&9zjOt{;<7^W;z(EUr$Q(TdI!u8Qq+Lb1@jve6rc_ItE3|4
zKhRrWyJB|L1=OUVx<d8*U1<%9VF*-)(e;W7%l$?u4i#ulP|zsQB141@&}9HZ8Yu{!
zha!w16$@zXP+UDMLNOeW2Ro=oK)Hp&!R#W4PX%heKR_5_s~`YWgU$(Qu0a(gB&NO#
zP<$$+>O}7N(69*Tq@V)SVdTLN>Ox>5aB&xab_&9b{e?t9+X+z$AbKex5Q9LkC@84@
z8vzHP0H&Lu2LD$C>TXftzqt1geCJ2;O!yJSC=TIo1ThZ;1mr-E&kvd&paq3&L|T1d
z2p|Y4i4c4TKoF@dL4gKQ&;SX6V?Q7ih!>DBD5Cg5Zx6aOKqyQtAcz=*L8wEZ%t9J>
z=sMDWfvOA?xd<Vf04U0!GC*Re97G?0a6Sk@kQzV`LG5oy90DNxP6Hx9Cx>c*=mh-m
z2TT=!AVwJ0zJR3~0w;jAK>*u2Qg8l75VHly{R^Rpet=M<Js1XP8?<duA;gUUsX#Fg
zfGQN;5K@3R#4hLt=#&AW*kQ=x07^_i7^-0CK-CEd0!yMa6rvV-gCc1F0;dIpAfPTn
zNEHbP^xMedf;6$f1k@agoCD(lts<6Sd5>5LVQT;hBRw}_Gsq1nG9e-yAS9cBP*f!}
zJkWbEn1H$ujU40$0Ab}25<;T`0fL||Kmw?3h=7ACfzlx7fKW6!K+t~y6etucHD~}p
z?~FPC6=M+!?erUgRusk-6$2t62nDu!;03Z0K`W4gV%mVE2nDqS1P=x>8=<y<d}L^X
zCj$lnbqz@gim3#h0cHb0HXL9w@CWq_Jp&j7;g%3Wfruduh2H@r0xX095JVi=MIZ>k
zi@y-q5isRYH$Zy~T@>I~|NRN(3~?bj5Car$1E@!_ERndtNCHvfNJ9;SjfU_K0xj|%
zv^&_426}y<N))je5O#cpAs!Us2rvZ6IJN<(e^>m$9Dwxo@Mu7Vz(pikAO@&uAPd7B
zB=rCwAQ4IuL30l99>@WNB3J<uN0Ci-5vZ;a#ea|>SV2%Z#77uU2up<!5C=#EJ@>$H
zs2YttvSa`yAf<p%>}Q}7s6!G0L7V^xK*SnA{OC!?gcQNZ5^xO=1SvsC2u)qU5){A`
z1<%4T4~4V>gyQKSR-#dWAU5b}fF}%e+JMB-ya`VwLLiu^90V~z&nSpI^cj!{5+`^Z
zfcJpJQHMaPAU{OXLR^7I3O%hT5EJ}C)<q0Lzd^)cb$}!klm!q9FAE6!sEebaMIr_j
zqCR2-XBP=03U<?A4#kQX5^^LF7<ogXw$R*!9wlfR%~UX<0KWk7!*Bu;L_9%@5N1}!
zb_T_Wf+UP2L$`tTfY8hYRiTe)F@s43mKMxHgkirJtaq3-3Puft>GxuWL10z-TN(<O
ziE<(<4u}(U5FrRbg~lGn3n8qOK$K7n0=`2UhGoz=l4M{fM7}|!paF(y1<4H12vwtJ
z8`BwN2mydXr9l$1A^<|slmNk0_IvfgtVRFJRSU)hg;&J%PDl>P157Abgb__NouVo+
zVvAyl0n1UKcMyJv<cnEPv6GEB;v{q#`idSxgb=YX!n+8B87;?94hay%c>_BSh&w-;
zCLs%I2!tQPsR6=FJ}|?f2^GyO&>oT`__K>pJg~pgVCc|fh(fFZvB(~YYJ_zSIwF9k
zKX`6oBLWCLc&Hg<liEeVMUds+2(6shawsP}Pe?{lv^%H;nn6PW%Mrv9!*B(@gotHW
zQ9)h(J2Nk8Aeu3a^YH;|fg7lgFeRb+9zBLwE~1$gg?oiBVM0NR8H7<o4Zx&<{eyxR
zLKbWi2Ee0<ok%bUSw}IYV3U9zB$%>Mjfi9vrw-E^Vj(;_=sO?;JwebL#2Q30rc)RM
zvm<t&vWvh<hbf0GjzU_aDq$&s;%I3=%^~XG$wO-<T9o0-T?7rG0o+B<0W?{lr5z}O
zVB3frX!XD_1qH@NRl}18Y(VxlK>SF&cNz9KUj8oy8aC1>iXF5H;Rn%vS_r!n#UPMD
z)Bt8%D+lKtP>?M^d?<7i%)=0z37Qi_&o>H7h-n-G?WrS#*a%|84`HMLq0XY|ACnP8
z3o5}x7lR}$f*lv87(%<GK)0~Mgdt@YVRxBuDg^C~LAucn6o}qs07RIQLtQ{K7>GQ~
zkbs0yPGA+V9}tS#3`kr6a|;4m3orl`!z@`)3>b|Nk~bJG7|P!WgdGKr#H3)G#&8e%
z{jUhqfq&xqzcEnem7jT<0me!6^H1+*;{S67N}=D5WBiVEgOs;dDEc3+@DdDhXj0&8
z@BJcQ$-gP|MLE>B?bgdZ{PnFkH7cak1f(fXo8Dd~>%+kvDq|wZ?tgmi@*P>?BOE%M
zYv1Z(^*gE?L<Q$-Yv;SgU+zzRckj-<d)GgI++20?2*_j)`;Y$#z8fBfXd0Cso38@)
zS07wlG90@ySXI8W_Ws#wwA-1VY-{!9AK$&JdQn?j%Qon__+zXg@&~CfFWz3qsB1hm
z7x5e~yFZcGvT=4<np0}=dhv5BIoVNqW0CUZ&gi?H`f>wOV#20}H)`?sJ=CV=*Gv$-
z8XNF5l;{LCdEn;Ks|)hSC0@0Xi#Ra_%2n1m?$IJ}t7n~{2-1%rewW(kA1*<pPO@bC
z;6nZ6+ihv1gu8sT&c?}%JsA-XJJSzLoqH^ve6Yy=-084iiw(SQnW^`y?qL)!tm|(S
zHhTU@+nuNM646vbTK+q$Mt|SiAI~!t^vn>gYG1$gW~o_>#qMj7^z3UZBefw5N?E?k
zmV_;pma8Z3%Qu7^K6E}Z2rv7Ddv4YB7ny!j3C$iu<sK_Df}YMb`ntE`z9<r!Uvgb#
zBM7Q-_l}C?q}F}fbB&<X-=OJve4b*r8h1uUt81f6ou|*H&iPw$C24o}Un%`?EBl+^
zhCf+{=Ph!Fbn#z)KJQMuc{th17SV)#ec5JsTvc0hYDREFfGF%^$w_@>U-2UI89|c(
zp92(mOiGnfS-cfFx5sGbs&Xz*Sx~8;<TYnf;`9Bsro3(I{HR`5d;q`0f~t_;!GCE`
zisfg&6y1|F=M|bgo0RH2{ExY*moCg}UF(|KAlZnpqj{CL-eY_yj(e_TR4x17)H#z$
zx<g!RZ2Vu#_Fap4DBU(}g|}Gq1Mk2q>Zg*8oHsTpesT{+QZvtKP2T=Yw=rauPnu?k
zzok;Bb6j+DdpcdP$=&JX)pW+d%OOq|lOK4=bq_3;P%d=78KpdWz~Rjp-$LBMg*%Fi
zRQ-4XK0yZRym>uC885#&i4sWi6HC8~@(jqnI42myE4S7xwn@?19n>&W|7t2!MJbAu
zIQ|8tXpmHvbj!5aS1mrivXRCqmA0g?PnY#NIPmsT(X+npI&<`_v)<VoEY-OaLC0@w
zJ<=I)BiQ$-cgV_p!kt7k>4(VO_@55?OJ?*>i=Mu}BWo=Bd|qZ_@&&7voMp%B=(Xi=
zEz{W4@U~$kf)NT5)>*9)_VS=dS{2iaF=YHFtL@g<>hG5jQJx<%-Wgqto9oniU((as
zwh%jb^@_V!6~%}3a<($RNc_?l-&>`!gesB;8uIQ&GY!q8m5?4v(w#hz)WPH3e}BF5
z;KI7YbneGl#pcG#Lsvwc=~HX`!fsV>OZ~zLqVJTvN@9YO6<mHZU@E~toyU-jUP*NR
zhu7f2D&BAH*`&lgB>d3@+w$HYa!u>^ec7vaVO{@LN!k+<qmw7MLO)DO2!9*E!+RAY
z>Upl?b?u2khpCP)#`^+&f<*P!>|+XX$rTT-(r6kqJv&o%fZ!2PxoDDm=C_2WdA^-V
zVb+eE3w!qpD3^}De?4+x+?TL@=2~uet3~{w2gSN0mvvZLlpZQYDLU-My%KhI<kR@A
zi@w=7y36%jZ?c+ejP_@feV4*bF4o8O_d9So@s+hun6FU%N9AgUM)DS=q`K?2=WzV4
z>BkYhD(RqhUJ|H$;^u;LRp_hM>tC}}5ectkGkPEO?#m{7(QPH%xk3DXw38rGiXn0+
zBcV|*qnCA`x#l-5XS2=sRIqUmyXKZE9QjUx)wp=Xsw}t4x5n+-O^QJJQX9P+#nLoE
zb444Kn&<H+N35*e-jek2fVYpA>-@q}+sA-DMn}mcgRfK>TscM=3-61zYo$D#7sP)y
zyx86>{n4Xx?!3%fl8j^O4GXLaH-kMyxI4EePpKy95;Q1j@kp(Io$c7!np?kRf)mIr
znI?Z6ckw`0`$sLUaG_gcOB6}QL<xtQgGXzAPI&Vj-Tt*aE+okvYJ``4Wou!$tva|T
zjQDHmw!CP^Pxe8p`)L~;ec|&*0(xKivcEbzbaEggL|m~ZzwU#;GD+Rm*gfgfwLf!?
zgn3Yto+jmVqt7_9e(ZDc3R~WH!FQKs5*W(-O7hO#@~_VQR3QyV7fq86G;a@%zM!X#
z*tbuf@C<R^{llEq-m7dDIri^2B1EW3n|>YR5a5oe&Zo}XC{e37v7<S)L9E_q(;R&p
zr&nW?hDJN=*Hyj`u2!sl2dya+bg2osS843|7{Z1(bxNdjEeuZkpV;B9Al`Cg<Gs1H
zFxx>dT)O6mqa7i2_*?Q8;p40x>i`^W;`Er<Rko?52clC6mfsKaF;o@DYkLm2b8g08
z+{BR4FV6nL?xD*qof{s??NV6>_sR2L*ZaVo$NS#u<<q;d*I)Tsv+~FdbbL9Tq<fS&
z#9@T7|9O6$3ttkq954RfOzLMsQ=1eYe+`;h(Rgw|x1OGCoGJ12>Ugd8%6CT5m_sjV
zAo?Me78}2~4n4k81Vx(^czc=Db1yF&1eqLw26I>*o#A+Hhp*efl4H-kjOivvq>lN;
z=Ycw0m}XLYxgNF`(v`fkDtqP2&RV9~w#}TV!;2;1>5(5BYAb9$=jAeb_W?;ovYjhz
z!dP;je_^k*d#GXJkH*z9?+#FK<h(PMRC6Bo=lRE9JuQ=DW+4u-<hf-2RjVcu(@V}v
zk~eRpm%vaS_gOOSxz2Z#nzZYzrb@Bh!_}+r3t<>yYx>xjsfBB>gW^}yXC;1Gig1v4
z@)&d|#%%)+?{u&w!#w2lt7-6UZ182@w|HnTISJ6$DnYC)NgQH|QWySzmO=1~?}yEA
z-=Z+AS@=}bU>GBR9v{zh?Z@!ZZS@jM<|00Z!GIT&;V(L<HKp%7AyUp-X|Y-p7W4?j
zF*vlnD$z}OYd|#3Q|CNwjH2oNS_L_e0G!GL{`@d+tUK0ie4idmD1E%)D^ptXbzNRC
zc|UcG=ozN%SI?wtC^Uuh;OXxz3w0aH0F}9vl+XGE<{{NA4l%;dj(xUm{tc(?qg7d(
zh0Oi6L*0&^9M#QqqzSr}@TgQCRAyRc6Ua=nZqB>Szc1SyrolCwt1fGOeUTS8<N5K;
z6Q>d$_2Ok~M{c!I<C=0)M=Da0KCakq^peR>(7k(Vzr4uv{^J+?+kAzdJd|EIN{YwS
zvKW)#A510r@c^!K=IQ%>e77f3-j;n6_>kdF6f)p!qb(sJA==b39bRX$uf)j=95}SR
zuF)788m=`gbP_4{6Ia>P!20rYrmczXZ9p%<$be)mF<~p2VvO<JE70|bItH8FO>VL{
zc^ucYvgb8(ov|E#+02v(pF0DCTiO01vnnTrlCu1|&%TovgVNR5^F9p}j_qk}c41qT
zb1@dt5}SdKiLLcz*CKIpANHi^KVM&46{#2gs6F`3j%=9b=vMh`H)kxht3}5b+XDpt
z+NLy~st@o9($8%j4Y1qk6F%^<cB7G}Rg-OTeB?m2aMAe{wsO4e3Mn&Xabc2*7vmF!
zr3Uu>Z!;21^c+t!TnLJqxGk5e|Kzd|*GduHC*}9|NyeH=q_v+OjXAnWoS-{iYT^?V
z^mBF6b-tKgGKTZ^L9xpk7W$zUCy(s)cYabKCHHG!R(Ihm!HDDh!v?>BW5hTOZ{L_7
zJ=bk<G6`4Ut&|zrH?0(nuO@86mo=0{?7DRO*cQ%4S*#qv)iD&mefgzCZUD}y+gaM|
z&*D~?ms)S~<BPuAHc!OKE$<;n*WMDsbN4<=#J4OMC$jIw^Lo{RjC@Wwnn^+yw@Pzx
zyjIO!!eE$J;#*l%9Z|Uk5s7hy&M5|h<_k%|M*CL@d95n>J8+(UI%#+|aHGBO_!$mL
z)GK$H);Bw0ZoLANmljU!Z}T8$lYJI+waI_1oPmqUO@=h$Zqfre@lE0}Z<ctuJDU{G
zI`o|P0SosIQcop(_InT#{AQKL=dfk<PzGM;y5lAN8&d?WDM=4n7&gm=ahQ1zz>YBY
z`4s&Q?fLg**V=vi#q4Q4BaKRREjA+R;;54Iq{T^sAFEy*zWpOGIO}%r6@Kb+Zn<FD
zrr2MKoSQ~I;sXle8}W%k7YT(%GxF)vjmM{doGs&%y&oYfX7g3>Gs_^E=-HKx)dy9V
zJBftvr^%FT<2fo0xhB@{k7W2Yq*fkD9j+?w*;;3ptXo{KLJ-hV_-?PPMr};}{sEuE
zq%6d@`6_R`DLyBjpi}hFxbMQJdo~@pJV*KF?Ke`7<$h&hoi}o3q8@TMC#odA(A}YD
zWB(>MgL$x6H=gJCLa)_wVhxV=r7oTK`-A$On?6uaiA!xp)YZ@2uhsS)`;lXDBK8)&
zQbw=-gV>f-H&V~Ug+oQ%w{1@jdOoWhsoxiHM*FbBfBG-TWukcp$7g&$|JUtK!hdgZ
z^gMbaLmDEZpr3zuqlJjlzb~Hq-{0a03LrRmjPw@}ej20lLrPN&!sw-tnhg-r#DSIy
z>1>b^9L!{(S49>Pq^l4FD;zS|AOPw-WX1z+D5y|C8Tbc?f}-mWK-a?TmI2)lGSy)!
zLwXZ%N<b0T;Vd~acOi<<`D^$MY8*uCU!O5oG@wlA%r?e>0LsISk4SBSj0aFN96Cq(
zU(nlvnjJKhe<5Ta_zQu;1R+c@=me<3epd;4c4075Ae#+_FL3`5(%xaTK^U%prWF}L
zb~*NUZvJsG`OAIfk6jk>i=#e*@(ERl6rjHmstfKJ!K5K=Dj-BT<P;DF-w8f+n*?x3
zgkKJHJLsbb=%zpe1fu}}-E#K_fX9G37GN~hPypqE&jO&=L#5#(x}yPGD*~Wu1G6L=
zOE5vepd*zWMqiBu$cBW;r4BkSjNJ;<dLnQE4C)7H!B9wZ5D^#$_>Gj+7zHa9Ko3zV
z0C1LHOi&yZLI5;w$V`E1z##A;K?v23?KDE@q7Q_SWeyd<GUT_K^f&ANaQq)EvY_ok
zig;8B;yCKXUzMQF?lu4%M~Z8(ltWIW)I_E*Od5tT(A<N*6w)w6?;=cp)FCIvumLK2
z5dpcs5c0s;tp)J}*(R_pAa=nBf#(FWr~za7`Gw>Fp)82aV4VZBYp2~s=%zPpPQ*q&
zcsvmTB_JSVOa+9w{NxV;rLg*L8i)s6n}x1!Lpd?R0;d5`Eudz^$`Q1Oxl0ZS7z`Iu
z=t3662@%9I6saB|Gz`!z=!y|S!|-?R{&yJu_Zo(OINc%qFQ-JnGK7W_rZQ1}n9I>+
zjaUGa^zMa#m<x~Lv4uwsnF&SIk(CC70qn(a3IjC6=&3-KH_TxbFyKQS7!M+_n5tu3
zis1eqIrsntz$Ak$0JbEU&#^Tjo4+XX4TC0N7KIxc(9sTf@Gy%HtPtq_AXo;#XaNA3
zBH-yk4+=Wj0XMvW<pQK1<NO3u8{D#kIRFAAf=xz92z<iOO_-1wZaxA}FXW>G04`}`
zz-aE_$O^i3;rC}~OC77x$J{|9_xm$k$q8;?7zZDi8DR;*Rtsu#xaAkEiI_PIUHv11
z@ePB=44yA!2HPbQ9v94+3~Ud8mFS=hltc3k@D-SWwOIUN|6c?1m&zS^1Yv!G{;Vg!
zdelGQj{scR48|<rF$SPP5eHKN0I(OsaPfon4)IqA9KtZmHRiAda`QshRG|?8{{I;#
z^a;8H?0`?;Q3azZhdyBkc()K{+@T3<eHf8|OM<XXVWb7)rG~j25NuVjxF9DeShP?l
zk%18%0|AM{G6SkcS3&JE3eqsHWLPEwLRWJDOM$@{Z!q92mifpd3>mQjVeZ_3`3M$A
zSny!P;8FxEK(dGh*iOm)0ch}dYru#F%)DT`$Br9F48|)ATE@r{)-wzV7Lu}Eda?4i
z+ZC*20swOi@EQn#%?@@DkVOA&to~_G|G~*Cz;Z;)8A7?DpMTnM^8b(7Pzd(_wxOJk
zqEn!j@xd`C>XQp>#3A5{C0i%(+Ut!+|B62}`XyP2vH>|c?!{7ae>{8D&!ofE9j`~#
zg-ep(J*dj7EBcamQ_ItD?&ECw_nY4{a=&}vxmMC-NWGv5))&>Uc63~8n3}sOI`YlU
zQS;DX->47U&W&GpW~~~EaF)aEX591}zUuC&ZqU(s^^K>#183PUkl+5(#MVKnhJ`t?
z8UkLDPw~3cEe$zCiYBszQwAw?zVsuJ)yd9MWW$fcPxc*%$G1*x`1vz5&8ktvT*Kn-
zl_PuJ$&bh6X%!zFYSsRHqVtf9gb-;9SFDVo&|&n4R)`w?F+Lh)mZW_D(4p}Z7V@V}
z+H|GzxFTW^@SO}*i&G~#;mqqZ=sSzvNVDe&UQ*^R-)E1LIk`FgT3RrP9hx^+V?Mht
zQY=bTL4)?z7v&FTTqoyGh%?2?99Q*<8j$O^=y#Z0ab_mJ5UfZiFfQU2knsEfNfsOV
zg&;*bXJtwgDcVqGkx1fDyf?2y%u0Ulqjs2x)UYj($DP&=n_!^5o+7U;8AyEZK4ox?
zWs1Dh_EG6ANvSTbP&_Gl-b1yuEfH_LDG1ZfMw&?*1-CsukrCVY$XJGP_|#pe5SAjN
z(~YyI8*?tf7o6{$LiDtbhH6ybmoE|K8Yi9l!KSW5dHV|c8cSTkWy)ad6&cY08F|Lp
zV;y4h)iQSJpTty{YfX;@54}?HRA-!xJn9s(DD9PkFFZLCJ5-j)5@+(5vL)a9-7!mr
z+hOw%kVseJkoFRv+DOLOx{^BMf+~?yr_G$gq~6D&<p>sX$FjpMZDRtR7x@o6q_xK?
z*St2NV^cF(OkA^G9&RBI&33&QX;vZ6d?m!IZC-+lBeqQSt5fIah@MkY<d17lxA=r+
z3)eLApPW9V)_k>XT`{uAwIfFP;wwYCwZwy$R*9Dqc|4>u<;jjO35vJ~)X6jEMy`P=
zG`8Pg?1M7%Thd^O(8dGf*G|S-%h7#5*6;-HV4Crl#>bvLgztsM;;hX5vP28M4~!B=
z9_(zuwUIvSsH<K*)iETi_~N4EIY)|fRSypzOmL;u6U@I|tMsCTsx7cqX~(%f-S0!s
zF~i5h+pAM!-=m4tf2@8f{VBl3n(U*W<vJgb|MSJpuYDB#hvW-2g9Z+&#i&&m<6o4;
zRnfmiQqMAa-ufn=GQ;dUJb{`6dB=3LC3aGnV_dj#$0W`1OJ0u?30}fg8Du5h$Iqj<
zG=_&4SJ-yq2-}yA6EPw}?*i!RZGz7U?PnubuEKl6-Y2W;C3e&=+xB`$Q%ro5b<``y
z7#DFB$HQG6H7$wTU#U_|?ba!u{c5PK4t{U@%&dFjf@t{XvlMn}--!%DKR-0FldHVg
zHsPz6>3Q5gvXw7>;9A4E9p{E~ten9H&Xh!b5!^3i+pDI2a8g9p5@ZBq=g|;)Ma!xa
zmCodR0m}3kzMVdxvk}J&@koylB;V-JSv({M{bVAQqCS_|uW=49&S6$&@{P}hd-q?J
z#gz6a5iozO_xo||#JjXQCT3o8T$N|%7@T#aZfSF{$I}w}Wg9Y*jz5;sWQKwc42{~c
z<*}s7RpNf6N_+FeCfAA%xeZ=2^S9l5A}Wa8X*_C*IcndDI1%Qkpc8Rb<iUGGvZETu
z2pEeK#pq<2MaYBALge+wXZA4m#)_TtS8i9OJ0{C)!5kHJB2F^YY%gissZcXH(l&um
zvj9?+yN$(HLMCe(apV_$8*z4Indw#Oe$a<ZGCREtuscmY?z>}=7fZUIxwKq4WbcvE
zMEI@O=f&KJGrWA1&`E~hGdxi2zF4iiEZzN}HAw7VfUkXNMi@^V;!|RbJ;+;erh?f?
zM%ZDk!NM-fPGQ{lNf{l1lZ@-dLz8o2l0>D1XM?k4n#ZoKO~g0M@yh)gO*Eg!8BjSi
zxf!jweVOWjpN#8~{if9IT|bvSQZyiH{2_Ba{)E)6?+2$(oK5^D<G(1_JKB|?e4n#m
zKO;Hexdu4~##kB38ax0g6C9+m$}bN)`i02jTDlX<Gn4bZvW0ZtQ|WujLh;VcGRIJj
z&Fx8e7$C<rzUOpWMmEL%nQ?y7@jZey__B1D!*XOo_I56i1HqJ%c(Qb7Bj4^lap<vX
zhac(wb2+m>_jyE<*iZmp_kk~ClXQVFzy80VW8rv+7=FDw_v=?)42?KX+z$nc$s8+!
zMp8cgC&bjyy74yH;r2h6l5tpVSh?c;i@B52_jCchDH-9prUsQ$u`<Gvh#}`*siEGB
zr{hBJ)fbM0C^KIUYJsT`hoWX5q(7bz2ZqT|&ijQ#4B`sc?1y0un+6`huo5`=5*~-%
z^D%M6v{h$FMFsKOQo@%UxqczjjKu_jVlUHJ{6a_+GLIp4O;)#>(N2n+#aizJz9m-Y
zjk(%2NPg|fNC7^+#;c6AMt={B$0i(-|IE^PL`EV%GTR(_uTjbwCriHn`F%x@vcjhk
zP%q075W(k)f*_7OuR}oKPO2(GVHOsUvYESSAa)|J?xNpKap<>-DwIt9Yy`jg$Ur{#
zj7)67_YD4lXXv<p%=Aj*wv-?6<~`^6@6}>oeIkeiAz(TB`KL|Fzq#5Fwv+$kF<C6k
z|L<e6z<UpD0^x)p9BD>x;jsI|=t|&1XtZw@hLc^OMFMw!IBA3OV)pdt!f6abDid_B
z7L*ED4BL7Ph8Kq2nh{io^FNp)({OAIlw0t!&L_x?w*T0(M-V*V4}$El4~BOXI6Q>*
zr066cssi4N;JQ{gb%&t_-h=*NOl|NAv6~sw5;|XtIh2J0BY=hmi(sz}5kD~c8rU<V
z3l-7U87aWfrd$a2=6?au`3Qn`3v^<z?-qqae<%swT3{Q?4=0Rv)6lyC+RJ0pK%0Qh
z{Qpja^R?I{(DT3>1}NLG)uZ!YP}6S)VF-qka<F|ygrG1W7^MT;7>*F!ISM*Jcs)Ru
znF5spm_u`b#o#pybQ7RLgf}>-5;+*a3yL_#GXNdYMCwS`bR!lb4Gg+h4`Fm_4yj<!
zp==C<;(#IlzhI!{cWxMebSdDU%AjMIyNiD}2IsioGW5TQ0W1u)0kLplDexQ0i-5Ke
zIwK;EI`g-l{`DrHC?^kH`Ii@Tqyz*O!b=gR7>pi_C5+VH5aKBI5ID*SYzFkVIu+sN
z8+={<=HMapFD<}{Q85&J2=t^NT1YnpmHnR(yyKt)vAa1j=%U7N2<k-iX181LUl0hL
z2)y9#=ES1ElZNyY|3Vr@JMnLhlll0*OUuUJvj_eB(<~$SZ(fCzVd7H8#34UFSE>Zy
z|8X30eDU2^AtN;%T7J?g0=g4QmxJS<oD;*9U`V}&=e*b96N?xv{j0>3t!z$WgObMX
z=0u7Zh1Kkg{=E}U(NbBllJy?vi}qAoM30oEUo2@FIeX20Wy0FUN7PHAGWEF0mUjcm
zPD}9B;+-2hQ7UOl<kPdar&8o@P|VfWkoFui`Ivq^{v!_Ib#)_^Ol9T=-`!-{SMPYK
z;E5(R<t^v9U2-6K9MIQw$jw5$nRF_-hl)o^m#w5jSWi%wDVVRnmx$!bak5JmO=IUh
zIGWnH^bOYIqkF7zrp9oK9#BtT5x@I^+nW8w^ydZ$#Myo1O;ZOKkvoN`BfhB-{{C2>
z4=&U{R%i(J@>f<0@<lu@(7pPJ(c8s^?~`!G?17q~<qcQHpoYG^$CfKoeF*#T9HN$Q
z-kstPet7!@PK&X7#m~Nk49)#@r1@oEsZ8&u;;iA<P?c1LKf`|z(DVA^2OZCxz|}j8
zZ{$+gr6`E#9h3H3iFPc^dOO|nEKM78yV-uI(5k}bB|nanrsI)l=62nCq~UV!UJc~2
zH?uAo8N^d7=%$4+$5l#RqhK$<Sqs%F9jIegS0ENWlz4?aBuHm9RZqk(1V6alnj)m}
z&eSJC(mlr;ZiR`Z^6LBZg|RK|Upmztb7nT2m&AI)xckfJ@E2N^B(%p>80iKSJXi_$
z`-!V7M&XussZu_Ss5e_q6R>qKR5o>BQ1W{cRS_o;AlDF^Dw9T7!Y6#nBA7^rDBCj8
zF?^zQy(qWPhT~&-DC5cIA4G>JofcQdYIx*n$yzk(V{{l?j%O+#yT}yUq9Jm>G4Y*{
ziqi*XVh+6Vi{^F$Z&}ahzg7vZQY<g;)+|&$L2A7Ge3(#QRjxZp;q6oai7C;fB=f}(
zyHCj%_sYkZdQt8V;UInUq3t@Cogweo%9ZBFK?}N1ZuyhxGR*S0S<I9bv<KLH?icN{
zmu7z?<3je?zdPWB-2QQ83cSGam>cp(tmph?tv@F5`My&cCOJS(ASYXOztE-XJ+7U_
znbw<UV`O+%!br>r<-b+X%hUCfGToIheR+8;K%MHdnynJCOfg68=eKJCGmNM7Uu&pR
zmXl;}G31HKsQdN*oIepBaXZsw&!xZvLt!bnI6hp$*%FcMl?LxW&5u-wb2c6!klEKS
zF|Ke$frPAaC`>lB8~Q6l^?gdIbzg3XoQSYsj*4W@*qAa4>HR@D&Gi1N2i=w@%MF;u
zpQ}*o95{z_=gd8J&f;^5uji@5sHGkaHx2h~9JPE;%8qAanSghd@4d#R)MeU7k1Rqt
zBorpu&)Qn3pVO^9OW{<TEv=yKw3zdhwpE)!W^UnZFfA@+oOtQ<z{KIi6p`3>_?!~F
zhjek}_6_%nxcqQW6lOd~&(A?EFmv8}t4Z&Oj3g4U$BcCc0>m8RD1lYHxV3yQ1Pv=n
zURGrhd{VnpcxfDOzngm_ZkEdCH(cun=Gr262JaL+QnuOmO~>AhAa>7ptBTgv>l^-T
z>eb1vN9h%=NtG(7Z}i|?^GRrGX^UnQ8oS=EB>4S~PU6_$l-u~|x%pW<>0AD>YhSfI
zXObs+C%;E8-wdGn{9Jh!m&G(B=m7o|qZ0SC6hX&#ZYqv6Wq5Z#vHuv({8Za>JwE)b
z<e8so=V@0BJm<8=6t}+#epf2F8O{1EqjLSngWGWuea!NYy|V)NhL5#*27S-Zkgl}6
z^tN7T%y#ld-J2a;xnoNkFV3WPuI1mQ;uA8*F*luga8Pvg*jYttqAvX@LE{ta6oIeI
zB)HWnj7Uw7(8lz9o7>tOH=pFx7t?C;?>CQ!uiRePg4>DE&p%D;LVs+k|KhF*I$?f@
zw+Hv%I9xx?Xzk*1?G!IB+`qu%CdlLHY{d(quK18XZ8ys)ce|?&w*Qn7bh_fam{dlF
ztLCQ}{}#~C3<A;p!^PO(8~L}`b+F$MhOl)g#2i|Bv2o+TRQeCLkiV6J1r{y!m||c(
z62TTj8tuPA&i!S}`Zon(zb7d4pO=JP!*5EVc?i&j32_H%c~r-4P`rO`^KT_VtNFX&
ze_rS>#z33@%a)Ke6{tbn1kJA)wsXki>`%FWu&H7c*~oAS+yG5J@-+fAFS?5!3qbb_
zJJj7=up_}F!)^?8_+USStQfZwup{i|;R7oL^1*>E&F&}Q*Y89mc-RuKtpPU&08kZJ
zz=iol{@UC8Mdjbe?r*(=!WaR7AcOy=d;ew|#1qLKqDFwT2mSoh^YU-5W5KC_jn5^_
zHi%Jn_SAp44Wc63vxkZdr=4{P?uOZUh}{N#tHpOeKUnp&dj8h@`qZ!KZ?!!RZq<1*
zMBJK&_n+G`JeMO-VPHPte$DORD+qJDH}KO5*$*E-8jo&vmFronUR5)E*Y{>YYU^(K
zXF6MTi<%|c>z(D>{<06wvLALNRkb^CTlRr_)>%_s_QMC7Xm69JqLdN#grUQbvY_~&
z@eyPU6AhETKg9W%o%epGP<&V%ar-TY1WRpgJ%)iq+Arr((bSjpns$^^3JKZ9Sq!Fx
z>tjSLNnaS}J-C=e?Pf*EHe>_2Sd|z>?SyZuP;u~T3isz@>h+UOA8L2z2r)WSp(L^B
zy%9U@$jLvR`h)gN;rvs_dZq9OlkOz^jh9Pm_r;A_%HMb?q<THzpzukcZd~J2G+V_R
zx<#g>@Ujivqosk1*~STMc1c5zqkkSG|H?wg{8sz86>qVg>A|UD@`crerhJA$FZMf9
zW*lv+B7X>YG{mT{dc#syVO*pY;>WWwN6j+LJ#HimZ6M!&V#T-dW~fh0iGF))+2p;+
z%{%e4_8g{50)I+B9@2}Q7Bxz~Gn<{nS)xkj@sN5lu|&!A8G&80rYZBhZ}uEHWBuVf
zNzX$iN3|J6P9_#}AWk>a>)3fPRv3{P8q@@Y%sp>ajlat(6wn`+r_7xj)*n~V?(LEB
z+|THeu7JE<6K0$i6c_e|%w3=?-jaFrNQL`qcxUn&Hlca3<*;F3NSA)&k!PB>v@{0s
z*AM8Zec<Yw@~QW9_EC%*V=?W}L1P>y8Y=y0s9wQNN>0Jfb|paG<zw{S*L69Y{3?M-
z&s9vbpiaWClS{1GUYr<0Q=4g7E9Tq!>sUlQc8D7FNY{O>td11B4lo|!zSueb@aqNF
z=G%GvlnJ(@rg7t8^NAXE7Ye#A)yG+!G$_5oZM&9k*-@Y@D@aV4czgW1tF%NCkLdzq
z!8d`o-^7{+VsLd_@Hv^|LVZ>fT9h0<Ep_6PMAOn4RL4>3+!(INqVq^nJ@=sS>De<^
z`YF7licDJ;n{+bzEA1$&i@YXSDUVzoK-|pmm3}_-He~3K%4U)4nQfUhvxoiUqRKQL
z8JD#R*FrK_Dmrr{#O?KyrMSQ7zPM@p<!wPr%RMX8l9Pe0%igN8(buk?VS6W9s8G;j
zv#7EX?Y=g;^Xk3pzCQCVv$RY#jxLfD6R!>=k=Qj*(GO-TcHQmIUq9h`x5DgG`(_$p
zXU_c^qjOVT4I0-|77W}T4XImfgk2@J{@@!VEIpnTWdGB%9e-7lJNt2dLfE)<O%IQG
zdaqSk;rZ})CExC@)Mf6(EzuF(rd#Q{0#dD2Pp@w`BF7$XTtNS&$ijAX_NI4eKl$4Z
z7Z3UudQ#FK7)0phx{4IFo%f7sX*zvf6z|TEei>_gBf>^J<V>xoQzuj6Os5QEdfHTH
z@m{)9Rb;{INz^+TmStPcBG*5dhP1|VbvWUBZ3<gn6D11bJ@xYQ-u+_NF0-l?c)cm8
z<j$J@IBBBCvHo+Z{|X-K&IG;pGB49Rt&g`GMr!HA`GPC6s`~Q%SRRER|8zG-_DU<^
zjbW_^>#ddQm+HbNlny!n_~BG2d60>nBJ6xK%pKdzzg{&}sP61pjdqo`(NQ~`%aR{I
zE5Q9g$IgtSdsVdm*OS9%D(HFKc&?2PX|6g{SoBX{>MMAKm-In}@#R@nr7=0v!cOxA
z-}3wmbDD=O1Qux4^bT1yj?(g*|KjNWJQLoo7~|RE*Hlnv{__59J7R9eVn*By`_B>U
zMOr`0y5+f|6i5qBrYbJ32y;2~rJP7Q^lc@KZNN;>_R;dhrPD|Fr_6;Gs+`emH$6eZ
zQSssF`Kozuu5jbr9lh9jbDO)bO%m<~nAn9LI@id<G(8NP|1J(yANE9>`gMNhsa*Dl
zLJK&r_OqG3nXt7PERdV)$y*q^Wc$NnlZNY7iektEp#%yqd)EC{&&)o*O{F8@OgtK<
za6|vOSVxe_ydi(vHqQAMYuRGUtZr6=md)pEkDTse%jTk6J4kV7*-5KeQ=;WgnKP$j
zF6GaAQ;$Ac4Rxh;KT#T%5Bm72{ey$c<M$DIN!1s2_yV%iWDlsdTWFw}v8MrK$b_*X
zg>oin<5te5HpRun?=74<C!>uuue@d!NMAiMV6jL1#8>vV)!49G`RhH2>T?`xqFfeE
z&$J`T?lt9?AIiVLA5Um}>dGl|&adg&nH@Xrx(wgxX!S4lc3JYgPj4j8&8w67BGxc`
zHGWpx{&;Cc^{o7b%E>p+*?t!6L_A#TN?Brv-b0p}7jW!G2C-S)mXG|asx&R8_d9q|
zy3(fY*-o9cx{B8n$wRezob0Dh-QXgli8|IwDya5tRdUiK^Jo7LakMt|dF*YhXkic`
zd#6@Se^95-Rjx3H+4Q)<aVF(k?=sZa&X_+>jiK^VPmbJTuqY;d?)Px3>*teRR*}<W
zy;l!cUmNhm)7{W)9CH#lBaqA76!84m^%OBTA~{}G3P!0urUNIdIPN5h*N%Sa8DepB
zw@YEVnDu&%i>>o6U+)c8T3n(Kj^qgYT1pBjo9MRw>uLFP+8lQ-wbvdTa(f&-+v+hC
zo}88EDZYr8oFkmQMCGVG=*>iQT-ihA2qhW_v?@+9R?v|dR^+f&OvO~akICJF`N_Yw
zCYiLDGPt{6h5LO+g#R8|0i(^hV-*JE74%oviI`qmaP%ofW!~-Op*x;^_RJ}dy6OwP
z#V4D&zg<}2(-tT_Tz|~1xUP~iKA+?|du~j&Ke@p?xvFY72k+AOg5GsI>5T}SM~1^+
zid1q^Ov$nb#~u!OUumClVtao60^_=INQgb2-n_SL_()#L&i$Bv*@ACoMmIX^mzQEM
zs7t=mAhXgOcy*$3fqCRYTkq9^Sqb}N70IQc!tNK)?!aX`#gxdH!<3fU)R5KmJ<FR7
zzwb&KHiWhoRq}Cr6&~~{d%a7Rl(to^e>B^eL^*zc6Q_?pTmH?%88y0#rm8tbhHrYU
zsm)l`Uz(Q@8t2_oDf%vW;U@1<s%LxYil6jQ-C7UnVeb1PJ#yf>8WBWw<MUYZ`L56s
zJ9(YB#p87G%<IUvr#oqE9HJ^K`Q<$C3cUV>XIP{Vpa0cmxyfR}y?Lwj(7n{v?7?h<
zh?4&H8~3%63tf)7&;{pdGsmiVd~>B+>uz!Gv{p3KczL6due0jVm9j0GRpr&>+zm!b
zSWN<@pAPK{8%mOG*NlBj0#g7?zcWl%@13#RlDE^_SG+=1Z2!}#cvhLMy*GVMj<&b<
z%HA)}zI0FpSn*jt7fu!VKAr7|8%-yA?Xr<vRk^i%mg2#y{r7PW9_`P$8ULUx!zD^^
z`{I`bIgd_`LmD)`v7NSOFL|*RvK-ssjaBE1J^QhwtgzSW!zf=y+q`RYNgjWLo#%oD
zMS<Pki>o45&9}uqxYm=;?wgzbQFGIKSoyPUhuzQ}OMCs2RU3j>9ofiLefGn*j%+_Q
z?eJtZ4L8Y$g(Uti!JLIoIMsuuqNG9c(AC4Yhhjf7nl2qvQ+a%hhOsjLlRhPFf<;T*
zx6M6kUT#jFpMsW3NpXJ#s3<ElvJ{0xBoK`Mq96ahouU-YB6r<+yf84nRDwjod!Z*I
zp_`edpTf<m!8=Du(&LDV(UsepSK}B}VN*Ki!s_!OxGmo8>EK8F7O#uLUXq@lwcKx1
ziqI)s5)lm=lF?6_w^=HmIz8p5M$Avs)U!VgZ6`DQL}l#WD_jUt=U!mBbC<RJ=lR8p
zj81bzrl}k8O{?!8d|dKs{&+q<<w7mJZqn#P;mshlalPpayBpbM)05E#xVi6=kJ}o@
z-u>`|K$Dhhv4-|dOfgGAmYB=Y+`B`+^4SljDprMXFS(r*adY6M4PKE@9O|xZKd;i$
z|49)ho}X8?V@x}a6kABqGML6kaG&3N8_Q`Nt8%xW+15+jE|k1&^{`rV(uO>(q<~(d
z$N)pd3S-4+szBL_)5NL{ZT`sjpssv1qxON*ggI!dOaCdFqvC#3wv>ZL;o8~7z4onZ
z&l0G)`4x8tdt|9R>ON1dr>I244U*sdY+kv-)?0b-s+MQ#S1IOEM<vVGRih7v$|UT2
z@k}I|d#|R7-*~m3UWF60!XB3HL|bo*^+^Q>mbt6+Z;bZGeV3A@cW7{peH4DBO4;?8
z>K9#~Z0j+Bhy*q{WlzbNNwxr$n;$N1A37oW<!OipZT^B+R>Yf3*#p;?IJh_;p4-&p
zZJ+}loUKWdP8)I=9ZaEBz7ocSuOiCqpc9i{yX`Q^HX;<bdXe#r3ERiGMYqX$`;RsL
z=4`4<^$$m$T>6OKF2bZaZ%Lv(B&@7^*)bo+BV|K1P@3c6|M<=00E-BQ67By>6}Ju)
zpHFzCdv_~geA$rv8OwKXi8tTRE}LfSHQR?83Ur0Wsf)IU#}SuvqBU`?HAB|!p}523
zZFPp09Qw-bEauMETw-a$QEhW+65SFX^|r<1>yiSsiZhHIj^wvFL=XP0APbF~g2~>t
zrCAN_pDsRu8Uso*heO-Q<B9oW8DlSB`Qa`%q^i!)<0eMqP}>?l%*JtlV}Tk;QSBld
zS*l<qjwPdzgtByQbQu$Q@QIa}#xtRN$v0W#jX1nmR+YcKReFb`nsp>*mf!b7>)aPM
z2Sl-3XNJ7pTI-6aXvkckl#X!jRc!?uj`P_`T(W8-52MSr5)`{dL+o2lh8JYkL@d5B
zRSgU0c$=9W_@+c4R7X{fxX<FEiUIzVqdfVA6K!_lQ&n^EbDnh{7q_FI`c0LjCw~3a
ze2f<D7JxHNut;gxU5P(va5qrX^rH10gY&U-fy}Y`apsm)L#$J7+T{Gf#L<3?B6oJe
zOgmO3qWg|qw~Q2Q`QR;-#cluep1_?@UAD^-H-wTte~w5mPJ2j&>$KSrt-?XcA4u-*
z%Ih`9dd14D?ZU9s_3+*l!*>F=2Js!5+okvuwtcj5E47|K^CG;im}>T*;MonkW=*Sa
zPfn(}sBPUVd<L5Unp*<J8sx=SjiVDy^WIEd;3%I|%?*7WSMi0(A}7SYB1EHO$i&!g
zHoD@Px3iC@P?6TwMtQF8SD%rsjGgXFJ997Ga}<x+3>0Z)eP<<p|0T>UVNCADNpp#l
z&aDwqjPH2kewKMVzYz6m%c=RvI^9fj<(Kq!Jc;z<HntL<m9Munw~p@IH`$CO9zNPW
z_Z&CuV21lvf{tF=8C7L5ZNFmX=_DQNl%=i1aj8G>iW&q{MoJGxe(ldGbg2ERn`0>`
zwPAxxaYKqhMm4Mo78rV8>FA+f@^%jxMT`ft8kf|&UVr>qpkAP3W5_I`Rymgt*u&UR
zyQB3bj7u|`p?fftZSCGQ=TjZ)d;6#jm()(3`x-peOhk9hdHg#C$p@xV<@JRlKVRS&
z<Q{NK)8jE!$XK^~aoE3SEsQ(3q~4Z}rZ@G~EytD+1FvDO_tP%ZT$&PH#b4e8Xx%Nc
z_`EKY`Ea?YuR2-5A&x1hMZ;{ib%k!Fb27MyO1@Yj+T&?cloPk7pm*m{y-PR7t13pw
zlUM2LM>?aryfhc#y~hSEHF(>Src0E?x782lUR~?sY+98=Q?>?qqG_s1(0eV4_s=-u
zr_!yoa{MA}OG7@!;btHG{Oe|{>t}wdX5yCdf-{}shr@DiHmkKhDEq{!q@h7=`2OyI
zejEXR=Y#&(B?=Aeox$xCp6aI43o4;k-hO3?9`7u*v+cbXTh3NGQX44Nkd~}{mtJu>
zazQM`rT+2ssiaF0jBok0lvK!Qx})$Uud`%l%I=a%XR7u>siKJH_6dqc)_1K+v4#U)
zHoWl{GYPo08y_jOi;%r1zBlB|Xi|G}@qKnY<&6Z5xedNYO<W>UU96pa`wz5gMV_c1
zCAlRn{R@|oAheaa`ofE}#YOKDioVt`Ek;qM*r61@U%zmF5D~L-ow&EmXq@vPeUUs&
zAX6pc2h+=*OZq$vLU&`zaGhOzu3juWCvT#-kA}Z(@*zuX++hXZ7YQpQjAEx^vwsPw
zK5Sn6MXlpcQettLcjJXsV@gww_+e^|vpPJLL9UxYj*XV<l`I`SEuXAXvf36to1P5v
z5!>^gMbwG&^;?-N|FBG#I3|C>B>T0#xB72SF!Beecjb=CzRlr_%)VyO^28#(#G>t}
zMS}STnTr?qQfftx)?BQ*#1CJ!F+%xAR66HYO`|TT-}tGZ8Rg)wk>RIa9rH3?y&*q2
zbJX$nut9c*lxlP|s|aV@{ZDw~lY3^WIl?)V!&y$9U9ELER_;Tu;(bFUk*AkD?7E;z
zv<4%$aI)mE=2kjaR=${$TZAq}X)6auGRMQi)8?^csj`}S`^3dL8iV$cJ<byio9Sd+
zymhZ%|G`hWCAPz<Hykx4S8G2;C(6G6sln{{kojA3826pBPjYtF?`gw73trd}i)Z+_
z?A=<`<+|w<VK)$`$8GqgWZ;@-q*$lQsLNGVwYDD5`f?B3VJq=u-Rfk4w(dYsVf1FY
zdU<M&Mm1#Fkt-ZIbs#QO(y=9opL_Q4z(9#`ftSG>i+h680p*|d!x_@QjdmT67f&00
z8j+aS(pRCOcCpM(Em-^d9Vd>6mv3AId=6c^=5BbZZc}SyYt(V+RnEcOQAbXnXOdG+
zWhNS<KQf0h7X~zvm$?=gs;yG`9yifFqF-iI)jKoKeRY}M!LsQrQ&pMWiTBwBa<oC6
z!%a8ataa-Ktb@s2Tl^HZs^83d3|A0ea!HGivz&^PT~4&%ay*}0w7p6)vL3zm*yIJv
zrIdnKtLNBz4S0{25|DqlzkGv&Y2V6)_PP`uaarlWic#4G@mqn%<Z_CyELz*y+s)Y2
zL|ItLsq`<OTcn<jq$sxj=&#3J=4z)<ZPM^m;&WHP^j1o7pv18&(Zk*%1#Xk+twQ>u
z#yn?bi=1qJ;lAyXe6{i%SHL2*-r@L!Z<B14-Dq3!QtBO%`)tP9BYL&!{2#XxX!)y1
zP96^9{MFVdV$%5NAT?Q~kK>xz`C|LmN{f~OLmM=WtJitr^TO<p(573G^1N%0@(5g8
zt>mKRPxF&g<ag<3S3F1^GW=4!Q*ypzB7*MCcvMNX+)2-0^QT;niv)dtJHaR75Wb+l
zGrkoRU@bYtliaYhY;fiZCx29)SlMMfGo?EMHs|O)Z_IUD*-r~vCDZpljKgQhOcM#b
zvg3I0R0XZfvrygHk9jAX=cFHM-qSlr>zNXH{8i(=^v?<Qyc_2>V{CS|amtUDKX@oq
zV!0{l6z=6jpnTjyAu6rn=*y?iQeXF(@1qzju-ZzB{5DkXZ(#e3|4N4s&qj`IB^9NG
zle~D*<b4e`PoY`W`0nNsjgmw6Y<iz;k?vD>`@CE#B#`|%?u~M$1Gni~N|cNJhsa09
z<t6v{zyILimbl1g+U8S;k3Zq%MRch4ZtrTw&Un@fAK8ydr>&*0p1jVZK%TthKg9VV
zw5piAL!^&J<O|(eNw_e6hpQsvoe`?%H_Vy7irQPeAGvPi6v~|WSib*r+tztAzRhRR
z)`K#W0_LZDG~AwU+w3{9K;m988Yh1G-JASk{y8t3uS5Pk_D5e=%^!F)AIrs~YpBSc
zzTc96p`apyt}37*bf$uAJjAOiRH6JG|MOYgihZ9$xXgZx2!<})%2TNhIz4;ZmB&&p
zm{0zT{fg^en;S;0fpaC_J}l}}GiROs<?(YVq)Vysh}}t@zV8L0A528fPI@54-P^Bn
zY!$QS&sPV+=d85P+g%_2mc*%HAaH_8za(3mN_~^pG%=oSP4e_YO<hvQstB=>N9@$`
zVrE6v)welhk=s^2QUcPAca?IP*{b8c%~;LeFK2pYHF4D)Tj<()kZCS3?*C)y|6uJc
z-`Z}UcHg^3OR?e(#a)AITO5M7SkU0^Zg+8af<y6AG)Qo0i$j3o4#nLeNRSnN&wh@*
z*0GMY_M80&gycIJuDRwsKQjpkE8X^1sh|ko?Q177b&X=XAv9b6)pgT*ac@L@5<gwX
zBg&Sc>GyI#B5M{r9j;nF$Gf=7^NeB6tk`IK_B&0w7WvN<tj6Z-Y#GHWzCSCw^FyTt
z*F?mOq!Y-Mhr!p!0o`(WT7~namtL(4V0N6B?~*kY6OZz1#G(M4u8S4?jCl>cc2oW;
zA&f%;p~)0&c{z|5+*OXhuQ^nmk~hst`UNl@2W#djN!x#=x~}TYsU_We)D6^giIZpW
zxL1oF-DF66ADWx`(uD<@46j8$6HCDeh6ia38Ukkr#UfnvqEin%&sk<p`&lM%tQ5`}
z_nHVbk<&%Da>wV(AP$~fza)Tlagy$<b(q5&qQ}c;%B>vTM>cO)%Y@B{rBU}aDvZwW
zGLH@(@Xm}F%K}&&&Z#&c9G#=Zc+pgNp$#BU`|NQYBmGMyxhWjsB8ENy=Ua>PT=^9x
zyToJP8e{OQSwkTA8{Im|<Fshod0^|94T7KZb#GGUT?7-d#CW*|&>k*S!}UERB+s?7
zSgkGp&bk}2DX!Qppi)$_1j28=PoKn-wnE3gm0y;3PN&>eMJC`^VNu<Ll7fbA?3|Tp
zpkgoc?oCNgjgB?$@40ST9-YuIsYgzhm3PN}PzCPWj?RK4x<e_~;s0`yOp(C<EPY*^
zxqLn-LSO`5IiYd8cOsa;_Fb(4#i<>9UD=$9p%xFq?ehK8?k#Tf2m-`Z7JnV#Vv-vY
z+rsX;SQ2o{af7s@hmD?Mrd{HbUaJ^|skXqyGc>}uR5bf|%OJ0YRKnH^xvue80kE%_
zzK#6;>_z!2Vrjw_;@?50v{Dvg6}+E#z6K@aR9H=fR`J{Gcyk#DYG|m6d~LPY0e{XL
zv*mP=;7Rj3rmV0Ti*#^jsvF@jk}yzUmB^Cg=>*ZS&#bKJv20i@{gtl%HOrUR<)LbQ
zg2m7&)dMJStoq$@PY{-o^P8nkKJSu%K6%sgRbO&+y5MvK;t`1vb8BZFr~x(8%5R#F
zw^$6XB;nn~l$&tpN2h8!PDh<zBD}MA+-c=;F_G<EugV!`F)0S^O6l*|#@~pvr{6UA
zfW<8&nUdLhARmJIIJE?MdJ85L5g{9cr1;^FG@=I*HlM-~wGy5a^wATVL|(a?g=EI|
z4g*22Wv;i$EuK2T!r6LXTiV7SSCbtR_f`pd1&ji|gX>xe$Br`d$+>2?Tt)N?c~P~4
zS$frqgwO`PpODf4dWGq~P=EFp5*2d8nX%Sm#gz674XHcwzJ(@kIsQoohR^83@-~dC
zX><a_bB5!2=^g+4IY9gyjSnZ)HYIWO@I8?xUreC-@F%~gf@(RodcLv5d_krD?gtH)
zq(k4Io9(7_BSx@qZzZWIsgbGBd1LFDymp@Kn^9~IGmqHZ*|_9`stO>P0ddt_-0!^!
zT=>%dfYgAWVbvw;)$Cr3>1MGGSlXkRN^W+}RA`ItaE`=KI>w_siaSb7fTuB*UtG^_
zRn53|=YX8|i1Y7Y+a7S<FDUqdMS5xJ_iq7#3!BE|WOY(B+#Lna?B6%K{OL`X&%?(z
zoMf^$Kg4(F@MR3P__Dkt8}v{60M41_-aXI9+^Y=*lohZ1(AE&dqjoTt@i(owwcoVT
z$Ooct4P*`gt0WS3hbWrAcvsil5#dl;j91TpuGn708@85`zDTi@eFv)(-naCy+)EY8
zg_PoX+2FcL?s9-d`*%Md(!7c_!)w2)>#%mLa03q|vha8vW%O03zUH={mZ8{8(Do1}
z>J?hA-2iMUlLjp{JYVc=KSK#MnUZO<L3Ty=f1VEUT+1iDoVFpvo!7{>J?!^8QQoE3
z$y?*mZi4tOzXdciA2sv72cXmwdPwtntqE_iBt>rm)K`d<Oyz_0OWedU>0bJGrS7hT
z42h)fLG}hnK*=tjz@jREZ(0xEGyZ&i7<x0A;!R6=93`}N<Y;cv2gN+x{OO<?_?+&y
zmzxzKTdWVje-(FR8=|;%8nXcC1A|PNT^n1R9=!z(-W|Q(0@Q`^z+k1#Kkye!t6~7=
z2TXJsfj{N=uKag;Jb;2;W|&H&vVW_UN8Zw|{>z|b5o6iC{EvgQ4ZbP!=~8bHtZ-+{
z46C(W)9lz!YOO(-BJZL(;t;b>YCHn>7rTRfnDfvj#oOUK$jkLn)wMs@^T2tJ&}7oH
zxrm8_{gOy~vVH23!1MlJp7Qilfs)vjJ|^>ij0hY}^jip2#tsKo)8>G~j&xXc0_Sgp
z`#_a{2>jDpEZD4T=VjHp7%4|y0{B}9jmhwkL8P0ss3ns9J2MZd$X*Q35X3)WR!xgh
zuC2~og2KdpvLr$SPUL9^^t8>AbJMkOvu2j(;CJ2Wr^%|$Jlo{Z&6hcA@EyGv0KX}s
z@{`|%loU#@J}G?%QlA$`X&~zFzDL@J8#+X$KKX-&2LS|S3MD0xm9znb!V-`o$wQ{V
z;Q<%w4`HPoJ-UWr^G2zxU|XI%4hI(c&mrsWeMIMtnG^meRM;IC=zr~8z$!Imn$+xM
zs=po_q6|sodv%=C>ek^Tpot)FWE=Y6#rwYz9623is%#+b-|m~N{mmw$1w`#N*<R`A
z-g*`Vk;6&OQ?CK86Ld!s$08U%?N`J~rgnOoPA!{C@E80!b>ht2+%X{8F%`Tak208G
za{eHm23hEd&U@8{0m9ncNM9kC72gZd>feTY@+n)*+^27{L<c+q`O<~8H8AO<`Ja2&
zgT>Z6kA^36l2Xlx63AM@-8r(x4PJJfsKlAH^4&RQIz}qjb-;x#US1X8X%xgmEA5To
znQ-%P?YZ-+)??Z^`%DZ~V$ALzCcc?CBHfHv>;_a7Ome(#1G6?B-SGae{^+4a5sU`Y
zKs@NB>EPPFewy+Gdc|*y`1^GpUnIsY7UV#smg)Zcs2^+4NKIuU?v{TERQP>zQ`9F~
zPEIrPI-eNQ#?TjFH~+bRG)5M9>OIIa-3+?o62zMSiR?T6m&1d4rcg=pwbszc3<e+z
z{yHn;@yqKlgwgMj8oafDoYyZ1qa^83bwHub?wkA<ln*x*&Edc>ms?1$NiMIx<L2TI
zl=l=YWnP+6LzX8=+x#`0<~xGdplL!q6__-trtqoe>V}$VC_4_M(#qs!y%A`F4)Q|F
zn_-}rUw5HJG87g{3rCp9#W2FgB&@ET^Wu-~J?POiF?Ta+C5K*Nj+xY}Y1@E;NBK-l
z-L4YX?Ph03YVuy3l0M(cT}S_P04<Dtv59BkWpraqhFM@9Xp~$=Qr|<x@@^rghQu`n
zgJF|aK=No*!2FJBm{h{#MY&_MvnY2e!QrzC$3za@gD=?FN23u}Vch%QsySW9x_`Kf
z`y8bY1o<42nn9z7KazHDh^;NJbpY+BW1eX(=z5)z%~a)V%%3*Hsl;->E_v3StE8A&
z5)y0(JDd7wCmJZB#jW&>Pw35=>WlJaS>H2qf1e3JNX8`}vN8(pipU{7%|9PfrB{m#
zB9H-Mv4b?#8w`}+8Au759nI3*sYUpC^N%k$?3zoaDtjb6s_}IBsd_@tx1E4oNw@b+
zjgwK($DOd@>>>RTDaj;_p-L*znsQINFn7LRc9;AJqp`i&--(;}Jl3KZ<z+Ko>Dm?h
z1whw@0fv2%7z&%;e=cW)+;j(*4f_z*;#Su)x06RTNyD@-H@r7uV$WJ}$|nk-=yU?Y
zE*E=PWiz>yb?_aIGnm2O5Z^K~!ZNkbo2v8znz&i1^&b~5PQ^6w^V@+or?zIdBDf20
zYsHjh?1Gum^OSRsnNfzPv|Wqe2GcilyVtra^CaihrF9Pq5dBAOwWNL3!JHoU-IXMt
z<LQm$(LJ@&xbC#WGJu6(xxSym8_8d*hA+4uU3hJCepuM4WJ5_q&9U&e4iMdS^m*|9
z^6d2aP{RhBlZ;8t#&ct`#zVQs5`*-XGkW5)26kX;p8#4`{A*s*b*XIB%YC=O+LcTK
zu)Zdp@3G(DOs5BK2cq{(SmiU{^s=D!AUcgGKPbx-FN~ampR#vHRSx?1dtj==kjC3Z
zgsZuRoSrACoTsnnBJV_hY%6@Jp^J2}h9+-%9EJq!P1?wot|BU0Xms^GB9B%#qoOct
zyW(8@=ZtTs?SGcG_|u!)!ix64D_688tLPX;9t^t-y8b??Iqpi~dW?>@nO?(Rmx&Rf
zknZ-(yC#zMkWnbQHu(FsT{yUfucQTb?5>`y7rXH1_ue~@Luv9CJ=Tm=Voz<L*`1t!
zdYil%{S47<yPBeNu9?1P8g!)Sg|g%iso{A&$_DG}O=DS3_YFIzxC5njeWi&dd2xQS
z1w$;a^342$1cyoLKY4ME4d!lKzKBq3)vca2Pd6Tbq{Bc0m!7FuEt8So(uckK^cEvn
zQC|g!0s)`mbjExFXksNZW_zQIV0(o&B_-ta8ZtKMv<=r&yi11Nu<Qy;IxKLO`Ma#1
z(f--9e%14}0f~VS579HBlKzuay>a@~*Q>tPqS(py8Qddi<m8bGb<jDtWWcYa$Rgyb
z=NbXAhyJ#@SuUR!8MrV?{&`jQ_V_Je5g|`+SOQ5cmVeQj48UOG^={)3IEV2BuJfo+
zi^0VOC4=Z)SyF)S7f)%mr}KV~F@*JR+XuWo9X)b#y;rZ&zobzk$~ULqgnFI|@g#o%
zFmXFi6ItY8{p3QeAjBe2H^d7YZ3gHsdgZoCu=wroSGWYryNPyB8}vB~Q7eWx5Ew~#
zo6HEe`=J5s8V(_s4F&@xbxHn%BK{zmT{ASpwb?am;KX6!sfGs!h-=7aaB&;U*BW>3
zp|82!RHUwC@Il`t=2FF(ezRR@xsx@?r^j#$KJ5+sgJ|dM1(<w&fjt7f-g5}DR!X?{
zcqG%NjB{NQPEnhCwK9)ENONs4H_{R*5HnL*Na=xr<0|pK%L&e!_;&r+`Tnos0pqN3
zd1`~F@$G{q1;{<Zw~u-~N1eI&ledR43!t3bbfGU(cmcv|l4;jCEPVj6dskMBe<_t!
ztahhx;~L5Fp}WNQ4XCvfA&yeXG@^|d&Sx}mTY+2x+PI)u%rie=V9BiESC;{y!69iC
zyt9@HeWX92t1VA4R4c6`Zsyz<9JZo2F|Dq(x2;_^b^g25{nBQ^e%7LEBkgR^+&tGI
z&}QE@{le7B-4<y`Jii^V?6DURe(X&d7Re<8l9SS9xwe<H*1KBYt(u$ta@=zr*(a2y
zrBY(D(BO_DkGQr+=>$}j?I37Sd!nz_8WW$AGe6p$hH=U(+d0z;;4U@x2pDt=Bz?vO
ztya?rgsur^ZuvRS2`86L(VJ$uK!)^=>jFwpj>@wK0x%n2L?w4WnTDsl6^>=}Vp78_
zGtFF<K)s|wZ6kf6eu2D7Eq_vjoeH@aSTSthc#zg2@mMtKv!E-3Ku>iH1nPZmH6dN`
zI1f=LdM%WwbpuCXZ`U*r^k7%UB~#{Ri7w`3Od#=CG(C|bdqTRZ?xa{`GoCAR^duN|
z<Zs>W#=D4?bUT~=`vbX)7+S&_Ytm=1=G_k~Fvi+kVk*0X#bEXgaTBBrYfPP)K(aTl
zgpGH&fw~L_l(ai$1pX)E=-w^gAL<+iGV*UijP*?{7ws3|>~gltx6I^9Z^Mct_GD{a
zl{9iQHB$2ZJ3~I5+UC29Y$f3C#vczec_F)#)NVdBp+51)r%()IFbaa{bRX*a-|Al|
zzhtMKSb29Q(iNB=a(4-mZs8<KIx1H-D!?)FJ_f{RM~J6vm9Jo+K3CKV9m+vdSO4T~
zEwI_MyAoNe9dWjX842{x$&Wr8*DupF5JepmJ;#ZX;r~SgmVW&I(Y;f&<B~x>>;J^6
zSVzyBC+9uI>>bKHJUvx-|8MbstX%SxS;J2<-nb0bGblb#G2j}EBK;KDnW}kzrzMla
z4q9<-A`%!jLf9Du{WwAu(xhFi!!l8qSX8tMyAgP-gDx^QZ2br;xm;DrvpZ!5SwH-a
zu7OKRgz~jj=cPaj#WBt82^kPJ^MQ9UrXM@~qqSi~zQvQ*csI`sZ4ZeWr!WYE>`&y4
zr!%B59Tth1BzL3vcUPx5ad(Rht{*T=D^}!-c{Bh)O1d$AhV*H>rZNh!`2Xooyv+G;
zv~b*`zwOQcf)<9q|9{a!ije=Hg^9c3THRar-*ulH(oO+XfIf1;zHHoJ&6rz>lv$ts
z?{MKi%0UVXW-UOaMd{q?vWVf^21`4_-Cy0I&1ZbHq2KMgy7Pd~%wDY?x)Aq~3pP2g
zGYV3Od+jAl>*)&HG)1E_sIUMPDn96D<gAN~ojE!-Eo_~ZO&Qh1VQMH<(KZyZYADUK
zo^SfEp*>-QG+?$71pnk68S^mR%^s!za9<kP91iWwGfzLoAMl_<EV{A#2$ni5wcuSc
z$Z~s)3s)5rCD<}QF{FWfsPFT4V-HMa<^G!W$sa1>;5Ax)WCai9i!G&=v%MaxTlV$)
z)BUnMC;koR%bR1uL?Fi~b#)iE9jRE#Ll=<5$~-i6%Bn&(#(3=@$L_qJwtzW4=8xRs
zN<cQ-_Tp(GoO@KQE57i)#S8OSTv~I>F1zRAT0|0on)z3ho!a;z@{nPtn~3Jgs_KbG
zDH1l-tPS16yavlm6~xetgjI6}u&=T~V)3sHpK8m2?A>}B-j{V+_8Cwc^48yjkz9b3
z8}%d_KOAhj-tmqx-f2S|My(W0!(2JtL98J0oTk4JRWn^y^~RaHHbbu7jHA`hWRf(|
zY>7^ry+GUE8IqAU1H+~r%O}2}Iu36^=}#nwe)kq2rB=xI{ynb2RUu>j@ooSRFQ367
zX_onXv)#<6c^QQ{<$$9-Y0v6k;S-7e2|UBbRyiD4+r)r&WTHf<e0aP%(JRhqD7i>f
zeCvTptK3wUoA74>%Y+nl8gB!38f|Uv?ZUWpoW()h)75fMA0j2OwefECn1EI;kE|uH
zZ+ZX8HW5^|t!{#miNHe;IQgpDz>aXEg|g4uL$#!0v9A`Cdu@=@lNsu|+un^;`iIsZ
zdiGrLx8wOWTttft1$#0K=|X)t_64f@9unx}sJs)_8Zw60ebh_yNr@KnR`0=*7BcDb
z_H_H<p7|3Cd1FQSJTEL9&9<D09b_Qtdg&a<EqcK#PLoZ%E?xmj^YvinPf>L&N<I<$
zRHBS9JK#j;OsTS}5<3NU9m0a-Sy`C*yP)IC-~+vukYYW`p{v@>pMbk@4DZbiP1NHU
z2BCs`4V#_b3%_{O`JZ4=BN@BS3o1~kG}^DUMyU5s<E?7pq2WnPUhqhbD?$tnXJyE`
zk>1UQZK&w)FES5ht6pMvTaEqm%+HS}FP3j4A2;%bOaEL&h<+`@Ihi+$bHA_N;dbLc
z9}Ro=j#N&=p?O1ZQ_TgZ&s&Q0VHwnR<@n@1ujjRaO0lLmuAqC)=rVKYMf&yTC=iUV
zQak?kQgXYFt3`7OOx>F2o%pvg&;LGa;`TUj)A12OeRrQnefH5-Gn1orH1-6n_!ivn
z-IA)jC2m!UrB`N@cbn%~WN^iA=Y=Pw;~eS`{REtCe?$F0=SC0vzA=Z|zW?&5KkwN}
zZG;kJE>UUTSIsbEE3}(iEoIkpmPbB<)Hbo^ODkTW#%EIw^e&T}NrRhNRHNIq;(ka-
zVXtN`;2XiBE;Xf)Xi9q_H(g@|e<$*=X)8inZK`a{8d<DM5F);{yL`h=w)nLwc79^c
z>)kqzPXV<VsVclM_#jUxq2tj;zIBTZy6BXI)p+Nm%v@R_lo!;G6l?X5!mw0vMI6XZ
z&&QTnzQ8zu<ZK%T;iz)W)z$lgMB488#bx2<TTpTe&qz96Hb{*qQkV~pDOz^}m-K^l
zS&q7R>{Gxv(tDbu;^&S*(vf7=1t|Q7@hOcLz@W;&>)XB-YW^~YsL6Wul+0Pw8Ha@r
zwJxN6fyw^}96YD-;M#5+HUF7nd(iQyykdgr`9eV|m;e=ZsA2jM5k;(-QxWZT05z38
zKC~0xQHlYM_p<LXV{|?K{7ghDSa?1&bv^F&e7#Yko8u$-L!xrbxh!Pnu<K>ri|irU
zJX{H;*oyu>ePPd_WTt7Tjh|%9<9yi1tv+EUDo%o7iA=|#4OO{Xr#xz^Fx9W3@r`<>
zXN@iOwwA*o{!FuhYcH7u;!JLujwYdV;fJAoQJ({gP-k@psw%xywre&i??0tt2ZM?q
zW&bxol?jOgRK;X9QxH0=_pdnIO=xwsnd;0()LJ;&dKpX2czJpI`+-cG^I#9<UFpNI
zeNuncu(lu3EJ}16*UYeCUW@5x)DF^+jz2w2x<(Fft)V!l5`sA_loF-xN}7zhab58g
z1&)=dkr7in*`qCK#m&EoZ|72gig$5N9%Ju29Q5;AE+tB*`;Jem10BCYm%KS6pJAM=
z9@(+=2J&V%i;5?Re=F^dMD8nd-y#><&g0|18&*@f)9?8k#%4Bj{;kXhWjOOE;!P2k
z{rC6TJliI1$HR6hb>BI0{~f(j@ye92EH!%aZ7^f<Lp@HJ>gz=OmfR#e$+GM1i)z9l
zOX^cAA10t}=kUVi!bHu)Ket!=a-9J$Na%TQ_v$>ahmb_H?Mzn9`3@`$i778Bj1fRU
zOljrnXEjcA$@*(MK`|}2p6>5#Sj3APRzPlb!Rgw94j$8R$91Rd12ltQFKeH3xej{J
z;`?R-T*kmel{$T5<oL1z`(eXt$@+s__~<@Pwznj9Hkc+`5GJ902*)%>Q`Gtyl%#zn
zR>i*;V7kPrRiXbYYHDAn&RQ~y%lk}-RaN{PRV4$Ss{T^~tIOEY)~9($k`<NghY>`|
z!0CoeU+z}j_q$O8!;tc4U{xzZa>$9l)vz~_b^gbf;-^gPoZ&&W1hrCEwQbt3JN)(m
zWc=2OLt91@_12mOeoJkH${ki8DmxpB;x{=_+%$C&CuT=v{5_^DyGYb!<pJyHw*e6|
z`h<*}q4Q@^BD^eOl9}E_Ib{O7B%tSu5pA%{;s&I#d5e*DwLnDP8IyEQ&d1JMEjLPM
zEbS#r^U55Lnt|_JnwFGnegQ0`^R9Nu93)66`Z?ly&4F2Nmy#k)Z{n)*Yx+oAT%Aen
z6I;glbir$m;E?Nv9F|4e3l|*;nAu4FxlcFdI%Yr(J>&xzK>Mn&M$%W$1kA(^l{{vN
z6lUFQuAkNWS{^Ox@??1*9_qMur+qVXq~%mG{ZKu|N7fM>JW_S-<GZ$N{l-y}O5e@c
z|9F&#+G41HNjD@#X1y+uV~A{l*Z;<yvxF!aq@n1oOIl2N`nk#I@9sJ>JCdDItTQAj
ziTAChzE@2X9YlP7%sG^98&ArebfLCIHion|@_wwCJ|$HX;vD^l4pzU<ooj)A{5P}O
zUi1B^hl<I?wgIV)zjU`&22|JB!2X{JfyHeP6PDt6Pc;Z~9Xbj*rJgErzhZ#<s(m<%
zzcECWtAOWES3M@!pHy1dM_QOUEzE$nl6og#vItV6RiZ>MtVSRb%a^E|+sV&hGSTmJ
zsHAmrtNjkt5kl7|izr$#YT@?jF|BH%Sl?@_wi0z?UGnJNM+@`|r_g?`?LYh-SIVm8
z8m$#))C~FWXxU|&>h;=CE@qZ-kCl>=tm<s{_=}{0X3CAdBVipZirC0GE7^Fe*yczc
z`vuR^h1sctKnf)@XKd@L@Y$6*qTW1zne)U6(vAlrOL6gtz@`kDEphARqSyDbv0ykn
z5|ejNr4OgW;yT4Y8(#Jf%79nj1@XpOE^&9IYf-7U9Cwyn#0Mx~2@U7mh?D+l5_ZqT
zDSVW_7m1+~3?3tQbotGe%<CSHq6F`NPZvf(FgY_A^cFQwswbIHX04&5Qy5?5j$&}>
zMyoaK?g!q^UB3lS^iuk`I4*&;F7$qGP5fH)@rz=!_2Hc`dA(0XoLuG)nu^|#O?3C=
zVVkM`WwmP!W9K*T+d->$7*7bpBLAc2t5Om0Vy~gbyg##iQPnSIf8Z6|=5yZk{7)>7
z4l5P^iCADeff9r!m{s}W?;Ok!csTzrTCAvg-~r8aYiVNIk@8PYrIJSbpJ^I__f@7l
zLT0Q0xp>nBX!+v6RN%eVYMr=#`f`NC@ZQ9?VJp2#zX;P1iwe64$*!^8;N5(XV3!Er
zA+X)~wT{1FhQ<@{cnVMl`=Y1*KLBsR{{`S}D4?H=!%SQ(M{SkrgD6=5>D480yNfrH
zA&K%XA+J}Vr`^#UhM5B?gqn$zQlIrPkMd8Y(ZuQIuby#M;dnc(WVALqx^5#V9YlRs
z$ufa@3fOazG%r`$yMjd<n=6Mqk^fk(y!`Ydz){Ou;zl7iq-kY4_gw18tM?t`i>$Xy
zzWivOQ(CK#s6u;uoA&|XCmknlbQWu~l-;n%4<BiFapS!Z@`Fo(z3qSbk{XIW%Mn?x
zE_(^B{2HjiZakLQfNAs5l*#NpvqwF2-P1#_5H5J&LTEIV{7{aA0!Kh<8$@0o88lmR
z_wv6W(zK_Z#SM%x7G0^o9|fH1aF^bXn%pP}?dMS6D8VA~UdFQSpG`Vo!OoHW!6+cf
zrr32LPYgBxuYo4Vr_14=ZU_f>$WP!yHzO(N2cnXWoI%<~A*q4k3vQNxagoLo-b*Vm
zFsqSwK?sc{ges$?a<Ab349DG}J(b~{*&w21L=zTDDqwj-Cin5*)DVVO4-nL9Aet4`
z=rKH^4P@p%?WigSM(rY6!p<UuFD=)s^@`ypz?V0e;y=@MYl2S=$>)^KWMXJ&eQCSA
z>!E53(karUs1=K0$^APJ$*7TsO*17!&2lCpgG8EfE5yG}xHEe{5Pv(c@@qquvSdw;
z`j6IAJHaIrd1xN-ucGS<W?;w1kK_F4ht)KAjtP%aiQn$sQ)(OC1JCiRG!y*7$J?AL
z!T$HCHaY)#>i=`>@Ba+n{$KcALpnl2!fJ~DyoI|O7#V7nG&nFoLqqd*c2)-r2IoCa
z$-x`xL^5k?xPyX&6@b8^qM~lK<fpFR@U@~{XTsT;OHO}VTieO`ITJT`#J~Ukb9et@
zqn+phFJL94Q<9UDbFtY~?kWQg2O3a5y^ohTGxYw`;NW0HOw6PL8w*e5!GYcQ1VA3C
zRkTmXkrM-F|4m2hb+&<ibaW&wBa@hz_|X}9Tls_*dr>~UmbHfn5AV~*k6#`1yuDwU
z>wUJOF=rigSNFE%5Ec%7jYH+MKh1Hp68LkXw2Gdde$VnhP%&|SHv(g<n}`8Cag?#S
zwYgi83W2C==ovC7G7J_~EZd=@D+sN$_Qj&QZ;wNfZBG5}QOOU2s;B<_672m<g8boa
zZFt_L_bmqKJ<S<r^u5XN$dzNvI`z;f2nnU^YJu7cC)EFH3`W;(k}xKwBz)A$zgyse
zt1}01KE-J;hJ%?o;vk!XUcInM8b5=P&)SEf{;G!|^MLhTr$VzB*mON2F7nsRXx@T~
zCwj^#TL;dZwKV>LS7aAHw(G;E_s+b<A;y03l@?R~N?;z1#UAB|PUsRZ?eIHu3>{g#
zE7TiU5k56T=9pcDSOdu$gG~)dyUDgtq82d&%t*d?mXF8Wa(kzRia(K%kXT(UogtB?
z8iV1?y&5C>OvZt5G*C%YoG#kZa9LVfnyjSl?W>LAFx-uepfp<&o*O~}6b9Nc1``R7
zkq^9c5bx>Z`YNr^UVpG3K6bD%5F9&{eiFxlLA=tF<}$bCs}J2(8ST7dnv%RpLbG2O
z*CNKct~Hm_!*(}*KzGcgCsHry-ER9J;XM%M+RqU*`<$5<eq$d=x3EpJV9&^7eL#fm
zJJ=Ip68GuURsAU~!O;;B@42}XDh~7wdP`8!l3-K}+>)0=Ed-(*@KGc~_u))Jez{ab
ztIC`vArtbo51{(Hi_Y!XDE1{d@4#Hj5?~RxG&JXhTVyhFOg_w+??q+MGY%nQ*9iy~
z1#eIv^GtSc^>huhW!(Luhp@MXcka~uV>yzA1Kto7uhI36#Q#Op;+sQ5lP1*Z$K3T}
zW<3~EN9s)<<CWN1z<MezIU6e_2e610?Y@!j=R-XUOMV4+^2PN_ytU1hh`p%KZD=X8
z0W_mMMDN~{f^s>T2Ds$uX-?Ulo#kX4B$A3ZcQ+upt0h^G6hDI!^IeI&?4+=)*4HMh
zt1Va6vd>TB1#3<Uv154We<pr@cu$%oOG4FZ!F_scP?O=3krh@Z88bb3bK-^6D+v^d
zB`l|U_YLK>j)2m^_ZbXqqkXvFx!6<GQRve7w1M@-uQz%b2CD%!zo@OK?}_MfT~&GK
zaYT%lEy<a>ZT28VYsw!Z4~aEc1P<r;mF>ucn{h+rDrk9KUd#!bg!$SPCqZxC5y67`
zBd};Y%?#%9*kMs`HG+;^-5Urks0E9CmDmpA7B@q}E2LaD8ys*$t!b{8I)jr7>EarX
zR(A+KIr(+uFL31n4?nt$8f(x6qhlccjvRu7mOXmsmhyg1(w<$Q7ssvDtAX1nym#o`
zg_qYL6Li@x@ZJpZ5WF)-(YJW}gr8ijxS@#>Vt!8Akp1o)IV!In^JIp>YUUWGF{BWZ
z3A5x;ba+SHSR%SwVzt)s`B;XeTh7BhxRu+2-c*v`eAUEA{~{EtJ8``s+?+Cu`+L_X
zm~ZL3`y2^Xj$k+gKp>3dSWP2oJt7*bdudm|lfrzZ`F1r~1L%<I0AH(j0=JhRM2q4$
zBjTC(T6yW%X(j1&8@USF@>Y)zd)s{jyh1G#IWzpU?f^l#LM|Xt&e|B!_;zoCWU0&%
z*7=}Xh3E*{Ucs2jNudHdv)1~}eyBGdiR!1X+0Snjie4>kKTsadE^i)bI{GD_4LnRE
z6bu+@joR~0)Ee1^J3QOGiL#|FtXWwS<Ma(pB6q`;d2DQlVoa}uZ`hN*r3@;*Ws%3~
zy;`>K5_Y5RYt0WCe7mEHHAf^IUa;X8d2#i#Yl?DPj#sk%-?p{S<1eUJciD&d*pX02
zdR!L{?Tei5=9Jnsx1?aH$ct!3p2p8B40_ogRU$AXt{lntoHl;d8Gjl#A4u&hq>b(V
zAgJ#k>Y}8*g?**(|7M`#AajO@u}@G!C9p~^<Q?uUCX;Z-e1NORd6#5y!XoQ-%i1ui
zoDvsAD(}lqQuUAgAONX+kFa?)HnuP@q*@~Vuxb@7>*7LJe4vNBDuN42sya|51j$&l
zcxrQ*0xtvA4+HO+9xrDCPd^4D{3JXCqa7{fT}$rSF1z<<+3gni@)f$m`0Qpg!;Ii2
zBLUQ(ilsw01XN)nH62-~Utb?FMm)#pxGRvj+!OqZVX6ebLY{Gd>=cWw56=>kXnrQ1
zY3r`wHx(yq>RI!X=L;E4<!J<6|LJ>>&s?ql9l`XxYLO{wh``8yuklFcnBTK0J4IP#
z?Ms#NuGGra%2rMwQuW~!A?LSPAc<vRwDGsj?*6yoV0@%KJqGs8$p$Fa;+46zXS4AV
z+QLzLhKEFy+{&))gx%UuA?3b~rC4Ilf<TQkQVf_G@G;q^_DGza1lsr7(!MC_>qQ?(
zn5XzzF9#-aZ3xCk)*d@IlQb|RK1%bu)AutX6e}9-qHl0Kgvj0kU{Wrq%3E;KY}GaR
z5zDGVloO9q*}54XiScz_z-E8_>w0Z*#i3~E(rZ|a#U%k+e+yrd>BN8sC1S+-rG!{-
z&rOciN>T1nI{$%43=JsHg-#LFr3fB4o9{t8r*iwlv5$f73g4n!w^`)ibfAtmZwOSE
z5)FSqP*DpUbZ<{1b)2<DvFC*^Vl3q>jF<M<x>{hxChIrsVzjh?Y$;CAOx=(610+u{
z33q>xhdAY|)5`0s8rSUf#jm)^WPd)0zBZ%u9bN2laP&GFMlt7UZpoVKCAC(wBG{5c
zf3PqIaXNcr=Va3b%PR`0mh80F|7v`!KO$q!82{6C06SD7&d~16J;0b#9rn%Sy>z3m
zYQe^}7rpbYb;RFqU8wOr!rbC&D6*aiYq_89@5fAD$`vXbV|AoJmFjn>*_zDR=k>mJ
z-YIEm3Asm#@;jfvV1&9(ic*=r2}EIoxJaI;QGKu)Zy<Cx<y++NWod*mWZT<MP^l$Q
z`Mfi*-*T#>WcY*y)4(${n2Lp9<9g_h-wpui8uw#`04#Z3lL!H?b$J2~84!wF2^uFa
zw{>5To~7Yf&D;HBa6n|@z(aBV%;>~DxY~QhN))5IFYyP5D(%7}?-c@QG1ayU&$b@A
z=JB^0>(0(!=UPo-*KX_n>kE%N4ZM#ip>8a`5AnvN7Q{YJwCBG4f$i9!6LCYs^_-V_
zy~SNbQ%~OXj+$D%G(b)S#P!qeiq0YIK}{}wI?4M{8mi!taQd=T7b|1FRM->|?yMQe
zq5jG~qxPU#$_-hdko=59RTnO;1gIDm9nb&5w&$Tguo(O?M3F2%bp*Sq_r5(@*Pxk;
z9r>p=lJrI8=(!s28ih6FUUk@bd_}Tg6KOPNF=-d3cW5#Z>h#<tDbi`~moBmlo{{e#
zK+xrLxmpf!)oogcKY7ama$d`p5sY~}<53pP7#np!*ObLF1?Gj-@BfJkquU1a`0_+=
zE1NHp0N}3$^X&^|+m=iy@m0FzU8{=$Wzv#DgEFGzC7C(^o3QK`fD+ybRM1?tYJcvM
zwZ>PNHD^oNKb+#`%~+{`@I}KaJ4e(<KfkT>^Y(D#2NmCuU~~!dIkQi^Uf?#l=f_su
zOVv1u5S_RMTyq_dw`K59vd?gP_nM3>3XhDrD(y(Ralb%j0mgjlCwVfPTdQ1TR8HB4
z`B!K|D|VzRY?mWH^7la(c_2G{fo;_lKfxRCd=OMU^jSPQai|f|+x2Yh@9&%0gQZ9P
z_4DSiCJ;;3_I4vquCDOS^vlEXD1`rX-ARHZO;54QR+Fpem{Zszj&O$&qNHx=6I?cH
zFu)cV9Tw|dI%Hv?{|Axvps(FV`gBje0AmnCU+tpBr=$`lCG7#7`t1r#5gMQMza?iH
z+F46S%zo;E$m>3CgMIh5XeJErsX*S=LLX;lxH}y@;m8UTPh+Tl4<zzK^1xfs?h?)=
z5`D*)njWIggG-d2+jLEi0MmnPcT8cz5YIg+F>QqD-#|b3!XXhaLhtQd^DaRT#owC4
z_coo9VZYe2os!+F4qDiUqv$7B@I9}x7Dd|sRlpJfd_UBHA<dHMV>PemSb+C`Uo78u
zhm456I8o&M#=MVKwa;O7d1|bep1t9tPSwNktI002cf&>;n&FoXDC;R2YDr7A-NcW;
z!v483Lu_Ou87WV@UMG{Csd48;3(h*l@779x2mt}~cnbrG8FOMbjyz>&t$zCrwi5=E
z+)1u%=23&Vty-BngmnoB#aDBKu}a)Ux!u;D#VMhct6rb6_;zqnH2XW?YLdBI7)QUd
zgV@o1b^A0LDgDD=x~|$DDv|eZU<=|pJb#s4m5EK_4Oe{W+0FVvo_%l4RSdMgHKdTB
zf0d@O)GdGE(JRlBeE8?yXOdHI7J|@2aGH$&ax(kX(gT9sTSwZb>Yy%UT|Wa5BYT`R
z?!Tw3KNw|h<ny;)&FthO6Oie^xI8QSg#(V0BoFGOXB_v=0le<=Lr-(H@(!lb!PFmJ
zP5^`5x7F}Se<5{Oplre9F=m4jmLpc%2@@Z49Y}k2gvm*q1xWHzkYWaA@RPvFg3bP=
zic|J{Aug%f@Ae1!Jehl4)4Z$SaG-NZ!uyDYt3+9k19X_%QLJvVuFzs6Bg-wGAS|x<
zA)*I!?jof>hBpcozOu^2<k$Oh;QO&{Op5mC!>=+$goL|s8GQkw?BpKCKffPRD6=vY
z(*6_AA54ls`6OC(8R>@d?-@ij5ew=n%A}v#uZDL4k7)75^N+de`B6qMPz_6jik*o`
z%j*h$=$Fqai5Z*4$=X0TRXxq4o?sCptnE(PpqGdW3Rx8M?^JhDWK}g-LdU|IXb<Ga
zi}aiu`4Q$%BIqT`#LzGvxUGPhaa5kMZ~(A*SU~#Sx?9eZkeW;u3(G2_R=Q4`TGyV^
z94TCR!F~sgjh|d*cqDeQwBTSYH`!+lMg(4hH;R(=M+7H9RKWTBOL#4rG)`fhn~i4t
z=;N^^-*FS>Yh2I|{bRJe%&rPDj-BO&T*40X9Z_?J{nkbZOCI@H={XuU17S3g#v8Gw
zgyuX%pTmf|!~UT4OZ>x)pW`&LZVqEXL>%*qK=9fgvgwNzWiCzAk<Ji2j~2!!=%7N~
z|9iDiCqR^_@wi?;lRMAF7b;A2TwmOH^UOohreuFN35{=mnFt%RI&|uSq2e_3r2z)z
zr>#OPIFuBqI!BzdFkOlWoLt)%z|ds_D?!?E{VX_LZDD37e~0a&6V|KBRiz+lTixyV
z6C|?>@(6P_y~+C!)dx?|?P%K|*4$url-weTWWwrW5=MB2wotB4v%0FY9$&iQ<0XSZ
zWxT7<Fn7lLAXT{Og`7C4*co>k@7w;N_MR`T4)ym#E7vCzjC|80&kCzZ8h(5XuAV>D
zE(aXMLQMBy$;z=vQ`_2b0NDQiD3X53{8e4%<i^C~%`^Ti_pv;woUF0-Q{-KFEC&Zn
zVoi74K%Y1ZeB&$#Pg_~f3@BAl^hg4nx2RWZ*^<SJ53W+T8%}h4B-t<BnvA&#kY}&U
z4|;cZ4F_9kcCs|Qb^w>BJ>W^lXD7az5tbY#SZ_o#t{c=v02$0Te5p3S?{4epjvB`r
z@$i`cYN~`8A0X{_`Hx=uu3^b+VxBFFCaWJuXLH~<b4u+Kd}(8OI$u%VohtcYUU`<5
zuope6Px%}6<&$q7!gInj8XgR|xQH)k@m640WF$D6_5k)GdhgO0DES(pv|jf3sp|cB
zb{bE^7xKNfl@zUB@twJHCh=I`iMrAEXu##(-{ca~+l%YVL8riLx0e_&6z+bd8>=Q3
z&kjCf5+`-^%|4%FFeC1M=b=vK75&U@e=HVT9Qmgm<U8*-O|p(#zF{M*^f@(R1=>Sf
zE&-$p%vPGy+saRr4%&8@=HLA_JHj@HpUH+5NHFRFH`9wXjA<0@l9@AKQ>BS%3Kw;%
zq3HcdCB8FO7~d_n<>2v4i3#>Mk6B<qKgppkaEIA0)}m$@pa46PsV})hpV?9|zGI@(
zWk;@M$!d^^jQR_yJpRk#x?S5{oU#)mL|g5+ev<x`<Z?$5ncKd*-2TE|;xUR!3Q{{K
zC<PPB_&K4Jp<Rx%UWx6jRV(dZlBQsIVX8kfY~~P1mx<sj0F4H?+0UgA<#~32FWntd
zhlDi{2}-7NCil&+*hc$L|M+Vya8pwW!OeUwpTTwfa<XdoG9eAGXQZl>(6krc?Bn_h
zbC5b%?8%I%9I2Lf3jU3T<Z$oNZGTXWT)yA66?i?7bJd)-Avc+GSz*OISMcUqEyiO;
zu`4fSAv$BSjnG}<I&-@HN3N6<iI6+7lEV#N@;ZD;c)cbS(|;LTdjQbTkaEe6MZdGg
zdLW0>=W-!!mu6=?3=^kl-VE;SZ#oH$#;IKRjK83zY!_P!9ns}{FjHPTwl^<5l&_H0
zGi`UG91=XXc;v@vOLk#aY=vhGB=4x3N}OMLe`~I*onK?NY@7BUEO;fr?xi8^r0`Bv
zOU2kF_7}XNbJV~2XUb#9o4XNq%a6)*y&1==-_15gs|g7Ly`J=jRPaQ{N0dg|?9D^l
zKq=jKkYr6mkVddeH9nndi-FUa<}E5?H&4lKeVeT5?EPaY8R<}myqCuFv8BY=yD$Sj
zDpSN&`o(cX5NuBYAHeUH^f*oGY)PK6?6z>3tBk^F*&6@7TN4{(U~3ZTigM-;<Mo{|
zJrX}=d)vGI=eb3|IL1Qcc2i=8itHr1hr;@J>i}5G;FOkLd2+)&?giruC;-$y^3S0~
zAnijRG0(Q9sa++GtCrrId$oj@YfGNBEzk<fw5bEEAwqQ7HK;$DX8EPb?+Xllwu&|~
zuHt&`tO|m|@>D#xm7I)(_xrhDn6a9)eqZ?>Lv^Ppde%(8Htp~6s2#|_8#aOV5@8?P
zJzQ9MH8cOXJoU#3>nV9m4SOLsDOu;0HD%NBEVf6^+czD|G|SffqPPCPcNA>r)>0Mp
z`-Ktluzbh$(2Ay$7~?tOu?}KkGgc&cLmzfigjbHgfQOsKBVdYfRYZiMR>)9E>+An&
zDlsMHwd1lhN8(L@oh56s373$(u2aHQN_u(fw+Ta9B|1~%FqVI`ms+fpp-fi?hv~HY
z!tTGmR1Klzy{@SDJ9{=ne#<Y|lKrz4;Ix4Iw@e(vJBWOSWPz2fj~ZlUyR}>ZGeZw5
z;ZTMYNO<(S8Q#b9TpjGW5$N_P^d{NOmjRy)y9ktJZg=^H>EuS3zK^Lf;STT6d-%0J
ztggG{mfOP7b+u!fEg#voQ(5%y+JPA_m7V$HHJ8=YUvaXGD)Uq&($k)K=Mg5O>B4W{
zKT9N6;V*b7+ZicaRB9GbfXa$L^KLKNxh&y02RMLQ0#2#i(MBv+Dd+kWM)dQnrSfp>
zGhmzO0WF(*EN|L=AL_bi@Vl~>i$zB;W38P=odSPIB#@S8H_>UoxV^;e*`Cx8w)8bN
zg=+JzOAgk3i_(75pimmY5Uk$!Q--c^3tL~%Z{Ya20X?}ZpI9G+W1`5U--(W8H`BpM
zA@PkYTUJW;@8nX|z=B!YH_gpq&HS4-zJIV)hC1c_>C!%gUC9y!j-?<P*fWmwzmc0D
z45(b4Ga05)qY9>7QrWpz=MfaxaANNZlf@LJMU@D~`vDEcD>9kbs#0Oyx!7c{u$*=u
z({WcC5QCC}7bh%tHb%U^EM?Fk$7@Z$vF@xqH|D4%%zssw7WQTlHp{ac901I8#b+{T
zrj`QzO2eTV6YtZq#bg`l*&&k_&*)x(xbHs@wu`cZ&yL<bKaZA4U`hIDxOxB_aA{oW
z;_plmYisH>d$)BgP?R<0>>)`_Lmc_|wOJ={nzGK?vN?xL3W8KDxfCdt-NvVg6(CS*
z|CuY{&$BC#raY=)9?jM>jlYl5!PHq`6+>PQ)Lq&}z~TuzYAMu+{37%f&~`BkTDSS>
z6E6%nFv|&2Akxzu`s9zL`<)SHDO8>FTe|suI^W}4?Q_=n=7{Yx)~(2Iy^6gajO_{V
z0y+Jx$+YD_+tHt)BSI2s?q6u%wAChM@W+sf`cZFhC`t#CbtfX=UteLN*44qV>Zk}v
zeO~-1sGO7<QKgFga!CUxXhz|tZwpx!%$Bo<rpNfL9YrW7FkEuYLh*c7--nmlZ>N~1
zSI9_^o?6Z>8FV8y=}{Zw{IK$-lck_TXxIzW#YiV5G|IPK9CKJ{sZyk;@r*I)9*IM@
z0bVp;i^#Kd{uGcGRyMkdRHj$F4WwdkF#pu>Fk9IaTc|I;I|F!mjIWf=uw8K^#J~b=
zS9q%Bh6GvDFA399BKlqW2V%$Em57Kocg#w~CraFvZH&r`{dvwti9vYKcn@gD7frN4
z@f02qXYF~FJPT)V&?LEjmVJnIS1;dgWBNdritBAXk)@FT1PZ?rs*TES7MLP9M-58U
z=#h17gU?aW?QTq9EB=;NX;Wspe9INpG>|*rWE(xkh>rAEvDAT~eb+ZtvWen#v1z24
zd>3*2=r3L1y`?W4=;8WV&;EWYkex?Wpr%I4H>^P)j!1aUk|o_g_KLk~=HF-HjNF_3
z%GfQ^xY@UU42D4hqsd5e2+u<vj9sV5zgR0H;*fKD*cY(#$d`XS%g-+19i>@XKO1o$
z@+-!EC4Lt>P9J}4&lU$#ejyCJ-k-rdfF%a+nioZ48)#v5tyPlMAMoY!EL1yRTsW7R
zqG7;+JIgjNqOo7^Zy1o(W~Hvnjei)71vMBoav|mycsC{(-5f-d8>p=HCZblL!a(0f
z@sci&og*U)tLPCg>5~lIi$nhGEh$LdYB#QmQCjr7WJ9+bZP73l$-XbRAgv6*wk-C~
zjhtuj+4Y{_ZLsS)g4dS)u^eDpnz#MQp?LPwsc2(_^>IU2(I^piDP%~X=bamvcW8dH
z&|As%c386aS8~|--*JwS=AL)CsnUzVId+pH`CD`(t%rE6N3TxVC6ezpZ1pq7VsWvu
z#_Jz7N*u~uu!Vj8QdH$gspu!3gC{}l=}kw^8heOZ<dir3;x9ec#=Tj55zn`;D$Hk^
z9&|>Q`rG<y7Y~q&nL;7BkL7GyLr2k6Lkh|Xz}fFOTd}1z2oJIRSGU_24u--^?%CUS
z`Sujqy#Jm~5b^G6@fiw_b?fJiPE*B_%$iaVAxdXaGsDrkqQAnv9%=ysqr<<K>paAI
z{}oyY8hf0Ib;j6O36odj5}2Fra!sdy%HqiOFWMVf!FUT?()d}74Ae$OwY8U|SqSBa
zdGUs|B=FLAd1bdRMz-gQ4P*2{9`VZfASd~Vqx*7o#egD!rv<--bdIOj@%fgYh=y+!
zyYikg6VodF_V!h&(q*Qf{yjhf35-VFEKLQZuv_1y2gEZe^#by@)GQqQx|g<9aD}P#
zf5xc#nu?y*o4sN%+YbK=n|Pa5LOuRr58398v**E|Z<!nitT7nKO<=b^+f=;k25(L8
z^$3+qWj|>3!h*jj`|y+?-?D%>u{tYSk<UibJ5^^?SGI#?+rJB6iXp`>a?-fuKp&}d
z4{9uBD|ajO@73Hs(_kU#9EM4L{(QU?lnAI6q27mSMnl}lY7@Ss`Fle$!#jd?=rA8K
zhSI;ZV{8R`xX>0#SB>9$*Zcf<b8Z{fu>ax8#NfJ3g`;d8rRDC%4}|?gVX9cflj6>N
zvAwDS>h-^W7F+K>Rw3$cW^`e-n0Pv^<hE4X5_1UG*a}=$nj!Sops&UUS##?C8vl0z
z)^|Oz=ciH1ndeTbI3aLPGF?Jk*QlQgSM1ihjbNKD(eW<{+-bAv^%xCcO}4o(Jqs$=
zFVBP;B!;!c@o3R`kQ@;X+(2%0m>Qk!J2ob8Y}D&qR`~Xny5_V|5mr>F2gGj)SnO;c
zpBWx%`Psm-iamK*W=8Ux*0VDf(&DHC6&uJ>kqy{+m)Y?H&e}l}n{^nyJRMuy7WV$X
z#g}{r$z*c2Zue;FuQf&*=P$p5T6x^d<G~l1qC(qSnrd57g*mTGSI8rBx=i)WMoSn5
zPX+h-cB(C*4-OQO3h`dBp`hGKa(PPkGEF2#ndv`Lmbq(ovbY(WXO7I<q)_c`?wO`n
zSU>zNW;<H=97N+3eEq!>3b3A!kC1yhSa18peg%TO!$DsFuw<nSj;F*ei#bHCnL?F$
z{4Du_zERa$o_p>$hbz}Z1xY`uCwO_C-CZ9eNwd@vK1Cr_MjSJT4s_3<3qDyB5;tKj
z0EMeo_yD16hM@gh%@Qk~RF?Aiy4{aLr_E#Z5-#1&$XD5m;K*@NEqS`JZ3&eH73Xt{
ze`qvxp?p6=zs`8q+Y_;sF7TK?_*mFWbS1v%YYIH(k;sstjT6(jr~cb^Pas%@#Jj$G
zP_2?jkj7srAUxM-a>reE&{EA_;rn|MzSbH6PiHp(#Sg+<yU!nr(!Nz1zjYqfcbX3f
z?^6Z4YtNW><8Jz8Y7P<Ax*^;wc2L=wnuP29m*r4z%D?h3tzOMK#4~s8R)*_2Ml=h7
z$)c`EY$P=aV88|K+=IjNjBid`)1uaF!MRErqSc(l#mKb77!Mn@NQH5233IznkYXQ8
z_KI(ZdleH8A~utWt`mGk&5ZOf89%)IeDlSSQ0BCIWo{tD9FQ(ykERJZww#Ka&`-46
zgF2GnZW0ne`tW@2@n#y0);b)cA~dcPP%9@49M+pIF&mG<aTym%9KW$O?iSf4zwU7H
z|0anMZ7$h*{`aql)^PgZWLcO$z>yN5;&rCu`%foxXoaPyaBDzZwiE_*;iy}<b8tQ3
zW9Fz#99Nd+CPij%3V-SBnNU#3A~PP<@<vIvl;_g=*cBY|=?8{knn0~F42H7_m>}Zu
zACci~DiWhsBM8_g6NDLTRDs&`cQ%qU{4(wh*wZKdNRhb=N$lHlMF*w)(Pq@v?z6)^
z4hZzP<)|d3?}}#o7=B(pU^?3pRg)hM_e4;;A@?H&YXdmhyf?mT_Y2+8O3UVRp`?hx
zK29@a(hDjVZBa|CzTNPV4?WZvPpT86z+vO;qPSQ@wCZ~R+rmlt+zQqqM*L;|eSrsB
z#@yV?@G$57IQ)Qz|H0W?1=P_*QM!MW;KAMH;O-jSAwYslIJmo8aJPedaCi5h2X}XO
z3GOhRjNGTW4^t1k(9qr0-Br74@Aa*hKwOLtf)p?9M&`9Z+nJBdo@EA|lYa)hL)XH;
zg_1^9wobj5<+a?f@PE?$|Ed6hYKfJ?eu*f;gTNE>wdu3da|BM5bcW>)SbEl}!F^#J
z^Goa1=I$yq(2o5W0y~WtFIyG=#)B5Eg#clHtz%SEMP}Ar8Pyf>$u8f=+cZhqOI9w*
z?L(f=7@@jAu?%BwcD8SAEnE7sudlCT$B@dsDwdDX`}ZFY$%sF{{`^nGq~e_;smD`K
z!2bTAo>S-=Qd#UDlEnPTo-4r?aLs(oQE#(6UvGsp4L3?dQ@cIAOg@5<-Pvg^b{kUI
zl+XJesxoRXZfT2(H*!`QyZMeXFVj@?^fLiBuD#X~`AnAB&lbCEctewxQLe-%#bz4b
zmR(X_0Ji2?Q}JvHce<Q2oSB!%7F6&=fowyIE=cfy<;DH~l&t)N)B&*T8&ZtCI4pl9
zh-)SU!B}KDr_n6;^-C_davY^MYsS|EEO9aQ9nKH`YCjr)eB%ciX?v>BCGqmJA9l~O
z{nriAOrQdmr{RGc_D4#OtC$`B!O!^yZV}{DOKGjaa&Z{#PgoQGPId$oYQNo~z}c3d
zBi>V&fb*lHhRc*!oJS9ldiazss@LytP3qF>U)IA#%}C-6{}u|_S@ok^JCED_h->z*
z=EvFxbqOBOGc?8Vy`sc{tOCMo0Dp<iXaOZ;>0{0w0m%j0DhV(r`5DCYLco;PwLOR2
zye6A`Z>a<3AA4IDDB-{wH?|lOv!MJ&ZiQBrJ`qNLT`8J3k0cp9uT&gN-=t*0Ql?}f
zFdJv^idyx3zdh&zIxgKRT&0_AM>AOBfo$aZ;Ue>|U}hJniTX)d&zC+=t}iqH=>RIG
zwMJI8olaUsfVxB>>PyO|WT4UYPeZbyPX@kZoqp0c5zIo3c#SPs<~fp(v=A_5zIAcZ
z!;v63vtw0}-uG6&z=QLXyyzHxfREzdhX^Ykc*jb?`JM|l|BQ$&t*mD05p_2@wc9am
zeKBUlU{v~|7YeW7RAF?zsa@KLEAsQSpuQyAlfa(bM|I5Jc7+;W`&tn0@$sSg*y5u4
zt*gTUvvb9V*d*NxUQNN?OcbCm0L1`D@O&grPrejz*D2HO3Kkavde38@Q*R!-khyAX
z;aMfp)(>ORH{adZ848JfOd16r10IK$C7~t0sB7<*mwrf<9Jp8U5s6rxThrBF&?$BE
zyV}`(xFOTfTP|d9Ji^V+LZO$i)_Z(bL%qx`1hl)v@mIeIEKI%!;l3)+uM!xIJ%C^h
z278A%Tclg4Y<8bqSm^`_yM`?pmTAkLc8=HJt8#nNpsQy5@F49z*19jxUrRPS2>w3E
ze_9gWw2QmzXs0W@tnaH5Q~n80z5pZd%cfB>!x<XBs0F2g3qZuIpsBZjHI^@R`~hBj
zm)4Q^Md$|Yt%9chOC5KgpMpI-$=ILE2i&6fgh^vgv2VgxJkr}xKA=D6Cl2DoiDzt%
z_YfjjE(OHY+*EH|AzCdn^#r7A@zq3la{4x+5#NVA&?jL@lC#?onWxn6g>^h3o3WYq
zucxaveWvGe_rl)^{SP!6PS98AePehiJ`n2V3=X5@K4haER$*Ow;3K5Im$nFfbpmQX
zzkuqQ<Se=oz`Wqksgfs6^P*;JsHu|lQn?9@1H|=?ZdI<&->O!2=FQwK+)p=$(@mP}
z#`35hIACC|dUCgHjMiYG{HnCHuS1Q!<-JolTplQo>15l@_YHYWH#|DLZu(1Q)agOx
zKUSXkOgD=mq*8^nIzAzd62dWNC%}`b{k_FiixWBEPQ>cqqOYN_+8M4dMK17~r%bQk
z0u2bkRGY!>J3dipdgVpeRGOwvh|n649kOo((N<BvJOZVRZ~hkR5B1N4j0p8OsV(kf
zwGgpqeIJ<xv{lQ1yvNg*pL><e0Zi*<SY@iZXQj2~9gVT2U^_&i;~bQi%@kAF_N>O1
zkHN39yk%qa0po)J`bu)>$kl;I(>4mH2)qNkiK78X91W-RIkW+j#2-o-qw;M5+bms6
z4Ba3<mM~M=$VoAt$mwq`CT#c)eRArOD*9jtT{$UUEO0s|23^KNmQHU&D%Xf&-Psl8
zD8gKyS?`1SN@(zm6^d7o-QW-{m3xLy|6?|SQnoPcR9U8|4b=qo!ZshHGB6Gba1R_9
z0C{VJ7=|GvWH?GH^6;c9VNY?gYXgu!YH0~scx9u3(!~(fgk{uChw#NDYrk|H&xK*j
zBw9#9b!WAL@RpKf0^(Etn}oThfn4ZEl>8;<&i6s$s0k362m67zuW^YY3C9hswdmE8
zTd>IR6DM2I{c4+ao<$h6^u&Vf3ANkg)rNasw2Ea^xm=vFjXemEYO>&S{+?!zcgf2}
zpTg=Zz`--9eX?9VBmG)eZKI2}&-L?!{XTTGjCtg=k#YOP!VZs$vz%Htif(VXn<FL#
zwCJGRvBUms7u$_S#uR91q&o)QLC}KOB1=_u5;4;l(Ew9N|Ihd+B3cQ@YiCKUnago%
z*%?GNCZyo%0s09fz`7NdbAerz<%YufQ}k9&PyXGRI51DN)7Lvbki0Z^l4{)Q@9?wB
znS3mwFw>3(ep*GdTnKoT1zX-J0Q&{_2GQ6!V(T?(ki3}52F4F@{uO)s#mo)_u5l57
z?zkW0!tXwUxdwl%^3v7Cd?3T4p6-Dzs34W8QqEkXVK$qft#8=qx=q&C5wW&D{J-TJ
zYon3{>6?t}UKz@R#jgYRU1x-PnE>t6qBTs$w#kGA;jH^{UciC|&sc-msg%GIrb7RA
zhYWv}Cn6^ER{v>}mTMqX;C2!jRX+TZG6CsSo^$1)F3T|$DO}4gm@I1%)5JhA=_Q!<
z@??S6l77z`-)QS%03oLOWYG~k{eYK-+z&cG7my!g&CXGYnw~Hm_At^7?c>!h5veKV
zyydjkYq*9R)!`e?NDsp%Gvw_TIAC&uwJ(RFMd!uOP*Lo3ibu*>%e{^+y4B@bCJH&E
zcqh=8FMbHB58C|HWFP2P?JZBQ-B(Ufb1>DA8fU4n<b|nr>N%*b?xYtAGghxrWqHnb
z(`<lt<#8N-OtQf6I>cL<;vT&-XT5P+7j;bl!!+Q+jaM#cFf<u6A9394uk6JIGRvI!
z=9+mK4_?~nLsO53bUC0_j2M+Tnm5<aR9LsH>hD{e^&EUT!8S+nUCQD=uF@JjK!f3O
zaA4nRt}PHry}8P042+1f3qf%4U2;Mjb~AVEce-Nf1V4H*NPOeZXu7ao|A>{SsYkl^
z9naFcfuQ&I1hnZhL@4t3XtRr))PoEbR+6$sjX@S6^BdJm%U7_wk9F9H&Wj=uy85%^
zKS|r13{LV5ebqgl*-Mio*>}QVXtLZewo&Bs%L;x|qaRKi53_A6Kd76ejx_PxE7`L4
zVw9rg;<+I$Su>ETG?<RApNw{{=Nb$&pXf=%lCg|xVj1vP^k(gHS|BJ7`*VdDBY5g=
z%=AKZg3WCqXbd+f##X*ujW<00x+k*8ekMCaa*1u#9^<FVS?$^F5#FKG*;QsG$$Liz
zrY$HXhxGFf%^S~zSm`?EOG#Kh^Zb}TMbmJ=A6N%auluw(m=IWULVe9g73}9Wlobg%
zgQOGk;qXPhr<oQHQ#Sum*7_Qkdo4^kT-h_LbSAU!5gLvfikADZ_@~B_URml-90eop
z%<JBs@_Pa~IDDqf(-X<7D@TgAC6ON7SO00^qe)J)5HHZ0D%{%Y_5Pqtiu&D?OZ4pK
zm@8j%p2W~7@uS{AkkobT*=hczjxznoA@|XL02}c*N-^<)t?U`+^|(3(HW3mm?crY`
zB0-7Bnth4nJu2!ITZ7TexU=bt<iR~mcx0~N0A5-y5>#2?tiCqIA0wpO`F&N7jqLE_
zdH{QJr$6r8UuLX#cTiu>LM)klO?@N_PzG9NmsvBaN0m=oum+iGdImEv#PhEQZl!I6
z-(|8NOxtq3JK1F#Y{YBhoz534F=DIJ7}_?xDNVNQ>ld=4<C!aPJyCFJc}A7JmBdud
z(pJHU#_>YF9jQ@cv!Hs0NoJbwc^|v_jKl3hXkUJ3&snsI!Dt4Ey^(+*!G(b%Gb;{S
zhGCBX`G3Dg_<(*mOjjgwj){d&%!2z(V2U^FPHqd)Uf(beUCKhTfU?Tus>{2fhL+IM
zLF$S>JDrPqvZd-lJ_)?)XDMF{gx|u#Vl~kuua3L*A=L5r^&Trt1cIE6BKr=X+hx@~
zv7mc^huT7xtL$?n0E<Ji7lH)Hn&O|ypAD|RmX6Mea8&-LPWO*9uwxmswVD!sa9HaJ
zeJ8NEQcFY<^t4@rkGmR<Qpfwl>NQxobMfIr%z90%T)yYQ#CY03%d)GAqP)rlY~+<y
zPvUD1?pd8~-&I&=56C6P#s1?|v+5QAX@xB6-%8KMh=R4KV9U+bI9su1O60l>a`3XM
z#qyT7`tIZ%?uS}hwU;o_ik3hmX+3vS_!%tdTZ^7mYIgBQkh%jNySl9mblJ*GPMwTM
zF2c;Qy9aTEqx#5qS+3O)=kJMX47+%hG9~l7F_8%aByaFt!|~vQE)3bxG?rF>bMpsg
z|Gu`+v5-lJ#hSNiuscIX@tTIL)Q?~{JR=!TU4)!tG}WI3h&}FD+zybob0K8r*e5;q
zekr9)-xAhI4qlC4Ql_sgZ-uHP6JSxqqF@DgG=MTPu(&M+-_#uTC8ZMWC^<FZ8xv`%
zTp5qQK5|&MSqobSN$?>dlQI85mZ0R=m_ioZEQ_4N_U3szM#YV}0c~mlW6PN%<P{B=
zmhbEh*@6G?HwU|3H|ueL*>7(7UH7SnTB;#6<`(-MyKrG?7gW>E^nfV+uO=S|%f<~M
zwumTIWhhlASn6%_&v*QQE(dgJsPSZmvh;N_vn?`QPQmqp4E4sTtNBs)UUTYAZKZpU
zlyzCA4CyNksPyB+C6Q;<3gBW_oEtstuDLLA#yV_?Swm79*Qf+Aej30Y*Fv%l9ncft
z<>|WY7dG+$hhJlx;==>0mDA;9flrsnJmBgc_51_4L6~wo#|4M*4z<BF)xmji|HaC1
zR|SP;2|vnXK~r{!w9@$kc+}Sl5xeG;2Fsp=;)PD)(did7s13XE_)X#zf|yK&jf;VK
z%4-?U3Ko~`xhv<IGGQsM#H;gz9?LV_EiFxdnF|&82pZk61U3MowvG5?WdU2`y{+*_
z`@Z3|K9vC%NB$=N*cS&-Sb;i=5=;GyxSYwA_t9kjr5VSEodJzLG#3NhsbcoL^m7eN
z*Mx(!qJjFnWeuN^0{(ry+W0M4^~v!TJN+$GH%^`2L4GgDy;-vA`v#RU!=?d;NP%Ef
z#RSNv_s<A=QE^MG${C4S88g~XP5w*68&@@p{lQC${)U3<2U;?Ho-E<&q#S#L1losk
ze-PdC)shDvZnBM!K2G1iru-nsq5wI7FL%zBl!w=>#P@`j)c2Hs4e8gFn`EYAUU`>L
z%DI&q$wdnt_du?H(4(2({&I&p9)}H+7fi#<$&nqrdcR6VnCVUdDISvM@G|BVjhQ{c
zhYIME0qF;gu>xS<9N2mL8|=(Xo|>(ZXB(PnB>d%(gaFk1ZELY74QbL{$iZsnH&wKY
ztx-iCtp%3Xx6;|vcIutevqa|`5(L=opx~h91a{@wb1HZGzNwQbF*^POk=)aFZg75#
zo6XrD?XlzxLnL7J!~~X8jYk@z0$KD|Jkv7P^x?Z7dz5xP7vVM2=La3Y_O(;EGbqDL
z2csg|+)aFpuD+KkAxX2xLtF!Hr{9fG)@1%mj>1oxUH-UL&&!1pW7U|M4;rz>#WGek
zp4?@{kA4p#Ipl+hfcdfDz=KDWkCsiFx5DY(-y4!3TgVLg0P*3UtZ4ikymZPv3<)=U
z>Z#F+EoIDkB1!B^(Z6h>pj8N|MWkS#JgwN>+(u5SG~hRH8+7o~1LHT?&Nnlj@YHV}
z&7PPpJkhq_-O+~2&ehQJC9;{`wIPoh&w@OY*zVC2djl6&IJx(GTFwkkRQW59t0DY)
z0gGR}x)iL8%u|_%HMjZ^2Qp%}kgDvf-fdAXZ`lTO)Uqr0)Mq-5L{yn@W{wcv+r9Tk
z<#w|}VR8+nPd8e!U)*EaGm<r)ETE*DKN!@XP}UP?B7r8>i~?qnOLf^|N0GI603%Vr
zWaJkPh$}J2a93bC-MHIj;P<YD2YK}z&0KWppKUwt(YE9tuF<ST&8(7=lnc&+N2%96
z)mwH>u6Yopt0ak|;r)9nOEa(8Bus*(N%0o%rTTX#;ek_zqtx~M(qf!}qFHwYz>dq?
zwO~u8ovIRY&v{ywM;~{y_+*XjgtD>%Ha8S*fgCC41G&Yi7lVg+#Uwk4<8ztUYh%SU
zC!OjF9fV@juGXonz+pNWjl<YuB7L!2vnh3(`61%B{I2Z<O{^`Lta~Hicm>#)UX4DZ
z5X<W~vbwilIRA(!d|nOO(+A<C?lkmpi1%=$aW82%={CV)kfy@Jt65*+7;ULm_O&H(
zdGh>u8>kqAL1NHYYHVb0O0LOe!^9;bdX9LGRbb<=xhK15m$Ah{#;k#+>D|XxrT^Ua
zZ6YDii?}xcR=*M`I=tsyak=wIeAsF>=U^?q1wZB5YbAQ7Q-fP947=tv@~ah|$O}qx
ze+Gxu%ujZF)ZaY@JAc7E_bQmz=ZWm3$Ew_%)aUCGK5wnbr1yJZaXf~L`Ci{ogGrP=
zFZwA~-cHftm-~h9`%Nw9O5hUa43FW;qlZh<lscvwD+ohJE}msq9Ftpkht*m=xOX2>
z|Hw_y#R?a%2^`b*?q-x=r8;dypN-b-JSUqjrb+RhRN?Yr45eJ$dyf5KP$1rzKuT~V
z7>Xt|U$~iu>8SinNTl6;NZ6LdVN7IPEe&YuxQ}``lGKrq8y}yzf(Abfv+PdCc^bO@
zRJJ3@0y3LYtM2M^!%55ps+B{$0dbqqWo;vwHDvK0EIY);B3++8!IRPPg$D1tfR*g}
zA(z`ttQetduz(u&R|q}G0B3=;zIr|$f_M_+eJMEke{{hctOGU#qWRFTc5QM}&IDhq
zwh7M{8BZz(@(R~6p@FGjO=xKRp0F4%?&Lbw>h`ez>eam_9v$Eka(bCS8Ph0pLuWRF
zG8D4J6;G2atIk$lBF=O&RDpA56J;K6N9DMAZicq#JsrTH0&1c|REd<g$f=4cc~RHY
zwwdj#!VcXF$lO_|HoCIb&g3CGsdA={Hh(EL8LMjAz)14dHN&NT)1tPtYu@b10tsjU
zi~t$~1xMkb;H6T|sT+ac-xE?3Y$Bh<pDXXo0DD_dHj!$vV-mN$RV%j&dmyVO+R3H%
zVc1ZlI>1nhIN82jE-WN2d3rNv*}`(wrgEjZKfJI<Ml53Mm=wITw^F5LmmYM0Le9(h
z!ve%AaON6w6tD0bng*5_TTQw~Qx7nZsi_FD%m^MyvfYZZRe4{^h$~S##G&G`5IeC#
zJ_S3;0}6No<*sG=o|ID5o>@UB1<I0|+z8+^<56?m*+@gs*V?}Ks5oYB4+cz_F^rjt
zpN(3&yl(Zem6?uS>A&$eazl0Vcq=Z~H{o%t?{~F>-q_-^Qzj-o>+T318t>s)(_r}V
zk;QUE+iHO28p?oOp&yofZ>mr#akeF@v|}>;9+ls@X4hOj6N!}L6+vn6t;-=(%7(Xf
zz<Cl{n#byO$=9cLU@yf7NOBjWFIk!T(F9$ohRPjzc{BkQwkLoIRFqan6?%{?X4N$X
zuS0C`Nut-aIHuSF*1}W^GMNCI-sw59mctZ#*oO_<ANWI}EYC2*hMTK+T9cmd`pr1x
zYYl%KVGJ)_d`n@YC+ep-JVtjydJOl{-(|6SMJ!)w9E~V}PZDgzn0amcP?n3*0*IiL
z%NLNKPnn)c)h{T{qU2-RO89aUIgWHV-!t7JQYXEZ8B{V{&Qm4oYtD?YqtFKXCFA=X
z<vIH}EeC$XKB_s1(>g=&B=(qcUR^%k%nxNeGDG;cW8z)X$}F3ikL}G9RwSb-HAK*s
z2;?Jh27#S2{lh*`v-QUK)<}*VX-oqz>*52OszIW`#b@Zi3ii{jMlE4&Qjx^jzy*WN
z)}+=hGG}+;jFCz@V(c(;Xsa=jEGKK0PL%8Lnmv-l-W0wzZzKtOd%k%?o(1eEimAj_
zoiUH{>OpXCl3$u+St}=&%vBB|-Bani?j^b(HM&L9g(wQP(>V1bHTfcKvkn#$K{!i{
zTjZD%@QR|Fb$%F#JS?RH2($bn4=VX(h;vcx0#P_}tDCP+JB&{|>77aVNW|pyKljby
zaoGF)`~0@=GTMT-{QNA^c@Va4H7B7SjG$^6gU7Z;*6#2L>sy1TYE3O~hI+vDcT{h(
zg@6gKJ+?bU(y0JN!S_)mVJ7z4lqXS6peg$pA={c>Pk-;B)|ADc&|cntJ)0~t64m*1
z>y9q;_crOZqiN_G!Qb%&Ye}h^A0}izL1we6CUjf}0^l#>)pA}_Ya_Ei^G=FdxW3HB
z`OBdJx^h~FE%VQs^}#1_Fdq^7S`$8m$$!`~OUhaC9#nAbd)<Fe>G+hwlR2GNf69x8
zH{QA>N_lp^<K^r1xplS`Ln0k&@5d}ofB5ILz_DnmlEiW3;X({bi2a;Hy9LVFRf^#t
z9g9d+CKq{dVPdV{7rR)dSS;}s1wSL(SR8zDV>gi;(O~pa-Bzg=3<ine&P-NY`~?wO
z{sj@5e;FC8waZj&FoJImU+zyyHTB<)3(jZlj}RQFAN6E1XN#F>K&2p>8t-ue_^RT1
z_vb)9-M#p6Rg_<VZ$ZG1ng~aqRq-e^E<6INmB|vw{Ax11Zk2w())+=t!Qp7$p^y`q
z!?cDPV((FP93ebtpJAh2{XI62NV&tv^04keu6tDEV4{$KquzWTFNPKz*8BKVvQY!M
z6iTooI}?5q@=2(Eu60Ps=??3FmBaFNTWq7w^Ou1g`<=_U-L6(Br7HO^ELl=10e7`W
zN95tfV98~G>j*ed^l@K0s2ewXKM_4WLc5u`*Mq#J1h^;WxLLb{1pq#zE5SnksGrGl
zx!^Odv(e;cciISbeB1uWN|S!oeW9STD({9Gh5jX9bM(PX1U4-ypANgedwtkUMBR1r
z80Ohq(mH#JrP#(2`=k}XrtkHL)y&I^t385OY0iyk$Qq>h)S9ZCb?5mvDFehKzk)53
zUl!QY=h=$Bhswn+hJj<pdoW8w$|{5`AZ<-IAlhw50}HV@OsO1)3-moso%M3vV&K@A
z1lpkw1=>SuOrvn-D-FkEMjN|FTm>e`nyOiRF&-V4#|@by24$sX^eURpl{R~@qZNF^
zen&6w<Kx4mH(^`6GGrDxhXf-ilr+RWx76ab29zr7+zuR$ExeAGo~H&7T6-qMlo1Ur
zE34Iecf(fi_^tn3<}zRJ9CYfZtvN-&Y@~c+t9{0j`W<htrR9t(F~_ySxpE{$Iy)0{
zbQEcGukl|Nh8TL>+Me$TmxaJ_@3a(aa+Pf)-54(IQ3&0<ZJ;?g)B0oOcFYEeV|hk@
znr*fG)EtxH2{Y31@)$uukc$z<kcv_4wkw`QP`6h5W<-ZY!m+K8KLIUd#VP3$=4>ND
zt9a#lT3JK%Fy^$BP%~mz#=3f-r1*{9fZWCUhW!2V>QZA577j}RO`M@3uANWG(p<Gx
zWG7A(`GV4d!cI}{>QZlV0NVE50LRF}aN4y5chwoOvvw;i)nueLYD@#8t?P=d6<;v1
zEMJL2>7?XU`;gp1q|6?FbdRj_z%NrC&dzigUWB9AuV!jQ3j@9FE@_Lu4?{TSHB<@L
z7St@Aw*8GM^VayO(L-NV{;p=xH0x(EibCj(ih?a$`j2}7Cp%zowl{2iQ+3EZMARK+
z>D#21sD+nGoWJ~xqf9$tRT~XPbt%iBV@Fs%|CUkG6AO9G#B-pAE4SgIdG~gvSODN;
zfZ-i=;;OD*j{YDv<Vo#nhi`3f7EYaz8ENqHV$2t37=M_c`tojQ%1c>Zcel==0z-VO
zK8uLfqM3QmgK3P&)Lnc3CdZ4YJ>mM9x%OGfH5_p$eo8#+Zsl*p%v1FtY(4|0CjqEr
zWU2E{bP!UJ1~>@<sB=o#d;tJJ@wB0*UVZV`8j$g%$1A34>XiyZ2?xO0_Y%H;n1=69
zB=gBH=#D^geRjtmM<4TI&*cQm0UiLx|C(p<Ma7n-C8yd!c40k6A#$jYHj0pK2a@cm
z!26?*k&?Mw0FXqkCx1o1CW}t11$xumOo~w<Uyctw!Y5oz)O(#tELvJ|K<0SG91t`0
zLf31!we@IXhcA^FH^1UAI)<lYd(0aX0SJV;Z~kZI%7i)Dik}K8Q(k=;ZZI25hK{Z0
z?O^sU4w%6(#-7~hh|G=Q{zYHP)r1_3FQxYzdy?>$nD)*Qfl#rP=RPh`VEv*NR@R!?
zX9o0a^BB>i6894KSOUYGZ-t0Ea{^^@H@3?Ej(w^RJoB};f6o|ZNkWaB61%bJCmZF{
zY>hJDa0aSAk_cpYIP9)N#!;x-muqHth`uPqgLPhtzWT*lgv=YWznpPAUN%`=>{YlH
z$<h=pNphOZn-O{XUeq||1#bnOhE|q*^aL&v2H9qN-|{pl7mx5Kkf`mz_&fhRW2y;l
zeyD!88-v4?S^8THHEaMby5l9Re;P>7$82;&BM9Ep#*_zC+;~;V>Pk1if?Wl52k8rl
zd)1wDbOA5|dWV3t#afmyh?Cx)mQnsyKJMA1e@~jl(Yx+;@d!ZYTO<F=3Rgt@-z=Q}
zpI8q6Co#@bNR^e%mU@ADLR;%)Wgtnw{VlE}lk+b}@^6uV`7b)bq^|jq?SL@~L652)
zR99_^u7qe!c3}!(Ou?wM=m1oifv`m(srrH}m4A#y0D__O4zN`lI46*dG?oAejevtk
z_;^sJ|Cx=QXOJhFfXKi(Avn0xK*qrJin802`2HN4Cw}ez2ml}c3i#a-(T$f$=B&8_
zNL1oLmU9xDz`F|gKj-p!`SrNL!h|@+K^J8H&hp5~I_NwB2vP0Z;wRq(ZFBzi=6@6b
z_|djGcw{YnGdMZgR%H_*S7tZf3t=)+8b5}M&Q@}hIF~Sbp0P@S=pcwXLIYTE{AWkj
z0Oa=m@-~3nKl|6T(_A!7#rbJ#(FD@X$zC0iW1sC6)E07bTA4)>64WVDM@|Y9d&iF1
zbiDf%*7`1liyWdYoc*DxM&S!-geh;D9oSrdfzI<o3I^Tgp1h%kMmMsbKO6Bc5XFFg
z-@N?^^eZqv0Sgf2t7P?J(NF_$ys%6WY3;UjmL)5I80t{&;YdZ$?z?g8Rl)a4g(7KV
zgDr(BEHfHGaR6H3{U8g;A7T*J&DPMzx*~1OumrXzGY0rbceFx`iNtTfqx+X<eFp#p
zc+_*9B#8u*@^JhUY60R1FTj4L03R`eV_7Q1EHntJMAw$OHeap_?-luRqqLw|#?<78
z@U5f(?N@s%bmcweEupLeo+ceg_J?mB4jQnZznT%GB}YeALYxv^V%*gD!q&it8l2GE
z@$flG%PyABrSXz!?{>A1qCFVlpV#1B5l}<$5!jt7p{e(CD>?wO@F$PJFh)eZbPcxm
zjsTZX`Gkip3vws6zXMH`c}X0LBj|TxFk0<k54OS?Mt$Pq2ok!s+_!d0X$jatH=7C*
zrjBUuZvzP}N6>&8uBbUdsjR25F?4+R!9l0p71BI7SwRcqtyl>sST(f2o<M`Dz-QJD
z6o|6}tIs88^nk2bQM1M0pF@h17aN+15P@xpPxQ920F7pW5}Ya&sOb%Ogej{Um@-f(
zB-*>>AoA~}{Wy)I#!sILnpm=~UT8_HR+TH5WZ0_ehE!<C=XICDG+RNf`-wS0nO9Gw
zMPteK`hj{cr(cXt&v&b`dP-tsi(d&<I1j@I=4uwUzl+uas0yIC;@jUZ1)$=1`Aye;
zF7lMI(74SJG7G`msS_QXonxrK=z5>+v{Y$X{DDJ)zwu!oJ?d72)nM?A5uwbw>tq6k
zbXT`0{$gXa>*X%1^$R$mTxVdAzD3QgFJ0nI<omSro?i*+rY5Z^^g0v<I0D6>s3#MN
z)6#~{i;_T(``d?F4#MujI+&^s46#BLu93ubTH5(Gw+t_w%Y<r&S4(;SQ0yVFl)K%}
zce8CwFTXH#znP0T54p~twvJ91t3zN96BR$ZCzfccRD&~Aph~;+JR>2RG32H-0Ix6`
z4ygO_vF_neWMsEo4`xuF0-$|aZR5{?!(R{Lg$}7JJcV9`vPB-caihIqAUk~EQq_SM
zxnh9Od#xI%+c-F%p+hE^PPifNF6izIXCUd+vG7`*Uf{9yBY;n|Ty-mfJ<}irm*{>j
zdgIQ`my5`ccb)y39ft4vSy)XA_n;Xip@_W2N>6`|(d1^X<6`cg&VE$FW8RAGgkae<
znpiBm!roepR+g9Jmyq8BTcK{)VOgJE?G2`tZPd9STRL^-Q<%c*?dwj(>mJcljkriL
zqDH{Tf|?Ti#ejl)@KVNrT7zXD7GiGXgYM+7*{^|PJkWq}FpF283*ZlVz6-F7aH-_c
zs_p^dEaiS)J|h0aio%pIT8fYvV7(BpB%@UkwGB|+{~98({$1N%O1^c~1F7>neaw+K
z-L<o6E-Vjz-w<noZ_<}$%G(H`35io-WAwTDsmY}+&^NK=&TVIcq<`p~d+m(`-oAlZ
z9vCjjB@WyM6>zhzg)>`HkeM$dk)`f%HO8T6>qtw5!U!ZLFg57o@w84s1QLeSY-U63
zb*RZr#@=rCLDn4uU^p4<4ko2WGu3~K=44%&^CntyuACz^kIk^ps?9z?oa!D~%<hHo
ztz6deGo-!Rd7V|q^qOLDoB$xlFMcx{Bf&%!1%rvf2-zkSXzbnGxMK<6DUAK^CC5zF
z8}A4F5N#ArdS&I%G<^M@;sISmJAgzB)bM`edYUVs7Q8Zy81D3mtd%8a;Ht}d;nVKo
z2zc^@Jj1YqOHvTlSGC%CnJz!7Dbik)V<C_m_X7!56U$IAv-Z(ct)UE$#;L*9wGG%o
z=e)-@lmg8>x#n1uOQ2cd8|e@=Lg(WKMI^y$Z)e+7rPZqMC{ZMMvFfXDo~Zn?=}qlP
zkX!-AG4fPktciiNuuJ%f=i<b<V9Ml_5h6S?(e57|7^JbYzOTxxhr>X!L-)FO0vN^r
zrcB<60p14I%5Z+ru<2SMGSo5FI-=+lhS`H`Di>0K`#gYT`>T~}3(G-5<tw2bQq*-D
zHoL2UNW<efIeE->t^w-v*&hoL-H)jVc{ioJX*Xk!v(Zml9m-m|vydhka=aE@Sy>-F
zaS9-|H|&eX^-8c03qR1UU?8A(s^)JEueIZ}QmFc&H4;O|wGUP9mZ-IwfH){XMo07}
zf2nw=6d=_dc?j2edq|!<B*=DP3nj%#!E<-j&$d+^R|XTb=k**4q*5(a69l~(DZG4r
z_H!<o$u?TynJ&7-aWwPlhw38duX=#WKXx=`19v<Y4$NEYO@J$mm|36@S+nekdovMj
zK)!pM%553hLI#<X=dz!}m@PWFR&Fa5U^byZk?aDEx3IcrKooqA^Y&VZchYwIVPGH{
zHCnbm`G@Ff&OPGp)+klYSx|8(<b8}uAlfK&Z`}Thi;|!<%sa~<yV;d7=cg|SkDG5-
z1{XPL;3w;wJJ8xr`HD%Yc?y$r1qit}2_x=H2o_-wzM7>$<ib9V>{=tvBRy^MOb1Mk
zn_Bgi+2<E@$hPyB*#+z{r^|&4x=foDyKJiK)nS&Lm)b%Bf5l6cN~0lh4y(oCzOt5i
z+vATQZT*lD70v}9AmIEvd9|Y~ah->9n25GC-0&x-%w87`O&%Mzw?^s8Wpp4OC_Kg<
z2qYoQy)k$g`CEtg?nqajBp`XhpWmT-iQTs`O<1Z}%eB({t><cq#Pgz@$y__4rDj8Z
z9j4{tWWI=b%5>?NDti#?Q5?uiNrwA?JW~@|uMU6EHW#HF^RVcMo~sPOm+)0P)r{)s
z)!AIIE3)tBT0Hd%H(qu;l_iWYM1;pALWXLpN**V*M)7aanS3+Hu~z`$vh;k?!klNS
z3HvZK`nW-xE&FG|Pb5|+sX=$N{cHELAiX~P+DP$D+y2vlLBg^eg$}3o->H)5ZwRGW
zjFzmEkG>E1`kk#YSYG_I%O+Qz>QO;yfLJiHPKud)5JDR`$Cqw~Vu!Nm?4azCqh=5o
z*mEi$%R1Xna{7e-dd5%Ug^clx8V~Pkx&(Yg!$%j5#_S|{AJlB)*h_5WSQ@nu3XiWq
zO-gb|0}YyIX+J?dCK6wdk5Q=Nz^$rG+Kh(gE(`W@-+nId-HC}!l+f|w+2B;Ev^25g
zK~D8K8L<(bI@>ZZj{F`WB)j$yta%@Rj$WXQ*_dqUlvB8>hY_pb57CVgGJTS&M`Y`3
zEazrb_=pO)UA(|7Ojh$6mE{ld<gROem5sUCDqBe8;wUC)TQe8B1xo1gzsb8ck<ie1
z-E-jq!+9UDJi{Fi8L`g|9uQ|_KUrOj0tj{yvd*8Y%7|qIQcpR8A%7OO?^7VV9MV0z
zMupEo!IWLDAEsW;KeXX7>es~zMnxr8kJob7fpoxAw@*f<3(p_$>xvX&tMG8@Psp)U
z>I{3_&n_!ErVBh@Nf6js_3naU5i&h}^&?gPw4ME4lu|)B<W1Y?uEUm$vLY}YUwOL}
z!RZ<ot>9$K*RDyI{QZ@_-D)x5hQmDBW%6Ce4^Rev(%>(r5tEr_MoLV5Y%5El1|GTn
zmzmE-8SuYjS?u)FoAegKH!?khpHI6Fxc8`zPAOuvv8C=#b}ZOU#cCE$?y~K7cqC=j
zLQYVu`8H?PQGlL6{GSuM5k0sBf3ZSJ4!-R190=z|i8+-0=8Zz;#bb7@NWk`-(=Q^q
zkf+y%Tdbeo4G!7`_+B4Z+{c<E`iz?k+?#FZ`tp4G_(}Z#^NA*g?OdT~`~Zvj>GTwd
zM3mUaCAg)fW$3c4?iOiMdQ30SG(Y1su}!)8Q2RpjtoVDKUxn=;V5XU{x*lrHHdaoz
z-k(1}*Mjd~<Mgr5Iix)d+8ZxB?}ai%|Jc-A409>rlq*tz<Y01(ak5ySXW1fDOHc!o
zYP{;-x3+z8JdxCIH^Ng@@t}|k#Wc1GN<2V<Ysv^}tZyWHSXr7VKg0iccH2e9ni)Di
zw462<Rz=XBZQ0OSOVEa(Jk@lp(UN?*3Y(%HGb2_+zLM7Kq%S41H|k;78s^%d)IZtU
zL7O02kX}kK5k#nKI#y97G=)<+g}A3SB2EJ|+;4jB$Z@l9nuU46DR$O!$3diZ=qR<@
zmS9c8XCyOJPRJfDN@~F;&1t33x8z`DfBHvl|1#guO$!#%Ey>6+%96^s<tr*BG&0G4
z>byTeUfKD4QJZO^T@aQ}QF6rmgQ<m|i9DWK|2TMehV6~HzAOjry`1;#U?^$D$Qil(
z*U1>Sqv5`R7iet<YdyMD$RGs*ttJu^IrFs&pNEWr6x4MyM1;Z_NirB+PB(@we_{)h
zfhFan$x90HN7DLIXo@d#q>yg=hNjZ7UTpmh<CL?K@ij!`OmU@z+V2`W<h$)NKeuk#
z4Nxm)>MJWMx<=4gocXABVJgvD3_jN_O3I<s5uw(ftfAKT3M$Wk``g<89`h!mGK4EW
z@Gy{cs>7J-Vq_t@ZZm<>8)P|&Bo<ovU7RtGYdlUCrC#a#zdw4R{MV620wmBmf5><d
zshPF71*uUHsZNo#s5y1B3B79=U1CQphh&eDa6Oa?g@XdjN-|{*`Lxs`OQ`s_-E$OI
zw!uiV62|UiNt7E4hWd@vVX{f-i}|2A8s*~{(ZMBsiFthw_bf*h*8#5^N!DFQWXjOi
zf5}2Tbd5K;67gLRxIx8xJjH+${;x4dLglXrD4d?vp5zY~$-kbjI7o($>I~f?=Te|9
zEa<Ukg9W4p2dDZ2E+m;&WCKWQ@?tM7e80-Ffp%f}_inza8YpKRQN*N@<t2}T87k<v
z>f$|?CLI&*W$PVho=@nY7X{51dr!l4p+J+SFRm;q1e(XU!mj*(|3xtiF7@xP1|<S$
zEdIW2G(;Hx&j&5RWVg1a0bE8%Y%F_1T-?<lDw;X{d3-MviiU$joe7JMiFp|L_q_iu
z|MAQA&JGGHs&7Y!U{+RE%2{Wp20R?xtommkAD<KjK|#T^v@~0L`>9Xb>gvg-lK(Ex
zIvZ{YhLo3AlT2-5Vq$xD7dV%QkxKn6ON~Q<l(;zMLNx<By&Rd<Sf(I|jxPM_${{o?
ztf;(vmOxSLZxh0(NA@SRkd8~B^!+aL-EpL$G^LoP%qBiw)g+tK-Q7JcJ>AyPF;<c>
z90EZdaRYFc7#Kjuc@moi&{MDn9H!ugw3-zbmcAr>S5j2WTWHU%4Nqj$y;$#jN67Ei
zbA7~V<KQrhVA_ty4&I5wO#J%ot9%oFM|J7X%~l6H8ENX5)!!B2q1D1H7hwam6Zu<y
zU$up$j7UvGV9Ck%>8Mk$TJ30hoN3l1DB>wxw~dXW6X@@6+sNi-zNyB2O-q*$vSOx)
zpG=-CyWjgVumm@lcd3%3OOxJ0GlCkA95LOpsa35!InYn{t5At&r<whguCVLI=c~V5
zQ)a#_eo<VZY?U2K6`ZLSI&H<*7ZrcGYz~z4>I><~N!H**aef}k1miI+TSxa7R{yf#
z!(!qL9q->Cc&&Xm;Up1xp!&S_^*V0-@sg%+Yp9&}WRKKdk)UL+J6NZ3oaUWZm(Xr2
z8}|hpx{tRxx`MqQC&z3EYLMKvGILhVpBSXY`%s>3I3FqHz*kSo7PbRf`@Cfe9O@`h
zja3HlFr3<Zw%`xRz$N2Tx#IaW`0*QC;@f&Bi&r@X3<l*=rm4a3mX2UnEg!<&#un$2
zKig*kFGIG<JcO-FB?qk@PI@SmoM$LzOc<qx<vyc;*)ZMen^KLXizqqc^E)akmpLNx
zk^JJW41K@=?1u-A`<jE&TW5PiDcXmq%C1QUSn5pcuaZ99Mx$le3Q!DHwVkwb&6g-Z
zI@W6QmN0!gcLseo@-8ro-+i)X_G8kI)(3>WXFEwxRm;~zq2_Ubb*<l*r2CxmdYzem
zP<z9N6cWGPfpJ0pd9OZ|9kHYH&Ybq<LmWzp=H-|V%i~=9(c>+X@w^bjY8bI<%ckz<
zyo)`6q$#?tkNj3-N;3B0L5MUjg$aCOxxi<|5T>fNDW45|q&&4<n6h99sf9)r4KNmS
zG6tt<35JF$vyrNP#ikv4OGOuol{Iyv8sE=A$M?1)@dX$(3GF>bkanX4qS|zMF!EOY
zb#y{qmqM^31iM#`S&DdgLPcyB_)-zKKs6UBf=I5f>ongmq_dyRR1i$WI#%<Cc~7C;
zKP5-VkYi%9L?1Htnx;OC@)&QTlr2e!1wmB3_|_UA)UUJtv#;l84k;`dO%0Iq{z<DW
zikQ1SclEVa!Th#4Jv=o^+f_j{4ZRk<mY}BYlg2AXdJE}{z;#;}esdlLy%Tv*+EAT#
zk~g2>H*}-eWb)0F7zMpv!KKgjG!{hRrKNNurTsm*<Z|RH>fb4bw4@~Y<lXx8Bl_dx
z6GJO|V<2v+xw)6yI{_xA%v86yz9Pcs*Vm89T{powv<=LfukVpP;-qLP(1Vujog9#5
zuc1}HnQ_)U)V0##P>j{8exQgH5bS!{jGA{o27MKO2s_czozGzIhO+2gdJ<BY!{qCb
z9gHD^$m^3D8*t4r=wJAjS~6TSZ+fy7%n^2zr<`BVMw^XHA6_&dk~V_BcPj!}4A&`<
zJ|v=6{C(o27GsU|bAiczmfYT;CtbC9bYYivdj?i-)@bz-0+(#f;tTC>dXHaPsV!!*
zRR(Pgqz4T{#8u4w<w8c|9xVnd4U{Iuy1G?kk`GE38cJJttv}blEvEH!aXEy8nd9%G
zWl^0PDrN|#yg6o4k;NPSji{p)Rh~_A%S>(D$82|s>xK^iPnBboO_5|`gKz9Q?>9XE
zGHst>ZuqXlh{fMZS&k`2s-=sFi*hLn#E=^#n50mikpC3EK-CYvK_cT|j`C1fQID4}
z@~6A>koxuu#%j#N<&g4d%Cl;X*+*<;iPf`#e{QPo9kZYu^9L!RJ08B@FFugIAU+$H
zPz4Xdin@w8$nrPTr!J|;(0D>)1fNp{+s4;V?#9kf%CxyK8ghn%GQPTe)A(EMZDeD<
zTOk;#=I;4}BbNw}x1^E?5tL-KkxU&}Tp<dCd>+0sk}S5?%Lv8PjKqw)AKr|eUVb@G
zwPR2f%;?36rf;(vnVH#+A;gjKRiMJDB6<Izbv)y70;nn=3+^w2)Ch~Iu!U4J&`>5L
zC_c>bJE?0z#I+3APCJ>&cLkxgV{n-4*nu+_h^1VWLAD>^D|v`r8I!ZyA{zouY)n4D
zR@deeCts~Y8+pwx?>qgVd^eFjj5%))(%>)D$>+`(=ZG*xnzg(O$LupC-H2#j<f$kt
zgv)8jk|f6@D$2Wi1w#v4&2sPBg{bq?H{SCsUEZ~)opqv}JAWeCOl6T%rTjFf$yurG
z31b{ZPAwKcDKtb$Paf+3o9f*2tzxGR-%Q@rgka#OgS55_neRAaAp-vGjjzSBe0Dd#
znQ4O1NBqH-3&T>9#C@#MN&hLdF7vx=;>(+8z}_1s8~F2XoaEA8-cqDz=(!ZcD`!*3
zVSI}>g5Xo_@QZ3<c0I4;(FHRer~iQn=WN?XXz7PXwcTK+@F9Zu3LujWaP^|Xu8Qvk
z?ST}@U6)WjA}Kj_?9;{j&1ZRiPS^Kt-iP5C=Nhvsj$2M&;FMY&CAp(+dbJPtL=0bp
z%K2O|C43<`!g7ub2M}Fp&#<_M-NVg*Fp1W<8KqG8O{w#G=yi-;gpxcF?*%De1UWTy
zEuwFbnpQIY37LZC+hCSf<}SjA5QBCP-$(ru=2JlzfAe4Ut0u~SA}#x)W&_SHmz;s<
z>Rr|+%^yFaMNR6uRPsUwNy+A-<DZ2&X_auC=*ZZwF*i_3`uoRkCSEx7O0x6wgO|hU
zCQ<FFY09QYnMww-Xioowats?c9+*b9NRb`3WQJjmFekT#^p?kyn@by#n~phEj{d^Z
zPGQeU9(7Bh(`yq!*+>x=mNrhNbxvgLG~1^^;`==D71O*}oar>Ep|a?euk?iPPmHk6
z*C$^I+ETSCeRLUmi7D$pvVoDSgHrCiPIM_gLYFueji|DPyV!yOX}qd#RW0<)Rx`dT
z%~$N!bIHt_XLi)$Aqp6fJZ3@Y8^7e^v<A!;_?9GIw@=!JOC0HsOfNrqo!i8Q$A-ZR
z`y9<j7V;o_a}~iskwpuV)U?8-G`8fSdZ{5U2V2G=@@LPuOLlW9D9+=;_O~z13_Ycz
zNTB^YE)|^GUyefwwckn`s8=|+>_D=%<rZr6dvzLNj^6gi91KQ%PgNBj%TCj%M!E{b
zxs7RQSdUG74MZiS3N|dVN=i$I-y|iEyg#Kn9^tfZl46MvUChh-mmR37Sa}Y^KFZ9G
z90uR}?vz$Cl1gnMn5OaRz%NY%<DN%utMm}0aX59?HZYXYYfer6VBb=Z4x&({W^XbG
zSX*yA*D9q~vDu#_OpwJ9Q;;$*Q6XTit>1$b<lY|I)hE@t?{qtDsZ^~SvFKHFF_@+g
zw*Bd7OiSipoYJu`X8?z((E+62xN*3FI$wO0YJdC-_@O-V9c9Q?{|xugJdfF%pwSck
zlWJ;&82egub5=e6FslNTqHsQ{IHS+@jvPzSx?lFRE7uNqLM0TO+`D-O`IBiMx14OS
z@Z2Q{lOqgrv#3{Kj=`y(EF?HqjmM{B;a+v^pYiHHy=(dMG!;Kv_p__#F)g|FXBk?8
z*<jb8`WCxkmSN58zI9`-X%xD!b(wL4SP<uh0|{&H*LDy4dii+4jfT1EN?k0T_KRM=
zgp5W%k!AMCu^ExGv5vi{*S(JWXQGbvuyXNQ?fakbKGHZ4^MR(ZGDM^BI8RN}8zRZu
zmzITBx@7!w1JiTXQ#!4P@5mwvvauJ7)-)oN8QT_WpEJg8tDR+KKGvGaU+#{WOcY^l
zIdj{H2;WUM@Q}hOS+$PoaoT-UVU@RI%@dE*6`Q>jNlTmd*|1ER5{{fGHRMH@)mo2>
zQ?_(^a=}B*FVehF*a;&lf?wNeIQw6*_8VNisnJln7#&@$ClXT9IY{ar;}CjP>`ifX
z;FW_rN_~88?n-`fbJ`?}Ar%WkW+sJ&pua;yvHm%i`3NrBI}7=<-rYY8!;kwl7Tty!
zQiaO0a1%FpT-;5dhc@vE<1~tdgk3fH)6PmSzXNNJQ2tweskl{V*9CrgJOuq?B8jTI
zZ=c85_rBsHI}?_t4fnhrj!o}G*~E#{7OZpZi8~mtR|w=Bt%o3_c>QG8l;2pd50aBn
zWzM}7isb2O@BX7q9Z(e6xD>8`u&(1V1@(<lj$?}iR}1mFU8e^en1M2Su%y=b;^#p}
z>Nl?ZJWoYv{KKkx0^T_A^w)VL)?bcD^ba^a-^r*}{J5`9R+A?PF<f(-w$zgxDvD~t
z)Ta8*6?F_$9Z8XmUw3GX8!nT|VwD;-?YImhE{-=pn>@%jjb8uK8lme>5kC0Nd%9IU
zVppnC_T&1HI(&}xmwrRM1sA4lI2(`QcjP9va!x<*>klU|vIhMSM7z^-wMY|c@O)IW
zKBN6_Mv+nXV2LoE;EGw6LnF#6F%9Hz#%<)!!(VpgIdX@1V9I+seqXPnVshXPbwy12
zNWzi)0qEsXEIl?)7^gw#O5`JQkUgRLL;n-WB!}`i{k*%+HY=ebnsK!ZM!l002&V#p
zUJo!$+axIAY`dl}?hDJMu-aZLp;q}aNmO$kqED8qErcf@BiGHt9EWx5Lci1QN(zMc
z+L@rG)Z>f#ozHQ<u&Cy0k&aJ()yY`ydQ&r?mcpp_a5z({!<Ra<mCxe7^uY-RgT!a4
zp+Apni`3~I@6@CBT!G&zLLZ$LsGU>4SqjACgfBg(2;zQV`%X5=zH^`3#??u%WLT=(
zCS7jKv#XD2GH1(h+0aH@E9>^^qSs-8p5uLO%;StNP6ThhTiV!(v1WmKk*93ujRtC<
zZdV&TjMtxt<r%jhw~FMYlraSifFGzh2sEdjf&G8iVGmi%^7yOp7(3-m`RAZ<!wcNq
z(l~QXZq<wF_cG7BkOI%U$v=GV8O8%B#YLr&l>1%sk@CsIR|8>5`FG%hw<-#iKdK@K
z@U%~DmyO=Yv|DwnzG^3`oWQWUoEjNr-1Jc}gq2bmXIN@?1)lH9CfB6g55CwBtMiz`
zUXHohFj7PfhYzI@F2=ufJfvB5kKpim5~<8$*}8c_(w)L^xWEW#as|xZvuycenu9lZ
zUVLNGn47#^m=e>mmUOS#FgYCygE3#Zod)d*2{nB)HcZ6vG^=gu@%8&GI5HeNNs2Ve
z6-kdWO+=j5B4Rj1vsLmKuwTDwe|>V2e@b}CX^{9EwNArnf|WvpRWZbRLwb5nQQp*`
z>cLO1I8UXpu;E~~hi}J~TsRkf(xea~wOA#!xPR5xn}VEpVFwvH=6$)z4LkVg79{|U
zSz?~lO<4VrM>bb*+k1B@pJe5*>8644{re;v2JeMQw?TO7HPm6olJNVtSk29T_Ngja
z(;tB|0blvpBvk!J;DZorlFn7%?UuQBDXT*?Z4znqd718_2=+TJnD@ZNMdhQvD4!7?
zF)Ix2{^+MU$bWsX5fnm&E!R|=%V&1eE~r_oid$Erh&V@Y=j+++^u%7Yq&&ih1Sb@-
zFF2CnrOsuYdV9&WEI2o!7xBTNe7Tq@3OBvx_0l#bes;bGXVO3m!*dVs-F9!rbM!9j
zN}WR!^S_f8^oz`Ut;FrV&W85s%U7<^YDUILnQn96;2;^eKw;@xFntP~Jj68S>Fh+c
zJoqxVHf#e$;AOEd2bl61+A5k<mA>Bl!zjCtKd#|jCMr6WdMeWG$rsRE{MXWlJzjX~
zk)IAnna7h9USQ6YTpwAH*tD5gPOwcK>9{*^aayX)mznMr(DO}ftIk~j{xH&D^-zLK
zN+SE$bOcO|T=I%3?j?i&mb%WDz^HV#L6PLrCa6kQ3zRa1A-<oZi--|fVmZyZ%IG&S
z0<OH_NW5fMuB^ewrRoZE{gjtSRkl={ND;=%?S~vH7rF?$Il=QIg_enh!4PxXL79(`
zBDnd1hYcWk$_RF+mwlfV*SZ~skINRV7$LzrbVIVo&-cfMFDU5bJzZkC;h)Y=%cvdv
zyWhT;&SJ>pIpz+%7L8#&J5~0P1Y{TU6<43y&Dy>HSSHRib;_+E?bssuKRA1<s5pbI
z3G{>{1Pu)C1b252?(QBuz~Jr)?(Q0F2=0TsyTiZ)w-DSN?r_e3-|xC>@h}g-bbnv>
z?!9YQRb%QTlf-t#5v^|{?Kdfy^%_5L^c-<6A(vTHid5NNvEKWMw`LLbuCy6k6v7`<
zB&xj|lcX$!>&Kn+l<9BR<+q1-Q=m#j`tntRj^+hR`cb~{F(6AlV8_JWdncS_i_W9o
zbdx7wb1A?^I&0vTmyoLS_xLY*U>>(}SN2%L_DlalvU)O2Le3_u)Y8I`a~sC4tX@v_
zmXjy>Woo6#u&Qw`$ZMl10D%1OfJ6EplvvhBwlPs@BuQWv-}Z_t)DPFxZ73*g^u+`0
zWPA7_v`VnAx1^S`-*_+7NgDpS6gg;7WVh}P+{zhAP<=g~#S_Ah8CN6yPX+{*c}76&
zZ#^<Gj3QH*ZQ3<ZVfP{nTkf)CcN;vmT;6qDWp!Xu3mPMFvRH|0BE!`Bvy-1K(A66e
zCZdJgnLf~9X7oY+<!L&+2v%H&SBxvb!NGBfCyeS#jWQtZKFY#U=7glf@~B0ua&o5U
ze1tWd2`e{6Y>VB64<Ey}j<@CgUmgMA%z2vrmFu40(16R=l{hm9*fE!qmP$}R`I_hv
z6$Sq;gcHb97%_iBo}A$9LGekNr@!|f>(Ja6ru7j0q#=_TPYhd@(5=#CCF|7=uR80`
z_5bkdz6DWC73EJ%v`rPy1mQ0Yr{C|JNjzX7kzEpfDjBzQY_mJ+B&CblP(Dwru`N%(
z*hNRVLUW`tj@Wd?3fs0>$SO8_U{ekrEL3}lorEsWmI;WrF`Et)GLmx=?y2LO424b}
z-+>b7E>FxcigcNUX*>E5x7q&sSx-hrkvTu_ng^2%fqhu6^ps3)?q%9t`(o!Qx7!rs
z8qN6S9aho=_(sKK6$gb#Rwm8={t&)8ght$;9;%&+cyo-78ew+eBnvqCL<*aAO`AP2
zdyurNxc~~WaiSkwIp>-L`?MqKXRB+?uGFF*iMQ=FVt2&ejgU1#c%0rr7Y%xp$se3s
z%Jv2J*s5cNU9?xX6FA{gW)(+j*GFsb)epYA#jW<36g`H2^;npb0J`UE@|(#2>^3_x
z;?I5Y>&jO?<>q`<C)VR+x0*qvdL5HN;~mef62f2froUt!+Ag<789>C}Ulyog=y>Ia
zyHr<gjg1L(jkU}&Ia~g)M|?&7n?J6iTL^ft5H0oki1`nEEV}RScK|J?@auZu$aCY$
zUncN~km_6=-IMKikJ*L~Vy&<p-Vw?btRi+#hUeT$=Yz)RvD%#qO%7Xpr}d4zT^@*D
zApO#LDz~3{U3&SN^xNZ~R~434)GeH6t2Z2uG0L~P<cT&1?oqA-bb4X{gL(|h!}W8d
zR-V6X63Zalr9w?|f?S>Hq;s<a=~b4(w}%ndT-%#8Bm>tR3JRau+a%F+l6aT)NM8dk
zFPp10ws8o(by8~{p<i%^ICS>u^^w9@Zu#i<-BuR!mEA3!u`7XeQVer5_8q35GZzD4
ztYt)a&`oSxpaf(e1S1G3-#s;<et&Qi@uq+Da8PPmM7=*H%S!j0ife8z|3kzR?UXnv
zxs-S|ca(*k;Iqt~k9<vlW^x9POY*eS7flXSzOBn|lz5<!fRM9~D0U1E4EPmCUlko5
zl^b{-wg3<x)r#u*w}zncrRB%G^eIA$7l*k6XiFapl~IeCc{gYW6kAT8{NC`|X(at0
z;kpHTBw6J4Bbg%<w!`Dz^jn&x_@RspX$TbekrKeM_2!{a1pQ$jY;O9u+d)ajz;55?
z`{P?Y>d%&3!xG8<AwaLK*lTt_0}Z!5FC)O@#saxjuh}6`AcU!yiw+t=n4~~yTL0~t
zDuSL%UzRG(sCEqekrB&8pD|`gy|^Un_6M?*S?zbOq+>Kpx7+PV2{R%Xn<D*uLb~p$
zLPWTlAegi_<rjxmv;!}05*?2uCxa2Pz8B)i{wF7MFX=r4ls#E5Hnz`gl8~!(Yv7Ot
z!0ecVcX@}#aG)v=z`@TluqdQW<0;3m+lwl%Zn?-a@X!30L4?NOFZH8io8jo6P+mgA
zN|~Rj{|pLZ(T3bxIjf`vTXJ<2jONvifEh!*fKk>AvWHMJ{Iz<9j-nxfg}qu%6%4Lq
zIaf2w-Ug8RGBx(Pu}h6!m+TG|T;sP&q0e<izXY+?sV*TEUCGxsn|G3}7Z*KJmQ%cA
zdwsGiwEFG$u8+QZw7uX5W{&|ff(Y81?#Dr!P<&<6JvxCCVd1ewC9@16PvoIqdD$u@
zii2gZlW}&l>@`+zLIO6^D+KsP+o>O&bGnbLdQWO%k?U+getB26?+gXTnI<AsnPrUa
zQyHq;8FXH)+oFLop@H0{0qr*YE{8ED2lgKAyMosC(As~iSz38++gS<lc(L65j`QD9
zhLpO^N8VM~OQYwg6J9JPGR-WxeMaN3)C;46$huzb&5=a#fShe$mx3+-+43~!3z20x
z=c|dl4(&UzW`z^#bNYLIC>tlW{;h5cjt7~cSbjThJMv(>f+scwe4^%`Ec2Dlb%e63
zx%c@#DdRU!a&9C`Gz$Ko+Mw`3iBv;0fJu^)(vH{XEB5ZXFzm4RqpmqY<TmuVjw3+w
z`b?b~Nq$Y?%w30_QiRK1RHf!ri-d!=JUj8nxxFdFzxg~{jVyx--<|^fDw>a#&0#Fb
zwE>LUnCYDZA-c@W(2hMiVQI^VX^#SnF<}%oHq&JG9iVyiOmIfJUCYS9*Moja!~G}P
z16Od)7;}k6V2WSLq)aDnE{#^LbtL}WKBLJ=tDO#%WV^Q>ub{~5-d+RiRS$9nq<obh
z{vGe^WX8}|qHMl*bw93GAEMZX=Dg)Z3uwtm4$U)f>QR7ieAwhRKVQs&$P~*DJMAte
zla?cUtKpJ3Dt|bw>^?(%%WY{{cyDgez6guL8j^n8ROC?+jbuW7n+xL0k^`lbRK}F_
zHpsfVD*{@hI|<#tzO}deNkEL;v|q!_RnY@}c07l&<sSpVd=}^hy3CTSqDZ^2raiDZ
z*bdEXEgi#19JI~MtY|y_hiMin_hY`j1j7r@WM)2?E3MEqMYkts=n%wqFqSZmVdCOP
z1uSH9;EQ4M*rGg9L${hQ+F%hnwG+=`wLdU%_uNg$Pd;plhp%qcc+ybxYD6PT)8Z(7
z;gyOLDlR>%M)H-#VDb2DS#BYMvyQSaDG8`m21-CeO|2W!IGov5n%pcCa6J;9{ZLp>
z8^TwsmV>QR<&R6fd$FSsb-2^R7Y@E8M6;^}Dc4j(zbg1tbPu*&U0)hw|KzPcnc5-~
z%5dvNYf6?8W04QbU*#NB>KraC5WA39^YU_juMba9<2%Ge!q7?UwDr(`u3*QWftuFm
zMhsW1dfVf4X#n^Q7&m^E!SqU5N`@)J2JS0U@$6g1Vk-}uTf8_iJ=V;^K;eH0e)0q#
z=U(A9m>Mg!p2|+@flXda#i=XSdYeNF(}kURta|H*Cj-ViG+kyK!0926e-P+W5ZKnU
zKFN>kR?(ndb+B5G7uRoiXaw8wsz2CmII6T%DeR~w_+(**n$>(ix6GxVI7KF5%%k2i
z8J`s*xzi{~+Ug9`B!*dOS~K}{Y=zS^7B@6R&(<ML)Mv_BowoU98UVnyMEF%<y7Kbe
zf-(z|i%1c7NBCh2-Q1a<`#OTnw{nk6t(B3lu45hPgw>z2<#&YiZ&2o}&M&qN#;Vav
zuZFC5IW6b0XI8gElR#8y_Frd&NPwAf{_57hn|QZqI%#Q9dYx7kv_7+0JY$PQ{2It3
z2Y%|Bv65@rJ-TH4>S{z=1iAw3D=Mb1c-DcEN{ACYDU=UmO?#xQ{?OMABk=a`85JI^
z+wd(a0fKRSp|}=X$PU@y3A069`0+HQ$!+b(OO&Y~Wc<tf@6psbJKkDk_yeO%QO?#3
z^hH4iOm@*=aYyqzT2MnqNTXk36-8;G-fRk~GU%Bf9CM$zSV=HvcaD8<q@kumcQ8Cg
z#ln$Sz%Gj{OJD+pcq6EX>bhuvXIz0cMSoH()$e>+q?xj0&7ZVal!SVF()fxbjrJgT
z>hL^oJ8^9<h$sb{?tZG7@4n=)_kHP3HGj>z*#COAEXEJ8Zb)f&WX&$FL_)#=B_NA1
zL~=xpHHvF&mV?NmrJhlKHu{m_76KO-cy@K;AJ>~IE?S25)Ki$TXiwIbJ?GY|MQiuS
zq!e=+vzF)0ar{H1s#=c_u+%Y@J|mU43_aN*Cs0v2#~6})pAN0WMV^%Ueo|~LBQkVQ
z8ub1C9zn{^9gvYkD@g&AQm{4|0YTYX^8p`A6-1>S4c1cakM-t&7bHhTIGsWfl;H*a
z`@CJ_H0@s^(uZtySAO$}`!M!VYdn=NOJO9t61F82vL4ib{Xi>Ao@fvOaj#V^phE6j
z&5l;x^Q1FR#P!Mb^SjFUqgwT<n`+Muq7^HCpEg1BZRQ(>mQ~=+cnT~{?FCCCKXBoX
z6<wCz(OoN9qtrXN3{S_a67SXR*6tYo#3Xr~IGDC)3t9^KSJ3B59>-__zMF8qCe96K
zai%hD6Fwgbbu4Csp2@hNiMf<j)bkqYbpLWX#9MZwJ)F4G^;`(D%|zDL6BNnrq5?Kj
z@TYkFELzVT1j`;<t95Y&+{d}2a0-oPOlw3I#5tLR5RKhe`bNWAGw7O~ptI?S#1plx
zB-H)@6Q5E9C@b}?;gIO7+A5*E1jLzAjX*c6q_$O1Gx(VAHcgkkqlz4eQ9HuMP7znr
zrcdL&#AR}mQ^6Bj;vWqc$x-EKDnS$a+(;_r1Lrg?tWIuM#G!4K&fc1VKQ`G(*$PR6
ziKy|XEvR!qB1@9AR6BpxM<Zj!S?e`|E7e9*$bqTkz(U<RD7LiXeX176$$w~Y($6FX
zZ1;?2qUn(R1$E6sm$fl<ydR2>=m7f3<UntQlh))_mJ8Q}P6YiC@kvFzuzR$<QiLoC
zpgp<XG94~2=PyD(5sv;X-*%$g$FpAlIUs0^JMv5G-&Fc**0U`!MiD#l(--|^I*SK^
z=dZHLvV(3%p|R%9hZ#V><lj-CE=f%+C##a0nF?&7JxJ}AB>YImTJve`W_Np`!L4H2
zL!x5)p)j}sU_#g$L$SFqTkM&HRd>QXuvoz72eLN>`ynNa+_u=wqyYk6^101F)E6h+
zH0Z4K$l+FHJg2X_y20Sr0O2((@QSt#UG+3QbHZ>btCldw&Z%ikIyTl|RQj&1x3Qe7
zww~6F2RgSkWP9q{T&0K^tjO;x)G+MPE|Wo68v@m~1o&K`rm_w^AV|j&ZG;~a;Y8<*
z&~{)F`Jz|i8~si+C3SOWZyVw&tX@W<K8?3iKHeYBx5o3Zp1^&biAy-l;RNVcU7aYS
zl8i&TGHd?nC0AL23K<ixXtH$eXCtdyZ$NqXMp~!pljZ3-**-#_lymoj5mY=y`S@nE
zn+0wOK{rI<FAYHz!oPq`Kc5+x@RkCwQ;~^1sfCv55A>x3A>(yZKCJc|TAw=zq{hDR
zJWxUfZY&g%4uI}u9YfTWmb>pK3F6HEkV@CzrFU`iYnq3WCJk1gJ_{f8|5)a(;PsW7
zY|0QXkHK58<u)59y`(iNY97_*IQH97p=gaU7}zVEW$0)Rk)-%Ev(K{5>c3!j#MNs#
zB}pL!^W4xQ7<ZVUHnf=BS-%=`9xyzSu~<Z*TMWiHXo#aS3!SbKr3p>1*b4V4VAfN)
z7{?4lO-+9VvEW46JE}7mYJoWWltWk?mn(+4*PkMdpa1bZ4Q%|!ova0G5b6T;reF0Y
zEEHMI+%Ea-1aW5r8M|#|?P2PW_u`OaWbD|DrCN62%~|8O`N_NX{cO=NH{RX&u_73=
zxLXRVMq0R*KFqCuPEwlYFeoCz#ckefUH;G5jqyy?D;%{0@90b+e;W)$Tj!jO>J&oP
z`YOA~r4;k8r)Ise=(ZnqT)<Pww=0QaaXX#08&0S&%iwGbOC%)WUo)ah;Y<T*dpx$!
zjmy;*^P&R&$PZ<Hvu{q(@*g8>?oC<XxX+u!(;F8uq%+kc<1idthAjDwZ}Iy!==6DA
zFVLmqD*D^ydAzys2C~&zsK}XU6!9%>*TdMDEbFgztE$8`zABy*D@D)u-F>=r{m-11
zV7Jkvw#Hu6zP;I=yS;eZT0Ne_btnt-vdc0}$ov*wpi*UbnIz`bCuOsTO+rYE1SYwi
ztampebEb#Ycj%fcNqt5NcdK7q-tJ!^V*||XVY$}fgqI+Eb?Fb=_JQCzRf=NrRb1mC
z1|lK%Y_pO{C#iz@3H3o%ry;k`Va18r-Wl5+U81K;X1d;7YE{+Y{ritK_5$G}eICw&
zMd1y95DIeFcdjDLh=jaSIRv!pUFyRBuJi#fCcc!i22Z<iK-f3JR^pS0nn@`tRp?R{
z(D>}m%>3sTKDyCf<i(-TMf<ZDW90pgfnd!Ew`mo7xmUIq7<6iPo*O<61{4<-qOj45
zC!A_S>gZ%zM@>3v6%N68g!>IVxuoU47+>*4arf8?hqO6Mp+DeJVb@Ii`*;)BSsre?
z_C_*rIR)0)NnTMIRD{h{+L;NL(?G!v@<AhmuJ?MRbMV_bO-qVM<(zx>Y9>Q*R^E@x
zI_pu-S}cu`nX_2zy-LoOA)FG|1nOO#&PD?SGaKdSD27f^k8G03BN62cb9AZjd%cN(
ztLM6RZd_3AA}4h}1#ZC&DIi^lT=kC+1;n>CwK?xNVs2fu#9~(Rho73|i8RQyA|7s9
zEikKet0aI*23c$&85kizUQ%*YAN&KrKHpi4Fy_ljM(sBIOpC)OK4W5n`RBx3oKKJw
zHMz2#wAqqz<gUq#451kZl{9a~%(<FVUjAEl)7k$}ERwiPubR1RF3v}c1DO&gQ+UFR
zeVyuzhT$Sm(tvIowe#i^e%R;APG@c>j6j8@cYfckcEimSGAz-K{aL(h>VrcRrRu*w
zzfayM=Qf>F6D@rdR#LK&y;O#^BO$SvY??dTSP5s4%t~+6gBJ@S0`Pq%{Cn!zYN(23
zOkPk7XOYQlcF{wgxiO142z7Zpp?f7C;!E#*>b%m-t-S5(RaOMakuJC5Xgc_ybrR5{
zKC_mYi6J-VVCo=5(jgV|Tfc-mVBlfOWLTKgSDlOf1-=E#YIU!9#*_M`lw(^8wP>iO
zs!mzx{JF%Hq%Bp`BPwDZp<q5oL)yMF@w0e6i}iesFscv1jM9@x)smyuNpt_Pm?Q+w
zNmn4tOHq;1ZpsPg)*4=vp)TBQZA_`p@~VuY^ZP<Z=vLI)>UFxM`N&Ne+3dYKIar<u
z|9gLfgI4W2g)y!dJpgLPtdubvoj0uh$tiB0b<~;U4ESm;)%0CXh_0{NcgBa_@Ahsp
z!AP{_m99$fDa0T3b<~(@%c1>_WFJnhlwLWXwLkVf&hx>QEb%|uYo+BTU1@@7=ome2
zKq97tQ{Q~_LC#)%pD0hTK2`C$1L@=5Rf*`^rJH|}L8xsPnvWJ0od7ZOmiesS$86H#
zKkVq6oumvoC1M!4^7sxMM9A;;Cqpa}2;EZj53laaT8Ii&)iXJdzFrQ_rMnDcH_g)1
z+Z3TPI8xnxg2pTKMkZU?7XL~Wa6BM>0?mKqGJT|>pr8;Bo`?&kv}^zMi?dC{0!hvl
zmx$md_p~-e%?L|!Iwy?R&}o3BG<~H9m&roI!t3&CT=)iPF!gXvsMEFiWyt;!z=(ZW
znIAW*;T%XgS__@jvVa~7=mZ?&46z7xAJ0=fJ*&$kl+!W9(Ok?>WHYyJU}jYl3O{l4
z?ZE%pUs0laB22!d2Pa$$R69L6G0Li08zm{#P1!N)Ra-?_LMwqQPAQK)84g4OdF}ma
zo<{9qm*N4v{eCO(##LQk0=xCm99tiVUX#_V&#;P2DpO^KWk3AQrpVn~p8YsX#&n0$
z)<qIBpbf$xCizxqP)==_<>7QwD#4|;ZF5-;Qt*aOO*(o^S#sO0j6OVT*9v$TUxF~!
z!#^Zq8Ea5uZr|bUU&dxO^?rA#Vu-1~a`($UKN=VR(~c<<|6u4dkdknFW^_x3X&KXZ
zrbhC!nq6U;CCOZbXZiG9RjyP2(r1%SStm|wqorowEpn^VM@)lX5$eAuQNCO(+D`(L
z4wqZwuBA_$UuKDoctxnba2Z#1CT@+RKUJ^x9e{B~bu}^aXp_|qapeE@tq3wr-y6y*
z6P%wgH)nhGBagiH>+Q?<V@U`&y>5JVw=bJ8W`o*7gcK>+UMmx+c2ts`q6*<LYrgYl
z?k=`1dzz*#-V!!B9p&S8CZ=mU>*UCTZ{2c<{sdl2(bfAf*W6Y}$TppBVPeTDNH!X{
z;Ea$ktAUTH>`E!=Mix{Ph~=(2p0n3GBT)6->tCkrl#H9BpqSE6NzOYDWppD^U;d`<
z>|f*Fm82B<b;>z;!T~<VIX(0UraXM{BB%~;w=@J$MN|n2*AZs%_|=}0KjtKbt7kKM
zrC#}p;NCh|luHN^I(*#DF*qEDm5;{T**jU_rzpF`R*%t;Hq}xrtbX+JqWxKQU(Be+
zzAY~2>7o+B4$H>}->hSZ+w}XX54(s0bPk&5!6GUbSNNUh9}~?o`b9)0V^cA8dH3*|
z*pWu2d}TL+D0CdEgiejXE4-UniIve_e`yOJXrSo#7fJq)_J(&by0hOGER)OBaCxsF
z87a%u!C7-%Jt=DIgUFFv9!4%j+ff!E4OPj;#W*&N6|S>$z{9yk%B>=j^}8X+j0Ij&
zm+siR*9(VLvpZ=O(W)uk$;qS9#72Ey48~G5je|nzU_}nZ-uMwaN_yYKs;r&Di#UqJ
z=AkyKg3O@edy8DT{f%qZTaiz1!$@v=e7w8cxOr-!zED%Z*PBmITND)RaJ)U6hah{P
z<wki8Us%~swYXjr+!hVx<y^WO6ko)B4W2OeE+PKJQM*q7d{6Isd+-8~Ic*1JXPRmo
z8LSM>voX}JoXVt!XWj_Kk_trD7;c|U0~CN<QFhAgZsLRVuXvQsa-9)}J<G1gO&EQs
z%pbHDzHgNVz{uo}Uz1Z)6B84~TwOU;RrR8xBfX*Ih2i1h^E#dq!Gq-F6o{zEL(rwP
z_-U0$dH=sRrK9U{=4!rny6Z)sr0j5NRw;~mFi%bu`C1Y_^Pc2P=|#QZ#biWm(pxcm
zT6K_kKmHv7v0lSHdXHWQn1n9mc>228YP=Z9#Ff&AO5Ab~>DK<p*!E`k{`GD(6($(D
zG<SYk)=*RlQIy=ZN|M#O<5I#?wn|wxn*4<O9280}FLTL1SSp)?2Wj|d9JkW@xrx!#
z)%KNZxP<bNP1|zZVj&!r$W30I0^B7~V36V;yr$EWoqKFeZ&7`?femyGr@6{=P5z3_
zjh&LG$cHUyP1%7$P5vb|xwnioJLlRz;nG|hbNdCM#K)9GwI6rM*F$YsI_9FDOScF<
z3}cf}($s!gWc4{G4$b0DAnZvZz?X=``L<Iic8VgL;rBxclh6Nu=DAM+h&^l+j+EXx
zyFYutfHq*RF5u5-T{i8Qzm#My>B8<xQ{jK9?@zuk-n_B~j;A^nTUy{(aik!c2u09W
zVJ;j>9Nvhh?ucrpZ{%Jtmi!!4O95~#EHv??f_Zi0L#>5nZ_N28gSS7YP0$nFppAqJ
zRmbU20Rk*k$<<UZX``?(XBcAADY*4*H|zT?BPXVHBAyKKzA3~mIYwf{$|KydoNtN1
z*yJg<u`u}pqQzY;t9b#!ve<BEQDa5DsnwUu1_)hkk||BUL^FGA1TnTiL1RUd#$Xlo
zk~DcIB#0dN8qD(TzY2nnzmT9lVl5>g6jAyaf@R#s)Y9-w)5zZk!A#=8m0I(&lGC$j
zwoHfpguRxx93hobaDq7pslGZkbA^xU_ibg7WpcIu0vrhj;ubVhG_<r-RL?;p?6T@^
zjTN}%YHKQ0@FOrOz(<(efhHM|eDs;q;;$-UafAhJLWZfF`3)$ZIFJ)i%^5My>HZZg
zq98er<m@XIQ8V)3fdlq+#x&Y!-v6K-$G4SR^+bLaMj2KyY$doxb-;J{Gr%6Pm`e1{
zkoU(#uMklOwoLp5CPQoGYt_7l3idU6Q<A)npe;rcb%%*MV{JNH*nQMqtz#u>)a3nE
z?itH@kR@zfLT}@OvBnGl+!lXpwIFMF&K1~=S9+?LqVn|%dV^#D@Ggwv-+$v0%#?74
z`v{qK{*R^KqRUqe@kfql(nuZh<EHx7^Z!u)JKa_QzS9kvasnF-N59nTI!&WCVH~q?
zy{?ur7tX#?HZ7rAe!JCbu+g-&yDw9u&|ADGe%;r8O*8i6kEgaJabZw+)L(%q6S{zJ
z3*&n*lT0v^T5zTN-*e3(5TU&<gIYOu<Fo0bd0UW%1PjHG&(0K4B$kN_v~Pvl4{zNC
z_3{0fgq|>^lZ4R9Xk=>#8-9CEp(=Kf)^0p8u~@t`>*hJ%j)rx>-{(_hF0T8Cq7a{r
zlYi0m^`^|cZGyW89mLsL(74do<)7<rdO<1D<h3CpSK^m%BclAj5vc?-nZ|}^vdb1}
zLHrrj)Fteybt-F^sD=*rk@PVTPd-7O7F0kefBN$`*tgtlg;6q!M4(K79duAMr04v1
zX23?Ze3w89%kAZNH3xWqvyce8_=hYb*n0r{cYTCar0mZnmp-jz#F5)Otf@Z=tIA`G
z%45S`;Pwv$C`L>TcK=g${;&r&n1KEQLpJV$Y<lVwDXFpVvp9mxIMwk&Tttd`W}djE
zE4vq+tT|`^9q$f<bUm#dC4!Q=JoprzD`baS3Y~uF>iV4Q%i8<2thO2(;b?pcJ6?Q!
zNqX$$J<CMwG??Kz;;4hawkB>;UZRqg0>*s?hTC9>_3X|z?$>x=TG`ViL_dkI>^Hp<
z1zkUBfHCP)pg4l!7$qHDP{m&?=L@+6!!;ArNQ1A%m`zIuY+xtcajms|z1gNPsVF*`
z7-}&OMPXt8%)_{;a^G!_rBT`uOydE{F*nMtO@@GF?nu0r$<qh=xT9c4G0Nx6?T3i<
z0_WlCj_FMH(YXQ{l$$<n@VV*}K90Dr64ihWYiYs7B&^ey>!}ZMO_Jga1fht~2i|~w
zFCeXu)UN8uHx-lrJEaA3rI-t@4zzd?<E<6GC+2r8+FlYrXgy<u=It_E;#d?)^pfPj
zZo{O?HmXhR@WEksbYxj+I+Yj_HN$Iq#cwKX44X?7*X(thWFj6q`+R&b-6{0G0>{k0
zG4$a2T8DEn^^$JaJpSw1ea8`p-azNJQF~Elpc-i|aAmTm7MZWf0TnqdebkG8y3-8T
zTXA*#UzoMT-l0+<S@Pd7eO=+^PlmgKhNvibb}(CQ<feL`Bk##SpL>)EUh{yjQJA#8
zt;qv(SKomRQ5~O0oUt9$Xzy=-=o8X#v=-iE!UigHOJ<fHAdI)9&EaB-;N_|1+o<E)
z7%Aj~!}?7{dBsD;*J9jLU;Cu<dTw!9W59U#DADP!$I;iJ&xxOM6j&RY$B*yC4%EI%
zR<W$L(bT&B+KIWV@5pX@?Jow_Oi{y})L~*H`~N;?CSZM$i3WA_JQ5V`kNRV5%`qmd
z)7fkJ3lp3dE7Z_lUZa_??UNhUR#Ia+$q7=<>keiM`VO7JNTP~6pQ20RrGoFmyv#T^
zcDrv?b$FOG3jBHSAzG@TM7n(NDSt_dnj{KvuRg1#;6Ck@t%YW$HnrApYTJLNDy37w
zZjpWN*!kkZf-*$9Ehd%GPe&%GZxuTbaNB2k?nh+)n!WXCK(vr$@@nko{WpWnbJ8?g
z3U%<emEpf8Jc;cQ58iurV@z31O(}qz3mtgdXS!*dwG|J~1jvUowrh5<)Ie<fY)Pwr
z+u2=uQ34b0Bu?x9$y`axhgZk<q)y$}b#VU@IULc_cX?cxv2aSrA7I!2t%aJRkObv;
zHJ0Q-U&op9$8?|^puo{LZo;JXu1tDc_$sSDH~~|Eb=F~Mi7D%B$bs9$pFP%mVznP`
z_WkK*of8Q|v?9KlFmcquT!yeaqxuAo*)?xu+NMc=7jJjuff?TP)PItk%vedxg6|`9
zh<tOUlliM9C3kb)^l$k9@P7c{vkY>Z(GD&^(`gp%h0R^9);zF5ivgHR(a?J{`4sH~
zT=<x5A&m)m!Vp=Ph8P<R9N|3U&v_6^_aRZ$$&o!hDeU<^;J(aHC%=RRp39FGe|e^6
z)~B96M>cC!Y!CIbz+d1}y(6moW|Xvtr}$^;r5i5s0*Uqt);ft+YIrddSRo|c2YR<~
z9-0WQ^G7Y`9dh_I3QZ;^x0^;pDhSLyzjE)*&A3;1!8!^4SRak_b%cPtZiLKcFU2Zq
zl(UTEt)rzgId}|#JliT?ZZbY%72PLzPQZ=bxZNLJCZrQx?X@64;|5x|sF?3a^L|>F
z|3pdse&H$cv9#5#PU|JE|8+|+mD7G0;n@x7rTVqVKwb3bC$c3ijy84D&_lZ(<_4MV
z^6+|&^y`SbvIPA1Xki<9jGc0Av2)az=L@{v>FYZYgW3R3Vx9gcZ$Gx22F$Ge&i1qG
zfm;xE33$R{7%WZH;fi?5QGa0D8QFPAx{ay*)krpEPq&Sp%DPnpmeo9QzJ+lt6ZN&n
z-|Zyw0wxmu$0ZU>k{_5X(iUfLRY)4+foOh61r{O^HES_>WWbdCqBcm4>x$0R^#jK*
zZTZY+Y4uiA$fywj%xGO9KFMt9w90(NQ)42p(s+`q250?QKV#Jq;UVbOnOl|M41<T{
zI6KCq#F`O$3cG(oAip>4hdM`w&MV=S)Up$IWwb$ry^+q8g;7qzxc(&`t~JOdip0t8
z2_5CNZ0I{73rT0BOm;Kd5=w{i5Qk5-z`I>t^I&4rj(kLT@g^6tW-*sIr4~||2mDwi
zyzyVH7$(GL8_RK0z!pkDopJwdEmu<dK!3qdO1|Kuf<m#+_bB_sbNJU`WD4m%#9=%O
zl#97p>QHvGcKmY5;69sK1cCZ+$*uBtp>4}J29<5fxXNYEmX_S;#;8rZVsd03EfT>@
zg?JYM0aLifksD|WX1{YuygRaHi(RZ<^3DO=#+_2rUM_=Ie-(0GY$1Qu=<f4jA*tyt
zf!ne(QKya$Z|?9?J{IVU<5!i}47U5E89_*gRQKg@K*c#oOEuwEt>M^kFmFu~BKMm)
zn)+yzBvy(2*Xf4;6#;KFjP(Pu?fZ<v0qxnOm4qaoiL_+yUQ4qE^kAQ0(+0U9(NTJl
zm_BNYr}KM$8VZ^n8TT2k?8w4nJ0WsM+ge8tS4b3$t*ws{u9rI6HP9<%ya(54CaHg)
z8ekjL0cZEzJR*LuxzRKq`4r~HkwIhH=-I|_LUmr`Ns7+4_H#sx#+Spk#DNwHe`da5
z07zr2_;YK(fpyPM?4Xh%EqTEeJ8?MltLm9`?XW+Ha<x@^*h&7xtjh%8?Uu@JRUbvI
z*eIr(f-Tkmvl>$C`yq<Na!Wl&YPwXD(SbMcV^o!MmkNHirVQ20^Or@t0c~+RUhG_P
ztpp0?#h8+HQoXsY^4u#z;c(F)cy`BdgzR%76c52I`){<m{#MO(^C)ArNvy^#L2f>A
zE>9q2maVa2pC$iTnA{bXen-I+#@vPyiY-mlTQ~G->K~4MB$zBpDzrQG)iH$g3|J`Y
zR<B2H*g;>MaZ@BuFC_FTYf$@q&$MDC=iAxZwdCQj$)sz!8_YfTV~#wDWHhw+*>cl(
z`4@kLsB=3~k}D^$M1ZwwD_$Her&@+5h$b|U$Yco)-va^XoTTkZnE4sz*!<28Q}j}w
zp(C;KCJqYS;bi|dwY0cN$0gqD$JAIn|EMt}5WtDrO9gfkN99=>OQs5XnR5l{l50hI
zG;gYAij{Q{ms2xYRor7|V~o1?Ib)b;3fL61jf{dHjlYOa-XiHMw$i8$(U@@e#^0z<
zIq~zp`h+s>dRlxITxQ1&ni{V)ct$|e)gx@sEcQG%HI!bQB%Y#AV+<@)=jsJl^f>N~
zxAj;4SyB42Gj#b3v}fof0B6mq@|oiboIBoYggy_TL^bl%Do>DeF=QQO8#rGejj+&_
zw6|tv{&Oyiyr4ts3>y3F7tQY{RoIDH)0`f?59Kg`>9_qqXhPO7Ep(Z8Iynm|H2~ZK
zmCePApWhOo<4tJ*SHwJ)NxAHroahg}WfFKS_{^kzj!2@egXI0rdE)0GnOOyX$R91V
zF_Si4hJ<1LBt&d_xS|Q8@jL&d@2p4EO*TW#rjxZE-K>L$cHPXJaShtN+|l^;lP-$j
zq+g0M$%8AYinBV(_zgixsvpg@K3o8ADXBRh;G?i_9V<|a*c~<-?7yr(6=NC>5p4p!
zGm7@Zg6&ZDCKw@(6na~nA9p47PXrBwa`4>-Yh(c6G7R=D<r@8J+y`Qi>2r~cxt?fp
zzb)$FLsPyNF$MLq^=YjiPt6ET-zADwC~D9AcMgVCdWr4;1Q8>mhVCP@N<6+zg#9|(
z(`5_QEtf<)zfe=lh6J;Sd-FxgtpHyt`9oB*y=-KIG`q%}9}-)Jx3#q~cQ)y$CEJu3
zRVdwVNr+|v(2V@KD#vpH{3|;NB?=ao07)9DI1+_*;!Xo3?bEu_-|Y<lS2b}08iVwF
zuuJJwSDMJVB<Iz@wjoT`$X@;+jMA6_K^sKLchu%y%0-Mr@*Y>D;t?RA4)l)UVTmwy
zWDgUPEi|S(FloG1CXc|fO+M_gK9+ev-EhDY#ix(v^0K0OQ^hv4F?NH3*PPlx4m=>o
z_m{?DzeQVTb-Ivcwp@%f7j#ngsBQIUiEgXj{wmQDF3w%+k?OLM<$ZN3^fN(!%GBe5
zacOGYEMrES^I?6$T4d`B&8%xZ`I7#(d+1Lc=8h@Mgs7uHpKN^LXs5h5tKD6hh&e1+
zNwqsk&O!a+j=;ggyG1FFgly>5+JIKS(oocP;EqEiG8TgT$lK&XRJg)jBAcU{PI@tT
z4eix36jgoVI;kKWjSnbSP6LC+Yuftrk@p*3N*ir&3~m(2saaBZmsYd!R^M%RZnJ^;
z$4FX0^;S!@RtZ#vJ`Ue{q_mB+7*x$Z<bsjYuiG5b&HW?gtNGuZ_w%2A(-b<_td1dy
z)S~`v4tV`8^cdCvlKv$AFu~Wmw!P2mp>#AVG$|DIg^@e<Nk%*S)HuPnZFqoVh_~Jx
z1=(t1@X7Q)Xr}%^y=a(1KkF@tokq%n^`MKxSKd{2M9xc0cPh^(R$AOE0l*XdCL9Ii
z-h7fjEy;mNYpRf0S+p86?I~{8=ZU;~`5gFpTS$CpB$tEyeugw;mkuE1{-slzF=OVu
zx}gmEL&`7|W<)_p(fZlErywUgk|~~o3e(e_sXUY5d+3tA3|4_%1@?J^nSKdCfe;*H
z23V*o${ZcHqRhz-wq8$tDpeBy#{-mzTgGHdXG?RszRs|9Paea!*a=7QJTe$AkirPD
z^X%nN?BDB7L8Ml&<;Y=bGCf<!mIiPuA1zH-Dp8oF9=rCa!lnGnB$qQH*?8Cz=Cqyv
zF-5>xB)MLVZ`$~uK4CL_V+W#gG#`Ht+Pb>*ok#f^{A=mVr#+sh&D*?7i*0IHyFlhJ
zPw$XB^~N^Ok)b_%bXMo0!@bT{jFjJhCcZV(E_1r95PuH1>cuE#ScU%!W#BOwTb_`R
z)uU&(Dbx-#m-L&hv>zx2(i0)GJHfD3zV&66XtB=Q6E`zJE3efVHPfYuRIYCsm)Gs_
z^Gw<vn`ZTUR6?$Nr=&g3a-QVPq&R1K>M)I6Q63n~;{oHX-1ak=AZL`dHBoC3mRkS!
zknzf@SQk~?qQ3B@i9d!BBh+$g6hVwoeb{Cz48{O3b=lJJnVC&2qT1?qxii^fLu*2g
z)BZRrROIVO6ta)Li^I%Xt~VjJZ6Y;0jClOh?v1RhY}|`PZ=OY7*ZarIX^)v%nIfEd
zK`v(292W$?<#)~;+th&o)3-8s4#c0sg)xAENtabgE+?&SY4Xf#&Ds9pX?|Z4s5BFM
z4Q74w&X4Bb=Xz1fi5rXSO2Q??k!*TSB37sSvU3ip7bJ3S31vGa*sc0XQrbvw*kH)s
zc8w&gW<eV4nF!H<`;bBkotWIQBJX;L_ZqJ8@^fV~s5QHN!>8GBWw7Uc8>H5SL4UDp
zGfxldm2G$1izu^nEKOwc*@~~V)?MGW0`1QbU;bT;$r^B0%xJ^=p{<i%1`*wOwdcGF
zt*82fvYHk^X`>^FXs!LkjQ~vi?byOW5DsqSs%6xx&2DA)kh{kIl4^1-hFmn`v>KLY
z{l6u)4QcPo&&?sMoZnOqDc8{AiM2aD2&Z@gNJJd+q6vsVTpgzt^5f^$A4`2qAWwhu
znt+8%9?ssqTRW3-;y?|F<9!6^2X<H%rfK3c;9;7|NE&!^W3I6T=A0G?uJm~j*(-5`
z9c?cMZ^ezO9s|&1?#rB#LdI9}El{nHDMkmK`r{m>w>)NoJaz)6DurRh9yp%manCar
zL~n^d@YB-VTM@&=C(Q>)Dzad4F7XFCG-81>UR%>G2E6!fa#g;RJ}J(W;Us`w&8fKv
z`=*AsfIvIpOb&&H!*wNS^jA&mU8zkFJ~9;GMlmIR2j)ZIYVS29CQAgJNp>$hbnk$$
zlx7%apYJqnejyl^uxV0&loeaHh2D-f^-c2?$JKr&5GS(nNNh|CIo;u~$_xJFG1nM|
zH{LHvz*e$^?hOY3JY(MKU+I-ldy)D=R1L`V5V7=`&lJ`r|3=`GFAXxi5W2i~RLi@e
zStza!hkl#Q_DS5dP+Arc8oD`GSJ(V%e<UwvK<w!5*e!Y#vCWa4D~Xw*2a3#u1vve;
z`TVAjDC9jL`l#AQ7Y@c2`1RO8CGxME5cI@^V=ceNpq>g%AoUAx4}Wj^NGsPWs%f2h
z^7rj!(VxC0btyK8ELi2<V>bS?Hn%=~odSkpZ=N5!#BZSZ+lN9i7<~N(!Nwu|&lN^P
zm|o+*rYx%WzyJULk}ww6f<{`2nkJTng~^XexOFg`uGTN#PB4<LR=)2ZL*A%xzD8Q{
z@aCx7C#^RJm?bF~rA<Q74bh^sgbpQx+)~NpFG>vdyk5A@+0_zGQRCAuYdz#_Iip`x
zUZVAMu_CZV^y1&}X4Mk-rq{?Eg^M&>Ogeo;r6QwFmKq0f`tnn4rkc*tA|_2umzv^S
z7%KED*O~%)w>CyrroM1EcfecsSJtsgc$mLUKLBPQ^Y|48SGprhiVkX&9EBdq$9u^g
z1uwG4MiFBQ(7S(_MT;WFs1Irgs#ADTT9sDa_~86pqLy%4El>v=#c0=mn?nt~;FN-I
zm^Ny5WVfy1P`+V)26w5WhI9nOMcEuk#I!{xnX7Ic<MS_sLJ7P7!TarRY`(XsNI(O~
ziV0tl1TX{G6pL;!XY^Ly=`shDoaEDX!}yt*2>QQHhEKyH!v)$szYqC`eaoe$?Lxb4
zidXWQx0_tHH(iLtuF$DX#AZ--{Hyk5(*pY+i*Y%uo;6hYp8z}oK_4aq*BoUAfRV|y
zM$wDNzr#wb0P*?RHS|W#h%@$`)A>~_c!e+0!Ie)Pi2B&cAb`6moXa(#+LR}UyaSb*
zTH!tZf`<gSg1Lb8i1`Fc!&+g*@Q>R@f@0tws^#Au%<L!z%KFyG(L_P#q}k!|;S!Z(
zrOB6AT9JM|IVX2&UBm<P{WMkjsQElAP1t*X8y5hK2LOKsfOm4@-HiI>BIc86k7*>B
z+`1UkPB9L!;nU+UXVrq4zIyDu(j90}ukHq?&~*?r?v#W3GGK03$}VKaO#{kFG)vpV
z9gPg>>n`-ET5Zd2=j6C7xm#O3nne7rnc^%L;j|-U1DEXkj9Rr;hlaW4HaEV~$wP#J
zjw0rLMspKHZNzdv3QAT|U|Z+47q;_$dNKhA`Aq~E0zncs<ljX&pVFxVQ^Cr?cGXG{
z_l^J)h6^gF+ec*Wiel~8`wD`^AZ-1n`kCr%2>U9xh%CkjoqFGX2|ZW-Zn8YMRp*dz
z7iw^h$dy=#6Xa_>1m#^fCKtc^3=${So~;EXd)qx(9msLIc)pGF{70~n;Vo_s{NL00
z4gmkC)u1{?HxVd|n#U4-{3!!#XsF!|d*2IK(1g5fkHC1HTEtFiKY|J~8V~-X?y<g;
zFyYA!G>91~^=wzO{q#^)N;gsbg##u;{D6UhA*&!qO~n+lGcL%^(O2qO`_sa5yOg6l
z)J};m`R~oVny92CV#u;lGqGWB1&a@>CB)m^i+Vdt^{c%uD%XOh2DU|FQtDUJz!M_6
zj3OK@6;QaIBz%Z94=>*`!nQIzhubPD^MDn4p1#~jd6tJo@{UD3XxW&NEhjnJRIYsf
zojfes;A=vJ(H)SX?f~!{xt3fJNWxl#^+|`prnJq15H_zN!rmL<lUmLAP3OeJRB_$9
zW1_J41rfK9$=H<g>8!`}FtXO+a{4^AQwjq;hu}3>^?%3{FDf3&_GkLXX8mpb4(L-Y
zz^bL;8@l1)jRovh)Dw`6#{zk;#%=`kM0ea~E}r`JTw3_GfsW}hu5iDsoanr~s9j}?
z?{NV#`ERJk|G9A=uMNGg?}T?hTt&)obFjh$<?+Jh<>53>rO8@)CC;$-chFihHSK;p
zq`Eu7N5GP!I6&m#Hp%sK_F(Yxk{5cCbS*V8Y&nrqy!C6>aJX#&VD-1jQU~6M_r*09
zq}otGhuLFlVtkZ)K`6%q+a6v#TH>G@`&)6}u}HcRx1FoHT?KB);Qc=04t*AV@19$F
zl&v&7@Ehp^>Oa{MOVs-v?XFE_yM4A3CE5f@6H3GN@QHB$XgvGLU`c6S*S*MaGiHLA
zavT#VS5QVJ;q;xzOSe@XC&(+0&9`F<DGb|$Vff3KiBK5sftjE)WoYR0-&I>y)JKPJ
zW2m@deO1mTtt8&Y{)79kFIJtvKe^RXEWOi<QC1Q6JA)lx?*7s*;>Vdb=aPAchT?sm
zHyfvA&=Nrz;HuBG;c`@0y{CO!!sl|3ry-S;W<`MoW6V;zz?=7Pa|ewVC?r{oK<Rv~
z6~Hk5wrDHGYh|)r@a2!Nuq88KLtGASpPQ;8(pp<uz1@`rxAE;@u>@zSlmJ#nUWSC2
z7~{FBM{~Uy+nyVU)#rta1S?ftM_ty<>GJ_gwWEoWvDAFI{M_EeLE8}$4O|r6Z^nGu
zp{)I(RJIa-hrxp=1aHdCB<2E2S=F^-Stq27^PUf#S3Ogw{J2fy=3*THok^Hm@)Hq;
zI;r!BGb6PzirK>hp+TfP1zSn-R;0?)WMyC31p2sQ<?`;ou<|@oe-E&u#iK&ByYRQU
zIr7nUKO_+BOkhEHTjr59*iv@I-2n{<P_1KeNam)r<g`r~X~5TcHTO|(-BeS>p9uP?
z)d>1)uPPAwi_*_Ed%d~$(SOdeVON#c`Lsqc$V;=j&QUFT@2Fnei6X52Oo~B_!d=_V
zb|H{#9niZNcI_Ir%lcT6vyvmc`oQixYNYg-oFI-*H+56nxQno-z(1k5d|qh<9eqah
zYtEA7m|)9ePXq|*&t1H_TBZ+R+iTFiF98TPWez-rf+~dY1M}>8$_%|MIY>HQZ><RC
zPnD_>)md}cL+A?4*NrOgPgQ+tn=_>{Fp6MssjusQqoqCs{C%DALcK4pH1c;u@ktT&
za^@&xVaJ;=@xVgN=|Zt=tUiUpR{5+x9-)FakhjfAC+4768<U5_Y@e&juw!(ge5s|@
zf~X!9dS<*{(fcic_MloxmG<Cf=bzU5y-EBj?jg$dfU}GrzVv;{F224l53WT0@g4qx
zbTU*o`CNqhC>H;kgR&I^Q6|6`iWVX0UiK7FMfhou4@>}mAUdQqVg2HzELGh)nUiS4
z*T(WWY9hnP0Y%<!)oG?kUZZJ;Oc|WPzM&jbx?Y1y?Cn}CpT_KZu#!{t9R0WD3IlAP
zp;0ED0Nc(~Z`;`j5h@P=2T!b&zKBrUG$v$*6IgR=3{)4=P6q-#gz5yP5(%5bXHlg2
z&f21@>FPh1msY8raL`ryyrVj3YX1Jf^&D`!{&d3Pc3)wHNx);zxEKt&7T&BEc}{@&
zWl`WYY>+5ZRm>`kO`TI8&QL3)>9Bndd%uRSSxv!g(X4iRjg5U?l*eW9^8lTIv2`?`
zRb-3A-pVCvQ-RoFs6~UX$g&SzE$6njY)T{g8tl^Dht?JUEj!l1bo+}CP9@*i#FpIh
zBH^Rto<g}ms>LTkFVHefR_&el$+m>!2zD*#xJXaR2Ktk@7$PdH9;eU!J1<yg5umxG
zp&_jFmMdvQ)nJF$>^{=<f@R6`3dwcWN&GdAP*vrZ$pUOcDq)p3pOMtgLv+gTsbrwC
zIFeahc&^6Z$un`<Lo>uqzl`#%DW@f-gy=0^#CCU9vonOuCX&9L5P6+?XMEU`Usx$~
zW6Tx~RaMkuckktorPN4bf=k?Vj({fNu-Ue~|Af&fy+od1P=q^Edrs?6<14h4COdhc
z%E<OlYC9y2592y9-3O*(|NdcaT*;+g1J@yy58Y`rv8vK)#w<0hNK1aRFsI^_nVk1F
zS_<NPzVY%$R>#+5^dDw^`@G$!DW?@~{6g3TX;T;MOY8Ud0&gkuySLrEjt!<*`L0M|
zBZ6LO9jvGjTq)?x_Fqs=SA~Qvj%W(7BYlKp@>nXJokB+jV{;0pBErt~NoKS^y;Ljw
ztdaf{`_s$+J{ozgcid}WxI{_UXR%pFONj1^d11JR`HWG2yEE=%<5(Xtv7#Xn^6JG*
zOY`)8OxSftdL*QQIPW3ulkjeAY;^Y>asxBZxI(=L$9a!~^!@2&l^!9>wa8{Z%2u1$
z+Eou!=-7u6SJxKN?5u@zyo8@u+rqY^<{*>AebZB&mOBk|225qtaVojhJXT82lhJv#
zgtj!sxuI53Dnpn~4om{xO&f=?gMTYqMwWeIdHEw-1czoseh!bbbD6?oyUhQkC&NrI
zC4mHl`<Gwoc^rb?s5_f&W$|$lqccF494IL|_d8sVve)wKngDVZ$C6d7)htb+Zp~6w
z)+9}HYthFC4sDKIZ{dR#)O8SRd=X}-LY|#$lq7DAkx1sTxc}7t>!FA5gSB5~qn%__
zs;QwRyX6=vAe~UKE-OZN8>hi`F%XAIZ@NMfcHNhCPq^L99VM<h?Tm#gMCfD!I654f
zccxq3$(iAuxq31KGtJo<P5g;stCKfa=MeSI?C-S82l(Sh_JB+Ls@<jVnv{5dA8a4^
z7u@5+#bTw~5#Nph)G&zJsPnUIOH(#gkihH?i{f{PMph^e@xzSigDjY@xcnC8rYWrU
zwk6t`fQOCh&s@Er@Rc?MXs-hz6b6P0oqhq1s+bF!pgA~u+`199tDU3y#NHlP8h|~v
zoEVe+*X>&CfTMk<&im(n-16pbr%%iz#Mx6e<ssvFB2gKssS5Skp}W5NV1rw-->jM6
zn~<|}xMBw87;7~ar}V~w`qGmhyOhinMagBS+#TI71@|U(C$Bm_|B0qAE?`XgQxewP
z?v3MOIo|DD%v27Xbh_`S%N8=mFevl-`ZF`x>dsg<`g&G(+{nDIK)&a$*g8(p0(~vb
z4#IE6&*5ralkB2%5-^VaDmafD4-5C%Z{hwoHdxRY0QQuG97&A3-p;?_Zj#f9O(Pz)
z^Tf%L;WaH$H6QiV04+a=04*Mv;M4v6hI1~il@Xdu<=rj<3vxMZ%}BZ=HO?_E{ZV&K
zhw3@TSK(wk3qQBxPX1)Gu?u?Lmp(L&!`ZXNmi4bLf0nFOVv9343SkI_>YL-G7zGdz
zS%VL=pxpk2kSbv_>QMh24}&rm^!~w8%8%x-GZ$V7+a#;HWj*y#1pTeXO^N&Xzteb^
zp?A+p0tPq@tF2+S7(bR(Ty?<Uh~kLp|NYR_lW}26_p<|O<Mb+Ej2hZHdT#*Cse1%9
z00u_D5;}TPp0^`_vlpi`fvB1+S-xMBYD){dNeb9Fsilft4w0ib(^kQ+Hvne%;zsF<
zI>moHs0tdsB~-Sq;meo`izl=!e6txH?Gk+ZKQ?7Zbm%5yj>mG~p)byUC?nUYzsGEY
z2c5Al=k>s0oqM9d7%y6oGAz%IR7ac5y{6dKHC8k9PQq=;%goI4j(scTcenqqg2uNv
zxTUgzel_~*ebLJuVYlcXYEOQvi0oy@7x|H4ooB4I^5Pc9IdD<F0h}`%U6Lt_^){u~
zQP^wkQL%iNs;aL08$b0)w)`&D`erU;@08pPPwfpX`2Pq89OFuOdGTdrWKh!3BqbN=
z%reL;R5bQ$<B*ano10TQIXPirVf|`{`+sPA$LLC$ux)h5wr$(i#I~JGl8J5Gwr9f0
z#KuGu+qN;Wxs$W!dB63YKj+8!^Y&W3ihWmAcU5=wRrh_B{J&b8OJlVdqk4OLhlPdh
zTwSpgf@n`;pkN|VF)^zeNx>l?;NX#u4&?(uB&6Pt=h;#la`NdUg6e~yCjZxBV^lsq
zK60}^64KJP63je2iJ(=Ncngc;6UN-CDmxbo{|E_BFfg#T_IB$>d0E*Xb#*Ft>?Z&9
z1}x2$05RG=Y<zq<8=GGaa5;rWs#`vvYc`yYBibN7(>d52V6n8I_bnt24o>tVIOpC!
zirCwFQ1@er(lb@RthWvTmx5G4tBo16VLSYNt1BxhnSNBRFE>ul*`Jz7BC_-z@-Ug(
zS{Hauie{Mc7$g#XM2l%<k%X2hr{w@g)gZ%=OA^8}pGtj7R~jcrFV8L;8$-=cp54?3
zKY7*E6$tumn<AxQOG_dRoOHToK!7D@<xRVeVkIxyhn1hAY1QzDh#Q+08<W=rd#Sh?
z2pd2xOi>O<w*=``2GQH~fHYOrFDvL$B{9V+tA3RkNGLFTTe~{MO3#^=gF8%{KF<?W
zo1c?JRKLEz9lCgNZD?$Cmwu;9<H?5H4e+AjHeYhOo|E^ZZxYdbHJvFN-XCGM8*<p$
zNjK@MbRC6jADOL~&*lz*k>2Epnss;&sKACp;_c5@^Z}_*1S1m}=?^Ozo@_J=2>Has
zXH5m!PYFh;1XLJE9vUWJ>LfEvBiC4NCGk~loDDR7xwzV_{HKce2Bpei2Nw;ZD?SUW
zHXv{Gi;<tBqnj+Q>Qv~qinXxrK9i#2s#nr*V`QP~8=0J3WPX>G8!%|&^A#-n6biy4
zAifiAI_&Rilg};CcU5EsKA>9KxeS#y1m*qoHK^AcUK<>4-zyX^^4NcpSLD;&ZFOqM
z9p&Vph>NoU?Fw1!%h3t6dcQIT67;-=66Zg)?V>(CMH6Ul@mOf24WQocpebb*>=77`
z{7$gyG#)GQdfRg~MbT&Eseg;3*($QJp?h5ip)ELJ=+<;k6X@s|Txi*5;gYiG>E6-a
z-?}q1u+&v>D|It6amdXwi_y3wVf!hHu5TXR@cPO$7<ew3*oJRiA+U7>Zk|Kob6uz|
z1@#<mq<kpZ7eThA<o7X2XH6iTc}+13T{KC_@SL}_aLL;)N@emPj<%|~a@Q`^CT`)$
z!L%>8Holnjp9h#K1%ZVe<_cM}&S2aLcoHW|@BOnt^e(l8MPu*JLJ(an3#{Zy+UYwS
zT(sKtEUdm%8AZMGo2+~fi>h9Pg!SRvPFYfpPi&i)!0NF2{0hU<PG29z_2UiIu@&69
z>m^I$SE+ne#;x7Bei$rnD3*e%0_sz?ud^OB=cUE^75aCkNw7Ds<aWNTR&BEZT7n~_
zhOJVEnWALrP_4ZD-*_?pDqGy`EA)Z%cmvu&FCc`y^}aG4mocp90j-!iA#_!S(#|5O
zq84&BwVLQ8CK{%TV9RZIYv5-=pO$8l!fkBo2A?HpTRV?>!<D?waoKH!lr%Jn!zlwz
zb~NV8XCq&QwoC|=%ltn+Z^%`i7yXxI2vau}2R)@~gK3n%?+yk69vxaOkCP$tyaJN*
z=RtNTm$+K%f`ht{zkhND)51s>Y~GWyN|I~InwskIg0<$s`kaV<U-nlj<flDuFdhCd
z&vT6@l`**XNaRh2oL)C*O1{(4Z+v=1V)li+K94{Mc<O>xWZ4%ms$>pp+FzMEm0s40
zm=M{i#uN6*l_)AS+<#~0t1$@O%iNTnau(rKp3;#=&Q=wBHt_!Pb05RcXya(+M_0<$
z<~hGh0mGI{Tq|`0eKv{g^*%ygnz=*fz224J_$&fg*x_H7a_UHf=`&v9bib9FgGjD7
zC8J#<6=B(Jylpk&&k<^>8I&tqr7-AcRMeA!W(eO^rqfOLcY5vjMwuif&{F?scbH(^
z?tQ>vjz^t;<iYF%&PF_4vBLhcSxjTmb<ag#EQ7Xln=jaJ2p(Qfk(ld{FYIO)-T|}t
z>-l3J0;|@(5kMu?=dbi{^e~{8h5Q`GExnNMfu4uC?+qF=oJv}uSjI3OGf~D_YUif4
zZ-}eI9u8IU*4R3vS%LBKJF=|@ZTFgUPH1^))z`t)wCk+5b*8M1PAnpki?JO#hU~yS
z;&P#q(4tX!x}@+AF9U%gG7ICu%-=Q6y8)cCa!@64eG9NgTTTaqiwrB<?Y&^@0tOy2
zWWP8g<7Qym3RVUSh}HyGe9y^SfsN723(-8P3F+cKKXHgNiM)2v%JI}{(+&?+nV*g7
zc4w3>*gP&pCa79@zaVf5z=vZF{x%D=V|nAUQ24u$(3R)Cr)-kU?U`=+9<#?Aa$)H0
zeaB|HmDuhK3>$h{;(p_M?M=m@TTJt#R0gjA_3AHZExo;@dmw9TRb4TcTS*X?P)a(`
zfWing1(KTMIG4Pxl2QB(Vy$OyKe%GB!>R~)CSI`Gow02CHfvCYhQyyxvbdpdaKn)1
zFZYwqw~s2eg7F)F6qYL!XloQmB>aWaKbeKs7SquuS4aa?sshF8e4e^P5CtSnCI)BN
z3)R~}WnCR}+csdu&^fF>64)vqdwLCj*()viPbCsh-`9+<T;wSbzEBE^^i9>gGXCXC
zkz`;xVf+3&?+oFuzi#5tzGvgT5wi6fcGllpi5MV?i`$V&2e28;9iMZDL0$YlgQ>q{
zlGYMQuOBS&+!0B2Q6+U(`o116D;sa#<pqKn3bT_fwmRom18DW}sm{?Qu)}XQsKdp8
z3MqcwP1JGHe+n`~g;CWro^bWEfy-78(e(7Xe!@sN8`*Gu?)%5F-|A1K>heO<VUAU;
z{cIb0`Jz#m_2Gi((9_i_s7bx1?~<wA_xNW0!Yt8CAVzUH_k$@L2!%E767S*&PMejW
zM{%0^YajG2?={SBscdA-pvnuI3@(zfJ>6Ix%Pz>`glcQ1Q(%$1GCxb(AJs&)w9x`N
z`di?Xi<P&2TnB^qX57(aj#~MX!M$h9j)j&?Xr5%uHl4=<VYK(%R2*@!a^>SZo8EgE
zOvPzfN6lf7E{9J`a#QQKFR5CaFMjt%TH7)it{S775!apELL4}9J{j!4#2NG!-tsIr
zBh8wg@G`G9_Lg3M#GTKo_&sR<U9y(InD<BLI!+-Y60|3#R6hs|!Elvk|6Vbrt@t+6
zb!Fqxwzc08%EchSU9=hafz$KR)3f^&STT$fio>?2!b-M^m4*Y2;pqrbdG9l)y4u>F
zb~W^Rq9{E6G9Vc9i(S^sBkLmnp4D*^s-KO*dNqLA^32hN<rOaTNpYaaUtI6(cBc|-
zKg*RZ2Zt|adt2gkmJXvh&6c>o56iQ(MpI1%JNzn|kMU$NC;<t7PA6fuX`e@7<!o#d
z69i7&Qob=W`%<%aSh(UZsE_FgfeaSYriQetI`l=q8I`KZ(<&qj5?c3#EQ#xOd(n%>
z!~CP_xn34gwb~J+CQLlCu(SuhSrq^KJRR<yfz%?y2EL;GqL-6XkB$|QkvOnHV=&&l
zE&-9;8^Ffuh^4?9OIjpH8FKyDP4@DBOG>@_2(RwoO^y2w)9K|DZoAAJZEw-M>IL1J
z9lr=hQqho(nYnd%d%}GGzG$_8$4aulsm&MQMl-C9V&OC#;I}rP@$eW;d*LA24pWnh
zsQc(n6A`~YaSk!e=dDK`Mzqgrvz;;&$Ys`0%@ZJ(KG`-jD-40BKAnPuf)SlUY*#ey
zQ}s7Msrd6;^bF5eH{gVPIFZrvIIM=#jz8E#o#d8Qen1P7r~e98o7!!tshk)ZA+hmg
z#d)egcXTOR=;g17By5k~$XdBBXp;wtIfF;@%~lv-1e0l*IWd`|<QF{3?v>$F=X~64
zPev*EM05Xp-r>aBKA%h02sbvXjg4Hvr0a?#uaN19udlVG!7uX0{44@P85HHb0Z!1B
zQXYqQmK>)&f1$eZr>#)U1H&+i6?J*7k+iI8ogde@YF3$#d-WJB^Pl!I<~hiT?JdVT
zq3#=-hAv0olnMo>+H=uQC9qRI@)0%gHH|ks6iwbgUxkeQ_@fH$&R3kDY0DE?tio4G
z`CIeiMsKBg<t0iX;Scf920D!Y>^^Fao~h@Fv_r-^#?4$c#$z~GmyBqQ5--_(dxy#o
zSWj>~A~XrFhVU$;M%CB&qVx+#OewR?*KjW2g7j@!w`hAUjBdVWk1<3|6t{pIgB7@)
zQlJby=laLgV})op?E*1_pt;O>d8>&{Z@}&hgOHajpjp4S<;JjLdm%1i{=#`gy#vgf
z(%0x9W%X+YE{o;Mt}UUqpSzb(`4aQj%Zf8QSHFP^e*~R15NYYh8bQCefR5*8xIUQm
z*Ua#Je;a|f`^hX3D;R=w|Js86wW$}K+D6N*O(z3(j400}zn^z_L>~+3-LcB`mvtB@
zg&VzZH<m*zx)LO@_Jq7{c^oM)R<+y1bb^U#R}zzQ#LqVimdF`BXTt}4Jax+Q<P1Bw
zxyw_<m8*K(m;7U^>S`!c#=Ad^+1Vt?ZQ7N+8=N6yeLTdc-2@OG87%C0hO6VVd7U63
zps!4iyKw1DOAl!Bk5p=pn%*@1@#7l${CXC8_H%iKdw4e25R0c&Zc3FqWOi6c{{8xV
z3uj6S3!_A1kzASMe3~UE2N|}#B-Dl5hFzq<>enl+kYB$Gz~yFqMF%HrbGxKGo~pKb
z`T2qPenCoI?cA%obd<T`YGuaq`cX!~WVv<Vl-H1WkAeVVrkMM-=5LlT2*%P^DL0}l
zz<?yDe7}}ezZ;O?0N=w|A$+#V-o!Nd$uH+qZ8S%yot*2PJMR;r;J{IMp<L3ZE^*t)
zWaqFLR)(a2>&KWNs#t{a(`7wQveLBastId72@$>$1Gc+6OIJ?Av@;RGdhIz}O}R)Z
z&Pt<StLbld$fU!n1j9I2)KzhUbKs)rYjd(a_SUg(M$4aNay-?;$YWD^YG6GT#W2ZU
zRh4!Qb4fkZoxq=|4<c4V!N_=GzJbNBsP5Lp2t8>d#hZdd+oNbNYOv&of7PUxX7|r_
zrQ7n<Wpp)B3w$TCug}Wv-!1VQ6AJcE+FkS3xuV@U9=@^PA=)Mw?;KhqMBrx6P27^V
z8q>VPsHhz!4u8-oycqi9bLUPDxXupPEXnGfm#SX9V3{juHFC&w{)Ceslpp-@%)7nU
z*Djt{mmBN7K85)08=dNxJU3=J*_(~QsmIBa`JoWJR@d%DwvkfG(fmjr7Uz#Vq~93?
z9D68+GbG)S=CX%h<(Xee@<I+tD1{U)*>3#uIH%x0!ib3EdqjX4BCWZD6T^#Ye=*JI
z+*f-Kj`~km+yy+)bTJnPFkGC`IE3womW|_w{kHj#>ATkiFmiQ))*OeV840r`hbwn8
z6LEO<$Bl2g!4mKAa$<qKi@L9fZ><^k9D1YZ7TX|otyXW!Mw-OZo0Q*#aj;aY-Vp0+
zoW-8U?Gv6=l(MT`M^LBB<@27;xcExKlj(J9WPeD$jD`XVNOZ>DJD?|w9s!wYybT7+
zthReHA7*t3wx@z!hOX)(2#pr5nYFkZPJ)%h$32hE@hp$yQl?8SI7hz?ol?d}l{!aO
zO)pO0Be$B2foW$sxqk*-vdnc*c)nj`a_G7+WvNu8^xXec{D(P=g)WXUH0<q{24@UO
zdgBV{hMhgAl-wq@EJ#nP98jROES8jQrhfTlNQ{qN<DH@CZMU=Or43?7|3#aCZe{(w
z>>)Fv9#1istLVd6cz;|u!o+4jCYST^WiYXweJd(DenQ7b81YHFc^JdD@-!=uEvH@I
zz==hcO6VEZww%%YegI)b8t0TghZAX0xxLj5{s^Qy=~PZY+`#z8WGbIR&6emzLx9!-
zmW8-J^pS+W39K@Z!<cF;PZXxU$Y?mTCZ{{>_A*=x8ohpCT)TOXx7uMJK@j;<Q_!C^
zqf0KNTB9=QGI%4_c0oMZ8Bl$~qu=73UeIW1$YinCG0bb9J3TTzk==1icG;j&4D&_t
z7Yi}LTD@fgnmmcsbpwCs%pHU7mI)~a4au=vjLWiw*!zxq5R!eQ8M}$VaKFnav;Utv
z!y&|%i^AtSlAaQWyQ94`OHNyZ%m}96x6!9)Et{Unv}QyE4+1kSp=|q4ZO$T$iJg7u
za;0$#W&2!m39ow%=ERLXxG{%Cwg!{G0^Aj;e(-pAmY~IAE19R;BAE`RYaDfw?)HIC
zJn+xA>8j^&R}W|QREv)*-PNTCMrBS(ro4f*v=T(E2F0&HpW*w3+n}8!jSFsYW)v9e
z$-d^!{oFc!KNMM;v6@3uD$kHdmXaIb&h$1$9y0sDVzyeMHNx793TO*2jqf(i+d@W`
zrsFG3QglAowevYOopXlzU09x?N2IV*VIB9m=PLX%37Us099L4Khx0g$mO~5Z?%;~b
z{k3<9=lN6gU{^&_j#0!{a3DG)IW>tdI{ZmR{;DhVw>8P1s(KRNU$(17{Mltob4uzh
z^`uEYOp)J-!oyhuKIw@2hZ=k-MzhU{c9T6%%B-5F19U7a7N)u$nfEo(p_lrK6szy3
zPyr@p5`k;RKDN-wS`iOKhQZO#%(UPT@|f|;ii&8;aeEqh{v6h(Hzg&>!&n@nR3{7Q
z;W93Zr4IoEbV-Hy_OVg2epYLNTz3@p()AKjZ{xc#hK#bTMZDpL;;lBiMTN%8%-H{f
z8W}}nm1A%Zs;N1~)Kz1U`6}poM^m#iFfn-9-bSfKVwxhrA@$GCp9vx4y4=f{5ha-O
z*w7zExMtN)W9I_jbR5|tWQCA)+-8zNDnKp>B(9@ggc(d_jfOrCU^&2a_>0K>vQ@Po
z()CWM91eqUC0&98W7+F$1;<fVddZgZ_JurI<peklO_w@a=T3)%D6slf^TcS}LY8q`
z)8P_s99XV&3SC3V!O%J_#sf7paFl87`vJ}jLqn1E{P^!ftO{h3c%FQ0CY+7@Oant)
z(hPQk^#?sV(<$}--{!5T#~mWkZt|l6d#x#NydY)Lk4*Wju325z>alcs4J%1h?>Zs@
z?UVYG0DdEKJF?>{oz-uUcSi<$HDLj3CoJ(ApT*~YdDAK&TAVpqV<*t92zeANPLBI=
z1wG(wQ7)`%pMAE2`w0b|(=m|Ap3A?gr7$N?hTa*hHyTZuM~r@hK(w;|ny5~lyq&#M
zbnp`;VI7;Tb_-WaPe3-HOUW_dgo>EyS#6FxUo&A)q6BK+*Nr0=M$v5VKD}zq6Oijq
zp!16-Dw@Kwagt9-PJ%4@(&HaJ6H!Y(hAJ0`|FoR*2u%Bk$z%)QT4uL0)Z*`<Q=2n*
zPYkTja~xk?P-{4Vy%fNy`@Th+;ovucG3sMKfT6sQ+GS@~GhM~jl9$<;PO3jbCUOcN
z`5JFxQ*LqYAxqu9hI0ksil^>K>kmC?I*6wKNZZ{Y6m~ItN7!=}>FXlMN4Lyp&YLq@
zZCQ61P&5z*PmU&A&d2UeC?q^<wNS-n$JbWq|2BwBxI2^mJI_6qyn{6En=ipq>w;BB
zTC;2Im>wLKt{CK|$n=9hLA@>?+&mivF5hI##Uou<Hy56a*iDOw1Bf@@e5r_FgDGvw
zL{{)dxz_n=M(KP>(P|A+NJ=ShGA8y9<RN7Wb^d6nq2>4GCtU5+0hqN=>yehi;drcv
zEOXz`dEGfJ3FG|%6Y(++qnL|3gPXb#wc$c%-$zPI*{xdMgF$tWBHTx^pFRi{`_Nsz
zq@*msHg)~}lh^Q0rR7#Imwi)2_ycy8Z;Riw@+CL?Vr$O&A9186j34EfS7LaFy{63+
z<_8>;&Y@4uK_%YCf`=~Y`mf94c_qINFolk8+v>A;xU7K9GM!xObP$2)_0_qf6CI#6
zvDI*#L%y#PMCP$KkciNZ`+3F{mq>_e`*YLIHe)K#{-y(*1fHE=b*G+S_4DQ(&|1i{
z2+sG~?*CH3qBqdWv_;tmLQuCF$HdE{%ch$?8ybz4)Y6!>A8;ErSGN;V^;;t$tUr7Y
z%sjO7oSvUhV@UKKxs&vXW6O&C^FzkZwm-*F9T;czyUhGPQY@~}9qUb-DcmpGe`1kN
zD9e^Rzgk#VVz~s(&!btwu0Koo0#UnUyf%NEEWWXoNPiv0{1#vvz2Y)L|1@9`3KbE^
zYSMQr-S(~Jjg6hw-C)uZ*fZ0ikMeqPzn|fTDc4XG?dB6)>&qEkdPr^`+;-9M^~ku#
z^89=}Z#F{g3tqOer}^d`gTh3M3oUDW+z7{tB4@FEY`&fQPkT8CXCu~ZsL-;;3un$<
zd{Y71KJGNS&{ikj&Im}0MtEZv;%XDWVLCU0fKZxd4yI5R7mev4K5XthS>|L7>AiZ}
zZqD1+2}5sbd~ZcU#sSouZ!lVu5hiRlDCK79ZCYfhohx_eXB;7;`5BGFOyOxctbQny
z!}qB_;y4ASFRmnH;l1bJ+Tt!m#i?8J5+~=uH&LtdSg+uRX>i$gl*=agsL4xpKkWD5
z0_#FG6{&<Ge)Hj}3-Di4dus@9_D-n=9#&4}pER%LkISaOtkz5XmLYDFL^n2IUd9O-
z{!_~MQy@<lG>tZd|8ur$Pj(J@T+a1Fdl<S&-zmQM$0?=HrIr42FrrOYn9v86qo7U7
z=y+E~6~R*Ii*&)Yjs&~V2mLT~Odvm_No1;98Rxp}<S&ndwYX@7Y7wP@Z36B8x;JfK
z**m79fkCI#0wx39BsB|YZ#e@Iv?hs3jle^&i#$S-$=j4UgUPzc+h5ftXxu2u%4oj}
zDeT4|*3`3JPgN{yx+Wi*2<N^AN)oz)><4Mn3#|7n3eMTf6>B9C^{?b~WT^+C65Cpw
z2%#S$ICOnBa-yn73Sx_;*(&}}E*V6ls;a4kO@>Bl&1XGkgSqm^xM@?YA8qWWSX;&A
z-dm12C|^>Jzo;3dcx|TW=AYfH(oo<wmOm1&D=Hz+4p+SpT7Scc)*|N~HnjW3A0*rF
z>7>z7w)VzKZg(^H{6HL`dj@6aDN9vDt?f1xqez6$R<!M>C2)Y6lrQekW-vbl=6C0f
zf&XMMjXlk%HkJz8WjXk_ObD;IC)@t=H0-M^3!nBe%AgCvNV?RoPWF`Vm9aWoon+Ac
z+Ks!`36|@5gxcV>b}6(@@MV_e?YT5ad7KF>%2g(_#xQJ)dzhI<aJjIx%V6BicwwtN
zxxDB`GJ1;OWLB2-KTXX$o{ay5{H~Drilc78s6|c`)F4OCz)(@cSgdhdMk|tf{td;5
znALRhygqK_cuX@|4Sf^2zBZH1b(rMHCC5dX0lo)_k@aXz)PZO;UL?ILVMTxHA2+`x
z8Ry8IP8UnEXO#6ta{<g_inTPL=c1~USV>G4eKk08mEQ>vx~9<oH=xP`d>TQ&rG<E8
z;DewZL7h^R_MY@@iX1UQcV_IKeYt<0mL6%~YC?@M=TRzf!AOZZQ_hFnX`3yQuMovz
zsX>1ufXa?M2c@OHVHZH1Shp*oU|%j7#&pE!>w`R4bwTdYQ9Az85bghM@Rd9MrK6bY
z2&d>qvGPF^WV9J_`^z9^&e7Sd1S~a2@$2Fspg^wRAol7P{iavv5^CeL{+xLyQ*Pm5
zvhMTRGS#7`#!}RbaGj+lg=}KCTTu}RMOBxatP~s}r<uy^rAS@nTt^impqY|A=3G7F
z^#I0YbJ&m^@5da%n_buIj}`g!XSH9`^SIj5{!D4m(2`R%C4RA<l`u3K`|%QrTmMMD
z^l?f#Y_J#OOf$qu(7OP^(w_VMKo^tmNBIiRpA^-6$}gQbQflsWe9<_3EAnFj>+N=~
z6Qnx(JfM}6A0u!IFJ_$bRA#<q@VR3mDGKp*U6fj3)sN|VW9Kr5FI<OQdLX_**>Hx*
zS=fTxx)yd$U8d5es?Ly|B$W-WzQ>xY7>yisZQ>eMvxV9K#r@a(6IPAHA3i=O(eYUw
zAyk>6H?nc0V*v!QQXb{<l}3oTeCS;j>L=T>-8`4WZUnxB=~30!!d4Fv?2q&Hj6JAj
z?N=pO+*I^=BLl`Ly)KIo#4)Iun$+ll*4W%Wliy}Kc<iCiOnIF#)iVh=zPnrTzdxxk
zdI&BnJWVV0j3sYD;2K)dpOH|@6z9mt0kyOO$!4W{6bTWvDZh}VzPG8LpKoN&J}|BB
zBvE%Q*~Fk<VbqzDS{mwKA0zwR<JUxve!-Zq#Gk(!zl_7J3nx;>xN%yaMoXQxeyt2V
zp6+p!loq0hz(29|yBVWqHqXnanYw{Gpb{K<>V-T)I+rY0^0`mm|9kpi_N{OhSI@xY
zvtMG46T%K%mPBu4V*7Extxt7IwpCw1mQ=N<V6)14C3QAmtAXaH0{)pAyqUv|*>ALc
z0r&5!2x!JP@kblx<v&_anKOwDWdqFm69&sp;#ol(6QP;=AoqPc$FC}oLZc@7{uAa*
z=l!e&@vJTw0?uM?K5_T(kN3n&6G-Lb-fCpQ8j(jMVZA_D=yhiK9{-KlDoHu{XAJ?$
zqk{R@Of9zy!5}nq8rFe<FyZ($j?Q7sCH{dJMl94ToBmg5A>8@Rn65vXYqEHU6=@Oq
z=F1bi_cn{s1wfc$5oh?&h?Ci;SY%w~)ybPQ^wW^A-4<(l^}u<UyO-rQ<{z=#yb0v@
zm(bY2L)$nQhkYkE`*N!MjS~#JtC`4Ir1Hj5zEG7Ld*@#iACc7TUE0$4Jm-o}VEo4M
zgo#@*uIJulUy`r}#+fLx7w?su(i(0aGzg9iW2wtXQ=2kr+PmCXL#e9c*HA2GST{eY
zW7*b@<HTb`W>I(=U&jk@QIeusw7$vrjrw*ZG9l2&5XTLeEPNaCqwqFq3pq^ehozSx
zTe9Y0_*}{O!IaUc&(Bn$O$R3i0Kl@yN{DHs{0@lBsQU@B_+;)5_4na!7sKIg9R(Ni
zhmeZHA71$o$6Z|x$u2i&FQnTuAQTS);-6DLl?A?ux#5+R)Qb4{zp{G`_+Vcm4GFc&
zR8SqzS@eXa0j1O)FXkzSw36Pd0tTQORpZ|BiSHiU_pAOJf1ri=0`p2DP1U0MLUyP_
zETJ)1J7S|PkX1{X6i;4n<&qu2Tp?N)Xva!lo(|75DV};_sm3}%tdUs1pA$~Qo>vkX
z$mf5SyP)SLy`c8XYfYbWkPMuVNk!ERboR#Q?e$me>vQjFMmz8f##W4ZyN~Vaxz>Ak
zW4pcNtLG?x??C<0&NSyQYCY=Q#>F%BIia<!vg6}*Cctrwl-t)-6zdj1w&gM7*hkei
zwv>fXmFW0XWL7esynI-$&&-hW9ehdq+U8_6=woNO>bxkT%mbnHRl=wHm?wMow=_?8
zhAlyh8}+=WE=TjB*AdFb6j`D~0pG>`M$uN>(wX#j_xAPV@+Q|heYcl|&pck!e7f|U
z>+;5LdY7Z!Dc!8og!O9uK<N0bk%Dqr$B707(!Cq&1SNz14}WD4qu#=n<^(yz9&x6X
zzG>sTpy&QCx2M#!Xe5-jW@mb8Au6Ojg2{H6xYG58%Dj%xu&_4*9S-*_#w(@POXK;j
zWyXn20U6FBH!XNsl(tbQ`J3rAeO}AV7^{-`#_brWK%(BJA5!S~c=MID=j+ulp)?bz
z5v<|8+E3{6BiH=>4=?^~7Z1%xotrd{CQ}oKgj?pr)pdwyx#;Zum(K1PCH@ao#FQF;
zsl8z}UAnZZRyfLNLVZT~?ycAdTqw@48ISJ=eR+>F<b6`$eg{N}Tb|VkoCZhc>2v67
zy6~(X<6D*0SWcJa%4|z`8f#GUOh&JdFPU;2vo3>6>Tr!8`otFQHU$b}r)ZTDTKg^9
zvTj-unWoC4K@C!AJfH9O6?LCHyy=ZSKvU<(lYVjCF_5ERaj`34gHBmmYuL7rg7R+>
z+%q!6%-$QX<XCR7+E<i#YtB#EGjSnosWTf>xp<T#zR!zT?R(=bVMt)4W;jRIwyYVl
zJk&g&mrHYo_PbcBE2?3W*Am&&ZISp9FwEC5A>)b27pRPJKU}yM5*SgVz#xIXUzf@S
z4Lq%F7amQmrQz`W#5e$v@;VR?o=)wN(7nY3mYmy0M5H%!u{dw`qza|BINypv{%L-=
z!ioF$chAnjar1CT!A~7A*WjXvsimf;6z!)SP$c!T@Xl2BqJP(=fU!s?PV*5g*4E`j
z!|-<8d89d|o~5Yuh46+=RYFoGyta8o0=-0)QLV$1%R=LbI+>V&?yM*(N}hs@O5LYl
z7c(u*nqJ#IULwQgGH-$KR-WEHRiz1BC5J`mIE~TeZadFZN6f+*TGn~(PHIRF-zAMi
zWs*XKD!1>;;Z_o1tDa9yw(i&RLp2pGDzys1EPa`PUoIcuF%kk;(HTq?74&7S6zZ+j
z5}i4R@F44g@>E<L@v3JY;YGZj_1vs25YR0K(}tQW?_x^bUNI-G6i30$opUn6<ELsn
zi;h$(Z~kHv5q}`21TWiQUt&qH%3?I9`EhhU06!LcJEHlXuC5SWHB$ou`Z|+BIAtBB
zgu_!-v|9lnU{-gOQgV@4n^BIu^uVCu4xwU1nTm_-)xD#L5^2uMhM*mv-WHguE90!$
zo;Qt>Nfeu<FJ0IkJMAP)pCCH<Ac>ZmC8uRQNzk1_k#?+}hb>-|C-S8wUS@=pN|U@}
z!vH>=jGs^1e$ADg3Wff_akG1DQ4`BDiJ=I!IFEulI;%v1or9g0ma#~O-*nL>>^8(8
zUfJbNE@}P@e;uShlwRnmdfRec-C14p{-ZOUJug#A&h5a~n9hQeEw<^)sxqIGBr+6U
z{Q%wifZTZ+g+&YZA1=v*aw^nX1KW#_SvZL@S$_I4E(=B1d^w-5B$Ez{r5acxeEZuI
zp<mI}sRFrh)Xqrg?p6m=SjLP#1h;##y&sP2w$|{rf62+omt0cGcP|lBum`UU_|X~H
z$|oMJjk}B_`JfyAHk2TzYj1w3{*D+QP#BmtAhVh|<)9QJ;VwDW)om>Ns}2}4f^K?u
ze?PF<ANqX<b#lhc#Hns6qzU_b7HpQ;2Uu_?CPJD$(CF3mZpzSMyGvd#r)9hLmO_IU
zwMm+Mfm-~O_X8e<U2YpSJrU`mN`~gld!m9P#QTiMyU6gzZDPqYcPsaFxvu~NHp%0X
zgofi-=GgCl3ye{HA>e)e{amWKh1>G+FWvX^IgIKG-o8DzYmD*UZ{M~!_b$#V@k0E*
ze&S|YO>?FaYS>i#5EMz4C>(Cv`aM{!uP4wtm4+wOT{2mht-y~hsv>6p1T>dG<7Oe`
zR_fn-0%ms{Q1c+9gGs0Nu*_-xN*dum;G0@ja&;Y+uvE&ESl7i_z2TJQ!O%H$1W{BQ
zqb@EkrlqG_TUubziDchml)YEQ9F=RPP4|7dy}jcq98>Q6xu7O#6n3A6^Jw9>KE&xz
z)eK$OT4EYHI>G;f*qX;aDS$3w1XBMZo-yj(@PVFa>=+h8<8C$u`l>^&Cf059p@m8z
zS-)FQ@Z;&!zss_J433%9jBSHV2I)WdG}QB`XD=mf&#N*T+$xqbYS;Rg{4c%AzFh_Q
zZP03GDHUa6Bt$yyonR~8>p$ITd<dsSw?LuaU(>#2RGXZRU7Yuv%YJvG*Vz7?{{N#h
z7!~v>(hLWcPbQai2>>0kl1dUaUra(&<RKv8|3!cfGJrSk%g`<c0Pyd`0>wBvxv|(=
ze6==Zv9>q0vf$!oc5<+aR#B2hg2(@N6_Tusgc<+<7WD6gg$Bix3^(_H957ck=`Vnq
zDZ*1w0MbfK5j0<^Pegb(g#v})oMd!e0RREye<#>P%a2e10K?<oWX8+rVsqV{s69Ps
zHz4_^bR;X;{cpulGG55=88TXk@Lp7Y$nfu|gnePGp@xw9m;{*9d{7#@w?JFqxOw8S
zQwQKYeywf65md(i(jnvbdO>m}-1P<o_H2Dx-F*N_b~lHA*OCYacs)CP?&^Da20jTX
zeBK2XDtvwf_TO*6^;{SSeryW?pL$BSUpWF80yuzH#wmq7pWaVb&+9Lr7ywbt0+{FW
z-VciJj(>g=xHgQ)?#WX|{Z{t;O#PGv0BTc0{2?dHMYk=IdS-jJ$X(2$0+-&EkpO4)
zljrJniM?&<M)1L|mK5!hW>Hq((;!V8=Bjw)_~@Po6`tS5gW5V??2pONLwFzo<`g?u
zw{&DBfj~wwz)3FQwR&%iqzYJ1OJeMV@jl)$4KjcxB_x2+rVN0^u}Ft)C(U-n`<kZ@
z4oEOv-+OLTm!7%m{f2-r3dlk8T}$_T<zBP2r8q_boF7RW2IdI8RQ{BJ-0^WSG>*2S
zCuxEB22h~{|J)bikrPbCw?C@}^r8?$d}d-P?=zq6hkK%f)iHv9-j+Qkp3!z65rdid
zkY86`-G!rrv2uWmusF#>R@5FCL704P0ltBY)ViH<Okn^*&4#Ao9ULJ6Lu63El_|RG
z#+cd6BIUzNsPED(5C)GojmfjEY2iUzDwn&#^ax=2b%w)sEFvgcy0E;-Z67?71AFHC
zgJ5#RKN?V-D941(RV>K9vw_^z3wu#r*q;hH59MHw*Dk%uLVxW6KL@nVTANct@%)#p
z=!1zmdjdZr^+cq#WMSK|sYsMcQc#`9<b?B7smOMa()@UT&knnK!qojZ=x_EL5hBsa
z^<rviEv&4d3_Dc4-Tg}sXDX|<^Qnf9dSEl8Gtv*9MfecVP~r}zFtsn~;BZYTzZLkL
zAq~%p7b5b~k^-=#xRg&cL>WX@zNIm*8VI99Au%zqyQ6eujmKM;VB?$(wg&|`h7u@)
z$f6TlVLuLp%@GH6#`@t;NMJfgI=VlX-#!m^q3&aMlv~*18Md)SdnB$|+znFP@2P{B
zqZ6!;lv|c_03Ce}B)7cgRjWi{%&709`{|HQ{LX#LWGuIo^DC}qxW}lTZ*5z_f{VDJ
z-V)$2yJkEMB!;As{h+)bX^>8k6^$=h2&+G=%^tZ>)V~WO`y~6H5%hlx*-=jTG2izy
zrt9N?m!BfYXXR2h!72|8@Q98eKZq>VU~ArLL_E~{@bfLz+*Sy{^W#!Eq4oh_kk}!@
zm$(Gsg!K30z(5bBR}z%L)kX-=Be7YSw~V{)9PUee*~_s29DQjf4nhaz!UyG2mawl|
zP?edgKpEdhD<yFeN)JIT+4(G85tC7>t}Mo(@qk=;5U;5)6pO_uOlELLOtJkY=B3K`
zo`Oh(svoc11EjzXmdg)5(37I0m4>bg3O7!fj?YT!hp-%SN1>G0Lp1^*^ial@tt9nB
zS`H`{QU;bn?dp09-c;U;-)b_!D#wg($rzap#1L|`LMXl8l3$7V#VUd`Euy^ftc`?R
zOO!x2U!*$v3?L;>6~>tk#BF@V#cvKY+ELX8mjRgLvQhBhNe!JBW_m3EuhDyXJDA+u
zCO*7_rHx>z!QzTrgZ{9+9a9m%xYNR!Fm^%3#jJ|3T%Vi;Q3ciCW3$p)es&HN_aHHV
z#aYEr6}sM;!WukHAPD+AlAL7jpE8-Sf@DQIvod&Q_a^~{7W8{*vw(N(Brb`3nEtK`
zT~LT$zW!B%NKqa#5jF>H;|tjT%VYvjqwr_pB7XV$m!h2LE)xLF-E8O}bsvS&b;ktC
zWYM=_fh-M<tDiaGu5kXBmJ9#oU=_xfGH6%G;sVxjcL!&iUHHXw?_2~_qK9v&L?G?w
zHB+MSz2+Bi-0d_-M(C%ATa>^<yvS}jP=V|6#$TwhE#;6TBW~6LmRhDWWdN>T9&~8a
zG7uZ1#@#kK_3n4^+HfYwo9Jt3bYLrQ(?#n=hSH5(peTx?1M0!-flB|1;1Sj>WLND|
za5xj<e7F<9AxZZUxBOX^76aHsG5gGF$sc>s8!q3K#}{;<J8|nR`BeW_V7H|*LeF$E
z;7AScMB*H1HEM6UbjmFRXTooY<P2{eG%U)(35(NuyjBItnmHy)^W(k0$a!0NSO##n
zy015XUov6)gc8VZY2Jk*1!p2mfqi&1sERA&XI%>tJL`BnzbPt>u`Ysu^e0>~xOu40
zF%4V)@;nJ})U>P!qh9neomsYg4b;9L8X$-I1{bt!L$o702NCGC3NTpKtKCsPlS2p8
zF7o#V<4X9kV+Yt8JP?YB1lYbQ!UbvL`_u5S>FwR}2)8axFaVc~9n;YPj<fu|U?pIm
z?f2L1-_yHq2p-mtdl<m3u_?F@Eu|O?K6_b>+HL(08PG?Sdziqkp`}+M1O=f{`}Il-
z+qm}}|BEwMOUcD!Qu#c#ES*z+mqJ|2>|p`B)~bf!EaBAO*IQx)4(LnVILZJzXBWz=
zAez1a3(=ZfJy#?lU*^sO-v~g}SbmtPX7yU)hB~(?^aAbWbm|xeisholYOhdD=e(9j
z$+N|Us9bV>Ypp>~2DA-tEc^ta?P~_(pnBMo-$<cmfFkv5HM}CAcHFCVU!x_|UJ0ht
zL6HSLGCYi@e>wmTVzwCpW|r7J+OGotrPw%DK8xY=)-ta-8`&b4$-gB*_6og<DnKx2
zw>vZ2BA3|8MWF+paO>%Lcx-kcuYHC{e_=<7q$|I7mqGS+E$KCW=|leh5Lcbk{^E&|
z>6ZR6WGe^Qu&s7ypgafYjpww|Z{5DAzy<j>WBepvp4#E9qZ8Hg^$%bK`mucE8`FY0
z)mCh;!fC|nATkPlojTNds(t=T7+QDlxupiaV`S@KqEn!6=}b7C(^w||^q!dpXw!!K
zP7XZ@zSOZVg3+V>E`ak-2;0kuVuE4GcNL%BykT5Mt}Er$-`1ia2~<IHyb!EC)^!?h
zQBsgs`tl;ma)7EIjQ}hsXcGrphZjT}JKQ9I4rs}#c^tj5f3E-VxvZtyW86yRtTPI-
z7oQ(d3oNqth;xjS3&K8rZaNhmV2hi&ym8)!1!tmUYxID+Ajm)tRu`cJp-pNtP#QVz
zTy6MND<u0*=solf=e5yX=sj6hbX>O2WJloS|47jBEo!9XGQRL`pnG22!p{t7e2omD
z1S~n_o|}*`LGvbh>fcv)G88Sof}RMz8~{ruxL-&VL&sOlZrV`9kq)db#<>gbkqk^>
zSKMKW->>5$=U6@+pd$%qA_6_JBK5t-@F{Vyd2ahxDd>6!f08#=lOZlS&gR7a@@=~S
zb^~w|B&r~ITvl`ZKRvIewU}A^p7MdUWuV5<f@$;y;m!XoCoR4VoXIeO3({1u&(9@l
zbs30DbdSgPcj&e$32>S}CUR5-H^HI`0?GhF@dQZdSze{+DxO>M|5XmXH-IuII1bs^
zcX(RN{qq=f&x;`INFXc`DP*)i0a9|*6+jdbIA+j&vsTc7+=>O`h-mhFhpc{j>jCww
ze=UxR)bVLMAI5$vXze&YMyCR3&C2e8%JN?~8&)3o4PgGir2{*<_PBNKg#={&r<g*o
zsKLl_b$hh;X}x>@3Xr&=KZE~0u<s(pg7f4uW!sl~XO8Fq2Hhv@4J<xe8rX4%KRvgR
zh9Mj{{>Jp6N--@BXNZHJ48wjXw)he|^&fMAM4SFy7KZQ1^ojyK<o$Tj{M=G}tE*=^
zP<tbohQ?h6#2JMQh;37sSBE9HFTsmI<+ga~8zmI8fbVbHW4+H`5xaEVHUH~=kSf7C
zPXBTri9cKvL>DZ3fS!Hb>!uC^dT9N<)9Ti5Y+oQo^1^=W?`C`O=N78qF6^~f|J4SP
zYVn0=1eDBpMX@r;YiS}Mrox-Z_KLbpPKG<hpiq0YCuuIqpze5{(G86idBKS}aZ3TJ
zpzdS<|FV$igA7VjECaZf8u$qT+;_+L!kB@6(5P!shq?S0zRClyk@m?#4kfCBoZ&$i
z-R6f-L5uv8p#4AD^$oJxm|H@KYyNK{p1xS3=6{Li`-n(?%@|JV<pBN^VE497iVoBZ
z<lt(jrj79+K{5cK%{k}yau%uT?@AjW(LHNm3xL)T;>!PI_2>Z{g7ZZq>A~*fA!lma
zqg4o&cZkdXODi0*Oy7|BsR&s*CvN5cUsGNe+N`56{tQ=8Jb|*8V+ZM*5$&-4pCoW6
z^C}3!;{UD<{Pjs93RyPSZv{cI%KU9y+0=n%4I%JO&oF+jkXjMOgea)m{$16}u`c!3
zM<C=9*oqG5gM#n)m1&#s1~D{>DIMU|+zsYO2ue`{rQ~b@{J?K%t03x1LEjin;HM18
z`vc@v1%5&zQnrBJSX@KdaT}ey@Mi!!(7?0R_!I&AKi)XU^n;^8Qymx+3MzonU#-t!
zz7l9JuT|0mBT)F)8Hv(>75VBHxF8T2vMW0@rY-0bgnqU0;VtX|QQv|NV41xvB(B4q
z7?T5Z4rBl!wM|s&LBn->Znri;rq--bK3-xA)a6>;o|KhoA?l0J0fC1tPurU!{>k`5
z*#Iq7@SR!^0TQYO=@O`(|Gdffa@e(&rO*_$ptQ=e$8p8zEg7T|#DPsYfS;o8r@+x>
zxo1x%etf4CTu?0@8#ND=&j4T_RNaiGX8{0qXuCFC5S8IOH!L*X6D`=a<G)FHE^604
zQ;=^O;8{&y1g2kfzq%XrFCdNhjQuxrKbtzO#-A9;5scCnx1KT*D=usmd(^NDcW<ju
z>;_xZCDHPe0;4s|2Z7W(*79>dmHj!>Y(M3IC2l3TA2xz&3miUPKBd;?Q3OSpQ27>r
z^24f6A25ob_-7lZ$Fd*fmFIjbO!h*kqlh}F)p#q+yr2!Jn3ZKe9hx4E7U+^kQg*T5
zeCh$m4wLO>#SYNl0*_6Ik}Oc8A#E?i4#4RTVI5_K`n&>pDX@M2o8js`8)72#9jpz#
zd?!S%Bg76HwTKTlE-f64p8ibdhZ${;uP^KeXbpw1wr4$&bRX^}F4mJO)a<t$Z}+hj
z>^JbbAYHsjC$FFw{AHy)cKUt!r;jD3Bmu29vNS>5#cA_Cy0wm2bjnKMe2;raa3XlQ
z9uz9=5UJ_&0q{lFAF7|iXeaY4)N>>g4$%T(Kic5Vzz$Y^y_w^HRDwItH7MVfB^`f;
zJOEr+7lEp=&l(2xsmbR`?tvP^K7iF8wD(2eETpz{s(&te@3Ejk@GCE+)T1^02eR)E
zp^C;;JPD5yA`#xS6$_QWQIv_A*TZx&;0LF|D>tF8GDOpOV7G+k=WrjqnG0b11vhFi
zRI5^dNH$Sn2Gt_($?$Gr=ffC=42T1IUpn9JFQ3e;sB|Z@z76V(_amRcl!uRcNL_o5
z;TTfDB|TuhvmvGcbd~>*^rN}UA@m<8F+H1UwAhx|qft4sD}L`r_`oHI92}{PXEQGp
zIoi3Y%d({yk-z6+nHT{f2O_aV1qVkS^|?EVy0ZBjnsZ;pT7Asmii$I#0qwtTn!5xA
zgI?Ny_q?g$!yd>DX`Pl#^O^|};_i=us?dvIYo1H1egDzV<NF>Q=MGl0!+n<M(~~dU
zJ53AcY?<yC)T)BM7f1gB$SkHDz|*(|bD)&_!WJY45qoY(MPkAt_k~cEisU;n$Q1**
zXfG5TThJ@z)=O8R7oz575t@WS2XHwL5Ynm8`uKhh*oUjau<yOH0}P%%509&|#FZ{6
zGbm$U1iu^-f7eb6Us2N+2>w{T#8ksJqcT6vhA`|kp+#^`924q=l!5G&3MR=)VnU-u
zy5UmaMtu$*O@@8ms2*auhOi|=W4r`LI)aPT@z(c?lk1GYzI!|Xyp$lrX<;x!p@)}G
z4FQhHA`*909-){JaKmg}tCITg?|>Rh1{6L+!8AT+5j!zse-cro+oGG+Ot8q~-%!A|
zU%MZdjo(qe6Vdgqh%H2W(<BP`00^gAjIM7kD<4Ak<E-*EmSJX4ym4l6EQ&fDMjz@s
z?{M$ay#V(KVNSW=!a=7=sAKTYfDH4+uxst!#OBn%EuelcOr2nT>S1{aYd>=_Z`8xh
z<@B>vjEQ3e3P2k*_^x&UHFAz$4w)@iIbb`)FK5<KpB>5v@J+dsOQJ3wGC6hN*uEt{
zRT6n3@TjD|9qPR8jy6SRV&<-A`g3(Z@c8ue@`k6Sw;L}|JP7803CIEfy#6@$07c+a
zfj<B$kca<@`TxcQgJT=#2ti=rzw`eK6Xf|{!vrzw|6fdyur(vdv^#53I(!Fp>aA@M
z?hhGj7zQ|p3M`@+87*YQcT~(iL~i`FLu{{$FIYjZAI%>YvKcF1cN>D^<qg69*X|;z
zv+u)c;=0I(D{%Q?J92;b^3@Bt4TAmpkNY!or+H9#hI1WHpAwbJwgXY-YXb$dKej%B
z@9r<3hgW$Yo5%gjtldVhK>wGx-~FG2A3TiPZ~zn4fYTk<VFIEzk$j)a&fjbyLv%WR
z(V}R7$hx0yQvrYiD)&caBLBZC=1rT%G@oMoR<fUy98rR{G9tDw6<{WT2g&|!kL74U
zOd_CfJf6591P2sA{jRZJBtFb@b+_lMAO;v%FJW4m(%%gi{^QR6{qYP^yy;7&F<8;<
zG~^z}kiXZNk4+=*R0Yo7dw@E!iuvhvGV`a{rm0^URsq^_;DDtcZm(=}%cq_u%m`NK
zfTles-)9c@=chRVAihQFIBmKn9XH^aG<h#ty_O%in???P9Ux~U;!fUTt7L`@ttJ6#
zgvU)DvZa5mJ2~NY)@U{s;5kw~=h$etheA1X6ArT1fsQCpEyrqj2)Rg&0-&Jm_TJ)j
zs}Kyx%Ib_)AD-5pa3A1SGeO=nV<QsTt`r5t#c816u>Mu4Pz7`xH?<K&wz|C=4E&T=
zEtf-rn4x${ATIY<9r>w0_eIoE=E+I2G(1Qts-iui(3ZfR`L9t$1Yk*`BT@+0T}2O8
z2jP_1<7X4<OqQQ~xq$CV<s~jSev%ZhB3S5sX=enPivWP#_p^`!-xk6dzDvU#a7A@_
zoOyOUA_oU{B{>#}K}QAIiAF~<^)n6i8eUB}&ybF6CvSf1qqZ4Ze5x!BRVC?mmpC20
z?=tyzcMIe)M_W5pizWGTKn1_eF$Rs+52n6@K=V8E`b@vA{mIrjwV=_Nm(*GYSQGBO
zZZ`q{kybo`Ftc8b928dO`bEWK<?i_fOFN9gnY31q)g#$}-fsdSfQW<F+Or<_j{^%S
zf|y_pYc0`F-W^G1Tg0Doci^v7{GWPI)ZW?FDu)ZKuad{gEsF{OL-b+{Ym$bpCCC}9
zdUdg5<r?!QuHT_EQ2c=|{!n0c2^if65oImM1FS7%mydkJ#Fbd72lP?|j7;b{a5%q{
zfhXX6RS{E#=gMLL+a&tj%=RQAe8*LWNlcxBpC-*Q(hVs4td`a_y)L|m^8e659ZX-~
zsI!|C07R@z!&l%e1!%(*2pD0DZ_&?TyAC)2j@E-PJ`}Pm<pjs3-L{5OPTL)%k+;;l
zZ$f}8v8}>9`7<ytjN6ZcJP-sJ`!4|m6i!oIDNlir#D%0M8qa-k>&M<j%>!tL^ss{x
zpL#*14I}>;Yt!nKq&$rZQb^FK?biDrjL<W|P~;$>nc>@UiS<sa-XLi^3K8l$9kO3C
z2qIi3C>Q!v6QOja|9OwN0%5&&yxC0|h@UGa_Y{;J4eV)#7j@azL)`+y4v^JS^cO#+
zW~BgmyGuYIVg0rIEfxqNl%wB>yz8SLbu~|wIR&AF^=;<&%C}5X#-?Ik<aTd_!wb*E
z`)<^q)d&d7T#MrCU#xmh0vXkHH`9yySxQJvP#cS8t<t0ulcQyf7)%~33~}8dgC5-V
zPfk`|IPzR-|An{^a0!b)Z!iIWVFBw|uc&mRWNfb_b80@k;(!&Y#vn0JNTv4F7aPn(
zU=m!a|0GaGJzFRPeE<)<*CPiCF=F=fdq>=vE@Y5BNK`oItLHaM9TGXZJwz}Q^HQ4O
z-uS|O{CopCsXQ`(U9GO@6)q5^8v0QXTofh;>RvIAyc(M@a)xf_7!B|`!<U{Q8-HM1
zJ;NJu(=nx%2CBn})R~5%+1c?mzM)Ve0Hk6woJKCDtn*G}47TG985Gc@wMbSU*{P*N
zIINcTlN8`q%BiCK?))|!NFP2BtWZo}9%L*EI2q1^?&x~eh=JBmg&!E*p0#&_=Pf%^
z6`{Vaf8A({t`IB<_W85*NoU7it;Ms_2Rl+4V=8ZUW>Ou*n~}UnE7?KYJWZZCQx=XK
zb?RL0#G9d-P%48%f&cBIafIrAY^2)xp`Wv5q+*S*H=~UIOrbZU?bVc6-vEM4Xk<wa
z!hYn>BFa2&@q=1bELvmCnpHBwUxi+3P#${yxRN|%&|ZJR++SX;nC0u4<z72bjtj+^
ztK|`SNQJ!OeX$8P8<{0XxS9yQL7abN4|B#lxcsDEM0*miZ)cmK)kL;6@!kH)-2vT4
z8f^QG$mIW_?JuL^TDmS!xPf3n8Un!`0wh?12Par?3-0dj4uJ%MhTy?n8h7{L5~Oi=
zcbDedob%lC{dw=tJ2Emxvv<|pRco(WHP@`_YLkPb#1UHFx7M##G&Pacqc7SwpXe(8
zaA3*7Imu4w8=b}+xFadwH&~Ck=b$#^jSDek8jPCdTu7ZVe^+kT);dN}hYR-Fs_N&!
zn)*>+$%Mqp-L-Ud>-;j2ZH6lD2iwNec9j_Dv);5gTxpSue^1}jsKwhQu@A}{c$&!O
zAr_B8jYwZ{EJ!mbi7vhKkS6wsPzpcUX6|QdWh%-SSW$3CPr(tb8gExK3mS&1eVY;t
zv$ie#rv3`qYpWV)B`2D_bT%xmC?vNW#Fx*6H;j%~pSuM9>wlqtxSytw@BcBm5cUzP
zmL2c%xqPE(*uwZsiFy%LJeBIS6*$>weht??yxlTgtkmE_CHI{nD&yWT1bA$=+zXb^
z8$YbTN$Xmn?usM?8&h+r)fA46F>^aaDEndyb2A|dMbyl1_!X4z2wh$###l1!d`%pe
zw~FynewQv%TEZI;-x*>nr<DTlYJ%eRSM@I<HXzCV2}nW#ow^vkBuhqKOA%)5+Z6O;
zebjhpdw7ZpZn|kYwX1wfpL={rIj+1%DrjBAn=7^UDtu>)gJ)T3NGAs2^PR4=|INGi
zCmhN;4tV;gDR7C?c+*0~lIU`0j8wx!N`ZdGkKqetBk+v=VJ%xVfQ^!W5qS^cj*ps7
z6Qv@me;v;#0w)>~Q|~AZDgPQR>(>0VX}0|!$JIUy52$uExThDf?0Fg;BP9HPW)b1r
zbB-Jmx(}grmmY%R8VSF8B_zS)eHNdL#;S2onI%VsTGF)P^x@8Gn+CczR{*~<q{;cd
z#fjnAOt7W&!r#K>ORIi%S9Q^Pf+7B&l%AzqrEU~Ct<R}%68i|6<H!F<jL~mRUewF+
zCCr_#xxWOVQGkYk{U_JCf`MI8G3KfJj)qP8m#dEEhta--!us%t{)2!Sov)PJr72L*
zOF{M@;oDPQg6u@F2&O;lB^Y)C?K_n?Ty?aTK3&7$=I6_UZ-++#;oPNJQ5bp||7PmW
zEPOwOdG>lJ|Ni!TP`mSD|A94OIb2XazRfA&$%aTJiW5OnFzoz&c0=#JTs$p@CY(NN
zwv69l^+Y;<OTfO?T~)6+Hzdx>TXj#{4=D_nL<+hed7}#vL}+5)b9~F=9Sh}wKf`xY
z*kPnl2NOsG)_DQC(#J$0&50PlUOUPV#s%TES10gmm?F)S8aB1u<;bFE*<>W(C|2Lu
z_hUqOHmFd9jF$MwAIQM1I0AL8F<)5ae;<PHQ2^DG!1+_xUs+SQGC^CxS4KH#(hjTH
zqPQje+Lc_{%FNJO{tsvc-rxhNV}yEKpe!NVl#)wwjKFAQMx>65(0hhm;i3(a!8pe@
zhoXkN+k;O)^EP-sW<l6}Eiy_YCXRA*P87#u=ZJrC=U6eKOGjVr&k-Z!(U2J)uKuDX
zz@LdLT6l4ot=Dp44!7~~V`X8WZ6iGiT;5f~!crOw9tje@zJqge<cksnXGj7WlMr9`
zT-Tf6iqq1Ji_6rPM+$KIsNwe90ZhCIXdRCp++@D7YaO}WUB&#yj<{O3sMRWsf?8#d
z2chnXHNi5GhI={5i)b-(!6oCVvz5(m5}p}y2u|i&c`si0!?ZUkR&?M0*+h@uYvzvD
zE%G6&V?#6vZjb+jxQ*WP{ku{w{u`d;xorntQg|(_;12FU_;%lFL}y8B#LXAAd$>bC
z@2gbGmzgR;RK5Og(8m`wbHfYi<+Tpr0Y^y%YkJLWV3FCiCIFWUZDtTBqig*++vO-C
ztp^n|YsV6v|6)%NnLiPD?pe(4XI_6IeL5`Ux>>YN>P>}PKHD5pA*OPi5QKThFFTxn
zeZz;}<*JvnzvGc$cY7I8i|9!yW5(Hf=QXW<uohCQjT=jJD2>*RAxZs~j_hL!lOBdS
znz<gJ^ZjrEVVVverVHngSf&qN+9d6Xbnt*ADmOzEU~O!hPxD5k{@F7;<OkL=dg45#
zxEPuSV__l$YJ%)?$e*7savz?E)R9*}wMXb{<%)++4H0Kg42Gos{7pToLWO@@Wj0sg
z>uVHlksZxCc+Sppe{)icKYds$_7SL4g!zdTBcL145`MV<YU142ud;+doGN?hwc=XK
zw;$kCj1ay)J5^7DLYw?rbh~X1Ucc!6)T8D&aGqdOQ3~10fK(qVeU_MCmg2LZ-a#*m
zpsG`j;Jq@;4}m>M*qau_hiwsKE(G<PuiD+#^qOP2oXwB^#UK_`^OpeWG!AsaK>Z>x
z@o4+oQcc}Ms*<2?*j(n((=z-%$mk{#xXX_ixO1`Y)lUtp;e~xAv`ZIPU<N8nBCe>o
zx7>FCB|gkcV;l+~2gOZcWKE1(q|MA$Dds<QAMh54bMBeEr7e~X@3Z{Y8L3SHn!I76
z*M3DX-Zo7AaN}7hSJF^$PjuR{q5tK+wV`2Lkl0DF%gl=y(LW(XoRHM)#gA9?M~1kh
zPd<A<LPZqewm$YK&3yu`E40q>s};AccH%+-v0<gQb;vH~fhZoUKH>%5tAgCQKJbp+
zUfT=}<@oUk8||vYt?2AL^uC`8mx?y9qN>wkpmEIrotPT>d>ZjXH?k?jCFYbMD$qmp
z=fb`<PJJQ}|9IK#p`VcR)qyrc0%(jRspQgtrkCr%_>8-f6u5-~W3mvwy=udW@$9jS
za8orDYY~h3t?~{G7vxKwF8qFve0;KZ=6;!>&>tW%%Fmfm<91lUKz&|i)peWNS!|<{
z`GNwRP_JP070fL%#ZvFcV<4r>@$ad;QO=>%SeBZSQ5C^LW&`y?*Unq<`~1g;C>~e?
zpl+g=!jXD0sxgjsE9cu)3zmpKAsFDj|2|frq_N46C_NS-ymw+mC*NQ&`PmPd=n?!~
zquqVW|EKua?aOW5aWNC;bl&?36usa!E*oQlsL9X6@TTt(&rr~Jr@@6X>y1I)`F@yK
zg-*<W9zSF`$?MUHpL>YvEs<i8`betm?(8n5Q%Xk6GwKV9o2Bv|(4V6aS>%wV-o%{V
zpP8LLIUjh(D4Iz{eH}YtR{52X2;Z(vjOY4I1Jn<;yby#d#5%V6CjE=W;zAGs2%osj
zk^=juTlasG(f=ZQs7aLkl&mx?CXYWt=rY0+Ix8W191RAl)|p=jQoFv0_8#WGw7L+a
zbI2;w+@VQw-X7hEwL&cVChyoL{=428ClL>=lV+5U1T2{2>-x3JfW{Bnc|1~1A;U_H
z);5D*F{509PUB{j<IDJP^emmW)|@n%F`~rWLx1SGn}HhS7q5PVBN{mBiQm<+`yG%1
zMSR1*ExRK-Tfl^Lv0ODs8V~@<G>)Csy;z0d*Tjv&Z(jSJLuh^?nd&=?{;`^U<T3+(
z{}g%T))UiW<eyG&kE7h4FNk~iHRI$5^`FLF_euaVY9yptkeOB`C-^*6tkO>zRL?R@
zaKk-?&{yFMMZjAJ67ee4{?D!j&4Teg&symj%=|kfyWclr<movZly*Xl@1^`uDX$E&
zZxfu0d6%3jY%I~!Ud%3^!T+pQ)P#O^)Nz5$yb$(Zm|D1<KMj=q{2Gu<9f{9%{Za)v
z->9_DxM@Q&XyyqJSW*QWDKJC-;8kmiy=f@s@pG1FHf~hakYqOhZPV)yVdu>tPr;*|
zC#*UkFpt|px(KEaVzzUJ$=w>Fynu83n0@Zn2L4W!SA_Sye=r<T@1q~O<Sgk%3g{Lt
z`*7wkutM^+Iu^z9?&((Y2)WbGca?y4TDR+oEF(#xQ>Nnni_Qg>_`6`GCRF}tF)*Rt
z2rMdA#sPAS%DXzD-Zf#K0e=M*p7%yN=!Z95xt}lY>K+i!i#ABuoWFo|ti8Y1&+#se
zntoz}lC|SRzY0ZCvf|#@>5)+zKz2ucO9>?J;1k!JAnrgVfp+BRS8IJzfRIY{rW-r%
z3@)A;5e~U`rbS6Wh<ZTUbm&<%ojgu$0aVi<6&wEzB%(_MD<`kZw;Zj(=RKcGO`IP}
z?T|QW@)jKOrAh*R4aXkA-3e=kSlzHK8cl+ozgJ_;-({>L^U&$BF)?-L0=IiaG(!^T
z7ZGHHFkhIy@P?db;gJfy$A^d0yKq03?FGw33bp$ct|MRduDaLbptxG^-57NV6=H&}
zK5Nf1U>$sJ@&u*e1gxCgp47})*n7J?fOM&Oeu!ub+Ni#7E+iq(W&|!R$;$nspjP+^
zGFwdSBB+N~s-Bcg?b>T)PefJrm+4n0BMY%9A>+&=QMV}Uhu3F~?ap_i>Z1*W?H`|`
zR8I*zctmk6uO~^Lf_A>6AZ`9kVjue|ZXdCz!Q%t!`dJs3=8A)ga{PWYZ=CIZc2)Wq
zL_i9cS&B*Cel%kx^mi4ZoiKR5D_vfgGW|2z1BIsZMSpMpgHLgEA8?D;{Uy4|{;oyO
z-~QrNz0?OlReRtUaJdk_0{x9g!SX;Jx45#uW>ZL!doLI}^3fDGzuiHqt@}0V6YG=5
zZPV>>I_xl^+<Ukwe}rE^85#WlnGkr=4TU}-wCfgqN<TxHdVb9REvIU;3s^YQfk4my
z|1UX}`~Q|xL45#X-#=R{OVmr#Kp;Baf5g$0gH$hT;^~&{DD5mS7*=C;XFcJ;YnrRc
z#d`CBoc-z#`W_xLGD`U_$<-CuddXt3^RW(I%G`gp<_4BrJwj-;RFX4BdKS5xk9t1s
zu<Ozho0V0m?4i2XkBgB`e$wf&(Jp3tQ`0&lx$nh+8Wa{-s=y@9S8ehw#mSUg1heoK
z6oBnO7QDP_H?n^n5`c-ISV>OhO$}P16{9AG13AF-1fSeE65v31pp{pkm8{&DFp&Q_
z$e)Xm->m^bk1{KGcfVWqHB%EJRWk-vF&xMi33Ovp02rpmne`9)-8(iZGyxqh!-#QC
z1jXtD+7Npps%8Yx`<d@rtf2PT+!%Pa9fl!#rrOmsY<}?!BzQ$uB<xm+u|ARJ{2g3c
zwjBd$y3zO9#;)b0*gE1ANQT7Uv!eO2R*yj-&KC~gsQ0$?f+6T{J|Qh*h>lgJE3-Rd
zfy&2@t?omBhu7!E&?PDwrrOGgx}OdUQAib8eiuLl&8$uX-$p@{rt@OrSKD(Iq3Y~M
zey9)m{dTFue8UXn@3-E2IoIbIazZca{<!9yThFZ*L3@Th{Z|PLulVX6(JiH@dzt)U
z#X%j9UzOTTTJJ#a905pQVJu|e`m^ncgV;ezQZH|!qUU`6zSspQ4I>C#2rK;qeG3R6
z1LOU;%R5agSMZ_nI$+QYJoXet=e(viZuvHC(~$RG4PGhsn20+oR>-eu2w{<zx7U1E
zVvM)n8b=#le`tJ5^l@GIoCrP3p%IeL-=X}p(<&Y8#UEA(ifm%{Ha_EBQFb0b;s`HL
zrAKufz4Yo%R+q^_P7)JzzY$(gvZZ^nCQgYtqm`lu5%=O=$NVyhKIZ3}`q6^iO6SBP
zdZT#HQ2&vO^%sf-!fIC$VFG_Ip)}pKmgmv*((i3@tT(U4sFwp#1b4QY`#w)`Dh)P!
ze-c<<!?3<4dV-z(7%O8Ll53sN#CbGu0LZ;5o!?7P#)9OT2<!GAq_ug9&TV{Cy5*Ox
zao7eT<`h@zy2F1bm|c5hrRnPQ1RR!6|J?4SYuaVCz0dw)g5*=`H(~zC)%F!}h#wi~
zL@-J5<+lonYH(&i@v_H7;f&CO^si}Nv#ryqZ?pZ&wM*42>M3O~HnyEp;8s^fz>OJ=
z+%1KuJ2Bf%&LU1t<_~Pj4hPIE(@-~&Aidb;sqmy;H)k#M@4w%|ctcLse+9Rx6YkFw
z+Q(3R>TWb87m6hbLLrZCmQy1Nj!2T{H<0gs176NF4fTSzRT2#`=jkTmQ@E|jv5Vs`
zZmc1W$R6oD*dWF-ARrEj3W<!s=zd~i+o`&GU&3D!wnKvvtiE94Bemu|F|;n<u(<3`
zUkG>+k*GUw`UAsN%}wP=*wsS@4z~a4X>K|Q<SI$xnZr7DeaXrGHmj?-3^{<FP^;~H
z=jrFnv3j+$W79lp!|%68fUmQ1VlDURs8Bo=EOX+8oT%M#MI0f49=;RiE;rn9GIgTg
zX+GtRvA}^~GWG?FRcYa>HJ<6$!@{@`2hkeiCP<Hwx!X(jPHY^?50s)e8QpRZNMh8U
z-rl<!A-{AV3W3v@ahOsM)=m#1>4~CKXC$0IOkYqeFs--2fdm-2kB2sKvi01mMmyBP
zV1a{Ii<4~@7c7*WZF-5R4{?J|{2k%r<P@EZoLFr-_Vn-|nGe|);6rmYQM39y<N%aq
z>Ix52aLJJyn?(6G$pZcW+CF8c#QHjL<n3VXo7Tng{usXLc<NB`p1HBKkP!!2aF*$g
zA0p_1As;7E_-Swx=UTS0q5m#b0^E(XmVP<+S&oD%B>*Mx&+Wiy;6m>9Gz`Nn$*q%f
zW;;=_@~fq^s9D2!Aibt*jOYnYmGfEReDVqOouI#~e2(c(GBCFO<XdqD^%kbTBEbW^
z9Lt!Oif8aOLI6s>81nSmN4|#Q<&{+uI?i`QAG1wE<wat@c(-1?W=zEz`@q^L=FGx?
zAsQQD91RS<sB7$8JpMsy3>`S^C5Y*cmSvuMU9am$!`%iAP<!}Fxv<!vE$SK!JJoDf
z=mr7r+h`j4yH|h5`zfXAu1=1^gC|r%PQn0ZXbYsDrJr>fw80^zK6U)DqZE%3M8|92
zJuXSv_g&rdNX?YYZqrv$cR{sw-U)|8c>!5*ysr3iD5ET7Zhf7Efy#IiLllRkt{t7o
zJr8Uei#P1OC&?BiXnU<r#ykeb7AP>?8NJO4B)2hqWiy*$uCeS@7BW(WnPuG8y$3CH
z&D${+-&HaxJ{}y(;B_a(s#_SMJAL}$*A`#yOl4F&#+QSv(Hl0+jVbBAR8(uUrOcA#
z@gQmXSA>lA^h3x=m-o!&H`Tcg^t;9#f)IPUs%eQALHyl~l55;*0&2dU;lE6_l$R@=
zS*fa;7X7(JZ@vJo_d--sO+!|-77k=TvP%$B9v+FU)5D{CHH11S-6PUgaj`(mG407i
zyDl^1Puk3N%7e?paKkq=dqB-sSt?1|9_PHky>}w{0KTEoy|({xiM9GxY|yv!@JGCy
zXiLIguQwf)wsTy-q=9&$65)PR1R?t{j&@U~-dLX^Sh@pW3|T0MA7hoObC5^T8fmnW
zObUp~iAlZW2p|#{kG)~6RbHJm<v8v<(i(i~xeyuftG)4os~3%|Q*P<GI0t!k%Is7)
znoX~gh6nvt&wgW5=3A)7yml62MUozkyP<(8_P;SO`1(EWec-@Buc$~dnMjXNBa&%s
zVv@Yi^msqUE9p*V91RJRoM|e46N(JHmYGq6RMElGF|fd=kRho^yGTD_!2R_6QOJKK
zs=?JkoI>N{b{!fGxrr#{!{s|uS%ZUoO^~uSD9Xyc5)M8NW!PRT8eeh4#x^;qKaKF{
za#y`=);FaGVu~``A0Nx_t(!gE?k5S>nou5AmQZ@mmfjEtJB@s6%1q~V)#?ML&{~qA
zjXBA3)zbkN#q=mC5*&AnhLEdQ>%84Fs|0Q9{aS`%xdkm`+Y)T?a<I8ap9=HwHvQcO
zg=0dodb8AAoM^N^6f89h4wEvcWM15V1`9ksL{jsiwOE-+pxWtVGDwMDW5+mCF2jS|
zb1@DrP(=Ide`m@gfPykRWb4g$jmvVkgB(a@kL>oVHS81d)gD5AR>{#$iBQpSVcpO?
z*xk@9ggLx7{VOrd2g^}gFQ`FSrdq9{bqtQ$`80LvP?ar`C8LDg2Cxr24w2=Jx6+xx
z(hAaaTuHZ+Zdw@l@ei<E)gx?dxjo+9EdBrtAP`hw99DQmTml2o>~+MDJNl=_A@tv+
z;g`9L{M*tcq9Nsd6=RhbDMsA}qHdMe6!CIF$)<;W6a}WC*JrD-^mMjt2a-3v&wit4
zv-Va_OtOmiRTVil-yjkYk&EcVUsLhDR2&~vkU$Z2H}dwjAfodAl4UPXJ)*@!SQvik
zvv@2z9x8qn8d>2?HLyxNmTQloQOZK^iB`J($Hg0&if?P`F~vx}vv-IO7Mr^bEJ(XD
z(RpBDlo7}?<BtVupKitVr<gze<TqtPHw^X|7+Q}?zMTYrbre%$cN8)VSTW|pe;;AL
z6&i3-mqG7z4+Q;d&wB8sy&N0!hrpwP@XN)Ha3%fK_U4_ap_73Uc{Nddhg|=WHSbG#
ztX0^I&_e&=i|3eYfb@8}<_#Sl-xa)n->+wk^f;OzAHHO?+n`tL&O{lA{7zo-#v_&M
z{Oz<Y1NLGU2b^-eTv~MB$6R3kOG{1$LKsJsh38&MjdSJfP=4!Tq@`SFyzD@6&WAwp
zZ+u=UR#N3mBWm~*o%==z4ia@QoA4`wWryhdjqlXI6J9t2lUud1wixMPT9BT=hr9O9
z17odFlTWb+dcbr!>VD`-$2@oVvJzKYbbD9p5!vft_?k*o@TYVQ4eA>Uu<DWWWu<ZB
z1pY8ztyg$$<ImpSgtWK=e(_=N0hN-TkfU`3$WyylbfW0kF!<7rNcMdoS%Oa(^N89Z
z*=jGqF$4i#!!<K)Za)*A8xsx;U_Xb}yR-|gQ#fEk)wHHyRxY|b$R+pQD4YA66M}i(
zO7>!M=|W-nuiiktCjiEJUTEjh(2!+vn6}~B8f$qiS{0vmu7prwGAZ)`6?@8LVdwDn
zXYMvn{9oQIA9i-EcDkZa@tk<GBw=#S^S5P}XuOeGCS0e-?^4KX&OU|g2rO}R7a7U7
z-v&LhWrYE6s7@rP1RzMIUJ%E1ZbZ;cdH3p7xA!*iBBN}~HAPX(Eh+RpMiky&*%2)=
z#~3pKd;$skJ6cst+B)-G1b^|~GW#8y<T}7QDs2p0l{`0@v+gZ;x{DAL&$2DQr^Ts5
zi_X6$_3D9}?!WO<2BVP2V=MyX4Pd6exZZ<Qok2!mcuNNPbF5V-z+TM#GT~eoc0`Xr
zCgBH=0c5}5y8x}cM+SdMTZO17CA~=!j!FcEWuTpo=nNK7$S}aF=CM|ndy&>EHzS|W
zsU8xr3~IUcZpG9&CvcgPH<JA$kJurJjoyaN^6IT3qF&LgSPE>vG`y&6M>%NZf6T^Q
z!(_Ad;6M*O!=+8jLa|?-pY;`m-1)<o>ZA|nHzTg9HxVfKoge!wEx+9*_?g>&wAkHH
zlpY=S<etW<HJ~T@*xur}h~zbVf-9VvCN1_N%nAXngb;OwcQZIqSPyk?c&Li`XtP63
zH;W>Fh;NCIP$Gy90gi*ZAvw6ulS#Xw-778zn2_t%a?$?DZGc26f=(Ul&rhyDX+O1i
zZpFWVY2d33DKf6|S{29oB-78X)7EVdw>{!Nd5u)Iqk9&@j5gn(+<8##Mtut6Itvd@
z)_On56E>6q7L#tkX0YfN0*%H2ECUFjt~V1ok@jQb{iPIJ5(@=&LP1>T53R)RhM~~@
zx6G#@BS5X~B;nEbfvpws-#rW_i%bv-f!W0CrkMuU!`s9FiQjm416%NqN_FvK)vV_N
z)bPx%XWN<us4y9+U*U@5TH?)y)gIGYNO<Q1YJc?A<)S!PT?q8`+<d2bB_~D=_8R(2
z)d_>cWlSZxP-vudb`Dc*CHhP%z~w;#`Wv0n3eP-sc6o<?kYheO`j&_=0sX}}!u{$t
zBmcAu;bxO8L<l_xQ_q$Z0b~spE)nr6eoo?yd`lEg$L-|LkEd<pah$YxP#F)S)14uz
z0RXbtU=L*{_+*Iou-K#TM(HeCwX%up(=hJw>PV!m>sH{(|B|t$u0wMvE-NS=g2s<5
z6TmcXLP2$Pm3piG{2!AmogG8%#P1p_;S^c(%r}CYL*&)f^^q0<ep2SzNXf8^STbiz
z!BF9a2WrO?&^TwM)mibP-S+T_RQjngMJaU!A@t1p_DMjvvX7cK{lHm72y6jWL@1<=
zkqjb?eIJ;%og06syQaiz1%HMNo4`}kv0iV{-`(ge`px)=wJO|t)uur!R6^)oRh2D1
zF0JVj5peR#a<sZkMXgY!F)LrEv44IB=hNc2WB}m>$1JX-x7~`ZfSHpHbuMr=w$*d_
znV7=?_2q>5$sDVYC>DNXkbMk~OEe3Mz|@{nah8dl3i}ypf*`jSih~;67EMcD+!s-u
z&ofAhm4^@t%e?y0O@#b-Ios#hzuhbFEq7bD44Ci^e&mKR-U3t(4eO1GWz)SlizQSR
z37+3H{yH4M3_=;)TGnxOy{NjFf96T`NxkXtpgz3)ifuR+Pe!%X-@4GEWb_=}bef;<
z)Q;Px&t7dR_G647nkq2uIJEII1JCdQ7_(x(vaJ&P8JBP^>P5Y(jtK={mA96X?>iz7
zA;;ZWfFK%fDce9CwIB=9<i9>n`4-Y^a)vzSF<extE}BwYCEQ?&_6xbKA2wjJ2r_;B
z5NKO>u~7EaTAuoVt9)Y~yOBw4^}FtL(LQ>&uL0n>)<2D`#HjC$7pM}2uYcdh9@k)-
ztQLkC_slloGTr~6nESi0>5?5VV;(AADXcw{w%!-3ivYsyRDiV)t=}7~TH{81#$a10
z$EyZ@bW4NG^3+7Et;{RG`>5Dt>$L8%wGRKFpPp@}>s4^xqb{u;nx;!hfd3o<&rV%5
zJrOpN7j!{)0}Z($x0YCE0iRs&&H|vlB{w(Ys6bj^;o6)ePntj<YuR>qd{vcdB@8L$
z#IlEehD}9%L>2A7eAQG=TeeAnvJkb)4%S=hS)_BNC(5+UyAi57XG}$*%M2A4<yc;<
zc9J!RULwI;iaWOb&TLbtK8Rq_-Bumb6kywl&N%ZZu|KoA=n9(^d?7Z-sok-D%8dV_
zj-cXrRbFfQyDGl{MM^SmM2ZUApL|Lw&$E*+>{J)421ppjm2Y?9(BMF_!IDE6h+{Ss
zoptVZn<`VGsx8J8{%s$xiU{wTfUY<-r&JM>K<=m3<Q}3B+;+*9oU?|}?|$9rs$Y<r
zXy9nN@W}DeAJj=`j)gofn;ePze0PJ`If2K;x${yDkZf|Nyw<-rMx~nbu$NyfAc|4v
zO$@w}uii$s`UJ84fHi>biAi-}!sO>;bDn>R`i?Cg4fSJ|`7H4b|7aL|BOl+1G!S!9
zA}jP>xPA0)r50$drtuIQy$De~1#0U9S%)f{7#bDugYe;bY59DCgVAwzs$$f#5E~Eo
z6|{Ic*AUv4p$vQqM`8#rN=ruEoQe|`TlxUtS=*F#sTr$Ua$}XmxDh)T-$|PekefU=
z`vwurkQQlUHX;eXaAH!KdkRB3O8=RQ)ShW6nx5Zs`Gt1w*m6U%bJgZVbR2kTAHfay
zY2i@q)|M=lX+o5O26XMUR+ueS?^n_4tg45V*Gv$khxVp`((xh&j2z4;l6!*dYw&^s
zF4H{YhdP<sR%|iqw*3nPJA42@jToiil6DACgxJq-sIR)wLH0^#l<t|cBI(h5dYnX+
zamYs!C3u26h$Y3PTt9gL$xYMqDEB#H4D*qdUu>EzcJa0S(nFefU%ouF-s|4-QqX+Y
zrog=0WiQzus5MlovE_mQsCh&5q`>HMu&)uFM{0e0u|4b^;;!wYY?*A`aGe`mu`Oy!
zX2c<4!SG|qo9JB#*`0<oU9e_7jMYjM61MmYKTNgfPRYi+_xQzPsV<OzmCOcXy(zO>
z?WlWb_wb1q<R<L`gu5j9$C_!cNeu?g%OR{mI#CZF(iVdx#k-P6*NgW-Cnmp8v0*7Y
z1g3x4N*0U|0iWm-Qq|wh+038@gO}=F6Npi>O3r(0>;eE{NRCWpKQI;8sbn^f*E;TR
z+7l+AA@4j>>n>9Ca5gwHRg5VZo_$PLuH#2CK)K$KHCt?*4*QlYo|9TCf+i#dj}WJR
zszwJCe<hrBa6y`U5ieEIu+~v_W!<9xv<O>p5-GEgzw%5<sUOPdeW+g!-M?&B9eX$R
z4ws3y&&@&1E)f~XyCs-Qz1WtC-RH-hKB?Jrb@wKOzB*lHi>qiY@m+FbGJj3@dHt#{
z=R~jExw2v6O%hbbfm~j5B_ubdiIJZ!G|FDK%<45p1(E*lU>E$@kyl$*H2$O1*A+w#
zWf>{cFM{|%4*nb&KxZ&kZjHo*A32GM|Gck80CHb=DsL&;?8aP{gf+|{-RXC%KWP&^
z9zu-ur#?54H~)TXtH{m@9JN#NOF2Fbhq=G@6N?ql7@R~!R+EXXbL6M6j8~#%qQH#$
z4Q2lqM=ujwR2#N)vZn@MbdnX+1e0sb|7jutlPm%B4NGZQB0*6DjbGUUk4(f1ncz%X
zihyRp1IbE}C|)ZMFyDy)sg<64Uq2L(ITeO+uYs7{wmA7@gv8%{{<k(lck-R)R$K<+
z=!D6%qv_uSB9ndlPr!hq=)A&O^#xz2vYy|B4bdaM=AMexop{HJCFx#7q~lmwM}!1Q
zG(gfBIsOwfty8-Fb?u|^A+i_0=#6PeIjz*tR{OK;SN|A&E6HN<nlJ?ICQxwJFhl<5
zvt)1)syar}jToQi6?l)<A6Ydo*)g>Kg&-W^;`!az2k}CE=Kh4r{++an^sB*f!lVO+
zc%KlTew)WTBOg6eB+^6ucnJlkFbXbY9jE5kjXJ<x&Gw;uT44NhgI3J_3%?T?K>3VM
z^LZ6jXVDg)ZNdadAR53R81?0KNY9}lhnbiv7;c?P08^=i0kP7L9r2PZ6~=TRb*0dY
zscRcWB4@S`RJYvSpkJm&$;r{6+d(R!LO{g==8YF1@5ls(CP~))%*UUj2%r&lo=hMF
zB5S<iWDHUP+A;?u*1jS3Dfyetw%^i!@_YE;gA^>{U;C6`<CS=_RvD_V5|WR)HIgn0
zsaJ>6?qXwOiXy$jUKKK?_`g0@56z2rR@N?KpuhR`D1vHMV)}AS;IrDgiJSUZ-|q!U
za>?oHx!>{AmR5H~suPHxwg)aQ8yu@+$SmP6Sa^UuSc>J=Fe0ZaPz2Tc*uGP*BoA$)
zPdllVRqcpWuQ(qBlB=O%24aQ4R1a-~_*f+uKn4gv<qYj<v&KmL*1H>$rm;MPT4S%M
zcMl@8COWKCm?pZ|5YINWXPZ>XPwHgTBu`fEO}#@1FYd$6p@KCPvP%Dd`oAU;NP#bK
z2PBmXZ5GZfqV9lXeKz>say&d!ROxZcc(ZU-)T>&lG;F=wCfh6cmHX<V+q*XJYtn1Y
zZ=FJbAC?;jcTw)+Z8HE140k@n$#0&=hYGvnOHg^kFvHjPoLEoZ&(iDcx}9n4lEr!p
ze}z|;`|*^s*)yu2fP<DSq@j|xq_c8}L7Buvns|;9QM4Zh%$$RKPU$k5gBkUbV|^Nc
zq&MBc$;}%3`AU$r=Hkpg>s-@DHm0hHZo%U9O9X(gkDgO<d@Fn5LXt*sh!65_;#tI#
zL#OgCkGEtaEK=#u6g|7+$5|b><PHD}00;{TpX4Av3Hltla|-xQT|<5;d8h^gW2^3@
zI3NrDB9)@VbZ1v?YDK;OGmqC`+K&^<8ndrywO(9f0h#K5;A>93@u*}{0AZrCYut&Y
z2H>Zt+*<lRBE@v940Amd9E-nIp{%)1n-I-mTuaS}oH9#}*mf>3o#w>ejIVdE_Q#E+
z*Bwyui~{`KKHtw}o5>ij1d7jcpw0m#zZoVHQhduJ2qew8P9AaPHA&~A+PKv)9c-6)
zfOzqQ03vYa=^5{rJ(O`V0&Co)bPX$XaE1p1i#TViFom%`gl4z6w2iay&1K6=m~DA5
zqxZ<F6l53P!#(eBqpHXc8WPDE<nK5~)kX2UncLS~Q}4bY0V@K)l7^pzed0fpk*sWG
z#FYtt%n+jK-w#}`bxeSG2CP$%H_Gg{K~mpfktI3itJKK!rY#@00f-xbZU2EQ-M((q
zgDA+1@4pX(sZ*)_$^#@ia|tg%^U}o!KYY!N85Sl$E?_d&F3la%9#Np*`~-(BfUY=R
zA#oM92w?nX{t1)_9@cJfzP+EnYt>{LwBkr<4-S5HJpJwqKgv%(BRwGM#RvmG4iftX
zitZy_39;SpRv*T#JIRV=wc%AE+`l*cc}OTl1Lem#)BHi(<6G&KRd2#gSq8nX(}Aea
zyN;_lz)>};*$)K+>jXW4+GD^PhDYe}U8wne(OBm}4!>IRSCn~?5b#UPr)lrH$HR=d
z^I=Jkk~s?!PP?>H3yzeZ)0U;)Di8&XigsvaC+lpx8)8jhF+jWC^p@fC)Z|$1ccVAz
z(E8+OMW1HOefSkWU9{MvXqNZ$UZsXHA3AkWqxr1@xgzNsikWCyT17xT5;p8P$Jg>*
z(jNZX+rXBJ1CTG<=k)_*!Q;d4fOPRr^rmG-$UAvO;WfxUlJE^-0-4%D($5LYMj>0j
zbLZ`9&+`jo7y5u@<<gi5%Tn!$ch3AM1udj3tbqf~mxfrY_`o}`Z95v4_C9<?+KbL(
z3W!tpE_!7r&af}eByNAM<D#om0H-BQe(S6Y*}fjM_@i^0fSL<1cHds3+Bec9nq0ri
zZXNVOPFh}lcxe`>S#k!v&z4tR!PsQ0JH#TWA4|Rh*E*er<rv6T33L$*#4X0gfAH7F
z5mwEKI|6|r-4d!7CIQc5xC?8G(CQd>YTMj=K@xy+e0tu>_v&x-?x*_d-*5XYIARMd
zUTY%2)gV7vnJSEhPQ9k+1OtTH35f4!j)Ji7ufO@GT^a>1*ttjT-<SrW+;6E2E|-5Q
zd6=QRPTu{h4p|kIg(v`2Frp&rL!iLkTI@54SNw;>H(n0jrtE+KHm0px#WZuy3G!#=
zK0p#1yi;*eEr2>xrT{~Bqnb$44Eh&9AnbPo#F%>SKV*)FDr^^SK!PDMTTv%EgldFz
z7{XP74yc|Y$ZhbW?pN4!Guj`UHD&QPs`p+3tq*>}0JWnr%Lihu2IEFFzb4oFtqMrZ
z@J857Y9m3pLypvdaDqdMfE_>kH%7QXh3<;aIEf*whDd5<I5SkpsWYuwt>+E~<nXfh
z6345rsId(01)K8gwdZy6@RNjPn_|{_xwi}rkzO-n!yl>e#I{Se=Gl(KS@hey{0+qK
z&1rv-|7_AHIdz7>?NOfXi}i0PO`82c&!(MpRC`<>8a_iTHRK?29p`2rErC%++|(nq
z2k1_9P?=NsQL43?$9*g8&>2|A=k)HtRFc(>Pb{U5^KI-p6uhP{8@P;*s(@JT-(;<)
z5k3E#Hb3&P*N^g4wUxrXNqRGV4W=>*4-zG|!dUH)Gmt1ynMSWr1@hNX^}92I`b7&K
z(#NC&a_AI$k|ovzt2sa*wVeYOasKdkq4Kqkb92vM%lu6b8L4x26t)j3$KWf?-hpy+
z2i*GJ{&5yAR#78DDJYqHXaO?qHJ7^iZ$_Gf(d@Sj$YqM({EkqLKmM-pp-FxHEg@8w
z=u?^M(ugY8>n2K_A_Yh(2bKb{lUDQ5RmeuEm-M7jU-E|(`!rCPz;+U+s0f9;7oRPG
z+)A`+nPL>>v1{X;(B8??#spvDjv;a~)o*fc-;wn!F<UJDnB+R*9aIE3@3=vL-7pyW
zkXJc7;)C?1dRk^N`0hU|7n$%t2ewJ_q2!!ud0DBu@e{BwgU)$StCIujXM>Cq^hq)D
zUrPb&N|@4g<OWDSA;-V(PPcT9FIHs&9%f+qv%L>a67|PQU1@omdB&yMtf?cxC}E$h
zS$@pDSEdkLW8f=UDNrFGkP4~UlSC*4^k!*OflFfmkdrM6nK4!W$lN{l=_dm-#<piZ
z7}(@p@puzynM9_2O08G^l#Yys>Q$Ze=}2wj+vdl()-2>^b*71n^Lu4MtW=hY(N%N(
z2QNmF`6%UP{HxGxRReu)%BgqGA9hn|1X?eiQm#}Jg~7i8cbT7m=LYb2SegFY>pws$
zB{#c&8u7_w)83_2ri35o0xYLF%kpjeI#>%Lk=L#1vM6rQo`Qeyi8s!ChkGHS$01$B
zw94s?H%HM}Xl%AB-@1YM>QY~%rpn-jwmi6kk7D4!Juu7Uu^<Q+1<Sy|_zhdZ4(|Zf
zq$LfhZprsoh9z4A7c$S;i!;>)`5Ja`W{}xO2SEOiYG?{cWDcqM@6vGGE-{e5_!C~Z
z{K&|@=S?+f#Rk?nR1B}@x$HI?DuKZ9qScQcTcAXI+);BlP8#jGv{zT?Qg~5TH1gae
zjRkH*h*Iqwf6lypK%TvwdZsG%?ukVW2h)^gqXIy|f2yeSVBfh42LTer-{Nyf(i%U=
zzZTg`7Qb5)gYG?{RFDK@5yw#z8rVXGpn>>={p0E-ZrbO@^_lN4v3<4I{(fC9)Vz)Q
zT<}_+X3@b~gjBB2LZvL6n6U31uz0&%9sCAU_IzWCRBV{B*BS-qix$tvo$HqEfj6p5
zK){aCa>FHC1`N|^|4em(9BD)Ho_x#!YqiTVZ>C}`3y5C)pmx_EB6=wA`WIz{<$w+g
zG<#(^X&$BllbXq|rt&<pL;A3D6(nrk5R7g?7H)PtVCw-Q=somEX$a8Az*G<9Z!k>&
zX@E8RLSDFfebKGRnmzzOcE4Nm?KHI7Q7g1T#Z?~n8iQ`*c{Wdd=0IZnpK%yd`KSqv
zvgnDDfH-VS{JRF7g`I}O*bs?y`)vTcQ65Fvb1azU9}_4!NHgN5{D)t7NM$gH0+sQ$
zA%5_nlvNIRF_vH89;7vkkP|OJo^Q48=IBiO2_`Ebi2}}`PT<>IcwUR&Tz>O@$tOSW
zbs0AOq*McQ8ky9}^%5Uxit1I+Lvl>q`hd%sX3Jgoj@qqT!zW`3%$Y9Q{)1i4{eyLP
z+Y+`R`p4{a8=#q9xDgL-p!VTk`HVoOsL?h*hVC^(lf=Jhn(9L`TH<0_dSFNFCXahO
z``a}i3Jk8Qh&gPJb15uxJ<k!@7T(q_?Q-Wcbx0Sn*x=Ft7u@DV8K}Gu-7_IczGZHp
zrRAhAmg|}DS3tXn>%w!Y>ds_^)SlfQ;86fAW5q(Hkm{L4=RZ_(ZzpfH-OXu7zav^M
z#0M0f2&~nn2D`ZZ4OBn?KdnTuF{6(TKTJ9)1t=sgFdjHsm065wQWv>n+ufX&-%UTG
zQtIMmQbq@S?i>_;n)Ib*(%vFrx$-bj5s&Z<IiUc%&K+b<UBBkBAaQY@qtL5fEA%KG
zv!o9|_9$1D*8CBUAd0kxX-h+=IfVZj_o{qvRgPGK)Rra_TBMl=4g+q-IJ+^9s67E4
z<O6uWy)^|aNv_Te5e-;02Qs+^Ij)?MrsFS9+-iBfPn#~MV20^$(h$p}BX{4n6jep=
z8a9V=GcuL8dS$cy&lI+EcZr`W)><alqNi!AqTJOywdBX@8h=zpfqW69=m;zy<-gG(
zc=!(GgzGmN!lDb@VF#G#O4^SR3zhj7G*SIDBkGdu-If8sh8nN<w0qQLh33pS)NE;8
zKv_6H`*E*}>521~1@M!*C7H}TsC`xoFn9NjsHN8*Z$gv(Sw;CnqUZrNUstwvb21e}
z-`j3epP*>Jb^u5T=*nn`6M=lru^hVB7#;8ewA?$>Wd$GlOP1F_a0l2f^t@EC;l?LH
zuyRk}<u2PEUjqyVeBj08dh$s?fQ<5eGwlknSH-k-v?2h^qAIV>a=McJl5OWBAm$8Z
z*abCY#Vv>DSZQLsc`ida2^e`Bs6GVbhS;KFkSB5w=;<kuIeE$)S^n(*eVZN)J_$5i
z0|a{h|9@@M`}luv(?b9dUx5DErl(3P@C=V+C@mohdV2ns(UK2*d6xq8zm0o~9`!aF
zI?MZ`A5|`7$HFqk3n@z2zoNVo7o#x*b5eTZU@U!Bh@t-`zFyf7+C%FqdGPx64-9O@
z7l=$)2MXAtSPBZbIYM`}=0!*3RqtGi_EMDdXT2gCrrejeZ~0Xyjvl?HemjkxraBFM
zcnR8ag6#kYH2NRTd`Sqmg$IGSy_4fRp3iCodD%{E2KqgJNBU|ej{y_*d`9Dpa&jrp
z4L<NmA8f+|ThRkP`SVxpcK@$nUtSFO--0;FrM@RD!0mRj8E4CXZ@Vt!DU&~-0T;`=
zI8&GYtxa09dx87}JQ;M5A#29@FL<vt&-uTt;5D9@#rPKzJ9*@PkeD;T;o1K*P1Say
z<KNrr6|%^@|JKgsBz^c7{PmnO_x}o-POSc~V6<%T{|dh0B>i6>Ue8pg{`<f{o4NnB
zEP&I-?cXj?B-aZ53+*p!g!E5it!MKb{za}epP2c#s#c}N|DMY<!|uECPw(-pi3E54
zF&G+W1o_E7okvXW0bl)N&ablT$al|ux9-S04fK9CcCG%z4O}bm0i;z9!07@X{GZ|U
z|AQ;|5AN@Oa9jVuo&5*r{vTZPe{eeg58Mhf@TvW|b>{!UmH!7f^&i~ce{jzK!8QH|
zr~UuH>Hh~u{~z4X|KNK5gIoI#&K?e=KNuNq>tE$MvBwFufoQ36eH7N&AAfq}DB4e7
zF>A^8T+V&+RlLkwpCpE$LE0cN*!UCrLE1T_H_F!V{j`w26zt~k`@Wi6$&v12Zllkj
z{}U$^qo+m%I<M8)zN}JK1S|4f&3*FjEid(t`Ea9Gj|8uL)@$c80wGgatTSo%yN-u@
zD)mvruY2(oU)4|JQS!2RuY@`o9vv1{VdbX=hZ!X3YeZUjw7|OJx03tR{P;H#bD2Tw
zYr7N6<F+&_K7Or<vd{Srt!g(1mVZgT@TCSc>PwmVgS372{w5TxmOgv4D^or?V)t;{
zS_|(l;xxKP4B4)3Hs-y{s+;n(yFA!y)4ofBL+)C6x<LdXZ+#w&O(QRWWuD?U=#==?
zU$A-WlR>+Z=GbA{x>j)Q8coWVHqb#LKZE(YyZt>a2yfb19bEmn-x<6=o8#l2A~c;7
zX2>c1xSN}P`{RlYv~VjJ2k$@OIJzgH6<<T*gPmNn<hkp%;saNoCA&U4szVQ|*OVxd
zhop^Fjy&#!C1~!g?d?JX&r3mxS5A9~AUfxkJqV=D<^fSUwHbCbe!S<|`$%ihW<%tM
zd87o_u9BkWqkP%eqgODw3+Q2tEuKp%ttvC}M-S<~aP3bnVey-E%VRfau{=$lUY9p}
zv>mYL&dmRT_qSbORrmH<XOY>{->;;w&(?3VCi3$=w1j(KVO2du?B}!2@_EmGzjN<H
zg70?uzRdl{CV2f%5=AV9x{Ehx(Q~#fcjL!ouF$;G?XgmPP|WSjUKEiZoRZQ0bx{<i
z>mYD_L;x2QQ!hM-)_QF9@JFH~dr8a3&lS&<3+S9ZV*86$8fniWoM}N7FnG#p;^y2q
z{iQ$uRVGxK*snsdNm0H;fJQw5uv3H&1L$g!8scaB@J;+swI%aTt%C=^;6`juYf!li
z@6pqrw4I)SfH8Y!*<pM$)A0IH-l|g<YRGE%s_BH*%Xz20PXhQLua!F}4w0Xt;=P7^
zK`Fj<FL3>#6(7WVL=C~`fPKxnYJz3movhd=owudJ>j(P?Utaa-$xM=5UNPbitOD2s
z>A9d8;pqb3>Qj7d4n3WP%FG3huYpw-4;B2%aOFm}8vOaE_*fin{7rWmD+j=9;u}>3
z9sG<cfaRUygL9b+b<?ilxp}u9qTYgBy90~3xL}=`lNFbFdpLm;bruh&yjF1K2xJ;M
zlQ&`Cm3kpzMJ$+di$FUMhY;HbY&3P7NqjmK_KaN|1}k2wnN8fRyIjHR=SF^6242cH
zrF`Wmu-s6}lM610!P)lmJfiJ0y$kK76I1Vd62QVn%1i)?HpEkEodruORrXPHumauW
zq^%ZSU#wJ_zvL7jITtf4ZOT!Gtxk45O3dXCeByZY7zRmijposB0b^%sd;c_DAJ;)C
z;i2t^X8cNVt7as4lE&<8;`(1!D)PfC>5u0>_omrM&Bc?^VQ}iv9Eko-5WQjn7oh5A
zGHw13EJ&lq{|s7?enh0Iy!nH-LT;_1;6!65SFjP#LfO=25W!9x2kcYEB<Eo4&qveL
zr$u@Y((PT3-iufw#i$6MYQWmLawQ;w6+Jb4E*MqDWJqJZr}04y&}0UeJ;e99(b5?{
zj)QkQ(<Czp;a5w06Od)nMHDle7<^y12os@zw-I;iZgqRtkaMI*U-cL+6>_x}YiH_|
z3R$G5rq3Wy9{XC<as))MRKT$P_<N0~hD+OCNjC9n_3Va~8!E8Jy|x8+^&^zU>;$al
z+PkNwIfCulOB?71aviEgXwNe_60}!ISMr(Iq2)G7mbr)1N47aX-QNDv*0{Nh+O)N{
zXTZeLSEUP>=sI8@`+cs><7tz~Wj-{b_TpYYp{1cw{&HX}!e0Biz&8*`#)4Sczf_U`
zL!ckG3RkIbE03Eqwf3J|!Uu%%^;&FDYjz`Wj1>4F=3Z@Cpb@oHALu9C3_|eZ&AD=s
zS@mN=gaNs>wvQzzs#c)v(ZeydvcLaZ(k=3~WL1_TTbGbFgsVlXBCjuYB#V9BoP-a@
z3~->taf79#ryuCBRqMsZyNWSc8S9u1L6Fy0Iea_5O1jTyL1NSM1}J{Gt>Gu#8$^8;
z(w_BEaFMRk;s%y4=g?jRG!-%(Wo!Hj=!2R5ORV>~UGDHFkAx3h!c7*JKH15M-OmQQ
znh{=pycybii~PVAFvwqg7cnM#@cbIsPG10R5Qd#L316=5bzz>E!K+<dLv<i-;kL$L
z8`hij2*5DA6!{<@Wuzzj8Czwat{vK|pFqzOdxRGs>#Z)o?kynPd9?p%DQncatQ?Ct
z_yOQno&AH$4|fAYhZ$&<D*7A))&6M<trM1;AmF3xAYV-6?asZjA~h0ayV4~`i&S&i
z4Mx#<5iwwWfwja&>A_cJ#l87oMu`@?F?riOA9iT<Gr08bM(fm$%a(Lnw#WVa?sK2&
zxT+ZiAHMI^B*4yR{QO4o?h!HjW|4pqfnQrJKSE$vnx@8IcelRBqBRvRh|Xn|bObos
zIs~~o2(jm8a8H*B-%2j3Ly#oAPQ_2HrFqkIVo)oOuC=+V2@lR}*BYVSsEC{|M4a0M
zUv0E3P4!Xr(kubyMom(3q|9G^cOm`sSniszbwj4}7zLP>Akc3nlFP+|!rfr7W`7jo
z7GeF8y9s39vKI$s!Ysg-JNUH+hUgXf=6Vj#xXSH_6pfaVDK7fivsAh3xCCn}$j5aE
zhF`+s-xiJ9d00L^NIzB4C6!Z;*byccbwTRB2!8RIeCtbR<+vTcv^;k+>ae_TC4b7B
zl-i~tRZ_L2@#uRAd>dY6`X%=lv%427NKi;oGMPS$_K_Wgyui0{artET4%$}I+SvHG
zqI(4;))bi65md#D;e9ISU4owJ&a-LZ@!W*<$hsg#o<>Bp8I?y}cJ7_eje1;ce*u^2
zPTq`qkniuyKSB~Cd7q>XU0X6uULIsu5|N@i=?;eRXFpLKD7WO896g{XkCWJVNUY>W
zJS|)oE~zh`u(t+l5Iiu{=v~70zQ&7vwk0j+Sf0EQ1l=ngTQ@j)MNHfwU3GCl?94qT
zdGEYt67Ie~UrFz1Q@Yn7H&1$Z!2u0MB>8PsXU)oSm$MvvH@xSXe|>tKJ733W#&dT+
z6MUE7%;!cJ=$E@y6b2D2f+^>rb_CpCM+o-2wdkrm4o*C-(47!6r4R2Mn@#UC$Xy36
zizN5>fu#x^TxMeeBx)EnFjKx!GdV#e(r22q+kT}w$#3;QV~C&l4;>#>oSLN_sg52P
zawAL7Ajgm+JbQ70>{Gh4(y1mbSL@Bmhu}T_h^Hmj8Zys2@>|{aH)>L;#c9iqOad$`
zvB0!Ncg#G62H{QZ*yeAF8u*oIra3AQIO;WRL-f?Zkn5Vgq|8q#kGNvFSaV8uz&sVB
z$tk-&v`}txxIMPK&OD_vvU0wp^8Eaf903LXT$5{q#DS0bH*NQMd#%B<ePo{6m*kM^
zNL%AzoyoH$QD`92RYjP<-^#}E*7+~baZ8^L;Ckvl7MFeTK9;)LEq2Dr<#^M!v&QDm
zO3QJL-1`;eNKNwTx{prxZ8QbI3oZ;SomP3`Kywv(YCNUeD4q1uI-;`YCYwDYjDn@P
z<zC&YFR;VTRiqB>TC(o~_EbA^eCtl>)|e;7pk1RUY+IB3S({a4k3Pqr`1jET*K3@%
z_1@N$cxqifsc@kIUk_qZ))Y_ow<^0fJ86@RGEZ6;xbxEU($QXAeJ;%kSTLfXPA#g;
zmh2z^;)Qx6xN&%+e7Y0==Fd!In`P3vt;A*wuM*&esLMX~zJrJa`tzk4{N;B8@v;n0
z%_dRgGtz#GH<K+_o(F_}jVUF)9I$&mua=u|!9^E<ZB%`cDjeJ+W#Xb?yc}MtxO#$4
zyQQDz4+`I=^^hZ5mGJ_9G+_cR@?Gk!OS7l!Wx?KpelQ7t|I?vU-P9jjPsc%0^Bzy@
zL2>4kne7PM6~+|3XTA)QTTz8Zsrtn}TFy{P$esD!@5f`X))ytHk}J13Ia7aedEC2&
zriyb_DzR8_xgjkXpMVeI%~bT%TJ(W=oR!WK-hLY$Cclvte+k8aO|O$O-K%J`H%7-b
zIyK=(F5Du!j?t<4jaLS@V<2C{(>Z5>PBgR*4eR*wHV^%#Hsv8@WQ*OQhvOex`Yi?9
zk9g|tiuP2Pj*(NWYY~eFs)(NqhlvK2()X{OA_V28)Z5%R$@lO8Kh$`eJ1IQnq=}~*
z0Oi(w*J3b8v_C!L$O0Vl3|%a$i?j`j;VCmo_tyd@9+M@l#cGqrNllGy@)@<`!q%$0
zQW-T9#7Hj09c8wg{~vqr8P-(O{f+J<5LB9oNCy#+TM<xDij=4*hzKaX2Sq?c0@4LS
zf~crS5d>743W{_DX`uxhV(1upAc7P_7eY^RCjRf|yzhHm=bUfn+vBBPv-e)JX3d&4
zYu5VBWN%bv$u}xaxURy@RlRun1v&RIW=syOeTc1@L2{KP&H>A$I#a7*)Fy|8s|?^<
zd)bS*Sze|d;h~WIOwHUqw9CG#;)t5f-zf^cM?WvUg&0`+l_AWvFC!Gy;Duy%xG?<6
zO?cP~2y@QaiV_hZXmfRt|7Zd3T|?n!Mpx|7EJYM-eUXP*GV7qaK6(zcIRlcJ$sn?~
zp~kJpV6h_B>3!IoqowAH^UvRFanyo_ap#3+=#OZP@t8Ymt61_VSbp7l{o>MA5v3s^
zB=;145z3C`YCkB1nxNb}bL+MPF4f5r%V4t|H`GYbW<fSV(ID`V_8y=}@sX29VIh}E
z=BYo>mTSezQXoc}xK2u$4VI>SyRdyOup_c@G#!Ue+A5&MIDEb4`%fGe?&}<wdO5bR
z^I#MU>wAk7CUIomn&Q&ApuWyk9U7d+eCM`tOLK2C5)ZbsNO#(&<;f*LSi~~UzQKZ)
zp5l)kVrw})f5wtk;C93>sj0p+I!<zNG|X0bW?5fpD7ai&IWHn4Kv1!4&Y!~F2zg9i
zA!l8C{1v9H4n5my4DqMm?K1JDMpTB9K)0@@O%Xg%kjE4sc{#s?w!Wp&<Ov9eT>-m4
z7UWt3ji$&j8&Z4B%>~C%V8_0@i>(-^NN=xHNepv`QOo3R&w&}X9OV&YL?UUZfG{z7
zteA|B!(8PY>HBkF@rv@TnRXQMXNVPjz)t=_x$l4=UfW|4O>YKqQn|1V?j*2>YJ<RB
z{p}4T3yPi!B1>Clp$Gy&eQq$~O4b*ZI1FBY?Q<7z;pZ!JF{Le3X=<rc$>u~#?5B3g
zVQ%f|eg&w!wmS3=u&)5K_FZOynp1V;2&i)AvQl4#IIwAopB+?9=~V9hxj{z7VeaU!
zt&y{0fq)ns5!LZQ8h=cxx9nEGA)8bNa-7#N&>;4%7xS;CvpamW+puDIcyqWbwp3i1
z8>$i={BlwU8-Tdkre>f~3g-%JXB!V+Ur9t>XzR3rZKJFb3D)2pARASmN4QN2gJv7E
zl}0yiXN!x@Zj!Y-##p1E$-vDK+I!JHU$~+6dJVC5x<<>$-R~ADSg*GHIr0POq)QRg
zpZ*~wt<G1-uz+8j@_E<x&uL^o0VP5q?n?iCe1A^_)Vt7Qe}-scsPS=AqAjJnqE5HN
zF?`A+Xr3*Rwv?@|O1W-zVm7(WK;u}yJQ@8MbEjxIBa2zn$Znu-_`O@+vKcV=nOh$S
zEz<{)Tg^13>@=5|5zG3Z0Kuq?_8Ol-e&RgAh!pTL`Z4Bi;3CIM=8XUZkJ?r+E`O>4
z*iG$1D7nNcON$`zRr^J%J~Qawr-xxKAlxN3R9n-3(TstFwwch6(O3-rit`CVWK*&7
zwvXx@m&<6n1tWky4d!xt7tJ6$O=OmwE$;Gcpm8fHV{397F<T-_=C?+x1NNGOe>AVV
zmq=5fPpwQ!*7We`H6UDrwml;RSmVXX>w#@uCOoSh?D`sU7?;v<PCN+K5v^nA>AFg|
zt>+J*(j#0g>F%ugl5n<$j^_FlGeL^cFJ*zJW&GQ$YX`&REdy$u4J&8{rZNY5Jfcm2
z-LJVGfQWJmn)mUWlEzOMbT&#;IHDKMgJ4enm3ttD9@%Ab^m7e)3uwA?tH7r<0|zOu
zMbe&-lMFOI{?r=W1IKSj<Y9COJ0a_dblOg`M?B{4C;tx<%G6f(Ecl7?fl=IT9KD+6
zV4wjf<~wF@CewZb7wEeKLPn~kF=`ucZuY$0ERMuNrFv7AC<ko!w1H-bVOkhp06EZ5
zgLt%0oI-SIzRzlw=YV|A_2oqrZ34aemd3dYrKf>8bcNmVx?PF8A!0J66hv3*fIU^B
zXyh2-VG~9j^zpeaB(X5OW(olxS3t8PD*@4)H0|rLz!oUs{|@YHe_WCR407y}%tsd&
z>k<UoN4jX<?2!xlUn7?ZL~zUM+yifCr;W{mc*5K?Qp9}~@(r9~9yEhP)vr6=HG~BS
zre|c6@3AYd{#)5XYpq^{hnUQ0rg;I^^IY5huPIUj|CiOVJAm~e^*}+LT{LM!VA@50
zthXLx?694{hQr!Cw|(jbA>#Wu>qc7&n1|_lX3##qk&X3sGuH6vFYxi1)Y=G=aT8e3
z@AmkA=&9wdE}2IWV3qUZ><R7hXQcxm+Hrv(FD+N?G!=mMfkgpwn9@cq=i<`tLSSH9
zZl9^Mh_jrsT=1O#wK|z18L0w%zr!t4`q#;bYa7gzHb*_*eW>vz@&;EAAHYWvY1{>9
zG0F~`h3h1U8p!qqU&&a|!QSDL8ZMR<>j!{|NdfyI<=~vn0a^nX8k%JNN>+&!+uK}Y
zdz;)?j0-0pEq(OYdle|g%Z618=B$Bc4GB(+i4J<t$1e$l9Iw^u_aD&%<1<-FHmlGP
zaCrlK7EbF!OklMS=`<-~Yw_Y*eiUlTgbPkp&9c%3^E~~T0+gz4j%{K)(0JfpE=U+m
zkIHdCrR%GO)m8SXocKnu!7rgYzyu^t!d#XT^*3wME^@(L?417WB*y|Pv2xl6jdYeB
z{x&=BMDYp`lz0)JHxKMeD8!rI5xu?)T6;-bC9C|x;>lW}t&M5O59@!rczv%o+zdb{
zzK;!#P~QoIj&S>gw@n|ce(j3Dd!C9>DJ<3|?Bp8`T#jpYs|+mmQI*_*-)yI4W~Wj8
znvswqObO%2K!GbFBdt}xu2sDw(D*Lgw}|$T90-IOOLt{5GRUq5C(2ZV^CEHxApx=y
z54<cJ9Vxy6vWiQA<h085t;_*c*79kG?F^`p)Mj7&sqq9spm?2wDg^9O%<lP+b(RJY
zqIJqfT9xoHImC&sfrwaOo3Q)Z^buadF0fD==W`?J?+r$K%kB!*&JEKX3^m>#5a!vY
zSaZRj4Rz6`3dBLq9b{Otl9i>F6BD@kfEHt@(PS5PjWpkQBvW^N&1Vnb7c@j`1glbz
zjdLm;Lyj>xUS?i$edD4sFdL6w;Ox`TE?~G0Gq!)$fLUdyK`sws3e55%d;(<434a9f
z!Zsz+UEeNX&(e8;N*-eY(%&44ow1wm3)qjpEm;&%>^5-@sX3*|q96*iy=$Kc)%wt5
z$Z5bgd)DZabo3W)InGxVuyhFzT^&2i<c1MkYcS#}rPS^A{HO@!+vDPGj+b9M1f0`m
zEK$b^J57i9ZTdhM`n_;TQhJL6YMr@EW+U4M&D@X~B~*B3tusaP&HyjkQTG}MMn3e`
z9(jv^wf;U&PpY|671*2xUwKR8&QJ5HNv)_w(=Bexgv_-UL@1?2I1L!*`$$th8#yNY
zJ_V@}JW1{!IwUFIF2=2KyrkJw4SvC_ccy4f*f?uFq-&Zp&IHbMfq<&yF^0M~WDj&S
z*CepH%cS*Jh#8bWVvqfzE<PY2ZC78k`H77Qp@+&y`)%kalxm?83a8TP`O~gLkV{Ov
z_f80<L3m=9K8smZEEw`Gcp~|yA*HEBnrA*rG4vFP+Le#8p?^=YdJ@#~c5|}J1S+*c
zTk3iS2&!pz?R}Y#9<>*)oe)#vnqn`=tibY=h0g#M&r~Hus+G2YF&GHPk-A?>lnI)^
z@&R`KX6VMX=JdX@rXMAisXX&;L52>Kj8OngDX#L8!Ad#C<Cq{E1#<_uxIGz!8f6Qn
z>YUTVDO#WA1G4)0ZQ?~KpMOQ<Y<}-DDeOntR2AwSB|Ir#T&HcbMH2!EtTh{x+nT**
z1}PU~tgy2wp#$gEii+(R^V0?g=^1341Q<QWb^1z|N%|X)$uBN=yY!wvd^ABrjj|5Y
zeNaC0Sg=h=d$WyC$M;i1t62p;lAwZ<Ib$d#7pk4Va~Hzfg<m6GRV)Fx7XTfg#my8+
zE7Uda`q?rro04MY)d1O~bq%GSlGzqtKb$RgZTcWzCnuQc<<((y*V}!6E;%|u?<V9)
z(UL*3+Vkh>zm=BB&Z^a^*tG{KlFy6Q{pk%Ao6B7$5~bXKt{x@wVC?GaHc0@9%C@M9
z3azJAka_uQQn9{9^guE@Gd9C|lO(-^nI$6*_9H)UuT2~9wHyStIa}NJ;UZUP-?YJM
zTb>Rq1RXd;(~BPZ?yT9ZDmi^pNk!T3XxxWFj%6j$?X3K)ya?|A!RYBbz{m9mYuv1P
zLf^_3AJE9%1KqIWTe%F9@yy#Ur0jyx@52@4VDV2P<G=)o+rSmz0H7sPyI%%!8KqQh
z{-#NSdJ4H>kh238Lq8qePim+!3(QSvJ2IkOo$3_$iRMv&J3)9Nx%_eRxs?Cuk)2S#
zN8inwf#sopE9Q?_V@Ix>D9fE6R1IMy(WH@UWnNO9WsM&hV3eYm7WA<$lbcVlaA<X?
z-aZpvhXq4E762z2=c^QB{La_U7A)thcyAPDB^^3#Gj*LrnaRq>=zzvoG{}uU4db)y
zVZ;Uwe8*+NB@%jeLa6~8eyQo1*-D6{+DeJK1<}E_P)haYy_Ag^L$0;50(G)9@KOof
zz#F@uDfOF6g*yWFn<_v*RIAoW1vAoTRMe{dNu(b>o~&LEl(?b2UMkw>c5CzVja-^>
zK0ok;`+Fjx)t(b7j9jaI{KVf#{F+T)G4qSeifYWvhnt0~MoJ6Fx+^!eKT&En$+Rw|
zEMAX!ZHM_g9e+&@yV6BAvs?fsSFBBeF4147XnpO|qdL3$r=`@6^c7?d?J0KmtEYw8
zr>xge01nm!Y@rLpZ?cNFPM?8@4K?nhkl%Jdzk%Q#&&v6jCuBRmk6KF0$*2-SY3T3%
zpvtl9^hKI*0dC;AWRxS=5;J4ly<<W!P;wikfR(&<sN?%{z6NI5#JM&vX9_F9!f%--
zK%V+=ac8LAR@Ebt7I~_QXIt8da`UEk*hB_d*e&Vl_-%L4x?W8XDTde~O8KU&-2*MI
zrl?Q_`AdaUVtb`7>z2twbvcyLv$LB@SC)kB-|7rpoTp+v=;GOFw#R@?HHKT#Keg3Q
zf3ef@+sA6`^Q^I8yyE)7Z9~sY@su1zGk#K?P5YXy&^>=Xmam=T>nLytN{;}uAc*+(
zcF=ibe=xeY%wx9)_2wkHvC-{&(<gvh7So1l$^bQ#a-_W6Z0@ZU9Etw0vWZnf6x9Z7
zOiD_`m3Z5kJSqr24T8Ga82*BYfB?Z-+D#D7@7eF%uiELVtz4Xm)-BpBqVa`&mjBOL
zfDUEGf`O(zB{%ds33+R+1?fDrGL|CWr32U1jW1~j;WOkhC%CLk6xAAnE|G`}o?MIm
znrZ;j?JIjaEnQXjlJQl4(@Dc?plv;Z+-$@D4ij*`F{WVcH@OF_ui3zADQmw{lJ{zv
za0x*95xJXB5u0}D_1q55`<b<_G~U$SdrB5nBLfpEBIt5AC#Lv^BTJz%DNW3|{2^z1
z>15%MzF)!iZ|~ijWV2e0q<wPus+E2}Y8Mn-!u&w^3S;O{Kabc@Y9~DTJq&j|8#?WT
z2qwqIZ>*(N4R6=n4&0)}rS?*mb5aAh8fYl6^7Tpll5Sjh*T95uQoiA%ml>%5G!~F?
zaW3b=TinVa=##Xavo2w8kR)wvW2!2ToVlu!-s78q+b*_XoTESCT33ry480u~KZ_6P
zyo=Y`2{QLpB}FL0l$38D1P;lUyo<OAbpPumYhCx<CPg14j%8ZI3RWFbly8}P;FII_
zfvcFy*ei5-B@4kTcTxEus(t9>CxY9KsN4Jl$dA@ad)1JdehR=R4?q%ywN_|ySz0~s
z{(;Kc4@dAH4{1Jb4r)YWJxPyLiA^AM8z7$p)5O1{)%}XvMoJg&?DM{=S!dR`QqSH6
zJ14K}hONISN{YX3?c$r6Z`Lmu)yc`?RRiPw)dy@1x@mZ=rYS(tGn?dWhkZM=e0)`A
z8#Sz}+GEQs{A^X`>s}N5gLd4HTFgnwJ9M*y^Y)&j2s4PUFU&zbe|sQB0VbUxd|yka
z&)Y7M=?28$jJ~}#UPt3pN;86aOeT}-?NhW|x9S8-M|EKR#X}zo2beY4;#YhCa!NR2
zGhWJC2hM4{j)%izj6!CV{p`CAV%9+$I8lVZh-pKA1!x!Q8s)Dy1O>=?1^35~Dc^h^
zL#OI9bxY$L8a6AsOk7TON~v*Pe{5rk>MOh5LqV>6jL@=YSkR-h#qDanhZ&mPf6grC
z`uq%TY6!8Xiz<1s%K6?R=A_M_uVJ>N9=rp{FzT0@$sm)wI#)?=UihlCfEac+ZsZRd
z7_B&xwU*L^^|fM)r2r?MOt)bKklH``?#7_&Zv+T>1qB#4PPLI6^YlvJjB?e|5K2>z
znph{j^B2S@9J9}>tochCWX*K7L;yNK9Q0O%EE&%96As(h(wGK<Tf5c_y}DI0Ito~J
zqb2M01mm=(I6Jx@j1Ae|uuuxtj8xprqme)ka%kC<I1f6SfkErm5SphA`t78z5A418
zOefM?4_4ipo$tZBUSI0ok>79?qzn7Z;8fqbvd~lX#{d&4Z_m^70n(};fa)42x>^;H
z+ZfyI)T&k-mIcxiZ;&u)@+=hUm2bXbQ{U7K-XklG8+pH(O*24*;k!m0DJX~31%in+
z*WkIgP|>IsnN`T703o!b-|1C{ewsGuoi5dYYd_bpRw-)OkGuQ4=ZjKvBd>ALDCfYD
zo5Ht4%Og@h%*qEOrDSydw3IAz4)DAsFN-*(6s$X%Zu0S2kBt=y#g5_C1mQuk5I}MA
zA_@qeXQ14v3^GfU!lAHgrKC`8UjD=NDjMuKhv!)+29ci7n#FO$?<jeFZYeFdVk6+b
z&ruC4S^Q!H95-8VMa&_PEgcvB;OHxLypq>6QUR)+@+2Et1&dO4X#d<KmskU&;@e=M
zJY=b>9p5p4i}%?H%~o;mfd@rGrD4i>ncb>F(|l23S2VUwMk*ZYWyxmh%qLIGqc5YL
z7(OY#9X=kf9XNJ1nDTC7qP?p*!5+sjaQq_1C2N>3UC<ED-bs#l?Iu`f3^JWw@3OPg
z_C-r#-}1IfX&w1#!0xO7Xm{9LI2Low#NZ}JP@r;NL)qq+u2>@M_Epj`??qIu3Ee3>
z4X?XGqmlkpB`4Kl0!Kk8+4f=trrG<2oK)a7l>r3}1zW{q1`_Vx)>T{JD0~tO1&z9;
z{iApNnqc9GSN<r#rCt=C0NLhqutj%THVv<~(ni*Z#oQrR@8^~*1lpF)big_WZh^74
zPqjp;5gwixNZyE#FODb;G_|{<SX=Fu!D1aF2w4CAo7KD=%<$T8voJ~K&Icg$U8_(-
zQp|YfSM&`V<PVfN)|5UEx<C#IrVog2`(KSGWq4>__j%VKw}9{s?<<+t`O6<f1vBKS
z${bDG?5ZjrX4Xl--X}>o>gP)aX5a3gpXb#GktYV;0J0TYCK;epaGO7gG-t98Xfflb
z5hPJpa`X02!Q$D7Y;oHpCvK=>b~>mrMFC!lG|SVgoan#X^WJC&K5C`+FGz71+d7TZ
z6q&L{4X;a1{urj~D>WZT=ha5WA6o4LXEDO_0?Fsd6<2-2uaJ~|viXmku&FPf=#Pp5
z2d-}EI=pYhSk&h(H9xbr!QQm2)#9A~o@t4-r*8sOESB3Lu110FM#@@ZntU%Y^=2CU
zt=6O{MEhBN=-noRCdJMTK8}Qi(z}$zJBX*l9M3=!Pkl&#emZvP0z6~i)*dL|*+w^K
zv-^n9_ogsI(t8kQH;YN^D?l_gg_zJ00P(Y$KTd%0_08o^oroxYJ{TYBOghFn#6Bm`
zxbTHp3l1@TmG-(J8F<BVi_Sr{Ey>rb*<4UUYo<Rm&R-~Dp8HD;avV(uA5XhuyYn%Z
zGeFi{Io?D@9oGxYr{vq%WQjfYc-Z+#adPproxph~=e5{+fQ1*17VDL{na+iAt$p0A
zubQx}aiwcVg+=}`h0?(;oB}{B$%|6NyLxX!PmlNH+I!UR*XAs9&g75?KNcUR&J3}b
zdFK;zC=-&H*&x^Fm%JNMuNLkd_f~5DTyGyIU@HrJRcrmr&GIgj(p{O*#rdcL^o{U6
zR<1Lt_Hms3LTO*KG`7rJCyvFUCV#AlUJd|Ii=uA}0IR-h5tT#31DRlR8^4TGmi|$u
zLDT|k#yhZZ^J`ZOyoF%1h@MF5ij%F=QNqsq+9ibc>4OG>;8kTk2W24Bz7l}BS*^e9
z;(dG&91bitQRj~8SxN&imk{O{A+n1D1Rd@tcc&9<Y;d}ue(l6G@^9@?cI{*nDFMhp
z10qKDUjsys09J+nc@ZW?fgrB00sE^%ajF2YTjp>H0Iy(rXL1HgZ!O5z0NQ$02nRz6
z@eLmYvR!j#Q<VwygF}*<d*33O9@_1^jsZzK@j4tLG6&^2h)Z<<f#H#d9%CT9egzo9
z>N1;n4E|LyKxx@BGCWT1cI=t~i1?*G(f_F@0k9h1=iC5uyz~}|1@(#sfQ**)Y>3Wn
zS0`wz|8P&_%Mo4BwkjvUO`)5VgEIJ<dJjNwg0c6dESOc1z;6*RwZq(3|0b+FzqYf|
zW>~{-^;o*#>_jTa`vvzv&}6024(Qn<aMTYd#YGI9z60RqMSTdOs)BU|Uk_e4>01bT
zPjm))uP$SkMnE;q%)j^8r6+&y34qe`zxP0?`sClbGNA5ZHtZC38t}991`te8CTQt*
zzZ?j3kHa8*PX%bb-ww3uaWx6NLNSR0g4%zuC7Id*LFut<h5#OfG#%IsGuRAwvl(i$
z8NR#;7+RZw(tb8;YZLapza?W(I{No1fFh}-e@lk!dw-vvW8eE*0^M{GXY(uA500EF
zvD^3wB&hTRvK)O1B&}qV-3J1QTw&h=$RzO}HdPT&h6tOg)C$O+&8Dg}0L*yV%p8E2
zrTf@q`apZ72mh8p)LyFow<HTn27gOzI%{?b!KQQnTVm4%{VlQSxY_);&H&Cf>`t`5
z00Jlv$Z<gFLO^>?<v@Fyu0Vp?>p&J?10Z`48EB9CVJDane+SDG2;U#bW@rH>Nhv>@
zVeVPL5Y1*-oB|l?{bk7RZo}VF0{b4YTu367eUDvoyvM#b#4bg$@3BkUXwa}4dnheI
zVVPY3V|LLENOEz0xC{IkE5$n>>@31vp8oIVh}WuNc6iff8V{X<prZmXa6t6n0q`I3
zERY_0_5l0`2?C)Zmji$;bP>o3;U5Cd|0VvfHh>lU*Eaq;Q~v7;{_6_<>k5Dd{=Z#8
zs{{nn`|jz3BJ;up4sqbuJ1!3HJdj~QNujenwu$O2vH+5wdnGs9mtijI7|0w0nNBdt
z+y%x@Pny=3PKdx<SdQg`mJ2tx=?36v{D9v@N43>%lL7@xaH!eEVx~C8Auc%$No?>%
zT*@dMhKBX|i^0+RC}VH}p0N1?>UZlaX($OrkC!OkpwJs=VGePkLH!j43ms0lz)5gG
z{NA`dtki25vh)CL&zFW()%9y_?l<4MtWq>D1l3YQl`OOj(c0kXyr6xYd=ODfNyR_p
zM=l>>q|fhWh9KlMfqZ%Ln;*iLYq()E>Z|mT8;vu;1^m4D6SokTB&};;)mNp_PW|gq
zXWK596iA6cUcMyS@7PB5cZ}lE?+vhmKMVOWVmOy~HMG|>62e7J10t)Fc!@&Qrr=~c
zN(5w@;{&HST<$IxtZ6V$zMRZotC9%g@g=pc+05ikO}yVvtgME;>%F9nMJ#@sMz#~1
zEm^q)`m_O6q$E!-H<UST01gl<6)1T0S@-_r&+qVhF80A9E)GLIuAAc~v@Z(RJK0Mv
zw^z@EQK^)oiH8MED6gekWdDNNILxnrIdf?JHSN&A>*sXBY5ETuH#oXb>LJzbS49Wg
z`H_lXSMhy~g$5MtX42Da%_?V~y7oQM?s;2cy*LH614_?ODao{T3IliHefbU5ZYLMH
zk!yYzdZnN^OVlN-Ywbn@-2bFG_C{b5O*ASD*6$YYEy^|9{g`ty;6tdbHc)LFj5<uq
zEijD5aI|+a@`tP%FFWZ}3*()}ko#+|dtjhqfKFtGo}qsOxPcwPkp2^FF6@9oU?ZL$
z1@?wD;2zTvPEv4X(P8i@_+wCdPg%o)a2$q%?;9mQ{#`^-GE)Y!eduM0vcV1j#T}uP
zObj-D7sq>XLsOP!`BDJ7&~yp*wyPgI1cKLQe+*rbJQe@9zH$-T+fByB1V#mWo=QHK
zKj{&|=vUasxj0<hlxtz@0I!Th1m#+XAbbH4S3!vgg+rn&%vz%uoRSm3C;K82uvG-m
z)=p^D9!mj-q>bnM{F-WAe5D~TDssP?Et!{if&<@d84vLEn*-qI5Y{-=YJU8ahF6=L
zUEqg?!zF}wp<uhufD7MI7;(^RTQxV@66ahG@FNJJ^L8_nO@zImSPj$kqcV<>%L`_B
zW?=?l!SsjZWq^y6o<rN}9@BuH_sElltyp1}h-}k3hbp-&2i{Evc;{NtyhFV^;N<|M
z;c0+r9)KLHLQMk~V2$Fv0EjYsHv+cP@%q1z`yDa;yu@q=Cf3k?a$9`+lMqFF;S;nq
zM^N&51un;|m8L!iRxx6#7<(2qKGdxs9LY{h*6O_OU}9O_@_H3NugS|aWKGZR-JAk<
zFaO$edT(~+0TFpPEb8L!uE(->ngrTD-%WmK@Y?mYfqUm!*@ut5{ewKWJG*7iZq5V3
zo*&YT{c|Ick;pm4<>oLxEMd!Wwb-d5tBS^m=-pIuJiMi|g)N{B(B}uOuK5K+M)?Cg
zR8o%gsSEaA3NB{d7Nybd;G9GWyy4qoV_?GIFW+u?zZh3iLXLgL&N>ysjzbn(kQs!M
z>Xnx0oj?x3HK=_N<|^}C&OAC2P7mbBR4by;=h0Bd?*liwHLkJr9;4JB3*uw(3rW`M
z^7P43Bd$B-roi*v`-2WBK^SqT2S4EaPxe95*Ejij$Nkdz$D(n0=xBuW1LZS`$Wnpd
z1RQGHxPBmRCH(Q%MkTLJ{<`!455bbH)XlXER4$@!*S+)RoVZ<ex`Z8hZb66${ZASk
zo`3edEHXlG%?(pW6A1HCRQa6d`^M%DbrS0`N7V?s^X^$cDdwoo&qH<o`o3MW{u3?s
zLzy^gC@f=yea4+0FU@?D@1D5&s>Xy7`PLK~flKstdKtgblF~d$*kMHLn!-;R2+LFq
z&l6eRv@dDZ9M>IOV5KIA5~XCC0QFur>uHW-#;Hw#?3_>u{_vuCVec_<eEc}*8D<E=
z2|C@CGr8hG?ddvqUUGTu_+kxVz7}fZ(!0Fub>V_D+>v)!0BF*L>PStPK9CbP@HoJa
zQFIdhq1_noj?hTLpyl#JV<LrNW}JO8M&oT<%JIr)Xr&uD3OD**0~#hAXv}0N_Ctx0
zxw1QA>YT7l;P4c_Z6@?RK^Zp4zkVjRM8VUK3nrW-C8})H)s7qyak~5CmO~tKnJci)
z)+rTog4Ml!+n0E}UhzDd>w<X>13!b0&E|fxt8`Duq2GyHkw0$1eK~wRc}uc4kH9dn
zeX%50Vu?Zd%|x6J-|ts~4sZup*kh6&aW&SuC_)nExX<Zs&g&ZJneY~Fja&w4PVXcd
z5My&<^^Zx(>K@*_Kvl>o|M-TNQRICdbxK!6lSlJu1=`4SJ%X=J#8%SjLC%31NQA^h
z7e@+1T)HsL<dtj=-VQOUefR0LS|UB0<#bno3Q>7;Vwa#7VT2C{gAOn91N|P3<HmpT
zVD&xg<RlId5k$4OONBBS6Ipz%Gj4u&W_i+26Kt?6&yo|jjJ96O@%H3>mS$Z5FD1N~
z61;L;jd%TeJm(AA?H%hPrD5^@iAhsWZs4A+-<l0&<~M6S$vN37PtTopMW?#5H0p24
zI;?0aR17>^(NCP#7$pxQ(+xDNgFFxmoEU`&$J!Te#JGCX2XegADi2ZffhSgRJ!b9m
zfvU7WEn<(<#U~A@N&(9!39)$B$g~I2Q_7Qq^=9|vtR~?uYVTQThec^{YA-Q~xA9ds
z(BJ*dOj1I*09BJ}J=R=rd>bBOD!shl$f_E$^_gY4ck+0{I!l-|(l}B3_oOH*z&$bI
z#|p>Na%XZnrGw+Vc~&K7<^iT{-@Sg;94m0*P<O+?J1t^%lg|f5E$Nb>`zwKeHa>S4
z3YR^_IBFa|WTp)D3U1-9vPx7u)-+ZaTS+`4*M|HRe6KYk(D>~0u7bKK?~bia$q*x2
zBsV^4%5;_`_@2d|X&?+~AoqDJ9vn)KS!}s&F|cbLxwQOa^2outf<(*QwLQ3SFaKGV
zMLD4D*_5J7)$2xS^z|M=n9^|HVgmP!xLr+1A7&*Ocju_X=H;3Fy<huTTdu5<%&_xY
zH|8*{)V7LajU3MASL%$bP^AynH@sXi?~aZn9)F(n099OZY?XCmmPKB!+%>NIX0(NB
zQgKW;p*YR*gaahJ2Nmz#dRpkKL*l_PxC;x2`<01Ss!)L<jzwvZE7Pq!b1E7{bI?_W
z9Uen}?(K3_GMdqTx;}0<1oRNiXtd`8UpW*U+!Jy#O5;aLA#%jRGv`F|TH;sr(1@W#
zw;Z9pMq;0ZAEGiV<X2hlKx|`gZahmVN~0&G5Hc+UzkO<Ym~$*HbE@)}6ZyVfA|woL
zfe+Ezt+GZehTv2)wGcJ$Z+_JNN3Mk<l7?b4(;FE5;ylf-i5$L%mzv+Je`ca20PS+z
zBiHRhhFXZA_qPkwSfOTHMwqN;YxYz<?-JkM#C$^Lx~uIx=v^wKvC7dV5Z}C=#WQkt
z-YyEgbuL8Qb2fVlwH97UgNzTq;KuhfGo?Q<M;#8UK<yk-EmYoLnfx}AF1)ih#{iiQ
z&rQo);qu8dYM-SW{o)y@_JPkGIPfV_aub8X^Qc2NEAM1=ew)X`Q9i$ppH^Hp=1&}<
zbiGwp$SNz(;x=rtM|5wNKU4asxtohsfdKXDSXFfTa^ClB#k{l1kg4PrPHL9bGqo7O
z6^QgjBkxVU;3Q5m`0~Zn#H*9n=MMA@8xQ8n=Lr`Vno4cqoPpuwF8Jj0wZEKpT;99*
zI)ckGc1U=^M%RijU++WWt}!_E*L&7f3lnwwpc9lnt5}$=u(81D0il4$6t5NyK?ewk
z`e&v5h>5~yypH+ylz}o^Wwo>+_-3cjw&%C)jN`N#vrbz+z#WXxZaK!yC2DE(WnE;c
zxj@2|)se-(jco_sDV4kgL87PF?*%A9RNElGOg^iPtf}XF{jpUZJ0VnG|Ld7B&(Y$<
z@1^*4S1ZhWR#g<JIIP;`ViK^kQy_`Yd!QYX0s{4frXRN%OxUW-$(!Y@J4$%KGr$^Z
zVxr#HKX-xoz81vWsH2T%9CwAw5_ZsM4^Ydd52&s@nug1{wVk`e3uwOpTF<pP0qW(k
z#^P^>%;2>bHGIFf`yfaUMkD;bo7V+b<g_ppmzwj^ud;j;wpjOTLKvs*S)YgvMC%?t
zZ#(9$Y6ZZ14nvjgI(KbSD}-CyNKhQ+Eai08eU>$MjWybN<zhLsE;ZI+?)UwSOYh2f
z{>3)<K7mHbiKoH*$6qHBZlK5F&9uHSM=`4`-tu-hb<+b8y>`5CVts$94q=B?rNsKB
z0D<SXtpZ?)Wxw8Eaav^sm9u=VcVokmi@TRR{;ByTcJOxS3wt-DukO;2h4SqkRbEEo
zga_;67Rv8g!9aJEaBNxRA0}&N(j<xZsr}U2!_iE?@0n4&xjAvqVLIox-ycftXVrdU
zHmdVqR6p<2@v_?S4|kozh1AE?o}%Wdc%+z#k<&PwItZw~FdH$MPLM?7lZBzFmteaZ
z=Jh(}l6NnJ6L&gmFx)2}8+<+hCJI`PVc?uP=4ZyupgLWbKO(*n0Rs7yR6P2e@ROZp
zkX-E4F&RLW#K0AKtkIVgpe@e5iP<WUnW6BjL0#VPV}u76t4oZ<I$Y0OWi1@sV%Y;`
zu8n@9e71WmjIA?as}Lq$`D|=Iw=F(682_OIB>~pVBS&N;1uwX>7Sy+JWgPvm-Uvjg
znWK{3#?JX|r&aE5rKVqcDu)L4p|+zKjWe^XmQ|v9=_&`Ygq2ugApG(xR-S;rSlwX^
zkLPrqWl=m>W~=uq6d)!fVvP_s5PtO)E4i=;%`YeJiRWBpnfJ4j0!^V+z9VwNeNUwB
zzQ)uFuXg}5qw1;b)Y*q;H11txUGuRGgO_@_$kbFHCqTTh{&PTrC2=V1j8Xbb7dC?9
zS<AG_9qwSG0GQYdA4B1UNXf|9*D(ouF;&xWRTq{@Gy@lql?9vS7#6m_P-kcqd}eX5
zRP}MfWH=^3rYQ(61wudbXR-Lvgne*hH<n5aL)sda76)k?+9XCQ-kMTr5$jG*#W({C
zIx}}_K$_XaM2l_V2B)f|Ws2Y_^ZC>8;{k7^A)+9Z7a)b0WyzPZKAC1ha;RA4Q~Fcs
zxudZ2hf|xue#pc0<t{;dw+)mD!+=J?v#^aUOG0-%Y?Y;|HFdN@5US={w+avtBN!U3
zaVS3@Wg59DGDJWpz&NjPxYSM`zN7R&`P3Cmtnz-_-&+l!vKchXnmAm~TF`{IJ}f@a
zpV7tnPpf1XCx;?-H1$FiHUQT2KLkD~_)P()bEVxHcM_BJ*4`{^ng70kLOvZqT(I68
z_W7v+`348Tc3Er=r#37YzX9!D3g!RD?zcb6gX5Vbs2H8ied$^ERKp4uec0)@0`z7L
z&t~LrfH!$vuwxb2?XL3U1iVZ6Ywm=-`77t3EnLlo1y;Esh~)})SZ^9!D(jw#aA)f=
zxdF2Mm$?@QibF@p3IFjakSS~X|7f^J5V92jkB-E%yW567oWVf9Io!aCKWmc!<A){=
zGr&#@0Wx}}1G|(5no=|L-JN4Tuq|hFxI;~LUFPMA^y%cnm0D`ZAC=^y6<1(Uj&Igj
zLJ<h+Utt<nl5lxo><||gVDgIC`P405=;l7q;7uu~Q>EQ&SnyB<8f1~I!dYt^P~}6Q
z`pUTfQ<kuu3F4<)E@W-}4|x{!uR=>iU{Wz)JSxF>T>R~i-fU1wE?zl@?+!b~rk;=`
z%63_Cgkk<Sm4~sl_pestV<F@JrL})`-u$21hB`1`*?$J+|1-=}8qi^@-wf7eGjN)1
z8ou}KN{tG8_-!`b@c&`BE)Mm>`jrVgcqx4AvM>Mb9lW1Ky2grrBTG!2KCD{m17^|5
zso{S|*hS@^C;ob&@KQ~}BOVC}C;a{S;Md&Wh+|+CxEFeqfad|VU0KmwhIsAlf^Wnt
zU7XjaFJvuy;I-K^@H^9o&44es9engX{?e*N7l^+1gqsA&h&_rukH&VyD$8~16IVgt
zyz2y4$N|CwmsM67a0&ym*{oM9R`?=3;&n`Cr^I7z-0!VAxsW|RNH7;-7$^pFA@98)
z{!8S&Ut_$W(d%&!l=mYtq4V%9R6oo3DodI&r3<s2p|hW*d#&9zYH{k~yhhBt#5WZh
zkR`1RtClZKaFp0FyT|FSSe5u<_rG3eTYdK|>rFrJ7V7Z`bZwS{`jvRb?-;!91YyUC
z`6A+DPZpXo1-uh=@_(F56a!Tw+M5Xt?<$NdkQZ-eJ3&cdr&CC4ICpkT!qa<Mz$5Jh
zS;zn@iMJT4z8B!L*j<iex#p#4CaljXMput1c(xwtetl}?)}d&yK#-VOWfJ`&!0|#6
z|A;KdO~ZdYvj953yG6)3Mp_bY0wLyn8B2lNNMU;>9a=x(;-^z;$6g!UiPC4m+OQUA
zG=BTydEkAovCuOESnT#rVg>Bpuj`7`c(ByWnIbD6D<2S?pGo|>?9lX?Icl=XsyH~@
zHw6_uXw*9tJ-oAZ*5hn)MQmi)gVAEYZx>vao9<hfH`k?r*EA^CfUq2_c71IH%}Doc
z4af}6y(!+;KFAwl3}k3KMr;Qw`PdZE0*vYR?`DxFz~xnqS(ejP7TW8CCpxRs;~`4B
zMV|YX&`WN2c+3N^mbT<_iJKZp1|pW4a~;8Ah1_BhY9h9&k6B2FN|WNM;0U8eohDGv
zQa1p%U%=nWxwW`{vR`FkN?9dd-?8DrV;z@3fY7a*NH#5BoW(I_Pj)`IK+CTZz=eN5
z^gm1fGr_O?otvZ3Fl?C8)0uLGpNcyx{OWuA$8y%vJjeVaun44VBVGOzAPg3Sx63k*
z$mi;qY`UMF`=dkc`|N|#ni!5Wur%+ZoZG&2IJciQ)WU4MGH;7Z=w-{QZ4vKvD<USq
zJZJS8Y+JU}GeG9~t<jX@$;R2--ySm>u^>yC$z%EOZQoxnPagIQSBc6!QU?M}`KoQP
zEZ;+(HyRDM-yd!Ud_OT!x8i04A>6am?`tM7E|?O;yQBV*VGl>0{YY!<!0=o@-1hYL
z(%~vV4WhPNDTwku>B5J~Fu01)vv118#)JlE^GtULjhs9uoG8;cn0h=z0WS^02bnD#
zbC#8~#qTn($$FyzF|>At1P2Jb_z^Ze?p6G;+RT{tWdh8W?@VxrgY~PSZ=umwa0%`3
z>)9x@wWj^-#xQJsD7nS&6EuD}?}&;V^I5XjEbDd|%Pd3q;_>TASOnzTw3p@3;tmr=
zI2a1Q_V7l83rY{FimtgC)f0rO*|Et0YuS~RHQ0eio35ZP2Eu(Wt5pPiR3=V63*A00
zAxlJo^;bCY7^uNme0EH03#SJn^@2JTwBfdmu-26EdiKlnYWQV#<lk<l7+;)YKF3!m
z!(2}W>D_xk>cP7>oR8R!<QX|Nzj2=2L?$v{tZ#JaE|lmH5-&``sVnbU&F@)eS&{po
zU`}h0GWvB$gUrKf6*D%ayH<#dsAZ=pgV7IA_bX&pSwG8JYboXVe2dRWAoZ#75c0iA
zhFOoseG=?({zJ(}9LWo*9lKQt=0-FL<TE$yARXl>jqdwLnxlwECH_sP;{K*n%FwFV
z7I-xTE6hxZ8?P40rOM8{#Hg(|J{3yUN#maNdd(}$)h1e!9Uh=k{$_IntSwR(`TlKv
z=?-e!heOf@>a8z6^K?Hm=<rJOGkx<UC8xp>nnkU$LII^&5jTG8+T#7e6tgj<kF=wR
zb?vdKa_@oK?=HsOp?XH!ONHL=S$&^C_Q?YG%qF-*>+&im;4Y@gP5YpKGgVTfmFP{Q
z7kF+w8F*7*yrDPHP&gLplOJ2dt(o&NBz6806{xBt_Br}WoxG>2&2F5d7YO>u{j7qi
zKfA^$N#d#@{@$$@s5ip{LR1XSyH+Hw-}Z8i=v{kY-2KB5Dg-Ij!YnH)_dO@kLJg3%
zp97d_e5h6>yy5h=PK8$PiY_hjc!ektJ{Ire9ml}kSY<W&bMrD+ukHKY_od6Htj%s$
zogi-i@e!bkBk~augXv-T*e!`LBifgi&(h<AQXuD;Wzi=ZSG88LTfRu2GVTq&#bLeX
zhL|7)-O>Z0dV~bjod2wRo=qCu_yMXt5RCL^CK@fZU#VN;hVtU|Me(@{nQ*<c&kHKk
z67)*-Oty6bWQ>i1O%ih60`LPp%UWffRQte5M2UBcAC~9FyZ$ro)g;h8UgskpF<kqU
zpRTqu(Gp-3^k$|Hvh9*EGzG;U-@bpLH8#hvBzOq}6Nfd!H3U%YP9%Ne>`3mJ#KZou
z(&zmw6Y%0?*ka*}T^iz(>eS<erB@jBMQ3WzSaU_eZCppWj8W7rSm^*DMD4VLhWAzn
z6F;{7*f{aqC`4uEmZ_iLj=WX0AS%wOT{j1NIr09)#j$v-Q#@mIB~dLjJ!vqb*EQ0;
zv=CMdH|3h7A6GjTbkO^;jUdYX%`b{>+haMhhku=HXX#azM$!b#rQG>o?oKr$eyImi
zcN5FRs*&sd)KgbWge72n2Xt!|6mkY%H|ORIpB?0q_w09sBq9JR6pplq3de1xmLo}C
zA(B?hBA$WN3*Dw6YQKeln)D+>1bmPBiunGcH*mDu3y+Hd4)_Vcjj9R30WzHBtkfBI
z7o3X~S@_*dr9~=aNM5lQ8{X4h^krW>=~K2H{D>?iD&)&F3n$oZL-5DX8I<$>J}qAx
zJ9&?|`sp8M-5Qa<=;=9s*ikSqRC($k+rFK|`5fcO?PITh)a6FjpGQF{Ip;@-Uv_vt
zYcLJX{CJ8+h?wQ0s-37$$;rd+0<h-yPh57jFOKBdk@9{wu*Atr2eN^_pvwHE6Y@nf
z>fI668w8Y5epkQ6dHz`CvxkYzkukK8R|IKY#sz9LZ(VWDN&(9Tj(VhgHu39o&f!yp
z<Co3V_9aBD*Ve@e7i{e_XTi2z+e!`{+R%wuPkov-L6lC~cSw%BAlj{GO^U`{cYhP1
z{F|#u3srjNM%vc-s-dt0gxy9jK2Jpkp9Mf`=M+Aeym80GDc>Kyn0(*a;c(Xyu@3}a
zIfriY4)40j2E1jA&vWDBdpBO2=$@M|Aae57S6aR(p+@73HXL@PO93qQSgyq~Xlu2Z
zP#($RSiQdJbKa>cVI?~&_ciyE94YKh%|ih0Mlg43);tu(Y+`h|5;6RQTc2=-wAaZ*
z8DbzC6_<8|o+A6E;VxjbVr%xTU;l*Dr{y<(=4T}idWbGY=bYm)VmKHLMvHB&Hnwv`
znoJ(128P(|&yz+WO<}!fg%21B4fEgJC9x04d`6nHVfdG{NH3x`h_hIMB6F(yhZNFz
z*RUXfs(D>psTZg(r_bc<+c>tk%f%`Qm-E{g|8<yCLjRMG0SzxiOk4WYn6v7zvu<a|
zegMGB&vV7O@5oAxzO}RS*_RxJXZ1l3aNs*4{1C`WWsFYP84%#qv-hi}|EcKOMLkay
z{sg{`tpkIq#rmUHP9cnD2)i}a02ZG=a253Ot=bPx;uQwcrLG8{MV)KPS&G;x!J{Ju
zL_6WavA)mOGC;=se#1G!%GC2KjHU;I5Pm8t;#a9j=V+?mpWVMBSXG9gx4eF^OM{ob
z!CijPL#kjU3QpqxB;OSE<p7580~-%pj^qLmxauvH#T)PjM*Q~ab~;g-nh|MPY(>14
zqu_qQeCNI-WdvaI#=(GK+=~UlPCp9nJbIw}0#Q6_CgDIG_rkhto(?~xk+=_5ua<D(
z!>)BK)$lUs*(~UkJtN(OfV4mSMT<BJEXnBfz9-hF(85j+_ENFOw{u2+|MG=Hi&z&f
zDjq0WMpM{l?T}F)75?(OKi}e$=>vXRFle2xR2GEJXL67kT-(9-Lkd)kzV{1-?0M-I
zE}^MN*zs+K1EQL{n7NFyX~KmxIl-Lj4jFCcJQX;4n<(0K?(xG=KB6TE6p}E4hXcR3
z5z~y!K0TEy@;bN}*nP{K_QEG|elxW#L&bla&hYDoQO5wM7vX|zK9<(7=A?bbIm$IW
znvsw7w)G=`;o0#za?EnfN;}3Jf6#$Ycrp;DVkBzM3sy(uc51(Qj(zyUfUC8tgarCT
zC>;8I^0yDdAD_zEcfe|CCpDmM5}g=I=keXC4COQQ_|tcRfa=--tt{wq4ZNR6^Efai
z{;7l(6^4ACTc!*})Hke7w|elmW49!$Y<rP^P7{U?*t4j4G)o6peI(Y-B$Q~lt{Wkr
z_k~T|$$6@xO^cXCtzuQY;MX}VX6fn&5Oc35a^&B0IbQFw<Cnf(Oco-xd^js^)3YX9
zw5v5n`K;KKGcd@v(`V%Jq9&6te5wkB-JWnWs5zn7*7Ke^I9fRi3l|P?4v^VXx&!QZ
zIt0ih{<snijlw~?3Tj`WuHn62bN@Ds>wryvIY8at9e+3Hd@95R_J@pa43cw_@I%1P
z43rLdClzfjjtVWvIRy)0=TZ+Tl8lBj<vgn=0d_sgb#Vafr^KF-L=Ky6e|7o(4ND|F
zkvr!H>pc6Jlh`_YW;66?=%=HU_T+U$fYJ9aUXjrc7I@!2J_2)&EmIR*M-vZ^Y3%7K
zDulNm^ma|m39p8(-xm-DJDjInWR}EZej7wQG|PUPlimiIDmY~dP}D9~m8F01uAsL+
z|MDD>Zn%BlbuhyW)_6}Y4~*vVz^|OdecA#cch_UTeNf~_;2y~3c~^2Y7=%k7n``IH
z@itPblw1@V(>T}@x6NIul$fLL59_pi$c>i_5Lx6N(@;+Gz{q>cCgx!J69cps#m2%O
zw`dm_r83&jWgL$_-lX_&wEv=%9c)`kuTwvfKsyhjovqjwwU|iRO9HD%W!Z>qwf8l9
z`?-zG`)Z);z46?5&M+Zg#FF?cQA`9<B2F&vcn6oVTm%2}>Oxq%g0B7<&Y@=k@itip
z`x!@Irs5g?M&>mmr#9zo0??|T+Tc|B`SDhy-rZo{>8n!6cDTA>Vh&KP-x&Pm+X~U&
zcwf|#c%kT#HN*mkyNpryXLT9+qpb%E4sS<>HBMHg?WbQ?Uc5p*J*MH(gO-ArJU&zM
zMl_0q`9jFkbv<_^$()LdYtOT6IYQk_bsy8Xt`>+vntm0+8JPzvLzNo9;)B%ieX!JV
z{d0cb#k!T8rsCV5$QcFt!b){-!7k~)S6DpO{oH-U0DWU#IwMN=?Q=z=MC4DnOD1@F
z#Q@)zFt4z6d`VlsZ+T_fw$VLcR^CYL?d_b}@08QwW=Bp`#kV(suN_?wdvu$)6*=>8
zREv<}6{!}P5t_+sl=!0j*rGdikBiU}wrs|Zb6auopo=^Ivh2Nn!FBHNZ{POYLEBo+
zW3ooy)41_%UpR@#koq6Kbt0ON0%8YAi>-mGijmTYQA7jpu!uvPoDp_NP!pyp)vs8c
zQVCKHX#H^MKh-Iwe>hy$C!t2;lcLY~bx@V*zA@*e*BiOEcZaA}N*E>H7>B#~fbd1t
z3>pKlJc5tY8CLgTo>?8p`&-=!1uvFhOfg;w86_T<P=<<0oWxU^&@T_=-`9W@XLZe<
z-h6*Ktx#@mxa#qwJ@qhk>Dy~LqwjaQ@w>)%p3=SvuY>x-j(3Q+%@czn17SL636g!1
z*(}FXo5aT5wgR@Paz@@@wC{fv#IL65pA_hq>=y`WmwSHVMcetl{q1%OftiqX(tLSi
z`0;qtgf}^c+3{E^y0>3DNiOdu7(W33fF#OQ0831iGy3n}|5pu^EwW(DgA3YX&~FQH
zo(eKLXL`2yjLV%%#t4pG>>J>Z41~Foqo@Rqe6#=kKfKjh{pkPmTb*He2!i4NzSTLW
zxq|)9WSGCX;Tfp7UE(*m;P5zYavFl($8&FA;RM$^eb3wZLy$Hf`yZ^e@>LWB?fLlk
zt<TPLl&(NYjYRyF`fsW6d{^`rYg1qA_wU~O@%~Gmy>NZs9lK7;{KIkYXw;26WoM&)
z)z^XFa*l6xY;?5G&Mp?$M#3-s^Kz7Z*82aSKQDdP=GWGO7g+0a;I)E{Uxr4RC>^XO
zwqe89ALk#oEU!b!Y`8yx#)W;@-daFy{X&IpH?qu`y`xK2V?HS?O72+m7nB+9i%%a5
z9O!r2&?2Ict2p@P+MZ`Dwa0;_@1j2EitINH&SmAX<RHAqp(edMlddnNRlhZMNf$gg
zdGs^Ni;;`OZ`iu8%J=sXLmr&MJzVOLK<Mir^5mfC$z#bDchDT$C1!}R+1}HOdPojM
z4ruEw$1xadm#f<5r{DfM`Up7weIBflW2>J-XfbT7v}OC~euy~v^kt)Et&U~m#nk4}
zZZ{Uu1#<De(HVb1@-z+_cj`ZnOfdNI!Fb`ZcU@YD;VKX0XqFQqW!fP1_8@Mbm;Jme
zHVN`Yo+v@z`Sz5)VHjZ4_XTzwy1vIs=hiNpM^mM}$>~-w{CE8qQx-oms_r1;b0eW=
z8Di@(-8$u)zRP*w>i&-H3z{3BuM1Y(gES@JsE*E4ki>&G5oqevJ!S8&YdrXjt6w|#
z>;<5(u`B)>d_Ft3XRm&EbKRoi9!%uPM4VLM_C?jfln=X)igoKcUiOr6*_{$!toiv%
zMc{p?Kdzct)%tnNb$pKRLb1z-)8MgEPMGG)?lY%UNlF>rx)MM7<yMnbUuwAZqEGfS
zdiV_E-jSishu`RFbbp`2qMXG!BONMz9h7|Y9o2geNlTqSBtyNJ6CQH*&0V}r!k?dA
z$$Q|L2PQr}e7XmI_{Nr2w)vT7Qir75i=$khCE6mZPI73a9Rs)}TvPK8<5%Mm#h+#s
z(Gb_f&jT77A&E*pJ`F#>Pv?1>vcjFBpg03d?RP6O9cqW~Uj1lU%U_C4pOsg!dHzpO
z#~-q?TjsB{#|?tmcR>m+sLwE!rmVX5Y5lI$8&&YH%`la+5+rQ)&JJb~^5UP9q@3^P
z{6vJCvRcU(ApJe%f}YZ<Xz@=XyU2RKLJiPrJ6v{f;QX-J9a;)_lUpBChdaC1(nY?i
zf2QbF<(9PFH}Vt8=I@o-S$H>w^6eJ*mXx*rqC#`ee*B4lV%wS>zrkWlX33acD+*%Z
zOBYWhJ|*>h{6;*4_LJW1)FHg?%^Hqx-|<rVyKW0Z)Pn=>b$LmDzGu3&LL8AQyI?l&
zumuYd{KNdktdPc&o~$YGyRJ+OmPhs-iv4;;<&W)1-#o8Qd>!ic#W^nOxnGQy@f#?p
z15}i9-hy2p%aryL0}rGRX!Ku~ljG0#*)<N!llIed5{i7u!7^(@p83;h@CD6_cqU+l
z`c-EzY9n;~*pg_C^{4$>(aMk0_Hs3xzt8ue?dzwnB|rFE<b^C{5$>njP%T-pR};jf
ze6N|}GMTDd3LBQ<9|c{;Q?K>x5x?<_DDZyC_>a8z4rw9rMmcoX{l(Ml8xr8g<No1e
zTMD=11Qc)Xkls;_OH92k<h#3-X|u9A=@1}+DIW4J`Jkg81~c4$^6U(!+G)1{{YxWX
z7>y&mD!tyX!VD)m2x8Fvmv!8TQ(Q&xptu3n_y1fg81rn{N-GB48(?kz-}eB`qX8E3
zKi7su@YVYREcO5GItW}F{O8&OJU{cCk$P&Sh`#4}A<SjR_u8Y-O6BLLn<2+kG26qJ
z5X9Y2gRem6J563`zdS-tzcYN{KevuvHO77xc_Q-4K_yPn6B4=eN0|pQBFJG}Or=e6
zRnB5I-Oy2v2`3TgPhCm8sQ#-J|1e$%^zR;Qf6Ieo^kc4auP+wRKUTj+;${9X+TJ=W
zj%QmGoxvekg8Kl$-JL;#1p<NK?h@P`h9p>U0>LH013`j21Pj46xD(vnW?u8V``quI
z`|bVSKkqQ~bgix>RjayIO|4a3UHNQS!2DI<Bxxvy<oA>wA_0)Y@Lls&ur6j18xH@o
zv26;jNPBzG3?;#rfE51G#pdNb`o8HTlC_N^404d59MOW`OJtlEzGQC^=-f+PynJhC
z*6Q%Opvtd|Viu5xE(x;IsX344XTkLs{(}=~F!1PcBgML8TC`S2*Zy+v(eGQ!jp?K?
znyhaZZokIZr9~N>18!Yz7j7l~lD~HfM4ds(FkXmJ5?P<fDQZt|@6$>`o5M#pZXlt5
z{l|JfnN(N5y>H5c(Uf3AqLIMjtA>H2P8qCThuoH)Kj^R%17E#FJHrv06o_l_`>tmo
z3H|6N8?Lj%=rrSe^0RxbcAT$ob8%ijbd4E}BV$_SRGp9pH(z8JE|(F~WYdaD?a9T{
zlU1M3SvG6H>!yyRIFTi$W#Ktp86Mlpvs<awTE1VTeOIidDCc<DR7B1T_T5#gwf$`&
zh>--XOOc#Qu=dYQU>D&e57>{9)gi^3Rm`dyCy4+zlw@Gn_dpm?M1l6+>L&w(cjs40
z&1Tfrh~JXvLTEd;z44*<Pz3=tQ1`d57ygt3r1^VnvS_CW%IUHnYT<2O1%a>^Yrj1A
zzI-ys@T3Bm2kN2OFJleMz;k5NJ^r-+7<ow3LV>*lm`oZW?#=R%#%Qh(E-x&!^fPRA
z^2M%7Vpg6ng!~+f9?tgs(>`?=^oj*Fn~IMv)>^x*9-AFE@IZGNT`^Z&m!!j$G^L>J
zhniqCxTQ_?{AXe+ecDt%)$Lrn-kr=F3+-;RLD6%ooIQNbQrYt^Ow(A)ot4Aettio_
z3s2F_g`<_i+XmrrRxdqg%8Eg2%%bN#?t}Uas!G1OtgwbgyYRL$7rY{k(byM#_7awE
z92OQ__Il2j!HP$Fdp)%;rsUSapGwm_w+HqSsjR365nz}Bc{QS&EAVFc=xL0GnPHsr
zN<%G!;uhuYY2aQL`KPekbXS~Vkc)CkY^M5z5xg+@pvsdt7kM|Yu^_TKn52!$&;~4O
znl|`-F!P~r+3A5X&SE+(p~M9v+Q9B|#6B9U;`aB6Ha2LXJO9b@Abe}gtP(c~eTR@+
zrygY|DevAIab^qJmhz291C`s4?=SZm|K&xyyWKs}Hbm~M6}YouGD3IduoC>6O;~O-
z?m6OyINK48z)ezJFBaF~EA<%J50=CMQE`J@1cu<V6J?kD1XZ+u0varBs(0&#;7n5>
z7YTs1SsB0mr#<Dg2m7v1Z$S;zS>g7&Xt1*1G&*T2Z|CyO8Gp+riCL8^c_IX^obl{6
z{$a^IKi;chjcB_RXymEt@FWGLzMbB0H@$?`Yd=clo+!K1AB5Y1wqanH9pf;3VA<<k
zpc_CMp*rW+uu=ONH{DGyWfn@39Ac~%{dFi@+1RX%eF&cR4ZPxq4I1ROzdWLtzW?$M
zwD0(LfB9lFVA9Hksxs5sdBPeYdHvJmLIP&b1F9@~nhSK%zf=Eo(SAE%*|xHHHxpiR
zK(*b#saQ(eiH@?touL8x(o6B~=`Mz4^J#RGq@dFhNvvh?z*{fADpuKViE12GY@4wq
zB@y8>K=BH!J%2s^?z4TM-V)qHmVIMpH^gaed}o^T5vO`Q=8YNf9uWFu-3(2W-?>14
z9an=7l)bGksciXMD-YAY?XML8okM=_k>jO^{~07mdkLN8Wu&T&T+wH*@{M^3ZLDLk
zZp3OLIpH?IOADCl9v{)w;}8Bck<qxDiAxpZEKo`~vP5XYi(5He_|85ueAe&RMik@c
zpt<`^<<FO^__|ykf^9vvLbaF|J+06Hx$q8A^XeF9o>FWz{|$Rq@Ij=;Yh&BLjF}QF
zZPwbmuKK^-j9HjR1RXJrMeFK*rLZ5!V%j>deW{}syqUxp)#IydSgXIt*vLyO9kEl#
z>~@c-)5v(`y=ExAC)BUNH@{qyq?h#)l5I8JZ&Hg8S0IwYEN)p5vHolFO2#La6~_A-
zvzsp(Vq~D=ZSG?Cz<6V8N6#5D@N<=-&3bxY`8IqjwGk;R`xF-F8#$7$7fAa6Y+wk^
zRNVQ{hBs&vbE%&3(z{I3H&zhFSB2MMW9U|)SBt>H_X$gL#3$n8sZ)7{Xt)j8O1(b7
z)THa14!F+L*MYj&D~l<WO3C)PWvV5^S22DgDu6u>C3&h(WdMQ9h<3V5@O5<>AD3ec
zARaxGX$E~I4*<j4eacS}Y;;@$3Vb%kV<iUdN|FM5NHR5*cpY#54wl|KdLxdtQnZ+-
z<(xi$X%23vJw;HM0(*VRRt$X+YrF4pA2JMGBil#jW(3!YcraOeeqVl`vkOOXRN`^B
z+HK|(ILaA6YLjbeDWLQ_n*AGN*xnZ=&siU3RzywHM&nC_Lqx1-#c!y{J9YNg88~%P
z0;8F|jE;^-i(`d8u~uJK_Dl@&$Zb`VgWc>4g5^7`k3Fo1TatoLDU~Vi%WrM)*=M&j
zZkXx?-SMzUG~_Lov9f>FoQ}NfM;YO%##z(I4=L1u=NORh<di+LY)LpZ&%{jaC^%!F
zMU1!)sz|TJC?dZyUkk4vSQd(0DQ&v-eL=aL^K)=E<sNEM-A!7H$kQ;6CtK(oYC#lT
z_-~AS21^|vio3_lF2;Q*s|8`TRM~lRh|a2LXt^M)vEVJj8#c6poY4T@2a%dg{5?{w
z#1bw9a+0kPVn10|Qmq|9VxZnX{CCS_)*gL)_Q=ED4A);HOB9})5xKDQ3Bd-IFTtde
zrT)Q}ij$rOsFVs69Sa@2A}+`F6{)jSzwZ>m1=}bhIaM_=aRQm9-nyvq0i_IH4HxcP
zkI5)&ghB@u*K@9^eS~l~`0HO~#{RGbk>XY4<~~-~Mq~N|P28!u5z(ttts!`vVi}Sq
zN<u*Av-@@+gHQpk)Rr$6jH{}L8erGzljxq|JI{_rs~S{iEZOfX(PQ*R1L~g3p0qL2
zOS1abr(?B>R^?RvkHkngj#=WDm}Mnb9Bz?%!5|w(4e1zp>C@}E>(F_bekG2;WyhT3
z2U9mu$NRN}8I-qz&l1D=G@wUEO9=I5=*kaaH)8q&gJy|iyaKZTM*-5rK5kaTTW|F2
zT-FHj^23`x`x!h)oXy4q)%8!kBs2>sOg#P+-hgoj-rz~P>g#C`Oc#fp!hP5{qv@|o
zTcG8I{Lg_r+~g|-l6~~}JB=lp#Y!5fLq*@<^WGbfTLAqLjlXy8JkmqNQCJ;0RsVsJ
zV4%@Sw8~4_Y8DmTV!UPxqL&tY81cwE6S2C<*SRlBX%h`~I%zU;#gi5m{E475VdKZx
zNE?Fk%LMmT90g$cMc2}h#6k7rKJISms&PnrJvnQC8y1{2_WGAcX;tFBjY^IAPpxJu
zZd}zTpL{txmk+W@$=-uzmoebwJ{_Fg81WDMXMKke5+Sw?-_c&3iYwFHvTns0{V=5e
z{vs*h(>v&8T$lOACeV-6cOxy1U33Q*r8j(=mcV^o5UI9(x2lYlxI7K=#?t)$FeVz;
zKJ0Gby{O<{WHE0=XxuwByB&(A$bO|oub7;ZDGY`qTV&2!{XO#FvMyYD{!Jyxy=0K!
z8vPC_v(svt<|e3<=9-9wmU?bJ!&yVJLpdoeAqgL^C<)I+QbR`k9aKXS#3}nSqFMVl
zdc!jo+Cy~~np_$UnT7Wnl2XqG!nXo}W!w7J4`cH7?x^w7gO%x2@e5MbL8gv}OAp4P
zIT><|X-}^Q5FXypN}_R@g%>;2rj+@i4Pnr63G0UrU3Qu;Da7X4;}RX)-K!LKv|ewT
z&}V4IWm@ESs8>Lw7(NNEq3=8JD5I<(@#JfKpUDt9AvD6mXh`t2gCUX-npAA$&JFn$
zZv!T7p>JV~)hO_Ww=Hc!ARkf;I=lsJ@`d)_BH$Kzlt^CufFG<g?L4`C&4kxr!@)#q
zw<aH*&oG2U8x8F?^0xdUKYScZbYU9f_QdJ)E2AlK&^R+#9(4>NKdSQ+)AY&L^ylL^
z1K2f0xiibW$G`WGNk1w=6$vh`cv{csw=)iqNwf5|$){eReRx8645q|ImN5X+ba)Jk
zLNKmD#~-f0&T_r~Ib0e|H%ii;Etv_A4KAGFu6KO`BEb(ib2TM(bh&2u6)YSW`|6k`
zWNDBZ^o&JXP#YJD^Nc1Kn~=uo(B2f@j7uJ++z~4lNBx^6CD;h@&=qWq5E}?ST6Gpj
zxxAhiXn1n`KjRX5<O)4ITnq-s*E@)Dd#T_&UitU_wG=Grg$ZO3=<)b>{xu#>cP|@p
z;DC79S$WGi`$*7nL%1O#g1|o=#K+OW$z6iZ*2BX^l#9#T+ndvykJH)BhKrY*o0|)u
z`WK3*kAt0){l7!x5fKsL`X`qTVrMBqr)1&m<ZdEkW@%$3L<e#9vU0O_aP|f$?JO;=
zoaiLQ-93CAtR!);IA6J2d#G7kXxciONLyG~IeGA#ICwg~a<()P;5L!Bb8vw8<6uFo
zfrKbMw=ka^x3Cxl2P+T<OPuS!c!;~0dDub#sjv8jI7Ng+AUxc%yh5DZ+<d}7^6~%w
zfc`fML{OMhM1Y_7e`g8{0I)FRUkLw#{tM|};J?56-%0*~gdzVYJE8vu3H}2K3j9kn
z&<KxGg!uV^q5`EB;)U=F1LuDV|Hw>4nD4O?k4a%+q5n$$Q&0U@f;^mjd;$<Yeoh{K
zSpgAFVQwJ^pCG3Yz+FI?laF5z!Y9JX$1A`G5fB9G2k_?M6c&UC2yhBKR+gWWPlR6x
zBEZkdE5gGE;RkSd`2d)Yljjjvgp>a<mzR^9kDDJNzysv+0>nH343q?*;ujF$fe3JO
z@(2SbK<9k?k3@X@0sxi>rvM-xsEeQow+KX#my?I*f5E)GybwWtP9a_ueqK&NprZc(
zviy8Nt@!~6z!VS>fB>){FAu<1gj0|Ys4h@get}0RJb*&@1%MI*4Gfe)P=r_LvE;l!
z;<2o}{K5dT5GUWGCIO8I{-aR-N8JHe`2ix}st^wV32<`r{8KG%0RZCV6cBl&=Mw<{
zph|*39r!qfgaF;~2>}F;nh@aR0fg`Y!ubSM06mKUdH(>9N`C~nAIl8+uU7d7(x-!1
zIGDKuJ?#JUW~YO=d$>8<TXA^XS$fz4os^SLSb(1!=tGY^K!WaHU4V{D61e@nY$X4?
zm)#@3<4+&(a=6Fi-&q0P|1mE+iQ#{F+2=he8;PXUA9OdiKCIy1JHK(mz?G&IMzQ9m
z<^F&f^7ti9JJT?g`@&VKBm+ltwQ5A)#!lR#Dg$)|sljIw{n5z%&-^`?48A^a&Ouzp
z#UXC5bB3DZ5ID|~i}yiyJD01MhnGApjm^GT6HvsB!|k$($?a~t1Oh=bF>*^Eq<uel
zesuWBL=fS7c67ae5A2kq<x94bgM4=dgA1VkMR-~qvb!<4(ol5|ZDq7?Eu(;r8Chl&
zMgwrqjnHnqZykvf#KNwP&YW>TdsQ*}Zz@MZTt7Z~*u@n3@JFOrF*_#3i`+DhqhN@0
zQAoMdAqve`S#DVnw;)Rd=CuxK)L4#FP@GM%ENE0nWTnWICMp*x$Wbk7um~5}Nr?&d
z!Lfe8?rOlz_nv-n8qWg_bjgVRFjGRm?QNPA8fpm|ijX)M7Yn4Ys!mQgLkE>JYKRwo
zs+idCH|fdze3z*F3^WYcx_E=H=N1f)cG_tYhM|Gv%t_QTe<rV`O^bixV*|yD6!;!m
zEc>$9y2z-JEbU;xtolQsEJM}B>X)KOrVMn)^FRA_<g<PWpmca(+>6Unfw`Z~!vjNd
zNSda|wlHDRJZm<nLm03GVUEMzRgRDxt>`8~Pu4%&Ac-G~V-_?}3NlY+eT;3K9qPm4
z8vIerd1W2SwYA}wPr&HU{vZkybXy!+W~BO!qDiI{pMb?^7rStiiIK>w7spu^yHpp6
zBMU-dzw_0D-<sl8P*Be1StCm^(EV|q92r}%MxF-taQ$?&m9n>0`4SVH@-Jul@QdH!
zeB>-&isu{Ck$qy4@N9HmVmzKnG+tu-nwcLVN`Ch9RPn~ev*1JJa~>Q{0Sq^RH%u-$
z8K~SMfUDhP64NwDm87w;^Ao$T_g$(17B|^D=#9N6Qff>CL60iUsklY>YwT3FGjMND
zzws$mq2M~N2=*(K;Cb=>D>BDEJutQs<?*xo{=H~HLPr)Mw%lOKW4gU>1ReM<j=8i<
z6aS>4X{qAmnV<y!_->7~ok*Icco%<A%N<=_IUl|-Vrwr7_6S)~J9MrQ*+Ow)R=rL{
zPoK*s=n@WVnBO}5TcXRObZB1Fxj+|^<x)j48^;;n<%9vZ4BkblL@)W_oAzY(%gN`~
z1(lH77pQDn;)#Ji>owf^D@j};VKj(~6KLZs(jSWos7Nf}YNxLAPh9`U)n2t8PB~%Q
z+(`D1t3CGn1*qkTZ?Idyck~rEz?E(nU6*Mfcx<mx;5rkPIS{_k5>gL%;I}6IKtUf{
zpduC1$j5?!YyMmxPwMH_ef)r}1ZX*O!SqXFe5U3RVJ{}&X_o*z?GRMNojEG4NNv?R
zS2(yV!U($2BtKuzW^1-4;8yTa+6~8uw4NC^AOV{S-ymk<=cA{cgD8m}S-T@UIFT!6
z2qGeGYV8E~J#)?rPOPYfw19|%l!#wd(S~CVMueIqLMPrGm+4+J+&tmHQ2Q8al5K$k
z+jz5&7bi+k-K#6~QTF|OXXl7e@UmNvos|0NO?x;`x(akpnO8Lf>af$-JP$PqX1wG5
z%@&R`*f9->f$MSa_7LyC$y?^ch>}`LKPPK+Z>VRS$}z}_P^ES^Js+V_k@o%r3r6D-
zMdAB^8~x*#-1`KcTbqWM-R$>4TN~ehi@ryWxlN2hrmq&rmjSy!eS^Q~6u57hAIwq$
z4`P8EJCx7MC@>LkM#KM{A6~j{bRbj)bw9S#WY`mP3(F&(q$43P?6Td*z?Alb9d7ET
z%+c@^-sFpk=x`qoP~Tf(Zf1Fe@(s7&w=E6;28hT3nAA%AZY+?h<0KswJ8TSrw6rKW
zEV>&UiJOZzgd|Ukih5VHB_MCXCLm8G#Z;J@7=<FS-aF#^Dg<FyOMfd03(AyO6h?je
z{AFlgl@ZT1I&dXgG&KrU;+cd;$%=5DL6-q!*+d3?G=(#AFSTK+O4F8dMvmBj8Mu^%
z*JwLRR2MXCqt*#+Q<$u3Fytl+xtVp;oZ0r@1>N$R0~^erzhEUzu^!rV4R0Rbk{5OL
zCmSrvSf)qy99yCD`ofU2%vZU1cr!d1f}0DapWaxL=IXYs($u9Ke|R5^@_=!jf_C>L
zaF%654bCD8<4i`|#f-6}rUxAn-%o69G+$+)J=728+#FXQgzkC;%QqfKN_EcXBe|Y>
zBjuUNbqw^(#ggPbj9&@=cJw-aYn_X{J)!BHAL93=K5X!6wne=s0y_Os6v{$<adV@$
z4H6X)WM1*%j~9vVnKsOS72)@cet+D?`%rduxe7T8a~sC5kq9SS{5&sVF&RA9ZxO{^
z+SKZbi=IgCeKg?<|Jh(!>Uiue9RDg>TCUtq7)b{jebhKl%Vni}qf23KQ4oULz3t>+
zu=!B$Ny{gDn8ybW$Di=`T{K%P9Kq3m`fgMhyO01_GPgDkZ@L;s<n(Yla}-D~ICZ4=
z<@}E8`f%Q2jZdlFy}UbSK0p%%#RM9ba@}W-hY$z&MpO}}+0$J@w3n1oJK>IFy5>BM
z=Xx8|`sg!cHwd1XFb)5CLzQ;r9Jxcg(t|<fc<P3G1gsD@clW2W2jf^tl4R7v#GEGu
zR2m*EZV(O6LN?<9Xd@l#6~2IGTD9;76_I}k8D!dbvW+W_m(rluyp5eKr|~NGgi&!H
z(2UGYtpBS2EEz7Yu?G@^Ab@9Z6%e~1fBxx4Hx9Wc8;CwW4S~k%Z>IB1{?npTvi$H9
z6)LILKjP#M)$XO!-uDsr2wkT)Yai+9#DZs<S>y!*Yj?&;A7ZQydgFg1s?J3$g$hZN
zOWEG8!E;WcpZasQl~%#Kp4Q+mM9e5@_^s?u%<bfypE*2i;7?1Q#C||ssd9*iC&1V7
z{h(6F<L^De3sNr;E?O3K>7|@+%}|76r@RrV53UgVoB##7cQ1F$s+CKP@2&5+6x=94
zU#K-e7J7US1bmoTP=)Hh*gn3LAo4yyM5|Y@W7go}LC(%dQL1Z;hgh(S26>_l+52h3
zP*)DO4&*c>E6zIB8s<BUO9Pko=Ei06-B2oRhqEYYrQ17`@sS$|(U|cq7o$9<joo+l
zN_dmFxzf?F)Tr-R^B671A}Qq3w+0=~FS1L%mDUi|FxI{U%^L_HavB&95|M(+sKhCG
zsQ!?#J5R;nE7M<z#!fBY-NmA=Y;`R6L=KM71VtU4p5D0zS&XLJgUaR5xx*5y`{lGl
zy$|3`&4K%_V9sT$0(#vZ!fLm%b#k{Z7O3T=_2L79qy-@&|4=)j#_=mFJ=WAMPx3Ea
zpFoQ};V;=}SQbz?n<LQ6JUHjL1WD!8-i*HfZJ==IFp_2mNA9{V@PjL=2jMtL)69Y9
zWLstb?Y!AFz+XiUw~xUNL~YOc<L$k}flX4<h=}kOZxN5rkX-cDSJ!AWtY2Cru=nFz
zANWuaHf}F}S%*hvevhSohii&m>g+G(m~+3kr9yh&{<OW?GsJFT{8K~hIpiRfwBwi6
z7G0@~-PNDTP6TSZ{@n`cE{HXrIv>{*^v0#U3AwoDuJqF8T;<kik&C~f1iO{=uYPn`
zZ{_8$`-{VhIlkyak%ISSn9<+&AmwtZ9)L9PLlv@*uB%!tAGd`;ppk=|N@yQ9iH-o>
zA^}wBLGR)LDeoy?>7S8wi(=$r7$ApY!T+@7j!pF4eZ_8~Xfml8@QmL`#E5e6QXjN$
z-=g}{M9+?hE;_|nbJJ0;?la#}u*2)IdYGX*N-|Oq^($yTB={01?*?&)zr6M9Q<laT
z<Zs9g)KpT4y42lX#rxe!wc9&iO%q3AGN}EXlh~U%;(_5QuwfjoDaPI0!Lh`#$vtO?
z@`AsOhDS}oQKw`~rwpfPOUiUis@8rUazsbYyVGn>MoIgME<0<mMag5KbAzv_F;gP$
z1Na-pujad2v!!p@pZv_5F?H{D+XmfUZR0|YRzzB|U!YG0Y`sq3Op?raAiJPVAzz9D
zXy1@gxo<oWVmFgNRS1kZN^UnJ7~e`o#m>deMG}R<W1jkOmOlt@-ZdK%IxZa#A%(q0
ze+_Pi-3n=)FV@QyjvV+CF8Dk#MM+uP`a$D}+)7Q<8hmvKG9UVKF5$;#&3wbA!<6m2
z!#A5C3fmh4pC4tj<X)GJdv8x!7ljvu-0GmaNC0vcOOYd}1WP2bYZ(bIgn}P-U%*%b
z8Sg4Lv0cbCPvNhmol=aX@}@(z(R<b!QzYXSw*x_cz9MfgOALdfKi~S=4eFm(s1xbP
zc~{`B=&#YX`4#Vv)DcP41>m+(2?ru>pKMNpo4n#e#?GUEtXo(aY>6@{dGhZ(pQx^q
zpDqc{j7y7AB1bF;E*)^o#w)kWe&UY@YqS^gE<XeedUVUOOBh~Splll&PNnU%HgFtb
zj)TwljO)8qV?xWp4nBKkyM~2n;5tQ2Tbc**3ZkK&4_9B`T{)MY%j0J$@9>4!NGp&@
z7hda$FZ>niD(_HXf$2F;fd{oOIkG=pj#Y@l$Y*v1KfF4fCx~^*liV_?z&cq_&grsn
z6k#)t^+_!V9}IG+S`j#1t*9?s1d~E8>^|z1zbls$9~_sph6?JfWL6><2Z?0j<|-TH
z#OQte7m51n#7Nd5q0dDYEill=95gn5aN)QVy>gDq+=`|O_EXiuL)Qa_&$-PO{v9(>
z9C29f**u>yimw0n7wDr!9Mj#Od-PyDWm(IrQ1>Rn*9RS@6t+2YNcsf6!?b0s_~I73
z6<$mwj~uF3HzO(CcciOn?70GlQg2Hoc%u#7cieq4OH>@d-(QJOj(1r@d%rqzma`6$
zE}T|q$B@<kj&(Zlf^|plz-Cpz&AY0(v(rKP(by9s7eDid%OnWo=>(|7LeMJT#`^!L
z%^?n<mCq;`S#zBOPlCikfQ~P7tYRQ-fD%^Xq@49a45n|&G)k)7cIs1@W^#dQY6EJj
z_97?b;+`YxN)K`ROd)Nsff)LDS1l((|B1R1wF0aXle^1vO(qIY?cXpdB0u3%&gogN
z0WHL1uor|650~91UXKk(1R^RpPJa@^?k132l*^E@Ev8^3o07-u5F}6dtKEcbB@gz3
zk#!z<-xrM=&t#sIAxE2C*wdnAqt^I{G$5N&>HGeTLQ1e;lML|M6eR!FUtA57mzKUQ
zg1*VBXd8a7GjqcoTdUBPcYyIxweoV)nPMDj#ENJ~=Xu619&l-cr7>0C9m9`YmWAfu
z3n_-ylU3X!Bz4hA`-tgR6ibsNOPMm*@2%ypA9Sj%eAkJl!M#;VUE2W?xq7=yJOiB#
zvnp1ch<1{~4vSejV8PFXB2Tj9k)i<_0wOv&zICc=uz&v30N^*EJ-@EX7veNdJM<n=
zGEsd!pQg^(7*R<gQ3SfyF*pQv(P2p4wTPN%<5J35XHCLQMnFM(Ad6YQB#-URV*V#~
zRQH?kJAo<38$@drE_e2r-PW3YZ#I>*$J_pIB+IRGY9*X-+r42L20)8;1C%#Hs-Agz
zP0x{nZ_j8YnS#yV7~YLmd3!Dghdfb4g)oVxiwUKQzX|vy-F%-l>~eRPup9Xlp&A0M
zJf5#FamWvjl_9rPiPPtg68Gbu;mC6P(U1T^ayqqpa=p{+#N_9VeY+fy7Cou<=a4tA
zXTD`BVz!>8<1kSSn&OyG)wn>9^g!W|rL{U+g=Y~TABCl0CN$bWF3}p(5{!^X&x(2y
z{&ZqPX0<Z-4f0z*m$#a0Y2DQ<5`33tNpXwNEC>#Nxo8N@)BC>TVo!ELMV#K|cj($o
zE_B%;or9!x;<K^J325X?Q(_@4vi-k;L3x>ebL=qSr?U+bnh^Q)$9mRYTa9CyJ_*&D
zbr}uhM6~p7$K?mCe056{g3e%eqlX3hu~hziyUf4@M=|gCpuX{=;h<MMy-NsVCDi9Q
z{0U<-)`kwBj%fa9I$grAUh<b|d~x;hZua@kAad+|Ma-97(Td2jpjgc8jS!igx_D|s
z{|6dcUBplXdH15^SUB#fio2`#kl-50b<x<`5hNA0Y?av1KO?bdENE$(Wr{CB9)WB|
zT$x(re|v-{rsy>na>)>km-m1va7%+-4HJj~wG3g?J&fCW;Zwb$-dtwNL3!wZMdi=w
z7cKKP$r`*6z2kq&w}j=@?uk8%u`wTXzs+n;n1c|3KSV(gR(JkIhHa+pxqMD?**TNB
zLr99o79O`EUrqVVH?&zb6UF-oWqTL=qCe<?`mfT>6}saoUvbk}gP$+wjUj-TPwwl6
z=QoA&h%<aK;g6vziKz7M@m=U)ee6K+kNjaofmK&W?$dpNJc938HAw88BD|aMJ|`N^
z#GrbfjFt6V)*G&(nvN>|87q5ZuGcz&l98Lu^^bDNu~PZo(BhCzNse44N79BebSd!O
z85b{=`pM7dIi8DWe!BRKWct@eNdamBRT}Y`CQsVg2ugBg3Lqlw#6hcduiez&%zMu>
zwLnu1RiCu`FcOD+O#ZOpA-~JCbd#C!PYjTV{vabm;y6o_C;KH)*al_qaQnhSh|Ubr
zi{Vm#_z7DXdi)ugZ!mhB3vtO$T|5XA5Y{6xlYnK)`UV?D+voLT0<l1US2IeHav(UE
zu9*N3AhRCDu>!b#0Pa*JwG?iC3-s-J0BE*7;VQ1SdBGvXuiIZ%IXQOY#3`z++(%wn
zL#~=x#jBX4*@8sFY63H!YG*2TCfVo9ixRrT1t0_%ZtBnM+koeFze1|f1LXISI;tJ_
zRpn!m-o+{tC0SCS27Aa-5-Jm&+LwGyEGu1!JB&zCNnvH{_v@8nLo;lg1wX9RaL*2N
zTsJQgNaPVf_9!}+iSS5~vOs!j^ugE)WtcB|IJ9gNx6<ZDKV?G0ESu%$h}BPxfM_C3
zc+ana*5<&PDFSyFQTD%wkW+D^BiPL-W<1opdFIt|Us?XkLsq*VD={ez7O3V)Z{C77
zKK43^aJhGCblVn9lKx7LUdcHpS11EQfQGY<8$bw9n{oO1+YIJE<AQ1{V$-M%@8*l4
zrw{L-$MhO9nR9>xp&$U3lOQh-K&mV>D*^c*gx@d!D+DOZwux*QnS`&P`5V1B95}!J
zjc(h0x#oLBVp>tC9y~c_Xauf-$m{l?DN^UELo0=Hp!c82fe@f?>eK6qoI~JIEgAiY
zaOOqi^Y=CQSH}iTeZ@4}Q3nj?<1!9K9(bc-uGjMV5mQNr;9gn%h(7?L3M>{zLZ%~(
zao=I+Kov5HzswzTor4l&>gIuR-`PB`5JIDiP1U*fPXw@1&<lsd8tdM5%7-%uB<zWj
zfX<1A6I*eR2?~-!iJW}8kU<pf?6Ix>83_uDnjM!_CBd`8x;9yVc=}Ef_I5*Vy-#Cw
zwMu?8?#C>#=fPj_Xf&beK4iBW<F?KPN%-B&t7ki5jwt$AugjcweKs$^9&-6K`H{PK
znM*gs=P{SybJZnn^5#en3=-xQ<WyWL89g8Z=vFpI`xpWI=#w{#m-Ta{8HfNf<v0PZ
z-ly$v*i#J}P+?CZI&Kzt&ZkB0@i(B0_ta4<%Sf#W5+MHPsI#deE!)rA0`{0C7bQ13
z?iCLC1?yo{-qcxjZ=4XBh^w9Ut@i4N)`<~e)XVExk^j*EAlJ?DDnj2V9Jhu#gy+#M
z{_o>|nNuH92!LhpkH^3B{PX>L&p)Ui;P?&Wahvdn?)yUE^nb3e#~J#UQ$LHx_IW>1
zn0?EWtu9jvPT}a)4*4c2X15iosLq{1^XddjRY9zR7in~P4g@&DW0o(8Qc<hvGeu@s
zUA+3ZNtH-5XIHw)4mvW2ejjOhdR}?xsOji<Pqpm&wnDTew5GI<0>9}j8X;ObCni3v
zyysZyL|Q%_WfbZsmU_Z%Fc`uGe7CU=9N>z7uZLeuaaCE}GaVP{PwgN&oJS<#V^_Gr
zUAWs-r~y?MBV55Ji!^X7yJs{o_WMXnD`-1>;7Iajr={=n<`>_n$hU3ZK+4%R>sJd%
zZ8M1*sW$AsaOAux_aEX*Oh{sduZuf0*eaGNy!+6%9hc^?KVNs)USx}#I4E^}=UA#H
zV~b2qu4@$|d*0ViMd+8=HrkGdcB%qT5~W4a^y6t&{@9i(`TLWemQmRiE(5=mvxAw+
z;37rg7jB~uT55(}_CA*2z5w246va!`Wrp^T{r7$mqz5@v!<&uarJIWHpA*}ptjT8+
z+F0c89oBMQeYm*Bum_ts^rP$hEwP4NoUgWDAMXVt1n~sZ8sw`N`n;LwY5SkWT`BYU
z7U<53wWhLb<9%Bgn;P0N1{OYdj<L&fm6_eVHD10c_AM2+h%CAaemI>yb8bgWRNzp<
zgwY5~ly($@vlFb=`SR5g(D{~PNM#i_Q*A98oCdBl>T`3fD<RrJXF0(E2z2Pp-v^zr
zPVq8g1@t>%Xltuc@yMV4xx4$<gG<F$)9dGMg<ITJ4S{Sadb&IkkuY%nfPXF0I(;V4
zGRfkwUxnqh3TNCb68`Xn8_$Vj%FoJo+*8py;ciPvKdj9KHTHZB4RI=5(-?vm+a-b&
zQ#2I9*)qSPHIRQ|x_AZ7Y=|FAjEg5ez8K!xgT_kUVBgyZ@gwS?h}8)i1SPN!!xdEw
zv2c^Pk53<lr{xH4`iYQp0ngYmuX=04-|!+T;dmE<wwZ7KTgZ&7Iv+nYZhy6JGhbV7
zCuKZ)wscZr$6CKBFOJh~dVDXIL;X+}rS3vO$gvW|@zG*aGPD*}kxJ@C7$ESG*tCw>
zuYe}dyzX{Y;bY$a8-(!?5ak&~$Z|YUH0n_0G!{q0Qb#V%_`@lI4$b(MF#UUz_e^qA
zk4o;BP_i9KU#_rD`9I~eo5NErE!_z2mf51h)lrAlFixgLbH-6v;0fL}Qp-fEz6PV^
zOnSQE6HnT_LJzGPOw-lR@&!V^=`_0s@Ohbzc~9AD1|d1Zb_%-oqU`PR^3~GFZA+8$
zbr0-$^Xm4fRZnLI#V@mo!Ovrxde&%k)dQKgBJJp$RBXPyo8wXEEhl<USLx^%B34rR
zx3F2LI&VGYt%(QcSF4^VCbl`l<$)ZEr(W<4l%!O-SAWw%d}(?UWMjp@&jp_fI0y?H
zaCk)R$s#9zjb(Qa5tSDwwkg$lIoBZU|9yiTwKlJWlrT+AvzSAb?wPRgQp-5cOmQrG
zPMOmimRGzl_yRXiK^w`V?^(fxWAzML*0M<VM0i8mY>Vbg*u?}Bu{1+9@+aH7hFBzL
zw1c@`{6u{7x=84vv>fcbrSxnJp9<wYO$vVEq^jac@Cd&BUiSMOUAgNspbpuupPa_H
zD<hxjtgF}B@_eJBn8UEN71B|b5D@&{VoZ(dl2tbUdvWyJpcmDCrI&5phQ^{&y)J2u
zCd>5Qe6E*A74>#K-qaO{bSfb^vH!F->4noeM^U2ye&ik*9&xZ<m$g>m0HnE`Af3Z|
z(cE>TSVL1rUi@38mWG%%DgL|d-rAOU99koJ&-|PGs#n;d?g_s*(DSTL<&bZJ$PBtF
zm=rbBonJ^M5^JRy(XTBSZ+lC2dPWU@j{Hhzr)7QZ%N7$^W)O{Ja-|w(U3!>>7yZFA
z>hSQn7N3WT<su!+mH&Z?ZCwj)7zLA6$S6<3<Vqu-F-M1kufUP2(6GZn&0Q;Q_U!4~
zr7Wk+**Uu_e=70n&8Zf#Md9k&iNh;VAJ&n2-TLjRAp^TiEQ2zGg^zcw#z`sw@2@&g
z=R8+dhpE;sr+DY5SKQ8@{gXGy<|_jb6-uETHjCzCa`7w{B54jYA(;nmVKK+(SIjfT
z&zQc|2?fsuzsOWj4E<j25tTdktZ!?pkFLL6Lr|q@fJ|~uOk(ria(I7IEC1)`eH;J9
zuP^q11y}>v<>t3?jsAL0foeqs0<LR*9qj$sA`BK(8arE-GrKS9Q*%)XG|+Td9_X0S
zX=0sS^I8p)i9$c@`St!Rl2^~Kt@18|5Y>r}aTMCJG}PQ`ain|P%H6*@Wh77~BYr5{
zkHI9eR^N!FwU97mb?A?u(Wu9;GbYi;ebWDn*p9IUNiWj%wP&iGzJLUPYd>9sFQ;$N
zzKmK@IVDqHe6)VdMlmV0P)x5STQQ>N{ib#L=aKa&lHbARke|G=x@CJp6*U!6-P|7W
z*)kekIG)+lq5|{Vp4F|=7n2db#G53)H@YLyBrJ@ZY?(gR)CILa(eT~sYU+Wz%G)d@
zjzC^Z^)~fno63g*#zE55X_`a6moho^S5wcgj;d`=qB{1b-*R--pyX82wAqGcV!#@)
zM|aC*vUfO$q{Xo5>B44za6cn){Q;`pv=l72Gy_`?{8TjT?nfH@{Aso!F%-2}eAztk
zYiKncn@lLjG?P49tekg$_ls#JeIK@RI!(Yp>KK)(4JvWoW+cSVy8VFJ8_Ttjy4AKf
zjZ&yOcN-)#{=PIt{rbItJei))xp7NNlMK_HEKt{T1_SIIT2je?zMZdDHmGQ;;-NcS
z)gT>``VIE->kA7kIcL?6HD<gHwPQ@gs6@X>wDd5Zh!788y~spOPPGt8v=_q1XDFK7
zpJ8q{%Qy8Hb!2s@9cS9TH?+Sj9+YX|@%>swoDa%i`Moj5-fo5tFvEOoKR}wwhPdPb
zSHTY<^A_6Ww2^_nIYFX2{cVCz8_qYAV{aPN9O5Uqw_0}fL8Q#oJQalo169w~mYo0L
zza}J}3xbODt}&E<jMl@5`OM0S|EZ9h#_LC$2FLr{6PaByT2G6r=;kMW2A_V5(M&U4
z;_--{eGWkDyzQo@{Z~7=0gCLU0@~@e`~SCgf-ajcehnpvB>pl?yhj}Q&SH$?lqbP6
zir6?`?}Mm;=TW7-XH?p(NQJp6N=bE(FA*~G*y?8SV@k}!Yo)Nbnqg=)-@uUX`IZ*;
zAdzvbxPhZbREdO0#TxM_-3VY+zX~#MX)U1XZ_Fmrjw#irHcM}`d>s7Ti3Hg2OdVIY
z7gi(%?MoVKIUc+E0~%;g&t}i!EEmeeg)7$T@bloq;hs_Rba@Y+J0k|CWGH*Y^Ub0@
zPbOy{hgdX=MRS+8`<#jrz;HJ<97m|EZWHx&s6ow(IG38>K)$npSsyn0bvrreJaTq7
zoQ5U#-TxbOdj{O98u`8DYLm0T-J3<j@|li?Krct}DMhKIx=rb!(FIzdIaAu62Yo8#
zZyqiS&Wa>B+CBToyW~%F951rI51&VJJiNElSu$IC_cwfS=4;%|i->+h>lfP((plfj
z&m;LMeZ6_p53ux}+Wx}-czN56!jW`PN+0=h)8pfhd|V5z!YlIM{6D9))3P;RjP&hn
zlIw*%j~0m83raZ^8NZ%jIe&NC!eH@rf!(Cwa<)OQjay&wo<8oz(yQdnG|@PVObolk
zT1-P0*}~t~sJ>J=k)>z+<obo)nhzm^GT+vb?u-Vv6cgER&$O9ty9Y1(y9Itfee<#i
zW9R9Gh>EMVOQtN5-1MtD^J=xD2nG_HJGUmPA#NQ@+8lcI8ZVigVn@6L%jcFabriKp
zCTSUdq#Fl*<sDlCUx5=g-1Dgk47LfB;r_ZDnwMrOu0{t&igCb@j6+7s6Kj-iZeHT_
ziYUU&-ko^5UhOBdav`mFtJmj|Dwg6ezu(xDY8m(NCt+{w`uPMgSUQkZ;0g^HblL01
z^*cmcxH^1{wAym`_D(3gF?(AK^X_@Hu7;<0NvX4vhh*RDO8yqy3vbDj9Rk|Z!wOE#
z@$*H=?Gb~OoYeD3d_>}}=6Tc3?UHJ(t6}soDe0V4374PYd9irMcWCq%kDbXUGH+PB
z<@09to4CmRFFwGC*0U$JD`8Vt?9aRe=P@|BjrAKz<JhJCSRXv7-O`q~<Zd0+6ux#~
zQua8YDdsfl&YCaM1=f9i96z7q>6ASVWPe*e&MR<f*NIMW{G1-&wEV$-v^Uw-?<Lb^
zy#3yPA+AYJYd-R?*PUg}k#w1ZXMsVIUH<S$T+hM0Lbbp|*68uc(hiIBO?4QjcHIVO
zeveqB;;R75&=dIqZKfu<;nJB*(mV31A5)P|31_Tx@7G@QYS&pR0(}dY8c&Bo8!$}(
zg*l|f+^RIo>1oV>FHs;p@t#=DwMSH&gi^(W&lblG_PaCIaaq;_^~VyQg@83iIi6j%
zAj*5l3H0i>b7JarB9gz?t^d7+bKu*noI8`X$ru3hBu9>47p1^pz(dgneBb<FuOD#W
zL2hF|4kkCV!13}nwFPE*|6vxnY`LLU3%o??@%VSMNdEsYi~I&~r1@tSc}>s>JmLM{
zW|1h)kF!Wy*#mtEm3b+`I;GGL#~)CVU+;{60P7uSeCDprdPdBs{q5V!Nlaov`Ci<9
zMM3RC&gaUg4^Qp#dHL-KwVpq5+`%)_7a)2&7vFYwGFvr5f*iTICKexfoxL1*<bSm!
zF<+des*u1@hK(IM<zgpfF4Y8`+>>fD0Z!N-=6uK=zIe6omff=@V~OK<h!$OAjG($m
z9b8|}@9!U+oSeKS@M?_SYG^m)+-m|BsHl;bA<3yvy}XGjw6n0VARr(}iTZG?-=zj$
z&;ctbD1?WHi#3mQ4NMnQXRZhRI{Q3|9;Jm5D9n&}=6$%7k={i7{27*=fRPj|*P^b`
zfnE{96;_at^#<JvfB6CBs9z~>mR%M-_WLwR6G1~80}47eMuEc6iAt6xi*F!<yiQL~
z>QUb!b!W30k<rrLK8M0xNY5A94fsfoAl*|Or;zpVt2qD0V951w0e_YHNVmJ1i+230
zZqT2Hzc^i8I;(hYg!MJ)gDi3pqU2u8Rtdd{XNH2xeEb8?tba3VFo(}~ue_}PYpgix
z;}JA=7+lsUr5*{+pMX(;*Sh$UU?|n&gZ@TgVjX9;JcZS9WMMz<SMj;IDlNC3zy3uM
z_^mqA_~;1X^l$@TU!32S-HtceMmPk07_KJa%Bqh~%Fq}*x4%4N2_TXuVn{A}SJTH|
z<=<$oJyh3k7Qtdw{T};6yCZH{T12jNX(f^Pv+5W<m1^cHk1AJO(!x~<+b>;%gktSs
zH(p?O?I=0(?1OK<$<U=m1$igKNZSK1f?Jnp?3i)NmCYw+>$xv^!8MlUx~1zxq$6dF
zqas!D8sE_Kh4W5OPlm|VqH&t!Fl-|GY|QIQPX-y6Wb+2>S&#|wI@VgMCfrt^GW_}|
zoNP&af+J+wFe;PWZN1i*U+nh-6XIBcI%u0BXP9lI0b{<wlan|2Ug1JtdY5~2gUl0&
zwjhWhuYhdANW>ntHugr=GhUZPdtzpZb$6nC^O-qr6ec(mnOcKYa3PQ|qppO#>S0_}
zQ4Oqy?S&cnvc11w;oy=BKYV@iLd%UN2z|0tuE>+2e(7wd)R-+1Uv6o);0${`)Wbn;
z<dd8YM@y8!yzo};j>|#>z%_fu1+NAcMN8=7v;pN!Mbf4C?o2Uzk(q!wEJb+qp39xv
z(*IR6<{bY4aVdNukA@e*_VD`P`{=$iVX&%hq!w$9=7ijs^AtPx@Ql;sMVhG4diMqS
zM~-9;Tpm!xaanw3n15kUF&}u5{7Phm6ZZET;|VUsynb2prtYen%d~67O9t%|5ivDy
zFQb?3Fcad*xK0J9S>9W$&u7E!nye3wT@=CRJ?IaWVM0MZM|UgmalL0MQkJw{5H{@H
zhkj5DCG&9`XCZ{`4lgf<xI1=h6h1Z>2?ujpmWY~S{|dgsNR_=0rC&VaS_WslYJ!^L
zo{+?Pw6_PKI|%N;VItio!s8F{Q>x0@{5#~o_`$1+S9b&69oC-?@g51!@MevZCm*hh
zM*g#%14+tq9RW7(@%VRkPT)V-xyKDCNdB>NQ+=4@|F@kh`44tZV;n4Zph3*{kDZ&=
z)JiTUV0Vai@KEfvw6NMm()%_}lOWG3`$@i-PR~|3czgU?$?J)*^Va6-KuJWmm*VU9
zG`|ejuDo-WTdxkI7o6$~;$={fXt@a$SqZV8N}>GR#$1O8Bbl9}^l>I(=P^ZxtYG|-
z`D0k3nH%F&uhvgQ{<Z-^MH8Hn)hZw<Nxh)SEaHL@G4_Tt#iDA41r3h@gH9=N6R>q(
zng5rqLq?Yo{sP08(d3+`x*r=GTU}k9$l3xQd@z3>0V9=oo!`)n%=el0q$9`29DbSA
z{N{}gr4)1iW}`!^@&|r~i~USBM`qgBO``=u?->tireZN>Uf?B*h?EGCTak9u&ffq0
zts5LmT$JK9->f`Al_f;_TBhhA>3Kn&yDQBp0&M?hZvy&_O5HU&dnCs#Ap+^t<>45v
zZjx7&_s0o4)PoM{Q#C>KT!NrZKF;i|&oysA?jI0JROnMSI?D^o*?Re`iEqP(mr~VV
zE2?AZa)&i}_GSg%?7J|$VzZ+1_|0p@|9nUwK7vHIVA643RWK{e@8kI8YulGFSt0At
zP+JgcWQ(R@tf+6evE5%oiN3?1KUb(2XmO)IsL5AcT?Ppu0)Smk9WTJx+g#DXf|5U1
zW}{M&+Ap7e3r#PXU7B<@lM6|Fr&809s!$uv%EJJD5n-p<*=&}&>Lk+m1=Fd>1;ubu
zIw3-MlW1rxa?JmiwRE>Q*L(GK{!a7DzR^JgX|WG+d|Q7Td+pQHy^~(Bv-@+7&qhZZ
zHWRAre@Ba6B_|`dBKxJY+@(#)PM$S6h-Ig+_JpOx544vX^m?i-!&tuuoj%b!!B4P}
z-AXVz3^Pf&1a%IPd$|@A^R|9MNk{NCU0lEznLv)q3`X%FM#Y5FkEk>KBkL!q7ldD4
zlQH2%t>EE386Mc@NF#i+_E%(#j@w6}|I~q!?ayn=n%R4-d%po}3%8){7zi2T^B+D+
zsyh;T=6w}PP7*SGuWpZVSTI*NTKr{K5*C;!@Ug0)YYv%5Ugs_J?`<|HoB#Irhku{u
z8b$t7Qp%=DD<XO>U;FS?lt9k1UNCByZsLzc&!*?JZJDdy?+Qh;#Z2$l)Je)WeI8q?
z<aD3I%bGB^(l>vBUBYIVloFRu35Du^t)i&LY<uLCDKPs~P~MxdA9`bcdcPHh^S)E;
zCGi6LSY8i$602Mz`2M5Y8|O?T_qfl>R^xrWI=s(VQ2QTJ4Gtr>>fYR-Xh-MQ*y=Qv
z#m&j12<iLr7PX36NBfk2E_t@;=HXuT_eZ3H>Mqx(De}c_HwP_o@z)l2sh=zx6!6d%
znD&UUf(nU)D}U}7RbOy2?fn%oBOq(Zv-BmFp+EnoIi6v)x6(gB6<&Um+1C5bc6s4)
zkT&H(dc+|+#=Or<w9@ZHLZ?LYcK%(x;dLTmum{~Myq2<tV6L6-9vAPQ2>qB+8Cvc)
zPl*i~s!fBZ?~hwBE<Nc(?pwUUJazQRA&B#>4+z4)t{wyd@1i;>iryl2ADR8&TfAuw
z!H0X#^!N<7rdg3nw02&Y+diQC%m!MLR^dJTXAAjx9_3*R4Fq~T{+)#s{0|ng8eqx$
zkA+N451jqKEF{{Of5j6FBy8yw2&sF*o}(mo5Gi0#K3CKs)nd`uf2zoqMp>Suk)`=E
zMogzOivn|8H_L#i6Mvt<DBVD&N$dm0XN-Jhh=NNZo#DIWtEIvH;lo(%YW?p{-?Jo+
zcWnL+`8&4-9vy54Cij?k?psOVpLI}7GfgAw<LO%Jnr=&&CYU{bc;b7JiE5D^_Ilm~
zL?KAwn>{4~;G@eW_;%~<AG?kDs;envTFd*J`zUYd{j;i$LlDU|iR;t*z?*@3JjvF!
ziaPz)2_J}|&9QD33h}uw`K;G|;H4A>S<TU{t#r;Z2YT3iAa5q$UoW=v_Lh~vKSL|P
z;!-6!L)u2N7fz<Ex>}g?M73h`bU)K(KUii_MUgc<|7q6A7Q2B;(T6+@{iK_Ur^fVt
zy*FKyj`i&XL9y3%lc|m#cU|GLfkKht{4~rnifNm(wVyonWW@VUMBJpMm#U(9Z>R+q
zs)HW#b&S+@ZYmcmOt^*v4YmARJ$dS~(fX_PnchcM^5LCSm{{M7(`&k+jmcQ1S&<73
z=U`%+&XAf6k)cGZZ$${c>Bl^keA88dAUE-7j)yiK-oM?CoE>9GQF5328^Ul;%Zobp
z%ng>4!pt_xF!|L?_JjpTR!Q37b#3{D>h42bx~P(R>)`W6O~i2ll1-aDth+k$RD6x;
zY5TP<6+g4X<eg1dDbIRZ_rdh>VV}KVD*vZFRA)Drs+EMFBE@!;)hg+KpjO=Ou8U*>
zY>s}I6|IokelXuJZ*y6SEphcuO2p;W?F79QXHSQ6Lhr(Wx&r3An6o`$!E@eE9>`I>
z-^p}75HVr*R7XaW@#wN2!h5=65pZM7jb3$|$&@t9AU?CxLj|b+gx)()ktg#+oY#tm
z-SEo0cf@5w`S<}6jZaalD06oqPRD<lM}IvHO@NZbtd6>H<!KR^b#aw8;C~-PSsbOS
zFv%O8qGa&5DcBMchJ1eIQ$Q9+?BII0ch>q)?-YFd_TscgV$LAw!cg+7-;CS6|CC4K
ztndO>3q+lttmnsUhf*rm&Qmrl_9En&-zV1v8XwbtN3;J~r6sD!t>mp{tXEG+1@CQ}
zfkzlC;5X|Jc#^)JcXV02Q+=L{SHi^-Z_#60Bp~wk&oxM$Sw(^*DSu{_rdWSX2=Bo|
zlF{a_F6kSK%6YB?O8Rj!JDb`Q64H2vR7sl`TQz7Z@uOH+sauC#!-hQ+6@pgY`XJPk
z(AaMr!4u=o&c&>6F0&~VI^%PHoak9I4zai+Fw@PTT2uMXPvDq&Tk}d(YD`vilt57a
z<gzB4kk4n6pPa*gSjOSk&0k*R<T1MP2#qHhx=BZ=qdV6FG#Pl*Art3)x$O`44_$H4
zzV@8JlnRZE6x@EqxhW$}&iFw1O^QNK<oOPcB9y*oM;PJzJ$h?>R&{^e`6aD&z9<!X
z%)sRYW>&P+vkg2Ft0tM*jVl^*I!06VPT3EqdEy3|x&=QF!?If$yp6^Abz$-98Z^4q
zp463#LBu3}k3IkKgPnf@iy^aX(JHJWCbOD5;IGrS%s<gi>(#eRva6q%dFzpF=F4nn
z*hFs;6Az@se$3kqat|<m4o~bYYUY{7AS3f(R_8L~GISFPD(mqQq6|DL<CZ}abg*3i
zg3-P*GMl9;BNQ~sfiB^LE;JLArgA#Vj=H_%XcCJ>LHj<)C&tZi%2>Ut9LKiQ;`_SA
zcGh}~_sPJ~=l2y@^4$Hd1XwI{7-ac3e&U2vwn)8Z$#blz{Dg-XR%EsumzvMeKcLuF
z<xl@V?VSfa)nEMoZP_E6i0r*bHW>+#ky-ZMJCbB3B%=^TR;0ctls&Rn6op8V>=BU)
z|8w>Iey{7^8{hBa_xL>?|8KwheVo3z`aJJB?{i-7^FHIA<IpbuUia{(K4aOOXpj@F
zmY^b*O+u#>87lq^-mMq+*Y4mnW6x^&vWf<kHNPP{8Gz^dM<ziaiWmN9CACH5i5ebu
zcT3vg<VG6h)(ofkq=<3!5Jklt`=_RMi|fPFI6SXt3!g2EI1x@K-6IwAcvI>eDXf6S
zk`OILcJ!Hlyc_!F@SPsv%lMh&3RD^dgW3&k4x%a~S80deG}8?LV~{7$E^AFZMvqft
zXKTf4mA&|`@u^!xJbM&#9D52!N|(0oxH4g78Nm(ZR^sc0@^21F7bGuf5mPbJUmwdr
z<yFQ%q~eA8p>)}gGm=sjkC6g}Jf{k+zepm{^=i}^x$$PvGJyz@Xw4SiTM_XgD!xkD
z=ABEAuTGj}RY@h9q6QBT9<wS0?WN87L*|??d#iYslf?!0N}|x@Fy&VE%=3k9%7f1<
z@<Zv1TG`*{(xy1wFrUaJB`o>*(+}A<ru?CK77-H2d&ah~;8P3WusKLV)H8}9=^5Vx
zB>hg$s7Jm4`C<1;JLdgAdqyKkr(tC()+{DDVhyZ0G}N@5GZB~VZrPaUmL*KEB%I|#
zjnV8I@3Iv2jZ=19DQLTvlj9chCZ54NxRpGSsc*b&;n<O(doD2r;6(Iu7wN8(dRrMN
zJPnc4eigJGxb6E+dMm+exJ*Qk44v9$Oh3Gs!!8Q-`Q^U*eewg;S~Ok$L>w2@veeKG
zZRPBRXQi{3IAS;ntkO}_B?FGj%0@J@4_^xT!;Kr0Qukc#)|dB<*C{9|AJfM*i233#
z(aeAG4>zxpCuPCRF0ik-G#YTD=MyCb#m$>HCu1?lwQ{M63%@i7ZFY2YT)TE{bJI2@
zRyp{#3YK3?L&-wQ2}X+}tlEBDNoQrYCSHF0-oeQH<TXRTO6tJ5*UOSzOBbq-gp_M<
z-q5_(<BER^M>p)gSCGlYx63q{R?VKDYX_7!ZyH442&-MGtf4nG{W6C2=)-c4*ZaF`
zjrR6gxq9WvoGM@PHiwi?#`BQbx)+@kd%hN1MyWC%f3%?>#io|dag`;S&Cs_v!X&e=
zSTadL@V<h`x0lz4pPA6p1kbL&3#8Z1GRiEm7r7Ik|D;+^MASMscE(XJ%i2{Emrs|o
z#Nl)}XYH;2E~C568=`Ny?$Tqu5mtKF(_OP=`-89QTutFt;3n<cI&c2_aS=U4gc1Su
zE#_Uqj*7IS!Vkh~Rmz{dVDstdizDIfmaZt~E-E#;Gj#E=`KZwoa=QirbLTPE<lu61
zS#Br&$E}J^lP&T$zP-E1m|=z?!)Ctnxp68}pa<pl=kUR3>^g6`?>#JObt_&8d5)Ve
z(q%q!MMTxBRQ}O3I7k}swSSP>Zh2j{W;1s?bc*zx+xDk^BDa;fje4(`@uP(_+MGCT
zT>77d)w9%}=}y%TG*oG8+~CE1GIt?L)l-*-jv4>KOG4amd=WaziZ28Oa^g&PHD6db
zEogl{b{kccGM-^V*FzkoVN{;C_=v(s!A=6M#VMvTnUJLg&(+00P`1!6NRPUYK3f@;
zeD<TOi~Mb)i0|ye{P5zvUI}MeHD$Ny;{N+3-j`Mj{xH1WCK%&`Hd61_pkVXpQITo%
z3;tKP4TtN8aqWyPHD3g7lWV+B4yHucyyR8=){P{^3w{2TQvKX`x?8}lcc!<>jKeE8
zSv5mt*vu43ydNmxG8230zTtIkLnCgq#HVCPj`^HD5h;}XB9Pg2*_(PkY3x#B;EhU2
z`fW6Zv{0N=!b5j8inZv;*zDYg&W0uFC8$}ZP8YsAc1J5Xt+4Ptb>HIvV(}0u;&~};
zv?<)+!Aw5sHXYr&CPH`en@28tiuRh-lB2v|(sIEVoTCZqes6ZyfjDzr!812tU8eHc
z2A))%_r?~Mdl=Cw=z`Y?V)6;TJ(Hi*r8@7_Znx;4D{$H^?qZTOn^czn5gVc6a`w22
zE@`Q(*tJyCXmjzYc=ymd>Yq_QC^@<~i<D-Z=<O>)=d>1bx4P>RAbxLY&QbZzRrF*u
zq9)Yiq1v&O+{?k29gp@0qQ(f4H;muu2|_vad4p(LfgzCo%NIZUfJ4=huS+aEy;WIp
z)3y^LDpMbKe444pP~o~Vm|Awl0k>MI_r5*;3%A$T+)OSDjCl$^X?{e2&z5%>TxX-4
zMdG6ztlK`LvOX;u%ETn6^`7X7O=vnkiUIcW8hUWbq3a7=#QEcg=|<%WzCSITnELwW
zWYQI}^K(JeEVk`;V#ILb<Xc=ftuLy+x{7CfuPwBI`DF4@+vC#G(%@798HsQYFRxeg
zK9cF(=6RlOeurculv7G3yI4nENmiPb6aCD#Dfk$cMdDvPZF@>PjdL|yCpaWMu^}lu
zom56%NO)U4USKQev^Lh&5^enKw#(nHd!{-)D6^u{qDeB>=s%f&n$s&hsPEjypCQcI
zm|Bp)imsMrU-ED$-dxUJH(W%IO#>@Y`K6U{DNAErP`2$?rn3?kdiQn^WGGlDhrpYR
zC?~Cn`lwJ*P#%Fq2HtUV^WyWc_ObW0cXc`GV&lpSPFskM>u_k~Cp)nowiWU;!0`H;
zSb-agZ<)2G1UFF_JFeEnM`yG0<ZPc4BT|^o?RYO}YqMan;eze;ijig!qbM4!PjjRD
zY4zpTBNS&ZTf{#~2=O(li-;|9qGzBu#zploL`J4^H0$cP1rH|O85&20d&lj#EGJdw
zbBz~6lI-KnPgfj0eRza0RL6*vD<<TD?2nek@1yM1YcpLAw|L_+uv2m|m(7~}veId{
z7>%;7T(3Eu@_7ySSeEQGzrW{X@fCjm>HfF2HP5|t9Qbtv1=BD0-1|5jrAO8??GUn3
z_R#HA2X*c&f#vCo#xDBvlo?r<srke+cyY!Ob<{mOSB~87mw0#~$z2q?kGplTs`AH%
z#|i-o%Jw!o3gqkTP)mk9?!hnuR!jl=(@20Ntz0d&JY3y8`7B*MtRZF$jW=~{;3t!N
zhy9(1Wzo4$zbUD#LG)s(mO)GNsDej-5i7?@n=kM99vYE{N{<GdCR{(ZVZnFX47(Zk
zAugE;24+U`q=GZ<sy1Jv1a4tg)JtV9_7|w!Mv2#nBpiiu33Qdq&C*b4{Sr#39r2!c
zKkDKybHa-sYCYUe`Fcoo=AxbG)10{o7ZkS8&LRvI32(CXhN2@eQ`r+vx@EPw)EH^z
zc5+udC|b0m`3ljG&5vL!evC?NIAZkl+MR31s>>}fDj!{|@RAGM7T7YXt|rO~SNKwC
zak)M1aVO4eIm2l}^_(yddF#4wvH2?<-OH-0+(L5cq95bv(Q7Bdjmkf-8{m!gV4tr|
zSm8jI?0r|1M)aI&GB1oSy$)Sg)rao8$%gv*bF(a*hvVbovdyI)wCRX44tjkXDfe92
zVoJ=z+7i)husYLX@2dVsjBUMp?r@Lp7BDw_MTk&_$=w8%Kmfj+PrSP#%-!4|^-!p%
zeR`Om_|n}c+h!l#Nwbyi<4<6DKO|Q5(sfk38xwevn@+MsBjd+6Q@Yf$tl8&fHLKn0
z8!I0rKjBqh<RH(lKW@LuKf|!jgqBLn=q(dXG2P$$I#RsniCMcHl`@xGul47R!|8@P
z!Cy$}<Z<W2wciJNleENAY6<#ATgN1IzKOq}?o5B1JAsZhTsA2q@M7OAfra0424-Yd
z!Lewg=4(USJo)@p(>)`34{$d~Q)zm1IZvtj3y(5;*%!LCjje_@JFBYb<uKdQe^Jei
zH~yeL*=8yp+Sw`eCgsM^OF!C3hs%vG6@AE4Pu)Co`2&UAOTW`8-O1L^to7c<Z%tEM
zh)SeCu<`WJ{7@cwNsNB`o3IPIKTjCSrhb#{P}{WEas3k9FmKgQX&h8poF|(T(X$sQ
zrbLQt#)VjUm>h$&(bt<v+0MI9hD1v7W5?WVyl<l~IG;r^z{;qfv?BUUa7ePm?Wo;b
zo^UtX$|D^wC%94g#Sb|>J5zON33VZX$PIf#m9rXcJ@{DnIs-|3#<Au~+;Ww-*5aPE
zDob0hotqR7KOA+IJtigRy#89rGAmu%DQ|<fB5?c+f1ia9^V>rx&rnOAN*FMg3-bLi
zZ>3Y)FniU_GIfsyw>Pr5w#%APnh>>JO`x{6%Qb4br7@07m@wGDQp%mqIpom&L_-n!
z<si|wcGK>J;{1aC)eq?8(Lao>$-bIuSv`Hx&Y;xEDY>vSfo0M#>+tJ7n$2OJggVt4
z^`i+IV&a1#Pj7e%5_xTh55GA&=u_tVN9VWC+a4pXIhVYyaf%#H8y$-Ap`5NVqrj-}
z|D->HR^9x%p#V#kH@REBP+$=+CjDLc`SNU8@rCz%;_LnoizmO>vTfiXYQt_i$6pbE
z)*TNLWQh{$OuRk4T%94!IPFD`YsgVD?4|GVn?#|KAA`N4v}qrR3_3@+_-4IHJw%oH
z$YyX`CUtWvQ0!dIVxV8#!Xt+h*V5+Ayut^u_~R=?Mlw!QUy>eRZf>nm_U*EJ(z(RR
zGy3s5(R7Cst3;)|(FBgO&_y2?HTKeZ!-8g)i-m!Gw+%(QZ>?NStzj@SOj)~^?URTu
z)w^bqu5I=0!&3Pz?uA+_+o55fwfU!-qa809E-F=fDBgO1os;_kXK36~2s;jX85<KZ
zNifyr#S4bl#+R=4dO1!~O)GEY-BOkeY9R<*sH%8sl{WhDw&&9;Vkk336xPoTQREG<
zhuL`*C~yd^wfXNl>-gV2IlZXA<+t7W0}qk)wv>7!P=MtofENJ&0Oh=gwUZ|wFXYd{
zc#Tu&0>t5qSGE~Dt0jjynfgY~otV<F+C)_p{4OuXz^r2rzM6BiLhCiXf9FIxTMxdW
zE1{1r1KrCpQ_PNg7)_c1LQfxES)a6CKE#P5p_t`sQh(#H)6DSgFSOU0pK*LqROQq$
zDafG2IURX&-HC%-rl>>g;q{x$43-hWtFgzM^$caqeso>-Z_qW?k$;;isnsR0#Nza>
zEM(I5kM*1BX&2Boj?UrVR*HNk+a8yvP0$pZgZANzBQIMvaa1&xl<Sj<w^NJuy(Mvs
zjIU%qSM{8=(6qbIMXqsJR+RBjcq<3x>1m0~?~b_Bfuye6gD*H%9)>2=8U_JVz`IK7
z<G2&gfuW-C!IC&I6r}h6X)HGnYfo^zk+~O$10bz!$9T_gnVtfHK=>l&wqjeg#&BRq
z1!H6pp1jwU@?vSz5a%=TUKK&EqMrtCUU;LFeCxvPJ5p7P5}V20we1bYA$=xM$)T6z
zq=>JoKQm~W@ZN9}V!b1(o?RG+W>JEwG5L7*!L$%r=bPJJ-CXm7oC+<>V!0JLx@;1O
z>fcMy%>S@D1AJ$WQEwCrgA=AO?iEJ8E*h(Wf@z+<<oikvJ?C9G#q-KK1@F{VtIv>z
zO1NY6W1g<3uyVj;Wv%>pZhoVTCNqz*VKj`rnLSL0j}!CT$&-#hf+voelW9Iwb#S)Y
zusJO$_jOA<=dIjT*27`E?)U+GV@*!Dc2E0=1>$?djF=USnJb8!4&}JbC^2=+=Tr_&
zoDuP`pS4Rcsjyy-4(E0E`0jMG^n%sU<>O4H6Wx!9zi_%8*IFA@#-6_^%Y^&h>wXUo
zevW%8rJ&AJ7ENh+_He4EI*AkI?z9$;*fM7{pM?r%RGJVJm!cDOP4hEm5@<zTJryMq
z(bMhQDBr;TZF}Ij-3iTVdD59IoM&R6gqtt|SGT|1;l6M$`)11WyreIY84)42F#d5{
zE`yc%+UE*ZpCe!B2I1Jv5?QPv3|hQoCHxye#j}G(Ko9<Jx#M08oSpt`2KHXo&H{he
ze{@fAR3kq=*4XCQXuX|l+FPx5lDtzKUXp5r6*MX*)h#;=9PHoKOy+WVO|f6y{;pkF
z9j0U|@Ho#dBi})b>Ii|1Cf23zn-1tvP0jVZWW9AqsLMt^sRTT4Qo~uEJN)3@2~qxQ
z*{%-<yQsL&Ci36xP?a#?u)O0{vf#w_>b!ULz(y_VNJ2hgNbp4}8m&#~_mZM9S-ww?
z`QlK0R0{K<q`=K9`eDTxQ&4_EL0}BC@m)cF6i$WXmzO~!;G{A5=5KP7jcLEq3+^g?
zeN+QKG1l1kD~rUFE;`bY+#1!~SHy1c`VmY&AsDt&uptW!2+1Rt@=K%MTC`0a;pv=-
zN|9DVe^7uG)~mhv!EUU4n6Es;z-ew?orK`+4fEH$HK~WY_0=NT?i!G@lmwq-4s`5t
zX)t?sFSOVMtG!;0dgXqCcaYDC>PNFN-P;6q=heNZ2qqM3(fUUYU$S_~?-wCE!Hb$z
zmH%R)LE$~!q-Ad3{o}V)$k5O6OP!r9NX{5muKn>^2GlHk=>t~KvKsfPdm*HyC#Nt>
z^*6+DWinl&>9eOTYYXjU|F#w`{cx=QL+4VE?8`Y9bN#cOa~w1VdLr!6vHlDy=&~c1
zo?$jwSi0Iq*^R~GSNbgXrn!}YQv^4j7qH(TP-mJx<>+%5tAm^+`lFy0p?-U^N_ye<
z(ql8;ra?15-d$d6(~TIFlUe1`8iCY3L5S~HjRjKv_G`HFyxe5n<}x;*?jK(`u~YXB
zI^>7FhNtqjhaiVE!53dbW8UUIX!f*VUW^<33yAOYbh5Xy)-d<<vi9)&Qvti)f(qfe
z0c1o(Tt)efNO|4poJ0>P+pRN)R(1P`h|A`Zo8yZU`+fu}p|gbB*fADShFAxPbS`w;
zRS#YCiI`}_ukkJ;PPAbXDD%>Dysc0*e}{pBX<2?)jUi1WOq`leboP5?{{x9BV%g8%
z%hpduTLdz$F|J-e^UcHc_`J?*TH3p>T&BDt%N36WnAXfTt0q|sNtiSf&uVvC8IxPQ
z(NDZ)<vY`L{z_$q%c+%#c1v5QuhvA<M9$XdR@;s!;y;LJ4pqpW{`hT*rTyj8h`6&w
zJO;%)#G)b}p6A*eqIFa=S0*nmQI0EZ<0&pRb!sFj=+=EG^M{T@#W$K*2{t9qH`k*|
z8OWbEtI^7jzDg{e$t#+1<)mP|B>CvuV$uq^4}+uq`*sUG|0`;L2<i_BMmo1eIpcV?
zr=AIoE`4M6kc7|PK-y(yWcyJmj;?{eeMe?lG0ovs7K<=t;@cL|W?UB=Y|>N6(o!P(
zA0Db8FRmb$FK;(Y5{qc>;H=W}H9Q=3nxQb8#7bkC{&}V`#{l)|dTKt~{xUiT+6OE@
z#IMk8_L&5MdWEm?&(d=p#o#y02d;6b_@5h?I)?C*1v1RZs*c)rM%YU_d>6zDla5)y
z#)uJBKP)h9u)W!Uo7LbynBjIFBWskdTUvt6y?T@G+gzi1z5iK~o0QB#kJe(mO_fI1
zdWcTNhut^L3RqNE(qxUBpWJfUbnrj&Qsuo_OI!{oukHl#hp(#k_lay?Fs^60PoJF4
zlW*~o^!9r7rE&rPqf+LSmtlyLjmTqDog4PA`Q=MC?S+Fl7KR4~Cfi=O)Ia^&K_|Rg
zCcyV?;<`XmzmBbi(&rx@7uVvsSA?-ML4^wxCt-%haOpaoIz;Pm3iHjGZY}%6N1Z?4
zd@~m}@E*V4jOIbl2W~ON0D=~@(m*aZB@f;5xTB)Fqs*<eeA?EvDAqwbm66lK&*o}X
zy3Z1NgmMNL7~QwwlYjgPv*5|t%}4yj99U~)dM;+fnFSh`9W3uZIT<H<>E#dbC0wnH
zwtE$~(MAYFZet{C;FI6RD0YA4?1SU_So^dlu9SqptGakIGw>&8eI4ojfd}9Oc<*zl
z$N3yoSgJ7Pb2P3zao_pf_<go&QmJViU0<Dy%FOU9KX5RQe=mQwfiTdSe}p5L0;)a`
z^nyosiycPhP=Qz7+7Y-CWXhwrCO${Xblge@H~5j-H`Iok49=@{XZj`=AH2XACp}$x
z=<#EgfQ66IHq1Qw=lyTb>3uSG^k}eGBeljgF3at18=l-S*Cb`g=J+^3lavth*{Zav
z*0`$RA^tMkyC>aj0#VBn_6ly-qc`qp8~Hn=3%ci)q~Bz$@e%PX`5ISh!K9H_SQ#yU
zvpTu0qVr@qZ`Ri2*sCCm;Q|M|FILym^;u1Bm_3Xg63CcyAooz<cv;}|u}A!_maRj>
zqwizKq>fR4`EGv9@5J+DPE!JEd5n046cRe3R(wIhMsz`}vypW|g4m8&*CVOqPb^)w
zS{=zZKdK{j6s<6Ytf!UC<U#rB`*P>}a})Io3O!v-ev4Vr%2yd}{qo0;6-9;<PnS&<
zmg{AN^|KMF%n$O-=X%8utVMmZ4}aOyNAM_dnMdM8UJJ)NAy0ZKSvPi`!&OfXJ-xY{
zc8G95a8#Ll%g)u$G%Q3?pl2!Wa$fUo3L^YaMQ4iZ*b&3h^u(wPG|RCV7MEBX{BPxc
z6hr94V=f08TmjWO58_wk)e2QHs8&tjx0Tjae<)5!`^>G9zj{I&s(Y23lfkS>(;|`~
zYD8h1{upO(Mzck*4Yg!SfOoT4LSZ>WMNh29QhO?{c3PHt>JYB=5N`Dx!=gU>N-%AG
zfTLBIW?$C)<eJSUcL4pkVvSC>ZE@5x`HX_wdg#}Rgwz11bYb_r;*d$kbA&wZRhK?I
zWajRnw0c??ESi-%sHtoB=IZ@gS&5BXLuK~5JPb~OFZx2cNKZ`PKZ5r;GbvMn>M&2(
z_`6xJ*mQf6XA2<|ZpvzN*Iz1+MHVrW$Q`}Vj-BNur=Q=={r+-iJX>fzwIPcTx=JWH
z2a}te+K-tD;W$h>;+vi7gtk^GQcT;^jq7TyY?n$R_&q#}Wh(NYYg@Ean>?_)!7Lo6
z`oO<vR222K{$1&d_IyG1z75`@Z@6YY9f^7uc02xVqq*7iT%CluaLSRV^=BsxW^CdQ
znMB$jf6ij!NRhw(1E27a#>V9j@(EJx;1jo$LvGj2*<vL0o^GE6qgZ&4%+q@HZ4Riv
ztzXI#8ieerKZ`s*X#KHtqtguU)Zf`B_vO3l?sf7OC!}P}KFeCZxY6r!FMY<u(o30?
zCP8)jEm_PX!Ota^s&2=(UdYFLCSYW3^#`3HuZ!zskHfLRuWkJ?-rAA(OqCrL=cU2k
zd_ArsBKp%sI;oG6WU73~9}5O0Bw0wswiHTUm#3&s?k#9lE$39&`Z5acycD$_oS3Pf
z7}mEBV#IVDij%}hG|joF%x?XVlV+oo7bCE=fN4%pl?h9Ah;=bqC@1fk{dMAqi3EnW
z*@l7U+j!I0CDUpsefXvC5aVEnQT4rNkYjx{BTsl|ELfc}4(Hrej~Smv^7du9x`dNU
zWG5|ENn|QmRg2cmJH8lbUdzMQRD3H>FKlY##z&hK?DnQn;9L%KhVP@c_o5n^cP2)i
z0<TXxRj>Er7l8dfq&RjCRX$wJ8TmR@sV5ng9u1k89p1FCl_C{DzmDZ9s)}i6TUEoP
zoZ)EWr-XI|KV{P4r6ZcgA7HtYtPJ<u3h~&B)@7UE)c^;pYUAN?gjL*PU0EXrs`vqj
z!jMZ;`0qHgDyi22bhP1%*a6sWo1~=<v-j6*@Np}LDzFbt-X9dkVdYtwza`L2<}ejD
zA;{LY9rS}OVvgv1Af<`f3zH}`CGiuek!pgxsc6-A?=bkVzX-=wmgLBgJ7(v_zPPyd
z#|v#szUiA>M-0d_@m|qn(c|>$;Ys%!a1#6E-BdgsV@gP%{p4FVL7X_gkf6GVmc&c^
z*h0C+8;092?~hS98@{f(!e*ErKs*_R`M&x~*%dFlI<iBSedr%n%kP96oToYQ$nykk
z(9x@S&lyzWEm$Zd%C^KkC{@V5J9ai>mT*SIVXYds4AM>3N=cKNKd4RaNj3P^vJe*g
z*~!Kv;oF?n0#nD2>Wp;HCud_?aY&oKD%LZdoZ-9i&@)#dNQk`BDB&v}v#0yS*5}AA
z8bzD)P8$e^bt7iHHgzZ{C=kOVH@e8*Mvv~PhQzbjOVuxYiObKH2ql&obf3WuS7!;l
ztayBwsf5|fBl2Ahjq}ut<(f-Dk0fO&_!bfen=&$!2oB-08d0(m$iDvLmKd=Kzrm_N
zTzCvs_vVVux(59z>G44p3O$@cb6%D}_9mNLOvC0AnVQYXl-#AA32JsO;x~?qbUkPf
zK>rrPf%Slqs0`D6gmkkd_QMo@pz>p0vUUcNsOraF^*oPqN|M<)X|mt06P;QtQNBDQ
z>Frm(4VJaxy^2aUX0|jaxfqyQLtc8(ze`_rv)7^V=uVT17~2%i)fkFqt)>oXc%;0J
zLVB9C`~=HTN!4bkfL%tCX`<(}_V&v1T?Y5^ZTg4_`~)54v!O2&nKNjQB`t7%cE1=n
z6#x7}W)4+!cvR<DYt5yLZ>k%QUVJ*?Z*5Ad`{aS@Vs)TRr-*cPgSMr7MEZbw){?n|
zcW2b(DX+Q`VV*Z$`SLSiHXd>0DTIQnvfUJ0S<XZHB1;yjFAoi!x37Oi<&P~d;628r
zz(Fg|xorF?t-@2~jW=P90y@WZUfAuUesmX=9@exK*MCs8qytx+wM7{yEQx=Xa!?J%
zKBFwZ(DojS<-JDd<OHQK<(H<+_;8By)+M^}-qxi`BQl15R?z~wo;W|BWx0~CLLE9%
zr`ipa2mI(}sZ_2~_A}9tNGX1vXE<bh(RT(iUG#5FFZO??|DQK~P+rHJE@<_}V8#=9
zs~6v8dTlVGA#MT7QH1g9EY14HD$eJdGm7$h121Qsy{(a8)+boIiDs#lNgu$zZuhE^
zq4xXTr-Om(rXIodj*gtH7urerOP!zCbFI1i1sXkmj%`iTZ-`D#TmN`uZP|Q<FdcW9
zC8)2P4H61ThK=0`Tl#|I|M8i(*?4-^5r6XWk1ufZX88KAwDvtAZuBN7OMj)lrqL80
zc=$VmGWK@9^K})|#%m9Iq?6sU!d?W<9l<Ne4AT<mRw9bgul;n!Bgj7GX%{1<)lrsh
zFMc8g+iba*7dSWY7CO0GqGFFViCZaS#gp6VPDhj7Cppe|AyzXt<2HUxm7$tSiL#K#
zX~K8YSfj7(ddw9(y=5-kpD1pkqaG<_u2J&U3(fNl%Mr^ve8rXIh-!_p{M1d=n|3GE
zDu|rJsSW#Z3@sF<E>2*k5(DZ6HWO>@^I^ndNWv5@;sZ6p43=7v*N6nPMv`C#9rJHA
zO_^-}8g<YN-y1+biSy;%SuI=v=6lyNa?be@uE%DNY#DbCQWqXJ($*cLv(E7E3Zvop
zCRHOXoz;0ESNwJ<S`>ww-8*TSIT<q>89I*yeqKDzc5UGcuICQ9Z(_tt6cXGo613w=
zAySkiZT!Y3ipH^0#kh6`-J7dxu8yMwn|_9Y5`DXOpz)}`U;pOGE1%D*5i=^zA8nmG
zbcZSWDhBVH#f#PT$}y29pV&p)<WgC&;$yQMiX`7nyvfDOjdmxqt}vT1;GY&RU{`TJ
zO(=#(xaic&R(tPR@_A<mcXsz{g(qJND!s}C?#DHS6YET#5cBoXOsRCn-m_(Dz7a!I
zDz|x)Ice07E2hrhWwiQI?kkJX^CT1mCO-qeVFm{OYdXip)yvuwb~<O*ThP&7bWc5Q
z17u#aa!fMut+N;=iDCJ*LzV3pFZbD)x;vgSZmO;hGo|xeB2{hJ4%6)lplQQX6z=w5
zw@1Zz=+$n}^?uaUm+hzk&V%Pu+#bmS3OcT0{RApEJlF}FRpQBMCGa^mge<iQ#jmQS
ztK1f=#!FCrMv!`ekwM|uFlEz?Fjw@Mq?1NXj86(M`nu@1i%s9rUZrHadw6K|1I8(d
zYt&@&mg92Mf`&7}Hbe%d#r>{dKrjXGd?(Va^ZzmdKQIMkM$69J#md#&3)ToQZz4AX
z$^V~b5S3)P{~i=y8O#Ly)e?4Q@zl*P08_w>_<z0yH9^&lUCTowR=#*leNKE#t7A$t
zL{#yEPBW7s>SW&+WBjHSFp0+9YwoNE4=%_wFpcIHoz_<5lO!h7D3Li%z!%YSTawsB
zz{unbGXa~$o0!*Uhi#3D%8uO$wCQEPA<|ho8Ibd)lPu1<oov`jjm6B_+MP4&f|82E
zRE4o#H#PsGWD8f3#OjgD;%S1L;pw?;wEn7-JX(d6Oo>E1m8iwy1vJ^Z!G$f0Tgvo8
z5?Z&U!-H0+n8T*oVz&51{FZOtiQ`I2>NE^0ebqs+Y@MtBjzJd40=~uc#zvd`GgIvv
zOT(I~oSekI?ADp7`fINk_?aIMP9ZRrlWYU`9#i$SY<5W>dPK$3%@H4dSimV__CeR-
zE`wo`(=w0k5?g6<jaEX=II-fk3R*`w3+9p*m6eDm^;X?GRytE52{9FS^0=8uVu)#o
z_#KF;ntN%7SXL<52k=PRBW{jdHlWiZI8z`u@WD5T=e!`qRQlVK?pz$vvi7S%`Sp*>
zS0hdGxvjdtUCTLF7Re`6`gLmw;fm~<BbDj^XjL`4{L8Of6?E8I7$@xr!t3yLh3$~1
z)yIbwIaoYyo@srNlPx<I*Ijo1ORy$SSM47PH>m`@ru@$Le0QtdJZ;b~M!C#EGv$pP
zm8H?$GFaEL{N+7PqHa{|0NG&ORm`;yn<ES9XA9<4DefwXsF9(cdbmNYJ=YL?BCoSp
zBUcx#U;iex(BSD*>WD`H&po;>yEp1$+h)+cMVawy|3T@K%IdnoGWbVb@o1zRgOLyV
znUrTVFKEyuPv6?gkWjx|F7j>rRb0R1rDORfqJn2PyUzS!{Cp5!>^uYF$yJik;;MgU
zALy8`FmAW%I$cOWQ=%mCUt;=#jo&us0%=M{bG2gQIe5~3OX9#j{KF$>4PK>O`$|Tz
zT7llw%lheq)!53?+7iARr;^I4D5tRow95BeF5m0%`hA!m_uQjli3)x;@Z$=*&!pTv
zoyj+>mYl&3Tpgh)b2nI<HC{`bKeMSTvM8t)(pqytpK)sg_MuU6-4Gen88dJ_kpU51
zzPbs4T}*I#-n*@=Nq)4^fvIgBMT*6*>DeBJZ6;sNo~m{sk+pgH4Sb;pk<|Ko<Cm*I
z`+*F}4(63$hG(FE0>d-Yr6UdVtPevXg}q7Y>y=hfV<(2NhM6bsO%31fy%O>vaC6J#
zagauq-x&+as&FIyqpi2i(icVEK5FTwz_4AVXc;@%c$;c%-lNyV?zu^<pW6*3Z7D}8
zk66i^H~7Mg9mH+7PEz)TK1<9$OVV{D;LL2n(EU|sIZ2_WHV0KU<B+E{$2Kh^9(jfn
z)=RN|-cSi0?=?Jr%vLR|>6OmF(T~1CWx5@ts0Gfi=0?^KuDJbkD?o>7V37LTS^+v@
z`kk!+9lZR`R)7u|{+m|d`7?C=b?*u;pZaTC%74cUS@ewOU;i0o9MBBV*tIaO(gAF3
zQu;2pC9lq4|9Xu0N~w!Nof6H5i*-l49Fhv@?W_)OS6lb_)hk6Mt{h+Izde6Cx#=qI
zcQTRH5_I`q=Gm;5OBeit{88)4vzjE7`rKH<=a;?~4Ze&nJ+eF@bWQncp?QHwEoYO>
zz02G>xsYBI)sgF(4t1B<@iPw|1?YdgiQ0ID!$)6naF9H*QR3zKH}-VZndMfo!4}ov
z_G-I9g2*QA{-Zg#R?=H*uRn81YOO=UjIlxEZ*q@xDFnqfo6hhVKkrxPsgW@Oc7Tsq
z|AmF1A?yEH2=VY|ccl6ov>`W@uGW93vfZ&NtcAjG>W##j#~NbXWz6DiO4am<ggqj+
zM{(_|#+a1aFQf+~cdbcwj$eaS*`?9isw-nrz2j+2_D@M0ef%yBrP(zP#rl0tQOY_o
zz~7(xF400rTka-@j#Gj_(&f^mru^v1!$<P<UO&`(W?NTe78TO3Md*V$ez9wHCswt)
z)ybk&NVI2w_-@PSk`?w$vGVp^8mWL&DidnfjGnL0bAKsO`jMR9^g4nTq00V+g`m;u
zUX}ePEwmN$4F4atA!sBEETjqX)B(&}^{Mm$VoGxCqr!(cFg3_z%&dC+31%atG*4{F
z#M+gd!NrBNA>sdFPi_3bqvNu9J(=W#%(*$-=kL>|`R0UUM_(8Vw#XHaUe%I$GKcki
z{Juln8O##;pzl5ZOP(4U<?d}m|JRr8%v}jUBjDe{Lie8e=Kn*LL8Ifn7E<E>m!7&%
z-mS^bUGs*p$yIYnDOqPtVM}Kfsg2Hi+Dwkg4qdKl#VPDZI}$m{+LG1khT6w<l~=CD
zzABhK_rKt&cMqr!7BLF`7X#;iVFqa6{NEWr{0lQcqvPM&4A2nxw>ASb&i$>;01ak;
zYcoJ2*5BF;(6IEkHUl*F{H@IZ4KROaGk}}p|9jJ~yVrOR7EB94qsZT3k@ug+mqP!=
z_>w+ea_O&a69;T3(D-uC7L!U$$YM7K%oY>QwRg13ePOut&p%w0UPOO9cq!DdO2_=}
zz3`+tIW6I~Z&Sim^gg~sN1s|e5zkYl>3&{x#Kl#V4|ZI79l^LXJXZIe_j-YepqT-G
z)2IV`KqZ#Dxa~Ir$(Ss$)x=H?t-`Z=W)K&*j38S~UQ2%qTA5-ATV{*tKku+K$0L30
zEGJ&dwJnSMTRh_(V8UMZBEoOp{0mz_gV5j1R-+AA#DDFfIAFViMyjyW9bNv{Aj>~j
z>i=B+S%?D5KNDu#fn?C-pWzV}?wM<lO%zUEKR21Q)wS4fucH06iJ~2BqF6Q$m<V%_
zj32bsjv;NTGjY76L?-EZw3ovZGBGVznq=LezLvn+Tr+#8_$_Ew0{!*W?AWhEj++W?
zhk@-l#+Od5(TNX8l1wRfxX5uHK8tQ-Y4&Nl{GB7=v9Z9It{{ij@gubfy1ZN|x3?Vf
zU-OK&;GaFu0NG{(zxwkp3<Ql~e+L6?`bFpewaesyEeL6J+b@42)d%S|laZQSZ7Ggo
zymO5(+e`?d+f0URp55mYw%}EfdfIxA{f-E}L`(G<C#=*s>&S_YY&`o0llE5+A}3>|
z^ELFG^}dN_q@;{niDW039$=fvlN&5(x;hUAE4vWxg!~s~KpNftUS>cV-Tqc)5Jno^
z{$6H)Mz?#$I=`10kjAk8ADiJ?xh(cSTUrr@#;~wmseSc7S)MDj!oG6v<bX=v`<11w
zRkSNy%GW%jvfr!Y4})0aaUQj!<anDcMGUE7qpss6y{N7esD`=f#Tw1JXao8bd4j2~
zUfJJZx0=xJyMXDqk#yw#cbW(PXsgM;un;tI{XYvK+-f3>EMEPOwjqOsmvR44We5V+
z%iHqmuJ+YC8z~sa8Z_Mg-fB`(ye+e9tI5a~jg5O|gNzaZ?O<?*UHq3``>*2F5AXi9
zfcZAkT(<Cz&m!zVkq^N@F$^+LG}c@AdxQPFe40zjR)gk;DS~QNPeQWUkV79K5j}To
z0Tzee(b?tl+N8UK!TyEC8>b2GROcM?$SH|?Hp_R@e~{@?=d1DAMlpn2P5y<2pb_ie
zD*G>6Xn;9S_aC+)XfO*bw0o<`<A1W%<bT9d@7`+SL^ST!{d2q06i<p}hQZ<qcF0!`
zEZlWPRP)gcuh(wc{x5lIXq@|Z8~V9z^8fm>pWlfRfrh}pg@vMs?U(<V%0!^iF^q*E
zo>~BGH94TCcHHf$%l?|ub9r9GaOduUJvHsW^3+@Z$W#CGLAA(#F>wADW`G9Hzw<Ck
z1R5Rx)@Fc)z`wN_pmFYRZ3bvC`&*j<8nOP?W`KsJzq1)cp|R(0Z3bw7`CFUezZgaS
z^Oa0dXcP%E++g@`F7^KNFkAG$7++pe<TrW=CeCWXdN?QeKjci8oil87AV(Gdb(RVA
z9jMDFjH?G{y5WZ}hE#|22Kt<7r^?dg%X*>6mlJ?u$#vC`iT2cy+2Pkk1T<6T5l6n9
z`nH<cwdQ!|6&pqDRqiJhs9_U2k-`Rkvh#P&$rX#^x~PRx@U|As(=&*wq@}%Lp|`Zr
z<9JS?eB*}${&y1FmgCmhL(@7b>90!gStYmMV+lXVy&wv{4?1!sf303&FoOL4OO_Ak
z-{dc5wUkfv2*tmZF!zf><$95X+H_^$UE68Phg`&+f!Eh$rP*;l*B6@^zIi)wEpzR4
zC->;6DZ<SFJk0UsUf`60&tPH^az}!(qN|G+IJ5q|?gck%PgBVLw9ebcuDAKgF27@&
zmpyteFVxLcOe8(mH2Y+wt^?bAe@H?oK~Y%xla2MqjM>>tm=08*z&R0~-4X6J6;}f{
z7GyM{k4#AA4)#6yg!l3?ceZxg!&{R*!#$7jUXER{A~|V?b;^_I?M2@&pPN3;-$50#
z@@l>{seEW{pv3QKaN?4LbzGYeS8CpgR-2kKDxB?j5rb|E5(CCA3@Zy(UBZ=_&&LW|
zMM;|T0xmpd4)(I9VQ8P#&Cj9E<J`KG+iegd5JXi-8xnQ+lZAgoQK7_%Bd)QnjPI{2
z9I`w~N6Oe^T*>YK%KEXQZ<n=|JHfl>(Y5iEY58@&UFx5|9@h3Hag07Ammm5@OTH(x
zAp6tel-B16I)e*z!R{I!%jwylIj;$r7t=kB=6aMao1UNPI^{qfLEP(hyFKoLv|(zR
z@F$L|k7u@Sn>FxI3U4N{>T@5h?&kPVCi+4kza9Ho<omA^#|6a?QN7*n%D}=pJyGu(
zipP=duehBlMZ;41w#T|JNHtX*JJtPLE>XR>bZ>-QP|*yjU&7(935PKf4p-et8?*4Z
zB9=gGrHk?hx1l4xOP<k!Xl_heS>MC^_cc>PJkzaQkKx%DcvQWMBIw$9!JaobY@qA5
zOc@lNVsPVWj2UI)2s=j0b7u^Nt#@c2A8ggJ_dU^Pu08ye<U0md?X1y^=IB?oHIFg+
zIc?GA6rIFpcRPf;xfQS5r(KAke<?0RBAx3#$?C8Ep;Lb~xjChFN+3oktJjjoHa4rp
zijQBxT=-dx_D50WTf<b=E|yQg51&Mp?+#OixmXHUg!E1kwm*|l&XS~xSup$g^X?yb
zm9r|rZ|?o5z|873jaK#*pc!eh^P>FwhekUuqO4x&XytXSOChnnQ}oJN0pJ01;fjcz
zAHIVhz~@}=osv<``pzCi2A*cf>J0=B091?JDoR!_dbBbTKaF&q-Kv>d*6W+sre%v<
zI-2M?XJlh)$iGxp=rlE!D4naO{(){pK7}XvHKK$|wRqr5uF3HCrAuinrAjlR8FW6y
zL)$AX#=V4O4n!o?A!)q^`VX&IQvc9pylTijlsIx%aXa8)nP&bJ_3V=`69(G30}Ccv
zx3ifdzYXw~ci=yn&CPtOH}|IU+uu7eP|<k6T~dGDFr~nD!~-8(UG7Nw^M)y))Lk!#
zKihlPgw`ooLTV1tcnqL(f<vt!LWjO&02g{?!QYn^>;?37v9*-~9})=uITiG2@Hfc)
zA+Ug*JDYaA=w3?DHO0m{@C*|m!DizV!CuNv$g&rJZqquH0UoXZP75|0ZwU7ScCvwx
zQXOh>EDmI27$n$iJR;sp*$El;X5-~}neYmD_%z50Y&KlMy;TUTfskVH=$?WZ`20(C
zkZZ(tzmh>k!yTr-bC|==Q^*h+*OZQG?izSdy=E^?jP=(zghmqoBjE85fZGcDdG94O
zf2iQL%)fKz`SZkoggIh2j!qN;SE6x6??v#d!y^#pVui6NDi0upbM_)`n!zIwni*I5
zV|^j0*NK3=2sdwd#7+dXx4yrWs&+x{K*%_;7jZfq9<eh!wHJ|*Z!S;=a*+TY0Eg%A
zdYQz+BX(wX_9D=a(_0RK_H`tEFXHrFc*M@E$X-Nw6qklJFz3hWy$F+Hc*M?(!d^r#
zy1<#oKx}c2dl6$z@Q9t!_+CUuC|^}1FsCKU-j>?@>L+5?8H1ibgSB5YeEs3a0-~5G
zC}zMmfVk@w^Y$kW=CnRf*c1H_wp?$SJXDBxa0ddX*abvE!5aUGv~+cL29c7yx0ju(
zhbJUb+FQ!!dc4|JU_&n{xKbVDY}bqY!%qgpYwvg|M2}O3<+gkRAMXiD2K)H^k3S#x
zvA6a``grk(%C~m#$-$I+`;3}TKOgt9vv#)T+xZir4Wdqs+?oRJ{+!faFIlnhC&App
z$y&$jf|E5u1IYN|NjiXPb_MMn*1x?3&hu{%^4FPyyAG>Cn4i^U=1b=R?i*;ou(*rg
ze~m-vSyb%L@@N7BIRWFs;%LxOf0;XkUgm8|F%AS*1c%GR`85uq$GN)s$#@8Ka<rg#
zh0UEX@vm_Rz0V4UCZ#l}OF{g-I1RF2;}CkHc9FGd7JwTAegHOiZQv%%U)3x^uVg{@
zBwZOab9K;{!s2+2{2GVQL&a2f=)C~8i-pTw2?#uXl{<vqie71Z!vz!;A9!!3T`ERF
zsb~E)?&kqZd;LPel6npmXelC~>xbpJa_z%IsEY>j^-rgP_4q(>VR<bA`|uD7L+vS!
zv^L;b!SVFL$$P&tp8!H-j9q4Jrv*G)5aPk+?~~L%JcQCn%t$xp06Y&ko`S+YJcQbK
zaYy4G#7C3S?9JZ;m3?>!#gQPRAyo)?1k8JRn;QG@5UPWR`q;7%@Ou?tH#)5Sromy=
zzpM|0@|dN(vaSQ{M+MiOO-%OTA=JlN`!=mNfVT$xGHm`9&411Nd5*$feau)>HkSkY
z8N=xV+io8oLVak}XH-`J-Z?nlmdidog!<6RFSsKHu^-Xi@_zN+hlfxfC(h-JWCPv{
zIG$_3K0Ji_AhIWk$^$$yxcb!z-iL=!9|EUte(wkVZyj_+u=RU9VjmttePBhcn{NZ2
zHRy|Ad8ecI;UUyVP^+`YA{q+HbvRz^jeU3s^`S@BOJxeWj~F=rQk}RD51~F1;w^a9
zL46d#>BA`b*Sw$K5Z$W}l@E6#wE(XIu0AHy_u(Pb$LoNzW{_JTwBhvOleG^Ip*~7#
z-6K&!)Ond3b>}{8XqQ=<|C8rzZDnuHXYXuoYc0TQ?QFBRgcDzd4ZVP3pMn|yM%(q8
zs)Hj4LJ7Ek{!2!bPefTKf_c$UAPIJ~725(w5aM-kv$oxv3E>5;u?rv*ui!GF01jq_
zxZPdF5Jr><tk0?U0>D5El3<H5{{xO70y6Pu9-ze_KZ-UsIf9A;Nw9>}3XHvZ5Jg1D
z*rbSzeu;ttNw9>HWURdeF+_w{clw%827zTkf+e^)Vech~LkZC7tI)wPOLNeHae$hD
z75qJ=Lpy|Bq5q%r2|ot~LI@ouS!GZ6M^H1L;To)>#y&iR4l`=N`=~7734_obHh*@y
z`|uDtOi9iBxnUrvGB^kP$!H%QLWg-xW5#b7I3!Xy!K0b)!$asWtKyGiD*y+K2j?)4
zSntC_=rAq4^fFihZxAkEylcM?523?Mbn({^2KEaB!vWa(z;yXF@8_3}_A2?P&1`1(
zpW^{o-UZKncnBRP?y>8!mY}@Na2<Ap?>;<)4pUo0`w0nXf1+^hne*a4JcRo2egE;E
zBCy|KxcUgVvJVfTJ|dH@5Fj29Y(?zDL#Pi*-&1DzAb%&}I@s$m`|uFz<M!KjVH&{G
zgX0ay@54i=5384yvgn{b=BW3!Kau2pcnJ0J;Xa#1I^c~R+spI2vkwoUKD5nETaE&M
z8qTwqr<e0<-p?J$d-V}>y-Ea9zm#zPs<dz)9zuQ4&1j8w0p2j^E@1VhT(S=jp+3Y!
zFD^X-_A`akhtAV|cnJ0J?nSe43E;sG2;^(`;UUyVYM{kOZcttdIDa72yblkdKJYmV
z??MIyx8QhpJNDrr)JKjW@gl?@P{Z*;diUWW)JM`nnEwFqf3<M^5!UN{cnI~u-bf~K
z6Y%8Wcyw>~;UUz=3aeu$WIzxH*S~!p`!(<9uBpBHIIGErg?K=~II#~8p+5ZHog#n?
zAg{vdqvq2-JcRn_eR(zmqTfn5`-#l&!$YW#p%XMTg@C65R)1ji+x&SS9zuN#mT}M5
z0li&<n~E;^`jfY7DjH!4H+pa+K7bsV(C&>vv$x?02+M?=@C*}YCkEY>hh3$B#^N8p
zlp9<DJq#ql4k^0veiC+#2P8lo{MV2Iis)E5^FjkGCqNP`B7_<a0VWUKT;N6o?UPt`
z6ySChNP<P6^TQ(qcs+gK5LwK8>yQgJAPIJDLtO$MA&9UfSUy^BI6(7&B-m`YslYRY
z5S64U!m8C1s2-AF5uJwc2w_Ae5gPx1_6djxl3)=Y=im_{h;nh(_p~z?=u06977^_U
zj}S$ai&Q5nVNY;<86?3XX8hq1Vu*5avy~`<$qo$#l3=SOE_FA;&dSZs)yq|Y*VoGJ
zr<Z~@t_qAB9~!|FCM3aTV-gL2?>G&df{UPWDbLMi34rQ=Bv{1TBk%|bM8?Ps`DQ!~
zssoZ>5pqm$2r&PLAQ#fJ@zR+fT!$oBgozkDLI4rsDnawx4&ePE2^PUG36Bs&gut?)
zTZ~6VL4hP#1g|PQLI`RL=(v|-Hm{r42n9u}Vecfw%1L+x!YKqCs-W32Ixv(32{sqH
z+3*O2EnKV9oogKUPDp}9NY}$75Vr8htOe`|(7GWB7ICHp9)Ylhw_^3)S_D1|l3)?`
zpWqSVP;){Xcqi?X8ps*~B*BX0+A=(1w+Dt+iO;#T%|KA2?jSq>(fzI$>-JB^pX<7w
ze1HB0VGsUT&x6bYMDuQidrLEfLa<kBU>5K1IWA~v(!0XnIe=P)Bv^yEGQ%Sfw({E;
zc~A9#--0Aq1im~xLJ*NnUwL&^)PO!7l3;C`s0xqRJy8ZNiKD~?3_W&`4Uk|N;g0YO
zVTAq3ofjB4j?#lW9zlXF3Q;0F17SN)7)`U11FZ{^U=bE2@CbzMJljs~W7;Vc6i9+a
z^jE?o5VrFhDMi?Pa$qqIBv@l)V-xOb8Gm|mK}4QBE@Oj~4$OT(5^OfGRd+LXCQyYC
zdUC3nAmw!6#UTk6p>GC{K<LTSxRgc}K`lcPEP~Y<4gn@!5JVb!=jikCLEr~Tu!uBQ
zcm%>=<&qpeQ5Yx$B*7wvz2OlE+xYe>U63(&9FkxW3I6biU7j4;#4m<-*ldC;NFfOp
z!59RO5Qg?AP|qXsE;A3}dEDSUk9Oow#9q&XFcQ8Vd^X|?C<q>y+X3Eq*9$Z1CkDEa
z`Olp*I*@J7yWAMGSRHE0ZN?yigCy8uC4#l{y;Ix>Ri{G!{oQL&y^sWpV9JC?AXFV;
zdkJPYC=MjSBDn9vBM_?YQ%m^~XV5J`5-ftJ93FwNcX?1MUvwAb0Fq!4UC-eW63{A!
zn$w@g=dLXH5t3jLcVEIGz*GzZ#e~?5ihF=Y21&38l2LdB!d_uEFd9z?v=B&wMU+j#
zBM>Sk@bXX^WC8+`U=eh)@Cby_J(+pf@+N5NkOYfZS%OC(jP7}3cp^_7LPdcjSj4ea
zcm%@Md4X!9`8}95f+Sc(<`1I14O~PNQKbf7d)!9{o`ob>L@6;b90FnMG!d4u_hLgq
zfh1T21}i)Qp+9G)r0dTzL_vWhSi}Pjcm%@M>0+ME#RKdBNwA3EJU9fH2tg2;-@=uD
z`w~RukOYf(UjdIm=+C{f>t45jc>qX)MSQA(M<9&M)A~biL8i7L2^R5w03Ly`b-uHj
zI9&?#0ZFh3wvX_LUH%*@b`%*!zD4jjB*7wxX5bMBTj$MTjLlELZ$c6*LSPXdfv|P9
zg$18l04jwfSj4F{c*L&O3GJ9pS`+nwO<O3BKmvodT`#8}KM@|*KK7pWt}Z8CY+MoT
zR1A6CgJA@oP61kn-Kki%NsMCUYPqvX5d_p8)`%V#p$wC|2_7W?VJw(|-u05*-u1Y-
zn;W91-E@w>A^;x_8K;4kz3YXJMzZU}y*<5Loe=@HlzJmjz{3+D3t$3m*GnFq1m(Pk
zwUZ|wFXYd?(}L8;aVMUG2cy6s6SgaMz#!T23_l;<yEh*p%u80nzX5zUI{<<hc-PAj
zi)7c1@}J1Rx9KBfncQS!Ld>$qM$Fm?H4w4_R?xB<5$4PG5MtKO^czB!gvPwheNaAH
z&{DZ~l@JBR2Ir^2cGiJmFWTPq)=mtAko;MCuA>-`nc>I=cn2XPFaP`_9KjSo4g`_K
zQJ6gI5bPrV^)0fU+#=6s%;i9XD}Xi+nhY$BlL#3NdER(hufELzv@N*2%@8A_A+Mbl
z>&hC)&AJbO3}N%uMT(5JGf|4LMn=qdZR${d-qj0BQy@b|+gS`jNK?ti%$5du69Z#A
zSehI;GTP2k$Umf2QXr%4EQBDW1?6?jfqi%=#=v>N=1r6e8Et171R*U6Q@Dr^(3n90
z2uo|FMn>CN1VKnkC<sh`h5~4S2&*^|+MhI-jrKpC%dWSOx8#X*>-@jS{NNLyFLAn`
z<UM=tf3jiTL{8s(|2&i~dt{dt{@OYIlf9$8pKl>2@4c=aN_L<>2pPE=cb|L@YwIM2
zgOHIcbML+2&^(tOJqQ`ON_QVd51Z$H#)FWND;7C<nCT#7<myFEet+yBWaLUlPX5Gv
z5HfOABPY+Z9E6Nq;k(H^(1rp2w!(T4@~%68_r^DS?}>%dzp)(%ja-Gu(R3UKLL-+U
za<mNRfzZfxxc5p=s6ouQ4unQ7MC9lz+y_D<SK{7lHlexB<~a}=xfGGxx|#PtXyjT%
zj-KK>5E{7{_uhyIH3+W2fzba(jog9<LGQX)aIYGX3tdR)KxpJ@M2<cVwnV~x!2qte
z6-2H^<Y;-31EG<t5jk2_^gw9jYDA7cEp{L@ay24H>x&-<ja-e$(WVjyLL*lra<tX)
z1EG<t5jomX@<8Z+qec&@gP?a^(6m>LyMsO0Zuf%pfzba(jj1vRLL*n>-iu_Qo-b4O
zKxpJ@M2_x~I}jSV8uy;_1I_h@{DIKO)rcHTqj(@Ray9Nfd<U9q$rA@cBUdAGw1U!s
z(8$$@9DP#xKxpJ@M2^-{IS6{!g%W$!h#Y-Z^+0IkYDA7cck)1J<Z9e|I6kz6SgRcf
zja-e$(GjN(ghsAL<mi0$1EG<taql_iP=j=690-kEjmXjSng>E7SL5EZ#i6+-(mD_t
zxf+q%T0r|iXyj@{j@CJI5cICIt@o;N?=jF&gLvy42>ox=cuV&{Xyj@{F7!Kk2SOuP
zBXV?({(;cQ)rcHjc=kYO<Z48Yer#|cG;%c}M^_jg2#s8g$kFvi2SOuPBXV@B@qy6D
z)rcJ3V{#DmuG2pEsu4MQ!1O@qf1}2ca|c2rS0nPkY~uWZ(Emn_nC1sUBUj_zlLn!l
z58vV^diUm>U9;^ve{a!2IE}yem_8_%&5{Jsp?zAXFu|HKIGYRnC$Elz(rE)(m;Hb5
C;xOC*

diff --git a/docs/wiki/media/NorthStar Networking images.pptx b/docs/wiki/media/NorthStar Networking images.pptx
index 5e44238aab479de311367fd9c10a01e10b04c4cd..1b73f09c6f7a90e0f9fb59ebddf27df65f680775 100644
GIT binary patch
literal 200192
zcmeF%V~{1m+bH<9ZM&y!PTRKK)3$BfwlQtnwr$(fcJKM$ci)H`8?krqe%lY55x>Z)
zI+^uk=95uz>cp9wMcyl@$Jqz^zZ5<oP@wN0XdsCH={gwT82G=>k$`}f{?GI8pP!%q
zzU%}zSO?eu09^k6%m2q$;0rLm6+o^)0sfO;aDe~h91;Ku02%-W02Tla03HAV01*JN
z1%QwNPykQ?&;ZZ@FaR(CumG?DZ~$-t@Br`u2mlBHhyaKINB~Fy$N<OzegRMbPy$c^
zPy^5a&;rl_&;u|4Faj_EFaxjvumZ3Fumf-aa02`W-~!+V-~r$T-~-?X5C9Ma5CRYe
z5CISc5CaegkN}VbkOGhfkO7bdkOPnhPykQ_Py$c}PytW{Py<j0&;ZZ`&;rl~&;if|
z&;!s1_yb@7U<hCYU<_aaU<zOcU=CmbU<qIaU=3gcU<+UeU=QE`;0WLh@Sj||0BTnN
zHvo444**X9F92@<9{^tfKLCFKCBU8R0KJI-Gq(lQj{l<v;Di6of&thu|GmY5{~!7Y
z$jz&RtZe`<1KRn6{8!`uL^b*!QSAZIO#o}409X?vz<dn=Yw(}d_+J+iAQ0gH-0Hu_
z@V{>TU!VS`JyiaGjTQosbpt?T13(7t|3_pKp#MC>{&x!&;EDL(vBCatI{o*&|GWO5
zo2dcj=m>~t0m#CC^7{X_AOYt8-|_!b|L^wy&tCpd*~$K|br|YtK66|md12j_ZGvDy
zo8rDSPKH0GIR^=8V1<E6n}jNM`pBxq_#0lCkurSF{n(aLH6f<1$-0zMD?X*6GRxGh
zL1&ti)FT~t+xjKSt0XQtO<|1Jm$_?(Ze7YMp;3IeM4baRehUfwPJK!&BYO+`(cA$A
zJ3!&A+hJ>(N}9P8RGKnkJZSs|QWwy29=+1+O{CJ5a^Y_7WW!+}Kr8#Zd<o-9ElGLN
zSLs?SMVZKSuLBQ540;c>?>qn@vfVFe$bHaK2M$ypX^G8lwT6u&N{j!lK?%b)J0NQr
z!2w~i?IZbU-|m&}MZrlKcwx6mJwToRl&9M$0s$ygva@o7$xKA?8gIGIt(f!@*>-XZ
zs{{+}K#fWq{Gl&*9qGC~OdL}UYlm;sE8S_lWNF6l4>^Jud%U1MTi@$i-L&(5to#an
z-Upoz12aPE>Oac4?fa}#KTq$Nnb&oiK`Rl=N^OI@{U}^b@?5>snNw(ag2hmBL|iDs
z%G|=_bS2H$F?!STh7R14W}S(M`fzaL(3=8kR$fb{8my62e`{KZi=S8WjplZ6h&uVu
zH~iUhgZ>ClNl>bJWel4Gi9Y!t1dr@)-hqZMLCuexT8pSFL#_EELvfOT*{b04>s?pB
z@NCZU>+r?G<`U4Ap&+csJEcI%D?a1?Wvj9pRhFC!m%xKqpkDC5O1!YfM858^)S3~x
zg!6=>-)-g3(*KNPK?9%KA9^4|#|o-P@_a3t0(~<SR#v6vot%_+=ZOjD(t)bqZpg)P
zQ=ZxJYz1H2ew^pD51tzZcw0{8gpUGi((%(sF9auZ<Nh6y%|6V>F_+TXwHBZ_?!O}p
zPJZ!_M<Sk)G&n4cPI?Ppv4rin_-zkE=ICrIrQ3$1FiG-8lg}m&DjYq9_`wr~qV&{)
zT(vh3UpN13IfrG?f%ijzhQ>&NV?oq6GeC`AOs^#QZwocT>d2C4JcF+h4|OOXTHvnX
z4ts$l^Zl}7Jo0?CzO%)a|EQrARat)Cew>5oO((ziNJ;8JMar04sd~}l+Lhjr)bg(=
z45&%oOR4~^G(w}-Bk(4=JUl`9!Vx$M5<SkY-9<*-96bGn)Kbxc;7RtpeOy9rS=W1F
zf-1#(KDN^+jSs6iE7zeX@@5q}Q#6dPu0^(Si&O@wvo)p#x{g=$$O3tqMn<&J$wnNc
zpqxh4-R8|m<^)HosiUl-L`?Q)ozr}@+Ck`jWQkXhB-=Wma4rJ}FOX+Y0Ekv&Ng=oa
zRprgrEv;}l;<reYRD1m=QECofw<O3C_gfyxLI4kSZac%)(7fo;%lul=EV-R2N#<;X
zOuzIuW5HA6C)og!Ur7FRs6^5pg<Og&>Hc2IzXbJ-X>-&o=H^H~iKGZYZ?Z`P=}w|&
zBRPsX!FlQkd418gjir;qQyxk@s{|x0gHx4l656Ns#}}pvtC%O%=7-gXwa8p=y=7g9
zl9N-mc7i-EZ;6#3B7&&J5}pl6?upijCgmT3wi?P0qu^Ib{Fm*xjq_gjD(dx78yQC1
zh+vG2_y98Ch-)lp3UD;sabm&lsHpoM(US~Tja2-}vlO+JT~5Dhc|mQ5=6d8*YRV_+
z{3-oY&Uu7}b8H%08baW|47O6`&gcvKfw@{U9%M>?R${bF%VSQH@Lfc+>uTDyiK2vP
zHkMsJeM#;;{3|WYz{q^noWnZK;UNR&cWs?2f|LkiQ}Ml^Ku(smJ~v91171;zW=dAd
zw>L3N0;sjz!LV;E{9vpbxC)`Sl!HJ*{JZ6^%7A(vQsJS0Bcc9vVf_4xWQ*c%|G;NC
z>ulyjgEiA0i^Ye1h#`E>l$W|-x5xWx`a|s~wI#M04#U?IOJRwt66JlH7l@^Eg4flL
z&HROvfmz~LuW$@$?{JOWRGgD$Qpy_~mHRV(`gM|zIwYPaIAo__EH!;Ys+%k1FiZ%Z
zd8aA?gUyklA3pBGDLXen{?|O4sdZzmfD0x@!bqouw4T9G;&c5=B&y|oBOIk#rSBmE
z<!Y$iYVsOaYbvR6k-B~3`j$Fp4>KZQuLm-j8;eYmJ)^xKe!aof+nD1mwQh_LXYAZl
zayeoIl<L#HvueV`y7{Gd0K6t~K1}Dp`qfeQcJ3nqgpZ$j8Y73JbsU2O#v|ShXWiGf
z+fS+r6r^c>Vo=_!1~_q~*5s;~c$L59?&}9kkgP0NVpLg!)!HK-HaGX{dZE1IUm$9Z
z<I`l2OJQ<M90Dz(iahL)Zo$zBMh!}|&uabWnafc281WJeaoKz>+;yKLV%4YbTXI@`
zfJMW{ZmjlNh^yvN!P!_g2DvtRUgeB|x|AUlELhm~A0=_*=j+4U8_%;9B|;a4Dr}|W
z;C0^5a%qrO)CU_GTX>+9jiW2{@VKVY*haWE^JK|VO7e>7s@b+3opbiR^3jh+-P25L
zF`g7f@yJW&CfguUUkH{q^SF{Wh;zos8hGKBgdk_roi4($LOSxKi7*qk=}Bpufw}i{
ziR1^Ui`$-Yh<R0f#2lDpTQ^6IQr4giFd^+is)js83J+Z?`F1MbHvMXqkLYC<$li}m
z1~*h6fshX}Ln6VAB}D6L`xDeW4kg^Nq!IG_mmc{f#tXwUSZXz{4|BPElhG?nmd^-U
z4BbU;v)rj%J1-j1M{?G$%paDumlQklr<ow@Ppwqcx5ND!GvEU|&y~cf@*Cr5q9XS`
zbpC+m_|u9{-DoE)GizDqPGqv1!l@x2&x>(Jc#cLy3+)ocsF3F6;D^ECstNL4RJF6U
z(0%^k1B>Y_v|nvMKU`FZGkp0~jm!z}`?{@@(35VPZ@ciTKtz&2&dzD*RVrCT;Kh%R
zgva8B<hrwUa+QQIqz;RqY$lvzj8WDQ&T_s7z|veaXbCDm>zAK{){@m?F~4;X@BAW<
z179Q-U)QW9J`ara7Y`PL{8zT9+prh4P+PW9+N~Vfbyvw+;(K+<QJD)9FK54fw5eWS
zZ53%ghF(9FP(a7Gy%4Il1F=xJTU1MIMQk@@tLzvOU+k1YOdygqSq3WFnP-G31O+}W
z4SpT15SdTR_1rK4OTbZ@JJbn1Rw1V`rtoFPM5dJ_{K7`4)ZCjKcN?kF&vs0&Y3U!%
zAOj~B;TZ^T?0pH)S)g`8ac0OJb5ksxS+veW|Ef^k)`CSM&$h!RM9>{JA=|If$+qwd
z!Z1TvGdN_`%;zVt><b~>nB*RWDz$5g4EIXN!{!dwV5anU=(MnZ6&zPUVo4FeJTr`J
z9$BH*0nOh-MNBYT*-Agh49uiXk64ojZxsAXratqeT$_DkMY-<Bu{?f-{~XgucV)_x
zs8#DYg>z4NonowoU}%cSpL8nQK{fJoVUsY`gB(IS6JM=nWymJ_&;nhD`Ip`P_rbfS
zslpD>j;aG|updNfK#L8}9Om<tYR>40vRI|vlm#wh7;WBhaqmHZcOT$oY$Eh{pv(l$
zDt6Z5-=i0kXg&=mqB=Z$?8OhmrAX!u<ZxMV+XLq<nu`QHjydtyaZ6>XZzQatnp2RR
z+pX}14#-yhe108A*rX%f;PhmGM;3W1(EI6%1!>m3r-v++Rmz`o57G<;MHB_D`FNZf
z(ny!)e#KeLaQ5_)*#kM(j45{2`0w@wqp(`XkRkz@cpF9@?}H+H;>L25S*VIAoKQO4
z{)n5jnlD0ODKS>0Wjo%aRVZ?Bn}0<4>*rGU!%QI@!(9Gnf4bj&K0)*}X{Ol_jjaU<
zqJ<L?Bq9)$n3@AAalCo0#c&pVgwr%V`W^HlX|(!(PW+^}jkl8SN$hXrwT*MW`VA+w
zUr~ZR-dESwIDLX7@N+Y^c>CpNT`QXTl{F;y-o4gjk*LyIiMG8riraA$eBFPR3G6d9
z;muNpuIz!4TqzYatir<6*29fO6H8qq6+0S5Y@oE3)rVhUw{`-gz~qU08Qe)buU>ii
zv>Au4h1a7RGRm6-t@6N~JRVbmQn=8F(v>x6#wks-av1c&eoh#as#Olx7Dgj767cC*
z4a}B_5pak~-g4GS&u^KMq6F-*SPN~xHVOk({VS&mtE=0+Wmrl`UMwK<R;n=N6@(2J
z<&NJ=X%l2fvxx0%AXc|<A?%NBaOAkLbP-Q<|I}dLiePi&r2%7g-1W=SVDC42rPVGp
zrX%z8Nm5Rad!gn2Tl9k!&iuxddDiG;#^qjiwQzA~&M|adSARu?{wIZN;2Hpm05!ZY
zQAU+wAn;a&gtJ*=I(rg)Hb+LZPY>75w;g!Cs_@DYP%V1s8|=&}quS<qAPD=f1+mno
zU4hj-X};R}=DqeU^u$9THNfW(x0WakUfm$=zJ$OuQq4JzoR+Oa_?5a}k{+C`v&;5P
zh9{acW*mlCN=qm;^Xp#5SPi=NnKKO{&zHH~jFA5$I=#6De4&@h{+U2GuJDjd4odl_
zn1zgA5`EF0HCo|pR+Cf^x;%;}G99EsjH>NR#r#5CF-RnB@vA>G<M+7k6^-FYBIECS
z_;ioH?A1tL$5@85@FF;dVPHrY3}F)ni6k{4Thdi65#Y1;XU^#)J*Yk>4Jvd4-Ynr@
zfAiJ#nyQk(PR_%co6)a0va1A1nv=-t%Qn41papKW4eHtna#b0u9M7z>*-8A94QnVH
zn(q)7lv%2MX(fSl$#MBPJB!2I2V+GzaeCPj)v3%qZ}75mvS{&9#>raGKL>gU!WM*g
za7VR>kYU3v%gpUv>Es_Ex6{7R@dET~%RZC8@3N1Z#(RJ+;I~h;?v4IsJhw31Yb25m
zef*Q}sofm*@9$z>lru|?IoR!wh)`B5?sh2=tEixJ{GF{D9QuT08+*q8-Jj7#6Xu1Y
zDhXMI!Y@XB+lsvfv5qm-5uh#_7j$KNV<NxO+65ZlKb5#Gwno28Ei13F5iU6PAmrjJ
zkmgfL)V|3Jg)z`cGh==@mHi+RLrbOi!R6ih4=y&QesT`^9qYzvz1O<kk=c*dx7=(-
z<^VGr2${#3sPi3HTT{naKvPny>;j5<;y%Iz$F6WHrE|yKX-9<WO3z{s*C~sHg)Ez=
zxhF!yXAiXk*E*<ScP#vsSsh#IpUJ%<F6j#wJvse66I>T3Gc*b$zT=dZ)sG%gTO)Xl
zp0JD_dN@V%Z2UYGCZR+8**HgLg=W|qx|L-+d#z@u6CvFF=p$N~cp!DrhxFgXu4e(D
zb5Q6PSnYp*v`!uZ43mBiQ;si~m?N`@WX9<961^zo*^wZ>*72(2(WKk8{pPAdSfg8?
znNHTn*4>0d3x(P%ef%OX`iF0+^uQL{&Hk|HmxAz(HMy`f-tj?*Le%Un5c@`8qlxS0
z&B5GreN8vXv=r<FxW~h0@?R$#-4Fh#m6ug`@KviMi$A(HCz@H5*i8py(m|w!mXk1g
zPV8W@WyHxeF`cXUkh(+2yHI<|D!U8h^V&3ehtB$VI-F}cxw7M1QOh&WD}PWauu&Mt
z^#97yF5`SQ-}CjCxhTVfsp+b2TGCI&8!rPlKbCR>lQ`s3+oetGM^isY`mNwwz0$UG
zb8F@qX8q<Lipm}N8&R-HYXh8PNLJOzof&R@9)k=y9xMI}{nKEEeFni<iI*9k?UUGS
zGs%)@6DwY+wp5<p&?iJCah;6)tLP{(?bdpJ>qk~3x<YyzJotEM+qQF9Ttp*wLaC8v
zjE#&M>GCwtanRQ}(hoy^vCH7Qhn`&C8+%K8#*N=uG<7!X0ZpMFWRw`gg4$tdrE1U8
zvN7NKaw0z9?<f%~8gZGehj=lBg%Z<E=;JD-sD0zIt66@2Ol$<EGv{br1&*S63b4yv
zx8Pn-HQCc{0cY9=iRlVz^7`CkNncu9^?sH}yEhmAQnG>}kC7cHafGh-^((W!L}Wc|
z2GDKlb8HUzatbbpreL%K2$^-j_fn{m!bb=Si=HB#-n9PS6!n8x!8Bn)A+X|t*>ow&
zQwO#RzupIfh1dv^nttak^c<AsU)bV%s}ci;0#u5F55D^BoE}T_7o6Mj`&Z1M#D$@$
z<LicGM5PbR{`OKY#wdwo_ucQ)zx^hK_l{+_P5WQmX`i>szqz^sM76^54{~M;H7?RI
zN{y{b9<7y>eE6G41UpXlYEDOpB!1p0h8~s5KPP}}IP2T*MU_U@GNH5`QMfCg-dPg-
zP`d3=(3eN&-}qUGkTxj<ltnIyvuFs3uI;|xCQIfqf{59v;NvtwwK*i@{8K;fduwSO
zvC?T+3Prb0<8}Bf%)5Lne>W(e)X{;KjtnA3`l+#`^<QRSn$r9(N?*w&?*3)U_UCUq
zs|}ocpZV6soOs$3P~Barzz$!86~c-<ORGEdE!zGU+tJ$gH&+?|(4~C)VLW0Jq*j6V
ze(5%XNXAvEOc~qCR)gtI3uMrDyydWnOxe{LYUCebn85weZ0D@vu*kxacbHey3osIv
zCq`%+^t~uTXFXAA3I63(jf)0|+7tI>;r*f2y3Ly6KjvNIeWM(+>1`!T+c2F{87{gx
z64Sw#zr?3z2X(m}?=BV1)*5!HZOZ+LPAqP$0~C_@{6_}Ayjg73?+iIA7r&+3N_08#
zol=xNE$TD;)!pwMLafru&}4@j|E#luoO?tg=^ef}UvsN;7ejOwNoI=c^+NVWI#)$z
zWkA1HI$Wh_EDf^7J0J@4jhQNlySTw&Mvsv*BFt=lx4iFU@yiQDl`FC(p4#W+_@HZq
zlq~OsG0-y%I+(3bC!lzD(6v`i+VtPcO^F+NFg#T5G^UqIX<bP*t;Ir6z-K+#@`VT|
z7(9*nk~f3Oj)l=GdB*cHeHAcv`<VtYvC5tdb^VdI=GI{E(e)3JUXrzbL9wsH==(}m
zGWn2TBw0w`?Wo^nmg$TLQP2m)#*Da}UVMeCy!cKlWKOkP>0Xn|5~kx<^1hq$V;c)X
zhumE!71#X>{fE=7Xr+0IC#HeHGC}?&lspHNr-`jafnZIGh~o2LhhbWyM}_>be_}b3
z3OQ>=N$uYxnp==D^aJRhLJCK$N;}eCl24n)ZFMQESl*|}xp;iYO}&<i`6%Jo-)92E
z3k23#nx((la)R4-U)xxJbCfJ!+A#Oz@5zrs>vslN=Hj}VywCke{$3k4He2oG;EeQx
z4%~7UoVEUV%Dvq{bLl|;Guo&uhK6PW%z92DSw<Z_PvPA{5xy9A%eQuq?;@~!9^k0h
zf$^qBF}PxxU?Qu)vyjf>;A-zE37RXw+PR4YwxPJaV-a|5A2>x6_r1nk;dN@i7~84b
zA}pN7W|;#~mctBG&E>h=4E9tjWNS%)GVT$}D)GtsS0|X8Jr*^8Uf;Gbh8qZcgWj(+
ztX!P@XrdFn3Cny1%iT;HUJ3oa7R56@DYYN;G0f6p6?+Tx;0lY7n|flWrriGsDce;x
zWikzAm;_9{=wWmqb|1L8zNc_bV`Dk{jn-INjr8`<RMK3!JXe9d8CNl9JL{7*NrWtH
zn*-bh&JmWtekV=bygpUw_@WE`d`rCc6z%r`0=O<*FsIy)kM(sCe<hk_;tTw6+HZDy
zj$yYU15^%i&w)}mXFtbU$B7veR!PGyJ(Fj{PDv}kZ<Gio%kD!BcL&C;leex-n2V$Z
z+?zKbVk+GO62JcW7@#^xwQ^<zjCiu?OHsBz1t#CU2F8F(^VZy^!yTpPqgMdm#wzN7
zS8~Gy@f=r?osaVv6$NG)GqbV^G+;hT2jr`H+Y_#HuH!Y-OWibKg4dYI+**|ab)(Qg
zg=jqr$yENpf$Lv5e&D+Vm*5RfVP?oG50pPH!I9ie@pG<U>K)wrr0M?-{PQztIodPx
zN+5pc=Iw3stDIa77uCP6v4>=rWlEIdm;mOF*CZo1+#o+>0cact@EB?m2eFY3>!-x3
zeQgmMDjkUg*2cUI(s|b+7yV9J8u~Sh4zdWYm8z}C-7=08$~nWQx+_yJh6F?cn{8jX
zzG{p|kNlOTES))j15w26tYl>PC;oVZ^b%%Kq~lVZWsg$TgoG+c47l<1N|i{#t?FEM
z6|PX`)6KB~&2HYwGm0B+!t797l|t|^+@5^c;N2DlhY6YN++frM@2O@{d;hw|!`_76
zva)dREDrxr%q*#PRnos{VH+*2!ZGL_75|b#73jl#_E#nf@-St8+esML-WJ}5t&Q<m
zkX?f}tQ3&hs`WT5BGQ_>21$Q8#Zea&cOAR;1)rRTjHPn8kx{tM?J@mNsy)UAY#Nj=
zh}t4{_~p8pS*G|~N~WIQ2CY~hp0t7>V2HCyXb<EtmRY*m+fD-e(NioH<*Q&CVeIuz
z%r;6upCNBDPM@YO@hEWY!&3#cxPNt2#}Ic5MTJKT{`HLR7Ih?cV%Ta@H(N4za-;uZ
zy?p_Za`dapi%8jwcR^mQLd`2@P)XaPm3<oO@Hf!(K8`E*L9FYNx1x)u(aN(G$qK!9
zx0MOFX(6^n`rMegoNY7}fgy~LrgtY5{Ik@!gsF&Uk#0;&^v}1nTA+HPh0iJ=UkNcy
zJ8hLT0VBQyJWyz?|Lw`^kz3#kEaan#`a6J`vt1lB1R<pQK)kVgvCNcdouypra|xOo
zkCd)9uG%BUYa{T1ORQ&a0DLuDy@?F!F)eT4i>6a=GMB-kD`6QC_mAeWsGJDCdtwH;
z!-$>R=4`chB`i_u{1P%S28sa2gxUsf-~9YSO%AYg?0t(zRuNR91D(!-Ff117K~cM)
z=%*jDX3~~3Oz0bt`N{30?m%lO^8E~RQ~><}cb+9iMneXHS>4-RMlDwFu@0}m8wHxd
zp*${U|2HIbUIdFlYrw3$RVe;@(>ZqK8k;I;lgxKaW;zL3Q-_XfPzZB;qp51aC9HW5
zc_>l$_B&!yNAlO(xl-|vYNGWoTXh@*?x6Pi;TW<8hR#IAR}Ov6>Jj;Q9~<;4|6YAI
z#4`G`D<Ctmq$13JpltzTO2|I^Zg?23UW}>nk{{kU`5<XF>dg1V<y-aik}$@2g7&$P
zy>#OX&aiS9s8aJ<{&w<H+&FIy`51JLL>Fo7%e<iylV)d$!dsd2gWU?iBh^NoRFc5*
z=r4Wx8x-KB&*rep<6+X{(OPH;Y?VShNhEdY83TqSQDknnemS01v+_Zy<!{dsH=~n4
zzg)DuwyeWR=}MVWTJ?O?2gZA!eWs{2cls^rEu;7C&VPKQ1q&HNhy71UsiP5-PZs%F
zQIRIcDOjebef76Y*>R+w9dPGSOJ0ov?<0M8zI~677&B4_k~yGQBB4%4xns=KJ0yWa
z3<WSKgX8+4e>+s&t-Q~NqhllB(n0@&HBsC#KlkI5vu?l?aN@Ycy@U!srQ+|Qt|Pj+
zcsoq<#pbDN4r%%xU!{Ch<m`jZR4I0XKD)$!{5Nt;a18%B3mp7nnu}}NPTsQDkVEQ~
zy`n9vL{6C~83(hsC-O;4&5#rJ&YT*$UuoX1rAqxvn6l2JmmrpAeEAsaDv6LzmfzhR
zJ3@4q^&oXW3#omd#8C=SfDo?Iwh8qMQcU$+&qoCTqk2Q|@Q;9;Tm^HqxbM8~IzF$M
zUz$PAsy}`nTY?=S!cjsJ@=A)aHOgfcw-<Xd88dmbwK6HMO5v*rR^m~QoMn=c_TBE5
z9z1T-N)%N2SjCZY&B}KSp6TN#*w!+%jfDB@o{th4Y?f}Z)EAdoy(ll$FZ{oSFiU;F
zX^$W^-31o|%KWUXAYkxJ>q$glk?iAFZ$wM^6Pz8Cuo<UU*F7SQf##3`2#fn;dyC`Q
z^E&lm+q@X$<hqykf2+t72x$)pz}3gF9a<Z~U}b4uB4!v3l+NVf^>y{|8CzuFDMYLr
z6Z2QSa@HhgeMau7NVKgkfoX?zsY<jK7U1vG)&CvsratDx!c&4Gyq~gVOX11=p>~E_
zq58*Z$(+JMewXo%(Jboqht|2DJIj^g)i@@W(yU5iL}R1_!)2Yw9r<NOjY(6PN^>Mh
zQXYf0JhoHfmYzyh2>nVwB4jQU#ho41c8@o;I-!4Ia(@SPbj{BIIDEFiyE5Ed(KojC
z?0g7ifFJ#8Gg!@mryQuNC4p|)J?rJW$XANF3MP>P)22-0M8dNPcwhx}yaO3(D~c*v
z6@e;k`%y<$tVwGZ2d_2ZrtNpJ^5xq@(zQ$<O|!0Kw>z7j6Xe(%nHb(rJ%{;rc%wj*
z0P#RD+L)@VnOVB!5PqAIZsFCR;~=B@sh%__Hd_H@2V0N!a`7GrSP6SsP%s>oqWe5I
z-<}!=(_@(e9lKM)NQKKTuDrgE2FK8#yC&d3$Oh+wl`j727aT$1PtHb*8pH)0P%Cz9
zOuw{K1CTSuQY@3}$hO>tWoO9gQkWkeM)J+8sZARDC0y-N<ch9w9XNF{TXf2cP<X80
zKZ~xA*&_ec>N%Bh@>gS7v;<nxufEZG^pT-E@K#fonfe$>xh8-%W<7FT?%*JwRhiMf
zFXrI*+T{9;X-2fR#xYG>A@7m&jdqZNbZ`Hu$>7BGGQdOnALM6UU(e2hepj)MXe3m4
z5o;AvS3BHcR;KpCw6jM3z0X=&C61vZm#&4x>n)B+Pb8Sde~R)$rBfU#WOO*uWt1={
zEN#K}Q{YuV()PbGCC+gm=&g`GzjFg)w=fjHw-{!ggkux~(*46FjRY=QCNC<`lC)=Z
zwKc2bzb}OByykqW;nV&oUCX&|&I&J7(02l%ca|X_%UzEtZX$l}ZT9?xI9Xt{i_eTE
zy&z8!u~6e}B&u*g3+vIUFo38{4#dkv0o$~g=iVCDo%%Q&0pgByz!L#A9|HtBBwhor
zlrUbH>nHK#p_j(r?3~pYpp1U?w&3*LG8SEntS5bGCERg$!^W!!mj^?6#&=BkjS6S;
z*S@(DV#j{^76Bsu2^k}6kVE4Ww6De4nXTw!TXO4&7Od7sQ^(8Gn%GVnffEa^f<N25
zT@Kn$wAIS;bb>C%w@_giorIy=j4rZhsqyOt@v*TmCM?aJ7`Z{?Sb8w&PIiF+A+R)v
zgDfJMU-6I8^WIxP<ACN_kCSM+%t-QxBHZsUJ!qXKU{(eDG$K()$T=E6_2abmz%Wtr
zfRUgZ#c2exr(qf%P+ZeN0oS<sqxEeCQ!~x$UBH*C0BwgVd#ssgbd@Z)g3dd6M-*2z
ztKZ#Z?^tbdLo;a=6UuDDgB{bNCxl~|_F?Lkax<2W5{VO|V8g7U0$qh)ZHZ0UZWMLs
z7BP<eV$B7+RKdpmO^|vKv4Qqzg4;`dD&@n$%rHKA){>l0FEIq5xRQi8SerPd%EqsY
z2s3+TA+YR=>kKr;kp$reS27~9M`Ua|tA#s7<{Nhmg)kH48Br)WwsB0wV9@(^cncJ{
zh~4=tfrnzkX9UAfe2=hx$a*}l**>RsHV58luN6YwCyxd<s&Vx4&th<sQq_vM<AHeD
zM66y9t~RYAV)oLLF!!X$gnno^&gK-@wfFIreW=xweT2^KH2>_iWx5*tteW>eiNVF@
ztml!@2r3OA8R<w{d$)R-eQ*P+hL))(+E61IUw|l^r{TWkdq$iJ=EYq_fj@3K<6QP4
zbjkmM!_kLw*Rg<|<f+)z`$O+h9L-L(A{}gsUt9kz8mI^%@j0ea(=(#pTYZcwvI}+A
zu^gVWa_H13K1r*srL0KQ{pHeZe%Q0yKB_xHlsT#fUf>y`y~R%?(eoJGd3sYR3S?a$
z@k*&`5)nYxBv$7j<?Chn??uSDxMeYrgtCN7YXSZx+q}}_L#bbQte^j186Mz~^Gl_g
z<@~hX**rsREAEKO)4|d2Pc>^|nkmQ*5+P55_gKZ|0dEyu>c7idLAU~x!G(S(VAh;A
zLunR;%ZxQD>>(*lf{<#*K-lO6s&0637!*7>h;5B;&;clyEf!K&9`F1)4NrfGmE+9o
z+QxI{@{&Nphp%b@L!yoY-OrIstyDw74t#OLj#YYsv4p>ZH(mKS=<1zkMc%nf-)XE8
zKwaDA>We1OwjgCNH!5w(4LghBOkqSl$J03Ok}+vNBb$=NtJ*Av#Al=pAL#}>mveBW
z0U}2C=B@mdkk&1;x%bYbNLRT*UZs+ye(l0Z)DbB$FJ|D&$%@;cESY$i^l_G=3MR<<
zPxvs;Io^DeV4|Zzt6wP9sTYWd9W-Rd!zLE*h*Q;D`s}6RA+^B=D5Wt|XH4F7ij--m
zp)~V|*~537k&P>4&*H8#oO$+r#f&dc4|`k~93w!COP_N!{wM3pw=(%_KZr)}P*cM*
z?=z38V~KQm!y?3vBIH4bvg3cOJIC8>jozIIafl~F=H3O~Bxm!Q{;sa#l~E~hsAkUc
z&q_`bG%tExnRyBaHsX>+JUk|=M;YC^U9BotPh-#6tHqJ?o*kDIjI=DAdJw@6iK0dK
ztEfpw)*l;1zldnXlEPThSbrVn?~@|4sDCxD%8rzMh+KIdHs9sK@><?c)!yY0lXM@7
zZTIJvN%$<C%XNl~Zr$P?E{RGktC`de?qPvF^+e-q0Qvas?#%~Z9-G^?-|%+N@94@P
zQ^ypLT&hoIgq3?k`VdOE!lUKMMXTKFY2tv+aV0BO2cFkGe*9r~TGqT`*3qmrEy9Wo
zk9>i3nMoIqYkt8T1n)wGbLxD5+M+!4`EDnzj}OPy1zYKy+1$+pcAO3KrX#~&LXcFJ
zx~<A6a8g}@X;26$CT%)XQVHEB0=gEPs_dIHCBAu4geI6j2&gvdcyo&-2R}ETQL=lk
zqF?qU|K(hU9H0iFo=tCu3tNb;ph}F;3`S(r;&=zEbcoj2gpts`+7<`8dx>Av8;Uis
z7O??`ba`m2&BazS4P*?vQ3q~NK>XG0fejI@*yEcnDU={Rq_nidD+4;C70Le=?3+JC
z-mo6#!qUUhV4l)$uzG-rO*V0K#Qi4N71go>VGQl!;uG3FZ~)n51q@pIvPIgXv`|J#
zObSl8E_ywjWnoJ&zA;)Q@`}X=Jk@L=CN@(?0hMB6lW<e}cj<OQB9O^XJU17=MDe4}
zS!nlBlX`(*byp9Th5JZ)#z&+g4=KF}C@S8Zai@qwn-oak(&1L8)2?f;<{2EKWKjKO
z$0I8#<vAzT*fvravEsE{i6e-6VBoWlyu12hQNA)3T(-NIHTYA){huQKzgCZ>{%q;t
zb-!;>ZmRs`Nf2{#9kv7h(tQQcr#lWVs!K<~l>1m+D=Itp`#jf>`}HJ6&2NM7{k++t
z=0QWz0Elnxo-!Yj0|&69P7aj2q1iRhmIy|9JkDn=zkha%Wm+MDD=t`pON9NLOF%*k
zHkZN{cOAOfaKP48MBG&jhqbm89qYr$GN`gm9?@8^ewY#8g3|*xB)L=gy^Oz%X$|1{
z+PmXzmr$oE?BL2dPrXaG3V(=^kB$An9d*Y1YiV;hmz+Y3YD>ZWyh08F9WgG8+dfin
z-9_7l3M$-OBobE6V(llmvg=A0$NabBd0saUEmVk0Exv7X<$y`x4M;}}Ju2*6*AHP;
z&nMH`?uV;>(C4dBgXnkoUtfs^VdH`v#Q6V0job}ZVzSXTwQyHmn643G7|A9yaFrqA
zZjHi7E4K3E*<u7}&D3@r;Fmu)*^yLm);Ed9{7tSKr#iJd^jF_QHLEg%3~d30SXmk&
zpLErhPw)O>324b>jq_YF>XcCXSOqB*JrK5Bc+@m1ZS%4TBFrg2(P$L!HGiRQaB;TG
zEV;!|X-^X@ZuxZVRbg~{ZPH{;JvV00%i#>%Kl|=wTs?e5f^1`PwzPs^`C*_UQ%%}Z
zC0O;mO7l@Wt(=q;+jm2`MkG_KmZ;m7!MYmhUdb{k&~2E)l-T&G1x_E6zWgPGUXfTM
z3YoT0NMaQvQ)P=&SwrWfYa<~IO-oT4rf920YSzZ4D4G!&H9Ufj;MgYXt#~b3_VPYo
zT*=9=xgs`QN=p+{*N%yLWLTi9(8a6Z5khD_**6`e*%FzI76rB+R8=j94%{pzeV&0i
zNjGr2^FCmpARRkxb)^CE{f)NK$U;AC82WWlXo+N%h25St;?3S2hALn)>@M0g9E7zx
z$jf-aN<TU@TxaQE@R4hfs7XU&b*~N!Rrz$j2=n_0>~IIEIB>&#0@^tPsFYzC<{FgQ
zL!sq9lrAH&Ue~zX{S#%ioNS?0O<%#xU0$2C>0CEf>z#*KrIU54Wbb7wU2xfqaSo~}
zO?b)17^`<3V$oAJ5h`=?ledqmlk6q*HLp~Zh{XaJt%ZD?Qz!a@dhSl@9!47D&cwdl
z3E$7uSR8m>v`DR7@B)UmlNL+-nLY#JiY{HHre;VE#5oBzUwS9K65`V_mI^sldx1HT
z{TE#LV4(HIC@iVX<3_-Q4JhUxgln0)^0z;*8$=b3ng)$k*CmbQ0@T;_*=L;x+G0n#
z>bC;O9W8KqSHyv#OptMbfd5iKpd{QYj~Mo3D5vL(xeW-#V(=fOP55(&uqlJ@<E{C4
zWfR<}74(6g>te>sBoLl#Z~iTDr62Z&sQEGMKGg|QG;5Q;F_c*;@->tpu;AOHBbplG
zMSPiXMR)qNC*Sr^l;D(fs0jFsWr!Jy|EF5FX=~k(<@^V)AV6$T%#&D@EoAe?`q?^1
z58*nnAS#^iK7)7hg-G+0X_Qd#%0WT8n;7>A)y7|+tmyi9mRnPq0g^ZZbCH!{SCj5M
zQq3fFpO0Rr(<!_hdqmr{kj_E&3KtS_CsXkO*b6vmF$-EOonWAGwuJe~Ku;=1ZG@|P
zFO?hgl%Y%$9}kosD*0v$htaBBj!j4UwgEFA?8Iqag6z9Bw)<VD4c>W;S}g`&g^Zg6
z3f9H7lvn*p%I`S8FC&$Cw^$yhVaTS1hhKW8ncicBpe7m}F?h^f$Kk`Q$0@?dHL*v_
znK}=)C32p{7Rms^<d^B+lH|qfvm3sUw(}C%!xP%@v~32)?{yTbJ>F1%Y$-*s7lEk{
z<tSY$5uga%t&{nhT$58>W&H?!AisN4=ChX-<g0vJPT2V_S$*FrVAWVCL2$AYZ0z;>
zrlD>kU@|f09!3c|TavBrUnHRk%?+IMnT{spL98WCvk<3;2lct9xYR)8?|WFKDr2sj
zov~W*^+?s-d*qGaKdcc;nWIE+#(e5l%GAE&V5M+$0|<&kZn-!<b)C+oqvKhzXjx;m
zTJaG3wh78;Axd{rD_*<5o7LNHeHjD{SAz3?A;-p;cy$l9VTFKXLlS^cB1}YF3&-WZ
zxZy7`sV|s$>jPhKbMwwH^fwc>R!fMS3`Z|axH|Ve9AXi~XF}?@+Ryn@0A1rztK)gi
zDN@GJoB3f=@Pc4WGpWBvFrx7@G`4n_$jkZ2Yo4OpxRJ-p)f7<0B7W%fwJOy@c8aNa
zM)a1XE&h9<1}aQOUU!3s>RJpD+U~P|4d8~0L|u%JTZOKsAt%+8;n9^2yOa~zL}FJ~
z2>pHPS@hsN$YDe_zRz1y>m8F4&+j<-K>EYkvBVYyb=iw9)4Dak3f>G^cA{^={3rl!
zRy&Y?E5Jkh%h|C)wvN0ObdICV;LK)2O|(Lx8f2JZh>Z^I?-J{PnvPiMnBcT4ky=xW
z-+MYpRS~f)F)QETogTJ?wP5}6*~l#o&=@cZ?}GJL5dT`H>u$ho>IH<_7wT@V-klsj
z$Qai3O7?IT4+{)0m|Q9GY)kE4>3-2+m`s!oPMKmBpI(UJiBAw%wl2`KG*9mrVq_6^
zUzbbkn2<7X3Or6n=^rDpD+1F?iXh6&{L~|9{;Gx!Y(c^P(Y|xNI~?CqDG6#)`3il-
zslx9Qcn(&fp~q@-l79ce0903VZ_^XSx5Tz019|wt;Arn#!j0;3XhP8D#!$C(i0k*a
zh+y@X#&mzMc?$ARVrp-xtZc{tn)GE9MHdR2y|m3$3}A0+jT9j!C&ed~{E(eaB1$O<
zAv>ar9`c9>&ywxgd+W3D&#|hGy5g00Vq8l2u`3;$zqY@@p8qatYx6Zj@Z+#&4}Q)n
zE?Lf6JI<t(Aw9S~F0OB{EIl%royq)ojuKcRV8vr9=acqakB5~Zg^W0mxtMRA2r=!I
zwyby~0Q+cu_!WOQX;duYQ<7LGFW3g+P9Tc@aoR{$(5obmR#gPHVoiw}XJ-#m%jo0p
z_V65#uOHT!FA$x$JuJ=Tovcils#rGuYFkdD4pjH~m?Vg_3f*><OEjD`l?m$1Nihyc
zhM+e3g<yY~%kv>VAO7Q99D5c_7&I%S;<5ZsrgX(ha4S;j9@BJ9w~KBcclyG1-C)(S
z8A?<zvo!Z?tI2@&O`&H}?pF*rBuC91@`tb{<;uFAO?D0YE_*{&>-E{>Tx}$Csf7ic
z|B7tofW?=}E`hKL2PXn0)#+y_(eW0gi9>#%*E$1N2#zCOY21s+NT+_BetL%9p|npM
zOtr$HrjDh9t27m}T`Y*jA*YNuID!-%D><T8H9CSAD7C*XXBtlGpi~#}-Jshq&b_K+
z1%&jB>VcWT7ZR-dOXxBsvAq{nlEr~1ji0OwWY_-b_vP(=oN{=huFi2I&dJq6rqEM|
ztYmkHBiO1Q8(00Q6+$Gn)Ejih^gLZ0P2D4!CnrC(UC4-gUkPq#`INkW-N{yn&%w1R
zq;yy9rdJu9>>-I1i*6N<tIRkSJ&)^DU;FCeo0I1RW+Z<fyunZ#)vF9=>cVG2AeG8x
zLs=dkAiYjxSns(uB7YbSRcXPwyils@9A>7YTr5j|p%VNFnBIdOI%W-e_g4=3nECSz
zPFUg2c96<wR<u-CSDWGsg#=t<dsv=FkJjIAw2f#wlW<losOX*=)aMW|zuguTxvTD8
zmHZ}d8=u8*nQB<+#mZ+|jJT(L9D&8U#i3abK?lt>N19b#lrw)S#|}nP>4)y#R*me#
z!S2`ek)NspX_@+7A@ze)3*X{O%^ey|pHgDoRUM35b@s`#Z#(q6VztwFV4V-yu1qc-
zNZ$PMuyT#^tUywi9Q^3xd|LW&kuXk$2f05TZ?6>e3iJH@VwL&3-&e~HTz21-Um+_7
z_qp;MoWnz8eS$n<<-1<i#6%J52T^@Y!Id3aYN|1|a`fc;c6t3D1MG<d*wdHdjc6Ad
z_9yRB=8HgAogMY_<2Oj==Ry|!iHw@HDHz7y?>MaKqL8p#vh9ucSNkHM#p4Jvk<l!T
z=i~Z6&(;G}e5XraKTh{MX~AWFpEC-{EKlkXet|m)jDhwneG-Nu@|Xz$$TYvh3KXIU
z8bVg&PU$@<*xnGdsQZj;3GSP>dHvw@qi-w%1hq}GTf$ohI<AP9Z?fuNuo&)}z3z+*
zekU#4v!+Gtdu=M!f<CHYJAih;tsi%<gSOOQ#h4@?9=Iqz`FYVr6PLEi&O}<mEGO~=
zp5GM7Hkq(fg~3udL(9uzL8Up}0^j4|qhutOo86H5a?o7&D3zux8N)qTEmEL6ETJ2b
zKDc4BWc}3<T)Mn@AXm7`Hs_WhKUySZ4=r`+!grcu!^zMl+gL{GR0<5WUBY1oc^1xV
zj3}{_t12eaEL_VVfnj`UOSEeE?e729A76*LHj)u?ZI8A)FUr=#Rh5DHNPf~Ijvxcc
zoa>|7nMppN=jXxXU4g4R`(Qj&_d5p%MXh*cQUQ)O%X?;@%e2_Q;ypq6eL{><fjW%=
z-Au>+1cVNJ%Ke!K{NDOqnN_Tt51CiYC@(Oz1}s4??bi<HzMcPs$iIaHU~4W}yf$iL
z{*7T8TO3?bbK4HWOjVOZPU{neeFgVWNg?M=X1{6R-X;>N)-w!Sjx!(Hbel(e_`ieG
z(Bg+7MYn7lQLB9FXM>oqS-vVw<t+O?7_xZyhX}6lCn$!w+kVQ#|30Ue0Rz1g9_2Db
z$_AR6oe!P&6%Zre6eeA;zL#}RRkQ%QSMY(GkYKVBJ@|#OL^AJ$^t2$Jxy7{vQaUlW
zB9WjKB4R%5(ww7G;KRdwfyzf=Y6u3MBqb&>HsYY%P`<Ko{3u$R0Otflpw$0zXw6JQ
zA0S>SKVrqc7DFFFYF1YwLV%&w?AtWIc~(+Pk;=sMJ={1>cjfCBlsXLAY1P?C2Ir7z
zZt<=Oq>k_)M-k$22J^Qu>ckWV7kv=a`+Nbt(V9|M;2DYpu89!+2rlG~i3%_5Tz$c>
zc`eI|*?z9+t(|P2xiiX1x(qYiNDaQEYT~9X_{d$#$_dXBelA)&%(16A%!d6mUvx;;
zuYRaLyE~h=GM4ewHdJcLzsLVKE}uCoKg_k*>Y%thDVN-^!0WOwXa{#pLir4o5Tnkq
zJl%|3$!F^|i~$R9<>N!hQ{%`VDUG-bG;d|tX~Zvs1TqkQ5FxI!X;j4}KkaBsH;^#k
zz-g2s?i2T&HE+&bp=aBSM}<A@!wS(8Zw-eN#fvv+CrdhMf2t&R61b?9AEfPy>egf1
zQ=r|AS=C>qeh;Q3A~Bd$ubhoO6sAxWK4iQcpe{shAr@P&GsSeM5$<_iUyjxlgwg8g
zb#j}#3XURbm);L~#}RpghQfTfP~p#{;VO>>2=$MkB;7D@{5XE-c2?D2KA*<+R?dE)
zB92&LMn#_mJ6qxSLPMF1rujv!YdE%#Up;$wt}`T%J_1N+#%_fWUp1aa)b+ts!Qi9z
z&|)15HKf*!Ep)vqa}Tmqr4BR!fr7k;24#2}IP&3XDDODfjC7gE@%5_0!?{@|vCEK~
z9D9-#Bv+-jQqbwU%sMo4uXj_r<EI7elcg;Uhsk!mks@)F-I~E*GSAWL42ZSugSqo?
znDmbhe=|<1nPS=WfQqLtr_l(7ep`ur^a-3<P(GV8H#z(|Qw6s4cM9iMONQs$C5k%b
zmgDS<3DolCcN^ob5{5cIau^~07`U<fsEM`%ya^jSMU%7Eib_;|L$0?XUJaw_JOy<Q
z(VM(3N@<}4Zfi-R{`$E2mI5bC_vQ&om8K(khA=2F7L=(hJd8{4q=6o&GYWI>A^i~4
z!!;Z_PbW7NU&3^qCfyOPNfRYkk`}VR@7<LBSGcB~P9qPws4+QlhCApb@+1V09XyM1
zTui`G6Jn7%Ge;hW!Tll6%HdsKVljz$O0`<CgBB*%@5%ez#a%6s=TzSlu4~s4R2g9?
zSV@XA?Isc+`2A2i%&UU1bc$}AF<L~qqRg7&c?WFO7&N{!o)QJo$rA8;h?aKm^zhnp
zxL!x;qWf*wf&8+bpX7uqT_97B2lHPsPdnt7E4N5mhFKP2ftDHW9&?B10Fu%|X3H<s
z_n`-~#&3!KeJ1I*2#h8oY>(fi{hOZAu?IxJ+EP9Vryf3}qn%aMprZ%$@2yOihGdG}
z#bp`Fpq^n&^t-W$BOq0=`2L&}E;OMbQweAYBhOu=vQVxmLQ;#?C0^m)B&~F8%W5F~
zK#uYk^o4r-v8T%YKAh{rd>az!HwGQtu5z#jB~Hc!(fPBiNRBpRjB>_Hoq=REt#otA
z%th1iGZyl~ZI^iU$37^*G5yMTA+El&p)J(BPRLOK(x|LO{UcTsyOH?A9N@sJn+81Z
z<p-7QHahT=yn?W-dDKf@B&$tQT_HC2(8(<0C8pdz?RtOpVn$*q{m%?W{>YyqdV*<6
z;bMkExd#*Yu3q3T5{)h%Ig4gWS3kFC&<PjNi`Y-K&xfDCbc-+1m1wJ%2;(=^u5&|p
zSMX?T1@0cdN)AxLc>Z&1M#iIBpE#gNu=`8tSp2Jl3KT3zE8_#ar;CU4=sCH!%>PIH
zXp~biP*_?jv6;h3U=*tuG~n&2nvfCdU?lsqiUIu@zf>LN+Rvja?z=6w&c!XO=Z*@L
z3JN?%ZOQh6;yqV+SyC?H-PddBlJcz8be1_zc9UDxXuw`Vdl#OK+KqfO4|U>;yov~V
z{$UQ{wd@3lK0btU<LXz2eN^OkM|m>IE&o}_UE!e<Zt2=OGIPr(eJ7i#5s89u#7Dwj
z#430Z7zIr+v_?5eNptlz%e%ea{-^(*pXI58h~B*8BAs-S2NTe!5rjtCXrh+pT1`q<
zX-BG7sb1<T<K-CnO25S84ytw+y{^|yZ{qBynwVb&n`i#!1n*JJEmstKl*YhFICVV5
zR(X;7Q=umpg_)P{LwXoXm(b<#sXNXiH+^5fQKS@q8<&VVXwU4M*_Sbh0^0Po9z9y2
zQAfxF<EIZOR)9rh9;yXJ1H5uYfspI!GPZHcTS~B$I$FPj|Cq8bMoh$b7-WVSOb+}Y
zh-SfziJNyO(5s$}7CFy_IL@6?M*|%=Qk<yI*8ae<5QD>6fKT+If)>ZP@@7ort5<0<
z^Q7zi<YG5h%KeQ0&S+IH*Y!**gD1#9gu-^Xx>U^+Hn-O$GS$UGX&2cK+~d34;cm?)
zp&qlr+6xTcBO>$PP#-z<rKQ%j`FAp&q5e;e%1#%^js8C%YdN&;SvI7}%;?1u1N&iU
z0(}Kvb^4{cu}|h5$IACThJm>x7VOm8dFCxH+>mP<^#-kie<KvmVp=Y?64jk6ID)Dg
z{Gg!Fzrv<Xn|M_G!-%v8Yz-hw-UX)@+G=Yytm!hv`iL$C@CLqC5xgOGh4h9PIS*ls
zDMk+z#pPhRpfaQ}SW3>Os^$V3o&xTe+pan)E+>U`lTe(qFaNC}&Ai~o$%#FenO>;_
z#bF^qJ;hQ-K)G!4NpOI!S#x5s_0HUo2=~-Ox9RqZK&aMxGhXVu`Fr2DsSH<wf0YXe
zBVJVPB5nlV8zaG(8Jkq=OIt@O$sAlC{0+H5Z}Diikbg@&Zb5q$T|0x|+opWV+2go3
z(^S(3J+yeh_IGX?-w3PWzcTK6L-vK1{);}bI@b3scji%(VAX$L#ig$*lbnEiuJVWe
zCw3}ngYiZy;U_;NG{Pcpi30Iu_>BaJLT1I&8+FZaf>fWDNBGJ1J)r7Y$gR@Z;GV=1
zVX2C)&Gm#ENdFg(`<P&H;v!h2`h?m<_A8~M@Y4p~Yu_eR&p8H86mUtsiuxMSoJl4K
z311M`9yp3-z&diW09o;CbaF`)8m!b4=e45&s95zTY(SWKCU|t<aPPpMr=7Id5t=6g
zkd}cIa~iJ(KJFCE?Ixw@OB>3vGC|J9IB1Y#QiCtugmgt#)3Vc2g%^kKnp}DkZ;0;i
zQbuJGtf}Eu`$Ik(#jZqz=t5}=-=a}!U4tMF+R${R!M7kv#c365UG1A*Z^P$V<=cf=
z6&3j~XX)<Kha`Qx;^T@j@`2B)qt`D}1HQaE$}YA}!X1-dX<}o^*0~z0!xv0UpQKrC
zYp;;(5UJ?CB9b`Ks9Vv#CT*@?vV90J(r>C~p0E82VP>WDDDVuZDO7=KQwKm48}Wl?
zIR6I#FF?@0uZjEX&MRgbUqX=ay}2eY5~h@1mhVpz;Cd`byG2DpkV6&fXDj?eO1jIl
zVSVCuAD*OG!pL%Jv6$tJPcJe35&{u=<C7X)86rwhvzQ%$hi&qZ#>UCXR-~DJE*dFJ
z=(Y#T{RQk$@I|{lQcu_hS)X2{B5Pnc8QVbzvC*(-iD6X_ROEE7q~RH3A^PEfHXNoE
zQ`Vku++sm%8<Nc;e<WJN&Uvi?wB}kVRQ6kSGV@&p|H*A*=^GCw<1eW<u{|tR4<c`-
zp#ELZP)q{(F|op>hG*_|M#+A#zGHrb>LYTltfJ4)rSiJr7utaQc&&n7hnQwq_&-wB
z;25-p{{%wJXfNkR^$d*+n~H8$h(9cYq+q5k;H+}jxc&lncD{-<n#^#r;$`N&XM<vl
zUd3Xn@{b^!1?rnqy^ZFes<DR1#A?LB$lVXjUwaav^e5bN=0py?Xm^;|j;8fRKg-=0
z{y9H-=A9IajzEeD^cB2=B|fw+#f_?wFNeMPl#HA<F6(Po*^#A~)66^67-Zp1n2bZv
z(*!k;=?MA=x3}T)b;<Oj7D)R}t*ReTIjX<hv#3pkBz_U0Sz#~9)aQOIv7@jJ=SMJ1
zKc<){t%ev$v^T04F|4M@c)$?4NV2;jNtw_U2PE`}N93cFIKs~|8WW-30OLc|E1piz
zLf?aKS$Y7ju$KhgEqq`=M4q4hCNd1A`EfhY^tZziWX-X%Bdu*CF9zw4_zgtEZo#*_
zfcSBX10OEwO_*iq)xyY~EEB1qi=wxlg&wUP>4EV83M8JASR-3Ykrch&Xrm5K(KWd_
zCTZ|fmnEV2b*mkJG*S{1g0Y-}4lu71qCxgt;C(QIU+0eork_wgBz(7m+fun>3_0TS
zHS}33J1Hqh%VA2p{)BrY4$9;)Wh54q7hGEIKtJ<wIXR-&*O*v3o(aA^e0+0Eb@O7?
zVAu!oQ<XEvF#j&=-JF8!aL*qEcxik@k*3u19M!Io_CIG$-qS2RP|rxCKPg|&A%_i9
zNO{f_-T7ieo+70eqn7m^n{tWqwmM&}6Pr4}r&6$k8pjdh9a}<LW3ue;dkwfWZ1^1c
z&-}?XvlGMth}FH1QDq$wHO!yB17&&3ocz8CE@~ko{h=Sj3x4tXedQ#p=-VMd&wRr1
zWm;laSe=f@q*vRY(%a0w==nrn<I*a{L!fIB+CkfRa{I`BG&T|qQZ2&mv6jtAv-;<)
zd!O|=UoE)|)D|>K_vk?36-7l#ZoA6}XA+pI360x4k!Hojk%Rjkf>$fAKNov-x|{z1
zh#gEIRyc}hw0jZ<!~QsWKEU0tm>$i}&nwY8gjBPI@UfQa`rQPXds<z+f>#C4;p<j=
zJ1{IW5d*_Q3oOCwLsgB9VB5^?CC98wqbbH9stf9FHv%x$eoWf<X;<}}mY#=x;@iPL
zajOfP4<{JDF-|CJ(8K8EoQh~|k`={-z-+#iQ_kmZdlWW2wPERpX9?;sHD{&lC*>}c
zKhr<qznPA`=l&>>J%SKJMR$CoMz6K~F+nk2zjjL@R=gN-?BB%=8SSOM>2{a$1%^T@
z7fe7$by4WxJ;&}@*%k~f^bcd^Cz0!RaHBqJafQ-SpcEz*%u0Q=uH<b(Nh72vc%^8>
zk>Q^n17Mb~dLN76_Dr$;XL?c<*1T%mUU--uOXX7msh+%WG@z#kKLKZw0osnmFX?hH
zU2QJbE(}~_L$gl~+>GNLpI%}M<mLa)UrevqSXqlNp~=lI$TV8DzsIT^O}m8G_cyxL
zv{BgG9R)LC7J=Rkl4@mWK-u4RM04a01EMd+0h6P{Grb;OT<3n`FqMLB<dbmGLbnG%
zERsjYi!EmcQ=X?UuDFbk$GS^bTP?!K;~Pghs(&%D7@KEvs>z#`D>W!(TEDw_Lqgc+
zmNccFjG7MJI^m@W=G{|Q<|mNfk_&u^gC*1ECdjZ%vZ^!3lTX>|(+YkUUewRzS=iFw
z2#@JyyJTetu{dVbyRaGGEkjo<#3KLFRw<*fuCO{#Wrj#f6PN;CYy3?1ft2EnFm14L
zebFIJ>*3`CLCF?fr6K`2X+`CW?NVjbLY3O84z1T${3B8FGwi&Oy9!j4-ZOVa*XOe}
zLBe^89UK#Xlg_C&0AY>?Aw96GADaq5QRpQWLH+QPEMLkNA!mQ|N~2!8GFw<rb1v_v
z;*Rby24_CR-l5Cb4i-mkAh0Rk$P}<%>K9_GT+O5CR4d`8FzBq#AhqrFa<-Ng{hB4^
zrYC%em-XGcQ22T>Ffi-_BQJm>6HjTDt%B@8xjnwasrKbEK^}U7wGYC?2%+<MfoQDM
z$ClH=FO!?MI;?vaVi2~Xa<<@27U)lV)}&BE-gEV5^*~KNGGQH=7W;Q#m37c1XN@$k
z1emNDGHC^A+;ViJ-wX7C&^4Z#a{;5KU)wu6Pv|ULz@r@L^~1G&R%e35=mo?_dDG{J
zuBbW7pq?a?6iLiO>`k-pf}U_paFgj1uqd*kNl6y5RnlfoPu+9O=;DDuaM};xSFc+g
zmrNs8)y>&Rbn{!ODU!`Y|4EFK>+lMTla&XO*k_xO<eNia=0AAtO{wdS`~>JdZ^WJo
znSPOSYSj$Vb=;c6uZ2oJvE3(FC4?JT`euyx_OuSnX}9IpcE^066u`Up;`K6l-D=rj
z(Jw?_b!Ic|VcM4^GnA>!N~cK&A)p$gw6|y=$Pxh+DL|eyF@+!cwPG^%hpGKcoczZW
z*<|6#<Mmi7vyN<#H0eoiy#V%fVoaTIa)MZ;gscok(fMKmkP;;ol-=n42TBZI{{<>q
z_9Q%|=ZskyYkZ{h3KAGYt=rrp88K}p?5D#3n>YnjUotZi0=+Y}_}GP>RRTo6Kdcl~
zmATG64#aO09cp-z_9~&S5gjuNt&qoI@LJ%@cOU#+@+3ZM{Y$;@XbjY`Xn%df@y|D^
z5bT1jBdi7TdH#)zDeV_}EkX{4U!`L|iAE-_+paK>W6)rM-wN_IjIw)FKtb5+WGj6R
zKepUvq5cwFWN`V5SSmJcoK)nW&H;&w?S-NPP*J=zq=kBL%~dtY*NkiR-K!l>!4c$X
zQWLcVUROaeM&5Wd9k%{$+o9rF;`b3;_o0cj6c}EUES)Ll;wO)I@B@72Z~MAS9WQ^9
z?>H=ao?1W|YPRozsx^L49W5Ap*aWK`)a%Nw|Bje1xd>Ep5o@JAc2<ADoNNdl@O%Y*
zmBTBWzfm78V6(2spT0}*uC1A)#YdX?*8?}1w?}>sICrP(hy2b290lDQS}QfPj4!|m
z-<yJ`fSPCXj)YzUKgP%bfY)*MSPY@%EGESsi~yx%n0Kx!&k5Nw!$f}r>x~yn2G_MK
zarb^G=z^Kk;^96!P`rJ@v<6dZkL5?M356#*;fW6o#IH?)<+hd-w0H>%>$k`A^6Zuc
z-adQCd`JeXQ^T-+d`J*<B+<=TR(dH(oxrge$sLwP;YPa+!kf2Hz<6Zm!VL8#>>&UH
zHn~Onw01f(WHympA+k_d(@N0^hWOB-=A_z_Ov094R}f-%3^823nXE3vSLy8U_nISS
zWcyHfYni}>(zud&3fY?;OX`t84sQyGv})9~v9o2SvJ6v%edV%)L`(&pjo){_Y8_D{
zgS=kUb4_|Ll-akaLYuyM3(!|ssbqmi;L*aFop?p+tVn&WnJ8dBJknPSH_g(fy&Z5Y
z$bMSJZTnW%v)$pCL}ubvH;1-i5NY?qt;cZ>KPni#3ff7n<Zp&}ojpfNLknXk;@RF=
z6{p|>tj;RL4W#wFK!8QvtBc~m&e0)$V;m04Vhd5(G@4Mf(j5sk(<dJ#tnsS0$OQ*n
zqw>5xhhPC~s#c($5|-W1m114P@GWJMnehhEj}}UscB8kuFr=8;fq_^gceTrcU>hOB
ze1+n5=!TRqBk$mkuPhF~Te>UFu1SRk%b;%>BB9XJ3M7C@3b<qX00Ge+UegG{$7Ols
z{cfbxQqo+XmUP4nnY!VQqE3qsMi(u8?8rTcXw@bB2V!t;!pU+M=I^bS(a;8yz*Ptr
zm*w^XC3Hkklxk?_-+ByzY2g&IYef>TeQ+@umMW>ausK<8qm?Zd<c92x9JSE@K9kR+
z1s<?%!Dqisi)6*L;+y&FL|j9h16(Jww)lT{k(qnkvr7LB%hV(zASfYwh39L&8*X`-
z;qNhww7VT~TAPa9S$Nw`Oiq>i2gNIGxbP>Pm5}Mi`ug|DP|rHQ%QPQJ+El<8$fW9J
z@wpjlhwlY$B27BD+3(^-y4fl4*{bWR(PuU*mj4D9DL|xS$(R&S1;}1Y!F%Wd9?Uv3
zqcM^(n>W<;_gP@}BE<EN$pceXqU6z7@|^EH!F3NLvbA+g%S_Ye)bgl74Bc5vX4U}(
zO_Ui2K)jF#A$#u(oY2MJtxRIrBN#DC|CynD--C=^T<Qj;z$^g*wHj!YAl<Or3B}N*
zmn-ObF~V-XtTGPcHfuEiJqBYNFJaJpL`TA_Y79nTx6SIh3oTg#T)H=2YSm&Doh;JY
z7Imw>@fE;L|EIMbJE#~WU?7r{$Y9XQTf&i>TuVYNNsA;@v@X!yzm`_;!(yUjm^%Lz
zKy}>p-HT*Zj*Ly*Rz{6G06I5gEeHbZ$a}50aAPqo6RGV%oENy~(bg(8;8<hiO@=wx
zwhEthUzbk4?(^Y)SKp<AZ`BwOf#7)18n+CV;bFmg=`^=Q9@ldUhAS_isYE&%HX2XQ
zPHlG^npY8ef0_cF)ehm(GMetIE74h4y6TU!u23}48h9$ST9#Yy1h-G#G|QZ=7p$u|
zrgTVJ{cqyO^7ui}mr8?d+W{M?U3njg>P>Exp*()@v5OYsRNELru8<WXmpl*jOf=}T
zUwXqDu}DGq`e1abx0>G=19`|rhX_c&KkJ8FKnha=HIAZiUeD#e{7)#0ZGtPzu-CZs
zi;>oLM1Vgcg-+53<${R`L7p~s@X&3>+U8z>w23Xyn*My;4ruRUbyGi@+FmS}M@0M*
zK0tc>`V0^@Wd<xanu*5q;|<I^gA(*1+1*Rbfo*`w4}=0`9xwyJs7B5vc3}^7^+ir(
zZ%<RL5_zEx9&wM)#XSigwqb|E+B*iOU&wQKZTmZ2@mC(R!tuL-5<TPa1Gl_YLeq2u
z6xgSCVD%m}y?g8~Fxe&;XgYefB<YP_+NvW@&{~W}W${@n7UdeVtB=;$wx@mf=ZTH%
zSwsWfc<yy$W5GYmM}xI;VTusq2!?70=OiAhgG$%XE5lf(W*3`hVqRJ9_<Nxjg|fId
zZ-x&oS{s%w{(>sYkNI289K{(5h9QK#{Iaoe-+rh?Y}}v=54*QbZPlF>mmm2Hn%SET
z2Y&sUy$u5$jzHr2%j}BPF14xBhhOz@oMznkic*pf`}d7^5DcRc3)p0bWXzdTE#`EC
zD$fZJjXfJ@>0Imf3d~Q?yk(6K?5v=}tHkj0IfRCjWDP7@R~R8r<I7b{pEGZ}G+ZqM
z2$Yg_F^ydXnh@<-g`{<sCy40lq@K4b)2sfcIYwd)Uby#Vws7(QX6+qXQ;#eyT6O%z
zc(Iw#Z{xY(NYWd?93+42-#PH5@RIhKmwHTyP)_l&m{F`_W_gyA7)=err8E@BDM}RZ
z*c~;3aGRO}#Q`wYWywuXHrSpD7lj%!fL)e#?_u|>zy4sR%_3D~9P4yN<c~KRfMQ**
z^?BhU1E-SS<=yEC$hSQ?WJ<57?M2a%1jA2WF))DmLt~<?NjBhS`9N;#U6$sc6W|qH
zPZf|VZ){CFdF0*PQ8UhjKH;sM*dlVo3wF!Va%67qnl)O>$9;1_iW)PN+@H6kP$M2F
z0pSn5RDshXaN3vr9a=AOg1ytY2bOgOnsA38<_~)^({nHRqQIt37z=cy&PMQ-ygCo7
z#H)QaujobkxQOJhzw=-N*yAzQHOcvJ5twdR!X9GZ2m!hNKBg42uVUmfM*V9qJeMCJ
zx)1S-p?O)k{1xwz7?v&vQnlyz$U!--ra1l3Xbt2`at{!G)k-A><%Rayj$xE_DHQaK
zN?+la+xn=`FrQx4_fxL9yS=yGTP6*|r#kLrX&inZQ3a-D9SiFR6wRfzUo&aRf2Di#
z)V=*sg`EhD;JonC8%$-31XWOt&)6o&tCmeRKOjKS`7N_Gh+d+B)k9j!C?)-tp8EVQ
zX60MF2|iK)Xk%&#7jP+vv)uh*Go?Wxpt&wrV-u+v@Oz0tS0|Hf$Xy2((`*Og9DrCz
z2#&0E!Z#Imj!1(##Y7s<R2w1pXI7C*<I06`qWRkYU4zv~XSfiX`mP-?T_)bZpy6}%
zAId{!KCpjfMry16!A#JR)Tv7APNB@ST}$hAoQE}X_VLIITp_x<0$0F<_X*rDjg<wz
zVNHJVhpbeABM?B3=aCf1&QGo(@puVe)A)s&<uRh@r2noJ*%7pHly#TYVXv5sxoNM$
znfrS_LDxZoBpykVGCg_FVPtvtd8px{N-`xA@4s5Wr&Lk(^sYDntx=ZnPP*!6RZu4W
zX$66Tf@?D%sAk{fJWx|vr(NgC5NhEgJJL#ai!Lpotcn{}!euvDnh)6o8Uv?d@H`6K
zMEjqmjm*^f?_4oGcXC~mdaB!WdUjUzDd(=ULg8%`WF|hNZR1dz5#jlrw6x18_+~mQ
zc7dO4CjccuHj*!LA1>}NcBDmc#obyJ;W*<5Qp(;IzoNNK3)O<0mnd_+yRX3r*Z&db
zQOiAcp*Ti;xM(+KvWMuKVNp+`*v7k%F0?wlOI=3XBKDbdtws(>aB>O>6lSx=DDCcQ
zgAcZD|NX97OE*94thVg^JAxXQ&{YxMWfGqr7sASePE4C}sk7uHZsafzFiyT{_DLt$
z;1@u3t){iXWirw3g}#@*#^zKQ8zKgi%r{}2<k)^%aE=y=>Ryy<uF)&{$eb$Je=KC@
zcr&<!7c>m+&$DMWk1ny=goVn@`8lKPf;}Ety<&#*aeFW_HIY&7?vDtycGPoq?BZea
zXjJKE>&IkC@R##iF6glGap87pQrS7~qBc5ALmCf(LXXfn%=#U^w$HlY;D^l?rs+An
zvpaeS+xvFQa*DChjRl7(4JTv-wVq2XNYk?`|6;bMO$xkBW`cZUi|1IA9%nS#OJZmR
zT}aDWBz}pWj>z&AU<5A*6JRJsG)ID!+cZk2R4wO0SE8EAbPi)BL~HCF0^SHaGZ_P<
zRJoKTBDzYr@%+@s+KQOPN|YW%*a0R8AU;V_G}a-46{}h}1T7#XBphcB>bV;Brv}x*
z5lKhLD-@3+3?xU2N!gI@v5l3a@dt6tC>fqlrdKSu1tQn$aUdru6Vf-&v{}QY5Zx5W
zmL?k*-~|I>YtURu!%b(-fQF(d_O8ppIO%y0I_mO|1n=H?c;*DyCI?gYDPW<73W7G>
z3Ou6+2|u*`rF1(6h)QZvc-|skxR7tO7QZCQSfx1YF;4Mm(anr-)gC8b{Rl%=bIZp_
z?yPQd`?9wQ8-%2Cp^0xOsglSJ|Eg3MuNlq!g-KM4Y;n$b_*T2q5)u|4ixcx8nBB%=
z?Hv}(8pgE_;?FkmK4^f@V||={?WlG91e=&N-cAIGfTV#=A%8(xIu76P|NETB`q^Js
z+eU#^dUCeW%(bm*B2~FbuKvMlqQyHahkP=_zzve=#;WRRqpOC$4=v0yUGIkufiB3S
z<aGgB=~Zwj*XSYga=*#p_Y!AjS)tFEFhP@1-7&Hy0*aei;{Mpi6#phXkmQx(_PB3i
zYJeyX&?cX?bKp<1Ie$Dkp#wFrR{gH|RtXNQT*osb&AgrjYUep_U;gra)fx*`+lt@w
zgbgA|PNP}?d&EHO7WUpSksX}Xev_OR3&NsL>f!lEBJLTxAN23tT6mbOE!c@d2-3dj
zG8C@(`c@#$0Do($PMwLAS_W2$p+*p_5*sC>^l810weMlr{nX<`9B&6^Dhjbyr3H(-
zF+34sD(?2+{JhhTr*oFcdWQQh+L)$qm;aXRP)i7M>4sD#L0nT*kAxAGqAY+Y-P*C$
zbqF|Pa&O^cj3T)_qr?bV6g8v~3fPMdfdiG5hq(-TJC=fVVFGQ8fZIZs1lH+SCYOg8
z#Ssd))2Gn$h{zHsF>}w>ZOZ9pQrh8hReG3oNRD_szut@A9&nyL)W`H%^BIcaI=mnw
z6c6@x>G`U-z(q`1LV@r$=`^-l$U$9G{Vaj!knF*2CL}>5)sIOSdVVHi{xcnYs;s(p
zm#SP%I$R{A7SVmGByJB>hl|x|GI8cHm?)lg;S^KZbh&D%q~xHr)spVYdWzgUO6CQE
z=zk|xaa8m(-2CC+YX-O42JP=}<;#cGbD=K!KE-7XbsqVw`19_rH(5YqmckP0@(6kc
zu_|q(<lxAK%MV8R8?blD#3bR98_HoVu`bpu5x8%I@DyIvs@?}|6tJ?EBnWZ}qzaiI
zzIA?aLJ;y%Cgdk@cWk2C%{s(iMz)=e#q0*^|0I3eo5aj#Wn39rin7O)<GcC)^L?P|
zyFd`~Q>}E@53X;7H3(?{$XrzhUPl_8%zx@tSH8Pn`h~}xtBAk(7=E7ofKXeq(Y8Oa
zP8Z+zp;c;^BpV9-N||AK`BK-1Jtlw=#65w4eTew6NJ$})JjD1)3P`Z57PfIYUtSM<
zBlTVoIo^AC7Nb98g+Xj^?GGFwB@B<3pp7jV`q~@JM!^_Fu+U63POjp``=8-htC0!n
z$y=RCs=B2<tV8e*e(m$Y!laFd;Pel2pN(b(=8eCCnR4vjh^BuCey`&nfu(X>^33|K
zUTEa+V-s0YVpel`)kQfpr>SCj_7umt3M2JB8d?JjxZA5dJunSl=G5Hi(aat86+7No
zt6ff@rN8|3lqDHG!LSe;Q$77HPzvWCuGw{5iurrJjPX>ucY&cHM^+twhIZ9xTrSdF
zEMz508I-?uX8@eN(ruTbR^$Hscqa;IPDW8j8OTdf5`@*Ey>dXrmmuFZ)53xM>!NWK
z%Nu@M(!E<ZNdyJTac_JWs}c;aO#eyR$hukwjjKv)$lS978kiVP+GrIWw-R`IS?gwW
z4m^%i_T~ABbB6uA6K!!=S<jk0E?e~H_p|p$oyQHKo`^s4zeh@8r>$HEX2lm3>nKOB
zWg)1Ye?g{-)sxiwGy!Tj?m9Gi7C9V2viuey|DSFig`t6JEyiavpUf8CMfRC@yY_J=
zT#Nz-P1{>^EmkGTiS;_G8$IB@cDjjEhmXfiNoA{LHHDH=cN&|;ENkjegRH4N+uv08
zX>1WDZQ_hj%M|19c4eo2jo)hS{HLBSzv_WS0)np|BJ`|QB(@HeMWlo6Y5|}n>1@Av
z79Zn}m#S3e^+DtCMRLvDD({m~$)f3IrxlRs=~b^VsiSbv=*fs@qV^#Vj`3br_a5!W
z4u>3us6QOs600R@HygLzITF;L`eO1?G_;T>&?1<msuESLyr|_p)sVow76GN-er&oZ
z5%(My3P=4dbvVl{$7XNVm$1w~dh7@2W(3T@1TwK~S}XuR6Ws^PLS?{vc=XotYK1fe
z5NJ>%>F(<$Mr>H6{ZyV#)k8F0Ls<Nk?3*2LLw^_a!b`;V$zjHk!mQswHe?Z)5ddZ9
zN5IbC{1@$qfib|MK_kd952qb&xVk&}NZKLH_EV#k<R1B_Hr}6{6fT8+j=94R?4OoC
zvM8=F!L=(o$x&spA&3!GZ%ftNSEGPpv!(R+vAWA4h?X|Qm=3>g(a}S`YS!3%|I)*-
za~sSwk@&+uTfL8R6nPS?arf6spT?mM2)&ql^M9Gca3mis=@;?kgx>on-$IF@9d0@N
zz($HHA&k3=#Q;%CjA(8ZvU^0Bb)KITx*mL3_wGT0!u(+el=JNV*3bdRV${JQnYP(9
zSba#dr|DGbsUBTL@4j=yWUdP=yzI~l_twbq!X6)t9D__c+qfAb6>PkalTZI<-kRp#
z5oMsEqTj%XuwS_R(%I)_sjq<<7lhF8=ryxDNj;I5ekdU7fd|Fgohfasj5kBBpM^^r
zK}9sWhQ#lok4|OSRj350iy~^tPz^`%6BFsS!}n9vQf?|X)zO|U7jZ$+%8eZcMc74(
zN-Hob7tyP1ze}XD9XB1Y*Gl@cL8vkTVcIC}&55Bf?`V54G)gu`&z3{eQ7|ZD;(*%g
zU1G)kij3p#_xsP_Uv<T0CQ)2QQoGolN6JQB)G(hw;qqu;Gv1DXe)ey<x$?0rp6Bf$
zDM-DypGC{beZy*ho~NH4hC8&ckbpqLg5>2g+UnUqQ23i6(g0j?h}>|xdnUrG@JJ7i
zjJDE?CxC?QpI^5A!*Wp1<Z0z&UIvKHO!-+BP8Gk^U8bRcTAoD+c>9U`TgI~&74Ded
z0&!nt-S0j?gP)w)X1~km>$A$O6RY|EGDuUtJE)vEq4y|o1oMK)3xDD}ybbt_wGLV!
zF0U4qjrfBVd=Lf+$nJmQm`mjY?|YW7G`vPRSJ<hJyRI)a{^a1^?z<`-{ffAOl3T7f
zG?C{^n-i;YnyXWPalC*3()XTVq4Qkcd8Y2Uhy~9;#f|hx1d2Bon_xp~7cJ(KOIRP`
zgDJJdHGz23vcwVm`S(KJtS5zCJM$*G*n$XiaW_lr|I<1*d|F>AxZ&NEMbHRVCufHI
zVxww#lV(ty9h!ge4{%(+u3*w2Im~?zSoQKB*uyro6&sZ|1nF+|@mTpZU%W$&f>O9P
zB553STaF#$f#_yU&h|u2XxNpi_9_KBLn@W%7yhkY33UHx@>~!x+2pVu*AP{LAg{pF
z@ioD4=$4w@8rV&eFK!hdf+P%RgmC1*#QXi7yvI*-^!#EH0gyi+S6F)zO`S^qrM6=K
z!RC32Gn^qPWlw5D#z2BHR(mw=_RV7N&}L^urSJt)RAUlp3X+Wwb7lGeK=M-**wJ3Q
z1|RP_dqyW|tyZQ4;tWw;$98x-30;P#$qR17iE0D4OF^25aeL!eA@pTPXUH+Zj8&%Z
zr{kL;B<=|PsxhY8Phl6arD89W;e0+pQq^f;^6Eq!9yhM5dkdv4G<ov-{fV|nxQND6
z?&LKa7*75oTTaF-`d=U+B+A83eu#70T=1EQlBQCys+8G|z2f`FSf|kkKX;a8ma_nU
zb_PPjQs?J)^Qm%p+~tJe+rP(-O@xy-RvD@1B)U%!0+VEGGKYhuWA2AgTowYs$>?Ho
z?QT$0LHSDQZswRj)AKgg+z%Z%5VWWwo}zNBR`Uqq*}YTi0Y{*nP)B@abAV?b`SFQ?
zKE_VhGz=tug7_XPA~Fq6i|VQGVWIcwWr7CFlP<3-O$5DESh$2dqV0l;o-7B){+&nu
zz*+@o4M7y(P*$gAhp*${N_>MPznpzcQxc@u4)xIqiZqiY0vXt+46Ba~9w{?dfPiFf
zACz-R@sorl>wF8UUrnEC+Vou{1KTxIbOC@TT_$|lO<JA2p)O11-WR;&VC0~@qG}62
zFJLQZx?q<d$i6k)nHo^|WNuER`O-mzwr9W3RMXK&Nx!o)qV>e+H&yc8NdQnVUxlga
zFBB0BnE%do{SvIlevi9OhA;i^#yb6c#196UxFHKgMw(g`b#4@=b!M5#qoA-`#ox;u
zV#Y_g`cqrpU=S!k#Qfh+^tHsXfKIR?w9;}hzls(%N6SS%n|0bW2c?rpj7O|u(^^+u
zCVsit4tP+IPZaIm>n<g_cimaaWO*bgAu)NuJ$%6Z3f$FYy4zL&=rxeyQUU+|k|pFA
z8Ck+*F(>+~g|$JKH;_h~U&{Qn{y>^{ESJ5>3_%MzwhCpN%ZxLItHR5-lcT|)F2zXS
zl1kWLvqZvSHqgMeoQ7Q6vDVnn;F9woBhdeC;0iQJ++E--2dO_B>>7^IL9`_{sD3Kc
zfioWC?9^>DxA|?&G^N;VDyUxZv)mJsgXq{?pJVu*2n-zSE+y6k=A8`a+^z@j1*NhX
z`re7%;{kKmCsLllz22+f=55tw+UM{oRV-VvUc&xF)thn_5~>h7l?<?fo>C4JX8%P2
z4g=&YctRS}yLfP&Bte$u(JaRV-~Fe^!+iXKS47!|Pr?aZc9a!;Jv+sGQ@iz#Nf;^O
zq3y)dK;4K$gA>N!ojf;+dTCoI0T~IVv?&ucL^Xf)14-R*NB`l80|b9UZ1^`hqrY*4
z0ym4%#Zd=IM1S9Nac&dtuU>aRRJ#IAVO+7{O8@JwB8ufeK`EMWS#w0)^DJ8<yU-DT
z<PF=fjsz$w4k^7@0WI@ymIJ%ED_w~0ORF`wk}adMXr2&ue5(G_=LI8FWcmjQHtIhL
zhAf&@W|t6c7n0pcQ7NTvwqOKr(_FFjDLNeQLhO0eN$g6tBE3UBu)Ez#Eg)xSoMQVD
z;<Nsc{x0L#Dtpoa_v_(iZin1<Ai33$Y|T+Qrv%A?R+-~ID%1G(G2DnT5IH$imD@b&
zyl>8FQ;fYI(Gh<cJ({1a#`U&Jgdhkt_A}q7WhS&T!Kc;yp07vHQ69BxlW>)e5R=P|
zBbi?~)7QZmq+#P+nsyFsp~x%F1T%b;xU`~MXGHx3q6~e&KnhJpw7=Zt$X8Zaw&2ub
zG)WR9-cIu_gCB{SwW`ReqP5O@s1OB|i|K(26m)o<lx|yU7r&gGy1^%B;@%hALhiV2
z$g#P)WGXPKD8pXu^EmU3{herB*4@X&C4wRTR5wTzL2}<L+bIXevgI+BXVz5If{Pqb
zHBdl9e0hC!zW<vnt24bN;Z&bPTrDmxUoP~%5fGpvS&T1apIJ$lHk(R+NsGB@g$KAR
zI3aaL@YZKh!K=O2O1kwate|)oOCZ}ZDv};?HBmOV&2Y~e0~%th(RxV^wVQmct+qjT
zv>um}I@y=M-cK6GN7uS4{Ra@hs-iMDWVk}y5DwU}IJIA@g1U3aLezHI)^&FkHnOlS
z6tF)qqnd&L885~n$B^`Vk5d~Q0G_i1MBg3(^h+k-XWUspp{<}Cl2fw&p^jVoj+pyf
z1H4S*_tls*s1q{x-<3U|)TMH?$V)i7##1F_l2NY9yUwZQHI>r6t2hWFTDhxKEZ-)(
znYhOpD+OAOD&fhgESmJTYx*nwuCiiKhI8$j!{l>OgzOaQ#I0Pq$UBLuLJ#NH)$aFc
zExaUS7(mARD{TlMWqeMg4A$d-OcooRx9`(_<W;;CC56=&p8GhCjMsabd!z#Gjd=Aa
z+i=J2iqFK=g{(a|&+YA69-3?mu+5Q%ugn(d%hzj17XNZ5<wGv3zHr^a0>uYk(9nq=
z<^!bdQD7&vr=K5(h2MVDzeeLm{rY!5;+4uz@~W);0qwWp>t!kBf5q<$eqfMQGt_t;
zu8cxVcra+C2>m+7W*f$P-6sQs2%zzhT`jImjU+$xe2Dc$F_6v<_$J!8Xi&es4~(4x
zvstAl<)yCd)7Z&43yuw`49dC6sqM^6C+%z*9a62({6=n=5D=d3rSCtbfE7L#WUh%i
z?^Vg>b72tY?R*@V*{I$Vc5E*rUq=pAPbW+4_FY^CaB?eK_s7Q<^Evw{SMGmgi{lKy
ztAii+h1I}QC#t|wm_;EeuOULj3SP!@)A|UlJo8A^2;JjN^CyS?qLxi(frjtrDgJH|
z?R&@A%30`buUH?<t2x8;-3A&gQXT`6--2c6GO+XARxqYm?XV4M1rb2HCuAoy_EPq!
zI{=GwqHY~WBA?Q7G)q$dP)qxa-~Ob#Aa<otuhB0vU863vDGsLSSsnsr<kDS>s@8^8
z_G<)$2&*vp<X??llu_lm#eGummnuLa_Y1*@y=p{<ZVDJZenxWtIt@0NipU@}%Jat<
zsDWCYtBzYfijn25?$0=*d2z>9KNT`QvNV$bz2bbkG5ip#2G<#U=i!h3FPep4#pcq1
z&I9PWsBe#^FDp}hd&-=&y|m8JBVXk&CY6ZnZVtv@i=CS(9mi#K6zfmj#an-NUJ(p3
z=grY&OO<MLgGJWRxVz)i*V#G1KASJSaBILr3Efj=#@WwJZBu_v{&=)Yz-UQ(zAnHz
zzZsaX4Nz6kOxJ4ifBFfsA6DHVD_h?wyv3gZU_0d<ot%#V{rBuXi{CiFCGwPF=3QIK
z*geI5_;fAIRkL{Ab$+MS)(S?89I2EG=h>{~;Q&}=ljx$0UbMcKPN^E;@?hP&^SZxm
z<kzS+%-ixsysi~TmT3e&xd1<=`VJRB3coRzqgT$am~|hz1-h-Q?P~@55K(`PC2Gk2
znZd~AC1P$O&?y-;m*%d;w&E2!+J)}f>9Si}6Wk?p+2}uZp@GAV=8}ByVS6#OEQTW}
zL!yDh6>IWIf}rKrNpKO~At*?|w!W`-bYu;Kg;it}?x45PmFK^#(hV!3#3U7t)r|9Q
zLvx3?T_R~sZr$_vd`&UXzzRDHC=I3(ojP3vKO;N5hXt^2{T<_L2Xgh{(P!K)En?A7
z=Pk)T6MvxgyGr+r-==jDZ~CYqWzMAA9^J0%En{RHQvDl!bp+z%y7|~BTt7B7zZ<Yr
z^xmviCEL5)x1242sM3T3-_MA){`p|zPrtDuqr~z$0wFncIL7Z~Lggd2RAivQNY*7J
z!@unv2EbT|BKexUr5wVTXv9H>_cVTRdH!%3WG0cn6|OVTOuUHjmi5MrxOE^8M(&Wd
zGkjdbE-}fZw{kM0akv)i#VI)Lh7lQLP<|YE$WXUm1!o9^d!MF;M7C(5$e5RRfPie%
zYAHoBm73^$bR*8iB*rc9%kxrBnej$<cw+P276Re>LyX@aWJi8))%Xj8Lr}XrGeL^W
z(XQ6$Rz4Do+}n<tDNoR}M?R&HehAgzU{P-4hIosCO+pXQmh^V!H|5PJf6e{S@B`s%
zg_;mo%aTOu%1#qSpiwQXjJ^G=X~5r*i{<ek0f@(u)eiW==AExS#>LU+rgtxAkRPsw
zB^dJmfq^G7G%L?zN&T+$4A%ZXrNncW1?KTwo1T%+T#^IvZrp|fMPJtF!d&t4Hr}Y}
zVH(+Ia$A8z{4Ai!C+B4MpZMhvPcEueAMQk$aan~@Fr17|<vx9O>y_d4MvUmELBS)$
zLKU`0>rs1_Mm>&3c0Yu|(wY}>D~L^rx>mBE%B$@#>Gj(DoHhLiw=W=e?$8m;b-ZOJ
zo_P*ql4XUH0UJ+1^KLjqaC?cDCVkA~IBm~uJQ8YXoao(wy``@LdAv16$!#}yKQYSH
z6UC9h++hKS>{ATqZoQ0`N@#40W9e;7`*63g`sLT>ubwLl$Lgf&4$X_UUb69s)X}=d
z`7-$ZYZ`W7>aLfDT5mSCNj-HfbtEB7Ihr5Ail)Sp9WF746SF?My{8?25jN_4qQG|0
z90r>J`c#ol;NY1{$*M*B$u>hddL|~KYv(EkzGxTc_dISuQL%%AFkp{A8;l~UiGzb6
zd{bnacrHbxc>J^B{Bm_Di)7x2LQ#R7BcRYS{2_$#qlE-~hTaLZ!o=r@$t8AgNl!_v
z6s!OoD+fJsG75!EzwmP63kivbu?k4#$&pApt_eYSe*q|Nc!E<VYUn~GP7r<Ej5xMv
zEk+R&+fAU3$?F08!z3~&wnw=iCn|3@kfXt$LK}T)9ym*1x~lHo)ffJqypb~A`y<<S
zXK8cfK%2v^kFEo^w0wZi3o~NM4;SkTIi*jm1uXD=Ey1casQU$W3jBx`^nj;7r;kUR
zM2IK%*%|1=HeFem_5G%i{fD5N$z*N?l|wA}qblWm$?mUv>jK5He?<Q8FwnCgOp?5T
zyI0HtK`-xd3Kr%YVvd9%2O9(#<nfv;h~~~q!mcvkUrw&2TerIxK<RcdhFxK(J1gIH
zRCs^R<>mIG$auvD><r3p-!Ua}@b@so2fL5L9E`He!b?m7Asv|&Sh9AsP0+$}Y=^b>
zc=26U5E+HNrefx_l5R}9fp<we!hYZ<{qM+;m1zw2K4y-h;t7X&6vI}4WWRFitgH)r
zYZFQqJ4VRF)QMvhJ%JyL;XZ(<*^t4ytvQ>%B4`srA}xk}4B<UUN3p0j5=Q5qlaoPb
z7wpwb>2#z+<2TdvaX{)OAo!eTOvhS)z#;02mIvua4sJ{?3BJgL`L9!3vmSPdu5jTj
z(aJC9P|X-$D(F1O|BENGE3vH=aj9F&^M}6W(|^_}$7U?-#^o5S^2ai17or2J)uu;r
zkijnknYk&#G4)$mTRO0|<d-@5Z`}_+Ians7n!C;7bOIuFXac+(k}W?jKWLP;#?1f2
ziUT%!rtHbIJ@qLCuAjO;n6;r*T9+}5o!6-hIfqY<T)*Og%$h_dc1F_t1_m_LQ50|@
zU?AZ;j-YmK<I_NLbShDN^c7;jM`a>$VVP~`iuBY&a)KNn{BoOSH}L6z?q=M-ce#uQ
z9MG@@4b%6h_mk$;jdy1J-7ASDx1z5X-Dy0K5~Rj0ZvQ@Wrca^FDj>yM`*s#5apevs
zM{B8lPt4-8X8zVtZ2!EZM>N&_g$@B^k8RhpF6T_&SyJIE=Cb>5g~s#*6pbV6BDg+f
z7X3rKoh=dnf+b=X#2X0d|FXkZC&WXmVs5>9a<#8rea}z}luk#rZSF^}`PM1xMp)6#
zX%POp?7ql5QlrKphf#F7YA<;^y`Z2nDv${WxBhQ|qc*G>u~|9WL^HEMj7CW>gQ2_H
z?$KQx8%IZ(?aLGCQskBKkZh{S?k`i|&BPVl4cwJ1M`|?lFsvXmzRO7KJq<)NGdfEe
zQGowVMde+QfQ+xuo|+A135C9zUXs>~xSYC*E8Bi`j6}-sSFxXfL*&f*)qwu{eJ|21
z+uA2OQ0<blPQ6xABk+VFAlI3HGRn?EH*Nd8itX`#&CcIC=LHk@J7@%=Sc!53mw*+S
zmg|BG=ys0aq;ehCB+7Ws6?PxM!!nl4X5bq8_Ku0QAsBJ;?>SlmC$U5*2N%xx-Fgq%
ziZ*+4)3Za~vqOlHjI~Z(*@gNMk>s*yKG*;C($seF1<kY3RaG1(M(^)gJP};0LQMN3
z0g3oYt^JODG#uep(YfiBsVyvX<&;ShdF!%)8!e}{?#RL%^ZJj8T)Du4&i?H1!yI5m
zb~U2!1M*h$H|nA_9{ko!=4swk51DF1j6(JmH6F@paVeE<t<;Ri11f?kY0F0X+adG3
z216?teqTf0HCnP6m?hC|ryy1A%FwADLw4!e9=EPf^#3aQorKC=K{>PVf*-qu@pA~g
zhYL;WI1$H6R5zgq)F6iGOWlc%;ji<Uwe@T8V(m$6bt|ja8l5kM47={lJCA=f(HSa0
zcAmGneKkfebFhF%J*bniKt3FnJtS{?i#c5Cn%n^lpb53emL|;_uVQb&ubPkUCB`J|
z?0aL{;sLQ>kmJ}uj3)--hx9#{J93^zPu%pY9t+9A_2QV2F%re!c2^BBxDt_x7P>@b
zP;OnJ)ow&ne4PC~ejIM)ywd@xW)k{+xq;7>zr*EkmI?S`$wDF)-lDStmc`>~ei7o#
z7mt5=*vxEYbQep(<7OM{FAHD`C*`ncVz>-HE-QuAhvB*B4$QD@kMuG9-yvOwU!OOs
zuC4dy!Ej;Fv1|yX43s6L6wKcXLu|zfExQ%W%&~=6$&%l3YF)<$oRq3+=dXC-+uct$
zqun}oDvSsQOyLF+w$9HxLEPin$ug5{6!lyc{cr;r^0~3%z6?qz^lQNK${!@KgS&te
zS`t{|HzwV0t36db8lv;wr>0s;U*aR)$BMFoGEtw_eo14}N@xB?0a|l-9sxUj496*T
zKdKcP)n-#f(~g|`-CP@3VCLqNmbnbGCJQa2?#A`=*?hXks14bxxXh13g(*droY~a_
z2k9&16d1OvM+?_RN*3P>JAPwe=?t9jd}EntUJ;GZH$sR`pbvGcHWgfF#6%Sozwqvy
z5V93zk$EirE<<2PF1#}d$siNugK5YgwW(|iU&VFpSkEH%m^{DDItg*I3M0ubPjT}(
zZ*4NouZx`L6%h-K%-WC5wI<<|9La}S_Fg+3sW-ug98c3|oBkSuPvc&_>*T@yI|Paq
z0if4`_}vTlb8Ioz)m_$e@2!53hF(U?b~7nK9MoYSb9)@PsbE+$aVWb98o%r66XO2N
zr3zHRu})tP+hWcaCN~Bd<*>a*Ro_8GNI<zakzwIwno`$P$8p5Vamh#b=pIO>GsI_p
z!zMPLY*CRUynsmHcbYZEUWrdY<W0EGgZg9u*M)|w00nt$iSOHnS^s+{cIY<7r~-!-
zU`8Gou*}c43Jry}Cd@U?a*u2PUDxu#z_r+^k2MkDAVIAaZlfT`sw7Y)rg0qwmF6N4
zqNm{Jg8comEKT^3v2=66(Qi1>%J6uGwj7Ln9Dp*KkG)IJI^yM$e`oee?g7H4(iP|f
zFope1{{^*(iD$=>ihD+6@6pP*EsB&jIKk<i=)|_VpRW=;pM1b8+91ntcLPk`ac2Q%
z+A+o`q>?WqvW+MYPJ$b)h4Vun1vjO{Nt(Jx$pcl^rZz>P0KMu(pkLbiAo(%vNV1b|
z_Lg8YMxqrM`_06760JhV`ErIazw=1R{t`qS10rO*jcqk9ZS2h(lTY;LiWcDPbkFa_
z#aN0?E4&q!7z&9!7^IiEY2I2x2L`VPdIp&xQbfovpMdYlarAn=<qJ0R#zlHacnB+q
z`fC6OYRS9Ai<l2=b(40Y>fty{F)@=TNd)#c$a+~Tq#QIjL)xC{FVOuC!s91Cyn;>q
zrp8F=IBP_&Pv47>q_LmmCbwT=2JdoWa<vUePFz>h)aj?A*+T<ko;9~9{?cvff}i}T
zT#eo-u^)80mn=t{Y3%Kfs-9a|eVCueL>J~XB6Zc}WF%j}oU>u#Lt-Y7C$ZFc&;yU}
zP{f6MyrZYL-cYen^5=I|GU97-P`O`#Z<C!BiE}T4mrfxejoxW|al-~A4dqb1SMj5{
zIevK-IQv6UYHWyA5og!BXrHHdmDN5S;z8WI-mx#}b*zC!ck;(^OF0)RUS%XU%@5!Y
zA3lq7mbw71A_I0H5Ee18GGIdJ&a%oj_RQ5}OVbS_?B6SGZP?fceXO=vCh3yBf!&E6
zg#8{=GeHw8Mk(0O+kx%n=%u7m+1w5+o5fI~;+$!jt$>9M6<#ELMtI1aa=1V=I(a4u
zb1hcYGe?v2U0}vBEo6^Nki<_0FT>w-!ONDoz55GpMc=e9%^v597@DJwO1x*ERjj%n
zj}joy%YSEB)vp<Xc7>lE$hG0eV0ZkCRgby`;PcY<>Tq`QrR=g#qbR`9hj*+_8-%zF
zP<*xhB*jp4PRE%HQ=jB`0XvGa{{f>>>pu(2$O5hb)4C8eM028P3bdgYHo39Isnce)
z;zAVg9YaP~9z7+p4gmf--UWm@m~yUV9o#+(9=@Gf{z2`TvC3qbYi>P3OK1X_uO#M4
zXd5)DJ@qePiu=`IVP`B}-E_1;ex(KB%@Chyk&{xcaY7gNwg1#9u}Su7d8y1u%;5e5
zW<kLDytiqoe?Z5n@>4WPgN^HCAwcKFB>vM#t1}mW>a_K0=d?fnp}j0N)^6f?kp)y`
zILymwrEmY3;hw~F+!X6s>8jSetr$}c@~F-$H6pn*S|^PAb&ii%WwtuWv13i`Eq~}9
zO|O7k@OwbGY{ZfB1-W774GPhWjd&2L-TMURCCoVDLA?KeJha0`kto%2ohlTcrcu`@
z?d0K&e%9xlFlfGft$!hn<}NTluY3p!Z4?O|yYbAy>{@Z<4%FDm5Q9+Xj_;DH>uQ7{
z6gL<Q(jH2r{8L*?O(Ijbv5A1O6&s9FFS|JdzEMlfo0IhA2ImQ>WVi2D?|lv(U>;EP
zBlb7&IXpSbDxWUr4Ha9rlCIyaLM`(T7$#x8&z!47pmngG*^)K1jVi!1Cmc*BiOADS
zEC5HaWQ4B2q1{jjz%2k2xT>)vkM&dAgaqge9MJn1fPy>?6+5&d2NImWiUR_&U!R|Y
zBqWujM1>ml8RBiql>u_Amd+%XW4I4;qKa`!S8v>5v?TSNO=>YgyRq)P$;i3SFavqJ
z6Ry`tPjCbGgr8=42~EqJeqnnhF`_cO%oA905{QNC29DG(KN^QzqPvL_4nvJ1X%;A9
zs%wJ1={M&SjKBw%@^ExcsUU;9^<{eKd2~ru7m!gmm+ZFJy=3PrqX&;0nrBj6nMFMX
zOj*?+bA9UP(<2vYejSpfS73`|!@yD4x6tHtu{<RiJ-}>to5o}oJRkS+l2A%oGE4CF
zHo6<F>qX;STQmqga!4UYy^m3yI<a{FW5uF~-uHeWGG1xN62x;U23-5lg$uSY)J|T!
zRe`viPF#qG(340#f!V2p%VF(>g&`N*f5PNq6rcR%IjHtxC2s`BLv^t8<q_H6rM&8s
zY1EA=aGfcvySsTN4%Qs{?d&3uOg5z*E8&$-O&$1RC}frZ&q?VPxr>!0t=Q1*T;4~H
z2Q1Qg*dUKVY<xQO1&V5h$pcvs|4B~V+77nvo`#X~C~h8A*C$LyWV|i#LUk^{kbl_6
zYx4a{+sZm@Z2WaGrM{-cKM@&(D{3qL{s4XR;3FwBR1_x<6g<)Iq5~!MBaoepH_!pe
zd(J!wck(5sX0&0(LQX}esUYFZYKkS$BYrmM0&w5}RXnI1G-n|Lu{qWPbu|@YDnuR|
z6RRN_BM%a5C%rjf_K(sjf>=42KWxt@;O^bi%=T}6&^^t^s3!(;3WJbeAL7D~@of)&
zEY{LVCt=}1w1hQ($=rz1x#V)DtF?wPL}MMwv)TJ*w_CbWPXQ5cgP$jLZ$`4Vv)Rq!
zkHlv2d|6MAWB}Yrlv^~nzKKHp6=Qe9-Q(pE+Z~Mu=9<z6o(QXdkaV+%Wp!*BYM@*5
zdG^tZv71j`P}kvV0SaD#>jHLYc_#+?5T1A}s#&wyI_obLuC@r|7y-}pg^6Of2Cu@x
zOLo93Qw-I>C2j5NZ9cp8DZJ2}me5OSEQ3}NQ_te-POs#|)XekKoMPX(3khnz=ZGE{
z>e?)F;bkPb>~zbPBaJDxI<3}7)MO3CMJ`rmNB70C$^MS*YK`Gv3IC%dr&&t-x}(CQ
zcM2GC`C#gO2N%{c`a6RJiqY#d9EI}20B~9_f?89*OA0eEwe-6AdEJ6u!&0zEKcLoM
z`c!{mYiZ$ydF6Y~1in$XN>o4Wn>PhcVmlT@^d)Lwo3lUk9>dXQ+1vY(Z&0SqS4cZV
zAopqfjl>$C?Y?YWV)kZyV1V8vUO$n7nAP(&)onv~^Xr!@eVYO9{*2|Q7%?f_oOoXi
zmIZPXREleT)jKf*wHQMyXE;e^c8^4UBbJQPj?_uNwoqcw;P@w^8G+vwXs`g{Lmm`D
z3A+1DURVpMhldsBjLJ-iW^2*A$UabIK*K>q9~EhVqBgm;^BY`w6kbVO;A><DUW1)8
zeqxQ{1_d5VKeEAhDD2+*Wu2l7Jl&+*fye*K=gYFmI-N~tMnA~N7B5|WoE8u9f*4Op
zl~y;vn?B#Ci^HHs|MwZSU09COsqX`nv=|0@_XP#jpHYdF#ez6#Z*PzXGq0^s&5rX=
zE=6NaZk6xbilj$DRgzq!sFD*Zu*xNa0T(vU?{C-o9F(mhRUI*?V*tW`Exf%klX1xq
zdEy+)5ZR+rw!Lu}v7PLYriN=71Hn2*H(BE!+`4dYs#9r4-P94qFVbF&vR6%MVmbAB
zdN&7n@SMaGKE)FW6Cu|{<}uDhCG84l)lO{0;AD?PJKp2Ir8Xxv*DXx0iTB6`w6922
z7c&>5^HGujF+k40GqXkO&9InD=m#YYt7D^`!6W73OYU`Kw+;P3DIE?=QD&{T&5s~G
zA$TewlJajQI1OS4@Z}dQ9|(R~yF_rm7cit~5tTguPc&dAg`?|w#<<*`rv0z}d4e9H
zoe6*f86CB&B%_14s3qzpmEOBx-|-(TG-UJI^{AbMjSt#m%j1ZT3q%veAA93^<glU;
zZ)Y;~3j25yGqlO+z4T<&u)~JyT>lf_G>DyavWF`V(SRc9z(qUO2JrM?f+brnR#!@?
zjG>-RC+ljQ8O3P3tam3*_33>Ub3u<H<~dAz4?cMV?UBK?y$HEiup0IjEgrk!<T?5*
z<wpo;EUgJ5tg$|sps*-w+oqEcz2OSe$1Q@?Bbac#qYG(<Kz3ZggEDw2O12+pYC_TB
zXd(=HCQYG7S?#`vOnLyp&KntYMrCVQQBlNl$V>|IHWWUT>oW{}?+dP*(fRMgm(IDV
zdq;;oWG;UGhP$#X4%}TS$_!uSaA<>KHVb|<oBy49CP#bpFm2U7Aa_^iF>5^9qT>Hp
zbRJh|X2U6nm~v~8tlvB|pRoU;bebMc?060ayK}+hnmVpYopaP@JuOJA{7r|>A+NpQ
zl@?~-whm>Dq$GAU|Mbc+(Yh4kTi8`!M%smJcHN<%STgLFiwqs?iZw7Q#mS7;5VZ`*
z5AQ9phGSIqfpHIo>t9$=SBh)kqcW}5gj4&by*p0FPPPbPz<dF+<yG3yYJ%dFRwx=i
z_JYd-W|W#T10gxJlcvjZ&P_Wg2J#>T8bmM9sfq08h-#~>?Z`Z|6E76GNGG8RMgu*@
z>B!SfBy?RGQ=BS}cP)-9Ah5+NtZ_v?aqPY17yBdY`LDi0wyBh4GT1l@S;o`&+cI}=
zG<psGXvGv$A%wP&LRb9r#@>!vD7L=n%0YIIz}$;mEA>*fEP^qsOAwfym5>oYlUfR8
z`i(qam?$~fl)>g?15~;P8$$ffTR!Fx^5qjCs?kYe&FgU?XbL1Jt9!RUvl7sBD}Bu2
z7%LOE7ZqSyVTKS_rB-YapYv!U+GXJs6yVRQl~2alz1L+LN0L_L#aKHgy_ro(objeN
z1D#kQ3X`f2eE%IbaP*&9PerRYq^WJD^c0fdp3xRL^=-D*Kluwf=x+nT#$j}Ze}f+7
zt1C6iD}c14J}C-*7^6>6RMo)GWjl)EX{Yk^I|uuL!~|~W^Pw$&v2OfwD~h&#V}15e
z$erF@Azz7T9-1=;qwVaAILJV*N0yhNP-qK!UGdDZ+>pKp+E$H=&o1Q4U&@v~Ft94B
zNGuzjd1sGl|GUGP@R@;N3tCgtyn6L{R91f1e}}^4f{Rrp5<7sB%qHb_))nXuARqLt
z#^_mx#A-zmXYSdJTQTWp<sNSmyd@3K^|6&dq#KCGjmw!>BXjlaEKKgILlHQ}W5)=8
z69G=xMnUlvSP+5#_t0s3xcXVyoxeZwO4@#r?UOScIR|(xe5{W<2ynDeRwy(3xa>~E
zp<xo9o0q2`$=ewX1D);NX}8@o^xw1sg&YdcV+UvT_mq$@&}-M80+_2vKiF9Yj{s4*
z1(FVJgJQ>A4xjG*d-t%$!{o^?ryg=uH?)rbi@%0#3WK&UFGP>yWoHAoiGYv4LorgW
z%hd%aYXL?O!@<&0yZKI*Nw6Bqe3QtmuRjJDHj7_>Bix4DsYh^RT&>BhzGKMMopU8V
z8(Xdfy^^`S3q(A@A7p*{V!xcySg?El7ct^+-XGyUgDPP)vAsj(MN-TEk*;3pAiQ4)
z#(BCIs7b6*Ox;2gF?0xjqvkc~#VUiU4q-?N0MsM_K9b1`a|)#qEXg47qxX?e-lI#2
zgNVT(auDN2_<Z4Fw?!RXHtqB(r#LnQL7Xx8OJ%<2MO5#xwMALFu%+trp!PFmaW*ce
z+|`c>xEgb*nWsi-2z#C#>S6&6Jt*A#-#A=#X1ut$@C)!GeJSXn|6}J$At8C8RdX}g
zGEA#@=7-_o)#p#(LnQog2KVcPDvw3z;i8R|PBE^QPyH5rmuFSS0f#=1e5P%5PVY@>
z1XSASl;kB5&v~1ka~f{iuS;diRJ?gtUQbeSEF|1o*wL1noCHG;{PCgog9WxQ!UrJ@
zlDP#Wiz0>7hTvRaGOuh2498vc5SwEPKd-jMtsCVw?8=VUBY+<}aiF9yelrzJbTDrl
zPkeli8@S-gBw63@5%l|!97%!#TeH3uaz4J_Y|`*XzwR-@$SD=+9oyBCh*g3b%L`3t
zdAreyiA)IsV_%W&xHYHvwaa~+W&+#H!zG&eeIQt=J@3)H)!A(EB=Ft6y}`Sx1Gz-F
zjDSIDOOeQjcOKg0avIU_BmmrASVpr?Lk2jVuTh494?}^-?`gKmWdM@JU^gul>6E4|
z(?GeL_QN`w>&Dk>%p~yzI3}wT4em6p>Mb_wG$n6>CW&@#mz#-Q_i9_>gT`+{5-dJl
z+8ufW+<Joa$=~YHGpyc^rh22;-F(UFWP1<XYCQ4*ptzc2FJKa^WU1lLen9mGR0zE=
zVjua4+pz%vj>+tW4uc!-hV(R|D(nSZYOITO(Z*BAUWILtf*#^@YwTJUF8wgT5${eh
zSU67@`bR54`l_tvhjnqlX@L??uhWbOBoeCoWLK)SJe{)Mz&rSGF}SgY>-|v;SQk{K
zGio{=n*rjM!mQPx`_Es)D7Dll>_zrsnxfkKS01iYe_&^s@<LwclWXw!ge>-iQKJW#
zx?28%C|{0?SWbqkV6xR80Pt*Lq2o~X3#kJr=etp}X|fTVquIIXBn!kkXDBsOH=<-&
z0ksyG?j^}qa;499HB;c<pM=k-$!a9)S1Fr-%+IiM=3BjG?@5q(9S%LpwbSo{Ozuv{
zm?nK1<?h}n+t2E@5~6Y#I~>NM-MCc!?xXd$s&U}jimdJo@r@AoN3+dN=tx;`U2XDK
zafum`lBb6xquKHI{|@d3pT&ceybBl&aDVBX&H43o=V*4U;$hZNLH^a)7yab-IAxu3
z@dnZj`AZhqljg4T1Q>K78)KJu=jR9>!BrkO%a~F})F-K{xAxs!D>1C2#i5v3*4$1x
zqirP|p6#1nH_evd36bO#EhJ_<pSS-C?`2iDj_e}WlI+R4IJ4ZhqQ6V|2I#D2U!*cy
z;33XCA^&WXnV0YYKOV~ry{L?@VwH)+h}N($W;2P37DmwT-TAuaa3I2GPb2U~bgi(&
zQ(Vs$g@w&MDl6x+YV?AYt#>XWN(4S<mnyjYH`#Jgc{={+=7r1wrN4J(_x!^*M@bt_
zh}ZsRS6`{!=S_g*&phJN;hvr{zV0?0-(u=6vCee>!VNgsmiS6pb^z$pg%{WpbvZ{L
z$;BClYrp@4AN6=&bp*G>0dz>*E3D(`_mc~8o*Y;0>2P%A^7nD^-N(%TdfijfDdX~b
zX-0{Dcm{<2R)ZS_O7M15=bq2lJ=_Y)D{qS)I#KqZuf$F>>7cg)$$U%K6oST|;E7xB
z3oD{m|9;(fboHTzAFSi<Kx0HBbl4e@H~3<{_ne~ZhC?*{z_56I7-HU*QhJkht}Y{-
z)Zhd9foQgQq#Wrsi;HH7X5i-{l@syN4dOm`WF7lVt%`nBc_h>E__+=*A}_x8;E@4z
zsZ3->W2rGn2-p&?Y%<9yi=~XFS#kN|nrrV6R2_9UReid51309d6)nlDldNTp39*t)
zs>mZt8|392L2E?Fu8X=W4Qolae+?wvCuXsfH8zS>W2vCiq~-gOsWDzAZ^H;^sp<+4
zqc-*Sn$Z)dRlA~-t~OrOBh|n_8^=G1HK_Q`-g}I$x1C41eK-{^M2+Tae1!W3C$I;h
zF7#d3>BjlfT&l-+r)Uf*yGcjQ9uXV_sGvyHv)Q>l_baVVeRJ18{cXne7FV((kYw1R
z^}(an3{FH)zmORp8jP5%LiCGvh$kJ+6wn4)KI|^qiG)__<m=J;b^AIxT0a>Eo0<%o
z8ty^QjJTRx2o~um8#GS29HNf|mpSwcsYMi-!hk<xmSBmx&YoFDUSgeYa|2B^O58ER
z6JJREX<?(<JHX+3XK~n=DL2KI_kub(cyEp)g8_cxRu}-ED-QP47?xM1iA#x`i_7~P
zWjE0qykziGFe^YDScZ!cbRyIuwzjoF)XJyX6L|fWvNL8o%N{<*DK(Wa;w^f7+onPu
zGns<Kcm#ecCMi292)RAC)m~ArTByPo9KgwPqr!eVF(mt~Kr9_8<M`oFy~Mg;FhKZH
z-2BCY1rqMfk39byG=9#cNnnQW5jgSpt*`xbVi<M52nv!KuacaVevZ#+KA5(mLm=r1
zYw>%#iK^(fXMwMIsl%@~?P@d?8N0a_<M_g(PtJc}A+Kwc!S3AkW>Zy<5a<V#?|l5#
zD3y<KH!O6Hv)cx^LI14-x>v=pl5r<Re~i*LJiM7GQ!dn+mEo!&YJYan1ZLibF_9>9
zRE^NwVRTH0F5aq<2*(l|!?`8O`>>bPo8L7zgt7sDb)%xpvqFc}wlSxdtEHkL(2-4u
z)FXhSOicG|;vM$t$pC^Y6$Vy-%=lHU#QT6j9($Gq&LQO<IYBc5V`;u@l3Wv%|MG9`
zQt=LZmlf2@6f&635hC&0Mbz_x5tH%ND%GzEP*Nvf@6?iUd_n9Z6LrROHFYy_M;vuo
zkH)xL?8~!y@Du0EtPM#nr(%*G`FsbDPy<AnN-XUw^-pC*?L91UD0xnWDOQ501Gaam
z^K6(|tO+Y7#rO>fG5Rk_ht$(nH+VXe<|9<x<_l)Zuhi|b$UAiEcQp$kH2rkFKT+U9
z>#A9r3}sDAbKl47Ky~ItN!56ic`cz!;DdKO@k#Y+d}x}`#_1FaiOjqhP(s#KfgMVi
z**e#hp}y#FLKEP6<;;6)R+`#0T>4v>v)wtCy(yJm8UhZwVGdA5C7Z3*m5Bt|o+2#O
z7jOXbpS|gX*CC7e;_8@y5e#kN8w&46shOnG+Z05)n_T_XW3Q4ty%l_gO4Q!4;BKSa
z8j^7_G8rZKWCR)MC51Lazj|q5mQ*>$vIQlbUZJr;-`KKp!NS5WUOR4;LiY*Q-Kb1z
z&ygFr^f9=kX)>W<(8wMzJ9}7)j;A=@uiCC4^y1FwvO@57l1co)A>sUq)60Eb3M`-U
z*QQu4Mk-u^FiphAci)-Se&6>Ua+^4<l{C4f;k!{({A?v*<ETfJUM%pi@|eFkSA&(-
zcHG|$#kv(J%PB+`Icq~eUW|6_009Z|vYYz)M%_;Np5i%RKvd_myIks{Dz$sGG)~|}
zTkK?d`zljGSgxJQRccd&v|hD&ThO_}%eTnd=($Vc=zgPzsK2clZ_a5TZZLeultS2#
z+^Jm8ZUE{HuB*ugAu_jBI1b1OV<3E%USNrSarUfTdUn>skYJp*hKQ$Ki@$R8+qhX(
zw{QyFQr;Q$6<&uGIm6W$I7-Seh?kcBvnr#3>55z&N<m}DYw*b?>(w=5KeO#xJ6Sii
z7K+q)6eLLAB5O}m^$+8~fC}!wD6L+0I=!D``k-pONK6r8>_;Vw-zqBY-LVJAiQFll
z9IQE_rA+Ioqp-uG6yskge}Ch@E>g0GM%^npe3V&JTJ5`0aJcJ>i;ZAb3LaFOrJ&_s
z++R#Mmo;j3aYX!XkS-9YEdbraKf8O)BG4}jgdo@OAzffGLDaDLa?T&r^4(b0_H-z&
z6?qnoEW}t(R?;FfR|>eB!aeAc?$nh+Vo)??a>FdM0IJj_zP)<syvOr>#?5X4T&U*k
zHnpC~YbNXD@enH{4&NK{0deUzbNn#dfQR=r6nsH+jB%1GxI4i9U|a|@-!no|F6oE|
z!HdLed$%(QT(j^)G^rlEM=YWrN7RkI%Z;-VxAay{fcL$*;Gc$C@D>0Gty`W3p^L-9
zg3o9_<yJvXU0B66`0&P+Kj@8VL@+d)?TSnvxkU68A!kam2!r~r?}XE0+wLba9dY{m
zVs09*vjQZuAeXxbK6b`8{%;M^<jTQ+zmVkjZrmkIxx4Ad05f9lxgHLn1mAhdCSAW{
zx%ZQDHcQiCS(~wRy@Y%IajgwSE^%fE((OKOK=U{b%59+FV1LnU%m==p<6#+2Trpc2
z5WV>O5|ww0Iry9@ftQcVw@ir@GEIfhR2$VEbcZe{(!uzh^}fk;9!7;(G=05D0_(t*
zWt!=&ECXXoQx0CtuF~g{Fcx8oLI={xuOfYKDgQO+k(gt*KixV92oEew%&77*4zg02
zJSrs+gs1rq-VElsbjn_-nSPlXQ2h|vN|A28SLd0kw=gyj{dt092}>(W$wK-fcQ1Ti
zyVyKt2Q=-1Fup8J4bASpI%p+hjPdY@A;gc)WFDjWgr<8Kt`uXMazS?{8vD>_p|YrO
zvog1-gpn|WRkKUV%dRYJa?BXeHocTWD~*}_Z}fwY#t-N5F+)EY(SAMfQ+C6yjm<8G
zjEvttqxSQEQz>W*)pNLo7T~F|rWlc`0RaZ|(QG{j1D?ZAYp*dZ>Xv2^K{|7QiqXUW
zR21L8&50jCJ)~`{$j3g7y(MdNf6bv5$hc@6O7p*jAqXIV7fe@QhK$Q3S3zTe2ttNm
z0{IG1ALg_(Z<$E-ORAAToA|7nV|8HFN_kv$8d~j+O75&H!MDCmz{uq{Xd$>g)yrG^
zuayneyz$nKH(npQ7VSRRm5<uRaM6q(BSoUD<iJ9Z=Yk*2!vmBgmWP_PJ#*x$KKrjX
z4xS4|y{J-w9qPqo&{Q>jLZM1_9OZIWJVarj2n(yq34N_6#3^&}lI=YPO8jwqJnRVe
z)i)jaBwLJ#Qts^Vj?M&+kYZL2_~;6uGG*4Mb<JnI5Yh|hIu6D>fg6mZBmYq#)6_dV
zextQoEPO}KY%KAg5q}tbT0inEbO9!;EOzjB5!lf`vIrJn2OxenJg*GZi-+H6nhoYz
zl182t=Yau?6(t2=|Lu@Qd&2Ion;w@$`l@UP(><Dd42g8k*=vrus>LrR3wXM%$^%t1
zB;*S682~>bzK24mqiCkW1!u{f#}O%=+1}oJ#oS#^`fs`EAG+Y1&?k%#!fah1BDluR
z32PfLk%s;=M7m}r!B#Rc!rE-^a_}hL;fjJb;63P3Qp$?{;{D~Op}pR?V~T9^ibXT4
zljQ^~_-G>5=T=#W&k;*L9gl<SaO9Yre5Z%!p=3}#N5&Uvfq;h}>+v{}N@OgIx&X9I
zm}smigu;1gU8cNNO_ADk_8`bNl*sR)R-)tcY;*RY|Gwzuz#I`_C4^V2rYn7mP%Vas
zpR0q%Axof*)YSF_g>BI3f+!&_7+7D_)VaIgJ8MzqFq=0#R3UKzAk*>d1{56mYv&l%
zM-=KGK7O@nN7>yG<-b2A%zj9kUxtLJ(T}c+JXU6!CtEzLe3pP={@xgrudwypTe7E6
zz}<m?V#X-}EY+0f*MKJnYhkK~4a5W6LH+CW-2td6!wpa}#uDUoGidSjKNGZl^B@?g
zjR;GJCEbB}i<FZE-;v^PAYsU3SQfw;FJJFc%`Wp`)bRdc<f=@ZbC7R|iMB`P+C)!z
zn1Gp%htYqq!r|_Y_wI)C0P5JoMD6zTE4|BAN#=puAB-1Zm!29Jus#4khc`MZ&@I{|
z^I|mbv_Z~ok`76ZV_vPF2`~!Sq5YTiB7S6RB)N!jt}gS&IECmS$6uX8kIb$jsXd4I
z!^g<kK^}1eC(S<l{!Bh04@eWu&PrTIm@C@ld9H(SU)88~x+Wd+rvip8>LpEl^*Vkk
zA%AJTCH3-Ha(mfrlV?H`P7EG$NnPcURQ80)PNO!K=tf)%g{X7$OS(&P=}mu-m|Tw(
zuR=%>o-mABR+t_@HnH+}VjIc$_79^b=g4w<(2SIff7Tk1n9R?(@(_s^&<e3%RDXI5
z5LMQeuI11^1ji0nzEiS{<+j8r&sKU~kyG&4Y%qV~wr$txHhAPNE~+VUzq)aER<wdy
zQZO3?Jcss-h1sr4Zz++2#4{{&CbU~?oqG4hD`e)&1U}d2xOWfTnz{x875XuzS#^F7
zwput~lmp*wqq&q`mY<v>)vGdBvE(%v`!&(J)O_5gRs1h6FCx`n|AcAY<jnw6C0y|G
z49E6Tr>kK9Vv2r~@5g*W5BqM<X7MDO-R(mn^ysIsa^~C}|DC6H=-{L9*D+>=fYF{<
zEco$6^G&fL=3<@rCz{94=lc+Ab601o27!1iEpEQ5Zl!~x_Z!zgoBH!gmkx{iVHnkl
zAU;{9W6YGpY@|p9ECi&A_YsoT)fPLANm^p4?m5;oZsx1z<BA6?^C1_p7ASyXXa*~K
zX}yo1AaFH^8EV3Iu+MFB2+CkJ>N#sb*5i$SJOpQI!s-yA+rMVL2V!~vrZ?fWS9Bl=
zvYw>~u~FfO{cfIW3yXNdc422Mvq8Z?_z)>mtG}}{8L%kct3g@9f4du9>L!6NOR~gs
z55maz-O8`hIs=bbv4vI@Zae+v@aTxrdPn-E=~(?<-Li@KZ@V@`Na9U}vuO0$Na7z*
zTbsD>CbhECT|6WvB|KWV|F#@!XkTL$0x)UHTc|><2%RMhvhye^=O?sAtI`sR|FfgI
zd@Eh?bOt5tZ+5!SufE|&#??7@d)@W0h%v<ti|<ck?&5z_(acuKC<0k_>^!j1s2t^!
zxgsvg^V?^HL1wciI=1LM6$p#K$=!Ul=bI<S%7-nUGz+mOvYvL)7U|;DSL$JbQ%l<-
zcFJ`Eoui3>w3nZkYo5g|LVix%x(|A?5h#r?|HE!9vAZbIC&2<n)1JaXs04aU`!d~C
zsctGH9#m1S#qDm#!+@Of5%b9*0tK8FY72@n809>=8CxJxxi&(CCN~p4{rYbHvkm*K
z`mos;D11-bQTygtWr_J`5-pWoC~=}U!id@3t!c%}3w~<q%<^d&_Y_D!Uwa2W9uV1k
z_JZn<I6=t?CX;8kRhxSMROwNnq3?$C$Wxz1oP;b=lpkzV0hu-YcJ88af5#oc>QdJ<
zc|t*4mG-h{cH+;NZ;&@<14Y0xMGUG83Zr>Fm!?GfGj%Oyt>ZILH7{i+)2Z_gpIUko
z@RYFWvC=z~M9Yjlyy#gOkqv7K14k_vU?eNqGBR6%=D|WkI5srR6`9`pA?U^$5-~B~
z)t+CyrG-C71=t2nSLuG|8caWrEZeTa2^9s9VOXp15B=_WU!N0ni|z(xNK5ZanLKjg
zr{Vt%k-*cZtR~GKKgW>EWT3?e3Mf=0P*6|E<-)hJIyMbGAn}6kv_`0Itn|i55FNjy
zaysit=jE&xy_TNIA~e(LO-Xk_g~zp+nOo`GE@N?DM<#NTc-~}_@!^ECphk;p@G)LU
zncCGeJjy4MiG}E>j9m@S%ZwV_o50Z@6hY|D2ig9D437d>taxS6U*yw(G^GD0|7@b<
zY7P<Xa9b_(JluVkJdJi6JQd)x9&S=!GZN=E$L;qF86T_~<D#gm2E+kUX}uJGRCoxh
zoTsCXg>!xBdpw)G6-CRNB4|uT2FPIT_;TN1KtU1YYV#}3OU*!Fb0q9?_o3#B9hxu>
zjpn)2fX|m(q3$188XU|)7g&;!qb0P1sEFA@N#%`}STOnijCg<245^`Ce8COHir4p#
z@1Jf-CdcY9TQt3ii;E|bd_Rtc2hB6$;)C~;F|q9RfU)vZ1)pbRRT1)iA~Ug1E@0ME
zpOyrFW6{yIvGhrf)~9`B>A;dEa3T96Tx2XkbwC7wai>xmvDoOkH3QCaK2>Yl@(GtJ
zu<0NUu~@y#CDc;Y>t7GW{4Tp4Z(hJOi~W^!j7#yEz^~VhU*Z_;%9f57KuS8M<Z@&R
zLD|l^+C#CL(HsjShmSeN=(|Hqa<%%44f7lgL$nJ^Qe~*Y{(F#H3CMG2_WZvc23gSd
zDCt#KB+J;;3rFj@p!0M+vH<>Ug)1<$XVl6zbJ(YYh026d&6i_C*#&dP9d%P}<(VIF
zsV2~C8_VF9^1DbFU_WCIO#GI_Y8=n7IVi}67m28lJ-!{7Cnft_|B?9C8{3rpbf72r
z+`w%R3c|{0<XC_)hy&l5IGzVb4e|kzp38^E78q0Qf4Hex`e3mCUYpg(fI7Y>a>VSU
z#hYUMP#stOZ{rYGlMPD3WxbDjrG<F$H+YjJa(^Kg2;&b`_B=vAQq0x@?|OA?niBn+
z6##H@P<~p}z{-jP7!&6gx~JS0c5RhrE+DmF-;(<q&s2s7Tpkw49A-S|;*5e>Ixi8~
z%n#fAiYEls2kgy*bLJf=?Qlo8bwO#-qv|+6)8wil$M4Z}C3EvUIH%?T0Wz#_n@#3r
z;zYq~0Pr&2A+sCFmS8*)HH*JfD`3pH!n4xx*rP??cT7A5KGjR~6|o3oV_I-xPpg_M
zRg3;Y(JT=(gVdFxU&}Da)7S(;V06i-&VH7uDb1M?Zx;oU8Zw(AamQmYb8h?-pE|8t
zxhD@s8d3M+uXqpba|Bf$CUAcrzbJ;UfkO8S!DQ#l`DYW0`o_SGMJSiz+7Eqd?h>fK
zx?s`18NEk)aRbbWwtK&c3<ZC~V1lA~Kc9t8m;Cx(=cafATb;n6+L=I|%K>Dpozn_o
z9id6oKZ?TO6<l+V2N1OBm1YsTI)whTiYjwq`~xzAJ0}+b<EOl3Xx`%DRCQ+EnWDi&
zdbo4>hKPJ{;cl!tL4a1t)pXr53`GQ1F#=8+yWWsFLc}_TXT#U0kX)cG2by=W<<IDS
zH1TOTGBrbChcc^<$N?|BAuR{}FRkf07)?70S=214LJgC0cbW}PzG4>_5!N(GxGq^u
zggij*(GVDOE?223p~R}#mCK@;NDZWea7_`*>QVzd*b(yH{;xYX93k*g^Z<L;_OMY0
zN>77Fhr8^%K%T!&q4#Tq{R6#20=-Qo)-}C&qvk$3Pg%}82EMyhokK?-2oOqpM@)!E
zH7}cAgkAk~$G~xt=_YAz{q0j;YhB>e0~mN{;gbB*X=|!!O6L@|D`J=V-YC9-_Usy4
zm=|FfggFY`ctZi6|Do0<RQseu`+=~vvNtn7inY%7TKMj|U+4W)mcWdm+L@AYo?uRl
z%{Ec|l1R()gk&6uBF$7=Gg_mUbtppy8QYakSkQaHc@R3EeUTDpk|Nb#S0ss}Ns-VY
zFadW?jrL-At=&USdkFE0aGVHFZpbaD>8g)*u4)AU2>U$pWd)_d3^Wpfecm3=THypT
zAI-kl3R1@gpJX?TUBy=t5Bi{-adjAgvkL*4uRG}{qhE9KuG9^D52p2Ik7q06F7rsH
zZRE3MVKF0Qizhy2q6aB$AD0~bnFj<49pE)QHwn3-FuA~>8D}a{no6<s8K83*1&rOV
zShyF9nvo=^Pf8x3re@dz_TaH-?CDZEX;RIr{CtUQygN?=H@VYv=(r{|i}r{rH|)PC
zdnq&pbkvp%;{`FVEc(GDcQdu8LyCx1sK}l-z4M#8_2hC~&acl8BT2sA0Zb2<n{L5)
zlxm3}Pvhkh;>pf+1nb1nmAQ?|Dkz>A0RLcF-6{;&8*3WfD{DS!kY7oqiS}dS0-aH!
zz%ZDLEQ#V0TUOQ)LlO|d{7fTf4m{T}E)D@C_;%D5F$Odu;N4b79D6I{5r_CLr;zs;
zum`6IQ4_jaz#2f~Xg?bjZ_`I4#@j9hMRFQ~HXPRb;XqwlZc;!iwdgI4DBwSaPYmQn
zwYTI_@Y4F5<kJ9Je2vuQ7h9Tjz5D3@+&qtY1xfkuj42kv<oAMD(jTGXTX6jD(k2zW
zQun4CVg~&`F~TA}ASxe;L<)@*M_#IG6;B~QUaeP5SKY@48wpe5Fvt`9&*3AEvG2(H
za?@Z~99rs~gyvni@~{&aYa;GuMEmz(_uT2zp-%t_?ybB6w7o>=Mv=PxGFaTYE>&%$
zajn!XVy)r72$g1SmX9MGUS2Xvwhm(kut4EIGh)3!Ac(|kF#}~uV}<4)`5R-7ir-Z<
zSz7P$Ff`T?`?<<5qgPOGaEE*M7rlT@=O+0a^$CJ+h5OA${-{F^4lFa%Een<eZr;Rv
zE7MlXwsHAIaWR>pTFOgIS6@Cx03)kZ!_-cEqz#3*E0$zxrLmgunwJA5-zgV!cTD{c
z>TObh2$l>9V=)mPjhpu_h2q!ZrMRxKf?fqHx!{8BwG(~5W4h_-v)KN^+SAYN!;3_K
znjv5nXqOD$@JUrD=vDX2WqA3D;P)D8|0AM{Lla}D#{uq3=?3&68ginsu5XjOBau&3
z8(i*RrdH}LXJY_B_j6{;43+!^P<=R}et5kJt{2Mja-1${&b=H7*2Z~17W0ryc#7|R
zOpr&8BlgyfBv}kTHCxox7_BRtJ6?Y?1*&fu^NVh>*4*7WvOiblwDR_3n-j#-T>9Yl
z00I0u`S3?+p&#$O(<!l=r?9izMv+8=fne<q`05cmha;Jz2rMAK*l25@%E~V?_T|uJ
z=TE|9RU0LH-F4)DVG;Y^#rS0cFGIrv5c*o|>II3S_lf-JJLZ6y{try!6V1F@%^IR?
zo%N+|<;ib0mA#tZ4tj2oX7$i?tI2ciJ|p(l!9WAF{5GKH0Dh-u)v_}syLN1wG6$1q
zwn2yQ)Apzotb5YG@nQ+i)3hI(AOBbYIL<5QCEkc4reY$nYryx#!xfo5l=%`)x@9_S
zx|wpl!ZhvSJ4x!Woh<KcJeb`_=j@#xt3;gB5cbPL$fEhsOvDz$Jt4yNRkCq+9C|ro
zW>;W9a{0T?b2|t8JV&F$tLI86okOk;3q{O9X7=L8Kkiz@kZ=grrwBjdeB|kC5y<Ir
z*GnqKV6oqk=0j|$+oirK4eqopvoseV@Ak1fAb~(SFiP~rS9m47xw_-g_GA#@fgM>h
z>7og71k|RP7aoyxqq#DG%=hHj-y=ZpYMw@s3?WhyUcf}Dsyf88Q~7=~%xk9zsjMg5
zneT0yb!z4hH#gtwW~F?*iD-ZX2hf(ZszBj(k59=d*e`HT_8CHpnM|izf5j)&ctmHd
z=e%*Uw`eT(<UGjD&x=4SiF=31wC{@p>A@4n@%5*WJUa1M1h44VHGWYD@1~jIl;trZ
z<h!u-WSjYQ1Zf@yljU7a{zd`Zz5eZ%&=7nDkqnVh-W>c+BrWr%|AH8=TOnml&c3+n
zl7yVI!l6VY+ZZwG0AcIHYUk~%kj<^ni9&W4KL_za1inF;4L{W@(82QmK*3Q$o7fYh
zHT%O17czelSXKHRj+rw9YTFwB<~g;Z4G(r*kfyW({9_DMFE4>O^4Jo<GgEo*7hUdV
zN~gTKz&(EM+{XL;N@*{n;I9+1_BXiYu#46XMlBC6hISD5Xv|_H&d)=Fw7q(3^~JMN
z777-O)=)%J$ju(BKXY+OFJVKM<^&0><u+${KHRa!YIjw;`XcD28J9raX7fI25nltW
zJJCCXvG1znK*puk*P7E-bJ5Gp2cjiSmLh>`iWl5+Y~}b1Ql<ItJ%aVno9Gux(`D=Q
zX?1`gFXtn*_QPw$U8Hv@`l;*q@OUI}YgXoq0M1mp<F;U-Wqgw|f5Ok2y02i&ha@Fc
zy4$y?s&-U>&4BBpo!33(Nm6j}PWAwL?UeQUk_Q@C0K01W2%?lP&+`-b_$lyMJQ|>g
zwLY+IDPPV!@@WTH?leL(qvab>C|zDH#vwl)xs;Fv5SRmiX~?TP%+oNO=(+e+=d{mh
zX*Z@J@?zL}k4FP6aRtY!-|=ZJ+<8n~Smcy3TM)O@8*=mn4fqu7O#!FS@9-ct^uZ5R
z?b!I)h;XUWU8`C$RT1;R??D63(k~KO>{1B1X0IQlX~?_6M`MGm$1iswbe)k!hk7oj
z;cM;gTN(sks<fb476qUB%%yEM)zVJn+-bU<_LRS^<V#U=vOcZ$hJZDoz#13^J2_)X
zZbDT3+1{13kmbW0SWWe^Mxy3!q>}t#tBi}-1)N<AcEY^hdim==ujTQ=bq(1NJU9};
z2mX_O2VeOD%(2zYp5>7u$SAkii(X`n6K=h20#NGM-Fo#um?SiNFcjt|^B{)}K@$hP
z@I^U~{rSV#$IV^Ea&h}CPCtf~ED|@d!MG;{u7I-%(JcvlNhfCLanq(0XwF?=uS=}+
zjD>cvC1%8N08ea5ObGfXdy(qo;u}9<@1$q$e8Q7_$8qBDDNb|UlJEtO_so>b)rtqn
z<g)a!`)h^FOHN$=L%4WMjp$-(+1usb^SJH-tA7wG4Kv3afTB#)gHL+(mEMvhD*0Te
zUfEk*RF$ucL@rm;XJ5iz{kolY$xxuS#@ZNJs3SuIkvE+YkRI66m?mcaJ)z);-q;4J
zCQ+U_w=8GS$$Gu<JCsX}mOY=sHIC!aQe4<})}phN{y#ENr{)v3FwrknD*_-K<wk(k
zvo8-DhuI>c1!8NpSq)&pCU*u{h_Sa~oZdVbXN4T*evaOS23Xd)6hrLXcM=g_yKe+?
z)qq-sTv4$|%sFKP@)r<!iJe4_B9jiCh$|Q>&s<(ODj$`!{CiZavA?Hx%E84y4(v8g
z)Yq5}uM@h;z2sQ-<~D@sx~!J{98ga_E7NF=Jc`I^-H$+C>KrW{*2;2qgKI!L%>GH1
z!)jcvhAws4XW@-JeQ2ipOu%(h;^X^^*^jP11@FHmM?zoA#`!?}`Q=Kzg%0(kA<%j<
z?-lI>XGR0P0QyP&8@7cubz#H&QZtz;dwevqAauca!LFufAl<!NPhgWh4WE1<q~CNz
zc~=-2sq?$6U&39x=H9yo5bz~!ZsYf^{p_cNr2FygbJ3yOtT6!RIFILlM(N0zeNG5g
z`R1m75NvMuvB9zK8@fL&D2o+Cd|<;9c0*tWfxW~RTBX?-#Q?4El;esI?b(jL&6x<d
zKo20EU4r8bZ?D#vNp$`Qjje=cn>x>rLvjd9oL|-P#lMAgLdXy4fsagJaz@2{o2=M@
zGJ3_h`iX#0r&GXf=<P+-^;D-ccBc?PN+zv10h3tm+IQb4Xb>g=Csv&wS%ev?ZzvH%
z%T*c}O>N7h$q=K7ulZB7u#X*`7SH}Orf70|6`w)U+1_s~kns*P3Q9!IT?>MQM#sb@
zf})@n!8`uq+|(R3j49<*(4G<K)7TINhlV2Ig9{Vx@ZqTo7QMmfDk!R9pcVP`G@q;U
zD$XvlD{G6!E6VKu53#nHSp6Bq6}w5Av3g-FYCQR<M<p``Gvd4kxRq!1Bkq%u;D?vm
zB>jCievj~5iPsMGm($?O17~1$f0f&)?&-)RzXOOO4vmja;8La4g8??bL+m*?5usXV
zJKJhwz?1yu>7CFeCtafB#Rm?}H6oR>7F0$!_qlLndMG9F@<vKy&RQls1wIRe<x-O*
z#wuN<RS4)e`H8)yRx5QdCH5@qH%T?sm!J8Y39?q&o7z6V`GFl#gB>;W9X{Mdy&(QV
zTo(lVRkvbuKvlXRd9dlE+qm@VNhA)=gd?wo@}Q_>c8lktaAf2PzczLu<^6nuEe>db
zg}wL%n?T+?)oGUUpEaG6AmnTlN!KGA{R&3pT_02k$u3y9=b0JYN?W+IrZU_s$taUv
zO(~jD0+!qQOJaVWiDHdReD6XL)bF%7C`OaJ``8%6=X=71+j*z4ItId-IrGa4M`zH4
zN~W&`57UXePeU>en+m5^P;L7_nB8-A+PthMgAi#DLosTSbwk7JX5!jM>%a2899!2X
zGBHMp^B=(V@Hb~6ON+Qqgp5NcFO#UOD5DzngfZV@igDd{T=HdmH|OgdE-7AoZ(5^r
zK`kvq&B*P=>s~VyxLk^!sUGI9<Lt<wRyh_qm9WTsx1xB!<`Tq$S(fi;%sE1M>R&Mj
zLHq#gC3R4=OA$kotYX(jIK0eEsA?{K7L#ioK-o`FI;8DK)D7Cko@V-{Ci?;BHTLjm
z2UeyGs<QX46x(KG&hXL&$fWwr+NBsr*Z?)Vc>yrBh5b3S5xhncDMuK8koJ17*=@g&
z*15FRY{N}L-sgW7fM-zoU^)2)43d`*5l61ov1AV!K?}Upv90`w;pJT^Ae6<?-xkXz
z6OHQCpm{Fi-h$-QaSszRT?1%&fqWZZJEokyTfH<)bA;wVf`Q@nwfIx}Z13EeD<yDR
zN5fLI=$I*PHme#@K@-@;li8NLXa+@=q1LhmzxiqVaX~}<NB|Xu=4m_R$q|iKOU^6|
z&{z<P<<ElV-FbFyIaNF|B{7T4721qX+tb-CP~OYCT0nt3UwXoAkn2gz1ViL!-<l;=
zs=#yu0_8rIh_F1`Y=~Be;R8V$@S9RzoNkapDM?x7Yt91h-xt)r7S;>~iZ&|sQW;A~
zV`rMUNp?5ql@6V-*=A@bpv|<&cG%3M86@bOGy~uoTCq)u6ztnhX3G77?;tc+p>Fgg
z#cVm)h_vZbcg@2*JS8qV=d@P?*(EpL0||qgp3abwyR)QS1K;M-#`!Ry7{CH(IV)hW
z!PtjqhVz(?#XBh6S40NXE7&Y*L6HXHz0v}^d#`_F31j>?YY+<c@f#OVp%ecUtpSMk
zu6|_x7`hKLoy7^$AP~Oq0JEYr0Lts=``~&7$#MzW6qyS@u4RrTY=z=W2w)|vN84wU
znSCCWEvq4Ek!R8-WkZ~H>{^@<kU#eA;v#&Hv&fu9|Eoy6#C2ulq*YV$<|gOK(>G98
z?OX{{`94#5qM~wBH~nR1c&?fxFN3LF3k`{+n}yDUvjMuoRcXHl7On2LlXJe}OC<;Q
zUS9?K-ha(Rq_gV>NR81DX@PEaB>w9E*57n*STlzTIR&vvc|DcPiBi~>i_yStBiJBG
z1Qze4;_c)vPQTm~r)qV%qQoo_(n6eOKpx8~fVkV@qU#}S)Sh{psq`ebPOkKei1XFN
z*5qE0_gz<_)Di|GXq@6MgBB^%ntg$s+fgZYLPPjdIlR8gbkw8ki@oAJOwr7By=GC;
zftu&-IW$+dy-5#m;DicQUKUC6P+Kb=-DEqbY|y#M3D80J4DyN)(uJk?u+e0n`3WFL
zQjtR?T+d<Tr@m?D{edm{cHoIBEjW%4{1yqbObOAf^RKLwYuD|zUqs4p1<F=-#MAAn
zJ_DSeocH_LCE6^JSX7K4ti|}l-c&}sEwQS&Uveao4h8_)hq-eDJ(e9RL<mzO5;iMb
z)G0Zx@Unx}v%AU@h;|YMYPDtNby@J~%9otstmtFzN(s!3xktm2!UlOYytZKSX#;a$
z4fX{O66c~8R7RQ$<nckT?fCb{De`?6gvRkU^PiZ%M(^IqT%;j;sytwx!3>lM)^>Bz
zj1}212+goHGT2;-I7dSrs5I3iZnK)-T+Y(V3>(+X2!gG2BJRm{kj*`!YG|MF<Xl{i
z$)HpzSTXJihSR3o?pEM2K<3H1!mpN<PXcz+PW?OJnsfZ|9oEnuQ`9LTiZ!H!H82+k
znCd6H&Ol<mW~saQhE6dS!36Xv7XfN0icPCeHr8`~8$GkpPVL<3SI@1o^_Th?+@H5H
zabyuBqpnlFYuOt!=4w4_M>$W+3+`d4aiCHGYoj$T%A7>@dY-8+EXr$w$hR1<``Ogp
zKw()Zs+w8%UUgT)Ch@kZvrjlAL=8wG<D2D#o|;em#?$UOY?6Ug3P<XH$8@SzG9c73
z*8w@`G*U2(3ykdd=<KUJ-DD~=%7gRlv5xhjen^B&a+$v{^fnM@zYSZpYZm=3{sN4?
zUO))A@|KuTl)??dW5p1+#wpIhXQ1H8^e*lB<<MZmLz7=tf=fUDpk>#*e`SA|w$^*{
z!Rgh=W*Nc^%o(||37KhkQy}*OsR2>o$kk&qK)R7cdVGpTZ+V==3Z=VvYa7BoyJe3F
zKnwAPjjQz!k1_`Fj9>@$zTqNc^3<_|<>Y@%Wr9wq$EENi-dM4q?D5`-n)+`S%kl}i
zjw_>_T|aHCFNPJ)@Y#D{wa(3>_K|q;vLKXtvqw}d9lh@eBy&Gnh=hblHBlM`6GF*o
zn0|zT$E%k8%u5N}55Lvpcn!H60x>qA8h79aFhUQvc<$K*VuDYb85nQO><#f2r|o+D
z6#cGV_&K#8QOSbD@LK|TKn=adqo;u64A4MdMhZFnFztyK+i4I9?1{#5pW6|6tS7{W
zc12<`Nya3QUlD-FUad}sYRQa;Vcsr^K-X_*3b9c`PzOhK8!TQA>YF%-p1OD{#Ql9;
zTaCv{tz`JR7@sqV5RO)_i>y+t=Lh4ukLlYr$xh3h^I(%+nk3(Rq%dWC^B&UHczz}?
zP9P>Y0amji7y#PZ+%U{o4+;k~KeY@k#~~jmdWzfY=EhS`2QXO=v)DKam;=yTG2Vjp
ziS4LN0?&uDJT7+Kkc@Aa$-)8>&fdfx=#}{Qs4?m}AlEJ(D($}`nj~FWT=3bh46uJ8
z_me#5a9=9Im7r(kiyE|}bE2^q1BpM$TXq2LGYVQ{Mx7^Cc+*%m)fE4yvu$#;jHmy@
zs&qKClXGYFCMTc33%_;<m?z_%@{mK)xZ&4W+ll9qdRFkFo<=uPZ1vXB+6F!x^1~)y
z`nTTIFC)rygakS6b$oqt8bLqzH02Ig5Mzo4R*Ua0<!?Ve&!gt)H>NQQn~-OUp?zI3
znl2KD<uy@CCXH?6&tMrQ<#%Mz2pYu+nf!FpcWnLlPuSxcsc}(>y1C5Ka!it_;4A&q
zQ3vX1I{*x&Mbek8*abv!S&V8-BN`JmP^*U;f#9H4_n)sz@hxE8VgxDl`q27p<{Ht(
z@4J!98srT~l&X@gsLatMbzq{jVPf0B${*Gh%cVxgBMBA|&e#U@Uf*7WNn))RWg}YF
z7O)8AV1KG8|ExbT84-oU1vS1Hb9x|eKkMdb(<S$VFyP<iIX%9<e6LPJA}M{Ov6eby
zIz}o^m*r0F?!(>iglznwMo0!?JzFqm=U+l8i=AFc8n=1{#^c<}WggBvg~@PKU03od
za^HpYDsO>gQYv2dr>Ssv|H3iyju?lxtI@4s2@Zc(mJ(;L@E?+Qbyi_9Zb?vvVTu|)
zYkC=YQxdz`1L4pu40iOMI*KUR?gds+KbI~jjU;O_fz38s3t-sE#%Os3rtc)Nfm>MZ
zGp_DE7QFwxsh0jJ8$6S=K0lS$c03XRtb!PEYbO)XtVHy>jW5IcR?ryVrU4%tNMijz
z3DI^T8b4CW7(64?C!e<2CM%v2p|np!FyfsfA_ex`^rtsuQ0IZpsy4LkXFSlsoXrB~
zTih=_nm$TjWFqX!#5AH;3yC9BxNpB<BuYY@@JP50quW<1l9~Q+7e2K*IOGIRi03{m
zXdKkp<H71&X+EtCAb;M((GZ6Y?bg(yG5CMhB=9<)X~W5nCEb_@%irQ9cXPAY$B1gn
z>x3)h2)=w7T(v#3YwCUi*%>2br3eM|A&szADyu6coBxrUqoR$h<6u0)+Jt52_I#5O
zyl>nKt{A>ur?DsaXv(qiY=gq+r>z-9uVOO>%kb-QGuCF^Ssz6+zbC6E`N}-G|JwCv
zsQG@uv?6x@rV$4GYKBtjHV2nYBSAjUq-okboB}xgDAc(K;L&y%!u8Q9WtFaT9(kHu
zN6ojlkhlM?(hv0e*RTn6ZkqZx7>|l^Egq`Os1Nmtz@b#U9_2@|Ooz69j|_jwsSllc
z1NZRa^qznL{$|Va_7&IVa{tNoq{?Dxygr9*#|nT{+f<^U#IBl|7sA8wYau*xHa$WI
z6c?h|U)v{%zBA;g(n00J@?^*R5gLEe$K0ov=Q23h_9pA7C&TCuNL=`{?wz`S4OqhO
zPu~0yrL`6lRfg=a@>Wy`8aQ{=*71~!t~hf(MH<n+0M^Ze&}sbVsQLSZY@%Uob&07q
z>U@WZ<jo@&E-f0$%2B1Z<-r6;+Hv$8R2G_=&wU!Yl|`k3)=Bb&3V=!VjhTwNL$`;X
zC7?r1W2(`#u@~b-nxa%(!7Vrz2G@bXtIg~O@ntkP|9Cev4qsniu6N=K9@pZq9n>Pv
zu+55R6uFiAAqh?kkOv)9S6XmBH2n#}M6C*$Rcy-bNa=X7Xm(F1j?YK&`cqywTW=MH
zRguL%VTohME8e8y_74?dp0D8H<f^(<p8N6LVLe-O6x1LyE=LN|jtDstM}=lMXYA~&
z)S^N%ZKHtwM++dp&2Z*q%cnnR!$-Ommeo<@HR}1hg9T}77%ON0h4%hJ7}s*hxzlK&
z*cpg4&(#a^7^*PlVk+d)-LVR_5iSUxwPKV60ZOF9*8u|a$AR&X=mLWK;V3o8(^3=P
zHJbf^J&{Aqb%PG?6qvPJ3+pR42goyDvDoc6-pYc+2+@^;5i2hyKe-Qo#)0WQeOw}9
zUM~(YF3>Ad=<MMXsv%NJv8!iqa*VOq%1+s}BGWUKP2P2_tj80KcHCRM+_y^WOnlH;
zhnTFQLUQgEq8u$XdR?BA9`DrZs-}G4hR&Vk?%n#wNw3d>C&OfBb_NY|fK)L|r}J#A
z4Ppi7iiKg}l1PTI=WLZgI%Ym&xWM*Xo#0bOosn-~EO^>r79iue&WM77Vju->hOghU
z85AR6Ple|O`nU>7l8p$C7CG@1`}6oFNP^NAo1qEk5wO7$x#jE1aT!T-GgB{5rYtr$
z-v-nb^jpJ|W^1PT0#QZbsQd@exphFXaRuXU$JPufJa+Rz<ri5vFBo&x`xF9lB8Z(>
zyWlT(wG!QF4TjxGHJF}eS~YtUL6;SP{Cxq*GO@SzP%(YSEqjl^<tN#8GhnJQNnwF!
z9r=@67NvMkSMEG4lt3%DWCTXiu6N_=n_uVN6)cI?+e9T_gvUwnVh2hoi4raA$HV&Q
z=T*&qd($YQDlch_lGQ0LS)_#PPrsR~DfKG1y0Zm@<d#2@?mpmcMNCs&{ko{uX2tX&
z8~L(j);+45oD!O*7!?#>BA|jpLeHswL4MT7>98YP*>6xK+KlE_t`JEDHI_MkiIS33
zB}^Z!EmR8H5{*Vx=-o#QeBF|0oo~J<;M;UFS<ic<7fiU~>?-aJD@<rdVU4F*BFuoI
z)kL4~aQ@GltPQ4UowarjY-7fhfp6NhMy05y>gg;O8=|ukHI)ylC(&DW5$?k@iZh~I
zaudaQ4$I^voR&Ppb%h+eqTMwc9nNq3Ozv-qNQQ}Crwn{1gt7L-GbxXf;cuUOuXJ&e
z`V5pneH%Lyi_%epr*qxs{uwyh!Aet$f7zhzbzG17-3lE)D$Usc;N(SYzu=F_fIlT}
zqD&92QwT|ktz>~pdl;VsA6^Dd;R}!<G>UbC+-61C!v?ViL$<|6Y^u%Xv5=?l^fDW}
zha>^!HH_nY;Y{knq2Vv@g0@nG+T0$vq3G56Bff_=W-GwwMe$M5$4qBhY*0rYE6`&=
zeryJ8FG2NT;K=!@F58A3&iclA@D282^Pr#akKpnohDU60lLBL(xyxjHJU}*})ON%3
z(>YdN*pdi}x$<JhNm--$b)7RR0*WhY2I65(PgWlVl+aw^#sc1@R_i#P%iZ`NT%hjO
zZ9MIm55N};I0QlYYRa}CrJuc!;}5R<)hD3XCv*D{SX9v@Jv%a@H1M_oG{LS6TJQPI
zXnmQCqv9>x0>|Xut-JI$6}F<pI>{!yy`N5!d`@goRwCxJM^Uj0-u3}V;dy&UgmKB=
zsG@VS4!8FQBKx@OjZLSsdMC=MzTfyRU3B!o$+YtB{pOgW%znnwrf3J)(b=oG+<o7w
zPFxtlptc&i%kU|lA=c0tyH<#k@0nA9DgWnZ`@P$^BZDBG{mH01@*9%VI9LI}Gq~q=
zP+8!XuM;P9+`~67a!lP*bmoi}2H@JZ?Ww1>ZQHgnwcV+0+qP}no!a*K{=0MWtd-;<
zw^>Q{e&6Uak96Z-ku&%*OBBPu<tgxgWL;Jm7XF-fWcUtX<SAdKgJTo)gwNQl1Tzm+
zBo`;qSm&l2X};7^t@q^8EI1H_G^yX$y#D>Vww21^q&GrkGI^&%Mu1~=Isxmm_V`_u
zY9%-Rglo3*^-lGL7qt}+x~udl1$@CqmRc!m0y1b17(@Cw0a~idvPZAZ=dwi}r0X^9
zWh9wVCR^K}K<(?Oj63pK*UP(K*Rc({^$bo+TH6%}jB$iq0n@z0*GbI1FK!4gI=R)T
zt69koXua092~;fdrafAW!o0N-4abL5H+T;b`%w=$!mK%&a3i9|-No+c@AA<I4G>Q|
zEk}o9qIYUd0NW#rRY_Ugbrx!zNkr8G2J?SQ^kr>zpV|^<J<Q+H;H!V12J9HK;}h(g
zUm5=(080!%pr!~FLwWj-<r03>kb9f)`4Nq^sB3}emd5(x*wDgAz<u&kk%M&QB9NKD
z{YiYezt}m_sOFa32A9g8izE%{m_tG0F+ukaT(z;Kd@KcF(8pQ(C==uTb;nNzrISeQ
z=?C{aSM8vza1Qm?D~bFyBPgg52rv7sV+<3{8VqB@jAxl$UH{+^t$#|x;)*`}a4-|m
zmEfh&0N0<Lb5R!XMGk(A^T&W-!YGDP^@!dub8uvk`vo<>0{qHbv-Ml855B{{*e9w`
zbFZHW_mqAV?#nl?np3lC&PS?B^OWXo!C%961&~Bm*p#yP3p&GcXAh9bxs%J6Q?MkP
zki3`7*yWF!NxUbFtUGJ<JW?&#{knt2yd(5Z3X#ewo3WIOCvy<_z|Sro3-vNOis9|d
zRWXsajF_3!ai(@9KG_&gm!z%-_Dt!fnAWPg)LcaopaVX3;GJ3zMl>qQRfsX0s5sLW
zX2TGTtwjPCcF!&proid5nsx%ug7e>E@DYl^Xq1ByGf>X5fVsFUr(}|k8RJ#;Z1)#v
zg)$Jx3|z<eLdYdU)KSc#riRm?)08B+_;nIqF+b)5chWbBT?y0@aJ&nS-=KLDD(-nw
z#49KCGw_YJ^Hf-K2c!Zzh;7Ynf6nbXWTm5R&v{P`=#Z#^*&x0DDbW15se3t2>dDAu
zKovx-RKNcA3Jq#)Y`DeSKYty4?z4@ah(hM&Oe2KZ5<McbqRGd@&tbxHau!R#Xg(A}
z=So%@?_vus=bi%E1+I)J0{Tth#15-YUdXFvnhp~FO1HTgmbI{W$)nTsf>GWbpNG1x
zk$joT0voAYf0@Akb)&fYD=^PiHL~9{bq=x4S4MJA&philFBm~ex6tqigf*QE{J>NT
z`5&{CF*f0N=;-=8NNAqZoTWlH#uS*ywe$Ux0HZ^ZMp1`!<Cf>0#=;mrYlO8Fy*qO`
z23%nk7|*3fy?+9DgI;+jJ+L~qBdHN8q_iwFlnj3{(!Q{7vG#|)i~n|(@ZDO7GrkFr
z)QU=RN8`xu=v0C4E^T}J)U0J_bQH`IG%v-u!%?~ju0r4#aMXIVx$)ySjB4BS7*8-r
z5B4AaGnSd#Y%X^&fHt+k+(Tj^5a-Y$!8}vkhChVm7lwR}kkn8*^k@jJGeQ3Ti=JkE
zZSPugTNS=4NuPoYCn}R1k2GDt5ABt<7KnU~==^K3$*U&flC|Zpq3t+?d*K4E!LQ@&
zHnD&3gKCbfCNXCY?3q;6G-Z2#^zFU@KXx?Fm`ywmVYsB(IN^KDKM9tK_1x&y%D~xG
z7MNbGPnF%x@iz^B-tHBbQ&laQ2>U-FL*#NYq!wuSDi8IKEH63y268%2l#?=GG|Ar6
z*|B?C^^dL4ve1D_7gx~)37ohKM+Ng_lYkVvT9ouqM@Y6|V;Rq9DnRR<JS=Y}RpT2k
z77t)})JcimN5O8bx|rA(F%sFU^x2rh{hVbB%MxD{6XA+c)EnX?m!x7J#w?<hXr3^1
z*k~C=OROC4WPsr$--RHGZVlrj5|5SnN}HpO#uX@~DlntytrKpLjMoYhB*R3D5@u^6
zZrlH=Ul%&g&^w6){I(eKh1qDVFLlYt${&IzqfeUCT0G=H=pkRN6++f?qqrk@Yf?~p
zCj*(D;8JvBBjV)otZH_aIe1AUsTj9&Ffv9`>T4E}y;<^*jcUx7D9P!ueyH1E3wd`(
z4vXWJKiKQ%qf;a~*?f3t>rf0bFC=KvM=UXB+>t0>ODRz_Kz@Ilo1e6Jg*;tea=gx(
z3}6Sr$x2OI9p~O(`>Q(aa@H_g!iMCc`}qE4;}mI!6M0TH!kr#`(KAjXaB)q|<W|&1
z82bigS9kXDPz6}&rjB2zKv~&5clJYv1Ic1`=|r*-zEo^d^rvlwbc!70VYx(+EUqjq
z?O9AFz31!_`ok{1``LAdy$0e0jCP|8DppZvnYKCzJRP-c>*ejDRB%GTM6Xp{Agd(E
zQ*vqLW;*WVNEd44N@=|%kAaRZ(n(splYHs4I#p^;?x8K93q5}ov+T`g*8svitNKCi
zf^Yv_IC4Vd({H>jLRq8v6Gde<=l-c{(b?MgfmPx)_!rK{zxM8GjM#%OB6tWoa%DqZ
zD>lw>VSacj%SBLWL2w`z&Z@^qV3cE8EO@7jusZ<e;I4AKa~mi%u!}VhcPR=lD|Tcz
zKu+ZQ+0-(q@Xz?ksJVSv1yvVYK^nY4M<V=4k8RSc_#Q@o@OdCnWIw1aan{JES&oi4
z+my)R?dHzESPNy#%e?dY;bTno<Iw8O0HD7xSmG<nl;yOxAjgjIrnYckKC=8A`}JfV
z=NLN!s>Hf`H10EEaKtyoT3r0TQp}<vhyzNX#{MKH;F*-;C}sPRzWn&qHs-o-lK)VT
zM;V<pdiw-O9=BPk6&hZ05s2>;gzO(=3qiIP+pkjRF0kIaG<FfVVx0a^1c9_biZP#0
z&GiSdBxhO16eABz+_RC-Y9XS94uPn>1-v_dt#|hP!^1T9L5M@^;8rHJ$t5_r^Ui(B
zo(>BOMFUBx_cst4)$BXv9S6zh%dIT0<y?$c+AcUNdgA6QB@jh*YqO~`GG2yN(IMfq
z^?{r?9Gp8uxoPp&@<O}62yk3W*Zte$-_b<G%$tq*_FJPl9<2Vmf#E{XcWuSU6Fndw
zyBddGI{R&q<*;j>VUMEb;TB92iXma|>S)Kmsy1u)fVglm2^Ywam;2VSw%L0RG(C86
zqL-Q-d(SgZ)5MNRt&wRP(E0xR`$K$$RpRtI5Y~iU4R$GWN-L554&n4C_e%&3=^&h?
z4d3k2A6AwibkKl}bc5Zq5&BV(&V|jD(=<Q4#cJFGvLjrIIgnSskF&G^2P8lwZjXH0
zzk_(;0>8SE*E%#3hEJFTm6+Ycy<c6vVsXIAkY4SRwo*Xdst4~*Q6m$T?ofHw@qM;=
zgdN&%V0;3isfW<aDckS6vW4i_>ejW*)H|4Fu@{$dRL*Q{sa|6JP8q7SgkJpouDTTn
z&W9U<QdQ);!#+Ktp`KQAinRf<m_q5yZKOyw!{9~{xlN13ryl8c-%f{XKFKlHGE6}m
zMm=+`MC|@t<KR9jPp;Pj5fNt!cfd_QX@k{d;4h@IP<4QY>mW!s#sZuD?`h=bk2j<-
zO&Iu>TnUMvCh7O~QG(q%>Z7*%>tAQ+MzuZcKwOgybs{g6y0(ksFhUUC<AG@J0+tLu
zo6rQXYj(>Xb}2_V2Bl*eM|HaW<*Y+w&dQqZ%O8+Y8VJaQ*rAsM{Ob=<BvVW_2x96*
z$oP$!@KoO-v}D1=_26Z4#F1q_^xG~!6yoW!SxMO^McOlWDHC1g^)9SXBJP-!9~X43
zRzbwTsuziNG|XQip8GHD<RkmCA+IB>upDqGWD*e9qu-D`y?V<Zk1*JRizlRRy^hw`
z!GoiByEZf^3=D|WSG~8&5(!ygBpet}e91roeADQXgUz@`a>x!Y!Eizq5om_Ivye>R
zB<7U8dHDA&K#I3Xa6N+d#ofIZ`Rx|Si^{%vtwqydmDEUo``$J5?|X4rU2lZIv0$>o
zNAF6h+-nEg&`mmg4H{6JMcVYIzoE;r!C8xA%S`bkUPw%@3nz11q9L8rx(NRizMAC?
z7M0up6Hfj9OVb{rhFR`yLG?O(k9oY&`iR%aDHG5LK@!SuQIcLXcFtrG!}2S6snS0V
z78lu)(1WDz>|zxZp^i?pWD^MIOxi*1Zl%FEgqsH;_`9s3>IxO>@-tO!f=}I}&Fca(
zI}o&`PuQ?)AVc2G+u|fe5uboayz6OIvIcsoR_!MTO%fOO;(k%s!3%C81R;Mp7uDEa
z1J(2#qxjWIEIh}DILT|L4y-K2jd-M?@29@HNIf^gSl*o+cDTBj8Gki2KU*;!(w<_#
zackcjE^C4OY8Wi*;<ePctkE*mn;g0(G-%Tm%<~Vv4KUCT!B_8&vq(pLg%rJ*vgz7G
z#Jxw7F~h2<gP3Eh3@9!^?#f@y1*5>~(cLm%;Zb4{cE)nJmt-R78?7Uv3w9U&9*coY
zE$%udqwpVlr@w>8^HbeeR!&DG3T-x<ts~Ri#QZ~oCHA!%K!i{HyoOCoiv;_wEYl@f
zgCeaaE-UKfOIp3ZM9P7B{16@86cdj4{TV)cIIeT>__`<7QQ7ZoX2}gd)21dDnzWa;
zlK4dwD1XdBN;&nP-Q<a1!-=E8u}X&Q;0e`_8~<&nLbc6P1IlvIl}A0JEuvENI$4)b
zt!7%TFot)R3XNX1bNXCG9-3perJarIY<PhvKNXMSXOATCO<1Sat{*r_rgO-MG73}T
zR(^nQ{>51^@JAUWLyjLap<r@u{02!U5fm6&BN7ga2yxWH5bJ}^Q=nim+_>dQPfoBx
z(w{qPBYxN&RTEx8hN&5u%CmBks(+mZ9k8<QGRWS=rE9I=nUHHwGzjOVydM?9*OF*5
zPoLu6wH(n=xU=mh<;lBsEHyu7blC8*GkSo(f?AVMPovRaXsBdpm~;vIl6YlpS|eYY
zjIa7-m9b{+l7~r(b+5?K4E+kbZ!oGKIhXmJk3vh6=i!D!K#vHw3ZlUyfC~E&fQL}K
zyL67?9-*x6rS><#(XuNfozWB@sDocLgWz{!Ty|)|!0o@6W$#EBo-2;5Jw296Q=8R)
zjO#4Btxa47>(b(FKV#o9gca=yAH#i`x*GfV_BIR#;r%)|{k5@Lo6~}4QIA<0_;+P|
zyjIF5MtdT|UV>%GW-}NO->7vSN#f~q<#k={=EWLh4t>VxmSm4lKkxIE4$GYUVp^kZ
z&OwC{I*4Q(UBo6(YfqQ**+eEc22no+q~Nn2Q%(Kv=Gz_psCFZGs?*7A(?^yt{d!;d
zA^EYH+EU#U&hcdrLwQ&=^*ASSXG=7qaSid^C4idMF?%coBh7%;{I-WpX2%-0X!8DW
z-FzUbS%%#O94E&D&hHsl%|EAe;q9n0p5&9#8FbOqGYS=NJhNAO_3s<cTwAD0M|VCL
z!UrO8Cdflrg{EYgU#Pv%G0F?UTsh6oLr2~qxC~=pJ$^}ms9NIIzDge$lll2l9`%RY
z33<z{<v*Eh69I3TlRAtyD{R2z(p}-2!yFrOI2CB1MYGUd#<<oQ9{mp;61gc7yiO00
z20UH?;yTFl1fAP5NS5uQK0F(NGpc(avs!v@_}1pqj$sa?XZ!M1<hz=3k@&Kp!zav_
zO>#95g>bXfb^d-MjbD;?$geM;;|Q^&5G~0ywm31*T5^Vi9j*w{1=K_zy~`aS!(FNi
z*7_t?K(%z=7z{rjK<EX8Kegw+C5%<x=lPHVq2_rhmL+%!R?9aWd1t;EjM5n8`5k0^
zum7HO7&l2yx?%{~ucd)c!PWLgi6s*#ZKpDwXhR&ASu?%vW1Z#fRV#6%HfP_&*_p8)
z@yEU^wt7fC&9L@>Rf91rN7T^SKw7j&CttSt{%TlWC2%G(vEKiBzxxI61lzfiH7A1(
z@rMlNU9*G&s|&2G)x+2$Fw=Pk<ENbNf$57{oO+JuUw6iod~#8OO2Xdt#bjr#y2ju*
zita65JLVe6K_}g+cwzc(zF5n=BK4t$aVKfk%s{f{*XrWIBekN8W^-BMM?FGR|9wvw
zNl0euyCNM~5>1+AowCz<q%OUf?R2f<{7f>R)Uckao=NIOF`}h^QLK^B?o0M`#hnzY
z?y{5&E$~^|AI4@ZFq~N$qf~_}MrcS#hy7pFZj+1pa$F8n@!VhaMPJiP*jDtegn-fW
z2ag26URtHN(Iwm?Llr?2(Ed0qGPm5iLxX(WG7q<XiEF(I!XBolA`_6$f&{+AO?NGo
zvp<g-u<+_(RbvnM&Og*0ig1Xuu1j8PL+MXL%s7ajjuPxyj?OvmBB~fS;js$pLblL)
zIw`k)LjPGBU-j>Cj9Uc8PCa{XjYGAAKv;u`6O59?M9chr8>PdrMG`^^Ov1}aN$=zQ
z@^C5sd+vXFWV=+XP3~yuzwH~wlv^AyHT%1POa491kOZ;ff8rRmw}1x;TosRbqZtaJ
zlf@dV@Dd>6pz2-Bgd`D%KhOi7VT%xU-W7;41lKR?-r=2Yn3fB?!3xhCS-$CCOC0T>
zS|@tkvF1!%O!>rGvSo`qBu5XRe<5JyE?t&2Lt~lM3u2Qi0EK-Nd$C&VmcNu`>$p0p
z^K1Um_YmiK2d?SGrVl(>ZcHxmkbyf+1rFHrrri^R(O_M)u*dpt=>#oX=}zR`n~DtQ
z7rN}fmpRHX{xA^6HdqUh+cFZsX666pVc9>nk-TkLPW{qw?Sc_Rw7$Tw8Aqu6Vd+E)
z${?xT`xyQi)4U}iRFK+nUi3mq5L+$Y(h_^7;<0^}II1PD5cgA<!a9~N2L#-%$g)Fm
zCwaFZad|p(y%0X4=%>S2xl44i8c0<!?l-=FEr0ErfecaeM0FE7Y*mh>5J1ez_H<Xf
zW}_j<M|B6?<TtM#o99t4=8V~vp;K3aF`0D|Y4EY#DPGE|ZlC5UYKgZ{wKl*~Ln=C;
zymggFDmboP6*!^}I8WK-N=+rsn1UY&Ru>kzxqsgbJS*xU;Dr6ehJzDQJh!*DYSlYQ
zmpZiN1$f=&!K9PT&HimjvvVW`T?sHzRmxR7UYwp7jqv4V*7;!!cq&GSJZlk2RHN+T
z4gzs6D$3YmDVkF&AT(h@B{oOd>Mw+XU>l*zy0~RMiqN@)pZke@?>Qmb^An7Jq?bio
z2tBbOL{Yr?5DfjT?qpK@660siO{ut29s~dJU2Gb*WoXVK2(RE<Y{X=89sO0R?S2mr
zzps%gSm57eVolnKqe3fMG3UAlvScUJPg>cq%sO*U$jk*KlgzM)kj=sNR)VJ?`6iS4
zdPl!Vy<Fc?6r&J^-Nr3<9S|cTMRyL}rxj~1=u6w9)tJlvsI6xs>Qk9AevuugG8ubY
z9XV&{`-5kjJoHyCVYb4MzMlttno{VN#1D5=0p5yynQ#KX6JoOSsVSFW*uWF>TNk9b
z6KIZmIohE8RMgA!L|{PNYx5hrcNvVB<5c@s31cW&0Z$(Ofui+tzE*L+mle!3e0p7Y
z0b%v7m29&!`SmEQ9CT0>CnAd>EGXZ%3YIo!=MOQ%?4qJIcJEX350yR5+{-$Xs6?Nf
z-_tV|$X<-}kustoYTM(@!<8jTZ*HtiRjJZ~00Do8Vkq2WJ=&qhU-+VaWmHQLIp<;X
zMOf|R<)VoJCnvE#i1DV_Y<uz~%#FQqBlVp>HdU};r!5a#hhRug%q3rTscrD+mKXvz
zs+*&X8Q$j7JRMO>kP-dc8;$3Apn}EPq|=<ff9LZ?z?h%f?g<&l65(O;w}dd-qvt5T
zXrD~U^`|mlz&n{z1z5g~+!mUNY;@36$CKn6C1?`9_$Cql?5x7Nv|hVfb4BUR;600-
zKv8P_ls8#5c*D1LgVX!>o>y<^`mSa(vre5->HQ#*;tC$Ge)OpqRJqb8rkDXndNYgk
zf?f))QRG;fiODgV5t^L@TX*LkP4<$H8;wTMfMt7K;pc%<Bz`~4tSw4aZ1}<`UUGZx
zbNR;hL@~`FXR$SK$tX73bTX;t1oH%s$(R#hC3p8A8T@c2bMd*pzYvEUx4x{F>Xij7
z7$T(AxOd8e*gs6)ubedfb1o%WR2=p-g8#D{7xQ|x5)Q=h*U4y68deKkZ!`aLh<;|k
zeWn@;sE>MtKbnJa{pW<XKnOE8d~`nq#V*#ZuTQ)wK-H@KCsnY-ng?<*5X(CASzCY8
z_0Y(zh+t_L*!?){BXl%2x@4p}bvr`4hsgGHHZC}gKsMTVM3>QdBNYMA037S)AtH#4
z*;MxJd{6Tg9-m#p*VfWLC8DKU<*VR9f(4ydKHz{1-n%=m8b1UIGopFxH~vn`{F81p
zypezMFa>+B&8AN&Tp_H*c`E%&X|4_(GXkCA^bIy9tRs#1S0ur`M}<`&Tq!)tq%-O0
z8qD%3yGFp!ZT@R#(w{p5dUSp_>j^msXicbF2_WoJ*47+_lms$E9jhtvdGrf;d*%H2
zY7J7bQ3?TU*}5JP?TyM@FBd8inkdRr1fK7xsvz;KFx!4_sx9w!V0Cgw_lRX`J((7~
ziLwx*@oCI@_#vq!e(LO7)1RdiUcHUVKOV^^Kq|rihWDxp<&fs!Ke$3DYxia%0Lejr
z0*)G}b2*k2UFKJ2Lh*$Sa5ROua%NQL`$gM@8yqEZHZ13DsN!%0xVXREaW)6WJD{Z^
z`;c5PE*@<jS9wb2O#3X;dPs+cPxks8t|tkq*zq`3MiAGf2!<F4<lAg)YBS~9pWJBI
zl(XG@UJPqLtKTP{S99WufUv;8n;JmL2T4>Hc7UdVO4R3ee}FG>v3bRFI2=Hw%tLYx
zy&E5>Yj$}vg+k4LD;tUFqIhyRaibgBR1<+aeUKtkEfaZeYyD0eu^4>D6Dn83kf6x9
zr+oJKM0jd@$r{%#+Z%;07_UJU*;Wo&RABY3Som$fHnX}@aP6IT$5WpB^7op?#2o47
zim4(?KV2~y8(q}eyr!5IQmo*{`Toncma3M!N`VRru?TXsU%eqiFfXgZ;0sYFMSr0x
za1)e~@2(yxu)0X&K!xKaS^`M&gGc#d*5?nLvVgHvsP15E7;P7`TCxxfNISkqDw)oy
zAGL;1L<KDHvU$S1Sry`C;jrA0k^4@bH|T{8(BHoinhvJM%>KwlLRGf8{%&|U)!l79
zA}f5DI=u>2Pt=`^&X;fD2KuDh6oz%I-Z3_@2v)!F$#yRf`Nmf~KP)N`{o%B#Pq7-g
z2KcEpkQUG$Xa)oh%Xh8d%{<)u9{Jib;;E0v36@xUE5SsPGn)uZKNyxpUl&-shE<<6
zrvr9G*u1QCKG9f>AYp(iT<&gqxLw`-xJ)_@Ix&VmlCv<{CWv|d0Jjv_RSKU4V)r^D
zBIKgZjW6P)gLr07sISS~AYL4RvhOqCl+?|O@~xQ*G7M0D;)vW>udb>~LtDT6zI))v
z+Y?p>MOG`6w!|0s0Yhn7=m#uEt#Ay*2${!vB0I~qGJZP;<+}d;pq#tuJ>w+^d%Gu2
zz93ibJjxvWPPJAcnZF#`9^p8pam%5-Z0Qm&<E<H*<Yl~iv>mV*TU+Iykl04ng+##t
zG8;-XKC{oS&4P;^U+}9W)e5+_f_Bqz9U%GWX6noIgO&Q`{k`vE#toiRBD5Nb3rgy6
zHmdN_R+|-G$9fq6#IEm;JNkLm(`I^L8yonG%XRDC)cN|L`ZGt3kEDD$gbv{}_w`}(
z^66(65?J)6BgbWi(;-w~|7f#+kcp7&r~2&6n``+*6iB`4oA+v2qe?mBASbvE^st<t
zM3r^80pcC6dkrvTKY<A>aCgjNt-l`+3Z)zi9qqBhkA0qF>}^0iG{9l);V*%fa7;Fh
z=)}mX%XoJZAmhV0(Ii&^8B_s0M@^|Gq~)-;Hgl~Yg~xvZuPM7nlqsKcs{u_$z10=8
z;?=eXWj*5P9q3Mj<xc)>vaKfU2X!>cKP9_9+|M_ls(q|tp}X8pRG>ul0gsVCsC(ye
zs14!@B=x@OsvQ+xRMwd`C=kk(IB)E}t5YHQdk{WKidz%@&+R7!A;m{DSS;QXHOCkb
zqZQ10=s>i69_2?3{`cyE#TedQE=v45TEq*oga3<aSdAmjmI{!dxZd8JW?4hCsvy(o
z-cjZ?UJVQ@?~A|R5@E4Z`M)EMny6v&^?%3pIPmVxw$Jo`4wokk320N}VZsp%kvZsJ
z$r=lc#e|sF;CZfEng|~`V7as_(=pFNT&3;6RO|Qc*ST<Mj4>GtIYcRlLVgwkHP3;$
z%(nBmY~#INWw=Q;?wm886dn1&7OAWvwLTi7`ztrX0!yX>lx)=u{KQuZQtoK^JAn8y
z5+-H;0g^N;j$ohWAz-~u7lRBGUwZ1VW7e|8U^a3!_xtiR1NL@$WkC0ixHc%!;v!qG
zl#UseY8oHmW#u1peY0zP(_r|68T^{#X+|=eb=#`593g9dsze@yrR<H77FM{idX^oS
z2W!-9Sz9H4%k9uQmeZ@Jzxe%93y1x8I_b&n;9oD9LyZ_t?Mg*&GCG!MmVhZ;-942&
z-giPxw)NRlXTePebqH+05SFo6BEJm3IMwutHuyDxjvu=T@ephdAqhbP{mnC(w(>6-
zo;99+t-0A`ZqtdN1}`%S#$ymk?gKNgZT{^<!RMvPZT%7K;nM|88^7Y<Bd)M@nLp=m
zguw!#iMB-J21!9phl!>Kk_*uHOj@(T4~H~l;J0QxV!&(qa@mL{okaOi$0}*gBKCDU
z^1hj3$o3YCqqPI@rcoJzl_a+5s_7(`_EN>_hc={MzjtSRazeul0`x0w4nbRH5!x4d
zqW(mbbpHM<By^P0QDNYKw+)UnZn?o}c_=%9Z~!qHRaR9F;WrtBFSfhTqU^oSFP*_+
zAUYXw8X}CxeBgu2dGj^zj08~H?*zNM4EIHaML$gIn*65xs-Bv+VG@R@-!~PuJJEG-
zAVykj6E(<5_3VwHv<#cF3%1j_%G3pK=a2#@IP3}W;zh5ETAs5S;x1#l<8Qm>_YPnx
zd53U4sa{tJ=Zm<>^#bFlCXhV9xOg^cbqXu!J@IKTP-sfv2K;WFIX*nbFItlGn=m@(
zH8e~AP)PHpm$%a|<r(p2b|brhKgTdtAi4-B3F{S6MSSaK5{8kkI!P&5aTIGwCdyX<
zMQFtfrn#8L+Pt`@zR~KgUY_VH!eQp4GaRsj_$53*5mMer#4_b(U!zw{V3W?<0w&LN
zQQ#$}O1UBJ(UP#=%@<wF%&sYjb`93RoIBB5b%m+6HQsZwY$|3p^y`|>eW>1+=-Vp|
z;hcns3#ma_d3Wuk>mzaG>@q@~B|jqN)OMQRS~j1D%UtwrZMMRfK4}f5^>mTFv_NgP
zdt(OdN#K)4L(15@yaKNhhh{U<Kqly6SGURLqNBIno+8@J<5k7!#h!gfyqmz|wNOzK
z7EzecpUd8{aTL(3e}r=oX}e@o-MQPvxNkDCCbV`Xs~$1ypIduqd&|<0E<X0WvP`)C
zf?*kZAGY}oQOWZ|)DFg#sr*3*dgX+r-7bsV;hG#Zn;Y%d;Y@g2J8ZUHY}u<Q3dvwr
zyfB0^T^Uqyd1zl<IiTf$r4;CO*`d>SYWqRfs=Wr`2+LRcXo$b77%xm{W(Kcuw3MLL
zxAC8l>5~l9!)<xnefO*vMlPneRV=hJD7x-@{jG7jJsJ)#_^itRBX3LEGM(|vx?^fI
zl!j(1rId9|d7D+F`61rB^;JZA;rqm0HlnE1sjiG+25HHoTulaZxPyo=hopR$Xp-|x
zJF3F684a-+vI5-ELU9$S-ZcC*k<<`LHBS(?YQnWAAl_++<TYKjTcyN@9RXoJ-`szm
zkmY5O3eUCf;eHsoq$0$@DZl~Kp*@6@TeXmstuL=>7YC)LgMK!I=wEO1Ap-FRnS)5O
z<R1V81QZAm1P}}m0uTxi1`rMq0T2lg1rQAo0}u=F7a$HG9v}fA5g-X586X896(9{D
z9UucB6Cev98z2WD7a$KHAD{rB5TFR47@!286rc>C9H0WA5}*p88lVQC7N8EG9-slB
z5ugd68K4EA6`&2E9iRiC6QB#A8=wcE7oZQIA7B7r5MT&k7+?fo6krTs9AE-q5?~5o
z8ej%s7GMrw9$*1r5#amh=jT6bfaBHwJO2V)`_C5O+BU!rz%IZZz&^kMz#+g9z%jr-
zfD?dIfHQz|fD3?2fGdD&fE$2YfIEPDfCqp_fG2=wfER#QfH#15fDeFAfG>b=fFA%L
zV8A_@#;}hIN0vZbYDu}7ew&!zmVe3D5tjZ@#8x}AJS_Z2#kcvTYSm5PeC8?a!f2>X
z>cZX4^*kvL#kLDvb0i`K6p-ZI%o8odrLbi9Oa&7ku3HnV2_6aA-!eoOz=R`UCIzwu
zw_HrV#zF!0O)|6aei%x`;28@Pt8XQ>G-r`Yn*|;iE1*~s&yG4g{47Llc&B7&HJlOT
z(edK~SF>(ZR{sUucSAL-^j2~|dK-sby6LLFl{FEINx1$^hFQDpeT&K4jG#RYvS=+_
zR{L##wPk%<N;_wO>!PB)%MY@5!JmWnI=?cTv}6*fwSsc?FMj8tqYzM*yqLMN-GRte
z=7x!mJZD^7FsqFQ!SM_~AAB3JEWhN(?BV5n{X@%qUw;@;r5m{J$cSkeJ92MOmT(6c
z;mLUu7{Cb5w=iKyuf@iYdh{<AQhUN{B{vM*<iYa-^{}JCvs&?I#F8IvDMxHS(~{Xn
z&7{9>G~c@6kN~T%3Z=J|?ij-4AHl^ZFk+H(zI1>+N$u>&)LZdy?WjbpFOa=cooik4
zw4R5&U3SKI+a`@g1W^>?7<lnDeMX3apZ<#6$1bryn*5>2of7~HIMh7t&gk}}m(q0K
zzFt2%Q8NARu6*TX)rV;NYwBzFARuw1VuzO_GTcn<DzH@<(g_j+hg5L$!$zd~>~)JE
zh><n$P0oX;z3C(#j)=27d_jyyzXPl;HIGHxwrK<eRVDYuNx5Up&s}tH@~iUJ2IxBS
z*-3lGwmboYNN=0WwsBOx&h$Kb?BOEn?Vnb<WPOoz@4ZO*4fb4cT3TPM!a+#zj-pnM
zKyx$1Q;Q+!pb3&P#+xTdH|Ju>WPfs_2+orKwS&)%@hcuEkC86Rm7n!Wkj9aXp=vh8
z(Q%n1=BC&?bpg!dmDp-egaf_0{5usHA<wm*4ZMvlTU*iACFt;QhZ|~GM0OmNDXhN+
zUEUL=*;zjigueWgCvD2lNVLOACtoCcTYVhC37B~R(5v7o$oPhpKPo>Ly-4Z(A02_R
zXbad1Ytwy4yeHiOgjALcsn{!`Uf@ojJvcJM0o{C-mx4v_+Z8CA^=9Q;y}^shH~HMT
zoCouf?Sg-$NM#}TjU8dw8UfE6hUodP;Bx59=<O(Y>nEP*@ke98cyTIJT!?F35y^Op
zcF<wWWxo@q7fP<kVSN29KNl1JIlVz9L}XN|{GO2R(v^E%TS;_9lhM2LrsWo;pkc`7
zF($IK=mp9^W?gp7DYw4!#N%(Q*%#|-d(<^D!@Xl+*Q{qwURsHpNHmuA>RMcxxzx8g
z%5(>e?wh4aNEw}INN|%(W(Zi@>=;|JFBt_73JyU)k+k)yDyhX0Mb3|o&%X#%gP*fQ
zD1HZ0H~Uv>0R=J#r4IRR@#?sCx%q9F){ZEOGpwOKA1CHQp>Zm7LyDNa&5a7W<Gret
z&}v27K4N2IzzjBl?l5DF$mz)kMvrk-24_wE;^WI8vG~<hK>so@iG^tBnvgk3=PGOo
ztzgt<beONNxBXk$n)%Poa7SqwfekF<QU+zw3RRUL;;uNyuCa#UuY2axAdgJoZTALU
z&`+u^YD=6b5xVN7_~1R**I?c;sA<Iu@3Q$O|52bx>}0}U;G=9y@R9TD=V>$78D>un
zN-&ZFm?Y`*6tS?gcgSHK)GX0p*pwsaeSzK%{%eN!;mj|2x=yzlmDOB)HlmRj+h;vW
zv);!!j0EL>*O1JM$<W<>$=l7a*T(}xY|umYKOn;+j&3%f3vSAP;c(A*K9C$CIYm^7
zRIUEl$TUQXP_|3n22MiDSqKxk?GJnDSD+CyfIWzkaW86H6i#c4fx)xYm>A(?kZha<
zW(|@&)AFG@Vb`Ow+)ycxqdawuVprfHc4sGDVu+Nb5fuHq*yfg@ss8kC6U)Yoq04e+
zs;UFofs%u%?#(YNHasztgDmcWsPdSguOvK=B5&||+2B!M;TZ9&L|7N<_`GA0(oKiI
z%%Xy4%EQgZrh!|;50;uTZXg5eK3)P%=S&L$T0D*XHPU-84SHKlTs^0YG@F1|%s!s@
z;cy;c1=SYleWjndY@abxf(>>!99;fY=}Jp)@(B{vJS%aT4ORbTOh}hGdm29O^86qO
z&SUh^UoX==^dwmN?a_1Pm&B;2lKQ(&9Up^}c=Oek^*ubioh*ql#x*x9d$QufTc&#z
zX}^)ax}=q;CdX$WW!-Et{MIK%fJT^XrMIsI7vp+ET==WM)ZcrCkDwkWuM*b&YI&VR
z=NF6+cxDTB5i9YopNo@uEgk}qS2p2=gxEJ0D)S7=E()uf%E~~DdF*g1y)U9LtQ1mI
zbSm#E@U%qoHG;K2keQO4b-5jB)kZj1db)E)7dCKk_%`R=&9D2*+~D5kbFDhb&8L+`
za86L#PSOl_k|~aaG#Yfgt#&|Xy7^yc_hbACejLFaI5WMe(*xK|1bAMC9YVQpm!pAZ
zS~70MSxws^ZF9<MXnWlI5+{cc|1jjD?MO2<or?8beTaxB0xzsx@RQ;-)Xn1H0qB7_
zjor;ZsR1la*f8uhtjW9G<Ry#I2mf~A%4eC!edF5gJ${uDW%>KF6J#b)w&cv{yRn~A
zk*O&0bWG8^u4pS)eyefw44Q(UxI8z2Of~Bc(%bEMNxIHRlXl&MW@L!<2uzQ~dz7Mc
z=KqsmOed=^)W%!1emclZ113@3IVSlib+|5E80;I-EKwsQ+UkzhA<f&~mhZoJh(t`}
zc(~#OR1sj^Df8<FZXZ*1!ET)p)6|;+)zx={RAPC85lb}C&2vxYp~H<dx$H+@x<oSr
z?{I?r2p0QUlq*B372d=XN(rs|2D`4gz>fo&v<|;9^tAGuPke~vOKxs&BNI&ies@2*
ziGDzC=;!=3SeqSkYPW2>1y|V?wz`;I4k|R5GGORpNZO%Rd&l#<(xdmvM)Clk@S%du
zx|c6h7ZAwHl7#&LXgI;-nOU1r2TjUU6uHCA&*g>!9hhH=f(wFY8>@etiA1n=C*J@0
zb0CwW4#ja#T<F#d4t+s(L||>F|7+O*%;9<XX_v3-K0j!pDKLg#%54~jPlNJQ5yb1o
z6~nvh1p(OHW(c&VZg|?tBoAZ!ibjAreTba(%{0Q9YlRej;mZhfjxU?X=WLi*25(j<
z|KcBR_d<E7c5h7B=Q_~KD4H>56tT!PKPW0w@rqVjCKqJW3%&;Tw5O^0{zlmaOMLyY
zZKk0+1a(7u=txL1>dsP;Vk7U-Pd~*?e_9Jw;*n+oY&L03-aaB4X7HbRV_nzmjE9F&
zZqHf+6XssRiW%|!^zWe<kLp(ZsC^np#cwz+#t8#4MaBY&jp={cqx9P%rA!7J%KSaB
z4;~Tj`~M!esVEU9A1bhex%<ZABM_`(w_d*0HBS-_9AeRL7Nv-PcrgcSzL{#;n`(Wj
z%zt1xVB)hNdg&a`LBN9een(aJm0-(-8glBiYFh12U+cg&OUt}$+1@56P$7x8*WleX
zhKL}4nq?RNb#WA5jFFZ#QH$q~m+A2&h6COF_ro9Q4CgycfOD`TOhO@gCfH?t@;M!m
z!hCU!S+nG_^sAQQUlL*>Wwgb^@w*?zGEQk%VkdYL+N1%ek1o`=Pq3J;)@6&0C?E?(
zL5SfI<dOZCO>cXPR57wkvTZ7w+taOJ(Bsa(=&h5t4V1qI!%p@~R4dpzwM-J!XU)dX
zAFnTR3qJv>OClH5D);m79W_>4*AJmipT-=<E^`+==b-ZXT|c0ye$k!!oU>P3o{%-H
z^s9gnraR<=G*9e}5UJHsWn*uyq8}Y9L`4GRb<v(Fl5IV*w^5rAq#;-!f9{<=;HbS`
zZ!z>}&|mxGC$Wz$6OI_o+dw5Wez7+x;M|C^s;sQkI;~E|%iiA|?!LE@gT~m5AP3o@
zr-~wolT^EWjhbggna$(}jV*!hf;g`+LlVg=NPCS?<ESISNbS;&$B#%L=BuqdLi6s~
zhAqP-uQ6DDQUuegxr}GYaI}{@aSTC2H;7(YC7pUaw1p?Ib&e8HCY9YFK4l68QT)c$
zsfA^wJ8Y9(t=b^#<QI4}AA(L6pfRz3VI`Dj&h?<hhh&6OSI*2IMIaD|-yTfF@Ip=v
zNHuBE6#ex-L`;!JR2E;8*(Izy-648Kd-j657+SO_l?+^>TPR*36=C(9I!|QD=zd~K
zepJo#2;S{W`uV{LR(gp!{t(h{TzS3#AA5K+4?3>~{7@<SR_Gi(@?AOYEk2QKVwy;D
z57h_+9}VBO<aW_@I5%2jNBx+utM|QAL;LRMyQse^N0Ezb2=9*!6ReI`LKSqyli6Fa
z_;YR`mYW7Y#0GC}aW@&)|BImq{&U8qPNmzh6RJWwE3>_QIfHMjgbyl=SC;J9ZN847
zLmPMdjTW*v?TsGgjgXo^b_HIu#ggWRQ`XW^6|LaChooZmBl6%=Mi3sYYwIoc>XY;r
z!wNno!te86-H3#Vm9JDn%356m0ixctG1-0UA6)X{Od7aw64me!#G#~aHy8ysa!|DK
zu;NkO#Mn;3V>FAbfdjB>p_D#!lI-|%&`<f$fQ(0;r}+#=F6lr{XYD6)uh)#c@F9z2
z1UY4~hV#6(0*K&?mB#G@@844S@Z;whK%b<#V}&Op0%W?isp{-<EHJ8_7j@CII4(yS
zwaV5<hmEauWYu4lY+puktiB3J?&0uH7;J6lSN@><$>*7o6h~h;1VIup*JH5{dl&I1
zx7Fu2s)COs^UR9tfe;7*;cHADXNfC-g5ytLoznR1BVH&}FI~!+3zxHj^K&^$7c<F5
z>c)A5YNoq1_D(W$jVqmJa;gAsACBldQMEDAe0?TY;bs#2z_CCz2{>XHBxs>vNC|Wm
zvVI{44`?Ub-Kqhtdj6EfUlv|tPSo<BZw`-x2sMnXTyQ~ULj{j=_KV39QCs&4;<3x)
zGQMR!ZI;mv8@GzDu>5T?qv~Bxj5>6C&bmiMG_Cgg^=uWwyA2^G`hg4?Cf#ykLt0Bb
z+wV+FSB=NdGV!{1Qsy;<zzQ?8YX#cE>Y3}xr;n}d`Rb#9PpIwQeQjXBbc&CtNDD+O
zf}seM2Nj9$W)1@2s*PAiy0ih=$pn~^Qnu+6rod5fCnYM4AL@dVc0LG;hQM12K*eX;
zx^|N1{se+@3ITfUvZ)U5RMC}B!}%j1EXg}}K~C^%i<l*j;d@);IGMAK*!Z5ofx{W}
zIzo0yi;A-yZ#y5rvE!^F)oV_@>S#*&-`wBeQ+L=l8d82CG{I2^E#Dduu<}yviPj*(
z+P$cD_SxA4$?UDem&nD8k65307*TmC7G8WEd&zXFUa($4l}d1Yy(j!v;H)={u6|D-
zO<=^>N<lxmjI6^?AgHxZ&ItD^#}=LJYiw7F=*2s2B<lM{Xh~S!Cxa-ZfuavG%}CK$
z-Mz)Ay0`w?VVwxBqXx0%CIr6&H~%`X(MaM<mY@UoP3Pw$`FKirW;eCOJ-Y&Py9-H!
z&DgVW4tJ{@)l(bq8hd$^rU=96WAuH5E0c{Qgk+aAj07%#&A``GfoLw0{BR~om|_W?
z1&F&J@KM_%2<|Q}wYo?Q*go)!HkISoFju{{xKlg8noE70(%6&=#+^+=;0cpv!&B!u
zLu${f??dUDvJ&djK8lIusHqKHsCkv%c#_sgJRq^SlD_M)7Z~M~+i-K4ehX*S(649n
zhSJSW3XFSVY6$8touiGvU_i8$uno3HooI9u&No(#<%;|??Xm;om@k`HcK)$3@Xy3V
z{+mVX=f>)M%}LHvhB^g-n<h$uu%L3}>ZTcE6eeqi(nJ8m5HOcQyq4M<sE=C(QIFjv
zmd|&aVd;kQ2){j!&1GtZ&bZAU;MI@HK?a`4yHl27lz4w&TOI8A+Bej7Ct_za3U2d3
z80u3N>b$3M`=}2He}%~kr6!^1xg76{1I?taTfx?ve+m5~X9l+K@Isfkh95Gte4Ecd
z)vDUR@=~bLRUj}yJZ-Vzduw??p40jn<sU6898KvN2oxyJp~4<pL~mveYouJ%=Iav~
zo4G5B+)5Ap_fmF&=g&Pl&%~93$Y0On8&1qZHAVLBIh2%^W!Uv0L@ag03<u{8r5oNn
zNpI9Zs!z!szQ33oDha1S3bP7+fm83pI@qWg)Z>ORi~=~wo=^vm$LZ~={${ysG+u0!
zj{Q(hzp=KeWFp;PjIcyq{wd8Bg*v}2e&Bp}|0zKUPvoI7^JYRk>a_uy&p1FykX}A6
zFw{Rbso3($`dH1Vx+y~4`TWK3N@1p|NIbBf1dVMj5=9m)-)7O+3R#Lq2d~$Cr1yZ7
z)k%XHc0;Q?x=Uc;9vvZLjRzf4x6V)xGWU>x3%3u#wD#$4vvDY)%)bD8*%A9M08326
zv~U<$h?%{|jKQ2axS)`?I0H>!<KLLJxGc&5wVX1sX7jb~t9gy0E&i9N_edd>MU7+%
z?zn_osT*@)<dj)9Jx_FBzPug-V^@@W(p`tfzpEvKui377IAWSZRT=S*+2yV9PE6Is
z5hk^5?$gaazYJzybVO-a$Oc`QroDh1I;}I4oF`sCqWriT|2YHR31~@+Y&}EDL|knb
zYBhzD9c&&h3hoWNubkT4nL<s)L=rvXhfsH-Obg^kbfhPHt=YSMy9tYNHNGU9w|A4d
zlr@N&aU5<~m%FC~Po*Uvm8ngn41b0t#R7lBV*b({Tf5Zgz7+T}eQ-}Cm`O)rn{mgS
zY_pPEjiD0SdGf9Vu>~L>qAB(cN0ccdPaS5mS6d4<=2(1>RbE{jt(=J;``WIUG_X()
zA+?nJOcM>z_y(c2!&Kd#5i`eA__9sXZvR$2bf6&M^s}EV84KuL9<%T;d^uROaAM@|
zDRW$t@JNLQt!CmWqHz)e=Y_F((Fw}U=RXdOsn=kDwi){8whJVW{>q__71rSapn)cm
z9$UD^1j+}7#3*!fDcoF-n$2^x4NOqZiHZKUh8)VDjAKv3<9-R)jsoJ8-*e`swyjTF
z$t~w$jyFt_eHuacB;BLdcj6S37Dn<?%AbPmuPOP1M$lLiT&9XebKPBJW3$3v&*EA>
zra%j!c`WsLULsA?tl=|eUv3x1SoZDS``?^3N%#I<AqbSe{UcyK!~ts`*_JjR+RjR|
z9)3tpX~BceH0+dYn=$9{v~HrDRDy5E#Z?DTgr(jcr9=U=bfhX2dwkbZh8RTf56|)*
zD9C!!$gJh6vkUTEHdo7`v19X<lX`K#D1e2tzbit^tCq5gG2~D92DYbk>OA0f17W~;
z&>*}R+K2%Q=Sno!-o=<;XM>%MmF;Qg5&gfGH}^{%6TPfw^3ShzOR6*QjbTYzA8*qb
zLNPXJYpIv2gL6sUHI>=S6xW0F$)+z}Vkty_o4)!Q>VvJ4zp%v}oDHFeGyj==DJ3$K
zQy4r*tmNYQJ9z6k^&3{o(Hpwqkxa=pOug!`k1j}Ms;$hgIAH8&!{W~!h9L%e9ofV;
z{b<uZp0ndqA*@0wE*2T#W#t=g@?v(}suGmL$^u%~l7Py)KeqZ0TbMqk7?b#H-fy5<
zX}_lFpCQS*@cp!Hu!0~)bBRxs*-9z76r*b|`g?P)x$zWLNh|Zt;aKM?Kr<9+Jqfgg
z8FBJR#`W+Wlh-_(lnV1m_Co@Y_O5b;z!Xp-b24eat{D3>8H1lMf94K07p$j%K8zqz
zw#)ZvS)goY;Q~dt8A^CP$+*j<c-yI;52o>x@p*!&6iLE|_xj|?+drsoF*ib<1L27P
zhsx#Ni)<zM?Tm!WfO8AQeC;ir#rn%alEQ-%mo$>hQbEP|NKuo{&dj>*p=3q=A9HY*
znNn^OWi97Y&l3~OD19k+HjFtCX+bM6m$F|cC79~XKJfDFu>M-(Ij2EimQh8W?YWd~
z?e#-a<n>Y-OfVatILi8rGi5P4NS&a!Wx66!=(ORbs}8rk+vw=6(j!q8uecAAzr`um
zF7e`Ve}SS#^!D2(RY9rN{9U9U%;j6lJ5g$l7{w(Ve}jtl_bUll!{v*hMbx^0r8h5X
z|GSCvCMxEGxWo+29Vv1kega=OZkrf9zv@1XBVDIA!j*uc3it+Bn#iuLQZscLq^hAD
z3#z!7!%XSwq$7Z}b<ylB*uji=2Q%l>9RilfbPT=JU!e&BWQkIM2pgem9xAtTP}i{M
z4SKV+&0WTz-v~)D@v!uw%mqRM4V9Aaz%kDg+FbGpoD;`Yr(Ua@S}grtqn*6v64)w<
z+{v>1aMvf}x&h1?1`9!-0Yl{>F0fHZixj?US{-N2w!0gQeq{>`f|F{HFqQ1uXMnL!
zM@;SB1pTXHw+8g`4fL$>vh6J(TNCcy68QWtDz7*<_w!07ld3M(0g#M4&87gO!ElHQ
zktav^$j=r%DYnmcd4zKl>Il;sXtrlZN|3#_a){zrhDbC7Nz?`K2#f`kk$eF6Y9&5<
zz&5T#Z?U+n`G;xBG$TnPQi60(daj;#AV#P6tCPfSt2GHiR{-ZNcbpiJV`FQp9TjO#
z0fKeDvd#iq-<VzJ@0C3DCL~`!?Revqg2q)J-omKcu6V%9Kc@8CZ07^nk5P!#Z=jMI
zh8?(;mlVgykE8E^WxcK6?bvDN2bEC+x)0oUI{vB~3GM`)@3O~WL+}RYW#~GVwcVMb
zaZOPKv)~*q#+?VDXl!RN0X45GZGi;Ecr6vGWNyei@ucHEiXCF?Zyh>xH6U8-anOjr
zwnTJYSk(CZUjO=zjRc#AXVW$XwDe83(<4SFC)m}LtE6k>|Gx2d7h}wwD}Qe<s5(bO
z_+E&v6qU#0*78KVDiBh5<wu1UxxY#Dh$Yc8ilnP$&ul}BV)|z531*0=n!+TC5&FaA
zXjXtMGaGZ`qRpM~zDoQ>Mgr92Edw*r%yu@#y~gyTxlp1Z-&e=A6eQjtKcrO=f}&TJ
zY)5P~0dnE2Pq02?hS2yd*B_b)Sh+e?C{t4{Azkbe+`Hnqag%h-?uUWoc9I`Lv2pqk
zI6iIY-s+%W36Ck0HgAkm!WOX^)d&xc(;VQKk$J)8Cuq8H^~X;9>f{qQM9^|(X4G6L
z6xrh5eZMN+xaW4Z;(jy&wGUgGeST0bq#xHqlYz>O$$}|8uVv|HFj<vyeqXbH20M53
zj46OB%pO7pA`k2C{Y^<xwcw6=0H#6EHR`W!&i?#$71>3(Y~0|r62rNeOotKfI(DhZ
zI~R;Lb~+1#X2(4dUnyug_S(U}Lc9*jNh|)E-y9x?WRei}ChuD1C|0i9A*u0|KU1~A
z{2iV(GEz8R6-%+gURv-iP<Fhk28#@TNeZ)eQ)EQ6iO<68&ToNz+H(O!URc0e6!u{B
z<|w@ZKEcb;-?rFrx)a=b$(|NI1haN4i8WML`!rqcQUU91MU3k}vhGfZa)z3LoDqW5
z2YlW1ugSFpF}(Tc2y79MG+U>WwCjP+kA(k28fFr`bOzsH6{hLc0LP5-k}_Xl@&~8Y
z4lhY&)fPW$lQ9^Mu1U7l<#Byx7N1#bvXXF8<if2W!+l{sQEN#F=n89HaLs)Y4f3#R
zV^|~BV`2WYj!ABbG;7|*Q}%xVH9*S0zi5D{#7|mI0{AQ!{7;^9I5G{tjO%gor-zV-
z`aIqBIA&lFl$yE;K8pgEfS%tc>Ma4AHYkK0E8_gJ8RdY66W~k8zrGIe+UtAF)qxs%
zpLQKYpY@m~5VWrnWM;u#y8;^K3DIpad_E%%Pm-nUAS}t<FdgFYHe9LJ`VmEvBjB~j
zeFR|HyU=Yt+!5S50wIR74xQ%Ats3wls|tAwtQEwV$@-H;BtXav%ts>8T{4J@N-)}k
z869UUu7txuEFH{qKW9a4p06Yjry|F_hilLiCQbf0T|JqRF={Ro>qOui>5G{zGKKaP
zba`Ny3|lijDsL4$BCU$%pqo5!D2GY1rDG=r<=7UbLaSLy$c!nB_J`v1lau^cocVO}
z-wun_CqapRwWh&gCis9(Qr+wu5p6WmBAftwgDB5Vbb?eYwsycNJR$Fr4otnxLp&-b
z&Hkk7Fi8~gTYU(W9w0gD6XUHh)NZTL*&*9ljw*h=NQ;$|>S*!WZC~sxrOb{jR<0+*
z%J$4MWRQH*5khnkD6M@LLQ>LAu{i?<)>;kx1F5{l5B;gGjC+a>e-n&|-7WoZ>v`u>
zo$G9E3&T{%X>4|Gr~R9sbNuLU?SC{?yF<ud%2z`0@pV~@4RW2Ww60U5KN&s!Zt7v6
z-LR)UcC{1A7tSnVi@fnpF0_~Vvt^z1`b@ulP?Z&*v5pio0k^f{V2@;!XfsVb&(plV
zb?ZmDElLaDZRlhwQY*9dyY|MeTYLlRp45}9dOR76PPgVJ#1P3p_XlG`afWj;yWseq
zID!&dEz;$Is-zv)Z2j{p7L<qS+rfrslAh_Fb;;WDi5+v&VRB`EeOB14;d#0)ti~`L
zBZ@~H%61%}P_clrJa-y;O1wha5g5>*Inhx_;PmR_|5{HO>?8(yK%ndc_!2qj!Dzc;
zRs7@`x{?zHHqnzl__cV#n!DJaiUi=5oA6LF0z80cCpvPpDdZ09PnG9lq(FV2`ajem
z&VWIFnq8)wJ7oy?Dp<c*3bXs3u^V4^QZ@{m-UixgnU~x$Gd0>wEuGVL$B)x>Y7_j3
z;TWa`Z6Tat@iEA%sxhs*X{mtxRTFHDCHhhW<H`+ls=ZunvniqZ7;i%&e$JJ-kw+s=
ztU7ypdg3DswVRM6w%4}CGnkiz?hqwtwO2-)<A&C!*S_9kRKr(dIGhq%%~n#~gvXj<
zKyE}f-x;ltarxb{n|RukttAxd)L_4@oRy=n`&$m-^9e1r@o*$=9;kA*E@4Mcj>eb+
z=`b3+axO+YEbatKe(c_GNoWQ7Ur#WJFRPEp{((6^H(YGmN0d*)ZNFFvw|iYF=SH$m
z2G<X5xj?E_sN(7a+P;J<`~r}Y_exg$Ki#4z$MODXxQhFy%?%9Nb3x?n-DPN!Iz?Hn
z6ZQOfNkmBW%{ItnmHx-YqxPX&ic#@voA*Jx{g3_YH?CKdc28r?a(uma5in3cS3~+=
zzbY@s&ZZ2xdNer(dOtq{_Dq@((HxtHLO@NOXBAp36Xcwk7YXy1mWdeq<R%3u9yR}Z
zzxI&~lrg9uCE1i^m7cYllvFs<=XZXE?P6Mk{1ob;+P23>eS3rOgyYE!T})i2!F~l|
z*V2}$wRl>jZ+3zEIPoas`I5sn#@1nP&Yn-@WtZx(`$ijBp3*IX*~}yYZy8Vd`1EoU
zTX+1Yov1w)90~-q`q<DT@F}8sEtTe#f}{G4c0pSq_I7AF*e(EtSqhYjpVPM?xzZxu
zzNVX$=265kB3wQaDa~hK?!LgSp`Jko;0VwoY|{eF3YyXxyeLNp;_zG;B<0FmHRbj<
zpt`(>DnZ;Efmvbe<m*>Hq`g;4o^}=KvNv{}IshKpD*6_2=jnpFnQC5Lx~TR;wKpbb
z@_%M*3DTsQ0Jb}xr$8u!q~p#E4gH&1L98}@Q1gnRSOJK^ODD>0=e;)&nDp>W)}X6H
z&I(nyU~TPFf-borDi$6bbmOpRFFABdtIMl_$2!6;DXS%-4&5QaH=zX&)-U|_Jq&$y
z#Ap?+i^Z_C2;e9PJ(5(){CNS6S5)v}W7=@t6JZO8VE773AJ0<~*p$Mvg9K6>Ke2X(
zN8bY{eq9ah!B=zW5wOGqFz`j)Q{^{zuk<;ZzQb4T^==Lw=SGb-{T*djTpuZqK#jqj
z;Kg7OP`Z^1ip3WqkpjZB%K&EhqzCFR4m2qVsL&v^dpB8b`w_2ld7v96VJ@&fD>exT
z;iFT-5;E7JarLYV0j;i;YKgh~Dv6eUo`iq@5L`)V_hRz1+EvZxY!ePYAV4FT-q0KN
z6~vAfpduO&<L==m(u>6FpxNQfZlQTiqXB^3yRSRZ>UQI-zA+D!*M?B<ZzeL8{?a?K
z>3z6Zk=_t@$`TH!uBw)>FL7qL!ak-)xDKH?Ij<v^o-{AI25s5xNxG7a|0xFy_Nmse
zQ85Hf^58kqu~uNkVp3{usW093&J};ga@rGtf(<>`xfS0+MBF;ZqMo=?of$_930}I$
z<EygT79KDDUj_BNx*-E>tS`0;U3#1fJX_W6Sn><5f5vcVy5*0nO5?0P{u@CkDf_>`
zi^>N0DynO0N6$VueCu0Ee&e?a2cbowupI%!0j0M28*v}oA?m3SpehkbJSj3A)`Ylx
zOV~65JL-g~F~Q`Ala4s4z!*^Ojj=<Fl1A|Zi&)JSH?@Iulwj6#{3r))9*`--mNr@&
z@{k8v?Y|SrcZ!JpkJX7p6NdTS?;Vg${a{3l<)l#FYH#g6q;s~3)n4T#jB1#d5$U0d
z$hVxlAeL7t{M}}qhY(sEM9Atgzp=p{*%F_HFlvNtE4edmB;qy2mYTBiF$WU%(yri^
z00_5g_ihuS3tR{vLs}Av^ANzSUNCE|<=fhFSztl|wpKOY6jGJ`h7f@iwZDqyJjA{m
z==u2z_yI9+LxJ`JlZ(f%zCSjYBPrBbqfWomhY5&w_2isZHdvJJBaH-u^5x>{k2X}w
zPv9_D!ZG^cb|EVbD^G|^j7|ThZQ9*g<pDm{LGK1Fp8ith%7G5=CFML6aPN`g{o*$q
zTu}oP>EpjQng6;aJY?fJua+Ww<|zC0Hr9elH)~Tgo0jY7-@s4XFoIIp@S5|WN_3X-
zeM1U5mk7z2JZu4G5(Du1sB{YT22_s-08VPAl{H%9#sBTQ3Xkr`H-dO)6(ogt;##eF
z(vVKPw<N3Jl|@BZ*c&GR)TiJvZgp~TSP4xj%;Dj;rELEm3$yG5Cp45}qoKh}Z39}I
z;cdOmz9P1@WyJ%J=%rNGJw9Cg)NUEOC5Z@eCve~UW<Q&cW}J3fDTsVLDyG|}>Igcw
zsOC^t(Zc3vk81~zdn?P?L%<Va$?S(yXBF)Lb5zE(2A+ybD?Up}N7Nv0g&4MyWSRw5
zw_#~J{5h$Ape9kmwBT^UGVk}!7*pn){j}mWPqv`rF8-b+`NE;f6b3Gkyzpb9=9xN!
z(4?9CIHchGE(-bx4O+_Bc3@b@65a<EH7fir{~1S^^}l<7+N!!(w)#r!r$ZNwZQG}d
zkaW5!jtgxc-iOKUW?6oO8{i>mGkDc*Fsd{<A|xN^KZP!oQLH9qO`A_r7@o}7J&|xb
z6*V=IX@kJ1rn1h=Y>j#$SP|TL*25a7!~QPga>XJ&^@j83M^H6s{iaVA9uGTfGP}33
zGqR-E1fIBw!kby_bLk|+4cT*bk<&3iKnmD=_Ek_XH7;zo=*{{+8XaF&JKZh+>O=3M
zUij`$fm%(?0k%TrBrZv#%0OJ{o871Xcx-%Jv)~7coZn3D6v>tod92p}NM?|5qg!|l
zftD16U{G7=7VQ4%q=4Co&yl_rdJK%!CjpX2|BU7L5cfEW-za==U?9?ihAf}Xmm$Jo
zQvo=!S_HvD0Yzq3Y@~5~FUi(up3hGMmX;B6lSxJ|<w`k?R6Tar$hCNy>Cs57jqpH2
zQh@}1=+y}sNm|s|Q%y!LUY#9fVsC$?S#BcuhHt0ed=XHEpkz988(nq@+=nltK>E*g
zASrh*m(qs#7Xc}yKe_cNK)<dpZnqBd;OL-D;4Wt}7n$oc7WrK7=;(hKIC9(LVn-C$
zGvaTzMlmqe!3+{+w0zQxhLg2pyAHv06|-7-5QT<n((NV}fj9bES(4>u9^T-D^cF_g
z7`Lc}<={(}rEJtTdGj&h?02NMysY^eT9g^=yJ`8dlJ2QPwv#k5*@O<qMT+}A$|l&W
z=i<g7@#P`+*#*xHD-6|0td0Y38c+<G;W_VeAkiPPObl16i^rW2s0kJ}ZHOe!u8-|!
zBXREk36+2Am4>vDE@VQ5%Gr!M)Qz28^-#6cocX(ib0{~?^34YTw}jtH{Jq4{1Av{i
zj(yB%ED$VFs?D4*Pe9z_@*iA0+v6ADpzJjj1YCCMJpmv0bekL)uF4~9clHjcELfL~
z0Zt`vC&PJa7x!*<9nN2Uit2DET|Y1Uh?+a8Y4xNn8-Uxa`sji>d=>A*UF2ukU9z@N
zXP*|#B2<jU%LVbps*zDGnI4j)pz;&V#A{mPvOPy(2B8bf6hY)F$c@|IM71xc*}yG5
z<k~6s@tU}$&D#A0lJLTj1g*LGdkUbVx4K1faog68It?ky1vBEyO{-BNd-BSK&ep>L
z7cnS6^Fn3%T>2>1ujFSN7t#YYDMQx@{v3ILXwh~!f1ARmL%JN)YS4^+)@CGX;VrSa
zuir~o!Vv^r91x;fkDhk3t!ITo`GEduS}p)mU3T+c$%s4MQ^!^QZ*mMr@E~>NJt_mg
zqemto61ZBpG{6OQ`YKa^xviY~A6Zk{S@fBQwxfRtZo@EED0;^iFp-U=MgjFUq2a@E
zHFI5F=}n}+M%)z-q(Z&Gtl6$tSK{SB!8b#{R%TkuVnn|cGoyDJK|PqJt{hv7O&2xZ
z^(t3;D3fp9Wq4NV)a$kVq8<AeNxKtX!RR#FICRD}gV9T^XjW}!Z#B@|9)Y{px=nCB
zY-;}bN1*$kljq+@imh|g2<^$j>e-|O!m=qf66D!G2?GdBA<DmZ98F=Ar1eO{<+P?2
zH0P&qH||eGuw7(C47-(hCB!uN7U4yNZ0(1_D3JqhKN^ntd`qkW2Ji3glK$r#+iYC~
z9v&dqfQOt(7)?y1hcCh%(7mFijpNEV^>w1rSz8)&egWWT84gSOaD#jCBDNLymLZYQ
zbd+tm-T`6Vspf3w<XwDGx7l3<3azd%@u7~d!*c+w0X-8UH1x_Nypk^P;=NM<)(9(=
zKF8tR&8D@~wH*+yYBE;t?cmn)+k3i-X<X8*43eRIvW1~HzxHUE*_Dxv;F3+LqF{|S
znwrHq2H2gN7w&+?&JT~rtyTQ;IHccLTlQqyP)xf79xrl(_s08bz<%LCvpn24{+$7t
zv^>o3UZ4r>LIzIlgWE_Bl>>A^gcAzMn-$aQiE%c+p7@PYGT{pZHhMb4I3CR_tpEwt
z#GBS)l<)Zk16T_A?wKJ55y}W>JM0oz2AHmD*E`l3Mgrz$bZem$SGijwBLN?A-}3zk
zMwL1+9yTgk3d+++!HNbHUsyGvf08#r{fY5Mm;YIc8A{*e(6g6cqnAGs%~Fd?3aLEf
zhFtEkSq^0yFbfKIv6}UKtVN6U24zAu1xlE?d0mP9aUpNuad+q_-b>UTh(l&ci3*Se
zj;glb5jBr)C(!~M34Og86{h1}jD3>%epyqZgdh^ax-(!S#fiR_&<~tgiapA^sB&B9
zHpd~)L+O4<?pTYL#xTiv3!>IR97G8mrLciT@o1dkr9Wd^7T?HlfAsU*70#0)4g-69
zlebG^n8l4fHjuay|K%=kr=Q2M?b$@+BgVrvRX$#itkHPtnCm-n0BKV0W!2OWV-+$U
z<%>S25$OM1ow4~dY(u-q7hQp1Zc?`K1{}o4q6ai5Bkq01toUDCwlmBoWo-WQt-M_)
zW1;8wMe!ab`)bg}=tn?4!<+UwC0_Z{SL|@TICHCkXBG8^-mr`lst-|kLKaCG>8^3_
zx@U8%f71`vhjyN=*Upy)O*GZrifF2|!ZBJ1skfgcp0%|l{5uw@e@Kv5OSCWG&6d2H
zdw02k+~OLSWk&?R9UH3!3B-@e^is+p!6%f!@F`Rv2GYw^*`L*q$stNe!;^M;k3v$f
z^v4d*7y;le_RtH?6Vi;x!p|;~nh$?_@fp><ZqC~@^cq8nZ*4HcPW6qY>A1RB`0t9Y
zQ@4Aq9tit{A4#Yb;!z|vF#|gKFM#wH1K!e%DkctrY$Z`}!c!$b*x*q@|Fl`;Cw`Kl
zMG*c}L{d@h^WzYj6gpXqYxepvH0l14F?|69dIS+aRT|2fwoh!?{q1g#tq6Aa83Avv
z@vpoTf36%+c`x|RW2?1<v-zO_C<1zSY|tek<HQz5q{4iiO@EtoD)u={s=gT5-F)|!
zuih|e+X4nE28Xxsu@@@ye=hD%DJh`D%25_h#)=>@qdewQCS$L4D2uMP7iZOA-&?N8
zpe|kJr$l$;($#0y!vvi$ciGfTBbgC^$Y)jp$}s_~Txy#^bbxb06>}~#9*o^eP{>K~
zl$3V_QPErT*eOSVPztn~iTIXGSm^g4itdy`Gr9hIis>z=^K$IEOX%PJ2(kX86-_{|
zSsi*Dmr3w-Aq!OwI6IZcxeLNq0QMOA(o4x&o>xM_a^99#R507@pgI^uFU=xF{63B)
zUP)p2r7+eromAM}1`y}>-{U$K*1Tt-4Se_X<ZmXGaP`6ghJ)I;o{oO==}tn-^sYFa
z1HTB3&$H|gp2>Jn9;d}74K_s#DInS$xn7(_*mz^wx#I2oH4PrhbFb(@<a{IbyFhP`
z-XDfbJw=W{8P4o4?f8dpX2LomORLC1lIR@OR>|2F^&LE-G@mv9cCj*nR6<K|TKr}>
zC9If~!n96lkX+w{8-_h{Po0aXOMJ(n9K=trYJyspkqJ>)5C)_htp=f_!JCuHHA_}o
z2z-42xa%r6*I1C2EJ~H64<<HU>&Ve<E=Z955RZbenRlL2_RF^7S)ur^Ar4ocNQ`B}
z?_U%n9`5YfGnJHaE}$>(81>K=)j=<;t*&WgPk7eemIiDZc%kg1x#y^{9=<yyPs$QS
z^mb){`wZ_fZwDY7xg`+zzTq%noD#M6JVR8J#h9f;At&L}V=OqBnlpAfxM9rHh_xv8
zMKl`CI<th?4<wXM@xGFpK{L;g7C~o)>FI-!BQ}*<N@rupe?eNzfB#s7!1Q_lmJu?@
z&FNl<t&!J!cCCb94K`xExNaU}AA`GgC(NL@Sfc66>}q3)8v7{}u9SJGd88;`rRd}2
zt0e}vDF2V&0K%p<)xG0NeR(X=%X0t{QHl^+U^@RB$9@Z$jd=Q@+-sURYa!x~HPr$O
zAuo03BvI#67^{J>$PfC-N7GYE;!26tdQOdfsQqI2&5^aFa}QDb<|ug>P1hdD?fdv*
zqTqKzfvCJzBv1|9K|=;>FW@K;##8Y)L|hayu~OP<5Ll*!E%<rmetp`t8{3I}|8!0n
zDLIqEXMcf^&tX;Wci!Lrb3Gpc9zNGIcIt-)ml8M|AU^VC4w1z)U5eyV<qwHTkEe0<
zeDkfo#Mrt(A~k|E^a3YgID+E`(M)KyR!&qw9!(u{M3@c1krjeI3WiMS5X>W8^$xay
zNe+;8CSSF-03QA>s(dDkl0QcoCnrv!G{}MEbF3ML_A6RO`bx*u)FZH4Z#2c*R35Rv
zg1Vr)TA3-B&*619Xg+p_B=iqI=r0MpST~k>>1DBYX7YPF_G_NTD{Af|xKz5G4lf{5
z)uG&~SoE!+gU406-vsRl(AEKDgz4~qY^>XYhW`OOH)2o>S30*TiM<P;gIscyke1yG
zt@spQ*|3vsH4~tZ;ekSTsGJ>4Qh>;kAhNJdBK{?jEF}K&{aueq(IpIP!kcRHB_(S2
zp6237%CVUIk1M-^+41}hk{Ln)X!J!m4;paDf4mklsU5$LK#CiX>bEfCD>B*&lC~aE
z8z8YLe3e}&5FcZXFU!RSLWRnt>#rUiln6t%<cqY@VC7seY7adS%<Mmv6M#}5&u7<g
z&8OHkjY~@c5&a=Dfc+fs4k>&xf~agPBbK*%;?lVQJg1mjb;q*6A$-#X<Di}mkwOGL
zq3#ELON`HWXnBsklf;^2FS~}by)PIu;N5^&m>NRO9GR-lYQ-SS&tQ$9VNb68FCC*K
z;{t})!yvtvI+vvdVE9rF$d|~k0(h*n%cWa#V-(W|Woa#*)3HbQsh!BNWdG8NHt+m{
zijajj-chbU9GQtfikGQb)5ZW{iO|g32(VQLQj;g#y$;7v{)xuz&<S)>V6=zJtLh#*
z=36>QWfP(TQK}h~7o**`?+P7W<a18~hLL|qAU$f%;PU6Cl<yx;H44JUh#hD8D(&5G
zTNtF=CTDaMJ<DY-V6?K#KMhrDb_<}yb`OUm3^4b*)a9wPb=#0)WDcP^lK;CC;l&P&
zTx_i}2OpM;?vtI!9r4jL?g{z_aR9Vo8M(_<+X4!DxxQshiiow+A-)m`t85rltV!tm
z37EU`8=eR}OCAs7ul_LpSRb>Q=OtcoSYAJk)#YeN*q{3pZa{@OlgkWDFpl_Wy?qxv
z-dTKOM}xWR?dH4)6Y)N~#DI!)G%PsS>R=`5!)U4DV&y_Q+O<i<y(kty>tUXIphN&C
zx^3@X&n9v1b=NN)L%@%EJ4o|&KQ#n9dB6DTO4=){E%+3iJOmNsZnXk3_CaP;c?O%3
z34C*nqvpH{%KLq`{bBtUlD;KC!w=(ELbq5CZ0mGSPg)Xl?!sC3>xh5R=CxC6hYQsD
zXmLQ;@8)>N*sdN}>l1)?M7RtzA1ROjS;jWn7DKv`MPWKX(KbqKnaoNmW4Dk$*)k6X
z!+uOq=J7BJMPn+$M@Lq|#WT)Y+lU~D0~WJ`1ofK;_s!seX{@zOCIu!OHgP%@g8O7t
z6A~o?(^UUDSCJkmafkSg77rFT4bm>naB4GY-UistPG5(4arr+~vI+4=9WjMscVA~0
zh`N>xZsDT`g4t(RS>mkAy$dI`o|vE$@-AI<GeD^G>}xW(VEtr*a$E&|9)u6CKdJJ;
zf^(6V>!!pgBq~k-&==EjP~cGgef>&muVj?k3COi!mVFJ1PSqL57mgpQs5#PSKR%2T
zaMmKwdhzY3$3e~v`QlNRd=6jYYA@G<7IR#UERhs|0<dOFk0zYBjGUaMa=CiFN%O{^
zF&4}0noA`}bAg>b&!f@W&!3O*kn3t674ntXiH@x8bV#hY)f|@rmhYUd@>o4+?@06B
zbMr?{150aMab`f;rk&8m=FXkx)%QRIq6Vox;w<2Q^V@*9GIsL7dRriNFeeXLYRhUy
z(_lZVMHS!%;}t{}Xp-uOZP`94RB(S74gOWTX}-ZxQOH`fd&aOh_|~1yaq(z{6fZdc
z5jpn+_X8<Su}cEUIXq#q<CL8-KU8g(s_7qAOSI9eh<sCLy;-M=#O0s&XDUkMU=ftw
znTSkLh>e2G`-E(GRaSc>8fwP1Kd=H>_v4fq1}1t){WP_%l;d?9pd8%x0fyHk(n76{
zO}5?O4zP}@u=YCfpu^_ME?f&N(}q#GD59^{##Yw!hr=VTt)$5`T$%PFKC$~HobLSE
zmwg4Y4h|DIV@nFA<Qo>UE&)u&BR)H%UNMa>Q+W1J2N%S_7BCol$u&+DVO%h);B4X_
ztjm=N{L<{|LS`ZPn(+~#ansc3>Xz9F?>$iE%_DN#MxY#IjUK+eGBKur!s0Dy;pj1v
zAzprcUYHhz9**|7VtefVN1pN9=o3cRuIKaq<Ihoi<gOYEuV$l&{RR*!Lvoj>#X{>d
zZQFbF!ZH@U?k``FlLYn85QL%mAx;>jG_vlo2mY(D{WZKD;2!Rqww$4zBD|a26(2P6
z?;tzGa+NzhIF03KtHk-b<{wr6jJmOE0A=s>ZV|J4$$D0IP$Q{AH$qx>v`ZC_g~Zn+
zKs0i#j)Bckfo^0;_3<Dkt!mDNxwC_nGS%(u{$oh+_vc4GZU{$|murFbhQdsF)feAR
z9Q_w&ZC7}Oxgo@WrFwbA!T(KGeCZF=8&rPNA`K~-FEslY1fMkz!LHEvMHQ{61ET!G
z*`wrl{MyN`@K||uWEckGGN9yL6DCij+*3E&ZOG@hX$FamI5fW3!`L+iCd`uigoTID
zrg7?d+zu7rzlcHgAsyXL*QsSPaZW>#c$zo2_S&%kbgOH!SUozx)c-S^C`X}GstiuY
zw!eTMY-rEF!Y|%<LLYpAH>JP5c!ZwX-QtO9!m5-V^-bqll549K;s}PuKdBu9Zk}3v
z$evmmJC_l%UrXB+pw*~CK}9ZKIWmYd8Dn9_hb2OA^Cpxf+J??mKBJZ!)R=du_hECc
zsi4pHitXe{OV$auWH@Fp>joDP_5b8V3vz^T<+&k?1E$+Yap6yB$)?XkC9qWHriRt<
z(TLX?yb$%i%@_^`vt(;6Q9hacE{nx~Bm7V&JvPwZ&VYL&;G{Exo#%$EFj#m*!Az4f
z6(akZQE=Xqx`T+HpuoqWvW{Cf(pDkdx0A<j;`RlOM;Mw=7&gm8gf^valPb8pg=Erv
zChG#PUqL`Gzl7j%FaYr@7$*HGpV2EmjBo?8Q!NjNx@P08UC&@7aUP|^?K2-k{d8)M
z5CJ_W?SmFr!R&>P_|ULQ$#eWXR=4G(pzM?>0uS>kywzxwD=>UPeq_W{U=H9&=s8m`
zK#vHa()x*ADt7*U`H4&!QD5L&2Oqq?->HY(UmHDaQ2zah)itypR5cWSpSwW@?6GhT
z4^t4%Ym10i!uh!E4=sOhJ%zR7$+PmaO5D^Rwe=1!5!ZK!-Lm45wOp3RYdP2|8;e^Z
zQIclT?S^-MoH;c~r+DTCMr^V)w78TZHxv7=BD1EX&Mh1y@B$7%N@>4Yo;5#qx0hQa
zcG<UNIJ2`4Q3d6_0z~hWNe7K~3&?9QC+{l0Ppi6EpvmQ`I11os40$9x)tr&Nq&$GA
zXvyYs&1^M5R$VGKvKN#^&FCbrrfT_sQKJY65c>_0i0rKrY{pMns(VEFUBh=l{FW0&
zlzhRoz$=8(AjrSOY!>Z7<}G?7=W@@1xj)JHgmNp)$c(C0;)$NQt_Jd(NevI}R60W0
zY1vGAdcicofXrF_O16q*DI0@PrgR2hSoOaq@0|}Rz4gg^(GbQGzJt)`1#@^lu&q0U
zWmuzhE77aOCbKASg<HaMSR37_(CF~P2*myrDJOSG=E4-evlB$QjqwpuAmaY*wI=l<
zIoG;w0DjKB;9F4-3e;|*BW2O`e{RpQQ>I?aj^R@dppp3f+wSwpQJ>D+sFuU5l_U81
z!X=FR#u)^hDJuMr{7EgY9FC$v^w1aE&;o#eKkgnzW1Ognd<A*Zj=qV}9}+{swsopl
z&BUY|>b+*o@>>$13JFcH4f&7B3NHcnPl(7HY!mqVcn7Wf<;bfT|D<+U-S~p0+%>)(
z*DQdhLA#SufNS8WmHXH`kK*0-(X<+WC>;iaO7+t{5yL5Sy9V!<k||Dn0E|n8x)#6j
z{|!Z*<}WBW<#T-*zz#IU<RZlK_8ho^VPpg+FHMP`D!|Tlm=M&pws~MeO@Hi|W!-TX
zDD{=`oQk+gGY`nl7ZL+VTg*5j?Rb1TG5@T40kwC>=H9S}huR!i?!!Ta<j|EYqPzCt
zfN<uF_0eX(b4tGDPPlPOD!L({u0We_&!UghKu91uA1;FcXo(qKWLZl7(MlD)|C+;~
z{%Y)e8_E6AN5WoI-<R|>u$9hq+1DNccuv!4I(Pxf8-M|tbylKdAu0O$&ihjsrUSzU
z*_z-LFo9)-d848j3tHq9&65~s;%ljm3AI7h4{w9(<0w{L&w+lpId)M|ZJCLI+E^=I
z(vjLo;R5$lfj10TyH9UNY##%47u-uW#$7ar%j&K#*7uVT9t9w5MB{u(Jk7nyb&_(k
zyr;&lO!ytUTeA!`1{mY_@ltkZ;?r9gXta4dNYBgRw~i3@^>V-;d6M%fvIT%M!bv6*
zJ#Z&->1~1HU#&PqjmJykB%G%c73`(jVo^tLHpYpfCgZ_-WUxXKPYzBC?}W<kl*b*N
zgX{F<?>T89myx$c&QKaXF~F#?HOewZ<R5qn>IPwFk}i|9b${ijmK>2O$W>QBS~OhL
zn;W{XWlHE(MATnVt3OoL=~wMsc33ZojBs+G_6e==Be%|P08e)>z3*Ml+Yh!TrZ%U7
zUCVW{W+5pTc_?58fouHSC3kw+KPW9>&O8yl<B?&dQ9ZFNQgHt2!C34dIXZ+y##(rE
z_&5L%4$H)&D4R=9J)SZ@%XZ6XqgbrHPo}1BuW^4%qZn!8NAdEP#0iS$C;<j&y)Q3a
z<sz_n=x_UJCg03h5JOD{^vw8z@vRiYj_;q;#=|;Nrkh`4f}eCEKB4Rqc-T*$Q1OuH
z*@Hc;ciwhEXmle!k47PFw|)D@tOR~uEXNpch1VB^aa}|AA7(n7C#2whUkCTdG7J9%
z)Bs$vlIyoYi@;zO;LL*2XvY4=Ht3mU*Ci`anp6B8&f5hqp#&=I>42Uv4JH_lHJF-p
zsaKl9B>~dLA}NHTxGCCDo`Hotpgba<c^OOlQ_|w&7t^5#ZKKblbjwhM2FG9OAVS6d
z86_KB(UoAi7<qsCO8ctS27mhvatEpUsWMqZ8H%BJ5cxsHL!5fIDoo$%S@Wf4W(_n(
z3}~Mm<@K$eF>CsW5}>x2vIcs<Ugb7$e~-n~VB*NMYN2p`1XcW<*3f_ao#@s^7WnU6
z16)>lDAu=%b_Mujrm%{T##12{n(aj%v{-Uz`O$qcdzmSgji<6Oy3+JVb(+zUAxOf@
zq$eRhrtbs!YmDItD_KLN_|S_M(9i)Up@76-$s#1RS0VeH@W&`Mchd_)464A|?t`G#
z3c}?Y0W7;fB(n2}%?(YA=Rwc<d0D)Tulm=k9(wdQM0pZ1<CKbI7nsCUsLuZXZnNX;
zG>2U)NDM0pA0R5%$jimSkt6xfZH93$0uPTQ<>etQQ>L9hHURQ9o~T6#-g=5G=<3LQ
zb(s4lNC64L);yI>*{NYvWy-_3k+I}J)ppKp3pR!ZD`oA+HjVUEm1Ddk8x!(YBQcJ2
zKT0w2EMJ``MWl3=&#Yv4_w=gA4@wf|@#=V%tJai4XIX1e;LI<iYHpT=M*Z|^8m|yp
zsH?E&I13rK)IPK9$<z7&26#VCgFPRQpeP(X7q1EvXciGI<uaPDhn2w#XI*8!s)wJP
z&nwgJ4D_ZRH}D^##;(^a)PfN(-sFyZmg*D}3`I~h(&qY-(Zm1h`|R8ME_;msGtr2t
zqxSzJ7+L#YJFZM>VxbRdj_hG&9{Yp8Ehod`+=MxO9#F_?{QlX*W~(tX^$T{tTlrF(
zZ6|{<Evi`2Cyda0Eq9>2EK5??!a{n4ANA<6==o~j9CNT^sd93=NkL4vApryh%Fo2Q
z7o@TqN+4`J5&-*}3u08y_5=a2?Evy?3oTa#oa7I7CDcpLwx5DWV3x}iQ%^0S9s(iv
z`Rmu~QHxi?8G2+D(osGl9|GmoF%i@xTGBKy?Srg<r+xjUW3-2}Sn&>x$=qgOf%^Uj
zyP*t)*6Vf<Ba87fYrBnqV`Ek?o`D^<%bVa>pfntrBA#9YJE}8xnvRyhytb^>00N%|
zms>@7%S-)Wh?;^_>fgN4TlCT8iz&twgXq!$$&a#l6BC!d32Ukbr99H#h*%7qB@83A
zi$xHI9z%}C5rpu2e*e8o3d@d|x~D_B`bNF4Yj7wmrD4ia3|#a8$&MqaOxoZ6F~4_r
zF`yrzMJM#ytboNpPZ|Rq!;8Ih;1VJE6D%U0t4~mvnz5mq(Xwx~ZP)R?Dd`V{nQ6>V
zVs0>tg7Dp)oubk~xH&OH#zHZY_7l&(1JP*`3hSfKe!Oz8y{hEW*rM8vB&neumiXFA
z%o@p%_!}gmJOV-(-|`|noHoR%%jNKjRh2T%N67>Vf4MbpJia=7y7C=?VGIH;1*r>6
zFMN~<hzo^vwPs4z;|JH7)x{*T_MiYF(#4GA+r=w;tZ8<@oxM~)GgH+Vl#Zbscs~*I
z_=C(B?qObYq_v;UOJj1DON%qaH4FtVK3(t0uu5sE4Yby=jq~&KxqQ+&n_x9Gp%ZI7
zjV`|B5E<-}<IRxTK>+!%E(+iC{EwZO9|MXbY37iVN^fTo$k?{Ds(lV4SY;r4RN|{v
zKarb)aZ33?weHuGnjk?2m=$ABl)DK+hN2jyCH3LZ2AY^JKiUj=eZUcW=-$J`1RJEE
za4U$}AS+fa(Fno~JX2sAL;%<WvewZ$w7S?Re~Z&{{8s-cOVXGJh}vWK7>&gRWXFjL
zhIh3T@fd3l0M)>ivE4Hx98Oy#Ed1|v&<DVNoeQA~b-;7#HMsCuU}e`@;Q0rz^};Xo
z;ou$yax=4W0bHbD3zwE~Y7uwo3fvXf#F0suXAgh1!u)%7qP@k0>4+nemho{D&qsAN
zM~G=IiIjvHtfh&^PpR;FcPUN$UMtvm;gP;Vn&@slqM#J;7?|)k1}r5yb1Upd8HyM*
z1LfHK9O#=WJv?W*GcIZTjBgNrH#IMhE-)0iVG?l*7N1{Y=jv-t0dZqz-Y1qm7#?R+
z52E>5D3%`;`vZ=W@gRnJvNg=PpSug>Nkkh-c3NWIk<*}oiy)c6E%oaoD`~m=GB_-I
zmv#cx+mkZtjjxOJgLj-`7XeE*@F-;=_98k>IFIq~JCpWHgD?q5=4n~5r0G<@1<Eyo
zr}+Mwx@(w1Btu)hEpm`B&h|fh>mc9J)$`#HNXbJXK^(>1CFW57k>bC!cs!HZo$YF*
zT-9(?wWLLv{*A5mANxv5yZBPHC|np{lPTK7RRUx<QT2WpXFw?4Uc(}-Xf6_459Z$o
zI|POrWn?mOX8w{IXPTkDFSzY4-84;vWm`3^`)<4nh!rwV13Z0JM871lxkbu9&!EoJ
zfp3P~k+X|k`%C^wqL=h8X_F;;KtFe<WSNd}wd~v*eeYE~DvHbD@9{b(gonyM<|X?+
zPNAiDJ`UYMR0Pm<`VbUw-1!kT@&F<IelF6D8&om{HO9MEBV~C_y>>o$c;GH%=N?tN
zZM}rx+#eVS6TbZ7k*MaNNS0pa))uUp;4S|z-q}Ho_Z5?Xe}sp~Ey?pssm#`HZN{h%
zw{uy{7UG3-DaUg5d-^j5Xw)XeFctJuNe>T$Oi!vNAD#!TM(+a<?d&%uz+ohM^h&UE
ztM-`FfN|g^#<-Q+yiy%+L(WC8h+RU*O3MLJ0i}ci6(!GjcaCBaq%uCwVu>Glta}0G
zoGRG*EYU<dHIXJ^cK@+=VM2C?g~(u?5-CA;tE-DfDglZFo5We+=HPoLwz;`7F=3T#
zwCTo;dxX?9Ev+jkDs5`s(m>vo(o}hRN?!--j|6(x$cMst+h*lHwz%;kv8k3f4SuwZ
z(FUQHK|=1q{lUgm)X+%skl~hitB^-c#@i)(>gO=fQi7cRqbN(_`BfqKTGi~_LBCAL
zqK=X-4W5_Bh^i@Tq~e!RRTa@JUz(RaGQ2wuQM9@f7n@b8-6fi@OIo1j*NjjSTeO<O
z)88S+#C@O*3nY)`-oKJCaf16Ho0Zgt;JAhAxf9~y(T#gYXE$Lv@hesbh6g<Adr^sH
zo6FgIosuS&23G<JVeQkMf5TOV{thSFG*)5~IxJ;TTr#5k+%QT;QP#*|st_PT7<15K
zBGwvKYX-gD_j$TnQ3)9gM>x^cniQ4jTkz|WSGSrpj6W{@8Tt_5A}W38sJuAIBVDxE
zi$xrFb+JbJK*Xlc{SRFhavF?iX5d2#N|$8#v3qNQ!WOnA0>{#HP$vG4QL;!oZ2jGt
zRCe4!h&?zD?&Utlfi{C-TM~QQ$CqvTa86o3mugsEBK*GBfj%b@$(wue?u3ciKt+OE
z3NEMqP2M<Qnk1?G?Hu*QS*&B$nk&aC=*`N`r)YNdbqwe#M;A7R)ur7Gl!%Dh?G${q
z;YS}yY=vR<b#my;CQGa|jiYR}A7UWP%rd(BdR9w;-$<2e(M&m6w#-=O&a*!VqF4c1
znaZYCWBhe+7xmm^+nr#(E(gK8Hnh0!>@|$AEWoTSqM;nvyB`qQY!`pFXOvlQfh;-!
z(kd<wgkmI!6@POx`kCs{dkpkwUIh<C-zLlj!Ct>jcknE1QyM#q*+JQF=L0x@UwS$E
z_G4Yy`CwMTa<I4P=F;!w3dpNlVezEG`nFJ9<Ct8#hTb`4x=8ABTv;5mf22&DqbQO6
zC!y2`5JB)dq(w{i*I$QVQPX1xD%`m%`d?hcG~4lD8sfTuR)YqWbUlT;q|vsUhyqZc
zvlKZ+yk{iZ&%A7*67}>)-KI%f2>*B~Q`CI)i!9ZB1{V;7wDa8hL6*UfJLpAyrqOhH
zB}!#C(BWt@C4}uu!}XDQ039e5lWpgcxgj<7fE(n9Tw!{f`mgZd*9_SpG;@{|3Ct9h
z%(}X|Cs@G#o0aGa*P=3KIe{p6yEdDo_>E3n+|sA5u%;=PRFOFGO(G6wofQucal^ZO
zS)dvnl+cjjM?KEE;;I6ewrlFK6DcIU-5`}MPwmJ+GQgCetmgd^7-U@SETBbzE(z@W
zvu?DWAKS@emZVcSrflEq(aOF5SCTT9{6n;#s~=TIaqhkIu7O*wtPDyQ%1Edv3%FG-
zZqimrx$rll{0e8!Jl|Ygb9kJ@NHk<LUbGCFESWWF|J}*D2SiH1)S_KsNVSum!z{UU
z6-P65mo&izaSh}-9DL#{ZUPVG)#I2=uU<G2leDCbSb~eJnKLh`_5+;Jp7VUduX3_X
zI9S+G^x&i_@14a=r{eu6g(#e^{P=p?u^b5Ha-uh$wL0ozti`lj+LdM+FEfD`B_9+#
zstAA_3h{=+AYWa}^}PL$dWEuT$;9e0vp7x<vMG`4178A|(G$``m@o$9rJ`_^=f&Je
z7UOS&7%W8u%oryo%4*jpnDn;;5J4j4J?E#47!zK)O~guZoswmPL!zPCZE&`ntuF7H
zL}{@2YApMC5}cU$E4S2oRi%>IEtbx2&<iBU{rT<KGW&v8eKxbodCg3*(zCWPx038Q
zS~GE3*1`cJpX?{Avbfw!yA+ES+kf8x*b)eUpB)@FRV(%Eyg$4!p->gF$uKmzUK?}%
zQ2^)0lDdEBCdd3wfKg6t$O}e(cA5IWWGi!(hT^s{!lAeP#y(R|b~(xBlFySabNz?l
z%R*pV@FhlS{UoaiRe95R1!Ix&!+C*3UOvcG2%iVUqh*(!$c4U=?Rcu&x4NpQ?I1iS
z--|TJ#7i-{6k3%}S|Qrzbg-gm)vz#%N~~Uk0T~U_E7iUMxRZvc9Fixsj)fgPF$eNE
zRrGpJUKt$z>OiGOaEM}iPkgwC{6!cB5M?@wAHbzdB_xZ~WAtbAPa;}NxY6Y<g}_qv
zIhYcd%E9E#{QGPPKWrezzbrriLUGI;f%Y<mCCwVjzIq~wl;_k&FTX!-Kp7ue#v0$`
z*-&fa8$tQBMF1yU?Hi7Q>`?wI)-=bQeP~#Erm}H@$so8PQ&yV~MJkbOCU?2`#9d|?
zY!MYX84g7%AKG~Bft1ei6s0OJqoyDk<kVl$l0r$;Fvy$YDth~|{A$!wwC=7Zk|L+y
z9^{x&*@aANzf<557q9hHd&Rr<Y>!zWPzS%@{=^7CcRqkIS7RUY2fQ~eu!aXH#<sIR
zyGDA^SZ$|uaTshcVN*igB;|;^yfwUrzVK2Wp`lb(JowJcX-F-u=OI_D3;tfu*5DDj
zUDa6R8{DL{I<!++4H*SO=tt;0Vw0`;scmvJHTXaX&;v#&%bmyZVswcLSdUM?xOOh6
zMyk)-uqXi%JH+ukM1cmIp7v_hAk+lK5s$Y<vHG{{&jZe)EKN2R`=Qz7FeB3+u?a%2
zA*1?>$~I{$jX009GESGp@7zY*U?(J8HXO09x^*H~8;X;8r;Wde{1vlgp^uu7#$?-i
zquE2v*vVkq7Uq$+b;1uvJkTtV!DVwCigq9Y)g_)Znw`?v4T*h2YA0aoOOrh6&wG}U
zT#&d(eaJ*Y>;ot+Ic^Snumn8at_Z2F+d9tz<N!Bindoy`ln)C?`6#XZpJSqd7FQp~
zfV+^r<~tFsA9SVS3~s<|U(}G3r|BfpLA=he?W`DYR}vD=y8$_mD84(p$NkGkL&V;N
zaQr}%&_2yZr!tFC3+Zjjl(YQ=HBt(`z{s&4yjVJjPvg=ah<ysM%^WnE;skFadPMz~
zTJ&eple#`+5{G#(7DHPEe(Lw1!8Z-pIMuaJF3;02x6}|x-ZUXT{0yQ^BSD(ee-Hh8
z-IFF$Nf)JzUZD%cEvu0F+%lhbF-8IWGShHh=Qai8dKR)p4Y1T&OY{!2fpxpcAhWm;
zxD36#9L7Nt>2VspFjJ!w4Zvihs_;AT`yaEumZ3d6thVc%A(BBm*X{_s5er&_u(N0G
zQCb=w=O4UC3<RsoQt(UW3VPqi1nk5W&8Lan?!8mplq_d7?v%p;k#92JA?i?flqPEK
zS-V-xE<;=<(zcXorZx1u%5_T*`Wq8{*ZLio2zVkEB*#~Xb`phT@H7_M_@@u-6O4tR
zZzCWRDfvy5pHGDt;$_ZPQ>@zJRjD2ob$l#Al|lJX2QJBHzDf7g$mVM%+;|EZQJ7!O
zt$;>55_0sO*+epv1d`)T&3ll~PzSta#`0?ZaG$T5p?Tv;q;_A~o3*o|=`4F9e&5yP
zWO2mYGF=)V!yqU!4GHjf%?zRLX|6IocXWbs5Ee1l)vY$K0`~tMuO29)sbx#@v;`^J
zw&qVK$u$f-STdAg7rt-_Gw>QLkZ5@DmZXG*v7=JX&=rL5Obe5BJpLVv=Ds7y|CJXM
zD{EP(hp)t9W~&?_H?Zp}u>Irv^mGK`)pl5B!AXp(FH{6`(Aw<jmRWt(A>`k+4c%kD
z`&3N3tuIm`klj!)v*}Vpz7Kv~YddZEY5cYNF6eyzFOtynbElz)tyNOtTw(kuf9Qq*
zn|EXV?ZMs)&Wi#>50YzjEtZiQX0Kf7GY8C%rW;YmVkz9B(p}Iz&s8{S^iU1Y1XO5c
zDm__DRZ%38cbVHCnp`<<0nM7Vy+L<Jx!;brah#FkP|h<wMIEwKedv1*A>y!Ydo1up
zYQAetDFri@U~n1*t&=Zkd}nvV<V8Mf8JFW(@FiCmDjRBzSM6^Y!AzYJLz|k`ERav`
zo|(<dtuqj|J-x%r4!aZsw$Atl&3MfXSj*_1{tLRrHEB{T0Ku^ocRi&*enhsTr$iSA
z<D*ST_tFqGhYaD{+asYX7lMyY3CCAMB+vU>8A0yU{Xei9QzGJr7F)><I2fMMc}e2C
z&Z14H^lMm87w<6ci+8xt$oNdM*rb6pMZ;2e8f_E8F+D;LUH0;DJ!MxYJ*ZN8oUrtE
zP6y4#wgZ-H6EE3`_|ANTe_+0eQ54ylgP~*9o#U3f&a@i<9C4CjL|q^m;sj5Ncp9w4
zx9^Lbi2;2+-0kSVPGMv%(7wt)jEqA-N?g4+6-Z!$^OVZ7Yy^4#=JGUGH?Mt@raJcf
zzP{}EA;${h3p`s!YPSau+5}VIucVt!pn)>~^<@l2mRd9?ofz*W?9k+2Qt5{uo4)g;
znMB_2DkYw$bBhJ-oHX?o+_~ZFC!Mpiz?~1N(aA@FHe2u=rFPrys_Rj<RKSpng|cTd
zAu`!~G6yLs(=@4^%Jv1Xy&u3B1ZrT*=HMzLW-KdSyQ^Z^0F)~11m}@m*1mCXF68gW
ztR-n+IWp2~N_RJ-e95{mHr}P^bFm7rCof50C;V339^T!Z+7msoWuVb@?LCCt+oan#
zS_QOI0b2aiLZ9PoaZ$l6YX2mVCK`yNL*2$o992i$=`#jXdwa@lWs9;s1&f;e((oB@
zSO3+YeM_Cho9Bev!ost~<zFn8MWG6(^W7G>F^A@;bAL-hFMMFR==WxkgVn9D!{bwy
z49I!AR0MfmE#L=EQD>E@#f~b(J%)m!I6>Hs9pd}^%YRW;@tejZuWnZzs?uYZQ-x@f
zLEGD>h{;K(Z3wAU8tI1U)CxK1sbXZ7Yeld32vmdI-D1TThmY}u^L<1i4*AJbaMB%E
zMLiyCJI#?6$gAEh(f&4_tfO1f7jr}ZXFUrZOfingzOXW;<}=>NCjRB;&h-JG(ecPS
zhjgP$gzjaDlv6zxwbQ?~U{5M~b8r$1p3^^DM7Xwc-BY=`j$2<5ckl&FbD0M@DfW{-
zs>3*hj<m7YPTSi3gPeFQ8AYumSKzL>Kp8P6dq{*4SvCS8d#&$AQ$~=R&qBj{b#wsO
zdz$JEc0AP7n?fX%bFq_;S*fc%Z!JZH0A%o%?b#QxtB?Evkl8j6fIP%ZorDQ1T>S>$
zct23$#{1YhFQ5nF?|T$sx{7~PiYGsEp!6e9KiI0`azsaXAc~29JblMmW3g;$bsT5?
zD$8+TNB7BUt0`kIL36#E-aly3iqczi^kMIwqDGCJ`O|cDUEfPf6rgt<qzq62xnEWh
z^Mx(y9~L3$bNBUx;-iEM4hr!J&%&+Pru}J!I+#JI<^Q!BT{ZTgHoJJ1qGo%+#inuz
zCndh6mL;_{uoC3(I)*P3X^z!B42@2|c_!(BTxPX~ZG9NPtBO#0j3~~siR4{WTS~-7
z6Sw99C>GLXM&(80IpXRlYwgmsrape~4MZ&M2}pAalqFKQCM{iDOy&%5hsjmaOQBiK
z{_2i}``i7|RTU<mj{c@<hqa?3*_n+oco|*c(uwDLjWk{xv3ezsnUH|YW9JiF`Fh=)
z1&Z=ipX-N+NFzXRG+iudQWKDw9RuIw<+Fj^rgWcxa@c*>+O7>WRsv*m(&)~tpf2+i
zn1Ekia}QbmxnBpa7LPQf<KzQ=0vF=oxI4_fxXZvvOY8jO?S2!^O-hXV`P6<e4RJTH
zBU)ELf>@_bvAH@2_e(k{$LZP&slTO&ywF*05Q6)XlR}$kTp-{KFT{h`Z!Mzn?;3CX
zlc$pEk4Z+cc3IkISswZaPnjG?>55Ri!BS+2$L(%{rsNmK94@h7zGE3KjOSVM8*-!c
zszF8`RaF|4ZQ4N9ZSe~Ha<EQ~WJx|ED3!Rasp|<g3>LN0J=U;`3QxuT;jL697D_3?
zLkT$L71WB%B}C{(qZw1hE8UBS#Gqsu1;AWJ@^Jw>2i+Sck*n{i;Xonuwvgmh!jRfn
zk*hsh0Aumt;;+y6eb3(wb_3AMC{+j5aWK}A0_ho45AzDepf-hh7?!F4FJonf(nV#;
z4Cjy5zC7@FK?}j1#)W~cO13y(g+yhZ<rOGe;^-ureA08OW5MvJ(Z?vz{$+42#lyx-
zJnFrBpwF2RtMYl6w_xr5s^a@D>}Z)vi^KYy#b`OJr!geV;8|`ZQ&MlJ{^F|qHDZDd
z4~mO&nT22`jm`mFzgo~_eMynS3LEvLq}gOmCjou*(nYA6|2N}q<miv4ZTOz-k080c
z)Uk2UA4&ugITu?{9PkR1Ntc2k90$msXS4qdtSj1S$IarWb^rn1O}(k8sA>pfIWs<`
zHd?9W9Xzl$h<J#S#VxMFNu9Av$1;3lm-GeHYgY2jag#6q(16fpv)r#))H|S3Y5~+%
z@G4h@P%q4sC!O>OK5yCf!~(D<d?A&x=G2wjFaSY7zQ6iC1(RDKk)u<_jGJ@Gr4sNg
zmZL)GU<Fp}>*=U6*2mDCUn7a^A8EM7FynlD(umhe@wtm`r5}!9GE`qjs|`=m<mq{|
zA(O*csS*Fo6BLKrK=MS+97<0tAN@0qTwH;CIe5<V`!*p)XmCJ-&LJ<_w(X7I0mX0R
zCV*mbEHo&K0c8}GTC#iceU|$X(}IKt<tj7!GWamJ^`$47b(rf2qg*|{CW~$t<WJ@Q
ze9g}v_eVG<H{(wk2(Qhs^=GMIz>~L>WxqjRVQI!jWa-;+jBN61Cf@pEUxZyDZthvB
z@%{%_h`yU>`=Gf|Pq7<bRI^NIoXL4bqq=%c3ekkdsa2skMd}-Sg>aNlm!ZCgT@USG
zi3e2ITK`%V@?4HWs0#hwnK>^MYEIhgFrv9Oucl_wUXBZ01--L?0BYtXB_M^)f0BDd
zV1<%e?SS9>k9Yb=oO{hc&*9_(DJNsu%@t3Q_AB%FMYAcB8#2)1_JtTsD)T^;0WKfV
z%!jfDB8H>V76MQ5E#+~1>>AsjvopLuR&&+4j|>8fmY?0k<tj?^noRu=A8|2PMwEKe
zhuMB9lu5h#n1Vaw4yo$^y{b72$zG1ShNKa^w>Gp6MV;PXC<aIOm<%>cp$O4*k+tt!
z@hJEiEK=|3*{qf*RZY-@qGhJd5QgL8>9%;zyYe-0M@DaPn?I^{%bdbVsR?|t);9(G
zvT(GAQYOUd#6fis7W@qc3RjfhWi`ypfqNeb^{Dl4E44JTyQ;7FTWnWM1reGf`4x5L
zrHi)>K!z*zthj_UM&_WZoX+^zg0Nv^D<W06Z6OI3x<SnL#*MMvNX>`RGYvH7rt_~)
zBq};UZDAe1!vWpuWTEEUA^M)6)?KP+LDVUo_~2)jM;?95$=?x>w}hCy6egF%-3>+|
z9*@~9;prpq)l2pE?^hKF-iIa;w0>AslwJs#;madjD6vDVD(JxPpQm;4+FvSNm0x6U
zs=5UVdk|tGA;CC(W+-vO&(nZeT6w@Pv;n(?s|~<2fL<Z&u9%(AI<Ztym&T=<_y>&O
z>}vdKSlvw04@EqOk}{9?qm4L_YU+0z7E$ha#qszaiT;VqnQ)LtWgn_zb@wXKPa|Q*
zjCbb{;Zc$e8pCX;6;87+U`3`Wp74T=&fB%j(xdkUyea?r&kcMdkIS<&O<Z{L+~c4d
zPq}cXkDAPV5>DHfnU_w0W5MpP^@s*riPZ#>9tUjr_q^M!PPOQWn~W%%!<8=`%c{5g
zWge%H{j>$NLGDe>m4k61mM#bEIibN0SiPi9ZzU09^F@9zHqtPbZ1ywt2CJtDN%8xn
zK_yYnbu4GR53^Hde_h}RNUMAMjGkyQ?%(kcL{Ty_xxh&c-2BDicOtR6WyRJdR2D0d
z@j{fJQQK$_0`HPs)AdFghXsEyrv%}g9OJni@m}QLXxIDBBe`N2MY+cf(0#fgBSE93
zLX6>^6^8?1t)A@A2t~{O4sfuKb6l4E#EVA)DcG7&#KirxM8FUrEfoPI6rBLh<LI5j
z+loxgfgJgtHg0%GvvJQ#a8uOR12&%2IvM@?8|NUv!8)7Ng#jOFGHMr+>@$m0&Xwma
zZ3gz;vi1QJC;U0+`*fGl0;Ej=u`!#vS_FbfzyEa%avn%=#m6hAGkh}Aw;?_-Ved(^
z;rM0Sr>ctZf0B5a^t0ryS)Ad!sW6r@Wkg^QnZ;CL*(H|?LxI+?3@K=;k-DgGVvLdO
zYG(2MteW^K06c(n+dR;U?u!bupfE0`gc)k!d|<_yXItU{N{Z_?l=%?Ww$~{Xujn~z
za*P<sTK3?wOLGi$YVkLYA`rU~;sX%vFE!!w3MtDi<h@T>w&Gd;H*k+3Sig%7Suv_W
z2-_iJrM{J?mZvUg#`X5fSB111Bs8l8cu4&sYx)Hvn*&~>UVSHMIza<|WF4F$s{Ny?
z4OY-)qgpddEGEl=D=Yj-A;Ho7DQlmvQdpqVe{93hU@BBD{RZB|;Ga98=skn1p=*oR
z0ZbxQC0E{#dn+KgWggG^r8cwtr7aO7dHf)X6pUF$hR+JDuSUx9;><I)Vjvgfa3ewR
zJVo4M3z0ALmFgUna!$+$=k79IukDhMa`Xzf00*{@V3XzY&$8p$$V5ljG)Y0V&~wQ=
zJwh*d;yt<Ip48AG16Rw(kKC&-$-lh!RMC4r8e0$<$D~(Wh5G6nWmvS0sb{u=w#0-H
ztC}Tzj9~+qggBtgf`G$V)6BYu2-uiZrhCvwYi5X$XceL=Nib43bp1_t)XU9esVxSo
zvLDTJ9t2ol%RG~%2TKjY_HX5Xp|?UgiBbQ?>eO{1S|CiXbgHE<TK5}eQp&mlr5qAN
z(v^#F1&g~5q3<Ok34hl#RAWM72GPA2(3wWt3V15$D}x%0US%5NIzI`w?G0#Uj;Je*
z&uPyUP|+LcQORQ+h{JJ4yTxZ4%FqD(S--p3dBP29v98Q1rS~X-SBQzn_vmAVD93b&
zsc);;fdT>H3(UZtuyyKe;jW3<@kV>4)<^vG?w%Uuco~au+(-bcW>Y}Z+rbkjV&!j*
z_QIPk`Z1LYz?Tm}6x^j&7Nbkd@bAr<dlBnv6g^&r8RMYUP~EtbC?h*E;Wx7VwH34K
zzCk@K@K%05ReJ9lGqs$hxm^>3U7q5x|F+1o{D%y_n#a%KsrTEfTS~S$f!HvI086KC
z#Ij#gMCLr!c%7i;w;l^;zY3~Xzw@soO}M4zwR8yW+1R{rvuP|y-xpC~9hnw(hUXIZ
zSbH>RPd_3l0*F|A00%Q~0}obn*q0ykgVN_ixRXZz04(?Eg?}039W3pu#tmyL&k1_w
z5P~F>G=6h`e(g+N=z7Rf7~vkBpeljn(Z=hsJ(;M9?9<`WXi=`rGZKCekTdCFgKRw(
zdLfG1fIbragPZBn5n3Rcz*>qWVV;fs;O{g2Q~aI)=$$dW+|jpcDvsO%NqnIQ;!?Ha
z8QQx$rNf*?^WyVi+7q+2FYK3Vm$i6+FwGL7Tjky#3q`)WIq(FgURK?q6ecA!o>BtA
z{-AmpPr>q5p@p4Gc(iV=t(n%4Done)G~IIkHWvl^0?kvgJ?>wY4!mFgJcdOPV%6fQ
z5GV2T07G03^pX^+b*SDDiF%T|37^8(k1$BhUa|<O7GgRiWjgK^=}Wi=H6CQi3)r`y
zfxw~iAR#<7zDR_8mQNM4nJ+CR$5>YrlVypGpSuUDI5UmONf-D&96Oi2^X!o*wXStw
z#d!xQmTRTv)i6SN!!GPc7()D%mx#%<DIcDg`*ue=7I#D+>}*ESxk%6Zx8g^&YE1kr
zmIa%^>|4U#q_7Pyu=9kY1zw%=(E4EpVxbp@kGN3hk0NL1+4H{Ax{uisw#9GfxXU9M
z=z+*Hs@%73rc!<)+gu#FjLD<JQhmD=m^dD=r?*Dc@}LVmVvx^H>ik`5eM<6<dfDv!
z(R+@K<l!ki*gXsmeusy`spS#<BFq-9p%`JFDoYV9R}}IGA|Y4**yoeA(fpLR=Xp3j
zUmGUgAjL@k;gbtpDXmNWhS!yd`jUnAd)oCQ_b0}u#Qc{$WY{vUs**{MBCJ0U#=&N)
zD<^KRDWr@wxjqPz?q6N|q?P0xC|-2P5Mex;eM)X75+%RW{Ng;(jnm5m=3|x=KpnAv
zuz68_XXSdx=1oFZiB$*;&6`{E!Np-*lmFuXLWNv9@&RtR4Ps1wC&q`7-FeLgy7&x;
zP_x={OJiveKC(=4-t=AOS8qC^9W)<Ix{{oA(q_0J!rv$>JlP#(7e5|@lXz3gpI>Uj
z%J0o?J|4;oS~ju_pxfHDt1;^<oP#G4tYY6003zp&UwuLIR5GbNrNY=PI#i`bVrwTJ
zhu#@^7STU40XjQWTih1M1xfU2F?h=nXEvJ8<Y}Yoi9V=dRc;K3ig=-2z?_p#k63=1
z=NHy1PQm)=&%es;x+{CFV+Ha=Ow*>*8lj2M7!IoNi0T-B>hFZzLfV!L;OBU6x&v~@
z$5T$^$*rBBC8`U-PBKqPgWZ0ZoafV4C-g5d;!>vP6j}vcks(E|>Z$B-CkFRmRlwdk
zZn?_EdGmgy5ab&$G{XyYM)Q}vZNwiHt>SCyRhgl^rmhsxq@l+~o)u%yEElN!vn9h?
zaHUzwcq$I^qV+kcj)WChU3kO0*u8|HU2YZn=?FO;Wh0nNO%wm_v?fRKcad!B7umTx
zSA}uN*_LI=*bW4@SmM-qrGzD^EFJ)@z(e7JpMA<Fm<A@+iDP#VLh?_WpJx`B^41M6
zLW#axvjBw3Evd0tqUEOIAo&%388o$`uSN^vw$>$g&!=7Y)ta~vfNb03Z*1%X#vi#V
zF#bSRVgN)u36=rIjR-wcle5B6<B5LM4+zFTg%Q8vGG~UE!^&)-mdRzaXaZ>>M#Asj
zX>-Vqf-vb%6na{Y{EgAhDbxVVdz>U9@5B1hsx@dgtD>bt_n22vb5u6Yy&m^}jH=7d
ze0dS{KeQ=C17no=HuV^DT`O`~hGpxe519*_-2vW$loZ*bWz{Dqs7HL9rY4x|d+VZ<
zhTWU@_GI+6WeMCs1#B!^RsKhh9daJ;B#6VQk9^HU8u{rAj!xW;Dx$9dF%*NBQPXUv
z)qLFOW$nTI!psYk4%$^H*9BXQEhN3ds?ZzU%X}HscQtms1N8<f!$2^z3K-dvv@|c7
z+%$X{6Z4~3Fcn(CMzQ<lXz@sTx*r_hDEgly_gSOIxbVk$pJx!vU`2A)A%z@>6Y;qA
zmWlb}YrCds)WQyC__I(TLtc8NZvx=CZ4hplBK+OTwcT{2(OXC7{cKe?`?T@?qQh@8
zQd?b^p{NXsa-0INg0G-SJznkyO|BeY%Dmkm+fAJ(SE~sP^&pf91Dk9YTEQGHwEa7m
zhVGw@kWmXX(01GcRbECR!>41%PBMg{QGIX9#%2wRNTOHJI;gx+*q=1ok>3W<o+4x~
z&=Xgg{F&4FhJkjiOW%`k8M)|N9zmn=gb;ha%!m_?>O{*Y+iqj?i;opY?U}f-6OUZT
ziCF(~$&8k#{w}>r4Lx6Yvd+?x77qeU=FC9#@Z%h#rlzOiQ)TIk0`%9Y5zCWr_Qrf{
zaQPvVh{R*+*%%Jl1pR<*5u(+4R0XF-&piIu@CmhDX!2jy4|ntR&tj(-B-dQamW<!~
zPST0kNpJ)v$dkJ(GgnM48MMAfi!=o|n?oj)I%izJh-L42eRGyuWSwdOy{&XxdIuxg
z>76!1$AW;Qb;^y(S@Z|FRK~bQM`Ipg>?S->%6(eAqu#Rs;?-_xOMgfarJ_A<t710y
zNnDmP#GT>k+(#uZxMxH%;A04T-NMu+QHX7Im^C*hX_W&FWAYxeV+<xt&<WEIQii@M
z8-Z>97ot}G_jCPvOFNctE7KQ{W+TuagIlg*@vTQYB`+94w0@_A#))NdP}1IgT7p%F
z^T!n+G9l+x7_8$`<#Q$zY|ihbFMk8(7LZB!gl6Y~#?51UW9kha@e;s^UbPlpogbYZ
z8n^iiul`Q)hFD|xEuaP_l8EEP=7p`2Z<&{IQt;d{Bk3+mB?uA3L>>3<!kQ6w5GEla
zKCa0}J35(Zvxr9SAQCd-1d~|Cki@FFaAh@o;cDJ){!iNR=6Tm}{=vx?NVm`&?eDOE
z0c~;5Kr2=JOycz;occ;<mvo|iu`1hxhp>fiu@T+2hYX!wjGs86Cq(L~P`T@(knGWw
zxWJ?(l>%@&VOd{jqK5NhMY5^f><|TV4d}Nw2z(V3QurBS(vAAiKNLENavT2k==I0i
zB+HUXX=X^n*J^sm_`O%`Z;|z#u%kzd-5%~I0~*TXra}Q%R}+lLa39pgu!y*~IMM+>
zOQxOgHd!+5Ye5$8-_KpvpFFS`I|Q{mg<+WQr&Go!^z#G5B<~QI@wB*HzMdBTI*>JY
z>1i5UA3!nNdIE+S)D|6sY@#Dp`+3g^+G9{2ECT{%V05rIg6G`FV&@$P&l%oFfVFBD
zw#Ip=AF8v?B0w5;O!_;r%{sjd`ch4x1z8Wf`G1W}j%0TOfOZc25oxN23O6xiUDk^#
zX)QGnNEKs~RpmY(FpHMH3mG20(^64Cql0$kVNt*957Gk8y4UNtYzOcl{J6#4FIvyc
z1p|qEERXd?t=aWIW*Z1bn2^0hM1TJ=g$l4UC}tJk5ELumUs#ZiqfpRS$?9KZ6mSNh
zNels$CHsF=LpEXRdh+%wgrnj#yvUKXXarM=YbbA#KB$6|0XzPGKuWNl8&2R@Y}-`l
z#GSL*6_s~1;wiNwa75OqLOy~Pc=HoFMdEVO0#yJSt8`&=jfQqIofZ+tml2%y58Us8
zLPVz{ZEC&@z)Zc8hu0bx%z7uvL?L2Q{gnX2ca`eoqx=h$rJl&H^k`<vU7XhUbU{VS
za5VGP2!y4tNXb;0W8o(>8IJY*lbVMX_y3*R({IOOK%~t6fUK-l@vT(B6s)s%drm#p
zEd5BtBU>SbA_3hODH8=nO9l_wg@1Tw@FRM*E-`k_4Flpim`iaGHX)_eez~l6b|^`H
z>3dYPl4HXXtVDVNl!o7Ol9Dw;xG(=(FWmhrhU^NJ3&{w;uUH{7mLFNflD>(DDn+jY
zF~4Ptlv;s?56V2M5d;dKHpt?okAEL`&FP|*AtAFvpVYJYurOPWv$j806L!OpF;Al6
z24n=-1R5tymPZaY73cmlgcm2l1wB?BPjY~B`jo#Lrco#i>OurbTTBL~00q9vv{!vg
zfBpFKHE2J{-4^)6$vm-kq@Jms;6fS=8{ViVdG!BZ$BG2GUpTp5@DJW8%*-|csy5t8
zjB=^W#Ztb@xF^sEYUw}FPb7+)dP~u$;6#8&kXi1t6*45<B(!K8)U!mVr7k%rk@X&f
z7%7($tLi<%xj*5Gl=1e^^omU)s<Hi#CD+b@Bq}~1JP|KSidvKmtLUfqA8xga{73lo
z5I~D3lP=~K|01Z;&()}WwpVhtjPj`=8@R#@$g7Almd(S+B^4rm$bSE+o=UDB)PPIO
z>JT`tMN(<u>-g-m9h64wSTo4vt&nC_ER%+##%UXz2hr)Fx(YX_(ZFvJNgy5Snn*u%
zJnJIXv=;rc@>uc})Wf-@?$c5yY-B20R|rbHrtL2X3f7W3aD7+?m>x&pt_zn>%+R?Q
zTl@V&zy4ZVzuhDO;bhWva=aek0PKzkSVI{?>m61AO~EYg>mwaY6^jj;1G_ln_B2b`
z3*$`Pl`To@iwalJ*9lX~sr91?1^PX|B+AWYNn)dw6Mt4@d|APWsJNq}KUWy)CetIB
z|96N_S`!54%o&^29df}!{--i4POo)YIU_cSK2FjG=|%(|gU}YOKoXxHfPqROx7Ss0
zKI1>FI-p>Tq;sHyksdA!XEA<H=GB#z&*0~0kpg>_xHmbf4qP&}76u6!zpsOv$h>+}
z>%2o=u!lWNyi<WYkD`2rsylO@Gtv9DA)+V;<DMNU$csUArJ1i)xiCe6zHb%DjV!3E
z!_`s@6rTb!mYeOU11j9Gd8sTy{;1f;#3^*0FRhkL(%utNXQo&rnbVqzbV5~~6Pyh%
zuWEWD{QAk;p3EXp*SARP(@<x8aZR&_YzOUKdMw?OHrD|MvnM-3oh-!col<>$vKA=E
zjM~W9Lkr$L<3r;SFZ)wYIybzo+~}16Rhl4!=Sj)K)&~SmFQ|`}aSoS5UuZx~>=_RE
zpdY$7fg7J2_N*&Rq;gGtV!96`^~Ce|`>JilhiDANF{Y<hKTN#ZPc-*sR5^dnR~7Fo
z&n~KaA9phpz2@jQDOqsUc*Bc`F-lO<hx{0tjBN_`yh#@#S)16<f^%1zp<fRiocqFD
z;Q6}bvn(W=JM53-N*A^9q#=ghW!QJ6%c^<2w~~%YCQSpLP$B^eh%@h%^t%qW10@sr
zLDevBVKM+!*fb$6_^4C(@5Rn6=PJwhGSLIa74;i3HxJR_p0w)Fqpbr(w#0`Vssy){
z9>~LpSu$~Vcp~)V%U6FQ1lK-0-Or_t7*64STEvb<Wa*`?!TXKEIcT;ElJ~7g{=QjL
zB3H1$euaPT`%}Dx*tfoQLaj>nCS$26Ws0Xwwo>9~{l>h$_f7Axs<Et~KK=@$J1Ur^
z)8cL;ZU2cb5~~u14zr=0uuU6-E1|G*sSVSj@R@SkJ9gTWm(5|b9_Bo%eU<+2U+@<_
z#dvOHT1INz&i1=VAO5&|I$%>NIGx90&A}ZlG*74wt)unxx+J$2)To{`DycgOd%7RJ
zcmE4?FsLlrF)L+8K58nS5`8KEhV$ZN+x~_~y<<@8Yx1b^>Tn{6HE_eitr0K&eV!(O
z8E{`AG^AOgVE~)=z5ZPPazxslJ30im0^Q->NsO!mAy`w|b|d0v3$jKY?^GX_?1IO!
z&8DY|UNs_dr0Xz&|4=j`VfB}tcs3rElF})fGDK%{2vGVb5NS!B&bBrcgHrF-fzrc%
zMjTO5eXCtlP;GGXs#A4ZAHCJi6mDS77#xAmLQHJV*Z}b1*y|nePKpX5sE7h;&J`HJ
zMo@%R!*-6e^=S6H#ZOuW(a(4?yk*-huKtrs%fy7KAozaHj?~?yKd^RK$f$?S=7Ciq
z)Xd|C!_6<(OdZ;r?_&tV-WU|2-Zls*H7HFDQhdW6A0IaESJJh@mZeE=v91J!Iu%I1
zAO$;+`#-E5#qjC)JK>9&RD`J?;g?{^{RX~7wE5JP+;O8VHuotlMw@a)B<pxKzyC48
zF{34<MGsbWS0Ovac^4eouV<&%qk`|o_O?G1rS_v>Bd%yu3!<kGVeQiFQPk@e8^8zt
zzz_&?g6-V!I*bTIA}4JY#BUk+X+D^3X55hok;@7kIX}L07_+mJeSq`Q&36jRFmz{G
z@q*IFh4w_HTAB6v)di<nnAP4Co-O*<C-p7IOmkE97t7V^$^;m&V|l8V^#UsdBQSde
z#(RfR%C)bxe)Y{y5m4D2mHr7dDLf=EG5lF@18&`q);eSIfD4<yI)AhgUu)ONOCQB&
zvK`l%gi31jOH-VryQWpnBzG=L+Sow%_hp?<t2O-Yf?>)zNQhF{kWhZMH%SS0vOAOS
z2A`QDeF0lKfcjPP!VppLc^j;kz+5WuSnxUM5OO#aU4UPh%27#f8BduR-%8jJ&|3e2
z=&FaLE48K2gvlMJq0TNDbFdnASiQrPgyNlu_r4XHoxl)O9;We_{p?ZO@*J+33Z4)P
zJpE(I>=`>!ePNlVV1@P_y=f#s&M}xi7yG};;5g1b+gt+0`yPIP+5~kx$>MHS8tz#=
zvxNXsY;DqHB}U>$wYRvA9Y~jBfnI3pkHM3SOfbSBTqymkfGp?5zsMjgetIS;4OQ@+
z#CN-YUdRhkHsX>Qk8yjccwznFOW-Fwg0C$mB@96=s*x`mCsev;75eYiI4_SxIoV<X
zmt&ne!Brp4SX=kR?IJDp6(s`YxN$?1WvJq?j-%lzVK4_M+xn9J;M-CaP8N<x!2PbA
zHaCs_UJ6^0i;uLjWrrQOdjthu;yT_5`11ot%asGoSrIfj_s#{r8?Urr`zD8QII$AL
zCO8@=5n}EB0C0brohhZlncI)e-K(IaVqexU@X<H@N<3oN=|O3Ef8qdK@Ue9B-U<R7
zz-49W>ZIr}!g!AQ%_F0Xvyj>swBr$MFcYx&HK0B;-+BseoA24Wn2J-gX!>|rBGwoq
ztYrZgrh>TvEn60+GUK`T{k9|TTNw&+YVeMWDp1il5#nftL{|fzepC(~-e;_t6vtd>
z;V}mPuSaN$0P|anWZB$j6?YV4cjjjr!1{(c3;~1$eC;IU-y$d|wSyzf^o(@x9?8fD
zl0-?=xsQ>&Gu%~6l@KO7z^u9(4=gET4e9Ldr;fq}JG5pU2QGy&3dOjZJTn~@WcD?=
zOndLDS{aol?MR%$9m^D8W)Lo9v3HZBP9Y1DADJ}pf8X#*>L~w=U~?sL^kP0a{WPZ~
zIAM-pKvV#it~(>j17O4UA_fihqj5QJ6j-nsdhL-=e*tyHSZ^1S;V-B}!3uNrG%i?r
zp%n7->h056*!3~M*FE3U*JSXg>rY=-#ld57BV$|1bCLW2o#U1Wg~xaU^q2I43hNI~
zA4t3lAZKU};|BH@o;&F>G^3pZ2y>kw+2|uj7QU1byZ7n%fEYuFr_>9DO?2b}k@k8|
z`mI&Fj-uSd{dpA_wd0t^BrdnZ1$Tm`CReO*sSTm+^eO6aglnmgA?bLeD@hj{BOSyr
zJ_G3Lm!~Z&#8^TNMDZwu;6=*a%mSpufn~2Z7*D~u9iRI$)!<DkGsY@rbx3RBC2vyk
zFWldl>AY#j@xlJpWddRvpZlj4R8#hl!yOFC1F#TiK^SExJHf?dpqF||hG$uXwQAIV
z-8}n>o3`jcng<<^)+b97F3`BqP*YF2CUkScviYc!W?q%hQ9spv4(z6waxz+zS`o7}
z)lh)WOogi@l_{0-ZxVkU=UvorTBvpD5*Fi4@WAHDi5Q>3^pQ0Q`e%?zU)mTUT<WQo
zr09m%&>G5X?LmHGez+BRp6ayc#RIWdt?~gq`y80=5I@-hUThFSws_SdP_k$+?>Fs$
z2TWJGb2J#xGpjIF+3GLVr{)`p(Or)HSuSUoxVv<GgI=sa&;!Pc8Hh*Y>pk4xGmGoP
zU~4}F;8EG1w52GEFH?%}2nB?X8~~p)hIXGjrI0{eY4hl(XPftngcYk*!5_uzgch_C
z#{9;@t`lJ(lB`V|b3@;8yQR|=0K@%g%>jMSt9hI=iHMaImTS*uQ^11?eaW(<peqG}
z>opfUuh7<*C4<#Fg;)4Iw|v%SPP%qD7^g97%U*$GX{S;z1W?W~jiZ`xpvbnINmt}W
z41gK5$$PxukM||XrF9)vHhcXMiaEAbFU&DSsfdbk?KRHq=9smXe$$2=<7b8bg8bj5
zk+-+lio#4PQ={XlK|_dBC)?pocY!dG{t;~;<)f@pqRcrGCw&I&)~}bQ-2A9|b#>U+
z!ArD1btW42N~`etA?sS2DE}nu(tc5)(8$PZsuqmiaLa~`fm?4@oV}OX2Wr5dO``;m
zy$dwv<ISx*2a>4BPior>wpnH}Fu5Xzl61X#>ymeNYnXbX)@`e_Pw+boE@-oS<2DAs
z9VW?3;ln0)h`gvtbO3gTh71xL=Sqx41ZT~KkYUZa*6x|DnmF4n!!jxM#)fikHdgr5
zp>i2By=E{W4pC*_UGVvZce?w!IfC}4fjQn$)Px^nrNBUgoX#hbyW+ufXzQibqFznS
zB3?QTYxCyc#dF*65FlWZth|JuV5tRYlj0ZyRjhq&#YW-k0trx{dMtzsZzyYc0MIiK
zx9Ir;c!3QbxhlTAS69$iP>VK^*`Am_{ut@1n-+r6?+?QGsZg_VO6l|S>lsaGVhek^
zdUOXy^?!MrcUaYe8RLB!02bHoVcBHFD{y<6o&<%TzR1!aG%Hm_W>y*=BJKuSAKG9|
zPah0}jJXhc#*V>Nvi(&n+Y3}CZsuG%dsiK|a4l^0bN~S;1bfrU7D2Ijm#F*G-Tc%L
z0&CZ+2T$Gb?5yd^nr1zATZE-x4RKGbYol#SgA$&ME(U@j;}z@G^c9$~OC0mnCl6hd
zj8w`VRw1cC$!{=l)PZy~8G;9l!bIUp)c@THd$@X|II@M-8LLBW<toCW_+3|g<!#gJ
za_Mqq)%m-%FiT2c!4zia9l|(54OVo*U&i6anS)|38X&w%M&7pP)EKRo@9-@{u}Cy=
zA_(oy*GEmlUnX7k5*i=MFJdm4jB<h_w-Q)~n8+ChOw*l1-sAEgUQ2e^rwG7<glUst
zS1tCgWyk-K|GXPNPk}=1R{0n!oPHbC_i={|(mRm>>*q~%qzuEv<RoPG&r4sqTq%|v
znup!FLj|uu2#z?cAJ}O;jCqjZ77O<MD0j7jYts6O)6P~Z+;9A5H{l`8V9HB~`|5Xl
z;yl#_I+2L(;aug>p<(Fd&&t8cR1p%IOt1_p$ssrDjp?OBL!ORX5Lo%7;udL|t&GF%
zk(HR)&w65X1UANoc?uhf*v1^)hyzSr#?S#qO513&A;$PNF^reCx^37v6e>I-lm)h=
zafF4#6G04&0DfqlO}3oob~ehW(efkh8c*&VwIIj&RD0BjuvdPF(jxYb1^W0<xD-@C
z8tMblsK_B}UbqAgS)STVsqOIhPNq=RtBx(fgd&3?2TeC3Z%R8Bx}q$?i!DzdHe6)3
zZafzuzaXOHnjZ4o)ODj^b{|3Fbtb4%jD-Y7xVa(PVH-D58mpWD&QVad4L6uiPz$JO
z#hnwMMP1tybz26q#!*lw96f)XZz|U|g~P*lS|?$Jh%Z;rJLWZ8{XG&q#9v3xVcm2Z
z?!%`rST82273|mNj&B+&#m0T+hj)Te@)R+uYD@XNM#64uw^Ztj8rAe2hqb?~`Il5p
z9!kOE5`z0Q;R8oKIRgctr<}bReT`;?kFIM!aK0bBzvvHk#sblo2wJvVu-lDpo<3aw
z*WXo6DE}P*gn65&LCiSUb#p-+)6A30TM7Z|?wEWY0{^Ke3QCQQ@QXY2f#~7xBe#l{
zV|sdTaUT43X&^mBRMCBN7Bc1B)mp{;q%U8rFGZievb3#mA5uOjJKpLhu;rqQslIui
z#Qr?Aa5<t%yl3<xQ*swV>~QCW7a5S0R3Kxf$%i<OpszY$;cSEduTWt>H-e}W&WDTD
zmqy0WAK~&suWo{kpt?S_Yxf=QEN?kSZlJHl-5N2VS|*TG&3Xj?XjS30AMn|}sNCiy
z>HNfp-wKCUV=xlwzG4vB<(k#&+|vyswIMNxBm3b+-!clp?>~WH@+$bYo6STewvlPB
zfQwqZZPgZi^G^%D9W;xu%rS<}>!uvbL90{}LNmlO|2A)kxENjqjZ^_ydT9<fo2Skw
zuXMA(DMX!Lja1CA7}$$pf>y0vz|*AMbdFPT<5f=qqQ3Ms)8W9PqK&Jn8Pnp2l(8cH
zgxS*MHo7ZpKScv+_1;#QW&2-nS^ux4cCJ`?H)WYf{}r~!bq(yAkp4V_cYa+a-uyAF
zxj{FF6}zMR?%R!hD;)B3h?eVaMt-Qw8b+i{TQ6pZv2pG{2aszEl_aw+_P`|a1M-Fe
zi;zO=0x7cKblf-q$uCl;)P4F8DiRat85s=w!B!gpidCBGa6dI!hzIo6BPAzHE+b;R
zS3a*We*=7Np~cItk5C5|?G9|Q4fmrVZCQMCFB4>u*cxFi;xFx-vBZR`jtRLkh)i#m
z!pWcArd1x$SY&NyOt^$SS%!*MOJ#O8>Ri2JC#`N5)|;C+Ts*}D{_vfoF5AO8LNM8+
z#bGPp&}CgA3u?}l%fGE9QNgXg|0PsnJ(_JGN&`?pDT>R0#{3)MdI-6`{&Z3Z<r4I3
z$c`@>F4@G1ao(+YLK#JlNJ{A&XnXf8vwj6NoAns*8jDi>WMXjxHge)iipV?sj~TLJ
z_c!yr0j{Oj?x&AxApy>8W6hLV(}uqr&U8jNqnAR*m&6c)`eP22;MIjBl_C~Z7|oAx
zjs5Q%a7Wa)e?>!g6{Rn>wl4u_1TJ7rXoNiNY@EDilqy8YAg9~dtFN&qozK;{^jLfa
zR8751!=T4moQU#g(!3Rjtl5%-5ny7%CKtA!c8I3iNTJ`a4<|5pxLO?BX-IKKgt-&~
zKT;akugLF9>TGk))i<l>##?O$1(}f%G37%K40-GLYgJZOcrnNNxGUM2HRq-(L@8jL
zqE?w`*3a<*ozDud%*s?}?obx%qX{F>uCwXM9zGhn$A}oA9rl<M;x3-KKM9XQG#*=J
zUpqf{SMsMK@kN4f3%LS1o=|-38h4@u=WjBbU%-63j9I8Z&HD&6SbRY8dNljN7mAUO
z8;?r@a4Z|?F+t2b(q*HYtkuO_sXU~8pR^>9PtM+g3HT?S#n2c&qf{)6h2?Bbz8kb0
zv!z?SnAs#)boH-kSov$*>q}$yG>TU7Rsyq!$ttev=ef4nY_Zyh)p!2Zw`7;*G}k_i
zkpMm{>{10$pYx-R#n(!;3&}Q{k~VjBtZEo!evMSW8TR>?cmeXVfj0n>qpnuK(2#%=
z@j>)7z3r<A-Q852#QU!XMpd7Qr&>|3`AAErS>g+`NkQgR=7Or66baD>5X?E7ogex_
zh=agN_3-_Wcoh#pAs-<==to2B@j5Y_J8`B8jtHWvG}0j<XWGE8{oQ>-JU!&P?^J!X
z6e$nm5uadC>W<>(RQZ|a+|{k|ouob4<l!K^iFr^Uv^Rq3$Sx^l*i+P{&g_eJz_c0|
zPnXr07MY?HCB)fX(3i6ddbQ$T-0W4O$$3K}4a<jJdA7<9#jS}+JIsI;^{Jo(p9pc!
zle%n`qaostB42<b54YJIMyN_N#hSCmj=L5HptxihlPyS+L|E=On~g^rS_idfq{R*r
z`AD*tDFQH|SEebf6ZVKew={RwYJEdHov*ohGxacnA6qfN^$n^_o?)@}GI~Cpd<+x#
z)B)F9M3w%j^xYwTAobbD1>kIAT4jQaAcOLmqwtBApjfHKKuEJqH_yJQO8gK9bgB}(
z+9(aT1mwDO5(qwy)apooqNo#+Gx!ay4BL<U)3!h4MaE&>W~DQnt2MG?DAVEzPbw&z
zmp-bjsmPCVM`=D1KAg==+Dutf@D9=E;j6HgV@>Hxo37n0Ux5i@^B1!tcyCT^A7^YZ
zC!*QiAGUy>$}Nnha49$wG(H+aHq-Et(+9J`9?l}#CH`MZp7&$=J(?1UHk7vv^wMhz
z7oPVrI+zVC8H$&9O2(t3C~zp8U_%EO&!G6O(8EsNzvj7?7wOUCvk%(Ok-s;Fga}2s
zie%a_)&ltFBA#hCTlDeQgJQV~0Q`Wtg2=`nn1WTLL($61sU9lk_`PY$b)`RciwKFE
zhz&{(ZIu8~>x^<jvb)eSXil#nN~?Nk;Iu1)q^QWTgY_ka{=@GRt9;9red*%b53lsR
zny+M*qtXnS7vlT1sDDR=8__9nWfrBr%8;NR7RK617rY>5vuarSUAnm+2uu;;S0}*c
z3(n;<l3vCXlnHn^)eL4ttQ%oJSYIt_o)jh?_GwMmR=oX0|LVT=nfqESl~+14Y7Z{9
zW+)OYLI#W1VBElrZ*<gj!r$(hiK43!#TH!q$=Rb;4YsYp4M|{Z<NC(fpWkyQPJR_Y
z4k&jVwKk-!^}rYPnQHSJ;e3YIa8zf#;z6G$q1N;<y4#7OFQA0$z^AN!KKbCFatG!4
zBpjzZt4h86FK@XPFu1ih0A5^<e)6o_AEr30&C+3&4zxil3yxshXm%4M8d(t&C91@;
zEC8VFm!~jied()75dFJNC)GHiE@(z^9HY`IQvS_8>kp1SG~GDC8B_0v0ShUj<`$Eh
z+F#UhmIFpKt7eFmd)ogW2VSg;{l3i&>Lzj2s|;<u>@?*95WMuwEN4eL0045pQQ$lK
zuvuJlXRfHsI-A2BO?K`LABM8{E7tdqSIbBAi4Z7ajOp<Ib~q*K4YMt*LmGr>8+XV!
z!`8SPUyKzv!p#WyUNY9E#cbXdz3U}64C4sbA4vlP1i4!aWPD*LPMzGDXZzb^uN~y0
z9kSb8;(YPYndW#`u4}#Fj0JE4<4Uy2PooB5W?usAnv0I^4CKc61#J>~`FpjBTvpw|
zT?t(SW6Q?4!D{=%8~2Q+KKPd=*l&3yXx0P^(1h|NUbt54G>plkKV@YyKdV6@Vpg#1
zTFrgYKEUGt6_`EoAwr3`iuMoWuY=IUdc}DwVerM8QyzhhkdW`OQ%M~R&StNUMxX)H
z?$fu8g0_7#CVja_i<$9&NX=Lm(+U2~bJjZ#Ga1Ij{t{g)fSBV*lnU8FE4c%J$=j)f
z+wzFy>cr_MLtnAT63P>3gFnmDHCO|M?0|OZCcJzwRrihEQ=&t@5cDKwN>jj`8D5;U
zVmCAOXS|s`Hgrm<)(h_Ss2q{{#YB6lI&lSCDH%YJl1&xoMV9Q`70=a=$v<FqfOtUO
zJbmNJ1U>+3lE(=L7J#%jf)pioED)3f45RgTYNU?M{^{f}tVOAD1Hy1aZEf0GI5gJO
zF`(dU<Irdbk4lCCWM;1U9p$tzbG{#f--p1}ifu@yyl!!H#F3{T^d_0+1pP1RI#y#@
zF7FqQPG>xOA?UPuxBNPPfcpqCs|Gz8)SSKH2T@fwkwVLJI9D}~-vz#_3==VvHP0(E
zzj{wZ7Ev?|ndbaYrqk;rDTcR0`Yd-?r&1CLv*MT-lyDd4V>gh)+w^Mx`rdF-x?Io@
zM;&tQ4_{J^DNG+@sW}#z_HDvSuV8!IcjuR}&1Vt!+kveZ(p0z(WTGMPHV=mx_ojA&
z&HqyH<WDT``X}}iJ;QNKm68Mzf`TS2i128Vz|*2YB|=puugPezuA3uDmk<6TBXx;;
zTEmyXB(N9*I~ufNA~-Cb@unGb+TYpggT*9|dr{?oT~*l66RaiPlqtq*vi!{z3p|<z
zW3u3+%Ka}0+vztc<YhjXnT}F56T+yz<6<W6d$qB4rz4#{d0YoSw36{s<T$_dd;U*X
zebIkfXaXtTHtlh2d#Nd!8miCjh=%z$QO>!P2%9OSH;Yl^SXR@qYZ@k_@H)<LneiiH
zuN%1`N6f4@@_xvi*No9#Igj`ah&cKtUaT2TwbB&UD7o(Q!yq4Y$LGxb0dBK@O2+Q1
zncRV!N=M>+az2(+T!tD8Vf&Gg0mY=K&^W$d09W%mmU+f13on|^iLSmsAD#<Zb*Xxp
z`Z^v%TWmf1xDCoEYQ)6RM3D3c^}#PeuxQUZOwuR3jn(o5S)a35)M-%a!0zuTTN%*&
zcpIW(fU(UiD?Vo)e51Rdr=*KENmC6TGsLjIj39ON6??1Z(<ZAT7KyFodxGbg<9E+P
zv6m44wt9HFv&n~!`sZEQr>Ua~9G_*ye>5V8NUgVSD~1|6el=-GKT}^ta!BT_PJ!nj
zdedQmNQ$_AaWq)L7q%RX=aH=hdjqW>8<DtLeddVq=jq2q#G4CC6XS1nfmjDkfnW6&
z$+d<!Q55bj=_p+!we_QpCx(lFFe$Kx@4XLCcZm_Y#yGj#18L#k?0flHg(xV=L605`
zg}I7P6~IM7Me**%5JgNzXiC0o$_N|>I=~#haPPBCd2=Lp3!(KQ2wcejC~1*W=*-1Z
z@EdaT8qP0&(?G=O3`jWElt5z-d-oD>Z*jSS|Aby>c}c;9@c+I}$y{8XS9@f@8YRzG
zp_#ONvIz!d-0ehGnl))9K2P?ZfLM7<?K;9#kTu=T7(Sg;S{8Q+qr$3^8pr#3PP03`
zTl1(8eWJkYvoOI(ZrK_v8Iq=JgP^bv7!qR*zS_&iuIMyy4O^Ctq>YasstpmoKwF#X
z?Z4&1infmf#(U+sw>CvQ+f?%-POq+%=-fE3tQBg^@+X1o@oPD@Z6S&-bTZn}idlKh
zdE#g;@#NyRX!hRyg+M-+IRW50M%F~)R&H1w%RH*;xK50r^Y~Vp7Oft6a;?s&ib6Z$
zP%^(6wI6M1ABaJGe1iF*bIj)*Em|g38$1ywFuS+kra<^M=P@{~S_<UzdFHZKR+*`Z
zBD%j?+GHD<O2wScL$W81OFxSK@T;8RiHS{?t>hLFG|Ac+o6u)-(>-?<c@%>aPTo4<
z4t383OXRfwAGnY%2O^u{3kiq5ZqkvBU;-_K^wHevDU+`@)ioNoXbY0JK`6g%cKm@0
zrW6kPHmrq%SkU)mJ1_R#6Q*G%Pz6%~vG}^}(EJ_O3!37&h0+>?7%J%fvL?$YK3Ox=
z;uO$PzLFo|(ez-Ob6%6|R}|l@P?JfmWdP9H?{xcix5ZJOPIJpFs&D&+OuG=45$T$1
zeO!1o!Q0}vW0BU7@R1KwW*398kAFxK=i=-_l)Mh;uU<ILYU9wIuuVWT<+B-8b@|-2
zmJtLbYW)Up%+$>4y=FEo&7hSIBaHSqGcZEFFK3!4PLDa|IT#;fnOO8_wyluFI%xk%
z%2Bhk1fgW|l64`78W+TFzyz3lCF^NDAvH$QzXgOXKXY#J<Fg~&zld#ZLEpzQbPx}P
zREXs$n51hbPqRER2-FVxl{YyXirwFawP!P?qB(Gpj-mR#)V06@?%eA&k`K!{1G~{i
zOgYKqE@zml+R4E(IsEqs_6KGfXX)?jsmOH%$@!ZGlYVpVtD@DB0Y_AzX9FnkEc(Qn
zU$MUs`by8e?<O7m%NY5C9ObBFl6vb-(~aebz<uIU@2D<;%ewEyq#y7Vytpf2?|w)L
zR=wo@<!AU@Z0-&-8n8NGQ5?X0J?}zfE4d{HA)2{|+U2LXIUx8<x?9@TzwY~Tn`cF`
zncJ#1|Jg*R0d9N4Kh<%8Ip0NnN42e>8lov*Oklr)Y!kE$P8a8uX%b}og(j~Mssnh+
zO1Iz}E;W@<LuFk@tKZm`G1f@FS7#qv#BsGqMA@O{<kc*yTb_W(Sa$3seXGSJ)6}7Q
z0{`Oj_V+L)%OMg6>V7fE5R0*THaaGiM!2xHGPE93YhBQzICF=LnN(H_;Wzv`6M7D^
z3xBVw!~$s-5kX*dS(Ihckw@LTbf?g40`33Ac`{F=flS>zXq$(<oTJ`{Qpk-qdaX)F
z&_&*$#Nh|)VS`1l^Ut!tl_4M-D8UwM{a%FL-hS#%6{QtiOE4=QM;>yDg7p_al_!bl
zsN*G7eqI%dCLdNgE&d9WQ_ifX>GxvH=fIK#Y$D-aPUw_Dyf&tUw?pM%<l?q$Dq9RF
z6c<eby&}F>N1Um^D2oXj&?kEUFp(rIZYj9XAjW9wM;qF*XFwc!0XK66=CQ*dD5N_J
zVC0~qJU>hCzEjVCR*@z8O$7%!JW(xj$(239u86VOUcXOB{7|7%Lb1SqJ`C>n(HCKH
zRW{MERv8V{c`p992L*`V!4(WAp9lvLhy=bSY*sI)@_MV`3H6QjPIJQ5t-!~A$dh`@
z{t$vba>5P36g9^-awzJ}4kL-by+PMMjuP>+;9n(pe=R?miiD8QCussL=_#;g8vBL|
zvvjqNlop!*n{By}<2LPz&t~tVcTPg4y`h~}INU$n|0*J@Xa;T3l8|PHzCKB#YN)yd
zlDKjv7>J!@Z>++PhuMKWqJ8IR)BNG)r0*=cKqAcqFv&AbXW*l5+_IF2ve;a%O2onz
z*3&TSj}UqbdX1Rj%?a_6{3IDKAYj;3T*xWg<i;}E<NR>Gmvy~6+^?3A;eZp3fF$AU
zL;R0LvECu;H^jNm+1jJo8S8u!?Fi_WEhFTP6_w*YK8s!ZXJt3InLD-1GCpXH_iCaL
zfubk|A~zaS9!2`gscoKIbzA8wic7Nf!A+S}Kh{+nt9k9GyOu~_^t*$e;27Y340aID
z3ytDD!1T$QwRCG-&2GLnUE~?guKlIfcoOQ?<4Vsiw^C^3$Gt?JET?!5Zj73Gak#cS
zz3p&a`-V)1{WatsFBaB7Lfp&)cZB?ql-N@{!yQzh`3}Y32>xR!uZWM4QsuY5C9q2V
z1j?*0r*RJ@{^}3ONCc=NPtbA@yf>-lPhOYi1ZR$A_D;cwpfClFHRvN>3qn{QitNz4
zsS~VAqm(JeKlw%aw4{>0sv!B{m(lhW0HeSz%9<0jr&eGd!MNj0KE=JA;FbIAF-zcs
zSt-is_7(TUFW_z)b{Nw^n6+FWlbZ>Pq6@52Il0`q)d^xP=<+(|xkP+#*h!cK+su0=
z_=o2$?_i^B{ASm~6ek)`_DVqXkYHTft3YngFQr69MLaAv@T<AV1FEhHNz&s)W~-e_
z17t#@{3tFWG6<xtR71gW*(XfVc2cHkuSnCCGZnGBnH?=mPIOkzKw@ZOBKeL59zApF
zCRz9G25j#o-h7I_*TMRfM9O~$Mn0&|h^=uOnn<+#iug%A6&cRZSfX$oz23GI<-9~C
zrITwEaL#H(yJJ0g5D3_@$r%$G0n~glKRXL)M7`-?)gq7&kx@R<?l0A5=a?cD@%pTf
z1V2g?9X=51neZbFmUslnJLy_l%}Ke^a75<*ZY^cJdhF!9sPK8|m@hNjS4@I@f?@PQ
z1=Eq9!zoDu0idK&t={X8s730y?-U9bcv&lO@$EBJ{nFMVi51MuRCx|K_c209%p#kX
zyx1;;w)}LY8Omb+{YbtLqpJg62Hxlo*|fq3nG-31nqTT8mp)I$q@z4xPbYKqz!!D#
zjDD>kb6n)p2Jm^grpln&noW}|H#Zc}vHXFjV9O<SCEx}@83Us#{Zh-ruf^{xDAst$
zr(o;RR6gJ$S*FPbg#XDSlNb_WZuw82h^OfI2Ldk}{vH5ayxJ?BJfT63LM5RHtd>Rh
ztT9s#2HyE6t+B#{g@=FQ6?*bwKgfqlke+fF&1k?gdFXZ!IoX-wq&Ap=-jw5d-`MtO
zh~p(*zRT)o*#LW?iH;O~>eTeBx7sxq=ciB7l43Z6US}^K>I9}!bQss3S`9ZeaJ`7W
zy=f%=Opn*&RSH+Rcxu2S3$O#wgLM}u9@xsGTpU(us|c#4O(V2T&&yslb+mSDLFSt2
z=Xd|2T)-)wf<k3N+Po+M)ZF{}#8-oc1cU|zW_H;FPRq#XN5s~l!9HxmrOP99H_}K#
z&tOTzAw%K#(B|;ppQ^gze~Ee5CC1*rQ><iS|5)+j<IuOubtj{&j-*<7>~2cjaU{vW
zq6eWdeTz+WcYZQKtFIe0W;5Sq$p<$p<cxP+jqvIvMn|Hy28szTc=Q@q`@*kJ>;IQB
zZs(%5cQE6-yM?HVYYy7|PA^ZmH}kB&_H;#_8yT5IT7N*({|@i!iGF9fji5|SA=*QA
z8Jvsp@MA~`WbL}CPUN)U(XbQ`g<&NfIJYiupodi=n_IW;?TthITGg*q2foQ>09U=z
zdXX{ZUzl}9H4v5@sRnnTTRAd7aWbn$_<*}yuCQ_=<RGJm5OuU@%VmLHz#S>uMY&>F
zc%@3w^6f~Q#7PZJybJl2O$BrEDja2tz^WpnVq3;EQO#s2fOI!?zBnPEkUbRC>0O=A
zOlE;6An`NXhx#zAAc+E_RW1NlmJp`QxP^_$+=EBAy=t#j)ot8z_%!1Y%Sy)xw1Te3
zEwH)wt!o8}i%k{`*&%iW1-1(b%T!ih<ai?X>V7c54K<4U`b@!g&cSrIuBLtPPE{jB
zN|c#YoZokm(n+y($m_|<MSfIIIXX#&8S<AS5yZ=et~cw%S}lMC)~6F&qaSg9fKY_F
zp~UdYSh8sbvzjniB3yHNDf+Oi3jo^T1ZT1cH_84&INrX9>nb8G#zc2faWG_sm*n);
zT5_uXb6x~d8RPq#Gs0`I>PXje&s;+}a}ht(FrdepWid;<LHmd3RL>8`!0ia(b7&nS
zKZ^M(;b04+%o=(6Zc{k|sNcD@L1f`v@I@bVT&-Ux#bc~ATpy?C+N1xD_#?ce(XN>v
zqa?VVA)jE=GSfa5)wt7a$jV7H!2^R%sk9|RKpHF_^w(_ITNv1Er(Z4${YI3!6=Fg7
zw&6z`82nTV726D@FNy*|YEo_f*uS@om2lM!>U(l6Io8omXlYae1Y4vrH8ewbMukZ(
zll@MAHLh9j!BSKlp|2ClEJx5e4}vHq@dF>DDpi%<+FNdZ0kn2140a~VR|cS0coJf#
zFc^*YY>f8<d=1V+FCwt;MqQL&WBwHYKZwxOW#D-kEKwbOj`A>d#!<XJ@n9Ru7G~Y-
zy#;g>Tc79~JV<a27J}0x?FJFr-M!K3uJ&rLR@~hQ2_!fn1a}DT4#73JI|TQ)bI#$+
znfcCqYrgm1UF+UEQ(3<*-}2vk|7BOIdr$gk4fy}?bJ$*-lm{~W$-&M$Bjr~OBWt9K
z-AV5XUKf-%EPBXG%I?=&gK6CHBggtK`MKi8kWcbvD|gK7w(<$ROE!47F6rTgxvjS>
zo0r1tb#6qBMlk9tsT$Et8sBbp;>7{e#oq^+>(u;!NJhe?2b)ZKpH-;^`|kJ`_=F4D
zZxXZD?_P1jxx8(owwENP97EQUw?AK&x9I@)e*bde)z<m%O*3d;zQ12->cXpgc<Gc4
zdIA5=l>483FS@;v3^}rMXkl*GtOuXM&v<i2PVE>u9@)AhYuOB9PQ0zT?yUQrAC)%#
zIcxWpv-z(u1?f{p3WJ3Vg19`lEZ+6XFlLeGxzERZck4Or!hqA8KNVZHq|FdqIMjPV
z7QFbnL!WhP(0vWB=}YpFC;K~@5-x8n-S!}_Nxe4JX448=+)tQlpZs_(Ipug!{k^Bk
z8)erTDP3adwrubF%w6QNgpSR0XBz~cG@Z^5_5Rdszpm3j?b>zC+f1%jyJK}rM(n`N
z{)3Ckhwd<8JJ*`9y~(rjP0&Gu+jUXcc73fgyLq)mzS6nJCbpNgOf7x*;R^lv_+D83
z>!iSftTC&|%hM$p?KeJ|(5bf@Q#<YP#zq>^(Z_Y{J@Yd2h7N36|5{vJo!>d-_^NiP
z4?3r}UcUc+y?xex6FR;hTzoWf-|Y3L271ctChT1JXq0vVXU@o<>PObYm)c`?cJ0<R
zQ%6{Md(qwZ2RE!LTa$F+ecgiS#xBiW=6aj^_ng%C&Co-x`i<d_aPPa-n47l$V4vPo
zZ&2Tz&jwGwdc=~G8S=ghH%>fq_FK;0^;X*;`j?kC8jO54j@0<nT9Wg4Vf&o&*IViC
zS}EbrEoRcX+iAA$*B=k2c4+ROs(X~P{-$iW@-VyUyWT6t&6tkN`nF7asHja=i`+ST
zN+ys+xF-Ip3~I{@L~n~$BG$I}@f3RB`Oo9H+RIXhArE#;>zvkl?dheN^%dP`$&ZhS
z4?ni~+mVG;XZ6UgTAsW*y+Qvbu2ZD_OfLJ-vy0zn@J3O*dip7aZ1bX4>79|;`#OK9
z`gy10@{Z%%%C8Ql9_*a<D0S=i1WV?d1Jy*bGXhm0;rh3O&99yo_1;qF25#7F-3#^d
znIoZ@wJO)kUi^ui^Ag!vsee(~w8H)gk(LEg>&KzK0f%a3d|N9pX4g5G(0)auz8|vI
zj#x0OU8AJ1&=Kg>yvp+L4=9iCJnV3H0D7)+n>rAaD_Ng8uOVE0ZRxS?HI3`&v*-R?
zMxv^B9UXnLsQm2f9Sb%z9;G{yMy^~Weu_0&pKj@t(|qK~`7=s)&iOKWoFRNLu=?<x
zYI9P-yR@?UtJ?1B)fN1n=x{;)rRLVDJ2rMqJ6@&XsRwMVQa)o)8YXRg!xg7)4#~~c
z=65%rFId0v1a{lr>H_}e$#=m-F{`BEvCU^ERPHk75&rDV$q$yd-;mSz)|w@6&K@~h
z{^CyLBVl?$_Ocl}_Qvw-UXZVSP$t=UE$5-xw!3Yox$<1o4WFMC6w|&nnOx(?19q6z
zqi|H;#_|XK1`pWqDtyo_Dl=TKmtC7%z0r{}?EU<iJE}H1bs^-Q)N|^)6W=C&Y;f)3
z%Av>XPmV&IlN%=R6VcK0OG;TQ#y`uf9lVy_!5?wAOp2`?R8G15xpUWXo!Z?PGo|r_
zB<s<xp1P|)=_Y20&UbJ7y6d|+%R{)Q-%5Hcs(yaqu$aBi^*Y(dH!<hAdJVAOnq(Dy
zJ$SJ&b?>K%jjp_GA<HOQQL^Uo*~@9{_C06rVBw$Em{jOG{P@u(%Dpq=@!YDW+)taS
zz5JD8SwwwF=!|DL_5PL)c?B;PetR0r5Od2<Z7h01%pLoAI4Q0B;_Vk^=XF_q(l~xv
z!h5g0&aOI`K&rA9=Efj~z2s8aySb}s=5M&39$J4W;m4b=N2RA2AHE~EjRzZUey};S
zOX11U^G05a_}lgnQ^udy7L6LW;>Ertl~0c8mppC3@G`<cbq{i7!G;7veDb&4cO~||
zZ|VXId%k-96ztF>W8w7d?w+HrMe7<i@{Kx|aQjqS*EfFU?=u_!L@3Yp>~;x$OwVm|
ze+BDK!Hj9F{bfhl3vbSTCc1e#duU_0-pQ&{eAPFode3e5JV%1I8+W<E@JUU7k}r%I
zI&jsaI*n<Kv>OxbKMIb0#W;uUu9+f#IjyL4+3_f&LFfG!R^clrbhyktl-z$bO}6_H
z<$3PB&tGTP|2X)-+2K3uO=vW1TZ3lHTIh>LT^hGcJ;S`q(&%e-ZM(0nXC*+~!P_Xo
zQ_J*w7w7VyJnOh8Sfk^><44e3E@525XSGA;hK?W#GKTCw&CD#HGnDk~PUoZ%<>puE
zJ4+{2?wzJp^v=8_C3inM^k~|_;=QYi4%citX2#%k6R&^U48H0%J~!B8@?&_CCUJgJ
zS;@0qOp)|Qlf-2U7kaFxCa0EWOj~zyQut82D%G!Ey0E9{-oE54l9cOOwSixG-DGcX
z-o`F-hOBLUW288(znq)~n^H>#4p0m{?pg-j&-?u0#=x=E`1f+r#&cQA7?iZui6`z{
z@^;_zXtVPD$&^#m7k|t<Gp&AaWX|(Ccgm{o{)x7jmmtocCGT~o>#)O*cTL){&3@Mc
zIVKT~JbZn#q;m1+AJrIpe5Dgz*UwyN{CJD4P01_Y*N=ijb2i<bgbZGtc(S;hGA{6-
z<NTUml0J1`Jt3`ckCaxM>7|xJL7u#z-s*Pt**j?6CKDU!=O=9tEofT&aak+L#N!9?
zoZ@j~wn^{12|V79`?G6>+i&!*Ke8o%kG0E<WjETN)G4+eAG&gW#-MKN@7|7YTEC-R
z<>1M2b&?5*5@yS}HQgEYn@=3^cu;iPd+%w&tybN&xk>Z0+~O|%4-Dug`BBuaYs*y!
zcyjI8-0x7fW8dIqiq`D(%tcMd7Ed{BTfO77@5%RRmp=*o#|NC8`+#(&_2+X<Il9M#
z`=us{2DdpT90c)lk$NR}Cmy(X$|;+iwyLbp_pllIbfN#vHMUD9%qyZZKJVx=_D~`L
zs=xikyjS<$m2F7E8jx|vbmyB<*ACAZWyyP&*lb6QyBQ6~Y<fg+_cY)SYFpL9s_QHh
zx~wzgJD!&cXP*flgM0M}wVh>X^1hcoZ(g%qTQ{BUI<)${i8Lr-%}q|jUCQBQ=Zj_u
zpD{ZZu)F0CT^Tx8%(~wJ_u_ei5r63IiN-xIT(*uunx8A&_;~WFQ)4cDJ-9jf=Z*%1
zZ{<tg-MjsEdm%BHF(_y9Tp{aK-P}xOj{WA?IX8FY?MzT`+zmI4fP(M2qMmIn<2d{e
zuF<PTVmsWwz9N0`fFkd~AEg&I={lla8rNQMx#8Q|aGY2FZh4bOeK$0pHsC(Dy|2rZ
z*85eA(Z04%Ou{xb7H@C-$a%lv<cA9e-h0e!K|K4)RuD<H)p@>V|Etr(c1~+j3q6<n
zb7ACMBrv@Yw|!vWZ}-RBadoZh1|GsiH-Bz;hSF!t<x8d4ULIE^U)!~ZJ(XJj(iQ6V
z?M&jc8J6x3kII9`56#)1o%xltxt-fSzw2{vN&16DCl>FV&Kj6}d-tr4jKpUb(fhX1
zO~8-DURZRkHYs;UAXT~!Bc8W*ULTL6=D=yEnyl$}mo&O`?d{2;-uVmXWUa5<X4m8M
zhueLvSz9%*QC{WA0oljz1FuFyrpsSzOg<@@J>cGw@AJ<`cIVB2f8y&LyoYw0x;tqa
z|5obyU4uhQlbfn`)t1K0_gZD{AN9U_iTch-=-S0&QyL|Muec|5{>m$^lescFE?DTl
z#2ASa<xRw<B@3S9D!TUN(mvJBTd_b&yKmg^^YDC>)$mXUX|w4(?Htw{)1a<Rin|{8
zu*zMlre*S_?guDC#%`!meKQH4)c?rCjvmwL<P#G{ZDe$5T{6G+poZD+Cx(&vLNR!t
zfN4nCeRIwA@S#(wcS|}?@2^v~tHS2(Kl7!aq*mj_g$<ZpPGqd<%3gVF(*7ZbYd=pJ
zfH|#OJlx#p+(u!Ong<M`R*(B1-HRN~rLf-AF4bMLm@(zvo5|>L@sFlIHYDEv*80by
zQB!i~;2xg5HB*+Kb8<q%V|t&t!<5GdOIy}=)@e#RhrU=lq|MC^dj{~ZeICDG;GW#I
zc>FBhSu(z)Y@M(9q*7_$5xLXR)jj$ji_Bk>w&O{UvI)mSO&On8Trp+uj+aop&uPjG
zKlzQlXn4Dx^KT^E#gpn6O|5>7Fo3do%jqXsp+n2>-OW*MgIAUdHkxioPPXhR-?Por
zRIMG<fZOZM=G~9>ZkjUO=iPCm*Saoq>8GH!lI>segh$l2^!LiXU)waB(YD*N!HbvQ
z`g&vgf>V3u%zrhK>8(VxdRiBcy0v!{-PCFRoNWkixAYovb#1ZY$JSKCkjn#(bkxmi
z*JMa`2b$_fjyL~kmxUXL@0U$0m@>b4<19C`Es?t6&{R1(&aU_nL=}7LHz*-4Ela9H
z@6wW6)?-)eM@?6|yCpnL61nL#QFOL#T<3Ea440cE_nE!I+VRu2vdw2}?N*I&-zV%Z
zD*7?^>lEWN$L!2B52s3>)!m<FY!HinPRN*dtYs72p*zG|N%J(zme`&iUht4Ub*!{x
z(g}`+lB2)(G-p<yQ2TLPGd|wHE18MQgY1SMymPOGhs<ohv)Hz*OU*^=CSL0CInZ9B
zyn6J_XzA!`ZH0^T%bqn^*Yeeyw3A<=ojM>zFGJE#z4Z3t+Uez==7!>R+eCZb4&QlQ
z{gr3M{&tEwvo}`TP^H(j7w_OJ2cqZ)Sby;cBer7r!pbM_eSS2Wd+uVNah8o|uB)I+
z3%<MDffD+<d;4ydl<%6la*v;SrruoE;!|zkwSSj#ZNbZt+7xmVL$>_r;l!#rwUvbG
zH>PK|Yd&tGyElWu!n}RD-EnJ9tLj&xwI+1js@Ynn$_{wf)J{$LXoDXIkGAU=XzOgT
zhI2{$qx#5r>H4=M>Y1a??{EQ6n)mwhzINaHgqn^lW1Cuzf!Bm|z3R8b6duuJyspV^
z_L1_aV-I56U45F5{8@hBmg`dEcya3_ecKh4v$NJzo)$*2ragtj8%17DCuo;F$Y_~a
zXI-ev%);&6hMyQ9I<bmLCUIvjne=Yy<hM7HzCGBBwYd7VxH5n9fnB$wDgFC=k~Oe2
zd@LuIvmD<o1+(@Zznry0*ls})ZPJaFeA&MH`fe+3Ov)bOKECP(%QlGoG5@vb{)(>E
z>s<P{B>Zt=+w<cK>rOtE_kG$n+NiFn8?SFR7ub`CixxMV&b>S`eg6De7nk<i;<F>S
z`yGOI-kSMph+b%`{BWZ4MY97<QqIUXU#)Urq32tVR^NJLzgkygN!K3*w9}Sb2YRmE
zllS3Bn|<qd+-X$jxbMLFWqoFhYmu85N}T|ewjVNk+S7$g7DJ`O<;hK5XWHdmEZ^6C
znYha7`mMezu8799f@Hco`<@PEFSK_`@K|oq!4C)b`Hr3XB-ykQs-M&L>BoAJMbFti
zw!MrTEY=(cM(myG%eiH>HqT+yaD9C_<ix?%KNZ5Zm!H0RyXEkyjGNcVUpJm>miWZq
z0e<Rz-~01iW#jeF54IepWfqgV&0iZnAI_d?Jf<E<%TG{zvu5po(*kqb9Xh<X7wPcG
zu6sNSZ)1*aot6$Qd3Q;1v%`liti;MA_c;URZL0R~y=rHxr;pML{R^J8Ok6uY^x05$
z>)3>!qh{T^bY<JfDNQe-^T$q-Ha%Uo=C=RNktw?z(?!j0i+06|Ioa1O0?qk$<L9~e
ztxj3jZ_ME}<t<LEXf3)#?cYYX6jQ7Bhj^lG?V1KxZmr5(JLUYYOy#uX+}S&Is~dNJ
zb2OH6extr9sabBVy$4r5DI*SBSFd3Ih*?`JrJuiF`fY?#()7T$9ty*QiA_EYE!)9+
zVg~Qo=Rdc0>!R9y{)9{TV95wia#P$_#nRy5XX&-FuqDl^UzxIhX}kTR>ZSeH1gNhX
zR$B2awyTkTee2tE#`bQxV1DOBqb|S2qxiDzTKtQY`-%D2YdsOZ>7M5(JbiL?&!UCi
zysbqPbg7eeEAQ;P#FPA?b)yulXpZ-#zAN`;>-R67Y#&tDuwd9*IX8#1q1KHB8H@Js
zYFJj2J^s)X=9*2T-c+|~>OZ|&&%T~inZ41UG_}&P7hi6kmK_N$ta~wduL}BN;ij>z
zAIBDNNleZ?N0>7n4J|L9slRgb6uU#U?~%(HeTTi7J-nY~^3-Y+&#6&^-_PIKpHj86
zyP%X-vm5!*ihh^SmRmMe?ycze;6(?~zDij?`&BnoQ%@a8fY-BXv#<9MK9CfTOik#R
zT)AC(NlqnG)~F!4Z~ER|TTfY$@Z)M{#K{C<=k#s6&ed#eI3GT*bf50Iuq;+AtnqYM
zr#Zqw!L=PXCC7Voyn3yfBB#;n!Of|=;z{qE{r9HdX)>b=BUAhQ!d3KIqe7?t@wZin
zJ{(CNxMAC=4xvDcS0nC@sJ^}X#Ziy9-F>k+u^H~^_sngaXa2gSo2u-ZQmfhc*zj4(
z4`&a2GoVXP1l!NJKEtU^xZ%&5FtB^l8eSJ&*G^f<mB_r-ojJ+DPU+hHJ$bqx6Vjee
zE<1W<>%h*Ryx!ZmHSMOhD5371)b%C!>H?CY#?$$fA)-xnIx~lPt2>JuC66kU&)R<N
zZmmhL?q?skgRQX+Z)~{XUVC%ZCX0_OdfdFk&~kKL=lII6+M3E{o;f<TSK*6v+K;=<
zN4sC*!QAKd*{zP<lyxy5bo3cGCw+oO%lcWq`D@ifxBSm{)!lvZrugD|(O&<m9H0L4
zi>%0k<fiU%(bNgOKMh>*IN8|xMYC<I)TXylO)Pipunr8$nvWTCzdlV^Dq6{Wy6toJ
zuDh4(7hSMi;iTeD><c$~Ofww`6&!_wbNr&>rL{kPpFIm%K7OU5gMF*y;=Ggejn1~S
zoD=$e8F2YrCuiM<<7drjNIxHFoKy78bULI<8Md<Vpv*2Ux>x(~di9FEYVr4hIm}m0
z8F$y$_6sX#?;UxsuV(ztr_jV_xZI-MxYzmbPIj!idi~7$I&(c-cB}yR;9<#^=9G!y
z0W<fvR1N4^Yc3kztQftiGC%)yXxWW6GpP@G&3kvkY0gY{ysnZsh;^vafJk~li;IiD
z@hLlt?%lPW%{%<#II-V~S}O&aubK~sru){YmyoCE`gKfe>kGBcK&#%mIBWgVK$hZE
z>oM@TGutOVkT!kOqwE18Kd<miNBWW6J-f!dY?-31TJv)YapPWFu0F_lI%?{IK?|en
zb929?7}nB1Y|06^VxM<Bk$l^XWqnoLjBmnh9DFprp;SEX8?EqK#*D|uFBOb!a%)V%
ztQ$E`IVqH9f~(uIrfv_{yi?kD%%mz^-tQ%44<GAk`YJ&e`#>L;+2P>qmu(-Mv%K4s
za`{!x;$FLUtyFK&ANV3yl<2E8ue|<?8nQp*?lDbNPl)ZE!Rj0>b=NqylscUDZnHk)
zR83pEEa8a$8!0x&&J|s`tvnCK#NdI;t%|vuPdc){-=F<<^5vGtOFF*V*t}Vn^QQ8w
zJw1HYe)9M2U9otL{Cc<Jsl)c+2kyMu<2$42!#nvT=dN|dSFy=u3GSq_{evZSs><Cd
zD@r=ueb9E;bvysjywN?T3_H<q=+Qj$()=DW+_~B9(8~?Gz1ZF8d*3}%4?X$_RevNX
z?VTQYUhmwGmqEqeam~WI7tN_RkF_wI(NAC7h2d+pFRgERmj~ky+`L=++Emt}lIJH9
zW}8dxs~rn=Zf2IXp>deyXT>FX>7H;Arpf6Zm4>cf`Zh_{zvr9jgGUT2E%dRJ;?LV)
z#${@i^GjP?DM;eAsXdW5pz?vV^{i=ITKA#q>z`_5Y`C;F9&TQ~sCfR|WrN$S<YsFY
z>-KNH-EmdCLl;pyc1ar<t2TxD@EWnv{=0Xo?I?T``E~(2y6uqavU$t5jPMRVSl_;O
z$r0&X{+=K5k8>^(mmC$kX6<psUsw7(c3kG`%lEDlYv1?C&!5)xd~<(dtGJO;m{z#y
z(Ju4TSj)`vfgi$6tF}#;Hv2-yyl?rV!syg*U8@s%BsPE3+7*bG-sw)v?amm`zIE7_
zmQ&?y+YvhpcaIp@XU(NYwzG!dxJy4KjVfGya&qQ+PR)9;wjGAXU%yznZ_8ZU{TpSY
zbQJUYA#C`ZO||$*W~$2Q+VaeqY&^KM;2rfwtE#cqiv~VO#;;V|pH-`OpM3SW$0<)z
za`A<!2hZ=IowMOu_r0){A%1;z^OQY-o^x5VcW<Y&8dx5sHbkCvn06%7W9l{b_K)Q9
zVP55>x;bm6k4mmX+OWNx(Q3vh){$B-VCI-AHSLY23JVat!Fl@KI+4A0T3$8hj`oMf
zYhNGR({0E?a@BF1R?FB)J#ZV^O<BH0N^i|vXl`pfDM~wir}jqfn1Kznb+g{L3Ajvz
zN%D>7d6cV{^Vg4Bx&ll->^+z4`S7LE{JPxiCY{zyYw;+yd->3FXXmwST#s3xIWP&5
zHeJ(GHdb;jd5j{{F=j#G_Ic(rcj+^$9__{~YgKS^$HrQ_ms9GDT~Ncirg$f-TkQQe
zd+XS??KJ$t^~MIpcRNX?Q1)6Uvyjk!argI|NL2ELWu|q!g~~abMdV#&yJoVsfyiTF
z={eDuu@KU5$*gTxS52wEZNkr+RSyX7uR5Dw^GO$cv-{KpLz|krG02wBUC(8>s42a7
zw0nJPe5@6`<HE}u86$qyNL+nO_p{rM<NL6<tM9MXm(A$+b55I^3v4snHlEn#6n##y
z+CKSA<E*hSPB-#hJ#$A{P}*_T)zhm7CC(ketGT0js4!<0qr;Zd+SZloUX0mCPg;M2
zJU*#<ZDAkaq1W5|xVLtEy{7sr8g;cfO%Al$V=9@&8lE_>Q(>%Tb<T&@oJoSZH3-c{
ze0~3->W*uRlS}WJ@=Ef)6<o;~H@E4`Yg_s%@`;lzAHTjF*7a`w^RW{SeF#V=)~vm}
zQ{8){$rD10A8s<uy}T=IZQBsWb*xnNBs^zyhudFvHnlc*eZcr&%hc1WUp8Cx?Hp}{
z_v5-ty&HVVbdFCB-P^b7_DD-d%*0Ecb#>L<Hxe%QSwXyzD#^WkvvNVswfUQp`+x4U
zf$vsH7iZtNxJqBv#C5QMSAStfok!-c=7P8I@O>p6OGU!i{MISLXr0|R&&?9eXvSF{
zeJb5HVg1<gFT37duKGdmQhJ;+3imS`S#`f@{OyB5c*2tWck{OP&(s-jUKc)?kXd!Z
z$9-{JUh_pgM@i!ek^C3<W<Sne`*3SaUwz^652+`|dS9Ylv=<nAR43mL8PKfr_Y0j4
zbxRLd&z+jHu$$!WCfC=gs^`%*gJ#kPUpMQw>V7U6_a*NJV?h4a*P2?*P8;zTroSHZ
z;kk?2QcT-DW5UnTg^wl(PCR{fr7zt5zNUL|$=K3NQ`yGsxg+<jUZGlNs&s$A&xNYq
z1Ne8dOtoi!u0P4&uHBt$r}m70TW1R2RIo{wzsEbaXngVKZ>P&W3*YTawQxLeWCy1=
zKkxn3aqr8Xa>XCVO!<^#x}_Z)YJD!DU7KnBkG4AV;u!Si-h!kyV0N!W`)JVX$;u|*
zllu3c`S@n2U7hW{cYU@kI0my<W(+sp9XI>ohRfBqtBnOa2Nmw_#K10|yy5b-PLn64
zugsf@JN#u$i>{aR9}O;k*}RN96iO}9PU>?@)^hEZeJ=+Lk-zNL>qzgX2JiA(hZv?F
zf&uGRT)|$eeQMsx=J;u68XZ~I>sX%`?+UB#pFXX={jKb^aO?PxruDS8N6x={WZGM_
zz;}EmYgq1zIbL&Nex5+Ue7mCZNyj3>;L_uP^7PqjUzfv|X2^az25+mBzldwM&(GL8
zm2h}0)w&AGsyCHCay@<0gYmnUhbwh?b*oj%a%=E#e~r3+&v$iF2i~--kF8I<)#$@M
zQ9<hHXY$Q$QqSb(Txh(;H+m{QuWxVa#s+0IACwpD)qc=D`0DJmOG0~euGYYUl7WS0
zD$K_CXZJ6ux3J@buGX&()7dzAlY<y4EpsnwbT(_y&Z#qV;#*uNp;d%?*dtYVDJ|r6
zTa{j{8(MoT1Cw6dC%Y2m#4H1==ka-)m(}W&IPAodnX?+5f;P;k#hk|6n>_H__7j3H
z+=ce-Gb-(CtV8mfU(u}$Uwt#{cE=q*50u>-bnR@1FS<SB>pQF4S~P7sn4*5<99C;-
z@l|TB=i2j1Uv}Mt`?;qVr_V^ez436~TVE~A`KLLABhx4^`!qe=g3x;KL3tr-oi}AG
zr}2l2>RPROPH_!h<y+B(KY{ycY<|lg_fDOB_PE81gcr@3>VpT}%g#<7du=*-?-poO
zoxXiH?Ojq38DF#a>kgBbn6*bQUSUpdbLqRiFwft6?4>ETi<ej_7QXV@9m%0ZlfEA7
z?YzX1``^;%PFELq9Z~C4Y~i7ft#}<CCtY1r)UGzEpXyV$u|FxeJ(DSmYHpmhTztBf
zQYh+$T)K)kB`%%cdfC09Rlkgw?GpVA+(^9qBl~?u$|mLU&24tv8XuloIU(Jh5qPk5
z4ERoDU56GOI_}yOt|=itcU>7<DA?cm)5E&4K_ANpo!@xR(D&HDkMhCG?rv*;qIk@R
zmuvmGgHO;E$nJ(Wv_)gu9{SuYX?+#$wSEnSAIE7%O&*tI`hF^JrF`F`0Y?Q1@9KS=
zY&yEIXAXU<ugldshkbJz*Kc=c%eF2J8&9v?as49MZb}2EuV0T|C4ElzN}4O&QcY2-
z*NhR%>b7r^2#><lSa)FchMAQ{M%~>vWp$LjJ701dvK;M<-(J1pRfX#8@}Ku}tLE2O
zUc7P~`zZKdruJ)lujss>WGpLXdF!gnG8&bSJ@aAC^$nR-JE@Y+4Q-I#IQ&AkxHpU}
z3T{(gS$c0<r<df?i_d7Ro~MQvUh(TTV}Bs7#rc)2J4=t|y{`JL<m%%m^*pypk;HS&
zFdI3=Jr}gek}Xg-OvxlYesGK_DO&Mmo5EQyK|PuQ)vSjj;szXCZW?;)=88enb%Ta1
zc*n7|b2V%=XG?VYjcPw`J;}lKHGLdzHyqnrseJhiTCi5t56`>zFydd`uR8ALXTe&|
zdijBlPm11%_v@Pt?e%C$am^cTmo4bi@p<u1a*d>A8`hmY{2-9BH0yjmEhR5!(7l--
zW}Z2RE8RfsV8!qneD8K-&ZX)<_B`U)@{hWgd{Uo56y2V7TTE;|hWg+R(pC3K&L|o>
z+MC+D-+Mjy#mR@B2DYbV&8O6E8FXjZBkNA6SJvZHX+P-7xoe!p)m006Y+TT(Sy7?s
zX>?Dk#cST=-_E3`tQh=-7Vb((n|bcDsUcQS|ID09v#unr?slb{KRXA?{M=!}eKK!x
z(bxWnxZaRfBbCN)GpqOGj$AP9)7+*%-ld@DC#|`s8+;@GUA>|HwdH8;nMGq2Z!ZrN
zr6dj+PtdZUNADNst(m;@=cG(eOns;~R}L+ImA#avhjYHCkEy9TcKBh+EmG3?mFEYn
zty(7@7<PUb{ax?(qnZym5oqlEc9CZNczN^sujk!~$bpXcyLG-%s}pZq(!x^{8{f{~
z)GOMgl4M)B1sfk*&|_2hV#A@IJCsjq6cMM1x-^-3)V=3@0nxZ)&W=lOcVA^w)SV74
zwBdR#vAmhU8MU%XhlyvNX}&LO*@5rLJ2wlrk-dqyBs%<zIg`Kp$Msb`DI2FI{Lk{=
zQUaAgt$+Od`LoI&>x%8_V7mq&5m57w<KXcBEdLiuAOp0oB*BqjP6#A;6M_J10-BJX
zzyezyumyp0o&*axo1VZ1dlg4i2|n;?21kPl75(QIVDn#ID*9N({R943gH=KbfCF-^
zC{qmNg@T;m1o>}yy1=Im>~{m#uoIM^?EiS>Kb8|*{GTkp^8aV)sX;j)P@W)=jTdaY
z|B_ZlcGQiege`%f!|TaR#i!#^Q!E~{7j}4TnW-Vvnnp`a38Ih(h7hmEl9?K_1XHuK
zGR%kx>488d3nF#|(G-w~C)lInU}mZvMSVT6*r3^NaYMm$x5FIp2EA4^-RyN^y;iHk
zY{3$61RU1w@QEu@kXTR%hEOQ=ugRu3;LOy4bgK!r5b2aOJVYR+k<3(j8qES*)93^;
z3Bp;4<bRZv1k}~{mm2=_&E$m2l`3>cH9*Di_~%#uezr1L+5fokAM+OgNmt1EzqYhW
zs8p#U-wJ(Ip|}2S=_Ng@t9<2JrC;m6Ui1I84|NCiugL$`^4GNgv+b(j1nrNL|Jb+w
z<@*07_lo>0`tsi`zv}&K{nu;6ptVh4JRu4HTE4&1X#7Y0E9^u?8GarAXX}c-LaZ3{
zVENDF|BrI{{rdm-*&S$)ihL`UTL1CnAN#-R{cHW#%c=vt5&$~R4dhUvZT{7z;s1;F
zzYa24r};ww|7wPRbN%nN|NZlCPXE(GI5K%~g~ozRhy^GNd}@l@g4(@cQ}vtD3cx^p
zIZ%tBLYq(tRyvJl0y>Ri#ix<*5Kts|$dpEasb(05$HOKP6{HrhxV_<u)POF;W@TXi
zy{^mpcjeK8y$VT)0Rw^6p(YSPpWr4iz&1M}EdiH6Nx*~sv;-13!vy<jVC*o#QPOW`
zSzwC*j<Ufg<F_+pus1lNBA36jYZB1cD{L4Hs90B6wF)cpcm1uRT)(IovkCt{wpm4T
z|2r&|Km{uUssO42ssXA4Y5)=eH378%wE=YiNr1Y5dVu<X27rcuMu5hECV-}ZW`O2^
z7Jy_xOF%0?Yd{-7TR;k+9Uv9Z9?${M5zq<H8PEmL70?ZU0dxnX0n!0j01ki$5C9eW
zgajZ1C;%#e2A~6a0D1y40GWU+KsKNkfB|3vSO7MF1K<L906stf5CTL1F+c*40%QO=
zKmkw!Q~))gqKjw&I)ENv02l$i0et{{0sR2|0RsRKzyvS@V1NZ+1=s*~fCJzJxBv*i
z4e$WG03W~)2mpcr6c7T00TDnH5Cg;k0|A2og8@STLjl78!vP}zBLSlTqX88$!2c}&
zJtXjdn*RM8e;aty`hZ0IyAPe2n)+97oB(`cri^V!L1RAPd`o`$(kV)Z&5j0Be)FII
zat9Ik?^ziFl}f{5s|6BH7I3slX*g;co~p)?dJqX2*uR|2U~^O~r9iHhDYG(UOd*G*
z1~;>RWu{8wX$0)Qr2c1O1T_KQgFsHr8i>PNNkj{so@O%9&A_Bu@M$KRnGAMe3fW9B
z<A`{8Fvyghl_6z-@`za=eLRjx>`}3s!t#2o4%p&B9T1X|mhx})<3v%52e!aHeicz5
zlcumikdWdCrkD{Z7<5=27B~e2CMmvv7qysC3!MI!1h^ptNl`o8mK2WLhj?QaOE9Gi
zSIz1A+bte1c=7Ph<7UW{Vu2lKcVPN`NUVE`)f<RFfnTXRJZO4~(qeY_9H68r6<3Em
ze`K0s_If}`(Ugb-wWpwVOG==kWm24>APP!ohENb!rT46rf&H!e8Q5Q9#{Q~Uh3tQ8
zlRw+w-{j9$O43x800_@2TJ=9ROx8d=4TkX+E0jhd5{PLeGK5Pr!7x3IWP-^wf(gdM
zR`Xw_|EGL^6^FrQD>*9FA3182;?%5)@GS`9HxkWi#({*=%rufIjYNXXz*#a;(;$+W
zY_V8jGGxZ52i(DQ50nl;aKQareAhqXHU~4Xf20eXr(gAzYnWmIOT;l`WiZ4%nNpzU
zOR|(I2DtXm-3&QH33`Q^qfGHYZqVO-Ars;-r&*#t5PN!1AOtN#tl|76LIrJOu~`B{
zFi<FDGLf2r{p|{n@t<jB{X?>DFC0Qb!M{n)1O+V=QiaPH2iX&FBwA{g0nZNcbbf}E
zA`Ie~kV_g1aTOR$%psE~$u21&z;;9&p19Q?gi)!;@4;aZwF~A--7>45AhB_n9<SNQ
zG?3$Rl3TCCI8AWONR2pHEE!ovlc^#CF2`dxX|Oy~Fvel&41A_h=%l&C8oUk<VT9oz
z!m*02Jf6+%=NoKlGL{|?Ljo;V5Q1%5low>{luoUki{}VjPKTHkQc<}ikti1Sxcw@x
z#Vi(6xK^DHC9;G#jMdA~knQ@o3>(&?Sgjh1L7ZZUr7~l=9Iai<h?<BzizyUWM+7dG
z%^%=nSzMKk9(0nhR-ph-1}{A-#00W0=r;RNp~|gQ3wa!hF2beb*mk<qXcLiHUPBy_
zDNzDd$m3C>JROIm4%=uFnL~j!a48lfY>85EjLgixZ7S?v`iY9e(tv(q5OcH~@gF_n
z_tB81{e8j$=q3mWftCXE78QTL`Ro7WHkC;8=PgQ!DuwV*Zc&4v!h@#$rT~A><i8p}
zRKyIwMl@TXQY!^ajT-1LxlAAh3ikIA@yC!8gV_*I(2~Y5`$G;8r~qw|_S-Q0yWx(r
zlE`4-;nIjSA{dfHizSVYgGgx>5WEmU1Y@>Z$bTK~Kz*eAF0d39=<lc{@V|E4W5Hkr
zwE<H{f2RSke<O>(IrQ(u1I$1G@>tNce@RYs5|c}(&>3kg1`f;`kzh(1g8?Ry$aowT
zPoUws94_JiE;%VJR!blNA!!1S)%*9hf=y;JNH_vMjX-5n(ntgrE{#DX5Yk9E3W-DD
z((w!??hm2-6RQBZpmcW-3#{IscH8oYss69F`R@*hTq%&U1agL01@!Z;?UV|29`JyA
zRLuV2K}G&uZ;+_c{>LKzk460NYY{n82JoV!Jf=YX%V!H(ATaZl=CZ`n!WGfNe{_)k
zgGWQdQ&O`Scs*H<<?14MK8K`0Fmw%p?hj+AN&{q(Ii+kVm5AlI;s(7xVq=L#I(mr3
zb)bGeMvwQg^l~Bz16#bX!J?Be84A2iK$XUEGQ=0BMi7itN;Jl;Y#&NjX>GU&$0Byv
zJ;FFbbrHe4{$5>JtVQ$;H80BY5@hnQUnD0e#ZszM0+Y=cv&;+o(E!1Ovdms8AM!JC
zw5ZU|;$YokObm`Pu--V|Ay&ufJVZz_LWmi5_#&_+W<V%Py$Np?DFj+CR*S<66*7uP
z$`F!R5{fCRwz>(ycu*J&h^UBACIZS5iIT(u)aoHKxeDN`Vfj%knHw{hm==;8A0moi
z4nO8%*!jdbm&3&Kg?uTVZY9V3IJU@-Kyii+)yGN3aM<af`^`QLL?g3&VPQal(Cu=Y
zRvQq&QjSU}jUyheUE__b1W_aGqJ(i2V;C~xWMaroBoQSXY6Mo(j0(SwuZ)PpavlZ_
zJEJ~&R8RJXwZMZCaOrlc56_hHh$vZajR%4ualnsI^dT`jreww-qM7aI>$RvO@>h@Q
zuN@^T<DYm$|JyrKf7*s$P8IvlBfxU#WJ=L5Bk{Kp5=?@ukcC7^qvA~<K82~4G#UYh
z(;%`LCO~)-8HQ<pSiL_(6%c_i*bFrTB&?Hi{tV0hlD@_h^nrM=A_D!*<@_zSi-jOh
z+zxqcz5d-JuU{_LpUGqYNEQ2U`Cxyq2ScOgbEIkki=pPQD@yR&LoklV9EkZqc$@Zn
z(4STj2B&7}j4;csq;f>IAW4j4LllgP$;Okph|q0EX$o`P;ii%TLJ1Qu!#ji|tp<!Q
z6`v&)nw=r0nrLDoo;b^6bjhuHA})v{Q`Jfx!6CqVP@V>jMx{QXgc=O^Ff2`kuJKds
zd<usvahU=np-d4+SQc-@jThPDexHnNb2@N(KbMFo88V+R>PACEr5?6p<vOWI%a>av
zPB)!Oanqa#J?6!W*=mQ+gw;#TFaqIKTBlM=F~~)vu*xcwiik9<OG{H>h=QPAhYO=o
zDK$prYEe0biTaqlh)$1};`o6eVhh8xC|TgNI$SK3F7A#AwSf>fY7K!PoIs#U98RT#
ztma0IWLumj*4arimq8-8In9BPN?~CzLlA}I!71V-KG$argeXiMTPT!-eLjpCrrWUs
z8eS^5sz|65AriR~DWZsxA|V(fQo3l8kkDswA~+HTYw?9+VXWOrMqN&k*UE9)^g&LX
z%3`s|!U)&kiMZ8j6RIYYeLNJy^@kWZzS!dx5O7qo*<vDN^)4nIb}^}3Ls&?|D}oBU
zL=}@d%@~~r5=(86g^QK2vA9?u#FUv0Uc6Ug6!RlG8W$fI8n|H{*MPtZg_P}A@Nj_u
zlPqUya4tr~7Ep?iXb?;RL^x6cj}=xqV-^gKsPwuhGPBEIHTkF-vsDoiI^=2{(<oxQ
zcr2|SFDBFJA__$svh!5*NKhQo0446?=mb=~2O}WpWMN8Nty0*{L6N}$=>=>blRy(v
zNIX;#(jZzYA||j<83-2xCMQj85t_XQ9#()ASmJEImti*XAOcq-mC*e}y-}|gYc)J)
zG-}04{TxX!&Sny*OovzKh*0DhZYXF7L@0WxUTj0Xh+9Z7vUNsHkPu;js8S!)87Vj~
zgU(SS6dMiiAX5=K7zd7^Peze~2hV<lii>ElToV>Dm}M$E!EXqnL>)=*kJ`v2u~dU6
zNToV6CgijGH9nKwfhdi%5H+Sl%_2W95`m;9vp2*F$)s!%iqf=XgcBjzm4rBzt>EKy
zsG5Lc{c<*$V$-lle5ugGQpvUWkjEwpY1K{@kSs!=2#u65Q!P<Pomevo1B&l(1vs$8
zZm@`TK9?<^rgN1l0Z|zeW9cl71E=t+s1B}3#Fxboo`M6r!q~XUZH(IpK5AHKa{A;U
z6vBA;bQ#GiLBmEikdlEI_8QD0QjqKv*a=(*hp1IhTogK2=3z>t+L&GD6g#L04Qn&0
zoqirM8o>z^FhjzK`vWecg`pvcgi@)>;NfENB&CK$)l*z<l<KwUSXK$*p+g>{oal$0
z7L3ozl~_$gA&1~n+7$#}P-u5C@pPl#OvH0+RIAv}bZR3yI;ucDAs4|Eh$BR%TM{(O
zAUn$^<(ceG20~E!No-Y|;WS#&NW{Su5j{kgh%X>Y2wag+V~MyZat@in!!u}fyGe!%
zAUc&31O8cFt8?>1WHv8AMeH$EoNsaoNOXnOEDh>-3br?(j>L@)3ve2=jyR644C$o`
zo<L(&uwj4H&%x@$4vE!nR{6LNeMlikl{jWxLS-A(UY>wThPhP86*HqQt3*L(@Q4_W
zUxQO>3^);rQN@C=1CbkXcp60;7Dg3hyNKvwTh&Z9CT`$cz%Vz9aL$m(9VU_j{xBhm
z5o05IC5^3!W4PW(lul+4xn!-HA`<|KV}dM!&45=(6-=><&Lj9N(J)=$6RWjBCLakQ
zVI4-H_mO3CkrQG{WDzP)ty1wIg^;aQ@a+;lo2h~X{3s&yGWi0j)^DH^feVMjNckbG
z-U{*X4id~)V13ds#}>i_AiKiD!24W85>trdvxG*GPeZ5qz`UN{p*7mvklaiU<6RsB
zL1*z;eZ;6-$PXALYHU!;#7m@*${@sJtq!b$9pobjTM`gQ)f_hkW4G}Fe6dI>jhguZ
zb1VjC1IZZJk7y-`i{oZ6LTZ<vX&{=dhyn{<(-W{XkeVjJ8dYkh#u&s1n3#~-&6Ebf
z{0#<?;#q38foV5FRGeSUbNRWN5LPP{68I<uqZW{j47>po5!#$mUIf-#d`3hiQ^nn4
zzFZS@^J4-kTSd|P1q7|uDN}d|1TKz6RUjItmmF6yWo{#n=(I77dbxpVk>iYboFxvc
z)GjsRF`#@gR>3s5wDKr}>4*_=cAhPyAd&@mLeNX0aI_-6n}>u+F_TfRvN&VJu$Ux?
z5SRgr3`Y=$#D1QLBVma#3Tc$D<SA)3Kk(?3Dy1x}vU3AmA(`uzq5_pQrgsOle1AZr
zz~ad=Gloai@F1g3#xS!4cB0K0@&L=q=VA3qMp!I`LwX4ThjYSGBT*4>ii32UnCA%v
zq*k2+Rx`Ccf`y}Iq9QIYOr<~skHxDe6C~m&--mNz#Ss$5j#Zd6dVIj@);Pp`rh;Q*
zD`^~c)XH-TZ32y4OIC6DZgEiSBCsPKGf_{b8$1}J4Gt)<ehkSTchH@7tIh?nTmdFd
z6t)1f%_6IeB!ZJ*!nlIKTKfY54VO+*l0ptOq8Gc=Dxy?r)l(T9BZUGK1SF^N<!)<O
z<aUKrG!iPoGRRJa$HPZt9s%M+XcV7}it~xXd=3^?t401eRu+#j@lHD<Xmdm~5}MTm
z$$U71jjrK=ue1rXA+i$XvHe24)fVy_aQvvvWF!h<@H>qmF-a&k(mWV#+!|*)ftq%@
zn1+Bys)Pt}3Cwlc!K{MSVrNTPVl&mqkh*m=pVY5%$_N&PR1_32Br&24r?aAQ1&OBM
z8x5fIgh(O{(`a$TI9jq&K^G9fcbSOdL>iOLQcJ=A(2G=F2Pw+ZL1MmJK_Dn22CgX%
zlf+KcAi&TuHaF0sV!Jm2OTd!_C)pM;X*>=aB!v|yqLc^qArpnqjj`}veL$dtF@m_v
z0Sn*&N+HD*5X(ZP-~&86g=%Aq!3$wr81<-Z+Bgg4_?Zf+z$qbfbOEcz74)%*YK~43
zBJ*R!08Q`V;bkg6myYsWE}sIAmy($5s9K^#_)H|KrLthB3L>}!UXcpH>Wx@-9CC5F
zPL=`}pjx5|T3E#eKckM5m~nhN$>9@mWjJAk=MXFL_JBzsVbi2^rHY{P`xQ}KRI5hR
z5_yn|hC_J7s%BByHi=bD2wCC*p4X-JQ!HAi3HW7VvQ^Hs(sfRhLsQ$0MqV6+>?CVg
zMMHH#v&ZI81TX><g@sX5c(6{(v4Y~6bWDLPY(k_&9hgcMNM&{w#u4U=h;k6gMaet|
zl}3zW9aOPA>~f-PF-gg!I@n5Wm=v(OgbEFj0JIm@thc(|A*_ciWCqLzp;pEqq7I3N
z=kW6-DhgkWAo{p2$Q21fh#X^%QYb2diHgQ?QMOje_PYZXRKSetG;9Tt1ENY5R%qoC
z5PzI&^Jr|!sEZThTGWVzMRdieT7k-Jk`pade_RuGIEhpxYBlIQCK-cGFsfZxiBab>
zVoVf;1w*y*6=FAEOLP!z0g_w+yYXU~9goLxbR3;q$#YTNYB$Yhjgmt`gN+-ZNxXQS
zg5{Cx(I~+To;xrhlLHnBBOW6)OqI#~bPk(<_h|SwH-^LU(o{y3RLsM0m{N$TWnf(j
zFBT#(Lv9<D?-scgQZ<tq<-!3B5;Y?(t_CNP`dA@_RBE$pV~mJICsk2G@vsGwh>##j
z@8tMJcm*R4#~EQw(4$dsq#?hWCc|2&cD5A*NlYOT-$LV1WMptjzywFb(Re5#Mwxmc
zpX0!Y{T8Y-q^6@LnvH^yDp3;b3duEmofWSqV3jn)%jBU^LyRn-P{V39&8ud5{C<{{
zq3{sdB4tn=b;RT*kv%4{Im0v;J>VA^@fKq=tcZntS~fX`w=o4Qr%PprZ90b+<?^^;
zftlkEYwdALKpr9oaSXK=6^A7paWt%<+B}M|1s|X=RXQ+HjmPteRwKplAYhD2qeCBa
zK~bj;;-Nab9dfB7%7|ASia9MPBf=#)G)A!@8sR8J7Mn2~2hN@nMs<Fw%0!^x1avur
z7qEsSS{h9jQsRYR_QW4h@Y!PO-|Fv}!XR|pND4PY3n65jROz9(y>t#$<JEH=7A}EL
z^QmGe$k)SG`<Z64o8U!>9KAv6#F}tkgn}B#D!0XGCP;)@WkhIK39yKljjG%N#ATs{
z0&*79&eep8As5l-;8T<&DV`*<i+y5>ULMdOnjj*lnv@tOHyn$(1wK7&a8MN#t}}p9
z$ZYbU+XJkG-$09qoocg$ECQjVl?<^(6rxro6G%Y779pr%8YQZ*;X`UFWQJ*UuT3j=
zxOp5WkLAO_z7PW=cJeuX*h=7u=q#>`;P5)hT%ySxz;U@cyNDgNm{dMKm`oOPgbb-Q
ziYm-3zJjlHS_LwdF)Wr-E!?2eCc{`mIxF4gCn6!eO;2=%*#V_YFAGM(D9#BU1v~9-
zIT6MN6f~_9(o+Nki%?{WxMOy#(gmwf4@<3LJDKsAg{_oFeH2cB6Afb!xj+LGLU4rP
zClCz`qSFyaY#7+equB*Qu`Xm#N)<o_MI5S#Bc!9nWK@EkOBE@?acvYrP%c5uvV?<J
zmV%=7<4{yYw;IDJk7x-JQN0Au6bp@vIL^vMFlc}o5LpQ*Pb4&nMIkIxCKpCXaxa$`
zi5p;GONpj9#)LAwQI=T1BigZA7ujHjR9J6RU^fToQKH<2wS>7QGi0}#oH0a&Fla%e
zUPnR+aj7#v=Wv87e1PGBbT)%Qsw2~kh=-u$@W9XXSPf=aC$gbrCKB@7yarUN5Xew5
z8)ou(0fmg9a!Ny}Oa|LM8ZOc5a58bYI7z?*V;U!;1yKss8WI`J0<WE;qsY{Hek5Q6
z`YY&k@@*Cj!zPvbC{h^~tMZdDF^M87vk~M}o**Kz%QR7|(nLoYLa|dtCzxXKpj%>s
zC0;^+;8)6x29B7-vBt1YLfit8*@!Y2bTV~VDO2ymFv2`JWRQ7P7%&QCLaiXo5K1s4
zEuR*VvTRD7+@jzGXjE?$GE;Oc4%;X;Im8MTZ02xP%%F`UX3L^3EtBXVyZkaP-5@ap
zLLA6x4Ovi|1tQ2<ERLV8iu#ox@PL&O3B|(oxFv3U*oX_djAD&b=!olac#KS^b6LGX
zsv&GvBN3*<#tVl-LblmMkA{h;!3q9jFebt9AeK+>=Y-Uls0igcSUjT8#gCiqcp=M-
zf&vmKViCs})nEiz*oYG&Di*@Cv50=I5OhQn)lTO#Xe=+DA0>H3EF)9vh454-gz^-k
zaER@2LVO2Z<cj)4cC9#!SF2z<)e?5aWIBaZCl9g=g19mWY>6KP$4*y}?1;wkVxgVp
zkVSAIgyN7QS|b%l38M&+9Q7JvLIp__j5wtVzQMv`^JQEdn?MnGNI|tX>@kyQVT0Eq
z1CEfBWHIO|LYGDD3dyj#uq1BN+w20dRRB{-W{$)6xBlzj#!n%<QzI0{BRmn0V8@fm
z5x&=CWCuwKC0n7BaDitXmj}2;yCp0N5vT^9$m!5)DQ=&P2_t@rnW<FTNJ?>-7BoZ+
zMzfdZmxwe`o6GKY0lx*uB&nH^h{o+;(u^vlO`{<qESFHLwUHzgiq0I4sp$d|m&%l2
zA~st{WoGJxG@%PefM}AaQVq1dQKs;7RRJM4qG8%$N7$^f)6H_FOovy8d|@@@3+Nea
z4FYl@8|glKNKc{o@jeSxYl;WdF1L)u6?^;|f<!APxg=5-n2_-W`Q$J+95ul*zE&nj
z8B9MrjKoP~OOO<%TclDj7XrM~utQ+OI1Da5UWiu*Q6D0)I#9ewsD`K<cFb#+DBSX}
z1J*}98jcvkD9orT4qDml3A==7L{B%Mc$nmikYJufB-Uy*A+^qgM(i<zn;d6Gd~u@C
zZiIcnHIQ%_`VbN!d02X}jAEDTqGnYD%+P?Td!EulN8KSa*&kE+3}GS<=rERFMUv7m
zQV+`*=Ck7%h1Vs7$$Fg@iPDX6u82>k5Q8j;%Yeir5Kx1XSrk4Y>eq?<5~qrV=PJqc
z0674KnKD0J>Jn>-Hjk9Vha=*c%R~3GASnjp<=6!hw>(7UDhUE6#M1f@RzwvL_+uP1
z5r@Xv26xQQWU`rd5sd%a_7l*3W)X&Lb;%uZHVcAb1|B#uUa|sX^Tv557c50+;AKvU
zPe+s)j6M=CghAsF)+3<$*j6|k(1!VRQj8wdDm|z-K=acKq5y#tgn%Ov<7>=pna6G<
zJB6r;V38O!T9MnTCP@qmIYNY^M4Dgd2|{EhhN7pNf?+uh4F+6Z1{-UD1Wtp2B$rDO
zmxIp3lQChr!^<VwS!}M|DK}E%P}uwbuy-EIj$(_Nejo-QjDR5?;k}#Tz3>9`^u2oA
z`$pW3zNb!~+&QcoRAj0oSnGG+7*X7!j;65LBoHavI0qJoeyh<o3q)|KWg~_cguI*s
zmKQ3*QG74FNWsYS^_=%;F>6wMnlWigTXi@B9e=T<B8~SNh1KLd7$-Fd=Sq0e)nI84
zbd6@7qh(HI;`99yod`>*R?G0YkSVKA;pxOBf|5v$Hg<MI9`e-<JWplrx||{eE>zg#
zIlNT5Raw;VD<xkYd2_`vwnZ$p^%}V;16=2tcs2DTcrbY~_ti(Kr?dbLZvdXk$MTf9
z&GP$v6s7Av&6i-g{b%(8N#^RLWm0m?&8Fh!uF(V&@yvLXUv|Um?LexI8RYJJa)Pbe
zIU)O8&yNThhZgydyMQRpT(aQVP3Bd0qxo%Cnd}`a)amCN0=pEC$NMQ1wh(rupNBSt
zwD7eC9tYdz+<g~$3>ZQkD1)iE4zC%EmG1OmnbN|H4i`F;OH7Cekqs3S_6bYK^4!>}
z2B`wNoL%k{w{_74@*SxNP~)3q6xago`In)8_;T^4Q2lmNP}nkfV9MkjtJ2%$Ptjrh
zbvc@I<sXWyG|rZ9e9M|C0<_v*{W$l7o{qsYO83^x^lZI1q?W42eTSZSKOu5YEQF?B
z>1BtFm{Hqk?Zdvl?8qzVK+=l%g>Bx$x?lA%?2K2Cp2y7SWcj{)Z5JJl$lDl!R3kNM
z(NO6_C6vYtoAByzg&8xtFf2T(zdoTvn^TFKps5A<fhVkf)Y$!zfP_?kh}6f?^h+33
z_hhdxX0@GQl-l0Dj{3u`PZcpdQE%m)e$*y-E`T@qBWA-CX1E;p%CB2@<IygR!tm{6
zFF{XN744NPUg0sy6xaFed!Xi3aB8Xj;}TsMSd3)uUJYWl@<twtE{U6uy5eJq#j@v|
zXP~b}6K7G1D~JcLh1x!vAI~qmml3-C;42M&x>=Je(5}3O=BVQBbNTd3S1yK**=1YU
zAHP4Yc5<F|hz=0w?MVnatY;U@BAj^cTSDZDTOwc|P6_>$C57e~-;$Cm#v(Xitte_K
zgv{r`!$~sH<?&^t-WM7N&q5^*k$~L&8a&EWzIH!iOW-v&`qjy!+7h`s(bzIOj-N^h
z<=yql*=bzw$V5ZA<AyZJ)?*v+PkmD)AvjJkeK~mQHx8u-dT@mRKQVXO<A_sVj(Bw7
zbEQ<=I)ELD192FIJi)NB8;1H3kGN`eT_w)msHRbY<?>u^TOpIKYMnrh?6cy84YJr<
z`|AU~L_X3|O#dYtzxpzW%8D@%KhymS`JtM;4#$4y-~)bG=;3h^8o7v<V;>efdC2Zk
z*LB~GSZlNmqhV@A>vpoU$iDm%h?=3ei{O>}Qca($abdmUazoYlE7AclN%~$zv1q7o
z^I5`C*%IBepX6k~7>s*Jo|@u=&GJ@wBl_YEWSCbhRK}0CX+ILKI!_#&)Q$2hS`JaZ
z?;wbpmxJ;J^bAV>!Gpi7+e2aF!w@*-KSQk)G2okjO+)<7c&c$I{EFE<nuMZIzRAog
z%@n@lO4{ASjlE(1@%=^mP?<Vw)ud}}us8AKjNL?dUujWMFxeH}yF!1n<s8OvzuVbT
zTG?i*1`r@LvzOa6TTu?*+>bi=O&6=(Ml!9K*9HfD(oT8MqIloXgSXx$#_oK+*R}CT
zVj~}x``sY!hx*_F%qg$7nU1z_5`?2NYXv`jC?67!sCeb>;62Jjfr-IKTEzC}u^a34
z&P#AG+iudS?q_hun;gO{|F#?nniw)O>YHMq%UYw)>o(qUEi~1m#emxJ<{KnFr#%Q<
z!blE`la)4m>oQO_z-wVZdn@z78LWIpe48uzMlJ%KiI>LhKrg`SL?lr(CBEaTs6z|q
z$p|6ptku{TM{{MQatr*nT6@3-@V$@Z$6NQO3R}xl34QFPX2F;d&Fl2#JVb#_lmNlQ
z`;0(vJvm8pl}r3G@Amh+f0h+(le3fhchK(UQ$nn&=Y%14TeuDAyE%ZtGK%n)z|}U%
zQCUOEZmGF>n#}zT`{*7I#b@mAW7~PPC(6fLKCAa=#8bRp2iKPeqtkq}T^>?KGc^PO
z?g~YXRmTtwhW)%JVYY@Tu;A7GltYU(#bpZmw{!AmDYfVRxg`d?*I7Aob2PQxI2C79
zzE*$jM}bIPlPyor+FmcMe=|W_ap3>x@vz=wpJI3jY$iKD%DT(Eoq2Ha-Z*@n!eoqj
z${8)eXc3w(J>MOO!?j&8r|oxU@o{|8^`QyCa1UNF%1xwszB+O(Yvc7`v%xj6&lP{N
z^)=PV?9}_!vtA~I;FED1W%3!g0*~vn629G4%;@tH{jJYGpERvpLVHI6a#U_ju*OGG
zJ!@uMH&%PApmn{F7Y%_dxUF7@0e*y!^^6}dVb*(ayx#1$+|3@DI%fxeRc-*cY<}NR
zUORbGfcBE=UT9u2t|;-1aKQJ~iOq0#_jJyl#Qo?W@w=vFZ^jgj&*vElb{E+BJj+;-
zMM9WDs84EAI(V-q;;c>Uhxk{%1E|Ny5cuecvFU!@2iUaY2f|Gz+2Q#OJ`XvO!IQ{`
zSm700ITpV7g(82?`Q@^76eh??q0|iMHRKM*o7U*nMz_0I0P%KbGsfygRo}U8C&@4}
zWY;(3WRo!q!klgqS#mep?x}AKpW=`GnStA+{@skhtmE!8Akn^f%8feI#Uo5sfg70T
zh)!oO7@?`xPv^ItlzI>|FButUfzQKC&gf$1oV{|XvG1&k<=ARxuAOk+${rRtpV}U{
z+$L0C0E03U)GwI{3QQ{mov{gURzbMRS$q3t%FMu`6RSvY`=&(@3`^F1zzsoXd%#td
z+#aX2?8@2P;kcNgXRdY+S)+}csxK2&mJVrhL<%EDK8!S+zcFQRte$NXxb8BLIAXvf
zqZzzo>;~5%pnJ4>@CxB+V&7}KzMOC6V!F|0>LdudB+QuqQ~o0E(BTBWF=RuUt}F8c
z;X{H!!5!zxb$W6*2pU~@A>2cj6V3RpQ}T%!D+Gcvy+NbU9#R$7Y3LP5CE9-O^{SUo
z{G)z^Uyb8032oI^!$47i$<;lL<+b)QIaiP4reGJn54UD4x|v#|>1v8XLsvtx=>4Q1
z5mnB@2{Ywg3wwr$$vw9h6D9lo0%80)i1l0&av)>Y<L~+Yls-7+Ht$Y)Km4&7J3p!5
z7X}R84D^V?W?kyhwhHi8NzE(f!If?r?y%w)GzSkgB>4za?jl4UVT2t~PjIuatQ@Eo
zNAkglI~c5i(%-5DJ&Mh@+2*MYkA{Oo1pP?Gg^OtT)pilq=7??2BBKN|r-kfU|NQ)g
zLk&38;58{b9oIgBK<ghPnZNQ;Ir1}CbNY_MD7ER`V{MU~b5l8o`+H2@V~d1MMRD3|
z**^MY$@(_atzSZozQ&BSm;T@@t4q!?yG{_2QWY*LgU68MRhVCH1D89=EILwIH<cL?
zsX*n&A@X)JJycbp>MHREj>gL}cZDAYUH6z@d02{w_>Ii(@p2<}=<nvzyy2><fdyGZ
zaIB>0GgzO*2v=`#jDn)`&L@}*(92;Yc{-v{(CExdsRWbjD9Q8#iKt`9C5?T2PMi25
z&Szmv^c(9R#@f8+gS_=Fxp4ON@7AvZ(&ojbg(GC=)U?jX31n$(PRZ8K>X+*m(_piB
z!zw8JygF}GUQIL`{+NATPyU+GR^ZCFWU-v1W(7{`v8z4{`*L}uBah23S|+TAG_f~f
zxz(+a4O+`jRN0o=w$Ipo7eAg~S}TpX&k+$kzMbdzj%*|A`PB5SN!72BkiDdm8^lwC
z{X0r&$$~#@j(!Mm@v$*1dp@!YF7;0)`U#n;u=<g>g>E!y2ET#kAv55<5|;6ug*5m%
ziK07$wh}K1JW+uD2&}dVDIGRAp}`@keQ7OI36)_W)SJ@sdYBkgqki|I(jENa38Fl?
zxm}$My+3lI2T1==sZDZvB_=3|j(R^fUeFw@dQW$RTHl#nCFW;&Jfg2|!KgpOnSUp2
zA_|Ct)cvQF#YI{>T}Rlb`j`}2jhgq)pUXVV)}FphTJuUw+#|=4(%YPT`9M(Bn(mV^
z)-J^6V?6V(d7}Q4ZA~b0N_5uWS|Wc1%Vu}DQ3pc^B!dGM@wSSYWYs;8I3EZCHzjX)
z{ZL|C>S#=ZGgU1=+MH{oM9ZJU)|{!xD?42mHKg{c+SNM!@u{>>SR?ot@7uwUEZOYU
z+Bf?RBk%WP6GtLP28NIhhkvoeh7}cGzz0b0AU<3*<AFvsVxN)|Ty>&)9XRod4=(tk
zh=4Znv`M_QWJ>>0?0W+8xn^6SO=x^S6D-LOL;o+H|4Fpz1&A2e+d1?aLl4!Yg81Em
z_h%elUh)DuZXG;rMV|e8L&at<*81&O(2guxD4uOAIN3xPdBq((d2qL>=Z5j=FWxt(
z4?HV}c)p)V--Z%Fw>K<$NPWHq{!vTIJxM?5kH(MwO%4xYJGxr$E7&W0(;mI{XR{B;
zE?@?TMN`1JexW^xG2l+j!M;TgWA}KHI+Hp!h_5tzJT#dT9S@i524*r@l?vt6Xh;33
zf>?Ub3b*eMBG#Mz!(@J4I7ZS;vh1POxKj9c++IBax9_$+HzF|;=yQ;vM_UyqZN4};
zA*_Mla+0ODAR<^5I4u@(1}V@U)xNYjvjwa~kW(!d{vondrdI*6|8)Of-tdcM3OrVj
znP}u3J|X+1V^7>e=krS$-*33)+!haW$^E4Nf3GPiPw;4+1=W>ex)DBO4gQ^)BnvDM
zca@cabr-XlW-tFGOrCB})K*r469HKVE#4>_f=t+UOSkd?0wgdcMQ|4`$Ye*)=gU3<
zpcB_T3SBL>f1j)#G4V?)nvYTD?66B=CXr=bv(xmJFmlCQ`5Sn7GGrH>57IH}3-s9!
zbX2q_(5C*W^V7xSaimZ73uK9zv0%5<*V>HsMsN8{_m0D60<7%kL$IXd(?BmJE0B1`
z=a_<o{eN5S22;z=bqm`y{1nP+(Qrauf1-Zals-5uI<7n=`xt16qi8~Ur)OG!-e97M
z11ZPqYP|Q0Td8?%14hv4OtbIVjP~TBWP<2IRZ^*}p5?XXE&D<0J}nQ=3fOF=(8#fY
zk#j(Jz6r!q)gw~TgP+KX&GC*$xd&8y9EpIRGHqH$f#l$$tewY?`g8x&`TghoG)Pd6
zTI}1n^np+VxpVP3Bpu{F*ki`&<HRQ{4W|tRZj|}>#9Di))DpOoQ7`5fgfQWxQ5_De
zIXlL0`IdP(W5e>Ui{i=SBSOt5$>6+Zq)zpF^g|8Pb2h8e8r?aPS&jPB5K*j}*k@02
zq)=?67|$w)$wK-g-@k~nj0m_~c9KB%3+%XTfAy!U=5Oh!A&q}da(yXV*u06~?%$={
z&c2Dka%ER~2k1u+>fLsKkAC{2f5$3Z0za^^e*-r~5P^WlZK(Hq^e-arI@_>5d7i};
z4{TTG?K-UmeS{PmC^~rARfTXu-CW9Bnmu<78yOfepi|;*f<b*bo#o{EOM=|@>++in
z0-2lg_z%B7!Kl=}P|4)K-z0f`oV~2pFK+tcXaTudn9x2kJ7oj5Sc`7bq!HLW);qUG
zRO}Nsvw%D3Z}G463tlO&&DJR$zp8-Lg5&d~3K9eSBYh)l_R;#Gn?8vE|8wW}DcE9&
zvy~B!JP#6a9Ym}HQi!gM<?eS$!cPM?VuM<*rIc_D3J22|H^_@{sLpfxi%%CHwPf6C
zlXfmpyYv3#y&AGAVt#l0z=4gB3C7RKyiEbykm*IN(*h1A4892J0NNN|;{%mXuHwcE
zq*=%c)i`|Q>~MVGqUZG-@OHnz{Z4xl)*!J0k;T`PYSY^f3y`Jz{+asCVBFmJ04`wc
z>LLqtfmQWtF4czydRFcSD?FH`lYQOt-*bLB#Y=c8;4asztcvF!1k-L_zV9bTnZv}q
z?<ZDavz17X%j-aCFnE2#`;FS6a~$V)YwKU`U)4Jzf{gOVqFs#d(a$|>ARGRB^b;O*
z&`!GhgwOL0ibjmbx%#?^z=D0+6=m}cu1$RriSxJ*#3n+`(<0Rb&p}Kxr=INcNBW<h
z4)Kj0U5y4;kA*?H7=&{Q5H1TxSHyrAm)UJa?xatrr`Hm3NCCZA5*d-AMRxH)C3<ZT
ztGFvFP@<RRyu<l2@jo*ENZF7if)_WZhVZGp?MxcLn<~*i9Y|pa3H=INyhfos*2WmE
zbl7&1^i%fq6f<D7>Un(Hb{?StmgAE?1Rg@6l5Sj~zGH~o0x*9iPD(iX8mn&q>Hgo3
z`c(kR=6SSCgf)>4D9*R5ojmJsY92nVJcuc+ABtL0B2fq{NXfNah!qmZ1%{T@Xyv?E
zo(-y%3n@;^0|<5L7p~Bf`XlpS9B6}a?D?|U+5hx(qo)WAOy%&5<o6zfFfMuq(_kCH
zCXckSF|<6dv&tm1G^hO`=^*)x+4#3rn|w5M<FIV{;gDfxe;MP&=lyQnZ~=T8?4ffJ
zPkv@^j|@J3zd#$bPxPFpsZe{flxJEZ`p#A%aBt^^=y|5K{wRvbC1_Bq7f`C7b*N_*
zrCw|rL(U5+r;mrjkV17f3QWlG!*&teKe<PUx4CRQk*DXjhJ>);OO0Z9`_Vu1V^eU!
zc~8<qDN;dQm>cw1c_kq4XBbQ=oVhM4Q(Z}ZZz9`%<P7ek5Ih4f-U!%x?5pCj=T5Sc
ziMMUZ66oFPuxf+_(YkQhd`6fir?U%nANjd&hdzYOb(}%s`4qWNDnpYgXuZcvoJ2C8
zU#Ba$*;agqS6rim@8g!)m%=n*v9QFrd-1#Q9hK%5UiSAjmpAC&Mgr*K1er|QjYLxA
zdR1N4g3e<8u0Bk+jE{19@>?_!-G-+ZL<ruav&tFX&~h(+%paZ~ga@UiXG09O>CP1>
z>z@<!VvN(-#@+iiORe<w(5J$Y8f<mom1O$5b?xf0G7)Z?auqFpy`ry4jvt_$cJD%Y
zy~3nnqGD!l-qTKO>7Qb|;nxuP>@|)KM2%cCBQ?ePcA!4jDOXS0b?(^DWR1aV8<caw
zra=AhK$jUESSHTELd<{R-~21`AGj)PBv_e=-){uYfB_)*%@Ff1`8j(rQi6U7LV)uA
zcB=AE`hPU17E#M;nr$8y-BDo58(K?EB|6wq5T_OxQj}$cS27{?ZWG>_aS+XYp<=;k
z>GLh<iSkK5-e(2f;QUKa8kmT<|MnmL_8<QCAO7|q{`MdK_8<QCAO7|q{`MdK_8<Pq
z{@vgH!{7eH-~Pk@aDVe}|KV@{;cx%pf4D#MxBu|B|L{M*-|@Hq@VEc)xBu|B|M35R
z|KaSw@E`RhedFt?P8i1NB-*Rq2Czc*%%YuA?F#e5X)Z)-iBe(2=n5_PopqjBBi<OG
zorK8r`@y2vQ;TebqbqIJ!5nWR5o0wfzE4aRjC@b}=lz2J{{ECrx;ILkeB)&#*jE%@
z4<Gm@4vmFiy<`L<T;_d^pm<{fGt8=SU!-Ce#^@B(%Te*A%7KV(n15>G6~r_GoJw~t
zv*-v_t_;arT|B{iR|}DO$EM1{Zbl*v`66r{lF@xJHvIgF`wcG<ObC~dHG;X?Y~cyC
zHl<5ssy7Ub#`a4+B`_#)K*0dURDaL@31}xFbJBr!lKbu@K2aBtIq`0_na@(PH)B#N
zeGFa_kNu+lmv-a==xc;pXPed+toXh7Kx5M#Q#hXTpBL3umVN*44KM5W>{rwg_tLqk
zC{1Z){k#S&fI{tdAJoY-?9C1-^g)xsp$b%Me^35;VBp(YErJiuGW_5=!h}NPH7`ol
z_G~{^P&dSJ_(C}t`91psrU&|2IT%iVz0pD|5(!LOYartByYm~rJpcHAvHw!b1dJPV
zyuoHO_(%2`5*swPe@*}R=lm?Ky3lU;0Mo&aFLphW^C?olr#~hwpA-O6^wb4Y#0WWM
zHVq2Ud+<HBgnCiaxz8Bbx)q;I&rD<qJ%+D?47`J8Ed7OdBz`t_NqX@FbsEE<hmn=z
zGyA{bcl_Aj08m+B17#x?VyaL%!9;Jrf0yu<*~!;O3}sOsU+ifynJ-Fv*9<T?kB~wu
zMXsEEytoZQFRp^!vI@^I8@?{s)=UXOujTPuJSYQ$2#~&WJQ@rHlL?q?;h98?B(|ST
zi$kf10h>$p$XF>D4_uoY_VUjQG_UWvbObYX@%+ueaAcS1mas1)7R{R*g3Eb=8FIBB
z)8+S^Us|sT^8@~>g8*LE8ItkqBo3bRxp4K7gI-We2d(sGB(OF{tej$2_>6<Du^D<}
zwUWo9hdu0UR*_AG0IZ$I5DFIH8n!U7hYv<{>#n>kAAYsmGelSe+rhZPJFRKQuB5O0
z02}2$?T`JqA90CPc-q^H9Wd0De8^WSmA;#UgNNDclGW-TkOejftQ=Co_#}RyuNHJO
z)X%iq58c0CC0Mj!NIww4f?`mM$x1QGw=qaV<;?V{PE603D!}Q4o<Myw_<hvxbKbxj
z$br%AdAu~*pCq|e9aKmKKUs%Pte@}=Hxc#fTUBbG%0qnH+O_?W`!`^?Ft6u5Og^K~
zv37BR^@bkr8U;EEZhH<#&~6r(U%(%&kdf4-f+gCFn6g3fMaw)Z{r7x-JP}4Y%s}1%
zjShx5=luJA*Wpsg6~-b<n$TLgG@ak%g6)8@qDw;~y8-n@4NI1pKPw}rr@*$GT|u6E
z{h3Q+htU7@{Id>vnIc<B!iR>#iFb|0<r*-qOr&5qC6B9M=M?zBcJHws>MdQiQQGdO
z6;jq(+28@zs1b-<p(b>PEa+cRcARL)JicfXu$+Xvy#?i<0Y@=1(@1oDBZo_X6?yHA
zOs4H+x7&Z8w$P6pz`9f(FFVhcwmKMp-v*zIaFJ4yQ9<6M1zD?{IktMUp}vsJ7UOy@
zI_UgyfAgQyuY5D91cjn;+^Nu{b*5#E_uI$vT3b4>!)h%L_;~qJGu59%rY?tN<a7u%
z?DLK~s4Uvwvp*F-A6o{4J*MxaI0FQhD9&C=KYeauUbu+iz`G(~!YeKT8{kYKX%5>@
z4}#;P;G1lum>O;G0q#McxM5hiBoMy<s7YOV4m{7&V&x!L3-2l@%mA<}aQtPow&Ql6
zFX<Afy!gMTKWo0%EM~3_j3a*#!e|{`5Zry};Rw>@4Zfm-Hv0z4u6O(6^B;W^%cXOf
z5TT(oauj0I0G#<cg;&X22e#s!=!%~w=$1V3KXJbvj86}`?=ed|$rP<7MR4w|_|3r(
zti)5>Wg{b5d-tMCxc;x$kLhTeJOES)uxOkX%+$Tvc@sWrDcd|o)RA4ilCUXh{<&W3
zPx`;#97Vt+_M9x;LESzgwPPRV{g>yLl;XAs49KwRsMU^bAl<?)+N9HS0-nU@@hs0M
zS5cR+>0p3e29`p3(>Aj}Y{!mM9gx%JFyaNbwE=o_mr%-Vy6~H%>on>O4|M&MG5@*!
zFfu+6i9*#hr#i*;%Z5abr?ExLf%2}M>~G>|-`}SL2r<!%>VpoQzbH@VLN&%NIpN>P
zN=09IWo}`vF+c@%S+#F}<bG|Sb3@Iz7n||7pySuO)^LDP%EvU7Sk%iifK9kB)Pa;=
zv_EPl6Cju{ge>A5&2}F&d;0J*j+Ak1>Y~S_F9+va(F5}F?|J^U0JG2x;3#KnGG_O^
z^}gt>{XP24&-{+1Oqm_FN=Pf#t$4}&2q2v6@7bSVE9irLI$}tS@d>zL6W?r3Fkjjk
z@JBN-*i3S5p(wV3{+|1H9l<M2;!qNL$uU{)l)*E>*9ta$LD?7f_meQd$XsSF)9>MT
z)ah|>rr44}3$BB`8{4lyP((D#TXg}8gCQ@ojV#wl43Ig$TmQ^Gvr>qB;znwh<(^d$
z6pq#3{{A5y0fYHS{4UN%zg+ukd8}u>7U|9633sCPK;4O7gTeh@lz-5LGU8E_&Q`9_
zMW5A`*L^_0oS*b_{vJyOXR~mm<9P%s4+vei2>{K03xDiq|H*K~2Gdy5W;kp|`gw|>
zDs2oJi0mq^gSqX{zlC8A0Q>Ow?5`;%Kn{?wzWBBgu^(qMj~dL?10qDxg~PjP=8N7x
znX#DjAGv=a9g^Z?on9%?)2sH>sjnVAFPC!wRq6u(xoS-wR`XRP?kmNw&)_&24;W<M
zd{>fPWrWx(qrGqq8dA<DI2h_n6aJa}sntlIcTW|&sL@MsJPOk45Oh;i=fi}qShD(^
zGY;6Y!@zhq(LdLxzLwT^OyS<#9sY`kV8~~2S<`L^Dt~FtK&ooQ==(}q)K4Hk?KDCy
z{ZN_zaQ?~9{f!wq&1i%L3C_GWt=RN<Z-AT&x15&5^b`)gy-yj90S;Figu&g1%f6UF
zK)Z{~`U%9_sOwPaw9tMvvvU<wH$E}{;rsUpGr|DeZu8UPZ~#K#@zyuE_Y9D@bp=`s
z%1qyo7n3WoaFNGTtEDOU{i!vyeDK{a2DhaE=-iUiH5{=rF$%}i)PIlv;&?<`d4~in
zW%2~{bmkFwLxT|0PN43$`ubA=40G~9SMyeEo!2PztQ00T%dUyZ^V6gSXaX}Z+79#M
z1M6x1dByox2|4VhUyv&7+PBDWYV<IOU1+EW$YLh;*8(bPF6oJXiT?X<-w$^H`Zkay
zM^v^!4Kb}mpBvRo&$rCJ09lkz0i%52o8m@y00EGDxqo@ij!?zB=dkK)zk7r+U`Go+
zU&P}!%rY7d`#t=<pYz+cR3j)W<`e!tGd=0l$2hkCApe#2^e42zNPz)kwe#@T6(Z%?
zyocAz!Izb2!k1AIM|qFPkNW?Q{LnG6?$U#y9MH-E8D<?AK<u$@!EU$@x4EH0cI*?6
zLIQ@ly+3>_NGhbZuAw10l7AP1;7d{`f|F=4oR={5{26G@{^6(iv7zDeRJxaq^R86$
z{~W)oM75p$0I<f}dfomYPbIA#T_!%)y+(Q|OQ39;DG0o`lV9}wP4RdT5B;KsYBr$9
z3~()8CIZNA%mA))cv1}yXvjDR>D({ZFS;@16NxdMt7JZQOwwTC(Sk<tPQay0PK;|i
zKVWMvk#S(a{+j*o4<}7YNNxgm(TJk(1XX3PU&J5%aX(*ukF{2Pu}_Por0lXM(I3Mv
z%CG&Xp9g8~Qld>xDPsUXdV0IA&lSJ@{J>#$*jgh6KeXKRQdkYY%K}!_e+&OwTGzU3
z;^Pson=uQcz=;m$6eIR(m#rLv`Z{Ch!VQW0Mf{eZ_s@kd2suV7Gk-MaA{ci!J}CFw
z-#-W981VVH@@JoYb-&lY$mxH7d4KT7{>EqAnH8D270LH1)n@-2^;`RU@^e4)CknI?
zG9EHs=Sf@d^|LRe3V@PbqX{PBneiyUY;bdL2U2y+Aa~!B6KvJa3EAg*eniMPw8($l
z1w?V?0yy8@WL{-An%`!X$=<O-ody%@-{kptya7nY7Q(Ld^U#Kn7QWWN<6zsI0qj*C
z1BOrs%3vz)-@YHl`%YZkXNfS(P8N!qO4b{lysB&$fKybtP8{?`NrURK{`UR`3K}(F
zV|h;SIL)gpL%(Ua*uR`Vv0Wpl5xyUuU$)6H%?&fRW+ed|$jI-is?E(VIXZO;`akmf
zvwXv2n=LtWTsR%FJu1IAZLFNzXQ$XVQSIq(Mo2lcI6n_FF&C&)v5q3f55cd#O@&I3
zM5>c6=tKn3L!ENbdE+2EugKTZt`7(5rGf6gT3i38_s0g!@9_k`W;#%&WO_&ud>hYd
z;|Jn%u^$w{$M+eoGs(8Ph1V?_f@tTQ2wEz^1$N%Q$A2jp<wJYC&pg%MeiOD2psSC3
z4GDqbxoYVuew^VRHJ?yg56B6t-}^506(k_vyN#1hkaxEOKE1aUTaVL$k_O0M-S6qY
zAU+ho5wfX2+(9vS510x*5f^5vl|{c{)I*gcBRuFTdS-I=LU6ZA-N@UY4$|${v+O>O
zwdh=PlhsM=1z~yS7Rve!fPvJ<wc18=DJ;@IN>9Ue`l)7>t7}PAvFaT&V`Bc9{;3}f
zN#I<)<ARRIu-_Qi9I#%gIRlacEBg$(3bA4Xe(Jt@^1~rmf)kLeu;hebc8o$4!eICc
zaUU5)3+D<b!m+*oBL3Hp`AeUj45M};)l?`6IP~`pG{*X$+b@9qulWHeVYvWc4;+Cw
zJ=o>#l@Kl`fNl;H2Q42#*?XJ!AN7CnLt1Wqkm=w(H0-JtE#me2={}&R7ETW_iCYlJ
zPUH#NDy}fiNgX2TjC5#uJs;|3iUjzP>EMu%?+gvwvE};VQIx<O<;Kq<?{(r3z_gF;
zugHETJs&UcR)(Hj$ESMX`N8iRz~>ITJ_K=nNw?9cO(6W(pZ@3gcLwFF<xwR~dM;9w
zzXO2@T4j5y`&g4a<D4C~C8gS>(dSL}FF@novxUwwGTQ_xsD%2DeE&Ou4sQcErXG8!
zyVBxI@+8l4z4&&|;{Ek<70aY}oHgv%>!&Je>xW|<s%9`&tfKLoiuvEJpN1_>IzDB?
zAib1@=Gzn-S@=cy(e^`}h2NLS9m~ao#vwF@rw6t?DMcXDN739;T_ky?&bozN@sZ1y
zj#E)u93bYeDe`}MfA>fKQW}N``g|ecB~N0|JRDXsKZ&WEGwXLordA1?NKcYCZ}s=&
z|Gs-hCNld--B8P3UM|v(;dU2y3fFPh`-<~;m=*JoA^b1$FV}m0t;><C2sZ%zuTm3E
zl`jc`b$8=i2}&ix4Os8H$=~0@zy2|QUGsN4ji%dLUudm7A=}jHL;s%lj}rRWOU;5Y
zBbwLg%Q;wInN9InxcsmoqomER#>gtu<L~5`_b<5@J+N%C5v=u6UGdBVE(M6pU%p@H
z*=rPO^%pIZuim%gr?gEjg3<1tjok4+5T%ruu*C)ci_R}U_FvE%07Id~LmH%+AI16=
zW6l3X{Ka&kr!jwBvjS{!?`U?g5Wv*WL401kZTYsX=uoRO+60IHAb*jRdiQ*ljEu8%
z{AMO+bTRXv%kSkZV19BjL(g389<oLoH&tJ_8NlUc7>UNxGY~|l+iQvjnu0|C&e|qf
zc{RN|AOGt1Kc}DkyZN2fvhK30Xi|65Tel87(P++7_#_+t=-jtbx-%szkE%dFEPhTV
zUgyDFD&%|nZWipmbuPGSdinZA7BE>^J{3HX#6NO>?8p76;&Y+Ub1+X-EC(=O!&nQ)
zl3V}bq2?RT9l(KN&-vCdUp<vb;?dP`9=p%(1UbE%J`O$FsyJ!$#mNc5!f{6?V8Kfe
z5v&TF77ICp6ljlXU)r460#+i(sTK=Rd{`<2(Q9H?zRAog%@n@lO4{ASjlE&|ck5RY
z7-C!XZL8Pl?Eza`T)(@ra#%=__#7|8$}QOkkZxHFq$9zYVBVCB?(UvdM3$I921IZS
z?PTHe6QU4Gvg{CDuRpT?fu&zQifSsH2xfVPgQajRRRr>}Y`JgH<m$-S%?3^ef&nd8
zR0gu>Dk8}f{DF>614dxBP}-V69lm@p{e(YGInSPozo)S<gu3%;;$r*~`0?y!h|~O(
z@$6O=S>W{N;0C`af7#>lcini+BOgOzjx(=hzLYM<m`q(m9LgH)5l&#aOXfd5|IIbZ
z^WhbF?4;q=6ghpvZ@<XDCqoEz&LZrG7QF?Gt$fd)U~mA%KB~rQSRCr?1||?*e)})k
zzkL;oO@H^;i*4~SneXviBgl{Xz37JGw^R`YQIUpE8g6K<#rskJe__H}VZIwu^xD&|
zIt%nfA5A|G<4SpNh29AtR?waR^`W|zSM7CF8T!Hn`-^#aXo9T^6xL+|(?y;^Q1=mb
zDWBp;)Y@!71szPFIP#qgff$PE+F3ZE?P7=82VyXv=ze;9tK!a)yoojt&6I~}owDqI
zj(`5+{@=qXRs&GruRI8?f?dLXiN*&xwDo&9sCMZufxw<eh>$Dyd-m&o^xy1XzW;39
zU|K(n!Mdz46KsvT%iJ_R)lO+HH@(KET=Z22m#yjh_w1jv<eL?uduVZl?<jnG+|0uT
z(Uju0Ygjb5>h=C2dPfwPNBt}I<Noda!TI>aT6?L~61b94FXngSUgFvE%pyl!vz&qa
z5+>^HPGq1uTuT#Y0#GjWnD~`kw7+P7OtCGhdwwDNk;}sh@dhI{A_$aNTuX*zw!lep
zm=;ykANu#~k99r#isjeSbQSvTVxcqlMvMNQ{f?ja$5`iq9K8$+3|?|iMGmesS(7qj
ztEududn{%3c*~Yqr}gjg?|AX0h{aQdw4GV_1BYb2k6$cQL3|o&)^|z*Z6t}%*TUcP
z{;5xg$gP-s9Gilifi0YUr-GbK|5?32lDRr*nUoxJv#I{U{_+2p`E@PG$yKU2OVzcs
zxL2|%r-V^W?6W610&W~gF`iWplZ9kXzI-64YEAda7;6_|^D&<P;rkOm_J_n%pXA=*
z$NrF&(}Ev}Jg$=M@*(SO^&I42XSD>?O=VoR-*bNH@!+j}sCxz@6S+i7=kv)X{<Tsi
zw}Uw7jDLa{u*lf@LH=_8x8>kKWgEQhi$-chDJ9}7Hh;VS`vNiH^=+@f2pQs)r>x#I
z;^vp<2av0x>-}3O)cf7<!ZXqd0vDIJgVAT9j$`Fw3z&j<MXVrX{+YY<fV@IiyJ<9C
zY)bwk_nSQ(;u|}<8V#-<3xjmAUrz-nhlQgnVv_vG?6x9z(x+3h-I~qkqh46?MykE%
z85Cti7}oKGL1$(T9|<R-<Yo-@@5%2!_%Q;gBC9loh#uoURp(L52LpR?&k4E5?zvZF
zE3#Ai(#QtZflbPya{%&z!~=)l?|8~xgvcX|up{b;$EaoHV){q&V@7k&B=}j18|C^*
zRqwd2u;WU|{Ej@9CYWucsjl(%kLnw<MAIU6q5=j;{dnYPW?o?z&jO0KgyatcpnIHq
z%B@(t%*>HW=sP_>ef!wnkH{M;y*o^fk9)zNND4xZqInKK@(2D*e$o6yQAUr^S4q;Q
z7xx~^3Tu*B54dAViwek(H@^y$O7QN-^TQ0Ko5zfoNDs|ie+<F0XVm>Y`ymD~d!lfv
z)55}*J4QjS#h^0C*LqXKn(iCQfeX~qv7mRF;)BidR(K=&;tgb&S1eS<kG5$)60SN=
zocSU~`4ugPDBpJwM9s@V`2u<drT^epwRU?bY<w8nRr(ofrHBbQ?3?7E;UAqt;(j=j
zGtF4-em4k1L$Qd+w-ij#$A%W_XZ=5a-08qZk-a=o)?}?_Z}W2nM%}TUyasJeqi~hr
zd?VO}+7dkSx0|t6d$0AEGmF^j_n_!d*&4n^AM|T7zJSu`iSDoF1i0Xl!jXp%b0^rv
zrGDIR`pa*yX2x}6wYLgd*9&>k5Xget>V+6%MnBdwe!zrT@4@kUv)^(zdt~aI9ds|a
z0kuee-%wsVc~XG(lImV)UNWvI@r`i6_tlBbaCi4~&Yr}%Qfe!_XUmN)^Q@b`<ZDoX
zRi$Nb#uSau=LuMNU0~<)EMr9$31JGMKB-Bd2J?C%Kl3O5@*AesXu6uBP;dZ5vgrM!
zpuhZv^wq^NZdu0Ax3u&ippW&J-{2n0Q|30y@AFZVt{YJAguncTzx;+W0NIbc3iHct
z;BqIKANQyJ@*Dp08~&U8+Q0mUpWZ)z`3-F-?qW#>FV*z98W+|p{xQG)m*1eHFv!9x
zl$wcIPVR8LY0Y1L!w>xMzx;+3<?zk@sDs~hvD$4U)Bfc*{N*>as3@513h!N^zu9sQ
zW4Pb#Y$>g5GgSi}7R~JC_AkHTX3EUKq7$pgv1Mt|!ti9>2iy>Jwh!`Ha(kT8vg<Fu
zfq${Yh7}cGzz0xo5Ff6Z@j#;*u}{eXm6t^Ix^w@CfB6mWjS?r{co_)|m+*S{vYI+H
z7CtU<{Op5yU*qiG<}Q4#8uvvic43T80Vfs}U#k3<-%v-J@Fh8pBa~B&-{<Ig+3pd<
zEbWlE91J3B@9Bjiq;1%v7W+0X0er84+`0H1k`8hoV88~aj}xD;G@Q1lT`GV14VI7B
ziAbVoN_@vvQHK`JlMzDHS*x)xj^@fp<(5Totvz5vk%W=_c<cUDVQYE*nfwMxmQW>r
zp`BpWi(WB|+|0#0GCxK|(o?D?UAnxB{77E%+qZeuXEGVo67u^A;P&C#xsql@ULQ@j
zsXQg*+XPPSlmz(IcgQ@%ZZXgp3GZldZ5quyN6Vbb#OFbG;6zwTwOWSHg-ls}3Qs34
z5tKw~w6U`z@{q4?;CU)@*X0x;zH6|@b9kwAtFox!S4s|QP@5}`p!tENwq7GQWjtrI
ziB~`z2p&wH%zgC%Fv+xdSxg}Bw8o%&u*jMozKVM!*F-0~{H^xgeoA|F)wW$%*5iTD
z%8U2<Z_&S9sV6zaw3NpK8i%9Xl`|k=bx)p03Lq74^8eL8vcIMwerG(@I27bt**%(s
zqWG!5H@|R^WOeAQ>%-02P@$9_K}jDfQ)jK3bgd2cCZ3$Jn+WeK|IPDHn*DHoX0NJ8
z!hR<5!jMRJOz+RPu76Md4RMwcVc%;f33R`}j?4B}54b@cQ?Ho0$B7oz1S=9}ef^&P
zbRnek&LmI#YOF;4Aby?biC(0EwbLz$#}5wAkR0MAC;9FBdj+6)fSaffvBC@BNU`w6
zFVru}|G}2ZttlXz@aX487)=KBtaH#)SgzOL8!V;v2w!Q=#K3JIw^vWV?YnKyjY!M{
z`W)mR*?+dacfFus*~O+;YG=5M0_&g3Z{L5GK6fFj_!kzS;PG;UmsfZ4^~?7ce%|k3
zaDoDOHOLEK*F9m*PsGvxJ@23YV!vaL^h+?G+Zqo<(KBBR1S3)JD{Bh|kZNgXTWN7c
z$(=I4y#J!48n%nx#Zz%)?C~?lLm_v6d;jIP`~SgU+}!v8x8T^-MHUnHRrOX3b=rq|
z`_Hf674CVxGHa%OdH=9|_dc9gGyMgZ*e7gBUqsS4awh5Gsg2g+*2Ng*e6IP)pUMCH
zvA>Iah4K^ZjTA@aJbY`iBabYGpOmvcqwm9SSTMl+ayeNT^K>xOJrxR~iwr|iPaFH{
ze`J4^vLP@hs|uVN!l&}KGil(!%ZQYeWa+@I8e)gnu@0ms0e|xceq?n#M0{`~0|Zgx
zf$=)4Z0+*Gq!?ouPAY>0*caqu?>Fl|ogV`&2U5KHEwy;`HjfY+g<U?r6eX?c!wb~4
zhsj6vEd3i*)=MuX&e|5Em9IIuZrsZu(vR9e$x*hVTc0(-u8_i#a-MWK!+^!{;GKpm
z7z}bx3dQ%rixiAJU(b1u7PBVBrx}x`v{i>A(D4^rD$;nbQCLmRgK<)WaIS<WT@9A@
zK>s)ESJLue-lHxY?STNCX3n`Nop7gF^s}$ER(+#gia1*vucR$zlg_{Atbx(Smalpn
zH#c%!1|f7TQNSpkdG3677ezJC*+jazSi<)jmh0Gv><nR}5l``Y9b8`?j85~>c6mq{
z&D0PCxGNMjRvkk$820m?gxLbyQWm_rpK@rirnpQ&|8`FPETtB>A-BW;t`RFoZjPq5
z8w30XDqpL=_M<?guF00CXKk;S*1tihw&D`QI3Ct}>{AR67o4~AqpZ8k+nEO!?~TLP
zDNM$gr<~Cej25B!((~P+B;R($oVMSY#ed|d=uu9Wnq2MxGD~kGd}xGiZJxhlezmGV
z6@-VX)V?VG>}}DqC+!T+JHxtX&5G<u9ehaW)f1sgkLd!RL9CYEml!dkS8W+&&~Ep2
zOn6CPmNK1*d~=tbjm~#L;=qutUOhX;Zg3qU%TKEZuMnOlAThP;%lU#nlWw$`IthX<
z2{Yz*Kj{B)hYsgT4v-CLx~|L*1pJ8@6lkPRuG5plLD1;J3*jEJoM^^(osv(?SfRW-
zdV@xxJ)|nE)6grBO0@ml>s2qG*u54<m0yK(>Y(odzF*_x18^#h<1Yzq)mOtnQGv<T
zJ&onH_A)tFkK?9b7rhU+W-Pk-A%Dx4sed^-x2SdX1v2m>;?P%QoH!5Ukozn0Zg#Mi
zI-OblFX8uC5B?xrNc%Foq$s(ROXKNMGhQ%OHL?XuHA5<rh_!sALmTj(2`Vv$q2e&~
zC-0bvD-jQ$9k^j!O!BLEb_(39n2L9=$cX!*htN5%Zd^1&nZSS21U&kh&0oskyx&S6
zesFc$hpWfgX_)jh-3C@;MeI|uUNHm?KSR72*_HDt1-UQ|3<?X8rt-sB3bkBz?_$<O
z8~8^U(J!7#;_^IB0&~FEu$ivvje@YE?x+ewi7t|5=TkB=V_1$hz6Fy(nu&Rax6Dqy
zK4K_~^7vv;i^+UZ+PeU4N_d16S}Ahn?Bm645DH3Buv=Ckm|PpaF3{#vLeOh@{1y+&
zz#w9(E61ZDDJ7HtGyk@?q@8`^dH&w|pg2$Y<B}74l?xdgpfiM40I5(}vwV%eh#w;z
zKjbei|5QVU)dX>~UiP<>00y{Yemj4W7;Dt2`96<o4UtSZ`OF?X|MLA~?Q9k)I7pV+
zs)BQEsFKn9_2d3r?+uYKKZPKZNxP9qs$8$C%i71o$luk6>6Y<PPGD6rnuu=0(+eU5
z?*R^!GrXbYUL;T>`>Z%&gDm#e{`yeq!~b{hkJ^FyT&G+;Y1g@9Ka({EuicrLIE<o6
zd`FK9sdF>Y=JNOS$A9*p!?*BZee)^ReEHr~1?dOooxvI;R%h$Jrc|5WepoOc>H8!`
zxO#&bawt0Qe1gdUy&MLtMjlZpXmsYKRD#KMlw|sWMAR|llEywhr%ikj=d&<B?$1SZ
zygv$jKJh}*RV@ho!wa+hZ0>j@zU(=FF{Me0nMWVG$VA6*;%_d}%x7bTSMHu`);-LZ
z<dpP29yzhx?i_zGDf#@b_P%RbR^?1{9z}8Hk~oboAmZpm;0sfD3aC50_padSCpDVr
z?rH70P{c^x>aBIRSgS}#sLbDdX5(j<Flfja_|NeafEd!)su>vu@9xWdZb^GG4}9f+
ztiQG)(%6uP#kjc8f*wS-KIXrT{$L=JOnt$Uhm_|a3TP?M*C_uee=wAT1-i?``$?Y$
zUji$&+?JOV?xebR_10H$B^ekGC=Q<0)*+jS8`PQ6EZizs+qM(oL_F+UOxHK)gL<*C
zW4qF`+M=#XoNz~7zUkP}<TN_q<_Dn=fxZPACB%+ev6XMP;b#Mj$nu=t(JPh36l~^Y
z|MS$3e~e$VJ3m2iJgAnr>}@LpSxszyBLP^dj@=a$!i=SWl!tr{@#o=x|B(OkW@EvN
z#P`+I1qU2DUrP|j%HL0a%R*oG^0;9K&-w&1tg?|3hXU0QzpS41eDqROqHs@AT4Mhw
zezv1DiMq0hUpB;#Uz%lexx-|s<L`N}C?mZ<N^;-6LW8a?rJX(h5{<=|1b;8zg?T}t
zk4)QjZl71cnEd*F*&yy6jH6acsE*nYRZ(x<rtVeL8>*>ZOo_rZRxi7^jyem!gAZIM
zAv@jNJNWqNaJ1@n{%5bBvBbtY;Z8uwz|QSS-R3}>UyaM7l0z~Jxx@!&&WzFOZ@e4~
z;+dWL)eg+e#|8wAVx_!#Yo{a!Q@EIaPaS`{i!xtgiX+=CMEx~$oWNCDhW-%0qA*jc
zL1fWd^)2vmma*t=8zX5$<#@|Un;9LQKb_YU;AZrh2ziILJB9~^nuH=dmiO^wh>Ka@
z&ajOOJ=2l4VB#9LZgoBVR4|9?LpJJ`VEHTZ-&$XI#4EC`4$r<gJ*&eSlN|I2nPfdI
zWLuYZWCb|-5r1Wr@QN3ts<A%Q9Uo&K(jdd_O>wm;=S9|0TJhrR(!zBT$@f>wD=GLw
zh~n(<bEZS$AH4qbWBs|GT|bQTf%{K&E&{4P)yi2@;QGUvF~T2is~ygTGUMKPM($qv
z5A_>97Q)a<{I!EhO6aw>wr*P#JM=Q<E$dmN;H!sPms0NC#(Ej$dF+IZmhV5m>z4_8
zWH9<x?By!XDiFGBq*|Fl6?_{)WdVOZGb|!3Z=Y1d)hVP^)U}K{;1Ms;62A_4B9ihT
zW1qm{n>32%!F_MssvFVB^{rNRV0OAZG{o?vR}BDkXla6V0Yorp#04?T@+slvw_7&-
zUeBz`3iW8u@0KYF#>*F?04gbL_B|hMdm~H%$ClOt1h5NJXGf*(w?fRHr~g=!M2Yu)
zaSE6|hwh66m07Ouk3tNdo9pG1Q@P%rNQQbv6=hPj$5r6BwgNa*E}Yml?>y~}0vW}2
zJ`>>w?v7g&@|xmEdjsZ`)(C4SbcOhy2nKngVdEDJwLKB?#p1eZlnj`z({IZa_|&!n
zHU^RwKg|D-nr7RZs{G<+5si}~hGgUIhWtSLD7#}1X|)%qh3y_MW1)+9DSmMHDL{4;
zyRJJ_QmHdGj0Le3F6+rn5~ujNjQ)WCmamu=-4gRI<GgJ(3=g~VG9Nh{<~7+o+VT16
za2DrL`M;<C?GN#nQd$~3bi|E{GLm#%5Gq)MiF2EfZe?kppU6nN`A;e%?$49|{@6bY
zbPG!F=pFVrd0BVWuXMA+Pvl=PFIfFK8@V0c^#;lSh*h+_2!Pi$T)&yC+FOO_C3yY7
z#X3I2yoA)v(o*v@+3OD4@NZIo|IhCK^!<Y=cU@er>8(T<KT_tYG}Mv<f(gncoonF7
zH#(9<8B1hx%I({7ULpoyX5300eHJdHnmh~fZob)sJ-(8^w&`)iap98s5WbPUZ~+3?
zI8@F1$JUQ|`DOdY$Ath*#nGf1BE7(T{N(u6ANm(ouVQ8DP0FzJ+PH+ZT1k6tKTrMS
z$M`!FQ|AV$QbZ0y_PHBzFx?StuiPtHN09EakksSxCt%p0NWWde)H8E}L>)?TOAzUE
zP4$=kXZ_9fs-ckw)bFdl0m6c?g8#Gr#)p5QKQq6O!n)|h2q_iH51`v!ucn7-8dQ99
z0wu6$o~I`BgLl)QladCxgh+R2-n-(4T-RPdkN?V>vIS|b;Skw)EiMyk+#}rP)nqvq
zKVNQKhs|t&wYW8u#_Lt33Ma$wliT%xBX787gnH*3p7Qjh!g1L*#W8b=D*(^6{p)8n
z8<buAu~%`vw6%H~jGmsDy3T+rc1G@y{Sd!WTXD!Adq@hzdY=6d+D6g}vFTf*_WJhZ
z)B6<93h}h}cK33ebKqiA>>xqnW8--8K$9<=zm7!mKUA#2+9C5ZQ|a;qYS0z>WC33+
z$fGL>81QwHBzGDRz`GFz;2n}?uvUL4dA9*V2M#FxX7ofOHI{`iZ;bOVYT{6d`He!y
z8@PCq%ujx*7bn54<N0~LkrvhHRd!l6B59ckTR$=sXnHTNmT5?>yb`<kn8%Ew;r+5;
z%%9-IzkngOBm!%tvOV&rG|Nl#dLi6HLr0a-!fM!rbDp}%+G53IbT0=u)6j9``1)_D
zpN{hH8$(2_ipEtI<T+8>L$$9_Rd3z4(s(oOV}yZZukreS#1EfvePu`dDc7@Wb(ZOh
zQTv<tXZ@G#Up*J2?qA>H9m&I_^4o@z(W}}HHu1~MF+SD!e0rD#%(#fZAAe{bV1;8d
zB2tlwtez=+Lbme4AB2ZZ=S>^;9V{uoM%@IY-+xg5Kbz*D>6`M6+tZvNh~iPQ7hJKZ
zA=;L~)tdXm4XR5XZz|*>eJxADrg2s^^Fxd+0LX&3)O7I-(IX*y>w)e*HzUWbQT(P{
zS#Fq2qvR<E$mg>r+k<E2x=xc~KQg5--UdM698dJ}<41HY4`84eN9{5G{nj5?w5lq-
zDz@$pn*Sj3cd~c&K+TUiLyd+vz_#!pg~hk&_yIkMvfFS6@WQ(0CV<{|+#m?g7W4j%
z0f?AE`V}Y!496452&|Y?ZP`)|js<PVtOvkUs1}`MB#pG-cY)gZ%Y3DVakO8-H|PVN
z)LlA<2h!I6CEtIE1cIc7q~ukPef+Hx+tpdrg`0UOdwfRSo>5qq%(T>wpD2H4dT|o<
zoK?A|Q3@q}Wvld|G!Df_t4_RY5LO`jyP}iy6ZvNy>Gza2W)@;ZU-=c|p=XzsBb7sF
zcRNTYI9S3lH@qRyqq1|#i$<u?Sr*%kB<~*ycfTm%<BhUHk(orr?UimoQrKo#8HdE#
zM;t#wv<-5v^@skk`F9dm{#kMmTLkK<iJx}6=f5BR&;h%vE$90y@-TN{Bt`aQk5i^A
zjUOQTvgR@u#Qq!0Mf;QEr<@U3#1_5JD47yxVN8Dm9_4=a{-xNe1L!rxZn`$59fokL
z-JhRGf4-|tgGC_b``s$q0<;G?Q)T6!{GEUDceo5|1;uzBLOy$ApaI14JF}m1{CQGW
zq{)LToRagy{<knh*O>6a+juoY?2BBrb8r72M?a)GI%c0gFeDS9LOk{=yxnnT#ZJOM
zGee)){h>3P>wQAvFM&G%$)KL!Dex_qpjR{J^qT9zT#%s=GlL^OaB<QyLEj`;pF*xa
zvxFASlo69h`9uA9GqUA|D*PQ_2b}duKm6|~>HbUpBpBpoDGBUw*f)%~OZh|n9rx@q
z{p%ziV!|nhX<Y+Q|L3ZPF6{>hBOExJ)l&o-7%BR)G8J$ZpJ7Fq6R%4>5kG=Mc=<lI
z0wQ&*RsMWAsl+CDK^o>$Rs6~rKlCsr(fs7&EiSbaPkg5jDZ9^86TQh2i)*TsZS}M7
zkVtv1aewC+!(I6#Xntkic~5m;J1fkX2J|W>oZ}6(+9x0O-1Y*7mrx?(%s5}2a3YP6
zER^=ipaAXx9V^+sVnH1YOqon+PBYfRqzCv+aMoo)aDw--os!h9qZ?CugQVR#Aq@3F
zJlmGXs5umdT3pDD3Z~ZL-1{j5A%2hzfWG({d>_v%AfIHFcPfdUPah-Zq_~q2%#Cq(
zyYwd}gaTlcxS4ov8v~=J&_8cJD6{-&F$iwzTgR8LzvBMIgoYP^MXMVTdSGaDo|Xkz
zC&QQJ{SY#Zvs$<3Mx7!~F-7%SX?1~yNO<YfmfNv~9^23n>1;B_0z}r(Mwo|}qA*D+
z$idl7o=IkA4*-m>k1qSXvh|3w)#jE-R{F$;BNR4(sHWP{<pddj_2K!&*au0@!Jotv
zm1QNUwVWMy*h_trwH2+4OlCjETNq{g3WY0$YTy3i@1jz^5dK6;o0xTP6{CmPQ4iOl
zo?&`E2zT!woz%sVy`Spp%U3qY{w>`73{OqPN}`4Diu4q^*AssCykuTF^GR8Ud)oao
zB{nT)>M-Q9^xBam#%1aGgg`QzPWz)FldK4VONT=^qWVVQvxVt_aU1H851(u=QJrc$
zbr7=go>V~$Er8F?7JU0NW}0qOIFtIGjhXlRcG59jn4^-q-J=VW$8aqGNb%4UXMS+w
z*B{)rt#k7oYGK~^!lP%~!_+<NG$TYMzu-l@K-sL&*-!a(eNy+Dr4G5+8$^S#-7i;V
zO7I@Ki;+}^=mMkp9#3}3-e*q%FPwT`hj%I=t=9u-DT93?5qopbg`p)hQAg4t(zFm#
zNB?|>ASGT74|S<Gp@a#Z%nMV5>5I&A`DnFVXQUKa+^RBR<{s=CS<|q)c&r?7I_l}M
zb-Rg0K6~}frrJct^G0^&&T$wNA^i7XU2!>hGkNsw&F-Urp(EnzQC7enj<yU?Im{}^
zVH0&zbB#0k=BW+w(Cd$?q~B6iGEabR=8oml+SvEdhPf5L!FZn|@5#}~Qef4I)x0-f
zd9lXC^>rmTKAzgCbn>7Qy1l8UHk%#<PhX};QjL9FmT>uRQS(sv%jxTGz41s`lD7+c
z9=$$TSEwwB#9i~D(`=czm9s!lzfJfoL0QAo&Lh3T;Tb%9Ho7YaGYfCWkO9)x67myh
z1>TJT<;6xxdyYa3RjNH0_xRwe03^yH0-j^7(gB=mD$a7WQZci5$W%6WZ42WVM)rG`
zq$8;*Y;^9kz_GAD)pwQmXmUbU_Sh5K;g497D%l?5kfe0_TCOat%%&#qifF$Jc?Hyn
zcDsKZ!Fs$NWiGv+?B2TK9g<uxSxF|r2iS!}mZU#h^aW+ak)#64YVvQfG^DIn_!H!V
zM82SUPglDR;6Dv8CB&r!dmxGKB4R>VfX+5fd+>&t#$=0E{jKah5eqVJ5un{9OT?)+
zgDMvIxW5kbjq?0uCAH5!zLsyU-_vw=Z-2k#zSrU9A_@(@ZkKwn!Gc*6FZFUJPcKWQ
zM64--B?=z*cxVcc((*wSUF71KY9;?s(jZ8v3cVH@Mrje~;=XUjL%Z^m7rZh9XF%nq
zNAv}{XGKvaABstB)DMql;R#L=I<0vFc49}*u$}vD7Uc1pEo52d>r%%Ajkf`>daAQB
zrf0B3*GH{l^M^iT=z>zxHo?v$Ol)+(Pxr;j<YTCIyKSv~W=btbj+$=upwbUc*OvZO
z9k0;qp>TRtwYyWev}=vS4BLv}57VZOsnUy<^5?-#q>WWx0I@V?7gH&%nHrU$c2&&7
z(`Wt2X{6dEma*{N&fObBy11UK7X>|tEb#Ojp`#A~175V{YYF)3HF6)+%yjf`0hckF
z)Vx{|gsaq$lu5G-d**~d1Dr$0M7-_iVRe9jBkHzqmfZC5O+1kX#W39@rRmE_47_|S
z(39ne59~G6rJ_|k+W9oYL;SUhfoB{vu8G@v7$$~b<9zSra!0lS9F_D0L)EwKJ`Nf)
znWcm={>1A@)TkiOGU#kk52{a&F{gECSUlkX^MI);7py$E-Pr8ARQR!wz^hVpjFRXA
z&vCZ#aE{<m2F)9MuYef#zGM%1D~1q4-Vr?*)~{Gb+!3Y)yiqc6HWCt#>C%fMATh_4
zp!T!ZrUNj`5V!YFltaY;8S@wYY=FoBboR7K9F)?{k16zv{@vJ-RZaQ|*f17s>=??9
z?;zCA)gO=&%RzXNDY^w18G~;GSe5uYT~#d=^hr2z5T_}(^(LPMs$X-G2H#Z*O|`pH
zs*bojQQnUIBsheoum02@w7;LO!<}JZBUY1225>{OA_7voT9G)gnM#wP$nkG5>w8bp
z@D!f)L_uIZ_V?fZ;?N(4xX=Ii%d1Y8aUF~8UtX?a@&DrFfc3fLPQS8eyyWaObv5WN
z)Z_5WAL{Inzp$3&S|Tu6SNLCk-<Cc9t433VKc7WsIZ^-Rcd!s=InF$OMPrQkl}IV(
zS31v%Um1)fVx+)Hge3o}^LshiGd3mrzeb_3f}!c8_?3PX=&uACg8|Su`4!8kG(%7{
zO9<+RqrjXgM8E&$Dzd?Pz9atro1n;|>w($SWz$i-=j(U($ztRKeEeUJ{ARHZ`w~6T
z`9D*fj#)jF+co9C{QldU)qU{~`S9n1fBa?L7VyVkeqZ;ch|~PnKOg@M{@?%i`)}~S
zp6o9_n#61VAb$D7THoM7f~x=zgrQ*f;br{fxm^fF6RPEc%N>VbF9)Eyy{6pTz%D%9
z^dJ9ijK91q$7TNj1lQdEiT?UV|K(55;NNcVKi<KAxD14#fBC&`{c8cesijA}wa7oK
zMd<ta1U;uYZ~~96!=`koZy+k}v6`04u*t)=7AQ+5!{H};4j=3T%T{aG--P(e-})y=
z`#A`)+{Bw?e^>NcbB(@owdcj<hZH^qG7KGG`v|?dcalMLFmytX>h)*x19Q173N&fY
zJ!%`u?HsHBrtE9l6%|QtPR<+BRrg0mC)6=WI=^eVEvUl#Ltf1@TU8L{-x5swlxKL_
z7e5|CYqs{nwV3AIJCV{pvf*7))X4b-K-+wx%I!mmWEk^y{gxFVAHQ6uI_E{bpydGM
zUIa5_oWKQ<sOOdBAjvvjsWoBpJ}}ell8XH}O6_ROK=))?*(6XgVE_2<p4q>9DdBK=
M>A(Mv|Ia`F3)ym^SpWb4

literal 102409
zcmeFYQ<P<0wk;e+Mr7EwZ9BuZZQHhOX4tlEW!ScD-T1ybxBYegs@tmF=X3YN-fgcr
z*TWjE&pvt|V=P$-U=Sn#FaQVu004Xd$A=}^F+czSx1Rt2hyV~k8iF>~jz-pwI*M+#
zMh;puu2z<Kc_2V!zX5>0_y51o|KJErq^w!5^1%gPQ66AdbVi*AH4uaA*~c}gaN`ks
z`9^UETRjzQ`1P&1SOVw8LBi<|vL-Jwe(`RN)IYkrw*R3>4}hIbPkczgiRdw8NimME
z(}~g9qeKBkB0(L)5M4n4YRAs<LgS&q4h)?qDX<Jbwq}D}L27^qbJ8V~SFHw}ot0@p
zT*0LW^qx8U>1zDbzZXpcmIY%|5a0MmJ}p$6R)Q~$s-wzLQlUJFQ>o5?Q6Q_iH)kqS
zco|>)P{5CArapFJMn9w@hXmd;5^bmW*t#)Dg_G}#=Owbj&Zw#<-m`?)3?ZgeT%U01
zbuA7fSs{FF6s&G5rGN`4K@)h*E0PIBD=c%T-9~vqOlKs{y&%6>yCZy=Xx1V=H4?1c
za0eRl%tH3i{3BfO$(Rjnv`h^IDE7QS93Xu(@R!l92>IOa_`JBipeZsskp~m}!8Ivd
z@2Z+BVAH#7^vz6K(tF)!rnE~sb;jqXF4>|^48YTPoMKNLz|+964cpG~=9IwGsyIjH
zubkjdJ2&@<s=GQI)t_v+`d?Eu%M3(>x8=Itxz`kl&Jr?$Z$YvJy)7>+QU07Jj4!eL
z9CUlwV|oP#0QmX>29W)46d=-#@dy5!0-S&W0HD4pK*!$5(t(!dukZhN^#2E+_kViy
zii9=s0lM#_54wfF@11e!&SyB+39ol0bP60f+7QJ89$$Li)tS4UD_g#;ZG4y$V}nq)
zfo(axNk_7mwSShk51n<p+M;}0{Oax0uSQ^t;eI81OGwgHJ~iDGvkZKYJD(P-TGT@1
zCW2%gBw8j2ReBAmb;-n|{@XLM65_XZ?yp+%aSQlvMptINy3S;-%Lh=C2m0-=<vs#G
zFrZw|0i{qkj`-2`8VvmiqSnV#{FJ#=GKRDWx7<mypc2gUdf>U~63@r*6yFOOfwOL?
zmm>NfR~;Bs9O-xIBwd*Tc<=;8npkrZtd36N_{>DNk13>>j1uB0#fp8vxpO5cg?NFm
zg!C^|3!L9U`PUOP8;EqA^qn6SzLO}@_YPZIM_OBZBZu!is^@5CWBpeaJx|%NUc*Bg
zz9PNArm`kox@krnEKPUHCNYwqZ-C{qnpGXt1r$q=_ISds!R9O_c>we@+Q#}kx(3#p
zdVf@vJL3zaVwZ^XVB|;9W2Y5=jL$0`o{)|uMm7d5%8WzG3KeROsMa}rs6Y`yD5~)<
zMH!)E?<Zd+SDMBWIpmbrbL+S0>uEa3>-*8RJ4g=V4g3<$v1y3Fj!c7YeiSi1akOTY
zmf(?nMG3JL3LzkcW3RGUr%=wD&!RbKB#wYPV*EuFHpZraaQqvTN@I4HH90&~XHdMX
z9KM`Ne!rC;i^v-ZfRlcXP}eT5K9%z;&3naKsLzycZLXen@}}qfX;-jxvONhG-)1_i
zuT9tDP9Z#xNYZf_f}twZa)Tq_CcTZ{_K{))<*L-3NTgAYR2;>jVtCPFrU_@UFHaR0
zz3;p@YSj2x0Cv8zx42I~i2%ay1PY5aoa)+bU^?T8hJZ?3ZcpGkoO-Z)$ogc`$O=`G
z69Safw9};3yy+k_2!xn*hND{O81W|*tMjOtnjvvvQT{aWi*%4v51bTs#zyNcgB-O}
zncfR~=7$Y(ed%nrtMGM_-}X@KIHe$s2No<wh{NGb-i<pGKiXNK2oIR}`0&+>Bb+b~
zhWI$?@k@*MxiI1HXmKbqECBJ20YhG(Sw(d|IoOfA_>p%|VZQY56&!$YV4sfs>F)(G
zSkXCj+7rekls}FDWIy(9;&~M4X_sPTCfva;9;u<IEojG(K3?KBj3lO?F2wdtoVTe3
zIsJ07xjU!dsT@;WF8431y^Gs(y#c@0Q$PXZst9cRVVU`r4*ey%lvvrTS9kkLUohdB
zX{Ee&+@*f~>8Qm|xwNQrprOni<o&lWR`cs-@%x4`FDL*2@_)hD!P3mo$bt6nANs#=
z9I2=!Q$UC0wPpAPyn~%9i-s2sW=ltMX|DVPK0k{-0%WxsZV>t9wI)AQ?RFicZGAP|
zdW6Hqy#?FJ2v5VoQKe;z&;o-_Z`Eek?EJO4q<zXEkXOskjXk>RMbgL3`}VSzc#vm<
zmBby6Rk@)op8VF;LyaEGmKzy)YAx~NTi|}c*}ZctriAUz3++FEE6du(lH)^~W8I8R
zf{MfoW0>dwFYQi*Y(L{HNwu)-QbsQwNMTUN%g3RRu+!c(Q>^=x31<~GM{MG9o}6*E
zHAn5zCVX?iL5P7wU1dXSnd*j3YVe#h>k<)m`;iR$s#wqd)>uB`vnZqUHloep>b%QJ
zYi$!fu<PtVw5o&ge3f38>9m}8c75cx%@Es`5R=IkXHlyO)%x3ge`D3F^sFY5mHFP>
z$c>IHSH)WQa6vE8x=%?fNba_*o<H6|8hTCze9(7)JUJM~f#O&>TbE<miMC7*3h0ly
z@SbPuh%R&)*#jR46zt*{MLF^xwpl4TMYBw#>ST~0H}*-St}It{uOdJ*{VMWL(#$wz
zY7CbGxJcd7C9dil>gPRs*r|{%1E-~@w)7_K?1UXZvYz)c$RjPt(XfF^mS&3km{Yob
zF3smFC^KXnWC^5-Iwea*0K!<X97ABf4srkGQ~W6gh@;p5iuoSR5eWfs5zHU?{`!ki
zB!hEUZGmWtj0jueBW%gAhC7R@%J@cU#Cl1|+K{>zy%ClN$W90zPFVb^NoI1tFe~A}
zwpD`2j-HVEjuCevoey&WfGFc3AHwrQoyGtF?zX|!>~RuxyPekWbV4^IgUuHt5wy`!
z=Wa6uw*>CbDX#uKX8GPgjRL<h%l&`AEW<xAyJnqF2j`_@_62w&-I}JMs2)V5nAEmr
zzV-pI#0E&coP05>sPyG!We~4@`zM7i(qzbFihcjxp7(w#wDp*beB+wR7F!a|ildHl
zqZ_s{r9C<}mZ_!~B;^tc<?>)~8u!Q&|8+=iLx@WEq)EOm=n86n7ciW0j84u(V+@>Z
zfpY8RXUMeq>7O?_xPngr&fQh-&n)k@4QGgIa(4{6xH-6J53;{8J2AKHQbZpegkjLe
z%hx8Gk^9y)Bh!n+HpD@&hivk69-XnbwTJx=%!0s#qbxOpH%)ZJ&wzXuKW<?44SJ7*
ze<-%Izs)M`cOUEM99?U3n2P5apfom<n#;Ab%Uw*PK3~xoK`r7(R0-yw0^JFmO7hs9
z4^$1>6YfWzhPf2JsV~VTS(<MzP~7s#0#>j3_Lb+eZ3(G$hVR}>xrCem*;%G`@vxCd
zc9$?YhAQwk-$Kvyj&ZjOLm~m4p-0^@kNkiuJnJi8bUO!(CD~-y0@-Yvsw)^-w8K!b
z`3tt*>C~R>Hyy7+!1Dv^viCA<fmQ0F&aUKW!t&!>qpnn+WS96a%Ptj{ui7$mwf(5B
zt^+^lx~=oXDDl~oOBQyNlRo8GCFx+nKi~LQgGeV4D1X!qv;Yj~;ds_bp^>Oz5G}%r
z$pO$MVQJ=~913Xbaj<d7q9G#@vSK02D4b~O%SwrQTHq(7^2VlVAgYBZD#Zzxcifi2
z&Eu$|rZrb2$vPnb*Oc8JP;8op)WCT<g^GJm<45usOqrT|BKGy98wPrv9NJ+B$^EGC
zOn{A6ZOnU=5aIp;UAZs~RaOz3P$3y?cqy7S2;0<r`1rS)n}U&N8Sz_lD}ew2-~vDZ
z{-qfHp}YV8y5WE8aKLX1{(Zy$>`zCcoJ2nzQqUIYmte~ki`4>oog*#5IX_$$FJ4o#
z6`hoTb>`z1CJXfj+F;1;9{VWw3mc?bRTsx()3KNuA)bW1uBo^N`5c7n2AAeKP(Gd%
zaU(O?ZxMebJMSh>VQN9FJY{x$`oUOV77&+V_9SZOc!aY*14*l|(!pe2{aI97Mgd$h
zbD&Rq&}1+SD{TndOAEv`QdifsD@|2OVNXr($A1D5MQmrw`q0R{0{DBRKU>@o=6rL4
zThb5-Mp&b0bC+tz0F4Z#{r11+g;_x3CSh*K$ba(+tYm<5lGLKqYs+V1JJlz6IK=O`
zO9xl>O_SPe9H&7qA`L8L!c7rk^FuGvg77{=hueH3;a`<#Liexq#qX7_Z>ZpX|Ne!m
z|4QNifY<+*$o~dbMJ%^P|F^Jz68H*e>Ez%PBqz2{mWObpIDus=sHfKV`mG@TaaBG`
z91M-kvAJ}|v;KLFjPfx0%QGCzeZz0pG~v#U;o8pK%N2+?DKDS+7fVfDk6ugnTKAnm
zBlhTdeTi_GzHSvWFJX8Vd+c!{d(&vD`0v#*20apwqA<H9rx?{LbUMq_(_`qw{53z0
z%CxUO>Ahp>ZXypztg|SH`&=Vdyri&lz)Jd>yZf~(<`DSnCgHCfj5^n0n}#BZjS<ZU
zR*6n)cwXa{m)GlW{r#^oF_mdn`p+@>J5l_*m<<2l#KgG`cyNZ~XwPta@BZ}~M4aN6
zh(x%hu908AtxvPhQII)j{ECTO6vAMSriHgK5~l;+47r140(}x+W0Fyy<f9~_!Pb9^
z$r*pv;)IW0vE6;LPJAaw^n)<S>z_Kz*s*~H-$k@#x7UlO^nM6e4TGoutC(1D<K@A9
zR{$AV{wf0g6HcV`92|}8|4Z=w<Imr+?_B-EdXEL+tGlN&;P<E7AN9l%T7xWs_{vS7
z6Bg51@ZZF%i@%Z;!<`eTf1KB^Ypiom@rZ>anvRQ|JGo=_Kt_U~Fk?jp-(}FwdVlqA
z)csjZWOh@EcD$dOXI3v#N=~_p`#h7<e{Nf}l{YRZ5$Bk_GRyz6y@|QnT<R|x@h13L
zED4Nm#7IQw)$7KM1)c85pHkqavd|FNsy3J$*iW4S%OLCxzA~<_n^wfB8s9PBezZbA
ztx~U+J!_X#mE5pj2`3EI$Nyy<w-gnxj7wN)+yF>_dxD)rqw96z6c={pxas{VV4|MA
z;g=+d2ndcYKFUOs+C(xanlly0)8fi|oZ24e+EQwRR;aI7<zx8Z<TbdD$x~I0HUbjY
zrW{YatO5~>h@H_vy<|`4di|{VbM)GJD0%nC;S8T3-;K5>3`o?b9ko^1Npd=kx3@p5
zmSpxeP6;ZsJ1ug#d6Gv5mIU<?$r0#6)sOhuUrL7Cl$8g3#pA)07s^z)Cq6`B$m|Iq
zn2?dsmcq-SBy4mD<Bz1tDFewDpXAxXmvlyo{*U+yQz7djzO;9VN>a>wSF`3TZqfF9
zJs3MvAAv(Ysml7`-V7`qXfZ#zoJoX3NosdQ_C_285EJXZ&LaUi%F8tee`|P{fPjiC
z=qR69<tHKglF(VxuiG~Cgj;m}dG`AGxZ9_Vt;0zUt`Wft*=+N+-G(5t<`jEy4iqB^
z&R(Sp7fP^ZkF~Vfn*?pKc#Uh;I6t6Uz?g0iiKN#5LqmCxz{#AsG~}J8tj?pCJ&3Xg
zwiP5>NAWzN3K@6IxBwi&z?C(Hb@_&>Meif+WD1&gw=DKkWDIFP@;;HVR01*%v&xlu
zoHJ@wCA>6mXX(A`xBW)rbF3lQ4`iVN26c>X?PlX0RJ*w1W{hg4^aIVa_*5qDeU4ZH
z!)6F5fP$W0=TiHJkdLj+=kA{0SD%YvZQWNbVQ1<iJ+)VuXd<~gGM;mM%a7QMP5QQJ
zDK0*MC9<My7hi~=Bh6S(wrIL*{7n}*-e_EFcNRPM7B3Y<JiG{jgNAraGD3a*&7!|y
zx)0Kel+w&VwdQsq!WNf^H>vEMJNVMhVW1?-koO|;iFXN!4(ow|a#Cb!#z+nNT*gbi
z@?Jm;rW-6l4v<#-{HV!_`H|9v5n88~Z+FGciD+|V7+^NeNL3-pjkUDnrXF1G!Yu?b
z9C7ZIl0&RU@n*-GKD+XEDN^zg!mz5Lh&;299F~!h<X0l6yaD6sND;=9VikX76T8WA
z&HTJ;Z(7)M8`TIuN-a7iWu3U#P@dxJ6ocXXwQ48Bj~-P|V39=)nXn8?FfPgk9<CB9
z)h|+O0m6?(937>}3uvOi1BgFxM=W*w5<ZioLX89)plXrKMMFl;YL=+83=H)tHNHM{
zCus@agFJQ~PDgNlhllu{W$L2XK&nK1Ysb5JQ##}ky55r$7>uY<<cDpE*@YbyMfB)D
zO7sKYx*{d!37xI}{?C?jpx;Sbs!hhm(Et~Vl}^)-H-8+$z>j9E`?3?B&YG{L-orB8
zb}+4yN4v&M9tid$Awe1;@5pO5e_?EU?D@6Yoi`GeSmXf%tU!ogo8uvx3WmD%#d*??
zqSNIKGz_r98yU2X#TX75@|e;SbhifJZLMO^8H02zK!|U_CNdppo_}DjT@}nR;pK^4
zhij1^$B(|ezYgxcy7;}4P@Rs8I<%wPmZS1|8ufV@2m%p-V}Pe25SQqG>-4Ziztc65
z5;$7~;ttcm#YAkhy=K+5jUC7lGqhhP!QrF!IwOHvM<mQkX|d9;V)GY)zJ<-NI!6D-
z+=Dpx0M9>15uR%$HckGm<_|^~U(~SQGxHN^P(JZzOeI-Up6;*S@LjU-e6p%MzFSQs
zH#evuI8?0+rNM4>e~d=(^jKn=QLn~b+&Y*roI-8}q2>Ori(LSH6Ed=MK@!A2-r6Dq
zX}d{LAAs8Pdr3cg0kzAADd&~}wcCd&>t_J9*Y}*d`_ArNJFBnTxV7C1?0lEbZoqVQ
z9^O<%dAWN!fHNtuWBiU>7#f-EsixK+FFBY-q*)E!KT5}Itdx_;lj6r2^qX(DHL*TZ
zHmD`3@%Z^#JJgfNQSapK-L#6W{3NPpX+*#dSwtSu3G5uZ$J@jTGgeMc4V0QfXgV!7
zDBL8{o@ox2CpN+^9Y%>qi8umy3=6&-UTpHWwWx_;Nytv7E;GOp&E`hE8OE>FyOW)+
z;E^QyXaM!gt%C0mX4%meWCQ2;!&$YIFBUp+RK-A(>@2ck4?r5K#MGE=p)}ecFkmgi
zC$-+d<J6D1w1^DTQ1ey*1lsT_ay=EQi^|c+;<;wKJwIh6E?NVKT_9+8U=Da($evmS
z-IlTU|EvmJzD6s4BJ*8lBJ9#819ai<0v*EGc|@>Tnp)}IG44+XYGPar;G?p+#O~qj
z15~d|XW{#x>>o4lJNY?)x6V->6zz$jO~-a~kAO~L?_0y#gYPWOc71Om*#|m;v9AVq
z+iqOV!T0fqh05d{`JmosX$qYA-v8_G{rs@@TQ1WVYnVZr+v}hHjvh1$u#{cDEgi&x
zWi%V3XDTmmcAk@so<xs+W$rhwJfGylzJN}x@OZ%fNQ9qyT&XW_;;yab!8F~%L3&B1
zZREu?osO1DzNz<nyt0|U0+<3@t;Ym#nihMNy*lUEWEZ<~PX9QR|I8Ecl3VkRS^MO8
z-=+N)3;!yy7G~maI=)v}zhx)YKg$V8JvSRCM~DCNHh+uHe_Uey%a{Kxw<4!IfArD8
zfnRG~WA|N<R0f1HIl=e#{<;T@-d_b<Bihe9Udx#A57_hi_|&ZTk;-?K*GKILR#(Ow
z$<WQZVqUKrUO)jcxknk^7VFPId%Uop(KH><jCQq+`z6O^fo31gS-1?%gg*{9nj(fe
z8`zpysscZW?IC|wwpwy;#mC7wIBG6Rsu9rAMfhP5Qsoc~)5}G2`yvv!JEO)yXd)go
zIIpmXci`gFq&SWMSY|bUzVZ0oD*4wa{5hDJWBRT`@O>B0{+p=!-%<Fd=V$!u`6pB_
ztk+nOK6rJn@Jzea5|GH{`M)()p%vdMn8O=Dnb5Gn1M|0}LI!<RU)#GE6PAy^C@?#!
zlG5#gBR}07cW{F#rR4Q;)>4^L9_g~oXpP9`TY{I`L@{z;cG2k;2Xx8OHj;`{vLZaZ
zj5^*hIpY1gZ{R#D-z8`_V;!5JPyeLKXtyYAt6!;@Udo$#CAA{O_^@0U<4|~2)}H*4
z);U*uW*&@xZ{noPa(PS}b7P}Y&VU-hvNfM4CkRJgCTaHm(RThyuI?h)ARVq9QoGrV
zUz#CpvKH~q8i!nE@bf?!7XL}}D4Vvt&#X=zmg<-FI<^5>f!C@_bpc$_lBG}5MqPX2
z;>qBnJcp5<f8^Aqr6*nb%9^nSXFcboiUKQVyY}d6gFAEPS!=miJN;4`I^xpUXh^Ro
zZ+f-Pra?w^f=7kP97uhDn3OVb%k*5Y0!OvD667#d+@Re|IpmCRvcr>C`fex*Ibi7}
zAP^x?ULXkGAdU>3gu(d>ZY1mNv^_Z$Z8vH{SL_#hu~XW3la0!$*ydtB8%dNI2R!--
z6WP|8T3;vu4A2-Ho}wTGVzw`woq!-%f9x>s5a^%O;zeV6%sXtvoY3R;2o|3;PO0)R
zh7OpH3o0-MskKTGDe`*Z{Eh2B&X47uw1ew{nK0}4V8DkrYnFtf@DDqpgoj9sF&o4V
zp&MDHXC>6uk#CqA<_Ps9I?e81o#_6`o$6&7;>({+0)zzu6`y~GK6D&ZrkTWyOmttt
zqqAC7c}ug(Ca}oz0IO5_u}-<F#@;LQ)kTmB?Xyif5oT-4^JTEG2SBhy(fnOlLLl3v
zj?U`to$Hv&9o39lRhyGG3t)KUg7gOhZ27tQL_r<~P4Gk$KxAWtp?K$kf_nQY=R^Ad
z80ubeauLRWcRh3vDe~Y5yc=Y@3#5yu_Jg<w#)|%cx1Fe0PeOex)@g(94uZhMyfslo
zG*nP{7(gJ}5ocL_Ye{!*EQ2!3dAh!1?R(C>9cx?@mPtnsn`N3!LgGZddN7e*<~be|
z%>cW=vx^<D&{Ss5A2ho$5KFpPJMr9_`}Bsy&Pdt@FRHFTN8o9>d&cQm%bnf-`cvIK
z96{eq>pRzP!58hi0;nzAk>9+Qzsrm#(%~7i<jd{d%}t^WY(IdBwf#WOIr(ACx2cnc
zcE75t^25iYP=C|3N%o|>T^?Vdux=!=MXA)4RK2t&)Faa1hiD|KFP$(S91$Ge08q>f
zTM*R!b&`0lW_hWTa%EAt5!@)M1j<{`!$Mo%rfO8hy~yVE0bCJ1ECIB<FgqT;pKt#1
z68W&4IQRY?(+8aw6H2<E(jozMHH&=5I+?_dmKnQO<*vBlq_p4ZdWPOd0NN#JA-?Kr
z#x6rb+KQmd{fp1OFllR{l|_Lk8Jm5czn~e`&`1OzG#xOJmJl9MD1fkF4lz9pLNu<n
zEhRDd;799dfp(ji<Ch$%PsFh|)xxLHgFJ40pIdF|);fM>_9<k7{s;jAus`Z+>Wv$;
zfJ2ynDlyqLAp#H3j+fFgb9;)zI{>&;Y7gBmJt%+T@kHZ3KL8~7goLUj+C5O+GB#6Z
zZo|xRG`9|q*ZW(F4DQzpU~z<15pQdeQgf#qrySBV+aY`?oEV@Q2y|enj2{m*WEdgN
zkhXrq9R6*q^ZmBn>dC5$fU}j^7o?DFVoW8fBll18AjjvXhCfBlq;Z8}I?YL**-o_0
z%7l$x?ZeI`jBQwwPb4G{Cppu1KHsV3Uny6kjNcmMn{tH^{xjwN?PDiWFRU}!kb=Le
z8=icZw=Q+*ScI|^d$t$E%`h(tQ2BZi_zx_iOwuipOPd=#*gNC7Sz^;XnKGEnkj<D}
zBR_1Tw^9PqmTacZ##Vo<q*yUF-%t)W2_-cDTFIQefF;EOZCWU=Ag?R48d&dw>-;#p
zUeeKa0ryhEGD5u&R_if+4Y0JXPCA7#uIJH-;5gH1%rf0xFH3SN+AikGKxTLYId4mE
zjTZciav#}rcnrPU)stFPzsrdzQ5bmgifR7OZ%!)@h?O1?l?i#^k!fDsL{2mOO=XHn
zHPnof*15oIA+c^<6+g;H&5zk;2rG<~Q2H`Y+Y!kFt(n)hjGE7*3)60_J*X<{{sh_;
zabwCv_D@V3TVT{<&P^8?JKJ`}H}does2(|B-naePV%#8|N=kywdZ}X7>FzeL?2^7h
z<IbR=TWc?wGKaWy=D19ps)2L&lEf0}Oea_!vA6a)T#x!lL>$Ns3PnUjDkc(IfAF6-
z;<Dp*FEuf6kCo6PddW|%2s)u=KVwL-+Nzo_@2C{fk$eOqrbkbjm-8;-$`eBZ3B4H+
zA<}~$Omz#T_M|P)gQF36veyLo?((Kn85?vN>?Xi@xy&EpdX$^-lU1JmURwy|m-ISc
z%+InXo@9s;47n?+)i~x<8tRh3GWi2*fSNqkUga7(O2<bDNjX;HATjN?fn9RfLQQjj
zuE6FWt(H)&(efq@ZoE)l*j5r~W<$Atg1?|<u*>?2qW?hZ_~<ijRaVWRX^O?!@PwB2
z$)F~ds%X?!7YgR33X`G`BBpeROTD0;N0#)!a+VaE-1_kQ9zX~fTnx<BWHxP<E^Wg`
z-iG1C-hsn*1NBq^Apm}kiBEeBTgdb{H?|(FFm*TdjSHfGfB3CoD-(t%=y$_g_P$CC
zN7Wwa(=)QdmdU(ViB7lKEJuP!QD%}9pwb3YHRhA!9Za@9Sj~|h_L&rHMp1h{LQX5k
z=5Sv122MI_UMIG@YJ^C>T}{kl2fUQC={bD`WpDmU`z<|?NK^MP%sOAlHB%E<v}Kz?
zyS46*@wsITwz?IZ4EQULf{v-ho;d9DWsG+%b!`KS?Gc!#<#|@64>QZ3o<%=4WCriu
z!kN;-?+Fz8II8M2E7r<<q1<R2R1NCzCW@hidMZQdLJ1#51L+EBO!Sa~#9sFzoN_Jm
z?>Nep6?$<%zKjQ1G$uX9%U<*>YyB&$Mw3OjAp4eoWxfCsz}w0CB8G2=AvtXIGi|@y
zud<>3&ZV&E9j}i<x?&v@b)C~v)+sMQP;+RcR0`Rg2!iEea1Qo|i#(UI%N&(_dky~8
zJ#77H$hz6II{6k%NIP%qjlda($haT(3!;6QNVqnEWW+!$6dPrB`2(^&067tJucezM
zEwC^{@`-mXa5(kSt*}UCjrSwnxN~j3m=)wnr(~OaNV_i!!tT5%G%zlJpydQkTec6V
z1A=?^EAT>BsV9A-^rgnkV^aXJP#Ot5ET#{wLn@w(KUZ*jVNya(AayUu&`!zJo!Sg|
zhP$E5^W%2fMyLDz4SHb^tEl<IY(dK6UK%T8UJ9s1jD82gS}mAB+6!bMK9&e3Z$P5a
zg+tQX1Dpf*Fstf=$Z#q7a0~7{@^QsDX>*w&r^S0jI0-D`+<&2s*6G!@Vt=i|qnjD0
zbP||{UMuVIfX<OssF>&D&EXmM-)i?UoZKwA?>2-i?0=@vzl)?3DrbMG*3bV^ts5m7
zGX*uKc4)CIy_q}!gfq3uV)JCHjVegT7FIEHq$~KugI4j4m)ih<&<S}k(?MG<FfrO)
ztIUm!2X)m#9>yNDnrpjO_+w?A-1S@93W>|g)v6kG>J9G`n|GVuPM>!&wC!p-DX5mT
zEMq{}R=fr#kLsn?hiqQ8hd<ABLZh3nt%(i$k+{Y*iWASdkFCvzT{cF{R2NqFyxk_e
zYt@xNbwc&$u9bg^6IG`HeZ4s?JR~$-qFH6_bC=M!cRPz+aE2<czw2oTi(2o@)KBAI
z>Z_$Fk7KB|R4GnUvtdVsD*KTT{&87~ci^^Y?jEyV(Gsh_ntT*jS1Nsoe6up~qz_LU
zcD5jy>bz*4OPqA3Tsek^>0ixS@m<mW;&hL?N>qZ57}RT2)!`w~sJIg;$Qt#%3zEZL
z*k13qeJ9V{VY??s=cRFHc58@RNc-@U=Y?_zhYv#UvksO^-b0e(6}9Ir8i37<ac@SQ
z{4x5Isyhj>v*Q@BKuSq;CL+mQF4TB`NQj<quAeY{bsY92^I1Dqf8SUv*!B`WQ6GVT
zcY1>h!d4hU6&D7;Gg}xjh;fJ$j0bSW1vSrgNuv_rH&Yd`wF?4ps{8pOVPPUqzMQqI
z8A*r&j@obMG_t4Fk)M&qag(Ro)C*mQhq-e;Lq8$;<|R$2Y-ZLD0IE1hos>H26Kh=6
z$j_M1kW-RtVab20JNgQyu0rMiVMlW&8TrC|)&=r5>~>PB_pkn?<&XcBHjDQ}a9*?n
zG?OSF$eo$bB&Nj#o5z+l7b;};p2$=(w!yy-0)5Q%y!J{{>XQkNfi4*O2`{|ftk3n;
zltfGmk~olV<K`78{Pl)Wy_CeIt#|Deq-a^7j#~+jn_H{yCAbrFfSi46-i!1_QR;uB
zt`XoVEuWd23P#?CK8csZ0960SX~PX==UObmyri<w-}rzwG;o3PB2~I!N1RivsB(Lg
zb!L{GSS<Y|bV$$t8mpb`Ml^6X(U1wcgDm%cZ(cCbH@6H!x_m8aKLvAxkjpS`fi-+S
zv(d$^VhVUTB<HLhT)+<s?6IjsKmOx0HvB8ZdPj(rB9I0`2LXmxp>K!mwvWhnoJ&j~
zkUUHdr4?k*I(twL=kSio&AqQO5ex0<C|HcGEzFUW>Z&-1BmKAbqS9z3YsTRr&h`!?
zXr^v_a4GEK9i8u`72p!fqdd}J*VP<T^eBO=d(Tb=_|&=F#3Zxxt^nh7t~1G>{311&
z!NiGNBPTomUA!2`Xsu&oRF|NlrP!wJjoOEUyW(!2m-mw#L`76aNnGx^(u|dnEGh}Y
z9KN+IH?;JsUl@d@jRGJG2nO-Q4hZ|{oLM2b_TVTnd(xzv4l7|}o@nluqB+!aR#4G%
zBX<Zs0&d$Qy&6B?<%eMnsCDWu?JY!SQ%S;73#Abq;J8DNmy2n4{tuEaw`)zT?wgOS
z5dSkDG5zJD&sER<l60Tlvt7XYKJB`eJ<;iknktlqQVj__0H89#)VhnVBnirKuj=jJ
ze5AI<SJc{&=7>qoOA$3RgoT^4clGAEb5L%zriw`tobD3B;<>Ymawe|5u<?@n@kj+e
z&;+LDs5EmOjlG&;S)+sf@j5>KscTxcw;NwwSm^24&u?d1U2qPIWkRM>K^=_RVUp$E
zyq`y1;Er@8O&kt&&~Ak_?F3v*eL9u>8sYVNcTh*8Ha6}w&cV(BUqN0F?xVW!LFaMy
zbh8M>LdIJ3G#R^ZR9%;Z`o6!R(`0l$Al%6JCR(UXlRkDDuFRaNWlOn}rD#1-p393E
zd7|F@qIDnfshEmm!&2N=MtPxkYQ{MiF*?EJjHzH}?Zlf?KG^F_uC7&<R?`&H1avO{
z#n~2RRj3plbx_r)nYC`9QB~(rk>v((6v6MLY+&m$cXQ}CWxhfuF&z`O=NjuEWFd#U
zihH*n@j*3=r^4*Jffm5lkF<|NkcN5~7UEC2fe8j)s0)_BTb8Cl*Aif&k>U^QNv@OF
zkrhgRC&3SS15y}$ODHDDTc`%18w}Z#jR`C+3m}@>Ll()%`;cF52BbLQU{+^a<XJpm
zf*1UmnsNnRzW0MH>MV4vaS)=2=51kulv^ZW<9Sxmxt^<*&)Ps+>y&@9be0JPd=d}!
zwodObcgcqYI@j0q2erzgUvmV!rduMD)5~W3y1o*1<<cNtTFu0>`1DwWw5_Cqh#nS4
zyI&UiZ8dO=@iytBMzNG!9kLAtbL^9(nXgx%AcU8194-J>5P4`nH1KYab$X#}luS-M
zSU)(j&kU6l+gjF*N{emGIwXO45(7u@z#Z^(cc~{X0-7msrD+n8Q0V&N!?C+f@<Y0A
z#-aO;E7zH$ZLniMcSSpQcv^x@Or0+A6-Buo=HmIzjK}icN*T%<rw}aX#EbgK!Y0lQ
z4$j#DD;AG*`?JRCuW7}0Grok(SGX23(L`T-P`P+RyeLfpc<6c}uUX>vWappdIE5Pk
z!J9HSpGa3<NY%U%tkgv9xti~iNf~j=lL<Y*VOM&-kh7T9IQ~q(=40T($OL43p34fn
zOun$EJ9zi$niN%l60C3zAaiTMZ~v%>OhUB#_7DLilGt4mqQ!D`r`w<<^~o+$kDuK&
z>XKS`g|&<mSeP2k*5tJ>)^Z6%7kgJ7T|yKJ(ABssnBj->Udi8h9HUG)j<YX8^`!*f
z<&f_HrM!mD!WjZW0xEy`f>6Mu6UXM!O+!9pXWL4U3lDvC(gdcrr8&Z8zTybB;X*mF
z33i&EhO5~uUbJiYf=?sa#<cMW*S5_U;)A3X0fy4u@NI*c7f(8bYrWt5!b%k$o@-Cw
zvQc|32_PC-BP9%gGfmC=k%b}fX*sq3ltUq5bA%r}c@SVU73D<U=sFuelKFane3|R!
z)pepDd{;8ec2dY_K^$hfMnDKa+r`>egk&89#w}Su*drp5^JkdM!r5(Kmy3F{D?UP%
zyzgMiiTcesW1>)koe3ASO?Q8Ep<6IQqZ;)lP+UDG+(Gl25Va#}F(n#icFIgEGM5!5
z?e!_?eE;tS7$dr-A}kmH0O0rXe<~X?|4n#m7t(veNFO?-SGtAWCVMaUXw((&YD)U3
z^EI%#mLV+<DpsU?DwG!%jWP8yvz!JQAP|<mMnQ^1fuvItX{`=Z+zuBVUM_O`Lljo4
z6%<dT&r$63vkX=76<ljMo?MV|nP^t1Nn(jAMs2*Ul53;w0XaVI8dr^O_Gntl<5K{U
zbsG_nq!Cr+PepSq+6BMnyGl<R0<R906ojxnEvJga5VL@t<7C3j!p-1~4h+$@&KbJW
zr|a1s%3ak8jFtkJ%y67)KAqzhE<%;B{FPbFpy=H1ABde&n1$A|R7g=tj}~T5a1jMv
ztd(ssWnl0=U6V<L(UEQY%fmU$>zXJYSgpKf3rfwC%5^f_m2p|!dqNiM3=G47(7>dN
z`cVa0KWa5khVF;1>ub?3v?ekHwDedbBR(Kwol8Gu7CP_q7<WI7JGwAwqnqxdP<xX%
z=j{AXh6*UkyzQF%@eSBW)l!OsS8+O{`<pOT8Z7HRMvLi)XkZ0`1x)dc+n`$k>*YjC
zphJ<}1H-4ynNU3J63n%|C4{~7>>}m}A~MP<4>vMeD8TF@F@QPfF^?6?-;tiZLklDH
zr2XOVKn0^|(RZ6pAS8*3b6?z+0aWi?7vv;ETtj+92v%Qf!oMt|>VWc)s<~}cxZN2R
z8nq+S<vp10&${QM9%yU|Rpr;><sC#ohXZv;F*C3n^kAs;#o18rNm95SJD0Rtl<Z4`
zbNZAls8`3=tQWNoOFw1HecaK1%4Uj;LC+$1Wj@q9gKK9G`e0}o6^JdOU*$JRU<!(W
zSp$-pZ+ZhOd1BbMWvf;nc#F+Yij~5}+>uG6DrNUj?FW^OKZKsxnGxvNMyJw|+lLtt
z2mr&YXCj#I9I2$}D^iP^?UEDp3+S&)m{v0UNi`BHM@=J|A2L*lLYG6QrKowH!?91y
zu&%a;?vErehiODKG6JfqNXO890gT4srVu;o794)GxyCA*_vQ$83t|9>XU5w@k@Ip9
zV7AGpC;?2WlCzq)|KZF(c*|1ek0HB)fgB*}h;ao{?x7u`qzX*6<(njQ%FKnLtoO4<
z|EEMKl6yZ6RCx`Uss-?(zN5)dQ!hmYpmLQS^5JEomEZRr6`g>TEe}LvNXlEABajz8
z<_O2OPMW;yaY~2gg4Q|bBbJVa)fAi%_vz$wsODpV3<)bZ!n2No17yx|4T8@iz&Xz-
zsK2+5n2ZKr2*!>Ah@YHaL?uYp_lunNw!4i-6-9?~pXR1MOq4e!)$YMIdB>@u${FZy
z9g_|@@lLh6aBmFbnA?G2hPS<Z^%^bP2B$(T!3Qk8VYmD3Q?}HkYE#l%vQg=F4E7l(
z;P$HcW^dW{Yx^}1``~v*aFwJ=i9RjRnSWp4$GpwH;=57R{JKwbcCjKRS5Es>*XUeS
zu5MiTDsMt~T2OuuQfG1~aomu_BPa+_<=gRFf)%(nlg^UWhxO=nSW;fHQp+ieX*%FM
zE&r+EU0JPtR$lpH5%qE=qUBEQHYg#bea=y2(H;th!i5HDO@JEhWe7&X%zkI2`{C=7
zE4HMff*B*);sfesf^f#V&uP5MCG%=3NP1szfq<m0NpQ&bds_x*rRgX*Q-B{OIA=KJ
z6Vi6s=of~u$v6qOx^sG81_i@v-rX$|MfGh9=Whid9}@Z{e}7`r)$x5ca{?#Djo4j-
zeG-w@Af-ZRJq6oEDCEq3_Ik1;(csiRGd+(HJIQD+-6017l;@_WcmE8R$tHIkpFOP;
zL7^wF(k78I6Sw4op%5cG_W;`$0m$ZU_$Yf`K4;xBQa1ctBXBY#g6rDx)-%p&8P^Qb
z8WRonuc7f&5%eg;)M&~b_629)k}$4e!KP87x*lV0<Ft9>&!m}#@L2@q=JM{p>^$vX
zb{>2Em(CC_`LNbfB|m4C1=Ow>YHMom%k~<Iy+AK~3$Z~qC3Xy$I484lb0aXT%bc`U
zR<V?p(QAsPCCshbuQJQpLf^`OkS4z(ZNjq!id_>5@0P>Kw-O$8vpA$S(cAk<b;$aw
zw#z(yT%R_c=WoOQuNBcc^mLTj@AlLa)PK$<EPpqll>gbzqi>jMMXm;kMfCeNKpx%$
zs)j`eiRTH=Sa%Tc=~#GV@{GcelTXD%Lj;3B=!VYEwEE!2yj*@rDR6@4zKS<Nv9jH1
zi8KUJl|Q=gc(>`3Ib~_zHSITA4)$?}Z+dmVzZAP{bX1Q!cqe*X_{KEl+y%AIwPko{
z>zoVqzcH?ap>$alnzsb2I9()#`+#mqT?BREdi<<bcWF?Wu1#69QVMOPdW<rC*cJ*)
zw;1W(QqtmeJImgyRLBEoU3}dl|9)v|;Z%HSH?K0L%0OuWFwn0(@H9e7i-X#R&(^2`
ztK7Kjej^E??|iktx@^rcWemfUOOv9QA}V0!&%+RGe!7<xtn(f>U3Yeqr+2+llv*z8
z)MOv%Nc7<edRohjG(AK_Lc_8aSFXnSEonn1xvvXtNvXN$r5*c@;?y7TIh>4Px9Z}^
z$1?SnEi|Z6DibvNW&Cr*NYQA<fj+Xy{=gZ!aGNM6xM?V2DvEC(-|qhmpC_e6wlZGH
zLutq;Z=jFni@psnnQ+iNp~Hw`0=+{uwG*eCI1`%3rdlnC1xoMh!^r|*pRKGB#Jb3d
z@|TT2s(YU0tOWTD{g;i$08TZ&aDGB(KK+S%aX5bv2l^U3a%<}E8NBf0rQ`BJ7}r8i
zhvTlsj0_;}@USNw#cLIM`;@q{d^aM$kZ??#6W6sm$llVEZDxBAi7nBrt_G%4LD$Cr
zz1uH_WP3>y>ZtB8XnC|PkZcF@06=<~f|Q8Q4hIw>0a<V$2b3%-kF1Dk$^h}BkzLk2
zwbVy|xMMSYU>g9ef5rn|+ER~h#e5}vhKUegf0XK%YmiqW7?ZG?Fk}Ycp2CoIv78D}
zaGN<udDWA+=6Pe#HGX4e*GvOSM<*tMJGvYG`}-eW_#g5$HO&XaD(_Fj@9(^h{fHZ>
ziNRw}kf@z<eQ|90koXozaKODBjDq0uzv-oJ*@)bdgR5m)DwTovK9?OpD>Fn{SGoXB
zv{6o1Kpu*!#CJT`S#xj!qPNJl?T!s_Ns){O-p4`cEEqz=MfXG4h<QdCZeM--7ogoA
zi4J!tq0^Nvt3}04WF4j9izvyqhRMbAxN_NU@}aA*z@%*Otnk~9rc!XXzFrT8pSpE)
z+m?;mGNrVd+v7L`4edk~{6&4!*sCDbYh8nN)%7LC+VbSATjoHY>0S7qxh@@V%Vo1F
z&Oey1MP9L7f4Y=1LFTC?2F^gt^~5POfjvi+;x4LtZEp<r#uwE3T+N4b2u|=n6zH4h
z(43F^{M-7TkIPtB&^IAGK>lY!_`54Vk-TQT&hq`T7t}pA$V2*K7zcG7jF1@BkCxgv
zDIDMA7Hxcvq+M%gOtg`2ftf%$8jEl-?+mE3%;y^<8f83^_R?K=e|S-AQ3;Hyz<6)5
z#_3=c@w6bz`Z2ls`RtcB&_pu&n%*clz4RC+^SE}W<KxCyRn*j_TdYS*t(u>sY-x2>
zfTa@6sKmKhdt!;^20PspaGV;bVYfH$?-ktGzIda>YR|EF|A;`FjmT@+EHxOByXw-B
za!26bEGh6gSA|YmzxtfHAlyr;DlGEFO6-P_yLy)VkYg#)9tMoY^@c@J&0=NsPyq})
zgEPh!g$r_IzKH9Mx@X*hu==#IBd#h{sh@(jriMdh{o2HP9CnBIJ|wwv+Jc;gkqf$L
zXB8k%>g1Fdg<GgJIdr<IenFFSUFm#)xEa0D^P;Dqw2-;JXYZ*X-AmM5rLKIl@n=y}
zwM>koFhVSS|1nQ(O^573OjSOTYy!?1Qn+A%JkL8e(Oc4iH`H3G0kx8%w~@wYKA4u)
zy})cqQ9m`flB+z}+OMAu%--EKPJ#G+a8lwtL@e-@$_0LE7bK32QZ~(m?Z@26WZtgx
z3FyA1uvSogV%L3-DMJ*h;DcG+D<G2s!ZgCB+eBNL-8!}80>Y=9k05cyM%e%#xQ%iT
z+u3L*02JP>Xz*(ROJ}eg=1N)CzHqjBm5s2|3Q&5Rdio5PSXhiH7Ktpiv)t|hy!c$^
zAG+(jz*!Ao_n#PJMSBgcD^T98De3}%^1xfR2-i4X>wKG86B<*moXPuc+t1eyUMfx&
zm*@q*jjqlpNtWNhBPKquozjX(hJ7EuT0p^AIiL~n-r(83NI|3HXYcMtL~uYSY!49<
z-OWM~SVbdJQRIY1&w!hg^hqwOxe@<x0B41H0Um2Bn_CuaHb_lYy1ZS!`fc~hP`IL#
z{5m8?r|5?RkqH2bBZ!tu1@qoLN)(cNdG+s)KzDyEIQ*o<Vp2OXCK?q?jAsx*gHcIr
zW8=4z9b%96bJASLW=e=}2szL8=<<AfownKP`g{W_j=-7VTy@l%MsbD^BjlBVAiybt
zKsAeGzzBknmWXtSH*}Mwa2AH;H3pBIHZZ~BaiE8Z`gFfp2h9Pt;LrXO6VD_iPdGO*
z;?*Sn994!pr2IZQG#(HP!U7!UV1<F4T7T9VQMTb(mF4qqUl-^$Rjl;>Zgc)X{m*BZ
z{ohQML?98%^Cx^ymgw=NgGjvo*JMeU^92g<KPF3@#l${GM9zw);P66CUv96pv-<^S
ztG6n~`c%W4#?MaY2db&&;FQ!&+?+hjyV}FxS)-&$l#-F0h@~eRk0)47x<7B**iXXG
zxzv`R%m9QJvWSWgHOCGO8BS(f$r3J=HbQ@NWh_{wi9RoHO4qTxKr9>4<0l_Tj}cW*
z<obAsez~)ZE6`WY{UWDW324X@CEDMbyeq<-Nf-Q+uIvbq?{QU3wDePPZU1C)jLA{8
zJrH%7D`0HyjDWGMAP`l>jRLijj_1(cI#4V>)=_e4y+NQvx$(Wzsw$&g*`-reyHPls
zyacc>6Iusa@717jK58`Uve|%<U2Sqzo?A~ia-kG*pmO0W%$-zuR`f09<k5<w+Y^r^
zO9WO(W(bgkGoY;Ob^kI&aLC@;UJXJ}DsgJBBf&s8f`ylvcbFbBldOm=7$r}cPYzBF
zc5vVjUe8X{^2ufavz^q8l8M#FFn_4VBW8&~X05H<<W@;NC4f&j3$QR1Cb5i)cNhl0
z3A`V)3l~pZEtKsi_I}OsExI#=O8yff0DFv#)}UdD3z;WTp2gJJy`YIAGhCtTh1;6Y
zy<wRNBd#Oy0@hEvkCe9BtOIcJ!=_=jrFFRwKh>wvCT>h~1MaZp#tMA>lrfxE_PFxj
zQ;TI!9<D$^Vo6gLs(x1<6L|?s_F51d+9<A~WQg^=_$_ZB`BpQmfMwsaKXPA=-6$N$
zVRcAyxh_i|Xtz{UxAy_~7J`PYOq(QGNR_!qU|isQNV+oou$#viL+eiLTPTIx;r5zE
zD!<~x-Lwqp;M{T%9>{mB;Xp!#awCqJQVFDiV1La!vzgeziQL?Mzi=jVP`@gSOQQ(x
zfC(%9z?MI-qEZ%tE_XX4UYNOJjcXSwkDE{|M{?2nSkp1qGpD5Rq^{XBROsO)(%B}~
zB-@X{2@!Lx#RbZ+y`sSdtKd$T9lpLz9t#*_eN!_zPr(cKXBAYD4ET3F@Cc-e6BnRt
zF0}6@N~~|J(lR0d@)*E~GXVO+1oz+9J)uhez>pfj{<UWl=J#0*X?&h6&ZDfHk&0MG
ziM5O7J$aERD`%s6OnbCxx2y<s>jB;2@CXzk+6Livs4o2otQ99jk#$e;`wO<*OH8R-
z2I-(BoyaX?JDXo!aM0%ni?u^!@BNpK!+e#!ki&q7@#EcL=+nd-#9?TRRrH&$2;Hz(
z4`J#a&o=yo9qu*6VGHbY3p<4?#PYg{_j^yNayE~RGq2aSqp(dDiTziDm`+KvzVRJg
zwCM<xesBq*{=Q!p!KLo>!^(WU{@Y6@bHY<5^3yr5dF5;RyA<#|ZiBF~t<F`ok2jV*
zEgqRMjL3X3$~lqk*kcD>C^lw0S8)A9Dv~YPo&3NH^*S~Us=R`$in_4MSPh(5qug(<
zdQy<jZJ;J(qypRb%604ml%>Y_+p6u%6nEe!H`ASE5w<`N)&rhjT^D`K>p#dPd2i@%
za&&ANS02OPEaDpIobr#m99CZ7XRuSuS>(O6_S5KSP!8TW1KVj6uS>0Dtfo~o=OBb*
zz6X-%gy4jGz4R^ZZr=l4et|hW;vH?V_j8Y$zK`4j!vH<`lL;~13+}5W5*mw86-?A|
zb8MhV6_ZuswF`b6oTd19zr7x85w=8lM|LYl*H>u-IQ#cFh>ZXv>0%IaJfPhgEb(tA
zCk6wCFuE2r%;~!8a9-ciT`)a}%&<6B`OFS3;^i30mz2{vq>Yyz{A7B-STQaS?N)y1
zuQ%NynLLn>D41XKDA8dSPxU%x5nAB+4EB2b_w_x?2}4$k?}kRmw_hXpcf*nYG!{rt
z_cwe0w+<`%-yK#sVu!ywte3o$GqtiC!ZTH!|K!N5cN?6-za3dBl9Q|TmP_=AN_Df7
zk!8#AcoREw7UCL{>t7QpnmOrLRb=6k`6(6TstYXd^XoU8o?ee<wAF2DI><+sOI3w{
z9O>Re(vwMv8xwV}o`V*PIStr0+Z%Pr%n8?IRh0rYF~8fZsFs?5%Z-f;qTdGT-_{Q5
zCfpVe&(c}#WeHpdiJrHr$EtD~oQ6%$K(6?sHocaJThH*+MI$>_(}R-{F;(p*7$LZI
z6oY1JFi@(*)$D)~4BtWfjHW2|!fgss&e|z^Tho~{wth7q(*$jPI6II>*2%64Qx`FJ
zp$*;})XyNEZ9blvjTx^MmMlQ1(Ki*7_%<tiC94CIMtZ7FJe9wk?gFlOGW+nYrbDah
zpexD!oWc&?liq<AlWU#z&U~`JHKiU?xI-+Yxj8~2{J|J#<qw~>hbFfaacC{7umoj2
zZ%vwd;BVpiNk)>*-V4~|loruslX6RBa~4O0xCEdK9#ca>%d4kv@|pQOl0Ao}$0{j%
z4hnPIPbDTu3%b>jK@Yfn$8<_oLBC0V4H??SX>$kLInw};*yq%9p{x&}5Vc{xpRCA^
zaS)v1UN?O^0@O-uRjVMp*<XUXQgM19a7j^x%kfaW0S6#7sCaS<)~Nx#Jyzd9aR(c0
z`BOV_*0tY#G${8%&?*20c^j_iR)DhMF}M=))&}@Ws%NVdaIa3EU8hkA@NgYfJa~Sb
zZWJgS>(u{&N)%qq4`n4&xJpp}++_4FfuG+3qmnEa^QV<aYx9PUH?*K4FF183ITIKR
z)@`AJ;)-H3_4duX9EADnJ?!;S7c%znQzez_rT}K;bFhktsiRNDjk!|z9<n>Hvglf4
zY<WKOE+JF$_!XI_Ch~6S4@Q!gtlc|pbJA!p0W&0g3=fz-5Q9WRbYXtJu#7=7IHCQQ
zh-zQ`voAkU)yB**>t_HSF%#`RHGUBZ#B^bLJNTa;5IZ1iWcITFgLdL2SM2;kCzFo%
zWB`I{i<!ww7QM8Kr$Tlk1o_oQ>UN9k-_3|SDpc<#iz`S_8q?*B-FV2yBYb3^VCzpI
z*43smd`~I1cL7M$K&I>vCIK90h2uwS|GbF^S<w!>pOyj%BR<}J)P-nhPfzKPq8mbO
zIcASrcpGy9*pjleWp&#_Yfc}ZINP64pzBY4RM2%Ga%<o{z%jpxM7P!Vh|@#_BR_n3
zc(-kp{4=>jTR$VY?efJAodxpdMd;H6|Cq(+Ef4kB+u#(jHFTnxG)EPw#Ik(%UOx`T
zk9>UIZeO}dk7?Xft3(wRA1wD_@a?vX;Q9X-dv6&QSF~k|LI^>Fh2RtrJXmmt;1n7l
zI0eDoU8)EPPJrMJA!yLxPT}tEg}XZx@<{rg(|zAP@4MZ9yWg+Uwf9_e?^<h&ImevU
z(Td;4jin-vL?Kqw!AGkS?d9B=Hq;ul;MciUJ6=Umw>_r{qbK*y9uE8^5lDJ#7c4AF
zWcVcGxza#{emH5@3gInkn6ZeSxcwfxo1=v5jI$V)Ka+=XKKuADx#F~~eC3a)rOFKF
zKe1H(o1RYV=t&HM^C<F1!knQEq@h*$BVq0|{3BtmKl&?Sw#PpZU_w8ys_x#2*_Q<Z
z_p*O+a!DXaWcRF{973RLDv$>w*u<1lPv-7iz=5#ylMzyy8V4I~5a(9hiej-1+oWj_
z6TxL1(LQ0`lZ3fZlz8`)8M<5jBnLTgh-TXlSG^Be!|asix;ZY|lfrP`Q{t)nqUpI4
z%i)V%pEB24LdvJ8Uv*ij52$F?EiDvhZZMh;)(Dr&&UZ$>#7-%oFtfd9pYvjT@xfTb
z*EYI-w^bMQTYdgVmeuOUnfdsr1i{3UeKl0EvI6<SK~kb?B+0@zr7YC;VjV>oWt!49
z+icl5_0xxtxcdUp1hb36#k$G@RqK?>nISIrkfdohbAh4O)Bd`YjQ#2IQ5MPWIW`-F
z6FE_G;TO_coqSpg-w0Bs-Fpa9_OUF@ms)O&)D9*s7Hr**_lLwjxQu)gGyj^bINxVw
z=(|it59wlD9g&z&WRT+^p^8B3cj!@5_!8+=MVN}OO4I^jGGFy<W%->_@O^Qlc(UTB
zHQm&}I#Q~zz)I2JeM<sjMB9K=Y&p>=f*O7fu^3~PV{*O78tXlu)H9oO-L(Ktei5lp
z(k9!(^{b1Ys>msG5dnye@kA<<w$P-WT$gV)g)y%`IIS;LTH$l2r7XijgfQ5{7jV_^
zt^t=&Iz+5@oM$9@8J+;@eVkPlSKptPKu!IfN&8G>iz+D$-F1>l6<gu_xcY(s&z*~Q
zB3iN9p$oJ(I_GBGeFfu{C86%|yUZ#YeO^h}a<cs%FJ&+-Mm4^*PA-uI422VSmBT${
z?9P+~A^KYZGcK-Z^DFdnV!X1{azbA$x>m#-{qe+wCEIL>O-i<MGq0}kC*D)M!x@-|
zF+&hup|xM(uw$apMglwZogFj{C~UFmb9p9@ooc@(1~nuiEJFL`@X0?0=<G{AsY>p^
z;e;u2fYR?i22@AYs<shRvXLWN#YZaFzt3}>z1W;-oBOOzB`cDTTd;{YQ7dRoT=5-d
z(gGNAMIwBnCABX_@#FEzJ+3i?diO3;hm8#%&BRl@yA7AX)Z<eQC?x$B18M}cL?<KW
z!Cezl1M*1tQkHGtRpf7Hk!O<y&oR{}QT0J~IUY@uygBpC<$=;URXy{2LK=A;t;fz~
z-VzM&T3eRlx9SFbp^BZ4;=I1Oq(=f^N*^HKtt1-Z2#uk3pvw2t=PIeR3|MM}V#q6E
z1SrfAGi$Hxir0H;MQiH(M+URuO0PXpcOc9Yt(X@DC31#Mb3FFg2v->l%TEfPtrz%F
z1L4c3-yQKQCW7|mg=(A4#5&?5vH5(^#Rm>M7GldNd`3EwNa^SL8G2PE$N8k9<cZON
z1i4%;K*@w@l))cVwypKX!wJI~4-ZfJ5?@Hmj#2W>xP3(Zj^Y9^nxTbJ{==$D#5Tv5
zF$7wqR!g8|@^3!cq)nxx(fI|x)~EH&{U~6+q0fiS`%p3ig!Os>TUNHQhr5QeJCUbm
z8eiM;DzkW_ztOjelgx5}oRM3iX>)_Yi~1)h<B@{z{)s97pTY5dOYgSwCmt>OpWxAa
z|8E}c0o4wB^R&Fhh-W+n$6r1L$MHiVs&=jMo>sSK|7&%N#(UN6XiRTgjS%R{LIHrJ
zW_bgfAQdHY#+?n#7Q1U`5K|>geRD<qiG=PL>@75-S6PIXX?dn<XKTH$kLc}{AP+mP
z-V+HomR^(00f=O-zOevh0`W?jamx%AkGRXy<oM}hSmRE?$Clwkr)2jX`sI?oU#7`J
zm2zQT9Mwlymau^>sje(KU5!QpBw%;{$Chij)aYe$v9N#ffd@8M!Nnp~NFjmQyxyH-
zb2<_FRPpkQ^wgGt3hg9PSDn`I-@lOG5oMs4y=$wCQ$QcD*&^TKDA0tu9TW-geH?c$
ztQcZ&0&=S=<gQUrE8G`pzD=~_hE5oIRi?YgHMWHk?X97qy3<1QP5}lO)TDN1HSQIi
zaPk=&+@tr(t|;T-N*hIit&15EIeE_d!O^5nnG<|U-kCC$`=M*STQp_Q1eF-%D8(l*
z8PJV(GdtceS1-_120OFp8gDV|)sAh}=y_ubUbz&97Fpk#u|5^IaFa;FF=;woVn0Tl
zI$Q83ey5bgrDOd$U=qx4=daKosYqbNbUJfUi}212tX`2AaYjyG60ki#P6wYMbwv^f
zf>0LiaK0v<&ap}xpw&rJ+g+<6*AzCY8A%Hzu;-9hf!^(b%0gtA!)m_<&#({TmN9O$
zEC51WN7gmVFOc=b+A4<#UJCgUBAL&ICDp#I3)Q3rpv0ct93dP&ep#}cwMXDsvY6>(
zn=JV%ZTeOXy>v8ab|i=ot^W<&BDibWlj>WIC7XwNewAM;5>2$j_fM4elVs;JlP&-r
z+R@yJ$Q|t@GoR5|eixIb4`I<WUDf7(Qdx;qBn>0pc&hlfGv_wr7!J$Ac~W6MU=03+
zG#<0(k(cL*@+|NYVe);QG0wj9*t!m4oS>OAL7`vbdm>XtDOxW-f8TEzQ!IM%Ue^87
z;Gai}qjoC<{~?j5r`v~rp4w1oAW@!Q8ltq6m^a5o!V4N1*&~M$$GF}ip9?y*xUuyW
zVqbBrX{&8X_i8o@eIA_~_Go6PZ%6Bev}J3%{SM-bjRLf24Ny?}=+WiyZh+(}lB9bv
z6tiOS#tq|NE=nQ(Ot;QzX=i^kf%TK`P3)MtVwOZs!j1J$K)RI9(8kDAR#UppEz7uD
zx6gU_oH9`t&krbP9f|r}S^>yVW$S~GX}%5%tX1WG)ssHasr_VdK~OckA-?_kaDAcp
zPUzG#QEtM}$K9%31B>G3lYD-zBhiXPi2f^%uwH?)=WWGS@9=a8oN4ya{B>z1Ue$k8
zAEd{zn~aP4P)^R;C($YMN}w7psq#>Reo?z%wYNZ$^99yhd>*hl)e(t=?dA}CO&~Tw
z$9{?jlcZ_MmB<=FyL+Up*<95(>->5PQz+iGx&QR+qiC$mrb7>fd5Zr426JpJk4+EQ
z>P?^oil;si4NohUe6;m_A0^65DV3A#T0OVBdsPOsnqt%QI8^!cDPAmmdK0Tw6eZi5
zz%Nt`vwL^U2db8*EWRS0b`jOOV_ai>DS;IRR_xe|9b6Km+9e0na%rgSFJx$jk=r}t
zm9r=zkoG|-UcSR&)4A3$%kcw#X5lUuQ4K3id10ooRMMmP$<FxYA&l1x^bxOaa07z|
zf)-P(gBU(5MJa#5aT0RV+ZBN>gOl2m4<>wu0f)elu1H1EPs>hh!4i@Z6qt6ZfqHli
zRIZAvquX?&=c;2Q((V?Jo7;^egJ#Ih7K#a>>u4$OMM0s(xe|^?#Orbd<V3n)>GZI>
z4!`2sm-C13K0#!ScG3vO;Y)rgL7sWGA}1xb=obK@lq|5uFCjdyh#fI=E%KOLE1O%d
zwWy?2QN8{{+qq@~#+Z)<jX}E_OyT_R?Wvp&Z#%Dgq5l%lTK+Vkdi_*6()|=x{oe``
z|Iz2*KXk?T58V#_7AAH~Dq21D#z0;MXS%<uh@=$^iHYr*^%wt97!7!@wMJnjFRdyE
zhKI(BV;Wje{RnS~zSvx|trYda0-yR#xk_X7sA8e*_T?+_K3f_Z4r8Gik}o!~=R!{$
zY0dQUnSmOyfos?2>|B7dqe}1h?yox%3w6k{<p+ZWQYX5w#)6dRf2(L5m5aqY>%a3(
zL)>8I<Yz>@%x=3o<61Q+R|L7g1}M4`e}I!xC+-ObusLxMQW)jfj$p`+@7>QT&vSi4
zaMP{+#;B`WuBb2@7;SnZY$>wPNxbX5Wj@Hz4I+NDWuPYwWuz8lGU`Jwuc*z5DlRr2
zn=-K$va(JsFE$#}h_xY9tA@vw&7SE({$=^if4%PWFKPI1R`>Z|_rl-m&;RjW_^aOi
zAMb^~lD_}(Uid3T`5*6ve{Vwc-=`}6zrH&DWnTZ|?}fj4-2cX2VEI?6kpBS3{;g@k
zza>Qee>ePh#7!}DIg?P^r^-Vgq<^+ewly`eG-R{1H8eNnU^TTh+Xtb2QkcGlawa_w
zk)**De`{G#RxRWoWMg8Y{GlpV&h}T@M{%Y_1}U^jow>P!*ew<CLv>fQ*nxb_bkLYp
zRcQ5`YN!?I1MFzQo5Q_}Im(2im#;kmCfwh&1-bIsN`+}33X=e%rK9h_@Jrigj76a|
z#SZOJce=dqqtk5}fthLJtF%CBSMZSHoQ_(wOBcgwX&{ZMI_-#@Ds{N!NJ_eT&J3eK
z2rDHwH5zSZKlfyZRrV)=OWM)f!&|((L6zr@ermC`EJjt#>8XbuiF9Sr6Q3h?8SIR$
zy4K>$q5}<}+wPl1>0DEUTR!BSze>np%Hq2~Mw)e&DoRI9msYUE#E$=nvtFrJ!~!{8
z?{s!Im{gz{7@fC${i(?3<%5lc(PHQrcG%==^6AK8v&Pbyw^H4?0yka6YTb_0GZ2dX
z$g^*8bf<hS7|N$bbIz^4(^KPtT5Vb-d+#^&aq}{rup&zn!_I%aReIa|X+7uk8-N~s
z#wG1;;FK372;9x`QjO1Os-id)^Moj9qNWk%)Ju=Dj}21xszjVf_^dBx$t|r+%Z?KM
zRN-1T+!W1j2t2mLTV_YDYslD5qEv(^OsDr`U=KVS&dNCT`9Qb8F#h<83Mhj_v-7>O
zsAD)NPiB)xC5^Yhd{V`=>8J4mlW+BPoQ(b{T*4$a;K8LyhTBP-LFtBBDb=BZLmgmR
zWL1<M{&64kf<&B<p=@ptfZw}^v7tiH$zPp+bWl)6QX?tQb#p93p7oIV%}Fw8!?cFs
zi*#1f`sSua*sexZ`hhx+cB<3a^Ip-{y2z{DD)k0xA4P6i#nEaxl^p@1bmVlGAJb9h
zh!^@lg}&3Ip3WT1R^Ig?MsytKj-kw$C^PA<?OmN=@8g7`l+@6lP8S{Ce_790z0$z)
z=2Wa0Jbvw17|rWmKB1Jk$P{)dchSg_8@?4@IXT@{q0vA=)jQU6bHZuQ7YoD6F`5D%
z8aj?4tiEZ_UnG|IrQI1O3_meSX^_eIX`Om=^H`4vB;C|6jT@aS?L6ec(8SYFTL8KD
z9)kMS;H!-foC)VhQ+M7ohS}YV(d!8a1E|E$oa^odiJ^AEO1lSD0!z`p2OUxJS|^<H
z6f0L0Q?kFpZpk_>Jg?OPi)bCr;O*en447u{QLIhX12I)SRZC3D`ZfQ>Pb{ib*syd4
z<LuY&3T9r$uYP^(``yZufa7`*$i6<yT-y;4j{(6|8C0zI;F<F40h!VEt9D8c<kb$J
z5(#y9uJ2QYr<HpUa1H2`jb`G$nBy2*F}ohQFldw+Jimp@)@k<njwtk_iVcBXEJf|j
zQ*3GNjql{i4Lg+1mu|_Vard^hQR$j~&N$5WyCrD&09v#g9y%5Oa_Yq%r>Mt(Kbt=E
z`oh)@`f>}vv402^34E6<s_d`58qsNKKX9`#O;`$RWt-Fst)VyGHu;^y6PuJ5D+DFh
zA3QU=7CL$;rsONx)K0$acwLJ&JRI#5(`3AM;Ph$+NoEG6=9RhQtAhE%&=kz9uq?cY
zY*h15o8F0tWrBqcNHQm9^4^tsWw`ST-W5y1uoRR1n7WSEx9Zy71L&$~wY^C~YIbdl
zsVO$-X{PIx6)t05%1IcBaKYrKcP0nRI~1?)W8+hPQ0Tn(JYijl^q((wcr{bTZTDsG
z8@(G6)|agV&@($6IbOmKn074(!>+Y{mdTNKrN18Tzp*MY&I=vL8C2&b$Jurc_Pc2v
z1C5DAe#MY53c(g&qo#t)TJB@2vzu3HbLIDBy}k@=Zl4YCAa*%6)QHxmaL4%Rq%oWv
z8Qiz`S^4$|E8u6>Cu`-0*bWUYlMgNXyt}*L0#Ti!hxb4@!ey<<mign4Z?_rI3G(f*
z(rT{8v>I<F)CgFqTd6ZRUGvMH?$+(s?bS2X`GVW<O}FPY%eR-~3qBWA_le<;4(Jri
zmJI?FJ*dQ{Hdivgx~UZJ`whvQVyU~SS}#O@G<u{QGq1#>4_(yV*S($gwbOb9E)56%
zonW7SwZ!1<$%5^EH`I=~y|fU1lKZeR66w1bb?@PD&mBuhf%71J?MS<EyTA&H+uP#B
z7~8s1c7Hofp%AtCipMqP;JN27>?3_eiU-9DZWb!OL&)$yO(u3Z(H#7DgBzWiGez>P
zIP;DX)7?zBkS?dl{E>Z)ZLXjyk@rcr3GFj5-Ut9(SK9N0V8yiUf_5E=V;noqOKztF
z(}@VC>5T9r(hBrm`wFoZRBuJ`X|h<_OHsW^txrgK{sMkw9B%4eRPSrQYk+kRFN@fR
zWeq^(Jx_f73DK}M#zYWm<TVeF?(QZ{?%8~KMs#)AL_{6?N~963jnIq_iXT^2c3nk;
zh6ksk+A~UpOG;z<b%hJ4H?6`CbzScAr}+1J>K;tXBJMQX05sOG*AH#cb@r&Wy+lgK
z74^3nN~uMc^rCe{wJ!I120iXT#nkR5`t@@HPWqQ*vw0G;8^PrR{Vt|E<CCMkS6{B;
z2&^`|9>lw=!!gpo)b6ml_*dF8-?}_q)Qu{+jNNS4b)kdM@`%O`aQ%)MSfJCEYz;i#
zv$pgx@+A4mQABL|{LV8(Y?~i-Yy0<l66$pgWFnl4P6R6nf5ir6{n{Xs_6_=8bz!K$
z7PFY>Rm`{L9zPWzXw)1uUs!l~p)cGtYUzro+%PtcTrs%&?CJ2Zn<cGHsAl9*;?v=;
zvGm~%GuK$_wmGa?hFPr3M-e&&81)=*l9v6VqJEAVUQL#M_AFlhV&=0-CU5O(Q9I5h
zEwk>zZd-+?TW`Uvk-FP<q$CS7i&^uG!Lz~cfaRT#?^5oWNaZa#>qQxLmve1X{jP`7
z(Z2DmbWKUpz)pJOIcU^F>3Tsz5H74I82C<F_^B6$Q1_TSVsk@BJcjNaYl}{KO2P4u
zfjgkFOO~>`M!_8nnJ@g}B~26l`k^EG9Gn#)U4~n3lV?S$?PWVHV<hHJQep^aM(70y
zL1r_jFnsH{TyyLsH5j;f5V7@R-$_z?({xUIjen6|YGKl2NUofMh0!2je<$=5^!a7`
z*<ORG*r^XMX3+XH;Tr$t_+4Qy;q9=RJHKgjL>_1d?%=k$%^SeVecF(-dqSr6=tMNE
zy&HT&_7*C&=jg67OQz^2irZY|gVc3rZZB*nv+AYY0e7(F9%ixzbRP_>doCPYBXw>%
zUT&^3J65{M35v{1*iF~XtMid8k#{c4!O@+rl+B#&rucNc1F}|bK4-B2K05LzQ=g4Z
z@{zD<e#z3_vM9!n;DNRGj1pk?l|J@=kWD{Y6~k#A4Q(HdhY756MRbk3U6j@RUJjFH
zbyE=@vU~b*tnCw$vk#SQT7aI$X5u+;+4+|Ajp}>5R)8W1M0kI7kR1rS*O5b&EvM^9
zF|PFdvVK8xEO&HMF8N5(QTTLzw~e}8MDgo<iVN)?B}+;u=^FK@bE1)vs9V<}=AV1(
zo|MJ?!LbqqKHa0BK<GVNoJ4uUr{l;s7qL5^`t;qo5>emV#;7pi(sWVo3$~z}@hx(8
z--1nxjM{#(gIw><EsKQ*y|^s$B*T%?Su(rwX3%{E)8u1dHwEPD+-I6R2<-IjY#)Y;
zU(Ux2Hr1&*X;H^q!}C{#B)*)OU)DHZ9$j30@`MOD4RY=KQSX1952>haT`Wm@2p}6?
z7W6WaKf<4l{zcx(QtNlm<!cSqg<2>gHF4G=D$mazb&wZ~{d75Moda<;jrAaE6l~4>
zxuqjsj*?ZId2yeH_pM9zMeg|9Td+8PCE=+>ymZ(ZYOWWK*!Xcbc))i`tk|7YB-%Tz
zwIV%fUGN!Itu$wI#T`Cm<9LHyW2m`7sLiItG$aHn@@i5CE@f~U*ylieOTH=r<UJ-q
z0Nv$70LfPPEB@7c{)gt&8@S8mQbyQB@0z5C2oZf>WK4I+sujOkYChM|Fh2(y$Tl@N
zK^SFtqs%#$<EaWW<c-TI-{>><H9i%H9^@YCC2{I=wnk}`n$M@_&`v0S9&UfX8|(Nc
z-ObZMtd^gU>p`JAq~#^cBzpt?VRzkfQkuJ9f_rDrO-cUNslvT{AM(xpO7s4}1_%+$
zc|>oCE?V9sTZX}bgt*ULqbtN}ZuyHgb17$zjU}e>*RR`rALV{f*H+}~naPL0j_AHp
zUNHtPd)<)>&M-FTw0TlSu4Q&05~L8SuA2caJ*jHUHCF@r^9H;kvxy@jSyFysUxT%O
z&F8XhZ$|vYqJOmP^Sm|lmFz6NE<%vC#eGL|y~A`eO4J=ax(z#4J4ys2Jw|5E`NF$|
zN5?OH`ac|G%r_f+6WQkuwDJX4m@BMS4f}F!1{LxW&xOidwRcUMR02vT?+>JEQ3+SD
z(CJI8ZVm49?jBwzI-AOa4b9KY&&z*{j(n)^?Q)TT;b3WOc7MR8ZmwGv85mXHQ1DTE
z<UA?9Z;#Q1D=YJXti8VYG_uuUg!n9oFa}GCq{qZdyrF=7SnbMLJPqSKn@{nopIZ8;
z29*hDP^}{$O?X~o1IlRI(=0g&-B4=`dF7SjC?2kR1P`8u(Vx|8<xqIAU#)CEUv+J1
zR2TTV)j2nsH8;W8fjf*80k$M;zd+iOrXmZzZaLwFy?uW@5+3=QQUqrU$x+z<Y!7<D
zG#8L<@u_kpbNlX_-{?J{WYB~9I7m^ENW=5p=Kv&JifvA=m;i(N6Xr1Nj+^&-*eiFp
zkuMATJ?I_8E+{Z=k1&EQ3ARm9=>h0>H?b(~g|=MGf6hjc-pBg>dO2PUIryLBsJ5U+
zLIl@K@w<UR2@nEdrU%4!p4F<BYl#%%%f!mSKc}muwNONC^Q{%gL^$!|qX^!kN;P<F
z8V>4oq0`626!QB0N$sqa-9WFg%Y)-xwX<?y$dQZb%KHwK2ZuUZ3{k%0N4I~Up0a%E
z@SOFsvpjA4Gs_pJ?Vm5nW@@I_FrBeo%vRoa&7*nWUF#sWkq#&t9f<zJCz1O+pHJME
zH7Taq*NgT@)xM7|Ac$bcUS_iwkwo{j`2}Ma#oQSpwt4d;4PXCrR6>Ht97=r!<OPn~
z-i?vYH=}7x!htZu+H)sC0xU@%%6)>BP!Q)oJh+jgyvb7secs_J{lcx|o>T{K80lfO
z@^$<CIKb%7Y*qzOyIpZ9g3tVF0c|%I0V3iQnUNzh+tlZ{x2RzM|BshzT3{O9HT!Z0
z)F6k2IBH4_&ZyzVryX+fpkX!xzx$!!f}T8<oADyHs%jCB<`<*Xwrw>arnIxea}f`6
zf&rY_bf<%)zyxWGSAD50cSY$SwU2@)@^{1E{b`s_j^f{?X8#hklT7PUlv{IQnYUa}
z(9*H?Z41^J2S&?2>m^TgNY2*(q$=*U>=J!X!`lmvxf>j}NO=PU?Qf6r<m5tGH>{!H
zUIVxywI^3y?qgOjNY)IlEWdOBjg(9%pNHD^*+jFtZ<p}^qrdEDm+|bx!Z?A2_j56K
zakX<tpH>;8DIdRvG~GYSrLMq4ECU}oX{=+sVxBKX1=4|{o%XXcfsx0LG>UtoLD{50
zS)J!Vtlk$+8Pt!?_>dukm}Wnktq86_S~*o~K}$^e#=~hk$4FSXzc54>m`kTeZ+Rff
zO*QXp-S+m8l*SfM^9EaffX)&uLy|I1vlE|jz{QhyaPG~>GRzjyk+u%~B?z>OlDuum
z3qOgZ_6#v`)}iTT5jEe&jWUC|QIEw>jpc^tSMj<^7AF7!K#-i%lXsT;f9?2r11l|e
z{BSKVWDhGBPe+Um3hucsbM&uLQtG>pRHAig%+*R_DlbJ-q7Mw1T;m?IXq<tUIc6~n
zNr590+f?T`UZ}$U0CDWhpnv`H<8$HTgJ+*APnG6l1b|lAQQ7uroZPw2bhI}BQ*wba
zFIxDEs15g9xrel%(8~i#_AA=W=8lDgL^z&p$-h42|8_!$i#j%inNNp#P^IWLu4orO
z2mh|qB?{A%wElh?m}UVOk9jyG=^(_od@H?qmUCa%%N-sOpVM>(pr-|7hds*90B6@$
zKWy1Sf&`|qJQ&Hptl2@XR+l_Yg*7d$q4?^}99*#e&j*>Btyl6pKwkWxQCDWNA7}Aw
zP^+J(ye(#_)0x#g+N11)bPf^99L9C@3zZ^;_W97xGW9ym@>WsTcIpE!$BSm|;va5z
zI+bRbLh?X!P0^bS$gNBIz%DR{ZpwbltY{k?cmMTyH;ud?Z5*UD``dTMF5#%${HqC`
z3-@z<;1kzojK7q7TPR#b7=uYqZ7b_%fG4dx%Y^1lq&?4M$$&vBQOB3KU-YVf5OK_+
z+8pn4VBMSg1k66^ZL+G>l$V=z*|+YtSKw{>;K8HpYr3pYy0H8`6Xra;rpqu&yXZR)
zFlf2$WOXS^@-Jm@y*s`ZMGEYO>Y1CqdEV_CUl8Gr+}v{3m+8%<s_!hh<V>2+?1Q+5
z2+Y2-_Ae#)3q}s|o7-gfi}gZmnc*4E=eWQd8_{q4>tCgxyM6H@gCZ%GO4-$34`3}r
zbq|+Ll%o9>e7}2>wFitt_YoxZ{E=`oK6!pUf-XfkSXH&*WZVH-ZcK8qm%UK8rg<NK
zexq)t{tC8g(6LDPVV%)o{|rt8KvPg!z@3TDMg+1rO}}~63DN8+E?$hMNy^5q!-e^P
zE@?~^tlqAuU2WIf^jB{P?3LHO6fP`k8m9Kqp*~BGp81}&o3q8mkylbwou&OwSG3?0
zePKd;)UZ$|>u<J(+bfqmQf8<hn`?c>q$rs-bY&*^qJr+B8EJ)#6#7~N!8hXgsYkwW
z9>NNlFNt7EfV01-HFmhK!Y<=Xq1WT_>P+4ZU~K`bc+%8LWHJFKRUinDB5y*F?d?5-
z5PfBU-YOnz%%GUkRD}FzJvwc9yB;5br!Wh#xSgz~Kp^I?;_A_{Da$yp&B01HjDg3O
zwU|X~&VC6mV=4F8azC>B<{YZ}fO)O?)ElT-@$0hIv1Piu($@HS-p|t=Mf41jyw&l)
zM0-5mmf82dEwnptaPHUX@;Js=Gn(FaHyQ`4xri2<=m(m`p2hIHh8z%8O|=_O@5gB5
zb!i`G5wOC_c;532o(h)fwebuFpWAPt$_X8T&oioR1W!cl(L_KBBH#}z<N5AICp#g(
z5_&f&>8+I&0{+jb#Ik4PzJiu^xOrOb6y8RPHni+>d_K<)^+Yb0A5dQ5eP~LUy9F2+
zC+aNLsO#&wwT@Ix>W1Imtw;Dg!hY(Ql;~tMm{^^ckXB4J7(8;_rhUfUqh~$|7URP?
z@k>c5;zn@J(6V?hbRXpTA{Ax8>&^<_VPHggZrZwf<akn_U$_JIGu8cO&dp6<V%3ok
zyEbhMWz5++z=3iVDI?1TXGt4~@{j$EHhe+4{}WudFJfDH=630{^*OK}j|OP_@o=T}
zRG@T<U=EB;VD5Yz(oxvD(yRH^S+(SaveKdghftz{vD4dGo9_qK3QFNcDKQ+Gb{?nx
z^?7*o6T-<j>Q|rI;waBt&3CP}b=`URT}?kI^^N>EUe6Sx#|wHvuAl{UN}?%043Xr2
znH|7IpQq0%*Pa?CB$M>}GhmFWO&OU`B~Ewxe)G$3-?jSw69G?FfY3oL(llt7`&7@?
zl!cJgAgS<Z;_y}2hEa8a-ZH;K8CTbcf_509FTlL7k{Ed&TlzKT;ZM#xT%Cj}@=eqH
zi4Ey`xYM{i(3xbh<6~dLjXy@*1>zNbI7V`UmfIR~$tP-v;+Ei;^iQ`Q9z1Z?v$-Cx
zPHD`yq?XYftPD`h?pQs;)H;}T|9;6z2VlpvDo|~UwRB~`k+)=Jf2JzMpu40B>5aFT
z1M`%_sgL725yxqqv8i6Wr@VH1(w?1OyQQ6sLl}4J<#=PgciofH^|X?_DbTrTN;tVV
zsj?z)d~SG&WaxoYaoWL&*Py+Q@mzRKXYlGzjLdT|yAGN)?O=yK*<^0{k{+5d_GE*e
z<d25NK<6I~7u=~H5mQqRm*$u8jEa;@dq7YA2q#XNDy3IjZ7&9=9R-Yv>1vcUL4_gJ
zW`-#&ovR2DI)!NZpX*GIpA8K5y53|Uk~bV;e%nWGElbqh^rZFhv;F(&molkp6Dt`9
z4E;}{gTS!(y^NQO%lP^&<8H3{I0Qc9GY_x{V0f%M<5R`zAV%94S6-HrXAsex4dij4
zRg|AgR*RUwMDg*n^<ox%9A$pq=vuM-2@r|g4S#$DKgE0EcfOHGsQL(xt4?1D046bj
z%R0mw70uNbe@TXalT7NxD%X=RyCL2K)ADG>V`|Aqj<-gW9<HpuI&o92F;Eu5g89CZ
zZQA)L3>iQQ@N4oh{%rLKvzP8NYD)Pg{kTA^=>~vT@=8?s#@ui!te&`iYXBDx8BfQI
zZu<(mhXCuFrXq|_o_NO5FW(6Kl{b3+f()r1dAp(y#E-EssGz4k5H8tC4v(N{sL{Hs
z!5*R?mZo_`ygL65g<%7}3J{)5w(VI%iY}d{7!?Li-YV=byWW;z>5KI)-hGMQSd0B8
z1dGMI@lfoi#JllmcOX7nGuh{SJ6to&aC0qN|LvCk%;!Qm`4$9VUWn@j#h-~4@5LD0
z_rVv5sA1!^7tN6#*I*9wF!fto#yUgxN9v&$%-c~`9_t<s17pre#6d_9@MzFVoxjyz
z@E>N4q~*~f`pEj;hjIvI_0MKf`g0HejL-4?CoMr(BFR0qaq_^GNh(gQ#X>u#rq5LH
zU+ll^cgyT^>4&2A&tZ`-!%Y{kY7H+gx0NU)yAKbc>5dA^1wB}pn!ZaBe+M1kykhp*
zY(Dz;L61DU=3Od&$V|?ddDeP!H@$5M#OBCTZqT8T#}10W78*Q+nygI91Xf(XPsQ%I
zz!@rq6{`TOnf$l|%}5?nggGxy!_A2aUo=;4ybiRR)71L2=&1w-Y4HgY68saE1Ap?Z
z3f%gF$wT&{Ly8chy-~imVc=kWTqRuogWrF->LC6D@!Jv%nh#?KZ#}l&cruH&%=)#H
z44Yo74ek9g=e>}xKeZ^%KaXo5{QHaJOUgs{!zxquT3-j8W#cjNz<U7X>z^41!=?BR
zDgMchd^^pDf1iJ@g~dr^m|ekQZV6i6Ld`gfE>E@oGLJ*Tm0I5?M&UzQ66656KOM`X
zG{&qzp)9F5n`1CD(C*myd?hNFx`G60|2xZCtTso`Kfe$DPtcA(q=Zj{;_QeXJ;(u7
z=7fCLo<$FO?fMH^b$rpe=YCNfFba&0T{DG)4o88w`cXig(zYj1>_@}K{)HyU1gUN~
z>X9E^bc<WS5(yZQa06fEjHdmSlGe0jP6LNuD2b?X2Csh{OG++`xx3e(cco5RbAM|Y
zY4G6`fDT*ZrS`-E)(BpDvGsh<7BZN(#5c*l8S2U3N)caGbSf|)0Rnn)od~0SsR9UZ
z2~5bSde69(scYkCkY_zLT8ouDA7-4Ywn(C*XbyDJ-=LjZO_$e9_r!BHPJO?V#ak%g
z1&)vp7qp`GQ43mf5vgq7%pbR>lgc{D3ShC(>?}_@dX#7m9lPq2%0j3u-@Qr5ZYQ_o
z8l6|p3TYlWlU^_!_KDVu_OBI>#?nV~tkbV^+-p1q+I{C5-HKjF>KawKJX_n&=YrKp
zPo5n};3=H0^>9TCMN_Y{(maZzvz-eI?4tIj-Qdo4HUpwS=)#4r{QI6X_rJ{ny~aBM
zG~|r{`QeK`d4nxi|7@KESN$lE6Yy}txIgCdV&>E&`DmSf?`9V$Br7tkK;28tFMcR~
z%9edB4r5UUP&q~bkT?(W*xyx*RCsP04)=fUt(Mg%(~})*-Ro?v(<gmVdRDJ6Cghwp
z-7=sTEja#vV;+BLLS*QVpd0si3Wu0%ZvQ-Cnw?DVbHV<27@X<G9YA(-KfKzE#Io7Y
z;ggVfgm(t|nfChs!e{;*wL}CKU=KBF-h%J~bri3|gJ`(f+QF}x_5c>~o6QsOjO9h<
zwFmm3V|^NUiN5x}>zH4x2U3OZ`LU>4vw8*vZ?g_0wQHUQ<ICE~<Y8x%QlFR7*pxnf
zfsd(0GdAK~@qz2=w>m{T(SvQeP3lz4HRrhd7Q0WPzq7{XB8!`F-@?=BM1;+EYSQeE
zVuckw=5iLtO@fT}<1e{dkJ<qj?ug;u$(6rr^MIG@CpOBsX9i)5x!%bx>X$ex-a)Co
zoQvcB4L9j@#8jN&-U$N}z@|81$$@+M`aCqK=t4rVup)=J3#T9b;3e0}mD-rFV*XRT
ztl~&+#7M74h(lfhK=sjTW@g-khWsi!m6T~ic1=q^P;N(+t}Z>k>-!O^F?q`+yWcTb
zaT(=AV;{v(7Gs4^I<<TWJAD3k;bG8J5v=>RAkwwG6(t&z^XjF`HpId>B(GJ!6bF*O
z?$}P%But9+%Rtx#^LclZ@X^Knh=)FZDD`qs<E95MJd;0$+9YbR=)JI9FsCV;y^6dR
zS>|`@rmmvMB!%53S;W&;Oe6E2blW20w@o~w%(C4YB%d@~?^BkS=tnhQ8E1dR%=++n
zK5@${i48JDc)H?Gr)##h3jcgQx$-0J`U#NS_hfl;VxH*ooGz&YkueF8V=!tQ2Z+XW
z5V1DA{w)gX-I3va3OV?qy6gG6Jp;KD5z02OT2+cE@|DX(pX)%&0HHXFnTGXpJaX#^
zM&^|O%Ce{Wn6OG%JL30gve{Y$3X0$Dh-6jtyNjoOB_{GDazD_Cf#OjtNprXhM#>-I
zmR&r;1-@3cum47L8_J!Lyw^|+Tb;(c`95bay_%eWjV@3!YgJP^+kKc5R^jKJk>vQ?
zXXe@$Y3+~wC#ajuQ!7T$zo%gNolBZTnJ@kzc`1!NJdccAQf9U<5dkKcc9b;KjrrN<
z=;L8`H{lPmA!LFC8UN^V#Li{hg>+DmOk%Dlq{sXg*SaZ9Rr9!#2@GPNEGqf1&{fvO
z-z8ue;Z-y`0VV4q+2V65I^q8&_Q}AgFOu4yylCRJY>N))gpbskj50h+Z$RZ1r!j34
zPFDzj8L=(+Cw17|zKnJ>zc0u|vsBygc$*lAwJ&JW&<_r}1avh^NR|?cQ+ugf|MtLn
z-u?6FiE>7PQP#O-)`e^Q`o`ReHdwF7jfB5}QJe+8=$@1B=OtC!#*E)$3E66HA*G1d
zkj&o~?>b8TNo8m*>~1@DsvkPRGDE|gzcx8a32zuybH$!IV3LQ&y@<hB3-x$Ng*&TU
z5t5BkEc5IZ-22VAlBP}l$whkIU}L!P#yh)T%=rEC<^M+h?(K4Z*;i8<`Gt*#_b*BB
z5h+MFd>O301?B1{sEL?Nql;Zlt+AZ6nt9@dzAcnLg$|GC5$ZDLD7Io<GyLXD3NMM#
zH4YtalfND<Zg8U{6>y_45;qB}aqMbNi=wrbX*vI$YhZK<e?9{^u(bDtXG%JXg`ByZ
zR_)JJiTCq7b9e3Xilv^cdmvhUM$N1B10ccmlzm{A)Cl0S!o+n(R*$Pf-5%D}4g1Wq
zKw{nkM;FeYJ`T2e`RutK!q&<rSu0{K%hMe!`{)`z&i|e*04ddh*XeT+;Hj0i*F>pE
z5ykWFFG$CYcw{XCDBHOXpT`fSu|7S4bPTK~v>QS?Ef|h;TnX}Ba7ZXChUEZw|D4@X
z;*yMv+b)<L`s<Jb<>@bK(vX&ur}z*`vdo$AHmWls3FBQ;hHZz{=kF9_5_XPK96GWG
zMLl-}V|X6NHCMG$N|%^QvJap)4~{U9fTe1J?i#Y434L9xEY=DsNgc!z=IVKH2?}~4
zb^c}9!}Gv9jqv!6nUO6xabl5`?X$2$5o+TPcy@5ZDsq5}1b?;<t0ybtzd7yr8QiiS
zd=~LA)q<q7f-H0}cKU^1POMf}zhx1n;3MY>nkkf^tiJ5Nv?N{m-Jd+p^Y~6v;f(hi
z2`A5(^$WyaoRT49(WVxb4PcB6*K}dL(A5gNeg`*C6<v2m^CAD~RZNvozKOe_0g97p
zd~7GZMX~0tJZb*YI9-wD;hzJxU^ziWVtjmqjFqLJUsObUL%R_f2+bxU89qd7J)wAc
z<O*m#tGHXT%=cNtxN(tq#o))jUf0+YuW*2B*Gj#gSC@aLd;5MEC9Ry*FYln}1Uak0
zMd;1>Yc)XYVi$iPt#tEmN#X8KPbo2H%>CPlJGwSQjxk^?#eL6*rOI;F)+JtC1*jj+
z+l!w<gH&ehu_x$zFrnomj%9!+-xk>dNDsoUN?k*HdHs~xnO-4OC>7QlcGfkRiq!Sw
zIJBFppR-bXX2kvKrs+#wY^P6Pj<DXuLKYqECFe@JKWQ9ft4s-dQgF%=8fh<s8bMKz
zXUBHf1U4+%@b2}LmD<48cahja(|u*fk}Hh*@S{2=M9|ZVI3;&G=((?+(i%?uc**`<
z>%(0KBDFH#kMxYcmmmZwA~gfS_n4Y`Qst9cTc<`B)&5BkpApt<2a$LVSKr_$jYKg2
zw>QL!&ADs1%g=uU8_j#CxeH)%>kp>g6bgIVcI_nt6a)}08T&}lk5`EUhuB)UH|_K!
zNurplw<+BM+*qPhJ66B{m`oak@$iWe28t0S8|%3<)M7snJ4V^N%N(qz>a)CSb()Jy
z7flQob*OO!w8MH{-A$emJ&6n6MfzEd8Xie8Yh1Tm28f=Qb3A-LLDD^v%7=x@QnRur
zJ8=YsOKU;szeMso9Jau6HXTFziQhdwBW1!e|GZego7y!#zO`d;ZRSny@ZurdrV_&=
z{z;$0O<#Wa9^1!BZ8aDsG2Pt8Q;NBVm0B+m(H*sFd7NU>Mx|tM2d}2ylzM3PxQ+0{
z)fGZI7(-7R;Du5Te6XSCtZSwV?M1u#?$Yz(YQRJmtf+nZa?hvAX+~lFrta1+a^INe
z>&*aT=-`i{gf6qnnCwI(#Rm@NOF^>5qm?<qUeQqMPNw&KG979*-&$#Ql$r~wtICt@
zE6g;(XeWz7IRbS<4G0efsYty07<*Mn(LvS_r7uFuCypf9Bf^x#9C|Tv&FY*~2hg#7
z6WMfc4FMDDq`9RJ0w<0MznjK<!anXz#T6IF+()r7D*^ZI$7p_O6jh7+#8h(kzD-*o
zc#uU+@we+ND;zsi9tjruS`{~4Vy39|Lpi<b$15A^xIP)?E{PtV7E&#PI<Z%EhxP0Y
zsMaVVWk?TXH<Rb|25;Z<b-xviCuqr_zB8R5S@+;55!&y+T_#(>7J_LHxAD_eg8grt
z{h>~v_AyVwpM3i8{nwkrxDPEir6r$M$ky^o4Iju>pa)|ZqsmZ^Xv46ILQK~Jd&8dl
zSt7q;(HK@3R`4XjWH*C*PI08CHiI4b+YG7t1^X>eeo$22uIoFi)+ReSP~Lp<i=^WD
zSaj{YFxg*EalH&XT*mM9>%5b;)+8pVbyRA=604eAv4^~HSwB76ol@Hj^c~sm?+-K-
zmUDUHQ<iU3DJd+=$CZGymM;cJT#y7=$GtMJ0HqxpXT`Vn+gb2o!wt?zK$~Qa508dX
zqwihoHUO?c@>%!N?wyZ!v6ssyFFz`qO-+@SgyhD-<MH8J$-jv=*i}<++m_Uj*}qe^
z77A=BLLb4wk-h#Ym6liR{nUOo;fr^KL=SurqIRqXY<#Z!VlVvekg!KXts`7*e;XgO
zqdch@@Z;FC<+~1d3?rdP8L-Ol`sJ)01NMF04Q7d&N{YYqjn8*Ifko>c>24bP@g1|T
zU^!|OBxMsEhI56IDtLq}5rlD~Kv6<Cn*S4K0+jG2?j2i}JxFXkF96<%ROj3O>UW1p
zb=$-rVafUW9UZ92ro~NjS6^K+Djej@Cd|olMr9*~kk&1#8qo909YT8^+0Y;5)nuPY
z1uslAUz%i*dQq0N^Ikr5UpjeYT1c@nC`E18A}_Dw`?o0(v#}D=wM;;AdU?;m^O%e(
z%|xNXex(31BQSgA*5+2G@UYV28V}XvGEbBVNiVb0@K0x(9PY3Z(!>{a`L?YlQS*Fs
zSyk08#0dmhin4`S#bQRyN4S_+H$mLu+cCak!H!$r_CixSAa$n*9bCQ~2K(2AjfMkw
zm(^1AqA6<ry#+$A;24R;o`Uu7MXlGB)1L6L60qTJ`XD93{_N_8tjbQ5dL6V@d)csi
z;r6uV{9ZZ)$&}QzCws>Vep65HNY+wsDt>5<ux%Q?3g!wteK&4$N1`<ayI#HADu7+j
zsentGJxT5J8e`hWOU_N_4|Ni=x;T73HW73^A-AcvAH+^GIz-<Lp+M<md5^Eh+)SqP
zOM?7qv&n=52ATe((=GYamB;q(Cr;S9jJ?STtIaX(wv*~xrE@Ncudg0zgl!>DVe~_)
zJZOws0^ZCEh=PZB@1rR<>_kVyIrwT6=Sll@Qa=srUAfV&cXz7fnHGKeTlzT&eRn0c
zhRRgOkNfWQ7k06zW+JA#9DmXz$wY9=U9X}DZ!70|HIL`YPrm5r5o)`(E6tObo(M!n
zA-)m+?xpzc35^wnpgFB4Cz{rxpwEca8c-jR>P6cJ6ijz?R0zv+=HzKNM^x6+NjDL^
z=+>&~Zznq`VXFaYZod9HXHFQV$+s(LxQyBTddNXteVDCqwy5imvGSV34d~|Y_0fht
zrEvNbI0UBruR!0>6ZAPlc_b%1<ZNS1ecFY0Q>my;ila!2)FYYxD4A+kbz~x#hGN$1
z2~CaIR%n@05w~Ul-X79@Mha9Z4~DUhsj(8Q50LO=wq>)yE3%fv=f7)({DxcS7lUNW
zG&MKSZU(=c3+wQ(Z7j{`)R@VUBl@~Nh~i!;t%u0ly4#TgaKm}J8o`W=R}6b~ZTfP_
zzGE-%p28cK!>VIrK`5T&FOyWwU_botcept;i;Gf`-PSa!a@zM_h|b#a=vJnL8c`D}
z*wFOmG25<l^j^h<nlJQPo0BDL6p6@cU+|VN+`lx~0NFaUnR1t2177+q*Se66s^60K
z5RSrrFTz^fDMw(a|G=TV`+2kD#guj(UA;;>_D^WA30lT@?raQQb-vKcd%8FSu0}H>
znK0TeUNhf>^`kFd+MY+SCHD|-IZ%#^dQy9$nf4WV?LnOrtaX&^n9s2#(6!0<tuCxp
zu}nURaEhVAt?jkP%2ycjjy1f|K8~>9s+k2tKll!{otJoF-MxFHS?KlB!qKl|+p1;@
zv{pxF=o2D*3NO>JF+YgZypAEnYVkI@PDhd=(lU|H{UbCCxExpLvCn@zp5IVf2@pEy
z8^VAOb8Q4H*rqmMai2mzTr5=mF&tF!W-GtWy0N_}_Vnj#WPN&t>NboMGTQ^^!t{ns
zZ%wU~icN2wg~8kD)gfhPxQqIs$KfKKBOBS=G;k2H<l%NBW}*3b$tkNwd0BXq$a`<e
zgD>LdmIso?=G!??!S1^pdDorVPD1;53>MXkY#9CiqggrnHovIjl(XV;?J{KdC*Q&A
z=9SM?@e5|S6s`c9lp6Jsm|?I5{!7oq8|)n;+t)56d6e#7OP>{=(8&**BlMyxdx|{%
zPHD6sr>Zu}HW}_#g<EvNimM~<W>+-<p1<s%Aiu4XC(#&WzJz%P=q-e8nn2yh!8U&B
zkzUVS*xz(hug)08T}a0>V7mefg<+f7RhD^d{o<;|`Jsn#APem0D^2P9`OQAz_wY}e
z`)o>gXz7o7o0BUNN4CwQF5B$##SsaJ$kY;=?uz!jajdd!Bt+yTFhV}dXD9~dDR9Nd
zWWKvMsJ@G?dlWi&aVM*@U6)Z(2HghNsfa{Z!iGH8z?bsFa34vh#_h%}@H)K4b?Hom
zMW_p2NlQNGb$s?Aud2#<Nqo2(;4G~Bo$LJfCDyOHL2a*~iJ~LbqTBF!(nqYgtb_T+
z5{w*D^!$#a#mB~<<_rE?(`8qOH>pg!Ovk8qxoL}d+Iv9|!Q6u-V(qP}jd^g>W9Yt<
zp$;7S2sW5FmD#hqm>cCOusxfu&T*9uzcn5VIhcEN4H5VG!RqVQdi9G<>f+JOu$8jZ
zQw1br%gEQ@1Nk`8WsJEvjKzL8wJSRT*9;<Q_Bzp-h;*hSA-FaO>$ABkFcdLtKskF^
zNCyh5KOTj&Urx#VTphZfJ|<5i6xwxeM{ZjyZ07R0x?InH^<e&zM9$v(&J$^DFsXDl
z1ip#-I9~;(j#O)OM&#xJWSyDSKueKJkjNcHYus`xyYCn8loxvtU7&o}SHl;YODX1T
z159tAtfhQ(qnWp0PX}(-dp%XGK!In~FLhtAtvqR`&+k(~nhCTN-a0F^*K!Eo8{pc@
z#?{TFPf4Z^=I(Vv<(ET8x=WFDkMrKaaJQq@!=NUVdWx&Vm4^U#b9enCu-NoWVFl<2
zbhh-faPus1sGnY@d-&|9S9NL1!5N;9SA+1ut4*Gzt#9!eyh}0<T@l6Jkh!f!x|PS-
z2CQp_P*#X{1F2j&%3H<cXQ7`f^}@tiW%0y;sD66U^6x`&qf;1~Bn!$Yf4IcGy{3{v
zqoqV;a94ef#z2Ys^Vt|aKI2#e%-fsSJAt}}lrrIaV$0)|ote9txjU@c^K5B=bkM2G
zpaTD0VBOp7cPP&>zH$uCS7D*TS3D`1zv-m}z6bTT5w)lWRx=W(x4sWBA5lx}%4v7L
z{%|er_2T@-dk;g%Q=q1K8RD|IaQn;vBAN~sQ;D=*-o-dHIJyXE4n0LUdvIx%NG{nH
z%H!K9%#T_1m&`U#!=H{Db<w|=3>dP<G5uPjg@xgd1IfV|Hb*DFW_$l&ie|R-!sYck
zm`U=4l(GqA(Q1!WSNpQro}d4>;&t*ol~3;h!IXoCqPsV_Fm}cXnjyQpq*h-Vp_!9;
z0RIB_3i)BdyNCwb^EEqkB*e5%t(QwB&T8)}-YRnG%DtlPGJl^EyX8rA#r|PD+BP4}
zJd68c)-74u23wJ_Iz{@E8duO{)BD5Au?e+2i*$AO@dYC<i-}#g<gW^qo2cU-Dgw|Z
zY>eeBZOTuhM}0aM2%10Hp=tlTyWpX#rSoagBQ$%r<&U{ZvBI*MKay|*BI?;E@amm{
zO30d3qdf`hZX$d(JOL4mHGVdtly`_6SJ)m~aKuw52-O5X#cn#rbb>cz?ML{lAH~#}
zgQXJlDDA?Se%{0gSAqz)!HCBtFIoiUgWP$aFB!gQ>{mHfqHk*e6E2<TEhE*r4WQ_2
zqY72vT=zNKaLvtL8Nv0+0zn&5FnUz)+RQeBS?g?xMG61Gg-?bt6TBB+>JykQE&FQ|
z0%$)g{L;gV^)|@V`}r<T9zPd>PJUzH11l&qRhy`-6a6b9tMD6wJ{H$5qZ18Qf~Bw8
zTF-i7Z*9VswcJ@Xhu$cdFt<IYQ}JLkHz@tUs!i0=$b4?@^~_+z>Fe{L;SX*?Z(Uw2
z0gd!u;hDO|p^4LQl3crU9hd2WvjWl_4mFlNr)!BWxN{s&RQMk8V}+3~`m5IPD_0mQ
zH_$6JOPZ}6l&4pg>`+13TPhlB#{oTYXVd5A&$y5fkaC>jxFS4XIc>bPrh6C1{R%P0
zB*U0nkxosYGsrUcMxpw?HMvs(HFaLRLefeG+oHQh&IjT2#B|UtH_t5Sqa9x?Tqbh?
zbx_JIdy`|i;G-Q^Y+)hJqj}{f@rA|rY1Atx8T@|o0FG{i?i?rT%!MrU+Z$O$WH<j@
zJV8CRfSe64@j9FUCpK%H-@PM8=Og}d8#?dn2w(RFSk#xdCfnI?D!P{`pSkIKDw60b
zjuXH8pmC@^j=5Q28Hg}O>-pu5TU!iEeN18Ht!1v$Ywn{hqG6M_v1ilFD}7e+ty&g!
z9}fk5B2)1DKuEJbuT9QPzppu6f$>f58TpRzx2c>i((vYv^ZecJfFmFaK`b#rFTU<C
zOMUm~#w{6!%(Vu;<u-UE>JZU4cu<kV3`jbB(PHCulY^X++7O7mv6czZ?sJ?fG8dT8
zH_TA|Gw8BUDNu!ToQ!|yc?UQhp+?<Vc<?-Fkv&Oc>h@-|64(x$n<ut}yG?dRerSgN
z2HP!i7|*POn55ujhbv#ff)O?8t_@oh*godi_b|IxIR(yG4Foxfk>`c^ovV&=%1xEx
z19|voQIPT#a(KY`E>-N|lBn3<w=~MDUq!0TZ6SpvDl=|U-&6lTY`tYvo6i?545fI1
zws?^sr9g3aZ*iC6P@uTGTY=*44#kTVcb7nMcb5PGf`^a*FTel2>wbE_C7EZ|nK^UT
zlRan8oc)V9UgHDjE(b@x`gjk=x`R42yCVQPy8l*QMMq(c{pD8xKn>Wqomgh~rx5$+
zK+T&v!|x~|Jx|pkXLWcrQV%CSind942Jyf;2VpUO-<gL$9q18eEiUfB?2G$iC3__=
z(b76$O5j8BL+b99d?2a7?vGuPW&iQ)HLp8tahz0IWsH9!S<=S*y!HICmK%>1Z7_XT
zvZ+HNF!32*-V_c{`<}up`Zk)Ae&v}HpCV`(_z_Oait?$l2<7eL{OD7}Xwa|IL!>WA
z*{AVV7|UqZgJl<FbvOy*_PFAq&M)mhYIJ)Q5M!@sQXGkbyds}hje#ncmav^CE!fbL
zeQ>Fi56!+OXbMRSz4#hVWlW(;I9uh_tuDNcNb2d{7gK>nU-zEWebs(C&rN-M_b*XV
z?MZKYM|ww;fhw@VUrIl~+zIMw)I@Da@(9s3Q>ex@@)16%bjN|B0>9RH2MqUt`*LIH
zm)3c)N{fY>-S_hU*!+1n52~~d`IC8ppnuTj5)r-EN-zs3)e9D}=TatrgNuD)JtqJb
zS-NB!fDDwbCUTZF*sJvj_neOwV%sNoe0mKy<yyR(Zy^q;v>skH60_uVH{u*#bQq%2
zIQxukw`5FeX9{#^$b`S)HQ!pcXn2)-CEr}VQW>HY8Qx$&g;H`$BjWWV>-a2N==7Z$
z>%%?Rco|-1k;QsyV9gg=&DB(q!#F#tGJ$`5K@EvadF;sd+C0>i8gw~1^#7`7Zj+_M
zHan4OSE^C=u#$g#T{P-smm*syJd3wlOLUytMRsP%4OZk49ZOqvHT(B{E_FedW+S0{
zZPRgpJ^9m}CHxw`nvsXYZ}SYLpKNqKQ-gO@a{a{jp=`iAZvCy>%h$7NyYPG^0MGY5
z4Sy9^L#pc@FCq#a{GiYQI4y$Lc-PGS-MCv57yHvF`3JCNtk|-5H(!g3%7?*k5@^fo
zC>aGozfL?~+9aAPBDfxU`wth8K$}y~6>0eTmQWzji<~(A$GYuS@D}sr5YU^P-!Y`L
zF0OfKnn?cfrVV!4bxV=gJPo5l+&R@`yp&v0y})C6YkF_~Gt8Lj<3%>oiX?hK$6M;-
zjkR3&f5#ghJM^sB?0{jmJl>io)qoIvasx#T<7mD$>p&A;KDocnwn*Wxg*+891~!P$
zP|yT8RLNz$8!|VDc+24^!fWa%Bv$yej*gWzD}$O#^J%g6m2*e)CRtv+veumxXztIY
z?8<m^uj>SrP@3CI+xVYuH-CMz!wKqiWWgBT(n9Kyvlq`syRG(ST9R^&!(8wK&IiG7
z{6t%JHVWoK7Q?M=vaj!IG_z*LovAbHFgG%-`=iIHOi1R8GthM~bl&KEUUll+unjD1
zduV>^x6~oI*~GA{`whd{X@lRQ<ENujhtsPQDV<{9J91)m*iW#R+UC7F+hvK}^}IsV
z!-vFi%%*|*X9On@p$g@p**pw?;6&RME>nKWp0kV>^s25eLh69^puT>hycNH!iXK2n
zKAcnbPW@?(+YbN{AA%m(Pv$1TtM77HqM^?7-Z<#b`}-7%Adp_&Z_z*|TR*pDKEMQ1
zX3uTGbxTkyc$Yx|@B?C|LeWU$=4P4ukjt0bP+xEe#yo&o{OoNZM0htig+~)l%JbfO
zmG5bx=DHS4$CA-@_QvAd$Q}$!2q^cV*J*uUX6nbiH8-g$<}>`|BF68I<7nUg@(0`e
z^NC$K0{!*RJdM0aViMghTFUN&C>j#o=lRs2tMQp2aq-T5HbE@B)?fWx{FE23Jb4Pp
zwAH+{{)g4(Ts;KgHMBu-MmIUW$3;;O22|+=ZO@`7CP(`6-2=ZbDR%j>U~iXfO?v|0
zfcU(0(OrA|{nenTv00n^r`v5`>ADNTmxyml!$ly$P{lEOqvE9e*Y*~v$Q?O%EuHsr
zajCfjevo*QQF5l}3>2%<r%iyGmVXuVZ_@Aig4{@T9|CCakRR#_kt5<x>*^x{f{<9b
zkuLcV(yyItA0J_R$PsfFWII#g_kexMOXL0x=8nutP$04u%hS7O5LM5cd^GNX9wGoX
zjPxnHjhi2DYHG?KKe|28ba;)Tf3f^YdpDoqQiUKikj5DJ#a;a3jcdc0*+b4xhr1M~
zT-%TAehCG;#z>9tYMkvuU6TT4hIPwMJNb6pYcLDq*iTtI5Mt9hmD$zAbDC3^7GM#;
zbQBZ)&F-5ZR!J;AMJpVySE_T7AL>0|CO@?vRf29=_1Pvd<u(3}O}(GZ(Cx?7eY7ue
zN?2h)V0%f=GV)1om=W0Rl7-Qpr1l%#GVg@8Lh_)zIa*U_Bj6^Pd704IAP#l1xYpyQ
z&3_c{N~Jo`IU06EMe?Vd7@mdpe6%y-wEvF96J)WoVInL3RsB`LaL<wcD$n!@Gvc)y
z(%`FI^Ruhx*E!#RVfSn;5bYaE?-*racm_ewk>dY>59~uPRRKRQZPJ0=6m#L%CY^fg
zyQTN^OL#&)4|av8*s`@}V_gI6l(K1Ac<=Vi6`VEXLG7LyEj{S*TV1n+0P_-G#CZ-3
z^=*$Yox1T5L|I#45w9rlgzBG-=f?UOp1Yl+vqt;2e+2xMp4RA}r7uQOM!jB)ZqK-W
zco>Qxs8MhVeKgo8xY|BGbc0f}#%cGXK&|0?50qZy4!Oiy8!?Vj19=GYMU4MvL=3-!
zK7VM693|std+3~u@WL204)RS@`Tg*5%O7>ku9DnWxn|$$oNuyaNU3VboOg}xFvutQ
z@8vkYB_+#5+g24X*Vs$(#jYHZpa^YY#|2;N?&fzR$oj%Rr{nwQr|fQ}j5vM;FwRP)
z(${$A$S~%B{vQ85H!F}Tb3FKayuTzG(xSX)x7@knJ#8GtdnpbQ7+ewCdHhv}R$7XY
zyk#Kv1+|Br$mILgoWm8?@HeLZr`RAYiNeP+$UAR~q<`-KINoUXCV2f^uAaGXynQI1
zZzrbNBm=rH_m>hJe-lhL>^RF`3e(3&enc7G$`h3}9^Xi40Q|0*9T9+(;vvBS%pp^#
zFl^xV(t;xw{7Vcp8Y*>j(@`VcIgxV(4`bZ(luYfXc{)^qQ3s4_Zz`CR+u}xxLPSOo
zc)wzUw{|A|{Mhb2jS=aIec$|oy%`RJ3pUV$y&s*7@{&PU{n~gZfPR6W3(<cAt)PFF
zr0_lc$fG*ng~6qT9;M3pwzq;M;-l-wAiLoAhF9m6;1|55x2ACDY44RYi-NG^t;3}s
z@<YFE5t?+J{t){oDu7&`18_Vq#PI^?UV`G&p+*#J(&wxz?vz)p-DH5^KfER*SoOqt
z$zOsls>AYMd+yUQ>8$mGTw=3fQ~y(hL$|DT_itl*6i_I8*vVAiQOAg)CgmPq{L8h^
z3cf(xW}e{ZbnIIx^4<4dgFWjMcXYC}di{=r3PCJ(<p5Jr-|(+?$n)XczX=f1^XQ#r
zPsvhmZz+f_DYwb5>BE;t*G=AmNERV6QMd3|0j%CF*k|aDOgat1KcJM7IE#W?10iZ1
z<A)G^(WD}|2^dNc+Z?Z_eWV|C2<)7o(AcP0x$9AJBs^Zir;obXj;>bpB4^BtzgeQY
z9^Au5SH_=`i8@F$_4mqId>%1gkZQM3s^{~skHb6$VQTzLG$o6RcfEIQC@qV2TLFo!
zmbSFwD;_V?E8daLon$i%xjx0|vCSABh&53ApPh2*ms=EB-_B0i`#!CIo~6|9#y`%Q
z5sP?Xv0$=wh~F)FZx8Th1^kunE}K5c64V--nKMP2!V^4#?-rG2BB4@{7b!>ugeyN!
z&bhAjY&z}bCxqv7H+13z(Yxgd(rwM+fruuMUi4WAoDFa8HjZz@xfuPhODVV6YET=}
zz<49Ca>CqL+(o+61X0;T#Ky+A8_w&M*nZhII$c|jgUGD~^xXq%!rEEVu`=jZpSp(l
ztj8YzDZf{Xe$*WFs1c0Ec)L{Yd%dR#@~+{n-916hLb^#<lp<}jJucilpvn8uLwLzF
z2B)?deW3K}(Y%%D4)fvY%@(1!W$;recWh+Kd_MS8N%`YRdk36Cx3xBK+co2DREQMA
zmGb5&A^y5EDx0lxrZ8su^G-U}Q2N(e!;9v#Qq+^NKZad3W4{cS{PBWbUL$|e#W&XN
z)?iKONUIo^19Hw!l*dEOv3|@gd<5sB@Tfm!Rvo4A*)4^b=gx;}hG#<Uo(0v8z@rkq
zc%rDSD5H+@z%_ZeubaPVESSt_@4Rd>(-<k>gs1yPqX?%17l{q_>t7u}&0&i-py3Lx
zSXA~8tCuaur^e->ECElgtYGW$@uBuxU#wpix`4QMQ|m)5TH5*BO%U_&y@|{1*N8Lc
zbDW2(pp`q$qHmENNbAHzjQf!UZ+`+41)*^`j3PFvIPs4E&IuwwmMCGua}EUwEwAFG
zHnHjg;+-4d%OqQwYzQOG9ER9*=LxaZZeeet{2A@`vs3N%jguK4qsR7OZ9J~4lZb+i
zpfkHK(?kv#&hMYwP2P*?iA6rkw}cH`ivR;Bbi?f^1_ck-9+!ZDta&%xOS*@<Xhu*$
zY;xzrnoHvVh}xl5i@dwVYahu};Lnusm@2a>-V}F(7rF29A9!2`wtvKU!c|~D6boaF
zkD4G_Kmqr7-wc=mkaVwbkAJSFO(5K`ecS}vCLnN){oMgqS!Uwp^M!x3ATCXs`+ZqQ
zeO$)dwqt&`=g@UGa>SFq0C)l-GRn|Hs4Y^mQjoh-=~%-wFEWaDFW@$QAU-1|J-6&!
z;Kz32o74vJOk4{fk@rp7x$d>yx$bKtZzlkfe_KyxKBQht9#4nVx1PyK_jIAJCC7}G
zWl#&;wj-AJ3VZU+6x;fz`kuLC{TWuXqV)~9pdu8)P`?o{C7#KJy`$^-<@Us{S_R#)
ztxvWvt{-GnhVI!h!JQncypJ^^qbL04VLA3a%JKlMkQB{w+66+q=yJ^ptOLZXx|XCK
zK)hX3S=P1DxF#pz4h53#fpoqTMBs~KzKR^?f}@Um;jSKlWOx1HdN~(#Ap+-YPGy62
zybSc)+12Jn)j?}%Dr2Peb??jk?D%0#^eYCIVzHeu58O(7(7AK!gaz0Oce(~x6bY!C
z6^?JGqE-1^WnZo0;4&d=EgE%yDHnR+n^<Y^S%9(HUMWn_=cScGiFsY|N|-NNGwI*N
zPnQ+~#1#4nj(bJpM9>>+e+$NhsTC||8Tpc~0dgveOx<FX0_1C4#);x2vU<2}v80%$
z_8`s*Z|cu>Ry{H#L0M-R*8YNyq}gt}MNk{(1^G!*-Yi$a)Rw;S_T=2=qQ>D;-j8lX
zK-5~^kDBgniMx+uf&T7s4bMi$`@~tSHNHvSYhp|K<eTd^T1D4nUsi&ytA%?E8%Ie;
z-m#__?B&sd+Ty65`$yebgLA^R(%U||q%;HxH}-n6bo9JCo^=0|+jdTcvVTWICQH*6
z@G)zQs&8HP>J?wwJZLyUdfm796_j;k%5#)u#hVq9G<G7lpX2jEfOc}_IB(3GA83v*
zP}-chwa}ADabi5mdW(8h@gS^Q+AS?zQJeHeoYyth512y_;2<8MAFuuK`kHL?yWPjI
zl`j}vv2MwRTVk1=BQf+uha$6b9&Gg-A0tQ=vbc(5DL#eFn?EGVWJ(mjpQG5XGI-3z
zoYINF+D-tEsN{imbY@?1iVzMHyCX~A+iNC3dhuc?PaIzTm)p}SjO8h;{$S<mZPfu-
zmtt%sCOS_K3kVPM97+PV&K6T^V{PuxUa<09DBJdTRHH#!F)xA*gl>A7q_;_FFH%7n
z<w*@wsnM9K$uG(UNk;Wc3@GmDG;AnIC8EclZ_FtO;q@fvNjx8>jXpz(Q@B2-z~^kX
zpBhh)1uNDu8ML(u*D=9+>&~`>K?;HVxCep^gS`B>{x_Jm+y!0p+W9|S^uk=qs)ENE
zZ8Z*6Z1-~fJ0;tq7o*1MY*7#EZ`CTu@gOI0v-~ORXkEKRo$=ZAg7Qi(Xq%5X;_Zk$
zxnj1QY%F2O2fU)ZQf|s~bkIvN1h;bI8j9oTUjfr;Gt)+G55v78v0=VsGUqQ0Hs+a^
z=8nK54PnMgF-<|z4LPx7+c4GvQDW&h&3laLf5Y`7AI~z|_E9Z_B2!X1wvrhv=)dzt
zrmZ?7=NCx|vA$z+CH=8acon6IdxoV!@Xva7)AC=5KSl;?YGqDoCsg;K(O&VO(eB;(
z0Vlx?_@A|7Ia65|rkBEO?U+Q{6yd*A1^w#9;%YT)YjClPcEr`DW%{VvEu9PbLl(Yz
z+s3^=L&}=mlUAUL=BY>j$oW^^^w)ngr^PIOo~CYqqcjgW<p_KCl7w|%pG|)rDg63n
ziiHNvfturx1lXv}z?bZ{ZIM9YAb8A>N``WfMEI`@rQVx+<fug=ZfwI-EaCRp$w=^o
zx_;}-*lBWW{q1fP*$UZe;kUo~UGiRey(H{mDT$|s77W@Fg$6R}n8UHDFkW%%woj@x
zIg)Lbk-q|e-CwIDtE;zt9wZDOWfDu~GN5Y(%3qLo##XGm|G24rnC(7P@b7FrW8}T~
zS94KI8bdppGMMORwI_S1<5}LyHqIa>GcMCe_kCS6OFG-yd0k_CgZ|{0t1De(=*ab9
znGI6M$yTChhFeDSi#=Wa?HrQc?T+SP(TM^h2Fv%dRlBduAzKl-NKCfPG^_P54}3$K
z%B+sq+Tr^NYA$m@&@t`4Mo2sPDW1d|oXw-=B(&$*rulrZ((3lGq1xv{U=(OjZQx&(
z^<KVnqRcZ^^^JlhJ-@t7Otn5ENS;QE;@ns1ID`~TJq`oMCw;*}s&_L2v{vz@)>TC>
zlR7-NoSMMPUlJL5Q$UO76m1w~P4^rZY_Kgkf>XoNHt9~Y)cWNLFMa=TOU`AHvCLB@
z*{z1I7isUUiasIsfp2TI&>;71s#insA2|%|Xtx8sWQX<2pvz*^f_nVaFC#16!^xC3
zMB6KACH#l#5r*w4AGs7p`RYA_C-!A5*xInXBtHPp>Hh7Vb?sZ;T3qG&FbaGm>u_Tf
zsE{66xW%7$53WLK^)s`|F6icPJYY>2oj%`uvsnhZCdE6z>lk7k;%=(*_SH@v;TlKk
z=QzV05SBVGN65PWqT7kdYDE4L)vVg)Yd$JrAuQmht)JlO$go_gmsHv7s~s$J;O{H<
zgL^)_b!TBo`amH~<Nu~Vm>hhg7X0Awi(e2+5l!Ey5|}`o{~>5wWxlWHWZ^CQ&%kV|
z3(tXPM4su*hKQ9SqwzQ%^SH=R)nu<urue0T=Y@*$W}n+=o++zQ`@k7aVClq75=<Lb
zUzVXjJOvRMO4HT)vw|fE!UDTEBrgm<T0JHSSs0GxHnHwZ>RT!Zf?&e;uX#QORVq#X
zbszEg7PWvUIDmypQ6;2XlP5ciEG_4lg>fMLd7Lpz_Gjk#V0?v?POpiUfN6*aYx087
zq&`{ywK#LK{oI#IC7y8~l3w|zY?E(5#7o@?+A7QC(M2SO%%(p#r$^V&Qjnr6xI+~H
ztF2{p8%^CM)F|B-^5gH3BA1~C1Z<b0eDT!<y8NG9hAzS*tR(}c7RgqAbpI2}T&0dW
zAg(EM?vea5>uQ&tH1GZBjr>>cAHT||XprftWABLqXq8`Wssa?heyj{HquNB8|AALZ
zbKdLtMajeKpP($QMX%$aV6(=Fo<l1kM+i72N@wgbg)>b*Cuz_>VK#j&<%(n4FyV>f
zs%QIteyi<IMMo=Ff-z4MTXFK>wZa{N>u9LH``s_?3B=z)F}0Tz2FCN3?zl+10_^$!
z@)vq?d=0w9&iWE!@V@pK_)vR_kc}adV3q=(&|#H^GTVxy{h&FD-J*}@$^mf4Pnxeo
zxYU#XmfW#<(|Ixa)N&EnYPg8CZZ7`SC9+z!+toB2LqOm0tGb-Xq~0-Whw!S8GdZ>P
zqWB+nw5zNtL(!xdbHQY~AOPKCHP^ho=JZ#g<jWJ;q(a_=(RvSWl+5avm|logRPB-W
zK{4<-vvu&PZgHti#IW+TM}y2=!!$#$G&WAJG7bq&ue3%a7L>q(3!-4+KL?9bTKH9B
z<(o}L;htXDTRhh_smV=aJ+`^ynjbYFHrQ9^E~p)T&F+{NoA0-04(fei9JXBLcy;Sw
zFG9G7FjPZKMlmi)WXNF2VBOx*>pq+wi!Khc%cBoy!<5|POd@he^4nUQd|0~1>*Y@3
z9{b@qTM&N?iRqxFGl_F7&#<6)$Dm|E$cDRXOHa7B3dg_XAs*g6)Oy-Z=N~JQkrT52
zr6)WOmSez%Tem*Y<(L=vO2xbPu-*+tL`_8aM!Da)jw=~}K!4put9+vlcoyFs%<O&u
zm(SwGhr#SuNDn87<1XJD+X+{r4r|_gH5lxC06GT>uFKH8W)FA12&z*QCp60hP(B}X
zynezhzcPl#&p{c9r{4PGZSIl=%!x_Ph{Ykq8Dp2^Dslpad-iD51JOqEeXmmE(cgq+
z%j84+BGX;2-jyosQhqje-CxZzp-;DGBX|rpf=k?n`^NhoO#=+9rEvXs^MKe`&THBt
z-u)%?IZiL|oT~?EmvXm}E&ojJfpM}Dy|a&hac)u^pu{@WkQ4KCfi+2inrlL3MeV;$
zQHtC`*DFMUQ53E@0)aHHX!s+8B}HBZno$POE=&86JN_CDgoXu3c(=Bm5SxiH;MWuz
zyE&f_Ln}2Hj&W5gDcT1dniM>b^n?oJmsZ7upB$xLKe5hG9CcikoCiU&W`CCp2^V@C
z;ldYKH~Ny}*$saSF&MjUnJamj9OK@s4jFou8yZ4p-`$)y55H{dzS|OPsCU=%{5}uD
z|D)=8ukQccF2#I=G5SYhmyDcYm24n~2qXMl{0vu<tpNUoYRJs37Q?2f*k`Eg2-mww
zNu83lrg^j{>lP#4{z0>F1l{Lsmle=1S~o+7&fC8B$@P#p$lj%h%|01|via*(a<I{N
ziYppESdjVtU2LRh9BZED5YpGo@2JNKG}S=oEumlkkfFkYX(JHl*9S|xf^o~-9$NRY
zLhp85_9EIf8vF(0?q3^G3D$32qQC|OH_I50P4P8mSH+W}dbfzP5lg^#H-<15^5Fkm
z!5?>z@qTIN)n0JAjY4P2f8OAXQ|&(FYFZ3?cIOc8WWRa+GG50J#8?R);=mzf{AEwd
zEBj{Vn2T&*FO~M25K5R&Z;Ni&grQ2WVCONW|5tzoCj!jq!|D8H1`yD5N-n1}1QiOp
zW7`#yFe(JYFUgz%LaMoa{+$xQ4_*NQ;P)wI(G9F>Ev9aT;P(qU;jEWA*$6(m*!e`w
z*G~cLFk=HZOh0Y9_RvmNwM6%$_tfv%4)$pk(~sW&TS7SBWL^9-FT(noUa-V^)gHQw
z03NdD7PfULaasl-FMo8_>zcAl;?MUMVVA{WXbkbJN*`59FW`uBnWHn+B<Uz>`5`po
zNJewewreAWFdJ`|gy$VMMfc!1SAsh>P8_8EH{ZeP?nY{wZr6Y*u@S#1c{t~8v8_RT
z^41pTLCfv~3n1d5e!AQI#ZO|BV&DghsrLBmmsRcM2S_cz+;Vz=Fc#?D^%DzI?6rO+
zT4a%5xJ*!u#@{G!CC!~bIwWw79;92cS&@U|*1Q_JQd^QEZwzJy|2XedViZytVQ)Hb
z3GepSxND_q&@UkKIeFZkSV~7LF?QT@j>&sX3ZgTdHlN#=E|=prYBfFp;hvD1e0)bf
zea*M<-~!94Y{cJpUi#^AX2Nbc#vt;$SG4T%fW<y3=eo+qirhuC$@3t7hnVQERkMen
z50KxK(L+NhP)9K@65!(qKCu9>Rg8oaeFH^he`y&2E27L%?ZN<}lJY|KE>K7@f5$|;
zLi6e)C4O!G`3a|Cfxx_XF?}=53WU<NWF}hD*xd5D$8umVMY;VV6X%-oC5eag_rD}w
zy&uoa;+GeW)!wiy`6bB*`3HUbU$bS`9sL-9U2WB;UlZv3lJqO?vSEH9Vf7%7Y=eIC
z9D%EBwZE7JyyS~-(`y=A;4rSlS-&AKN>Tx{;2r37fwS<DXW|k+r57(y$gdG?vo2h4
zb>cGDCwec~-f;8Ma-dT=g6G!(#XB*w)gkVe?A>RCG&lPA%oI43q{fjrBm+fN;=^Tj
zjo}+fRPRwi4Vf<rvb0Ia`i-S=5h{&mrf>BdMFj2NoX%J`@zQuS-3y5w@T~@{5m3W6
zx)<lB=D^z!9$VsHZ0w!{2Ye?c3^^5cn{ugR-S6I=*EJS<>EXVb+P@_hKI_BDHA5MP
z&cj8|5q4`!wyZ0^m~$b{t@GSIuABQ^LbaggB?GrA`2|Tf0I1*v_)ti)@_tdeR%y2!
z?>Wlj0nG7mJeSy7b(j18^V5>qLvafRyUmON)7gO@OD)m<YFmQ5$^fD@BfvYd()c+0
zLZ|_x2Z`XKLQwlOSbI<N&#)k@9es#rIyT0(%9nPsoQ%S9wu^L0kB^yE-DV4<YMCZU
zk$I@q?tRF-L4IA<o_Y9uEXt`e$HK0%;N1)%Y6KN8E_6E<4ERei8AClUX`A4CT#Y@0
z@e7o3`ET6PJX8<{EY(FX>O-F!RVa+*Jw@W?4C6XV9_i1M?$p<<&#GIK^``EIK8cH+
zE_U0f9zTi0+QB+^uX*cFvEMY3V{z*Q;LYnzqVfJUz$kXV2@=F7IOkw2Y~cOW_d8ZT
zVy0Qnswh?wV`lghcSogvbYT)^aLwH<`e9Y=ba!E-3VL^{j+m38>Gy5l$SKq~r8hX^
zvM~v(Ex1^gpXclP>xG>X>9{WN$LNDySsGA4x}~pKn-wu`>;TEd>J+voHu>*nw|G-)
zg+5xl&hg6WXG_za*?mZE1RN!nRwpTQm$;{d3!XE~s|m_cc+p>OmGZr><?TxH!aV{g
zWfq$$iR@_>6nxb!4~ZKEg!V}mRO>>VKd-~1;gM(G$R8pCq_At^TQ_3uoNwOYM1KLy
zy!+u9u{i{p`dP(XL^bAqsQ&QXHAr;OK;rpl+pq4nwi+YbnzAzYkCM4;pXcA<ui-rW
z{ODh~95)SUTxf~(m)PRq-LHB2&eRCX&<|uM-iN58>cXrIN*%r$q@7>4y0<Sllez0U
zuenFRoC|&k$yF`WEA-bN&k5*)#hoi$6K?2Tljcq!Ivkj80`tynaqHm}Eq7W-x+`jh
z{ygsmk4`>ixZl1vn&*){D)AL8Y^m{)G_LS3R0T<f31$ri{=trU{<8EjptME}L6FNE
zP*vlN5b|td!(P3v(uWUAmS_|FfDw$*ohgpFpUDtO^DU`=;~TijaHuc&J>SivYAF<U
z$D$H3%c5viot-}|$;Z}LuAee3o1S`cYIx@RVgH%6<>>^s*z$8@t>&zoeOqySWBf;!
z`ERm%r3)XcXCCOPlON`OsR9MU1oPw(GWsl+jdz!Wd#nE<d#ozy&u2t)TNO@fU6NZ!
zrf@+PDI;s)D)fLA$Tja*iOt_NF@kLb9YjB7Xi#-;ssuE)mOJ%~x9sM`>^FbcI&7BK
zet(iqYB{?u2$UJr6Q7h08IPTo`I*B5<X!R{{rWul^UlD@cI$0IOC%bsU1rFgr}JI9
zDGBKkke%BhqR??&Rmx`lJ4&?~<$Q%&xmjsjl}VPad4_p+X}+y!?en;wbiR4FlQ!Hd
zA@&-l=I$)WEl92VyzBBH7QP4IJCCe2Une!*x>xd(+IzV7k+x=2YX#z9oe7b(Y&r=#
zl<XL+n+^=Ms=R606Xm_QyvE5pQ+T~X;^@`{!7QJzneMh^&W^!h7K(9a@r`X_>G@Ep
zgG)B1ACS1ZgnM#Yt14q9>1Y-mnjUL{$@W2?evnk?lN;x!PlIHT)nv5Kj1>DeTSy71
z{vrEd$~1m<s~@`~1%;80=s3#cfE)SU;)1+L2<nXBq4-W2!O8vf)sJaSg@Xd?G#7~m
z=8~U8I;{mIX|ob-$6LnjO|^u@c#QKKqQ^R_inGTB<;Bqw)yWQMVIMazIX`VAta>7!
zJNHOZl;J~P=PHilJ_tFRO~VG=C6@4eFiexWQ&!XU1K*y^_i*_w19G$p&mJ|?*eJ;I
zG80bSMGs(=1KoG<gHa-JY&)@3hRM2bdm06Mxvsk&Va9g#Onx9&sa5I=&rv;`hjTxH
zp7&cKB_r4=^e*GInj0InV$9b}wERH5Sab0*`TyadGbX?o6Ny<B#`W^EjS?n+@CT7U
zbMiD`XCME@KH8O_bdqyOvD!k)hH_yFE$D_>RvZ7g@yIhIaktHDU9I%PtjhMXk8qp~
zQ63&t2Yqah7Wi<%U%k~9A9)Y`<dnm9$K2O-JH2$e^1R(uW8Y!W(|pG8xZjNVKp9jT
z#F@Z~0yAHILbDc=!t4Fft0%h$%d1nMmoU?>i___$Fn=h1jtX2F(jNl86dbi8=PpMj
z&q3!7b{|J=15jS28hn`KKNKL;+9dUN^}Ao>V2g4&HcK^&Wxqll#&CMhh5_wnfYFV2
z^L8A+XiDyv{7i-j(>CV*<J*E+JeL1E*(CEY-2K@@Sos*?q9^npftIJd(0^A}`s$%~
zsDuAt^7~>R-hIxxf4Me|AbPcZbUB3^-K!bWzv~#n7$kO`?}K%4zf;F9JG8zJ{vJyw
zs*>&>*7X>0kH19DSxt4yM97`F<zbI-%<kd(=C4n1$|SYg=e05skoXo8qTk0mD^edT
zN>`84`|79$LYetT1xc3oZFw@o{7eVMOj)A>+DBx;6W<owGQg_~@-3sVyDzOx5PGl3
z9V~Z1B-T=XOw{WPWVVy|FI`p7nBw4GL0`ssXWshsryoD~#D%H!0(m(l0|~cRx~b2!
z{;)$q#5iw?ZV<oqPc(k-kV*rQ-rsH%`5xgT&0dEHCa2~Z`+9ktbs(7{pWSq=g&&6_
zo%;mL2%K3q2=OC`UEHT2Z+{!l77`YSP#N_UNNGRX1>GPDCLQFb*goVLHlj`=zbzCa
z+mH<8Sv42CZp35WCcg{T7hk)d7FC_UefF-6^%zDOF?=Ro+cR*4{$GkF^F(=~dGA4?
zIDuYW9D`Ek#Gr^&-DmzY8Rb^W2IJeQDKsqa(hYHHM^wu2PD0a1&Ihrp-jKUWw?EL3
zn0IeXh_gxhYk0ne@!9y{JGE&Q4U^H-AhYtWymc-;KKN#f;`pl;M-%ytiDlL<EYIvU
z#ribIdTq4pc<@7Q{5t~#$Ui2btu=UwLvlNUOB6uMzgn%HOZv`B#VmAqx<JY)_(|MW
z0Eht{kfO7dO0Cr`MJ!(kRO%D`d%*WO^EC`~IiXz2-xiibtZ5Y?Brg9MKQ6yp(pUBQ
z5o;#$>pz}fdug_5vbY4kI{hDa#;du1i7+C=+G=S`t72h4_Vxl`ildynvgq1^_?dgm
z#8m^BCON32n@*F;NZy8#LMcHs8M)3h4|2Bffj6baoDv@igL?+v&^gnPLmECRhx+A2
zSXt&o{J-78tA9&=&(`{005kQ%qgOYp-A2(TO2kgpUwIz93}Mh3(Pv+%`@w&l(aX2C
z<5#dY$I1L&s!P>!I=}2%pBdDYy9w(OdE&kKJ0j1iV_NkW%6v;CjbK9xD3YuF7<`^v
zRV=1T$-??DFu;j^?y*o{0O~ymkCTK`ApFI64Ln7{qqtOzQ4YseJe-Z{;06cc_u{jJ
zrydjIQnxJQjweco(3^>I2)OBx^x@&qI_V4#B*rwM<$%AY`-0@;w&Zil*3|*{WK}BT
z<~3KI(|ONrO^%{(1_QOqeXZB2AOE$A-RL@lZWQ)vp7OhF@uE%y_sBwvo0H2UGcPQ>
zF|j(Vy3(z<K72V+L$UsL*Eef5FZ+co^?oF@l)77-@+uAZxuDZ;m>b^~dm?m(TQk{e
zk9&0l&@}NQhufZ#YvLZAbngb*XLP=S?aLY=F7Z8}0e-d<00nwZiNJGRyCEHt(FbX&
zwlJgZgVRn&QKq+EK3g0u*gbst@AM|hLOsVP`t!%bL!%FWiRR>oqHI@0l=+UMk=YLR
zAKN>dw%S*a*yyvK*jxW@ITLV>vj6JXxwSV<`loQf3Wvy2uWN__tT|)lFCNq66QQCf
z0w0{~!Vv`%Ag~G=C8RvR+BE1SKm5{3^^vZU_19)r^jBF=^=VGu!aN#Zn4bB*M!UFb
zL<qLmA3|G0yKH4K^jmAL!4r!zev<8jppV>48|0nC=O`l{<yKRcN3A#Opk=7Q&E~0y
zE^EBASSWT-T%hemw!^bzj%g38a>KJyjziDKhc&i{ox6A+SX;EV?I3v7L?=G&5X(%&
zDE1I*tcW=z3qI4zli{7m{Zs++mftcEnets1m}+3KX-!m7?iN^ZA+y10x#XNGvgOM=
z^nMK3!u_6CX27L7b$!SW^6t^BB4vQjs4l%pG3)or19i1O=Y|eFq^M<r<Uo|;!tqac
z${_ED#XQ&q!Q*_=xp%y4o@YSDOUJpb6p$-lDo?n97$7)HiVvO*y0pP{2WjIu<!NIh
zC@A(VTMt#Xw(xtFwuIyFoYp6<8Hng9moB_FYTee{Gg-C5>vOIJD$@RP_ax_~t{Znz
zO9s03JmuMoPB)oVY{e}#?LqYK=(!Q@n-TMP9w0XEJpi2Ri5-vl$~8U@44bcyIVwvd
zjj1huf8;NH({;`!yJXXE>;z$(51H2GCfXZd^MxnbiqUxY8&8XZaBK}FVX$SjOX6bJ
zc=tdFu=fe|lfsXl?~yL?%eU9>mT5~(OjLabLoSIKluyKtiiw?6g$4hK2|qxIN8&o&
zO)6PQ{h3i8Cx617DjiC%h35zYkYH&0p3_aKPA!kGUP>c@M9hsS*JbZf8{-m=4P+9o
zHmy_~C030O?MJAl;e}_HvFYxiJCnX-cwh{&959CZW_CLuQFw>gD&N(_)>qPg_C)Ox
z`(=1g_s~=c?S05I)4xa4r74;3J@@~<L!;66h&v^>n2xCQ%e$%1C;a%p7;Yl#Fw`jz
zU_td_^?>6P{+k0!Lis6Lb<qK*g6>{%Xn2XJKpr%Fu3L$+?$KoG45%~pbO9i749xfy
zTX>F#M+dZIZ?k$l!_(J<570P7@W(zbg&p!!&x{9IB6a-j?Ua9uEQfw<P*F(BXkL<#
zVTzg*{Dqp)yzu+6W#Iki`$4Ar+&U}JQ=|U-P~0(%AW|LbPFr23oVt-Vv0~TQUvbfg
zJd)u8I6An@gsfS6VU<By`9mjJ*&kOMUCW48(=Z}=mnYM(s)&e|IbY9w0x2gdSFaa;
z1Y=A7Cgg4G|F!sodi24y&-5%i+b#7(nehz0L{9HcLFv7qx=F{pWw6`M#yoKtmw4@?
z-D;a5u{~KR?%FkyofQ`*vHe(RWpj6%AyJ1iv~f1T`d)Op-Z)E6Rx#vk_8ST~4Aq(q
z(^Rk2PV8vC*jx<$iF&3RHwfp9h<fy?@jEh_ddH9BFDy(gdpF&D+4!ROh4g$sT7lM6
zYci8_;OhFt>*&=0p-(pG78!2s-@dX;fvAnMCm@x!is_cMe1;ias9uE2<_}(X4s%VL
zdYRtJxxy5%(gs(LOxE$ySDeAOrLL}=iq-x$-lFJ+*A`=l(}Xh)zYUK$E{;k?1=B?o
z{UGK!wxD?uIUra$cil&)v~{I6BW-;1O(&ADrQYjtaP`58kde4{w%TC}dHu}Dl09b_
znT8Vb@Io)zHl0R>bM%W8#}Kv}+(V->QD17wZL)RLtuF(&3W+&^rIfd*gX4$ba9p5d
z8=Dad{qWlsvk`PQLOO)!1U$OUY$Wv<g;HwL;$%IJnqsji<*LxvG=QnnNYFm>8}s%?
z41CT!kHTp^|E2{c7G60Rn7YTZMX!~BBl_WXc-bJIlXt5OX&L7S7c%?(#W}uBVC;d{
z^-cG1eV1ngGsLfepghzd(rg~e>uh(KD4;E+e0ShlW5L*cFn+F&af)nYX+gD;4$NF_
z(2d4ZapbLpt_+a>4MX8|zSoqf>F2PS9IPAAJ~Tk_E&}Ac;;fx$_thirkOg{iM}(H8
z#V9Rp0(0H(U4W{K=h*|R-=le#iziw>xbVcOxqgb{L;RS;9r^m?H;Magrzc+k5glak
zoqj*JY9#-~qUT>SP35)fO^VZYV^(k|i=auea?ghm9)9VGOnx8KksLg6QNjW>Kw>U#
z`44;Kp<bi!#QTP)1Yub12a0Dxnc7Gy5M__GKsNACmiF(-tbyo1(En$4CzulylE8*~
zB>?!5|N2|qWbb<_yk#73z7B$sJ;k#Q9WN>s2rChWzi9A~IGq#H6*76zp#gSWq(qb+
zazYR8u4|3?7OGZ5O@Vp=(lUxS9$YZuWxUY8Uq0U+eS<hOvoqvR;C)8^6BLqQ>l~Bi
zO2J<WHlO?`MludE08(Psn27e7i&H0{2!xA}jK5eEU^bkZ%O3c4f}LS#jHZd=o&a`w
z=_V38)yHX>ghTB&d28no5i)_th<=CMmf)I69r|L=Raco^#gTRF7f$`pvEUB{lrADK
z(-Zx&=Nj?5hC6nu&~GwaNB#)e0<Rh=DyS;~TEDOQvL0JwdXio~(0ZTc-goNA{6SI)
zcsnFKpaE{t@P9dSn<T>^zYKdEp^^IjJCq@D%6;Kxj+hr~*E%u`Dvp%4;W(?3P!#l_
zfdst0mu_eu@&|rQek2aF9W-i)y3jkssC_LT<TnDVijb_{a4Eg>^Pr6pa{Rtz5;FN$
zew%6<sSO!eF2FZ?FD!MacvV5_HyL|+6C=3DTZF}cibX~ISA)wdr=ly!dt&>T<$H@s
zNX^CP0wSx>^$4^1oNOz<xCDV@KgOR^ZIS-()use#{{(Xuymg`OAn1E>WEivX&$5;T
zROu8>z|n1FIZ754-+z;{_>fOa2z$>hDsv^!@)tsbS63s8u8K<_u?g&s+jlO#^JnHr
zD)R*BlVApN)T5Q7XHoO*Wr$AE7hZaoj>9lwryA~a;{VE6P*{jI;35%<bL^YmZ8N`k
zlg;#)%iAY<`CsM*v87<pfH?L((Mz-_lDk@r=2)kFkJxn;{dXwM^B1Ou9{ebdx&PiG
zV)w<MX&P5_Sxbib0GjUKuZvY^+Zg+_{|oHqFQYl}Gxy}xYS8?WFMOQ7ZY-*pDUz(_
zqnfyzEH4I4Sk#2O=&C4roqCDl%B8m%_KW`4(c{ZlPW;@x-L|XfWb=nCowP#S@>l<;
z((7W;{u`$`#f)%QNfiaJRS3)K@9ZG6g!mWFSnhfaP`Qdq>@^I37{vT$VrPMCCZdY-
zav|FC>pBmH4VxL?8{sbVQ$f3FOntWxS;2b=@&7p{q3}{b`p_?F*fQ2VH~G{}5!*Ie
z;PpHbVFJ@~1<8N*ER8tUE$RNQ{goiLn=!XTRu&fxHe0XG?u?1_V*NDH(+9?*97qr6
zS_DfP@|?*oBPP}^%}QA3a}SX!z><thl4yFwpZU)R<ocY`MY^M|ukK9~(}9+kMwE`s
z-EaK(k7I`@^74n$ef;an=fRb&>b2XgxGE36?uHC_Q+c<=^uoS*#2&RvVM*|<qoptx
z;*KIMVtI-V+S@|?WS?R6jB+@+=W6&TQ{ToZZ%!XiNpB4!gw^1kEQr$1ZYp;%EXmYY
z6gT6+n=hn8lh{Tp@AKgj<CuVC%RWh-{y%c+7brj_bF}ERkHH9*gcT(B8_tF8x>uOi
zio;$EMV&KwPQ8J!ImqCJ&7r?-p}lRn#2*0rDDSm}U^@B>3Of7DwuOHvleyG>o`SkW
z1lIdaePY^!8omIy`^WvAn5{Cu9`I4|n$tw}5kr_~2Bbx&MYlyQeZ`+b8_av$TnM}!
zycrYlpXVzU7Bg2AGqinBjDnUyJ$)4u9?rZd@G0$U75E>I+to<%Ur@{~hlG#^G|LZS
ztTBAv9w7Rvu46wASO1iC!nsF+euJ-qzN~C?BBLO6&TO$n2pGDs!IR(o+0?y4MfS4e
z->S;_i7*abnaoN49#0vlv0J#%Vn(w?K;#`EpfO+nb}`w@y@HT)UNAAF8X!3p<{e}c
zx%->V<<LplD62ZZ)6GSvG)x@Qa0~U>jCT_W=YoVkgxttKN}bS~(LuuVgj@k1w5MHF
z|1U-~wHJryJpU_~Uv|3!7VQeXEXi>vVAL}K{3S|i3_hw2!&TNbBD+ZNe~ovr8UzN>
z{^gyvuh{tmaCyTYt9%k0^4cwhgb&uMiMN^yxuDrBJK}UAZ0WVtS<5BPiG#9vYQH_c
zq%CekxqWB8A=@tY5g_%DBbs~__G_Rg;o-vTmhG-tDK7A|kdGK|u!p23$7Gi5mAUcm
z?F!syxPU4?BRoX->E7yG>a`Ex`l9Px=s&dU=>!p)&I=KHf;m>?-`&wI1$?;*g%tQt
zs<1tCKXpxgAdde9q003ghvQ~VWwVco{?u(FI(~p*RDGS*M*OY*s?IHXfIt3q&%Kk?
z)rjpD?+ml!nxfgA{xd?arEAS|8vOpEgY*dn_I9mZ`_qyKoY3|FlCjAnJE~pKr2KPV
zMpiWJhA*j>+MhQ=<c)lL_cY}3Trf_--<R7z3NWN}l~R*<^BA<|{HK6K>;c|gW-E1<
zdVYySQsJd;>|J^ux{Gx;HM$YMTEo5g*0a7c+?3hp<xG?A0_-X9|5uH<<oz23d}kyi
zr>y^9!8eZoC-|nlCYr4HbMSp+XhKq{4O`R&HCd)be95AE1x-`3yw$NZ<DbF@UA@LX
ze)BRg|No=+rf;aKSN%=jzNtjZP2myZdM=VFWR@n&nK{lskPXT^$aCHD-E^IDP4kV9
z<KT_jhmi3(y!{)26;pjNoOq=VWj9l4G-XC~-@G1nW45j10~3s7Y!ZBhX_+xs(gYKm
z#kw6z)ZT0TaGtw~dH;PvwqK5+t+bt=0=sAr>3wa`M*ePN+aD@cr>qYx<~hXiW&1(`
z&2r>sx5wpaC%gw1f)0d0H=4)(t+s2l*=5y~>sx}ddLKV}%nG2o+(>rQ$4fQ$K6j}`
z*nAPZRl*ezCiIihdiJavnZlTQRLi|nNLfy5ea**tGYlp(c#Itn9@gSC)HVp~H*?K>
zwX4*&*Q&oB)Pgq%AF3Or!8Pos{at=%gt6LnR>cv=u6!gY+x2bGx;&3|xAL(6d~r~Y
zmh@-6CS)e0*s*4E|6JwV&4s=pAWO*nadYiq=fgZ4=pHuhJ(I<a6`$ycCKu-u1K2G(
z_4#8SZcM9X9HG3R8mjx00Qt}llntWSBsfRT^8G11#8D!myAH@eJqIG)J{2f?X%s#i
ze>4NyuzO^%Fx@@AgC({pEvCgD8oAFFYkS4m5<-c3>KPQA{Uc)9*%M~L6&fd!YA2Rz
zyWD@vHO$q3pNBbW85Sll45W@EdA`8~LW%~jCA(6?oRyi61B*;^CWRv7oJA3rF*8r9
zGN`{NquTXJB+BNLs4+?{E5A+Qe#mB)@A8h=H~v%o>JoqCe4cPI{z*X<#er2Lhdxd&
ze6(u;9_)d(#2HF6KF2sUZE^ajmoF{Zc{@R}|ERZkN<yqlASCTiv_y4tCk4|J_7$TR
zC>8bH7}y-Ywi7b_iujYll3U%RVFi^h>Y815tn}Uspmns@YhBWVK7P~{ED;VMzzKg?
zs}Rk&9jB+s6Hzqy!QUjbcf@8EC~6i(ywp#B_@>199Qf>xp2WM})u$k#-;?IM%4#I1
zBj@h9R^95!rUH(??#~ajNBaA)H4slFwqwD}{*L6G2l=7P9v^4GqqB(Zeve>ZR^UXj
zTJ7bDWujO=q^icuTH%30@_`1SX0~YS6b&A5?=v>g?h3MA(R-xrzX1l9@iASxo_qmF
zx3=afX_cAdW%fp|SK<CD2mZ|$SMsIGyT#nQ^DbmTWPMD0b#Yp8Rx%$rV__3mXtVZx
z=F`>I55YJ~vlWtu^ied84xt<+s!<dC(Q}`_mzwo2I&ZTRyM+;B89g>!;?8frelF+5
z<~zY#-_;o;c2?_Nz2DU-W;~Z8<TN_F?z_soU~2?^Tcf(R?E3pW>*J8p(rg!@ok4wl
zhCY73+Z3I@_4aPfY13pcFPQ8_7HjbFO9s!mPRiYIl5s%5<*E`weXQh*FK3!En!b%f
zn71^`wb%#ED|k^K;xmfAl#{_|?Z>l7dMA9fyrF|n@L@Xs{ZD_<ga6{0(AVsKy0Pn^
zbKuN*50v7MqRC-ur2DT7p$k6HyE|c~--)Wou#>4Za%4?w{i9h=KV2Fe5nk5Il!V_Z
zC*5U$k3PE4(EXYC?~Nxf-)MOm@a?eD`WFKgxi-v)LYN!<v(&xF4lddHYY)5VY^q$$
zL5E%mr=CiJ5VFv@p#_Fld~feS0_(lPQ*bc{8=d@_1v+>A{j+m--)+}Jcm39{8<SY^
z><c>>BGDS)q>`Qnu*bJn%7yLHc9xp5Vt2S)(sPke8$KfGf|kskjCA?W8s1g?<PWI@
z%CGz#Eq@)6-n|ICMefa><6(5%%s=(!q}!7H`F5^b{3PxSM~Z9h-nN9QOZZo%9n7ME
znON+nyQ5TWG2)h9PV2XIGcb+b+PgmXrQG}Vdt?O^mAq&ZwRP_aw-~em**)gESa(op
z96doOAeRYPkW=<BwMy3NWAduAtm`u;Nx1OwxU;O&W6MjyF=ekjCtCr~L;sU-Dp*XQ
zGqP~1^hf%<ePRm;x@XL}u#?{S==IX+2-vef9w6NM^r1c35&uc@J}=wF-y}Wn-|cl)
z*oP}L4`;?DfMg=kTi)Amr?1Vet)`2T3j2stml}U=w*u{_Zolfv)i`E@Eme2f^lr#l
zUh3_Q-co=_N!NPc>eXc`+y{-UodKVW{=S^1*eI>*kuLS<N%T0KTJL!?{PcZMnG8PA
zKKIp)p7>pWVrw57AP8q=7sda$l@B~1SjW0Pnb19g-w6Pv@q&mwjw*7*>dlM6C#_j6
zYfuoq{tZa0r9$kvqJlN>&)HNqJY6C%?;6SS7KCnUSfmH!=yt4(qgC>K^e*A6owx3T
zD0CTBHiIf|eHO%G-?T@erO(?Ywsb6k%^SwSO-|VlSJ;ZTp25v*j_1Z`{@!l+IjiZw
zTm;}nL`=$IHJ#YwxWXR>5X-i?Kc0F((}(yo%VsrqsKxR)hdReCUPd~d`G}|;ra?k_
zjXR}OwQJ{F1aD$8K;|ybFRAD*gKN=<=^pM)^y9DhT$oPPQT<&TlRDu|@N38R5$xO)
zsDyI!_o|7Fl4sF~uYriPO>}1qU7uAr)$elwS35L!ZK{*{^0{+PUJZp>1ME#9gVPdW
z5SyFL692PWM9Y&Ty==#@i`}quUdN+0>8!zxXv9cIXD6QeY1@ZrZ=D_9*a>dF%htoy
zI@14QCENOZypFUg*6O&Z6R&<Acn7EA2NLy2`6f!6^Z(L|+qv;%(A5{4yy1j}S#QDK
zA|_Yi6q83_OyAr2?#*aRzP3|csw)quWpGiq(U)Zbja;!ZiUAHNTL?#v>m>O=aA%Du
z_P1qkq6p94Y7y*qXZQ)}S<I!5iDRB#x*5>UL)VbVyTjK|)Upmus#R%^H(Jr%Bhh1h
z_`krgXV*MwbS7&Amk*SWrTRs0)vWns<3o)bkALG;`x9&Up2l2~o7CnB=FRcJLknlb
zv?mrVa=LG{cD$5Byu&?ltc<wQ*uM!GnK=prSD_-^?QW}8&!vyuz!%-PsEdMrgoLHb
zi*8(=_b^ms(zN=$9Dp#)w{wUjz3GyCJzhR#0;fMZluU*_O#y8t_f3!P!qu%mo@H7|
zSu7}`U3>j9XM|CN{6#qK9P5iAk^8FFo`6W{m(AJ#3CFRicfVSht382=@Wzc)f^$(v
zahCaCC24ENf%qq{Yd__ah{~^>CBXy}Th`)1{5rnbgqy>IkX0+7>-gi?cj2;Fu3^{m
zC!(6lEhTr?H>gkI_c;$N^kex&?zg!SVDonnsa3r^?Nwpr<@~a%Rx(WV=<z-Bi6PxR
ztFr|Uzqs1j8tj%bC+_j;9TBH(AHpzrIE_;y?q`{SM`RgacPH3^)g-fm%AVD4Be^(>
z?4qV`0;{i#@&9Ww+Q|PU;eujB@g|YHnt|LNCKmqxadwwcZG_*V@Cy{Twpj7v?(R^$
zc%jAJ-8~Sr(Bke^tT@FTiaQkd;2wfokT>-F&$(aTd)Hm}3n4O-naQloexALvfBOA@
zrPi{=#{K{F_OV(GERMl8G4nBqtADYcq@ry2FKr8)EY9^_2?@B6ppk#u3Uil+AS1th
zC%<mX^B1_qDF#;i!wvRyX6ej03eVs056BNKA+h%q3(XJJpa+tSrI{aClPJwFS-Nn~
zC<LAi{{4DKPg2qGEgyW6qIt936T1?y`uHI}A1^c?T;8^7PNK98zP>2NTC*Jb)i~PQ
zmu$VK^0G}&iF{~<BEZreD+rXH1dN??KJho?(VJ0LNN~hTtF|z3@g9~aJiL716J2;P
zw?T;4zt37?GGkIvhgUf8?vT>oBf6Mu{>Fh_Ve`=Egc3c$)3yq-B-l9^<(dAU%N9~&
zi^V;ii*Pi=IG&|l%}U{g1=&W5zIZ6?A?u0fxx%bmN1}Ap?8Is8Mm98J{zJ0t79qep
zYoBg<WVQK<wBFTj_sN`nVD2xWtDTActW6^E?9h-KpXIxbWAiLxjoKc}Q)K}5)78US
z+v_C9y@7;@_k!cpopbhmL`-_WJe2U>7%$b&Q0f72I_vI2tBqA)h}^^|{jjiprbqi1
z=e3+#J;y>nV00-Gxq{bUSwh`6CkBG^Q8-DvP}e2To$_{tz5T~#`gTs`5NNRT&o(df
zOnT7;fh{Q-Z{YaLN3kUZ`?m3BjmgQMGj1fN`!U0`C57&%xFzL%=I#D`h(3fl7!fw;
z{PU;NpQxNR3#*5T306Y7cit(81R=Uk64MiaOq7+$B`%A`;m6km!i`6BFtiQ@y4ZW?
zKR3RU1|>*A{{ah%1X4#Nxq7|{S+hEF4bgB;<>T@PW9%>yZ%NI9o&GQz%%w4BMD5r)
zv6F_?N(lxDMI4&*+Ky75%$@{O_s4f#^$K}Zs{{C?PsQI3XhtD0bFvi-jsZw7J{nJC
z_oAn$WIW=_bCKj|T?gg$JC1x>;r07S;E6Hebe@x!ZE1Dw>(>1P`#f+4AI>yjAV($q
z4}WqHEesVb>pdaA6pPk*Ce66+A6<ab$W}ZTU?G@bzGZWsxhGB+alo&VG?-X`R6hLq
zYarZ0CfZSy3-+pj9DnFBZ^H2W%<uf=;(1BT{Dut_&!l^V-kL6!pAzcV@$IiPZxQ-^
zkW;vz*tb3QO<lCgo_8W&#%Z`Q1yd$ze@T4G$W8lh8Ei?*H~>{|iKibRjhB>9+-g1$
zpdLPR=Wzhsiv^zH`$MP3ksu0OH%APs4m%z)hVNEtl=RW6jtsW&MvA{sC~Nfv;T*O>
z*Cg7WutMkiN*=o+64D2#-&G;(R!$K=vd%>kt~Nw-WP6c0t<<&(IK1a(BYLsPly6Pd
zM7zW6eLnmbLU8$pb;|IPYbkX5y;0;@c4}Ls1P4O;{C3;h+tpoK5~daX;4m0lpyjSb
zi{0t=h)VY29LQmBP(C7mo8N82X{tWIxkI>_54XqPbhHx}#=YGlG>q0<I`n!$7eFHE
zSuv*+6(2ADacKXR^8xwydo!O_R3t@>rTD+$653$h@_<2dAw9bM*XcFiUf!;W$4yDJ
zyR(&(<9}@>@F;)d_sv^2q;DibiJi@Tu?s4!20Oxp?>!A2qvajlwqAD6-?JGHTa0@j
zDD=PHkWe1o%NG;i!obC9R;x-TQ@7Xk<VUv6f3WT+Ofu*#WLyO?9G3NZ^d4$^e32HW
zB%9=b8aH7AKxF@G0~XWqmZ#r$ge;Nk7vc?kS*CqH^1?4jo(=<Ko2tz-0WtF#!CCap
z0fk<H;n#bw)!E=1u7GOYPRl9NFRi;xPX5dTg(=GyFLI7?BZ?+CooXDJQY0kea^zFa
zDEJc)HQY@m)UEr9SQn=LJ+0O83=ngjY`p9YC20uNe_;+Un`C%Mbrp9n=T{*5nY<)s
zM)rSqcYHR?JHubSP*Sj9E1866(=DNI1$>}jxZ0HD_syB4KpPlD5LiuH7~Rs);7e($
z!~lPtFjF~zYs=wmaMPOue?;SeEu2y<a*7%M8&xch8<Qx5opL`aWIkv-ZbkvX^2>J<
zCB8_a>5V-Z5H@)o4Bk7F-JDuS_)ZmU8Bd)M5-UV~#w?!|yWPu5!6lCs`yg>5HVER3
z@hFLOch8k=ojH`apP4|oDF%@72Nzg=y2{OF(3jtRJtnt^Q<o!^(?a)4|BxiUlJDR*
zZ`yBFWbbk%QJh<^^TRGIY9LJomT;omH)`&E)z6^Z&Ugz%ce!l5Oa7sy?GEZZzMZ_I
zZmsBGVK;rs;5C&Sv~-23tO5fcYM3M^;{ud?0;%5eNwlyM%ey!Xn|i%7wI|u;5I)c`
zS}tf0oX5FAa-d4f_KGS{n!M~i&b9wu76g;rlyva8g&8sm#+1D6<SmbL#G$ZT5Z<kw
zkAso$ckH1s>sGlZitlLW^5n$0D(B2Y$(Qu;KzRK;S+f??<tRl%qT?h{PA|iy!Sy}4
z6BXT0F3APTgRa*4AFt!Q3O!N3D^^Lm)Pj>k$)M9Dd%wlNI_qt9?SUflLGt6p22|EK
zZlXLw^!)Z;R8``=siD&~@($yYhZI+_K5`-jWS_B1!e;(AcZY+?Zav`GW&Dc4Z$)6!
zE0KQksU=)FTnytk^tOM$C#@b6OU;1}n4UbzhL;<Iw^vd!q4BPUE++~N&HtzM{^wnL
zruRD7jf0zW0)6@^-6Hirkd)MR+{ju3_Rcwn<{j!)g02KOB1D`=uUELZeKUaykguS>
zH4UC?!3DjmiMKZ)S+gRnSfF{4(^EelTj6EIpska@#;rB)LKr0H*omvu>{7Qf5&+2y
zd;Hwi-ac~V&(MAlba;^1P8iSK@R~S?<xkNk8-?tzH}z1#!4|`gk-juvn(u;a*>Ium
z2CbU$%d>tjgUyqqZT^WvuqAP2mftK5>=kVaEt*q$^_2WeOha`lyWF*YoNR_`LpS*6
z{)<b>^3gY+ba+PqRn!~2;F8B8Yn1}NdS9CisE{vAne(~ls{kiy==j=ne&P&@tfN5m
z|McF}w2J!J*vz)7z*yLhIcf7vP3?FaH@SuBZMOWDR&TqBBlT~#B99nF65E>@w>g8f
zZU+(fs!_<q9+5w3-2@gNza7cxw)!ppCq?HQkVh{;wf}D>nrrxti$gAdsqP#e8ERoo
zTl04>uG~H$1Qj5Wn52I5wV(z+yoP{xo%O|)8!C8E2w}rtif<<U11|6Arq435Jh3rd
zd``CwR~+Ah8jsTCSeIt43q*td6lv!38UO%vr=1no#{jBDxf9TkNcPrdT8_tSN>-SX
zsZ!ncG@k<z=dag!8?NH-xdGsuZjB}DmcCCmOmyz|G^<vz=VJoDa|5SbO3QT?<Wn%n
z3rQ};&CsFJda~ak(>;E2s7eRReU`hABR*r9H&;;`C@8`a^~tClX>icZu4UC-n8Z0;
zg6ee-xS>H9qA>-InlGuZ9Xw5!|FUG7zR&865PM<e0JATw-1Uvt-cegy;Dkp<f*A1i
zxqr|1IARNxCwsbXL|y~jIBa0xDRPGx7ajQqJn%hVSQvUpXU)9R26^os?(vsapqJY5
zv`dV$aacpPxsK>;&WkI@NnR!DnXLv@Yf`a75ACHhpv?%*tR&1qX;!RBUWr9?!_ZdX
zOk9a|aKj+fQMb*f@hfVEF6dk!8?tf&SxZ>7mL1oKa@H!(VXhqA?PW#@aL$YCs#(Xd
zNYaV<u8v+P<-+=2-Qe!hB1r|9zcHQs5<pJR*)u!#Y@QDkvn-X=z+AcMP897_e{M6M
z`|()2_(1B_q1CL1*5c=v!?#F1Esq}$JA8MSs7We0ae$@n2H_Z$&Z_eRS0Yh;65@Ek
zQVW<`L!bK2?d{zqMUu)^vuT8iigK$WFS3BXs|yjVcdd?#B>p6a8OxBWi)71Rj)KHH
z?yTE-;^m#RLN=l`=sJAk2vLEo^e9uTzKK6tC#s{!GVA&_(bnZKT!rga?L}Bc#fs0R
zY_aDq;^VtjPS@FQ@>NPPi++CBNIA9xrfa`ATzY!v0j6(ZPU?Cxt!-47JT?n2W%fpv
z9@RL4g@_jo5x>U*l=P5W*Y3eCC!T!M@ykRjz#UnvisFnv6M04A4&k7qUgjlQQ28v1
z(y21`0?WNb3VucEOIC=-K!ruZM^s;su4v-mLRDU5{cMwL2*Xj^l9u(2pLZsUadCWQ
z2#;LzyW|8P8ataM{P?%Vlu;$tX0>_O)2ZqBUxet~O~6PDIJP<R=~_@N6F0Er_s(xR
zl|s`+=C-SgGj&OM0wp~ki3>2$MUuFgFI6``#g9;{)vM4jcz<Bq7T^K97?UOIZOb!;
zgt{eQ;gF^1NvS)E++?6nJt-Zr((NZTd!5!LDC>DzPcpdHpXjjhiik~2Ha|kY9`%tZ
zwRicwF|m)#OKZVLc%mGyBdk65B>6E;KJ~@%L8Oh>QHc3S_4^TK>y^*6?3gQ(ey<y2
zD`H5*>=m3RZ47o+j)u<`Vzv=gpb`Q9w9HRWM&5U>?IcTsNV77LL@-xQP?Wn0cOX&N
zIMcgJVT9zLD_00}<skXx8>43&6&uGh6~0Er4m`F}SApwVl^eJ_o1+|NiDlxRdOdeB
zE#F+@W2`ZYU#6etodm}(hO>8Ab$b}jJ+6tyF%3jH0ApqwMB_<c=be`B1$2769a`>)
zlsE8g`D?p{GUjYN=4$!f#|mJRXY)=Lp+`cxuw`MBXSVzt1aCKCn?SN{>WfKtl3&4-
ziO}3`Ui00|yuE~ZK;3$`I&;G$i*`H|Q>SvvtzSpUI48U1D~|oxW`k}-FI;B*SDdz2
zt|RM+sTu0oJHWa98GB7R4RVy|os}Bc+!^}u1^g&WFhS&hW)#oi2fUTFYgSIBZe>zV
z;b9~0iy%F8gWMKGws4eI8=L2<Lv5;h(gxT}BJ6=_!}@;o-mAn!f>CNzT7(1Tz+lv{
z#dSn_UEj73fu9_3or9g`f-&>YNn{6tuye7rItJigvjqUvnk5trYvc_FR>T*6(K!e2
zOj~qHcY~<LeJs8iPr9!D5cyW;s0Z)p7(Lwwo@RQQp5?Faz=#&%XfAvke!a6)Aha1k
zCnIIT2GYu%du|l_xmmrYB$4o3pxt>Q=-kF8TLDZ!tR3C_?xEO(z&O5lz+iRW$$P+4
z3xJlBPHZt)39aQn6Vd!<2y&)827KUpWM~EQU94?hfBzwPoyG287<cO^mZ_2*CHI8A
zGOc;%FXn}j-5g$pch-hKpd+S|7*s&=98?hfWJ$iiPo6#{!p<!%pgcB+DL1AXJzs}L
zqZZ8<t;)`3@W(&j72!VWYjli<+T^L6L%_yc*Uk~ig5|80LILubBG$WEcMzmM^)`FF
z6++tE15xGI&0KO+$ijUK<#6UT@~`6FdZg<yN%7|jcjaH-BPerup#A+08<|q{baRPF
zxUIkQX<YV2i~AQ2Gwllvh{}<?dH+}RL&H+nuLWB42Y$NOtc0M<tsmG#XD<OX!P=LU
zun7S#f|wVVx**Ic&R@@qWY423s?4+34OVdEFwupXX$r3??Y`Y~pMU)?Q14U8+T36}
ze*Q7=-_iZ^$UeD%EaGm}C`WdMhxI%(B4;ZTPiuOQXdqX;^IxbAyl46mrb#v%@IMQ6
z`sVAceT6T>9O3p)ef+qxbEM+LiUIIAx*%z9hjn{^1?)1!kc|yDL$CkYC;6X<l%zcw
zIkFV`oN;*KE|Axsy+peMZ5{vx!A=DV71L<{z4yzk+FcOxH#g5<$Gwa5SC+_Fj>0ip
z*aFYHFDu@Bq9WM|eBth-d{77uI=!3__lU&xAZ=wMCeDxRAG(kiOrjCeJ4bt9!gcQz
zCCPlu|Gc>BcHKFf{LOr;%Yx~{y{|e5UTb5|E;=cjc;Nr%)hS7$cZ8<RBCq1cE6ehm
z{mkE{AgtZ>qQEp;tbhCX|2ilcIEQ|pq9C18a|^rHMW1K&H`sJ!0l?A=EPl4eikzkb
zPuHLwvILR?@}%P(!`ST|N9rM^AJjt>u;|2b@R=CxxgV%_E)!1z9J%SUEM%Ws{bK;B
z{Tu`jEy^q-`{Y7<r*}0wBoSDa(3&ucDV)&8$Ifle77D@4OyW!_fGYX6?^&`Z6B~)e
zJVagwXcM}_f0i$e%_NLfj#qF=TtVD66yHFEyCam9cR^sjK(QUu`W5VpH+LTix~cdI
zt)L*3p6Zw-j8}cWuDHLCvEdm3Vh-I<8&^Q%L)P4?4r2;9U1DV);}HEjBl$NQ<EX<5
zro-Xmqo1;56wfCJe~$yHhS;dDWR)ooywu5*FrqK4Oz2Nr$$-6VF=p@NO#pE6vd_J@
z@=pny^LKl3FwWW}Rm#PcY(PecHO4f58Ua755@#}oI&vGTc0k=sEjy$y{)C8Y@W#pR
zQY}7XgsQa6RODw1{_U4TpI(Sn3YC8|HMSeWhlBlR@f7)|X8pN4a+;DE_bi~sygW7E
z(eJCb13q?s)FMWQRPOK?)E(61=0yqH@gy{!aCZc%UJ_k%veEHPGBFZq(HHL%wb$n<
zFTz1P6lS{A6Bz$iI~pthL>yLr(Wy8^>6-PNI|^Iv-v7<8q=0Nk0(%6)4B8o6AnLB|
zh+K8e@V8vN_XYMnj|X#gK5Nf-=I#JeG9mF7`Ys&`4YmJwgOS!#u;%E^%E8!zO*b2W
z&{pjSl(7XS%+2j~)cq6YreVU|nE~~4rGYg}n2SsFBCOSQyAV_D{E|Z;miO79t@4K_
z{_6o8#?@%wti<cgg7$W0?w#SkF68jH%S%VSc&-`U{!7!+%;Nln{jx;Rz|}5)BUzey
za$jGnCYUhy#dm_&PHg!Pjc<B5Y>ZJnq&&M&0k#eT3AG=dAPFu_Q~Msi?kEo5soEjC
z5K(F=@eL1emqZe^>?r>36ah2j4lDS;`ZWd<_ocq!TK5E=Dmc!5O{~7Y>1H$2Rmj;5
z3)8UVm-7vGp5Vw0w?u{@tiXn*TR(j-_F8jnJexLuzlkqtg+IBc|Dp!NQeTU<natF5
z$dfuES~Uj_K#mi>F#p;=ma+8l1BN#R$w0XJ5;PB$_<H7XG9A-vLiH?g+~Zcf<}CCv
zIJ1R(iGS0&dfpHfq&CvDG1=jd88%lzB8nfh)#2X=^|$(2p4s>IR8kwgE$MMmZ|H5!
zpu^X70T?ic2jyraZK9E_&ffb;JAf&h-u#U!ye(_!?Ie<51{MDrHqT-&VthR`FC8kB
zL1h+tlu+Ru5`PlL$Pa%llJW8CRH^$S#LEfS5>(4tj;vtDqD2=SrNwKjw{SuwmKeMc
zrdlx_`gw^2b^$JS35dmxd2eulYgElgn+uRUsGjB*cdSW5GZ^NVpkv!1<f6YgIF(3C
zI`p-aaC&gN1&_l?Y2$gS%=~nEl~^w>%KD)nnZ)UpCHT8f86cN<F+Q5}m$*#4)_=|S
zuHei%XFDs!5R&QZ{#i$JfMr2E9oDTLK2RPz;vnDZw$hb0ch)vbNTohG+OFgl`2Iw5
zs7~89F3m_fI5D7U8yOMg`{fWuY<33A8U`<F@di4PfOy)G#nQ!T1XH7Hw2z#AYYGla
z9jCGOV+5E$G&bn^|BIGOk_}0y;rY=;6(Zt`6~jJpv7AT#UZ%2QGu|?EaCtQcZ(|}u
zj45Q9d#-8dQgNYx)Rr5TkNMrNG)`g*cxU=%Atm+XM6ElTHydxTYp!-vLUityomizX
zHUFAIN{HoJY3`ah^RMTdmpoS(1<w33_#ZB3x&Ce8n=%ZSgVOtjVRaOBNSfso_fSDK
zN}msnP@>I2uyH3B6pP+AklxoA;RJ@uf%7j(Hvvk1$O^E5_BAQVURsA=?Z`bArDNkB
zLNh)<+&!ZouN9WLtXy)Ie#u5@9v>dVh&j<upuC{0j^KP}X@n$WUSe1(Dml9UH^p{$
z6Xi+g`qRg{M?}j@<d7&I8{h|rRoav*WT~|igXfen&Z_5bdm^F9w8Lg)ArB*1{>~Kn
zLBleNl$pwVO!fd<qjsA7mrd~#_LjXP9q)Ia*IQb&i#mKAyC1?*Y)yA<H<Lqc(WJ!S
z=pX8y_>1eH7~LKs^%Jq3F2y7BBmi)JxxnB|xq#f*{!vQ0T4T+|TUf-Ij-d8+{Fn>Z
zb4<effD51;J^!2chuwi{9!uKt+m)J$b^ZxgyqhLFmLOOPbe>YNK`SD+MaeXLS#iZE
z!vo{*OQ!2hqkt<044lK8eF5i|bzZ<Z{1<Sp{nxxxr^SE3xy{T!a3L%{jL7@v7epzr
zAD}WK^Y55$zS3^Lzc;@s)%Cu8g%VAJ{KlL{Aiy4LQh(=_rJo{6*HrX+GD(+nb^@Qh
z6Cv^&@7BkrygnZ(SSpbCnz#O{y?*Q4OFF_KoN>F(Su*lY=|+ve%Z7ZJ<dyZ(<}0~@
zE=}rwsqfbyLI@Gc^2H1<@M6aNn-DD-kL`tu;r(#=nAj5l-tnT|w-2xJv2jK0q)efB
zEPJQHE0Aw-h<cbh?9@E#9B?pc?>&aK`YlxEIuPd0jloL0!q1sm*}^lYdMIG-911gb
zTkb&OpzbCjqML+3!2|U<pkgw4^d*ywPO^9K*hl;gh(zj!%J#-P1s0lrVd}0phu`q;
z*#lY#=hf}uP<1n=FFpTQx_b>fl~PsK?ftDM=u{tf+KgD`c{pR~7@Xd32xqw)1o(Hb
z7_j#a>-6qE7%C>Fis8DVnvnkVsK|?*+I`#oRU}Ea{Q1PZXY~&zxUDMp`0ALM%-Eh>
z$5yyoZdgn*u%{%}@XLJsL*l(}PtND4sJ+W?>$f-G8iius>}Y#HxSK$?AIbD5rG|}|
zy;<4*tEAx^Wx$)Y*)fiy7vhjot^oTCYyf|@vkfW9Hf}ReT9p9CjULf|U}wVa`&&P!
zUB0)`v2n_ItpWiUJ9xxL?@0V`{yY$)Y?NasSz~cT7-wo?keVK4AaCj;>E)vkWJ)$g
z4717P=|yz0g<$$(b*}q>@qGMi!2&(ENyS@^<`re_yoEBE4mC|*PZOt7C#oC5B9eVI
zibwsa?UbA3!JgUs0F^A9ENl(T{nvlaMBMAZec(p6$O;!WQEY~)hd(*2`?}q{A<I9k
zu;az7z-H&Hafbc7*5C4sAxVGvL$2CZv&8sy@?-HtyLxeutoG<$QkecG0bF}@UF7gr
zTKPj->fM_5k&^tI*k`>YHQzZxYTX#eIH)DR3q;ZqN_GrM*8ev?$1ulZ14_buDjXmm
z&8hAFCXyz`>|dPx=PmHpu~3pBdA0C)*o`|H@O}9;pNgBq%DU7ZlQCS@2Y!bY@pEL`
zos+bOjcVl$?4F31ja}Hqw$DLf%|Amv@@^FZYVr1Mwxhr@aRa|BHc@BmF5bVK`Z0k;
z%hnL-w$k&kT1Mc$sp$jU7V`C4#AF9voU)z?Mv@s8dDMH+xh0{uCZiHg$Y-qe;p!UW
z0e1uoT59|V$8+j?++-O7pwmkNA;Dm-a7VLz{jT=jD&SGGT0QdJW<rMI2mc$rM~vk*
zmvRxSdu5tz@gK!Kjz0*)_<heH#N(+1Fd2C<V^{k445Lng=@Jd}@Pl2lK5I0wrNxT1
z7;xwwXm>fJ7&tSVL<_1O(_HPb_}P(V`QGi>-+?Q2BC}`-<IqRmuHP0dLS$i^ZL2I$
z)&z;WsyX5zAMtY=AOu}Xc($Kk(U|Yz3oNxV2gqP)JyZ#Yh%(PIO|+q}R~-sC^>kDl
zw8{*lti}w*wgNy3VYs(5a)FVP=I)C{8L3Yc842)1S3`&Ji(g9{_#%}7lT>z9)F8^M
z^OOGhIff^C0<vQMYd&){^ymvl0uZ&mWX-3lx=;{KH*KD-+Hq+C6o;E~f}QQAzHAYP
zfatRY+cCznT>kyru(LNcn5Rf<nw20aZx8((^>7|ZvL#etASF-Ff#t<p*6Qx@!n;!f
z6d+=I<R@W7O)}JVKPT9fp1*HSU>Lfhou}9h>`5N|t*JYLpNIyJ>)t19Z=Sjk*(%pJ
z;BhP}H=f`(Iv=N|IbuXy(@jS%$|CC-9e3y-?%oHsi>do}s8NlVoq9+5Xin|@{)H~>
zM@Dr`J9hEjk61WNt!T-eUFT1|gR*WhC>bj)AC!rtT^yrWp#(GN*5XQHm$vy<eRT!R
z=$k2~<tx4H6~X|=cxh<OA2}z>B#8=eNF|Zt+sck&VM|3QhQbD9%3?h=(@`zP`jHP!
z8aYt6(_G^D32Apj-d>E%kt0ji)sP{ZN4xTVE#Ub{ssU7!C{Xvtp4;EM-bGO^1z_5X
zo+FKrV}C9<utk0u@o!$N6ATOun}|v8+4}E9)AK3hrgs}C(6g{N&HJ}Y{r5<I03d2L
zs93;X%$R>5+81k=4@NrFbq!Um*{-Y;e+dTwEI?-;kDZOIMV%z3faj)<$}+(CPQmBZ
zv>fMS!wq3s$R*@o&W;~AQ_OOAfqc8`c|(-aN%kdtu+u)`DKz{DVLaox?)O&c>&lqP
z2rG>ZN5<*DhRQW={8NHO<9t;hy5vhX=f{)I?U2>`RW&eMc)K6kuiA6RtVh^CQ}_GV
z#XM6=v<GsVN)C`ZU;+u%jp6n)LFjWK(+Aj~L-&MSgC(mnj<ulT@QLAzGnLA|Z5rKD
z4@*gXn?+H7eB_x=SGhi4UyrMm#o;@Mx}N{#ebNZd{W15T@fv}ouY)()(#3II`x?%4
z<XVEfMeHc;jh*0tfk7?9DvWoOu1eNR_KMl#>>tTy-I_LSe>ZLG{e|lH$_)xq*m(~T
z#pRF~MQ_sun2*f%Nc#&QT8E6ku-tK{tmB_S_oZqjgDZp~oihQ7u2t?W)G*2JJA<92
z4>Rb-meY=|IijHhyyk#;?vD1+LnvUHXWn1o=$h1@;4;@*51Q-Ip4AK_EN>LrAHDL>
za*go``#n6Zg;VD3U<<4^^@UulPV|2!v`CLKL{NYd8^UV2u80kVm?pUDtaSTmAlu<>
zs~rwP5B;DI>ZD`^`sk*xxX0F56`a|Ck7T+~1-q0`wkhAnN40?WvofK#|3tcP5j^ZS
zGFJ0-;f|i)ePAZtczVjujsz;ZS#_96=aEU;`82ZT(Yg26Xw5hUX3}MFE?~h-x=$?6
z=Chzv!>@i;Nv2mH`2BmHJ%DtwiIziaLuWOuPpH=)CZB`^cKxc)YiN<cV%OZKMT+bf
zB?~W^2bTF>{&97Xt@}g1Zc9^$EG+VGr|rj&VQ*iC!u*>Voy)f&%XPH03%vwE^|mH2
z*AOMeYOeWS<{lo^F6C|nL37ahCV)w!m6kRTqMbfOwzVTTeCYYHFPqYY1ta?Rt!#+E
zmcF5JYxXD;lII}nyDFzS&+aZl<<iWJAG-pb<vz7G1BVh$dNq4(#ZE|xN!u9L0zJ-2
zTo3<U!~q+6KU_}&w}>@J58jP`IKOrqk5z++;P82=2vu6aj_cMBh=8k}v#5G@`!5_Q
z3ftm32LHg*LeCa+1XrlteVAJR8FQH4<|7e{VOO8di9i4cs*##^P-?Je6Ly?URrWB>
zIjo@0r`|@byZv{2TSmzQ%B}6lbKWiAPi1|ZMq6n3;QKm`WUzvBv#j+5-nH7rLjvpi
zGfJ4rGcymHWU%V9=~YqE5+A)W5Gkws%W6_>mqQy<gG>7Adhx;-ewl~5f!%gcS`@V=
zixP3O;(5L9S!9McxV(q!#|$z<#Z!Nk4UkIQPm?&)N&CtWA$m4=y~&K^ulhYPJ;5TV
z8uTBYj^V%JmTNweJy>ER<BW<=$z2{O2`jpJ#EgKvLvOUMbZsgz<j@nEw}u@R*Q_QQ
z<wsVIetKX}3++cBG2~I`p4HiLF3R0l@~3nbOsTW3GJXRqy0d*R*x4~=ex(B|wY*w7
zBipN2x@v6jIQbX+kl6^ip1=j&NBTUbX8A<9+Rq+2taMOzJDPXo{&Lq|$S9sOzn;ZP
znKgf@*E5%e%vsJrCp9d^W};Ekp(%e-*Tcq1aC)J2F=g&|xmmD&cvg-Re`RK58cjsB
z(BB!E@-pg1UVL|!I0KVzbR>y{{t!f>Kb}q)c$FoR?0WvWRUgw<^SgT^hq&XcN77lA
zP2n8qBIGQqwG)kJro3fs_cq!C8#?tKB;hT!zWixzSZLiUn9P2X^7Jp#a<G^+;veUT
zu4O-fY+?l0fai}6L%%x`koS9t?^dfKuJM0H1TKI9=j`v^n3xbi^9s$18tg!<{Qc|8
zsJ&sTMB-fT0T_505qS0sx&n|_oEcV!=5W2D*b7rv)LN007K2Nr+bZfUO&nq2eoW!7
zqtOsQA4boIT`{H29MQJU+GGU1ySr)G5Wfv5Rg{5PC?u{|P^Xi%+nIT;B*IPfk&tOn
zafhlOuG+&WO2_|JnQaQkft%WE4OV_m#Pr*L!tOD|Z_`;V@fr<eGW^%ctapG5yMbki
zai3w1eP07pI&}y8&LoQ4ji~CU6U@!CKclt1*)xvE^B-<$qgoq&iU_+Kp4eO^w*}`T
z0vi`afA~fiY9|&pJYK)fraLrnhT6B*E>J~#ksVfw&zP$flb#9N>(9;kj@+nd%{kQ8
z1a?-3K9~A~w446+Z?5jdFMP!0VX33)tJvCH)F5&PAoutWMLy>KbgI%+({1d%L3LtD
zhBP_;Y+0SuY!+)+0~>5;PJ6n|rgtEe@=^;7$!I<%KXeqjs+{{2DLH1}msj76-w1bl
zE}C>AB=!e(->k`MnjZ%QU(jlZbY+*`vknb)Uu2h->UFlmZkDDzKhAm-ND3J`lVw|j
zNirK3s<I%$oypXge)fLo-BY{eu)jYcp9}Ufs`<`D<SmyQcWPNPS$};a28!(s;I(hj
ziPlF0#bnE~x-Za#;X4WU8f6fHd`5ebBCS7d+Uo$a;z^x9TMSbFZa|*b-nO?{g6*G#
zmZckQ&!(;~qpkmTRtePi9Bozp4ac6@8yk8S1TXFf8nTX)AB%~#Ebmv`?WM4VW39Rc
z<xkw@^&9GtM;QRkQ_pHGD`kLUo;A+Kle7Dy*K9-tZyGv<CYo%9XZO(|Wb7wauH5(k
zG2|dXm?0NphOLp#O+h~;??Qvt93YQEL-E>0o>hVYNzUP?n_Qv=GYY+aA=*>i&yaVx
zuS101N}=8&yk=me{~}%>SGDoHwl=o5GYCeKqu?0YgL?DT3f0!OI<B>OJ6<d8e_w6L
zSFN10^|hl5Jkh;u1@E^tMnQ9gElk&aj(VPJHr&Giy?_XC5$*-#YZ-1G_PCH*^QNY6
z-b!zB{bMy*o2;G6c;j1^-+p{wXHX6i!F?_Z{yxvqw|pk+#K_0SjwIhPZV!lVklcAR
z?;dgm-w&f~+i#oCC|D6evBw{O=zb+A5KZ2lRA67i{+!+qQ!wsR^&WC!HsI=az?>uM
z$I)pY;h#feN2>^YE|x<yZ~Z<p1I4XI)SEqD9o}Xqr1)xvR5hQcA7nOKpvaDR2WNu&
zhf{2eIclwm3_VhJtJ9N-i+&FbC)m2C@3IwTSs-pzXd}HJ(Zh*PLkLQfNZUQoK@Rad
z6@FtOQ>kRFsu|CYUmcle|0&3lU222y@@<jp!6|G4ts^BH&hII^AKo*2+?LtvjXq!1
z?_73h3{*>XY70kTAP9Nh7hTd&+B?9zm=qFQbe1n7T+Dq?wnyS)T@*aU?N8+|c7I4I
zOD?sz&Okf;ks|f^bNCil==j6@hv%BtIF5)dXy^X8ly_0FYqWK{jX`=VXpg$eSax_F
zI}PX{r`8Z25`*bk1KEilOMsqMHz|IyGeL;<ihwbzr@mKAD{bVS13E&pZuc8;K91e^
z;-i&!isheh`jV%memEyj((d?^^*dhAw+-^nhWu88iFvY0Tn#BjB+HUi)kEoGGky{$
z*R$Ljbhhcge61X~+PQ7qWyd6FKe?t_mo9eS+BR_RaDUbI9<rL_@(ig;TmG0#4-^?g
ztwbm1;0s9`^`;2E)AR}xpu{jzMv+X_|7f^)--s?h`ZZ6eixm`CwKCBou=6z*j2zM_
zzWam-0g#IujI#v^5{R!}tlzs#I11M}Q`WiT*4-&tLD`$axSLY`ICTaaN502^*s!<N
zx_Nn8pJH*X>qmd{6hvJELr<gk;K&E-P2o<5Dc94ayEIQ+^Esk_6D;qoaCK>u-TD2j
z&hV97p!AJ$`z55bFp7!8D{rc9_{%qRGqoY}h=m!^?9<M>yp=Gtop&MDdO_@X?9z;u
zK`sYqJBlBP2&ga+_^-m>(>IR3RUcDte(!}%Ys~OLov3y!NW?!<PoS3lI|n*W+Ut$r
z71Q>Q&D6&1)4K0_FX1|JcfO%{<m4R#H1?6&5(e8?sRs`kaY9inFis)w*G*ylvr&ZB
zSI7hQvMx+!<`Z}OWY-_mRj+Yp*yf|vC%;imCYQZ**{<vnSq<=QWoV-oi9sW3Ws|Ce
zo!@V^@(D5CQzn&_{;tZ1WztmQiYqBfd!5P*C9$>PO#77Htf(+XPy@!EVm1!iSeZ*N
z{4C^SeQc{>cK2%A)NzcrD8`~y!{K!zR5NcyZj8nvaTjepUBdw*(Kh$ZfMevYz}0)0
znm6wfhBrbQ$SDgqP~eiEyMhB#^XQe#Jqn5#g+8ih74F=NHyeezwDVLfQor}~vHn=#
zQjxbZg0>UHv%2^}3A>@NsF=UVTd*pgHmRcI0O>s?(~XVIH)kFm>i{?T><>UCwOGk7
zJnGG*>DGF9V`0s^Txn=KZ9EFiXz4rb1UeK+t#FUd2_Kt}K4eq{Ms~ov=$&-L1eA**
z?q$J?NL6;IfAoDyoQxAgZ9%smps<o<8_=6nZw47--7<|L-k{=_tXR<VY2~fR7^Cbf
zNZvUHOu3AltFfxT$8eqa^I&2etKoo^=nLzmt{8Ya9g6!zl^3Joz?^tgpn4)g5k!tK
zVSynmrsB$}NlJXgs0h_FKD;<_t#PxOETdTvZFFd+a2p<Hdr|ZH!c2w68`GOsF4&O$
zYeFADtW<@i7asrAJU74XcQ8by*g%`%r3aLp*z#>Q*u<y8=#wWngZ|$`WjcaC1{lE4
zaoYb7y(he}hyeynvb%y8L=Qw_%vFj!zFd7|_L;qKfF(xz#b(KQV*qM8J+mw?<-<n`
zHBhQGFnbK{c&x3x8j5iczh6R9w0(Ev(6yz-mrb77?j;$eAKcdr>)e79=><41!jcgt
zpVlIaG4=cW_{sUWurpHctkN0lSa5I5RusyU+b~Q9LEj-$%4Z`X)=uB8JrVulnPY2k
zvDjvEo&VVX*u3$81`RAueWZ7dZ>wTg6Af=yjOW`#Gx{MojLe~$wH=iTZ#C?2Epb~d
zzZPB;P!THw!0LRf3n#x~K`up~vK=M2sdL}feS`mo0-!+N%k<E=rsH4AHxhGN`G@W7
z<P|sRRKkZ&Iw1b9CAusS`khS<QLIJZMbhRyLE;08;*)DiXA@RAg|5pEBzy5JuZnCO
zcc+Sw%z^sE66ri;i4UI9k8tLqeZE|dKzdbQta9Zr*L;9-zRI?RkDk|L44n&m4du{+
zzj-%Wf}M6(YhKB#=-Y1(qvxyXusQC{I~D9wYk<vy?T3N3$g2mamL-|kdt9Q0fl~Jw
z-;NQ`Jx)*YVl1a+O+{R1dv)araYVU#%K$RzvDo<iXiQ3wjZMEcNZ66vLsxKa$$3XL
z-|;GRj<^bot7fY~N9i$)u-4I`UME1=k7s%5yxzD!M69NQ?bSat&#UEZRd?BbBTo5#
zCc|(UsnCpw?c{c<2wUIM&X7gDKs`H+ZR)Kxd3fTZWiAZOTeLP2a4&<StPo}SQciHN
zTl#gYL>&S4YoF)7Ut)qf1zKbWvRPjvE)TOIc9uLxk@cN}Ff`BgkbP_R1<gzC7~yr=
za>}RO)m%pRT_(=BCHcL&IziZ}>)U(%bQqa?D=KSmt^c**^6tq~w_OIdS3>Q}9)o*>
z>1sS4%bPXPRUDoVi@X+H>3d~ZAoEs)%Y;&<!uzvF=^K6v1#KYxuiq2S%R;VRRG$H2
zsWEPbU9fQS6Nljn+Mg4I8pnurxy?5ce$vt84g-Bugg3B^Ku(|Ip%W=`<#H~pIlLsp
z)vCH-dn+4gdSSx>UH?_LBi~*mY0QBW;`8K3igZKP)VunR!kwtGEN;7vs2lNX?PF@i
znQQhq*RI+Di0nY;MrX{Rb7K9?Mbq?q9pOb~WK`Ftp`avP1b*s;rsZzElW2Af_L)G6
zP2u5$vE%4!H4&8cwdAEP@r?K0zPc=9v_;ANn!GaYU-Q3&*=)YbFSzrdpLs0q78cRK
z8MNVvTGUDZy7@5gO1xB44|m>CFP;k2M1EkXhqEV|Y1}Q*V;l3PmAb%DCq9{eyjuzM
z3|7Y0AulSiAD?dhY~9a35JKJ0cxhII&c-Dfx&d?ZM2+4Wp&F%G^_;m?1&4e+6#6(R
z0zvbhFE_H(X6Ws9H%+rg>-b~e?feVdIQeAJ&p>Vmy?;yGTRqiB-gubTv%R1INEI*e
zmya8I$=5s=*5XgKY3*la+|QW}nH+j{yFFGzuF^E-HX?YA3FrdlliL{nn5yoG?Pv`<
zt!4C=J<mNtM?Z(Ypm~r+swN$L$X56kk;l`}m{2O~pkv>s`}>M=RJA-1kh9b7ajvHl
z1ix7tk<Z)?ay;60n`C64%yQlL%yt{M2}*aQ*MJq!!-FJFca=V35zu8O*d02n4%ot)
z&cDe+=KE^Z6GdR7u+uO3g65qCcU5bKf)AOx`Q;s3;CK8z_KC8W0AEsjA70(}cu`=j
zWBVx6&?+05T}AWnk9?70uX!pd6HQ8`5`7BbA2M`%P3B}DYUwmujOjU6jI1f`rSuQY
zn{s7OrHa-MgVPt@7r5b)NxG~TS8hIEH=W66Z%DlAiT{i3Ocn|V2ia~m0deQ~yl$~}
zB?j)}Ptb`(^1b)}TttijBw{Mr_U-w6*CZi+>GLgeG-9YrBc*U2g2#?`X9*+~>?wCS
zd?vWAb?_#vxrO(@wQ!=te7rX-aK5t?qT#bJFO+~i7V}KP%{b<(IL7N+C)lIFb-wN}
z-6QZA`GrJgAPB`#bOHL|rs?MM$=A>^JxNG}_|aL6uNd~-&Yeas;o8;h`@xCRwb8<E
zZ!dp|6QJJIBMuh`OwuBA1vG#9&iO2*c1wrmrmR8!dcuhS)<S-QY2RW3g|Ep1z6TkN
zu>&)=9Y*M}Wu{z4Tt^F<&$pvGy0E;u3f;I_*m(}^*U__UPc8C^rqhKW<}~O@=dl$d
zw^38O_Jn!_6vMfb{9>_9A!pT^dA`>=`F*vSo~wb_`d~+ql*VG0G7IX!#o`2^dcsY}
z3+{NT-e@6a+<JB!U!`=DUD<6kH32L4cr(=};9zWC*lbuR<dtb5FNw!rTahFo=FtET
zZ1deNzZS8ax2jLCw*W9U4<_=(ywhQ?LJ?JrRn0D;^x{bI%Qk+x`u@rdsrS{U8H~-l
zC$W@4p*yigKWEK%Vq*y*S#Kv<SMzRfYiEZ$lw>CZpYu1E-p9bFRwXwyF|5f)eT>Nz
z&}4=}r)&wX$#S)AM71Je-I0~<1SdqqMIJ@$R&YT&SD9yOht2&HqgjTp&$y)3Esgso
z6g3w+$z`5rBob#UTbf764;QjGi`qhNC{7@@YBVJV$Oc^du>|Y}Xscln{VP3g5(5hb
z!rD5fb`7<nWImQweVgACwwpY@Lm+6rPaZ&@&RRo=XVmXBAy`9ByPvvElO}f2h>Fts
z-5XTdyLp{ktw}KnAyBZE#!#vMRCH&wK-mKS(w-VpI4FwWNzC^#x{LqI-S?#J^}ka@
zObkW7VX;c4jZ1r7(KkV^Mu6no;<C%HlX*6H(jdCRTRxsm*}t+sE>-L0iI4Zx(DoMX
z1<Q{}_9xSpo9zS<>kUuATuq$3Ko7FZl%Gl~AZIM+NENTnyz=Z4s_uQB33RnZrbOxe
zw4l0-wjUe~3e~`#Vi%*qT*6lA?6mTl0a?jx3EhRB)6uppy5JoB0iZ9__R+eb<J=?u
zc~oMz_g7(MhU~p{jySWfhvijd?f15P+s9$Q%D7$2TmJ;O@jn?60$2wP`H?&G{8JX0
zOoB8s34X@RWAbe3?<USWDtcFKm73w7VFQQJ&vXON4bV)VcdNHA)_TgHjTWqKNp}Ya
zZi0Z=y+A@jyCmLGs^3_z!J;Um#NkKhB*H1=9X?vmZz|uGe+hb&Z2bx=JFkA6eglg=
z_Q~x@o+xIBPa$2C#Zrqq?gvWWS^b{tF=6pm1sHD{3ft}jxF_^7t*~H|jx3+$<Gn>|
zumz8l7#55{cGFR=gLV1*^(gYvPaC9GRRP)1m-)o!kjeNjnhWF8VI?cR?2;|(gFWAQ
z)ae)0I?m59g;n--iEN(r4a1n`<&l|Qn{G3vdifJcWJkoP)DFkBcVf@2vdEolb;a3(
zK5H+!b9ltwThC^aYdkqBgAh=-<}2NWH*CG|yf17XcM$ha5?JGHctEb`7)7{Xm^9!O
z|3v2Q8=+JZeCKTA_VH4!DzP-GR}cERF691g8bQ!Kg2OY4#lYI$CwbFt(`UPFe$)N1
zFG0^fLL=WUK~fpul52r}r0E*_=gd2a0+4b#^;9rhBhRLDftTnMC}o@=hK-0*UznUB
zS@y@(hO^G|7H}TzB%5b(SF^F>?SbZ*dT=aE&5LS;y4G40M7Z5)c4}GHjidf_TbY(w
z9zBSPOxzTBmU4*QAOB>i71!bK(99!sk>z|<Q&rxo^88`SK-d4>K{|(6#DCPhP0wt6
zn3~s&5ZQowMWldRWe6Q<c-MDL;fK1k{6U*(4ZEFfK!@#Y;$+6D$+A$|@Va-IJZoaM
z^Je_ydh)S#+3q2o=UFs1ZPK`w#KTm@S;yi$IMu9!XZp=4-+a3E2qwH4+_*$bb_<1}
zN)|@yP>!j^x%SOMQA!t&PU|f<zSDJGW`)n2d7afj1-Mas`{(S<47YWEOS*_(1OBWg
z#F`PZx8a~)zUNyro8IFon$DPTEHG>9C^vGY-c1#P_SSuoT>4@B+#r0hrUQA6N!l;g
zvBCiU)J#QI1Pz39NSrl12W%cJ4by)9@*rrg4fL(MC)VG?gYV*(ln)q3Y#J}CyQ@hj
z9Y!f3^JvxrXkRW#J1##}8`&>A_zF+exnc+8DHC6-&WpTq*(3Nv_Ucv}kOzhf;Qe^a
zKNJnh7hY(Hi`lvM>eb&i{Bjj{9q}={HRt{F-IcD|6H|qM8K2!6Maq$g8nZu>4>*3U
zG3ol-Ma68_Vi<ALeTnNHL10dcgz<gJ-*5Wl0Vx0lb5IO@RY#QHoH|G*ZSw1-hW4w4
zo{~LA{=r!>*!5Eo5qyJv*r|iackV5^{c2}+>adgOTx+lTX^*`hJE55Eqg{+?3}h{M
zZ(%sbfMyBK3F!H+F)KT)G3x??=<V;nW#wJ~bq`ITuoyA@HlZh6Xj_sO$@$kGSFK|i
z`g{Gi<7hn)>Avq%0K(22+2s_WiA^q@s@49=`IFBvf6os2uG)N>0yV>sPvGrLdk`9(
zdN332_^uM}I9i4te8Biv6P`KG^(NpNcY0ex#~Z_(X94f23j@nE1tQ;-qfy}YqVFy&
zg(;iXzREbe7`Ko5B^&)S8E5r%^Ad6SBN6tnq`7Y@gQ5CkGlSisrD=ru)5j{mPQmdK
z=t@s{(;nMuj_CG`IaYJ!*bwXjV(Z!~je*$Ci+tZ$m*S3Ld!yoM3Fe?6Gh;hyU=%Yf
zZ_K@+&VTr-bCsAZ=^0YdQD3QbL){bgLv2704)@WNI|>1L_$I!CE)AMZaN=u150?Kn
zflw7XfjsYGl>oNYa#pF?ht0XwbOTZf?NvCJZpa)|IEw;IzHQGPp_#;lNf=xU?0jMq
zf=qKq=ULgZDmjno-M9|gc7{EioV`Kw^DQ%tK~~`f*q`e>VQG)#(CES)lnR+KZ%2jJ
z9NZkse+5x6ZQDVw5};*7bj9MN4C7u}QiY$?==YM+f4=(+MVKmd`B>Wi=&}<sljB`A
zgW!aXT(DqEKaEA7XqyQLsLFZZGAbKL9jFuzgEX_7>f+G?QyN5uYz!80lI!6+t<8r`
zmV_^}&6J6iCBX8$6CBD^Z26)}(+faBQTUpc4_6$`kH#EXAa^oMahYt5+lKnL&3*OM
zF=uhT5h~QopcK8W&x7&@%X7HD@?*LiD@?=FGNcXGEfPvUH!rH5Gz2~0y=pFDO=%&F
zrSQwq#@cpm__z}1QUc*XmLss>J;1OUZIdN4{XD3&_{j6wh{Wc@W|3XSu!MdJa}-=w
zVG~t~(UkrdYeU`<bUkk`EKE7_1H#EYh&8j*j<pI%9e*a<EOZh02}b6P|6Vt~re^Z;
zbFVagc$)gd#;s3uL!GcJMlgLhtBDyc8eRi8uiJbB1M?1sj9EkU_Oj^+npk0A-XJDx
zc4jb0vq{P&gezE>Te35G6%>BC-4f@ZrxFY2;v0ua@peW0U7vaE2M1j1o+zrQrr!mG
zH*h7R?bzoRelEHmStHQxA3mG{RoTkpKWsgGcAd#8ofoB|ODncR?p12^AB7f6I^;w(
z4L^*`&JS5#@x;RoT2v<Fq@r)*>{8xE-epCaJy8=zCQ)-`pcoe=kkx>0R4CZEaKh8>
z0^E{TBkY(_&HCfMj#_=r8Tx>k8n}&WL0>X_`C5QU6Uf)iW$_b!VMp*h0qV`4!X2!r
z5_l(#5CG>-jJqv#ijW`NqT6+~lWmA;WlCyQhP0%Ix^#kgql$GB8VWTxUNPR#|Gh1L
z!ZDS|gbX=#_DUi0Dt2FAoeS|?fxi{6Bo$o8LpY6uyB+pZ)|lnk9qxPmOA^TyPtI`B
zHZiPaByKH$+FG#%$yA%5?>BRLtKD~axA@^l%pDB09cA6i73&DB+@xXBFc%)&VbVt7
zKGIqZWd5r#Q`O4ak9NVP>@wtyQgDLurdJH~1i7jwiG4W&=4YnLy6JmlTX@6zH5$gO
zx{O?!%qns_US664pDt8gkS~8MpNcvR9n!lGYJ1)A!5y6Y(#F9#IiQ`kxr#>mq)!37
zK4j)#nNR2WH^cH0#7G}?`^9~C4vEokxUo*`g@@vnIMA2QLb_cul^D5P<?zJ690;%m
zxs2frv(WmFnrvdD#73FN$qRB^$Prr*e~(S#c&3UQ#p+^xM^nE=DJmQ4p+}3qi#9k|
zw*94qWC^c`F>$)Ue^5j5@jbgFqbAE2Z%D08iEf%r$s(oRh&lcK{Oo7YXH5k^;?w8?
zL(LEuLx#k%)E1ozdHsC+&-3y-mG5@iCn{s94o9}%NAe65y0lgUVP2lZN$In!#xd_d
zFE8e{I*ncQzrDOIPI>n(b(oij0Y*`cm5lfvt*dysLTNI{6LV0Y>VSVRI!66>1!GE@
zkq>{Eh9S`x+w9_f>|aO_NlGgu@WavcMw{D=q!|<pavB%YBXaJKIz|SoGA&dXPzkFT
zVWlb#D_pbUB$kz{R-%`nUG&=kd~@sc(CIbR^7L?iZsbs{J=7LtYE%k3_Zy!NPHZ!4
z;+_0v6h>BYWz-}kd@KvKHe^!tYpa8KdE1BM)sFwXyuLVq*$wW<)oR{m2YY_|F$ekI
z<N#-NYa;t1*cT{=CeX^@X$rci9w}O^(tb|Pbm4ODwi|;hMdT_#$U*uh_lXMeEacvW
zlk!!yq<zhY<Q~UftbkA+?Kh+gBSR?Y0eg!0y{NZQ>&^BIB*4WWe%OQ;33=8z`d&s&
zEY4?MCl>YbR~3JtMYocoJu$BZ@uvJf02xWhQTI0Pr0a{djL!|Nm(|OCb_}~keY>Bs
zJhVs0Yf`fi$!jm3`mqxI+{RFr@~w%E=<R)fG((qG{m$-I)fKS?&y7+R3RAzHL-vQH
zSyNZG1!IZzG+nY3K0Ld8XMM_&lFf4Q@x+ziGkCpkOt$GzW|9YBOMzf<DEZN3+vVE4
z8=a+Eg`KF#H$+D8)|kI`#lO6DX{bUiNJ&R*YBVPtZ^kuAVWpBE<vedM*Eiz23tg0~
zgv(Ce{p}lm4)Ddk`_i8FP+%Z~HPp|lFQZ)g*2Nth*1{U^{;Jp!!yadbZ?|McniFwp
zHRcc04Je9}`#{e6TY*E#-Y$D>*6f^wE7eJnuA6-#jwFeoq_3JfQZ3;+0Oc<}qh}Sf
zz@Xv>;L0@q_G$*&bt%CR&w9IUSN?fNyA&tVq2$WtzHR<F%?O1fnmQYU;^Nn(YuvJn
zljrVq|I{lvFhla8x!84RN|u-!vLUFE!HD{qRbm}d^n3>+5nFv1Qa^|O7Om#L!L8+o
zH#LXv%XZkyS!oMCs1fPQY)k9`qxx1pM%G+uBErBtbpp117?`K4Q7QnNyZAJM=8(__
z>s@^JO~^)jB&(KrhgEA=PH-<200Z-S!!BrG)$nG-OnryQS;mDySaS*Gsw$KRuYwEs
zl!9FHap!QAC?ynCHv4AinAfqtNSlOuu%^rkv1+BifO#qQ)6@}PcvjAl1Ck#2dRVTn
z&Rlk6bjEAcnMGGz6fh4K|L#HLC(`~u&fYSht>Eb!4ess^1qy`%1&VtGid%7qQi{7v
zkWz|UDaGC0AxLm9?iSqLB_wb9f1dl^_dcKQy_=j5Np`a{vu9^#=IqYzl+Pna^3nue
zIPpqHK}RX2HsJo-?fdk9fO*@wC?CA<V|M;4jKSx7f@>>rl*nf?!Q5V?d(of$K}tR~
z`FVMi%J|kx84<vU`V?dOSjd>l$DBY!6qpz%3&jKzu^~B@5EL>d%pksWL^`a-&?FQ&
zr%?~1i*Li9`k8`=X~dkQ*8Zk3lNsFx6*A7bJS7e|D<+V%#3o=kr6owAfk>v<7~!@t
zsv=#ppB9HQLZQ^JP#81VGff&15`DQ+31%yo-5vNpgBM@WjIwhgjp(NpKq<4ef1Z%8
z>$12;S|G1SnwfuxX6K2x*X6~C?p!DM|Nd$y*lA<!6>AhAUTNi4Gh*S>`hNW4%MqPp
zOK*UgcfzuD$*2+1XQt#uj%_xK#>lw38*L`7*)1-uGsJGI3W_}<7t5P`(LA=Qk)<8x
zLE%CgJ?#6BQxK5MDmt1`Jxxk>3?r3|M9K@><oQGqo9~835`!OZj`A5gOXfRHbLV|H
z?nJS|Jf8TxvQEc~uzzLknkNsuEiz56Qo%2E(3>l{)$h=*sP-#J{q~@D)3Jlz*0X$H
znR3UKUTy^QA0aKoPVrDhKtbxTFYMHDDF)sBMvkqFn;nVO*MH~#lZ<|^Ot^8YCChiw
z!sQnNA+v2afnKb;TT;^awX@QGL!_kkvM(C-K>l89%hsQXdVc&ZOslp8qDp5<gyAkj
zE4u<Kn%I1^DKtlU1UMm%48(Vx{c8j}byVer;D2l>qTCspqE5Sbu}D8Bp8Kw*_iO$<
z_rde?G?qgR6`i$}UH{9mfYn|BL5ox9i=ThlQ^l}31({D@&HWwe5OmH+UY&a=K7I8Y
zqAT}HPSLhJuT)Bk>af95u9(e4xL?t)<>7jcQnTjG=8N5VshFqf4N2mzz?P^C4BQ?6
zQkr2nbOy#obiZ8m2was?ffN~vzrU97im<wW&UX3;7rsO(cx%j7-~zh{j*0yAOvMO1
z9nq0QI!9j-fApjH)b=Y40kKAYr}mJVH#dhR(c))NvrllnL{KKR0$h3D3R_niA1Y8K
zz4ps_njT2^>E@kp4r{rJWIWxdX}b;!UP`=nHPj*SimU;uijnxg^%ftG;Ct*TYxW>@
z`@xhQdL8EZ2YZE_;LHtklwN}o7&lx+uykC~5$K*n9|Yzlc*1Oqryoemxq#rj2WN{L
z>fb~<Gb9mcPVpGK>{Aew{)5mPFFgVEa5rdr?w=lMwzr;*tFGE3pyMn-DE>O3C1UHX
zh4n0l2%tSgElETzr#%E1+X4RY{EF{K5^X~eO1p>rJl(I`P)fBs`=Xfh#<B`t&j6wY
zY6!QI0rMe#b2hennBxpVrC4uZOk6%SM@JV^ZaeRcS&;N<R})Etm|A<_DM=7%>}30k
z;^>4!vb#L7?Ri0Y@8<fYmvDzg&e#2CDdzDAp%wT$Y#5A;zruhT+9x7})F~KVRXt&s
z$bh^SimVxEj0m;8;Q4PHJ=an0!_wTKT&3zjw@<%22Ao&_;pokaizc)0dn0i4rbJ^G
z-a2S4{7pZ9)8hRh#CkDQH1;0%KR9|<$PYbBkRsj-4IGP2ePBXxCnQ-PI=_d&(IeXx
zM}`O#usYLUV6ixKqP;|*v?K6i{tdEVECNT*^=2;g+5gq+a^ZhCdI^<mGjw~6cM;4d
z^)i_rhbTox_Hq9RNB0K3v5&LWy45|wB|Sv*uM<sc$_#Y(nj%5}DLKk=f5wc!)5GV*
z47l?cWqG~%M5i=Bago7THF5S-6WcsSS3I^Z3dwfG69;FzV+~Ii=p}zsV=Y~94@W?1
zCVQ=Ygwc@5S<7Q11EtcTJX|2ujxs)@cgD%Z-AnG_rU+EWE26>?H>@377~fZA-3ILV
zzFfr#+hmWlo<Pu6hG>tMPTCj5T&k9j;ZaIsskB-H;A+rd+wYw~Mz#wSCn!I99}rJ+
zM6FJ$*3yyI<HcVZS~oDk1U!stZmfJxrcN!+D+)Ys4cg1_{&Ob~-h^7e{{Y?IAD0@r
zwkq(aN-Obs*t`=)TTOliPMYiRW4uf=KN`7SV(s9G^*kDhsdvo;&MjJvgT}593ZhFK
zZf7=r<tg^)BE>WAuV<YJQ4#o@zOyWWd@Y6+`DgweSz$y_i_{H{8klKSGjr_dpsDwo
z2Hl4qc|;@2B4DSFu%BMlSl(DIle^-|&!W}aY*G;vx&bBF;XdsPzLJvrgQ~UH=NnvQ
zBxYN7yU?~iXrTJ@B7?nPz-XKVtQ{7f?OUD}jDXd9<fhy6x|i6)8*|`!1IW9!IuR$O
zspDWQIMRoUWDpJD*6{w+LPC3p_LPt9+uRPqXkrkLxC+<~S4{U`V?a%Le-^@qZF3q6
zog`E#)(YMV#?69TF9bz-smp#qMyYr1MUzR10QOY4f1o<=;XG5QUk(bOL4fn<FN@7e
zR&P2hu$e%+BOZPs!hDYl|H6D|9fjX)b4jn_8_OVCh%lgPl27=*pYx0jRuwR!el?~E
z{|#7?;bpLfEOGX3{St(p+y3W)ENt1fOOYUx*gDVBWJwhE82ZV&!(2QzYNe*L8ZK@}
zOR&UqNi%>lzU$Q*t3AGarzY1b(xIv9EM8r~34)epLC9)k!MQk_I{pLu+HtZofsmit
zfi0j1BO+!ux;!FRB#uwauo;gi*<wZ>dE4V)FQTcRES<jr78Jc!NQeps$Ug4RV_=>6
zS)>i#vOWmfEAZs)atG?rnaWM3e~>W-uu89$-7cpjk{zs0@P0$d@(RDy5FeAkGrEAa
zZ@QMm>!o9(a}$P;`zYQUh|$?oy+I<r<D4FdOb^t#<y2yQy$c=k)iEBot!gQzOe$?q
zksOoJnm*J2ZfN&YwD5UpPYG<D_9w>1;16t0P{3$P(gIXiaDikTeAJeo7|UZ8aZqwZ
zc~x6!q*TuRwlI-f{N-l~vT6N2SUdckT4#}UMh%8>q*h6)?amQB^|G!QM`O!vg>Hz4
zQaK{azn$30`2uE%zlltS9=7|JRBda7SzYg{oMmg30#khow+4CSSf|dl`#0rCu%V=%
zJkg`CG$C&v!CpCh?(Are3WRL-qd|#;(Dsi5SDmkrztNFp<7?;mA2z!z(bS~hDjc5#
z0xftj3}YlnoWyRw1o}RiZ<^71SeqypyJdm>R&V~cKBuMJJwBxoJRJRHgQAS?L21%>
z9;ZcpWHK(W@BUCixEMv(XbGtp=q4mP{G~tmIY}$|jrcA#p>m|`pV>heO~+)hPkfm-
z^x&Sv)DN-B=XY?%4R5$J788sLYeVB{PG&<XR8%`v=blH<>Jj)AHVVx2j)D7KeTK8{
zhQm%zEQqyA^8&_hsTiO0viw%N!qc9Y*kJ1vDa}1RqRtExJpuM4u}_nt95Qqw*zV%L
zi*Lu}n~yyCH&P+9->;<Mmlnjak1Ycw(lU{?YB(r~LYN^RrI%|mw>~$=P!JF=SG<iP
zLV>V@csErDYWpN*-*ORIe4vP1?Gj}J3nA(08O!{(Ro-!vdC6c@T~b>aUD8;YR1(D9
zIin_b^eIr(M7x+-v=Ac-EgaOyYh)_EpKZ%9Ej!Qp@;>uo9pl@$dh&%S{UF2=yY}*G
zLFr_8;q{45%~5@s1$g>vpTjhF%(FZ-froU4P3WyXuQLd*koH8VuxzQJuui}1;QK8G
zC46Oh9{bCkFZW3qZf$MkyC<6g&pE-LLe@0>;BtFfh|ZIppOk&YJ(9-LyX>)#*zWaF
zPliVfcPWh@S6<uKHJ2;}HajnAJD;sicf9_lN|JmV9imXhF?d<BJAza<DugV_%fIBk
zi@lVx%hsSds+E6R5hN<cQSbQCFW*DmPwXW4es1aE0{vw3{_9ft{mZ-hGrc&tm{ETj
z?Wb{#Zze6hR7hkbQdnN%&g#-Ty*o&$y#h$a;Yaxw^$6@N<D3{PVi;a=iqp&WlJ6Es
zv%~>7#Yxp->x<trro57p+xombng#Qe)+BvIABuxa8hEfS$=xkyh6)xM7$eC!2XkK*
zDjB&>+ZZt?YTcDvM^^r}E~~6P@ReWl7!HHc(OaO4(4g@N8B!p*%#ltj+-cB1dLm#Z
za}}Saq}N{VBc>JIvJqU{t~TJa9q^f^#`+Pd#&KWMJnX=l?kYzm`W;=J64~{%GRL#s
zwEL>~G}<afVIAo8bf53iK!}}Twr8WGSiV2*rTbZU*_Q>1yI*FWh7vt7&9Xnvwo<7D
zdj;Np@(u5naQOTU(z1Z}$X{b}I6lBVX%g|Q1Z2C_lwfF*K3nTRjf-|hw|dI_p<s`g
z4P$LX6ANvt6P;}X>$b2}wN+?XPQrswi9cP=m<+c2_uf1H`j|6&%xK`^1h?ee1Zzhb
z6O-ha(|G1vwIPe3v0FTJJrPE=j?)dS_sDXrQP_UW8>^jWSR}|M%717V*fv6>^#=^u
zp;7PX7}Ac=Rrqyq(j6)(g_jMvopMre48I1ve#7(pM3a2m5PHoN3KC<b$BR-CC!tL7
zdR1+-S<$)Pn=bu+Q@O;SVuSt;F^VtEJlBW5A9n(YJ8;_Ks=3c)yXS+HHia~vE~yFL
z(LQ?0GR0s}d}j5PN+KKS54G%P^EOoV-dH+!Y!4_~rv4UxQbato2%f#C-A5frZO$-D
z)<+z(x$x7MLqIG)X@_*Qb{m?6pJi%nqYaa^%;}V#(#<m@-6U<KKO02vNEgZfmuaLc
z`CG?X*$8X523{s4VCR-Ce_f*_3;Z6UI?=>css2ZBnNp&nkPM-<r8xmpbxcN@`O|r8
z1n(mDHl2M_Qa?$BSkRmcm+E;*u2}fLj*X=~>e;Ff7?6Cq30dxR4z01mI;{%p_<DDN
zaprCxMh0r2lRYYQ`#FDue2+Bz9wfe<e0I*3-+tW=&;-~rMenr^aA)8~+m9?+JbT1b
zCBisiMr@8r^l<K-oQsL<IVUH{39q>h@@*Nf;_B@wOv5^ZU~j9@3M@0JD1W_Qidm({
z5KLwh(<s0^SP%G@$iMBAf03mlVbw|Y{k)BOQqrywe>viz8&gG-!N1j3?s0DIP!O>^
z2S*?Y{@XOQno-(!qN<E^9To}RjuY$A6_Z+bb-Bqg#ycZ#Zba!8I=2zdr7;af@*;dQ
z>Lfs0gWUO!x<(l&K-)z<?3bzXgzdZ6Q(aWGY^krlpu=Iy2RvSbIy?dSw4Zf}k2$UB
z%sP(E!9QaI?<!1b4yY!LlW8ZZOwq4rZlXR-_Mx!QV9v;s9`4V_?<a`8L?T8qa(fo_
zm?=P7*=w55me}AvStj7&RmwT-i8li!#uEWZ)-6{z2G>B(0DX+PMV*`&S0aCRHfA5d
zCO{qJO0)s81>D^hxNDTWGs-d{eG@fx73rg%Op7-DhJ!jT`-o~*k%AyDlVK(${~9XV
zRd;kv%!odrK3}C-%#G(Xeib=vFO@dEcnXdy^Oe~%U7Z@UN6G*=gF-V}k9Gn1dl>Gw
zYCZw#=f}CDfn$MAt1ZQIAX{~nr<7KIQzok>f)(_o4#E=@RwH;8{E<>lJh1HsSR)a0
zcH%>jX~8MwlT_1HZ$}dV3@5$(fQ{L|^@$Gh4P8pmCy6Z9arpEwcFzhWRD6p&JFba1
z_WhbdO#sz1gZH}GfEH-x$!r(%aYB*nI%htutUFZzjMhBWsCN~;F^`n2Z-*;&<XLc{
z4>vHgebxf_@9Rm4L;Pd1Luo`Kp4^>p1=Qd-BEgAp@o^%)<hQrNa_0=*jT3vAw;pAm
zt>hjd^Rzi4Z}$leO$jG_Vnn(_&eay1a)#$$n^+qztjzL|kKD0cFWo&o50yMYVW{)+
zn~)0y`1sna^hamQ18fCi!L(wMy{Kp?924{Hx6<gB5zx2Z=Do^_@ChYz^B2sZJYoU<
zgk!?I;Nn0i`vf*Sa(|X^BFQ|ST};#%K273&r4^gQk5&Fk5#JR%54J=JvBf&x@XTii
zPjKbok5XhJUHx;vqQki(kh}lcT-noF>s?35q6%a-Ggg_@u`6~S;@)S${){Iy{=xY}
zG^v#ab1dFXha`4Q&UFdss3yk?EK&1CL~RQG&Ue8HIxQB(YJnV?>%6c!hSYWQH_KJJ
zE%V|y+eJFca?SVh<D1s24{gWcC*yptIWT?vjEI89>TpTCUl^W<#IwDVQ0;Z`%>0?<
z<2Gav`!ll|tv;(o>NeeZt1Xzf2JOC1PLy10h&;|*oq&Lo{N_>6(I9YI!|>tVK^j<%
zUgy-`pLBCL!*@MqyF(=Fy-a!YE0nWcA2b7LTS&T{SsB0T3Hsit2u+3@DD2QAQ!(N!
zhq(yDR_eSxvEdk_G7n}h1qEINwUR;a10|h2dt^5tbfVxy5yO^@o>qQH13IWuut_nX
z&&6a%#7m~pW^`G?EI`W;@x+pwPbWh4&t0VJUwq!KmHm__X1EoX$quWx6lvY1_RmEX
zsU6&ll(x`Ze}Ku3VqB5(OA`$AO?Y|NQ~i$Trr2*F38c~QRc0f!YQg$J#jeqhxwP*X
zy5wifQheb*zQPPkdMID8l;rBLIwgen`{}lQaX4bTGUwcZ#C?GU;klP@;82(;3iU3z
z;7&G@{lGK`GW&7j-9x(UN)H4Nbn)wlgso9qf2tmP!=hhAeLaVPdsU9~qi=5L8G5i5
zByRiV@&svG5O3|~f$m2kv<VmQ!3yu@VGq~$3TU~I30z}_$e+KSU!VNCZ2hgV{p+^|
zd%^m}IVzO}Y`n9Dx$DGOXtGqokSESt`_!`jCs;7XuEggzmd0vbQQmhHAI4hkvjon7
z$CC(R)Xwh-@E!`6rTCR<O!$@R;CW`C=US%TfJs7I_#ksu0(eQCRwuU8?=1solqXPt
znzQ^<J+Ae!-1D4Tzjqt_if(Vn-WB4!wsq>9`SEv8w4F=s-&e`YPOi-lBf_yuV_E&)
zC;^Tbykm*uRQEAgyUhdMQosIE4c>ffc16FG?8+MOt~vpZ{~?PPdbuSIJI;x^+Hdj{
z9gEy|iFOq2DV)-#%yc$3Fzq{c!AX7^eE?a%+MCds@;c@89%DK?%8PT|FAM7Twh;+S
zznBf7-4j3ohXjiU37Q0eM}Usm&h!-<?9o?)6l^5+_X+2F-JI`gbmnr1H)dPJiwLoX
z20Z<$wu3J5h|sB@@amf$O!s11)*g>mE`&0kqV3^tfS)fhI2Uo~?qi?10(66ZK<5EE
zzLM?r><0%0Lyr{?sG>Xyp!pNDHEojH;M(>H?4Yr{YHA9pyZwYFdLjuko^MiDKN|XU
z?_h1bH5B)C1Fh}Z?L~TdUnt%V&;M+%itVO$-cp<Y8D`ECmo)=?C(pB4sKh=DM#Z(`
zQIjbBi(?RKxUWlpJr;cDR2RpX&y~NYl(>lWg(hxQ#(u=P=>)kl3)WUxPL3f&?Sb@{
znY49}$ZLhB;(&|ezV+cK0@F>hO+XTuB1ehH!Vdf+r@NOax9;rN;q&48yHWP@XniHU
z#Z|4Ag*nB!RqT`ZcZDo(R3WYk3M+XC{PlxR&E1W<E|15pz<WI&`Us=yqz+ECIOSgu
z!n0k6P;XQl0@l`by&{4o4l_Jhi^m%!<sDzL%jcilzLfZL<dnycZ|3EJ#thu|e4aCN
zVQgTRbi{5$h^5U@&x}2;r@xmlujKpik2K%>7dGo8?K*MdD{Ek>UsWjT{^EL}S4T#U
z^87>(ykgAc6!3aIV({wgo?eh4qk-Y?<d^#Bx(prI-h7sq84ceCVAr})=2bh^ow(v`
znRVsl<NEmv44V(R=&_2s6n)07NY%)LL_8_{ePw}Fe&l7Ib_rdDbYe+g4PJa*R`YE1
zGfiq9)MlZ!(>Nx*n2Au<|N0#N$NnRozIxc4p>xX3t4Z?{1_b)vrOMC|fl{*dtO<;-
zMu@>Z8U9+0J#z$J<3)Zxlcg-yc$8qDv0&?qB~7=aw8^@xaZy?Uv`g;e#vIwX(Fr^Y
z(talU(|e3OW7NfATG3p*ZaJx@_Ij4V%VDBa>It29xdR>1l53Oi$z>85_ob)&*avRT
zz5vkW9$i0yLyP%)Sx{D{-_ydA8?>_V=sD`tBr0+x=;KS7{e+!MKdfs<%~|)GkJCvr
z4TX^<X@T>BCxu|uRkOzmHl44bX+_krtA$stjcMFtuaF{w8VYe-Bb1DuUA!d;jIT6V
zAC9w6ULCfb6k2H*zu}VC!?8nFPy(WF7dg>awR)HC_V5)TGR$$wuVO+mz1Dsqjoxiv
zUSCtJ&sHRF8zAXd>Fn9_^&MU*=R9h4imqE~Mg=6k(yQ9#`LI*<2XtL3;-*Y-O`}9{
z6WZw-h*sY>Q=xPCzA*2s8GpA+_=oZ}Q-nVPeou!A{?un;RdUP3pvvIJ;L@S1cKqI_
z!jVr@vL!oGU{}eYbO*;v=o$8X^D5-_X$wqO4uK#+tA@XRI+I7)|B@lw!F&6s@;BGS
z36ck(KnXR$-R2A{2_BX7S8eNwUt81ygEOUurWgr7P%_Zh4`QECqscb3f+;GbYqTr-
zo5FD5xXU*vqw{DKcN@KINNJ~_T(hXZ=~u&{2Oq{^caW&_KDD&aI=xAXeE*uM{O-$%
zBdgMpm0rQ|aw}GT&LBQhntgk_XC;A@5~%weP5Dw-ZRR@PTr_B3Hp2}=DA=J_qJu9n
zO6aQspO~~xXz|Fg=?&9U3UfX-JH{H|8NCc!JuzjtsfOm4ib4FDpojfek)!uU*EuSW
zUj>64y8qKSC?{bQLnaG<b})8u>^r^bYR+sYx2f3v$?@A3Y>r{29mncUHGvMt>Sd<Z
z1?8DO<(Z+sgc#p2PA`&DzC__Aevw3dbom1s4O?*Rrq(rCkjzG2K=Q$8r7e8PpX6v&
zV`k&mRQCpP*g*?{Hy4sku!-O{jmg5J`LzyUpQn4)(%~x**YS%`k8Pktr^<xbBE^Oc
zpXP(gZ{-qtvWHVs>y6gM;B$Xz6emnKenh7&Xnf?dpZG|go$^7WT*s4xFAF2f(Qc6~
zvqu(s;t@@~sW_w5wha2UWsl8nf9huweM4Fe_Vu%LD1eD*B&6(bv%9AlELy1JH!_yu
z7o!f#B-d@TBP86Gp7gQwg3GF)I3!_EG#l$1+G+%%nWWOQ>#x^UZ*RsY5BV6rdQW1c
zNPy^zkv)Re`dsp6zZ6~?mGdh^pK;Gch&p|kMZsTxv)|J^ptH+7BPFNEN761SYqZO3
z=Q_%yO<c!NjLspgQ+>nxk506sXzeY7E*~|F)yb!zkWQirIj7jFQTrLG0R(?WWMvz^
ze-ACvQkZW6)d*xmAEB}rI<_BEO8kUciSk4pOy|`w{CP0~-%Hc%3$AQ&Ua22uS;_N}
z`1||@jmj;i=y8?%YNM#393!=dWn>m0M&ryZsBY%|)T~JzL&$<A@asDJe%?PyJrIas
zEGgj~v_;&mVo%D3oJWzis5U|E*>|-g&i@9(n4G4l-;)O?vdm2Me73IvaFV_3j3AW`
zLF&jRYcViJC%Gl@nHTn^mFf&|7|1b^bR6mRPo@c$17#N#U#u^xDYnuAwX;#&FisDe
zq_A$ru@XiHih-FG+*iD}`^U^mLQjlp1fN4HzY>gVBW~I<U9(_n2uC9y(ye(giZHTU
z@accu?3Q(`Db~N@(u=vT(vE9-1sfSJ2&)+uFnkykRX+b~sJCb*&@o$1>aG?HVozB`
zr$zC{y}KV);`4Z^z{gMo6Om^=lNwPJ9X^)-+liEo?uIu~;C3E?U{i7~rMTad!S*Aa
zuo^{7Z(e6wHsrrLZI@3NWh(}%XeU3QE~l@IDI^#KqGyx4aT#QlBLq8Ny~ZNYAyAIt
zK7p8<DmEA~A(AnOd*>yUBa0$mRz6J60)LaGY~J%tSO?iR)I;g{8je{JOpYo`p@iA{
zxmw%e5XqU3CN3CG$k$ja(~bmGhgq5|DXQx5a^5P}hz$9IFRQP@f?j6RyGe*;<o@fi
zrjvBGop`~1rt9CF^k;J-zLsCfd+T^fg4;X7`wfOe>xdR*NIT{=j^jRC|F`*q;Ot9G
za+{hbHOh7xg@Pmn-$I*O`~ibXgc6we{OP(gaGVbrMe;8$t{3MK_W4GBQ>_mhFjbG_
zUQbqe{cPG6nR(imZTigr>K&Sr$6q!Hk;Mj+h4xGeg(+~&I8MQKYhDt?@VsZ((S&EB
zq5rGW!G|cZ*&Hkg{fSkk!jf6JZPg$x4ul?Il0Dw8SR1pSE^j%TkrcKXM`;+>dG0Q|
zuCmGgoYsh%Xi6X$Z@Q%XXN?guU!Q#H#T>eNcc7N^X8!v(TGubOXqQqIZEC7mzr_nA
zdN3}R!vQ@9A?M2*kGoQmZENE*Cc<C*o)T*=rnkoFE3@byOrm#Mq3=@eT1TyifM7iz
ztF#^1)7rdT7clGHrR*p$>yOEMEeDx2gB*6>vo~uziVN)J6cHIG%?b;Qc0v6uevi}S
zmwzOu@aXs0?hc9?3vE{*Sz~7&S)Dg?CQskb?&>MW{c67|J)*+wfM+DR@BUn$^0%B-
zB5a-WRrkuO*k5Pd(a!L|((?4}hy!b#eUf@}pV4<Yt*W{^qYw2|{z!MTtQqUD*2@)D
z1@FusB-1@N(<T-^V;^Ry()bEF`mcLuffKG9p-mK9`$?Q%n!R6yrAmFjMF8}<gy&B3
zukfbJh!haXh{*8vkt1g$%dQ+bOSMVJ@tuZU2QkP?HD^X8H#01G?n;tM$~|TOxAXOf
zW+Gr0Od&uil>V5=TSJHNzQj%k__c4h!|mv`S7LvkRP#Y4hh&>oC56@zp4TpVdQ;42
zSlm`875f413d=in4bsh^R}A$DC(=lI-tUO?ok_}n%#Jm$ze|VrrpSCh{+a&K?^s&&
z#W;=p8AcQDy*sFXD^#|-V_o#P>bCFVdujRQAGW%FzOT9%vK7K>-4_y`3^Sr9vT8^5
zngsroD%n>wGIyYp&SjeyUv(Efyhz~}FQ){c>%nr#Z8tynv6f|?QXusnU$`E89OiTv
z@S%%as~!_;j=4s)L`yra@rWTd<F55**?R#e9?V(c5H{|=FbZ`?OJ)9COBa#xe6L@$
zbFOJ+09)XMFX$IN$0f_!%YX*$QETP4y$8Iw`H;ac$K@r6Jy7SZfDO!<Q#zLZgv)Ps
zJ$ipV8G4{LgqNMceQb{ET_I2G>C$^9s_pY9m<Yq&<2#6s=))8FI)<wRXuCr0gX#j&
z()jBR7mlOtUm)HZ=KH$m)tH~ydfbaRBRfYF|L8<)?D$k^5|?ExIg4_x$hfv@+yT6{
z*QsUJ#`%>Pb^Md7n{%u&iqP)ek7`5qD3?2wOxiEKVap__+%y#__;a$w-=mh%&6u5x
zZggmJIOVO<uh&<Qz+$ttXDVRIS*Bz4NeWSTa{u@1K9s(Kn86Ox?g=oj;2l3W2mtPM
zRt~hSK;%<QFYw*ZI|rtEG<9&o;&^~Mo@%=U^bak$_ODD(T4_934&+Jy0Asf5P91?>
z(!+P%D6q$;omj$saZ6oD0I-_byH%;&^3`(uHVREJ9GX0H=Jnr>K669X!%$L73i$DQ
z|Ib4FzmbY*J5B6~nV!<03rT3d&-UXQd3t0ow-mAOjn^L$C5WTDpv11)X#U(4lTV4p
zD&`U?9nNnYiYL#nK@>~`7sU1+6R6-)QEizWbFZ9z_o4EMX6qt+%U0)$9PvGf++=GL
zykTnsT~hP2kwWLjzwhw9+cIn#m^$@)<3IIfO&0nTIPYA_ek6rn3n{iA%-lQkV&^FF
z(Ey6d2*0xJ3bNFAyh50iwx2vo=K*>q*O=><+OA2{4{#&^01ih1s41eLVj}<*{}m>{
zTE2L@EjIx0@1j6_^Tp9Z&Bf8lmB;OyyS=%CnYA6ajgzGnd;z`=AXJc*mjxgpApuMg
zF93WQ@E(AIjQsD7D5!`x8YUVVDk>T_1_nANE;cSM4mJ)B9zHQ49zGF14h|tXArT2F
z85tQa0R<&FDJ3x}8R@@2K|(>aK}EwtL&GA)!@(o{|6Jgm03u9491;Kp=>-6p2nmG<
z3Em4}005BC5Y+x7_`eGhGJ-~Q3`{I+97Kf%LI5%n3JNkR%0H?Rwfzyl15k<3h?#h0
z&`H$IFkU#5@&(1`U^2g}=_1pZJZIrIcL~PACa0jJqGo-`#{P=qt$?7Au!!jU4<BXa
zKFKR+e%8{~(M6nS`C|Fi>YKHVtDC!rr<b=+$oJ46VL!to5)ywU{Z9UqlA4>Bk2vsK
zTvA$FSKrXs)Z7B<?&<C89~c}Oo|>MSots}+T-w;&+TPjS+dnwGxV*Z)xxKr8c>KrL
zKR*Aj@?VVo559;Hd?BNvqM%~@;|mGd6LFysp`tPIq7%!gW0*OUyx<GMBz+g3Q`3dT
z%&&1yX6`bHP0sRmgZ1JcYyaWw{~cq&|Gzl<-;Dj=d@TWRQIHUWhe8C90z7NxMqGlI
zP&Vmv&d=UYo|Zc%E64bjg#I0BBB_oLli%$w*<#IAPhAV8GUwn>TTQ<?k|R)_%^bW@
z;M^lvOuG%dVCc<IuZIv7lqV>Yj{RW0+-pi;ruyQJO`69tSz9eK=p@S<leKBwQU(Wf
z4>wQeT;Lbw9W*X!{o3Rb?rurYJ4I~f?cIh}7Xk*}9~s^7EzQ`rNysKDz>H$3y)&p6
z+<z9PDKFQZ`hFz4gd87TsP;b2_s3Fr*=k?lF5M>MHp$y1BjNsD`*22xuSJ48+}b?Y
zMR#SQp(DwUAx>suDdhR(`bwzFf+?op#2S$SXMT`9H)2DqJAyqM`F~$ya{_~IZr|T(
z8X1oDF*Y=+O({qZ^?w2&&C~#VE?<Ep+v&@%-p$REQ&gkzEv|Be6AF4Xey*)er~e!u
zC#Po1V~dZ-%=8=}DcgaF+fOY4O~MpU{P9HDiye8GrcYjiT9V9~LU9v5?IC@}O#os~
z)+a5dD!0C{;Y1(rD{=P3)e&{bDI9QG<~rqJ{wSYDg@P2x#7K*Qt*X+dee;1sHn&aB
z{nc<<eVn?n$;HS3#Tr)4G;705ntYRmGuPi<r~DWVVZH8RcT+y;lLwuQfN?4MHu)_h
zA38DPOioDssC|k;?uY|SsZMsiKSz&>$(<3}8R$c+Q>DsNp^1ON+r;rSE~yK0Dlcwd
zysjWsH#S=!RsRV1&!sa6V{cED3WKrDne<AsMCzHGyfRCb@KyV?W!aiSSZ?h^h^9qp
zlop^qU*HpaoV;oOzK;PbYUxLbbEQCIk*6(wfjjfy-J7x<2G@jM(~IT=-k90rO}=^A
zkjetLEY7Kc@UYQYyAMvMf)3&%2G4tSlOM^p=oiPmE(%NtN<WIv{S~<Rg~!_VLkROu
zojI^4KFM78ri$bK?tI1QTdHEY=vY(XM~U&<h=#Lt)1c$Z7ko%>BeK!sU0j6s8hol^
zz}r~%aDbVz7#yHznx{YM{#Q<$z`9b#I$xmfy});n&*<p3@EQyE8%fLIB*tU<d<I1v
zW8DC~zGWRq?a4j82O9yc+*=k9&)++!Y8ucA5-b!zdqEZ~&;h1PS2z0WTBb6o&tD&D
zS0gK)viftGN-}-7l^|SS0ulsu=FSEQR&CO8YE;+P#Q+;W@|R!8yPYtcomx1yyohgN
z{!yhg0VONHcjM|v@!weG>)KRzN(F|E5)ZLQvHhVmw4)6QRIdgY`ydb|yc~_@UUQ!q
zpS_zgOEABXDYM3V>s;dW`3(tRSw|v>jkdx^fS*dc*H>@o?QG^z1q=@8ygIOS+uwNp
zMWQTr?ay@=z!v03crR441U0_UZuigk3hSApE<7r*4KvWW`r<Mc*dv}|n0_g@)-U|m
z9|sP=q^o*Hb03G&sKNn#T0p#eRjmof7jeel;tYn*By-49@&sx?ze==BmCmY>>X=az
zS_X$m;Q(SkxoN0C1>URU2F@o)UBPrgXw5GcJH!F7ZFgSqj^RSNmYt=;H?jRju(D`|
zt`Z$B8MiE`sRDE~u~#KdwfR#ZT3TOf*{veNZpo3v#6Y$6+e$4GZDiCQZc$JSfj-N*
zXZYMhwcc^ZOd#2Xz**X@3#N-q6y8Q-lOds=7bAHSMSrxQbzy`AiE)DNCp~q$pf4=Q
zD0nNxnBunr$WV_-`im0^r8)fr^xZ)H%5x$6A)|+<6@RZ1MKWks)<c@`1{{#~_!J=u
z4Dqw3``g@M>s>KypK=0K2Gab%g@~4f2cdaD^P>m@zK&CiGK4f76b9P#`+lSSG}T@e
zUd56i_2<Ecuph;*)l+a|%n7qh>b$8O4%j!jpnxI7`oysh<=iZjqO|_{IK&oCZq4Xb
zY0f(s6W#DDw!%uIz-s`JCl&&;?9ZSQ`?yl@KgL1*e|*+%`sw}?Dwb{IQ(jYFqr0r=
zc2Tru`cpUP)Y*{fzO0ffd1<+8tQr$KHJ}k0+V46&Ra0~mQI^W1`Wei(L;c3X_FUBD
zUit*M&shmvUjo875SiZpk56r5)3<rG9SNB0lL@k!Yl_7K%QFrUyvYul)q5)_QJal!
z3^6*!Y<g+(=PRB^_}wSyWhCtQt-nH|XhW7KVzTEyS2yo-4jJr%NBcf^H(5UL=gmqo
zJUDRM?Y7KpU$WMxPJad`P3c;q_>^Vz3l5j8V3><->z!*VSAn4{o`eNiS%8M%DG}UE
z!*3@Ee}jIrRZ{}+Rg|^vJug&7HqmZd3M1v;o|wp{n71~>_XeVm&FL89dsGjo$w|~n
z1v`T40vHxnXuMC~ojtGC`>yP2)8gOkeC`sSNm5AOYYXrZlWMiMpSjM73K)Bv<6t25
z*U10rARt)`d+Y)|26P+gT~z;rL6R?5n!g4V5_8Y!yjE>?A5Z$n+fQs$%-5Mj{`Gjl
z;F_M!t2%QB4|7@BK2sUIjJCOs_|3mk2H@1;<r8anT;3INPi_9?jM$8P@1HGC`Gg{<
zrkfFeyj>cE59TjlW>`|ak~wS?p|n43bM`IYztfJl=3O-DcBg5jDY~*sF^|w4l|w-O
zDVYem2*ydZ>qE}V?ZEp&o2pQHLpb2V{YM9TY*!P6s6o%ZupO&H?_J|L8U7hp!LLt9
z=75KEcL{!NIAFu-5OU381H7lQh64s{b7ROW$b5L@><tui1B?*!mebrqe>k_HDi`eQ
zeGA36+5~pbJ#i)VB3~I!uNwsU<5!fmXoYTAzNXgDl0LMJxYs+!K6?+IHdizlQ6%fI
zJ!)5W|MDcm@FhWbOZGb_($j>`_1BxqBjbyzs0Pj<SYNKO?!lG5_scom<08vsXGv2F
zCnPkLsZdp=V0>HV4|8p18;h19O6MI}1qT}b`)<!1b67)I4Z6+k3%X|Byjv)g$n8s7
zyu8^5R|6(e_kxGsn$Z+ms!0diK6r3I4|`v9SM8kpZrkPZAO-cwLex-5lQThFOTY6N
zXKGrfBxj5(NBB;ofs=Au03Y~D-;VfQ%}<0Q7ZsGgoz#!N2Yvl)0Q(+|&~_+XQuilc
zY_sSQLZkVO*}#K+C^$7nm8aTZ!2iY&U09C*#RX>G{HomOK|>>;?Aq#c!F$i55g6b%
z7$2%OCo2|NlGiG@9{CfhRm_JKK@vjVseryD3Hvnkph{*u&`HnxV~hZiuLWd{nS9*A
zH^clvV;wIiN9?DD{I<&*3;_cewI_m%99vB|09=h2V7Ia-73<Mn1_FrOcW)_QSBDVn
zf;6;zs_qiuTY<^r3&_>k1so7;IUWXc?13Roe3Qa=7XcXA+-Wp%q>q?wMlO0bI^WUh
zd}GdPbMo4&utQj6HMMX+HY8l?+}jnQ-{%pU2~VsD4wz^tfde25z<W?I9B`Xd-CENU
zf=E%>aK-%PY9keJu}#z>Z;nJKD|4WyND!OYUU7x!SikIt5fEjxO)u|gjdoH1h+%T@
zsJ|f3wVLmf0jnb=;2XVEqB8dCdQI*&gc`UoG-BS)vo6=!(#CcUqm$AC&DNLnjZO{N
z7TIe2OnB)(6w4Ky7%~K~A`9}pD3uSGwSUgpbgUbqRmeptP_lTCmlBCi3Mngmk1Q)1
z6|WCsIKgqu@7CTO>D3<{MNT=(uhZ^)EjL2=0b{rS-F6`VRJ-B({+XQP4bsZf<F%>|
z5WOq|L1><l76P_y__o%B)pZ)Up}Pp2aO};x7jJ<BHjmzK?2OK50ub@c(J4bi#X<w|
zM1{VLh2H!+l9|LIfgvxpt%BHS@sE!Aa{0!3Ba-K}imzXjCE;u&8CDN!cl8Tb=51s_
z6JxRAfCY|uIN(Et-;LMYcUs#s_s7f|5zR!E%q7_OOi?%>j<xAI^zGR*S1^crugx6}
zU{rK`!nTGy8lWkc+;8=ya&0Zyh{BT1+ycpi4{wE6UHJIQJEJ1@)PEfmkolYJoA5=;
zLM$KC+;jxs034w%IN(}fA9&9j1_wms!N?s$5NnU^1RQW~K>!DkX&&3a0h~{fw{fR2
zzuQPQ+rQs|DcCOU#ov22y{{j?#e-@W0H?UYbB?JJYYSr{2atvODrzrZBhV9fTIE4%
z=-AYna>cew2Zm;YZn{pCpYg=bTnD$piwPRT%WE;ElUd_|k-vTOcLBG~kV1*0$&t+s
zy({Y?6Rp*%(d|9~4x6Q;XHW6OO^P4og)?82RUn47AA?xjF348X4_Z=^Oh)Zx&{dP8
zTgFGO%a2a@Ri;12q~Jbgl-DIS2fuQ#+iubbZ{`b~`SsG}xFAi6w@X-{b;}XU_+YwA
zJXL0bYm^W5hbm!P+3V8xr>rf)T4pt$*u-fgwxBWv#!Cllem>nxa?bp(b<~bt?7n5g
zCL}|3>fCc4AC;pex~>1ZgIOSTbOx-l*gIs&UpAR-*pHRI2X6dP3BlV<Df9xJQr+<x
z9#Cgw)PGbYUm`WGp-oUxaZ&NEjO>K5%(<E19tqy2Ru);%b(Fa7ez-lapW7Y^x{X}a
z{}!1bjYTb%AWK$fxEJC_Q@mzfXC%LoBGCLbV+kwvXJJsTOek*><q&Sg5a23gsx>x5
z5+kjbys5^>z{vVmP_$wRr06mAQ{Dwv@MPW@V=o=LAVwHHsx#WBLR;rfZ7r|}tGbla
zrsvyL;21YKa-99+<Jg@==4T!Ixn<7ped)*CpOz78Yqmq$oF(V)PL;OIo7R{pgi&lV
zhCxL4Tbn8=)Qef)n>1*gx6fiVh8x%TFuw=mi|I^G^q^;bi|e8Fn5$;|`~gYhEeZf>
z0)S=;?EZTWe8%%(fZ>`UW=vV{BlJixgO$DFH^~35<F1b*4rTts@ngHd(|8)!O;)6!
z9dlS$$4i5cT39rPgbM3FSi=((1;66OiELX0i#b}u#O@P|7P=7TI(E_LmdiM{4Chjc
z_?p$U!R@Dc5JF-7Ke{W1147f*;ebc#YbhvY4?=@!*Y=AzhMGJGJ*1S2Yl2GQ0D?<#
zsddNhkqV2xwYPKPMjM<N<TQIf3=FJKzcA@#YRA1obK&c}1~_cC6CiB9ZZM9qmu$Cn
zefy<Q%I~KSc`*Gq$FuvXDlLWg!LyZa?eFF_nsj(mDqiZTy#XW*C-4Ug-;u?hLtr1;
z#b8Uo{r*ZNS-u7b@5ZfitwbNaxAv+8Drr&LAj#E9O&A%$ckn(59FWKlyl?|{=bR@$
zBLgqLI>NYHsX50V`yBUxzM{`bQadKj>z-K{ZmY&u{gJr`h<R&ko%$U5H#W<igYoj@
zc*mWMYgQ?Qg<jXk8C>e++4tB7dhfoGh8+H4xRA@|)1No{?^zgO4O?p{7c9m&7X=yp
zDFwRnC4$kvm+iQs&fJ0anASxa{Yrucr?~hht+BSVlB~9mbn}Z1uiD6pR_yV%S8WqM
zJgL6_@tsyDFScKt?xTWZ>X2CL!8AB&Tr{ER?eg^W*~zYRSQjYwh|tUHUgKqo{a+|+
zo4QLknYJz*;L*p=px(W1A=yw?02RI<k9D@^Y6|=8pZ3!txo<w9H;a3X*^P5LCS$zf
ztNg{+I~e(A3aKSy>?`y{76WjT!BAHUKF)&)Fot4+WC`>vw)vx_+?cf>bUc{HA%AR;
z>t-*08ITxCxV?@H#NI1QZDud?Q$WZGIza7)z%WLGeaN!77<k6<v4Y_vmQl)bJl`%!
z$=L>9E|sbNdHL4HU<3OJn{Y<A_&jq=->+xH*LRga9DfEdH>PZ)w9$~()aXRtw4l7A
zlR>A)lSAlKP7^pFa}A-&ySB5SUt980W$_PjPJz3&9B$j?+i*Zt{O;pfXBLfDvTlgh
z%x|&Cd-F?TlM~@MR0tSNdj{nS;7u1wFLBNgBeg*Xnh}2&uxeJ+^LEWp|2yWeK1EdZ
zvJKz6!3ESUfx~#{r@4B_{U;LLsq2$RkEo?yuA(*ZaK30bfQgHGOH4HCrW{D6c!AMR
zj}ER0Q9OsrsWoCHb)>9tS_o@LBiUI|newl-?(cCIC^#j^8!t<c_&idM6R0NDF9Wxo
z>0jToZGmYGSUc)RypcKCqio`3-z<!I=to`C`B+5!hHN<YDkJwFce(B?{}B`iE~$aO
zs|{e|mEhdPDt&FI(Y$Di_7f`{0G8}O;w<OK4G7oIyyUqWELQjtM(Z%n)*#hO&v9W~
zRqRzHe-2B@7q#xy3va*~QqPoYj4?dX9qhc4ep*?-F4h~p&fl!?FF$$yrr9%fUwP`)
z4(<dK-uHBSpmPdP3+&W;5*ZAY_EU29Q0{~_dSiZ%S|`NZ=alLL0t8lZWLoANPgb+1
zOoe1}=HyZ+BlwV1ubl_gV>^AYZ-LlHYux9?u^V)3`cv1x>#drmq8jI2yhkqWwb|7w
z1JvVaqxMi|9Vu<;dGA9vfMf?glF9jURxC~WpAvkBaCg*~*qqXkPZ@au&2)UWl_D#1
zOd84tsjD6xci>I)^ZIn2ijzklQb}6qs|%H|t!RGj*-@AGwiLgn<^AeDX_<R%sgaY8
zKXxk;tCAgL;lcsi>0UapE^Y85t1Zc=i?9fL=*OIc0LJOJf08wbt1^m=6`ACT`Sy0a
z1~5?FE5JX1mn!0%aDZu<$un`o?rfhT1(kw9Ve%f#%AMM&aK>!!k=W}9CjA?7OF9j{
zZp6N*BDeVsGU<&a$GU0fkxi<~O&pnh4ZRShp|RAEbYn!<-uGr+YR?)VzZ0Uye*QhD
zxR}#k*L=ye-2PjvIN#5K(aI)q=tK?JZHX{I-c=$@AU_#|lThZzC8t86a0goD**Od7
z)rt6ZyxO=A2^a`9w*B2Cr0v>wfzmS<%-G@Irmyt%)u3NiJCpk`v`vWaThsjOlfqvJ
zt=c)kZJr>Y)};U0GS8HfTqA*vB}v${XJ?D53eng1;Uie6kt^&TVWq_C#M)-nubw8C
z8!yY-7am;nxUzzJ+*p3QExw9+2!7#_DHK1A5!~Odz+Yyv8Y%|ef&&Iuwtkr@Ux@?|
zKnMIp+7!>i1L$!!@x*#b<k0%B3Kt@s35fuDfgVr2G54rWXujOwbppKm(hKezf8r5!
z(5GHSfnKI`MwZa=Lfv%V)C(%G4QHr<$B(1;psN_bC+>+V=HF`+-_FJhMCWfaK&>7O
zHWN%nF#Wd4mEx}}I@63!_`66>J(-v!CRkBr0vfzKwM|>w$=gO83qDRxF5sKp#UqpR
zLMX!Yde@i&2Lx`$-fIS6AdGthB}9nES?%6x^CRS^xKRFKSa)itP-EOmJZ5O(o;2hY
zU$C4wG14s=A_RbyH2;hZ+Izl0G^DTMP$eVZ+`Wd~K}l*v@r>lo5r2#D6hej8fsbVM
z<4_E;$!`G+(|-I#6)}kx=viOO$C#R=Bb(C`gH}?9{)f!9<sv&?u6a3jgF4DP$Yz^#
zmlP3uqnUIsOI1fd<cDshBio2Llck0vojsr3v${@(wIy|!oa5K^Mof8me%8_$ovRHj
z<&$6Vs=_<3iWaAG-0-J=bwkH3vQ-z#qO(N#MjBJx{jcEF?Jv;u8INf*_<S?cgy(Le
zV)TG}hmH47lS4nIxRdiCKT5!KvaLJr%RTAdSiZNV$!N@%^BxAY8w0DIBH~V7RoXvr
zh*a>oDLO!6Zr4_H`qxD)GZmKz=R-Zqq%lp=_shlEj~ozByiclVves(4JwMr)@R$_t
zTxG~+EFQw+wT4Yyd`&7lGd2HPul8Vr&U^X1>BaK62f#<mA_$mFPVKRF>3{1l!+pBh
z;4e8dLUwDy;Lh49JUH%vIZk#6IZrVHPLx#wA%wt-L(pZ3;!26i{8a=Tu&l}d-AuxQ
zrwa~9`3ofh)r0BzTc?*qUca0t%Sj-*6ecIPQFx3V?m5JB%R)G++ltfRlOkA@jnoDo
z!mi2DLAdZ8jBvo#tW@B!gBt|P`u5IAprN~rzk8cpsr3y8YSenn&GvlaFH5$9rNhjj
zyvC%K+~g0B1|HFm?73}M_4lpH@v)KhZbIah=*gxZc)J?i#_DWGhUy(OV}Cga_c*nT
zxI?JhI5!o6bcTu>#ilbnH}wWxlyyzsrk{v~O?aF(u(Nn|@$&a3aOd%|b9rL87GE^r
z&WU<F<R(S+!T~mmehIH!NRfguwZ^XQer`cJULGus>hJt$DAdotJ-43MP8^(<M+zJL
zy&AI9+({&;A}cz#@=^YCl_l_pm}6TkdBScX%p`s@@_fKJxkm>~sG~J)Xa1xAa8uVn
zDMtQ<?vkuK=JK@5#;lXV7M;)BSq~51eVN*QeBr>RqJcl-!ti4`5f05~Yv#{h9(i3%
z1N<dSS9h`m`VCeW7}Bw~o^x(&Gh3qhsR23WHD}gZ1@Q%+>7CFhiI1*MyD&s5_c}!#
z>dL(K?@JFUx2ATd*49>Yz>0q$Ziooxg2xuNOHUPj(&hPgOAZhFMee4i2kL&JT@}gl
zi!4Gq1&C3o9T%&j_M8C2i~WP&tULxMDqmu>Q}^BMhx5N%Kn1e$ZI*r%ycHtStLSxo
z|DvmCRo8lwynn|N(@|Te3vVVqzH_rdKrAfQV3t}dVUl|HRJ*AzVxLd(wulBht$6-*
zzI?Nj%L+cf$w{25Lu;h~W#*@h2vtWXEzCjeC!Xah22W3nqZk_B`R4$W`87-C*%!JN
z=l#Wvmv85e&JR#sMD4yBC9Ee6bul-paL!!=A5aly*gPu2oB!x-G@LZ)-f91PG&Zc$
zKSKtY=eJ25%HV*C_hvit=DZH*9G39b_sL&!1DAl)$bf3<Qy|SW(yw4dDz({D_35G;
z*A7wAj#mgxo9GD#n2>`XHOb^RvL5Ip8G#Gh1kXZCbDl9<GZy#mqK8f7O+sMnMjqC5
zJY27*&t6D+E9Y<cGkw<G3W6aTt@DyBefh>cMTg2I%MU^ngx-VSb@dri`1mjfk01gr
z0goOh51$-?N2B1a@f#Q!98i5y1^X+1euhA=fIQ(JnmlT<THQx*X|tX0-8Rf-%!Ks{
z_Vd&%i!*8B1up0N|AjE4q+3M&feP7{ty=3BPoAAzKYhR8x*DF>?srRIa({W<X~`Hr
zvDd%}yS#<flRY1$KAu5;@t^|dZNbkkeU|U7-~g7bZtyL30~|2PY1meC$a_E18Cklb
zzq0ml7rI>+loQKf<p(G~^`fL2mv9o*Q9mDt$q$4AkI8J|fL!f%Y=)i^7%Lo*pG**Y
z_Kg2Kg1uA}xpb&tQJGo%x06^CYbq-XOt|c`rgBAK(Q|YW955c;^!#9Qp7-=G(4Ix(
z_;d;0&|xq7%e`4k^!Y`o8kuw_N_IhRM0}{g>=$iqwc#E#-7iE3D!GA(QL#X1wyQ0K
z(-fcsWry`o!vTB!%P?rwz1A>COTmivN8S2X;V%Sq`9z>=%WxTn7>-#|4g2<f#N!=C
zZ1&thNzI_QiQevb9ZjXieP%!_{BW|}^ofrGc{bFpsxOAk)S2{tjJJ6K)<aTn9V7LX
z9`Aa9gw}J_IAxJ#7NkxId86jiI9JYzQ*HbknIYC&JmHN?60_IgZ~*D%sN{ent;X`N
zwg}zvbVVu}AMze{Y~DZ@W#84k9)tW)h5PB={D=71o5p9HKp%v?F?X}sTIa*3o5rOX
zakBd8^O&iHx}%~`Z~2_Hf%bqOvbnHav^cLa3$1~T4|f<#(KRglN$C0^olmVCI?3lR
z^|`vf=$x#3tNz!M`9r~HV*EuC<|aSWIj*%FTgPJKrT3cz3?^yvOKb8KTql`Qyk4eQ
z->onrVxJVG9<lvo5$my{BTT?pKpaehF<JsM*)_DJY+X5t?S)_j%3m1&K)<2~)|)+b
zeyRFj?VWX8RZI8q4-Hb%UDDkpAV_z2Bi-Glv`Ci<ND7E_cOxm?T_Vz*9^l>T^IYS4
z?{n|p?{D+jhr|9b-?P@tT5D$3o;_!A3yvqZ`;f0)S%IH%m5~b}^VRMw-?QN0XBqu4
zDB{a-j<IbU;j6cx%4{IZme*+yhOP!8yqdMtXOt#y$Gm}6fBb3bBqx0iuOP0Tk~>&h
z@YijFh$Y0Q742*24WXy!$=<3bvVooWXRlTXN{DnVYho5#n^6*xVyc&MFN>m!as6C3
zlLf&64F1~z{-5qOX3I@9vfJlb<D9d4bSPI(RCZW%F6<Uc=i8`7t<$`L>+Afm0Ya57
zF<*@&dtFsgeTWlHEX6o!K^8?XZXTN9N~{k|p(=UaMnU1=_?us%7l>KSEcpP#idd@s
zn`TD;lU%y^4#A`QK0<(B7Lr`qR~4h^T+^#27VhnXec!xh6XTdv)|p#g3CwUP3jrmb
z;<Xi7_wU}h5=8UJUD7&K4;k>cxAo4O6G3m#t#lB>9`~4DPt3ew@THZ3d-_rN%sy}X
z#-hX$d*6RsCFgMC3djQhxidE)cV_nb0th|CUi;UfuFTi8aka0Qbw*AJBH2~A{dlK}
zY|U{L8Ilh8QMO}HjD_S81W=VEU2X3PXkXFO4-svS>B&)old!ALE=0)V-ebkSptW6)
z6MVB;ciEKwf!UhiSa+{#>5@ht{uWd`<$oo6TJy6<*9yYTTXO63j6Rs~U7b0F(HaQ1
zjuDMXIvNCHM)=IJkFOoRbN^+K?=g}uo_hV-W=`S2`h+u&l2*_2CR9cYQ{7xqNemP8
zHz&j~Tx(rXbe9|#jr4V<4=eCZQ`Y!|DPgTtitcr-B=kr$P$V8xW89MEqM0EQFG3HI
z;P<!nO%M88tM4;M@hdQJ<5Vz3J71?8BOO1Ff;X$FN)v-3nm-kIjI}uhhZcPf)Tc1k
z)<-O3?fL|7=HqL5ettsBD(3CHPaZqT8c#XqqS3Wb5w<mA^p_Uou+CE4P0||@;_zgj
z!*6v6j2nh`86aJhd}g9Y;7BL#M>0|~xgQl%akrtqry}%`2uO<JRk+t4^<wc}c3D;O
zs!CX<cx(?|`;&Nmck9D#;pU@v%`c0jhia^fGUnZ>PH`7f6EDj)2drh#^t0?R$L3lt
zU#ezHGdjzaG=QU&yX6iOQ@IYSqt|p|@0v35U*TD@WgvG-^Wyf9<56sIR=l=oCY$6}
zVqBOCwLkIpIHB*yidRgVh^UZ0zygV|pGB5SLgm=V9kxi;B=h8qa`vppf-56;TFq?C
zEePs(NLS;g*3yDqMq-T$UNdvB5QJ31a#%_S&5IC1HKC3?DM%<|(@>2&X}OHWRg7#p
z&pVy|U{rNz<A+o|0^AyanM7Y_SgZ0R*5k6MRV+%dE~}G-3yj#Pa@trK3Nsrco;3(n
zr0joJR=j(nN2yt@K~Z2(9wQ7A7hsLJb7dFa&YLJ{kc4PpaLk#6f?oCE<m47azOj$^
z$&YE6le<2?^*MuC<m5`_XE~;kb=y7_3IkTUmPQc9NQjeXk^4c*Q)YhVRh{^i{#s_H
zMv=TN7Rz#79nT{XxEZLJe%1(*`QFF6F1yLo<1H3)sIm=`rlXtzaRZJ>+ytbOxh&Y|
zSj;TTw#I`f5S;0bpOrlH7e{q+$4<qo!v#5Wo)($tHJqW}8FYeja2#u<ufFJulv36h
zJ8<7$&}@@Hg|TzL_KA>_X?L$d>zp*Wvr$?1^u_CP9ZR+duHEhEssJb)o8^c-dlk(q
zgU3E1)}D6fw;&Ykn@L(k3feqNB}5n6V+zs5GDVZiOX^}+&_-j$^=l4fnW4{A@dbJ>
zjJQ!qt));CK$NW*;QpQuCMIh|UQy}3*f~bFo)A<7VM(eCEN-RHjwhV2WYwvWitbw)
zOab{HOnN~#xw$cLG{r$l@P2m`zkn<1lRbWRBcrpBWJ~Q{)zHX*H=0y#)Xo@Vgz<Xk
z9fFtC#9u}lY9%*MwKuJke;EPjyJ{bmz<wyQW@=gV)!B1X$<6QU-S;2fv;bC;+!y|1
z70Hh)O1{5Gan`!9UtvbGLiH{1&=H$pHUS9?d`w3gWq|@=n^G)0YH2LNf+5NDn&A$X
zAK3VEgx$B-JyE!+DZv`Ph*nRL3mGI3i&$LJMbyN%xwM$W>*wMnrDN?9mxmR1*7dms
z-OU<hsGN&bP?Xb<9#45+)l@N-gM!bCSzamPNRCHV+qD=P5!)@#X)Mm>%jK6edcIYy
zr<C1xtn8YsK6QFjBhfH9IEQwT(k2KGW+s#>x^QmS)~rV=^SttHw7KZo&9n2E=OtpJ
z52-x}ZA0vda3>}WUqP}&(5mtzp?MsnlJtRw8md~M$aS_WC(B3XP(AWGa#f~?UbC{M
zPBPAxNr)=)z1ZQ#y#R@Xyuefp_5EhdZSBN@IbDx-iQvOJ@mKgKyjuhUV&3Ch_m%V~
z3$v-4i(G+(8+hoR(uRE;Ldo;XR6;+53mhZ_Xs?NS;W*EJ{H-V~1JXSxL2pvR(`D6|
z3%+GtZeq)cosT_galBRBCW%l_x$eh@$hD&91z7dn^jG`Oii=LIM_DY`sl|=IS=2CB
zV28F9BXE2SC%x?g%!aQ%zO-UoIeh(*<^5$+8-+~;Hm}(u1&Z_Hm#dbPd#hAS1qRt{
zk$5fP3I3?Z)CcEJ{4g%c7qw38kuD@u!f}p1Sle>Vv~xkUwL3UGEHVJ5_aI<aN6_Ja
zK~n=H#_5`)U(bT+$6TAtbtgYG;y8;Q&sSBqHZmx^&4QGoc+w?Bq0HSi1TS$<d}`_$
z#mnhD=?0jx-qxeK5+(&SUT$IK1n(_3W>d_jEGckE+kr^Cx`lB?%>>71-}l?L#>ECY
zZNwiLge3^u?wX`wf&^%n4syV3y1ce7wa~DDdhtp<aCjt#hdY9F#$e|I6X#0Cd_9JK
zlH`%<mu|RJj<wPBx!xlr-OR93k;#c;duom~vJJfIJSsN@nY-HxH<;Xj=N=i}f=qAr
zm+#vLG~?7hT}{}I6W>yc1xvh%X+3yIV(~#OtQiq37{U?hgSs;M7BX^H70Kh2l1-tm
zAQ`o@1l1#6RqlTKky(?+tZ4Y^pa(bInj@^JqGN39X>nTJh7J~7Kd+QmwI#lbX`wP0
zh3^J)>9OD^aUi#Thw&D45x%vvvwJef!^lV)H95J+8IDUP^c0__{q37&V09kKi~Ki*
zl<GNh)Kmk;@ZBrwz`(Yg0a)t=`nxlyz>>vU-QPUjYb8l?{b_Zh9g14Q89Df24~0hJ
z1=ZGZCq83H)!W5^H(PA&eH1V5g^kzHg@<RDTl99x!zw^Fg*1}4Pq|kcAf4pfU{lr3
zJ*EoR!XcOwWH799T{$?}(zo^QEg5gGzV{kEH!bQGly~~kMY3-RgP#fl`t2el#OCK5
z&QEC+P0!^H_VV2!5CxhF%ey3dklskHZP9o5AZEQ5#H@@I{@Arhuzgva`)W0O1**I?
zQ^%$wKyU`+$GPK2J+@QKp|ik*yNi8u)VE5n<6Ne#5c7dX;E7RM2mh2l9c!etV{_8A
z-k=YEN>F<Gr)d0|!{=cq3z*ilYnGe>((vT9@lxa3y+*Y{4Igwx?8?b)86yZkFgd}}
z&+hmr*}er*5nRT*#4ZSqVMkkUyNOf@W1LtZJ`k=p3V)WI9BVJhONX+GS-KA0iKeKT
z^&4VcJDR#N;DKq1@}-{u3uJv7wRCe+SJ9#z$98<k*i?{B2SeAruJYuV@QUyV#oEWj
z;wYcqess>K1&W_9-|f|n`?V}{RHQpehxd%`JU!)Z*fFD;%p08HyCV|Ep?)ur(<I~_
z{QM5r7c0CuxN)4eHInrT-?r;{Kdhb)pHmBnf24++`gnfB>9G63`Qhlq^OdGgnjfVi
zPZM5icQ(7p?cCvi`9KYMvmwp%ou}{KGxvNQfu@D$oiYXPU7vE3+lH3|*bvtOAi(s)
z{ie7|%8AX?bCqs&0}*oLmIkI*sf_Ez1sv|~?n&H-1?(vwQiQ5wY&6@%J>^sD$ezXF
zu~tS&P-WMbPBL@JWm=xcFq9Bh%*(8NwvJ{;Ol+0o<t2E6B(;2kH}FV%rZ~{o+4Sv&
z-)gsZ<fH+uD?NemAvD90&*6G0H#Z&>1v-n=E<aI5FTKA-TgFB1$T)}6g2ik|`UCMj
z4F}ckhp~gGSo;b|sh*WJeM@P1NyQ6QVEL)#-LopkwS9!{5`Ak8{5Z`;&wlS*%A&W`
z<g0`t1ZWYyt6pv;Io2Egp^6Ld4$XzQ5mtj?M~_M7j^^rpr*AeAIya^sOq_`Mm|2V!
zVHefN)tC<(s^wR0T#;sl({~GivchTp=UI#`7|@Iz>?T}4(CA4aX1|Io%riyJqo&oW
zG$h2TH-S}1H=gGw#p(C{sWAIR;-G@ag+Ydgzh<Cnm7KWFG}b6BbCq>N>5~uwM25nQ
znEPv-nX4smn~O|kT<4S3<<(qInHb4x+wIg%I>S4xZSin-?%zeWQ<9s^r=_jq8m4oU
zNn}K&AH6|cv~-W*M_BHcEc}3>MIeZ1<B{(8$Y~1c;cg;%fMXQ=2@$n$_2{Bh(r6cb
zK5SR==(w;J1Rv&+RO@+nY0-VUx2tsO7c(q5cl__L`-rW~p<;bHwoFb{;7olV(N8#p
zXeXf|OayOAmMBRY_|94IAlHZc79_yA52kfxzL6{jmiVX_$T_vkF;nrX1if0v9E7xg
zl7?Pe8{ny;on(Q)DtU8nTt-~7ZPw?8O@Q_QjB(IZU*753)4}S5(diY|j}hm;ww6!L
zxu~S=YmIgb5+qsdJ;Q8?_3fqw<_5$3d<E~`YExx0?kF`n_WBm+Ed;4|?G|tpW~8DB
z4Pi};h#B9Hf3wducgzuCjAc;(gQ=vI;D0;wWqmp(2o?kn1Wz)Mw@9O2CoBjwL<$07
z0#_UyT!5wNrnaWvURjwuY;AV52A&acW47R22_iYWgE`lt?@~`2^QD+@Yn7)Y5LQ+5
zXKS*v#WfOOKvMFaD$~5qc`j@(kT5C)h1_%!jX+VkNisqmxr;ZG{LvZ%Qjd8$?&Eoy
zpV$88X3@v?9B)?FC{~;xN}?LC;??^+cx9|o?NQ#_4w_bVQ86@l<bCM#jyRgN&zbyg
zW?)?O#d*3=dZ<_Vw`yY(DvsC7aobqXH>Q!O4{X{!A}CxuHHn>FAia#Wi`D2NogySx
z?<0gi+>PuFiYRq{qgs!n(Fcdwj7~e=8V2m_hfjcx&zGh?5v>{a*l7cIBnt63Vy2g@
znOZOO9@)yn?xIi8I?W!Ljo4Y`LR{3`<LNo`%7*+!mb}EoMKA(G=lBa%e#jY41l$%V
z_<>#8>983i@aoA<tgc+vPii_p3R#Y2H7xB+6~I2oYiSPNzuFpVwN{)xsXpj1ikV@7
zlTNw8Ufi$p_El+t%^B#zZr0j7Ys!5xl@S(aQXgD=5$RQ`y^GIg<kEe|{_|p~mQFjn
zDld*+zR$g9j~K<>@kk(r_;94+c$`=}FgPG}AJg!zcFs^5K|kRZLBL?q%~uOayzf&W
zs8CZWG2$8FG`cw~X@gArAPU!!EuQF{&cf9>24^Tu!2japvSTS-(CY-eQqo^nv+kyd
z{&8LZ`eZ;*&}S2TJr`X<>~G!ujQ?hx*`Nu$Hgv1ZjI6yR;CXq{`)t4EW_zO>+v9n5
zHa|F~Q<G=v@TqhByHcTk=!>wHSDi*dlKNRGL6DS^y_&;NczB<-5k+HRraE$o?42cX
zxR%#1^#Ttbc5cLJKAy^&2JNwmdq?O@xyTJ9*0l2@?8YB^61!t$8qdwQg*=Bl#_JR)
z%SXCrGd!QS?1Z@rEh8adtP;Wa$Q_<_r(Qxl6@e>ukZASfZdvk&7(%>}1ccofTyS|Q
z8niz_^-RO=32s&X{+clcf;W^>inJ^;yS}*d(?|5im}C4-IK4gMM}}<@A#K6X3ZXC9
z%vrjGr%mh*f*+pazs75rJO6Z#D^@oyAGz)sZa?{F8+=ikG%enEiaz6#Fxns*r?Z!p
zafTmJlzb1Mr0*>FrWkfClq}8FkRs1Oi3+@Qo=a+dKOc>F|KW6QW4|%^J2&1kaS3~3
z{LH3jtYXv_5oONX;mAW~Ap`8A8st56eA8wr1w9dJ6AGn|wWYAQvAfZYf_5NKv>?)(
z-ifbjWl)GWN*<r)<FP^UY(27W932^#%n2%xv!-?w>Fm0?Q?)1215ZDJbLOGv(BW@i
z-YxWTkFRIBCh1A%O;<Iq==cj##1|saY9WjZ0bwgQvZA)sj9fK+a_{9*>M|RZPC6+(
zZDA^vK3|aJon0EL4Q)>GiP4%?^wGB4PI5u486Ryv=kn!HIAcwvGEW@PGClS$v<W{u
z))H`5A4;8ICn-wnmB#f&tE}G}(OzwDNJq##5n`fQ#HznQD?RTP!5t@JtZcSQ78}-;
zH(wTxa+zC^^?PXIayJuCR%L=c=u!TC%)tl*n)H)WwHl_DkB7trdD#<NTW%Q8G4H!F
z!P=1`WmID$;_MAwIt5criUu{s@H8_uWU(plDU@nrEQ(<bM1)IrR5dFZ8MLK+$q=tA
zPVNxOqbTF7H9uzya0rYcrWedPqTf%e&wCbO$<$z`rLW^CK%_uG;k05F*Ar|69oqfz
zfcA6!tGe-wJlQh2?3t^(&FWGn<lMuZJG|7T8(R<F;ALucziJhfAC553P<SI7Z1KWn
zK2{h1N{_8S0&zy-p0v@GQvJ;f$@fIkkHStH2`u6q3nr7TBGYN=+}6h`Qg3?s@D!*#
zC=kWVnfPTAHPf4^HC?9(B}qirFgC&lFXf;^j#AW2TUpVZYzJ6Z>Xru!Yh#O(bVfXY
z$N!Z?&C#^eXf93C+FiZnsB2ILT%6U+{Oew1EAnnODJ)DO+ENSzK#9IeJ_8@Fpj;9b
zFzgc)j*d6I+@3Aa)o_t+ynParog`<b2sqGq_+XR@1H98%kx0d-2%g<BLw2hPh_biz
zuJ+rfTzvJ2u}h&=uJSpO%sqP#FNq5EWpiH&MHiR%3v9mU-K;&Q_nShr@>6_U34YjH
z;GL-4zdtFXw^X75=T|klKSBIh$plm5+GURnT%mx|Uvuu|vyJT6NLMu!si|vLkHTba
zbPe00P45@Df4B7gwYcqcagBGRa>F7~QlnpqniX86e*O}C^0krRfzIv<)D-WeVTlfE
zV^@Znm1<zd2Tr<hzXClguPW^+Yd0OJlFx>g)|!`F?xy+!+p8@=pZ4FUvcC6v#r^B=
zh#)~A7#I);?LWPqgOjQA*GIFyba{md3s!S1xFJJu4WY}<@8T$LJ3DFP7&{E<ja_gu
zW}F_G>4+;QN0oV}ukvV#&<3HU`=DR>rJYv|U#;ZqV-G2(s3X4&O&Zqe$y9dbvti%=
ztb%}UZ&ZkDHIo0(Y?0ZrF?66Cb(@u_io>b2y?(UBYXu*f3hQM}g`2GJk}BT}Vuflp
z;k;J13v=PzR*`|VqXX2{AS!7DSidrmdum%}OKq$&kwLX;pQtteY0`q|Bez|P!G$iJ
z`ld<8VBlLT2jq!TYmGfHwH2fW^EPdmPVyRybM?3x7lIncQmPyfy6V?gwOn52neNs(
z-x{>P=)?IuGwoS5z0Gy(cT6b8N`EINg8~#(j;olq@t7TwwL5{8@RoN_f?_u)_KL?S
z=~)j!o3D<gsjBhw#4Ym;uoBU0Vl}>(q03sul97uywRfLW0yi_SCQ79O*P6Oe`T}6k
zA|S#sAmKNVN<9)Ezo=koL)#D&9-5ZmZt1DVs+)LKhX{U(JAk6#lE-too$mjkA-7v;
zP$MV+ewFa9C}gX;ys#=Mp$K;{EY8^Wq^j^#x>s3Zqn#~TVQqHE%s~wb4z3a|3?`2b
zEh&#CgjXYV#0W)17AOQ>AJ>%p?A0sWXJt*~#3-vYeyC*(!urbEpdM!w$uM3`N?Zu^
zG7$S7Bo%chOOc!K95v(H^gY@ODuR#28om(7w{RS_hfKOHx+%Z6rO$J%LrK6Ba8gj;
zZOP5j)cp@ziinr9pJPD^*@wC!fnLyP5R0`FPkr=mSkDXhuD!e5BOBza0Gd2`ziXNq
z+vKXyG#kGrAIY)phF<*Y(6HHtBm=$4R3L|HIaLGJI6t^VG=CAK((VDrC<r=g7<iZG
zYH^02<|i%=i9#@PM3ytGiq!{E*eXNPs${c~jrH_Buz^@OHF|Y!eet%MX|S75el$t`
zdBdxugN6Q)0GSF&Xma$nwG5~S1;Np8g5f3Ea;^w_;ep*V>yxsT7FcEl<t^d`d_)2p
z7?fr4{SOX3m{*frECkeLXSc}T#7QE@MQ0EjJ;x=sY^fO!VrQkgmAfWlt!n%@u{}N*
z8h3eWRz;V&)o3s%mW`DvTgPej<RP{2hQDZ0xdQ@ItN@v`5&YrX3s!=ZDhr24mmO2w
zsrg_Axn5t7ZoQ`Q;4X;;>+W2_*95$kVCY7U0n2O2!sr)Ct%zF;ZV$qa5lRE|cl=)N
zPK@884H=qOQcrz;?YiP4qNNVbbyd)rhb7xIeEE7+=l)%MRpK-Q^TbQ$X)w@Ce+~%K
z*OAeMKp?0FPK^Hq1Q(-6Hl`{ro;Ie=UqS-XdnuFv7F?l~rl;-}H@=J_N)(vwr1b7v
z5OfJ-n?e@Z=xYn6mq&5T1A@|7&oy^UIG}EqA<*kN7hc1`MtcVu3r#vMI9gU3mfk`1
ztX|6DcU16nF2K~-9?rE$ae&Qsb`}n^mB_3Wc%k)a_tZ>j-nI_uwa$h2SR%!f4Wg&3
z@v!4h)7rS-29Rb|w&wM(hgnKO>3VT=IjT-h)a75(G586U3j(75Svi?QR}(lO+6lpZ
zQ4SvBk7rPgU7cO*ZNDf-ngtC(lL7kUK~8}4|K(AcC=)$LiWz*Kctygn{}iIdA;BcM
zH#>a1lALlkD+Rvev@;GliR`6R!OeM`{8(&50sX#^F3Qr1<BNHLsYLgX$pmdVU$*vU
zIB5&5x83=-o-N|<&m-2QkEH2eT;Z_XEbQ#2^okS^SlA+TIivT<UT0Sg@W4m#2oDVO
zAk%Xzf2#gC={nafgd;|4nEx&x))Xq-5j`xvtX_P8g!fj=-ly7^G6!4Z{;{dQW$L2M
zkq&qjtBP@b{I)p)r{6TfSX5&M5>0kb3EPae9m&{B0cYE$`3l%Ar0T_0+G<rr^MWlg
z3W*2GL}nPxhLI?mjAOvPKHNS^GWes^cUsuSeVs-*9{NvQw$pcOt<oZF%|D+($1hh2
zBG}p7O5vU5%qL=V>GdRF;~9HC(Nw;RiKd?saX_f_^3GF)SkDBMNB6d@SI6Q5s@K{Q
zl4^8k++At4ZC#8cgr@=(yPIl=cj9zDIjG38wv%P8q?s6}MoF<r<H~o$_z(p>*p#^)
z8Q98bfpdp%#1CTImEpBdev3I@@3Gx#XFt`R;?GyLY&$OVw)Xx|a43wUEy`-}>Dke<
z&5~|>F~?*`xft(Cv~cu$3w>y$_<1ioVV*$tKeRDvaz301h$BUvTk!Iq4iMNX&bjQp
zhTo&<B%Oy|YIV=hl}*?f)xTN42UlXSv_lOT{h$2@BSTQw0dS3Kz=zO&@*jIA)Bp3H
z?|~vBPDY`F<!;cvBsjF^d|XPzQ!^h8)iFz%vQK1QeNdU<5nuW9-1VuoATG?dC-J5O
zHEV~{>zA|Ry?1<v2j#UM^l1jD*GbQ<CoC}AjjAL;L+U)-WsskNh2nc23YTLQ<V3u&
z$oWaiSTZXfS(sDhOnMxCFwjd3$_NvI;2q8evf}&|rM*y78~P<re^lMWfIILW<}bJc
z$>+4ytx9bceHRE+!;K?h8DY|*oo)uuy)bSFKP3u`TFi1>P}gI?c@dp}s%`nKo)Jf0
zI^S?KG;Nn8Tg|!V#PpUc2XIW#Y!r(Ly3Z=Jo#Q@wl%eU?3zub_C_%ch9;ogp#RP`C
zd-h&_6TgIPnBl?Tv#u>C^8HFj>^K;Y(hpWNm-e{?$F-viQ2p6yxYg^`MJ4Q|(yNT`
zG^qL3%WCWO=UI3MyR?$AHfuFMV6f7Px*g5G`^<W4Yf%kxv*|%q&aNbTM(7S(t^hvH
z>s9!znKFXT)2{(DWdH`XcYicfBL|27v(oQYnyRW~Kg)90FTL{C@UjVdI*7_dS4}l6
zwEQ00tT}h{UF)u>9Rlm~?Tu*)WX3Jg<CBGj=lk;MLuOM$-f}3*jpb(I5`kothIi-_
zX9hlT8R%YTbY`<CTUZ;48?=sD-<%@q@aY7Kz@$MVteIB|7v^bwe0Jxo9aVTHNZN8i
z-w=L*slqh>PHok@eF5C}T^%bFf#%TU5A`Qrk;;XSLHVhx&St$F68ymII=seEL*r6>
z*4k3G!)X{jDK!+zAoF-(yh=T|bs5$mzg^2-hT^;oMr%%Rc~TwEL@OP)5k%tEZGk4S
z7A+mXO!(Mn<|UgBBDI_RxZ2L*vuSbemLt~wsIcow_}C<n4jpY9VF8&hdc}lQu^JH~
zqe+Ue#S1tI58BF5(gn(CbW!J7>r7okVh69skVWMB*T@?JnIEJ)EPPT&0v)7rUq4L>
z2y@*XISl6f)H@kyqV+tYbZFQ3w23zw`T+%15kCWjZiYa;5Z|nXQ!qXlhOuiyr<3#w
z_aMI`|D7-1AmOdKM=IIOtFAhPt9n8G(2v3e)Oioy#`0Aa95AfauIwZ24R7zo-`w|4
z@?ISxkl0JOT(5DpvxgCGD9w|q&JTjZWAd#T)(c<^bd~1@ds4nfG3oa-u-N-7;sw62
zV8abz*5BotnqN3m0~X`_H?l)OG6I>-|K>kkPNx+60H^Up{x<OYZYE#e>4@0dxtQ9y
z7^r$Wm^$ly@ghZ;p8*mr_`_%bz!ex*BK}kw3fS_(z{%9cnVIR!>#qezgD^iO0zHZf
z@X22?uip<bV4U_P5Bp_C3VgVci>1BY?><`VNekB#fFKAsJl6N(z&j*h1ClQUXB$fs
zQ|E8LzNT`26+-AUjA;;n5cm_K73t3iw%<uX$Npd%1E>HsKwXlbq;N<5hWJ(qziRW_
zN{Md~OP&NE%>a<}C)f}$Pya!sZ_KayeO2tYGz*0qwcpd$(Ep0|Rmb1btOZE3?gCkJ
zcCIgp^B<3MV9M}^Y;s1<E~ZZZsq}Au{I=>RM&b?|0SY&uD#MR7kT~HFI9Vf4dsi1{
z<{uRPc8U8-WBgXo;q{R*4xmAW0HgR>P+6kikiS;qHzxb<8d&G;Lpx{yCkoWr&$yO*
ze~<gE-hITGuap2=Q3R~xXB;HW-{XF3ewod4Qsn^77HET?adAMc{?RJ`t;Qde<@lYl
z?0CAWsKEUY2*8wo#s#weJ&yBtxN^K?>`@>xoCBfZXWR()-{ZJ`hx2#uYYql*rwG5|
zR{8!O_tjc{_5KzM)gnKjW$yqx6a6e*E-;h)ySn53opd(uO}MRrrU(UE7O;#T4r8&u
z$FZ{fjyGj1Q<(wq%<lfmLy`U;yx&@0zomD3IiRlKpVZxx|9c+K@5HmrG9bf(0D-!J
zaQ(9bFRA{3`)@q>!GV8>3cq#WzYYx#)PErV*QS3Uf4lV85%I6dq8k5%{53%QOPQrL
z{|Wi4H~veqqSikle|5}%NmkeXC*-d_`Y*}4I{$?H*S*kRx8Nh)e?tCh%KuVk3%!3r
z{u&ehCz<hwumA$t>Hib*xA5>U(XIyn2>sW-5>J&g(P9g9R6bC@4A6WGzoBhSO)QO=
zEp3g=P1%@CZOwj-uQ}*QG8m4)|0e%RupRspf%QA#ueXo;UU}t$5P!9q+^=H%dXN7*
zMA;7FYncD_j{mQOU+<TECrG+}Bm8vt<k#ZArpUh+PjLTM{HKKZuf=~&&VDbh<@q1^
ze@@l@3ivqz`n@;^#O3uvEq+gj{tEax1N0-n&G$#ZfAT@U7XNu>{$p{X$3GPR&pcgG
X1_l^_fIxJ>Pc|?LR}2I?8PNX&OEIBG


From 5b0510dbdebad80119bfbd862caf3d27a9577b0a Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Sat, 20 Jul 2024 20:15:47 +0800
Subject: [PATCH 03/43] Disable DDoS protection option for Azure China

---
 eslzArm/eslz-portal.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eslzArm/eslz-portal.json b/eslzArm/eslz-portal.json
index 7615ad60ec..72b639af87 100644
--- a/eslzArm/eslz-portal.json
+++ b/eslzArm/eslz-portal.json
@@ -4235,7 +4235,7 @@
                                     "type": "Microsoft.Common.OptionsGroup",
                                     "label": "Enable DDoS Network Protection",
                                     "defaultValue": "Yes (recommended)",
-                                    "visible": "[and(not(equals(steps('connectivity').enableHub,'No')),equals(steps('connectivity').enableDdoS,'Yes'))]",
+                                    "visible": "[and(not(equals(steps('connectivity').enableHub,'No')),equals(steps('connectivity').enableDdoS,'Yes'), not(equals(steps('basics').cloudEnvironment.selection, 'AzureChinaCloud')))]",
                                     "toolTip": "If 'Yes' is selected when also adding a connectivity subscription earlier, DDoS Network Protection will be enabled.<br>Uses the policy <a href=\"https://www.azadvertizer.net/azpolicyadvertizer/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d.html\">Virtual networks should be protected by Azure DDoS Protection Standard</a>.",
                                     "constraints": {
                                         "allowedValues": [

From fc9ae38ecb56b1cfb577fe1855e5adaeece73c06 Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Sat, 20 Jul 2024 20:47:56 +0800
Subject: [PATCH 04/43] Disable DDoS protection for Azure China, #2

---
 eslzArm/eslz-portal.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eslzArm/eslz-portal.json b/eslzArm/eslz-portal.json
index 72b639af87..3e4823e4c0 100644
--- a/eslzArm/eslz-portal.json
+++ b/eslzArm/eslz-portal.json
@@ -1204,7 +1204,7 @@
                             "type": "Microsoft.Common.OptionsGroup",
                             "label": "Enable DDoS Network Protection",
                             "defaultValue": "Yes (recommended)",
-                            "visible": "[not(equals(steps('connectivity').enableHub, 'No'))]",
+                            "visible": "[and(not(equals(steps('connectivity').enableHub, 'No'), not(equals(steps('basics').cloudEnvironment.selection, 'AzureChinaCloud')))]",
                             "toolTip": "If 'Yes' is selected when also adding a connectivity subscription, DDoS Network Protection will be enabled on the connectivity virtual network. Please note that DDoS Network Protection does incur additional costs that need to be considered, for more information: <a href=\"https://azure.microsoft.com/en-us/pricing/details/ddos-protection/#pricing\">DDoS Network Protection pricing</a>.",
                             "constraints": {
                                 "allowedValues": [

From 50de71454f04cb36eba0547dad2e93361e3d27e3 Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Sat, 20 Jul 2024 23:06:30 +0800
Subject: [PATCH 05/43] Disable DDoS protection for Azure China, Azure#3

---
 eslzArm/eslz-portal.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eslzArm/eslz-portal.json b/eslzArm/eslz-portal.json
index 3e4823e4c0..0514fe77ec 100644
--- a/eslzArm/eslz-portal.json
+++ b/eslzArm/eslz-portal.json
@@ -1204,7 +1204,7 @@
                             "type": "Microsoft.Common.OptionsGroup",
                             "label": "Enable DDoS Network Protection",
                             "defaultValue": "Yes (recommended)",
-                            "visible": "[and(not(equals(steps('connectivity').enableHub, 'No'), not(equals(steps('basics').cloudEnvironment.selection, 'AzureChinaCloud')))]",
+                            "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('basics').cloudEnvironment.selection, 'AzureChinaCloud')))]",
                             "toolTip": "If 'Yes' is selected when also adding a connectivity subscription, DDoS Network Protection will be enabled on the connectivity virtual network. Please note that DDoS Network Protection does incur additional costs that need to be considered, for more information: <a href=\"https://azure.microsoft.com/en-us/pricing/details/ddos-protection/#pricing\">DDoS Network Protection pricing</a>.",
                             "constraints": {
                                 "allowedValues": [

From 2d4eada2880590e3f2e886dc41cadaee7fdb4496 Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Wed, 24 Jul 2024 14:02:35 +0800
Subject: [PATCH 06/43] Update for private DNS zone policies and assignenmt

---
 eslzArm/eslzArm.json                          |   2 +-
 ...cDINE-PrivateDNSZonesPolicyAssignment.json | 411 +++++++++++
 ...loy-Private-DNS-Zones.AzureChinaCloud.json | 697 +++++++++++++++++-
 3 files changed, 1092 insertions(+), 18 deletions(-)
 create mode 100644 eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json

diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json
index 0233736be1..cea89276be 100644
--- a/eslzArm/eslzArm.json
+++ b/eslzArm/eslzArm.json
@@ -1578,7 +1578,7 @@
         "azPrivateDnsPolicyAssignmentMapping": {
             "https://management.azure.com/": "managementGroupTemplates/policyAssignments/DINE-PrivateDNSZonesPolicyAssignment.json",
             "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/gov/fairfaxDINE-PrivateDNSZonesPolicyAssignment.json",
-            "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcDINE-MDFCConfigPolicyAssignment.json"
+            "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json"
 
         },
         "azPrivateDnsPolicyAssignment": "[variables('azPrivateDnsPolicyAssignmentMapping')[environment().resourceManager]]",
diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json
new file mode 100644
index 0000000000..4c84dcc5f2
--- /dev/null
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json
@@ -0,0 +1,411 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "topLevelManagementGroupPrefix": {
+            "type": "string",
+            "metadata": {
+                "description": "Provide the ESLZ company prefix to the intermediate root management group containing the policy definitions."
+            }
+        },
+        "enforcementMode": {
+            "type": "string",
+            "allowedValues": [
+                "Default",
+                "DoNotEnforce"
+            ],
+            "defaultValue": "Default"
+        },
+        "nonComplianceMessagePlaceholder": {
+            "type": "string",
+            "defaultValue": "{enforcementMode}"
+        },
+        "dnsZoneResourceGroupId": {
+            "type": "string",
+            "metadata": {
+                "description": "Provide the resourceId of the resource group for private DNS, which will construct the full resourceId for the private DNS zones."
+            }
+        },
+        "location": {
+            "type": "string",
+            "metadata": {
+                "description": "Provide the location where the virtual network is created (hub)"
+            }
+        }
+    },
+    "variables": {
+        "azBackupGeoCodes": {
+            "australiacentral": "acl",
+            "australiacentral2": "acl2",
+            "australiaeast": "ae",
+            "australiasoutheast": "ase",
+            "brazilsouth": "brs",
+            "brazilsoutheast": "bse",
+            "centraluseuap": "ccy",
+            "canadacentral": "cnc",
+            "canadaeast": "cne",
+            "centralus": "cus",
+            "eastasia": "ea",
+            "eastus2euap": "ecy",
+            "eastus": "eus",
+            "eastus2": "eus2",
+            "francecentral": "frc",
+            "francesouth": "frs",
+            "germanynorth": "gn",
+            "germanywestcentral": "gwc",
+            "centralindia": "inc",
+            "southindia": "ins",
+            "westindia": "inw",
+            "italynorth": "itn",
+            "japaneast": "jpe",
+            "japanwest": "jpw",
+            "jioindiacentral": "jic",
+            "jioindiawest": "jiw",
+            "koreacentral": "krc",
+            "koreasouth": "krs",
+            "northcentralus": "ncus",
+            "northeurope": "ne",
+            "norwayeast": "nwe",
+            "norwaywest": "nww",
+            "qatarcentral": "qac",
+            "southafricanorth": "san",
+            "southafricawest": "saw",
+            "southcentralus": "scus",
+            "swedencentral": "sdc",
+            "swedensouth": "sds",
+            "southeastasia": "sea",
+            "switzerlandnorth": "szn",
+            "switzerlandwest": "szw",
+            "uaecentral": "uac",
+            "uaenorth": "uan",
+            "uksouth": "uks",
+            "ukwest": "ukw",
+            "westcentralus": "wcus",
+            "westeurope": "we",
+            "westus": "wus",
+            "westus2": "wus2",
+            "westus3": "wus3",
+            "usdodcentral": "udc",
+            "usdodeast": "ude",
+            "usgovarizona": "uga",
+            "usgoviowa": "ugi",
+            "usgovtexas": "ugt",
+            "usgovvirginia": "ugv",
+            "usnateast": "exe",
+            "usnatwest": "exw",
+            "usseceast": "rxe",
+            "ussecwest": "rxw",
+            "chinanorth": "bjb",
+            "chinanorth2": "bjb2",
+            "chinanorth3": "bjb3",
+            "chinaeast": "sha",
+            "chinaeast2": "sha2",
+            "chinaeast3": "sha3",
+            "germanycentral": "gec",
+            "germanynortheast": "gne"
+        },
+        "baseId": "[concat(parameters('dnsZoneResourceGroupId'), '/providers/Microsoft.Network/privateDnsZones/')]",
+        "policyParameterMapping": {
+            "azureFilePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.afs.azure.cn')]",
+            "azureAutomationWebhookPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azure-automation.cn')]",
+            "azureAutomationDSCHybridPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azure-automation.cn')]",
+            "azureCosmosSQLPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.documents.azure.cn')]",
+            "azureCosmosMongoPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.mongo.cosmos.azure.cn')]",
+            "azureCosmosCassandraPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.cassandra.cosmos.azure.cn')]",
+            "azureCosmosGremlinPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.gremlin.cosmos.azure.cn')]",
+            "azureCosmosTablePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.table.cosmos.azure.cn')]",
+            "azureDataFactoryPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.datafactory.azure.cn')]",
+            "azureDataFactoryPortalPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.adf.azure.cn')]",
+            //  Not supported in Mooncake yet
+            //"azureDatabricksPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azuredatabricks.net')]",
+            "azureHDInsightPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azurehdinsight.cn')]",
+            //  MigrateNot supported in Mooncake yet
+            //"azureMigratePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.prod.migration.windowsazure.com')]",
+            "azureStorageBlobPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.blob.core.chinacloudapi.cn')]",
+            "azureStorageBlobSecPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.blob.core.chinacloudapi.cn')]",
+            "azureStorageQueuePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.queue.core.chinacloudapi.cn')]",
+            "azureStorageQueueSecPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.queue.core.chinacloudapi.cn')]",
+            "azureStorageFilePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.file.core.chinacloudapi.cn')]",
+            "azureStorageStaticWebPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.web.core.chinacloudapi.cn')]",
+            "azureStorageStaticWebSecPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.web.core.chinacloudapi.cn')]",
+            "azureStorageDFSPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.dfs.core.chinacloudapi.cn')]",
+            "azureStorageDFSSecPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.dfs.core.chinacloudapi.cn')]",
+            "azureSynapseSQLPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.sql.azuresynapse.azure.cn')]",
+            "azureSynapseSQLODPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.sql.azuresynapse.azure.cn')]",
+            "azureSynapseDevPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.dev.azuresynapse.azure.cn')]",
+            "azureMonitorPrivateDnsZoneId1": "[concat(variables('baseId'), 'privatelink.monitor.azure.cn')]",
+            "azureMonitorPrivateDnsZoneId2": "[concat(variables('baseId'), 'privatelink.oms.opinsights.azure.cn')]",
+            "azureMonitorPrivateDnsZoneId3": "[concat(variables('baseId'), 'privatelink.ods.opinsights.azure.cn')]",
+            "azureMonitorPrivateDnsZoneId4": "[concat(variables('baseId'), 'privatelink.agentsvc.azure-automation.net')]", // No change for Mooncake
+            "azureMonitorPrivateDnsZoneId5": "[concat(variables('baseId'), 'privatelink.blob.core.chinacloudapi.cn')]",
+            "azureWebPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.webpubsub.azure.cn')]",
+            "azureBatchPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.batch.chinacloudapi.cn')]",
+            "azureAppPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azconfig.azure.cn')]",
+            // Azure Site Recovery is NOT supported in Mooncake yet
+            //"azureAsrPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.siterecovery.windowsazure.com')]",
+            "azureIotPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azure-devices-provisioning.cn')]",
+            "azureKeyVaultPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.vaultcore.azure.cn')]",
+            "azureSignalRPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.service.signalr.azure.cn')]",
+            "azureAppServicesPrivateDnsZoneId": "[concat(variables('baseId'), '	privatelink.chinacloudsites.cn')]",
+            "azureEventGridTopicsPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.eventgrid.azure.cn')]",
+            "azureDiskAccessPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.blob.core.chinacloudapi.cn')]",
+            "azureCognitiveServicesPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.cognitiveservices.azure.cn')]",
+            "azureIotHubsPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azure-devices.cn')]",
+            "azureEventGridDomainsPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.eventgrid.azure.cn')]",
+            "azureRedisCachePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.redis.cache.chinacloudapi.cn')]",
+            "azureAcrPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azurecr.cn')]",
+            "azureEventHubNamespacePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.servicebus.chinacloudapi.cn')]",
+            "azureMachineLearningWorkspacePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.api.ml.azure.cn')]",
+            "azureMachineLearningWorkspaceSecondPrivateDnsZoneId" : "[concat(variables('baseId'), 'privatelink.notebooks.chinacloudapi.cn')]",
+            "azureServiceBusNamespacePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.servicebus.chinacloudapi.cn')]",
+            "azureCognitiveSearchPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.search.azure.cn')]",
+            //Azure Bot Service is NOT supported in Mooncake yet
+            //"azureBotServicePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.directline.botframework.com')]",
+            //Azure Managed Grafana is NOT supported in Mooncake yet
+            //"azureManagedGrafanaWorkspacePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.grafana.azure.com')]",
+            "azureVirtualDesktopHostpoolPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.wvd.azure.cn')]",
+            "azureVirtualDesktopWorkspacePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink-global.wvd.azure.cn')]",
+            "azureIotDeviceupdatePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azure-devices.cn')]",
+            // Azure Arc is NOT supported in Mooncake yet
+            //"azureArcGuestconfigurationPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.guestconfiguration.azure.com')]",
+            //"azureArcHybridResourceProviderPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.his.arc.azure.com')]",
+            //"azureArcKubernetesConfigurationPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.dp.kubernetesconfiguration.azure.com')]",
+            // Azure IoT Central is NOT supported in Mooncake yet
+            //"azureIotCentralPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azureiotcentral.com')]",
+            "azureStorageTablePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.table.core.chinacloudapi.cn')]",
+            "azureStorageTableSecondaryPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.table.core.chinacloudapi.cn')]",
+            "azureSiteRecoveryBackupPrivateDnsZoneID": "[concat(variables('baseId'), replace('privatelink.regionGeoShortCode.backup.windowsazure.cn','regionGeoShortCode',variables('azBackupGeoCodes')[toLower(parameters('location'))]))]",
+            "azureSiteRecoveryBlobPrivateDnsZoneID": "[concat(variables('baseId'), 'privatelink.blob.core.chinacloudapi.cn')]",
+            "azureSiteRecoveryQueuePrivateDnsZoneID": "[concat(variables('baseId'), 'privatelink.queue.core.chinacloudapi.cn')]"
+        },
+        "policyDefinitions": {
+            "deployPrivateDnsZones": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones')]"
+        },
+        "policyAssignmentNames": {
+            "deployPrivateDnsZones": "Deploy-Private-DNS-Zones",
+            "displayName": "Configure Azure PaaS services to use private DNS zones",
+            "description": "This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones"
+        },
+        "nonComplianceMessage": {
+            "message": "Azure PaaS services {enforcementMode} use private DNS zones.",
+            "Default": "must",
+            "DoNotEnforce": "should"
+        },
+        "roleAssignmentNames": {
+            "deployPrivateDnsZones": "[guid(concat(parameters('topLevelManagementGroupPrefix'), variables('policyAssignmentNames').deployPrivateDnsZones))]"
+        },
+        "policyRbac": "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7"
+    },
+    "resources": [
+        {
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[variables('policyAssignmentNames').deployPrivateDnsZones]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[variables('policyAssignmentNames').description]",
+                "displayName": "[variables('policyAssignmentNames').displayName]",
+                "policyDefinitionId": "[variables('policyDefinitions').deployPrivateDnsZones]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "nonComplianceMessages": [
+                    {
+                        "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]"
+                    }
+                ],
+                "parameters": {
+                    "azureFilePrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureFilePrivateDnsZoneId]"
+                    },
+                    "azureAutomationWebhookPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureAutomationWebhookPrivateDnsZoneId]"
+                    },
+                    "azureAutomationDSCHybridPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureAutomationDSCHybridPrivateDnsZoneId]"
+                    },
+                    "azureCosmosSQLPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureCosmosSQLPrivateDnsZoneId]"
+                    },
+                    "azureCosmosMongoPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureCosmosMongoPrivateDnsZoneId]"
+                    },
+                    "azureCosmosCassandraPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureCosmosCassandraPrivateDnsZoneId]"
+                    },
+                    "azureCosmosGremlinPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureCosmosGremlinPrivateDnsZoneId]"
+                    },
+                    "azureCosmosTablePrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureCosmosTablePrivateDnsZoneId]"
+                    },
+                    "azureDataFactoryPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureDataFactoryPrivateDnsZoneId]"
+                    },
+                    "azureDataFactoryPortalPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureDataFactoryPortalPrivateDnsZoneId]"
+                    },
+                    "azureHDInsightPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureHDInsightPrivateDnsZoneId]"
+                    },
+
+                    "azureStorageBlobPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureStorageBlobPrivateDnsZoneId]"
+                    },
+                    "azureStorageBlobSecPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureStorageBlobSecPrivateDnsZoneId]"
+                    },
+                    "azureStorageQueuePrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureStorageQueuePrivateDnsZoneId]"
+                    },
+                    "azureStorageQueueSecPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureStorageQueueSecPrivateDnsZoneId]"
+                    },
+                    "azureStorageFilePrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureStorageFilePrivateDnsZoneId]"
+                    },
+                    "azureStorageStaticWebPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureStorageStaticWebPrivateDnsZoneId]"
+                    },
+                    "azureStorageStaticWebSecPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureStorageStaticWebSecPrivateDnsZoneId]"
+                    },
+                    "azureStorageDFSPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureStorageDFSPrivateDnsZoneId]"
+                    },
+                    "azureStorageDFSSecPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureStorageDFSSecPrivateDnsZoneId]"
+                    },
+                    "azureSynapseSQLPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureSynapseSQLPrivateDnsZoneId]"
+                    },
+                    "azureSynapseSQLODPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureSynapseSQLODPrivateDnsZoneId]"
+                    },
+                    "azureSynapseDevPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureSynapseDevPrivateDnsZoneId]"
+                    },
+                    "azureMonitorPrivateDnsZoneId1": {
+                        "value": "[variables('policyParameterMapping').azureMonitorPrivateDnsZoneId1]"
+                    },
+                    "azureMonitorPrivateDnsZoneId2": {
+                        "value": "[variables('policyParameterMapping').azureMonitorPrivateDnsZoneId2]"
+                    },
+                    "azureMonitorPrivateDnsZoneId3": {
+                        "value": "[variables('policyParameterMapping').azureMonitorPrivateDnsZoneId3]"
+                    },
+                    "azureMonitorPrivateDnsZoneId4": {
+                        "value": "[variables('policyParameterMapping').azureMonitorPrivateDnsZoneId4]"
+                    },
+                    "azureMonitorPrivateDnsZoneId5": {
+                        "value": "[variables('policyParameterMapping').azureMonitorPrivateDnsZoneId5]"
+                    },
+                    "azureWebPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureWebPrivateDnsZoneId]"
+                    },
+                    "azureBatchPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureBatchPrivateDnsZoneId]"
+                    },
+                    "azureAppPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureAppPrivateDnsZoneId]"
+                    },
+
+                    "azureIotPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureIotPrivateDnsZoneId]"
+                    },
+                    "azureKeyVaultPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureKeyVaultPrivateDnsZoneId]"
+                    },
+                    "azureSignalRPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureSignalRPrivateDnsZoneId]"
+                    },
+                    "azureAppServicesPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureAppServicesPrivateDnsZoneId]"
+                    },
+                    "azureEventGridTopicsPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureEventGridTopicsPrivateDnsZoneId]"
+                    },
+                    "azureDiskAccessPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureDiskAccessPrivateDnsZoneId]"
+                    },
+                    "azureCognitiveServicesPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureCognitiveServicesPrivateDnsZoneId]"
+                    },
+                    "azureIotHubsPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureIotHubsPrivateDnsZoneId]"
+                    },
+                    "azureEventGridDomainsPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureEventGridDomainsPrivateDnsZoneId]"
+                    },
+                    "azureRedisCachePrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureRedisCachePrivateDnsZoneId]"
+                    },
+                    "azureAcrPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureAcrPrivateDnsZoneId]"
+                    },
+                    "azureEventHubNamespacePrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureEventHubNamespacePrivateDnsZoneId]"
+                    },
+                    "azureMachineLearningWorkspacePrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureMachineLearningWorkspacePrivateDnsZoneId]"
+                    },
+                    "azureMachineLearningWorkspaceSecondPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureMachineLearningWorkspaceSecondPrivateDnsZoneId]"
+                    },
+                    "azureServiceBusNamespacePrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureServiceBusNamespacePrivateDnsZoneId]"
+                    },
+                    "azureCognitiveSearchPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureCognitiveSearchPrivateDnsZoneId]"
+                    },
+
+                    "azureVirtualDesktopHostpoolPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureVirtualDesktopHostpoolPrivateDnsZoneId]"
+                    },
+                    "azureVirtualDesktopWorkspacePrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureVirtualDesktopWorkspacePrivateDnsZoneId]"
+                    },
+                    "azureIotDeviceupdatePrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureIotDeviceupdatePrivateDnsZoneId]"
+                    },
+
+                    "azureStorageTablePrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureStorageTablePrivateDnsZoneId]"
+                    },
+                    "azureStorageTableSecondaryPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureStorageTableSecondaryPrivateDnsZoneId]"
+                    },
+                    "azureSiteRecoveryBackupPrivateDnsZoneID": {
+                        "value": "[variables('policyParameterMapping').azureSiteRecoveryBackupPrivateDnsZoneID]"
+                    },
+                    "azureSiteRecoveryBlobPrivateDnsZoneID": {
+                        "value": "[variables('policyParameterMapping').azureSiteRecoveryBlobPrivateDnsZoneID]"
+                    },
+                    "azureSiteRecoveryQueuePrivateDnsZoneID": {
+                        "value": "[variables('policyParameterMapping').azureSiteRecoveryQueuePrivateDnsZoneID]"
+                    }
+                }
+            }
+        },
+        {
+            "type": "Microsoft.Authorization/roleAssignments",
+            "apiVersion": "2019-04-01-preview",
+            "name": "[variables('roleAssignmentNames').deployPrivateDnsZones]",
+            "dependsOn": [
+                "[variables('policyAssignmentNames').deployPrivateDnsZones]"
+            ],
+            "properties": {
+                "principalType": "ServicePrincipal",
+                "roleDefinitionId": "[variables('policyRbac')]",
+                "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deployPrivateDnsZones), '2019-09-01', 'Full').identity.principalId)]"
+            }
+        }
+    ],
+    "outputs": {
+        "principalId": {
+            "type": "string",
+            "value": "[reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deployPrivateDnsZones), '2019-09-01', 'Full').identity.principalId]"
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json
index fc77ee5981..11df0daf3f 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json
@@ -8,7 +8,7 @@
     "displayName": "Configure Azure PaaS services to use private DNS zones",
     "description": "This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones",
     "metadata": {
-      "version": "1.0.1",
+      "version": "1.2.0",
       "category": "Network",
       "source": "https://github.com/Azure/Enterprise-Scale/",
       "alzCloudEnvironments": [
@@ -25,6 +25,159 @@
           "description": "Private DNS Zone Identifier"
         }
       },
+      "azureAutomationWebhookPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureAutomationWebhookPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureAutomationDSCHybridPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureAutomationDSCHybridPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureCosmosSQLPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureCosmosSQLPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureCosmosMongoPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureCosmosMongoPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureCosmosCassandraPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureCosmosCassandraPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureCosmosGremlinPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureCosmosGremlinPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureCosmosTablePrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureCosmosTablePrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureDataFactoryPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureDataFactoryPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureDataFactoryPortalPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureDataFactoryPortalPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureSynapseSQLPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureSynapseSQLPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureSynapseSQLODPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureSynapseSQLODPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureSynapseDevPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureSynapseDevPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureMonitorPrivateDnsZoneId1": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureMonitorPrivateDnsZoneId1",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureMonitorPrivateDnsZoneId2": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureMonitorPrivateDnsZoneId2",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureMonitorPrivateDnsZoneId3": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureMonitorPrivateDnsZoneId3",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureMonitorPrivateDnsZoneId4": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureMonitorPrivateDnsZoneId4",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureMonitorPrivateDnsZoneId5": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureMonitorPrivateDnsZoneId5",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
       "azureWebPrivateDnsZoneId": {
         "type": "string",
         "defaultValue": "",
@@ -178,6 +331,15 @@
           "description": "Private DNS Zone Identifier"
         }
       },
+      "azureMachineLearningWorkspaceSecondPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureMachineLearningWorkspaceSecondPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
       "azureServiceBusNamespacePrivateDnsZoneId": {
         "type": "string",
         "defaultValue": "",
@@ -196,6 +358,78 @@
           "description": "Private DNS Zone Identifier"
         }
       },
+      "azureVirtualDesktopHostpoolPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureVirtualDesktopHostpoolPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureVirtualDesktopWorkspacePrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureVirtualDesktopWorkspacePrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureIotDeviceupdatePrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureIotDeviceupdatePrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureStorageTablePrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureStorageTablePrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureStorageTableSecondaryPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureStorageTableSecondaryPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureSiteRecoveryBackupPrivateDnsZoneID": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureSiteRecoveryBackupPrivateDnsZoneID",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureSiteRecoveryBlobPrivateDnsZoneID": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureSiteRecoveryBlobPrivateDnsZoneID",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureSiteRecoveryQueuePrivateDnsZoneID": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureSiteRecoveryQueuePrivateDnsZoneID",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
       "effect": {
         "type": "string",
         "metadata": {
@@ -223,8 +457,8 @@
     },
     "policyDefinitions": [
       {
-        "policyDefinitionReferenceId": "Deploy-Private-DNS-Azure-File-Sync",
-        "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Azure-File-Sync",
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-File-Sync",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475",
         "parameters": {
           "privateDnsZoneId": {
             "value": "[[parameters('azureFilePrivateDnsZoneId')]"
@@ -236,11 +470,14 @@
         "groupNames": []
       },
       {
-        "policyDefinitionReferenceId": "Deploy-Private-DNS-Azure-Web",
-        "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Azure-Web",
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Automation-Webhook",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064",
         "parameters": {
           "privateDnsZoneId": {
-            "value": "[[parameters('azureWebPrivateDnsZoneId')]"
+            "value": "[[parameters('azureAutomationWebhookPrivateDnsZoneId')]"
+          },
+          "privateEndpointGroupId": {
+            "value": "Webhook"
           },
           "effect": {
             "value": "[[parameters('effect')]"
@@ -249,11 +486,14 @@
         "groupNames": []
       },
       {
-        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Batch",
-        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8",
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Automation-DSCHybrid",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064",
         "parameters": {
           "privateDnsZoneId": {
-            "value": "[[parameters('azureBatchPrivateDnsZoneId')]"
+            "value": "[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]"
+          },
+          "privateEndpointGroupId": {
+            "value": "DSCAndHybridWorker"
           },
           "effect": {
             "value": "[[parameters('effect')]"
@@ -262,11 +502,14 @@
         "groupNames": []
       },
       {
-        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-App",
-        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df",
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Cosmos-SQL",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
         "parameters": {
           "privateDnsZoneId": {
-            "value": "[[parameters('azureAppPrivateDnsZoneId')]"
+            "value": "[[parameters('azureCosmosSQLPrivateDnsZoneId')]"
+          },
+          "privateEndpointGroupId": {
+            "value": "SQL"
           },
           "effect": {
             "value": "[[parameters('effect')]"
@@ -275,11 +518,14 @@
         "groupNames": []
       },
       {
-        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Site-Recovery",
-        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2",
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Cosmos-MongoDB",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
         "parameters": {
           "privateDnsZoneId": {
-            "value": "[[parameters('azureAsrPrivateDnsZoneId')]"
+            "value": "[[parameters('azureCosmosMongoPrivateDnsZoneId')]"
+          },
+          "privateEndpointGroupId": {
+            "value": "MongoDB"
           },
           "effect": {
             "value": "[[parameters('effect')]"
@@ -287,6 +533,336 @@
         },
         "groupNames": []
       },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Cosmos-Cassandra",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureCosmosCassandraPrivateDnsZoneId')]"
+          },
+          "privateEndpointGroupId": {
+            "value": "Cassandra"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Cosmos-Gremlin",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureCosmosGremlinPrivateDnsZoneId')]"
+          },
+          "privateEndpointGroupId": {
+            "value": "Gremlin"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Cosmos-Table",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureCosmosTablePrivateDnsZoneId')]"
+          },
+          "privateEndpointGroupId": {
+            "value": "Table"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-DataFactory",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureDataFactoryPrivateDnsZoneId')]"
+          },
+          "listOfGroupIds": {
+            "value": [
+              "dataFactory"
+            ]
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-DataFactory-Portal",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]"
+          },
+          "listOfGroupIds": {
+            "value": [
+              "portal"
+            ]
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-HDInsight",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureHDInsightPrivateDnsZoneId')]"
+          },
+          "groupId": {
+            "value": "cluster"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-Blob",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureStorageBlobPrivateDnsZoneId')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-Blob-Sec",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureStorageBlobSecPrivateDnsZoneId')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-Queue",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureStorageQueuePrivateDnsZoneId')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-Queue-Sec",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureStorageQueueSecPrivateDnsZoneId')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-File",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureStorageFilePrivateDnsZoneId')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-StaticWeb",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureStorageStaticWebPrivateDnsZoneId')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-StaticWeb-Sec",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-DFS",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureStorageDFSPrivateDnsZoneId')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-DFS-Sec",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureStorageDFSSecPrivateDnsZoneId')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Synapse-SQL",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureSynapseSQLPrivateDnsZoneId')]"
+          },
+          "targetSubResource": {
+            "value": "Sql"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Synapse-SQL-OnDemand",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureSynapseSQLODPrivateDnsZoneId')]"
+          },
+          "targetSubResource": {
+            "value": "SqlOnDemand"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Synapse-Dev",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureSynapseDevPrivateDnsZoneId')]"
+          },
+          "targetSubResource": {
+            "value": "Dev"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Monitor",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365",
+        "parameters": {
+          "privateDnsZoneId1": {
+            "value": "[[parameters('azureMonitorPrivateDnsZoneId1')]"
+          },
+          "privateDnsZoneId2": {
+            "value": "[[parameters('azureMonitorPrivateDnsZoneId2')]"
+          },
+          "privateDnsZoneId3": {
+            "value": "[[parameters('azureMonitorPrivateDnsZoneId3')]"
+          },
+          "privateDnsZoneId4": {
+            "value": "[[parameters('azureMonitorPrivateDnsZoneId4')]"
+          },
+          "privateDnsZoneId5": {
+            "value": "[[parameters('azureMonitorPrivateDnsZoneId5')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Web",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureWebPrivateDnsZoneId')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Batch",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureBatchPrivateDnsZoneId')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-App",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureAppPrivateDnsZoneId')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+
       {
         "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-IoT",
         "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8",
@@ -301,8 +877,8 @@
         "groupNames": []
       },
       {
-        "policyDefinitionReferenceId": "Deploy-Private-DNS-Azure-KeyVault",
-        "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Azure-KeyVault",
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-KeyVault",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4",
         "parameters": {
           "privateDnsZoneId": {
             "value": "[[parameters('azureKeyVaultPrivateDnsZoneId')]"
@@ -450,6 +1026,9 @@
           "privateDnsZoneId": {
             "value": "[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]"
           },
+          "secondPrivateDnsZoneId": {
+            "value": "[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]"
+          },
           "effect": {
             "value": "[[parameters('effect')]"
           }
@@ -481,6 +1060,90 @@
           }
         },
         "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-VirtualDesktopHostpool",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]"
+          },
+          "privateEndpointGroupId": {
+            "value": "connection"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        }
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-VirtualDesktopWorkspace",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]"
+          },
+          "privateEndpointGroupId": {
+            "value": "feed"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        }
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-IoTDeviceupdate",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a222b93a-e6c2-4c01-817f-21e092455b2a",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureIotDeviceupdatePrivateDnsZoneId')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        }
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-Table",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a",
+        "parameters":{
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureStorageTablePrivateDnsZoneId')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        }
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-Table-Secondary",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f",
+        "parameters":{
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        }
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Site-Recovery-Backup",
+        "policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820",
+        "parameters":{
+          "privateDnsZone-Backup": {
+            "value": "[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]"
+          },
+          "privateDnsZone-Blob": {
+            "value": "[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]"
+          },
+          "privateDnsZone-Queue": {
+            "value": "[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        }
       }
     ],
     "policyDefinitionGroups": null

From f636772a61dfe93f645be0c8962d7e56874dbc41 Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Thu, 25 Jul 2024 10:30:31 +0800
Subject: [PATCH 07/43] Update for policy VM Auto Shutdown and initiative
 assignment RegulatoryCompliance

---
 eslzArm/eslzArm.json                          |    9 +-
 ...cDINE-PrivateDNSZonesPolicyAssignment.json |    2 +-
 ...-RegulatoryCompliancePolicyAssignment.json | 4357 +++++++++++++++++
 src/templates/policies.bicep                  |    2 +-
 4 files changed, 4367 insertions(+), 3 deletions(-)
 create mode 100644 eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-RegulatoryCompliancePolicyAssignment.json

diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json
index cea89276be..6954c148e0 100644
--- a/eslzArm/eslzArm.json
+++ b/eslzArm/eslzArm.json
@@ -1582,6 +1582,13 @@
 
         },
         "azPrivateDnsPolicyAssignment": "[variables('azPrivateDnsPolicyAssignmentMapping')[environment().resourceManager]]",
+        // Referring to different Policy Set definition for different cloud enviornment
+        "regulatoryCompliancePolicyAssignmentMapping": {
+            "https://management.azure.com/": "managementGroupTemplates/policyAssignments/ENFORCE-RegulatoryCompliancePolicyAssignment.json",
+            "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcENFORCE-RegulatoryCompliancePolicyAssignment.json"
+
+        },
+        "regulatoryCompliancePolicy": "[variables('regulatoryCompliancePolicyAssignmentMapping')[environment().resourceManager]]",
         "deploymentUris": {
             "managementGroups": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/mgmtGroupStructure/mgmtGroups.json')]",
             "managementGroupsLite": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/mgmtGroupStructure/mgmtGroupsLite.json')]",
@@ -1600,7 +1607,7 @@
             "logAnalyticsPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-LogAnalyticsPolicyAssignment.json')]",
             "monitoringSolutions": "[uri(deployment().properties.templateLink.uri, 'subscriptionTemplates/logAnalyticsSolutions.json')]",
             "asbPolicyInitiative": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-ASBPolicyAssignment.json')]",
-            "regulatoryComplianceInitaitves": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/ENFORCE-RegulatoryCompliancePolicyAssignment.json')]",
+            "regulatoryComplianceInitaitves": "[uri(deployment().properties.templateLink.uri, variables('regulatoryCompliancePolicy'))]",
             "resourceDiagnosticsInitiative": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-ResourceDiagnosticsPolicyAssignment.json')]",
             "activityDiagnosticsPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-ActivityLogPolicyAssignment.json')]",
             "mdfcConfigPolicyInitiative": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-MDFCConfigPolicyAssignment.json')]",
diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json
index 4c84dcc5f2..ddd80950ce 100644
--- a/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json
@@ -179,7 +179,7 @@
             "azureSiteRecoveryQueuePrivateDnsZoneID": "[concat(variables('baseId'), 'privatelink.queue.core.chinacloudapi.cn')]"
         },
         "policyDefinitions": {
-            "deployPrivateDnsZones": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones')]"
+            "deployPrivateDnsZones": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json')]"
         },
         "policyAssignmentNames": {
             "deployPrivateDnsZones": "Deploy-Private-DNS-Zones",
diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-RegulatoryCompliancePolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-RegulatoryCompliancePolicyAssignment.json
new file mode 100644
index 0000000000..ec61d1e5d2
--- /dev/null
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-RegulatoryCompliancePolicyAssignment.json
@@ -0,0 +1,4357 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "topLevelManagementGroupPrefix": {
+            "type": "string",
+            "metadata": {
+                "description": "Provide the ESLZ company prefix to the intermediate root management group containing the policy definitions."
+            }
+        },
+        "policySetDefinitionId": {
+            "type": "string",
+            "metadata": {
+                "description": "Resource ID of the Policy Initative (Set Definition)"
+            }
+        },
+        "policySetDefinitionDisplayName": {
+            "type": "string",
+            "metadata": {
+                "description": "The Display Name for the Policy Initative (Set Definition)"
+            }
+        },
+        "policySetDefinitionDescription": {
+            "type": "string",
+            "metadata": {
+                "description": "The Description for the Policy Initative (Set Definition)"
+            }
+        },
+        "policyAssignmentName": {
+            "type": "string",
+            "metadata": {
+                "description": "The name for the Policy Assignment"
+            }
+        },
+        "enforcementMode": {
+            "type": "string",
+            "allowedValues": [
+                "Default",
+                "DoNotEnforce"
+            ],
+            "defaultValue": "Default"
+        },
+        "logAnalyticsWorkspaceId": {
+            "type": "string",
+            "defaultValue": "",
+            "metadata": {
+                "description": "The Resource ID of the Log Analytics Workspace"
+            }
+        },
+        "regCompPolParAusGovIsmRestrictedVmAdminsExclude": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParAusGovIsmRestrictedResourceTypes": {
+            "type": "string",
+            "defaultValue": "all"
+        },
+        "regCompPolParMPAACertificateThumb": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParMPAAApplicationName": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParMPAAStoragePrefix": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParMPAAResGroupPrefix": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParMPAARBatchMetricName": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParSovBaseConfRegions": {
+            "type": "array",
+            "defaultValue": []
+        },
+        "regCompPolParSovBaseGlobalRegions": {
+            "type": "array",
+            "defaultValue": []
+        },
+        "regCompPolParSwift2020VmAdminsInclude": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParSwift2020DomainFqdn": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParCanadaFedPbmmVmAdminsInclude": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParCanadaFedPbmmVmAdminsExclude": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParCisV2KeyVaultKeysRotateDays": {
+            "type": "int",
+            "defaultValue": 90
+        },
+        "regCompPolParCmmcL3VmAdminsInclude": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParCmmcL3VmAdminsExclude": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParHitrustHipaaApplicationName": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParHitrustHipaaStoragePrefix": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParHitrustHipaaResGroupPrefix": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParHitrustHipaaCertificateThumb": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParIrs1075Sep2016VmAdminsExclude": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParIrs1075Sep2016VmAdminsInclude": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParNZIsmRestrictedVmAdminsInclude": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParNZIsmRestrictedVmAdminsExclude": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParNistSp800171R2VmAdminsExclude": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParNistSp800171R2VmAdminsInclude": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParSoc2Type2AllowedRegistries": {
+            "type": "string",
+            "defaultValue": "^[^\\/]+\\.azurecr\\.io\\/.+$"
+        },
+        "regCompPolParSoc2Type2MaxCpuUnits": {
+            "type": "string",
+            "defaultValue": "200m"
+        },
+        "regCompPolParSoc2Type2MaxMemoryBytes": {
+            "type": "string",
+            "defaultValue": "1Gi"
+        }
+    },
+    "variables": {
+        "rbacContributor": "b24988ac-6180-42a0-ab88-20f7382dd24c",
+        "roleAssignmentNames": {
+            "deployRoles": "[guid(concat(parameters('topLevelManagementGroupPrefix'), parameters('policyAssignmentName')))]"
+        },
+        "knownPolicyInitativeDefinitionIdsThatRequireParamaeters": [
+            "/providers/Microsoft.Authorization/policySetDefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077",
+            "/providers/Microsoft.Authorization/policySetDefinitions/92646f03-e39d-47a9-9e24-58d60ef49af8",
+            "/providers/Microsoft.Authorization/policySetDefinitions/03de05a4-c324-4ccd-882f-a814ea8ab9ea",
+            "/providers/Microsoft.Authorization/policySetDefinitions/c1cbff38-87c0-4b9f-9f70-035c7a3b5523",
+            "/providers/Microsoft.Authorization/policySetDefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22",
+            "/providers/Microsoft.Authorization/policySetDefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87",
+            "/providers/Microsoft.Authorization/policySetDefinitions/06f19060-9e68-4070-92ca-f15cc126059e",
+            "/providers/Microsoft.Authorization/policySetDefinitions/b5629c75-5c77-4422-87b9-2509e680f8de",
+            "/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab",
+            "/providers/Microsoft.Authorization/policySetDefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d",
+            "/providers/Microsoft.Authorization/policySetDefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a",
+            "/providers/Microsoft.Authorization/policySetDefinitions/03055927-78bd-4236-86c0-f36125a10dc9",
+            "/providers/Microsoft.Authorization/policySetDefinitions/4054785f-702b-4a98-9215-009cbd58b141"
+        ],
+        "allResourceTypes": [
+            "Microsoft.Security/operations",
+            "Microsoft.Security/securityStatuses",
+            "Microsoft.Security/tasks",
+            "Microsoft.Security/secureScores",
+            "Microsoft.Security/secureScores/secureScoreControls",
+            "Microsoft.Security/secureScoreControls",
+            "Microsoft.Security/secureScoreControlDefinitions",
+            "Microsoft.Security/connectors",
+            "Microsoft.Security/regulatoryComplianceStandards",
+            "Microsoft.Security/regulatoryComplianceStandards/regulatoryComplianceControls",
+            "Microsoft.Security/regulatoryComplianceStandards/regulatoryComplianceControls/regulatoryComplianceAssessments",
+            "Microsoft.Security/alerts",
+            "Microsoft.Security/alertsSuppressionRules",
+            "Microsoft.Security/autoDismissAlertsRules",
+            "Microsoft.Security/dataCollectionAgents",
+            "Microsoft.Security/pricings",
+            "Microsoft.Security/pricings/securityOperators",
+            "Microsoft.Security/AutoProvisioningSettings",
+            "Microsoft.Security/MdeOnboardings",
+            "Microsoft.Security/vmScanners",
+            "Microsoft.Security/Compliances",
+            "Microsoft.Security/securityContacts",
+            "Microsoft.Security/workspaceSettings",
+            "Microsoft.Security/complianceResults",
+            "Microsoft.Security/policies",
+            "Microsoft.Security/assessments",
+            "Microsoft.Security/governanceRules",
+            "Microsoft.Security/assessments/governanceAssignments",
+            "Microsoft.Security/assessmentMetadata",
+            "Microsoft.Security/subAssessments",
+            "Microsoft.Security/securitySolutions",
+            "Microsoft.Security/locations/securitySolutions",
+            "Microsoft.Security/discoveredSecuritySolutions",
+            "Microsoft.Security/locations/discoveredSecuritySolutions",
+            "Microsoft.Security/allowedConnections",
+            "Microsoft.Security/locations/allowedConnections",
+            "Microsoft.Security/topologies",
+            "Microsoft.Security/locations/topologies",
+            "Microsoft.Security/securitySolutionsReferenceData",
+            "Microsoft.Security/locations/securitySolutionsReferenceData",
+            "Microsoft.Security/jitPolicies",
+            "Microsoft.Security/jitNetworkAccessPolicies",
+            "Microsoft.Security/locations/jitNetworkAccessPolicies",
+            "Microsoft.Security/locations",
+            "Microsoft.Security/securityStatusesSummaries",
+            "Microsoft.Security/applicationWhitelistings",
+            "Microsoft.Security/locations/applicationWhitelistings",
+            "Microsoft.Security/locations/alerts",
+            "Microsoft.Security/locations/tasks",
+            "Microsoft.Security/externalSecuritySolutions",
+            "Microsoft.Security/locations/externalSecuritySolutions",
+            "Microsoft.Security/InformationProtectionPolicies",
+            "Microsoft.Security/advancedThreatProtectionSettings",
+            "Microsoft.Security/sqlVulnerabilityAssessments",
+            "Microsoft.Security/deviceSecurityGroups",
+            "Microsoft.Security/iotSecuritySolutions",
+            "Microsoft.Security/iotSecuritySolutions/analyticsModels",
+            "Microsoft.Security/iotSecuritySolutions/iotAlertTypes",
+            "Microsoft.Security/iotSecuritySolutions/iotAlerts",
+            "Microsoft.Security/iotSecuritySolutions/iotRecommendationTypes",
+            "Microsoft.Security/iotSecuritySolutions/iotRecommendations",
+            "Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedAlerts",
+            "Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedRecommendations",
+            "Microsoft.Security/settings",
+            "Microsoft.Security/serverVulnerabilityAssessments",
+            "Microsoft.Security/serverVulnerabilityAssessmentsSettings",
+            "Microsoft.Security/adaptiveNetworkHardenings",
+            "Microsoft.Security/automations",
+            "Microsoft.Security/defenderForStorageSettings",
+            "Microsoft.Security/dataScanners",
+            "Microsoft.Security/securityConnectors",
+            "Microsoft.Security/securityConnectors/devops",
+            "Microsoft.Security/customRecommendations",
+            "Microsoft.Security/customAssessmentAutomations",
+            "Microsoft.Security/securityStandards",
+            "Microsoft.Security/standards",
+            "Microsoft.Security/standardAssignments",
+            "Microsoft.Security/assignments",
+            "Microsoft.Security/sensitivitySettings",
+            "Microsoft.Security/query",
+            "Microsoft.Security/applications",
+            "Microsoft.Security/apiCollections",
+            "Microsoft.Security/healthReports",
+            "Microsoft.Security/aggregations",
+            "Microsoft.Security/integrations",
+            "Microsoft.PolicyInsights/policyEvents",
+            "Microsoft.PolicyInsights/policyStates",
+            "Microsoft.PolicyInsights/operations",
+            "Microsoft.PolicyInsights/asyncOperationResults",
+            "Microsoft.PolicyInsights/remediations",
+            "Microsoft.PolicyInsights/eventGridFilters",
+            "Microsoft.PolicyInsights/checkPolicyRestrictions",
+            "Microsoft.PolicyInsights/policyTrackedResources",
+            "Microsoft.PolicyInsights/policyMetadata",
+            "Microsoft.Management/resources",
+            "Microsoft.Management/managementGroups",
+            "Microsoft.Management/getEntities",
+            "Microsoft.Management/managementGroups/settings",
+            "Microsoft.Management/checkNameAvailability",
+            "Microsoft.Management/operationResults",
+            "Microsoft.Management/operationResults/asyncOperation",
+            "Microsoft.Management/operations",
+            "Microsoft.Management/tenantBackfillStatus",
+            "Microsoft.Management/startTenantBackfill",
+            "Microsoft.Storage/storageAccounts/storageTaskAssignments",
+            "Microsoft.Storage/storageAccounts/encryptionScopes",
+            "Microsoft.Storage/deletedAccounts",
+            "Microsoft.Storage/locations/deletedAccounts",
+            "Microsoft.Storage/storageAccounts",
+            "Microsoft.Storage/storageTasks",
+            "Microsoft.Storage/operations",
+            "Microsoft.Storage/locations/asyncoperations",
+            "Microsoft.Storage/storageAccounts/listAccountSas",
+            "Microsoft.Storage/storageAccounts/listServiceSas",
+            "Microsoft.Storage/storageAccounts/blobServices",
+            "Microsoft.Storage/storageAccounts/tableServices",
+            "Microsoft.Storage/storageAccounts/queueServices",
+            "Microsoft.Storage/storageAccounts/fileServices",
+            "Microsoft.Storage/locations",
+            "Microsoft.Storage/locations/usages",
+            "Microsoft.Storage/locations/deleteVirtualNetworkOrSubnets",
+            "Microsoft.Storage/usages",
+            "Microsoft.Storage/checkNameAvailability",
+            "Microsoft.Storage/locations/checkNameAvailability",
+            "Microsoft.Storage/storageAccounts/services",
+            "Microsoft.Storage/storageAccounts/services/metricDefinitions",
+            "Microsoft.Storage/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+            "Microsoft.OperationalInsights/workspaces",
+            "Microsoft.OperationalInsights/querypacks",
+            "Microsoft.OperationalInsights/locations",
+            "Microsoft.OperationalInsights/locations/operationStatuses",
+            "Microsoft.OperationalInsights/workspaces/scopedPrivateLinkProxies",
+            "Microsoft.OperationalInsights/workspaces/api",
+            "Microsoft.OperationalInsights/workspaces/query",
+            "Microsoft.OperationalInsights/workspaces/metadata",
+            "Microsoft.OperationalInsights/workspaces/purge",
+            "Microsoft.OperationalInsights/workspaces/operations",
+            "Microsoft.OperationalInsights/workspaces/dataSources",
+            "Microsoft.OperationalInsights/workspaces/linkedStorageAccounts",
+            "Microsoft.OperationalInsights/workspaces/tables",
+            "Microsoft.OperationalInsights/workspaces/storageInsightConfigs",
+            "Microsoft.OperationalInsights/storageInsightConfigs",
+            "Microsoft.OperationalInsights/workspaces/linkedServices",
+            "Microsoft.OperationalInsights/linkTargets",
+            "Microsoft.OperationalInsights/deletedWorkspaces",
+            "Microsoft.OperationalInsights/operations",
+            "Microsoft.OperationalInsights/clusters",
+            "Microsoft.OperationalInsights/workspaces/dataExports",
+            "Microsoft.OperationalInsights/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+            "Microsoft.Automation/automationAccounts",
+            "Microsoft.Automation/deletedAutomationAccounts",
+            "Microsoft.Automation/automationAccounts/runbooks",
+            "Microsoft.Automation/automationAccounts/configurations",
+            "Microsoft.Automation/automationAccounts/webhooks",
+            "Microsoft.Automation/operations",
+            "Microsoft.Automation/automationAccounts/softwareUpdateConfigurations",
+            "Microsoft.Automation/automationAccounts/softwareUpdateConfigurationRuns",
+            "Microsoft.Automation/automationAccounts/softwareUpdateConfigurationMachineRuns",
+            "Microsoft.Automation/automationAccounts/jobs",
+            "Microsoft.Automation/automationAccounts/privateLinkResources",
+            "Microsoft.Automation/automationAccounts/privateEndpointConnections",
+            "Microsoft.Automation/automationAccounts/privateEndpointConnectionProxies",
+            "Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups",
+            "Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/hybridRunbookWorkers",
+            "Microsoft.Automation/automationAccounts/agentRegistrationInformation",
+            "Microsoft.Network/virtualNetworkGateways",
+            "Microsoft.Network/localNetworkGateways",
+            "Microsoft.Network/connections",
+            "Microsoft.Network/applicationGateways",
+            "Microsoft.Network/expressRouteCircuits",
+            "Microsoft.Network/expressRouteServiceProviders",
+            "Microsoft.Network/applicationGatewayAvailableWafRuleSets",
+            "Microsoft.Network/applicationGatewayAvailableSslOptions",
+            "Microsoft.Network/applicationGatewayAvailableServerVariables",
+            "Microsoft.Network/applicationGatewayAvailableRequestHeaders",
+            "Microsoft.Network/applicationGatewayAvailableResponseHeaders",
+            "Microsoft.Network/routeFilters",
+            "Microsoft.Network/bgpServiceCommunities",
+            "Microsoft.Network/vpnSites",
+            "Microsoft.Network/vpnServerConfigurations",
+            "Microsoft.Network/virtualHubs",
+            "Microsoft.Network/vpnGateways",
+            "Microsoft.Network/p2sVpnGateways",
+            "Microsoft.Network/expressRouteGateways",
+            "Microsoft.Network/expressRoutePortsLocations",
+            "Microsoft.Network/expressRoutePorts",
+            "Microsoft.Network/securityPartnerProviders",
+            "Microsoft.Network/azureFirewalls",
+            "Microsoft.Network/azureFirewallFqdnTags",
+            "Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies",
+            "Microsoft.Network/locations/ApplicationGatewayWafDynamicManifests",
+            "Microsoft.Network/virtualWans",
+            "Microsoft.Network/bastionHosts",
+            "Microsoft.Network/queryExpressRoutePortsBandwidth",
+            "Microsoft.Network/trafficmanagerprofiles",
+            "Microsoft.Network/trafficmanagerprofiles/heatMaps",
+            "Microsoft.Network/trafficmanagerprofiles/azureendpoints",
+            "Microsoft.Network/trafficmanagerprofiles/externalendpoints",
+            "Microsoft.Network/trafficmanagerprofiles/nestedendpoints",
+            "Microsoft.Network/checkTrafficManagerNameAvailability",
+            "Microsoft.Network/checkTrafficManagerNameAvailabilityV2",
+            "Microsoft.Network/trafficManagerUserMetricsKeys",
+            "Microsoft.Network/trafficManagerGeographicHierarchies",
+            "Microsoft.Network/expressRouteProviderPorts",
+            "Microsoft.Network/locations/hybridEdgeZone",
+            "Microsoft.Network/firewallPolicies",
+            "Microsoft.Network/ipGroups",
+            "Microsoft.Network/azureWebCategories",
+            "Microsoft.Network/locations/nfvOperations",
+            "Microsoft.Network/locations/nfvOperationResults",
+            "Microsoft.Network/virtualRouters",
+            "Microsoft.Network/networkVirtualAppliances",
+            "Microsoft.Network/networkVirtualApplianceSkus",
+            "Microsoft.Network/frontdoorOperationResults",
+            "Microsoft.Network/checkFrontdoorNameAvailability",
+            "Microsoft.Network/frontdoors",
+            "Microsoft.Network/frontdoors/frontendEndpoints",
+            "Microsoft.Network/frontdoors/frontendEndpoints/customHttpsConfiguration",
+            "Microsoft.Network/frontdoorWebApplicationFirewallPolicies",
+            "Microsoft.Network/frontdoorWebApplicationFirewallManagedRuleSets",
+            "Microsoft.Network/networkExperimentProfiles",
+            "Microsoft.Network/networkManagers",
+            "Microsoft.Network/networkManagerConnections",
+            "Microsoft.Network/networkSecurityPerimeters",
+            "Microsoft.Network/locations/perimeterAssociableResourceTypes",
+            "Microsoft.Network/locations/queryNetworkSecurityPerimeter",
+            "Microsoft.Network/virtualNetworks/listNetworkManagerEffectiveConnectivityConfigurations",
+            "Microsoft.Network/virtualNetworks/listNetworkManagerEffectiveSecurityAdminRules",
+            "Microsoft.Network/networkGroupMemberships",
+            "Microsoft.Network/locations/commitInternalAzureNetworkManagerConfiguration",
+            "Microsoft.Network/locations/internalAzureVirtualNetworkManagerOperation",
+            "Microsoft.Network/privateDnsZones",
+            "Microsoft.Network/privateDnsZones/virtualNetworkLinks",
+            "Microsoft.Network/privateDnsOperationResults",
+            "Microsoft.Network/privateDnsOperationStatuses",
+            "Microsoft.Network/privateDnsZonesInternal",
+            "Microsoft.Network/privateDnsZones/A",
+            "Microsoft.Network/privateDnsZones/AAAA",
+            "Microsoft.Network/privateDnsZones/CNAME",
+            "Microsoft.Network/privateDnsZones/PTR",
+            "Microsoft.Network/privateDnsZones/MX",
+            "Microsoft.Network/privateDnsZones/TXT",
+            "Microsoft.Network/privateDnsZones/SRV",
+            "Microsoft.Network/privateDnsZones/SOA",
+            "Microsoft.Network/privateDnsZones/all",
+            "Microsoft.Network/virtualNetworks/privateDnsZoneLinks",
+            "Microsoft.Network/dnsResolvers",
+            "Microsoft.Network/dnsResolvers/inboundEndpoints",
+            "Microsoft.Network/dnsResolvers/outboundEndpoints",
+            "Microsoft.Network/dnsForwardingRulesets",
+            "Microsoft.Network/dnsForwardingRulesets/forwardingRules",
+            "Microsoft.Network/dnsForwardingRulesets/virtualNetworkLinks",
+            "Microsoft.Network/virtualNetworks/listDnsResolvers",
+            "Microsoft.Network/virtualNetworks/listDnsForwardingRulesets",
+            "Microsoft.Network/locations/dnsResolverOperationResults",
+            "Microsoft.Network/locations/dnsResolverOperationStatuses",
+            "Microsoft.Network/locations/dnsResolverPolicyOperationResults",
+            "Microsoft.Network/locations/dnsResolverPolicyOperationStatuses",
+            "Microsoft.Network/dnszones",
+            "Microsoft.Network/dnsOperationResults",
+            "Microsoft.Network/dnsOperationStatuses",
+            "Microsoft.Network/getDnsResourceReference",
+            "Microsoft.Network/internalNotify",
+            "Microsoft.Network/dnszones/A",
+            "Microsoft.Network/dnszones/AAAA",
+            "Microsoft.Network/dnszones/CNAME",
+            "Microsoft.Network/dnszones/PTR",
+            "Microsoft.Network/dnszones/MX",
+            "Microsoft.Network/dnszones/TXT",
+            "Microsoft.Network/dnszones/SRV",
+            "Microsoft.Network/dnszones/SOA",
+            "Microsoft.Network/dnszones/NS",
+            "Microsoft.Network/dnszones/CAA",
+            "Microsoft.Network/dnszones/DS",
+            "Microsoft.Network/dnszones/TLSA",
+            "Microsoft.Network/dnszones/NAPTR",
+            "Microsoft.Network/dnszones/recordsets",
+            "Microsoft.Network/dnszones/all",
+            "Microsoft.Network/dnszones/dnssecConfigs",
+            "Microsoft.Network/virtualNetworks",
+            "Microsoft.Network/virtualNetworks/taggedTrafficConsumers",
+            "Microsoft.Network/natGateways",
+            "Microsoft.Network/publicIPAddresses",
+            "Microsoft.Network/internalPublicIpAddresses",
+            "Microsoft.Network/customIpPrefixes",
+            "Microsoft.Network/networkInterfaces",
+            "Microsoft.Network/dscpConfigurations",
+            "Microsoft.Network/privateEndpoints",
+            "Microsoft.Network/privateEndpoints/privateLinkServiceProxies",
+            "Microsoft.Network/privateEndpointRedirectMaps",
+            "Microsoft.Network/loadBalancers",
+            "Microsoft.Network/networkSecurityGroups",
+            "Microsoft.Network/applicationSecurityGroups",
+            "Microsoft.Network/serviceEndpointPolicies",
+            "Microsoft.Network/networkIntentPolicies",
+            "Microsoft.Network/routeTables",
+            "Microsoft.Network/publicIPPrefixes",
+            "Microsoft.Network/networkWatchers",
+            "Microsoft.Network/networkWatchers/connectionMonitors",
+            "Microsoft.Network/networkWatchers/flowLogs",
+            "Microsoft.Network/networkWatchers/pingMeshes",
+            "Microsoft.Network/locations",
+            "Microsoft.Network/locations/operations",
+            "Microsoft.Network/locations/operationResults",
+            "Microsoft.Network/locations/CheckDnsNameAvailability",
+            "Microsoft.Network/locations/setLoadBalancerFrontendPublicIpAddresses",
+            "Microsoft.Network/cloudServiceSlots",
+            "Microsoft.Network/locations/usages",
+            "Microsoft.Network/locations/virtualNetworkAvailableEndpointServices",
+            "Microsoft.Network/locations/availableDelegations",
+            "Microsoft.Network/locations/serviceTags",
+            "Microsoft.Network/locations/availablePrivateEndpointTypes",
+            "Microsoft.Network/locations/availableServiceAliases",
+            "Microsoft.Network/locations/checkPrivateLinkServiceVisibility",
+            "Microsoft.Network/locations/autoApprovedPrivateLinkServices",
+            "Microsoft.Network/locations/batchValidatePrivateEndpointsForResourceMove",
+            "Microsoft.Network/locations/batchNotifyPrivateEndpointsForResourceMove",
+            "Microsoft.Network/locations/supportedVirtualMachineSizes",
+            "Microsoft.Network/locations/setAzureNetworkManagerConfiguration",
+            "Microsoft.Network/locations/publishResources",
+            "Microsoft.Network/locations/getAzureNetworkManagerConfiguration",
+            "Microsoft.Network/locations/checkAcceleratedNetworkingSupport",
+            "Microsoft.Network/locations/validateResourceOwnership",
+            "Microsoft.Network/locations/setResourceOwnership",
+            "Microsoft.Network/locations/effectiveResourceOwnership",
+            "Microsoft.Network/operations",
+            "Microsoft.Network/virtualNetworkTaps",
+            "Microsoft.Network/privateLinkServices",
+            "Microsoft.Network/locations/privateLinkServices",
+            "Microsoft.Network/ddosProtectionPlans",
+            "Microsoft.Network/networkProfiles",
+            "Microsoft.Network/locations/bareMetalTenants",
+            "Microsoft.Network/ipAllocations",
+            "Microsoft.Network/locations/serviceTagDetails",
+            "Microsoft.Network/locations/dataTasks",
+            "Microsoft.Network/locations/startPacketTagging",
+            "Microsoft.Network/locations/deletePacketTagging",
+            "Microsoft.Network/locations/getPacketTagging",
+            "Microsoft.Network/locations/rnmEffectiveRouteTable",
+            "Microsoft.Network/locations/rnmEffectiveNetworkSecurityGroups",
+            "Microsoft.Compute/availabilitySets",
+            "Microsoft.Compute/virtualMachines",
+            "Microsoft.Compute/virtualMachines/extensions",
+            "Microsoft.Compute/virtualMachineScaleSets",
+            "Microsoft.Compute/virtualMachineScaleSets/extensions",
+            "Microsoft.Compute/virtualMachineScaleSets/virtualMachines",
+            "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/extensions",
+            "Microsoft.Compute/virtualMachineScaleSets/networkInterfaces",
+            "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces",
+            "Microsoft.Compute/virtualMachineScaleSets/publicIPAddresses",
+            "Microsoft.Compute/locations",
+            "Microsoft.Compute/locations/operations",
+            "Microsoft.Compute/locations/vmSizes",
+            "Microsoft.Compute/locations/runCommands",
+            "Microsoft.Compute/locations/virtualMachines",
+            "Microsoft.Compute/locations/virtualMachineScaleSets",
+            "Microsoft.Compute/locations/publishers",
+            "Microsoft.Compute/operations",
+            "Microsoft.Compute/virtualMachines/runCommands",
+            "Microsoft.Compute/virtualMachineScaleSets/applications",
+            "Microsoft.Compute/virtualMachines/VMApplications",
+            "Microsoft.Compute/locations/edgeZones",
+            "Microsoft.Compute/locations/edgeZones/vmimages",
+            "Microsoft.Compute/locations/edgeZones/publishers",
+            "Microsoft.Compute/restorePointCollections",
+            "Microsoft.Compute/restorePointCollections/restorePoints",
+            "Microsoft.Compute/proximityPlacementGroups",
+            "Microsoft.Compute/sshPublicKeys",
+            "Microsoft.Compute/capacityReservationGroups",
+            "Microsoft.Compute/capacityReservationGroups/capacityReservations",
+            "Microsoft.Compute/virtualMachines/metricDefinitions",
+            "Microsoft.Compute/locations/spotEvictionRates",
+            "Microsoft.Compute/locations/spotPriceHistory",
+            "Microsoft.Compute/locations/recommendations",
+            "Microsoft.Compute/locations/sharedGalleries",
+            "Microsoft.Compute/locations/communityGalleries",
+            "Microsoft.Compute/sharedVMImages",
+            "Microsoft.Compute/sharedVMImages/versions",
+            "Microsoft.Compute/locations/artifactPublishers",
+            "Microsoft.Compute/locations/capsoperations",
+            "Microsoft.Compute/galleries",
+            "Microsoft.Compute/galleries/images",
+            "Microsoft.Compute/galleries/images/versions",
+            "Microsoft.Compute/locations/galleries",
+            "Microsoft.Compute/payloadGroups",
+            "Microsoft.Compute/galleries/applications",
+            "Microsoft.Compute/galleries/applications/versions",
+            "Microsoft.Compute/disks",
+            "Microsoft.Compute/snapshots",
+            "Microsoft.Compute/locations/diskoperations",
+            "Microsoft.Compute/diskEncryptionSets",
+            "Microsoft.Compute/diskAccesses",
+            "Microsoft.Compute/restorePointCollections/restorePoints/diskRestorePoints",
+            "Microsoft.Compute/virtualMachineScaleSets/disks",
+            "Microsoft.Compute/cloudServices",
+            "Microsoft.Compute/cloudServices/roles",
+            "Microsoft.Compute/cloudServices/roleInstances",
+            "Microsoft.Compute/locations/csoperations",
+            "Microsoft.Compute/locations/cloudServiceOsVersions",
+            "Microsoft.Compute/locations/cloudServiceOsFamilies",
+            "Microsoft.Compute/cloudServices/networkInterfaces",
+            "Microsoft.Compute/cloudServices/roleInstances/networkInterfaces",
+            "Microsoft.Compute/cloudServices/publicIPAddresses",
+            "Microsoft.Compute/locations/usages",
+            "Microsoft.Compute/images",
+            "Microsoft.Compute/locations/diagnostics",
+            "Microsoft.Compute/locations/diagnosticOperations",
+            "Microsoft.Compute/locations/logAnalytics",
+            "Microsoft.Compute/hostGroups",
+            "Microsoft.Compute/hostGroups/hosts",
+            "Microsoft.ResourceHealth/availabilityStatuses",
+            "Microsoft.ResourceHealth/childAvailabilityStatuses",
+            "Microsoft.ResourceHealth/childResources",
+            "Microsoft.ResourceHealth/events",
+            "Microsoft.ResourceHealth/metadata",
+            "Microsoft.ResourceHealth/emergingissues",
+            "Microsoft.ResourceHealth/operations",
+            "microsoft.insights/components",
+            "microsoft.insights/components/query",
+            "microsoft.insights/components/metadata",
+            "microsoft.insights/components/metrics",
+            "microsoft.insights/components/events",
+            "microsoft.insights/components/syntheticmonitorlocations",
+            "microsoft.insights/components/analyticsItems",
+            "microsoft.insights/components/webtests",
+            "microsoft.insights/components/workItemConfigs",
+            "microsoft.insights/components/myFavorites",
+            "microsoft.insights/components/operations",
+            "microsoft.insights/components/exportConfiguration",
+            "microsoft.insights/components/purge",
+            "microsoft.insights/components/api",
+            "microsoft.insights/components/aggregate",
+            "microsoft.insights/components/metricDefinitions",
+            "microsoft.insights/components/extendQueries",
+            "microsoft.insights/components/apiKeys",
+            "microsoft.insights/components/myAnalyticsItems",
+            "microsoft.insights/components/favorites",
+            "microsoft.insights/components/defaultWorkItemConfig",
+            "microsoft.insights/components/annotations",
+            "microsoft.insights/components/proactiveDetectionConfigs",
+            "microsoft.insights/components/move",
+            "microsoft.insights/components/currentBillingFeatures",
+            "microsoft.insights/components/quotaStatus",
+            "microsoft.insights/components/featureCapabilities",
+            "microsoft.insights/components/getAvailableBillingFeatures",
+            "microsoft.insights/webtests",
+            "microsoft.insights/webtests/getTestResultFile",
+            "microsoft.insights/scheduledqueryrules",
+            "microsoft.insights/components/pricingPlans",
+            "microsoft.insights/migrateToNewPricingModel",
+            "microsoft.insights/rollbackToLegacyPricingModel",
+            "microsoft.insights/listMigrationdate",
+            "microsoft.insights/logprofiles",
+            "microsoft.insights/migratealertrules",
+            "microsoft.insights/metricalerts",
+            "microsoft.insights/alertrules",
+            "microsoft.insights/autoscalesettings",
+            "microsoft.insights/eventtypes",
+            "microsoft.insights/locations",
+            "microsoft.insights/locations/operationResults",
+            "microsoft.insights/vmInsightsOnboardingStatuses",
+            "microsoft.insights/operations",
+            "microsoft.insights/diagnosticSettings",
+            "microsoft.insights/diagnosticSettingsCategories",
+            "microsoft.insights/extendedDiagnosticSettings",
+            "microsoft.insights/metricDefinitions",
+            "microsoft.insights/logDefinitions",
+            "microsoft.insights/eventCategories",
+            "microsoft.insights/metrics",
+            "microsoft.insights/metricbatch",
+            "microsoft.insights/metricNamespaces",
+            "microsoft.insights/notificationstatus",
+            "microsoft.insights/createnotifications",
+            "microsoft.insights/tenantactiongroups",
+            "microsoft.insights/actiongroups",
+            "microsoft.insights/activityLogAlerts",
+            "microsoft.insights/metricbaselines",
+            "microsoft.insights/workbooks",
+            "microsoft.insights/workbooktemplates",
+            "microsoft.insights/myWorkbooks",
+            "microsoft.insights/logs",
+            "microsoft.insights/transactions",
+            "microsoft.insights/topology",
+            "microsoft.insights/generateLiveToken",
+            "microsoft.insights/monitoredObjects",
+            "microsoft.insights/dataCollectionRules",
+            "microsoft.insights/dataCollectionRuleAssociations",
+            "microsoft.insights/dataCollectionEndpoints",
+            "microsoft.insights/dataCollectionEndpoints/scopedPrivateLinkProxies",
+            "microsoft.insights/privateLinkScopes",
+            "microsoft.insights/privateLinkScopes/privateEndpointConnections",
+            "microsoft.insights/privateLinkScopes/privateEndpointConnectionProxies",
+            "microsoft.insights/privateLinkScopes/scopedResources",
+            "microsoft.insights/components/linkedstorageaccounts",
+            "microsoft.insights/privateLinkScopeOperationStatuses",
+            "microsoft.insights/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+            "Microsoft.ManagedServices/registrationDefinitions",
+            "Microsoft.ManagedServices/registrationAssignments",
+            "Microsoft.ManagedServices/operations",
+            "Microsoft.ManagedServices/marketplaceRegistrationDefinitions",
+            "Microsoft.ManagedServices/operationStatuses",
+            "Microsoft.HDInsight/clusters",
+            "Microsoft.HDInsight/clusters/applications",
+            "Microsoft.HDInsight/clusters/operationresults",
+            "Microsoft.HDInsight/locations",
+            "Microsoft.HDInsight/locations/capabilities",
+            "Microsoft.HDInsight/locations/usages",
+            "Microsoft.HDInsight/locations/billingSpecs",
+            "Microsoft.HDInsight/locations/operationresults",
+            "Microsoft.HDInsight/locations/azureasyncoperations",
+            "Microsoft.HDInsight/locations/validateCreateRequest",
+            "Microsoft.HDInsight/operations",
+            "Microsoft.HDInsight/locations/operationStatuses",
+            "Microsoft.HDInsight/clusterPools",
+            "Microsoft.HDInsight/clusterPools/clusters",
+            "Microsoft.HDInsight/locations/clusterOfferingVersions",
+            "Microsoft.HDInsight/locations/availableClusterPoolVersions",
+            "Microsoft.HDInsight/locations/availableClusterVersions",
+            "Microsoft.HDInsight/locations/checkNameAvailability",
+            "Microsoft.HDInsight/clusterPools/clusters/serviceConfigs",
+            "Microsoft.HDInsight/clusterPools/clusters/instanceViews",
+            "Microsoft.HDInsight/clusterPools/clusters/jobs",
+            "Microsoft.AlertsManagement/alerts",
+            "Microsoft.AlertsManagement/alertsSummary",
+            "Microsoft.AlertsManagement/smartGroups",
+            "Microsoft.AlertsManagement/smartDetectorAlertRules",
+            "Microsoft.AlertsManagement/migrateFromSmartDetection",
+            "Microsoft.AlertsManagement/actionRules",
+            "Microsoft.AlertsManagement/alertsMetaData",
+            "Microsoft.AlertsManagement/prometheusRuleGroups",
+            "Microsoft.AlertsManagement/operations",
+            "Microsoft.AlertsManagement/alertRuleRecommendations",
+            "Microsoft.AlertsManagement/tenantActivityLogAlerts",
+            "Microsoft.AlertsManagement/investigations",
+            "Microsoft.OperationsManagement/solutions",
+            "Microsoft.OperationsManagement/managementassociations",
+            "Microsoft.OperationsManagement/views",
+            "Microsoft.OperationsManagement/operations",
+            "Microsoft.KeyVault/vaults",
+            "Microsoft.KeyVault/vaults/secrets",
+            "Microsoft.KeyVault/vaults/accessPolicies",
+            "Microsoft.KeyVault/operations",
+            "Microsoft.KeyVault/checkNameAvailability",
+            "Microsoft.KeyVault/deletedVaults",
+            "Microsoft.KeyVault/locations",
+            "Microsoft.KeyVault/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+            "Microsoft.KeyVault/locations/deletedVaults",
+            "Microsoft.KeyVault/locations/deleteVirtualNetworkOrSubnets",
+            "Microsoft.KeyVault/locations/operationResults",
+            "Microsoft.KeyVault/vaults/eventGridFilters",
+            "Microsoft.KeyVault/managedHSMs",
+            "Microsoft.KeyVault/deletedManagedHSMs",
+            "Microsoft.KeyVault/locations/deletedManagedHSMs",
+            "Microsoft.KeyVault/locations/managedHsmOperationResults",
+            "Microsoft.KeyVault/managedHSMs/keys",
+            "Microsoft.KeyVault/managedHSMs/keys/versions",
+            "Microsoft.KeyVault/checkMhsmNameAvailability",
+            "Microsoft.KeyVault/vaults/keys",
+            "Microsoft.KeyVault/vaults/keys/versions",
+            "Microsoft.ContainerService/ManagedClusters/eventGridFilters",
+            "Microsoft.ContainerService/fleetMemberships",
+            "Microsoft.ContainerService/fleets",
+            "Microsoft.ContainerService/fleets/members",
+            "Microsoft.ContainerService/fleets/updateRuns",
+            "Microsoft.ContainerService/fleets/updateStrategies",
+            "Microsoft.ContainerService/locations",
+            "Microsoft.ContainerService/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+            "Microsoft.ContainerService/locations/operationresults",
+            "Microsoft.ContainerService/locations/operations",
+            "Microsoft.ContainerService/locations/orchestrators",
+            "Microsoft.ContainerService/locations/kubernetesVersions",
+            "Microsoft.ContainerService/locations/usages",
+            "Microsoft.ContainerService/locations/osOptions",
+            "Microsoft.ContainerService/locations/guardrailsVersions",
+            "Microsoft.ContainerService/locations/trustedAccessRoles",
+            "Microsoft.ContainerService/managedClusters",
+            "Microsoft.ContainerService/managedclustersnapshots",
+            "Microsoft.ContainerService/operations",
+            "Microsoft.ContainerService/snapshots",
+            "Microsoft.DesktopVirtualization/workspaces",
+            "Microsoft.DesktopVirtualization/applicationgroups",
+            "Microsoft.DesktopVirtualization/applicationgroups/applications",
+            "Microsoft.DesktopVirtualization/applicationgroups/desktops",
+            "Microsoft.DesktopVirtualization/applicationgroups/startmenuitems",
+            "Microsoft.DesktopVirtualization/hostpools",
+            "Microsoft.DesktopVirtualization/hostpools/msixpackages",
+            "Microsoft.DesktopVirtualization/hostpools/sessionhosts",
+            "Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions",
+            "Microsoft.DesktopVirtualization/hostpools/usersessions",
+            "Microsoft.DesktopVirtualization/scalingplans",
+            "Microsoft.DesktopVirtualization/appattachpackages",
+            "Microsoft.DesktopVirtualization/operations",
+            "Microsoft.SecurityInsights/operations",
+            "Microsoft.SecurityInsights/alertRules",
+            "Microsoft.SecurityInsights/alertRuleTemplates",
+            "Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns",
+            "Microsoft.SecurityInsights/cases",
+            "Microsoft.SecurityInsights/bookmarks",
+            "Microsoft.SecurityInsights/dataConnectors",
+            "Microsoft.SecurityInsights/dataConnectorDefinitions",
+            "Microsoft.SecurityInsights/dataConnectorsCheckRequirements",
+            "Microsoft.SecurityInsights/enrichment",
+            "Microsoft.SecurityInsights/fileImports",
+            "Microsoft.SecurityInsights/entities",
+            "Microsoft.SecurityInsights/incidents",
+            "Microsoft.SecurityInsights/officeConsents",
+            "Microsoft.SecurityInsights/settings",
+            "Microsoft.SecurityInsights/aggregations",
+            "Microsoft.SecurityInsights/entityQueries",
+            "Microsoft.SecurityInsights/entityQueryTemplates",
+            "Microsoft.SecurityInsights/threatIntelligence",
+            "Microsoft.SecurityInsights/automationRules",
+            "Microsoft.SecurityInsights/sourceControls",
+            "Microsoft.SecurityInsights/exportConnections",
+            "Microsoft.SecurityInsights/listrepositories",
+            "Microsoft.SecurityInsights/watchlists",
+            "Microsoft.SecurityInsights/confidentialWatchlists",
+            "Microsoft.SecurityInsights/huntsessions",
+            "Microsoft.SecurityInsights/dynamicSummaries",
+            "Microsoft.SecurityInsights/hunts",
+            "Microsoft.SecurityInsights/onboardingStates",
+            "Microsoft.SecurityInsights/metadata",
+            "Microsoft.SecurityInsights/contentPackages",
+            "Microsoft.SecurityInsights/contentTemplates",
+            "Microsoft.SecurityInsights/contentProductPackages",
+            "Microsoft.SecurityInsights/contentProductTemplates",
+            "Microsoft.SecurityInsights/MitreCoverageRecords",
+            "Microsoft.SecurityInsights/overview",
+            "Microsoft.SecurityInsights/recommendations",
+            "Microsoft.SecurityInsights/billingStatistics",
+            "Microsoft.SecurityInsights/workspaceManagerConfigurations",
+            "Microsoft.SecurityInsights/workspaceManagerMembers",
+            "Microsoft.SecurityInsights/workspaceManagerGroups",
+            "Microsoft.SecurityInsights/workspaceManagerAssignments",
+            "Microsoft.SecurityInsights/securityMLAnalyticsSettings",
+            "Microsoft.SecurityInsights/contenttranslators",
+            "Microsoft.ServiceFabric/clusters",
+            "Microsoft.ServiceFabric/clusters/applications",
+            "Microsoft.ServiceFabric/clusters/applicationTypes",
+            "Microsoft.ServiceFabric/clusters/applicationTypes/versions",
+            "Microsoft.ServiceFabric/clusters/applications/services",
+            "Microsoft.ServiceFabric/locations",
+            "Microsoft.ServiceFabric/locations/clusterVersions",
+            "Microsoft.ServiceFabric/locations/environments",
+            "Microsoft.ServiceFabric/locations/operations",
+            "Microsoft.ServiceFabric/locations/operationResults",
+            "Microsoft.ServiceFabric/locations/unsupportedVMSizes",
+            "Microsoft.ServiceFabric/operations",
+            "Microsoft.ServiceFabric/managedclusters",
+            "Microsoft.ServiceFabric/managedclusters/nodetypes",
+            "Microsoft.ServiceFabric/managedclusters/applicationTypes",
+            "Microsoft.ServiceFabric/managedclusters/applicationTypes/versions",
+            "Microsoft.ServiceFabric/managedclusters/applications",
+            "Microsoft.ServiceFabric/managedclusters/applications/services",
+            "Microsoft.ServiceFabric/locations/managedClusterOperations",
+            "Microsoft.ServiceFabric/locations/managedClusterOperationResults",
+            "Microsoft.ServiceFabric/locations/managedClusterVersions",
+            "Microsoft.ServiceFabric/locations/environments/managedClusterVersions",
+            "Microsoft.ServiceFabric/locations/managedUnsupportedVMSizes",
+            "Microsoft.PowerBIDedicated/capacities",
+            "Microsoft.PowerBIDedicated/autoScaleVCores",
+            "Microsoft.PowerBIDedicated/locations",
+            "Microsoft.PowerBIDedicated/locations/checkNameAvailability",
+            "Microsoft.PowerBIDedicated/locations/operationresults",
+            "Microsoft.PowerBIDedicated/locations/operationstatuses",
+            "Microsoft.PowerBIDedicated/operations",
+            "Microsoft.Logic/workflows",
+            "Microsoft.Logic/locations/workflows",
+            "Microsoft.Logic/locations/validateWorkflowExport",
+            "Microsoft.Logic/locations/workflowExport",
+            "Microsoft.Logic/locations",
+            "Microsoft.Logic/operations",
+            "Microsoft.Logic/integrationAccounts",
+            "Microsoft.Logic/integrationServiceEnvironments",
+            "Microsoft.Logic/integrationServiceEnvironments/managedApis",
+            "Microsoft.Logic/locations/generateCopilotResponse",
+            "Microsoft.MachineLearningServices/workspaces/batchEndpoints",
+            "Microsoft.MachineLearningServices/workspaces/batchEndpoints/deployments",
+            "Microsoft.MachineLearningServices/workspaces",
+            "Microsoft.MachineLearningServices/registries",
+            "Microsoft.MachineLearningServices/locations/registryOperationsStatus",
+            "Microsoft.MachineLearningServices/workspaces/onlineEndpoints",
+            "Microsoft.MachineLearningServices/workspaces/onlineEndpoints/deployments",
+            "Microsoft.MachineLearningServices/workspaces/onlineEndpoints/deployments/skus",
+            "Microsoft.MachineLearningServices/workspaces/computes",
+            "Microsoft.MachineLearningServices/workspaces/jobs",
+            "Microsoft.MachineLearningServices/workspaces/codes",
+            "Microsoft.MachineLearningServices/workspaces/codes/versions",
+            "Microsoft.MachineLearningServices/workspaces/components",
+            "Microsoft.MachineLearningServices/workspaces/components/versions",
+            "Microsoft.MachineLearningServices/workspaces/environments",
+            "Microsoft.MachineLearningServices/workspaces/environments/versions",
+            "Microsoft.MachineLearningServices/workspaces/data",
+            "Microsoft.MachineLearningServices/workspaces/data/versions",
+            "Microsoft.MachineLearningServices/workspaces/datasets",
+            "Microsoft.MachineLearningServices/workspaces/services",
+            "Microsoft.MachineLearningServices/workspaces/datastores",
+            "Microsoft.MachineLearningServices/workspaces/eventGridFilters",
+            "Microsoft.MachineLearningServices/workspaces/models",
+            "Microsoft.MachineLearningServices/workspaces/models/versions",
+            "Microsoft.MachineLearningServices/operations",
+            "Microsoft.MachineLearningServices/locations",
+            "Microsoft.MachineLearningServices/locations/computeOperationsStatus",
+            "Microsoft.MachineLearningServices/locations/mfeOperationResults",
+            "Microsoft.MachineLearningServices/locations/mfeOperationsStatus",
+            "Microsoft.MachineLearningServices/locations/workspaceOperationsStatus",
+            "Microsoft.MachineLearningServices/locations/usages",
+            "Microsoft.MachineLearningServices/locations/vmsizes",
+            "Microsoft.MachineLearningServices/locations/quotas",
+            "Microsoft.MachineLearningServices/locations/updatequotas",
+            "Microsoft.MachineLearningServices/workspaces/linkedServices",
+            "Microsoft.MachineLearningServices/workspaces/labelingJobs",
+            "Microsoft.MachineLearningServices/workspaces/schedules",
+            "Microsoft.MachineLearningServices/workspaces/featuresets",
+            "Microsoft.MachineLearningServices/workspaces/serverlessEndpoints",
+            "Microsoft.MachineLearningServices/workspaces/marketplaceSubscriptions",
+            "Microsoft.MachineLearningServices/workspaces/inferencePools",
+            "Microsoft.MachineLearningServices/workspaces/inferencePools/groups",
+            "Microsoft.MachineLearningServices/workspaces/inferencePools/endpoints",
+            "Microsoft.MachineLearningServices/workspaces/featuresets/versions",
+            "Microsoft.MachineLearningServices/workspaces/featurestoreEntities",
+            "Microsoft.MachineLearningServices/workspaces/featurestoreEntities/versions",
+            "Microsoft.MachineLearningServices/workspaces/endpoints",
+            "Microsoft.MachineLearningServices/registries/codes",
+            "Microsoft.MachineLearningServices/registries/codes/versions",
+            "Microsoft.MachineLearningServices/registries/components",
+            "Microsoft.MachineLearningServices/registries/components/versions",
+            "Microsoft.MachineLearningServices/registries/data",
+            "Microsoft.MachineLearningServices/registries/data/versions",
+            "Microsoft.MachineLearningServices/registries/datareferences",
+            "Microsoft.MachineLearningServices/registries/datareferences/versions",
+            "Microsoft.MachineLearningServices/registries/environments",
+            "Microsoft.MachineLearningServices/registries/environments/versions",
+            "Microsoft.MachineLearningServices/registries/models",
+            "Microsoft.MachineLearningServices/registries/models/versions",
+            "Microsoft.MachineLearningServices/capacityReservationGroups",
+            "Microsoft.ContainerInstance/containerGroups",
+            "Microsoft.ContainerInstance/serviceAssociationLinks",
+            "Microsoft.ContainerInstance/locations",
+            "Microsoft.ContainerInstance/locations/capabilities",
+            "Microsoft.ContainerInstance/locations/usages",
+            "Microsoft.ContainerInstance/locations/operations",
+            "Microsoft.ContainerInstance/locations/operationresults",
+            "Microsoft.ContainerInstance/operations",
+            "Microsoft.ContainerInstance/locations/cachedImages",
+            "Microsoft.ContainerInstance/locations/validateDeleteVirtualNetworkOrSubnets",
+            "Microsoft.ContainerInstance/locations/deleteVirtualNetworkOrSubnets",
+            "Microsoft.ManagedIdentity/Identities",
+            "Microsoft.ManagedIdentity/userAssignedIdentities",
+            "Microsoft.ManagedIdentity/operations",
+            "Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials",
+            "Microsoft.Cdn/profiles",
+            "Microsoft.Cdn/profiles/endpoints",
+            "Microsoft.Cdn/profiles/endpoints/origins",
+            "Microsoft.Cdn/profiles/endpoints/origingroups",
+            "Microsoft.Cdn/profiles/endpoints/customdomains",
+            "Microsoft.Cdn/operationresults",
+            "Microsoft.Cdn/operationresults/profileresults",
+            "Microsoft.Cdn/operationresults/profileresults/endpointresults",
+            "Microsoft.Cdn/operationresults/profileresults/endpointresults/originresults",
+            "Microsoft.Cdn/operationresults/profileresults/endpointresults/origingroupresults",
+            "Microsoft.Cdn/operationresults/profileresults/endpointresults/customdomainresults",
+            "Microsoft.Cdn/checkNameAvailability",
+            "Microsoft.Cdn/checkEndpointNameAvailability",
+            "Microsoft.Cdn/checkResourceUsage",
+            "Microsoft.Cdn/validateProbe",
+            "Microsoft.Cdn/canMigrate",
+            "Microsoft.Cdn/migrate",
+            "Microsoft.Cdn/operations",
+            "Microsoft.Cdn/edgenodes",
+            "Microsoft.Cdn/CdnWebApplicationFirewallPolicies",
+            "Microsoft.Cdn/operationresults/cdnwebapplicationfirewallpolicyresults",
+            "Microsoft.Cdn/CdnWebApplicationFirewallManagedRuleSets",
+            "Microsoft.Cdn/profiles/afdendpoints",
+            "Microsoft.Cdn/profiles/afdendpoints/routes",
+            "Microsoft.Cdn/profiles/customdomains",
+            "Microsoft.Cdn/profiles/origingroups",
+            "Microsoft.Cdn/profiles/origingroups/origins",
+            "Microsoft.Cdn/profiles/rulesets",
+            "Microsoft.Cdn/profiles/rulesets/rules",
+            "Microsoft.Cdn/profiles/secrets",
+            "Microsoft.Cdn/validateSecret",
+            "Microsoft.Cdn/profiles/keygroups",
+            "Microsoft.Cdn/profiles/securitypolicies",
+            "Microsoft.Cdn/operationresults/profileresults/afdendpointresults",
+            "Microsoft.Cdn/operationresults/profileresults/afdendpointresults/routeresults",
+            "Microsoft.Cdn/operationresults/profileresults/customdomainresults",
+            "Microsoft.Cdn/operationresults/profileresults/origingroupresults",
+            "Microsoft.Cdn/operationresults/profileresults/origingroupresults/originresults",
+            "Microsoft.Cdn/operationresults/profileresults/rulesetresults",
+            "Microsoft.Cdn/operationresults/profileresults/rulesetresults/ruleresults",
+            "Microsoft.Cdn/operationresults/profileresults/secretresults",
+            "Microsoft.Cdn/operationresults/profileresults/securitypolicyresults",
+            "Microsoft.Cdn/profiles/policies",
+            "Microsoft.Cdn/profiles/networkpolicies",
+            "Microsoft.Cdn/operationresults/profileresults/policyresults",
+            "Microsoft.BotService/botServices",
+            "Microsoft.BotService/botServices/channels",
+            "Microsoft.BotService/botServices/connections",
+            "Microsoft.BotService/listAuthServiceProviders",
+            "Microsoft.BotService/listQnAMakerEndpointKeys",
+            "Microsoft.BotService/hostSettings",
+            "Microsoft.BotService/checkNameAvailability",
+            "Microsoft.BotService/locations",
+            "Microsoft.BotService/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+            "Microsoft.BotService/operations",
+            "Microsoft.BotService/botServices/privateEndpointConnectionProxies",
+            "Microsoft.BotService/botServices/privateEndpointConnections",
+            "Microsoft.BotService/botServices/privateLinkResources",
+            "Microsoft.BotService/operationResults",
+            "Microsoft.Devices/checkNameAvailability",
+            "Microsoft.Devices/checkProvisioningServiceNameAvailability",
+            "Microsoft.Devices/usages",
+            "Microsoft.Devices/operations",
+            "Microsoft.Devices/operationResults",
+            "Microsoft.Devices/provisioningServiceOperationResults",
+            "Microsoft.Devices/locations/provisioningServiceOperationResults",
+            "Microsoft.Devices/locations",
+            "Microsoft.Devices/locations/operationResults",
+            "Microsoft.Devices/IotHubs",
+            "Microsoft.Devices/IotHubs/eventGridFilters",
+            "Microsoft.Devices/IotHubs/failover",
+            "Microsoft.Devices/ProvisioningServices",
+            "Microsoft.Devices/IotHubs/securitySettings",
+            "Microsoft.Databricks/workspaces",
+            "Microsoft.Databricks/accessConnectors",
+            "Microsoft.Databricks/workspaces/virtualNetworkPeerings",
+            "Microsoft.Databricks/workspaces/dbWorkspaces",
+            "Microsoft.Databricks/operations",
+            "Microsoft.Databricks/locations",
+            "Microsoft.Databricks/locations/operationstatuses",
+            "Microsoft.Databricks/locations/getNetworkPolicies",
+            "Microsoft.EventGrid/locations",
+            "Microsoft.EventGrid/locations/eventSubscriptions",
+            "Microsoft.EventGrid/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+            "Microsoft.EventGrid/eventSubscriptions",
+            "Microsoft.EventGrid/topics",
+            "Microsoft.EventGrid/domains",
+            "Microsoft.EventGrid/domains/topics",
+            "Microsoft.EventGrid/topicTypes",
+            "Microsoft.EventGrid/operations",
+            "Microsoft.EventGrid/locations/operationsStatus",
+            "Microsoft.EventGrid/locations/operationResults",
+            "Microsoft.EventGrid/locations/topicTypes",
+            "Microsoft.EventGrid/extensionTopics",
+            "Microsoft.EventGrid/operationResults",
+            "Microsoft.EventGrid/operationsStatus",
+            "Microsoft.EventGrid/systemTopics",
+            "Microsoft.EventGrid/systemTopics/eventSubscriptions",
+            "Microsoft.EventGrid/partnerRegistrations",
+            "Microsoft.EventGrid/partnerConfigurations",
+            "Microsoft.EventGrid/verifiedPartners",
+            "Microsoft.EventGrid/namespaces",
+            "Microsoft.EventGrid/partnerNamespaces",
+            "Microsoft.EventGrid/partnerTopics",
+            "Microsoft.EventGrid/partnerTopics/eventSubscriptions",
+            "Microsoft.EventGrid/partnerNamespaces/eventChannels",
+            "Microsoft.EventGrid/partnerNamespaces/channels",
+            "Microsoft.EventGrid/partnerDestinations",
+            "Microsoft.DBforPostgreSQL/operations",
+            "Microsoft.DBforPostgreSQL/servers",
+            "Microsoft.DBforPostgreSQL/serverGroupsv2",
+            "Microsoft.DBforPostgreSQL/flexibleServers",
+            "Microsoft.DBforPostgreSQL/locations/capabilities",
+            "Microsoft.DBforPostgreSQL/locations/checkNameAvailability",
+            "Microsoft.DBforPostgreSQL/servers/recoverableServers",
+            "Microsoft.DBforPostgreSQL/servers/virtualNetworkRules",
+            "Microsoft.DBforPostgreSQL/checkNameAvailability",
+            "Microsoft.DBforPostgreSQL/availableEngineVersions",
+            "Microsoft.DBforPostgreSQL/getPrivateDnsZoneSuffix",
+            "Microsoft.DBforPostgreSQL/locations",
+            "Microsoft.DBforPostgreSQL/locations/operationResults",
+            "Microsoft.DBforPostgreSQL/locations/azureAsyncOperation",
+            "Microsoft.DBforPostgreSQL/locations/administratorOperationResults",
+            "Microsoft.DBforPostgreSQL/locations/administratorAzureAsyncOperation",
+            "Microsoft.DBforPostgreSQL/locations/checkVirtualNetworkSubnetUsage",
+            "Microsoft.DBforPostgreSQL/locations/privateEndpointConnectionProxyOperationResults",
+            "Microsoft.DBforPostgreSQL/locations/privateEndpointConnectionProxyAzureAsyncOperation",
+            "Microsoft.DBforPostgreSQL/locations/privateEndpointConnectionOperationResults",
+            "Microsoft.DBforPostgreSQL/locations/privateEndpointConnectionAzureAsyncOperation",
+            "Microsoft.DBforPostgreSQL/locations/performanceTiers",
+            "Microsoft.DBforPostgreSQL/locations/securityAlertPoliciesAzureAsyncOperation",
+            "Microsoft.DBforPostgreSQL/locations/securityAlertPoliciesOperationResults",
+            "Microsoft.DBforPostgreSQL/locations/recommendedActionSessionsAzureAsyncOperation",
+            "Microsoft.DBforPostgreSQL/locations/recommendedActionSessionsOperationResults",
+            "Microsoft.DBforPostgreSQL/servers/topQueryStatistics",
+            "Microsoft.DBforPostgreSQL/servers/queryTexts",
+            "Microsoft.DBforPostgreSQL/servers/waitStatistics",
+            "Microsoft.DBforPostgreSQL/servers/resetQueryPerformanceInsightData",
+            "Microsoft.DBforPostgreSQL/servers/advisors",
+            "Microsoft.DBforPostgreSQL/servers/privateLinkResources",
+            "Microsoft.DBforPostgreSQL/servers/privateEndpointConnections",
+            "Microsoft.DBforPostgreSQL/servers/privateEndpointConnectionProxies",
+            "Microsoft.DBforPostgreSQL/servers/keys",
+            "Microsoft.DBforPostgreSQL/locations/serverKeyAzureAsyncOperation",
+            "Microsoft.DBforPostgreSQL/locations/serverKeyOperationResults",
+            "Microsoft.DBforPostgreSQL/locations/getCachedServerName",
+            "Microsoft.TimeSeriesInsights/environments",
+            "Microsoft.TimeSeriesInsights/environments/eventsources",
+            "Microsoft.TimeSeriesInsights/environments/referenceDataSets",
+            "Microsoft.TimeSeriesInsights/environments/accessPolicies",
+            "Microsoft.TimeSeriesInsights/environments/privateLinkResources",
+            "Microsoft.TimeSeriesInsights/environments/privateEndpointConnectionProxies",
+            "Microsoft.TimeSeriesInsights/environments/privateEndpointConnections",
+            "Microsoft.TimeSeriesInsights/operations",
+            "Microsoft.DBforMariaDB/operations",
+            "Microsoft.DBforMariaDB/servers",
+            "Microsoft.DBforMariaDB/servers/recoverableServers",
+            "Microsoft.DBforMariaDB/servers/virtualNetworkRules",
+            "Microsoft.DBforMariaDB/checkNameAvailability",
+            "Microsoft.DBforMariaDB/locations",
+            "Microsoft.DBforMariaDB/locations/operationResults",
+            "Microsoft.DBforMariaDB/locations/azureAsyncOperation",
+            "Microsoft.DBforMariaDB/locations/performanceTiers",
+            "Microsoft.DBforMariaDB/locations/securityAlertPoliciesAzureAsyncOperation",
+            "Microsoft.DBforMariaDB/locations/privateEndpointConnectionProxyOperationResults",
+            "Microsoft.DBforMariaDB/locations/privateEndpointConnectionProxyAzureAsyncOperation",
+            "Microsoft.DBforMariaDB/locations/privateEndpointConnectionOperationResults",
+            "Microsoft.DBforMariaDB/locations/privateEndpointConnectionAzureAsyncOperation",
+            "Microsoft.DBforMariaDB/locations/securityAlertPoliciesOperationResults",
+            "Microsoft.DBforMariaDB/locations/recommendedActionSessionsAzureAsyncOperation",
+            "Microsoft.DBforMariaDB/locations/recommendedActionSessionsOperationResults",
+            "Microsoft.DBforMariaDB/servers/topQueryStatistics",
+            "Microsoft.DBforMariaDB/servers/queryTexts",
+            "Microsoft.DBforMariaDB/servers/waitStatistics",
+            "Microsoft.DBforMariaDB/servers/resetQueryPerformanceInsightData",
+            "Microsoft.DBforMariaDB/servers/advisors",
+            "Microsoft.DBforMariaDB/servers/privateLinkResources",
+            "Microsoft.DBforMariaDB/servers/privateEndpointConnections",
+            "Microsoft.DBforMariaDB/servers/privateEndpointConnectionProxies",
+            "Microsoft.DBforMariaDB/servers/keys",
+            "Microsoft.DBforMariaDB/locations/serverKeyAzureAsyncOperation",
+            "Microsoft.DBforMariaDB/locations/serverKeyOperationResults",
+            "Microsoft.DBforMariaDB/servers/start",
+            "Microsoft.DBforMariaDB/servers/stop",
+            "Microsoft.Cache/Redis",
+            "Microsoft.Cache/Redis/privateEndpointConnectionProxies",
+            "Microsoft.Cache/Redis/privateEndpointConnectionProxies/validate",
+            "Microsoft.Cache/Redis/privateEndpointConnections",
+            "Microsoft.Cache/Redis/privateLinkResources",
+            "Microsoft.Cache/locations/asyncOperations",
+            "Microsoft.Cache/locations",
+            "Microsoft.Cache/locations/operationResults",
+            "Microsoft.Cache/locations/operationsStatus",
+            "Microsoft.Cache/checkNameAvailability",
+            "Microsoft.Cache/operations",
+            "Microsoft.Cache/redisEnterprise",
+            "Microsoft.Cache/RedisEnterprise/privateEndpointConnectionProxies",
+            "Microsoft.Cache/RedisEnterprise/privateEndpointConnectionProxies/validate",
+            "Microsoft.Cache/RedisEnterprise/privateEndpointConnectionProxies/operationresults",
+            "Microsoft.Cache/RedisEnterprise/privateEndpointConnections",
+            "Microsoft.Cache/RedisEnterprise/privateEndpointConnections/operationresults",
+            "Microsoft.Cache/RedisEnterprise/privateLinkResources",
+            "Microsoft.Cache/redisEnterprise/databases",
+            "Microsoft.Cache/locations/checkNameAvailability",
+            "Microsoft.Cache/Redis/EventGridFilters",
+            "Microsoft.RecoveryServices/vaults",
+            "Microsoft.RecoveryServices/operations",
+            "Microsoft.RecoveryServices/locations",
+            "Microsoft.RecoveryServices/locations/backupStatus",
+            "Microsoft.RecoveryServices/locations/checkNameAvailability",
+            "Microsoft.RecoveryServices/locations/allocatedStamp",
+            "Microsoft.RecoveryServices/locations/allocateStamp",
+            "Microsoft.RecoveryServices/locations/backupValidateFeatures",
+            "Microsoft.RecoveryServices/locations/backupPreValidateProtection",
+            "Microsoft.RecoveryServices/locations/backupCrrJobs",
+            "Microsoft.RecoveryServices/locations/backupCrrJob",
+            "Microsoft.RecoveryServices/locations/backupAadProperties",
+            "Microsoft.RecoveryServices/locations/backupCrossRegionRestore",
+            "Microsoft.RecoveryServices/locations/backupCrrOperationResults",
+            "Microsoft.RecoveryServices/locations/backupCrrOperationsStatus",
+            "Microsoft.RecoveryServices/backupProtectedItems",
+            "Microsoft.RecoveryServices/replicationEligibilityResults",
+            "Microsoft.RecoveryServices/locations/capabilities",
+            "Microsoft.ServiceBus/namespaces",
+            "Microsoft.ServiceBus/namespaces/authorizationrules",
+            "Microsoft.ServiceBus/namespaces/networkrulesets",
+            "Microsoft.ServiceBus/namespaces/privateEndpointConnections",
+            "Microsoft.ServiceBus/namespaces/privateEndpointConnectionProxies",
+            "Microsoft.ServiceBus/namespaces/queues",
+            "Microsoft.ServiceBus/namespaces/queues/authorizationrules",
+            "Microsoft.ServiceBus/namespaces/topics",
+            "Microsoft.ServiceBus/namespaces/topics/authorizationrules",
+            "Microsoft.ServiceBus/namespaces/topics/subscriptions",
+            "Microsoft.ServiceBus/namespaces/topics/subscriptions/rules",
+            "Microsoft.ServiceBus/checkNamespaceAvailability",
+            "Microsoft.ServiceBus/checkNameAvailability",
+            "Microsoft.ServiceBus/sku",
+            "Microsoft.ServiceBus/premiumMessagingRegions",
+            "Microsoft.ServiceBus/operations",
+            "Microsoft.ServiceBus/namespaces/eventgridfilters",
+            "Microsoft.ServiceBus/namespaces/disasterrecoveryconfigs",
+            "Microsoft.ServiceBus/namespaces/migrationConfigurations",
+            "Microsoft.ServiceBus/namespaces/disasterrecoveryconfigs/checkNameAvailability",
+            "Microsoft.ServiceBus/locations",
+            "Microsoft.ServiceBus/locations/operationStatus",
+            "Microsoft.ServiceBus/locations/namespaceOperationResults",
+            "Microsoft.ServiceBus/locations/deleteVirtualNetworkOrSubnets",
+            "Microsoft.ServiceFabricMesh/applications",
+            "Microsoft.ServiceFabricMesh/networks",
+            "Microsoft.ServiceFabricMesh/volumes",
+            "Microsoft.ServiceFabricMesh/secrets",
+            "Microsoft.ServiceFabricMesh/gateways",
+            "Microsoft.ServiceFabricMesh/locations",
+            "Microsoft.ServiceFabricMesh/locations/applicationOperations",
+            "Microsoft.ServiceFabricMesh/locations/networkOperations",
+            "Microsoft.ServiceFabricMesh/locations/volumeOperations",
+            "Microsoft.ServiceFabricMesh/locations/gatewayOperations",
+            "Microsoft.ServiceFabricMesh/locations/secretOperations",
+            "Microsoft.ServiceFabricMesh/operations",
+            "Microsoft.NotificationHubs/namespaces",
+            "Microsoft.NotificationHubs/namespaces/notificationHubs",
+            "Microsoft.NotificationHubs/checkNamespaceAvailability",
+            "Microsoft.NotificationHubs/checkNameAvailability",
+            "Microsoft.NotificationHubs/operations",
+            "Microsoft.ContainerRegistry/registries",
+            "Microsoft.ContainerRegistry/registries/cacheRules",
+            "Microsoft.ContainerRegistry/registries/credentialSets",
+            "Microsoft.ContainerRegistry/registries/connectedRegistries",
+            "Microsoft.ContainerRegistry/registries/connectedRegistries/deactivate",
+            "Microsoft.ContainerRegistry/registries/scopeMaps",
+            "Microsoft.ContainerRegistry/registries/tokens",
+            "Microsoft.ContainerRegistry/registries/generateCredentials",
+            "Microsoft.ContainerRegistry/registries/privateEndpointConnections",
+            "Microsoft.ContainerRegistry/registries/privateEndpointConnectionProxies",
+            "Microsoft.ContainerRegistry/registries/privateEndpointConnectionProxies/validate",
+            "Microsoft.ContainerRegistry/registries/privateLinkResources",
+            "Microsoft.ContainerRegistry/registries/importImage",
+            "Microsoft.ContainerRegistry/registries/exportPipelines",
+            "Microsoft.ContainerRegistry/registries/importPipelines",
+            "Microsoft.ContainerRegistry/registries/pipelineRuns",
+            "Microsoft.ContainerRegistry/registries/listBuildSourceUploadUrl",
+            "Microsoft.ContainerRegistry/registries/scheduleRun",
+            "Microsoft.ContainerRegistry/registries/runs",
+            "Microsoft.ContainerRegistry/registries/taskRuns",
+            "Microsoft.ContainerRegistry/registries/taskRuns/listDetails",
+            "Microsoft.ContainerRegistry/registries/agentPools",
+            "Microsoft.ContainerRegistry/registries/agentPoolsOperationResults",
+            "Microsoft.ContainerRegistry/registries/agentPools/listQueueStatus",
+            "Microsoft.ContainerRegistry/registries/runs/listLogSasUrl",
+            "Microsoft.ContainerRegistry/registries/runs/cancel",
+            "Microsoft.ContainerRegistry/registries/tasks",
+            "Microsoft.ContainerRegistry/registries/tasks/listDetails",
+            "Microsoft.ContainerRegistry/registries/replications",
+            "Microsoft.ContainerRegistry/registries/webhooks",
+            "Microsoft.ContainerRegistry/registries/webhooks/ping",
+            "Microsoft.ContainerRegistry/registries/webhooks/getCallbackConfig",
+            "Microsoft.ContainerRegistry/registries/webhooks/listEvents",
+            "Microsoft.ContainerRegistry/locations/operationResults",
+            "Microsoft.ContainerRegistry/locations/deleteVirtualNetworkOrSubnets",
+            "Microsoft.ContainerRegistry/registries/listCredentials",
+            "Microsoft.ContainerRegistry/registries/regenerateCredential",
+            "Microsoft.ContainerRegistry/registries/listUsages",
+            "Microsoft.ContainerRegistry/registries/listPolicies",
+            "Microsoft.ContainerRegistry/registries/updatePolicies",
+            "Microsoft.ContainerRegistry/registries/eventGridFilters",
+            "Microsoft.ContainerRegistry/checkNameAvailability",
+            "Microsoft.ContainerRegistry/operations",
+            "Microsoft.ContainerRegistry/locations",
+            "Microsoft.StreamAnalytics/streamingjobs",
+            "Microsoft.StreamAnalytics/clusters",
+            "Microsoft.StreamAnalytics/clusters/privateEndpoints",
+            "Microsoft.StreamAnalytics/locations",
+            "Microsoft.StreamAnalytics/locations/quotas",
+            "Microsoft.StreamAnalytics/locations/testQuery",
+            "Microsoft.StreamAnalytics/locations/compileQuery",
+            "Microsoft.StreamAnalytics/locations/sampleInput",
+            "Microsoft.StreamAnalytics/locations/testInput",
+            "Microsoft.StreamAnalytics/locations/testOutput",
+            "Microsoft.StreamAnalytics/locations/operationResults",
+            "Microsoft.StreamAnalytics/operations",
+            "Microsoft.DataLakeAnalytics/accounts",
+            "Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts",
+            "Microsoft.DataLakeAnalytics/accounts/storageAccounts",
+            "Microsoft.DataLakeAnalytics/accounts/storageAccounts/containers",
+            "Microsoft.DataLakeAnalytics/accounts/storageAccounts/containers/listSasTokens",
+            "Microsoft.DataLakeAnalytics/locations",
+            "Microsoft.DataLakeAnalytics/locations/operationresults",
+            "Microsoft.DataLakeAnalytics/locations/checkNameAvailability",
+            "Microsoft.DataLakeAnalytics/locations/capability",
+            "Microsoft.DataLakeAnalytics/locations/usages",
+            "Microsoft.DataLakeAnalytics/operations",
+            "Microsoft.Relay/namespaces",
+            "Microsoft.Relay/namespaces/authorizationrules",
+            "Microsoft.Relay/namespaces/privateEndpointConnections",
+            "Microsoft.Relay/namespaces/privateEndpointConnectionProxies",
+            "Microsoft.Relay/namespaces/hybridconnections",
+            "Microsoft.Relay/namespaces/hybridconnections/authorizationrules",
+            "Microsoft.Relay/namespaces/wcfrelays",
+            "Microsoft.Relay/namespaces/wcfrelays/authorizationrules",
+            "Microsoft.Relay/checkNameAvailability",
+            "Microsoft.Relay/operations",
+            "Microsoft.Relay/locations",
+            "Microsoft.Relay/locations/namespaceOperationResults",
+            // Not supported in Mooncake
+            /*
+            "Microsoft.DevTestLab/labs/environments",
+            "Microsoft.DevTestLab/labs",
+            "Microsoft.DevTestLab/schedules",
+            "Microsoft.DevTestLab/labs/virtualMachines",
+            "Microsoft.DevTestLab/labs/serviceRunners",
+            "Microsoft.DevTestLab/operations",
+            "Microsoft.DevTestLab/locations",
+            "Microsoft.DevTestLab/locations/operations",
+            */
+            "Microsoft.EventHub/namespaces",
+            "Microsoft.EventHub/clusters",
+            "Microsoft.EventHub/namespaces/authorizationrules",
+            "Microsoft.EventHub/namespaces/networkrulesets",
+            "Microsoft.EventHub/namespaces/privateEndpointConnections",
+            "Microsoft.EventHub/namespaces/privateEndpointConnectionProxies",
+            "Microsoft.EventHub/namespaces/networkSecurityPerimeterConfigurations",
+            "Microsoft.EventHub/namespaces/networkSecurityPerimeterAssociationProxies",
+            "Microsoft.EventHub/namespaces/eventhubs",
+            "Microsoft.EventHub/namespaces/eventhubs/authorizationrules",
+            "Microsoft.EventHub/namespaces/eventhubs/consumergroups",
+            "Microsoft.EventHub/namespaces/applicationGroups",
+            "Microsoft.EventHub/checkNamespaceAvailability",
+            "Microsoft.EventHub/checkNameAvailability",
+            "Microsoft.EventHub/sku",
+            "Microsoft.EventHub/operations",
+            "Microsoft.EventHub/namespaces/disasterrecoveryconfigs",
+            "Microsoft.EventHub/namespaces/disasterrecoveryconfigs/checkNameAvailability",
+            "Microsoft.EventHub/locations",
+            "Microsoft.EventHub/locations/operationStatus",
+            "Microsoft.EventHub/locations/clusterOperationResults",
+            "Microsoft.EventHub/locations/namespaceOperationResults",
+            "Microsoft.EventHub/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+            "Microsoft.EventHub/locations/deleteVirtualNetworkOrSubnets",
+            "Microsoft.EventHub/availableClusterRegions",
+            "Microsoft.AppPlatform/Spring",
+            "Microsoft.AppPlatform/Spring/operationResults",
+            "Microsoft.AppPlatform/Spring/operationStatuses",
+            "Microsoft.AppPlatform/Spring/apps",
+            "Microsoft.AppPlatform/Spring/apps/operationResults",
+            "Microsoft.AppPlatform/Spring/apps/operationStatuses",
+            "Microsoft.AppPlatform/Spring/apps/deployments",
+            "Microsoft.AppPlatform/Spring/apps/deployments/operationResults",
+            "Microsoft.AppPlatform/Spring/apps/deployments/operationStatuses",
+            "Microsoft.AppPlatform/Spring/configServers",
+            "Microsoft.AppPlatform/Spring/configServers/operationResults",
+            "Microsoft.AppPlatform/Spring/configServers/operationStatuses",
+            "Microsoft.AppPlatform/Spring/eurekaServers",
+            "Microsoft.AppPlatform/Spring/eurekaServers/operationResults",
+            "Microsoft.AppPlatform/Spring/eurekaServers/operationStatuses",
+            "Microsoft.AppPlatform/Spring/apps/domains",
+            "Microsoft.AppPlatform/Spring/apps/domains/operationResults",
+            "Microsoft.AppPlatform/Spring/apps/domains/operationStatuses",
+            "Microsoft.AppPlatform/locations/checkNameAvailability",
+            "Microsoft.AppPlatform/operations",
+            "Microsoft.AppPlatform/locations",
+            "Microsoft.AppPlatform/runtimeVersions",
+            "Microsoft.AppPlatform/locations/operationResults",
+            "Microsoft.AppPlatform/locations/operationStatus",
+            "Microsoft.CustomProviders/resourceProviders",
+            "Microsoft.CustomProviders/resourceProviders/operationResults",
+            "Microsoft.CustomProviders/resourceProviders/operationStatuses",
+            "Microsoft.CustomProviders/associations",
+            "Microsoft.CustomProviders/operations",
+            "Microsoft.CustomProviders/locations",
+            "Microsoft.CustomProviders/locations/operationStatuses",
+            "Microsoft.CustomProviders/locations/operationResults",
+            "Microsoft.DocumentDB/databaseAccounts",
+            "Microsoft.DocumentDB/databaseAccountNames",
+            "Microsoft.DocumentDB/operations",
+            "Microsoft.DocumentDB/operationResults",
+            "Microsoft.DocumentDB/operationsStatus",
+            "Microsoft.DocumentDB/locations/operationsStatus",
+            "Microsoft.DocumentDB/locations/operationResults",
+            "Microsoft.DocumentDB/locations",
+            "Microsoft.DocumentDB/locations/deleteVirtualNetworkOrSubnets",
+            "Microsoft.DocumentDB/locations/restorableDatabaseAccounts",
+            "Microsoft.DocumentDB/restorableDatabaseAccounts",
+            "Microsoft.DocumentDB/cassandraClusters",
+            "Microsoft.DocumentDB/databaseAccounts/encryptionScopes",
+            "Microsoft.DocumentDB/mongoClusters",
+            "Microsoft.DocumentDB/locations/mongoClusterOperationResults",
+            "Microsoft.DocumentDB/locations/mongoClusterAzureAsyncOperation",
+            "Microsoft.DocumentDB/locations/checkMongoClusterNameAvailability",
+            "Microsoft.DocumentDB/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+            "Microsoft.DocumentDB/throughputPools",
+            "Microsoft.DocumentDB/throughputPools/throughputPoolAccounts",
+            "Microsoft.Maintenance/maintenanceConfigurations",
+            "Microsoft.Maintenance/updates",
+            "Microsoft.Maintenance/configurationAssignments",
+            "Microsoft.Maintenance/applyUpdates",
+            "Microsoft.Maintenance/publicMaintenanceConfigurations",
+            "Microsoft.Maintenance/operations",
+            "Microsoft.Sql/operations",
+            "Microsoft.Sql/locations",
+            "Microsoft.Sql/locations/capabilities",
+            "Microsoft.Sql/locations/databaseAzureAsyncOperation",
+            "Microsoft.Sql/locations/databaseOperationResults",
+            "Microsoft.Sql/locations/databaseEncryptionProtectorRevalidateAzureAsyncOperation",
+            "Microsoft.Sql/locations/databaseEncryptionProtectorRevalidateOperationResults",
+            "Microsoft.Sql/locations/databaseEncryptionProtectorRevertAzureAsyncOperation",
+            "Microsoft.Sql/locations/databaseEncryptionProtectorRevertOperationResults",
+            "Microsoft.Sql/locations/serverKeyAzureAsyncOperation",
+            "Microsoft.Sql/locations/serverKeyOperationResults",
+            "Microsoft.Sql/servers/keys",
+            "Microsoft.Sql/servers/encryptionProtector",
+            "Microsoft.Sql/locations/encryptionProtectorOperationResults",
+            "Microsoft.Sql/locations/encryptionProtectorAzureAsyncOperation",
+            "Microsoft.Sql/locations/externalPolicyBasedAuthorizationsAzureAsycOperation",
+            "Microsoft.Sql/locations/externalPolicyBasedAuthorizationsOperationResults",
+            "Microsoft.Sql/locations/refreshExternalGovernanceStatusOperationResults",
+            "Microsoft.Sql/locations/refreshExternalGovernanceStatusAzureAsyncOperation",
+            "Microsoft.Sql/locations/refreshExternalGovernanceStatusMIOperationResults",
+            "Microsoft.Sql/locations/refreshExternalGovernanceStatusMIAzureAsyncOperation",
+            "Microsoft.Sql/locations/managedInstanceKeyAzureAsyncOperation",
+            "Microsoft.Sql/locations/managedInstanceKeyOperationResults",
+            "Microsoft.Sql/locations/managedInstanceEncryptionProtectorOperationResults",
+            "Microsoft.Sql/locations/managedInstanceEncryptionProtectorAzureAsyncOperation",
+            "Microsoft.Sql/locations/transparentDataEncryptionAzureAsyncOperation",
+            "Microsoft.Sql/locations/transparentDataEncryptionOperationResults",
+            "Microsoft.Sql/locations/managedtransparentDataEncryptionAzureAsyncOperation",
+            "Microsoft.Sql/locations/managedtransparentDataEncryptionOperationResults",
+            "Microsoft.Sql/servers/tdeCertificates",
+            "Microsoft.Sql/locations/tdeCertAzureAsyncOperation",
+            "Microsoft.Sql/locations/tdeCertOperationResults",
+            "Microsoft.Sql/locations/serverAzureAsyncOperation",
+            "Microsoft.Sql/locations/serverOperationResults",
+            "Microsoft.Sql/locations/usages",
+            "Microsoft.Sql/checkNameAvailability",
+            "Microsoft.Sql/servers",
+            "Microsoft.Sql/servers/databases",
+            "Microsoft.Sql/servers/serviceObjectives",
+            "Microsoft.Sql/servers/communicationLinks",
+            "Microsoft.Sql/servers/administrators",
+            "Microsoft.Sql/servers/administratorOperationResults",
+            "Microsoft.Sql/locations/serverAdministratorAzureAsyncOperation",
+            "Microsoft.Sql/locations/serverAdministratorOperationResults",
+            "Microsoft.Sql/servers/restorableDroppedDatabases",
+            "Microsoft.Sql/servers/recoverableDatabases",
+            "Microsoft.Sql/servers/databases/geoBackupPolicies",
+            "Microsoft.Sql/servers/import",
+            "Microsoft.Sql/servers/importExportOperationResults",
+            "Microsoft.Sql/servers/operationResults",
+            "Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies",
+            "Microsoft.Sql/servers/databases/backupShortTermRetentionPolicies",
+            "Microsoft.Sql/servers/databaseSecurityPolicies",
+            "Microsoft.Sql/servers/automaticTuning",
+            "Microsoft.Sql/servers/databases/automaticTuning",
+            "Microsoft.Sql/servers/databases/transparentDataEncryption",
+            "Microsoft.Sql/servers/databases/ledgerDigestUploads",
+            "Microsoft.Sql/locations/ledgerDigestUploadsAzureAsyncOperation",
+            "Microsoft.Sql/locations/ledgerDigestUploadsOperationResults",
+            "Microsoft.Sql/servers/recommendedElasticPools",
+            "Microsoft.Sql/servers/databases/dataMaskingPolicies",
+            "Microsoft.Sql/servers/databases/dataMaskingPolicies/rules",
+            "Microsoft.Sql/servers/databases/securityAlertPolicies",
+            "Microsoft.Sql/servers/securityAlertPolicies",
+            "Microsoft.Sql/servers/databases/advancedThreatProtectionSettings",
+            "Microsoft.Sql/servers/advancedThreatProtectionSettings",
+            "Microsoft.Sql/managedInstances/databases/advancedThreatProtectionSettings",
+            "Microsoft.Sql/managedInstances/advancedThreatProtectionSettings",
+            "Microsoft.Sql/servers/databases/auditingSettings",
+            "Microsoft.Sql/servers/auditingSettings",
+            "Microsoft.Sql/servers/extendedAuditingSettings",
+            "Microsoft.Sql/servers/devOpsAuditingSettings",
+            "Microsoft.Sql/locations/auditingSettingsAzureAsyncOperation",
+            "Microsoft.Sql/locations/auditingSettingsOperationResults",
+            "Microsoft.Sql/locations/extendedAuditingSettingsAzureAsyncOperation",
+            "Microsoft.Sql/locations/extendedAuditingSettingsOperationResults",
+            "Microsoft.Sql/locations/devOpsAuditingSettingsOperationResults",
+            "Microsoft.Sql/locations/devOpsAuditingSettingsAzureAsyncOperation",
+            "Microsoft.Sql/locations/elasticPoolAzureAsyncOperation",
+            "Microsoft.Sql/locations/elasticPoolOperationResults",
+            "Microsoft.Sql/servers/elasticpools",
+            "Microsoft.Sql/servers/jobAccounts",
+            "Microsoft.Sql/servers/jobAgents",
+            "Microsoft.Sql/locations/jobAgentOperationResults",
+            "Microsoft.Sql/locations/jobAgentAzureAsyncOperation",
+            "Microsoft.Sql/servers/jobAgents/privateEndpoints",
+            "Microsoft.Sql/locations/jobAgentPrivateEndpointOperationResults",
+            "Microsoft.Sql/locations/jobAgentPrivateEndpointAzureAsyncOperation",
+            "Microsoft.Sql/servers/jobAgents/jobs",
+            "Microsoft.Sql/servers/jobAgents/jobs/steps",
+            "Microsoft.Sql/servers/jobAgents/jobs/executions",
+            "Microsoft.Sql/servers/disasterRecoveryConfiguration",
+            "Microsoft.Sql/servers/dnsAliases",
+            "Microsoft.Sql/locations/dnsAliasAsyncOperation",
+            "Microsoft.Sql/locations/dnsAliasOperationResults",
+            "Microsoft.Sql/servers/failoverGroups",
+            "Microsoft.Sql/locations/failoverGroupAzureAsyncOperation",
+            "Microsoft.Sql/locations/failoverGroupOperationResults",
+            "Microsoft.Sql/locations/firewallRulesOperationResults",
+            "Microsoft.Sql/locations/firewallRulesAzureAsyncOperation",
+            "Microsoft.Sql/locations/ipv6FirewallRulesOperationResults",
+            "Microsoft.Sql/locations/ipv6FirewallRulesAzureAsyncOperation",
+            "Microsoft.Sql/locations/deleteVirtualNetworkOrSubnets",
+            "Microsoft.Sql/servers/virtualNetworkRules",
+            "Microsoft.Sql/locations/virtualNetworkRulesOperationResults",
+            "Microsoft.Sql/locations/virtualNetworkRulesAzureAsyncOperation",
+            "Microsoft.Sql/locations/deleteVirtualNetworkOrSubnetsOperationResults",
+            "Microsoft.Sql/locations/deleteVirtualNetworkOrSubnetsAzureAsyncOperation",
+            "Microsoft.Sql/locations/databaseRestoreAzureAsyncOperation",
+            "Microsoft.Sql/servers/usages",
+            "Microsoft.Sql/servers/databases/metricDefinitions",
+            "Microsoft.Sql/servers/databases/metrics",
+            "Microsoft.Sql/servers/aggregatedDatabaseMetrics",
+            "Microsoft.Sql/servers/elasticpools/metrics",
+            "Microsoft.Sql/servers/elasticpools/metricdefinitions",
+            "Microsoft.Sql/servers/databases/topQueries",
+            "Microsoft.Sql/servers/databases/topQueries/queryText",
+            "Microsoft.Sql/servers/advisors",
+            "Microsoft.Sql/servers/elasticPools/advisors",
+            "Microsoft.Sql/servers/databases/advisors",
+            "Microsoft.Sql/servers/databases/extensions",
+            "Microsoft.Sql/servers/elasticPoolEstimates",
+            "Microsoft.Sql/servers/databases/auditRecords",
+            "Microsoft.Sql/servers/databases/VulnerabilityAssessmentScans",
+            "Microsoft.Sql/servers/databases/workloadGroups",
+            "Microsoft.Sql/servers/databases/vulnerabilityAssessments",
+            "Microsoft.Sql/servers/vulnerabilityAssessments",
+            "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments",
+            "Microsoft.Sql/managedInstances/vulnerabilityAssessments",
+            "Microsoft.Sql/servers/databases/VulnerabilityAssessmentSettings",
+            "Microsoft.Sql/servers/databases/VulnerabilityAssessment",
+            "Microsoft.Sql/locations/vulnerabilityAssessmentScanAzureAsyncOperation",
+            "Microsoft.Sql/locations/vulnerabilityAssessmentScanOperationResults",
+            "Microsoft.Sql/servers/databases/sqlvulnerabilityassessments",
+            "Microsoft.Sql/servers/sqlvulnerabilityassessments",
+            "Microsoft.Sql/locations/sqlVulnerabilityAssessmentAzureAsyncOperation",
+            "Microsoft.Sql/locations/sqlVulnerabilityAssessmentOperationResults",
+            "Microsoft.Sql/servers/databases/recommendedSensitivityLabels",
+            "Microsoft.Sql/servers/databases/syncGroups",
+            "Microsoft.Sql/servers/databases/syncGroups/syncMembers",
+            "Microsoft.Sql/servers/syncAgents",
+            "Microsoft.Sql/instancePools",
+            "Microsoft.Sql/locations/importExportOperationResults",
+            "Microsoft.Sql/locations/importExportAzureAsyncOperation",
+            "Microsoft.Sql/locations/instancePoolOperationResults",
+            "Microsoft.Sql/locations/instancePoolAzureAsyncOperation",
+            "Microsoft.Sql/managedInstances",
+            "Microsoft.Sql/managedInstances/administrators",
+            "Microsoft.Sql/managedInstances/databases",
+            "Microsoft.Sql/managedInstances/recoverableDatabases",
+            "Microsoft.Sql/managedInstances/metrics",
+            "Microsoft.Sql/managedInstances/metricDefinitions",
+            "Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies",
+            "Microsoft.Sql/managedInstances/sqlAgent",
+            "Microsoft.Sql/managedInstances/startStopSchedules",
+            "Microsoft.Sql/locations/managedInstancePrivateEndpointConnectionProxyOperationResults",
+            "Microsoft.Sql/locations/managedInstancePrivateEndpointConnectionProxyAzureAsyncOperation",
+            "Microsoft.Sql/locations/managedInstancePrivateEndpointConnectionOperationResults",
+            "Microsoft.Sql/locations/managedInstancePrivateEndpointConnectionAzureAsyncOperation",
+            "Microsoft.Sql/locations/longTermRetentionManagedInstances",
+            "Microsoft.Sql/locations/longTermRetentionManagedInstanceBackups",
+            "Microsoft.Sql/locations/managedInstanceLongTermRetentionPolicyOperationResults",
+            "Microsoft.Sql/locations/managedInstanceLongTermRetentionPolicyAzureAsyncOperation",
+            "Microsoft.Sql/locations/longTermRetentionManagedInstanceBackupOperationResults",
+            "Microsoft.Sql/locations/longTermRetentionManagedInstanceBackupAzureAsyncOperation",
+            "Microsoft.Sql/locations/managedDatabaseAzureAsyncOperation",
+            "Microsoft.Sql/locations/managedDatabaseOperationResults",
+            "Microsoft.Sql/locations/managedDatabaseRestoreAzureAsyncOperation",
+            "Microsoft.Sql/locations/managedDatabaseRestoreOperationResults",
+            "Microsoft.Sql/locations/managedDatabaseCompleteRestoreAzureAsyncOperation",
+            "Microsoft.Sql/locations/managedDatabaseCompleteRestoreOperationResults",
+            "Microsoft.Sql/locations/managedServerSecurityAlertPoliciesAzureAsyncOperation",
+            "Microsoft.Sql/locations/stopManagedInstanceAzureAsyncOperation",
+            "Microsoft.Sql/locations/stopManagedInstanceOperationResults",
+            "Microsoft.Sql/locations/startManagedInstanceAzureAsyncOperation",
+            "Microsoft.Sql/locations/startManagedInstanceOperationResults",
+            "Microsoft.Sql/managedInstances/tdeCertificates",
+            "Microsoft.Sql/locations/managedInstanceTdeCertAzureAsyncOperation",
+            "Microsoft.Sql/locations/managedInstanceTdeCertOperationResults",
+            "Microsoft.Sql/locations/managedServerSecurityAlertPoliciesOperationResults",
+            "Microsoft.Sql/locations/securityAlertPoliciesAzureAsyncOperation",
+            "Microsoft.Sql/locations/securityAlertPoliciesOperationResults",
+            "Microsoft.Sql/locations/advancedThreatProtectionAzureAsyncOperation",
+            "Microsoft.Sql/locations/advancedThreatProtectionOperationResults",
+            "Microsoft.Sql/locations/managedInstanceAdvancedThreatProtectionAzureAsyncOperation",
+            "Microsoft.Sql/locations/managedInstanceAdvancedThreatProtectionOperationResults",
+            "Microsoft.Sql/managedInstances/dnsAliases",
+            "Microsoft.Sql/locations/managedDnsAliasAsyncOperation",
+            "Microsoft.Sql/locations/managedDnsAliasOperationResults",
+            "Microsoft.Sql/virtualClusters",
+            "Microsoft.Sql/locations/virtualClusterAzureAsyncOperation",
+            "Microsoft.Sql/locations/virtualClusterOperationResults",
+            "Microsoft.Sql/locations/updateManagedInstanceDnsServersAzureAsyncOperation",
+            "Microsoft.Sql/locations/updateManagedInstanceDnsServersOperationResults",
+            "Microsoft.Sql/locations/managedInstanceAzureAsyncOperation",
+            "Microsoft.Sql/locations/managedInstanceOperationResults",
+            "Microsoft.Sql/locations/distributedAvailabilityGroupsOperationResults",
+            "Microsoft.Sql/locations/distributedAvailabilityGroupsAzureAsyncOperation",
+            "Microsoft.Sql/locations/serverTrustCertificatesOperationResults",
+            "Microsoft.Sql/locations/serverTrustCertificatesAzureAsyncOperation",
+            "Microsoft.Sql/locations/administratorAzureAsyncOperation",
+            "Microsoft.Sql/locations/administratorOperationResults",
+            "Microsoft.Sql/locations/syncGroupOperationResults",
+            "Microsoft.Sql/locations/syncGroupAzureAsyncOperation",
+            "Microsoft.Sql/locations/syncMemberOperationResults",
+            "Microsoft.Sql/locations/syncAgentOperationResults",
+            "Microsoft.Sql/locations/syncDatabaseIds",
+            "Microsoft.Sql/locations/longTermRetentionServers",
+            "Microsoft.Sql/locations/longTermRetentionBackups",
+            "Microsoft.Sql/locations/longTermRetentionPolicyOperationResults",
+            "Microsoft.Sql/locations/longTermRetentionPolicyAzureAsyncOperation",
+            "Microsoft.Sql/locations/longTermRetentionBackupOperationResults",
+            "Microsoft.Sql/locations/longTermRetentionBackupAzureAsyncOperation",
+            "Microsoft.Sql/locations/changeLongTermRetentionBackupAccessTierOperationResults",
+            "Microsoft.Sql/locations/changeLongTermRetentionBackupAccessTierAzureAsyncOperation",
+            "Microsoft.Sql/locations/shortTermRetentionPolicyOperationResults",
+            "Microsoft.Sql/locations/shortTermRetentionPolicyAzureAsyncOperation",
+            "Microsoft.Sql/locations/managedShortTermRetentionPolicyOperationResults",
+            "Microsoft.Sql/locations/managedShortTermRetentionPolicyAzureAsyncOperation",
+            "Microsoft.Sql/locations/instanceFailoverGroups",
+            "Microsoft.Sql/locations/instanceFailoverGroupAzureAsyncOperation",
+            "Microsoft.Sql/locations/instanceFailoverGroupOperationResults",
+            "Microsoft.Sql/locations/privateEndpointConnectionProxyOperationResults",
+            "Microsoft.Sql/locations/privateEndpointConnectionProxyAzureAsyncOperation",
+            "Microsoft.Sql/locations/privateEndpointConnectionOperationResults",
+            "Microsoft.Sql/locations/outboundFirewallRulesAzureAsyncOperation",
+            "Microsoft.Sql/locations/outboundFirewallRulesOperationResults",
+            "Microsoft.Sql/locations/privateEndpointConnectionAzureAsyncOperation",
+            "Microsoft.Sql/locations/notifyAzureAsyncOperation",
+            "Microsoft.Sql/locations/serverTrustGroups",
+            "Microsoft.Sql/locations/serverTrustGroupOperationResults",
+            "Microsoft.Sql/locations/serverTrustGroupAzureAsyncOperation",
+            "Microsoft.Sql/locations/managedDatabaseMoveOperationResults",
+            "Microsoft.Sql/locations/managedDatabaseMoveAzureAsyncOperation",
+            "Microsoft.Sql/servers/connectionPolicies",
+            "Microsoft.Sql/locations/connectionPoliciesAzureAsyncOperation",
+            "Microsoft.Sql/locations/connectionPoliciesOperationResults",
+            "Microsoft.Sql/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+            "Microsoft.Sql/locations/replicationLinksAzureAsyncOperation",
+            "Microsoft.Sql/locations/replicationLinksOperationResults",
+            "Microsoft.Sql/locations/managedInstanceDtcAzureAsyncOperation",
+            "Microsoft.Sql/managedInstances/databases/ledgerDigestUploads",
+            "Microsoft.Sql/locations/managedLedgerDigestUploadsOperationResults",
+            "Microsoft.Sql/locations/managedLedgerDigestUploadsAzureAsyncOperation",
+            "Microsoft.Sql/locations/serverConfigurationOptionAzureAsyncOperation",
+            "Microsoft.Sql/servers/failoverGroups/tryPlannedBeforeForcedFailover",
+            "Microsoft.DBforMySQL/operations",
+            "Microsoft.DBforMySQL/servers",
+            "Microsoft.DBforMySQL/flexibleServers",
+            "Microsoft.DBforMySQL/servers/recoverableServers",
+            "Microsoft.DBforMySQL/servers/virtualNetworkRules",
+            "Microsoft.DBforMySQL/locations/capabilities",
+            "Microsoft.DBforMySQL/locations/capabilitySets",
+            "Microsoft.DBforMySQL/locations/checkNameAvailability",
+            "Microsoft.DBforMySQL/checkNameAvailability",
+            "Microsoft.DBforMySQL/assessForMigration",
+            "Microsoft.DBforMySQL/getPrivateDnsZoneSuffix",
+            "Microsoft.DBforMySQL/locations/checkVirtualNetworkSubnetUsage",
+            "Microsoft.DBforMySQL/locations/listMigrations",
+            "Microsoft.DBforMySQL/locations/updateMigration",
+            "Microsoft.DBforMySQL/locations",
+            "Microsoft.DBforMySQL/locations/operationResults",
+            "Microsoft.DBforMySQL/locations/operationProgress",
+            "Microsoft.DBforMySQL/locations/azureAsyncOperation",
+            "Microsoft.DBforMySQL/locations/administratorOperationResults",
+            "Microsoft.DBforMySQL/locations/administratorAzureAsyncOperation",
+            "Microsoft.DBforMySQL/locations/privateEndpointConnectionProxyOperationResults",
+            "Microsoft.DBforMySQL/locations/privateEndpointConnectionProxyAzureAsyncOperation",
+            "Microsoft.DBforMySQL/locations/privateEndpointConnectionOperationResults",
+            "Microsoft.DBforMySQL/locations/privateEndpointConnectionAzureAsyncOperation",
+            "Microsoft.DBforMySQL/locations/performanceTiers",
+            "Microsoft.DBforMySQL/locations/securityAlertPoliciesAzureAsyncOperation",
+            "Microsoft.DBforMySQL/locations/securityAlertPoliciesOperationResults",
+            "Microsoft.DBforMySQL/locations/recommendedActionSessionsAzureAsyncOperation",
+            "Microsoft.DBforMySQL/locations/recommendedActionSessionsOperationResults",
+            "Microsoft.DBforMySQL/servers/topQueryStatistics",
+            "Microsoft.DBforMySQL/servers/queryTexts",
+            "Microsoft.DBforMySQL/servers/waitStatistics",
+            "Microsoft.DBforMySQL/servers/resetQueryPerformanceInsightData",
+            "Microsoft.DBforMySQL/servers/advisors",
+            "Microsoft.DBforMySQL/servers/privateLinkResources",
+            "Microsoft.DBforMySQL/servers/privateEndpointConnections",
+            "Microsoft.DBforMySQL/servers/privateEndpointConnectionProxies",
+            "Microsoft.DBforMySQL/servers/keys",
+            "Microsoft.DBforMySQL/locations/serverKeyAzureAsyncOperation",
+            "Microsoft.DBforMySQL/locations/serverKeyOperationResults",
+            "Microsoft.DBforMySQL/servers/upgrade",
+            "Microsoft.CognitiveServices/accounts",
+            "Microsoft.CognitiveServices/operations",
+            "Microsoft.CognitiveServices/locations/operationResults",
+            "Microsoft.CognitiveServices/locations",
+            "Microsoft.CognitiveServices/locations/deleteVirtualNetworkOrSubnets",
+            "Microsoft.CognitiveServices/locations/checkSkuAvailability",
+            "Microsoft.CognitiveServices/checkDomainAvailability",
+            "Microsoft.CognitiveServices/accounts/privateLinkResources",
+            "Microsoft.CognitiveServices/accounts/privateEndpointConnections",
+            "Microsoft.CognitiveServices/accounts/privateEndpointConnectionProxies",
+            "Microsoft.CognitiveServices/deletedAccounts",
+            "Microsoft.CognitiveServices/locations/resourceGroups",
+            "Microsoft.CognitiveServices/locations/resourceGroups/deletedAccounts",
+            "Microsoft.CognitiveServices/locations/commitmentTiers",
+            "Microsoft.CognitiveServices/locations/models",
+            "Microsoft.CognitiveServices/locations/usages",
+            "Microsoft.CognitiveServices/locations/raiContentFilters",
+            "Microsoft.CognitiveServices/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+            "Microsoft.CognitiveServices/accounts/networkSecurityPerimeterAssociationProxies",
+            "Microsoft.CognitiveServices/accounts/encryptionScopes",
+            "Microsoft.CognitiveServices/commitmentPlans",
+            "Microsoft.CognitiveServices/attestations",
+            "Microsoft.CognitiveServices/attestationDefinitions",
+            "Microsoft.Media/mediaservices",
+            "Microsoft.Media/mediaservices/assets",
+            "Microsoft.Media/mediaservices/assets/tracks",
+            "Microsoft.Media/mediaservices/assets/tracks/operationstatuses",
+            "Microsoft.Media/mediaservices/assets/tracks/operationResults",
+            "Microsoft.Media/mediaservices/contentKeyPolicies",
+            "Microsoft.Media/mediaservices/streamingLocators",
+            "Microsoft.Media/mediaservices/streamingPolicies",
+            "Microsoft.Media/mediaservices/eventGridFilters",
+            "Microsoft.Media/mediaservices/transforms",
+            "Microsoft.Media/mediaservices/transforms/jobs",
+            "Microsoft.Media/mediaservices/streamingEndpoints",
+            "Microsoft.Media/mediaservices/liveEvents",
+            "Microsoft.Media/mediaservices/liveEvents/liveOutputs",
+            "Microsoft.Media/mediaservices/streamingEndpointOperations",
+            "Microsoft.Media/mediaservices/liveEventOperations",
+            "Microsoft.Media/mediaservices/liveOutputOperations",
+            "Microsoft.Media/mediaservices/streamingendpoints/operationlocations",
+            "Microsoft.Media/mediaservices/liveevents/operationlocations",
+            "Microsoft.Media/mediaservices/liveevents/liveoutputs/operationlocations",
+            "Microsoft.Media/mediaservices/privateEndpointConnectionProxies",
+            "Microsoft.Media/mediaservices/privateEndpointConnections",
+            "Microsoft.Media/mediaservices/privateEndpointConnectionOperations",
+            "Microsoft.Media/locations/mediaServicesOperationStatuses",
+            "Microsoft.Media/locations/mediaServicesOperationResults",
+            "Microsoft.Media/mediaservices/assets/assetFilters",
+            "Microsoft.Media/mediaservices/accountFilters",
+            "Microsoft.Media/operations",
+            "Microsoft.Media/checknameavailability",
+            "Microsoft.Media/locations",
+            "Microsoft.Media/locations/checkNameAvailability",
+            "Microsoft.Web/publishingUsers",
+            "Microsoft.Web/ishostnameavailable",
+            "Microsoft.Web/validate",
+            "Microsoft.Web/isusernameavailable",
+            "Microsoft.Web/generateGithubAccessTokenForAppserviceCLI",
+            "Microsoft.Web/sourceControls",
+            "Microsoft.Web/availableStacks",
+            "Microsoft.Web/webAppStacks",
+            "Microsoft.Web/locations/webAppStacks",
+            "Microsoft.Web/functionAppStacks",
+            "Microsoft.Web/locations/functionAppStacks",
+            "Microsoft.Web/staticSites",
+            "Microsoft.Web/locations/previewStaticSiteWorkflowFile",
+            "Microsoft.Web/staticSites/userProvidedFunctionApps",
+            "Microsoft.Web/staticSites/linkedBackends",
+            "Microsoft.Web/staticSites/builds/linkedBackends",
+            "Microsoft.Web/staticSites/databaseConnections",
+            "Microsoft.Web/staticSites/builds/databaseConnections",
+            "Microsoft.Web/staticSites/builds",
+            "Microsoft.Web/staticSites/builds/userProvidedFunctionApps",
+            "Microsoft.Web/listSitesAssignedToHostName",
+            "Microsoft.Web/locations/getNetworkPolicies",
+            "Microsoft.Web/locations/operations",
+            "Microsoft.Web/locations/operationResults",
+            "Microsoft.Web/sites/networkConfig",
+            "Microsoft.Web/sites/slots/networkConfig",
+            "Microsoft.Web/sites/hostNameBindings",
+            "Microsoft.Web/sites/slots/hostNameBindings",
+            "Microsoft.Web/operations",
+            "Microsoft.Web/certificates",
+            "Microsoft.Web/serverFarms",
+            "Microsoft.Web/sites",
+            "Microsoft.Web/sites/slots",
+            "Microsoft.Web/runtimes",
+            "Microsoft.Web/recommendations",
+            "Microsoft.Web/resourceHealthMetadata",
+            "Microsoft.Web/aseregions",
+            "Microsoft.Web/georegions",
+            "Microsoft.Web/sites/premieraddons",
+            "Microsoft.Web/hostingEnvironments",
+            "Microsoft.Web/hostingEnvironments/multiRolePools",
+            "Microsoft.Web/hostingEnvironments/workerPools",
+            "Microsoft.Web/kubeEnvironments",
+            "Microsoft.Web/deploymentLocations",
+            "Microsoft.Web/deletedSites",
+            "Microsoft.Web/locations/deletedSites",
+            "Microsoft.Web/ishostingenvironmentnameavailable",
+            "Microsoft.Web/locations/deleteVirtualNetworkOrSubnets",
+            "Microsoft.Web/locations/validateDeleteVirtualNetworkOrSubnets",
+            "Microsoft.Web/connections",
+            "Microsoft.Web/customApis",
+            "Microsoft.Web/locations",
+            "Microsoft.Web/locations/listWsdlInterfaces",
+            "Microsoft.Web/locations/extractApiDefinitionFromWsdl",
+            "Microsoft.Web/locations/managedApis",
+            "Microsoft.Web/locations/runtimes",
+            "Microsoft.Web/locations/apiOperations",
+            "Microsoft.Web/connectionGateways",
+            "Microsoft.Web/locations/connectionGatewayInstallations",
+            "Microsoft.Web/checkNameAvailability",
+            "Microsoft.Web/billingMeters",
+            "Microsoft.Web/verifyHostingEnvironmentVnet",
+            "Microsoft.Web/serverFarms/eventGridFilters",
+            "Microsoft.Web/sites/eventGridFilters",
+            "Microsoft.Web/sites/slots/eventGridFilters",
+            "Microsoft.Web/hostingEnvironments/eventGridFilters",
+            "Microsoft.Web/serverFarms/firstPartyApps",
+            "Microsoft.Web/serverFarms/firstPartyApps/keyVaultSettings",
+            "Microsoft.Web/containerApps",
+            "Microsoft.Web/customhostnameSites",
+            "Microsoft.Web/locations/usages",
+            "Microsoft.Search/searchServices",
+            "Microsoft.Search/checkServiceNameAvailability",
+            "Microsoft.Search/checkNameAvailability",
+            "Microsoft.Search/resourceHealthMetadata",
+            "Microsoft.Search/operations",
+            "Microsoft.Search/locations",
+            "Microsoft.Search/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+            "Microsoft.Search/locations/usages",
+            "Microsoft.Search/locations/operationResults",
+            "Microsoft.DataLakeStore/accounts",
+            "Microsoft.DataLakeStore/accounts/firewallRules",
+            "Microsoft.DataLakeStore/accounts/eventGridFilters",
+            "Microsoft.DataLakeStore/locations",
+            "Microsoft.DataLakeStore/locations/operationresults",
+            "Microsoft.DataLakeStore/locations/checkNameAvailability",
+            "Microsoft.DataLakeStore/locations/capability",
+            "Microsoft.DataLakeStore/locations/usages",
+            "Microsoft.DataLakeStore/locations/deleteVirtualNetworkOrSubnets",
+            "Microsoft.DataLakeStore/operations",
+            "Microsoft.DataMigration/locations",
+            "Microsoft.DataMigration/services",
+            "Microsoft.DataMigration/services/projects",
+            "Microsoft.DataMigration/locations/operationResults",
+            "Microsoft.DataMigration/locations/operationStatuses",
+            "Microsoft.DataMigration/locations/checkNameAvailability",
+            "Microsoft.DataMigration/operations",
+            "Microsoft.DataMigration/migrationServices",
+            "Microsoft.DataMigration/SqlMigrationServices",
+            "Microsoft.DataMigration/DatabaseMigrations",
+            "Microsoft.DataMigration/Locations/OperationTypes",
+            "Microsoft.DataMigration/locations/migrationServiceOperationResults",
+            "Microsoft.DataMigration/Locations/sqlMigrationServiceOperationResults",
+            "Microsoft.Kusto/clusters",
+            "Microsoft.Kusto/clusters/databases",
+            "Microsoft.Kusto/clusters/attacheddatabaseconfigurations",
+            "Microsoft.Kusto/clusters/principalassignments",
+            "Microsoft.Kusto/clusters/databases/eventhubconnections",
+            "Microsoft.Kusto/clusters/databases/dataconnections",
+            "Microsoft.Kusto/clusters/databases/principalassignments",
+            "Microsoft.Kusto/locations/operationResults",
+            "Microsoft.Kusto/locations",
+            "Microsoft.Kusto/locations/checkNameAvailability",
+            "Microsoft.Kusto/locations/skus",
+            "Microsoft.Kusto/operations",
+            "Microsoft.Kusto/clusters/databases/scripts",
+            "Microsoft.Kusto/clusters/managedPrivateEndpoints",
+            "Microsoft.Kusto/clusters/sandboxCustomImages",
+            "Microsoft.ApiManagement/service",
+            "Microsoft.ApiManagement/deletedServices",
+            "Microsoft.ApiManagement/locations",
+            "Microsoft.ApiManagement/locations/deletedServices",
+            "Microsoft.ApiManagement/validateServiceName",
+            "Microsoft.ApiManagement/checkServiceNameAvailability",
+            "Microsoft.ApiManagement/checkNameAvailability",
+            "Microsoft.ApiManagement/reportFeedback",
+            "Microsoft.ApiManagement/checkFeedbackRequired",
+            "Microsoft.ApiManagement/operations",
+            "Microsoft.ApiManagement/getDomainOwnershipIdentifier",
+            "Microsoft.ApiManagement/service/eventGridFilters",
+            "Microsoft.MixedReality/locations",
+            "Microsoft.MixedReality/locations/checkNameAvailability",
+            "Microsoft.MixedReality/operations",
+            "Microsoft.MixedReality/spatialAnchorsAccounts",
+            "Microsoft.MixedReality/remoteRenderingAccounts",
+            "Microsoft.MixedReality/objectAnchorsAccounts",
+            "Microsoft.Maps/accounts",
+            "Microsoft.Maps/accounts/creators",
+            "Microsoft.Maps/accounts/eventGridFilters",
+            "Microsoft.Maps/operations",
+            "Microsoft.AVS/locations",
+            "Microsoft.AVS/locations/checkQuotaAvailability",
+            "Microsoft.AVS/locations/checkTrialAvailability",
+            "Microsoft.AVS/locations/usages",
+            "Microsoft.AVS/operations",
+            "Microsoft.AVS/privateClouds",
+            "Microsoft.AVS/privateClouds/addons",
+            "Microsoft.AVS/privateClouds/authorizations",
+            "Microsoft.AVS/privateClouds/cloudLinks",
+            "Microsoft.AVS/privateClouds/clusters",
+            "Microsoft.AVS/privateClouds/clusters/datastores",
+            "Microsoft.AVS/privateClouds/clusters/placementPolicies",
+            "Microsoft.AVS/privateClouds/clusters/virtualMachines",
+            "Microsoft.AVS/privateClouds/eventGridFilters",
+            "Microsoft.AVS/privateClouds/globalReachConnections",
+            "Microsoft.AVS/privateClouds/hcxEnterpriseSites",
+            "Microsoft.AVS/privateClouds/scriptExecutions",
+            "Microsoft.AVS/privateClouds/scriptPackages",
+            "Microsoft.AVS/privateClouds/scriptPackages/scriptCmdlets",
+            "Microsoft.AVS/privateClouds/workloadNetworks",
+            "Microsoft.AVS/privateClouds/workloadNetworks/dhcpConfigurations",
+            "Microsoft.AVS/privateClouds/workloadNetworks/dnsServices",
+            "Microsoft.AVS/privateClouds/workloadNetworks/dnsZones",
+            "Microsoft.AVS/privateClouds/workloadNetworks/gateways",
+            "Microsoft.AVS/privateClouds/workloadNetworks/portMirroringProfiles",
+            "Microsoft.AVS/privateClouds/workloadNetworks/publicIPs",
+            "Microsoft.AVS/privateClouds/workloadNetworks/segments",
+            "Microsoft.AVS/privateClouds/workloadNetworks/virtualMachines",
+            "Microsoft.AVS/privateClouds/workloadNetworks/vmGroups",
+            "Microsoft.Blueprint/blueprints",
+            "Microsoft.Blueprint/blueprints/artifacts",
+            "Microsoft.Blueprint/blueprints/versions",
+            "Microsoft.Blueprint/blueprints/versions/artifacts",
+            "Microsoft.Blueprint/blueprintAssignments",
+            "Microsoft.Blueprint/blueprintAssignments/operations",
+            "Microsoft.Blueprint/blueprintAssignments/assignmentOperations",
+            "Microsoft.Blueprint/operations",
+            "Microsoft.HealthcareApis/services",
+            "Microsoft.HealthcareApis/services/privateEndpointConnectionProxies",
+            "Microsoft.HealthcareApis/services/privateEndpointConnections",
+            "Microsoft.HealthcareApis/services/privateLinkResources",
+            "Microsoft.HealthcareApis/services/iomtconnectors",
+            "Microsoft.HealthcareApis/services/iomtconnectors/connections",
+            "Microsoft.HealthcareApis/services/iomtconnectors/mappings",
+            "Microsoft.HealthcareApis/workspaces",
+            "Microsoft.HealthcareApis/workspaces/privateEndpointConnectionProxies",
+            "Microsoft.HealthcareApis/workspaces/privateEndpointConnections",
+            "Microsoft.HealthcareApis/workspaces/privateLinkResources",
+            "Microsoft.HealthcareApis/workspaces/dicomservices",
+            "Microsoft.HealthcareApis/workspaces/iotconnectors",
+            "Microsoft.HealthcareApis/workspaces/iotconnectors/fhirdestinations",
+            "Microsoft.HealthcareApis/workspaces/fhirservices",
+            "Microsoft.HealthcareApis/workspaces/eventGridFilters",
+            "Microsoft.HealthcareApis/locations",
+            "Microsoft.HealthcareApis/locations/operationresults",
+            "Microsoft.HealthcareApis/checkNameAvailability",
+            "Microsoft.HealthcareApis/operations",
+            "Microsoft.HealthcareApis/validateMedtechMappings",
+            "Microsoft.Advisor/suppressions",
+            "Microsoft.Advisor/configurations",
+            "Microsoft.Advisor/metadata",
+            "Microsoft.Advisor/recommendations",
+            "Microsoft.Advisor/generateRecommendations",
+            "Microsoft.Advisor/operations",
+            "Microsoft.Advisor/advisorScore",
+            "Microsoft.Advisor/predict",
+            "Microsoft.MarketplaceNotifications/reviewsnotifications",
+            "Microsoft.MarketplaceNotifications/operations",
+            "Microsoft.ServiceLinker/locations",
+            "Microsoft.ServiceLinker/locations/operationStatuses",
+            "Microsoft.ServiceLinker/operations",
+            "Microsoft.ServiceLinker/linkers",
+            "Microsoft.ServiceLinker/dryruns",
+            "Microsoft.ServiceLinker/locations/connectors",
+            "Microsoft.ServiceLinker/locations/dryruns",
+            "Microsoft.ServiceLinker/configurationNames",
+            "Microsoft.ServiceLinker/daprConfigurations",
+            "Microsoft.DataProtection/BackupVaults",
+            "Microsoft.DataProtection/ResourceGuards",
+            "Microsoft.DataProtection/operations",
+            "Microsoft.DataProtection/locations",
+            "Microsoft.DataProtection/locations/operationResults",
+            "Microsoft.DataProtection/locations/operationStatus",
+            "Microsoft.DataProtection/locations/checkNameAvailability",
+            "Microsoft.DataProtection/locations/checkFeatureSupport",
+            "Microsoft.DataProtection/backupInstances",
+            "Microsoft.DataProtection/locations/fetchSecondaryRecoveryPoints",
+            "Microsoft.DataProtection/locations/fetchCrossRegionRestoreJobs",
+            "Microsoft.DataProtection/locations/fetchCrossRegionRestoreJob",
+            "Microsoft.DataProtection/locations/validateCrossRegionRestore",
+            "Microsoft.DataProtection/locations/crossRegionRestore",
+            "Microsoft.Consumption/Forecasts",
+            "Microsoft.Consumption/AggregatedCost",
+            "Microsoft.Consumption/tenants",
+            "Microsoft.Consumption/ReservationRecommendations",
+            "Microsoft.Consumption/ReservationRecommendationDetails",
+            "Microsoft.Consumption/ReservationSummaries",
+            "Microsoft.Consumption/ReservationTransactions",
+            "Microsoft.Consumption/Balances",
+            "Microsoft.Consumption/Marketplaces",
+            "Microsoft.Consumption/Pricesheets",
+            "Microsoft.Consumption/ReservationDetails",
+            "Microsoft.Consumption/Budgets",
+            "Microsoft.Consumption/CostTags",
+            "Microsoft.Consumption/Tags",
+            "Microsoft.Consumption/Terms",
+            "Microsoft.Consumption/UsageDetails",
+            "Microsoft.Consumption/Charges",
+            "Microsoft.Consumption/credits",
+            "Microsoft.Consumption/events",
+            "Microsoft.Consumption/lots",
+            "Microsoft.Consumption/products",
+            "Microsoft.Consumption/OperationStatus",
+            "Microsoft.Consumption/OperationResults",
+            "Microsoft.Consumption/Operations",
+            "Microsoft.GuestConfiguration/guestConfigurationAssignments",
+            "Microsoft.GuestConfiguration/operations",
+            "Astronomer.Astro/locations",
+            "Astronomer.Astro/operations",
+            "Astronomer.Astro/organizations",
+            "Astronomer.Astro/locations/operationStatuses",
+            "Dynatrace.Observability/operations",
+            "Dynatrace.Observability/registeredSubscriptions",
+            "Dynatrace.Observability/locations",
+            "Dynatrace.Observability/locations/operationStatuses",
+            "Dynatrace.Observability/monitors",
+            "Dynatrace.Observability/monitors/tagRules",
+            "Dynatrace.Observability/monitors/singleSignOnConfigurations",
+            "Dynatrace.Observability/checkNameAvailability",
+            "Dynatrace.Observability/getMarketplaceSaaSResourceDetails",
+            "GitHub.Network/Operations",
+            "GitHub.Network/networkSettings",
+            "GitHub.Network/registeredSubscriptions",
+            "Microsoft.AAD/DomainServices",
+            "Microsoft.AAD/DomainServices/oucontainer",
+            "Microsoft.AAD/locations",
+            "Microsoft.AAD/locations/operationresults",
+            "Microsoft.AAD/operations",
+            "Microsoft.AadCustomSecurityAttributesDiagnosticSettings/operations",
+            "Microsoft.AadCustomSecurityAttributesDiagnosticSettings/diagnosticSettings",
+            "Microsoft.AadCustomSecurityAttributesDiagnosticSettings/diagnosticSettingsCategories",
+            "microsoft.aadiam/azureADMetrics",
+            "microsoft.aadiam/privateLinkForAzureAD",
+            "microsoft.aadiam/tenants",
+            "microsoft.aadiam/operations",
+            "microsoft.aadiam/diagnosticSettings",
+            "microsoft.aadiam/diagnosticSettingsCategories",
+            "Microsoft.Addons/supportProviders",
+            "Microsoft.Addons/operations",
+            "Microsoft.Addons/operationResults",
+            "Microsoft.ADHybridHealthService/services",
+            "Microsoft.ADHybridHealthService/addsservices",
+            "Microsoft.ADHybridHealthService/configuration",
+            "Microsoft.ADHybridHealthService/operations",
+            "Microsoft.ADHybridHealthService/agents",
+            "Microsoft.ADHybridHealthService/aadsupportcases",
+            "Microsoft.ADHybridHealthService/reports",
+            "Microsoft.ADHybridHealthService/servicehealthmetrics",
+            "Microsoft.ADHybridHealthService/logs",
+            "Microsoft.ADHybridHealthService/anonymousapiusers",
+            "Microsoft.AgFoodPlatform/operations",
+            "Microsoft.AgFoodPlatform/farmBeatsExtensionDefinitions",
+            "Microsoft.AgFoodPlatform/farmBeatsSolutionDefinitions",
+            "Microsoft.AgFoodPlatform/checkNameAvailability",
+            "Microsoft.AgFoodPlatform/locations",
+            "Microsoft.AksHybrid/locations",
+            "Microsoft.AnalysisServices/servers",
+            "Microsoft.AnalysisServices/locations",
+            "Microsoft.AnalysisServices/locations/checkNameAvailability",
+            "Microsoft.AnalysisServices/locations/operationresults",
+            "Microsoft.AnalysisServices/locations/operationstatuses",
+            "Microsoft.AnalysisServices/operations",
+            "Microsoft.AnyBuild/Locations",
+            "Microsoft.AnyBuild/Locations/OperationStatuses",
+            "Microsoft.AnyBuild/clusters",
+            "Microsoft.AnyBuild/Operations",
+            "Microsoft.ApiCenter/services",
+            "Microsoft.ApiCenter/operations",
+            "Microsoft.ApiCenter/services/eventGridFilters",
+            "Microsoft.ApiSecurity/Locations",
+            "Microsoft.ApiSecurity/Locations/OperationStatuses",
+            "Microsoft.ApiSecurity/Operations",
+            "Microsoft.ApiSecurity/apiCollections",
+            "Microsoft.ApiSecurity/apiCollections/apiCollectionDetails",
+            "Microsoft.ApiSecurity/apiCollectionsMeta",
+            "Microsoft.ApiSecurity/apiCollectionsMeta/apiCollectionMetaDetails",
+            "Microsoft.App/managedEnvironments",
+            "Microsoft.App/managedEnvironments/certificates",
+            "Microsoft.App/managedEnvironments/managedCertificates",
+            "Microsoft.App/containerApps",
+            "Microsoft.App/jobs",
+            "Microsoft.App/locations",
+            "Microsoft.App/locations/managedEnvironmentOperationResults",
+            "Microsoft.App/locations/managedEnvironmentOperationStatuses",
+            "Microsoft.App/locations/containerappOperationResults",
+            "Microsoft.App/locations/containerappOperationStatuses",
+            "Microsoft.App/locations/containerappsjobOperationResults",
+            "Microsoft.App/locations/containerappsjobOperationStatuses",
+            "Microsoft.App/locations/sourceControlOperationResults",
+            "Microsoft.App/locations/sourceControlOperationStatuses",
+            "Microsoft.App/locations/usages",
+            "Microsoft.App/operations",
+            "Microsoft.App/connectedEnvironments",
+            "Microsoft.App/connectedEnvironments/certificates",
+            "Microsoft.App/locations/connectedEnvironmentOperationResults",
+            "Microsoft.App/locations/connectedEnvironmentOperationStatuses",
+            "Microsoft.App/locations/managedCertificateOperationStatuses",
+            "Microsoft.App/locations/billingMeters",
+            "Microsoft.App/locations/availableManagedEnvironmentsWorkloadProfileTypes",
+            "Microsoft.App/getCustomDomainVerificationId",
+            "Microsoft.App/builders",
+            "Microsoft.App/builders/builds",
+            "Microsoft.App/locations/OperationResults",
+            "Microsoft.App/locations/OperationStatuses",
+            "Microsoft.App/managedEnvironments/dotNetComponents",
+            "Microsoft.App/managedEnvironments/javaComponents",
+            "Microsoft.App/managedEnvironments/daprComponents",
+            "Microsoft.AppAssessment/Locations",
+            "Microsoft.AppAssessment/operations",
+            "Microsoft.AppAssessment/Locations/OperationStatuses",
+            "Microsoft.AppAssessment/Locations/osVersions",
+            "Microsoft.AppComplianceAutomation/operations",
+            "Microsoft.AppComplianceAutomation/locations",
+            "Microsoft.AppComplianceAutomation/locations/operationStatuses",
+            "Microsoft.AppComplianceAutomation/reports",
+            "Microsoft.AppComplianceAutomation/reports/snapshots",
+            "Microsoft.AppComplianceAutomation/onboard",
+            "Microsoft.AppComplianceAutomation/triggerEvaluation",
+            "Microsoft.AppComplianceAutomation/reports/webhooks",
+            "Microsoft.AppComplianceAutomation/reports/evidences",
+            "Microsoft.AppComplianceAutomation/listInUseStorageAccounts",
+            "Microsoft.AppComplianceAutomation/checkNameAvailability",
+            "Microsoft.AppComplianceAutomation/getCollectionCount",
+            "Microsoft.AppComplianceAutomation/getOverviewStatus",
+            "Microsoft.AppComplianceAutomation/reports/scopingConfigurations",
+            "Microsoft.AppConfiguration/configurationStores",
+            "Microsoft.AppConfiguration/configurationStores/keyValues",
+            "Microsoft.AppConfiguration/configurationStores/eventGridFilters",
+            "Microsoft.AppConfiguration/checkNameAvailability",
+            "Microsoft.AppConfiguration/locations/checkNameAvailability",
+            "Microsoft.AppConfiguration/locations",
+            "Microsoft.AppConfiguration/locations/operationsStatus",
+            "Microsoft.AppConfiguration/operations",
+            "Microsoft.AppConfiguration/deletedConfigurationStores",
+            "Microsoft.AppConfiguration/locations/deletedConfigurationStores",
+            "Microsoft.AppConfiguration/configurationStores/replicas",
+            "Microsoft.AppConfiguration/configurationStores/snapshots",
+            "Microsoft.AppConfiguration/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+            "Microsoft.AppSecurity/operationStatuses",
+            "Microsoft.ArcNetworking/locations",
+            "Microsoft.ArcNetworking/locations/operationStatuses",
+            "Microsoft.ArcNetworking/arcNwLoadBalancers",
+            "Microsoft.Attestation/attestationProviders",
+            "Microsoft.Attestation/defaultProviders",
+            "Microsoft.Attestation/locations",
+            "Microsoft.Attestation/locations/defaultProvider",
+            "Microsoft.Attestation/operations",
+            "Microsoft.Authorization/roleAssignmentScheduleRequests",
+            "Microsoft.Authorization/roleEligibilityScheduleRequests",
+            "Microsoft.Authorization/roleAssignmentSchedules",
+            "Microsoft.Authorization/roleEligibilitySchedules",
+            "Microsoft.Authorization/roleAssignmentScheduleInstances",
+            "Microsoft.Authorization/roleEligibilityScheduleInstances",
+            "Microsoft.Authorization/roleManagementPolicies",
+            "Microsoft.Authorization/roleManagementPolicyAssignments",
+            "Microsoft.Authorization/eligibleChildResources",
+            "Microsoft.Authorization/roleManagementAlerts",
+            "Microsoft.Authorization/roleManagementAlertConfigurations",
+            "Microsoft.Authorization/roleManagementAlertDefinitions",
+            "Microsoft.Authorization/roleManagementAlertOperations",
+            "Microsoft.Authorization/roleAssignments",
+            "Microsoft.Authorization/roleDefinitions",
+            "Microsoft.Authorization/classicAdministrators",
+            "Microsoft.Authorization/permissions",
+            "Microsoft.Authorization/denyAssignments",
+            "Microsoft.Authorization/locks",
+            "Microsoft.Authorization/operations",
+            "Microsoft.Authorization/policyDefinitions",
+            "Microsoft.Authorization/policyDefinitions/versions",
+            "Microsoft.Authorization/policySetDefinitions",
+            "Microsoft.Authorization/policySetDefinitions/versions",
+            "Microsoft.Authorization/policyAssignments",
+            "Microsoft.Authorization/policyExemptions",
+            "Microsoft.Authorization/listPolicyDefinitionVersions",
+            "Microsoft.Authorization/listPolicySetDefinitionVersions",
+            "Microsoft.Authorization/dataAliases",
+            "Microsoft.Authorization/dataPolicyManifests",
+            "Microsoft.Authorization/providerOperations",
+            "Microsoft.Authorization/elevateAccess",
+            "Microsoft.Authorization/checkAccess",
+            "Microsoft.Authorization/batchResourceCheckAccess",
+            "Microsoft.Authorization/findOrphanRoleAssignments",
+            "Microsoft.Authorization/roleAssignmentsUsageMetrics",
+            "Microsoft.Authorization/accessReviewScheduleDefinitions",
+            "Microsoft.Authorization/accessReviewScheduleSettings",
+            "Microsoft.Authorization/accessReviewHistoryDefinitions",
+            "Microsoft.Authorization/roleAssignmentApprovals",
+            "Microsoft.Authorization/privateLinkAssociations",
+            "Microsoft.Authorization/resourceManagementPrivateLinks",
+            "Microsoft.Authorization/EnablePrivateLinkNetworkAccess",
+            "Microsoft.Authorization/operationStatus",
+            "Microsoft.Authorization/diagnosticSettings",
+            "Microsoft.Authorization/diagnosticSettingsCategories",
+            "Microsoft.Automanage/configurationProfileAssignments",
+            "Microsoft.Automanage/configurationProfiles",
+            "Microsoft.Automanage/configurationProfiles/versions",
+            "Microsoft.Automanage/bestPractices",
+            "Microsoft.Automanage/bestPractices/versions",
+            "Microsoft.Automanage/operations",
+            "Microsoft.Automanage/servicePrincipals",
+            "Microsoft.AutonomousDevelopmentPlatform/operations",
+            "Microsoft.AutonomousDevelopmentPlatform/locations",
+            "Microsoft.AutonomousDevelopmentPlatform/locations/operationstatuses",
+            "Microsoft.AutonomousDevelopmentPlatform/checknameavailability",
+            "Microsoft.AutonomousDevelopmentPlatform/workspaces/eventgridfilters",
+            "Microsoft.AwsConnector/Locations",
+            "Microsoft.AwsConnector/Operations",
+            "Microsoft.AzureActiveDirectory/ciamDirectories",
+            "Microsoft.AzureActiveDirectory/guestUsages",
+            "Microsoft.AzureActiveDirectory/b2cDirectories",
+            "Microsoft.AzureActiveDirectory/checkNameAvailability",
+            "Microsoft.AzureActiveDirectory/operations",
+            "Microsoft.AzureActiveDirectory/b2ctenants",
+            "Microsoft.AzureActiveDirectory/operationStatuses",
+            "Microsoft.AzureArcData/Locations",
+            "Microsoft.AzureArcData/Locations/OperationStatuses",
+            "Microsoft.AzureArcData/DataControllers",
+            "Microsoft.AzureArcData/SqlManagedInstances",
+            "Microsoft.AzureArcData/PostgresInstances",
+            "Microsoft.AzureArcData/SqlServerInstances",
+            "Microsoft.AzureArcData/Operations",
+            "Microsoft.AzureArcData/DataControllers/ActiveDirectoryConnectors",
+            "Microsoft.AzureArcData/SqlServerInstances/Databases",
+            "Microsoft.AzureArcData/SqlManagedInstances/FailoverGroups",
+            "Microsoft.AzureArcData/SqlServerInstances/AvailabilityGroups",
+            "Microsoft.AzureFleet/locations",
+            "Microsoft.AzureLargeInstance/azureLargeInstances",
+            "Microsoft.AzureLargeInstance/azureLargeStorageInstances",
+            "Microsoft.AzureLargeInstance/locations",
+            "Microsoft.AzureLargeInstance/locations/operationsStatus",
+            "Microsoft.AzureLargeInstance/operations",
+            "Microsoft.AzurePercept/checkNameAvailability",
+            "Microsoft.AzurePercept/operations",
+            "Microsoft.AzurePlaywrightService/operations",
+            "Microsoft.AzurePlaywrightService/checkNameAvailability",
+            "Microsoft.AzurePlaywrightService/Locations",
+            "Microsoft.AzurePlaywrightService/Locations/OperationStatuses",
+            "Microsoft.AzurePlaywrightService/accounts",
+            "Microsoft.AzurePlaywrightService/registeredSubscriptions",
+            "Microsoft.AzurePlaywrightService/Locations/Quotas",
+            "Microsoft.AzureScan/scanningAccounts",
+            "Microsoft.AzureScan/locations",
+            "Microsoft.AzureScan/locations/OperationStatuses",
+            "Microsoft.AzureScan/Operations",
+            "Microsoft.AzureScan/checkNameAvailability",
+            "Microsoft.AzureSphere/catalogs",
+            "Microsoft.AzureSphere/catalogs/products",
+            "Microsoft.AzureSphere/catalogs/products/devicegroups",
+            "Microsoft.AzureSphere/locations",
+            "Microsoft.AzureSphere/catalogs/certificates",
+            "Microsoft.AzureSphere/catalogs/images",
+            "Microsoft.AzureSphere/operations",
+            "Microsoft.AzureSphere/locations/operationStatuses",
+            "Microsoft.AzureSphere/catalogs/products/devicegroups/devices",
+            "Microsoft.AzureSphere/catalogs/products/devicegroups/deployments",
+            "Microsoft.AzureStack/operations",
+            "Microsoft.AzureStack/registrations",
+            "Microsoft.AzureStack/registrations/products",
+            "Microsoft.AzureStack/registrations/customerSubscriptions",
+            "Microsoft.AzureStack/cloudManifestFiles",
+            "Microsoft.AzureStack/linkedSubscriptions",
+            "Microsoft.AzureStack/generateDeploymentLicense",
+            "Microsoft.AzureStackHCI/operations",
+            "Microsoft.AzureStackHCI/locations",
+            "Microsoft.AzureStackHCI/locations/operationstatuses",
+            "Microsoft.AzureStackHCI/galleryImages",
+            "Microsoft.AzureStackHCI/networkInterfaces",
+            "Microsoft.AzureStackHCI/virtualMachines",
+            "Microsoft.AzureStackHCI/virtualNetworks",
+            "Microsoft.AzureStackHCI/virtualHardDisks",
+            "Microsoft.AzureStackHCI/clusters",
+            "Microsoft.AzureStackHCI/clusters/arcSettings",
+            "Microsoft.AzureStackHCI/clusters/arcSettings/extensions",
+            "Microsoft.AzureStackHCI/virtualMachines/extensions",
+            "Microsoft.AzureStackHCI/virtualMachines/hybrididentitymetadata",
+            "Microsoft.AzureStackHCI/clusters/publishers",
+            "Microsoft.AzureStackHCI/clusters/offers",
+            "Microsoft.AzureStackHCI/clusters/publishers/offers",
+            "Microsoft.AzureStackHCI/clusters/publishers/offers/skus",
+            "Microsoft.AzureStackHCI/marketplaceGalleryImages",
+            "Microsoft.AzureStackHCI/storageContainers",
+            "Microsoft.AzureStackHCI/clusters/updates",
+            "Microsoft.AzureStackHCI/clusters/updates/updateRuns",
+            "Microsoft.AzureStackHCI/clusters/updateSummaries",
+            "Microsoft.AzureStackHCI/registeredSubscriptions",
+            "Microsoft.AzureStackHCI/virtualMachineInstances",
+            "Microsoft.AzureStackHCI/clusters/deploymentSettings",
+            "Microsoft.AzureStackHCI/edgeDevices",
+            "Microsoft.AzureStackHCI/logicalNetworks",
+            "Microsoft.AzureStackHCI/clusters/securitySettings",
+            "Microsoft.BackupSolutions/VMwareApplications",
+            "Microsoft.BackupSolutions/locations",
+            "Microsoft.BackupSolutions/locations/operationstatuses",
+            "Microsoft.BackupSolutions/operations",
+            "Microsoft.BareMetal/bareMetalConnections",
+            "Microsoft.BareMetal/operations",
+            "Microsoft.BareMetal/locations",
+            "Microsoft.BareMetal/locations/operationResults",
+            "Microsoft.BareMetal/utilization",
+            "Microsoft.BareMetalInfrastructure/bareMetalInstances",
+            "Microsoft.BareMetalInfrastructure/bareMetalStorageInstances",
+            "Microsoft.BareMetalInfrastructure/locations",
+            "Microsoft.BareMetalInfrastructure/locations/operationsStatus",
+            "Microsoft.BareMetalInfrastructure/operations",
+            "Microsoft.Batch/batchAccounts",
+            "Microsoft.Batch/batchAccounts/pools",
+            "Microsoft.Batch/batchAccounts/detectors",
+            "Microsoft.Batch/batchAccounts/certificates",
+            "Microsoft.Batch/batchAccounts/operationResults",
+            "Microsoft.Batch/batchAccounts/poolOperationResults",
+            "Microsoft.Batch/batchAccounts/certificateOperationResults",
+            "Microsoft.Batch/batchAccounts/privateEndpointConnectionProxyResults",
+            "Microsoft.Batch/batchAccounts/privateEndpointConnectionResults",
+            "Microsoft.Batch/operations",
+            "Microsoft.Batch/locations",
+            "Microsoft.Batch/locations/quotas",
+            "Microsoft.Batch/locations/checkNameAvailability",
+            "Microsoft.Batch/locations/accountOperationResults",
+            "Microsoft.Batch/locations/virtualMachineSkus",
+            "Microsoft.Batch/locations/cloudServiceSkus",
+            "Microsoft.Billing/billingPeriods",
+            "Microsoft.Billing/invoices",
+            "Microsoft.Billing/enrollmentAccounts",
+            "Microsoft.Billing/permissionRequests",
+            "Microsoft.Billing/billingAccounts/permissionRequests",
+            "Microsoft.Billing/billingAccounts/associatedTenants",
+            "Microsoft.Billing/billingRoleDefinitions",
+            "Microsoft.Billing/billingRoleAssignments",
+            "Microsoft.Billing/createBillingRoleAssignment",
+            "Microsoft.Billing/billingAccounts/createBillingRoleAssignment",
+            "Microsoft.Billing/billingAccounts/signAgreement",
+            "Microsoft.Billing/billingAccounts/previewAgreements",
+            "Microsoft.Billing/billingAccounts/billingProfiles/createBillingRoleAssignment",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/createBillingRoleAssignment",
+            "Microsoft.Billing/billingAccounts/customers/createBillingRoleAssignment",
+            "Microsoft.Billing/billingPermissions",
+            "Microsoft.Billing/billingAccounts/billingRoleDefinitions",
+            "Microsoft.Billing/billingAccounts/billingRoleAssignments",
+            "Microsoft.Billing/billingAccounts/billingPermissions",
+            "Microsoft.Billing/billingAccounts",
+            "Microsoft.Billing/billingAccounts/billingProfilesSummaries",
+            "Microsoft.Billing/billingAccounts/billingProfiles/billingRoleDefinitions",
+            "Microsoft.Billing/billingAccounts/billingProfiles/billingRoleAssignments",
+            "Microsoft.Billing/billingAccounts/billingProfiles/billingPermissions",
+            "Microsoft.Billing/billingAccounts/customers",
+            "Microsoft.Billing/billingAccounts/billingProfiles/customers",
+            "Microsoft.Billing/billingAccounts/billingProfiles/instructions",
+            "Microsoft.Billing/billingAccounts/customers/billingSubscriptions",
+            "Microsoft.Billing/billingAccounts/customers/products",
+            "Microsoft.Billing/billingAccounts/customers/transactions",
+            "Microsoft.Billing/billingAccounts/invoiceSections",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/billingRoleDefinitions",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/billingRoleAssignments",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/billingPermissions",
+            "Microsoft.Billing/billingAccounts/customers/billingRoleDefinitions",
+            "Microsoft.Billing/billingAccounts/billingProfiles/customers/billingRoleDefinitions",
+            "Microsoft.Billing/billingAccounts/customers/billingRoleAssignments",
+            "Microsoft.Billing/billingAccounts/billingProfiles/customers/billingRoleAssignments",
+            "Microsoft.Billing/billingAccounts/customers/billingPermissions",
+            "Microsoft.Billing/billingAccounts/billingProfiles/customers/billingPermissions",
+            "Microsoft.Billing/billingAccounts/invoiceSections/elevate",
+            "Microsoft.Billing/billingAccounts/createInvoiceSectionOperations",
+            "Microsoft.Billing/billingAccounts/patchOperations",
+            "Microsoft.Billing/billingAccounts/invoiceSections/patchOperations",
+            "Microsoft.Billing/billingAccounts/invoiceSections/productMoveOperations",
+            "Microsoft.Billing/billingAccounts/invoiceSections/billingSubscriptionMoveOperations",
+            "Microsoft.Billing/billingAccounts/listInvoiceSectionsWithCreateSubscriptionPermission",
+            "Microsoft.Billing/billingAccounts/billingProfiles",
+            "Microsoft.Billing/billingAccounts/BillingProfiles/patchOperations",
+            "Microsoft.Billing/departments",
+            "Microsoft.Billing/billingAccounts/departments",
+            "Microsoft.Billing/billingAccounts/billingProfiles/departments",
+            "Microsoft.Billing/billingAccounts/notificationContacts",
+            "Microsoft.Billing/billingAccounts/billingProfiles/notificationContacts",
+            "Microsoft.Billing/billingAccounts/departments/billingRoleDefinitions",
+            "Microsoft.Billing/billingAccounts/billingProfiles/departments/billingRoleDefinitions",
+            "Microsoft.Billing/billingAccounts/departments/billingRoleAssignments",
+            "Microsoft.Billing/billingAccounts/billingProfiles/departments/billingRoleAssignments",
+            "Microsoft.Billing/billingAccounts/departments/billingPermissions",
+            "Microsoft.Billing/billingAccounts/billingProfiles/departments/billingPermissions",
+            "Microsoft.Billing/billingAccounts/enrollmentAccounts",
+            "Microsoft.Billing/billingAccounts/departments/enrollmentAccounts",
+            "Microsoft.Billing/billingAccounts/billingProfiles/enrollmentAccounts",
+            "Microsoft.Billing/billingAccounts/billingProfiles/departments/enrollmentAccounts",
+            "Microsoft.Billing/billingAccounts/enrollmentAccounts/billingRoleDefinitions",
+            "Microsoft.Billing/billingAccounts/enrollmentAccounts/billingRoleAssignments",
+            "Microsoft.Billing/billingAccounts/enrollmentAccounts/billingPermissions",
+            "Microsoft.Billing/billingAccounts/billingProfiles/enrollmentAccounts/billingPermissions",
+            "Microsoft.Billing/billingAccounts/enrollmentAccounts/billingSubscriptions",
+            "Microsoft.Billing/billingAccounts/departments/billingSubscriptions",
+            "Microsoft.Billing/billingAccounts/billingProfiles/paymentMethods",
+            "Microsoft.Billing/billingAccounts/availableBalance",
+            "Microsoft.Billing/billingAccounts/billingProfiles/availableBalance",
+            "Microsoft.Billing/billingAccounts/invoices",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoices",
+            "Microsoft.Billing/billingAccounts/transactions",
+            "Microsoft.Billing/billingAccounts/billingProfiles/transactions",
+            "Microsoft.Billing/billingAccounts/invoiceSections/transactions",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/transactions",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoices/transactions",
+            "Microsoft.Billing/billingAccounts/invoices/transactions",
+            "Microsoft.Billing/billingAccounts/invoices/summary",
+            "Microsoft.Billing/billingAccounts/billingProfiles/validateDeleteBillingProfileEligibility",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/validateDeleteInvoiceSectionEligibility",
+            "Microsoft.Billing/billingAccounts/invoices/transactionSummary",
+            "Microsoft.Billing/billingAccounts/billingSubscriptions",
+            "Microsoft.Billing/billingAccounts/billingSubscriptionAliases",
+            "Microsoft.Billing/billingAccounts/billingSubscriptions/invoices",
+            "Microsoft.Billing/billingAccounts/billingSubscriptions/policies",
+            "Microsoft.Billing/billingAccounts/billingProfiles/billingSubscriptions",
+            "Microsoft.Billing/billingAccounts/billingProfiles/departments/billingSubscriptions",
+            "Microsoft.Billing/billingAccounts/billingProfiles/enrollmentAccounts/billingSubscriptions",
+            "Microsoft.Billing/billingAccounts/invoiceSections/billingSubscriptions",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/billingSubscriptions",
+            "Microsoft.Billing/billingAccounts/invoiceSections/products",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/products",
+            "Microsoft.Billing/billingAccounts/invoiceSections/products/updateAutoRenew",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/products/updateAutoRenew",
+            "Microsoft.Billing/billingAccounts/billingProfiles/products",
+            "Microsoft.Billing/billingAccounts/products",
+            "Microsoft.Billing/operations",
+            "Microsoft.Billing/billingAccounts/invoiceSections/initiateTransfer",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/initiateTransfer",
+            "Microsoft.Billing/billingAccounts/invoiceSections/transfers",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/transfers",
+            "Microsoft.Billing/transfers/acceptTransfer",
+            "Microsoft.Billing/transfers",
+            "Microsoft.Billing/transfers/declineTransfer",
+            "Microsoft.Billing/transfers/validateTransfer",
+            "Microsoft.Billing/billingAccounts/customers/initiateTransfer",
+            "Microsoft.Billing/billingAccounts/customers/transfers",
+            "Microsoft.Billing/billingAccounts/customers/transferSupportedAccounts",
+            "Microsoft.Billing/billingProperty",
+            "Microsoft.Billing/policies",
+            "Microsoft.Billing/billingAccounts/policies",
+            "Microsoft.Billing/billingAccounts/billingProfiles/policies",
+            "Microsoft.Billing/billingAccounts/customers/policies",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoices/pricesheet",
+            "Microsoft.Billing/billingAccounts/billingProfiles/pricesheet",
+            "Microsoft.Billing/billingAccounts/invoiceSections/billingSubscriptions/transfer",
+            "Microsoft.Billing/billingAccounts/invoiceSections/products/transfer",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/products/transfer",
+            "Microsoft.Billing/billingAccounts/invoiceSections/productTransfersResults",
+            "Microsoft.Billing/billingAccounts/agreements",
+            "Microsoft.Billing/billingAccounts/lineOfCredit",
+            "Microsoft.Billing/billingAccounts/paymentMethods",
+            "Microsoft.Billing/paymentMethods",
+            "Microsoft.Billing/billingAccounts/billingProfiles/paymentMethodLinks",
+            "Microsoft.Billing/billingAccounts/payableOverage",
+            "Microsoft.Billing/billingAccounts/payNow",
+            "Microsoft.Billing/billingAccounts/reservationOrders",
+            "Microsoft.Billing/billingAccounts/reservationOrders/reservations",
+            "Microsoft.Billing/billingAccounts/reservations",
+            "Microsoft.Billing/billingAccounts/billingProfiles/reservations",
+            "Microsoft.Billing/billingAccounts/billingProfiles/validateDetachPaymentMethodEligibility",
+            "Microsoft.Billing/validateAddress",
+            "Microsoft.Billing/promotions",
+            "Microsoft.Billing/promotions/checkeligibility",
+            "Microsoft.Billing/billingAccounts/billingSubscriptions/elevateRole",
+            "Microsoft.Billing/billingAccounts/appliedReservationOrders",
+            "Microsoft.Billing/promotionalCredits",
+            "Microsoft.Billing/billingAccounts/promotionalCredits",
+            "Microsoft.Billing/billingAccounts/savingsPlanOrders/savingsPlans",
+            "Microsoft.Billing/billingAccounts/savingsPlanOrders",
+            "Microsoft.Billing/billingAccounts/savingsPlans",
+            "Microsoft.Billing/billingAccounts/alerts",
+            "Microsoft.Billing/billingAccounts/billingProfiles/alerts",
+            "Microsoft.Billing/billingAccounts/listProductRecommendations",
+            "Microsoft.Billing/billingAccounts/incentiveSchedules",
+            "Microsoft.Billing/billingAccounts/incentiveSchedules/milestones",
+            "Microsoft.Billing/operationStatus",
+            "Microsoft.Billing/transfers/operationStatus",
+            "Microsoft.Billing/operationResults",
+            "Microsoft.Billing/billingAccounts/operationResults",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoices/operationResults",
+            "Microsoft.Billing/billingAccounts/billingProfiles/pricesheetDownloadOperations",
+            "Microsoft.Billing/billingAccounts/billingSubscriptions/operationResults",
+            "Microsoft.Billing/billingAccounts/billingSubscriptions/invoices/operationResults",
+            "Microsoft.Billing/billingAccounts/enrollmentAccounts/activationStatus",
+            "Microsoft.Billing/billingAccounts/invoices/operationResults",
+            "Microsoft.Billing/promotionalCredits/operationResults",
+            "Microsoft.Billing/billingAccounts/addresses",
+            "Microsoft.BillingBenefits/savingsPlanOrders",
+            "Microsoft.BillingBenefits/savingsPlanOrders/savingsPlans",
+            "Microsoft.BillingBenefits/savingsPlanOrders/return",
+            "Microsoft.BillingBenefits/validate",
+            "Microsoft.BillingBenefits/calculateMigrationCost",
+            "Microsoft.BillingBenefits/operationResults",
+            "Microsoft.BillingBenefits/operations",
+            "Microsoft.BillingBenefits/savingsPlanOrderAliases",
+            "Microsoft.BillingBenefits/reservationOrderAliases",
+            "Microsoft.BillingBenefits/savingsPlans",
+            "Microsoft.BillingBenefits/incentiveSchedules",
+            "Microsoft.BillingBenefits/incentiveSchedules/milestones",
+            "Microsoft.BillingBenefits/maccs",
+            "Microsoft.BillingBenefits/maccs/contributors",
+            "Microsoft.BillingBenefits/listSellerResources",
+            "Microsoft.BillingBenefits/credits",
+            "Microsoft.Bing/locations",
+            "Microsoft.Bing/accounts/skus",
+            "Microsoft.Bing/accounts/usages",
+            "Microsoft.Bing/registeredSubscriptions",
+            "Microsoft.Bing/operations",
+            "Microsoft.Bing/locations/operationStatuses",
+            "Microsoft.Bing/accounts",
+            "Microsoft.BlockchainTokens/Operations",
+            "Microsoft.Capacity/resourceProviders",
+            "Microsoft.Capacity/resourceProviders/locations",
+            "Microsoft.Capacity/resourceProviders/locations/serviceLimits",
+            "Microsoft.Capacity/resourceProviders/locations/serviceLimitsRequests",
+            "Microsoft.Capacity/resources",
+            "Microsoft.Capacity/reservationOrders",
+            "Microsoft.Capacity/reservationOrders/reservations",
+            "Microsoft.Capacity/listbenefits",
+            "Microsoft.Capacity/reservations",
+            "Microsoft.Capacity/reservationOrders/reservations/revisions",
+            "Microsoft.Capacity/operations",
+            "Microsoft.Capacity/catalogs",
+            "Microsoft.Capacity/appliedReservations",
+            "Microsoft.Capacity/checkOffers",
+            "Microsoft.Capacity/checkScopes",
+            "Microsoft.Capacity/calculatePrice",
+            "Microsoft.Capacity/calculateExchange",
+            "Microsoft.Capacity/exchange",
+            "Microsoft.Capacity/reservationOrders/calculateRefund",
+            "Microsoft.Capacity/reservationOrders/return",
+            "Microsoft.Capacity/reservationOrders/split",
+            "Microsoft.Capacity/reservationOrders/merge",
+            "Microsoft.Capacity/reservationOrders/swap",
+            "Microsoft.Capacity/reservationOrders/changeDirectory",
+            "Microsoft.Capacity/validateReservationOrder",
+            "Microsoft.Capacity/reservationOrders/availableScopes",
+            "Microsoft.Capacity/reservationOrders/reservations/availableScopes",
+            "Microsoft.Capacity/commercialReservationOrders",
+            "Microsoft.Capacity/calculatePurchasePrice",
+            "Microsoft.Capacity/placePurchaseOrder",
+            "Microsoft.Capacity/checkPurchaseStatus",
+            "Microsoft.Capacity/ownReservations",
+            "Microsoft.Capacity/operationResults",
+            "Microsoft.Capacity/listSkus",
+            "Microsoft.Capacity/checkBenefitScopes",
+            "Microsoft.Carbon/carbonEmissionReports",
+            "Microsoft.Carbon/queryCarbonEmissionDataAvailableDateRange",
+            "Microsoft.Carbon/operations",
+            "Microsoft.CertificateRegistration/certificateOrders",
+            "Microsoft.CertificateRegistration/certificateOrders/certificates",
+            "Microsoft.CertificateRegistration/validateCertificateRegistrationInformation",
+            "Microsoft.CertificateRegistration/operations",
+            "Microsoft.Certify/operations",
+            "Microsoft.ChangeAnalysis/operations",
+            "Microsoft.ChangeAnalysis/resourceChanges",
+            "Microsoft.ChangeAnalysis/changes",
+            "Microsoft.ChangeAnalysis/changeSnapshots",
+            "Microsoft.ChangeAnalysis/computeChanges",
+            "Microsoft.Chaos/operations",
+            "Microsoft.Chaos/targets",
+            "Microsoft.Chaos/locations",
+            "Microsoft.Chaos/locations/targetTypes",
+            "Microsoft.Chaos/experiments",
+            "Microsoft.Chaos/locations/operationStatuses",
+            "Microsoft.Chaos/locations/operationResults",
+            "Microsoft.Chaos/privateAccesses",
+            "Microsoft.ClassicCompute/domainNames",
+            "Microsoft.ClassicCompute/domainNames/internalLoadBalancers",
+            "Microsoft.ClassicCompute/checkDomainNameAvailability",
+            "Microsoft.ClassicCompute/domainNames/slots",
+            "Microsoft.ClassicCompute/domainNames/slots/roles",
+            "Microsoft.ClassicCompute/domainNames/slots/roles/metricDefinitions",
+            "Microsoft.ClassicCompute/domainNames/slots/roles/metrics",
+            "Microsoft.ClassicCompute/virtualMachines",
+            "Microsoft.ClassicCompute/capabilities",
+            "Microsoft.ClassicCompute/domainNames/capabilities",
+            "Microsoft.ClassicCompute/domainNames/serviceCertificates",
+            "Microsoft.ClassicCompute/quotas",
+            "Microsoft.ClassicCompute/virtualMachines/diagnosticSettings",
+            "Microsoft.ClassicCompute/virtualMachines/metricDefinitions",
+            "Microsoft.ClassicCompute/virtualMachines/metrics",
+            "Microsoft.ClassicCompute/operations",
+            "Microsoft.ClassicCompute/resourceTypes",
+            "Microsoft.ClassicCompute/moveSubscriptionResources",
+            "Microsoft.ClassicCompute/validateSubscriptionMoveAvailability",
+            "Microsoft.ClassicCompute/operationStatuses",
+            "Microsoft.ClassicCompute/operatingSystems",
+            "Microsoft.ClassicCompute/operatingSystemFamilies",
+            "Microsoft.ClassicInfrastructureMigrate/classicInfrastructureResources",
+            "Microsoft.ClassicNetwork/virtualNetworks",
+            "Microsoft.ClassicNetwork/virtualNetworks/virtualNetworkPeerings",
+            "Microsoft.ClassicNetwork/virtualNetworks/remoteVirtualNetworkPeeringProxies",
+            "Microsoft.ClassicNetwork/reservedIps",
+            "Microsoft.ClassicNetwork/quotas",
+            "Microsoft.ClassicNetwork/gatewaySupportedDevices",
+            "Microsoft.ClassicNetwork/operations",
+            "Microsoft.ClassicNetwork/networkSecurityGroups",
+            "Microsoft.ClassicNetwork/capabilities",
+            "Microsoft.ClassicNetwork/expressRouteCrossConnections",
+            "Microsoft.ClassicNetwork/expressRouteCrossConnections/peerings",
+            "Microsoft.ClassicStorage/storageAccounts",
+            "Microsoft.ClassicStorage/quotas",
+            "Microsoft.ClassicStorage/checkStorageAccountAvailability",
+            "Microsoft.ClassicStorage/storageAccounts/services",
+            "Microsoft.ClassicStorage/storageAccounts/services/diagnosticSettings",
+            "Microsoft.ClassicStorage/storageAccounts/services/metricDefinitions",
+            "Microsoft.ClassicStorage/storageAccounts/services/metrics",
+            "Microsoft.ClassicStorage/storageAccounts/metricDefinitions",
+            "Microsoft.ClassicStorage/storageAccounts/metrics",
+            "Microsoft.ClassicStorage/capabilities",
+            "Microsoft.ClassicStorage/storageAccounts/blobServices",
+            "Microsoft.ClassicStorage/storageAccounts/tableServices",
+            "Microsoft.ClassicStorage/storageAccounts/fileServices",
+            "Microsoft.ClassicStorage/storageAccounts/queueServices",
+            "Microsoft.ClassicStorage/disks",
+            "Microsoft.ClassicStorage/images",
+            "Microsoft.ClassicStorage/vmImages",
+            "Microsoft.ClassicStorage/storageAccounts/vmImages",
+            "Microsoft.ClassicStorage/publicImages",
+            "Microsoft.ClassicStorage/osImages",
+            "Microsoft.ClassicStorage/osPlatformImages",
+            "Microsoft.ClassicStorage/operations",
+            "Microsoft.ClassicSubscription/operations",
+            "Microsoft.CleanRoom/Locations",
+            "Microsoft.CleanRoom/Operations",
+            "Microsoft.CleanRoom/Locations/OperationStatuses",
+            "Microsoft.CloudHealth/Locations",
+            "Microsoft.CloudHealth/Locations/operationstatuses",
+            "Microsoft.CloudHealth/Operations",
+            "Microsoft.CloudShell/operations",
+            "Microsoft.CloudTest/accounts",
+            "Microsoft.CloudTest/pools",
+            "Microsoft.CloudTest/hostedpools",
+            "Microsoft.CloudTest/images",
+            "Microsoft.CloudTest/operations",
+            "Microsoft.CloudTest/locations",
+            "Microsoft.CloudTest/locations/operations",
+            "Microsoft.CodeSigning/Locations",
+            "Microsoft.CodeSigning/Locations/OperationStatuses",
+            "Microsoft.CodeSigning/Operations",
+            "Microsoft.CodeSigning/checkNameAvailability",
+            "Microsoft.Commerce/UsageAggregates",
+            "Microsoft.Commerce/RateCard",
+            "Microsoft.Commerce/operations",
+            "Microsoft.Communication/Locations",
+            "Microsoft.Communication/CommunicationServices",
+            "Microsoft.Communication/CommunicationServices/eventGridFilters",
+            "Microsoft.Communication/operations",
+            "Microsoft.Communication/registeredSubscriptions",
+            "Microsoft.Communication/locations/operationStatuses",
+            "Microsoft.Communication/CheckNameAvailability",
+            "Microsoft.Communication/EmailServices",
+            "Microsoft.Communication/EmailServices/Domains",
+            "Microsoft.Communication/EmailServices/Domains/SenderUsernames",
+            "Microsoft.Community/communityTrainings",
+            "Microsoft.Community/Operations",
+            "Microsoft.Community/Locations",
+            "Microsoft.Community/Locations/OperationStatuses",
+            "Microsoft.ComputeSchedule/Locations",
+            "Microsoft.ConfidentialLedger/Locations",
+            "Microsoft.ConfidentialLedger/Ledgers",
+            "Microsoft.ConfidentialLedger/checkNameAvailability",
+            "Microsoft.ConfidentialLedger/Locations/operations",
+            "Microsoft.ConfidentialLedger/Locations/operationstatuses",
+            "Microsoft.ConfidentialLedger/ManagedCCFs",
+            "Microsoft.ConfidentialLedger/operations",
+            "Microsoft.Confluent/operations",
+            "Microsoft.Confluent/locations",
+            "Microsoft.Confluent/locations/OperationStatuses",
+            "Microsoft.Confluent/organizations",
+            "Microsoft.Confluent/checkNameAvailability",
+            "Microsoft.Confluent/agreements",
+            "Microsoft.Confluent/validations",
+            "Microsoft.Confluent/organizations/access",
+            "Microsoft.Confluent/organizations/access/deleteRoleBinding",
+            "Microsoft.Confluent/organizations/environments",
+            "Microsoft.Confluent/organizations/environments/clusters",
+            "Microsoft.Confluent/organizations/environments/schemaRegistryClusters",
+            "Microsoft.Confluent/organizations/environments/clusters/createAPIKey",
+            "Microsoft.Confluent/organizations/apiKeys",
+            "Microsoft.Confluent/organizations/listRegions",
+            "Microsoft.ConnectedCache/cacheNodes",
+            "Microsoft.ConnectedCache/enterpriseCustomers",
+            "Microsoft.ConnectedCache/Operations",
+            "Microsoft.ConnectedCache/locations",
+            "Microsoft.ConnectedCache/locations/operationstatuses",
+            "Microsoft.ConnectedCache/ispCustomers",
+            "Microsoft.ConnectedCache/ispCustomers/ispCacheNodes",
+            "Microsoft.ConnectedCache/enterpriseMccCustomers",
+            "Microsoft.ConnectedCache/enterpriseMccCustomers/enterpriseMccCacheNodes",
+            "Microsoft.ConnectedCache/registeredSubscriptions",
+            "Microsoft.ConnectedCredentials/locations",
+            "Microsoft.ConnectedCredentials/locations/operationstatuses",
+            "Microsoft.ConnectedCredentials/credentials",
+            "Microsoft.ConnectedCredentials/operations",
+            "microsoft.connectedopenstack/operations",
+            "microsoft.connectedopenstack/locations",
+            "microsoft.connectedopenstack/locations/operationStatuses",
+            "Microsoft.ConnectedVehicle/locations",
+            "Microsoft.ConnectedVehicle/operations",
+            "Microsoft.ConnectedVehicle/Locations/OperationStatuses",
+            "Microsoft.ConnectedVehicle/checkNameAvailability",
+            "Microsoft.ConnectedVehicle/registeredSubscriptions",
+            "Microsoft.ConnectedVMwarevSphere/locations",
+            "Microsoft.ConnectedVMwarevSphere/locations/operationstatuses",
+            "Microsoft.ConnectedVMwarevSphere/VCenters",
+            "Microsoft.ConnectedVMwarevSphere/resourcepools",
+            "Microsoft.ConnectedVMwarevSphere/virtualnetworks",
+            "Microsoft.ConnectedVMwarevSphere/virtualmachinetemplates",
+            "Microsoft.ConnectedVMwarevSphere/operations",
+            "Microsoft.ConnectedVMwarevSphere/virtualmachines",
+            "Microsoft.ConnectedVMwarevSphere/vcenters/inventoryitems",
+            "Microsoft.ConnectedVMwarevSphere/virtualmachines/hybrididentitymetadata",
+            "Microsoft.ConnectedVMwarevSphere/virtualmachines/extensions",
+            "Microsoft.ConnectedVMwarevSphere/virtualmachines/guestagents",
+            "Microsoft.ConnectedVMwarevSphere/clusters",
+            "Microsoft.ConnectedVMwarevSphere/datastores",
+            "Microsoft.ConnectedVMwarevSphere/hosts",
+            "Microsoft.ConnectedVMwarevSphere/virtualmachineinstances",
+            "Microsoft.CostManagement/Connectors",
+            "Microsoft.CostManagement/CloudConnectors",
+            "Microsoft.CostManagement/CheckConnectorEligibility",
+            "Microsoft.CostManagement/ExternalBillingAccounts",
+            "Microsoft.CostManagement/ExternalBillingAccounts/Dimensions",
+            "Microsoft.CostManagement/ExternalBillingAccounts/Query",
+            "Microsoft.CostManagement/ExternalSubscriptions/Dimensions",
+            "Microsoft.CostManagement/ExternalSubscriptions/Query",
+            "Microsoft.CostManagement/ExternalSubscriptions",
+            "Microsoft.CostManagement/Forecast",
+            "Microsoft.CostManagement/ExternalSubscriptions/Forecast",
+            "Microsoft.CostManagement/ExternalBillingAccounts/Forecast",
+            "Microsoft.CostManagement/Settings",
+            "Microsoft.CostManagement/operations",
+            "Microsoft.CostManagement/register",
+            "Microsoft.CostManagement/Query",
+            "Microsoft.CostManagement/Dimensions",
+            "Microsoft.CostManagement/Budgets",
+            "Microsoft.CostManagement/ExternalSubscriptions/Alerts",
+            "Microsoft.CostManagement/ExternalBillingAccounts/Alerts",
+            "Microsoft.CostManagement/Alerts",
+            "Microsoft.CostManagement/showbackRules",
+            "Microsoft.CostManagement/costAllocationRules",
+            "Microsoft.CostManagement/Exports",
+            "Microsoft.CostManagement/Reports",
+            "Microsoft.CostManagement/Reportconfigs",
+            "Microsoft.CostManagement/BillingAccounts",
+            "Microsoft.CostManagement/Departments",
+            "Microsoft.CostManagement/EnrollmentAccounts",
+            "Microsoft.CostManagement/Views",
+            "Microsoft.CostManagement/Publish",
+            "Microsoft.CostManagement/ScheduledActions",
+            "Microsoft.CostManagement/CheckNameAvailability",
+            "Microsoft.CostManagement/BenefitUtilizationSummaries",
+            "Microsoft.CostManagement/BenefitRecommendations",
+            "Microsoft.CostManagement/Insights",
+            "Microsoft.CostManagement/fetchPrices",
+            "Microsoft.CostManagement/fetchMicrosoftPrices",
+            "Microsoft.CostManagement/fetchMarketplacePrices",
+            "Microsoft.CostManagement/calculatePrice",
+            "Microsoft.CostManagement/CalculateCost",
+            "Microsoft.CostManagement/GenerateBenefitUtilizationSummariesReport",
+            "Microsoft.CostManagement/BenefitUtilizationSummariesOperationResults",
+            "Microsoft.CostManagement/GenerateReservationDetailsReport",
+            "Microsoft.CostManagement/ReservationDetailsOperationResults",
+            "Microsoft.CostManagement/GenerateDetailedCostReport",
+            "Microsoft.CostManagement/GenerateCostDetailsReport",
+            "Microsoft.CostManagement/CostDetailsOperationResults",
+            "Microsoft.CostManagement/OperationStatus",
+            "Microsoft.CostManagement/OperationResults",
+            "Microsoft.CostManagement/Pricesheets",
+            "Microsoft.CostManagement/MarkupRules",
+            "Microsoft.CostManagement/StartConversation",
+            "Microsoft.CostManagement/SendMessage",
+            "Microsoft.CostManagementExports/Operations",
+            "Microsoft.CustomerLockbox/operations",
+            "Microsoft.CustomerLockbox/TenantOptedIn",
+            "Microsoft.CustomerLockbox/EnableLockbox",
+            "Microsoft.CustomerLockbox/DisableLockbox",
+            "Microsoft.CustomerLockbox/requests",
+            "Microsoft.D365CustomerInsights/instances",
+            "Microsoft.D365CustomerInsights/operations",
+            "Microsoft.Dashboard/locations",
+            "Microsoft.Dashboard/checkNameAvailability",
+            "Microsoft.Dashboard/locations/operationStatuses",
+            "Microsoft.Dashboard/grafana",
+            "Microsoft.Dashboard/operations",
+            "Microsoft.Dashboard/grafana/privateEndpointConnections",
+            "Microsoft.Dashboard/grafana/privateLinkResources",
+            "Microsoft.Dashboard/locations/checkNameAvailability",
+            "Microsoft.Dashboard/grafana/managedPrivateEndpoints",
+            "Microsoft.DatabaseWatcher/locations",
+            "Microsoft.DatabaseWatcher/operations",
+            "Microsoft.DataBox/jobs",
+            "Microsoft.DataBox/locations",
+            "Microsoft.DataBox/locations/validateAddress",
+            "Microsoft.DataBox/locations/checkNameAvailability",
+            "Microsoft.DataBox/locations/operationresults",
+            "Microsoft.DataBox/operations",
+            "Microsoft.DataBox/locations/availableSkus",
+            "Microsoft.DataBox/locations/validateInputs",
+            "Microsoft.DataBox/locations/regionConfiguration",
+            "Microsoft.DataBox/jobs/eventGridFilters",
+            "Microsoft.DataBoxEdge/DataBoxEdgeDevices",
+            "Microsoft.DataBoxEdge/DataBoxEdgeDevices/checkNameAvailability",
+            "Microsoft.DataBoxEdge/operations",
+            "Microsoft.DataBoxEdge/availableSkus",
+            "Microsoft.DataCatalog/catalogs",
+            "Microsoft.DataCatalog/checkNameAvailability",
+            "Microsoft.DataCatalog/operations",
+            "Microsoft.DataCatalog/locations",
+            "Microsoft.DataCatalog/locations/jobs",
+            "Microsoft.Datadog/registeredSubscriptions",
+            "Microsoft.Datadog/locations",
+            "Microsoft.Datadog/locations/operationStatuses",
+            "Microsoft.Datadog/operations",
+            "Microsoft.Datadog/monitors",
+            "Microsoft.Datadog/monitors/tagRules",
+            "Microsoft.Datadog/monitors/listMonitoredResources",
+            "Microsoft.Datadog/monitors/listApiKeys",
+            "Microsoft.Datadog/monitors/getDefaultKey",
+            "Microsoft.Datadog/monitors/setDefaultKey",
+            "Microsoft.Datadog/monitors/singleSignOnConfigurations",
+            "Microsoft.Datadog/monitors/listHosts",
+            "Microsoft.Datadog/monitors/listLinkedResources",
+            "Microsoft.Datadog/monitors/refreshSetPasswordLink",
+            "Microsoft.Datadog/agreements",
+            "Microsoft.Datadog/monitors/monitoredSubscriptions",
+            "Microsoft.Datadog/subscriptionStatuses",
+            "Microsoft.DataFactory/factories",
+            "Microsoft.DataFactory/factories/integrationRuntimes",
+            "Microsoft.DataFactory/factories/privateEndpointConnectionProxies",
+            "Microsoft.DataFactory/CheckNameAvailability",
+            "Microsoft.DataFactory/operations",
+            "Microsoft.DataFactory/locations",
+            "Microsoft.DataFactory/locations/configureFactoryRepo",
+            "Microsoft.DataFactory/locations/getFeatureValue",
+            "Microsoft.DataReplication/replicationVaults",
+            "Microsoft.DataReplication/replicationFabrics",
+            "Microsoft.DataReplication/operations",
+            "Microsoft.DataShare/accounts",
+            "Microsoft.DataShare/accounts/shares",
+            "Microsoft.DataShare/accounts/shares/datasets",
+            "Microsoft.DataShare/accounts/shares/synchronizationSettings",
+            "Microsoft.DataShare/accounts/shares/invitations",
+            "Microsoft.DataShare/accounts/sharesubscriptions",
+            "Microsoft.DataShare/accounts/shares/providersharesubscriptions",
+            "Microsoft.DataShare/accounts/sharesubscriptions/datasetmappings",
+            "Microsoft.DataShare/accounts/sharesubscriptions/triggers",
+            "Microsoft.DataShare/accounts/sharesubscriptions/consumerSourceDataSets",
+            "Microsoft.DataShare/listinvitations",
+            "Microsoft.DataShare/locations",
+            "Microsoft.DataShare/locations/operationResults",
+            "Microsoft.DataShare/locations/registerEmail",
+            "Microsoft.DataShare/locations/activateEmail",
+            "Microsoft.DataShare/locations/rejectInvitation",
+            "Microsoft.DataShare/locations/consumerInvitations",
+            "Microsoft.DataShare/operations",
+            "Microsoft.DelegatedNetwork/operations",
+            "Microsoft.DevAI/Locations",
+            "Microsoft.DevAI/Locations/operationstatuses",
+            "Microsoft.DevAI/instances",
+            "Microsoft.DevAI/instances/experiments",
+            "Microsoft.DevAI/instances/sandboxes",
+            "Microsoft.DevAI/instances/sandboxes/experiments",
+            "Microsoft.DevAI/Operations",
+            "Microsoft.DevAI/registeredSubscriptions",
+            "Microsoft.DevCenter/operations",
+            "Microsoft.DevCenter/Locations",
+            "Microsoft.DevCenter/Locations/OperationStatuses",
+            "Microsoft.DevCenter/devcenters",
+            "Microsoft.DevCenter/devcenters/catalogs",
+            "Microsoft.DevCenter/devcenters/attachednetworks",
+            "Microsoft.DevCenter/devcenters/devboxdefinitions",
+            "Microsoft.DevCenter/devcenters/environmentTypes",
+            "Microsoft.DevCenter/devcenters/galleries",
+            "Microsoft.DevCenter/devcenters/galleries/images/versions",
+            "Microsoft.DevCenter/devcenters/galleries/images",
+            "Microsoft.DevCenter/devcenters/images",
+            "Microsoft.DevCenter/networkconnections",
+            "Microsoft.DevCenter/networkconnections/healthchecks",
+            "Microsoft.DevCenter/projects",
+            "Microsoft.DevCenter/projects/attachednetworks",
+            "Microsoft.DevCenter/projects/environmentTypes",
+            "Microsoft.DevCenter/projects/pools",
+            "Microsoft.DevCenter/projects/pools/schedules",
+            "Microsoft.DevCenter/projects/devboxdefinitions",
+            "Microsoft.DevCenter/projects/allowedEnvironmentTypes",
+            "Microsoft.DevCenter/checkNameAvailability",
+            "Microsoft.DevCenter/networkconnections/outboundNetworkDependenciesEndpoints",
+            "Microsoft.DevCenter/Locations/usages",
+            "Microsoft.DevCenter/devcenters/catalogs/devboxdefinitions",
+            "Microsoft.DevCenter/devcenters/catalogs/environmentDefinitions",
+            "Microsoft.DevCenter/devcenters/catalogs/tasks",
+            "Microsoft.DevCenter/checkScopedNameAvailability",
+            "Microsoft.DevelopmentWindows365/DevelopmentCloudPcDelegatedMsis",
+            "Microsoft.DevHub/operations",
+            "Microsoft.DevHub/workflows",
+            "Microsoft.DevHub/locations",
+            "Microsoft.DevHub/locations/githuboauth",
+            "Microsoft.DevHub/locations/generatePreviewArtifacts",
+            "Microsoft.DeviceRegistry/locations",
+            "Microsoft.DeviceRegistry/operations",
+            "Microsoft.DeviceRegistry/operationStatuses",
+            "Microsoft.DeviceRegistry/locations/operationStatuses",
+            "Microsoft.DeviceRegistry/assets",
+            "Microsoft.DeviceRegistry/assetEndpointProfiles",
+            "Microsoft.DeviceUpdate/locations",
+            "Microsoft.DeviceUpdate/locations/operationStatuses",
+            "Microsoft.DeviceUpdate/operations",
+            "Microsoft.DeviceUpdate/accounts",
+            "Microsoft.DeviceUpdate/accounts/instances",
+            "Microsoft.DeviceUpdate/checkNameAvailability",
+            "Microsoft.DeviceUpdate/registeredSubscriptions",
+            "Microsoft.DeviceUpdate/accounts/privateLinkResources",
+            "Microsoft.DeviceUpdate/accounts/privateEndpointConnections",
+            "Microsoft.DeviceUpdate/accounts/privateEndpointConnectionProxies",
+            "Microsoft.DigitalTwins/locations",
+            "Microsoft.DigitalTwins/locations/checkNameAvailability",
+            "Microsoft.DigitalTwins/digitalTwinsInstances",
+            "Microsoft.DigitalTwins/digitalTwinsInstances/operationResults",
+            "Microsoft.DigitalTwins/locations/operationResults",
+            "Microsoft.DigitalTwins/locations/operationsStatuses",
+            "Microsoft.DigitalTwins/digitalTwinsInstances/endpoints",
+            "Microsoft.DigitalTwins/digitalTwinsInstances/timeSeriesDatabaseConnections",
+            "Microsoft.DigitalTwins/operations",
+            "Microsoft.DomainRegistration/domains",
+            "Microsoft.DomainRegistration/domains/domainOwnershipIdentifiers",
+            "Microsoft.DomainRegistration/topLevelDomains",
+            "Microsoft.DomainRegistration/checkDomainAvailability",
+            "Microsoft.DomainRegistration/listDomainRecommendations",
+            "Microsoft.DomainRegistration/validateDomainRegistrationInformation",
+            "Microsoft.DomainRegistration/generateSsoRequest",
+            "Microsoft.DomainRegistration/operations",
+            "Microsoft.Easm/workspaces",
+            "Microsoft.Easm/workspaces/labels",
+            "Microsoft.Easm/operations",
+            "Microsoft.Easm/workspaces/tasks",
+            "Microsoft.EdgeManagement/locations",
+            "Microsoft.EdgeManagement/operations",
+            "Microsoft.EdgeMarketplace/operations",
+            "Microsoft.EdgeMarketplace/locations",
+            "Microsoft.EdgeMarketplace/locations/operationStatuses",
+            "Microsoft.EdgeMarketplace/publishers",
+            "Microsoft.EdgeMarketplace/offers",
+            "Microsoft.EdgeOrder/addresses",
+            "Microsoft.EdgeOrder/orderItems",
+            "Microsoft.EdgeOrder/orders",
+            "Microsoft.EdgeOrder/locations",
+            "Microsoft.EdgeOrder/locations/orders",
+            "Microsoft.EdgeOrder/listProductFamilies",
+            "Microsoft.EdgeOrder/listConfigurations",
+            "Microsoft.EdgeOrder/productFamiliesMetadata",
+            "Microsoft.EdgeOrder/locations/hciCatalog",
+            "Microsoft.EdgeOrder/locations/hciCatalog/vendors",
+            "Microsoft.EdgeOrder/locations/hciCatalog/platforms",
+            "Microsoft.EdgeOrder/locations/hciCatalog/projects",
+            "Microsoft.EdgeOrder/locations/hciFlightCatalog",
+            "Microsoft.EdgeOrder/locations/hciFlightCatalog/vendors",
+            "Microsoft.EdgeOrder/locations/hciFlightCatalog/platforms",
+            "Microsoft.EdgeOrder/locations/hciFlightCatalog/projects",
+            "Microsoft.EdgeOrder/operations",
+            "Microsoft.EdgeOrder/locations/operationresults",
+            "Microsoft.EdgeOrderPartner/operations",
+            "Microsoft.Elastic/operations",
+            "Microsoft.Elastic/locations",
+            "Microsoft.Elastic/locations/operationStatuses",
+            "Microsoft.Elastic/monitors",
+            "Microsoft.Elastic/monitors/tagRules",
+            "Microsoft.Elastic/checkNameAvailability",
+            "Microsoft.Elastic/elasticVersions",
+            "Microsoft.Elastic/getOrganizationApiKey",
+            "Microsoft.Elastic/getElasticOrganizationToAzureSubscriptionMapping",
+            "Microsoft.ElasticSan/elasticSans",
+            "Microsoft.ElasticSan/elasticSans/volumeGroups",
+            "Microsoft.ElasticSan/operations",
+            "Microsoft.ElasticSan/locations/asyncoperations",
+            "Microsoft.ElasticSan/locations",
+            "Microsoft.EnterpriseSupport/EnterpriseSupports",
+            "Microsoft.EnterpriseSupport/operationStatuses",
+            "Microsoft.EnterpriseSupport/validate",
+            "Microsoft.EnterpriseSupport/Operations",
+            "Microsoft.EntitlementManagement/Operations",
+            "Microsoft.Experimentation/Operations",
+            "Microsoft.ExtendedLocation/locations",
+            "Microsoft.ExtendedLocation/customLocations",
+            "Microsoft.ExtendedLocation/customLocations/enabledResourceTypes",
+            "Microsoft.ExtendedLocation/customLocations/resourceSyncRules",
+            "Microsoft.ExtendedLocation/locations/operationsstatus",
+            "Microsoft.ExtendedLocation/locations/operationresults",
+            "Microsoft.ExtendedLocation/operations",
+            "Microsoft.Fabric/capacities",
+            "Microsoft.Fabric/locations",
+            "Microsoft.Fabric/locations/checkNameAvailability",
+            "Microsoft.Fabric/locations/operationresults",
+            "Microsoft.Fabric/locations/operationstatuses",
+            "Microsoft.Fabric/operations",
+            "Microsoft.Falcon/namespaces",
+            "Microsoft.Features/features",
+            "Microsoft.Features/providers",
+            "Microsoft.Features/featureProviders",
+            "Microsoft.Features/subscriptionFeatureRegistrations",
+            "Microsoft.Features/featureProviderNamespaces",
+            "Microsoft.Features/featureConfigurations",
+            "Microsoft.Features/operations",
+            "Microsoft.FluidRelay/fluidRelayServers",
+            "Microsoft.FluidRelay/Operations",
+            "Microsoft.FluidRelay/fluidRelayServers/fluidRelayContainers",
+            "Microsoft.FluidRelay/Locations",
+            "Microsoft.FluidRelay/Locations/OperationStatuses",
+            "Microsoft.GraphServices/accounts",
+            "Microsoft.GraphServices/Operations",
+            "Microsoft.GraphServices/RegisteredSubscriptions",
+            "Microsoft.GraphServices/Locations",
+            "Microsoft.GraphServices/Locations/OperationStatuses",
+            "Microsoft.HanaOnAzure/hanaInstances",
+            "Microsoft.HanaOnAzure/locations/operationsStatus",
+            "Microsoft.HanaOnAzure/locations",
+            "Microsoft.HanaOnAzure/locations/operations",
+            "Microsoft.HanaOnAzure/operations",
+            "Microsoft.HardwareSecurityModules/cloudHsmClusters",
+            "Microsoft.HardwareSecurityModules/locations",
+            "Microsoft.HardwareSecurityModules/operations",
+            "Microsoft.HealthBot/Operations",
+            "Microsoft.HealthBot/Locations",
+            "Microsoft.HealthBot/Locations/OperationStatuses",
+            "Microsoft.HealthBot/healthBots",
+            "Microsoft.HealthDataAIServices/locations",
+            "Microsoft.HealthDataAIServices/locations/operationStatuses",
+            "Microsoft.HealthDataAIServices/Operations",
+            "Microsoft.HealthModel/Operations",
+            "Microsoft.Help/operations",
+            "Microsoft.Help/operationResults",
+            "Microsoft.Help/discoverySolutions",
+            "Microsoft.Help/discoverSolutions",
+            "Microsoft.Help/diagnostics",
+            "Microsoft.Help/checkNameAvailability",
+            "Microsoft.Help/solutions",
+            "Microsoft.Help/troubleshooters",
+            "Microsoft.Help/SelfHelp",
+            "Microsoft.HybridCloud/cloudConnectors",
+            "Microsoft.HybridCloud/cloudConnections",
+            "Microsoft.HybridCompute/machines",
+            "Microsoft.HybridCompute/machines/hybridIdentityMetadata",
+            "Microsoft.HybridCompute/machines/privateLinkScopes",
+            "Microsoft.HybridCompute/machines/extensions",
+            "Microsoft.HybridCompute/locations",
+            "Microsoft.HybridCompute/locations/publishers",
+            "Microsoft.HybridCompute/locations/publishers/extensionTypes",
+            "Microsoft.HybridCompute/locations/publishers/extensionTypes/versions",
+            "Microsoft.HybridCompute/locations/operationStatus",
+            "Microsoft.HybridCompute/locations/operationResults",
+            "Microsoft.HybridCompute/operations",
+            "Microsoft.HybridCompute/machines/assessPatches",
+            "Microsoft.HybridCompute/machines/installPatches",
+            "Microsoft.HybridCompute/locations/updateCenterOperationResults",
+            "Microsoft.HybridCompute/privateLinkScopes",
+            "Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnections",
+            "Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnectionProxies",
+            "Microsoft.HybridCompute/locations/privateLinkScopes",
+            "Microsoft.HybridCompute/osType",
+            "Microsoft.HybridCompute/osType/agentVersions",
+            "Microsoft.HybridCompute/osType/agentVersions/latest",
+            "Microsoft.HybridCompute/machines/runcommands",
+            "Microsoft.HybridCompute/machines/licenseProfiles",
+            "Microsoft.HybridCompute/licenses",
+            "Microsoft.HybridCompute/validateLicense",
+            "Microsoft.HybridCompute/networkConfigurations",
+            "Microsoft.HybridCompute/privateLinkScopes/networkSecurityPerimeterConfigurations",
+            "Microsoft.HybridCompute/privateLinkScopes/networkSecurityPerimeterAssociationProxies",
+            "Microsoft.HybridCompute/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+            "Microsoft.HybridCompute/locations/notifyExtension",
+            "Microsoft.HybridConnectivity/endpoints",
+            "Microsoft.HybridConnectivity/Operations",
+            "Microsoft.HybridConnectivity/Locations",
+            "Microsoft.HybridConnectivity/Locations/OperationStatuses",
+            "Microsoft.HybridContainerService/Locations",
+            "Microsoft.HybridContainerService/Locations/operationStatuses",
+            "Microsoft.HybridContainerService/provisionedClusters",
+            "Microsoft.HybridContainerService/provisionedClusters/hybridIdentityMetadata",
+            "Microsoft.HybridContainerService/provisionedClusters/agentPools",
+            "Microsoft.HybridContainerService/virtualNetworks",
+            "Microsoft.HybridContainerService/Operations",
+            "Microsoft.HybridContainerService/provisionedClusters/upgradeProfiles",
+            "Microsoft.HybridContainerService/kubernetesVersions",
+            "Microsoft.HybridContainerService/skus",
+            "Microsoft.HybridContainerService/provisionedClusterInstances",
+            "Microsoft.HybridNetwork/Operations",
+            "Microsoft.HybridNetwork/Locations",
+            "Microsoft.HybridNetwork/Locations/OperationStatuses",
+            "Microsoft.HybridNetwork/devices",
+            "Microsoft.HybridNetwork/networkfunctions",
+            "Microsoft.HybridNetwork/networkFunctionVendors",
+            "Microsoft.HybridNetwork/networkFunctions/components",
+            "Microsoft.HybridNetwork/sites",
+            "Microsoft.HybridNetwork/siteNetworkServices",
+            "Microsoft.HybridNetwork/configurationGroupValues",
+            "Microsoft.HybridNetwork/publishers",
+            "Microsoft.HybridNetwork/publishers/networkFunctionDefinitionGroups",
+            "Microsoft.HybridNetwork/publishers/networkFunctionDefinitionGroups/networkFunctionDefinitionVersions",
+            "Microsoft.HybridNetwork/publishers/artifactStores",
+            "Microsoft.HybridNetwork/publishers/artifactStores/artifactManifests",
+            "Microsoft.HybridNetwork/publishers/artifactstores/artifacts",
+            "Microsoft.HybridNetwork/publishers/artifactstores/artifactversions",
+            "Microsoft.Impact/Operations",
+            "Microsoft.IntegrationSpaces/Spaces",
+            "Microsoft.IntegrationSpaces/Spaces/InfrastructureResources",
+            "Microsoft.IntegrationSpaces/Spaces/Applications",
+            "Microsoft.IntegrationSpaces/Spaces/applications/resources",
+            "Microsoft.IntegrationSpaces/Spaces/applications/BusinessProcesses",
+            "Microsoft.IntegrationSpaces/Spaces/applications/BusinessProcesses/versions",
+            "Microsoft.IntegrationSpaces/locations",
+            "Microsoft.IntegrationSpaces/locations/OperationStatuses",
+            "Microsoft.IntegrationSpaces/operations",
+            "Microsoft.IoTCentral/IoTApps",
+            "Microsoft.IoTCentral/checkNameAvailability",
+            "Microsoft.IoTCentral/checkSubdomainAvailability",
+            "Microsoft.IoTCentral/operations",
+            "Microsoft.IoTCentral/locations",
+            "Microsoft.IoTCentral/locations/operationResults",
+            "Microsoft.IoTCentral/appTemplates",
+            "Microsoft.IoTFirmwareDefense/operations",
+            "Microsoft.IoTFirmwareDefense/workspaces",
+            "Microsoft.IoTFirmwareDefense/workspaces/firmwares",
+            "Microsoft.IoTFirmwareDefense/workspaces/firmwares/sbomComponents",
+            "Microsoft.IoTFirmwareDefense/workspaces/firmwares/binaryHardeningResults",
+            "Microsoft.IoTFirmwareDefense/workspaces/firmwares/cryptoCertificates",
+            "Microsoft.IoTFirmwareDefense/workspaces/firmwares/cryptoKeys",
+            "Microsoft.IoTFirmwareDefense/workspaces/firmwares/passwordHashes",
+            "Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves",
+            "Microsoft.IoTFirmwareDefense/workspaces/firmwares/summaries",
+            "Microsoft.IoTFirmwareDefense/locations",
+            "Microsoft.IoTFirmwareDefense/locations/operationStatuses",
+            "Microsoft.IoTOperationsDataProcessor/locations",
+            "Microsoft.IoTOperationsDataProcessor/locations/operationStatuses",
+            "Microsoft.IoTOperationsDataProcessor/instances",
+            "Microsoft.IoTOperationsDataProcessor/instances/datasets",
+            "Microsoft.IoTOperationsDataProcessor/instances/pipelines",
+            "Microsoft.IoTOperationsDataProcessor/operations",
+            "Microsoft.IoTOperationsMQ/Locations",
+            "Microsoft.IoTOperationsMQ/Operations",
+            "Microsoft.IoTOperationsMQ/Locations/OperationStatuses",
+            "Microsoft.IoTOperationsMQ/mq",
+            "Microsoft.IoTOperationsMQ/mq/broker",
+            "Microsoft.IoTOperationsMQ/mq/broker/authentication",
+            "Microsoft.IoTOperationsMQ/mq/broker/authorization",
+            "Microsoft.IoTOperationsMQ/mq/broker/listener",
+            "Microsoft.IoTOperationsMQ/mq/dataLakeConnector",
+            "Microsoft.IoTOperationsMQ/mq/dataLakeConnector/topicMap",
+            "Microsoft.IoTOperationsMQ/mq/diagnosticService",
+            "Microsoft.IoTOperationsMQ/mq/kafkaConnector",
+            "Microsoft.IoTOperationsMQ/mq/kafkaConnector/topicMap",
+            "Microsoft.IoTOperationsMQ/mq/mqttBridgeConnector",
+            "Microsoft.IoTOperationsMQ/mq/mqttBridgeConnector/topicMap",
+            "Microsoft.IoTOperationsOrchestrator/locations",
+            "Microsoft.IoTOperationsOrchestrator/locations/operationStatuses",
+            "Microsoft.IoTOperationsOrchestrator/targets",
+            "Microsoft.IoTOperationsOrchestrator/solutions",
+            "Microsoft.IoTOperationsOrchestrator/instances",
+            "Microsoft.IoTOperationsOrchestrator/operations",
+            "Microsoft.IoTSecurity/Operations",
+            "Microsoft.IoTSecurity/defenderSettings",
+            "Microsoft.IoTSecurity/locations",
+            "Microsoft.IoTSecurity/locations/deviceGroups",
+            "Microsoft.IoTSecurity/locations/deviceGroups/devices",
+            "Microsoft.IoTSecurity/locations/endpoints",
+            "Microsoft.IoTSecurity/locations/deviceGroups/vulnerabilities",
+            "Microsoft.IoTSecurity/locations/deviceGroups/alerts",
+            "Microsoft.IoTSecurity/locations/deviceGroups/alerts/pcaps",
+            "Microsoft.IoTSecurity/locations/deviceGroups/alerts/learn",
+            "Microsoft.IoTSecurity/locations/deviceGroups/recommendations",
+            "Microsoft.IoTSecurity/locations/sites",
+            "Microsoft.IoTSecurity/locations/sites/sensors",
+            "Microsoft.IoTSecurity/sites",
+            "Microsoft.IoTSecurity/sensors",
+            "Microsoft.IoTSecurity/onPremiseSensors",
+            "Microsoft.IoTSecurity/alertTypes",
+            "Microsoft.IoTSecurity/recommendationTypes",
+            "Microsoft.IoTSecurity/licenseSkus",
+            "Microsoft.Kubernetes/connectedClusters",
+            "Microsoft.Kubernetes/locations",
+            "Microsoft.Kubernetes/locations/operationStatuses",
+            "Microsoft.Kubernetes/registeredSubscriptions",
+            "Microsoft.Kubernetes/Operations",
+            "Microsoft.KubernetesConfiguration/sourceControlConfigurations",
+            "Microsoft.KubernetesConfiguration/extensions",
+            "Microsoft.KubernetesConfiguration/fluxConfigurations",
+            "Microsoft.KubernetesConfiguration/operations",
+            "Microsoft.KubernetesConfiguration/extensionTypes",
+            "Microsoft.KubernetesConfiguration/locations/extensionTypes",
+            "Microsoft.KubernetesConfiguration/locations/extensionTypes/versions",
+            "Microsoft.KubernetesConfiguration/privateLinkScopes",
+            "Microsoft.KubernetesConfiguration/privateLinkScopes/privateEndpointConnections",
+            "Microsoft.KubernetesConfiguration/privateLinkScopes/privateEndpointConnectionProxies",
+            "Microsoft.KubernetesRuntime/storageClasses",
+            "Microsoft.KubernetesRuntime/loadBalancers",
+            "Microsoft.KubernetesRuntime/bgpPeers",
+            "Microsoft.KubernetesRuntime/operations",
+            "Microsoft.KubernetesRuntime/locations",
+            "Microsoft.KubernetesRuntime/locations/operationStatuses",
+            "Microsoft.KubernetesRuntime/services",
+            "Microsoft.LabServices/labplans",
+            "Microsoft.LabServices/labs",
+            "Microsoft.LabServices/labaccounts",
+            "Microsoft.LabServices/locations/operationResults",
+            "Microsoft.LabServices/locations/operations",
+            "Microsoft.LabServices/operations",
+            "Microsoft.LabServices/users",
+            "Microsoft.LabServices/locations",
+            "Microsoft.LabServices/locations/usages",
+            "Microsoft.LoadTestService/operations",
+            "Microsoft.LoadTestService/checkNameAvailability",
+            "Microsoft.LoadTestService/loadtests",
+            "Microsoft.LoadTestService/Locations",
+            "Microsoft.LoadTestService/Locations/OperationStatuses",
+            "Microsoft.LoadTestService/registeredSubscriptions",
+            "Microsoft.LoadTestService/loadtests/outboundNetworkDependenciesEndpoints",
+            "Microsoft.LoadTestService/Locations/Quotas",
+            "Microsoft.Logz/operations",
+            "Microsoft.Logz/locations",
+            "Microsoft.Logz/registeredSubscriptions",
+            "Microsoft.Logz/locations/operationStatuses",
+            "Microsoft.Logz/monitors",
+            "Microsoft.Logz/monitors/tagRules",
+            "Microsoft.Logz/monitors/singleSignOnConfigurations",
+            "Microsoft.Logz/monitors/accounts",
+            "Microsoft.Logz/monitors/accounts/tagRules",
+            "Microsoft.MachineLearning/Workspaces",
+            "Microsoft.MachineLearning/webServices",
+            "Microsoft.MachineLearning/operations",
+            "Microsoft.MachineLearning/locations",
+            "Microsoft.MachineLearning/locations/operations",
+            "Microsoft.MachineLearning/locations/operationsStatus",
+            "Microsoft.MachineLearning/commitmentPlans",
+            "Microsoft.ManagedNetworkFabric/Operations",
+            "Microsoft.ManagedNetworkFabric/NetworkFabricControllers",
+            "Microsoft.ManagedNetworkFabric/Locations",
+            "Microsoft.ManagedNetworkFabric/Locations/OperationStatuses",
+            "Microsoft.ManagedNetworkFabric/NetworkFabrics",
+            "Microsoft.ManagedNetworkFabric/NetworkRacks",
+            "Microsoft.ManagedNetworkFabric/NetworkDevices",
+            "Microsoft.ManagedNetworkFabric/NetworkDevices/NetworkInterfaces",
+            "Microsoft.ManagedNetworkFabric/L2IsolationDomains",
+            "Microsoft.ManagedNetworkFabric/L3IsolationDomains",
+            "Microsoft.ManagedNetworkFabric/accesscontrollists",
+            "Microsoft.ManagedNetworkFabric/RoutePolicies",
+            "Microsoft.ManagedNetworkFabric/L3IsolationDomains/externalNetworks",
+            "Microsoft.ManagedNetworkFabric/L3IsolationDomains/internalNetworks",
+            "Microsoft.ManagedNetworkFabric/NetworkFabrics/NetworkToNetworkInterconnects",
+            "Microsoft.ManagedNetworkFabric/IpExtendedCommunities",
+            "Microsoft.ManagedNetworkFabric/IpCommunities",
+            "Microsoft.ManagedNetworkFabric/IpPrefixes",
+            "Microsoft.ManagedNetworkFabric/InternetGateways",
+            "Microsoft.ManagedNetworkFabric/internetgatewayrules",
+            "Microsoft.ManagedNetworkFabric/networkpacketbrokers",
+            "Microsoft.ManagedNetworkFabric/networktaps",
+            "Microsoft.ManagedNetworkFabric/networktaprules",
+            "Microsoft.ManagedNetworkFabric/neighborgroups",
+            "Microsoft.ManufacturingPlatform/locations",
+            "Microsoft.ManufacturingPlatform/operations",
+            "Microsoft.Marketplace/register",
+            "Microsoft.Marketplace/privategalleryitems",
+            "Microsoft.Marketplace/products",
+            "Microsoft.Marketplace/offers",
+            "Microsoft.Marketplace/macc",
+            "Microsoft.Marketplace/offerTypes",
+            "Microsoft.Marketplace/offerTypes/publishers",
+            "Microsoft.Marketplace/offerTypes/publishers/offers",
+            "Microsoft.Marketplace/offerTypes/publishers/offers/plans",
+            "Microsoft.Marketplace/offerTypes/publishers/offers/plans/configs",
+            "Microsoft.Marketplace/offerTypes/publishers/offers/plans/configs/importImage",
+            "Microsoft.Marketplace/offerTypes/publishers/offers/plans/agreements",
+            "Microsoft.Marketplace/operations",
+            "Microsoft.Marketplace/listAvailableOffers",
+            "Microsoft.Marketplace/publishers",
+            "Microsoft.Marketplace/publishers/offers",
+            "Microsoft.Marketplace/publishers/offers/amendments",
+            "Microsoft.Marketplace/privateStoreClient",
+            "Microsoft.Marketplace/privateStores",
+            "Microsoft.Marketplace/privateStores/offers",
+            "Microsoft.Marketplace/search",
+            "Microsoft.Marketplace/privateStores/requestApprovals/query",
+            "Microsoft.Marketplace/privateStores/requestApprovals/withdrawPlan",
+            "Microsoft.Marketplace/privateStores/RequestApprovals",
+            "Microsoft.Marketplace/privateStores/queryNotificationsState",
+            "Microsoft.Marketplace/privateStores/fetchAllSubscriptionsInTenant",
+            "Microsoft.Marketplace/privateStores/listNewPlansNotifications",
+            "Microsoft.Marketplace/privateStores/listStopSellOffersPlansNotifications",
+            "Microsoft.Marketplace/privateStores/listSubscriptionsContext",
+            "Microsoft.Marketplace/privateStores/offers/acknowledgeNotification",
+            "Microsoft.Marketplace/privateStores/AdminRequestApprovals",
+            "Microsoft.Marketplace/privateStores/collections",
+            "Microsoft.Marketplace/privateStores/collections/approveAllItems",
+            "Microsoft.Marketplace/privateStores/collections/disableApproveAllItems",
+            "Microsoft.Marketplace/privateStores/collections/offers",
+            "Microsoft.Marketplace/privateStores/collections/mapOffersToContexts",
+            "Microsoft.Marketplace/privateStores/collections/queryRules",
+            "Microsoft.Marketplace/privateStores/collections/setRules",
+            "Microsoft.Marketplace/privateStores/collections/offers/upsertOfferWithMultiContext",
+            "Microsoft.Marketplace/privateStores/bulkCollectionsAction",
+            "Microsoft.Marketplace/privateStores/collections/transferOffers",
+            "Microsoft.Marketplace/privateStores/anyExistingOffersInTheCollections",
+            "Microsoft.Marketplace/privateStores/queryOffers",
+            "Microsoft.Marketplace/privateStores/queryUserOffers",
+            "Microsoft.Marketplace/privateStores/queryUserRules",
+            "Microsoft.Marketplace/privateStores/collectionsToSubscriptionsMapping",
+            "Microsoft.Marketplace/privateStores/billingAccounts",
+            "Microsoft.Marketplace/privateStores/queryApprovedPlans",
+            "Microsoft.Marketplace/locations",
+            "Microsoft.Marketplace/locations/edgeZones",
+            "Microsoft.Marketplace/locations/edgeZones/products",
+            "Microsoft.Marketplace/mysolutions",
+            "Microsoft.Marketplace/products/reviews",
+            "Microsoft.Marketplace/products/reviews/comments",
+            "Microsoft.Marketplace/products/reviews/helpful",
+            "Microsoft.Marketplace/products/usermetadata",
+            "Microsoft.MarketplaceOrdering/agreements",
+            "Microsoft.MarketplaceOrdering/operations",
+            "Microsoft.MarketplaceOrdering/offertypes",
+            "Microsoft.Migrate/migrateprojects",
+            "Microsoft.Migrate/assessmentProjects",
+            "Microsoft.Migrate/moveCollections",
+            "Microsoft.Migrate/operations",
+            "Microsoft.Migrate/locations",
+            "Microsoft.Migrate/locations/rmsOperationResults",
+            "Microsoft.Migrate/modernizeProjects",
+            "Microsoft.Mission/Locations",
+            "Microsoft.Mission/Locations/OperationStatuses",
+            "Microsoft.Mission/Operations",
+            "Microsoft.Mission/virtualEnclaves/endpoints",
+            "Microsoft.Mission/checkNameAvailability",
+            "Microsoft.MobileNetwork/Locations",
+            "Microsoft.MobileNetwork/Locations/OperationStatuses",
+            "Microsoft.MobileNetwork/Operations",
+            "Microsoft.MobileNetwork/packetCoreControlPlaneVersions",
+            "Microsoft.MobilePacketCore/Locations",
+            "Microsoft.MobilePacketCore/Locations/OperationStatuses",
+            "Microsoft.MobilePacketCore/Operations",
+            "Microsoft.ModSimWorkbench/Locations/operationStatuses",
+            "Microsoft.ModSimWorkbench/Locations",
+            "Microsoft.ModSimWorkbench/Operations",
+            "Microsoft.Monitor/operations",
+            "Microsoft.Monitor/accounts",
+            "Microsoft.Monitor/locations/locationOperationStatuses",
+            "Microsoft.Monitor/locations/operationResults",
+            "Microsoft.Monitor/locations",
+            "Microsoft.Monitor/locations/operationStatuses",
+            "Microsoft.MySQLDiscovery/locations",
+            "Microsoft.MySQLDiscovery/locations/operationStatuses",
+            "Microsoft.MySQLDiscovery/MySQLSites",
+            "Microsoft.MySQLDiscovery/MySQLSites/MySQLServers",
+            "Microsoft.MySQLDiscovery/MySQLSites/Refresh",
+            "Microsoft.MySQLDiscovery/MySQLSites/Summaries",
+            "Microsoft.MySQLDiscovery/MySQLSites/ErrorSummaries",
+            "Microsoft.MySQLDiscovery/operations",
+            "Microsoft.NetApp/netAppAccounts",
+            "Microsoft.NetApp/netAppAccounts/snapshotPolicies",
+            "Microsoft.NetApp/netAppAccounts/volumeGroups",
+            "Microsoft.NetApp/netAppAccounts/capacityPools",
+            "Microsoft.NetApp/netAppAccounts/capacityPools/volumes",
+            "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/mountTargets",
+            "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/snapshots",
+            "Microsoft.NetApp/locations",
+            "Microsoft.NetApp/locations/checkNameAvailability",
+            "Microsoft.NetApp/locations/checkFilePathAvailability",
+            "Microsoft.NetApp/operations",
+            "Microsoft.NetApp/locations/checkQuotaAvailability",
+            "Microsoft.NetApp/locations/queryNetworkSiblingSet",
+            "Microsoft.NetApp/locations/updateNetworkSiblingSet",
+            "Microsoft.NetApp/locations/regionInfo",
+            "Microsoft.NetApp/locations/regionInfos",
+            "Microsoft.NetApp/locations/QuotaLimits",
+            "Microsoft.NetApp/locations/CheckInventory",
+            "Microsoft.NetApp/locations/operationResults",
+            "Microsoft.NetworkAnalytics/Locations",
+            "Microsoft.NetworkAnalytics/Locations/OperationStatuses",
+            "Microsoft.NetworkAnalytics/Operations",
+            "Microsoft.NetworkAnalytics/registeredSubscriptions",
+            "Microsoft.NetworkCloud/locations",
+            "Microsoft.NetworkCloud/locations/operationStatuses",
+            "Microsoft.NetworkCloud/clusterManagers",
+            "Microsoft.NetworkCloud/racks",
+            "Microsoft.NetworkCloud/clusters",
+            "Microsoft.NetworkCloud/bareMetalMachines",
+            "Microsoft.NetworkCloud/virtualMachines",
+            "Microsoft.NetworkCloud/operations",
+            "Microsoft.NetworkCloud/rackSkus",
+            "Microsoft.NetworkCloud/cloudServicesNetworks",
+            "Microsoft.NetworkCloud/l2Networks",
+            "Microsoft.NetworkCloud/storageAppliances",
+            "Microsoft.NetworkCloud/trunkedNetworks",
+            "Microsoft.NetworkCloud/l3Networks",
+            "Microsoft.NetworkCloud/clusters/metricsConfigurations",
+            "Microsoft.NetworkCloud/virtualMachines/consoles",
+            "Microsoft.NetworkCloud/clusters/bareMetalMachineKeySets",
+            "Microsoft.NetworkCloud/clusters/bmcKeySets",
+            "Microsoft.NetworkCloud/volumes",
+            "Microsoft.NetworkCloud/registeredSubscriptions",
+            "Microsoft.NetworkCloud/kubernetesClusters",
+            "Microsoft.NetworkCloud/kubernetesClusters/agentPools",
+            "Microsoft.NetworkFunction/azureTrafficCollectors",
+            "Microsoft.NetworkFunction/azureTrafficCollectors/collectorPolicies",
+            "Microsoft.NetworkFunction/meshVpns",
+            "Microsoft.NetworkFunction/meshVpns/connectionPolicies",
+            "Microsoft.NetworkFunction/meshVpns/privateEndpointConnections",
+            "Microsoft.NetworkFunction/meshVpns/privateEndpointConnectionProxies",
+            "Microsoft.NetworkFunction/operations",
+            "Microsoft.NetworkFunction/locations",
+            "Microsoft.NetworkFunction/locations/nfvOperations",
+            "Microsoft.NetworkFunction/locations/nfvOperationResults",
+            "Microsoft.Nutanix/operations",
+            "Microsoft.Nutanix/locations",
+            "Microsoft.ObjectStore/osNamespaces",
+            "Microsoft.OffAzure/VMwareSites",
+            "Microsoft.OffAzure/HyperVSites",
+            "Microsoft.OffAzure/ServerSites",
+            "Microsoft.OffAzure/ImportSites",
+            "Microsoft.OffAzure/MasterSites",
+            "Microsoft.OffAzure/locations",
+            "Microsoft.OffAzure/locations/operationResults",
+            "Microsoft.OffAzure/operations",
+            "Microsoft.OffAzureSpringBoot/locations",
+            "Microsoft.OffAzureSpringBoot/locations/operationStatuses",
+            "Microsoft.OffAzureSpringBoot/springbootsites",
+            "Microsoft.OffAzureSpringBoot/springbootsites/springbootservers",
+            "Microsoft.OffAzureSpringBoot/springbootsites/springbootapps",
+            "Microsoft.OffAzureSpringBoot/operations",
+            "Microsoft.OffAzureSpringBoot/springbootsites/summaries",
+            "Microsoft.OffAzureSpringBoot/springbootsites/errorsummaries",
+            "Microsoft.OpenEnergyPlatform/Locations",
+            "Microsoft.OpenEnergyPlatform/Locations/OperationStatuses",
+            "Microsoft.OpenEnergyPlatform/energyservices",
+            "Microsoft.OpenEnergyPlatform/checkNameAvailability",
+            "Microsoft.OpenEnergyPlatform/Operations",
+            "Microsoft.OpenEnergyPlatform/energyservices/privateEndpointConnections",
+            "Microsoft.OpenEnergyPlatform/energyservices/privateLinkResources",
+            "Microsoft.OpenEnergyPlatform/energyservices/privateEndpointConnectionProxies",
+            "Microsoft.OperatorVoicemail/Operations",
+            "Microsoft.OperatorVoicemail/Locations",
+            "Microsoft.OperatorVoicemail/Locations/OperationStatuses",
+            "Microsoft.OperatorVoicemail/Locations/checkNameAvailability",
+            "Microsoft.OracleDiscovery/locations",
+            "Microsoft.OracleDiscovery/locations/operationStatuses",
+            "Microsoft.OracleDiscovery/oraclesites",
+            "Microsoft.OracleDiscovery/oraclesites/oracleservers",
+            "Microsoft.OracleDiscovery/oraclesites/oracledatabases",
+            "Microsoft.OracleDiscovery/oraclesites/summaries",
+            "Microsoft.OracleDiscovery/oraclesites/errorSummaries",
+            "Microsoft.OracleDiscovery/operations",
+            "Microsoft.Orbital/availableGroundStations",
+            "Microsoft.Orbital/contactProfiles",
+            "Microsoft.Orbital/spacecrafts",
+            "Microsoft.Orbital/spacecrafts/contacts",
+            "Microsoft.Orbital/groundStations",
+            "Microsoft.Orbital/globalCommunicationsSites",
+            "Microsoft.Orbital/l2Connections",
+            "Microsoft.Orbital/edgeSites",
+            "Microsoft.Orbital/operations",
+            "Microsoft.Orbital/locations",
+            "Microsoft.Orbital/locations/operationResults",
+            "Microsoft.Orbital/locations/operationStatuses",
+            "Microsoft.PartnerManagedConsumerRecurrence/recurrences",
+            "Microsoft.PartnerManagedConsumerRecurrence/operations",
+            "Microsoft.PartnerManagedConsumerRecurrence/checkEligibility",
+            "Microsoft.PartnerManagedConsumerRecurrence/operationStatuses",
+            "Microsoft.Peering/peerings",
+            "Microsoft.Peering/peeringLocations",
+            "Microsoft.Peering/legacyPeerings",
+            "Microsoft.Peering/peerAsns",
+            "Microsoft.Peering/peeringServices",
+            "Microsoft.Peering/peeringServiceCountries",
+            "Microsoft.Peering/peeringServiceLocations",
+            "Microsoft.Peering/peeringServiceProviders",
+            "Microsoft.Peering/checkServiceProviderAvailability",
+            "Microsoft.Peering/lookingGlass",
+            "Microsoft.Peering/cdnPeeringPrefixes",
+            "Microsoft.Peering/operations",
+            "Microsoft.Pki/Operations",
+            "Microsoft.Portal/dashboards",
+            "Microsoft.Portal/tenantconfigurations",
+            "Microsoft.Portal/listTenantConfigurationViolations",
+            "Microsoft.Portal/operations",
+            "Microsoft.Portal/locations",
+            "Microsoft.Portal/consoles",
+            "Microsoft.Portal/locations/consoles",
+            "Microsoft.Portal/userSettings",
+            "Microsoft.Portal/locations/userSettings",
+            "Microsoft.PowerBI/workspaceCollections",
+            "Microsoft.PowerBI/locations",
+            "Microsoft.PowerBI/locations/checkNameAvailability",
+            "Microsoft.PowerBI/privateLinkServicesForPowerBI",
+            "Microsoft.PowerBI/privateLinkServicesForPowerBI/operationResults",
+            "Microsoft.PowerBI/operations",
+            "Microsoft.PowerPlatform/operations",
+            "Microsoft.PowerPlatform/enterprisePolicies",
+            "Microsoft.PowerPlatform/accounts",
+            "Microsoft.PowerPlatform/locations",
+            "Microsoft.PowerPlatform/locations/deleteVirtualNetworkOrSubnets",
+            "Microsoft.PowerPlatform/locations/validateDeleteVirtualNetworkOrSubnets",
+            "Microsoft.ProfessionalService/checkNameAvailability",
+            "Microsoft.ProfessionalService/eligibilityCheck",
+            "Microsoft.ProfessionalService/operationResults",
+            "Microsoft.ProfessionalService/operations",
+            "Microsoft.ProfessionalService/resources",
+            "Microsoft.ProgrammableConnectivity/operations",
+            "Microsoft.ProgrammableConnectivity/locations",
+            "Microsoft.ProgrammableConnectivity/locations/operationStatuses",
+            "Microsoft.ProgrammableConnectivity/gateways",
+            "Microsoft.ProgrammableConnectivity/openApiGateways",
+            "Microsoft.ProgrammableConnectivity/openApiGatewayOfferings",
+            "Microsoft.ProgrammableConnectivity/OperatorOfferings",
+            "Microsoft.ProgrammableConnectivity/OperatorConnections",
+            "Microsoft.ProgrammableConnectivity/operatorApiPlans",
+            "Microsoft.ProgrammableConnectivity/operatorApiConnections",
+            "Microsoft.ProviderHub/providerRegistrations",
+            "Microsoft.ProviderHub/operationStatuses",
+            "Microsoft.ProviderHub/providerRegistrations/resourceTypeRegistrations",
+            "Microsoft.ProviderHub/providerRegistrations/defaultRollouts",
+            "Microsoft.ProviderHub/providerRegistrations/customRollouts",
+            "Microsoft.ProviderHub/providerRegistrations/checkinmanifest",
+            "Microsoft.ProviderHub/providerRegistrations/resourceActions",
+            "Microsoft.ProviderHub/availableAccounts",
+            "Microsoft.ProviderHub/providerRegistrations/authorizedApplications",
+            "Microsoft.Purview/accounts",
+            "Microsoft.Purview/accounts/kafkaConfigurations",
+            "Microsoft.Purview/operations",
+            "Microsoft.Purview/setDefaultAccount",
+            "Microsoft.Purview/removeDefaultAccount",
+            "Microsoft.Purview/getDefaultAccount",
+            "Microsoft.Purview/checkNameAvailability",
+            "Microsoft.Purview/locations",
+            "Microsoft.Purview/locations/operationResults",
+            "Microsoft.Purview/locations/listFeatures",
+            "Microsoft.Purview/locations/usages",
+            "Microsoft.Purview/policies",
+            "Microsoft.Quantum/Workspaces",
+            "Microsoft.Quantum/Operations",
+            "Microsoft.Quantum/Locations",
+            "Microsoft.Quantum/Locations/OperationStatuses",
+            "Microsoft.Quantum/locations/offerings",
+            "Microsoft.Quantum/Locations/CheckNameAvailability",
+            "Microsoft.Quota/usages",
+            "Microsoft.Quota/quotas",
+            "Microsoft.Quota/quotaRequests",
+            "Microsoft.Quota/operationsStatus",
+            "Microsoft.Quota/operations",
+            "Microsoft.Quota/groupQuotas",
+            "Microsoft.Quota/groupQuotas/groupQuotaLimits",
+            "Microsoft.Quota/groupQuotas/subscriptions",
+            "Microsoft.Quota/groupQuotas/groupQuotaRequests",
+            "Microsoft.Quota/groupQuotas/quotaAllocations",
+            "Microsoft.Quota/groupQuotas/quotaAllocationRequests",
+            "Microsoft.Quota/groupQuotas/groupQuotaOperationsStatus",
+            "Microsoft.Quota/groupQuotas/subscriptionRequests",
+            "Microsoft.Quota/groupQuotas/quotaAllocationOperationsStatus",
+            "Microsoft.RecommendationsService/locations",
+            "Microsoft.RecommendationsService/locations/operationStatuses",
+            "Microsoft.RecommendationsService/accounts",
+            "Microsoft.RecommendationsService/accounts/modeling",
+            "Microsoft.RecommendationsService/accounts/serviceEndpoints",
+            "Microsoft.RecommendationsService/operations",
+            "Microsoft.RecommendationsService/checkNameAvailability",
+            "Microsoft.RedHatOpenShift/locations",
+            "Microsoft.RedHatOpenShift/locations/operationresults",
+            "Microsoft.RedHatOpenShift/locations/operationsstatus",
+            "Microsoft.RedHatOpenShift/OpenShiftClusters",
+            "Microsoft.RedHatOpenShift/operations",
+            "Microsoft.RedHatOpenShift/locations/openshiftversions",
+            "Microsoft.ResourceConnector/locations",
+            "Microsoft.ResourceConnector/appliances",
+            "Microsoft.ResourceConnector/locations/operationsstatus",
+            "Microsoft.ResourceConnector/locations/operationresults",
+            "Microsoft.ResourceConnector/operations",
+            "Microsoft.ResourceConnector/telemetryconfig",
+            "Microsoft.ResourceGraph/resources",
+            "Microsoft.ResourceGraph/resourcesHistory",
+            "Microsoft.ResourceGraph/resourceChanges",
+            "Microsoft.ResourceGraph/resourceChangeDetails",
+            "Microsoft.ResourceGraph/operations",
+            "Microsoft.ResourceGraph/subscriptionsStatus",
+            "Microsoft.ResourceGraph/queries",
+            "Microsoft.ResourceGraph/generateQuery",
+            "Microsoft.ResourceNotifications/eventGridFilters",
+            "Microsoft.ResourceNotifications/operations",
+            "Microsoft.Resources/deploymentScripts",
+            "Microsoft.Resources/deploymentScripts/logs",
+            "Microsoft.Resources/locations/deploymentScriptOperationResults",
+            "Microsoft.Resources/templateSpecs",
+            "Microsoft.Resources/templateSpecs/versions",
+            "Microsoft.Resources/builtInTemplateSpecs",
+            "Microsoft.Resources/builtInTemplateSpecs/versions",
+            "Microsoft.Resources/deploymentStacks",
+            "Microsoft.Resources/locations/deploymentStackOperationStatus",
+            "Microsoft.Resources/mobobrokers",
+            "Microsoft.Resources/tenants",
+            "Microsoft.Resources/locations",
+            "Microsoft.Resources/operationresults",
+            "Microsoft.Resources/notifyResourceJobs",
+            "Microsoft.Resources/tags",
+            "Microsoft.Resources/checkPolicyCompliance",
+            "Microsoft.Resources/providers",
+            "Microsoft.Resources/checkresourcename",
+            "Microsoft.Resources/calculateTemplateHash",
+            "Microsoft.Resources/resources",
+            "Microsoft.Resources/subscriptions",
+            "Microsoft.Resources/subscriptions/resources",
+            "Microsoft.Resources/subscriptions/providers",
+            "Microsoft.Resources/subscriptions/operationresults",
+            "Microsoft.Resources/resourceGroups",
+            "Microsoft.Resources/subscriptions/resourceGroups",
+            "Microsoft.Resources/subscriptions/resourcegroups/resources",
+            "Microsoft.Resources/subscriptions/locations",
+            "Microsoft.Resources/subscriptions/tagnames",
+            "Microsoft.Resources/subscriptions/tagNames/tagValues",
+            "Microsoft.Resources/deployments",
+            "Microsoft.Resources/deployments/operations",
+            "Microsoft.Resources/validateResources",
+            "Microsoft.Resources/links",
+            "Microsoft.Resources/operations",
+            "Microsoft.Resources/bulkDelete",
+            "Microsoft.Resources/changes",
+            "Microsoft.Resources/snapshots",
+            "Microsoft.Resources/dataBoundaries",
+            "Microsoft.Resources/deploymentStacks/snapshots",
+            "Microsoft.Resources/checkZonePeers",
+            "Microsoft.SaaS/applications",
+            "Microsoft.SaaS/checknameavailability",
+            "Microsoft.SaaS/saasresources",
+            "Microsoft.SaaS/operationResults",
+            "Microsoft.SaaS/operations",
+            "Microsoft.SaaS/resources",
+            "Microsoft.SaaSHub/operationStatuses",
+            "Microsoft.SaaSHub/cloudServices",
+            "Microsoft.SaaSHub/operations",
+            "Microsoft.SaaSHub/registeredSubscriptions",
+            "Microsoft.SaaSHub/checkNameAvailability",
+            "Microsoft.SaaSHub/canCreate",
+            "Microsoft.SaaSHub/locations",
+            "Microsoft.SaaSHub/locations/operationStatuses",
+            "Microsoft.Scom/locations/operationStatuses",
+            "Microsoft.Scom/operations",
+            "Microsoft.Scom/locations",
+            "Microsoft.Scom/managedInstances",
+            "Microsoft.Scom/managedInstances/monitoredResources",
+            "Microsoft.Scom/managedInstances/managedGateways",
+            "Microsoft.ScVmm/locations",
+            "Microsoft.ScVmm/Locations/OperationStatuses",
+            "Microsoft.ScVmm/operations",
+            "Microsoft.ScVmm/VMMServers",
+            "Microsoft.ScVmm/Clouds",
+            "Microsoft.ScVmm/VirtualNetworks",
+            "Microsoft.ScVmm/VirtualMachineTemplates",
+            "Microsoft.ScVmm/VirtualMachines",
+            "Microsoft.ScVmm/AvailabilitySets",
+            "Microsoft.ScVmm/VMMServers/InventoryItems",
+            "Microsoft.ScVmm/VirtualMachines/HybridIdentityMetadata",
+            "Microsoft.ScVmm/VirtualMachines/GuestAgents",
+            "Microsoft.ScVmm/VirtualMachines/Extensions",
+            "Microsoft.ScVmm/VirtualMachineInstances",
+            "Microsoft.SecurityDetonation/chambers",
+            "Microsoft.SecurityDetonation/operations",
+            "Microsoft.SecurityDetonation/operationResults",
+            "Microsoft.SecurityDetonation/checkNameAvailability",
+            "Microsoft.SecurityDevOps/Locations",
+            "Microsoft.SecurityDevOps/Locations/OperationStatuses",
+            "Microsoft.SecurityDevOps/gitHubConnectors",
+            "Microsoft.SecurityDevOps/azureDevOpsConnectors",
+            "Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs",
+            "Microsoft.SecurityDevOps/gitHubConnectors/owners",
+            "Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects",
+            "Microsoft.SecurityDevOps/gitHubConnectors/owners/repos",
+            "Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects/repos",
+            "Microsoft.SecurityDevOps/Operations",
+            "Microsoft.SecurityDevOps/gitHubConnectors/stats",
+            "Microsoft.SecurityDevOps/gitHubConnectors/repos",
+            "Microsoft.SecurityDevOps/azureDevOpsConnectors/stats",
+            "Microsoft.SecurityDevOps/azureDevOpsConnectors/repos",
+            "Microsoft.SecurityDevOps/gitLabConnectors",
+            "Microsoft.SecurityDevOps/gitHubConnectors/gitHubInstallations",
+            "Microsoft.SecurityDevOps/gitHubConnectors/gitHubInstallations/gitHubRepositories",
+            "Microsoft.SecurityDevOps/gitLabConnectors/groups",
+            "Microsoft.SecurityDevOps/gitLabConnectors/projects",
+            "Microsoft.SecurityDevOps/gitLabConnectors/stats",
+            "Microsoft.SecurityDevOps/gitLabConnectors/groups/projects",
+            "Microsoft.SerialConsole/consoleServices",
+            "Microsoft.SerialConsole/serialPorts",
+            "Microsoft.SerialConsole/locations",
+            "Microsoft.SerialConsole/locations/consoleServices",
+            "Microsoft.SerialConsole/operations",
+            "Microsoft.ServiceNetworking/trafficControllers",
+            "Microsoft.ServiceNetworking/trafficControllers/frontends",
+            "Microsoft.ServiceNetworking/trafficControllers/associations",
+            "Microsoft.ServiceNetworking/operations",
+            "Microsoft.ServiceNetworking/locations",
+            "Microsoft.ServiceNetworking/locations/operations",
+            "Microsoft.ServiceNetworking/locations/operationResults",
+            "Microsoft.ServicesHub/connectors",
+            "Microsoft.ServicesHub/workspaces",
+            "Microsoft.ServicesHub/supportOfferingEntitlement",
+            "Microsoft.ServicesHub/operations",
+            "Microsoft.ServicesHub/getRecommendationsContent",
+            "Microsoft.ServicesHub/connectors/connectorSpaces",
+            "Microsoft.SignalRService/SignalR",
+            "Microsoft.SignalRService/WebPubSub",
+            "Microsoft.SignalRService/SignalR/replicas",
+            "Microsoft.SignalRService/WebPubSub/replicas",
+            "Microsoft.SignalRService/locations",
+            "Microsoft.SignalRService/locations/operationResults",
+            "Microsoft.SignalRService/locations/operationStatuses",
+            "Microsoft.SignalRService/operations",
+            "Microsoft.SignalRService/locations/checkNameAvailability",
+            "Microsoft.SignalRService/locations/usages",
+            "Microsoft.SignalRService/SignalR/eventGridFilters",
+            "Microsoft.Singularity/accounts",
+            "Microsoft.Singularity/accounts/storageContainers",
+            "Microsoft.Singularity/accounts/networks",
+            "Microsoft.Singularity/accounts/secrets",
+            "Microsoft.Singularity/accounts/accountQuotaPolicies",
+            "Microsoft.Singularity/accounts/groupPolicies",
+            "Microsoft.Singularity/accounts/jobs",
+            "Microsoft.Singularity/accounts/models",
+            "Microsoft.Singularity/locations",
+            "Microsoft.Singularity/locations/instanceTypeSeries",
+            "Microsoft.Singularity/locations/instanceTypeSeries/instanceTypes",
+            "Microsoft.Singularity/locations/operationResults",
+            "Microsoft.Singularity/locations/operationStatus",
+            "Microsoft.Singularity/operations",
+            "Microsoft.Singularity/images",
+            "Microsoft.Singularity/quotas",
+            "Microsoft.SoftwarePlan/hybridUseBenefits",
+            "Microsoft.SoftwarePlan/operations",
+            "Microsoft.Solutions/applications",
+            "Microsoft.Solutions/applicationDefinitions",
+            "Microsoft.Solutions/locations",
+            "Microsoft.Solutions/jitRequests",
+            "Microsoft.Solutions/locations/operationstatuses",
+            "Microsoft.Solutions/Operations",
+            "Microsoft.Sovereign/Locations",
+            "Microsoft.Sovereign/Locations/OperationStatuses",
+            "Microsoft.Sovereign/landingZoneConfigurations",
+            "Microsoft.Sovereign/landingZoneRegistrations",
+            "Microsoft.Sovereign/Operations",
+            "Microsoft.Sovereign/checkNameAvailability",
+            "Microsoft.SqlVirtualMachine/SqlVirtualMachineGroups",
+            "Microsoft.SqlVirtualMachine/SqlVirtualMachines",
+            "Microsoft.SqlVirtualMachine/SqlVirtualMachineGroups/AvailabilityGroupListeners",
+            "Microsoft.SqlVirtualMachine/operations",
+            "Microsoft.SqlVirtualMachine/Locations",
+            "Microsoft.SqlVirtualMachine/Locations/OperationTypes",
+            "Microsoft.SqlVirtualMachine/Locations/sqlVirtualMachineOperationResults",
+            "Microsoft.SqlVirtualMachine/Locations/sqlVirtualMachineGroupOperationResults",
+            "Microsoft.SqlVirtualMachine/Locations/availabilityGroupListenerOperationResults",
+            "Microsoft.SqlVirtualMachine/Locations/registerSqlVmCandidate",
+            "Microsoft.StandbyPool/Locations",
+            "Microsoft.StandbyPool/Locations/OperationStatuses",
+            "Microsoft.StandbyPool/Operations",
+            "Microsoft.StorageActions/storageTasks",
+            "Microsoft.StorageActions/operations",
+            "Microsoft.StorageActions/locations/asyncoperations",
+            "Microsoft.StorageActions/locations/previewActions",
+            "Microsoft.StorageActions/locations",
+            "Microsoft.StorageCache/caches",
+            "Microsoft.StorageCache/caches/storageTargets",
+            "Microsoft.StorageCache/amlFilesystems",
+            "Microsoft.StorageCache/operations",
+            "Microsoft.StorageCache/usageModels",
+            "Microsoft.StorageCache/checkAmlFSSubnets",
+            "Microsoft.StorageCache/getRequiredAmlFSSubnetsSize",
+            "Microsoft.StorageCache/locations",
+            "Microsoft.StorageCache/locations/ascoperations",
+            "Microsoft.StorageCache/locations/usages",
+            "Microsoft.StorageMover/storageMovers",
+            "Microsoft.StorageMover/storageMovers/projects",
+            "Microsoft.StorageMover/storageMovers/agents",
+            "Microsoft.StorageMover/storageMovers/endpoints",
+            "Microsoft.StorageMover/storageMovers/projects/jobDefinitions",
+            "Microsoft.StorageMover/operations",
+            "Microsoft.StorageMover/storageMovers/projects/jobDefinitions/jobRuns",
+            "Microsoft.StorageMover/locations",
+            "Microsoft.StorageMover/locations/operationStatuses",
+            "Microsoft.StorageSync/storageSyncServices",
+            "Microsoft.StorageSync/storageSyncServices/syncGroups",
+            "Microsoft.StorageSync/storageSyncServices/syncGroups/cloudEndpoints",
+            "Microsoft.StorageSync/storageSyncServices/syncGroups/serverEndpoints",
+            "Microsoft.StorageSync/storageSyncServices/registeredServers",
+            "Microsoft.StorageSync/storageSyncServices/workflows",
+            "Microsoft.StorageSync/operations",
+            "Microsoft.StorageSync/locations",
+            "Microsoft.StorageSync/locations/checkNameAvailability",
+            "Microsoft.StorageSync/locations/workflows",
+            "Microsoft.StorageSync/locations/operations",
+            "Microsoft.StorageSync/locations/operationResults",
+            "Microsoft.StorageTasks/locations",
+            "Microsoft.Subscription/SubscriptionDefinitions",
+            "Microsoft.Subscription/SubscriptionOperations",
+            "Microsoft.Subscription/CreateSubscription",
+            "Microsoft.Subscription/operations",
+            "Microsoft.Subscription/cancel",
+            "Microsoft.Subscription/validateCancel",
+            "Microsoft.Subscription/rename",
+            "Microsoft.Subscription/enable",
+            "Microsoft.Subscription/subscriptions",
+            "Microsoft.Subscription/aliases",
+            "Microsoft.Subscription/operationResults",
+            "Microsoft.Subscription/acceptChangeTenant",
+            "Microsoft.Subscription/changeTenantStatus",
+            "Microsoft.Subscription/changeTenantRequest",
+            "Microsoft.Subscription/policies",
+            "Microsoft.Subscription/acceptOwnership",
+            "Microsoft.Subscription/acceptOwnershipStatus",
+            // Not supported in Mooncake
+            /*
+            "microsoft.support/operations",
+            "microsoft.support/checkNameAvailability",
+            "microsoft.support/classifyServices",
+            "microsoft.support/services",
+            "microsoft.support/services/problemclassifications",
+            "microsoft.support/supporttickets",
+            "microsoft.support/supporttickets/communications",
+            "microsoft.support/operationresults",
+            "microsoft.support/operationsstatus",
+            "microsoft.support/lookUpResourceId",
+            "microsoft.support/fileWorkspaces",
+            "microsoft.support/fileWorkspaces/files",
+            */
+            "Microsoft.Synapse/workspaces",
+            "Microsoft.Synapse/workspaces/bigDataPools",
+            "Microsoft.Synapse/workspaces/sqlPools",
+            "Microsoft.Synapse/workspaces/sqlDatabases",
+            "Microsoft.Synapse/locations/sqlDatabaseAzureAsyncOperation",
+            "Microsoft.Synapse/locations/sqlDatabaseOperationResults",
+            "Microsoft.Synapse/workspaces/kustoPools",
+            "Microsoft.Synapse/locations/kustoPoolOperationResults",
+            "Microsoft.Synapse/locations/kustoPoolCheckNameAvailability",
+            "Microsoft.Synapse/workspaces/kustoPools/databases",
+            "Microsoft.Synapse/workspaces/kustoPools/attacheddatabaseconfigurations",
+            "Microsoft.Synapse/workspaces/kustoPools/databases/dataconnections",
+            "Microsoft.Synapse/locations/sqlPoolAzureAsyncOperation",
+            "Microsoft.Synapse/locations/sqlPoolOperationResults",
+            "Microsoft.Synapse/workspaces/operationStatuses",
+            "Microsoft.Synapse/workspaces/operationResults",
+            "Microsoft.Synapse/checkNameAvailability",
+            "Microsoft.Synapse/operations",
+            "Microsoft.Synapse/kustoOperations",
+            "Microsoft.Synapse/privateLinkHubs",
+            "Microsoft.Synapse/locations",
+            "Microsoft.Synapse/locations/operationResults",
+            "Microsoft.Synapse/locations/operationStatuses",
+            "Microsoft.Synapse/locations/usages",
+            "Microsoft.Synapse/workspaces/usages",
+            "Microsoft.Syntex/documentProcessors",
+            "Microsoft.Syntex/operations",
+            "Microsoft.Syntex/accounts",
+            "Microsoft.Syntex/Locations",
+            "Microsoft.Syntex/Locations/OperationStatuses",
+            "Microsoft.TestBase/locations",
+            "Microsoft.TestBase/locations/operationstatuses",
+            "Microsoft.TestBase/skus",
+            "Microsoft.TestBase/operations",
+            "Microsoft.TestBase/testBaseAccounts",
+            "Microsoft.TestBase/testBaseAccounts/usages",
+            "Microsoft.TestBase/testBaseAccounts/availableOSs",
+            "Microsoft.TestBase/testBaseAccounts/testTypes",
+            "Microsoft.TestBase/testBaseAccounts/flightingRings",
+            "Microsoft.TestBase/testBaseAccounts/packages",
+            "Microsoft.TestBase/testBaseAccounts/packages/osUpdates",
+            "Microsoft.TestBase/testBaseAccounts/testSummaries",
+            "Microsoft.TestBase/testBaseAccounts/packages/favoriteProcesses",
+            "Microsoft.TestBase/testBaseAccounts/packages/testResults",
+            "Microsoft.TestBase/testBaseAccounts/packages/testResults/analysisResults",
+            "Microsoft.TestBase/testBaseAccounts/emailEvents",
+            "Microsoft.TestBase/testBaseAccounts/customerEvents",
+            "Microsoft.TestBase/testBaseAccounts/featureUpdateSupportedOses",
+            "Microsoft.TestBase/testBaseAccounts/availableInplaceUpgradeOSs",
+            "Microsoft.TestBase/testBaseAccounts/firstPartyApps",
+            "Microsoft.TestBase/testBaseAccounts/draftPackages",
+            "Microsoft.TestBase/testBaseAccounts/actionRequests",
+            "Microsoft.TestBase/testBaseAccounts/testConfigurations",
+            "Microsoft.TestBase/testBaseAccounts/availableVMConfigurationTypes",
+            "Microsoft.TestBase/testBaseAccounts/customImages",
+            "Microsoft.TestBase/testBaseAccounts/vhds",
+            "Microsoft.TestBase/testBaseAccounts/imageDefinitions",
+            "Microsoft.TestBase/testBaseAccounts/galleryApps",
+            "Microsoft.TestBase/testBaseAccounts/galleryApps/galleryAppSkus",
+            "Microsoft.TestBase/testBaseAccounts/chatSessions",
+            "Microsoft.TestBase/testBaseAccounts/freeHourBalances",
+            "Microsoft.TestBase/testBaseAccounts/credentials",
+            "Microsoft.TestBase/testBaseAccounts/testConfigurations/testResults",
+            "Microsoft.UsageBilling/operations",
+            "Microsoft.VideoIndexer/operations",
+            "Microsoft.VideoIndexer/locations",
+            "Microsoft.VideoIndexer/locations/operationstatuses",
+            "Microsoft.VideoIndexer/accounts",
+            "Microsoft.VideoIndexer/checknameavailability",
+            "Microsoft.VideoIndexer/locations/userclassicaccounts",
+            "Microsoft.VideoIndexer/locations/classicaccounts",
+            "Microsoft.VirtualMachineImages/imageTemplates",
+            "Microsoft.VirtualMachineImages/imageTemplates/runOutputs",
+            "Microsoft.VirtualMachineImages/imageTemplates/triggers",
+            "Microsoft.VirtualMachineImages/locations",
+            "Microsoft.VirtualMachineImages/locations/operations",
+            "Microsoft.VirtualMachineImages/operations",
+            "microsoft.visualstudio/account",
+            "microsoft.visualstudio/operations",
+            "microsoft.visualstudio/account/extension",
+            "microsoft.visualstudio/checkNameAvailability",
+            "Microsoft.VMware/Locations",
+            "Microsoft.VMware/Locations/OperationStatuses",
+            "Microsoft.VMware/Operations",
+            "Microsoft.VMware/VCenters/InventoryItems",
+            "Microsoft.VoiceServices/Operations",
+            "Microsoft.VoiceServices/locations",
+            "Microsoft.VoiceServices/locations/checkNameAvailability",
+            "Microsoft.VoiceServices/registeredSubscriptions",
+            "Microsoft.VSOnline/accounts",
+            "Microsoft.VSOnline/plans",
+            "Microsoft.VSOnline/operations",
+            "Microsoft.VSOnline/registeredSubscriptions",
+            "Microsoft.WindowsIoT/DeviceServices",
+            "Microsoft.WindowsIoT/operations",
+            "Microsoft.WindowsPushNotificationServices/checkNameAvailability",
+            "Microsoft.WorkloadBuilder/Locations",
+            "Microsoft.WorkloadBuilder/Locations/OperationStatuses",
+            "Microsoft.WorkloadBuilder/Operations",
+            "Microsoft.Workloads/Locations",
+            "Microsoft.Workloads/Locations/OperationStatuses",
+            "Microsoft.Workloads/sapVirtualInstances",
+            "Microsoft.Workloads/sapVirtualInstances/applicationInstances",
+            "Microsoft.Workloads/sapVirtualInstances/centralInstances",
+            "Microsoft.Workloads/sapVirtualInstances/databaseInstances",
+            "Microsoft.Workloads/Operations",
+            "Microsoft.Workloads/monitors",
+            "Microsoft.Workloads/monitors/providerInstances",
+            "Microsoft.Workloads/Locations/sapVirtualInstanceMetadata",
+            "Microsoft.Workloads/connectors",
+            "Microsoft.Workloads/connectors/acssBackups",
+            "Microsoft.Workloads/monitors/sapLandscapeMonitor",
+            "NewRelic.Observability/operations",
+            "NewRelic.Observability/registeredSubscriptions",
+            "NewRelic.Observability/locations",
+            "NewRelic.Observability/locations/operationStatuses",
+            "NewRelic.Observability/monitors",
+            "NewRelic.Observability/monitors/tagRules",
+            "NewRelic.Observability/checkNameAvailability",
+            "NewRelic.Observability/accounts",
+            "NewRelic.Observability/plans",
+            "NewRelic.Observability/organizations",
+            "NewRelic.Observability/monitors/monitoredSubscriptions",
+            "NGINX.NGINXPLUS/operations",
+            "NGINX.NGINXPLUS/locations",
+            "NGINX.NGINXPLUS/locations/operationStatuses",
+            "NGINX.NGINXPLUS/nginxDeployments/configurations",
+            "NGINX.NGINXPLUS/nginxDeployments",
+            "NGINX.NGINXPLUS/nginxDeployments/certificates",
+            "Oracle.Database/Locations",
+            "Oracle.Database/Locations/OperationStatuses",
+            "Oracle.Database/Operations",
+            "PaloAltoNetworks.Cloudngfw/operations",
+            "PaloAltoNetworks.Cloudngfw/locations",
+            "PaloAltoNetworks.Cloudngfw/registeredSubscriptions",
+            "PaloAltoNetworks.Cloudngfw/checkNameAvailability",
+            "PaloAltoNetworks.Cloudngfw/Locations/operationStatuses",
+            "PaloAltoNetworks.Cloudngfw/firewalls",
+            "PaloAltoNetworks.Cloudngfw/localRulestacks",
+            "PaloAltoNetworks.Cloudngfw/globalRulestacks",
+            "PaloAltoNetworks.Cloudngfw/localRulestacks/localRules",
+            "PaloAltoNetworks.Cloudngfw/localRulestacks/fqdnlists",
+            "PaloAltoNetworks.Cloudngfw/globalRulestacks/fqdnlists",
+            "PaloAltoNetworks.Cloudngfw/globalRulestacks/preRules",
+            "PaloAltoNetworks.Cloudngfw/globalRulestacks/postRules",
+            "PaloAltoNetworks.Cloudngfw/globalRulestacks/prefixlists",
+            "PaloAltoNetworks.Cloudngfw/localRulestacks/prefixlists",
+            "PaloAltoNetworks.Cloudngfw/globalRulestacks/certificates",
+            "PaloAltoNetworks.Cloudngfw/localRulestacks/certificates",
+            "PaloAltoNetworks.Cloudngfw/firewalls/statuses",
+            "PureStorage.Block/operations",
+            "PureStorage.Block/locations",
+            "PureStorage.Block/checkNameAvailability",
+            "PureStorage.Block/locations/operationStatuses",
+            "Qumulo.Storage/registeredSubscriptions",
+            "Qumulo.Storage/locations",
+            "Qumulo.Storage/locations/operationStatuses",
+            "Qumulo.Storage/checkNameAvailability",
+            "Qumulo.Storage/operations",
+            "Qumulo.Storage/fileSystems",
+            "SolarWinds.Observability/operations",
+            "SolarWinds.Observability/registeredSubscriptions",
+            "SolarWinds.Observability/locations",
+            "SolarWinds.Observability/locations/operationStatuses",
+            "SolarWinds.Observability/checkNameAvailability",
+            "SplitIO.Experimentation/operations",
+            "SplitIO.Experimentation/locations",
+            "SplitIO.Experimentation/locations/operationStatuses",
+            "SplitIO.Experimentation/checkNameAvailability",
+            "Wandisco.Fusion/Locations",
+            "Wandisco.Fusion/Locations/operationStatuses",
+            "Wandisco.Fusion/registeredSubscriptions",
+            "Wandisco.Fusion/Operations",
+            "Wandisco.Fusion/migrators",
+            "Wandisco.Fusion/migrators/targets",
+            "Wandisco.Fusion/migrators/liveDataMigrations",
+            "Wandisco.Fusion/migrators/exclusionTemplates",
+            "Wandisco.Fusion/migrators/metadataMigrations",
+            "Wandisco.Fusion/migrators/metadataTargets",
+            "Wandisco.Fusion/migrators/pathMappings",
+            "Wandisco.Fusion/migrators/dataTransferAgents",
+            "Wandisco.Fusion/migrators/verifications"
+        ]
+
+    },
+    "resources": [
+        {
+            "condition": "[not(contains(variables('knownPolicyInitativeDefinitionIdsThatRequireParamaeters'), parameters('policySetDefinitionId')))]",
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[parameters('policyAssignmentName')]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[parameters('policySetDefinitionDescription')]",
+                "displayName": "[parameters('policySetDefinitionDisplayName')]",
+                "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+                "enforcementMode": "[parameters('enforcementMode')]"
+            }
+        },
+        {
+            // [Preview]: Australian Government ISM PROTECTED
+            "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077')]",
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[parameters('policyAssignmentName')]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[parameters('policySetDefinitionDescription')]",
+                "displayName": "[parameters('policySetDefinitionDisplayName')]",
+                "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "parameters": {
+                    "membersToExclude": {
+                        "value": "[parameters('regCompPolParAusGovIsmRestrictedVmAdminsExclude')]"
+                    },
+                    "logAnalyticsWorkspaceId": {
+                        "value": "[parameters('logAnalyticsWorkspaceId')]"
+                    },
+                    "listOfResourceTypes": {
+                        "value": "[if(equals(parameters('regCompPolParAusGovIsmRestrictedResourceTypes'), 'all'), variables('allResourceTypes'), createArray())]"
+                    }
+                }
+            }
+        },
+        {
+            // [Preview]: Motion Picture Association of America (MPAA)
+            "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/92646f03-e39d-47a9-9e24-58d60ef49af8')]",
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[parameters('policyAssignmentName')]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[parameters('policySetDefinitionDescription')]",
+                "displayName": "[parameters('policySetDefinitionDisplayName')]",
+                "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "parameters": {
+                    "certificateThumbprints": {
+                        "value": "[parameters('regCompPolParMPAACertificateThumb')]"
+                    },
+                    "applicationName": {
+                        "value": "[parameters('regCompPolParMPAAApplicationName')]"
+                    },
+                    "storagePrefix": {
+                        "value": "[parameters('regCompPolParMPAAStoragePrefix')]"
+                    },
+                    "rgName": {
+                        "value": "[parameters('regCompPolParMPAAResGroupPrefix')]"
+                    },
+                    "metricName": {
+                        "value": "[parameters('regCompPolParMPAARBatchMetricName')]"
+                    }
+                }
+            }
+        },
+        {
+            // [Preview]: Sovereignty Baseline - Confidential Policies
+            "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/03de05a4-c324-4ccd-882f-a814ea8ab9ea')]",
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[parameters('policyAssignmentName')]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[parameters('policySetDefinitionDescription')]",
+                "displayName": "[parameters('policySetDefinitionDisplayName')]",
+                "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "parameters": {
+                    "listOfAllowedLocations": {
+                        "value": "[parameters('regCompPolParSovBaseConfRegions')]"
+                    }
+                }
+            }
+        },
+        {
+            // [Preview]: Sovereignty Baseline - Global Policies
+            "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/c1cbff38-87c0-4b9f-9f70-035c7a3b5523')]",
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[parameters('policyAssignmentName')]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[parameters('policySetDefinitionDescription')]",
+                "displayName": "[parameters('policySetDefinitionDisplayName')]",
+                "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "parameters": {
+                    "listOfAllowedLocations": {
+                        "value": "[parameters('regCompPolParSovBaseGlobalRegions')]"
+                    }
+                }
+            }
+        },
+        {
+            // [Preview]: SWIFT CSP-CSCF v2020
+            "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22')]",
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[parameters('policyAssignmentName')]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[parameters('policySetDefinitionDescription')]",
+                "displayName": "[parameters('policySetDefinitionDisplayName')]",
+                "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "parameters": {
+                    "workspaceIDsLogAnalyticsAgentShouldConnectTo": {
+                        "value": "[parameters('logAnalyticsWorkspaceId')]"
+                    },
+                    "listOfMembersToIncludeInWindowsVMAdministratorsGroup": {
+                        "value": "[parameters('regCompPolParSwift2020VmAdminsInclude')]"
+                    },
+                    "domainNameFQDN": {
+                        "value": "[parameters('regCompPolParSwift2020DomainFqdn')]"
+                    }
+                }
+            }
+        },
+        {
+            // Canada Federal PBMM
+            "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87')]",
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[parameters('policyAssignmentName')]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[parameters('policySetDefinitionDescription')]",
+                "displayName": "[parameters('policySetDefinitionDisplayName')]",
+                "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "parameters": {
+                    "logAnalyticsWorkspaceIdforVMReporting": {
+                        "value": "[parameters('logAnalyticsWorkspaceId')]"
+                    },
+                    "listOfMembersToExcludeFromWindowsVMAdministratorsGroup": {
+                        "value": "[parameters('regCompPolParCanadaFedPbmmVmAdminsExclude')]"
+                    },
+                    "listOfMembersToIncludeInWindowsVMAdministratorsGroup": {
+                        "value": "[parameters('regCompPolParCanadaFedPbmmVmAdminsInclude')]"
+                    }
+                }
+            }
+        },
+        {
+            // CIS Microsoft Azure Foundations Benchmark v2.0.0
+            "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/06f19060-9e68-4070-92ca-f15cc126059e')]",
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[parameters('policyAssignmentName')]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[parameters('policySetDefinitionDescription')]",
+                "displayName": "[parameters('policySetDefinitionDisplayName')]",
+                "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "parameters": {
+                    "maximumDaysToRotate-d8cf8476-a2ec-4916-896e-992351803c44": {
+                        "value": "[parameters('regCompPolParCisV2KeyVaultKeysRotateDays')]"
+                    }
+                }
+            }
+        },
+        {
+            // CMMC Level 3
+            "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/b5629c75-5c77-4422-87b9-2509e680f8de')]",
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[parameters('policyAssignmentName')]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[parameters('policySetDefinitionDescription')]",
+                "displayName": "[parameters('policySetDefinitionDisplayName')]",
+                "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "parameters": {
+                    "logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917": {
+                        "value": "[parameters('logAnalyticsWorkspaceId')]"
+                    },
+                    "MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7": {
+                        "value": "[parameters('regCompPolParCmmcL3VmAdminsInclude')]"
+                    },
+                    "MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f": {
+                        "value": "[parameters('regCompPolParCmmcL3VmAdminsExclude')]"
+                    }
+                }
+            }
+        },
+        {
+            // HITRUST/HIPAA
+            "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab')]",
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[parameters('policyAssignmentName')]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[parameters('policySetDefinitionDescription')]",
+                "displayName": "[parameters('policySetDefinitionDisplayName')]",
+                "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "parameters": {
+                    "CertificateThumbprints": {
+                        "value": "[parameters('regCompPolParHitrustHipaaCertificateThumb')]"
+                    },
+                    "installedApplicationsOnWindowsVM": {
+                        "value": "[parameters('regCompPolParHitrustHipaaApplicationName')]"
+                    },
+                    "DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix": {
+                        "value": "[parameters('regCompPolParHitrustHipaaStoragePrefix')]"
+                    },
+                    "DeployDiagnosticSettingsforNetworkSecurityGroupsrgName": {
+                        "value": "[parameters('regCompPolParHitrustHipaaResGroupPrefix')]"
+                    }
+                }
+            }
+        },
+        {
+            // IRS1075 September 2016
+            "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d')]",
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[parameters('policyAssignmentName')]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[parameters('policySetDefinitionDescription')]",
+                "displayName": "[parameters('policySetDefinitionDisplayName')]",
+                "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "parameters": {
+                    "logAnalyticsWorkspaceIdforVMReporting": {
+                        "value": "[parameters('logAnalyticsWorkspaceId')]"
+                    },
+                    "listOfMembersToExcludeFromWindowsVMAdministratorsGroup": {
+                        "value": "[parameters('regCompPolParIrs1075Sep2016VmAdminsExclude')]"
+                    },
+                    "listOfMembersToIncludeInWindowsVMAdministratorsGroup": {
+                        "value": "[parameters('regCompPolParIrs1075Sep2016VmAdminsInclude')]"
+                    }
+                }
+            }
+        },
+        {
+            // New Zealand ISM Restricted
+            "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a')]",
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[parameters('policyAssignmentName')]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[parameters('policySetDefinitionDescription')]",
+                "displayName": "[parameters('policySetDefinitionDisplayName')]",
+                "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "parameters": {
+                    "MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7": {
+                        "value": "[parameters('regCompPolParNZIsmRestrictedVmAdminsInclude')]"
+                    },
+                    "MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f": {
+                        "value": "[parameters('regCompPolParNZIsmRestrictedVmAdminsExclude')]"
+                    }
+                }
+            }
+        },
+        {
+            // NIST SP 800-171 Rev. 2
+            "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/03055927-78bd-4236-86c0-f36125a10dc9')]",
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[parameters('policyAssignmentName')]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[parameters('policySetDefinitionDescription')]",
+                "displayName": "[parameters('policySetDefinitionDisplayName')]",
+                "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "parameters": {
+                    "logAnalyticsWorkspaceIDForVMAgents": {
+                        "value": "[parameters('logAnalyticsWorkspaceId')]"
+                    },
+                    "membersToExcludeInLocalAdministratorsGroup": {
+                        "value": "[parameters('regCompPolParNistSp800171R2VmAdminsExclude')]"
+                    },
+                    "membersToIncludeInLocalAdministratorsGroup": {
+                        "value": "[parameters('regCompPolParNistSp800171R2VmAdminsInclude')]"
+                    }
+                }
+            }
+        },
+        {
+            // SOC 2 Type 2
+            "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/4054785f-702b-4a98-9215-009cbd58b141')]",
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[parameters('policyAssignmentName')]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[parameters('policySetDefinitionDescription')]",
+                "displayName": "[parameters('policySetDefinitionDisplayName')]",
+                "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "parameters": {
+                    "allowedContainerImagesRegex-febd0533-8e55-448f-b837-bd0e06f16469": {
+                        "value": "[parameters('regCompPolParSoc2Type2AllowedRegistries')]"
+                    },
+                    "cpuLimit-e345eecc-fa47-480f-9e88-67dcc122b164": {
+                        "value": "[parameters('regCompPolParSoc2Type2MaxCpuUnits')]"
+                    },
+                    "memoryLimit-e345eecc-fa47-480f-9e88-67dcc122b164": {
+                        "value": "[parameters('regCompPolParSoc2Type2MaxMemoryBytes')]"
+                    }
+                }
+            }
+        },
+        {
+            "type": "Microsoft.Authorization/roleAssignments",
+            "apiVersion": "2019-04-01-preview",
+            "name": "[variables('roleAssignmentNames').deployRoles]",
+            "dependsOn": [
+                "[parameters('policyAssignmentName')]"
+            ],
+            "properties": {
+                "principalType": "ServicePrincipal",
+                "roleDefinitionId": "[concat('/providers/Microsoft.Authorization/roleDefinitions/', variables('rbacContributor'))]",
+                "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', parameters('policyAssignmentName')), '2019-09-01', 'Full' ).identity.principalId)]"
+            }
+        }
+    ],
+    "outputs": {}
+}
\ No newline at end of file
diff --git a/src/templates/policies.bicep b/src/templates/policies.bicep
index 0ec8d09707..c6fe55442f 100644
--- a/src/templates/policies.bicep
+++ b/src/templates/policies.bicep
@@ -146,7 +146,6 @@ var loadPolicyDefinitions = {
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS.json')
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement.json')
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-VNET-HubSpoke.json') // Only difference is hard-coded template deployment location (handled by this template)
-    loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json') 
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Windows-DomainJoin.json')
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW.json')
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Audit-PrivateLinkDnsZones.json')
@@ -201,6 +200,7 @@ var loadPolicyDefinitions = {
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-PublicNetworkAccess.json') // Needs validating in AzureChinaCloud and AzureUSGovernment
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Budget.json') // Needs validating in AzureChinaCloud (already used in AzureUSGovernment)
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans.json') // No obvious reason for exclusion from AzureChinaCloud and AzureUSGovernment, impacts "Deploy-Diagnostics-LogAnalytics" Policy Set Definition
+    loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json') // Not workin in AzureChinaCloud, needs validating in AzureUSGovernment
   ]
   AzureChinaCloud: [
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deny-AFSPaasPublicIP.AzureChinaCloud.json') // Used by "Deny-PublicPaaSEndpoints" Policy Set Definition to replace missing built-in Policy Definition in AzureChinaCloud

From 5d77c32e0831cea814db9b7554b8883531e901bc Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Thu, 25 Jul 2024 13:46:00 +0800
Subject: [PATCH 08/43] Update for policy VM Autoshudown and role assignment

---
 .../policyDefinitions/Deploy-Vm-autoShutdown.json           | 4 +---
 src/templates/policies.bicep                                | 2 +-
 src/templates/roles.bicep                                   | 6 ++++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json b/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json
index e42d6a8f66..bcb614327a 100644
--- a/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json
+++ b/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json
@@ -13,9 +13,7 @@
             "category": "Compute",
             "source": "https://github.com/Azure/Enterprise-Scale/",
             "alzCloudEnvironments": [
-                "AzureCloud",
-                "AzureChinaCloud",
-                "AzureUSGovernment"
+                "AzureCloud"
             ]
         },
         "parameters": {
diff --git a/src/templates/policies.bicep b/src/templates/policies.bicep
index c6fe55442f..27d17e29a3 100644
--- a/src/templates/policies.bicep
+++ b/src/templates/policies.bicep
@@ -200,7 +200,7 @@ var loadPolicyDefinitions = {
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-PublicNetworkAccess.json') // Needs validating in AzureChinaCloud and AzureUSGovernment
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Budget.json') // Needs validating in AzureChinaCloud (already used in AzureUSGovernment)
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans.json') // No obvious reason for exclusion from AzureChinaCloud and AzureUSGovernment, impacts "Deploy-Diagnostics-LogAnalytics" Policy Set Definition
-    loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json') // Not workin in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json') // Not working in AzureChinaCloud, needs validating in AzureUSGovernment
   ]
   AzureChinaCloud: [
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deny-AFSPaasPublicIP.AzureChinaCloud.json') // Used by "Deny-PublicPaaSEndpoints" Policy Set Definition to replace missing built-in Policy Definition in AzureChinaCloud
diff --git a/src/templates/roles.bicep b/src/templates/roles.bicep
index 43949f4699..b5370ba7cb 100644
--- a/src/templates/roles.bicep
+++ b/src/templates/roles.bicep
@@ -8,10 +8,12 @@ var loadRoleDefinitions = {
   All: [
     loadJsonContent('../resources/Microsoft.Authorization/roleDefinitions/Application-Owners.json')
     loadJsonContent('../resources/Microsoft.Authorization/roleDefinitions/Network-Management.json')
-    loadJsonContent('../resources/Microsoft.Authorization/roleDefinitions/Security-Operations.json')
     loadJsonContent('../resources/Microsoft.Authorization/roleDefinitions/Subscription-Owner.json')
   ]
-  AzureCloud: []
+  AzureCloud: [
+    loadJsonContent('../resources/Microsoft.Authorization/roleDefinitions/Security-Operations.json') // Not working in AzureChinaCloud, needs validating on AzureUSGovernment
+    loadJsonContent('../resources/Microsoft.Authorization/roleDefinitions/Network-Management.json') // Not working in AzureChinaCloud, needs validating on AzureUSGovernment
+  ]
   AzureChinaCloud: []
   AzureUSGovernment: []
 }

From c177bd907107817eff2e78b2d50409c14c6ad5ff Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Thu, 25 Jul 2024 14:18:09 +0800
Subject: [PATCH 09/43] Update for Decom Policy Set

---
 .../policySetDefinitions/Enforce-ALZ-Decomm.json              | 4 +---
 src/templates/initiatives.bicep                               | 3 ++-
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json
index a2eaa786d5..da13144022 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json
@@ -12,9 +12,7 @@
         "category": "Decommissioned",
         "source": "https://github.com/Azure/Enterprise-Scale/",
         "alzCloudEnvironments": [ 
-          "AzureCloud",
-          "AzureChinaCloud",
-          "AzureUSGovernment"
+          "AzureCloud"
         ]
       },
       "parameters": {
diff --git a/src/templates/initiatives.bicep b/src/templates/initiatives.bicep
index a1a7e7c233..0e48249b93 100644
--- a/src/templates/initiatives.bicep
+++ b/src/templates/initiatives.bicep
@@ -39,7 +39,7 @@ var loadPolicySetDefinitions = {
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Sql-Security_20240529.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.json')
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json')
+
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Sandbox.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/DenyAction-DeleteProtection.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-AUM-CheckUpdates.json')
@@ -80,6 +80,7 @@ var loadPolicySetDefinitions = {
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-ACSB.json') // Unable to validate if Guest Configuration is working in other clouds
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-DefenderSQL-AMA.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Backup.json') // Unable to validate if all Azure Site Recovery features are working in other clouds
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json') // Not working in AzureChinaCloud, needs validating in AzureUSGovernment
   ]
   AzureChinaCloud: [
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.AzureChinaCloud.json') // Due to missing built-in Policy Definitions ()

From 1dcfe7a7e4afa49b377330badb07ce7c6717185a Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Thu, 25 Jul 2024 14:44:48 +0800
Subject: [PATCH 10/43] Update for role definition in mooncake

---
 src/templates/roles.bicep | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/templates/roles.bicep b/src/templates/roles.bicep
index b5370ba7cb..a49f2d717e 100644
--- a/src/templates/roles.bicep
+++ b/src/templates/roles.bicep
@@ -7,7 +7,6 @@ var cloudEnv = environment().name
 var loadRoleDefinitions = {
   All: [
     loadJsonContent('../resources/Microsoft.Authorization/roleDefinitions/Application-Owners.json')
-    loadJsonContent('../resources/Microsoft.Authorization/roleDefinitions/Network-Management.json')
     loadJsonContent('../resources/Microsoft.Authorization/roleDefinitions/Subscription-Owner.json')
   ]
   AzureCloud: [

From 52519b539d4702c5f17746b021ee8cf41695a41c Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Thu, 25 Jul 2024 16:32:38 +0800
Subject: [PATCH 11/43] Update the policy, initiatives, roles generated via
 bicep

---
 .../policyDefinitions/initiatives.json        |  88 +++++++-------
 .../policyDefinitions/policies.json           | 114 +++++++++---------
 .../customRoleDefinitions.json                |  47 ++++----
 3 files changed, 125 insertions(+), 124 deletions(-)

diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
index 05720324ea..d8a9e1d2eb 100644
--- a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
+++ b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.28.1.47646",
-      "templateHash": "14881039068741859194"
+      "version": "0.22.6.54827",
+      "templateHash": "3427518993111177727"
     }
   },
   "parameters": {
@@ -78,48 +78,48 @@
     ],
     "$fxv#0": "{\n    \"name\": \"Audit-UnusedResourcesCostOptimization\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Unused resources driving cost should be avoided\",\n        \"description\": \"Optimize cost by detecting unused but chargeable resources. Leverage this Azure Policy Initiative as a cost control tool to reveal orphaned resources that are contributing cost.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Cost Optimization\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n              ]\n        },\n        \"parameters\": {\n            \"effectDisks\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Disks Effect\",\n                    \"description\": \"Enable or disable the execution of the policy for Microsoft.Compute/disks\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectPublicIpAddresses\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"PublicIpAddresses Effect\",\n                    \"description\": \"Enable or disable the execution of the policy for Microsoft.Network/publicIpAddresses\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectServerFarms\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"ServerFarms Effect\",\n                    \"description\": \"Enable or disable the execution of the policy for Microsoft.Web/serverfarms\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AuditDisksUnusedResourcesCostOptimization\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Audit-Disks-UnusedResourcesCostOptimization\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectDisks')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AuditPublicIpAddressesUnusedResourcesCostOptimization\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Audit-PublicIpAddresses-UnusedResourcesCostOptimization\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectPublicIpAddresses')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AuditServerFarmsUnusedResourcesCostOptimization\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Audit-ServerFarms-UnusedResourcesCostOptimization\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectServerFarms')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AuditAzureHybridBenefitUnusedResourcesCostOptimization\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Audit-AzureHybridBenefit\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"Audit\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#1": "{\n    \"name\": \"Audit-TrustedLaunch\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Audit virtual machines for Trusted Launch support\",\n        \"description\": \"Trusted Launch improves security of a Virtual Machine which requires VM SKU, OS Disk & OS Image to support it (Gen 2). To learn more about Trusted Launch, visit https://aka.ms/trustedlaunch.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Trusted Launch\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n              ]\n        },\n        \"version\": \"1.0.0\",\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AuditDisksOsTrustedLaunch\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b03bb370-5249-4ea4-9fce-2552e87e45fa\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AuditTrustedLaunchEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95b54ad-0614-4633-ab29-104b01235cbf\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#10": "{\n    \"name\": \"Enforce-Guardrails-KeyVault\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultManagedHsmCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsPurgeProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86810a98-8e91-4a44-8386-ec66d0de5d57\",\n                \"policyDefinitionReferenceId\": \"Deny-keyVaultManagedHsm-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PurgeProtection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsPurgeProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#11": "{\n    \"name\": \"Enforce-Guardrails-APIM\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for API Management\",\n        \"description\": \"This policy initiative is a group of policies that ensures API Management is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"API Management\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"apiSubscriptionScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"minimumApiVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimSkuVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimApiBackendCertValidation\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimDirectApiEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimCallApiAuthn\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimEncryptedProtocols\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimVnetUsage\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimSecrets\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f1cc7827-022c-473e-836e-5a51cae0b249\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-without-Kv\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimSecrets')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ef619a2c-cc4d-4d03-b2ba-8c94a834d85b\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-without-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimVnetUsage')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-APIM-TLS\",\n                \"policyDefinitionReferenceId\": \"Deny-APIM-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee7495e7-3ba7-40b6-bfee-c29e22cc75d4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Protocols\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimEncryptedProtocols')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c15dcc82-b93c-4dcb-9332-fbf121685b54\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Authn\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimCallApiAuthn')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b741306c-968e-4b67-b916-5675e5c709f4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Direct-Endpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimDirectApiEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92bb331d-ac71-416a-8c91-02f2cb734ce4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Cert-Validation\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimApiBackendCertValidation')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ca8c8ac-3a6e-493d-99ba-c5fa35347ff2\",\n                \"policyDefinitionReferenceId\": \"Dine-Apim-Public-NetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimDisablePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/73ef9241-5d81-4cd4-b483-8443d1730fe5\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Sku-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimSkuVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/549814b6-3212-4203-bdc8-1548d342fb67\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('minimumApiVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3aa03346-d8c5-4994-a5bc-7652c2a2aef1\",\n                \"policyDefinitionReferenceId\": \"Deny-Api-subscription-scope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apiSubscriptionScope')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#12": "{\n    \"name\": \"Enforce-Guardrails-AppServices\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for App Service\",\n        \"description\": \"This policy initiative is a group of policies that ensures App Service is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"App Service\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"functionAppDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceSkuPl\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceDisableLocalAuthFtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceRouting\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceScmAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceRfc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsRfc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsVnetRouting\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceEnvLatestVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsRemoteDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsRemoteDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceByoc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsModifyHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppService-without-BYOC\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Byoc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceByoc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a5e3fe8f-f6cd-4f1d-bbf6-c749754a724b\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Remote-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsRemoteDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cca5adfe-626b-4cc6-8522-f5b6ed2391bd\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Remote-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsRemoteDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eb4d34ab-0929-491c-bbf3-61e13da19f9a\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Latest-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceEnvLatestVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/801543d1-1953-4a90-b8b0-8cf6d41473a5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Vnet-Routing\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsVnetRouting')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f5c0bfb3-acea-47b1-b477-b0edcdf6edc1\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Rfc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceRfc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a691eacb-474d-47e4-b287-b4813ca44222\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServiceApps-Rfc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsRfc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/70adbb40-e092-42d5-a6f8-71c540a5efdb\",\n                \"policyDefinitionReferenceId\": \"DINE-FuncApp-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e97b776-f380-4722-a9a3-e7f0be029e79\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-ScmAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceScmAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5747353b-1ca9-42c1-a4dd-b874b894f3d4\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-Routing\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceRouting')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/572e342c-c920-4ef5-be2e-1ed3c6a51dc5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-FtpAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceDisableLocalAuthFtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/546fe8d2-368d-4029-a418-6af48a7f61e5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-SkuPl\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceSkuPl')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2c034a29-2a5f-4857-b120-f800fe5549ae\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceDisableLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a5046c-c423-4805-9235-e844ae9ef49b\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08cf2974-d178-48a0-b26d-f6b8e555748b\",\n                \"policyDefinitionReferenceId\": \"Modify-Function-Apps-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsModifyHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0f98368e-36bc-4716-8ac2-8f8067203b63\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/242222f3-4985-4e99-b5ef-086d6a6cb01c\",\n                \"policyDefinitionReferenceId\": \"Modify-Function-Apps-Slots-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2374605e-3e0b-492b-9046-229af202562c\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-Apps-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c6c3e00e-d414-4ca4-914f-406699bb8eee\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-App-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#13": "{\n    \"name\": \"Enforce-Guardrails-Automation\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"autoHotPatch\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d02d2f7-e38b-4bdc-96f3-adc0a8726abc\",\n                \"policyDefinitionReferenceId\": \"Deny-Windows-Vm-HotPatch\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('autoHotPatch')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#14": "{\n    \"name\": \"Enforce-Guardrails-CognitiveServices\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cognitive Services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cognitive Services is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cognitiveSearchSku\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveSearchLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyCognitiveSearchLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyCognitiveSearchPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a049bf77-880b-470f-ba6d-9f21c530cf83\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-SKU\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchSku')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6300012e-e9a4-4649-b41f-a85f5c43be91\",\n                \"policyDefinitionReferenceId\": \"Deny-CongitiveSearch-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4eb216f2-9dba-4979-86e6-5d7e63ce3b75\",\n                \"policyDefinitionReferenceId\": \"Modify-CogntiveSearch-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyCognitiveSearchLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9cee519f-d9c1-4fd9-9f79-24ec3449ed30\",\n                \"policyDefinitionReferenceId\": \"Modify-CogntiveSearch-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyCognitiveSearchPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47ba1dd7-28d9-4b07-a8d5-9813bed64e0c\",\n                \"policyDefinitionReferenceId\": \"Modify-Cognitive-Services-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#15": "{\n    \"name\": \"Enforce-Guardrails-Compute\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Compute\",\n        \"description\": \"This policy initiative is a group of policies that ensures Compute is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Compute\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"diskDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vmAndVmssEncryptionHost\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fc4d8e41-e223-45ea-9bf5-eada37891d87\",\n                \"policyDefinitionReferenceId\": \"Deny-VmAndVmss-Encryption-Host\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vmAndVmssEncryptionHost')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ca91455f-eace-4f96-be59-e6e2c35b4816\",\n                \"policyDefinitionReferenceId\": \"Deny-Disk-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('diskDoubleEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#16": "{\n    \"name\": \"Enforce-Guardrails-ContainerApps\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Apps\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerAppsManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsVnetInjection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b346db6-85af-419b-8557-92cee2c0f9bb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApp-Vnet-Injection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsVnetInjection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsManagedIdentity')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#17": "{\n    \"name\": \"Enforce-Guardrails-ContainerInstance\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Instance\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Instances\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerInstanceVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8af8f826-edcb-4178-b35f-851ea6fea615\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerInstance-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerInstanceVnet')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#18": "{\n    \"name\": \"Enforce-Guardrails-ContainerRegistry\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Registry\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Registry\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerRegistryUnrestrictedNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryRepositoryToken\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyRepositoryToken\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryExports\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryAnAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyAnAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistrySkuPrivateLink\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryArmAudience\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyArmAudience\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/79fdfe03-ffcb-4e55-b4d0-b925b8241759\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b426fe-8856-4945-8600-18c5dd1cca2a\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Repo-Token\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyRepositoryToken')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/42781ec6-6127-4c30-bdfa-fb423a0047d3\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Arm-Audience\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryArmAudience')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/785596ed-054f-41bc-aaec-7f3d0ba05725\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Arm-Audience\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyArmAudience')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd560fc0-3c69-498a-ae9f-aa8eb7de0e13\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Sku-PrivateLink\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistrySkuPrivateLink')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cced2946-b08a-44fe-9fd9-e4ed8a779897\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Anonymous-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyAnAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9f2dea28-e834-476c-99c5-3507b4728395\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Anonymous-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryAnAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/524b0254-c285-4903-bee6-bb8126cde579\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Exports\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryExports')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc921057-6b28-4fbe-9b83-f7bec05db6c2\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff05e24e-195c-447e-b322-5e90c9f9f366\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Repo-Token\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryRepositoryToken')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Unrestricted-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryUnrestrictedNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a3701552-92ea-433e-9d17-33b7f1208fc9\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#19": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbAtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656\",\n                \"policyDefinitionReferenceId\": \"Dine-CosmosDb-Atp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbAtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#10": "{\n    \"name\": \"Enforce-Guardrails-APIM\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for API Management\",\n        \"description\": \"This policy initiative is a group of policies that ensures API Management is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"API Management\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"apiSubscriptionScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"minimumApiVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimSkuVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimApiBackendCertValidation\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimDirectApiEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimCallApiAuthn\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimEncryptedProtocols\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimVnetUsage\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimSecrets\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f1cc7827-022c-473e-836e-5a51cae0b249\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-without-Kv\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimSecrets')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ef619a2c-cc4d-4d03-b2ba-8c94a834d85b\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-without-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimVnetUsage')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-APIM-TLS\",\n                \"policyDefinitionReferenceId\": \"Deny-APIM-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee7495e7-3ba7-40b6-bfee-c29e22cc75d4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Protocols\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimEncryptedProtocols')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c15dcc82-b93c-4dcb-9332-fbf121685b54\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Authn\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimCallApiAuthn')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b741306c-968e-4b67-b916-5675e5c709f4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Direct-Endpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimDirectApiEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92bb331d-ac71-416a-8c91-02f2cb734ce4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Cert-Validation\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimApiBackendCertValidation')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ca8c8ac-3a6e-493d-99ba-c5fa35347ff2\",\n                \"policyDefinitionReferenceId\": \"Dine-Apim-Public-NetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimDisablePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/73ef9241-5d81-4cd4-b483-8443d1730fe5\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Sku-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimSkuVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/549814b6-3212-4203-bdc8-1548d342fb67\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('minimumApiVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3aa03346-d8c5-4994-a5bc-7652c2a2aef1\",\n                \"policyDefinitionReferenceId\": \"Deny-Api-subscription-scope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apiSubscriptionScope')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#11": "{\n    \"name\": \"Enforce-Guardrails-AppServices\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for App Service\",\n        \"description\": \"This policy initiative is a group of policies that ensures App Service is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"App Service\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"functionAppDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceSkuPl\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceDisableLocalAuthFtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceRouting\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceScmAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceRfc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsRfc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsVnetRouting\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceEnvLatestVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsRemoteDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsRemoteDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceByoc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsModifyHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppService-without-BYOC\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Byoc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceByoc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a5e3fe8f-f6cd-4f1d-bbf6-c749754a724b\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Remote-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsRemoteDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cca5adfe-626b-4cc6-8522-f5b6ed2391bd\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Remote-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsRemoteDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eb4d34ab-0929-491c-bbf3-61e13da19f9a\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Latest-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceEnvLatestVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/801543d1-1953-4a90-b8b0-8cf6d41473a5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Vnet-Routing\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsVnetRouting')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f5c0bfb3-acea-47b1-b477-b0edcdf6edc1\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Rfc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceRfc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a691eacb-474d-47e4-b287-b4813ca44222\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServiceApps-Rfc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsRfc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/70adbb40-e092-42d5-a6f8-71c540a5efdb\",\n                \"policyDefinitionReferenceId\": \"DINE-FuncApp-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e97b776-f380-4722-a9a3-e7f0be029e79\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-ScmAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceScmAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5747353b-1ca9-42c1-a4dd-b874b894f3d4\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-Routing\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceRouting')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/572e342c-c920-4ef5-be2e-1ed3c6a51dc5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-FtpAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceDisableLocalAuthFtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/546fe8d2-368d-4029-a418-6af48a7f61e5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-SkuPl\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceSkuPl')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2c034a29-2a5f-4857-b120-f800fe5549ae\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceDisableLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a5046c-c423-4805-9235-e844ae9ef49b\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08cf2974-d178-48a0-b26d-f6b8e555748b\",\n                \"policyDefinitionReferenceId\": \"Modify-Function-Apps-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsModifyHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0f98368e-36bc-4716-8ac2-8f8067203b63\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/242222f3-4985-4e99-b5ef-086d6a6cb01c\",\n                \"policyDefinitionReferenceId\": \"Modify-Function-Apps-Slots-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2374605e-3e0b-492b-9046-229af202562c\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-Apps-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c6c3e00e-d414-4ca4-914f-406699bb8eee\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-App-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#12": "{\n    \"name\": \"Enforce-Guardrails-Automation\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"autoHotPatch\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d02d2f7-e38b-4bdc-96f3-adc0a8726abc\",\n                \"policyDefinitionReferenceId\": \"Deny-Windows-Vm-HotPatch\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('autoHotPatch')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#13": "{\n    \"name\": \"Enforce-Guardrails-CognitiveServices\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cognitive Services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cognitive Services is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cognitiveSearchSku\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveSearchLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyCognitiveSearchLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyCognitiveSearchPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a049bf77-880b-470f-ba6d-9f21c530cf83\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-SKU\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchSku')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6300012e-e9a4-4649-b41f-a85f5c43be91\",\n                \"policyDefinitionReferenceId\": \"Deny-CongitiveSearch-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4eb216f2-9dba-4979-86e6-5d7e63ce3b75\",\n                \"policyDefinitionReferenceId\": \"Modify-CogntiveSearch-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyCognitiveSearchLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9cee519f-d9c1-4fd9-9f79-24ec3449ed30\",\n                \"policyDefinitionReferenceId\": \"Modify-CogntiveSearch-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyCognitiveSearchPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47ba1dd7-28d9-4b07-a8d5-9813bed64e0c\",\n                \"policyDefinitionReferenceId\": \"Modify-Cognitive-Services-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#14": "{\n    \"name\": \"Enforce-Guardrails-Compute\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Compute\",\n        \"description\": \"This policy initiative is a group of policies that ensures Compute is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Compute\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"diskDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vmAndVmssEncryptionHost\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fc4d8e41-e223-45ea-9bf5-eada37891d87\",\n                \"policyDefinitionReferenceId\": \"Deny-VmAndVmss-Encryption-Host\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vmAndVmssEncryptionHost')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ca91455f-eace-4f96-be59-e6e2c35b4816\",\n                \"policyDefinitionReferenceId\": \"Deny-Disk-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('diskDoubleEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#15": "{\n    \"name\": \"Enforce-Guardrails-ContainerApps\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Apps\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerAppsManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsVnetInjection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b346db6-85af-419b-8557-92cee2c0f9bb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApp-Vnet-Injection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsVnetInjection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsManagedIdentity')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#16": "{\n    \"name\": \"Enforce-Guardrails-ContainerInstance\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Instance\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Instances\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerInstanceVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8af8f826-edcb-4178-b35f-851ea6fea615\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerInstance-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerInstanceVnet')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#17": "{\n    \"name\": \"Enforce-Guardrails-ContainerRegistry\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Registry\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Registry\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerRegistryUnrestrictedNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryRepositoryToken\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyRepositoryToken\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryExports\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryAnAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyAnAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistrySkuPrivateLink\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryArmAudience\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyArmAudience\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/79fdfe03-ffcb-4e55-b4d0-b925b8241759\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b426fe-8856-4945-8600-18c5dd1cca2a\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Repo-Token\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyRepositoryToken')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/42781ec6-6127-4c30-bdfa-fb423a0047d3\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Arm-Audience\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryArmAudience')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/785596ed-054f-41bc-aaec-7f3d0ba05725\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Arm-Audience\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyArmAudience')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd560fc0-3c69-498a-ae9f-aa8eb7de0e13\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Sku-PrivateLink\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistrySkuPrivateLink')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cced2946-b08a-44fe-9fd9-e4ed8a779897\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Anonymous-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyAnAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9f2dea28-e834-476c-99c5-3507b4728395\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Anonymous-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryAnAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/524b0254-c285-4903-bee6-bb8126cde579\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Exports\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryExports')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc921057-6b28-4fbe-9b83-f7bec05db6c2\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff05e24e-195c-447e-b322-5e90c9f9f366\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Repo-Token\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryRepositoryToken')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Unrestricted-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryUnrestrictedNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a3701552-92ea-433e-9d17-33b7f1208fc9\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#18": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbAtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656\",\n                \"policyDefinitionReferenceId\": \"Dine-CosmosDb-Atp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbAtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#19": "{\n    \"name\": \"Enforce-Guardrails-DataExplorer\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Data Explorer\",\n        \"description\": \"This policy initiative is a group of policies that ensures Data Explorer is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Azure Data Explorer\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"adxEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxSku\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1fec9658-933f-4b3e-bc95-913ed22d012b\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Sku-without-PL-Support\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxSku')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4b53539-8df9-40e4-86c6-6b607703bd4e\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7b32f193-cb28-4e15-9a98-b9556db0bafa\",\n                \"policyDefinitionReferenceId\": \"Modify-ADX-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#2": "{\n  \"name\": \"Deploy-Sql-Security\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Deploy SQL Database built-in SQL security configuration\",\n    \"description\": \"Deploy auditing, Alert, TDE and SQL vulnerability to SQL Databases when it not exist in the deployment. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-Sql-Security_20240529.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"SQL\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"Deploy-Sql-Security_20240529\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"vulnerabilityAssessmentsEmail\": {\n        \"metadata\": {\n          \"description\": \"The email address to send alerts\",\n          \"displayName\": \"The email address to send alerts\"\n        },\n        \"type\": \"String\"\n      },\n      \"vulnerabilityAssessmentsStorageID\": {\n        \"metadata\": {\n          \"description\": \"The storage account ID to store assessments\",\n          \"displayName\": \"The storage account ID to store assessments\"\n        },\n        \"type\": \"String\"\n      },\n      \"SqlDbTdeDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database Transparent Data Encryption \",\n          \"description\": \"Deploy the Transparent Data Encryption when it is not enabled in the deployment\"\n        }\n      },\n      \"SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database security Alert Policies configuration with email admin accounts\",\n          \"description\": \"Deploy the security Alert Policies configuration with email admin accounts when it not exist in current configuration\"\n        }\n      },\n      \"SqlDbAuditingSettingsDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL database auditing settings\",\n          \"description\": \"Deploy auditing settings to SQL Database when it not exist in the deployment\"\n        }\n      },\n      \"SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database vulnerability Assessments\",\n          \"description\": \"Deploy SQL Database vulnerability Assessments when it not exist in the deployment. To the specific  storage account in the parameters\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbTdeDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbTdeDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbSecurityAlertPoliciesDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbAuditingSettingsDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbAuditingSettingsDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbVulnerabilityAssessmentsDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect')]\"\n          },\n          \"vulnerabilityAssessmentsEmail\": {\n            \"value\": \"[[parameters('vulnerabilityAssessmentsEmail')]\"\n          },\n          \"vulnerabilityAssessmentsStorageID\": {\n            \"value\": \"[[parameters('vulnerabilityAssessmentsStorageID')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#20": "{\n    \"name\": \"Enforce-Guardrails-DataExplorer\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Data Explorer\",\n        \"description\": \"This policy initiative is a group of policies that ensures Data Explorer is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Azure Data Explorer\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"adxEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxSku\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1fec9658-933f-4b3e-bc95-913ed22d012b\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Sku-without-PL-Support\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxSku')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4b53539-8df9-40e4-86c6-6b607703bd4e\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7b32f193-cb28-4e15-9a98-b9556db0bafa\",\n                \"policyDefinitionReferenceId\": \"Modify-ADX-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#21": "{\n    \"name\": \"Enforce-Guardrails-DataFactory\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Data Factory\",\n        \"description\": \"This policy initiative is a group of policies that ensures Data Factory is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Data Factory\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"adfSqlIntegration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfLinkedServiceKeyVault\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfGit\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f78ccdb4-7bf4-4106-8647-270491d2978a\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/77d40665-3120-4348-b539-3192ec808307\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Git\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfGit')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/127ef6d7-242f-43b3-9eef-947faf1725d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Linked-Service-Key-Vault\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfLinkedServiceKeyVault')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0088bc63-6dee-4a9c-9d29-91cfdc848952\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Sql-Integration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfSqlIntegration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b1442b-7789-4130-8506-4f99a97226a7\",\n                \"policyDefinitionReferenceId\": \"Modify-Adf-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#22": "{\n    \"name\": \"Enforce-Guardrails-EventGrid\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Event Grid\",\n        \"description\": \"This policy initiative is a group of policies that ensures Event Grid is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Grid\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"eventGridLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPartnerNamespaceLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPartnerNamespaceModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridDomainModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridDomainModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2dd0e8b9-4289-4bb0-b813-1883298e9924\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Partner-Namespace-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPartnerNamespaceModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ac2748f-3bf1-4c02-a3b6-92ae68cf75b1\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Domain-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridDomainModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae9fb87f-8a17-4428-94a4-8135d431055c\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Topic-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c8144d9-746a-4501-b08c-093c8d29ad04\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Topic-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8632b003-3545-4b29-85e6-b2b96773df1e\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Partner-Namespace-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPartnerNamespaceLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8bfadddb-ee1c-4639-8911-a38cb8e0b3bd\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/898e9824-104c-4965-8e0e-5197588fa5d4\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Domain-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridDomainModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36ea4b4b-0f7f-4a54-89fa-ab18f555a172\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Topic-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#23": "{\n    \"name\": \"Enforce-Guardrails-EventHub\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Event Hub\",\n        \"description\": \"This policy initiative is a group of policies that ensures Event Hub is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Hub\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"eventHubAuthRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/836cd60e-87f3-4e6a-a27c-29d687f01a4c\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/57f35901-8389-40bb-ac49-3ba4f86d889d\",\n                \"policyDefinitionReferenceId\": \"Modify-EH-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5d4e3c65-4873-47be-94f3-6f8b953a3598\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Auth-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubAuthRules')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#24": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-Sup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce additional recommended guardrails for Key Vault\",\n        \"description\": \"This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"keyVaultManagedHsmDisablePublicNetworkModify\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultModifyFw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84d327c3-164a-4685-b453-900478614456\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetworkModify')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-Fw\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultModifyFw')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#25": "{\n    \"name\": \"Enforce-Guardrails-Kubernetes\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Kubernetes\",\n        \"description\": \"This policy initiative is a group of policies that ensures Kubernetes is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Kubernetes\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aksKms\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksCni\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivateCluster\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksCommandInvoke\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksReadinessOrLivenessProbes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivContainers\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivEscalation\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksAllowedCapabilities\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksTempDisk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksInternalLb\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksDefaultNamespace\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksNakedPods\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksShareHostProcessAndNamespace\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksWindowsContainerAdministrator\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5485eac0-7e8f-4964-998b-a44f4f0c1e75\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Windows-Container-Administrator\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksWindowsContainerAdministrator')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Shared-Host-Process-Namespace\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksShareHostProcessAndNamespace')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65280eef-c8b4-425e-9aec-af55e55bf581\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Naked-Pods\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksNakedPods')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9f061a12-e40d-4183-a00e-171812443373\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Default-Namespace\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksDefaultNamespace')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Internal-Lb\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksInternalLb')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/41425d9f-d1a5-499a-9932-f8ed8453932c\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Temp-Disk-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksTempDisk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Allowed-Capabilities\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksAllowedCapabilities')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Priv-Escalation\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivEscalation')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Priv-Containers\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivContainers')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b1a9997f-2883-4f12-bdff-2280f99b5915\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-ReadinessOrLiveness-Probes\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksReadinessOrLivenessProbes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b708b0a-3380-40e9-8b79-821f9fa224cc\",\n                \"policyDefinitionReferenceId\": \"Dine-Aks-Command-Invoke\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksCommandInvoke')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"policyDefinitionReferenceId\": \"Dine-Aks-Policy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPolicy')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Private-Cluster\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivateCluster')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/993c2fcd-2b29-49d2-9eb0-df2c3a730c32\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dbbdc317-9734-4dd8-9074-993b29c69008\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Kms\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksKms')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46238e2f-3f6f-4589-9f3f-77bed4116e67\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Cni\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksCni')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#26": "{\n    \"name\": \"Enforce-Guardrails-MachineLearning\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Machine Learning\",\n        \"description\": \"This policy initiative is a group of policies that ensures Machine Learning is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Machine Learning\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mlUserAssignedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlOutdatedOS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f110a506-2dcb-422e-bcea-d533fc8c35e2\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-Outdated-Os\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effects\": {\n                        \"value\": \"[[parameters('mlOutdatedOS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6f9a2d0-cff7-4855-83ad-4cd750666512\",\n                \"policyDefinitionReferenceId\": \"Modify-ML-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f0c7d88-c7de-45b8-ac49-db49e72eaa78\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-User-Assigned-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlUserAssignedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a10ee784-7409-4941-b091-663697637c0f\",\n                \"policyDefinitionReferenceId\": \"Modify-ML-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#27": "{\n    \"name\": \"Enforce-Guardrails-MySQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlInfraEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#28": "{\n    \"name\": \"Enforce-Guardrails-Network\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableIDPS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafAfdEnabled\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Afd-Enabled\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafAfdEnabled')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-IDPS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableIDPS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#29": "{\n    \"name\": \"Enforce-Guardrails-OpenAI\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Open AI (Cognitive Service)\",\n        \"description\": \"This policy initiative is a group of policies that ensures Open AI (Cognitive Service) is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cognitiveServicesOutboundNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesNetworkAcls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesModifyDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesCustomerStorage\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-CognitiveServices-RestrictOutboundNetworkAccess\",\n                \"policyDefinitionReferenceId\": \"Deny-OpenAi-OutboundNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesOutboundNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-CognitiveServices-NetworkAcls\",\n                \"policyDefinitionReferenceId\": \"Deny-OpenAi-NetworkAcls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesNetworkAcls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe3fd216-4f83-4fc1-8984-2bbec80a3418\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/71ef260a-8f18-47b7-abcb-62d0673d94dc\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesDisableLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46aa9b05-0e60-4eae-a88b-1e9d374fa515\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Cust-Storage\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesCustomerStorage')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/14de9e63-1b31-492e-a5a3-c3f7fd57f555\",\n                \"policyDefinitionReferenceId\": \"Modify-Cognitive-Services-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesModifyDisableLocalAuth')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#20": "{\n    \"name\": \"Enforce-Guardrails-DataFactory\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Data Factory\",\n        \"description\": \"This policy initiative is a group of policies that ensures Data Factory is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Data Factory\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"adfSqlIntegration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfLinkedServiceKeyVault\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfGit\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f78ccdb4-7bf4-4106-8647-270491d2978a\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/77d40665-3120-4348-b539-3192ec808307\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Git\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfGit')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/127ef6d7-242f-43b3-9eef-947faf1725d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Linked-Service-Key-Vault\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfLinkedServiceKeyVault')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0088bc63-6dee-4a9c-9d29-91cfdc848952\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Sql-Integration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfSqlIntegration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b1442b-7789-4130-8506-4f99a97226a7\",\n                \"policyDefinitionReferenceId\": \"Modify-Adf-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#21": "{\n    \"name\": \"Enforce-Guardrails-EventGrid\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Event Grid\",\n        \"description\": \"This policy initiative is a group of policies that ensures Event Grid is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Grid\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"eventGridLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPartnerNamespaceLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPartnerNamespaceModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridDomainModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridDomainModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2dd0e8b9-4289-4bb0-b813-1883298e9924\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Partner-Namespace-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPartnerNamespaceModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ac2748f-3bf1-4c02-a3b6-92ae68cf75b1\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Domain-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridDomainModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae9fb87f-8a17-4428-94a4-8135d431055c\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Topic-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c8144d9-746a-4501-b08c-093c8d29ad04\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Topic-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8632b003-3545-4b29-85e6-b2b96773df1e\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Partner-Namespace-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPartnerNamespaceLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8bfadddb-ee1c-4639-8911-a38cb8e0b3bd\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/898e9824-104c-4965-8e0e-5197588fa5d4\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Domain-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridDomainModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36ea4b4b-0f7f-4a54-89fa-ab18f555a172\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Topic-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#22": "{\n    \"name\": \"Enforce-Guardrails-EventHub\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Event Hub\",\n        \"description\": \"This policy initiative is a group of policies that ensures Event Hub is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Hub\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"eventHubAuthRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/836cd60e-87f3-4e6a-a27c-29d687f01a4c\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/57f35901-8389-40bb-ac49-3ba4f86d889d\",\n                \"policyDefinitionReferenceId\": \"Modify-EH-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5d4e3c65-4873-47be-94f3-6f8b953a3598\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Auth-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubAuthRules')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#23": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-Sup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce additional recommended guardrails for Key Vault\",\n        \"description\": \"This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"keyVaultManagedHsmDisablePublicNetworkModify\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultModifyFw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84d327c3-164a-4685-b453-900478614456\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetworkModify')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-Fw\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultModifyFw')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#24": "{\n    \"name\": \"Enforce-Guardrails-Kubernetes\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Kubernetes\",\n        \"description\": \"This policy initiative is a group of policies that ensures Kubernetes is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Kubernetes\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aksKms\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksCni\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivateCluster\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksCommandInvoke\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksReadinessOrLivenessProbes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivContainers\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivEscalation\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksAllowedCapabilities\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksTempDisk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksInternalLb\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksDefaultNamespace\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksNakedPods\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksShareHostProcessAndNamespace\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksWindowsContainerAdministrator\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5485eac0-7e8f-4964-998b-a44f4f0c1e75\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Windows-Container-Administrator\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksWindowsContainerAdministrator')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Shared-Host-Process-Namespace\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksShareHostProcessAndNamespace')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65280eef-c8b4-425e-9aec-af55e55bf581\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Naked-Pods\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksNakedPods')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9f061a12-e40d-4183-a00e-171812443373\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Default-Namespace\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksDefaultNamespace')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Internal-Lb\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksInternalLb')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/41425d9f-d1a5-499a-9932-f8ed8453932c\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Temp-Disk-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksTempDisk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Allowed-Capabilities\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksAllowedCapabilities')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Priv-Escalation\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivEscalation')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Priv-Containers\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivContainers')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b1a9997f-2883-4f12-bdff-2280f99b5915\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-ReadinessOrLiveness-Probes\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksReadinessOrLivenessProbes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b708b0a-3380-40e9-8b79-821f9fa224cc\",\n                \"policyDefinitionReferenceId\": \"Dine-Aks-Command-Invoke\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksCommandInvoke')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"policyDefinitionReferenceId\": \"Dine-Aks-Policy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPolicy')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Private-Cluster\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivateCluster')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/993c2fcd-2b29-49d2-9eb0-df2c3a730c32\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dbbdc317-9734-4dd8-9074-993b29c69008\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Kms\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksKms')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46238e2f-3f6f-4589-9f3f-77bed4116e67\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Cni\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksCni')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#25": "{\n    \"name\": \"Enforce-Guardrails-MachineLearning\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Machine Learning\",\n        \"description\": \"This policy initiative is a group of policies that ensures Machine Learning is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Machine Learning\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mlUserAssignedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlOutdatedOS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f110a506-2dcb-422e-bcea-d533fc8c35e2\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-Outdated-Os\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effects\": {\n                        \"value\": \"[[parameters('mlOutdatedOS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6f9a2d0-cff7-4855-83ad-4cd750666512\",\n                \"policyDefinitionReferenceId\": \"Modify-ML-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f0c7d88-c7de-45b8-ac49-db49e72eaa78\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-User-Assigned-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlUserAssignedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a10ee784-7409-4941-b091-663697637c0f\",\n                \"policyDefinitionReferenceId\": \"Modify-ML-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#26": "{\n    \"name\": \"Enforce-Guardrails-MySQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlInfraEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#27": "{\n    \"name\": \"Enforce-Guardrails-Network\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableIDPS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafAfdEnabled\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Afd-Enabled\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafAfdEnabled')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-IDPS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableIDPS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#28": "{\n    \"name\": \"Enforce-Guardrails-OpenAI\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Open AI (Cognitive Service)\",\n        \"description\": \"This policy initiative is a group of policies that ensures Open AI (Cognitive Service) is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cognitiveServicesOutboundNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesNetworkAcls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesModifyDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesCustomerStorage\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-CognitiveServices-RestrictOutboundNetworkAccess\",\n                \"policyDefinitionReferenceId\": \"Deny-OpenAi-OutboundNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesOutboundNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-CognitiveServices-NetworkAcls\",\n                \"policyDefinitionReferenceId\": \"Deny-OpenAi-NetworkAcls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesNetworkAcls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe3fd216-4f83-4fc1-8984-2bbec80a3418\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/71ef260a-8f18-47b7-abcb-62d0673d94dc\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesDisableLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46aa9b05-0e60-4eae-a88b-1e9d374fa515\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Cust-Storage\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesCustomerStorage')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/14de9e63-1b31-492e-a5a3-c3f7fd57f555\",\n                \"policyDefinitionReferenceId\": \"Modify-Cognitive-Services-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesModifyDisableLocalAuth')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#29": "{\n    \"name\": \"Enforce-Guardrails-PostgreSQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for PostgreSQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures PostgreSQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"PostgreSQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"postgreSqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/db048e65-913c-49f9-bb5f-1084184671d3\",\n                \"policyDefinitionReferenceId\": \"Dine-PostgreSql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('postgreSqlAdvThreatProtection')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#3": "{\n  \"name\": \"Deploy-Sql-Security_20240529\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy SQL Database built-in SQL security configuration\",\n    \"description\": \"Deploy auditing, Alert, TDE and SQL vulnerability to SQL Databases when it not exist in the deployment\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"SQL\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"replacesPolicy\": \"Deploy-Sql-Security\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"vulnerabilityAssessmentsEmail\": {\n        \"metadata\": {\n          \"description\": \"The email address to send alerts\",\n          \"displayName\": \"The email address to send alerts\"\n        },\n        \"type\": \"Array\"\n      },\n      \"vulnerabilityAssessmentsStorageID\": {\n        \"metadata\": {\n          \"description\": \"The storage account ID to store assessments\",\n          \"displayName\": \"The storage account ID to store assessments\"\n        },\n        \"type\": \"String\"\n      },\n      \"SqlDbTdeDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database Transparent Data Encryption \",\n          \"description\": \"Deploy the Transparent Data Encryption when it is not enabled in the deployment\"\n        }\n      },\n      \"SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database security Alert Policies configuration with email admin accounts\",\n          \"description\": \"Deploy the security Alert Policies configuration with email admin accounts when it not exist in current configuration\"\n        }\n      },\n      \"SqlDbAuditingSettingsDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL database auditing settings\",\n          \"description\": \"Deploy auditing settings to SQL Database when it not exist in the deployment\"\n        }\n      },\n      \"SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database vulnerability Assessments\",\n          \"description\": \"Deploy SQL Database vulnerability Assessments when it not exist in the deployment. To the specific  storage account in the parameters\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbTdeDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbTdeDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbSecurityAlertPoliciesDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbAuditingSettingsDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbAuditingSettingsDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbVulnerabilityAssessmentsDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments_20230706\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect')]\"\n          },\n          \"vulnerabilityAssessmentsEmail\": {\n            \"value\": \"[[parameters('vulnerabilityAssessmentsEmail')]\"\n          },\n          \"vulnerabilityAssessmentsStorageID\": {\n            \"value\": \"[[parameters('vulnerabilityAssessmentsStorageID')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#30": "{\n    \"name\": \"Enforce-Guardrails-PostgreSQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for PostgreSQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures PostgreSQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"PostgreSQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"postgreSqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/db048e65-913c-49f9-bb5f-1084184671d3\",\n                \"policyDefinitionReferenceId\": \"Dine-PostgreSql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('postgreSqlAdvThreatProtection')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#31": "{\n    \"name\": \"Enforce-Guardrails-ServiceBus\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Service Bus\",\n        \"description\": \"This policy initiative is a group of policies that ensures Service Bus is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Service Bus\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"serviceBusModifyDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDenyDisabledLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusAuthzRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Authz-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusAuthzRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebaf4f25-a4e8-415f-86a8-42d9155bef0b\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfb11c26-f069-4c14-8e36-56c394dae5af\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDenyDisabledLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/910711a6-8aa2-4f15-ae62-1e5b2ed3ef9e\",\n                \"policyDefinitionReferenceId\": \"Modify-Sb-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusModifyDisableLocalAuth')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#32": "{\n    \"name\": \"Enforce-Guardrails-SQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for SQL and SQL Managed Instance\",\n        \"description\": \"This policy initiative is a group of policies that ensures SQL and SQL Managed Instance is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"SQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"sqlManagedAadOnly\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlAadOnly\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifySqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c5a62eb0-c65a-4220-8a4d-f70dd4ca95dd\",\n                \"policyDefinitionReferenceId\": \"Dine-Sql-Managed-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abda6d70-9778-44e7-84a8-06713e6db027\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Aad-Only\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlAadOnly')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/78215662-041e-49ed-a9dd-5385911b3a1f\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Aad-Only\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedAadOnly')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6\",\n                \"policyDefinitionReferenceId\": \"Dine-Sql-Adv-Data\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b\",\n                \"policyDefinitionReferenceId\": \"Modify-Sql-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifySqlPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#33": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\n                \"policyDefinitionReferenceId\": \"Dine-Storage-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#34": "{\n    \"name\": \"Enforce-Guardrails-Synapse\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Synapse workspaces\",\n        \"description\": \"This policy initiative is a group of policies that ensures Synapse workspaces is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Synapse\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"synapseLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseManagedVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDataTraffic\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTenants\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseAllowedTenantIds\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"[[subscription().tenantId]\"\n                ]\n            },\n            \"synapseFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/951c1558-50a5-4ca3-abb6-a93e3e2367a6\",\n                \"policyDefinitionReferenceId\": \"Dine-Synapse-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3624673-d2ff-48e0-b28c-5de1c6767c3c\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56fd377d-098c-4f02-8406-81eb055902b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a003702-13d2-4679-941b-937e58c443f0\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tenant-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTenants')]\"\n                    },\n                    \"allowedTenantIds\": {\n                        \"value\": \"[[parameters('synapseAllowedTenantIds')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3484ce98-c0c5-4c83-994b-c5ac24785218\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Data-Traffic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDataTraffic')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d9dbfa3-927b-4cf0-9d0f-08747f971650\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Managed-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseManagedVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2158ddbe-fefa-408e-b43f-d4faef8ff3b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b5c654c-fb07-471b-aa8f-15fea733f140\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c8cad01-ef30-4891-b230-652dadb4876a\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#35": "{\n    \"name\": \"Enforce-Guardrails-VirtualDesktop\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Virtual Desktop\",\n        \"description\": \"This policy initiative is a group of policies that ensures Virtual Desktop is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Desktop Virtualization\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"avdWorkspaceModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ce6ebf1d-0b94-4df9-9257-d8cacc238b4f\",\n                \"policyDefinitionReferenceId\": \"Modify-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspaceModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0913ff-51e7-47b8-97bb-ea17127f7c8d\",\n                \"policyDefinitionReferenceId\": \"Modify-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#36": "{\n    \"name\": \"Deny-PublicPaaSEndpoints\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Public network access should be disabled for PaaS services\",\n        \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n        \"metadata\": {\n            \"version\": \"5.1.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"CosmosPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for CosmosDB\",\n                    \"description\": \"This policy denies that Cosmos database accounts  are created with out public network access is disabled.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"KeyVaultPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for KeyVault\",\n                    \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"SqlServerPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n                    \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"StoragePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access onStorage accounts should be disabled\",\n                    \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AKSPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on AKS API should be disabled\",\n                    \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"ACRPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure Container Registry disabled\",\n                    \"description\": \"This policy denies the creation of Azure Container Registries with exposed public endpoints \"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AFSPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure File Sync disabled\",\n                    \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"PostgreSQLFlexPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for PostgreSql Flexible Server\",\n                    \"description\": \"This policy denies creation of PostgreSQL Flexible DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"postgreSqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for PostgreSQL servers\",\n                    \"description\": \"This policy denies creation of PostgreSQL DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MySQLFlexPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for MySQL Flexible Server\",\n                    \"description\": \"This policy denies creation of MySql Flexible Server DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"BatchPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n                    \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MariaDbPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n                    \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MlPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Machine Learning\",\n                    \"description\": \"This policy denies creation of Azure Machine Learning with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"RedisCachePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Cache for Redis\",\n                    \"description\": \"This policy denies creation of Azure Cache for Redis with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"BotServicePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Bot Service\",\n                    \"description\": \"This policy denies creation of Bot Service with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AutomationPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Automation accounts\",\n                    \"description\": \"This policy denies creation of Automation accounts with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AppConfigPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Configuration\",\n                    \"description\": \"This policy denies creation of App Configuration with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"FunctionPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Function apps\",\n                    \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"FunctionAppSlotPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Function apps\",\n                    \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Service Environment apps\",\n                    \"description\": \"This policy denies creation of App Service Environment apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Service apps\",\n                    \"description\": \"This policy denies creation of App Service apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"ApiManPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for API Management services\",\n                    \"description\": \"This policy denies creation of API Management services with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"AuditIfNotExists\"\n            },\n            \"ContainerAppsEnvironmentDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Container Apps environment should disable public network access\",\n                    \"description\": \"This policy denies creation of Container Apps Environment with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsrVaultDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Azure Recovery Services vaults should disable public network access\",\n                    \"description\": \"This policy denies creation of Azure Recovery Services vaults with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"logicAppPublicNetworkAccessEffect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"appSlotsPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"cognitiveSearchPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"managedDiskPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmDisablePublicNetwork\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapsePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdWorkspacePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"grafanaPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/405c5871-3e91-4644-8a63-58e19d68ff5b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2982f36-99f2-4db5-8eff-283140c09693\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLFlexDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLFlexPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deny-PostgreSql-Public-Network-Access\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('postgreSqlPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLFlexDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLFlexPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MlDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/438c38d2-3772-465a-a9cc-7a6666a275ce\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MlPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisCacheDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/470baccb-7e51-4549-8b1a-3e5be069f663\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisCachePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BotServiceDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e8168db-69e3-4beb-9822-57cb59202a9d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BotServicePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AutomationDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/955a914f-bf86-4f0e-acd5-e0766b0efcb6\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AutomationPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppConfigDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3d9f5e4c-9947-4579-9539-2a7695fbc187\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppConfigPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/969ac98b-88a8-449f-883c-2e9adb123127\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionAppSlotsDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11c82d0c-db9f-4d7b-97c5-f3f9aa957da2\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppSlotPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AseDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d048aca-6479-4923-88f5-e2ac295d9af3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AsDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b5ef780-c53c-4a64-87f3-bb9c8c8094ba\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ApiManDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/df73bd95-24da-4a4f-96b9-4e8b94b402bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ApiManPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsEnvironmentDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d074ddf8-01a5-4b5e-a2b8-964aed452c0a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsEnvironmentDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/783ea2a8-b8fd-46be-896a-9ae79643a0b1\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AsrVaultDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9ebbbba3-4d65-4da9-bb67-b22cfaaff090\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsrVaultDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Public-Network-Access\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApp-Public-Network\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppPublicNetworkAccessEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/701a595d-38fb-4a66-ae6d-fb3735217622\",\n                \"policyDefinitionReferenceId\": \"Deny-AppSlots-Public\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appSlotsPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee980b6d-0eca-4501-8d54-f6290fd512c3\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8405fdab-1faf-48aa-b702-999c9c172094\",\n                \"policyDefinitionReferenceId\": \"Deny-ManagedDisk-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('managedDiskPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43bc7be6-5e69-4b0d-a2bb-e815557ca673\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1cf164be-6819-4a50-b8fa-4bcaa4f98fb6\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8f774be-6aee-492a-9e29-486ef81f3a68\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1adadefe-5f21-44f7-b931-a59b54ccdb45\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Topic-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0602787f-9896-402a-a6e1-39ee63ee435e\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/19ea9d63-adee-4431-a95e-1913c6c1c75f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PublicNetwork\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetwork')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cbd11fd3-3002-4907-b6c8-579f0e700e13\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDisablePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9dfea752-dd46-4766-aed1-c355fa93fb91\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Public-Endpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Public-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsPublicAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/38d8df46-cf4e-4073-8e03-48c24b29de0d\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapsePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ac3038-c07a-4b92-860d-29e270a4f3cd\",\n                \"policyDefinitionReferenceId\": \"Deny-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspacePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c25dcf31-878f-4eba-98eb-0818fdc6a334\",\n                \"policyDefinitionReferenceId\": \"Deny-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8775d5a-73b7-4977-a39b-833ef0114628\",\n                \"policyDefinitionReferenceId\": \"Deny-Grafana-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('grafanaPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#37": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. This policy set is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n    \"metadata\": {\n      \"deprecated\": true,\n      \"version\": \"2.2.0-deprecated\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsDestinationType\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AzureDiagnostics\",\n        \"allowedValues\": [\n          \"AzureDiagnostics\",\n          \"Dedicated\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Destination table for the Diagnostic Setting for API Management to Log Analytics workspace\",\n          \"description\": \"Destination table for the diagnostic setting for API Management to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsDestinationType\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AzureDiagnostics\",\n        \"allowedValues\": [\n          \"AzureDiagnostics\",\n          \"Dedicated\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Destination table for the Diagnostic Setting for Firewall to Log Analytics workspace\",\n          \"description\": \"Destination table for the diagnostic setting for Firewall to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Log Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Log Analytics to stream to a Log Analytics workspace when any Log Analytics workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category Audit enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AVDScalingPlansLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59759c62-9a22-4cdf-ae64-074495983fef\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountBlobServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountFileServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a70cc8-2bd4-47f1-90b6-1478e4662c96\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountQueueServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7bd000e3-37c7-4928-9f31-86c4b77c5c45\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountTableServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fb86bf3-d221-43d1-96d1-2434af34eaa0\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AVDScalingPlansLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"logAnalyticsDestinationType\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsDestinationType')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"logAnalyticsDestinationType\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsDestinationType')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#38": "{\n    \"name\": \"Deploy-MDFC-Config\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"[Deprecated]: Deploy Microsoft Defender for Cloud configuration\",\n        \"description\": \"Deploy Microsoft Defender for Cloud configuration. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html\",\n        \"metadata\": {\n            \"version\": \"7.0.0-deprecated\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"deprecated\": true,\n            \"supersededBy\": \"Deploy-MDFC-Config_20240319\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"emailSecurityContact\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Security contacts email address\",\n                    \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n                }\n            },\n            \"minimalSeverity\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"High\",\n                    \"Medium\",\n                    \"Low\"\n                ],\n                \"defaultValue\": \"High\",\n                \"metadata\": {\n                    \"displayName\": \"Minimal severity\",\n                    \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n                }\n            },\n            \"logAnalytics\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Primary Log Analytics workspace\",\n                    \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n                    \"strongType\": \"omsWorkspace\"\n                }\n            },\n            \"ascExportResourceGroupName\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n                }\n            },\n            \"ascExportResourceGroupLocation\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n                }\n            },\n            \"enableAscForCosmosDbs\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSql\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSqlOnVm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForDns\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForArm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForOssDb\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForAppServices\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForKeyVault\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForStorage\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForContainers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServersVulnerabilityAssessments\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"vulnerabilityAssessmentProvider\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"default\",\n                    \"mdeTvm\"\n                ],\n                \"defaultValue\": \"default\",\n                \"metadata\": {\n                    \"displayName\": \"Vulnerability assessment provider type\",\n                    \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n                }\n            },\n            \"enableAscForApis\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForCspm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForOssDb')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVM\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n                    },\n                    \"vaType\": {\n                        \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForAppServices')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForStorage')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforContainers\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    },\n                    \"logAnalyticsWorkspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForKeyVault')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForDns\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForDns')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForArm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForArm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSql')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForApis\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e54d2be9-5f2e-4d65-98e4-4f0e670b23d6\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForApis')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCspm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCspm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"securityEmailContact\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n                \"parameters\": {\n                    \"emailSecurityContact\": {\n                        \"value\": \"[[parameters('emailSecurityContact')]\"\n                    },\n                    \"minimalSeverity\": {\n                        \"value\": \"[[parameters('minimalSeverity')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ascExport\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n                \"parameters\": {\n                    \"resourceGroupName\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n                    },\n                    \"resourceGroupLocation\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n                    },\n                    \"workspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n                \"parameters\": {\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#39": "{\n    \"name\": \"Deploy-MDFC-Config_20240319\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n        \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Deploy-MDFC-Config\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"emailSecurityContact\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Security contacts email address\",\n                    \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n                }\n            },\n            \"minimalSeverity\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"High\",\n                    \"Medium\",\n                    \"Low\"\n                ],\n                \"defaultValue\": \"High\",\n                \"metadata\": {\n                    \"displayName\": \"Minimal severity\",\n                    \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n                }\n            },\n            \"logAnalytics\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Primary Log Analytics workspace\",\n                    \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n                    \"strongType\": \"omsWorkspace\"\n                }\n            },\n            \"ascExportResourceGroupName\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n                }\n            },\n            \"ascExportResourceGroupLocation\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n                }\n            },\n            \"enableAscForCosmosDbs\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSql\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSqlOnVm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForArm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForOssDb\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForAppServices\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForKeyVault\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForStorage\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForContainers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServersVulnerabilityAssessments\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"vulnerabilityAssessmentProvider\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"default\",\n                    \"mdeTvm\"\n                ],\n                \"defaultValue\": \"mdeTvm\",\n                \"metadata\": {\n                    \"displayName\": \"Vulnerability assessment provider type\",\n                    \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n                }\n            },\n            \"enableAscForCspm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForOssDb')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVM\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n                    },\n                    \"vaType\": {\n                        \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForAppServices')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForStorage')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforContainers\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    },\n                    \"logAnalyticsWorkspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForKeyVault')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForArm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForArm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSql')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCspm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCspm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"securityEmailContact\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n                \"parameters\": {\n                    \"emailSecurityContact\": {\n                        \"value\": \"[[parameters('emailSecurityContact')]\"\n                    },\n                    \"minimalSeverity\": {\n                        \"value\": \"[[parameters('minimalSeverity')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ascExport\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n                \"parameters\": {\n                    \"resourceGroupName\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n                    },\n                    \"resourceGroupLocation\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n                    },\n                    \"workspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n                \"parameters\": {\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#30": "{\n    \"name\": \"Enforce-Guardrails-ServiceBus\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Service Bus\",\n        \"description\": \"This policy initiative is a group of policies that ensures Service Bus is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Service Bus\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"serviceBusModifyDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDenyDisabledLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusAuthzRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Authz-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusAuthzRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebaf4f25-a4e8-415f-86a8-42d9155bef0b\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfb11c26-f069-4c14-8e36-56c394dae5af\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDenyDisabledLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/910711a6-8aa2-4f15-ae62-1e5b2ed3ef9e\",\n                \"policyDefinitionReferenceId\": \"Modify-Sb-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusModifyDisableLocalAuth')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#31": "{\n    \"name\": \"Enforce-Guardrails-SQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for SQL and SQL Managed Instance\",\n        \"description\": \"This policy initiative is a group of policies that ensures SQL and SQL Managed Instance is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"SQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"sqlManagedAadOnly\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlAadOnly\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifySqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c5a62eb0-c65a-4220-8a4d-f70dd4ca95dd\",\n                \"policyDefinitionReferenceId\": \"Dine-Sql-Managed-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abda6d70-9778-44e7-84a8-06713e6db027\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Aad-Only\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlAadOnly')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/78215662-041e-49ed-a9dd-5385911b3a1f\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Aad-Only\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedAadOnly')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6\",\n                \"policyDefinitionReferenceId\": \"Dine-Sql-Adv-Data\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b\",\n                \"policyDefinitionReferenceId\": \"Modify-Sql-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifySqlPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#32": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\n                \"policyDefinitionReferenceId\": \"Dine-Storage-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#33": "{\n    \"name\": \"Enforce-Guardrails-Synapse\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Synapse workspaces\",\n        \"description\": \"This policy initiative is a group of policies that ensures Synapse workspaces is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Synapse\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"synapseLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseManagedVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDataTraffic\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTenants\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseAllowedTenantIds\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"[[subscription().tenantId]\"\n                ]\n            },\n            \"synapseFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/951c1558-50a5-4ca3-abb6-a93e3e2367a6\",\n                \"policyDefinitionReferenceId\": \"Dine-Synapse-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3624673-d2ff-48e0-b28c-5de1c6767c3c\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56fd377d-098c-4f02-8406-81eb055902b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a003702-13d2-4679-941b-937e58c443f0\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tenant-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTenants')]\"\n                    },\n                    \"allowedTenantIds\": {\n                        \"value\": \"[[parameters('synapseAllowedTenantIds')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3484ce98-c0c5-4c83-994b-c5ac24785218\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Data-Traffic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDataTraffic')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d9dbfa3-927b-4cf0-9d0f-08747f971650\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Managed-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseManagedVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2158ddbe-fefa-408e-b43f-d4faef8ff3b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b5c654c-fb07-471b-aa8f-15fea733f140\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c8cad01-ef30-4891-b230-652dadb4876a\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#34": "{\n    \"name\": \"Enforce-Guardrails-VirtualDesktop\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Virtual Desktop\",\n        \"description\": \"This policy initiative is a group of policies that ensures Virtual Desktop is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Desktop Virtualization\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"avdWorkspaceModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ce6ebf1d-0b94-4df9-9257-d8cacc238b4f\",\n                \"policyDefinitionReferenceId\": \"Modify-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspaceModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0913ff-51e7-47b8-97bb-ea17127f7c8d\",\n                \"policyDefinitionReferenceId\": \"Modify-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#35": "{\n    \"name\": \"Deny-PublicPaaSEndpoints\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Public network access should be disabled for PaaS services\",\n        \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n        \"metadata\": {\n            \"version\": \"5.1.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"CosmosPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for CosmosDB\",\n                    \"description\": \"This policy denies that Cosmos database accounts  are created with out public network access is disabled.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"KeyVaultPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for KeyVault\",\n                    \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"SqlServerPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n                    \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"StoragePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access onStorage accounts should be disabled\",\n                    \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AKSPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on AKS API should be disabled\",\n                    \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"ACRPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure Container Registry disabled\",\n                    \"description\": \"This policy denies the creation of Azure Container Registries with exposed public endpoints \"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AFSPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure File Sync disabled\",\n                    \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"PostgreSQLFlexPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for PostgreSql Flexible Server\",\n                    \"description\": \"This policy denies creation of PostgreSQL Flexible DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"postgreSqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for PostgreSQL servers\",\n                    \"description\": \"This policy denies creation of PostgreSQL DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MySQLFlexPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for MySQL Flexible Server\",\n                    \"description\": \"This policy denies creation of MySql Flexible Server DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"BatchPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n                    \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MariaDbPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n                    \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MlPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Machine Learning\",\n                    \"description\": \"This policy denies creation of Azure Machine Learning with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"RedisCachePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Cache for Redis\",\n                    \"description\": \"This policy denies creation of Azure Cache for Redis with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"BotServicePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Bot Service\",\n                    \"description\": \"This policy denies creation of Bot Service with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AutomationPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Automation accounts\",\n                    \"description\": \"This policy denies creation of Automation accounts with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AppConfigPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Configuration\",\n                    \"description\": \"This policy denies creation of App Configuration with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"FunctionPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Function apps\",\n                    \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"FunctionAppSlotPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Function apps\",\n                    \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Service Environment apps\",\n                    \"description\": \"This policy denies creation of App Service Environment apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Service apps\",\n                    \"description\": \"This policy denies creation of App Service apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"ApiManPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for API Management services\",\n                    \"description\": \"This policy denies creation of API Management services with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"AuditIfNotExists\"\n            },\n            \"ContainerAppsEnvironmentDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Container Apps environment should disable public network access\",\n                    \"description\": \"This policy denies creation of Container Apps Environment with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsrVaultDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Azure Recovery Services vaults should disable public network access\",\n                    \"description\": \"This policy denies creation of Azure Recovery Services vaults with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"logicAppPublicNetworkAccessEffect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"appSlotsPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"cognitiveSearchPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"managedDiskPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmDisablePublicNetwork\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapsePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdWorkspacePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"grafanaPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/405c5871-3e91-4644-8a63-58e19d68ff5b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2982f36-99f2-4db5-8eff-283140c09693\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLFlexDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLFlexPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deny-PostgreSql-Public-Network-Access\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('postgreSqlPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLFlexDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLFlexPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MlDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/438c38d2-3772-465a-a9cc-7a6666a275ce\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MlPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisCacheDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/470baccb-7e51-4549-8b1a-3e5be069f663\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisCachePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BotServiceDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e8168db-69e3-4beb-9822-57cb59202a9d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BotServicePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AutomationDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/955a914f-bf86-4f0e-acd5-e0766b0efcb6\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AutomationPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppConfigDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3d9f5e4c-9947-4579-9539-2a7695fbc187\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppConfigPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/969ac98b-88a8-449f-883c-2e9adb123127\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionAppSlotsDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11c82d0c-db9f-4d7b-97c5-f3f9aa957da2\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppSlotPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AseDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d048aca-6479-4923-88f5-e2ac295d9af3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AsDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b5ef780-c53c-4a64-87f3-bb9c8c8094ba\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ApiManDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/df73bd95-24da-4a4f-96b9-4e8b94b402bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ApiManPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsEnvironmentDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d074ddf8-01a5-4b5e-a2b8-964aed452c0a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsEnvironmentDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/783ea2a8-b8fd-46be-896a-9ae79643a0b1\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AsrVaultDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9ebbbba3-4d65-4da9-bb67-b22cfaaff090\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsrVaultDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Public-Network-Access\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApp-Public-Network\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppPublicNetworkAccessEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/701a595d-38fb-4a66-ae6d-fb3735217622\",\n                \"policyDefinitionReferenceId\": \"Deny-AppSlots-Public\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appSlotsPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee980b6d-0eca-4501-8d54-f6290fd512c3\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8405fdab-1faf-48aa-b702-999c9c172094\",\n                \"policyDefinitionReferenceId\": \"Deny-ManagedDisk-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('managedDiskPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43bc7be6-5e69-4b0d-a2bb-e815557ca673\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1cf164be-6819-4a50-b8fa-4bcaa4f98fb6\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8f774be-6aee-492a-9e29-486ef81f3a68\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1adadefe-5f21-44f7-b931-a59b54ccdb45\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Topic-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0602787f-9896-402a-a6e1-39ee63ee435e\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/19ea9d63-adee-4431-a95e-1913c6c1c75f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PublicNetwork\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetwork')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cbd11fd3-3002-4907-b6c8-579f0e700e13\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDisablePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9dfea752-dd46-4766-aed1-c355fa93fb91\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Public-Endpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Public-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsPublicAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/38d8df46-cf4e-4073-8e03-48c24b29de0d\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapsePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ac3038-c07a-4b92-860d-29e270a4f3cd\",\n                \"policyDefinitionReferenceId\": \"Deny-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspacePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c25dcf31-878f-4eba-98eb-0818fdc6a334\",\n                \"policyDefinitionReferenceId\": \"Deny-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8775d5a-73b7-4977-a39b-833ef0114628\",\n                \"policyDefinitionReferenceId\": \"Deny-Grafana-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('grafanaPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#36": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. This policy set is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n    \"metadata\": {\n      \"deprecated\": true,\n      \"version\": \"2.2.0-deprecated\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsDestinationType\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AzureDiagnostics\",\n        \"allowedValues\": [\n          \"AzureDiagnostics\",\n          \"Dedicated\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Destination table for the Diagnostic Setting for API Management to Log Analytics workspace\",\n          \"description\": \"Destination table for the diagnostic setting for API Management to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsDestinationType\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AzureDiagnostics\",\n        \"allowedValues\": [\n          \"AzureDiagnostics\",\n          \"Dedicated\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Destination table for the Diagnostic Setting for Firewall to Log Analytics workspace\",\n          \"description\": \"Destination table for the diagnostic setting for Firewall to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Log Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Log Analytics to stream to a Log Analytics workspace when any Log Analytics workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category Audit enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AVDScalingPlansLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59759c62-9a22-4cdf-ae64-074495983fef\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountBlobServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountFileServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a70cc8-2bd4-47f1-90b6-1478e4662c96\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountQueueServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7bd000e3-37c7-4928-9f31-86c4b77c5c45\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountTableServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fb86bf3-d221-43d1-96d1-2434af34eaa0\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AVDScalingPlansLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"logAnalyticsDestinationType\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsDestinationType')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"logAnalyticsDestinationType\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsDestinationType')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#37": "{\n    \"name\": \"Deploy-MDFC-Config\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"[Deprecated]: Deploy Microsoft Defender for Cloud configuration\",\n        \"description\": \"Deploy Microsoft Defender for Cloud configuration. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html\",\n        \"metadata\": {\n            \"version\": \"7.0.0-deprecated\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"deprecated\": true,\n            \"supersededBy\": \"Deploy-MDFC-Config_20240319\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"emailSecurityContact\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Security contacts email address\",\n                    \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n                }\n            },\n            \"minimalSeverity\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"High\",\n                    \"Medium\",\n                    \"Low\"\n                ],\n                \"defaultValue\": \"High\",\n                \"metadata\": {\n                    \"displayName\": \"Minimal severity\",\n                    \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n                }\n            },\n            \"logAnalytics\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Primary Log Analytics workspace\",\n                    \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n                    \"strongType\": \"omsWorkspace\"\n                }\n            },\n            \"ascExportResourceGroupName\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n                }\n            },\n            \"ascExportResourceGroupLocation\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n                }\n            },\n            \"enableAscForCosmosDbs\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSql\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSqlOnVm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForDns\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForArm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForOssDb\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForAppServices\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForKeyVault\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForStorage\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForContainers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServersVulnerabilityAssessments\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"vulnerabilityAssessmentProvider\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"default\",\n                    \"mdeTvm\"\n                ],\n                \"defaultValue\": \"default\",\n                \"metadata\": {\n                    \"displayName\": \"Vulnerability assessment provider type\",\n                    \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n                }\n            },\n            \"enableAscForApis\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForCspm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForOssDb')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVM\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n                    },\n                    \"vaType\": {\n                        \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForAppServices')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForStorage')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforContainers\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    },\n                    \"logAnalyticsWorkspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForKeyVault')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForDns\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForDns')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForArm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForArm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSql')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForApis\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e54d2be9-5f2e-4d65-98e4-4f0e670b23d6\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForApis')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCspm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCspm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"securityEmailContact\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n                \"parameters\": {\n                    \"emailSecurityContact\": {\n                        \"value\": \"[[parameters('emailSecurityContact')]\"\n                    },\n                    \"minimalSeverity\": {\n                        \"value\": \"[[parameters('minimalSeverity')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ascExport\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n                \"parameters\": {\n                    \"resourceGroupName\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n                    },\n                    \"resourceGroupLocation\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n                    },\n                    \"workspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n                \"parameters\": {\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#38": "{\n    \"name\": \"Deploy-MDFC-Config_20240319\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n        \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Deploy-MDFC-Config\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"emailSecurityContact\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Security contacts email address\",\n                    \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n                }\n            },\n            \"minimalSeverity\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"High\",\n                    \"Medium\",\n                    \"Low\"\n                ],\n                \"defaultValue\": \"High\",\n                \"metadata\": {\n                    \"displayName\": \"Minimal severity\",\n                    \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n                }\n            },\n            \"logAnalytics\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Primary Log Analytics workspace\",\n                    \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n                    \"strongType\": \"omsWorkspace\"\n                }\n            },\n            \"ascExportResourceGroupName\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n                }\n            },\n            \"ascExportResourceGroupLocation\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n                }\n            },\n            \"enableAscForCosmosDbs\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSql\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSqlOnVm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForArm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForOssDb\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForAppServices\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForKeyVault\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForStorage\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForContainers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServersVulnerabilityAssessments\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"vulnerabilityAssessmentProvider\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"default\",\n                    \"mdeTvm\"\n                ],\n                \"defaultValue\": \"mdeTvm\",\n                \"metadata\": {\n                    \"displayName\": \"Vulnerability assessment provider type\",\n                    \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n                }\n            },\n            \"enableAscForCspm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForOssDb')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVM\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n                    },\n                    \"vaType\": {\n                        \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForAppServices')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForStorage')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforContainers\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    },\n                    \"logAnalyticsWorkspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForKeyVault')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForArm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForArm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSql')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCspm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCspm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"securityEmailContact\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n                \"parameters\": {\n                    \"emailSecurityContact\": {\n                        \"value\": \"[[parameters('emailSecurityContact')]\"\n                    },\n                    \"minimalSeverity\": {\n                        \"value\": \"[[parameters('minimalSeverity')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ascExport\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n                \"parameters\": {\n                    \"resourceGroupName\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n                    },\n                    \"resourceGroupLocation\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n                    },\n                    \"workspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n                \"parameters\": {\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#39": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"2.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDatabricksPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDatabricksPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureHDInsightPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureHDInsightPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMigratePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMigratePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueuePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueuePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueueSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueueSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesKeyPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesKeyPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesLivePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesLivePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesStreamPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesStreamPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBotServicePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBotServicePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureManagedGrafanaWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureManagedGrafanaWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotDeviceupdatePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotDeviceupdatePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcGuestconfigurationPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcGuestconfigurationPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcHybridResourceProviderPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcHybridResourceProviderPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcKubernetesConfigurationPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcKubernetesConfigurationPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotCentralPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotCentralPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Databricks-UI-Api\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDatabricksPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"databricks_ui_api\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Databricks-Browser-AuthN\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDatabricksPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"browser_authentication\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Migrate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7590a335-57cf-4c95-babd-ecbc8fafeb1f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMigratePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Key\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesKeyPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"keydelivery\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Live\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesLivePrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"liveevent\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Stream\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesStreamPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"streamingendpoint\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Web\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-BotService\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a4e6f44-f2af-4082-9702-033c9e88b9f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBotServicePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ManagedGrafanaWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4c8537f8-cd1b-49ec-b704-18e82a42fd58\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureManagedGrafanaWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTDeviceupdate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a222b93a-e6c2-4c01-817f-21e092455b2a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotDeviceupdatePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Arc\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55c4db33-97b0-437b-8469-c4f4498f5df9\",\n        \"parameters\":{\n          \"privateDnsZoneIDForGuestConfiguration\": {\n            \"value\": \"[[parameters('azureArcGuestconfigurationPrivateDnsZoneId')]\"\n          },\n          \"privateDnsZoneIDForHybridResourceProvider\": {\n            \"value\": \"[[parameters('azureArcHybridResourceProviderPrivateDnsZoneId')]\"\n          },\n          \"privateDnsZoneIDForKubernetesConfiguration\": {\n            \"value\": \"[[parameters('azureArcKubernetesConfigurationPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTCentral\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d627d7c6-ded5-481a-8f2e-7e16b1e6faf6\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotCentralPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#4": "{\n    \"name\": \"Enforce-EncryptTransit\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n      \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_20240509.html\",\n      \"metadata\": {\n        \"version\": \"2.1.0-deprecated\",\n        \"category\": \"Encryption\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"deprecated\": true,\n        \"supersededBy\": \"Enforce-EncryptTransit_20240509\",\n        \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n        ]\n      },\n      \"parameters\": {\n        \"AppServiceHttpEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n            \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceTlsVersionEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n            \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n            \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n          }\n        },\n        \"APIAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"FunctionLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"FunctionServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"WebAppServiceLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"WebAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"AKSIngressHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n            \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"deny\",\n          \"allowedValues\": [\n            \"audit\",\n            \"deny\",\n            \"disabled\"\n          ]\n        },\n        \"MySQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"MySQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n            \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"MySQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"PostgreSQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"PostgreSQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n            \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"PostgreSQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"RedisTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"RedisMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n            \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n          }\n        },\n        \"RedisTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n            \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"SQLManagedInstanceTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLManagedInstanceMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n            \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n          }\n        },\n        \"SQLManagedInstanceTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"SQLServerTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLServerminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n            \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n          }\n        },\n        \"SQLServerTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"StorageDeployHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"StorageminimumTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_1\",\n            \"TLS1_0\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Storage Account select minimum TLS version\",\n            \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n          }\n        },\n        \"StorageHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"ContainerAppsHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n            \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Deny\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n            },\n            \"minTlsVersion\": {\n              \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }",
-    "$fxv#40": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"2.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDatabricksPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDatabricksPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureHDInsightPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureHDInsightPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMigratePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMigratePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueuePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueuePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueueSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueueSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesKeyPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesKeyPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesLivePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesLivePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesStreamPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesStreamPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBotServicePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBotServicePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureManagedGrafanaWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureManagedGrafanaWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotDeviceupdatePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotDeviceupdatePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcGuestconfigurationPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcGuestconfigurationPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcHybridResourceProviderPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcHybridResourceProviderPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcKubernetesConfigurationPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcKubernetesConfigurationPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotCentralPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotCentralPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Databricks-UI-Api\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDatabricksPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"databricks_ui_api\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Databricks-Browser-AuthN\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDatabricksPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"browser_authentication\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Migrate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7590a335-57cf-4c95-babd-ecbc8fafeb1f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMigratePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Key\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesKeyPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"keydelivery\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Live\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesLivePrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"liveevent\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Stream\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesStreamPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"streamingendpoint\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Web\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-BotService\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a4e6f44-f2af-4082-9702-033c9e88b9f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBotServicePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ManagedGrafanaWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4c8537f8-cd1b-49ec-b704-18e82a42fd58\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureManagedGrafanaWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTDeviceupdate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a222b93a-e6c2-4c01-817f-21e092455b2a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotDeviceupdatePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Arc\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55c4db33-97b0-437b-8469-c4f4498f5df9\",\n        \"parameters\":{\n          \"privateDnsZoneIDForGuestConfiguration\": {\n            \"value\": \"[[parameters('azureArcGuestconfigurationPrivateDnsZoneId')]\"\n          },\n          \"privateDnsZoneIDForHybridResourceProvider\": {\n            \"value\": \"[[parameters('azureArcHybridResourceProviderPrivateDnsZoneId')]\"\n          },\n          \"privateDnsZoneIDForKubernetesConfiguration\": {\n            \"value\": \"[[parameters('azureArcKubernetesConfigurationPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTCentral\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d627d7c6-ded5-481a-8f2e-7e16b1e6faf6\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotCentralPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#41": "{\n    \"name\": \"Enforce-Encryption-CMK\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n        \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n        \"metadata\": {\n            \"version\": \"3.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"ACRCmkEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"AksCmkEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n                    \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"WorkspaceCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n                    \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n                }\n            },\n            \"CognitiveServicesCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n                    \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n                }\n            },\n            \"CosmosCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n                }\n            },\n            \"DataBoxCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n                    \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n                }\n            },\n            \"StreamAnalyticsCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n                    \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n                }\n            },\n            \"SynapseWorkspaceCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n                }\n            },\n            \"StorageCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n                    \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n                }\n            },\n            \"MySQLCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n                }\n            },\n            \"PostgreSQLCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n                }\n            },\n            \"SqlServerTDECMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n                }\n            },\n            \"HealthcareAPIsCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"audit\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure API for FHIR should use a customer-managed key (CMK) to encrypt data at rest\",\n                    \"description\": \"Use a customer-managed key to control the encryption at rest of the data stored in Azure API for FHIR when this is a regulatory or compliance requirement. Customer-managed keys also deliver double encryption by adding a second layer of encryption on top of the default one done with service-managed keys.\"\n                }\n            },\n            \"AzureBatchCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n                    \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n                }\n            },\n            \"EncryptedVMDisksEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Disk encryption should be applied on virtual machines\",\n                    \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n                }\n            },\n            \"AutomationAccountCmkEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"BackupCmkEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveSearchCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"osAndDataDiskCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerInstanceCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubPremiumCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDenyCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedCmk\": {\n              \"type\": \"string\",\n              \"defaultValue\": \"Deny\",\n              \"allowedValues\": [\n                  \"Audit\",\n                  \"Deny\",\n                  \"Disabled\"\n              ]\n            },\n            \"storageTableCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsEncryptionCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageQueueCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ACRCmkEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AksCmkEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CosmosCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"HealthcareAPIsCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('HealthcareAPIsCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56a5ee18-2ae6-4810-86f7-18e39ce5629b\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AutomationAccountCmkEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2e94d99a-8a36-4563-bc77-810d8893b671\",\n                \"policyDefinitionReferenceId\": \"Deny-Backup-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BackupCmkEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/76a56461-9dc0-40f0-82f5-2453283afa2f\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/702dd420-7fcc-42c5-afe8-4026edd20fe0\",\n                \"policyDefinitionReferenceId\": \"Deny-OsAndDataDisk-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('osAndDataDiskCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0aa61e00-0a01-4a3c-9945-e93cffedf0e6\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerInstance-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerInstanceCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/81e74cea-30fd-40d5-802f-d72103c2aaaa\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec52d6d-beb7-40c4-9a9e-fe753254690e\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1ad735a-e96f-45d2-a7b2-9a4932cab7ec\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-Premium-CMK\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Premium-CMK\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubPremiumCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/295fc8b1-dc9f-4f53-9c61-3f313ceab40a\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDenyCmk')]\"\n                    }\n                }\n            },\n            {\n              \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac01ad65-10e5-46df-bdd9-6b0cad13e1d2\",\n              \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Cmk\",\n              \"groupNames\": [],\n              \"parameters\": {\n                  \"effect\": {\n                      \"value\": \"[[parameters('sqlManagedCmk')]\"\n                  }\n              }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c322315-e26d-4174-a99e-f49d351b4688\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Table-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageTableCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5ec538c-daa0-4006-8596-35468b9148e8\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Encryption-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsEncryptionCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e5abd0-2554-4736-b7c0-4ffef23475ef\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Queue-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageQueueCmk')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#42": "{\n    \"name\": \"Enforce-ACSB\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce Azure Compute Security Benchmark compliance auditing\",\n        \"description\": \"Enforce Azure Compute Security Benchmark compliance auditing for Windows and Linux virtual machines.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Guest Configuration\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"includeArcMachines\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"true\",\n                    \"false\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Include Arc connected servers\",\n                    \"description\": \"By selecting this option, you agree to be charged monthly per Arc connected machine.\"\n                },\n                \"defaultValue\": \"true\"\n            },\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"AuditIfNotExists\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"GcIdentity\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"GcLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"GcWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WinAcsb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/72650e9f-97bc-4b2a-ab5f-9781a9fcecbc\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"IncludeArcMachines\": {\n                        \"value\": \"[[parameters('includeArcMachines')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"LinAcsb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"IncludeArcMachines\": {\n                        \"value\": \"[[parameters('includeArcMachines')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#43": "{\n  \"name\": \"Deploy-MDFC-DefenderSQL-AMA\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Configure SQL VM and Arc-enabled SQL Servers to install Microsoft Defender for SQL and AMA with a user-defined LAW\",\n    \"description\": \"Initiative is deprecated as the built-in initiative now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/de01d381-bae9-4670-8870-786f89f49e26.html\",\n    \"metadata\": {\n      \"version\": \"1.0.1-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"de01d381-bae9-4670-8870-786f89f49e26\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      },\n      \"userWorkspaceResourceId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace Resource Id\",\n          \"description\": \"Workspace resource Id of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n        \"type\": \"Boolean\",\n        \"metadata\": {\n          \"displayName\": \"Enable collection of SQL queries for security research\",\n          \"description\": \"Enable or disable the collection of SQL queries for security research.\"\n        },\n        \"allowedValues\": [\n          true,\n          false\n        ],\n        \"defaultValue\": false\n      },\n      \"identityResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Identity Resource Group\",\n          \"description\": \"The name of the resource group created by the policy.\"\n        },\n        \"defaultValue\": \"\"\n      },\n      \"userAssignedIdentityName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"User Assigned Managed Identity Name\",\n          \"description\": \"The name of the user assigned managed identity.\"\n        },\n        \"defaultValue\": \"\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcAma\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3592ff98-9787-443a-af59-4505d0fe0786\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcMdsql\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65503269-6a54-4553-8a28-0065a8e6d929\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcMdsqlDcr\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-Arc-Sql-DefenderSQL-DCR\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"userWorkspaceResourceId\": {\n            \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n            \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcDcrAssociation\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-Arc-SQL-DCR-Association\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlAma\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-AMA\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"identityResourceGroup\": {\n            \"value\": \"[[parameters('identityResourceGroup')]\"\n          },\n          \"userAssignedIdentityName\": {\n            \"value\": \"[[parameters('userAssignedIdentityName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlMdsql\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-DefenderSQL\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlMdsqlDcr\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-DefenderSQL-DCR\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"Disabled\"\n          },\n          \"userWorkspaceResourceId\": {\n            \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n            \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
-    "$fxv#44": "{\n    \"name\": \"Enforce-Backup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce enhanced recovery and backup policies\",\n        \"description\": \"Enforce enhanced recovery and backup policies on assigned scopes.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Backup\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"version\": \"1.0.0\",\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"checkLockedImmutabilityOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"checkLockedImmutabilityOnly\",\n                    \"description\": \"This parameter checks if Immutability is locked for Backup Vaults in scope. Selecting 'true' will mark only vaults with Immutability 'Locked' as compliant. Selecting 'false' will mark vaults that have Immutability either 'Enabled' or 'Locked' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            },\n            \"checkAlwaysOnSoftDeleteOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"CheckAlwaysOnSoftDeleteOnly\",\n                    \"description\": \"This parameter checks if Soft Delete is 'Locked' for Backup Vaults in scope. Selecting 'true' will mark only vaults with Soft Delete 'AlwaysOn' as compliant. Selecting 'false' will mark vaults that have Soft Delete either 'On' or 'AlwaysOn' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2514263b-bc0d-4b06-ac3e-f262c0979018\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabiltyOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6f6f560-14b7-49a4-9fc8-d2c3a9807868\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabilityOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-SoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9798d31d-6028-4dee-8643-46102185c016\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkAlwaysOnSoftDeleteOnly\": {\n                        \"value\": \"[[parameters('checkAlwaysOnSoftDeleteOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-SoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/31b8092a-36b8-434b-9af7-5ec844364148\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkAlwaysOnSoftDeleteOnly\": {\n                        \"value\": \"[[parameters('checkAlwaysOnSoftDeleteOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-MUA\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c58e083e-7982-4e24-afdc-be14d312389e\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-MUA\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c7031eab-0fc0-4cd9-acd0-4497bd66d91a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#40": "{\n    \"name\": \"Enforce-Encryption-CMK\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n        \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n        \"metadata\": {\n            \"version\": \"3.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"ACRCmkEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"AksCmkEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n                    \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"WorkspaceCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n                    \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n                }\n            },\n            \"CognitiveServicesCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n                    \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n                }\n            },\n            \"CosmosCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n                }\n            },\n            \"DataBoxCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n                    \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n                }\n            },\n            \"StreamAnalyticsCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n                    \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n                }\n            },\n            \"SynapseWorkspaceCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n                }\n            },\n            \"StorageCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n                    \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n                }\n            },\n            \"MySQLCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n                }\n            },\n            \"PostgreSQLCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n                }\n            },\n            \"SqlServerTDECMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n                }\n            },\n            \"HealthcareAPIsCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"audit\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure API for FHIR should use a customer-managed key (CMK) to encrypt data at rest\",\n                    \"description\": \"Use a customer-managed key to control the encryption at rest of the data stored in Azure API for FHIR when this is a regulatory or compliance requirement. Customer-managed keys also deliver double encryption by adding a second layer of encryption on top of the default one done with service-managed keys.\"\n                }\n            },\n            \"AzureBatchCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n                    \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n                }\n            },\n            \"EncryptedVMDisksEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Disk encryption should be applied on virtual machines\",\n                    \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n                }\n            },\n            \"AutomationAccountCmkEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"BackupCmkEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveSearchCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"osAndDataDiskCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerInstanceCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubPremiumCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDenyCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedCmk\": {\n              \"type\": \"string\",\n              \"defaultValue\": \"Deny\",\n              \"allowedValues\": [\n                  \"Audit\",\n                  \"Deny\",\n                  \"Disabled\"\n              ]\n            },\n            \"storageTableCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsEncryptionCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageQueueCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ACRCmkEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AksCmkEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CosmosCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"HealthcareAPIsCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('HealthcareAPIsCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56a5ee18-2ae6-4810-86f7-18e39ce5629b\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AutomationAccountCmkEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2e94d99a-8a36-4563-bc77-810d8893b671\",\n                \"policyDefinitionReferenceId\": \"Deny-Backup-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BackupCmkEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/76a56461-9dc0-40f0-82f5-2453283afa2f\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/702dd420-7fcc-42c5-afe8-4026edd20fe0\",\n                \"policyDefinitionReferenceId\": \"Deny-OsAndDataDisk-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('osAndDataDiskCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0aa61e00-0a01-4a3c-9945-e93cffedf0e6\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerInstance-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerInstanceCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/81e74cea-30fd-40d5-802f-d72103c2aaaa\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec52d6d-beb7-40c4-9a9e-fe753254690e\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1ad735a-e96f-45d2-a7b2-9a4932cab7ec\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-Premium-CMK\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Premium-CMK\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubPremiumCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/295fc8b1-dc9f-4f53-9c61-3f313ceab40a\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDenyCmk')]\"\n                    }\n                }\n            },\n            {\n              \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac01ad65-10e5-46df-bdd9-6b0cad13e1d2\",\n              \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Cmk\",\n              \"groupNames\": [],\n              \"parameters\": {\n                  \"effect\": {\n                      \"value\": \"[[parameters('sqlManagedCmk')]\"\n                  }\n              }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c322315-e26d-4174-a99e-f49d351b4688\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Table-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageTableCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5ec538c-daa0-4006-8596-35468b9148e8\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Encryption-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsEncryptionCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e5abd0-2554-4736-b7c0-4ffef23475ef\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Queue-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageQueueCmk')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#41": "{\n    \"name\": \"Enforce-ACSB\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce Azure Compute Security Benchmark compliance auditing\",\n        \"description\": \"Enforce Azure Compute Security Benchmark compliance auditing for Windows and Linux virtual machines.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Guest Configuration\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"includeArcMachines\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"true\",\n                    \"false\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Include Arc connected servers\",\n                    \"description\": \"By selecting this option, you agree to be charged monthly per Arc connected machine.\"\n                },\n                \"defaultValue\": \"true\"\n            },\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"AuditIfNotExists\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"GcIdentity\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"GcLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"GcWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WinAcsb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/72650e9f-97bc-4b2a-ab5f-9781a9fcecbc\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"IncludeArcMachines\": {\n                        \"value\": \"[[parameters('includeArcMachines')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"LinAcsb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"IncludeArcMachines\": {\n                        \"value\": \"[[parameters('includeArcMachines')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#42": "{\n  \"name\": \"Deploy-MDFC-DefenderSQL-AMA\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Configure SQL VM and Arc-enabled SQL Servers to install Microsoft Defender for SQL and AMA with a user-defined LAW\",\n    \"description\": \"Initiative is deprecated as the built-in initiative now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/de01d381-bae9-4670-8870-786f89f49e26.html\",\n    \"metadata\": {\n      \"version\": \"1.0.1-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"de01d381-bae9-4670-8870-786f89f49e26\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      },\n      \"userWorkspaceResourceId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace Resource Id\",\n          \"description\": \"Workspace resource Id of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n        \"type\": \"Boolean\",\n        \"metadata\": {\n          \"displayName\": \"Enable collection of SQL queries for security research\",\n          \"description\": \"Enable or disable the collection of SQL queries for security research.\"\n        },\n        \"allowedValues\": [\n          true,\n          false\n        ],\n        \"defaultValue\": false\n      },\n      \"identityResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Identity Resource Group\",\n          \"description\": \"The name of the resource group created by the policy.\"\n        },\n        \"defaultValue\": \"\"\n      },\n      \"userAssignedIdentityName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"User Assigned Managed Identity Name\",\n          \"description\": \"The name of the user assigned managed identity.\"\n        },\n        \"defaultValue\": \"\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcAma\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3592ff98-9787-443a-af59-4505d0fe0786\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcMdsql\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65503269-6a54-4553-8a28-0065a8e6d929\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcMdsqlDcr\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-Arc-Sql-DefenderSQL-DCR\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"userWorkspaceResourceId\": {\n            \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n            \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcDcrAssociation\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-Arc-SQL-DCR-Association\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlAma\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-AMA\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"identityResourceGroup\": {\n            \"value\": \"[[parameters('identityResourceGroup')]\"\n          },\n          \"userAssignedIdentityName\": {\n            \"value\": \"[[parameters('userAssignedIdentityName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlMdsql\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-DefenderSQL\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlMdsqlDcr\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-DefenderSQL-DCR\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"Disabled\"\n          },\n          \"userWorkspaceResourceId\": {\n            \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n            \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
+    "$fxv#43": "{\n    \"name\": \"Enforce-Backup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce enhanced recovery and backup policies\",\n        \"description\": \"Enforce enhanced recovery and backup policies on assigned scopes.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Backup\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"version\": \"1.0.0\",\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"checkLockedImmutabilityOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"checkLockedImmutabilityOnly\",\n                    \"description\": \"This parameter checks if Immutability is locked for Backup Vaults in scope. Selecting 'true' will mark only vaults with Immutability 'Locked' as compliant. Selecting 'false' will mark vaults that have Immutability either 'Enabled' or 'Locked' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            },\n            \"checkAlwaysOnSoftDeleteOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"CheckAlwaysOnSoftDeleteOnly\",\n                    \"description\": \"This parameter checks if Soft Delete is 'Locked' for Backup Vaults in scope. Selecting 'true' will mark only vaults with Soft Delete 'AlwaysOn' as compliant. Selecting 'false' will mark vaults that have Soft Delete either 'On' or 'AlwaysOn' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2514263b-bc0d-4b06-ac3e-f262c0979018\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabiltyOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6f6f560-14b7-49a4-9fc8-d2c3a9807868\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabilityOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-SoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9798d31d-6028-4dee-8643-46102185c016\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkAlwaysOnSoftDeleteOnly\": {\n                        \"value\": \"[[parameters('checkAlwaysOnSoftDeleteOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-SoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/31b8092a-36b8-434b-9af7-5ec844364148\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkAlwaysOnSoftDeleteOnly\": {\n                        \"value\": \"[[parameters('checkAlwaysOnSoftDeleteOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-MUA\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c58e083e-7982-4e24-afdc-be14d312389e\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-MUA\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c7031eab-0fc0-4cd9-acd0-4497bd66d91a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#44": "{\n    \"name\": \"Enforce-ALZ-Decomm\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"Enforce policies in the Decommissioned Landing Zone\",\n      \"description\": \"Enforce policies in the Decommissioned Landing Zone.\",\n      \"metadata\": {\n        \"version\": \"1.0.0\",\n        \"category\": \"Decommissioned\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"alzCloudEnvironments\": [ \n          \"AzureCloud\"\n        ]\n      },\n      \"parameters\": {\n        \"listOfResourceTypesAllowed\":{\n          \"type\": \"Array\",\n          \"defaultValue\": [],\n          \"metadata\": {\n            \"displayName\": \"Allowed resource types in the Decommissioned landing zone\",\n            \"description\": \"Allowed resource types in the Decommissioned landing zone, default is none.\",\n            \"strongType\": \"resourceTypes\"\n          }\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"DecomDenyResources\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\n          \"parameters\": {\n            \"listOfResourceTypesAllowed\": {\n              \"value\": \"[[parameters('listOfResourceTypesAllowed')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n            \"policyDefinitionReferenceId\": \"DecomShutdownMachines\",\n            \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown\",\n            \"parameters\": {},\n            \"groupNames\": []\n          }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }\n  ",
     "$fxv#45": "{\n  \"name\": \"Deny-PublicPaaSEndpoints\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that  Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registires with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-KeyVaultPaasPublicIP\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AFSPaasPublicIP\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#46": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
     "$fxv#47": "{\n  \"name\": \"Deploy-MDFC-Config\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#48": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"Deploy-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Azure-File-Sync\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"Deploy-Private-DNS-Azure-Web\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Azure-Web\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"Deploy-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Azure-KeyVault\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#48": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotDeviceupdatePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotDeviceupdatePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Web\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTDeviceupdate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a222b93a-e6c2-4c01-817f-21e092455b2a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotDeviceupdatePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#49": "{\n  \"name\": \"Enforce-Encryption-CMK\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"MySQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"PostgreSQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#5": "{\n    \"name\": \"Enforce-EncryptTransit_20240509\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"ContainerAppsHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n                    \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
     "$fxv#50": "{\n  \"name\": \"Deny-PublicPaaSEndpoints\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that  Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registires with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicEndpoint-MariaDB\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
@@ -127,10 +127,10 @@
     "$fxv#52": "{\n  \"name\": \"Deploy-MDFC-Config\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForDns\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForArm\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForStorage\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForStorageAccounts\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c30959-af11-47b3-9ed2-a26e03f427a3\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForStorage')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForDns\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForDns')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForArm\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForArm')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#53": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
     "$fxv#54": "{\n  \"name\": \"Enforce-Encryption-CMK\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#6": "{\n    \"name\": \"Enforce-ALZ-Decomm\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"Enforce policies in the Decommissioned Landing Zone\",\n      \"description\": \"Enforce policies in the Decommissioned Landing Zone.\",\n      \"metadata\": {\n        \"version\": \"1.0.0\",\n        \"category\": \"Decommissioned\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"alzCloudEnvironments\": [ \n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n        ]\n      },\n      \"parameters\": {\n        \"listOfResourceTypesAllowed\":{\n          \"type\": \"Array\",\n          \"defaultValue\": [],\n          \"metadata\": {\n            \"displayName\": \"Allowed resource types in the Decommissioned landing zone\",\n            \"description\": \"Allowed resource types in the Decommissioned landing zone, default is none.\",\n            \"strongType\": \"resourceTypes\"\n          }\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"DecomDenyResources\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\n          \"parameters\": {\n            \"listOfResourceTypesAllowed\": {\n              \"value\": \"[[parameters('listOfResourceTypesAllowed')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n            \"policyDefinitionReferenceId\": \"DecomShutdownMachines\",\n            \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown\",\n            \"parameters\": {},\n            \"groupNames\": []\n          }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }\n  ",
-    "$fxv#7": "{\n    \"name\": \"Enforce-ALZ-Sandbox\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce policies in the Sandbox Landing Zone\",\n        \"description\": \"Enforce policies in the Sandbox Landing Zone.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Sandbox\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"listOfResourceTypesNotAllowed\": {\n                \"type\": \"Array\",\n                \"defaultValue\": [],\n                \"metadata\": {\n                    \"displayName\": \"Not allowed resource types in the Sandbox landing zone\",\n                    \"description\": \"Not allowed resource types in the Sandbox landing zone, default is none.\",\n                    \"strongType\": \"resourceTypes\"\n                }\n            },\n            \"effectNotAllowedResources\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectDenyVnetPeering\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"SandboxNotAllowed\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectNotAllowedResources')]\"\n                      },\n                    \"listOfResourceTypesNotAllowed\": {\n                        \"value\": \"[[parameters('listOfResourceTypesNotAllowed')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SandboxDenyVnetPeering\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peer-Cross-Sub\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectDenyVnetPeering')]\"\n                      }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#8": "{\n    \"name\": \"DenyAction-DeleteProtection\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"DenyAction Delete - Activity Log Settings and Diagnostic Settings\",\n        \"description\": \"Enforces DenyAction - Delete on Activity Log Settings and Diagnostic Settings.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Monitoring\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {},\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-DiagnosticSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-ActivityLogSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#9": "{\n    \"name\": \"Deploy-AUM-CheckUpdates\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Configure periodic checking for missing system updates on azure virtual machines and Arc-enabled virtual machines\",\n        \"description\": \"Configure auto-assessment (every 24 hours) for OS updates. You can control the scope of assignment according to machine subscription, resource group, location or tag. Learn more about this for Windows: https://aka.ms/computevm-windowspatchassessmentmode, for Linux: https://aka.ms/computevm-linuxpatchassessmentmode.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"assessmentMode\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Assessment mode\",\n                    \"description\": \"Assessment mode for the machines.\"\n                },\n                \"allowedValues\": [\n                    \"ImageDefault\",\n                    \"AutomaticByPlatform\"\n                ],\n                \"defaultValue\": \"AutomaticByPlatform\"\n            },\n            \"locations\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Machines locations\",\n                    \"description\": \"The list of locations from which machines need to be targeted.\",\n                    \"strongType\": \"location\"\n                },\n                \"defaultValue\": []\n            },\n            \"tagValues\": {\n                \"type\": \"Object\",\n                \"metadata\": {\n                    \"displayName\": \"Tags on machines\",\n                    \"description\": \"The list of tags that need to matched for getting target machines.\"\n                },\n                \"defaultValue\": {}\n            },\n            \"tagOperator\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Tag operator\",\n                    \"description\": \"Matching condition for resource tags\"\n                },\n                \"allowedValues\": [\n                    \"All\",\n                    \"Any\"\n                ],\n                \"defaultValue\": \"Any\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmCheckUpdateWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Windows\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmCheckUpdateLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Linux\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmArcCheckUpdateWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfea026e-043f-4ff4-9d1b-bf301ca7ff46\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Windows\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmArcCheckUpdateLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfea026e-043f-4ff4-9d1b-bf301ca7ff46\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Linux\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#6": "{\n    \"name\": \"Enforce-ALZ-Sandbox\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce policies in the Sandbox Landing Zone\",\n        \"description\": \"Enforce policies in the Sandbox Landing Zone.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Sandbox\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"listOfResourceTypesNotAllowed\": {\n                \"type\": \"Array\",\n                \"defaultValue\": [],\n                \"metadata\": {\n                    \"displayName\": \"Not allowed resource types in the Sandbox landing zone\",\n                    \"description\": \"Not allowed resource types in the Sandbox landing zone, default is none.\",\n                    \"strongType\": \"resourceTypes\"\n                }\n            },\n            \"effectNotAllowedResources\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectDenyVnetPeering\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"SandboxNotAllowed\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectNotAllowedResources')]\"\n                      },\n                    \"listOfResourceTypesNotAllowed\": {\n                        \"value\": \"[[parameters('listOfResourceTypesNotAllowed')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SandboxDenyVnetPeering\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peer-Cross-Sub\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectDenyVnetPeering')]\"\n                      }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#7": "{\n    \"name\": \"DenyAction-DeleteProtection\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"DenyAction Delete - Activity Log Settings and Diagnostic Settings\",\n        \"description\": \"Enforces DenyAction - Delete on Activity Log Settings and Diagnostic Settings.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Monitoring\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {},\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-DiagnosticSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-ActivityLogSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#8": "{\n    \"name\": \"Deploy-AUM-CheckUpdates\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Configure periodic checking for missing system updates on azure virtual machines and Arc-enabled virtual machines\",\n        \"description\": \"Configure auto-assessment (every 24 hours) for OS updates. You can control the scope of assignment according to machine subscription, resource group, location or tag. Learn more about this for Windows: https://aka.ms/computevm-windowspatchassessmentmode, for Linux: https://aka.ms/computevm-linuxpatchassessmentmode.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"assessmentMode\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Assessment mode\",\n                    \"description\": \"Assessment mode for the machines.\"\n                },\n                \"allowedValues\": [\n                    \"ImageDefault\",\n                    \"AutomaticByPlatform\"\n                ],\n                \"defaultValue\": \"AutomaticByPlatform\"\n            },\n            \"locations\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Machines locations\",\n                    \"description\": \"The list of locations from which machines need to be targeted.\",\n                    \"strongType\": \"location\"\n                },\n                \"defaultValue\": []\n            },\n            \"tagValues\": {\n                \"type\": \"Object\",\n                \"metadata\": {\n                    \"displayName\": \"Tags on machines\",\n                    \"description\": \"The list of tags that need to matched for getting target machines.\"\n                },\n                \"defaultValue\": {}\n            },\n            \"tagOperator\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Tag operator\",\n                    \"description\": \"Matching condition for resource tags\"\n                },\n                \"allowedValues\": [\n                    \"All\",\n                    \"Any\"\n                ],\n                \"defaultValue\": \"Any\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmCheckUpdateWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Windows\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmCheckUpdateLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Linux\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmArcCheckUpdateWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfea026e-043f-4ff4-9d1b-bf301ca7ff46\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Windows\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmArcCheckUpdateLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfea026e-043f-4ff4-9d1b-bf301ca7ff46\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Linux\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#9": "{\n    \"name\": \"Enforce-Guardrails-KeyVault\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultManagedHsmCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsPurgeProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86810a98-8e91-4a44-8386-ec66d0de5d57\",\n                \"policyDefinitionReferenceId\": \"Deny-keyVaultManagedHsm-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PurgeProtection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsPurgeProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "cloudEnv": "[environment().name]",
     "defaultDeploymentLocationByCloudType": {
       "AzureCloud": "northeurope",
@@ -178,10 +178,10 @@
         "[variables('$fxv#31')]",
         "[variables('$fxv#32')]",
         "[variables('$fxv#33')]",
-        "[variables('$fxv#34')]",
-        "[variables('$fxv#35')]"
+        "[variables('$fxv#34')]"
       ],
       "AzureCloud": [
+        "[variables('$fxv#35')]",
         "[variables('$fxv#36')]",
         "[variables('$fxv#37')]",
         "[variables('$fxv#38')]",
diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/policies.json b/eslzArm/managementGroupTemplates/policyDefinitions/policies.json
index 2edbae4ca7..7a59b8f429 100644
--- a/eslzArm/managementGroupTemplates/policyDefinitions/policies.json
+++ b/eslzArm/managementGroupTemplates/policyDefinitions/policies.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.28.1.47646",
-      "templateHash": "1159734146410583397"
+      "version": "0.22.6.54827",
+      "templateHash": "502091197892104134"
     }
   },
   "parameters": {
@@ -84,64 +84,64 @@
     "$fxv#102": "{\n  \"name\": \"Deploy-SqlMi-minTLS\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"SQL managed instances deploy a specific min TLS version requirement.\",\n    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL managed instances. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\n    \"metadata\": {\n      \"version\": \"1.2.0\",\n      \"category\": \"SQL\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect SQL servers\",\n          \"description\": \"Enable or disable the execution of the policy minimum TLS version SQL servers\"\n        }\n      },\n      \"minimalTlsVersion\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"1.2\",\n        \"allowedValues\": [\n          \"1.2\",\n          \"1.1\",\n          \"1.0\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Select version for SQL server\",\n          \"description\": \"Select version minimum TLS version SQL servers to enforce\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Sql/managedInstances\"\n          },\n          {\n            \"field\": \"Microsoft.Sql/managedInstances/minimalTlsVersion\",\n            \"notequals\": \"[[parameters('minimalTlsVersion')]\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Sql/managedInstances\",\n          \"evaluationDelay\": \"AfterProvisioningSuccess\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Sql/managedInstances/minimalTlsVersion\",\n                \"equals\": \"[[parameters('minimalTlsVersion')]\"\n              }\n            ]\n          },\n          \"name\": \"current\",\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d\"\n          ],\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"template\": {\n                \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"resourceName\": {\n                    \"type\": \"String\"\n                  },\n                  \"minimalTlsVersion\": {\n                    \"type\": \"String\"\n                  },\n                  \"location\": {\n                    \"type\": \"String\"\n                  }\n                },\n                \"variables\": {},\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.Sql/managedInstances\",\n                    \"apiVersion\": \"2020-02-02-preview\",\n                    \"name\": \"[[concat(parameters('resourceName'))]\",\n                    \"location\": \"[[parameters('location')]\",\n                    \"properties\": {\n                      \"minimalTlsVersion\": \"[[parameters('minimalTlsVersion')]\"\n                    }\n                  }\n                ],\n                \"outputs\": {}\n              },\n              \"parameters\": {\n                \"resourceName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"minimalTlsVersion\": {\n                  \"value\": \"[[parameters('minimalTlsVersion')]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
     "$fxv#103": "{\n  \"name\": \"Deploy-Storage-sslEnforcement\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Azure Storage deploy a specific min TLS version requirement and enforce SSL/HTTPS \",\n    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Storage. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your Azure Storage.\",\n    \"metadata\": {\n      \"version\": \"1.2.0\",\n      \"category\": \"Storage\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect Azure Storage\",\n          \"description\": \"Enable or disable the execution of the policy minimum TLS version Azure STorage\"\n        }\n      },\n      \"minimumTlsVersion\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"TLS1_2\",\n        \"allowedValues\": [\n          \"TLS1_2\",\n          \"TLS1_1\",\n          \"TLS1_0\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Select TLS version for Azure Storage server\",\n          \"description\": \"Select version minimum TLS version Azure STorage to enforce\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Storage/storageAccounts\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\n                \"notEquals\": \"true\"\n              },\n              {\n                \"field\": \"Microsoft.Storage/storageAccounts/minimumTlsVersion\",\n                \"notEquals\": \"[[parameters('minimumTlsVersion')]\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Storage/storageAccounts\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\n                \"equals\": \"true\"\n              },\n              {\n                \"field\": \"Microsoft.Storage/storageAccounts/minimumTlsVersion\",\n                \"equals\": \"[[parameters('minimumTlsVersion')]\"\n              }\n            ]\n          },\n          \"name\": \"current\",\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\n          ],\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"template\": {\n                \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"resourceName\": {\n                    \"type\": \"String\"\n                  },\n                  \"minimumTlsVersion\": {\n                    \"type\": \"String\"\n                  },\n                  \"location\": {\n                    \"type\": \"String\"\n                  }\n                },\n                \"variables\": {},\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.Storage/storageAccounts\",\n                    \"apiVersion\": \"2019-06-01\",\n                    \"name\": \"[[concat(parameters('resourceName'))]\",\n                    \"location\": \"[[parameters('location')]\",\n                    \"properties\": {\n                      \"supportsHttpsTrafficOnly\": true,\n                      \"minimumTlsVersion\": \"[[parameters('minimumTlsVersion')]\"\n                    }\n                  }\n                ],\n                \"outputs\": {}\n              },\n              \"parameters\": {\n                \"resourceName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"minimumTlsVersion\": {\n                  \"value\": \"[[parameters('minimumTlsVersion')]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
     "$fxv#104": "{\n  \"name\": \"Deploy-VNET-HubSpoke\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"All\",\n    \"displayName\": \"Deploy Virtual Network with peering to the hub\",\n    \"description\": \"This policy deploys virtual network and peer to the hub\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"vNetName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"vNetName\",\n          \"description\": \"Name of the landing zone vNet\"\n        }\n      },\n      \"vNetRgName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"vNetRgName\",\n          \"description\": \"Name of the landing zone vNet RG\"\n        }\n      },\n      \"vNetLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"vNetLocation\",\n          \"description\": \"Location for the vNet\"\n        }\n      },\n      \"vNetCidrRange\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"vNetCidrRange\",\n          \"description\": \"CIDR Range for the vNet\"\n        }\n      },\n      \"hubResourceId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"hubResourceId\",\n          \"description\": \"Resource ID for the HUB vNet\"\n        }\n      },\n      \"dnsServers\": {\n        \"type\": \"Array\",\n        \"metadata\": {\n          \"displayName\": \"DNSServers\",\n          \"description\": \"Default domain servers for the vNET.\"\n        },\n        \"defaultValue\": []\n      },\n      \"vNetPeerUseRemoteGateway\": {\n        \"type\": \"Boolean\",\n        \"metadata\": {\n          \"displayName\": \"vNetPeerUseRemoteGateway\",\n          \"description\": \"Enable gateway transit for the LZ network\"\n        },\n        \"defaultValue\": false\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Resources/subscriptions\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"deployIfNotExists\",\n        \"details\": {\n          \"type\": \"Microsoft.Network/virtualNetworks\",\n          \"name\": \"[[parameters('vNetName')]\",\n          \"deploymentScope\": \"subscription\",\n          \"existenceScope\": \"resourceGroup\",\n          \"ResourceGroupName\": \"[[parameters('vNetRgName')]\",\n          \"roleDefinitionIds\": [\n            \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n          ],\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"name\",\n                \"like\": \"[[parameters('vNetName')]\"\n              },\n              {\n                \"field\": \"location\",\n                \"equals\": \"[[parameters('vNetLocation')]\"\n              }\n            ]\n          },\n          \"deployment\": {\n            \"location\": \"northeurope\",\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"parameters\": {\n                \"vNetRgName\": {\n                  \"value\": \"[[parameters('vNetRgName')]\"\n                },\n                \"vNetName\": {\n                  \"value\": \"[[parameters('vNetName')]\"\n                },\n                \"vNetLocation\": {\n                  \"value\": \"[[parameters('vNetLocation')]\"\n                },\n                \"vNetCidrRange\": {\n                  \"value\": \"[[parameters('vNetCidrRange')]\"\n                },\n                \"hubResourceId\": {\n                  \"value\": \"[[parameters('hubResourceId')]\"\n                },\n                \"dnsServers\": {\n                  \"value\": \"[[parameters('dnsServers')]\"\n                },\n                \"vNetPeerUseRemoteGateway\": {\n                  \"value\": \"[[parameters('vNetPeerUseRemoteGateway')]\"\n                }\n              },\n              \"template\": {\n                \"$schema\": \"http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"vNetRgName\": {\n                    \"type\": \"String\"\n                  },\n                  \"vNetName\": {\n                    \"type\": \"String\"\n                  },\n                  \"vNetLocation\": {\n                    \"type\": \"String\"\n                  },\n                  \"vNetCidrRange\": {\n                    \"type\": \"String\"\n                  },\n                  \"vNetPeerUseRemoteGateway\": {\n                    \"type\": \"bool\",\n                    \"defaultValue\": false\n                  },\n                  \"hubResourceId\": {\n                    \"type\": \"String\"\n                  },\n                  \"dnsServers\": {\n                    \"type\": \"Array\",\n                    \"defaultValue\": []\n                  }\n                },\n                \"variables\": {},\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"apiVersion\": \"2021-04-01\",\n                    \"name\": \"[[concat('alz-vnet-rg-', parameters('vNetLocation'), '-', substring(uniqueString(subscription().id),0,6))]\",\n                    \"location\": \"[[parameters('vNetLocation')]\",\n                    \"dependsOn\": [],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {},\n                        \"variables\": {},\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.Resources/resourceGroups\",\n                            \"apiVersion\": \"2021-04-01\",\n                            \"name\": \"[[parameters('vNetRgName')]\",\n                            \"location\": \"[[parameters('vNetLocation')]\",\n                            \"properties\": {}\n                          }\n                        ],\n                        \"outputs\": {}\n                      }\n                    }\n                  },\n                  {\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"apiVersion\": \"2021-04-01\",\n                    \"name\": \"[[concat('alz-vnet-', parameters('vNetLocation'), '-', substring(uniqueString(subscription().id),0,6))]\",\n                    \"dependsOn\": [\n                      \"[[concat('alz-vnet-rg-', parameters('vNetLocation'), '-', substring(uniqueString(subscription().id),0,6))]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {},\n                        \"variables\": {},\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.Network/virtualNetworks\",\n                            \"apiVersion\": \"2021-02-01\",\n                            \"name\": \"[[parameters('vNetName')]\",\n                            \"location\": \"[[parameters('vNetLocation')]\",\n                            \"dependsOn\": [],\n                            \"properties\": {\n                              \"addressSpace\": {\n                                \"addressPrefixes\": [\n                                  \"[[parameters('vNetCidrRange')]\"\n                                ]\n                              },\n                              \"dhcpOptions\": {\n                                \"dnsServers\": \"[[parameters('dnsServers')]\"\n                              }\n                            }\n                          },\n                          {\n                            \"type\": \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\",\n                            \"apiVersion\": \"2021-02-01\",\n                            \"name\": \"[[concat(parameters('vNetName'), '/peerToHub')]\",\n                            \"dependsOn\": [\n                              \"[[parameters('vNetName')]\"\n                            ],\n                            \"properties\": {\n                              \"remoteVirtualNetwork\": {\n                                \"id\": \"[[parameters('hubResourceId')]\"\n                              },\n                              \"allowVirtualNetworkAccess\": true,\n                              \"allowForwardedTraffic\": true,\n                              \"allowGatewayTransit\": false,\n                              \"useRemoteGateways\": \"[[parameters('vNetPeerUseRemoteGateway')]\"\n                            }\n                          },\n                          {\n                            \"type\": \"Microsoft.Resources/deployments\",\n                            \"apiVersion\": \"2021-04-01\",\n                            \"name\": \"[[concat('alz-hub-peering-', parameters('vNetLocation'), '-', substring(uniqueString(subscription().id),0,6))]\",\n                            \"subscriptionId\": \"[[split(parameters('hubResourceId'),'/')[2]]\",\n                            \"resourceGroup\": \"[[split(parameters('hubResourceId'),'/')[4]]\",\n                            \"dependsOn\": [\n                              \"[[parameters('vNetName')]\"\n                            ],\n                            \"properties\": {\n                              \"mode\": \"Incremental\",\n                              \"expressionEvaluationOptions\": {\n                                \"scope\": \"inner\"\n                              },\n                              \"template\": {\n                                \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                                \"contentVersion\": \"1.0.0.0\",\n                                \"parameters\": {\n                                  \"remoteVirtualNetwork\": {\n                                    \"type\": \"String\",\n                                    \"defaultValue\": false\n                                  },\n                                  \"hubName\": {\n                                    \"type\": \"String\",\n                                    \"defaultValue\": false\n                                  }\n                                },\n                                \"variables\": {},\n                                \"resources\": [\n                                  {\n                                    \"type\": \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\",\n                                    \"name\": \"[[[concat(parameters('hubName'),'/',last(split(parameters('remoteVirtualNetwork'),'/')))]\",\n                                    \"apiVersion\": \"2021-02-01\",\n                                    \"properties\": {\n                                      \"allowVirtualNetworkAccess\": true,\n                                      \"allowForwardedTraffic\": true,\n                                      \"allowGatewayTransit\": true,\n                                      \"useRemoteGateways\": false,\n                                      \"remoteVirtualNetwork\": {\n                                        \"id\": \"[[[parameters('remoteVirtualNetwork')]\"\n                                      }\n                                    }\n                                  }\n                                ],\n                                \"outputs\": {}\n                              },\n                              \"parameters\": {\n                                \"remoteVirtualNetwork\": {\n                                  \"value\": \"[[concat(subscription().id,'/resourceGroups/',parameters('vNetRgName'), '/providers/','Microsoft.Network/virtualNetworks/', parameters('vNetName'))]\"\n                                },\n                                \"hubName\": {\n                                  \"value\": \"[[split(parameters('hubResourceId'),'/')[8]]\"\n                                }\n                              }\n                            }\n                          }\n                        ],\n                        \"outputs\": {}\n                      }\n                    },\n                    \"resourceGroup\": \"[[parameters('vNetRgName')]\"\n                  }\n                ],\n                \"outputs\": {}\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
-    "$fxv#105": "{\n    \"name\": \"Deploy-Vm-autoShutdown\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"Indexed\",\n        \"displayName\": \"Deploy Virtual Machine Auto Shutdown Schedule\",\n        \"description\": \"Deploys an auto shutdown schedule to a virtual machine\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Compute\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"time\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Scheduled Shutdown Time\",\n                    \"description\": \"Daily Scheduled shutdown time. i.e. 2300 = 11:00 PM\"\n                },\n                \"defaultValue\": \"0000\"\n            },\n            \"timeZoneId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"UTC\",\n                \"metadata\": {\n                    \"displayName\": \"Time zone\",\n                    \"description\": \"The time zone ID (e.g. Pacific Standard time).\"\n                }\n            },\n            \"EnableNotification\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"metadata\": {\n                    \"displayName\": \"Send Notification before auto-shutdown\",\n                    \"description\": \"If notifications are enabled for this schedule (i.e. Enabled, Disabled).\"\n                },\n                \"allowedValues\": [\n                    \"Disabled\",\n                    \"Enabled\"\n                ]\n            },\n            \"NotificationEmailRecipient\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"Email Address\",\n                    \"description\": \"Email address to be used for notification\"\n                }\n            },\n            \"NotificationWebhookUrl\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"Webhook URL\",\n                    \"description\": \"A notification will be posted to the specified webhook endpoint when the auto-shutdown is about to happen.\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"field\": \"type\",\n                \"equals\": \"Microsoft.Compute/virtualMachines\"\n            },\n            \"then\": {\n                \"effect\": \"deployIfNotExists\",\n                \"details\": {\n                    \"type\": \"Microsoft.DevTestLab/schedules\",\n                    \"existenceCondition\": {\n                        \"allOf\": [\n                            {\n                                \"field\": \"Microsoft.DevTestLab/schedules/taskType\",\n                                \"equals\": \"ComputeVmShutdownTask\"\n                            },\n                            {\n                                \"field\": \"Microsoft.DevTestLab/schedules/targetResourceId\",\n                                \"equals\": \"[[concat(resourceGroup().id,'/providers/Microsoft.Compute/virtualMachines/',field('name'))]\"\n                            }\n                        ]\n                    },\n                    \"roleDefinitionIds\": [\n                        \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\n                    ],\n                    \"deployment\": {\n                        \"properties\": {\n                            \"mode\": \"incremental\",\n                            \"template\": {\n                                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                                \"contentVersion\": \"1.0.0.0\",\n                                \"parameters\": {\n                                    \"vmName\": {\n                                        \"type\": \"string\"\n                                    },\n                                    \"location\": {\n                                        \"type\": \"string\"\n                                    },\n                                    \"time\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"Daily Scheduled shutdown time. i.e. 2300 = 11:00 PM\"\n                                        }\n                                    },\n                                    \"timeZoneId\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"The time zone ID (e.g. Pacific Standard time).\"\n                                        }\n                                    },\n                                    \"EnableNotification\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"If notifications are enabled for this schedule (i.e. Enabled, Disabled).\"\n                                        }\n                                    },\n                                    \"NotificationEmailRecipient\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"Email address to be used for notification\"\n                                        }\n                                    },\n                                    \"NotificationWebhookUrl\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"A notification will be posted to the specified webhook endpoint when the auto-shutdown is about to happen.\"\n                                        }\n                                    }\n                                },\n                                \"variables\": {},\n                                \"resources\": [\n                                    {\n                                        \"name\": \"[[concat('shutdown-computevm-',parameters('vmName'))]\",\n                                        \"type\": \"Microsoft.DevTestLab/schedules\",\n                                        \"location\": \"[[parameters('location')]\",\n                                        \"apiVersion\": \"2018-09-15\",\n                                        \"properties\": {\n                                            \"status\": \"Enabled\",\n                                            \"taskType\": \"ComputeVmShutdownTask\",\n                                            \"dailyRecurrence\": {\n                                                \"time\": \"[[parameters('time')]\"\n                                            },\n                                            \"timeZoneId\": \"[[parameters('timeZoneId')]\",\n                                            \"notificationSettings\": {\n                                                \"status\": \"[[parameters('EnableNotification')]\",\n                                                \"timeInMinutes\": 30,\n                                                \"webhookUrl\": \"[[parameters('NotificationWebhookUrl')]\",\n                                                \"emailRecipient\": \"[[parameters('NotificationEmailRecipient')]\",\n                                                \"notificationLocale\": \"en\"\n                                            },\n                                            \"targetResourceId\": \"[[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]\"\n                                        }\n                                    }\n                                ],\n                                \"outputs\": {}\n                            },\n                            \"parameters\": {\n                                \"vmName\": {\n                                    \"value\": \"[[field('name')]\"\n                                },\n                                \"location\": {\n                                    \"value\": \"[[field('location')]\"\n                                },\n                                \"time\": {\n                                    \"value\": \"[[parameters('time')]\"\n                                },\n                                \"timeZoneId\": {\n                                    \"value\": \"[[parameters('timeZoneId')]\"\n                                },\n                                \"EnableNotification\": {\n                                    \"value\": \"[[parameters('EnableNotification')]\"\n                                },\n                                \"NotificationEmailRecipient\": {\n                                    \"value\": \"[[parameters('NotificationEmailRecipient')]\"\n                                },\n                                \"NotificationWebhookUrl\": {\n                                    \"value\": \"[[parameters('NotificationWebhookUrl')]\"\n                                }\n                            }\n                        }\n                    }\n                }\n            }\n        }\n    }\n}",
-    "$fxv#106": "{\n  \"name\": \"Deploy-Windows-DomainJoin\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deploy Windows Domain Join Extension with keyvault configuration\",\n    \"description\": \"Deploy Windows Domain Join Extension with keyvault configuration when the extension does not exist on a given windows Virtual Machine\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Guest Configuration\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"domainUsername\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"domainUsername\"\n        }\n      },\n      \"domainPassword\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"domainPassword\"\n        }\n      },\n      \"domainFQDN\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"domainFQDN\"\n        }\n      },\n      \"domainOUPath\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"domainOUPath\"\n        }\n      },\n      \"keyVaultResourceId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"keyVaultResourceId\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Compute/virtualMachines\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/imagePublisher\",\n            \"equals\": \"MicrosoftWindowsServer\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/imageOffer\",\n            \"equals\": \"WindowsServer\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/imageSKU\",\n            \"in\": [\n              \"2008-R2-SP1\",\n              \"2008-R2-SP1-smalldisk\",\n              \"2008-R2-SP1-zhcn\",\n              \"2012-Datacenter\",\n              \"2012-datacenter-gensecond\",\n              \"2012-Datacenter-smalldisk\",\n              \"2012-datacenter-smalldisk-g2\",\n              \"2012-Datacenter-zhcn\",\n              \"2012-datacenter-zhcn-g2\",\n              \"2012-R2-Datacenter\",\n              \"2012-r2-datacenter-gensecond\",\n              \"2012-R2-Datacenter-smalldisk\",\n              \"2012-r2-datacenter-smalldisk-g2\",\n              \"2012-R2-Datacenter-zhcn\",\n              \"2012-r2-datacenter-zhcn-g2\",\n              \"2016-Datacenter\",\n              \"2016-datacenter-gensecond\",\n              \"2016-datacenter-gs\",\n              \"2016-Datacenter-Server-Core\",\n              \"2016-datacenter-server-core-g2\",\n              \"2016-Datacenter-Server-Core-smalldisk\",\n              \"2016-datacenter-server-core-smalldisk-g2\",\n              \"2016-Datacenter-smalldisk\",\n              \"2016-datacenter-smalldisk-g2\",\n              \"2016-Datacenter-with-Containers\",\n              \"2016-datacenter-with-containers-g2\",\n              \"2016-Datacenter-with-RDSH\",\n              \"2016-Datacenter-zhcn\",\n              \"2016-datacenter-zhcn-g2\",\n              \"2019-Datacenter\",\n              \"2019-Datacenter-Core\",\n              \"2019-datacenter-core-g2\",\n              \"2019-Datacenter-Core-smalldisk\",\n              \"2019-datacenter-core-smalldisk-g2\",\n              \"2019-Datacenter-Core-with-Containers\",\n              \"2019-datacenter-core-with-containers-g2\",\n              \"2019-Datacenter-Core-with-Containers-smalldisk\",\n              \"2019-datacenter-core-with-containers-smalldisk-g2\",\n              \"2019-datacenter-gensecond\",\n              \"2019-datacenter-gs\",\n              \"2019-Datacenter-smalldisk\",\n              \"2019-datacenter-smalldisk-g2\",\n              \"2019-Datacenter-with-Containers\",\n              \"2019-datacenter-with-containers-g2\",\n              \"2019-Datacenter-with-Containers-smalldisk\",\n              \"2019-datacenter-with-containers-smalldisk-g2\",\n              \"2019-Datacenter-zhcn\",\n              \"2019-datacenter-zhcn-g2\",\n              \"Datacenter-Core-1803-with-Containers-smalldisk\",\n              \"datacenter-core-1803-with-containers-smalldisk-g2\",\n              \"Datacenter-Core-1809-with-Containers-smalldisk\",\n              \"datacenter-core-1809-with-containers-smalldisk-g2\",\n              \"Datacenter-Core-1903-with-Containers-smalldisk\",\n              \"datacenter-core-1903-with-containers-smalldisk-g2\",\n              \"datacenter-core-1909-with-containers-smalldisk\",\n              \"datacenter-core-1909-with-containers-smalldisk-g1\",\n              \"datacenter-core-1909-with-containers-smalldisk-g2\"\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n          \"roleDefinitionIds\": [\n            \"/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\n          ],\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\n                \"equals\": \"JsonADDomainExtension\"\n              },\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\n                \"equals\": \"Microsoft.Compute\"\n              }\n            ]\n          },\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"parameters\": {\n                \"vmName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"domainUsername\": {\n                  \"reference\": {\n                    \"keyVault\": {\n                      \"id\": \"[[parameters('keyVaultResourceId')]\"\n                    },\n                    \"secretName\": \"[[parameters('domainUsername')]\"\n                  }\n                },\n                \"domainPassword\": {\n                  \"reference\": {\n                    \"keyVault\": {\n                      \"id\": \"[[parameters('keyVaultResourceId')]\"\n                    },\n                    \"secretName\": \"[[parameters('domainPassword')]\"\n                  }\n                },\n                \"domainOUPath\": {\n                  \"value\": \"[[parameters('domainOUPath')]\"\n                },\n                \"domainFQDN\": {\n                  \"value\": \"[[parameters('domainFQDN')]\"\n                },\n                \"keyVaultResourceId\": {\n                  \"value\": \"[[parameters('keyVaultResourceId')]\"\n                }\n              },\n              \"template\": {\n                \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"vmName\": {\n                    \"type\": \"String\"\n                  },\n                  \"location\": {\n                    \"type\": \"String\"\n                  },\n                  \"domainUsername\": {\n                    \"type\": \"String\"\n                  },\n                  \"domainPassword\": {\n                    \"type\": \"securestring\"\n                  },\n                  \"domainFQDN\": {\n                    \"type\": \"String\"\n                  },\n                  \"domainOUPath\": {\n                    \"type\": \"String\"\n                  },\n                  \"keyVaultResourceId\": {\n                    \"type\": \"String\"\n                  }\n                },\n                \"variables\": {\n                  \"domainJoinOptions\": 3,\n                  \"vmName\": \"[[parameters('vmName')]\"\n                },\n                \"resources\": [\n                  {\n                    \"apiVersion\": \"2015-06-15\",\n                    \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n                    \"name\": \"[[concat(variables('vmName'),'/joindomain')]\",\n                    \"location\": \"[[resourceGroup().location]\",\n                    \"properties\": {\n                      \"publisher\": \"Microsoft.Compute\",\n                      \"type\": \"JsonADDomainExtension\",\n                      \"typeHandlerVersion\": \"1.3\",\n                      \"autoUpgradeMinorVersion\": true,\n                      \"settings\": {\n                        \"Name\": \"[[parameters('domainFQDN')]\",\n                        \"User\": \"[[parameters('domainUserName')]\",\n                        \"Restart\": \"true\",\n                        \"Options\": \"[[variables('domainJoinOptions')]\",\n                        \"OUPath\": \"[[parameters('domainOUPath')]\"\n                      },\n                      \"protectedSettings\": {\n                        \"Password\": \"[[parameters('domainPassword')]\"\n                      }\n                    }\n                  }\n                ],\n                \"outputs\": {}\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
-    "$fxv#107": "{\n  \"name\": \"Deploy-Diagnostics-VWanS2SVPNGW\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings for VWAN S2S VPN Gateway to Log Analytics workspace\",\n    \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN Gateway to stream to a Log Analytics workspace when any VWAN S2S VPN Gateway which is missing this diagnostic settings is created or updated. This policy is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n    \"metadata\": {\n      \"deprecated\": true,\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"metricsEnabled\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"True\",\n        \"allowedValues\": [\n          \"True\",\n          \"False\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Enable metrics\",\n          \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\n        }\n      },\n      \"logsEnabled\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"True\",\n        \"allowedValues\": [\n          \"True\",\n          \"False\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Enable logs\",\n          \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"field\": \"type\",\n        \"equals\": \"Microsoft.Network/vpnGateways\"\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Insights/diagnosticSettings\",\n          \"name\": \"[[parameters('profileName')]\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n                \"equals\": \"true\"\n              },\n              {\n                \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\n                \"equals\": \"true\"\n              },\n              {\n                \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n                \"equals\": \"[[parameters('logAnalytics')]\"\n              }\n            ]\n          },\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n            \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n          ],\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"template\": {\n                \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"resourceName\": {\n                    \"type\": \"String\"\n                  },\n                  \"logAnalytics\": {\n                    \"type\": \"String\"\n                  },\n                  \"location\": {\n                    \"type\": \"String\"\n                  },\n                  \"profileName\": {\n                    \"type\": \"String\"\n                  },\n                  \"metricsEnabled\": {\n                    \"type\": \"String\"\n                  },\n                  \"logsEnabled\": {\n                    \"type\": \"String\"\n                  }\n                },\n                \"variables\": {},\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.Network/vpnGateways/providers/diagnosticSettings\",\n                    \"apiVersion\": \"2017-05-01-preview\",\n                    \"name\": \"[[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n                    \"location\": \"[[parameters('location')]\",\n                    \"dependsOn\": [],\n                    \"properties\": {\n                      \"workspaceId\": \"[[parameters('logAnalytics')]\",\n                      \"metrics\": [\n                        {\n                          \"category\": \"AllMetrics\",\n                          \"enabled\": \"[[parameters('metricsEnabled')]\",\n                          \"retentionPolicy\": {\n                            \"days\": 0,\n                            \"enabled\": false\n                          },\n                          \"timeGrain\": null\n                        }\n                      ],\n                      \"logs\": [\n                        {\n                          \"category\": \"GatewayDiagnosticLog\",\n                          \"enabled\": \"[[parameters('logsEnabled')]\"\n                        },\n                        {\n                          \"category\": \"IKEDiagnosticLog\",\n                          \"enabled\": \"[[parameters('logsEnabled')]\"\n                        },\n                        {\n                          \"category\": \"RouteDiagnosticLog\",\n                          \"enabled\": \"[[parameters('logsEnabled')]\"\n                        },\n                        {\n                          \"category\": \"TunnelDiagnosticLog\",\n                          \"enabled\": \"[[parameters('logsEnabled')]\"\n                        }\n                      ]\n                    }\n                  }\n                ],\n                \"outputs\": {}\n              },\n              \"parameters\": {\n                \"logAnalytics\": {\n                  \"value\": \"[[parameters('logAnalytics')]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"resourceName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"profileName\": {\n                  \"value\": \"[[parameters('profileName')]\"\n                },\n                \"metricsEnabled\": {\n                  \"value\": \"[[parameters('metricsEnabled')]\"\n                },\n                \"logsEnabled\": {\n                  \"value\": \"[[parameters('logsEnabled')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}",
-    "$fxv#108": "{\n    \"name\": \"Audit-PrivateLinkDnsZones\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,    \n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"Indexed\",\n        \"displayName\": \"Audit or Deny the creation of Private Link Private DNS Zones\",\n        \"description\": \"This policy audits or denies, depending on assignment effect, the creation of a Private Link Private DNS Zones in the current scope, used in combination with policies that create centralized private DNS in connectivity subscription\",\n        \"metadata\": {\n            \"version\": \"1.0.2\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"privateLinkDnsZones\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Private Link Private DNS Zones\",\n                    \"description\": \"An array of Private Link Private DNS Zones to check for the existence of in the assigned scope.\"\n                },\n                \"defaultValue\": [\n                    \"privatelink.adf.azure.com\",\n                    \"privatelink.afs.azure.net\",\n                    \"privatelink.agentsvc.azure-automation.net\",\n                    \"privatelink.analysis.windows.net\",\n                    \"privatelink.api.azureml.ms\",\n                    \"privatelink.azconfig.io\",\n                    \"privatelink.azure-api.net\",\n                    \"privatelink.azure-automation.net\",\n                    \"privatelink.azurecr.io\",\n                    \"privatelink.azure-devices.net\",\n                    \"privatelink.azure-devices-provisioning.net\",\n                    \"privatelink.azuredatabricks.net\",\n                    \"privatelink.azurehdinsight.net\",\n                    \"privatelink.azurehealthcareapis.com\",\n                    \"privatelink.azurestaticapps.net\",\n                    \"privatelink.azuresynapse.net\",\n                    \"privatelink.azurewebsites.net\",\n                    \"privatelink.batch.azure.com\",\n                    \"privatelink.blob.core.windows.net\",\n                    \"privatelink.cassandra.cosmos.azure.com\",\n                    \"privatelink.cognitiveservices.azure.com\",\n                    \"privatelink.database.windows.net\",\n                    \"privatelink.datafactory.azure.net\",\n                    \"privatelink.dev.azuresynapse.net\",\n                    \"privatelink.dfs.core.windows.net\",\n                    \"privatelink.dicom.azurehealthcareapis.com\",\n                    \"privatelink.digitaltwins.azure.net\",\n                    \"privatelink.directline.botframework.com\",\n                    \"privatelink.documents.azure.com\",\n                    \"privatelink.eventgrid.azure.net\",\n                    \"privatelink.file.core.windows.net\",\n                    \"privatelink.gremlin.cosmos.azure.com\",\n                    \"privatelink.guestconfiguration.azure.com\",\n                    \"privatelink.his.arc.azure.com\",\n                    \"privatelink.kubernetesconfiguration.azure.com\",\n                    \"privatelink.managedhsm.azure.net\",\n                    \"privatelink.mariadb.database.azure.com\",\n                    \"privatelink.media.azure.net\",\n                    \"privatelink.mongo.cosmos.azure.com\",\n                    \"privatelink.monitor.azure.com\",\n                    \"privatelink.mysql.database.azure.com\",\n                    \"privatelink.notebooks.azure.net\",\n                    \"privatelink.ods.opinsights.azure.com\",\n                    \"privatelink.oms.opinsights.azure.com\",\n                    \"privatelink.pbidedicated.windows.net\",\n                    \"privatelink.postgres.database.azure.com\",\n                    \"privatelink.prod.migration.windowsazure.com\",\n                    \"privatelink.purview.azure.com\",\n                    \"privatelink.purviewstudio.azure.com\",\n                    \"privatelink.queue.core.windows.net\",\n                    \"privatelink.redis.cache.windows.net\",\n                    \"privatelink.redisenterprise.cache.azure.net\",\n                    \"privatelink.search.windows.net\",\n                    \"privatelink.service.signalr.net\",\n                    \"privatelink.servicebus.windows.net\",\n                    \"privatelink.siterecovery.windowsazure.com\",\n                    \"privatelink.sql.azuresynapse.net\",\n                    \"privatelink.table.core.windows.net\",\n                    \"privatelink.table.cosmos.azure.com\",\n                    \"privatelink.tip1.powerquery.microsoft.com\",\n                    \"privatelink.token.botframework.com\",\n                    \"privatelink.vaultcore.azure.net\",\n                    \"privatelink.web.core.windows.net\",\n                    \"privatelink.webpubsub.azure.com\"\n                ]\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/privateDnsZones\"\n                    },\n                    {\n                        \"field\": \"name\",\n                        \"in\": \"[[parameters('privateLinkDnsZones')]\"\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}\n",
-    "$fxv#109": "{\n    \"name\": \"DenyAction-DiagnosticLogs\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"Indexed\",\n        \"displayName\": \"DenyAction implementation on Diagnostic Logs.\",\n        \"description\": \"DenyAction implementation on Diagnostic Logs.\",\n        \"metadata\": {\n            \"deprecated\": false,\n            \"version\": \"1.0.0\",\n            \"category\": \"Monitoring\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {},\n        \"policyRule\": {\n            \"if\": {\n                \"field\": \"type\",\n                \"equals\": \"Microsoft.Insights/diagnosticSettings\"\n            },\n            \"then\": {\n                \"effect\": \"denyAction\",\n                \"details\": {\n                    \"actionNames\": [\n                        \"delete\"\n                    ]\n                }\n            }\n        }\n    }\n}",
+    "$fxv#105": "{\n  \"name\": \"Deploy-Windows-DomainJoin\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deploy Windows Domain Join Extension with keyvault configuration\",\n    \"description\": \"Deploy Windows Domain Join Extension with keyvault configuration when the extension does not exist on a given windows Virtual Machine\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Guest Configuration\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"domainUsername\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"domainUsername\"\n        }\n      },\n      \"domainPassword\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"domainPassword\"\n        }\n      },\n      \"domainFQDN\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"domainFQDN\"\n        }\n      },\n      \"domainOUPath\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"domainOUPath\"\n        }\n      },\n      \"keyVaultResourceId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"keyVaultResourceId\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Compute/virtualMachines\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/imagePublisher\",\n            \"equals\": \"MicrosoftWindowsServer\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/imageOffer\",\n            \"equals\": \"WindowsServer\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/imageSKU\",\n            \"in\": [\n              \"2008-R2-SP1\",\n              \"2008-R2-SP1-smalldisk\",\n              \"2008-R2-SP1-zhcn\",\n              \"2012-Datacenter\",\n              \"2012-datacenter-gensecond\",\n              \"2012-Datacenter-smalldisk\",\n              \"2012-datacenter-smalldisk-g2\",\n              \"2012-Datacenter-zhcn\",\n              \"2012-datacenter-zhcn-g2\",\n              \"2012-R2-Datacenter\",\n              \"2012-r2-datacenter-gensecond\",\n              \"2012-R2-Datacenter-smalldisk\",\n              \"2012-r2-datacenter-smalldisk-g2\",\n              \"2012-R2-Datacenter-zhcn\",\n              \"2012-r2-datacenter-zhcn-g2\",\n              \"2016-Datacenter\",\n              \"2016-datacenter-gensecond\",\n              \"2016-datacenter-gs\",\n              \"2016-Datacenter-Server-Core\",\n              \"2016-datacenter-server-core-g2\",\n              \"2016-Datacenter-Server-Core-smalldisk\",\n              \"2016-datacenter-server-core-smalldisk-g2\",\n              \"2016-Datacenter-smalldisk\",\n              \"2016-datacenter-smalldisk-g2\",\n              \"2016-Datacenter-with-Containers\",\n              \"2016-datacenter-with-containers-g2\",\n              \"2016-Datacenter-with-RDSH\",\n              \"2016-Datacenter-zhcn\",\n              \"2016-datacenter-zhcn-g2\",\n              \"2019-Datacenter\",\n              \"2019-Datacenter-Core\",\n              \"2019-datacenter-core-g2\",\n              \"2019-Datacenter-Core-smalldisk\",\n              \"2019-datacenter-core-smalldisk-g2\",\n              \"2019-Datacenter-Core-with-Containers\",\n              \"2019-datacenter-core-with-containers-g2\",\n              \"2019-Datacenter-Core-with-Containers-smalldisk\",\n              \"2019-datacenter-core-with-containers-smalldisk-g2\",\n              \"2019-datacenter-gensecond\",\n              \"2019-datacenter-gs\",\n              \"2019-Datacenter-smalldisk\",\n              \"2019-datacenter-smalldisk-g2\",\n              \"2019-Datacenter-with-Containers\",\n              \"2019-datacenter-with-containers-g2\",\n              \"2019-Datacenter-with-Containers-smalldisk\",\n              \"2019-datacenter-with-containers-smalldisk-g2\",\n              \"2019-Datacenter-zhcn\",\n              \"2019-datacenter-zhcn-g2\",\n              \"Datacenter-Core-1803-with-Containers-smalldisk\",\n              \"datacenter-core-1803-with-containers-smalldisk-g2\",\n              \"Datacenter-Core-1809-with-Containers-smalldisk\",\n              \"datacenter-core-1809-with-containers-smalldisk-g2\",\n              \"Datacenter-Core-1903-with-Containers-smalldisk\",\n              \"datacenter-core-1903-with-containers-smalldisk-g2\",\n              \"datacenter-core-1909-with-containers-smalldisk\",\n              \"datacenter-core-1909-with-containers-smalldisk-g1\",\n              \"datacenter-core-1909-with-containers-smalldisk-g2\"\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n          \"roleDefinitionIds\": [\n            \"/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\n          ],\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\n                \"equals\": \"JsonADDomainExtension\"\n              },\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\n                \"equals\": \"Microsoft.Compute\"\n              }\n            ]\n          },\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"parameters\": {\n                \"vmName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"domainUsername\": {\n                  \"reference\": {\n                    \"keyVault\": {\n                      \"id\": \"[[parameters('keyVaultResourceId')]\"\n                    },\n                    \"secretName\": \"[[parameters('domainUsername')]\"\n                  }\n                },\n                \"domainPassword\": {\n                  \"reference\": {\n                    \"keyVault\": {\n                      \"id\": \"[[parameters('keyVaultResourceId')]\"\n                    },\n                    \"secretName\": \"[[parameters('domainPassword')]\"\n                  }\n                },\n                \"domainOUPath\": {\n                  \"value\": \"[[parameters('domainOUPath')]\"\n                },\n                \"domainFQDN\": {\n                  \"value\": \"[[parameters('domainFQDN')]\"\n                },\n                \"keyVaultResourceId\": {\n                  \"value\": \"[[parameters('keyVaultResourceId')]\"\n                }\n              },\n              \"template\": {\n                \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"vmName\": {\n                    \"type\": \"String\"\n                  },\n                  \"location\": {\n                    \"type\": \"String\"\n                  },\n                  \"domainUsername\": {\n                    \"type\": \"String\"\n                  },\n                  \"domainPassword\": {\n                    \"type\": \"securestring\"\n                  },\n                  \"domainFQDN\": {\n                    \"type\": \"String\"\n                  },\n                  \"domainOUPath\": {\n                    \"type\": \"String\"\n                  },\n                  \"keyVaultResourceId\": {\n                    \"type\": \"String\"\n                  }\n                },\n                \"variables\": {\n                  \"domainJoinOptions\": 3,\n                  \"vmName\": \"[[parameters('vmName')]\"\n                },\n                \"resources\": [\n                  {\n                    \"apiVersion\": \"2015-06-15\",\n                    \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n                    \"name\": \"[[concat(variables('vmName'),'/joindomain')]\",\n                    \"location\": \"[[resourceGroup().location]\",\n                    \"properties\": {\n                      \"publisher\": \"Microsoft.Compute\",\n                      \"type\": \"JsonADDomainExtension\",\n                      \"typeHandlerVersion\": \"1.3\",\n                      \"autoUpgradeMinorVersion\": true,\n                      \"settings\": {\n                        \"Name\": \"[[parameters('domainFQDN')]\",\n                        \"User\": \"[[parameters('domainUserName')]\",\n                        \"Restart\": \"true\",\n                        \"Options\": \"[[variables('domainJoinOptions')]\",\n                        \"OUPath\": \"[[parameters('domainOUPath')]\"\n                      },\n                      \"protectedSettings\": {\n                        \"Password\": \"[[parameters('domainPassword')]\"\n                      }\n                    }\n                  }\n                ],\n                \"outputs\": {}\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
+    "$fxv#106": "{\n  \"name\": \"Deploy-Diagnostics-VWanS2SVPNGW\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings for VWAN S2S VPN Gateway to Log Analytics workspace\",\n    \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN Gateway to stream to a Log Analytics workspace when any VWAN S2S VPN Gateway which is missing this diagnostic settings is created or updated. This policy is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n    \"metadata\": {\n      \"deprecated\": true,\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"metricsEnabled\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"True\",\n        \"allowedValues\": [\n          \"True\",\n          \"False\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Enable metrics\",\n          \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\n        }\n      },\n      \"logsEnabled\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"True\",\n        \"allowedValues\": [\n          \"True\",\n          \"False\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Enable logs\",\n          \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"field\": \"type\",\n        \"equals\": \"Microsoft.Network/vpnGateways\"\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Insights/diagnosticSettings\",\n          \"name\": \"[[parameters('profileName')]\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n                \"equals\": \"true\"\n              },\n              {\n                \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\n                \"equals\": \"true\"\n              },\n              {\n                \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n                \"equals\": \"[[parameters('logAnalytics')]\"\n              }\n            ]\n          },\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n            \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n          ],\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"template\": {\n                \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"resourceName\": {\n                    \"type\": \"String\"\n                  },\n                  \"logAnalytics\": {\n                    \"type\": \"String\"\n                  },\n                  \"location\": {\n                    \"type\": \"String\"\n                  },\n                  \"profileName\": {\n                    \"type\": \"String\"\n                  },\n                  \"metricsEnabled\": {\n                    \"type\": \"String\"\n                  },\n                  \"logsEnabled\": {\n                    \"type\": \"String\"\n                  }\n                },\n                \"variables\": {},\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.Network/vpnGateways/providers/diagnosticSettings\",\n                    \"apiVersion\": \"2017-05-01-preview\",\n                    \"name\": \"[[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n                    \"location\": \"[[parameters('location')]\",\n                    \"dependsOn\": [],\n                    \"properties\": {\n                      \"workspaceId\": \"[[parameters('logAnalytics')]\",\n                      \"metrics\": [\n                        {\n                          \"category\": \"AllMetrics\",\n                          \"enabled\": \"[[parameters('metricsEnabled')]\",\n                          \"retentionPolicy\": {\n                            \"days\": 0,\n                            \"enabled\": false\n                          },\n                          \"timeGrain\": null\n                        }\n                      ],\n                      \"logs\": [\n                        {\n                          \"category\": \"GatewayDiagnosticLog\",\n                          \"enabled\": \"[[parameters('logsEnabled')]\"\n                        },\n                        {\n                          \"category\": \"IKEDiagnosticLog\",\n                          \"enabled\": \"[[parameters('logsEnabled')]\"\n                        },\n                        {\n                          \"category\": \"RouteDiagnosticLog\",\n                          \"enabled\": \"[[parameters('logsEnabled')]\"\n                        },\n                        {\n                          \"category\": \"TunnelDiagnosticLog\",\n                          \"enabled\": \"[[parameters('logsEnabled')]\"\n                        }\n                      ]\n                    }\n                  }\n                ],\n                \"outputs\": {}\n              },\n              \"parameters\": {\n                \"logAnalytics\": {\n                  \"value\": \"[[parameters('logAnalytics')]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"resourceName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"profileName\": {\n                  \"value\": \"[[parameters('profileName')]\"\n                },\n                \"metricsEnabled\": {\n                  \"value\": \"[[parameters('metricsEnabled')]\"\n                },\n                \"logsEnabled\": {\n                  \"value\": \"[[parameters('logsEnabled')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}",
+    "$fxv#107": "{\n    \"name\": \"Audit-PrivateLinkDnsZones\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,    \n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"Indexed\",\n        \"displayName\": \"Audit or Deny the creation of Private Link Private DNS Zones\",\n        \"description\": \"This policy audits or denies, depending on assignment effect, the creation of a Private Link Private DNS Zones in the current scope, used in combination with policies that create centralized private DNS in connectivity subscription\",\n        \"metadata\": {\n            \"version\": \"1.0.2\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"privateLinkDnsZones\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Private Link Private DNS Zones\",\n                    \"description\": \"An array of Private Link Private DNS Zones to check for the existence of in the assigned scope.\"\n                },\n                \"defaultValue\": [\n                    \"privatelink.adf.azure.com\",\n                    \"privatelink.afs.azure.net\",\n                    \"privatelink.agentsvc.azure-automation.net\",\n                    \"privatelink.analysis.windows.net\",\n                    \"privatelink.api.azureml.ms\",\n                    \"privatelink.azconfig.io\",\n                    \"privatelink.azure-api.net\",\n                    \"privatelink.azure-automation.net\",\n                    \"privatelink.azurecr.io\",\n                    \"privatelink.azure-devices.net\",\n                    \"privatelink.azure-devices-provisioning.net\",\n                    \"privatelink.azuredatabricks.net\",\n                    \"privatelink.azurehdinsight.net\",\n                    \"privatelink.azurehealthcareapis.com\",\n                    \"privatelink.azurestaticapps.net\",\n                    \"privatelink.azuresynapse.net\",\n                    \"privatelink.azurewebsites.net\",\n                    \"privatelink.batch.azure.com\",\n                    \"privatelink.blob.core.windows.net\",\n                    \"privatelink.cassandra.cosmos.azure.com\",\n                    \"privatelink.cognitiveservices.azure.com\",\n                    \"privatelink.database.windows.net\",\n                    \"privatelink.datafactory.azure.net\",\n                    \"privatelink.dev.azuresynapse.net\",\n                    \"privatelink.dfs.core.windows.net\",\n                    \"privatelink.dicom.azurehealthcareapis.com\",\n                    \"privatelink.digitaltwins.azure.net\",\n                    \"privatelink.directline.botframework.com\",\n                    \"privatelink.documents.azure.com\",\n                    \"privatelink.eventgrid.azure.net\",\n                    \"privatelink.file.core.windows.net\",\n                    \"privatelink.gremlin.cosmos.azure.com\",\n                    \"privatelink.guestconfiguration.azure.com\",\n                    \"privatelink.his.arc.azure.com\",\n                    \"privatelink.kubernetesconfiguration.azure.com\",\n                    \"privatelink.managedhsm.azure.net\",\n                    \"privatelink.mariadb.database.azure.com\",\n                    \"privatelink.media.azure.net\",\n                    \"privatelink.mongo.cosmos.azure.com\",\n                    \"privatelink.monitor.azure.com\",\n                    \"privatelink.mysql.database.azure.com\",\n                    \"privatelink.notebooks.azure.net\",\n                    \"privatelink.ods.opinsights.azure.com\",\n                    \"privatelink.oms.opinsights.azure.com\",\n                    \"privatelink.pbidedicated.windows.net\",\n                    \"privatelink.postgres.database.azure.com\",\n                    \"privatelink.prod.migration.windowsazure.com\",\n                    \"privatelink.purview.azure.com\",\n                    \"privatelink.purviewstudio.azure.com\",\n                    \"privatelink.queue.core.windows.net\",\n                    \"privatelink.redis.cache.windows.net\",\n                    \"privatelink.redisenterprise.cache.azure.net\",\n                    \"privatelink.search.windows.net\",\n                    \"privatelink.service.signalr.net\",\n                    \"privatelink.servicebus.windows.net\",\n                    \"privatelink.siterecovery.windowsazure.com\",\n                    \"privatelink.sql.azuresynapse.net\",\n                    \"privatelink.table.core.windows.net\",\n                    \"privatelink.table.cosmos.azure.com\",\n                    \"privatelink.tip1.powerquery.microsoft.com\",\n                    \"privatelink.token.botframework.com\",\n                    \"privatelink.vaultcore.azure.net\",\n                    \"privatelink.web.core.windows.net\",\n                    \"privatelink.webpubsub.azure.com\"\n                ]\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/privateDnsZones\"\n                    },\n                    {\n                        \"field\": \"name\",\n                        \"in\": \"[[parameters('privateLinkDnsZones')]\"\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}\n",
+    "$fxv#108": "{\n    \"name\": \"DenyAction-DiagnosticLogs\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"Indexed\",\n        \"displayName\": \"DenyAction implementation on Diagnostic Logs.\",\n        \"description\": \"DenyAction implementation on Diagnostic Logs.\",\n        \"metadata\": {\n            \"deprecated\": false,\n            \"version\": \"1.0.0\",\n            \"category\": \"Monitoring\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {},\n        \"policyRule\": {\n            \"if\": {\n                \"field\": \"type\",\n                \"equals\": \"Microsoft.Insights/diagnosticSettings\"\n            },\n            \"then\": {\n                \"effect\": \"denyAction\",\n                \"details\": {\n                    \"actionNames\": [\n                        \"delete\"\n                    ]\n                }\n            }\n        }\n    }\n}",
+    "$fxv#109": "{\n    \"name\": \"DenyAction-ActivityLogs\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"Indexed\",\n        \"displayName\": \"DenyAction implementation on Activity Logs\",\n        \"description\": \"This is a DenyAction implementation policy on Activity Logs.\",\n        \"metadata\": {\n            \"deprecated\": false,            \n            \"version\": \"1.0.0\",\n            \"category\": \"Monitoring\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {},\n        \"policyRule\": {\n            \"if\": {\n                \"field\": \"type\",\n                \"equals\": \"Microsoft.Resources/subscriptions/providers/diagnosticSettings\"\n            },\n            \"then\": {\n                \"effect\": \"denyAction\",\n                \"details\": {\n                    \"actionNames\": [\n                        \"delete\"\n                    ]\n                }\n            }\n        }\n    }\n}",
     "$fxv#11": "{\n  \"name\": \"Deny-AppServiceFunctionApp-http\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Function App should only be accessible over HTTPS\",\n    \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"App Service\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Deny\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Web/sites\"\n          },\n          {\n            \"field\": \"kind\",\n            \"like\": \"functionapp*\"\n          },\n          {\n            \"field\": \"Microsoft.Web/sites/httpsOnly\",\n            \"equals\": \"false\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#110": "{\n    \"name\": \"DenyAction-ActivityLogs\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"Indexed\",\n        \"displayName\": \"DenyAction implementation on Activity Logs\",\n        \"description\": \"This is a DenyAction implementation policy on Activity Logs.\",\n        \"metadata\": {\n            \"deprecated\": false,            \n            \"version\": \"1.0.0\",\n            \"category\": \"Monitoring\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {},\n        \"policyRule\": {\n            \"if\": {\n                \"field\": \"type\",\n                \"equals\": \"Microsoft.Resources/subscriptions/providers/diagnosticSettings\"\n            },\n            \"then\": {\n                \"effect\": \"denyAction\",\n                \"details\": {\n                    \"actionNames\": [\n                        \"delete\"\n                    ]\n                }\n            }\n        }\n    }\n}",
-    "$fxv#111": "{\n  \"name\": \"Deploy-UserAssignedManagedIdentity-VMInsights\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"displayName\": \"[Deprecated]: Deploy User Assigned Managed Identity for VM Insights\",\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"description\": \"Policy is deprecated as it's no longer required. User-Assigned Management Identity is now centralized and deployed by Azure Landing Zones to the Management Subscription.\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Managed Identity\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"bringYourOwnUserAssignedManagedIdentity\": {\n        \"type\": \"Boolean\",\n        \"metadata\": {\n          \"displayName\": \"Bring Your Own User-Assigned Identity\",\n          \"description\": \"Enable this to use your pre-created user-assigned managed identity. The pre-created identity MUST exist within the subscription otherwise the policy deployment will fail. If enabled, ensure that the User-Assigned Identity Name and Identity Resource Group Name parameters match the pre-created identity. If not enabled, the policy will create per subscription, per resource user-assigned managed identities in a new resource group named 'Built-In-Identity-RG'.\"\n        },\n        \"allowedValues\": [\n          true,\n          false\n        ]\n      },\n      \"userAssignedIdentityName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"User-Assigned Managed Identity Name\",\n          \"description\": \"The name of the pre-created user-assigned managed identity.\"\n        },\n        \"defaultValue\": \"\"\n      },\n      \"identityResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"User-Assigned Managed Identity Resource Group Name\",\n          \"description\": \"The resource group in which the pre-created user-assigned managed identity resides.\"\n        },\n        \"defaultValue\": \"\"\n      },\n      \"builtInIdentityResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Built-In-Identity-RG Location\",\n          \"description\": \"The location of the resource group 'Built-In-Identity-RG' created by the policy. This parameter is only used when 'Bring Your Own User Assigned Identity' parameter is false.\"\n        },\n        \"defaultValue\": \"eastus\"\n      },\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Policy Effect\",\n          \"description\": \"The effect determines what happens when the policy rule is evaluated to match.\"\n        },\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Compute/virtualMachines\"\n          },\n          {\n            \"value\": \"[[requestContext().apiVersion]\",\n            \"greaterOrEquals\": \"2018-10-01\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Compute/virtualMachines\",\n          \"name\": \"[[field('name')]\",\n          \"evaluationDelay\": \"AfterProvisioning\",\n          \"deploymentScope\": \"subscription\",\n          \"existenceCondition\": {\n            \"anyOf\": [\n              {\n                \"allOf\": [\n                  {\n                    \"field\": \"identity.type\",\n                    \"contains\": \"UserAssigned\"\n                  },\n                  {\n                    \"field\": \"identity.userAssignedIdentities\",\n                    \"containsKey\": \"[[if(parameters('bringYourOwnUserAssignedManagedIdentity'), concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', trim(parameters('identityResourceGroup')), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', trim(parameters('userAssignedIdentityName'))), concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/Built-In-Identity-RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/Built-In-Identity-', field('location')))]\"\n                  }\n                ]\n              },\n              {\n                \"allOf\": [\n                  {\n                    \"field\": \"identity.type\",\n                    \"equals\": \"UserAssigned\"\n                  },\n                  {\n                    \"value\": \"[[string(length(field('identity.userAssignedIdentities')))]\",\n                    \"equals\": \"1\"\n                  }\n                ]\n              }\n            ]\n          },\n          \"roleDefinitionIds\": [\n            \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n          ],\n          \"deployment\": {\n            \"location\": \"eastus\",\n            \"properties\": {\n              \"mode\": \"incremental\",\n              \"parameters\": {\n                \"bringYourOwnUserAssignedManagedIdentity\": {\n                  \"value\": \"[[parameters('bringYourOwnUserAssignedManagedIdentity')]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"uaName\": {\n                  \"value\": \"[[if(parameters('bringYourOwnUserAssignedManagedIdentity'), parameters('userAssignedIdentityName'), 'Built-In-Identity')]\"\n                },\n                \"identityResourceGroup\": {\n                  \"value\": \"[[if(parameters('bringYourOwnUserAssignedManagedIdentity'), parameters('identityResourceGroup'), 'Built-In-Identity-RG')]\"\n                },\n                \"builtInIdentityResourceGroupLocation\": {\n                  \"value\": \"[[parameters('builtInIdentityResourceGroupLocation')]\"\n                },\n                \"vmName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"vmResourceGroup\": {\n                  \"value\": \"[[resourceGroup().name]\"\n                },\n                \"resourceId\": {\n                  \"value\": \"[[field('id')]\"\n                }\n              },\n              \"template\": {\n                \"$schema\": \"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.1\",\n                \"parameters\": {\n                  \"bringYourOwnUserAssignedManagedIdentity\": {\n                    \"type\": \"bool\"\n                  },\n                  \"location\": {\n                    \"type\": \"string\"\n                  },\n                  \"uaName\": {\n                    \"type\": \"string\"\n                  },\n                  \"identityResourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"builtInIdentityResourceGroupLocation\": {\n                    \"type\": \"string\"\n                  },\n                  \"vmName\": {\n                    \"type\": \"string\"\n                  },\n                  \"vmResourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"resourceId\": {\n                    \"type\": \"string\"\n                  }\n                },\n                \"variables\": {\n                  \"uaNameWithLocation\": \"[[concat(parameters('uaName'),'-', parameters('location'))]\",\n                  \"precreatedUaId\": \"[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', trim(parameters('identityResourceGroup')), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', trim(parameters('uaName')))]\",\n                  \"autocreatedUaId\": \"[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', trim(parameters('identityResourceGroup')), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', trim(parameters('uaName')), '-', parameters('location'))]\",\n                  \"deployUALockName\": \"[[concat('deployUALock-', uniqueString(deployment().name))]\",\n                  \"deployUAName\": \"[[concat('deployUA-', uniqueString(deployment().name))]\",\n                  \"deployGetResourceProperties\": \"[[concat('deployGetResourceProperties-', uniqueString(deployment().name))]\",\n                  \"deployAssignUAName\": \"[[concat('deployAssignUA-', uniqueString(deployment().name))]\"\n                },\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.Resources/resourceGroups\",\n                    \"apiVersion\": \"2020-06-01\",\n                    \"name\": \"[[parameters('identityResourceGroup')]\",\n                    \"location\": \"[[parameters('builtInIdentityResourceGroupLocation')]\"\n                  },\n                  {\n                    \"condition\": \"[[parameters('bringYourOwnUserAssignedManagedIdentity')]\",\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"apiVersion\": \"2020-06-01\",\n                    \"name\": \"[[variables('deployUALockName')]\",\n                    \"resourceGroup\": \"[[parameters('identityResourceGroup')]\",\n                    \"dependsOn\": [\n                      \"[[resourceId('Microsoft.Resources/resourceGroups', parameters('identityResourceGroup'))]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"uaName\": {\n                          \"value\": \"[[parameters('uaName')]\"\n                        },\n                        \"location\": {\n                          \"value\": \"[[parameters('location')]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"uaName\": {\n                            \"type\": \"string\"\n                          },\n                          \"location\": {\n                            \"type\": \"string\"\n                          }\n                        },\n                        \"variables\": {},\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.ManagedIdentity/userAssignedIdentities\",\n                            \"name\": \"[[parameters('uaName')]\",\n                            \"apiVersion\": \"2018-11-30\",\n                            \"location\": \"[[parameters('location')]\"\n                          }\n                        ]\n                      }\n                    }\n                  },\n                  {\n                    \"condition\": \"[[not(parameters('bringYourOwnUserAssignedManagedIdentity'))]\",\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"apiVersion\": \"2020-06-01\",\n                    \"name\": \"[[variables('deployUAName')]\",\n                    \"resourceGroup\": \"[[parameters('identityResourceGroup')]\",\n                    \"dependsOn\": [\n                      \"[[resourceId('Microsoft.Resources/resourceGroups', parameters('identityResourceGroup'))]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"uaName\": {\n                          \"value\": \"[[variables('uaNameWithLocation')]\"\n                        },\n                        \"location\": {\n                          \"value\": \"[[parameters('location')]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"uaName\": {\n                            \"type\": \"string\"\n                          },\n                          \"location\": {\n                            \"type\": \"string\"\n                          }\n                        },\n                        \"variables\": {},\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.ManagedIdentity/userAssignedIdentities\",\n                            \"name\": \"[[parameters('uaName')]\",\n                            \"apiVersion\": \"2018-11-30\",\n                            \"location\": \"[[parameters('location')]\"\n                          },\n                          {\n                            \"type\": \"Microsoft.ManagedIdentity/userAssignedIdentities/providers/locks\",\n                            \"apiVersion\": \"2016-09-01\",\n                            \"name\": \"[[concat(parameters('uaName'), '/Microsoft.Authorization/', 'CanNotDeleteLock-', parameters('uaName'))]\",\n                            \"dependsOn\": [\n                              \"[[parameters('uaName')]\"\n                            ],\n                            \"properties\": {\n                              \"level\": \"CanNotDelete\",\n                              \"notes\": \"Please do not delete this User-Assigned Identity since extensions enabled by Azure Policy are relying on their existence.\"\n                            }\n                          }\n                        ]\n                      }\n                    }\n                  },\n                  {\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"apiVersion\": \"2020-06-01\",\n                    \"name\": \"[[variables('deployGetResourceProperties')]\",\n                    \"location\": \"[[parameters('location')]\",\n                    \"dependsOn\": [\n                      \"[[resourceId('Microsoft.Resources/resourceGroups', parameters('identityResourceGroup'))]\",\n                      \"[[variables('deployUAName')]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"template\": {\n                        \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"resources\": [],\n                        \"outputs\": {\n                          \"resource\": {\n                            \"type\": \"object\",\n                            \"value\": \"[[reference(parameters('resourceId'), '2019-07-01', 'Full')]\"\n                          }\n                        }\n                      }\n                    }\n                  },\n                  {\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"apiVersion\": \"2020-06-01\",\n                    \"name\": \"[[concat(variables('deployAssignUAName'))]\",\n                    \"resourceGroup\": \"[[parameters('vmResourceGroup')]\",\n                    \"dependsOn\": [\n                      \"[[resourceId('Microsoft.Resources/resourceGroups', parameters('identityResourceGroup'))]\",\n                      \"[[variables('deployUAName')]\",\n                      \"[[variables('deployGetResourceProperties')]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"uaId\": {\n                          \"value\": \"[[if(parameters('bringYourOwnUserAssignedManagedIdentity'), variables('precreatedUaId'), variables('autocreatedUaId'))]\"\n                        },\n                        \"vmName\": {\n                          \"value\": \"[[parameters('vmName')]\"\n                        },\n                        \"location\": {\n                          \"value\": \"[[parameters('location')]\"\n                        },\n                        \"identityType\": {\n                          \"value\": \"[[if(contains(reference(variables('deployGetResourceProperties')).outputs.resource.value, 'identity'), reference(variables('deployGetResourceProperties')).outputs.resource.value.identity.type, '')]\"\n                        },\n                        \"userAssignedIdentities\": {\n                          \"value\": \"[[if(and(contains(reference(variables('deployGetResourceProperties')).outputs.resource.value, 'identity'), contains(reference(variables('deployGetResourceProperties')).outputs.resource.value.identity, 'userAssignedIdentities')), reference(variables('deployGetResourceProperties')).outputs.resource.value.identity.userAssignedIdentities, createObject())]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"uaId\": {\n                            \"type\": \"string\"\n                          },\n                          \"vmName\": {\n                            \"type\": \"string\"\n                          },\n                          \"location\": {\n                            \"type\": \"string\"\n                          },\n                          \"identityType\": {\n                            \"type\": \"string\"\n                          },\n                          \"userAssignedIdentities\": {\n                            \"type\": \"object\"\n                          }\n                        },\n                        \"variables\": {\n                          \"identityTypeValue\": \"[[if(contains(parameters('identityType'), 'SystemAssigned'), 'SystemAssigned,UserAssigned', 'UserAssigned')]\",\n                          \"userAssignedIdentitiesValue\": \"[[union(parameters('userAssignedIdentities'), createObject(parameters('uaId'), createObject()))]\",\n                          \"resourceWithSingleUAI\": \"[[and(equals(parameters('identityType'), 'UserAssigned'), equals(string(length(parameters('userAssignedIdentities'))), '1'))]\"\n                        },\n                        \"resources\": [\n                          {\n                            \"condition\": \"[[not(variables('resourceWithSingleUAI'))]\",\n                            \"apiVersion\": \"2019-07-01\",\n                            \"type\": \"Microsoft.Compute/virtualMachines\",\n                            \"name\": \"[[parameters('vmName')]\",\n                            \"location\": \"[[parameters('location')]\",\n                            \"identity\": {\n                              \"type\": \"[[variables('identityTypeValue')]\",\n                              \"userAssignedIdentities\": \"[[variables('userAssignedIdentitiesValue')]\"\n                            }\n                          }\n                        ]\n                      }\n                    }\n                  }\n                ]\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}",
-    "$fxv#112": "{\n  \"name\": \"Deploy-MDFC-Arc-SQL-DCR-Association\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated]: Configure Arc-enabled SQL Servers with DCR Association to Microsoft Defender for SQL user-defined DCR\",\n    \"description\": \"Policy is deprecated as the built-in policy now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/2227e1f1-23dd-4c3a-85a9-7024a401d8b2.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"2227e1f1-23dd-4c3a-85a9-7024a401d8b2\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.HybridCompute/machines\"\n          },\n          {\n            \"field\": \"Microsoft.HybridCompute/machines/osName\",\n            \"equals\": \"Windows\"\n          },\n          {\n            \"field\": \"Microsoft.HybridCompute/machines/mssqlDiscovered\",\n            \"equals\": \"true\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Insights/dataCollectionRuleAssociations\",\n          \"name\": \"MicrosoftDefenderForSQL-RulesAssociation\",\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n            \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n          ],\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"incremental\",\n              \"template\": {\n                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"resourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"vmName\": {\n                    \"type\": \"string\"\n                  },\n                  \"workspaceRegion\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrName\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrResourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrId\": {\n                    \"type\": \"string\"\n                  }\n                },\n                \"variables\": {\n                  \"locationLongNameToShortMap\": {\n                    \"australiacentral\": \"CAU\",\n                    \"australiaeast\": \"EAU\",\n                    \"australiasoutheast\": \"SEAU\",\n                    \"brazilsouth\": \"CQ\",\n                    \"canadacentral\": \"CCA\",\n                    \"canadaeast\": \"CCA\",\n                    \"centralindia\": \"CIN\",\n                    \"centralus\": \"CUS\",\n                    \"eastasia\": \"EA\",\n                    \"eastus2euap\": \"eus2p\",\n                    \"eastus\": \"EUS\",\n                    \"eastus2\": \"EUS2\",\n                    \"francecentral\": \"PAR\",\n                    \"germanywestcentral\": \"DEWC\",\n                    \"japaneast\": \"EJP\",\n                    \"jioindiawest\": \"CIN\",\n                    \"koreacentral\": \"SE\",\n                    \"koreasouth\": \"SE\",\n                    \"northcentralus\": \"NCUS\",\n                    \"northeurope\": \"NEU\",\n                    \"norwayeast\": \"NOE\",\n                    \"southafricanorth\": \"JNB\",\n                    \"southcentralus\": \"SCUS\",\n                    \"southeastasia\": \"SEA\",\n                    \"southindia\": \"CIN\",\n                    \"swedencentral\": \"SEC\",\n                    \"switzerlandnorth\": \"CHN\",\n                    \"switzerlandwest\": \"CHW\",\n                    \"uaenorth\": \"DXB\",\n                    \"uksouth\": \"SUK\",\n                    \"ukwest\": \"WUK\",\n                    \"westcentralus\": \"WCUS\",\n                    \"westeurope\": \"WEU\",\n                    \"westindia\": \"CIN\",\n                    \"westus\": \"WUS\",\n                    \"westus2\": \"WUS2\"\n                  },\n                  \"locationCode\": \"[[if(contains(variables('locationLongNameToShortMap'), parameters('workspaceRegion')), variables('locationLongNameToShortMap')[parameters('workspaceRegion')], parameters('workspaceRegion'))]\",\n                  \"subscriptionId\": \"[[subscription().subscriptionId]\",\n                  \"defaultRGName\": \"[[parameters('resourceGroup')]\",\n                  \"dcrName\": \"[[parameters('dcrName')]\",\n                  \"dcrId\": \"[[parameters('dcrId')]\",\n                  \"dcraName\": \"[[concat(parameters('vmName'),'/Microsoft.Insights/MicrosoftDefenderForSQL-RulesAssociation')]\"\n                },\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.HybridCompute/machines/providers/dataCollectionRuleAssociations\",\n                    \"name\": \"[[variables('dcraName')]\",\n                    \"apiVersion\": \"2021-04-01\",\n                    \"properties\": {\n                      \"description\": \"Configure association between Arc-enabled SQL Server and the Microsoft Defender for SQL user-defined DCR. Deleting this association will break the detection of security vulnerabilities for this Arc-enabled SQL Server.\",\n                      \"dataCollectionRuleId\": \"[[variables('dcrId')]\"\n                    }\n                  }\n                ]\n              },\n              \"parameters\": {\n                \"resourceGroup\": {\n                  \"value\": \"[[parameters('dcrResourceGroup')]\"\n                },\n                \"vmName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"workspaceRegion\": {\n                  \"value\": \"[[parameters('workspaceRegion')]\"\n                },\n                \"dcrName\": {\n                  \"value\": \"[[parameters('dcrName')]\"\n                },\n                \"dcrResourceGroup\": {\n                  \"value\": \"[[parameters('dcrResourceGroup')]\"\n                },\n                \"dcrId\": {\n                  \"value\": \"[[parameters('dcrId')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}",
-    "$fxv#113": "{\n  \"name\": \"Deploy-MDFC-Arc-Sql-DefenderSQL-DCR\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated]: Configure Arc-enabled SQL Servers to auto install Microsoft Defender for SQL and DCR with a user-defined LAW\",\n    \"description\": \"Policy is deprecated as the built-in policy now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/63d03cbd-47fd-4ee1-8a1c-9ddf07303de0.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"63d03cbd-47fd-4ee1-8a1c-9ddf07303de0\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"userWorkspaceResourceId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace Resource Id\",\n          \"description\": \"Workspace resource Id of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n        \"type\": \"Boolean\",\n        \"metadata\": {\n          \"displayName\": \"Enable collection of SQL queries for security research\",\n          \"description\": \"Enable or disable the collection of SQL queries for security research.\"\n        },\n        \"allowedValues\": [\n          true,\n          false\n        ],\n        \"defaultValue\": false\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.HybridCompute/machines\"\n          },\n          {\n            \"field\": \"Microsoft.HybridCompute/machines/osName\",\n            \"equals\": \"Windows\"\n          },\n          {\n            \"field\": \"Microsoft.HybridCompute/machines/mssqlDiscovered\",\n            \"equals\": \"true\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Insights/dataCollectionRules\",\n          \"deploymentScope\": \"subscription\",\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n          ],\n          \"existenceScope\": \"subscription\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"location\",\n                \"equals\": \"[[parameters('workspaceRegion')]\"\n              },\n              {\n                \"field\": \"name\",\n                \"equals\": \"[[parameters('dcrName')]\"\n              }\n            ]\n          },\n          \"deployment\": {\n            \"location\": \"eastus\",\n            \"properties\": {\n              \"mode\": \"incremental\",\n              \"template\": {\n                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"resourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"vmName\": {\n                    \"type\": \"string\"\n                  },\n                  \"userWorkspaceResourceId\": {\n                    \"type\": \"string\"\n                  },\n                  \"workspaceRegion\": {\n                    \"type\": \"string\"\n                  },\n                  \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                    \"type\": \"bool\"\n                  },\n                  \"dcrName\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrResourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrId\": {\n                    \"type\": \"string\"\n                  }\n                },\n                \"variables\": {\n                  \"locationLongNameToShortMap\": {\n                    \"australiacentral\": \"CAU\",\n                    \"australiaeast\": \"EAU\",\n                    \"australiasoutheast\": \"SEAU\",\n                    \"brazilsouth\": \"CQ\",\n                    \"canadacentral\": \"CCA\",\n                    \"canadaeast\": \"CCA\",\n                    \"centralindia\": \"CIN\",\n                    \"centralus\": \"CUS\",\n                    \"eastasia\": \"EA\",\n                    \"eastus2euap\": \"eus2p\",\n                    \"eastus\": \"EUS\",\n                    \"eastus2\": \"EUS2\",\n                    \"francecentral\": \"PAR\",\n                    \"germanywestcentral\": \"DEWC\",\n                    \"japaneast\": \"EJP\",\n                    \"jioindiawest\": \"CIN\",\n                    \"koreacentral\": \"SE\",\n                    \"koreasouth\": \"SE\",\n                    \"northcentralus\": \"NCUS\",\n                    \"northeurope\": \"NEU\",\n                    \"norwayeast\": \"NOE\",\n                    \"southafricanorth\": \"JNB\",\n                    \"southcentralus\": \"SCUS\",\n                    \"southeastasia\": \"SEA\",\n                    \"southindia\": \"CIN\",\n                    \"swedencentral\": \"SEC\",\n                    \"switzerlandnorth\": \"CHN\",\n                    \"switzerlandwest\": \"CHW\",\n                    \"uaenorth\": \"DXB\",\n                    \"uksouth\": \"SUK\",\n                    \"ukwest\": \"WUK\",\n                    \"westcentralus\": \"WCUS\",\n                    \"westeurope\": \"WEU\",\n                    \"westindia\": \"CIN\",\n                    \"westus\": \"WUS\",\n                    \"westus2\": \"WUS2\"\n                  },\n                  \"locationCode\": \"[[if(contains(variables('locationLongNameToShortMap'), parameters('workspaceRegion')), variables('locationLongNameToShortMap')[parameters('workspaceRegion')], parameters('workspaceRegion'))]\",\n                  \"subscriptionId\": \"[[subscription().subscriptionId]\",\n                  \"defaultRGName\": \"[[parameters('resourceGroup')]\",\n                  \"defaultRGLocation\": \"[[parameters('workspaceRegion')]\",\n                  \"dcrName\": \"[[parameters('dcrName')]\",\n                  \"dcrId\": \"[[parameters('dcrId')]\",\n                  \"dcraName\": \"[[concat(parameters('vmName'),'/Microsoft.Insights/MicrosoftDefenderForSQL-RulesAssociation')]\",\n                  \"deployDataCollectionRules\": \"[[concat('deployDataCollectionRules-', uniqueString(deployment().name))]\",\n                  \"deployDataCollectionRulesAssociation\": \"[[concat('deployDataCollectionRulesAssociation-', uniqueString(deployment().name))]\"\n                },\n                \"resources\": [\n                  {\n                    \"condition\": \"[[empty(parameters('dcrResourceGroup'))]\",\n                    \"type\": \"Microsoft.Resources/resourceGroups\",\n                    \"name\": \"[[variables('defaultRGName')]\",\n                    \"apiVersion\": \"2022-09-01\",\n                    \"location\": \"[[variables('defaultRGLocation')]\",\n                    \"tags\": {\n                      \"createdBy\": \"MicrosoftDefenderForSQL\"\n                    }\n                  },\n                  {\n                    \"condition\": \"[[empty(parameters('dcrId'))]\",\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"name\": \"[[variables('deployDataCollectionRules')]\",\n                    \"apiVersion\": \"2022-09-01\",\n                    \"resourceGroup\": \"[[variables('defaultRGName')]\",\n                    \"dependsOn\": [\n                      \"[[variables('defaultRGName')]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"defaultRGLocation\": {\n                          \"value\": \"[[variables('defaultRGLocation')]\"\n                        },\n                        \"workspaceResourceId\": {\n                          \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n                        },\n                        \"dcrName\": {\n                          \"value\": \"[[variables('dcrName')]\"\n                        },\n                        \"dcrId\": {\n                          \"value\": \"[[variables('dcrId')]\"\n                        },\n                        \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                          \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"defaultRGLocation\": {\n                            \"type\": \"string\"\n                          },\n                          \"workspaceResourceId\": {\n                            \"type\": \"string\"\n                          },\n                          \"dcrName\": {\n                            \"type\": \"string\"\n                          },\n                          \"dcrId\": {\n                            \"type\": \"string\"\n                          },\n                          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                            \"type\": \"bool\"\n                          }\n                        },\n                        \"variables\": {},\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.Insights/dataCollectionRules\",\n                            \"name\": \"[[parameters('dcrName')]\",\n                            \"apiVersion\": \"2021-04-01\",\n                            \"location\": \"[[parameters('defaultRGLocation')]\",\n                            \"tags\": {\n                              \"createdBy\": \"MicrosoftDefenderForSQL\"\n                            },\n                            \"properties\": {\n                              \"description\": \"Data collection rule for Microsoft Defender for SQL. Deleting this rule will break the detection of security vulnerabilities.\",\n                              \"dataSources\": {\n                                \"extensions\": [\n                                  {\n                                    \"extensionName\": \"MicrosoftDefenderForSQL\",\n                                    \"name\": \"MicrosoftDefenderForSQL\",\n                                    \"streams\": [\n                                      \"Microsoft-DefenderForSqlAlerts\",\n                                      \"Microsoft-DefenderForSqlLogins\",\n                                      \"Microsoft-DefenderForSqlTelemetry\",\n                                      \"Microsoft-DefenderForSqlScanEvents\",\n                                      \"Microsoft-DefenderForSqlScanResults\"\n                                    ],\n                                    \"extensionSettings\": {\n                                      \"enableCollectionOfSqlQueriesForSecurityResearch\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n                                    }\n                                  }\n                                ]\n                              },\n                              \"destinations\": {\n                                \"logAnalytics\": [\n                                  {\n                                    \"workspaceResourceId\": \"[[parameters('workspaceResourceId')]\",\n                                    \"name\": \"LogAnalyticsDest\"\n                                  }\n                                ]\n                              },\n                              \"dataFlows\": [\n                                {\n                                  \"streams\": [\n                                    \"Microsoft-DefenderForSqlAlerts\",\n                                    \"Microsoft-DefenderForSqlLogins\",\n                                    \"Microsoft-DefenderForSqlTelemetry\",\n                                    \"Microsoft-DefenderForSqlScanEvents\",\n                                    \"Microsoft-DefenderForSqlScanResults\"\n                                  ],\n                                  \"destinations\": [\n                                    \"LogAnalyticsDest\"\n                                  ]\n                                }\n                              ]\n                            }\n                          }\n                        ]\n                      }\n                    }\n                  },\n                  {\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"name\": \"[[variables('deployDataCollectionRulesAssociation')]\",\n                    \"apiVersion\": \"2022-09-01\",\n                    \"resourceGroup\": \"[[parameters('resourceGroup')]\",\n                    \"dependsOn\": [\n                      \"[[variables('deployDataCollectionRules')]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"dcrId\": {\n                          \"value\": \"[[variables('dcrId')]\"\n                        },\n                        \"dcraName\": {\n                          \"value\": \"[[variables('dcraName')]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"dcrId\": {\n                            \"type\": \"string\"\n                          },\n                          \"dcraName\": {\n                            \"type\": \"string\"\n                          }\n                        },\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.HybridCompute/machines/providers/dataCollectionRuleAssociations\",\n                            \"name\": \"[[parameters('dcraName')]\",\n                            \"apiVersion\": \"2021-04-01\",\n                            \"properties\": {\n                              \"description\": \"Configure association between Arc-enabled SQL Server and the Microsoft Defender for SQL user-defined DCR. Deleting this association will break the detection of security vulnerabilities for this Arc-enabled SQL Server.\",\n                              \"dataCollectionRuleId\": \"[[parameters('dcrId')]\"\n                            }\n                          }\n                        ]\n                      }\n                    }\n                  }\n                ]\n              },\n              \"parameters\": {\n                \"resourceGroup\": {\n                  \"value\": \"[[parameters('dcrResourceGroup')]\"\n                },\n                \"vmName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"userWorkspaceResourceId\": {\n                  \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n                },\n                \"workspaceRegion\": {\n                  \"value\": \"[[parameters('workspaceRegion')]\"\n                },\n                \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                  \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n                },\n                \"dcrName\": {\n                  \"value\": \"[[parameters('dcrName')]\"\n                },\n                \"dcrResourceGroup\": {\n                  \"value\": \"[[parameters('dcrResourceGroup')]\"\n                },\n                \"dcrId\": {\n                  \"value\": \"[[parameters('dcrId')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}",
-    "$fxv#114": "{\n  \"name\": \"Deploy-MDFC-SQL-AMA\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated]: Configure SQL Virtual Machines to automatically install Azure Monitor Agent\",\n    \"description\": \"Policy is deprecated as the built-in policy now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/f91991d1-5383-4c95-8ee5-5ac423dd8bb1.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"f91991d1-5383-4c95-8ee5-5ac423dd8bb1\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"identityResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Identity Resource Group\",\n          \"description\": \"The name of the resource group created by the policy.\"\n        },\n        \"defaultValue\": \"\"\n      },\n      \"userAssignedIdentityName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"User Assigned Managed Identity Name\",\n          \"description\": \"The name of the user assigned managed identity.\"\n        },\n        \"defaultValue\": \"\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Compute/virtualMachines\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\n            \"like\": \"Windows*\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/imagePublisher\",\n            \"equals\": \"microsoftsqlserver\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n          \"evaluationDelay\": \"AfterProvisioning\",\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\n          ],\n          \"name\": \"[[concat(field('fullName'), '/AzureMonitorWindowsAgent')]\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\n                \"equals\": \"AzureMonitorWindowsAgent\"\n              },\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\n                \"equals\": \"Microsoft.Azure.Monitor\"\n              },\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\n                \"in\": [\n                  \"Succeeded\",\n                  \"Provisioning succeeded\"\n                ]\n              }\n            ]\n          },\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"incremental\",\n              \"template\": {\n                \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"vmName\": {\n                    \"type\": \"string\"\n                  },\n                  \"location\": {\n                    \"type\": \"string\"\n                  },\n                  \"userAssignedManagedIdentity\": {\n                    \"type\": \"string\"\n                  },\n                  \"userAssignedIdentityName\": {\n                    \"type\": \"string\"\n                  },\n                  \"identityResourceGroup\": {\n                    \"type\": \"string\"\n                  }\n                },\n                \"variables\": {\n                  \"extensionName\": \"AzureMonitorWindowsAgent\",\n                  \"extensionPublisher\": \"Microsoft.Azure.Monitor\",\n                  \"extensionType\": \"AzureMonitorWindowsAgent\",\n                  \"extensionTypeHandlerVersion\": \"1.2\"\n                },\n                \"resources\": [\n                  {\n                    \"name\": \"[[concat(parameters('vmName'), '/', variables('extensionName'))]\",\n                    \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n                    \"location\": \"[[parameters('location')]\",\n                    \"tags\": {\n                      \"createdBy\": \"MicrosoftDefenderForSQL\"\n                    },\n                    \"apiVersion\": \"2023-03-01\",\n                    \"properties\": {\n                      \"publisher\": \"[[variables('extensionPublisher')]\",\n                      \"type\": \"[[variables('extensionType')]\",\n                      \"typeHandlerVersion\": \"[[variables('extensionTypeHandlerVersion')]\",\n                      \"autoUpgradeMinorVersion\": true,\n                      \"enableAutomaticUpgrade\": true,\n                      \"settings\": {\n                        \"authentication\": {\n                          \"managedIdentity\": {\n                            \"identifier-name\": \"mi_res_id\",\n                            \"identifier-value\": \"[[parameters('userAssignedManagedIdentity')]\"\n                          }\n                        }\n                      }\n                    }\n                  }\n                ]\n              },\n              \"parameters\": {\n                \"vmName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"userAssignedManagedIdentity\": {\n                  \"value\": \"[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', trim(parameters('identityResourceGroup')), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', trim(parameters('userAssignedIdentityName')))]\"\n                },\n                \"userAssignedIdentityName\": {\n                  \"value\": \"[[parameters('userAssignedIdentityName')]\"\n                },\n                \"identityResourceGroup\": {\n                  \"value\": \"[[parameters('identityResourceGroup')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
-    "$fxv#115": "{\n  \"name\": \"Deploy-MDFC-SQL-DefenderSQL-DCR\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated]: Configure SQL Virtual Machines to auto install Microsoft Defender for SQL and DCR with a user-defined LAW\",\n    \"description\": \"Policy is deprecated as the built-in policy now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/04754ef9-9ae3-4477-bf17-86ef50026304.html\",\n    \"metadata\": {\n      \"version\": \"1.0.1-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"04754ef9-9ae3-4477-bf17-86ef50026304\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"userWorkspaceResourceId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace Resource Id\",\n          \"description\": \"Workspace resource Id of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n        \"type\": \"Boolean\",\n        \"metadata\": {\n          \"displayName\": \"Enable collection of SQL queries for security research\",\n          \"description\": \"Enable or disable the collection of SQL queries for security research.\"\n        },\n        \"allowedValues\": [\n          true,\n          false\n        ],\n        \"defaultValue\": false\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Compute/virtualMachines\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\n            \"like\": \"Windows*\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/imagePublisher\",\n            \"equals\": \"microsoftsqlserver\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Insights/dataCollectionRules\",\n          \"evaluationDelay\": \"AfterProvisioning\",\n          \"deploymentScope\": \"subscription\",\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n          ],\n          \"existenceScope\": \"subscription\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"location\",\n                \"equals\": \"[[parameters('workspaceRegion')]\"\n              },\n              {\n                \"field\": \"name\",\n                \"equals\": \"[[parameters('dcrName')]\"\n              }\n            ]\n          },\n          \"deployment\": {\n            \"location\": \"eastus\",\n            \"properties\": {\n              \"mode\": \"incremental\",\n              \"template\": {\n                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"resourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"location\": {\n                    \"type\": \"string\"\n                  },\n                  \"vmName\": {\n                    \"type\": \"string\"\n                  },\n                  \"userWorkspaceResourceId\": {\n                    \"type\": \"string\"\n                  },\n                  \"workspaceRegion\": {\n                    \"type\": \"string\"\n                  },\n                  \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                    \"type\": \"bool\"\n                  },\n                  \"dcrName\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrResourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrId\": {\n                    \"type\": \"string\"\n                  }\n                },\n                \"variables\": {\n                  \"locationLongNameToShortMap\": {\n                    \"australiacentral\": \"CAU\",\n                    \"australiaeast\": \"EAU\",\n                    \"australiasoutheast\": \"SEAU\",\n                    \"brazilsouth\": \"CQ\",\n                    \"canadacentral\": \"CCA\",\n                    \"canadaeast\": \"CCA\",\n                    \"centralindia\": \"CIN\",\n                    \"centralus\": \"CUS\",\n                    \"eastasia\": \"EA\",\n                    \"eastus2euap\": \"eus2p\",\n                    \"eastus\": \"EUS\",\n                    \"eastus2\": \"EUS2\",\n                    \"francecentral\": \"PAR\",\n                    \"germanywestcentral\": \"DEWC\",\n                    \"japaneast\": \"EJP\",\n                    \"jioindiawest\": \"CIN\",\n                    \"koreacentral\": \"SE\",\n                    \"koreasouth\": \"SE\",\n                    \"northcentralus\": \"NCUS\",\n                    \"northeurope\": \"NEU\",\n                    \"norwayeast\": \"NOE\",\n                    \"southafricanorth\": \"JNB\",\n                    \"southcentralus\": \"SCUS\",\n                    \"southeastasia\": \"SEA\",\n                    \"southindia\": \"CIN\",\n                    \"swedencentral\": \"SEC\",\n                    \"switzerlandnorth\": \"CHN\",\n                    \"switzerlandwest\": \"CHW\",\n                    \"uaenorth\": \"DXB\",\n                    \"uksouth\": \"SUK\",\n                    \"ukwest\": \"WUK\",\n                    \"westcentralus\": \"WCUS\",\n                    \"westeurope\": \"WEU\",\n                    \"westindia\": \"CIN\",\n                    \"westus\": \"WUS\",\n                    \"westus2\": \"WUS2\"\n                  },\n                  \"locationCode\": \"[[if(contains(variables('locationLongNameToShortMap'), parameters('workspaceRegion')), variables('locationLongNameToShortMap')[parameters('workspaceRegion')], parameters('workspaceRegion'))]\",\n                  \"subscriptionId\": \"[[subscription().subscriptionId]\",\n                  \"defaultRGName\": \"[[parameters('dcrResourceGroup')]\",\n                  \"defaultRGLocation\": \"[[parameters('workspaceRegion')]\",\n                  \"dcrName\": \"[[parameters('dcrName')]\",\n                  \"dcrId\": \"[[parameters('dcrId')]\",\n                  \"dcraName\": \"[[concat(parameters('vmName'),'/Microsoft.Insights/MicrosoftDefenderForSQL-RulesAssociation')]\",\n                  \"deployDataCollectionRules\": \"[[concat('deployDataCollectionRules-', uniqueString(deployment().name))]\",\n                  \"deployDataCollectionRulesAssociation\": \"[[concat('deployDataCollectionRulesAssociation-', uniqueString(deployment().name))]\",\n                  \"deployDefenderForSQL\": \"[[concat('deployDefenderForSQL-', uniqueString(deployment().name))]\"\n                },\n                \"resources\": [\n                  {\n                    \"condition\": \"[[empty(parameters('dcrResourceGroup'))]\",\n                    \"type\": \"Microsoft.Resources/resourceGroups\",\n                    \"name\": \"[[variables('defaultRGName')]\",\n                    \"apiVersion\": \"2022-09-01\",\n                    \"location\": \"[[variables('defaultRGLocation')]\",\n                    \"tags\": {\n                      \"createdBy\": \"MicrosoftDefenderForSQL\"\n                    }\n                  },\n                  {\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"name\": \"[[variables('deployDefenderForSQL')]\",\n                    \"apiVersion\": \"2022-09-01\",\n                    \"resourceGroup\": \"[[parameters('resourceGroup')]\",\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"location\": {\n                          \"value\": \"[[parameters('location')]\"\n                        },\n                        \"vmName\": {\n                          \"value\": \"[[parameters('vmName')]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"location\": {\n                            \"type\": \"string\"\n                          },\n                          \"vmName\": {\n                            \"type\": \"string\"\n                          }\n                        },\n                        \"variables\": {},\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n                            \"name\": \"[[concat(parameters('vmName'), '/', 'MicrosoftDefenderForSQL')]\",\n                            \"apiVersion\": \"2023-03-01\",\n                            \"location\": \"[[parameters('location')]\",\n                            \"tags\": {\n                              \"createdBy\": \"MicrosoftDefenderForSQL\"\n                            },\n                            \"properties\": {\n                              \"publisher\": \"Microsoft.Azure.AzureDefenderForSQL\",\n                              \"type\": \"AdvancedThreatProtection.Windows\",\n                              \"typeHandlerVersion\": \"2.0\",\n                              \"autoUpgradeMinorVersion\": true,\n                              \"enableAutomaticUpgrade\": true\n                            }\n                          }\n                        ]\n                      }\n                    }\n                  },\n                  {\n                    \"condition\": \"[[empty(parameters('dcrId'))]\",\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"name\": \"[[variables('deployDataCollectionRules')]\",\n                    \"apiVersion\": \"2022-09-01\",\n                    \"resourceGroup\": \"[[variables('defaultRGName')]\",\n                    \"dependsOn\": [\n                      \"[[variables('defaultRGName')]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"defaultRGLocation\": {\n                          \"value\": \"[[variables('defaultRGLocation')]\"\n                        },\n                        \"workspaceResourceId\": {\n                          \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n                        },\n                        \"dcrName\": {\n                          \"value\": \"[[variables('dcrName')]\"\n                        },\n                        \"dcrId\": {\n                          \"value\": \"[[variables('dcrId')]\"\n                        },\n                        \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                          \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"defaultRGLocation\": {\n                            \"type\": \"string\"\n                          },\n                          \"workspaceResourceId\": {\n                            \"type\": \"string\"\n                          },\n                          \"dcrName\": {\n                            \"type\": \"string\"\n                          },\n                          \"dcrId\": {\n                            \"type\": \"string\"\n                          },\n                          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                            \"type\": \"bool\"\n                          }\n                        },\n                        \"variables\": {},\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.Insights/dataCollectionRules\",\n                            \"name\": \"[[parameters('dcrName')]\",\n                            \"apiVersion\": \"2021-04-01\",\n                            \"location\": \"[[parameters('defaultRGLocation')]\",\n                            \"tags\": {\n                              \"createdBy\": \"MicrosoftDefenderForSQL\"\n                            },\n                            \"properties\": {\n                              \"description\": \"Data collection rule for Microsoft Defender for SQL. Deleting this rule will break the detection of security vulnerabilities.\",\n                              \"dataSources\": {\n                                \"extensions\": [\n                                  {\n                                    \"extensionName\": \"MicrosoftDefenderForSQL\",\n                                    \"name\": \"MicrosoftDefenderForSQL\",\n                                    \"streams\": [\n                                      \"Microsoft-DefenderForSqlAlerts\",\n                                      \"Microsoft-DefenderForSqlLogins\",\n                                      \"Microsoft-DefenderForSqlTelemetry\",\n                                      \"Microsoft-DefenderForSqlScanEvents\",\n                                      \"Microsoft-DefenderForSqlScanResults\"\n                                    ],\n                                    \"extensionSettings\": {\n                                      \"enableCollectionOfSqlQueriesForSecurityResearch\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n                                    }\n                                  }\n                                ]\n                              },\n                              \"destinations\": {\n                                \"logAnalytics\": [\n                                  {\n                                    \"workspaceResourceId\": \"[[parameters('workspaceResourceId')]\",\n                                    \"name\": \"LogAnalyticsDest\"\n                                  }\n                                ]\n                              },\n                              \"dataFlows\": [\n                                {\n                                  \"streams\": [\n                                    \"Microsoft-DefenderForSqlAlerts\",\n                                    \"Microsoft-DefenderForSqlLogins\",\n                                    \"Microsoft-DefenderForSqlTelemetry\",\n                                    \"Microsoft-DefenderForSqlScanEvents\",\n                                    \"Microsoft-DefenderForSqlScanResults\"\n                                  ],\n                                  \"destinations\": [\n                                    \"LogAnalyticsDest\"\n                                  ]\n                                }\n                              ]\n                            }\n                          }\n                        ]\n                      }\n                    }\n                  },\n                  {\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"name\": \"[[variables('deployDataCollectionRulesAssociation')]\",\n                    \"apiVersion\": \"2022-09-01\",\n                    \"resourceGroup\": \"[[parameters('resourceGroup')]\",\n                    \"dependsOn\": [\n                      \"[[variables('deployDataCollectionRules')]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"dcrId\": {\n                          \"value\": \"[[variables('dcrId')]\"\n                        },\n                        \"dcraName\": {\n                          \"value\": \"[[variables('dcraName')]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"dcrId\": {\n                            \"type\": \"string\"\n                          },\n                          \"dcraName\": {\n                            \"type\": \"string\"\n                          }\n                        },\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.Compute/virtualMachines/providers/dataCollectionRuleAssociations\",\n                            \"name\": \"[[parameters('dcraName')]\",\n                            \"apiVersion\": \"2021-04-01\",\n                            \"properties\": {\n                              \"description\": \"Configure association between SQL Virtual Machine and the Microsoft Defender for SQL user-defined DCR. Deleting this association will break the detection of security vulnerabilities for this SQL Virtual Machine.\",\n                              \"dataCollectionRuleId\": \"[[parameters('dcrId')]\"\n                            }\n                          }\n                        ]\n                      }\n                    }\n                  }\n                ]\n              },\n              \"parameters\": {\n                \"resourceGroup\": {\n                  \"value\": \"[[resourceGroup().name]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"vmName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"userWorkspaceResourceId\": {\n                  \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n                },\n                \"workspaceRegion\": {\n                  \"value\": \"[[parameters('workspaceRegion')]\"\n                },\n                \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                  \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n                },\n                \"dcrName\": {\n                  \"value\": \"[[parameters('dcrName')]\"\n                },\n                \"dcrResourceGroup\": {\n                  \"value\": \"[[parameters('dcrResourceGroup')]\"\n                },\n                \"dcrId\": {\n                  \"value\": \"[[parameters('dcrId')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
-    "$fxv#116": "{\n  \"name\": \"Deploy-MDFC-SQL-DefenderSQL\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"displayName\": \"[Deprecated]: Configure SQL Virtual Machines to automatically install Microsoft Defender for SQL\",\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"description\": \"Policy is deprecated as the built-in policy now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/ddca0ddc-4e9d-4bbb-92a1-f7c4dd7ef7ce.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"ddca0ddc-4e9d-4bbb-92a1-f7c4dd7ef7ce\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Compute/virtualMachines\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\n            \"like\": \"Windows*\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/imagePublisher\",\n            \"equals\": \"microsoftsqlserver\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n          \"name\": \"[[concat(field('fullName'), '/MicrosoftDefenderForSQL')]\",\n          \"evaluationDelay\": \"AfterProvisioning\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\n                \"equals\": \"AdvancedThreatProtection.Windows\"\n              },\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\n                \"equals\": \"Microsoft.Azure.AzureDefenderForSQL\"\n              },\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\n                \"in\": [\n                  \"Succeeded\",\n                  \"Provisioning succeeded\"\n                ]\n              }\n            ]\n          },\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n            \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n          ],\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"incremental\",\n              \"template\": {\n                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"location\": {\n                    \"type\": \"string\"\n                  },\n                  \"vmName\": {\n                    \"type\": \"string\"\n                  },\n                  \"workspaceRegion\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrResourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrName\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrId\": {\n                    \"type\": \"string\"\n                  }\n                },\n                \"variables\": {\n                  \"locationLongNameToShortMap\": {\n                    \"australiacentral\": \"CAU\",\n                    \"australiaeast\": \"EAU\",\n                    \"australiasoutheast\": \"SEAU\",\n                    \"brazilsouth\": \"CQ\",\n                    \"canadacentral\": \"CCA\",\n                    \"canadaeast\": \"CCA\",\n                    \"centralindia\": \"CIN\",\n                    \"centralus\": \"CUS\",\n                    \"eastasia\": \"EA\",\n                    \"eastus2euap\": \"eus2p\",\n                    \"eastus\": \"EUS\",\n                    \"eastus2\": \"EUS2\",\n                    \"francecentral\": \"PAR\",\n                    \"germanywestcentral\": \"DEWC\",\n                    \"japaneast\": \"EJP\",\n                    \"jioindiawest\": \"CIN\",\n                    \"koreacentral\": \"SE\",\n                    \"koreasouth\": \"SE\",\n                    \"northcentralus\": \"NCUS\",\n                    \"northeurope\": \"NEU\",\n                    \"norwayeast\": \"NOE\",\n                    \"southafricanorth\": \"JNB\",\n                    \"southcentralus\": \"SCUS\",\n                    \"southeastasia\": \"SEA\",\n                    \"southindia\": \"CIN\",\n                    \"swedencentral\": \"SEC\",\n                    \"switzerlandnorth\": \"CHN\",\n                    \"switzerlandwest\": \"CHW\",\n                    \"uaenorth\": \"DXB\",\n                    \"uksouth\": \"SUK\",\n                    \"ukwest\": \"WUK\",\n                    \"westcentralus\": \"WCUS\",\n                    \"westeurope\": \"WEU\",\n                    \"westindia\": \"CIN\",\n                    \"westus\": \"WUS\",\n                    \"westus2\": \"WUS2\"\n                  },\n                  \"actualLocation\": \"[[if(empty(parameters('workspaceRegion')), parameters('location'), parameters('workspaceRegion'))]\",\n                  \"locationCode\": \"[[if(contains(variables('locationLongNameToShortMap'), variables('actualLocation')), variables('locationLongNameToShortMap')[variables('actualLocation')], variables('actualLocation'))]\",\n                  \"subscriptionId\": \"[[subscription().subscriptionId]\",\n                  \"defaultRGName\": \"[[parameters('dcrResourceGroup')]\",\n                  \"dcrName\": \"[[parameters('dcrName')]\",\n                  \"dcrId\": \"[[parameters('dcrId')]\",\n                  \"dcraName\": \"[[concat(parameters('vmName'),'/Microsoft.Insights/MicrosoftDefenderForSQL-RulesAssociation')]\"\n                },\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n                    \"name\": \"[[concat(parameters('vmName'), '/', 'MicrosoftDefenderForSQL')]\",\n                    \"apiVersion\": \"2023-03-01\",\n                    \"location\": \"[[parameters('location')]\",\n                    \"tags\": {\n                      \"createdBy\": \"MicrosoftDefenderForSQL\"\n                    },\n                    \"properties\": {\n                      \"publisher\": \"Microsoft.Azure.AzureDefenderForSQL\",\n                      \"type\": \"AdvancedThreatProtection.Windows\",\n                      \"typeHandlerVersion\": \"2.0\",\n                      \"autoUpgradeMinorVersion\": true,\n                      \"enableAutomaticUpgrade\": true\n                    },\n                    \"dependsOn\": [\n                      \"[[extensionResourceId(concat('/subscriptions/', variables('subscriptionId'), '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Compute/virtualMachines/', parameters('vmName')), 'Microsoft.Insights/dataCollectionRuleAssociations','MicrosoftDefenderForSQL-RulesAssociation')]\"\n                    ]\n                  },\n                  {\n                    \"type\": \"Microsoft.Compute/virtualMachines/providers/dataCollectionRuleAssociations\",\n                    \"name\": \"[[variables('dcraName')]\",\n                    \"apiVersion\": \"2021-04-01\",\n                    \"properties\": {\n                      \"description\": \"Configure association between SQL Virtual Machine and the Microsoft Defender for SQL DCR. Deleting this association will break the detection of security vulnerabilities for this SQL Virtual Machine.\",\n                      \"dataCollectionRuleId\": \"[[variables('dcrId')]\"\n                    }\n                  }\n                ]\n              },\n              \"parameters\": {\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"vmName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"workspaceRegion\": {\n                  \"value\": \"[[parameters('workspaceRegion')]\"\n                },\n                \"dcrResourceGroup\": {\n                  \"value\": \"[[parameters('dcrResourceGroup')]\"\n                },\n                \"dcrName\": {\n                  \"value\": \"[[parameters('dcrName')]\"\n                },\n                \"dcrId\": {\n                  \"value\": \"[[parameters('dcrId')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
-    "$fxv#117": "{\n    \"name\": \"Deny-APIM-TLS\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"API Management services should use TLS version 1.2\",\n        \"description\": \"Azure API Management service should use TLS version 1.2\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"API Management\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.ApiManagement/service\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"value\": \"[[indexof(toLower(string(field('Microsoft.ApiManagement/service/customProperties'))), '\\\"microsoft.windowsazure.apimanagement.gateway.security.protocols.tls10\\\":\\\"true\\\"')]\",\n                                \"greater\": 0\n                            },\n                            {\n                                \"value\": \"[[indexof(toLower(string(field('Microsoft.ApiManagement/service/customProperties'))), '\\\"microsoft.windowsazure.apimanagement.gateway.security.protocols.tls10\\\":true')]\",\n                                \"greater\": 0\n                            },\n                            {\n                                \"value\": \"[[indexof(toLower(string(field('Microsoft.ApiManagement/service/customProperties'))), '\\\"microsoft.windowsazure.apimanagement.gateway.security.protocols.tls11\\\":\\\"true\\\"')]\",\n                                \"greater\": 0\n                            },\n                            {\n                                \"value\": \"[[indexof(toLower(string(field('Microsoft.ApiManagement/service/customProperties'))), '\\\"microsoft.windowsazure.apimanagement.gateway.security.protocols.tls11\\\":true')]\",\n                                \"greater\": 0\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#118": "{\n    \"name\": \"Deny-AppGw-Without-Tls\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Application Gateway should be deployed with predefined Microsoft policy that is using TLS version 1.2\",\n        \"description\": \"This policy enables you to restrict that Application Gateways is always deployed with predefined Microsoft policy that is using TLS version 1.2\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"predefinedPolicyName\": {\n                \"type\": \"array\",\n                \"metadata\": {\n                    \"displayName\": \"Predefined policy name\",\n                    \"description\": \"Predefined policy name\"\n                },\n                \"defaultValue\": [\n                    \"AppGwSslPolicy20220101\",\n                    \"AppGwSslPolicy20170401S\",\n                    \"AppGwSslPolicy20220101S\"\n                ]\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/applicationGateways\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Network/applicationGateways/sslPolicy.policyType\",\n                                \"notEquals\": \"Predefined\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Network/applicationGateways/sslPolicy.policyType\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Network/applicationGateways/sslPolicy.policyName\",\n                                \"notIn\": \"[[parameters('predefinedPolicyName')]\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#119": "{\n    \"name\": \"Deny-AppService-without-BYOC\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"App Service certificates must be stored in Key Vault\",\n        \"description\": \"App Service (including Logic apps and Function apps) must use certificates stored in Key Vault\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"App Service\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Web/certificates\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Web/certificates/keyVaultId\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Web/certificates/keyVaultSecretName\",\n                                \"exists\": \"false\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#110": "{\n  \"name\": \"Deploy-UserAssignedManagedIdentity-VMInsights\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"displayName\": \"[Deprecated]: Deploy User Assigned Managed Identity for VM Insights\",\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"description\": \"Policy is deprecated as it's no longer required. User-Assigned Management Identity is now centralized and deployed by Azure Landing Zones to the Management Subscription.\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Managed Identity\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"bringYourOwnUserAssignedManagedIdentity\": {\n        \"type\": \"Boolean\",\n        \"metadata\": {\n          \"displayName\": \"Bring Your Own User-Assigned Identity\",\n          \"description\": \"Enable this to use your pre-created user-assigned managed identity. The pre-created identity MUST exist within the subscription otherwise the policy deployment will fail. If enabled, ensure that the User-Assigned Identity Name and Identity Resource Group Name parameters match the pre-created identity. If not enabled, the policy will create per subscription, per resource user-assigned managed identities in a new resource group named 'Built-In-Identity-RG'.\"\n        },\n        \"allowedValues\": [\n          true,\n          false\n        ]\n      },\n      \"userAssignedIdentityName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"User-Assigned Managed Identity Name\",\n          \"description\": \"The name of the pre-created user-assigned managed identity.\"\n        },\n        \"defaultValue\": \"\"\n      },\n      \"identityResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"User-Assigned Managed Identity Resource Group Name\",\n          \"description\": \"The resource group in which the pre-created user-assigned managed identity resides.\"\n        },\n        \"defaultValue\": \"\"\n      },\n      \"builtInIdentityResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Built-In-Identity-RG Location\",\n          \"description\": \"The location of the resource group 'Built-In-Identity-RG' created by the policy. This parameter is only used when 'Bring Your Own User Assigned Identity' parameter is false.\"\n        },\n        \"defaultValue\": \"eastus\"\n      },\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Policy Effect\",\n          \"description\": \"The effect determines what happens when the policy rule is evaluated to match.\"\n        },\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Compute/virtualMachines\"\n          },\n          {\n            \"value\": \"[[requestContext().apiVersion]\",\n            \"greaterOrEquals\": \"2018-10-01\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Compute/virtualMachines\",\n          \"name\": \"[[field('name')]\",\n          \"evaluationDelay\": \"AfterProvisioning\",\n          \"deploymentScope\": \"subscription\",\n          \"existenceCondition\": {\n            \"anyOf\": [\n              {\n                \"allOf\": [\n                  {\n                    \"field\": \"identity.type\",\n                    \"contains\": \"UserAssigned\"\n                  },\n                  {\n                    \"field\": \"identity.userAssignedIdentities\",\n                    \"containsKey\": \"[[if(parameters('bringYourOwnUserAssignedManagedIdentity'), concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', trim(parameters('identityResourceGroup')), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', trim(parameters('userAssignedIdentityName'))), concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/Built-In-Identity-RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/Built-In-Identity-', field('location')))]\"\n                  }\n                ]\n              },\n              {\n                \"allOf\": [\n                  {\n                    \"field\": \"identity.type\",\n                    \"equals\": \"UserAssigned\"\n                  },\n                  {\n                    \"value\": \"[[string(length(field('identity.userAssignedIdentities')))]\",\n                    \"equals\": \"1\"\n                  }\n                ]\n              }\n            ]\n          },\n          \"roleDefinitionIds\": [\n            \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n          ],\n          \"deployment\": {\n            \"location\": \"eastus\",\n            \"properties\": {\n              \"mode\": \"incremental\",\n              \"parameters\": {\n                \"bringYourOwnUserAssignedManagedIdentity\": {\n                  \"value\": \"[[parameters('bringYourOwnUserAssignedManagedIdentity')]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"uaName\": {\n                  \"value\": \"[[if(parameters('bringYourOwnUserAssignedManagedIdentity'), parameters('userAssignedIdentityName'), 'Built-In-Identity')]\"\n                },\n                \"identityResourceGroup\": {\n                  \"value\": \"[[if(parameters('bringYourOwnUserAssignedManagedIdentity'), parameters('identityResourceGroup'), 'Built-In-Identity-RG')]\"\n                },\n                \"builtInIdentityResourceGroupLocation\": {\n                  \"value\": \"[[parameters('builtInIdentityResourceGroupLocation')]\"\n                },\n                \"vmName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"vmResourceGroup\": {\n                  \"value\": \"[[resourceGroup().name]\"\n                },\n                \"resourceId\": {\n                  \"value\": \"[[field('id')]\"\n                }\n              },\n              \"template\": {\n                \"$schema\": \"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.1\",\n                \"parameters\": {\n                  \"bringYourOwnUserAssignedManagedIdentity\": {\n                    \"type\": \"bool\"\n                  },\n                  \"location\": {\n                    \"type\": \"string\"\n                  },\n                  \"uaName\": {\n                    \"type\": \"string\"\n                  },\n                  \"identityResourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"builtInIdentityResourceGroupLocation\": {\n                    \"type\": \"string\"\n                  },\n                  \"vmName\": {\n                    \"type\": \"string\"\n                  },\n                  \"vmResourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"resourceId\": {\n                    \"type\": \"string\"\n                  }\n                },\n                \"variables\": {\n                  \"uaNameWithLocation\": \"[[concat(parameters('uaName'),'-', parameters('location'))]\",\n                  \"precreatedUaId\": \"[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', trim(parameters('identityResourceGroup')), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', trim(parameters('uaName')))]\",\n                  \"autocreatedUaId\": \"[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', trim(parameters('identityResourceGroup')), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', trim(parameters('uaName')), '-', parameters('location'))]\",\n                  \"deployUALockName\": \"[[concat('deployUALock-', uniqueString(deployment().name))]\",\n                  \"deployUAName\": \"[[concat('deployUA-', uniqueString(deployment().name))]\",\n                  \"deployGetResourceProperties\": \"[[concat('deployGetResourceProperties-', uniqueString(deployment().name))]\",\n                  \"deployAssignUAName\": \"[[concat('deployAssignUA-', uniqueString(deployment().name))]\"\n                },\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.Resources/resourceGroups\",\n                    \"apiVersion\": \"2020-06-01\",\n                    \"name\": \"[[parameters('identityResourceGroup')]\",\n                    \"location\": \"[[parameters('builtInIdentityResourceGroupLocation')]\"\n                  },\n                  {\n                    \"condition\": \"[[parameters('bringYourOwnUserAssignedManagedIdentity')]\",\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"apiVersion\": \"2020-06-01\",\n                    \"name\": \"[[variables('deployUALockName')]\",\n                    \"resourceGroup\": \"[[parameters('identityResourceGroup')]\",\n                    \"dependsOn\": [\n                      \"[[resourceId('Microsoft.Resources/resourceGroups', parameters('identityResourceGroup'))]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"uaName\": {\n                          \"value\": \"[[parameters('uaName')]\"\n                        },\n                        \"location\": {\n                          \"value\": \"[[parameters('location')]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"uaName\": {\n                            \"type\": \"string\"\n                          },\n                          \"location\": {\n                            \"type\": \"string\"\n                          }\n                        },\n                        \"variables\": {},\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.ManagedIdentity/userAssignedIdentities\",\n                            \"name\": \"[[parameters('uaName')]\",\n                            \"apiVersion\": \"2018-11-30\",\n                            \"location\": \"[[parameters('location')]\"\n                          }\n                        ]\n                      }\n                    }\n                  },\n                  {\n                    \"condition\": \"[[not(parameters('bringYourOwnUserAssignedManagedIdentity'))]\",\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"apiVersion\": \"2020-06-01\",\n                    \"name\": \"[[variables('deployUAName')]\",\n                    \"resourceGroup\": \"[[parameters('identityResourceGroup')]\",\n                    \"dependsOn\": [\n                      \"[[resourceId('Microsoft.Resources/resourceGroups', parameters('identityResourceGroup'))]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"uaName\": {\n                          \"value\": \"[[variables('uaNameWithLocation')]\"\n                        },\n                        \"location\": {\n                          \"value\": \"[[parameters('location')]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"uaName\": {\n                            \"type\": \"string\"\n                          },\n                          \"location\": {\n                            \"type\": \"string\"\n                          }\n                        },\n                        \"variables\": {},\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.ManagedIdentity/userAssignedIdentities\",\n                            \"name\": \"[[parameters('uaName')]\",\n                            \"apiVersion\": \"2018-11-30\",\n                            \"location\": \"[[parameters('location')]\"\n                          },\n                          {\n                            \"type\": \"Microsoft.ManagedIdentity/userAssignedIdentities/providers/locks\",\n                            \"apiVersion\": \"2016-09-01\",\n                            \"name\": \"[[concat(parameters('uaName'), '/Microsoft.Authorization/', 'CanNotDeleteLock-', parameters('uaName'))]\",\n                            \"dependsOn\": [\n                              \"[[parameters('uaName')]\"\n                            ],\n                            \"properties\": {\n                              \"level\": \"CanNotDelete\",\n                              \"notes\": \"Please do not delete this User-Assigned Identity since extensions enabled by Azure Policy are relying on their existence.\"\n                            }\n                          }\n                        ]\n                      }\n                    }\n                  },\n                  {\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"apiVersion\": \"2020-06-01\",\n                    \"name\": \"[[variables('deployGetResourceProperties')]\",\n                    \"location\": \"[[parameters('location')]\",\n                    \"dependsOn\": [\n                      \"[[resourceId('Microsoft.Resources/resourceGroups', parameters('identityResourceGroup'))]\",\n                      \"[[variables('deployUAName')]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"template\": {\n                        \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"resources\": [],\n                        \"outputs\": {\n                          \"resource\": {\n                            \"type\": \"object\",\n                            \"value\": \"[[reference(parameters('resourceId'), '2019-07-01', 'Full')]\"\n                          }\n                        }\n                      }\n                    }\n                  },\n                  {\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"apiVersion\": \"2020-06-01\",\n                    \"name\": \"[[concat(variables('deployAssignUAName'))]\",\n                    \"resourceGroup\": \"[[parameters('vmResourceGroup')]\",\n                    \"dependsOn\": [\n                      \"[[resourceId('Microsoft.Resources/resourceGroups', parameters('identityResourceGroup'))]\",\n                      \"[[variables('deployUAName')]\",\n                      \"[[variables('deployGetResourceProperties')]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"uaId\": {\n                          \"value\": \"[[if(parameters('bringYourOwnUserAssignedManagedIdentity'), variables('precreatedUaId'), variables('autocreatedUaId'))]\"\n                        },\n                        \"vmName\": {\n                          \"value\": \"[[parameters('vmName')]\"\n                        },\n                        \"location\": {\n                          \"value\": \"[[parameters('location')]\"\n                        },\n                        \"identityType\": {\n                          \"value\": \"[[if(contains(reference(variables('deployGetResourceProperties')).outputs.resource.value, 'identity'), reference(variables('deployGetResourceProperties')).outputs.resource.value.identity.type, '')]\"\n                        },\n                        \"userAssignedIdentities\": {\n                          \"value\": \"[[if(and(contains(reference(variables('deployGetResourceProperties')).outputs.resource.value, 'identity'), contains(reference(variables('deployGetResourceProperties')).outputs.resource.value.identity, 'userAssignedIdentities')), reference(variables('deployGetResourceProperties')).outputs.resource.value.identity.userAssignedIdentities, createObject())]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"uaId\": {\n                            \"type\": \"string\"\n                          },\n                          \"vmName\": {\n                            \"type\": \"string\"\n                          },\n                          \"location\": {\n                            \"type\": \"string\"\n                          },\n                          \"identityType\": {\n                            \"type\": \"string\"\n                          },\n                          \"userAssignedIdentities\": {\n                            \"type\": \"object\"\n                          }\n                        },\n                        \"variables\": {\n                          \"identityTypeValue\": \"[[if(contains(parameters('identityType'), 'SystemAssigned'), 'SystemAssigned,UserAssigned', 'UserAssigned')]\",\n                          \"userAssignedIdentitiesValue\": \"[[union(parameters('userAssignedIdentities'), createObject(parameters('uaId'), createObject()))]\",\n                          \"resourceWithSingleUAI\": \"[[and(equals(parameters('identityType'), 'UserAssigned'), equals(string(length(parameters('userAssignedIdentities'))), '1'))]\"\n                        },\n                        \"resources\": [\n                          {\n                            \"condition\": \"[[not(variables('resourceWithSingleUAI'))]\",\n                            \"apiVersion\": \"2019-07-01\",\n                            \"type\": \"Microsoft.Compute/virtualMachines\",\n                            \"name\": \"[[parameters('vmName')]\",\n                            \"location\": \"[[parameters('location')]\",\n                            \"identity\": {\n                              \"type\": \"[[variables('identityTypeValue')]\",\n                              \"userAssignedIdentities\": \"[[variables('userAssignedIdentitiesValue')]\"\n                            }\n                          }\n                        ]\n                      }\n                    }\n                  }\n                ]\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}",
+    "$fxv#111": "{\n  \"name\": \"Deploy-MDFC-Arc-SQL-DCR-Association\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated]: Configure Arc-enabled SQL Servers with DCR Association to Microsoft Defender for SQL user-defined DCR\",\n    \"description\": \"Policy is deprecated as the built-in policy now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/2227e1f1-23dd-4c3a-85a9-7024a401d8b2.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"2227e1f1-23dd-4c3a-85a9-7024a401d8b2\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.HybridCompute/machines\"\n          },\n          {\n            \"field\": \"Microsoft.HybridCompute/machines/osName\",\n            \"equals\": \"Windows\"\n          },\n          {\n            \"field\": \"Microsoft.HybridCompute/machines/mssqlDiscovered\",\n            \"equals\": \"true\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Insights/dataCollectionRuleAssociations\",\n          \"name\": \"MicrosoftDefenderForSQL-RulesAssociation\",\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n            \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n          ],\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"incremental\",\n              \"template\": {\n                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"resourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"vmName\": {\n                    \"type\": \"string\"\n                  },\n                  \"workspaceRegion\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrName\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrResourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrId\": {\n                    \"type\": \"string\"\n                  }\n                },\n                \"variables\": {\n                  \"locationLongNameToShortMap\": {\n                    \"australiacentral\": \"CAU\",\n                    \"australiaeast\": \"EAU\",\n                    \"australiasoutheast\": \"SEAU\",\n                    \"brazilsouth\": \"CQ\",\n                    \"canadacentral\": \"CCA\",\n                    \"canadaeast\": \"CCA\",\n                    \"centralindia\": \"CIN\",\n                    \"centralus\": \"CUS\",\n                    \"eastasia\": \"EA\",\n                    \"eastus2euap\": \"eus2p\",\n                    \"eastus\": \"EUS\",\n                    \"eastus2\": \"EUS2\",\n                    \"francecentral\": \"PAR\",\n                    \"germanywestcentral\": \"DEWC\",\n                    \"japaneast\": \"EJP\",\n                    \"jioindiawest\": \"CIN\",\n                    \"koreacentral\": \"SE\",\n                    \"koreasouth\": \"SE\",\n                    \"northcentralus\": \"NCUS\",\n                    \"northeurope\": \"NEU\",\n                    \"norwayeast\": \"NOE\",\n                    \"southafricanorth\": \"JNB\",\n                    \"southcentralus\": \"SCUS\",\n                    \"southeastasia\": \"SEA\",\n                    \"southindia\": \"CIN\",\n                    \"swedencentral\": \"SEC\",\n                    \"switzerlandnorth\": \"CHN\",\n                    \"switzerlandwest\": \"CHW\",\n                    \"uaenorth\": \"DXB\",\n                    \"uksouth\": \"SUK\",\n                    \"ukwest\": \"WUK\",\n                    \"westcentralus\": \"WCUS\",\n                    \"westeurope\": \"WEU\",\n                    \"westindia\": \"CIN\",\n                    \"westus\": \"WUS\",\n                    \"westus2\": \"WUS2\"\n                  },\n                  \"locationCode\": \"[[if(contains(variables('locationLongNameToShortMap'), parameters('workspaceRegion')), variables('locationLongNameToShortMap')[parameters('workspaceRegion')], parameters('workspaceRegion'))]\",\n                  \"subscriptionId\": \"[[subscription().subscriptionId]\",\n                  \"defaultRGName\": \"[[parameters('resourceGroup')]\",\n                  \"dcrName\": \"[[parameters('dcrName')]\",\n                  \"dcrId\": \"[[parameters('dcrId')]\",\n                  \"dcraName\": \"[[concat(parameters('vmName'),'/Microsoft.Insights/MicrosoftDefenderForSQL-RulesAssociation')]\"\n                },\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.HybridCompute/machines/providers/dataCollectionRuleAssociations\",\n                    \"name\": \"[[variables('dcraName')]\",\n                    \"apiVersion\": \"2021-04-01\",\n                    \"properties\": {\n                      \"description\": \"Configure association between Arc-enabled SQL Server and the Microsoft Defender for SQL user-defined DCR. Deleting this association will break the detection of security vulnerabilities for this Arc-enabled SQL Server.\",\n                      \"dataCollectionRuleId\": \"[[variables('dcrId')]\"\n                    }\n                  }\n                ]\n              },\n              \"parameters\": {\n                \"resourceGroup\": {\n                  \"value\": \"[[parameters('dcrResourceGroup')]\"\n                },\n                \"vmName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"workspaceRegion\": {\n                  \"value\": \"[[parameters('workspaceRegion')]\"\n                },\n                \"dcrName\": {\n                  \"value\": \"[[parameters('dcrName')]\"\n                },\n                \"dcrResourceGroup\": {\n                  \"value\": \"[[parameters('dcrResourceGroup')]\"\n                },\n                \"dcrId\": {\n                  \"value\": \"[[parameters('dcrId')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}",
+    "$fxv#112": "{\n  \"name\": \"Deploy-MDFC-Arc-Sql-DefenderSQL-DCR\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated]: Configure Arc-enabled SQL Servers to auto install Microsoft Defender for SQL and DCR with a user-defined LAW\",\n    \"description\": \"Policy is deprecated as the built-in policy now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/63d03cbd-47fd-4ee1-8a1c-9ddf07303de0.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"63d03cbd-47fd-4ee1-8a1c-9ddf07303de0\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"userWorkspaceResourceId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace Resource Id\",\n          \"description\": \"Workspace resource Id of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n        \"type\": \"Boolean\",\n        \"metadata\": {\n          \"displayName\": \"Enable collection of SQL queries for security research\",\n          \"description\": \"Enable or disable the collection of SQL queries for security research.\"\n        },\n        \"allowedValues\": [\n          true,\n          false\n        ],\n        \"defaultValue\": false\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.HybridCompute/machines\"\n          },\n          {\n            \"field\": \"Microsoft.HybridCompute/machines/osName\",\n            \"equals\": \"Windows\"\n          },\n          {\n            \"field\": \"Microsoft.HybridCompute/machines/mssqlDiscovered\",\n            \"equals\": \"true\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Insights/dataCollectionRules\",\n          \"deploymentScope\": \"subscription\",\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n          ],\n          \"existenceScope\": \"subscription\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"location\",\n                \"equals\": \"[[parameters('workspaceRegion')]\"\n              },\n              {\n                \"field\": \"name\",\n                \"equals\": \"[[parameters('dcrName')]\"\n              }\n            ]\n          },\n          \"deployment\": {\n            \"location\": \"eastus\",\n            \"properties\": {\n              \"mode\": \"incremental\",\n              \"template\": {\n                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"resourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"vmName\": {\n                    \"type\": \"string\"\n                  },\n                  \"userWorkspaceResourceId\": {\n                    \"type\": \"string\"\n                  },\n                  \"workspaceRegion\": {\n                    \"type\": \"string\"\n                  },\n                  \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                    \"type\": \"bool\"\n                  },\n                  \"dcrName\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrResourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrId\": {\n                    \"type\": \"string\"\n                  }\n                },\n                \"variables\": {\n                  \"locationLongNameToShortMap\": {\n                    \"australiacentral\": \"CAU\",\n                    \"australiaeast\": \"EAU\",\n                    \"australiasoutheast\": \"SEAU\",\n                    \"brazilsouth\": \"CQ\",\n                    \"canadacentral\": \"CCA\",\n                    \"canadaeast\": \"CCA\",\n                    \"centralindia\": \"CIN\",\n                    \"centralus\": \"CUS\",\n                    \"eastasia\": \"EA\",\n                    \"eastus2euap\": \"eus2p\",\n                    \"eastus\": \"EUS\",\n                    \"eastus2\": \"EUS2\",\n                    \"francecentral\": \"PAR\",\n                    \"germanywestcentral\": \"DEWC\",\n                    \"japaneast\": \"EJP\",\n                    \"jioindiawest\": \"CIN\",\n                    \"koreacentral\": \"SE\",\n                    \"koreasouth\": \"SE\",\n                    \"northcentralus\": \"NCUS\",\n                    \"northeurope\": \"NEU\",\n                    \"norwayeast\": \"NOE\",\n                    \"southafricanorth\": \"JNB\",\n                    \"southcentralus\": \"SCUS\",\n                    \"southeastasia\": \"SEA\",\n                    \"southindia\": \"CIN\",\n                    \"swedencentral\": \"SEC\",\n                    \"switzerlandnorth\": \"CHN\",\n                    \"switzerlandwest\": \"CHW\",\n                    \"uaenorth\": \"DXB\",\n                    \"uksouth\": \"SUK\",\n                    \"ukwest\": \"WUK\",\n                    \"westcentralus\": \"WCUS\",\n                    \"westeurope\": \"WEU\",\n                    \"westindia\": \"CIN\",\n                    \"westus\": \"WUS\",\n                    \"westus2\": \"WUS2\"\n                  },\n                  \"locationCode\": \"[[if(contains(variables('locationLongNameToShortMap'), parameters('workspaceRegion')), variables('locationLongNameToShortMap')[parameters('workspaceRegion')], parameters('workspaceRegion'))]\",\n                  \"subscriptionId\": \"[[subscription().subscriptionId]\",\n                  \"defaultRGName\": \"[[parameters('resourceGroup')]\",\n                  \"defaultRGLocation\": \"[[parameters('workspaceRegion')]\",\n                  \"dcrName\": \"[[parameters('dcrName')]\",\n                  \"dcrId\": \"[[parameters('dcrId')]\",\n                  \"dcraName\": \"[[concat(parameters('vmName'),'/Microsoft.Insights/MicrosoftDefenderForSQL-RulesAssociation')]\",\n                  \"deployDataCollectionRules\": \"[[concat('deployDataCollectionRules-', uniqueString(deployment().name))]\",\n                  \"deployDataCollectionRulesAssociation\": \"[[concat('deployDataCollectionRulesAssociation-', uniqueString(deployment().name))]\"\n                },\n                \"resources\": [\n                  {\n                    \"condition\": \"[[empty(parameters('dcrResourceGroup'))]\",\n                    \"type\": \"Microsoft.Resources/resourceGroups\",\n                    \"name\": \"[[variables('defaultRGName')]\",\n                    \"apiVersion\": \"2022-09-01\",\n                    \"location\": \"[[variables('defaultRGLocation')]\",\n                    \"tags\": {\n                      \"createdBy\": \"MicrosoftDefenderForSQL\"\n                    }\n                  },\n                  {\n                    \"condition\": \"[[empty(parameters('dcrId'))]\",\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"name\": \"[[variables('deployDataCollectionRules')]\",\n                    \"apiVersion\": \"2022-09-01\",\n                    \"resourceGroup\": \"[[variables('defaultRGName')]\",\n                    \"dependsOn\": [\n                      \"[[variables('defaultRGName')]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"defaultRGLocation\": {\n                          \"value\": \"[[variables('defaultRGLocation')]\"\n                        },\n                        \"workspaceResourceId\": {\n                          \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n                        },\n                        \"dcrName\": {\n                          \"value\": \"[[variables('dcrName')]\"\n                        },\n                        \"dcrId\": {\n                          \"value\": \"[[variables('dcrId')]\"\n                        },\n                        \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                          \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"defaultRGLocation\": {\n                            \"type\": \"string\"\n                          },\n                          \"workspaceResourceId\": {\n                            \"type\": \"string\"\n                          },\n                          \"dcrName\": {\n                            \"type\": \"string\"\n                          },\n                          \"dcrId\": {\n                            \"type\": \"string\"\n                          },\n                          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                            \"type\": \"bool\"\n                          }\n                        },\n                        \"variables\": {},\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.Insights/dataCollectionRules\",\n                            \"name\": \"[[parameters('dcrName')]\",\n                            \"apiVersion\": \"2021-04-01\",\n                            \"location\": \"[[parameters('defaultRGLocation')]\",\n                            \"tags\": {\n                              \"createdBy\": \"MicrosoftDefenderForSQL\"\n                            },\n                            \"properties\": {\n                              \"description\": \"Data collection rule for Microsoft Defender for SQL. Deleting this rule will break the detection of security vulnerabilities.\",\n                              \"dataSources\": {\n                                \"extensions\": [\n                                  {\n                                    \"extensionName\": \"MicrosoftDefenderForSQL\",\n                                    \"name\": \"MicrosoftDefenderForSQL\",\n                                    \"streams\": [\n                                      \"Microsoft-DefenderForSqlAlerts\",\n                                      \"Microsoft-DefenderForSqlLogins\",\n                                      \"Microsoft-DefenderForSqlTelemetry\",\n                                      \"Microsoft-DefenderForSqlScanEvents\",\n                                      \"Microsoft-DefenderForSqlScanResults\"\n                                    ],\n                                    \"extensionSettings\": {\n                                      \"enableCollectionOfSqlQueriesForSecurityResearch\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n                                    }\n                                  }\n                                ]\n                              },\n                              \"destinations\": {\n                                \"logAnalytics\": [\n                                  {\n                                    \"workspaceResourceId\": \"[[parameters('workspaceResourceId')]\",\n                                    \"name\": \"LogAnalyticsDest\"\n                                  }\n                                ]\n                              },\n                              \"dataFlows\": [\n                                {\n                                  \"streams\": [\n                                    \"Microsoft-DefenderForSqlAlerts\",\n                                    \"Microsoft-DefenderForSqlLogins\",\n                                    \"Microsoft-DefenderForSqlTelemetry\",\n                                    \"Microsoft-DefenderForSqlScanEvents\",\n                                    \"Microsoft-DefenderForSqlScanResults\"\n                                  ],\n                                  \"destinations\": [\n                                    \"LogAnalyticsDest\"\n                                  ]\n                                }\n                              ]\n                            }\n                          }\n                        ]\n                      }\n                    }\n                  },\n                  {\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"name\": \"[[variables('deployDataCollectionRulesAssociation')]\",\n                    \"apiVersion\": \"2022-09-01\",\n                    \"resourceGroup\": \"[[parameters('resourceGroup')]\",\n                    \"dependsOn\": [\n                      \"[[variables('deployDataCollectionRules')]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"dcrId\": {\n                          \"value\": \"[[variables('dcrId')]\"\n                        },\n                        \"dcraName\": {\n                          \"value\": \"[[variables('dcraName')]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"dcrId\": {\n                            \"type\": \"string\"\n                          },\n                          \"dcraName\": {\n                            \"type\": \"string\"\n                          }\n                        },\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.HybridCompute/machines/providers/dataCollectionRuleAssociations\",\n                            \"name\": \"[[parameters('dcraName')]\",\n                            \"apiVersion\": \"2021-04-01\",\n                            \"properties\": {\n                              \"description\": \"Configure association between Arc-enabled SQL Server and the Microsoft Defender for SQL user-defined DCR. Deleting this association will break the detection of security vulnerabilities for this Arc-enabled SQL Server.\",\n                              \"dataCollectionRuleId\": \"[[parameters('dcrId')]\"\n                            }\n                          }\n                        ]\n                      }\n                    }\n                  }\n                ]\n              },\n              \"parameters\": {\n                \"resourceGroup\": {\n                  \"value\": \"[[parameters('dcrResourceGroup')]\"\n                },\n                \"vmName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"userWorkspaceResourceId\": {\n                  \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n                },\n                \"workspaceRegion\": {\n                  \"value\": \"[[parameters('workspaceRegion')]\"\n                },\n                \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                  \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n                },\n                \"dcrName\": {\n                  \"value\": \"[[parameters('dcrName')]\"\n                },\n                \"dcrResourceGroup\": {\n                  \"value\": \"[[parameters('dcrResourceGroup')]\"\n                },\n                \"dcrId\": {\n                  \"value\": \"[[parameters('dcrId')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}",
+    "$fxv#113": "{\n  \"name\": \"Deploy-MDFC-SQL-AMA\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated]: Configure SQL Virtual Machines to automatically install Azure Monitor Agent\",\n    \"description\": \"Policy is deprecated as the built-in policy now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/f91991d1-5383-4c95-8ee5-5ac423dd8bb1.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"f91991d1-5383-4c95-8ee5-5ac423dd8bb1\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"identityResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Identity Resource Group\",\n          \"description\": \"The name of the resource group created by the policy.\"\n        },\n        \"defaultValue\": \"\"\n      },\n      \"userAssignedIdentityName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"User Assigned Managed Identity Name\",\n          \"description\": \"The name of the user assigned managed identity.\"\n        },\n        \"defaultValue\": \"\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Compute/virtualMachines\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\n            \"like\": \"Windows*\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/imagePublisher\",\n            \"equals\": \"microsoftsqlserver\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n          \"evaluationDelay\": \"AfterProvisioning\",\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\n          ],\n          \"name\": \"[[concat(field('fullName'), '/AzureMonitorWindowsAgent')]\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\n                \"equals\": \"AzureMonitorWindowsAgent\"\n              },\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\n                \"equals\": \"Microsoft.Azure.Monitor\"\n              },\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\n                \"in\": [\n                  \"Succeeded\",\n                  \"Provisioning succeeded\"\n                ]\n              }\n            ]\n          },\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"incremental\",\n              \"template\": {\n                \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"vmName\": {\n                    \"type\": \"string\"\n                  },\n                  \"location\": {\n                    \"type\": \"string\"\n                  },\n                  \"userAssignedManagedIdentity\": {\n                    \"type\": \"string\"\n                  },\n                  \"userAssignedIdentityName\": {\n                    \"type\": \"string\"\n                  },\n                  \"identityResourceGroup\": {\n                    \"type\": \"string\"\n                  }\n                },\n                \"variables\": {\n                  \"extensionName\": \"AzureMonitorWindowsAgent\",\n                  \"extensionPublisher\": \"Microsoft.Azure.Monitor\",\n                  \"extensionType\": \"AzureMonitorWindowsAgent\",\n                  \"extensionTypeHandlerVersion\": \"1.2\"\n                },\n                \"resources\": [\n                  {\n                    \"name\": \"[[concat(parameters('vmName'), '/', variables('extensionName'))]\",\n                    \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n                    \"location\": \"[[parameters('location')]\",\n                    \"tags\": {\n                      \"createdBy\": \"MicrosoftDefenderForSQL\"\n                    },\n                    \"apiVersion\": \"2023-03-01\",\n                    \"properties\": {\n                      \"publisher\": \"[[variables('extensionPublisher')]\",\n                      \"type\": \"[[variables('extensionType')]\",\n                      \"typeHandlerVersion\": \"[[variables('extensionTypeHandlerVersion')]\",\n                      \"autoUpgradeMinorVersion\": true,\n                      \"enableAutomaticUpgrade\": true,\n                      \"settings\": {\n                        \"authentication\": {\n                          \"managedIdentity\": {\n                            \"identifier-name\": \"mi_res_id\",\n                            \"identifier-value\": \"[[parameters('userAssignedManagedIdentity')]\"\n                          }\n                        }\n                      }\n                    }\n                  }\n                ]\n              },\n              \"parameters\": {\n                \"vmName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"userAssignedManagedIdentity\": {\n                  \"value\": \"[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', trim(parameters('identityResourceGroup')), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', trim(parameters('userAssignedIdentityName')))]\"\n                },\n                \"userAssignedIdentityName\": {\n                  \"value\": \"[[parameters('userAssignedIdentityName')]\"\n                },\n                \"identityResourceGroup\": {\n                  \"value\": \"[[parameters('identityResourceGroup')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
+    "$fxv#114": "{\n  \"name\": \"Deploy-MDFC-SQL-DefenderSQL-DCR\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated]: Configure SQL Virtual Machines to auto install Microsoft Defender for SQL and DCR with a user-defined LAW\",\n    \"description\": \"Policy is deprecated as the built-in policy now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/04754ef9-9ae3-4477-bf17-86ef50026304.html\",\n    \"metadata\": {\n      \"version\": \"1.0.1-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"04754ef9-9ae3-4477-bf17-86ef50026304\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"userWorkspaceResourceId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace Resource Id\",\n          \"description\": \"Workspace resource Id of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n        \"type\": \"Boolean\",\n        \"metadata\": {\n          \"displayName\": \"Enable collection of SQL queries for security research\",\n          \"description\": \"Enable or disable the collection of SQL queries for security research.\"\n        },\n        \"allowedValues\": [\n          true,\n          false\n        ],\n        \"defaultValue\": false\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Compute/virtualMachines\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\n            \"like\": \"Windows*\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/imagePublisher\",\n            \"equals\": \"microsoftsqlserver\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Insights/dataCollectionRules\",\n          \"evaluationDelay\": \"AfterProvisioning\",\n          \"deploymentScope\": \"subscription\",\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n          ],\n          \"existenceScope\": \"subscription\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"location\",\n                \"equals\": \"[[parameters('workspaceRegion')]\"\n              },\n              {\n                \"field\": \"name\",\n                \"equals\": \"[[parameters('dcrName')]\"\n              }\n            ]\n          },\n          \"deployment\": {\n            \"location\": \"eastus\",\n            \"properties\": {\n              \"mode\": \"incremental\",\n              \"template\": {\n                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"resourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"location\": {\n                    \"type\": \"string\"\n                  },\n                  \"vmName\": {\n                    \"type\": \"string\"\n                  },\n                  \"userWorkspaceResourceId\": {\n                    \"type\": \"string\"\n                  },\n                  \"workspaceRegion\": {\n                    \"type\": \"string\"\n                  },\n                  \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                    \"type\": \"bool\"\n                  },\n                  \"dcrName\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrResourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrId\": {\n                    \"type\": \"string\"\n                  }\n                },\n                \"variables\": {\n                  \"locationLongNameToShortMap\": {\n                    \"australiacentral\": \"CAU\",\n                    \"australiaeast\": \"EAU\",\n                    \"australiasoutheast\": \"SEAU\",\n                    \"brazilsouth\": \"CQ\",\n                    \"canadacentral\": \"CCA\",\n                    \"canadaeast\": \"CCA\",\n                    \"centralindia\": \"CIN\",\n                    \"centralus\": \"CUS\",\n                    \"eastasia\": \"EA\",\n                    \"eastus2euap\": \"eus2p\",\n                    \"eastus\": \"EUS\",\n                    \"eastus2\": \"EUS2\",\n                    \"francecentral\": \"PAR\",\n                    \"germanywestcentral\": \"DEWC\",\n                    \"japaneast\": \"EJP\",\n                    \"jioindiawest\": \"CIN\",\n                    \"koreacentral\": \"SE\",\n                    \"koreasouth\": \"SE\",\n                    \"northcentralus\": \"NCUS\",\n                    \"northeurope\": \"NEU\",\n                    \"norwayeast\": \"NOE\",\n                    \"southafricanorth\": \"JNB\",\n                    \"southcentralus\": \"SCUS\",\n                    \"southeastasia\": \"SEA\",\n                    \"southindia\": \"CIN\",\n                    \"swedencentral\": \"SEC\",\n                    \"switzerlandnorth\": \"CHN\",\n                    \"switzerlandwest\": \"CHW\",\n                    \"uaenorth\": \"DXB\",\n                    \"uksouth\": \"SUK\",\n                    \"ukwest\": \"WUK\",\n                    \"westcentralus\": \"WCUS\",\n                    \"westeurope\": \"WEU\",\n                    \"westindia\": \"CIN\",\n                    \"westus\": \"WUS\",\n                    \"westus2\": \"WUS2\"\n                  },\n                  \"locationCode\": \"[[if(contains(variables('locationLongNameToShortMap'), parameters('workspaceRegion')), variables('locationLongNameToShortMap')[parameters('workspaceRegion')], parameters('workspaceRegion'))]\",\n                  \"subscriptionId\": \"[[subscription().subscriptionId]\",\n                  \"defaultRGName\": \"[[parameters('dcrResourceGroup')]\",\n                  \"defaultRGLocation\": \"[[parameters('workspaceRegion')]\",\n                  \"dcrName\": \"[[parameters('dcrName')]\",\n                  \"dcrId\": \"[[parameters('dcrId')]\",\n                  \"dcraName\": \"[[concat(parameters('vmName'),'/Microsoft.Insights/MicrosoftDefenderForSQL-RulesAssociation')]\",\n                  \"deployDataCollectionRules\": \"[[concat('deployDataCollectionRules-', uniqueString(deployment().name))]\",\n                  \"deployDataCollectionRulesAssociation\": \"[[concat('deployDataCollectionRulesAssociation-', uniqueString(deployment().name))]\",\n                  \"deployDefenderForSQL\": \"[[concat('deployDefenderForSQL-', uniqueString(deployment().name))]\"\n                },\n                \"resources\": [\n                  {\n                    \"condition\": \"[[empty(parameters('dcrResourceGroup'))]\",\n                    \"type\": \"Microsoft.Resources/resourceGroups\",\n                    \"name\": \"[[variables('defaultRGName')]\",\n                    \"apiVersion\": \"2022-09-01\",\n                    \"location\": \"[[variables('defaultRGLocation')]\",\n                    \"tags\": {\n                      \"createdBy\": \"MicrosoftDefenderForSQL\"\n                    }\n                  },\n                  {\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"name\": \"[[variables('deployDefenderForSQL')]\",\n                    \"apiVersion\": \"2022-09-01\",\n                    \"resourceGroup\": \"[[parameters('resourceGroup')]\",\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"location\": {\n                          \"value\": \"[[parameters('location')]\"\n                        },\n                        \"vmName\": {\n                          \"value\": \"[[parameters('vmName')]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"location\": {\n                            \"type\": \"string\"\n                          },\n                          \"vmName\": {\n                            \"type\": \"string\"\n                          }\n                        },\n                        \"variables\": {},\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n                            \"name\": \"[[concat(parameters('vmName'), '/', 'MicrosoftDefenderForSQL')]\",\n                            \"apiVersion\": \"2023-03-01\",\n                            \"location\": \"[[parameters('location')]\",\n                            \"tags\": {\n                              \"createdBy\": \"MicrosoftDefenderForSQL\"\n                            },\n                            \"properties\": {\n                              \"publisher\": \"Microsoft.Azure.AzureDefenderForSQL\",\n                              \"type\": \"AdvancedThreatProtection.Windows\",\n                              \"typeHandlerVersion\": \"2.0\",\n                              \"autoUpgradeMinorVersion\": true,\n                              \"enableAutomaticUpgrade\": true\n                            }\n                          }\n                        ]\n                      }\n                    }\n                  },\n                  {\n                    \"condition\": \"[[empty(parameters('dcrId'))]\",\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"name\": \"[[variables('deployDataCollectionRules')]\",\n                    \"apiVersion\": \"2022-09-01\",\n                    \"resourceGroup\": \"[[variables('defaultRGName')]\",\n                    \"dependsOn\": [\n                      \"[[variables('defaultRGName')]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"defaultRGLocation\": {\n                          \"value\": \"[[variables('defaultRGLocation')]\"\n                        },\n                        \"workspaceResourceId\": {\n                          \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n                        },\n                        \"dcrName\": {\n                          \"value\": \"[[variables('dcrName')]\"\n                        },\n                        \"dcrId\": {\n                          \"value\": \"[[variables('dcrId')]\"\n                        },\n                        \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                          \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"defaultRGLocation\": {\n                            \"type\": \"string\"\n                          },\n                          \"workspaceResourceId\": {\n                            \"type\": \"string\"\n                          },\n                          \"dcrName\": {\n                            \"type\": \"string\"\n                          },\n                          \"dcrId\": {\n                            \"type\": \"string\"\n                          },\n                          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                            \"type\": \"bool\"\n                          }\n                        },\n                        \"variables\": {},\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.Insights/dataCollectionRules\",\n                            \"name\": \"[[parameters('dcrName')]\",\n                            \"apiVersion\": \"2021-04-01\",\n                            \"location\": \"[[parameters('defaultRGLocation')]\",\n                            \"tags\": {\n                              \"createdBy\": \"MicrosoftDefenderForSQL\"\n                            },\n                            \"properties\": {\n                              \"description\": \"Data collection rule for Microsoft Defender for SQL. Deleting this rule will break the detection of security vulnerabilities.\",\n                              \"dataSources\": {\n                                \"extensions\": [\n                                  {\n                                    \"extensionName\": \"MicrosoftDefenderForSQL\",\n                                    \"name\": \"MicrosoftDefenderForSQL\",\n                                    \"streams\": [\n                                      \"Microsoft-DefenderForSqlAlerts\",\n                                      \"Microsoft-DefenderForSqlLogins\",\n                                      \"Microsoft-DefenderForSqlTelemetry\",\n                                      \"Microsoft-DefenderForSqlScanEvents\",\n                                      \"Microsoft-DefenderForSqlScanResults\"\n                                    ],\n                                    \"extensionSettings\": {\n                                      \"enableCollectionOfSqlQueriesForSecurityResearch\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n                                    }\n                                  }\n                                ]\n                              },\n                              \"destinations\": {\n                                \"logAnalytics\": [\n                                  {\n                                    \"workspaceResourceId\": \"[[parameters('workspaceResourceId')]\",\n                                    \"name\": \"LogAnalyticsDest\"\n                                  }\n                                ]\n                              },\n                              \"dataFlows\": [\n                                {\n                                  \"streams\": [\n                                    \"Microsoft-DefenderForSqlAlerts\",\n                                    \"Microsoft-DefenderForSqlLogins\",\n                                    \"Microsoft-DefenderForSqlTelemetry\",\n                                    \"Microsoft-DefenderForSqlScanEvents\",\n                                    \"Microsoft-DefenderForSqlScanResults\"\n                                  ],\n                                  \"destinations\": [\n                                    \"LogAnalyticsDest\"\n                                  ]\n                                }\n                              ]\n                            }\n                          }\n                        ]\n                      }\n                    }\n                  },\n                  {\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"name\": \"[[variables('deployDataCollectionRulesAssociation')]\",\n                    \"apiVersion\": \"2022-09-01\",\n                    \"resourceGroup\": \"[[parameters('resourceGroup')]\",\n                    \"dependsOn\": [\n                      \"[[variables('deployDataCollectionRules')]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"dcrId\": {\n                          \"value\": \"[[variables('dcrId')]\"\n                        },\n                        \"dcraName\": {\n                          \"value\": \"[[variables('dcraName')]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"dcrId\": {\n                            \"type\": \"string\"\n                          },\n                          \"dcraName\": {\n                            \"type\": \"string\"\n                          }\n                        },\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.Compute/virtualMachines/providers/dataCollectionRuleAssociations\",\n                            \"name\": \"[[parameters('dcraName')]\",\n                            \"apiVersion\": \"2021-04-01\",\n                            \"properties\": {\n                              \"description\": \"Configure association between SQL Virtual Machine and the Microsoft Defender for SQL user-defined DCR. Deleting this association will break the detection of security vulnerabilities for this SQL Virtual Machine.\",\n                              \"dataCollectionRuleId\": \"[[parameters('dcrId')]\"\n                            }\n                          }\n                        ]\n                      }\n                    }\n                  }\n                ]\n              },\n              \"parameters\": {\n                \"resourceGroup\": {\n                  \"value\": \"[[resourceGroup().name]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"vmName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"userWorkspaceResourceId\": {\n                  \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n                },\n                \"workspaceRegion\": {\n                  \"value\": \"[[parameters('workspaceRegion')]\"\n                },\n                \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                  \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n                },\n                \"dcrName\": {\n                  \"value\": \"[[parameters('dcrName')]\"\n                },\n                \"dcrResourceGroup\": {\n                  \"value\": \"[[parameters('dcrResourceGroup')]\"\n                },\n                \"dcrId\": {\n                  \"value\": \"[[parameters('dcrId')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
+    "$fxv#115": "{\n  \"name\": \"Deploy-MDFC-SQL-DefenderSQL\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"displayName\": \"[Deprecated]: Configure SQL Virtual Machines to automatically install Microsoft Defender for SQL\",\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"description\": \"Policy is deprecated as the built-in policy now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/ddca0ddc-4e9d-4bbb-92a1-f7c4dd7ef7ce.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"ddca0ddc-4e9d-4bbb-92a1-f7c4dd7ef7ce\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Compute/virtualMachines\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\n            \"like\": \"Windows*\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/imagePublisher\",\n            \"equals\": \"microsoftsqlserver\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n          \"name\": \"[[concat(field('fullName'), '/MicrosoftDefenderForSQL')]\",\n          \"evaluationDelay\": \"AfterProvisioning\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\n                \"equals\": \"AdvancedThreatProtection.Windows\"\n              },\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\n                \"equals\": \"Microsoft.Azure.AzureDefenderForSQL\"\n              },\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\n                \"in\": [\n                  \"Succeeded\",\n                  \"Provisioning succeeded\"\n                ]\n              }\n            ]\n          },\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n            \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n          ],\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"incremental\",\n              \"template\": {\n                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"location\": {\n                    \"type\": \"string\"\n                  },\n                  \"vmName\": {\n                    \"type\": \"string\"\n                  },\n                  \"workspaceRegion\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrResourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrName\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrId\": {\n                    \"type\": \"string\"\n                  }\n                },\n                \"variables\": {\n                  \"locationLongNameToShortMap\": {\n                    \"australiacentral\": \"CAU\",\n                    \"australiaeast\": \"EAU\",\n                    \"australiasoutheast\": \"SEAU\",\n                    \"brazilsouth\": \"CQ\",\n                    \"canadacentral\": \"CCA\",\n                    \"canadaeast\": \"CCA\",\n                    \"centralindia\": \"CIN\",\n                    \"centralus\": \"CUS\",\n                    \"eastasia\": \"EA\",\n                    \"eastus2euap\": \"eus2p\",\n                    \"eastus\": \"EUS\",\n                    \"eastus2\": \"EUS2\",\n                    \"francecentral\": \"PAR\",\n                    \"germanywestcentral\": \"DEWC\",\n                    \"japaneast\": \"EJP\",\n                    \"jioindiawest\": \"CIN\",\n                    \"koreacentral\": \"SE\",\n                    \"koreasouth\": \"SE\",\n                    \"northcentralus\": \"NCUS\",\n                    \"northeurope\": \"NEU\",\n                    \"norwayeast\": \"NOE\",\n                    \"southafricanorth\": \"JNB\",\n                    \"southcentralus\": \"SCUS\",\n                    \"southeastasia\": \"SEA\",\n                    \"southindia\": \"CIN\",\n                    \"swedencentral\": \"SEC\",\n                    \"switzerlandnorth\": \"CHN\",\n                    \"switzerlandwest\": \"CHW\",\n                    \"uaenorth\": \"DXB\",\n                    \"uksouth\": \"SUK\",\n                    \"ukwest\": \"WUK\",\n                    \"westcentralus\": \"WCUS\",\n                    \"westeurope\": \"WEU\",\n                    \"westindia\": \"CIN\",\n                    \"westus\": \"WUS\",\n                    \"westus2\": \"WUS2\"\n                  },\n                  \"actualLocation\": \"[[if(empty(parameters('workspaceRegion')), parameters('location'), parameters('workspaceRegion'))]\",\n                  \"locationCode\": \"[[if(contains(variables('locationLongNameToShortMap'), variables('actualLocation')), variables('locationLongNameToShortMap')[variables('actualLocation')], variables('actualLocation'))]\",\n                  \"subscriptionId\": \"[[subscription().subscriptionId]\",\n                  \"defaultRGName\": \"[[parameters('dcrResourceGroup')]\",\n                  \"dcrName\": \"[[parameters('dcrName')]\",\n                  \"dcrId\": \"[[parameters('dcrId')]\",\n                  \"dcraName\": \"[[concat(parameters('vmName'),'/Microsoft.Insights/MicrosoftDefenderForSQL-RulesAssociation')]\"\n                },\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n                    \"name\": \"[[concat(parameters('vmName'), '/', 'MicrosoftDefenderForSQL')]\",\n                    \"apiVersion\": \"2023-03-01\",\n                    \"location\": \"[[parameters('location')]\",\n                    \"tags\": {\n                      \"createdBy\": \"MicrosoftDefenderForSQL\"\n                    },\n                    \"properties\": {\n                      \"publisher\": \"Microsoft.Azure.AzureDefenderForSQL\",\n                      \"type\": \"AdvancedThreatProtection.Windows\",\n                      \"typeHandlerVersion\": \"2.0\",\n                      \"autoUpgradeMinorVersion\": true,\n                      \"enableAutomaticUpgrade\": true\n                    },\n                    \"dependsOn\": [\n                      \"[[extensionResourceId(concat('/subscriptions/', variables('subscriptionId'), '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Compute/virtualMachines/', parameters('vmName')), 'Microsoft.Insights/dataCollectionRuleAssociations','MicrosoftDefenderForSQL-RulesAssociation')]\"\n                    ]\n                  },\n                  {\n                    \"type\": \"Microsoft.Compute/virtualMachines/providers/dataCollectionRuleAssociations\",\n                    \"name\": \"[[variables('dcraName')]\",\n                    \"apiVersion\": \"2021-04-01\",\n                    \"properties\": {\n                      \"description\": \"Configure association between SQL Virtual Machine and the Microsoft Defender for SQL DCR. Deleting this association will break the detection of security vulnerabilities for this SQL Virtual Machine.\",\n                      \"dataCollectionRuleId\": \"[[variables('dcrId')]\"\n                    }\n                  }\n                ]\n              },\n              \"parameters\": {\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"vmName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"workspaceRegion\": {\n                  \"value\": \"[[parameters('workspaceRegion')]\"\n                },\n                \"dcrResourceGroup\": {\n                  \"value\": \"[[parameters('dcrResourceGroup')]\"\n                },\n                \"dcrName\": {\n                  \"value\": \"[[parameters('dcrName')]\"\n                },\n                \"dcrId\": {\n                  \"value\": \"[[parameters('dcrId')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
+    "$fxv#116": "{\n    \"name\": \"Deny-APIM-TLS\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"API Management services should use TLS version 1.2\",\n        \"description\": \"Azure API Management service should use TLS version 1.2\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"API Management\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.ApiManagement/service\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"value\": \"[[indexof(toLower(string(field('Microsoft.ApiManagement/service/customProperties'))), '\\\"microsoft.windowsazure.apimanagement.gateway.security.protocols.tls10\\\":\\\"true\\\"')]\",\n                                \"greater\": 0\n                            },\n                            {\n                                \"value\": \"[[indexof(toLower(string(field('Microsoft.ApiManagement/service/customProperties'))), '\\\"microsoft.windowsazure.apimanagement.gateway.security.protocols.tls10\\\":true')]\",\n                                \"greater\": 0\n                            },\n                            {\n                                \"value\": \"[[indexof(toLower(string(field('Microsoft.ApiManagement/service/customProperties'))), '\\\"microsoft.windowsazure.apimanagement.gateway.security.protocols.tls11\\\":\\\"true\\\"')]\",\n                                \"greater\": 0\n                            },\n                            {\n                                \"value\": \"[[indexof(toLower(string(field('Microsoft.ApiManagement/service/customProperties'))), '\\\"microsoft.windowsazure.apimanagement.gateway.security.protocols.tls11\\\":true')]\",\n                                \"greater\": 0\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#117": "{\n    \"name\": \"Deny-AppGw-Without-Tls\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Application Gateway should be deployed with predefined Microsoft policy that is using TLS version 1.2\",\n        \"description\": \"This policy enables you to restrict that Application Gateways is always deployed with predefined Microsoft policy that is using TLS version 1.2\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"predefinedPolicyName\": {\n                \"type\": \"array\",\n                \"metadata\": {\n                    \"displayName\": \"Predefined policy name\",\n                    \"description\": \"Predefined policy name\"\n                },\n                \"defaultValue\": [\n                    \"AppGwSslPolicy20220101\",\n                    \"AppGwSslPolicy20170401S\",\n                    \"AppGwSslPolicy20220101S\"\n                ]\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/applicationGateways\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Network/applicationGateways/sslPolicy.policyType\",\n                                \"notEquals\": \"Predefined\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Network/applicationGateways/sslPolicy.policyType\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Network/applicationGateways/sslPolicy.policyName\",\n                                \"notIn\": \"[[parameters('predefinedPolicyName')]\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#118": "{\n    \"name\": \"Deny-AppService-without-BYOC\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"App Service certificates must be stored in Key Vault\",\n        \"description\": \"App Service (including Logic apps and Function apps) must use certificates stored in Key Vault\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"App Service\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Web/certificates\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Web/certificates/keyVaultId\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Web/certificates/keyVaultSecretName\",\n                                \"exists\": \"false\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#119": "{\n    \"name\": \"Deny-AzFw-Without-Policy\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Azure Firewall should have a default Firewall Policy\",\n        \"description\": \"This policy denies the creation of Azure Firewall without a default Firewall Policy.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/azureFirewalls\"\n                    },\n                    {\n                        \"field\": \"Microsoft.Network/azureFirewalls/firewallPolicy.id\",\n                        \"exists\": \"false\"\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
     "$fxv#12": "{\n  \"name\": \"Deny-AppServiceWebApp-http\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Web Application should only be accessible over HTTPS\",\n    \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"App Service\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Deny\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Web/sites\"\n          },\n          {\n            \"field\": \"kind\",\n            \"like\": \"app*\"\n          },\n          {\n            \"field\": \"Microsoft.Web/sites/httpsOnly\",\n            \"equals\": \"false\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#120": "{\n    \"name\": \"Deny-AzFw-Without-Policy\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Azure Firewall should have a default Firewall Policy\",\n        \"description\": \"This policy denies the creation of Azure Firewall without a default Firewall Policy.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/azureFirewalls\"\n                    },\n                    {\n                        \"field\": \"Microsoft.Network/azureFirewalls/firewallPolicy.id\",\n                        \"exists\": \"false\"\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#121": "{\n    \"name\": \"Deny-CognitiveServices-NetworkAcls\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Network ACLs should be restricted for Cognitive Services\",\n        \"description\": \"Azure Cognitive Services should not allow adding individual IPs or virtual network rules to the service-level firewall. Enable this to restrict inbound network access and enforce the usage of private endpoints.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.CognitiveServices/accounts\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"count\": {\n                                    \"field\": \"Microsoft.CognitiveServices/accounts/networkAcls.ipRules[*]\"\n                                },\n                                \"greater\": 0\n                            },\n                            {\n                                \"count\": {\n                                    \"field\": \"Microsoft.CognitiveServices/accounts/networkAcls.virtualNetworkRules[*]\"\n                                },\n                                \"greater\": 0\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#122": "{\n    \"name\": \"Deny-CognitiveServices-Resource-Kinds\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Only explicit kinds for Cognitive Services should be allowed\",\n        \"description\": \"Azure Cognitive Services should only create explicit allowed kinds.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"allowedKinds\": {\n                \"type\": \"array\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Select the allowed resource kinds to be used with Cognitive Services\"\n                },\n                \"allowedValues\": [\n                    \"AnomalyDetector\",\n                    \"ComputerVision\",\n                    \"CognitiveServices\",\n                    \"ContentModerator\",\n                    \"CustomVision.Training\",\n                    \"CustomVision.Prediction\",\n                    \"Face\",\n                    \"FormRecognizer\",\n                    \"ImmersiveReader\",\n                    \"LUIS\",\n                    \"Personalizer\",\n                    \"SpeechServices\",\n                    \"TextAnalytics\",\n                    \"TextTranslation\",\n                    \"OpenAI\"\n                ],\n                \"defaultValue\": [\n                    \"AnomalyDetector\",\n                    \"ComputerVision\",\n                    \"CognitiveServices\",\n                    \"ContentModerator\",\n                    \"CustomVision.Training\",\n                    \"CustomVision.Prediction\",\n                    \"Face\",\n                    \"FormRecognizer\",\n                    \"ImmersiveReader\",\n                    \"LUIS\",\n                    \"Personalizer\",\n                    \"SpeechServices\",\n                    \"TextAnalytics\",\n                    \"TextTranslation\",\n                    \"OpenAI\"\n                ]\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.CognitiveServices/accounts\"\n                    },\n                    {\n                        \"field\": \"kind\",\n                        \"notIn\": \"[[parameters('allowedKinds')]\"\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#123": "{\n    \"name\": \"Deny-CognitiveServices-RestrictOutboundNetworkAccess\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Outbound network access should be restricted for Cognitive Services\",\n        \"description\": \"Azure Cognitive Services allow restricting outbound network access. Enable this to limit outbound connectivity for the service.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.CognitiveServices/accounts\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.CognitiveServices/accounts/restrictOutboundNetworkAccess\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.CognitiveServices/accounts/restrictOutboundNetworkAccess\",\n                                \"notEquals\": true\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#124": "{\n    \"name\": \"Deny-EH-minTLS\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Event Hub namespaces should use a valid TLS version\",\n        \"description\": \"Event Hub namespaces should use a valid TLS version.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Hub\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"minTlsVersion\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Minimum TLS Version\",\n                    \"description\": \"Minimum TLS version to be used by Event Hub\"\n                },\n                \"defaultValue\": \"1.2\"\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.EventHub/namespaces\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.EventHub/namespaces/minimumTlsVersion\",\n                                \"notEquals\": \"[[parameters('minTlsVersion')]\"\n                            },\n                            {\n                                \"field\": \"Microsoft.EventHub/namespaces/minimumTlsVersion\",\n                                \"exists\": \"false\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#125": "{\n    \"name\": \"Deny-EH-Premium-CMK\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Event Hub namespaces (Premium) should use a customer-managed key for encryption\",\n        \"description\": \"Event Hub namespaces (Premium) should use a customer-managed key for encryption.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Hub\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.EventHub/namespaces\"\n                    },\n                    {\n                        \"field\": \"Microsoft.EventHub/namespaces/sku.name\",\n                        \"equals\": \"Premium\"\n                    },\n                    {\n                        \"not\": {\n                            \"field\": \"Microsoft.EventHub/namespaces/encryption.keySource\",\n                            \"equals\": \"Microsoft.Keyvault\"\n                        }\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#126": "{\n    \"name\": \"Deny-LogicApp-Public-Network\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Logic apps should disable public network access\",\n        \"description\": \"Disabling public network access improves security by ensuring that the Logic App is not exposed on the public internet. Creating private endpoints can limit exposure of a Logic App. Learn more at: https://aka.ms/app-service-private-endpoint.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Logic Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Web/sites\"\n                    },\n                    {\n                        \"field\": \"kind\",\n                        \"contains\": \"workflowapp\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Web/sites/publicNetworkAccess\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Web/sites/publicNetworkAccess\",\n                                \"notEquals\": \"Disabled\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#127": "{\n    \"name\": \"Deny-LogicApps-Without-Https\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Logic app should only be accessible over HTTPS\",\n        \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Logic Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Web/sites\"\n                    },\n                    {\n                        \"field\": \"kind\",\n                        \"contains\": \"workflowapp\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Web/sites/httpsOnly\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Web/sites/httpsOnly\",\n                                \"equals\": \"false\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#128": "{\n    \"name\": \"Deny-Service-Endpoints\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Deny or Audit service endpoints on subnets\",\n        \"description\": \"This Policy will deny/audit Service Endpoints on subnets. Service Endpoints allows the network traffic to bypass Network appliances, such as the Azure Firewall.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/virtualNetworks/subnets\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Network/virtualNetworks/subnets/serviceEndpoints[*]\",\n                            \"where\": {\n                                \"field\": \"Microsoft.Network/virtualNetworks/subnets/serviceEndpoints[*].service\",\n                                \"exists\": true\n                            }\n                        },\n                        \"greater\": 0\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#129": "{\n    \"name\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Storage Accounts should use a container delete retention policy\",\n        \"description\": \"Enforce container delete retention policies larger than seven days for storage account. Enable this for increased data loss protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"minContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"Minimum Container Delete Retention in Days\",\n                    \"description\": \"Specifies the minimum number of days for the container delete retention policy\"\n                },\n                \"defaultValue\": 7\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts/blobServices\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/blobServices/containerDeleteRetentionPolicy.enabled\",\n                                \"exists\": false\n                            },\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/blobServices/containerDeleteRetentionPolicy.enabled\",\n                                \"notEquals\": true\n                            },\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/blobServices/containerDeleteRetentionPolicy.days\",\n                                \"less\": \"[[parameters('minContainerDeleteRetentionInDays')]\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#120": "{\n    \"name\": \"Deny-CognitiveServices-NetworkAcls\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Network ACLs should be restricted for Cognitive Services\",\n        \"description\": \"Azure Cognitive Services should not allow adding individual IPs or virtual network rules to the service-level firewall. Enable this to restrict inbound network access and enforce the usage of private endpoints.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.CognitiveServices/accounts\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"count\": {\n                                    \"field\": \"Microsoft.CognitiveServices/accounts/networkAcls.ipRules[*]\"\n                                },\n                                \"greater\": 0\n                            },\n                            {\n                                \"count\": {\n                                    \"field\": \"Microsoft.CognitiveServices/accounts/networkAcls.virtualNetworkRules[*]\"\n                                },\n                                \"greater\": 0\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#121": "{\n    \"name\": \"Deny-CognitiveServices-Resource-Kinds\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Only explicit kinds for Cognitive Services should be allowed\",\n        \"description\": \"Azure Cognitive Services should only create explicit allowed kinds.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"allowedKinds\": {\n                \"type\": \"array\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Select the allowed resource kinds to be used with Cognitive Services\"\n                },\n                \"allowedValues\": [\n                    \"AnomalyDetector\",\n                    \"ComputerVision\",\n                    \"CognitiveServices\",\n                    \"ContentModerator\",\n                    \"CustomVision.Training\",\n                    \"CustomVision.Prediction\",\n                    \"Face\",\n                    \"FormRecognizer\",\n                    \"ImmersiveReader\",\n                    \"LUIS\",\n                    \"Personalizer\",\n                    \"SpeechServices\",\n                    \"TextAnalytics\",\n                    \"TextTranslation\",\n                    \"OpenAI\"\n                ],\n                \"defaultValue\": [\n                    \"AnomalyDetector\",\n                    \"ComputerVision\",\n                    \"CognitiveServices\",\n                    \"ContentModerator\",\n                    \"CustomVision.Training\",\n                    \"CustomVision.Prediction\",\n                    \"Face\",\n                    \"FormRecognizer\",\n                    \"ImmersiveReader\",\n                    \"LUIS\",\n                    \"Personalizer\",\n                    \"SpeechServices\",\n                    \"TextAnalytics\",\n                    \"TextTranslation\",\n                    \"OpenAI\"\n                ]\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.CognitiveServices/accounts\"\n                    },\n                    {\n                        \"field\": \"kind\",\n                        \"notIn\": \"[[parameters('allowedKinds')]\"\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#122": "{\n    \"name\": \"Deny-CognitiveServices-RestrictOutboundNetworkAccess\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Outbound network access should be restricted for Cognitive Services\",\n        \"description\": \"Azure Cognitive Services allow restricting outbound network access. Enable this to limit outbound connectivity for the service.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.CognitiveServices/accounts\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.CognitiveServices/accounts/restrictOutboundNetworkAccess\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.CognitiveServices/accounts/restrictOutboundNetworkAccess\",\n                                \"notEquals\": true\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#123": "{\n    \"name\": \"Deny-EH-minTLS\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Event Hub namespaces should use a valid TLS version\",\n        \"description\": \"Event Hub namespaces should use a valid TLS version.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Hub\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"minTlsVersion\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Minimum TLS Version\",\n                    \"description\": \"Minimum TLS version to be used by Event Hub\"\n                },\n                \"defaultValue\": \"1.2\"\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.EventHub/namespaces\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.EventHub/namespaces/minimumTlsVersion\",\n                                \"notEquals\": \"[[parameters('minTlsVersion')]\"\n                            },\n                            {\n                                \"field\": \"Microsoft.EventHub/namespaces/minimumTlsVersion\",\n                                \"exists\": \"false\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#124": "{\n    \"name\": \"Deny-EH-Premium-CMK\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Event Hub namespaces (Premium) should use a customer-managed key for encryption\",\n        \"description\": \"Event Hub namespaces (Premium) should use a customer-managed key for encryption.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Hub\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.EventHub/namespaces\"\n                    },\n                    {\n                        \"field\": \"Microsoft.EventHub/namespaces/sku.name\",\n                        \"equals\": \"Premium\"\n                    },\n                    {\n                        \"not\": {\n                            \"field\": \"Microsoft.EventHub/namespaces/encryption.keySource\",\n                            \"equals\": \"Microsoft.Keyvault\"\n                        }\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#125": "{\n    \"name\": \"Deny-LogicApp-Public-Network\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Logic apps should disable public network access\",\n        \"description\": \"Disabling public network access improves security by ensuring that the Logic App is not exposed on the public internet. Creating private endpoints can limit exposure of a Logic App. Learn more at: https://aka.ms/app-service-private-endpoint.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Logic Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Web/sites\"\n                    },\n                    {\n                        \"field\": \"kind\",\n                        \"contains\": \"workflowapp\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Web/sites/publicNetworkAccess\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Web/sites/publicNetworkAccess\",\n                                \"notEquals\": \"Disabled\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#126": "{\n    \"name\": \"Deny-LogicApps-Without-Https\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Logic app should only be accessible over HTTPS\",\n        \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Logic Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Web/sites\"\n                    },\n                    {\n                        \"field\": \"kind\",\n                        \"contains\": \"workflowapp\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Web/sites/httpsOnly\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Web/sites/httpsOnly\",\n                                \"equals\": \"false\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#127": "{\n    \"name\": \"Deny-Service-Endpoints\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Deny or Audit service endpoints on subnets\",\n        \"description\": \"This Policy will deny/audit Service Endpoints on subnets. Service Endpoints allows the network traffic to bypass Network appliances, such as the Azure Firewall.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/virtualNetworks/subnets\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Network/virtualNetworks/subnets/serviceEndpoints[*]\",\n                            \"where\": {\n                                \"field\": \"Microsoft.Network/virtualNetworks/subnets/serviceEndpoints[*].service\",\n                                \"exists\": true\n                            }\n                        },\n                        \"greater\": 0\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#128": "{\n    \"name\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Storage Accounts should use a container delete retention policy\",\n        \"description\": \"Enforce container delete retention policies larger than seven days for storage account. Enable this for increased data loss protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"minContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"Minimum Container Delete Retention in Days\",\n                    \"description\": \"Specifies the minimum number of days for the container delete retention policy\"\n                },\n                \"defaultValue\": 7\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts/blobServices\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/blobServices/containerDeleteRetentionPolicy.enabled\",\n                                \"exists\": false\n                            },\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/blobServices/containerDeleteRetentionPolicy.enabled\",\n                                \"notEquals\": true\n                            },\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/blobServices/containerDeleteRetentionPolicy.days\",\n                                \"less\": \"[[parameters('minContainerDeleteRetentionInDays')]\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#129": "{\n    \"name\": \"Deny-Storage-CopyScope\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Allowed Copy scope should be restricted for Storage Accounts\",\n        \"description\": \"Azure Storage accounts should restrict the allowed copy scope. Enforce this for increased data exfiltration protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"allowedCopyScope\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Allowed Copy Scope\",\n                    \"description\": \"Specify the allowed copy scope.\"\n                },\n                \"allowedValues\": [\n                    \"AAD\",\n                    \"PrivateLink\"\n                ],\n                \"defaultValue\": \"AAD\"\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/allowedCopyScope\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/allowedCopyScope\",\n                                \"notEquals\": \"[[parameters('allowedCopyScope')]\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
     "$fxv#13": "{\n  \"name\": \"Deny-MySql-http\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"MySQL database servers enforce SSL connections.\",\n    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"SQL\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Deny\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"minimalTlsVersion\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"TLS1_2\",\n        \"allowedValues\": [\n          \"TLS1_2\",\n          \"TLS1_0\",\n          \"TLS1_1\",\n          \"TLSEnforcementDisabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Select version minimum TLS for MySQL server\",\n          \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.DBforMySQL/servers\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.DBforMySQL/servers/sslEnforcement\",\n                \"exists\": \"false\"\n              },\n              {\n                \"field\": \"Microsoft.DBforMySQL/servers/sslEnforcement\",\n                \"notEquals\": \"Enabled\"\n              },\n              {\n                \"field\": \"Microsoft.DBforMySQL/servers/minimalTlsVersion\",\n                \"notequals\": \"[[parameters('minimalTlsVersion')]\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#130": "{\n    \"name\": \"Deny-Storage-CopyScope\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Allowed Copy scope should be restricted for Storage Accounts\",\n        \"description\": \"Azure Storage accounts should restrict the allowed copy scope. Enforce this for increased data exfiltration protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"allowedCopyScope\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Allowed Copy Scope\",\n                    \"description\": \"Specify the allowed copy scope.\"\n                },\n                \"allowedValues\": [\n                    \"AAD\",\n                    \"PrivateLink\"\n                ],\n                \"defaultValue\": \"AAD\"\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/allowedCopyScope\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/allowedCopyScope\",\n                                \"notEquals\": \"[[parameters('allowedCopyScope')]\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#131": "{\n    \"name\": \"Deny-Storage-CorsRules\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Storage Accounts should restrict CORS rules\",\n        \"description\": \"Deny CORS rules for storage account for increased data exfiltration protection and endpoint protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"anyOf\": [\n                    {\n                        \"allOf\": [\n                            {\n                                \"field\": \"type\",\n                                \"equals\": \"Microsoft.Storage/storageAccounts/blobServices\"\n                            },\n                            {\n                                \"count\": {\n                                    \"field\": \"Microsoft.Storage/storageAccounts/blobServices/cors.corsRules[*]\"\n                                },\n                                \"greater\": 0\n                            }\n                        ]\n                    },\n                    {\n                        \"allOf\": [\n                            {\n                                \"field\": \"type\",\n                                \"equals\": \"Microsoft.Storage/storageAccounts/fileServices\"\n                            },\n                            {\n                                \"count\": {\n                                    \"field\": \"Microsoft.Storage/storageAccounts/fileServices/cors.corsRules[*]\"\n                                },\n                                \"greater\": 0\n                            }\n                        ]\n                    },\n                    {\n                        \"allOf\": [\n                            {\n                                \"field\": \"type\",\n                                \"equals\": \"Microsoft.Storage/storageAccounts/tableServices\"\n                            },\n                            {\n                                \"count\": {\n                                    \"field\": \"Microsoft.Storage/storageAccounts/tableServices/cors.corsRules[*]\"\n                                },\n                                \"greater\": 0\n                            }\n                        ]\n                    },\n                    {\n                        \"allOf\": [\n                            {\n                                \"field\": \"type\",\n                                \"equals\": \"Microsoft.Storage/storageAccounts/queueServices\"\n                            },\n                            {\n                                \"count\": {\n                                    \"field\": \"Microsoft.Storage/storageAccounts/queueServices/cors.corsRules[*]\"\n                                },\n                                \"greater\": 0\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#132": "{\n    \"name\": \"Deny-Storage-LocalUser\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Local users should be restricted for Storage Accounts\",\n        \"description\": \"Azure Storage accounts should disable local users for features like SFTP. Enforce this for increased data exfiltration protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/isLocalUserEnabled\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/isLocalUserEnabled\",\n                                \"notEquals\": false\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#133": "{\n    \"name\": \"Deny-Storage-NetworkAclsBypass\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Network ACL bypass option should be restricted for Storage Accounts\",\n        \"description\": \"Azure Storage accounts should restrict the bypass option for service-level network ACLs. Enforce this for increased data exfiltration protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"allowedBypassOptions\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Allowed Bypass Options\",\n                    \"description\": \"Specifies which options are allowed to bypass the vnet configuration\"\n                },\n                \"allowedValues\": [\n                    \"None\",\n                    \"Logging\",\n                    \"Metrics\",\n                    \"AzureServices\",\n                    \"Logging, Metrics\",\n                    \"Logging, AzureServices\",\n                    \"Metrics, AzureServices\",\n                    \"Logging, Metrics, AzureServices\",\n                    \"Logging, Metrics, AzureServices\"\n                ],\n                \"defaultValue\": [\n                    \"Logging\",\n                    \"Metrics\",\n                    \"AzureServices\",\n                    \"Logging, Metrics\",\n                    \"Logging, AzureServices\",\n                    \"Metrics, AzureServices\",\n                    \"Logging, Metrics, AzureServices\",\n                    \"Logging, Metrics, AzureServices\"\n                ]\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.bypass\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.bypass\",\n                                \"notIn\": \"[[parameters('allowedBypassOptions')]\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#134": "{\n    \"name\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Virtual network rules should be restricted for Storage Accounts\",\n        \"description\": \"Azure Storage accounts should restrict the virtual network service-level network ACLs. Enforce this for increased data exfiltration protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.virtualNetworkRules[*]\"\n                        },\n                        \"greater\": 0\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#135": "{\n    \"name\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Resource Access Rules resource IDs should be restricted for Storage Accounts\",\n        \"description\": \"Azure Storage accounts should restrict the resource access rule for service-level network ACLs to services from a specific Azure subscription. Enforce this for increased data exfiltration protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.resourceAccessRules[*]\"\n                        },\n                        \"greater\": 0\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.resourceAccessRules[*]\",\n                            \"where\": {\n                                \"value\": \"[[split(current('Microsoft.Storage/storageAccounts/networkAcls.resourceAccessRules[*].resourceId'), '/')[2]]\",\n                                \"equals\": \"*\"\n                            }\n                        },\n                        \"greater\": 0\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#136": "{\n    \"name\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Resource Access Rules Tenants should be restricted for Storage Accounts\",\n        \"description\": \"Azure Storage accounts should restrict the resource access rule for service-level network ACLs to service from the same AAD tenant. Enforce this for increased data exfiltration protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.resourceAccessRules[*]\"\n                        },\n                        \"greater\": 0\n                    },\n                    {\n                        \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.resourceAccessRules[*].tenantId\",\n                        \"notEquals\": \"[[subscription().tenantId]\"\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#137": "{\n    \"name\": \"Deny-Storage-ServicesEncryption\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Encryption for storage services should be enforced for Storage Accounts\",\n        \"description\": \"Azure Storage accounts should enforce encryption for all storage services. Enforce this for increased encryption scope.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"anyOf\": [\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.blob.enabled\",\n                                        \"exists\": \"false\"\n                                    },\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.blob.enabled\",\n                                        \"notEquals\": true\n                                    }\n                                ]\n                            },\n                            {\n                                \"anyOf\": [\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.file.enabled\",\n                                        \"exists\": \"false\"\n                                    },\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.file.enabled\",\n                                        \"notEquals\": true\n                                    }\n                                ]\n                            },\n                            {\n                                \"anyOf\": [\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.queue.keyType\",\n                                        \"exists\": \"false\"\n                                    },\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.queue.keyType\",\n                                        \"notEquals\": \"Account\"\n                                    }\n                                ]\n                            },\n                            {\n                                \"anyOf\": [\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.table.keyType\",\n                                        \"exists\": \"false\"\n                                    },\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.table.keyType\",\n                                        \"notEquals\": \"Account\"\n                                    }\n                                ]\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#138": "{\n    \"name\": \"Deploy-LogicApp-TLS\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"Indexed\",\n        \"displayName\": \"Configure Logic apps to use the latest TLS version\",\n        \"description\": \"Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Logic Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Web/sites\"\n                    },\n                    {\n                        \"field\": \"kind\",\n                        \"contains\": \"workflowapp\"\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\",\n                \"details\": {\n                    \"type\": \"Microsoft.Web/sites/config\",\n                    \"name\": \"web\",\n                    \"existenceCondition\": {\n                        \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\n                        \"equals\": \"1.2\"\n                    },\n                    \"roleDefinitionIds\": [\n                        \"/providers/microsoft.authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772\"\n                    ],\n                    \"deployment\": {\n                        \"properties\": {\n                            \"mode\": \"incremental\",\n                            \"parameters\": {\n                                \"siteName\": {\n                                    \"value\": \"[[field('name')]\"\n                                }\n                            },\n                            \"template\": {\n                                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                                \"contentVersion\": \"1.0.0.0\",\n                                \"parameters\": {\n                                    \"siteName\": {\n                                        \"type\": \"string\"\n                                    }\n                                },\n                                \"variables\": {},\n                                \"resources\": [\n                                    {\n                                        \"type\": \"Microsoft.Web/sites/config\",\n                                        \"apiVersion\": \"2021-02-01\",\n                                        \"name\": \"[[concat(parameters('siteName'), '/web')]\",\n                                        \"properties\": {\n                                            \"minTlsVersion\": \"1.2\"\n                                        }\n                                    }\n                                ],\n                                \"outputs\": {}\n                            }\n                        }\n                    }\n                }\n            }\n        }\n    }\n}",
-    "$fxv#139": "{\n    \"name\": \"Modify-NSG\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Enforce specific configuration of Network Security Groups (NSG)\",\n        \"description\": \"This policy enforces the configuration of Network Security Groups (NSG).\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Modify\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"nsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"nsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"nsgRuleDirection\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"Inbound\",\n                    \"Outbound\"\n                ],\n                \"defaultValue\": \"Outbound\"\n            },\n            \"nsgRuleAccess\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"Allow\",\n                    \"Deny\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"nsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"nsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"nsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"nsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"nsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"nsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/networkSecurityGroups\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*]\"\n                        },\n                        \"equals\": 0\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\",\n                \"details\": {\n                    \"roleDefinitionIds\": [\n                        \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\n                    ],\n                    \"conflictEffect\": \"audit\",\n                    \"operations\": [\n                        {\n                            \"operation\": \"add\",\n                            \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*]\",\n                            \"value\": {\n                                \"name\": \"[[parameters('nsgRuleName')]\",\n                                \"properties\": {\n                                    \"description\": \"[[parameters('nsgRuleDescription')]\",\n                                    \"protocol\": \"[[parameters('nsgRuleProtocol')]\",\n                                    \"sourcePortRange\": \"[[parameters('nsgRuleSourcePortRange')]\",\n                                    \"destinationPortRange\": \"[[parameters('nsgRuleDestinationPortRange')]\",\n                                    \"sourceAddressPrefix\": \"[[parameters('nsgRuleSourceAddressPrefix')]\",\n                                    \"destinationAddressPrefix\": \"[[parameters('nsgRuleDestinationAddressPrefix')]\",\n                                    \"access\": \"[[parameters('nsgRuleAccess')]\",\n                                    \"priority\": \"[[parameters('nsgRulePriority')]\",\n                                    \"direction\": \"[[parameters('nsgRuleDirection')]\"\n                                }\n                            }\n                        }\n                    ]\n                }\n            }\n        }\n    }\n}",
+    "$fxv#130": "{\n    \"name\": \"Deny-Storage-CorsRules\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Storage Accounts should restrict CORS rules\",\n        \"description\": \"Deny CORS rules for storage account for increased data exfiltration protection and endpoint protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"anyOf\": [\n                    {\n                        \"allOf\": [\n                            {\n                                \"field\": \"type\",\n                                \"equals\": \"Microsoft.Storage/storageAccounts/blobServices\"\n                            },\n                            {\n                                \"count\": {\n                                    \"field\": \"Microsoft.Storage/storageAccounts/blobServices/cors.corsRules[*]\"\n                                },\n                                \"greater\": 0\n                            }\n                        ]\n                    },\n                    {\n                        \"allOf\": [\n                            {\n                                \"field\": \"type\",\n                                \"equals\": \"Microsoft.Storage/storageAccounts/fileServices\"\n                            },\n                            {\n                                \"count\": {\n                                    \"field\": \"Microsoft.Storage/storageAccounts/fileServices/cors.corsRules[*]\"\n                                },\n                                \"greater\": 0\n                            }\n                        ]\n                    },\n                    {\n                        \"allOf\": [\n                            {\n                                \"field\": \"type\",\n                                \"equals\": \"Microsoft.Storage/storageAccounts/tableServices\"\n                            },\n                            {\n                                \"count\": {\n                                    \"field\": \"Microsoft.Storage/storageAccounts/tableServices/cors.corsRules[*]\"\n                                },\n                                \"greater\": 0\n                            }\n                        ]\n                    },\n                    {\n                        \"allOf\": [\n                            {\n                                \"field\": \"type\",\n                                \"equals\": \"Microsoft.Storage/storageAccounts/queueServices\"\n                            },\n                            {\n                                \"count\": {\n                                    \"field\": \"Microsoft.Storage/storageAccounts/queueServices/cors.corsRules[*]\"\n                                },\n                                \"greater\": 0\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#131": "{\n    \"name\": \"Deny-Storage-LocalUser\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Local users should be restricted for Storage Accounts\",\n        \"description\": \"Azure Storage accounts should disable local users for features like SFTP. Enforce this for increased data exfiltration protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/isLocalUserEnabled\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/isLocalUserEnabled\",\n                                \"notEquals\": false\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#132": "{\n    \"name\": \"Deny-Storage-NetworkAclsBypass\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Network ACL bypass option should be restricted for Storage Accounts\",\n        \"description\": \"Azure Storage accounts should restrict the bypass option for service-level network ACLs. Enforce this for increased data exfiltration protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"allowedBypassOptions\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Allowed Bypass Options\",\n                    \"description\": \"Specifies which options are allowed to bypass the vnet configuration\"\n                },\n                \"allowedValues\": [\n                    \"None\",\n                    \"Logging\",\n                    \"Metrics\",\n                    \"AzureServices\",\n                    \"Logging, Metrics\",\n                    \"Logging, AzureServices\",\n                    \"Metrics, AzureServices\",\n                    \"Logging, Metrics, AzureServices\",\n                    \"Logging, Metrics, AzureServices\"\n                ],\n                \"defaultValue\": [\n                    \"Logging\",\n                    \"Metrics\",\n                    \"AzureServices\",\n                    \"Logging, Metrics\",\n                    \"Logging, AzureServices\",\n                    \"Metrics, AzureServices\",\n                    \"Logging, Metrics, AzureServices\",\n                    \"Logging, Metrics, AzureServices\"\n                ]\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.bypass\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.bypass\",\n                                \"notIn\": \"[[parameters('allowedBypassOptions')]\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#133": "{\n    \"name\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Virtual network rules should be restricted for Storage Accounts\",\n        \"description\": \"Azure Storage accounts should restrict the virtual network service-level network ACLs. Enforce this for increased data exfiltration protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.virtualNetworkRules[*]\"\n                        },\n                        \"greater\": 0\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#134": "{\n    \"name\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Resource Access Rules resource IDs should be restricted for Storage Accounts\",\n        \"description\": \"Azure Storage accounts should restrict the resource access rule for service-level network ACLs to services from a specific Azure subscription. Enforce this for increased data exfiltration protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.resourceAccessRules[*]\"\n                        },\n                        \"greater\": 0\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.resourceAccessRules[*]\",\n                            \"where\": {\n                                \"value\": \"[[split(current('Microsoft.Storage/storageAccounts/networkAcls.resourceAccessRules[*].resourceId'), '/')[2]]\",\n                                \"equals\": \"*\"\n                            }\n                        },\n                        \"greater\": 0\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#135": "{\n    \"name\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Resource Access Rules Tenants should be restricted for Storage Accounts\",\n        \"description\": \"Azure Storage accounts should restrict the resource access rule for service-level network ACLs to service from the same AAD tenant. Enforce this for increased data exfiltration protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.resourceAccessRules[*]\"\n                        },\n                        \"greater\": 0\n                    },\n                    {\n                        \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.resourceAccessRules[*].tenantId\",\n                        \"notEquals\": \"[[subscription().tenantId]\"\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#136": "{\n    \"name\": \"Deny-Storage-ServicesEncryption\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Encryption for storage services should be enforced for Storage Accounts\",\n        \"description\": \"Azure Storage accounts should enforce encryption for all storage services. Enforce this for increased encryption scope.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"anyOf\": [\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.blob.enabled\",\n                                        \"exists\": \"false\"\n                                    },\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.blob.enabled\",\n                                        \"notEquals\": true\n                                    }\n                                ]\n                            },\n                            {\n                                \"anyOf\": [\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.file.enabled\",\n                                        \"exists\": \"false\"\n                                    },\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.file.enabled\",\n                                        \"notEquals\": true\n                                    }\n                                ]\n                            },\n                            {\n                                \"anyOf\": [\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.queue.keyType\",\n                                        \"exists\": \"false\"\n                                    },\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.queue.keyType\",\n                                        \"notEquals\": \"Account\"\n                                    }\n                                ]\n                            },\n                            {\n                                \"anyOf\": [\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.table.keyType\",\n                                        \"exists\": \"false\"\n                                    },\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.table.keyType\",\n                                        \"notEquals\": \"Account\"\n                                    }\n                                ]\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#137": "{\n    \"name\": \"Deploy-LogicApp-TLS\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"Indexed\",\n        \"displayName\": \"Configure Logic apps to use the latest TLS version\",\n        \"description\": \"Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Logic Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Web/sites\"\n                    },\n                    {\n                        \"field\": \"kind\",\n                        \"contains\": \"workflowapp\"\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\",\n                \"details\": {\n                    \"type\": \"Microsoft.Web/sites/config\",\n                    \"name\": \"web\",\n                    \"existenceCondition\": {\n                        \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\n                        \"equals\": \"1.2\"\n                    },\n                    \"roleDefinitionIds\": [\n                        \"/providers/microsoft.authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772\"\n                    ],\n                    \"deployment\": {\n                        \"properties\": {\n                            \"mode\": \"incremental\",\n                            \"parameters\": {\n                                \"siteName\": {\n                                    \"value\": \"[[field('name')]\"\n                                }\n                            },\n                            \"template\": {\n                                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                                \"contentVersion\": \"1.0.0.0\",\n                                \"parameters\": {\n                                    \"siteName\": {\n                                        \"type\": \"string\"\n                                    }\n                                },\n                                \"variables\": {},\n                                \"resources\": [\n                                    {\n                                        \"type\": \"Microsoft.Web/sites/config\",\n                                        \"apiVersion\": \"2021-02-01\",\n                                        \"name\": \"[[concat(parameters('siteName'), '/web')]\",\n                                        \"properties\": {\n                                            \"minTlsVersion\": \"1.2\"\n                                        }\n                                    }\n                                ],\n                                \"outputs\": {}\n                            }\n                        }\n                    }\n                }\n            }\n        }\n    }\n}",
+    "$fxv#138": "{\n    \"name\": \"Modify-NSG\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Enforce specific configuration of Network Security Groups (NSG)\",\n        \"description\": \"This policy enforces the configuration of Network Security Groups (NSG).\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Modify\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"nsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"nsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"nsgRuleDirection\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"Inbound\",\n                    \"Outbound\"\n                ],\n                \"defaultValue\": \"Outbound\"\n            },\n            \"nsgRuleAccess\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"Allow\",\n                    \"Deny\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"nsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"nsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"nsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"nsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"nsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"nsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/networkSecurityGroups\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*]\"\n                        },\n                        \"equals\": 0\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\",\n                \"details\": {\n                    \"roleDefinitionIds\": [\n                        \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\n                    ],\n                    \"conflictEffect\": \"audit\",\n                    \"operations\": [\n                        {\n                            \"operation\": \"add\",\n                            \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*]\",\n                            \"value\": {\n                                \"name\": \"[[parameters('nsgRuleName')]\",\n                                \"properties\": {\n                                    \"description\": \"[[parameters('nsgRuleDescription')]\",\n                                    \"protocol\": \"[[parameters('nsgRuleProtocol')]\",\n                                    \"sourcePortRange\": \"[[parameters('nsgRuleSourcePortRange')]\",\n                                    \"destinationPortRange\": \"[[parameters('nsgRuleDestinationPortRange')]\",\n                                    \"sourceAddressPrefix\": \"[[parameters('nsgRuleSourceAddressPrefix')]\",\n                                    \"destinationAddressPrefix\": \"[[parameters('nsgRuleDestinationAddressPrefix')]\",\n                                    \"access\": \"[[parameters('nsgRuleAccess')]\",\n                                    \"priority\": \"[[parameters('nsgRulePriority')]\",\n                                    \"direction\": \"[[parameters('nsgRuleDirection')]\"\n                                }\n                            }\n                        }\n                    ]\n                }\n            }\n        }\n    }\n}",
+    "$fxv#139": "{\n    \"name\": \"Modify-UDR\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Enforce specific configuration of User-Defined Routes (UDR)\",\n        \"description\": \"This policy enforces the configuration of User-Defined Routes (UDR) within a subnet.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Modify\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"addressPrefix\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"description\": \"The destination IP address range in CIDR notation that this Policy checks for within the UDR. Example: 0.0.0.0/0 to check for the presence of a default route.\",\n                    \"displayName\": \"Address Prefix\"\n                }\n            },\n            \"nextHopType\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"description\": \"The next hope type that the policy checks for within the inspected route. The value can be Virtual Network, Virtual Network Gateway, Internet, Virtual Appliance, or None.\",\n                    \"displayName\": \"Next Hop Type\"\n                },\n                \"allowedValues\": [\n                    \"VnetLocal\",\n                    \"VirtualNetworkGateway\",\n                    \"Internet\",\n                    \"VirtualAppliance\",\n                    \"None\"\n                ]\n            },\n            \"nextHopIpAddress\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"description\": \"The IP address packets should be forwarded to.\",\n                    \"displayName\": \"Next Hop IP Address\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/routeTables\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Network/routeTables/routes[*]\"\n                        },\n                        \"equals\": 0\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\",\n                \"details\": {\n                    \"roleDefinitionIds\": [\n                        \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\n                    ],\n                    \"conflictEffect\": \"audit\",\n                    \"operations\": [\n                        {\n                            \"operation\": \"add\",\n                            \"field\": \"Microsoft.Network/routeTables/routes[*]\",\n                            \"value\": {\n                                \"name\": \"default\",\n                                \"properties\": {\n                                    \"addressPrefix\": \"[[parameters('addressPrefix')]\",\n                                    \"nextHopType\": \"[[parameters('nextHopType')]\",\n                                    \"nextHopIpAddress\": \"[[parameters('nextHopIpAddress')]\"\n                                }\n                            }\n                        }\n                    ]\n                }\n            }\n        }\n    }\n}",
     "$fxv#14": "{\n  \"name\": \"Deny-PostgreSql-http\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"PostgreSQL database servers enforce SSL connection.\",\n    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"SQL\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Deny\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"minimalTlsVersion\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"TLS1_2\",\n        \"allowedValues\": [\n          \"TLS1_2\",\n          \"TLS1_0\",\n          \"TLS1_1\",\n          \"TLSEnforcementDisabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Select version minimum TLS for PostgreSQL server\",\n          \"description\": \"Select version  minimum TLS version Azure Database for PostgreSQL server to enforce\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.DBforPostgreSQL/servers\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.DBforPostgreSQL/servers/sslEnforcement\",\n                \"exists\": \"false\"\n              },\n              {\n                \"field\": \"Microsoft.DBforPostgreSQL/servers/sslEnforcement\",\n                \"notEquals\": \"Enabled\"\n              },\n              {\n                \"field\": \"Microsoft.DBforPostgreSQL/servers/minimalTlsVersion\",\n                \"notequals\": \"[[parameters('minimalTlsVersion')]\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#140": "{\n    \"name\": \"Modify-UDR\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Enforce specific configuration of User-Defined Routes (UDR)\",\n        \"description\": \"This policy enforces the configuration of User-Defined Routes (UDR) within a subnet.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Modify\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"addressPrefix\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"description\": \"The destination IP address range in CIDR notation that this Policy checks for within the UDR. Example: 0.0.0.0/0 to check for the presence of a default route.\",\n                    \"displayName\": \"Address Prefix\"\n                }\n            },\n            \"nextHopType\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"description\": \"The next hope type that the policy checks for within the inspected route. The value can be Virtual Network, Virtual Network Gateway, Internet, Virtual Appliance, or None.\",\n                    \"displayName\": \"Next Hop Type\"\n                },\n                \"allowedValues\": [\n                    \"VnetLocal\",\n                    \"VirtualNetworkGateway\",\n                    \"Internet\",\n                    \"VirtualAppliance\",\n                    \"None\"\n                ]\n            },\n            \"nextHopIpAddress\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"description\": \"The IP address packets should be forwarded to.\",\n                    \"displayName\": \"Next Hop IP Address\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/routeTables\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Network/routeTables/routes[*]\"\n                        },\n                        \"equals\": 0\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\",\n                \"details\": {\n                    \"roleDefinitionIds\": [\n                        \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\n                    ],\n                    \"conflictEffect\": \"audit\",\n                    \"operations\": [\n                        {\n                            \"operation\": \"add\",\n                            \"field\": \"Microsoft.Network/routeTables/routes[*]\",\n                            \"value\": {\n                                \"name\": \"default\",\n                                \"properties\": {\n                                    \"addressPrefix\": \"[[parameters('addressPrefix')]\",\n                                    \"nextHopType\": \"[[parameters('nextHopType')]\",\n                                    \"nextHopIpAddress\": \"[[parameters('nextHopIpAddress')]\"\n                                }\n                            }\n                        }\n                    ]\n                }\n            }\n        }\n    }\n}",
-    "$fxv#141": "{\n    \"name\": \"Deploy-Private-DNS-Generic\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Deploy-Private-DNS-Generic\",\n        \"description\": \"Configure private DNS zone group to override the DNS resolution for PaaS services private endpoint. See https://aka.ms/pepdnszones for information on values to provide to parameters in this policy.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Networking\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n        \t\"AzureChinaCloud\",\n       \t\t\"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\"\n            },\n            \"privateDnsZoneId\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Private DNS Zone ID for Paas services\",\n                    \"description\": \"The private DNS zone name required for specific Paas Services to resolve a private DNS Zone.\",\n                    \"strongType\": \"Microsoft.Network/privateDnsZones\",\n                    \"assignPermissions\": true\n                }\n            },\n            \"resourceType\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"PaaS private endpoint resource type\",\n                    \"description\": \"The PaaS endpoint resource type.\"\n                }\n            },\n            \"groupId\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"PaaS Private endpoint group ID (subresource)\",\n                    \"description\": \"The group ID of the PaaS private endpoint. Also referred to as subresource.\"\n                }\n            },\n            \"evaluationDelay\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Evaluation Delay\",\n                    \"description\": \"The delay in evaluation of the policy. Review delay options at https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effect-deploy-if-not-exists\"\n                },\n                \"defaultValue\": \"PT10M\"\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/privateEndpoints\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*]\",\n                            \"where\": {\n                                \"allOf\": [\n                                    {\n                                        \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId\",\n                                        \"contains\": \"[[parameters('resourceType')]\"\n                                    },\n                                    {\n                                        \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\n                                        \"equals\": \"[[parameters('groupId')]\"\n                                    }\n                                ]\n                            }\n                        },\n                        \"greaterOrEquals\": 1\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\",\n                \"details\": {\n                    \"type\": \"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\n                    \"evaluationDelay\": \"[[parameters('evaluationDelay')]\",\n                    \"roleDefinitionIds\": [\n                        \"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\n                    ],\n                    \"deployment\": {\n                        \"properties\": {\n                            \"mode\": \"incremental\",\n                            \"template\": {\n                                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                                \"contentVersion\": \"1.0.0.0\",\n                                \"parameters\": {\n                                    \"privateDnsZoneId\": {\n                                        \"type\": \"string\"\n                                    },\n                                    \"privateEndpointName\": {\n                                        \"type\": \"string\"\n                                    },\n                                    \"location\": {\n                                        \"type\": \"string\"\n                                    }\n                                },\n                                \"resources\": [\n                                    {\n                                        \"name\": \"[[concat(parameters('privateEndpointName'), '/deployedByPolicy')]\",\n                                        \"type\": \"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\n                                        \"apiVersion\": \"2020-03-01\",\n                                        \"location\": \"[[parameters('location')]\",\n                                        \"properties\": {\n                                            \"privateDnsZoneConfigs\": [\n                                                {\n                                                    \"name\": \"PaaS-Service-Private-DNS-Zone-Config\",\n                                                    \"properties\": {\n                                                        \"privateDnsZoneId\": \"[[parameters('privateDnsZoneId')]\"\n                                                    }\n                                                }\n                                            ]\n                                        }\n                                    }\n                                ]\n                            },\n                            \"parameters\": {\n                                \"privateDnsZoneId\": {\n                                    \"value\": \"[[parameters('privateDnsZoneId')]\"\n                                },\n                                \"privateEndpointName\": {\n                                    \"value\": \"[[field('name')]\"\n                                },\n                                \"location\": {\n                                    \"value\": \"[[field('location')]\"\n                                }\n                            }\n                        }\n                    }\n                }\n            }\n        }\n    }\n}\n",
-    "$fxv#142": "{\n  \"name\": \"DenyAction-DeleteResources\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"All\",\n    \"displayName\": \"Do not allow deletion of specified resource and resource type\",\n    \"description\": \"This policy enables you to specify the resource and resource type that your organization can protect from accidentals deletion by blocking delete calls using the deny action effect.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"General\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"resourceName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Name\",\n          \"description\": \"Provide the name of the resource that you want to protect from accidental deletion.\"\n        }\n      },\n      \"resourceType\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Type\",\n          \"description\": \"Provide the resource type that you want to protect from accidental deletion.\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DenyAction\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DenyAction\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"[[parameters('resourceType')]\"\n          },\n          {\n            \"field\": \"name\",\n            \"like\": \"[[parameters('resourceName')]\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"actionNames\": [\n            \"delete\"\n          ]\n        }\n      }\n    }\n  }\n}\n",
-    "$fxv#143": "{\n  \"name\": \"Audit-MachineLearning-PrivateEndpointId\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Control private endpoint connections to Azure Machine Learning\",\n    \"description\": \"Audit private endpoints that are created in other subscriptions and/or tenants for Azure Machine Learning.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Audit\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\n            \"equals\": \"Approved\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateEndpoint.id\",\n                \"exists\": false\n              },\n              {\n                \"value\": \"[[split(concat(field('Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateEndpoint.id'), '//'), '/')[2]]\",\n                \"notEquals\": \"[[subscription().subscriptionId]\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#144": "{\n  \"name\": \"Deny-AA-child-resources\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"No child resources in Automation Account\",\n    \"description\": \"This policy denies the creation of child resources on the Automation Account\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Automation\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"in\": [\n              \"Microsoft.Automation/automationAccounts/runbooks\",\n              \"Microsoft.Automation/automationAccounts/variables\",\n              \"Microsoft.Automation/automationAccounts/modules\",\n              \"Microsoft.Automation/automationAccounts/credentials\",\n              \"Microsoft.Automation/automationAccounts/connections\",\n              \"Microsoft.Automation/automationAccounts/certificates\"\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#145": "{\n  \"name\": \"Deny-Databricks-NoPublicIp\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny public IPs for Databricks cluster\",\n    \"description\": \"Denies the deployment of workspaces that do not use the noPublicIp feature to host Databricks clusters without public IPs.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Databricks\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Databricks/workspaces\"\n          },\n          {\n            \"field\": \"Microsoft.DataBricks/workspaces/parameters.enableNoPublicIp.value\",\n            \"notEquals\": true\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#146": "{\n  \"name\": \"Deny-Databricks-Sku\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny non-premium Databricks sku\",\n    \"description\": \"Enforces the use of Premium Databricks workspaces to make sure appropriate security features are available including Databricks Access Controls, Credential Passthrough and SCIM provisioning for Microsoft Entra ID.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Databricks\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Databricks/workspaces\"\n          },\n          {\n            \"field\": \"Microsoft.DataBricks/workspaces/sku.name\",\n            \"notEquals\": \"premium\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}",
-    "$fxv#147": "{\n  \"name\": \"Deny-Databricks-VirtualNetwork\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny Databricks workspaces without Vnet injection\",\n    \"description\": \"Enforces the use of vnet injection for Databricks workspaces.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Databricks\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Databricks/workspaces\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.DataBricks/workspaces/parameters.customVirtualNetworkId.value\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.DataBricks/workspaces/parameters.customPublicSubnetName.value\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.DataBricks/workspaces/parameters.customPrivateSubnetName.value\",\n                \"exists\": false\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#148": "{\n  \"name\": \"Deny-MachineLearning-Aks\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny AKS cluster creation in Azure Machine Learning\",\n    \"description\": \"Deny AKS cluster creation in Azure Machine Learning and enforce connecting to existing clusters.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"equals\": \"AKS\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/resourceId\",\n                \"exists\": false\n              },\n              {\n                \"value\": \"[[empty(field('Microsoft.MachineLearningServices/workspaces/computes/resourceId'))]\",\n                \"equals\": true\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#149": "{\n  \"name\": \"Deny-MachineLearning-Compute-SubnetId\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Enforce subnet connectivity for Azure Machine Learning compute clusters and compute instances\",\n    \"description\": \"Enforce subnet connectivity for Azure Machine Learning compute clusters and compute instances.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"in\": [\n              \"AmlCompute\",\n              \"ComputeInstance\"\n            ]\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/subnet.id\",\n                \"exists\": false\n              },\n              {\n                \"value\": \"[[empty(field('Microsoft.MachineLearningServices/workspaces/computes/subnet.id'))]\",\n                \"equals\": true\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#140": "{\n    \"name\": \"Deploy-Private-DNS-Generic\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Deploy-Private-DNS-Generic\",\n        \"description\": \"Configure private DNS zone group to override the DNS resolution for PaaS services private endpoint. See https://aka.ms/pepdnszones for information on values to provide to parameters in this policy.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Networking\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n        \t\"AzureChinaCloud\",\n       \t\t\"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\"\n            },\n            \"privateDnsZoneId\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Private DNS Zone ID for Paas services\",\n                    \"description\": \"The private DNS zone name required for specific Paas Services to resolve a private DNS Zone.\",\n                    \"strongType\": \"Microsoft.Network/privateDnsZones\",\n                    \"assignPermissions\": true\n                }\n            },\n            \"resourceType\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"PaaS private endpoint resource type\",\n                    \"description\": \"The PaaS endpoint resource type.\"\n                }\n            },\n            \"groupId\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"PaaS Private endpoint group ID (subresource)\",\n                    \"description\": \"The group ID of the PaaS private endpoint. Also referred to as subresource.\"\n                }\n            },\n            \"evaluationDelay\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Evaluation Delay\",\n                    \"description\": \"The delay in evaluation of the policy. Review delay options at https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effect-deploy-if-not-exists\"\n                },\n                \"defaultValue\": \"PT10M\"\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/privateEndpoints\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*]\",\n                            \"where\": {\n                                \"allOf\": [\n                                    {\n                                        \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId\",\n                                        \"contains\": \"[[parameters('resourceType')]\"\n                                    },\n                                    {\n                                        \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\n                                        \"equals\": \"[[parameters('groupId')]\"\n                                    }\n                                ]\n                            }\n                        },\n                        \"greaterOrEquals\": 1\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\",\n                \"details\": {\n                    \"type\": \"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\n                    \"evaluationDelay\": \"[[parameters('evaluationDelay')]\",\n                    \"roleDefinitionIds\": [\n                        \"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\n                    ],\n                    \"deployment\": {\n                        \"properties\": {\n                            \"mode\": \"incremental\",\n                            \"template\": {\n                                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                                \"contentVersion\": \"1.0.0.0\",\n                                \"parameters\": {\n                                    \"privateDnsZoneId\": {\n                                        \"type\": \"string\"\n                                    },\n                                    \"privateEndpointName\": {\n                                        \"type\": \"string\"\n                                    },\n                                    \"location\": {\n                                        \"type\": \"string\"\n                                    }\n                                },\n                                \"resources\": [\n                                    {\n                                        \"name\": \"[[concat(parameters('privateEndpointName'), '/deployedByPolicy')]\",\n                                        \"type\": \"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\n                                        \"apiVersion\": \"2020-03-01\",\n                                        \"location\": \"[[parameters('location')]\",\n                                        \"properties\": {\n                                            \"privateDnsZoneConfigs\": [\n                                                {\n                                                    \"name\": \"PaaS-Service-Private-DNS-Zone-Config\",\n                                                    \"properties\": {\n                                                        \"privateDnsZoneId\": \"[[parameters('privateDnsZoneId')]\"\n                                                    }\n                                                }\n                                            ]\n                                        }\n                                    }\n                                ]\n                            },\n                            \"parameters\": {\n                                \"privateDnsZoneId\": {\n                                    \"value\": \"[[parameters('privateDnsZoneId')]\"\n                                },\n                                \"privateEndpointName\": {\n                                    \"value\": \"[[field('name')]\"\n                                },\n                                \"location\": {\n                                    \"value\": \"[[field('location')]\"\n                                }\n                            }\n                        }\n                    }\n                }\n            }\n        }\n    }\n}\n",
+    "$fxv#141": "{\n  \"name\": \"DenyAction-DeleteResources\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"All\",\n    \"displayName\": \"Do not allow deletion of specified resource and resource type\",\n    \"description\": \"This policy enables you to specify the resource and resource type that your organization can protect from accidentals deletion by blocking delete calls using the deny action effect.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"General\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"resourceName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Name\",\n          \"description\": \"Provide the name of the resource that you want to protect from accidental deletion.\"\n        }\n      },\n      \"resourceType\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Type\",\n          \"description\": \"Provide the resource type that you want to protect from accidental deletion.\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DenyAction\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DenyAction\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"[[parameters('resourceType')]\"\n          },\n          {\n            \"field\": \"name\",\n            \"like\": \"[[parameters('resourceName')]\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"actionNames\": [\n            \"delete\"\n          ]\n        }\n      }\n    }\n  }\n}\n",
+    "$fxv#142": "{\n  \"name\": \"Audit-MachineLearning-PrivateEndpointId\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Control private endpoint connections to Azure Machine Learning\",\n    \"description\": \"Audit private endpoints that are created in other subscriptions and/or tenants for Azure Machine Learning.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Audit\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\n            \"equals\": \"Approved\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateEndpoint.id\",\n                \"exists\": false\n              },\n              {\n                \"value\": \"[[split(concat(field('Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateEndpoint.id'), '//'), '/')[2]]\",\n                \"notEquals\": \"[[subscription().subscriptionId]\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#143": "{\n  \"name\": \"Deny-AA-child-resources\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"No child resources in Automation Account\",\n    \"description\": \"This policy denies the creation of child resources on the Automation Account\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Automation\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"in\": [\n              \"Microsoft.Automation/automationAccounts/runbooks\",\n              \"Microsoft.Automation/automationAccounts/variables\",\n              \"Microsoft.Automation/automationAccounts/modules\",\n              \"Microsoft.Automation/automationAccounts/credentials\",\n              \"Microsoft.Automation/automationAccounts/connections\",\n              \"Microsoft.Automation/automationAccounts/certificates\"\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#144": "{\n  \"name\": \"Deny-Databricks-NoPublicIp\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny public IPs for Databricks cluster\",\n    \"description\": \"Denies the deployment of workspaces that do not use the noPublicIp feature to host Databricks clusters without public IPs.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Databricks\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Databricks/workspaces\"\n          },\n          {\n            \"field\": \"Microsoft.DataBricks/workspaces/parameters.enableNoPublicIp.value\",\n            \"notEquals\": true\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#145": "{\n  \"name\": \"Deny-Databricks-Sku\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny non-premium Databricks sku\",\n    \"description\": \"Enforces the use of Premium Databricks workspaces to make sure appropriate security features are available including Databricks Access Controls, Credential Passthrough and SCIM provisioning for Microsoft Entra ID.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Databricks\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Databricks/workspaces\"\n          },\n          {\n            \"field\": \"Microsoft.DataBricks/workspaces/sku.name\",\n            \"notEquals\": \"premium\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}",
+    "$fxv#146": "{\n  \"name\": \"Deny-Databricks-VirtualNetwork\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny Databricks workspaces without Vnet injection\",\n    \"description\": \"Enforces the use of vnet injection for Databricks workspaces.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Databricks\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Databricks/workspaces\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.DataBricks/workspaces/parameters.customVirtualNetworkId.value\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.DataBricks/workspaces/parameters.customPublicSubnetName.value\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.DataBricks/workspaces/parameters.customPrivateSubnetName.value\",\n                \"exists\": false\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#147": "{\n  \"name\": \"Deny-MachineLearning-Aks\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny AKS cluster creation in Azure Machine Learning\",\n    \"description\": \"Deny AKS cluster creation in Azure Machine Learning and enforce connecting to existing clusters.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"equals\": \"AKS\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/resourceId\",\n                \"exists\": false\n              },\n              {\n                \"value\": \"[[empty(field('Microsoft.MachineLearningServices/workspaces/computes/resourceId'))]\",\n                \"equals\": true\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#148": "{\n  \"name\": \"Deny-MachineLearning-Compute-SubnetId\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Enforce subnet connectivity for Azure Machine Learning compute clusters and compute instances\",\n    \"description\": \"Enforce subnet connectivity for Azure Machine Learning compute clusters and compute instances.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"in\": [\n              \"AmlCompute\",\n              \"ComputeInstance\"\n            ]\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/subnet.id\",\n                \"exists\": false\n              },\n              {\n                \"value\": \"[[empty(field('Microsoft.MachineLearningServices/workspaces/computes/subnet.id'))]\",\n                \"equals\": true\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#149": "{\n  \"name\": \"Deny-MachineLearning-Compute-VmSize\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Limit allowed vm sizes for Azure Machine Learning compute clusters and compute instances\",\n    \"description\": \"Limit allowed vm sizes for Azure Machine Learning compute clusters and compute instances.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Budget\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"allowedVmSizes\": {\n        \"type\": \"Array\",\n        \"metadata\": {\n          \"displayName\": \"Allowed VM Sizes for Aml Compute Clusters and Instances\",\n          \"description\": \"Specifies the allowed VM Sizes for Aml Compute Clusters and Instances\"\n        },\n        \"defaultValue\": [\n          \"Standard_D1_v2\",\n          \"Standard_D2_v2\",\n          \"Standard_D3_v2\",\n          \"Standard_D4_v2\",\n          \"Standard_D11_v2\",\n          \"Standard_D12_v2\",\n          \"Standard_D13_v2\",\n          \"Standard_D14_v2\",\n          \"Standard_DS1_v2\",\n          \"Standard_DS2_v2\",\n          \"Standard_DS3_v2\",\n          \"Standard_DS4_v2\",\n          \"Standard_DS5_v2\",\n          \"Standard_DS11_v2\",\n          \"Standard_DS12_v2\",\n          \"Standard_DS13_v2\",\n          \"Standard_DS14_v2\",\n          \"Standard_M8-2ms\",\n          \"Standard_M8-4ms\",\n          \"Standard_M8ms\",\n          \"Standard_M16-4ms\",\n          \"Standard_M16-8ms\",\n          \"Standard_M16ms\",\n          \"Standard_M32-8ms\",\n          \"Standard_M32-16ms\",\n          \"Standard_M32ls\",\n          \"Standard_M32ms\",\n          \"Standard_M32ts\",\n          \"Standard_M64-16ms\",\n          \"Standard_M64-32ms\",\n          \"Standard_M64ls\",\n          \"Standard_M64ms\",\n          \"Standard_M64s\",\n          \"Standard_M128-32ms\",\n          \"Standard_M128-64ms\",\n          \"Standard_M128ms\",\n          \"Standard_M128s\",\n          \"Standard_M64\",\n          \"Standard_M64m\",\n          \"Standard_M128\",\n          \"Standard_M128m\",\n          \"Standard_D1\",\n          \"Standard_D2\",\n          \"Standard_D3\",\n          \"Standard_D4\",\n          \"Standard_D11\",\n          \"Standard_D12\",\n          \"Standard_D13\",\n          \"Standard_D14\",\n          \"Standard_DS15_v2\",\n          \"Standard_NV6\",\n          \"Standard_NV12\",\n          \"Standard_NV24\",\n          \"Standard_F2s_v2\",\n          \"Standard_F4s_v2\",\n          \"Standard_F8s_v2\",\n          \"Standard_F16s_v2\",\n          \"Standard_F32s_v2\",\n          \"Standard_F64s_v2\",\n          \"Standard_F72s_v2\",\n          \"Standard_NC6s_v3\",\n          \"Standard_NC12s_v3\",\n          \"Standard_NC24rs_v3\",\n          \"Standard_NC24s_v3\",\n          \"Standard_NC6\",\n          \"Standard_NC12\",\n          \"Standard_NC24\",\n          \"Standard_NC24r\",\n          \"Standard_ND6s\",\n          \"Standard_ND12s\",\n          \"Standard_ND24rs\",\n          \"Standard_ND24s\",\n          \"Standard_NC6s_v2\",\n          \"Standard_NC12s_v2\",\n          \"Standard_NC24rs_v2\",\n          \"Standard_NC24s_v2\",\n          \"Standard_ND40rs_v2\",\n          \"Standard_NV12s_v3\",\n          \"Standard_NV24s_v3\",\n          \"Standard_NV48s_v3\"\n        ]\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"in\": [\n              \"AmlCompute\",\n              \"ComputeInstance\"\n            ]\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/vmSize\",\n            \"notIn\": \"[[parameters('allowedVmSizes')]\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
     "$fxv#15": "{\n  \"name\": \"Deny-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny the creation of private DNS\",\n    \"description\": \"This policy denies the creation of a private DNS in the current scope, used in combination with policies that create centralized private DNS in connectivity subscription\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"field\": \"type\",\n        \"equals\": \"Microsoft.Network/privateDnsZones\"\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#150": "{\n  \"name\": \"Deny-MachineLearning-Compute-VmSize\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Limit allowed vm sizes for Azure Machine Learning compute clusters and compute instances\",\n    \"description\": \"Limit allowed vm sizes for Azure Machine Learning compute clusters and compute instances.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Budget\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"allowedVmSizes\": {\n        \"type\": \"Array\",\n        \"metadata\": {\n          \"displayName\": \"Allowed VM Sizes for Aml Compute Clusters and Instances\",\n          \"description\": \"Specifies the allowed VM Sizes for Aml Compute Clusters and Instances\"\n        },\n        \"defaultValue\": [\n          \"Standard_D1_v2\",\n          \"Standard_D2_v2\",\n          \"Standard_D3_v2\",\n          \"Standard_D4_v2\",\n          \"Standard_D11_v2\",\n          \"Standard_D12_v2\",\n          \"Standard_D13_v2\",\n          \"Standard_D14_v2\",\n          \"Standard_DS1_v2\",\n          \"Standard_DS2_v2\",\n          \"Standard_DS3_v2\",\n          \"Standard_DS4_v2\",\n          \"Standard_DS5_v2\",\n          \"Standard_DS11_v2\",\n          \"Standard_DS12_v2\",\n          \"Standard_DS13_v2\",\n          \"Standard_DS14_v2\",\n          \"Standard_M8-2ms\",\n          \"Standard_M8-4ms\",\n          \"Standard_M8ms\",\n          \"Standard_M16-4ms\",\n          \"Standard_M16-8ms\",\n          \"Standard_M16ms\",\n          \"Standard_M32-8ms\",\n          \"Standard_M32-16ms\",\n          \"Standard_M32ls\",\n          \"Standard_M32ms\",\n          \"Standard_M32ts\",\n          \"Standard_M64-16ms\",\n          \"Standard_M64-32ms\",\n          \"Standard_M64ls\",\n          \"Standard_M64ms\",\n          \"Standard_M64s\",\n          \"Standard_M128-32ms\",\n          \"Standard_M128-64ms\",\n          \"Standard_M128ms\",\n          \"Standard_M128s\",\n          \"Standard_M64\",\n          \"Standard_M64m\",\n          \"Standard_M128\",\n          \"Standard_M128m\",\n          \"Standard_D1\",\n          \"Standard_D2\",\n          \"Standard_D3\",\n          \"Standard_D4\",\n          \"Standard_D11\",\n          \"Standard_D12\",\n          \"Standard_D13\",\n          \"Standard_D14\",\n          \"Standard_DS15_v2\",\n          \"Standard_NV6\",\n          \"Standard_NV12\",\n          \"Standard_NV24\",\n          \"Standard_F2s_v2\",\n          \"Standard_F4s_v2\",\n          \"Standard_F8s_v2\",\n          \"Standard_F16s_v2\",\n          \"Standard_F32s_v2\",\n          \"Standard_F64s_v2\",\n          \"Standard_F72s_v2\",\n          \"Standard_NC6s_v3\",\n          \"Standard_NC12s_v3\",\n          \"Standard_NC24rs_v3\",\n          \"Standard_NC24s_v3\",\n          \"Standard_NC6\",\n          \"Standard_NC12\",\n          \"Standard_NC24\",\n          \"Standard_NC24r\",\n          \"Standard_ND6s\",\n          \"Standard_ND12s\",\n          \"Standard_ND24rs\",\n          \"Standard_ND24s\",\n          \"Standard_NC6s_v2\",\n          \"Standard_NC12s_v2\",\n          \"Standard_NC24rs_v2\",\n          \"Standard_NC24s_v2\",\n          \"Standard_ND40rs_v2\",\n          \"Standard_NV12s_v3\",\n          \"Standard_NV24s_v3\",\n          \"Standard_NV48s_v3\"\n        ]\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"in\": [\n              \"AmlCompute\",\n              \"ComputeInstance\"\n            ]\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/vmSize\",\n            \"notIn\": \"[[parameters('allowedVmSizes')]\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#151": "{\n  \"name\": \"Deny-MachineLearning-ComputeCluster-RemoteLoginPortPublicAccess\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"All\",\n    \"displayName\": \"Deny public access of Azure Machine Learning clusters via SSH\",\n    \"description\": \"Deny public access of Azure Machine Learning clusters via SSH.\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"equals\": \"AmlCompute\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/remoteLoginPortPublicAccess\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/remoteLoginPortPublicAccess\",\n                \"notEquals\": \"Disabled\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#152": "{\n  \"name\": \"Deny-MachineLearning-ComputeCluster-Scale\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Enforce scale settings for Azure Machine Learning compute clusters\",\n    \"description\": \"Enforce scale settings for Azure Machine Learning compute clusters.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Budget\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"maxNodeCount\": {\n        \"type\": \"Integer\",\n        \"metadata\": {\n          \"displayName\": \"Maximum Node Count\",\n          \"description\": \"Specifies the maximum node count of AML Clusters\"\n        },\n        \"defaultValue\": 10\n      },\n      \"minNodeCount\": {\n        \"type\": \"Integer\",\n        \"metadata\": {\n          \"displayName\": \"Minimum Node Count\",\n          \"description\": \"Specifies the minimum node count of AML Clusters\"\n        },\n        \"defaultValue\": 0\n      },\n      \"maxNodeIdleTimeInSecondsBeforeScaleDown\": {\n        \"type\": \"Integer\",\n        \"metadata\": {\n          \"displayName\": \"Maximum Node Idle Time in Seconds Before Scaledown\",\n          \"description\": \"Specifies the maximum node idle time in seconds before scaledown\"\n        },\n        \"defaultValue\": 900\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"equals\": \"AmlCompute\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.maxNodeCount\",\n                \"greater\": \"[[parameters('maxNodeCount')]\"\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.minNodeCount\",\n                \"greater\": \"[[parameters('minNodeCount')]\"\n              },\n              {\n                \"value\": \"[[int(last(split(replace(replace(replace(replace(replace(replace(replace(field('Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.nodeIdleTimeBeforeScaleDown'), 'P', '/'), 'Y', '/'), 'M', '/'), 'D', '/'), 'T', '/'), 'H', '/'), 'S', ''), '/')))]\",\n                \"greater\": \"[[parameters('maxNodeIdleTimeInSecondsBeforeScaleDown')]\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#153": "{\n  \"name\": \"Deny-MachineLearning-HbiWorkspace\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Enforces high business impact Azure Machine Learning Workspaces\",\n    \"description\": \"Enforces high business impact Azure Machine Learning workspaces.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/hbiWorkspace\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/hbiWorkspace\",\n                \"notEquals\": true\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#154": "{\n  \"name\": \"Deny-MachineLearning-PublicAccessWhenBehindVnet\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny public access behind vnet to Azure Machine Learning workspace\",\n    \"description\": \"Deny public access behind vnet to Azure Machine Learning workspaces.\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/allowPublicAccessWhenBehindVnet\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/allowPublicAccessWhenBehindVnet\",\n                \"notEquals\": false\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#155": "{\n  \"name\": \"Deny-MachineLearning-PublicNetworkAccess\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated] Azure Machine Learning should have disabled public network access\",\n    \"description\": \"Denies public network access for Azure Machine Learning workspaces. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/438c38d2-3772-465a-a9cc-7a6666a275ce.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"438c38d2-3772-465a-a9cc-7a6666a275ce\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/publicNetworkAccess\",\n            \"notEquals\": \"Disabled\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#156": "{\n  \"name\": \"Deploy-Budget\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"All\",\n    \"displayName\": \"Deploy a default budget on all subscriptions under the assigned scope\",\n    \"description\": \"Deploy a default budget on all subscriptions under the assigned scope\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Budget\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"budgetName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"budget-set-by-policy\",\n        \"metadata\": {\n          \"description\": \"The name for the budget to be created\"\n        }\n      },\n      \"amount\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"1000\",\n        \"metadata\": {\n          \"description\": \"The total amount of cost or usage to track with the budget\"\n        }\n      },\n      \"timeGrain\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Monthly\",\n        \"allowedValues\": [\n          \"Monthly\",\n          \"Quarterly\",\n          \"Annually\",\n          \"BillingMonth\",\n          \"BillingQuarter\",\n          \"BillingAnnual\"\n        ],\n        \"metadata\": {\n          \"description\": \"The time covered by a budget. Tracking of the amount will be reset based on the time grain.\"\n        }\n      },\n      \"firstThreshold\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"90\",\n        \"metadata\": {\n          \"description\": \"Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.\"\n        }\n      },\n      \"secondThreshold\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"100\",\n        \"metadata\": {\n          \"description\": \"Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.\"\n        }\n      },\n      \"contactRoles\": {\n        \"type\": \"Array\",\n        \"defaultValue\": [\n          \"Owner\",\n          \"Contributor\"\n        ],\n        \"metadata\": {\n          \"description\": \"The list of contact RBAC roles, in an array, to send the budget notification to when the threshold is exceeded.\"\n        }\n      },\n      \"contactEmails\": {\n        \"type\": \"Array\",\n        \"defaultValue\": [],\n        \"metadata\": {\n          \"description\": \"The list of email addresses, in an array, to send the budget notification to when the threshold is exceeded.\"\n        }\n      },\n      \"contactGroups\": {\n        \"type\": \"Array\",\n        \"defaultValue\": [],\n        \"metadata\": {\n          \"description\": \"The list of action groups, in an array, to send the budget notification to when the threshold is exceeded. It accepts array of strings.\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Resources/subscriptions\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Consumption/budgets\",\n          \"deploymentScope\": \"subscription\",\n          \"existenceScope\": \"subscription\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Consumption/budgets/amount\",\n                \"equals\": \"[[parameters('amount')]\"\n              },\n              {\n                \"field\": \"Microsoft.Consumption/budgets/timeGrain\",\n                \"equals\": \"[[parameters('timeGrain')]\"\n              },\n              {\n                \"field\": \"Microsoft.Consumption/budgets/category\",\n                \"equals\": \"Cost\"\n              }\n            ]\n          },\n          \"roleDefinitionIds\": [\n            \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n          ],\n          \"deployment\": {\n            \"location\": \"northeurope\",\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"parameters\": {\n                \"budgetName\": {\n                  \"value\": \"[[parameters('budgetName')]\"\n                },\n                \"amount\": {\n                  \"value\": \"[[parameters('amount')]\"\n                },\n                \"timeGrain\": {\n                  \"value\": \"[[parameters('timeGrain')]\"\n                },\n                \"firstThreshold\": {\n                  \"value\": \"[[parameters('firstThreshold')]\"\n                },\n                \"secondThreshold\": {\n                  \"value\": \"[[parameters('secondThreshold')]\"\n                },\n                \"contactEmails\": {\n                  \"value\": \"[[parameters('contactEmails')]\"\n                },\n                \"contactRoles\": {\n                  \"value\": \"[[parameters('contactRoles')]\"\n                },\n                \"contactGroups\": {\n                  \"value\": \"[[parameters('contactGroups')]\"\n                }\n              },\n              \"template\": {\n                \"$schema\": \"http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"budgetName\": {\n                    \"type\": \"String\"\n                  },\n                  \"amount\": {\n                    \"type\": \"String\"\n                  },\n                  \"timeGrain\": {\n                    \"type\": \"String\"\n                  },\n                  \"firstThreshold\": {\n                    \"type\": \"String\"\n                  },\n                  \"secondThreshold\": {\n                    \"type\": \"String\"\n                  },\n                  \"contactEmails\": {\n                    \"type\": \"Array\"\n                  },\n                  \"contactRoles\": {\n                    \"type\": \"Array\"\n                  },\n                  \"contactGroups\": {\n                    \"type\": \"Array\"\n                  },\n                  \"startDate\": {\n                    \"type\": \"String\",\n                    \"defaultValue\": \"[[concat(utcNow('MM'), '/01/', utcNow('yyyy'))]\"\n                  }\n                },\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.Consumption/budgets\",\n                    \"apiVersion\": \"2019-10-01\",\n                    \"name\": \"[[parameters('budgetName')]\",\n                    \"properties\": {\n                      \"timePeriod\": {\n                        \"startDate\": \"[[parameters('startDate')]\"\n                      },\n                      \"timeGrain\": \"[[parameters('timeGrain')]\",\n                      \"amount\": \"[[parameters('amount')]\",\n                      \"category\": \"Cost\",\n                      \"notifications\": {\n                        \"NotificationForExceededBudget1\": {\n                          \"enabled\": true,\n                          \"operator\": \"GreaterThan\",\n                          \"threshold\": \"[[parameters('firstThreshold')]\",\n                          \"contactEmails\": \"[[parameters('contactEmails')]\",\n                          \"contactRoles\": \"[[parameters('contactRoles')]\",\n                          \"contactGroups\": \"[[parameters('contactGroups')]\"\n                        },\n                        \"NotificationForExceededBudget2\": {\n                          \"enabled\": true,\n                          \"operator\": \"GreaterThan\",\n                          \"threshold\": \"[[parameters('secondThreshold')]\",\n                          \"contactEmails\": \"[[parameters('contactEmails')]\",\n                          \"contactRoles\": \"[[parameters('contactRoles')]\",\n                          \"contactGroups\": \"[[parameters('contactGroups')]\"\n                        }\n                      }\n                    }\n                  }\n                ]\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
-    "$fxv#157": "{\n  \"name\": \"Deploy-Diagnostics-AVDScalingPlans\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace\",\n    \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any Scaling Plan which is missing this diagnostic settings is created or updated. This policy is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n    \"metadata\": {\n      \"deprecated\": true,\n      \"version\": \"1.1.0-deprecated\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"logsEnabled\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"True\",\n        \"allowedValues\": [\n          \"True\",\n          \"False\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Enable logs\",\n          \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"field\": \"type\",\n        \"equals\": \"Microsoft.DesktopVirtualization/scalingplans\"\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Insights/diagnosticSettings\",\n          \"name\": \"[[parameters('profileName')]\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n                \"equals\": \"true\"\n              },\n              {\n                \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n                \"equals\": \"[[parameters('logAnalytics')]\"\n              }\n            ]\n          },\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n            \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n          ],\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"template\": {\n                \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"resourceName\": {\n                    \"type\": \"String\"\n                  },\n                  \"logAnalytics\": {\n                    \"type\": \"String\"\n                  },\n                  \"location\": {\n                    \"type\": \"String\"\n                  },\n                  \"profileName\": {\n                    \"type\": \"String\"\n                  },\n                  \"logsEnabled\": {\n                    \"type\": \"String\"\n                  }\n                },\n                \"variables\": {},\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.DesktopVirtualization/scalingplans/providers/diagnosticSettings\",\n                    \"apiVersion\": \"2017-05-01-preview\",\n                    \"name\": \"[[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n                    \"location\": \"[[parameters('location')]\",\n                    \"dependsOn\": [],\n                    \"properties\": {\n                      \"workspaceId\": \"[[parameters('logAnalytics')]\",\n                      \"logs\": [\n                        {\n                          \"category\": \"Autoscale\",\n                          \"enabled\": \"[[parameters('logsEnabled')]\"\n                        }\n                      ]\n                    }\n                  }\n                ],\n                \"outputs\": {}\n              },\n              \"parameters\": {\n                \"logAnalytics\": {\n                  \"value\": \"[[parameters('logAnalytics')]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"resourceName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"profileName\": {\n                  \"value\": \"[[parameters('profileName')]\"\n                },\n                \"logsEnabled\": {\n                  \"value\": \"[[parameters('logsEnabled')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}",
+    "$fxv#150": "{\n  \"name\": \"Deny-MachineLearning-ComputeCluster-RemoteLoginPortPublicAccess\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"All\",\n    \"displayName\": \"Deny public access of Azure Machine Learning clusters via SSH\",\n    \"description\": \"Deny public access of Azure Machine Learning clusters via SSH.\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"equals\": \"AmlCompute\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/remoteLoginPortPublicAccess\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/remoteLoginPortPublicAccess\",\n                \"notEquals\": \"Disabled\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#151": "{\n  \"name\": \"Deny-MachineLearning-ComputeCluster-Scale\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Enforce scale settings for Azure Machine Learning compute clusters\",\n    \"description\": \"Enforce scale settings for Azure Machine Learning compute clusters.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Budget\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"maxNodeCount\": {\n        \"type\": \"Integer\",\n        \"metadata\": {\n          \"displayName\": \"Maximum Node Count\",\n          \"description\": \"Specifies the maximum node count of AML Clusters\"\n        },\n        \"defaultValue\": 10\n      },\n      \"minNodeCount\": {\n        \"type\": \"Integer\",\n        \"metadata\": {\n          \"displayName\": \"Minimum Node Count\",\n          \"description\": \"Specifies the minimum node count of AML Clusters\"\n        },\n        \"defaultValue\": 0\n      },\n      \"maxNodeIdleTimeInSecondsBeforeScaleDown\": {\n        \"type\": \"Integer\",\n        \"metadata\": {\n          \"displayName\": \"Maximum Node Idle Time in Seconds Before Scaledown\",\n          \"description\": \"Specifies the maximum node idle time in seconds before scaledown\"\n        },\n        \"defaultValue\": 900\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"equals\": \"AmlCompute\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.maxNodeCount\",\n                \"greater\": \"[[parameters('maxNodeCount')]\"\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.minNodeCount\",\n                \"greater\": \"[[parameters('minNodeCount')]\"\n              },\n              {\n                \"value\": \"[[int(last(split(replace(replace(replace(replace(replace(replace(replace(field('Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.nodeIdleTimeBeforeScaleDown'), 'P', '/'), 'Y', '/'), 'M', '/'), 'D', '/'), 'T', '/'), 'H', '/'), 'S', ''), '/')))]\",\n                \"greater\": \"[[parameters('maxNodeIdleTimeInSecondsBeforeScaleDown')]\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#152": "{\n  \"name\": \"Deny-MachineLearning-HbiWorkspace\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Enforces high business impact Azure Machine Learning Workspaces\",\n    \"description\": \"Enforces high business impact Azure Machine Learning workspaces.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/hbiWorkspace\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/hbiWorkspace\",\n                \"notEquals\": true\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#153": "{\n  \"name\": \"Deny-MachineLearning-PublicAccessWhenBehindVnet\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny public access behind vnet to Azure Machine Learning workspace\",\n    \"description\": \"Deny public access behind vnet to Azure Machine Learning workspaces.\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/allowPublicAccessWhenBehindVnet\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/allowPublicAccessWhenBehindVnet\",\n                \"notEquals\": false\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#154": "{\n  \"name\": \"Deny-MachineLearning-PublicNetworkAccess\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated] Azure Machine Learning should have disabled public network access\",\n    \"description\": \"Denies public network access for Azure Machine Learning workspaces. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/438c38d2-3772-465a-a9cc-7a6666a275ce.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"438c38d2-3772-465a-a9cc-7a6666a275ce\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/publicNetworkAccess\",\n            \"notEquals\": \"Disabled\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#155": "{\n  \"name\": \"Deploy-Budget\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"All\",\n    \"displayName\": \"Deploy a default budget on all subscriptions under the assigned scope\",\n    \"description\": \"Deploy a default budget on all subscriptions under the assigned scope\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Budget\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"budgetName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"budget-set-by-policy\",\n        \"metadata\": {\n          \"description\": \"The name for the budget to be created\"\n        }\n      },\n      \"amount\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"1000\",\n        \"metadata\": {\n          \"description\": \"The total amount of cost or usage to track with the budget\"\n        }\n      },\n      \"timeGrain\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Monthly\",\n        \"allowedValues\": [\n          \"Monthly\",\n          \"Quarterly\",\n          \"Annually\",\n          \"BillingMonth\",\n          \"BillingQuarter\",\n          \"BillingAnnual\"\n        ],\n        \"metadata\": {\n          \"description\": \"The time covered by a budget. Tracking of the amount will be reset based on the time grain.\"\n        }\n      },\n      \"firstThreshold\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"90\",\n        \"metadata\": {\n          \"description\": \"Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.\"\n        }\n      },\n      \"secondThreshold\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"100\",\n        \"metadata\": {\n          \"description\": \"Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.\"\n        }\n      },\n      \"contactRoles\": {\n        \"type\": \"Array\",\n        \"defaultValue\": [\n          \"Owner\",\n          \"Contributor\"\n        ],\n        \"metadata\": {\n          \"description\": \"The list of contact RBAC roles, in an array, to send the budget notification to when the threshold is exceeded.\"\n        }\n      },\n      \"contactEmails\": {\n        \"type\": \"Array\",\n        \"defaultValue\": [],\n        \"metadata\": {\n          \"description\": \"The list of email addresses, in an array, to send the budget notification to when the threshold is exceeded.\"\n        }\n      },\n      \"contactGroups\": {\n        \"type\": \"Array\",\n        \"defaultValue\": [],\n        \"metadata\": {\n          \"description\": \"The list of action groups, in an array, to send the budget notification to when the threshold is exceeded. It accepts array of strings.\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Resources/subscriptions\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Consumption/budgets\",\n          \"deploymentScope\": \"subscription\",\n          \"existenceScope\": \"subscription\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Consumption/budgets/amount\",\n                \"equals\": \"[[parameters('amount')]\"\n              },\n              {\n                \"field\": \"Microsoft.Consumption/budgets/timeGrain\",\n                \"equals\": \"[[parameters('timeGrain')]\"\n              },\n              {\n                \"field\": \"Microsoft.Consumption/budgets/category\",\n                \"equals\": \"Cost\"\n              }\n            ]\n          },\n          \"roleDefinitionIds\": [\n            \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n          ],\n          \"deployment\": {\n            \"location\": \"northeurope\",\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"parameters\": {\n                \"budgetName\": {\n                  \"value\": \"[[parameters('budgetName')]\"\n                },\n                \"amount\": {\n                  \"value\": \"[[parameters('amount')]\"\n                },\n                \"timeGrain\": {\n                  \"value\": \"[[parameters('timeGrain')]\"\n                },\n                \"firstThreshold\": {\n                  \"value\": \"[[parameters('firstThreshold')]\"\n                },\n                \"secondThreshold\": {\n                  \"value\": \"[[parameters('secondThreshold')]\"\n                },\n                \"contactEmails\": {\n                  \"value\": \"[[parameters('contactEmails')]\"\n                },\n                \"contactRoles\": {\n                  \"value\": \"[[parameters('contactRoles')]\"\n                },\n                \"contactGroups\": {\n                  \"value\": \"[[parameters('contactGroups')]\"\n                }\n              },\n              \"template\": {\n                \"$schema\": \"http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"budgetName\": {\n                    \"type\": \"String\"\n                  },\n                  \"amount\": {\n                    \"type\": \"String\"\n                  },\n                  \"timeGrain\": {\n                    \"type\": \"String\"\n                  },\n                  \"firstThreshold\": {\n                    \"type\": \"String\"\n                  },\n                  \"secondThreshold\": {\n                    \"type\": \"String\"\n                  },\n                  \"contactEmails\": {\n                    \"type\": \"Array\"\n                  },\n                  \"contactRoles\": {\n                    \"type\": \"Array\"\n                  },\n                  \"contactGroups\": {\n                    \"type\": \"Array\"\n                  },\n                  \"startDate\": {\n                    \"type\": \"String\",\n                    \"defaultValue\": \"[[concat(utcNow('MM'), '/01/', utcNow('yyyy'))]\"\n                  }\n                },\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.Consumption/budgets\",\n                    \"apiVersion\": \"2019-10-01\",\n                    \"name\": \"[[parameters('budgetName')]\",\n                    \"properties\": {\n                      \"timePeriod\": {\n                        \"startDate\": \"[[parameters('startDate')]\"\n                      },\n                      \"timeGrain\": \"[[parameters('timeGrain')]\",\n                      \"amount\": \"[[parameters('amount')]\",\n                      \"category\": \"Cost\",\n                      \"notifications\": {\n                        \"NotificationForExceededBudget1\": {\n                          \"enabled\": true,\n                          \"operator\": \"GreaterThan\",\n                          \"threshold\": \"[[parameters('firstThreshold')]\",\n                          \"contactEmails\": \"[[parameters('contactEmails')]\",\n                          \"contactRoles\": \"[[parameters('contactRoles')]\",\n                          \"contactGroups\": \"[[parameters('contactGroups')]\"\n                        },\n                        \"NotificationForExceededBudget2\": {\n                          \"enabled\": true,\n                          \"operator\": \"GreaterThan\",\n                          \"threshold\": \"[[parameters('secondThreshold')]\",\n                          \"contactEmails\": \"[[parameters('contactEmails')]\",\n                          \"contactRoles\": \"[[parameters('contactRoles')]\",\n                          \"contactGroups\": \"[[parameters('contactGroups')]\"\n                        }\n                      }\n                    }\n                  }\n                ]\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
+    "$fxv#156": "{\n  \"name\": \"Deploy-Diagnostics-AVDScalingPlans\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace\",\n    \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any Scaling Plan which is missing this diagnostic settings is created or updated. This policy is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n    \"metadata\": {\n      \"deprecated\": true,\n      \"version\": \"1.1.0-deprecated\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"logsEnabled\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"True\",\n        \"allowedValues\": [\n          \"True\",\n          \"False\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Enable logs\",\n          \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"field\": \"type\",\n        \"equals\": \"Microsoft.DesktopVirtualization/scalingplans\"\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Insights/diagnosticSettings\",\n          \"name\": \"[[parameters('profileName')]\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n                \"equals\": \"true\"\n              },\n              {\n                \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n                \"equals\": \"[[parameters('logAnalytics')]\"\n              }\n            ]\n          },\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n            \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n          ],\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"template\": {\n                \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"resourceName\": {\n                    \"type\": \"String\"\n                  },\n                  \"logAnalytics\": {\n                    \"type\": \"String\"\n                  },\n                  \"location\": {\n                    \"type\": \"String\"\n                  },\n                  \"profileName\": {\n                    \"type\": \"String\"\n                  },\n                  \"logsEnabled\": {\n                    \"type\": \"String\"\n                  }\n                },\n                \"variables\": {},\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.DesktopVirtualization/scalingplans/providers/diagnosticSettings\",\n                    \"apiVersion\": \"2017-05-01-preview\",\n                    \"name\": \"[[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n                    \"location\": \"[[parameters('location')]\",\n                    \"dependsOn\": [],\n                    \"properties\": {\n                      \"workspaceId\": \"[[parameters('logAnalytics')]\",\n                      \"logs\": [\n                        {\n                          \"category\": \"Autoscale\",\n                          \"enabled\": \"[[parameters('logsEnabled')]\"\n                        }\n                      ]\n                    }\n                  }\n                ],\n                \"outputs\": {}\n              },\n              \"parameters\": {\n                \"logAnalytics\": {\n                  \"value\": \"[[parameters('logAnalytics')]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"resourceName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"profileName\": {\n                  \"value\": \"[[parameters('profileName')]\"\n                },\n                \"logsEnabled\": {\n                  \"value\": \"[[parameters('logsEnabled')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}",
+    "$fxv#157": "{\n    \"name\": \"Deploy-Vm-autoShutdown\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"Indexed\",\n        \"displayName\": \"Deploy Virtual Machine Auto Shutdown Schedule\",\n        \"description\": \"Deploys an auto shutdown schedule to a virtual machine\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Compute\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"time\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Scheduled Shutdown Time\",\n                    \"description\": \"Daily Scheduled shutdown time. i.e. 2300 = 11:00 PM\"\n                },\n                \"defaultValue\": \"0000\"\n            },\n            \"timeZoneId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"UTC\",\n                \"metadata\": {\n                    \"displayName\": \"Time zone\",\n                    \"description\": \"The time zone ID (e.g. Pacific Standard time).\"\n                }\n            },\n            \"EnableNotification\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"metadata\": {\n                    \"displayName\": \"Send Notification before auto-shutdown\",\n                    \"description\": \"If notifications are enabled for this schedule (i.e. Enabled, Disabled).\"\n                },\n                \"allowedValues\": [\n                    \"Disabled\",\n                    \"Enabled\"\n                ]\n            },\n            \"NotificationEmailRecipient\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"Email Address\",\n                    \"description\": \"Email address to be used for notification\"\n                }\n            },\n            \"NotificationWebhookUrl\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"Webhook URL\",\n                    \"description\": \"A notification will be posted to the specified webhook endpoint when the auto-shutdown is about to happen.\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"field\": \"type\",\n                \"equals\": \"Microsoft.Compute/virtualMachines\"\n            },\n            \"then\": {\n                \"effect\": \"deployIfNotExists\",\n                \"details\": {\n                    \"type\": \"Microsoft.DevTestLab/schedules\",\n                    \"existenceCondition\": {\n                        \"allOf\": [\n                            {\n                                \"field\": \"Microsoft.DevTestLab/schedules/taskType\",\n                                \"equals\": \"ComputeVmShutdownTask\"\n                            },\n                            {\n                                \"field\": \"Microsoft.DevTestLab/schedules/targetResourceId\",\n                                \"equals\": \"[[concat(resourceGroup().id,'/providers/Microsoft.Compute/virtualMachines/',field('name'))]\"\n                            }\n                        ]\n                    },\n                    \"roleDefinitionIds\": [\n                        \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\n                    ],\n                    \"deployment\": {\n                        \"properties\": {\n                            \"mode\": \"incremental\",\n                            \"template\": {\n                                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                                \"contentVersion\": \"1.0.0.0\",\n                                \"parameters\": {\n                                    \"vmName\": {\n                                        \"type\": \"string\"\n                                    },\n                                    \"location\": {\n                                        \"type\": \"string\"\n                                    },\n                                    \"time\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"Daily Scheduled shutdown time. i.e. 2300 = 11:00 PM\"\n                                        }\n                                    },\n                                    \"timeZoneId\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"The time zone ID (e.g. Pacific Standard time).\"\n                                        }\n                                    },\n                                    \"EnableNotification\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"If notifications are enabled for this schedule (i.e. Enabled, Disabled).\"\n                                        }\n                                    },\n                                    \"NotificationEmailRecipient\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"Email address to be used for notification\"\n                                        }\n                                    },\n                                    \"NotificationWebhookUrl\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"A notification will be posted to the specified webhook endpoint when the auto-shutdown is about to happen.\"\n                                        }\n                                    }\n                                },\n                                \"variables\": {},\n                                \"resources\": [\n                                    {\n                                        \"name\": \"[[concat('shutdown-computevm-',parameters('vmName'))]\",\n                                        \"type\": \"Microsoft.DevTestLab/schedules\",\n                                        \"location\": \"[[parameters('location')]\",\n                                        \"apiVersion\": \"2018-09-15\",\n                                        \"properties\": {\n                                            \"status\": \"Enabled\",\n                                            \"taskType\": \"ComputeVmShutdownTask\",\n                                            \"dailyRecurrence\": {\n                                                \"time\": \"[[parameters('time')]\"\n                                            },\n                                            \"timeZoneId\": \"[[parameters('timeZoneId')]\",\n                                            \"notificationSettings\": {\n                                                \"status\": \"[[parameters('EnableNotification')]\",\n                                                \"timeInMinutes\": 30,\n                                                \"webhookUrl\": \"[[parameters('NotificationWebhookUrl')]\",\n                                                \"emailRecipient\": \"[[parameters('NotificationEmailRecipient')]\",\n                                                \"notificationLocale\": \"en\"\n                                            },\n                                            \"targetResourceId\": \"[[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]\"\n                                        }\n                                    }\n                                ],\n                                \"outputs\": {}\n                            },\n                            \"parameters\": {\n                                \"vmName\": {\n                                    \"value\": \"[[field('name')]\"\n                                },\n                                \"location\": {\n                                    \"value\": \"[[field('location')]\"\n                                },\n                                \"time\": {\n                                    \"value\": \"[[parameters('time')]\"\n                                },\n                                \"timeZoneId\": {\n                                    \"value\": \"[[parameters('timeZoneId')]\"\n                                },\n                                \"EnableNotification\": {\n                                    \"value\": \"[[parameters('EnableNotification')]\"\n                                },\n                                \"NotificationEmailRecipient\": {\n                                    \"value\": \"[[parameters('NotificationEmailRecipient')]\"\n                                },\n                                \"NotificationWebhookUrl\": {\n                                    \"value\": \"[[parameters('NotificationWebhookUrl')]\"\n                                }\n                            }\n                        }\n                    }\n                }\n            }\n        }\n    }\n}",
     "$fxv#158": "{\n  \"name\": \"Deny-AFSPaasPublicIP\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Public network access should be disabled for Azure File Sync\",\n    \"description\": \"Disabling the public endpoint allows you to restrict access to your Storage Sync Service resource to requests destined to approved private endpoints on your organization's network. There is nothing inherently insecure about allowing requests to the public endpoint, however, you may wish to disable it to meet regulatory, legal, or organizational policy requirements. You can disable the public endpoint for a Storage Sync Service by setting the incomingTrafficPolicy of the resource to AllowVirtualNetworksOnly.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Storage\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Audit\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.StorageSync/storageSyncServices\"\n          },\n          {\n            \"field\": \"Microsoft.StorageSync/storageSyncServices/incomingTrafficPolicy\",\n            \"notEquals\": \"AllowVirtualNetworksOnly\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
     "$fxv#159": "{\n  \"name\": \"Deny-KeyVaultPaasPublicIP\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Preview: Azure Key Vault should disable public network access\",\n    \"description\": \"Disable public network access for your key vault so that it's not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/akvprivatelink.\",\n    \"metadata\": {\n      \"version\": \"2.0.0-preview\",\n      \"category\": \"Key Vault\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"preview\": true,\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Audit\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.KeyVault/vaults\"\n          },\n          {\n            \"not\": {\n              \"field\": \"Microsoft.KeyVault/vaults/createMode\",\n              \"equals\": \"recover\"\n            }\n          },\n          {\n            \"field\": \"Microsoft.KeyVault/vaults/networkAcls.defaultAction\",\n            \"notEquals\": \"Deny\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
     "$fxv#16": "{\n  \"name\": \"Deny-PublicEndpoint-MariaDB\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated] Public network access should be disabled for MariaDB\",\n    \"description\": \"This policy denies the creation of Maria DB accounts with exposed public endpoints. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/fdccbe47-f3e3-4213-ad5d-ea459b2fa077.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"SQL\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.DBforMariaDB/servers\"\n          },\n          {\n            \"field\": \"Microsoft.DBforMariaDB/servers/publicNetworkAccess\",\n            \"notequals\": \"Disabled\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
@@ -406,10 +406,10 @@
         "[variables('$fxv#138')]",
         "[variables('$fxv#139')]",
         "[variables('$fxv#140')]",
-        "[variables('$fxv#141')]",
-        "[variables('$fxv#142')]"
+        "[variables('$fxv#141')]"
       ],
       "AzureCloud": [
+        "[variables('$fxv#142')]",
         "[variables('$fxv#143')]",
         "[variables('$fxv#144')]",
         "[variables('$fxv#145')]",
diff --git a/eslzArm/managementGroupTemplates/roleDefinitions/customRoleDefinitions.json b/eslzArm/managementGroupTemplates/roleDefinitions/customRoleDefinitions.json
index 385dcbebdf..87e9aa6628 100644
--- a/eslzArm/managementGroupTemplates/roleDefinitions/customRoleDefinitions.json
+++ b/eslzArm/managementGroupTemplates/roleDefinitions/customRoleDefinitions.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.28.1.47646",
-      "templateHash": "7289710698265093596"
+      "version": "0.22.6.54827",
+      "templateHash": "14490525755972949150"
     }
   },
   "variables": {
@@ -38,22 +38,25 @@
       }
     },
     "$fxv#1": {
-      "name": "dc726155-3983-5405-b446-9bb27b94e02c",
+      "name": "402344ce-48c4-5ac1-9320-16726050f964",
       "type": "Microsoft.Authorization/roleDefinitions",
       "apiVersion": "2022-04-01",
       "properties": {
-        "roleName": "Network-Management",
-        "description": "Platform-wide global connectivity management: virtual networks, UDRs, NSGs, NVAs, VPN, Azure ExpressRoute, and others",
+        "roleName": "Subscription-Owner",
+        "description": "Delegated role for subscription owner generated from subscription Owner role",
         "type": "customRole",
         "permissions": [
           {
             "actions": [
-              "*/read",
-              "Microsoft.Network/*",
-              "Microsoft.Resources/deployments/*",
-              "Microsoft.Support/*"
+              "*"
+            ],
+            "notActions": [
+              "Microsoft.Authorization/*/write",
+              "Microsoft.Network/vpnGateways/*",
+              "Microsoft.Network/expressRouteCircuits/*",
+              "Microsoft.Network/routeTables/write",
+              "Microsoft.Network/vpnSites/*"
             ],
-            "notActions": [],
             "dataActions": [],
             "notDataActions": []
           }
@@ -98,25 +101,22 @@
       }
     },
     "$fxv#3": {
-      "name": "402344ce-48c4-5ac1-9320-16726050f964",
+      "name": "dc726155-3983-5405-b446-9bb27b94e02c",
       "type": "Microsoft.Authorization/roleDefinitions",
       "apiVersion": "2022-04-01",
       "properties": {
-        "roleName": "Subscription-Owner",
-        "description": "Delegated role for subscription owner generated from subscription Owner role",
+        "roleName": "Network-Management",
+        "description": "Platform-wide global connectivity management: virtual networks, UDRs, NSGs, NVAs, VPN, Azure ExpressRoute, and others",
         "type": "customRole",
         "permissions": [
           {
             "actions": [
-              "*"
-            ],
-            "notActions": [
-              "Microsoft.Authorization/*/write",
-              "Microsoft.Network/vpnGateways/*",
-              "Microsoft.Network/expressRouteCircuits/*",
-              "Microsoft.Network/routeTables/write",
-              "Microsoft.Network/vpnSites/*"
+              "*/read",
+              "Microsoft.Network/*",
+              "Microsoft.Resources/deployments/*",
+              "Microsoft.Support/*"
             ],
+            "notActions": [],
             "dataActions": [],
             "notDataActions": []
           }
@@ -130,11 +130,12 @@
     "loadRoleDefinitions": {
       "All": [
         "[variables('$fxv#0')]",
-        "[variables('$fxv#1')]",
+        "[variables('$fxv#1')]"
+      ],
+      "AzureCloud": [
         "[variables('$fxv#2')]",
         "[variables('$fxv#3')]"
       ],
-      "AzureCloud": [],
       "AzureChinaCloud": [],
       "AzureUSGovernment": []
     },

From 8f21e5f652a9f40595cb3e6903d753db3aea412d Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Fri, 2 Aug 2024 14:37:04 +0800
Subject: [PATCH 12/43] Update to adopt Mooncake

---
 eslzArm/eslzArm.json                          |  25 +-
 ...mcDENY-PublicEndpointPolicyAssignment.json |  60 ++
 .../mcDINE-MDFCConfigPolicyAssignment.json    |   2 +-
 ...cDINE-PrivateDNSZonesPolicyAssignment.json |   2 +-
 .../policyDefinitions/initiatives.json        | 162 ++--
 ...y-PublicPaaSEndpoints.AzureChinaCloud.json |   6 +-
 .../Deploy-MDFC-Config.AzureChinaCloud.json   |   2 +-
 ...loy-Private-DNS-Zones.AzureChinaCloud.json |  24 +-
 ...cryptTransit_20240509.AzureChinaCloud.json | 912 ++++++++++++++++++
 ...Guardrails-Automation.AzureChinaCloud.json | 116 +++
 ...rdrails-ContainerApps.AzureChinaCloud.json |  43 +
 ...e-Guardrails-CosmosDb.AzureChinaCloud.json | 104 ++
 ...ardrails-KeyVault-Sup.AzureChinaCloud.json |  42 +
 ...e-Guardrails-KeyVault.AzureChinaCloud.json | 759 +++++++++++++++
 ...orce-Guardrails-MySQL.AzureChinaCloud.json |  42 +
 ...ce-Guardrails-Network.AzureChinaCloud.json | 504 ++++++++++
 ...ce-Guardrails-Storage.AzureChinaCloud.json | 443 +++++++++
 src/templates/initiatives.bicep               |  49 +-
 18 files changed, 3188 insertions(+), 109 deletions(-)
 create mode 100644 eslzArm/managementGroupTemplates/policyAssignments/china/mcDENY-PublicEndpointPolicyAssignment.json
 create mode 100644 src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.AzureChinaCloud.json
 create mode 100644 src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.AzureChinaCloud.json
 create mode 100644 src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.AzureChinaCloud.json
 create mode 100644 src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.AzureChinaCloud.json
 create mode 100644 src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.AzureChinaCloud.json
 create mode 100644 src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json
 create mode 100644 src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.AzureChinaCloud.json
 create mode 100644 src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json
 create mode 100644 src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.AzureChinaCloud.json

diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json
index 6954c148e0..5004523a43 100644
--- a/eslzArm/eslzArm.json
+++ b/eslzArm/eslzArm.json
@@ -1575,6 +1575,7 @@
             "monitorRepo": "https://raw.githubusercontent.com/Azure/azure-monitor-baseline-alerts/2023-11-14/"
         },
         // Declaring all required deployment uri's used for deployments of composite ARM templates for ESLZ
+        // Referring to different Policy Set definition for different cloud enviornment
         "azPrivateDnsPolicyAssignmentMapping": {
             "https://management.azure.com/": "managementGroupTemplates/policyAssignments/DINE-PrivateDNSZonesPolicyAssignment.json",
             "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/gov/fairfaxDINE-PrivateDNSZonesPolicyAssignment.json",
@@ -1582,13 +1583,31 @@
 
         },
         "azPrivateDnsPolicyAssignment": "[variables('azPrivateDnsPolicyAssignmentMapping')[environment().resourceManager]]",
-        // Referring to different Policy Set definition for different cloud enviornment
+
+        "PublicEndpointPolicyAssignmentMapping": {
+            "https://management.azure.com/": "managementGroupTemplates/policyAssignments/DENY-PublicEndpointPolicyAssignment.json",
+            "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/DENY-PublicEndpointPolicyAssignment.json", // This needs to be updated for USGovernmentCloud
+            "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcDINE-PublicEndpointPolicyAssignment.json"
+
+        },
+        "PublicEndpointPolicyAssignment": "[variables('PublicEndpointPolicyAssignmentMapping')[environment().resourceManager]]",
+
         "regulatoryCompliancePolicyAssignmentMapping": {
             "https://management.azure.com/": "managementGroupTemplates/policyAssignments/ENFORCE-RegulatoryCompliancePolicyAssignment.json",
+            "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/ENFORCE-RegulatoryCompliancePolicyAssignment.json", // This needs to be updated for USGovernmentCloud
             "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcENFORCE-RegulatoryCompliancePolicyAssignment.json"
 
         },
         "regulatoryCompliancePolicy": "[variables('regulatoryCompliancePolicyAssignmentMapping')[environment().resourceManager]]",
+
+        "mdfcConfigPolicyInitiativeMapping": {
+            "https://management.azure.com/": "managementGroupTemplates/policyAssignments/DINE-MDFCConfigPolicyAssignment.json",
+            "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/DINE-MDFCConfigPolicyAssignment.json", // This needs to be updated for USGovernmentCloud
+            "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcDINE-MDFCConfigPolicyAssignment.json"
+
+        },
+        "mdfcConfigPolicyInitiative": "[variables('mdfcConfigPolicyInitiativeMapping')[environment().resourceManager]]",
+
         "deploymentUris": {
             "managementGroups": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/mgmtGroupStructure/mgmtGroups.json')]",
             "managementGroupsLite": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/mgmtGroupStructure/mgmtGroupsLite.json')]",
@@ -1610,7 +1629,7 @@
             "regulatoryComplianceInitaitves": "[uri(deployment().properties.templateLink.uri, variables('regulatoryCompliancePolicy'))]",
             "resourceDiagnosticsInitiative": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-ResourceDiagnosticsPolicyAssignment.json')]",
             "activityDiagnosticsPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-ActivityLogPolicyAssignment.json')]",
-            "mdfcConfigPolicyInitiative": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-MDFCConfigPolicyAssignment.json')]",
+            "mdfcConfigPolicyInitiative": "[uri(deployment().properties.templateLink.uri, variables('mdfcConfigPolicyInitiative'))]",
             "mdEnpointsPolicyInitiative": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-MDEndpointsPolicyAssignment.json')]",
             "mdEnpointsAMAPolicyInitiative": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-MDEndpointsAMAPolicyAssignment.json')]",
             "atpOssDbPolicyInitiative": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-AtpOssDbPolicyAssignment.json')]",
@@ -1625,7 +1644,7 @@
             "tlsSslPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json')]",
             "aksHttpsPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-AksWithoutHttpsPolicyAssignment.json')]",
             "ipFwdPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-IPForwardingPolicyAssignment.json')]",
-            "publicEndpointPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-PublicEndpointPolicyAssignment.json')]",
+            "publicEndpointPolicyAssignment": "[uri(deployment().properties.templateLink.uri, variables('PublicEndpointPolicyAssignment'))]",
             "privateDnsZonePolicyAssignment": "[uri(deployment().properties.templateLink.uri, variables('azPrivateDnsPolicyAssignment'))]",
             "pipPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-PublicIpAddressPolicyAssignment.json')]",
             "pipOnNicPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-PublicIpAddressOnNICPolicyAssignment.json')]",
diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcDENY-PublicEndpointPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDENY-PublicEndpointPolicyAssignment.json
new file mode 100644
index 0000000000..bd5516c435
--- /dev/null
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDENY-PublicEndpointPolicyAssignment.json
@@ -0,0 +1,60 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "topLevelManagementGroupPrefix": {
+            "type": "string",
+            "metadata": {
+                "description": "Provide the ESLZ company prefix to the intermediate root management group containing the policy definitions."
+            }
+        },
+        "enforcementMode": {
+            "type": "string",
+            "allowedValues": [
+                "Default",
+                "DoNotEnforce"
+            ],
+            "defaultValue": "Default"
+        },
+        "nonComplianceMessagePlaceholder": {
+            "type": "string",
+            "defaultValue": "{enforcementMode}"
+        }
+    },
+    "variables": {
+        "policyDefinitions": {
+            "denyPublicEndpoint": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints-AzureChinaCloud')]"
+        },
+        "policyAssignmentNames": {
+            "denyPublicEndpoint": "Deny-Public-Endpoints",
+            "displayName": "Public network access should be disabled for PaaS services",
+            "description": "This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints"
+        },
+        "nonComplianceMessage": {
+            "message": "Public network access {enforcementMode} be disabled for PaaS services.",
+            "Default": "must",
+            "DoNotEnforce": "should"
+        }
+    },
+    "resources": [
+        {
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[variables('policyAssignmentNames').denyPublicEndpoint]",
+            "location": "[deployment().location]",
+            "properties": {
+                "description": "[variables('policyAssignmentNames').description]",
+                "displayName": "[variables('policyAssignmentNames').displayName]",
+                "policyDefinitionId": "[variables('policyDefinitions').denyPublicEndpoint]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "nonComplianceMessages": [
+                    {
+                        "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]"
+                    }
+                ],
+                "parameters": {}
+            }
+        }
+    ],
+    "outputs": {}
+}
\ No newline at end of file
diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-MDFCConfigPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-MDFCConfigPolicyAssignment.json
index 7e35d539fd..1acc9d549a 100644
--- a/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-MDFCConfigPolicyAssignment.json
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-MDFCConfigPolicyAssignment.json
@@ -55,7 +55,7 @@
     },
     "variables": {
         "policyDefinitions": {
-            "deployAzureSecurity": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config')]"
+            "deployAzureSecurity": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config-AzureChinaCloud')]"
         },
         "policyAssignmentNames": {
             "azureSecurity": "Deploy-MDFC-Config",
diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json
index ddd80950ce..8c1af5096d 100644
--- a/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json
@@ -179,7 +179,7 @@
             "azureSiteRecoveryQueuePrivateDnsZoneID": "[concat(variables('baseId'), 'privatelink.queue.core.chinacloudapi.cn')]"
         },
         "policyDefinitions": {
-            "deployPrivateDnsZones": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json')]"
+            "deployPrivateDnsZones": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones-AzureChinaCloud')]"
         },
         "policyAssignmentNames": {
             "deployPrivateDnsZones": "Deploy-Private-DNS-Zones",
diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
index d8a9e1d2eb..40c274a247 100644
--- a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
+++ b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.22.6.54827",
-      "templateHash": "3427518993111177727"
+      "templateHash": "5556617491904947398"
     }
   },
   "parameters": {
@@ -78,63 +78,82 @@
     ],
     "$fxv#0": "{\n    \"name\": \"Audit-UnusedResourcesCostOptimization\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Unused resources driving cost should be avoided\",\n        \"description\": \"Optimize cost by detecting unused but chargeable resources. Leverage this Azure Policy Initiative as a cost control tool to reveal orphaned resources that are contributing cost.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Cost Optimization\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n              ]\n        },\n        \"parameters\": {\n            \"effectDisks\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Disks Effect\",\n                    \"description\": \"Enable or disable the execution of the policy for Microsoft.Compute/disks\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectPublicIpAddresses\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"PublicIpAddresses Effect\",\n                    \"description\": \"Enable or disable the execution of the policy for Microsoft.Network/publicIpAddresses\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectServerFarms\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"ServerFarms Effect\",\n                    \"description\": \"Enable or disable the execution of the policy for Microsoft.Web/serverfarms\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AuditDisksUnusedResourcesCostOptimization\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Audit-Disks-UnusedResourcesCostOptimization\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectDisks')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AuditPublicIpAddressesUnusedResourcesCostOptimization\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Audit-PublicIpAddresses-UnusedResourcesCostOptimization\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectPublicIpAddresses')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AuditServerFarmsUnusedResourcesCostOptimization\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Audit-ServerFarms-UnusedResourcesCostOptimization\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectServerFarms')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AuditAzureHybridBenefitUnusedResourcesCostOptimization\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Audit-AzureHybridBenefit\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"Audit\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#1": "{\n    \"name\": \"Audit-TrustedLaunch\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Audit virtual machines for Trusted Launch support\",\n        \"description\": \"Trusted Launch improves security of a Virtual Machine which requires VM SKU, OS Disk & OS Image to support it (Gen 2). To learn more about Trusted Launch, visit https://aka.ms/trustedlaunch.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Trusted Launch\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n              ]\n        },\n        \"version\": \"1.0.0\",\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AuditDisksOsTrustedLaunch\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b03bb370-5249-4ea4-9fce-2552e87e45fa\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AuditTrustedLaunchEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95b54ad-0614-4633-ab29-104b01235cbf\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#10": "{\n    \"name\": \"Enforce-Guardrails-APIM\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for API Management\",\n        \"description\": \"This policy initiative is a group of policies that ensures API Management is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"API Management\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"apiSubscriptionScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"minimumApiVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimSkuVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimApiBackendCertValidation\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimDirectApiEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimCallApiAuthn\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimEncryptedProtocols\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimVnetUsage\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimSecrets\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f1cc7827-022c-473e-836e-5a51cae0b249\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-without-Kv\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimSecrets')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ef619a2c-cc4d-4d03-b2ba-8c94a834d85b\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-without-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimVnetUsage')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-APIM-TLS\",\n                \"policyDefinitionReferenceId\": \"Deny-APIM-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee7495e7-3ba7-40b6-bfee-c29e22cc75d4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Protocols\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimEncryptedProtocols')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c15dcc82-b93c-4dcb-9332-fbf121685b54\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Authn\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimCallApiAuthn')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b741306c-968e-4b67-b916-5675e5c709f4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Direct-Endpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimDirectApiEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92bb331d-ac71-416a-8c91-02f2cb734ce4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Cert-Validation\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimApiBackendCertValidation')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ca8c8ac-3a6e-493d-99ba-c5fa35347ff2\",\n                \"policyDefinitionReferenceId\": \"Dine-Apim-Public-NetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimDisablePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/73ef9241-5d81-4cd4-b483-8443d1730fe5\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Sku-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimSkuVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/549814b6-3212-4203-bdc8-1548d342fb67\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('minimumApiVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3aa03346-d8c5-4994-a5bc-7652c2a2aef1\",\n                \"policyDefinitionReferenceId\": \"Deny-Api-subscription-scope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apiSubscriptionScope')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#11": "{\n    \"name\": \"Enforce-Guardrails-AppServices\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for App Service\",\n        \"description\": \"This policy initiative is a group of policies that ensures App Service is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"App Service\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"functionAppDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceSkuPl\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceDisableLocalAuthFtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceRouting\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceScmAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceRfc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsRfc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsVnetRouting\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceEnvLatestVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsRemoteDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsRemoteDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceByoc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsModifyHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppService-without-BYOC\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Byoc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceByoc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a5e3fe8f-f6cd-4f1d-bbf6-c749754a724b\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Remote-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsRemoteDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cca5adfe-626b-4cc6-8522-f5b6ed2391bd\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Remote-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsRemoteDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eb4d34ab-0929-491c-bbf3-61e13da19f9a\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Latest-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceEnvLatestVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/801543d1-1953-4a90-b8b0-8cf6d41473a5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Vnet-Routing\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsVnetRouting')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f5c0bfb3-acea-47b1-b477-b0edcdf6edc1\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Rfc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceRfc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a691eacb-474d-47e4-b287-b4813ca44222\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServiceApps-Rfc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsRfc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/70adbb40-e092-42d5-a6f8-71c540a5efdb\",\n                \"policyDefinitionReferenceId\": \"DINE-FuncApp-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e97b776-f380-4722-a9a3-e7f0be029e79\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-ScmAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceScmAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5747353b-1ca9-42c1-a4dd-b874b894f3d4\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-Routing\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceRouting')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/572e342c-c920-4ef5-be2e-1ed3c6a51dc5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-FtpAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceDisableLocalAuthFtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/546fe8d2-368d-4029-a418-6af48a7f61e5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-SkuPl\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceSkuPl')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2c034a29-2a5f-4857-b120-f800fe5549ae\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceDisableLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a5046c-c423-4805-9235-e844ae9ef49b\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08cf2974-d178-48a0-b26d-f6b8e555748b\",\n                \"policyDefinitionReferenceId\": \"Modify-Function-Apps-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsModifyHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0f98368e-36bc-4716-8ac2-8f8067203b63\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/242222f3-4985-4e99-b5ef-086d6a6cb01c\",\n                \"policyDefinitionReferenceId\": \"Modify-Function-Apps-Slots-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2374605e-3e0b-492b-9046-229af202562c\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-Apps-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c6c3e00e-d414-4ca4-914f-406699bb8eee\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-App-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#12": "{\n    \"name\": \"Enforce-Guardrails-Automation\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"autoHotPatch\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d02d2f7-e38b-4bdc-96f3-adc0a8726abc\",\n                \"policyDefinitionReferenceId\": \"Deny-Windows-Vm-HotPatch\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('autoHotPatch')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#13": "{\n    \"name\": \"Enforce-Guardrails-CognitiveServices\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cognitive Services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cognitive Services is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cognitiveSearchSku\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveSearchLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyCognitiveSearchLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyCognitiveSearchPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a049bf77-880b-470f-ba6d-9f21c530cf83\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-SKU\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchSku')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6300012e-e9a4-4649-b41f-a85f5c43be91\",\n                \"policyDefinitionReferenceId\": \"Deny-CongitiveSearch-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4eb216f2-9dba-4979-86e6-5d7e63ce3b75\",\n                \"policyDefinitionReferenceId\": \"Modify-CogntiveSearch-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyCognitiveSearchLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9cee519f-d9c1-4fd9-9f79-24ec3449ed30\",\n                \"policyDefinitionReferenceId\": \"Modify-CogntiveSearch-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyCognitiveSearchPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47ba1dd7-28d9-4b07-a8d5-9813bed64e0c\",\n                \"policyDefinitionReferenceId\": \"Modify-Cognitive-Services-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#14": "{\n    \"name\": \"Enforce-Guardrails-Compute\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Compute\",\n        \"description\": \"This policy initiative is a group of policies that ensures Compute is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Compute\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"diskDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vmAndVmssEncryptionHost\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fc4d8e41-e223-45ea-9bf5-eada37891d87\",\n                \"policyDefinitionReferenceId\": \"Deny-VmAndVmss-Encryption-Host\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vmAndVmssEncryptionHost')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ca91455f-eace-4f96-be59-e6e2c35b4816\",\n                \"policyDefinitionReferenceId\": \"Deny-Disk-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('diskDoubleEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#15": "{\n    \"name\": \"Enforce-Guardrails-ContainerApps\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Apps\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerAppsManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsVnetInjection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b346db6-85af-419b-8557-92cee2c0f9bb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApp-Vnet-Injection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsVnetInjection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsManagedIdentity')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#16": "{\n    \"name\": \"Enforce-Guardrails-ContainerInstance\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Instance\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Instances\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerInstanceVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8af8f826-edcb-4178-b35f-851ea6fea615\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerInstance-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerInstanceVnet')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#17": "{\n    \"name\": \"Enforce-Guardrails-ContainerRegistry\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Registry\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Registry\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerRegistryUnrestrictedNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryRepositoryToken\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyRepositoryToken\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryExports\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryAnAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyAnAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistrySkuPrivateLink\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryArmAudience\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyArmAudience\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/79fdfe03-ffcb-4e55-b4d0-b925b8241759\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b426fe-8856-4945-8600-18c5dd1cca2a\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Repo-Token\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyRepositoryToken')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/42781ec6-6127-4c30-bdfa-fb423a0047d3\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Arm-Audience\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryArmAudience')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/785596ed-054f-41bc-aaec-7f3d0ba05725\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Arm-Audience\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyArmAudience')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd560fc0-3c69-498a-ae9f-aa8eb7de0e13\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Sku-PrivateLink\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistrySkuPrivateLink')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cced2946-b08a-44fe-9fd9-e4ed8a779897\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Anonymous-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyAnAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9f2dea28-e834-476c-99c5-3507b4728395\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Anonymous-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryAnAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/524b0254-c285-4903-bee6-bb8126cde579\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Exports\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryExports')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc921057-6b28-4fbe-9b83-f7bec05db6c2\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff05e24e-195c-447e-b322-5e90c9f9f366\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Repo-Token\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryRepositoryToken')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Unrestricted-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryUnrestrictedNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a3701552-92ea-433e-9d17-33b7f1208fc9\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#18": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbAtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656\",\n                \"policyDefinitionReferenceId\": \"Dine-CosmosDb-Atp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbAtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#19": "{\n    \"name\": \"Enforce-Guardrails-DataExplorer\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Data Explorer\",\n        \"description\": \"This policy initiative is a group of policies that ensures Data Explorer is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Azure Data Explorer\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"adxEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxSku\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1fec9658-933f-4b3e-bc95-913ed22d012b\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Sku-without-PL-Support\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxSku')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4b53539-8df9-40e4-86c6-6b607703bd4e\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7b32f193-cb28-4e15-9a98-b9556db0bafa\",\n                \"policyDefinitionReferenceId\": \"Modify-ADX-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#10": "{\n    \"name\": \"Enforce-Guardrails-Compute\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Compute\",\n        \"description\": \"This policy initiative is a group of policies that ensures Compute is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Compute\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"diskDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vmAndVmssEncryptionHost\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fc4d8e41-e223-45ea-9bf5-eada37891d87\",\n                \"policyDefinitionReferenceId\": \"Deny-VmAndVmss-Encryption-Host\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vmAndVmssEncryptionHost')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ca91455f-eace-4f96-be59-e6e2c35b4816\",\n                \"policyDefinitionReferenceId\": \"Deny-Disk-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('diskDoubleEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#11": "{\n    \"name\": \"Enforce-Guardrails-ContainerInstance\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Instance\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Instances\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerInstanceVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8af8f826-edcb-4178-b35f-851ea6fea615\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerInstance-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerInstanceVnet')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#12": "{\n    \"name\": \"Enforce-Guardrails-ContainerRegistry\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Registry\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Registry\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerRegistryUnrestrictedNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryRepositoryToken\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyRepositoryToken\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryExports\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryAnAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyAnAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistrySkuPrivateLink\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryArmAudience\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyArmAudience\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/79fdfe03-ffcb-4e55-b4d0-b925b8241759\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b426fe-8856-4945-8600-18c5dd1cca2a\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Repo-Token\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyRepositoryToken')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/42781ec6-6127-4c30-bdfa-fb423a0047d3\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Arm-Audience\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryArmAudience')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/785596ed-054f-41bc-aaec-7f3d0ba05725\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Arm-Audience\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyArmAudience')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd560fc0-3c69-498a-ae9f-aa8eb7de0e13\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Sku-PrivateLink\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistrySkuPrivateLink')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cced2946-b08a-44fe-9fd9-e4ed8a779897\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Anonymous-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyAnAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9f2dea28-e834-476c-99c5-3507b4728395\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Anonymous-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryAnAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/524b0254-c285-4903-bee6-bb8126cde579\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Exports\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryExports')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc921057-6b28-4fbe-9b83-f7bec05db6c2\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff05e24e-195c-447e-b322-5e90c9f9f366\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Repo-Token\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryRepositoryToken')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Unrestricted-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryUnrestrictedNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a3701552-92ea-433e-9d17-33b7f1208fc9\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#13": "{\n    \"name\": \"Enforce-Guardrails-DataExplorer\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Data Explorer\",\n        \"description\": \"This policy initiative is a group of policies that ensures Data Explorer is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Azure Data Explorer\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"adxEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxSku\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1fec9658-933f-4b3e-bc95-913ed22d012b\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Sku-without-PL-Support\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxSku')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4b53539-8df9-40e4-86c6-6b607703bd4e\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7b32f193-cb28-4e15-9a98-b9556db0bafa\",\n                \"policyDefinitionReferenceId\": \"Modify-ADX-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#14": "{\n    \"name\": \"Enforce-Guardrails-DataFactory\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Data Factory\",\n        \"description\": \"This policy initiative is a group of policies that ensures Data Factory is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Data Factory\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"adfSqlIntegration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfLinkedServiceKeyVault\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfGit\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f78ccdb4-7bf4-4106-8647-270491d2978a\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/77d40665-3120-4348-b539-3192ec808307\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Git\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfGit')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/127ef6d7-242f-43b3-9eef-947faf1725d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Linked-Service-Key-Vault\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfLinkedServiceKeyVault')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0088bc63-6dee-4a9c-9d29-91cfdc848952\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Sql-Integration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfSqlIntegration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b1442b-7789-4130-8506-4f99a97226a7\",\n                \"policyDefinitionReferenceId\": \"Modify-Adf-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#15": "{\n    \"name\": \"Enforce-Guardrails-EventGrid\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Event Grid\",\n        \"description\": \"This policy initiative is a group of policies that ensures Event Grid is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Grid\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"eventGridLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPartnerNamespaceLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPartnerNamespaceModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridDomainModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridDomainModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2dd0e8b9-4289-4bb0-b813-1883298e9924\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Partner-Namespace-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPartnerNamespaceModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ac2748f-3bf1-4c02-a3b6-92ae68cf75b1\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Domain-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridDomainModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae9fb87f-8a17-4428-94a4-8135d431055c\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Topic-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c8144d9-746a-4501-b08c-093c8d29ad04\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Topic-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8632b003-3545-4b29-85e6-b2b96773df1e\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Partner-Namespace-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPartnerNamespaceLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8bfadddb-ee1c-4639-8911-a38cb8e0b3bd\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/898e9824-104c-4965-8e0e-5197588fa5d4\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Domain-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridDomainModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36ea4b4b-0f7f-4a54-89fa-ab18f555a172\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Topic-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#16": "{\n    \"name\": \"Enforce-Guardrails-EventHub\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Event Hub\",\n        \"description\": \"This policy initiative is a group of policies that ensures Event Hub is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Hub\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"eventHubAuthRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/836cd60e-87f3-4e6a-a27c-29d687f01a4c\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/57f35901-8389-40bb-ac49-3ba4f86d889d\",\n                \"policyDefinitionReferenceId\": \"Modify-EH-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5d4e3c65-4873-47be-94f3-6f8b953a3598\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Auth-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubAuthRules')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#17": "{\n    \"name\": \"Enforce-Guardrails-Kubernetes\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Kubernetes\",\n        \"description\": \"This policy initiative is a group of policies that ensures Kubernetes is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Kubernetes\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aksKms\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksCni\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivateCluster\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksCommandInvoke\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksReadinessOrLivenessProbes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivContainers\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivEscalation\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksAllowedCapabilities\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksTempDisk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksInternalLb\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksDefaultNamespace\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksNakedPods\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksShareHostProcessAndNamespace\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksWindowsContainerAdministrator\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5485eac0-7e8f-4964-998b-a44f4f0c1e75\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Windows-Container-Administrator\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksWindowsContainerAdministrator')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Shared-Host-Process-Namespace\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksShareHostProcessAndNamespace')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65280eef-c8b4-425e-9aec-af55e55bf581\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Naked-Pods\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksNakedPods')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9f061a12-e40d-4183-a00e-171812443373\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Default-Namespace\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksDefaultNamespace')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Internal-Lb\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksInternalLb')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/41425d9f-d1a5-499a-9932-f8ed8453932c\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Temp-Disk-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksTempDisk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Allowed-Capabilities\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksAllowedCapabilities')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Priv-Escalation\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivEscalation')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Priv-Containers\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivContainers')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b1a9997f-2883-4f12-bdff-2280f99b5915\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-ReadinessOrLiveness-Probes\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksReadinessOrLivenessProbes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b708b0a-3380-40e9-8b79-821f9fa224cc\",\n                \"policyDefinitionReferenceId\": \"Dine-Aks-Command-Invoke\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksCommandInvoke')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"policyDefinitionReferenceId\": \"Dine-Aks-Policy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPolicy')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Private-Cluster\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivateCluster')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/993c2fcd-2b29-49d2-9eb0-df2c3a730c32\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dbbdc317-9734-4dd8-9074-993b29c69008\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Kms\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksKms')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46238e2f-3f6f-4589-9f3f-77bed4116e67\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Cni\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksCni')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#18": "{\n    \"name\": \"Enforce-Guardrails-MachineLearning\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Machine Learning\",\n        \"description\": \"This policy initiative is a group of policies that ensures Machine Learning is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Machine Learning\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mlUserAssignedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlOutdatedOS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f110a506-2dcb-422e-bcea-d533fc8c35e2\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-Outdated-Os\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effects\": {\n                        \"value\": \"[[parameters('mlOutdatedOS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6f9a2d0-cff7-4855-83ad-4cd750666512\",\n                \"policyDefinitionReferenceId\": \"Modify-ML-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f0c7d88-c7de-45b8-ac49-db49e72eaa78\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-User-Assigned-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlUserAssignedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a10ee784-7409-4941-b091-663697637c0f\",\n                \"policyDefinitionReferenceId\": \"Modify-ML-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#19": "{\n    \"name\": \"Enforce-Guardrails-OpenAI\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Open AI (Cognitive Service)\",\n        \"description\": \"This policy initiative is a group of policies that ensures Open AI (Cognitive Service) is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cognitiveServicesOutboundNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesNetworkAcls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesModifyDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesCustomerStorage\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-CognitiveServices-RestrictOutboundNetworkAccess\",\n                \"policyDefinitionReferenceId\": \"Deny-OpenAi-OutboundNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesOutboundNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-CognitiveServices-NetworkAcls\",\n                \"policyDefinitionReferenceId\": \"Deny-OpenAi-NetworkAcls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesNetworkAcls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe3fd216-4f83-4fc1-8984-2bbec80a3418\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/71ef260a-8f18-47b7-abcb-62d0673d94dc\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesDisableLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46aa9b05-0e60-4eae-a88b-1e9d374fa515\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Cust-Storage\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesCustomerStorage')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/14de9e63-1b31-492e-a5a3-c3f7fd57f555\",\n                \"policyDefinitionReferenceId\": \"Modify-Cognitive-Services-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesModifyDisableLocalAuth')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#2": "{\n  \"name\": \"Deploy-Sql-Security\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Deploy SQL Database built-in SQL security configuration\",\n    \"description\": \"Deploy auditing, Alert, TDE and SQL vulnerability to SQL Databases when it not exist in the deployment. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-Sql-Security_20240529.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"SQL\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"Deploy-Sql-Security_20240529\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"vulnerabilityAssessmentsEmail\": {\n        \"metadata\": {\n          \"description\": \"The email address to send alerts\",\n          \"displayName\": \"The email address to send alerts\"\n        },\n        \"type\": \"String\"\n      },\n      \"vulnerabilityAssessmentsStorageID\": {\n        \"metadata\": {\n          \"description\": \"The storage account ID to store assessments\",\n          \"displayName\": \"The storage account ID to store assessments\"\n        },\n        \"type\": \"String\"\n      },\n      \"SqlDbTdeDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database Transparent Data Encryption \",\n          \"description\": \"Deploy the Transparent Data Encryption when it is not enabled in the deployment\"\n        }\n      },\n      \"SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database security Alert Policies configuration with email admin accounts\",\n          \"description\": \"Deploy the security Alert Policies configuration with email admin accounts when it not exist in current configuration\"\n        }\n      },\n      \"SqlDbAuditingSettingsDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL database auditing settings\",\n          \"description\": \"Deploy auditing settings to SQL Database when it not exist in the deployment\"\n        }\n      },\n      \"SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database vulnerability Assessments\",\n          \"description\": \"Deploy SQL Database vulnerability Assessments when it not exist in the deployment. To the specific  storage account in the parameters\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbTdeDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbTdeDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbSecurityAlertPoliciesDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbAuditingSettingsDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbAuditingSettingsDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbVulnerabilityAssessmentsDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect')]\"\n          },\n          \"vulnerabilityAssessmentsEmail\": {\n            \"value\": \"[[parameters('vulnerabilityAssessmentsEmail')]\"\n          },\n          \"vulnerabilityAssessmentsStorageID\": {\n            \"value\": \"[[parameters('vulnerabilityAssessmentsStorageID')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#20": "{\n    \"name\": \"Enforce-Guardrails-DataFactory\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Data Factory\",\n        \"description\": \"This policy initiative is a group of policies that ensures Data Factory is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Data Factory\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"adfSqlIntegration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfLinkedServiceKeyVault\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfGit\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f78ccdb4-7bf4-4106-8647-270491d2978a\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/77d40665-3120-4348-b539-3192ec808307\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Git\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfGit')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/127ef6d7-242f-43b3-9eef-947faf1725d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Linked-Service-Key-Vault\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfLinkedServiceKeyVault')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0088bc63-6dee-4a9c-9d29-91cfdc848952\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Sql-Integration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfSqlIntegration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b1442b-7789-4130-8506-4f99a97226a7\",\n                \"policyDefinitionReferenceId\": \"Modify-Adf-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#21": "{\n    \"name\": \"Enforce-Guardrails-EventGrid\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Event Grid\",\n        \"description\": \"This policy initiative is a group of policies that ensures Event Grid is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Grid\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"eventGridLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPartnerNamespaceLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPartnerNamespaceModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridDomainModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridDomainModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2dd0e8b9-4289-4bb0-b813-1883298e9924\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Partner-Namespace-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPartnerNamespaceModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ac2748f-3bf1-4c02-a3b6-92ae68cf75b1\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Domain-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridDomainModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae9fb87f-8a17-4428-94a4-8135d431055c\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Topic-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c8144d9-746a-4501-b08c-093c8d29ad04\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Topic-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8632b003-3545-4b29-85e6-b2b96773df1e\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Partner-Namespace-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPartnerNamespaceLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8bfadddb-ee1c-4639-8911-a38cb8e0b3bd\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/898e9824-104c-4965-8e0e-5197588fa5d4\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Domain-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridDomainModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36ea4b4b-0f7f-4a54-89fa-ab18f555a172\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Topic-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#22": "{\n    \"name\": \"Enforce-Guardrails-EventHub\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Event Hub\",\n        \"description\": \"This policy initiative is a group of policies that ensures Event Hub is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Hub\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"eventHubAuthRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/836cd60e-87f3-4e6a-a27c-29d687f01a4c\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/57f35901-8389-40bb-ac49-3ba4f86d889d\",\n                \"policyDefinitionReferenceId\": \"Modify-EH-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5d4e3c65-4873-47be-94f3-6f8b953a3598\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Auth-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubAuthRules')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#23": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-Sup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce additional recommended guardrails for Key Vault\",\n        \"description\": \"This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"keyVaultManagedHsmDisablePublicNetworkModify\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultModifyFw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84d327c3-164a-4685-b453-900478614456\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetworkModify')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-Fw\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultModifyFw')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#24": "{\n    \"name\": \"Enforce-Guardrails-Kubernetes\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Kubernetes\",\n        \"description\": \"This policy initiative is a group of policies that ensures Kubernetes is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Kubernetes\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aksKms\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksCni\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivateCluster\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksCommandInvoke\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksReadinessOrLivenessProbes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivContainers\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivEscalation\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksAllowedCapabilities\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksTempDisk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksInternalLb\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksDefaultNamespace\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksNakedPods\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksShareHostProcessAndNamespace\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksWindowsContainerAdministrator\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5485eac0-7e8f-4964-998b-a44f4f0c1e75\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Windows-Container-Administrator\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksWindowsContainerAdministrator')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Shared-Host-Process-Namespace\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksShareHostProcessAndNamespace')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65280eef-c8b4-425e-9aec-af55e55bf581\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Naked-Pods\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksNakedPods')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9f061a12-e40d-4183-a00e-171812443373\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Default-Namespace\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksDefaultNamespace')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Internal-Lb\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksInternalLb')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/41425d9f-d1a5-499a-9932-f8ed8453932c\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Temp-Disk-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksTempDisk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Allowed-Capabilities\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksAllowedCapabilities')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Priv-Escalation\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivEscalation')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Priv-Containers\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivContainers')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b1a9997f-2883-4f12-bdff-2280f99b5915\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-ReadinessOrLiveness-Probes\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksReadinessOrLivenessProbes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b708b0a-3380-40e9-8b79-821f9fa224cc\",\n                \"policyDefinitionReferenceId\": \"Dine-Aks-Command-Invoke\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksCommandInvoke')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"policyDefinitionReferenceId\": \"Dine-Aks-Policy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPolicy')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Private-Cluster\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivateCluster')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/993c2fcd-2b29-49d2-9eb0-df2c3a730c32\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dbbdc317-9734-4dd8-9074-993b29c69008\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Kms\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksKms')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46238e2f-3f6f-4589-9f3f-77bed4116e67\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Cni\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksCni')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#25": "{\n    \"name\": \"Enforce-Guardrails-MachineLearning\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Machine Learning\",\n        \"description\": \"This policy initiative is a group of policies that ensures Machine Learning is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Machine Learning\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mlUserAssignedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlOutdatedOS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f110a506-2dcb-422e-bcea-d533fc8c35e2\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-Outdated-Os\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effects\": {\n                        \"value\": \"[[parameters('mlOutdatedOS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6f9a2d0-cff7-4855-83ad-4cd750666512\",\n                \"policyDefinitionReferenceId\": \"Modify-ML-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f0c7d88-c7de-45b8-ac49-db49e72eaa78\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-User-Assigned-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlUserAssignedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a10ee784-7409-4941-b091-663697637c0f\",\n                \"policyDefinitionReferenceId\": \"Modify-ML-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#26": "{\n    \"name\": \"Enforce-Guardrails-MySQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlInfraEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#27": "{\n    \"name\": \"Enforce-Guardrails-Network\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableIDPS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafAfdEnabled\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Afd-Enabled\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafAfdEnabled')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-IDPS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableIDPS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#28": "{\n    \"name\": \"Enforce-Guardrails-OpenAI\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Open AI (Cognitive Service)\",\n        \"description\": \"This policy initiative is a group of policies that ensures Open AI (Cognitive Service) is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cognitiveServicesOutboundNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesNetworkAcls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesModifyDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesCustomerStorage\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-CognitiveServices-RestrictOutboundNetworkAccess\",\n                \"policyDefinitionReferenceId\": \"Deny-OpenAi-OutboundNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesOutboundNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-CognitiveServices-NetworkAcls\",\n                \"policyDefinitionReferenceId\": \"Deny-OpenAi-NetworkAcls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesNetworkAcls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe3fd216-4f83-4fc1-8984-2bbec80a3418\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/71ef260a-8f18-47b7-abcb-62d0673d94dc\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesDisableLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46aa9b05-0e60-4eae-a88b-1e9d374fa515\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Cust-Storage\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesCustomerStorage')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/14de9e63-1b31-492e-a5a3-c3f7fd57f555\",\n                \"policyDefinitionReferenceId\": \"Modify-Cognitive-Services-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesModifyDisableLocalAuth')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#29": "{\n    \"name\": \"Enforce-Guardrails-PostgreSQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for PostgreSQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures PostgreSQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"PostgreSQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"postgreSqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/db048e65-913c-49f9-bb5f-1084184671d3\",\n                \"policyDefinitionReferenceId\": \"Dine-PostgreSql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('postgreSqlAdvThreatProtection')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#20": "{\n    \"name\": \"Enforce-Guardrails-PostgreSQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for PostgreSQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures PostgreSQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"PostgreSQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"postgreSqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/db048e65-913c-49f9-bb5f-1084184671d3\",\n                \"policyDefinitionReferenceId\": \"Dine-PostgreSql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('postgreSqlAdvThreatProtection')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#21": "{\n    \"name\": \"Enforce-Guardrails-ServiceBus\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Service Bus\",\n        \"description\": \"This policy initiative is a group of policies that ensures Service Bus is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Service Bus\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"serviceBusModifyDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDenyDisabledLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusAuthzRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Authz-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusAuthzRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebaf4f25-a4e8-415f-86a8-42d9155bef0b\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfb11c26-f069-4c14-8e36-56c394dae5af\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDenyDisabledLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/910711a6-8aa2-4f15-ae62-1e5b2ed3ef9e\",\n                \"policyDefinitionReferenceId\": \"Modify-Sb-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusModifyDisableLocalAuth')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#22": "{\n    \"name\": \"Enforce-Guardrails-SQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for SQL and SQL Managed Instance\",\n        \"description\": \"This policy initiative is a group of policies that ensures SQL and SQL Managed Instance is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"SQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"sqlManagedAadOnly\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlAadOnly\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifySqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c5a62eb0-c65a-4220-8a4d-f70dd4ca95dd\",\n                \"policyDefinitionReferenceId\": \"Dine-Sql-Managed-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abda6d70-9778-44e7-84a8-06713e6db027\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Aad-Only\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlAadOnly')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/78215662-041e-49ed-a9dd-5385911b3a1f\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Aad-Only\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedAadOnly')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6\",\n                \"policyDefinitionReferenceId\": \"Dine-Sql-Adv-Data\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b\",\n                \"policyDefinitionReferenceId\": \"Modify-Sql-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifySqlPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#23": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\n                \"policyDefinitionReferenceId\": \"Dine-Storage-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#24": "{\n    \"name\": \"Enforce-Guardrails-Synapse\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Synapse workspaces\",\n        \"description\": \"This policy initiative is a group of policies that ensures Synapse workspaces is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Synapse\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"synapseLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseManagedVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDataTraffic\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTenants\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseAllowedTenantIds\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"[[subscription().tenantId]\"\n                ]\n            },\n            \"synapseFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/951c1558-50a5-4ca3-abb6-a93e3e2367a6\",\n                \"policyDefinitionReferenceId\": \"Dine-Synapse-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3624673-d2ff-48e0-b28c-5de1c6767c3c\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56fd377d-098c-4f02-8406-81eb055902b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a003702-13d2-4679-941b-937e58c443f0\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tenant-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTenants')]\"\n                    },\n                    \"allowedTenantIds\": {\n                        \"value\": \"[[parameters('synapseAllowedTenantIds')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3484ce98-c0c5-4c83-994b-c5ac24785218\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Data-Traffic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDataTraffic')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d9dbfa3-927b-4cf0-9d0f-08747f971650\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Managed-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseManagedVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2158ddbe-fefa-408e-b43f-d4faef8ff3b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b5c654c-fb07-471b-aa8f-15fea733f140\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c8cad01-ef30-4891-b230-652dadb4876a\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#25": "{\n    \"name\": \"Enforce-Guardrails-VirtualDesktop\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Virtual Desktop\",\n        \"description\": \"This policy initiative is a group of policies that ensures Virtual Desktop is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Desktop Virtualization\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"avdWorkspaceModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ce6ebf1d-0b94-4df9-9257-d8cacc238b4f\",\n                \"policyDefinitionReferenceId\": \"Modify-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspaceModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0913ff-51e7-47b8-97bb-ea17127f7c8d\",\n                \"policyDefinitionReferenceId\": \"Modify-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#26": "{\n    \"name\": \"Deny-PublicPaaSEndpoints\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Public network access should be disabled for PaaS services\",\n        \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n        \"metadata\": {\n            \"version\": \"5.1.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"CosmosPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for CosmosDB\",\n                    \"description\": \"This policy denies that Cosmos database accounts  are created with out public network access is disabled.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"KeyVaultPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for KeyVault\",\n                    \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"SqlServerPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n                    \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"StoragePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access onStorage accounts should be disabled\",\n                    \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AKSPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on AKS API should be disabled\",\n                    \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"ACRPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure Container Registry disabled\",\n                    \"description\": \"This policy denies the creation of Azure Container Registries with exposed public endpoints \"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AFSPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure File Sync disabled\",\n                    \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"PostgreSQLFlexPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for PostgreSql Flexible Server\",\n                    \"description\": \"This policy denies creation of PostgreSQL Flexible DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"postgreSqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for PostgreSQL servers\",\n                    \"description\": \"This policy denies creation of PostgreSQL DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MySQLFlexPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for MySQL Flexible Server\",\n                    \"description\": \"This policy denies creation of MySql Flexible Server DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"BatchPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n                    \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MariaDbPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n                    \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MlPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Machine Learning\",\n                    \"description\": \"This policy denies creation of Azure Machine Learning with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"RedisCachePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Cache for Redis\",\n                    \"description\": \"This policy denies creation of Azure Cache for Redis with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"BotServicePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Bot Service\",\n                    \"description\": \"This policy denies creation of Bot Service with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AutomationPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Automation accounts\",\n                    \"description\": \"This policy denies creation of Automation accounts with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AppConfigPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Configuration\",\n                    \"description\": \"This policy denies creation of App Configuration with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"FunctionPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Function apps\",\n                    \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"FunctionAppSlotPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Function apps\",\n                    \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Service Environment apps\",\n                    \"description\": \"This policy denies creation of App Service Environment apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Service apps\",\n                    \"description\": \"This policy denies creation of App Service apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"ApiManPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for API Management services\",\n                    \"description\": \"This policy denies creation of API Management services with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"AuditIfNotExists\"\n            },\n            \"ContainerAppsEnvironmentDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Container Apps environment should disable public network access\",\n                    \"description\": \"This policy denies creation of Container Apps Environment with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsrVaultDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Azure Recovery Services vaults should disable public network access\",\n                    \"description\": \"This policy denies creation of Azure Recovery Services vaults with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"logicAppPublicNetworkAccessEffect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"appSlotsPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"cognitiveSearchPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"managedDiskPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmDisablePublicNetwork\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapsePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdWorkspacePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"grafanaPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/405c5871-3e91-4644-8a63-58e19d68ff5b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2982f36-99f2-4db5-8eff-283140c09693\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLFlexDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLFlexPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deny-PostgreSql-Public-Network-Access\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('postgreSqlPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLFlexDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLFlexPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MlDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/438c38d2-3772-465a-a9cc-7a6666a275ce\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MlPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisCacheDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/470baccb-7e51-4549-8b1a-3e5be069f663\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisCachePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BotServiceDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e8168db-69e3-4beb-9822-57cb59202a9d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BotServicePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AutomationDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/955a914f-bf86-4f0e-acd5-e0766b0efcb6\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AutomationPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppConfigDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3d9f5e4c-9947-4579-9539-2a7695fbc187\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppConfigPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/969ac98b-88a8-449f-883c-2e9adb123127\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionAppSlotsDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11c82d0c-db9f-4d7b-97c5-f3f9aa957da2\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppSlotPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AseDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d048aca-6479-4923-88f5-e2ac295d9af3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AsDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b5ef780-c53c-4a64-87f3-bb9c8c8094ba\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ApiManDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/df73bd95-24da-4a4f-96b9-4e8b94b402bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ApiManPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsEnvironmentDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d074ddf8-01a5-4b5e-a2b8-964aed452c0a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsEnvironmentDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/783ea2a8-b8fd-46be-896a-9ae79643a0b1\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AsrVaultDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9ebbbba3-4d65-4da9-bb67-b22cfaaff090\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsrVaultDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Public-Network-Access\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApp-Public-Network\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppPublicNetworkAccessEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/701a595d-38fb-4a66-ae6d-fb3735217622\",\n                \"policyDefinitionReferenceId\": \"Deny-AppSlots-Public\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appSlotsPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee980b6d-0eca-4501-8d54-f6290fd512c3\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8405fdab-1faf-48aa-b702-999c9c172094\",\n                \"policyDefinitionReferenceId\": \"Deny-ManagedDisk-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('managedDiskPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43bc7be6-5e69-4b0d-a2bb-e815557ca673\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1cf164be-6819-4a50-b8fa-4bcaa4f98fb6\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8f774be-6aee-492a-9e29-486ef81f3a68\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1adadefe-5f21-44f7-b931-a59b54ccdb45\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Topic-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0602787f-9896-402a-a6e1-39ee63ee435e\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/19ea9d63-adee-4431-a95e-1913c6c1c75f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PublicNetwork\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetwork')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cbd11fd3-3002-4907-b6c8-579f0e700e13\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDisablePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9dfea752-dd46-4766-aed1-c355fa93fb91\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Public-Endpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Public-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsPublicAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/38d8df46-cf4e-4073-8e03-48c24b29de0d\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapsePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ac3038-c07a-4b92-860d-29e270a4f3cd\",\n                \"policyDefinitionReferenceId\": \"Deny-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspacePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c25dcf31-878f-4eba-98eb-0818fdc6a334\",\n                \"policyDefinitionReferenceId\": \"Deny-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8775d5a-73b7-4977-a39b-833ef0114628\",\n                \"policyDefinitionReferenceId\": \"Deny-Grafana-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('grafanaPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#27": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. This policy set is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n    \"metadata\": {\n      \"deprecated\": true,\n      \"version\": \"2.2.0-deprecated\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsDestinationType\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AzureDiagnostics\",\n        \"allowedValues\": [\n          \"AzureDiagnostics\",\n          \"Dedicated\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Destination table for the Diagnostic Setting for API Management to Log Analytics workspace\",\n          \"description\": \"Destination table for the diagnostic setting for API Management to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsDestinationType\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AzureDiagnostics\",\n        \"allowedValues\": [\n          \"AzureDiagnostics\",\n          \"Dedicated\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Destination table for the Diagnostic Setting for Firewall to Log Analytics workspace\",\n          \"description\": \"Destination table for the diagnostic setting for Firewall to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Log Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Log Analytics to stream to a Log Analytics workspace when any Log Analytics workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category Audit enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AVDScalingPlansLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59759c62-9a22-4cdf-ae64-074495983fef\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountBlobServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountFileServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a70cc8-2bd4-47f1-90b6-1478e4662c96\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountQueueServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7bd000e3-37c7-4928-9f31-86c4b77c5c45\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountTableServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fb86bf3-d221-43d1-96d1-2434af34eaa0\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AVDScalingPlansLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"logAnalyticsDestinationType\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsDestinationType')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"logAnalyticsDestinationType\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsDestinationType')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#28": "{\n    \"name\": \"Deploy-MDFC-Config\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"[Deprecated]: Deploy Microsoft Defender for Cloud configuration\",\n        \"description\": \"Deploy Microsoft Defender for Cloud configuration. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html\",\n        \"metadata\": {\n            \"version\": \"7.0.0-deprecated\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"deprecated\": true,\n            \"supersededBy\": \"Deploy-MDFC-Config_20240319\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"emailSecurityContact\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Security contacts email address\",\n                    \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n                }\n            },\n            \"minimalSeverity\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"High\",\n                    \"Medium\",\n                    \"Low\"\n                ],\n                \"defaultValue\": \"High\",\n                \"metadata\": {\n                    \"displayName\": \"Minimal severity\",\n                    \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n                }\n            },\n            \"logAnalytics\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Primary Log Analytics workspace\",\n                    \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n                    \"strongType\": \"omsWorkspace\"\n                }\n            },\n            \"ascExportResourceGroupName\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n                }\n            },\n            \"ascExportResourceGroupLocation\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n                }\n            },\n            \"enableAscForCosmosDbs\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSql\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSqlOnVm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForDns\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForArm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForOssDb\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForAppServices\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForKeyVault\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForStorage\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForContainers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServersVulnerabilityAssessments\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"vulnerabilityAssessmentProvider\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"default\",\n                    \"mdeTvm\"\n                ],\n                \"defaultValue\": \"default\",\n                \"metadata\": {\n                    \"displayName\": \"Vulnerability assessment provider type\",\n                    \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n                }\n            },\n            \"enableAscForApis\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForCspm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForOssDb')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVM\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n                    },\n                    \"vaType\": {\n                        \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForAppServices')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForStorage')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforContainers\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    },\n                    \"logAnalyticsWorkspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForKeyVault')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForDns\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForDns')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForArm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForArm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSql')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForApis\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e54d2be9-5f2e-4d65-98e4-4f0e670b23d6\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForApis')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCspm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCspm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"securityEmailContact\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n                \"parameters\": {\n                    \"emailSecurityContact\": {\n                        \"value\": \"[[parameters('emailSecurityContact')]\"\n                    },\n                    \"minimalSeverity\": {\n                        \"value\": \"[[parameters('minimalSeverity')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ascExport\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n                \"parameters\": {\n                    \"resourceGroupName\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n                    },\n                    \"resourceGroupLocation\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n                    },\n                    \"workspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n                \"parameters\": {\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#29": "{\n    \"name\": \"Deploy-MDFC-Config_20240319\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n        \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Deploy-MDFC-Config\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"emailSecurityContact\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Security contacts email address\",\n                    \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n                }\n            },\n            \"minimalSeverity\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"High\",\n                    \"Medium\",\n                    \"Low\"\n                ],\n                \"defaultValue\": \"High\",\n                \"metadata\": {\n                    \"displayName\": \"Minimal severity\",\n                    \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n                }\n            },\n            \"logAnalytics\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Primary Log Analytics workspace\",\n                    \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n                    \"strongType\": \"omsWorkspace\"\n                }\n            },\n            \"ascExportResourceGroupName\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n                }\n            },\n            \"ascExportResourceGroupLocation\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n                }\n            },\n            \"enableAscForCosmosDbs\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSql\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSqlOnVm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForArm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForOssDb\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForAppServices\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForKeyVault\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForStorage\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForContainers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServersVulnerabilityAssessments\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"vulnerabilityAssessmentProvider\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"default\",\n                    \"mdeTvm\"\n                ],\n                \"defaultValue\": \"mdeTvm\",\n                \"metadata\": {\n                    \"displayName\": \"Vulnerability assessment provider type\",\n                    \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n                }\n            },\n            \"enableAscForCspm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForOssDb')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVM\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n                    },\n                    \"vaType\": {\n                        \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForAppServices')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForStorage')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforContainers\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    },\n                    \"logAnalyticsWorkspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForKeyVault')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForArm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForArm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSql')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCspm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCspm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"securityEmailContact\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n                \"parameters\": {\n                    \"emailSecurityContact\": {\n                        \"value\": \"[[parameters('emailSecurityContact')]\"\n                    },\n                    \"minimalSeverity\": {\n                        \"value\": \"[[parameters('minimalSeverity')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ascExport\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n                \"parameters\": {\n                    \"resourceGroupName\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n                    },\n                    \"resourceGroupLocation\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n                    },\n                    \"workspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n                \"parameters\": {\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#3": "{\n  \"name\": \"Deploy-Sql-Security_20240529\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy SQL Database built-in SQL security configuration\",\n    \"description\": \"Deploy auditing, Alert, TDE and SQL vulnerability to SQL Databases when it not exist in the deployment\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"SQL\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"replacesPolicy\": \"Deploy-Sql-Security\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"vulnerabilityAssessmentsEmail\": {\n        \"metadata\": {\n          \"description\": \"The email address to send alerts\",\n          \"displayName\": \"The email address to send alerts\"\n        },\n        \"type\": \"Array\"\n      },\n      \"vulnerabilityAssessmentsStorageID\": {\n        \"metadata\": {\n          \"description\": \"The storage account ID to store assessments\",\n          \"displayName\": \"The storage account ID to store assessments\"\n        },\n        \"type\": \"String\"\n      },\n      \"SqlDbTdeDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database Transparent Data Encryption \",\n          \"description\": \"Deploy the Transparent Data Encryption when it is not enabled in the deployment\"\n        }\n      },\n      \"SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database security Alert Policies configuration with email admin accounts\",\n          \"description\": \"Deploy the security Alert Policies configuration with email admin accounts when it not exist in current configuration\"\n        }\n      },\n      \"SqlDbAuditingSettingsDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL database auditing settings\",\n          \"description\": \"Deploy auditing settings to SQL Database when it not exist in the deployment\"\n        }\n      },\n      \"SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database vulnerability Assessments\",\n          \"description\": \"Deploy SQL Database vulnerability Assessments when it not exist in the deployment. To the specific  storage account in the parameters\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbTdeDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbTdeDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbSecurityAlertPoliciesDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbAuditingSettingsDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbAuditingSettingsDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbVulnerabilityAssessmentsDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments_20230706\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect')]\"\n          },\n          \"vulnerabilityAssessmentsEmail\": {\n            \"value\": \"[[parameters('vulnerabilityAssessmentsEmail')]\"\n          },\n          \"vulnerabilityAssessmentsStorageID\": {\n            \"value\": \"[[parameters('vulnerabilityAssessmentsStorageID')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#30": "{\n    \"name\": \"Enforce-Guardrails-ServiceBus\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Service Bus\",\n        \"description\": \"This policy initiative is a group of policies that ensures Service Bus is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Service Bus\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"serviceBusModifyDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDenyDisabledLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusAuthzRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Authz-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusAuthzRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebaf4f25-a4e8-415f-86a8-42d9155bef0b\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfb11c26-f069-4c14-8e36-56c394dae5af\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDenyDisabledLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/910711a6-8aa2-4f15-ae62-1e5b2ed3ef9e\",\n                \"policyDefinitionReferenceId\": \"Modify-Sb-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusModifyDisableLocalAuth')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#31": "{\n    \"name\": \"Enforce-Guardrails-SQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for SQL and SQL Managed Instance\",\n        \"description\": \"This policy initiative is a group of policies that ensures SQL and SQL Managed Instance is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"SQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"sqlManagedAadOnly\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlAadOnly\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifySqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c5a62eb0-c65a-4220-8a4d-f70dd4ca95dd\",\n                \"policyDefinitionReferenceId\": \"Dine-Sql-Managed-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abda6d70-9778-44e7-84a8-06713e6db027\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Aad-Only\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlAadOnly')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/78215662-041e-49ed-a9dd-5385911b3a1f\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Aad-Only\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedAadOnly')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6\",\n                \"policyDefinitionReferenceId\": \"Dine-Sql-Adv-Data\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b\",\n                \"policyDefinitionReferenceId\": \"Modify-Sql-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifySqlPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#32": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\n                \"policyDefinitionReferenceId\": \"Dine-Storage-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#33": "{\n    \"name\": \"Enforce-Guardrails-Synapse\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Synapse workspaces\",\n        \"description\": \"This policy initiative is a group of policies that ensures Synapse workspaces is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Synapse\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"synapseLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseManagedVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDataTraffic\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTenants\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseAllowedTenantIds\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"[[subscription().tenantId]\"\n                ]\n            },\n            \"synapseFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/951c1558-50a5-4ca3-abb6-a93e3e2367a6\",\n                \"policyDefinitionReferenceId\": \"Dine-Synapse-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3624673-d2ff-48e0-b28c-5de1c6767c3c\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56fd377d-098c-4f02-8406-81eb055902b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a003702-13d2-4679-941b-937e58c443f0\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tenant-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTenants')]\"\n                    },\n                    \"allowedTenantIds\": {\n                        \"value\": \"[[parameters('synapseAllowedTenantIds')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3484ce98-c0c5-4c83-994b-c5ac24785218\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Data-Traffic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDataTraffic')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d9dbfa3-927b-4cf0-9d0f-08747f971650\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Managed-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseManagedVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2158ddbe-fefa-408e-b43f-d4faef8ff3b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b5c654c-fb07-471b-aa8f-15fea733f140\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c8cad01-ef30-4891-b230-652dadb4876a\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#34": "{\n    \"name\": \"Enforce-Guardrails-VirtualDesktop\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Virtual Desktop\",\n        \"description\": \"This policy initiative is a group of policies that ensures Virtual Desktop is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Desktop Virtualization\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"avdWorkspaceModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ce6ebf1d-0b94-4df9-9257-d8cacc238b4f\",\n                \"policyDefinitionReferenceId\": \"Modify-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspaceModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0913ff-51e7-47b8-97bb-ea17127f7c8d\",\n                \"policyDefinitionReferenceId\": \"Modify-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#35": "{\n    \"name\": \"Deny-PublicPaaSEndpoints\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Public network access should be disabled for PaaS services\",\n        \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n        \"metadata\": {\n            \"version\": \"5.1.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"CosmosPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for CosmosDB\",\n                    \"description\": \"This policy denies that Cosmos database accounts  are created with out public network access is disabled.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"KeyVaultPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for KeyVault\",\n                    \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"SqlServerPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n                    \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"StoragePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access onStorage accounts should be disabled\",\n                    \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AKSPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on AKS API should be disabled\",\n                    \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"ACRPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure Container Registry disabled\",\n                    \"description\": \"This policy denies the creation of Azure Container Registries with exposed public endpoints \"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AFSPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure File Sync disabled\",\n                    \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"PostgreSQLFlexPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for PostgreSql Flexible Server\",\n                    \"description\": \"This policy denies creation of PostgreSQL Flexible DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"postgreSqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for PostgreSQL servers\",\n                    \"description\": \"This policy denies creation of PostgreSQL DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MySQLFlexPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for MySQL Flexible Server\",\n                    \"description\": \"This policy denies creation of MySql Flexible Server DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"BatchPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n                    \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MariaDbPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n                    \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MlPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Machine Learning\",\n                    \"description\": \"This policy denies creation of Azure Machine Learning with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"RedisCachePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Cache for Redis\",\n                    \"description\": \"This policy denies creation of Azure Cache for Redis with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"BotServicePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Bot Service\",\n                    \"description\": \"This policy denies creation of Bot Service with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AutomationPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Automation accounts\",\n                    \"description\": \"This policy denies creation of Automation accounts with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AppConfigPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Configuration\",\n                    \"description\": \"This policy denies creation of App Configuration with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"FunctionPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Function apps\",\n                    \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"FunctionAppSlotPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Function apps\",\n                    \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Service Environment apps\",\n                    \"description\": \"This policy denies creation of App Service Environment apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Service apps\",\n                    \"description\": \"This policy denies creation of App Service apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"ApiManPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for API Management services\",\n                    \"description\": \"This policy denies creation of API Management services with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"AuditIfNotExists\"\n            },\n            \"ContainerAppsEnvironmentDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Container Apps environment should disable public network access\",\n                    \"description\": \"This policy denies creation of Container Apps Environment with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsrVaultDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Azure Recovery Services vaults should disable public network access\",\n                    \"description\": \"This policy denies creation of Azure Recovery Services vaults with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"logicAppPublicNetworkAccessEffect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"appSlotsPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"cognitiveSearchPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"managedDiskPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmDisablePublicNetwork\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapsePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdWorkspacePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"grafanaPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/405c5871-3e91-4644-8a63-58e19d68ff5b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2982f36-99f2-4db5-8eff-283140c09693\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLFlexDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLFlexPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deny-PostgreSql-Public-Network-Access\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('postgreSqlPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLFlexDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLFlexPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MlDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/438c38d2-3772-465a-a9cc-7a6666a275ce\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MlPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisCacheDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/470baccb-7e51-4549-8b1a-3e5be069f663\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisCachePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BotServiceDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e8168db-69e3-4beb-9822-57cb59202a9d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BotServicePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AutomationDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/955a914f-bf86-4f0e-acd5-e0766b0efcb6\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AutomationPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppConfigDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3d9f5e4c-9947-4579-9539-2a7695fbc187\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppConfigPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/969ac98b-88a8-449f-883c-2e9adb123127\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionAppSlotsDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11c82d0c-db9f-4d7b-97c5-f3f9aa957da2\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppSlotPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AseDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d048aca-6479-4923-88f5-e2ac295d9af3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AsDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b5ef780-c53c-4a64-87f3-bb9c8c8094ba\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ApiManDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/df73bd95-24da-4a4f-96b9-4e8b94b402bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ApiManPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsEnvironmentDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d074ddf8-01a5-4b5e-a2b8-964aed452c0a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsEnvironmentDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/783ea2a8-b8fd-46be-896a-9ae79643a0b1\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AsrVaultDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9ebbbba3-4d65-4da9-bb67-b22cfaaff090\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsrVaultDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Public-Network-Access\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApp-Public-Network\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppPublicNetworkAccessEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/701a595d-38fb-4a66-ae6d-fb3735217622\",\n                \"policyDefinitionReferenceId\": \"Deny-AppSlots-Public\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appSlotsPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee980b6d-0eca-4501-8d54-f6290fd512c3\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8405fdab-1faf-48aa-b702-999c9c172094\",\n                \"policyDefinitionReferenceId\": \"Deny-ManagedDisk-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('managedDiskPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43bc7be6-5e69-4b0d-a2bb-e815557ca673\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1cf164be-6819-4a50-b8fa-4bcaa4f98fb6\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8f774be-6aee-492a-9e29-486ef81f3a68\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1adadefe-5f21-44f7-b931-a59b54ccdb45\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Topic-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0602787f-9896-402a-a6e1-39ee63ee435e\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/19ea9d63-adee-4431-a95e-1913c6c1c75f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PublicNetwork\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetwork')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cbd11fd3-3002-4907-b6c8-579f0e700e13\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDisablePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9dfea752-dd46-4766-aed1-c355fa93fb91\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Public-Endpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Public-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsPublicAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/38d8df46-cf4e-4073-8e03-48c24b29de0d\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapsePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ac3038-c07a-4b92-860d-29e270a4f3cd\",\n                \"policyDefinitionReferenceId\": \"Deny-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspacePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c25dcf31-878f-4eba-98eb-0818fdc6a334\",\n                \"policyDefinitionReferenceId\": \"Deny-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8775d5a-73b7-4977-a39b-833ef0114628\",\n                \"policyDefinitionReferenceId\": \"Deny-Grafana-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('grafanaPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#36": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. This policy set is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n    \"metadata\": {\n      \"deprecated\": true,\n      \"version\": \"2.2.0-deprecated\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsDestinationType\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AzureDiagnostics\",\n        \"allowedValues\": [\n          \"AzureDiagnostics\",\n          \"Dedicated\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Destination table for the Diagnostic Setting for API Management to Log Analytics workspace\",\n          \"description\": \"Destination table for the diagnostic setting for API Management to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsDestinationType\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AzureDiagnostics\",\n        \"allowedValues\": [\n          \"AzureDiagnostics\",\n          \"Dedicated\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Destination table for the Diagnostic Setting for Firewall to Log Analytics workspace\",\n          \"description\": \"Destination table for the diagnostic setting for Firewall to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Log Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Log Analytics to stream to a Log Analytics workspace when any Log Analytics workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category Audit enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AVDScalingPlansLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59759c62-9a22-4cdf-ae64-074495983fef\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountBlobServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountFileServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a70cc8-2bd4-47f1-90b6-1478e4662c96\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountQueueServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7bd000e3-37c7-4928-9f31-86c4b77c5c45\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountTableServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fb86bf3-d221-43d1-96d1-2434af34eaa0\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AVDScalingPlansLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"logAnalyticsDestinationType\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsDestinationType')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"logAnalyticsDestinationType\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsDestinationType')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#37": "{\n    \"name\": \"Deploy-MDFC-Config\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"[Deprecated]: Deploy Microsoft Defender for Cloud configuration\",\n        \"description\": \"Deploy Microsoft Defender for Cloud configuration. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html\",\n        \"metadata\": {\n            \"version\": \"7.0.0-deprecated\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"deprecated\": true,\n            \"supersededBy\": \"Deploy-MDFC-Config_20240319\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"emailSecurityContact\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Security contacts email address\",\n                    \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n                }\n            },\n            \"minimalSeverity\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"High\",\n                    \"Medium\",\n                    \"Low\"\n                ],\n                \"defaultValue\": \"High\",\n                \"metadata\": {\n                    \"displayName\": \"Minimal severity\",\n                    \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n                }\n            },\n            \"logAnalytics\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Primary Log Analytics workspace\",\n                    \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n                    \"strongType\": \"omsWorkspace\"\n                }\n            },\n            \"ascExportResourceGroupName\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n                }\n            },\n            \"ascExportResourceGroupLocation\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n                }\n            },\n            \"enableAscForCosmosDbs\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSql\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSqlOnVm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForDns\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForArm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForOssDb\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForAppServices\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForKeyVault\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForStorage\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForContainers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServersVulnerabilityAssessments\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"vulnerabilityAssessmentProvider\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"default\",\n                    \"mdeTvm\"\n                ],\n                \"defaultValue\": \"default\",\n                \"metadata\": {\n                    \"displayName\": \"Vulnerability assessment provider type\",\n                    \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n                }\n            },\n            \"enableAscForApis\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForCspm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForOssDb')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVM\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n                    },\n                    \"vaType\": {\n                        \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForAppServices')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForStorage')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforContainers\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    },\n                    \"logAnalyticsWorkspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForKeyVault')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForDns\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForDns')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForArm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForArm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSql')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForApis\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e54d2be9-5f2e-4d65-98e4-4f0e670b23d6\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForApis')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCspm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCspm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"securityEmailContact\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n                \"parameters\": {\n                    \"emailSecurityContact\": {\n                        \"value\": \"[[parameters('emailSecurityContact')]\"\n                    },\n                    \"minimalSeverity\": {\n                        \"value\": \"[[parameters('minimalSeverity')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ascExport\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n                \"parameters\": {\n                    \"resourceGroupName\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n                    },\n                    \"resourceGroupLocation\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n                    },\n                    \"workspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n                \"parameters\": {\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#38": "{\n    \"name\": \"Deploy-MDFC-Config_20240319\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n        \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Deploy-MDFC-Config\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"emailSecurityContact\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Security contacts email address\",\n                    \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n                }\n            },\n            \"minimalSeverity\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"High\",\n                    \"Medium\",\n                    \"Low\"\n                ],\n                \"defaultValue\": \"High\",\n                \"metadata\": {\n                    \"displayName\": \"Minimal severity\",\n                    \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n                }\n            },\n            \"logAnalytics\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Primary Log Analytics workspace\",\n                    \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n                    \"strongType\": \"omsWorkspace\"\n                }\n            },\n            \"ascExportResourceGroupName\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n                }\n            },\n            \"ascExportResourceGroupLocation\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n                }\n            },\n            \"enableAscForCosmosDbs\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSql\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSqlOnVm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForArm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForOssDb\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForAppServices\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForKeyVault\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForStorage\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForContainers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServersVulnerabilityAssessments\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"vulnerabilityAssessmentProvider\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"default\",\n                    \"mdeTvm\"\n                ],\n                \"defaultValue\": \"mdeTvm\",\n                \"metadata\": {\n                    \"displayName\": \"Vulnerability assessment provider type\",\n                    \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n                }\n            },\n            \"enableAscForCspm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForOssDb')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVM\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n                    },\n                    \"vaType\": {\n                        \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForAppServices')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForStorage')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforContainers\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    },\n                    \"logAnalyticsWorkspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForKeyVault')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForArm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForArm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSql')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCspm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCspm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"securityEmailContact\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n                \"parameters\": {\n                    \"emailSecurityContact\": {\n                        \"value\": \"[[parameters('emailSecurityContact')]\"\n                    },\n                    \"minimalSeverity\": {\n                        \"value\": \"[[parameters('minimalSeverity')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ascExport\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n                \"parameters\": {\n                    \"resourceGroupName\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n                    },\n                    \"resourceGroupLocation\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n                    },\n                    \"workspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n                \"parameters\": {\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#39": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"2.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDatabricksPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDatabricksPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureHDInsightPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureHDInsightPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMigratePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMigratePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueuePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueuePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueueSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueueSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesKeyPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesKeyPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesLivePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesLivePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesStreamPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesStreamPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBotServicePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBotServicePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureManagedGrafanaWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureManagedGrafanaWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotDeviceupdatePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotDeviceupdatePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcGuestconfigurationPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcGuestconfigurationPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcHybridResourceProviderPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcHybridResourceProviderPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcKubernetesConfigurationPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcKubernetesConfigurationPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotCentralPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotCentralPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Databricks-UI-Api\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDatabricksPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"databricks_ui_api\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Databricks-Browser-AuthN\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDatabricksPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"browser_authentication\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Migrate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7590a335-57cf-4c95-babd-ecbc8fafeb1f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMigratePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Key\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesKeyPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"keydelivery\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Live\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesLivePrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"liveevent\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Stream\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesStreamPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"streamingendpoint\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Web\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-BotService\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a4e6f44-f2af-4082-9702-033c9e88b9f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBotServicePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ManagedGrafanaWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4c8537f8-cd1b-49ec-b704-18e82a42fd58\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureManagedGrafanaWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTDeviceupdate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a222b93a-e6c2-4c01-817f-21e092455b2a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotDeviceupdatePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Arc\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55c4db33-97b0-437b-8469-c4f4498f5df9\",\n        \"parameters\":{\n          \"privateDnsZoneIDForGuestConfiguration\": {\n            \"value\": \"[[parameters('azureArcGuestconfigurationPrivateDnsZoneId')]\"\n          },\n          \"privateDnsZoneIDForHybridResourceProvider\": {\n            \"value\": \"[[parameters('azureArcHybridResourceProviderPrivateDnsZoneId')]\"\n          },\n          \"privateDnsZoneIDForKubernetesConfiguration\": {\n            \"value\": \"[[parameters('azureArcKubernetesConfigurationPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTCentral\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d627d7c6-ded5-481a-8f2e-7e16b1e6faf6\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotCentralPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#4": "{\n    \"name\": \"Enforce-EncryptTransit\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n      \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_20240509.html\",\n      \"metadata\": {\n        \"version\": \"2.1.0-deprecated\",\n        \"category\": \"Encryption\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"deprecated\": true,\n        \"supersededBy\": \"Enforce-EncryptTransit_20240509\",\n        \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n        ]\n      },\n      \"parameters\": {\n        \"AppServiceHttpEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n            \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceTlsVersionEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n            \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n            \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n          }\n        },\n        \"APIAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"FunctionLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"FunctionServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"WebAppServiceLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"WebAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"AKSIngressHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n            \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"deny\",\n          \"allowedValues\": [\n            \"audit\",\n            \"deny\",\n            \"disabled\"\n          ]\n        },\n        \"MySQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"MySQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n            \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"MySQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"PostgreSQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"PostgreSQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n            \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"PostgreSQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"RedisTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"RedisMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n            \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n          }\n        },\n        \"RedisTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n            \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"SQLManagedInstanceTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLManagedInstanceMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n            \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n          }\n        },\n        \"SQLManagedInstanceTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"SQLServerTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLServerminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n            \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n          }\n        },\n        \"SQLServerTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"StorageDeployHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"StorageminimumTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_1\",\n            \"TLS1_0\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Storage Account select minimum TLS version\",\n            \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n          }\n        },\n        \"StorageHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"ContainerAppsHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n            \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Deny\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n            },\n            \"minTlsVersion\": {\n              \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }",
-    "$fxv#40": "{\n    \"name\": \"Enforce-Encryption-CMK\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n        \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n        \"metadata\": {\n            \"version\": \"3.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"ACRCmkEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"AksCmkEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n                    \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"WorkspaceCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n                    \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n                }\n            },\n            \"CognitiveServicesCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n                    \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n                }\n            },\n            \"CosmosCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n                }\n            },\n            \"DataBoxCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n                    \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n                }\n            },\n            \"StreamAnalyticsCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n                    \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n                }\n            },\n            \"SynapseWorkspaceCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n                }\n            },\n            \"StorageCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n                    \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n                }\n            },\n            \"MySQLCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n                }\n            },\n            \"PostgreSQLCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n                }\n            },\n            \"SqlServerTDECMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n                }\n            },\n            \"HealthcareAPIsCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"audit\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure API for FHIR should use a customer-managed key (CMK) to encrypt data at rest\",\n                    \"description\": \"Use a customer-managed key to control the encryption at rest of the data stored in Azure API for FHIR when this is a regulatory or compliance requirement. Customer-managed keys also deliver double encryption by adding a second layer of encryption on top of the default one done with service-managed keys.\"\n                }\n            },\n            \"AzureBatchCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n                    \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n                }\n            },\n            \"EncryptedVMDisksEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Disk encryption should be applied on virtual machines\",\n                    \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n                }\n            },\n            \"AutomationAccountCmkEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"BackupCmkEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveSearchCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"osAndDataDiskCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerInstanceCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubPremiumCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDenyCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedCmk\": {\n              \"type\": \"string\",\n              \"defaultValue\": \"Deny\",\n              \"allowedValues\": [\n                  \"Audit\",\n                  \"Deny\",\n                  \"Disabled\"\n              ]\n            },\n            \"storageTableCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsEncryptionCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageQueueCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ACRCmkEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AksCmkEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CosmosCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"HealthcareAPIsCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('HealthcareAPIsCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56a5ee18-2ae6-4810-86f7-18e39ce5629b\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AutomationAccountCmkEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2e94d99a-8a36-4563-bc77-810d8893b671\",\n                \"policyDefinitionReferenceId\": \"Deny-Backup-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BackupCmkEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/76a56461-9dc0-40f0-82f5-2453283afa2f\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/702dd420-7fcc-42c5-afe8-4026edd20fe0\",\n                \"policyDefinitionReferenceId\": \"Deny-OsAndDataDisk-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('osAndDataDiskCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0aa61e00-0a01-4a3c-9945-e93cffedf0e6\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerInstance-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerInstanceCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/81e74cea-30fd-40d5-802f-d72103c2aaaa\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec52d6d-beb7-40c4-9a9e-fe753254690e\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1ad735a-e96f-45d2-a7b2-9a4932cab7ec\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-Premium-CMK\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Premium-CMK\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubPremiumCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/295fc8b1-dc9f-4f53-9c61-3f313ceab40a\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDenyCmk')]\"\n                    }\n                }\n            },\n            {\n              \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac01ad65-10e5-46df-bdd9-6b0cad13e1d2\",\n              \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Cmk\",\n              \"groupNames\": [],\n              \"parameters\": {\n                  \"effect\": {\n                      \"value\": \"[[parameters('sqlManagedCmk')]\"\n                  }\n              }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c322315-e26d-4174-a99e-f49d351b4688\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Table-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageTableCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5ec538c-daa0-4006-8596-35468b9148e8\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Encryption-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsEncryptionCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e5abd0-2554-4736-b7c0-4ffef23475ef\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Queue-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageQueueCmk')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#41": "{\n    \"name\": \"Enforce-ACSB\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce Azure Compute Security Benchmark compliance auditing\",\n        \"description\": \"Enforce Azure Compute Security Benchmark compliance auditing for Windows and Linux virtual machines.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Guest Configuration\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"includeArcMachines\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"true\",\n                    \"false\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Include Arc connected servers\",\n                    \"description\": \"By selecting this option, you agree to be charged monthly per Arc connected machine.\"\n                },\n                \"defaultValue\": \"true\"\n            },\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"AuditIfNotExists\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"GcIdentity\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"GcLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"GcWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WinAcsb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/72650e9f-97bc-4b2a-ab5f-9781a9fcecbc\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"IncludeArcMachines\": {\n                        \"value\": \"[[parameters('includeArcMachines')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"LinAcsb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"IncludeArcMachines\": {\n                        \"value\": \"[[parameters('includeArcMachines')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#42": "{\n  \"name\": \"Deploy-MDFC-DefenderSQL-AMA\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Configure SQL VM and Arc-enabled SQL Servers to install Microsoft Defender for SQL and AMA with a user-defined LAW\",\n    \"description\": \"Initiative is deprecated as the built-in initiative now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/de01d381-bae9-4670-8870-786f89f49e26.html\",\n    \"metadata\": {\n      \"version\": \"1.0.1-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"de01d381-bae9-4670-8870-786f89f49e26\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      },\n      \"userWorkspaceResourceId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace Resource Id\",\n          \"description\": \"Workspace resource Id of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n        \"type\": \"Boolean\",\n        \"metadata\": {\n          \"displayName\": \"Enable collection of SQL queries for security research\",\n          \"description\": \"Enable or disable the collection of SQL queries for security research.\"\n        },\n        \"allowedValues\": [\n          true,\n          false\n        ],\n        \"defaultValue\": false\n      },\n      \"identityResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Identity Resource Group\",\n          \"description\": \"The name of the resource group created by the policy.\"\n        },\n        \"defaultValue\": \"\"\n      },\n      \"userAssignedIdentityName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"User Assigned Managed Identity Name\",\n          \"description\": \"The name of the user assigned managed identity.\"\n        },\n        \"defaultValue\": \"\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcAma\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3592ff98-9787-443a-af59-4505d0fe0786\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcMdsql\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65503269-6a54-4553-8a28-0065a8e6d929\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcMdsqlDcr\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-Arc-Sql-DefenderSQL-DCR\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"userWorkspaceResourceId\": {\n            \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n            \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcDcrAssociation\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-Arc-SQL-DCR-Association\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlAma\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-AMA\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"identityResourceGroup\": {\n            \"value\": \"[[parameters('identityResourceGroup')]\"\n          },\n          \"userAssignedIdentityName\": {\n            \"value\": \"[[parameters('userAssignedIdentityName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlMdsql\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-DefenderSQL\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlMdsqlDcr\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-DefenderSQL-DCR\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"Disabled\"\n          },\n          \"userWorkspaceResourceId\": {\n            \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n            \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
-    "$fxv#43": "{\n    \"name\": \"Enforce-Backup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce enhanced recovery and backup policies\",\n        \"description\": \"Enforce enhanced recovery and backup policies on assigned scopes.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Backup\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"version\": \"1.0.0\",\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"checkLockedImmutabilityOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"checkLockedImmutabilityOnly\",\n                    \"description\": \"This parameter checks if Immutability is locked for Backup Vaults in scope. Selecting 'true' will mark only vaults with Immutability 'Locked' as compliant. Selecting 'false' will mark vaults that have Immutability either 'Enabled' or 'Locked' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            },\n            \"checkAlwaysOnSoftDeleteOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"CheckAlwaysOnSoftDeleteOnly\",\n                    \"description\": \"This parameter checks if Soft Delete is 'Locked' for Backup Vaults in scope. Selecting 'true' will mark only vaults with Soft Delete 'AlwaysOn' as compliant. Selecting 'false' will mark vaults that have Soft Delete either 'On' or 'AlwaysOn' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2514263b-bc0d-4b06-ac3e-f262c0979018\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabiltyOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6f6f560-14b7-49a4-9fc8-d2c3a9807868\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabilityOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-SoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9798d31d-6028-4dee-8643-46102185c016\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkAlwaysOnSoftDeleteOnly\": {\n                        \"value\": \"[[parameters('checkAlwaysOnSoftDeleteOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-SoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/31b8092a-36b8-434b-9af7-5ec844364148\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkAlwaysOnSoftDeleteOnly\": {\n                        \"value\": \"[[parameters('checkAlwaysOnSoftDeleteOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-MUA\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c58e083e-7982-4e24-afdc-be14d312389e\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-MUA\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c7031eab-0fc0-4cd9-acd0-4497bd66d91a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#44": "{\n    \"name\": \"Enforce-ALZ-Decomm\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"Enforce policies in the Decommissioned Landing Zone\",\n      \"description\": \"Enforce policies in the Decommissioned Landing Zone.\",\n      \"metadata\": {\n        \"version\": \"1.0.0\",\n        \"category\": \"Decommissioned\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"alzCloudEnvironments\": [ \n          \"AzureCloud\"\n        ]\n      },\n      \"parameters\": {\n        \"listOfResourceTypesAllowed\":{\n          \"type\": \"Array\",\n          \"defaultValue\": [],\n          \"metadata\": {\n            \"displayName\": \"Allowed resource types in the Decommissioned landing zone\",\n            \"description\": \"Allowed resource types in the Decommissioned landing zone, default is none.\",\n            \"strongType\": \"resourceTypes\"\n          }\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"DecomDenyResources\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\n          \"parameters\": {\n            \"listOfResourceTypesAllowed\": {\n              \"value\": \"[[parameters('listOfResourceTypesAllowed')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n            \"policyDefinitionReferenceId\": \"DecomShutdownMachines\",\n            \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown\",\n            \"parameters\": {},\n            \"groupNames\": []\n          }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }\n  ",
-    "$fxv#45": "{\n  \"name\": \"Deny-PublicPaaSEndpoints\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that  Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registires with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-KeyVaultPaasPublicIP\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AFSPaasPublicIP\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#46": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
-    "$fxv#47": "{\n  \"name\": \"Deploy-MDFC-Config\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#48": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotDeviceupdatePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotDeviceupdatePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Web\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTDeviceupdate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a222b93a-e6c2-4c01-817f-21e092455b2a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotDeviceupdatePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#30": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"2.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDatabricksPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDatabricksPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureHDInsightPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureHDInsightPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMigratePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMigratePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueuePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueuePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueueSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueueSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesKeyPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesKeyPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesLivePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesLivePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesStreamPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesStreamPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBotServicePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBotServicePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureManagedGrafanaWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureManagedGrafanaWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotDeviceupdatePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotDeviceupdatePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcGuestconfigurationPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcGuestconfigurationPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcHybridResourceProviderPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcHybridResourceProviderPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcKubernetesConfigurationPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcKubernetesConfigurationPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotCentralPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotCentralPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Databricks-UI-Api\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDatabricksPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"databricks_ui_api\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Databricks-Browser-AuthN\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDatabricksPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"browser_authentication\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Migrate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7590a335-57cf-4c95-babd-ecbc8fafeb1f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMigratePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Key\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesKeyPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"keydelivery\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Live\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesLivePrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"liveevent\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Stream\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesStreamPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"streamingendpoint\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Web\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-BotService\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a4e6f44-f2af-4082-9702-033c9e88b9f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBotServicePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ManagedGrafanaWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4c8537f8-cd1b-49ec-b704-18e82a42fd58\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureManagedGrafanaWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTDeviceupdate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a222b93a-e6c2-4c01-817f-21e092455b2a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotDeviceupdatePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Arc\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55c4db33-97b0-437b-8469-c4f4498f5df9\",\n        \"parameters\":{\n          \"privateDnsZoneIDForGuestConfiguration\": {\n            \"value\": \"[[parameters('azureArcGuestconfigurationPrivateDnsZoneId')]\"\n          },\n          \"privateDnsZoneIDForHybridResourceProvider\": {\n            \"value\": \"[[parameters('azureArcHybridResourceProviderPrivateDnsZoneId')]\"\n          },\n          \"privateDnsZoneIDForKubernetesConfiguration\": {\n            \"value\": \"[[parameters('azureArcKubernetesConfigurationPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTCentral\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d627d7c6-ded5-481a-8f2e-7e16b1e6faf6\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotCentralPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#31": "{\n    \"name\": \"Enforce-Encryption-CMK\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n        \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n        \"metadata\": {\n            \"version\": \"3.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"ACRCmkEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"AksCmkEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n                    \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"WorkspaceCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n                    \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n                }\n            },\n            \"CognitiveServicesCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n                    \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n                }\n            },\n            \"CosmosCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n                }\n            },\n            \"DataBoxCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n                    \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n                }\n            },\n            \"StreamAnalyticsCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n                    \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n                }\n            },\n            \"SynapseWorkspaceCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n                }\n            },\n            \"StorageCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n                    \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n                }\n            },\n            \"MySQLCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n                }\n            },\n            \"PostgreSQLCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n                }\n            },\n            \"SqlServerTDECMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n                }\n            },\n            \"HealthcareAPIsCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"audit\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure API for FHIR should use a customer-managed key (CMK) to encrypt data at rest\",\n                    \"description\": \"Use a customer-managed key to control the encryption at rest of the data stored in Azure API for FHIR when this is a regulatory or compliance requirement. Customer-managed keys also deliver double encryption by adding a second layer of encryption on top of the default one done with service-managed keys.\"\n                }\n            },\n            \"AzureBatchCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n                    \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n                }\n            },\n            \"EncryptedVMDisksEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Disk encryption should be applied on virtual machines\",\n                    \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n                }\n            },\n            \"AutomationAccountCmkEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"BackupCmkEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveSearchCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"osAndDataDiskCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerInstanceCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubPremiumCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDenyCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedCmk\": {\n              \"type\": \"string\",\n              \"defaultValue\": \"Deny\",\n              \"allowedValues\": [\n                  \"Audit\",\n                  \"Deny\",\n                  \"Disabled\"\n              ]\n            },\n            \"storageTableCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsEncryptionCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageQueueCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ACRCmkEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AksCmkEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CosmosCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"HealthcareAPIsCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('HealthcareAPIsCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56a5ee18-2ae6-4810-86f7-18e39ce5629b\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AutomationAccountCmkEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2e94d99a-8a36-4563-bc77-810d8893b671\",\n                \"policyDefinitionReferenceId\": \"Deny-Backup-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BackupCmkEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/76a56461-9dc0-40f0-82f5-2453283afa2f\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/702dd420-7fcc-42c5-afe8-4026edd20fe0\",\n                \"policyDefinitionReferenceId\": \"Deny-OsAndDataDisk-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('osAndDataDiskCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0aa61e00-0a01-4a3c-9945-e93cffedf0e6\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerInstance-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerInstanceCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/81e74cea-30fd-40d5-802f-d72103c2aaaa\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec52d6d-beb7-40c4-9a9e-fe753254690e\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1ad735a-e96f-45d2-a7b2-9a4932cab7ec\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-Premium-CMK\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Premium-CMK\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubPremiumCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/295fc8b1-dc9f-4f53-9c61-3f313ceab40a\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDenyCmk')]\"\n                    }\n                }\n            },\n            {\n              \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac01ad65-10e5-46df-bdd9-6b0cad13e1d2\",\n              \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Cmk\",\n              \"groupNames\": [],\n              \"parameters\": {\n                  \"effect\": {\n                      \"value\": \"[[parameters('sqlManagedCmk')]\"\n                  }\n              }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c322315-e26d-4174-a99e-f49d351b4688\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Table-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageTableCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5ec538c-daa0-4006-8596-35468b9148e8\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Encryption-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsEncryptionCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e5abd0-2554-4736-b7c0-4ffef23475ef\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Queue-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageQueueCmk')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#32": "{\n    \"name\": \"Enforce-ACSB\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce Azure Compute Security Benchmark compliance auditing\",\n        \"description\": \"Enforce Azure Compute Security Benchmark compliance auditing for Windows and Linux virtual machines.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Guest Configuration\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"includeArcMachines\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"true\",\n                    \"false\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Include Arc connected servers\",\n                    \"description\": \"By selecting this option, you agree to be charged monthly per Arc connected machine.\"\n                },\n                \"defaultValue\": \"true\"\n            },\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"AuditIfNotExists\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"GcIdentity\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"GcLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"GcWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WinAcsb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/72650e9f-97bc-4b2a-ab5f-9781a9fcecbc\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"IncludeArcMachines\": {\n                        \"value\": \"[[parameters('includeArcMachines')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"LinAcsb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"IncludeArcMachines\": {\n                        \"value\": \"[[parameters('includeArcMachines')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#33": "{\n  \"name\": \"Deploy-MDFC-DefenderSQL-AMA\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Configure SQL VM and Arc-enabled SQL Servers to install Microsoft Defender for SQL and AMA with a user-defined LAW\",\n    \"description\": \"Initiative is deprecated as the built-in initiative now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/de01d381-bae9-4670-8870-786f89f49e26.html\",\n    \"metadata\": {\n      \"version\": \"1.0.1-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"de01d381-bae9-4670-8870-786f89f49e26\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      },\n      \"userWorkspaceResourceId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace Resource Id\",\n          \"description\": \"Workspace resource Id of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n        \"type\": \"Boolean\",\n        \"metadata\": {\n          \"displayName\": \"Enable collection of SQL queries for security research\",\n          \"description\": \"Enable or disable the collection of SQL queries for security research.\"\n        },\n        \"allowedValues\": [\n          true,\n          false\n        ],\n        \"defaultValue\": false\n      },\n      \"identityResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Identity Resource Group\",\n          \"description\": \"The name of the resource group created by the policy.\"\n        },\n        \"defaultValue\": \"\"\n      },\n      \"userAssignedIdentityName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"User Assigned Managed Identity Name\",\n          \"description\": \"The name of the user assigned managed identity.\"\n        },\n        \"defaultValue\": \"\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcAma\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3592ff98-9787-443a-af59-4505d0fe0786\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcMdsql\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65503269-6a54-4553-8a28-0065a8e6d929\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcMdsqlDcr\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-Arc-Sql-DefenderSQL-DCR\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"userWorkspaceResourceId\": {\n            \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n            \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcDcrAssociation\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-Arc-SQL-DCR-Association\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlAma\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-AMA\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"identityResourceGroup\": {\n            \"value\": \"[[parameters('identityResourceGroup')]\"\n          },\n          \"userAssignedIdentityName\": {\n            \"value\": \"[[parameters('userAssignedIdentityName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlMdsql\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-DefenderSQL\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlMdsqlDcr\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-DefenderSQL-DCR\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"Disabled\"\n          },\n          \"userWorkspaceResourceId\": {\n            \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n            \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
+    "$fxv#34": "{\n    \"name\": \"Enforce-Backup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce enhanced recovery and backup policies\",\n        \"description\": \"Enforce enhanced recovery and backup policies on assigned scopes.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Backup\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"version\": \"1.0.0\",\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"checkLockedImmutabilityOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"checkLockedImmutabilityOnly\",\n                    \"description\": \"This parameter checks if Immutability is locked for Backup Vaults in scope. Selecting 'true' will mark only vaults with Immutability 'Locked' as compliant. Selecting 'false' will mark vaults that have Immutability either 'Enabled' or 'Locked' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            },\n            \"checkAlwaysOnSoftDeleteOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"CheckAlwaysOnSoftDeleteOnly\",\n                    \"description\": \"This parameter checks if Soft Delete is 'Locked' for Backup Vaults in scope. Selecting 'true' will mark only vaults with Soft Delete 'AlwaysOn' as compliant. Selecting 'false' will mark vaults that have Soft Delete either 'On' or 'AlwaysOn' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2514263b-bc0d-4b06-ac3e-f262c0979018\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabiltyOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6f6f560-14b7-49a4-9fc8-d2c3a9807868\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabilityOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-SoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9798d31d-6028-4dee-8643-46102185c016\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkAlwaysOnSoftDeleteOnly\": {\n                        \"value\": \"[[parameters('checkAlwaysOnSoftDeleteOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-SoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/31b8092a-36b8-434b-9af7-5ec844364148\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkAlwaysOnSoftDeleteOnly\": {\n                        \"value\": \"[[parameters('checkAlwaysOnSoftDeleteOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-MUA\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c58e083e-7982-4e24-afdc-be14d312389e\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-MUA\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c7031eab-0fc0-4cd9-acd0-4497bd66d91a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#35": "{\n    \"name\": \"Enforce-ALZ-Decomm\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"Enforce policies in the Decommissioned Landing Zone\",\n      \"description\": \"Enforce policies in the Decommissioned Landing Zone.\",\n      \"metadata\": {\n        \"version\": \"1.0.0\",\n        \"category\": \"Decommissioned\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"alzCloudEnvironments\": [ \n          \"AzureCloud\"\n        ]\n      },\n      \"parameters\": {\n        \"listOfResourceTypesAllowed\":{\n          \"type\": \"Array\",\n          \"defaultValue\": [],\n          \"metadata\": {\n            \"displayName\": \"Allowed resource types in the Decommissioned landing zone\",\n            \"description\": \"Allowed resource types in the Decommissioned landing zone, default is none.\",\n            \"strongType\": \"resourceTypes\"\n          }\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"DecomDenyResources\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\n          \"parameters\": {\n            \"listOfResourceTypesAllowed\": {\n              \"value\": \"[[parameters('listOfResourceTypesAllowed')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n            \"policyDefinitionReferenceId\": \"DecomShutdownMachines\",\n            \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown\",\n            \"parameters\": {},\n            \"groupNames\": []\n          }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }\n  ",
+    "$fxv#36": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\n                \"policyDefinitionReferenceId\": \"Dine-Storage-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#37": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-Sup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce additional recommended guardrails for Key Vault\",\n        \"description\": \"This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"keyVaultManagedHsmDisablePublicNetworkModify\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultModifyFw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84d327c3-164a-4685-b453-900478614456\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetworkModify')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-Fw\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultModifyFw')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#38": "{\n    \"name\": \"Enforce-EncryptTransit\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n      \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_20240509.html\",\n      \"metadata\": {\n        \"version\": \"2.1.0-deprecated\",\n        \"category\": \"Encryption\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"deprecated\": true,\n        \"supersededBy\": \"Enforce-EncryptTransit_20240509\",\n        \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n        ]\n      },\n      \"parameters\": {\n        \"AppServiceHttpEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n            \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceTlsVersionEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n            \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n            \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n          }\n        },\n        \"APIAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"FunctionLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"FunctionServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"WebAppServiceLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"WebAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"AKSIngressHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n            \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"deny\",\n          \"allowedValues\": [\n            \"audit\",\n            \"deny\",\n            \"disabled\"\n          ]\n        },\n        \"MySQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"MySQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n            \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"MySQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"PostgreSQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"PostgreSQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n            \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"PostgreSQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"RedisTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"RedisMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n            \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n          }\n        },\n        \"RedisTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n            \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"SQLManagedInstanceTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLManagedInstanceMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n            \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n          }\n        },\n        \"SQLManagedInstanceTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"SQLServerTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLServerminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n            \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n          }\n        },\n        \"SQLServerTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"StorageDeployHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"StorageminimumTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_1\",\n            \"TLS1_0\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Storage Account select minimum TLS version\",\n            \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n          }\n        },\n        \"StorageHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"ContainerAppsHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n            \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Deny\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n            },\n            \"minTlsVersion\": {\n              \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }",
+    "$fxv#39": "{\n    \"name\": \"Enforce-EncryptTransit_20240509\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"ContainerAppsHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n                    \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#4": "{\n    \"name\": \"Enforce-ALZ-Sandbox\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce policies in the Sandbox Landing Zone\",\n        \"description\": \"Enforce policies in the Sandbox Landing Zone.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Sandbox\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"listOfResourceTypesNotAllowed\": {\n                \"type\": \"Array\",\n                \"defaultValue\": [],\n                \"metadata\": {\n                    \"displayName\": \"Not allowed resource types in the Sandbox landing zone\",\n                    \"description\": \"Not allowed resource types in the Sandbox landing zone, default is none.\",\n                    \"strongType\": \"resourceTypes\"\n                }\n            },\n            \"effectNotAllowedResources\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectDenyVnetPeering\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"SandboxNotAllowed\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectNotAllowedResources')]\"\n                      },\n                    \"listOfResourceTypesNotAllowed\": {\n                        \"value\": \"[[parameters('listOfResourceTypesNotAllowed')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SandboxDenyVnetPeering\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peer-Cross-Sub\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectDenyVnetPeering')]\"\n                      }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#40": "{\n    \"name\": \"Enforce-Guardrails-ContainerApps\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Apps\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerAppsManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsVnetInjection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b346db6-85af-419b-8557-92cee2c0f9bb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApp-Vnet-Injection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsVnetInjection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsManagedIdentity')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#41": "{\n    \"name\": \"Enforce-Guardrails-KeyVault\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultManagedHsmCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsPurgeProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86810a98-8e91-4a44-8386-ec66d0de5d57\",\n                \"policyDefinitionReferenceId\": \"Deny-keyVaultManagedHsm-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PurgeProtection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsPurgeProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#42": "{\n    \"name\": \"Enforce-Guardrails-Automation\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"autoHotPatch\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d02d2f7-e38b-4bdc-96f3-adc0a8726abc\",\n                \"policyDefinitionReferenceId\": \"Deny-Windows-Vm-HotPatch\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('autoHotPatch')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#43": "{\n    \"name\": \"Enforce-Guardrails-MySQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlInfraEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#44": "{\n    \"name\": \"Enforce-Guardrails-Network\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableIDPS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafAfdEnabled\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Afd-Enabled\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafAfdEnabled')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-IDPS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableIDPS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#45": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbAtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656\",\n                \"policyDefinitionReferenceId\": \"Dine-CosmosDb-Atp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbAtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#46": "{\n  \"name\": \"Deny-PublicPaaSEndpoints-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registries with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-KeyVaultPaasPublicIP\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AFSPaasPublicIP\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#47": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
+    "$fxv#48": "{\n  \"name\": \"Deploy-MDFC-Config-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#49": "{\n  \"name\": \"Enforce-Encryption-CMK\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"MySQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"PostgreSQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#5": "{\n    \"name\": \"Enforce-EncryptTransit_20240509\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"ContainerAppsHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n                    \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#50": "{\n  \"name\": \"Deny-PublicPaaSEndpoints\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that  Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registires with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicEndpoint-MariaDB\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#51": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
-    "$fxv#52": "{\n  \"name\": \"Deploy-MDFC-Config\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForDns\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForArm\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForStorage\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForStorageAccounts\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c30959-af11-47b3-9ed2-a26e03f427a3\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForStorage')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForDns\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForDns')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForArm\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForArm')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#53": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
-    "$fxv#54": "{\n  \"name\": \"Enforce-Encryption-CMK\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#6": "{\n    \"name\": \"Enforce-ALZ-Sandbox\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce policies in the Sandbox Landing Zone\",\n        \"description\": \"Enforce policies in the Sandbox Landing Zone.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Sandbox\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"listOfResourceTypesNotAllowed\": {\n                \"type\": \"Array\",\n                \"defaultValue\": [],\n                \"metadata\": {\n                    \"displayName\": \"Not allowed resource types in the Sandbox landing zone\",\n                    \"description\": \"Not allowed resource types in the Sandbox landing zone, default is none.\",\n                    \"strongType\": \"resourceTypes\"\n                }\n            },\n            \"effectNotAllowedResources\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectDenyVnetPeering\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"SandboxNotAllowed\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectNotAllowedResources')]\"\n                      },\n                    \"listOfResourceTypesNotAllowed\": {\n                        \"value\": \"[[parameters('listOfResourceTypesNotAllowed')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SandboxDenyVnetPeering\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peer-Cross-Sub\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectDenyVnetPeering')]\"\n                      }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#7": "{\n    \"name\": \"DenyAction-DeleteProtection\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"DenyAction Delete - Activity Log Settings and Diagnostic Settings\",\n        \"description\": \"Enforces DenyAction - Delete on Activity Log Settings and Diagnostic Settings.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Monitoring\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {},\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-DiagnosticSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-ActivityLogSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#8": "{\n    \"name\": \"Deploy-AUM-CheckUpdates\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Configure periodic checking for missing system updates on azure virtual machines and Arc-enabled virtual machines\",\n        \"description\": \"Configure auto-assessment (every 24 hours) for OS updates. You can control the scope of assignment according to machine subscription, resource group, location or tag. Learn more about this for Windows: https://aka.ms/computevm-windowspatchassessmentmode, for Linux: https://aka.ms/computevm-linuxpatchassessmentmode.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"assessmentMode\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Assessment mode\",\n                    \"description\": \"Assessment mode for the machines.\"\n                },\n                \"allowedValues\": [\n                    \"ImageDefault\",\n                    \"AutomaticByPlatform\"\n                ],\n                \"defaultValue\": \"AutomaticByPlatform\"\n            },\n            \"locations\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Machines locations\",\n                    \"description\": \"The list of locations from which machines need to be targeted.\",\n                    \"strongType\": \"location\"\n                },\n                \"defaultValue\": []\n            },\n            \"tagValues\": {\n                \"type\": \"Object\",\n                \"metadata\": {\n                    \"displayName\": \"Tags on machines\",\n                    \"description\": \"The list of tags that need to matched for getting target machines.\"\n                },\n                \"defaultValue\": {}\n            },\n            \"tagOperator\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Tag operator\",\n                    \"description\": \"Matching condition for resource tags\"\n                },\n                \"allowedValues\": [\n                    \"All\",\n                    \"Any\"\n                ],\n                \"defaultValue\": \"Any\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmCheckUpdateWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Windows\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmCheckUpdateLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Linux\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmArcCheckUpdateWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfea026e-043f-4ff4-9d1b-bf301ca7ff46\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Windows\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmArcCheckUpdateLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfea026e-043f-4ff4-9d1b-bf301ca7ff46\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Linux\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#9": "{\n    \"name\": \"Enforce-Guardrails-KeyVault\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultManagedHsmCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsPurgeProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86810a98-8e91-4a44-8386-ec66d0de5d57\",\n                \"policyDefinitionReferenceId\": \"Deny-keyVaultManagedHsm-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PurgeProtection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsPurgeProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#5": "{\n    \"name\": \"DenyAction-DeleteProtection\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"DenyAction Delete - Activity Log Settings and Diagnostic Settings\",\n        \"description\": \"Enforces DenyAction - Delete on Activity Log Settings and Diagnostic Settings.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Monitoring\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {},\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-DiagnosticSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-ActivityLogSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#50": "{\n  \"name\": \"Deploy-Private-DNS-Zones-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotDeviceupdatePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotDeviceupdatePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTDeviceupdate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a222b93a-e6c2-4c01-817f-21e092455b2a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotDeviceupdatePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#51": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#52": "{\n    \"name\": \"Enforce-EncryptTransit_20240509\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#53": "{\n    \"name\": \"Enforce-Guardrails-ContainerApps\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Apps\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"containerAppsManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsManagedIdentity')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#54": "{\n    \"name\": \"Enforce-Guardrails-KeyVault\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsPurgeProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PurgeProtection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsPurgeProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#55": "{\n    \"name\": \"Enforce-Guardrails-Automation\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#56": "{\n    \"name\": \"Enforce-Guardrails-MySQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#57": "{\n    \"name\": \"Enforce-Guardrails-Network\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableIDPS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-IDPS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableIDPS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#58": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#59": "{\n  \"name\": \"Deny-PublicPaaSEndpoints\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that  Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registires with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicEndpoint-MariaDB\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#6": "{\n    \"name\": \"Deploy-AUM-CheckUpdates\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Configure periodic checking for missing system updates on azure virtual machines and Arc-enabled virtual machines\",\n        \"description\": \"Configure auto-assessment (every 24 hours) for OS updates. You can control the scope of assignment according to machine subscription, resource group, location or tag. Learn more about this for Windows: https://aka.ms/computevm-windowspatchassessmentmode, for Linux: https://aka.ms/computevm-linuxpatchassessmentmode.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"assessmentMode\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Assessment mode\",\n                    \"description\": \"Assessment mode for the machines.\"\n                },\n                \"allowedValues\": [\n                    \"ImageDefault\",\n                    \"AutomaticByPlatform\"\n                ],\n                \"defaultValue\": \"AutomaticByPlatform\"\n            },\n            \"locations\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Machines locations\",\n                    \"description\": \"The list of locations from which machines need to be targeted.\",\n                    \"strongType\": \"location\"\n                },\n                \"defaultValue\": []\n            },\n            \"tagValues\": {\n                \"type\": \"Object\",\n                \"metadata\": {\n                    \"displayName\": \"Tags on machines\",\n                    \"description\": \"The list of tags that need to matched for getting target machines.\"\n                },\n                \"defaultValue\": {}\n            },\n            \"tagOperator\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Tag operator\",\n                    \"description\": \"Matching condition for resource tags\"\n                },\n                \"allowedValues\": [\n                    \"All\",\n                    \"Any\"\n                ],\n                \"defaultValue\": \"Any\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmCheckUpdateWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Windows\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmCheckUpdateLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Linux\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmArcCheckUpdateWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfea026e-043f-4ff4-9d1b-bf301ca7ff46\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Windows\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmArcCheckUpdateLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfea026e-043f-4ff4-9d1b-bf301ca7ff46\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Linux\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#60": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
+    "$fxv#61": "{\n  \"name\": \"Deploy-MDFC-Config\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForDns\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForArm\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForStorage\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForStorageAccounts\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c30959-af11-47b3-9ed2-a26e03f427a3\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForStorage')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForDns\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForDns')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForArm\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForArm')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#62": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
+    "$fxv#63": "{\n  \"name\": \"Enforce-Encryption-CMK\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#64": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\n                \"policyDefinitionReferenceId\": \"Dine-Storage-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#65": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-Sup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce additional recommended guardrails for Key Vault\",\n        \"description\": \"This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"keyVaultManagedHsmDisablePublicNetworkModify\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultModifyFw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84d327c3-164a-4685-b453-900478614456\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetworkModify')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-Fw\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultModifyFw')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#66": "{\n    \"name\": \"Enforce-EncryptTransit\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n      \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_20240509.html\",\n      \"metadata\": {\n        \"version\": \"2.1.0-deprecated\",\n        \"category\": \"Encryption\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"deprecated\": true,\n        \"supersededBy\": \"Enforce-EncryptTransit_20240509\",\n        \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n        ]\n      },\n      \"parameters\": {\n        \"AppServiceHttpEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n            \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceTlsVersionEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n            \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n            \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n          }\n        },\n        \"APIAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"FunctionLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"FunctionServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"WebAppServiceLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"WebAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"AKSIngressHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n            \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"deny\",\n          \"allowedValues\": [\n            \"audit\",\n            \"deny\",\n            \"disabled\"\n          ]\n        },\n        \"MySQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"MySQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n            \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"MySQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"PostgreSQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"PostgreSQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n            \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"PostgreSQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"RedisTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"RedisMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n            \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n          }\n        },\n        \"RedisTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n            \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"SQLManagedInstanceTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLManagedInstanceMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n            \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n          }\n        },\n        \"SQLManagedInstanceTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"SQLServerTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLServerminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n            \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n          }\n        },\n        \"SQLServerTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"StorageDeployHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"StorageminimumTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_1\",\n            \"TLS1_0\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Storage Account select minimum TLS version\",\n            \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n          }\n        },\n        \"StorageHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"ContainerAppsHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n            \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Deny\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n            },\n            \"minTlsVersion\": {\n              \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }",
+    "$fxv#67": "{\n    \"name\": \"Enforce-EncryptTransit_20240509\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"ContainerAppsHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n                    \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#68": "{\n    \"name\": \"Enforce-Guardrails-ContainerApps\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Apps\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerAppsManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsVnetInjection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b346db6-85af-419b-8557-92cee2c0f9bb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApp-Vnet-Injection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsVnetInjection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsManagedIdentity')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#69": "{\n    \"name\": \"Enforce-Guardrails-KeyVault\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultManagedHsmCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsPurgeProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86810a98-8e91-4a44-8386-ec66d0de5d57\",\n                \"policyDefinitionReferenceId\": \"Deny-keyVaultManagedHsm-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PurgeProtection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsPurgeProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#7": "{\n    \"name\": \"Enforce-Guardrails-APIM\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for API Management\",\n        \"description\": \"This policy initiative is a group of policies that ensures API Management is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"API Management\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"apiSubscriptionScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"minimumApiVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimSkuVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimApiBackendCertValidation\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimDirectApiEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimCallApiAuthn\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimEncryptedProtocols\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimVnetUsage\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimSecrets\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f1cc7827-022c-473e-836e-5a51cae0b249\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-without-Kv\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimSecrets')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ef619a2c-cc4d-4d03-b2ba-8c94a834d85b\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-without-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimVnetUsage')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-APIM-TLS\",\n                \"policyDefinitionReferenceId\": \"Deny-APIM-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee7495e7-3ba7-40b6-bfee-c29e22cc75d4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Protocols\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimEncryptedProtocols')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c15dcc82-b93c-4dcb-9332-fbf121685b54\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Authn\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimCallApiAuthn')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b741306c-968e-4b67-b916-5675e5c709f4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Direct-Endpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimDirectApiEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92bb331d-ac71-416a-8c91-02f2cb734ce4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Cert-Validation\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimApiBackendCertValidation')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ca8c8ac-3a6e-493d-99ba-c5fa35347ff2\",\n                \"policyDefinitionReferenceId\": \"Dine-Apim-Public-NetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimDisablePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/73ef9241-5d81-4cd4-b483-8443d1730fe5\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Sku-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimSkuVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/549814b6-3212-4203-bdc8-1548d342fb67\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('minimumApiVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3aa03346-d8c5-4994-a5bc-7652c2a2aef1\",\n                \"policyDefinitionReferenceId\": \"Deny-Api-subscription-scope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apiSubscriptionScope')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#70": "{\n    \"name\": \"Enforce-Guardrails-Automation\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"autoHotPatch\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d02d2f7-e38b-4bdc-96f3-adc0a8726abc\",\n                \"policyDefinitionReferenceId\": \"Deny-Windows-Vm-HotPatch\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('autoHotPatch')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#71": "{\n    \"name\": \"Enforce-Guardrails-MySQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlInfraEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#72": "{\n    \"name\": \"Enforce-Guardrails-Network\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableIDPS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafAfdEnabled\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Afd-Enabled\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafAfdEnabled')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-IDPS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableIDPS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#73": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbAtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656\",\n                \"policyDefinitionReferenceId\": \"Dine-CosmosDb-Atp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbAtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#8": "{\n    \"name\": \"Enforce-Guardrails-AppServices\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for App Service\",\n        \"description\": \"This policy initiative is a group of policies that ensures App Service is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"App Service\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"functionAppDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceSkuPl\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceDisableLocalAuthFtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceRouting\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceScmAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceRfc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsRfc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsVnetRouting\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceEnvLatestVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsRemoteDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsRemoteDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceByoc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsModifyHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppService-without-BYOC\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Byoc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceByoc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a5e3fe8f-f6cd-4f1d-bbf6-c749754a724b\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Remote-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsRemoteDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cca5adfe-626b-4cc6-8522-f5b6ed2391bd\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Remote-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsRemoteDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eb4d34ab-0929-491c-bbf3-61e13da19f9a\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Latest-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceEnvLatestVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/801543d1-1953-4a90-b8b0-8cf6d41473a5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Vnet-Routing\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsVnetRouting')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f5c0bfb3-acea-47b1-b477-b0edcdf6edc1\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Rfc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceRfc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a691eacb-474d-47e4-b287-b4813ca44222\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServiceApps-Rfc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsRfc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/70adbb40-e092-42d5-a6f8-71c540a5efdb\",\n                \"policyDefinitionReferenceId\": \"DINE-FuncApp-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e97b776-f380-4722-a9a3-e7f0be029e79\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-ScmAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceScmAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5747353b-1ca9-42c1-a4dd-b874b894f3d4\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-Routing\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceRouting')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/572e342c-c920-4ef5-be2e-1ed3c6a51dc5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-FtpAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceDisableLocalAuthFtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/546fe8d2-368d-4029-a418-6af48a7f61e5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-SkuPl\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceSkuPl')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2c034a29-2a5f-4857-b120-f800fe5549ae\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceDisableLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a5046c-c423-4805-9235-e844ae9ef49b\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08cf2974-d178-48a0-b26d-f6b8e555748b\",\n                \"policyDefinitionReferenceId\": \"Modify-Function-Apps-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsModifyHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0f98368e-36bc-4716-8ac2-8f8067203b63\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/242222f3-4985-4e99-b5ef-086d6a6cb01c\",\n                \"policyDefinitionReferenceId\": \"Modify-Function-Apps-Slots-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2374605e-3e0b-492b-9046-229af202562c\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-Apps-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c6c3e00e-d414-4ca4-914f-406699bb8eee\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-App-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#9": "{\n    \"name\": \"Enforce-Guardrails-CognitiveServices\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cognitive Services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cognitive Services is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cognitiveSearchSku\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveSearchLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyCognitiveSearchLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyCognitiveSearchPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a049bf77-880b-470f-ba6d-9f21c530cf83\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-SKU\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchSku')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6300012e-e9a4-4649-b41f-a85f5c43be91\",\n                \"policyDefinitionReferenceId\": \"Deny-CongitiveSearch-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4eb216f2-9dba-4979-86e6-5d7e63ce3b75\",\n                \"policyDefinitionReferenceId\": \"Modify-CogntiveSearch-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyCognitiveSearchLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9cee519f-d9c1-4fd9-9f79-24ec3449ed30\",\n                \"policyDefinitionReferenceId\": \"Modify-CogntiveSearch-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyCognitiveSearchPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47ba1dd7-28d9-4b07-a8d5-9813bed64e0c\",\n                \"policyDefinitionReferenceId\": \"Modify-Cognitive-Services-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "cloudEnv": "[environment().name]",
     "defaultDeploymentLocationByCloudType": {
       "AzureCloud": "northeurope",
-      "AzureChinaCloud": "chinaeast2",
+      "AzureChinaCloud": "chinanorth3",
       "AzureUSGovernment": "usgovvirginia"
     },
     "templateVars": {
@@ -169,7 +188,9 @@
         "[variables('$fxv#22')]",
         "[variables('$fxv#23')]",
         "[variables('$fxv#24')]",
-        "[variables('$fxv#25')]",
+        "[variables('$fxv#25')]"
+      ],
+      "AzureCloud": [
         "[variables('$fxv#26')]",
         "[variables('$fxv#27')]",
         "[variables('$fxv#28')]",
@@ -178,9 +199,7 @@
         "[variables('$fxv#31')]",
         "[variables('$fxv#32')]",
         "[variables('$fxv#33')]",
-        "[variables('$fxv#34')]"
-      ],
-      "AzureCloud": [
+        "[variables('$fxv#34')]",
         "[variables('$fxv#35')]",
         "[variables('$fxv#36')]",
         "[variables('$fxv#37')]",
@@ -190,21 +209,40 @@
         "[variables('$fxv#41')]",
         "[variables('$fxv#42')]",
         "[variables('$fxv#43')]",
-        "[variables('$fxv#44')]"
+        "[variables('$fxv#44')]",
+        "[variables('$fxv#45')]"
       ],
       "AzureChinaCloud": [
-        "[variables('$fxv#45')]",
         "[variables('$fxv#46')]",
         "[variables('$fxv#47')]",
         "[variables('$fxv#48')]",
-        "[variables('$fxv#49')]"
-      ],
-      "AzureUSGovernment": [
+        "[variables('$fxv#49')]",
         "[variables('$fxv#50')]",
         "[variables('$fxv#51')]",
         "[variables('$fxv#52')]",
         "[variables('$fxv#53')]",
-        "[variables('$fxv#54')]"
+        "[variables('$fxv#54')]",
+        "[variables('$fxv#55')]",
+        "[variables('$fxv#56')]",
+        "[variables('$fxv#57')]",
+        "[variables('$fxv#58')]"
+      ],
+      "AzureUSGovernment": [
+        "[variables('$fxv#59')]",
+        "[variables('$fxv#60')]",
+        "[variables('$fxv#61')]",
+        "[variables('$fxv#62')]",
+        "[variables('$fxv#63')]",
+        "[variables('$fxv#64')]",
+        "[variables('$fxv#65')]",
+        "[variables('$fxv#66')]",
+        "[variables('$fxv#67')]",
+        "[variables('$fxv#68')]",
+        "[variables('$fxv#69')]",
+        "[variables('$fxv#70')]",
+        "[variables('$fxv#71')]",
+        "[variables('$fxv#72')]",
+        "[variables('$fxv#73')]"
       ]
     },
     "policySetDefinitionsByCloudType": {
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.AzureChinaCloud.json
index 5cb86665e4..8b402911cb 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.AzureChinaCloud.json
@@ -1,5 +1,5 @@
 {
-  "name": "Deny-PublicPaaSEndpoints",
+  "name": "Deny-PublicPaaSEndpoints-AzureChinaCloud",
   "type": "Microsoft.Authorization/policySetDefinitions",
   "apiVersion": "2021-06-01",
   "scope": null,
@@ -20,7 +20,7 @@
         "type": "String",
         "metadata": {
           "displayName": "Public network access should be disabled for CosmosDB",
-          "description": "This policy denies that  Cosmos database accounts  are created with out public network access is disabled."
+          "description": "This policy denies that Cosmos database accounts  are created with out public network access is disabled."
         },
         "allowedValues": [
           "Audit",
@@ -85,7 +85,7 @@
         "type": "String",
         "metadata": {
           "displayName": "Public network access on Azure Container Registry disabled",
-          "description": "This policy denies the creation of Azure Container Registires with exposed public endpoints "
+          "description": "This policy denies the creation of Azure Container Registries with exposed public endpoints "
         },
         "allowedValues": [
           "Audit",
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.AzureChinaCloud.json
index 130a3b563d..f14b18081c 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.AzureChinaCloud.json
@@ -1,5 +1,5 @@
 {
-  "name": "Deploy-MDFC-Config",
+  "name": "Deploy-MDFC-Config-AzureChinaCloud",
   "type": "Microsoft.Authorization/policySetDefinitions",
   "apiVersion": "2021-06-01",
   "scope": null,
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json
index 11df0daf3f..fb1dbfce87 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json
@@ -1,5 +1,5 @@
 {
-  "name": "Deploy-Private-DNS-Zones",
+  "name": "Deploy-Private-DNS-Zones-AzureChinaCloud",
   "type": "Microsoft.Authorization/policySetDefinitions",
   "apiVersion": "2021-06-01",
   "scope": null,
@@ -178,15 +178,6 @@
           "description": "Private DNS Zone Identifier"
         }
       },
-      "azureWebPrivateDnsZoneId": {
-        "type": "string",
-        "defaultValue": "",
-        "metadata": {
-          "displayName": "azureWebPrivateDnsZoneId",
-          "strongType": "Microsoft.Network/privateDnsZones",
-          "description": "Private DNS Zone Identifier"
-        }
-      },
       "azureBatchPrivateDnsZoneId": {
         "type": "string",
         "defaultValue": "",
@@ -823,19 +814,6 @@
         },
         "groupNames": []
       },
-      {
-        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Web",
-        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a",
-        "parameters": {
-          "privateDnsZoneId": {
-            "value": "[[parameters('azureWebPrivateDnsZoneId')]"
-          },
-          "effect": {
-            "value": "[[parameters('effect')]"
-          }
-        },
-        "groupNames": []
-      },
       {
         "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Batch",
         "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8",
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.AzureChinaCloud.json
new file mode 100644
index 0000000000..4721094533
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.AzureChinaCloud.json
@@ -0,0 +1,912 @@
+{
+    "name": "Enforce-EncryptTransit_20240509",
+    "type": "Microsoft.Authorization/policySetDefinitions",
+    "apiVersion": "2021-06-01",
+    "scope": null,
+    "properties": {
+        "policyType": "Custom",
+        "displayName": "Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit",
+        "description": "Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. ",
+        "metadata": {
+            "version": "1.0.0",
+            "category": "Encryption",
+            "source": "https://github.com/Azure/Enterprise-Scale/",
+            "replacesPolicy": "Enforce-EncryptTransit",
+            "alzCloudEnvironments": [
+                "AzureChinaCloud"
+            ]
+        },
+        "parameters": {
+            "AppServiceHttpEffect": {
+                "type": "String",
+                "defaultValue": "Append",
+                "allowedValues": [
+                    "Append",
+                    "Disabled"
+                ],
+                "metadata": {
+                    "displayName": "App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below",
+                    "description": "Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny."
+                }
+            },
+            "AppServiceTlsVersionEffect": {
+                "type": "String",
+                "defaultValue": "Append",
+                "allowedValues": [
+                    "Append",
+                    "Disabled"
+                ],
+                "metadata": {
+                    "displayName": "App Service. Appends the AppService WebApp, APIApp, Function App to enable https only",
+                    "description": "App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny."
+                }
+            },
+            "AppServiceminTlsVersion": {
+                "type": "String",
+                "defaultValue": "1.2",
+                "allowedValues": [
+                    "1.2",
+                    "1.0",
+                    "1.1"
+                ],
+                "metadata": {
+                    "displayName": "App Service. Select version minimum TLS Web App config",
+                    "description": "App Service. Select version  minimum TLS version for a  Web App config to enforce"
+                }
+            },
+            "APIAppServiceHttpsEffect": {
+                "metadata": {
+                    "displayName": "App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.",
+                    "description": "Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks."
+                },
+                "type": "String",
+                "defaultValue": "Audit",
+                "allowedValues": [
+                    "Audit",
+                    "Disabled",
+                    "Deny"
+                ]
+            },
+            "FunctionLatestTlsEffect": {
+                "metadata": {
+                    "displayName": "App Service Function App. Latest TLS version should be used in your Function App",
+                    "description": "Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version."
+                },
+                "type": "String",
+                "defaultValue": "AuditIfNotExists",
+                "allowedValues": [
+                    "AuditIfNotExists",
+                    "Disabled"
+                ]
+            },
+            "FunctionServiceHttpsEffect": {
+                "metadata": {
+                    "displayName": "App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.",
+                    "description": "App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks."
+                },
+                "type": "String",
+                "defaultValue": "Audit",
+                "allowedValues": [
+                    "Audit",
+                    "Disabled",
+                    "Deny"
+                ]
+            },
+            "FunctionAppTlsEffect": {
+                "metadata": {
+                    "displayName": "App Service Function App. Configure Function apps to use the latest TLS version.",
+                    "description": "App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version."
+                },
+                "type": "string",
+                "defaultValue": "DeployIfNotExists",
+                "allowedValues": [
+                    "DeployIfNotExists",
+                    "Disabled"
+                ]
+            },
+            "LogicAppTlsEffect": {
+                "type": "string",
+                "defaultValue": "DeployIfNotExists",
+                "allowedValues": [
+                    "DeployIfNotExists",
+                    "Disabled"
+                ]
+            },
+            "WebAppServiceLatestTlsEffect": {
+                "metadata": {
+                    "displayName": "App Service Web App. Latest TLS version should be used in your Web App",
+                    "description": "Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version."
+                },
+                "type": "String",
+                "defaultValue": "AuditIfNotExists",
+                "allowedValues": [
+                    "AuditIfNotExists",
+                    "Disabled"
+                ]
+            },
+            "WebAppServiceHttpsEffect": {
+                "metadata": {
+                    "displayName": "App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.",
+                    "description": "Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks."
+                },
+                "type": "String",
+                "defaultValue": "Audit",
+                "allowedValues": [
+                    "Audit",
+                    "Disabled",
+                    "Deny"
+                ]
+            },
+            "AKSIngressHttpsOnlyEffect": {
+                "metadata": {
+                    "displayName": "AKS Service. Enforce HTTPS ingress in Kubernetes cluster",
+                    "description": "This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc."
+                },
+                "type": "String",
+                "defaultValue": "deny",
+                "allowedValues": [
+                    "audit",
+                    "deny",
+                    "disabled"
+                ]
+            },
+            "MySQLEnableSSLDeployEffect": {
+                "type": "String",
+                "defaultValue": "DeployIfNotExists",
+                "allowedValues": [
+                    "DeployIfNotExists",
+                    "Disabled"
+                ],
+                "metadata": {
+                    "displayName": "MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server",
+                    "description": "Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server."
+                }
+            },
+            "MySQLEnableSSLEffect": {
+                "metadata": {
+                    "displayName": "MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers",
+                    "description": "Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server."
+                },
+                "type": "String",
+                "defaultValue": "Audit",
+                "allowedValues": [
+                    "Audit",
+                    "Disabled",
+                    "Deny"
+                ]
+            },
+            "MySQLminimalTlsVersion": {
+                "type": "String",
+                "defaultValue": "TLS1_2",
+                "allowedValues": [
+                    "TLS1_2",
+                    "TLS1_0",
+                    "TLS1_1",
+                    "TLSEnforcementDisabled"
+                ],
+                "metadata": {
+                    "displayName": "MySQL database servers. Select version minimum TLS for MySQL server",
+                    "description": "Select version  minimum TLS version Azure Database for MySQL server to enforce"
+                }
+            },
+            "PostgreSQLEnableSSLDeployEffect": {
+                "type": "String",
+                "defaultValue": "DeployIfNotExists",
+                "allowedValues": [
+                    "DeployIfNotExists",
+                    "Disabled"
+                ],
+                "metadata": {
+                    "displayName": "PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server",
+                    "description": "Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server."
+                }
+            },
+            "PostgreSQLEnableSSLEffect": {
+                "metadata": {
+                    "displayName": "PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers",
+                    "description": "Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server."
+                },
+                "type": "String",
+                "defaultValue": "Audit",
+                "allowedValues": [
+                    "Audit",
+                    "Disabled",
+                    "Deny"
+                ]
+            },
+            "PostgreSQLminimalTlsVersion": {
+                "type": "String",
+                "defaultValue": "TLS1_2",
+                "allowedValues": [
+                    "TLS1_2",
+                    "TLS1_0",
+                    "TLS1_1",
+                    "TLSEnforcementDisabled"
+                ],
+                "metadata": {
+                    "displayName": "PostgreSQL database servers. Select version minimum TLS for MySQL server",
+                    "description": "PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce"
+                }
+            },
+            "RedisTLSDeployEffect": {
+                "type": "String",
+                "defaultValue": "Append",
+                "allowedValues": [
+                    "Append",
+                    "Disabled"
+                ],
+                "metadata": {
+                    "displayName": "Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis",
+                    "description": "Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server."
+                }
+            },
+            "RedisMinTlsVersion": {
+                "type": "String",
+                "defaultValue": "1.2",
+                "allowedValues": [
+                    "1.2",
+                    "1.0",
+                    "1.1"
+                ],
+                "metadata": {
+                    "displayName": "Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis",
+                    "description": "Select version  minimum TLS version for a Azure Cache for Redis to enforce"
+                }
+            },
+            "RedisTLSEffect": {
+                "metadata": {
+                    "displayName": "Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled",
+                    "description": "Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking."
+                },
+                "type": "String",
+                "defaultValue": "Audit",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "SQLManagedInstanceTLSDeployEffect": {
+                "type": "String",
+                "defaultValue": "DeployIfNotExists",
+                "allowedValues": [
+                    "DeployIfNotExists",
+                    "Disabled"
+                ],
+                "metadata": {
+                    "displayName": "Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers",
+                    "description": "Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server."
+                }
+            },
+            "SQLManagedInstanceMinTlsVersion": {
+                "type": "String",
+                "defaultValue": "1.2",
+                "allowedValues": [
+                    "1.2",
+                    "1.0",
+                    "1.1"
+                ],
+                "metadata": {
+                    "displayName": "Azure Managed Instance.Select version minimum TLS for Azure Managed Instance",
+                    "description": "Select version  minimum TLS version for Azure Managed Instanceto to  enforce"
+                }
+            },
+            "SQLManagedInstanceTLSEffect": {
+                "metadata": {
+                    "displayName": "SQL Managed Instance should have the minimal TLS version of 1.2",
+                    "description": "Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities."
+                },
+                "type": "String",
+                "defaultValue": "Audit",
+                "allowedValues": [
+                    "Audit",
+                    "Disabled",
+                    "Deny"
+                ]
+            },
+            "SQLServerTLSDeployEffect": {
+                "type": "String",
+                "defaultValue": "DeployIfNotExists",
+                "allowedValues": [
+                    "DeployIfNotExists",
+                    "Disabled"
+                ],
+                "metadata": {
+                    "displayName": "Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers",
+                    "description": "Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server."
+                }
+            },
+            "SQLServerminTlsVersion": {
+                "type": "String",
+                "defaultValue": "1.2",
+                "allowedValues": [
+                    "1.2",
+                    "1.0",
+                    "1.1"
+                ],
+                "metadata": {
+                    "displayName": "Azure SQL Database.Select version minimum TLS for Azure SQL Database",
+                    "description": "Select version  minimum TLS version for Azure SQL Database to enforce"
+                }
+            },
+            "SQLServerTLSEffect": {
+                "metadata": {
+                    "displayName": "Azure SQL Database should have the minimal TLS version of 1.2",
+                    "description": "Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities."
+                },
+                "type": "String",
+                "defaultValue": "Audit",
+                "allowedValues": [
+                    "Audit",
+                    "Disabled",
+                    "Deny"
+                ]
+            },
+            "StorageDeployHttpsEnabledEffect": {
+                "metadata": {
+                    "displayName": "Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled",
+                    "description": "Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking"
+                },
+                "type": "String",
+                "defaultValue": "DeployIfNotExists",
+                "allowedValues": [
+                    "DeployIfNotExists",
+                    "Disabled"
+                ]
+            },
+            "StorageminimumTlsVersion": {
+                "type": "String",
+                "defaultValue": "TLS1_2",
+                "allowedValues": [
+                    "TLS1_2",
+                    "TLS1_1",
+                    "TLS1_0"
+                ],
+                "metadata": {
+                    "displayName": "Storage Account select minimum TLS version",
+                    "description": "Select version  minimum TLS version on Azure Storage Account to enforce"
+                }
+            },
+            "logicAppHttpsEffect": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "appServiceAppsTls": {
+                "type": "string",
+                "defaultValue": "DeployIfNotExists",
+                "allowedValues": [
+                    "DeployIfNotExists",
+                    "Disabled"
+                ]
+            },
+            "functionAppSlotsTls": {
+                "type": "string",
+                "defaultValue": "DeployIfNotExists",
+                "allowedValues": [
+                    "DeployIfNotExists",
+                    "Disabled"
+                ]
+            },
+            "appServiceAppsHttps": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "appServiceTls": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "appServiceAppSlotTls": {
+                "type": "string",
+                "defaultValue": "DeployIfNotExists",
+                "allowedValues": [
+                    "DeployIfNotExists",
+                    "Disabled"
+                ]
+            },
+            "functionAppSlotsHttps": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "functionAppHttps": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "appServiceAppSlotsHttps": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "containerAppsHttps": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "eventHubMinTls": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "sqlManagedTlsVersion": {
+                "type": "string",
+                "defaultValue": "Audit",
+                "allowedValues": [
+                    "Audit",
+                    "Disabled"
+                ]
+            },
+            "sqlDbTls": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageAccountsTls": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "synapseTlsVersion": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            }
+        },
+        "policyDefinitions": [
+            {
+                "policyDefinitionReferenceId": "AppServiceHttpEffect",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('AppServiceHttpEffect')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "AppServiceminTlsVersion",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('AppServiceTlsVersionEffect')]"
+                    },
+                    "minTlsVersion": {
+                        "value": "[[parameters('AppServiceminTlsVersion')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "FunctionLatestTlsEffect",
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('FunctionLatestTlsEffect')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "WebAppServiceLatestTlsEffect",
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('WebAppServiceLatestTlsEffect')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "APIAppServiceHttpsEffect",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('APIAppServiceHttpsEffect')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "FunctionServiceHttpsEffect",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('FunctionServiceHttpsEffect')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "WebAppServiceHttpsEffect",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('WebAppServiceHttpsEffect')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "AKSIngressHttpsOnlyEffect",
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('AKSIngressHttpsOnlyEffect')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "MySQLEnableSSLDeployEffect",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('MySQLEnableSSLDeployEffect')]"
+                    },
+                    "minimalTlsVersion": {
+                        "value": "[[parameters('MySQLminimalTlsVersion')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "MySQLEnableSSLEffect",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('MySQLEnableSSLEffect')]"
+                    },
+                    "minimalTlsVersion": {
+                        "value": "[[parameters('MySQLminimalTlsVersion')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "PostgreSQLEnableSSLDeployEffect",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('PostgreSQLEnableSSLDeployEffect')]"
+                    },
+                    "minimalTlsVersion": {
+                        "value": "[[parameters('PostgreSQLminimalTlsVersion')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "PostgreSQLEnableSSLEffect",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('PostgreSQLEnableSSLEffect')]"
+                    },
+                    "minimalTlsVersion": {
+                        "value": "[[parameters('PostgreSQLminimalTlsVersion')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "RedisTLSDeployEffect",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('RedisTLSDeployEffect')]"
+                    },
+                    "minimumTlsVersion": {
+                        "value": "[[parameters('RedisMinTlsVersion')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "RedisdisableNonSslPort",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('RedisTLSDeployEffect')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "RedisDenyhttps",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('RedisTLSEffect')]"
+                    },
+                    "minimumTlsVersion": {
+                        "value": "[[parameters('RedisMinTlsVersion')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "SQLManagedInstanceTLSDeployEffect",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('SQLManagedInstanceTLSDeployEffect')]"
+                    },
+                    "minimalTlsVersion": {
+                        "value": "[[parameters('SQLManagedInstanceMinTlsVersion')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "SQLManagedInstanceTLSEffect",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('SQLManagedInstanceTLSEffect')]"
+                    },
+                    "minimalTlsVersion": {
+                        "value": "[[parameters('SQLManagedInstanceMinTlsVersion')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "SQLServerTLSDeployEffect",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('SQLServerTLSDeployEffect')]"
+                    },
+                    "minimalTlsVersion": {
+                        "value": "[[parameters('SQLServerminTlsVersion')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "SQLServerTLSEffect",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('SQLServerTLSEffect')]"
+                    },
+                    "minimalTlsVersion": {
+                        "value": "[[parameters('SQLServerminTlsVersion')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "StorageDeployHttpsEnabledEffect",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('StorageDeployHttpsEnabledEffect')]"
+                    },
+                    "minimumTlsVersion": {
+                        "value": "[[parameters('StorageMinimumTlsVersion')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "Dine-FunctionApp-Tls",
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('FunctionAppTlsEffect')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionReferenceId": "Deploy-LogicApp-TLS",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('LogicAppTlsEffect')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https",
+                "policyDefinitionReferenceId": "Deny-LogicApp-Without-Https",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('logicAppHttpsEffect')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063",
+                "policyDefinitionReferenceId": "Dine-Function-Apps-Slots-Tls",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('functionAppSlotsTls')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d",
+                "policyDefinitionReferenceId": "Dine-AppService-Apps-Tls",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('appServiceAppsTls')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d",
+                "policyDefinitionReferenceId": "Deny-AppService-Apps-Https",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('appServiceAppsHttps')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50",
+                "policyDefinitionReferenceId": "Deny-AppService-Tls",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('appServiceTls')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df",
+                "policyDefinitionReferenceId": "DINE-AppService-AppSlotTls",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('appServiceAppSlotTls')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71",
+                "policyDefinitionReferenceId": "Deny-FuncAppSlots-Https",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('functionAppSlotsHttps')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab",
+                "policyDefinitionReferenceId": "Deny-FunctionApp-Https",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('functionAppHttps')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc",
+                "policyDefinitionReferenceId": "Deny-AppService-Slots-Https",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('appServiceAppSlotsHttps')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb",
+                "policyDefinitionReferenceId": "Deny-ContainerApps-Https",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('containerAppsHttps')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS",
+                "policyDefinitionReferenceId": "Deny-EH-minTLS",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('eventHubMinTls')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4",
+                "policyDefinitionReferenceId": "Deny-Sql-Managed-Tls-Version",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('sqlManagedTlsVersion')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf",
+                "policyDefinitionReferenceId": "Deny-Sql-Db-Tls",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('sqlDbTls')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0",
+                "policyDefinitionReferenceId": "Deny-Storage-Tls",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageAccountsTls')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4",
+                "policyDefinitionReferenceId": "Deny-Synapse-Tls-Version",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('synapseTlsVersion')]"
+                    }
+                }
+            }
+        ],
+        "policyDefinitionGroups": null
+    }
+}
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.AzureChinaCloud.json
new file mode 100644
index 0000000000..64f2ef98e7
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.AzureChinaCloud.json
@@ -0,0 +1,116 @@
+{
+    "name": "Enforce-Guardrails-Automation",
+    "type": "Microsoft.Authorization/policySetDefinitions",
+    "apiVersion": "2021-06-01",
+    "scope": null,
+    "properties": {
+        "policyType": "Custom",
+        "displayName": "Enforce recommended guardrails for Automation Account",
+        "description": "This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.",
+        "metadata": {
+            "version": "1.0.0",
+            "category": "Automation",
+            "source": "https://github.com/Azure/Enterprise-Scale/",
+            "alzCloudEnvironments": [
+                "AzureChinaCloud"
+            ]
+        },
+        "parameters": {
+            "aaModifyLocalAuth": {
+                "type": "string",
+                "defaultValue": "Modify",
+                "allowedValues": [
+                    "Modify",
+                    "Disabled"
+                ]
+            },
+            "aaVariablesEncryption": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Disabled",
+                    "Deny"
+                ]
+            },
+            "aaLocalAuth": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Disabled",
+                    "Deny"
+                ]
+            },
+            "aaManagedIdentity": {
+                "type": "string",
+                "defaultValue": "Audit",
+                "allowedValues": [
+                    "Audit",
+                    "Disabled"
+                ]
+            },
+            "aaModifyPublicNetworkAccess": {
+                "type": "string",
+                "defaultValue": "Modify",
+                "allowedValues": [
+                    "Modify",
+                    "Disabled"
+                ]
+            }
+        },
+        "policyDefinitions": [
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0",
+                "policyDefinitionReferenceId": "Deny-Aa-Managed-Identity",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('aaManagedIdentity')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700",
+                "policyDefinitionReferenceId": "Deny-Aa-Local-Auth",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('aaLocalAuth')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735",
+                "policyDefinitionReferenceId": "Deny-Aa-Variables-Encrypt",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('aaVariablesEncryption')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81",
+                "policyDefinitionReferenceId": "Modify-Aa-Local-Auth",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('aaModifyLocalAUth')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c",
+                "policyDefinitionReferenceId": "Modify-Aa-Public-Network-Access",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('aaModifyPublicNetworkAccess')]"
+                    }
+                }
+            }
+        ],
+        "policyDefinitionGroups": null
+    }
+}
\ No newline at end of file
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.AzureChinaCloud.json
new file mode 100644
index 0000000000..20a559d4a5
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.AzureChinaCloud.json
@@ -0,0 +1,43 @@
+{
+    "name": "Enforce-Guardrails-ContainerApps",
+    "type": "Microsoft.Authorization/policySetDefinitions",
+    "apiVersion": "2021-06-01",
+    "scope": null,
+    "properties": {
+        "policyType": "Custom",
+        "displayName": "Enforce recommended guardrails for Container Apps",
+        "description": "This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.",
+        "metadata": {
+            "version": "1.0.0",
+            "category": "Container Apps",
+            "source": "https://github.com/Azure/Enterprise-Scale/",
+            "alzCloudEnvironments": [
+                "AzureChinaCloud"
+            ]
+        },
+        "parameters": {
+            "containerAppsManagedIdentity": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            }
+        },
+        "policyDefinitions": [
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7",
+                "policyDefinitionReferenceId": "Deny-ContainerApps-Managed-Identity",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('containerAppsManagedIdentity')]"
+                    }
+                }
+            }
+        ],
+        "policyDefinitionGroups": null
+    }
+}
\ No newline at end of file
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.AzureChinaCloud.json
new file mode 100644
index 0000000000..75d1d67960
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.AzureChinaCloud.json
@@ -0,0 +1,104 @@
+{
+    "name": "Enforce-Guardrails-CosmosDb",
+    "type": "Microsoft.Authorization/policySetDefinitions",
+    "apiVersion": "2021-06-01",
+    "scope": null,
+    "properties": {
+        "policyType": "Custom",
+        "displayName": "Enforce recommended guardrails for Cosmos DB",
+        "description": "This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.",
+        "metadata": {
+            "version": "1.0.0",
+            "category": "Cosmos DB",
+            "source": "https://github.com/Azure/Enterprise-Scale/",
+            "alzCloudEnvironments": [
+                "AzureChinaCloud"
+            ]
+        },
+        "parameters": {
+            "cosmosDbLocalAuth": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "cosmosDbFwRules": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "cosmosDbModifyLocalAuth": {
+                "type": "string",
+                "defaultValue": "Modify",
+                "allowedValues": [
+                    "Modify",
+                    "Disabled"
+                ]
+            },
+            "cosmosDbModifyPublicAccess": {
+                "type": "string",
+                "defaultValue": "Modify",
+                "allowedValues": [
+                    "Modify",
+                    "Disabled"
+                ]
+            }
+        },
+        "policyDefinitions": [
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049",
+                "policyDefinitionReferenceId": "Modify-CosmosDb-Local-Auth",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('cosmosDbModifyLocalAuth')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb",
+                "policyDefinitionReferenceId": "Deny-CosmosDb-Fw-Rules",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('cosmosDbFwRules')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2",
+                "policyDefinitionReferenceId": "Deny-CosmosDb-Local-Auth",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('cosmosDbLocalAuth')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5",
+                "policyDefinitionReferenceId": "Append-CosmosDb-Metadata",
+                "groupNames": [],
+                "parameters": {}
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088",
+                "policyDefinitionReferenceId": "Modify-CosmosDb-Public-Network-Access",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('cosmosDbModifyPublicAccess')]"
+                    }
+                }
+            }
+        ],
+        "policyDefinitionGroups": null
+    }
+}
\ No newline at end of file
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.AzureChinaCloud.json
new file mode 100644
index 0000000000..7fad9290da
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.AzureChinaCloud.json
@@ -0,0 +1,42 @@
+{
+    "name": "Enforce-Guardrails-KeyVault-Sup",
+    "type": "Microsoft.Authorization/policySetDefinitions",
+    "apiVersion": "2021-06-01",
+    "scope": null,
+    "properties": {
+        "policyType": "Custom",
+        "displayName": "Enforce additional recommended guardrails for Key Vault",
+        "description": "This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones.",
+        "metadata": {
+            "version": "1.0.0",
+            "category": "Key Vault",
+            "source": "https://github.com/Azure/Enterprise-Scale/",
+            "alzCloudEnvironments": [
+                "AzureChinaCloud"
+            ]
+        },
+        "parameters": {
+            "keyVaultModifyFw": {
+                "type": "string",
+                "defaultValue": "Modify",
+                "allowedValues": [
+                    "Modify",
+                    "Disabled"
+                ]
+            }
+        },
+        "policyDefinitions": [
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc",
+                "policyDefinitionReferenceId": "Modify-KV-Fw",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keyVaultModifyFw')]"
+                    }
+                }
+            }
+        ],
+        "policyDefinitionGroups": null
+    }
+}
\ No newline at end of file
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json
new file mode 100644
index 0000000000..e4d94be21c
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json
@@ -0,0 +1,759 @@
+{
+    "name": "Enforce-Guardrails-KeyVault",
+    "type": "Microsoft.Authorization/policySetDefinitions",
+    "apiVersion": "2021-06-01",
+    "scope": null,
+    "properties": {
+        "policyType": "Custom",
+        "displayName": "Enforce recommended guardrails for Azure Key Vault",
+        "description": "Enforce recommended guardrails for Azure Key Vault.",
+        "metadata": {
+            "version": "2.0.0",
+            "category": "Key Vault",
+            "source": "https://github.com/Azure/Enterprise-Scale/",
+            "alzCloudEnvironments": [
+                "AzureChinaCloud"
+            ]
+        },
+        "parameters": {
+            "effectKvSoftDelete": {
+                "type": "String",
+                "metadata": {
+                    "displayName": "Effect",
+                    "description": "Enable or disable the execution of the policy"
+                },
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ],
+                "defaultValue": "Deny"
+            },
+            "effectKvPurgeProtection": {
+                "type": "String",
+                "metadata": {
+                    "displayName": "Effect",
+                    "description": "Enable or disable the execution of the policy"
+                },
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ],
+                "defaultValue": "Deny"
+            },
+            "effectKvSecretsExpire": {
+                "type": "String",
+                "metadata": {
+                    "displayName": "Effect",
+                    "description": "Enable or disable the execution of the policy"
+                },
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ],
+                "defaultValue": "Audit"
+            },
+            "effectKvKeysExpire": {
+                "type": "String",
+                "metadata": {
+                    "displayName": "Effect",
+                    "description": "Enable or disable the execution of the policy"
+                },
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ],
+                "defaultValue": "Audit"
+            },
+            "effectKvFirewallEnabled": {
+                "type": "String",
+                "metadata": {
+                    "displayName": "Effect",
+                    "description": "Enable or disable the execution of the policy"
+                },
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ],
+                "defaultValue": "Audit"
+            },
+            "effectKvCertLifetime": {
+                "type": "String",
+                "metadata": {
+                    "displayName": "Effect",
+                    "description": "Enable or disable the execution of the policy"
+                },
+                "allowedValues": [
+                    "audit",
+                    "Audit",
+                    "deny",
+                    "Deny",
+                    "disabled",
+                    "Disabled"
+                ],
+                "defaultValue": "Audit"
+            },
+            "maximumCertLifePercentageLife": {
+                "type": "Integer",
+                "metadata": {
+                    "displayName": "The maximum lifetime percentage",
+                    "description": "Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'."
+                },
+                "defaultValue": 80
+            },
+            "minimumCertLifeDaysBeforeExpiry": {
+                "type": "Integer",
+                "metadata": {
+                    "displayName": "The minimum days before expiry",
+                    "description": "Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'."
+                },
+                "defaultValue": 90
+            },
+            "effectKvKeysLifetime": {
+                "type": "String",
+                "metadata": {
+                    "displayName": "Effect",
+                    "description": "Enable or disable the execution of the policy"
+                },
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ],
+                "defaultValue": "Audit"
+            },
+            "minimumKeysLifeDaysBeforeExpiry": {
+                "type": "Integer",
+                "metadata": {
+                    "displayName": "The minimum days before expiry",
+                    "description": "Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'."
+                },
+                "defaultValue": 90
+            },
+            "effectKvSecretsLifetime": {
+                "type": "String",
+                "metadata": {
+                    "displayName": "Effect",
+                    "description": "Enable or disable the execution of the policy"
+                },
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ],
+                "defaultValue": "Audit"
+            },
+            "minimumSecretsLifeDaysBeforeExpiry": {
+                "type": "Integer",
+                "metadata": {
+                    "displayName": "The minimum days before expiry",
+                    "description": "Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'."
+                },
+                "defaultValue": 90
+            },
+            "keyVaultCheckMinimumRSACertificateSize": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "audit",
+                    "Audit",
+                    "deny",
+                    "Deny",
+                    "disabled",
+                    "Disabled"
+                ]
+            },
+            "keyVaultMinimumRSACertificateSizeValue": {
+                "type": "integer",
+                "defaultValue": 2048,
+                "allowedValues": [
+                    2048,
+                    3072,
+                    4096
+                ]
+            },
+            "keyVaultCheckMinimumRSAKeySize": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "keyVaultMinimumRSAKeySizeValue": {
+                "type": "integer",
+                "defaultValue": 2048,
+                "allowedValues": [
+                    2048,
+                    3072,
+                    4096
+                ]
+            },
+            "keyVaultArmRbac": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "keyVaultHmsPurgeProtection": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "keyVaultCertificatesPeriod": {
+                "type": "string",
+                "defaultValue": "Disabled",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "keyVaultCertValidPeriod": {
+                "type": "integer",
+                "defaultValue": 12
+            },
+            "keyVaultHmsKeysExpiration": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "keysValidPeriod": {
+                "type": "string",
+                "defaultValue": "Disabled",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "keysValidityInDays": {
+                "type": "integer",
+                "defaultValue": 90
+            },
+            "secretsValidPeriod": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "secretsValidityInDays": {
+                "type": "integer",
+                "defaultValue": 90
+            },
+            "keyVaultCertKeyTypes": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "audit",
+                    "Audit",
+                    "deny",
+                    "Deny",
+                    "disabled",
+                    "Disabled"
+                ]
+            },
+            "keyVaultEllipticCurve": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "audit",
+                    "Audit",
+                    "deny",
+                    "Deny",
+                    "disabled",
+                    "Disabled"
+                ]
+            },
+            "keyVaultCryptographicType": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "keysActive": {
+                "type": "string",
+                "defaultValue": "Disabled",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "keysActiveInDays": {
+                "type": "integer",
+                "defaultValue": 90
+            },
+            "keysCurveNames": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "secretsActiveInDays": {
+                "type": "integer",
+                "defaultValue": 90
+            },
+            "secretsActive": {
+                "type": "string",
+                "defaultValue": "Disabled",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "keyVaultSecretContentType": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "keyVaultNonIntegratedCa": {
+                "type": "string",
+                "defaultValue": "Disabled",
+                "allowedValues": [
+                    "audit",
+                    "Audit",
+                    "deny",
+                    "Deny",
+                    "disabled",
+                    "Disabled"
+                ]
+            },
+            "keyVaultNonIntegratedCaValue": {
+                "type": "string",
+                "defaultValue": "",
+                "metadata": {
+                    "displayName": "The common name of the certificate authority",
+                    "description": "The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso"
+                }
+            },
+            "keyVaultIntegratedCa": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "audit",
+                    "Audit",
+                    "deny",
+                    "Deny",
+                    "disabled",
+                    "Disabled"
+                ]
+            },
+            "keyVaultIntegratedCaValue": {
+                "type": "array",
+                "defaultValue": [
+                    "DigiCert",
+                    "GlobalSign"
+                ]
+            },
+            "keyVaultHsmMinimumDaysBeforeExpiration": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "keyVaultHsmMinimumDaysBeforeExpirationValue": {
+                "type": "integer",
+                "defaultValue": 90
+            },
+            "keyVaultHmsCurveNames": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "keyVaultHmsCurveNamesValue": {
+                "type": "array",
+                "defaultValue": [
+                    "P-256",
+                    "P-256K",
+                    "P-384",
+                    "P-521"
+                ]
+            },
+            "keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "audit",
+                    "Audit",
+                    "deny",
+                    "Deny",
+                    "disabled",
+                    "Disabled"
+                ]
+            },
+            "keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue": {
+                "type": "integer",
+                "defaultValue": 90
+            }
+        },
+        "policyDefinitions": [
+            {
+                "policyDefinitionReferenceId": "KvSoftDelete",
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('effectKvSoftDelete')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "KvPurgeProtection",
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('effectKvPurgeProtection')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "KvSecretsExpire",
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('effectKvSecretsExpire')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "KvKeysExpire",
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('effectKvKeysExpire')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "KvFirewallEnabled",
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('effectKvFirewallEnabled')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "KvCertLifetime",
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('effectKvCertLifetime')]"
+                    },
+                    "maximumPercentageLife": {
+                        "value": "[[parameters('maximumCertLifePercentageLife')]"
+                    },
+                    "minimumDaysBeforeExpiry": {
+                        "value": "[[parameters('minimumCertLifeDaysBeforeExpiry')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "KvKeysLifetime",
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('effectKvKeysLifetime')]"
+                    },
+                    "minimumDaysBeforeExpiration": {
+                        "value": "[[parameters('minimumKeysLifeDaysBeforeExpiry')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "KvSecretsLifetime",
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('effectKvSecretsLifetime')]"
+                    },
+                    "minimumDaysBeforeExpiration": {
+                        "value": "[[parameters('minimumSecretsLifeDaysBeforeExpiry')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0",
+                "policyDefinitionReferenceId": "Deny-KV-RSA-Keys-without-MinCertSize",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keyVaultCheckMinimumRSACertificateSize')]"
+                    },
+                    "minimumRSAKeySize": {
+                        "value": "[[parameters('keyVaultMinimumRSACertificateSizeValue')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9",
+                "policyDefinitionReferenceId": "Deny-KV-RSA-Keys-without-MinKeySize",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keyVaultCheckMinimumRSAKeySize')]"
+                    },
+                    "minimumRSAKeySize": {
+                        "value": "[[parameters('keyVaultMinimumRSAKeySizeValue')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5",
+                "policyDefinitionReferenceId": "Deny-KV-without-ArmRbac",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keyVaultArmRbac')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383",
+                "policyDefinitionReferenceId": "Deny-KV-Hms-PurgeProtection",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keyVaultHmsPurgeProtection')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560",
+                "policyDefinitionReferenceId": "Deny-KV-Cert-Period",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keyVaultCertificatesPeriod')]"
+                    },
+                    "maximumValidityInMonths": {
+                        "value": "[[parameters('keyVaultCertValidPeriod')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5",
+                "policyDefinitionReferenceId": "Deny-KV-Hms-Key-Expire",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keyVaultHmsKeysExpiration')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9",
+                "policyDefinitionReferenceId": "Deny-KV-Keys-Expire",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keysValidPeriod')]"
+                    },
+                    "maximumValidityInDays": {
+                        "value": "[[parameters('keysValidityInDays')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f",
+                "policyDefinitionReferenceId": "Deny-KV-Secrets-ValidityDays",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('secretsValidPeriod')]"
+                    },
+                    "maximumValidityInDays": {
+                        "value": "[[parameters('secretsValidityInDays')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f",
+                "policyDefinitionReferenceId": "Deny-KV-Key-Types",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keyVaultCertKeyTypes')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf",
+                "policyDefinitionReferenceId": "Deny-KV-Elliptic-Curve",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keyVaultEllipticCurve')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb",
+                "policyDefinitionReferenceId": "Deny-KV-Cryptographic-Type",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keyVaultCryptographicType')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9",
+                "policyDefinitionReferenceId": "Deny-KV-Key-Active",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keysActive')]"
+                    },
+                    "maximumValidityInDays": {
+                        "value": "[[parameters('keysActiveInDays')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255",
+                "policyDefinitionReferenceId": "Deny-KV-Curve-Names",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keysCurveNames')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe",
+                "policyDefinitionReferenceId": "Deny-KV-Secret-ActiveDays",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('secretsActive')]"
+                    },
+                    "maximumValidityInDays": {
+                        "value": "[[parameters('secretsActiveInDays')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3",
+                "policyDefinitionReferenceId": "Deny-Kv-Secret-Content-Type",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keyVaultSecretContentType')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341",
+                "policyDefinitionReferenceId": "Deny-Kv-Non-Integrated-Ca",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keyVaultNonIntegratedCa')]"
+                    },
+                    "caCommonName": {
+                        "value": "[[parameters('keyVaultNonIntegratedCaValue')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82",
+                "policyDefinitionReferenceId": "Deny-Kv-Integrated-Ca",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keyVaultIntegratedCa')]"
+                    },
+                    "allowedCAs": {
+                        "value": "[[parameters('keyVaultIntegratedCaValue')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653",
+                "policyDefinitionReferenceId": "Deny-Kv-Hsm-MinimumDays-Before-Expiration",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]"
+                    },
+                    "minimumDaysBeforeExpiration": {
+                        "value": "[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e",
+                "policyDefinitionReferenceId": "Deny-Kv-Hsm-Curve-Names",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keyVaultHmsCurveNames')]"
+                    },
+                    "allowedECNames": {
+                        "value": "[[parameters('keyVaultHmsCurveNamesValue')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427",
+                "policyDefinitionReferenceId": "Deny-Kv-Cert-Expiration-Within-Specific-Number-Days",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]"
+                    },
+                    "daysToExpire": {
+                        "value": "[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]"
+                    }
+                }
+            }
+        ],
+        "policyDefinitionGroups": null
+    }
+}
\ No newline at end of file
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.AzureChinaCloud.json
new file mode 100644
index 0000000000..056597a6e3
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.AzureChinaCloud.json
@@ -0,0 +1,42 @@
+{
+    "name": "Enforce-Guardrails-MySQL",
+    "type": "Microsoft.Authorization/policySetDefinitions",
+    "apiVersion": "2021-06-01",
+    "scope": null,
+    "properties": {
+        "policyType": "Custom",
+        "displayName": "Enforce recommended guardrails for MySQL",
+        "description": "This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.",
+        "metadata": {
+            "version": "1.0.0",
+            "category": "MySQL",
+            "source": "https://github.com/Azure/Enterprise-Scale/",
+            "alzCloudEnvironments": [
+                "AzureChinaCloud"
+            ]
+        },
+        "parameters": {
+            "mySqlAdvThreatProtection": {
+                "type": "string",
+                "defaultValue": "DeployIfNotExists",
+                "allowedValues": [
+                    "DeployIfNotExists",
+                    "Disabled"
+                ]
+            }
+        },
+        "policyDefinitions": [
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816",
+                "policyDefinitionReferenceId": "Dine-MySql-Adv-Threat-Protection",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('mySqlAdvThreatProtection')]"
+                    }
+                }
+            }
+        ],
+        "policyDefinitionGroups": null
+    }
+}
\ No newline at end of file
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json
new file mode 100644
index 0000000000..a71ae0df23
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json
@@ -0,0 +1,504 @@
+{
+    "name": "Enforce-Guardrails-Network",
+    "type": "Microsoft.Authorization/policySetDefinitions",
+    "apiVersion": "2021-06-01",
+    "scope": null,
+    "properties": {
+        "policyType": "Custom",
+        "displayName": "Enforce recommended guardrails for Network and Networking services",
+        "description": "This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.",
+        "metadata": {
+            "version": "1.0.0",
+            "category": "Network",
+            "source": "https://github.com/Azure/Enterprise-Scale/",
+            "alzCloudEnvironments": [
+                "AzureChinaCloud"
+            ]
+        },
+        "parameters": {
+            "subnetUdr": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "subnetNsg": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "subnetServiceEndpoint": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "appGwWaf": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "vnetModifyDdos": {
+                "type": "string",
+                "defaultValue": "Modify"
+            },
+            "ddosPlanResourceId": {
+                "type": "string",
+                "defaultValue": ""
+            },
+            "wafMode": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "wafModeRequirement": {
+                "type": "string",
+                "defaultValue": "Prevention"
+            },
+            "wafFwRules": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "wafModeAppGw": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "wafModeAppGwRequirement": {
+                "type": "string",
+                "defaultValue": "Prevention"
+            },
+            "denyMgmtFromInternet": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "denyMgmtFromInternetPorts": {
+                "type": "Array",
+                "metadata": {
+                    "displayName": "Ports",
+                    "description": "Ports to be blocked"
+                },
+                "defaultValue": [
+                    "22",
+                    "3389"
+                ]
+            },
+            "afwEnbaleTlsForAllAppRules": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "afwEnableTlsInspection": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "afwEmptyIDPSBypassList": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "afwEnableAllIDPSSignatureRules": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "afwEnableIDPS": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "vpnAzureAD": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "appGwTlsVersion": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "modifyUdr": {
+                "type": "string",
+                "defaultValue": "Disabled"
+            },
+            "modifyUdrNextHopIpAddress": {
+                "type": "string",
+                "defaultValue": ""
+            },
+            "modifyUdrNextHopType": {
+                "type": "string",
+                "defaultValue": "None"
+            },
+            "modifyUdrAddressPrefix": {
+                "type": "string",
+                "defaultValue": "0.0.0.0/0"
+            },
+            "modifyNsg": {
+                "type": "string",
+                "defaultValue": "Disabled",
+                "allowedValues": [
+                    "Modify",
+                    "Disabled"
+                ]
+            },
+            "modifyNsgRuleName": {
+                "type": "string",
+                "defaultValue": "DenyAnyInternetOutbound"
+            },
+            "modifyNsgRulePriority": {
+                "type": "integer",
+                "defaultValue": 1000
+            },
+            "modifyNsgRuleDirection": {
+                "type": "string",
+                "defaultValue": "Outbound"
+            },
+            "modifyNsgRuleAccess": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "modifyNsgRuleProtocol": {
+                "type": "string",
+                "defaultValue": "*"
+            },
+            "modifyNsgRuleSourceAddressPrefix": {
+                "type": "string",
+                "defaultValue": "*"
+            },
+            "modifyNsgRuleSourcePortRange": {
+                "type": "string",
+                "defaultValue": "*"
+            },
+            "modifyNsgRuleDestinationAddressPrefix": {
+                "type": "string",
+                "defaultValue": "Internet"
+            },
+            "modifyNsgRuleDestinationPortRange": {
+                "type": "string",
+                "defaultValue": "*"
+            },
+            "modifyNsgRuleDescription": {
+                "type": "string",
+                "defaultValue": "Deny any outbound traffic to the Internet"
+            }
+        },
+        "policyDefinitions": [
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010",
+                "policyDefinitionReferenceId": "Deny-Nsg-GW-subnet",
+                "groupNames": [],
+                "parameters": {}
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7",
+                "policyDefinitionReferenceId": "Deny-VPN-AzureAD",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('vpnAzureAD')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a",
+                "policyDefinitionReferenceId": "Deny-Waf-IDPS",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('afwEnableIDPS')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5",
+                "policyDefinitionReferenceId": "Deny-FW-AllIDPSS",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('afwEnableAllIDPSSignatureRules')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50",
+                "policyDefinitionReferenceId": "Deny-FW-EmpIDPSBypass",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('afwEmptyIDPSBypassList')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17",
+                "policyDefinitionReferenceId": "Deny-FW-TLS-Inspection",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('afwEnableTlsInspection')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596",
+                "policyDefinitionReferenceId": "Deny-FW-TLS-AllApp",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('afwEnbaleTlsForAllAppRules')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096",
+                "policyDefinitionReferenceId": "Deny-Waf-AppGw-mode",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('wafModeAppGw')]"
+                    },
+                    "modeRequirement": {
+                        "value": "[[parameters('wafModeAppGwRequirement')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d",
+                "policyDefinitionReferenceId": "Deny-Waf-Fw-rules",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('wafFwRules')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8",
+                "policyDefinitionReferenceId": "Deny-Waf-mode",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('wafMode')]"
+                    },
+                    "modeRequirement": {
+                        "value": "[[parameters('wafModeRequirement')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d",
+                "policyDefinitionReferenceId": "Modify-vNet-DDoS",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('vnetModifyDdos')]"
+                    },
+                    "ddosPlan": {
+                        "value": "[[parameters('ddosPlanResourceId')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900",
+                "policyDefinitionReferenceId": "Deny-Ip-Forwarding",
+                "groupNames": [],
+                "parameters": {}
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114",
+                "policyDefinitionReferenceId": "Deny-vNic-Pip",
+                "groupNames": [],
+                "parameters": {}
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66",
+                "policyDefinitionReferenceId": "Deny-AppGw-Without-Waf",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('appGwWaf')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr",
+                "policyDefinitionReferenceId": "Deny-Subnet-Without-Udr",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('subnetUdr')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg",
+                "policyDefinitionReferenceId": "Deny-Subnet-Without-NSG",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('subnetNsg')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints",
+                "policyDefinitionReferenceId": "Deny-Subnet-with-Service-Endpoints",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('subnetServiceEndpoint')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet",
+                "policyDefinitionReferenceId": "Deny-Mgmt-From-Internet",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('denyMgmtFromInternet')]"
+                    },
+                    "ports": {
+                        "value": "[[parameters('denyMgmtFromInternetPorts')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls",
+                "policyDefinitionReferenceId": "Deny-AppGw-Without-Tls",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('appGwTlsVersion')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR",
+                "policyDefinitionReferenceId": "Modify-Udr",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('modifyUdr')]"
+                    },
+                    "nextHopIpAddress": {
+                        "value": "[[parameters('modifyUdrNextHopIpAddress')]"
+                    },
+                    "nextHopType": {
+                        "value": "[[parameters('modifyUdrNextHopType')]"
+                    },
+                    "addressPrefix": {
+                        "value": "[[parameters('modifyUdrAddressPrefix')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG",
+                "policyDefinitionReferenceId": "Modify-Nsg",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('modifyNsg')]"
+                    },
+                    "nsgRuleName": {
+                        "value": "[[parameters('modifyNsgRuleName')]"
+                    },
+                    "nsgRulePriority": {
+                        "value": "[[parameters('modifyNsgRulePriority')]"
+                    },
+                    "nsgRuleDirection": {
+                        "value": "[[parameters('modifyNsgRuleDirection')]"
+                    },
+                    "nsgRuleAccess": {
+                        "value": "[[parameters('modifyNsgRuleAccess')]"
+                    },
+                    "nsgRuleProtocol": {
+                        "value": "[[parameters('modifyNsgRuleProtocol')]"
+                    },
+                    "nsgRuleSourceAddressPrefix": {
+                        "value": "[[parameters('modifyNsgRuleSourceAddressPrefix')]"
+                    },
+                    "nsgRuleSourcePortRange": {
+                        "value": "[[parameters('modifyNsgRuleSourcePortRange')]"
+                    },
+                    "nsgRuleDestinationAddressPrefix": {
+                        "value": "[[parameters('modifyNsgRuleDestinationAddressPrefix')]"
+                    },
+                    "nsgRuleDestinationPortRange": {
+                        "value": "[[parameters('modifyNsgRuleDestinationPortRange')]"
+                    },
+                    "nsgRuleDescription": {
+                        "value": "[[parameters('modifyNsgRuleDescription')]"
+                    }
+                }
+            }
+        ],
+        "policyDefinitionGroups": null
+    }
+}
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.AzureChinaCloud.json
new file mode 100644
index 0000000000..e43decc9d1
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.AzureChinaCloud.json
@@ -0,0 +1,443 @@
+{
+    "name": "Enforce-Guardrails-Storage",
+    "type": "Microsoft.Authorization/policySetDefinitions",
+    "apiVersion": "2021-06-01",
+    "scope": null,
+    "properties": {
+        "policyType": "Custom",
+        "displayName": "Enforce recommended guardrails for Storage Account",
+        "description": "This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.",
+        "metadata": {
+            "version": "1.0.0",
+            "category": "Storage",
+            "source": "https://github.com/Azure/Enterprise-Scale/",
+            "alzCloudEnvironments": [
+                "AzureChinaCloud"
+            ]
+        },
+        "parameters": {
+            "storageKeysExpiration": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageAccountNetworkRules": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageAccountRestrictNetworkRules": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageClassicToArm": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageAccountsInfraEncryption": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageAccountSharedKey": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageAccountsCrossTenant": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageAccountsDoubleEncryption": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageAccountsCopyScope": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageAccountsAllowedCopyScope": {
+                "type": "string",
+                "defaultValue": "AAD"
+            },
+            "storageServicesEncryption": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageLocalUser": {
+                "type": "string",
+                "defaultValue": "Disabled",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageSftp": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageNetworkAclsBypass": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageAllowedNetworkAclsBypass": {
+                "type": "array",
+                "defaultValue": [
+                    "None"
+                ]
+            },
+            "storageResourceAccessRulesTenantId": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageResourceAccessRulesResourceId": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageNetworkAclsVirtualNetworkRules": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageContainerDeleteRetentionPolicy": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageMinContainerDeleteRetentionInDays": {
+                "type": "Integer",
+                "defaultValue": 7
+            },
+            "storageCorsRules": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "modifyStorageFileSyncPublicEndpoint": {
+                "type": "string",
+                "defaultValue": "Modify",
+                "allowedValues": [
+                    "Modify",
+                    "Disabled"
+                ]
+            },
+            "modifyStorageAccountPublicEndpoint": {
+                "type": "string",
+                "defaultValue": "Modify",
+                "allowedValues": [
+                    "Modify",
+                    "Disabled"
+                ]
+            },
+            "storageAccountsModifyDisablePublicNetworkAccess": {
+                "type": "string",
+                "defaultValue": "Modify",
+                "allowedValues": [
+                    "Modify",
+                    "Disabled"
+                ]
+            }
+        },
+        "policyDefinitions": [
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope",
+                "policyDefinitionReferenceId": "Deny-Storage-CopyScope",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageAccountsCopyScope')]"
+                    },
+                    "allowedCopyScope": {
+                        "value": "[[parameters('storageAccountsAllowedCopyScope')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption",
+                "policyDefinitionReferenceId": "Deny-Storage-ServicesEncryption",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageServicesEncryption')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser",
+                "policyDefinitionReferenceId": "Deny-Storage-LocalUser",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageLocalUser')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP",
+                "policyDefinitionReferenceId": "Deny-Storage-SFTP",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageSftp')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass",
+                "policyDefinitionReferenceId": "Deny-Storage-NetworkAclsBypass",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageNetworkAclsBypass')]"
+                    },
+                    "allowedBypassOptions": {
+                        "value": "[[parameters('storageAllowedNetworkAclsBypass')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId",
+                "policyDefinitionReferenceId": "Deny-Storage-ResourceAccessRulesTenantId",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageResourceAccessRulesTenantId')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId",
+                "policyDefinitionReferenceId": "Deny-Storage-ResourceAccessRulesResourceId",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageResourceAccessRulesResourceId')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules",
+                "policyDefinitionReferenceId": "Deny-Storage-NetworkAclsVirtualNetworkRules",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageNetworkAclsVirtualNetworkRules')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy",
+                "policyDefinitionReferenceId": "Deny-Storage-ContainerDeleteRetentionPolicy",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageContainerDeleteRetentionPolicy')]"
+                    },
+                    "minContainerDeleteRetentionInDays": {
+                        "value": "[[parameters('storageMinContainerDeleteRetentionInDays')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules",
+                "policyDefinitionReferenceId": "Deny-Storage-CorsRules",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageCorsRules')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d",
+                "policyDefinitionReferenceId": "Deny-Storage-Account-Encryption",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageAccountsDoubleEncryption')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312",
+                "policyDefinitionReferenceId": "Deny-Storage-Cross-Tenant",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageAccountsCrossTenant')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54",
+                "policyDefinitionReferenceId": "Deny-Storage-Shared-Key",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageAccountSharedKey')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a",
+                "policyDefinitionReferenceId": "Deny-Storage-Infra-Encryption",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageAccountsInfraEncryption')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606",
+                "policyDefinitionReferenceId": "Deny-Storage-Classic",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageClassicToArm')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c",
+                "policyDefinitionReferenceId": "Deny-Storage-Restrict-NetworkRules",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageAccountRestrictNetworkRules')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f",
+                "policyDefinitionReferenceId": "Deny-Storage-NetworkRules",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageAccountNetworkRules')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537",
+                "policyDefinitionReferenceId": "Deny-Storage-Account-Keys-Expire",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageKeysExpiration')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b",
+                "policyDefinitionReferenceId": "Modify-Storage-FileSync-PublicEndpoint",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('modifyStorageFileSyncPublicEndpoint')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b",
+                "policyDefinitionReferenceId": "Modify-Blob-Storage-Account-PublicEndpoint",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('modifyStorageAccountPublicEndpoint')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d",
+                "policyDefinitionReferenceId": "Modify-Storage-Account-PublicEndpoint",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]"
+                    }
+                }
+            }
+        ],
+        "policyDefinitionGroups": null
+    }
+}
diff --git a/src/templates/initiatives.bicep b/src/templates/initiatives.bicep
index 0e48249b93..412f0e6a6b 100644
--- a/src/templates/initiatives.bicep
+++ b/src/templates/initiatives.bicep
@@ -17,7 +17,7 @@ var cloudEnv = environment().name
 // Default deployment locations used in templates
 var defaultDeploymentLocationByCloudType = {
   AzureCloud: 'northeurope'
-  AzureChinaCloud: 'chinaeast2'
+  AzureChinaCloud: 'chinanorth3' //change to chinanorth3 as it's the most frequent scenario
   AzureUSGovernment: 'usgovvirginia'
 }
 
@@ -37,31 +37,21 @@ var loadPolicySetDefinitions = {
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Audit-TrustedLaunch.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Sql-Security.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Sql-Security_20240529.json')
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit.json')
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.json')
-
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Sandbox.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/DenyAction-DeleteProtection.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-AUM-CheckUpdates.json')
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-APIM.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-AppServices.json') // FSI specific initiative
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CognitiveServices.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Compute.json') // FSI specific initiative
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerInstance.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerRegistry.json') // FSI specific initiative
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-DataExplorer.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-DataFactory.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-EventGrid.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-EventHub.json') // FSI specific initiative
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Kubernetes.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MachineLearning.json') // FSI specific initiative
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.json') // FSI specific initiative
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-OpenAI.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-PostgreSQL.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ServiceBus.json') // FSI specific initiative
@@ -81,13 +71,32 @@ var loadPolicySetDefinitions = {
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-DefenderSQL-AMA.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Backup.json') // Unable to validate if all Azure Site Recovery features are working in other clouds
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json') // Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit.json') // Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.json') // Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json') // Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+
   ]
   AzureChinaCloud: [
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.AzureChinaCloud.json') // Due to missing built-in Policy Definitions ()
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics.AzureChinaCloud.json') // Due to missing "Deploy-Diagnostics-AVDScalingPlans" custom Policy Definition
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (44433aa3-7ec2-4002-93ea-65c65ff0310a, 50ea7265-7d8c-429e-9a7d-ca1f410191c3, b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d, 74c30959-af11-47b3-9ed2-a26e03f427a3, 1f725891-01c0-420a-9059-4fa46cb770b7, 2370a3c1-4a25-4283-a91a-c9c1a145fb2f, b7021b2b-08fd-4dc0-9de7-3c6ece09faf9, b99b73e7-074b-4089-9395-b7236f094491)
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json') // Due to missing built-in Policy Definitions ()
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.AzureChinaCloud.json') // *DONE*Due to missing built-in Policy Definitions (5e8168db-69e3-4beb-9822-57cb59202a9d, 955a914f-bf86-4f0e-acd5-e0766b0efcb6, etc)
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics.AzureChinaCloud.json') //*???It's deprecated and replaced by build-in*Due to missing "Deploy-Diagnostics-AVDScalingPlans" custom Policy Definition
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.AzureChinaCloud.json') // *DONE*Due to missing built-in Policy Definitions (44433aa3-7ec2-4002-93ea-65c65ff0310a, 50ea7265-7d8c-429e-9a7d-ca1f410191c3, b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d, 74c30959-af11-47b3-9ed2-a26e03f427a3, 1f725891-01c0-420a-9059-4fa46cb770b7, 2370a3c1-4a25-4283-a91a-c9c1a145fb2f, b7021b2b-08fd-4dc0-9de7-3c6ece09faf9, b99b73e7-074b-4089-9395-b7236f094491)
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (051cba44-2429-45b9-9649-46cec11c7119), and replacement custom Policy Definitions ("Deploy-MySQLCMKEffect", "Deploy-PostgreSQLCMKEffect")
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json') // *DONE* Due to missing built-in Policy Definitions (0b026355-49cb-467b-8ac4-f777874e175a)
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (361c2074-3595-4e5d-8cab-4f21dffc835c)
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (0e80e269-43a4-4ae9-b5bc-178126b8a5cb)
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (8b346db6-85af-419b-8557-92cee2c0f9bb)
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (86810a98-8e91-4a44-8386-ec66d0de5d57)
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (6d02d2f7-e38b-4bdc-96f3-adc0a8726abc)
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (3a58212a-c829-4f13-9872-6371df2fd0b4)
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (055aa869-bc98-4af8-bafc-23f1ab6ffe2c)
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (b5f04e03-92a3-4b09-9410-2cc5e5047656)
   ]
   AzureUSGovernment: [
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.AzureUSGovernment.json') // Due to missing built-in Policy Definitions (5e1de0e3-42cb-4ebc-a86d-61d0c619ca48, c9299215-ae47-4f50-9c54-8a392f68a052)
@@ -95,6 +104,16 @@ var loadPolicySetDefinitions = {
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.AzureUSGovernment.json') // Due to missing built-in Policy Definitions (44433aa3-7ec2-4002-93ea-65c65ff0310a, 50ea7265-7d8c-429e-9a7d-ca1f410191c3, b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d, 1f725891-01c0-420a-9059-4fa46cb770b7)
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureUSGovernment.json') // Due to missing built-in Policy Definitions (0b026355-49cb-467b-8ac4-f777874e175a)
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK.AzureUSGovernment.json') // Due to missing built-in Policy Definitions (83cef61d-dbd1-4b20-a4fc-5fbc7da10833, 18adea5e-f416-4d0f-8aa8-d24321e3e274, 051cba44-2429-45b9-9649-46cec11c7119)
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit.json') // Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.json') // Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json') // Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
   ]
 }
 

From 791f11ae53cff0542011865e95cef6bfc4aae146 Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Mon, 5 Aug 2024 13:33:30 +0800
Subject: [PATCH 13/43] Correction on policy assignment name

---
 eslzArm/eslzArm.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json
index 5004523a43..65d17fd2a4 100644
--- a/eslzArm/eslzArm.json
+++ b/eslzArm/eslzArm.json
@@ -1587,7 +1587,7 @@
         "PublicEndpointPolicyAssignmentMapping": {
             "https://management.azure.com/": "managementGroupTemplates/policyAssignments/DENY-PublicEndpointPolicyAssignment.json",
             "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/DENY-PublicEndpointPolicyAssignment.json", // This needs to be updated for USGovernmentCloud
-            "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcDINE-PublicEndpointPolicyAssignment.json"
+            "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcDENY-PublicEndpointPolicyAssignment.json"
 
         },
         "PublicEndpointPolicyAssignment": "[variables('PublicEndpointPolicyAssignmentMapping')[environment().resourceManager]]",

From fe9f166f8dbb8ae654adfcf89e21638dbc3fc357 Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Mon, 5 Aug 2024 17:05:34 +0800
Subject: [PATCH 14/43] Update on policyset definition name by adding
 "AzureChinaCloud"

---
 .../Deploy-Diagnostics-LogAnalytics.AzureChinaCloud.json  | 2 +-
 .../Enforce-EncryptTransit_20240509.AzureChinaCloud.json  | 2 +-
 .../Enforce-Encryption-CMK.AzureChinaCloud.json           | 2 +-
 .../Enforce-Guardrails-Automation.AzureChinaCloud.json    | 2 +-
 .../Enforce-Guardrails-ContainerApps.AzureChinaCloud.json | 2 +-
 .../Enforce-Guardrails-CosmosDb.AzureChinaCloud.json      | 2 +-
 .../Enforce-Guardrails-KeyVault-Sup.AzureChinaCloud.json  | 2 +-
 .../Enforce-Guardrails-KeyVault.AzureChinaCloud.json      | 2 +-
 .../Enforce-Guardrails-MySQL.AzureChinaCloud.json         | 2 +-
 .../Enforce-Guardrails-Network.AzureChinaCloud.json       | 2 +-
 .../Enforce-Guardrails-Storage.AzureChinaCloud.json       | 2 +-
 src/templates/initiatives.bicep                           | 8 ++++----
 12 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics.AzureChinaCloud.json
index ee18af091c..880d6ef31a 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics.AzureChinaCloud.json
@@ -1,5 +1,5 @@
 {
-  "name": "Deploy-Diagnostics-LogAnalytics",
+  "name": "Deploy-Diagnostics-LogAnalytics-AzureChinaCloud",
   "type": "Microsoft.Authorization/policySetDefinitions",
   "apiVersion": "2021-06-01",
   "scope": null,
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.AzureChinaCloud.json
index 4721094533..955cbbe5f1 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.AzureChinaCloud.json
@@ -1,5 +1,5 @@
 {
-    "name": "Enforce-EncryptTransit_20240509",
+    "name": "Enforce-EncryptTransit_20240509-AzureChinaCloud",
     "type": "Microsoft.Authorization/policySetDefinitions",
     "apiVersion": "2021-06-01",
     "scope": null,
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK.AzureChinaCloud.json
index bd78dc311b..f21fb0f251 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK.AzureChinaCloud.json
@@ -1,5 +1,5 @@
 {
-  "name": "Enforce-Encryption-CMK",
+  "name": "Enforce-Encryption-CMK-AzureChinaCloud",
   "type": "Microsoft.Authorization/policySetDefinitions",
   "apiVersion": "2021-06-01",
   "scope": null,
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.AzureChinaCloud.json
index 64f2ef98e7..89d5a68003 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.AzureChinaCloud.json
@@ -1,5 +1,5 @@
 {
-    "name": "Enforce-Guardrails-Automation",
+    "name": "Enforce-Guardrails-Automation-AzureChinaCloud",
     "type": "Microsoft.Authorization/policySetDefinitions",
     "apiVersion": "2021-06-01",
     "scope": null,
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.AzureChinaCloud.json
index 20a559d4a5..ee4a15624f 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.AzureChinaCloud.json
@@ -1,5 +1,5 @@
 {
-    "name": "Enforce-Guardrails-ContainerApps",
+    "name": "Enforce-Guardrails-ContainerApps-AzureChinaCloud",
     "type": "Microsoft.Authorization/policySetDefinitions",
     "apiVersion": "2021-06-01",
     "scope": null,
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.AzureChinaCloud.json
index 75d1d67960..129b6a19c7 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.AzureChinaCloud.json
@@ -1,5 +1,5 @@
 {
-    "name": "Enforce-Guardrails-CosmosDb",
+    "name": "Enforce-Guardrails-CosmosDb-AzureChinaCloud",
     "type": "Microsoft.Authorization/policySetDefinitions",
     "apiVersion": "2021-06-01",
     "scope": null,
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.AzureChinaCloud.json
index 7fad9290da..2105d926eb 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.AzureChinaCloud.json
@@ -1,5 +1,5 @@
 {
-    "name": "Enforce-Guardrails-KeyVault-Sup",
+    "name": "Enforce-Guardrails-KeyVault-Sup-AzureChinaCloud",
     "type": "Microsoft.Authorization/policySetDefinitions",
     "apiVersion": "2021-06-01",
     "scope": null,
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json
index e4d94be21c..1c75125218 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json
@@ -1,5 +1,5 @@
 {
-    "name": "Enforce-Guardrails-KeyVault",
+    "name": "Enforce-Guardrails-KeyVault-AzureChinaCloud",
     "type": "Microsoft.Authorization/policySetDefinitions",
     "apiVersion": "2021-06-01",
     "scope": null,
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.AzureChinaCloud.json
index 056597a6e3..31b0554dad 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.AzureChinaCloud.json
@@ -1,5 +1,5 @@
 {
-    "name": "Enforce-Guardrails-MySQL",
+    "name": "Enforce-Guardrails-MySQL-AzureChinaCloud",
     "type": "Microsoft.Authorization/policySetDefinitions",
     "apiVersion": "2021-06-01",
     "scope": null,
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json
index a71ae0df23..ace7e005b2 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json
@@ -1,5 +1,5 @@
 {
-    "name": "Enforce-Guardrails-Network",
+    "name": "Enforce-Guardrails-Network-AzureChinaCloud",
     "type": "Microsoft.Authorization/policySetDefinitions",
     "apiVersion": "2021-06-01",
     "scope": null,
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.AzureChinaCloud.json
index e43decc9d1..7248cb847e 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.AzureChinaCloud.json
@@ -1,5 +1,5 @@
 {
-    "name": "Enforce-Guardrails-Storage",
+    "name": "Enforce-Guardrails-Storage-AzureChinaCloud",
     "type": "Microsoft.Authorization/policySetDefinitions",
     "apiVersion": "2021-06-01",
     "scope": null,
diff --git a/src/templates/initiatives.bicep b/src/templates/initiatives.bicep
index 412f0e6a6b..a471d99eda 100644
--- a/src/templates/initiatives.bicep
+++ b/src/templates/initiatives.bicep
@@ -84,11 +84,11 @@ var loadPolicySetDefinitions = {
 
   ]
   AzureChinaCloud: [
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.AzureChinaCloud.json') // *DONE*Due to missing built-in Policy Definitions (5e8168db-69e3-4beb-9822-57cb59202a9d, 955a914f-bf86-4f0e-acd5-e0766b0efcb6, etc)
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics.AzureChinaCloud.json') //*???It's deprecated and replaced by build-in*Due to missing "Deploy-Diagnostics-AVDScalingPlans" custom Policy Definition
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.AzureChinaCloud.json') // *DONE*Due to missing built-in Policy Definitions (44433aa3-7ec2-4002-93ea-65c65ff0310a, 50ea7265-7d8c-429e-9a7d-ca1f410191c3, b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d, 74c30959-af11-47b3-9ed2-a26e03f427a3, 1f725891-01c0-420a-9059-4fa46cb770b7, 2370a3c1-4a25-4283-a91a-c9c1a145fb2f, b7021b2b-08fd-4dc0-9de7-3c6ece09faf9, b99b73e7-074b-4089-9395-b7236f094491)
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (5e8168db-69e3-4beb-9822-57cb59202a9d, 955a914f-bf86-4f0e-acd5-e0766b0efcb6, etc)
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics.AzureChinaCloud.json') //Due to missing "Deploy-Diagnostics-AVDScalingPlans" custom Policy Definition
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (44433aa3-7ec2-4002-93ea-65c65ff0310a, 50ea7265-7d8c-429e-9a7d-ca1f410191c3, b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d, 74c30959-af11-47b3-9ed2-a26e03f427a3, 1f725891-01c0-420a-9059-4fa46cb770b7, 2370a3c1-4a25-4283-a91a-c9c1a145fb2f, b7021b2b-08fd-4dc0-9de7-3c6ece09faf9, b99b73e7-074b-4089-9395-b7236f094491)
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (051cba44-2429-45b9-9649-46cec11c7119), and replacement custom Policy Definitions ("Deploy-MySQLCMKEffect", "Deploy-PostgreSQLCMKEffect")
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json') // *DONE* Due to missing built-in Policy Definitions (0b026355-49cb-467b-8ac4-f777874e175a)
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (0b026355-49cb-467b-8ac4-f777874e175a)
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (361c2074-3595-4e5d-8cab-4f21dffc835c)
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (0e80e269-43a4-4ae9-b5bc-178126b8a5cb)
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (8b346db6-85af-419b-8557-92cee2c0f9bb)

From 819f220037706eb5ba719b48ce9d4515ac9297a5 Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Mon, 5 Aug 2024 17:32:46 +0800
Subject: [PATCH 15/43] Remove duplicated load for PolicySet Enforce-Storage

---
 .../policyDefinitions/initiatives.json        | 118 +++++++++---------
 src/templates/initiatives.bicep               |   1 -
 2 files changed, 58 insertions(+), 61 deletions(-)

diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
index 40c274a247..97a13b9c95 100644
--- a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
+++ b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.22.6.54827",
-      "templateHash": "5556617491904947398"
+      "templateHash": "11926918519774617838"
     }
   },
   "parameters": {
@@ -92,62 +92,61 @@
     "$fxv#20": "{\n    \"name\": \"Enforce-Guardrails-PostgreSQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for PostgreSQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures PostgreSQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"PostgreSQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"postgreSqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/db048e65-913c-49f9-bb5f-1084184671d3\",\n                \"policyDefinitionReferenceId\": \"Dine-PostgreSql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('postgreSqlAdvThreatProtection')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#21": "{\n    \"name\": \"Enforce-Guardrails-ServiceBus\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Service Bus\",\n        \"description\": \"This policy initiative is a group of policies that ensures Service Bus is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Service Bus\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"serviceBusModifyDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDenyDisabledLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusAuthzRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Authz-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusAuthzRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebaf4f25-a4e8-415f-86a8-42d9155bef0b\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfb11c26-f069-4c14-8e36-56c394dae5af\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDenyDisabledLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/910711a6-8aa2-4f15-ae62-1e5b2ed3ef9e\",\n                \"policyDefinitionReferenceId\": \"Modify-Sb-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusModifyDisableLocalAuth')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#22": "{\n    \"name\": \"Enforce-Guardrails-SQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for SQL and SQL Managed Instance\",\n        \"description\": \"This policy initiative is a group of policies that ensures SQL and SQL Managed Instance is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"SQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"sqlManagedAadOnly\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlAadOnly\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifySqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c5a62eb0-c65a-4220-8a4d-f70dd4ca95dd\",\n                \"policyDefinitionReferenceId\": \"Dine-Sql-Managed-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abda6d70-9778-44e7-84a8-06713e6db027\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Aad-Only\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlAadOnly')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/78215662-041e-49ed-a9dd-5385911b3a1f\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Aad-Only\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedAadOnly')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6\",\n                \"policyDefinitionReferenceId\": \"Dine-Sql-Adv-Data\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b\",\n                \"policyDefinitionReferenceId\": \"Modify-Sql-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifySqlPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#23": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\n                \"policyDefinitionReferenceId\": \"Dine-Storage-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#24": "{\n    \"name\": \"Enforce-Guardrails-Synapse\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Synapse workspaces\",\n        \"description\": \"This policy initiative is a group of policies that ensures Synapse workspaces is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Synapse\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"synapseLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseManagedVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDataTraffic\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTenants\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseAllowedTenantIds\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"[[subscription().tenantId]\"\n                ]\n            },\n            \"synapseFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/951c1558-50a5-4ca3-abb6-a93e3e2367a6\",\n                \"policyDefinitionReferenceId\": \"Dine-Synapse-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3624673-d2ff-48e0-b28c-5de1c6767c3c\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56fd377d-098c-4f02-8406-81eb055902b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a003702-13d2-4679-941b-937e58c443f0\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tenant-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTenants')]\"\n                    },\n                    \"allowedTenantIds\": {\n                        \"value\": \"[[parameters('synapseAllowedTenantIds')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3484ce98-c0c5-4c83-994b-c5ac24785218\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Data-Traffic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDataTraffic')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d9dbfa3-927b-4cf0-9d0f-08747f971650\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Managed-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseManagedVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2158ddbe-fefa-408e-b43f-d4faef8ff3b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b5c654c-fb07-471b-aa8f-15fea733f140\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c8cad01-ef30-4891-b230-652dadb4876a\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#25": "{\n    \"name\": \"Enforce-Guardrails-VirtualDesktop\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Virtual Desktop\",\n        \"description\": \"This policy initiative is a group of policies that ensures Virtual Desktop is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Desktop Virtualization\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"avdWorkspaceModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ce6ebf1d-0b94-4df9-9257-d8cacc238b4f\",\n                \"policyDefinitionReferenceId\": \"Modify-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspaceModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0913ff-51e7-47b8-97bb-ea17127f7c8d\",\n                \"policyDefinitionReferenceId\": \"Modify-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#26": "{\n    \"name\": \"Deny-PublicPaaSEndpoints\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Public network access should be disabled for PaaS services\",\n        \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n        \"metadata\": {\n            \"version\": \"5.1.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"CosmosPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for CosmosDB\",\n                    \"description\": \"This policy denies that Cosmos database accounts  are created with out public network access is disabled.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"KeyVaultPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for KeyVault\",\n                    \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"SqlServerPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n                    \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"StoragePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access onStorage accounts should be disabled\",\n                    \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AKSPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on AKS API should be disabled\",\n                    \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"ACRPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure Container Registry disabled\",\n                    \"description\": \"This policy denies the creation of Azure Container Registries with exposed public endpoints \"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AFSPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure File Sync disabled\",\n                    \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"PostgreSQLFlexPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for PostgreSql Flexible Server\",\n                    \"description\": \"This policy denies creation of PostgreSQL Flexible DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"postgreSqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for PostgreSQL servers\",\n                    \"description\": \"This policy denies creation of PostgreSQL DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MySQLFlexPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for MySQL Flexible Server\",\n                    \"description\": \"This policy denies creation of MySql Flexible Server DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"BatchPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n                    \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MariaDbPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n                    \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MlPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Machine Learning\",\n                    \"description\": \"This policy denies creation of Azure Machine Learning with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"RedisCachePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Cache for Redis\",\n                    \"description\": \"This policy denies creation of Azure Cache for Redis with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"BotServicePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Bot Service\",\n                    \"description\": \"This policy denies creation of Bot Service with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AutomationPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Automation accounts\",\n                    \"description\": \"This policy denies creation of Automation accounts with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AppConfigPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Configuration\",\n                    \"description\": \"This policy denies creation of App Configuration with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"FunctionPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Function apps\",\n                    \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"FunctionAppSlotPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Function apps\",\n                    \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Service Environment apps\",\n                    \"description\": \"This policy denies creation of App Service Environment apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Service apps\",\n                    \"description\": \"This policy denies creation of App Service apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"ApiManPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for API Management services\",\n                    \"description\": \"This policy denies creation of API Management services with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"AuditIfNotExists\"\n            },\n            \"ContainerAppsEnvironmentDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Container Apps environment should disable public network access\",\n                    \"description\": \"This policy denies creation of Container Apps Environment with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsrVaultDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Azure Recovery Services vaults should disable public network access\",\n                    \"description\": \"This policy denies creation of Azure Recovery Services vaults with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"logicAppPublicNetworkAccessEffect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"appSlotsPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"cognitiveSearchPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"managedDiskPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmDisablePublicNetwork\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapsePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdWorkspacePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"grafanaPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/405c5871-3e91-4644-8a63-58e19d68ff5b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2982f36-99f2-4db5-8eff-283140c09693\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLFlexDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLFlexPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deny-PostgreSql-Public-Network-Access\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('postgreSqlPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLFlexDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLFlexPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MlDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/438c38d2-3772-465a-a9cc-7a6666a275ce\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MlPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisCacheDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/470baccb-7e51-4549-8b1a-3e5be069f663\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisCachePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BotServiceDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e8168db-69e3-4beb-9822-57cb59202a9d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BotServicePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AutomationDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/955a914f-bf86-4f0e-acd5-e0766b0efcb6\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AutomationPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppConfigDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3d9f5e4c-9947-4579-9539-2a7695fbc187\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppConfigPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/969ac98b-88a8-449f-883c-2e9adb123127\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionAppSlotsDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11c82d0c-db9f-4d7b-97c5-f3f9aa957da2\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppSlotPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AseDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d048aca-6479-4923-88f5-e2ac295d9af3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AsDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b5ef780-c53c-4a64-87f3-bb9c8c8094ba\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ApiManDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/df73bd95-24da-4a4f-96b9-4e8b94b402bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ApiManPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsEnvironmentDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d074ddf8-01a5-4b5e-a2b8-964aed452c0a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsEnvironmentDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/783ea2a8-b8fd-46be-896a-9ae79643a0b1\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AsrVaultDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9ebbbba3-4d65-4da9-bb67-b22cfaaff090\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsrVaultDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Public-Network-Access\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApp-Public-Network\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppPublicNetworkAccessEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/701a595d-38fb-4a66-ae6d-fb3735217622\",\n                \"policyDefinitionReferenceId\": \"Deny-AppSlots-Public\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appSlotsPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee980b6d-0eca-4501-8d54-f6290fd512c3\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8405fdab-1faf-48aa-b702-999c9c172094\",\n                \"policyDefinitionReferenceId\": \"Deny-ManagedDisk-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('managedDiskPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43bc7be6-5e69-4b0d-a2bb-e815557ca673\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1cf164be-6819-4a50-b8fa-4bcaa4f98fb6\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8f774be-6aee-492a-9e29-486ef81f3a68\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1adadefe-5f21-44f7-b931-a59b54ccdb45\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Topic-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0602787f-9896-402a-a6e1-39ee63ee435e\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/19ea9d63-adee-4431-a95e-1913c6c1c75f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PublicNetwork\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetwork')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cbd11fd3-3002-4907-b6c8-579f0e700e13\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDisablePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9dfea752-dd46-4766-aed1-c355fa93fb91\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Public-Endpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Public-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsPublicAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/38d8df46-cf4e-4073-8e03-48c24b29de0d\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapsePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ac3038-c07a-4b92-860d-29e270a4f3cd\",\n                \"policyDefinitionReferenceId\": \"Deny-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspacePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c25dcf31-878f-4eba-98eb-0818fdc6a334\",\n                \"policyDefinitionReferenceId\": \"Deny-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8775d5a-73b7-4977-a39b-833ef0114628\",\n                \"policyDefinitionReferenceId\": \"Deny-Grafana-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('grafanaPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#27": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. This policy set is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n    \"metadata\": {\n      \"deprecated\": true,\n      \"version\": \"2.2.0-deprecated\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsDestinationType\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AzureDiagnostics\",\n        \"allowedValues\": [\n          \"AzureDiagnostics\",\n          \"Dedicated\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Destination table for the Diagnostic Setting for API Management to Log Analytics workspace\",\n          \"description\": \"Destination table for the diagnostic setting for API Management to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsDestinationType\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AzureDiagnostics\",\n        \"allowedValues\": [\n          \"AzureDiagnostics\",\n          \"Dedicated\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Destination table for the Diagnostic Setting for Firewall to Log Analytics workspace\",\n          \"description\": \"Destination table for the diagnostic setting for Firewall to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Log Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Log Analytics to stream to a Log Analytics workspace when any Log Analytics workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category Audit enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AVDScalingPlansLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59759c62-9a22-4cdf-ae64-074495983fef\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountBlobServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountFileServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a70cc8-2bd4-47f1-90b6-1478e4662c96\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountQueueServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7bd000e3-37c7-4928-9f31-86c4b77c5c45\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountTableServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fb86bf3-d221-43d1-96d1-2434af34eaa0\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AVDScalingPlansLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"logAnalyticsDestinationType\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsDestinationType')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"logAnalyticsDestinationType\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsDestinationType')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#28": "{\n    \"name\": \"Deploy-MDFC-Config\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"[Deprecated]: Deploy Microsoft Defender for Cloud configuration\",\n        \"description\": \"Deploy Microsoft Defender for Cloud configuration. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html\",\n        \"metadata\": {\n            \"version\": \"7.0.0-deprecated\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"deprecated\": true,\n            \"supersededBy\": \"Deploy-MDFC-Config_20240319\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"emailSecurityContact\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Security contacts email address\",\n                    \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n                }\n            },\n            \"minimalSeverity\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"High\",\n                    \"Medium\",\n                    \"Low\"\n                ],\n                \"defaultValue\": \"High\",\n                \"metadata\": {\n                    \"displayName\": \"Minimal severity\",\n                    \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n                }\n            },\n            \"logAnalytics\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Primary Log Analytics workspace\",\n                    \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n                    \"strongType\": \"omsWorkspace\"\n                }\n            },\n            \"ascExportResourceGroupName\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n                }\n            },\n            \"ascExportResourceGroupLocation\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n                }\n            },\n            \"enableAscForCosmosDbs\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSql\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSqlOnVm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForDns\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForArm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForOssDb\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForAppServices\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForKeyVault\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForStorage\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForContainers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServersVulnerabilityAssessments\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"vulnerabilityAssessmentProvider\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"default\",\n                    \"mdeTvm\"\n                ],\n                \"defaultValue\": \"default\",\n                \"metadata\": {\n                    \"displayName\": \"Vulnerability assessment provider type\",\n                    \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n                }\n            },\n            \"enableAscForApis\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForCspm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForOssDb')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVM\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n                    },\n                    \"vaType\": {\n                        \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForAppServices')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForStorage')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforContainers\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    },\n                    \"logAnalyticsWorkspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForKeyVault')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForDns\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForDns')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForArm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForArm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSql')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForApis\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e54d2be9-5f2e-4d65-98e4-4f0e670b23d6\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForApis')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCspm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCspm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"securityEmailContact\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n                \"parameters\": {\n                    \"emailSecurityContact\": {\n                        \"value\": \"[[parameters('emailSecurityContact')]\"\n                    },\n                    \"minimalSeverity\": {\n                        \"value\": \"[[parameters('minimalSeverity')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ascExport\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n                \"parameters\": {\n                    \"resourceGroupName\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n                    },\n                    \"resourceGroupLocation\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n                    },\n                    \"workspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n                \"parameters\": {\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#29": "{\n    \"name\": \"Deploy-MDFC-Config_20240319\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n        \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Deploy-MDFC-Config\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"emailSecurityContact\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Security contacts email address\",\n                    \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n                }\n            },\n            \"minimalSeverity\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"High\",\n                    \"Medium\",\n                    \"Low\"\n                ],\n                \"defaultValue\": \"High\",\n                \"metadata\": {\n                    \"displayName\": \"Minimal severity\",\n                    \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n                }\n            },\n            \"logAnalytics\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Primary Log Analytics workspace\",\n                    \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n                    \"strongType\": \"omsWorkspace\"\n                }\n            },\n            \"ascExportResourceGroupName\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n                }\n            },\n            \"ascExportResourceGroupLocation\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n                }\n            },\n            \"enableAscForCosmosDbs\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSql\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSqlOnVm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForArm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForOssDb\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForAppServices\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForKeyVault\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForStorage\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForContainers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServersVulnerabilityAssessments\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"vulnerabilityAssessmentProvider\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"default\",\n                    \"mdeTvm\"\n                ],\n                \"defaultValue\": \"mdeTvm\",\n                \"metadata\": {\n                    \"displayName\": \"Vulnerability assessment provider type\",\n                    \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n                }\n            },\n            \"enableAscForCspm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForOssDb')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVM\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n                    },\n                    \"vaType\": {\n                        \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForAppServices')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForStorage')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforContainers\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    },\n                    \"logAnalyticsWorkspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForKeyVault')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForArm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForArm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSql')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCspm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCspm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"securityEmailContact\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n                \"parameters\": {\n                    \"emailSecurityContact\": {\n                        \"value\": \"[[parameters('emailSecurityContact')]\"\n                    },\n                    \"minimalSeverity\": {\n                        \"value\": \"[[parameters('minimalSeverity')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ascExport\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n                \"parameters\": {\n                    \"resourceGroupName\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n                    },\n                    \"resourceGroupLocation\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n                    },\n                    \"workspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n                \"parameters\": {\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#23": "{\n    \"name\": \"Enforce-Guardrails-Synapse\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Synapse workspaces\",\n        \"description\": \"This policy initiative is a group of policies that ensures Synapse workspaces is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Synapse\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"synapseLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseManagedVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDataTraffic\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTenants\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseAllowedTenantIds\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"[[subscription().tenantId]\"\n                ]\n            },\n            \"synapseFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/951c1558-50a5-4ca3-abb6-a93e3e2367a6\",\n                \"policyDefinitionReferenceId\": \"Dine-Synapse-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3624673-d2ff-48e0-b28c-5de1c6767c3c\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56fd377d-098c-4f02-8406-81eb055902b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a003702-13d2-4679-941b-937e58c443f0\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tenant-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTenants')]\"\n                    },\n                    \"allowedTenantIds\": {\n                        \"value\": \"[[parameters('synapseAllowedTenantIds')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3484ce98-c0c5-4c83-994b-c5ac24785218\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Data-Traffic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDataTraffic')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d9dbfa3-927b-4cf0-9d0f-08747f971650\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Managed-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseManagedVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2158ddbe-fefa-408e-b43f-d4faef8ff3b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b5c654c-fb07-471b-aa8f-15fea733f140\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c8cad01-ef30-4891-b230-652dadb4876a\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#24": "{\n    \"name\": \"Enforce-Guardrails-VirtualDesktop\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Virtual Desktop\",\n        \"description\": \"This policy initiative is a group of policies that ensures Virtual Desktop is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Desktop Virtualization\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"avdWorkspaceModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ce6ebf1d-0b94-4df9-9257-d8cacc238b4f\",\n                \"policyDefinitionReferenceId\": \"Modify-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspaceModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0913ff-51e7-47b8-97bb-ea17127f7c8d\",\n                \"policyDefinitionReferenceId\": \"Modify-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#25": "{\n    \"name\": \"Deny-PublicPaaSEndpoints\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Public network access should be disabled for PaaS services\",\n        \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n        \"metadata\": {\n            \"version\": \"5.1.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"CosmosPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for CosmosDB\",\n                    \"description\": \"This policy denies that Cosmos database accounts  are created with out public network access is disabled.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"KeyVaultPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for KeyVault\",\n                    \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"SqlServerPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n                    \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"StoragePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access onStorage accounts should be disabled\",\n                    \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AKSPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on AKS API should be disabled\",\n                    \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"ACRPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure Container Registry disabled\",\n                    \"description\": \"This policy denies the creation of Azure Container Registries with exposed public endpoints \"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AFSPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure File Sync disabled\",\n                    \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"PostgreSQLFlexPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for PostgreSql Flexible Server\",\n                    \"description\": \"This policy denies creation of PostgreSQL Flexible DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"postgreSqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for PostgreSQL servers\",\n                    \"description\": \"This policy denies creation of PostgreSQL DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MySQLFlexPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for MySQL Flexible Server\",\n                    \"description\": \"This policy denies creation of MySql Flexible Server DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"BatchPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n                    \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MariaDbPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n                    \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MlPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Machine Learning\",\n                    \"description\": \"This policy denies creation of Azure Machine Learning with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"RedisCachePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Cache for Redis\",\n                    \"description\": \"This policy denies creation of Azure Cache for Redis with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"BotServicePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Bot Service\",\n                    \"description\": \"This policy denies creation of Bot Service with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AutomationPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Automation accounts\",\n                    \"description\": \"This policy denies creation of Automation accounts with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AppConfigPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Configuration\",\n                    \"description\": \"This policy denies creation of App Configuration with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"FunctionPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Function apps\",\n                    \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"FunctionAppSlotPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Function apps\",\n                    \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Service Environment apps\",\n                    \"description\": \"This policy denies creation of App Service Environment apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Service apps\",\n                    \"description\": \"This policy denies creation of App Service apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"ApiManPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for API Management services\",\n                    \"description\": \"This policy denies creation of API Management services with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"AuditIfNotExists\"\n            },\n            \"ContainerAppsEnvironmentDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Container Apps environment should disable public network access\",\n                    \"description\": \"This policy denies creation of Container Apps Environment with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsrVaultDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Azure Recovery Services vaults should disable public network access\",\n                    \"description\": \"This policy denies creation of Azure Recovery Services vaults with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"logicAppPublicNetworkAccessEffect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"appSlotsPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"cognitiveSearchPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"managedDiskPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmDisablePublicNetwork\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapsePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdWorkspacePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"grafanaPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/405c5871-3e91-4644-8a63-58e19d68ff5b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2982f36-99f2-4db5-8eff-283140c09693\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLFlexDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLFlexPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deny-PostgreSql-Public-Network-Access\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('postgreSqlPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLFlexDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLFlexPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MlDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/438c38d2-3772-465a-a9cc-7a6666a275ce\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MlPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisCacheDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/470baccb-7e51-4549-8b1a-3e5be069f663\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisCachePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BotServiceDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e8168db-69e3-4beb-9822-57cb59202a9d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BotServicePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AutomationDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/955a914f-bf86-4f0e-acd5-e0766b0efcb6\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AutomationPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppConfigDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3d9f5e4c-9947-4579-9539-2a7695fbc187\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppConfigPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/969ac98b-88a8-449f-883c-2e9adb123127\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionAppSlotsDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11c82d0c-db9f-4d7b-97c5-f3f9aa957da2\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppSlotPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AseDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d048aca-6479-4923-88f5-e2ac295d9af3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AsDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b5ef780-c53c-4a64-87f3-bb9c8c8094ba\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ApiManDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/df73bd95-24da-4a4f-96b9-4e8b94b402bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ApiManPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsEnvironmentDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d074ddf8-01a5-4b5e-a2b8-964aed452c0a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsEnvironmentDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/783ea2a8-b8fd-46be-896a-9ae79643a0b1\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AsrVaultDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9ebbbba3-4d65-4da9-bb67-b22cfaaff090\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsrVaultDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Public-Network-Access\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApp-Public-Network\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppPublicNetworkAccessEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/701a595d-38fb-4a66-ae6d-fb3735217622\",\n                \"policyDefinitionReferenceId\": \"Deny-AppSlots-Public\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appSlotsPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee980b6d-0eca-4501-8d54-f6290fd512c3\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8405fdab-1faf-48aa-b702-999c9c172094\",\n                \"policyDefinitionReferenceId\": \"Deny-ManagedDisk-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('managedDiskPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43bc7be6-5e69-4b0d-a2bb-e815557ca673\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1cf164be-6819-4a50-b8fa-4bcaa4f98fb6\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8f774be-6aee-492a-9e29-486ef81f3a68\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1adadefe-5f21-44f7-b931-a59b54ccdb45\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Topic-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0602787f-9896-402a-a6e1-39ee63ee435e\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/19ea9d63-adee-4431-a95e-1913c6c1c75f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PublicNetwork\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetwork')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cbd11fd3-3002-4907-b6c8-579f0e700e13\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDisablePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9dfea752-dd46-4766-aed1-c355fa93fb91\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Public-Endpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Public-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsPublicAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/38d8df46-cf4e-4073-8e03-48c24b29de0d\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapsePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ac3038-c07a-4b92-860d-29e270a4f3cd\",\n                \"policyDefinitionReferenceId\": \"Deny-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspacePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c25dcf31-878f-4eba-98eb-0818fdc6a334\",\n                \"policyDefinitionReferenceId\": \"Deny-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8775d5a-73b7-4977-a39b-833ef0114628\",\n                \"policyDefinitionReferenceId\": \"Deny-Grafana-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('grafanaPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#26": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. This policy set is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n    \"metadata\": {\n      \"deprecated\": true,\n      \"version\": \"2.2.0-deprecated\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsDestinationType\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AzureDiagnostics\",\n        \"allowedValues\": [\n          \"AzureDiagnostics\",\n          \"Dedicated\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Destination table for the Diagnostic Setting for API Management to Log Analytics workspace\",\n          \"description\": \"Destination table for the diagnostic setting for API Management to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsDestinationType\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AzureDiagnostics\",\n        \"allowedValues\": [\n          \"AzureDiagnostics\",\n          \"Dedicated\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Destination table for the Diagnostic Setting for Firewall to Log Analytics workspace\",\n          \"description\": \"Destination table for the diagnostic setting for Firewall to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Log Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Log Analytics to stream to a Log Analytics workspace when any Log Analytics workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category Audit enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AVDScalingPlansLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59759c62-9a22-4cdf-ae64-074495983fef\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountBlobServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountFileServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a70cc8-2bd4-47f1-90b6-1478e4662c96\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountQueueServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7bd000e3-37c7-4928-9f31-86c4b77c5c45\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountTableServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fb86bf3-d221-43d1-96d1-2434af34eaa0\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AVDScalingPlansLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"logAnalyticsDestinationType\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsDestinationType')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"logAnalyticsDestinationType\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsDestinationType')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#27": "{\n    \"name\": \"Deploy-MDFC-Config\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"[Deprecated]: Deploy Microsoft Defender for Cloud configuration\",\n        \"description\": \"Deploy Microsoft Defender for Cloud configuration. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html\",\n        \"metadata\": {\n            \"version\": \"7.0.0-deprecated\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"deprecated\": true,\n            \"supersededBy\": \"Deploy-MDFC-Config_20240319\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"emailSecurityContact\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Security contacts email address\",\n                    \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n                }\n            },\n            \"minimalSeverity\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"High\",\n                    \"Medium\",\n                    \"Low\"\n                ],\n                \"defaultValue\": \"High\",\n                \"metadata\": {\n                    \"displayName\": \"Minimal severity\",\n                    \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n                }\n            },\n            \"logAnalytics\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Primary Log Analytics workspace\",\n                    \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n                    \"strongType\": \"omsWorkspace\"\n                }\n            },\n            \"ascExportResourceGroupName\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n                }\n            },\n            \"ascExportResourceGroupLocation\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n                }\n            },\n            \"enableAscForCosmosDbs\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSql\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSqlOnVm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForDns\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForArm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForOssDb\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForAppServices\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForKeyVault\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForStorage\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForContainers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServersVulnerabilityAssessments\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"vulnerabilityAssessmentProvider\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"default\",\n                    \"mdeTvm\"\n                ],\n                \"defaultValue\": \"default\",\n                \"metadata\": {\n                    \"displayName\": \"Vulnerability assessment provider type\",\n                    \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n                }\n            },\n            \"enableAscForApis\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForCspm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForOssDb')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVM\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n                    },\n                    \"vaType\": {\n                        \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForAppServices')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForStorage')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforContainers\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    },\n                    \"logAnalyticsWorkspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForKeyVault')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForDns\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForDns')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForArm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForArm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSql')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForApis\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e54d2be9-5f2e-4d65-98e4-4f0e670b23d6\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForApis')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCspm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCspm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"securityEmailContact\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n                \"parameters\": {\n                    \"emailSecurityContact\": {\n                        \"value\": \"[[parameters('emailSecurityContact')]\"\n                    },\n                    \"minimalSeverity\": {\n                        \"value\": \"[[parameters('minimalSeverity')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ascExport\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n                \"parameters\": {\n                    \"resourceGroupName\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n                    },\n                    \"resourceGroupLocation\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n                    },\n                    \"workspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n                \"parameters\": {\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#28": "{\n    \"name\": \"Deploy-MDFC-Config_20240319\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n        \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Deploy-MDFC-Config\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"emailSecurityContact\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Security contacts email address\",\n                    \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n                }\n            },\n            \"minimalSeverity\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"High\",\n                    \"Medium\",\n                    \"Low\"\n                ],\n                \"defaultValue\": \"High\",\n                \"metadata\": {\n                    \"displayName\": \"Minimal severity\",\n                    \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n                }\n            },\n            \"logAnalytics\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Primary Log Analytics workspace\",\n                    \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n                    \"strongType\": \"omsWorkspace\"\n                }\n            },\n            \"ascExportResourceGroupName\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n                }\n            },\n            \"ascExportResourceGroupLocation\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n                }\n            },\n            \"enableAscForCosmosDbs\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSql\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSqlOnVm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForArm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForOssDb\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForAppServices\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForKeyVault\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForStorage\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForContainers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServersVulnerabilityAssessments\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"vulnerabilityAssessmentProvider\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"default\",\n                    \"mdeTvm\"\n                ],\n                \"defaultValue\": \"mdeTvm\",\n                \"metadata\": {\n                    \"displayName\": \"Vulnerability assessment provider type\",\n                    \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n                }\n            },\n            \"enableAscForCspm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForOssDb')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVM\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n                    },\n                    \"vaType\": {\n                        \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForAppServices')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForStorage')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforContainers\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    },\n                    \"logAnalyticsWorkspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForKeyVault')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForArm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForArm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSql')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCspm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCspm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"securityEmailContact\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n                \"parameters\": {\n                    \"emailSecurityContact\": {\n                        \"value\": \"[[parameters('emailSecurityContact')]\"\n                    },\n                    \"minimalSeverity\": {\n                        \"value\": \"[[parameters('minimalSeverity')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ascExport\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n                \"parameters\": {\n                    \"resourceGroupName\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n                    },\n                    \"resourceGroupLocation\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n                    },\n                    \"workspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n                \"parameters\": {\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#29": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"2.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDatabricksPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDatabricksPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureHDInsightPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureHDInsightPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMigratePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMigratePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueuePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueuePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueueSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueueSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesKeyPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesKeyPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesLivePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesLivePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesStreamPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesStreamPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBotServicePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBotServicePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureManagedGrafanaWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureManagedGrafanaWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotDeviceupdatePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotDeviceupdatePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcGuestconfigurationPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcGuestconfigurationPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcHybridResourceProviderPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcHybridResourceProviderPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcKubernetesConfigurationPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcKubernetesConfigurationPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotCentralPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotCentralPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Databricks-UI-Api\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDatabricksPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"databricks_ui_api\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Databricks-Browser-AuthN\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDatabricksPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"browser_authentication\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Migrate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7590a335-57cf-4c95-babd-ecbc8fafeb1f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMigratePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Key\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesKeyPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"keydelivery\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Live\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesLivePrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"liveevent\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Stream\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesStreamPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"streamingendpoint\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Web\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-BotService\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a4e6f44-f2af-4082-9702-033c9e88b9f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBotServicePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ManagedGrafanaWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4c8537f8-cd1b-49ec-b704-18e82a42fd58\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureManagedGrafanaWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTDeviceupdate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a222b93a-e6c2-4c01-817f-21e092455b2a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotDeviceupdatePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Arc\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55c4db33-97b0-437b-8469-c4f4498f5df9\",\n        \"parameters\":{\n          \"privateDnsZoneIDForGuestConfiguration\": {\n            \"value\": \"[[parameters('azureArcGuestconfigurationPrivateDnsZoneId')]\"\n          },\n          \"privateDnsZoneIDForHybridResourceProvider\": {\n            \"value\": \"[[parameters('azureArcHybridResourceProviderPrivateDnsZoneId')]\"\n          },\n          \"privateDnsZoneIDForKubernetesConfiguration\": {\n            \"value\": \"[[parameters('azureArcKubernetesConfigurationPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTCentral\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d627d7c6-ded5-481a-8f2e-7e16b1e6faf6\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotCentralPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#3": "{\n  \"name\": \"Deploy-Sql-Security_20240529\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy SQL Database built-in SQL security configuration\",\n    \"description\": \"Deploy auditing, Alert, TDE and SQL vulnerability to SQL Databases when it not exist in the deployment\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"SQL\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"replacesPolicy\": \"Deploy-Sql-Security\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"vulnerabilityAssessmentsEmail\": {\n        \"metadata\": {\n          \"description\": \"The email address to send alerts\",\n          \"displayName\": \"The email address to send alerts\"\n        },\n        \"type\": \"Array\"\n      },\n      \"vulnerabilityAssessmentsStorageID\": {\n        \"metadata\": {\n          \"description\": \"The storage account ID to store assessments\",\n          \"displayName\": \"The storage account ID to store assessments\"\n        },\n        \"type\": \"String\"\n      },\n      \"SqlDbTdeDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database Transparent Data Encryption \",\n          \"description\": \"Deploy the Transparent Data Encryption when it is not enabled in the deployment\"\n        }\n      },\n      \"SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database security Alert Policies configuration with email admin accounts\",\n          \"description\": \"Deploy the security Alert Policies configuration with email admin accounts when it not exist in current configuration\"\n        }\n      },\n      \"SqlDbAuditingSettingsDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL database auditing settings\",\n          \"description\": \"Deploy auditing settings to SQL Database when it not exist in the deployment\"\n        }\n      },\n      \"SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database vulnerability Assessments\",\n          \"description\": \"Deploy SQL Database vulnerability Assessments when it not exist in the deployment. To the specific  storage account in the parameters\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbTdeDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbTdeDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbSecurityAlertPoliciesDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbAuditingSettingsDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbAuditingSettingsDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbVulnerabilityAssessmentsDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments_20230706\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect')]\"\n          },\n          \"vulnerabilityAssessmentsEmail\": {\n            \"value\": \"[[parameters('vulnerabilityAssessmentsEmail')]\"\n          },\n          \"vulnerabilityAssessmentsStorageID\": {\n            \"value\": \"[[parameters('vulnerabilityAssessmentsStorageID')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#30": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"2.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDatabricksPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDatabricksPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureHDInsightPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureHDInsightPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMigratePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMigratePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueuePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueuePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueueSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueueSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesKeyPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesKeyPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesLivePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesLivePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesStreamPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesStreamPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBotServicePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBotServicePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureManagedGrafanaWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureManagedGrafanaWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotDeviceupdatePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotDeviceupdatePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcGuestconfigurationPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcGuestconfigurationPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcHybridResourceProviderPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcHybridResourceProviderPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcKubernetesConfigurationPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcKubernetesConfigurationPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotCentralPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotCentralPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Databricks-UI-Api\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDatabricksPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"databricks_ui_api\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Databricks-Browser-AuthN\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDatabricksPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"browser_authentication\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Migrate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7590a335-57cf-4c95-babd-ecbc8fafeb1f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMigratePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Key\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesKeyPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"keydelivery\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Live\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesLivePrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"liveevent\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Stream\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesStreamPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"streamingendpoint\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Web\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-BotService\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a4e6f44-f2af-4082-9702-033c9e88b9f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBotServicePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ManagedGrafanaWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4c8537f8-cd1b-49ec-b704-18e82a42fd58\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureManagedGrafanaWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTDeviceupdate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a222b93a-e6c2-4c01-817f-21e092455b2a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotDeviceupdatePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Arc\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55c4db33-97b0-437b-8469-c4f4498f5df9\",\n        \"parameters\":{\n          \"privateDnsZoneIDForGuestConfiguration\": {\n            \"value\": \"[[parameters('azureArcGuestconfigurationPrivateDnsZoneId')]\"\n          },\n          \"privateDnsZoneIDForHybridResourceProvider\": {\n            \"value\": \"[[parameters('azureArcHybridResourceProviderPrivateDnsZoneId')]\"\n          },\n          \"privateDnsZoneIDForKubernetesConfiguration\": {\n            \"value\": \"[[parameters('azureArcKubernetesConfigurationPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTCentral\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d627d7c6-ded5-481a-8f2e-7e16b1e6faf6\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotCentralPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#31": "{\n    \"name\": \"Enforce-Encryption-CMK\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n        \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n        \"metadata\": {\n            \"version\": \"3.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"ACRCmkEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"AksCmkEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n                    \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"WorkspaceCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n                    \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n                }\n            },\n            \"CognitiveServicesCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n                    \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n                }\n            },\n            \"CosmosCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n                }\n            },\n            \"DataBoxCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n                    \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n                }\n            },\n            \"StreamAnalyticsCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n                    \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n                }\n            },\n            \"SynapseWorkspaceCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n                }\n            },\n            \"StorageCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n                    \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n                }\n            },\n            \"MySQLCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n                }\n            },\n            \"PostgreSQLCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n                }\n            },\n            \"SqlServerTDECMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n                }\n            },\n            \"HealthcareAPIsCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"audit\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure API for FHIR should use a customer-managed key (CMK) to encrypt data at rest\",\n                    \"description\": \"Use a customer-managed key to control the encryption at rest of the data stored in Azure API for FHIR when this is a regulatory or compliance requirement. Customer-managed keys also deliver double encryption by adding a second layer of encryption on top of the default one done with service-managed keys.\"\n                }\n            },\n            \"AzureBatchCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n                    \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n                }\n            },\n            \"EncryptedVMDisksEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Disk encryption should be applied on virtual machines\",\n                    \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n                }\n            },\n            \"AutomationAccountCmkEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"BackupCmkEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveSearchCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"osAndDataDiskCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerInstanceCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubPremiumCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDenyCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedCmk\": {\n              \"type\": \"string\",\n              \"defaultValue\": \"Deny\",\n              \"allowedValues\": [\n                  \"Audit\",\n                  \"Deny\",\n                  \"Disabled\"\n              ]\n            },\n            \"storageTableCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsEncryptionCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageQueueCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ACRCmkEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AksCmkEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CosmosCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"HealthcareAPIsCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('HealthcareAPIsCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56a5ee18-2ae6-4810-86f7-18e39ce5629b\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AutomationAccountCmkEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2e94d99a-8a36-4563-bc77-810d8893b671\",\n                \"policyDefinitionReferenceId\": \"Deny-Backup-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BackupCmkEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/76a56461-9dc0-40f0-82f5-2453283afa2f\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/702dd420-7fcc-42c5-afe8-4026edd20fe0\",\n                \"policyDefinitionReferenceId\": \"Deny-OsAndDataDisk-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('osAndDataDiskCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0aa61e00-0a01-4a3c-9945-e93cffedf0e6\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerInstance-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerInstanceCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/81e74cea-30fd-40d5-802f-d72103c2aaaa\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec52d6d-beb7-40c4-9a9e-fe753254690e\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1ad735a-e96f-45d2-a7b2-9a4932cab7ec\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-Premium-CMK\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Premium-CMK\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubPremiumCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/295fc8b1-dc9f-4f53-9c61-3f313ceab40a\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDenyCmk')]\"\n                    }\n                }\n            },\n            {\n              \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac01ad65-10e5-46df-bdd9-6b0cad13e1d2\",\n              \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Cmk\",\n              \"groupNames\": [],\n              \"parameters\": {\n                  \"effect\": {\n                      \"value\": \"[[parameters('sqlManagedCmk')]\"\n                  }\n              }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c322315-e26d-4174-a99e-f49d351b4688\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Table-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageTableCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5ec538c-daa0-4006-8596-35468b9148e8\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Encryption-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsEncryptionCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e5abd0-2554-4736-b7c0-4ffef23475ef\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Queue-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageQueueCmk')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#32": "{\n    \"name\": \"Enforce-ACSB\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce Azure Compute Security Benchmark compliance auditing\",\n        \"description\": \"Enforce Azure Compute Security Benchmark compliance auditing for Windows and Linux virtual machines.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Guest Configuration\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"includeArcMachines\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"true\",\n                    \"false\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Include Arc connected servers\",\n                    \"description\": \"By selecting this option, you agree to be charged monthly per Arc connected machine.\"\n                },\n                \"defaultValue\": \"true\"\n            },\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"AuditIfNotExists\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"GcIdentity\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"GcLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"GcWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WinAcsb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/72650e9f-97bc-4b2a-ab5f-9781a9fcecbc\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"IncludeArcMachines\": {\n                        \"value\": \"[[parameters('includeArcMachines')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"LinAcsb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"IncludeArcMachines\": {\n                        \"value\": \"[[parameters('includeArcMachines')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#33": "{\n  \"name\": \"Deploy-MDFC-DefenderSQL-AMA\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Configure SQL VM and Arc-enabled SQL Servers to install Microsoft Defender for SQL and AMA with a user-defined LAW\",\n    \"description\": \"Initiative is deprecated as the built-in initiative now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/de01d381-bae9-4670-8870-786f89f49e26.html\",\n    \"metadata\": {\n      \"version\": \"1.0.1-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"de01d381-bae9-4670-8870-786f89f49e26\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      },\n      \"userWorkspaceResourceId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace Resource Id\",\n          \"description\": \"Workspace resource Id of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n        \"type\": \"Boolean\",\n        \"metadata\": {\n          \"displayName\": \"Enable collection of SQL queries for security research\",\n          \"description\": \"Enable or disable the collection of SQL queries for security research.\"\n        },\n        \"allowedValues\": [\n          true,\n          false\n        ],\n        \"defaultValue\": false\n      },\n      \"identityResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Identity Resource Group\",\n          \"description\": \"The name of the resource group created by the policy.\"\n        },\n        \"defaultValue\": \"\"\n      },\n      \"userAssignedIdentityName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"User Assigned Managed Identity Name\",\n          \"description\": \"The name of the user assigned managed identity.\"\n        },\n        \"defaultValue\": \"\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcAma\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3592ff98-9787-443a-af59-4505d0fe0786\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcMdsql\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65503269-6a54-4553-8a28-0065a8e6d929\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcMdsqlDcr\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-Arc-Sql-DefenderSQL-DCR\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"userWorkspaceResourceId\": {\n            \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n            \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcDcrAssociation\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-Arc-SQL-DCR-Association\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlAma\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-AMA\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"identityResourceGroup\": {\n            \"value\": \"[[parameters('identityResourceGroup')]\"\n          },\n          \"userAssignedIdentityName\": {\n            \"value\": \"[[parameters('userAssignedIdentityName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlMdsql\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-DefenderSQL\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlMdsqlDcr\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-DefenderSQL-DCR\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"Disabled\"\n          },\n          \"userWorkspaceResourceId\": {\n            \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n            \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
-    "$fxv#34": "{\n    \"name\": \"Enforce-Backup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce enhanced recovery and backup policies\",\n        \"description\": \"Enforce enhanced recovery and backup policies on assigned scopes.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Backup\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"version\": \"1.0.0\",\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"checkLockedImmutabilityOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"checkLockedImmutabilityOnly\",\n                    \"description\": \"This parameter checks if Immutability is locked for Backup Vaults in scope. Selecting 'true' will mark only vaults with Immutability 'Locked' as compliant. Selecting 'false' will mark vaults that have Immutability either 'Enabled' or 'Locked' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            },\n            \"checkAlwaysOnSoftDeleteOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"CheckAlwaysOnSoftDeleteOnly\",\n                    \"description\": \"This parameter checks if Soft Delete is 'Locked' for Backup Vaults in scope. Selecting 'true' will mark only vaults with Soft Delete 'AlwaysOn' as compliant. Selecting 'false' will mark vaults that have Soft Delete either 'On' or 'AlwaysOn' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2514263b-bc0d-4b06-ac3e-f262c0979018\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabiltyOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6f6f560-14b7-49a4-9fc8-d2c3a9807868\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabilityOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-SoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9798d31d-6028-4dee-8643-46102185c016\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkAlwaysOnSoftDeleteOnly\": {\n                        \"value\": \"[[parameters('checkAlwaysOnSoftDeleteOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-SoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/31b8092a-36b8-434b-9af7-5ec844364148\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkAlwaysOnSoftDeleteOnly\": {\n                        \"value\": \"[[parameters('checkAlwaysOnSoftDeleteOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-MUA\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c58e083e-7982-4e24-afdc-be14d312389e\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-MUA\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c7031eab-0fc0-4cd9-acd0-4497bd66d91a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#35": "{\n    \"name\": \"Enforce-ALZ-Decomm\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"Enforce policies in the Decommissioned Landing Zone\",\n      \"description\": \"Enforce policies in the Decommissioned Landing Zone.\",\n      \"metadata\": {\n        \"version\": \"1.0.0\",\n        \"category\": \"Decommissioned\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"alzCloudEnvironments\": [ \n          \"AzureCloud\"\n        ]\n      },\n      \"parameters\": {\n        \"listOfResourceTypesAllowed\":{\n          \"type\": \"Array\",\n          \"defaultValue\": [],\n          \"metadata\": {\n            \"displayName\": \"Allowed resource types in the Decommissioned landing zone\",\n            \"description\": \"Allowed resource types in the Decommissioned landing zone, default is none.\",\n            \"strongType\": \"resourceTypes\"\n          }\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"DecomDenyResources\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\n          \"parameters\": {\n            \"listOfResourceTypesAllowed\": {\n              \"value\": \"[[parameters('listOfResourceTypesAllowed')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n            \"policyDefinitionReferenceId\": \"DecomShutdownMachines\",\n            \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown\",\n            \"parameters\": {},\n            \"groupNames\": []\n          }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }\n  ",
-    "$fxv#36": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\n                \"policyDefinitionReferenceId\": \"Dine-Storage-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#37": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-Sup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce additional recommended guardrails for Key Vault\",\n        \"description\": \"This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"keyVaultManagedHsmDisablePublicNetworkModify\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultModifyFw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84d327c3-164a-4685-b453-900478614456\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetworkModify')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-Fw\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultModifyFw')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#38": "{\n    \"name\": \"Enforce-EncryptTransit\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n      \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_20240509.html\",\n      \"metadata\": {\n        \"version\": \"2.1.0-deprecated\",\n        \"category\": \"Encryption\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"deprecated\": true,\n        \"supersededBy\": \"Enforce-EncryptTransit_20240509\",\n        \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n        ]\n      },\n      \"parameters\": {\n        \"AppServiceHttpEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n            \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceTlsVersionEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n            \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n            \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n          }\n        },\n        \"APIAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"FunctionLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"FunctionServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"WebAppServiceLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"WebAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"AKSIngressHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n            \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"deny\",\n          \"allowedValues\": [\n            \"audit\",\n            \"deny\",\n            \"disabled\"\n          ]\n        },\n        \"MySQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"MySQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n            \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"MySQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"PostgreSQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"PostgreSQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n            \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"PostgreSQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"RedisTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"RedisMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n            \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n          }\n        },\n        \"RedisTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n            \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"SQLManagedInstanceTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLManagedInstanceMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n            \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n          }\n        },\n        \"SQLManagedInstanceTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"SQLServerTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLServerminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n            \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n          }\n        },\n        \"SQLServerTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"StorageDeployHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"StorageminimumTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_1\",\n            \"TLS1_0\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Storage Account select minimum TLS version\",\n            \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n          }\n        },\n        \"StorageHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"ContainerAppsHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n            \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Deny\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n            },\n            \"minTlsVersion\": {\n              \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }",
-    "$fxv#39": "{\n    \"name\": \"Enforce-EncryptTransit_20240509\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"ContainerAppsHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n                    \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#30": "{\n    \"name\": \"Enforce-Encryption-CMK\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n        \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n        \"metadata\": {\n            \"version\": \"3.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"ACRCmkEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"AksCmkEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n                    \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"WorkspaceCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n                    \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n                }\n            },\n            \"CognitiveServicesCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n                    \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n                }\n            },\n            \"CosmosCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n                }\n            },\n            \"DataBoxCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n                    \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n                }\n            },\n            \"StreamAnalyticsCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n                    \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n                }\n            },\n            \"SynapseWorkspaceCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n                }\n            },\n            \"StorageCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n                    \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n                }\n            },\n            \"MySQLCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n                }\n            },\n            \"PostgreSQLCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n                }\n            },\n            \"SqlServerTDECMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n                }\n            },\n            \"HealthcareAPIsCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"audit\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure API for FHIR should use a customer-managed key (CMK) to encrypt data at rest\",\n                    \"description\": \"Use a customer-managed key to control the encryption at rest of the data stored in Azure API for FHIR when this is a regulatory or compliance requirement. Customer-managed keys also deliver double encryption by adding a second layer of encryption on top of the default one done with service-managed keys.\"\n                }\n            },\n            \"AzureBatchCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n                    \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n                }\n            },\n            \"EncryptedVMDisksEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Disk encryption should be applied on virtual machines\",\n                    \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n                }\n            },\n            \"AutomationAccountCmkEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"BackupCmkEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveSearchCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"osAndDataDiskCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerInstanceCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubPremiumCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDenyCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedCmk\": {\n              \"type\": \"string\",\n              \"defaultValue\": \"Deny\",\n              \"allowedValues\": [\n                  \"Audit\",\n                  \"Deny\",\n                  \"Disabled\"\n              ]\n            },\n            \"storageTableCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsEncryptionCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageQueueCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ACRCmkEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AksCmkEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CosmosCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"HealthcareAPIsCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('HealthcareAPIsCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56a5ee18-2ae6-4810-86f7-18e39ce5629b\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AutomationAccountCmkEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2e94d99a-8a36-4563-bc77-810d8893b671\",\n                \"policyDefinitionReferenceId\": \"Deny-Backup-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BackupCmkEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/76a56461-9dc0-40f0-82f5-2453283afa2f\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/702dd420-7fcc-42c5-afe8-4026edd20fe0\",\n                \"policyDefinitionReferenceId\": \"Deny-OsAndDataDisk-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('osAndDataDiskCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0aa61e00-0a01-4a3c-9945-e93cffedf0e6\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerInstance-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerInstanceCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/81e74cea-30fd-40d5-802f-d72103c2aaaa\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec52d6d-beb7-40c4-9a9e-fe753254690e\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1ad735a-e96f-45d2-a7b2-9a4932cab7ec\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-Premium-CMK\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Premium-CMK\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubPremiumCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/295fc8b1-dc9f-4f53-9c61-3f313ceab40a\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDenyCmk')]\"\n                    }\n                }\n            },\n            {\n              \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac01ad65-10e5-46df-bdd9-6b0cad13e1d2\",\n              \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Cmk\",\n              \"groupNames\": [],\n              \"parameters\": {\n                  \"effect\": {\n                      \"value\": \"[[parameters('sqlManagedCmk')]\"\n                  }\n              }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c322315-e26d-4174-a99e-f49d351b4688\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Table-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageTableCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5ec538c-daa0-4006-8596-35468b9148e8\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Encryption-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsEncryptionCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e5abd0-2554-4736-b7c0-4ffef23475ef\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Queue-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageQueueCmk')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#31": "{\n    \"name\": \"Enforce-ACSB\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce Azure Compute Security Benchmark compliance auditing\",\n        \"description\": \"Enforce Azure Compute Security Benchmark compliance auditing for Windows and Linux virtual machines.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Guest Configuration\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"includeArcMachines\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"true\",\n                    \"false\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Include Arc connected servers\",\n                    \"description\": \"By selecting this option, you agree to be charged monthly per Arc connected machine.\"\n                },\n                \"defaultValue\": \"true\"\n            },\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"AuditIfNotExists\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"GcIdentity\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"GcLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"GcWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WinAcsb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/72650e9f-97bc-4b2a-ab5f-9781a9fcecbc\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"IncludeArcMachines\": {\n                        \"value\": \"[[parameters('includeArcMachines')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"LinAcsb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"IncludeArcMachines\": {\n                        \"value\": \"[[parameters('includeArcMachines')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#32": "{\n  \"name\": \"Deploy-MDFC-DefenderSQL-AMA\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Configure SQL VM and Arc-enabled SQL Servers to install Microsoft Defender for SQL and AMA with a user-defined LAW\",\n    \"description\": \"Initiative is deprecated as the built-in initiative now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/de01d381-bae9-4670-8870-786f89f49e26.html\",\n    \"metadata\": {\n      \"version\": \"1.0.1-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"de01d381-bae9-4670-8870-786f89f49e26\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      },\n      \"userWorkspaceResourceId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace Resource Id\",\n          \"description\": \"Workspace resource Id of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n        \"type\": \"Boolean\",\n        \"metadata\": {\n          \"displayName\": \"Enable collection of SQL queries for security research\",\n          \"description\": \"Enable or disable the collection of SQL queries for security research.\"\n        },\n        \"allowedValues\": [\n          true,\n          false\n        ],\n        \"defaultValue\": false\n      },\n      \"identityResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Identity Resource Group\",\n          \"description\": \"The name of the resource group created by the policy.\"\n        },\n        \"defaultValue\": \"\"\n      },\n      \"userAssignedIdentityName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"User Assigned Managed Identity Name\",\n          \"description\": \"The name of the user assigned managed identity.\"\n        },\n        \"defaultValue\": \"\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcAma\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3592ff98-9787-443a-af59-4505d0fe0786\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcMdsql\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65503269-6a54-4553-8a28-0065a8e6d929\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcMdsqlDcr\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-Arc-Sql-DefenderSQL-DCR\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"userWorkspaceResourceId\": {\n            \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n            \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcDcrAssociation\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-Arc-SQL-DCR-Association\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlAma\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-AMA\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"identityResourceGroup\": {\n            \"value\": \"[[parameters('identityResourceGroup')]\"\n          },\n          \"userAssignedIdentityName\": {\n            \"value\": \"[[parameters('userAssignedIdentityName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlMdsql\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-DefenderSQL\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlMdsqlDcr\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-DefenderSQL-DCR\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"Disabled\"\n          },\n          \"userWorkspaceResourceId\": {\n            \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n            \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
+    "$fxv#33": "{\n    \"name\": \"Enforce-Backup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce enhanced recovery and backup policies\",\n        \"description\": \"Enforce enhanced recovery and backup policies on assigned scopes.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Backup\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"version\": \"1.0.0\",\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"checkLockedImmutabilityOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"checkLockedImmutabilityOnly\",\n                    \"description\": \"This parameter checks if Immutability is locked for Backup Vaults in scope. Selecting 'true' will mark only vaults with Immutability 'Locked' as compliant. Selecting 'false' will mark vaults that have Immutability either 'Enabled' or 'Locked' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            },\n            \"checkAlwaysOnSoftDeleteOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"CheckAlwaysOnSoftDeleteOnly\",\n                    \"description\": \"This parameter checks if Soft Delete is 'Locked' for Backup Vaults in scope. Selecting 'true' will mark only vaults with Soft Delete 'AlwaysOn' as compliant. Selecting 'false' will mark vaults that have Soft Delete either 'On' or 'AlwaysOn' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2514263b-bc0d-4b06-ac3e-f262c0979018\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabiltyOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6f6f560-14b7-49a4-9fc8-d2c3a9807868\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabilityOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-SoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9798d31d-6028-4dee-8643-46102185c016\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkAlwaysOnSoftDeleteOnly\": {\n                        \"value\": \"[[parameters('checkAlwaysOnSoftDeleteOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-SoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/31b8092a-36b8-434b-9af7-5ec844364148\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkAlwaysOnSoftDeleteOnly\": {\n                        \"value\": \"[[parameters('checkAlwaysOnSoftDeleteOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-MUA\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c58e083e-7982-4e24-afdc-be14d312389e\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-MUA\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c7031eab-0fc0-4cd9-acd0-4497bd66d91a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#34": "{\n    \"name\": \"Enforce-ALZ-Decomm\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"Enforce policies in the Decommissioned Landing Zone\",\n      \"description\": \"Enforce policies in the Decommissioned Landing Zone.\",\n      \"metadata\": {\n        \"version\": \"1.0.0\",\n        \"category\": \"Decommissioned\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"alzCloudEnvironments\": [ \n          \"AzureCloud\"\n        ]\n      },\n      \"parameters\": {\n        \"listOfResourceTypesAllowed\":{\n          \"type\": \"Array\",\n          \"defaultValue\": [],\n          \"metadata\": {\n            \"displayName\": \"Allowed resource types in the Decommissioned landing zone\",\n            \"description\": \"Allowed resource types in the Decommissioned landing zone, default is none.\",\n            \"strongType\": \"resourceTypes\"\n          }\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"DecomDenyResources\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\n          \"parameters\": {\n            \"listOfResourceTypesAllowed\": {\n              \"value\": \"[[parameters('listOfResourceTypesAllowed')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n            \"policyDefinitionReferenceId\": \"DecomShutdownMachines\",\n            \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown\",\n            \"parameters\": {},\n            \"groupNames\": []\n          }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }\n  ",
+    "$fxv#35": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\n                \"policyDefinitionReferenceId\": \"Dine-Storage-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#36": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-Sup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce additional recommended guardrails for Key Vault\",\n        \"description\": \"This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"keyVaultManagedHsmDisablePublicNetworkModify\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultModifyFw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84d327c3-164a-4685-b453-900478614456\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetworkModify')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-Fw\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultModifyFw')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#37": "{\n    \"name\": \"Enforce-EncryptTransit\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n      \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_20240509.html\",\n      \"metadata\": {\n        \"version\": \"2.1.0-deprecated\",\n        \"category\": \"Encryption\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"deprecated\": true,\n        \"supersededBy\": \"Enforce-EncryptTransit_20240509\",\n        \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n        ]\n      },\n      \"parameters\": {\n        \"AppServiceHttpEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n            \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceTlsVersionEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n            \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n            \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n          }\n        },\n        \"APIAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"FunctionLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"FunctionServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"WebAppServiceLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"WebAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"AKSIngressHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n            \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"deny\",\n          \"allowedValues\": [\n            \"audit\",\n            \"deny\",\n            \"disabled\"\n          ]\n        },\n        \"MySQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"MySQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n            \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"MySQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"PostgreSQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"PostgreSQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n            \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"PostgreSQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"RedisTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"RedisMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n            \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n          }\n        },\n        \"RedisTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n            \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"SQLManagedInstanceTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLManagedInstanceMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n            \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n          }\n        },\n        \"SQLManagedInstanceTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"SQLServerTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLServerminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n            \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n          }\n        },\n        \"SQLServerTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"StorageDeployHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"StorageminimumTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_1\",\n            \"TLS1_0\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Storage Account select minimum TLS version\",\n            \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n          }\n        },\n        \"StorageHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"ContainerAppsHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n            \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Deny\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n            },\n            \"minTlsVersion\": {\n              \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }",
+    "$fxv#38": "{\n    \"name\": \"Enforce-EncryptTransit_20240509\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"ContainerAppsHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n                    \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#39": "{\n    \"name\": \"Enforce-Guardrails-ContainerApps\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Apps\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerAppsManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsVnetInjection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b346db6-85af-419b-8557-92cee2c0f9bb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApp-Vnet-Injection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsVnetInjection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsManagedIdentity')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#4": "{\n    \"name\": \"Enforce-ALZ-Sandbox\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce policies in the Sandbox Landing Zone\",\n        \"description\": \"Enforce policies in the Sandbox Landing Zone.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Sandbox\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"listOfResourceTypesNotAllowed\": {\n                \"type\": \"Array\",\n                \"defaultValue\": [],\n                \"metadata\": {\n                    \"displayName\": \"Not allowed resource types in the Sandbox landing zone\",\n                    \"description\": \"Not allowed resource types in the Sandbox landing zone, default is none.\",\n                    \"strongType\": \"resourceTypes\"\n                }\n            },\n            \"effectNotAllowedResources\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectDenyVnetPeering\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"SandboxNotAllowed\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectNotAllowedResources')]\"\n                      },\n                    \"listOfResourceTypesNotAllowed\": {\n                        \"value\": \"[[parameters('listOfResourceTypesNotAllowed')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SandboxDenyVnetPeering\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peer-Cross-Sub\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectDenyVnetPeering')]\"\n                      }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#40": "{\n    \"name\": \"Enforce-Guardrails-ContainerApps\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Apps\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerAppsManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsVnetInjection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b346db6-85af-419b-8557-92cee2c0f9bb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApp-Vnet-Injection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsVnetInjection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsManagedIdentity')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#41": "{\n    \"name\": \"Enforce-Guardrails-KeyVault\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultManagedHsmCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsPurgeProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86810a98-8e91-4a44-8386-ec66d0de5d57\",\n                \"policyDefinitionReferenceId\": \"Deny-keyVaultManagedHsm-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PurgeProtection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsPurgeProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#42": "{\n    \"name\": \"Enforce-Guardrails-Automation\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"autoHotPatch\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d02d2f7-e38b-4bdc-96f3-adc0a8726abc\",\n                \"policyDefinitionReferenceId\": \"Deny-Windows-Vm-HotPatch\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('autoHotPatch')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#43": "{\n    \"name\": \"Enforce-Guardrails-MySQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlInfraEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#44": "{\n    \"name\": \"Enforce-Guardrails-Network\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableIDPS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafAfdEnabled\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Afd-Enabled\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafAfdEnabled')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-IDPS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableIDPS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#45": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbAtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656\",\n                \"policyDefinitionReferenceId\": \"Dine-CosmosDb-Atp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbAtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#46": "{\n  \"name\": \"Deny-PublicPaaSEndpoints-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registries with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-KeyVaultPaasPublicIP\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AFSPaasPublicIP\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#47": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
-    "$fxv#48": "{\n  \"name\": \"Deploy-MDFC-Config-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#49": "{\n  \"name\": \"Enforce-Encryption-CMK\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"MySQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"PostgreSQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#40": "{\n    \"name\": \"Enforce-Guardrails-KeyVault\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultManagedHsmCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsPurgeProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86810a98-8e91-4a44-8386-ec66d0de5d57\",\n                \"policyDefinitionReferenceId\": \"Deny-keyVaultManagedHsm-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PurgeProtection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsPurgeProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#41": "{\n    \"name\": \"Enforce-Guardrails-Automation\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"autoHotPatch\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d02d2f7-e38b-4bdc-96f3-adc0a8726abc\",\n                \"policyDefinitionReferenceId\": \"Deny-Windows-Vm-HotPatch\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('autoHotPatch')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#42": "{\n    \"name\": \"Enforce-Guardrails-MySQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlInfraEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#43": "{\n    \"name\": \"Enforce-Guardrails-Network\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableIDPS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafAfdEnabled\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Afd-Enabled\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafAfdEnabled')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-IDPS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableIDPS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#44": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbAtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656\",\n                \"policyDefinitionReferenceId\": \"Dine-CosmosDb-Atp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbAtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#45": "{\n  \"name\": \"Deny-PublicPaaSEndpoints-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registries with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-KeyVaultPaasPublicIP\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AFSPaasPublicIP\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#46": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
+    "$fxv#47": "{\n  \"name\": \"Deploy-MDFC-Config-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#48": "{\n  \"name\": \"Enforce-Encryption-CMK-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"MySQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"PostgreSQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#49": "{\n  \"name\": \"Deploy-Private-DNS-Zones-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotDeviceupdatePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotDeviceupdatePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTDeviceupdate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a222b93a-e6c2-4c01-817f-21e092455b2a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotDeviceupdatePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#5": "{\n    \"name\": \"DenyAction-DeleteProtection\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"DenyAction Delete - Activity Log Settings and Diagnostic Settings\",\n        \"description\": \"Enforces DenyAction - Delete on Activity Log Settings and Diagnostic Settings.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Monitoring\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {},\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-DiagnosticSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-ActivityLogSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#50": "{\n  \"name\": \"Deploy-Private-DNS-Zones-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotDeviceupdatePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotDeviceupdatePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTDeviceupdate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a222b93a-e6c2-4c01-817f-21e092455b2a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotDeviceupdatePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#51": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#52": "{\n    \"name\": \"Enforce-EncryptTransit_20240509\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#53": "{\n    \"name\": \"Enforce-Guardrails-ContainerApps\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Apps\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"containerAppsManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsManagedIdentity')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#54": "{\n    \"name\": \"Enforce-Guardrails-KeyVault\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsPurgeProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PurgeProtection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsPurgeProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#55": "{\n    \"name\": \"Enforce-Guardrails-Automation\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#56": "{\n    \"name\": \"Enforce-Guardrails-MySQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#57": "{\n    \"name\": \"Enforce-Guardrails-Network\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableIDPS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-IDPS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableIDPS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#58": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#59": "{\n  \"name\": \"Deny-PublicPaaSEndpoints\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that  Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registires with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicEndpoint-MariaDB\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#50": "{\n    \"name\": \"Enforce-Guardrails-Storage-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#51": "{\n    \"name\": \"Enforce-EncryptTransit_20240509-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#52": "{\n    \"name\": \"Enforce-Guardrails-ContainerApps-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Apps\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"containerAppsManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsManagedIdentity')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#53": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsPurgeProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PurgeProtection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsPurgeProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#54": "{\n    \"name\": \"Enforce-Guardrails-Automation-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#55": "{\n    \"name\": \"Enforce-Guardrails-MySQL-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#56": "{\n    \"name\": \"Enforce-Guardrails-Network-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableIDPS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-IDPS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableIDPS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#57": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#58": "{\n  \"name\": \"Deny-PublicPaaSEndpoints\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that  Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registires with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicEndpoint-MariaDB\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#59": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
     "$fxv#6": "{\n    \"name\": \"Deploy-AUM-CheckUpdates\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Configure periodic checking for missing system updates on azure virtual machines and Arc-enabled virtual machines\",\n        \"description\": \"Configure auto-assessment (every 24 hours) for OS updates. You can control the scope of assignment according to machine subscription, resource group, location or tag. Learn more about this for Windows: https://aka.ms/computevm-windowspatchassessmentmode, for Linux: https://aka.ms/computevm-linuxpatchassessmentmode.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"assessmentMode\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Assessment mode\",\n                    \"description\": \"Assessment mode for the machines.\"\n                },\n                \"allowedValues\": [\n                    \"ImageDefault\",\n                    \"AutomaticByPlatform\"\n                ],\n                \"defaultValue\": \"AutomaticByPlatform\"\n            },\n            \"locations\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Machines locations\",\n                    \"description\": \"The list of locations from which machines need to be targeted.\",\n                    \"strongType\": \"location\"\n                },\n                \"defaultValue\": []\n            },\n            \"tagValues\": {\n                \"type\": \"Object\",\n                \"metadata\": {\n                    \"displayName\": \"Tags on machines\",\n                    \"description\": \"The list of tags that need to matched for getting target machines.\"\n                },\n                \"defaultValue\": {}\n            },\n            \"tagOperator\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Tag operator\",\n                    \"description\": \"Matching condition for resource tags\"\n                },\n                \"allowedValues\": [\n                    \"All\",\n                    \"Any\"\n                ],\n                \"defaultValue\": \"Any\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmCheckUpdateWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Windows\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmCheckUpdateLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Linux\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmArcCheckUpdateWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfea026e-043f-4ff4-9d1b-bf301ca7ff46\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Windows\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmArcCheckUpdateLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfea026e-043f-4ff4-9d1b-bf301ca7ff46\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Linux\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#60": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
-    "$fxv#61": "{\n  \"name\": \"Deploy-MDFC-Config\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForDns\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForArm\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForStorage\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForStorageAccounts\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c30959-af11-47b3-9ed2-a26e03f427a3\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForStorage')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForDns\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForDns')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForArm\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForArm')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#62": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
-    "$fxv#63": "{\n  \"name\": \"Enforce-Encryption-CMK\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#64": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\n                \"policyDefinitionReferenceId\": \"Dine-Storage-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#65": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-Sup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce additional recommended guardrails for Key Vault\",\n        \"description\": \"This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"keyVaultManagedHsmDisablePublicNetworkModify\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultModifyFw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84d327c3-164a-4685-b453-900478614456\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetworkModify')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-Fw\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultModifyFw')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#66": "{\n    \"name\": \"Enforce-EncryptTransit\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n      \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_20240509.html\",\n      \"metadata\": {\n        \"version\": \"2.1.0-deprecated\",\n        \"category\": \"Encryption\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"deprecated\": true,\n        \"supersededBy\": \"Enforce-EncryptTransit_20240509\",\n        \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n        ]\n      },\n      \"parameters\": {\n        \"AppServiceHttpEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n            \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceTlsVersionEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n            \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n            \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n          }\n        },\n        \"APIAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"FunctionLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"FunctionServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"WebAppServiceLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"WebAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"AKSIngressHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n            \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"deny\",\n          \"allowedValues\": [\n            \"audit\",\n            \"deny\",\n            \"disabled\"\n          ]\n        },\n        \"MySQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"MySQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n            \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"MySQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"PostgreSQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"PostgreSQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n            \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"PostgreSQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"RedisTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"RedisMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n            \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n          }\n        },\n        \"RedisTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n            \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"SQLManagedInstanceTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLManagedInstanceMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n            \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n          }\n        },\n        \"SQLManagedInstanceTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"SQLServerTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLServerminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n            \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n          }\n        },\n        \"SQLServerTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"StorageDeployHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"StorageminimumTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_1\",\n            \"TLS1_0\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Storage Account select minimum TLS version\",\n            \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n          }\n        },\n        \"StorageHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"ContainerAppsHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n            \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Deny\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n            },\n            \"minTlsVersion\": {\n              \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }",
-    "$fxv#67": "{\n    \"name\": \"Enforce-EncryptTransit_20240509\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"ContainerAppsHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n                    \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#68": "{\n    \"name\": \"Enforce-Guardrails-ContainerApps\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Apps\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerAppsManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsVnetInjection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b346db6-85af-419b-8557-92cee2c0f9bb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApp-Vnet-Injection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsVnetInjection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsManagedIdentity')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#69": "{\n    \"name\": \"Enforce-Guardrails-KeyVault\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultManagedHsmCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsPurgeProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86810a98-8e91-4a44-8386-ec66d0de5d57\",\n                \"policyDefinitionReferenceId\": \"Deny-keyVaultManagedHsm-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PurgeProtection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsPurgeProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#60": "{\n  \"name\": \"Deploy-MDFC-Config\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForDns\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForArm\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForStorage\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForStorageAccounts\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c30959-af11-47b3-9ed2-a26e03f427a3\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForStorage')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForDns\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForDns')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForArm\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForArm')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#61": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
+    "$fxv#62": "{\n  \"name\": \"Enforce-Encryption-CMK\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#63": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\n                \"policyDefinitionReferenceId\": \"Dine-Storage-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#64": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-Sup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce additional recommended guardrails for Key Vault\",\n        \"description\": \"This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"keyVaultManagedHsmDisablePublicNetworkModify\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultModifyFw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84d327c3-164a-4685-b453-900478614456\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetworkModify')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-Fw\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultModifyFw')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#65": "{\n    \"name\": \"Enforce-EncryptTransit\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n      \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_20240509.html\",\n      \"metadata\": {\n        \"version\": \"2.1.0-deprecated\",\n        \"category\": \"Encryption\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"deprecated\": true,\n        \"supersededBy\": \"Enforce-EncryptTransit_20240509\",\n        \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n        ]\n      },\n      \"parameters\": {\n        \"AppServiceHttpEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n            \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceTlsVersionEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n            \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n            \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n          }\n        },\n        \"APIAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"FunctionLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"FunctionServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"WebAppServiceLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"WebAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"AKSIngressHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n            \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"deny\",\n          \"allowedValues\": [\n            \"audit\",\n            \"deny\",\n            \"disabled\"\n          ]\n        },\n        \"MySQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"MySQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n            \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"MySQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"PostgreSQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"PostgreSQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n            \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"PostgreSQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"RedisTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"RedisMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n            \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n          }\n        },\n        \"RedisTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n            \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"SQLManagedInstanceTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLManagedInstanceMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n            \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n          }\n        },\n        \"SQLManagedInstanceTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"SQLServerTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLServerminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n            \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n          }\n        },\n        \"SQLServerTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"StorageDeployHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"StorageminimumTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_1\",\n            \"TLS1_0\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Storage Account select minimum TLS version\",\n            \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n          }\n        },\n        \"StorageHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"ContainerAppsHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n            \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Deny\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n            },\n            \"minTlsVersion\": {\n              \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }",
+    "$fxv#66": "{\n    \"name\": \"Enforce-EncryptTransit_20240509\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"ContainerAppsHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n                    \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#67": "{\n    \"name\": \"Enforce-Guardrails-ContainerApps\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Apps\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerAppsManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsVnetInjection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b346db6-85af-419b-8557-92cee2c0f9bb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApp-Vnet-Injection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsVnetInjection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsManagedIdentity')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#68": "{\n    \"name\": \"Enforce-Guardrails-KeyVault\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultManagedHsmCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsPurgeProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86810a98-8e91-4a44-8386-ec66d0de5d57\",\n                \"policyDefinitionReferenceId\": \"Deny-keyVaultManagedHsm-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PurgeProtection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsPurgeProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#69": "{\n    \"name\": \"Enforce-Guardrails-Automation\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"autoHotPatch\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d02d2f7-e38b-4bdc-96f3-adc0a8726abc\",\n                \"policyDefinitionReferenceId\": \"Deny-Windows-Vm-HotPatch\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('autoHotPatch')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#7": "{\n    \"name\": \"Enforce-Guardrails-APIM\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for API Management\",\n        \"description\": \"This policy initiative is a group of policies that ensures API Management is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"API Management\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"apiSubscriptionScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"minimumApiVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimSkuVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimApiBackendCertValidation\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimDirectApiEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimCallApiAuthn\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimEncryptedProtocols\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimVnetUsage\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimSecrets\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f1cc7827-022c-473e-836e-5a51cae0b249\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-without-Kv\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimSecrets')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ef619a2c-cc4d-4d03-b2ba-8c94a834d85b\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-without-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimVnetUsage')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-APIM-TLS\",\n                \"policyDefinitionReferenceId\": \"Deny-APIM-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee7495e7-3ba7-40b6-bfee-c29e22cc75d4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Protocols\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimEncryptedProtocols')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c15dcc82-b93c-4dcb-9332-fbf121685b54\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Authn\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimCallApiAuthn')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b741306c-968e-4b67-b916-5675e5c709f4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Direct-Endpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimDirectApiEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92bb331d-ac71-416a-8c91-02f2cb734ce4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Cert-Validation\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimApiBackendCertValidation')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ca8c8ac-3a6e-493d-99ba-c5fa35347ff2\",\n                \"policyDefinitionReferenceId\": \"Dine-Apim-Public-NetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimDisablePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/73ef9241-5d81-4cd4-b483-8443d1730fe5\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Sku-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimSkuVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/549814b6-3212-4203-bdc8-1548d342fb67\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('minimumApiVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3aa03346-d8c5-4994-a5bc-7652c2a2aef1\",\n                \"policyDefinitionReferenceId\": \"Deny-Api-subscription-scope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apiSubscriptionScope')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#70": "{\n    \"name\": \"Enforce-Guardrails-Automation\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"autoHotPatch\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d02d2f7-e38b-4bdc-96f3-adc0a8726abc\",\n                \"policyDefinitionReferenceId\": \"Deny-Windows-Vm-HotPatch\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('autoHotPatch')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#71": "{\n    \"name\": \"Enforce-Guardrails-MySQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlInfraEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#72": "{\n    \"name\": \"Enforce-Guardrails-Network\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableIDPS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafAfdEnabled\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Afd-Enabled\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafAfdEnabled')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-IDPS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableIDPS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#73": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbAtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656\",\n                \"policyDefinitionReferenceId\": \"Dine-CosmosDb-Atp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbAtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#70": "{\n    \"name\": \"Enforce-Guardrails-MySQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlInfraEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#71": "{\n    \"name\": \"Enforce-Guardrails-Network\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableIDPS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafAfdEnabled\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Afd-Enabled\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafAfdEnabled')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-IDPS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableIDPS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#72": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbAtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656\",\n                \"policyDefinitionReferenceId\": \"Dine-CosmosDb-Atp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbAtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#8": "{\n    \"name\": \"Enforce-Guardrails-AppServices\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for App Service\",\n        \"description\": \"This policy initiative is a group of policies that ensures App Service is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"App Service\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"functionAppDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceSkuPl\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceDisableLocalAuthFtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceRouting\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceScmAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceRfc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsRfc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsVnetRouting\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceEnvLatestVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsRemoteDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsRemoteDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceByoc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsModifyHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppService-without-BYOC\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Byoc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceByoc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a5e3fe8f-f6cd-4f1d-bbf6-c749754a724b\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Remote-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsRemoteDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cca5adfe-626b-4cc6-8522-f5b6ed2391bd\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Remote-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsRemoteDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eb4d34ab-0929-491c-bbf3-61e13da19f9a\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Latest-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceEnvLatestVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/801543d1-1953-4a90-b8b0-8cf6d41473a5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Vnet-Routing\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsVnetRouting')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f5c0bfb3-acea-47b1-b477-b0edcdf6edc1\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Rfc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceRfc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a691eacb-474d-47e4-b287-b4813ca44222\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServiceApps-Rfc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsRfc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/70adbb40-e092-42d5-a6f8-71c540a5efdb\",\n                \"policyDefinitionReferenceId\": \"DINE-FuncApp-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e97b776-f380-4722-a9a3-e7f0be029e79\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-ScmAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceScmAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5747353b-1ca9-42c1-a4dd-b874b894f3d4\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-Routing\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceRouting')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/572e342c-c920-4ef5-be2e-1ed3c6a51dc5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-FtpAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceDisableLocalAuthFtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/546fe8d2-368d-4029-a418-6af48a7f61e5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-SkuPl\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceSkuPl')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2c034a29-2a5f-4857-b120-f800fe5549ae\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceDisableLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a5046c-c423-4805-9235-e844ae9ef49b\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08cf2974-d178-48a0-b26d-f6b8e555748b\",\n                \"policyDefinitionReferenceId\": \"Modify-Function-Apps-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsModifyHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0f98368e-36bc-4716-8ac2-8f8067203b63\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/242222f3-4985-4e99-b5ef-086d6a6cb01c\",\n                \"policyDefinitionReferenceId\": \"Modify-Function-Apps-Slots-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2374605e-3e0b-492b-9046-229af202562c\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-Apps-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c6c3e00e-d414-4ca4-914f-406699bb8eee\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-App-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#9": "{\n    \"name\": \"Enforce-Guardrails-CognitiveServices\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cognitive Services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cognitive Services is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cognitiveSearchSku\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveSearchLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyCognitiveSearchLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyCognitiveSearchPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a049bf77-880b-470f-ba6d-9f21c530cf83\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-SKU\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchSku')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6300012e-e9a4-4649-b41f-a85f5c43be91\",\n                \"policyDefinitionReferenceId\": \"Deny-CongitiveSearch-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4eb216f2-9dba-4979-86e6-5d7e63ce3b75\",\n                \"policyDefinitionReferenceId\": \"Modify-CogntiveSearch-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyCognitiveSearchLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9cee519f-d9c1-4fd9-9f79-24ec3449ed30\",\n                \"policyDefinitionReferenceId\": \"Modify-CogntiveSearch-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyCognitiveSearchPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47ba1dd7-28d9-4b07-a8d5-9813bed64e0c\",\n                \"policyDefinitionReferenceId\": \"Modify-Cognitive-Services-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "cloudEnv": "[environment().name]",
@@ -187,10 +186,10 @@
         "[variables('$fxv#21')]",
         "[variables('$fxv#22')]",
         "[variables('$fxv#23')]",
-        "[variables('$fxv#24')]",
-        "[variables('$fxv#25')]"
+        "[variables('$fxv#24')]"
       ],
       "AzureCloud": [
+        "[variables('$fxv#25')]",
         "[variables('$fxv#26')]",
         "[variables('$fxv#27')]",
         "[variables('$fxv#28')]",
@@ -209,10 +208,10 @@
         "[variables('$fxv#41')]",
         "[variables('$fxv#42')]",
         "[variables('$fxv#43')]",
-        "[variables('$fxv#44')]",
-        "[variables('$fxv#45')]"
+        "[variables('$fxv#44')]"
       ],
       "AzureChinaCloud": [
+        "[variables('$fxv#45')]",
         "[variables('$fxv#46')]",
         "[variables('$fxv#47')]",
         "[variables('$fxv#48')]",
@@ -224,10 +223,10 @@
         "[variables('$fxv#54')]",
         "[variables('$fxv#55')]",
         "[variables('$fxv#56')]",
-        "[variables('$fxv#57')]",
-        "[variables('$fxv#58')]"
+        "[variables('$fxv#57')]"
       ],
       "AzureUSGovernment": [
+        "[variables('$fxv#58')]",
         "[variables('$fxv#59')]",
         "[variables('$fxv#60')]",
         "[variables('$fxv#61')]",
@@ -241,8 +240,7 @@
         "[variables('$fxv#69')]",
         "[variables('$fxv#70')]",
         "[variables('$fxv#71')]",
-        "[variables('$fxv#72')]",
-        "[variables('$fxv#73')]"
+        "[variables('$fxv#72')]"
       ]
     },
     "policySetDefinitionsByCloudType": {
diff --git a/src/templates/initiatives.bicep b/src/templates/initiatives.bicep
index a471d99eda..5a884771d5 100644
--- a/src/templates/initiatives.bicep
+++ b/src/templates/initiatives.bicep
@@ -56,7 +56,6 @@ var loadPolicySetDefinitions = {
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-PostgreSQL.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ServiceBus.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-SQL.json') // FSI specific initiative
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Synapse.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-VirtualDesktop.json') // FSI specific initiative
   ]

From 776be0ae5d259acdcaf959421638cb33173da163 Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Mon, 5 Aug 2024 18:36:25 +0800
Subject: [PATCH 16/43] Update policyset definition metadata

---
 .../policySetDefinitions/Enforce-EncryptTransit_20240509.json    | 1 -
 .../policySetDefinitions/Enforce-Guardrails-Automation.json      | 1 -
 .../policySetDefinitions/Enforce-Guardrails-ContainerApps.json   | 1 -
 .../policySetDefinitions/Enforce-Guardrails-CosmosDb.json        | 1 -
 .../policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.json    | 1 -
 .../policySetDefinitions/Enforce-Guardrails-KeyVault.json        | 1 -
 .../policySetDefinitions/Enforce-Guardrails-MySQL.json           | 1 -
 .../policySetDefinitions/Enforce-Guardrails-Network.json         | 1 -
 .../policySetDefinitions/Enforce-Guardrails-Storage.json         | 1 -
 9 files changed, 9 deletions(-)

diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.json
index 1d96c3c4ba..cc7214c6ed 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.json
@@ -14,7 +14,6 @@
             "replacesPolicy": "Enforce-EncryptTransit",
             "alzCloudEnvironments": [
                 "AzureCloud",
-                "AzureChinaCloud",
                 "AzureUSGovernment"
             ]
         },
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.json
index 3bcb0f4344..2bfd86c6ad 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.json
@@ -13,7 +13,6 @@
             "source": "https://github.com/Azure/Enterprise-Scale/",
             "alzCloudEnvironments": [
                 "AzureCloud",
-                "AzureChinaCloud",
                 "AzureUSGovernment"
             ]
         },
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.json
index 55ab33e46a..e8b63fa8cd 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.json
@@ -13,7 +13,6 @@
             "source": "https://github.com/Azure/Enterprise-Scale/",
             "alzCloudEnvironments": [
                 "AzureCloud",
-                "AzureChinaCloud",
                 "AzureUSGovernment"
             ]
         },
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.json
index 78b5883aab..d51825513e 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.json
@@ -13,7 +13,6 @@
             "source": "https://github.com/Azure/Enterprise-Scale/",
             "alzCloudEnvironments": [
                 "AzureCloud",
-                "AzureChinaCloud",
                 "AzureUSGovernment"
             ]
         },
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.json
index 3c68197a8e..67608838e1 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.json
@@ -13,7 +13,6 @@
             "source": "https://github.com/Azure/Enterprise-Scale/",
             "alzCloudEnvironments": [
                 "AzureCloud",
-                "AzureChinaCloud",
                 "AzureUSGovernment"
             ]
         },
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json
index 0ae85c071b..15f5759341 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json
@@ -13,7 +13,6 @@
             "source": "https://github.com/Azure/Enterprise-Scale/",
             "alzCloudEnvironments": [
                 "AzureCloud",
-                "AzureChinaCloud",
                 "AzureUSGovernment"
             ]
         },
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.json
index ce2b30161f..ef5db71614 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.json
@@ -13,7 +13,6 @@
             "source": "https://github.com/Azure/Enterprise-Scale/",
             "alzCloudEnvironments": [
                 "AzureCloud",
-                "AzureChinaCloud",
                 "AzureUSGovernment"
             ]
         },
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.json
index a90c9872ab..72999f5523 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.json
@@ -13,7 +13,6 @@
             "source": "https://github.com/Azure/Enterprise-Scale/",
             "alzCloudEnvironments": [
                 "AzureCloud",
-                "AzureChinaCloud",
                 "AzureUSGovernment"
             ]
         },
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.json
index c5abdeee28..340f120813 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.json
@@ -13,7 +13,6 @@
             "source": "https://github.com/Azure/Enterprise-Scale/",
             "alzCloudEnvironments": [
                 "AzureCloud",
-                "AzureChinaCloud",
                 "AzureUSGovernment"
             ]
         },

From ac3f1051392b7e6bda71c81db99c6f3bed383144 Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Mon, 5 Aug 2024 21:55:31 +0800
Subject: [PATCH 17/43] Update to cope with missing build-in policy in
 policyset

---
 ...cDINE-PrivateDNSZonesPolicyAssignment.json |   7 +-
 .../policyDefinitions/initiatives.json        |  72 +++--
 ...loy-Private-DNS-Zones.AzureChinaCloud.json |  21 --
 ...cryptTransit_20240509.AzureChinaCloud.json |  19 --
 ...Guardrails-Automation.AzureChinaCloud.json |  19 --
 ...e-Guardrails-KeyVault.AzureChinaCloud.json |  19 --
 ...ce-Guardrails-Network.AzureChinaCloud.json |  19 --
 src/templates/initiatives.bicep               |   2 +-
 src/templates/initiatives.json                | 281 ++++++++++++++++++
 9 files changed, 322 insertions(+), 137 deletions(-)
 create mode 100644 src/templates/initiatives.json

diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json
index 8c1af5096d..f547eefea4 100644
--- a/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json
@@ -165,7 +165,8 @@
             //"azureManagedGrafanaWorkspacePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.grafana.azure.com')]",
             "azureVirtualDesktopHostpoolPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.wvd.azure.cn')]",
             "azureVirtualDesktopWorkspacePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink-global.wvd.azure.cn')]",
-            "azureIotDeviceupdatePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azure-devices.cn')]",
+            // Remove "azureIotDeviceupdatePrivateDnsZoneId" due to missing built-in Policy Definitions(a222b93a-e6c2-4c01-817f-21e092455b2a)
+            //"azureIotDeviceupdatePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azure-devices.cn')]",
             // Azure Arc is NOT supported in Mooncake yet
             //"azureArcGuestconfigurationPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.guestconfiguration.azure.com')]",
             //"azureArcHybridResourceProviderPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.his.arc.azure.com')]",
@@ -366,10 +367,12 @@
                     "azureVirtualDesktopWorkspacePrivateDnsZoneId": {
                         "value": "[variables('policyParameterMapping').azureVirtualDesktopWorkspacePrivateDnsZoneId]"
                     },
+                    /*
+                    Remove "azureIotDeviceupdatePrivateDnsZoneId" due to missing built-in Policy Definitions(a222b93a-e6c2-4c01-817f-21e092455b2a)
                     "azureIotDeviceupdatePrivateDnsZoneId": {
                         "value": "[variables('policyParameterMapping').azureIotDeviceupdatePrivateDnsZoneId]"
                     },
-
+                    */
                     "azureStorageTablePrivateDnsZoneId": {
                         "value": "[variables('policyParameterMapping').azureStorageTablePrivateDnsZoneId]"
                     },
diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
index 97a13b9c95..fc0ac0f296 100644
--- a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
+++ b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.22.6.54827",
-      "templateHash": "11926918519774617838"
+      "templateHash": "5367044722578931295"
     }
   },
   "parameters": {
@@ -105,48 +105,47 @@
     "$fxv#32": "{\n  \"name\": \"Deploy-MDFC-DefenderSQL-AMA\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Configure SQL VM and Arc-enabled SQL Servers to install Microsoft Defender for SQL and AMA with a user-defined LAW\",\n    \"description\": \"Initiative is deprecated as the built-in initiative now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/de01d381-bae9-4670-8870-786f89f49e26.html\",\n    \"metadata\": {\n      \"version\": \"1.0.1-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"de01d381-bae9-4670-8870-786f89f49e26\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      },\n      \"userWorkspaceResourceId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace Resource Id\",\n          \"description\": \"Workspace resource Id of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n        \"type\": \"Boolean\",\n        \"metadata\": {\n          \"displayName\": \"Enable collection of SQL queries for security research\",\n          \"description\": \"Enable or disable the collection of SQL queries for security research.\"\n        },\n        \"allowedValues\": [\n          true,\n          false\n        ],\n        \"defaultValue\": false\n      },\n      \"identityResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Identity Resource Group\",\n          \"description\": \"The name of the resource group created by the policy.\"\n        },\n        \"defaultValue\": \"\"\n      },\n      \"userAssignedIdentityName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"User Assigned Managed Identity Name\",\n          \"description\": \"The name of the user assigned managed identity.\"\n        },\n        \"defaultValue\": \"\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcAma\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3592ff98-9787-443a-af59-4505d0fe0786\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcMdsql\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65503269-6a54-4553-8a28-0065a8e6d929\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcMdsqlDcr\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-Arc-Sql-DefenderSQL-DCR\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"userWorkspaceResourceId\": {\n            \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n            \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcDcrAssociation\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-Arc-SQL-DCR-Association\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlAma\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-AMA\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"identityResourceGroup\": {\n            \"value\": \"[[parameters('identityResourceGroup')]\"\n          },\n          \"userAssignedIdentityName\": {\n            \"value\": \"[[parameters('userAssignedIdentityName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlMdsql\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-DefenderSQL\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlMdsqlDcr\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-DefenderSQL-DCR\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"Disabled\"\n          },\n          \"userWorkspaceResourceId\": {\n            \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n            \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
     "$fxv#33": "{\n    \"name\": \"Enforce-Backup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce enhanced recovery and backup policies\",\n        \"description\": \"Enforce enhanced recovery and backup policies on assigned scopes.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Backup\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"version\": \"1.0.0\",\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"checkLockedImmutabilityOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"checkLockedImmutabilityOnly\",\n                    \"description\": \"This parameter checks if Immutability is locked for Backup Vaults in scope. Selecting 'true' will mark only vaults with Immutability 'Locked' as compliant. Selecting 'false' will mark vaults that have Immutability either 'Enabled' or 'Locked' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            },\n            \"checkAlwaysOnSoftDeleteOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"CheckAlwaysOnSoftDeleteOnly\",\n                    \"description\": \"This parameter checks if Soft Delete is 'Locked' for Backup Vaults in scope. Selecting 'true' will mark only vaults with Soft Delete 'AlwaysOn' as compliant. Selecting 'false' will mark vaults that have Soft Delete either 'On' or 'AlwaysOn' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2514263b-bc0d-4b06-ac3e-f262c0979018\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabiltyOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6f6f560-14b7-49a4-9fc8-d2c3a9807868\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabilityOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-SoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9798d31d-6028-4dee-8643-46102185c016\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkAlwaysOnSoftDeleteOnly\": {\n                        \"value\": \"[[parameters('checkAlwaysOnSoftDeleteOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-SoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/31b8092a-36b8-434b-9af7-5ec844364148\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkAlwaysOnSoftDeleteOnly\": {\n                        \"value\": \"[[parameters('checkAlwaysOnSoftDeleteOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-MUA\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c58e083e-7982-4e24-afdc-be14d312389e\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-MUA\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c7031eab-0fc0-4cd9-acd0-4497bd66d91a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
     "$fxv#34": "{\n    \"name\": \"Enforce-ALZ-Decomm\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"Enforce policies in the Decommissioned Landing Zone\",\n      \"description\": \"Enforce policies in the Decommissioned Landing Zone.\",\n      \"metadata\": {\n        \"version\": \"1.0.0\",\n        \"category\": \"Decommissioned\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"alzCloudEnvironments\": [ \n          \"AzureCloud\"\n        ]\n      },\n      \"parameters\": {\n        \"listOfResourceTypesAllowed\":{\n          \"type\": \"Array\",\n          \"defaultValue\": [],\n          \"metadata\": {\n            \"displayName\": \"Allowed resource types in the Decommissioned landing zone\",\n            \"description\": \"Allowed resource types in the Decommissioned landing zone, default is none.\",\n            \"strongType\": \"resourceTypes\"\n          }\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"DecomDenyResources\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\n          \"parameters\": {\n            \"listOfResourceTypesAllowed\": {\n              \"value\": \"[[parameters('listOfResourceTypesAllowed')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n            \"policyDefinitionReferenceId\": \"DecomShutdownMachines\",\n            \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown\",\n            \"parameters\": {},\n            \"groupNames\": []\n          }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }\n  ",
-    "$fxv#35": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\n                \"policyDefinitionReferenceId\": \"Dine-Storage-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#36": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-Sup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce additional recommended guardrails for Key Vault\",\n        \"description\": \"This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"keyVaultManagedHsmDisablePublicNetworkModify\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultModifyFw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84d327c3-164a-4685-b453-900478614456\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetworkModify')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-Fw\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultModifyFw')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#35": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\n                \"policyDefinitionReferenceId\": \"Dine-Storage-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#36": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-Sup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce additional recommended guardrails for Key Vault\",\n        \"description\": \"This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"keyVaultManagedHsmDisablePublicNetworkModify\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultModifyFw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84d327c3-164a-4685-b453-900478614456\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetworkModify')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-Fw\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultModifyFw')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#37": "{\n    \"name\": \"Enforce-EncryptTransit\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n      \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_20240509.html\",\n      \"metadata\": {\n        \"version\": \"2.1.0-deprecated\",\n        \"category\": \"Encryption\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"deprecated\": true,\n        \"supersededBy\": \"Enforce-EncryptTransit_20240509\",\n        \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n        ]\n      },\n      \"parameters\": {\n        \"AppServiceHttpEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n            \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceTlsVersionEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n            \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n            \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n          }\n        },\n        \"APIAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"FunctionLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"FunctionServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"WebAppServiceLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"WebAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"AKSIngressHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n            \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"deny\",\n          \"allowedValues\": [\n            \"audit\",\n            \"deny\",\n            \"disabled\"\n          ]\n        },\n        \"MySQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"MySQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n            \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"MySQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"PostgreSQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"PostgreSQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n            \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"PostgreSQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"RedisTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"RedisMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n            \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n          }\n        },\n        \"RedisTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n            \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"SQLManagedInstanceTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLManagedInstanceMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n            \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n          }\n        },\n        \"SQLManagedInstanceTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"SQLServerTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLServerminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n            \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n          }\n        },\n        \"SQLServerTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"StorageDeployHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"StorageminimumTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_1\",\n            \"TLS1_0\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Storage Account select minimum TLS version\",\n            \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n          }\n        },\n        \"StorageHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"ContainerAppsHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n            \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Deny\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n            },\n            \"minTlsVersion\": {\n              \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }",
-    "$fxv#38": "{\n    \"name\": \"Enforce-EncryptTransit_20240509\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"ContainerAppsHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n                    \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#39": "{\n    \"name\": \"Enforce-Guardrails-ContainerApps\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Apps\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerAppsManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsVnetInjection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b346db6-85af-419b-8557-92cee2c0f9bb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApp-Vnet-Injection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsVnetInjection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsManagedIdentity')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#38": "{\n    \"name\": \"Enforce-EncryptTransit_20240509\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"ContainerAppsHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n                    \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#39": "{\n    \"name\": \"Enforce-Guardrails-ContainerApps\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Apps\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerAppsManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsVnetInjection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b346db6-85af-419b-8557-92cee2c0f9bb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApp-Vnet-Injection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsVnetInjection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsManagedIdentity')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#4": "{\n    \"name\": \"Enforce-ALZ-Sandbox\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce policies in the Sandbox Landing Zone\",\n        \"description\": \"Enforce policies in the Sandbox Landing Zone.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Sandbox\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"listOfResourceTypesNotAllowed\": {\n                \"type\": \"Array\",\n                \"defaultValue\": [],\n                \"metadata\": {\n                    \"displayName\": \"Not allowed resource types in the Sandbox landing zone\",\n                    \"description\": \"Not allowed resource types in the Sandbox landing zone, default is none.\",\n                    \"strongType\": \"resourceTypes\"\n                }\n            },\n            \"effectNotAllowedResources\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectDenyVnetPeering\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"SandboxNotAllowed\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectNotAllowedResources')]\"\n                      },\n                    \"listOfResourceTypesNotAllowed\": {\n                        \"value\": \"[[parameters('listOfResourceTypesNotAllowed')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SandboxDenyVnetPeering\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peer-Cross-Sub\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectDenyVnetPeering')]\"\n                      }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#40": "{\n    \"name\": \"Enforce-Guardrails-KeyVault\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultManagedHsmCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsPurgeProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86810a98-8e91-4a44-8386-ec66d0de5d57\",\n                \"policyDefinitionReferenceId\": \"Deny-keyVaultManagedHsm-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PurgeProtection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsPurgeProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#41": "{\n    \"name\": \"Enforce-Guardrails-Automation\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"autoHotPatch\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d02d2f7-e38b-4bdc-96f3-adc0a8726abc\",\n                \"policyDefinitionReferenceId\": \"Deny-Windows-Vm-HotPatch\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('autoHotPatch')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#42": "{\n    \"name\": \"Enforce-Guardrails-MySQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlInfraEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#43": "{\n    \"name\": \"Enforce-Guardrails-Network\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableIDPS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafAfdEnabled\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Afd-Enabled\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafAfdEnabled')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-IDPS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableIDPS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#44": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbAtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656\",\n                \"policyDefinitionReferenceId\": \"Dine-CosmosDb-Atp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbAtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#40": "{\n    \"name\": \"Enforce-Guardrails-KeyVault\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultManagedHsmCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsPurgeProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86810a98-8e91-4a44-8386-ec66d0de5d57\",\n                \"policyDefinitionReferenceId\": \"Deny-keyVaultManagedHsm-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PurgeProtection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsPurgeProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#41": "{\n    \"name\": \"Enforce-Guardrails-Automation\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"autoHotPatch\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d02d2f7-e38b-4bdc-96f3-adc0a8726abc\",\n                \"policyDefinitionReferenceId\": \"Deny-Windows-Vm-HotPatch\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('autoHotPatch')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#42": "{\n    \"name\": \"Enforce-Guardrails-MySQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlInfraEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#43": "{\n    \"name\": \"Enforce-Guardrails-Network\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableIDPS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafAfdEnabled\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Afd-Enabled\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafAfdEnabled')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-IDPS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableIDPS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#44": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbAtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656\",\n                \"policyDefinitionReferenceId\": \"Dine-CosmosDb-Atp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbAtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#45": "{\n  \"name\": \"Deny-PublicPaaSEndpoints-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registries with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-KeyVaultPaasPublicIP\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AFSPaasPublicIP\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#46": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
     "$fxv#47": "{\n  \"name\": \"Deploy-MDFC-Config-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#48": "{\n  \"name\": \"Enforce-Encryption-CMK-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"MySQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"PostgreSQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#49": "{\n  \"name\": \"Deploy-Private-DNS-Zones-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotDeviceupdatePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotDeviceupdatePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTDeviceupdate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a222b93a-e6c2-4c01-817f-21e092455b2a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotDeviceupdatePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#49": "{\n  \"name\": \"Deploy-Private-DNS-Zones-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#5": "{\n    \"name\": \"DenyAction-DeleteProtection\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"DenyAction Delete - Activity Log Settings and Diagnostic Settings\",\n        \"description\": \"Enforces DenyAction - Delete on Activity Log Settings and Diagnostic Settings.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Monitoring\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {},\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-DiagnosticSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-ActivityLogSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#50": "{\n    \"name\": \"Enforce-Guardrails-Storage-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#51": "{\n    \"name\": \"Enforce-EncryptTransit_20240509-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#52": "{\n    \"name\": \"Enforce-Guardrails-ContainerApps-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Apps\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"containerAppsManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsManagedIdentity')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#53": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsPurgeProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PurgeProtection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsPurgeProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#54": "{\n    \"name\": \"Enforce-Guardrails-Automation-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#55": "{\n    \"name\": \"Enforce-Guardrails-MySQL-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#56": "{\n    \"name\": \"Enforce-Guardrails-Network-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableIDPS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-IDPS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableIDPS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#57": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#58": "{\n  \"name\": \"Deny-PublicPaaSEndpoints\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that  Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registires with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicEndpoint-MariaDB\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#59": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
+    "$fxv#51": "{\n    \"name\": \"Enforce-EncryptTransit_20240509-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#52": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#53": "{\n    \"name\": \"Enforce-Guardrails-Automation-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#54": "{\n    \"name\": \"Enforce-Guardrails-MySQL-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#55": "{\n    \"name\": \"Enforce-Guardrails-Network-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#56": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#57": "{\n  \"name\": \"Deny-PublicPaaSEndpoints\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that  Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registires with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicEndpoint-MariaDB\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#58": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
+    "$fxv#59": "{\n  \"name\": \"Deploy-MDFC-Config\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForDns\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForArm\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForStorage\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForStorageAccounts\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c30959-af11-47b3-9ed2-a26e03f427a3\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForStorage')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForDns\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForDns')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForArm\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForArm')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#6": "{\n    \"name\": \"Deploy-AUM-CheckUpdates\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Configure periodic checking for missing system updates on azure virtual machines and Arc-enabled virtual machines\",\n        \"description\": \"Configure auto-assessment (every 24 hours) for OS updates. You can control the scope of assignment according to machine subscription, resource group, location or tag. Learn more about this for Windows: https://aka.ms/computevm-windowspatchassessmentmode, for Linux: https://aka.ms/computevm-linuxpatchassessmentmode.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"assessmentMode\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Assessment mode\",\n                    \"description\": \"Assessment mode for the machines.\"\n                },\n                \"allowedValues\": [\n                    \"ImageDefault\",\n                    \"AutomaticByPlatform\"\n                ],\n                \"defaultValue\": \"AutomaticByPlatform\"\n            },\n            \"locations\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Machines locations\",\n                    \"description\": \"The list of locations from which machines need to be targeted.\",\n                    \"strongType\": \"location\"\n                },\n                \"defaultValue\": []\n            },\n            \"tagValues\": {\n                \"type\": \"Object\",\n                \"metadata\": {\n                    \"displayName\": \"Tags on machines\",\n                    \"description\": \"The list of tags that need to matched for getting target machines.\"\n                },\n                \"defaultValue\": {}\n            },\n            \"tagOperator\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Tag operator\",\n                    \"description\": \"Matching condition for resource tags\"\n                },\n                \"allowedValues\": [\n                    \"All\",\n                    \"Any\"\n                ],\n                \"defaultValue\": \"Any\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmCheckUpdateWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Windows\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmCheckUpdateLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Linux\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmArcCheckUpdateWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfea026e-043f-4ff4-9d1b-bf301ca7ff46\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Windows\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmArcCheckUpdateLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfea026e-043f-4ff4-9d1b-bf301ca7ff46\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Linux\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#60": "{\n  \"name\": \"Deploy-MDFC-Config\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForDns\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForArm\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForStorage\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForStorageAccounts\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c30959-af11-47b3-9ed2-a26e03f427a3\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForStorage')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForDns\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForDns')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForArm\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForArm')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#61": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
-    "$fxv#62": "{\n  \"name\": \"Enforce-Encryption-CMK\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#63": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\n                \"policyDefinitionReferenceId\": \"Dine-Storage-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#64": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-Sup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce additional recommended guardrails for Key Vault\",\n        \"description\": \"This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"keyVaultManagedHsmDisablePublicNetworkModify\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultModifyFw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84d327c3-164a-4685-b453-900478614456\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetworkModify')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-Fw\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultModifyFw')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#65": "{\n    \"name\": \"Enforce-EncryptTransit\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n      \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_20240509.html\",\n      \"metadata\": {\n        \"version\": \"2.1.0-deprecated\",\n        \"category\": \"Encryption\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"deprecated\": true,\n        \"supersededBy\": \"Enforce-EncryptTransit_20240509\",\n        \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n        ]\n      },\n      \"parameters\": {\n        \"AppServiceHttpEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n            \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceTlsVersionEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n            \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n            \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n          }\n        },\n        \"APIAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"FunctionLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"FunctionServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"WebAppServiceLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"WebAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"AKSIngressHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n            \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"deny\",\n          \"allowedValues\": [\n            \"audit\",\n            \"deny\",\n            \"disabled\"\n          ]\n        },\n        \"MySQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"MySQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n            \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"MySQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"PostgreSQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"PostgreSQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n            \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"PostgreSQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"RedisTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"RedisMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n            \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n          }\n        },\n        \"RedisTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n            \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"SQLManagedInstanceTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLManagedInstanceMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n            \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n          }\n        },\n        \"SQLManagedInstanceTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"SQLServerTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLServerminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n            \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n          }\n        },\n        \"SQLServerTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"StorageDeployHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"StorageminimumTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_1\",\n            \"TLS1_0\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Storage Account select minimum TLS version\",\n            \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n          }\n        },\n        \"StorageHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"ContainerAppsHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n            \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Deny\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n            },\n            \"minTlsVersion\": {\n              \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }",
-    "$fxv#66": "{\n    \"name\": \"Enforce-EncryptTransit_20240509\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"ContainerAppsHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n                    \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#67": "{\n    \"name\": \"Enforce-Guardrails-ContainerApps\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Apps\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerAppsManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsVnetInjection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b346db6-85af-419b-8557-92cee2c0f9bb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApp-Vnet-Injection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsVnetInjection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsManagedIdentity')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#68": "{\n    \"name\": \"Enforce-Guardrails-KeyVault\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultManagedHsmCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsPurgeProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86810a98-8e91-4a44-8386-ec66d0de5d57\",\n                \"policyDefinitionReferenceId\": \"Deny-keyVaultManagedHsm-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PurgeProtection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsPurgeProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#69": "{\n    \"name\": \"Enforce-Guardrails-Automation\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"autoHotPatch\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d02d2f7-e38b-4bdc-96f3-adc0a8726abc\",\n                \"policyDefinitionReferenceId\": \"Deny-Windows-Vm-HotPatch\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('autoHotPatch')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#60": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
+    "$fxv#61": "{\n  \"name\": \"Enforce-Encryption-CMK\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#62": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\n                \"policyDefinitionReferenceId\": \"Dine-Storage-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#63": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-Sup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce additional recommended guardrails for Key Vault\",\n        \"description\": \"This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"keyVaultManagedHsmDisablePublicNetworkModify\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultModifyFw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84d327c3-164a-4685-b453-900478614456\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetworkModify')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-Fw\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultModifyFw')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#64": "{\n    \"name\": \"Enforce-EncryptTransit\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n      \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_20240509.html\",\n      \"metadata\": {\n        \"version\": \"2.1.0-deprecated\",\n        \"category\": \"Encryption\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"deprecated\": true,\n        \"supersededBy\": \"Enforce-EncryptTransit_20240509\",\n        \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n        ]\n      },\n      \"parameters\": {\n        \"AppServiceHttpEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n            \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceTlsVersionEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n            \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n            \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n          }\n        },\n        \"APIAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"FunctionLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"FunctionServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"WebAppServiceLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"WebAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"AKSIngressHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n            \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"deny\",\n          \"allowedValues\": [\n            \"audit\",\n            \"deny\",\n            \"disabled\"\n          ]\n        },\n        \"MySQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"MySQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n            \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"MySQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"PostgreSQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"PostgreSQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n            \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"PostgreSQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"RedisTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"RedisMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n            \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n          }\n        },\n        \"RedisTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n            \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"SQLManagedInstanceTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLManagedInstanceMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n            \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n          }\n        },\n        \"SQLManagedInstanceTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"SQLServerTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLServerminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n            \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n          }\n        },\n        \"SQLServerTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"StorageDeployHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"StorageminimumTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_1\",\n            \"TLS1_0\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Storage Account select minimum TLS version\",\n            \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n          }\n        },\n        \"StorageHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"ContainerAppsHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n            \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Deny\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n            },\n            \"minTlsVersion\": {\n              \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }",
+    "$fxv#65": "{\n    \"name\": \"Enforce-EncryptTransit_20240509\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"ContainerAppsHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n                    \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#66": "{\n    \"name\": \"Enforce-Guardrails-ContainerApps\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Apps\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerAppsManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsVnetInjection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b346db6-85af-419b-8557-92cee2c0f9bb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApp-Vnet-Injection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsVnetInjection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsManagedIdentity')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#67": "{\n    \"name\": \"Enforce-Guardrails-KeyVault\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultManagedHsmCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsPurgeProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86810a98-8e91-4a44-8386-ec66d0de5d57\",\n                \"policyDefinitionReferenceId\": \"Deny-keyVaultManagedHsm-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PurgeProtection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsPurgeProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#68": "{\n    \"name\": \"Enforce-Guardrails-Automation\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"autoHotPatch\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d02d2f7-e38b-4bdc-96f3-adc0a8726abc\",\n                \"policyDefinitionReferenceId\": \"Deny-Windows-Vm-HotPatch\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('autoHotPatch')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#69": "{\n    \"name\": \"Enforce-Guardrails-MySQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlInfraEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#7": "{\n    \"name\": \"Enforce-Guardrails-APIM\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for API Management\",\n        \"description\": \"This policy initiative is a group of policies that ensures API Management is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"API Management\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"apiSubscriptionScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"minimumApiVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimSkuVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimApiBackendCertValidation\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimDirectApiEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimCallApiAuthn\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimEncryptedProtocols\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimVnetUsage\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimSecrets\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f1cc7827-022c-473e-836e-5a51cae0b249\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-without-Kv\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimSecrets')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ef619a2c-cc4d-4d03-b2ba-8c94a834d85b\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-without-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimVnetUsage')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-APIM-TLS\",\n                \"policyDefinitionReferenceId\": \"Deny-APIM-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee7495e7-3ba7-40b6-bfee-c29e22cc75d4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Protocols\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimEncryptedProtocols')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c15dcc82-b93c-4dcb-9332-fbf121685b54\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Authn\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimCallApiAuthn')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b741306c-968e-4b67-b916-5675e5c709f4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Direct-Endpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimDirectApiEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92bb331d-ac71-416a-8c91-02f2cb734ce4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Cert-Validation\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimApiBackendCertValidation')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ca8c8ac-3a6e-493d-99ba-c5fa35347ff2\",\n                \"policyDefinitionReferenceId\": \"Dine-Apim-Public-NetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimDisablePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/73ef9241-5d81-4cd4-b483-8443d1730fe5\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Sku-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimSkuVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/549814b6-3212-4203-bdc8-1548d342fb67\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('minimumApiVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3aa03346-d8c5-4994-a5bc-7652c2a2aef1\",\n                \"policyDefinitionReferenceId\": \"Deny-Api-subscription-scope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apiSubscriptionScope')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#70": "{\n    \"name\": \"Enforce-Guardrails-MySQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlInfraEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#71": "{\n    \"name\": \"Enforce-Guardrails-Network\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableIDPS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafAfdEnabled\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Afd-Enabled\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafAfdEnabled')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-IDPS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableIDPS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#72": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbAtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656\",\n                \"policyDefinitionReferenceId\": \"Dine-CosmosDb-Atp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbAtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#70": "{\n    \"name\": \"Enforce-Guardrails-Network\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableIDPS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafAfdEnabled\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Afd-Enabled\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafAfdEnabled')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-IDPS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableIDPS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#71": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbAtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656\",\n                \"policyDefinitionReferenceId\": \"Dine-CosmosDb-Atp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbAtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#8": "{\n    \"name\": \"Enforce-Guardrails-AppServices\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for App Service\",\n        \"description\": \"This policy initiative is a group of policies that ensures App Service is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"App Service\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"functionAppDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceSkuPl\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceDisableLocalAuthFtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceRouting\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceScmAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceRfc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsRfc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsVnetRouting\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceEnvLatestVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsRemoteDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsRemoteDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceByoc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsModifyHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppService-without-BYOC\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Byoc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceByoc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a5e3fe8f-f6cd-4f1d-bbf6-c749754a724b\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Remote-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsRemoteDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cca5adfe-626b-4cc6-8522-f5b6ed2391bd\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Remote-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsRemoteDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eb4d34ab-0929-491c-bbf3-61e13da19f9a\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Latest-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceEnvLatestVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/801543d1-1953-4a90-b8b0-8cf6d41473a5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Vnet-Routing\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsVnetRouting')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f5c0bfb3-acea-47b1-b477-b0edcdf6edc1\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Rfc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceRfc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a691eacb-474d-47e4-b287-b4813ca44222\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServiceApps-Rfc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsRfc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/70adbb40-e092-42d5-a6f8-71c540a5efdb\",\n                \"policyDefinitionReferenceId\": \"DINE-FuncApp-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e97b776-f380-4722-a9a3-e7f0be029e79\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-ScmAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceScmAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5747353b-1ca9-42c1-a4dd-b874b894f3d4\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-Routing\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceRouting')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/572e342c-c920-4ef5-be2e-1ed3c6a51dc5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-FtpAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceDisableLocalAuthFtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/546fe8d2-368d-4029-a418-6af48a7f61e5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-SkuPl\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceSkuPl')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2c034a29-2a5f-4857-b120-f800fe5549ae\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceDisableLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a5046c-c423-4805-9235-e844ae9ef49b\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08cf2974-d178-48a0-b26d-f6b8e555748b\",\n                \"policyDefinitionReferenceId\": \"Modify-Function-Apps-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsModifyHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0f98368e-36bc-4716-8ac2-8f8067203b63\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/242222f3-4985-4e99-b5ef-086d6a6cb01c\",\n                \"policyDefinitionReferenceId\": \"Modify-Function-Apps-Slots-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2374605e-3e0b-492b-9046-229af202562c\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-Apps-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c6c3e00e-d414-4ca4-914f-406699bb8eee\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-App-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#9": "{\n    \"name\": \"Enforce-Guardrails-CognitiveServices\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cognitive Services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cognitive Services is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cognitiveSearchSku\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveSearchLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyCognitiveSearchLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyCognitiveSearchPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a049bf77-880b-470f-ba6d-9f21c530cf83\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-SKU\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchSku')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6300012e-e9a4-4649-b41f-a85f5c43be91\",\n                \"policyDefinitionReferenceId\": \"Deny-CongitiveSearch-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4eb216f2-9dba-4979-86e6-5d7e63ce3b75\",\n                \"policyDefinitionReferenceId\": \"Modify-CogntiveSearch-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyCognitiveSearchLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9cee519f-d9c1-4fd9-9f79-24ec3449ed30\",\n                \"policyDefinitionReferenceId\": \"Modify-CogntiveSearch-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyCognitiveSearchPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47ba1dd7-28d9-4b07-a8d5-9813bed64e0c\",\n                \"policyDefinitionReferenceId\": \"Modify-Cognitive-Services-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "cloudEnv": "[environment().name]",
@@ -222,10 +221,10 @@
         "[variables('$fxv#53')]",
         "[variables('$fxv#54')]",
         "[variables('$fxv#55')]",
-        "[variables('$fxv#56')]",
-        "[variables('$fxv#57')]"
+        "[variables('$fxv#56')]"
       ],
       "AzureUSGovernment": [
+        "[variables('$fxv#57')]",
         "[variables('$fxv#58')]",
         "[variables('$fxv#59')]",
         "[variables('$fxv#60')]",
@@ -239,8 +238,7 @@
         "[variables('$fxv#68')]",
         "[variables('$fxv#69')]",
         "[variables('$fxv#70')]",
-        "[variables('$fxv#71')]",
-        "[variables('$fxv#72')]"
+        "[variables('$fxv#71')]"
       ]
     },
     "policySetDefinitionsByCloudType": {
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json
index fb1dbfce87..2762a9cf37 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json
@@ -367,15 +367,6 @@
           "description": "Private DNS Zone Identifier"
         }
       },
-      "azureIotDeviceupdatePrivateDnsZoneId": {
-        "type": "string",
-        "defaultValue": "",
-        "metadata": {
-          "displayName": "azureIotDeviceupdatePrivateDnsZoneId",
-          "strongType": "Microsoft.Network/privateDnsZones",
-          "description": "Private DNS Zone Identifier"
-        }
-      },
       "azureStorageTablePrivateDnsZoneId": {
         "type": "string",
         "defaultValue": "",
@@ -1069,18 +1060,6 @@
           }
         }
       },
-      {
-        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-IoTDeviceupdate",
-        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a222b93a-e6c2-4c01-817f-21e092455b2a",
-        "parameters": {
-          "privateDnsZoneId": {
-            "value": "[[parameters('azureIotDeviceupdatePrivateDnsZoneId')]"
-          },
-          "effect": {
-            "value": "[[parameters('effect')]"
-          }
-        }
-      },
       {
         "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-Table",
         "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a",
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.AzureChinaCloud.json
index 955cbbe5f1..f4b27dca27 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.AzureChinaCloud.json
@@ -445,15 +445,6 @@
                     "Disabled"
                 ]
             },
-            "containerAppsHttps": {
-                "type": "string",
-                "defaultValue": "Deny",
-                "allowedValues": [
-                    "Audit",
-                    "Deny",
-                    "Disabled"
-                ]
-            },
             "eventHubMinTls": {
                 "type": "string",
                 "defaultValue": "Deny",
@@ -846,16 +837,6 @@
                     }
                 }
             },
-            {
-                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb",
-                "policyDefinitionReferenceId": "Deny-ContainerApps-Https",
-                "groupNames": [],
-                "parameters": {
-                    "effect": {
-                        "value": "[[parameters('containerAppsHttps')]"
-                    }
-                }
-            },
             {
                 "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS",
                 "policyDefinitionReferenceId": "Deny-EH-minTLS",
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.AzureChinaCloud.json
index 89d5a68003..7c11b24859 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.AzureChinaCloud.json
@@ -33,15 +33,6 @@
                     "Deny"
                 ]
             },
-            "aaLocalAuth": {
-                "type": "string",
-                "defaultValue": "Deny",
-                "allowedValues": [
-                    "Audit",
-                    "Disabled",
-                    "Deny"
-                ]
-            },
             "aaManagedIdentity": {
                 "type": "string",
                 "defaultValue": "Audit",
@@ -70,16 +61,6 @@
                     }
                 }
             },
-            {
-                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700",
-                "policyDefinitionReferenceId": "Deny-Aa-Local-Auth",
-                "groupNames": [],
-                "parameters": {
-                    "effect": {
-                        "value": "[[parameters('aaLocalAuth')]"
-                    }
-                }
-            },
             {
                 "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735",
                 "policyDefinitionReferenceId": "Deny-Aa-Variables-Encrypt",
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json
index 1c75125218..5f204c8d85 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json
@@ -203,15 +203,6 @@
                     "Disabled"
                 ]
             },
-            "keyVaultHmsPurgeProtection": {
-                "type": "string",
-                "defaultValue": "Deny",
-                "allowedValues": [
-                    "Audit",
-                    "Deny",
-                    "Disabled"
-                ]
-            },
             "keyVaultCertificatesPeriod": {
                 "type": "string",
                 "defaultValue": "Disabled",
@@ -553,16 +544,6 @@
                     }
                 }
             },
-            {
-                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383",
-                "policyDefinitionReferenceId": "Deny-KV-Hms-PurgeProtection",
-                "groupNames": [],
-                "parameters": {
-                    "effect": {
-                        "value": "[[parameters('keyVaultHmsPurgeProtection')]"
-                    }
-                }
-            },
             {
                 "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560",
                 "policyDefinitionReferenceId": "Deny-KV-Cert-Period",
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json
index ace7e005b2..f3b139da66 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json
@@ -151,15 +151,6 @@
                     "Disabled"
                 ]
             },
-            "afwEnableIDPS": {
-                "type": "string",
-                "defaultValue": "Deny",
-                "allowedValues": [
-                    "Audit",
-                    "Deny",
-                    "Disabled"
-                ]
-            },
             "vpnAzureAD": {
                 "type": "string",
                 "defaultValue": "Deny",
@@ -265,16 +256,6 @@
                     }
                 }
             },
-            {
-                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a",
-                "policyDefinitionReferenceId": "Deny-Waf-IDPS",
-                "groupNames": [],
-                "parameters": {
-                    "effect": {
-                        "value": "[[parameters('afwEnableIDPS')]"
-                    }
-                }
-            },
             {
                 "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5",
                 "policyDefinitionReferenceId": "Deny-FW-AllIDPSS",
diff --git a/src/templates/initiatives.bicep b/src/templates/initiatives.bicep
index 5a884771d5..11db6a9345 100644
--- a/src/templates/initiatives.bicep
+++ b/src/templates/initiatives.bicep
@@ -90,7 +90,7 @@ var loadPolicySetDefinitions = {
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (0b026355-49cb-467b-8ac4-f777874e175a)
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (361c2074-3595-4e5d-8cab-4f21dffc835c)
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (0e80e269-43a4-4ae9-b5bc-178126b8a5cb)
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (8b346db6-85af-419b-8557-92cee2c0f9bb)
+    //loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (8b346db6-85af-419b-8557-92cee2c0f9bb, b874ab2d-72dd-47f1-8cb5-4a306478a4e7)
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (86810a98-8e91-4a44-8386-ec66d0de5d57)
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (6d02d2f7-e38b-4bdc-96f3-adc0a8726abc)
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (3a58212a-c829-4f13-9872-6371df2fd0b4)
diff --git a/src/templates/initiatives.json b/src/templates/initiatives.json
new file mode 100644
index 0000000000..fc0ac0f296
--- /dev/null
+++ b/src/templates/initiatives.json
@@ -0,0 +1,281 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "metadata": {
+    "_generator": {
+      "name": "bicep",
+      "version": "0.22.6.54827",
+      "templateHash": "5367044722578931295"
+    }
+  },
+  "parameters": {
+    "topLevelManagementGroupPrefix": {
+      "type": "string",
+      "defaultValue": "alz",
+      "metadata": {
+        "message": "The JSON version of this file is programatically generated from Bicep. PLEASE DO NOT UPDATE MANUALLY!!",
+        "description": "Provide a prefix (max 10 characters, unique at tenant-scope) for the Management Group hierarchy and other resources created as part of an Azure landing zone. DEFAULT VALUE = \"alz\""
+      },
+      "maxLength": 10
+    },
+    "location": {
+      "type": "string",
+      "defaultValue": "[deployment().location]",
+      "metadata": {
+        "description": "Optionally set the deployment location for policies with Deploy If Not Exists effect. DEFAULT VALUE = \"deployment().location\""
+      }
+    },
+    "scope": {
+      "type": "string",
+      "defaultValue": "[tenantResourceId('Microsoft.Management/managementGroups', parameters('topLevelManagementGroupPrefix'))]",
+      "metadata": {
+        "description": "Optionally set the scope for custom Policy Definitions used in Policy Set Definitions (Initiatives). Must be one of '/', '/subscriptions/id' or '/providers/Microsoft.Management/managementGroups/id'. DEFAULT VALUE = '/providers/Microsoft.Management/managementGroups/${topLevelManagementGroupPrefix}'"
+      }
+    }
+  },
+  "variables": {
+    "copy": [
+      {
+        "name": "processPolicySetDefinitionsAll",
+        "count": "[length(variables('loadPolicySetDefinitions').All)]",
+        "input": "[replace(variables('loadPolicySetDefinitions').All[copyIndex('processPolicySetDefinitionsAll')], variables('templateVars').scope, parameters('scope'))]"
+      },
+      {
+        "name": "processPolicySetDefinitionsAzureCloud",
+        "count": "[length(variables('loadPolicySetDefinitions').AzureCloud)]",
+        "input": "[replace(variables('loadPolicySetDefinitions').AzureCloud[copyIndex('processPolicySetDefinitionsAzureCloud')], variables('templateVars').scope, parameters('scope'))]"
+      },
+      {
+        "name": "processPolicySetDefinitionsAzureChinaCloud",
+        "count": "[length(variables('loadPolicySetDefinitions').AzureChinaCloud)]",
+        "input": "[replace(variables('loadPolicySetDefinitions').AzureChinaCloud[copyIndex('processPolicySetDefinitionsAzureChinaCloud')], variables('templateVars').scope, parameters('scope'))]"
+      },
+      {
+        "name": "processPolicySetDefinitionsAzureUSGovernment",
+        "count": "[length(variables('loadPolicySetDefinitions').AzureUSGovernment)]",
+        "input": "[replace(variables('loadPolicySetDefinitions').AzureUSGovernment[copyIndex('processPolicySetDefinitionsAzureUSGovernment')], variables('templateVars').scope, parameters('scope'))]"
+      },
+      {
+        "name": "policySetDefinitionsAll",
+        "count": "[length(variables('processPolicySetDefinitionsAll'))]",
+        "input": "[json(variables('processPolicySetDefinitionsAll')[copyIndex('policySetDefinitionsAll')])]"
+      },
+      {
+        "name": "policySetDefinitionsAzureCloud",
+        "count": "[length(variables('processPolicySetDefinitionsAzureCloud'))]",
+        "input": "[json(variables('processPolicySetDefinitionsAzureCloud')[copyIndex('policySetDefinitionsAzureCloud')])]"
+      },
+      {
+        "name": "policySetDefinitionsAzureChinaCloud",
+        "count": "[length(variables('processPolicySetDefinitionsAzureChinaCloud'))]",
+        "input": "[json(variables('processPolicySetDefinitionsAzureChinaCloud')[copyIndex('policySetDefinitionsAzureChinaCloud')])]"
+      },
+      {
+        "name": "policySetDefinitionsAzureUSGovernment",
+        "count": "[length(variables('processPolicySetDefinitionsAzureUSGovernment'))]",
+        "input": "[json(variables('processPolicySetDefinitionsAzureUSGovernment')[copyIndex('policySetDefinitionsAzureUSGovernment')])]"
+      }
+    ],
+    "$fxv#0": "{\n    \"name\": \"Audit-UnusedResourcesCostOptimization\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Unused resources driving cost should be avoided\",\n        \"description\": \"Optimize cost by detecting unused but chargeable resources. Leverage this Azure Policy Initiative as a cost control tool to reveal orphaned resources that are contributing cost.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Cost Optimization\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n              ]\n        },\n        \"parameters\": {\n            \"effectDisks\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Disks Effect\",\n                    \"description\": \"Enable or disable the execution of the policy for Microsoft.Compute/disks\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectPublicIpAddresses\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"PublicIpAddresses Effect\",\n                    \"description\": \"Enable or disable the execution of the policy for Microsoft.Network/publicIpAddresses\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectServerFarms\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"ServerFarms Effect\",\n                    \"description\": \"Enable or disable the execution of the policy for Microsoft.Web/serverfarms\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AuditDisksUnusedResourcesCostOptimization\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Audit-Disks-UnusedResourcesCostOptimization\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectDisks')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AuditPublicIpAddressesUnusedResourcesCostOptimization\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Audit-PublicIpAddresses-UnusedResourcesCostOptimization\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectPublicIpAddresses')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AuditServerFarmsUnusedResourcesCostOptimization\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Audit-ServerFarms-UnusedResourcesCostOptimization\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectServerFarms')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AuditAzureHybridBenefitUnusedResourcesCostOptimization\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Audit-AzureHybridBenefit\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"Audit\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#1": "{\n    \"name\": \"Audit-TrustedLaunch\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Audit virtual machines for Trusted Launch support\",\n        \"description\": \"Trusted Launch improves security of a Virtual Machine which requires VM SKU, OS Disk & OS Image to support it (Gen 2). To learn more about Trusted Launch, visit https://aka.ms/trustedlaunch.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Trusted Launch\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n              ]\n        },\n        \"version\": \"1.0.0\",\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AuditDisksOsTrustedLaunch\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b03bb370-5249-4ea4-9fce-2552e87e45fa\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AuditTrustedLaunchEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95b54ad-0614-4633-ab29-104b01235cbf\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#10": "{\n    \"name\": \"Enforce-Guardrails-Compute\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Compute\",\n        \"description\": \"This policy initiative is a group of policies that ensures Compute is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Compute\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"diskDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vmAndVmssEncryptionHost\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fc4d8e41-e223-45ea-9bf5-eada37891d87\",\n                \"policyDefinitionReferenceId\": \"Deny-VmAndVmss-Encryption-Host\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vmAndVmssEncryptionHost')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ca91455f-eace-4f96-be59-e6e2c35b4816\",\n                \"policyDefinitionReferenceId\": \"Deny-Disk-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('diskDoubleEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#11": "{\n    \"name\": \"Enforce-Guardrails-ContainerInstance\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Instance\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Instances\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerInstanceVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8af8f826-edcb-4178-b35f-851ea6fea615\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerInstance-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerInstanceVnet')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#12": "{\n    \"name\": \"Enforce-Guardrails-ContainerRegistry\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Registry\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Registry\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerRegistryUnrestrictedNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryRepositoryToken\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyRepositoryToken\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryExports\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryAnAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyAnAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistrySkuPrivateLink\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryArmAudience\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyArmAudience\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/79fdfe03-ffcb-4e55-b4d0-b925b8241759\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b426fe-8856-4945-8600-18c5dd1cca2a\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Repo-Token\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyRepositoryToken')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/42781ec6-6127-4c30-bdfa-fb423a0047d3\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Arm-Audience\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryArmAudience')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/785596ed-054f-41bc-aaec-7f3d0ba05725\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Arm-Audience\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyArmAudience')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd560fc0-3c69-498a-ae9f-aa8eb7de0e13\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Sku-PrivateLink\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistrySkuPrivateLink')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cced2946-b08a-44fe-9fd9-e4ed8a779897\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Anonymous-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyAnAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9f2dea28-e834-476c-99c5-3507b4728395\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Anonymous-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryAnAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/524b0254-c285-4903-bee6-bb8126cde579\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Exports\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryExports')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc921057-6b28-4fbe-9b83-f7bec05db6c2\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff05e24e-195c-447e-b322-5e90c9f9f366\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Repo-Token\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryRepositoryToken')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Unrestricted-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryUnrestrictedNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a3701552-92ea-433e-9d17-33b7f1208fc9\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#13": "{\n    \"name\": \"Enforce-Guardrails-DataExplorer\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Data Explorer\",\n        \"description\": \"This policy initiative is a group of policies that ensures Data Explorer is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Azure Data Explorer\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"adxEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxSku\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1fec9658-933f-4b3e-bc95-913ed22d012b\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Sku-without-PL-Support\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxSku')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4b53539-8df9-40e4-86c6-6b607703bd4e\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7b32f193-cb28-4e15-9a98-b9556db0bafa\",\n                \"policyDefinitionReferenceId\": \"Modify-ADX-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#14": "{\n    \"name\": \"Enforce-Guardrails-DataFactory\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Data Factory\",\n        \"description\": \"This policy initiative is a group of policies that ensures Data Factory is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Data Factory\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"adfSqlIntegration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfLinkedServiceKeyVault\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfGit\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f78ccdb4-7bf4-4106-8647-270491d2978a\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/77d40665-3120-4348-b539-3192ec808307\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Git\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfGit')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/127ef6d7-242f-43b3-9eef-947faf1725d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Linked-Service-Key-Vault\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfLinkedServiceKeyVault')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0088bc63-6dee-4a9c-9d29-91cfdc848952\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Sql-Integration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfSqlIntegration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b1442b-7789-4130-8506-4f99a97226a7\",\n                \"policyDefinitionReferenceId\": \"Modify-Adf-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#15": "{\n    \"name\": \"Enforce-Guardrails-EventGrid\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Event Grid\",\n        \"description\": \"This policy initiative is a group of policies that ensures Event Grid is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Grid\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"eventGridLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPartnerNamespaceLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPartnerNamespaceModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridDomainModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridDomainModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2dd0e8b9-4289-4bb0-b813-1883298e9924\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Partner-Namespace-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPartnerNamespaceModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ac2748f-3bf1-4c02-a3b6-92ae68cf75b1\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Domain-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridDomainModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae9fb87f-8a17-4428-94a4-8135d431055c\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Topic-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c8144d9-746a-4501-b08c-093c8d29ad04\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Topic-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8632b003-3545-4b29-85e6-b2b96773df1e\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Partner-Namespace-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPartnerNamespaceLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8bfadddb-ee1c-4639-8911-a38cb8e0b3bd\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/898e9824-104c-4965-8e0e-5197588fa5d4\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Domain-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridDomainModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36ea4b4b-0f7f-4a54-89fa-ab18f555a172\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Topic-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#16": "{\n    \"name\": \"Enforce-Guardrails-EventHub\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Event Hub\",\n        \"description\": \"This policy initiative is a group of policies that ensures Event Hub is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Hub\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"eventHubAuthRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/836cd60e-87f3-4e6a-a27c-29d687f01a4c\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/57f35901-8389-40bb-ac49-3ba4f86d889d\",\n                \"policyDefinitionReferenceId\": \"Modify-EH-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5d4e3c65-4873-47be-94f3-6f8b953a3598\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Auth-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubAuthRules')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#17": "{\n    \"name\": \"Enforce-Guardrails-Kubernetes\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Kubernetes\",\n        \"description\": \"This policy initiative is a group of policies that ensures Kubernetes is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Kubernetes\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aksKms\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksCni\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivateCluster\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksCommandInvoke\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksReadinessOrLivenessProbes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivContainers\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivEscalation\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksAllowedCapabilities\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksTempDisk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksInternalLb\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksDefaultNamespace\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksNakedPods\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksShareHostProcessAndNamespace\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksWindowsContainerAdministrator\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5485eac0-7e8f-4964-998b-a44f4f0c1e75\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Windows-Container-Administrator\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksWindowsContainerAdministrator')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Shared-Host-Process-Namespace\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksShareHostProcessAndNamespace')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65280eef-c8b4-425e-9aec-af55e55bf581\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Naked-Pods\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksNakedPods')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9f061a12-e40d-4183-a00e-171812443373\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Default-Namespace\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksDefaultNamespace')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Internal-Lb\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksInternalLb')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/41425d9f-d1a5-499a-9932-f8ed8453932c\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Temp-Disk-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksTempDisk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Allowed-Capabilities\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksAllowedCapabilities')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Priv-Escalation\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivEscalation')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Priv-Containers\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivContainers')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b1a9997f-2883-4f12-bdff-2280f99b5915\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-ReadinessOrLiveness-Probes\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksReadinessOrLivenessProbes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b708b0a-3380-40e9-8b79-821f9fa224cc\",\n                \"policyDefinitionReferenceId\": \"Dine-Aks-Command-Invoke\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksCommandInvoke')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"policyDefinitionReferenceId\": \"Dine-Aks-Policy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPolicy')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Private-Cluster\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivateCluster')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/993c2fcd-2b29-49d2-9eb0-df2c3a730c32\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dbbdc317-9734-4dd8-9074-993b29c69008\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Kms\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksKms')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46238e2f-3f6f-4589-9f3f-77bed4116e67\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Cni\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksCni')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#18": "{\n    \"name\": \"Enforce-Guardrails-MachineLearning\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Machine Learning\",\n        \"description\": \"This policy initiative is a group of policies that ensures Machine Learning is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Machine Learning\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mlUserAssignedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlOutdatedOS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f110a506-2dcb-422e-bcea-d533fc8c35e2\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-Outdated-Os\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effects\": {\n                        \"value\": \"[[parameters('mlOutdatedOS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6f9a2d0-cff7-4855-83ad-4cd750666512\",\n                \"policyDefinitionReferenceId\": \"Modify-ML-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f0c7d88-c7de-45b8-ac49-db49e72eaa78\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-User-Assigned-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlUserAssignedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a10ee784-7409-4941-b091-663697637c0f\",\n                \"policyDefinitionReferenceId\": \"Modify-ML-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#19": "{\n    \"name\": \"Enforce-Guardrails-OpenAI\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Open AI (Cognitive Service)\",\n        \"description\": \"This policy initiative is a group of policies that ensures Open AI (Cognitive Service) is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cognitiveServicesOutboundNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesNetworkAcls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesModifyDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesCustomerStorage\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-CognitiveServices-RestrictOutboundNetworkAccess\",\n                \"policyDefinitionReferenceId\": \"Deny-OpenAi-OutboundNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesOutboundNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-CognitiveServices-NetworkAcls\",\n                \"policyDefinitionReferenceId\": \"Deny-OpenAi-NetworkAcls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesNetworkAcls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe3fd216-4f83-4fc1-8984-2bbec80a3418\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/71ef260a-8f18-47b7-abcb-62d0673d94dc\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesDisableLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46aa9b05-0e60-4eae-a88b-1e9d374fa515\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Cust-Storage\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesCustomerStorage')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/14de9e63-1b31-492e-a5a3-c3f7fd57f555\",\n                \"policyDefinitionReferenceId\": \"Modify-Cognitive-Services-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesModifyDisableLocalAuth')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#2": "{\n  \"name\": \"Deploy-Sql-Security\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Deploy SQL Database built-in SQL security configuration\",\n    \"description\": \"Deploy auditing, Alert, TDE and SQL vulnerability to SQL Databases when it not exist in the deployment. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-Sql-Security_20240529.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"SQL\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"Deploy-Sql-Security_20240529\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"vulnerabilityAssessmentsEmail\": {\n        \"metadata\": {\n          \"description\": \"The email address to send alerts\",\n          \"displayName\": \"The email address to send alerts\"\n        },\n        \"type\": \"String\"\n      },\n      \"vulnerabilityAssessmentsStorageID\": {\n        \"metadata\": {\n          \"description\": \"The storage account ID to store assessments\",\n          \"displayName\": \"The storage account ID to store assessments\"\n        },\n        \"type\": \"String\"\n      },\n      \"SqlDbTdeDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database Transparent Data Encryption \",\n          \"description\": \"Deploy the Transparent Data Encryption when it is not enabled in the deployment\"\n        }\n      },\n      \"SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database security Alert Policies configuration with email admin accounts\",\n          \"description\": \"Deploy the security Alert Policies configuration with email admin accounts when it not exist in current configuration\"\n        }\n      },\n      \"SqlDbAuditingSettingsDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL database auditing settings\",\n          \"description\": \"Deploy auditing settings to SQL Database when it not exist in the deployment\"\n        }\n      },\n      \"SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database vulnerability Assessments\",\n          \"description\": \"Deploy SQL Database vulnerability Assessments when it not exist in the deployment. To the specific  storage account in the parameters\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbTdeDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbTdeDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbSecurityAlertPoliciesDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbAuditingSettingsDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbAuditingSettingsDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbVulnerabilityAssessmentsDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect')]\"\n          },\n          \"vulnerabilityAssessmentsEmail\": {\n            \"value\": \"[[parameters('vulnerabilityAssessmentsEmail')]\"\n          },\n          \"vulnerabilityAssessmentsStorageID\": {\n            \"value\": \"[[parameters('vulnerabilityAssessmentsStorageID')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#20": "{\n    \"name\": \"Enforce-Guardrails-PostgreSQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for PostgreSQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures PostgreSQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"PostgreSQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"postgreSqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/db048e65-913c-49f9-bb5f-1084184671d3\",\n                \"policyDefinitionReferenceId\": \"Dine-PostgreSql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('postgreSqlAdvThreatProtection')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#21": "{\n    \"name\": \"Enforce-Guardrails-ServiceBus\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Service Bus\",\n        \"description\": \"This policy initiative is a group of policies that ensures Service Bus is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Service Bus\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"serviceBusModifyDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDenyDisabledLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusAuthzRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Authz-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusAuthzRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebaf4f25-a4e8-415f-86a8-42d9155bef0b\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfb11c26-f069-4c14-8e36-56c394dae5af\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDenyDisabledLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/910711a6-8aa2-4f15-ae62-1e5b2ed3ef9e\",\n                \"policyDefinitionReferenceId\": \"Modify-Sb-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusModifyDisableLocalAuth')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#22": "{\n    \"name\": \"Enforce-Guardrails-SQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for SQL and SQL Managed Instance\",\n        \"description\": \"This policy initiative is a group of policies that ensures SQL and SQL Managed Instance is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"SQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"sqlManagedAadOnly\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlAadOnly\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifySqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c5a62eb0-c65a-4220-8a4d-f70dd4ca95dd\",\n                \"policyDefinitionReferenceId\": \"Dine-Sql-Managed-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abda6d70-9778-44e7-84a8-06713e6db027\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Aad-Only\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlAadOnly')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/78215662-041e-49ed-a9dd-5385911b3a1f\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Aad-Only\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedAadOnly')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6\",\n                \"policyDefinitionReferenceId\": \"Dine-Sql-Adv-Data\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b\",\n                \"policyDefinitionReferenceId\": \"Modify-Sql-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifySqlPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#23": "{\n    \"name\": \"Enforce-Guardrails-Synapse\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Synapse workspaces\",\n        \"description\": \"This policy initiative is a group of policies that ensures Synapse workspaces is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Synapse\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"synapseLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseManagedVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDataTraffic\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTenants\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseAllowedTenantIds\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"[[subscription().tenantId]\"\n                ]\n            },\n            \"synapseFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/951c1558-50a5-4ca3-abb6-a93e3e2367a6\",\n                \"policyDefinitionReferenceId\": \"Dine-Synapse-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3624673-d2ff-48e0-b28c-5de1c6767c3c\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56fd377d-098c-4f02-8406-81eb055902b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a003702-13d2-4679-941b-937e58c443f0\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tenant-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTenants')]\"\n                    },\n                    \"allowedTenantIds\": {\n                        \"value\": \"[[parameters('synapseAllowedTenantIds')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3484ce98-c0c5-4c83-994b-c5ac24785218\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Data-Traffic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDataTraffic')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d9dbfa3-927b-4cf0-9d0f-08747f971650\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Managed-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseManagedVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2158ddbe-fefa-408e-b43f-d4faef8ff3b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b5c654c-fb07-471b-aa8f-15fea733f140\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c8cad01-ef30-4891-b230-652dadb4876a\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#24": "{\n    \"name\": \"Enforce-Guardrails-VirtualDesktop\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Virtual Desktop\",\n        \"description\": \"This policy initiative is a group of policies that ensures Virtual Desktop is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Desktop Virtualization\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"avdWorkspaceModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ce6ebf1d-0b94-4df9-9257-d8cacc238b4f\",\n                \"policyDefinitionReferenceId\": \"Modify-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspaceModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0913ff-51e7-47b8-97bb-ea17127f7c8d\",\n                \"policyDefinitionReferenceId\": \"Modify-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#25": "{\n    \"name\": \"Deny-PublicPaaSEndpoints\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Public network access should be disabled for PaaS services\",\n        \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n        \"metadata\": {\n            \"version\": \"5.1.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"CosmosPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for CosmosDB\",\n                    \"description\": \"This policy denies that Cosmos database accounts  are created with out public network access is disabled.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"KeyVaultPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for KeyVault\",\n                    \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"SqlServerPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n                    \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"StoragePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access onStorage accounts should be disabled\",\n                    \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AKSPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on AKS API should be disabled\",\n                    \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"ACRPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure Container Registry disabled\",\n                    \"description\": \"This policy denies the creation of Azure Container Registries with exposed public endpoints \"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AFSPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure File Sync disabled\",\n                    \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"PostgreSQLFlexPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for PostgreSql Flexible Server\",\n                    \"description\": \"This policy denies creation of PostgreSQL Flexible DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"postgreSqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for PostgreSQL servers\",\n                    \"description\": \"This policy denies creation of PostgreSQL DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MySQLFlexPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for MySQL Flexible Server\",\n                    \"description\": \"This policy denies creation of MySql Flexible Server DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"BatchPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n                    \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MariaDbPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n                    \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MlPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Machine Learning\",\n                    \"description\": \"This policy denies creation of Azure Machine Learning with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"RedisCachePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Cache for Redis\",\n                    \"description\": \"This policy denies creation of Azure Cache for Redis with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"BotServicePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Bot Service\",\n                    \"description\": \"This policy denies creation of Bot Service with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AutomationPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Automation accounts\",\n                    \"description\": \"This policy denies creation of Automation accounts with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AppConfigPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Configuration\",\n                    \"description\": \"This policy denies creation of App Configuration with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"FunctionPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Function apps\",\n                    \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"FunctionAppSlotPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Function apps\",\n                    \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Service Environment apps\",\n                    \"description\": \"This policy denies creation of App Service Environment apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Service apps\",\n                    \"description\": \"This policy denies creation of App Service apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"ApiManPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for API Management services\",\n                    \"description\": \"This policy denies creation of API Management services with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"AuditIfNotExists\"\n            },\n            \"ContainerAppsEnvironmentDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Container Apps environment should disable public network access\",\n                    \"description\": \"This policy denies creation of Container Apps Environment with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsrVaultDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Azure Recovery Services vaults should disable public network access\",\n                    \"description\": \"This policy denies creation of Azure Recovery Services vaults with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"logicAppPublicNetworkAccessEffect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"appSlotsPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"cognitiveSearchPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"managedDiskPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmDisablePublicNetwork\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapsePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdWorkspacePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"grafanaPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/405c5871-3e91-4644-8a63-58e19d68ff5b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2982f36-99f2-4db5-8eff-283140c09693\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLFlexDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLFlexPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deny-PostgreSql-Public-Network-Access\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('postgreSqlPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLFlexDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLFlexPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MlDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/438c38d2-3772-465a-a9cc-7a6666a275ce\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MlPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisCacheDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/470baccb-7e51-4549-8b1a-3e5be069f663\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisCachePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BotServiceDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e8168db-69e3-4beb-9822-57cb59202a9d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BotServicePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AutomationDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/955a914f-bf86-4f0e-acd5-e0766b0efcb6\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AutomationPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppConfigDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3d9f5e4c-9947-4579-9539-2a7695fbc187\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppConfigPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/969ac98b-88a8-449f-883c-2e9adb123127\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionAppSlotsDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11c82d0c-db9f-4d7b-97c5-f3f9aa957da2\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppSlotPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AseDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d048aca-6479-4923-88f5-e2ac295d9af3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AsDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b5ef780-c53c-4a64-87f3-bb9c8c8094ba\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ApiManDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/df73bd95-24da-4a4f-96b9-4e8b94b402bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ApiManPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsEnvironmentDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d074ddf8-01a5-4b5e-a2b8-964aed452c0a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsEnvironmentDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/783ea2a8-b8fd-46be-896a-9ae79643a0b1\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AsrVaultDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9ebbbba3-4d65-4da9-bb67-b22cfaaff090\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsrVaultDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Public-Network-Access\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApp-Public-Network\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppPublicNetworkAccessEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/701a595d-38fb-4a66-ae6d-fb3735217622\",\n                \"policyDefinitionReferenceId\": \"Deny-AppSlots-Public\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appSlotsPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee980b6d-0eca-4501-8d54-f6290fd512c3\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8405fdab-1faf-48aa-b702-999c9c172094\",\n                \"policyDefinitionReferenceId\": \"Deny-ManagedDisk-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('managedDiskPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43bc7be6-5e69-4b0d-a2bb-e815557ca673\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1cf164be-6819-4a50-b8fa-4bcaa4f98fb6\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8f774be-6aee-492a-9e29-486ef81f3a68\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1adadefe-5f21-44f7-b931-a59b54ccdb45\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Topic-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0602787f-9896-402a-a6e1-39ee63ee435e\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/19ea9d63-adee-4431-a95e-1913c6c1c75f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PublicNetwork\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetwork')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cbd11fd3-3002-4907-b6c8-579f0e700e13\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDisablePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9dfea752-dd46-4766-aed1-c355fa93fb91\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Public-Endpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Public-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsPublicAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/38d8df46-cf4e-4073-8e03-48c24b29de0d\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapsePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ac3038-c07a-4b92-860d-29e270a4f3cd\",\n                \"policyDefinitionReferenceId\": \"Deny-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspacePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c25dcf31-878f-4eba-98eb-0818fdc6a334\",\n                \"policyDefinitionReferenceId\": \"Deny-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8775d5a-73b7-4977-a39b-833ef0114628\",\n                \"policyDefinitionReferenceId\": \"Deny-Grafana-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('grafanaPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#26": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. This policy set is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n    \"metadata\": {\n      \"deprecated\": true,\n      \"version\": \"2.2.0-deprecated\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsDestinationType\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AzureDiagnostics\",\n        \"allowedValues\": [\n          \"AzureDiagnostics\",\n          \"Dedicated\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Destination table for the Diagnostic Setting for API Management to Log Analytics workspace\",\n          \"description\": \"Destination table for the diagnostic setting for API Management to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsDestinationType\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AzureDiagnostics\",\n        \"allowedValues\": [\n          \"AzureDiagnostics\",\n          \"Dedicated\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Destination table for the Diagnostic Setting for Firewall to Log Analytics workspace\",\n          \"description\": \"Destination table for the diagnostic setting for Firewall to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Log Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Log Analytics to stream to a Log Analytics workspace when any Log Analytics workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category Audit enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AVDScalingPlansLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59759c62-9a22-4cdf-ae64-074495983fef\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountBlobServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountFileServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a70cc8-2bd4-47f1-90b6-1478e4662c96\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountQueueServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7bd000e3-37c7-4928-9f31-86c4b77c5c45\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountTableServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fb86bf3-d221-43d1-96d1-2434af34eaa0\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AVDScalingPlansLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"logAnalyticsDestinationType\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsDestinationType')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"logAnalyticsDestinationType\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsDestinationType')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#27": "{\n    \"name\": \"Deploy-MDFC-Config\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"[Deprecated]: Deploy Microsoft Defender for Cloud configuration\",\n        \"description\": \"Deploy Microsoft Defender for Cloud configuration. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html\",\n        \"metadata\": {\n            \"version\": \"7.0.0-deprecated\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"deprecated\": true,\n            \"supersededBy\": \"Deploy-MDFC-Config_20240319\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"emailSecurityContact\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Security contacts email address\",\n                    \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n                }\n            },\n            \"minimalSeverity\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"High\",\n                    \"Medium\",\n                    \"Low\"\n                ],\n                \"defaultValue\": \"High\",\n                \"metadata\": {\n                    \"displayName\": \"Minimal severity\",\n                    \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n                }\n            },\n            \"logAnalytics\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Primary Log Analytics workspace\",\n                    \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n                    \"strongType\": \"omsWorkspace\"\n                }\n            },\n            \"ascExportResourceGroupName\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n                }\n            },\n            \"ascExportResourceGroupLocation\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n                }\n            },\n            \"enableAscForCosmosDbs\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSql\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSqlOnVm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForDns\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForArm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForOssDb\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForAppServices\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForKeyVault\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForStorage\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForContainers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServersVulnerabilityAssessments\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"vulnerabilityAssessmentProvider\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"default\",\n                    \"mdeTvm\"\n                ],\n                \"defaultValue\": \"default\",\n                \"metadata\": {\n                    \"displayName\": \"Vulnerability assessment provider type\",\n                    \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n                }\n            },\n            \"enableAscForApis\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForCspm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForOssDb')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVM\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n                    },\n                    \"vaType\": {\n                        \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForAppServices')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForStorage')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforContainers\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    },\n                    \"logAnalyticsWorkspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForKeyVault')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForDns\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForDns')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForArm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForArm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSql')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForApis\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e54d2be9-5f2e-4d65-98e4-4f0e670b23d6\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForApis')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCspm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCspm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"securityEmailContact\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n                \"parameters\": {\n                    \"emailSecurityContact\": {\n                        \"value\": \"[[parameters('emailSecurityContact')]\"\n                    },\n                    \"minimalSeverity\": {\n                        \"value\": \"[[parameters('minimalSeverity')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ascExport\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n                \"parameters\": {\n                    \"resourceGroupName\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n                    },\n                    \"resourceGroupLocation\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n                    },\n                    \"workspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n                \"parameters\": {\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#28": "{\n    \"name\": \"Deploy-MDFC-Config_20240319\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n        \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Deploy-MDFC-Config\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"emailSecurityContact\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Security contacts email address\",\n                    \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n                }\n            },\n            \"minimalSeverity\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"High\",\n                    \"Medium\",\n                    \"Low\"\n                ],\n                \"defaultValue\": \"High\",\n                \"metadata\": {\n                    \"displayName\": \"Minimal severity\",\n                    \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n                }\n            },\n            \"logAnalytics\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Primary Log Analytics workspace\",\n                    \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n                    \"strongType\": \"omsWorkspace\"\n                }\n            },\n            \"ascExportResourceGroupName\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n                }\n            },\n            \"ascExportResourceGroupLocation\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n                }\n            },\n            \"enableAscForCosmosDbs\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSql\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSqlOnVm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForArm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForOssDb\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForAppServices\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForKeyVault\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForStorage\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForContainers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServersVulnerabilityAssessments\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"vulnerabilityAssessmentProvider\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"default\",\n                    \"mdeTvm\"\n                ],\n                \"defaultValue\": \"mdeTvm\",\n                \"metadata\": {\n                    \"displayName\": \"Vulnerability assessment provider type\",\n                    \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n                }\n            },\n            \"enableAscForCspm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForOssDb')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVM\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n                    },\n                    \"vaType\": {\n                        \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForAppServices')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForStorage')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforContainers\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    },\n                    \"logAnalyticsWorkspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForKeyVault')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForArm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForArm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSql')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCspm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCspm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"securityEmailContact\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n                \"parameters\": {\n                    \"emailSecurityContact\": {\n                        \"value\": \"[[parameters('emailSecurityContact')]\"\n                    },\n                    \"minimalSeverity\": {\n                        \"value\": \"[[parameters('minimalSeverity')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ascExport\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n                \"parameters\": {\n                    \"resourceGroupName\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n                    },\n                    \"resourceGroupLocation\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n                    },\n                    \"workspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n                \"parameters\": {\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#29": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"2.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDatabricksPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDatabricksPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureHDInsightPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureHDInsightPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMigratePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMigratePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueuePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueuePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueueSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueueSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesKeyPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesKeyPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesLivePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesLivePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesStreamPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesStreamPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBotServicePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBotServicePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureManagedGrafanaWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureManagedGrafanaWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotDeviceupdatePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotDeviceupdatePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcGuestconfigurationPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcGuestconfigurationPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcHybridResourceProviderPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcHybridResourceProviderPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcKubernetesConfigurationPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcKubernetesConfigurationPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotCentralPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotCentralPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Databricks-UI-Api\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDatabricksPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"databricks_ui_api\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Databricks-Browser-AuthN\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDatabricksPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"browser_authentication\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Migrate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7590a335-57cf-4c95-babd-ecbc8fafeb1f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMigratePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Key\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesKeyPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"keydelivery\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Live\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesLivePrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"liveevent\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Stream\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesStreamPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"streamingendpoint\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Web\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-BotService\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a4e6f44-f2af-4082-9702-033c9e88b9f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBotServicePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ManagedGrafanaWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4c8537f8-cd1b-49ec-b704-18e82a42fd58\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureManagedGrafanaWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTDeviceupdate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a222b93a-e6c2-4c01-817f-21e092455b2a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotDeviceupdatePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Arc\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55c4db33-97b0-437b-8469-c4f4498f5df9\",\n        \"parameters\":{\n          \"privateDnsZoneIDForGuestConfiguration\": {\n            \"value\": \"[[parameters('azureArcGuestconfigurationPrivateDnsZoneId')]\"\n          },\n          \"privateDnsZoneIDForHybridResourceProvider\": {\n            \"value\": \"[[parameters('azureArcHybridResourceProviderPrivateDnsZoneId')]\"\n          },\n          \"privateDnsZoneIDForKubernetesConfiguration\": {\n            \"value\": \"[[parameters('azureArcKubernetesConfigurationPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTCentral\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d627d7c6-ded5-481a-8f2e-7e16b1e6faf6\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotCentralPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#3": "{\n  \"name\": \"Deploy-Sql-Security_20240529\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy SQL Database built-in SQL security configuration\",\n    \"description\": \"Deploy auditing, Alert, TDE and SQL vulnerability to SQL Databases when it not exist in the deployment\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"SQL\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"replacesPolicy\": \"Deploy-Sql-Security\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"vulnerabilityAssessmentsEmail\": {\n        \"metadata\": {\n          \"description\": \"The email address to send alerts\",\n          \"displayName\": \"The email address to send alerts\"\n        },\n        \"type\": \"Array\"\n      },\n      \"vulnerabilityAssessmentsStorageID\": {\n        \"metadata\": {\n          \"description\": \"The storage account ID to store assessments\",\n          \"displayName\": \"The storage account ID to store assessments\"\n        },\n        \"type\": \"String\"\n      },\n      \"SqlDbTdeDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database Transparent Data Encryption \",\n          \"description\": \"Deploy the Transparent Data Encryption when it is not enabled in the deployment\"\n        }\n      },\n      \"SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database security Alert Policies configuration with email admin accounts\",\n          \"description\": \"Deploy the security Alert Policies configuration with email admin accounts when it not exist in current configuration\"\n        }\n      },\n      \"SqlDbAuditingSettingsDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL database auditing settings\",\n          \"description\": \"Deploy auditing settings to SQL Database when it not exist in the deployment\"\n        }\n      },\n      \"SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database vulnerability Assessments\",\n          \"description\": \"Deploy SQL Database vulnerability Assessments when it not exist in the deployment. To the specific  storage account in the parameters\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbTdeDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbTdeDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbSecurityAlertPoliciesDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbAuditingSettingsDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbAuditingSettingsDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbVulnerabilityAssessmentsDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments_20230706\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect')]\"\n          },\n          \"vulnerabilityAssessmentsEmail\": {\n            \"value\": \"[[parameters('vulnerabilityAssessmentsEmail')]\"\n          },\n          \"vulnerabilityAssessmentsStorageID\": {\n            \"value\": \"[[parameters('vulnerabilityAssessmentsStorageID')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#30": "{\n    \"name\": \"Enforce-Encryption-CMK\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n        \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n        \"metadata\": {\n            \"version\": \"3.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"ACRCmkEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"AksCmkEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n                    \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"WorkspaceCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n                    \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n                }\n            },\n            \"CognitiveServicesCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n                    \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n                }\n            },\n            \"CosmosCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n                }\n            },\n            \"DataBoxCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n                    \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n                }\n            },\n            \"StreamAnalyticsCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n                    \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n                }\n            },\n            \"SynapseWorkspaceCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n                }\n            },\n            \"StorageCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n                    \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n                }\n            },\n            \"MySQLCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n                }\n            },\n            \"PostgreSQLCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n                }\n            },\n            \"SqlServerTDECMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n                }\n            },\n            \"HealthcareAPIsCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"audit\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure API for FHIR should use a customer-managed key (CMK) to encrypt data at rest\",\n                    \"description\": \"Use a customer-managed key to control the encryption at rest of the data stored in Azure API for FHIR when this is a regulatory or compliance requirement. Customer-managed keys also deliver double encryption by adding a second layer of encryption on top of the default one done with service-managed keys.\"\n                }\n            },\n            \"AzureBatchCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n                    \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n                }\n            },\n            \"EncryptedVMDisksEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Disk encryption should be applied on virtual machines\",\n                    \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n                }\n            },\n            \"AutomationAccountCmkEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"BackupCmkEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveSearchCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"osAndDataDiskCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerInstanceCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubPremiumCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDenyCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedCmk\": {\n              \"type\": \"string\",\n              \"defaultValue\": \"Deny\",\n              \"allowedValues\": [\n                  \"Audit\",\n                  \"Deny\",\n                  \"Disabled\"\n              ]\n            },\n            \"storageTableCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsEncryptionCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageQueueCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ACRCmkEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AksCmkEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CosmosCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"HealthcareAPIsCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('HealthcareAPIsCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56a5ee18-2ae6-4810-86f7-18e39ce5629b\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AutomationAccountCmkEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2e94d99a-8a36-4563-bc77-810d8893b671\",\n                \"policyDefinitionReferenceId\": \"Deny-Backup-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BackupCmkEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/76a56461-9dc0-40f0-82f5-2453283afa2f\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/702dd420-7fcc-42c5-afe8-4026edd20fe0\",\n                \"policyDefinitionReferenceId\": \"Deny-OsAndDataDisk-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('osAndDataDiskCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0aa61e00-0a01-4a3c-9945-e93cffedf0e6\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerInstance-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerInstanceCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/81e74cea-30fd-40d5-802f-d72103c2aaaa\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec52d6d-beb7-40c4-9a9e-fe753254690e\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1ad735a-e96f-45d2-a7b2-9a4932cab7ec\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-Premium-CMK\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Premium-CMK\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubPremiumCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/295fc8b1-dc9f-4f53-9c61-3f313ceab40a\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDenyCmk')]\"\n                    }\n                }\n            },\n            {\n              \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac01ad65-10e5-46df-bdd9-6b0cad13e1d2\",\n              \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Cmk\",\n              \"groupNames\": [],\n              \"parameters\": {\n                  \"effect\": {\n                      \"value\": \"[[parameters('sqlManagedCmk')]\"\n                  }\n              }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c322315-e26d-4174-a99e-f49d351b4688\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Table-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageTableCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5ec538c-daa0-4006-8596-35468b9148e8\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Encryption-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsEncryptionCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e5abd0-2554-4736-b7c0-4ffef23475ef\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Queue-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageQueueCmk')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#31": "{\n    \"name\": \"Enforce-ACSB\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce Azure Compute Security Benchmark compliance auditing\",\n        \"description\": \"Enforce Azure Compute Security Benchmark compliance auditing for Windows and Linux virtual machines.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Guest Configuration\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"includeArcMachines\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"true\",\n                    \"false\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Include Arc connected servers\",\n                    \"description\": \"By selecting this option, you agree to be charged monthly per Arc connected machine.\"\n                },\n                \"defaultValue\": \"true\"\n            },\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"AuditIfNotExists\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"GcIdentity\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"GcLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"GcWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WinAcsb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/72650e9f-97bc-4b2a-ab5f-9781a9fcecbc\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"IncludeArcMachines\": {\n                        \"value\": \"[[parameters('includeArcMachines')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"LinAcsb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"IncludeArcMachines\": {\n                        \"value\": \"[[parameters('includeArcMachines')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#32": "{\n  \"name\": \"Deploy-MDFC-DefenderSQL-AMA\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Configure SQL VM and Arc-enabled SQL Servers to install Microsoft Defender for SQL and AMA with a user-defined LAW\",\n    \"description\": \"Initiative is deprecated as the built-in initiative now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/de01d381-bae9-4670-8870-786f89f49e26.html\",\n    \"metadata\": {\n      \"version\": \"1.0.1-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"de01d381-bae9-4670-8870-786f89f49e26\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      },\n      \"userWorkspaceResourceId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace Resource Id\",\n          \"description\": \"Workspace resource Id of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n        \"type\": \"Boolean\",\n        \"metadata\": {\n          \"displayName\": \"Enable collection of SQL queries for security research\",\n          \"description\": \"Enable or disable the collection of SQL queries for security research.\"\n        },\n        \"allowedValues\": [\n          true,\n          false\n        ],\n        \"defaultValue\": false\n      },\n      \"identityResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Identity Resource Group\",\n          \"description\": \"The name of the resource group created by the policy.\"\n        },\n        \"defaultValue\": \"\"\n      },\n      \"userAssignedIdentityName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"User Assigned Managed Identity Name\",\n          \"description\": \"The name of the user assigned managed identity.\"\n        },\n        \"defaultValue\": \"\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcAma\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3592ff98-9787-443a-af59-4505d0fe0786\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcMdsql\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65503269-6a54-4553-8a28-0065a8e6d929\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcMdsqlDcr\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-Arc-Sql-DefenderSQL-DCR\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"userWorkspaceResourceId\": {\n            \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n            \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcDcrAssociation\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-Arc-SQL-DCR-Association\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlAma\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-AMA\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"identityResourceGroup\": {\n            \"value\": \"[[parameters('identityResourceGroup')]\"\n          },\n          \"userAssignedIdentityName\": {\n            \"value\": \"[[parameters('userAssignedIdentityName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlMdsql\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-DefenderSQL\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlMdsqlDcr\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-DefenderSQL-DCR\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"Disabled\"\n          },\n          \"userWorkspaceResourceId\": {\n            \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n            \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
+    "$fxv#33": "{\n    \"name\": \"Enforce-Backup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce enhanced recovery and backup policies\",\n        \"description\": \"Enforce enhanced recovery and backup policies on assigned scopes.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Backup\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"version\": \"1.0.0\",\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"checkLockedImmutabilityOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"checkLockedImmutabilityOnly\",\n                    \"description\": \"This parameter checks if Immutability is locked for Backup Vaults in scope. Selecting 'true' will mark only vaults with Immutability 'Locked' as compliant. Selecting 'false' will mark vaults that have Immutability either 'Enabled' or 'Locked' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            },\n            \"checkAlwaysOnSoftDeleteOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"CheckAlwaysOnSoftDeleteOnly\",\n                    \"description\": \"This parameter checks if Soft Delete is 'Locked' for Backup Vaults in scope. Selecting 'true' will mark only vaults with Soft Delete 'AlwaysOn' as compliant. Selecting 'false' will mark vaults that have Soft Delete either 'On' or 'AlwaysOn' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2514263b-bc0d-4b06-ac3e-f262c0979018\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabiltyOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6f6f560-14b7-49a4-9fc8-d2c3a9807868\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabilityOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-SoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9798d31d-6028-4dee-8643-46102185c016\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkAlwaysOnSoftDeleteOnly\": {\n                        \"value\": \"[[parameters('checkAlwaysOnSoftDeleteOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-SoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/31b8092a-36b8-434b-9af7-5ec844364148\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkAlwaysOnSoftDeleteOnly\": {\n                        \"value\": \"[[parameters('checkAlwaysOnSoftDeleteOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-MUA\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c58e083e-7982-4e24-afdc-be14d312389e\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-MUA\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c7031eab-0fc0-4cd9-acd0-4497bd66d91a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#34": "{\n    \"name\": \"Enforce-ALZ-Decomm\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"Enforce policies in the Decommissioned Landing Zone\",\n      \"description\": \"Enforce policies in the Decommissioned Landing Zone.\",\n      \"metadata\": {\n        \"version\": \"1.0.0\",\n        \"category\": \"Decommissioned\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"alzCloudEnvironments\": [ \n          \"AzureCloud\"\n        ]\n      },\n      \"parameters\": {\n        \"listOfResourceTypesAllowed\":{\n          \"type\": \"Array\",\n          \"defaultValue\": [],\n          \"metadata\": {\n            \"displayName\": \"Allowed resource types in the Decommissioned landing zone\",\n            \"description\": \"Allowed resource types in the Decommissioned landing zone, default is none.\",\n            \"strongType\": \"resourceTypes\"\n          }\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"DecomDenyResources\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\n          \"parameters\": {\n            \"listOfResourceTypesAllowed\": {\n              \"value\": \"[[parameters('listOfResourceTypesAllowed')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n            \"policyDefinitionReferenceId\": \"DecomShutdownMachines\",\n            \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown\",\n            \"parameters\": {},\n            \"groupNames\": []\n          }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }\n  ",
+    "$fxv#35": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\n                \"policyDefinitionReferenceId\": \"Dine-Storage-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#36": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-Sup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce additional recommended guardrails for Key Vault\",\n        \"description\": \"This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"keyVaultManagedHsmDisablePublicNetworkModify\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultModifyFw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84d327c3-164a-4685-b453-900478614456\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetworkModify')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-Fw\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultModifyFw')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#37": "{\n    \"name\": \"Enforce-EncryptTransit\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n      \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_20240509.html\",\n      \"metadata\": {\n        \"version\": \"2.1.0-deprecated\",\n        \"category\": \"Encryption\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"deprecated\": true,\n        \"supersededBy\": \"Enforce-EncryptTransit_20240509\",\n        \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n        ]\n      },\n      \"parameters\": {\n        \"AppServiceHttpEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n            \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceTlsVersionEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n            \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n            \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n          }\n        },\n        \"APIAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"FunctionLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"FunctionServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"WebAppServiceLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"WebAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"AKSIngressHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n            \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"deny\",\n          \"allowedValues\": [\n            \"audit\",\n            \"deny\",\n            \"disabled\"\n          ]\n        },\n        \"MySQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"MySQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n            \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"MySQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"PostgreSQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"PostgreSQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n            \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"PostgreSQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"RedisTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"RedisMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n            \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n          }\n        },\n        \"RedisTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n            \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"SQLManagedInstanceTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLManagedInstanceMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n            \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n          }\n        },\n        \"SQLManagedInstanceTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"SQLServerTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLServerminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n            \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n          }\n        },\n        \"SQLServerTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"StorageDeployHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"StorageminimumTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_1\",\n            \"TLS1_0\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Storage Account select minimum TLS version\",\n            \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n          }\n        },\n        \"StorageHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"ContainerAppsHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n            \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Deny\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n            },\n            \"minTlsVersion\": {\n              \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }",
+    "$fxv#38": "{\n    \"name\": \"Enforce-EncryptTransit_20240509\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"ContainerAppsHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n                    \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#39": "{\n    \"name\": \"Enforce-Guardrails-ContainerApps\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Apps\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerAppsManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsVnetInjection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b346db6-85af-419b-8557-92cee2c0f9bb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApp-Vnet-Injection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsVnetInjection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsManagedIdentity')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#4": "{\n    \"name\": \"Enforce-ALZ-Sandbox\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce policies in the Sandbox Landing Zone\",\n        \"description\": \"Enforce policies in the Sandbox Landing Zone.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Sandbox\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"listOfResourceTypesNotAllowed\": {\n                \"type\": \"Array\",\n                \"defaultValue\": [],\n                \"metadata\": {\n                    \"displayName\": \"Not allowed resource types in the Sandbox landing zone\",\n                    \"description\": \"Not allowed resource types in the Sandbox landing zone, default is none.\",\n                    \"strongType\": \"resourceTypes\"\n                }\n            },\n            \"effectNotAllowedResources\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectDenyVnetPeering\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"SandboxNotAllowed\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectNotAllowedResources')]\"\n                      },\n                    \"listOfResourceTypesNotAllowed\": {\n                        \"value\": \"[[parameters('listOfResourceTypesNotAllowed')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SandboxDenyVnetPeering\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peer-Cross-Sub\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectDenyVnetPeering')]\"\n                      }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#40": "{\n    \"name\": \"Enforce-Guardrails-KeyVault\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultManagedHsmCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsPurgeProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86810a98-8e91-4a44-8386-ec66d0de5d57\",\n                \"policyDefinitionReferenceId\": \"Deny-keyVaultManagedHsm-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PurgeProtection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsPurgeProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#41": "{\n    \"name\": \"Enforce-Guardrails-Automation\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"autoHotPatch\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d02d2f7-e38b-4bdc-96f3-adc0a8726abc\",\n                \"policyDefinitionReferenceId\": \"Deny-Windows-Vm-HotPatch\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('autoHotPatch')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#42": "{\n    \"name\": \"Enforce-Guardrails-MySQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlInfraEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#43": "{\n    \"name\": \"Enforce-Guardrails-Network\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableIDPS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafAfdEnabled\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Afd-Enabled\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafAfdEnabled')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-IDPS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableIDPS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#44": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbAtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656\",\n                \"policyDefinitionReferenceId\": \"Dine-CosmosDb-Atp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbAtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#45": "{\n  \"name\": \"Deny-PublicPaaSEndpoints-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registries with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-KeyVaultPaasPublicIP\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AFSPaasPublicIP\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#46": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
+    "$fxv#47": "{\n  \"name\": \"Deploy-MDFC-Config-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#48": "{\n  \"name\": \"Enforce-Encryption-CMK-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"MySQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"PostgreSQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#49": "{\n  \"name\": \"Deploy-Private-DNS-Zones-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#5": "{\n    \"name\": \"DenyAction-DeleteProtection\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"DenyAction Delete - Activity Log Settings and Diagnostic Settings\",\n        \"description\": \"Enforces DenyAction - Delete on Activity Log Settings and Diagnostic Settings.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Monitoring\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {},\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-DiagnosticSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-ActivityLogSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#50": "{\n    \"name\": \"Enforce-Guardrails-Storage-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#51": "{\n    \"name\": \"Enforce-EncryptTransit_20240509-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#52": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#53": "{\n    \"name\": \"Enforce-Guardrails-Automation-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#54": "{\n    \"name\": \"Enforce-Guardrails-MySQL-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#55": "{\n    \"name\": \"Enforce-Guardrails-Network-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#56": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#57": "{\n  \"name\": \"Deny-PublicPaaSEndpoints\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that  Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registires with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicEndpoint-MariaDB\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#58": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
+    "$fxv#59": "{\n  \"name\": \"Deploy-MDFC-Config\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForDns\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForArm\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForStorage\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForStorageAccounts\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c30959-af11-47b3-9ed2-a26e03f427a3\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForStorage')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForDns\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForDns')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForArm\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForArm')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#6": "{\n    \"name\": \"Deploy-AUM-CheckUpdates\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Configure periodic checking for missing system updates on azure virtual machines and Arc-enabled virtual machines\",\n        \"description\": \"Configure auto-assessment (every 24 hours) for OS updates. You can control the scope of assignment according to machine subscription, resource group, location or tag. Learn more about this for Windows: https://aka.ms/computevm-windowspatchassessmentmode, for Linux: https://aka.ms/computevm-linuxpatchassessmentmode.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"assessmentMode\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Assessment mode\",\n                    \"description\": \"Assessment mode for the machines.\"\n                },\n                \"allowedValues\": [\n                    \"ImageDefault\",\n                    \"AutomaticByPlatform\"\n                ],\n                \"defaultValue\": \"AutomaticByPlatform\"\n            },\n            \"locations\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Machines locations\",\n                    \"description\": \"The list of locations from which machines need to be targeted.\",\n                    \"strongType\": \"location\"\n                },\n                \"defaultValue\": []\n            },\n            \"tagValues\": {\n                \"type\": \"Object\",\n                \"metadata\": {\n                    \"displayName\": \"Tags on machines\",\n                    \"description\": \"The list of tags that need to matched for getting target machines.\"\n                },\n                \"defaultValue\": {}\n            },\n            \"tagOperator\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Tag operator\",\n                    \"description\": \"Matching condition for resource tags\"\n                },\n                \"allowedValues\": [\n                    \"All\",\n                    \"Any\"\n                ],\n                \"defaultValue\": \"Any\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmCheckUpdateWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Windows\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmCheckUpdateLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Linux\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmArcCheckUpdateWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfea026e-043f-4ff4-9d1b-bf301ca7ff46\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Windows\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmArcCheckUpdateLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfea026e-043f-4ff4-9d1b-bf301ca7ff46\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Linux\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#60": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
+    "$fxv#61": "{\n  \"name\": \"Enforce-Encryption-CMK\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#62": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\n                \"policyDefinitionReferenceId\": \"Dine-Storage-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#63": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-Sup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce additional recommended guardrails for Key Vault\",\n        \"description\": \"This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"keyVaultManagedHsmDisablePublicNetworkModify\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultModifyFw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84d327c3-164a-4685-b453-900478614456\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetworkModify')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-Fw\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultModifyFw')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#64": "{\n    \"name\": \"Enforce-EncryptTransit\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n      \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_20240509.html\",\n      \"metadata\": {\n        \"version\": \"2.1.0-deprecated\",\n        \"category\": \"Encryption\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"deprecated\": true,\n        \"supersededBy\": \"Enforce-EncryptTransit_20240509\",\n        \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n        ]\n      },\n      \"parameters\": {\n        \"AppServiceHttpEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n            \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceTlsVersionEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n            \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n            \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n          }\n        },\n        \"APIAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"FunctionLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"FunctionServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"WebAppServiceLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"WebAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"AKSIngressHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n            \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"deny\",\n          \"allowedValues\": [\n            \"audit\",\n            \"deny\",\n            \"disabled\"\n          ]\n        },\n        \"MySQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"MySQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n            \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"MySQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"PostgreSQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"PostgreSQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n            \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"PostgreSQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"RedisTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"RedisMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n            \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n          }\n        },\n        \"RedisTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n            \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"SQLManagedInstanceTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLManagedInstanceMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n            \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n          }\n        },\n        \"SQLManagedInstanceTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"SQLServerTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLServerminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n            \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n          }\n        },\n        \"SQLServerTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"StorageDeployHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"StorageminimumTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_1\",\n            \"TLS1_0\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Storage Account select minimum TLS version\",\n            \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n          }\n        },\n        \"StorageHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"ContainerAppsHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n            \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Deny\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n            },\n            \"minTlsVersion\": {\n              \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }",
+    "$fxv#65": "{\n    \"name\": \"Enforce-EncryptTransit_20240509\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"ContainerAppsHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n                    \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#66": "{\n    \"name\": \"Enforce-Guardrails-ContainerApps\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Apps\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerAppsManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsVnetInjection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b346db6-85af-419b-8557-92cee2c0f9bb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApp-Vnet-Injection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsVnetInjection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsManagedIdentity')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#67": "{\n    \"name\": \"Enforce-Guardrails-KeyVault\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultManagedHsmCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsPurgeProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86810a98-8e91-4a44-8386-ec66d0de5d57\",\n                \"policyDefinitionReferenceId\": \"Deny-keyVaultManagedHsm-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PurgeProtection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsPurgeProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#68": "{\n    \"name\": \"Enforce-Guardrails-Automation\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"autoHotPatch\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d02d2f7-e38b-4bdc-96f3-adc0a8726abc\",\n                \"policyDefinitionReferenceId\": \"Deny-Windows-Vm-HotPatch\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('autoHotPatch')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#69": "{\n    \"name\": \"Enforce-Guardrails-MySQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlInfraEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#7": "{\n    \"name\": \"Enforce-Guardrails-APIM\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for API Management\",\n        \"description\": \"This policy initiative is a group of policies that ensures API Management is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"API Management\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"apiSubscriptionScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"minimumApiVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimSkuVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimApiBackendCertValidation\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimDirectApiEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimCallApiAuthn\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimEncryptedProtocols\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimVnetUsage\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimSecrets\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f1cc7827-022c-473e-836e-5a51cae0b249\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-without-Kv\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimSecrets')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ef619a2c-cc4d-4d03-b2ba-8c94a834d85b\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-without-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimVnetUsage')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-APIM-TLS\",\n                \"policyDefinitionReferenceId\": \"Deny-APIM-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee7495e7-3ba7-40b6-bfee-c29e22cc75d4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Protocols\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimEncryptedProtocols')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c15dcc82-b93c-4dcb-9332-fbf121685b54\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Authn\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimCallApiAuthn')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b741306c-968e-4b67-b916-5675e5c709f4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Direct-Endpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimDirectApiEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92bb331d-ac71-416a-8c91-02f2cb734ce4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Cert-Validation\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimApiBackendCertValidation')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ca8c8ac-3a6e-493d-99ba-c5fa35347ff2\",\n                \"policyDefinitionReferenceId\": \"Dine-Apim-Public-NetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimDisablePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/73ef9241-5d81-4cd4-b483-8443d1730fe5\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Sku-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimSkuVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/549814b6-3212-4203-bdc8-1548d342fb67\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('minimumApiVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3aa03346-d8c5-4994-a5bc-7652c2a2aef1\",\n                \"policyDefinitionReferenceId\": \"Deny-Api-subscription-scope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apiSubscriptionScope')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#70": "{\n    \"name\": \"Enforce-Guardrails-Network\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableIDPS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafAfdEnabled\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Afd-Enabled\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafAfdEnabled')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-IDPS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableIDPS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#71": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbAtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656\",\n                \"policyDefinitionReferenceId\": \"Dine-CosmosDb-Atp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbAtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#8": "{\n    \"name\": \"Enforce-Guardrails-AppServices\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for App Service\",\n        \"description\": \"This policy initiative is a group of policies that ensures App Service is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"App Service\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"functionAppDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceSkuPl\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceDisableLocalAuthFtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceRouting\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceScmAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceRfc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsRfc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsVnetRouting\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceEnvLatestVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsRemoteDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsRemoteDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceByoc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsModifyHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppService-without-BYOC\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Byoc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceByoc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a5e3fe8f-f6cd-4f1d-bbf6-c749754a724b\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Remote-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsRemoteDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cca5adfe-626b-4cc6-8522-f5b6ed2391bd\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Remote-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsRemoteDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eb4d34ab-0929-491c-bbf3-61e13da19f9a\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Latest-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceEnvLatestVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/801543d1-1953-4a90-b8b0-8cf6d41473a5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Vnet-Routing\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsVnetRouting')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f5c0bfb3-acea-47b1-b477-b0edcdf6edc1\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Rfc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceRfc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a691eacb-474d-47e4-b287-b4813ca44222\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServiceApps-Rfc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsRfc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/70adbb40-e092-42d5-a6f8-71c540a5efdb\",\n                \"policyDefinitionReferenceId\": \"DINE-FuncApp-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e97b776-f380-4722-a9a3-e7f0be029e79\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-ScmAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceScmAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5747353b-1ca9-42c1-a4dd-b874b894f3d4\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-Routing\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceRouting')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/572e342c-c920-4ef5-be2e-1ed3c6a51dc5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-FtpAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceDisableLocalAuthFtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/546fe8d2-368d-4029-a418-6af48a7f61e5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-SkuPl\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceSkuPl')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2c034a29-2a5f-4857-b120-f800fe5549ae\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceDisableLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a5046c-c423-4805-9235-e844ae9ef49b\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08cf2974-d178-48a0-b26d-f6b8e555748b\",\n                \"policyDefinitionReferenceId\": \"Modify-Function-Apps-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsModifyHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0f98368e-36bc-4716-8ac2-8f8067203b63\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/242222f3-4985-4e99-b5ef-086d6a6cb01c\",\n                \"policyDefinitionReferenceId\": \"Modify-Function-Apps-Slots-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2374605e-3e0b-492b-9046-229af202562c\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-Apps-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c6c3e00e-d414-4ca4-914f-406699bb8eee\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-App-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#9": "{\n    \"name\": \"Enforce-Guardrails-CognitiveServices\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cognitive Services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cognitive Services is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cognitiveSearchSku\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveSearchLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyCognitiveSearchLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyCognitiveSearchPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a049bf77-880b-470f-ba6d-9f21c530cf83\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-SKU\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchSku')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6300012e-e9a4-4649-b41f-a85f5c43be91\",\n                \"policyDefinitionReferenceId\": \"Deny-CongitiveSearch-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4eb216f2-9dba-4979-86e6-5d7e63ce3b75\",\n                \"policyDefinitionReferenceId\": \"Modify-CogntiveSearch-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyCognitiveSearchLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9cee519f-d9c1-4fd9-9f79-24ec3449ed30\",\n                \"policyDefinitionReferenceId\": \"Modify-CogntiveSearch-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyCognitiveSearchPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47ba1dd7-28d9-4b07-a8d5-9813bed64e0c\",\n                \"policyDefinitionReferenceId\": \"Modify-Cognitive-Services-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "cloudEnv": "[environment().name]",
+    "defaultDeploymentLocationByCloudType": {
+      "AzureCloud": "northeurope",
+      "AzureChinaCloud": "chinanorth3",
+      "AzureUSGovernment": "usgovvirginia"
+    },
+    "templateVars": {
+      "scope": "/providers/Microsoft.Management/managementGroups/contoso",
+      "defaultDeploymentLocation": "\"location\": \"northeurope\"",
+      "localizedDeploymentLocation": "[format('\"location\": \"{0}\"', variables('defaultDeploymentLocationByCloudType')[variables('cloudEnv')])]"
+    },
+    "loadPolicySetDefinitions": {
+      "All": [
+        "[variables('$fxv#0')]",
+        "[variables('$fxv#1')]",
+        "[variables('$fxv#2')]",
+        "[variables('$fxv#3')]",
+        "[variables('$fxv#4')]",
+        "[variables('$fxv#5')]",
+        "[variables('$fxv#6')]",
+        "[variables('$fxv#7')]",
+        "[variables('$fxv#8')]",
+        "[variables('$fxv#9')]",
+        "[variables('$fxv#10')]",
+        "[variables('$fxv#11')]",
+        "[variables('$fxv#12')]",
+        "[variables('$fxv#13')]",
+        "[variables('$fxv#14')]",
+        "[variables('$fxv#15')]",
+        "[variables('$fxv#16')]",
+        "[variables('$fxv#17')]",
+        "[variables('$fxv#18')]",
+        "[variables('$fxv#19')]",
+        "[variables('$fxv#20')]",
+        "[variables('$fxv#21')]",
+        "[variables('$fxv#22')]",
+        "[variables('$fxv#23')]",
+        "[variables('$fxv#24')]"
+      ],
+      "AzureCloud": [
+        "[variables('$fxv#25')]",
+        "[variables('$fxv#26')]",
+        "[variables('$fxv#27')]",
+        "[variables('$fxv#28')]",
+        "[variables('$fxv#29')]",
+        "[variables('$fxv#30')]",
+        "[variables('$fxv#31')]",
+        "[variables('$fxv#32')]",
+        "[variables('$fxv#33')]",
+        "[variables('$fxv#34')]",
+        "[variables('$fxv#35')]",
+        "[variables('$fxv#36')]",
+        "[variables('$fxv#37')]",
+        "[variables('$fxv#38')]",
+        "[variables('$fxv#39')]",
+        "[variables('$fxv#40')]",
+        "[variables('$fxv#41')]",
+        "[variables('$fxv#42')]",
+        "[variables('$fxv#43')]",
+        "[variables('$fxv#44')]"
+      ],
+      "AzureChinaCloud": [
+        "[variables('$fxv#45')]",
+        "[variables('$fxv#46')]",
+        "[variables('$fxv#47')]",
+        "[variables('$fxv#48')]",
+        "[variables('$fxv#49')]",
+        "[variables('$fxv#50')]",
+        "[variables('$fxv#51')]",
+        "[variables('$fxv#52')]",
+        "[variables('$fxv#53')]",
+        "[variables('$fxv#54')]",
+        "[variables('$fxv#55')]",
+        "[variables('$fxv#56')]"
+      ],
+      "AzureUSGovernment": [
+        "[variables('$fxv#57')]",
+        "[variables('$fxv#58')]",
+        "[variables('$fxv#59')]",
+        "[variables('$fxv#60')]",
+        "[variables('$fxv#61')]",
+        "[variables('$fxv#62')]",
+        "[variables('$fxv#63')]",
+        "[variables('$fxv#64')]",
+        "[variables('$fxv#65')]",
+        "[variables('$fxv#66')]",
+        "[variables('$fxv#67')]",
+        "[variables('$fxv#68')]",
+        "[variables('$fxv#69')]",
+        "[variables('$fxv#70')]",
+        "[variables('$fxv#71')]"
+      ]
+    },
+    "policySetDefinitionsByCloudType": {
+      "All": "[variables('policySetDefinitionsAll')]",
+      "AzureCloud": "[variables('policySetDefinitionsAzureCloud')]",
+      "AzureChinaCloud": "[variables('policySetDefinitionsAzureChinaCloud')]",
+      "AzureUSGovernment": "[variables('policySetDefinitionsAzureUSGovernment')]"
+    },
+    "policySetDefinitions": "[concat(variables('policySetDefinitionsByCloudType').All, variables('policySetDefinitionsByCloudType')[variables('cloudEnv')])]"
+  },
+  "resources": [
+    {
+      "copy": {
+        "name": "PolicySetDefinitions",
+        "count": "[length(variables('policySetDefinitions'))]"
+      },
+      "type": "Microsoft.Authorization/policySetDefinitions",
+      "apiVersion": "2020-09-01",
+      "name": "[variables('policySetDefinitions')[copyIndex()].name]",
+      "properties": {
+        "description": "[variables('policySetDefinitions')[copyIndex()].properties.description]",
+        "displayName": "[variables('policySetDefinitions')[copyIndex()].properties.displayName]",
+        "metadata": "[variables('policySetDefinitions')[copyIndex()].properties.metadata]",
+        "parameters": "[variables('policySetDefinitions')[copyIndex()].properties.parameters]",
+        "policyType": "[variables('policySetDefinitions')[copyIndex()].properties.policyType]",
+        "policyDefinitions": "[variables('policySetDefinitions')[copyIndex()].properties.policyDefinitions]",
+        "policyDefinitionGroups": "[variables('policySetDefinitions')[copyIndex()].properties.policyDefinitionGroups]"
+      }
+    }
+  ],
+  "outputs": {
+    "policySetDefinitionNames": {
+      "type": "array",
+      "copy": {
+        "count": "[length(variables('policySetDefinitions'))]",
+        "input": "[variables('policySetDefinitions')[copyIndex()].name]"
+      }
+    }
+  }
+}
\ No newline at end of file

From 49ab8e7b479380f55a3418f6b2de17855841c428 Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Mon, 5 Aug 2024 22:39:04 +0800
Subject: [PATCH 18/43] Update for missing buid-in policy

---
 ...loy-Private-DNS-Zones.AzureChinaCloud.json |  9 +++++++++
 ...Guardrails-Automation.AzureChinaCloud.json | 18 ------------------
 ...e-Guardrails-KeyVault.AzureChinaCloud.json | 19 -------------------
 ...ce-Guardrails-Network.AzureChinaCloud.json | 19 -------------------
 4 files changed, 9 insertions(+), 56 deletions(-)

diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json
index 2762a9cf37..2162328030 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json
@@ -106,6 +106,15 @@
           "description": "Private DNS Zone Identifier"
         }
       },
+      "azureHDInsightPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureHDInsightPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
       "azureSynapseSQLPrivateDnsZoneId": {
         "type": "string",
         "defaultValue": "",
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.AzureChinaCloud.json
index 7c11b24859..1451a1d2c5 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.AzureChinaCloud.json
@@ -16,14 +16,6 @@
             ]
         },
         "parameters": {
-            "aaModifyLocalAuth": {
-                "type": "string",
-                "defaultValue": "Modify",
-                "allowedValues": [
-                    "Modify",
-                    "Disabled"
-                ]
-            },
             "aaVariablesEncryption": {
                 "type": "string",
                 "defaultValue": "Deny",
@@ -71,16 +63,6 @@
                     }
                 }
             },
-            {
-                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81",
-                "policyDefinitionReferenceId": "Modify-Aa-Local-Auth",
-                "groupNames": [],
-                "parameters": {
-                    "effect": {
-                        "value": "[[parameters('aaModifyLocalAUth')]"
-                    }
-                }
-            },
             {
                 "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c",
                 "policyDefinitionReferenceId": "Modify-Aa-Public-Network-Access",
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json
index 5f204c8d85..f667b8454e 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json
@@ -216,15 +216,6 @@
                 "type": "integer",
                 "defaultValue": 12
             },
-            "keyVaultHmsKeysExpiration": {
-                "type": "string",
-                "defaultValue": "Deny",
-                "allowedValues": [
-                    "Audit",
-                    "Deny",
-                    "Disabled"
-                ]
-            },
             "keysValidPeriod": {
                 "type": "string",
                 "defaultValue": "Disabled",
@@ -557,16 +548,6 @@
                     }
                 }
             },
-            {
-                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5",
-                "policyDefinitionReferenceId": "Deny-KV-Hms-Key-Expire",
-                "groupNames": [],
-                "parameters": {
-                    "effect": {
-                        "value": "[[parameters('keyVaultHmsKeysExpiration')]"
-                    }
-                }
-            },
             {
                 "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9",
                 "policyDefinitionReferenceId": "Deny-KV-Keys-Expire",
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json
index f3b139da66..463025afc9 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json
@@ -142,15 +142,6 @@
                     "Disabled"
                 ]
             },
-            "afwEnableAllIDPSSignatureRules": {
-                "type": "string",
-                "defaultValue": "Deny",
-                "allowedValues": [
-                    "Audit",
-                    "Deny",
-                    "Disabled"
-                ]
-            },
             "vpnAzureAD": {
                 "type": "string",
                 "defaultValue": "Deny",
@@ -256,16 +247,6 @@
                     }
                 }
             },
-            {
-                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5",
-                "policyDefinitionReferenceId": "Deny-FW-AllIDPSS",
-                "groupNames": [],
-                "parameters": {
-                    "effect": {
-                        "value": "[[parameters('afwEnableAllIDPSSignatureRules')]"
-                    }
-                }
-            },
             {
                 "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50",
                 "policyDefinitionReferenceId": "Deny-FW-EmpIDPSBypass",

From 6686ae210e0537056b6d465fe1f808baf0fbb9bf Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Tue, 6 Aug 2024 10:14:34 +0800
Subject: [PATCH 19/43] Update for policyset definition due to missing build-in
 policy

---
 .../policyDefinitions/initiatives.json        |  10 +-
 src/templates/initiatives.json                | 281 ------------------
 2 files changed, 5 insertions(+), 286 deletions(-)
 delete mode 100644 src/templates/initiatives.json

diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
index fc0ac0f296..9f12d358ea 100644
--- a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
+++ b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.22.6.54827",
-      "templateHash": "5367044722578931295"
+      "templateHash": "1676851149951734790"
     }
   },
   "parameters": {
@@ -120,14 +120,14 @@
     "$fxv#46": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
     "$fxv#47": "{\n  \"name\": \"Deploy-MDFC-Config-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#48": "{\n  \"name\": \"Enforce-Encryption-CMK-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"MySQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"PostgreSQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#49": "{\n  \"name\": \"Deploy-Private-DNS-Zones-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#49": "{\n  \"name\": \"Deploy-Private-DNS-Zones-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureHDInsightPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureHDInsightPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#5": "{\n    \"name\": \"DenyAction-DeleteProtection\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"DenyAction Delete - Activity Log Settings and Diagnostic Settings\",\n        \"description\": \"Enforces DenyAction - Delete on Activity Log Settings and Diagnostic Settings.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Monitoring\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {},\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-DiagnosticSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-ActivityLogSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#50": "{\n    \"name\": \"Enforce-Guardrails-Storage-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
     "$fxv#51": "{\n    \"name\": \"Enforce-EncryptTransit_20240509-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#52": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#53": "{\n    \"name\": \"Enforce-Guardrails-Automation-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#52": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#53": "{\n    \"name\": \"Enforce-Guardrails-Automation-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#54": "{\n    \"name\": \"Enforce-Guardrails-MySQL-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#55": "{\n    \"name\": \"Enforce-Guardrails-Network-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#55": "{\n    \"name\": \"Enforce-Guardrails-Network-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
     "$fxv#56": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#57": "{\n  \"name\": \"Deny-PublicPaaSEndpoints\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that  Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registires with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicEndpoint-MariaDB\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#58": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
diff --git a/src/templates/initiatives.json b/src/templates/initiatives.json
deleted file mode 100644
index fc0ac0f296..0000000000
--- a/src/templates/initiatives.json
+++ /dev/null
@@ -1,281 +0,0 @@
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
-  "contentVersion": "1.0.0.0",
-  "metadata": {
-    "_generator": {
-      "name": "bicep",
-      "version": "0.22.6.54827",
-      "templateHash": "5367044722578931295"
-    }
-  },
-  "parameters": {
-    "topLevelManagementGroupPrefix": {
-      "type": "string",
-      "defaultValue": "alz",
-      "metadata": {
-        "message": "The JSON version of this file is programatically generated from Bicep. PLEASE DO NOT UPDATE MANUALLY!!",
-        "description": "Provide a prefix (max 10 characters, unique at tenant-scope) for the Management Group hierarchy and other resources created as part of an Azure landing zone. DEFAULT VALUE = \"alz\""
-      },
-      "maxLength": 10
-    },
-    "location": {
-      "type": "string",
-      "defaultValue": "[deployment().location]",
-      "metadata": {
-        "description": "Optionally set the deployment location for policies with Deploy If Not Exists effect. DEFAULT VALUE = \"deployment().location\""
-      }
-    },
-    "scope": {
-      "type": "string",
-      "defaultValue": "[tenantResourceId('Microsoft.Management/managementGroups', parameters('topLevelManagementGroupPrefix'))]",
-      "metadata": {
-        "description": "Optionally set the scope for custom Policy Definitions used in Policy Set Definitions (Initiatives). Must be one of '/', '/subscriptions/id' or '/providers/Microsoft.Management/managementGroups/id'. DEFAULT VALUE = '/providers/Microsoft.Management/managementGroups/${topLevelManagementGroupPrefix}'"
-      }
-    }
-  },
-  "variables": {
-    "copy": [
-      {
-        "name": "processPolicySetDefinitionsAll",
-        "count": "[length(variables('loadPolicySetDefinitions').All)]",
-        "input": "[replace(variables('loadPolicySetDefinitions').All[copyIndex('processPolicySetDefinitionsAll')], variables('templateVars').scope, parameters('scope'))]"
-      },
-      {
-        "name": "processPolicySetDefinitionsAzureCloud",
-        "count": "[length(variables('loadPolicySetDefinitions').AzureCloud)]",
-        "input": "[replace(variables('loadPolicySetDefinitions').AzureCloud[copyIndex('processPolicySetDefinitionsAzureCloud')], variables('templateVars').scope, parameters('scope'))]"
-      },
-      {
-        "name": "processPolicySetDefinitionsAzureChinaCloud",
-        "count": "[length(variables('loadPolicySetDefinitions').AzureChinaCloud)]",
-        "input": "[replace(variables('loadPolicySetDefinitions').AzureChinaCloud[copyIndex('processPolicySetDefinitionsAzureChinaCloud')], variables('templateVars').scope, parameters('scope'))]"
-      },
-      {
-        "name": "processPolicySetDefinitionsAzureUSGovernment",
-        "count": "[length(variables('loadPolicySetDefinitions').AzureUSGovernment)]",
-        "input": "[replace(variables('loadPolicySetDefinitions').AzureUSGovernment[copyIndex('processPolicySetDefinitionsAzureUSGovernment')], variables('templateVars').scope, parameters('scope'))]"
-      },
-      {
-        "name": "policySetDefinitionsAll",
-        "count": "[length(variables('processPolicySetDefinitionsAll'))]",
-        "input": "[json(variables('processPolicySetDefinitionsAll')[copyIndex('policySetDefinitionsAll')])]"
-      },
-      {
-        "name": "policySetDefinitionsAzureCloud",
-        "count": "[length(variables('processPolicySetDefinitionsAzureCloud'))]",
-        "input": "[json(variables('processPolicySetDefinitionsAzureCloud')[copyIndex('policySetDefinitionsAzureCloud')])]"
-      },
-      {
-        "name": "policySetDefinitionsAzureChinaCloud",
-        "count": "[length(variables('processPolicySetDefinitionsAzureChinaCloud'))]",
-        "input": "[json(variables('processPolicySetDefinitionsAzureChinaCloud')[copyIndex('policySetDefinitionsAzureChinaCloud')])]"
-      },
-      {
-        "name": "policySetDefinitionsAzureUSGovernment",
-        "count": "[length(variables('processPolicySetDefinitionsAzureUSGovernment'))]",
-        "input": "[json(variables('processPolicySetDefinitionsAzureUSGovernment')[copyIndex('policySetDefinitionsAzureUSGovernment')])]"
-      }
-    ],
-    "$fxv#0": "{\n    \"name\": \"Audit-UnusedResourcesCostOptimization\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Unused resources driving cost should be avoided\",\n        \"description\": \"Optimize cost by detecting unused but chargeable resources. Leverage this Azure Policy Initiative as a cost control tool to reveal orphaned resources that are contributing cost.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Cost Optimization\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n              ]\n        },\n        \"parameters\": {\n            \"effectDisks\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Disks Effect\",\n                    \"description\": \"Enable or disable the execution of the policy for Microsoft.Compute/disks\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectPublicIpAddresses\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"PublicIpAddresses Effect\",\n                    \"description\": \"Enable or disable the execution of the policy for Microsoft.Network/publicIpAddresses\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectServerFarms\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"ServerFarms Effect\",\n                    \"description\": \"Enable or disable the execution of the policy for Microsoft.Web/serverfarms\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AuditDisksUnusedResourcesCostOptimization\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Audit-Disks-UnusedResourcesCostOptimization\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectDisks')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AuditPublicIpAddressesUnusedResourcesCostOptimization\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Audit-PublicIpAddresses-UnusedResourcesCostOptimization\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectPublicIpAddresses')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AuditServerFarmsUnusedResourcesCostOptimization\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Audit-ServerFarms-UnusedResourcesCostOptimization\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectServerFarms')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AuditAzureHybridBenefitUnusedResourcesCostOptimization\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Audit-AzureHybridBenefit\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"Audit\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#1": "{\n    \"name\": \"Audit-TrustedLaunch\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Audit virtual machines for Trusted Launch support\",\n        \"description\": \"Trusted Launch improves security of a Virtual Machine which requires VM SKU, OS Disk & OS Image to support it (Gen 2). To learn more about Trusted Launch, visit https://aka.ms/trustedlaunch.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Trusted Launch\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n              ]\n        },\n        \"version\": \"1.0.0\",\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AuditDisksOsTrustedLaunch\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b03bb370-5249-4ea4-9fce-2552e87e45fa\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AuditTrustedLaunchEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95b54ad-0614-4633-ab29-104b01235cbf\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#10": "{\n    \"name\": \"Enforce-Guardrails-Compute\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Compute\",\n        \"description\": \"This policy initiative is a group of policies that ensures Compute is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Compute\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"diskDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vmAndVmssEncryptionHost\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fc4d8e41-e223-45ea-9bf5-eada37891d87\",\n                \"policyDefinitionReferenceId\": \"Deny-VmAndVmss-Encryption-Host\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vmAndVmssEncryptionHost')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ca91455f-eace-4f96-be59-e6e2c35b4816\",\n                \"policyDefinitionReferenceId\": \"Deny-Disk-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('diskDoubleEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#11": "{\n    \"name\": \"Enforce-Guardrails-ContainerInstance\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Instance\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Instances\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerInstanceVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8af8f826-edcb-4178-b35f-851ea6fea615\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerInstance-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerInstanceVnet')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#12": "{\n    \"name\": \"Enforce-Guardrails-ContainerRegistry\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Registry\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Registry\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerRegistryUnrestrictedNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryRepositoryToken\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyRepositoryToken\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryExports\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryAnAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyAnAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistrySkuPrivateLink\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryArmAudience\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyArmAudience\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/79fdfe03-ffcb-4e55-b4d0-b925b8241759\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b426fe-8856-4945-8600-18c5dd1cca2a\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Repo-Token\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyRepositoryToken')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/42781ec6-6127-4c30-bdfa-fb423a0047d3\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Arm-Audience\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryArmAudience')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/785596ed-054f-41bc-aaec-7f3d0ba05725\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Arm-Audience\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyArmAudience')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd560fc0-3c69-498a-ae9f-aa8eb7de0e13\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Sku-PrivateLink\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistrySkuPrivateLink')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cced2946-b08a-44fe-9fd9-e4ed8a779897\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Anonymous-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyAnAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9f2dea28-e834-476c-99c5-3507b4728395\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Anonymous-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryAnAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/524b0254-c285-4903-bee6-bb8126cde579\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Exports\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryExports')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc921057-6b28-4fbe-9b83-f7bec05db6c2\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff05e24e-195c-447e-b322-5e90c9f9f366\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Repo-Token\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryRepositoryToken')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Unrestricted-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryUnrestrictedNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a3701552-92ea-433e-9d17-33b7f1208fc9\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#13": "{\n    \"name\": \"Enforce-Guardrails-DataExplorer\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Data Explorer\",\n        \"description\": \"This policy initiative is a group of policies that ensures Data Explorer is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Azure Data Explorer\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"adxEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxSku\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1fec9658-933f-4b3e-bc95-913ed22d012b\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Sku-without-PL-Support\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxSku')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4b53539-8df9-40e4-86c6-6b607703bd4e\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7b32f193-cb28-4e15-9a98-b9556db0bafa\",\n                \"policyDefinitionReferenceId\": \"Modify-ADX-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#14": "{\n    \"name\": \"Enforce-Guardrails-DataFactory\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Data Factory\",\n        \"description\": \"This policy initiative is a group of policies that ensures Data Factory is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Data Factory\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"adfSqlIntegration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfLinkedServiceKeyVault\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfGit\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f78ccdb4-7bf4-4106-8647-270491d2978a\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/77d40665-3120-4348-b539-3192ec808307\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Git\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfGit')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/127ef6d7-242f-43b3-9eef-947faf1725d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Linked-Service-Key-Vault\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfLinkedServiceKeyVault')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0088bc63-6dee-4a9c-9d29-91cfdc848952\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Sql-Integration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfSqlIntegration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b1442b-7789-4130-8506-4f99a97226a7\",\n                \"policyDefinitionReferenceId\": \"Modify-Adf-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#15": "{\n    \"name\": \"Enforce-Guardrails-EventGrid\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Event Grid\",\n        \"description\": \"This policy initiative is a group of policies that ensures Event Grid is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Grid\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"eventGridLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPartnerNamespaceLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPartnerNamespaceModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridDomainModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridDomainModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2dd0e8b9-4289-4bb0-b813-1883298e9924\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Partner-Namespace-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPartnerNamespaceModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ac2748f-3bf1-4c02-a3b6-92ae68cf75b1\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Domain-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridDomainModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae9fb87f-8a17-4428-94a4-8135d431055c\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Topic-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c8144d9-746a-4501-b08c-093c8d29ad04\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Topic-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8632b003-3545-4b29-85e6-b2b96773df1e\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Partner-Namespace-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPartnerNamespaceLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8bfadddb-ee1c-4639-8911-a38cb8e0b3bd\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/898e9824-104c-4965-8e0e-5197588fa5d4\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Domain-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridDomainModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36ea4b4b-0f7f-4a54-89fa-ab18f555a172\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Topic-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#16": "{\n    \"name\": \"Enforce-Guardrails-EventHub\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Event Hub\",\n        \"description\": \"This policy initiative is a group of policies that ensures Event Hub is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Hub\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"eventHubAuthRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/836cd60e-87f3-4e6a-a27c-29d687f01a4c\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/57f35901-8389-40bb-ac49-3ba4f86d889d\",\n                \"policyDefinitionReferenceId\": \"Modify-EH-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5d4e3c65-4873-47be-94f3-6f8b953a3598\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Auth-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubAuthRules')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#17": "{\n    \"name\": \"Enforce-Guardrails-Kubernetes\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Kubernetes\",\n        \"description\": \"This policy initiative is a group of policies that ensures Kubernetes is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Kubernetes\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aksKms\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksCni\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivateCluster\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksCommandInvoke\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksReadinessOrLivenessProbes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivContainers\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivEscalation\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksAllowedCapabilities\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksTempDisk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksInternalLb\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksDefaultNamespace\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksNakedPods\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksShareHostProcessAndNamespace\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksWindowsContainerAdministrator\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5485eac0-7e8f-4964-998b-a44f4f0c1e75\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Windows-Container-Administrator\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksWindowsContainerAdministrator')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Shared-Host-Process-Namespace\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksShareHostProcessAndNamespace')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65280eef-c8b4-425e-9aec-af55e55bf581\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Naked-Pods\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksNakedPods')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9f061a12-e40d-4183-a00e-171812443373\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Default-Namespace\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksDefaultNamespace')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Internal-Lb\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksInternalLb')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/41425d9f-d1a5-499a-9932-f8ed8453932c\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Temp-Disk-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksTempDisk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Allowed-Capabilities\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksAllowedCapabilities')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Priv-Escalation\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivEscalation')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Priv-Containers\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivContainers')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b1a9997f-2883-4f12-bdff-2280f99b5915\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-ReadinessOrLiveness-Probes\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksReadinessOrLivenessProbes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b708b0a-3380-40e9-8b79-821f9fa224cc\",\n                \"policyDefinitionReferenceId\": \"Dine-Aks-Command-Invoke\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksCommandInvoke')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"policyDefinitionReferenceId\": \"Dine-Aks-Policy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPolicy')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Private-Cluster\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivateCluster')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/993c2fcd-2b29-49d2-9eb0-df2c3a730c32\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dbbdc317-9734-4dd8-9074-993b29c69008\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Kms\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksKms')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46238e2f-3f6f-4589-9f3f-77bed4116e67\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Cni\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksCni')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#18": "{\n    \"name\": \"Enforce-Guardrails-MachineLearning\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Machine Learning\",\n        \"description\": \"This policy initiative is a group of policies that ensures Machine Learning is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Machine Learning\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mlUserAssignedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlOutdatedOS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f110a506-2dcb-422e-bcea-d533fc8c35e2\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-Outdated-Os\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effects\": {\n                        \"value\": \"[[parameters('mlOutdatedOS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6f9a2d0-cff7-4855-83ad-4cd750666512\",\n                \"policyDefinitionReferenceId\": \"Modify-ML-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f0c7d88-c7de-45b8-ac49-db49e72eaa78\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-User-Assigned-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlUserAssignedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a10ee784-7409-4941-b091-663697637c0f\",\n                \"policyDefinitionReferenceId\": \"Modify-ML-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#19": "{\n    \"name\": \"Enforce-Guardrails-OpenAI\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Open AI (Cognitive Service)\",\n        \"description\": \"This policy initiative is a group of policies that ensures Open AI (Cognitive Service) is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cognitiveServicesOutboundNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesNetworkAcls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesModifyDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesCustomerStorage\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-CognitiveServices-RestrictOutboundNetworkAccess\",\n                \"policyDefinitionReferenceId\": \"Deny-OpenAi-OutboundNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesOutboundNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-CognitiveServices-NetworkAcls\",\n                \"policyDefinitionReferenceId\": \"Deny-OpenAi-NetworkAcls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesNetworkAcls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe3fd216-4f83-4fc1-8984-2bbec80a3418\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/71ef260a-8f18-47b7-abcb-62d0673d94dc\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesDisableLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46aa9b05-0e60-4eae-a88b-1e9d374fa515\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Cust-Storage\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesCustomerStorage')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/14de9e63-1b31-492e-a5a3-c3f7fd57f555\",\n                \"policyDefinitionReferenceId\": \"Modify-Cognitive-Services-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesModifyDisableLocalAuth')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#2": "{\n  \"name\": \"Deploy-Sql-Security\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Deploy SQL Database built-in SQL security configuration\",\n    \"description\": \"Deploy auditing, Alert, TDE and SQL vulnerability to SQL Databases when it not exist in the deployment. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-Sql-Security_20240529.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"SQL\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"Deploy-Sql-Security_20240529\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"vulnerabilityAssessmentsEmail\": {\n        \"metadata\": {\n          \"description\": \"The email address to send alerts\",\n          \"displayName\": \"The email address to send alerts\"\n        },\n        \"type\": \"String\"\n      },\n      \"vulnerabilityAssessmentsStorageID\": {\n        \"metadata\": {\n          \"description\": \"The storage account ID to store assessments\",\n          \"displayName\": \"The storage account ID to store assessments\"\n        },\n        \"type\": \"String\"\n      },\n      \"SqlDbTdeDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database Transparent Data Encryption \",\n          \"description\": \"Deploy the Transparent Data Encryption when it is not enabled in the deployment\"\n        }\n      },\n      \"SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database security Alert Policies configuration with email admin accounts\",\n          \"description\": \"Deploy the security Alert Policies configuration with email admin accounts when it not exist in current configuration\"\n        }\n      },\n      \"SqlDbAuditingSettingsDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL database auditing settings\",\n          \"description\": \"Deploy auditing settings to SQL Database when it not exist in the deployment\"\n        }\n      },\n      \"SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database vulnerability Assessments\",\n          \"description\": \"Deploy SQL Database vulnerability Assessments when it not exist in the deployment. To the specific  storage account in the parameters\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbTdeDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbTdeDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbSecurityAlertPoliciesDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbAuditingSettingsDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbAuditingSettingsDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbVulnerabilityAssessmentsDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect')]\"\n          },\n          \"vulnerabilityAssessmentsEmail\": {\n            \"value\": \"[[parameters('vulnerabilityAssessmentsEmail')]\"\n          },\n          \"vulnerabilityAssessmentsStorageID\": {\n            \"value\": \"[[parameters('vulnerabilityAssessmentsStorageID')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#20": "{\n    \"name\": \"Enforce-Guardrails-PostgreSQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for PostgreSQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures PostgreSQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"PostgreSQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"postgreSqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/db048e65-913c-49f9-bb5f-1084184671d3\",\n                \"policyDefinitionReferenceId\": \"Dine-PostgreSql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('postgreSqlAdvThreatProtection')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#21": "{\n    \"name\": \"Enforce-Guardrails-ServiceBus\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Service Bus\",\n        \"description\": \"This policy initiative is a group of policies that ensures Service Bus is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Service Bus\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"serviceBusModifyDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDenyDisabledLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusAuthzRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Authz-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusAuthzRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebaf4f25-a4e8-415f-86a8-42d9155bef0b\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfb11c26-f069-4c14-8e36-56c394dae5af\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDenyDisabledLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/910711a6-8aa2-4f15-ae62-1e5b2ed3ef9e\",\n                \"policyDefinitionReferenceId\": \"Modify-Sb-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusModifyDisableLocalAuth')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#22": "{\n    \"name\": \"Enforce-Guardrails-SQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for SQL and SQL Managed Instance\",\n        \"description\": \"This policy initiative is a group of policies that ensures SQL and SQL Managed Instance is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"SQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"sqlManagedAadOnly\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlAadOnly\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifySqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c5a62eb0-c65a-4220-8a4d-f70dd4ca95dd\",\n                \"policyDefinitionReferenceId\": \"Dine-Sql-Managed-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abda6d70-9778-44e7-84a8-06713e6db027\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Aad-Only\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlAadOnly')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/78215662-041e-49ed-a9dd-5385911b3a1f\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Aad-Only\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedAadOnly')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6\",\n                \"policyDefinitionReferenceId\": \"Dine-Sql-Adv-Data\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b\",\n                \"policyDefinitionReferenceId\": \"Modify-Sql-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifySqlPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#23": "{\n    \"name\": \"Enforce-Guardrails-Synapse\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Synapse workspaces\",\n        \"description\": \"This policy initiative is a group of policies that ensures Synapse workspaces is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Synapse\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"synapseLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseManagedVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDataTraffic\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTenants\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseAllowedTenantIds\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"[[subscription().tenantId]\"\n                ]\n            },\n            \"synapseFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/951c1558-50a5-4ca3-abb6-a93e3e2367a6\",\n                \"policyDefinitionReferenceId\": \"Dine-Synapse-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3624673-d2ff-48e0-b28c-5de1c6767c3c\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56fd377d-098c-4f02-8406-81eb055902b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a003702-13d2-4679-941b-937e58c443f0\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tenant-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTenants')]\"\n                    },\n                    \"allowedTenantIds\": {\n                        \"value\": \"[[parameters('synapseAllowedTenantIds')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3484ce98-c0c5-4c83-994b-c5ac24785218\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Data-Traffic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDataTraffic')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d9dbfa3-927b-4cf0-9d0f-08747f971650\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Managed-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseManagedVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2158ddbe-fefa-408e-b43f-d4faef8ff3b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b5c654c-fb07-471b-aa8f-15fea733f140\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c8cad01-ef30-4891-b230-652dadb4876a\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#24": "{\n    \"name\": \"Enforce-Guardrails-VirtualDesktop\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Virtual Desktop\",\n        \"description\": \"This policy initiative is a group of policies that ensures Virtual Desktop is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Desktop Virtualization\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"avdWorkspaceModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ce6ebf1d-0b94-4df9-9257-d8cacc238b4f\",\n                \"policyDefinitionReferenceId\": \"Modify-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspaceModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0913ff-51e7-47b8-97bb-ea17127f7c8d\",\n                \"policyDefinitionReferenceId\": \"Modify-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#25": "{\n    \"name\": \"Deny-PublicPaaSEndpoints\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Public network access should be disabled for PaaS services\",\n        \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n        \"metadata\": {\n            \"version\": \"5.1.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"CosmosPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for CosmosDB\",\n                    \"description\": \"This policy denies that Cosmos database accounts  are created with out public network access is disabled.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"KeyVaultPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for KeyVault\",\n                    \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"SqlServerPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n                    \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"StoragePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access onStorage accounts should be disabled\",\n                    \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AKSPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on AKS API should be disabled\",\n                    \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"ACRPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure Container Registry disabled\",\n                    \"description\": \"This policy denies the creation of Azure Container Registries with exposed public endpoints \"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AFSPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure File Sync disabled\",\n                    \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"PostgreSQLFlexPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for PostgreSql Flexible Server\",\n                    \"description\": \"This policy denies creation of PostgreSQL Flexible DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"postgreSqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for PostgreSQL servers\",\n                    \"description\": \"This policy denies creation of PostgreSQL DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MySQLFlexPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for MySQL Flexible Server\",\n                    \"description\": \"This policy denies creation of MySql Flexible Server DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"BatchPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n                    \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MariaDbPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n                    \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MlPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Machine Learning\",\n                    \"description\": \"This policy denies creation of Azure Machine Learning with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"RedisCachePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Cache for Redis\",\n                    \"description\": \"This policy denies creation of Azure Cache for Redis with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"BotServicePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Bot Service\",\n                    \"description\": \"This policy denies creation of Bot Service with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AutomationPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Automation accounts\",\n                    \"description\": \"This policy denies creation of Automation accounts with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AppConfigPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Configuration\",\n                    \"description\": \"This policy denies creation of App Configuration with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"FunctionPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Function apps\",\n                    \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"FunctionAppSlotPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Function apps\",\n                    \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Service Environment apps\",\n                    \"description\": \"This policy denies creation of App Service Environment apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Service apps\",\n                    \"description\": \"This policy denies creation of App Service apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"ApiManPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for API Management services\",\n                    \"description\": \"This policy denies creation of API Management services with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"AuditIfNotExists\"\n            },\n            \"ContainerAppsEnvironmentDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Container Apps environment should disable public network access\",\n                    \"description\": \"This policy denies creation of Container Apps Environment with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsrVaultDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Azure Recovery Services vaults should disable public network access\",\n                    \"description\": \"This policy denies creation of Azure Recovery Services vaults with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"logicAppPublicNetworkAccessEffect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"appSlotsPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"cognitiveSearchPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"managedDiskPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmDisablePublicNetwork\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapsePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdWorkspacePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"grafanaPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/405c5871-3e91-4644-8a63-58e19d68ff5b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2982f36-99f2-4db5-8eff-283140c09693\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLFlexDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLFlexPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deny-PostgreSql-Public-Network-Access\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('postgreSqlPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLFlexDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLFlexPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MlDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/438c38d2-3772-465a-a9cc-7a6666a275ce\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MlPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisCacheDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/470baccb-7e51-4549-8b1a-3e5be069f663\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisCachePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BotServiceDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e8168db-69e3-4beb-9822-57cb59202a9d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BotServicePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AutomationDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/955a914f-bf86-4f0e-acd5-e0766b0efcb6\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AutomationPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppConfigDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3d9f5e4c-9947-4579-9539-2a7695fbc187\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppConfigPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/969ac98b-88a8-449f-883c-2e9adb123127\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionAppSlotsDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11c82d0c-db9f-4d7b-97c5-f3f9aa957da2\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppSlotPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AseDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d048aca-6479-4923-88f5-e2ac295d9af3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AsDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b5ef780-c53c-4a64-87f3-bb9c8c8094ba\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ApiManDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/df73bd95-24da-4a4f-96b9-4e8b94b402bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ApiManPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsEnvironmentDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d074ddf8-01a5-4b5e-a2b8-964aed452c0a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsEnvironmentDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/783ea2a8-b8fd-46be-896a-9ae79643a0b1\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AsrVaultDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9ebbbba3-4d65-4da9-bb67-b22cfaaff090\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsrVaultDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Public-Network-Access\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApp-Public-Network\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppPublicNetworkAccessEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/701a595d-38fb-4a66-ae6d-fb3735217622\",\n                \"policyDefinitionReferenceId\": \"Deny-AppSlots-Public\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appSlotsPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee980b6d-0eca-4501-8d54-f6290fd512c3\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8405fdab-1faf-48aa-b702-999c9c172094\",\n                \"policyDefinitionReferenceId\": \"Deny-ManagedDisk-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('managedDiskPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43bc7be6-5e69-4b0d-a2bb-e815557ca673\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1cf164be-6819-4a50-b8fa-4bcaa4f98fb6\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8f774be-6aee-492a-9e29-486ef81f3a68\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1adadefe-5f21-44f7-b931-a59b54ccdb45\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Topic-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0602787f-9896-402a-a6e1-39ee63ee435e\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/19ea9d63-adee-4431-a95e-1913c6c1c75f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PublicNetwork\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetwork')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cbd11fd3-3002-4907-b6c8-579f0e700e13\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDisablePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9dfea752-dd46-4766-aed1-c355fa93fb91\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Public-Endpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Public-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsPublicAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/38d8df46-cf4e-4073-8e03-48c24b29de0d\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapsePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ac3038-c07a-4b92-860d-29e270a4f3cd\",\n                \"policyDefinitionReferenceId\": \"Deny-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspacePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c25dcf31-878f-4eba-98eb-0818fdc6a334\",\n                \"policyDefinitionReferenceId\": \"Deny-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8775d5a-73b7-4977-a39b-833ef0114628\",\n                \"policyDefinitionReferenceId\": \"Deny-Grafana-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('grafanaPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#26": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. This policy set is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n    \"metadata\": {\n      \"deprecated\": true,\n      \"version\": \"2.2.0-deprecated\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsDestinationType\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AzureDiagnostics\",\n        \"allowedValues\": [\n          \"AzureDiagnostics\",\n          \"Dedicated\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Destination table for the Diagnostic Setting for API Management to Log Analytics workspace\",\n          \"description\": \"Destination table for the diagnostic setting for API Management to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsDestinationType\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AzureDiagnostics\",\n        \"allowedValues\": [\n          \"AzureDiagnostics\",\n          \"Dedicated\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Destination table for the Diagnostic Setting for Firewall to Log Analytics workspace\",\n          \"description\": \"Destination table for the diagnostic setting for Firewall to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Log Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Log Analytics to stream to a Log Analytics workspace when any Log Analytics workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category Audit enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AVDScalingPlansLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59759c62-9a22-4cdf-ae64-074495983fef\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountBlobServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountFileServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a70cc8-2bd4-47f1-90b6-1478e4662c96\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountQueueServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7bd000e3-37c7-4928-9f31-86c4b77c5c45\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountTableServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fb86bf3-d221-43d1-96d1-2434af34eaa0\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AVDScalingPlansLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"logAnalyticsDestinationType\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsDestinationType')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"logAnalyticsDestinationType\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsDestinationType')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#27": "{\n    \"name\": \"Deploy-MDFC-Config\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"[Deprecated]: Deploy Microsoft Defender for Cloud configuration\",\n        \"description\": \"Deploy Microsoft Defender for Cloud configuration. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html\",\n        \"metadata\": {\n            \"version\": \"7.0.0-deprecated\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"deprecated\": true,\n            \"supersededBy\": \"Deploy-MDFC-Config_20240319\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"emailSecurityContact\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Security contacts email address\",\n                    \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n                }\n            },\n            \"minimalSeverity\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"High\",\n                    \"Medium\",\n                    \"Low\"\n                ],\n                \"defaultValue\": \"High\",\n                \"metadata\": {\n                    \"displayName\": \"Minimal severity\",\n                    \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n                }\n            },\n            \"logAnalytics\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Primary Log Analytics workspace\",\n                    \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n                    \"strongType\": \"omsWorkspace\"\n                }\n            },\n            \"ascExportResourceGroupName\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n                }\n            },\n            \"ascExportResourceGroupLocation\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n                }\n            },\n            \"enableAscForCosmosDbs\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSql\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSqlOnVm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForDns\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForArm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForOssDb\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForAppServices\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForKeyVault\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForStorage\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForContainers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServersVulnerabilityAssessments\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"vulnerabilityAssessmentProvider\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"default\",\n                    \"mdeTvm\"\n                ],\n                \"defaultValue\": \"default\",\n                \"metadata\": {\n                    \"displayName\": \"Vulnerability assessment provider type\",\n                    \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n                }\n            },\n            \"enableAscForApis\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForCspm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForOssDb')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVM\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n                    },\n                    \"vaType\": {\n                        \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForAppServices')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForStorage')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforContainers\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    },\n                    \"logAnalyticsWorkspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForKeyVault')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForDns\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForDns')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForArm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForArm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSql')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForApis\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e54d2be9-5f2e-4d65-98e4-4f0e670b23d6\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForApis')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCspm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCspm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"securityEmailContact\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n                \"parameters\": {\n                    \"emailSecurityContact\": {\n                        \"value\": \"[[parameters('emailSecurityContact')]\"\n                    },\n                    \"minimalSeverity\": {\n                        \"value\": \"[[parameters('minimalSeverity')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ascExport\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n                \"parameters\": {\n                    \"resourceGroupName\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n                    },\n                    \"resourceGroupLocation\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n                    },\n                    \"workspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n                \"parameters\": {\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#28": "{\n    \"name\": \"Deploy-MDFC-Config_20240319\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n        \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Deploy-MDFC-Config\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"emailSecurityContact\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Security contacts email address\",\n                    \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n                }\n            },\n            \"minimalSeverity\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"High\",\n                    \"Medium\",\n                    \"Low\"\n                ],\n                \"defaultValue\": \"High\",\n                \"metadata\": {\n                    \"displayName\": \"Minimal severity\",\n                    \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n                }\n            },\n            \"logAnalytics\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Primary Log Analytics workspace\",\n                    \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n                    \"strongType\": \"omsWorkspace\"\n                }\n            },\n            \"ascExportResourceGroupName\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n                }\n            },\n            \"ascExportResourceGroupLocation\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n                }\n            },\n            \"enableAscForCosmosDbs\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSql\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSqlOnVm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForArm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForOssDb\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForAppServices\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForKeyVault\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForStorage\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForContainers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServersVulnerabilityAssessments\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"vulnerabilityAssessmentProvider\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"default\",\n                    \"mdeTvm\"\n                ],\n                \"defaultValue\": \"mdeTvm\",\n                \"metadata\": {\n                    \"displayName\": \"Vulnerability assessment provider type\",\n                    \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n                }\n            },\n            \"enableAscForCspm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForOssDb')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVM\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n                    },\n                    \"vaType\": {\n                        \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForAppServices')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForStorage')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforContainers\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    },\n                    \"logAnalyticsWorkspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForKeyVault')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForArm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForArm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSql')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCspm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCspm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"securityEmailContact\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n                \"parameters\": {\n                    \"emailSecurityContact\": {\n                        \"value\": \"[[parameters('emailSecurityContact')]\"\n                    },\n                    \"minimalSeverity\": {\n                        \"value\": \"[[parameters('minimalSeverity')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ascExport\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n                \"parameters\": {\n                    \"resourceGroupName\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n                    },\n                    \"resourceGroupLocation\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n                    },\n                    \"workspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n                \"parameters\": {\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#29": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"2.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDatabricksPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDatabricksPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureHDInsightPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureHDInsightPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMigratePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMigratePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueuePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueuePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueueSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueueSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesKeyPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesKeyPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesLivePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesLivePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesStreamPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesStreamPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBotServicePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBotServicePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureManagedGrafanaWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureManagedGrafanaWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotDeviceupdatePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotDeviceupdatePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcGuestconfigurationPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcGuestconfigurationPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcHybridResourceProviderPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcHybridResourceProviderPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcKubernetesConfigurationPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcKubernetesConfigurationPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotCentralPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotCentralPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Databricks-UI-Api\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDatabricksPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"databricks_ui_api\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Databricks-Browser-AuthN\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDatabricksPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"browser_authentication\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Migrate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7590a335-57cf-4c95-babd-ecbc8fafeb1f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMigratePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Key\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesKeyPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"keydelivery\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Live\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesLivePrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"liveevent\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Stream\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesStreamPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"streamingendpoint\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Web\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-BotService\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a4e6f44-f2af-4082-9702-033c9e88b9f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBotServicePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ManagedGrafanaWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4c8537f8-cd1b-49ec-b704-18e82a42fd58\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureManagedGrafanaWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTDeviceupdate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a222b93a-e6c2-4c01-817f-21e092455b2a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotDeviceupdatePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Arc\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55c4db33-97b0-437b-8469-c4f4498f5df9\",\n        \"parameters\":{\n          \"privateDnsZoneIDForGuestConfiguration\": {\n            \"value\": \"[[parameters('azureArcGuestconfigurationPrivateDnsZoneId')]\"\n          },\n          \"privateDnsZoneIDForHybridResourceProvider\": {\n            \"value\": \"[[parameters('azureArcHybridResourceProviderPrivateDnsZoneId')]\"\n          },\n          \"privateDnsZoneIDForKubernetesConfiguration\": {\n            \"value\": \"[[parameters('azureArcKubernetesConfigurationPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTCentral\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d627d7c6-ded5-481a-8f2e-7e16b1e6faf6\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotCentralPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#3": "{\n  \"name\": \"Deploy-Sql-Security_20240529\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy SQL Database built-in SQL security configuration\",\n    \"description\": \"Deploy auditing, Alert, TDE and SQL vulnerability to SQL Databases when it not exist in the deployment\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"SQL\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"replacesPolicy\": \"Deploy-Sql-Security\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"vulnerabilityAssessmentsEmail\": {\n        \"metadata\": {\n          \"description\": \"The email address to send alerts\",\n          \"displayName\": \"The email address to send alerts\"\n        },\n        \"type\": \"Array\"\n      },\n      \"vulnerabilityAssessmentsStorageID\": {\n        \"metadata\": {\n          \"description\": \"The storage account ID to store assessments\",\n          \"displayName\": \"The storage account ID to store assessments\"\n        },\n        \"type\": \"String\"\n      },\n      \"SqlDbTdeDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database Transparent Data Encryption \",\n          \"description\": \"Deploy the Transparent Data Encryption when it is not enabled in the deployment\"\n        }\n      },\n      \"SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database security Alert Policies configuration with email admin accounts\",\n          \"description\": \"Deploy the security Alert Policies configuration with email admin accounts when it not exist in current configuration\"\n        }\n      },\n      \"SqlDbAuditingSettingsDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL database auditing settings\",\n          \"description\": \"Deploy auditing settings to SQL Database when it not exist in the deployment\"\n        }\n      },\n      \"SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database vulnerability Assessments\",\n          \"description\": \"Deploy SQL Database vulnerability Assessments when it not exist in the deployment. To the specific  storage account in the parameters\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbTdeDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbTdeDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbSecurityAlertPoliciesDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbAuditingSettingsDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbAuditingSettingsDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbVulnerabilityAssessmentsDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments_20230706\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect')]\"\n          },\n          \"vulnerabilityAssessmentsEmail\": {\n            \"value\": \"[[parameters('vulnerabilityAssessmentsEmail')]\"\n          },\n          \"vulnerabilityAssessmentsStorageID\": {\n            \"value\": \"[[parameters('vulnerabilityAssessmentsStorageID')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#30": "{\n    \"name\": \"Enforce-Encryption-CMK\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n        \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n        \"metadata\": {\n            \"version\": \"3.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"ACRCmkEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"AksCmkEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n                    \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"WorkspaceCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n                    \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n                }\n            },\n            \"CognitiveServicesCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n                    \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n                }\n            },\n            \"CosmosCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n                }\n            },\n            \"DataBoxCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n                    \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n                }\n            },\n            \"StreamAnalyticsCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n                    \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n                }\n            },\n            \"SynapseWorkspaceCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n                }\n            },\n            \"StorageCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n                    \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n                }\n            },\n            \"MySQLCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n                }\n            },\n            \"PostgreSQLCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n                }\n            },\n            \"SqlServerTDECMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n                }\n            },\n            \"HealthcareAPIsCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"audit\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure API for FHIR should use a customer-managed key (CMK) to encrypt data at rest\",\n                    \"description\": \"Use a customer-managed key to control the encryption at rest of the data stored in Azure API for FHIR when this is a regulatory or compliance requirement. Customer-managed keys also deliver double encryption by adding a second layer of encryption on top of the default one done with service-managed keys.\"\n                }\n            },\n            \"AzureBatchCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n                    \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n                }\n            },\n            \"EncryptedVMDisksEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Disk encryption should be applied on virtual machines\",\n                    \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n                }\n            },\n            \"AutomationAccountCmkEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"BackupCmkEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveSearchCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"osAndDataDiskCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerInstanceCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubPremiumCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDenyCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedCmk\": {\n              \"type\": \"string\",\n              \"defaultValue\": \"Deny\",\n              \"allowedValues\": [\n                  \"Audit\",\n                  \"Deny\",\n                  \"Disabled\"\n              ]\n            },\n            \"storageTableCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsEncryptionCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageQueueCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ACRCmkEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AksCmkEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CosmosCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"HealthcareAPIsCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('HealthcareAPIsCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56a5ee18-2ae6-4810-86f7-18e39ce5629b\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AutomationAccountCmkEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2e94d99a-8a36-4563-bc77-810d8893b671\",\n                \"policyDefinitionReferenceId\": \"Deny-Backup-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BackupCmkEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/76a56461-9dc0-40f0-82f5-2453283afa2f\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/702dd420-7fcc-42c5-afe8-4026edd20fe0\",\n                \"policyDefinitionReferenceId\": \"Deny-OsAndDataDisk-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('osAndDataDiskCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0aa61e00-0a01-4a3c-9945-e93cffedf0e6\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerInstance-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerInstanceCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/81e74cea-30fd-40d5-802f-d72103c2aaaa\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec52d6d-beb7-40c4-9a9e-fe753254690e\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1ad735a-e96f-45d2-a7b2-9a4932cab7ec\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-Premium-CMK\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Premium-CMK\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubPremiumCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/295fc8b1-dc9f-4f53-9c61-3f313ceab40a\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDenyCmk')]\"\n                    }\n                }\n            },\n            {\n              \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac01ad65-10e5-46df-bdd9-6b0cad13e1d2\",\n              \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Cmk\",\n              \"groupNames\": [],\n              \"parameters\": {\n                  \"effect\": {\n                      \"value\": \"[[parameters('sqlManagedCmk')]\"\n                  }\n              }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c322315-e26d-4174-a99e-f49d351b4688\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Table-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageTableCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5ec538c-daa0-4006-8596-35468b9148e8\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Encryption-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsEncryptionCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e5abd0-2554-4736-b7c0-4ffef23475ef\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Queue-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageQueueCmk')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#31": "{\n    \"name\": \"Enforce-ACSB\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce Azure Compute Security Benchmark compliance auditing\",\n        \"description\": \"Enforce Azure Compute Security Benchmark compliance auditing for Windows and Linux virtual machines.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Guest Configuration\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"includeArcMachines\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"true\",\n                    \"false\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Include Arc connected servers\",\n                    \"description\": \"By selecting this option, you agree to be charged monthly per Arc connected machine.\"\n                },\n                \"defaultValue\": \"true\"\n            },\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"AuditIfNotExists\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"GcIdentity\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"GcLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"GcWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WinAcsb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/72650e9f-97bc-4b2a-ab5f-9781a9fcecbc\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"IncludeArcMachines\": {\n                        \"value\": \"[[parameters('includeArcMachines')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"LinAcsb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"IncludeArcMachines\": {\n                        \"value\": \"[[parameters('includeArcMachines')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#32": "{\n  \"name\": \"Deploy-MDFC-DefenderSQL-AMA\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Configure SQL VM and Arc-enabled SQL Servers to install Microsoft Defender for SQL and AMA with a user-defined LAW\",\n    \"description\": \"Initiative is deprecated as the built-in initiative now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/de01d381-bae9-4670-8870-786f89f49e26.html\",\n    \"metadata\": {\n      \"version\": \"1.0.1-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"de01d381-bae9-4670-8870-786f89f49e26\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      },\n      \"userWorkspaceResourceId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace Resource Id\",\n          \"description\": \"Workspace resource Id of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n        \"type\": \"Boolean\",\n        \"metadata\": {\n          \"displayName\": \"Enable collection of SQL queries for security research\",\n          \"description\": \"Enable or disable the collection of SQL queries for security research.\"\n        },\n        \"allowedValues\": [\n          true,\n          false\n        ],\n        \"defaultValue\": false\n      },\n      \"identityResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Identity Resource Group\",\n          \"description\": \"The name of the resource group created by the policy.\"\n        },\n        \"defaultValue\": \"\"\n      },\n      \"userAssignedIdentityName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"User Assigned Managed Identity Name\",\n          \"description\": \"The name of the user assigned managed identity.\"\n        },\n        \"defaultValue\": \"\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcAma\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3592ff98-9787-443a-af59-4505d0fe0786\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcMdsql\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65503269-6a54-4553-8a28-0065a8e6d929\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcMdsqlDcr\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-Arc-Sql-DefenderSQL-DCR\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"userWorkspaceResourceId\": {\n            \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n            \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcDcrAssociation\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-Arc-SQL-DCR-Association\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlAma\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-AMA\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"identityResourceGroup\": {\n            \"value\": \"[[parameters('identityResourceGroup')]\"\n          },\n          \"userAssignedIdentityName\": {\n            \"value\": \"[[parameters('userAssignedIdentityName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlMdsql\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-DefenderSQL\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlMdsqlDcr\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-DefenderSQL-DCR\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"Disabled\"\n          },\n          \"userWorkspaceResourceId\": {\n            \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n            \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
-    "$fxv#33": "{\n    \"name\": \"Enforce-Backup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce enhanced recovery and backup policies\",\n        \"description\": \"Enforce enhanced recovery and backup policies on assigned scopes.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Backup\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"version\": \"1.0.0\",\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"checkLockedImmutabilityOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"checkLockedImmutabilityOnly\",\n                    \"description\": \"This parameter checks if Immutability is locked for Backup Vaults in scope. Selecting 'true' will mark only vaults with Immutability 'Locked' as compliant. Selecting 'false' will mark vaults that have Immutability either 'Enabled' or 'Locked' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            },\n            \"checkAlwaysOnSoftDeleteOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"CheckAlwaysOnSoftDeleteOnly\",\n                    \"description\": \"This parameter checks if Soft Delete is 'Locked' for Backup Vaults in scope. Selecting 'true' will mark only vaults with Soft Delete 'AlwaysOn' as compliant. Selecting 'false' will mark vaults that have Soft Delete either 'On' or 'AlwaysOn' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2514263b-bc0d-4b06-ac3e-f262c0979018\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabiltyOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6f6f560-14b7-49a4-9fc8-d2c3a9807868\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabilityOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-SoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9798d31d-6028-4dee-8643-46102185c016\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkAlwaysOnSoftDeleteOnly\": {\n                        \"value\": \"[[parameters('checkAlwaysOnSoftDeleteOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-SoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/31b8092a-36b8-434b-9af7-5ec844364148\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkAlwaysOnSoftDeleteOnly\": {\n                        \"value\": \"[[parameters('checkAlwaysOnSoftDeleteOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-MUA\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c58e083e-7982-4e24-afdc-be14d312389e\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-MUA\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c7031eab-0fc0-4cd9-acd0-4497bd66d91a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#34": "{\n    \"name\": \"Enforce-ALZ-Decomm\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"Enforce policies in the Decommissioned Landing Zone\",\n      \"description\": \"Enforce policies in the Decommissioned Landing Zone.\",\n      \"metadata\": {\n        \"version\": \"1.0.0\",\n        \"category\": \"Decommissioned\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"alzCloudEnvironments\": [ \n          \"AzureCloud\"\n        ]\n      },\n      \"parameters\": {\n        \"listOfResourceTypesAllowed\":{\n          \"type\": \"Array\",\n          \"defaultValue\": [],\n          \"metadata\": {\n            \"displayName\": \"Allowed resource types in the Decommissioned landing zone\",\n            \"description\": \"Allowed resource types in the Decommissioned landing zone, default is none.\",\n            \"strongType\": \"resourceTypes\"\n          }\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"DecomDenyResources\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\n          \"parameters\": {\n            \"listOfResourceTypesAllowed\": {\n              \"value\": \"[[parameters('listOfResourceTypesAllowed')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n            \"policyDefinitionReferenceId\": \"DecomShutdownMachines\",\n            \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown\",\n            \"parameters\": {},\n            \"groupNames\": []\n          }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }\n  ",
-    "$fxv#35": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\n                \"policyDefinitionReferenceId\": \"Dine-Storage-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#36": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-Sup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce additional recommended guardrails for Key Vault\",\n        \"description\": \"This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"keyVaultManagedHsmDisablePublicNetworkModify\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultModifyFw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84d327c3-164a-4685-b453-900478614456\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetworkModify')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-Fw\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultModifyFw')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#37": "{\n    \"name\": \"Enforce-EncryptTransit\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n      \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_20240509.html\",\n      \"metadata\": {\n        \"version\": \"2.1.0-deprecated\",\n        \"category\": \"Encryption\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"deprecated\": true,\n        \"supersededBy\": \"Enforce-EncryptTransit_20240509\",\n        \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n        ]\n      },\n      \"parameters\": {\n        \"AppServiceHttpEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n            \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceTlsVersionEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n            \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n            \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n          }\n        },\n        \"APIAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"FunctionLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"FunctionServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"WebAppServiceLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"WebAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"AKSIngressHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n            \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"deny\",\n          \"allowedValues\": [\n            \"audit\",\n            \"deny\",\n            \"disabled\"\n          ]\n        },\n        \"MySQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"MySQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n            \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"MySQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"PostgreSQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"PostgreSQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n            \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"PostgreSQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"RedisTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"RedisMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n            \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n          }\n        },\n        \"RedisTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n            \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"SQLManagedInstanceTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLManagedInstanceMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n            \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n          }\n        },\n        \"SQLManagedInstanceTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"SQLServerTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLServerminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n            \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n          }\n        },\n        \"SQLServerTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"StorageDeployHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"StorageminimumTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_1\",\n            \"TLS1_0\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Storage Account select minimum TLS version\",\n            \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n          }\n        },\n        \"StorageHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"ContainerAppsHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n            \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Deny\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n            },\n            \"minTlsVersion\": {\n              \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }",
-    "$fxv#38": "{\n    \"name\": \"Enforce-EncryptTransit_20240509\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"ContainerAppsHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n                    \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#39": "{\n    \"name\": \"Enforce-Guardrails-ContainerApps\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Apps\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerAppsManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsVnetInjection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b346db6-85af-419b-8557-92cee2c0f9bb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApp-Vnet-Injection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsVnetInjection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsManagedIdentity')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#4": "{\n    \"name\": \"Enforce-ALZ-Sandbox\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce policies in the Sandbox Landing Zone\",\n        \"description\": \"Enforce policies in the Sandbox Landing Zone.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Sandbox\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"listOfResourceTypesNotAllowed\": {\n                \"type\": \"Array\",\n                \"defaultValue\": [],\n                \"metadata\": {\n                    \"displayName\": \"Not allowed resource types in the Sandbox landing zone\",\n                    \"description\": \"Not allowed resource types in the Sandbox landing zone, default is none.\",\n                    \"strongType\": \"resourceTypes\"\n                }\n            },\n            \"effectNotAllowedResources\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectDenyVnetPeering\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"SandboxNotAllowed\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectNotAllowedResources')]\"\n                      },\n                    \"listOfResourceTypesNotAllowed\": {\n                        \"value\": \"[[parameters('listOfResourceTypesNotAllowed')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SandboxDenyVnetPeering\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peer-Cross-Sub\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectDenyVnetPeering')]\"\n                      }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#40": "{\n    \"name\": \"Enforce-Guardrails-KeyVault\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultManagedHsmCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsPurgeProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86810a98-8e91-4a44-8386-ec66d0de5d57\",\n                \"policyDefinitionReferenceId\": \"Deny-keyVaultManagedHsm-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PurgeProtection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsPurgeProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#41": "{\n    \"name\": \"Enforce-Guardrails-Automation\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"autoHotPatch\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d02d2f7-e38b-4bdc-96f3-adc0a8726abc\",\n                \"policyDefinitionReferenceId\": \"Deny-Windows-Vm-HotPatch\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('autoHotPatch')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#42": "{\n    \"name\": \"Enforce-Guardrails-MySQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlInfraEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#43": "{\n    \"name\": \"Enforce-Guardrails-Network\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableIDPS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafAfdEnabled\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Afd-Enabled\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafAfdEnabled')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-IDPS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableIDPS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#44": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbAtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656\",\n                \"policyDefinitionReferenceId\": \"Dine-CosmosDb-Atp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbAtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#45": "{\n  \"name\": \"Deny-PublicPaaSEndpoints-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registries with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-KeyVaultPaasPublicIP\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AFSPaasPublicIP\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#46": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
-    "$fxv#47": "{\n  \"name\": \"Deploy-MDFC-Config-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#48": "{\n  \"name\": \"Enforce-Encryption-CMK-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"MySQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"PostgreSQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#49": "{\n  \"name\": \"Deploy-Private-DNS-Zones-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#5": "{\n    \"name\": \"DenyAction-DeleteProtection\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"DenyAction Delete - Activity Log Settings and Diagnostic Settings\",\n        \"description\": \"Enforces DenyAction - Delete on Activity Log Settings and Diagnostic Settings.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Monitoring\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {},\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-DiagnosticSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-ActivityLogSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#50": "{\n    \"name\": \"Enforce-Guardrails-Storage-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#51": "{\n    \"name\": \"Enforce-EncryptTransit_20240509-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#52": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#53": "{\n    \"name\": \"Enforce-Guardrails-Automation-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#54": "{\n    \"name\": \"Enforce-Guardrails-MySQL-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#55": "{\n    \"name\": \"Enforce-Guardrails-Network-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#56": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#57": "{\n  \"name\": \"Deny-PublicPaaSEndpoints\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that  Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registires with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicEndpoint-MariaDB\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#58": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
-    "$fxv#59": "{\n  \"name\": \"Deploy-MDFC-Config\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForDns\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForArm\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForStorage\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForStorageAccounts\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c30959-af11-47b3-9ed2-a26e03f427a3\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForStorage')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForDns\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForDns')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForArm\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForArm')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#6": "{\n    \"name\": \"Deploy-AUM-CheckUpdates\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Configure periodic checking for missing system updates on azure virtual machines and Arc-enabled virtual machines\",\n        \"description\": \"Configure auto-assessment (every 24 hours) for OS updates. You can control the scope of assignment according to machine subscription, resource group, location or tag. Learn more about this for Windows: https://aka.ms/computevm-windowspatchassessmentmode, for Linux: https://aka.ms/computevm-linuxpatchassessmentmode.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"assessmentMode\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Assessment mode\",\n                    \"description\": \"Assessment mode for the machines.\"\n                },\n                \"allowedValues\": [\n                    \"ImageDefault\",\n                    \"AutomaticByPlatform\"\n                ],\n                \"defaultValue\": \"AutomaticByPlatform\"\n            },\n            \"locations\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Machines locations\",\n                    \"description\": \"The list of locations from which machines need to be targeted.\",\n                    \"strongType\": \"location\"\n                },\n                \"defaultValue\": []\n            },\n            \"tagValues\": {\n                \"type\": \"Object\",\n                \"metadata\": {\n                    \"displayName\": \"Tags on machines\",\n                    \"description\": \"The list of tags that need to matched for getting target machines.\"\n                },\n                \"defaultValue\": {}\n            },\n            \"tagOperator\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Tag operator\",\n                    \"description\": \"Matching condition for resource tags\"\n                },\n                \"allowedValues\": [\n                    \"All\",\n                    \"Any\"\n                ],\n                \"defaultValue\": \"Any\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmCheckUpdateWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Windows\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmCheckUpdateLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Linux\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmArcCheckUpdateWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfea026e-043f-4ff4-9d1b-bf301ca7ff46\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Windows\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmArcCheckUpdateLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfea026e-043f-4ff4-9d1b-bf301ca7ff46\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Linux\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#60": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
-    "$fxv#61": "{\n  \"name\": \"Enforce-Encryption-CMK\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#62": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\n                \"policyDefinitionReferenceId\": \"Dine-Storage-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#63": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-Sup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce additional recommended guardrails for Key Vault\",\n        \"description\": \"This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"keyVaultManagedHsmDisablePublicNetworkModify\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultModifyFw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84d327c3-164a-4685-b453-900478614456\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetworkModify')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-Fw\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultModifyFw')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#64": "{\n    \"name\": \"Enforce-EncryptTransit\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n      \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_20240509.html\",\n      \"metadata\": {\n        \"version\": \"2.1.0-deprecated\",\n        \"category\": \"Encryption\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"deprecated\": true,\n        \"supersededBy\": \"Enforce-EncryptTransit_20240509\",\n        \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n        ]\n      },\n      \"parameters\": {\n        \"AppServiceHttpEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n            \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceTlsVersionEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n            \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n            \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n          }\n        },\n        \"APIAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"FunctionLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"FunctionServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"WebAppServiceLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"WebAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"AKSIngressHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n            \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"deny\",\n          \"allowedValues\": [\n            \"audit\",\n            \"deny\",\n            \"disabled\"\n          ]\n        },\n        \"MySQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"MySQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n            \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"MySQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"PostgreSQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"PostgreSQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n            \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"PostgreSQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"RedisTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"RedisMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n            \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n          }\n        },\n        \"RedisTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n            \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"SQLManagedInstanceTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLManagedInstanceMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n            \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n          }\n        },\n        \"SQLManagedInstanceTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"SQLServerTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLServerminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n            \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n          }\n        },\n        \"SQLServerTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"StorageDeployHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"StorageminimumTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_1\",\n            \"TLS1_0\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Storage Account select minimum TLS version\",\n            \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n          }\n        },\n        \"StorageHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"ContainerAppsHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n            \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Deny\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n            },\n            \"minTlsVersion\": {\n              \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }",
-    "$fxv#65": "{\n    \"name\": \"Enforce-EncryptTransit_20240509\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"ContainerAppsHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n                    \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#66": "{\n    \"name\": \"Enforce-Guardrails-ContainerApps\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Apps\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerAppsManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsVnetInjection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b346db6-85af-419b-8557-92cee2c0f9bb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApp-Vnet-Injection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsVnetInjection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsManagedIdentity')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#67": "{\n    \"name\": \"Enforce-Guardrails-KeyVault\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultManagedHsmCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsPurgeProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86810a98-8e91-4a44-8386-ec66d0de5d57\",\n                \"policyDefinitionReferenceId\": \"Deny-keyVaultManagedHsm-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PurgeProtection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsPurgeProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#68": "{\n    \"name\": \"Enforce-Guardrails-Automation\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"autoHotPatch\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d02d2f7-e38b-4bdc-96f3-adc0a8726abc\",\n                \"policyDefinitionReferenceId\": \"Deny-Windows-Vm-HotPatch\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('autoHotPatch')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#69": "{\n    \"name\": \"Enforce-Guardrails-MySQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlInfraEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#7": "{\n    \"name\": \"Enforce-Guardrails-APIM\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for API Management\",\n        \"description\": \"This policy initiative is a group of policies that ensures API Management is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"API Management\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"apiSubscriptionScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"minimumApiVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimSkuVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimApiBackendCertValidation\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimDirectApiEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimCallApiAuthn\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimEncryptedProtocols\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimVnetUsage\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimSecrets\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f1cc7827-022c-473e-836e-5a51cae0b249\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-without-Kv\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimSecrets')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ef619a2c-cc4d-4d03-b2ba-8c94a834d85b\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-without-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimVnetUsage')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-APIM-TLS\",\n                \"policyDefinitionReferenceId\": \"Deny-APIM-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee7495e7-3ba7-40b6-bfee-c29e22cc75d4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Protocols\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimEncryptedProtocols')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c15dcc82-b93c-4dcb-9332-fbf121685b54\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Authn\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimCallApiAuthn')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b741306c-968e-4b67-b916-5675e5c709f4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Direct-Endpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimDirectApiEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92bb331d-ac71-416a-8c91-02f2cb734ce4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Cert-Validation\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimApiBackendCertValidation')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ca8c8ac-3a6e-493d-99ba-c5fa35347ff2\",\n                \"policyDefinitionReferenceId\": \"Dine-Apim-Public-NetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimDisablePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/73ef9241-5d81-4cd4-b483-8443d1730fe5\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Sku-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimSkuVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/549814b6-3212-4203-bdc8-1548d342fb67\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('minimumApiVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3aa03346-d8c5-4994-a5bc-7652c2a2aef1\",\n                \"policyDefinitionReferenceId\": \"Deny-Api-subscription-scope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apiSubscriptionScope')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#70": "{\n    \"name\": \"Enforce-Guardrails-Network\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableIDPS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafAfdEnabled\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Afd-Enabled\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafAfdEnabled')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-IDPS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableIDPS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#71": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbAtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656\",\n                \"policyDefinitionReferenceId\": \"Dine-CosmosDb-Atp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbAtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#8": "{\n    \"name\": \"Enforce-Guardrails-AppServices\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for App Service\",\n        \"description\": \"This policy initiative is a group of policies that ensures App Service is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"App Service\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"functionAppDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceSkuPl\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceDisableLocalAuthFtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceRouting\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceScmAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceRfc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsRfc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsVnetRouting\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceEnvLatestVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsRemoteDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsRemoteDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceByoc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsModifyHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppService-without-BYOC\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Byoc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceByoc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a5e3fe8f-f6cd-4f1d-bbf6-c749754a724b\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Remote-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsRemoteDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cca5adfe-626b-4cc6-8522-f5b6ed2391bd\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Remote-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsRemoteDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eb4d34ab-0929-491c-bbf3-61e13da19f9a\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Latest-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceEnvLatestVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/801543d1-1953-4a90-b8b0-8cf6d41473a5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Vnet-Routing\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsVnetRouting')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f5c0bfb3-acea-47b1-b477-b0edcdf6edc1\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Rfc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceRfc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a691eacb-474d-47e4-b287-b4813ca44222\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServiceApps-Rfc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsRfc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/70adbb40-e092-42d5-a6f8-71c540a5efdb\",\n                \"policyDefinitionReferenceId\": \"DINE-FuncApp-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e97b776-f380-4722-a9a3-e7f0be029e79\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-ScmAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceScmAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5747353b-1ca9-42c1-a4dd-b874b894f3d4\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-Routing\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceRouting')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/572e342c-c920-4ef5-be2e-1ed3c6a51dc5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-FtpAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceDisableLocalAuthFtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/546fe8d2-368d-4029-a418-6af48a7f61e5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-SkuPl\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceSkuPl')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2c034a29-2a5f-4857-b120-f800fe5549ae\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceDisableLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a5046c-c423-4805-9235-e844ae9ef49b\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08cf2974-d178-48a0-b26d-f6b8e555748b\",\n                \"policyDefinitionReferenceId\": \"Modify-Function-Apps-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsModifyHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0f98368e-36bc-4716-8ac2-8f8067203b63\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/242222f3-4985-4e99-b5ef-086d6a6cb01c\",\n                \"policyDefinitionReferenceId\": \"Modify-Function-Apps-Slots-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2374605e-3e0b-492b-9046-229af202562c\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-Apps-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c6c3e00e-d414-4ca4-914f-406699bb8eee\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-App-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#9": "{\n    \"name\": \"Enforce-Guardrails-CognitiveServices\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cognitive Services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cognitive Services is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cognitiveSearchSku\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveSearchLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyCognitiveSearchLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyCognitiveSearchPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a049bf77-880b-470f-ba6d-9f21c530cf83\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-SKU\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchSku')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6300012e-e9a4-4649-b41f-a85f5c43be91\",\n                \"policyDefinitionReferenceId\": \"Deny-CongitiveSearch-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4eb216f2-9dba-4979-86e6-5d7e63ce3b75\",\n                \"policyDefinitionReferenceId\": \"Modify-CogntiveSearch-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyCognitiveSearchLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9cee519f-d9c1-4fd9-9f79-24ec3449ed30\",\n                \"policyDefinitionReferenceId\": \"Modify-CogntiveSearch-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyCognitiveSearchPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47ba1dd7-28d9-4b07-a8d5-9813bed64e0c\",\n                \"policyDefinitionReferenceId\": \"Modify-Cognitive-Services-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "cloudEnv": "[environment().name]",
-    "defaultDeploymentLocationByCloudType": {
-      "AzureCloud": "northeurope",
-      "AzureChinaCloud": "chinanorth3",
-      "AzureUSGovernment": "usgovvirginia"
-    },
-    "templateVars": {
-      "scope": "/providers/Microsoft.Management/managementGroups/contoso",
-      "defaultDeploymentLocation": "\"location\": \"northeurope\"",
-      "localizedDeploymentLocation": "[format('\"location\": \"{0}\"', variables('defaultDeploymentLocationByCloudType')[variables('cloudEnv')])]"
-    },
-    "loadPolicySetDefinitions": {
-      "All": [
-        "[variables('$fxv#0')]",
-        "[variables('$fxv#1')]",
-        "[variables('$fxv#2')]",
-        "[variables('$fxv#3')]",
-        "[variables('$fxv#4')]",
-        "[variables('$fxv#5')]",
-        "[variables('$fxv#6')]",
-        "[variables('$fxv#7')]",
-        "[variables('$fxv#8')]",
-        "[variables('$fxv#9')]",
-        "[variables('$fxv#10')]",
-        "[variables('$fxv#11')]",
-        "[variables('$fxv#12')]",
-        "[variables('$fxv#13')]",
-        "[variables('$fxv#14')]",
-        "[variables('$fxv#15')]",
-        "[variables('$fxv#16')]",
-        "[variables('$fxv#17')]",
-        "[variables('$fxv#18')]",
-        "[variables('$fxv#19')]",
-        "[variables('$fxv#20')]",
-        "[variables('$fxv#21')]",
-        "[variables('$fxv#22')]",
-        "[variables('$fxv#23')]",
-        "[variables('$fxv#24')]"
-      ],
-      "AzureCloud": [
-        "[variables('$fxv#25')]",
-        "[variables('$fxv#26')]",
-        "[variables('$fxv#27')]",
-        "[variables('$fxv#28')]",
-        "[variables('$fxv#29')]",
-        "[variables('$fxv#30')]",
-        "[variables('$fxv#31')]",
-        "[variables('$fxv#32')]",
-        "[variables('$fxv#33')]",
-        "[variables('$fxv#34')]",
-        "[variables('$fxv#35')]",
-        "[variables('$fxv#36')]",
-        "[variables('$fxv#37')]",
-        "[variables('$fxv#38')]",
-        "[variables('$fxv#39')]",
-        "[variables('$fxv#40')]",
-        "[variables('$fxv#41')]",
-        "[variables('$fxv#42')]",
-        "[variables('$fxv#43')]",
-        "[variables('$fxv#44')]"
-      ],
-      "AzureChinaCloud": [
-        "[variables('$fxv#45')]",
-        "[variables('$fxv#46')]",
-        "[variables('$fxv#47')]",
-        "[variables('$fxv#48')]",
-        "[variables('$fxv#49')]",
-        "[variables('$fxv#50')]",
-        "[variables('$fxv#51')]",
-        "[variables('$fxv#52')]",
-        "[variables('$fxv#53')]",
-        "[variables('$fxv#54')]",
-        "[variables('$fxv#55')]",
-        "[variables('$fxv#56')]"
-      ],
-      "AzureUSGovernment": [
-        "[variables('$fxv#57')]",
-        "[variables('$fxv#58')]",
-        "[variables('$fxv#59')]",
-        "[variables('$fxv#60')]",
-        "[variables('$fxv#61')]",
-        "[variables('$fxv#62')]",
-        "[variables('$fxv#63')]",
-        "[variables('$fxv#64')]",
-        "[variables('$fxv#65')]",
-        "[variables('$fxv#66')]",
-        "[variables('$fxv#67')]",
-        "[variables('$fxv#68')]",
-        "[variables('$fxv#69')]",
-        "[variables('$fxv#70')]",
-        "[variables('$fxv#71')]"
-      ]
-    },
-    "policySetDefinitionsByCloudType": {
-      "All": "[variables('policySetDefinitionsAll')]",
-      "AzureCloud": "[variables('policySetDefinitionsAzureCloud')]",
-      "AzureChinaCloud": "[variables('policySetDefinitionsAzureChinaCloud')]",
-      "AzureUSGovernment": "[variables('policySetDefinitionsAzureUSGovernment')]"
-    },
-    "policySetDefinitions": "[concat(variables('policySetDefinitionsByCloudType').All, variables('policySetDefinitionsByCloudType')[variables('cloudEnv')])]"
-  },
-  "resources": [
-    {
-      "copy": {
-        "name": "PolicySetDefinitions",
-        "count": "[length(variables('policySetDefinitions'))]"
-      },
-      "type": "Microsoft.Authorization/policySetDefinitions",
-      "apiVersion": "2020-09-01",
-      "name": "[variables('policySetDefinitions')[copyIndex()].name]",
-      "properties": {
-        "description": "[variables('policySetDefinitions')[copyIndex()].properties.description]",
-        "displayName": "[variables('policySetDefinitions')[copyIndex()].properties.displayName]",
-        "metadata": "[variables('policySetDefinitions')[copyIndex()].properties.metadata]",
-        "parameters": "[variables('policySetDefinitions')[copyIndex()].properties.parameters]",
-        "policyType": "[variables('policySetDefinitions')[copyIndex()].properties.policyType]",
-        "policyDefinitions": "[variables('policySetDefinitions')[copyIndex()].properties.policyDefinitions]",
-        "policyDefinitionGroups": "[variables('policySetDefinitions')[copyIndex()].properties.policyDefinitionGroups]"
-      }
-    }
-  ],
-  "outputs": {
-    "policySetDefinitionNames": {
-      "type": "array",
-      "copy": {
-        "count": "[length(variables('policySetDefinitions'))]",
-        "input": "[variables('policySetDefinitions')[copyIndex()].name]"
-      }
-    }
-  }
-}
\ No newline at end of file

From 7686bea9d2e3729570610e5a0f5a3db0b97b8547 Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Tue, 6 Aug 2024 15:44:01 +0800
Subject: [PATCH 20/43] Fix policyset definition for mooncake

---
 ...loy-Private-DNS-Zones.AzureChinaCloud.json | 107 +++++++++++++++++-
 ...e-Guardrails-KeyVault.AzureChinaCloud.json |  57 ----------
 ...ce-Guardrails-Network.AzureChinaCloud.json |  19 ----
 3 files changed, 101 insertions(+), 82 deletions(-)

diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json
index 2162328030..86a36231d3 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json
@@ -115,6 +115,87 @@
           "description": "Private DNS Zone Identifier"
         }
       },
+      "azureStorageBlobPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureStorageBlobPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureStorageBlobSecPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureStorageBlobSecPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureStorageQueuePrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureStorageQueuePrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureStorageQueueSecPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureStorageQueueSecPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureStorageFilePrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureStorageFilePrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureStorageStaticWebPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureStorageStaticWebPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureStorageStaticWebSecPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureStorageStaticWebSecPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureStorageDFSPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureStorageDFSPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureStorageDFSSecPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureStorageDFSSecPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
       "azureSynapseSQLPrivateDnsZoneId": {
         "type": "string",
         "defaultValue": "",
@@ -187,33 +268,34 @@
           "description": "Private DNS Zone Identifier"
         }
       },
-      "azureBatchPrivateDnsZoneId": {
+      "azureWebPrivateDnsZoneId": {
         "type": "string",
         "defaultValue": "",
         "metadata": {
-          "displayName": "azureBatchPrivateDnsZoneId",
+          "displayName": "azureWebPrivateDnsZoneId",
           "strongType": "Microsoft.Network/privateDnsZones",
           "description": "Private DNS Zone Identifier"
         }
       },
-      "azureAppPrivateDnsZoneId": {
+      "azureBatchPrivateDnsZoneId": {
         "type": "string",
         "defaultValue": "",
         "metadata": {
-          "displayName": "azureAppPrivateDnsZoneId",
+          "displayName": "azureBatchPrivateDnsZoneId",
           "strongType": "Microsoft.Network/privateDnsZones",
           "description": "Private DNS Zone Identifier"
         }
       },
-      "azureAsrPrivateDnsZoneId": {
+      "azureAppPrivateDnsZoneId": {
         "type": "string",
         "defaultValue": "",
         "metadata": {
-          "displayName": "azureAsrPrivateDnsZoneId",
+          "displayName": "azureAppPrivateDnsZoneId",
           "strongType": "Microsoft.Network/privateDnsZones",
           "description": "Private DNS Zone Identifier"
         }
       },
+
       "azureIotPrivateDnsZoneId": {
         "type": "string",
         "defaultValue": "",
@@ -814,6 +896,19 @@
         },
         "groupNames": []
       },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Web",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureWebPrivateDnsZoneId')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
       {
         "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Batch",
         "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8",
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json
index f667b8454e..ebf8a69514 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json
@@ -358,37 +358,6 @@
                     "GlobalSign"
                 ]
             },
-            "keyVaultHsmMinimumDaysBeforeExpiration": {
-                "type": "string",
-                "defaultValue": "Deny",
-                "allowedValues": [
-                    "Audit",
-                    "Deny",
-                    "Disabled"
-                ]
-            },
-            "keyVaultHsmMinimumDaysBeforeExpirationValue": {
-                "type": "integer",
-                "defaultValue": 90
-            },
-            "keyVaultHmsCurveNames": {
-                "type": "string",
-                "defaultValue": "Deny",
-                "allowedValues": [
-                    "Audit",
-                    "Deny",
-                    "Disabled"
-                ]
-            },
-            "keyVaultHmsCurveNamesValue": {
-                "type": "array",
-                "defaultValue": [
-                    "P-256",
-                    "P-256K",
-                    "P-384",
-                    "P-521"
-                ]
-            },
             "keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays": {
                 "type": "string",
                 "defaultValue": "Deny",
@@ -676,32 +645,6 @@
                     }
                 }
             },
-            {
-                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653",
-                "policyDefinitionReferenceId": "Deny-Kv-Hsm-MinimumDays-Before-Expiration",
-                "groupNames": [],
-                "parameters": {
-                    "effect": {
-                        "value": "[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]"
-                    },
-                    "minimumDaysBeforeExpiration": {
-                        "value": "[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]"
-                    }
-                }
-            },
-            {
-                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e",
-                "policyDefinitionReferenceId": "Deny-Kv-Hsm-Curve-Names",
-                "groupNames": [],
-                "parameters": {
-                    "effect": {
-                        "value": "[[parameters('keyVaultHmsCurveNames')]"
-                    },
-                    "allowedECNames": {
-                        "value": "[[parameters('keyVaultHmsCurveNamesValue')]"
-                    }
-                }
-            },
             {
                 "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427",
                 "policyDefinitionReferenceId": "Deny-Kv-Cert-Expiration-Within-Specific-Number-Days",
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json
index 463025afc9..9914306a6d 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json
@@ -133,15 +133,6 @@
                     "Disabled"
                 ]
             },
-            "afwEmptyIDPSBypassList": {
-                "type": "string",
-                "defaultValue": "Deny",
-                "allowedValues": [
-                    "Audit",
-                    "Deny",
-                    "Disabled"
-                ]
-            },
             "vpnAzureAD": {
                 "type": "string",
                 "defaultValue": "Deny",
@@ -247,16 +238,6 @@
                     }
                 }
             },
-            {
-                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50",
-                "policyDefinitionReferenceId": "Deny-FW-EmpIDPSBypass",
-                "groupNames": [],
-                "parameters": {
-                    "effect": {
-                        "value": "[[parameters('afwEmptyIDPSBypassList')]"
-                    }
-                }
-            },
             {
                 "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17",
                 "policyDefinitionReferenceId": "Deny-FW-TLS-Inspection",

From d4266ccdc216294fade4b463819d1470af1625b3 Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Tue, 6 Aug 2024 16:17:30 +0800
Subject: [PATCH 21/43] update bicep file

---
 .../policyDefinitions/initiatives.json                    | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
index 9f12d358ea..68a8866103 100644
--- a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
+++ b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.22.6.54827",
-      "templateHash": "1676851149951734790"
+      "templateHash": "7463573795263158321"
     }
   },
   "parameters": {
@@ -120,14 +120,14 @@
     "$fxv#46": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
     "$fxv#47": "{\n  \"name\": \"Deploy-MDFC-Config-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#48": "{\n  \"name\": \"Enforce-Encryption-CMK-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"MySQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"PostgreSQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#49": "{\n  \"name\": \"Deploy-Private-DNS-Zones-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureHDInsightPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureHDInsightPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#49": "{\n  \"name\": \"Deploy-Private-DNS-Zones-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureHDInsightPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureHDInsightPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueuePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueuePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueueSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueueSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Web\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#5": "{\n    \"name\": \"DenyAction-DeleteProtection\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"DenyAction Delete - Activity Log Settings and Diagnostic Settings\",\n        \"description\": \"Enforces DenyAction - Delete on Activity Log Settings and Diagnostic Settings.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Monitoring\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {},\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-DiagnosticSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-ActivityLogSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#50": "{\n    \"name\": \"Enforce-Guardrails-Storage-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
     "$fxv#51": "{\n    \"name\": \"Enforce-EncryptTransit_20240509-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#52": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#52": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#53": "{\n    \"name\": \"Enforce-Guardrails-Automation-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#54": "{\n    \"name\": \"Enforce-Guardrails-MySQL-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#55": "{\n    \"name\": \"Enforce-Guardrails-Network-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#55": "{\n    \"name\": \"Enforce-Guardrails-Network-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
     "$fxv#56": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#57": "{\n  \"name\": \"Deny-PublicPaaSEndpoints\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that  Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registires with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicEndpoint-MariaDB\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#58": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",

From 3c66029c2efd4e8315e97711bc72d7b3f6912d7f Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Tue, 6 Aug 2024 16:59:53 +0800
Subject: [PATCH 22/43] Correction on policyset definition and assignment

---
 ...cDINE-PrivateDNSZonesPolicyAssignment.json |  3 ++-
 .../policyDefinitions/initiatives.json        |  6 ++---
 ...loy-Private-DNS-Zones.AzureChinaCloud.json | 22 -------------------
 ...ce-Guardrails-Network.AzureChinaCloud.json | 19 ----------------
 4 files changed, 5 insertions(+), 45 deletions(-)

diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json
index f547eefea4..ea92ddb98e 100644
--- a/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json
@@ -138,7 +138,8 @@
             "azureMonitorPrivateDnsZoneId3": "[concat(variables('baseId'), 'privatelink.ods.opinsights.azure.cn')]",
             "azureMonitorPrivateDnsZoneId4": "[concat(variables('baseId'), 'privatelink.agentsvc.azure-automation.net')]", // No change for Mooncake
             "azureMonitorPrivateDnsZoneId5": "[concat(variables('baseId'), 'privatelink.blob.core.chinacloudapi.cn')]",
-            "azureWebPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.webpubsub.azure.cn')]",
+            // Private DNS zone for Azure Web is supported in mooncake, but the build-in policy(0b026355-49cb-467b-8ac4-f777874e175a) is not available.
+            //"azureWebPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.webpubsub.azure.cn')]",
             "azureBatchPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.batch.chinacloudapi.cn')]",
             "azureAppPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azconfig.azure.cn')]",
             // Azure Site Recovery is NOT supported in Mooncake yet
diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
index 68a8866103..1e4f783345 100644
--- a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
+++ b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.22.6.54827",
-      "templateHash": "7463573795263158321"
+      "templateHash": "14488517361147590487"
     }
   },
   "parameters": {
@@ -120,14 +120,14 @@
     "$fxv#46": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
     "$fxv#47": "{\n  \"name\": \"Deploy-MDFC-Config-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#48": "{\n  \"name\": \"Enforce-Encryption-CMK-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"MySQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"PostgreSQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#49": "{\n  \"name\": \"Deploy-Private-DNS-Zones-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureHDInsightPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureHDInsightPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueuePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueuePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueueSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueueSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Web\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#49": "{\n  \"name\": \"Deploy-Private-DNS-Zones-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureHDInsightPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureHDInsightPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueuePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueuePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueueSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueueSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#5": "{\n    \"name\": \"DenyAction-DeleteProtection\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"DenyAction Delete - Activity Log Settings and Diagnostic Settings\",\n        \"description\": \"Enforces DenyAction - Delete on Activity Log Settings and Diagnostic Settings.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Monitoring\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {},\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-DiagnosticSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-ActivityLogSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#50": "{\n    \"name\": \"Enforce-Guardrails-Storage-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
     "$fxv#51": "{\n    \"name\": \"Enforce-EncryptTransit_20240509-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
     "$fxv#52": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#53": "{\n    \"name\": \"Enforce-Guardrails-Automation-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#54": "{\n    \"name\": \"Enforce-Guardrails-MySQL-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#55": "{\n    \"name\": \"Enforce-Guardrails-Network-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#55": "{\n    \"name\": \"Enforce-Guardrails-Network-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
     "$fxv#56": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#57": "{\n  \"name\": \"Deny-PublicPaaSEndpoints\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that  Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registires with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicEndpoint-MariaDB\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#58": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json
index 86a36231d3..5726895cad 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json
@@ -268,15 +268,6 @@
           "description": "Private DNS Zone Identifier"
         }
       },
-      "azureWebPrivateDnsZoneId": {
-        "type": "string",
-        "defaultValue": "",
-        "metadata": {
-          "displayName": "azureWebPrivateDnsZoneId",
-          "strongType": "Microsoft.Network/privateDnsZones",
-          "description": "Private DNS Zone Identifier"
-        }
-      },
       "azureBatchPrivateDnsZoneId": {
         "type": "string",
         "defaultValue": "",
@@ -896,19 +887,6 @@
         },
         "groupNames": []
       },
-      {
-        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Web",
-        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a",
-        "parameters": {
-          "privateDnsZoneId": {
-            "value": "[[parameters('azureWebPrivateDnsZoneId')]"
-          },
-          "effect": {
-            "value": "[[parameters('effect')]"
-          }
-        },
-        "groupNames": []
-      },
       {
         "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Batch",
         "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8",
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json
index 9914306a6d..6c20d0fba0 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json
@@ -124,15 +124,6 @@
                     "Disabled"
                 ]
             },
-            "afwEnableTlsInspection": {
-                "type": "string",
-                "defaultValue": "Deny",
-                "allowedValues": [
-                    "Audit",
-                    "Deny",
-                    "Disabled"
-                ]
-            },
             "vpnAzureAD": {
                 "type": "string",
                 "defaultValue": "Deny",
@@ -238,16 +229,6 @@
                     }
                 }
             },
-            {
-                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17",
-                "policyDefinitionReferenceId": "Deny-FW-TLS-Inspection",
-                "groupNames": [],
-                "parameters": {
-                    "effect": {
-                        "value": "[[parameters('afwEnableTlsInspection')]"
-                    }
-                }
-            },
             {
                 "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596",
                 "policyDefinitionReferenceId": "Deny-FW-TLS-AllApp",

From 83247d2e208174bd2c30eaed1ef91591a149498e Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Tue, 6 Aug 2024 17:27:33 +0800
Subject: [PATCH 23/43] Update policyset for mooncake due to missing build-in
 policy

---
 .../policyDefinitions/initiatives.json        |  4 +-
 ...ce-Guardrails-Network.AzureChinaCloud.json | 64 -------------------
 2 files changed, 2 insertions(+), 66 deletions(-)

diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
index 1e4f783345..18edb3eb52 100644
--- a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
+++ b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.22.6.54827",
-      "templateHash": "14488517361147590487"
+      "templateHash": "3829309302982984702"
     }
   },
   "parameters": {
@@ -127,7 +127,7 @@
     "$fxv#52": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#53": "{\n    \"name\": \"Enforce-Guardrails-Automation-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#54": "{\n    \"name\": \"Enforce-Guardrails-MySQL-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#55": "{\n    \"name\": \"Enforce-Guardrails-Network-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#55": "{\n    \"name\": \"Enforce-Guardrails-Network-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
     "$fxv#56": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#57": "{\n  \"name\": \"Deny-PublicPaaSEndpoints\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that  Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registires with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicEndpoint-MariaDB\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#58": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json
index 6c20d0fba0..6d2d86d4ca 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json
@@ -60,28 +60,6 @@
                 "type": "string",
                 "defaultValue": ""
             },
-            "wafMode": {
-                "type": "string",
-                "defaultValue": "Deny",
-                "allowedValues": [
-                    "Audit",
-                    "Deny",
-                    "Disabled"
-                ]
-            },
-            "wafModeRequirement": {
-                "type": "string",
-                "defaultValue": "Prevention"
-            },
-            "wafFwRules": {
-                "type": "string",
-                "defaultValue": "Deny",
-                "allowedValues": [
-                    "Audit",
-                    "Deny",
-                    "Disabled"
-                ]
-            },
             "wafModeAppGw": {
                 "type": "string",
                 "defaultValue": "Deny",
@@ -115,15 +93,6 @@
                     "3389"
                 ]
             },
-            "afwEnbaleTlsForAllAppRules": {
-                "type": "string",
-                "defaultValue": "Deny",
-                "allowedValues": [
-                    "Audit",
-                    "Deny",
-                    "Disabled"
-                ]
-            },
             "vpnAzureAD": {
                 "type": "string",
                 "defaultValue": "Deny",
@@ -229,16 +198,6 @@
                     }
                 }
             },
-            {
-                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596",
-                "policyDefinitionReferenceId": "Deny-FW-TLS-AllApp",
-                "groupNames": [],
-                "parameters": {
-                    "effect": {
-                        "value": "[[parameters('afwEnbaleTlsForAllAppRules')]"
-                    }
-                }
-            },
             {
                 "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096",
                 "policyDefinitionReferenceId": "Deny-Waf-AppGw-mode",
@@ -252,29 +211,6 @@
                     }
                 }
             },
-            {
-                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d",
-                "policyDefinitionReferenceId": "Deny-Waf-Fw-rules",
-                "groupNames": [],
-                "parameters": {
-                    "effect": {
-                        "value": "[[parameters('wafFwRules')]"
-                    }
-                }
-            },
-            {
-                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8",
-                "policyDefinitionReferenceId": "Deny-Waf-mode",
-                "groupNames": [],
-                "parameters": {
-                    "effect": {
-                        "value": "[[parameters('wafMode')]"
-                    },
-                    "modeRequirement": {
-                        "value": "[[parameters('wafModeRequirement')]"
-                    }
-                }
-            },
             {
                 "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d",
                 "policyDefinitionReferenceId": "Modify-vNet-DDoS",

From c0718c8b98118818cc7e60663da257942df7513f Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Fri, 16 Aug 2024 14:56:53 +0800
Subject: [PATCH 24/43] Update for Policy and Initiatives

---
 eslzArm/eslz-portal.json                      |  10 +-
 eslzArm/eslzArm.json                          |  30 ++++-
 ...-DINE-APPEND-TLS-SSL-PolicyAssignment.json |  80 ++++++++++++
 .../mcENFORCE-BackupPolicyAssignment.json     |  58 +++++++++
 ...CE-GuardrailsKeyVaultPolicyAssignment.json |  53 ++++++++
 .../policyDefinitions/initiatives.json        | 114 +++++++++---------
 .../Enforce-ALZ-Decomm.json                   |   3 +-
 .../Enforce-Backup.AzureChinaCloud.json       |  75 ++++++++++++
 src/templates/initiatives.bicep               |   3 +-
 9 files changed, 360 insertions(+), 66 deletions(-)
 create mode 100644 eslzArm/managementGroupTemplates/policyAssignments/china/mcDENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json
 create mode 100644 eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-BackupPolicyAssignment.json
 create mode 100644 eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-GuardrailsKeyVaultPolicyAssignment.json
 create mode 100644 src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Backup.AzureChinaCloud.json

diff --git a/eslzArm/eslz-portal.json b/eslzArm/eslz-portal.json
index 0514fe77ec..ad5902ee48 100644
--- a/eslzArm/eslz-portal.json
+++ b/eslzArm/eslz-portal.json
@@ -504,7 +504,7 @@
                                     }
                                 ]
                             },
-                            "visible": "[equals(steps('management').enableLogAnalytics,'Yes')]"
+                            "visible": "[and(equals(steps('management').enableLogAnalytics,'Yes'), equals(steps('basics').cloudEnvironment.selection, 'AzureCloud'))]"
                         },
                         {
                             "name": "enableUpdateMgmt",
@@ -4324,7 +4324,7 @@
                                             }
                                         ]
                                     },
-                                    "visible": "[equals(steps('management').enableLogAnalytics,'Yes')]"
+                                    "visible": "[and(equals(steps('management').enableLogAnalytics,'Yes'), equals(steps('basics').cloudEnvironment.selection, 'AzureCloud'))]"
                                 },
                                 {
                                     "name": "enableVmssMonitoring",
@@ -4348,7 +4348,7 @@
                                             }
                                         ]
                                     },
-                                    "visible": "[equals(steps('management').enableLogAnalytics,'Yes')]"
+                                    "visible": "[and(equals(steps('management').enableLogAnalytics,'Yes'), equals(steps('basics').cloudEnvironment.selection, 'AzureCloud'))]"
                                 },
                                 {
                                     "name": "enableVmHybridMonitoring",
@@ -4372,7 +4372,7 @@
                                             }
                                         ]
                                     },
-                                    "visible": "[equals(steps('management').enableLogAnalytics,'Yes')]"
+                                    "visible": "[and(equals(steps('management').enableLogAnalytics,'Yes'), equals(steps('basics').cloudEnvironment.selection, 'AzureCloud'))]"
                                 },
                                 {
                                     "name": "enableAksPolicy",
@@ -4756,7 +4756,7 @@
                                             }
                                         ]
                                     },
-                                    "visible": true
+                                    "visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]"
                                 }
                             ],
                             "visible": true
diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json
index 65d17fd2a4..e7c1e7c805 100644
--- a/eslzArm/eslzArm.json
+++ b/eslzArm/eslzArm.json
@@ -1608,6 +1608,30 @@
         },
         "mdfcConfigPolicyInitiative": "[variables('mdfcConfigPolicyInitiativeMapping')[environment().resourceManager]]",
 
+        "tlsSslPolicyAssignmentMapping": {
+            "https://management.azure.com/": "managementGroupTemplates/policyAssignments/DENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json",
+            "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/DENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json", // This needs to be updated for USGovernmentCloud
+            "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcDENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json"
+
+        },
+        "tlsSslPolicyAssignment": "[variables('tlsSslPolicyAssignmentMapping')[environment().resourceManager]]",
+
+        "backupPolicyAssignmentMapping": {
+            "https://management.azure.com/": "managementGroupTemplates/policyAssignments/ENFORCE-BackupPolicyAssignment.json",
+            "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/ENFORCE-BackupPolicyAssignment.json", // This needs to be updated for USGovernmentCloud
+            "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcENFORCE-BackupPolicyAssignment.json"
+
+        },
+        "backupPolicyAssignment": "[variables('backupPolicyAssignmentMapping')[environment().resourceManager]]",
+
+        "kvGuardrailsPolicyAssignmentMapping": {
+            "https://management.azure.com/": "managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsKeyVaultPolicyAssignment.json",
+            "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsKeyVaultPolicyAssignment.json", // This needs to be updated for USGovernmentCloud
+            "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcENFORCE-GuardrailsKeyVaultPolicyAssignment.json"
+
+        },
+        "kvGuardrailsPolicyAssignment": "[variables('kvGuardrailsPolicyAssignmentMapping')[environment().resourceManager]]",
+
         "deploymentUris": {
             "managementGroups": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/mgmtGroupStructure/mgmtGroups.json')]",
             "managementGroupsLite": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/mgmtGroupStructure/mgmtGroupsLite.json')]",
@@ -1641,7 +1665,7 @@
             "azPolicyForAksPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-AksPolicyPolicyAssignment.json')]",
             "aksPrivEscalationPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-AksPrivEscalationPolicyAssignment.json')]",
             "aksPrivilegedPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-AksPrivilegedPolicyAssignment.json')]",
-            "tlsSslPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json')]",
+            "tlsSslPolicyAssignment": "[uri(deployment().properties.templateLink.uri, variables('tlsSslPolicyAssignment'))]",
             "aksHttpsPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-AksWithoutHttpsPolicyAssignment.json')]",
             "ipFwdPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-IPForwardingPolicyAssignment.json')]",
             "publicEndpointPolicyAssignment": "[uri(deployment().properties.templateLink.uri, variables('PublicEndpointPolicyAssignment'))]",
@@ -1650,8 +1674,8 @@
             "pipOnNicPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-PublicIpAddressOnNICPolicyAssignment.json')]",
             "mgmtFromInternetPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-MgmtPortsFromInternetPolicyAssignment.json')]",
             "storageHttpsPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-StorageWithoutHttpsPolicyAssignment.json')]",
-            "kvGuardrailsPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsKeyVaultPolicyAssignment.json')]",
-            "backupPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/ENFORCE-BackupPolicyAssignment.json')]",
+            "kvGuardrailsPolicyAssignment": "[uri(deployment().properties.templateLink.uri, variables('kvGuardrailsPolicyAssignment'))]",
+            "backupPolicyAssignment": "[uri(deployment().properties.templateLink.uri, variables('backupPolicyAssignment'))]",
             "denyHybridNetworkingPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-HybridNetworkingPolicyAssignment.json')]",
             "auditPeDnsZonesPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/AUDIT-PeDnsZonesPolicyAssignment.json')]",
             "auditAppGwWafPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/AUDIT-AppGwWafPolicyAssignment.json')]",
diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcDENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json
new file mode 100644
index 0000000000..21436d78ec
--- /dev/null
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json
@@ -0,0 +1,80 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "topLevelManagementGroupPrefix": {
+            "type": "string",
+            "metadata": {
+                "description": "Provide the ESLZ company prefix to the intermediate root management group containing the policy definitions."
+            }
+        },
+        "enforcementMode": {
+            "type": "string",
+            "allowedValues": [
+                "Default",
+                "DoNotEnforce"
+            ],
+            "defaultValue": "Default"
+        },
+        "nonComplianceMessagePlaceholder": {
+            "type": "string",
+            "defaultValue": "{enforcementMode}"
+        }
+    },
+    "variables": {
+        "policyDefinitions": {
+            "deployEncryptionInTransit": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509-AzureChinaCloud')]"
+        },
+        "policyAssignmentNames": {
+            "deployEncryptionInTransit": "Enforce-TLS-SSL-H224",
+            "description": "Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit.",
+            "displayName": "Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit"
+        },
+        "nonComplianceMessage": {
+            "message": "TLS and SSL {enforcementMode} be enabled for on resources without encryption in transit.",
+            "Default": "must",
+            "DoNotEnforce": "should"
+        },
+        "rbacOwner": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
+        "roleAssignmentNames": {
+            "deployEncryptionInTransit": "[guid(concat(parameters('topLevelManagementGroupPrefix'),variables('policyAssignmentNames').deployEncryptionInTransit))]"
+        }
+    },
+    "resources": [
+        {
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[variables('policyAssignmentNames').deployEncryptionInTransit]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[variables('policyAssignmentNames').description]",
+                "displayName": "[variables('policyAssignmentNames').displayName]",
+                "policyDefinitionId": "[variables('policyDefinitions').deployEncryptionInTransit]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "nonComplianceMessages": [
+                    {
+                        "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]"
+                    }
+                ],
+                "parameters": {}
+            }
+        },
+        {
+            "type": "Microsoft.Authorization/roleAssignments",
+            "apiVersion": "2019-04-01-preview",
+            "name": "[variables('roleAssignmentNames').deployEncryptionInTransit]",
+            "dependsOn": [
+                "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').deployEncryptionInTransit)]"
+            ],
+            "properties": {
+                "principalType": "ServicePrincipal",
+                "roleDefinitionId": "[concat('/providers/Microsoft.Authorization/roleDefinitions/', variables('rbacOwner'))]",
+                "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deployEncryptionInTransit), '2019-09-01', 'Full' ).identity.principalId)]"
+            }
+        }
+    ],
+    "outputs": {}
+}
\ No newline at end of file
diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-BackupPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-BackupPolicyAssignment.json
new file mode 100644
index 0000000000..5e935590b2
--- /dev/null
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-BackupPolicyAssignment.json
@@ -0,0 +1,58 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "topLevelManagementGroupPrefix": {
+            "type": "string",
+            "metadata": {
+                "description": "Provide the ESLZ company prefix to the intermediate root management group containing the policy definitions."
+            }
+        },
+        "enforcementMode": {
+            "type": "string",
+            "allowedValues": [
+                "Default",
+                "DoNotEnforce"
+            ],
+            "defaultValue": "Default"
+        },
+        "nonComplianceMessagePlaceholder": {
+            "type": "string",
+            "defaultValue": "{enforcementMode}"
+        }
+    },
+    "variables": {
+        "policyDefinitions": {
+            "enforceGuardrailsBackup": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Backup-AzureChinaCloud')]"
+        },
+        "policyAssignmentNames": {
+            "enforceGuardrailsBackup": "Enforce-ASR",
+            "description": "This initiative assignment enables recommended ALZ guardrails for Azure Recovery Services.",
+            "displayName": "Enforce enhanced recovery and backup policies"
+        },
+        "nonComplianceMessage": {
+            "message": "Recommended guardrails {enforcementMode} be enforced for Azure Recovery Services (Backup and Site Recovery).",
+            "Default": "must",
+            "DoNotEnforce": "should"
+        }
+    },
+    "resources": [
+        {
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[variables('policyAssignmentNames').enforceGuardrailsBackup]",
+            "properties": {
+                "description": "[variables('policyAssignmentNames').description]",
+                "displayName": "[variables('policyAssignmentNames').displayName]",
+                "policyDefinitionId": "[variables('policyDefinitions').enforceGuardrailsBackup]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "nonComplianceMessages": [
+                    {
+                        "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]"
+                    }
+                ]
+            }
+        }
+    ],
+    "outputs": {}
+}
diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-GuardrailsKeyVaultPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-GuardrailsKeyVaultPolicyAssignment.json
new file mode 100644
index 0000000000..aef6ea5d0a
--- /dev/null
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-GuardrailsKeyVaultPolicyAssignment.json
@@ -0,0 +1,53 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "topLevelManagementGroupPrefix": {
+            "type": "string",
+            "metadata": {
+                "description": "Provide the ESLZ company prefix to the intermediate root management group containing the policy definitions."
+            }
+        },
+        "enforcementMode": {
+            "type": "string",
+            "allowedValues": [
+                "Default",
+                "DoNotEnforce"
+            ],
+            "defaultValue": "Default"
+        },
+        "nonComplianceMessagePlaceholder": {
+            "type": "string",
+            "defaultValue": "{enforcementMode}"
+        }
+    },
+    "variables": {
+        "policyDefinitions": {
+            "enforceGuardrailsKeyVault": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVaul-AzureChinaCloud')]"
+        },
+        "policyAssignmentNames": {
+            "enforceGuardrailsKeyVault": "Enforce-GR-KeyVault",
+            "description": "This initiative assignment enables recommended ALZ guardrails for Azure Key Vault.",
+            "displayName": "Enforce recommended guardrails for Azure Key Vault"
+        },
+        "nonComplianceMessage": {
+            "message": "Recommended guardrails {enforcementMode} be enforced for Azure Key Vault.",
+            "Default": "must",
+            "DoNotEnforce": "should"
+        }
+    },
+    "resources": [
+        {
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[variables('policyAssignmentNames').enforceGuardrailsKeyVault]",
+            "properties": {
+                "description": "[variables('policyAssignmentNames').description]",
+                "displayName": "[variables('policyAssignmentNames').displayName]",
+                "policyDefinitionId": "[variables('policyDefinitions').enforceGuardrailsKeyVault]",
+                "enforcementMode": "[parameters('enforcementMode')]"
+            }
+        }
+    ],
+    "outputs": {}
+}
diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
index 18edb3eb52..0527f7d9ea 100644
--- a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
+++ b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.22.6.54827",
-      "templateHash": "3829309302982984702"
+      "templateHash": "13806023795590053595"
     }
   },
   "parameters": {
@@ -78,33 +78,33 @@
     ],
     "$fxv#0": "{\n    \"name\": \"Audit-UnusedResourcesCostOptimization\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Unused resources driving cost should be avoided\",\n        \"description\": \"Optimize cost by detecting unused but chargeable resources. Leverage this Azure Policy Initiative as a cost control tool to reveal orphaned resources that are contributing cost.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Cost Optimization\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n              ]\n        },\n        \"parameters\": {\n            \"effectDisks\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Disks Effect\",\n                    \"description\": \"Enable or disable the execution of the policy for Microsoft.Compute/disks\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectPublicIpAddresses\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"PublicIpAddresses Effect\",\n                    \"description\": \"Enable or disable the execution of the policy for Microsoft.Network/publicIpAddresses\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectServerFarms\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"ServerFarms Effect\",\n                    \"description\": \"Enable or disable the execution of the policy for Microsoft.Web/serverfarms\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AuditDisksUnusedResourcesCostOptimization\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Audit-Disks-UnusedResourcesCostOptimization\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectDisks')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AuditPublicIpAddressesUnusedResourcesCostOptimization\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Audit-PublicIpAddresses-UnusedResourcesCostOptimization\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectPublicIpAddresses')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AuditServerFarmsUnusedResourcesCostOptimization\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Audit-ServerFarms-UnusedResourcesCostOptimization\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectServerFarms')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AuditAzureHybridBenefitUnusedResourcesCostOptimization\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Audit-AzureHybridBenefit\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"Audit\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#1": "{\n    \"name\": \"Audit-TrustedLaunch\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Audit virtual machines for Trusted Launch support\",\n        \"description\": \"Trusted Launch improves security of a Virtual Machine which requires VM SKU, OS Disk & OS Image to support it (Gen 2). To learn more about Trusted Launch, visit https://aka.ms/trustedlaunch.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Trusted Launch\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n              ]\n        },\n        \"version\": \"1.0.0\",\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AuditDisksOsTrustedLaunch\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b03bb370-5249-4ea4-9fce-2552e87e45fa\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AuditTrustedLaunchEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95b54ad-0614-4633-ab29-104b01235cbf\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#10": "{\n    \"name\": \"Enforce-Guardrails-Compute\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Compute\",\n        \"description\": \"This policy initiative is a group of policies that ensures Compute is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Compute\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"diskDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vmAndVmssEncryptionHost\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fc4d8e41-e223-45ea-9bf5-eada37891d87\",\n                \"policyDefinitionReferenceId\": \"Deny-VmAndVmss-Encryption-Host\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vmAndVmssEncryptionHost')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ca91455f-eace-4f96-be59-e6e2c35b4816\",\n                \"policyDefinitionReferenceId\": \"Deny-Disk-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('diskDoubleEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#11": "{\n    \"name\": \"Enforce-Guardrails-ContainerInstance\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Instance\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Instances\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerInstanceVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8af8f826-edcb-4178-b35f-851ea6fea615\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerInstance-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerInstanceVnet')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#12": "{\n    \"name\": \"Enforce-Guardrails-ContainerRegistry\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Registry\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Registry\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerRegistryUnrestrictedNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryRepositoryToken\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyRepositoryToken\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryExports\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryAnAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyAnAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistrySkuPrivateLink\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryArmAudience\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyArmAudience\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/79fdfe03-ffcb-4e55-b4d0-b925b8241759\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b426fe-8856-4945-8600-18c5dd1cca2a\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Repo-Token\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyRepositoryToken')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/42781ec6-6127-4c30-bdfa-fb423a0047d3\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Arm-Audience\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryArmAudience')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/785596ed-054f-41bc-aaec-7f3d0ba05725\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Arm-Audience\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyArmAudience')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd560fc0-3c69-498a-ae9f-aa8eb7de0e13\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Sku-PrivateLink\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistrySkuPrivateLink')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cced2946-b08a-44fe-9fd9-e4ed8a779897\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Anonymous-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyAnAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9f2dea28-e834-476c-99c5-3507b4728395\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Anonymous-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryAnAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/524b0254-c285-4903-bee6-bb8126cde579\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Exports\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryExports')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc921057-6b28-4fbe-9b83-f7bec05db6c2\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff05e24e-195c-447e-b322-5e90c9f9f366\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Repo-Token\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryRepositoryToken')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Unrestricted-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryUnrestrictedNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a3701552-92ea-433e-9d17-33b7f1208fc9\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#13": "{\n    \"name\": \"Enforce-Guardrails-DataExplorer\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Data Explorer\",\n        \"description\": \"This policy initiative is a group of policies that ensures Data Explorer is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Azure Data Explorer\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"adxEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxSku\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1fec9658-933f-4b3e-bc95-913ed22d012b\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Sku-without-PL-Support\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxSku')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4b53539-8df9-40e4-86c6-6b607703bd4e\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7b32f193-cb28-4e15-9a98-b9556db0bafa\",\n                \"policyDefinitionReferenceId\": \"Modify-ADX-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#14": "{\n    \"name\": \"Enforce-Guardrails-DataFactory\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Data Factory\",\n        \"description\": \"This policy initiative is a group of policies that ensures Data Factory is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Data Factory\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"adfSqlIntegration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfLinkedServiceKeyVault\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfGit\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f78ccdb4-7bf4-4106-8647-270491d2978a\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/77d40665-3120-4348-b539-3192ec808307\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Git\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfGit')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/127ef6d7-242f-43b3-9eef-947faf1725d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Linked-Service-Key-Vault\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfLinkedServiceKeyVault')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0088bc63-6dee-4a9c-9d29-91cfdc848952\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Sql-Integration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfSqlIntegration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b1442b-7789-4130-8506-4f99a97226a7\",\n                \"policyDefinitionReferenceId\": \"Modify-Adf-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#15": "{\n    \"name\": \"Enforce-Guardrails-EventGrid\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Event Grid\",\n        \"description\": \"This policy initiative is a group of policies that ensures Event Grid is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Grid\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"eventGridLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPartnerNamespaceLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPartnerNamespaceModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridDomainModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridDomainModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2dd0e8b9-4289-4bb0-b813-1883298e9924\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Partner-Namespace-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPartnerNamespaceModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ac2748f-3bf1-4c02-a3b6-92ae68cf75b1\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Domain-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridDomainModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae9fb87f-8a17-4428-94a4-8135d431055c\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Topic-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c8144d9-746a-4501-b08c-093c8d29ad04\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Topic-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8632b003-3545-4b29-85e6-b2b96773df1e\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Partner-Namespace-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPartnerNamespaceLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8bfadddb-ee1c-4639-8911-a38cb8e0b3bd\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/898e9824-104c-4965-8e0e-5197588fa5d4\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Domain-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridDomainModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36ea4b4b-0f7f-4a54-89fa-ab18f555a172\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Topic-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#16": "{\n    \"name\": \"Enforce-Guardrails-EventHub\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Event Hub\",\n        \"description\": \"This policy initiative is a group of policies that ensures Event Hub is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Hub\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"eventHubAuthRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/836cd60e-87f3-4e6a-a27c-29d687f01a4c\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/57f35901-8389-40bb-ac49-3ba4f86d889d\",\n                \"policyDefinitionReferenceId\": \"Modify-EH-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5d4e3c65-4873-47be-94f3-6f8b953a3598\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Auth-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubAuthRules')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#17": "{\n    \"name\": \"Enforce-Guardrails-Kubernetes\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Kubernetes\",\n        \"description\": \"This policy initiative is a group of policies that ensures Kubernetes is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Kubernetes\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aksKms\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksCni\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivateCluster\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksCommandInvoke\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksReadinessOrLivenessProbes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivContainers\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivEscalation\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksAllowedCapabilities\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksTempDisk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksInternalLb\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksDefaultNamespace\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksNakedPods\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksShareHostProcessAndNamespace\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksWindowsContainerAdministrator\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5485eac0-7e8f-4964-998b-a44f4f0c1e75\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Windows-Container-Administrator\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksWindowsContainerAdministrator')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Shared-Host-Process-Namespace\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksShareHostProcessAndNamespace')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65280eef-c8b4-425e-9aec-af55e55bf581\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Naked-Pods\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksNakedPods')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9f061a12-e40d-4183-a00e-171812443373\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Default-Namespace\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksDefaultNamespace')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Internal-Lb\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksInternalLb')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/41425d9f-d1a5-499a-9932-f8ed8453932c\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Temp-Disk-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksTempDisk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Allowed-Capabilities\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksAllowedCapabilities')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Priv-Escalation\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivEscalation')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Priv-Containers\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivContainers')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b1a9997f-2883-4f12-bdff-2280f99b5915\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-ReadinessOrLiveness-Probes\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksReadinessOrLivenessProbes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b708b0a-3380-40e9-8b79-821f9fa224cc\",\n                \"policyDefinitionReferenceId\": \"Dine-Aks-Command-Invoke\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksCommandInvoke')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"policyDefinitionReferenceId\": \"Dine-Aks-Policy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPolicy')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Private-Cluster\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivateCluster')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/993c2fcd-2b29-49d2-9eb0-df2c3a730c32\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dbbdc317-9734-4dd8-9074-993b29c69008\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Kms\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksKms')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46238e2f-3f6f-4589-9f3f-77bed4116e67\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Cni\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksCni')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#18": "{\n    \"name\": \"Enforce-Guardrails-MachineLearning\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Machine Learning\",\n        \"description\": \"This policy initiative is a group of policies that ensures Machine Learning is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Machine Learning\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mlUserAssignedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlOutdatedOS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f110a506-2dcb-422e-bcea-d533fc8c35e2\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-Outdated-Os\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effects\": {\n                        \"value\": \"[[parameters('mlOutdatedOS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6f9a2d0-cff7-4855-83ad-4cd750666512\",\n                \"policyDefinitionReferenceId\": \"Modify-ML-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f0c7d88-c7de-45b8-ac49-db49e72eaa78\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-User-Assigned-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlUserAssignedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a10ee784-7409-4941-b091-663697637c0f\",\n                \"policyDefinitionReferenceId\": \"Modify-ML-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#19": "{\n    \"name\": \"Enforce-Guardrails-OpenAI\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Open AI (Cognitive Service)\",\n        \"description\": \"This policy initiative is a group of policies that ensures Open AI (Cognitive Service) is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cognitiveServicesOutboundNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesNetworkAcls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesModifyDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesCustomerStorage\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-CognitiveServices-RestrictOutboundNetworkAccess\",\n                \"policyDefinitionReferenceId\": \"Deny-OpenAi-OutboundNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesOutboundNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-CognitiveServices-NetworkAcls\",\n                \"policyDefinitionReferenceId\": \"Deny-OpenAi-NetworkAcls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesNetworkAcls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe3fd216-4f83-4fc1-8984-2bbec80a3418\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/71ef260a-8f18-47b7-abcb-62d0673d94dc\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesDisableLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46aa9b05-0e60-4eae-a88b-1e9d374fa515\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Cust-Storage\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesCustomerStorage')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/14de9e63-1b31-492e-a5a3-c3f7fd57f555\",\n                \"policyDefinitionReferenceId\": \"Modify-Cognitive-Services-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesModifyDisableLocalAuth')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#10": "{\n    \"name\": \"Enforce-Guardrails-CognitiveServices\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cognitive Services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cognitive Services is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cognitiveSearchSku\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveSearchLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyCognitiveSearchLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyCognitiveSearchPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a049bf77-880b-470f-ba6d-9f21c530cf83\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-SKU\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchSku')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6300012e-e9a4-4649-b41f-a85f5c43be91\",\n                \"policyDefinitionReferenceId\": \"Deny-CongitiveSearch-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4eb216f2-9dba-4979-86e6-5d7e63ce3b75\",\n                \"policyDefinitionReferenceId\": \"Modify-CogntiveSearch-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyCognitiveSearchLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9cee519f-d9c1-4fd9-9f79-24ec3449ed30\",\n                \"policyDefinitionReferenceId\": \"Modify-CogntiveSearch-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyCognitiveSearchPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47ba1dd7-28d9-4b07-a8d5-9813bed64e0c\",\n                \"policyDefinitionReferenceId\": \"Modify-Cognitive-Services-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#11": "{\n    \"name\": \"Enforce-Guardrails-Compute\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Compute\",\n        \"description\": \"This policy initiative is a group of policies that ensures Compute is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Compute\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"diskDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vmAndVmssEncryptionHost\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fc4d8e41-e223-45ea-9bf5-eada37891d87\",\n                \"policyDefinitionReferenceId\": \"Deny-VmAndVmss-Encryption-Host\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vmAndVmssEncryptionHost')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ca91455f-eace-4f96-be59-e6e2c35b4816\",\n                \"policyDefinitionReferenceId\": \"Deny-Disk-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('diskDoubleEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#12": "{\n    \"name\": \"Enforce-Guardrails-ContainerInstance\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Instance\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Instances\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerInstanceVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8af8f826-edcb-4178-b35f-851ea6fea615\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerInstance-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerInstanceVnet')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#13": "{\n    \"name\": \"Enforce-Guardrails-ContainerRegistry\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Registry\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Registry\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerRegistryUnrestrictedNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryRepositoryToken\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyRepositoryToken\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryExports\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryAnAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyAnAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistrySkuPrivateLink\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryArmAudience\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyArmAudience\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/79fdfe03-ffcb-4e55-b4d0-b925b8241759\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b426fe-8856-4945-8600-18c5dd1cca2a\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Repo-Token\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyRepositoryToken')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/42781ec6-6127-4c30-bdfa-fb423a0047d3\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Arm-Audience\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryArmAudience')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/785596ed-054f-41bc-aaec-7f3d0ba05725\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Arm-Audience\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyArmAudience')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd560fc0-3c69-498a-ae9f-aa8eb7de0e13\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Sku-PrivateLink\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistrySkuPrivateLink')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cced2946-b08a-44fe-9fd9-e4ed8a779897\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Anonymous-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyAnAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9f2dea28-e834-476c-99c5-3507b4728395\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Anonymous-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryAnAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/524b0254-c285-4903-bee6-bb8126cde579\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Exports\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryExports')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc921057-6b28-4fbe-9b83-f7bec05db6c2\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff05e24e-195c-447e-b322-5e90c9f9f366\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Repo-Token\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryRepositoryToken')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Unrestricted-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryUnrestrictedNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a3701552-92ea-433e-9d17-33b7f1208fc9\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#14": "{\n    \"name\": \"Enforce-Guardrails-DataExplorer\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Data Explorer\",\n        \"description\": \"This policy initiative is a group of policies that ensures Data Explorer is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Azure Data Explorer\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"adxEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxSku\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1fec9658-933f-4b3e-bc95-913ed22d012b\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Sku-without-PL-Support\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxSku')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4b53539-8df9-40e4-86c6-6b607703bd4e\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7b32f193-cb28-4e15-9a98-b9556db0bafa\",\n                \"policyDefinitionReferenceId\": \"Modify-ADX-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#15": "{\n    \"name\": \"Enforce-Guardrails-DataFactory\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Data Factory\",\n        \"description\": \"This policy initiative is a group of policies that ensures Data Factory is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Data Factory\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"adfSqlIntegration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfLinkedServiceKeyVault\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfGit\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f78ccdb4-7bf4-4106-8647-270491d2978a\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/77d40665-3120-4348-b539-3192ec808307\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Git\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfGit')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/127ef6d7-242f-43b3-9eef-947faf1725d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Linked-Service-Key-Vault\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfLinkedServiceKeyVault')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0088bc63-6dee-4a9c-9d29-91cfdc848952\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Sql-Integration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfSqlIntegration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b1442b-7789-4130-8506-4f99a97226a7\",\n                \"policyDefinitionReferenceId\": \"Modify-Adf-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#16": "{\n    \"name\": \"Enforce-Guardrails-EventGrid\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Event Grid\",\n        \"description\": \"This policy initiative is a group of policies that ensures Event Grid is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Grid\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"eventGridLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPartnerNamespaceLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPartnerNamespaceModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridDomainModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridDomainModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2dd0e8b9-4289-4bb0-b813-1883298e9924\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Partner-Namespace-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPartnerNamespaceModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ac2748f-3bf1-4c02-a3b6-92ae68cf75b1\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Domain-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridDomainModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae9fb87f-8a17-4428-94a4-8135d431055c\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Topic-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c8144d9-746a-4501-b08c-093c8d29ad04\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Topic-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8632b003-3545-4b29-85e6-b2b96773df1e\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Partner-Namespace-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPartnerNamespaceLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8bfadddb-ee1c-4639-8911-a38cb8e0b3bd\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/898e9824-104c-4965-8e0e-5197588fa5d4\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Domain-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridDomainModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36ea4b4b-0f7f-4a54-89fa-ab18f555a172\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Topic-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#17": "{\n    \"name\": \"Enforce-Guardrails-EventHub\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Event Hub\",\n        \"description\": \"This policy initiative is a group of policies that ensures Event Hub is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Hub\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"eventHubAuthRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/836cd60e-87f3-4e6a-a27c-29d687f01a4c\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/57f35901-8389-40bb-ac49-3ba4f86d889d\",\n                \"policyDefinitionReferenceId\": \"Modify-EH-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5d4e3c65-4873-47be-94f3-6f8b953a3598\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Auth-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubAuthRules')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#18": "{\n    \"name\": \"Enforce-Guardrails-Kubernetes\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Kubernetes\",\n        \"description\": \"This policy initiative is a group of policies that ensures Kubernetes is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Kubernetes\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aksKms\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksCni\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivateCluster\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksCommandInvoke\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksReadinessOrLivenessProbes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivContainers\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivEscalation\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksAllowedCapabilities\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksTempDisk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksInternalLb\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksDefaultNamespace\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksNakedPods\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksShareHostProcessAndNamespace\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksWindowsContainerAdministrator\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5485eac0-7e8f-4964-998b-a44f4f0c1e75\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Windows-Container-Administrator\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksWindowsContainerAdministrator')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Shared-Host-Process-Namespace\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksShareHostProcessAndNamespace')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65280eef-c8b4-425e-9aec-af55e55bf581\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Naked-Pods\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksNakedPods')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9f061a12-e40d-4183-a00e-171812443373\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Default-Namespace\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksDefaultNamespace')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Internal-Lb\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksInternalLb')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/41425d9f-d1a5-499a-9932-f8ed8453932c\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Temp-Disk-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksTempDisk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Allowed-Capabilities\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksAllowedCapabilities')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Priv-Escalation\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivEscalation')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Priv-Containers\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivContainers')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b1a9997f-2883-4f12-bdff-2280f99b5915\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-ReadinessOrLiveness-Probes\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksReadinessOrLivenessProbes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b708b0a-3380-40e9-8b79-821f9fa224cc\",\n                \"policyDefinitionReferenceId\": \"Dine-Aks-Command-Invoke\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksCommandInvoke')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"policyDefinitionReferenceId\": \"Dine-Aks-Policy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPolicy')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Private-Cluster\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivateCluster')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/993c2fcd-2b29-49d2-9eb0-df2c3a730c32\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dbbdc317-9734-4dd8-9074-993b29c69008\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Kms\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksKms')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46238e2f-3f6f-4589-9f3f-77bed4116e67\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Cni\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksCni')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#19": "{\n    \"name\": \"Enforce-Guardrails-MachineLearning\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Machine Learning\",\n        \"description\": \"This policy initiative is a group of policies that ensures Machine Learning is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Machine Learning\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mlUserAssignedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlOutdatedOS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f110a506-2dcb-422e-bcea-d533fc8c35e2\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-Outdated-Os\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effects\": {\n                        \"value\": \"[[parameters('mlOutdatedOS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6f9a2d0-cff7-4855-83ad-4cd750666512\",\n                \"policyDefinitionReferenceId\": \"Modify-ML-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f0c7d88-c7de-45b8-ac49-db49e72eaa78\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-User-Assigned-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlUserAssignedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a10ee784-7409-4941-b091-663697637c0f\",\n                \"policyDefinitionReferenceId\": \"Modify-ML-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#2": "{\n  \"name\": \"Deploy-Sql-Security\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Deploy SQL Database built-in SQL security configuration\",\n    \"description\": \"Deploy auditing, Alert, TDE and SQL vulnerability to SQL Databases when it not exist in the deployment. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-Sql-Security_20240529.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"SQL\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"Deploy-Sql-Security_20240529\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"vulnerabilityAssessmentsEmail\": {\n        \"metadata\": {\n          \"description\": \"The email address to send alerts\",\n          \"displayName\": \"The email address to send alerts\"\n        },\n        \"type\": \"String\"\n      },\n      \"vulnerabilityAssessmentsStorageID\": {\n        \"metadata\": {\n          \"description\": \"The storage account ID to store assessments\",\n          \"displayName\": \"The storage account ID to store assessments\"\n        },\n        \"type\": \"String\"\n      },\n      \"SqlDbTdeDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database Transparent Data Encryption \",\n          \"description\": \"Deploy the Transparent Data Encryption when it is not enabled in the deployment\"\n        }\n      },\n      \"SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database security Alert Policies configuration with email admin accounts\",\n          \"description\": \"Deploy the security Alert Policies configuration with email admin accounts when it not exist in current configuration\"\n        }\n      },\n      \"SqlDbAuditingSettingsDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL database auditing settings\",\n          \"description\": \"Deploy auditing settings to SQL Database when it not exist in the deployment\"\n        }\n      },\n      \"SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database vulnerability Assessments\",\n          \"description\": \"Deploy SQL Database vulnerability Assessments when it not exist in the deployment. To the specific  storage account in the parameters\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbTdeDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbTdeDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbSecurityAlertPoliciesDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbAuditingSettingsDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbAuditingSettingsDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbVulnerabilityAssessmentsDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect')]\"\n          },\n          \"vulnerabilityAssessmentsEmail\": {\n            \"value\": \"[[parameters('vulnerabilityAssessmentsEmail')]\"\n          },\n          \"vulnerabilityAssessmentsStorageID\": {\n            \"value\": \"[[parameters('vulnerabilityAssessmentsStorageID')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#20": "{\n    \"name\": \"Enforce-Guardrails-PostgreSQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for PostgreSQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures PostgreSQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"PostgreSQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"postgreSqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/db048e65-913c-49f9-bb5f-1084184671d3\",\n                \"policyDefinitionReferenceId\": \"Dine-PostgreSql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('postgreSqlAdvThreatProtection')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#21": "{\n    \"name\": \"Enforce-Guardrails-ServiceBus\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Service Bus\",\n        \"description\": \"This policy initiative is a group of policies that ensures Service Bus is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Service Bus\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"serviceBusModifyDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDenyDisabledLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusAuthzRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Authz-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusAuthzRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebaf4f25-a4e8-415f-86a8-42d9155bef0b\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfb11c26-f069-4c14-8e36-56c394dae5af\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDenyDisabledLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/910711a6-8aa2-4f15-ae62-1e5b2ed3ef9e\",\n                \"policyDefinitionReferenceId\": \"Modify-Sb-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusModifyDisableLocalAuth')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#22": "{\n    \"name\": \"Enforce-Guardrails-SQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for SQL and SQL Managed Instance\",\n        \"description\": \"This policy initiative is a group of policies that ensures SQL and SQL Managed Instance is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"SQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"sqlManagedAadOnly\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlAadOnly\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifySqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c5a62eb0-c65a-4220-8a4d-f70dd4ca95dd\",\n                \"policyDefinitionReferenceId\": \"Dine-Sql-Managed-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abda6d70-9778-44e7-84a8-06713e6db027\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Aad-Only\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlAadOnly')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/78215662-041e-49ed-a9dd-5385911b3a1f\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Aad-Only\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedAadOnly')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6\",\n                \"policyDefinitionReferenceId\": \"Dine-Sql-Adv-Data\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b\",\n                \"policyDefinitionReferenceId\": \"Modify-Sql-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifySqlPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#23": "{\n    \"name\": \"Enforce-Guardrails-Synapse\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Synapse workspaces\",\n        \"description\": \"This policy initiative is a group of policies that ensures Synapse workspaces is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Synapse\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"synapseLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseManagedVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDataTraffic\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTenants\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseAllowedTenantIds\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"[[subscription().tenantId]\"\n                ]\n            },\n            \"synapseFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/951c1558-50a5-4ca3-abb6-a93e3e2367a6\",\n                \"policyDefinitionReferenceId\": \"Dine-Synapse-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3624673-d2ff-48e0-b28c-5de1c6767c3c\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56fd377d-098c-4f02-8406-81eb055902b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a003702-13d2-4679-941b-937e58c443f0\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tenant-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTenants')]\"\n                    },\n                    \"allowedTenantIds\": {\n                        \"value\": \"[[parameters('synapseAllowedTenantIds')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3484ce98-c0c5-4c83-994b-c5ac24785218\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Data-Traffic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDataTraffic')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d9dbfa3-927b-4cf0-9d0f-08747f971650\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Managed-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseManagedVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2158ddbe-fefa-408e-b43f-d4faef8ff3b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b5c654c-fb07-471b-aa8f-15fea733f140\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c8cad01-ef30-4891-b230-652dadb4876a\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#24": "{\n    \"name\": \"Enforce-Guardrails-VirtualDesktop\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Virtual Desktop\",\n        \"description\": \"This policy initiative is a group of policies that ensures Virtual Desktop is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Desktop Virtualization\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"avdWorkspaceModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ce6ebf1d-0b94-4df9-9257-d8cacc238b4f\",\n                \"policyDefinitionReferenceId\": \"Modify-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspaceModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0913ff-51e7-47b8-97bb-ea17127f7c8d\",\n                \"policyDefinitionReferenceId\": \"Modify-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#25": "{\n    \"name\": \"Deny-PublicPaaSEndpoints\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Public network access should be disabled for PaaS services\",\n        \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n        \"metadata\": {\n            \"version\": \"5.1.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"CosmosPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for CosmosDB\",\n                    \"description\": \"This policy denies that Cosmos database accounts  are created with out public network access is disabled.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"KeyVaultPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for KeyVault\",\n                    \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"SqlServerPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n                    \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"StoragePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access onStorage accounts should be disabled\",\n                    \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AKSPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on AKS API should be disabled\",\n                    \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"ACRPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure Container Registry disabled\",\n                    \"description\": \"This policy denies the creation of Azure Container Registries with exposed public endpoints \"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AFSPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure File Sync disabled\",\n                    \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"PostgreSQLFlexPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for PostgreSql Flexible Server\",\n                    \"description\": \"This policy denies creation of PostgreSQL Flexible DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"postgreSqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for PostgreSQL servers\",\n                    \"description\": \"This policy denies creation of PostgreSQL DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MySQLFlexPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for MySQL Flexible Server\",\n                    \"description\": \"This policy denies creation of MySql Flexible Server DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"BatchPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n                    \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MariaDbPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n                    \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MlPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Machine Learning\",\n                    \"description\": \"This policy denies creation of Azure Machine Learning with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"RedisCachePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Cache for Redis\",\n                    \"description\": \"This policy denies creation of Azure Cache for Redis with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"BotServicePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Bot Service\",\n                    \"description\": \"This policy denies creation of Bot Service with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AutomationPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Automation accounts\",\n                    \"description\": \"This policy denies creation of Automation accounts with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AppConfigPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Configuration\",\n                    \"description\": \"This policy denies creation of App Configuration with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"FunctionPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Function apps\",\n                    \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"FunctionAppSlotPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Function apps\",\n                    \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Service Environment apps\",\n                    \"description\": \"This policy denies creation of App Service Environment apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Service apps\",\n                    \"description\": \"This policy denies creation of App Service apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"ApiManPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for API Management services\",\n                    \"description\": \"This policy denies creation of API Management services with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"AuditIfNotExists\"\n            },\n            \"ContainerAppsEnvironmentDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Container Apps environment should disable public network access\",\n                    \"description\": \"This policy denies creation of Container Apps Environment with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsrVaultDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Azure Recovery Services vaults should disable public network access\",\n                    \"description\": \"This policy denies creation of Azure Recovery Services vaults with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"logicAppPublicNetworkAccessEffect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"appSlotsPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"cognitiveSearchPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"managedDiskPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmDisablePublicNetwork\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapsePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdWorkspacePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"grafanaPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/405c5871-3e91-4644-8a63-58e19d68ff5b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2982f36-99f2-4db5-8eff-283140c09693\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLFlexDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLFlexPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deny-PostgreSql-Public-Network-Access\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('postgreSqlPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLFlexDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLFlexPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MlDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/438c38d2-3772-465a-a9cc-7a6666a275ce\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MlPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisCacheDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/470baccb-7e51-4549-8b1a-3e5be069f663\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisCachePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BotServiceDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e8168db-69e3-4beb-9822-57cb59202a9d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BotServicePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AutomationDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/955a914f-bf86-4f0e-acd5-e0766b0efcb6\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AutomationPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppConfigDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3d9f5e4c-9947-4579-9539-2a7695fbc187\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppConfigPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/969ac98b-88a8-449f-883c-2e9adb123127\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionAppSlotsDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11c82d0c-db9f-4d7b-97c5-f3f9aa957da2\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppSlotPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AseDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d048aca-6479-4923-88f5-e2ac295d9af3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AsDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b5ef780-c53c-4a64-87f3-bb9c8c8094ba\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ApiManDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/df73bd95-24da-4a4f-96b9-4e8b94b402bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ApiManPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsEnvironmentDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d074ddf8-01a5-4b5e-a2b8-964aed452c0a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsEnvironmentDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/783ea2a8-b8fd-46be-896a-9ae79643a0b1\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AsrVaultDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9ebbbba3-4d65-4da9-bb67-b22cfaaff090\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsrVaultDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Public-Network-Access\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApp-Public-Network\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppPublicNetworkAccessEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/701a595d-38fb-4a66-ae6d-fb3735217622\",\n                \"policyDefinitionReferenceId\": \"Deny-AppSlots-Public\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appSlotsPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee980b6d-0eca-4501-8d54-f6290fd512c3\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8405fdab-1faf-48aa-b702-999c9c172094\",\n                \"policyDefinitionReferenceId\": \"Deny-ManagedDisk-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('managedDiskPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43bc7be6-5e69-4b0d-a2bb-e815557ca673\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1cf164be-6819-4a50-b8fa-4bcaa4f98fb6\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8f774be-6aee-492a-9e29-486ef81f3a68\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1adadefe-5f21-44f7-b931-a59b54ccdb45\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Topic-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0602787f-9896-402a-a6e1-39ee63ee435e\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/19ea9d63-adee-4431-a95e-1913c6c1c75f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PublicNetwork\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetwork')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cbd11fd3-3002-4907-b6c8-579f0e700e13\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDisablePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9dfea752-dd46-4766-aed1-c355fa93fb91\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Public-Endpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Public-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsPublicAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/38d8df46-cf4e-4073-8e03-48c24b29de0d\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapsePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ac3038-c07a-4b92-860d-29e270a4f3cd\",\n                \"policyDefinitionReferenceId\": \"Deny-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspacePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c25dcf31-878f-4eba-98eb-0818fdc6a334\",\n                \"policyDefinitionReferenceId\": \"Deny-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8775d5a-73b7-4977-a39b-833ef0114628\",\n                \"policyDefinitionReferenceId\": \"Deny-Grafana-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('grafanaPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#26": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. This policy set is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n    \"metadata\": {\n      \"deprecated\": true,\n      \"version\": \"2.2.0-deprecated\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsDestinationType\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AzureDiagnostics\",\n        \"allowedValues\": [\n          \"AzureDiagnostics\",\n          \"Dedicated\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Destination table for the Diagnostic Setting for API Management to Log Analytics workspace\",\n          \"description\": \"Destination table for the diagnostic setting for API Management to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsDestinationType\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AzureDiagnostics\",\n        \"allowedValues\": [\n          \"AzureDiagnostics\",\n          \"Dedicated\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Destination table for the Diagnostic Setting for Firewall to Log Analytics workspace\",\n          \"description\": \"Destination table for the diagnostic setting for Firewall to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Log Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Log Analytics to stream to a Log Analytics workspace when any Log Analytics workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category Audit enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AVDScalingPlansLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59759c62-9a22-4cdf-ae64-074495983fef\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountBlobServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountFileServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a70cc8-2bd4-47f1-90b6-1478e4662c96\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountQueueServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7bd000e3-37c7-4928-9f31-86c4b77c5c45\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountTableServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fb86bf3-d221-43d1-96d1-2434af34eaa0\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AVDScalingPlansLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"logAnalyticsDestinationType\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsDestinationType')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"logAnalyticsDestinationType\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsDestinationType')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#27": "{\n    \"name\": \"Deploy-MDFC-Config\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"[Deprecated]: Deploy Microsoft Defender for Cloud configuration\",\n        \"description\": \"Deploy Microsoft Defender for Cloud configuration. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html\",\n        \"metadata\": {\n            \"version\": \"7.0.0-deprecated\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"deprecated\": true,\n            \"supersededBy\": \"Deploy-MDFC-Config_20240319\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"emailSecurityContact\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Security contacts email address\",\n                    \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n                }\n            },\n            \"minimalSeverity\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"High\",\n                    \"Medium\",\n                    \"Low\"\n                ],\n                \"defaultValue\": \"High\",\n                \"metadata\": {\n                    \"displayName\": \"Minimal severity\",\n                    \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n                }\n            },\n            \"logAnalytics\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Primary Log Analytics workspace\",\n                    \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n                    \"strongType\": \"omsWorkspace\"\n                }\n            },\n            \"ascExportResourceGroupName\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n                }\n            },\n            \"ascExportResourceGroupLocation\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n                }\n            },\n            \"enableAscForCosmosDbs\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSql\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSqlOnVm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForDns\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForArm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForOssDb\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForAppServices\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForKeyVault\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForStorage\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForContainers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServersVulnerabilityAssessments\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"vulnerabilityAssessmentProvider\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"default\",\n                    \"mdeTvm\"\n                ],\n                \"defaultValue\": \"default\",\n                \"metadata\": {\n                    \"displayName\": \"Vulnerability assessment provider type\",\n                    \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n                }\n            },\n            \"enableAscForApis\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForCspm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForOssDb')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVM\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n                    },\n                    \"vaType\": {\n                        \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForAppServices')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForStorage')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforContainers\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    },\n                    \"logAnalyticsWorkspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForKeyVault')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForDns\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForDns')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForArm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForArm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSql')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForApis\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e54d2be9-5f2e-4d65-98e4-4f0e670b23d6\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForApis')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCspm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCspm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"securityEmailContact\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n                \"parameters\": {\n                    \"emailSecurityContact\": {\n                        \"value\": \"[[parameters('emailSecurityContact')]\"\n                    },\n                    \"minimalSeverity\": {\n                        \"value\": \"[[parameters('minimalSeverity')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ascExport\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n                \"parameters\": {\n                    \"resourceGroupName\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n                    },\n                    \"resourceGroupLocation\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n                    },\n                    \"workspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n                \"parameters\": {\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#28": "{\n    \"name\": \"Deploy-MDFC-Config_20240319\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n        \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Deploy-MDFC-Config\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"emailSecurityContact\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Security contacts email address\",\n                    \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n                }\n            },\n            \"minimalSeverity\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"High\",\n                    \"Medium\",\n                    \"Low\"\n                ],\n                \"defaultValue\": \"High\",\n                \"metadata\": {\n                    \"displayName\": \"Minimal severity\",\n                    \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n                }\n            },\n            \"logAnalytics\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Primary Log Analytics workspace\",\n                    \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n                    \"strongType\": \"omsWorkspace\"\n                }\n            },\n            \"ascExportResourceGroupName\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n                }\n            },\n            \"ascExportResourceGroupLocation\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n                }\n            },\n            \"enableAscForCosmosDbs\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSql\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSqlOnVm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForArm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForOssDb\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForAppServices\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForKeyVault\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForStorage\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForContainers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServersVulnerabilityAssessments\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"vulnerabilityAssessmentProvider\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"default\",\n                    \"mdeTvm\"\n                ],\n                \"defaultValue\": \"mdeTvm\",\n                \"metadata\": {\n                    \"displayName\": \"Vulnerability assessment provider type\",\n                    \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n                }\n            },\n            \"enableAscForCspm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForOssDb')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVM\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n                    },\n                    \"vaType\": {\n                        \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForAppServices')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForStorage')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforContainers\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    },\n                    \"logAnalyticsWorkspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForKeyVault')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForArm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForArm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSql')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCspm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCspm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"securityEmailContact\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n                \"parameters\": {\n                    \"emailSecurityContact\": {\n                        \"value\": \"[[parameters('emailSecurityContact')]\"\n                    },\n                    \"minimalSeverity\": {\n                        \"value\": \"[[parameters('minimalSeverity')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ascExport\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n                \"parameters\": {\n                    \"resourceGroupName\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n                    },\n                    \"resourceGroupLocation\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n                    },\n                    \"workspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n                \"parameters\": {\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#29": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"2.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDatabricksPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDatabricksPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureHDInsightPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureHDInsightPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMigratePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMigratePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueuePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueuePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueueSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueueSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesKeyPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesKeyPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesLivePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesLivePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesStreamPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesStreamPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBotServicePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBotServicePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureManagedGrafanaWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureManagedGrafanaWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotDeviceupdatePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotDeviceupdatePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcGuestconfigurationPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcGuestconfigurationPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcHybridResourceProviderPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcHybridResourceProviderPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcKubernetesConfigurationPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcKubernetesConfigurationPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotCentralPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotCentralPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Databricks-UI-Api\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDatabricksPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"databricks_ui_api\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Databricks-Browser-AuthN\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDatabricksPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"browser_authentication\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Migrate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7590a335-57cf-4c95-babd-ecbc8fafeb1f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMigratePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Key\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesKeyPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"keydelivery\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Live\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesLivePrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"liveevent\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Stream\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesStreamPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"streamingendpoint\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Web\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-BotService\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a4e6f44-f2af-4082-9702-033c9e88b9f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBotServicePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ManagedGrafanaWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4c8537f8-cd1b-49ec-b704-18e82a42fd58\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureManagedGrafanaWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTDeviceupdate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a222b93a-e6c2-4c01-817f-21e092455b2a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotDeviceupdatePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Arc\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55c4db33-97b0-437b-8469-c4f4498f5df9\",\n        \"parameters\":{\n          \"privateDnsZoneIDForGuestConfiguration\": {\n            \"value\": \"[[parameters('azureArcGuestconfigurationPrivateDnsZoneId')]\"\n          },\n          \"privateDnsZoneIDForHybridResourceProvider\": {\n            \"value\": \"[[parameters('azureArcHybridResourceProviderPrivateDnsZoneId')]\"\n          },\n          \"privateDnsZoneIDForKubernetesConfiguration\": {\n            \"value\": \"[[parameters('azureArcKubernetesConfigurationPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTCentral\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d627d7c6-ded5-481a-8f2e-7e16b1e6faf6\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotCentralPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#20": "{\n    \"name\": \"Enforce-Guardrails-OpenAI\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Open AI (Cognitive Service)\",\n        \"description\": \"This policy initiative is a group of policies that ensures Open AI (Cognitive Service) is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cognitiveServicesOutboundNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesNetworkAcls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesModifyDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesCustomerStorage\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-CognitiveServices-RestrictOutboundNetworkAccess\",\n                \"policyDefinitionReferenceId\": \"Deny-OpenAi-OutboundNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesOutboundNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-CognitiveServices-NetworkAcls\",\n                \"policyDefinitionReferenceId\": \"Deny-OpenAi-NetworkAcls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesNetworkAcls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe3fd216-4f83-4fc1-8984-2bbec80a3418\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/71ef260a-8f18-47b7-abcb-62d0673d94dc\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesDisableLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46aa9b05-0e60-4eae-a88b-1e9d374fa515\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Cust-Storage\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesCustomerStorage')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/14de9e63-1b31-492e-a5a3-c3f7fd57f555\",\n                \"policyDefinitionReferenceId\": \"Modify-Cognitive-Services-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesModifyDisableLocalAuth')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#21": "{\n    \"name\": \"Enforce-Guardrails-PostgreSQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for PostgreSQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures PostgreSQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"PostgreSQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"postgreSqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/db048e65-913c-49f9-bb5f-1084184671d3\",\n                \"policyDefinitionReferenceId\": \"Dine-PostgreSql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('postgreSqlAdvThreatProtection')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#22": "{\n    \"name\": \"Enforce-Guardrails-ServiceBus\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Service Bus\",\n        \"description\": \"This policy initiative is a group of policies that ensures Service Bus is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Service Bus\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"serviceBusModifyDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDenyDisabledLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusAuthzRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Authz-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusAuthzRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebaf4f25-a4e8-415f-86a8-42d9155bef0b\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfb11c26-f069-4c14-8e36-56c394dae5af\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDenyDisabledLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/910711a6-8aa2-4f15-ae62-1e5b2ed3ef9e\",\n                \"policyDefinitionReferenceId\": \"Modify-Sb-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusModifyDisableLocalAuth')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#23": "{\n    \"name\": \"Enforce-Guardrails-SQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for SQL and SQL Managed Instance\",\n        \"description\": \"This policy initiative is a group of policies that ensures SQL and SQL Managed Instance is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"SQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"sqlManagedAadOnly\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlAadOnly\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifySqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c5a62eb0-c65a-4220-8a4d-f70dd4ca95dd\",\n                \"policyDefinitionReferenceId\": \"Dine-Sql-Managed-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abda6d70-9778-44e7-84a8-06713e6db027\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Aad-Only\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlAadOnly')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/78215662-041e-49ed-a9dd-5385911b3a1f\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Aad-Only\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedAadOnly')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6\",\n                \"policyDefinitionReferenceId\": \"Dine-Sql-Adv-Data\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b\",\n                \"policyDefinitionReferenceId\": \"Modify-Sql-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifySqlPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#24": "{\n    \"name\": \"Enforce-Guardrails-Synapse\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Synapse workspaces\",\n        \"description\": \"This policy initiative is a group of policies that ensures Synapse workspaces is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Synapse\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"synapseLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseManagedVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDataTraffic\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTenants\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseAllowedTenantIds\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"[[subscription().tenantId]\"\n                ]\n            },\n            \"synapseFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/951c1558-50a5-4ca3-abb6-a93e3e2367a6\",\n                \"policyDefinitionReferenceId\": \"Dine-Synapse-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3624673-d2ff-48e0-b28c-5de1c6767c3c\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56fd377d-098c-4f02-8406-81eb055902b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a003702-13d2-4679-941b-937e58c443f0\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tenant-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTenants')]\"\n                    },\n                    \"allowedTenantIds\": {\n                        \"value\": \"[[parameters('synapseAllowedTenantIds')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3484ce98-c0c5-4c83-994b-c5ac24785218\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Data-Traffic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDataTraffic')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d9dbfa3-927b-4cf0-9d0f-08747f971650\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Managed-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseManagedVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2158ddbe-fefa-408e-b43f-d4faef8ff3b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b5c654c-fb07-471b-aa8f-15fea733f140\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c8cad01-ef30-4891-b230-652dadb4876a\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#25": "{\n    \"name\": \"Enforce-Guardrails-VirtualDesktop\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Virtual Desktop\",\n        \"description\": \"This policy initiative is a group of policies that ensures Virtual Desktop is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Desktop Virtualization\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"avdWorkspaceModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ce6ebf1d-0b94-4df9-9257-d8cacc238b4f\",\n                \"policyDefinitionReferenceId\": \"Modify-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspaceModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0913ff-51e7-47b8-97bb-ea17127f7c8d\",\n                \"policyDefinitionReferenceId\": \"Modify-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#26": "{\n    \"name\": \"Deny-PublicPaaSEndpoints\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Public network access should be disabled for PaaS services\",\n        \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n        \"metadata\": {\n            \"version\": \"5.1.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"CosmosPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for CosmosDB\",\n                    \"description\": \"This policy denies that Cosmos database accounts  are created with out public network access is disabled.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"KeyVaultPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for KeyVault\",\n                    \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"SqlServerPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n                    \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"StoragePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access onStorage accounts should be disabled\",\n                    \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AKSPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on AKS API should be disabled\",\n                    \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"ACRPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure Container Registry disabled\",\n                    \"description\": \"This policy denies the creation of Azure Container Registries with exposed public endpoints \"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AFSPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure File Sync disabled\",\n                    \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"PostgreSQLFlexPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for PostgreSql Flexible Server\",\n                    \"description\": \"This policy denies creation of PostgreSQL Flexible DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"postgreSqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for PostgreSQL servers\",\n                    \"description\": \"This policy denies creation of PostgreSQL DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MySQLFlexPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for MySQL Flexible Server\",\n                    \"description\": \"This policy denies creation of MySql Flexible Server DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"BatchPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n                    \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MariaDbPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n                    \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MlPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Machine Learning\",\n                    \"description\": \"This policy denies creation of Azure Machine Learning with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"RedisCachePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Cache for Redis\",\n                    \"description\": \"This policy denies creation of Azure Cache for Redis with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"BotServicePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Bot Service\",\n                    \"description\": \"This policy denies creation of Bot Service with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AutomationPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Automation accounts\",\n                    \"description\": \"This policy denies creation of Automation accounts with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AppConfigPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Configuration\",\n                    \"description\": \"This policy denies creation of App Configuration with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"FunctionPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Function apps\",\n                    \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"FunctionAppSlotPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Function apps\",\n                    \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Service Environment apps\",\n                    \"description\": \"This policy denies creation of App Service Environment apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Service apps\",\n                    \"description\": \"This policy denies creation of App Service apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"ApiManPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for API Management services\",\n                    \"description\": \"This policy denies creation of API Management services with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"AuditIfNotExists\"\n            },\n            \"ContainerAppsEnvironmentDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Container Apps environment should disable public network access\",\n                    \"description\": \"This policy denies creation of Container Apps Environment with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsrVaultDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Azure Recovery Services vaults should disable public network access\",\n                    \"description\": \"This policy denies creation of Azure Recovery Services vaults with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"logicAppPublicNetworkAccessEffect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"appSlotsPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"cognitiveSearchPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"managedDiskPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmDisablePublicNetwork\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapsePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdWorkspacePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"grafanaPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/405c5871-3e91-4644-8a63-58e19d68ff5b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2982f36-99f2-4db5-8eff-283140c09693\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLFlexDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLFlexPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deny-PostgreSql-Public-Network-Access\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('postgreSqlPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLFlexDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLFlexPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MlDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/438c38d2-3772-465a-a9cc-7a6666a275ce\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MlPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisCacheDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/470baccb-7e51-4549-8b1a-3e5be069f663\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisCachePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BotServiceDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e8168db-69e3-4beb-9822-57cb59202a9d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BotServicePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AutomationDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/955a914f-bf86-4f0e-acd5-e0766b0efcb6\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AutomationPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppConfigDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3d9f5e4c-9947-4579-9539-2a7695fbc187\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppConfigPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/969ac98b-88a8-449f-883c-2e9adb123127\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionAppSlotsDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11c82d0c-db9f-4d7b-97c5-f3f9aa957da2\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppSlotPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AseDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d048aca-6479-4923-88f5-e2ac295d9af3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AsDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b5ef780-c53c-4a64-87f3-bb9c8c8094ba\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ApiManDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/df73bd95-24da-4a4f-96b9-4e8b94b402bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ApiManPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsEnvironmentDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d074ddf8-01a5-4b5e-a2b8-964aed452c0a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsEnvironmentDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/783ea2a8-b8fd-46be-896a-9ae79643a0b1\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AsrVaultDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9ebbbba3-4d65-4da9-bb67-b22cfaaff090\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsrVaultDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Public-Network-Access\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApp-Public-Network\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppPublicNetworkAccessEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/701a595d-38fb-4a66-ae6d-fb3735217622\",\n                \"policyDefinitionReferenceId\": \"Deny-AppSlots-Public\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appSlotsPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee980b6d-0eca-4501-8d54-f6290fd512c3\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8405fdab-1faf-48aa-b702-999c9c172094\",\n                \"policyDefinitionReferenceId\": \"Deny-ManagedDisk-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('managedDiskPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43bc7be6-5e69-4b0d-a2bb-e815557ca673\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1cf164be-6819-4a50-b8fa-4bcaa4f98fb6\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8f774be-6aee-492a-9e29-486ef81f3a68\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1adadefe-5f21-44f7-b931-a59b54ccdb45\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Topic-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0602787f-9896-402a-a6e1-39ee63ee435e\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/19ea9d63-adee-4431-a95e-1913c6c1c75f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PublicNetwork\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetwork')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cbd11fd3-3002-4907-b6c8-579f0e700e13\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDisablePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9dfea752-dd46-4766-aed1-c355fa93fb91\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Public-Endpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Public-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsPublicAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/38d8df46-cf4e-4073-8e03-48c24b29de0d\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapsePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ac3038-c07a-4b92-860d-29e270a4f3cd\",\n                \"policyDefinitionReferenceId\": \"Deny-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspacePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c25dcf31-878f-4eba-98eb-0818fdc6a334\",\n                \"policyDefinitionReferenceId\": \"Deny-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8775d5a-73b7-4977-a39b-833ef0114628\",\n                \"policyDefinitionReferenceId\": \"Deny-Grafana-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('grafanaPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#27": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. This policy set is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n    \"metadata\": {\n      \"deprecated\": true,\n      \"version\": \"2.2.0-deprecated\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsDestinationType\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AzureDiagnostics\",\n        \"allowedValues\": [\n          \"AzureDiagnostics\",\n          \"Dedicated\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Destination table for the Diagnostic Setting for API Management to Log Analytics workspace\",\n          \"description\": \"Destination table for the diagnostic setting for API Management to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsDestinationType\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AzureDiagnostics\",\n        \"allowedValues\": [\n          \"AzureDiagnostics\",\n          \"Dedicated\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Destination table for the Diagnostic Setting for Firewall to Log Analytics workspace\",\n          \"description\": \"Destination table for the diagnostic setting for Firewall to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Log Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Log Analytics to stream to a Log Analytics workspace when any Log Analytics workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category Audit enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AVDScalingPlansLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59759c62-9a22-4cdf-ae64-074495983fef\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountBlobServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountFileServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a70cc8-2bd4-47f1-90b6-1478e4662c96\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountQueueServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7bd000e3-37c7-4928-9f31-86c4b77c5c45\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountTableServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fb86bf3-d221-43d1-96d1-2434af34eaa0\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AVDScalingPlansLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"logAnalyticsDestinationType\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsDestinationType')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"logAnalyticsDestinationType\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsDestinationType')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#28": "{\n    \"name\": \"Deploy-MDFC-Config\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"[Deprecated]: Deploy Microsoft Defender for Cloud configuration\",\n        \"description\": \"Deploy Microsoft Defender for Cloud configuration. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html\",\n        \"metadata\": {\n            \"version\": \"7.0.0-deprecated\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"deprecated\": true,\n            \"supersededBy\": \"Deploy-MDFC-Config_20240319\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"emailSecurityContact\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Security contacts email address\",\n                    \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n                }\n            },\n            \"minimalSeverity\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"High\",\n                    \"Medium\",\n                    \"Low\"\n                ],\n                \"defaultValue\": \"High\",\n                \"metadata\": {\n                    \"displayName\": \"Minimal severity\",\n                    \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n                }\n            },\n            \"logAnalytics\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Primary Log Analytics workspace\",\n                    \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n                    \"strongType\": \"omsWorkspace\"\n                }\n            },\n            \"ascExportResourceGroupName\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n                }\n            },\n            \"ascExportResourceGroupLocation\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n                }\n            },\n            \"enableAscForCosmosDbs\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSql\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSqlOnVm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForDns\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForArm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForOssDb\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForAppServices\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForKeyVault\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForStorage\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForContainers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServersVulnerabilityAssessments\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"vulnerabilityAssessmentProvider\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"default\",\n                    \"mdeTvm\"\n                ],\n                \"defaultValue\": \"default\",\n                \"metadata\": {\n                    \"displayName\": \"Vulnerability assessment provider type\",\n                    \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n                }\n            },\n            \"enableAscForApis\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForCspm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForOssDb')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVM\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n                    },\n                    \"vaType\": {\n                        \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForAppServices')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForStorage')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforContainers\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    },\n                    \"logAnalyticsWorkspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForKeyVault')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForDns\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForDns')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForArm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForArm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSql')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForApis\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e54d2be9-5f2e-4d65-98e4-4f0e670b23d6\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForApis')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCspm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCspm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"securityEmailContact\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n                \"parameters\": {\n                    \"emailSecurityContact\": {\n                        \"value\": \"[[parameters('emailSecurityContact')]\"\n                    },\n                    \"minimalSeverity\": {\n                        \"value\": \"[[parameters('minimalSeverity')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ascExport\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n                \"parameters\": {\n                    \"resourceGroupName\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n                    },\n                    \"resourceGroupLocation\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n                    },\n                    \"workspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n                \"parameters\": {\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#29": "{\n    \"name\": \"Deploy-MDFC-Config_20240319\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n        \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Deploy-MDFC-Config\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"emailSecurityContact\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Security contacts email address\",\n                    \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n                }\n            },\n            \"minimalSeverity\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"High\",\n                    \"Medium\",\n                    \"Low\"\n                ],\n                \"defaultValue\": \"High\",\n                \"metadata\": {\n                    \"displayName\": \"Minimal severity\",\n                    \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n                }\n            },\n            \"logAnalytics\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Primary Log Analytics workspace\",\n                    \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n                    \"strongType\": \"omsWorkspace\"\n                }\n            },\n            \"ascExportResourceGroupName\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n                }\n            },\n            \"ascExportResourceGroupLocation\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n                }\n            },\n            \"enableAscForCosmosDbs\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSql\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSqlOnVm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForArm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForOssDb\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForAppServices\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForKeyVault\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForStorage\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForContainers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServersVulnerabilityAssessments\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"vulnerabilityAssessmentProvider\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"default\",\n                    \"mdeTvm\"\n                ],\n                \"defaultValue\": \"mdeTvm\",\n                \"metadata\": {\n                    \"displayName\": \"Vulnerability assessment provider type\",\n                    \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n                }\n            },\n            \"enableAscForCspm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForOssDb')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVM\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n                    },\n                    \"vaType\": {\n                        \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForAppServices')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForStorage')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforContainers\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    },\n                    \"logAnalyticsWorkspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForKeyVault')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForArm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForArm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSql')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCspm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCspm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"securityEmailContact\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n                \"parameters\": {\n                    \"emailSecurityContact\": {\n                        \"value\": \"[[parameters('emailSecurityContact')]\"\n                    },\n                    \"minimalSeverity\": {\n                        \"value\": \"[[parameters('minimalSeverity')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ascExport\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n                \"parameters\": {\n                    \"resourceGroupName\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n                    },\n                    \"resourceGroupLocation\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n                    },\n                    \"workspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n                \"parameters\": {\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#3": "{\n  \"name\": \"Deploy-Sql-Security_20240529\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy SQL Database built-in SQL security configuration\",\n    \"description\": \"Deploy auditing, Alert, TDE and SQL vulnerability to SQL Databases when it not exist in the deployment\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"SQL\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"replacesPolicy\": \"Deploy-Sql-Security\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"vulnerabilityAssessmentsEmail\": {\n        \"metadata\": {\n          \"description\": \"The email address to send alerts\",\n          \"displayName\": \"The email address to send alerts\"\n        },\n        \"type\": \"Array\"\n      },\n      \"vulnerabilityAssessmentsStorageID\": {\n        \"metadata\": {\n          \"description\": \"The storage account ID to store assessments\",\n          \"displayName\": \"The storage account ID to store assessments\"\n        },\n        \"type\": \"String\"\n      },\n      \"SqlDbTdeDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database Transparent Data Encryption \",\n          \"description\": \"Deploy the Transparent Data Encryption when it is not enabled in the deployment\"\n        }\n      },\n      \"SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database security Alert Policies configuration with email admin accounts\",\n          \"description\": \"Deploy the security Alert Policies configuration with email admin accounts when it not exist in current configuration\"\n        }\n      },\n      \"SqlDbAuditingSettingsDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL database auditing settings\",\n          \"description\": \"Deploy auditing settings to SQL Database when it not exist in the deployment\"\n        }\n      },\n      \"SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database vulnerability Assessments\",\n          \"description\": \"Deploy SQL Database vulnerability Assessments when it not exist in the deployment. To the specific  storage account in the parameters\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbTdeDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbTdeDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbSecurityAlertPoliciesDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbAuditingSettingsDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbAuditingSettingsDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbVulnerabilityAssessmentsDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments_20230706\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect')]\"\n          },\n          \"vulnerabilityAssessmentsEmail\": {\n            \"value\": \"[[parameters('vulnerabilityAssessmentsEmail')]\"\n          },\n          \"vulnerabilityAssessmentsStorageID\": {\n            \"value\": \"[[parameters('vulnerabilityAssessmentsStorageID')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#30": "{\n    \"name\": \"Enforce-Encryption-CMK\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n        \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n        \"metadata\": {\n            \"version\": \"3.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"ACRCmkEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"AksCmkEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n                    \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"WorkspaceCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n                    \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n                }\n            },\n            \"CognitiveServicesCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n                    \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n                }\n            },\n            \"CosmosCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n                }\n            },\n            \"DataBoxCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n                    \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n                }\n            },\n            \"StreamAnalyticsCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n                    \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n                }\n            },\n            \"SynapseWorkspaceCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n                }\n            },\n            \"StorageCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n                    \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n                }\n            },\n            \"MySQLCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n                }\n            },\n            \"PostgreSQLCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n                }\n            },\n            \"SqlServerTDECMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n                }\n            },\n            \"HealthcareAPIsCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"audit\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure API for FHIR should use a customer-managed key (CMK) to encrypt data at rest\",\n                    \"description\": \"Use a customer-managed key to control the encryption at rest of the data stored in Azure API for FHIR when this is a regulatory or compliance requirement. Customer-managed keys also deliver double encryption by adding a second layer of encryption on top of the default one done with service-managed keys.\"\n                }\n            },\n            \"AzureBatchCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n                    \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n                }\n            },\n            \"EncryptedVMDisksEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Disk encryption should be applied on virtual machines\",\n                    \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n                }\n            },\n            \"AutomationAccountCmkEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"BackupCmkEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveSearchCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"osAndDataDiskCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerInstanceCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubPremiumCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDenyCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedCmk\": {\n              \"type\": \"string\",\n              \"defaultValue\": \"Deny\",\n              \"allowedValues\": [\n                  \"Audit\",\n                  \"Deny\",\n                  \"Disabled\"\n              ]\n            },\n            \"storageTableCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsEncryptionCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageQueueCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ACRCmkEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AksCmkEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CosmosCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"HealthcareAPIsCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('HealthcareAPIsCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56a5ee18-2ae6-4810-86f7-18e39ce5629b\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AutomationAccountCmkEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2e94d99a-8a36-4563-bc77-810d8893b671\",\n                \"policyDefinitionReferenceId\": \"Deny-Backup-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BackupCmkEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/76a56461-9dc0-40f0-82f5-2453283afa2f\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/702dd420-7fcc-42c5-afe8-4026edd20fe0\",\n                \"policyDefinitionReferenceId\": \"Deny-OsAndDataDisk-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('osAndDataDiskCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0aa61e00-0a01-4a3c-9945-e93cffedf0e6\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerInstance-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerInstanceCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/81e74cea-30fd-40d5-802f-d72103c2aaaa\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec52d6d-beb7-40c4-9a9e-fe753254690e\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1ad735a-e96f-45d2-a7b2-9a4932cab7ec\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-Premium-CMK\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Premium-CMK\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubPremiumCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/295fc8b1-dc9f-4f53-9c61-3f313ceab40a\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDenyCmk')]\"\n                    }\n                }\n            },\n            {\n              \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac01ad65-10e5-46df-bdd9-6b0cad13e1d2\",\n              \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Cmk\",\n              \"groupNames\": [],\n              \"parameters\": {\n                  \"effect\": {\n                      \"value\": \"[[parameters('sqlManagedCmk')]\"\n                  }\n              }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c322315-e26d-4174-a99e-f49d351b4688\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Table-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageTableCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5ec538c-daa0-4006-8596-35468b9148e8\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Encryption-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsEncryptionCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e5abd0-2554-4736-b7c0-4ffef23475ef\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Queue-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageQueueCmk')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#31": "{\n    \"name\": \"Enforce-ACSB\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce Azure Compute Security Benchmark compliance auditing\",\n        \"description\": \"Enforce Azure Compute Security Benchmark compliance auditing for Windows and Linux virtual machines.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Guest Configuration\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"includeArcMachines\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"true\",\n                    \"false\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Include Arc connected servers\",\n                    \"description\": \"By selecting this option, you agree to be charged monthly per Arc connected machine.\"\n                },\n                \"defaultValue\": \"true\"\n            },\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"AuditIfNotExists\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"GcIdentity\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"GcLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"GcWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WinAcsb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/72650e9f-97bc-4b2a-ab5f-9781a9fcecbc\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"IncludeArcMachines\": {\n                        \"value\": \"[[parameters('includeArcMachines')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"LinAcsb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"IncludeArcMachines\": {\n                        \"value\": \"[[parameters('includeArcMachines')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#32": "{\n  \"name\": \"Deploy-MDFC-DefenderSQL-AMA\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Configure SQL VM and Arc-enabled SQL Servers to install Microsoft Defender for SQL and AMA with a user-defined LAW\",\n    \"description\": \"Initiative is deprecated as the built-in initiative now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/de01d381-bae9-4670-8870-786f89f49e26.html\",\n    \"metadata\": {\n      \"version\": \"1.0.1-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"de01d381-bae9-4670-8870-786f89f49e26\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      },\n      \"userWorkspaceResourceId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace Resource Id\",\n          \"description\": \"Workspace resource Id of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n        \"type\": \"Boolean\",\n        \"metadata\": {\n          \"displayName\": \"Enable collection of SQL queries for security research\",\n          \"description\": \"Enable or disable the collection of SQL queries for security research.\"\n        },\n        \"allowedValues\": [\n          true,\n          false\n        ],\n        \"defaultValue\": false\n      },\n      \"identityResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Identity Resource Group\",\n          \"description\": \"The name of the resource group created by the policy.\"\n        },\n        \"defaultValue\": \"\"\n      },\n      \"userAssignedIdentityName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"User Assigned Managed Identity Name\",\n          \"description\": \"The name of the user assigned managed identity.\"\n        },\n        \"defaultValue\": \"\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcAma\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3592ff98-9787-443a-af59-4505d0fe0786\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcMdsql\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65503269-6a54-4553-8a28-0065a8e6d929\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcMdsqlDcr\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-Arc-Sql-DefenderSQL-DCR\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"userWorkspaceResourceId\": {\n            \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n            \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcDcrAssociation\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-Arc-SQL-DCR-Association\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlAma\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-AMA\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"identityResourceGroup\": {\n            \"value\": \"[[parameters('identityResourceGroup')]\"\n          },\n          \"userAssignedIdentityName\": {\n            \"value\": \"[[parameters('userAssignedIdentityName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlMdsql\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-DefenderSQL\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlMdsqlDcr\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-DefenderSQL-DCR\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"Disabled\"\n          },\n          \"userWorkspaceResourceId\": {\n            \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n            \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
-    "$fxv#33": "{\n    \"name\": \"Enforce-Backup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce enhanced recovery and backup policies\",\n        \"description\": \"Enforce enhanced recovery and backup policies on assigned scopes.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Backup\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"version\": \"1.0.0\",\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"checkLockedImmutabilityOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"checkLockedImmutabilityOnly\",\n                    \"description\": \"This parameter checks if Immutability is locked for Backup Vaults in scope. Selecting 'true' will mark only vaults with Immutability 'Locked' as compliant. Selecting 'false' will mark vaults that have Immutability either 'Enabled' or 'Locked' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            },\n            \"checkAlwaysOnSoftDeleteOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"CheckAlwaysOnSoftDeleteOnly\",\n                    \"description\": \"This parameter checks if Soft Delete is 'Locked' for Backup Vaults in scope. Selecting 'true' will mark only vaults with Soft Delete 'AlwaysOn' as compliant. Selecting 'false' will mark vaults that have Soft Delete either 'On' or 'AlwaysOn' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2514263b-bc0d-4b06-ac3e-f262c0979018\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabiltyOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6f6f560-14b7-49a4-9fc8-d2c3a9807868\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabilityOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-SoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9798d31d-6028-4dee-8643-46102185c016\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkAlwaysOnSoftDeleteOnly\": {\n                        \"value\": \"[[parameters('checkAlwaysOnSoftDeleteOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-SoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/31b8092a-36b8-434b-9af7-5ec844364148\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkAlwaysOnSoftDeleteOnly\": {\n                        \"value\": \"[[parameters('checkAlwaysOnSoftDeleteOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-MUA\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c58e083e-7982-4e24-afdc-be14d312389e\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-MUA\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c7031eab-0fc0-4cd9-acd0-4497bd66d91a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#34": "{\n    \"name\": \"Enforce-ALZ-Decomm\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"Enforce policies in the Decommissioned Landing Zone\",\n      \"description\": \"Enforce policies in the Decommissioned Landing Zone.\",\n      \"metadata\": {\n        \"version\": \"1.0.0\",\n        \"category\": \"Decommissioned\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"alzCloudEnvironments\": [ \n          \"AzureCloud\"\n        ]\n      },\n      \"parameters\": {\n        \"listOfResourceTypesAllowed\":{\n          \"type\": \"Array\",\n          \"defaultValue\": [],\n          \"metadata\": {\n            \"displayName\": \"Allowed resource types in the Decommissioned landing zone\",\n            \"description\": \"Allowed resource types in the Decommissioned landing zone, default is none.\",\n            \"strongType\": \"resourceTypes\"\n          }\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"DecomDenyResources\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\n          \"parameters\": {\n            \"listOfResourceTypesAllowed\": {\n              \"value\": \"[[parameters('listOfResourceTypesAllowed')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n            \"policyDefinitionReferenceId\": \"DecomShutdownMachines\",\n            \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown\",\n            \"parameters\": {},\n            \"groupNames\": []\n          }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }\n  ",
+    "$fxv#30": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"2.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDatabricksPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDatabricksPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureHDInsightPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureHDInsightPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMigratePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMigratePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueuePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueuePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueueSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueueSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesKeyPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesKeyPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesLivePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesLivePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesStreamPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesStreamPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBotServicePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBotServicePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureManagedGrafanaWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureManagedGrafanaWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotDeviceupdatePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotDeviceupdatePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcGuestconfigurationPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcGuestconfigurationPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcHybridResourceProviderPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcHybridResourceProviderPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcKubernetesConfigurationPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcKubernetesConfigurationPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotCentralPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotCentralPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Databricks-UI-Api\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDatabricksPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"databricks_ui_api\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Databricks-Browser-AuthN\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDatabricksPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"browser_authentication\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Migrate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7590a335-57cf-4c95-babd-ecbc8fafeb1f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMigratePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Key\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesKeyPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"keydelivery\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Live\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesLivePrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"liveevent\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Stream\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesStreamPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"streamingendpoint\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Web\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-BotService\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a4e6f44-f2af-4082-9702-033c9e88b9f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBotServicePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ManagedGrafanaWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4c8537f8-cd1b-49ec-b704-18e82a42fd58\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureManagedGrafanaWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTDeviceupdate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a222b93a-e6c2-4c01-817f-21e092455b2a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotDeviceupdatePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Arc\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55c4db33-97b0-437b-8469-c4f4498f5df9\",\n        \"parameters\":{\n          \"privateDnsZoneIDForGuestConfiguration\": {\n            \"value\": \"[[parameters('azureArcGuestconfigurationPrivateDnsZoneId')]\"\n          },\n          \"privateDnsZoneIDForHybridResourceProvider\": {\n            \"value\": \"[[parameters('azureArcHybridResourceProviderPrivateDnsZoneId')]\"\n          },\n          \"privateDnsZoneIDForKubernetesConfiguration\": {\n            \"value\": \"[[parameters('azureArcKubernetesConfigurationPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTCentral\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d627d7c6-ded5-481a-8f2e-7e16b1e6faf6\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotCentralPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#31": "{\n    \"name\": \"Enforce-Encryption-CMK\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n        \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n        \"metadata\": {\n            \"version\": \"3.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"ACRCmkEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"AksCmkEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n                    \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"WorkspaceCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n                    \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n                }\n            },\n            \"CognitiveServicesCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n                    \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n                }\n            },\n            \"CosmosCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n                }\n            },\n            \"DataBoxCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n                    \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n                }\n            },\n            \"StreamAnalyticsCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n                    \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n                }\n            },\n            \"SynapseWorkspaceCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n                }\n            },\n            \"StorageCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n                    \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n                }\n            },\n            \"MySQLCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n                }\n            },\n            \"PostgreSQLCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n                }\n            },\n            \"SqlServerTDECMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n                }\n            },\n            \"HealthcareAPIsCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"audit\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure API for FHIR should use a customer-managed key (CMK) to encrypt data at rest\",\n                    \"description\": \"Use a customer-managed key to control the encryption at rest of the data stored in Azure API for FHIR when this is a regulatory or compliance requirement. Customer-managed keys also deliver double encryption by adding a second layer of encryption on top of the default one done with service-managed keys.\"\n                }\n            },\n            \"AzureBatchCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n                    \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n                }\n            },\n            \"EncryptedVMDisksEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Disk encryption should be applied on virtual machines\",\n                    \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n                }\n            },\n            \"AutomationAccountCmkEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"BackupCmkEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveSearchCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"osAndDataDiskCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerInstanceCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubPremiumCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDenyCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedCmk\": {\n              \"type\": \"string\",\n              \"defaultValue\": \"Deny\",\n              \"allowedValues\": [\n                  \"Audit\",\n                  \"Deny\",\n                  \"Disabled\"\n              ]\n            },\n            \"storageTableCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsEncryptionCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageQueueCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ACRCmkEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AksCmkEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CosmosCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"HealthcareAPIsCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('HealthcareAPIsCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56a5ee18-2ae6-4810-86f7-18e39ce5629b\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AutomationAccountCmkEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2e94d99a-8a36-4563-bc77-810d8893b671\",\n                \"policyDefinitionReferenceId\": \"Deny-Backup-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BackupCmkEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/76a56461-9dc0-40f0-82f5-2453283afa2f\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/702dd420-7fcc-42c5-afe8-4026edd20fe0\",\n                \"policyDefinitionReferenceId\": \"Deny-OsAndDataDisk-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('osAndDataDiskCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0aa61e00-0a01-4a3c-9945-e93cffedf0e6\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerInstance-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerInstanceCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/81e74cea-30fd-40d5-802f-d72103c2aaaa\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec52d6d-beb7-40c4-9a9e-fe753254690e\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1ad735a-e96f-45d2-a7b2-9a4932cab7ec\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-Premium-CMK\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Premium-CMK\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubPremiumCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/295fc8b1-dc9f-4f53-9c61-3f313ceab40a\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDenyCmk')]\"\n                    }\n                }\n            },\n            {\n              \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac01ad65-10e5-46df-bdd9-6b0cad13e1d2\",\n              \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Cmk\",\n              \"groupNames\": [],\n              \"parameters\": {\n                  \"effect\": {\n                      \"value\": \"[[parameters('sqlManagedCmk')]\"\n                  }\n              }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c322315-e26d-4174-a99e-f49d351b4688\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Table-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageTableCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5ec538c-daa0-4006-8596-35468b9148e8\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Encryption-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsEncryptionCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e5abd0-2554-4736-b7c0-4ffef23475ef\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Queue-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageQueueCmk')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#32": "{\n    \"name\": \"Enforce-ACSB\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce Azure Compute Security Benchmark compliance auditing\",\n        \"description\": \"Enforce Azure Compute Security Benchmark compliance auditing for Windows and Linux virtual machines.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Guest Configuration\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"includeArcMachines\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"true\",\n                    \"false\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Include Arc connected servers\",\n                    \"description\": \"By selecting this option, you agree to be charged monthly per Arc connected machine.\"\n                },\n                \"defaultValue\": \"true\"\n            },\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"AuditIfNotExists\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"GcIdentity\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"GcLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"GcWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WinAcsb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/72650e9f-97bc-4b2a-ab5f-9781a9fcecbc\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"IncludeArcMachines\": {\n                        \"value\": \"[[parameters('includeArcMachines')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"LinAcsb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"IncludeArcMachines\": {\n                        \"value\": \"[[parameters('includeArcMachines')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#33": "{\n  \"name\": \"Deploy-MDFC-DefenderSQL-AMA\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Configure SQL VM and Arc-enabled SQL Servers to install Microsoft Defender for SQL and AMA with a user-defined LAW\",\n    \"description\": \"Initiative is deprecated as the built-in initiative now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/de01d381-bae9-4670-8870-786f89f49e26.html\",\n    \"metadata\": {\n      \"version\": \"1.0.1-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"de01d381-bae9-4670-8870-786f89f49e26\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      },\n      \"userWorkspaceResourceId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace Resource Id\",\n          \"description\": \"Workspace resource Id of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n        \"type\": \"Boolean\",\n        \"metadata\": {\n          \"displayName\": \"Enable collection of SQL queries for security research\",\n          \"description\": \"Enable or disable the collection of SQL queries for security research.\"\n        },\n        \"allowedValues\": [\n          true,\n          false\n        ],\n        \"defaultValue\": false\n      },\n      \"identityResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Identity Resource Group\",\n          \"description\": \"The name of the resource group created by the policy.\"\n        },\n        \"defaultValue\": \"\"\n      },\n      \"userAssignedIdentityName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"User Assigned Managed Identity Name\",\n          \"description\": \"The name of the user assigned managed identity.\"\n        },\n        \"defaultValue\": \"\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcAma\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3592ff98-9787-443a-af59-4505d0fe0786\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcMdsql\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65503269-6a54-4553-8a28-0065a8e6d929\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcMdsqlDcr\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-Arc-Sql-DefenderSQL-DCR\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"userWorkspaceResourceId\": {\n            \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n            \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcDcrAssociation\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-Arc-SQL-DCR-Association\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlAma\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-AMA\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"identityResourceGroup\": {\n            \"value\": \"[[parameters('identityResourceGroup')]\"\n          },\n          \"userAssignedIdentityName\": {\n            \"value\": \"[[parameters('userAssignedIdentityName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlMdsql\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-DefenderSQL\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlMdsqlDcr\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-DefenderSQL-DCR\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"Disabled\"\n          },\n          \"userWorkspaceResourceId\": {\n            \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n            \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
+    "$fxv#34": "{\n    \"name\": \"Enforce-Backup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce enhanced recovery and backup policies\",\n        \"description\": \"Enforce enhanced recovery and backup policies on assigned scopes.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Backup\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"version\": \"1.0.0\",\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"checkLockedImmutabilityOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"checkLockedImmutabilityOnly\",\n                    \"description\": \"This parameter checks if Immutability is locked for Backup Vaults in scope. Selecting 'true' will mark only vaults with Immutability 'Locked' as compliant. Selecting 'false' will mark vaults that have Immutability either 'Enabled' or 'Locked' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            },\n            \"checkAlwaysOnSoftDeleteOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"CheckAlwaysOnSoftDeleteOnly\",\n                    \"description\": \"This parameter checks if Soft Delete is 'Locked' for Backup Vaults in scope. Selecting 'true' will mark only vaults with Soft Delete 'AlwaysOn' as compliant. Selecting 'false' will mark vaults that have Soft Delete either 'On' or 'AlwaysOn' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2514263b-bc0d-4b06-ac3e-f262c0979018\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabiltyOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6f6f560-14b7-49a4-9fc8-d2c3a9807868\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabilityOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-SoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9798d31d-6028-4dee-8643-46102185c016\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkAlwaysOnSoftDeleteOnly\": {\n                        \"value\": \"[[parameters('checkAlwaysOnSoftDeleteOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-SoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/31b8092a-36b8-434b-9af7-5ec844364148\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkAlwaysOnSoftDeleteOnly\": {\n                        \"value\": \"[[parameters('checkAlwaysOnSoftDeleteOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-MUA\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c58e083e-7982-4e24-afdc-be14d312389e\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-MUA\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c7031eab-0fc0-4cd9-acd0-4497bd66d91a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
     "$fxv#35": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\n                \"policyDefinitionReferenceId\": \"Dine-Storage-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
     "$fxv#36": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-Sup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce additional recommended guardrails for Key Vault\",\n        \"description\": \"This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"keyVaultManagedHsmDisablePublicNetworkModify\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultModifyFw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84d327c3-164a-4685-b453-900478614456\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetworkModify')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-Fw\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultModifyFw')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#37": "{\n    \"name\": \"Enforce-EncryptTransit\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n      \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_20240509.html\",\n      \"metadata\": {\n        \"version\": \"2.1.0-deprecated\",\n        \"category\": \"Encryption\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"deprecated\": true,\n        \"supersededBy\": \"Enforce-EncryptTransit_20240509\",\n        \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n        ]\n      },\n      \"parameters\": {\n        \"AppServiceHttpEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n            \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceTlsVersionEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n            \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n            \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n          }\n        },\n        \"APIAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"FunctionLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"FunctionServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"WebAppServiceLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"WebAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"AKSIngressHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n            \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"deny\",\n          \"allowedValues\": [\n            \"audit\",\n            \"deny\",\n            \"disabled\"\n          ]\n        },\n        \"MySQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"MySQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n            \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"MySQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"PostgreSQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"PostgreSQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n            \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"PostgreSQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"RedisTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"RedisMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n            \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n          }\n        },\n        \"RedisTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n            \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"SQLManagedInstanceTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLManagedInstanceMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n            \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n          }\n        },\n        \"SQLManagedInstanceTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"SQLServerTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLServerminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n            \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n          }\n        },\n        \"SQLServerTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"StorageDeployHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"StorageminimumTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_1\",\n            \"TLS1_0\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Storage Account select minimum TLS version\",\n            \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n          }\n        },\n        \"StorageHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"ContainerAppsHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n            \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Deny\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n            },\n            \"minTlsVersion\": {\n              \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }",
@@ -121,33 +121,34 @@
     "$fxv#47": "{\n  \"name\": \"Deploy-MDFC-Config-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#48": "{\n  \"name\": \"Enforce-Encryption-CMK-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"MySQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"PostgreSQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#49": "{\n  \"name\": \"Deploy-Private-DNS-Zones-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureHDInsightPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureHDInsightPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueuePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueuePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueueSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueueSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#5": "{\n    \"name\": \"DenyAction-DeleteProtection\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"DenyAction Delete - Activity Log Settings and Diagnostic Settings\",\n        \"description\": \"Enforces DenyAction - Delete on Activity Log Settings and Diagnostic Settings.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Monitoring\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {},\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-DiagnosticSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-ActivityLogSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#5": "{\n    \"name\": \"Enforce-ALZ-Decomm\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"Enforce policies in the Decommissioned Landing Zone\",\n      \"description\": \"Enforce policies in the Decommissioned Landing Zone.\",\n      \"metadata\": {\n        \"version\": \"1.0.0\",\n        \"category\": \"Decommissioned\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"alzCloudEnvironments\": [ \n          \"AzureCloud\",\n          \"AzureChinaCloud\"\n        ]\n      },\n      \"parameters\": {\n        \"listOfResourceTypesAllowed\":{\n          \"type\": \"Array\",\n          \"defaultValue\": [],\n          \"metadata\": {\n            \"displayName\": \"Allowed resource types in the Decommissioned landing zone\",\n            \"description\": \"Allowed resource types in the Decommissioned landing zone, default is none.\",\n            \"strongType\": \"resourceTypes\"\n          }\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"DecomDenyResources\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\n          \"parameters\": {\n            \"listOfResourceTypesAllowed\": {\n              \"value\": \"[[parameters('listOfResourceTypesAllowed')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n            \"policyDefinitionReferenceId\": \"DecomShutdownMachines\",\n            \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown\",\n            \"parameters\": {},\n            \"groupNames\": []\n          }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }\n  ",
     "$fxv#50": "{\n    \"name\": \"Enforce-Guardrails-Storage-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
     "$fxv#51": "{\n    \"name\": \"Enforce-EncryptTransit_20240509-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#52": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#53": "{\n    \"name\": \"Enforce-Guardrails-Automation-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#54": "{\n    \"name\": \"Enforce-Guardrails-MySQL-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#55": "{\n    \"name\": \"Enforce-Guardrails-Network-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#56": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#57": "{\n  \"name\": \"Deny-PublicPaaSEndpoints\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that  Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registires with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicEndpoint-MariaDB\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#58": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
-    "$fxv#59": "{\n  \"name\": \"Deploy-MDFC-Config\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForDns\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForArm\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForStorage\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForStorageAccounts\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c30959-af11-47b3-9ed2-a26e03f427a3\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForStorage')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForDns\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForDns')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForArm\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForArm')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#6": "{\n    \"name\": \"Deploy-AUM-CheckUpdates\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Configure periodic checking for missing system updates on azure virtual machines and Arc-enabled virtual machines\",\n        \"description\": \"Configure auto-assessment (every 24 hours) for OS updates. You can control the scope of assignment according to machine subscription, resource group, location or tag. Learn more about this for Windows: https://aka.ms/computevm-windowspatchassessmentmode, for Linux: https://aka.ms/computevm-linuxpatchassessmentmode.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"assessmentMode\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Assessment mode\",\n                    \"description\": \"Assessment mode for the machines.\"\n                },\n                \"allowedValues\": [\n                    \"ImageDefault\",\n                    \"AutomaticByPlatform\"\n                ],\n                \"defaultValue\": \"AutomaticByPlatform\"\n            },\n            \"locations\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Machines locations\",\n                    \"description\": \"The list of locations from which machines need to be targeted.\",\n                    \"strongType\": \"location\"\n                },\n                \"defaultValue\": []\n            },\n            \"tagValues\": {\n                \"type\": \"Object\",\n                \"metadata\": {\n                    \"displayName\": \"Tags on machines\",\n                    \"description\": \"The list of tags that need to matched for getting target machines.\"\n                },\n                \"defaultValue\": {}\n            },\n            \"tagOperator\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Tag operator\",\n                    \"description\": \"Matching condition for resource tags\"\n                },\n                \"allowedValues\": [\n                    \"All\",\n                    \"Any\"\n                ],\n                \"defaultValue\": \"Any\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmCheckUpdateWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Windows\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmCheckUpdateLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Linux\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmArcCheckUpdateWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfea026e-043f-4ff4-9d1b-bf301ca7ff46\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Windows\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmArcCheckUpdateLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfea026e-043f-4ff4-9d1b-bf301ca7ff46\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Linux\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#60": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
-    "$fxv#61": "{\n  \"name\": \"Enforce-Encryption-CMK\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#62": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\n                \"policyDefinitionReferenceId\": \"Dine-Storage-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#63": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-Sup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce additional recommended guardrails for Key Vault\",\n        \"description\": \"This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"keyVaultManagedHsmDisablePublicNetworkModify\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultModifyFw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84d327c3-164a-4685-b453-900478614456\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetworkModify')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-Fw\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultModifyFw')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#64": "{\n    \"name\": \"Enforce-EncryptTransit\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n      \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_20240509.html\",\n      \"metadata\": {\n        \"version\": \"2.1.0-deprecated\",\n        \"category\": \"Encryption\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"deprecated\": true,\n        \"supersededBy\": \"Enforce-EncryptTransit_20240509\",\n        \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n        ]\n      },\n      \"parameters\": {\n        \"AppServiceHttpEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n            \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceTlsVersionEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n            \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n            \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n          }\n        },\n        \"APIAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"FunctionLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"FunctionServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"WebAppServiceLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"WebAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"AKSIngressHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n            \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"deny\",\n          \"allowedValues\": [\n            \"audit\",\n            \"deny\",\n            \"disabled\"\n          ]\n        },\n        \"MySQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"MySQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n            \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"MySQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"PostgreSQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"PostgreSQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n            \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"PostgreSQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"RedisTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"RedisMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n            \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n          }\n        },\n        \"RedisTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n            \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"SQLManagedInstanceTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLManagedInstanceMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n            \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n          }\n        },\n        \"SQLManagedInstanceTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"SQLServerTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLServerminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n            \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n          }\n        },\n        \"SQLServerTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"StorageDeployHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"StorageminimumTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_1\",\n            \"TLS1_0\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Storage Account select minimum TLS version\",\n            \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n          }\n        },\n        \"StorageHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"ContainerAppsHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n            \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Deny\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n            },\n            \"minTlsVersion\": {\n              \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }",
-    "$fxv#65": "{\n    \"name\": \"Enforce-EncryptTransit_20240509\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"ContainerAppsHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n                    \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#66": "{\n    \"name\": \"Enforce-Guardrails-ContainerApps\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Apps\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerAppsManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsVnetInjection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b346db6-85af-419b-8557-92cee2c0f9bb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApp-Vnet-Injection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsVnetInjection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsManagedIdentity')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#67": "{\n    \"name\": \"Enforce-Guardrails-KeyVault\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultManagedHsmCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsPurgeProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86810a98-8e91-4a44-8386-ec66d0de5d57\",\n                \"policyDefinitionReferenceId\": \"Deny-keyVaultManagedHsm-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PurgeProtection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsPurgeProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#68": "{\n    \"name\": \"Enforce-Guardrails-Automation\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"autoHotPatch\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d02d2f7-e38b-4bdc-96f3-adc0a8726abc\",\n                \"policyDefinitionReferenceId\": \"Deny-Windows-Vm-HotPatch\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('autoHotPatch')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#69": "{\n    \"name\": \"Enforce-Guardrails-MySQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlInfraEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#7": "{\n    \"name\": \"Enforce-Guardrails-APIM\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for API Management\",\n        \"description\": \"This policy initiative is a group of policies that ensures API Management is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"API Management\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"apiSubscriptionScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"minimumApiVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimSkuVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimApiBackendCertValidation\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimDirectApiEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimCallApiAuthn\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimEncryptedProtocols\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimVnetUsage\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimSecrets\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f1cc7827-022c-473e-836e-5a51cae0b249\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-without-Kv\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimSecrets')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ef619a2c-cc4d-4d03-b2ba-8c94a834d85b\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-without-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimVnetUsage')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-APIM-TLS\",\n                \"policyDefinitionReferenceId\": \"Deny-APIM-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee7495e7-3ba7-40b6-bfee-c29e22cc75d4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Protocols\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimEncryptedProtocols')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c15dcc82-b93c-4dcb-9332-fbf121685b54\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Authn\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimCallApiAuthn')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b741306c-968e-4b67-b916-5675e5c709f4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Direct-Endpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimDirectApiEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92bb331d-ac71-416a-8c91-02f2cb734ce4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Cert-Validation\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimApiBackendCertValidation')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ca8c8ac-3a6e-493d-99ba-c5fa35347ff2\",\n                \"policyDefinitionReferenceId\": \"Dine-Apim-Public-NetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimDisablePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/73ef9241-5d81-4cd4-b483-8443d1730fe5\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Sku-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimSkuVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/549814b6-3212-4203-bdc8-1548d342fb67\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('minimumApiVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3aa03346-d8c5-4994-a5bc-7652c2a2aef1\",\n                \"policyDefinitionReferenceId\": \"Deny-Api-subscription-scope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apiSubscriptionScope')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#70": "{\n    \"name\": \"Enforce-Guardrails-Network\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableIDPS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafAfdEnabled\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Afd-Enabled\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafAfdEnabled')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-IDPS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableIDPS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#71": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbAtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656\",\n                \"policyDefinitionReferenceId\": \"Dine-CosmosDb-Atp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbAtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#8": "{\n    \"name\": \"Enforce-Guardrails-AppServices\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for App Service\",\n        \"description\": \"This policy initiative is a group of policies that ensures App Service is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"App Service\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"functionAppDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceSkuPl\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceDisableLocalAuthFtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceRouting\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceScmAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceRfc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsRfc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsVnetRouting\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceEnvLatestVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsRemoteDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsRemoteDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceByoc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsModifyHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppService-without-BYOC\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Byoc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceByoc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a5e3fe8f-f6cd-4f1d-bbf6-c749754a724b\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Remote-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsRemoteDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cca5adfe-626b-4cc6-8522-f5b6ed2391bd\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Remote-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsRemoteDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eb4d34ab-0929-491c-bbf3-61e13da19f9a\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Latest-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceEnvLatestVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/801543d1-1953-4a90-b8b0-8cf6d41473a5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Vnet-Routing\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsVnetRouting')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f5c0bfb3-acea-47b1-b477-b0edcdf6edc1\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Rfc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceRfc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a691eacb-474d-47e4-b287-b4813ca44222\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServiceApps-Rfc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsRfc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/70adbb40-e092-42d5-a6f8-71c540a5efdb\",\n                \"policyDefinitionReferenceId\": \"DINE-FuncApp-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e97b776-f380-4722-a9a3-e7f0be029e79\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-ScmAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceScmAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5747353b-1ca9-42c1-a4dd-b874b894f3d4\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-Routing\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceRouting')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/572e342c-c920-4ef5-be2e-1ed3c6a51dc5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-FtpAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceDisableLocalAuthFtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/546fe8d2-368d-4029-a418-6af48a7f61e5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-SkuPl\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceSkuPl')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2c034a29-2a5f-4857-b120-f800fe5549ae\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceDisableLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a5046c-c423-4805-9235-e844ae9ef49b\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08cf2974-d178-48a0-b26d-f6b8e555748b\",\n                \"policyDefinitionReferenceId\": \"Modify-Function-Apps-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsModifyHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0f98368e-36bc-4716-8ac2-8f8067203b63\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/242222f3-4985-4e99-b5ef-086d6a6cb01c\",\n                \"policyDefinitionReferenceId\": \"Modify-Function-Apps-Slots-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2374605e-3e0b-492b-9046-229af202562c\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-Apps-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c6c3e00e-d414-4ca4-914f-406699bb8eee\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-App-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#9": "{\n    \"name\": \"Enforce-Guardrails-CognitiveServices\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cognitive Services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cognitive Services is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cognitiveSearchSku\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveSearchLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyCognitiveSearchLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyCognitiveSearchPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a049bf77-880b-470f-ba6d-9f21c530cf83\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-SKU\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchSku')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6300012e-e9a4-4649-b41f-a85f5c43be91\",\n                \"policyDefinitionReferenceId\": \"Deny-CongitiveSearch-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4eb216f2-9dba-4979-86e6-5d7e63ce3b75\",\n                \"policyDefinitionReferenceId\": \"Modify-CogntiveSearch-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyCognitiveSearchLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9cee519f-d9c1-4fd9-9f79-24ec3449ed30\",\n                \"policyDefinitionReferenceId\": \"Modify-CogntiveSearch-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyCognitiveSearchPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47ba1dd7-28d9-4b07-a8d5-9813bed64e0c\",\n                \"policyDefinitionReferenceId\": \"Modify-Cognitive-Services-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#52": "{\n    \"name\": \"Enforce-Backup-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce enhanced recovery and backup policies\",\n        \"description\": \"Enforce enhanced recovery and backup policies on assigned scopes.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Backup\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"version\": \"1.0.0\",\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"checkLockedImmutabilityOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"checkLockedImmutabilityOnly\",\n                    \"description\": \"This parameter checks if Immutability is locked for Backup Vaults in scope. Selecting 'true' will mark only vaults with Immutability 'Locked' as compliant. Selecting 'false' will mark vaults that have Immutability either 'Enabled' or 'Locked' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2514263b-bc0d-4b06-ac3e-f262c0979018\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabiltyOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6f6f560-14b7-49a4-9fc8-d2c3a9807868\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabilityOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#53": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#54": "{\n    \"name\": \"Enforce-Guardrails-Automation-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#55": "{\n    \"name\": \"Enforce-Guardrails-MySQL-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#56": "{\n    \"name\": \"Enforce-Guardrails-Network-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#57": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#58": "{\n  \"name\": \"Deny-PublicPaaSEndpoints\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that  Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registires with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicEndpoint-MariaDB\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#59": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
+    "$fxv#6": "{\n    \"name\": \"DenyAction-DeleteProtection\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"DenyAction Delete - Activity Log Settings and Diagnostic Settings\",\n        \"description\": \"Enforces DenyAction - Delete on Activity Log Settings and Diagnostic Settings.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Monitoring\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {},\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-DiagnosticSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-ActivityLogSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#60": "{\n  \"name\": \"Deploy-MDFC-Config\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForDns\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForArm\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForStorage\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForStorageAccounts\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c30959-af11-47b3-9ed2-a26e03f427a3\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForStorage')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForDns\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForDns')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForArm\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForArm')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#61": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
+    "$fxv#62": "{\n  \"name\": \"Enforce-Encryption-CMK\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#63": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\n                \"policyDefinitionReferenceId\": \"Dine-Storage-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#64": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-Sup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce additional recommended guardrails for Key Vault\",\n        \"description\": \"This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"keyVaultManagedHsmDisablePublicNetworkModify\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultModifyFw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84d327c3-164a-4685-b453-900478614456\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetworkModify')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-Fw\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultModifyFw')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#65": "{\n    \"name\": \"Enforce-EncryptTransit\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n      \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_20240509.html\",\n      \"metadata\": {\n        \"version\": \"2.1.0-deprecated\",\n        \"category\": \"Encryption\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"deprecated\": true,\n        \"supersededBy\": \"Enforce-EncryptTransit_20240509\",\n        \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n        ]\n      },\n      \"parameters\": {\n        \"AppServiceHttpEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n            \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceTlsVersionEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n            \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n            \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n          }\n        },\n        \"APIAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"FunctionLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"FunctionServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"WebAppServiceLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"WebAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"AKSIngressHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n            \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"deny\",\n          \"allowedValues\": [\n            \"audit\",\n            \"deny\",\n            \"disabled\"\n          ]\n        },\n        \"MySQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"MySQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n            \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"MySQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"PostgreSQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"PostgreSQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n            \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"PostgreSQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"RedisTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"RedisMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n            \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n          }\n        },\n        \"RedisTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n            \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"SQLManagedInstanceTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLManagedInstanceMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n            \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n          }\n        },\n        \"SQLManagedInstanceTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"SQLServerTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLServerminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n            \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n          }\n        },\n        \"SQLServerTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"StorageDeployHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"StorageminimumTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_1\",\n            \"TLS1_0\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Storage Account select minimum TLS version\",\n            \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n          }\n        },\n        \"StorageHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"ContainerAppsHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n            \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Deny\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n            },\n            \"minTlsVersion\": {\n              \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }",
+    "$fxv#66": "{\n    \"name\": \"Enforce-EncryptTransit_20240509\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"ContainerAppsHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n                    \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#67": "{\n    \"name\": \"Enforce-Guardrails-ContainerApps\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Apps\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerAppsManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsVnetInjection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b346db6-85af-419b-8557-92cee2c0f9bb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApp-Vnet-Injection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsVnetInjection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsManagedIdentity')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#68": "{\n    \"name\": \"Enforce-Guardrails-KeyVault\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultManagedHsmCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsPurgeProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86810a98-8e91-4a44-8386-ec66d0de5d57\",\n                \"policyDefinitionReferenceId\": \"Deny-keyVaultManagedHsm-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PurgeProtection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsPurgeProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#69": "{\n    \"name\": \"Enforce-Guardrails-Automation\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"autoHotPatch\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d02d2f7-e38b-4bdc-96f3-adc0a8726abc\",\n                \"policyDefinitionReferenceId\": \"Deny-Windows-Vm-HotPatch\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('autoHotPatch')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#7": "{\n    \"name\": \"Deploy-AUM-CheckUpdates\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Configure periodic checking for missing system updates on azure virtual machines and Arc-enabled virtual machines\",\n        \"description\": \"Configure auto-assessment (every 24 hours) for OS updates. You can control the scope of assignment according to machine subscription, resource group, location or tag. Learn more about this for Windows: https://aka.ms/computevm-windowspatchassessmentmode, for Linux: https://aka.ms/computevm-linuxpatchassessmentmode.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"assessmentMode\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Assessment mode\",\n                    \"description\": \"Assessment mode for the machines.\"\n                },\n                \"allowedValues\": [\n                    \"ImageDefault\",\n                    \"AutomaticByPlatform\"\n                ],\n                \"defaultValue\": \"AutomaticByPlatform\"\n            },\n            \"locations\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Machines locations\",\n                    \"description\": \"The list of locations from which machines need to be targeted.\",\n                    \"strongType\": \"location\"\n                },\n                \"defaultValue\": []\n            },\n            \"tagValues\": {\n                \"type\": \"Object\",\n                \"metadata\": {\n                    \"displayName\": \"Tags on machines\",\n                    \"description\": \"The list of tags that need to matched for getting target machines.\"\n                },\n                \"defaultValue\": {}\n            },\n            \"tagOperator\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Tag operator\",\n                    \"description\": \"Matching condition for resource tags\"\n                },\n                \"allowedValues\": [\n                    \"All\",\n                    \"Any\"\n                ],\n                \"defaultValue\": \"Any\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmCheckUpdateWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Windows\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmCheckUpdateLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Linux\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmArcCheckUpdateWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfea026e-043f-4ff4-9d1b-bf301ca7ff46\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Windows\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmArcCheckUpdateLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfea026e-043f-4ff4-9d1b-bf301ca7ff46\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Linux\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#70": "{\n    \"name\": \"Enforce-Guardrails-MySQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlInfraEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#71": "{\n    \"name\": \"Enforce-Guardrails-Network\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableIDPS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafAfdEnabled\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Afd-Enabled\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafAfdEnabled')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-IDPS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableIDPS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#72": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbAtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656\",\n                \"policyDefinitionReferenceId\": \"Dine-CosmosDb-Atp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbAtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#8": "{\n    \"name\": \"Enforce-Guardrails-APIM\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for API Management\",\n        \"description\": \"This policy initiative is a group of policies that ensures API Management is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"API Management\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"apiSubscriptionScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"minimumApiVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimSkuVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimApiBackendCertValidation\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimDirectApiEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimCallApiAuthn\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimEncryptedProtocols\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimVnetUsage\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimSecrets\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f1cc7827-022c-473e-836e-5a51cae0b249\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-without-Kv\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimSecrets')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ef619a2c-cc4d-4d03-b2ba-8c94a834d85b\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-without-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimVnetUsage')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-APIM-TLS\",\n                \"policyDefinitionReferenceId\": \"Deny-APIM-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee7495e7-3ba7-40b6-bfee-c29e22cc75d4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Protocols\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimEncryptedProtocols')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c15dcc82-b93c-4dcb-9332-fbf121685b54\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Authn\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimCallApiAuthn')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b741306c-968e-4b67-b916-5675e5c709f4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Direct-Endpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimDirectApiEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92bb331d-ac71-416a-8c91-02f2cb734ce4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Cert-Validation\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimApiBackendCertValidation')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ca8c8ac-3a6e-493d-99ba-c5fa35347ff2\",\n                \"policyDefinitionReferenceId\": \"Dine-Apim-Public-NetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimDisablePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/73ef9241-5d81-4cd4-b483-8443d1730fe5\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Sku-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimSkuVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/549814b6-3212-4203-bdc8-1548d342fb67\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('minimumApiVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3aa03346-d8c5-4994-a5bc-7652c2a2aef1\",\n                \"policyDefinitionReferenceId\": \"Deny-Api-subscription-scope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apiSubscriptionScope')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#9": "{\n    \"name\": \"Enforce-Guardrails-AppServices\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for App Service\",\n        \"description\": \"This policy initiative is a group of policies that ensures App Service is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"App Service\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"functionAppDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceSkuPl\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceDisableLocalAuthFtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceRouting\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceScmAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceRfc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsRfc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsVnetRouting\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceEnvLatestVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsRemoteDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsRemoteDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceByoc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsModifyHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppService-without-BYOC\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Byoc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceByoc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a5e3fe8f-f6cd-4f1d-bbf6-c749754a724b\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Remote-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsRemoteDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cca5adfe-626b-4cc6-8522-f5b6ed2391bd\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Remote-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsRemoteDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eb4d34ab-0929-491c-bbf3-61e13da19f9a\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Latest-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceEnvLatestVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/801543d1-1953-4a90-b8b0-8cf6d41473a5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Vnet-Routing\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsVnetRouting')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f5c0bfb3-acea-47b1-b477-b0edcdf6edc1\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Rfc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceRfc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a691eacb-474d-47e4-b287-b4813ca44222\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServiceApps-Rfc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsRfc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/70adbb40-e092-42d5-a6f8-71c540a5efdb\",\n                \"policyDefinitionReferenceId\": \"DINE-FuncApp-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e97b776-f380-4722-a9a3-e7f0be029e79\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-ScmAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceScmAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5747353b-1ca9-42c1-a4dd-b874b894f3d4\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-Routing\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceRouting')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/572e342c-c920-4ef5-be2e-1ed3c6a51dc5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-FtpAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceDisableLocalAuthFtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/546fe8d2-368d-4029-a418-6af48a7f61e5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-SkuPl\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceSkuPl')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2c034a29-2a5f-4857-b120-f800fe5549ae\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceDisableLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a5046c-c423-4805-9235-e844ae9ef49b\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08cf2974-d178-48a0-b26d-f6b8e555748b\",\n                \"policyDefinitionReferenceId\": \"Modify-Function-Apps-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsModifyHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0f98368e-36bc-4716-8ac2-8f8067203b63\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/242222f3-4985-4e99-b5ef-086d6a6cb01c\",\n                \"policyDefinitionReferenceId\": \"Modify-Function-Apps-Slots-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2374605e-3e0b-492b-9046-229af202562c\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-Apps-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c6c3e00e-d414-4ca4-914f-406699bb8eee\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-App-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "cloudEnv": "[environment().name]",
     "defaultDeploymentLocationByCloudType": {
       "AzureCloud": "northeurope",
@@ -185,10 +186,10 @@
         "[variables('$fxv#21')]",
         "[variables('$fxv#22')]",
         "[variables('$fxv#23')]",
-        "[variables('$fxv#24')]"
+        "[variables('$fxv#24')]",
+        "[variables('$fxv#25')]"
       ],
       "AzureCloud": [
-        "[variables('$fxv#25')]",
         "[variables('$fxv#26')]",
         "[variables('$fxv#27')]",
         "[variables('$fxv#28')]",
@@ -221,10 +222,10 @@
         "[variables('$fxv#53')]",
         "[variables('$fxv#54')]",
         "[variables('$fxv#55')]",
-        "[variables('$fxv#56')]"
+        "[variables('$fxv#56')]",
+        "[variables('$fxv#57')]"
       ],
       "AzureUSGovernment": [
-        "[variables('$fxv#57')]",
         "[variables('$fxv#58')]",
         "[variables('$fxv#59')]",
         "[variables('$fxv#60')]",
@@ -238,7 +239,8 @@
         "[variables('$fxv#68')]",
         "[variables('$fxv#69')]",
         "[variables('$fxv#70')]",
-        "[variables('$fxv#71')]"
+        "[variables('$fxv#71')]",
+        "[variables('$fxv#72')]"
       ]
     },
     "policySetDefinitionsByCloudType": {
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json
index da13144022..fc9d50ca61 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json
@@ -12,7 +12,8 @@
         "category": "Decommissioned",
         "source": "https://github.com/Azure/Enterprise-Scale/",
         "alzCloudEnvironments": [ 
-          "AzureCloud"
+          "AzureCloud",
+          "AzureChinaCloud"
         ]
       },
       "parameters": {
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Backup.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Backup.AzureChinaCloud.json
new file mode 100644
index 0000000000..81a7305a7a
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Backup.AzureChinaCloud.json
@@ -0,0 +1,75 @@
+{
+    "name": "Enforce-Backup-AzureChinaCloud",
+    "type": "Microsoft.Authorization/policySetDefinitions",
+    "apiVersion": "2021-06-01",
+    "scope": null,
+    "properties": {
+        "policyType": "Custom",
+        "displayName": "Enforce enhanced recovery and backup policies",
+        "description": "Enforce enhanced recovery and backup policies on assigned scopes.",
+        "metadata": {
+            "version": "1.0.0",
+            "category": "Backup",
+            "source": "https://github.com/Azure/Enterprise-Scale/",
+            "alzCloudEnvironments": [
+                "AzureChinaCloud"
+            ]
+        },
+        "version": "1.0.0",
+        "parameters": {
+            "effect": {
+                "type": "String",
+                "metadata": {
+                    "displayName": "Effect",
+                    "description": "Enable or disable the execution of the policy."
+                },
+                "allowedValues": [
+                    "Audit",
+                    "Disabled"
+                ],
+                "defaultValue": "Audit"
+            },
+            "checkLockedImmutabilityOnly": {
+                "type": "Boolean",
+                "metadata": {
+                    "displayName": "checkLockedImmutabilityOnly",
+                    "description": "This parameter checks if Immutability is locked for Backup Vaults in scope. Selecting 'true' will mark only vaults with Immutability 'Locked' as compliant. Selecting 'false' will mark vaults that have Immutability either 'Enabled' or 'Locked' as compliant."
+                },
+                "allowedValues": [
+                    true,
+                    false
+                ],
+                "defaultValue": false
+            }
+        },
+        "policyDefinitions": [
+            {
+                "policyDefinitionReferenceId": "BackupBVault-Immutability",
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2514263b-bc0d-4b06-ac3e-f262c0979018",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('effect')]"
+                    },
+                    "checkLockedImmutabiltyOnly": {
+                        "value": "[[parameters('checkLockedImmutabilityOnly')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "BackupRVault-Immutability",
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d6f6f560-14b7-49a4-9fc8-d2c3a9807868",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('effect')]"
+                    },
+                    "checkLockedImmutabilityOnly": {
+                        "value": "[[parameters('checkLockedImmutabilityOnly')]"
+                    }
+                },
+                "groupNames": []
+            }
+        ],
+        "policyDefinitionGroups": null
+    }
+}
diff --git a/src/templates/initiatives.bicep b/src/templates/initiatives.bicep
index 11db6a9345..2572f21794 100644
--- a/src/templates/initiatives.bicep
+++ b/src/templates/initiatives.bicep
@@ -38,6 +38,7 @@ var loadPolicySetDefinitions = {
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Sql-Security.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Sql-Security_20240529.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Sandbox.json')
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json') 
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/DenyAction-DeleteProtection.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-AUM-CheckUpdates.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-APIM.json') // FSI specific initiative
@@ -69,7 +70,6 @@ var loadPolicySetDefinitions = {
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-ACSB.json') // Unable to validate if Guest Configuration is working in other clouds
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-DefenderSQL-AMA.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Backup.json') // Unable to validate if all Azure Site Recovery features are working in other clouds
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json') // Not working in AzureChinaCloud, needs validating in AzureUSGovernment
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit.json') // Not working in AzureChinaCloud, needs validating in AzureUSGovernment
@@ -91,6 +91,7 @@ var loadPolicySetDefinitions = {
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (361c2074-3595-4e5d-8cab-4f21dffc835c)
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (0e80e269-43a4-4ae9-b5bc-178126b8a5cb)
     //loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (8b346db6-85af-419b-8557-92cee2c0f9bb, b874ab2d-72dd-47f1-8cb5-4a306478a4e7)
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Backup.AzureChinaCloud.json') // Unable to validate if all Azure Site Recovery features are working in other clouds
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (86810a98-8e91-4a44-8386-ec66d0de5d57)
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (6d02d2f7-e38b-4bdc-96f3-adc0a8726abc)
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (3a58212a-c829-4f13-9872-6371df2fd0b4)

From d9af1bddc8583cbc1bf092131cb4952fe533ee5a Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Fri, 16 Aug 2024 15:12:32 +0800
Subject: [PATCH 25/43] Fix policy for VM auto shutdown

---
 .../policyDefinitions/Deploy-Vm-autoShutdown.json              | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json b/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json
index bcb614327a..7cd48db4a6 100644
--- a/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json
+++ b/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json
@@ -13,7 +13,8 @@
             "category": "Compute",
             "source": "https://github.com/Azure/Enterprise-Scale/",
             "alzCloudEnvironments": [
-                "AzureCloud"
+                "AzureCloud",
+                "AzureChinaCloud"
             ]
         },
         "parameters": {

From 2a0645a91f0706dfa5ea8192489197bb498ab1af Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Fri, 16 Aug 2024 15:30:40 +0800
Subject: [PATCH 26/43] Fix VM Auto shutdown policy for China

---
 .../policyDefinitions/policies.json           | 38 +++++++++----------
 src/templates/policies.bicep                  |  2 +-
 2 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/policies.json b/eslzArm/managementGroupTemplates/policyDefinitions/policies.json
index 7a59b8f429..9eaafe1a97 100644
--- a/eslzArm/managementGroupTemplates/policyDefinitions/policies.json
+++ b/eslzArm/managementGroupTemplates/policyDefinitions/policies.json
@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.22.6.54827",
-      "templateHash": "502091197892104134"
+      "templateHash": "17371257750285966070"
     }
   },
   "parameters": {
@@ -125,23 +125,23 @@
     "$fxv#14": "{\n  \"name\": \"Deny-PostgreSql-http\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"PostgreSQL database servers enforce SSL connection.\",\n    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"SQL\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Deny\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"minimalTlsVersion\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"TLS1_2\",\n        \"allowedValues\": [\n          \"TLS1_2\",\n          \"TLS1_0\",\n          \"TLS1_1\",\n          \"TLSEnforcementDisabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Select version minimum TLS for PostgreSQL server\",\n          \"description\": \"Select version  minimum TLS version Azure Database for PostgreSQL server to enforce\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.DBforPostgreSQL/servers\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.DBforPostgreSQL/servers/sslEnforcement\",\n                \"exists\": \"false\"\n              },\n              {\n                \"field\": \"Microsoft.DBforPostgreSQL/servers/sslEnforcement\",\n                \"notEquals\": \"Enabled\"\n              },\n              {\n                \"field\": \"Microsoft.DBforPostgreSQL/servers/minimalTlsVersion\",\n                \"notequals\": \"[[parameters('minimalTlsVersion')]\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
     "$fxv#140": "{\n    \"name\": \"Deploy-Private-DNS-Generic\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Deploy-Private-DNS-Generic\",\n        \"description\": \"Configure private DNS zone group to override the DNS resolution for PaaS services private endpoint. See https://aka.ms/pepdnszones for information on values to provide to parameters in this policy.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Networking\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n        \t\"AzureChinaCloud\",\n       \t\t\"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\"\n            },\n            \"privateDnsZoneId\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Private DNS Zone ID for Paas services\",\n                    \"description\": \"The private DNS zone name required for specific Paas Services to resolve a private DNS Zone.\",\n                    \"strongType\": \"Microsoft.Network/privateDnsZones\",\n                    \"assignPermissions\": true\n                }\n            },\n            \"resourceType\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"PaaS private endpoint resource type\",\n                    \"description\": \"The PaaS endpoint resource type.\"\n                }\n            },\n            \"groupId\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"PaaS Private endpoint group ID (subresource)\",\n                    \"description\": \"The group ID of the PaaS private endpoint. Also referred to as subresource.\"\n                }\n            },\n            \"evaluationDelay\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Evaluation Delay\",\n                    \"description\": \"The delay in evaluation of the policy. Review delay options at https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effect-deploy-if-not-exists\"\n                },\n                \"defaultValue\": \"PT10M\"\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/privateEndpoints\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*]\",\n                            \"where\": {\n                                \"allOf\": [\n                                    {\n                                        \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId\",\n                                        \"contains\": \"[[parameters('resourceType')]\"\n                                    },\n                                    {\n                                        \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\n                                        \"equals\": \"[[parameters('groupId')]\"\n                                    }\n                                ]\n                            }\n                        },\n                        \"greaterOrEquals\": 1\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\",\n                \"details\": {\n                    \"type\": \"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\n                    \"evaluationDelay\": \"[[parameters('evaluationDelay')]\",\n                    \"roleDefinitionIds\": [\n                        \"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\n                    ],\n                    \"deployment\": {\n                        \"properties\": {\n                            \"mode\": \"incremental\",\n                            \"template\": {\n                                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                                \"contentVersion\": \"1.0.0.0\",\n                                \"parameters\": {\n                                    \"privateDnsZoneId\": {\n                                        \"type\": \"string\"\n                                    },\n                                    \"privateEndpointName\": {\n                                        \"type\": \"string\"\n                                    },\n                                    \"location\": {\n                                        \"type\": \"string\"\n                                    }\n                                },\n                                \"resources\": [\n                                    {\n                                        \"name\": \"[[concat(parameters('privateEndpointName'), '/deployedByPolicy')]\",\n                                        \"type\": \"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\n                                        \"apiVersion\": \"2020-03-01\",\n                                        \"location\": \"[[parameters('location')]\",\n                                        \"properties\": {\n                                            \"privateDnsZoneConfigs\": [\n                                                {\n                                                    \"name\": \"PaaS-Service-Private-DNS-Zone-Config\",\n                                                    \"properties\": {\n                                                        \"privateDnsZoneId\": \"[[parameters('privateDnsZoneId')]\"\n                                                    }\n                                                }\n                                            ]\n                                        }\n                                    }\n                                ]\n                            },\n                            \"parameters\": {\n                                \"privateDnsZoneId\": {\n                                    \"value\": \"[[parameters('privateDnsZoneId')]\"\n                                },\n                                \"privateEndpointName\": {\n                                    \"value\": \"[[field('name')]\"\n                                },\n                                \"location\": {\n                                    \"value\": \"[[field('location')]\"\n                                }\n                            }\n                        }\n                    }\n                }\n            }\n        }\n    }\n}\n",
     "$fxv#141": "{\n  \"name\": \"DenyAction-DeleteResources\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"All\",\n    \"displayName\": \"Do not allow deletion of specified resource and resource type\",\n    \"description\": \"This policy enables you to specify the resource and resource type that your organization can protect from accidentals deletion by blocking delete calls using the deny action effect.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"General\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"resourceName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Name\",\n          \"description\": \"Provide the name of the resource that you want to protect from accidental deletion.\"\n        }\n      },\n      \"resourceType\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Type\",\n          \"description\": \"Provide the resource type that you want to protect from accidental deletion.\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DenyAction\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DenyAction\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"[[parameters('resourceType')]\"\n          },\n          {\n            \"field\": \"name\",\n            \"like\": \"[[parameters('resourceName')]\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"actionNames\": [\n            \"delete\"\n          ]\n        }\n      }\n    }\n  }\n}\n",
-    "$fxv#142": "{\n  \"name\": \"Audit-MachineLearning-PrivateEndpointId\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Control private endpoint connections to Azure Machine Learning\",\n    \"description\": \"Audit private endpoints that are created in other subscriptions and/or tenants for Azure Machine Learning.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Audit\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\n            \"equals\": \"Approved\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateEndpoint.id\",\n                \"exists\": false\n              },\n              {\n                \"value\": \"[[split(concat(field('Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateEndpoint.id'), '//'), '/')[2]]\",\n                \"notEquals\": \"[[subscription().subscriptionId]\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#143": "{\n  \"name\": \"Deny-AA-child-resources\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"No child resources in Automation Account\",\n    \"description\": \"This policy denies the creation of child resources on the Automation Account\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Automation\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"in\": [\n              \"Microsoft.Automation/automationAccounts/runbooks\",\n              \"Microsoft.Automation/automationAccounts/variables\",\n              \"Microsoft.Automation/automationAccounts/modules\",\n              \"Microsoft.Automation/automationAccounts/credentials\",\n              \"Microsoft.Automation/automationAccounts/connections\",\n              \"Microsoft.Automation/automationAccounts/certificates\"\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#144": "{\n  \"name\": \"Deny-Databricks-NoPublicIp\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny public IPs for Databricks cluster\",\n    \"description\": \"Denies the deployment of workspaces that do not use the noPublicIp feature to host Databricks clusters without public IPs.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Databricks\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Databricks/workspaces\"\n          },\n          {\n            \"field\": \"Microsoft.DataBricks/workspaces/parameters.enableNoPublicIp.value\",\n            \"notEquals\": true\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#145": "{\n  \"name\": \"Deny-Databricks-Sku\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny non-premium Databricks sku\",\n    \"description\": \"Enforces the use of Premium Databricks workspaces to make sure appropriate security features are available including Databricks Access Controls, Credential Passthrough and SCIM provisioning for Microsoft Entra ID.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Databricks\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Databricks/workspaces\"\n          },\n          {\n            \"field\": \"Microsoft.DataBricks/workspaces/sku.name\",\n            \"notEquals\": \"premium\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}",
-    "$fxv#146": "{\n  \"name\": \"Deny-Databricks-VirtualNetwork\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny Databricks workspaces without Vnet injection\",\n    \"description\": \"Enforces the use of vnet injection for Databricks workspaces.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Databricks\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Databricks/workspaces\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.DataBricks/workspaces/parameters.customVirtualNetworkId.value\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.DataBricks/workspaces/parameters.customPublicSubnetName.value\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.DataBricks/workspaces/parameters.customPrivateSubnetName.value\",\n                \"exists\": false\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#147": "{\n  \"name\": \"Deny-MachineLearning-Aks\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny AKS cluster creation in Azure Machine Learning\",\n    \"description\": \"Deny AKS cluster creation in Azure Machine Learning and enforce connecting to existing clusters.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"equals\": \"AKS\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/resourceId\",\n                \"exists\": false\n              },\n              {\n                \"value\": \"[[empty(field('Microsoft.MachineLearningServices/workspaces/computes/resourceId'))]\",\n                \"equals\": true\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#148": "{\n  \"name\": \"Deny-MachineLearning-Compute-SubnetId\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Enforce subnet connectivity for Azure Machine Learning compute clusters and compute instances\",\n    \"description\": \"Enforce subnet connectivity for Azure Machine Learning compute clusters and compute instances.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"in\": [\n              \"AmlCompute\",\n              \"ComputeInstance\"\n            ]\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/subnet.id\",\n                \"exists\": false\n              },\n              {\n                \"value\": \"[[empty(field('Microsoft.MachineLearningServices/workspaces/computes/subnet.id'))]\",\n                \"equals\": true\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#149": "{\n  \"name\": \"Deny-MachineLearning-Compute-VmSize\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Limit allowed vm sizes for Azure Machine Learning compute clusters and compute instances\",\n    \"description\": \"Limit allowed vm sizes for Azure Machine Learning compute clusters and compute instances.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Budget\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"allowedVmSizes\": {\n        \"type\": \"Array\",\n        \"metadata\": {\n          \"displayName\": \"Allowed VM Sizes for Aml Compute Clusters and Instances\",\n          \"description\": \"Specifies the allowed VM Sizes for Aml Compute Clusters and Instances\"\n        },\n        \"defaultValue\": [\n          \"Standard_D1_v2\",\n          \"Standard_D2_v2\",\n          \"Standard_D3_v2\",\n          \"Standard_D4_v2\",\n          \"Standard_D11_v2\",\n          \"Standard_D12_v2\",\n          \"Standard_D13_v2\",\n          \"Standard_D14_v2\",\n          \"Standard_DS1_v2\",\n          \"Standard_DS2_v2\",\n          \"Standard_DS3_v2\",\n          \"Standard_DS4_v2\",\n          \"Standard_DS5_v2\",\n          \"Standard_DS11_v2\",\n          \"Standard_DS12_v2\",\n          \"Standard_DS13_v2\",\n          \"Standard_DS14_v2\",\n          \"Standard_M8-2ms\",\n          \"Standard_M8-4ms\",\n          \"Standard_M8ms\",\n          \"Standard_M16-4ms\",\n          \"Standard_M16-8ms\",\n          \"Standard_M16ms\",\n          \"Standard_M32-8ms\",\n          \"Standard_M32-16ms\",\n          \"Standard_M32ls\",\n          \"Standard_M32ms\",\n          \"Standard_M32ts\",\n          \"Standard_M64-16ms\",\n          \"Standard_M64-32ms\",\n          \"Standard_M64ls\",\n          \"Standard_M64ms\",\n          \"Standard_M64s\",\n          \"Standard_M128-32ms\",\n          \"Standard_M128-64ms\",\n          \"Standard_M128ms\",\n          \"Standard_M128s\",\n          \"Standard_M64\",\n          \"Standard_M64m\",\n          \"Standard_M128\",\n          \"Standard_M128m\",\n          \"Standard_D1\",\n          \"Standard_D2\",\n          \"Standard_D3\",\n          \"Standard_D4\",\n          \"Standard_D11\",\n          \"Standard_D12\",\n          \"Standard_D13\",\n          \"Standard_D14\",\n          \"Standard_DS15_v2\",\n          \"Standard_NV6\",\n          \"Standard_NV12\",\n          \"Standard_NV24\",\n          \"Standard_F2s_v2\",\n          \"Standard_F4s_v2\",\n          \"Standard_F8s_v2\",\n          \"Standard_F16s_v2\",\n          \"Standard_F32s_v2\",\n          \"Standard_F64s_v2\",\n          \"Standard_F72s_v2\",\n          \"Standard_NC6s_v3\",\n          \"Standard_NC12s_v3\",\n          \"Standard_NC24rs_v3\",\n          \"Standard_NC24s_v3\",\n          \"Standard_NC6\",\n          \"Standard_NC12\",\n          \"Standard_NC24\",\n          \"Standard_NC24r\",\n          \"Standard_ND6s\",\n          \"Standard_ND12s\",\n          \"Standard_ND24rs\",\n          \"Standard_ND24s\",\n          \"Standard_NC6s_v2\",\n          \"Standard_NC12s_v2\",\n          \"Standard_NC24rs_v2\",\n          \"Standard_NC24s_v2\",\n          \"Standard_ND40rs_v2\",\n          \"Standard_NV12s_v3\",\n          \"Standard_NV24s_v3\",\n          \"Standard_NV48s_v3\"\n        ]\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"in\": [\n              \"AmlCompute\",\n              \"ComputeInstance\"\n            ]\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/vmSize\",\n            \"notIn\": \"[[parameters('allowedVmSizes')]\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#142": "{\n    \"name\": \"Deploy-Vm-autoShutdown\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"Indexed\",\n        \"displayName\": \"Deploy Virtual Machine Auto Shutdown Schedule\",\n        \"description\": \"Deploys an auto shutdown schedule to a virtual machine\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Compute\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"time\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Scheduled Shutdown Time\",\n                    \"description\": \"Daily Scheduled shutdown time. i.e. 2300 = 11:00 PM\"\n                },\n                \"defaultValue\": \"0000\"\n            },\n            \"timeZoneId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"UTC\",\n                \"metadata\": {\n                    \"displayName\": \"Time zone\",\n                    \"description\": \"The time zone ID (e.g. Pacific Standard time).\"\n                }\n            },\n            \"EnableNotification\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"metadata\": {\n                    \"displayName\": \"Send Notification before auto-shutdown\",\n                    \"description\": \"If notifications are enabled for this schedule (i.e. Enabled, Disabled).\"\n                },\n                \"allowedValues\": [\n                    \"Disabled\",\n                    \"Enabled\"\n                ]\n            },\n            \"NotificationEmailRecipient\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"Email Address\",\n                    \"description\": \"Email address to be used for notification\"\n                }\n            },\n            \"NotificationWebhookUrl\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"Webhook URL\",\n                    \"description\": \"A notification will be posted to the specified webhook endpoint when the auto-shutdown is about to happen.\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"field\": \"type\",\n                \"equals\": \"Microsoft.Compute/virtualMachines\"\n            },\n            \"then\": {\n                \"effect\": \"deployIfNotExists\",\n                \"details\": {\n                    \"type\": \"Microsoft.DevTestLab/schedules\",\n                    \"existenceCondition\": {\n                        \"allOf\": [\n                            {\n                                \"field\": \"Microsoft.DevTestLab/schedules/taskType\",\n                                \"equals\": \"ComputeVmShutdownTask\"\n                            },\n                            {\n                                \"field\": \"Microsoft.DevTestLab/schedules/targetResourceId\",\n                                \"equals\": \"[[concat(resourceGroup().id,'/providers/Microsoft.Compute/virtualMachines/',field('name'))]\"\n                            }\n                        ]\n                    },\n                    \"roleDefinitionIds\": [\n                        \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\n                    ],\n                    \"deployment\": {\n                        \"properties\": {\n                            \"mode\": \"incremental\",\n                            \"template\": {\n                                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                                \"contentVersion\": \"1.0.0.0\",\n                                \"parameters\": {\n                                    \"vmName\": {\n                                        \"type\": \"string\"\n                                    },\n                                    \"location\": {\n                                        \"type\": \"string\"\n                                    },\n                                    \"time\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"Daily Scheduled shutdown time. i.e. 2300 = 11:00 PM\"\n                                        }\n                                    },\n                                    \"timeZoneId\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"The time zone ID (e.g. Pacific Standard time).\"\n                                        }\n                                    },\n                                    \"EnableNotification\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"If notifications are enabled for this schedule (i.e. Enabled, Disabled).\"\n                                        }\n                                    },\n                                    \"NotificationEmailRecipient\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"Email address to be used for notification\"\n                                        }\n                                    },\n                                    \"NotificationWebhookUrl\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"A notification will be posted to the specified webhook endpoint when the auto-shutdown is about to happen.\"\n                                        }\n                                    }\n                                },\n                                \"variables\": {},\n                                \"resources\": [\n                                    {\n                                        \"name\": \"[[concat('shutdown-computevm-',parameters('vmName'))]\",\n                                        \"type\": \"Microsoft.DevTestLab/schedules\",\n                                        \"location\": \"[[parameters('location')]\",\n                                        \"apiVersion\": \"2018-09-15\",\n                                        \"properties\": {\n                                            \"status\": \"Enabled\",\n                                            \"taskType\": \"ComputeVmShutdownTask\",\n                                            \"dailyRecurrence\": {\n                                                \"time\": \"[[parameters('time')]\"\n                                            },\n                                            \"timeZoneId\": \"[[parameters('timeZoneId')]\",\n                                            \"notificationSettings\": {\n                                                \"status\": \"[[parameters('EnableNotification')]\",\n                                                \"timeInMinutes\": 30,\n                                                \"webhookUrl\": \"[[parameters('NotificationWebhookUrl')]\",\n                                                \"emailRecipient\": \"[[parameters('NotificationEmailRecipient')]\",\n                                                \"notificationLocale\": \"en\"\n                                            },\n                                            \"targetResourceId\": \"[[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]\"\n                                        }\n                                    }\n                                ],\n                                \"outputs\": {}\n                            },\n                            \"parameters\": {\n                                \"vmName\": {\n                                    \"value\": \"[[field('name')]\"\n                                },\n                                \"location\": {\n                                    \"value\": \"[[field('location')]\"\n                                },\n                                \"time\": {\n                                    \"value\": \"[[parameters('time')]\"\n                                },\n                                \"timeZoneId\": {\n                                    \"value\": \"[[parameters('timeZoneId')]\"\n                                },\n                                \"EnableNotification\": {\n                                    \"value\": \"[[parameters('EnableNotification')]\"\n                                },\n                                \"NotificationEmailRecipient\": {\n                                    \"value\": \"[[parameters('NotificationEmailRecipient')]\"\n                                },\n                                \"NotificationWebhookUrl\": {\n                                    \"value\": \"[[parameters('NotificationWebhookUrl')]\"\n                                }\n                            }\n                        }\n                    }\n                }\n            }\n        }\n    }\n}",
+    "$fxv#143": "{\n  \"name\": \"Audit-MachineLearning-PrivateEndpointId\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Control private endpoint connections to Azure Machine Learning\",\n    \"description\": \"Audit private endpoints that are created in other subscriptions and/or tenants for Azure Machine Learning.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Audit\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\n            \"equals\": \"Approved\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateEndpoint.id\",\n                \"exists\": false\n              },\n              {\n                \"value\": \"[[split(concat(field('Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateEndpoint.id'), '//'), '/')[2]]\",\n                \"notEquals\": \"[[subscription().subscriptionId]\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#144": "{\n  \"name\": \"Deny-AA-child-resources\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"No child resources in Automation Account\",\n    \"description\": \"This policy denies the creation of child resources on the Automation Account\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Automation\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"in\": [\n              \"Microsoft.Automation/automationAccounts/runbooks\",\n              \"Microsoft.Automation/automationAccounts/variables\",\n              \"Microsoft.Automation/automationAccounts/modules\",\n              \"Microsoft.Automation/automationAccounts/credentials\",\n              \"Microsoft.Automation/automationAccounts/connections\",\n              \"Microsoft.Automation/automationAccounts/certificates\"\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#145": "{\n  \"name\": \"Deny-Databricks-NoPublicIp\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny public IPs for Databricks cluster\",\n    \"description\": \"Denies the deployment of workspaces that do not use the noPublicIp feature to host Databricks clusters without public IPs.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Databricks\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Databricks/workspaces\"\n          },\n          {\n            \"field\": \"Microsoft.DataBricks/workspaces/parameters.enableNoPublicIp.value\",\n            \"notEquals\": true\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#146": "{\n  \"name\": \"Deny-Databricks-Sku\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny non-premium Databricks sku\",\n    \"description\": \"Enforces the use of Premium Databricks workspaces to make sure appropriate security features are available including Databricks Access Controls, Credential Passthrough and SCIM provisioning for Microsoft Entra ID.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Databricks\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Databricks/workspaces\"\n          },\n          {\n            \"field\": \"Microsoft.DataBricks/workspaces/sku.name\",\n            \"notEquals\": \"premium\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}",
+    "$fxv#147": "{\n  \"name\": \"Deny-Databricks-VirtualNetwork\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny Databricks workspaces without Vnet injection\",\n    \"description\": \"Enforces the use of vnet injection for Databricks workspaces.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Databricks\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Databricks/workspaces\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.DataBricks/workspaces/parameters.customVirtualNetworkId.value\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.DataBricks/workspaces/parameters.customPublicSubnetName.value\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.DataBricks/workspaces/parameters.customPrivateSubnetName.value\",\n                \"exists\": false\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#148": "{\n  \"name\": \"Deny-MachineLearning-Aks\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny AKS cluster creation in Azure Machine Learning\",\n    \"description\": \"Deny AKS cluster creation in Azure Machine Learning and enforce connecting to existing clusters.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"equals\": \"AKS\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/resourceId\",\n                \"exists\": false\n              },\n              {\n                \"value\": \"[[empty(field('Microsoft.MachineLearningServices/workspaces/computes/resourceId'))]\",\n                \"equals\": true\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#149": "{\n  \"name\": \"Deny-MachineLearning-Compute-SubnetId\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Enforce subnet connectivity for Azure Machine Learning compute clusters and compute instances\",\n    \"description\": \"Enforce subnet connectivity for Azure Machine Learning compute clusters and compute instances.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"in\": [\n              \"AmlCompute\",\n              \"ComputeInstance\"\n            ]\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/subnet.id\",\n                \"exists\": false\n              },\n              {\n                \"value\": \"[[empty(field('Microsoft.MachineLearningServices/workspaces/computes/subnet.id'))]\",\n                \"equals\": true\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
     "$fxv#15": "{\n  \"name\": \"Deny-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny the creation of private DNS\",\n    \"description\": \"This policy denies the creation of a private DNS in the current scope, used in combination with policies that create centralized private DNS in connectivity subscription\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"field\": \"type\",\n        \"equals\": \"Microsoft.Network/privateDnsZones\"\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#150": "{\n  \"name\": \"Deny-MachineLearning-ComputeCluster-RemoteLoginPortPublicAccess\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"All\",\n    \"displayName\": \"Deny public access of Azure Machine Learning clusters via SSH\",\n    \"description\": \"Deny public access of Azure Machine Learning clusters via SSH.\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"equals\": \"AmlCompute\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/remoteLoginPortPublicAccess\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/remoteLoginPortPublicAccess\",\n                \"notEquals\": \"Disabled\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#151": "{\n  \"name\": \"Deny-MachineLearning-ComputeCluster-Scale\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Enforce scale settings for Azure Machine Learning compute clusters\",\n    \"description\": \"Enforce scale settings for Azure Machine Learning compute clusters.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Budget\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"maxNodeCount\": {\n        \"type\": \"Integer\",\n        \"metadata\": {\n          \"displayName\": \"Maximum Node Count\",\n          \"description\": \"Specifies the maximum node count of AML Clusters\"\n        },\n        \"defaultValue\": 10\n      },\n      \"minNodeCount\": {\n        \"type\": \"Integer\",\n        \"metadata\": {\n          \"displayName\": \"Minimum Node Count\",\n          \"description\": \"Specifies the minimum node count of AML Clusters\"\n        },\n        \"defaultValue\": 0\n      },\n      \"maxNodeIdleTimeInSecondsBeforeScaleDown\": {\n        \"type\": \"Integer\",\n        \"metadata\": {\n          \"displayName\": \"Maximum Node Idle Time in Seconds Before Scaledown\",\n          \"description\": \"Specifies the maximum node idle time in seconds before scaledown\"\n        },\n        \"defaultValue\": 900\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"equals\": \"AmlCompute\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.maxNodeCount\",\n                \"greater\": \"[[parameters('maxNodeCount')]\"\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.minNodeCount\",\n                \"greater\": \"[[parameters('minNodeCount')]\"\n              },\n              {\n                \"value\": \"[[int(last(split(replace(replace(replace(replace(replace(replace(replace(field('Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.nodeIdleTimeBeforeScaleDown'), 'P', '/'), 'Y', '/'), 'M', '/'), 'D', '/'), 'T', '/'), 'H', '/'), 'S', ''), '/')))]\",\n                \"greater\": \"[[parameters('maxNodeIdleTimeInSecondsBeforeScaleDown')]\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#152": "{\n  \"name\": \"Deny-MachineLearning-HbiWorkspace\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Enforces high business impact Azure Machine Learning Workspaces\",\n    \"description\": \"Enforces high business impact Azure Machine Learning workspaces.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/hbiWorkspace\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/hbiWorkspace\",\n                \"notEquals\": true\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#153": "{\n  \"name\": \"Deny-MachineLearning-PublicAccessWhenBehindVnet\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny public access behind vnet to Azure Machine Learning workspace\",\n    \"description\": \"Deny public access behind vnet to Azure Machine Learning workspaces.\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/allowPublicAccessWhenBehindVnet\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/allowPublicAccessWhenBehindVnet\",\n                \"notEquals\": false\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#154": "{\n  \"name\": \"Deny-MachineLearning-PublicNetworkAccess\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated] Azure Machine Learning should have disabled public network access\",\n    \"description\": \"Denies public network access for Azure Machine Learning workspaces. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/438c38d2-3772-465a-a9cc-7a6666a275ce.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"438c38d2-3772-465a-a9cc-7a6666a275ce\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/publicNetworkAccess\",\n            \"notEquals\": \"Disabled\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#155": "{\n  \"name\": \"Deploy-Budget\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"All\",\n    \"displayName\": \"Deploy a default budget on all subscriptions under the assigned scope\",\n    \"description\": \"Deploy a default budget on all subscriptions under the assigned scope\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Budget\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"budgetName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"budget-set-by-policy\",\n        \"metadata\": {\n          \"description\": \"The name for the budget to be created\"\n        }\n      },\n      \"amount\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"1000\",\n        \"metadata\": {\n          \"description\": \"The total amount of cost or usage to track with the budget\"\n        }\n      },\n      \"timeGrain\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Monthly\",\n        \"allowedValues\": [\n          \"Monthly\",\n          \"Quarterly\",\n          \"Annually\",\n          \"BillingMonth\",\n          \"BillingQuarter\",\n          \"BillingAnnual\"\n        ],\n        \"metadata\": {\n          \"description\": \"The time covered by a budget. Tracking of the amount will be reset based on the time grain.\"\n        }\n      },\n      \"firstThreshold\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"90\",\n        \"metadata\": {\n          \"description\": \"Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.\"\n        }\n      },\n      \"secondThreshold\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"100\",\n        \"metadata\": {\n          \"description\": \"Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.\"\n        }\n      },\n      \"contactRoles\": {\n        \"type\": \"Array\",\n        \"defaultValue\": [\n          \"Owner\",\n          \"Contributor\"\n        ],\n        \"metadata\": {\n          \"description\": \"The list of contact RBAC roles, in an array, to send the budget notification to when the threshold is exceeded.\"\n        }\n      },\n      \"contactEmails\": {\n        \"type\": \"Array\",\n        \"defaultValue\": [],\n        \"metadata\": {\n          \"description\": \"The list of email addresses, in an array, to send the budget notification to when the threshold is exceeded.\"\n        }\n      },\n      \"contactGroups\": {\n        \"type\": \"Array\",\n        \"defaultValue\": [],\n        \"metadata\": {\n          \"description\": \"The list of action groups, in an array, to send the budget notification to when the threshold is exceeded. It accepts array of strings.\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Resources/subscriptions\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Consumption/budgets\",\n          \"deploymentScope\": \"subscription\",\n          \"existenceScope\": \"subscription\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Consumption/budgets/amount\",\n                \"equals\": \"[[parameters('amount')]\"\n              },\n              {\n                \"field\": \"Microsoft.Consumption/budgets/timeGrain\",\n                \"equals\": \"[[parameters('timeGrain')]\"\n              },\n              {\n                \"field\": \"Microsoft.Consumption/budgets/category\",\n                \"equals\": \"Cost\"\n              }\n            ]\n          },\n          \"roleDefinitionIds\": [\n            \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n          ],\n          \"deployment\": {\n            \"location\": \"northeurope\",\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"parameters\": {\n                \"budgetName\": {\n                  \"value\": \"[[parameters('budgetName')]\"\n                },\n                \"amount\": {\n                  \"value\": \"[[parameters('amount')]\"\n                },\n                \"timeGrain\": {\n                  \"value\": \"[[parameters('timeGrain')]\"\n                },\n                \"firstThreshold\": {\n                  \"value\": \"[[parameters('firstThreshold')]\"\n                },\n                \"secondThreshold\": {\n                  \"value\": \"[[parameters('secondThreshold')]\"\n                },\n                \"contactEmails\": {\n                  \"value\": \"[[parameters('contactEmails')]\"\n                },\n                \"contactRoles\": {\n                  \"value\": \"[[parameters('contactRoles')]\"\n                },\n                \"contactGroups\": {\n                  \"value\": \"[[parameters('contactGroups')]\"\n                }\n              },\n              \"template\": {\n                \"$schema\": \"http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"budgetName\": {\n                    \"type\": \"String\"\n                  },\n                  \"amount\": {\n                    \"type\": \"String\"\n                  },\n                  \"timeGrain\": {\n                    \"type\": \"String\"\n                  },\n                  \"firstThreshold\": {\n                    \"type\": \"String\"\n                  },\n                  \"secondThreshold\": {\n                    \"type\": \"String\"\n                  },\n                  \"contactEmails\": {\n                    \"type\": \"Array\"\n                  },\n                  \"contactRoles\": {\n                    \"type\": \"Array\"\n                  },\n                  \"contactGroups\": {\n                    \"type\": \"Array\"\n                  },\n                  \"startDate\": {\n                    \"type\": \"String\",\n                    \"defaultValue\": \"[[concat(utcNow('MM'), '/01/', utcNow('yyyy'))]\"\n                  }\n                },\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.Consumption/budgets\",\n                    \"apiVersion\": \"2019-10-01\",\n                    \"name\": \"[[parameters('budgetName')]\",\n                    \"properties\": {\n                      \"timePeriod\": {\n                        \"startDate\": \"[[parameters('startDate')]\"\n                      },\n                      \"timeGrain\": \"[[parameters('timeGrain')]\",\n                      \"amount\": \"[[parameters('amount')]\",\n                      \"category\": \"Cost\",\n                      \"notifications\": {\n                        \"NotificationForExceededBudget1\": {\n                          \"enabled\": true,\n                          \"operator\": \"GreaterThan\",\n                          \"threshold\": \"[[parameters('firstThreshold')]\",\n                          \"contactEmails\": \"[[parameters('contactEmails')]\",\n                          \"contactRoles\": \"[[parameters('contactRoles')]\",\n                          \"contactGroups\": \"[[parameters('contactGroups')]\"\n                        },\n                        \"NotificationForExceededBudget2\": {\n                          \"enabled\": true,\n                          \"operator\": \"GreaterThan\",\n                          \"threshold\": \"[[parameters('secondThreshold')]\",\n                          \"contactEmails\": \"[[parameters('contactEmails')]\",\n                          \"contactRoles\": \"[[parameters('contactRoles')]\",\n                          \"contactGroups\": \"[[parameters('contactGroups')]\"\n                        }\n                      }\n                    }\n                  }\n                ]\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
-    "$fxv#156": "{\n  \"name\": \"Deploy-Diagnostics-AVDScalingPlans\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace\",\n    \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any Scaling Plan which is missing this diagnostic settings is created or updated. This policy is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n    \"metadata\": {\n      \"deprecated\": true,\n      \"version\": \"1.1.0-deprecated\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"logsEnabled\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"True\",\n        \"allowedValues\": [\n          \"True\",\n          \"False\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Enable logs\",\n          \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"field\": \"type\",\n        \"equals\": \"Microsoft.DesktopVirtualization/scalingplans\"\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Insights/diagnosticSettings\",\n          \"name\": \"[[parameters('profileName')]\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n                \"equals\": \"true\"\n              },\n              {\n                \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n                \"equals\": \"[[parameters('logAnalytics')]\"\n              }\n            ]\n          },\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n            \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n          ],\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"template\": {\n                \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"resourceName\": {\n                    \"type\": \"String\"\n                  },\n                  \"logAnalytics\": {\n                    \"type\": \"String\"\n                  },\n                  \"location\": {\n                    \"type\": \"String\"\n                  },\n                  \"profileName\": {\n                    \"type\": \"String\"\n                  },\n                  \"logsEnabled\": {\n                    \"type\": \"String\"\n                  }\n                },\n                \"variables\": {},\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.DesktopVirtualization/scalingplans/providers/diagnosticSettings\",\n                    \"apiVersion\": \"2017-05-01-preview\",\n                    \"name\": \"[[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n                    \"location\": \"[[parameters('location')]\",\n                    \"dependsOn\": [],\n                    \"properties\": {\n                      \"workspaceId\": \"[[parameters('logAnalytics')]\",\n                      \"logs\": [\n                        {\n                          \"category\": \"Autoscale\",\n                          \"enabled\": \"[[parameters('logsEnabled')]\"\n                        }\n                      ]\n                    }\n                  }\n                ],\n                \"outputs\": {}\n              },\n              \"parameters\": {\n                \"logAnalytics\": {\n                  \"value\": \"[[parameters('logAnalytics')]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"resourceName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"profileName\": {\n                  \"value\": \"[[parameters('profileName')]\"\n                },\n                \"logsEnabled\": {\n                  \"value\": \"[[parameters('logsEnabled')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}",
-    "$fxv#157": "{\n    \"name\": \"Deploy-Vm-autoShutdown\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"Indexed\",\n        \"displayName\": \"Deploy Virtual Machine Auto Shutdown Schedule\",\n        \"description\": \"Deploys an auto shutdown schedule to a virtual machine\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Compute\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"time\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Scheduled Shutdown Time\",\n                    \"description\": \"Daily Scheduled shutdown time. i.e. 2300 = 11:00 PM\"\n                },\n                \"defaultValue\": \"0000\"\n            },\n            \"timeZoneId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"UTC\",\n                \"metadata\": {\n                    \"displayName\": \"Time zone\",\n                    \"description\": \"The time zone ID (e.g. Pacific Standard time).\"\n                }\n            },\n            \"EnableNotification\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"metadata\": {\n                    \"displayName\": \"Send Notification before auto-shutdown\",\n                    \"description\": \"If notifications are enabled for this schedule (i.e. Enabled, Disabled).\"\n                },\n                \"allowedValues\": [\n                    \"Disabled\",\n                    \"Enabled\"\n                ]\n            },\n            \"NotificationEmailRecipient\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"Email Address\",\n                    \"description\": \"Email address to be used for notification\"\n                }\n            },\n            \"NotificationWebhookUrl\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"Webhook URL\",\n                    \"description\": \"A notification will be posted to the specified webhook endpoint when the auto-shutdown is about to happen.\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"field\": \"type\",\n                \"equals\": \"Microsoft.Compute/virtualMachines\"\n            },\n            \"then\": {\n                \"effect\": \"deployIfNotExists\",\n                \"details\": {\n                    \"type\": \"Microsoft.DevTestLab/schedules\",\n                    \"existenceCondition\": {\n                        \"allOf\": [\n                            {\n                                \"field\": \"Microsoft.DevTestLab/schedules/taskType\",\n                                \"equals\": \"ComputeVmShutdownTask\"\n                            },\n                            {\n                                \"field\": \"Microsoft.DevTestLab/schedules/targetResourceId\",\n                                \"equals\": \"[[concat(resourceGroup().id,'/providers/Microsoft.Compute/virtualMachines/',field('name'))]\"\n                            }\n                        ]\n                    },\n                    \"roleDefinitionIds\": [\n                        \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\n                    ],\n                    \"deployment\": {\n                        \"properties\": {\n                            \"mode\": \"incremental\",\n                            \"template\": {\n                                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                                \"contentVersion\": \"1.0.0.0\",\n                                \"parameters\": {\n                                    \"vmName\": {\n                                        \"type\": \"string\"\n                                    },\n                                    \"location\": {\n                                        \"type\": \"string\"\n                                    },\n                                    \"time\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"Daily Scheduled shutdown time. i.e. 2300 = 11:00 PM\"\n                                        }\n                                    },\n                                    \"timeZoneId\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"The time zone ID (e.g. Pacific Standard time).\"\n                                        }\n                                    },\n                                    \"EnableNotification\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"If notifications are enabled for this schedule (i.e. Enabled, Disabled).\"\n                                        }\n                                    },\n                                    \"NotificationEmailRecipient\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"Email address to be used for notification\"\n                                        }\n                                    },\n                                    \"NotificationWebhookUrl\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"A notification will be posted to the specified webhook endpoint when the auto-shutdown is about to happen.\"\n                                        }\n                                    }\n                                },\n                                \"variables\": {},\n                                \"resources\": [\n                                    {\n                                        \"name\": \"[[concat('shutdown-computevm-',parameters('vmName'))]\",\n                                        \"type\": \"Microsoft.DevTestLab/schedules\",\n                                        \"location\": \"[[parameters('location')]\",\n                                        \"apiVersion\": \"2018-09-15\",\n                                        \"properties\": {\n                                            \"status\": \"Enabled\",\n                                            \"taskType\": \"ComputeVmShutdownTask\",\n                                            \"dailyRecurrence\": {\n                                                \"time\": \"[[parameters('time')]\"\n                                            },\n                                            \"timeZoneId\": \"[[parameters('timeZoneId')]\",\n                                            \"notificationSettings\": {\n                                                \"status\": \"[[parameters('EnableNotification')]\",\n                                                \"timeInMinutes\": 30,\n                                                \"webhookUrl\": \"[[parameters('NotificationWebhookUrl')]\",\n                                                \"emailRecipient\": \"[[parameters('NotificationEmailRecipient')]\",\n                                                \"notificationLocale\": \"en\"\n                                            },\n                                            \"targetResourceId\": \"[[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]\"\n                                        }\n                                    }\n                                ],\n                                \"outputs\": {}\n                            },\n                            \"parameters\": {\n                                \"vmName\": {\n                                    \"value\": \"[[field('name')]\"\n                                },\n                                \"location\": {\n                                    \"value\": \"[[field('location')]\"\n                                },\n                                \"time\": {\n                                    \"value\": \"[[parameters('time')]\"\n                                },\n                                \"timeZoneId\": {\n                                    \"value\": \"[[parameters('timeZoneId')]\"\n                                },\n                                \"EnableNotification\": {\n                                    \"value\": \"[[parameters('EnableNotification')]\"\n                                },\n                                \"NotificationEmailRecipient\": {\n                                    \"value\": \"[[parameters('NotificationEmailRecipient')]\"\n                                },\n                                \"NotificationWebhookUrl\": {\n                                    \"value\": \"[[parameters('NotificationWebhookUrl')]\"\n                                }\n                            }\n                        }\n                    }\n                }\n            }\n        }\n    }\n}",
+    "$fxv#150": "{\n  \"name\": \"Deny-MachineLearning-Compute-VmSize\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Limit allowed vm sizes for Azure Machine Learning compute clusters and compute instances\",\n    \"description\": \"Limit allowed vm sizes for Azure Machine Learning compute clusters and compute instances.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Budget\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"allowedVmSizes\": {\n        \"type\": \"Array\",\n        \"metadata\": {\n          \"displayName\": \"Allowed VM Sizes for Aml Compute Clusters and Instances\",\n          \"description\": \"Specifies the allowed VM Sizes for Aml Compute Clusters and Instances\"\n        },\n        \"defaultValue\": [\n          \"Standard_D1_v2\",\n          \"Standard_D2_v2\",\n          \"Standard_D3_v2\",\n          \"Standard_D4_v2\",\n          \"Standard_D11_v2\",\n          \"Standard_D12_v2\",\n          \"Standard_D13_v2\",\n          \"Standard_D14_v2\",\n          \"Standard_DS1_v2\",\n          \"Standard_DS2_v2\",\n          \"Standard_DS3_v2\",\n          \"Standard_DS4_v2\",\n          \"Standard_DS5_v2\",\n          \"Standard_DS11_v2\",\n          \"Standard_DS12_v2\",\n          \"Standard_DS13_v2\",\n          \"Standard_DS14_v2\",\n          \"Standard_M8-2ms\",\n          \"Standard_M8-4ms\",\n          \"Standard_M8ms\",\n          \"Standard_M16-4ms\",\n          \"Standard_M16-8ms\",\n          \"Standard_M16ms\",\n          \"Standard_M32-8ms\",\n          \"Standard_M32-16ms\",\n          \"Standard_M32ls\",\n          \"Standard_M32ms\",\n          \"Standard_M32ts\",\n          \"Standard_M64-16ms\",\n          \"Standard_M64-32ms\",\n          \"Standard_M64ls\",\n          \"Standard_M64ms\",\n          \"Standard_M64s\",\n          \"Standard_M128-32ms\",\n          \"Standard_M128-64ms\",\n          \"Standard_M128ms\",\n          \"Standard_M128s\",\n          \"Standard_M64\",\n          \"Standard_M64m\",\n          \"Standard_M128\",\n          \"Standard_M128m\",\n          \"Standard_D1\",\n          \"Standard_D2\",\n          \"Standard_D3\",\n          \"Standard_D4\",\n          \"Standard_D11\",\n          \"Standard_D12\",\n          \"Standard_D13\",\n          \"Standard_D14\",\n          \"Standard_DS15_v2\",\n          \"Standard_NV6\",\n          \"Standard_NV12\",\n          \"Standard_NV24\",\n          \"Standard_F2s_v2\",\n          \"Standard_F4s_v2\",\n          \"Standard_F8s_v2\",\n          \"Standard_F16s_v2\",\n          \"Standard_F32s_v2\",\n          \"Standard_F64s_v2\",\n          \"Standard_F72s_v2\",\n          \"Standard_NC6s_v3\",\n          \"Standard_NC12s_v3\",\n          \"Standard_NC24rs_v3\",\n          \"Standard_NC24s_v3\",\n          \"Standard_NC6\",\n          \"Standard_NC12\",\n          \"Standard_NC24\",\n          \"Standard_NC24r\",\n          \"Standard_ND6s\",\n          \"Standard_ND12s\",\n          \"Standard_ND24rs\",\n          \"Standard_ND24s\",\n          \"Standard_NC6s_v2\",\n          \"Standard_NC12s_v2\",\n          \"Standard_NC24rs_v2\",\n          \"Standard_NC24s_v2\",\n          \"Standard_ND40rs_v2\",\n          \"Standard_NV12s_v3\",\n          \"Standard_NV24s_v3\",\n          \"Standard_NV48s_v3\"\n        ]\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"in\": [\n              \"AmlCompute\",\n              \"ComputeInstance\"\n            ]\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/vmSize\",\n            \"notIn\": \"[[parameters('allowedVmSizes')]\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#151": "{\n  \"name\": \"Deny-MachineLearning-ComputeCluster-RemoteLoginPortPublicAccess\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"All\",\n    \"displayName\": \"Deny public access of Azure Machine Learning clusters via SSH\",\n    \"description\": \"Deny public access of Azure Machine Learning clusters via SSH.\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"equals\": \"AmlCompute\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/remoteLoginPortPublicAccess\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/remoteLoginPortPublicAccess\",\n                \"notEquals\": \"Disabled\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#152": "{\n  \"name\": \"Deny-MachineLearning-ComputeCluster-Scale\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Enforce scale settings for Azure Machine Learning compute clusters\",\n    \"description\": \"Enforce scale settings for Azure Machine Learning compute clusters.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Budget\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"maxNodeCount\": {\n        \"type\": \"Integer\",\n        \"metadata\": {\n          \"displayName\": \"Maximum Node Count\",\n          \"description\": \"Specifies the maximum node count of AML Clusters\"\n        },\n        \"defaultValue\": 10\n      },\n      \"minNodeCount\": {\n        \"type\": \"Integer\",\n        \"metadata\": {\n          \"displayName\": \"Minimum Node Count\",\n          \"description\": \"Specifies the minimum node count of AML Clusters\"\n        },\n        \"defaultValue\": 0\n      },\n      \"maxNodeIdleTimeInSecondsBeforeScaleDown\": {\n        \"type\": \"Integer\",\n        \"metadata\": {\n          \"displayName\": \"Maximum Node Idle Time in Seconds Before Scaledown\",\n          \"description\": \"Specifies the maximum node idle time in seconds before scaledown\"\n        },\n        \"defaultValue\": 900\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"equals\": \"AmlCompute\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.maxNodeCount\",\n                \"greater\": \"[[parameters('maxNodeCount')]\"\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.minNodeCount\",\n                \"greater\": \"[[parameters('minNodeCount')]\"\n              },\n              {\n                \"value\": \"[[int(last(split(replace(replace(replace(replace(replace(replace(replace(field('Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.nodeIdleTimeBeforeScaleDown'), 'P', '/'), 'Y', '/'), 'M', '/'), 'D', '/'), 'T', '/'), 'H', '/'), 'S', ''), '/')))]\",\n                \"greater\": \"[[parameters('maxNodeIdleTimeInSecondsBeforeScaleDown')]\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#153": "{\n  \"name\": \"Deny-MachineLearning-HbiWorkspace\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Enforces high business impact Azure Machine Learning Workspaces\",\n    \"description\": \"Enforces high business impact Azure Machine Learning workspaces.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/hbiWorkspace\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/hbiWorkspace\",\n                \"notEquals\": true\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#154": "{\n  \"name\": \"Deny-MachineLearning-PublicAccessWhenBehindVnet\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny public access behind vnet to Azure Machine Learning workspace\",\n    \"description\": \"Deny public access behind vnet to Azure Machine Learning workspaces.\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/allowPublicAccessWhenBehindVnet\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/allowPublicAccessWhenBehindVnet\",\n                \"notEquals\": false\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#155": "{\n  \"name\": \"Deny-MachineLearning-PublicNetworkAccess\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated] Azure Machine Learning should have disabled public network access\",\n    \"description\": \"Denies public network access for Azure Machine Learning workspaces. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/438c38d2-3772-465a-a9cc-7a6666a275ce.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"438c38d2-3772-465a-a9cc-7a6666a275ce\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/publicNetworkAccess\",\n            \"notEquals\": \"Disabled\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#156": "{\n  \"name\": \"Deploy-Budget\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"All\",\n    \"displayName\": \"Deploy a default budget on all subscriptions under the assigned scope\",\n    \"description\": \"Deploy a default budget on all subscriptions under the assigned scope\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Budget\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"budgetName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"budget-set-by-policy\",\n        \"metadata\": {\n          \"description\": \"The name for the budget to be created\"\n        }\n      },\n      \"amount\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"1000\",\n        \"metadata\": {\n          \"description\": \"The total amount of cost or usage to track with the budget\"\n        }\n      },\n      \"timeGrain\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Monthly\",\n        \"allowedValues\": [\n          \"Monthly\",\n          \"Quarterly\",\n          \"Annually\",\n          \"BillingMonth\",\n          \"BillingQuarter\",\n          \"BillingAnnual\"\n        ],\n        \"metadata\": {\n          \"description\": \"The time covered by a budget. Tracking of the amount will be reset based on the time grain.\"\n        }\n      },\n      \"firstThreshold\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"90\",\n        \"metadata\": {\n          \"description\": \"Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.\"\n        }\n      },\n      \"secondThreshold\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"100\",\n        \"metadata\": {\n          \"description\": \"Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.\"\n        }\n      },\n      \"contactRoles\": {\n        \"type\": \"Array\",\n        \"defaultValue\": [\n          \"Owner\",\n          \"Contributor\"\n        ],\n        \"metadata\": {\n          \"description\": \"The list of contact RBAC roles, in an array, to send the budget notification to when the threshold is exceeded.\"\n        }\n      },\n      \"contactEmails\": {\n        \"type\": \"Array\",\n        \"defaultValue\": [],\n        \"metadata\": {\n          \"description\": \"The list of email addresses, in an array, to send the budget notification to when the threshold is exceeded.\"\n        }\n      },\n      \"contactGroups\": {\n        \"type\": \"Array\",\n        \"defaultValue\": [],\n        \"metadata\": {\n          \"description\": \"The list of action groups, in an array, to send the budget notification to when the threshold is exceeded. It accepts array of strings.\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Resources/subscriptions\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Consumption/budgets\",\n          \"deploymentScope\": \"subscription\",\n          \"existenceScope\": \"subscription\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Consumption/budgets/amount\",\n                \"equals\": \"[[parameters('amount')]\"\n              },\n              {\n                \"field\": \"Microsoft.Consumption/budgets/timeGrain\",\n                \"equals\": \"[[parameters('timeGrain')]\"\n              },\n              {\n                \"field\": \"Microsoft.Consumption/budgets/category\",\n                \"equals\": \"Cost\"\n              }\n            ]\n          },\n          \"roleDefinitionIds\": [\n            \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n          ],\n          \"deployment\": {\n            \"location\": \"northeurope\",\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"parameters\": {\n                \"budgetName\": {\n                  \"value\": \"[[parameters('budgetName')]\"\n                },\n                \"amount\": {\n                  \"value\": \"[[parameters('amount')]\"\n                },\n                \"timeGrain\": {\n                  \"value\": \"[[parameters('timeGrain')]\"\n                },\n                \"firstThreshold\": {\n                  \"value\": \"[[parameters('firstThreshold')]\"\n                },\n                \"secondThreshold\": {\n                  \"value\": \"[[parameters('secondThreshold')]\"\n                },\n                \"contactEmails\": {\n                  \"value\": \"[[parameters('contactEmails')]\"\n                },\n                \"contactRoles\": {\n                  \"value\": \"[[parameters('contactRoles')]\"\n                },\n                \"contactGroups\": {\n                  \"value\": \"[[parameters('contactGroups')]\"\n                }\n              },\n              \"template\": {\n                \"$schema\": \"http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"budgetName\": {\n                    \"type\": \"String\"\n                  },\n                  \"amount\": {\n                    \"type\": \"String\"\n                  },\n                  \"timeGrain\": {\n                    \"type\": \"String\"\n                  },\n                  \"firstThreshold\": {\n                    \"type\": \"String\"\n                  },\n                  \"secondThreshold\": {\n                    \"type\": \"String\"\n                  },\n                  \"contactEmails\": {\n                    \"type\": \"Array\"\n                  },\n                  \"contactRoles\": {\n                    \"type\": \"Array\"\n                  },\n                  \"contactGroups\": {\n                    \"type\": \"Array\"\n                  },\n                  \"startDate\": {\n                    \"type\": \"String\",\n                    \"defaultValue\": \"[[concat(utcNow('MM'), '/01/', utcNow('yyyy'))]\"\n                  }\n                },\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.Consumption/budgets\",\n                    \"apiVersion\": \"2019-10-01\",\n                    \"name\": \"[[parameters('budgetName')]\",\n                    \"properties\": {\n                      \"timePeriod\": {\n                        \"startDate\": \"[[parameters('startDate')]\"\n                      },\n                      \"timeGrain\": \"[[parameters('timeGrain')]\",\n                      \"amount\": \"[[parameters('amount')]\",\n                      \"category\": \"Cost\",\n                      \"notifications\": {\n                        \"NotificationForExceededBudget1\": {\n                          \"enabled\": true,\n                          \"operator\": \"GreaterThan\",\n                          \"threshold\": \"[[parameters('firstThreshold')]\",\n                          \"contactEmails\": \"[[parameters('contactEmails')]\",\n                          \"contactRoles\": \"[[parameters('contactRoles')]\",\n                          \"contactGroups\": \"[[parameters('contactGroups')]\"\n                        },\n                        \"NotificationForExceededBudget2\": {\n                          \"enabled\": true,\n                          \"operator\": \"GreaterThan\",\n                          \"threshold\": \"[[parameters('secondThreshold')]\",\n                          \"contactEmails\": \"[[parameters('contactEmails')]\",\n                          \"contactRoles\": \"[[parameters('contactRoles')]\",\n                          \"contactGroups\": \"[[parameters('contactGroups')]\"\n                        }\n                      }\n                    }\n                  }\n                ]\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
+    "$fxv#157": "{\n  \"name\": \"Deploy-Diagnostics-AVDScalingPlans\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace\",\n    \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any Scaling Plan which is missing this diagnostic settings is created or updated. This policy is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n    \"metadata\": {\n      \"deprecated\": true,\n      \"version\": \"1.1.0-deprecated\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"logsEnabled\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"True\",\n        \"allowedValues\": [\n          \"True\",\n          \"False\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Enable logs\",\n          \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"field\": \"type\",\n        \"equals\": \"Microsoft.DesktopVirtualization/scalingplans\"\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Insights/diagnosticSettings\",\n          \"name\": \"[[parameters('profileName')]\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n                \"equals\": \"true\"\n              },\n              {\n                \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n                \"equals\": \"[[parameters('logAnalytics')]\"\n              }\n            ]\n          },\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n            \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n          ],\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"template\": {\n                \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"resourceName\": {\n                    \"type\": \"String\"\n                  },\n                  \"logAnalytics\": {\n                    \"type\": \"String\"\n                  },\n                  \"location\": {\n                    \"type\": \"String\"\n                  },\n                  \"profileName\": {\n                    \"type\": \"String\"\n                  },\n                  \"logsEnabled\": {\n                    \"type\": \"String\"\n                  }\n                },\n                \"variables\": {},\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.DesktopVirtualization/scalingplans/providers/diagnosticSettings\",\n                    \"apiVersion\": \"2017-05-01-preview\",\n                    \"name\": \"[[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n                    \"location\": \"[[parameters('location')]\",\n                    \"dependsOn\": [],\n                    \"properties\": {\n                      \"workspaceId\": \"[[parameters('logAnalytics')]\",\n                      \"logs\": [\n                        {\n                          \"category\": \"Autoscale\",\n                          \"enabled\": \"[[parameters('logsEnabled')]\"\n                        }\n                      ]\n                    }\n                  }\n                ],\n                \"outputs\": {}\n              },\n              \"parameters\": {\n                \"logAnalytics\": {\n                  \"value\": \"[[parameters('logAnalytics')]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"resourceName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"profileName\": {\n                  \"value\": \"[[parameters('profileName')]\"\n                },\n                \"logsEnabled\": {\n                  \"value\": \"[[parameters('logsEnabled')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}",
     "$fxv#158": "{\n  \"name\": \"Deny-AFSPaasPublicIP\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Public network access should be disabled for Azure File Sync\",\n    \"description\": \"Disabling the public endpoint allows you to restrict access to your Storage Sync Service resource to requests destined to approved private endpoints on your organization's network. There is nothing inherently insecure about allowing requests to the public endpoint, however, you may wish to disable it to meet regulatory, legal, or organizational policy requirements. You can disable the public endpoint for a Storage Sync Service by setting the incomingTrafficPolicy of the resource to AllowVirtualNetworksOnly.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Storage\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Audit\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.StorageSync/storageSyncServices\"\n          },\n          {\n            \"field\": \"Microsoft.StorageSync/storageSyncServices/incomingTrafficPolicy\",\n            \"notEquals\": \"AllowVirtualNetworksOnly\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
     "$fxv#159": "{\n  \"name\": \"Deny-KeyVaultPaasPublicIP\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Preview: Azure Key Vault should disable public network access\",\n    \"description\": \"Disable public network access for your key vault so that it's not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/akvprivatelink.\",\n    \"metadata\": {\n      \"version\": \"2.0.0-preview\",\n      \"category\": \"Key Vault\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"preview\": true,\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Audit\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.KeyVault/vaults\"\n          },\n          {\n            \"not\": {\n              \"field\": \"Microsoft.KeyVault/vaults/createMode\",\n              \"equals\": \"recover\"\n            }\n          },\n          {\n            \"field\": \"Microsoft.KeyVault/vaults/networkAcls.defaultAction\",\n            \"notEquals\": \"Deny\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
     "$fxv#16": "{\n  \"name\": \"Deny-PublicEndpoint-MariaDB\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated] Public network access should be disabled for MariaDB\",\n    \"description\": \"This policy denies the creation of Maria DB accounts with exposed public endpoints. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/fdccbe47-f3e3-4213-ad5d-ea459b2fa077.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"SQL\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.DBforMariaDB/servers\"\n          },\n          {\n            \"field\": \"Microsoft.DBforMariaDB/servers/publicNetworkAccess\",\n            \"notequals\": \"Disabled\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
@@ -406,10 +406,10 @@
         "[variables('$fxv#138')]",
         "[variables('$fxv#139')]",
         "[variables('$fxv#140')]",
-        "[variables('$fxv#141')]"
+        "[variables('$fxv#141')]",
+        "[variables('$fxv#142')]"
       ],
       "AzureCloud": [
-        "[variables('$fxv#142')]",
         "[variables('$fxv#143')]",
         "[variables('$fxv#144')]",
         "[variables('$fxv#145')]",
diff --git a/src/templates/policies.bicep b/src/templates/policies.bicep
index 27d17e29a3..7ec548dfe8 100644
--- a/src/templates/policies.bicep
+++ b/src/templates/policies.bicep
@@ -183,6 +183,7 @@ var loadPolicyDefinitions = {
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Modify-UDR.json') // FSI specific policy
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Generic.json')
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/DenyAction-DeleteResources.json')
+    loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json') 
   ]
   AzureCloud: [
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Audit-MachineLearning-PrivateEndpointId.json') // Needs validating in AzureChinaCloud and AzureUSGovernment
@@ -200,7 +201,6 @@ var loadPolicyDefinitions = {
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-PublicNetworkAccess.json') // Needs validating in AzureChinaCloud and AzureUSGovernment
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Budget.json') // Needs validating in AzureChinaCloud (already used in AzureUSGovernment)
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans.json') // No obvious reason for exclusion from AzureChinaCloud and AzureUSGovernment, impacts "Deploy-Diagnostics-LogAnalytics" Policy Set Definition
-    loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json') // Not working in AzureChinaCloud, needs validating in AzureUSGovernment
   ]
   AzureChinaCloud: [
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deny-AFSPaasPublicIP.AzureChinaCloud.json') // Used by "Deny-PublicPaaSEndpoints" Policy Set Definition to replace missing built-in Policy Definition in AzureChinaCloud

From f01dca52a1479a6752471d99d3944bbedf96b335 Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Fri, 16 Aug 2024 16:18:01 +0800
Subject: [PATCH 27/43] Fix initiative ALZ Decommission

---
 eslzArm/eslzArm.json                          | 10 +-
 ...CE-ALZ-DecommissionedPolicyAssignment.json | 96 +++++++++++++++++++
 .../Deploy-Vm-autoShutdown.json               |  4 +-
 .../Enforce-ALZ-Decomm.AzureChinaCloud.json   | 44 +++++++++
 src/templates/initiatives.bicep               |  3 +-
 src/templates/policies.bicep                  |  2 +-
 6 files changed, 153 insertions(+), 6 deletions(-)
 create mode 100644 eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-ALZ-DecommissionedPolicyAssignment.json
 create mode 100644 src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.AzureChinaCloud.json

diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json
index e7c1e7c805..d4582268b8 100644
--- a/eslzArm/eslzArm.json
+++ b/eslzArm/eslzArm.json
@@ -1632,6 +1632,14 @@
         },
         "kvGuardrailsPolicyAssignment": "[variables('kvGuardrailsPolicyAssignmentMapping')[environment().resourceManager]]",
 
+        "decommissionPolicyAssignmentMapping": {
+            "https://management.azure.com/": "managementGroupTemplates/policyAssignments/ENFORCE-ALZ-DecommissionedPolicyAssignment.json",
+            "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/ENFORCE-ALZ-DecommissionedPolicyAssignment.json", // This needs to be updated for USGovernmentCloud
+            "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcENFORCE-ALZ-DecommissionedPolicyAssignment.json"
+
+        },
+        "decommissionPolicyAssignment": "[variables('decommissionPolicyAssignmentMapping')[environment().resourceManager]]",
+
         "deploymentUris": {
             "managementGroups": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/mgmtGroupStructure/mgmtGroups.json')]",
             "managementGroupsLite": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/mgmtGroupStructure/mgmtGroupsLite.json')]",
@@ -1684,7 +1692,7 @@
             "sqlAuditPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-SQLAuditingPolicyAssignment.json')]",
             "sqlEncryptionPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-SQLEncryptionPolicyAssignment.json')]",
             "sqlThreatPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-SQLThreatPolicyAssignment.json')]",
-            "decommissionPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/ENFORCE-ALZ-DecommissionedPolicyAssignment.json')]",
+            "decommissionPolicyAssignment": "[uri(deployment().properties.templateLink.uri, variables('decommissionPolicyAssignment'))]",
             "sandboxPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/ENFORCE-ALZ-SandboxPolicyAssignment.json')]",
             "ddosPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/MODIFY-DDoSPolicyAssignment.json')]",
             "corpVnetPeering": "[uri(deployment().properties.templateLink.uri, 'subscriptionTemplates/vnetPeering.json')]",
diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-ALZ-DecommissionedPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-ALZ-DecommissionedPolicyAssignment.json
new file mode 100644
index 0000000000..a957918d71
--- /dev/null
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-ALZ-DecommissionedPolicyAssignment.json
@@ -0,0 +1,96 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "topLevelManagementGroupPrefix": {
+            "type": "string",
+            "metadata": {
+                "description": "Provide the ESLZ company prefix to the intermediate root management group containing the policy definitions."
+            }
+        },
+        "enforcementMode": {
+            "type": "string",
+            "allowedValues": [
+                "Default",
+                "DoNotEnforce"
+            ],
+            "defaultValue": "Default"
+        },
+        "nonComplianceMessagePlaceholder": {
+            "type": "string",
+            "defaultValue": "{enforcementMode}"
+        },
+        "listOfResourceTypesAllowed": {
+            "type": "Array",
+            "defaultValue": [
+                "microsoft.consumption/tags",
+                "microsoft.authorization/roleassignments",
+                "microsoft.authorization/roledefinitions",
+                "microsoft.authorization/policyassignments",
+                "microsoft.authorization/locks",
+                "microsoft.authorization/policydefinitions",
+                "microsoft.authorization/policysetdefinitions",
+                "microsoft.resources/tags",
+                "microsoft.authorization/roleeligibilityschedules",
+                "microsoft.authorization/roleeligibilityscheduleinstances",
+                "microsoft.authorization/roleassignmentschedules",
+                "microsoft.authorization/roleassignmentscheduleinstances"
+            ]
+        }
+    },
+    "variables": {
+        "policyDefinitions": {
+            "enforceAlzDecommissioned": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm-AzureChinaCloud')]"
+        },
+        "policyAssignmentNames": {
+            "alzDecommission": "Enforce-ALZ-Decomm",
+            "description": "This initiative will help enforce and govern subscriptions that are placed within the decommissioned Management Group as part of your Subscription decommissioning process. See https://aka.ms/alz/policies for more information.",
+            "displayName": "Enforce ALZ Decommissioned Guardrails"
+        },
+        "nonComplianceMessage": {
+            "message": "ALZ Decommissioned Guardrails {enforcementMode} be enforced.",
+            "Default": "must",
+            "DoNotEnforce": "should"
+        },
+        "rbacVMContributor": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
+        "roleAssignmentNames": {
+            "deployDecommRoles": "[guid(concat(parameters('topLevelManagementGroupPrefix'), variables('policyAssignmentNames').alzDecommission))]"
+            }
+    },
+    "resources": [
+        {
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[variables('policyAssignmentNames').alzDecommission]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[variables('policyAssignmentNames').description]",
+                "displayName": "[variables('policyAssignmentNames').displayName]",
+                "policyDefinitionId": "[variables('policyDefinitions').enforceAlzDecommissioned]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "parameters": {
+                    "listOfResourceTypesAllowed": {
+                        "value": "[parameters('listOfResourceTypesAllowed')]"
+                    }
+                }
+            }
+        },
+        {
+            "type": "Microsoft.Authorization/roleAssignments",
+            "apiVersion": "2019-04-01-preview",
+            "name": "[variables('roleAssignmentNames').deployDecommRoles]",
+            "dependsOn": [
+                "[variables('policyAssignmentNames').alzDecommission]"
+            ],
+            "properties": {
+                "principalType": "ServicePrincipal",
+                "roleDefinitionId": "[concat('/providers/Microsoft.Authorization/roleDefinitions/', variables('rbacVMContributor'))]",
+                "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').alzDecommission), '2019-09-01', 'Full' ).identity.principalId)]"
+            }
+        }
+    ],
+    "outputs": {}
+}
\ No newline at end of file
diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json b/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json
index 7cd48db4a6..7fef29646c 100644
--- a/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json
+++ b/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json
@@ -13,9 +13,7 @@
             "category": "Compute",
             "source": "https://github.com/Azure/Enterprise-Scale/",
             "alzCloudEnvironments": [
-                "AzureCloud",
-                "AzureChinaCloud"
-            ]
+                "AzureCloud"            ]
         },
         "parameters": {
             "time": {
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.AzureChinaCloud.json
new file mode 100644
index 0000000000..33878569b9
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.AzureChinaCloud.json
@@ -0,0 +1,44 @@
+{
+    "name": "Enforce-ALZ-Decomm-AzureChinaCloud",
+    "type": "Microsoft.Authorization/policySetDefinitions",
+    "apiVersion": "2021-06-01",
+    "scope": null,
+    "properties": {
+      "policyType": "Custom",
+      "displayName": "Enforce policies in the Decommissioned Landing Zone",
+      "description": "Enforce policies in the Decommissioned Landing Zone.",
+      "metadata": {
+        "version": "1.0.0",
+        "category": "Decommissioned",
+        "source": "https://github.com/Azure/Enterprise-Scale/",
+        "alzCloudEnvironments": [ 
+          "AzureChinaCloud"
+        ]
+      },
+      "parameters": {
+        "listOfResourceTypesAllowed":{
+          "type": "Array",
+          "defaultValue": [],
+          "metadata": {
+            "displayName": "Allowed resource types in the Decommissioned landing zone",
+            "description": "Allowed resource types in the Decommissioned landing zone, default is none.",
+            "strongType": "resourceTypes"
+          }
+        }
+      },
+      "policyDefinitions": [
+        {
+          "policyDefinitionReferenceId": "DecomDenyResources",
+          "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c",
+          "parameters": {
+            "listOfResourceTypesAllowed": {
+              "value": "[[parameters('listOfResourceTypesAllowed')]"
+            }
+          },
+          "groupNames": []
+        }
+      ],
+      "policyDefinitionGroups": null
+    }
+  }
+  
\ No newline at end of file
diff --git a/src/templates/initiatives.bicep b/src/templates/initiatives.bicep
index 2572f21794..6f42a55801 100644
--- a/src/templates/initiatives.bicep
+++ b/src/templates/initiatives.bicep
@@ -38,7 +38,6 @@ var loadPolicySetDefinitions = {
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Sql-Security.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Sql-Security_20240529.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Sandbox.json')
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json') 
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/DenyAction-DeleteProtection.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-AUM-CheckUpdates.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-APIM.json') // FSI specific initiative
@@ -61,6 +60,7 @@ var loadPolicySetDefinitions = {
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-VirtualDesktop.json') // FSI specific initiative
   ]
   AzureCloud: [
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json') // Not working in AzureChinaCloud, needs validating in AzureUSGovernment
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.json') // See AzureChinaCloud and AzureUSGovernment comments below for reasoning
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics.json') // See AzureChinaCloud and AzureUSGovernment comments below for reasoning
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.json') // See AzureChinaCloud and AzureUSGovernment comments below for reasoning
@@ -97,6 +97,7 @@ var loadPolicySetDefinitions = {
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (3a58212a-c829-4f13-9872-6371df2fd0b4)
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (055aa869-bc98-4af8-bafc-23f1ab6ffe2c)
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (b5f04e03-92a3-4b09-9410-2cc5e5047656)
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.AzureChinaCloud.json') // Due to missing service DevTestLab which will be used by policy "Deploy-Vm-autoShutdown"
   ]
   AzureUSGovernment: [
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.AzureUSGovernment.json') // Due to missing built-in Policy Definitions (5e1de0e3-42cb-4ebc-a86d-61d0c619ca48, c9299215-ae47-4f50-9c54-8a392f68a052)
diff --git a/src/templates/policies.bicep b/src/templates/policies.bicep
index 7ec548dfe8..aae5465cf3 100644
--- a/src/templates/policies.bicep
+++ b/src/templates/policies.bicep
@@ -183,7 +183,6 @@ var loadPolicyDefinitions = {
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Modify-UDR.json') // FSI specific policy
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Generic.json')
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/DenyAction-DeleteResources.json')
-    loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json') 
   ]
   AzureCloud: [
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Audit-MachineLearning-PrivateEndpointId.json') // Needs validating in AzureChinaCloud and AzureUSGovernment
@@ -201,6 +200,7 @@ var loadPolicyDefinitions = {
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-PublicNetworkAccess.json') // Needs validating in AzureChinaCloud and AzureUSGovernment
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Budget.json') // Needs validating in AzureChinaCloud (already used in AzureUSGovernment)
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans.json') // No obvious reason for exclusion from AzureChinaCloud and AzureUSGovernment, impacts "Deploy-Diagnostics-LogAnalytics" Policy Set Definition
+    loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json') // Not working in AzureChinaCloud since servie DevTestLab doesn't exist in Mooncake, needs validating in AzureUSGovernment
   ]
   AzureChinaCloud: [
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deny-AFSPaasPublicIP.AzureChinaCloud.json') // Used by "Deny-PublicPaaSEndpoints" Policy Set Definition to replace missing built-in Policy Definition in AzureChinaCloud

From b5c8e63b7e82339782c087232d66fdd5c69677be Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Fri, 16 Aug 2024 16:19:43 +0800
Subject: [PATCH 28/43] update bicep and building json file

---
 .../policyDefinitions/initiatives.json        | 86 ++++++++++---------
 .../policyDefinitions/policies.json           | 38 ++++----
 2 files changed, 63 insertions(+), 61 deletions(-)

diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
index 0527f7d9ea..a5c01dcfaa 100644
--- a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
+++ b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.22.6.54827",
-      "templateHash": "13806023795590053595"
+      "templateHash": "12998982961439820352"
     }
   },
   "parameters": {
@@ -78,23 +78,23 @@
     ],
     "$fxv#0": "{\n    \"name\": \"Audit-UnusedResourcesCostOptimization\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Unused resources driving cost should be avoided\",\n        \"description\": \"Optimize cost by detecting unused but chargeable resources. Leverage this Azure Policy Initiative as a cost control tool to reveal orphaned resources that are contributing cost.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Cost Optimization\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n              ]\n        },\n        \"parameters\": {\n            \"effectDisks\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Disks Effect\",\n                    \"description\": \"Enable or disable the execution of the policy for Microsoft.Compute/disks\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectPublicIpAddresses\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"PublicIpAddresses Effect\",\n                    \"description\": \"Enable or disable the execution of the policy for Microsoft.Network/publicIpAddresses\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectServerFarms\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"ServerFarms Effect\",\n                    \"description\": \"Enable or disable the execution of the policy for Microsoft.Web/serverfarms\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AuditDisksUnusedResourcesCostOptimization\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Audit-Disks-UnusedResourcesCostOptimization\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectDisks')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AuditPublicIpAddressesUnusedResourcesCostOptimization\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Audit-PublicIpAddresses-UnusedResourcesCostOptimization\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectPublicIpAddresses')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AuditServerFarmsUnusedResourcesCostOptimization\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Audit-ServerFarms-UnusedResourcesCostOptimization\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectServerFarms')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AuditAzureHybridBenefitUnusedResourcesCostOptimization\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Audit-AzureHybridBenefit\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"Audit\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#1": "{\n    \"name\": \"Audit-TrustedLaunch\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Audit virtual machines for Trusted Launch support\",\n        \"description\": \"Trusted Launch improves security of a Virtual Machine which requires VM SKU, OS Disk & OS Image to support it (Gen 2). To learn more about Trusted Launch, visit https://aka.ms/trustedlaunch.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Trusted Launch\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n              ]\n        },\n        \"version\": \"1.0.0\",\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AuditDisksOsTrustedLaunch\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b03bb370-5249-4ea4-9fce-2552e87e45fa\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AuditTrustedLaunchEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95b54ad-0614-4633-ab29-104b01235cbf\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#10": "{\n    \"name\": \"Enforce-Guardrails-CognitiveServices\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cognitive Services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cognitive Services is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cognitiveSearchSku\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveSearchLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyCognitiveSearchLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyCognitiveSearchPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a049bf77-880b-470f-ba6d-9f21c530cf83\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-SKU\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchSku')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6300012e-e9a4-4649-b41f-a85f5c43be91\",\n                \"policyDefinitionReferenceId\": \"Deny-CongitiveSearch-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4eb216f2-9dba-4979-86e6-5d7e63ce3b75\",\n                \"policyDefinitionReferenceId\": \"Modify-CogntiveSearch-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyCognitiveSearchLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9cee519f-d9c1-4fd9-9f79-24ec3449ed30\",\n                \"policyDefinitionReferenceId\": \"Modify-CogntiveSearch-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyCognitiveSearchPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47ba1dd7-28d9-4b07-a8d5-9813bed64e0c\",\n                \"policyDefinitionReferenceId\": \"Modify-Cognitive-Services-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#11": "{\n    \"name\": \"Enforce-Guardrails-Compute\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Compute\",\n        \"description\": \"This policy initiative is a group of policies that ensures Compute is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Compute\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"diskDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vmAndVmssEncryptionHost\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fc4d8e41-e223-45ea-9bf5-eada37891d87\",\n                \"policyDefinitionReferenceId\": \"Deny-VmAndVmss-Encryption-Host\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vmAndVmssEncryptionHost')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ca91455f-eace-4f96-be59-e6e2c35b4816\",\n                \"policyDefinitionReferenceId\": \"Deny-Disk-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('diskDoubleEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#12": "{\n    \"name\": \"Enforce-Guardrails-ContainerInstance\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Instance\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Instances\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerInstanceVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8af8f826-edcb-4178-b35f-851ea6fea615\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerInstance-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerInstanceVnet')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#13": "{\n    \"name\": \"Enforce-Guardrails-ContainerRegistry\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Registry\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Registry\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerRegistryUnrestrictedNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryRepositoryToken\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyRepositoryToken\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryExports\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryAnAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyAnAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistrySkuPrivateLink\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryArmAudience\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyArmAudience\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/79fdfe03-ffcb-4e55-b4d0-b925b8241759\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b426fe-8856-4945-8600-18c5dd1cca2a\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Repo-Token\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyRepositoryToken')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/42781ec6-6127-4c30-bdfa-fb423a0047d3\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Arm-Audience\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryArmAudience')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/785596ed-054f-41bc-aaec-7f3d0ba05725\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Arm-Audience\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyArmAudience')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd560fc0-3c69-498a-ae9f-aa8eb7de0e13\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Sku-PrivateLink\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistrySkuPrivateLink')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cced2946-b08a-44fe-9fd9-e4ed8a779897\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Anonymous-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyAnAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9f2dea28-e834-476c-99c5-3507b4728395\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Anonymous-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryAnAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/524b0254-c285-4903-bee6-bb8126cde579\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Exports\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryExports')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc921057-6b28-4fbe-9b83-f7bec05db6c2\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff05e24e-195c-447e-b322-5e90c9f9f366\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Repo-Token\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryRepositoryToken')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Unrestricted-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryUnrestrictedNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a3701552-92ea-433e-9d17-33b7f1208fc9\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#14": "{\n    \"name\": \"Enforce-Guardrails-DataExplorer\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Data Explorer\",\n        \"description\": \"This policy initiative is a group of policies that ensures Data Explorer is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Azure Data Explorer\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"adxEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxSku\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1fec9658-933f-4b3e-bc95-913ed22d012b\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Sku-without-PL-Support\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxSku')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4b53539-8df9-40e4-86c6-6b607703bd4e\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7b32f193-cb28-4e15-9a98-b9556db0bafa\",\n                \"policyDefinitionReferenceId\": \"Modify-ADX-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#15": "{\n    \"name\": \"Enforce-Guardrails-DataFactory\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Data Factory\",\n        \"description\": \"This policy initiative is a group of policies that ensures Data Factory is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Data Factory\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"adfSqlIntegration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfLinkedServiceKeyVault\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfGit\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f78ccdb4-7bf4-4106-8647-270491d2978a\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/77d40665-3120-4348-b539-3192ec808307\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Git\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfGit')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/127ef6d7-242f-43b3-9eef-947faf1725d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Linked-Service-Key-Vault\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfLinkedServiceKeyVault')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0088bc63-6dee-4a9c-9d29-91cfdc848952\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Sql-Integration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfSqlIntegration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b1442b-7789-4130-8506-4f99a97226a7\",\n                \"policyDefinitionReferenceId\": \"Modify-Adf-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#16": "{\n    \"name\": \"Enforce-Guardrails-EventGrid\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Event Grid\",\n        \"description\": \"This policy initiative is a group of policies that ensures Event Grid is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Grid\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"eventGridLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPartnerNamespaceLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPartnerNamespaceModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridDomainModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridDomainModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2dd0e8b9-4289-4bb0-b813-1883298e9924\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Partner-Namespace-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPartnerNamespaceModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ac2748f-3bf1-4c02-a3b6-92ae68cf75b1\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Domain-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridDomainModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae9fb87f-8a17-4428-94a4-8135d431055c\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Topic-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c8144d9-746a-4501-b08c-093c8d29ad04\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Topic-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8632b003-3545-4b29-85e6-b2b96773df1e\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Partner-Namespace-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPartnerNamespaceLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8bfadddb-ee1c-4639-8911-a38cb8e0b3bd\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/898e9824-104c-4965-8e0e-5197588fa5d4\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Domain-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridDomainModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36ea4b4b-0f7f-4a54-89fa-ab18f555a172\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Topic-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#17": "{\n    \"name\": \"Enforce-Guardrails-EventHub\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Event Hub\",\n        \"description\": \"This policy initiative is a group of policies that ensures Event Hub is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Hub\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"eventHubAuthRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/836cd60e-87f3-4e6a-a27c-29d687f01a4c\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/57f35901-8389-40bb-ac49-3ba4f86d889d\",\n                \"policyDefinitionReferenceId\": \"Modify-EH-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5d4e3c65-4873-47be-94f3-6f8b953a3598\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Auth-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubAuthRules')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#18": "{\n    \"name\": \"Enforce-Guardrails-Kubernetes\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Kubernetes\",\n        \"description\": \"This policy initiative is a group of policies that ensures Kubernetes is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Kubernetes\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aksKms\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksCni\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivateCluster\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksCommandInvoke\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksReadinessOrLivenessProbes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivContainers\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivEscalation\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksAllowedCapabilities\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksTempDisk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksInternalLb\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksDefaultNamespace\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksNakedPods\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksShareHostProcessAndNamespace\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksWindowsContainerAdministrator\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5485eac0-7e8f-4964-998b-a44f4f0c1e75\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Windows-Container-Administrator\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksWindowsContainerAdministrator')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Shared-Host-Process-Namespace\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksShareHostProcessAndNamespace')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65280eef-c8b4-425e-9aec-af55e55bf581\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Naked-Pods\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksNakedPods')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9f061a12-e40d-4183-a00e-171812443373\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Default-Namespace\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksDefaultNamespace')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Internal-Lb\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksInternalLb')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/41425d9f-d1a5-499a-9932-f8ed8453932c\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Temp-Disk-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksTempDisk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Allowed-Capabilities\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksAllowedCapabilities')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Priv-Escalation\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivEscalation')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Priv-Containers\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivContainers')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b1a9997f-2883-4f12-bdff-2280f99b5915\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-ReadinessOrLiveness-Probes\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksReadinessOrLivenessProbes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b708b0a-3380-40e9-8b79-821f9fa224cc\",\n                \"policyDefinitionReferenceId\": \"Dine-Aks-Command-Invoke\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksCommandInvoke')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"policyDefinitionReferenceId\": \"Dine-Aks-Policy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPolicy')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Private-Cluster\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivateCluster')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/993c2fcd-2b29-49d2-9eb0-df2c3a730c32\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dbbdc317-9734-4dd8-9074-993b29c69008\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Kms\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksKms')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46238e2f-3f6f-4589-9f3f-77bed4116e67\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Cni\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksCni')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#19": "{\n    \"name\": \"Enforce-Guardrails-MachineLearning\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Machine Learning\",\n        \"description\": \"This policy initiative is a group of policies that ensures Machine Learning is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Machine Learning\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mlUserAssignedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlOutdatedOS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f110a506-2dcb-422e-bcea-d533fc8c35e2\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-Outdated-Os\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effects\": {\n                        \"value\": \"[[parameters('mlOutdatedOS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6f9a2d0-cff7-4855-83ad-4cd750666512\",\n                \"policyDefinitionReferenceId\": \"Modify-ML-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f0c7d88-c7de-45b8-ac49-db49e72eaa78\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-User-Assigned-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlUserAssignedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a10ee784-7409-4941-b091-663697637c0f\",\n                \"policyDefinitionReferenceId\": \"Modify-ML-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#10": "{\n    \"name\": \"Enforce-Guardrails-Compute\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Compute\",\n        \"description\": \"This policy initiative is a group of policies that ensures Compute is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Compute\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"diskDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vmAndVmssEncryptionHost\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fc4d8e41-e223-45ea-9bf5-eada37891d87\",\n                \"policyDefinitionReferenceId\": \"Deny-VmAndVmss-Encryption-Host\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vmAndVmssEncryptionHost')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ca91455f-eace-4f96-be59-e6e2c35b4816\",\n                \"policyDefinitionReferenceId\": \"Deny-Disk-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('diskDoubleEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#11": "{\n    \"name\": \"Enforce-Guardrails-ContainerInstance\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Instance\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Instances\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerInstanceVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8af8f826-edcb-4178-b35f-851ea6fea615\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerInstance-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerInstanceVnet')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#12": "{\n    \"name\": \"Enforce-Guardrails-ContainerRegistry\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Registry\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Registry\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerRegistryUnrestrictedNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryRepositoryToken\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyRepositoryToken\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryExports\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryAnAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyAnAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistrySkuPrivateLink\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryArmAudience\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyArmAudience\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/79fdfe03-ffcb-4e55-b4d0-b925b8241759\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b426fe-8856-4945-8600-18c5dd1cca2a\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Repo-Token\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyRepositoryToken')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/42781ec6-6127-4c30-bdfa-fb423a0047d3\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Arm-Audience\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryArmAudience')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/785596ed-054f-41bc-aaec-7f3d0ba05725\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Arm-Audience\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyArmAudience')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd560fc0-3c69-498a-ae9f-aa8eb7de0e13\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Sku-PrivateLink\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistrySkuPrivateLink')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cced2946-b08a-44fe-9fd9-e4ed8a779897\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Anonymous-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyAnAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9f2dea28-e834-476c-99c5-3507b4728395\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Anonymous-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryAnAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/524b0254-c285-4903-bee6-bb8126cde579\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Exports\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryExports')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc921057-6b28-4fbe-9b83-f7bec05db6c2\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff05e24e-195c-447e-b322-5e90c9f9f366\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Repo-Token\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryRepositoryToken')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Unrestricted-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryUnrestrictedNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a3701552-92ea-433e-9d17-33b7f1208fc9\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#13": "{\n    \"name\": \"Enforce-Guardrails-DataExplorer\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Data Explorer\",\n        \"description\": \"This policy initiative is a group of policies that ensures Data Explorer is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Azure Data Explorer\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"adxEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxSku\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1fec9658-933f-4b3e-bc95-913ed22d012b\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Sku-without-PL-Support\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxSku')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4b53539-8df9-40e4-86c6-6b607703bd4e\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7b32f193-cb28-4e15-9a98-b9556db0bafa\",\n                \"policyDefinitionReferenceId\": \"Modify-ADX-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#14": "{\n    \"name\": \"Enforce-Guardrails-DataFactory\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Data Factory\",\n        \"description\": \"This policy initiative is a group of policies that ensures Data Factory is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Data Factory\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"adfSqlIntegration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfLinkedServiceKeyVault\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfGit\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f78ccdb4-7bf4-4106-8647-270491d2978a\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/77d40665-3120-4348-b539-3192ec808307\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Git\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfGit')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/127ef6d7-242f-43b3-9eef-947faf1725d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Linked-Service-Key-Vault\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfLinkedServiceKeyVault')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0088bc63-6dee-4a9c-9d29-91cfdc848952\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Sql-Integration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfSqlIntegration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b1442b-7789-4130-8506-4f99a97226a7\",\n                \"policyDefinitionReferenceId\": \"Modify-Adf-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#15": "{\n    \"name\": \"Enforce-Guardrails-EventGrid\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Event Grid\",\n        \"description\": \"This policy initiative is a group of policies that ensures Event Grid is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Grid\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"eventGridLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPartnerNamespaceLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPartnerNamespaceModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridDomainModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridDomainModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2dd0e8b9-4289-4bb0-b813-1883298e9924\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Partner-Namespace-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPartnerNamespaceModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ac2748f-3bf1-4c02-a3b6-92ae68cf75b1\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Domain-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridDomainModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae9fb87f-8a17-4428-94a4-8135d431055c\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Topic-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c8144d9-746a-4501-b08c-093c8d29ad04\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Topic-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8632b003-3545-4b29-85e6-b2b96773df1e\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Partner-Namespace-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPartnerNamespaceLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8bfadddb-ee1c-4639-8911-a38cb8e0b3bd\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/898e9824-104c-4965-8e0e-5197588fa5d4\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Domain-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridDomainModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36ea4b4b-0f7f-4a54-89fa-ab18f555a172\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Topic-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#16": "{\n    \"name\": \"Enforce-Guardrails-EventHub\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Event Hub\",\n        \"description\": \"This policy initiative is a group of policies that ensures Event Hub is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Hub\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"eventHubAuthRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/836cd60e-87f3-4e6a-a27c-29d687f01a4c\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/57f35901-8389-40bb-ac49-3ba4f86d889d\",\n                \"policyDefinitionReferenceId\": \"Modify-EH-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5d4e3c65-4873-47be-94f3-6f8b953a3598\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Auth-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubAuthRules')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#17": "{\n    \"name\": \"Enforce-Guardrails-Kubernetes\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Kubernetes\",\n        \"description\": \"This policy initiative is a group of policies that ensures Kubernetes is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Kubernetes\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aksKms\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksCni\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivateCluster\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksCommandInvoke\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksReadinessOrLivenessProbes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivContainers\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivEscalation\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksAllowedCapabilities\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksTempDisk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksInternalLb\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksDefaultNamespace\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksNakedPods\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksShareHostProcessAndNamespace\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksWindowsContainerAdministrator\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5485eac0-7e8f-4964-998b-a44f4f0c1e75\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Windows-Container-Administrator\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksWindowsContainerAdministrator')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Shared-Host-Process-Namespace\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksShareHostProcessAndNamespace')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65280eef-c8b4-425e-9aec-af55e55bf581\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Naked-Pods\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksNakedPods')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9f061a12-e40d-4183-a00e-171812443373\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Default-Namespace\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksDefaultNamespace')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Internal-Lb\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksInternalLb')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/41425d9f-d1a5-499a-9932-f8ed8453932c\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Temp-Disk-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksTempDisk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Allowed-Capabilities\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksAllowedCapabilities')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Priv-Escalation\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivEscalation')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Priv-Containers\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivContainers')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b1a9997f-2883-4f12-bdff-2280f99b5915\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-ReadinessOrLiveness-Probes\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksReadinessOrLivenessProbes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b708b0a-3380-40e9-8b79-821f9fa224cc\",\n                \"policyDefinitionReferenceId\": \"Dine-Aks-Command-Invoke\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksCommandInvoke')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"policyDefinitionReferenceId\": \"Dine-Aks-Policy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPolicy')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Private-Cluster\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivateCluster')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/993c2fcd-2b29-49d2-9eb0-df2c3a730c32\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dbbdc317-9734-4dd8-9074-993b29c69008\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Kms\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksKms')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46238e2f-3f6f-4589-9f3f-77bed4116e67\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Cni\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksCni')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#18": "{\n    \"name\": \"Enforce-Guardrails-MachineLearning\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Machine Learning\",\n        \"description\": \"This policy initiative is a group of policies that ensures Machine Learning is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Machine Learning\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mlUserAssignedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlOutdatedOS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f110a506-2dcb-422e-bcea-d533fc8c35e2\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-Outdated-Os\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effects\": {\n                        \"value\": \"[[parameters('mlOutdatedOS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6f9a2d0-cff7-4855-83ad-4cd750666512\",\n                \"policyDefinitionReferenceId\": \"Modify-ML-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f0c7d88-c7de-45b8-ac49-db49e72eaa78\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-User-Assigned-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlUserAssignedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a10ee784-7409-4941-b091-663697637c0f\",\n                \"policyDefinitionReferenceId\": \"Modify-ML-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#19": "{\n    \"name\": \"Enforce-Guardrails-OpenAI\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Open AI (Cognitive Service)\",\n        \"description\": \"This policy initiative is a group of policies that ensures Open AI (Cognitive Service) is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cognitiveServicesOutboundNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesNetworkAcls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesModifyDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesCustomerStorage\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-CognitiveServices-RestrictOutboundNetworkAccess\",\n                \"policyDefinitionReferenceId\": \"Deny-OpenAi-OutboundNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesOutboundNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-CognitiveServices-NetworkAcls\",\n                \"policyDefinitionReferenceId\": \"Deny-OpenAi-NetworkAcls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesNetworkAcls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe3fd216-4f83-4fc1-8984-2bbec80a3418\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/71ef260a-8f18-47b7-abcb-62d0673d94dc\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesDisableLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46aa9b05-0e60-4eae-a88b-1e9d374fa515\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Cust-Storage\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesCustomerStorage')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/14de9e63-1b31-492e-a5a3-c3f7fd57f555\",\n                \"policyDefinitionReferenceId\": \"Modify-Cognitive-Services-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesModifyDisableLocalAuth')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#2": "{\n  \"name\": \"Deploy-Sql-Security\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Deploy SQL Database built-in SQL security configuration\",\n    \"description\": \"Deploy auditing, Alert, TDE and SQL vulnerability to SQL Databases when it not exist in the deployment. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-Sql-Security_20240529.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"SQL\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"Deploy-Sql-Security_20240529\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"vulnerabilityAssessmentsEmail\": {\n        \"metadata\": {\n          \"description\": \"The email address to send alerts\",\n          \"displayName\": \"The email address to send alerts\"\n        },\n        \"type\": \"String\"\n      },\n      \"vulnerabilityAssessmentsStorageID\": {\n        \"metadata\": {\n          \"description\": \"The storage account ID to store assessments\",\n          \"displayName\": \"The storage account ID to store assessments\"\n        },\n        \"type\": \"String\"\n      },\n      \"SqlDbTdeDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database Transparent Data Encryption \",\n          \"description\": \"Deploy the Transparent Data Encryption when it is not enabled in the deployment\"\n        }\n      },\n      \"SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database security Alert Policies configuration with email admin accounts\",\n          \"description\": \"Deploy the security Alert Policies configuration with email admin accounts when it not exist in current configuration\"\n        }\n      },\n      \"SqlDbAuditingSettingsDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL database auditing settings\",\n          \"description\": \"Deploy auditing settings to SQL Database when it not exist in the deployment\"\n        }\n      },\n      \"SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database vulnerability Assessments\",\n          \"description\": \"Deploy SQL Database vulnerability Assessments when it not exist in the deployment. To the specific  storage account in the parameters\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbTdeDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbTdeDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbSecurityAlertPoliciesDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbAuditingSettingsDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbAuditingSettingsDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbVulnerabilityAssessmentsDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect')]\"\n          },\n          \"vulnerabilityAssessmentsEmail\": {\n            \"value\": \"[[parameters('vulnerabilityAssessmentsEmail')]\"\n          },\n          \"vulnerabilityAssessmentsStorageID\": {\n            \"value\": \"[[parameters('vulnerabilityAssessmentsStorageID')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#20": "{\n    \"name\": \"Enforce-Guardrails-OpenAI\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Open AI (Cognitive Service)\",\n        \"description\": \"This policy initiative is a group of policies that ensures Open AI (Cognitive Service) is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cognitiveServicesOutboundNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesNetworkAcls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesModifyDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesCustomerStorage\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-CognitiveServices-RestrictOutboundNetworkAccess\",\n                \"policyDefinitionReferenceId\": \"Deny-OpenAi-OutboundNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesOutboundNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-CognitiveServices-NetworkAcls\",\n                \"policyDefinitionReferenceId\": \"Deny-OpenAi-NetworkAcls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesNetworkAcls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe3fd216-4f83-4fc1-8984-2bbec80a3418\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/71ef260a-8f18-47b7-abcb-62d0673d94dc\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesDisableLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46aa9b05-0e60-4eae-a88b-1e9d374fa515\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Cust-Storage\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesCustomerStorage')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/14de9e63-1b31-492e-a5a3-c3f7fd57f555\",\n                \"policyDefinitionReferenceId\": \"Modify-Cognitive-Services-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesModifyDisableLocalAuth')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#21": "{\n    \"name\": \"Enforce-Guardrails-PostgreSQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for PostgreSQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures PostgreSQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"PostgreSQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"postgreSqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/db048e65-913c-49f9-bb5f-1084184671d3\",\n                \"policyDefinitionReferenceId\": \"Dine-PostgreSql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('postgreSqlAdvThreatProtection')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#22": "{\n    \"name\": \"Enforce-Guardrails-ServiceBus\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Service Bus\",\n        \"description\": \"This policy initiative is a group of policies that ensures Service Bus is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Service Bus\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"serviceBusModifyDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDenyDisabledLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusAuthzRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Authz-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusAuthzRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebaf4f25-a4e8-415f-86a8-42d9155bef0b\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfb11c26-f069-4c14-8e36-56c394dae5af\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDenyDisabledLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/910711a6-8aa2-4f15-ae62-1e5b2ed3ef9e\",\n                \"policyDefinitionReferenceId\": \"Modify-Sb-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusModifyDisableLocalAuth')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#23": "{\n    \"name\": \"Enforce-Guardrails-SQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for SQL and SQL Managed Instance\",\n        \"description\": \"This policy initiative is a group of policies that ensures SQL and SQL Managed Instance is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"SQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"sqlManagedAadOnly\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlAadOnly\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifySqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c5a62eb0-c65a-4220-8a4d-f70dd4ca95dd\",\n                \"policyDefinitionReferenceId\": \"Dine-Sql-Managed-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abda6d70-9778-44e7-84a8-06713e6db027\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Aad-Only\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlAadOnly')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/78215662-041e-49ed-a9dd-5385911b3a1f\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Aad-Only\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedAadOnly')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6\",\n                \"policyDefinitionReferenceId\": \"Dine-Sql-Adv-Data\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b\",\n                \"policyDefinitionReferenceId\": \"Modify-Sql-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifySqlPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#24": "{\n    \"name\": \"Enforce-Guardrails-Synapse\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Synapse workspaces\",\n        \"description\": \"This policy initiative is a group of policies that ensures Synapse workspaces is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Synapse\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"synapseLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseManagedVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDataTraffic\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTenants\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseAllowedTenantIds\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"[[subscription().tenantId]\"\n                ]\n            },\n            \"synapseFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/951c1558-50a5-4ca3-abb6-a93e3e2367a6\",\n                \"policyDefinitionReferenceId\": \"Dine-Synapse-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3624673-d2ff-48e0-b28c-5de1c6767c3c\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56fd377d-098c-4f02-8406-81eb055902b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a003702-13d2-4679-941b-937e58c443f0\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tenant-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTenants')]\"\n                    },\n                    \"allowedTenantIds\": {\n                        \"value\": \"[[parameters('synapseAllowedTenantIds')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3484ce98-c0c5-4c83-994b-c5ac24785218\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Data-Traffic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDataTraffic')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d9dbfa3-927b-4cf0-9d0f-08747f971650\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Managed-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseManagedVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2158ddbe-fefa-408e-b43f-d4faef8ff3b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b5c654c-fb07-471b-aa8f-15fea733f140\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c8cad01-ef30-4891-b230-652dadb4876a\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#25": "{\n    \"name\": \"Enforce-Guardrails-VirtualDesktop\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Virtual Desktop\",\n        \"description\": \"This policy initiative is a group of policies that ensures Virtual Desktop is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Desktop Virtualization\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"avdWorkspaceModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ce6ebf1d-0b94-4df9-9257-d8cacc238b4f\",\n                \"policyDefinitionReferenceId\": \"Modify-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspaceModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0913ff-51e7-47b8-97bb-ea17127f7c8d\",\n                \"policyDefinitionReferenceId\": \"Modify-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#20": "{\n    \"name\": \"Enforce-Guardrails-PostgreSQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for PostgreSQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures PostgreSQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"PostgreSQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"postgreSqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/db048e65-913c-49f9-bb5f-1084184671d3\",\n                \"policyDefinitionReferenceId\": \"Dine-PostgreSql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('postgreSqlAdvThreatProtection')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#21": "{\n    \"name\": \"Enforce-Guardrails-ServiceBus\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Service Bus\",\n        \"description\": \"This policy initiative is a group of policies that ensures Service Bus is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Service Bus\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"serviceBusModifyDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDenyDisabledLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusAuthzRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Authz-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusAuthzRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebaf4f25-a4e8-415f-86a8-42d9155bef0b\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfb11c26-f069-4c14-8e36-56c394dae5af\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDenyDisabledLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/910711a6-8aa2-4f15-ae62-1e5b2ed3ef9e\",\n                \"policyDefinitionReferenceId\": \"Modify-Sb-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusModifyDisableLocalAuth')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#22": "{\n    \"name\": \"Enforce-Guardrails-SQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for SQL and SQL Managed Instance\",\n        \"description\": \"This policy initiative is a group of policies that ensures SQL and SQL Managed Instance is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"SQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"sqlManagedAadOnly\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlAadOnly\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifySqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c5a62eb0-c65a-4220-8a4d-f70dd4ca95dd\",\n                \"policyDefinitionReferenceId\": \"Dine-Sql-Managed-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abda6d70-9778-44e7-84a8-06713e6db027\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Aad-Only\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlAadOnly')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/78215662-041e-49ed-a9dd-5385911b3a1f\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Aad-Only\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedAadOnly')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6\",\n                \"policyDefinitionReferenceId\": \"Dine-Sql-Adv-Data\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b\",\n                \"policyDefinitionReferenceId\": \"Modify-Sql-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifySqlPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#23": "{\n    \"name\": \"Enforce-Guardrails-Synapse\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Synapse workspaces\",\n        \"description\": \"This policy initiative is a group of policies that ensures Synapse workspaces is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Synapse\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"synapseLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseManagedVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDataTraffic\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTenants\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseAllowedTenantIds\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"[[subscription().tenantId]\"\n                ]\n            },\n            \"synapseFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/951c1558-50a5-4ca3-abb6-a93e3e2367a6\",\n                \"policyDefinitionReferenceId\": \"Dine-Synapse-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3624673-d2ff-48e0-b28c-5de1c6767c3c\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56fd377d-098c-4f02-8406-81eb055902b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a003702-13d2-4679-941b-937e58c443f0\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tenant-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTenants')]\"\n                    },\n                    \"allowedTenantIds\": {\n                        \"value\": \"[[parameters('synapseAllowedTenantIds')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3484ce98-c0c5-4c83-994b-c5ac24785218\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Data-Traffic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDataTraffic')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d9dbfa3-927b-4cf0-9d0f-08747f971650\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Managed-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseManagedVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2158ddbe-fefa-408e-b43f-d4faef8ff3b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b5c654c-fb07-471b-aa8f-15fea733f140\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c8cad01-ef30-4891-b230-652dadb4876a\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#24": "{\n    \"name\": \"Enforce-Guardrails-VirtualDesktop\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Virtual Desktop\",\n        \"description\": \"This policy initiative is a group of policies that ensures Virtual Desktop is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Desktop Virtualization\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"avdWorkspaceModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ce6ebf1d-0b94-4df9-9257-d8cacc238b4f\",\n                \"policyDefinitionReferenceId\": \"Modify-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspaceModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0913ff-51e7-47b8-97bb-ea17127f7c8d\",\n                \"policyDefinitionReferenceId\": \"Modify-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#25": "{\n    \"name\": \"Enforce-ALZ-Decomm\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"Enforce policies in the Decommissioned Landing Zone\",\n      \"description\": \"Enforce policies in the Decommissioned Landing Zone.\",\n      \"metadata\": {\n        \"version\": \"1.0.0\",\n        \"category\": \"Decommissioned\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"alzCloudEnvironments\": [ \n          \"AzureCloud\",\n          \"AzureChinaCloud\"\n        ]\n      },\n      \"parameters\": {\n        \"listOfResourceTypesAllowed\":{\n          \"type\": \"Array\",\n          \"defaultValue\": [],\n          \"metadata\": {\n            \"displayName\": \"Allowed resource types in the Decommissioned landing zone\",\n            \"description\": \"Allowed resource types in the Decommissioned landing zone, default is none.\",\n            \"strongType\": \"resourceTypes\"\n          }\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"DecomDenyResources\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\n          \"parameters\": {\n            \"listOfResourceTypesAllowed\": {\n              \"value\": \"[[parameters('listOfResourceTypesAllowed')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n            \"policyDefinitionReferenceId\": \"DecomShutdownMachines\",\n            \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown\",\n            \"parameters\": {},\n            \"groupNames\": []\n          }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }\n  ",
     "$fxv#26": "{\n    \"name\": \"Deny-PublicPaaSEndpoints\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Public network access should be disabled for PaaS services\",\n        \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n        \"metadata\": {\n            \"version\": \"5.1.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"CosmosPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for CosmosDB\",\n                    \"description\": \"This policy denies that Cosmos database accounts  are created with out public network access is disabled.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"KeyVaultPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for KeyVault\",\n                    \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"SqlServerPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n                    \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"StoragePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access onStorage accounts should be disabled\",\n                    \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AKSPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on AKS API should be disabled\",\n                    \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"ACRPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure Container Registry disabled\",\n                    \"description\": \"This policy denies the creation of Azure Container Registries with exposed public endpoints \"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AFSPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure File Sync disabled\",\n                    \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"PostgreSQLFlexPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for PostgreSql Flexible Server\",\n                    \"description\": \"This policy denies creation of PostgreSQL Flexible DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"postgreSqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for PostgreSQL servers\",\n                    \"description\": \"This policy denies creation of PostgreSQL DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MySQLFlexPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for MySQL Flexible Server\",\n                    \"description\": \"This policy denies creation of MySql Flexible Server DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"BatchPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n                    \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MariaDbPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n                    \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MlPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Machine Learning\",\n                    \"description\": \"This policy denies creation of Azure Machine Learning with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"RedisCachePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Cache for Redis\",\n                    \"description\": \"This policy denies creation of Azure Cache for Redis with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"BotServicePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Bot Service\",\n                    \"description\": \"This policy denies creation of Bot Service with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AutomationPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Automation accounts\",\n                    \"description\": \"This policy denies creation of Automation accounts with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AppConfigPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Configuration\",\n                    \"description\": \"This policy denies creation of App Configuration with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"FunctionPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Function apps\",\n                    \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"FunctionAppSlotPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Function apps\",\n                    \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Service Environment apps\",\n                    \"description\": \"This policy denies creation of App Service Environment apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Service apps\",\n                    \"description\": \"This policy denies creation of App Service apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"ApiManPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for API Management services\",\n                    \"description\": \"This policy denies creation of API Management services with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"AuditIfNotExists\"\n            },\n            \"ContainerAppsEnvironmentDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Container Apps environment should disable public network access\",\n                    \"description\": \"This policy denies creation of Container Apps Environment with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsrVaultDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Azure Recovery Services vaults should disable public network access\",\n                    \"description\": \"This policy denies creation of Azure Recovery Services vaults with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"logicAppPublicNetworkAccessEffect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"appSlotsPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"cognitiveSearchPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"managedDiskPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmDisablePublicNetwork\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapsePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdWorkspacePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"grafanaPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/405c5871-3e91-4644-8a63-58e19d68ff5b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2982f36-99f2-4db5-8eff-283140c09693\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLFlexDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLFlexPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deny-PostgreSql-Public-Network-Access\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('postgreSqlPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLFlexDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLFlexPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MlDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/438c38d2-3772-465a-a9cc-7a6666a275ce\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MlPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisCacheDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/470baccb-7e51-4549-8b1a-3e5be069f663\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisCachePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BotServiceDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e8168db-69e3-4beb-9822-57cb59202a9d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BotServicePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AutomationDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/955a914f-bf86-4f0e-acd5-e0766b0efcb6\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AutomationPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppConfigDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3d9f5e4c-9947-4579-9539-2a7695fbc187\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppConfigPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/969ac98b-88a8-449f-883c-2e9adb123127\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionAppSlotsDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11c82d0c-db9f-4d7b-97c5-f3f9aa957da2\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppSlotPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AseDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d048aca-6479-4923-88f5-e2ac295d9af3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AsDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b5ef780-c53c-4a64-87f3-bb9c8c8094ba\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ApiManDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/df73bd95-24da-4a4f-96b9-4e8b94b402bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ApiManPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsEnvironmentDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d074ddf8-01a5-4b5e-a2b8-964aed452c0a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsEnvironmentDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/783ea2a8-b8fd-46be-896a-9ae79643a0b1\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AsrVaultDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9ebbbba3-4d65-4da9-bb67-b22cfaaff090\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsrVaultDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Public-Network-Access\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApp-Public-Network\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppPublicNetworkAccessEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/701a595d-38fb-4a66-ae6d-fb3735217622\",\n                \"policyDefinitionReferenceId\": \"Deny-AppSlots-Public\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appSlotsPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee980b6d-0eca-4501-8d54-f6290fd512c3\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8405fdab-1faf-48aa-b702-999c9c172094\",\n                \"policyDefinitionReferenceId\": \"Deny-ManagedDisk-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('managedDiskPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43bc7be6-5e69-4b0d-a2bb-e815557ca673\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1cf164be-6819-4a50-b8fa-4bcaa4f98fb6\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8f774be-6aee-492a-9e29-486ef81f3a68\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1adadefe-5f21-44f7-b931-a59b54ccdb45\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Topic-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0602787f-9896-402a-a6e1-39ee63ee435e\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/19ea9d63-adee-4431-a95e-1913c6c1c75f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PublicNetwork\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetwork')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cbd11fd3-3002-4907-b6c8-579f0e700e13\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDisablePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9dfea752-dd46-4766-aed1-c355fa93fb91\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Public-Endpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Public-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsPublicAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/38d8df46-cf4e-4073-8e03-48c24b29de0d\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapsePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ac3038-c07a-4b92-860d-29e270a4f3cd\",\n                \"policyDefinitionReferenceId\": \"Deny-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspacePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c25dcf31-878f-4eba-98eb-0818fdc6a334\",\n                \"policyDefinitionReferenceId\": \"Deny-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8775d5a-73b7-4977-a39b-833ef0114628\",\n                \"policyDefinitionReferenceId\": \"Deny-Grafana-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('grafanaPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#27": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. This policy set is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n    \"metadata\": {\n      \"deprecated\": true,\n      \"version\": \"2.2.0-deprecated\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsDestinationType\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AzureDiagnostics\",\n        \"allowedValues\": [\n          \"AzureDiagnostics\",\n          \"Dedicated\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Destination table for the Diagnostic Setting for API Management to Log Analytics workspace\",\n          \"description\": \"Destination table for the diagnostic setting for API Management to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsDestinationType\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AzureDiagnostics\",\n        \"allowedValues\": [\n          \"AzureDiagnostics\",\n          \"Dedicated\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Destination table for the Diagnostic Setting for Firewall to Log Analytics workspace\",\n          \"description\": \"Destination table for the diagnostic setting for Firewall to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Log Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Log Analytics to stream to a Log Analytics workspace when any Log Analytics workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category Audit enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AVDScalingPlansLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59759c62-9a22-4cdf-ae64-074495983fef\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountBlobServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountFileServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a70cc8-2bd4-47f1-90b6-1478e4662c96\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountQueueServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7bd000e3-37c7-4928-9f31-86c4b77c5c45\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountTableServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fb86bf3-d221-43d1-96d1-2434af34eaa0\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AVDScalingPlansLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"logAnalyticsDestinationType\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsDestinationType')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"logAnalyticsDestinationType\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsDestinationType')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#28": "{\n    \"name\": \"Deploy-MDFC-Config\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"[Deprecated]: Deploy Microsoft Defender for Cloud configuration\",\n        \"description\": \"Deploy Microsoft Defender for Cloud configuration. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html\",\n        \"metadata\": {\n            \"version\": \"7.0.0-deprecated\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"deprecated\": true,\n            \"supersededBy\": \"Deploy-MDFC-Config_20240319\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"emailSecurityContact\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Security contacts email address\",\n                    \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n                }\n            },\n            \"minimalSeverity\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"High\",\n                    \"Medium\",\n                    \"Low\"\n                ],\n                \"defaultValue\": \"High\",\n                \"metadata\": {\n                    \"displayName\": \"Minimal severity\",\n                    \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n                }\n            },\n            \"logAnalytics\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Primary Log Analytics workspace\",\n                    \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n                    \"strongType\": \"omsWorkspace\"\n                }\n            },\n            \"ascExportResourceGroupName\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n                }\n            },\n            \"ascExportResourceGroupLocation\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n                }\n            },\n            \"enableAscForCosmosDbs\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSql\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSqlOnVm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForDns\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForArm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForOssDb\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForAppServices\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForKeyVault\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForStorage\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForContainers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServersVulnerabilityAssessments\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"vulnerabilityAssessmentProvider\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"default\",\n                    \"mdeTvm\"\n                ],\n                \"defaultValue\": \"default\",\n                \"metadata\": {\n                    \"displayName\": \"Vulnerability assessment provider type\",\n                    \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n                }\n            },\n            \"enableAscForApis\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForCspm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForOssDb')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVM\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n                    },\n                    \"vaType\": {\n                        \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForAppServices')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForStorage')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforContainers\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    },\n                    \"logAnalyticsWorkspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForKeyVault')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForDns\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForDns')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForArm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForArm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSql')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForApis\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e54d2be9-5f2e-4d65-98e4-4f0e670b23d6\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForApis')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCspm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCspm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"securityEmailContact\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n                \"parameters\": {\n                    \"emailSecurityContact\": {\n                        \"value\": \"[[parameters('emailSecurityContact')]\"\n                    },\n                    \"minimalSeverity\": {\n                        \"value\": \"[[parameters('minimalSeverity')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ascExport\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n                \"parameters\": {\n                    \"resourceGroupName\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n                    },\n                    \"resourceGroupLocation\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n                    },\n                    \"workspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n                \"parameters\": {\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
@@ -121,7 +121,7 @@
     "$fxv#47": "{\n  \"name\": \"Deploy-MDFC-Config-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#48": "{\n  \"name\": \"Enforce-Encryption-CMK-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"MySQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"PostgreSQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#49": "{\n  \"name\": \"Deploy-Private-DNS-Zones-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureHDInsightPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureHDInsightPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueuePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueuePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueueSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueueSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#5": "{\n    \"name\": \"Enforce-ALZ-Decomm\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"Enforce policies in the Decommissioned Landing Zone\",\n      \"description\": \"Enforce policies in the Decommissioned Landing Zone.\",\n      \"metadata\": {\n        \"version\": \"1.0.0\",\n        \"category\": \"Decommissioned\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"alzCloudEnvironments\": [ \n          \"AzureCloud\",\n          \"AzureChinaCloud\"\n        ]\n      },\n      \"parameters\": {\n        \"listOfResourceTypesAllowed\":{\n          \"type\": \"Array\",\n          \"defaultValue\": [],\n          \"metadata\": {\n            \"displayName\": \"Allowed resource types in the Decommissioned landing zone\",\n            \"description\": \"Allowed resource types in the Decommissioned landing zone, default is none.\",\n            \"strongType\": \"resourceTypes\"\n          }\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"DecomDenyResources\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\n          \"parameters\": {\n            \"listOfResourceTypesAllowed\": {\n              \"value\": \"[[parameters('listOfResourceTypesAllowed')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n            \"policyDefinitionReferenceId\": \"DecomShutdownMachines\",\n            \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown\",\n            \"parameters\": {},\n            \"groupNames\": []\n          }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }\n  ",
+    "$fxv#5": "{\n    \"name\": \"DenyAction-DeleteProtection\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"DenyAction Delete - Activity Log Settings and Diagnostic Settings\",\n        \"description\": \"Enforces DenyAction - Delete on Activity Log Settings and Diagnostic Settings.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Monitoring\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {},\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-DiagnosticSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-ActivityLogSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#50": "{\n    \"name\": \"Enforce-Guardrails-Storage-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
     "$fxv#51": "{\n    \"name\": \"Enforce-EncryptTransit_20240509-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
     "$fxv#52": "{\n    \"name\": \"Enforce-Backup-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce enhanced recovery and backup policies\",\n        \"description\": \"Enforce enhanced recovery and backup policies on assigned scopes.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Backup\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"version\": \"1.0.0\",\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"checkLockedImmutabilityOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"checkLockedImmutabilityOnly\",\n                    \"description\": \"This parameter checks if Immutability is locked for Backup Vaults in scope. Selecting 'true' will mark only vaults with Immutability 'Locked' as compliant. Selecting 'false' will mark vaults that have Immutability either 'Enabled' or 'Locked' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2514263b-bc0d-4b06-ac3e-f262c0979018\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabiltyOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6f6f560-14b7-49a4-9fc8-d2c3a9807868\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabilityOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
@@ -130,25 +130,26 @@
     "$fxv#55": "{\n    \"name\": \"Enforce-Guardrails-MySQL-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#56": "{\n    \"name\": \"Enforce-Guardrails-Network-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
     "$fxv#57": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#58": "{\n  \"name\": \"Deny-PublicPaaSEndpoints\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that  Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registires with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicEndpoint-MariaDB\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#59": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
-    "$fxv#6": "{\n    \"name\": \"DenyAction-DeleteProtection\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"DenyAction Delete - Activity Log Settings and Diagnostic Settings\",\n        \"description\": \"Enforces DenyAction - Delete on Activity Log Settings and Diagnostic Settings.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Monitoring\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {},\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-DiagnosticSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-ActivityLogSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#60": "{\n  \"name\": \"Deploy-MDFC-Config\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForDns\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForArm\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForStorage\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForStorageAccounts\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c30959-af11-47b3-9ed2-a26e03f427a3\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForStorage')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForDns\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForDns')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForArm\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForArm')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#61": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
-    "$fxv#62": "{\n  \"name\": \"Enforce-Encryption-CMK\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#63": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\n                \"policyDefinitionReferenceId\": \"Dine-Storage-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#64": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-Sup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce additional recommended guardrails for Key Vault\",\n        \"description\": \"This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"keyVaultManagedHsmDisablePublicNetworkModify\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultModifyFw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84d327c3-164a-4685-b453-900478614456\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetworkModify')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-Fw\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultModifyFw')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#65": "{\n    \"name\": \"Enforce-EncryptTransit\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n      \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_20240509.html\",\n      \"metadata\": {\n        \"version\": \"2.1.0-deprecated\",\n        \"category\": \"Encryption\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"deprecated\": true,\n        \"supersededBy\": \"Enforce-EncryptTransit_20240509\",\n        \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n        ]\n      },\n      \"parameters\": {\n        \"AppServiceHttpEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n            \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceTlsVersionEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n            \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n            \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n          }\n        },\n        \"APIAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"FunctionLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"FunctionServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"WebAppServiceLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"WebAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"AKSIngressHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n            \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"deny\",\n          \"allowedValues\": [\n            \"audit\",\n            \"deny\",\n            \"disabled\"\n          ]\n        },\n        \"MySQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"MySQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n            \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"MySQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"PostgreSQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"PostgreSQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n            \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"PostgreSQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"RedisTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"RedisMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n            \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n          }\n        },\n        \"RedisTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n            \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"SQLManagedInstanceTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLManagedInstanceMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n            \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n          }\n        },\n        \"SQLManagedInstanceTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"SQLServerTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLServerminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n            \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n          }\n        },\n        \"SQLServerTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"StorageDeployHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"StorageminimumTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_1\",\n            \"TLS1_0\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Storage Account select minimum TLS version\",\n            \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n          }\n        },\n        \"StorageHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"ContainerAppsHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n            \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Deny\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n            },\n            \"minTlsVersion\": {\n              \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }",
-    "$fxv#66": "{\n    \"name\": \"Enforce-EncryptTransit_20240509\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"ContainerAppsHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n                    \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#67": "{\n    \"name\": \"Enforce-Guardrails-ContainerApps\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Apps\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerAppsManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsVnetInjection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b346db6-85af-419b-8557-92cee2c0f9bb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApp-Vnet-Injection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsVnetInjection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsManagedIdentity')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#68": "{\n    \"name\": \"Enforce-Guardrails-KeyVault\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultManagedHsmCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsPurgeProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86810a98-8e91-4a44-8386-ec66d0de5d57\",\n                \"policyDefinitionReferenceId\": \"Deny-keyVaultManagedHsm-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PurgeProtection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsPurgeProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#69": "{\n    \"name\": \"Enforce-Guardrails-Automation\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"autoHotPatch\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d02d2f7-e38b-4bdc-96f3-adc0a8726abc\",\n                \"policyDefinitionReferenceId\": \"Deny-Windows-Vm-HotPatch\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('autoHotPatch')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#7": "{\n    \"name\": \"Deploy-AUM-CheckUpdates\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Configure periodic checking for missing system updates on azure virtual machines and Arc-enabled virtual machines\",\n        \"description\": \"Configure auto-assessment (every 24 hours) for OS updates. You can control the scope of assignment according to machine subscription, resource group, location or tag. Learn more about this for Windows: https://aka.ms/computevm-windowspatchassessmentmode, for Linux: https://aka.ms/computevm-linuxpatchassessmentmode.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"assessmentMode\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Assessment mode\",\n                    \"description\": \"Assessment mode for the machines.\"\n                },\n                \"allowedValues\": [\n                    \"ImageDefault\",\n                    \"AutomaticByPlatform\"\n                ],\n                \"defaultValue\": \"AutomaticByPlatform\"\n            },\n            \"locations\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Machines locations\",\n                    \"description\": \"The list of locations from which machines need to be targeted.\",\n                    \"strongType\": \"location\"\n                },\n                \"defaultValue\": []\n            },\n            \"tagValues\": {\n                \"type\": \"Object\",\n                \"metadata\": {\n                    \"displayName\": \"Tags on machines\",\n                    \"description\": \"The list of tags that need to matched for getting target machines.\"\n                },\n                \"defaultValue\": {}\n            },\n            \"tagOperator\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Tag operator\",\n                    \"description\": \"Matching condition for resource tags\"\n                },\n                \"allowedValues\": [\n                    \"All\",\n                    \"Any\"\n                ],\n                \"defaultValue\": \"Any\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmCheckUpdateWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Windows\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmCheckUpdateLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Linux\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmArcCheckUpdateWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfea026e-043f-4ff4-9d1b-bf301ca7ff46\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Windows\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmArcCheckUpdateLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfea026e-043f-4ff4-9d1b-bf301ca7ff46\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Linux\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#70": "{\n    \"name\": \"Enforce-Guardrails-MySQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlInfraEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#71": "{\n    \"name\": \"Enforce-Guardrails-Network\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableIDPS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafAfdEnabled\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Afd-Enabled\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafAfdEnabled')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-IDPS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableIDPS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#72": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbAtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656\",\n                \"policyDefinitionReferenceId\": \"Dine-CosmosDb-Atp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbAtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#8": "{\n    \"name\": \"Enforce-Guardrails-APIM\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for API Management\",\n        \"description\": \"This policy initiative is a group of policies that ensures API Management is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"API Management\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"apiSubscriptionScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"minimumApiVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimSkuVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimApiBackendCertValidation\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimDirectApiEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimCallApiAuthn\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimEncryptedProtocols\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimVnetUsage\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimSecrets\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f1cc7827-022c-473e-836e-5a51cae0b249\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-without-Kv\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimSecrets')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ef619a2c-cc4d-4d03-b2ba-8c94a834d85b\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-without-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimVnetUsage')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-APIM-TLS\",\n                \"policyDefinitionReferenceId\": \"Deny-APIM-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee7495e7-3ba7-40b6-bfee-c29e22cc75d4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Protocols\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimEncryptedProtocols')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c15dcc82-b93c-4dcb-9332-fbf121685b54\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Authn\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimCallApiAuthn')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b741306c-968e-4b67-b916-5675e5c709f4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Direct-Endpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimDirectApiEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92bb331d-ac71-416a-8c91-02f2cb734ce4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Cert-Validation\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimApiBackendCertValidation')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ca8c8ac-3a6e-493d-99ba-c5fa35347ff2\",\n                \"policyDefinitionReferenceId\": \"Dine-Apim-Public-NetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimDisablePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/73ef9241-5d81-4cd4-b483-8443d1730fe5\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Sku-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimSkuVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/549814b6-3212-4203-bdc8-1548d342fb67\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('minimumApiVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3aa03346-d8c5-4994-a5bc-7652c2a2aef1\",\n                \"policyDefinitionReferenceId\": \"Deny-Api-subscription-scope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apiSubscriptionScope')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#9": "{\n    \"name\": \"Enforce-Guardrails-AppServices\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for App Service\",\n        \"description\": \"This policy initiative is a group of policies that ensures App Service is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"App Service\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"functionAppDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceSkuPl\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceDisableLocalAuthFtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceRouting\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceScmAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceRfc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsRfc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsVnetRouting\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceEnvLatestVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsRemoteDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsRemoteDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceByoc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsModifyHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppService-without-BYOC\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Byoc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceByoc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a5e3fe8f-f6cd-4f1d-bbf6-c749754a724b\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Remote-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsRemoteDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cca5adfe-626b-4cc6-8522-f5b6ed2391bd\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Remote-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsRemoteDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eb4d34ab-0929-491c-bbf3-61e13da19f9a\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Latest-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceEnvLatestVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/801543d1-1953-4a90-b8b0-8cf6d41473a5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Vnet-Routing\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsVnetRouting')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f5c0bfb3-acea-47b1-b477-b0edcdf6edc1\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Rfc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceRfc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a691eacb-474d-47e4-b287-b4813ca44222\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServiceApps-Rfc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsRfc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/70adbb40-e092-42d5-a6f8-71c540a5efdb\",\n                \"policyDefinitionReferenceId\": \"DINE-FuncApp-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e97b776-f380-4722-a9a3-e7f0be029e79\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-ScmAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceScmAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5747353b-1ca9-42c1-a4dd-b874b894f3d4\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-Routing\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceRouting')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/572e342c-c920-4ef5-be2e-1ed3c6a51dc5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-FtpAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceDisableLocalAuthFtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/546fe8d2-368d-4029-a418-6af48a7f61e5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-SkuPl\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceSkuPl')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2c034a29-2a5f-4857-b120-f800fe5549ae\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceDisableLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a5046c-c423-4805-9235-e844ae9ef49b\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08cf2974-d178-48a0-b26d-f6b8e555748b\",\n                \"policyDefinitionReferenceId\": \"Modify-Function-Apps-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsModifyHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0f98368e-36bc-4716-8ac2-8f8067203b63\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/242222f3-4985-4e99-b5ef-086d6a6cb01c\",\n                \"policyDefinitionReferenceId\": \"Modify-Function-Apps-Slots-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2374605e-3e0b-492b-9046-229af202562c\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-Apps-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c6c3e00e-d414-4ca4-914f-406699bb8eee\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-App-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#58": "{\n    \"name\": \"Enforce-ALZ-Decomm-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"Enforce policies in the Decommissioned Landing Zone\",\n      \"description\": \"Enforce policies in the Decommissioned Landing Zone.\",\n      \"metadata\": {\n        \"version\": \"1.0.0\",\n        \"category\": \"Decommissioned\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"alzCloudEnvironments\": [ \n          \"AzureChinaCloud\"\n        ]\n      },\n      \"parameters\": {\n        \"listOfResourceTypesAllowed\":{\n          \"type\": \"Array\",\n          \"defaultValue\": [],\n          \"metadata\": {\n            \"displayName\": \"Allowed resource types in the Decommissioned landing zone\",\n            \"description\": \"Allowed resource types in the Decommissioned landing zone, default is none.\",\n            \"strongType\": \"resourceTypes\"\n          }\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"DecomDenyResources\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\n          \"parameters\": {\n            \"listOfResourceTypesAllowed\": {\n              \"value\": \"[[parameters('listOfResourceTypesAllowed')]\"\n            }\n          },\n          \"groupNames\": []\n        }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }\n  ",
+    "$fxv#59": "{\n  \"name\": \"Deny-PublicPaaSEndpoints\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that  Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registires with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicEndpoint-MariaDB\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#6": "{\n    \"name\": \"Deploy-AUM-CheckUpdates\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Configure periodic checking for missing system updates on azure virtual machines and Arc-enabled virtual machines\",\n        \"description\": \"Configure auto-assessment (every 24 hours) for OS updates. You can control the scope of assignment according to machine subscription, resource group, location or tag. Learn more about this for Windows: https://aka.ms/computevm-windowspatchassessmentmode, for Linux: https://aka.ms/computevm-linuxpatchassessmentmode.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"assessmentMode\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Assessment mode\",\n                    \"description\": \"Assessment mode for the machines.\"\n                },\n                \"allowedValues\": [\n                    \"ImageDefault\",\n                    \"AutomaticByPlatform\"\n                ],\n                \"defaultValue\": \"AutomaticByPlatform\"\n            },\n            \"locations\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Machines locations\",\n                    \"description\": \"The list of locations from which machines need to be targeted.\",\n                    \"strongType\": \"location\"\n                },\n                \"defaultValue\": []\n            },\n            \"tagValues\": {\n                \"type\": \"Object\",\n                \"metadata\": {\n                    \"displayName\": \"Tags on machines\",\n                    \"description\": \"The list of tags that need to matched for getting target machines.\"\n                },\n                \"defaultValue\": {}\n            },\n            \"tagOperator\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Tag operator\",\n                    \"description\": \"Matching condition for resource tags\"\n                },\n                \"allowedValues\": [\n                    \"All\",\n                    \"Any\"\n                ],\n                \"defaultValue\": \"Any\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmCheckUpdateWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Windows\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmCheckUpdateLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Linux\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmArcCheckUpdateWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfea026e-043f-4ff4-9d1b-bf301ca7ff46\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Windows\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmArcCheckUpdateLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfea026e-043f-4ff4-9d1b-bf301ca7ff46\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Linux\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#60": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
+    "$fxv#61": "{\n  \"name\": \"Deploy-MDFC-Config\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForDns\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForArm\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForStorage\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForStorageAccounts\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c30959-af11-47b3-9ed2-a26e03f427a3\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForStorage')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForDns\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForDns')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForArm\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForArm')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#62": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
+    "$fxv#63": "{\n  \"name\": \"Enforce-Encryption-CMK\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#64": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\n                \"policyDefinitionReferenceId\": \"Dine-Storage-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#65": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-Sup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce additional recommended guardrails for Key Vault\",\n        \"description\": \"This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"keyVaultManagedHsmDisablePublicNetworkModify\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultModifyFw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84d327c3-164a-4685-b453-900478614456\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetworkModify')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-Fw\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultModifyFw')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#66": "{\n    \"name\": \"Enforce-EncryptTransit\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n      \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_20240509.html\",\n      \"metadata\": {\n        \"version\": \"2.1.0-deprecated\",\n        \"category\": \"Encryption\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"deprecated\": true,\n        \"supersededBy\": \"Enforce-EncryptTransit_20240509\",\n        \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n        ]\n      },\n      \"parameters\": {\n        \"AppServiceHttpEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n            \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceTlsVersionEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n            \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n            \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n          }\n        },\n        \"APIAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"FunctionLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"FunctionServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"WebAppServiceLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"WebAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"AKSIngressHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n            \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"deny\",\n          \"allowedValues\": [\n            \"audit\",\n            \"deny\",\n            \"disabled\"\n          ]\n        },\n        \"MySQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"MySQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n            \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"MySQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"PostgreSQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"PostgreSQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n            \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"PostgreSQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"RedisTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"RedisMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n            \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n          }\n        },\n        \"RedisTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n            \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"SQLManagedInstanceTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLManagedInstanceMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n            \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n          }\n        },\n        \"SQLManagedInstanceTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"SQLServerTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLServerminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n            \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n          }\n        },\n        \"SQLServerTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"StorageDeployHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"StorageminimumTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_1\",\n            \"TLS1_0\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Storage Account select minimum TLS version\",\n            \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n          }\n        },\n        \"StorageHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"ContainerAppsHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n            \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Deny\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n            },\n            \"minTlsVersion\": {\n              \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }",
+    "$fxv#67": "{\n    \"name\": \"Enforce-EncryptTransit_20240509\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"ContainerAppsHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n                    \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#68": "{\n    \"name\": \"Enforce-Guardrails-ContainerApps\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Apps\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerAppsManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsVnetInjection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b346db6-85af-419b-8557-92cee2c0f9bb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApp-Vnet-Injection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsVnetInjection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsManagedIdentity')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#69": "{\n    \"name\": \"Enforce-Guardrails-KeyVault\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultManagedHsmCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsPurgeProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86810a98-8e91-4a44-8386-ec66d0de5d57\",\n                \"policyDefinitionReferenceId\": \"Deny-keyVaultManagedHsm-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PurgeProtection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsPurgeProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#7": "{\n    \"name\": \"Enforce-Guardrails-APIM\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for API Management\",\n        \"description\": \"This policy initiative is a group of policies that ensures API Management is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"API Management\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"apiSubscriptionScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"minimumApiVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimSkuVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimApiBackendCertValidation\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimDirectApiEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimCallApiAuthn\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimEncryptedProtocols\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimVnetUsage\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimSecrets\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f1cc7827-022c-473e-836e-5a51cae0b249\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-without-Kv\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimSecrets')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ef619a2c-cc4d-4d03-b2ba-8c94a834d85b\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-without-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimVnetUsage')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-APIM-TLS\",\n                \"policyDefinitionReferenceId\": \"Deny-APIM-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee7495e7-3ba7-40b6-bfee-c29e22cc75d4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Protocols\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimEncryptedProtocols')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c15dcc82-b93c-4dcb-9332-fbf121685b54\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Authn\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimCallApiAuthn')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b741306c-968e-4b67-b916-5675e5c709f4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Direct-Endpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimDirectApiEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92bb331d-ac71-416a-8c91-02f2cb734ce4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Cert-Validation\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimApiBackendCertValidation')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ca8c8ac-3a6e-493d-99ba-c5fa35347ff2\",\n                \"policyDefinitionReferenceId\": \"Dine-Apim-Public-NetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimDisablePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/73ef9241-5d81-4cd4-b483-8443d1730fe5\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Sku-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimSkuVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/549814b6-3212-4203-bdc8-1548d342fb67\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('minimumApiVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3aa03346-d8c5-4994-a5bc-7652c2a2aef1\",\n                \"policyDefinitionReferenceId\": \"Deny-Api-subscription-scope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apiSubscriptionScope')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#70": "{\n    \"name\": \"Enforce-Guardrails-Automation\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"autoHotPatch\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d02d2f7-e38b-4bdc-96f3-adc0a8726abc\",\n                \"policyDefinitionReferenceId\": \"Deny-Windows-Vm-HotPatch\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('autoHotPatch')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#71": "{\n    \"name\": \"Enforce-Guardrails-MySQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlInfraEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#72": "{\n    \"name\": \"Enforce-Guardrails-Network\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableIDPS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafAfdEnabled\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Afd-Enabled\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafAfdEnabled')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-IDPS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableIDPS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#73": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbAtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656\",\n                \"policyDefinitionReferenceId\": \"Dine-CosmosDb-Atp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbAtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#8": "{\n    \"name\": \"Enforce-Guardrails-AppServices\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for App Service\",\n        \"description\": \"This policy initiative is a group of policies that ensures App Service is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"App Service\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"functionAppDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceSkuPl\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceDisableLocalAuthFtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceRouting\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceScmAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceRfc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsRfc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsVnetRouting\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceEnvLatestVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsRemoteDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsRemoteDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceByoc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsModifyHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppService-without-BYOC\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Byoc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceByoc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a5e3fe8f-f6cd-4f1d-bbf6-c749754a724b\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Remote-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsRemoteDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cca5adfe-626b-4cc6-8522-f5b6ed2391bd\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Remote-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsRemoteDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eb4d34ab-0929-491c-bbf3-61e13da19f9a\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Latest-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceEnvLatestVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/801543d1-1953-4a90-b8b0-8cf6d41473a5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Vnet-Routing\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsVnetRouting')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f5c0bfb3-acea-47b1-b477-b0edcdf6edc1\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Rfc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceRfc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a691eacb-474d-47e4-b287-b4813ca44222\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServiceApps-Rfc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsRfc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/70adbb40-e092-42d5-a6f8-71c540a5efdb\",\n                \"policyDefinitionReferenceId\": \"DINE-FuncApp-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e97b776-f380-4722-a9a3-e7f0be029e79\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-ScmAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceScmAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5747353b-1ca9-42c1-a4dd-b874b894f3d4\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-Routing\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceRouting')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/572e342c-c920-4ef5-be2e-1ed3c6a51dc5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-FtpAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceDisableLocalAuthFtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/546fe8d2-368d-4029-a418-6af48a7f61e5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-SkuPl\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceSkuPl')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2c034a29-2a5f-4857-b120-f800fe5549ae\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceDisableLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a5046c-c423-4805-9235-e844ae9ef49b\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08cf2974-d178-48a0-b26d-f6b8e555748b\",\n                \"policyDefinitionReferenceId\": \"Modify-Function-Apps-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsModifyHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0f98368e-36bc-4716-8ac2-8f8067203b63\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/242222f3-4985-4e99-b5ef-086d6a6cb01c\",\n                \"policyDefinitionReferenceId\": \"Modify-Function-Apps-Slots-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2374605e-3e0b-492b-9046-229af202562c\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-Apps-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c6c3e00e-d414-4ca4-914f-406699bb8eee\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-App-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#9": "{\n    \"name\": \"Enforce-Guardrails-CognitiveServices\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cognitive Services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cognitive Services is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cognitiveSearchSku\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveSearchLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyCognitiveSearchLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyCognitiveSearchPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a049bf77-880b-470f-ba6d-9f21c530cf83\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-SKU\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchSku')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6300012e-e9a4-4649-b41f-a85f5c43be91\",\n                \"policyDefinitionReferenceId\": \"Deny-CongitiveSearch-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4eb216f2-9dba-4979-86e6-5d7e63ce3b75\",\n                \"policyDefinitionReferenceId\": \"Modify-CogntiveSearch-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyCognitiveSearchLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9cee519f-d9c1-4fd9-9f79-24ec3449ed30\",\n                \"policyDefinitionReferenceId\": \"Modify-CogntiveSearch-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyCognitiveSearchPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47ba1dd7-28d9-4b07-a8d5-9813bed64e0c\",\n                \"policyDefinitionReferenceId\": \"Modify-Cognitive-Services-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "cloudEnv": "[environment().name]",
     "defaultDeploymentLocationByCloudType": {
       "AzureCloud": "northeurope",
@@ -186,10 +187,10 @@
         "[variables('$fxv#21')]",
         "[variables('$fxv#22')]",
         "[variables('$fxv#23')]",
-        "[variables('$fxv#24')]",
-        "[variables('$fxv#25')]"
+        "[variables('$fxv#24')]"
       ],
       "AzureCloud": [
+        "[variables('$fxv#25')]",
         "[variables('$fxv#26')]",
         "[variables('$fxv#27')]",
         "[variables('$fxv#28')]",
@@ -223,10 +224,10 @@
         "[variables('$fxv#54')]",
         "[variables('$fxv#55')]",
         "[variables('$fxv#56')]",
-        "[variables('$fxv#57')]"
+        "[variables('$fxv#57')]",
+        "[variables('$fxv#58')]"
       ],
       "AzureUSGovernment": [
-        "[variables('$fxv#58')]",
         "[variables('$fxv#59')]",
         "[variables('$fxv#60')]",
         "[variables('$fxv#61')]",
@@ -240,7 +241,8 @@
         "[variables('$fxv#69')]",
         "[variables('$fxv#70')]",
         "[variables('$fxv#71')]",
-        "[variables('$fxv#72')]"
+        "[variables('$fxv#72')]",
+        "[variables('$fxv#73')]"
       ]
     },
     "policySetDefinitionsByCloudType": {
diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/policies.json b/eslzArm/managementGroupTemplates/policyDefinitions/policies.json
index 9eaafe1a97..5f6ce42667 100644
--- a/eslzArm/managementGroupTemplates/policyDefinitions/policies.json
+++ b/eslzArm/managementGroupTemplates/policyDefinitions/policies.json
@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.22.6.54827",
-      "templateHash": "17371257750285966070"
+      "templateHash": "4944830583225163484"
     }
   },
   "parameters": {
@@ -125,23 +125,23 @@
     "$fxv#14": "{\n  \"name\": \"Deny-PostgreSql-http\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"PostgreSQL database servers enforce SSL connection.\",\n    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"SQL\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Deny\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"minimalTlsVersion\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"TLS1_2\",\n        \"allowedValues\": [\n          \"TLS1_2\",\n          \"TLS1_0\",\n          \"TLS1_1\",\n          \"TLSEnforcementDisabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Select version minimum TLS for PostgreSQL server\",\n          \"description\": \"Select version  minimum TLS version Azure Database for PostgreSQL server to enforce\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.DBforPostgreSQL/servers\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.DBforPostgreSQL/servers/sslEnforcement\",\n                \"exists\": \"false\"\n              },\n              {\n                \"field\": \"Microsoft.DBforPostgreSQL/servers/sslEnforcement\",\n                \"notEquals\": \"Enabled\"\n              },\n              {\n                \"field\": \"Microsoft.DBforPostgreSQL/servers/minimalTlsVersion\",\n                \"notequals\": \"[[parameters('minimalTlsVersion')]\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
     "$fxv#140": "{\n    \"name\": \"Deploy-Private-DNS-Generic\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Deploy-Private-DNS-Generic\",\n        \"description\": \"Configure private DNS zone group to override the DNS resolution for PaaS services private endpoint. See https://aka.ms/pepdnszones for information on values to provide to parameters in this policy.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Networking\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n        \t\"AzureChinaCloud\",\n       \t\t\"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\"\n            },\n            \"privateDnsZoneId\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Private DNS Zone ID for Paas services\",\n                    \"description\": \"The private DNS zone name required for specific Paas Services to resolve a private DNS Zone.\",\n                    \"strongType\": \"Microsoft.Network/privateDnsZones\",\n                    \"assignPermissions\": true\n                }\n            },\n            \"resourceType\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"PaaS private endpoint resource type\",\n                    \"description\": \"The PaaS endpoint resource type.\"\n                }\n            },\n            \"groupId\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"PaaS Private endpoint group ID (subresource)\",\n                    \"description\": \"The group ID of the PaaS private endpoint. Also referred to as subresource.\"\n                }\n            },\n            \"evaluationDelay\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Evaluation Delay\",\n                    \"description\": \"The delay in evaluation of the policy. Review delay options at https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effect-deploy-if-not-exists\"\n                },\n                \"defaultValue\": \"PT10M\"\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/privateEndpoints\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*]\",\n                            \"where\": {\n                                \"allOf\": [\n                                    {\n                                        \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId\",\n                                        \"contains\": \"[[parameters('resourceType')]\"\n                                    },\n                                    {\n                                        \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\n                                        \"equals\": \"[[parameters('groupId')]\"\n                                    }\n                                ]\n                            }\n                        },\n                        \"greaterOrEquals\": 1\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\",\n                \"details\": {\n                    \"type\": \"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\n                    \"evaluationDelay\": \"[[parameters('evaluationDelay')]\",\n                    \"roleDefinitionIds\": [\n                        \"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\n                    ],\n                    \"deployment\": {\n                        \"properties\": {\n                            \"mode\": \"incremental\",\n                            \"template\": {\n                                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                                \"contentVersion\": \"1.0.0.0\",\n                                \"parameters\": {\n                                    \"privateDnsZoneId\": {\n                                        \"type\": \"string\"\n                                    },\n                                    \"privateEndpointName\": {\n                                        \"type\": \"string\"\n                                    },\n                                    \"location\": {\n                                        \"type\": \"string\"\n                                    }\n                                },\n                                \"resources\": [\n                                    {\n                                        \"name\": \"[[concat(parameters('privateEndpointName'), '/deployedByPolicy')]\",\n                                        \"type\": \"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\n                                        \"apiVersion\": \"2020-03-01\",\n                                        \"location\": \"[[parameters('location')]\",\n                                        \"properties\": {\n                                            \"privateDnsZoneConfigs\": [\n                                                {\n                                                    \"name\": \"PaaS-Service-Private-DNS-Zone-Config\",\n                                                    \"properties\": {\n                                                        \"privateDnsZoneId\": \"[[parameters('privateDnsZoneId')]\"\n                                                    }\n                                                }\n                                            ]\n                                        }\n                                    }\n                                ]\n                            },\n                            \"parameters\": {\n                                \"privateDnsZoneId\": {\n                                    \"value\": \"[[parameters('privateDnsZoneId')]\"\n                                },\n                                \"privateEndpointName\": {\n                                    \"value\": \"[[field('name')]\"\n                                },\n                                \"location\": {\n                                    \"value\": \"[[field('location')]\"\n                                }\n                            }\n                        }\n                    }\n                }\n            }\n        }\n    }\n}\n",
     "$fxv#141": "{\n  \"name\": \"DenyAction-DeleteResources\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"All\",\n    \"displayName\": \"Do not allow deletion of specified resource and resource type\",\n    \"description\": \"This policy enables you to specify the resource and resource type that your organization can protect from accidentals deletion by blocking delete calls using the deny action effect.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"General\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"resourceName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Name\",\n          \"description\": \"Provide the name of the resource that you want to protect from accidental deletion.\"\n        }\n      },\n      \"resourceType\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Type\",\n          \"description\": \"Provide the resource type that you want to protect from accidental deletion.\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DenyAction\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DenyAction\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"[[parameters('resourceType')]\"\n          },\n          {\n            \"field\": \"name\",\n            \"like\": \"[[parameters('resourceName')]\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"actionNames\": [\n            \"delete\"\n          ]\n        }\n      }\n    }\n  }\n}\n",
-    "$fxv#142": "{\n    \"name\": \"Deploy-Vm-autoShutdown\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"Indexed\",\n        \"displayName\": \"Deploy Virtual Machine Auto Shutdown Schedule\",\n        \"description\": \"Deploys an auto shutdown schedule to a virtual machine\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Compute\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"time\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Scheduled Shutdown Time\",\n                    \"description\": \"Daily Scheduled shutdown time. i.e. 2300 = 11:00 PM\"\n                },\n                \"defaultValue\": \"0000\"\n            },\n            \"timeZoneId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"UTC\",\n                \"metadata\": {\n                    \"displayName\": \"Time zone\",\n                    \"description\": \"The time zone ID (e.g. Pacific Standard time).\"\n                }\n            },\n            \"EnableNotification\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"metadata\": {\n                    \"displayName\": \"Send Notification before auto-shutdown\",\n                    \"description\": \"If notifications are enabled for this schedule (i.e. Enabled, Disabled).\"\n                },\n                \"allowedValues\": [\n                    \"Disabled\",\n                    \"Enabled\"\n                ]\n            },\n            \"NotificationEmailRecipient\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"Email Address\",\n                    \"description\": \"Email address to be used for notification\"\n                }\n            },\n            \"NotificationWebhookUrl\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"Webhook URL\",\n                    \"description\": \"A notification will be posted to the specified webhook endpoint when the auto-shutdown is about to happen.\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"field\": \"type\",\n                \"equals\": \"Microsoft.Compute/virtualMachines\"\n            },\n            \"then\": {\n                \"effect\": \"deployIfNotExists\",\n                \"details\": {\n                    \"type\": \"Microsoft.DevTestLab/schedules\",\n                    \"existenceCondition\": {\n                        \"allOf\": [\n                            {\n                                \"field\": \"Microsoft.DevTestLab/schedules/taskType\",\n                                \"equals\": \"ComputeVmShutdownTask\"\n                            },\n                            {\n                                \"field\": \"Microsoft.DevTestLab/schedules/targetResourceId\",\n                                \"equals\": \"[[concat(resourceGroup().id,'/providers/Microsoft.Compute/virtualMachines/',field('name'))]\"\n                            }\n                        ]\n                    },\n                    \"roleDefinitionIds\": [\n                        \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\n                    ],\n                    \"deployment\": {\n                        \"properties\": {\n                            \"mode\": \"incremental\",\n                            \"template\": {\n                                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                                \"contentVersion\": \"1.0.0.0\",\n                                \"parameters\": {\n                                    \"vmName\": {\n                                        \"type\": \"string\"\n                                    },\n                                    \"location\": {\n                                        \"type\": \"string\"\n                                    },\n                                    \"time\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"Daily Scheduled shutdown time. i.e. 2300 = 11:00 PM\"\n                                        }\n                                    },\n                                    \"timeZoneId\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"The time zone ID (e.g. Pacific Standard time).\"\n                                        }\n                                    },\n                                    \"EnableNotification\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"If notifications are enabled for this schedule (i.e. Enabled, Disabled).\"\n                                        }\n                                    },\n                                    \"NotificationEmailRecipient\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"Email address to be used for notification\"\n                                        }\n                                    },\n                                    \"NotificationWebhookUrl\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"A notification will be posted to the specified webhook endpoint when the auto-shutdown is about to happen.\"\n                                        }\n                                    }\n                                },\n                                \"variables\": {},\n                                \"resources\": [\n                                    {\n                                        \"name\": \"[[concat('shutdown-computevm-',parameters('vmName'))]\",\n                                        \"type\": \"Microsoft.DevTestLab/schedules\",\n                                        \"location\": \"[[parameters('location')]\",\n                                        \"apiVersion\": \"2018-09-15\",\n                                        \"properties\": {\n                                            \"status\": \"Enabled\",\n                                            \"taskType\": \"ComputeVmShutdownTask\",\n                                            \"dailyRecurrence\": {\n                                                \"time\": \"[[parameters('time')]\"\n                                            },\n                                            \"timeZoneId\": \"[[parameters('timeZoneId')]\",\n                                            \"notificationSettings\": {\n                                                \"status\": \"[[parameters('EnableNotification')]\",\n                                                \"timeInMinutes\": 30,\n                                                \"webhookUrl\": \"[[parameters('NotificationWebhookUrl')]\",\n                                                \"emailRecipient\": \"[[parameters('NotificationEmailRecipient')]\",\n                                                \"notificationLocale\": \"en\"\n                                            },\n                                            \"targetResourceId\": \"[[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]\"\n                                        }\n                                    }\n                                ],\n                                \"outputs\": {}\n                            },\n                            \"parameters\": {\n                                \"vmName\": {\n                                    \"value\": \"[[field('name')]\"\n                                },\n                                \"location\": {\n                                    \"value\": \"[[field('location')]\"\n                                },\n                                \"time\": {\n                                    \"value\": \"[[parameters('time')]\"\n                                },\n                                \"timeZoneId\": {\n                                    \"value\": \"[[parameters('timeZoneId')]\"\n                                },\n                                \"EnableNotification\": {\n                                    \"value\": \"[[parameters('EnableNotification')]\"\n                                },\n                                \"NotificationEmailRecipient\": {\n                                    \"value\": \"[[parameters('NotificationEmailRecipient')]\"\n                                },\n                                \"NotificationWebhookUrl\": {\n                                    \"value\": \"[[parameters('NotificationWebhookUrl')]\"\n                                }\n                            }\n                        }\n                    }\n                }\n            }\n        }\n    }\n}",
-    "$fxv#143": "{\n  \"name\": \"Audit-MachineLearning-PrivateEndpointId\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Control private endpoint connections to Azure Machine Learning\",\n    \"description\": \"Audit private endpoints that are created in other subscriptions and/or tenants for Azure Machine Learning.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Audit\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\n            \"equals\": \"Approved\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateEndpoint.id\",\n                \"exists\": false\n              },\n              {\n                \"value\": \"[[split(concat(field('Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateEndpoint.id'), '//'), '/')[2]]\",\n                \"notEquals\": \"[[subscription().subscriptionId]\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#144": "{\n  \"name\": \"Deny-AA-child-resources\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"No child resources in Automation Account\",\n    \"description\": \"This policy denies the creation of child resources on the Automation Account\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Automation\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"in\": [\n              \"Microsoft.Automation/automationAccounts/runbooks\",\n              \"Microsoft.Automation/automationAccounts/variables\",\n              \"Microsoft.Automation/automationAccounts/modules\",\n              \"Microsoft.Automation/automationAccounts/credentials\",\n              \"Microsoft.Automation/automationAccounts/connections\",\n              \"Microsoft.Automation/automationAccounts/certificates\"\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#145": "{\n  \"name\": \"Deny-Databricks-NoPublicIp\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny public IPs for Databricks cluster\",\n    \"description\": \"Denies the deployment of workspaces that do not use the noPublicIp feature to host Databricks clusters without public IPs.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Databricks\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Databricks/workspaces\"\n          },\n          {\n            \"field\": \"Microsoft.DataBricks/workspaces/parameters.enableNoPublicIp.value\",\n            \"notEquals\": true\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#146": "{\n  \"name\": \"Deny-Databricks-Sku\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny non-premium Databricks sku\",\n    \"description\": \"Enforces the use of Premium Databricks workspaces to make sure appropriate security features are available including Databricks Access Controls, Credential Passthrough and SCIM provisioning for Microsoft Entra ID.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Databricks\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Databricks/workspaces\"\n          },\n          {\n            \"field\": \"Microsoft.DataBricks/workspaces/sku.name\",\n            \"notEquals\": \"premium\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}",
-    "$fxv#147": "{\n  \"name\": \"Deny-Databricks-VirtualNetwork\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny Databricks workspaces without Vnet injection\",\n    \"description\": \"Enforces the use of vnet injection for Databricks workspaces.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Databricks\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Databricks/workspaces\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.DataBricks/workspaces/parameters.customVirtualNetworkId.value\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.DataBricks/workspaces/parameters.customPublicSubnetName.value\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.DataBricks/workspaces/parameters.customPrivateSubnetName.value\",\n                \"exists\": false\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#148": "{\n  \"name\": \"Deny-MachineLearning-Aks\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny AKS cluster creation in Azure Machine Learning\",\n    \"description\": \"Deny AKS cluster creation in Azure Machine Learning and enforce connecting to existing clusters.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"equals\": \"AKS\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/resourceId\",\n                \"exists\": false\n              },\n              {\n                \"value\": \"[[empty(field('Microsoft.MachineLearningServices/workspaces/computes/resourceId'))]\",\n                \"equals\": true\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#149": "{\n  \"name\": \"Deny-MachineLearning-Compute-SubnetId\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Enforce subnet connectivity for Azure Machine Learning compute clusters and compute instances\",\n    \"description\": \"Enforce subnet connectivity for Azure Machine Learning compute clusters and compute instances.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"in\": [\n              \"AmlCompute\",\n              \"ComputeInstance\"\n            ]\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/subnet.id\",\n                \"exists\": false\n              },\n              {\n                \"value\": \"[[empty(field('Microsoft.MachineLearningServices/workspaces/computes/subnet.id'))]\",\n                \"equals\": true\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#142": "{\n  \"name\": \"Audit-MachineLearning-PrivateEndpointId\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Control private endpoint connections to Azure Machine Learning\",\n    \"description\": \"Audit private endpoints that are created in other subscriptions and/or tenants for Azure Machine Learning.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Audit\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\n            \"equals\": \"Approved\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateEndpoint.id\",\n                \"exists\": false\n              },\n              {\n                \"value\": \"[[split(concat(field('Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateEndpoint.id'), '//'), '/')[2]]\",\n                \"notEquals\": \"[[subscription().subscriptionId]\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#143": "{\n  \"name\": \"Deny-AA-child-resources\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"No child resources in Automation Account\",\n    \"description\": \"This policy denies the creation of child resources on the Automation Account\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Automation\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"in\": [\n              \"Microsoft.Automation/automationAccounts/runbooks\",\n              \"Microsoft.Automation/automationAccounts/variables\",\n              \"Microsoft.Automation/automationAccounts/modules\",\n              \"Microsoft.Automation/automationAccounts/credentials\",\n              \"Microsoft.Automation/automationAccounts/connections\",\n              \"Microsoft.Automation/automationAccounts/certificates\"\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#144": "{\n  \"name\": \"Deny-Databricks-NoPublicIp\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny public IPs for Databricks cluster\",\n    \"description\": \"Denies the deployment of workspaces that do not use the noPublicIp feature to host Databricks clusters without public IPs.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Databricks\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Databricks/workspaces\"\n          },\n          {\n            \"field\": \"Microsoft.DataBricks/workspaces/parameters.enableNoPublicIp.value\",\n            \"notEquals\": true\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#145": "{\n  \"name\": \"Deny-Databricks-Sku\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny non-premium Databricks sku\",\n    \"description\": \"Enforces the use of Premium Databricks workspaces to make sure appropriate security features are available including Databricks Access Controls, Credential Passthrough and SCIM provisioning for Microsoft Entra ID.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Databricks\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Databricks/workspaces\"\n          },\n          {\n            \"field\": \"Microsoft.DataBricks/workspaces/sku.name\",\n            \"notEquals\": \"premium\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}",
+    "$fxv#146": "{\n  \"name\": \"Deny-Databricks-VirtualNetwork\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny Databricks workspaces without Vnet injection\",\n    \"description\": \"Enforces the use of vnet injection for Databricks workspaces.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Databricks\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Databricks/workspaces\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.DataBricks/workspaces/parameters.customVirtualNetworkId.value\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.DataBricks/workspaces/parameters.customPublicSubnetName.value\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.DataBricks/workspaces/parameters.customPrivateSubnetName.value\",\n                \"exists\": false\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#147": "{\n  \"name\": \"Deny-MachineLearning-Aks\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny AKS cluster creation in Azure Machine Learning\",\n    \"description\": \"Deny AKS cluster creation in Azure Machine Learning and enforce connecting to existing clusters.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"equals\": \"AKS\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/resourceId\",\n                \"exists\": false\n              },\n              {\n                \"value\": \"[[empty(field('Microsoft.MachineLearningServices/workspaces/computes/resourceId'))]\",\n                \"equals\": true\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#148": "{\n  \"name\": \"Deny-MachineLearning-Compute-SubnetId\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Enforce subnet connectivity for Azure Machine Learning compute clusters and compute instances\",\n    \"description\": \"Enforce subnet connectivity for Azure Machine Learning compute clusters and compute instances.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"in\": [\n              \"AmlCompute\",\n              \"ComputeInstance\"\n            ]\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/subnet.id\",\n                \"exists\": false\n              },\n              {\n                \"value\": \"[[empty(field('Microsoft.MachineLearningServices/workspaces/computes/subnet.id'))]\",\n                \"equals\": true\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#149": "{\n  \"name\": \"Deny-MachineLearning-Compute-VmSize\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Limit allowed vm sizes for Azure Machine Learning compute clusters and compute instances\",\n    \"description\": \"Limit allowed vm sizes for Azure Machine Learning compute clusters and compute instances.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Budget\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"allowedVmSizes\": {\n        \"type\": \"Array\",\n        \"metadata\": {\n          \"displayName\": \"Allowed VM Sizes for Aml Compute Clusters and Instances\",\n          \"description\": \"Specifies the allowed VM Sizes for Aml Compute Clusters and Instances\"\n        },\n        \"defaultValue\": [\n          \"Standard_D1_v2\",\n          \"Standard_D2_v2\",\n          \"Standard_D3_v2\",\n          \"Standard_D4_v2\",\n          \"Standard_D11_v2\",\n          \"Standard_D12_v2\",\n          \"Standard_D13_v2\",\n          \"Standard_D14_v2\",\n          \"Standard_DS1_v2\",\n          \"Standard_DS2_v2\",\n          \"Standard_DS3_v2\",\n          \"Standard_DS4_v2\",\n          \"Standard_DS5_v2\",\n          \"Standard_DS11_v2\",\n          \"Standard_DS12_v2\",\n          \"Standard_DS13_v2\",\n          \"Standard_DS14_v2\",\n          \"Standard_M8-2ms\",\n          \"Standard_M8-4ms\",\n          \"Standard_M8ms\",\n          \"Standard_M16-4ms\",\n          \"Standard_M16-8ms\",\n          \"Standard_M16ms\",\n          \"Standard_M32-8ms\",\n          \"Standard_M32-16ms\",\n          \"Standard_M32ls\",\n          \"Standard_M32ms\",\n          \"Standard_M32ts\",\n          \"Standard_M64-16ms\",\n          \"Standard_M64-32ms\",\n          \"Standard_M64ls\",\n          \"Standard_M64ms\",\n          \"Standard_M64s\",\n          \"Standard_M128-32ms\",\n          \"Standard_M128-64ms\",\n          \"Standard_M128ms\",\n          \"Standard_M128s\",\n          \"Standard_M64\",\n          \"Standard_M64m\",\n          \"Standard_M128\",\n          \"Standard_M128m\",\n          \"Standard_D1\",\n          \"Standard_D2\",\n          \"Standard_D3\",\n          \"Standard_D4\",\n          \"Standard_D11\",\n          \"Standard_D12\",\n          \"Standard_D13\",\n          \"Standard_D14\",\n          \"Standard_DS15_v2\",\n          \"Standard_NV6\",\n          \"Standard_NV12\",\n          \"Standard_NV24\",\n          \"Standard_F2s_v2\",\n          \"Standard_F4s_v2\",\n          \"Standard_F8s_v2\",\n          \"Standard_F16s_v2\",\n          \"Standard_F32s_v2\",\n          \"Standard_F64s_v2\",\n          \"Standard_F72s_v2\",\n          \"Standard_NC6s_v3\",\n          \"Standard_NC12s_v3\",\n          \"Standard_NC24rs_v3\",\n          \"Standard_NC24s_v3\",\n          \"Standard_NC6\",\n          \"Standard_NC12\",\n          \"Standard_NC24\",\n          \"Standard_NC24r\",\n          \"Standard_ND6s\",\n          \"Standard_ND12s\",\n          \"Standard_ND24rs\",\n          \"Standard_ND24s\",\n          \"Standard_NC6s_v2\",\n          \"Standard_NC12s_v2\",\n          \"Standard_NC24rs_v2\",\n          \"Standard_NC24s_v2\",\n          \"Standard_ND40rs_v2\",\n          \"Standard_NV12s_v3\",\n          \"Standard_NV24s_v3\",\n          \"Standard_NV48s_v3\"\n        ]\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"in\": [\n              \"AmlCompute\",\n              \"ComputeInstance\"\n            ]\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/vmSize\",\n            \"notIn\": \"[[parameters('allowedVmSizes')]\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
     "$fxv#15": "{\n  \"name\": \"Deny-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny the creation of private DNS\",\n    \"description\": \"This policy denies the creation of a private DNS in the current scope, used in combination with policies that create centralized private DNS in connectivity subscription\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"field\": \"type\",\n        \"equals\": \"Microsoft.Network/privateDnsZones\"\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#150": "{\n  \"name\": \"Deny-MachineLearning-Compute-VmSize\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Limit allowed vm sizes for Azure Machine Learning compute clusters and compute instances\",\n    \"description\": \"Limit allowed vm sizes for Azure Machine Learning compute clusters and compute instances.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Budget\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"allowedVmSizes\": {\n        \"type\": \"Array\",\n        \"metadata\": {\n          \"displayName\": \"Allowed VM Sizes for Aml Compute Clusters and Instances\",\n          \"description\": \"Specifies the allowed VM Sizes for Aml Compute Clusters and Instances\"\n        },\n        \"defaultValue\": [\n          \"Standard_D1_v2\",\n          \"Standard_D2_v2\",\n          \"Standard_D3_v2\",\n          \"Standard_D4_v2\",\n          \"Standard_D11_v2\",\n          \"Standard_D12_v2\",\n          \"Standard_D13_v2\",\n          \"Standard_D14_v2\",\n          \"Standard_DS1_v2\",\n          \"Standard_DS2_v2\",\n          \"Standard_DS3_v2\",\n          \"Standard_DS4_v2\",\n          \"Standard_DS5_v2\",\n          \"Standard_DS11_v2\",\n          \"Standard_DS12_v2\",\n          \"Standard_DS13_v2\",\n          \"Standard_DS14_v2\",\n          \"Standard_M8-2ms\",\n          \"Standard_M8-4ms\",\n          \"Standard_M8ms\",\n          \"Standard_M16-4ms\",\n          \"Standard_M16-8ms\",\n          \"Standard_M16ms\",\n          \"Standard_M32-8ms\",\n          \"Standard_M32-16ms\",\n          \"Standard_M32ls\",\n          \"Standard_M32ms\",\n          \"Standard_M32ts\",\n          \"Standard_M64-16ms\",\n          \"Standard_M64-32ms\",\n          \"Standard_M64ls\",\n          \"Standard_M64ms\",\n          \"Standard_M64s\",\n          \"Standard_M128-32ms\",\n          \"Standard_M128-64ms\",\n          \"Standard_M128ms\",\n          \"Standard_M128s\",\n          \"Standard_M64\",\n          \"Standard_M64m\",\n          \"Standard_M128\",\n          \"Standard_M128m\",\n          \"Standard_D1\",\n          \"Standard_D2\",\n          \"Standard_D3\",\n          \"Standard_D4\",\n          \"Standard_D11\",\n          \"Standard_D12\",\n          \"Standard_D13\",\n          \"Standard_D14\",\n          \"Standard_DS15_v2\",\n          \"Standard_NV6\",\n          \"Standard_NV12\",\n          \"Standard_NV24\",\n          \"Standard_F2s_v2\",\n          \"Standard_F4s_v2\",\n          \"Standard_F8s_v2\",\n          \"Standard_F16s_v2\",\n          \"Standard_F32s_v2\",\n          \"Standard_F64s_v2\",\n          \"Standard_F72s_v2\",\n          \"Standard_NC6s_v3\",\n          \"Standard_NC12s_v3\",\n          \"Standard_NC24rs_v3\",\n          \"Standard_NC24s_v3\",\n          \"Standard_NC6\",\n          \"Standard_NC12\",\n          \"Standard_NC24\",\n          \"Standard_NC24r\",\n          \"Standard_ND6s\",\n          \"Standard_ND12s\",\n          \"Standard_ND24rs\",\n          \"Standard_ND24s\",\n          \"Standard_NC6s_v2\",\n          \"Standard_NC12s_v2\",\n          \"Standard_NC24rs_v2\",\n          \"Standard_NC24s_v2\",\n          \"Standard_ND40rs_v2\",\n          \"Standard_NV12s_v3\",\n          \"Standard_NV24s_v3\",\n          \"Standard_NV48s_v3\"\n        ]\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"in\": [\n              \"AmlCompute\",\n              \"ComputeInstance\"\n            ]\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/vmSize\",\n            \"notIn\": \"[[parameters('allowedVmSizes')]\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#151": "{\n  \"name\": \"Deny-MachineLearning-ComputeCluster-RemoteLoginPortPublicAccess\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"All\",\n    \"displayName\": \"Deny public access of Azure Machine Learning clusters via SSH\",\n    \"description\": \"Deny public access of Azure Machine Learning clusters via SSH.\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"equals\": \"AmlCompute\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/remoteLoginPortPublicAccess\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/remoteLoginPortPublicAccess\",\n                \"notEquals\": \"Disabled\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#152": "{\n  \"name\": \"Deny-MachineLearning-ComputeCluster-Scale\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Enforce scale settings for Azure Machine Learning compute clusters\",\n    \"description\": \"Enforce scale settings for Azure Machine Learning compute clusters.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Budget\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"maxNodeCount\": {\n        \"type\": \"Integer\",\n        \"metadata\": {\n          \"displayName\": \"Maximum Node Count\",\n          \"description\": \"Specifies the maximum node count of AML Clusters\"\n        },\n        \"defaultValue\": 10\n      },\n      \"minNodeCount\": {\n        \"type\": \"Integer\",\n        \"metadata\": {\n          \"displayName\": \"Minimum Node Count\",\n          \"description\": \"Specifies the minimum node count of AML Clusters\"\n        },\n        \"defaultValue\": 0\n      },\n      \"maxNodeIdleTimeInSecondsBeforeScaleDown\": {\n        \"type\": \"Integer\",\n        \"metadata\": {\n          \"displayName\": \"Maximum Node Idle Time in Seconds Before Scaledown\",\n          \"description\": \"Specifies the maximum node idle time in seconds before scaledown\"\n        },\n        \"defaultValue\": 900\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"equals\": \"AmlCompute\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.maxNodeCount\",\n                \"greater\": \"[[parameters('maxNodeCount')]\"\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.minNodeCount\",\n                \"greater\": \"[[parameters('minNodeCount')]\"\n              },\n              {\n                \"value\": \"[[int(last(split(replace(replace(replace(replace(replace(replace(replace(field('Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.nodeIdleTimeBeforeScaleDown'), 'P', '/'), 'Y', '/'), 'M', '/'), 'D', '/'), 'T', '/'), 'H', '/'), 'S', ''), '/')))]\",\n                \"greater\": \"[[parameters('maxNodeIdleTimeInSecondsBeforeScaleDown')]\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#153": "{\n  \"name\": \"Deny-MachineLearning-HbiWorkspace\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Enforces high business impact Azure Machine Learning Workspaces\",\n    \"description\": \"Enforces high business impact Azure Machine Learning workspaces.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/hbiWorkspace\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/hbiWorkspace\",\n                \"notEquals\": true\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#154": "{\n  \"name\": \"Deny-MachineLearning-PublicAccessWhenBehindVnet\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny public access behind vnet to Azure Machine Learning workspace\",\n    \"description\": \"Deny public access behind vnet to Azure Machine Learning workspaces.\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/allowPublicAccessWhenBehindVnet\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/allowPublicAccessWhenBehindVnet\",\n                \"notEquals\": false\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#155": "{\n  \"name\": \"Deny-MachineLearning-PublicNetworkAccess\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated] Azure Machine Learning should have disabled public network access\",\n    \"description\": \"Denies public network access for Azure Machine Learning workspaces. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/438c38d2-3772-465a-a9cc-7a6666a275ce.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"438c38d2-3772-465a-a9cc-7a6666a275ce\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/publicNetworkAccess\",\n            \"notEquals\": \"Disabled\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#156": "{\n  \"name\": \"Deploy-Budget\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"All\",\n    \"displayName\": \"Deploy a default budget on all subscriptions under the assigned scope\",\n    \"description\": \"Deploy a default budget on all subscriptions under the assigned scope\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Budget\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"budgetName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"budget-set-by-policy\",\n        \"metadata\": {\n          \"description\": \"The name for the budget to be created\"\n        }\n      },\n      \"amount\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"1000\",\n        \"metadata\": {\n          \"description\": \"The total amount of cost or usage to track with the budget\"\n        }\n      },\n      \"timeGrain\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Monthly\",\n        \"allowedValues\": [\n          \"Monthly\",\n          \"Quarterly\",\n          \"Annually\",\n          \"BillingMonth\",\n          \"BillingQuarter\",\n          \"BillingAnnual\"\n        ],\n        \"metadata\": {\n          \"description\": \"The time covered by a budget. Tracking of the amount will be reset based on the time grain.\"\n        }\n      },\n      \"firstThreshold\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"90\",\n        \"metadata\": {\n          \"description\": \"Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.\"\n        }\n      },\n      \"secondThreshold\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"100\",\n        \"metadata\": {\n          \"description\": \"Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.\"\n        }\n      },\n      \"contactRoles\": {\n        \"type\": \"Array\",\n        \"defaultValue\": [\n          \"Owner\",\n          \"Contributor\"\n        ],\n        \"metadata\": {\n          \"description\": \"The list of contact RBAC roles, in an array, to send the budget notification to when the threshold is exceeded.\"\n        }\n      },\n      \"contactEmails\": {\n        \"type\": \"Array\",\n        \"defaultValue\": [],\n        \"metadata\": {\n          \"description\": \"The list of email addresses, in an array, to send the budget notification to when the threshold is exceeded.\"\n        }\n      },\n      \"contactGroups\": {\n        \"type\": \"Array\",\n        \"defaultValue\": [],\n        \"metadata\": {\n          \"description\": \"The list of action groups, in an array, to send the budget notification to when the threshold is exceeded. It accepts array of strings.\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Resources/subscriptions\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Consumption/budgets\",\n          \"deploymentScope\": \"subscription\",\n          \"existenceScope\": \"subscription\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Consumption/budgets/amount\",\n                \"equals\": \"[[parameters('amount')]\"\n              },\n              {\n                \"field\": \"Microsoft.Consumption/budgets/timeGrain\",\n                \"equals\": \"[[parameters('timeGrain')]\"\n              },\n              {\n                \"field\": \"Microsoft.Consumption/budgets/category\",\n                \"equals\": \"Cost\"\n              }\n            ]\n          },\n          \"roleDefinitionIds\": [\n            \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n          ],\n          \"deployment\": {\n            \"location\": \"northeurope\",\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"parameters\": {\n                \"budgetName\": {\n                  \"value\": \"[[parameters('budgetName')]\"\n                },\n                \"amount\": {\n                  \"value\": \"[[parameters('amount')]\"\n                },\n                \"timeGrain\": {\n                  \"value\": \"[[parameters('timeGrain')]\"\n                },\n                \"firstThreshold\": {\n                  \"value\": \"[[parameters('firstThreshold')]\"\n                },\n                \"secondThreshold\": {\n                  \"value\": \"[[parameters('secondThreshold')]\"\n                },\n                \"contactEmails\": {\n                  \"value\": \"[[parameters('contactEmails')]\"\n                },\n                \"contactRoles\": {\n                  \"value\": \"[[parameters('contactRoles')]\"\n                },\n                \"contactGroups\": {\n                  \"value\": \"[[parameters('contactGroups')]\"\n                }\n              },\n              \"template\": {\n                \"$schema\": \"http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"budgetName\": {\n                    \"type\": \"String\"\n                  },\n                  \"amount\": {\n                    \"type\": \"String\"\n                  },\n                  \"timeGrain\": {\n                    \"type\": \"String\"\n                  },\n                  \"firstThreshold\": {\n                    \"type\": \"String\"\n                  },\n                  \"secondThreshold\": {\n                    \"type\": \"String\"\n                  },\n                  \"contactEmails\": {\n                    \"type\": \"Array\"\n                  },\n                  \"contactRoles\": {\n                    \"type\": \"Array\"\n                  },\n                  \"contactGroups\": {\n                    \"type\": \"Array\"\n                  },\n                  \"startDate\": {\n                    \"type\": \"String\",\n                    \"defaultValue\": \"[[concat(utcNow('MM'), '/01/', utcNow('yyyy'))]\"\n                  }\n                },\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.Consumption/budgets\",\n                    \"apiVersion\": \"2019-10-01\",\n                    \"name\": \"[[parameters('budgetName')]\",\n                    \"properties\": {\n                      \"timePeriod\": {\n                        \"startDate\": \"[[parameters('startDate')]\"\n                      },\n                      \"timeGrain\": \"[[parameters('timeGrain')]\",\n                      \"amount\": \"[[parameters('amount')]\",\n                      \"category\": \"Cost\",\n                      \"notifications\": {\n                        \"NotificationForExceededBudget1\": {\n                          \"enabled\": true,\n                          \"operator\": \"GreaterThan\",\n                          \"threshold\": \"[[parameters('firstThreshold')]\",\n                          \"contactEmails\": \"[[parameters('contactEmails')]\",\n                          \"contactRoles\": \"[[parameters('contactRoles')]\",\n                          \"contactGroups\": \"[[parameters('contactGroups')]\"\n                        },\n                        \"NotificationForExceededBudget2\": {\n                          \"enabled\": true,\n                          \"operator\": \"GreaterThan\",\n                          \"threshold\": \"[[parameters('secondThreshold')]\",\n                          \"contactEmails\": \"[[parameters('contactEmails')]\",\n                          \"contactRoles\": \"[[parameters('contactRoles')]\",\n                          \"contactGroups\": \"[[parameters('contactGroups')]\"\n                        }\n                      }\n                    }\n                  }\n                ]\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
-    "$fxv#157": "{\n  \"name\": \"Deploy-Diagnostics-AVDScalingPlans\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace\",\n    \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any Scaling Plan which is missing this diagnostic settings is created or updated. This policy is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n    \"metadata\": {\n      \"deprecated\": true,\n      \"version\": \"1.1.0-deprecated\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"logsEnabled\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"True\",\n        \"allowedValues\": [\n          \"True\",\n          \"False\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Enable logs\",\n          \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"field\": \"type\",\n        \"equals\": \"Microsoft.DesktopVirtualization/scalingplans\"\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Insights/diagnosticSettings\",\n          \"name\": \"[[parameters('profileName')]\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n                \"equals\": \"true\"\n              },\n              {\n                \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n                \"equals\": \"[[parameters('logAnalytics')]\"\n              }\n            ]\n          },\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n            \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n          ],\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"template\": {\n                \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"resourceName\": {\n                    \"type\": \"String\"\n                  },\n                  \"logAnalytics\": {\n                    \"type\": \"String\"\n                  },\n                  \"location\": {\n                    \"type\": \"String\"\n                  },\n                  \"profileName\": {\n                    \"type\": \"String\"\n                  },\n                  \"logsEnabled\": {\n                    \"type\": \"String\"\n                  }\n                },\n                \"variables\": {},\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.DesktopVirtualization/scalingplans/providers/diagnosticSettings\",\n                    \"apiVersion\": \"2017-05-01-preview\",\n                    \"name\": \"[[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n                    \"location\": \"[[parameters('location')]\",\n                    \"dependsOn\": [],\n                    \"properties\": {\n                      \"workspaceId\": \"[[parameters('logAnalytics')]\",\n                      \"logs\": [\n                        {\n                          \"category\": \"Autoscale\",\n                          \"enabled\": \"[[parameters('logsEnabled')]\"\n                        }\n                      ]\n                    }\n                  }\n                ],\n                \"outputs\": {}\n              },\n              \"parameters\": {\n                \"logAnalytics\": {\n                  \"value\": \"[[parameters('logAnalytics')]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"resourceName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"profileName\": {\n                  \"value\": \"[[parameters('profileName')]\"\n                },\n                \"logsEnabled\": {\n                  \"value\": \"[[parameters('logsEnabled')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}",
+    "$fxv#150": "{\n  \"name\": \"Deny-MachineLearning-ComputeCluster-RemoteLoginPortPublicAccess\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"All\",\n    \"displayName\": \"Deny public access of Azure Machine Learning clusters via SSH\",\n    \"description\": \"Deny public access of Azure Machine Learning clusters via SSH.\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"equals\": \"AmlCompute\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/remoteLoginPortPublicAccess\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/remoteLoginPortPublicAccess\",\n                \"notEquals\": \"Disabled\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#151": "{\n  \"name\": \"Deny-MachineLearning-ComputeCluster-Scale\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Enforce scale settings for Azure Machine Learning compute clusters\",\n    \"description\": \"Enforce scale settings for Azure Machine Learning compute clusters.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Budget\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"maxNodeCount\": {\n        \"type\": \"Integer\",\n        \"metadata\": {\n          \"displayName\": \"Maximum Node Count\",\n          \"description\": \"Specifies the maximum node count of AML Clusters\"\n        },\n        \"defaultValue\": 10\n      },\n      \"minNodeCount\": {\n        \"type\": \"Integer\",\n        \"metadata\": {\n          \"displayName\": \"Minimum Node Count\",\n          \"description\": \"Specifies the minimum node count of AML Clusters\"\n        },\n        \"defaultValue\": 0\n      },\n      \"maxNodeIdleTimeInSecondsBeforeScaleDown\": {\n        \"type\": \"Integer\",\n        \"metadata\": {\n          \"displayName\": \"Maximum Node Idle Time in Seconds Before Scaledown\",\n          \"description\": \"Specifies the maximum node idle time in seconds before scaledown\"\n        },\n        \"defaultValue\": 900\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"equals\": \"AmlCompute\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.maxNodeCount\",\n                \"greater\": \"[[parameters('maxNodeCount')]\"\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.minNodeCount\",\n                \"greater\": \"[[parameters('minNodeCount')]\"\n              },\n              {\n                \"value\": \"[[int(last(split(replace(replace(replace(replace(replace(replace(replace(field('Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.nodeIdleTimeBeforeScaleDown'), 'P', '/'), 'Y', '/'), 'M', '/'), 'D', '/'), 'T', '/'), 'H', '/'), 'S', ''), '/')))]\",\n                \"greater\": \"[[parameters('maxNodeIdleTimeInSecondsBeforeScaleDown')]\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#152": "{\n  \"name\": \"Deny-MachineLearning-HbiWorkspace\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Enforces high business impact Azure Machine Learning Workspaces\",\n    \"description\": \"Enforces high business impact Azure Machine Learning workspaces.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/hbiWorkspace\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/hbiWorkspace\",\n                \"notEquals\": true\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#153": "{\n  \"name\": \"Deny-MachineLearning-PublicAccessWhenBehindVnet\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny public access behind vnet to Azure Machine Learning workspace\",\n    \"description\": \"Deny public access behind vnet to Azure Machine Learning workspaces.\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/allowPublicAccessWhenBehindVnet\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/allowPublicAccessWhenBehindVnet\",\n                \"notEquals\": false\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#154": "{\n  \"name\": \"Deny-MachineLearning-PublicNetworkAccess\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated] Azure Machine Learning should have disabled public network access\",\n    \"description\": \"Denies public network access for Azure Machine Learning workspaces. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/438c38d2-3772-465a-a9cc-7a6666a275ce.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"438c38d2-3772-465a-a9cc-7a6666a275ce\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/publicNetworkAccess\",\n            \"notEquals\": \"Disabled\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#155": "{\n  \"name\": \"Deploy-Budget\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"All\",\n    \"displayName\": \"Deploy a default budget on all subscriptions under the assigned scope\",\n    \"description\": \"Deploy a default budget on all subscriptions under the assigned scope\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Budget\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"budgetName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"budget-set-by-policy\",\n        \"metadata\": {\n          \"description\": \"The name for the budget to be created\"\n        }\n      },\n      \"amount\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"1000\",\n        \"metadata\": {\n          \"description\": \"The total amount of cost or usage to track with the budget\"\n        }\n      },\n      \"timeGrain\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Monthly\",\n        \"allowedValues\": [\n          \"Monthly\",\n          \"Quarterly\",\n          \"Annually\",\n          \"BillingMonth\",\n          \"BillingQuarter\",\n          \"BillingAnnual\"\n        ],\n        \"metadata\": {\n          \"description\": \"The time covered by a budget. Tracking of the amount will be reset based on the time grain.\"\n        }\n      },\n      \"firstThreshold\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"90\",\n        \"metadata\": {\n          \"description\": \"Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.\"\n        }\n      },\n      \"secondThreshold\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"100\",\n        \"metadata\": {\n          \"description\": \"Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.\"\n        }\n      },\n      \"contactRoles\": {\n        \"type\": \"Array\",\n        \"defaultValue\": [\n          \"Owner\",\n          \"Contributor\"\n        ],\n        \"metadata\": {\n          \"description\": \"The list of contact RBAC roles, in an array, to send the budget notification to when the threshold is exceeded.\"\n        }\n      },\n      \"contactEmails\": {\n        \"type\": \"Array\",\n        \"defaultValue\": [],\n        \"metadata\": {\n          \"description\": \"The list of email addresses, in an array, to send the budget notification to when the threshold is exceeded.\"\n        }\n      },\n      \"contactGroups\": {\n        \"type\": \"Array\",\n        \"defaultValue\": [],\n        \"metadata\": {\n          \"description\": \"The list of action groups, in an array, to send the budget notification to when the threshold is exceeded. It accepts array of strings.\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Resources/subscriptions\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Consumption/budgets\",\n          \"deploymentScope\": \"subscription\",\n          \"existenceScope\": \"subscription\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Consumption/budgets/amount\",\n                \"equals\": \"[[parameters('amount')]\"\n              },\n              {\n                \"field\": \"Microsoft.Consumption/budgets/timeGrain\",\n                \"equals\": \"[[parameters('timeGrain')]\"\n              },\n              {\n                \"field\": \"Microsoft.Consumption/budgets/category\",\n                \"equals\": \"Cost\"\n              }\n            ]\n          },\n          \"roleDefinitionIds\": [\n            \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n          ],\n          \"deployment\": {\n            \"location\": \"northeurope\",\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"parameters\": {\n                \"budgetName\": {\n                  \"value\": \"[[parameters('budgetName')]\"\n                },\n                \"amount\": {\n                  \"value\": \"[[parameters('amount')]\"\n                },\n                \"timeGrain\": {\n                  \"value\": \"[[parameters('timeGrain')]\"\n                },\n                \"firstThreshold\": {\n                  \"value\": \"[[parameters('firstThreshold')]\"\n                },\n                \"secondThreshold\": {\n                  \"value\": \"[[parameters('secondThreshold')]\"\n                },\n                \"contactEmails\": {\n                  \"value\": \"[[parameters('contactEmails')]\"\n                },\n                \"contactRoles\": {\n                  \"value\": \"[[parameters('contactRoles')]\"\n                },\n                \"contactGroups\": {\n                  \"value\": \"[[parameters('contactGroups')]\"\n                }\n              },\n              \"template\": {\n                \"$schema\": \"http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"budgetName\": {\n                    \"type\": \"String\"\n                  },\n                  \"amount\": {\n                    \"type\": \"String\"\n                  },\n                  \"timeGrain\": {\n                    \"type\": \"String\"\n                  },\n                  \"firstThreshold\": {\n                    \"type\": \"String\"\n                  },\n                  \"secondThreshold\": {\n                    \"type\": \"String\"\n                  },\n                  \"contactEmails\": {\n                    \"type\": \"Array\"\n                  },\n                  \"contactRoles\": {\n                    \"type\": \"Array\"\n                  },\n                  \"contactGroups\": {\n                    \"type\": \"Array\"\n                  },\n                  \"startDate\": {\n                    \"type\": \"String\",\n                    \"defaultValue\": \"[[concat(utcNow('MM'), '/01/', utcNow('yyyy'))]\"\n                  }\n                },\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.Consumption/budgets\",\n                    \"apiVersion\": \"2019-10-01\",\n                    \"name\": \"[[parameters('budgetName')]\",\n                    \"properties\": {\n                      \"timePeriod\": {\n                        \"startDate\": \"[[parameters('startDate')]\"\n                      },\n                      \"timeGrain\": \"[[parameters('timeGrain')]\",\n                      \"amount\": \"[[parameters('amount')]\",\n                      \"category\": \"Cost\",\n                      \"notifications\": {\n                        \"NotificationForExceededBudget1\": {\n                          \"enabled\": true,\n                          \"operator\": \"GreaterThan\",\n                          \"threshold\": \"[[parameters('firstThreshold')]\",\n                          \"contactEmails\": \"[[parameters('contactEmails')]\",\n                          \"contactRoles\": \"[[parameters('contactRoles')]\",\n                          \"contactGroups\": \"[[parameters('contactGroups')]\"\n                        },\n                        \"NotificationForExceededBudget2\": {\n                          \"enabled\": true,\n                          \"operator\": \"GreaterThan\",\n                          \"threshold\": \"[[parameters('secondThreshold')]\",\n                          \"contactEmails\": \"[[parameters('contactEmails')]\",\n                          \"contactRoles\": \"[[parameters('contactRoles')]\",\n                          \"contactGroups\": \"[[parameters('contactGroups')]\"\n                        }\n                      }\n                    }\n                  }\n                ]\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
+    "$fxv#156": "{\n  \"name\": \"Deploy-Diagnostics-AVDScalingPlans\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace\",\n    \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any Scaling Plan which is missing this diagnostic settings is created or updated. This policy is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n    \"metadata\": {\n      \"deprecated\": true,\n      \"version\": \"1.1.0-deprecated\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"logsEnabled\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"True\",\n        \"allowedValues\": [\n          \"True\",\n          \"False\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Enable logs\",\n          \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"field\": \"type\",\n        \"equals\": \"Microsoft.DesktopVirtualization/scalingplans\"\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Insights/diagnosticSettings\",\n          \"name\": \"[[parameters('profileName')]\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n                \"equals\": \"true\"\n              },\n              {\n                \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n                \"equals\": \"[[parameters('logAnalytics')]\"\n              }\n            ]\n          },\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n            \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n          ],\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"template\": {\n                \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"resourceName\": {\n                    \"type\": \"String\"\n                  },\n                  \"logAnalytics\": {\n                    \"type\": \"String\"\n                  },\n                  \"location\": {\n                    \"type\": \"String\"\n                  },\n                  \"profileName\": {\n                    \"type\": \"String\"\n                  },\n                  \"logsEnabled\": {\n                    \"type\": \"String\"\n                  }\n                },\n                \"variables\": {},\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.DesktopVirtualization/scalingplans/providers/diagnosticSettings\",\n                    \"apiVersion\": \"2017-05-01-preview\",\n                    \"name\": \"[[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n                    \"location\": \"[[parameters('location')]\",\n                    \"dependsOn\": [],\n                    \"properties\": {\n                      \"workspaceId\": \"[[parameters('logAnalytics')]\",\n                      \"logs\": [\n                        {\n                          \"category\": \"Autoscale\",\n                          \"enabled\": \"[[parameters('logsEnabled')]\"\n                        }\n                      ]\n                    }\n                  }\n                ],\n                \"outputs\": {}\n              },\n              \"parameters\": {\n                \"logAnalytics\": {\n                  \"value\": \"[[parameters('logAnalytics')]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"resourceName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"profileName\": {\n                  \"value\": \"[[parameters('profileName')]\"\n                },\n                \"logsEnabled\": {\n                  \"value\": \"[[parameters('logsEnabled')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}",
+    "$fxv#157": "{\n    \"name\": \"Deploy-Vm-autoShutdown\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"Indexed\",\n        \"displayName\": \"Deploy Virtual Machine Auto Shutdown Schedule\",\n        \"description\": \"Deploys an auto shutdown schedule to a virtual machine\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Compute\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"            ]\n        },\n        \"parameters\": {\n            \"time\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Scheduled Shutdown Time\",\n                    \"description\": \"Daily Scheduled shutdown time. i.e. 2300 = 11:00 PM\"\n                },\n                \"defaultValue\": \"0000\"\n            },\n            \"timeZoneId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"UTC\",\n                \"metadata\": {\n                    \"displayName\": \"Time zone\",\n                    \"description\": \"The time zone ID (e.g. Pacific Standard time).\"\n                }\n            },\n            \"EnableNotification\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"metadata\": {\n                    \"displayName\": \"Send Notification before auto-shutdown\",\n                    \"description\": \"If notifications are enabled for this schedule (i.e. Enabled, Disabled).\"\n                },\n                \"allowedValues\": [\n                    \"Disabled\",\n                    \"Enabled\"\n                ]\n            },\n            \"NotificationEmailRecipient\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"Email Address\",\n                    \"description\": \"Email address to be used for notification\"\n                }\n            },\n            \"NotificationWebhookUrl\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"Webhook URL\",\n                    \"description\": \"A notification will be posted to the specified webhook endpoint when the auto-shutdown is about to happen.\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"field\": \"type\",\n                \"equals\": \"Microsoft.Compute/virtualMachines\"\n            },\n            \"then\": {\n                \"effect\": \"deployIfNotExists\",\n                \"details\": {\n                    \"type\": \"Microsoft.DevTestLab/schedules\",\n                    \"existenceCondition\": {\n                        \"allOf\": [\n                            {\n                                \"field\": \"Microsoft.DevTestLab/schedules/taskType\",\n                                \"equals\": \"ComputeVmShutdownTask\"\n                            },\n                            {\n                                \"field\": \"Microsoft.DevTestLab/schedules/targetResourceId\",\n                                \"equals\": \"[[concat(resourceGroup().id,'/providers/Microsoft.Compute/virtualMachines/',field('name'))]\"\n                            }\n                        ]\n                    },\n                    \"roleDefinitionIds\": [\n                        \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\n                    ],\n                    \"deployment\": {\n                        \"properties\": {\n                            \"mode\": \"incremental\",\n                            \"template\": {\n                                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                                \"contentVersion\": \"1.0.0.0\",\n                                \"parameters\": {\n                                    \"vmName\": {\n                                        \"type\": \"string\"\n                                    },\n                                    \"location\": {\n                                        \"type\": \"string\"\n                                    },\n                                    \"time\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"Daily Scheduled shutdown time. i.e. 2300 = 11:00 PM\"\n                                        }\n                                    },\n                                    \"timeZoneId\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"The time zone ID (e.g. Pacific Standard time).\"\n                                        }\n                                    },\n                                    \"EnableNotification\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"If notifications are enabled for this schedule (i.e. Enabled, Disabled).\"\n                                        }\n                                    },\n                                    \"NotificationEmailRecipient\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"Email address to be used for notification\"\n                                        }\n                                    },\n                                    \"NotificationWebhookUrl\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"A notification will be posted to the specified webhook endpoint when the auto-shutdown is about to happen.\"\n                                        }\n                                    }\n                                },\n                                \"variables\": {},\n                                \"resources\": [\n                                    {\n                                        \"name\": \"[[concat('shutdown-computevm-',parameters('vmName'))]\",\n                                        \"type\": \"Microsoft.DevTestLab/schedules\",\n                                        \"location\": \"[[parameters('location')]\",\n                                        \"apiVersion\": \"2018-09-15\",\n                                        \"properties\": {\n                                            \"status\": \"Enabled\",\n                                            \"taskType\": \"ComputeVmShutdownTask\",\n                                            \"dailyRecurrence\": {\n                                                \"time\": \"[[parameters('time')]\"\n                                            },\n                                            \"timeZoneId\": \"[[parameters('timeZoneId')]\",\n                                            \"notificationSettings\": {\n                                                \"status\": \"[[parameters('EnableNotification')]\",\n                                                \"timeInMinutes\": 30,\n                                                \"webhookUrl\": \"[[parameters('NotificationWebhookUrl')]\",\n                                                \"emailRecipient\": \"[[parameters('NotificationEmailRecipient')]\",\n                                                \"notificationLocale\": \"en\"\n                                            },\n                                            \"targetResourceId\": \"[[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]\"\n                                        }\n                                    }\n                                ],\n                                \"outputs\": {}\n                            },\n                            \"parameters\": {\n                                \"vmName\": {\n                                    \"value\": \"[[field('name')]\"\n                                },\n                                \"location\": {\n                                    \"value\": \"[[field('location')]\"\n                                },\n                                \"time\": {\n                                    \"value\": \"[[parameters('time')]\"\n                                },\n                                \"timeZoneId\": {\n                                    \"value\": \"[[parameters('timeZoneId')]\"\n                                },\n                                \"EnableNotification\": {\n                                    \"value\": \"[[parameters('EnableNotification')]\"\n                                },\n                                \"NotificationEmailRecipient\": {\n                                    \"value\": \"[[parameters('NotificationEmailRecipient')]\"\n                                },\n                                \"NotificationWebhookUrl\": {\n                                    \"value\": \"[[parameters('NotificationWebhookUrl')]\"\n                                }\n                            }\n                        }\n                    }\n                }\n            }\n        }\n    }\n}",
     "$fxv#158": "{\n  \"name\": \"Deny-AFSPaasPublicIP\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Public network access should be disabled for Azure File Sync\",\n    \"description\": \"Disabling the public endpoint allows you to restrict access to your Storage Sync Service resource to requests destined to approved private endpoints on your organization's network. There is nothing inherently insecure about allowing requests to the public endpoint, however, you may wish to disable it to meet regulatory, legal, or organizational policy requirements. You can disable the public endpoint for a Storage Sync Service by setting the incomingTrafficPolicy of the resource to AllowVirtualNetworksOnly.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Storage\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Audit\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.StorageSync/storageSyncServices\"\n          },\n          {\n            \"field\": \"Microsoft.StorageSync/storageSyncServices/incomingTrafficPolicy\",\n            \"notEquals\": \"AllowVirtualNetworksOnly\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
     "$fxv#159": "{\n  \"name\": \"Deny-KeyVaultPaasPublicIP\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Preview: Azure Key Vault should disable public network access\",\n    \"description\": \"Disable public network access for your key vault so that it's not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/akvprivatelink.\",\n    \"metadata\": {\n      \"version\": \"2.0.0-preview\",\n      \"category\": \"Key Vault\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"preview\": true,\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Audit\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.KeyVault/vaults\"\n          },\n          {\n            \"not\": {\n              \"field\": \"Microsoft.KeyVault/vaults/createMode\",\n              \"equals\": \"recover\"\n            }\n          },\n          {\n            \"field\": \"Microsoft.KeyVault/vaults/networkAcls.defaultAction\",\n            \"notEquals\": \"Deny\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
     "$fxv#16": "{\n  \"name\": \"Deny-PublicEndpoint-MariaDB\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated] Public network access should be disabled for MariaDB\",\n    \"description\": \"This policy denies the creation of Maria DB accounts with exposed public endpoints. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/fdccbe47-f3e3-4213-ad5d-ea459b2fa077.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"SQL\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.DBforMariaDB/servers\"\n          },\n          {\n            \"field\": \"Microsoft.DBforMariaDB/servers/publicNetworkAccess\",\n            \"notequals\": \"Disabled\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
@@ -406,10 +406,10 @@
         "[variables('$fxv#138')]",
         "[variables('$fxv#139')]",
         "[variables('$fxv#140')]",
-        "[variables('$fxv#141')]",
-        "[variables('$fxv#142')]"
+        "[variables('$fxv#141')]"
       ],
       "AzureCloud": [
+        "[variables('$fxv#142')]",
         "[variables('$fxv#143')]",
         "[variables('$fxv#144')]",
         "[variables('$fxv#145')]",

From 56f8ce22963d7818b7fda2f4322c0ae2e6e0dbb8 Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Fri, 16 Aug 2024 19:02:58 +0800
Subject: [PATCH 29/43] Exclude mooncake for diag logs policy and MG

---
 eslzArm/eslzArm.json                                  | 11 ++++++-----
 .../mcENFORCE-GuardrailsKeyVaultPolicyAssignment.json |  2 +-
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json
index d4582268b8..c08633b9ea 100644
--- a/eslzArm/eslzArm.json
+++ b/eslzArm/eslzArm.json
@@ -2677,9 +2677,8 @@
         },
         {
             // Deploying Diagnostic Settings to management groups if Log Analytics was deployed via a loop
-            "condition": "[and(empty(parameters('singlePlatformSubscriptionId')), not(empty(parameters('managementSubscriptionId'))), equals(parameters('enableLogAnalytics'), 'Yes'))]",
-            "type": "Microsoft.Resources/deployments",
-            "apiVersion": "2020-10-01",
+            // exclude Mooncake since Management Group Diagnostic Settings Rest API is NOT supported in Azure China. https://learn.microsoft.com/en-us/answers/questions/1640390/confirm-if-management-group-diagnostic-settings-re
+            "condition": "[and(empty(parameters('singlePlatformSubscriptionId')), not(empty(parameters('managementSubscriptionId'))), equals(parameters('enableLogAnalytics'), 'Yes'), not(equals(environment().resourceManager, 'https://management.chinacloudapi.cn')))]", 
             "name": "[take(concat(variables('mgmtGroupsArray')[copyIndex()], variables('deploymentNames').diagnosticSettingsforMGsDeploymentName), 64)]",
             "scope": "[concat('Microsoft.Management/managementGroups/', variables('mgmtGroupsArray')[copyIndex()])]",
             "location": "[deployment().location]",
@@ -4132,7 +4131,8 @@
         },
         {
             // Assigning Azure Monitor Resource Diagnostics policy to intermediate root management group if condition is true
-            "condition": "[and(or(not(empty(parameters('singlePlatformSubscriptionId'))), not(empty(parameters('managementSubscriptionId')))), equals(parameters('enableLogAnalytics'), 'Yes'))]",
+            // exclude China since the build-in initiative(0884adba-2312-4468-abeb-5422caed1038) doesn't exist in China
+            "condition": "[and(or(not(empty(parameters('singlePlatformSubscriptionId'))), not(empty(parameters('managementSubscriptionId')))), equals(parameters('enableLogAnalytics'), 'Yes'), not(equals(environment().resourceManager, 'https://management.chinacloudapi.cn')))]",
             "type": "Microsoft.Resources/deployments",
             "apiVersion": "2020-10-01",
             "name": "[variables('deploymentNames').resourceDiagnosticsPolicyDeploymentName]",
@@ -4162,7 +4162,8 @@
         },
         {
             // Assigning Azure Activity Diagnostics Log policy to intermediate root management group if condition is true
-            "condition": "[and(or(not(empty(parameters('singlePlatformSubscriptionId'))), not(empty(parameters('managementSubscriptionId')))), equals(parameters('enableLogAnalytics'), 'Yes'))]",
+            //exclude Mooncake since the build-in initiative(2465583e-4e78-4c15-b6be-a36cbc7c8b0f) doesn't exist in Mooncake
+            "condition": "[and(or(not(empty(parameters('singlePlatformSubscriptionId'))), not(empty(parameters('managementSubscriptionId')))), equals(parameters('enableLogAnalytics'), 'Yes'), not(equals(environment().resourceManager, 'https://management.chinacloudapi.cn')))]",  
             "type": "Microsoft.Resources/deployments",
             "apiVersion": "2020-10-01",
             "name": "[variables('deploymentNames').activityDiagnosticsPolicyDeploymentName]",
diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-GuardrailsKeyVaultPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-GuardrailsKeyVaultPolicyAssignment.json
index aef6ea5d0a..b64a1b9397 100644
--- a/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-GuardrailsKeyVaultPolicyAssignment.json
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-GuardrailsKeyVaultPolicyAssignment.json
@@ -23,7 +23,7 @@
     },
     "variables": {
         "policyDefinitions": {
-            "enforceGuardrailsKeyVault": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVaul-AzureChinaCloud')]"
+            "enforceGuardrailsKeyVault": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-AzureChinaCloud')]"
         },
         "policyAssignmentNames": {
             "enforceGuardrailsKeyVault": "Enforce-GR-KeyVault",

From 798e3050ba2a71c9351961f904f7a42f13e9d8bc Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Fri, 16 Aug 2024 19:30:04 +0800
Subject: [PATCH 30/43] Typo fixed by adding items

---
 eslzArm/eslzArm.json | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json
index c08633b9ea..c52d30dd96 100644
--- a/eslzArm/eslzArm.json
+++ b/eslzArm/eslzArm.json
@@ -2679,6 +2679,8 @@
             // Deploying Diagnostic Settings to management groups if Log Analytics was deployed via a loop
             // exclude Mooncake since Management Group Diagnostic Settings Rest API is NOT supported in Azure China. https://learn.microsoft.com/en-us/answers/questions/1640390/confirm-if-management-group-diagnostic-settings-re
             "condition": "[and(empty(parameters('singlePlatformSubscriptionId')), not(empty(parameters('managementSubscriptionId'))), equals(parameters('enableLogAnalytics'), 'Yes'), not(equals(environment().resourceManager, 'https://management.chinacloudapi.cn')))]", 
+            "type": "Microsoft.Resources/deployments",
+            "apiVersion": "2020-10-01",
             "name": "[take(concat(variables('mgmtGroupsArray')[copyIndex()], variables('deploymentNames').diagnosticSettingsforMGsDeploymentName), 64)]",
             "scope": "[concat('Microsoft.Management/managementGroups/', variables('mgmtGroupsArray')[copyIndex()])]",
             "location": "[deployment().location]",

From f0e9a25bd5c7e4b20e6a885173f73a011f085fac Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Fri, 16 Aug 2024 23:53:01 +0800
Subject: [PATCH 31/43] Update private DNS zone policy assignment

---
 .../china/mcDINE-PrivateDNSZonesPolicyAssignment.json    | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json
index ea92ddb98e..4e8caae62f 100644
--- a/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json
@@ -303,9 +303,6 @@
                     "azureMonitorPrivateDnsZoneId5": {
                         "value": "[variables('policyParameterMapping').azureMonitorPrivateDnsZoneId5]"
                     },
-                    "azureWebPrivateDnsZoneId": {
-                        "value": "[variables('policyParameterMapping').azureWebPrivateDnsZoneId]"
-                    },
                     "azureBatchPrivateDnsZoneId": {
                         "value": "[variables('policyParameterMapping').azureBatchPrivateDnsZoneId]"
                     },
@@ -368,12 +365,6 @@
                     "azureVirtualDesktopWorkspacePrivateDnsZoneId": {
                         "value": "[variables('policyParameterMapping').azureVirtualDesktopWorkspacePrivateDnsZoneId]"
                     },
-                    /*
-                    Remove "azureIotDeviceupdatePrivateDnsZoneId" due to missing built-in Policy Definitions(a222b93a-e6c2-4c01-817f-21e092455b2a)
-                    "azureIotDeviceupdatePrivateDnsZoneId": {
-                        "value": "[variables('policyParameterMapping').azureIotDeviceupdatePrivateDnsZoneId]"
-                    },
-                    */
                     "azureStorageTablePrivateDnsZoneId": {
                         "value": "[variables('policyParameterMapping').azureStorageTablePrivateDnsZoneId]"
                     },

From f7fbfe540d22f72fcb9eb87d4723c3456ed1059f Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Sat, 17 Aug 2024 11:32:17 +0800
Subject: [PATCH 32/43] Update mdfc configuration with API version to
 2023-01-01 as 2024-01-01 not supported in mooncake

---
 eslzArm/eslzArm.json                          |  13 +-
 .../mcmdfcConfiguration.json                  | 683 ++++++++++++++++++
 2 files changed, 694 insertions(+), 2 deletions(-)
 create mode 100644 eslzArm/subscriptionTemplates/mcmdfcConfiguration.json

diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json
index c52d30dd96..104f7fdf5d 100644
--- a/eslzArm/eslzArm.json
+++ b/eslzArm/eslzArm.json
@@ -1637,8 +1637,17 @@
             "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/ENFORCE-ALZ-DecommissionedPolicyAssignment.json", // This needs to be updated for USGovernmentCloud
             "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcENFORCE-ALZ-DecommissionedPolicyAssignment.json"
 
-        },
+        }, 
         "decommissionPolicyAssignment": "[variables('decommissionPolicyAssignmentMapping')[environment().resourceManager]]",
+        
+        "MDFCSubscriptionEnablementMapping": {
+            "https://management.azure.com/": "subscriptionTemplates/mdfcConfiguration.json",
+            "https://management.usgovcloudapi.net": "subscriptionTemplates/mdfcConfiguration.json", // This needs to be updated for USGovernmentCloud
+            "https://management.chinacloudapi.cn": "subscriptionTemplates/mcmdfcConfiguration.json"
+
+        },
+        "MDFCSubscriptionEnablement": "[variables('MDFCSubscriptionEnablementMapping')[environment().resourceManager]]",
+
 
         "deploymentUris": {
             "managementGroups": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/mgmtGroupStructure/mgmtGroups.json')]",
@@ -1718,7 +1727,7 @@
             "ChangeTrackingVmssPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-ChangeTrackingVMSSPolicyAssignment.json')]",
             "MDFCDefenderSqlAma": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-MDFCDefenderSQLAMAPolicyAssignment.json')]",
             "dataCollectionRuleMdfcDefenderSQL": "[uri(deployment().properties.templateLink.uri, 'resourceGroupTemplates/dataCollectionRule-DefenderSQL.json')]",
-            "MDFCSubscriptionEnablement": "[uri(deployment().properties.templateLink.uri, 'subscriptionTemplates/mdfcConfiguration.json')]",
+            "MDFCSubscriptionEnablement": "[uri(deployment().properties.templateLink.uri, variables('MDFCSubscriptionEnablement'))]",
             // Workload Specific Compliance Initiatives
             "wsCMKPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/ENFORCE-EncryptionCMKPolicyAssignment.json')]",
             "wsAPIMPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsAPIMPolicyAssignment.json')]",
diff --git a/eslzArm/subscriptionTemplates/mcmdfcConfiguration.json b/eslzArm/subscriptionTemplates/mcmdfcConfiguration.json
new file mode 100644
index 0000000000..0811bbdaf3
--- /dev/null
+++ b/eslzArm/subscriptionTemplates/mcmdfcConfiguration.json
@@ -0,0 +1,683 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "enableAscForServers": {
+            "type": "String",
+            "allowedValues": [
+                "DeployIfNotExists",
+                "Disabled"
+            ],
+            "defaultValue": "DeployIfNotExists",
+            "metadata": {
+                "displayName": "Effect",
+                "description": "Enable or disable the execution of the policy"
+            }
+        },
+        "enableAscForCosmosDbs": {
+            "type": "String",
+            "allowedValues": [
+                "DeployIfNotExists",
+                "Disabled"
+            ],
+            "defaultValue": "DeployIfNotExists",
+            "metadata": {
+                "displayName": "Effect",
+                "description": "Enable or disable the execution of the policy"
+            }
+        },
+        "enableAscForSql": {
+            "type": "String",
+            "allowedValues": [
+                "DeployIfNotExists",
+                "Disabled"
+            ],
+            "defaultValue": "DeployIfNotExists",
+            "metadata": {
+                "displayName": "Effect",
+                "description": "Enable or disable the execution of the policy"
+            }
+        },
+        "enableAscForSqlOnVm": {
+            "type": "String",
+            "allowedValues": [
+                "DeployIfNotExists",
+                "Disabled"
+            ],
+            "defaultValue": "DeployIfNotExists",
+            "metadata": {
+                "displayName": "Effect",
+                "description": "Enable or disable the execution of the policy"
+            }
+        },
+        "enableAscForArm": {
+            "type": "String",
+            "allowedValues": [
+                "DeployIfNotExists",
+                "Disabled"
+            ],
+            "defaultValue": "DeployIfNotExists",
+            "metadata": {
+                "displayName": "Effect",
+                "description": "Enable or disable the execution of the policy"
+            }
+        },
+        "enableAscForOssDb": {
+            "type": "String",
+            "allowedValues": [
+                "DeployIfNotExists",
+                "Disabled"
+            ],
+            "defaultValue": "DeployIfNotExists",
+            "metadata": {
+                "displayName": "Effect",
+                "description": "Enable or disable the execution of the policy"
+            }
+        },
+        "enableAscForAppServices": {
+            "type": "String",
+            "allowedValues": [
+                "DeployIfNotExists",
+                "Disabled"
+            ],
+            "defaultValue": "DeployIfNotExists",
+            "metadata": {
+                "displayName": "Effect",
+                "description": "Enable or disable the execution of the policy"
+            }
+        },
+        "enableAscForKeyVault": {
+            "type": "String",
+            "allowedValues": [
+                "DeployIfNotExists",
+                "Disabled"
+            ],
+            "defaultValue": "DeployIfNotExists",
+            "metadata": {
+                "displayName": "Effect",
+                "description": "Enable or disable the execution of the policy"
+            }
+        },
+        "enableAscForStorage": {
+            "type": "String",
+            "allowedValues": [
+                "DeployIfNotExists",
+                "Disabled"
+            ],
+            "defaultValue": "DeployIfNotExists",
+            "metadata": {
+                "displayName": "Effect",
+                "description": "Enable or disable the execution of the policy"
+            }
+        },
+        "enableAscForContainers": {
+            "type": "String",
+            "allowedValues": [
+                "DeployIfNotExists",
+                "Disabled"
+            ],
+            "defaultValue": "DeployIfNotExists",
+            "metadata": {
+                "displayName": "Effect",
+                "description": "Enable or disable the execution of the policy"
+            }
+        },
+        "enableAscForApis": {
+            "type": "String",
+            "allowedValues": [
+                "DeployIfNotExists",
+                "Disabled"
+            ],
+            "defaultValue": "DeployIfNotExists",
+            "metadata": {
+                "displayName": "Effect",
+                "description": "Enable or disable the execution of the policy"
+            }
+        },
+        "enableAscForCspm": {
+            "type": "String",
+            "allowedValues": [
+                "DeployIfNotExists",
+                "Disabled"
+            ],
+            "defaultValue": "DeployIfNotExists",
+            "metadata": {
+                "displayName": "Effect",
+                "description": "Enable or disable the execution of the policy"
+            }
+        },
+        "resourceGroupLocation": {
+            "type": "String",
+            "metadata": {
+                "displayName": "Resource group location",
+                "description": "The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.",
+                "strongType": "location"
+            }
+        },
+        "resourceGroupName": {
+            "type": "String",
+            "metadata": {
+                "displayName": "Resource group name",
+                "description": "The name of the resource group hosting the Log Analytics workspace."
+            }
+        },
+        "logAnalyticsResourceId": {
+            "type": "String",
+            "metadata": {
+                "displayName": "Log Analytics workspace",
+                "description": "The Log Analytics workspace of where the data should be exported to.",
+                "strongType": "Microsoft.OperationalInsights/workspaces",
+                "assignPermissions": true
+            }
+        },
+        "emailContactAsc": {
+            "type": "String",
+            "metadata": {
+                "displayName": "Resource group name",
+                "description": "The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured."
+            }
+        },
+        "exportedDataTypes": {
+            "type": "Array",
+            "metadata": {
+            "displayName": "Exported data types",
+            "description": "The data types to be exported. To export a snapshot (preview) of the data once a week, choose the data types which contains 'snapshot', other data types will be sent in real-time streaming."
+            },
+            "allowedValues": [
+                "Security recommendations",
+                "Security alerts",
+                "Overall secure score",
+                "Secure score controls",
+                "Regulatory compliance",
+                "Overall secure score - snapshot",
+                "Secure score controls - snapshot",
+                "Regulatory compliance - snapshot",
+                "Security recommendations - snapshot",
+                "Security findings - snapshot"
+            ],
+            "defaultValue": [
+                "Security recommendations",
+                "Security alerts",
+                "Overall secure score",
+                "Secure score controls",
+                "Regulatory compliance",
+                "Overall secure score - snapshot",
+                "Secure score controls - snapshot",
+                "Regulatory compliance - snapshot",
+                "Security recommendations - snapshot",
+                "Security findings - snapshot"
+            ]
+        },
+        "recommendationNames": {
+            "type": "Array",
+            "metadata": {
+            "displayName": "Recommendation IDs",
+            "description": "Applicable only for export of security recommendations. To export all recommendations, leave this empty. To export specific recommendations, enter a list of recommendation IDs separated by semicolons (';'). Recommendation IDs are available through the Assessments API (https://docs.microsoft.com/rest/api/securitycenter/assessments), or Azure Resource Graph Explorer, choose securityresources and microsoft.security/assessments."
+            },
+            "defaultValue": []
+        },
+        "recommendationSeverities": {
+            "type": "Array",
+            "metadata": {
+            "displayName": "Recommendation severities",
+            "description": "Applicable only for export of security recommendations. Determines recommendation severities. Example: High;Medium;Low;"
+            },
+            "allowedValues": [
+                "High",
+                "Medium",
+                "Low"
+            ],
+            "defaultValue": [
+                "High",
+                "Medium",
+                "Low"
+            ]
+        },
+        "isSecurityFindingsEnabled": {
+            "type": "bool",
+            "metadata": {
+                "displayName": "Include security findings",
+                "description": "Security findings are results from vulnerability assessment solutions, and can be thought of as 'sub' recommendations grouped into a 'parent' recommendation."
+            },
+            "allowedValues": [
+                true,
+                false
+            ],
+            "defaultValue": true
+        },
+        "secureScoreControlsNames": {
+            "type": "Array",
+            "metadata": {
+            "displayName": "Secure Score Controls IDs",
+            "description": "Applicable only for export of secure score controls. To export all secure score controls, leave this empty. To export specific secure score controls, enter a list of secure score controls IDs separated by semicolons (';'). Secure score controls IDs are available through the Secure score controls API (https://docs.microsoft.com/rest/api/securitycenter/securescorecontrols), or Azure Resource Graph Explorer, choose securityresources and microsoft.security/securescores/securescorecontrols."
+            },
+            "defaultValue": []
+        },
+        "alertSeverities": {
+            "type": "Array",
+            "metadata": {
+            "displayName": "Alert severities",
+            "description": "Applicable only for export of security alerts. Determines alert severities. Example: High;Medium;Low;"
+        },
+        "allowedValues": [
+            "High",
+            "Medium",
+            "Low"
+        ],
+        "defaultValue": [
+            "High",
+            "Medium",
+            "Low"
+        ]
+        },
+        "regulatoryComplianceStandardsNames": {
+            "type": "Array",
+            "metadata": {
+                "displayName": "Regulatory compliance standards names",
+                "description": "Applicable only for export of regulatory compliance. To export all regulatory compliance, leave this empty. To export specific regulatory compliance standards, enter a list of these standards names separated by semicolons (';'). Regulatory compliance standards names are available through the regulatory compliance standards API (https://docs.microsoft.com/rest/api/securitycenter/regulatorycompliancestandards), or Azure Resource Graph Explorer, choose securityresources and microsoft.security/regulatorycompliancestandards."
+            },
+            "defaultValue": []
+        },
+        "guidValue": {
+            "type": "string",
+            "defaultValue": "[newGuid()]"
+        }
+    },
+    "variables": {
+            "scopeDescription": "scope for subscription {0}",
+            "subAssessmentRuleExpectedValue": "/assessments/{0}/",
+            "recommendationNamesLength": "[length(parameters('recommendationNames'))]",
+            "secureScoreControlsNamesLength": "[length(parameters('secureScoreControlsNames'))]",
+            "secureScoreControlsLengthIfEmpty": "[if(equals(variables('secureScoreControlsNamesLength'), 0), 1, variables('secureScoreControlsNamesLength'))]",
+            "regulatoryComplianceStandardsNamesLength": "[length(parameters('regulatoryComplianceStandardsNames'))]",
+            "regulatoryComplianceStandardsNamesLengthIfEmpty": "[if(equals(variables('regulatoryComplianceStandardsNamesLength'), 0), 1, variables('regulatoryComplianceStandardsNamesLength'))]",
+            "recommendationSeveritiesLength": "[length(parameters('recommendationSeverities'))]",
+            "alertSeveritiesLength": "[length(parameters('alertSeverities'))]",
+            "recommendationNamesLengthIfEmpty": "[if(equals(variables('recommendationNamesLength'), 0), 1, variables('recommendationNamesLength'))]",
+            "recommendationSeveritiesLengthIfEmpty": "[if(equals(variables('recommendationSeveritiesLength'), 0), 1, variables('recommendationSeveritiesLength'))]",
+            "alertSeveritiesLengthIfEmpty": "[if(equals(variables('alertSeveritiesLength'), 0), 1, variables('alertSeveritiesLength'))]",
+            "totalRuleCombinationsForOneRecommendationName": "[variables('recommendationSeveritiesLengthIfEmpty')]",
+            "totalRuleCombinationsForOneRecommendationSeverity": 1,
+            "exportedDataTypesLength": "[length(parameters('exportedDataTypes'))]",
+            "exportedDataTypesLengthIfEmpty": "[if(equals(variables('exportedDataTypesLength'), 0), 1, variables('exportedDataTypesLength'))]",
+            "dataTypeMap": {
+                "Security recommendations": "Assessments",
+                "Security alerts": "Alerts",
+                "Overall secure score": "SecureScores",
+                "Secure score controls": "SecureScoreControls",
+                "Regulatory compliance": "RegulatoryComplianceAssessment",
+                "Overall secure score - snapshot": "SecureScoresSnapshot",
+                "Secure score controls - snapshot": "SecureScoreControlsSnapshot",
+                "Regulatory compliance - snapshot": "RegulatoryComplianceAssessmentSnapshot",
+                "Security recommendations - snapshot": "AssessmentsSnapshot",
+                "Security findings - snapshot": "SubAssessmentsSnapshot"
+            },
+            "alertSeverityMap": {
+                "High": "high",
+                "Medium": "medium",
+                "Low": "low"
+            },
+            "ruleSetsForAssessmentsObj": {
+                "copy": [
+                    {
+                        "name": "ruleSetsForAssessmentsArr",
+                        "count": "[mul(variables('recommendationNamesLengthIfEmpty'),variables('recommendationSeveritiesLengthIfEmpty'))]",
+                        "input": {
+                            "rules": [
+                                {
+                                    "propertyJPath": "[if(equals(variables('recommendationNamesLength'),0),'type','name')]",
+                                    "propertyType": "string",
+                                    "expectedValue": "[if(equals(variables('recommendationNamesLength'),0),'Microsoft.Security/assessments',parameters('recommendationNames')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationName')),variables('recommendationNamesLength'))])]",
+                                    "operator": "Contains"
+                                },
+                                {
+                                    "propertyJPath": "properties.metadata.severity",
+                                    "propertyType": "string",
+                                    "expectedValue": "[parameters('recommendationSeverities')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationSeverity')),variables('recommendationSeveritiesLength'))]]",
+                                    "operator": "Equals"
+                                }
+                            ]
+                        }
+                    }
+                ]
+            },
+            "customRuleSetsForSubAssessmentsObj": {
+                "copy": [
+                    {
+                        "name": "ruleSetsForSubAssessmentsArr",
+                        "count": "[variables('recommendationNamesLengthIfEmpty')]",
+                        "input": {
+                            "rules": [
+                                {
+                                    "propertyJPath": "id",
+                                    "propertyType": "string",
+                                    "expectedValue": "[if(equals(variables('recommendationNamesLength'), 0), json('null'), replace(variables('subAssessmentRuleExpectedValue'),'{0}', parameters('recommendationNames')[copyIndex('ruleSetsForSubAssessmentsArr')]))]",
+                                    "operator": "Contains"
+                                }
+                            ]
+                        }
+                    }
+                ]
+            },
+            "ruleSetsForAlertsObj": {
+                "copy": [
+                    {
+                        "name": "ruleSetsForAlertsArr",
+                        "count": "[variables('alertSeveritiesLengthIfEmpty')]",
+                        "input": {
+                            "rules": [
+                                {
+                                "propertyJPath": "Severity",
+                                "propertyType": "string",
+                                "expectedValue": "[variables('alertSeverityMap')[parameters('alertSeverities')[mod(copyIndex('ruleSetsForAlertsArr'),variables('alertSeveritiesLengthIfEmpty'))]]]",
+                                "operator": "Equals"
+                                }
+                            ]
+                        }
+                    }
+                ]
+            },
+            "customRuleSetsForSecureScoreControlsObj": {
+                "copy": [
+                    {
+                        "name": "ruleSetsForSecureScoreControlsArr",
+                        "count": "[variables('secureScoreControlsLengthIfEmpty')]",
+                        "input": {
+                            "rules": [
+                                {
+                                    "propertyJPath": "name",
+                                    "propertyType": "string",
+                                    "expectedValue": "[if(equals(variables('secureScoreControlsNamesLength'), 0), json('null'), parameters('secureScoreControlsNames')[copyIndex('ruleSetsForSecureScoreControlsArr')])]",
+                                    "operator": "Equals"
+                                }
+                            ]
+                        }
+                    }
+                ]
+            },
+            "customRuleSetsForRegulatoryComplianceObj": {
+                "copy": [
+                    {
+                        "name": "ruleSetsForRegulatoryCompliancArr",
+                        "count": "[variables('regulatoryComplianceStandardsNamesLengthIfEmpty')]",
+                        "input": {
+                            "rules": [
+                                {
+                                    "propertyJPath": "id",
+                                    "propertyType": "string",
+                                    "expectedValue": "[if(equals(variables('regulatoryComplianceStandardsNamesLength'), 0), json('null'), parameters('regulatoryComplianceStandardsNames')[copyIndex('ruleSetsForRegulatoryCompliancArr')])]",
+                                    "operator": "Contains"
+                                 }
+                             ]
+                         }
+                    }
+                ]
+            },
+            "ruleSetsForSecureScoreControlsObj": "[if(equals(variables('secureScoreControlsNamesLength'), 0), json('null'), variables('customRuleSetsForSecureScoreControlsObj').ruleSetsForSecureScoreControlsArr)]",
+            "ruleSetsForSecureRegulatoryComplianceObj": "[if(equals(variables('regulatoryComplianceStandardsNamesLength'), 0), json('null'), variables('customRuleSetsForRegulatoryComplianceObj').ruleSetsForRegulatoryCompliancArr)]",
+            "ruleSetsForSubAssessmentsObj": "[if(equals(variables('recommendationNamesLength'), 0), json('null'), variables('customRuleSetsForSubAssessmentsObj').ruleSetsForSubAssessmentsArr)]",
+            "subAssessmentSource": [
+                {
+                    "eventSource": "SubAssessments",
+                    "ruleSets": "[variables('ruleSetsForSubAssessmentsObj')]"
+                }
+            ],
+            "ruleSetsMap": {
+                "Security recommendations": "[variables('ruleSetsForAssessmentsObj').ruleSetsForAssessmentsArr]",
+                "Security alerts": "[variables('ruleSetsForAlertsObj').ruleSetsForAlertsArr]",
+                "Overall secure score": null,
+                "Secure score controls": "[variables('ruleSetsForSecureScoreControlsObj')]",
+                "Regulatory compliance": "[variables('ruleSetsForSecureRegulatoryComplianceObj')]",
+                "Overall secure score - snapshot": null,
+                "Secure score controls - snapshot": "[variables('ruleSetsForSecureScoreControlsObj')]",
+                "Regulatory compliance - snapshot": "[variables('ruleSetsForSecureRegulatoryComplianceObj')]",
+                "Security recommendations - snapshot": "[variables('ruleSetsForAssessmentsObj').ruleSetsForAssessmentsArr]",
+                "Security findings - snapshot": "[variables('ruleSetsForSubAssessmentsObj')]"
+            },
+            "sourcesWithoutSubAssessments": {
+                "copy": [
+                    {
+                        "name": "sources",
+                        "count": "[variables('exportedDataTypesLengthIfEmpty')]",
+                        "input": {
+                            "eventSource": "[variables('dataTypeMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]",
+                            "ruleSets": "[variables('ruleSetsMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]"
+                        }
+                    }
+                ]
+            },
+            "sourcesWithSubAssessments": "[concat(variables('subAssessmentSource'),variables('sourcesWithoutSubAssessments').sources)]",
+            "sources": "[if(equals(parameters('isSecurityFindingsEnabled'),bool('true')),variables('sourcesWithSubAssessments'),variables('sourcesWithoutSubAssessments').sources)]"
+    },
+    "resources": [
+        {
+            "condition": "[equals(parameters('enableAscForStorage'), 'DeployIfNotExists')]",
+            "type": "Microsoft.Security/pricings",
+            "apiVersion": "2023-01-01",
+            "name": "StorageAccounts",
+            "properties": {
+                "pricingTier": "Standard",
+                "subPlan": "DefenderForStorageV2",
+                "extensions": [
+                    {
+                        "name": "OnUploadMalwareScanning",
+                        "isEnabled": "True",
+                        "additionalExtensionProperties": {
+                            "CapGBPerMonthPerStorageAccount": "5000"
+                        }
+                    },
+                    {
+                        "name": "SensitiveDataDiscovery",
+                        "isEnabled": "True"
+                    }
+                ]
+            }
+        },
+        {
+            "condition": "[equals(parameters('enableAscForServers'), 'DeployIfNotExists')]",
+            "type": "Microsoft.Security/pricings",
+            "apiVersion": "2023-01-01",
+            "name": "VirtualMachines",
+            "dependsOn": [
+                "[resourceId('Microsoft.Security/pricings', 'StorageAccounts')]"
+            ],
+            "properties": {
+                "pricingTier": "Standard",
+                "subPlan": "P2",
+                "resourcesCoverageStatus": "FullyCovered"
+            }
+        },
+        {
+            "condition": "[equals(parameters('enableAscForSql'), 'DeployIfNotExists')]",
+            "type": "Microsoft.Security/pricings",
+            "apiVersion": "2023-01-01",
+            "name": "SqlServers",
+            "dependsOn": [
+                "[resourceId('Microsoft.Security/pricings', 'VirtualMachines')]"
+            ],
+            "properties": {
+                "pricingTier": "Standard"
+            }
+        },
+        {
+            "condition": "[equals(parameters('enableAscForAppServices'), 'DeployIfNotExists')]",
+            "type": "Microsoft.Security/pricings",
+            "apiVersion": "2023-01-01",
+            "name": "AppServices",
+            "dependsOn": [
+                "[resourceId('Microsoft.Security/pricings', 'SqlServers')]"
+            ],
+            "properties": {
+                "pricingTier": "Standard"
+            }
+        },
+        {
+            "condition": "[equals(parameters('enableAscForSqlOnVm'), 'DeployIfNotExists')]",
+            "type": "Microsoft.Security/pricings",
+            "apiVersion": "2023-01-01",
+            "name": "SqlServerVirtualMachines",
+            "dependsOn": [
+                "[resourceId('Microsoft.Security/pricings', 'AppServices')]"
+            ],
+            "properties": {
+                "pricingTier": "Standard"
+            }
+        },
+        {
+            "condition": "[equals(parameters('enableAscForContainers'), 'DeployIfNotExists')]",
+            "type": "Microsoft.Security/pricings",
+            "apiVersion": "2023-01-01",
+            "name": "Containers",
+            "dependsOn": [
+                "[resourceId('Microsoft.Security/pricings', 'SqlServerVirtualMachines')]"
+            ],
+            "properties": {
+                "pricingTier": "Standard"
+            }
+        },
+        {
+            "condition": "[equals(parameters('enableAscForKeyVault'), 'DeployIfNotExists')]",
+            "type": "Microsoft.Security/pricings",
+            "apiVersion": "2023-01-01",
+            "name": "KeyVaults",
+            "dependsOn": [
+                "[resourceId('Microsoft.Security/pricings', 'Containers')]"
+            ],
+            "properties": {
+                "pricingTier": "Standard"
+            }
+        },
+        {
+            "condition": "[equals(parameters('enableAscForArm'), 'DeployIfNotExists')]",
+            "type": "Microsoft.Security/pricings",
+            "apiVersion": "2023-01-01",
+            "name": "Arm",
+            "dependsOn": [
+                "[resourceId('Microsoft.Security/pricings', 'KeyVaults')]"
+            ],
+            "properties": {
+                "pricingTier": "Standard"
+            }
+        },
+        {
+            "condition": "[equals(parameters('enableAscForOssDb'), 'DeployIfNotExists')]",
+            "type": "Microsoft.Security/pricings",
+            "apiVersion": "2023-01-01",
+            "name": "OpenSourceRelationalDatabases",
+            "dependsOn": [
+                "[resourceId('Microsoft.Security/pricings', 'Arm')]"
+            ],
+            "properties": {
+                "pricingTier": "Standard"
+            }
+        },
+        {
+            "condition": "[equals(parameters('enableAscForCosmosDbs'), 'DeployIfNotExists')]",
+            "type": "Microsoft.Security/pricings",
+            "apiVersion": "2023-01-01",
+            "name": "CosmosDbs",
+            "dependsOn": [
+                "[resourceId('Microsoft.Security/pricings', 'OpenSourceRelationalDatabases')]"
+            ],
+            "properties": {
+                "pricingTier": "Standard"
+            }
+        },
+        {
+            "condition": "[equals(parameters('enableAscForCspm'), 'DeployIfNotExists')]",
+            "type": "Microsoft.Security/pricings",
+            "apiVersion": "2023-01-01",
+            "name": "CloudPosture",
+            "dependsOn": [
+                "[resourceId('Microsoft.Security/pricings', 'CosmosDbs')]"
+            ],
+            "properties": {
+                "pricingTier": "Standard"
+            }
+        },
+        {
+            "condition": "[equals(parameters('enableAscForApis'), 'DeployIfNotExists')]",
+            "type": "Microsoft.Security/pricings",
+            "apiVersion": "2023-01-01",
+            "name": "Api",
+            "dependsOn": [
+                "[resourceId('Microsoft.Security/pricings', 'CloudPosture')]"
+            ],
+            "properties": {
+                "pricingTier": "Standard",
+                "subPlan": "P1"
+            }
+        },
+        {
+            "type": "Microsoft.Security/securityContacts",
+            "apiVersion": "2020-01-01-preview",
+            "name": "default",
+            "properties": {
+                "description": "Defender for Cloud security contacts",
+                "emails": "[parameters('emailContactAsc')]",
+                "notificationsByRole": {
+                    "state": "On",
+                    "roles": [
+                        "Owner"
+                    ]
+                },
+                "alertNotifications": {
+                    "state": "On",
+                    "minimalSeverity": "Medium"
+                }
+            }
+        },
+        {
+            "name": "[parameters('resourceGroupName')]",
+            "type": "Microsoft.Resources/resourceGroups",
+            "apiVersion": "2019-10-01",
+            "location": "[parameters('resourceGroupLocation')]"
+        },
+        {
+            "type": "Microsoft.Resources/deployments",
+            "apiVersion": "2019-10-01",
+            "name": "[concat('nestedAutomationDeployment', '_', parameters('guidValue'))]",
+            "resourceGroup": "[parameters('resourceGroupName')]",
+            "dependsOn": [
+                "[resourceId('Microsoft.Resources/resourceGroups/', parameters('resourceGroupName'))]"
+            ],
+            "properties": {
+                "mode": "Incremental",
+                "template": {
+                    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+                    "contentVersion": "1.0.0.0",
+                    "parameters": {},
+                    "variables": {},
+                    "resources": [
+                        {
+                            "tags": {},
+                            "apiVersion": "2019-01-01-preview",
+                            "location": "[parameters('resourceGroupLocation')]",
+                            "name": "ExportToWorkspace",
+                            "type": "Microsoft.Security/automations",
+                            "dependsOn": [],
+                            "properties": {
+                                "description": "Export Microsoft Defender for Cloud data to Log Analytics workspace via policy",
+                                "isEnabled": true,
+                                "scopes": [
+                                    {
+                                    "description": "[replace(variables('scopeDescription'),'{0}', subscription().subscriptionId)]",
+                                    "scopePath": "[subscription().id]"
+                                    }
+                                ],
+                                "sources": "[variables('sources')]",
+                                "actions": [
+                                    {
+                                        "actionType": "Workspace",
+                                        "workspaceResourceId": "[parameters('logAnalyticsResourceId')]"
+                                    }
+                                ]
+                            }
+                        }
+                    ]
+                }
+            }
+        }
+    ],
+    "outputs": {}
+}
\ No newline at end of file

From 8b5146e623cf04af72698a7f93f19044121cfa00 Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Mon, 30 Sep 2024 13:15:44 +0800
Subject: [PATCH 33/43] update based on Sacha'f review comments

---
 .../Deploy-Private-DNS-Zones.AzureChinaCloud.json               | 2 +-
 .../policySetDefinitions/Enforce-ALZ-Decomm.json                | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json
index 5726895cad..d0b0bb9424 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json
@@ -8,7 +8,7 @@
     "displayName": "Configure Azure PaaS services to use private DNS zones",
     "description": "This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones",
     "metadata": {
-      "version": "1.2.0",
+      "version": "1.1.0",
       "category": "Network",
       "source": "https://github.com/Azure/Enterprise-Scale/",
       "alzCloudEnvironments": [
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json
index fc9d50ca61..aca3514063 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json
@@ -13,7 +13,7 @@
         "source": "https://github.com/Azure/Enterprise-Scale/",
         "alzCloudEnvironments": [ 
           "AzureCloud",
-          "AzureChinaCloud"
+          "AzureUSGovernment"
         ]
       },
       "parameters": {

From 382f0b837fad5c18bfc9fe01d0e2e3fb47759a87 Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Mon, 30 Sep 2024 15:29:52 +0800
Subject: [PATCH 34/43] Update to hide vWAN routing intent for mooncake

---
 eslzArm/eslz-portal.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eslzArm/eslz-portal.json b/eslzArm/eslz-portal.json
index ad5902ee48..44b9d879d7 100644
--- a/eslzArm/eslz-portal.json
+++ b/eslzArm/eslz-portal.json
@@ -2466,7 +2466,7 @@
                             "type": "Microsoft.Common.OptionsGroup",
                             "label": "Enable vWAN Routing Intent",
                             "defaultValue": "No",
-                            "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), equals(steps('connectivity').enableAzFw, 'Yes'))]",
+                            "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), equals(steps('connectivity').enableAzFw, 'Yes'), not(equals(steps('basics').cloudEnvironment.selection, 'AzureChinaCloud')))]",
                             "toolTip": "Enable vWan Routing Intent and set Azure Firewall as the next hop either for Internet Traffic, Private Traffic or both",
                             "constraints": {
                                 "allowedValues": [

From cf436773fbc06df2150aa6723938acb00f54d97c Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Mon, 30 Sep 2024 15:36:13 +0800
Subject: [PATCH 35/43] Update to hide vWAN routing intent for mooncake in
 Sencondary region

---
 eslzArm/eslz-portal.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eslzArm/eslz-portal.json b/eslzArm/eslz-portal.json
index 44b9d879d7..02aecd9d13 100644
--- a/eslzArm/eslz-portal.json
+++ b/eslzArm/eslz-portal.json
@@ -3581,7 +3581,7 @@
                                     "type": "Microsoft.Common.OptionsGroup",
                                     "label": "Enable vWAN Routing Intent in your second",
                                     "defaultValue": "No",
-                                    "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), equals(steps('connectivity').esNetworkSecondarySubSection.enableAzFwSecondary, 'Yes'))]",
+                                    "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), equals(steps('connectivity').esNetworkSecondarySubSection.enableAzFwSecondary, 'Yes'), not(equals(steps('basics').cloudEnvironment.selection, 'AzureChinaCloud')))]",
                                     "toolTip": "Enable vWan Routing Intent and set Azure Firewall as the next hop either for Internet Traffic, Private Traffic or both",
                                     "constraints": {
                                         "allowedValues": [

From 9eef10773b1b4a9fd4fe2f7350de738bd24ea4a2 Mon Sep 17 00:00:00 2001
From: Yuan Zhang <114724932+yuanzhang9@users.noreply.github.com>
Date: Fri, 18 Oct 2024 21:06:21 +0800
Subject: [PATCH 36/43] Delete
 eslzArm/managementGroupTemplates/roleDefinitions/customRoleDefinitions.json

This needs to be excluded as auto generated file.
---
 .../customRoleDefinitions.json                | 170 ------------------
 1 file changed, 170 deletions(-)
 delete mode 100644 eslzArm/managementGroupTemplates/roleDefinitions/customRoleDefinitions.json

diff --git a/eslzArm/managementGroupTemplates/roleDefinitions/customRoleDefinitions.json b/eslzArm/managementGroupTemplates/roleDefinitions/customRoleDefinitions.json
deleted file mode 100644
index 87e9aa6628..0000000000
--- a/eslzArm/managementGroupTemplates/roleDefinitions/customRoleDefinitions.json
+++ /dev/null
@@ -1,170 +0,0 @@
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
-  "contentVersion": "1.0.0.0",
-  "metadata": {
-    "_generator": {
-      "name": "bicep",
-      "version": "0.22.6.54827",
-      "templateHash": "14490525755972949150"
-    }
-  },
-  "variables": {
-    "$fxv#0": {
-      "name": "c9a07a05-a1fc-53fe-a565-5eed25597c03",
-      "type": "Microsoft.Authorization/roleDefinitions",
-      "apiVersion": "2022-04-01",
-      "properties": {
-        "roleName": "Application-Owners",
-        "description": "Contributor role granted for application/operations team at resource group level",
-        "type": "customRole",
-        "permissions": [
-          {
-            "actions": [
-              "*"
-            ],
-            "notActions": [
-              "Microsoft.Authorization/*/write",
-              "Microsoft.Network/publicIPAddresses/write",
-              "Microsoft.Network/virtualNetworks/write",
-              "Microsoft.KeyVault/locations/deletedVaults/purge/action"
-            ],
-            "dataActions": [],
-            "notDataActions": []
-          }
-        ],
-        "assignableScopes": [
-          "/providers/Microsoft.Management/managementGroups/contoso"
-        ]
-      }
-    },
-    "$fxv#1": {
-      "name": "402344ce-48c4-5ac1-9320-16726050f964",
-      "type": "Microsoft.Authorization/roleDefinitions",
-      "apiVersion": "2022-04-01",
-      "properties": {
-        "roleName": "Subscription-Owner",
-        "description": "Delegated role for subscription owner generated from subscription Owner role",
-        "type": "customRole",
-        "permissions": [
-          {
-            "actions": [
-              "*"
-            ],
-            "notActions": [
-              "Microsoft.Authorization/*/write",
-              "Microsoft.Network/vpnGateways/*",
-              "Microsoft.Network/expressRouteCircuits/*",
-              "Microsoft.Network/routeTables/write",
-              "Microsoft.Network/vpnSites/*"
-            ],
-            "dataActions": [],
-            "notDataActions": []
-          }
-        ],
-        "assignableScopes": [
-          "/providers/Microsoft.Management/managementGroups/contoso"
-        ]
-      }
-    },
-    "$fxv#2": {
-      "name": "d3584a79-4f0d-5980-aa3c-7a76ba783b76",
-      "type": "Microsoft.Authorization/roleDefinitions",
-      "apiVersion": "2022-04-01",
-      "properties": {
-        "roleName": "Security-Operations",
-        "description": "Security Administrator role with a horizontal view across the entire Azure estate and the Azure Key Vault purge policy.",
-        "type": "customRole",
-        "permissions": [
-          {
-            "actions": [
-              "*/read",
-              "*/register/action",
-              "Microsoft.KeyVault/locations/deletedVaults/purge/action",
-              "Microsoft.PolicyInsights/*",
-              "Microsoft.Authorization/policyAssignments/*",
-              "Microsoft.Authorization/policyDefinitions/*",
-              "Microsoft.Authorization/policyExemptions/*",
-              "Microsoft.Authorization/policySetDefinitions/*",
-              "Microsoft.Insights/alertRules/*",
-              "Microsoft.Resources/deployments/*",
-              "Microsoft.Security/*",
-              "Microsoft.Support/*"
-            ],
-            "notActions": [],
-            "dataActions": [],
-            "notDataActions": []
-          }
-        ],
-        "assignableScopes": [
-          "/providers/Microsoft.Management/managementGroups/contoso"
-        ]
-      }
-    },
-    "$fxv#3": {
-      "name": "dc726155-3983-5405-b446-9bb27b94e02c",
-      "type": "Microsoft.Authorization/roleDefinitions",
-      "apiVersion": "2022-04-01",
-      "properties": {
-        "roleName": "Network-Management",
-        "description": "Platform-wide global connectivity management: virtual networks, UDRs, NSGs, NVAs, VPN, Azure ExpressRoute, and others",
-        "type": "customRole",
-        "permissions": [
-          {
-            "actions": [
-              "*/read",
-              "Microsoft.Network/*",
-              "Microsoft.Resources/deployments/*",
-              "Microsoft.Support/*"
-            ],
-            "notActions": [],
-            "dataActions": [],
-            "notDataActions": []
-          }
-        ],
-        "assignableScopes": [
-          "/providers/Microsoft.Management/managementGroups/contoso"
-        ]
-      }
-    },
-    "cloudEnv": "[environment().name]",
-    "loadRoleDefinitions": {
-      "All": [
-        "[variables('$fxv#0')]",
-        "[variables('$fxv#1')]"
-      ],
-      "AzureCloud": [
-        "[variables('$fxv#2')]",
-        "[variables('$fxv#3')]"
-      ],
-      "AzureChinaCloud": [],
-      "AzureUSGovernment": []
-    },
-    "roleDefinitionsByCloudType": {
-      "All": "[variables('loadRoleDefinitions').All]",
-      "AzureCloud": "[variables('loadRoleDefinitions').AzureCloud]",
-      "AzureChinaCloud": "[variables('loadRoleDefinitions').AzureChinaCloud]",
-      "AzureUSGovernment": "[variables('loadRoleDefinitions').AzureUSGovernment]"
-    },
-    "roleDefinitions": "[concat(variables('roleDefinitionsByCloudType').All, variables('roleDefinitionsByCloudType')[variables('cloudEnv')])]"
-  },
-  "resources": [
-    {
-      "copy": {
-        "name": "RoleDefinitions",
-        "count": "[length(variables('roleDefinitions'))]"
-      },
-      "type": "Microsoft.Authorization/roleDefinitions",
-      "apiVersion": "2022-04-01",
-      "name": "[guid(variables('roleDefinitions')[copyIndex()].properties.roleName, managementGroup().name)]",
-      "properties": {
-        "roleName": "[format('[{0}] {1}', managementGroup().name, variables('roleDefinitions')[copyIndex()].properties.roleName)]",
-        "description": "[variables('roleDefinitions')[copyIndex()].properties.description]",
-        "type": "[variables('roleDefinitions')[copyIndex()].properties.type]",
-        "permissions": "[variables('roleDefinitions')[copyIndex()].properties.permissions]",
-        "assignableScopes": [
-          "[managementGroup().id]"
-        ]
-      }
-    }
-  ]
-}
\ No newline at end of file

From ec6177a40920ec05724efe278f7188f1d3e9d9c5 Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Fri, 18 Oct 2024 21:08:49 +0800
Subject: [PATCH 37/43] Update to hide vWAN routing intent for mooncake in
 Sencondary region

---
 eslzArm/eslz-portal.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eslzArm/eslz-portal.json b/eslzArm/eslz-portal.json
index 44b9d879d7..02aecd9d13 100644
--- a/eslzArm/eslz-portal.json
+++ b/eslzArm/eslz-portal.json
@@ -3581,7 +3581,7 @@
                                     "type": "Microsoft.Common.OptionsGroup",
                                     "label": "Enable vWAN Routing Intent in your second",
                                     "defaultValue": "No",
-                                    "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), equals(steps('connectivity').esNetworkSecondarySubSection.enableAzFwSecondary, 'Yes'))]",
+                                    "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), equals(steps('connectivity').esNetworkSecondarySubSection.enableAzFwSecondary, 'Yes'), not(equals(steps('basics').cloudEnvironment.selection, 'AzureChinaCloud')))]",
                                     "toolTip": "Enable vWan Routing Intent and set Azure Firewall as the next hop either for Internet Traffic, Private Traffic or both",
                                     "constraints": {
                                         "allowedValues": [

From fbea8cc94a3000eed6ccb86b337e89f08de42f36 Mon Sep 17 00:00:00 2001
From: Yuan Zhang <114724932+yuanzhang9@users.noreply.github.com>
Date: Fri, 18 Oct 2024 21:30:17 +0800
Subject: [PATCH 38/43] Add files via upload

---
 .../customRoleDefinitions.json                | 170 ++++++++++++++++++
 1 file changed, 170 insertions(+)
 create mode 100644 eslzArm/managementGroupTemplates/roleDefinitions/customRoleDefinitions.json

diff --git a/eslzArm/managementGroupTemplates/roleDefinitions/customRoleDefinitions.json b/eslzArm/managementGroupTemplates/roleDefinitions/customRoleDefinitions.json
new file mode 100644
index 0000000000..87e9aa6628
--- /dev/null
+++ b/eslzArm/managementGroupTemplates/roleDefinitions/customRoleDefinitions.json
@@ -0,0 +1,170 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "metadata": {
+    "_generator": {
+      "name": "bicep",
+      "version": "0.22.6.54827",
+      "templateHash": "14490525755972949150"
+    }
+  },
+  "variables": {
+    "$fxv#0": {
+      "name": "c9a07a05-a1fc-53fe-a565-5eed25597c03",
+      "type": "Microsoft.Authorization/roleDefinitions",
+      "apiVersion": "2022-04-01",
+      "properties": {
+        "roleName": "Application-Owners",
+        "description": "Contributor role granted for application/operations team at resource group level",
+        "type": "customRole",
+        "permissions": [
+          {
+            "actions": [
+              "*"
+            ],
+            "notActions": [
+              "Microsoft.Authorization/*/write",
+              "Microsoft.Network/publicIPAddresses/write",
+              "Microsoft.Network/virtualNetworks/write",
+              "Microsoft.KeyVault/locations/deletedVaults/purge/action"
+            ],
+            "dataActions": [],
+            "notDataActions": []
+          }
+        ],
+        "assignableScopes": [
+          "/providers/Microsoft.Management/managementGroups/contoso"
+        ]
+      }
+    },
+    "$fxv#1": {
+      "name": "402344ce-48c4-5ac1-9320-16726050f964",
+      "type": "Microsoft.Authorization/roleDefinitions",
+      "apiVersion": "2022-04-01",
+      "properties": {
+        "roleName": "Subscription-Owner",
+        "description": "Delegated role for subscription owner generated from subscription Owner role",
+        "type": "customRole",
+        "permissions": [
+          {
+            "actions": [
+              "*"
+            ],
+            "notActions": [
+              "Microsoft.Authorization/*/write",
+              "Microsoft.Network/vpnGateways/*",
+              "Microsoft.Network/expressRouteCircuits/*",
+              "Microsoft.Network/routeTables/write",
+              "Microsoft.Network/vpnSites/*"
+            ],
+            "dataActions": [],
+            "notDataActions": []
+          }
+        ],
+        "assignableScopes": [
+          "/providers/Microsoft.Management/managementGroups/contoso"
+        ]
+      }
+    },
+    "$fxv#2": {
+      "name": "d3584a79-4f0d-5980-aa3c-7a76ba783b76",
+      "type": "Microsoft.Authorization/roleDefinitions",
+      "apiVersion": "2022-04-01",
+      "properties": {
+        "roleName": "Security-Operations",
+        "description": "Security Administrator role with a horizontal view across the entire Azure estate and the Azure Key Vault purge policy.",
+        "type": "customRole",
+        "permissions": [
+          {
+            "actions": [
+              "*/read",
+              "*/register/action",
+              "Microsoft.KeyVault/locations/deletedVaults/purge/action",
+              "Microsoft.PolicyInsights/*",
+              "Microsoft.Authorization/policyAssignments/*",
+              "Microsoft.Authorization/policyDefinitions/*",
+              "Microsoft.Authorization/policyExemptions/*",
+              "Microsoft.Authorization/policySetDefinitions/*",
+              "Microsoft.Insights/alertRules/*",
+              "Microsoft.Resources/deployments/*",
+              "Microsoft.Security/*",
+              "Microsoft.Support/*"
+            ],
+            "notActions": [],
+            "dataActions": [],
+            "notDataActions": []
+          }
+        ],
+        "assignableScopes": [
+          "/providers/Microsoft.Management/managementGroups/contoso"
+        ]
+      }
+    },
+    "$fxv#3": {
+      "name": "dc726155-3983-5405-b446-9bb27b94e02c",
+      "type": "Microsoft.Authorization/roleDefinitions",
+      "apiVersion": "2022-04-01",
+      "properties": {
+        "roleName": "Network-Management",
+        "description": "Platform-wide global connectivity management: virtual networks, UDRs, NSGs, NVAs, VPN, Azure ExpressRoute, and others",
+        "type": "customRole",
+        "permissions": [
+          {
+            "actions": [
+              "*/read",
+              "Microsoft.Network/*",
+              "Microsoft.Resources/deployments/*",
+              "Microsoft.Support/*"
+            ],
+            "notActions": [],
+            "dataActions": [],
+            "notDataActions": []
+          }
+        ],
+        "assignableScopes": [
+          "/providers/Microsoft.Management/managementGroups/contoso"
+        ]
+      }
+    },
+    "cloudEnv": "[environment().name]",
+    "loadRoleDefinitions": {
+      "All": [
+        "[variables('$fxv#0')]",
+        "[variables('$fxv#1')]"
+      ],
+      "AzureCloud": [
+        "[variables('$fxv#2')]",
+        "[variables('$fxv#3')]"
+      ],
+      "AzureChinaCloud": [],
+      "AzureUSGovernment": []
+    },
+    "roleDefinitionsByCloudType": {
+      "All": "[variables('loadRoleDefinitions').All]",
+      "AzureCloud": "[variables('loadRoleDefinitions').AzureCloud]",
+      "AzureChinaCloud": "[variables('loadRoleDefinitions').AzureChinaCloud]",
+      "AzureUSGovernment": "[variables('loadRoleDefinitions').AzureUSGovernment]"
+    },
+    "roleDefinitions": "[concat(variables('roleDefinitionsByCloudType').All, variables('roleDefinitionsByCloudType')[variables('cloudEnv')])]"
+  },
+  "resources": [
+    {
+      "copy": {
+        "name": "RoleDefinitions",
+        "count": "[length(variables('roleDefinitions'))]"
+      },
+      "type": "Microsoft.Authorization/roleDefinitions",
+      "apiVersion": "2022-04-01",
+      "name": "[guid(variables('roleDefinitions')[copyIndex()].properties.roleName, managementGroup().name)]",
+      "properties": {
+        "roleName": "[format('[{0}] {1}', managementGroup().name, variables('roleDefinitions')[copyIndex()].properties.roleName)]",
+        "description": "[variables('roleDefinitions')[copyIndex()].properties.description]",
+        "type": "[variables('roleDefinitions')[copyIndex()].properties.type]",
+        "permissions": "[variables('roleDefinitions')[copyIndex()].properties.permissions]",
+        "assignableScopes": [
+          "[managementGroup().id]"
+        ]
+      }
+    }
+  ]
+}
\ No newline at end of file

From 007cfdfbef1521c0a4af17b18767b9b6309d7329 Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Fri, 18 Oct 2024 21:37:47 +0800
Subject: [PATCH 39/43] Recomit to exclude auto-generated file

---
 eslzArm/eslz-portal.json                      |   16 +-
 eslzArm/eslzArm.json                          |   94 +-
 ...-DINE-APPEND-TLS-SSL-PolicyAssignment.json |   80 +
 ...mcDENY-PublicEndpointPolicyAssignment.json |   60 +
 .../mcDINE-MDFCConfigPolicyAssignment.json    |    2 +-
 ...cDINE-PrivateDNSZonesPolicyAssignment.json |  406 ++
 ...CE-ALZ-DecommissionedPolicyAssignment.json |   96 +
 .../mcENFORCE-BackupPolicyAssignment.json     |   58 +
 ...CE-GuardrailsKeyVaultPolicyAssignment.json |   53 +
 ...-RegulatoryCompliancePolicyAssignment.json | 4357 +++++++++++++++++
 .../mcmdfcConfiguration.json                  |  683 +++
 .../Deploy-Vm-autoShutdown.json               |    5 +-
 ...y-PublicPaaSEndpoints.AzureChinaCloud.json |    6 +-
 ...gnostics-LogAnalytics.AzureChinaCloud.json |    2 +-
 .../Deploy-MDFC-Config.AzureChinaCloud.json   |    2 +-
 ...loy-Private-DNS-Zones.AzureChinaCloud.json |  930 +++-
 .../Enforce-ALZ-Decomm.AzureChinaCloud.json   |   44 +
 .../Enforce-ALZ-Decomm.json                   |    1 -
 .../Enforce-Backup.AzureChinaCloud.json       |   75 +
 ...cryptTransit_20240509.AzureChinaCloud.json |  893 ++++
 .../Enforce-EncryptTransit_20240509.json      |    1 -
 ...nforce-Encryption-CMK.AzureChinaCloud.json |    2 +-
 ...Guardrails-Automation.AzureChinaCloud.json |   79 +
 .../Enforce-Guardrails-Automation.json        |    1 -
 ...rdrails-ContainerApps.AzureChinaCloud.json |   43 +
 .../Enforce-Guardrails-ContainerApps.json     |    1 -
 ...e-Guardrails-CosmosDb.AzureChinaCloud.json |  104 +
 .../Enforce-Guardrails-CosmosDb.json          |    1 -
 ...ardrails-KeyVault-Sup.AzureChinaCloud.json |   42 +
 .../Enforce-Guardrails-KeyVault-Sup.json      |    1 -
 ...e-Guardrails-KeyVault.AzureChinaCloud.json |  664 +++
 .../Enforce-Guardrails-KeyVault.json          |    1 -
 ...orce-Guardrails-MySQL.AzureChinaCloud.json |   42 +
 .../Enforce-Guardrails-MySQL.json             |    1 -
 ...ce-Guardrails-Network.AzureChinaCloud.json |  364 ++
 .../Enforce-Guardrails-Network.json           |    1 -
 ...ce-Guardrails-Storage.AzureChinaCloud.json |  443 ++
 .../Enforce-Guardrails-Storage.json           |    1 -
 src/templates/initiatives.bicep               |   51 +-
 src/templates/policies.bicep                  |    2 +-
 src/templates/roles.bicep                     |    7 +-
 41 files changed, 9541 insertions(+), 174 deletions(-)
 create mode 100644 eslzArm/managementGroupTemplates/policyAssignments/china/mcDENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json
 create mode 100644 eslzArm/managementGroupTemplates/policyAssignments/china/mcDENY-PublicEndpointPolicyAssignment.json
 create mode 100644 eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json
 create mode 100644 eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-ALZ-DecommissionedPolicyAssignment.json
 create mode 100644 eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-BackupPolicyAssignment.json
 create mode 100644 eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-GuardrailsKeyVaultPolicyAssignment.json
 create mode 100644 eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-RegulatoryCompliancePolicyAssignment.json
 create mode 100644 eslzArm/subscriptionTemplates/mcmdfcConfiguration.json
 create mode 100644 src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.AzureChinaCloud.json
 create mode 100644 src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Backup.AzureChinaCloud.json
 create mode 100644 src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.AzureChinaCloud.json
 create mode 100644 src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.AzureChinaCloud.json
 create mode 100644 src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.AzureChinaCloud.json
 create mode 100644 src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.AzureChinaCloud.json
 create mode 100644 src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.AzureChinaCloud.json
 create mode 100644 src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json
 create mode 100644 src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.AzureChinaCloud.json
 create mode 100644 src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json
 create mode 100644 src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.AzureChinaCloud.json

diff --git a/eslzArm/eslz-portal.json b/eslzArm/eslz-portal.json
index 72b639af87..02aecd9d13 100644
--- a/eslzArm/eslz-portal.json
+++ b/eslzArm/eslz-portal.json
@@ -504,7 +504,7 @@
                                     }
                                 ]
                             },
-                            "visible": "[equals(steps('management').enableLogAnalytics,'Yes')]"
+                            "visible": "[and(equals(steps('management').enableLogAnalytics,'Yes'), equals(steps('basics').cloudEnvironment.selection, 'AzureCloud'))]"
                         },
                         {
                             "name": "enableUpdateMgmt",
@@ -1204,7 +1204,7 @@
                             "type": "Microsoft.Common.OptionsGroup",
                             "label": "Enable DDoS Network Protection",
                             "defaultValue": "Yes (recommended)",
-                            "visible": "[not(equals(steps('connectivity').enableHub, 'No'))]",
+                            "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('basics').cloudEnvironment.selection, 'AzureChinaCloud')))]",
                             "toolTip": "If 'Yes' is selected when also adding a connectivity subscription, DDoS Network Protection will be enabled on the connectivity virtual network. Please note that DDoS Network Protection does incur additional costs that need to be considered, for more information: <a href=\"https://azure.microsoft.com/en-us/pricing/details/ddos-protection/#pricing\">DDoS Network Protection pricing</a>.",
                             "constraints": {
                                 "allowedValues": [
@@ -2466,7 +2466,7 @@
                             "type": "Microsoft.Common.OptionsGroup",
                             "label": "Enable vWAN Routing Intent",
                             "defaultValue": "No",
-                            "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), equals(steps('connectivity').enableAzFw, 'Yes'))]",
+                            "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), equals(steps('connectivity').enableAzFw, 'Yes'), not(equals(steps('basics').cloudEnvironment.selection, 'AzureChinaCloud')))]",
                             "toolTip": "Enable vWan Routing Intent and set Azure Firewall as the next hop either for Internet Traffic, Private Traffic or both",
                             "constraints": {
                                 "allowedValues": [
@@ -3581,7 +3581,7 @@
                                     "type": "Microsoft.Common.OptionsGroup",
                                     "label": "Enable vWAN Routing Intent in your second",
                                     "defaultValue": "No",
-                                    "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), equals(steps('connectivity').esNetworkSecondarySubSection.enableAzFwSecondary, 'Yes'))]",
+                                    "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), equals(steps('connectivity').esNetworkSecondarySubSection.enableAzFwSecondary, 'Yes'), not(equals(steps('basics').cloudEnvironment.selection, 'AzureChinaCloud')))]",
                                     "toolTip": "Enable vWan Routing Intent and set Azure Firewall as the next hop either for Internet Traffic, Private Traffic or both",
                                     "constraints": {
                                         "allowedValues": [
@@ -4324,7 +4324,7 @@
                                             }
                                         ]
                                     },
-                                    "visible": "[equals(steps('management').enableLogAnalytics,'Yes')]"
+                                    "visible": "[and(equals(steps('management').enableLogAnalytics,'Yes'), equals(steps('basics').cloudEnvironment.selection, 'AzureCloud'))]"
                                 },
                                 {
                                     "name": "enableVmssMonitoring",
@@ -4348,7 +4348,7 @@
                                             }
                                         ]
                                     },
-                                    "visible": "[equals(steps('management').enableLogAnalytics,'Yes')]"
+                                    "visible": "[and(equals(steps('management').enableLogAnalytics,'Yes'), equals(steps('basics').cloudEnvironment.selection, 'AzureCloud'))]"
                                 },
                                 {
                                     "name": "enableVmHybridMonitoring",
@@ -4372,7 +4372,7 @@
                                             }
                                         ]
                                     },
-                                    "visible": "[equals(steps('management').enableLogAnalytics,'Yes')]"
+                                    "visible": "[and(equals(steps('management').enableLogAnalytics,'Yes'), equals(steps('basics').cloudEnvironment.selection, 'AzureCloud'))]"
                                 },
                                 {
                                     "name": "enableAksPolicy",
@@ -4756,7 +4756,7 @@
                                             }
                                         ]
                                     },
-                                    "visible": true
+                                    "visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]"
                                 }
                             ],
                             "visible": true
diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json
index 0233736be1..104f7fdf5d 100644
--- a/eslzArm/eslzArm.json
+++ b/eslzArm/eslzArm.json
@@ -1575,13 +1575,80 @@
             "monitorRepo": "https://raw.githubusercontent.com/Azure/azure-monitor-baseline-alerts/2023-11-14/"
         },
         // Declaring all required deployment uri's used for deployments of composite ARM templates for ESLZ
+        // Referring to different Policy Set definition for different cloud enviornment
         "azPrivateDnsPolicyAssignmentMapping": {
             "https://management.azure.com/": "managementGroupTemplates/policyAssignments/DINE-PrivateDNSZonesPolicyAssignment.json",
             "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/gov/fairfaxDINE-PrivateDNSZonesPolicyAssignment.json",
-            "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcDINE-MDFCConfigPolicyAssignment.json"
+            "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json"
 
         },
         "azPrivateDnsPolicyAssignment": "[variables('azPrivateDnsPolicyAssignmentMapping')[environment().resourceManager]]",
+
+        "PublicEndpointPolicyAssignmentMapping": {
+            "https://management.azure.com/": "managementGroupTemplates/policyAssignments/DENY-PublicEndpointPolicyAssignment.json",
+            "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/DENY-PublicEndpointPolicyAssignment.json", // This needs to be updated for USGovernmentCloud
+            "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcDENY-PublicEndpointPolicyAssignment.json"
+
+        },
+        "PublicEndpointPolicyAssignment": "[variables('PublicEndpointPolicyAssignmentMapping')[environment().resourceManager]]",
+
+        "regulatoryCompliancePolicyAssignmentMapping": {
+            "https://management.azure.com/": "managementGroupTemplates/policyAssignments/ENFORCE-RegulatoryCompliancePolicyAssignment.json",
+            "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/ENFORCE-RegulatoryCompliancePolicyAssignment.json", // This needs to be updated for USGovernmentCloud
+            "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcENFORCE-RegulatoryCompliancePolicyAssignment.json"
+
+        },
+        "regulatoryCompliancePolicy": "[variables('regulatoryCompliancePolicyAssignmentMapping')[environment().resourceManager]]",
+
+        "mdfcConfigPolicyInitiativeMapping": {
+            "https://management.azure.com/": "managementGroupTemplates/policyAssignments/DINE-MDFCConfigPolicyAssignment.json",
+            "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/DINE-MDFCConfigPolicyAssignment.json", // This needs to be updated for USGovernmentCloud
+            "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcDINE-MDFCConfigPolicyAssignment.json"
+
+        },
+        "mdfcConfigPolicyInitiative": "[variables('mdfcConfigPolicyInitiativeMapping')[environment().resourceManager]]",
+
+        "tlsSslPolicyAssignmentMapping": {
+            "https://management.azure.com/": "managementGroupTemplates/policyAssignments/DENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json",
+            "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/DENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json", // This needs to be updated for USGovernmentCloud
+            "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcDENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json"
+
+        },
+        "tlsSslPolicyAssignment": "[variables('tlsSslPolicyAssignmentMapping')[environment().resourceManager]]",
+
+        "backupPolicyAssignmentMapping": {
+            "https://management.azure.com/": "managementGroupTemplates/policyAssignments/ENFORCE-BackupPolicyAssignment.json",
+            "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/ENFORCE-BackupPolicyAssignment.json", // This needs to be updated for USGovernmentCloud
+            "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcENFORCE-BackupPolicyAssignment.json"
+
+        },
+        "backupPolicyAssignment": "[variables('backupPolicyAssignmentMapping')[environment().resourceManager]]",
+
+        "kvGuardrailsPolicyAssignmentMapping": {
+            "https://management.azure.com/": "managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsKeyVaultPolicyAssignment.json",
+            "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsKeyVaultPolicyAssignment.json", // This needs to be updated for USGovernmentCloud
+            "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcENFORCE-GuardrailsKeyVaultPolicyAssignment.json"
+
+        },
+        "kvGuardrailsPolicyAssignment": "[variables('kvGuardrailsPolicyAssignmentMapping')[environment().resourceManager]]",
+
+        "decommissionPolicyAssignmentMapping": {
+            "https://management.azure.com/": "managementGroupTemplates/policyAssignments/ENFORCE-ALZ-DecommissionedPolicyAssignment.json",
+            "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/ENFORCE-ALZ-DecommissionedPolicyAssignment.json", // This needs to be updated for USGovernmentCloud
+            "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcENFORCE-ALZ-DecommissionedPolicyAssignment.json"
+
+        }, 
+        "decommissionPolicyAssignment": "[variables('decommissionPolicyAssignmentMapping')[environment().resourceManager]]",
+        
+        "MDFCSubscriptionEnablementMapping": {
+            "https://management.azure.com/": "subscriptionTemplates/mdfcConfiguration.json",
+            "https://management.usgovcloudapi.net": "subscriptionTemplates/mdfcConfiguration.json", // This needs to be updated for USGovernmentCloud
+            "https://management.chinacloudapi.cn": "subscriptionTemplates/mcmdfcConfiguration.json"
+
+        },
+        "MDFCSubscriptionEnablement": "[variables('MDFCSubscriptionEnablementMapping')[environment().resourceManager]]",
+
+
         "deploymentUris": {
             "managementGroups": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/mgmtGroupStructure/mgmtGroups.json')]",
             "managementGroupsLite": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/mgmtGroupStructure/mgmtGroupsLite.json')]",
@@ -1600,10 +1667,10 @@
             "logAnalyticsPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-LogAnalyticsPolicyAssignment.json')]",
             "monitoringSolutions": "[uri(deployment().properties.templateLink.uri, 'subscriptionTemplates/logAnalyticsSolutions.json')]",
             "asbPolicyInitiative": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-ASBPolicyAssignment.json')]",
-            "regulatoryComplianceInitaitves": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/ENFORCE-RegulatoryCompliancePolicyAssignment.json')]",
+            "regulatoryComplianceInitaitves": "[uri(deployment().properties.templateLink.uri, variables('regulatoryCompliancePolicy'))]",
             "resourceDiagnosticsInitiative": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-ResourceDiagnosticsPolicyAssignment.json')]",
             "activityDiagnosticsPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-ActivityLogPolicyAssignment.json')]",
-            "mdfcConfigPolicyInitiative": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-MDFCConfigPolicyAssignment.json')]",
+            "mdfcConfigPolicyInitiative": "[uri(deployment().properties.templateLink.uri, variables('mdfcConfigPolicyInitiative'))]",
             "mdEnpointsPolicyInitiative": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-MDEndpointsPolicyAssignment.json')]",
             "mdEnpointsAMAPolicyInitiative": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-MDEndpointsAMAPolicyAssignment.json')]",
             "atpOssDbPolicyInitiative": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-AtpOssDbPolicyAssignment.json')]",
@@ -1615,17 +1682,17 @@
             "azPolicyForAksPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-AksPolicyPolicyAssignment.json')]",
             "aksPrivEscalationPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-AksPrivEscalationPolicyAssignment.json')]",
             "aksPrivilegedPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-AksPrivilegedPolicyAssignment.json')]",
-            "tlsSslPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json')]",
+            "tlsSslPolicyAssignment": "[uri(deployment().properties.templateLink.uri, variables('tlsSslPolicyAssignment'))]",
             "aksHttpsPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-AksWithoutHttpsPolicyAssignment.json')]",
             "ipFwdPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-IPForwardingPolicyAssignment.json')]",
-            "publicEndpointPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-PublicEndpointPolicyAssignment.json')]",
+            "publicEndpointPolicyAssignment": "[uri(deployment().properties.templateLink.uri, variables('PublicEndpointPolicyAssignment'))]",
             "privateDnsZonePolicyAssignment": "[uri(deployment().properties.templateLink.uri, variables('azPrivateDnsPolicyAssignment'))]",
             "pipPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-PublicIpAddressPolicyAssignment.json')]",
             "pipOnNicPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-PublicIpAddressOnNICPolicyAssignment.json')]",
             "mgmtFromInternetPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-MgmtPortsFromInternetPolicyAssignment.json')]",
             "storageHttpsPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-StorageWithoutHttpsPolicyAssignment.json')]",
-            "kvGuardrailsPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsKeyVaultPolicyAssignment.json')]",
-            "backupPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/ENFORCE-BackupPolicyAssignment.json')]",
+            "kvGuardrailsPolicyAssignment": "[uri(deployment().properties.templateLink.uri, variables('kvGuardrailsPolicyAssignment'))]",
+            "backupPolicyAssignment": "[uri(deployment().properties.templateLink.uri, variables('backupPolicyAssignment'))]",
             "denyHybridNetworkingPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-HybridNetworkingPolicyAssignment.json')]",
             "auditPeDnsZonesPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/AUDIT-PeDnsZonesPolicyAssignment.json')]",
             "auditAppGwWafPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/AUDIT-AppGwWafPolicyAssignment.json')]",
@@ -1634,7 +1701,7 @@
             "sqlAuditPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-SQLAuditingPolicyAssignment.json')]",
             "sqlEncryptionPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-SQLEncryptionPolicyAssignment.json')]",
             "sqlThreatPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-SQLThreatPolicyAssignment.json')]",
-            "decommissionPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/ENFORCE-ALZ-DecommissionedPolicyAssignment.json')]",
+            "decommissionPolicyAssignment": "[uri(deployment().properties.templateLink.uri, variables('decommissionPolicyAssignment'))]",
             "sandboxPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/ENFORCE-ALZ-SandboxPolicyAssignment.json')]",
             "ddosPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/MODIFY-DDoSPolicyAssignment.json')]",
             "corpVnetPeering": "[uri(deployment().properties.templateLink.uri, 'subscriptionTemplates/vnetPeering.json')]",
@@ -1660,7 +1727,7 @@
             "ChangeTrackingVmssPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-ChangeTrackingVMSSPolicyAssignment.json')]",
             "MDFCDefenderSqlAma": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-MDFCDefenderSQLAMAPolicyAssignment.json')]",
             "dataCollectionRuleMdfcDefenderSQL": "[uri(deployment().properties.templateLink.uri, 'resourceGroupTemplates/dataCollectionRule-DefenderSQL.json')]",
-            "MDFCSubscriptionEnablement": "[uri(deployment().properties.templateLink.uri, 'subscriptionTemplates/mdfcConfiguration.json')]",
+            "MDFCSubscriptionEnablement": "[uri(deployment().properties.templateLink.uri, variables('MDFCSubscriptionEnablement'))]",
             // Workload Specific Compliance Initiatives
             "wsCMKPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/ENFORCE-EncryptionCMKPolicyAssignment.json')]",
             "wsAPIMPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsAPIMPolicyAssignment.json')]",
@@ -2619,7 +2686,8 @@
         },
         {
             // Deploying Diagnostic Settings to management groups if Log Analytics was deployed via a loop
-            "condition": "[and(empty(parameters('singlePlatformSubscriptionId')), not(empty(parameters('managementSubscriptionId'))), equals(parameters('enableLogAnalytics'), 'Yes'))]",
+            // exclude Mooncake since Management Group Diagnostic Settings Rest API is NOT supported in Azure China. https://learn.microsoft.com/en-us/answers/questions/1640390/confirm-if-management-group-diagnostic-settings-re
+            "condition": "[and(empty(parameters('singlePlatformSubscriptionId')), not(empty(parameters('managementSubscriptionId'))), equals(parameters('enableLogAnalytics'), 'Yes'), not(equals(environment().resourceManager, 'https://management.chinacloudapi.cn')))]", 
             "type": "Microsoft.Resources/deployments",
             "apiVersion": "2020-10-01",
             "name": "[take(concat(variables('mgmtGroupsArray')[copyIndex()], variables('deploymentNames').diagnosticSettingsforMGsDeploymentName), 64)]",
@@ -4074,7 +4142,8 @@
         },
         {
             // Assigning Azure Monitor Resource Diagnostics policy to intermediate root management group if condition is true
-            "condition": "[and(or(not(empty(parameters('singlePlatformSubscriptionId'))), not(empty(parameters('managementSubscriptionId')))), equals(parameters('enableLogAnalytics'), 'Yes'))]",
+            // exclude China since the build-in initiative(0884adba-2312-4468-abeb-5422caed1038) doesn't exist in China
+            "condition": "[and(or(not(empty(parameters('singlePlatformSubscriptionId'))), not(empty(parameters('managementSubscriptionId')))), equals(parameters('enableLogAnalytics'), 'Yes'), not(equals(environment().resourceManager, 'https://management.chinacloudapi.cn')))]",
             "type": "Microsoft.Resources/deployments",
             "apiVersion": "2020-10-01",
             "name": "[variables('deploymentNames').resourceDiagnosticsPolicyDeploymentName]",
@@ -4104,7 +4173,8 @@
         },
         {
             // Assigning Azure Activity Diagnostics Log policy to intermediate root management group if condition is true
-            "condition": "[and(or(not(empty(parameters('singlePlatformSubscriptionId'))), not(empty(parameters('managementSubscriptionId')))), equals(parameters('enableLogAnalytics'), 'Yes'))]",
+            //exclude Mooncake since the build-in initiative(2465583e-4e78-4c15-b6be-a36cbc7c8b0f) doesn't exist in Mooncake
+            "condition": "[and(or(not(empty(parameters('singlePlatformSubscriptionId'))), not(empty(parameters('managementSubscriptionId')))), equals(parameters('enableLogAnalytics'), 'Yes'), not(equals(environment().resourceManager, 'https://management.chinacloudapi.cn')))]",  
             "type": "Microsoft.Resources/deployments",
             "apiVersion": "2020-10-01",
             "name": "[variables('deploymentNames').activityDiagnosticsPolicyDeploymentName]",
diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcDENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json
new file mode 100644
index 0000000000..21436d78ec
--- /dev/null
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json
@@ -0,0 +1,80 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "topLevelManagementGroupPrefix": {
+            "type": "string",
+            "metadata": {
+                "description": "Provide the ESLZ company prefix to the intermediate root management group containing the policy definitions."
+            }
+        },
+        "enforcementMode": {
+            "type": "string",
+            "allowedValues": [
+                "Default",
+                "DoNotEnforce"
+            ],
+            "defaultValue": "Default"
+        },
+        "nonComplianceMessagePlaceholder": {
+            "type": "string",
+            "defaultValue": "{enforcementMode}"
+        }
+    },
+    "variables": {
+        "policyDefinitions": {
+            "deployEncryptionInTransit": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509-AzureChinaCloud')]"
+        },
+        "policyAssignmentNames": {
+            "deployEncryptionInTransit": "Enforce-TLS-SSL-H224",
+            "description": "Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit.",
+            "displayName": "Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit"
+        },
+        "nonComplianceMessage": {
+            "message": "TLS and SSL {enforcementMode} be enabled for on resources without encryption in transit.",
+            "Default": "must",
+            "DoNotEnforce": "should"
+        },
+        "rbacOwner": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
+        "roleAssignmentNames": {
+            "deployEncryptionInTransit": "[guid(concat(parameters('topLevelManagementGroupPrefix'),variables('policyAssignmentNames').deployEncryptionInTransit))]"
+        }
+    },
+    "resources": [
+        {
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[variables('policyAssignmentNames').deployEncryptionInTransit]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[variables('policyAssignmentNames').description]",
+                "displayName": "[variables('policyAssignmentNames').displayName]",
+                "policyDefinitionId": "[variables('policyDefinitions').deployEncryptionInTransit]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "nonComplianceMessages": [
+                    {
+                        "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]"
+                    }
+                ],
+                "parameters": {}
+            }
+        },
+        {
+            "type": "Microsoft.Authorization/roleAssignments",
+            "apiVersion": "2019-04-01-preview",
+            "name": "[variables('roleAssignmentNames').deployEncryptionInTransit]",
+            "dependsOn": [
+                "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').deployEncryptionInTransit)]"
+            ],
+            "properties": {
+                "principalType": "ServicePrincipal",
+                "roleDefinitionId": "[concat('/providers/Microsoft.Authorization/roleDefinitions/', variables('rbacOwner'))]",
+                "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deployEncryptionInTransit), '2019-09-01', 'Full' ).identity.principalId)]"
+            }
+        }
+    ],
+    "outputs": {}
+}
\ No newline at end of file
diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcDENY-PublicEndpointPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDENY-PublicEndpointPolicyAssignment.json
new file mode 100644
index 0000000000..bd5516c435
--- /dev/null
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDENY-PublicEndpointPolicyAssignment.json
@@ -0,0 +1,60 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "topLevelManagementGroupPrefix": {
+            "type": "string",
+            "metadata": {
+                "description": "Provide the ESLZ company prefix to the intermediate root management group containing the policy definitions."
+            }
+        },
+        "enforcementMode": {
+            "type": "string",
+            "allowedValues": [
+                "Default",
+                "DoNotEnforce"
+            ],
+            "defaultValue": "Default"
+        },
+        "nonComplianceMessagePlaceholder": {
+            "type": "string",
+            "defaultValue": "{enforcementMode}"
+        }
+    },
+    "variables": {
+        "policyDefinitions": {
+            "denyPublicEndpoint": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints-AzureChinaCloud')]"
+        },
+        "policyAssignmentNames": {
+            "denyPublicEndpoint": "Deny-Public-Endpoints",
+            "displayName": "Public network access should be disabled for PaaS services",
+            "description": "This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints"
+        },
+        "nonComplianceMessage": {
+            "message": "Public network access {enforcementMode} be disabled for PaaS services.",
+            "Default": "must",
+            "DoNotEnforce": "should"
+        }
+    },
+    "resources": [
+        {
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[variables('policyAssignmentNames').denyPublicEndpoint]",
+            "location": "[deployment().location]",
+            "properties": {
+                "description": "[variables('policyAssignmentNames').description]",
+                "displayName": "[variables('policyAssignmentNames').displayName]",
+                "policyDefinitionId": "[variables('policyDefinitions').denyPublicEndpoint]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "nonComplianceMessages": [
+                    {
+                        "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]"
+                    }
+                ],
+                "parameters": {}
+            }
+        }
+    ],
+    "outputs": {}
+}
\ No newline at end of file
diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-MDFCConfigPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-MDFCConfigPolicyAssignment.json
index 7e35d539fd..1acc9d549a 100644
--- a/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-MDFCConfigPolicyAssignment.json
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-MDFCConfigPolicyAssignment.json
@@ -55,7 +55,7 @@
     },
     "variables": {
         "policyDefinitions": {
-            "deployAzureSecurity": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config')]"
+            "deployAzureSecurity": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config-AzureChinaCloud')]"
         },
         "policyAssignmentNames": {
             "azureSecurity": "Deploy-MDFC-Config",
diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json
new file mode 100644
index 0000000000..4e8caae62f
--- /dev/null
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json
@@ -0,0 +1,406 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "topLevelManagementGroupPrefix": {
+            "type": "string",
+            "metadata": {
+                "description": "Provide the ESLZ company prefix to the intermediate root management group containing the policy definitions."
+            }
+        },
+        "enforcementMode": {
+            "type": "string",
+            "allowedValues": [
+                "Default",
+                "DoNotEnforce"
+            ],
+            "defaultValue": "Default"
+        },
+        "nonComplianceMessagePlaceholder": {
+            "type": "string",
+            "defaultValue": "{enforcementMode}"
+        },
+        "dnsZoneResourceGroupId": {
+            "type": "string",
+            "metadata": {
+                "description": "Provide the resourceId of the resource group for private DNS, which will construct the full resourceId for the private DNS zones."
+            }
+        },
+        "location": {
+            "type": "string",
+            "metadata": {
+                "description": "Provide the location where the virtual network is created (hub)"
+            }
+        }
+    },
+    "variables": {
+        "azBackupGeoCodes": {
+            "australiacentral": "acl",
+            "australiacentral2": "acl2",
+            "australiaeast": "ae",
+            "australiasoutheast": "ase",
+            "brazilsouth": "brs",
+            "brazilsoutheast": "bse",
+            "centraluseuap": "ccy",
+            "canadacentral": "cnc",
+            "canadaeast": "cne",
+            "centralus": "cus",
+            "eastasia": "ea",
+            "eastus2euap": "ecy",
+            "eastus": "eus",
+            "eastus2": "eus2",
+            "francecentral": "frc",
+            "francesouth": "frs",
+            "germanynorth": "gn",
+            "germanywestcentral": "gwc",
+            "centralindia": "inc",
+            "southindia": "ins",
+            "westindia": "inw",
+            "italynorth": "itn",
+            "japaneast": "jpe",
+            "japanwest": "jpw",
+            "jioindiacentral": "jic",
+            "jioindiawest": "jiw",
+            "koreacentral": "krc",
+            "koreasouth": "krs",
+            "northcentralus": "ncus",
+            "northeurope": "ne",
+            "norwayeast": "nwe",
+            "norwaywest": "nww",
+            "qatarcentral": "qac",
+            "southafricanorth": "san",
+            "southafricawest": "saw",
+            "southcentralus": "scus",
+            "swedencentral": "sdc",
+            "swedensouth": "sds",
+            "southeastasia": "sea",
+            "switzerlandnorth": "szn",
+            "switzerlandwest": "szw",
+            "uaecentral": "uac",
+            "uaenorth": "uan",
+            "uksouth": "uks",
+            "ukwest": "ukw",
+            "westcentralus": "wcus",
+            "westeurope": "we",
+            "westus": "wus",
+            "westus2": "wus2",
+            "westus3": "wus3",
+            "usdodcentral": "udc",
+            "usdodeast": "ude",
+            "usgovarizona": "uga",
+            "usgoviowa": "ugi",
+            "usgovtexas": "ugt",
+            "usgovvirginia": "ugv",
+            "usnateast": "exe",
+            "usnatwest": "exw",
+            "usseceast": "rxe",
+            "ussecwest": "rxw",
+            "chinanorth": "bjb",
+            "chinanorth2": "bjb2",
+            "chinanorth3": "bjb3",
+            "chinaeast": "sha",
+            "chinaeast2": "sha2",
+            "chinaeast3": "sha3",
+            "germanycentral": "gec",
+            "germanynortheast": "gne"
+        },
+        "baseId": "[concat(parameters('dnsZoneResourceGroupId'), '/providers/Microsoft.Network/privateDnsZones/')]",
+        "policyParameterMapping": {
+            "azureFilePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.afs.azure.cn')]",
+            "azureAutomationWebhookPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azure-automation.cn')]",
+            "azureAutomationDSCHybridPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azure-automation.cn')]",
+            "azureCosmosSQLPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.documents.azure.cn')]",
+            "azureCosmosMongoPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.mongo.cosmos.azure.cn')]",
+            "azureCosmosCassandraPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.cassandra.cosmos.azure.cn')]",
+            "azureCosmosGremlinPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.gremlin.cosmos.azure.cn')]",
+            "azureCosmosTablePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.table.cosmos.azure.cn')]",
+            "azureDataFactoryPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.datafactory.azure.cn')]",
+            "azureDataFactoryPortalPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.adf.azure.cn')]",
+            //  Not supported in Mooncake yet
+            //"azureDatabricksPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azuredatabricks.net')]",
+            "azureHDInsightPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azurehdinsight.cn')]",
+            //  MigrateNot supported in Mooncake yet
+            //"azureMigratePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.prod.migration.windowsazure.com')]",
+            "azureStorageBlobPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.blob.core.chinacloudapi.cn')]",
+            "azureStorageBlobSecPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.blob.core.chinacloudapi.cn')]",
+            "azureStorageQueuePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.queue.core.chinacloudapi.cn')]",
+            "azureStorageQueueSecPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.queue.core.chinacloudapi.cn')]",
+            "azureStorageFilePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.file.core.chinacloudapi.cn')]",
+            "azureStorageStaticWebPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.web.core.chinacloudapi.cn')]",
+            "azureStorageStaticWebSecPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.web.core.chinacloudapi.cn')]",
+            "azureStorageDFSPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.dfs.core.chinacloudapi.cn')]",
+            "azureStorageDFSSecPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.dfs.core.chinacloudapi.cn')]",
+            "azureSynapseSQLPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.sql.azuresynapse.azure.cn')]",
+            "azureSynapseSQLODPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.sql.azuresynapse.azure.cn')]",
+            "azureSynapseDevPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.dev.azuresynapse.azure.cn')]",
+            "azureMonitorPrivateDnsZoneId1": "[concat(variables('baseId'), 'privatelink.monitor.azure.cn')]",
+            "azureMonitorPrivateDnsZoneId2": "[concat(variables('baseId'), 'privatelink.oms.opinsights.azure.cn')]",
+            "azureMonitorPrivateDnsZoneId3": "[concat(variables('baseId'), 'privatelink.ods.opinsights.azure.cn')]",
+            "azureMonitorPrivateDnsZoneId4": "[concat(variables('baseId'), 'privatelink.agentsvc.azure-automation.net')]", // No change for Mooncake
+            "azureMonitorPrivateDnsZoneId5": "[concat(variables('baseId'), 'privatelink.blob.core.chinacloudapi.cn')]",
+            // Private DNS zone for Azure Web is supported in mooncake, but the build-in policy(0b026355-49cb-467b-8ac4-f777874e175a) is not available.
+            //"azureWebPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.webpubsub.azure.cn')]",
+            "azureBatchPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.batch.chinacloudapi.cn')]",
+            "azureAppPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azconfig.azure.cn')]",
+            // Azure Site Recovery is NOT supported in Mooncake yet
+            //"azureAsrPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.siterecovery.windowsazure.com')]",
+            "azureIotPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azure-devices-provisioning.cn')]",
+            "azureKeyVaultPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.vaultcore.azure.cn')]",
+            "azureSignalRPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.service.signalr.azure.cn')]",
+            "azureAppServicesPrivateDnsZoneId": "[concat(variables('baseId'), '	privatelink.chinacloudsites.cn')]",
+            "azureEventGridTopicsPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.eventgrid.azure.cn')]",
+            "azureDiskAccessPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.blob.core.chinacloudapi.cn')]",
+            "azureCognitiveServicesPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.cognitiveservices.azure.cn')]",
+            "azureIotHubsPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azure-devices.cn')]",
+            "azureEventGridDomainsPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.eventgrid.azure.cn')]",
+            "azureRedisCachePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.redis.cache.chinacloudapi.cn')]",
+            "azureAcrPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azurecr.cn')]",
+            "azureEventHubNamespacePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.servicebus.chinacloudapi.cn')]",
+            "azureMachineLearningWorkspacePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.api.ml.azure.cn')]",
+            "azureMachineLearningWorkspaceSecondPrivateDnsZoneId" : "[concat(variables('baseId'), 'privatelink.notebooks.chinacloudapi.cn')]",
+            "azureServiceBusNamespacePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.servicebus.chinacloudapi.cn')]",
+            "azureCognitiveSearchPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.search.azure.cn')]",
+            //Azure Bot Service is NOT supported in Mooncake yet
+            //"azureBotServicePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.directline.botframework.com')]",
+            //Azure Managed Grafana is NOT supported in Mooncake yet
+            //"azureManagedGrafanaWorkspacePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.grafana.azure.com')]",
+            "azureVirtualDesktopHostpoolPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.wvd.azure.cn')]",
+            "azureVirtualDesktopWorkspacePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink-global.wvd.azure.cn')]",
+            // Remove "azureIotDeviceupdatePrivateDnsZoneId" due to missing built-in Policy Definitions(a222b93a-e6c2-4c01-817f-21e092455b2a)
+            //"azureIotDeviceupdatePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azure-devices.cn')]",
+            // Azure Arc is NOT supported in Mooncake yet
+            //"azureArcGuestconfigurationPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.guestconfiguration.azure.com')]",
+            //"azureArcHybridResourceProviderPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.his.arc.azure.com')]",
+            //"azureArcKubernetesConfigurationPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.dp.kubernetesconfiguration.azure.com')]",
+            // Azure IoT Central is NOT supported in Mooncake yet
+            //"azureIotCentralPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azureiotcentral.com')]",
+            "azureStorageTablePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.table.core.chinacloudapi.cn')]",
+            "azureStorageTableSecondaryPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.table.core.chinacloudapi.cn')]",
+            "azureSiteRecoveryBackupPrivateDnsZoneID": "[concat(variables('baseId'), replace('privatelink.regionGeoShortCode.backup.windowsazure.cn','regionGeoShortCode',variables('azBackupGeoCodes')[toLower(parameters('location'))]))]",
+            "azureSiteRecoveryBlobPrivateDnsZoneID": "[concat(variables('baseId'), 'privatelink.blob.core.chinacloudapi.cn')]",
+            "azureSiteRecoveryQueuePrivateDnsZoneID": "[concat(variables('baseId'), 'privatelink.queue.core.chinacloudapi.cn')]"
+        },
+        "policyDefinitions": {
+            "deployPrivateDnsZones": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones-AzureChinaCloud')]"
+        },
+        "policyAssignmentNames": {
+            "deployPrivateDnsZones": "Deploy-Private-DNS-Zones",
+            "displayName": "Configure Azure PaaS services to use private DNS zones",
+            "description": "This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones"
+        },
+        "nonComplianceMessage": {
+            "message": "Azure PaaS services {enforcementMode} use private DNS zones.",
+            "Default": "must",
+            "DoNotEnforce": "should"
+        },
+        "roleAssignmentNames": {
+            "deployPrivateDnsZones": "[guid(concat(parameters('topLevelManagementGroupPrefix'), variables('policyAssignmentNames').deployPrivateDnsZones))]"
+        },
+        "policyRbac": "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7"
+    },
+    "resources": [
+        {
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[variables('policyAssignmentNames').deployPrivateDnsZones]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[variables('policyAssignmentNames').description]",
+                "displayName": "[variables('policyAssignmentNames').displayName]",
+                "policyDefinitionId": "[variables('policyDefinitions').deployPrivateDnsZones]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "nonComplianceMessages": [
+                    {
+                        "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]"
+                    }
+                ],
+                "parameters": {
+                    "azureFilePrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureFilePrivateDnsZoneId]"
+                    },
+                    "azureAutomationWebhookPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureAutomationWebhookPrivateDnsZoneId]"
+                    },
+                    "azureAutomationDSCHybridPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureAutomationDSCHybridPrivateDnsZoneId]"
+                    },
+                    "azureCosmosSQLPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureCosmosSQLPrivateDnsZoneId]"
+                    },
+                    "azureCosmosMongoPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureCosmosMongoPrivateDnsZoneId]"
+                    },
+                    "azureCosmosCassandraPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureCosmosCassandraPrivateDnsZoneId]"
+                    },
+                    "azureCosmosGremlinPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureCosmosGremlinPrivateDnsZoneId]"
+                    },
+                    "azureCosmosTablePrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureCosmosTablePrivateDnsZoneId]"
+                    },
+                    "azureDataFactoryPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureDataFactoryPrivateDnsZoneId]"
+                    },
+                    "azureDataFactoryPortalPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureDataFactoryPortalPrivateDnsZoneId]"
+                    },
+                    "azureHDInsightPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureHDInsightPrivateDnsZoneId]"
+                    },
+
+                    "azureStorageBlobPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureStorageBlobPrivateDnsZoneId]"
+                    },
+                    "azureStorageBlobSecPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureStorageBlobSecPrivateDnsZoneId]"
+                    },
+                    "azureStorageQueuePrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureStorageQueuePrivateDnsZoneId]"
+                    },
+                    "azureStorageQueueSecPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureStorageQueueSecPrivateDnsZoneId]"
+                    },
+                    "azureStorageFilePrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureStorageFilePrivateDnsZoneId]"
+                    },
+                    "azureStorageStaticWebPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureStorageStaticWebPrivateDnsZoneId]"
+                    },
+                    "azureStorageStaticWebSecPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureStorageStaticWebSecPrivateDnsZoneId]"
+                    },
+                    "azureStorageDFSPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureStorageDFSPrivateDnsZoneId]"
+                    },
+                    "azureStorageDFSSecPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureStorageDFSSecPrivateDnsZoneId]"
+                    },
+                    "azureSynapseSQLPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureSynapseSQLPrivateDnsZoneId]"
+                    },
+                    "azureSynapseSQLODPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureSynapseSQLODPrivateDnsZoneId]"
+                    },
+                    "azureSynapseDevPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureSynapseDevPrivateDnsZoneId]"
+                    },
+                    "azureMonitorPrivateDnsZoneId1": {
+                        "value": "[variables('policyParameterMapping').azureMonitorPrivateDnsZoneId1]"
+                    },
+                    "azureMonitorPrivateDnsZoneId2": {
+                        "value": "[variables('policyParameterMapping').azureMonitorPrivateDnsZoneId2]"
+                    },
+                    "azureMonitorPrivateDnsZoneId3": {
+                        "value": "[variables('policyParameterMapping').azureMonitorPrivateDnsZoneId3]"
+                    },
+                    "azureMonitorPrivateDnsZoneId4": {
+                        "value": "[variables('policyParameterMapping').azureMonitorPrivateDnsZoneId4]"
+                    },
+                    "azureMonitorPrivateDnsZoneId5": {
+                        "value": "[variables('policyParameterMapping').azureMonitorPrivateDnsZoneId5]"
+                    },
+                    "azureBatchPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureBatchPrivateDnsZoneId]"
+                    },
+                    "azureAppPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureAppPrivateDnsZoneId]"
+                    },
+
+                    "azureIotPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureIotPrivateDnsZoneId]"
+                    },
+                    "azureKeyVaultPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureKeyVaultPrivateDnsZoneId]"
+                    },
+                    "azureSignalRPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureSignalRPrivateDnsZoneId]"
+                    },
+                    "azureAppServicesPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureAppServicesPrivateDnsZoneId]"
+                    },
+                    "azureEventGridTopicsPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureEventGridTopicsPrivateDnsZoneId]"
+                    },
+                    "azureDiskAccessPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureDiskAccessPrivateDnsZoneId]"
+                    },
+                    "azureCognitiveServicesPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureCognitiveServicesPrivateDnsZoneId]"
+                    },
+                    "azureIotHubsPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureIotHubsPrivateDnsZoneId]"
+                    },
+                    "azureEventGridDomainsPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureEventGridDomainsPrivateDnsZoneId]"
+                    },
+                    "azureRedisCachePrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureRedisCachePrivateDnsZoneId]"
+                    },
+                    "azureAcrPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureAcrPrivateDnsZoneId]"
+                    },
+                    "azureEventHubNamespacePrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureEventHubNamespacePrivateDnsZoneId]"
+                    },
+                    "azureMachineLearningWorkspacePrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureMachineLearningWorkspacePrivateDnsZoneId]"
+                    },
+                    "azureMachineLearningWorkspaceSecondPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureMachineLearningWorkspaceSecondPrivateDnsZoneId]"
+                    },
+                    "azureServiceBusNamespacePrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureServiceBusNamespacePrivateDnsZoneId]"
+                    },
+                    "azureCognitiveSearchPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureCognitiveSearchPrivateDnsZoneId]"
+                    },
+
+                    "azureVirtualDesktopHostpoolPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureVirtualDesktopHostpoolPrivateDnsZoneId]"
+                    },
+                    "azureVirtualDesktopWorkspacePrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureVirtualDesktopWorkspacePrivateDnsZoneId]"
+                    },
+                    "azureStorageTablePrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureStorageTablePrivateDnsZoneId]"
+                    },
+                    "azureStorageTableSecondaryPrivateDnsZoneId": {
+                        "value": "[variables('policyParameterMapping').azureStorageTableSecondaryPrivateDnsZoneId]"
+                    },
+                    "azureSiteRecoveryBackupPrivateDnsZoneID": {
+                        "value": "[variables('policyParameterMapping').azureSiteRecoveryBackupPrivateDnsZoneID]"
+                    },
+                    "azureSiteRecoveryBlobPrivateDnsZoneID": {
+                        "value": "[variables('policyParameterMapping').azureSiteRecoveryBlobPrivateDnsZoneID]"
+                    },
+                    "azureSiteRecoveryQueuePrivateDnsZoneID": {
+                        "value": "[variables('policyParameterMapping').azureSiteRecoveryQueuePrivateDnsZoneID]"
+                    }
+                }
+            }
+        },
+        {
+            "type": "Microsoft.Authorization/roleAssignments",
+            "apiVersion": "2019-04-01-preview",
+            "name": "[variables('roleAssignmentNames').deployPrivateDnsZones]",
+            "dependsOn": [
+                "[variables('policyAssignmentNames').deployPrivateDnsZones]"
+            ],
+            "properties": {
+                "principalType": "ServicePrincipal",
+                "roleDefinitionId": "[variables('policyRbac')]",
+                "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deployPrivateDnsZones), '2019-09-01', 'Full').identity.principalId)]"
+            }
+        }
+    ],
+    "outputs": {
+        "principalId": {
+            "type": "string",
+            "value": "[reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deployPrivateDnsZones), '2019-09-01', 'Full').identity.principalId]"
+        }
+    }
+}
\ No newline at end of file
diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-ALZ-DecommissionedPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-ALZ-DecommissionedPolicyAssignment.json
new file mode 100644
index 0000000000..a957918d71
--- /dev/null
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-ALZ-DecommissionedPolicyAssignment.json
@@ -0,0 +1,96 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "topLevelManagementGroupPrefix": {
+            "type": "string",
+            "metadata": {
+                "description": "Provide the ESLZ company prefix to the intermediate root management group containing the policy definitions."
+            }
+        },
+        "enforcementMode": {
+            "type": "string",
+            "allowedValues": [
+                "Default",
+                "DoNotEnforce"
+            ],
+            "defaultValue": "Default"
+        },
+        "nonComplianceMessagePlaceholder": {
+            "type": "string",
+            "defaultValue": "{enforcementMode}"
+        },
+        "listOfResourceTypesAllowed": {
+            "type": "Array",
+            "defaultValue": [
+                "microsoft.consumption/tags",
+                "microsoft.authorization/roleassignments",
+                "microsoft.authorization/roledefinitions",
+                "microsoft.authorization/policyassignments",
+                "microsoft.authorization/locks",
+                "microsoft.authorization/policydefinitions",
+                "microsoft.authorization/policysetdefinitions",
+                "microsoft.resources/tags",
+                "microsoft.authorization/roleeligibilityschedules",
+                "microsoft.authorization/roleeligibilityscheduleinstances",
+                "microsoft.authorization/roleassignmentschedules",
+                "microsoft.authorization/roleassignmentscheduleinstances"
+            ]
+        }
+    },
+    "variables": {
+        "policyDefinitions": {
+            "enforceAlzDecommissioned": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm-AzureChinaCloud')]"
+        },
+        "policyAssignmentNames": {
+            "alzDecommission": "Enforce-ALZ-Decomm",
+            "description": "This initiative will help enforce and govern subscriptions that are placed within the decommissioned Management Group as part of your Subscription decommissioning process. See https://aka.ms/alz/policies for more information.",
+            "displayName": "Enforce ALZ Decommissioned Guardrails"
+        },
+        "nonComplianceMessage": {
+            "message": "ALZ Decommissioned Guardrails {enforcementMode} be enforced.",
+            "Default": "must",
+            "DoNotEnforce": "should"
+        },
+        "rbacVMContributor": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
+        "roleAssignmentNames": {
+            "deployDecommRoles": "[guid(concat(parameters('topLevelManagementGroupPrefix'), variables('policyAssignmentNames').alzDecommission))]"
+            }
+    },
+    "resources": [
+        {
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[variables('policyAssignmentNames').alzDecommission]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[variables('policyAssignmentNames').description]",
+                "displayName": "[variables('policyAssignmentNames').displayName]",
+                "policyDefinitionId": "[variables('policyDefinitions').enforceAlzDecommissioned]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "parameters": {
+                    "listOfResourceTypesAllowed": {
+                        "value": "[parameters('listOfResourceTypesAllowed')]"
+                    }
+                }
+            }
+        },
+        {
+            "type": "Microsoft.Authorization/roleAssignments",
+            "apiVersion": "2019-04-01-preview",
+            "name": "[variables('roleAssignmentNames').deployDecommRoles]",
+            "dependsOn": [
+                "[variables('policyAssignmentNames').alzDecommission]"
+            ],
+            "properties": {
+                "principalType": "ServicePrincipal",
+                "roleDefinitionId": "[concat('/providers/Microsoft.Authorization/roleDefinitions/', variables('rbacVMContributor'))]",
+                "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').alzDecommission), '2019-09-01', 'Full' ).identity.principalId)]"
+            }
+        }
+    ],
+    "outputs": {}
+}
\ No newline at end of file
diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-BackupPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-BackupPolicyAssignment.json
new file mode 100644
index 0000000000..5e935590b2
--- /dev/null
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-BackupPolicyAssignment.json
@@ -0,0 +1,58 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "topLevelManagementGroupPrefix": {
+            "type": "string",
+            "metadata": {
+                "description": "Provide the ESLZ company prefix to the intermediate root management group containing the policy definitions."
+            }
+        },
+        "enforcementMode": {
+            "type": "string",
+            "allowedValues": [
+                "Default",
+                "DoNotEnforce"
+            ],
+            "defaultValue": "Default"
+        },
+        "nonComplianceMessagePlaceholder": {
+            "type": "string",
+            "defaultValue": "{enforcementMode}"
+        }
+    },
+    "variables": {
+        "policyDefinitions": {
+            "enforceGuardrailsBackup": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Backup-AzureChinaCloud')]"
+        },
+        "policyAssignmentNames": {
+            "enforceGuardrailsBackup": "Enforce-ASR",
+            "description": "This initiative assignment enables recommended ALZ guardrails for Azure Recovery Services.",
+            "displayName": "Enforce enhanced recovery and backup policies"
+        },
+        "nonComplianceMessage": {
+            "message": "Recommended guardrails {enforcementMode} be enforced for Azure Recovery Services (Backup and Site Recovery).",
+            "Default": "must",
+            "DoNotEnforce": "should"
+        }
+    },
+    "resources": [
+        {
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[variables('policyAssignmentNames').enforceGuardrailsBackup]",
+            "properties": {
+                "description": "[variables('policyAssignmentNames').description]",
+                "displayName": "[variables('policyAssignmentNames').displayName]",
+                "policyDefinitionId": "[variables('policyDefinitions').enforceGuardrailsBackup]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "nonComplianceMessages": [
+                    {
+                        "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]"
+                    }
+                ]
+            }
+        }
+    ],
+    "outputs": {}
+}
diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-GuardrailsKeyVaultPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-GuardrailsKeyVaultPolicyAssignment.json
new file mode 100644
index 0000000000..b64a1b9397
--- /dev/null
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-GuardrailsKeyVaultPolicyAssignment.json
@@ -0,0 +1,53 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "topLevelManagementGroupPrefix": {
+            "type": "string",
+            "metadata": {
+                "description": "Provide the ESLZ company prefix to the intermediate root management group containing the policy definitions."
+            }
+        },
+        "enforcementMode": {
+            "type": "string",
+            "allowedValues": [
+                "Default",
+                "DoNotEnforce"
+            ],
+            "defaultValue": "Default"
+        },
+        "nonComplianceMessagePlaceholder": {
+            "type": "string",
+            "defaultValue": "{enforcementMode}"
+        }
+    },
+    "variables": {
+        "policyDefinitions": {
+            "enforceGuardrailsKeyVault": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-AzureChinaCloud')]"
+        },
+        "policyAssignmentNames": {
+            "enforceGuardrailsKeyVault": "Enforce-GR-KeyVault",
+            "description": "This initiative assignment enables recommended ALZ guardrails for Azure Key Vault.",
+            "displayName": "Enforce recommended guardrails for Azure Key Vault"
+        },
+        "nonComplianceMessage": {
+            "message": "Recommended guardrails {enforcementMode} be enforced for Azure Key Vault.",
+            "Default": "must",
+            "DoNotEnforce": "should"
+        }
+    },
+    "resources": [
+        {
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[variables('policyAssignmentNames').enforceGuardrailsKeyVault]",
+            "properties": {
+                "description": "[variables('policyAssignmentNames').description]",
+                "displayName": "[variables('policyAssignmentNames').displayName]",
+                "policyDefinitionId": "[variables('policyDefinitions').enforceGuardrailsKeyVault]",
+                "enforcementMode": "[parameters('enforcementMode')]"
+            }
+        }
+    ],
+    "outputs": {}
+}
diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-RegulatoryCompliancePolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-RegulatoryCompliancePolicyAssignment.json
new file mode 100644
index 0000000000..ec61d1e5d2
--- /dev/null
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-RegulatoryCompliancePolicyAssignment.json
@@ -0,0 +1,4357 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "topLevelManagementGroupPrefix": {
+            "type": "string",
+            "metadata": {
+                "description": "Provide the ESLZ company prefix to the intermediate root management group containing the policy definitions."
+            }
+        },
+        "policySetDefinitionId": {
+            "type": "string",
+            "metadata": {
+                "description": "Resource ID of the Policy Initative (Set Definition)"
+            }
+        },
+        "policySetDefinitionDisplayName": {
+            "type": "string",
+            "metadata": {
+                "description": "The Display Name for the Policy Initative (Set Definition)"
+            }
+        },
+        "policySetDefinitionDescription": {
+            "type": "string",
+            "metadata": {
+                "description": "The Description for the Policy Initative (Set Definition)"
+            }
+        },
+        "policyAssignmentName": {
+            "type": "string",
+            "metadata": {
+                "description": "The name for the Policy Assignment"
+            }
+        },
+        "enforcementMode": {
+            "type": "string",
+            "allowedValues": [
+                "Default",
+                "DoNotEnforce"
+            ],
+            "defaultValue": "Default"
+        },
+        "logAnalyticsWorkspaceId": {
+            "type": "string",
+            "defaultValue": "",
+            "metadata": {
+                "description": "The Resource ID of the Log Analytics Workspace"
+            }
+        },
+        "regCompPolParAusGovIsmRestrictedVmAdminsExclude": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParAusGovIsmRestrictedResourceTypes": {
+            "type": "string",
+            "defaultValue": "all"
+        },
+        "regCompPolParMPAACertificateThumb": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParMPAAApplicationName": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParMPAAStoragePrefix": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParMPAAResGroupPrefix": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParMPAARBatchMetricName": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParSovBaseConfRegions": {
+            "type": "array",
+            "defaultValue": []
+        },
+        "regCompPolParSovBaseGlobalRegions": {
+            "type": "array",
+            "defaultValue": []
+        },
+        "regCompPolParSwift2020VmAdminsInclude": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParSwift2020DomainFqdn": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParCanadaFedPbmmVmAdminsInclude": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParCanadaFedPbmmVmAdminsExclude": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParCisV2KeyVaultKeysRotateDays": {
+            "type": "int",
+            "defaultValue": 90
+        },
+        "regCompPolParCmmcL3VmAdminsInclude": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParCmmcL3VmAdminsExclude": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParHitrustHipaaApplicationName": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParHitrustHipaaStoragePrefix": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParHitrustHipaaResGroupPrefix": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParHitrustHipaaCertificateThumb": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParIrs1075Sep2016VmAdminsExclude": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParIrs1075Sep2016VmAdminsInclude": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParNZIsmRestrictedVmAdminsInclude": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParNZIsmRestrictedVmAdminsExclude": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParNistSp800171R2VmAdminsExclude": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParNistSp800171R2VmAdminsInclude": {
+            "type": "string",
+            "defaultValue": ""
+        },
+        "regCompPolParSoc2Type2AllowedRegistries": {
+            "type": "string",
+            "defaultValue": "^[^\\/]+\\.azurecr\\.io\\/.+$"
+        },
+        "regCompPolParSoc2Type2MaxCpuUnits": {
+            "type": "string",
+            "defaultValue": "200m"
+        },
+        "regCompPolParSoc2Type2MaxMemoryBytes": {
+            "type": "string",
+            "defaultValue": "1Gi"
+        }
+    },
+    "variables": {
+        "rbacContributor": "b24988ac-6180-42a0-ab88-20f7382dd24c",
+        "roleAssignmentNames": {
+            "deployRoles": "[guid(concat(parameters('topLevelManagementGroupPrefix'), parameters('policyAssignmentName')))]"
+        },
+        "knownPolicyInitativeDefinitionIdsThatRequireParamaeters": [
+            "/providers/Microsoft.Authorization/policySetDefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077",
+            "/providers/Microsoft.Authorization/policySetDefinitions/92646f03-e39d-47a9-9e24-58d60ef49af8",
+            "/providers/Microsoft.Authorization/policySetDefinitions/03de05a4-c324-4ccd-882f-a814ea8ab9ea",
+            "/providers/Microsoft.Authorization/policySetDefinitions/c1cbff38-87c0-4b9f-9f70-035c7a3b5523",
+            "/providers/Microsoft.Authorization/policySetDefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22",
+            "/providers/Microsoft.Authorization/policySetDefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87",
+            "/providers/Microsoft.Authorization/policySetDefinitions/06f19060-9e68-4070-92ca-f15cc126059e",
+            "/providers/Microsoft.Authorization/policySetDefinitions/b5629c75-5c77-4422-87b9-2509e680f8de",
+            "/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab",
+            "/providers/Microsoft.Authorization/policySetDefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d",
+            "/providers/Microsoft.Authorization/policySetDefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a",
+            "/providers/Microsoft.Authorization/policySetDefinitions/03055927-78bd-4236-86c0-f36125a10dc9",
+            "/providers/Microsoft.Authorization/policySetDefinitions/4054785f-702b-4a98-9215-009cbd58b141"
+        ],
+        "allResourceTypes": [
+            "Microsoft.Security/operations",
+            "Microsoft.Security/securityStatuses",
+            "Microsoft.Security/tasks",
+            "Microsoft.Security/secureScores",
+            "Microsoft.Security/secureScores/secureScoreControls",
+            "Microsoft.Security/secureScoreControls",
+            "Microsoft.Security/secureScoreControlDefinitions",
+            "Microsoft.Security/connectors",
+            "Microsoft.Security/regulatoryComplianceStandards",
+            "Microsoft.Security/regulatoryComplianceStandards/regulatoryComplianceControls",
+            "Microsoft.Security/regulatoryComplianceStandards/regulatoryComplianceControls/regulatoryComplianceAssessments",
+            "Microsoft.Security/alerts",
+            "Microsoft.Security/alertsSuppressionRules",
+            "Microsoft.Security/autoDismissAlertsRules",
+            "Microsoft.Security/dataCollectionAgents",
+            "Microsoft.Security/pricings",
+            "Microsoft.Security/pricings/securityOperators",
+            "Microsoft.Security/AutoProvisioningSettings",
+            "Microsoft.Security/MdeOnboardings",
+            "Microsoft.Security/vmScanners",
+            "Microsoft.Security/Compliances",
+            "Microsoft.Security/securityContacts",
+            "Microsoft.Security/workspaceSettings",
+            "Microsoft.Security/complianceResults",
+            "Microsoft.Security/policies",
+            "Microsoft.Security/assessments",
+            "Microsoft.Security/governanceRules",
+            "Microsoft.Security/assessments/governanceAssignments",
+            "Microsoft.Security/assessmentMetadata",
+            "Microsoft.Security/subAssessments",
+            "Microsoft.Security/securitySolutions",
+            "Microsoft.Security/locations/securitySolutions",
+            "Microsoft.Security/discoveredSecuritySolutions",
+            "Microsoft.Security/locations/discoveredSecuritySolutions",
+            "Microsoft.Security/allowedConnections",
+            "Microsoft.Security/locations/allowedConnections",
+            "Microsoft.Security/topologies",
+            "Microsoft.Security/locations/topologies",
+            "Microsoft.Security/securitySolutionsReferenceData",
+            "Microsoft.Security/locations/securitySolutionsReferenceData",
+            "Microsoft.Security/jitPolicies",
+            "Microsoft.Security/jitNetworkAccessPolicies",
+            "Microsoft.Security/locations/jitNetworkAccessPolicies",
+            "Microsoft.Security/locations",
+            "Microsoft.Security/securityStatusesSummaries",
+            "Microsoft.Security/applicationWhitelistings",
+            "Microsoft.Security/locations/applicationWhitelistings",
+            "Microsoft.Security/locations/alerts",
+            "Microsoft.Security/locations/tasks",
+            "Microsoft.Security/externalSecuritySolutions",
+            "Microsoft.Security/locations/externalSecuritySolutions",
+            "Microsoft.Security/InformationProtectionPolicies",
+            "Microsoft.Security/advancedThreatProtectionSettings",
+            "Microsoft.Security/sqlVulnerabilityAssessments",
+            "Microsoft.Security/deviceSecurityGroups",
+            "Microsoft.Security/iotSecuritySolutions",
+            "Microsoft.Security/iotSecuritySolutions/analyticsModels",
+            "Microsoft.Security/iotSecuritySolutions/iotAlertTypes",
+            "Microsoft.Security/iotSecuritySolutions/iotAlerts",
+            "Microsoft.Security/iotSecuritySolutions/iotRecommendationTypes",
+            "Microsoft.Security/iotSecuritySolutions/iotRecommendations",
+            "Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedAlerts",
+            "Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedRecommendations",
+            "Microsoft.Security/settings",
+            "Microsoft.Security/serverVulnerabilityAssessments",
+            "Microsoft.Security/serverVulnerabilityAssessmentsSettings",
+            "Microsoft.Security/adaptiveNetworkHardenings",
+            "Microsoft.Security/automations",
+            "Microsoft.Security/defenderForStorageSettings",
+            "Microsoft.Security/dataScanners",
+            "Microsoft.Security/securityConnectors",
+            "Microsoft.Security/securityConnectors/devops",
+            "Microsoft.Security/customRecommendations",
+            "Microsoft.Security/customAssessmentAutomations",
+            "Microsoft.Security/securityStandards",
+            "Microsoft.Security/standards",
+            "Microsoft.Security/standardAssignments",
+            "Microsoft.Security/assignments",
+            "Microsoft.Security/sensitivitySettings",
+            "Microsoft.Security/query",
+            "Microsoft.Security/applications",
+            "Microsoft.Security/apiCollections",
+            "Microsoft.Security/healthReports",
+            "Microsoft.Security/aggregations",
+            "Microsoft.Security/integrations",
+            "Microsoft.PolicyInsights/policyEvents",
+            "Microsoft.PolicyInsights/policyStates",
+            "Microsoft.PolicyInsights/operations",
+            "Microsoft.PolicyInsights/asyncOperationResults",
+            "Microsoft.PolicyInsights/remediations",
+            "Microsoft.PolicyInsights/eventGridFilters",
+            "Microsoft.PolicyInsights/checkPolicyRestrictions",
+            "Microsoft.PolicyInsights/policyTrackedResources",
+            "Microsoft.PolicyInsights/policyMetadata",
+            "Microsoft.Management/resources",
+            "Microsoft.Management/managementGroups",
+            "Microsoft.Management/getEntities",
+            "Microsoft.Management/managementGroups/settings",
+            "Microsoft.Management/checkNameAvailability",
+            "Microsoft.Management/operationResults",
+            "Microsoft.Management/operationResults/asyncOperation",
+            "Microsoft.Management/operations",
+            "Microsoft.Management/tenantBackfillStatus",
+            "Microsoft.Management/startTenantBackfill",
+            "Microsoft.Storage/storageAccounts/storageTaskAssignments",
+            "Microsoft.Storage/storageAccounts/encryptionScopes",
+            "Microsoft.Storage/deletedAccounts",
+            "Microsoft.Storage/locations/deletedAccounts",
+            "Microsoft.Storage/storageAccounts",
+            "Microsoft.Storage/storageTasks",
+            "Microsoft.Storage/operations",
+            "Microsoft.Storage/locations/asyncoperations",
+            "Microsoft.Storage/storageAccounts/listAccountSas",
+            "Microsoft.Storage/storageAccounts/listServiceSas",
+            "Microsoft.Storage/storageAccounts/blobServices",
+            "Microsoft.Storage/storageAccounts/tableServices",
+            "Microsoft.Storage/storageAccounts/queueServices",
+            "Microsoft.Storage/storageAccounts/fileServices",
+            "Microsoft.Storage/locations",
+            "Microsoft.Storage/locations/usages",
+            "Microsoft.Storage/locations/deleteVirtualNetworkOrSubnets",
+            "Microsoft.Storage/usages",
+            "Microsoft.Storage/checkNameAvailability",
+            "Microsoft.Storage/locations/checkNameAvailability",
+            "Microsoft.Storage/storageAccounts/services",
+            "Microsoft.Storage/storageAccounts/services/metricDefinitions",
+            "Microsoft.Storage/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+            "Microsoft.OperationalInsights/workspaces",
+            "Microsoft.OperationalInsights/querypacks",
+            "Microsoft.OperationalInsights/locations",
+            "Microsoft.OperationalInsights/locations/operationStatuses",
+            "Microsoft.OperationalInsights/workspaces/scopedPrivateLinkProxies",
+            "Microsoft.OperationalInsights/workspaces/api",
+            "Microsoft.OperationalInsights/workspaces/query",
+            "Microsoft.OperationalInsights/workspaces/metadata",
+            "Microsoft.OperationalInsights/workspaces/purge",
+            "Microsoft.OperationalInsights/workspaces/operations",
+            "Microsoft.OperationalInsights/workspaces/dataSources",
+            "Microsoft.OperationalInsights/workspaces/linkedStorageAccounts",
+            "Microsoft.OperationalInsights/workspaces/tables",
+            "Microsoft.OperationalInsights/workspaces/storageInsightConfigs",
+            "Microsoft.OperationalInsights/storageInsightConfigs",
+            "Microsoft.OperationalInsights/workspaces/linkedServices",
+            "Microsoft.OperationalInsights/linkTargets",
+            "Microsoft.OperationalInsights/deletedWorkspaces",
+            "Microsoft.OperationalInsights/operations",
+            "Microsoft.OperationalInsights/clusters",
+            "Microsoft.OperationalInsights/workspaces/dataExports",
+            "Microsoft.OperationalInsights/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+            "Microsoft.Automation/automationAccounts",
+            "Microsoft.Automation/deletedAutomationAccounts",
+            "Microsoft.Automation/automationAccounts/runbooks",
+            "Microsoft.Automation/automationAccounts/configurations",
+            "Microsoft.Automation/automationAccounts/webhooks",
+            "Microsoft.Automation/operations",
+            "Microsoft.Automation/automationAccounts/softwareUpdateConfigurations",
+            "Microsoft.Automation/automationAccounts/softwareUpdateConfigurationRuns",
+            "Microsoft.Automation/automationAccounts/softwareUpdateConfigurationMachineRuns",
+            "Microsoft.Automation/automationAccounts/jobs",
+            "Microsoft.Automation/automationAccounts/privateLinkResources",
+            "Microsoft.Automation/automationAccounts/privateEndpointConnections",
+            "Microsoft.Automation/automationAccounts/privateEndpointConnectionProxies",
+            "Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups",
+            "Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/hybridRunbookWorkers",
+            "Microsoft.Automation/automationAccounts/agentRegistrationInformation",
+            "Microsoft.Network/virtualNetworkGateways",
+            "Microsoft.Network/localNetworkGateways",
+            "Microsoft.Network/connections",
+            "Microsoft.Network/applicationGateways",
+            "Microsoft.Network/expressRouteCircuits",
+            "Microsoft.Network/expressRouteServiceProviders",
+            "Microsoft.Network/applicationGatewayAvailableWafRuleSets",
+            "Microsoft.Network/applicationGatewayAvailableSslOptions",
+            "Microsoft.Network/applicationGatewayAvailableServerVariables",
+            "Microsoft.Network/applicationGatewayAvailableRequestHeaders",
+            "Microsoft.Network/applicationGatewayAvailableResponseHeaders",
+            "Microsoft.Network/routeFilters",
+            "Microsoft.Network/bgpServiceCommunities",
+            "Microsoft.Network/vpnSites",
+            "Microsoft.Network/vpnServerConfigurations",
+            "Microsoft.Network/virtualHubs",
+            "Microsoft.Network/vpnGateways",
+            "Microsoft.Network/p2sVpnGateways",
+            "Microsoft.Network/expressRouteGateways",
+            "Microsoft.Network/expressRoutePortsLocations",
+            "Microsoft.Network/expressRoutePorts",
+            "Microsoft.Network/securityPartnerProviders",
+            "Microsoft.Network/azureFirewalls",
+            "Microsoft.Network/azureFirewallFqdnTags",
+            "Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies",
+            "Microsoft.Network/locations/ApplicationGatewayWafDynamicManifests",
+            "Microsoft.Network/virtualWans",
+            "Microsoft.Network/bastionHosts",
+            "Microsoft.Network/queryExpressRoutePortsBandwidth",
+            "Microsoft.Network/trafficmanagerprofiles",
+            "Microsoft.Network/trafficmanagerprofiles/heatMaps",
+            "Microsoft.Network/trafficmanagerprofiles/azureendpoints",
+            "Microsoft.Network/trafficmanagerprofiles/externalendpoints",
+            "Microsoft.Network/trafficmanagerprofiles/nestedendpoints",
+            "Microsoft.Network/checkTrafficManagerNameAvailability",
+            "Microsoft.Network/checkTrafficManagerNameAvailabilityV2",
+            "Microsoft.Network/trafficManagerUserMetricsKeys",
+            "Microsoft.Network/trafficManagerGeographicHierarchies",
+            "Microsoft.Network/expressRouteProviderPorts",
+            "Microsoft.Network/locations/hybridEdgeZone",
+            "Microsoft.Network/firewallPolicies",
+            "Microsoft.Network/ipGroups",
+            "Microsoft.Network/azureWebCategories",
+            "Microsoft.Network/locations/nfvOperations",
+            "Microsoft.Network/locations/nfvOperationResults",
+            "Microsoft.Network/virtualRouters",
+            "Microsoft.Network/networkVirtualAppliances",
+            "Microsoft.Network/networkVirtualApplianceSkus",
+            "Microsoft.Network/frontdoorOperationResults",
+            "Microsoft.Network/checkFrontdoorNameAvailability",
+            "Microsoft.Network/frontdoors",
+            "Microsoft.Network/frontdoors/frontendEndpoints",
+            "Microsoft.Network/frontdoors/frontendEndpoints/customHttpsConfiguration",
+            "Microsoft.Network/frontdoorWebApplicationFirewallPolicies",
+            "Microsoft.Network/frontdoorWebApplicationFirewallManagedRuleSets",
+            "Microsoft.Network/networkExperimentProfiles",
+            "Microsoft.Network/networkManagers",
+            "Microsoft.Network/networkManagerConnections",
+            "Microsoft.Network/networkSecurityPerimeters",
+            "Microsoft.Network/locations/perimeterAssociableResourceTypes",
+            "Microsoft.Network/locations/queryNetworkSecurityPerimeter",
+            "Microsoft.Network/virtualNetworks/listNetworkManagerEffectiveConnectivityConfigurations",
+            "Microsoft.Network/virtualNetworks/listNetworkManagerEffectiveSecurityAdminRules",
+            "Microsoft.Network/networkGroupMemberships",
+            "Microsoft.Network/locations/commitInternalAzureNetworkManagerConfiguration",
+            "Microsoft.Network/locations/internalAzureVirtualNetworkManagerOperation",
+            "Microsoft.Network/privateDnsZones",
+            "Microsoft.Network/privateDnsZones/virtualNetworkLinks",
+            "Microsoft.Network/privateDnsOperationResults",
+            "Microsoft.Network/privateDnsOperationStatuses",
+            "Microsoft.Network/privateDnsZonesInternal",
+            "Microsoft.Network/privateDnsZones/A",
+            "Microsoft.Network/privateDnsZones/AAAA",
+            "Microsoft.Network/privateDnsZones/CNAME",
+            "Microsoft.Network/privateDnsZones/PTR",
+            "Microsoft.Network/privateDnsZones/MX",
+            "Microsoft.Network/privateDnsZones/TXT",
+            "Microsoft.Network/privateDnsZones/SRV",
+            "Microsoft.Network/privateDnsZones/SOA",
+            "Microsoft.Network/privateDnsZones/all",
+            "Microsoft.Network/virtualNetworks/privateDnsZoneLinks",
+            "Microsoft.Network/dnsResolvers",
+            "Microsoft.Network/dnsResolvers/inboundEndpoints",
+            "Microsoft.Network/dnsResolvers/outboundEndpoints",
+            "Microsoft.Network/dnsForwardingRulesets",
+            "Microsoft.Network/dnsForwardingRulesets/forwardingRules",
+            "Microsoft.Network/dnsForwardingRulesets/virtualNetworkLinks",
+            "Microsoft.Network/virtualNetworks/listDnsResolvers",
+            "Microsoft.Network/virtualNetworks/listDnsForwardingRulesets",
+            "Microsoft.Network/locations/dnsResolverOperationResults",
+            "Microsoft.Network/locations/dnsResolverOperationStatuses",
+            "Microsoft.Network/locations/dnsResolverPolicyOperationResults",
+            "Microsoft.Network/locations/dnsResolverPolicyOperationStatuses",
+            "Microsoft.Network/dnszones",
+            "Microsoft.Network/dnsOperationResults",
+            "Microsoft.Network/dnsOperationStatuses",
+            "Microsoft.Network/getDnsResourceReference",
+            "Microsoft.Network/internalNotify",
+            "Microsoft.Network/dnszones/A",
+            "Microsoft.Network/dnszones/AAAA",
+            "Microsoft.Network/dnszones/CNAME",
+            "Microsoft.Network/dnszones/PTR",
+            "Microsoft.Network/dnszones/MX",
+            "Microsoft.Network/dnszones/TXT",
+            "Microsoft.Network/dnszones/SRV",
+            "Microsoft.Network/dnszones/SOA",
+            "Microsoft.Network/dnszones/NS",
+            "Microsoft.Network/dnszones/CAA",
+            "Microsoft.Network/dnszones/DS",
+            "Microsoft.Network/dnszones/TLSA",
+            "Microsoft.Network/dnszones/NAPTR",
+            "Microsoft.Network/dnszones/recordsets",
+            "Microsoft.Network/dnszones/all",
+            "Microsoft.Network/dnszones/dnssecConfigs",
+            "Microsoft.Network/virtualNetworks",
+            "Microsoft.Network/virtualNetworks/taggedTrafficConsumers",
+            "Microsoft.Network/natGateways",
+            "Microsoft.Network/publicIPAddresses",
+            "Microsoft.Network/internalPublicIpAddresses",
+            "Microsoft.Network/customIpPrefixes",
+            "Microsoft.Network/networkInterfaces",
+            "Microsoft.Network/dscpConfigurations",
+            "Microsoft.Network/privateEndpoints",
+            "Microsoft.Network/privateEndpoints/privateLinkServiceProxies",
+            "Microsoft.Network/privateEndpointRedirectMaps",
+            "Microsoft.Network/loadBalancers",
+            "Microsoft.Network/networkSecurityGroups",
+            "Microsoft.Network/applicationSecurityGroups",
+            "Microsoft.Network/serviceEndpointPolicies",
+            "Microsoft.Network/networkIntentPolicies",
+            "Microsoft.Network/routeTables",
+            "Microsoft.Network/publicIPPrefixes",
+            "Microsoft.Network/networkWatchers",
+            "Microsoft.Network/networkWatchers/connectionMonitors",
+            "Microsoft.Network/networkWatchers/flowLogs",
+            "Microsoft.Network/networkWatchers/pingMeshes",
+            "Microsoft.Network/locations",
+            "Microsoft.Network/locations/operations",
+            "Microsoft.Network/locations/operationResults",
+            "Microsoft.Network/locations/CheckDnsNameAvailability",
+            "Microsoft.Network/locations/setLoadBalancerFrontendPublicIpAddresses",
+            "Microsoft.Network/cloudServiceSlots",
+            "Microsoft.Network/locations/usages",
+            "Microsoft.Network/locations/virtualNetworkAvailableEndpointServices",
+            "Microsoft.Network/locations/availableDelegations",
+            "Microsoft.Network/locations/serviceTags",
+            "Microsoft.Network/locations/availablePrivateEndpointTypes",
+            "Microsoft.Network/locations/availableServiceAliases",
+            "Microsoft.Network/locations/checkPrivateLinkServiceVisibility",
+            "Microsoft.Network/locations/autoApprovedPrivateLinkServices",
+            "Microsoft.Network/locations/batchValidatePrivateEndpointsForResourceMove",
+            "Microsoft.Network/locations/batchNotifyPrivateEndpointsForResourceMove",
+            "Microsoft.Network/locations/supportedVirtualMachineSizes",
+            "Microsoft.Network/locations/setAzureNetworkManagerConfiguration",
+            "Microsoft.Network/locations/publishResources",
+            "Microsoft.Network/locations/getAzureNetworkManagerConfiguration",
+            "Microsoft.Network/locations/checkAcceleratedNetworkingSupport",
+            "Microsoft.Network/locations/validateResourceOwnership",
+            "Microsoft.Network/locations/setResourceOwnership",
+            "Microsoft.Network/locations/effectiveResourceOwnership",
+            "Microsoft.Network/operations",
+            "Microsoft.Network/virtualNetworkTaps",
+            "Microsoft.Network/privateLinkServices",
+            "Microsoft.Network/locations/privateLinkServices",
+            "Microsoft.Network/ddosProtectionPlans",
+            "Microsoft.Network/networkProfiles",
+            "Microsoft.Network/locations/bareMetalTenants",
+            "Microsoft.Network/ipAllocations",
+            "Microsoft.Network/locations/serviceTagDetails",
+            "Microsoft.Network/locations/dataTasks",
+            "Microsoft.Network/locations/startPacketTagging",
+            "Microsoft.Network/locations/deletePacketTagging",
+            "Microsoft.Network/locations/getPacketTagging",
+            "Microsoft.Network/locations/rnmEffectiveRouteTable",
+            "Microsoft.Network/locations/rnmEffectiveNetworkSecurityGroups",
+            "Microsoft.Compute/availabilitySets",
+            "Microsoft.Compute/virtualMachines",
+            "Microsoft.Compute/virtualMachines/extensions",
+            "Microsoft.Compute/virtualMachineScaleSets",
+            "Microsoft.Compute/virtualMachineScaleSets/extensions",
+            "Microsoft.Compute/virtualMachineScaleSets/virtualMachines",
+            "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/extensions",
+            "Microsoft.Compute/virtualMachineScaleSets/networkInterfaces",
+            "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces",
+            "Microsoft.Compute/virtualMachineScaleSets/publicIPAddresses",
+            "Microsoft.Compute/locations",
+            "Microsoft.Compute/locations/operations",
+            "Microsoft.Compute/locations/vmSizes",
+            "Microsoft.Compute/locations/runCommands",
+            "Microsoft.Compute/locations/virtualMachines",
+            "Microsoft.Compute/locations/virtualMachineScaleSets",
+            "Microsoft.Compute/locations/publishers",
+            "Microsoft.Compute/operations",
+            "Microsoft.Compute/virtualMachines/runCommands",
+            "Microsoft.Compute/virtualMachineScaleSets/applications",
+            "Microsoft.Compute/virtualMachines/VMApplications",
+            "Microsoft.Compute/locations/edgeZones",
+            "Microsoft.Compute/locations/edgeZones/vmimages",
+            "Microsoft.Compute/locations/edgeZones/publishers",
+            "Microsoft.Compute/restorePointCollections",
+            "Microsoft.Compute/restorePointCollections/restorePoints",
+            "Microsoft.Compute/proximityPlacementGroups",
+            "Microsoft.Compute/sshPublicKeys",
+            "Microsoft.Compute/capacityReservationGroups",
+            "Microsoft.Compute/capacityReservationGroups/capacityReservations",
+            "Microsoft.Compute/virtualMachines/metricDefinitions",
+            "Microsoft.Compute/locations/spotEvictionRates",
+            "Microsoft.Compute/locations/spotPriceHistory",
+            "Microsoft.Compute/locations/recommendations",
+            "Microsoft.Compute/locations/sharedGalleries",
+            "Microsoft.Compute/locations/communityGalleries",
+            "Microsoft.Compute/sharedVMImages",
+            "Microsoft.Compute/sharedVMImages/versions",
+            "Microsoft.Compute/locations/artifactPublishers",
+            "Microsoft.Compute/locations/capsoperations",
+            "Microsoft.Compute/galleries",
+            "Microsoft.Compute/galleries/images",
+            "Microsoft.Compute/galleries/images/versions",
+            "Microsoft.Compute/locations/galleries",
+            "Microsoft.Compute/payloadGroups",
+            "Microsoft.Compute/galleries/applications",
+            "Microsoft.Compute/galleries/applications/versions",
+            "Microsoft.Compute/disks",
+            "Microsoft.Compute/snapshots",
+            "Microsoft.Compute/locations/diskoperations",
+            "Microsoft.Compute/diskEncryptionSets",
+            "Microsoft.Compute/diskAccesses",
+            "Microsoft.Compute/restorePointCollections/restorePoints/diskRestorePoints",
+            "Microsoft.Compute/virtualMachineScaleSets/disks",
+            "Microsoft.Compute/cloudServices",
+            "Microsoft.Compute/cloudServices/roles",
+            "Microsoft.Compute/cloudServices/roleInstances",
+            "Microsoft.Compute/locations/csoperations",
+            "Microsoft.Compute/locations/cloudServiceOsVersions",
+            "Microsoft.Compute/locations/cloudServiceOsFamilies",
+            "Microsoft.Compute/cloudServices/networkInterfaces",
+            "Microsoft.Compute/cloudServices/roleInstances/networkInterfaces",
+            "Microsoft.Compute/cloudServices/publicIPAddresses",
+            "Microsoft.Compute/locations/usages",
+            "Microsoft.Compute/images",
+            "Microsoft.Compute/locations/diagnostics",
+            "Microsoft.Compute/locations/diagnosticOperations",
+            "Microsoft.Compute/locations/logAnalytics",
+            "Microsoft.Compute/hostGroups",
+            "Microsoft.Compute/hostGroups/hosts",
+            "Microsoft.ResourceHealth/availabilityStatuses",
+            "Microsoft.ResourceHealth/childAvailabilityStatuses",
+            "Microsoft.ResourceHealth/childResources",
+            "Microsoft.ResourceHealth/events",
+            "Microsoft.ResourceHealth/metadata",
+            "Microsoft.ResourceHealth/emergingissues",
+            "Microsoft.ResourceHealth/operations",
+            "microsoft.insights/components",
+            "microsoft.insights/components/query",
+            "microsoft.insights/components/metadata",
+            "microsoft.insights/components/metrics",
+            "microsoft.insights/components/events",
+            "microsoft.insights/components/syntheticmonitorlocations",
+            "microsoft.insights/components/analyticsItems",
+            "microsoft.insights/components/webtests",
+            "microsoft.insights/components/workItemConfigs",
+            "microsoft.insights/components/myFavorites",
+            "microsoft.insights/components/operations",
+            "microsoft.insights/components/exportConfiguration",
+            "microsoft.insights/components/purge",
+            "microsoft.insights/components/api",
+            "microsoft.insights/components/aggregate",
+            "microsoft.insights/components/metricDefinitions",
+            "microsoft.insights/components/extendQueries",
+            "microsoft.insights/components/apiKeys",
+            "microsoft.insights/components/myAnalyticsItems",
+            "microsoft.insights/components/favorites",
+            "microsoft.insights/components/defaultWorkItemConfig",
+            "microsoft.insights/components/annotations",
+            "microsoft.insights/components/proactiveDetectionConfigs",
+            "microsoft.insights/components/move",
+            "microsoft.insights/components/currentBillingFeatures",
+            "microsoft.insights/components/quotaStatus",
+            "microsoft.insights/components/featureCapabilities",
+            "microsoft.insights/components/getAvailableBillingFeatures",
+            "microsoft.insights/webtests",
+            "microsoft.insights/webtests/getTestResultFile",
+            "microsoft.insights/scheduledqueryrules",
+            "microsoft.insights/components/pricingPlans",
+            "microsoft.insights/migrateToNewPricingModel",
+            "microsoft.insights/rollbackToLegacyPricingModel",
+            "microsoft.insights/listMigrationdate",
+            "microsoft.insights/logprofiles",
+            "microsoft.insights/migratealertrules",
+            "microsoft.insights/metricalerts",
+            "microsoft.insights/alertrules",
+            "microsoft.insights/autoscalesettings",
+            "microsoft.insights/eventtypes",
+            "microsoft.insights/locations",
+            "microsoft.insights/locations/operationResults",
+            "microsoft.insights/vmInsightsOnboardingStatuses",
+            "microsoft.insights/operations",
+            "microsoft.insights/diagnosticSettings",
+            "microsoft.insights/diagnosticSettingsCategories",
+            "microsoft.insights/extendedDiagnosticSettings",
+            "microsoft.insights/metricDefinitions",
+            "microsoft.insights/logDefinitions",
+            "microsoft.insights/eventCategories",
+            "microsoft.insights/metrics",
+            "microsoft.insights/metricbatch",
+            "microsoft.insights/metricNamespaces",
+            "microsoft.insights/notificationstatus",
+            "microsoft.insights/createnotifications",
+            "microsoft.insights/tenantactiongroups",
+            "microsoft.insights/actiongroups",
+            "microsoft.insights/activityLogAlerts",
+            "microsoft.insights/metricbaselines",
+            "microsoft.insights/workbooks",
+            "microsoft.insights/workbooktemplates",
+            "microsoft.insights/myWorkbooks",
+            "microsoft.insights/logs",
+            "microsoft.insights/transactions",
+            "microsoft.insights/topology",
+            "microsoft.insights/generateLiveToken",
+            "microsoft.insights/monitoredObjects",
+            "microsoft.insights/dataCollectionRules",
+            "microsoft.insights/dataCollectionRuleAssociations",
+            "microsoft.insights/dataCollectionEndpoints",
+            "microsoft.insights/dataCollectionEndpoints/scopedPrivateLinkProxies",
+            "microsoft.insights/privateLinkScopes",
+            "microsoft.insights/privateLinkScopes/privateEndpointConnections",
+            "microsoft.insights/privateLinkScopes/privateEndpointConnectionProxies",
+            "microsoft.insights/privateLinkScopes/scopedResources",
+            "microsoft.insights/components/linkedstorageaccounts",
+            "microsoft.insights/privateLinkScopeOperationStatuses",
+            "microsoft.insights/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+            "Microsoft.ManagedServices/registrationDefinitions",
+            "Microsoft.ManagedServices/registrationAssignments",
+            "Microsoft.ManagedServices/operations",
+            "Microsoft.ManagedServices/marketplaceRegistrationDefinitions",
+            "Microsoft.ManagedServices/operationStatuses",
+            "Microsoft.HDInsight/clusters",
+            "Microsoft.HDInsight/clusters/applications",
+            "Microsoft.HDInsight/clusters/operationresults",
+            "Microsoft.HDInsight/locations",
+            "Microsoft.HDInsight/locations/capabilities",
+            "Microsoft.HDInsight/locations/usages",
+            "Microsoft.HDInsight/locations/billingSpecs",
+            "Microsoft.HDInsight/locations/operationresults",
+            "Microsoft.HDInsight/locations/azureasyncoperations",
+            "Microsoft.HDInsight/locations/validateCreateRequest",
+            "Microsoft.HDInsight/operations",
+            "Microsoft.HDInsight/locations/operationStatuses",
+            "Microsoft.HDInsight/clusterPools",
+            "Microsoft.HDInsight/clusterPools/clusters",
+            "Microsoft.HDInsight/locations/clusterOfferingVersions",
+            "Microsoft.HDInsight/locations/availableClusterPoolVersions",
+            "Microsoft.HDInsight/locations/availableClusterVersions",
+            "Microsoft.HDInsight/locations/checkNameAvailability",
+            "Microsoft.HDInsight/clusterPools/clusters/serviceConfigs",
+            "Microsoft.HDInsight/clusterPools/clusters/instanceViews",
+            "Microsoft.HDInsight/clusterPools/clusters/jobs",
+            "Microsoft.AlertsManagement/alerts",
+            "Microsoft.AlertsManagement/alertsSummary",
+            "Microsoft.AlertsManagement/smartGroups",
+            "Microsoft.AlertsManagement/smartDetectorAlertRules",
+            "Microsoft.AlertsManagement/migrateFromSmartDetection",
+            "Microsoft.AlertsManagement/actionRules",
+            "Microsoft.AlertsManagement/alertsMetaData",
+            "Microsoft.AlertsManagement/prometheusRuleGroups",
+            "Microsoft.AlertsManagement/operations",
+            "Microsoft.AlertsManagement/alertRuleRecommendations",
+            "Microsoft.AlertsManagement/tenantActivityLogAlerts",
+            "Microsoft.AlertsManagement/investigations",
+            "Microsoft.OperationsManagement/solutions",
+            "Microsoft.OperationsManagement/managementassociations",
+            "Microsoft.OperationsManagement/views",
+            "Microsoft.OperationsManagement/operations",
+            "Microsoft.KeyVault/vaults",
+            "Microsoft.KeyVault/vaults/secrets",
+            "Microsoft.KeyVault/vaults/accessPolicies",
+            "Microsoft.KeyVault/operations",
+            "Microsoft.KeyVault/checkNameAvailability",
+            "Microsoft.KeyVault/deletedVaults",
+            "Microsoft.KeyVault/locations",
+            "Microsoft.KeyVault/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+            "Microsoft.KeyVault/locations/deletedVaults",
+            "Microsoft.KeyVault/locations/deleteVirtualNetworkOrSubnets",
+            "Microsoft.KeyVault/locations/operationResults",
+            "Microsoft.KeyVault/vaults/eventGridFilters",
+            "Microsoft.KeyVault/managedHSMs",
+            "Microsoft.KeyVault/deletedManagedHSMs",
+            "Microsoft.KeyVault/locations/deletedManagedHSMs",
+            "Microsoft.KeyVault/locations/managedHsmOperationResults",
+            "Microsoft.KeyVault/managedHSMs/keys",
+            "Microsoft.KeyVault/managedHSMs/keys/versions",
+            "Microsoft.KeyVault/checkMhsmNameAvailability",
+            "Microsoft.KeyVault/vaults/keys",
+            "Microsoft.KeyVault/vaults/keys/versions",
+            "Microsoft.ContainerService/ManagedClusters/eventGridFilters",
+            "Microsoft.ContainerService/fleetMemberships",
+            "Microsoft.ContainerService/fleets",
+            "Microsoft.ContainerService/fleets/members",
+            "Microsoft.ContainerService/fleets/updateRuns",
+            "Microsoft.ContainerService/fleets/updateStrategies",
+            "Microsoft.ContainerService/locations",
+            "Microsoft.ContainerService/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+            "Microsoft.ContainerService/locations/operationresults",
+            "Microsoft.ContainerService/locations/operations",
+            "Microsoft.ContainerService/locations/orchestrators",
+            "Microsoft.ContainerService/locations/kubernetesVersions",
+            "Microsoft.ContainerService/locations/usages",
+            "Microsoft.ContainerService/locations/osOptions",
+            "Microsoft.ContainerService/locations/guardrailsVersions",
+            "Microsoft.ContainerService/locations/trustedAccessRoles",
+            "Microsoft.ContainerService/managedClusters",
+            "Microsoft.ContainerService/managedclustersnapshots",
+            "Microsoft.ContainerService/operations",
+            "Microsoft.ContainerService/snapshots",
+            "Microsoft.DesktopVirtualization/workspaces",
+            "Microsoft.DesktopVirtualization/applicationgroups",
+            "Microsoft.DesktopVirtualization/applicationgroups/applications",
+            "Microsoft.DesktopVirtualization/applicationgroups/desktops",
+            "Microsoft.DesktopVirtualization/applicationgroups/startmenuitems",
+            "Microsoft.DesktopVirtualization/hostpools",
+            "Microsoft.DesktopVirtualization/hostpools/msixpackages",
+            "Microsoft.DesktopVirtualization/hostpools/sessionhosts",
+            "Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions",
+            "Microsoft.DesktopVirtualization/hostpools/usersessions",
+            "Microsoft.DesktopVirtualization/scalingplans",
+            "Microsoft.DesktopVirtualization/appattachpackages",
+            "Microsoft.DesktopVirtualization/operations",
+            "Microsoft.SecurityInsights/operations",
+            "Microsoft.SecurityInsights/alertRules",
+            "Microsoft.SecurityInsights/alertRuleTemplates",
+            "Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns",
+            "Microsoft.SecurityInsights/cases",
+            "Microsoft.SecurityInsights/bookmarks",
+            "Microsoft.SecurityInsights/dataConnectors",
+            "Microsoft.SecurityInsights/dataConnectorDefinitions",
+            "Microsoft.SecurityInsights/dataConnectorsCheckRequirements",
+            "Microsoft.SecurityInsights/enrichment",
+            "Microsoft.SecurityInsights/fileImports",
+            "Microsoft.SecurityInsights/entities",
+            "Microsoft.SecurityInsights/incidents",
+            "Microsoft.SecurityInsights/officeConsents",
+            "Microsoft.SecurityInsights/settings",
+            "Microsoft.SecurityInsights/aggregations",
+            "Microsoft.SecurityInsights/entityQueries",
+            "Microsoft.SecurityInsights/entityQueryTemplates",
+            "Microsoft.SecurityInsights/threatIntelligence",
+            "Microsoft.SecurityInsights/automationRules",
+            "Microsoft.SecurityInsights/sourceControls",
+            "Microsoft.SecurityInsights/exportConnections",
+            "Microsoft.SecurityInsights/listrepositories",
+            "Microsoft.SecurityInsights/watchlists",
+            "Microsoft.SecurityInsights/confidentialWatchlists",
+            "Microsoft.SecurityInsights/huntsessions",
+            "Microsoft.SecurityInsights/dynamicSummaries",
+            "Microsoft.SecurityInsights/hunts",
+            "Microsoft.SecurityInsights/onboardingStates",
+            "Microsoft.SecurityInsights/metadata",
+            "Microsoft.SecurityInsights/contentPackages",
+            "Microsoft.SecurityInsights/contentTemplates",
+            "Microsoft.SecurityInsights/contentProductPackages",
+            "Microsoft.SecurityInsights/contentProductTemplates",
+            "Microsoft.SecurityInsights/MitreCoverageRecords",
+            "Microsoft.SecurityInsights/overview",
+            "Microsoft.SecurityInsights/recommendations",
+            "Microsoft.SecurityInsights/billingStatistics",
+            "Microsoft.SecurityInsights/workspaceManagerConfigurations",
+            "Microsoft.SecurityInsights/workspaceManagerMembers",
+            "Microsoft.SecurityInsights/workspaceManagerGroups",
+            "Microsoft.SecurityInsights/workspaceManagerAssignments",
+            "Microsoft.SecurityInsights/securityMLAnalyticsSettings",
+            "Microsoft.SecurityInsights/contenttranslators",
+            "Microsoft.ServiceFabric/clusters",
+            "Microsoft.ServiceFabric/clusters/applications",
+            "Microsoft.ServiceFabric/clusters/applicationTypes",
+            "Microsoft.ServiceFabric/clusters/applicationTypes/versions",
+            "Microsoft.ServiceFabric/clusters/applications/services",
+            "Microsoft.ServiceFabric/locations",
+            "Microsoft.ServiceFabric/locations/clusterVersions",
+            "Microsoft.ServiceFabric/locations/environments",
+            "Microsoft.ServiceFabric/locations/operations",
+            "Microsoft.ServiceFabric/locations/operationResults",
+            "Microsoft.ServiceFabric/locations/unsupportedVMSizes",
+            "Microsoft.ServiceFabric/operations",
+            "Microsoft.ServiceFabric/managedclusters",
+            "Microsoft.ServiceFabric/managedclusters/nodetypes",
+            "Microsoft.ServiceFabric/managedclusters/applicationTypes",
+            "Microsoft.ServiceFabric/managedclusters/applicationTypes/versions",
+            "Microsoft.ServiceFabric/managedclusters/applications",
+            "Microsoft.ServiceFabric/managedclusters/applications/services",
+            "Microsoft.ServiceFabric/locations/managedClusterOperations",
+            "Microsoft.ServiceFabric/locations/managedClusterOperationResults",
+            "Microsoft.ServiceFabric/locations/managedClusterVersions",
+            "Microsoft.ServiceFabric/locations/environments/managedClusterVersions",
+            "Microsoft.ServiceFabric/locations/managedUnsupportedVMSizes",
+            "Microsoft.PowerBIDedicated/capacities",
+            "Microsoft.PowerBIDedicated/autoScaleVCores",
+            "Microsoft.PowerBIDedicated/locations",
+            "Microsoft.PowerBIDedicated/locations/checkNameAvailability",
+            "Microsoft.PowerBIDedicated/locations/operationresults",
+            "Microsoft.PowerBIDedicated/locations/operationstatuses",
+            "Microsoft.PowerBIDedicated/operations",
+            "Microsoft.Logic/workflows",
+            "Microsoft.Logic/locations/workflows",
+            "Microsoft.Logic/locations/validateWorkflowExport",
+            "Microsoft.Logic/locations/workflowExport",
+            "Microsoft.Logic/locations",
+            "Microsoft.Logic/operations",
+            "Microsoft.Logic/integrationAccounts",
+            "Microsoft.Logic/integrationServiceEnvironments",
+            "Microsoft.Logic/integrationServiceEnvironments/managedApis",
+            "Microsoft.Logic/locations/generateCopilotResponse",
+            "Microsoft.MachineLearningServices/workspaces/batchEndpoints",
+            "Microsoft.MachineLearningServices/workspaces/batchEndpoints/deployments",
+            "Microsoft.MachineLearningServices/workspaces",
+            "Microsoft.MachineLearningServices/registries",
+            "Microsoft.MachineLearningServices/locations/registryOperationsStatus",
+            "Microsoft.MachineLearningServices/workspaces/onlineEndpoints",
+            "Microsoft.MachineLearningServices/workspaces/onlineEndpoints/deployments",
+            "Microsoft.MachineLearningServices/workspaces/onlineEndpoints/deployments/skus",
+            "Microsoft.MachineLearningServices/workspaces/computes",
+            "Microsoft.MachineLearningServices/workspaces/jobs",
+            "Microsoft.MachineLearningServices/workspaces/codes",
+            "Microsoft.MachineLearningServices/workspaces/codes/versions",
+            "Microsoft.MachineLearningServices/workspaces/components",
+            "Microsoft.MachineLearningServices/workspaces/components/versions",
+            "Microsoft.MachineLearningServices/workspaces/environments",
+            "Microsoft.MachineLearningServices/workspaces/environments/versions",
+            "Microsoft.MachineLearningServices/workspaces/data",
+            "Microsoft.MachineLearningServices/workspaces/data/versions",
+            "Microsoft.MachineLearningServices/workspaces/datasets",
+            "Microsoft.MachineLearningServices/workspaces/services",
+            "Microsoft.MachineLearningServices/workspaces/datastores",
+            "Microsoft.MachineLearningServices/workspaces/eventGridFilters",
+            "Microsoft.MachineLearningServices/workspaces/models",
+            "Microsoft.MachineLearningServices/workspaces/models/versions",
+            "Microsoft.MachineLearningServices/operations",
+            "Microsoft.MachineLearningServices/locations",
+            "Microsoft.MachineLearningServices/locations/computeOperationsStatus",
+            "Microsoft.MachineLearningServices/locations/mfeOperationResults",
+            "Microsoft.MachineLearningServices/locations/mfeOperationsStatus",
+            "Microsoft.MachineLearningServices/locations/workspaceOperationsStatus",
+            "Microsoft.MachineLearningServices/locations/usages",
+            "Microsoft.MachineLearningServices/locations/vmsizes",
+            "Microsoft.MachineLearningServices/locations/quotas",
+            "Microsoft.MachineLearningServices/locations/updatequotas",
+            "Microsoft.MachineLearningServices/workspaces/linkedServices",
+            "Microsoft.MachineLearningServices/workspaces/labelingJobs",
+            "Microsoft.MachineLearningServices/workspaces/schedules",
+            "Microsoft.MachineLearningServices/workspaces/featuresets",
+            "Microsoft.MachineLearningServices/workspaces/serverlessEndpoints",
+            "Microsoft.MachineLearningServices/workspaces/marketplaceSubscriptions",
+            "Microsoft.MachineLearningServices/workspaces/inferencePools",
+            "Microsoft.MachineLearningServices/workspaces/inferencePools/groups",
+            "Microsoft.MachineLearningServices/workspaces/inferencePools/endpoints",
+            "Microsoft.MachineLearningServices/workspaces/featuresets/versions",
+            "Microsoft.MachineLearningServices/workspaces/featurestoreEntities",
+            "Microsoft.MachineLearningServices/workspaces/featurestoreEntities/versions",
+            "Microsoft.MachineLearningServices/workspaces/endpoints",
+            "Microsoft.MachineLearningServices/registries/codes",
+            "Microsoft.MachineLearningServices/registries/codes/versions",
+            "Microsoft.MachineLearningServices/registries/components",
+            "Microsoft.MachineLearningServices/registries/components/versions",
+            "Microsoft.MachineLearningServices/registries/data",
+            "Microsoft.MachineLearningServices/registries/data/versions",
+            "Microsoft.MachineLearningServices/registries/datareferences",
+            "Microsoft.MachineLearningServices/registries/datareferences/versions",
+            "Microsoft.MachineLearningServices/registries/environments",
+            "Microsoft.MachineLearningServices/registries/environments/versions",
+            "Microsoft.MachineLearningServices/registries/models",
+            "Microsoft.MachineLearningServices/registries/models/versions",
+            "Microsoft.MachineLearningServices/capacityReservationGroups",
+            "Microsoft.ContainerInstance/containerGroups",
+            "Microsoft.ContainerInstance/serviceAssociationLinks",
+            "Microsoft.ContainerInstance/locations",
+            "Microsoft.ContainerInstance/locations/capabilities",
+            "Microsoft.ContainerInstance/locations/usages",
+            "Microsoft.ContainerInstance/locations/operations",
+            "Microsoft.ContainerInstance/locations/operationresults",
+            "Microsoft.ContainerInstance/operations",
+            "Microsoft.ContainerInstance/locations/cachedImages",
+            "Microsoft.ContainerInstance/locations/validateDeleteVirtualNetworkOrSubnets",
+            "Microsoft.ContainerInstance/locations/deleteVirtualNetworkOrSubnets",
+            "Microsoft.ManagedIdentity/Identities",
+            "Microsoft.ManagedIdentity/userAssignedIdentities",
+            "Microsoft.ManagedIdentity/operations",
+            "Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials",
+            "Microsoft.Cdn/profiles",
+            "Microsoft.Cdn/profiles/endpoints",
+            "Microsoft.Cdn/profiles/endpoints/origins",
+            "Microsoft.Cdn/profiles/endpoints/origingroups",
+            "Microsoft.Cdn/profiles/endpoints/customdomains",
+            "Microsoft.Cdn/operationresults",
+            "Microsoft.Cdn/operationresults/profileresults",
+            "Microsoft.Cdn/operationresults/profileresults/endpointresults",
+            "Microsoft.Cdn/operationresults/profileresults/endpointresults/originresults",
+            "Microsoft.Cdn/operationresults/profileresults/endpointresults/origingroupresults",
+            "Microsoft.Cdn/operationresults/profileresults/endpointresults/customdomainresults",
+            "Microsoft.Cdn/checkNameAvailability",
+            "Microsoft.Cdn/checkEndpointNameAvailability",
+            "Microsoft.Cdn/checkResourceUsage",
+            "Microsoft.Cdn/validateProbe",
+            "Microsoft.Cdn/canMigrate",
+            "Microsoft.Cdn/migrate",
+            "Microsoft.Cdn/operations",
+            "Microsoft.Cdn/edgenodes",
+            "Microsoft.Cdn/CdnWebApplicationFirewallPolicies",
+            "Microsoft.Cdn/operationresults/cdnwebapplicationfirewallpolicyresults",
+            "Microsoft.Cdn/CdnWebApplicationFirewallManagedRuleSets",
+            "Microsoft.Cdn/profiles/afdendpoints",
+            "Microsoft.Cdn/profiles/afdendpoints/routes",
+            "Microsoft.Cdn/profiles/customdomains",
+            "Microsoft.Cdn/profiles/origingroups",
+            "Microsoft.Cdn/profiles/origingroups/origins",
+            "Microsoft.Cdn/profiles/rulesets",
+            "Microsoft.Cdn/profiles/rulesets/rules",
+            "Microsoft.Cdn/profiles/secrets",
+            "Microsoft.Cdn/validateSecret",
+            "Microsoft.Cdn/profiles/keygroups",
+            "Microsoft.Cdn/profiles/securitypolicies",
+            "Microsoft.Cdn/operationresults/profileresults/afdendpointresults",
+            "Microsoft.Cdn/operationresults/profileresults/afdendpointresults/routeresults",
+            "Microsoft.Cdn/operationresults/profileresults/customdomainresults",
+            "Microsoft.Cdn/operationresults/profileresults/origingroupresults",
+            "Microsoft.Cdn/operationresults/profileresults/origingroupresults/originresults",
+            "Microsoft.Cdn/operationresults/profileresults/rulesetresults",
+            "Microsoft.Cdn/operationresults/profileresults/rulesetresults/ruleresults",
+            "Microsoft.Cdn/operationresults/profileresults/secretresults",
+            "Microsoft.Cdn/operationresults/profileresults/securitypolicyresults",
+            "Microsoft.Cdn/profiles/policies",
+            "Microsoft.Cdn/profiles/networkpolicies",
+            "Microsoft.Cdn/operationresults/profileresults/policyresults",
+            "Microsoft.BotService/botServices",
+            "Microsoft.BotService/botServices/channels",
+            "Microsoft.BotService/botServices/connections",
+            "Microsoft.BotService/listAuthServiceProviders",
+            "Microsoft.BotService/listQnAMakerEndpointKeys",
+            "Microsoft.BotService/hostSettings",
+            "Microsoft.BotService/checkNameAvailability",
+            "Microsoft.BotService/locations",
+            "Microsoft.BotService/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+            "Microsoft.BotService/operations",
+            "Microsoft.BotService/botServices/privateEndpointConnectionProxies",
+            "Microsoft.BotService/botServices/privateEndpointConnections",
+            "Microsoft.BotService/botServices/privateLinkResources",
+            "Microsoft.BotService/operationResults",
+            "Microsoft.Devices/checkNameAvailability",
+            "Microsoft.Devices/checkProvisioningServiceNameAvailability",
+            "Microsoft.Devices/usages",
+            "Microsoft.Devices/operations",
+            "Microsoft.Devices/operationResults",
+            "Microsoft.Devices/provisioningServiceOperationResults",
+            "Microsoft.Devices/locations/provisioningServiceOperationResults",
+            "Microsoft.Devices/locations",
+            "Microsoft.Devices/locations/operationResults",
+            "Microsoft.Devices/IotHubs",
+            "Microsoft.Devices/IotHubs/eventGridFilters",
+            "Microsoft.Devices/IotHubs/failover",
+            "Microsoft.Devices/ProvisioningServices",
+            "Microsoft.Devices/IotHubs/securitySettings",
+            "Microsoft.Databricks/workspaces",
+            "Microsoft.Databricks/accessConnectors",
+            "Microsoft.Databricks/workspaces/virtualNetworkPeerings",
+            "Microsoft.Databricks/workspaces/dbWorkspaces",
+            "Microsoft.Databricks/operations",
+            "Microsoft.Databricks/locations",
+            "Microsoft.Databricks/locations/operationstatuses",
+            "Microsoft.Databricks/locations/getNetworkPolicies",
+            "Microsoft.EventGrid/locations",
+            "Microsoft.EventGrid/locations/eventSubscriptions",
+            "Microsoft.EventGrid/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+            "Microsoft.EventGrid/eventSubscriptions",
+            "Microsoft.EventGrid/topics",
+            "Microsoft.EventGrid/domains",
+            "Microsoft.EventGrid/domains/topics",
+            "Microsoft.EventGrid/topicTypes",
+            "Microsoft.EventGrid/operations",
+            "Microsoft.EventGrid/locations/operationsStatus",
+            "Microsoft.EventGrid/locations/operationResults",
+            "Microsoft.EventGrid/locations/topicTypes",
+            "Microsoft.EventGrid/extensionTopics",
+            "Microsoft.EventGrid/operationResults",
+            "Microsoft.EventGrid/operationsStatus",
+            "Microsoft.EventGrid/systemTopics",
+            "Microsoft.EventGrid/systemTopics/eventSubscriptions",
+            "Microsoft.EventGrid/partnerRegistrations",
+            "Microsoft.EventGrid/partnerConfigurations",
+            "Microsoft.EventGrid/verifiedPartners",
+            "Microsoft.EventGrid/namespaces",
+            "Microsoft.EventGrid/partnerNamespaces",
+            "Microsoft.EventGrid/partnerTopics",
+            "Microsoft.EventGrid/partnerTopics/eventSubscriptions",
+            "Microsoft.EventGrid/partnerNamespaces/eventChannels",
+            "Microsoft.EventGrid/partnerNamespaces/channels",
+            "Microsoft.EventGrid/partnerDestinations",
+            "Microsoft.DBforPostgreSQL/operations",
+            "Microsoft.DBforPostgreSQL/servers",
+            "Microsoft.DBforPostgreSQL/serverGroupsv2",
+            "Microsoft.DBforPostgreSQL/flexibleServers",
+            "Microsoft.DBforPostgreSQL/locations/capabilities",
+            "Microsoft.DBforPostgreSQL/locations/checkNameAvailability",
+            "Microsoft.DBforPostgreSQL/servers/recoverableServers",
+            "Microsoft.DBforPostgreSQL/servers/virtualNetworkRules",
+            "Microsoft.DBforPostgreSQL/checkNameAvailability",
+            "Microsoft.DBforPostgreSQL/availableEngineVersions",
+            "Microsoft.DBforPostgreSQL/getPrivateDnsZoneSuffix",
+            "Microsoft.DBforPostgreSQL/locations",
+            "Microsoft.DBforPostgreSQL/locations/operationResults",
+            "Microsoft.DBforPostgreSQL/locations/azureAsyncOperation",
+            "Microsoft.DBforPostgreSQL/locations/administratorOperationResults",
+            "Microsoft.DBforPostgreSQL/locations/administratorAzureAsyncOperation",
+            "Microsoft.DBforPostgreSQL/locations/checkVirtualNetworkSubnetUsage",
+            "Microsoft.DBforPostgreSQL/locations/privateEndpointConnectionProxyOperationResults",
+            "Microsoft.DBforPostgreSQL/locations/privateEndpointConnectionProxyAzureAsyncOperation",
+            "Microsoft.DBforPostgreSQL/locations/privateEndpointConnectionOperationResults",
+            "Microsoft.DBforPostgreSQL/locations/privateEndpointConnectionAzureAsyncOperation",
+            "Microsoft.DBforPostgreSQL/locations/performanceTiers",
+            "Microsoft.DBforPostgreSQL/locations/securityAlertPoliciesAzureAsyncOperation",
+            "Microsoft.DBforPostgreSQL/locations/securityAlertPoliciesOperationResults",
+            "Microsoft.DBforPostgreSQL/locations/recommendedActionSessionsAzureAsyncOperation",
+            "Microsoft.DBforPostgreSQL/locations/recommendedActionSessionsOperationResults",
+            "Microsoft.DBforPostgreSQL/servers/topQueryStatistics",
+            "Microsoft.DBforPostgreSQL/servers/queryTexts",
+            "Microsoft.DBforPostgreSQL/servers/waitStatistics",
+            "Microsoft.DBforPostgreSQL/servers/resetQueryPerformanceInsightData",
+            "Microsoft.DBforPostgreSQL/servers/advisors",
+            "Microsoft.DBforPostgreSQL/servers/privateLinkResources",
+            "Microsoft.DBforPostgreSQL/servers/privateEndpointConnections",
+            "Microsoft.DBforPostgreSQL/servers/privateEndpointConnectionProxies",
+            "Microsoft.DBforPostgreSQL/servers/keys",
+            "Microsoft.DBforPostgreSQL/locations/serverKeyAzureAsyncOperation",
+            "Microsoft.DBforPostgreSQL/locations/serverKeyOperationResults",
+            "Microsoft.DBforPostgreSQL/locations/getCachedServerName",
+            "Microsoft.TimeSeriesInsights/environments",
+            "Microsoft.TimeSeriesInsights/environments/eventsources",
+            "Microsoft.TimeSeriesInsights/environments/referenceDataSets",
+            "Microsoft.TimeSeriesInsights/environments/accessPolicies",
+            "Microsoft.TimeSeriesInsights/environments/privateLinkResources",
+            "Microsoft.TimeSeriesInsights/environments/privateEndpointConnectionProxies",
+            "Microsoft.TimeSeriesInsights/environments/privateEndpointConnections",
+            "Microsoft.TimeSeriesInsights/operations",
+            "Microsoft.DBforMariaDB/operations",
+            "Microsoft.DBforMariaDB/servers",
+            "Microsoft.DBforMariaDB/servers/recoverableServers",
+            "Microsoft.DBforMariaDB/servers/virtualNetworkRules",
+            "Microsoft.DBforMariaDB/checkNameAvailability",
+            "Microsoft.DBforMariaDB/locations",
+            "Microsoft.DBforMariaDB/locations/operationResults",
+            "Microsoft.DBforMariaDB/locations/azureAsyncOperation",
+            "Microsoft.DBforMariaDB/locations/performanceTiers",
+            "Microsoft.DBforMariaDB/locations/securityAlertPoliciesAzureAsyncOperation",
+            "Microsoft.DBforMariaDB/locations/privateEndpointConnectionProxyOperationResults",
+            "Microsoft.DBforMariaDB/locations/privateEndpointConnectionProxyAzureAsyncOperation",
+            "Microsoft.DBforMariaDB/locations/privateEndpointConnectionOperationResults",
+            "Microsoft.DBforMariaDB/locations/privateEndpointConnectionAzureAsyncOperation",
+            "Microsoft.DBforMariaDB/locations/securityAlertPoliciesOperationResults",
+            "Microsoft.DBforMariaDB/locations/recommendedActionSessionsAzureAsyncOperation",
+            "Microsoft.DBforMariaDB/locations/recommendedActionSessionsOperationResults",
+            "Microsoft.DBforMariaDB/servers/topQueryStatistics",
+            "Microsoft.DBforMariaDB/servers/queryTexts",
+            "Microsoft.DBforMariaDB/servers/waitStatistics",
+            "Microsoft.DBforMariaDB/servers/resetQueryPerformanceInsightData",
+            "Microsoft.DBforMariaDB/servers/advisors",
+            "Microsoft.DBforMariaDB/servers/privateLinkResources",
+            "Microsoft.DBforMariaDB/servers/privateEndpointConnections",
+            "Microsoft.DBforMariaDB/servers/privateEndpointConnectionProxies",
+            "Microsoft.DBforMariaDB/servers/keys",
+            "Microsoft.DBforMariaDB/locations/serverKeyAzureAsyncOperation",
+            "Microsoft.DBforMariaDB/locations/serverKeyOperationResults",
+            "Microsoft.DBforMariaDB/servers/start",
+            "Microsoft.DBforMariaDB/servers/stop",
+            "Microsoft.Cache/Redis",
+            "Microsoft.Cache/Redis/privateEndpointConnectionProxies",
+            "Microsoft.Cache/Redis/privateEndpointConnectionProxies/validate",
+            "Microsoft.Cache/Redis/privateEndpointConnections",
+            "Microsoft.Cache/Redis/privateLinkResources",
+            "Microsoft.Cache/locations/asyncOperations",
+            "Microsoft.Cache/locations",
+            "Microsoft.Cache/locations/operationResults",
+            "Microsoft.Cache/locations/operationsStatus",
+            "Microsoft.Cache/checkNameAvailability",
+            "Microsoft.Cache/operations",
+            "Microsoft.Cache/redisEnterprise",
+            "Microsoft.Cache/RedisEnterprise/privateEndpointConnectionProxies",
+            "Microsoft.Cache/RedisEnterprise/privateEndpointConnectionProxies/validate",
+            "Microsoft.Cache/RedisEnterprise/privateEndpointConnectionProxies/operationresults",
+            "Microsoft.Cache/RedisEnterprise/privateEndpointConnections",
+            "Microsoft.Cache/RedisEnterprise/privateEndpointConnections/operationresults",
+            "Microsoft.Cache/RedisEnterprise/privateLinkResources",
+            "Microsoft.Cache/redisEnterprise/databases",
+            "Microsoft.Cache/locations/checkNameAvailability",
+            "Microsoft.Cache/Redis/EventGridFilters",
+            "Microsoft.RecoveryServices/vaults",
+            "Microsoft.RecoveryServices/operations",
+            "Microsoft.RecoveryServices/locations",
+            "Microsoft.RecoveryServices/locations/backupStatus",
+            "Microsoft.RecoveryServices/locations/checkNameAvailability",
+            "Microsoft.RecoveryServices/locations/allocatedStamp",
+            "Microsoft.RecoveryServices/locations/allocateStamp",
+            "Microsoft.RecoveryServices/locations/backupValidateFeatures",
+            "Microsoft.RecoveryServices/locations/backupPreValidateProtection",
+            "Microsoft.RecoveryServices/locations/backupCrrJobs",
+            "Microsoft.RecoveryServices/locations/backupCrrJob",
+            "Microsoft.RecoveryServices/locations/backupAadProperties",
+            "Microsoft.RecoveryServices/locations/backupCrossRegionRestore",
+            "Microsoft.RecoveryServices/locations/backupCrrOperationResults",
+            "Microsoft.RecoveryServices/locations/backupCrrOperationsStatus",
+            "Microsoft.RecoveryServices/backupProtectedItems",
+            "Microsoft.RecoveryServices/replicationEligibilityResults",
+            "Microsoft.RecoveryServices/locations/capabilities",
+            "Microsoft.ServiceBus/namespaces",
+            "Microsoft.ServiceBus/namespaces/authorizationrules",
+            "Microsoft.ServiceBus/namespaces/networkrulesets",
+            "Microsoft.ServiceBus/namespaces/privateEndpointConnections",
+            "Microsoft.ServiceBus/namespaces/privateEndpointConnectionProxies",
+            "Microsoft.ServiceBus/namespaces/queues",
+            "Microsoft.ServiceBus/namespaces/queues/authorizationrules",
+            "Microsoft.ServiceBus/namespaces/topics",
+            "Microsoft.ServiceBus/namespaces/topics/authorizationrules",
+            "Microsoft.ServiceBus/namespaces/topics/subscriptions",
+            "Microsoft.ServiceBus/namespaces/topics/subscriptions/rules",
+            "Microsoft.ServiceBus/checkNamespaceAvailability",
+            "Microsoft.ServiceBus/checkNameAvailability",
+            "Microsoft.ServiceBus/sku",
+            "Microsoft.ServiceBus/premiumMessagingRegions",
+            "Microsoft.ServiceBus/operations",
+            "Microsoft.ServiceBus/namespaces/eventgridfilters",
+            "Microsoft.ServiceBus/namespaces/disasterrecoveryconfigs",
+            "Microsoft.ServiceBus/namespaces/migrationConfigurations",
+            "Microsoft.ServiceBus/namespaces/disasterrecoveryconfigs/checkNameAvailability",
+            "Microsoft.ServiceBus/locations",
+            "Microsoft.ServiceBus/locations/operationStatus",
+            "Microsoft.ServiceBus/locations/namespaceOperationResults",
+            "Microsoft.ServiceBus/locations/deleteVirtualNetworkOrSubnets",
+            "Microsoft.ServiceFabricMesh/applications",
+            "Microsoft.ServiceFabricMesh/networks",
+            "Microsoft.ServiceFabricMesh/volumes",
+            "Microsoft.ServiceFabricMesh/secrets",
+            "Microsoft.ServiceFabricMesh/gateways",
+            "Microsoft.ServiceFabricMesh/locations",
+            "Microsoft.ServiceFabricMesh/locations/applicationOperations",
+            "Microsoft.ServiceFabricMesh/locations/networkOperations",
+            "Microsoft.ServiceFabricMesh/locations/volumeOperations",
+            "Microsoft.ServiceFabricMesh/locations/gatewayOperations",
+            "Microsoft.ServiceFabricMesh/locations/secretOperations",
+            "Microsoft.ServiceFabricMesh/operations",
+            "Microsoft.NotificationHubs/namespaces",
+            "Microsoft.NotificationHubs/namespaces/notificationHubs",
+            "Microsoft.NotificationHubs/checkNamespaceAvailability",
+            "Microsoft.NotificationHubs/checkNameAvailability",
+            "Microsoft.NotificationHubs/operations",
+            "Microsoft.ContainerRegistry/registries",
+            "Microsoft.ContainerRegistry/registries/cacheRules",
+            "Microsoft.ContainerRegistry/registries/credentialSets",
+            "Microsoft.ContainerRegistry/registries/connectedRegistries",
+            "Microsoft.ContainerRegistry/registries/connectedRegistries/deactivate",
+            "Microsoft.ContainerRegistry/registries/scopeMaps",
+            "Microsoft.ContainerRegistry/registries/tokens",
+            "Microsoft.ContainerRegistry/registries/generateCredentials",
+            "Microsoft.ContainerRegistry/registries/privateEndpointConnections",
+            "Microsoft.ContainerRegistry/registries/privateEndpointConnectionProxies",
+            "Microsoft.ContainerRegistry/registries/privateEndpointConnectionProxies/validate",
+            "Microsoft.ContainerRegistry/registries/privateLinkResources",
+            "Microsoft.ContainerRegistry/registries/importImage",
+            "Microsoft.ContainerRegistry/registries/exportPipelines",
+            "Microsoft.ContainerRegistry/registries/importPipelines",
+            "Microsoft.ContainerRegistry/registries/pipelineRuns",
+            "Microsoft.ContainerRegistry/registries/listBuildSourceUploadUrl",
+            "Microsoft.ContainerRegistry/registries/scheduleRun",
+            "Microsoft.ContainerRegistry/registries/runs",
+            "Microsoft.ContainerRegistry/registries/taskRuns",
+            "Microsoft.ContainerRegistry/registries/taskRuns/listDetails",
+            "Microsoft.ContainerRegistry/registries/agentPools",
+            "Microsoft.ContainerRegistry/registries/agentPoolsOperationResults",
+            "Microsoft.ContainerRegistry/registries/agentPools/listQueueStatus",
+            "Microsoft.ContainerRegistry/registries/runs/listLogSasUrl",
+            "Microsoft.ContainerRegistry/registries/runs/cancel",
+            "Microsoft.ContainerRegistry/registries/tasks",
+            "Microsoft.ContainerRegistry/registries/tasks/listDetails",
+            "Microsoft.ContainerRegistry/registries/replications",
+            "Microsoft.ContainerRegistry/registries/webhooks",
+            "Microsoft.ContainerRegistry/registries/webhooks/ping",
+            "Microsoft.ContainerRegistry/registries/webhooks/getCallbackConfig",
+            "Microsoft.ContainerRegistry/registries/webhooks/listEvents",
+            "Microsoft.ContainerRegistry/locations/operationResults",
+            "Microsoft.ContainerRegistry/locations/deleteVirtualNetworkOrSubnets",
+            "Microsoft.ContainerRegistry/registries/listCredentials",
+            "Microsoft.ContainerRegistry/registries/regenerateCredential",
+            "Microsoft.ContainerRegistry/registries/listUsages",
+            "Microsoft.ContainerRegistry/registries/listPolicies",
+            "Microsoft.ContainerRegistry/registries/updatePolicies",
+            "Microsoft.ContainerRegistry/registries/eventGridFilters",
+            "Microsoft.ContainerRegistry/checkNameAvailability",
+            "Microsoft.ContainerRegistry/operations",
+            "Microsoft.ContainerRegistry/locations",
+            "Microsoft.StreamAnalytics/streamingjobs",
+            "Microsoft.StreamAnalytics/clusters",
+            "Microsoft.StreamAnalytics/clusters/privateEndpoints",
+            "Microsoft.StreamAnalytics/locations",
+            "Microsoft.StreamAnalytics/locations/quotas",
+            "Microsoft.StreamAnalytics/locations/testQuery",
+            "Microsoft.StreamAnalytics/locations/compileQuery",
+            "Microsoft.StreamAnalytics/locations/sampleInput",
+            "Microsoft.StreamAnalytics/locations/testInput",
+            "Microsoft.StreamAnalytics/locations/testOutput",
+            "Microsoft.StreamAnalytics/locations/operationResults",
+            "Microsoft.StreamAnalytics/operations",
+            "Microsoft.DataLakeAnalytics/accounts",
+            "Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts",
+            "Microsoft.DataLakeAnalytics/accounts/storageAccounts",
+            "Microsoft.DataLakeAnalytics/accounts/storageAccounts/containers",
+            "Microsoft.DataLakeAnalytics/accounts/storageAccounts/containers/listSasTokens",
+            "Microsoft.DataLakeAnalytics/locations",
+            "Microsoft.DataLakeAnalytics/locations/operationresults",
+            "Microsoft.DataLakeAnalytics/locations/checkNameAvailability",
+            "Microsoft.DataLakeAnalytics/locations/capability",
+            "Microsoft.DataLakeAnalytics/locations/usages",
+            "Microsoft.DataLakeAnalytics/operations",
+            "Microsoft.Relay/namespaces",
+            "Microsoft.Relay/namespaces/authorizationrules",
+            "Microsoft.Relay/namespaces/privateEndpointConnections",
+            "Microsoft.Relay/namespaces/privateEndpointConnectionProxies",
+            "Microsoft.Relay/namespaces/hybridconnections",
+            "Microsoft.Relay/namespaces/hybridconnections/authorizationrules",
+            "Microsoft.Relay/namespaces/wcfrelays",
+            "Microsoft.Relay/namespaces/wcfrelays/authorizationrules",
+            "Microsoft.Relay/checkNameAvailability",
+            "Microsoft.Relay/operations",
+            "Microsoft.Relay/locations",
+            "Microsoft.Relay/locations/namespaceOperationResults",
+            // Not supported in Mooncake
+            /*
+            "Microsoft.DevTestLab/labs/environments",
+            "Microsoft.DevTestLab/labs",
+            "Microsoft.DevTestLab/schedules",
+            "Microsoft.DevTestLab/labs/virtualMachines",
+            "Microsoft.DevTestLab/labs/serviceRunners",
+            "Microsoft.DevTestLab/operations",
+            "Microsoft.DevTestLab/locations",
+            "Microsoft.DevTestLab/locations/operations",
+            */
+            "Microsoft.EventHub/namespaces",
+            "Microsoft.EventHub/clusters",
+            "Microsoft.EventHub/namespaces/authorizationrules",
+            "Microsoft.EventHub/namespaces/networkrulesets",
+            "Microsoft.EventHub/namespaces/privateEndpointConnections",
+            "Microsoft.EventHub/namespaces/privateEndpointConnectionProxies",
+            "Microsoft.EventHub/namespaces/networkSecurityPerimeterConfigurations",
+            "Microsoft.EventHub/namespaces/networkSecurityPerimeterAssociationProxies",
+            "Microsoft.EventHub/namespaces/eventhubs",
+            "Microsoft.EventHub/namespaces/eventhubs/authorizationrules",
+            "Microsoft.EventHub/namespaces/eventhubs/consumergroups",
+            "Microsoft.EventHub/namespaces/applicationGroups",
+            "Microsoft.EventHub/checkNamespaceAvailability",
+            "Microsoft.EventHub/checkNameAvailability",
+            "Microsoft.EventHub/sku",
+            "Microsoft.EventHub/operations",
+            "Microsoft.EventHub/namespaces/disasterrecoveryconfigs",
+            "Microsoft.EventHub/namespaces/disasterrecoveryconfigs/checkNameAvailability",
+            "Microsoft.EventHub/locations",
+            "Microsoft.EventHub/locations/operationStatus",
+            "Microsoft.EventHub/locations/clusterOperationResults",
+            "Microsoft.EventHub/locations/namespaceOperationResults",
+            "Microsoft.EventHub/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+            "Microsoft.EventHub/locations/deleteVirtualNetworkOrSubnets",
+            "Microsoft.EventHub/availableClusterRegions",
+            "Microsoft.AppPlatform/Spring",
+            "Microsoft.AppPlatform/Spring/operationResults",
+            "Microsoft.AppPlatform/Spring/operationStatuses",
+            "Microsoft.AppPlatform/Spring/apps",
+            "Microsoft.AppPlatform/Spring/apps/operationResults",
+            "Microsoft.AppPlatform/Spring/apps/operationStatuses",
+            "Microsoft.AppPlatform/Spring/apps/deployments",
+            "Microsoft.AppPlatform/Spring/apps/deployments/operationResults",
+            "Microsoft.AppPlatform/Spring/apps/deployments/operationStatuses",
+            "Microsoft.AppPlatform/Spring/configServers",
+            "Microsoft.AppPlatform/Spring/configServers/operationResults",
+            "Microsoft.AppPlatform/Spring/configServers/operationStatuses",
+            "Microsoft.AppPlatform/Spring/eurekaServers",
+            "Microsoft.AppPlatform/Spring/eurekaServers/operationResults",
+            "Microsoft.AppPlatform/Spring/eurekaServers/operationStatuses",
+            "Microsoft.AppPlatform/Spring/apps/domains",
+            "Microsoft.AppPlatform/Spring/apps/domains/operationResults",
+            "Microsoft.AppPlatform/Spring/apps/domains/operationStatuses",
+            "Microsoft.AppPlatform/locations/checkNameAvailability",
+            "Microsoft.AppPlatform/operations",
+            "Microsoft.AppPlatform/locations",
+            "Microsoft.AppPlatform/runtimeVersions",
+            "Microsoft.AppPlatform/locations/operationResults",
+            "Microsoft.AppPlatform/locations/operationStatus",
+            "Microsoft.CustomProviders/resourceProviders",
+            "Microsoft.CustomProviders/resourceProviders/operationResults",
+            "Microsoft.CustomProviders/resourceProviders/operationStatuses",
+            "Microsoft.CustomProviders/associations",
+            "Microsoft.CustomProviders/operations",
+            "Microsoft.CustomProviders/locations",
+            "Microsoft.CustomProviders/locations/operationStatuses",
+            "Microsoft.CustomProviders/locations/operationResults",
+            "Microsoft.DocumentDB/databaseAccounts",
+            "Microsoft.DocumentDB/databaseAccountNames",
+            "Microsoft.DocumentDB/operations",
+            "Microsoft.DocumentDB/operationResults",
+            "Microsoft.DocumentDB/operationsStatus",
+            "Microsoft.DocumentDB/locations/operationsStatus",
+            "Microsoft.DocumentDB/locations/operationResults",
+            "Microsoft.DocumentDB/locations",
+            "Microsoft.DocumentDB/locations/deleteVirtualNetworkOrSubnets",
+            "Microsoft.DocumentDB/locations/restorableDatabaseAccounts",
+            "Microsoft.DocumentDB/restorableDatabaseAccounts",
+            "Microsoft.DocumentDB/cassandraClusters",
+            "Microsoft.DocumentDB/databaseAccounts/encryptionScopes",
+            "Microsoft.DocumentDB/mongoClusters",
+            "Microsoft.DocumentDB/locations/mongoClusterOperationResults",
+            "Microsoft.DocumentDB/locations/mongoClusterAzureAsyncOperation",
+            "Microsoft.DocumentDB/locations/checkMongoClusterNameAvailability",
+            "Microsoft.DocumentDB/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+            "Microsoft.DocumentDB/throughputPools",
+            "Microsoft.DocumentDB/throughputPools/throughputPoolAccounts",
+            "Microsoft.Maintenance/maintenanceConfigurations",
+            "Microsoft.Maintenance/updates",
+            "Microsoft.Maintenance/configurationAssignments",
+            "Microsoft.Maintenance/applyUpdates",
+            "Microsoft.Maintenance/publicMaintenanceConfigurations",
+            "Microsoft.Maintenance/operations",
+            "Microsoft.Sql/operations",
+            "Microsoft.Sql/locations",
+            "Microsoft.Sql/locations/capabilities",
+            "Microsoft.Sql/locations/databaseAzureAsyncOperation",
+            "Microsoft.Sql/locations/databaseOperationResults",
+            "Microsoft.Sql/locations/databaseEncryptionProtectorRevalidateAzureAsyncOperation",
+            "Microsoft.Sql/locations/databaseEncryptionProtectorRevalidateOperationResults",
+            "Microsoft.Sql/locations/databaseEncryptionProtectorRevertAzureAsyncOperation",
+            "Microsoft.Sql/locations/databaseEncryptionProtectorRevertOperationResults",
+            "Microsoft.Sql/locations/serverKeyAzureAsyncOperation",
+            "Microsoft.Sql/locations/serverKeyOperationResults",
+            "Microsoft.Sql/servers/keys",
+            "Microsoft.Sql/servers/encryptionProtector",
+            "Microsoft.Sql/locations/encryptionProtectorOperationResults",
+            "Microsoft.Sql/locations/encryptionProtectorAzureAsyncOperation",
+            "Microsoft.Sql/locations/externalPolicyBasedAuthorizationsAzureAsycOperation",
+            "Microsoft.Sql/locations/externalPolicyBasedAuthorizationsOperationResults",
+            "Microsoft.Sql/locations/refreshExternalGovernanceStatusOperationResults",
+            "Microsoft.Sql/locations/refreshExternalGovernanceStatusAzureAsyncOperation",
+            "Microsoft.Sql/locations/refreshExternalGovernanceStatusMIOperationResults",
+            "Microsoft.Sql/locations/refreshExternalGovernanceStatusMIAzureAsyncOperation",
+            "Microsoft.Sql/locations/managedInstanceKeyAzureAsyncOperation",
+            "Microsoft.Sql/locations/managedInstanceKeyOperationResults",
+            "Microsoft.Sql/locations/managedInstanceEncryptionProtectorOperationResults",
+            "Microsoft.Sql/locations/managedInstanceEncryptionProtectorAzureAsyncOperation",
+            "Microsoft.Sql/locations/transparentDataEncryptionAzureAsyncOperation",
+            "Microsoft.Sql/locations/transparentDataEncryptionOperationResults",
+            "Microsoft.Sql/locations/managedtransparentDataEncryptionAzureAsyncOperation",
+            "Microsoft.Sql/locations/managedtransparentDataEncryptionOperationResults",
+            "Microsoft.Sql/servers/tdeCertificates",
+            "Microsoft.Sql/locations/tdeCertAzureAsyncOperation",
+            "Microsoft.Sql/locations/tdeCertOperationResults",
+            "Microsoft.Sql/locations/serverAzureAsyncOperation",
+            "Microsoft.Sql/locations/serverOperationResults",
+            "Microsoft.Sql/locations/usages",
+            "Microsoft.Sql/checkNameAvailability",
+            "Microsoft.Sql/servers",
+            "Microsoft.Sql/servers/databases",
+            "Microsoft.Sql/servers/serviceObjectives",
+            "Microsoft.Sql/servers/communicationLinks",
+            "Microsoft.Sql/servers/administrators",
+            "Microsoft.Sql/servers/administratorOperationResults",
+            "Microsoft.Sql/locations/serverAdministratorAzureAsyncOperation",
+            "Microsoft.Sql/locations/serverAdministratorOperationResults",
+            "Microsoft.Sql/servers/restorableDroppedDatabases",
+            "Microsoft.Sql/servers/recoverableDatabases",
+            "Microsoft.Sql/servers/databases/geoBackupPolicies",
+            "Microsoft.Sql/servers/import",
+            "Microsoft.Sql/servers/importExportOperationResults",
+            "Microsoft.Sql/servers/operationResults",
+            "Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies",
+            "Microsoft.Sql/servers/databases/backupShortTermRetentionPolicies",
+            "Microsoft.Sql/servers/databaseSecurityPolicies",
+            "Microsoft.Sql/servers/automaticTuning",
+            "Microsoft.Sql/servers/databases/automaticTuning",
+            "Microsoft.Sql/servers/databases/transparentDataEncryption",
+            "Microsoft.Sql/servers/databases/ledgerDigestUploads",
+            "Microsoft.Sql/locations/ledgerDigestUploadsAzureAsyncOperation",
+            "Microsoft.Sql/locations/ledgerDigestUploadsOperationResults",
+            "Microsoft.Sql/servers/recommendedElasticPools",
+            "Microsoft.Sql/servers/databases/dataMaskingPolicies",
+            "Microsoft.Sql/servers/databases/dataMaskingPolicies/rules",
+            "Microsoft.Sql/servers/databases/securityAlertPolicies",
+            "Microsoft.Sql/servers/securityAlertPolicies",
+            "Microsoft.Sql/servers/databases/advancedThreatProtectionSettings",
+            "Microsoft.Sql/servers/advancedThreatProtectionSettings",
+            "Microsoft.Sql/managedInstances/databases/advancedThreatProtectionSettings",
+            "Microsoft.Sql/managedInstances/advancedThreatProtectionSettings",
+            "Microsoft.Sql/servers/databases/auditingSettings",
+            "Microsoft.Sql/servers/auditingSettings",
+            "Microsoft.Sql/servers/extendedAuditingSettings",
+            "Microsoft.Sql/servers/devOpsAuditingSettings",
+            "Microsoft.Sql/locations/auditingSettingsAzureAsyncOperation",
+            "Microsoft.Sql/locations/auditingSettingsOperationResults",
+            "Microsoft.Sql/locations/extendedAuditingSettingsAzureAsyncOperation",
+            "Microsoft.Sql/locations/extendedAuditingSettingsOperationResults",
+            "Microsoft.Sql/locations/devOpsAuditingSettingsOperationResults",
+            "Microsoft.Sql/locations/devOpsAuditingSettingsAzureAsyncOperation",
+            "Microsoft.Sql/locations/elasticPoolAzureAsyncOperation",
+            "Microsoft.Sql/locations/elasticPoolOperationResults",
+            "Microsoft.Sql/servers/elasticpools",
+            "Microsoft.Sql/servers/jobAccounts",
+            "Microsoft.Sql/servers/jobAgents",
+            "Microsoft.Sql/locations/jobAgentOperationResults",
+            "Microsoft.Sql/locations/jobAgentAzureAsyncOperation",
+            "Microsoft.Sql/servers/jobAgents/privateEndpoints",
+            "Microsoft.Sql/locations/jobAgentPrivateEndpointOperationResults",
+            "Microsoft.Sql/locations/jobAgentPrivateEndpointAzureAsyncOperation",
+            "Microsoft.Sql/servers/jobAgents/jobs",
+            "Microsoft.Sql/servers/jobAgents/jobs/steps",
+            "Microsoft.Sql/servers/jobAgents/jobs/executions",
+            "Microsoft.Sql/servers/disasterRecoveryConfiguration",
+            "Microsoft.Sql/servers/dnsAliases",
+            "Microsoft.Sql/locations/dnsAliasAsyncOperation",
+            "Microsoft.Sql/locations/dnsAliasOperationResults",
+            "Microsoft.Sql/servers/failoverGroups",
+            "Microsoft.Sql/locations/failoverGroupAzureAsyncOperation",
+            "Microsoft.Sql/locations/failoverGroupOperationResults",
+            "Microsoft.Sql/locations/firewallRulesOperationResults",
+            "Microsoft.Sql/locations/firewallRulesAzureAsyncOperation",
+            "Microsoft.Sql/locations/ipv6FirewallRulesOperationResults",
+            "Microsoft.Sql/locations/ipv6FirewallRulesAzureAsyncOperation",
+            "Microsoft.Sql/locations/deleteVirtualNetworkOrSubnets",
+            "Microsoft.Sql/servers/virtualNetworkRules",
+            "Microsoft.Sql/locations/virtualNetworkRulesOperationResults",
+            "Microsoft.Sql/locations/virtualNetworkRulesAzureAsyncOperation",
+            "Microsoft.Sql/locations/deleteVirtualNetworkOrSubnetsOperationResults",
+            "Microsoft.Sql/locations/deleteVirtualNetworkOrSubnetsAzureAsyncOperation",
+            "Microsoft.Sql/locations/databaseRestoreAzureAsyncOperation",
+            "Microsoft.Sql/servers/usages",
+            "Microsoft.Sql/servers/databases/metricDefinitions",
+            "Microsoft.Sql/servers/databases/metrics",
+            "Microsoft.Sql/servers/aggregatedDatabaseMetrics",
+            "Microsoft.Sql/servers/elasticpools/metrics",
+            "Microsoft.Sql/servers/elasticpools/metricdefinitions",
+            "Microsoft.Sql/servers/databases/topQueries",
+            "Microsoft.Sql/servers/databases/topQueries/queryText",
+            "Microsoft.Sql/servers/advisors",
+            "Microsoft.Sql/servers/elasticPools/advisors",
+            "Microsoft.Sql/servers/databases/advisors",
+            "Microsoft.Sql/servers/databases/extensions",
+            "Microsoft.Sql/servers/elasticPoolEstimates",
+            "Microsoft.Sql/servers/databases/auditRecords",
+            "Microsoft.Sql/servers/databases/VulnerabilityAssessmentScans",
+            "Microsoft.Sql/servers/databases/workloadGroups",
+            "Microsoft.Sql/servers/databases/vulnerabilityAssessments",
+            "Microsoft.Sql/servers/vulnerabilityAssessments",
+            "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments",
+            "Microsoft.Sql/managedInstances/vulnerabilityAssessments",
+            "Microsoft.Sql/servers/databases/VulnerabilityAssessmentSettings",
+            "Microsoft.Sql/servers/databases/VulnerabilityAssessment",
+            "Microsoft.Sql/locations/vulnerabilityAssessmentScanAzureAsyncOperation",
+            "Microsoft.Sql/locations/vulnerabilityAssessmentScanOperationResults",
+            "Microsoft.Sql/servers/databases/sqlvulnerabilityassessments",
+            "Microsoft.Sql/servers/sqlvulnerabilityassessments",
+            "Microsoft.Sql/locations/sqlVulnerabilityAssessmentAzureAsyncOperation",
+            "Microsoft.Sql/locations/sqlVulnerabilityAssessmentOperationResults",
+            "Microsoft.Sql/servers/databases/recommendedSensitivityLabels",
+            "Microsoft.Sql/servers/databases/syncGroups",
+            "Microsoft.Sql/servers/databases/syncGroups/syncMembers",
+            "Microsoft.Sql/servers/syncAgents",
+            "Microsoft.Sql/instancePools",
+            "Microsoft.Sql/locations/importExportOperationResults",
+            "Microsoft.Sql/locations/importExportAzureAsyncOperation",
+            "Microsoft.Sql/locations/instancePoolOperationResults",
+            "Microsoft.Sql/locations/instancePoolAzureAsyncOperation",
+            "Microsoft.Sql/managedInstances",
+            "Microsoft.Sql/managedInstances/administrators",
+            "Microsoft.Sql/managedInstances/databases",
+            "Microsoft.Sql/managedInstances/recoverableDatabases",
+            "Microsoft.Sql/managedInstances/metrics",
+            "Microsoft.Sql/managedInstances/metricDefinitions",
+            "Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies",
+            "Microsoft.Sql/managedInstances/sqlAgent",
+            "Microsoft.Sql/managedInstances/startStopSchedules",
+            "Microsoft.Sql/locations/managedInstancePrivateEndpointConnectionProxyOperationResults",
+            "Microsoft.Sql/locations/managedInstancePrivateEndpointConnectionProxyAzureAsyncOperation",
+            "Microsoft.Sql/locations/managedInstancePrivateEndpointConnectionOperationResults",
+            "Microsoft.Sql/locations/managedInstancePrivateEndpointConnectionAzureAsyncOperation",
+            "Microsoft.Sql/locations/longTermRetentionManagedInstances",
+            "Microsoft.Sql/locations/longTermRetentionManagedInstanceBackups",
+            "Microsoft.Sql/locations/managedInstanceLongTermRetentionPolicyOperationResults",
+            "Microsoft.Sql/locations/managedInstanceLongTermRetentionPolicyAzureAsyncOperation",
+            "Microsoft.Sql/locations/longTermRetentionManagedInstanceBackupOperationResults",
+            "Microsoft.Sql/locations/longTermRetentionManagedInstanceBackupAzureAsyncOperation",
+            "Microsoft.Sql/locations/managedDatabaseAzureAsyncOperation",
+            "Microsoft.Sql/locations/managedDatabaseOperationResults",
+            "Microsoft.Sql/locations/managedDatabaseRestoreAzureAsyncOperation",
+            "Microsoft.Sql/locations/managedDatabaseRestoreOperationResults",
+            "Microsoft.Sql/locations/managedDatabaseCompleteRestoreAzureAsyncOperation",
+            "Microsoft.Sql/locations/managedDatabaseCompleteRestoreOperationResults",
+            "Microsoft.Sql/locations/managedServerSecurityAlertPoliciesAzureAsyncOperation",
+            "Microsoft.Sql/locations/stopManagedInstanceAzureAsyncOperation",
+            "Microsoft.Sql/locations/stopManagedInstanceOperationResults",
+            "Microsoft.Sql/locations/startManagedInstanceAzureAsyncOperation",
+            "Microsoft.Sql/locations/startManagedInstanceOperationResults",
+            "Microsoft.Sql/managedInstances/tdeCertificates",
+            "Microsoft.Sql/locations/managedInstanceTdeCertAzureAsyncOperation",
+            "Microsoft.Sql/locations/managedInstanceTdeCertOperationResults",
+            "Microsoft.Sql/locations/managedServerSecurityAlertPoliciesOperationResults",
+            "Microsoft.Sql/locations/securityAlertPoliciesAzureAsyncOperation",
+            "Microsoft.Sql/locations/securityAlertPoliciesOperationResults",
+            "Microsoft.Sql/locations/advancedThreatProtectionAzureAsyncOperation",
+            "Microsoft.Sql/locations/advancedThreatProtectionOperationResults",
+            "Microsoft.Sql/locations/managedInstanceAdvancedThreatProtectionAzureAsyncOperation",
+            "Microsoft.Sql/locations/managedInstanceAdvancedThreatProtectionOperationResults",
+            "Microsoft.Sql/managedInstances/dnsAliases",
+            "Microsoft.Sql/locations/managedDnsAliasAsyncOperation",
+            "Microsoft.Sql/locations/managedDnsAliasOperationResults",
+            "Microsoft.Sql/virtualClusters",
+            "Microsoft.Sql/locations/virtualClusterAzureAsyncOperation",
+            "Microsoft.Sql/locations/virtualClusterOperationResults",
+            "Microsoft.Sql/locations/updateManagedInstanceDnsServersAzureAsyncOperation",
+            "Microsoft.Sql/locations/updateManagedInstanceDnsServersOperationResults",
+            "Microsoft.Sql/locations/managedInstanceAzureAsyncOperation",
+            "Microsoft.Sql/locations/managedInstanceOperationResults",
+            "Microsoft.Sql/locations/distributedAvailabilityGroupsOperationResults",
+            "Microsoft.Sql/locations/distributedAvailabilityGroupsAzureAsyncOperation",
+            "Microsoft.Sql/locations/serverTrustCertificatesOperationResults",
+            "Microsoft.Sql/locations/serverTrustCertificatesAzureAsyncOperation",
+            "Microsoft.Sql/locations/administratorAzureAsyncOperation",
+            "Microsoft.Sql/locations/administratorOperationResults",
+            "Microsoft.Sql/locations/syncGroupOperationResults",
+            "Microsoft.Sql/locations/syncGroupAzureAsyncOperation",
+            "Microsoft.Sql/locations/syncMemberOperationResults",
+            "Microsoft.Sql/locations/syncAgentOperationResults",
+            "Microsoft.Sql/locations/syncDatabaseIds",
+            "Microsoft.Sql/locations/longTermRetentionServers",
+            "Microsoft.Sql/locations/longTermRetentionBackups",
+            "Microsoft.Sql/locations/longTermRetentionPolicyOperationResults",
+            "Microsoft.Sql/locations/longTermRetentionPolicyAzureAsyncOperation",
+            "Microsoft.Sql/locations/longTermRetentionBackupOperationResults",
+            "Microsoft.Sql/locations/longTermRetentionBackupAzureAsyncOperation",
+            "Microsoft.Sql/locations/changeLongTermRetentionBackupAccessTierOperationResults",
+            "Microsoft.Sql/locations/changeLongTermRetentionBackupAccessTierAzureAsyncOperation",
+            "Microsoft.Sql/locations/shortTermRetentionPolicyOperationResults",
+            "Microsoft.Sql/locations/shortTermRetentionPolicyAzureAsyncOperation",
+            "Microsoft.Sql/locations/managedShortTermRetentionPolicyOperationResults",
+            "Microsoft.Sql/locations/managedShortTermRetentionPolicyAzureAsyncOperation",
+            "Microsoft.Sql/locations/instanceFailoverGroups",
+            "Microsoft.Sql/locations/instanceFailoverGroupAzureAsyncOperation",
+            "Microsoft.Sql/locations/instanceFailoverGroupOperationResults",
+            "Microsoft.Sql/locations/privateEndpointConnectionProxyOperationResults",
+            "Microsoft.Sql/locations/privateEndpointConnectionProxyAzureAsyncOperation",
+            "Microsoft.Sql/locations/privateEndpointConnectionOperationResults",
+            "Microsoft.Sql/locations/outboundFirewallRulesAzureAsyncOperation",
+            "Microsoft.Sql/locations/outboundFirewallRulesOperationResults",
+            "Microsoft.Sql/locations/privateEndpointConnectionAzureAsyncOperation",
+            "Microsoft.Sql/locations/notifyAzureAsyncOperation",
+            "Microsoft.Sql/locations/serverTrustGroups",
+            "Microsoft.Sql/locations/serverTrustGroupOperationResults",
+            "Microsoft.Sql/locations/serverTrustGroupAzureAsyncOperation",
+            "Microsoft.Sql/locations/managedDatabaseMoveOperationResults",
+            "Microsoft.Sql/locations/managedDatabaseMoveAzureAsyncOperation",
+            "Microsoft.Sql/servers/connectionPolicies",
+            "Microsoft.Sql/locations/connectionPoliciesAzureAsyncOperation",
+            "Microsoft.Sql/locations/connectionPoliciesOperationResults",
+            "Microsoft.Sql/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+            "Microsoft.Sql/locations/replicationLinksAzureAsyncOperation",
+            "Microsoft.Sql/locations/replicationLinksOperationResults",
+            "Microsoft.Sql/locations/managedInstanceDtcAzureAsyncOperation",
+            "Microsoft.Sql/managedInstances/databases/ledgerDigestUploads",
+            "Microsoft.Sql/locations/managedLedgerDigestUploadsOperationResults",
+            "Microsoft.Sql/locations/managedLedgerDigestUploadsAzureAsyncOperation",
+            "Microsoft.Sql/locations/serverConfigurationOptionAzureAsyncOperation",
+            "Microsoft.Sql/servers/failoverGroups/tryPlannedBeforeForcedFailover",
+            "Microsoft.DBforMySQL/operations",
+            "Microsoft.DBforMySQL/servers",
+            "Microsoft.DBforMySQL/flexibleServers",
+            "Microsoft.DBforMySQL/servers/recoverableServers",
+            "Microsoft.DBforMySQL/servers/virtualNetworkRules",
+            "Microsoft.DBforMySQL/locations/capabilities",
+            "Microsoft.DBforMySQL/locations/capabilitySets",
+            "Microsoft.DBforMySQL/locations/checkNameAvailability",
+            "Microsoft.DBforMySQL/checkNameAvailability",
+            "Microsoft.DBforMySQL/assessForMigration",
+            "Microsoft.DBforMySQL/getPrivateDnsZoneSuffix",
+            "Microsoft.DBforMySQL/locations/checkVirtualNetworkSubnetUsage",
+            "Microsoft.DBforMySQL/locations/listMigrations",
+            "Microsoft.DBforMySQL/locations/updateMigration",
+            "Microsoft.DBforMySQL/locations",
+            "Microsoft.DBforMySQL/locations/operationResults",
+            "Microsoft.DBforMySQL/locations/operationProgress",
+            "Microsoft.DBforMySQL/locations/azureAsyncOperation",
+            "Microsoft.DBforMySQL/locations/administratorOperationResults",
+            "Microsoft.DBforMySQL/locations/administratorAzureAsyncOperation",
+            "Microsoft.DBforMySQL/locations/privateEndpointConnectionProxyOperationResults",
+            "Microsoft.DBforMySQL/locations/privateEndpointConnectionProxyAzureAsyncOperation",
+            "Microsoft.DBforMySQL/locations/privateEndpointConnectionOperationResults",
+            "Microsoft.DBforMySQL/locations/privateEndpointConnectionAzureAsyncOperation",
+            "Microsoft.DBforMySQL/locations/performanceTiers",
+            "Microsoft.DBforMySQL/locations/securityAlertPoliciesAzureAsyncOperation",
+            "Microsoft.DBforMySQL/locations/securityAlertPoliciesOperationResults",
+            "Microsoft.DBforMySQL/locations/recommendedActionSessionsAzureAsyncOperation",
+            "Microsoft.DBforMySQL/locations/recommendedActionSessionsOperationResults",
+            "Microsoft.DBforMySQL/servers/topQueryStatistics",
+            "Microsoft.DBforMySQL/servers/queryTexts",
+            "Microsoft.DBforMySQL/servers/waitStatistics",
+            "Microsoft.DBforMySQL/servers/resetQueryPerformanceInsightData",
+            "Microsoft.DBforMySQL/servers/advisors",
+            "Microsoft.DBforMySQL/servers/privateLinkResources",
+            "Microsoft.DBforMySQL/servers/privateEndpointConnections",
+            "Microsoft.DBforMySQL/servers/privateEndpointConnectionProxies",
+            "Microsoft.DBforMySQL/servers/keys",
+            "Microsoft.DBforMySQL/locations/serverKeyAzureAsyncOperation",
+            "Microsoft.DBforMySQL/locations/serverKeyOperationResults",
+            "Microsoft.DBforMySQL/servers/upgrade",
+            "Microsoft.CognitiveServices/accounts",
+            "Microsoft.CognitiveServices/operations",
+            "Microsoft.CognitiveServices/locations/operationResults",
+            "Microsoft.CognitiveServices/locations",
+            "Microsoft.CognitiveServices/locations/deleteVirtualNetworkOrSubnets",
+            "Microsoft.CognitiveServices/locations/checkSkuAvailability",
+            "Microsoft.CognitiveServices/checkDomainAvailability",
+            "Microsoft.CognitiveServices/accounts/privateLinkResources",
+            "Microsoft.CognitiveServices/accounts/privateEndpointConnections",
+            "Microsoft.CognitiveServices/accounts/privateEndpointConnectionProxies",
+            "Microsoft.CognitiveServices/deletedAccounts",
+            "Microsoft.CognitiveServices/locations/resourceGroups",
+            "Microsoft.CognitiveServices/locations/resourceGroups/deletedAccounts",
+            "Microsoft.CognitiveServices/locations/commitmentTiers",
+            "Microsoft.CognitiveServices/locations/models",
+            "Microsoft.CognitiveServices/locations/usages",
+            "Microsoft.CognitiveServices/locations/raiContentFilters",
+            "Microsoft.CognitiveServices/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+            "Microsoft.CognitiveServices/accounts/networkSecurityPerimeterAssociationProxies",
+            "Microsoft.CognitiveServices/accounts/encryptionScopes",
+            "Microsoft.CognitiveServices/commitmentPlans",
+            "Microsoft.CognitiveServices/attestations",
+            "Microsoft.CognitiveServices/attestationDefinitions",
+            "Microsoft.Media/mediaservices",
+            "Microsoft.Media/mediaservices/assets",
+            "Microsoft.Media/mediaservices/assets/tracks",
+            "Microsoft.Media/mediaservices/assets/tracks/operationstatuses",
+            "Microsoft.Media/mediaservices/assets/tracks/operationResults",
+            "Microsoft.Media/mediaservices/contentKeyPolicies",
+            "Microsoft.Media/mediaservices/streamingLocators",
+            "Microsoft.Media/mediaservices/streamingPolicies",
+            "Microsoft.Media/mediaservices/eventGridFilters",
+            "Microsoft.Media/mediaservices/transforms",
+            "Microsoft.Media/mediaservices/transforms/jobs",
+            "Microsoft.Media/mediaservices/streamingEndpoints",
+            "Microsoft.Media/mediaservices/liveEvents",
+            "Microsoft.Media/mediaservices/liveEvents/liveOutputs",
+            "Microsoft.Media/mediaservices/streamingEndpointOperations",
+            "Microsoft.Media/mediaservices/liveEventOperations",
+            "Microsoft.Media/mediaservices/liveOutputOperations",
+            "Microsoft.Media/mediaservices/streamingendpoints/operationlocations",
+            "Microsoft.Media/mediaservices/liveevents/operationlocations",
+            "Microsoft.Media/mediaservices/liveevents/liveoutputs/operationlocations",
+            "Microsoft.Media/mediaservices/privateEndpointConnectionProxies",
+            "Microsoft.Media/mediaservices/privateEndpointConnections",
+            "Microsoft.Media/mediaservices/privateEndpointConnectionOperations",
+            "Microsoft.Media/locations/mediaServicesOperationStatuses",
+            "Microsoft.Media/locations/mediaServicesOperationResults",
+            "Microsoft.Media/mediaservices/assets/assetFilters",
+            "Microsoft.Media/mediaservices/accountFilters",
+            "Microsoft.Media/operations",
+            "Microsoft.Media/checknameavailability",
+            "Microsoft.Media/locations",
+            "Microsoft.Media/locations/checkNameAvailability",
+            "Microsoft.Web/publishingUsers",
+            "Microsoft.Web/ishostnameavailable",
+            "Microsoft.Web/validate",
+            "Microsoft.Web/isusernameavailable",
+            "Microsoft.Web/generateGithubAccessTokenForAppserviceCLI",
+            "Microsoft.Web/sourceControls",
+            "Microsoft.Web/availableStacks",
+            "Microsoft.Web/webAppStacks",
+            "Microsoft.Web/locations/webAppStacks",
+            "Microsoft.Web/functionAppStacks",
+            "Microsoft.Web/locations/functionAppStacks",
+            "Microsoft.Web/staticSites",
+            "Microsoft.Web/locations/previewStaticSiteWorkflowFile",
+            "Microsoft.Web/staticSites/userProvidedFunctionApps",
+            "Microsoft.Web/staticSites/linkedBackends",
+            "Microsoft.Web/staticSites/builds/linkedBackends",
+            "Microsoft.Web/staticSites/databaseConnections",
+            "Microsoft.Web/staticSites/builds/databaseConnections",
+            "Microsoft.Web/staticSites/builds",
+            "Microsoft.Web/staticSites/builds/userProvidedFunctionApps",
+            "Microsoft.Web/listSitesAssignedToHostName",
+            "Microsoft.Web/locations/getNetworkPolicies",
+            "Microsoft.Web/locations/operations",
+            "Microsoft.Web/locations/operationResults",
+            "Microsoft.Web/sites/networkConfig",
+            "Microsoft.Web/sites/slots/networkConfig",
+            "Microsoft.Web/sites/hostNameBindings",
+            "Microsoft.Web/sites/slots/hostNameBindings",
+            "Microsoft.Web/operations",
+            "Microsoft.Web/certificates",
+            "Microsoft.Web/serverFarms",
+            "Microsoft.Web/sites",
+            "Microsoft.Web/sites/slots",
+            "Microsoft.Web/runtimes",
+            "Microsoft.Web/recommendations",
+            "Microsoft.Web/resourceHealthMetadata",
+            "Microsoft.Web/aseregions",
+            "Microsoft.Web/georegions",
+            "Microsoft.Web/sites/premieraddons",
+            "Microsoft.Web/hostingEnvironments",
+            "Microsoft.Web/hostingEnvironments/multiRolePools",
+            "Microsoft.Web/hostingEnvironments/workerPools",
+            "Microsoft.Web/kubeEnvironments",
+            "Microsoft.Web/deploymentLocations",
+            "Microsoft.Web/deletedSites",
+            "Microsoft.Web/locations/deletedSites",
+            "Microsoft.Web/ishostingenvironmentnameavailable",
+            "Microsoft.Web/locations/deleteVirtualNetworkOrSubnets",
+            "Microsoft.Web/locations/validateDeleteVirtualNetworkOrSubnets",
+            "Microsoft.Web/connections",
+            "Microsoft.Web/customApis",
+            "Microsoft.Web/locations",
+            "Microsoft.Web/locations/listWsdlInterfaces",
+            "Microsoft.Web/locations/extractApiDefinitionFromWsdl",
+            "Microsoft.Web/locations/managedApis",
+            "Microsoft.Web/locations/runtimes",
+            "Microsoft.Web/locations/apiOperations",
+            "Microsoft.Web/connectionGateways",
+            "Microsoft.Web/locations/connectionGatewayInstallations",
+            "Microsoft.Web/checkNameAvailability",
+            "Microsoft.Web/billingMeters",
+            "Microsoft.Web/verifyHostingEnvironmentVnet",
+            "Microsoft.Web/serverFarms/eventGridFilters",
+            "Microsoft.Web/sites/eventGridFilters",
+            "Microsoft.Web/sites/slots/eventGridFilters",
+            "Microsoft.Web/hostingEnvironments/eventGridFilters",
+            "Microsoft.Web/serverFarms/firstPartyApps",
+            "Microsoft.Web/serverFarms/firstPartyApps/keyVaultSettings",
+            "Microsoft.Web/containerApps",
+            "Microsoft.Web/customhostnameSites",
+            "Microsoft.Web/locations/usages",
+            "Microsoft.Search/searchServices",
+            "Microsoft.Search/checkServiceNameAvailability",
+            "Microsoft.Search/checkNameAvailability",
+            "Microsoft.Search/resourceHealthMetadata",
+            "Microsoft.Search/operations",
+            "Microsoft.Search/locations",
+            "Microsoft.Search/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+            "Microsoft.Search/locations/usages",
+            "Microsoft.Search/locations/operationResults",
+            "Microsoft.DataLakeStore/accounts",
+            "Microsoft.DataLakeStore/accounts/firewallRules",
+            "Microsoft.DataLakeStore/accounts/eventGridFilters",
+            "Microsoft.DataLakeStore/locations",
+            "Microsoft.DataLakeStore/locations/operationresults",
+            "Microsoft.DataLakeStore/locations/checkNameAvailability",
+            "Microsoft.DataLakeStore/locations/capability",
+            "Microsoft.DataLakeStore/locations/usages",
+            "Microsoft.DataLakeStore/locations/deleteVirtualNetworkOrSubnets",
+            "Microsoft.DataLakeStore/operations",
+            "Microsoft.DataMigration/locations",
+            "Microsoft.DataMigration/services",
+            "Microsoft.DataMigration/services/projects",
+            "Microsoft.DataMigration/locations/operationResults",
+            "Microsoft.DataMigration/locations/operationStatuses",
+            "Microsoft.DataMigration/locations/checkNameAvailability",
+            "Microsoft.DataMigration/operations",
+            "Microsoft.DataMigration/migrationServices",
+            "Microsoft.DataMigration/SqlMigrationServices",
+            "Microsoft.DataMigration/DatabaseMigrations",
+            "Microsoft.DataMigration/Locations/OperationTypes",
+            "Microsoft.DataMigration/locations/migrationServiceOperationResults",
+            "Microsoft.DataMigration/Locations/sqlMigrationServiceOperationResults",
+            "Microsoft.Kusto/clusters",
+            "Microsoft.Kusto/clusters/databases",
+            "Microsoft.Kusto/clusters/attacheddatabaseconfigurations",
+            "Microsoft.Kusto/clusters/principalassignments",
+            "Microsoft.Kusto/clusters/databases/eventhubconnections",
+            "Microsoft.Kusto/clusters/databases/dataconnections",
+            "Microsoft.Kusto/clusters/databases/principalassignments",
+            "Microsoft.Kusto/locations/operationResults",
+            "Microsoft.Kusto/locations",
+            "Microsoft.Kusto/locations/checkNameAvailability",
+            "Microsoft.Kusto/locations/skus",
+            "Microsoft.Kusto/operations",
+            "Microsoft.Kusto/clusters/databases/scripts",
+            "Microsoft.Kusto/clusters/managedPrivateEndpoints",
+            "Microsoft.Kusto/clusters/sandboxCustomImages",
+            "Microsoft.ApiManagement/service",
+            "Microsoft.ApiManagement/deletedServices",
+            "Microsoft.ApiManagement/locations",
+            "Microsoft.ApiManagement/locations/deletedServices",
+            "Microsoft.ApiManagement/validateServiceName",
+            "Microsoft.ApiManagement/checkServiceNameAvailability",
+            "Microsoft.ApiManagement/checkNameAvailability",
+            "Microsoft.ApiManagement/reportFeedback",
+            "Microsoft.ApiManagement/checkFeedbackRequired",
+            "Microsoft.ApiManagement/operations",
+            "Microsoft.ApiManagement/getDomainOwnershipIdentifier",
+            "Microsoft.ApiManagement/service/eventGridFilters",
+            "Microsoft.MixedReality/locations",
+            "Microsoft.MixedReality/locations/checkNameAvailability",
+            "Microsoft.MixedReality/operations",
+            "Microsoft.MixedReality/spatialAnchorsAccounts",
+            "Microsoft.MixedReality/remoteRenderingAccounts",
+            "Microsoft.MixedReality/objectAnchorsAccounts",
+            "Microsoft.Maps/accounts",
+            "Microsoft.Maps/accounts/creators",
+            "Microsoft.Maps/accounts/eventGridFilters",
+            "Microsoft.Maps/operations",
+            "Microsoft.AVS/locations",
+            "Microsoft.AVS/locations/checkQuotaAvailability",
+            "Microsoft.AVS/locations/checkTrialAvailability",
+            "Microsoft.AVS/locations/usages",
+            "Microsoft.AVS/operations",
+            "Microsoft.AVS/privateClouds",
+            "Microsoft.AVS/privateClouds/addons",
+            "Microsoft.AVS/privateClouds/authorizations",
+            "Microsoft.AVS/privateClouds/cloudLinks",
+            "Microsoft.AVS/privateClouds/clusters",
+            "Microsoft.AVS/privateClouds/clusters/datastores",
+            "Microsoft.AVS/privateClouds/clusters/placementPolicies",
+            "Microsoft.AVS/privateClouds/clusters/virtualMachines",
+            "Microsoft.AVS/privateClouds/eventGridFilters",
+            "Microsoft.AVS/privateClouds/globalReachConnections",
+            "Microsoft.AVS/privateClouds/hcxEnterpriseSites",
+            "Microsoft.AVS/privateClouds/scriptExecutions",
+            "Microsoft.AVS/privateClouds/scriptPackages",
+            "Microsoft.AVS/privateClouds/scriptPackages/scriptCmdlets",
+            "Microsoft.AVS/privateClouds/workloadNetworks",
+            "Microsoft.AVS/privateClouds/workloadNetworks/dhcpConfigurations",
+            "Microsoft.AVS/privateClouds/workloadNetworks/dnsServices",
+            "Microsoft.AVS/privateClouds/workloadNetworks/dnsZones",
+            "Microsoft.AVS/privateClouds/workloadNetworks/gateways",
+            "Microsoft.AVS/privateClouds/workloadNetworks/portMirroringProfiles",
+            "Microsoft.AVS/privateClouds/workloadNetworks/publicIPs",
+            "Microsoft.AVS/privateClouds/workloadNetworks/segments",
+            "Microsoft.AVS/privateClouds/workloadNetworks/virtualMachines",
+            "Microsoft.AVS/privateClouds/workloadNetworks/vmGroups",
+            "Microsoft.Blueprint/blueprints",
+            "Microsoft.Blueprint/blueprints/artifacts",
+            "Microsoft.Blueprint/blueprints/versions",
+            "Microsoft.Blueprint/blueprints/versions/artifacts",
+            "Microsoft.Blueprint/blueprintAssignments",
+            "Microsoft.Blueprint/blueprintAssignments/operations",
+            "Microsoft.Blueprint/blueprintAssignments/assignmentOperations",
+            "Microsoft.Blueprint/operations",
+            "Microsoft.HealthcareApis/services",
+            "Microsoft.HealthcareApis/services/privateEndpointConnectionProxies",
+            "Microsoft.HealthcareApis/services/privateEndpointConnections",
+            "Microsoft.HealthcareApis/services/privateLinkResources",
+            "Microsoft.HealthcareApis/services/iomtconnectors",
+            "Microsoft.HealthcareApis/services/iomtconnectors/connections",
+            "Microsoft.HealthcareApis/services/iomtconnectors/mappings",
+            "Microsoft.HealthcareApis/workspaces",
+            "Microsoft.HealthcareApis/workspaces/privateEndpointConnectionProxies",
+            "Microsoft.HealthcareApis/workspaces/privateEndpointConnections",
+            "Microsoft.HealthcareApis/workspaces/privateLinkResources",
+            "Microsoft.HealthcareApis/workspaces/dicomservices",
+            "Microsoft.HealthcareApis/workspaces/iotconnectors",
+            "Microsoft.HealthcareApis/workspaces/iotconnectors/fhirdestinations",
+            "Microsoft.HealthcareApis/workspaces/fhirservices",
+            "Microsoft.HealthcareApis/workspaces/eventGridFilters",
+            "Microsoft.HealthcareApis/locations",
+            "Microsoft.HealthcareApis/locations/operationresults",
+            "Microsoft.HealthcareApis/checkNameAvailability",
+            "Microsoft.HealthcareApis/operations",
+            "Microsoft.HealthcareApis/validateMedtechMappings",
+            "Microsoft.Advisor/suppressions",
+            "Microsoft.Advisor/configurations",
+            "Microsoft.Advisor/metadata",
+            "Microsoft.Advisor/recommendations",
+            "Microsoft.Advisor/generateRecommendations",
+            "Microsoft.Advisor/operations",
+            "Microsoft.Advisor/advisorScore",
+            "Microsoft.Advisor/predict",
+            "Microsoft.MarketplaceNotifications/reviewsnotifications",
+            "Microsoft.MarketplaceNotifications/operations",
+            "Microsoft.ServiceLinker/locations",
+            "Microsoft.ServiceLinker/locations/operationStatuses",
+            "Microsoft.ServiceLinker/operations",
+            "Microsoft.ServiceLinker/linkers",
+            "Microsoft.ServiceLinker/dryruns",
+            "Microsoft.ServiceLinker/locations/connectors",
+            "Microsoft.ServiceLinker/locations/dryruns",
+            "Microsoft.ServiceLinker/configurationNames",
+            "Microsoft.ServiceLinker/daprConfigurations",
+            "Microsoft.DataProtection/BackupVaults",
+            "Microsoft.DataProtection/ResourceGuards",
+            "Microsoft.DataProtection/operations",
+            "Microsoft.DataProtection/locations",
+            "Microsoft.DataProtection/locations/operationResults",
+            "Microsoft.DataProtection/locations/operationStatus",
+            "Microsoft.DataProtection/locations/checkNameAvailability",
+            "Microsoft.DataProtection/locations/checkFeatureSupport",
+            "Microsoft.DataProtection/backupInstances",
+            "Microsoft.DataProtection/locations/fetchSecondaryRecoveryPoints",
+            "Microsoft.DataProtection/locations/fetchCrossRegionRestoreJobs",
+            "Microsoft.DataProtection/locations/fetchCrossRegionRestoreJob",
+            "Microsoft.DataProtection/locations/validateCrossRegionRestore",
+            "Microsoft.DataProtection/locations/crossRegionRestore",
+            "Microsoft.Consumption/Forecasts",
+            "Microsoft.Consumption/AggregatedCost",
+            "Microsoft.Consumption/tenants",
+            "Microsoft.Consumption/ReservationRecommendations",
+            "Microsoft.Consumption/ReservationRecommendationDetails",
+            "Microsoft.Consumption/ReservationSummaries",
+            "Microsoft.Consumption/ReservationTransactions",
+            "Microsoft.Consumption/Balances",
+            "Microsoft.Consumption/Marketplaces",
+            "Microsoft.Consumption/Pricesheets",
+            "Microsoft.Consumption/ReservationDetails",
+            "Microsoft.Consumption/Budgets",
+            "Microsoft.Consumption/CostTags",
+            "Microsoft.Consumption/Tags",
+            "Microsoft.Consumption/Terms",
+            "Microsoft.Consumption/UsageDetails",
+            "Microsoft.Consumption/Charges",
+            "Microsoft.Consumption/credits",
+            "Microsoft.Consumption/events",
+            "Microsoft.Consumption/lots",
+            "Microsoft.Consumption/products",
+            "Microsoft.Consumption/OperationStatus",
+            "Microsoft.Consumption/OperationResults",
+            "Microsoft.Consumption/Operations",
+            "Microsoft.GuestConfiguration/guestConfigurationAssignments",
+            "Microsoft.GuestConfiguration/operations",
+            "Astronomer.Astro/locations",
+            "Astronomer.Astro/operations",
+            "Astronomer.Astro/organizations",
+            "Astronomer.Astro/locations/operationStatuses",
+            "Dynatrace.Observability/operations",
+            "Dynatrace.Observability/registeredSubscriptions",
+            "Dynatrace.Observability/locations",
+            "Dynatrace.Observability/locations/operationStatuses",
+            "Dynatrace.Observability/monitors",
+            "Dynatrace.Observability/monitors/tagRules",
+            "Dynatrace.Observability/monitors/singleSignOnConfigurations",
+            "Dynatrace.Observability/checkNameAvailability",
+            "Dynatrace.Observability/getMarketplaceSaaSResourceDetails",
+            "GitHub.Network/Operations",
+            "GitHub.Network/networkSettings",
+            "GitHub.Network/registeredSubscriptions",
+            "Microsoft.AAD/DomainServices",
+            "Microsoft.AAD/DomainServices/oucontainer",
+            "Microsoft.AAD/locations",
+            "Microsoft.AAD/locations/operationresults",
+            "Microsoft.AAD/operations",
+            "Microsoft.AadCustomSecurityAttributesDiagnosticSettings/operations",
+            "Microsoft.AadCustomSecurityAttributesDiagnosticSettings/diagnosticSettings",
+            "Microsoft.AadCustomSecurityAttributesDiagnosticSettings/diagnosticSettingsCategories",
+            "microsoft.aadiam/azureADMetrics",
+            "microsoft.aadiam/privateLinkForAzureAD",
+            "microsoft.aadiam/tenants",
+            "microsoft.aadiam/operations",
+            "microsoft.aadiam/diagnosticSettings",
+            "microsoft.aadiam/diagnosticSettingsCategories",
+            "Microsoft.Addons/supportProviders",
+            "Microsoft.Addons/operations",
+            "Microsoft.Addons/operationResults",
+            "Microsoft.ADHybridHealthService/services",
+            "Microsoft.ADHybridHealthService/addsservices",
+            "Microsoft.ADHybridHealthService/configuration",
+            "Microsoft.ADHybridHealthService/operations",
+            "Microsoft.ADHybridHealthService/agents",
+            "Microsoft.ADHybridHealthService/aadsupportcases",
+            "Microsoft.ADHybridHealthService/reports",
+            "Microsoft.ADHybridHealthService/servicehealthmetrics",
+            "Microsoft.ADHybridHealthService/logs",
+            "Microsoft.ADHybridHealthService/anonymousapiusers",
+            "Microsoft.AgFoodPlatform/operations",
+            "Microsoft.AgFoodPlatform/farmBeatsExtensionDefinitions",
+            "Microsoft.AgFoodPlatform/farmBeatsSolutionDefinitions",
+            "Microsoft.AgFoodPlatform/checkNameAvailability",
+            "Microsoft.AgFoodPlatform/locations",
+            "Microsoft.AksHybrid/locations",
+            "Microsoft.AnalysisServices/servers",
+            "Microsoft.AnalysisServices/locations",
+            "Microsoft.AnalysisServices/locations/checkNameAvailability",
+            "Microsoft.AnalysisServices/locations/operationresults",
+            "Microsoft.AnalysisServices/locations/operationstatuses",
+            "Microsoft.AnalysisServices/operations",
+            "Microsoft.AnyBuild/Locations",
+            "Microsoft.AnyBuild/Locations/OperationStatuses",
+            "Microsoft.AnyBuild/clusters",
+            "Microsoft.AnyBuild/Operations",
+            "Microsoft.ApiCenter/services",
+            "Microsoft.ApiCenter/operations",
+            "Microsoft.ApiCenter/services/eventGridFilters",
+            "Microsoft.ApiSecurity/Locations",
+            "Microsoft.ApiSecurity/Locations/OperationStatuses",
+            "Microsoft.ApiSecurity/Operations",
+            "Microsoft.ApiSecurity/apiCollections",
+            "Microsoft.ApiSecurity/apiCollections/apiCollectionDetails",
+            "Microsoft.ApiSecurity/apiCollectionsMeta",
+            "Microsoft.ApiSecurity/apiCollectionsMeta/apiCollectionMetaDetails",
+            "Microsoft.App/managedEnvironments",
+            "Microsoft.App/managedEnvironments/certificates",
+            "Microsoft.App/managedEnvironments/managedCertificates",
+            "Microsoft.App/containerApps",
+            "Microsoft.App/jobs",
+            "Microsoft.App/locations",
+            "Microsoft.App/locations/managedEnvironmentOperationResults",
+            "Microsoft.App/locations/managedEnvironmentOperationStatuses",
+            "Microsoft.App/locations/containerappOperationResults",
+            "Microsoft.App/locations/containerappOperationStatuses",
+            "Microsoft.App/locations/containerappsjobOperationResults",
+            "Microsoft.App/locations/containerappsjobOperationStatuses",
+            "Microsoft.App/locations/sourceControlOperationResults",
+            "Microsoft.App/locations/sourceControlOperationStatuses",
+            "Microsoft.App/locations/usages",
+            "Microsoft.App/operations",
+            "Microsoft.App/connectedEnvironments",
+            "Microsoft.App/connectedEnvironments/certificates",
+            "Microsoft.App/locations/connectedEnvironmentOperationResults",
+            "Microsoft.App/locations/connectedEnvironmentOperationStatuses",
+            "Microsoft.App/locations/managedCertificateOperationStatuses",
+            "Microsoft.App/locations/billingMeters",
+            "Microsoft.App/locations/availableManagedEnvironmentsWorkloadProfileTypes",
+            "Microsoft.App/getCustomDomainVerificationId",
+            "Microsoft.App/builders",
+            "Microsoft.App/builders/builds",
+            "Microsoft.App/locations/OperationResults",
+            "Microsoft.App/locations/OperationStatuses",
+            "Microsoft.App/managedEnvironments/dotNetComponents",
+            "Microsoft.App/managedEnvironments/javaComponents",
+            "Microsoft.App/managedEnvironments/daprComponents",
+            "Microsoft.AppAssessment/Locations",
+            "Microsoft.AppAssessment/operations",
+            "Microsoft.AppAssessment/Locations/OperationStatuses",
+            "Microsoft.AppAssessment/Locations/osVersions",
+            "Microsoft.AppComplianceAutomation/operations",
+            "Microsoft.AppComplianceAutomation/locations",
+            "Microsoft.AppComplianceAutomation/locations/operationStatuses",
+            "Microsoft.AppComplianceAutomation/reports",
+            "Microsoft.AppComplianceAutomation/reports/snapshots",
+            "Microsoft.AppComplianceAutomation/onboard",
+            "Microsoft.AppComplianceAutomation/triggerEvaluation",
+            "Microsoft.AppComplianceAutomation/reports/webhooks",
+            "Microsoft.AppComplianceAutomation/reports/evidences",
+            "Microsoft.AppComplianceAutomation/listInUseStorageAccounts",
+            "Microsoft.AppComplianceAutomation/checkNameAvailability",
+            "Microsoft.AppComplianceAutomation/getCollectionCount",
+            "Microsoft.AppComplianceAutomation/getOverviewStatus",
+            "Microsoft.AppComplianceAutomation/reports/scopingConfigurations",
+            "Microsoft.AppConfiguration/configurationStores",
+            "Microsoft.AppConfiguration/configurationStores/keyValues",
+            "Microsoft.AppConfiguration/configurationStores/eventGridFilters",
+            "Microsoft.AppConfiguration/checkNameAvailability",
+            "Microsoft.AppConfiguration/locations/checkNameAvailability",
+            "Microsoft.AppConfiguration/locations",
+            "Microsoft.AppConfiguration/locations/operationsStatus",
+            "Microsoft.AppConfiguration/operations",
+            "Microsoft.AppConfiguration/deletedConfigurationStores",
+            "Microsoft.AppConfiguration/locations/deletedConfigurationStores",
+            "Microsoft.AppConfiguration/configurationStores/replicas",
+            "Microsoft.AppConfiguration/configurationStores/snapshots",
+            "Microsoft.AppConfiguration/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+            "Microsoft.AppSecurity/operationStatuses",
+            "Microsoft.ArcNetworking/locations",
+            "Microsoft.ArcNetworking/locations/operationStatuses",
+            "Microsoft.ArcNetworking/arcNwLoadBalancers",
+            "Microsoft.Attestation/attestationProviders",
+            "Microsoft.Attestation/defaultProviders",
+            "Microsoft.Attestation/locations",
+            "Microsoft.Attestation/locations/defaultProvider",
+            "Microsoft.Attestation/operations",
+            "Microsoft.Authorization/roleAssignmentScheduleRequests",
+            "Microsoft.Authorization/roleEligibilityScheduleRequests",
+            "Microsoft.Authorization/roleAssignmentSchedules",
+            "Microsoft.Authorization/roleEligibilitySchedules",
+            "Microsoft.Authorization/roleAssignmentScheduleInstances",
+            "Microsoft.Authorization/roleEligibilityScheduleInstances",
+            "Microsoft.Authorization/roleManagementPolicies",
+            "Microsoft.Authorization/roleManagementPolicyAssignments",
+            "Microsoft.Authorization/eligibleChildResources",
+            "Microsoft.Authorization/roleManagementAlerts",
+            "Microsoft.Authorization/roleManagementAlertConfigurations",
+            "Microsoft.Authorization/roleManagementAlertDefinitions",
+            "Microsoft.Authorization/roleManagementAlertOperations",
+            "Microsoft.Authorization/roleAssignments",
+            "Microsoft.Authorization/roleDefinitions",
+            "Microsoft.Authorization/classicAdministrators",
+            "Microsoft.Authorization/permissions",
+            "Microsoft.Authorization/denyAssignments",
+            "Microsoft.Authorization/locks",
+            "Microsoft.Authorization/operations",
+            "Microsoft.Authorization/policyDefinitions",
+            "Microsoft.Authorization/policyDefinitions/versions",
+            "Microsoft.Authorization/policySetDefinitions",
+            "Microsoft.Authorization/policySetDefinitions/versions",
+            "Microsoft.Authorization/policyAssignments",
+            "Microsoft.Authorization/policyExemptions",
+            "Microsoft.Authorization/listPolicyDefinitionVersions",
+            "Microsoft.Authorization/listPolicySetDefinitionVersions",
+            "Microsoft.Authorization/dataAliases",
+            "Microsoft.Authorization/dataPolicyManifests",
+            "Microsoft.Authorization/providerOperations",
+            "Microsoft.Authorization/elevateAccess",
+            "Microsoft.Authorization/checkAccess",
+            "Microsoft.Authorization/batchResourceCheckAccess",
+            "Microsoft.Authorization/findOrphanRoleAssignments",
+            "Microsoft.Authorization/roleAssignmentsUsageMetrics",
+            "Microsoft.Authorization/accessReviewScheduleDefinitions",
+            "Microsoft.Authorization/accessReviewScheduleSettings",
+            "Microsoft.Authorization/accessReviewHistoryDefinitions",
+            "Microsoft.Authorization/roleAssignmentApprovals",
+            "Microsoft.Authorization/privateLinkAssociations",
+            "Microsoft.Authorization/resourceManagementPrivateLinks",
+            "Microsoft.Authorization/EnablePrivateLinkNetworkAccess",
+            "Microsoft.Authorization/operationStatus",
+            "Microsoft.Authorization/diagnosticSettings",
+            "Microsoft.Authorization/diagnosticSettingsCategories",
+            "Microsoft.Automanage/configurationProfileAssignments",
+            "Microsoft.Automanage/configurationProfiles",
+            "Microsoft.Automanage/configurationProfiles/versions",
+            "Microsoft.Automanage/bestPractices",
+            "Microsoft.Automanage/bestPractices/versions",
+            "Microsoft.Automanage/operations",
+            "Microsoft.Automanage/servicePrincipals",
+            "Microsoft.AutonomousDevelopmentPlatform/operations",
+            "Microsoft.AutonomousDevelopmentPlatform/locations",
+            "Microsoft.AutonomousDevelopmentPlatform/locations/operationstatuses",
+            "Microsoft.AutonomousDevelopmentPlatform/checknameavailability",
+            "Microsoft.AutonomousDevelopmentPlatform/workspaces/eventgridfilters",
+            "Microsoft.AwsConnector/Locations",
+            "Microsoft.AwsConnector/Operations",
+            "Microsoft.AzureActiveDirectory/ciamDirectories",
+            "Microsoft.AzureActiveDirectory/guestUsages",
+            "Microsoft.AzureActiveDirectory/b2cDirectories",
+            "Microsoft.AzureActiveDirectory/checkNameAvailability",
+            "Microsoft.AzureActiveDirectory/operations",
+            "Microsoft.AzureActiveDirectory/b2ctenants",
+            "Microsoft.AzureActiveDirectory/operationStatuses",
+            "Microsoft.AzureArcData/Locations",
+            "Microsoft.AzureArcData/Locations/OperationStatuses",
+            "Microsoft.AzureArcData/DataControllers",
+            "Microsoft.AzureArcData/SqlManagedInstances",
+            "Microsoft.AzureArcData/PostgresInstances",
+            "Microsoft.AzureArcData/SqlServerInstances",
+            "Microsoft.AzureArcData/Operations",
+            "Microsoft.AzureArcData/DataControllers/ActiveDirectoryConnectors",
+            "Microsoft.AzureArcData/SqlServerInstances/Databases",
+            "Microsoft.AzureArcData/SqlManagedInstances/FailoverGroups",
+            "Microsoft.AzureArcData/SqlServerInstances/AvailabilityGroups",
+            "Microsoft.AzureFleet/locations",
+            "Microsoft.AzureLargeInstance/azureLargeInstances",
+            "Microsoft.AzureLargeInstance/azureLargeStorageInstances",
+            "Microsoft.AzureLargeInstance/locations",
+            "Microsoft.AzureLargeInstance/locations/operationsStatus",
+            "Microsoft.AzureLargeInstance/operations",
+            "Microsoft.AzurePercept/checkNameAvailability",
+            "Microsoft.AzurePercept/operations",
+            "Microsoft.AzurePlaywrightService/operations",
+            "Microsoft.AzurePlaywrightService/checkNameAvailability",
+            "Microsoft.AzurePlaywrightService/Locations",
+            "Microsoft.AzurePlaywrightService/Locations/OperationStatuses",
+            "Microsoft.AzurePlaywrightService/accounts",
+            "Microsoft.AzurePlaywrightService/registeredSubscriptions",
+            "Microsoft.AzurePlaywrightService/Locations/Quotas",
+            "Microsoft.AzureScan/scanningAccounts",
+            "Microsoft.AzureScan/locations",
+            "Microsoft.AzureScan/locations/OperationStatuses",
+            "Microsoft.AzureScan/Operations",
+            "Microsoft.AzureScan/checkNameAvailability",
+            "Microsoft.AzureSphere/catalogs",
+            "Microsoft.AzureSphere/catalogs/products",
+            "Microsoft.AzureSphere/catalogs/products/devicegroups",
+            "Microsoft.AzureSphere/locations",
+            "Microsoft.AzureSphere/catalogs/certificates",
+            "Microsoft.AzureSphere/catalogs/images",
+            "Microsoft.AzureSphere/operations",
+            "Microsoft.AzureSphere/locations/operationStatuses",
+            "Microsoft.AzureSphere/catalogs/products/devicegroups/devices",
+            "Microsoft.AzureSphere/catalogs/products/devicegroups/deployments",
+            "Microsoft.AzureStack/operations",
+            "Microsoft.AzureStack/registrations",
+            "Microsoft.AzureStack/registrations/products",
+            "Microsoft.AzureStack/registrations/customerSubscriptions",
+            "Microsoft.AzureStack/cloudManifestFiles",
+            "Microsoft.AzureStack/linkedSubscriptions",
+            "Microsoft.AzureStack/generateDeploymentLicense",
+            "Microsoft.AzureStackHCI/operations",
+            "Microsoft.AzureStackHCI/locations",
+            "Microsoft.AzureStackHCI/locations/operationstatuses",
+            "Microsoft.AzureStackHCI/galleryImages",
+            "Microsoft.AzureStackHCI/networkInterfaces",
+            "Microsoft.AzureStackHCI/virtualMachines",
+            "Microsoft.AzureStackHCI/virtualNetworks",
+            "Microsoft.AzureStackHCI/virtualHardDisks",
+            "Microsoft.AzureStackHCI/clusters",
+            "Microsoft.AzureStackHCI/clusters/arcSettings",
+            "Microsoft.AzureStackHCI/clusters/arcSettings/extensions",
+            "Microsoft.AzureStackHCI/virtualMachines/extensions",
+            "Microsoft.AzureStackHCI/virtualMachines/hybrididentitymetadata",
+            "Microsoft.AzureStackHCI/clusters/publishers",
+            "Microsoft.AzureStackHCI/clusters/offers",
+            "Microsoft.AzureStackHCI/clusters/publishers/offers",
+            "Microsoft.AzureStackHCI/clusters/publishers/offers/skus",
+            "Microsoft.AzureStackHCI/marketplaceGalleryImages",
+            "Microsoft.AzureStackHCI/storageContainers",
+            "Microsoft.AzureStackHCI/clusters/updates",
+            "Microsoft.AzureStackHCI/clusters/updates/updateRuns",
+            "Microsoft.AzureStackHCI/clusters/updateSummaries",
+            "Microsoft.AzureStackHCI/registeredSubscriptions",
+            "Microsoft.AzureStackHCI/virtualMachineInstances",
+            "Microsoft.AzureStackHCI/clusters/deploymentSettings",
+            "Microsoft.AzureStackHCI/edgeDevices",
+            "Microsoft.AzureStackHCI/logicalNetworks",
+            "Microsoft.AzureStackHCI/clusters/securitySettings",
+            "Microsoft.BackupSolutions/VMwareApplications",
+            "Microsoft.BackupSolutions/locations",
+            "Microsoft.BackupSolutions/locations/operationstatuses",
+            "Microsoft.BackupSolutions/operations",
+            "Microsoft.BareMetal/bareMetalConnections",
+            "Microsoft.BareMetal/operations",
+            "Microsoft.BareMetal/locations",
+            "Microsoft.BareMetal/locations/operationResults",
+            "Microsoft.BareMetal/utilization",
+            "Microsoft.BareMetalInfrastructure/bareMetalInstances",
+            "Microsoft.BareMetalInfrastructure/bareMetalStorageInstances",
+            "Microsoft.BareMetalInfrastructure/locations",
+            "Microsoft.BareMetalInfrastructure/locations/operationsStatus",
+            "Microsoft.BareMetalInfrastructure/operations",
+            "Microsoft.Batch/batchAccounts",
+            "Microsoft.Batch/batchAccounts/pools",
+            "Microsoft.Batch/batchAccounts/detectors",
+            "Microsoft.Batch/batchAccounts/certificates",
+            "Microsoft.Batch/batchAccounts/operationResults",
+            "Microsoft.Batch/batchAccounts/poolOperationResults",
+            "Microsoft.Batch/batchAccounts/certificateOperationResults",
+            "Microsoft.Batch/batchAccounts/privateEndpointConnectionProxyResults",
+            "Microsoft.Batch/batchAccounts/privateEndpointConnectionResults",
+            "Microsoft.Batch/operations",
+            "Microsoft.Batch/locations",
+            "Microsoft.Batch/locations/quotas",
+            "Microsoft.Batch/locations/checkNameAvailability",
+            "Microsoft.Batch/locations/accountOperationResults",
+            "Microsoft.Batch/locations/virtualMachineSkus",
+            "Microsoft.Batch/locations/cloudServiceSkus",
+            "Microsoft.Billing/billingPeriods",
+            "Microsoft.Billing/invoices",
+            "Microsoft.Billing/enrollmentAccounts",
+            "Microsoft.Billing/permissionRequests",
+            "Microsoft.Billing/billingAccounts/permissionRequests",
+            "Microsoft.Billing/billingAccounts/associatedTenants",
+            "Microsoft.Billing/billingRoleDefinitions",
+            "Microsoft.Billing/billingRoleAssignments",
+            "Microsoft.Billing/createBillingRoleAssignment",
+            "Microsoft.Billing/billingAccounts/createBillingRoleAssignment",
+            "Microsoft.Billing/billingAccounts/signAgreement",
+            "Microsoft.Billing/billingAccounts/previewAgreements",
+            "Microsoft.Billing/billingAccounts/billingProfiles/createBillingRoleAssignment",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/createBillingRoleAssignment",
+            "Microsoft.Billing/billingAccounts/customers/createBillingRoleAssignment",
+            "Microsoft.Billing/billingPermissions",
+            "Microsoft.Billing/billingAccounts/billingRoleDefinitions",
+            "Microsoft.Billing/billingAccounts/billingRoleAssignments",
+            "Microsoft.Billing/billingAccounts/billingPermissions",
+            "Microsoft.Billing/billingAccounts",
+            "Microsoft.Billing/billingAccounts/billingProfilesSummaries",
+            "Microsoft.Billing/billingAccounts/billingProfiles/billingRoleDefinitions",
+            "Microsoft.Billing/billingAccounts/billingProfiles/billingRoleAssignments",
+            "Microsoft.Billing/billingAccounts/billingProfiles/billingPermissions",
+            "Microsoft.Billing/billingAccounts/customers",
+            "Microsoft.Billing/billingAccounts/billingProfiles/customers",
+            "Microsoft.Billing/billingAccounts/billingProfiles/instructions",
+            "Microsoft.Billing/billingAccounts/customers/billingSubscriptions",
+            "Microsoft.Billing/billingAccounts/customers/products",
+            "Microsoft.Billing/billingAccounts/customers/transactions",
+            "Microsoft.Billing/billingAccounts/invoiceSections",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/billingRoleDefinitions",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/billingRoleAssignments",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/billingPermissions",
+            "Microsoft.Billing/billingAccounts/customers/billingRoleDefinitions",
+            "Microsoft.Billing/billingAccounts/billingProfiles/customers/billingRoleDefinitions",
+            "Microsoft.Billing/billingAccounts/customers/billingRoleAssignments",
+            "Microsoft.Billing/billingAccounts/billingProfiles/customers/billingRoleAssignments",
+            "Microsoft.Billing/billingAccounts/customers/billingPermissions",
+            "Microsoft.Billing/billingAccounts/billingProfiles/customers/billingPermissions",
+            "Microsoft.Billing/billingAccounts/invoiceSections/elevate",
+            "Microsoft.Billing/billingAccounts/createInvoiceSectionOperations",
+            "Microsoft.Billing/billingAccounts/patchOperations",
+            "Microsoft.Billing/billingAccounts/invoiceSections/patchOperations",
+            "Microsoft.Billing/billingAccounts/invoiceSections/productMoveOperations",
+            "Microsoft.Billing/billingAccounts/invoiceSections/billingSubscriptionMoveOperations",
+            "Microsoft.Billing/billingAccounts/listInvoiceSectionsWithCreateSubscriptionPermission",
+            "Microsoft.Billing/billingAccounts/billingProfiles",
+            "Microsoft.Billing/billingAccounts/BillingProfiles/patchOperations",
+            "Microsoft.Billing/departments",
+            "Microsoft.Billing/billingAccounts/departments",
+            "Microsoft.Billing/billingAccounts/billingProfiles/departments",
+            "Microsoft.Billing/billingAccounts/notificationContacts",
+            "Microsoft.Billing/billingAccounts/billingProfiles/notificationContacts",
+            "Microsoft.Billing/billingAccounts/departments/billingRoleDefinitions",
+            "Microsoft.Billing/billingAccounts/billingProfiles/departments/billingRoleDefinitions",
+            "Microsoft.Billing/billingAccounts/departments/billingRoleAssignments",
+            "Microsoft.Billing/billingAccounts/billingProfiles/departments/billingRoleAssignments",
+            "Microsoft.Billing/billingAccounts/departments/billingPermissions",
+            "Microsoft.Billing/billingAccounts/billingProfiles/departments/billingPermissions",
+            "Microsoft.Billing/billingAccounts/enrollmentAccounts",
+            "Microsoft.Billing/billingAccounts/departments/enrollmentAccounts",
+            "Microsoft.Billing/billingAccounts/billingProfiles/enrollmentAccounts",
+            "Microsoft.Billing/billingAccounts/billingProfiles/departments/enrollmentAccounts",
+            "Microsoft.Billing/billingAccounts/enrollmentAccounts/billingRoleDefinitions",
+            "Microsoft.Billing/billingAccounts/enrollmentAccounts/billingRoleAssignments",
+            "Microsoft.Billing/billingAccounts/enrollmentAccounts/billingPermissions",
+            "Microsoft.Billing/billingAccounts/billingProfiles/enrollmentAccounts/billingPermissions",
+            "Microsoft.Billing/billingAccounts/enrollmentAccounts/billingSubscriptions",
+            "Microsoft.Billing/billingAccounts/departments/billingSubscriptions",
+            "Microsoft.Billing/billingAccounts/billingProfiles/paymentMethods",
+            "Microsoft.Billing/billingAccounts/availableBalance",
+            "Microsoft.Billing/billingAccounts/billingProfiles/availableBalance",
+            "Microsoft.Billing/billingAccounts/invoices",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoices",
+            "Microsoft.Billing/billingAccounts/transactions",
+            "Microsoft.Billing/billingAccounts/billingProfiles/transactions",
+            "Microsoft.Billing/billingAccounts/invoiceSections/transactions",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/transactions",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoices/transactions",
+            "Microsoft.Billing/billingAccounts/invoices/transactions",
+            "Microsoft.Billing/billingAccounts/invoices/summary",
+            "Microsoft.Billing/billingAccounts/billingProfiles/validateDeleteBillingProfileEligibility",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/validateDeleteInvoiceSectionEligibility",
+            "Microsoft.Billing/billingAccounts/invoices/transactionSummary",
+            "Microsoft.Billing/billingAccounts/billingSubscriptions",
+            "Microsoft.Billing/billingAccounts/billingSubscriptionAliases",
+            "Microsoft.Billing/billingAccounts/billingSubscriptions/invoices",
+            "Microsoft.Billing/billingAccounts/billingSubscriptions/policies",
+            "Microsoft.Billing/billingAccounts/billingProfiles/billingSubscriptions",
+            "Microsoft.Billing/billingAccounts/billingProfiles/departments/billingSubscriptions",
+            "Microsoft.Billing/billingAccounts/billingProfiles/enrollmentAccounts/billingSubscriptions",
+            "Microsoft.Billing/billingAccounts/invoiceSections/billingSubscriptions",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/billingSubscriptions",
+            "Microsoft.Billing/billingAccounts/invoiceSections/products",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/products",
+            "Microsoft.Billing/billingAccounts/invoiceSections/products/updateAutoRenew",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/products/updateAutoRenew",
+            "Microsoft.Billing/billingAccounts/billingProfiles/products",
+            "Microsoft.Billing/billingAccounts/products",
+            "Microsoft.Billing/operations",
+            "Microsoft.Billing/billingAccounts/invoiceSections/initiateTransfer",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/initiateTransfer",
+            "Microsoft.Billing/billingAccounts/invoiceSections/transfers",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/transfers",
+            "Microsoft.Billing/transfers/acceptTransfer",
+            "Microsoft.Billing/transfers",
+            "Microsoft.Billing/transfers/declineTransfer",
+            "Microsoft.Billing/transfers/validateTransfer",
+            "Microsoft.Billing/billingAccounts/customers/initiateTransfer",
+            "Microsoft.Billing/billingAccounts/customers/transfers",
+            "Microsoft.Billing/billingAccounts/customers/transferSupportedAccounts",
+            "Microsoft.Billing/billingProperty",
+            "Microsoft.Billing/policies",
+            "Microsoft.Billing/billingAccounts/policies",
+            "Microsoft.Billing/billingAccounts/billingProfiles/policies",
+            "Microsoft.Billing/billingAccounts/customers/policies",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoices/pricesheet",
+            "Microsoft.Billing/billingAccounts/billingProfiles/pricesheet",
+            "Microsoft.Billing/billingAccounts/invoiceSections/billingSubscriptions/transfer",
+            "Microsoft.Billing/billingAccounts/invoiceSections/products/transfer",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/products/transfer",
+            "Microsoft.Billing/billingAccounts/invoiceSections/productTransfersResults",
+            "Microsoft.Billing/billingAccounts/agreements",
+            "Microsoft.Billing/billingAccounts/lineOfCredit",
+            "Microsoft.Billing/billingAccounts/paymentMethods",
+            "Microsoft.Billing/paymentMethods",
+            "Microsoft.Billing/billingAccounts/billingProfiles/paymentMethodLinks",
+            "Microsoft.Billing/billingAccounts/payableOverage",
+            "Microsoft.Billing/billingAccounts/payNow",
+            "Microsoft.Billing/billingAccounts/reservationOrders",
+            "Microsoft.Billing/billingAccounts/reservationOrders/reservations",
+            "Microsoft.Billing/billingAccounts/reservations",
+            "Microsoft.Billing/billingAccounts/billingProfiles/reservations",
+            "Microsoft.Billing/billingAccounts/billingProfiles/validateDetachPaymentMethodEligibility",
+            "Microsoft.Billing/validateAddress",
+            "Microsoft.Billing/promotions",
+            "Microsoft.Billing/promotions/checkeligibility",
+            "Microsoft.Billing/billingAccounts/billingSubscriptions/elevateRole",
+            "Microsoft.Billing/billingAccounts/appliedReservationOrders",
+            "Microsoft.Billing/promotionalCredits",
+            "Microsoft.Billing/billingAccounts/promotionalCredits",
+            "Microsoft.Billing/billingAccounts/savingsPlanOrders/savingsPlans",
+            "Microsoft.Billing/billingAccounts/savingsPlanOrders",
+            "Microsoft.Billing/billingAccounts/savingsPlans",
+            "Microsoft.Billing/billingAccounts/alerts",
+            "Microsoft.Billing/billingAccounts/billingProfiles/alerts",
+            "Microsoft.Billing/billingAccounts/listProductRecommendations",
+            "Microsoft.Billing/billingAccounts/incentiveSchedules",
+            "Microsoft.Billing/billingAccounts/incentiveSchedules/milestones",
+            "Microsoft.Billing/operationStatus",
+            "Microsoft.Billing/transfers/operationStatus",
+            "Microsoft.Billing/operationResults",
+            "Microsoft.Billing/billingAccounts/operationResults",
+            "Microsoft.Billing/billingAccounts/billingProfiles/invoices/operationResults",
+            "Microsoft.Billing/billingAccounts/billingProfiles/pricesheetDownloadOperations",
+            "Microsoft.Billing/billingAccounts/billingSubscriptions/operationResults",
+            "Microsoft.Billing/billingAccounts/billingSubscriptions/invoices/operationResults",
+            "Microsoft.Billing/billingAccounts/enrollmentAccounts/activationStatus",
+            "Microsoft.Billing/billingAccounts/invoices/operationResults",
+            "Microsoft.Billing/promotionalCredits/operationResults",
+            "Microsoft.Billing/billingAccounts/addresses",
+            "Microsoft.BillingBenefits/savingsPlanOrders",
+            "Microsoft.BillingBenefits/savingsPlanOrders/savingsPlans",
+            "Microsoft.BillingBenefits/savingsPlanOrders/return",
+            "Microsoft.BillingBenefits/validate",
+            "Microsoft.BillingBenefits/calculateMigrationCost",
+            "Microsoft.BillingBenefits/operationResults",
+            "Microsoft.BillingBenefits/operations",
+            "Microsoft.BillingBenefits/savingsPlanOrderAliases",
+            "Microsoft.BillingBenefits/reservationOrderAliases",
+            "Microsoft.BillingBenefits/savingsPlans",
+            "Microsoft.BillingBenefits/incentiveSchedules",
+            "Microsoft.BillingBenefits/incentiveSchedules/milestones",
+            "Microsoft.BillingBenefits/maccs",
+            "Microsoft.BillingBenefits/maccs/contributors",
+            "Microsoft.BillingBenefits/listSellerResources",
+            "Microsoft.BillingBenefits/credits",
+            "Microsoft.Bing/locations",
+            "Microsoft.Bing/accounts/skus",
+            "Microsoft.Bing/accounts/usages",
+            "Microsoft.Bing/registeredSubscriptions",
+            "Microsoft.Bing/operations",
+            "Microsoft.Bing/locations/operationStatuses",
+            "Microsoft.Bing/accounts",
+            "Microsoft.BlockchainTokens/Operations",
+            "Microsoft.Capacity/resourceProviders",
+            "Microsoft.Capacity/resourceProviders/locations",
+            "Microsoft.Capacity/resourceProviders/locations/serviceLimits",
+            "Microsoft.Capacity/resourceProviders/locations/serviceLimitsRequests",
+            "Microsoft.Capacity/resources",
+            "Microsoft.Capacity/reservationOrders",
+            "Microsoft.Capacity/reservationOrders/reservations",
+            "Microsoft.Capacity/listbenefits",
+            "Microsoft.Capacity/reservations",
+            "Microsoft.Capacity/reservationOrders/reservations/revisions",
+            "Microsoft.Capacity/operations",
+            "Microsoft.Capacity/catalogs",
+            "Microsoft.Capacity/appliedReservations",
+            "Microsoft.Capacity/checkOffers",
+            "Microsoft.Capacity/checkScopes",
+            "Microsoft.Capacity/calculatePrice",
+            "Microsoft.Capacity/calculateExchange",
+            "Microsoft.Capacity/exchange",
+            "Microsoft.Capacity/reservationOrders/calculateRefund",
+            "Microsoft.Capacity/reservationOrders/return",
+            "Microsoft.Capacity/reservationOrders/split",
+            "Microsoft.Capacity/reservationOrders/merge",
+            "Microsoft.Capacity/reservationOrders/swap",
+            "Microsoft.Capacity/reservationOrders/changeDirectory",
+            "Microsoft.Capacity/validateReservationOrder",
+            "Microsoft.Capacity/reservationOrders/availableScopes",
+            "Microsoft.Capacity/reservationOrders/reservations/availableScopes",
+            "Microsoft.Capacity/commercialReservationOrders",
+            "Microsoft.Capacity/calculatePurchasePrice",
+            "Microsoft.Capacity/placePurchaseOrder",
+            "Microsoft.Capacity/checkPurchaseStatus",
+            "Microsoft.Capacity/ownReservations",
+            "Microsoft.Capacity/operationResults",
+            "Microsoft.Capacity/listSkus",
+            "Microsoft.Capacity/checkBenefitScopes",
+            "Microsoft.Carbon/carbonEmissionReports",
+            "Microsoft.Carbon/queryCarbonEmissionDataAvailableDateRange",
+            "Microsoft.Carbon/operations",
+            "Microsoft.CertificateRegistration/certificateOrders",
+            "Microsoft.CertificateRegistration/certificateOrders/certificates",
+            "Microsoft.CertificateRegistration/validateCertificateRegistrationInformation",
+            "Microsoft.CertificateRegistration/operations",
+            "Microsoft.Certify/operations",
+            "Microsoft.ChangeAnalysis/operations",
+            "Microsoft.ChangeAnalysis/resourceChanges",
+            "Microsoft.ChangeAnalysis/changes",
+            "Microsoft.ChangeAnalysis/changeSnapshots",
+            "Microsoft.ChangeAnalysis/computeChanges",
+            "Microsoft.Chaos/operations",
+            "Microsoft.Chaos/targets",
+            "Microsoft.Chaos/locations",
+            "Microsoft.Chaos/locations/targetTypes",
+            "Microsoft.Chaos/experiments",
+            "Microsoft.Chaos/locations/operationStatuses",
+            "Microsoft.Chaos/locations/operationResults",
+            "Microsoft.Chaos/privateAccesses",
+            "Microsoft.ClassicCompute/domainNames",
+            "Microsoft.ClassicCompute/domainNames/internalLoadBalancers",
+            "Microsoft.ClassicCompute/checkDomainNameAvailability",
+            "Microsoft.ClassicCompute/domainNames/slots",
+            "Microsoft.ClassicCompute/domainNames/slots/roles",
+            "Microsoft.ClassicCompute/domainNames/slots/roles/metricDefinitions",
+            "Microsoft.ClassicCompute/domainNames/slots/roles/metrics",
+            "Microsoft.ClassicCompute/virtualMachines",
+            "Microsoft.ClassicCompute/capabilities",
+            "Microsoft.ClassicCompute/domainNames/capabilities",
+            "Microsoft.ClassicCompute/domainNames/serviceCertificates",
+            "Microsoft.ClassicCompute/quotas",
+            "Microsoft.ClassicCompute/virtualMachines/diagnosticSettings",
+            "Microsoft.ClassicCompute/virtualMachines/metricDefinitions",
+            "Microsoft.ClassicCompute/virtualMachines/metrics",
+            "Microsoft.ClassicCompute/operations",
+            "Microsoft.ClassicCompute/resourceTypes",
+            "Microsoft.ClassicCompute/moveSubscriptionResources",
+            "Microsoft.ClassicCompute/validateSubscriptionMoveAvailability",
+            "Microsoft.ClassicCompute/operationStatuses",
+            "Microsoft.ClassicCompute/operatingSystems",
+            "Microsoft.ClassicCompute/operatingSystemFamilies",
+            "Microsoft.ClassicInfrastructureMigrate/classicInfrastructureResources",
+            "Microsoft.ClassicNetwork/virtualNetworks",
+            "Microsoft.ClassicNetwork/virtualNetworks/virtualNetworkPeerings",
+            "Microsoft.ClassicNetwork/virtualNetworks/remoteVirtualNetworkPeeringProxies",
+            "Microsoft.ClassicNetwork/reservedIps",
+            "Microsoft.ClassicNetwork/quotas",
+            "Microsoft.ClassicNetwork/gatewaySupportedDevices",
+            "Microsoft.ClassicNetwork/operations",
+            "Microsoft.ClassicNetwork/networkSecurityGroups",
+            "Microsoft.ClassicNetwork/capabilities",
+            "Microsoft.ClassicNetwork/expressRouteCrossConnections",
+            "Microsoft.ClassicNetwork/expressRouteCrossConnections/peerings",
+            "Microsoft.ClassicStorage/storageAccounts",
+            "Microsoft.ClassicStorage/quotas",
+            "Microsoft.ClassicStorage/checkStorageAccountAvailability",
+            "Microsoft.ClassicStorage/storageAccounts/services",
+            "Microsoft.ClassicStorage/storageAccounts/services/diagnosticSettings",
+            "Microsoft.ClassicStorage/storageAccounts/services/metricDefinitions",
+            "Microsoft.ClassicStorage/storageAccounts/services/metrics",
+            "Microsoft.ClassicStorage/storageAccounts/metricDefinitions",
+            "Microsoft.ClassicStorage/storageAccounts/metrics",
+            "Microsoft.ClassicStorage/capabilities",
+            "Microsoft.ClassicStorage/storageAccounts/blobServices",
+            "Microsoft.ClassicStorage/storageAccounts/tableServices",
+            "Microsoft.ClassicStorage/storageAccounts/fileServices",
+            "Microsoft.ClassicStorage/storageAccounts/queueServices",
+            "Microsoft.ClassicStorage/disks",
+            "Microsoft.ClassicStorage/images",
+            "Microsoft.ClassicStorage/vmImages",
+            "Microsoft.ClassicStorage/storageAccounts/vmImages",
+            "Microsoft.ClassicStorage/publicImages",
+            "Microsoft.ClassicStorage/osImages",
+            "Microsoft.ClassicStorage/osPlatformImages",
+            "Microsoft.ClassicStorage/operations",
+            "Microsoft.ClassicSubscription/operations",
+            "Microsoft.CleanRoom/Locations",
+            "Microsoft.CleanRoom/Operations",
+            "Microsoft.CleanRoom/Locations/OperationStatuses",
+            "Microsoft.CloudHealth/Locations",
+            "Microsoft.CloudHealth/Locations/operationstatuses",
+            "Microsoft.CloudHealth/Operations",
+            "Microsoft.CloudShell/operations",
+            "Microsoft.CloudTest/accounts",
+            "Microsoft.CloudTest/pools",
+            "Microsoft.CloudTest/hostedpools",
+            "Microsoft.CloudTest/images",
+            "Microsoft.CloudTest/operations",
+            "Microsoft.CloudTest/locations",
+            "Microsoft.CloudTest/locations/operations",
+            "Microsoft.CodeSigning/Locations",
+            "Microsoft.CodeSigning/Locations/OperationStatuses",
+            "Microsoft.CodeSigning/Operations",
+            "Microsoft.CodeSigning/checkNameAvailability",
+            "Microsoft.Commerce/UsageAggregates",
+            "Microsoft.Commerce/RateCard",
+            "Microsoft.Commerce/operations",
+            "Microsoft.Communication/Locations",
+            "Microsoft.Communication/CommunicationServices",
+            "Microsoft.Communication/CommunicationServices/eventGridFilters",
+            "Microsoft.Communication/operations",
+            "Microsoft.Communication/registeredSubscriptions",
+            "Microsoft.Communication/locations/operationStatuses",
+            "Microsoft.Communication/CheckNameAvailability",
+            "Microsoft.Communication/EmailServices",
+            "Microsoft.Communication/EmailServices/Domains",
+            "Microsoft.Communication/EmailServices/Domains/SenderUsernames",
+            "Microsoft.Community/communityTrainings",
+            "Microsoft.Community/Operations",
+            "Microsoft.Community/Locations",
+            "Microsoft.Community/Locations/OperationStatuses",
+            "Microsoft.ComputeSchedule/Locations",
+            "Microsoft.ConfidentialLedger/Locations",
+            "Microsoft.ConfidentialLedger/Ledgers",
+            "Microsoft.ConfidentialLedger/checkNameAvailability",
+            "Microsoft.ConfidentialLedger/Locations/operations",
+            "Microsoft.ConfidentialLedger/Locations/operationstatuses",
+            "Microsoft.ConfidentialLedger/ManagedCCFs",
+            "Microsoft.ConfidentialLedger/operations",
+            "Microsoft.Confluent/operations",
+            "Microsoft.Confluent/locations",
+            "Microsoft.Confluent/locations/OperationStatuses",
+            "Microsoft.Confluent/organizations",
+            "Microsoft.Confluent/checkNameAvailability",
+            "Microsoft.Confluent/agreements",
+            "Microsoft.Confluent/validations",
+            "Microsoft.Confluent/organizations/access",
+            "Microsoft.Confluent/organizations/access/deleteRoleBinding",
+            "Microsoft.Confluent/organizations/environments",
+            "Microsoft.Confluent/organizations/environments/clusters",
+            "Microsoft.Confluent/organizations/environments/schemaRegistryClusters",
+            "Microsoft.Confluent/organizations/environments/clusters/createAPIKey",
+            "Microsoft.Confluent/organizations/apiKeys",
+            "Microsoft.Confluent/organizations/listRegions",
+            "Microsoft.ConnectedCache/cacheNodes",
+            "Microsoft.ConnectedCache/enterpriseCustomers",
+            "Microsoft.ConnectedCache/Operations",
+            "Microsoft.ConnectedCache/locations",
+            "Microsoft.ConnectedCache/locations/operationstatuses",
+            "Microsoft.ConnectedCache/ispCustomers",
+            "Microsoft.ConnectedCache/ispCustomers/ispCacheNodes",
+            "Microsoft.ConnectedCache/enterpriseMccCustomers",
+            "Microsoft.ConnectedCache/enterpriseMccCustomers/enterpriseMccCacheNodes",
+            "Microsoft.ConnectedCache/registeredSubscriptions",
+            "Microsoft.ConnectedCredentials/locations",
+            "Microsoft.ConnectedCredentials/locations/operationstatuses",
+            "Microsoft.ConnectedCredentials/credentials",
+            "Microsoft.ConnectedCredentials/operations",
+            "microsoft.connectedopenstack/operations",
+            "microsoft.connectedopenstack/locations",
+            "microsoft.connectedopenstack/locations/operationStatuses",
+            "Microsoft.ConnectedVehicle/locations",
+            "Microsoft.ConnectedVehicle/operations",
+            "Microsoft.ConnectedVehicle/Locations/OperationStatuses",
+            "Microsoft.ConnectedVehicle/checkNameAvailability",
+            "Microsoft.ConnectedVehicle/registeredSubscriptions",
+            "Microsoft.ConnectedVMwarevSphere/locations",
+            "Microsoft.ConnectedVMwarevSphere/locations/operationstatuses",
+            "Microsoft.ConnectedVMwarevSphere/VCenters",
+            "Microsoft.ConnectedVMwarevSphere/resourcepools",
+            "Microsoft.ConnectedVMwarevSphere/virtualnetworks",
+            "Microsoft.ConnectedVMwarevSphere/virtualmachinetemplates",
+            "Microsoft.ConnectedVMwarevSphere/operations",
+            "Microsoft.ConnectedVMwarevSphere/virtualmachines",
+            "Microsoft.ConnectedVMwarevSphere/vcenters/inventoryitems",
+            "Microsoft.ConnectedVMwarevSphere/virtualmachines/hybrididentitymetadata",
+            "Microsoft.ConnectedVMwarevSphere/virtualmachines/extensions",
+            "Microsoft.ConnectedVMwarevSphere/virtualmachines/guestagents",
+            "Microsoft.ConnectedVMwarevSphere/clusters",
+            "Microsoft.ConnectedVMwarevSphere/datastores",
+            "Microsoft.ConnectedVMwarevSphere/hosts",
+            "Microsoft.ConnectedVMwarevSphere/virtualmachineinstances",
+            "Microsoft.CostManagement/Connectors",
+            "Microsoft.CostManagement/CloudConnectors",
+            "Microsoft.CostManagement/CheckConnectorEligibility",
+            "Microsoft.CostManagement/ExternalBillingAccounts",
+            "Microsoft.CostManagement/ExternalBillingAccounts/Dimensions",
+            "Microsoft.CostManagement/ExternalBillingAccounts/Query",
+            "Microsoft.CostManagement/ExternalSubscriptions/Dimensions",
+            "Microsoft.CostManagement/ExternalSubscriptions/Query",
+            "Microsoft.CostManagement/ExternalSubscriptions",
+            "Microsoft.CostManagement/Forecast",
+            "Microsoft.CostManagement/ExternalSubscriptions/Forecast",
+            "Microsoft.CostManagement/ExternalBillingAccounts/Forecast",
+            "Microsoft.CostManagement/Settings",
+            "Microsoft.CostManagement/operations",
+            "Microsoft.CostManagement/register",
+            "Microsoft.CostManagement/Query",
+            "Microsoft.CostManagement/Dimensions",
+            "Microsoft.CostManagement/Budgets",
+            "Microsoft.CostManagement/ExternalSubscriptions/Alerts",
+            "Microsoft.CostManagement/ExternalBillingAccounts/Alerts",
+            "Microsoft.CostManagement/Alerts",
+            "Microsoft.CostManagement/showbackRules",
+            "Microsoft.CostManagement/costAllocationRules",
+            "Microsoft.CostManagement/Exports",
+            "Microsoft.CostManagement/Reports",
+            "Microsoft.CostManagement/Reportconfigs",
+            "Microsoft.CostManagement/BillingAccounts",
+            "Microsoft.CostManagement/Departments",
+            "Microsoft.CostManagement/EnrollmentAccounts",
+            "Microsoft.CostManagement/Views",
+            "Microsoft.CostManagement/Publish",
+            "Microsoft.CostManagement/ScheduledActions",
+            "Microsoft.CostManagement/CheckNameAvailability",
+            "Microsoft.CostManagement/BenefitUtilizationSummaries",
+            "Microsoft.CostManagement/BenefitRecommendations",
+            "Microsoft.CostManagement/Insights",
+            "Microsoft.CostManagement/fetchPrices",
+            "Microsoft.CostManagement/fetchMicrosoftPrices",
+            "Microsoft.CostManagement/fetchMarketplacePrices",
+            "Microsoft.CostManagement/calculatePrice",
+            "Microsoft.CostManagement/CalculateCost",
+            "Microsoft.CostManagement/GenerateBenefitUtilizationSummariesReport",
+            "Microsoft.CostManagement/BenefitUtilizationSummariesOperationResults",
+            "Microsoft.CostManagement/GenerateReservationDetailsReport",
+            "Microsoft.CostManagement/ReservationDetailsOperationResults",
+            "Microsoft.CostManagement/GenerateDetailedCostReport",
+            "Microsoft.CostManagement/GenerateCostDetailsReport",
+            "Microsoft.CostManagement/CostDetailsOperationResults",
+            "Microsoft.CostManagement/OperationStatus",
+            "Microsoft.CostManagement/OperationResults",
+            "Microsoft.CostManagement/Pricesheets",
+            "Microsoft.CostManagement/MarkupRules",
+            "Microsoft.CostManagement/StartConversation",
+            "Microsoft.CostManagement/SendMessage",
+            "Microsoft.CostManagementExports/Operations",
+            "Microsoft.CustomerLockbox/operations",
+            "Microsoft.CustomerLockbox/TenantOptedIn",
+            "Microsoft.CustomerLockbox/EnableLockbox",
+            "Microsoft.CustomerLockbox/DisableLockbox",
+            "Microsoft.CustomerLockbox/requests",
+            "Microsoft.D365CustomerInsights/instances",
+            "Microsoft.D365CustomerInsights/operations",
+            "Microsoft.Dashboard/locations",
+            "Microsoft.Dashboard/checkNameAvailability",
+            "Microsoft.Dashboard/locations/operationStatuses",
+            "Microsoft.Dashboard/grafana",
+            "Microsoft.Dashboard/operations",
+            "Microsoft.Dashboard/grafana/privateEndpointConnections",
+            "Microsoft.Dashboard/grafana/privateLinkResources",
+            "Microsoft.Dashboard/locations/checkNameAvailability",
+            "Microsoft.Dashboard/grafana/managedPrivateEndpoints",
+            "Microsoft.DatabaseWatcher/locations",
+            "Microsoft.DatabaseWatcher/operations",
+            "Microsoft.DataBox/jobs",
+            "Microsoft.DataBox/locations",
+            "Microsoft.DataBox/locations/validateAddress",
+            "Microsoft.DataBox/locations/checkNameAvailability",
+            "Microsoft.DataBox/locations/operationresults",
+            "Microsoft.DataBox/operations",
+            "Microsoft.DataBox/locations/availableSkus",
+            "Microsoft.DataBox/locations/validateInputs",
+            "Microsoft.DataBox/locations/regionConfiguration",
+            "Microsoft.DataBox/jobs/eventGridFilters",
+            "Microsoft.DataBoxEdge/DataBoxEdgeDevices",
+            "Microsoft.DataBoxEdge/DataBoxEdgeDevices/checkNameAvailability",
+            "Microsoft.DataBoxEdge/operations",
+            "Microsoft.DataBoxEdge/availableSkus",
+            "Microsoft.DataCatalog/catalogs",
+            "Microsoft.DataCatalog/checkNameAvailability",
+            "Microsoft.DataCatalog/operations",
+            "Microsoft.DataCatalog/locations",
+            "Microsoft.DataCatalog/locations/jobs",
+            "Microsoft.Datadog/registeredSubscriptions",
+            "Microsoft.Datadog/locations",
+            "Microsoft.Datadog/locations/operationStatuses",
+            "Microsoft.Datadog/operations",
+            "Microsoft.Datadog/monitors",
+            "Microsoft.Datadog/monitors/tagRules",
+            "Microsoft.Datadog/monitors/listMonitoredResources",
+            "Microsoft.Datadog/monitors/listApiKeys",
+            "Microsoft.Datadog/monitors/getDefaultKey",
+            "Microsoft.Datadog/monitors/setDefaultKey",
+            "Microsoft.Datadog/monitors/singleSignOnConfigurations",
+            "Microsoft.Datadog/monitors/listHosts",
+            "Microsoft.Datadog/monitors/listLinkedResources",
+            "Microsoft.Datadog/monitors/refreshSetPasswordLink",
+            "Microsoft.Datadog/agreements",
+            "Microsoft.Datadog/monitors/monitoredSubscriptions",
+            "Microsoft.Datadog/subscriptionStatuses",
+            "Microsoft.DataFactory/factories",
+            "Microsoft.DataFactory/factories/integrationRuntimes",
+            "Microsoft.DataFactory/factories/privateEndpointConnectionProxies",
+            "Microsoft.DataFactory/CheckNameAvailability",
+            "Microsoft.DataFactory/operations",
+            "Microsoft.DataFactory/locations",
+            "Microsoft.DataFactory/locations/configureFactoryRepo",
+            "Microsoft.DataFactory/locations/getFeatureValue",
+            "Microsoft.DataReplication/replicationVaults",
+            "Microsoft.DataReplication/replicationFabrics",
+            "Microsoft.DataReplication/operations",
+            "Microsoft.DataShare/accounts",
+            "Microsoft.DataShare/accounts/shares",
+            "Microsoft.DataShare/accounts/shares/datasets",
+            "Microsoft.DataShare/accounts/shares/synchronizationSettings",
+            "Microsoft.DataShare/accounts/shares/invitations",
+            "Microsoft.DataShare/accounts/sharesubscriptions",
+            "Microsoft.DataShare/accounts/shares/providersharesubscriptions",
+            "Microsoft.DataShare/accounts/sharesubscriptions/datasetmappings",
+            "Microsoft.DataShare/accounts/sharesubscriptions/triggers",
+            "Microsoft.DataShare/accounts/sharesubscriptions/consumerSourceDataSets",
+            "Microsoft.DataShare/listinvitations",
+            "Microsoft.DataShare/locations",
+            "Microsoft.DataShare/locations/operationResults",
+            "Microsoft.DataShare/locations/registerEmail",
+            "Microsoft.DataShare/locations/activateEmail",
+            "Microsoft.DataShare/locations/rejectInvitation",
+            "Microsoft.DataShare/locations/consumerInvitations",
+            "Microsoft.DataShare/operations",
+            "Microsoft.DelegatedNetwork/operations",
+            "Microsoft.DevAI/Locations",
+            "Microsoft.DevAI/Locations/operationstatuses",
+            "Microsoft.DevAI/instances",
+            "Microsoft.DevAI/instances/experiments",
+            "Microsoft.DevAI/instances/sandboxes",
+            "Microsoft.DevAI/instances/sandboxes/experiments",
+            "Microsoft.DevAI/Operations",
+            "Microsoft.DevAI/registeredSubscriptions",
+            "Microsoft.DevCenter/operations",
+            "Microsoft.DevCenter/Locations",
+            "Microsoft.DevCenter/Locations/OperationStatuses",
+            "Microsoft.DevCenter/devcenters",
+            "Microsoft.DevCenter/devcenters/catalogs",
+            "Microsoft.DevCenter/devcenters/attachednetworks",
+            "Microsoft.DevCenter/devcenters/devboxdefinitions",
+            "Microsoft.DevCenter/devcenters/environmentTypes",
+            "Microsoft.DevCenter/devcenters/galleries",
+            "Microsoft.DevCenter/devcenters/galleries/images/versions",
+            "Microsoft.DevCenter/devcenters/galleries/images",
+            "Microsoft.DevCenter/devcenters/images",
+            "Microsoft.DevCenter/networkconnections",
+            "Microsoft.DevCenter/networkconnections/healthchecks",
+            "Microsoft.DevCenter/projects",
+            "Microsoft.DevCenter/projects/attachednetworks",
+            "Microsoft.DevCenter/projects/environmentTypes",
+            "Microsoft.DevCenter/projects/pools",
+            "Microsoft.DevCenter/projects/pools/schedules",
+            "Microsoft.DevCenter/projects/devboxdefinitions",
+            "Microsoft.DevCenter/projects/allowedEnvironmentTypes",
+            "Microsoft.DevCenter/checkNameAvailability",
+            "Microsoft.DevCenter/networkconnections/outboundNetworkDependenciesEndpoints",
+            "Microsoft.DevCenter/Locations/usages",
+            "Microsoft.DevCenter/devcenters/catalogs/devboxdefinitions",
+            "Microsoft.DevCenter/devcenters/catalogs/environmentDefinitions",
+            "Microsoft.DevCenter/devcenters/catalogs/tasks",
+            "Microsoft.DevCenter/checkScopedNameAvailability",
+            "Microsoft.DevelopmentWindows365/DevelopmentCloudPcDelegatedMsis",
+            "Microsoft.DevHub/operations",
+            "Microsoft.DevHub/workflows",
+            "Microsoft.DevHub/locations",
+            "Microsoft.DevHub/locations/githuboauth",
+            "Microsoft.DevHub/locations/generatePreviewArtifacts",
+            "Microsoft.DeviceRegistry/locations",
+            "Microsoft.DeviceRegistry/operations",
+            "Microsoft.DeviceRegistry/operationStatuses",
+            "Microsoft.DeviceRegistry/locations/operationStatuses",
+            "Microsoft.DeviceRegistry/assets",
+            "Microsoft.DeviceRegistry/assetEndpointProfiles",
+            "Microsoft.DeviceUpdate/locations",
+            "Microsoft.DeviceUpdate/locations/operationStatuses",
+            "Microsoft.DeviceUpdate/operations",
+            "Microsoft.DeviceUpdate/accounts",
+            "Microsoft.DeviceUpdate/accounts/instances",
+            "Microsoft.DeviceUpdate/checkNameAvailability",
+            "Microsoft.DeviceUpdate/registeredSubscriptions",
+            "Microsoft.DeviceUpdate/accounts/privateLinkResources",
+            "Microsoft.DeviceUpdate/accounts/privateEndpointConnections",
+            "Microsoft.DeviceUpdate/accounts/privateEndpointConnectionProxies",
+            "Microsoft.DigitalTwins/locations",
+            "Microsoft.DigitalTwins/locations/checkNameAvailability",
+            "Microsoft.DigitalTwins/digitalTwinsInstances",
+            "Microsoft.DigitalTwins/digitalTwinsInstances/operationResults",
+            "Microsoft.DigitalTwins/locations/operationResults",
+            "Microsoft.DigitalTwins/locations/operationsStatuses",
+            "Microsoft.DigitalTwins/digitalTwinsInstances/endpoints",
+            "Microsoft.DigitalTwins/digitalTwinsInstances/timeSeriesDatabaseConnections",
+            "Microsoft.DigitalTwins/operations",
+            "Microsoft.DomainRegistration/domains",
+            "Microsoft.DomainRegistration/domains/domainOwnershipIdentifiers",
+            "Microsoft.DomainRegistration/topLevelDomains",
+            "Microsoft.DomainRegistration/checkDomainAvailability",
+            "Microsoft.DomainRegistration/listDomainRecommendations",
+            "Microsoft.DomainRegistration/validateDomainRegistrationInformation",
+            "Microsoft.DomainRegistration/generateSsoRequest",
+            "Microsoft.DomainRegistration/operations",
+            "Microsoft.Easm/workspaces",
+            "Microsoft.Easm/workspaces/labels",
+            "Microsoft.Easm/operations",
+            "Microsoft.Easm/workspaces/tasks",
+            "Microsoft.EdgeManagement/locations",
+            "Microsoft.EdgeManagement/operations",
+            "Microsoft.EdgeMarketplace/operations",
+            "Microsoft.EdgeMarketplace/locations",
+            "Microsoft.EdgeMarketplace/locations/operationStatuses",
+            "Microsoft.EdgeMarketplace/publishers",
+            "Microsoft.EdgeMarketplace/offers",
+            "Microsoft.EdgeOrder/addresses",
+            "Microsoft.EdgeOrder/orderItems",
+            "Microsoft.EdgeOrder/orders",
+            "Microsoft.EdgeOrder/locations",
+            "Microsoft.EdgeOrder/locations/orders",
+            "Microsoft.EdgeOrder/listProductFamilies",
+            "Microsoft.EdgeOrder/listConfigurations",
+            "Microsoft.EdgeOrder/productFamiliesMetadata",
+            "Microsoft.EdgeOrder/locations/hciCatalog",
+            "Microsoft.EdgeOrder/locations/hciCatalog/vendors",
+            "Microsoft.EdgeOrder/locations/hciCatalog/platforms",
+            "Microsoft.EdgeOrder/locations/hciCatalog/projects",
+            "Microsoft.EdgeOrder/locations/hciFlightCatalog",
+            "Microsoft.EdgeOrder/locations/hciFlightCatalog/vendors",
+            "Microsoft.EdgeOrder/locations/hciFlightCatalog/platforms",
+            "Microsoft.EdgeOrder/locations/hciFlightCatalog/projects",
+            "Microsoft.EdgeOrder/operations",
+            "Microsoft.EdgeOrder/locations/operationresults",
+            "Microsoft.EdgeOrderPartner/operations",
+            "Microsoft.Elastic/operations",
+            "Microsoft.Elastic/locations",
+            "Microsoft.Elastic/locations/operationStatuses",
+            "Microsoft.Elastic/monitors",
+            "Microsoft.Elastic/monitors/tagRules",
+            "Microsoft.Elastic/checkNameAvailability",
+            "Microsoft.Elastic/elasticVersions",
+            "Microsoft.Elastic/getOrganizationApiKey",
+            "Microsoft.Elastic/getElasticOrganizationToAzureSubscriptionMapping",
+            "Microsoft.ElasticSan/elasticSans",
+            "Microsoft.ElasticSan/elasticSans/volumeGroups",
+            "Microsoft.ElasticSan/operations",
+            "Microsoft.ElasticSan/locations/asyncoperations",
+            "Microsoft.ElasticSan/locations",
+            "Microsoft.EnterpriseSupport/EnterpriseSupports",
+            "Microsoft.EnterpriseSupport/operationStatuses",
+            "Microsoft.EnterpriseSupport/validate",
+            "Microsoft.EnterpriseSupport/Operations",
+            "Microsoft.EntitlementManagement/Operations",
+            "Microsoft.Experimentation/Operations",
+            "Microsoft.ExtendedLocation/locations",
+            "Microsoft.ExtendedLocation/customLocations",
+            "Microsoft.ExtendedLocation/customLocations/enabledResourceTypes",
+            "Microsoft.ExtendedLocation/customLocations/resourceSyncRules",
+            "Microsoft.ExtendedLocation/locations/operationsstatus",
+            "Microsoft.ExtendedLocation/locations/operationresults",
+            "Microsoft.ExtendedLocation/operations",
+            "Microsoft.Fabric/capacities",
+            "Microsoft.Fabric/locations",
+            "Microsoft.Fabric/locations/checkNameAvailability",
+            "Microsoft.Fabric/locations/operationresults",
+            "Microsoft.Fabric/locations/operationstatuses",
+            "Microsoft.Fabric/operations",
+            "Microsoft.Falcon/namespaces",
+            "Microsoft.Features/features",
+            "Microsoft.Features/providers",
+            "Microsoft.Features/featureProviders",
+            "Microsoft.Features/subscriptionFeatureRegistrations",
+            "Microsoft.Features/featureProviderNamespaces",
+            "Microsoft.Features/featureConfigurations",
+            "Microsoft.Features/operations",
+            "Microsoft.FluidRelay/fluidRelayServers",
+            "Microsoft.FluidRelay/Operations",
+            "Microsoft.FluidRelay/fluidRelayServers/fluidRelayContainers",
+            "Microsoft.FluidRelay/Locations",
+            "Microsoft.FluidRelay/Locations/OperationStatuses",
+            "Microsoft.GraphServices/accounts",
+            "Microsoft.GraphServices/Operations",
+            "Microsoft.GraphServices/RegisteredSubscriptions",
+            "Microsoft.GraphServices/Locations",
+            "Microsoft.GraphServices/Locations/OperationStatuses",
+            "Microsoft.HanaOnAzure/hanaInstances",
+            "Microsoft.HanaOnAzure/locations/operationsStatus",
+            "Microsoft.HanaOnAzure/locations",
+            "Microsoft.HanaOnAzure/locations/operations",
+            "Microsoft.HanaOnAzure/operations",
+            "Microsoft.HardwareSecurityModules/cloudHsmClusters",
+            "Microsoft.HardwareSecurityModules/locations",
+            "Microsoft.HardwareSecurityModules/operations",
+            "Microsoft.HealthBot/Operations",
+            "Microsoft.HealthBot/Locations",
+            "Microsoft.HealthBot/Locations/OperationStatuses",
+            "Microsoft.HealthBot/healthBots",
+            "Microsoft.HealthDataAIServices/locations",
+            "Microsoft.HealthDataAIServices/locations/operationStatuses",
+            "Microsoft.HealthDataAIServices/Operations",
+            "Microsoft.HealthModel/Operations",
+            "Microsoft.Help/operations",
+            "Microsoft.Help/operationResults",
+            "Microsoft.Help/discoverySolutions",
+            "Microsoft.Help/discoverSolutions",
+            "Microsoft.Help/diagnostics",
+            "Microsoft.Help/checkNameAvailability",
+            "Microsoft.Help/solutions",
+            "Microsoft.Help/troubleshooters",
+            "Microsoft.Help/SelfHelp",
+            "Microsoft.HybridCloud/cloudConnectors",
+            "Microsoft.HybridCloud/cloudConnections",
+            "Microsoft.HybridCompute/machines",
+            "Microsoft.HybridCompute/machines/hybridIdentityMetadata",
+            "Microsoft.HybridCompute/machines/privateLinkScopes",
+            "Microsoft.HybridCompute/machines/extensions",
+            "Microsoft.HybridCompute/locations",
+            "Microsoft.HybridCompute/locations/publishers",
+            "Microsoft.HybridCompute/locations/publishers/extensionTypes",
+            "Microsoft.HybridCompute/locations/publishers/extensionTypes/versions",
+            "Microsoft.HybridCompute/locations/operationStatus",
+            "Microsoft.HybridCompute/locations/operationResults",
+            "Microsoft.HybridCompute/operations",
+            "Microsoft.HybridCompute/machines/assessPatches",
+            "Microsoft.HybridCompute/machines/installPatches",
+            "Microsoft.HybridCompute/locations/updateCenterOperationResults",
+            "Microsoft.HybridCompute/privateLinkScopes",
+            "Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnections",
+            "Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnectionProxies",
+            "Microsoft.HybridCompute/locations/privateLinkScopes",
+            "Microsoft.HybridCompute/osType",
+            "Microsoft.HybridCompute/osType/agentVersions",
+            "Microsoft.HybridCompute/osType/agentVersions/latest",
+            "Microsoft.HybridCompute/machines/runcommands",
+            "Microsoft.HybridCompute/machines/licenseProfiles",
+            "Microsoft.HybridCompute/licenses",
+            "Microsoft.HybridCompute/validateLicense",
+            "Microsoft.HybridCompute/networkConfigurations",
+            "Microsoft.HybridCompute/privateLinkScopes/networkSecurityPerimeterConfigurations",
+            "Microsoft.HybridCompute/privateLinkScopes/networkSecurityPerimeterAssociationProxies",
+            "Microsoft.HybridCompute/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+            "Microsoft.HybridCompute/locations/notifyExtension",
+            "Microsoft.HybridConnectivity/endpoints",
+            "Microsoft.HybridConnectivity/Operations",
+            "Microsoft.HybridConnectivity/Locations",
+            "Microsoft.HybridConnectivity/Locations/OperationStatuses",
+            "Microsoft.HybridContainerService/Locations",
+            "Microsoft.HybridContainerService/Locations/operationStatuses",
+            "Microsoft.HybridContainerService/provisionedClusters",
+            "Microsoft.HybridContainerService/provisionedClusters/hybridIdentityMetadata",
+            "Microsoft.HybridContainerService/provisionedClusters/agentPools",
+            "Microsoft.HybridContainerService/virtualNetworks",
+            "Microsoft.HybridContainerService/Operations",
+            "Microsoft.HybridContainerService/provisionedClusters/upgradeProfiles",
+            "Microsoft.HybridContainerService/kubernetesVersions",
+            "Microsoft.HybridContainerService/skus",
+            "Microsoft.HybridContainerService/provisionedClusterInstances",
+            "Microsoft.HybridNetwork/Operations",
+            "Microsoft.HybridNetwork/Locations",
+            "Microsoft.HybridNetwork/Locations/OperationStatuses",
+            "Microsoft.HybridNetwork/devices",
+            "Microsoft.HybridNetwork/networkfunctions",
+            "Microsoft.HybridNetwork/networkFunctionVendors",
+            "Microsoft.HybridNetwork/networkFunctions/components",
+            "Microsoft.HybridNetwork/sites",
+            "Microsoft.HybridNetwork/siteNetworkServices",
+            "Microsoft.HybridNetwork/configurationGroupValues",
+            "Microsoft.HybridNetwork/publishers",
+            "Microsoft.HybridNetwork/publishers/networkFunctionDefinitionGroups",
+            "Microsoft.HybridNetwork/publishers/networkFunctionDefinitionGroups/networkFunctionDefinitionVersions",
+            "Microsoft.HybridNetwork/publishers/artifactStores",
+            "Microsoft.HybridNetwork/publishers/artifactStores/artifactManifests",
+            "Microsoft.HybridNetwork/publishers/artifactstores/artifacts",
+            "Microsoft.HybridNetwork/publishers/artifactstores/artifactversions",
+            "Microsoft.Impact/Operations",
+            "Microsoft.IntegrationSpaces/Spaces",
+            "Microsoft.IntegrationSpaces/Spaces/InfrastructureResources",
+            "Microsoft.IntegrationSpaces/Spaces/Applications",
+            "Microsoft.IntegrationSpaces/Spaces/applications/resources",
+            "Microsoft.IntegrationSpaces/Spaces/applications/BusinessProcesses",
+            "Microsoft.IntegrationSpaces/Spaces/applications/BusinessProcesses/versions",
+            "Microsoft.IntegrationSpaces/locations",
+            "Microsoft.IntegrationSpaces/locations/OperationStatuses",
+            "Microsoft.IntegrationSpaces/operations",
+            "Microsoft.IoTCentral/IoTApps",
+            "Microsoft.IoTCentral/checkNameAvailability",
+            "Microsoft.IoTCentral/checkSubdomainAvailability",
+            "Microsoft.IoTCentral/operations",
+            "Microsoft.IoTCentral/locations",
+            "Microsoft.IoTCentral/locations/operationResults",
+            "Microsoft.IoTCentral/appTemplates",
+            "Microsoft.IoTFirmwareDefense/operations",
+            "Microsoft.IoTFirmwareDefense/workspaces",
+            "Microsoft.IoTFirmwareDefense/workspaces/firmwares",
+            "Microsoft.IoTFirmwareDefense/workspaces/firmwares/sbomComponents",
+            "Microsoft.IoTFirmwareDefense/workspaces/firmwares/binaryHardeningResults",
+            "Microsoft.IoTFirmwareDefense/workspaces/firmwares/cryptoCertificates",
+            "Microsoft.IoTFirmwareDefense/workspaces/firmwares/cryptoKeys",
+            "Microsoft.IoTFirmwareDefense/workspaces/firmwares/passwordHashes",
+            "Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves",
+            "Microsoft.IoTFirmwareDefense/workspaces/firmwares/summaries",
+            "Microsoft.IoTFirmwareDefense/locations",
+            "Microsoft.IoTFirmwareDefense/locations/operationStatuses",
+            "Microsoft.IoTOperationsDataProcessor/locations",
+            "Microsoft.IoTOperationsDataProcessor/locations/operationStatuses",
+            "Microsoft.IoTOperationsDataProcessor/instances",
+            "Microsoft.IoTOperationsDataProcessor/instances/datasets",
+            "Microsoft.IoTOperationsDataProcessor/instances/pipelines",
+            "Microsoft.IoTOperationsDataProcessor/operations",
+            "Microsoft.IoTOperationsMQ/Locations",
+            "Microsoft.IoTOperationsMQ/Operations",
+            "Microsoft.IoTOperationsMQ/Locations/OperationStatuses",
+            "Microsoft.IoTOperationsMQ/mq",
+            "Microsoft.IoTOperationsMQ/mq/broker",
+            "Microsoft.IoTOperationsMQ/mq/broker/authentication",
+            "Microsoft.IoTOperationsMQ/mq/broker/authorization",
+            "Microsoft.IoTOperationsMQ/mq/broker/listener",
+            "Microsoft.IoTOperationsMQ/mq/dataLakeConnector",
+            "Microsoft.IoTOperationsMQ/mq/dataLakeConnector/topicMap",
+            "Microsoft.IoTOperationsMQ/mq/diagnosticService",
+            "Microsoft.IoTOperationsMQ/mq/kafkaConnector",
+            "Microsoft.IoTOperationsMQ/mq/kafkaConnector/topicMap",
+            "Microsoft.IoTOperationsMQ/mq/mqttBridgeConnector",
+            "Microsoft.IoTOperationsMQ/mq/mqttBridgeConnector/topicMap",
+            "Microsoft.IoTOperationsOrchestrator/locations",
+            "Microsoft.IoTOperationsOrchestrator/locations/operationStatuses",
+            "Microsoft.IoTOperationsOrchestrator/targets",
+            "Microsoft.IoTOperationsOrchestrator/solutions",
+            "Microsoft.IoTOperationsOrchestrator/instances",
+            "Microsoft.IoTOperationsOrchestrator/operations",
+            "Microsoft.IoTSecurity/Operations",
+            "Microsoft.IoTSecurity/defenderSettings",
+            "Microsoft.IoTSecurity/locations",
+            "Microsoft.IoTSecurity/locations/deviceGroups",
+            "Microsoft.IoTSecurity/locations/deviceGroups/devices",
+            "Microsoft.IoTSecurity/locations/endpoints",
+            "Microsoft.IoTSecurity/locations/deviceGroups/vulnerabilities",
+            "Microsoft.IoTSecurity/locations/deviceGroups/alerts",
+            "Microsoft.IoTSecurity/locations/deviceGroups/alerts/pcaps",
+            "Microsoft.IoTSecurity/locations/deviceGroups/alerts/learn",
+            "Microsoft.IoTSecurity/locations/deviceGroups/recommendations",
+            "Microsoft.IoTSecurity/locations/sites",
+            "Microsoft.IoTSecurity/locations/sites/sensors",
+            "Microsoft.IoTSecurity/sites",
+            "Microsoft.IoTSecurity/sensors",
+            "Microsoft.IoTSecurity/onPremiseSensors",
+            "Microsoft.IoTSecurity/alertTypes",
+            "Microsoft.IoTSecurity/recommendationTypes",
+            "Microsoft.IoTSecurity/licenseSkus",
+            "Microsoft.Kubernetes/connectedClusters",
+            "Microsoft.Kubernetes/locations",
+            "Microsoft.Kubernetes/locations/operationStatuses",
+            "Microsoft.Kubernetes/registeredSubscriptions",
+            "Microsoft.Kubernetes/Operations",
+            "Microsoft.KubernetesConfiguration/sourceControlConfigurations",
+            "Microsoft.KubernetesConfiguration/extensions",
+            "Microsoft.KubernetesConfiguration/fluxConfigurations",
+            "Microsoft.KubernetesConfiguration/operations",
+            "Microsoft.KubernetesConfiguration/extensionTypes",
+            "Microsoft.KubernetesConfiguration/locations/extensionTypes",
+            "Microsoft.KubernetesConfiguration/locations/extensionTypes/versions",
+            "Microsoft.KubernetesConfiguration/privateLinkScopes",
+            "Microsoft.KubernetesConfiguration/privateLinkScopes/privateEndpointConnections",
+            "Microsoft.KubernetesConfiguration/privateLinkScopes/privateEndpointConnectionProxies",
+            "Microsoft.KubernetesRuntime/storageClasses",
+            "Microsoft.KubernetesRuntime/loadBalancers",
+            "Microsoft.KubernetesRuntime/bgpPeers",
+            "Microsoft.KubernetesRuntime/operations",
+            "Microsoft.KubernetesRuntime/locations",
+            "Microsoft.KubernetesRuntime/locations/operationStatuses",
+            "Microsoft.KubernetesRuntime/services",
+            "Microsoft.LabServices/labplans",
+            "Microsoft.LabServices/labs",
+            "Microsoft.LabServices/labaccounts",
+            "Microsoft.LabServices/locations/operationResults",
+            "Microsoft.LabServices/locations/operations",
+            "Microsoft.LabServices/operations",
+            "Microsoft.LabServices/users",
+            "Microsoft.LabServices/locations",
+            "Microsoft.LabServices/locations/usages",
+            "Microsoft.LoadTestService/operations",
+            "Microsoft.LoadTestService/checkNameAvailability",
+            "Microsoft.LoadTestService/loadtests",
+            "Microsoft.LoadTestService/Locations",
+            "Microsoft.LoadTestService/Locations/OperationStatuses",
+            "Microsoft.LoadTestService/registeredSubscriptions",
+            "Microsoft.LoadTestService/loadtests/outboundNetworkDependenciesEndpoints",
+            "Microsoft.LoadTestService/Locations/Quotas",
+            "Microsoft.Logz/operations",
+            "Microsoft.Logz/locations",
+            "Microsoft.Logz/registeredSubscriptions",
+            "Microsoft.Logz/locations/operationStatuses",
+            "Microsoft.Logz/monitors",
+            "Microsoft.Logz/monitors/tagRules",
+            "Microsoft.Logz/monitors/singleSignOnConfigurations",
+            "Microsoft.Logz/monitors/accounts",
+            "Microsoft.Logz/monitors/accounts/tagRules",
+            "Microsoft.MachineLearning/Workspaces",
+            "Microsoft.MachineLearning/webServices",
+            "Microsoft.MachineLearning/operations",
+            "Microsoft.MachineLearning/locations",
+            "Microsoft.MachineLearning/locations/operations",
+            "Microsoft.MachineLearning/locations/operationsStatus",
+            "Microsoft.MachineLearning/commitmentPlans",
+            "Microsoft.ManagedNetworkFabric/Operations",
+            "Microsoft.ManagedNetworkFabric/NetworkFabricControllers",
+            "Microsoft.ManagedNetworkFabric/Locations",
+            "Microsoft.ManagedNetworkFabric/Locations/OperationStatuses",
+            "Microsoft.ManagedNetworkFabric/NetworkFabrics",
+            "Microsoft.ManagedNetworkFabric/NetworkRacks",
+            "Microsoft.ManagedNetworkFabric/NetworkDevices",
+            "Microsoft.ManagedNetworkFabric/NetworkDevices/NetworkInterfaces",
+            "Microsoft.ManagedNetworkFabric/L2IsolationDomains",
+            "Microsoft.ManagedNetworkFabric/L3IsolationDomains",
+            "Microsoft.ManagedNetworkFabric/accesscontrollists",
+            "Microsoft.ManagedNetworkFabric/RoutePolicies",
+            "Microsoft.ManagedNetworkFabric/L3IsolationDomains/externalNetworks",
+            "Microsoft.ManagedNetworkFabric/L3IsolationDomains/internalNetworks",
+            "Microsoft.ManagedNetworkFabric/NetworkFabrics/NetworkToNetworkInterconnects",
+            "Microsoft.ManagedNetworkFabric/IpExtendedCommunities",
+            "Microsoft.ManagedNetworkFabric/IpCommunities",
+            "Microsoft.ManagedNetworkFabric/IpPrefixes",
+            "Microsoft.ManagedNetworkFabric/InternetGateways",
+            "Microsoft.ManagedNetworkFabric/internetgatewayrules",
+            "Microsoft.ManagedNetworkFabric/networkpacketbrokers",
+            "Microsoft.ManagedNetworkFabric/networktaps",
+            "Microsoft.ManagedNetworkFabric/networktaprules",
+            "Microsoft.ManagedNetworkFabric/neighborgroups",
+            "Microsoft.ManufacturingPlatform/locations",
+            "Microsoft.ManufacturingPlatform/operations",
+            "Microsoft.Marketplace/register",
+            "Microsoft.Marketplace/privategalleryitems",
+            "Microsoft.Marketplace/products",
+            "Microsoft.Marketplace/offers",
+            "Microsoft.Marketplace/macc",
+            "Microsoft.Marketplace/offerTypes",
+            "Microsoft.Marketplace/offerTypes/publishers",
+            "Microsoft.Marketplace/offerTypes/publishers/offers",
+            "Microsoft.Marketplace/offerTypes/publishers/offers/plans",
+            "Microsoft.Marketplace/offerTypes/publishers/offers/plans/configs",
+            "Microsoft.Marketplace/offerTypes/publishers/offers/plans/configs/importImage",
+            "Microsoft.Marketplace/offerTypes/publishers/offers/plans/agreements",
+            "Microsoft.Marketplace/operations",
+            "Microsoft.Marketplace/listAvailableOffers",
+            "Microsoft.Marketplace/publishers",
+            "Microsoft.Marketplace/publishers/offers",
+            "Microsoft.Marketplace/publishers/offers/amendments",
+            "Microsoft.Marketplace/privateStoreClient",
+            "Microsoft.Marketplace/privateStores",
+            "Microsoft.Marketplace/privateStores/offers",
+            "Microsoft.Marketplace/search",
+            "Microsoft.Marketplace/privateStores/requestApprovals/query",
+            "Microsoft.Marketplace/privateStores/requestApprovals/withdrawPlan",
+            "Microsoft.Marketplace/privateStores/RequestApprovals",
+            "Microsoft.Marketplace/privateStores/queryNotificationsState",
+            "Microsoft.Marketplace/privateStores/fetchAllSubscriptionsInTenant",
+            "Microsoft.Marketplace/privateStores/listNewPlansNotifications",
+            "Microsoft.Marketplace/privateStores/listStopSellOffersPlansNotifications",
+            "Microsoft.Marketplace/privateStores/listSubscriptionsContext",
+            "Microsoft.Marketplace/privateStores/offers/acknowledgeNotification",
+            "Microsoft.Marketplace/privateStores/AdminRequestApprovals",
+            "Microsoft.Marketplace/privateStores/collections",
+            "Microsoft.Marketplace/privateStores/collections/approveAllItems",
+            "Microsoft.Marketplace/privateStores/collections/disableApproveAllItems",
+            "Microsoft.Marketplace/privateStores/collections/offers",
+            "Microsoft.Marketplace/privateStores/collections/mapOffersToContexts",
+            "Microsoft.Marketplace/privateStores/collections/queryRules",
+            "Microsoft.Marketplace/privateStores/collections/setRules",
+            "Microsoft.Marketplace/privateStores/collections/offers/upsertOfferWithMultiContext",
+            "Microsoft.Marketplace/privateStores/bulkCollectionsAction",
+            "Microsoft.Marketplace/privateStores/collections/transferOffers",
+            "Microsoft.Marketplace/privateStores/anyExistingOffersInTheCollections",
+            "Microsoft.Marketplace/privateStores/queryOffers",
+            "Microsoft.Marketplace/privateStores/queryUserOffers",
+            "Microsoft.Marketplace/privateStores/queryUserRules",
+            "Microsoft.Marketplace/privateStores/collectionsToSubscriptionsMapping",
+            "Microsoft.Marketplace/privateStores/billingAccounts",
+            "Microsoft.Marketplace/privateStores/queryApprovedPlans",
+            "Microsoft.Marketplace/locations",
+            "Microsoft.Marketplace/locations/edgeZones",
+            "Microsoft.Marketplace/locations/edgeZones/products",
+            "Microsoft.Marketplace/mysolutions",
+            "Microsoft.Marketplace/products/reviews",
+            "Microsoft.Marketplace/products/reviews/comments",
+            "Microsoft.Marketplace/products/reviews/helpful",
+            "Microsoft.Marketplace/products/usermetadata",
+            "Microsoft.MarketplaceOrdering/agreements",
+            "Microsoft.MarketplaceOrdering/operations",
+            "Microsoft.MarketplaceOrdering/offertypes",
+            "Microsoft.Migrate/migrateprojects",
+            "Microsoft.Migrate/assessmentProjects",
+            "Microsoft.Migrate/moveCollections",
+            "Microsoft.Migrate/operations",
+            "Microsoft.Migrate/locations",
+            "Microsoft.Migrate/locations/rmsOperationResults",
+            "Microsoft.Migrate/modernizeProjects",
+            "Microsoft.Mission/Locations",
+            "Microsoft.Mission/Locations/OperationStatuses",
+            "Microsoft.Mission/Operations",
+            "Microsoft.Mission/virtualEnclaves/endpoints",
+            "Microsoft.Mission/checkNameAvailability",
+            "Microsoft.MobileNetwork/Locations",
+            "Microsoft.MobileNetwork/Locations/OperationStatuses",
+            "Microsoft.MobileNetwork/Operations",
+            "Microsoft.MobileNetwork/packetCoreControlPlaneVersions",
+            "Microsoft.MobilePacketCore/Locations",
+            "Microsoft.MobilePacketCore/Locations/OperationStatuses",
+            "Microsoft.MobilePacketCore/Operations",
+            "Microsoft.ModSimWorkbench/Locations/operationStatuses",
+            "Microsoft.ModSimWorkbench/Locations",
+            "Microsoft.ModSimWorkbench/Operations",
+            "Microsoft.Monitor/operations",
+            "Microsoft.Monitor/accounts",
+            "Microsoft.Monitor/locations/locationOperationStatuses",
+            "Microsoft.Monitor/locations/operationResults",
+            "Microsoft.Monitor/locations",
+            "Microsoft.Monitor/locations/operationStatuses",
+            "Microsoft.MySQLDiscovery/locations",
+            "Microsoft.MySQLDiscovery/locations/operationStatuses",
+            "Microsoft.MySQLDiscovery/MySQLSites",
+            "Microsoft.MySQLDiscovery/MySQLSites/MySQLServers",
+            "Microsoft.MySQLDiscovery/MySQLSites/Refresh",
+            "Microsoft.MySQLDiscovery/MySQLSites/Summaries",
+            "Microsoft.MySQLDiscovery/MySQLSites/ErrorSummaries",
+            "Microsoft.MySQLDiscovery/operations",
+            "Microsoft.NetApp/netAppAccounts",
+            "Microsoft.NetApp/netAppAccounts/snapshotPolicies",
+            "Microsoft.NetApp/netAppAccounts/volumeGroups",
+            "Microsoft.NetApp/netAppAccounts/capacityPools",
+            "Microsoft.NetApp/netAppAccounts/capacityPools/volumes",
+            "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/mountTargets",
+            "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/snapshots",
+            "Microsoft.NetApp/locations",
+            "Microsoft.NetApp/locations/checkNameAvailability",
+            "Microsoft.NetApp/locations/checkFilePathAvailability",
+            "Microsoft.NetApp/operations",
+            "Microsoft.NetApp/locations/checkQuotaAvailability",
+            "Microsoft.NetApp/locations/queryNetworkSiblingSet",
+            "Microsoft.NetApp/locations/updateNetworkSiblingSet",
+            "Microsoft.NetApp/locations/regionInfo",
+            "Microsoft.NetApp/locations/regionInfos",
+            "Microsoft.NetApp/locations/QuotaLimits",
+            "Microsoft.NetApp/locations/CheckInventory",
+            "Microsoft.NetApp/locations/operationResults",
+            "Microsoft.NetworkAnalytics/Locations",
+            "Microsoft.NetworkAnalytics/Locations/OperationStatuses",
+            "Microsoft.NetworkAnalytics/Operations",
+            "Microsoft.NetworkAnalytics/registeredSubscriptions",
+            "Microsoft.NetworkCloud/locations",
+            "Microsoft.NetworkCloud/locations/operationStatuses",
+            "Microsoft.NetworkCloud/clusterManagers",
+            "Microsoft.NetworkCloud/racks",
+            "Microsoft.NetworkCloud/clusters",
+            "Microsoft.NetworkCloud/bareMetalMachines",
+            "Microsoft.NetworkCloud/virtualMachines",
+            "Microsoft.NetworkCloud/operations",
+            "Microsoft.NetworkCloud/rackSkus",
+            "Microsoft.NetworkCloud/cloudServicesNetworks",
+            "Microsoft.NetworkCloud/l2Networks",
+            "Microsoft.NetworkCloud/storageAppliances",
+            "Microsoft.NetworkCloud/trunkedNetworks",
+            "Microsoft.NetworkCloud/l3Networks",
+            "Microsoft.NetworkCloud/clusters/metricsConfigurations",
+            "Microsoft.NetworkCloud/virtualMachines/consoles",
+            "Microsoft.NetworkCloud/clusters/bareMetalMachineKeySets",
+            "Microsoft.NetworkCloud/clusters/bmcKeySets",
+            "Microsoft.NetworkCloud/volumes",
+            "Microsoft.NetworkCloud/registeredSubscriptions",
+            "Microsoft.NetworkCloud/kubernetesClusters",
+            "Microsoft.NetworkCloud/kubernetesClusters/agentPools",
+            "Microsoft.NetworkFunction/azureTrafficCollectors",
+            "Microsoft.NetworkFunction/azureTrafficCollectors/collectorPolicies",
+            "Microsoft.NetworkFunction/meshVpns",
+            "Microsoft.NetworkFunction/meshVpns/connectionPolicies",
+            "Microsoft.NetworkFunction/meshVpns/privateEndpointConnections",
+            "Microsoft.NetworkFunction/meshVpns/privateEndpointConnectionProxies",
+            "Microsoft.NetworkFunction/operations",
+            "Microsoft.NetworkFunction/locations",
+            "Microsoft.NetworkFunction/locations/nfvOperations",
+            "Microsoft.NetworkFunction/locations/nfvOperationResults",
+            "Microsoft.Nutanix/operations",
+            "Microsoft.Nutanix/locations",
+            "Microsoft.ObjectStore/osNamespaces",
+            "Microsoft.OffAzure/VMwareSites",
+            "Microsoft.OffAzure/HyperVSites",
+            "Microsoft.OffAzure/ServerSites",
+            "Microsoft.OffAzure/ImportSites",
+            "Microsoft.OffAzure/MasterSites",
+            "Microsoft.OffAzure/locations",
+            "Microsoft.OffAzure/locations/operationResults",
+            "Microsoft.OffAzure/operations",
+            "Microsoft.OffAzureSpringBoot/locations",
+            "Microsoft.OffAzureSpringBoot/locations/operationStatuses",
+            "Microsoft.OffAzureSpringBoot/springbootsites",
+            "Microsoft.OffAzureSpringBoot/springbootsites/springbootservers",
+            "Microsoft.OffAzureSpringBoot/springbootsites/springbootapps",
+            "Microsoft.OffAzureSpringBoot/operations",
+            "Microsoft.OffAzureSpringBoot/springbootsites/summaries",
+            "Microsoft.OffAzureSpringBoot/springbootsites/errorsummaries",
+            "Microsoft.OpenEnergyPlatform/Locations",
+            "Microsoft.OpenEnergyPlatform/Locations/OperationStatuses",
+            "Microsoft.OpenEnergyPlatform/energyservices",
+            "Microsoft.OpenEnergyPlatform/checkNameAvailability",
+            "Microsoft.OpenEnergyPlatform/Operations",
+            "Microsoft.OpenEnergyPlatform/energyservices/privateEndpointConnections",
+            "Microsoft.OpenEnergyPlatform/energyservices/privateLinkResources",
+            "Microsoft.OpenEnergyPlatform/energyservices/privateEndpointConnectionProxies",
+            "Microsoft.OperatorVoicemail/Operations",
+            "Microsoft.OperatorVoicemail/Locations",
+            "Microsoft.OperatorVoicemail/Locations/OperationStatuses",
+            "Microsoft.OperatorVoicemail/Locations/checkNameAvailability",
+            "Microsoft.OracleDiscovery/locations",
+            "Microsoft.OracleDiscovery/locations/operationStatuses",
+            "Microsoft.OracleDiscovery/oraclesites",
+            "Microsoft.OracleDiscovery/oraclesites/oracleservers",
+            "Microsoft.OracleDiscovery/oraclesites/oracledatabases",
+            "Microsoft.OracleDiscovery/oraclesites/summaries",
+            "Microsoft.OracleDiscovery/oraclesites/errorSummaries",
+            "Microsoft.OracleDiscovery/operations",
+            "Microsoft.Orbital/availableGroundStations",
+            "Microsoft.Orbital/contactProfiles",
+            "Microsoft.Orbital/spacecrafts",
+            "Microsoft.Orbital/spacecrafts/contacts",
+            "Microsoft.Orbital/groundStations",
+            "Microsoft.Orbital/globalCommunicationsSites",
+            "Microsoft.Orbital/l2Connections",
+            "Microsoft.Orbital/edgeSites",
+            "Microsoft.Orbital/operations",
+            "Microsoft.Orbital/locations",
+            "Microsoft.Orbital/locations/operationResults",
+            "Microsoft.Orbital/locations/operationStatuses",
+            "Microsoft.PartnerManagedConsumerRecurrence/recurrences",
+            "Microsoft.PartnerManagedConsumerRecurrence/operations",
+            "Microsoft.PartnerManagedConsumerRecurrence/checkEligibility",
+            "Microsoft.PartnerManagedConsumerRecurrence/operationStatuses",
+            "Microsoft.Peering/peerings",
+            "Microsoft.Peering/peeringLocations",
+            "Microsoft.Peering/legacyPeerings",
+            "Microsoft.Peering/peerAsns",
+            "Microsoft.Peering/peeringServices",
+            "Microsoft.Peering/peeringServiceCountries",
+            "Microsoft.Peering/peeringServiceLocations",
+            "Microsoft.Peering/peeringServiceProviders",
+            "Microsoft.Peering/checkServiceProviderAvailability",
+            "Microsoft.Peering/lookingGlass",
+            "Microsoft.Peering/cdnPeeringPrefixes",
+            "Microsoft.Peering/operations",
+            "Microsoft.Pki/Operations",
+            "Microsoft.Portal/dashboards",
+            "Microsoft.Portal/tenantconfigurations",
+            "Microsoft.Portal/listTenantConfigurationViolations",
+            "Microsoft.Portal/operations",
+            "Microsoft.Portal/locations",
+            "Microsoft.Portal/consoles",
+            "Microsoft.Portal/locations/consoles",
+            "Microsoft.Portal/userSettings",
+            "Microsoft.Portal/locations/userSettings",
+            "Microsoft.PowerBI/workspaceCollections",
+            "Microsoft.PowerBI/locations",
+            "Microsoft.PowerBI/locations/checkNameAvailability",
+            "Microsoft.PowerBI/privateLinkServicesForPowerBI",
+            "Microsoft.PowerBI/privateLinkServicesForPowerBI/operationResults",
+            "Microsoft.PowerBI/operations",
+            "Microsoft.PowerPlatform/operations",
+            "Microsoft.PowerPlatform/enterprisePolicies",
+            "Microsoft.PowerPlatform/accounts",
+            "Microsoft.PowerPlatform/locations",
+            "Microsoft.PowerPlatform/locations/deleteVirtualNetworkOrSubnets",
+            "Microsoft.PowerPlatform/locations/validateDeleteVirtualNetworkOrSubnets",
+            "Microsoft.ProfessionalService/checkNameAvailability",
+            "Microsoft.ProfessionalService/eligibilityCheck",
+            "Microsoft.ProfessionalService/operationResults",
+            "Microsoft.ProfessionalService/operations",
+            "Microsoft.ProfessionalService/resources",
+            "Microsoft.ProgrammableConnectivity/operations",
+            "Microsoft.ProgrammableConnectivity/locations",
+            "Microsoft.ProgrammableConnectivity/locations/operationStatuses",
+            "Microsoft.ProgrammableConnectivity/gateways",
+            "Microsoft.ProgrammableConnectivity/openApiGateways",
+            "Microsoft.ProgrammableConnectivity/openApiGatewayOfferings",
+            "Microsoft.ProgrammableConnectivity/OperatorOfferings",
+            "Microsoft.ProgrammableConnectivity/OperatorConnections",
+            "Microsoft.ProgrammableConnectivity/operatorApiPlans",
+            "Microsoft.ProgrammableConnectivity/operatorApiConnections",
+            "Microsoft.ProviderHub/providerRegistrations",
+            "Microsoft.ProviderHub/operationStatuses",
+            "Microsoft.ProviderHub/providerRegistrations/resourceTypeRegistrations",
+            "Microsoft.ProviderHub/providerRegistrations/defaultRollouts",
+            "Microsoft.ProviderHub/providerRegistrations/customRollouts",
+            "Microsoft.ProviderHub/providerRegistrations/checkinmanifest",
+            "Microsoft.ProviderHub/providerRegistrations/resourceActions",
+            "Microsoft.ProviderHub/availableAccounts",
+            "Microsoft.ProviderHub/providerRegistrations/authorizedApplications",
+            "Microsoft.Purview/accounts",
+            "Microsoft.Purview/accounts/kafkaConfigurations",
+            "Microsoft.Purview/operations",
+            "Microsoft.Purview/setDefaultAccount",
+            "Microsoft.Purview/removeDefaultAccount",
+            "Microsoft.Purview/getDefaultAccount",
+            "Microsoft.Purview/checkNameAvailability",
+            "Microsoft.Purview/locations",
+            "Microsoft.Purview/locations/operationResults",
+            "Microsoft.Purview/locations/listFeatures",
+            "Microsoft.Purview/locations/usages",
+            "Microsoft.Purview/policies",
+            "Microsoft.Quantum/Workspaces",
+            "Microsoft.Quantum/Operations",
+            "Microsoft.Quantum/Locations",
+            "Microsoft.Quantum/Locations/OperationStatuses",
+            "Microsoft.Quantum/locations/offerings",
+            "Microsoft.Quantum/Locations/CheckNameAvailability",
+            "Microsoft.Quota/usages",
+            "Microsoft.Quota/quotas",
+            "Microsoft.Quota/quotaRequests",
+            "Microsoft.Quota/operationsStatus",
+            "Microsoft.Quota/operations",
+            "Microsoft.Quota/groupQuotas",
+            "Microsoft.Quota/groupQuotas/groupQuotaLimits",
+            "Microsoft.Quota/groupQuotas/subscriptions",
+            "Microsoft.Quota/groupQuotas/groupQuotaRequests",
+            "Microsoft.Quota/groupQuotas/quotaAllocations",
+            "Microsoft.Quota/groupQuotas/quotaAllocationRequests",
+            "Microsoft.Quota/groupQuotas/groupQuotaOperationsStatus",
+            "Microsoft.Quota/groupQuotas/subscriptionRequests",
+            "Microsoft.Quota/groupQuotas/quotaAllocationOperationsStatus",
+            "Microsoft.RecommendationsService/locations",
+            "Microsoft.RecommendationsService/locations/operationStatuses",
+            "Microsoft.RecommendationsService/accounts",
+            "Microsoft.RecommendationsService/accounts/modeling",
+            "Microsoft.RecommendationsService/accounts/serviceEndpoints",
+            "Microsoft.RecommendationsService/operations",
+            "Microsoft.RecommendationsService/checkNameAvailability",
+            "Microsoft.RedHatOpenShift/locations",
+            "Microsoft.RedHatOpenShift/locations/operationresults",
+            "Microsoft.RedHatOpenShift/locations/operationsstatus",
+            "Microsoft.RedHatOpenShift/OpenShiftClusters",
+            "Microsoft.RedHatOpenShift/operations",
+            "Microsoft.RedHatOpenShift/locations/openshiftversions",
+            "Microsoft.ResourceConnector/locations",
+            "Microsoft.ResourceConnector/appliances",
+            "Microsoft.ResourceConnector/locations/operationsstatus",
+            "Microsoft.ResourceConnector/locations/operationresults",
+            "Microsoft.ResourceConnector/operations",
+            "Microsoft.ResourceConnector/telemetryconfig",
+            "Microsoft.ResourceGraph/resources",
+            "Microsoft.ResourceGraph/resourcesHistory",
+            "Microsoft.ResourceGraph/resourceChanges",
+            "Microsoft.ResourceGraph/resourceChangeDetails",
+            "Microsoft.ResourceGraph/operations",
+            "Microsoft.ResourceGraph/subscriptionsStatus",
+            "Microsoft.ResourceGraph/queries",
+            "Microsoft.ResourceGraph/generateQuery",
+            "Microsoft.ResourceNotifications/eventGridFilters",
+            "Microsoft.ResourceNotifications/operations",
+            "Microsoft.Resources/deploymentScripts",
+            "Microsoft.Resources/deploymentScripts/logs",
+            "Microsoft.Resources/locations/deploymentScriptOperationResults",
+            "Microsoft.Resources/templateSpecs",
+            "Microsoft.Resources/templateSpecs/versions",
+            "Microsoft.Resources/builtInTemplateSpecs",
+            "Microsoft.Resources/builtInTemplateSpecs/versions",
+            "Microsoft.Resources/deploymentStacks",
+            "Microsoft.Resources/locations/deploymentStackOperationStatus",
+            "Microsoft.Resources/mobobrokers",
+            "Microsoft.Resources/tenants",
+            "Microsoft.Resources/locations",
+            "Microsoft.Resources/operationresults",
+            "Microsoft.Resources/notifyResourceJobs",
+            "Microsoft.Resources/tags",
+            "Microsoft.Resources/checkPolicyCompliance",
+            "Microsoft.Resources/providers",
+            "Microsoft.Resources/checkresourcename",
+            "Microsoft.Resources/calculateTemplateHash",
+            "Microsoft.Resources/resources",
+            "Microsoft.Resources/subscriptions",
+            "Microsoft.Resources/subscriptions/resources",
+            "Microsoft.Resources/subscriptions/providers",
+            "Microsoft.Resources/subscriptions/operationresults",
+            "Microsoft.Resources/resourceGroups",
+            "Microsoft.Resources/subscriptions/resourceGroups",
+            "Microsoft.Resources/subscriptions/resourcegroups/resources",
+            "Microsoft.Resources/subscriptions/locations",
+            "Microsoft.Resources/subscriptions/tagnames",
+            "Microsoft.Resources/subscriptions/tagNames/tagValues",
+            "Microsoft.Resources/deployments",
+            "Microsoft.Resources/deployments/operations",
+            "Microsoft.Resources/validateResources",
+            "Microsoft.Resources/links",
+            "Microsoft.Resources/operations",
+            "Microsoft.Resources/bulkDelete",
+            "Microsoft.Resources/changes",
+            "Microsoft.Resources/snapshots",
+            "Microsoft.Resources/dataBoundaries",
+            "Microsoft.Resources/deploymentStacks/snapshots",
+            "Microsoft.Resources/checkZonePeers",
+            "Microsoft.SaaS/applications",
+            "Microsoft.SaaS/checknameavailability",
+            "Microsoft.SaaS/saasresources",
+            "Microsoft.SaaS/operationResults",
+            "Microsoft.SaaS/operations",
+            "Microsoft.SaaS/resources",
+            "Microsoft.SaaSHub/operationStatuses",
+            "Microsoft.SaaSHub/cloudServices",
+            "Microsoft.SaaSHub/operations",
+            "Microsoft.SaaSHub/registeredSubscriptions",
+            "Microsoft.SaaSHub/checkNameAvailability",
+            "Microsoft.SaaSHub/canCreate",
+            "Microsoft.SaaSHub/locations",
+            "Microsoft.SaaSHub/locations/operationStatuses",
+            "Microsoft.Scom/locations/operationStatuses",
+            "Microsoft.Scom/operations",
+            "Microsoft.Scom/locations",
+            "Microsoft.Scom/managedInstances",
+            "Microsoft.Scom/managedInstances/monitoredResources",
+            "Microsoft.Scom/managedInstances/managedGateways",
+            "Microsoft.ScVmm/locations",
+            "Microsoft.ScVmm/Locations/OperationStatuses",
+            "Microsoft.ScVmm/operations",
+            "Microsoft.ScVmm/VMMServers",
+            "Microsoft.ScVmm/Clouds",
+            "Microsoft.ScVmm/VirtualNetworks",
+            "Microsoft.ScVmm/VirtualMachineTemplates",
+            "Microsoft.ScVmm/VirtualMachines",
+            "Microsoft.ScVmm/AvailabilitySets",
+            "Microsoft.ScVmm/VMMServers/InventoryItems",
+            "Microsoft.ScVmm/VirtualMachines/HybridIdentityMetadata",
+            "Microsoft.ScVmm/VirtualMachines/GuestAgents",
+            "Microsoft.ScVmm/VirtualMachines/Extensions",
+            "Microsoft.ScVmm/VirtualMachineInstances",
+            "Microsoft.SecurityDetonation/chambers",
+            "Microsoft.SecurityDetonation/operations",
+            "Microsoft.SecurityDetonation/operationResults",
+            "Microsoft.SecurityDetonation/checkNameAvailability",
+            "Microsoft.SecurityDevOps/Locations",
+            "Microsoft.SecurityDevOps/Locations/OperationStatuses",
+            "Microsoft.SecurityDevOps/gitHubConnectors",
+            "Microsoft.SecurityDevOps/azureDevOpsConnectors",
+            "Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs",
+            "Microsoft.SecurityDevOps/gitHubConnectors/owners",
+            "Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects",
+            "Microsoft.SecurityDevOps/gitHubConnectors/owners/repos",
+            "Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects/repos",
+            "Microsoft.SecurityDevOps/Operations",
+            "Microsoft.SecurityDevOps/gitHubConnectors/stats",
+            "Microsoft.SecurityDevOps/gitHubConnectors/repos",
+            "Microsoft.SecurityDevOps/azureDevOpsConnectors/stats",
+            "Microsoft.SecurityDevOps/azureDevOpsConnectors/repos",
+            "Microsoft.SecurityDevOps/gitLabConnectors",
+            "Microsoft.SecurityDevOps/gitHubConnectors/gitHubInstallations",
+            "Microsoft.SecurityDevOps/gitHubConnectors/gitHubInstallations/gitHubRepositories",
+            "Microsoft.SecurityDevOps/gitLabConnectors/groups",
+            "Microsoft.SecurityDevOps/gitLabConnectors/projects",
+            "Microsoft.SecurityDevOps/gitLabConnectors/stats",
+            "Microsoft.SecurityDevOps/gitLabConnectors/groups/projects",
+            "Microsoft.SerialConsole/consoleServices",
+            "Microsoft.SerialConsole/serialPorts",
+            "Microsoft.SerialConsole/locations",
+            "Microsoft.SerialConsole/locations/consoleServices",
+            "Microsoft.SerialConsole/operations",
+            "Microsoft.ServiceNetworking/trafficControllers",
+            "Microsoft.ServiceNetworking/trafficControllers/frontends",
+            "Microsoft.ServiceNetworking/trafficControllers/associations",
+            "Microsoft.ServiceNetworking/operations",
+            "Microsoft.ServiceNetworking/locations",
+            "Microsoft.ServiceNetworking/locations/operations",
+            "Microsoft.ServiceNetworking/locations/operationResults",
+            "Microsoft.ServicesHub/connectors",
+            "Microsoft.ServicesHub/workspaces",
+            "Microsoft.ServicesHub/supportOfferingEntitlement",
+            "Microsoft.ServicesHub/operations",
+            "Microsoft.ServicesHub/getRecommendationsContent",
+            "Microsoft.ServicesHub/connectors/connectorSpaces",
+            "Microsoft.SignalRService/SignalR",
+            "Microsoft.SignalRService/WebPubSub",
+            "Microsoft.SignalRService/SignalR/replicas",
+            "Microsoft.SignalRService/WebPubSub/replicas",
+            "Microsoft.SignalRService/locations",
+            "Microsoft.SignalRService/locations/operationResults",
+            "Microsoft.SignalRService/locations/operationStatuses",
+            "Microsoft.SignalRService/operations",
+            "Microsoft.SignalRService/locations/checkNameAvailability",
+            "Microsoft.SignalRService/locations/usages",
+            "Microsoft.SignalRService/SignalR/eventGridFilters",
+            "Microsoft.Singularity/accounts",
+            "Microsoft.Singularity/accounts/storageContainers",
+            "Microsoft.Singularity/accounts/networks",
+            "Microsoft.Singularity/accounts/secrets",
+            "Microsoft.Singularity/accounts/accountQuotaPolicies",
+            "Microsoft.Singularity/accounts/groupPolicies",
+            "Microsoft.Singularity/accounts/jobs",
+            "Microsoft.Singularity/accounts/models",
+            "Microsoft.Singularity/locations",
+            "Microsoft.Singularity/locations/instanceTypeSeries",
+            "Microsoft.Singularity/locations/instanceTypeSeries/instanceTypes",
+            "Microsoft.Singularity/locations/operationResults",
+            "Microsoft.Singularity/locations/operationStatus",
+            "Microsoft.Singularity/operations",
+            "Microsoft.Singularity/images",
+            "Microsoft.Singularity/quotas",
+            "Microsoft.SoftwarePlan/hybridUseBenefits",
+            "Microsoft.SoftwarePlan/operations",
+            "Microsoft.Solutions/applications",
+            "Microsoft.Solutions/applicationDefinitions",
+            "Microsoft.Solutions/locations",
+            "Microsoft.Solutions/jitRequests",
+            "Microsoft.Solutions/locations/operationstatuses",
+            "Microsoft.Solutions/Operations",
+            "Microsoft.Sovereign/Locations",
+            "Microsoft.Sovereign/Locations/OperationStatuses",
+            "Microsoft.Sovereign/landingZoneConfigurations",
+            "Microsoft.Sovereign/landingZoneRegistrations",
+            "Microsoft.Sovereign/Operations",
+            "Microsoft.Sovereign/checkNameAvailability",
+            "Microsoft.SqlVirtualMachine/SqlVirtualMachineGroups",
+            "Microsoft.SqlVirtualMachine/SqlVirtualMachines",
+            "Microsoft.SqlVirtualMachine/SqlVirtualMachineGroups/AvailabilityGroupListeners",
+            "Microsoft.SqlVirtualMachine/operations",
+            "Microsoft.SqlVirtualMachine/Locations",
+            "Microsoft.SqlVirtualMachine/Locations/OperationTypes",
+            "Microsoft.SqlVirtualMachine/Locations/sqlVirtualMachineOperationResults",
+            "Microsoft.SqlVirtualMachine/Locations/sqlVirtualMachineGroupOperationResults",
+            "Microsoft.SqlVirtualMachine/Locations/availabilityGroupListenerOperationResults",
+            "Microsoft.SqlVirtualMachine/Locations/registerSqlVmCandidate",
+            "Microsoft.StandbyPool/Locations",
+            "Microsoft.StandbyPool/Locations/OperationStatuses",
+            "Microsoft.StandbyPool/Operations",
+            "Microsoft.StorageActions/storageTasks",
+            "Microsoft.StorageActions/operations",
+            "Microsoft.StorageActions/locations/asyncoperations",
+            "Microsoft.StorageActions/locations/previewActions",
+            "Microsoft.StorageActions/locations",
+            "Microsoft.StorageCache/caches",
+            "Microsoft.StorageCache/caches/storageTargets",
+            "Microsoft.StorageCache/amlFilesystems",
+            "Microsoft.StorageCache/operations",
+            "Microsoft.StorageCache/usageModels",
+            "Microsoft.StorageCache/checkAmlFSSubnets",
+            "Microsoft.StorageCache/getRequiredAmlFSSubnetsSize",
+            "Microsoft.StorageCache/locations",
+            "Microsoft.StorageCache/locations/ascoperations",
+            "Microsoft.StorageCache/locations/usages",
+            "Microsoft.StorageMover/storageMovers",
+            "Microsoft.StorageMover/storageMovers/projects",
+            "Microsoft.StorageMover/storageMovers/agents",
+            "Microsoft.StorageMover/storageMovers/endpoints",
+            "Microsoft.StorageMover/storageMovers/projects/jobDefinitions",
+            "Microsoft.StorageMover/operations",
+            "Microsoft.StorageMover/storageMovers/projects/jobDefinitions/jobRuns",
+            "Microsoft.StorageMover/locations",
+            "Microsoft.StorageMover/locations/operationStatuses",
+            "Microsoft.StorageSync/storageSyncServices",
+            "Microsoft.StorageSync/storageSyncServices/syncGroups",
+            "Microsoft.StorageSync/storageSyncServices/syncGroups/cloudEndpoints",
+            "Microsoft.StorageSync/storageSyncServices/syncGroups/serverEndpoints",
+            "Microsoft.StorageSync/storageSyncServices/registeredServers",
+            "Microsoft.StorageSync/storageSyncServices/workflows",
+            "Microsoft.StorageSync/operations",
+            "Microsoft.StorageSync/locations",
+            "Microsoft.StorageSync/locations/checkNameAvailability",
+            "Microsoft.StorageSync/locations/workflows",
+            "Microsoft.StorageSync/locations/operations",
+            "Microsoft.StorageSync/locations/operationResults",
+            "Microsoft.StorageTasks/locations",
+            "Microsoft.Subscription/SubscriptionDefinitions",
+            "Microsoft.Subscription/SubscriptionOperations",
+            "Microsoft.Subscription/CreateSubscription",
+            "Microsoft.Subscription/operations",
+            "Microsoft.Subscription/cancel",
+            "Microsoft.Subscription/validateCancel",
+            "Microsoft.Subscription/rename",
+            "Microsoft.Subscription/enable",
+            "Microsoft.Subscription/subscriptions",
+            "Microsoft.Subscription/aliases",
+            "Microsoft.Subscription/operationResults",
+            "Microsoft.Subscription/acceptChangeTenant",
+            "Microsoft.Subscription/changeTenantStatus",
+            "Microsoft.Subscription/changeTenantRequest",
+            "Microsoft.Subscription/policies",
+            "Microsoft.Subscription/acceptOwnership",
+            "Microsoft.Subscription/acceptOwnershipStatus",
+            // Not supported in Mooncake
+            /*
+            "microsoft.support/operations",
+            "microsoft.support/checkNameAvailability",
+            "microsoft.support/classifyServices",
+            "microsoft.support/services",
+            "microsoft.support/services/problemclassifications",
+            "microsoft.support/supporttickets",
+            "microsoft.support/supporttickets/communications",
+            "microsoft.support/operationresults",
+            "microsoft.support/operationsstatus",
+            "microsoft.support/lookUpResourceId",
+            "microsoft.support/fileWorkspaces",
+            "microsoft.support/fileWorkspaces/files",
+            */
+            "Microsoft.Synapse/workspaces",
+            "Microsoft.Synapse/workspaces/bigDataPools",
+            "Microsoft.Synapse/workspaces/sqlPools",
+            "Microsoft.Synapse/workspaces/sqlDatabases",
+            "Microsoft.Synapse/locations/sqlDatabaseAzureAsyncOperation",
+            "Microsoft.Synapse/locations/sqlDatabaseOperationResults",
+            "Microsoft.Synapse/workspaces/kustoPools",
+            "Microsoft.Synapse/locations/kustoPoolOperationResults",
+            "Microsoft.Synapse/locations/kustoPoolCheckNameAvailability",
+            "Microsoft.Synapse/workspaces/kustoPools/databases",
+            "Microsoft.Synapse/workspaces/kustoPools/attacheddatabaseconfigurations",
+            "Microsoft.Synapse/workspaces/kustoPools/databases/dataconnections",
+            "Microsoft.Synapse/locations/sqlPoolAzureAsyncOperation",
+            "Microsoft.Synapse/locations/sqlPoolOperationResults",
+            "Microsoft.Synapse/workspaces/operationStatuses",
+            "Microsoft.Synapse/workspaces/operationResults",
+            "Microsoft.Synapse/checkNameAvailability",
+            "Microsoft.Synapse/operations",
+            "Microsoft.Synapse/kustoOperations",
+            "Microsoft.Synapse/privateLinkHubs",
+            "Microsoft.Synapse/locations",
+            "Microsoft.Synapse/locations/operationResults",
+            "Microsoft.Synapse/locations/operationStatuses",
+            "Microsoft.Synapse/locations/usages",
+            "Microsoft.Synapse/workspaces/usages",
+            "Microsoft.Syntex/documentProcessors",
+            "Microsoft.Syntex/operations",
+            "Microsoft.Syntex/accounts",
+            "Microsoft.Syntex/Locations",
+            "Microsoft.Syntex/Locations/OperationStatuses",
+            "Microsoft.TestBase/locations",
+            "Microsoft.TestBase/locations/operationstatuses",
+            "Microsoft.TestBase/skus",
+            "Microsoft.TestBase/operations",
+            "Microsoft.TestBase/testBaseAccounts",
+            "Microsoft.TestBase/testBaseAccounts/usages",
+            "Microsoft.TestBase/testBaseAccounts/availableOSs",
+            "Microsoft.TestBase/testBaseAccounts/testTypes",
+            "Microsoft.TestBase/testBaseAccounts/flightingRings",
+            "Microsoft.TestBase/testBaseAccounts/packages",
+            "Microsoft.TestBase/testBaseAccounts/packages/osUpdates",
+            "Microsoft.TestBase/testBaseAccounts/testSummaries",
+            "Microsoft.TestBase/testBaseAccounts/packages/favoriteProcesses",
+            "Microsoft.TestBase/testBaseAccounts/packages/testResults",
+            "Microsoft.TestBase/testBaseAccounts/packages/testResults/analysisResults",
+            "Microsoft.TestBase/testBaseAccounts/emailEvents",
+            "Microsoft.TestBase/testBaseAccounts/customerEvents",
+            "Microsoft.TestBase/testBaseAccounts/featureUpdateSupportedOses",
+            "Microsoft.TestBase/testBaseAccounts/availableInplaceUpgradeOSs",
+            "Microsoft.TestBase/testBaseAccounts/firstPartyApps",
+            "Microsoft.TestBase/testBaseAccounts/draftPackages",
+            "Microsoft.TestBase/testBaseAccounts/actionRequests",
+            "Microsoft.TestBase/testBaseAccounts/testConfigurations",
+            "Microsoft.TestBase/testBaseAccounts/availableVMConfigurationTypes",
+            "Microsoft.TestBase/testBaseAccounts/customImages",
+            "Microsoft.TestBase/testBaseAccounts/vhds",
+            "Microsoft.TestBase/testBaseAccounts/imageDefinitions",
+            "Microsoft.TestBase/testBaseAccounts/galleryApps",
+            "Microsoft.TestBase/testBaseAccounts/galleryApps/galleryAppSkus",
+            "Microsoft.TestBase/testBaseAccounts/chatSessions",
+            "Microsoft.TestBase/testBaseAccounts/freeHourBalances",
+            "Microsoft.TestBase/testBaseAccounts/credentials",
+            "Microsoft.TestBase/testBaseAccounts/testConfigurations/testResults",
+            "Microsoft.UsageBilling/operations",
+            "Microsoft.VideoIndexer/operations",
+            "Microsoft.VideoIndexer/locations",
+            "Microsoft.VideoIndexer/locations/operationstatuses",
+            "Microsoft.VideoIndexer/accounts",
+            "Microsoft.VideoIndexer/checknameavailability",
+            "Microsoft.VideoIndexer/locations/userclassicaccounts",
+            "Microsoft.VideoIndexer/locations/classicaccounts",
+            "Microsoft.VirtualMachineImages/imageTemplates",
+            "Microsoft.VirtualMachineImages/imageTemplates/runOutputs",
+            "Microsoft.VirtualMachineImages/imageTemplates/triggers",
+            "Microsoft.VirtualMachineImages/locations",
+            "Microsoft.VirtualMachineImages/locations/operations",
+            "Microsoft.VirtualMachineImages/operations",
+            "microsoft.visualstudio/account",
+            "microsoft.visualstudio/operations",
+            "microsoft.visualstudio/account/extension",
+            "microsoft.visualstudio/checkNameAvailability",
+            "Microsoft.VMware/Locations",
+            "Microsoft.VMware/Locations/OperationStatuses",
+            "Microsoft.VMware/Operations",
+            "Microsoft.VMware/VCenters/InventoryItems",
+            "Microsoft.VoiceServices/Operations",
+            "Microsoft.VoiceServices/locations",
+            "Microsoft.VoiceServices/locations/checkNameAvailability",
+            "Microsoft.VoiceServices/registeredSubscriptions",
+            "Microsoft.VSOnline/accounts",
+            "Microsoft.VSOnline/plans",
+            "Microsoft.VSOnline/operations",
+            "Microsoft.VSOnline/registeredSubscriptions",
+            "Microsoft.WindowsIoT/DeviceServices",
+            "Microsoft.WindowsIoT/operations",
+            "Microsoft.WindowsPushNotificationServices/checkNameAvailability",
+            "Microsoft.WorkloadBuilder/Locations",
+            "Microsoft.WorkloadBuilder/Locations/OperationStatuses",
+            "Microsoft.WorkloadBuilder/Operations",
+            "Microsoft.Workloads/Locations",
+            "Microsoft.Workloads/Locations/OperationStatuses",
+            "Microsoft.Workloads/sapVirtualInstances",
+            "Microsoft.Workloads/sapVirtualInstances/applicationInstances",
+            "Microsoft.Workloads/sapVirtualInstances/centralInstances",
+            "Microsoft.Workloads/sapVirtualInstances/databaseInstances",
+            "Microsoft.Workloads/Operations",
+            "Microsoft.Workloads/monitors",
+            "Microsoft.Workloads/monitors/providerInstances",
+            "Microsoft.Workloads/Locations/sapVirtualInstanceMetadata",
+            "Microsoft.Workloads/connectors",
+            "Microsoft.Workloads/connectors/acssBackups",
+            "Microsoft.Workloads/monitors/sapLandscapeMonitor",
+            "NewRelic.Observability/operations",
+            "NewRelic.Observability/registeredSubscriptions",
+            "NewRelic.Observability/locations",
+            "NewRelic.Observability/locations/operationStatuses",
+            "NewRelic.Observability/monitors",
+            "NewRelic.Observability/monitors/tagRules",
+            "NewRelic.Observability/checkNameAvailability",
+            "NewRelic.Observability/accounts",
+            "NewRelic.Observability/plans",
+            "NewRelic.Observability/organizations",
+            "NewRelic.Observability/monitors/monitoredSubscriptions",
+            "NGINX.NGINXPLUS/operations",
+            "NGINX.NGINXPLUS/locations",
+            "NGINX.NGINXPLUS/locations/operationStatuses",
+            "NGINX.NGINXPLUS/nginxDeployments/configurations",
+            "NGINX.NGINXPLUS/nginxDeployments",
+            "NGINX.NGINXPLUS/nginxDeployments/certificates",
+            "Oracle.Database/Locations",
+            "Oracle.Database/Locations/OperationStatuses",
+            "Oracle.Database/Operations",
+            "PaloAltoNetworks.Cloudngfw/operations",
+            "PaloAltoNetworks.Cloudngfw/locations",
+            "PaloAltoNetworks.Cloudngfw/registeredSubscriptions",
+            "PaloAltoNetworks.Cloudngfw/checkNameAvailability",
+            "PaloAltoNetworks.Cloudngfw/Locations/operationStatuses",
+            "PaloAltoNetworks.Cloudngfw/firewalls",
+            "PaloAltoNetworks.Cloudngfw/localRulestacks",
+            "PaloAltoNetworks.Cloudngfw/globalRulestacks",
+            "PaloAltoNetworks.Cloudngfw/localRulestacks/localRules",
+            "PaloAltoNetworks.Cloudngfw/localRulestacks/fqdnlists",
+            "PaloAltoNetworks.Cloudngfw/globalRulestacks/fqdnlists",
+            "PaloAltoNetworks.Cloudngfw/globalRulestacks/preRules",
+            "PaloAltoNetworks.Cloudngfw/globalRulestacks/postRules",
+            "PaloAltoNetworks.Cloudngfw/globalRulestacks/prefixlists",
+            "PaloAltoNetworks.Cloudngfw/localRulestacks/prefixlists",
+            "PaloAltoNetworks.Cloudngfw/globalRulestacks/certificates",
+            "PaloAltoNetworks.Cloudngfw/localRulestacks/certificates",
+            "PaloAltoNetworks.Cloudngfw/firewalls/statuses",
+            "PureStorage.Block/operations",
+            "PureStorage.Block/locations",
+            "PureStorage.Block/checkNameAvailability",
+            "PureStorage.Block/locations/operationStatuses",
+            "Qumulo.Storage/registeredSubscriptions",
+            "Qumulo.Storage/locations",
+            "Qumulo.Storage/locations/operationStatuses",
+            "Qumulo.Storage/checkNameAvailability",
+            "Qumulo.Storage/operations",
+            "Qumulo.Storage/fileSystems",
+            "SolarWinds.Observability/operations",
+            "SolarWinds.Observability/registeredSubscriptions",
+            "SolarWinds.Observability/locations",
+            "SolarWinds.Observability/locations/operationStatuses",
+            "SolarWinds.Observability/checkNameAvailability",
+            "SplitIO.Experimentation/operations",
+            "SplitIO.Experimentation/locations",
+            "SplitIO.Experimentation/locations/operationStatuses",
+            "SplitIO.Experimentation/checkNameAvailability",
+            "Wandisco.Fusion/Locations",
+            "Wandisco.Fusion/Locations/operationStatuses",
+            "Wandisco.Fusion/registeredSubscriptions",
+            "Wandisco.Fusion/Operations",
+            "Wandisco.Fusion/migrators",
+            "Wandisco.Fusion/migrators/targets",
+            "Wandisco.Fusion/migrators/liveDataMigrations",
+            "Wandisco.Fusion/migrators/exclusionTemplates",
+            "Wandisco.Fusion/migrators/metadataMigrations",
+            "Wandisco.Fusion/migrators/metadataTargets",
+            "Wandisco.Fusion/migrators/pathMappings",
+            "Wandisco.Fusion/migrators/dataTransferAgents",
+            "Wandisco.Fusion/migrators/verifications"
+        ]
+
+    },
+    "resources": [
+        {
+            "condition": "[not(contains(variables('knownPolicyInitativeDefinitionIdsThatRequireParamaeters'), parameters('policySetDefinitionId')))]",
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[parameters('policyAssignmentName')]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[parameters('policySetDefinitionDescription')]",
+                "displayName": "[parameters('policySetDefinitionDisplayName')]",
+                "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+                "enforcementMode": "[parameters('enforcementMode')]"
+            }
+        },
+        {
+            // [Preview]: Australian Government ISM PROTECTED
+            "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077')]",
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[parameters('policyAssignmentName')]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[parameters('policySetDefinitionDescription')]",
+                "displayName": "[parameters('policySetDefinitionDisplayName')]",
+                "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "parameters": {
+                    "membersToExclude": {
+                        "value": "[parameters('regCompPolParAusGovIsmRestrictedVmAdminsExclude')]"
+                    },
+                    "logAnalyticsWorkspaceId": {
+                        "value": "[parameters('logAnalyticsWorkspaceId')]"
+                    },
+                    "listOfResourceTypes": {
+                        "value": "[if(equals(parameters('regCompPolParAusGovIsmRestrictedResourceTypes'), 'all'), variables('allResourceTypes'), createArray())]"
+                    }
+                }
+            }
+        },
+        {
+            // [Preview]: Motion Picture Association of America (MPAA)
+            "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/92646f03-e39d-47a9-9e24-58d60ef49af8')]",
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[parameters('policyAssignmentName')]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[parameters('policySetDefinitionDescription')]",
+                "displayName": "[parameters('policySetDefinitionDisplayName')]",
+                "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "parameters": {
+                    "certificateThumbprints": {
+                        "value": "[parameters('regCompPolParMPAACertificateThumb')]"
+                    },
+                    "applicationName": {
+                        "value": "[parameters('regCompPolParMPAAApplicationName')]"
+                    },
+                    "storagePrefix": {
+                        "value": "[parameters('regCompPolParMPAAStoragePrefix')]"
+                    },
+                    "rgName": {
+                        "value": "[parameters('regCompPolParMPAAResGroupPrefix')]"
+                    },
+                    "metricName": {
+                        "value": "[parameters('regCompPolParMPAARBatchMetricName')]"
+                    }
+                }
+            }
+        },
+        {
+            // [Preview]: Sovereignty Baseline - Confidential Policies
+            "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/03de05a4-c324-4ccd-882f-a814ea8ab9ea')]",
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[parameters('policyAssignmentName')]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[parameters('policySetDefinitionDescription')]",
+                "displayName": "[parameters('policySetDefinitionDisplayName')]",
+                "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "parameters": {
+                    "listOfAllowedLocations": {
+                        "value": "[parameters('regCompPolParSovBaseConfRegions')]"
+                    }
+                }
+            }
+        },
+        {
+            // [Preview]: Sovereignty Baseline - Global Policies
+            "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/c1cbff38-87c0-4b9f-9f70-035c7a3b5523')]",
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[parameters('policyAssignmentName')]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[parameters('policySetDefinitionDescription')]",
+                "displayName": "[parameters('policySetDefinitionDisplayName')]",
+                "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "parameters": {
+                    "listOfAllowedLocations": {
+                        "value": "[parameters('regCompPolParSovBaseGlobalRegions')]"
+                    }
+                }
+            }
+        },
+        {
+            // [Preview]: SWIFT CSP-CSCF v2020
+            "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22')]",
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[parameters('policyAssignmentName')]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[parameters('policySetDefinitionDescription')]",
+                "displayName": "[parameters('policySetDefinitionDisplayName')]",
+                "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "parameters": {
+                    "workspaceIDsLogAnalyticsAgentShouldConnectTo": {
+                        "value": "[parameters('logAnalyticsWorkspaceId')]"
+                    },
+                    "listOfMembersToIncludeInWindowsVMAdministratorsGroup": {
+                        "value": "[parameters('regCompPolParSwift2020VmAdminsInclude')]"
+                    },
+                    "domainNameFQDN": {
+                        "value": "[parameters('regCompPolParSwift2020DomainFqdn')]"
+                    }
+                }
+            }
+        },
+        {
+            // Canada Federal PBMM
+            "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87')]",
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[parameters('policyAssignmentName')]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[parameters('policySetDefinitionDescription')]",
+                "displayName": "[parameters('policySetDefinitionDisplayName')]",
+                "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "parameters": {
+                    "logAnalyticsWorkspaceIdforVMReporting": {
+                        "value": "[parameters('logAnalyticsWorkspaceId')]"
+                    },
+                    "listOfMembersToExcludeFromWindowsVMAdministratorsGroup": {
+                        "value": "[parameters('regCompPolParCanadaFedPbmmVmAdminsExclude')]"
+                    },
+                    "listOfMembersToIncludeInWindowsVMAdministratorsGroup": {
+                        "value": "[parameters('regCompPolParCanadaFedPbmmVmAdminsInclude')]"
+                    }
+                }
+            }
+        },
+        {
+            // CIS Microsoft Azure Foundations Benchmark v2.0.0
+            "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/06f19060-9e68-4070-92ca-f15cc126059e')]",
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[parameters('policyAssignmentName')]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[parameters('policySetDefinitionDescription')]",
+                "displayName": "[parameters('policySetDefinitionDisplayName')]",
+                "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "parameters": {
+                    "maximumDaysToRotate-d8cf8476-a2ec-4916-896e-992351803c44": {
+                        "value": "[parameters('regCompPolParCisV2KeyVaultKeysRotateDays')]"
+                    }
+                }
+            }
+        },
+        {
+            // CMMC Level 3
+            "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/b5629c75-5c77-4422-87b9-2509e680f8de')]",
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[parameters('policyAssignmentName')]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[parameters('policySetDefinitionDescription')]",
+                "displayName": "[parameters('policySetDefinitionDisplayName')]",
+                "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "parameters": {
+                    "logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917": {
+                        "value": "[parameters('logAnalyticsWorkspaceId')]"
+                    },
+                    "MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7": {
+                        "value": "[parameters('regCompPolParCmmcL3VmAdminsInclude')]"
+                    },
+                    "MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f": {
+                        "value": "[parameters('regCompPolParCmmcL3VmAdminsExclude')]"
+                    }
+                }
+            }
+        },
+        {
+            // HITRUST/HIPAA
+            "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab')]",
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[parameters('policyAssignmentName')]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[parameters('policySetDefinitionDescription')]",
+                "displayName": "[parameters('policySetDefinitionDisplayName')]",
+                "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "parameters": {
+                    "CertificateThumbprints": {
+                        "value": "[parameters('regCompPolParHitrustHipaaCertificateThumb')]"
+                    },
+                    "installedApplicationsOnWindowsVM": {
+                        "value": "[parameters('regCompPolParHitrustHipaaApplicationName')]"
+                    },
+                    "DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix": {
+                        "value": "[parameters('regCompPolParHitrustHipaaStoragePrefix')]"
+                    },
+                    "DeployDiagnosticSettingsforNetworkSecurityGroupsrgName": {
+                        "value": "[parameters('regCompPolParHitrustHipaaResGroupPrefix')]"
+                    }
+                }
+            }
+        },
+        {
+            // IRS1075 September 2016
+            "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d')]",
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[parameters('policyAssignmentName')]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[parameters('policySetDefinitionDescription')]",
+                "displayName": "[parameters('policySetDefinitionDisplayName')]",
+                "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "parameters": {
+                    "logAnalyticsWorkspaceIdforVMReporting": {
+                        "value": "[parameters('logAnalyticsWorkspaceId')]"
+                    },
+                    "listOfMembersToExcludeFromWindowsVMAdministratorsGroup": {
+                        "value": "[parameters('regCompPolParIrs1075Sep2016VmAdminsExclude')]"
+                    },
+                    "listOfMembersToIncludeInWindowsVMAdministratorsGroup": {
+                        "value": "[parameters('regCompPolParIrs1075Sep2016VmAdminsInclude')]"
+                    }
+                }
+            }
+        },
+        {
+            // New Zealand ISM Restricted
+            "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a')]",
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[parameters('policyAssignmentName')]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[parameters('policySetDefinitionDescription')]",
+                "displayName": "[parameters('policySetDefinitionDisplayName')]",
+                "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "parameters": {
+                    "MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7": {
+                        "value": "[parameters('regCompPolParNZIsmRestrictedVmAdminsInclude')]"
+                    },
+                    "MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f": {
+                        "value": "[parameters('regCompPolParNZIsmRestrictedVmAdminsExclude')]"
+                    }
+                }
+            }
+        },
+        {
+            // NIST SP 800-171 Rev. 2
+            "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/03055927-78bd-4236-86c0-f36125a10dc9')]",
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[parameters('policyAssignmentName')]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[parameters('policySetDefinitionDescription')]",
+                "displayName": "[parameters('policySetDefinitionDisplayName')]",
+                "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "parameters": {
+                    "logAnalyticsWorkspaceIDForVMAgents": {
+                        "value": "[parameters('logAnalyticsWorkspaceId')]"
+                    },
+                    "membersToExcludeInLocalAdministratorsGroup": {
+                        "value": "[parameters('regCompPolParNistSp800171R2VmAdminsExclude')]"
+                    },
+                    "membersToIncludeInLocalAdministratorsGroup": {
+                        "value": "[parameters('regCompPolParNistSp800171R2VmAdminsInclude')]"
+                    }
+                }
+            }
+        },
+        {
+            // SOC 2 Type 2
+            "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/4054785f-702b-4a98-9215-009cbd58b141')]",
+            "type": "Microsoft.Authorization/policyAssignments",
+            "apiVersion": "2022-06-01",
+            "name": "[parameters('policyAssignmentName')]",
+            "location": "[deployment().location]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "description": "[parameters('policySetDefinitionDescription')]",
+                "displayName": "[parameters('policySetDefinitionDisplayName')]",
+                "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+                "enforcementMode": "[parameters('enforcementMode')]",
+                "parameters": {
+                    "allowedContainerImagesRegex-febd0533-8e55-448f-b837-bd0e06f16469": {
+                        "value": "[parameters('regCompPolParSoc2Type2AllowedRegistries')]"
+                    },
+                    "cpuLimit-e345eecc-fa47-480f-9e88-67dcc122b164": {
+                        "value": "[parameters('regCompPolParSoc2Type2MaxCpuUnits')]"
+                    },
+                    "memoryLimit-e345eecc-fa47-480f-9e88-67dcc122b164": {
+                        "value": "[parameters('regCompPolParSoc2Type2MaxMemoryBytes')]"
+                    }
+                }
+            }
+        },
+        {
+            "type": "Microsoft.Authorization/roleAssignments",
+            "apiVersion": "2019-04-01-preview",
+            "name": "[variables('roleAssignmentNames').deployRoles]",
+            "dependsOn": [
+                "[parameters('policyAssignmentName')]"
+            ],
+            "properties": {
+                "principalType": "ServicePrincipal",
+                "roleDefinitionId": "[concat('/providers/Microsoft.Authorization/roleDefinitions/', variables('rbacContributor'))]",
+                "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', parameters('policyAssignmentName')), '2019-09-01', 'Full' ).identity.principalId)]"
+            }
+        }
+    ],
+    "outputs": {}
+}
\ No newline at end of file
diff --git a/eslzArm/subscriptionTemplates/mcmdfcConfiguration.json b/eslzArm/subscriptionTemplates/mcmdfcConfiguration.json
new file mode 100644
index 0000000000..0811bbdaf3
--- /dev/null
+++ b/eslzArm/subscriptionTemplates/mcmdfcConfiguration.json
@@ -0,0 +1,683 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "enableAscForServers": {
+            "type": "String",
+            "allowedValues": [
+                "DeployIfNotExists",
+                "Disabled"
+            ],
+            "defaultValue": "DeployIfNotExists",
+            "metadata": {
+                "displayName": "Effect",
+                "description": "Enable or disable the execution of the policy"
+            }
+        },
+        "enableAscForCosmosDbs": {
+            "type": "String",
+            "allowedValues": [
+                "DeployIfNotExists",
+                "Disabled"
+            ],
+            "defaultValue": "DeployIfNotExists",
+            "metadata": {
+                "displayName": "Effect",
+                "description": "Enable or disable the execution of the policy"
+            }
+        },
+        "enableAscForSql": {
+            "type": "String",
+            "allowedValues": [
+                "DeployIfNotExists",
+                "Disabled"
+            ],
+            "defaultValue": "DeployIfNotExists",
+            "metadata": {
+                "displayName": "Effect",
+                "description": "Enable or disable the execution of the policy"
+            }
+        },
+        "enableAscForSqlOnVm": {
+            "type": "String",
+            "allowedValues": [
+                "DeployIfNotExists",
+                "Disabled"
+            ],
+            "defaultValue": "DeployIfNotExists",
+            "metadata": {
+                "displayName": "Effect",
+                "description": "Enable or disable the execution of the policy"
+            }
+        },
+        "enableAscForArm": {
+            "type": "String",
+            "allowedValues": [
+                "DeployIfNotExists",
+                "Disabled"
+            ],
+            "defaultValue": "DeployIfNotExists",
+            "metadata": {
+                "displayName": "Effect",
+                "description": "Enable or disable the execution of the policy"
+            }
+        },
+        "enableAscForOssDb": {
+            "type": "String",
+            "allowedValues": [
+                "DeployIfNotExists",
+                "Disabled"
+            ],
+            "defaultValue": "DeployIfNotExists",
+            "metadata": {
+                "displayName": "Effect",
+                "description": "Enable or disable the execution of the policy"
+            }
+        },
+        "enableAscForAppServices": {
+            "type": "String",
+            "allowedValues": [
+                "DeployIfNotExists",
+                "Disabled"
+            ],
+            "defaultValue": "DeployIfNotExists",
+            "metadata": {
+                "displayName": "Effect",
+                "description": "Enable or disable the execution of the policy"
+            }
+        },
+        "enableAscForKeyVault": {
+            "type": "String",
+            "allowedValues": [
+                "DeployIfNotExists",
+                "Disabled"
+            ],
+            "defaultValue": "DeployIfNotExists",
+            "metadata": {
+                "displayName": "Effect",
+                "description": "Enable or disable the execution of the policy"
+            }
+        },
+        "enableAscForStorage": {
+            "type": "String",
+            "allowedValues": [
+                "DeployIfNotExists",
+                "Disabled"
+            ],
+            "defaultValue": "DeployIfNotExists",
+            "metadata": {
+                "displayName": "Effect",
+                "description": "Enable or disable the execution of the policy"
+            }
+        },
+        "enableAscForContainers": {
+            "type": "String",
+            "allowedValues": [
+                "DeployIfNotExists",
+                "Disabled"
+            ],
+            "defaultValue": "DeployIfNotExists",
+            "metadata": {
+                "displayName": "Effect",
+                "description": "Enable or disable the execution of the policy"
+            }
+        },
+        "enableAscForApis": {
+            "type": "String",
+            "allowedValues": [
+                "DeployIfNotExists",
+                "Disabled"
+            ],
+            "defaultValue": "DeployIfNotExists",
+            "metadata": {
+                "displayName": "Effect",
+                "description": "Enable or disable the execution of the policy"
+            }
+        },
+        "enableAscForCspm": {
+            "type": "String",
+            "allowedValues": [
+                "DeployIfNotExists",
+                "Disabled"
+            ],
+            "defaultValue": "DeployIfNotExists",
+            "metadata": {
+                "displayName": "Effect",
+                "description": "Enable or disable the execution of the policy"
+            }
+        },
+        "resourceGroupLocation": {
+            "type": "String",
+            "metadata": {
+                "displayName": "Resource group location",
+                "description": "The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.",
+                "strongType": "location"
+            }
+        },
+        "resourceGroupName": {
+            "type": "String",
+            "metadata": {
+                "displayName": "Resource group name",
+                "description": "The name of the resource group hosting the Log Analytics workspace."
+            }
+        },
+        "logAnalyticsResourceId": {
+            "type": "String",
+            "metadata": {
+                "displayName": "Log Analytics workspace",
+                "description": "The Log Analytics workspace of where the data should be exported to.",
+                "strongType": "Microsoft.OperationalInsights/workspaces",
+                "assignPermissions": true
+            }
+        },
+        "emailContactAsc": {
+            "type": "String",
+            "metadata": {
+                "displayName": "Resource group name",
+                "description": "The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured."
+            }
+        },
+        "exportedDataTypes": {
+            "type": "Array",
+            "metadata": {
+            "displayName": "Exported data types",
+            "description": "The data types to be exported. To export a snapshot (preview) of the data once a week, choose the data types which contains 'snapshot', other data types will be sent in real-time streaming."
+            },
+            "allowedValues": [
+                "Security recommendations",
+                "Security alerts",
+                "Overall secure score",
+                "Secure score controls",
+                "Regulatory compliance",
+                "Overall secure score - snapshot",
+                "Secure score controls - snapshot",
+                "Regulatory compliance - snapshot",
+                "Security recommendations - snapshot",
+                "Security findings - snapshot"
+            ],
+            "defaultValue": [
+                "Security recommendations",
+                "Security alerts",
+                "Overall secure score",
+                "Secure score controls",
+                "Regulatory compliance",
+                "Overall secure score - snapshot",
+                "Secure score controls - snapshot",
+                "Regulatory compliance - snapshot",
+                "Security recommendations - snapshot",
+                "Security findings - snapshot"
+            ]
+        },
+        "recommendationNames": {
+            "type": "Array",
+            "metadata": {
+            "displayName": "Recommendation IDs",
+            "description": "Applicable only for export of security recommendations. To export all recommendations, leave this empty. To export specific recommendations, enter a list of recommendation IDs separated by semicolons (';'). Recommendation IDs are available through the Assessments API (https://docs.microsoft.com/rest/api/securitycenter/assessments), or Azure Resource Graph Explorer, choose securityresources and microsoft.security/assessments."
+            },
+            "defaultValue": []
+        },
+        "recommendationSeverities": {
+            "type": "Array",
+            "metadata": {
+            "displayName": "Recommendation severities",
+            "description": "Applicable only for export of security recommendations. Determines recommendation severities. Example: High;Medium;Low;"
+            },
+            "allowedValues": [
+                "High",
+                "Medium",
+                "Low"
+            ],
+            "defaultValue": [
+                "High",
+                "Medium",
+                "Low"
+            ]
+        },
+        "isSecurityFindingsEnabled": {
+            "type": "bool",
+            "metadata": {
+                "displayName": "Include security findings",
+                "description": "Security findings are results from vulnerability assessment solutions, and can be thought of as 'sub' recommendations grouped into a 'parent' recommendation."
+            },
+            "allowedValues": [
+                true,
+                false
+            ],
+            "defaultValue": true
+        },
+        "secureScoreControlsNames": {
+            "type": "Array",
+            "metadata": {
+            "displayName": "Secure Score Controls IDs",
+            "description": "Applicable only for export of secure score controls. To export all secure score controls, leave this empty. To export specific secure score controls, enter a list of secure score controls IDs separated by semicolons (';'). Secure score controls IDs are available through the Secure score controls API (https://docs.microsoft.com/rest/api/securitycenter/securescorecontrols), or Azure Resource Graph Explorer, choose securityresources and microsoft.security/securescores/securescorecontrols."
+            },
+            "defaultValue": []
+        },
+        "alertSeverities": {
+            "type": "Array",
+            "metadata": {
+            "displayName": "Alert severities",
+            "description": "Applicable only for export of security alerts. Determines alert severities. Example: High;Medium;Low;"
+        },
+        "allowedValues": [
+            "High",
+            "Medium",
+            "Low"
+        ],
+        "defaultValue": [
+            "High",
+            "Medium",
+            "Low"
+        ]
+        },
+        "regulatoryComplianceStandardsNames": {
+            "type": "Array",
+            "metadata": {
+                "displayName": "Regulatory compliance standards names",
+                "description": "Applicable only for export of regulatory compliance. To export all regulatory compliance, leave this empty. To export specific regulatory compliance standards, enter a list of these standards names separated by semicolons (';'). Regulatory compliance standards names are available through the regulatory compliance standards API (https://docs.microsoft.com/rest/api/securitycenter/regulatorycompliancestandards), or Azure Resource Graph Explorer, choose securityresources and microsoft.security/regulatorycompliancestandards."
+            },
+            "defaultValue": []
+        },
+        "guidValue": {
+            "type": "string",
+            "defaultValue": "[newGuid()]"
+        }
+    },
+    "variables": {
+            "scopeDescription": "scope for subscription {0}",
+            "subAssessmentRuleExpectedValue": "/assessments/{0}/",
+            "recommendationNamesLength": "[length(parameters('recommendationNames'))]",
+            "secureScoreControlsNamesLength": "[length(parameters('secureScoreControlsNames'))]",
+            "secureScoreControlsLengthIfEmpty": "[if(equals(variables('secureScoreControlsNamesLength'), 0), 1, variables('secureScoreControlsNamesLength'))]",
+            "regulatoryComplianceStandardsNamesLength": "[length(parameters('regulatoryComplianceStandardsNames'))]",
+            "regulatoryComplianceStandardsNamesLengthIfEmpty": "[if(equals(variables('regulatoryComplianceStandardsNamesLength'), 0), 1, variables('regulatoryComplianceStandardsNamesLength'))]",
+            "recommendationSeveritiesLength": "[length(parameters('recommendationSeverities'))]",
+            "alertSeveritiesLength": "[length(parameters('alertSeverities'))]",
+            "recommendationNamesLengthIfEmpty": "[if(equals(variables('recommendationNamesLength'), 0), 1, variables('recommendationNamesLength'))]",
+            "recommendationSeveritiesLengthIfEmpty": "[if(equals(variables('recommendationSeveritiesLength'), 0), 1, variables('recommendationSeveritiesLength'))]",
+            "alertSeveritiesLengthIfEmpty": "[if(equals(variables('alertSeveritiesLength'), 0), 1, variables('alertSeveritiesLength'))]",
+            "totalRuleCombinationsForOneRecommendationName": "[variables('recommendationSeveritiesLengthIfEmpty')]",
+            "totalRuleCombinationsForOneRecommendationSeverity": 1,
+            "exportedDataTypesLength": "[length(parameters('exportedDataTypes'))]",
+            "exportedDataTypesLengthIfEmpty": "[if(equals(variables('exportedDataTypesLength'), 0), 1, variables('exportedDataTypesLength'))]",
+            "dataTypeMap": {
+                "Security recommendations": "Assessments",
+                "Security alerts": "Alerts",
+                "Overall secure score": "SecureScores",
+                "Secure score controls": "SecureScoreControls",
+                "Regulatory compliance": "RegulatoryComplianceAssessment",
+                "Overall secure score - snapshot": "SecureScoresSnapshot",
+                "Secure score controls - snapshot": "SecureScoreControlsSnapshot",
+                "Regulatory compliance - snapshot": "RegulatoryComplianceAssessmentSnapshot",
+                "Security recommendations - snapshot": "AssessmentsSnapshot",
+                "Security findings - snapshot": "SubAssessmentsSnapshot"
+            },
+            "alertSeverityMap": {
+                "High": "high",
+                "Medium": "medium",
+                "Low": "low"
+            },
+            "ruleSetsForAssessmentsObj": {
+                "copy": [
+                    {
+                        "name": "ruleSetsForAssessmentsArr",
+                        "count": "[mul(variables('recommendationNamesLengthIfEmpty'),variables('recommendationSeveritiesLengthIfEmpty'))]",
+                        "input": {
+                            "rules": [
+                                {
+                                    "propertyJPath": "[if(equals(variables('recommendationNamesLength'),0),'type','name')]",
+                                    "propertyType": "string",
+                                    "expectedValue": "[if(equals(variables('recommendationNamesLength'),0),'Microsoft.Security/assessments',parameters('recommendationNames')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationName')),variables('recommendationNamesLength'))])]",
+                                    "operator": "Contains"
+                                },
+                                {
+                                    "propertyJPath": "properties.metadata.severity",
+                                    "propertyType": "string",
+                                    "expectedValue": "[parameters('recommendationSeverities')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationSeverity')),variables('recommendationSeveritiesLength'))]]",
+                                    "operator": "Equals"
+                                }
+                            ]
+                        }
+                    }
+                ]
+            },
+            "customRuleSetsForSubAssessmentsObj": {
+                "copy": [
+                    {
+                        "name": "ruleSetsForSubAssessmentsArr",
+                        "count": "[variables('recommendationNamesLengthIfEmpty')]",
+                        "input": {
+                            "rules": [
+                                {
+                                    "propertyJPath": "id",
+                                    "propertyType": "string",
+                                    "expectedValue": "[if(equals(variables('recommendationNamesLength'), 0), json('null'), replace(variables('subAssessmentRuleExpectedValue'),'{0}', parameters('recommendationNames')[copyIndex('ruleSetsForSubAssessmentsArr')]))]",
+                                    "operator": "Contains"
+                                }
+                            ]
+                        }
+                    }
+                ]
+            },
+            "ruleSetsForAlertsObj": {
+                "copy": [
+                    {
+                        "name": "ruleSetsForAlertsArr",
+                        "count": "[variables('alertSeveritiesLengthIfEmpty')]",
+                        "input": {
+                            "rules": [
+                                {
+                                "propertyJPath": "Severity",
+                                "propertyType": "string",
+                                "expectedValue": "[variables('alertSeverityMap')[parameters('alertSeverities')[mod(copyIndex('ruleSetsForAlertsArr'),variables('alertSeveritiesLengthIfEmpty'))]]]",
+                                "operator": "Equals"
+                                }
+                            ]
+                        }
+                    }
+                ]
+            },
+            "customRuleSetsForSecureScoreControlsObj": {
+                "copy": [
+                    {
+                        "name": "ruleSetsForSecureScoreControlsArr",
+                        "count": "[variables('secureScoreControlsLengthIfEmpty')]",
+                        "input": {
+                            "rules": [
+                                {
+                                    "propertyJPath": "name",
+                                    "propertyType": "string",
+                                    "expectedValue": "[if(equals(variables('secureScoreControlsNamesLength'), 0), json('null'), parameters('secureScoreControlsNames')[copyIndex('ruleSetsForSecureScoreControlsArr')])]",
+                                    "operator": "Equals"
+                                }
+                            ]
+                        }
+                    }
+                ]
+            },
+            "customRuleSetsForRegulatoryComplianceObj": {
+                "copy": [
+                    {
+                        "name": "ruleSetsForRegulatoryCompliancArr",
+                        "count": "[variables('regulatoryComplianceStandardsNamesLengthIfEmpty')]",
+                        "input": {
+                            "rules": [
+                                {
+                                    "propertyJPath": "id",
+                                    "propertyType": "string",
+                                    "expectedValue": "[if(equals(variables('regulatoryComplianceStandardsNamesLength'), 0), json('null'), parameters('regulatoryComplianceStandardsNames')[copyIndex('ruleSetsForRegulatoryCompliancArr')])]",
+                                    "operator": "Contains"
+                                 }
+                             ]
+                         }
+                    }
+                ]
+            },
+            "ruleSetsForSecureScoreControlsObj": "[if(equals(variables('secureScoreControlsNamesLength'), 0), json('null'), variables('customRuleSetsForSecureScoreControlsObj').ruleSetsForSecureScoreControlsArr)]",
+            "ruleSetsForSecureRegulatoryComplianceObj": "[if(equals(variables('regulatoryComplianceStandardsNamesLength'), 0), json('null'), variables('customRuleSetsForRegulatoryComplianceObj').ruleSetsForRegulatoryCompliancArr)]",
+            "ruleSetsForSubAssessmentsObj": "[if(equals(variables('recommendationNamesLength'), 0), json('null'), variables('customRuleSetsForSubAssessmentsObj').ruleSetsForSubAssessmentsArr)]",
+            "subAssessmentSource": [
+                {
+                    "eventSource": "SubAssessments",
+                    "ruleSets": "[variables('ruleSetsForSubAssessmentsObj')]"
+                }
+            ],
+            "ruleSetsMap": {
+                "Security recommendations": "[variables('ruleSetsForAssessmentsObj').ruleSetsForAssessmentsArr]",
+                "Security alerts": "[variables('ruleSetsForAlertsObj').ruleSetsForAlertsArr]",
+                "Overall secure score": null,
+                "Secure score controls": "[variables('ruleSetsForSecureScoreControlsObj')]",
+                "Regulatory compliance": "[variables('ruleSetsForSecureRegulatoryComplianceObj')]",
+                "Overall secure score - snapshot": null,
+                "Secure score controls - snapshot": "[variables('ruleSetsForSecureScoreControlsObj')]",
+                "Regulatory compliance - snapshot": "[variables('ruleSetsForSecureRegulatoryComplianceObj')]",
+                "Security recommendations - snapshot": "[variables('ruleSetsForAssessmentsObj').ruleSetsForAssessmentsArr]",
+                "Security findings - snapshot": "[variables('ruleSetsForSubAssessmentsObj')]"
+            },
+            "sourcesWithoutSubAssessments": {
+                "copy": [
+                    {
+                        "name": "sources",
+                        "count": "[variables('exportedDataTypesLengthIfEmpty')]",
+                        "input": {
+                            "eventSource": "[variables('dataTypeMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]",
+                            "ruleSets": "[variables('ruleSetsMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]"
+                        }
+                    }
+                ]
+            },
+            "sourcesWithSubAssessments": "[concat(variables('subAssessmentSource'),variables('sourcesWithoutSubAssessments').sources)]",
+            "sources": "[if(equals(parameters('isSecurityFindingsEnabled'),bool('true')),variables('sourcesWithSubAssessments'),variables('sourcesWithoutSubAssessments').sources)]"
+    },
+    "resources": [
+        {
+            "condition": "[equals(parameters('enableAscForStorage'), 'DeployIfNotExists')]",
+            "type": "Microsoft.Security/pricings",
+            "apiVersion": "2023-01-01",
+            "name": "StorageAccounts",
+            "properties": {
+                "pricingTier": "Standard",
+                "subPlan": "DefenderForStorageV2",
+                "extensions": [
+                    {
+                        "name": "OnUploadMalwareScanning",
+                        "isEnabled": "True",
+                        "additionalExtensionProperties": {
+                            "CapGBPerMonthPerStorageAccount": "5000"
+                        }
+                    },
+                    {
+                        "name": "SensitiveDataDiscovery",
+                        "isEnabled": "True"
+                    }
+                ]
+            }
+        },
+        {
+            "condition": "[equals(parameters('enableAscForServers'), 'DeployIfNotExists')]",
+            "type": "Microsoft.Security/pricings",
+            "apiVersion": "2023-01-01",
+            "name": "VirtualMachines",
+            "dependsOn": [
+                "[resourceId('Microsoft.Security/pricings', 'StorageAccounts')]"
+            ],
+            "properties": {
+                "pricingTier": "Standard",
+                "subPlan": "P2",
+                "resourcesCoverageStatus": "FullyCovered"
+            }
+        },
+        {
+            "condition": "[equals(parameters('enableAscForSql'), 'DeployIfNotExists')]",
+            "type": "Microsoft.Security/pricings",
+            "apiVersion": "2023-01-01",
+            "name": "SqlServers",
+            "dependsOn": [
+                "[resourceId('Microsoft.Security/pricings', 'VirtualMachines')]"
+            ],
+            "properties": {
+                "pricingTier": "Standard"
+            }
+        },
+        {
+            "condition": "[equals(parameters('enableAscForAppServices'), 'DeployIfNotExists')]",
+            "type": "Microsoft.Security/pricings",
+            "apiVersion": "2023-01-01",
+            "name": "AppServices",
+            "dependsOn": [
+                "[resourceId('Microsoft.Security/pricings', 'SqlServers')]"
+            ],
+            "properties": {
+                "pricingTier": "Standard"
+            }
+        },
+        {
+            "condition": "[equals(parameters('enableAscForSqlOnVm'), 'DeployIfNotExists')]",
+            "type": "Microsoft.Security/pricings",
+            "apiVersion": "2023-01-01",
+            "name": "SqlServerVirtualMachines",
+            "dependsOn": [
+                "[resourceId('Microsoft.Security/pricings', 'AppServices')]"
+            ],
+            "properties": {
+                "pricingTier": "Standard"
+            }
+        },
+        {
+            "condition": "[equals(parameters('enableAscForContainers'), 'DeployIfNotExists')]",
+            "type": "Microsoft.Security/pricings",
+            "apiVersion": "2023-01-01",
+            "name": "Containers",
+            "dependsOn": [
+                "[resourceId('Microsoft.Security/pricings', 'SqlServerVirtualMachines')]"
+            ],
+            "properties": {
+                "pricingTier": "Standard"
+            }
+        },
+        {
+            "condition": "[equals(parameters('enableAscForKeyVault'), 'DeployIfNotExists')]",
+            "type": "Microsoft.Security/pricings",
+            "apiVersion": "2023-01-01",
+            "name": "KeyVaults",
+            "dependsOn": [
+                "[resourceId('Microsoft.Security/pricings', 'Containers')]"
+            ],
+            "properties": {
+                "pricingTier": "Standard"
+            }
+        },
+        {
+            "condition": "[equals(parameters('enableAscForArm'), 'DeployIfNotExists')]",
+            "type": "Microsoft.Security/pricings",
+            "apiVersion": "2023-01-01",
+            "name": "Arm",
+            "dependsOn": [
+                "[resourceId('Microsoft.Security/pricings', 'KeyVaults')]"
+            ],
+            "properties": {
+                "pricingTier": "Standard"
+            }
+        },
+        {
+            "condition": "[equals(parameters('enableAscForOssDb'), 'DeployIfNotExists')]",
+            "type": "Microsoft.Security/pricings",
+            "apiVersion": "2023-01-01",
+            "name": "OpenSourceRelationalDatabases",
+            "dependsOn": [
+                "[resourceId('Microsoft.Security/pricings', 'Arm')]"
+            ],
+            "properties": {
+                "pricingTier": "Standard"
+            }
+        },
+        {
+            "condition": "[equals(parameters('enableAscForCosmosDbs'), 'DeployIfNotExists')]",
+            "type": "Microsoft.Security/pricings",
+            "apiVersion": "2023-01-01",
+            "name": "CosmosDbs",
+            "dependsOn": [
+                "[resourceId('Microsoft.Security/pricings', 'OpenSourceRelationalDatabases')]"
+            ],
+            "properties": {
+                "pricingTier": "Standard"
+            }
+        },
+        {
+            "condition": "[equals(parameters('enableAscForCspm'), 'DeployIfNotExists')]",
+            "type": "Microsoft.Security/pricings",
+            "apiVersion": "2023-01-01",
+            "name": "CloudPosture",
+            "dependsOn": [
+                "[resourceId('Microsoft.Security/pricings', 'CosmosDbs')]"
+            ],
+            "properties": {
+                "pricingTier": "Standard"
+            }
+        },
+        {
+            "condition": "[equals(parameters('enableAscForApis'), 'DeployIfNotExists')]",
+            "type": "Microsoft.Security/pricings",
+            "apiVersion": "2023-01-01",
+            "name": "Api",
+            "dependsOn": [
+                "[resourceId('Microsoft.Security/pricings', 'CloudPosture')]"
+            ],
+            "properties": {
+                "pricingTier": "Standard",
+                "subPlan": "P1"
+            }
+        },
+        {
+            "type": "Microsoft.Security/securityContacts",
+            "apiVersion": "2020-01-01-preview",
+            "name": "default",
+            "properties": {
+                "description": "Defender for Cloud security contacts",
+                "emails": "[parameters('emailContactAsc')]",
+                "notificationsByRole": {
+                    "state": "On",
+                    "roles": [
+                        "Owner"
+                    ]
+                },
+                "alertNotifications": {
+                    "state": "On",
+                    "minimalSeverity": "Medium"
+                }
+            }
+        },
+        {
+            "name": "[parameters('resourceGroupName')]",
+            "type": "Microsoft.Resources/resourceGroups",
+            "apiVersion": "2019-10-01",
+            "location": "[parameters('resourceGroupLocation')]"
+        },
+        {
+            "type": "Microsoft.Resources/deployments",
+            "apiVersion": "2019-10-01",
+            "name": "[concat('nestedAutomationDeployment', '_', parameters('guidValue'))]",
+            "resourceGroup": "[parameters('resourceGroupName')]",
+            "dependsOn": [
+                "[resourceId('Microsoft.Resources/resourceGroups/', parameters('resourceGroupName'))]"
+            ],
+            "properties": {
+                "mode": "Incremental",
+                "template": {
+                    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+                    "contentVersion": "1.0.0.0",
+                    "parameters": {},
+                    "variables": {},
+                    "resources": [
+                        {
+                            "tags": {},
+                            "apiVersion": "2019-01-01-preview",
+                            "location": "[parameters('resourceGroupLocation')]",
+                            "name": "ExportToWorkspace",
+                            "type": "Microsoft.Security/automations",
+                            "dependsOn": [],
+                            "properties": {
+                                "description": "Export Microsoft Defender for Cloud data to Log Analytics workspace via policy",
+                                "isEnabled": true,
+                                "scopes": [
+                                    {
+                                    "description": "[replace(variables('scopeDescription'),'{0}', subscription().subscriptionId)]",
+                                    "scopePath": "[subscription().id]"
+                                    }
+                                ],
+                                "sources": "[variables('sources')]",
+                                "actions": [
+                                    {
+                                        "actionType": "Workspace",
+                                        "workspaceResourceId": "[parameters('logAnalyticsResourceId')]"
+                                    }
+                                ]
+                            }
+                        }
+                    ]
+                }
+            }
+        }
+    ],
+    "outputs": {}
+}
\ No newline at end of file
diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json b/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json
index e42d6a8f66..7fef29646c 100644
--- a/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json
+++ b/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json
@@ -13,10 +13,7 @@
             "category": "Compute",
             "source": "https://github.com/Azure/Enterprise-Scale/",
             "alzCloudEnvironments": [
-                "AzureCloud",
-                "AzureChinaCloud",
-                "AzureUSGovernment"
-            ]
+                "AzureCloud"            ]
         },
         "parameters": {
             "time": {
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.AzureChinaCloud.json
index 5cb86665e4..8b402911cb 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.AzureChinaCloud.json
@@ -1,5 +1,5 @@
 {
-  "name": "Deny-PublicPaaSEndpoints",
+  "name": "Deny-PublicPaaSEndpoints-AzureChinaCloud",
   "type": "Microsoft.Authorization/policySetDefinitions",
   "apiVersion": "2021-06-01",
   "scope": null,
@@ -20,7 +20,7 @@
         "type": "String",
         "metadata": {
           "displayName": "Public network access should be disabled for CosmosDB",
-          "description": "This policy denies that  Cosmos database accounts  are created with out public network access is disabled."
+          "description": "This policy denies that Cosmos database accounts  are created with out public network access is disabled."
         },
         "allowedValues": [
           "Audit",
@@ -85,7 +85,7 @@
         "type": "String",
         "metadata": {
           "displayName": "Public network access on Azure Container Registry disabled",
-          "description": "This policy denies the creation of Azure Container Registires with exposed public endpoints "
+          "description": "This policy denies the creation of Azure Container Registries with exposed public endpoints "
         },
         "allowedValues": [
           "Audit",
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics.AzureChinaCloud.json
index ee18af091c..880d6ef31a 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics.AzureChinaCloud.json
@@ -1,5 +1,5 @@
 {
-  "name": "Deploy-Diagnostics-LogAnalytics",
+  "name": "Deploy-Diagnostics-LogAnalytics-AzureChinaCloud",
   "type": "Microsoft.Authorization/policySetDefinitions",
   "apiVersion": "2021-06-01",
   "scope": null,
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.AzureChinaCloud.json
index 130a3b563d..f14b18081c 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.AzureChinaCloud.json
@@ -1,5 +1,5 @@
 {
-  "name": "Deploy-MDFC-Config",
+  "name": "Deploy-MDFC-Config-AzureChinaCloud",
   "type": "Microsoft.Authorization/policySetDefinitions",
   "apiVersion": "2021-06-01",
   "scope": null,
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json
index fc77ee5981..d0b0bb9424 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json
@@ -1,5 +1,5 @@
 {
-  "name": "Deploy-Private-DNS-Zones",
+  "name": "Deploy-Private-DNS-Zones-AzureChinaCloud",
   "type": "Microsoft.Authorization/policySetDefinitions",
   "apiVersion": "2021-06-01",
   "scope": null,
@@ -8,7 +8,7 @@
     "displayName": "Configure Azure PaaS services to use private DNS zones",
     "description": "This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones",
     "metadata": {
-      "version": "1.0.1",
+      "version": "1.1.0",
       "category": "Network",
       "source": "https://github.com/Azure/Enterprise-Scale/",
       "alzCloudEnvironments": [
@@ -25,42 +25,268 @@
           "description": "Private DNS Zone Identifier"
         }
       },
-      "azureWebPrivateDnsZoneId": {
+      "azureAutomationWebhookPrivateDnsZoneId": {
         "type": "string",
         "defaultValue": "",
         "metadata": {
-          "displayName": "azureWebPrivateDnsZoneId",
+          "displayName": "azureAutomationWebhookPrivateDnsZoneId",
           "strongType": "Microsoft.Network/privateDnsZones",
           "description": "Private DNS Zone Identifier"
         }
       },
-      "azureBatchPrivateDnsZoneId": {
+      "azureAutomationDSCHybridPrivateDnsZoneId": {
         "type": "string",
         "defaultValue": "",
         "metadata": {
-          "displayName": "azureBatchPrivateDnsZoneId",
+          "displayName": "azureAutomationDSCHybridPrivateDnsZoneId",
           "strongType": "Microsoft.Network/privateDnsZones",
           "description": "Private DNS Zone Identifier"
         }
       },
-      "azureAppPrivateDnsZoneId": {
+      "azureCosmosSQLPrivateDnsZoneId": {
         "type": "string",
         "defaultValue": "",
         "metadata": {
-          "displayName": "azureAppPrivateDnsZoneId",
+          "displayName": "azureCosmosSQLPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureCosmosMongoPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureCosmosMongoPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureCosmosCassandraPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureCosmosCassandraPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureCosmosGremlinPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureCosmosGremlinPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureCosmosTablePrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureCosmosTablePrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureDataFactoryPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureDataFactoryPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureDataFactoryPortalPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureDataFactoryPortalPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureHDInsightPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureHDInsightPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureStorageBlobPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureStorageBlobPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureStorageBlobSecPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureStorageBlobSecPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureStorageQueuePrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureStorageQueuePrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureStorageQueueSecPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureStorageQueueSecPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureStorageFilePrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureStorageFilePrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureStorageStaticWebPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureStorageStaticWebPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureStorageStaticWebSecPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureStorageStaticWebSecPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureStorageDFSPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureStorageDFSPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureStorageDFSSecPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureStorageDFSSecPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureSynapseSQLPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureSynapseSQLPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureSynapseSQLODPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureSynapseSQLODPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureSynapseDevPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureSynapseDevPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureMonitorPrivateDnsZoneId1": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureMonitorPrivateDnsZoneId1",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureMonitorPrivateDnsZoneId2": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureMonitorPrivateDnsZoneId2",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureMonitorPrivateDnsZoneId3": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureMonitorPrivateDnsZoneId3",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureMonitorPrivateDnsZoneId4": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureMonitorPrivateDnsZoneId4",
           "strongType": "Microsoft.Network/privateDnsZones",
           "description": "Private DNS Zone Identifier"
         }
       },
-      "azureAsrPrivateDnsZoneId": {
+      "azureMonitorPrivateDnsZoneId5": {
         "type": "string",
         "defaultValue": "",
         "metadata": {
-          "displayName": "azureAsrPrivateDnsZoneId",
+          "displayName": "azureMonitorPrivateDnsZoneId5",
           "strongType": "Microsoft.Network/privateDnsZones",
           "description": "Private DNS Zone Identifier"
         }
       },
+      "azureBatchPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureBatchPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureAppPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureAppPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+
       "azureIotPrivateDnsZoneId": {
         "type": "string",
         "defaultValue": "",
@@ -124,110 +350,479 @@
           "description": "Private DNS Zone Identifier"
         }
       },
-      "azureIotHubsPrivateDnsZoneId": {
-        "type": "string",
-        "defaultValue": "",
-        "metadata": {
-          "displayName": "azureIotHubsPrivateDnsZoneId",
-          "strongType": "Microsoft.Network/privateDnsZones",
-          "description": "Private DNS Zone Identifier"
-        }
+      "azureIotHubsPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureIotHubsPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureEventGridDomainsPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureEventGridDomainsPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureRedisCachePrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureRedisCachePrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureAcrPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureAcrPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureEventHubNamespacePrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureEventHubNamespacePrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureMachineLearningWorkspacePrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureMachineLearningWorkspacePrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureMachineLearningWorkspaceSecondPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureMachineLearningWorkspaceSecondPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureServiceBusNamespacePrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureServiceBusNamespacePrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureCognitiveSearchPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureCognitiveSearchPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureVirtualDesktopHostpoolPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureVirtualDesktopHostpoolPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureVirtualDesktopWorkspacePrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureVirtualDesktopWorkspacePrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureStorageTablePrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureStorageTablePrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureStorageTableSecondaryPrivateDnsZoneId": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureStorageTableSecondaryPrivateDnsZoneId",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureSiteRecoveryBackupPrivateDnsZoneID": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureSiteRecoveryBackupPrivateDnsZoneID",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureSiteRecoveryBlobPrivateDnsZoneID": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureSiteRecoveryBlobPrivateDnsZoneID",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "azureSiteRecoveryQueuePrivateDnsZoneID": {
+        "type": "string",
+        "defaultValue": "",
+        "metadata": {
+          "displayName": "azureSiteRecoveryQueuePrivateDnsZoneID",
+          "strongType": "Microsoft.Network/privateDnsZones",
+          "description": "Private DNS Zone Identifier"
+        }
+      },
+      "effect": {
+        "type": "string",
+        "metadata": {
+          "displayName": "Effect",
+          "description": "Enable or disable the execution of the policy"
+        },
+        "allowedValues": [
+          "DeployIfNotExists",
+          "Disabled"
+        ],
+        "defaultValue": "DeployIfNotExists"
+      },
+      "effect1": {
+        "type": "string",
+        "metadata": {
+          "displayName": "Effect",
+          "description": "Enable or disable the execution of the policy"
+        },
+        "allowedValues": [
+          "deployIfNotExists",
+          "Disabled"
+        ],
+        "defaultValue": "deployIfNotExists"
+      }
+    },
+    "policyDefinitions": [
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-File-Sync",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureFilePrivateDnsZoneId')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Automation-Webhook",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureAutomationWebhookPrivateDnsZoneId')]"
+          },
+          "privateEndpointGroupId": {
+            "value": "Webhook"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Automation-DSCHybrid",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]"
+          },
+          "privateEndpointGroupId": {
+            "value": "DSCAndHybridWorker"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Cosmos-SQL",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureCosmosSQLPrivateDnsZoneId')]"
+          },
+          "privateEndpointGroupId": {
+            "value": "SQL"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Cosmos-MongoDB",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureCosmosMongoPrivateDnsZoneId')]"
+          },
+          "privateEndpointGroupId": {
+            "value": "MongoDB"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Cosmos-Cassandra",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureCosmosCassandraPrivateDnsZoneId')]"
+          },
+          "privateEndpointGroupId": {
+            "value": "Cassandra"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Cosmos-Gremlin",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureCosmosGremlinPrivateDnsZoneId')]"
+          },
+          "privateEndpointGroupId": {
+            "value": "Gremlin"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Cosmos-Table",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureCosmosTablePrivateDnsZoneId')]"
+          },
+          "privateEndpointGroupId": {
+            "value": "Table"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-DataFactory",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureDataFactoryPrivateDnsZoneId')]"
+          },
+          "listOfGroupIds": {
+            "value": [
+              "dataFactory"
+            ]
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-DataFactory-Portal",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]"
+          },
+          "listOfGroupIds": {
+            "value": [
+              "portal"
+            ]
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-HDInsight",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureHDInsightPrivateDnsZoneId')]"
+          },
+          "groupId": {
+            "value": "cluster"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
       },
-      "azureEventGridDomainsPrivateDnsZoneId": {
-        "type": "string",
-        "defaultValue": "",
-        "metadata": {
-          "displayName": "azureEventGridDomainsPrivateDnsZoneId",
-          "strongType": "Microsoft.Network/privateDnsZones",
-          "description": "Private DNS Zone Identifier"
-        }
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-Blob",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureStorageBlobPrivateDnsZoneId')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
       },
-      "azureRedisCachePrivateDnsZoneId": {
-        "type": "string",
-        "defaultValue": "",
-        "metadata": {
-          "displayName": "azureRedisCachePrivateDnsZoneId",
-          "strongType": "Microsoft.Network/privateDnsZones",
-          "description": "Private DNS Zone Identifier"
-        }
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-Blob-Sec",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureStorageBlobSecPrivateDnsZoneId')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
       },
-      "azureAcrPrivateDnsZoneId": {
-        "type": "string",
-        "defaultValue": "",
-        "metadata": {
-          "displayName": "azureAcrPrivateDnsZoneId",
-          "strongType": "Microsoft.Network/privateDnsZones",
-          "description": "Private DNS Zone Identifier"
-        }
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-Queue",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureStorageQueuePrivateDnsZoneId')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
       },
-      "azureEventHubNamespacePrivateDnsZoneId": {
-        "type": "string",
-        "defaultValue": "",
-        "metadata": {
-          "displayName": "azureEventHubNamespacePrivateDnsZoneId",
-          "strongType": "Microsoft.Network/privateDnsZones",
-          "description": "Private DNS Zone Identifier"
-        }
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-Queue-Sec",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureStorageQueueSecPrivateDnsZoneId')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
       },
-      "azureMachineLearningWorkspacePrivateDnsZoneId": {
-        "type": "string",
-        "defaultValue": "",
-        "metadata": {
-          "displayName": "azureMachineLearningWorkspacePrivateDnsZoneId",
-          "strongType": "Microsoft.Network/privateDnsZones",
-          "description": "Private DNS Zone Identifier"
-        }
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-File",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureStorageFilePrivateDnsZoneId')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
       },
-      "azureServiceBusNamespacePrivateDnsZoneId": {
-        "type": "string",
-        "defaultValue": "",
-        "metadata": {
-          "displayName": "azureServiceBusNamespacePrivateDnsZoneId",
-          "strongType": "Microsoft.Network/privateDnsZones",
-          "description": "Private DNS Zone Identifier"
-        }
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-StaticWeb",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureStorageStaticWebPrivateDnsZoneId')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
       },
-      "azureCognitiveSearchPrivateDnsZoneId": {
-        "type": "string",
-        "defaultValue": "",
-        "metadata": {
-          "displayName": "azureCognitiveSearchPrivateDnsZoneId",
-          "strongType": "Microsoft.Network/privateDnsZones",
-          "description": "Private DNS Zone Identifier"
-        }
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-StaticWeb-Sec",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
       },
-      "effect": {
-        "type": "string",
-        "metadata": {
-          "displayName": "Effect",
-          "description": "Enable or disable the execution of the policy"
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-DFS",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureStorageDFSPrivateDnsZoneId')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
         },
-        "allowedValues": [
-          "DeployIfNotExists",
-          "Disabled"
-        ],
-        "defaultValue": "DeployIfNotExists"
+        "groupNames": []
       },
-      "effect1": {
-        "type": "string",
-        "metadata": {
-          "displayName": "Effect",
-          "description": "Enable or disable the execution of the policy"
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-DFS-Sec",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureStorageDFSSecPrivateDnsZoneId')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
         },
-        "allowedValues": [
-          "deployIfNotExists",
-          "Disabled"
-        ],
-        "defaultValue": "deployIfNotExists"
-      }
-    },
-    "policyDefinitions": [
+        "groupNames": []
+      },
       {
-        "policyDefinitionReferenceId": "Deploy-Private-DNS-Azure-File-Sync",
-        "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Azure-File-Sync",
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Synapse-SQL",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9",
         "parameters": {
           "privateDnsZoneId": {
-            "value": "[[parameters('azureFilePrivateDnsZoneId')]"
+            "value": "[[parameters('azureSynapseSQLPrivateDnsZoneId')]"
+          },
+          "targetSubResource": {
+            "value": "Sql"
           },
           "effect": {
             "value": "[[parameters('effect')]"
@@ -236,11 +831,14 @@
         "groupNames": []
       },
       {
-        "policyDefinitionReferenceId": "Deploy-Private-DNS-Azure-Web",
-        "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Azure-Web",
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Synapse-SQL-OnDemand",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9",
         "parameters": {
           "privateDnsZoneId": {
-            "value": "[[parameters('azureWebPrivateDnsZoneId')]"
+            "value": "[[parameters('azureSynapseSQLODPrivateDnsZoneId')]"
+          },
+          "targetSubResource": {
+            "value": "SqlOnDemand"
           },
           "effect": {
             "value": "[[parameters('effect')]"
@@ -249,11 +847,14 @@
         "groupNames": []
       },
       {
-        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Batch",
-        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8",
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Synapse-Dev",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9",
         "parameters": {
           "privateDnsZoneId": {
-            "value": "[[parameters('azureBatchPrivateDnsZoneId')]"
+            "value": "[[parameters('azureSynapseDevPrivateDnsZoneId')]"
+          },
+          "targetSubResource": {
+            "value": "Dev"
           },
           "effect": {
             "value": "[[parameters('effect')]"
@@ -262,11 +863,36 @@
         "groupNames": []
       },
       {
-        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-App",
-        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df",
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Monitor",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365",
+        "parameters": {
+          "privateDnsZoneId1": {
+            "value": "[[parameters('azureMonitorPrivateDnsZoneId1')]"
+          },
+          "privateDnsZoneId2": {
+            "value": "[[parameters('azureMonitorPrivateDnsZoneId2')]"
+          },
+          "privateDnsZoneId3": {
+            "value": "[[parameters('azureMonitorPrivateDnsZoneId3')]"
+          },
+          "privateDnsZoneId4": {
+            "value": "[[parameters('azureMonitorPrivateDnsZoneId4')]"
+          },
+          "privateDnsZoneId5": {
+            "value": "[[parameters('azureMonitorPrivateDnsZoneId5')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        },
+        "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Batch",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8",
         "parameters": {
           "privateDnsZoneId": {
-            "value": "[[parameters('azureAppPrivateDnsZoneId')]"
+            "value": "[[parameters('azureBatchPrivateDnsZoneId')]"
           },
           "effect": {
             "value": "[[parameters('effect')]"
@@ -275,11 +901,11 @@
         "groupNames": []
       },
       {
-        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Site-Recovery",
-        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2",
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-App",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df",
         "parameters": {
           "privateDnsZoneId": {
-            "value": "[[parameters('azureAsrPrivateDnsZoneId')]"
+            "value": "[[parameters('azureAppPrivateDnsZoneId')]"
           },
           "effect": {
             "value": "[[parameters('effect')]"
@@ -287,6 +913,7 @@
         },
         "groupNames": []
       },
+
       {
         "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-IoT",
         "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8",
@@ -301,8 +928,8 @@
         "groupNames": []
       },
       {
-        "policyDefinitionReferenceId": "Deploy-Private-DNS-Azure-KeyVault",
-        "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Azure-KeyVault",
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-KeyVault",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4",
         "parameters": {
           "privateDnsZoneId": {
             "value": "[[parameters('azureKeyVaultPrivateDnsZoneId')]"
@@ -450,6 +1077,9 @@
           "privateDnsZoneId": {
             "value": "[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]"
           },
+          "secondPrivateDnsZoneId": {
+            "value": "[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]"
+          },
           "effect": {
             "value": "[[parameters('effect')]"
           }
@@ -481,6 +1111,78 @@
           }
         },
         "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-VirtualDesktopHostpool",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]"
+          },
+          "privateEndpointGroupId": {
+            "value": "connection"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        }
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-VirtualDesktopWorkspace",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed",
+        "parameters": {
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]"
+          },
+          "privateEndpointGroupId": {
+            "value": "feed"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        }
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-Table",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a",
+        "parameters":{
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureStorageTablePrivateDnsZoneId')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        }
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-Table-Secondary",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f",
+        "parameters":{
+          "privateDnsZoneId": {
+            "value": "[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        }
+      },
+      {
+        "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Site-Recovery-Backup",
+        "policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820",
+        "parameters":{
+          "privateDnsZone-Backup": {
+            "value": "[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]"
+          },
+          "privateDnsZone-Blob": {
+            "value": "[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]"
+          },
+          "privateDnsZone-Queue": {
+            "value": "[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]"
+          },
+          "effect": {
+            "value": "[[parameters('effect')]"
+          }
+        }
       }
     ],
     "policyDefinitionGroups": null
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.AzureChinaCloud.json
new file mode 100644
index 0000000000..33878569b9
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.AzureChinaCloud.json
@@ -0,0 +1,44 @@
+{
+    "name": "Enforce-ALZ-Decomm-AzureChinaCloud",
+    "type": "Microsoft.Authorization/policySetDefinitions",
+    "apiVersion": "2021-06-01",
+    "scope": null,
+    "properties": {
+      "policyType": "Custom",
+      "displayName": "Enforce policies in the Decommissioned Landing Zone",
+      "description": "Enforce policies in the Decommissioned Landing Zone.",
+      "metadata": {
+        "version": "1.0.0",
+        "category": "Decommissioned",
+        "source": "https://github.com/Azure/Enterprise-Scale/",
+        "alzCloudEnvironments": [ 
+          "AzureChinaCloud"
+        ]
+      },
+      "parameters": {
+        "listOfResourceTypesAllowed":{
+          "type": "Array",
+          "defaultValue": [],
+          "metadata": {
+            "displayName": "Allowed resource types in the Decommissioned landing zone",
+            "description": "Allowed resource types in the Decommissioned landing zone, default is none.",
+            "strongType": "resourceTypes"
+          }
+        }
+      },
+      "policyDefinitions": [
+        {
+          "policyDefinitionReferenceId": "DecomDenyResources",
+          "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c",
+          "parameters": {
+            "listOfResourceTypesAllowed": {
+              "value": "[[parameters('listOfResourceTypesAllowed')]"
+            }
+          },
+          "groupNames": []
+        }
+      ],
+      "policyDefinitionGroups": null
+    }
+  }
+  
\ No newline at end of file
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json
index a2eaa786d5..aca3514063 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json
@@ -13,7 +13,6 @@
         "source": "https://github.com/Azure/Enterprise-Scale/",
         "alzCloudEnvironments": [ 
           "AzureCloud",
-          "AzureChinaCloud",
           "AzureUSGovernment"
         ]
       },
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Backup.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Backup.AzureChinaCloud.json
new file mode 100644
index 0000000000..81a7305a7a
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Backup.AzureChinaCloud.json
@@ -0,0 +1,75 @@
+{
+    "name": "Enforce-Backup-AzureChinaCloud",
+    "type": "Microsoft.Authorization/policySetDefinitions",
+    "apiVersion": "2021-06-01",
+    "scope": null,
+    "properties": {
+        "policyType": "Custom",
+        "displayName": "Enforce enhanced recovery and backup policies",
+        "description": "Enforce enhanced recovery and backup policies on assigned scopes.",
+        "metadata": {
+            "version": "1.0.0",
+            "category": "Backup",
+            "source": "https://github.com/Azure/Enterprise-Scale/",
+            "alzCloudEnvironments": [
+                "AzureChinaCloud"
+            ]
+        },
+        "version": "1.0.0",
+        "parameters": {
+            "effect": {
+                "type": "String",
+                "metadata": {
+                    "displayName": "Effect",
+                    "description": "Enable or disable the execution of the policy."
+                },
+                "allowedValues": [
+                    "Audit",
+                    "Disabled"
+                ],
+                "defaultValue": "Audit"
+            },
+            "checkLockedImmutabilityOnly": {
+                "type": "Boolean",
+                "metadata": {
+                    "displayName": "checkLockedImmutabilityOnly",
+                    "description": "This parameter checks if Immutability is locked for Backup Vaults in scope. Selecting 'true' will mark only vaults with Immutability 'Locked' as compliant. Selecting 'false' will mark vaults that have Immutability either 'Enabled' or 'Locked' as compliant."
+                },
+                "allowedValues": [
+                    true,
+                    false
+                ],
+                "defaultValue": false
+            }
+        },
+        "policyDefinitions": [
+            {
+                "policyDefinitionReferenceId": "BackupBVault-Immutability",
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2514263b-bc0d-4b06-ac3e-f262c0979018",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('effect')]"
+                    },
+                    "checkLockedImmutabiltyOnly": {
+                        "value": "[[parameters('checkLockedImmutabilityOnly')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "BackupRVault-Immutability",
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d6f6f560-14b7-49a4-9fc8-d2c3a9807868",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('effect')]"
+                    },
+                    "checkLockedImmutabilityOnly": {
+                        "value": "[[parameters('checkLockedImmutabilityOnly')]"
+                    }
+                },
+                "groupNames": []
+            }
+        ],
+        "policyDefinitionGroups": null
+    }
+}
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.AzureChinaCloud.json
new file mode 100644
index 0000000000..f4b27dca27
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.AzureChinaCloud.json
@@ -0,0 +1,893 @@
+{
+    "name": "Enforce-EncryptTransit_20240509-AzureChinaCloud",
+    "type": "Microsoft.Authorization/policySetDefinitions",
+    "apiVersion": "2021-06-01",
+    "scope": null,
+    "properties": {
+        "policyType": "Custom",
+        "displayName": "Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit",
+        "description": "Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. ",
+        "metadata": {
+            "version": "1.0.0",
+            "category": "Encryption",
+            "source": "https://github.com/Azure/Enterprise-Scale/",
+            "replacesPolicy": "Enforce-EncryptTransit",
+            "alzCloudEnvironments": [
+                "AzureChinaCloud"
+            ]
+        },
+        "parameters": {
+            "AppServiceHttpEffect": {
+                "type": "String",
+                "defaultValue": "Append",
+                "allowedValues": [
+                    "Append",
+                    "Disabled"
+                ],
+                "metadata": {
+                    "displayName": "App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below",
+                    "description": "Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny."
+                }
+            },
+            "AppServiceTlsVersionEffect": {
+                "type": "String",
+                "defaultValue": "Append",
+                "allowedValues": [
+                    "Append",
+                    "Disabled"
+                ],
+                "metadata": {
+                    "displayName": "App Service. Appends the AppService WebApp, APIApp, Function App to enable https only",
+                    "description": "App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny."
+                }
+            },
+            "AppServiceminTlsVersion": {
+                "type": "String",
+                "defaultValue": "1.2",
+                "allowedValues": [
+                    "1.2",
+                    "1.0",
+                    "1.1"
+                ],
+                "metadata": {
+                    "displayName": "App Service. Select version minimum TLS Web App config",
+                    "description": "App Service. Select version  minimum TLS version for a  Web App config to enforce"
+                }
+            },
+            "APIAppServiceHttpsEffect": {
+                "metadata": {
+                    "displayName": "App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.",
+                    "description": "Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks."
+                },
+                "type": "String",
+                "defaultValue": "Audit",
+                "allowedValues": [
+                    "Audit",
+                    "Disabled",
+                    "Deny"
+                ]
+            },
+            "FunctionLatestTlsEffect": {
+                "metadata": {
+                    "displayName": "App Service Function App. Latest TLS version should be used in your Function App",
+                    "description": "Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version."
+                },
+                "type": "String",
+                "defaultValue": "AuditIfNotExists",
+                "allowedValues": [
+                    "AuditIfNotExists",
+                    "Disabled"
+                ]
+            },
+            "FunctionServiceHttpsEffect": {
+                "metadata": {
+                    "displayName": "App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.",
+                    "description": "App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks."
+                },
+                "type": "String",
+                "defaultValue": "Audit",
+                "allowedValues": [
+                    "Audit",
+                    "Disabled",
+                    "Deny"
+                ]
+            },
+            "FunctionAppTlsEffect": {
+                "metadata": {
+                    "displayName": "App Service Function App. Configure Function apps to use the latest TLS version.",
+                    "description": "App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version."
+                },
+                "type": "string",
+                "defaultValue": "DeployIfNotExists",
+                "allowedValues": [
+                    "DeployIfNotExists",
+                    "Disabled"
+                ]
+            },
+            "LogicAppTlsEffect": {
+                "type": "string",
+                "defaultValue": "DeployIfNotExists",
+                "allowedValues": [
+                    "DeployIfNotExists",
+                    "Disabled"
+                ]
+            },
+            "WebAppServiceLatestTlsEffect": {
+                "metadata": {
+                    "displayName": "App Service Web App. Latest TLS version should be used in your Web App",
+                    "description": "Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version."
+                },
+                "type": "String",
+                "defaultValue": "AuditIfNotExists",
+                "allowedValues": [
+                    "AuditIfNotExists",
+                    "Disabled"
+                ]
+            },
+            "WebAppServiceHttpsEffect": {
+                "metadata": {
+                    "displayName": "App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.",
+                    "description": "Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks."
+                },
+                "type": "String",
+                "defaultValue": "Audit",
+                "allowedValues": [
+                    "Audit",
+                    "Disabled",
+                    "Deny"
+                ]
+            },
+            "AKSIngressHttpsOnlyEffect": {
+                "metadata": {
+                    "displayName": "AKS Service. Enforce HTTPS ingress in Kubernetes cluster",
+                    "description": "This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc."
+                },
+                "type": "String",
+                "defaultValue": "deny",
+                "allowedValues": [
+                    "audit",
+                    "deny",
+                    "disabled"
+                ]
+            },
+            "MySQLEnableSSLDeployEffect": {
+                "type": "String",
+                "defaultValue": "DeployIfNotExists",
+                "allowedValues": [
+                    "DeployIfNotExists",
+                    "Disabled"
+                ],
+                "metadata": {
+                    "displayName": "MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server",
+                    "description": "Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server."
+                }
+            },
+            "MySQLEnableSSLEffect": {
+                "metadata": {
+                    "displayName": "MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers",
+                    "description": "Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server."
+                },
+                "type": "String",
+                "defaultValue": "Audit",
+                "allowedValues": [
+                    "Audit",
+                    "Disabled",
+                    "Deny"
+                ]
+            },
+            "MySQLminimalTlsVersion": {
+                "type": "String",
+                "defaultValue": "TLS1_2",
+                "allowedValues": [
+                    "TLS1_2",
+                    "TLS1_0",
+                    "TLS1_1",
+                    "TLSEnforcementDisabled"
+                ],
+                "metadata": {
+                    "displayName": "MySQL database servers. Select version minimum TLS for MySQL server",
+                    "description": "Select version  minimum TLS version Azure Database for MySQL server to enforce"
+                }
+            },
+            "PostgreSQLEnableSSLDeployEffect": {
+                "type": "String",
+                "defaultValue": "DeployIfNotExists",
+                "allowedValues": [
+                    "DeployIfNotExists",
+                    "Disabled"
+                ],
+                "metadata": {
+                    "displayName": "PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server",
+                    "description": "Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server."
+                }
+            },
+            "PostgreSQLEnableSSLEffect": {
+                "metadata": {
+                    "displayName": "PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers",
+                    "description": "Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server."
+                },
+                "type": "String",
+                "defaultValue": "Audit",
+                "allowedValues": [
+                    "Audit",
+                    "Disabled",
+                    "Deny"
+                ]
+            },
+            "PostgreSQLminimalTlsVersion": {
+                "type": "String",
+                "defaultValue": "TLS1_2",
+                "allowedValues": [
+                    "TLS1_2",
+                    "TLS1_0",
+                    "TLS1_1",
+                    "TLSEnforcementDisabled"
+                ],
+                "metadata": {
+                    "displayName": "PostgreSQL database servers. Select version minimum TLS for MySQL server",
+                    "description": "PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce"
+                }
+            },
+            "RedisTLSDeployEffect": {
+                "type": "String",
+                "defaultValue": "Append",
+                "allowedValues": [
+                    "Append",
+                    "Disabled"
+                ],
+                "metadata": {
+                    "displayName": "Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis",
+                    "description": "Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server."
+                }
+            },
+            "RedisMinTlsVersion": {
+                "type": "String",
+                "defaultValue": "1.2",
+                "allowedValues": [
+                    "1.2",
+                    "1.0",
+                    "1.1"
+                ],
+                "metadata": {
+                    "displayName": "Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis",
+                    "description": "Select version  minimum TLS version for a Azure Cache for Redis to enforce"
+                }
+            },
+            "RedisTLSEffect": {
+                "metadata": {
+                    "displayName": "Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled",
+                    "description": "Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking."
+                },
+                "type": "String",
+                "defaultValue": "Audit",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "SQLManagedInstanceTLSDeployEffect": {
+                "type": "String",
+                "defaultValue": "DeployIfNotExists",
+                "allowedValues": [
+                    "DeployIfNotExists",
+                    "Disabled"
+                ],
+                "metadata": {
+                    "displayName": "Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers",
+                    "description": "Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server."
+                }
+            },
+            "SQLManagedInstanceMinTlsVersion": {
+                "type": "String",
+                "defaultValue": "1.2",
+                "allowedValues": [
+                    "1.2",
+                    "1.0",
+                    "1.1"
+                ],
+                "metadata": {
+                    "displayName": "Azure Managed Instance.Select version minimum TLS for Azure Managed Instance",
+                    "description": "Select version  minimum TLS version for Azure Managed Instanceto to  enforce"
+                }
+            },
+            "SQLManagedInstanceTLSEffect": {
+                "metadata": {
+                    "displayName": "SQL Managed Instance should have the minimal TLS version of 1.2",
+                    "description": "Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities."
+                },
+                "type": "String",
+                "defaultValue": "Audit",
+                "allowedValues": [
+                    "Audit",
+                    "Disabled",
+                    "Deny"
+                ]
+            },
+            "SQLServerTLSDeployEffect": {
+                "type": "String",
+                "defaultValue": "DeployIfNotExists",
+                "allowedValues": [
+                    "DeployIfNotExists",
+                    "Disabled"
+                ],
+                "metadata": {
+                    "displayName": "Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers",
+                    "description": "Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server."
+                }
+            },
+            "SQLServerminTlsVersion": {
+                "type": "String",
+                "defaultValue": "1.2",
+                "allowedValues": [
+                    "1.2",
+                    "1.0",
+                    "1.1"
+                ],
+                "metadata": {
+                    "displayName": "Azure SQL Database.Select version minimum TLS for Azure SQL Database",
+                    "description": "Select version  minimum TLS version for Azure SQL Database to enforce"
+                }
+            },
+            "SQLServerTLSEffect": {
+                "metadata": {
+                    "displayName": "Azure SQL Database should have the minimal TLS version of 1.2",
+                    "description": "Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities."
+                },
+                "type": "String",
+                "defaultValue": "Audit",
+                "allowedValues": [
+                    "Audit",
+                    "Disabled",
+                    "Deny"
+                ]
+            },
+            "StorageDeployHttpsEnabledEffect": {
+                "metadata": {
+                    "displayName": "Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled",
+                    "description": "Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking"
+                },
+                "type": "String",
+                "defaultValue": "DeployIfNotExists",
+                "allowedValues": [
+                    "DeployIfNotExists",
+                    "Disabled"
+                ]
+            },
+            "StorageminimumTlsVersion": {
+                "type": "String",
+                "defaultValue": "TLS1_2",
+                "allowedValues": [
+                    "TLS1_2",
+                    "TLS1_1",
+                    "TLS1_0"
+                ],
+                "metadata": {
+                    "displayName": "Storage Account select minimum TLS version",
+                    "description": "Select version  minimum TLS version on Azure Storage Account to enforce"
+                }
+            },
+            "logicAppHttpsEffect": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "appServiceAppsTls": {
+                "type": "string",
+                "defaultValue": "DeployIfNotExists",
+                "allowedValues": [
+                    "DeployIfNotExists",
+                    "Disabled"
+                ]
+            },
+            "functionAppSlotsTls": {
+                "type": "string",
+                "defaultValue": "DeployIfNotExists",
+                "allowedValues": [
+                    "DeployIfNotExists",
+                    "Disabled"
+                ]
+            },
+            "appServiceAppsHttps": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "appServiceTls": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "appServiceAppSlotTls": {
+                "type": "string",
+                "defaultValue": "DeployIfNotExists",
+                "allowedValues": [
+                    "DeployIfNotExists",
+                    "Disabled"
+                ]
+            },
+            "functionAppSlotsHttps": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "functionAppHttps": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "appServiceAppSlotsHttps": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "eventHubMinTls": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "sqlManagedTlsVersion": {
+                "type": "string",
+                "defaultValue": "Audit",
+                "allowedValues": [
+                    "Audit",
+                    "Disabled"
+                ]
+            },
+            "sqlDbTls": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageAccountsTls": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "synapseTlsVersion": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            }
+        },
+        "policyDefinitions": [
+            {
+                "policyDefinitionReferenceId": "AppServiceHttpEffect",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('AppServiceHttpEffect')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "AppServiceminTlsVersion",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('AppServiceTlsVersionEffect')]"
+                    },
+                    "minTlsVersion": {
+                        "value": "[[parameters('AppServiceminTlsVersion')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "FunctionLatestTlsEffect",
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('FunctionLatestTlsEffect')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "WebAppServiceLatestTlsEffect",
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('WebAppServiceLatestTlsEffect')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "APIAppServiceHttpsEffect",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('APIAppServiceHttpsEffect')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "FunctionServiceHttpsEffect",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('FunctionServiceHttpsEffect')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "WebAppServiceHttpsEffect",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('WebAppServiceHttpsEffect')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "AKSIngressHttpsOnlyEffect",
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('AKSIngressHttpsOnlyEffect')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "MySQLEnableSSLDeployEffect",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('MySQLEnableSSLDeployEffect')]"
+                    },
+                    "minimalTlsVersion": {
+                        "value": "[[parameters('MySQLminimalTlsVersion')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "MySQLEnableSSLEffect",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('MySQLEnableSSLEffect')]"
+                    },
+                    "minimalTlsVersion": {
+                        "value": "[[parameters('MySQLminimalTlsVersion')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "PostgreSQLEnableSSLDeployEffect",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('PostgreSQLEnableSSLDeployEffect')]"
+                    },
+                    "minimalTlsVersion": {
+                        "value": "[[parameters('PostgreSQLminimalTlsVersion')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "PostgreSQLEnableSSLEffect",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('PostgreSQLEnableSSLEffect')]"
+                    },
+                    "minimalTlsVersion": {
+                        "value": "[[parameters('PostgreSQLminimalTlsVersion')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "RedisTLSDeployEffect",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('RedisTLSDeployEffect')]"
+                    },
+                    "minimumTlsVersion": {
+                        "value": "[[parameters('RedisMinTlsVersion')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "RedisdisableNonSslPort",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('RedisTLSDeployEffect')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "RedisDenyhttps",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('RedisTLSEffect')]"
+                    },
+                    "minimumTlsVersion": {
+                        "value": "[[parameters('RedisMinTlsVersion')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "SQLManagedInstanceTLSDeployEffect",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('SQLManagedInstanceTLSDeployEffect')]"
+                    },
+                    "minimalTlsVersion": {
+                        "value": "[[parameters('SQLManagedInstanceMinTlsVersion')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "SQLManagedInstanceTLSEffect",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('SQLManagedInstanceTLSEffect')]"
+                    },
+                    "minimalTlsVersion": {
+                        "value": "[[parameters('SQLManagedInstanceMinTlsVersion')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "SQLServerTLSDeployEffect",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('SQLServerTLSDeployEffect')]"
+                    },
+                    "minimalTlsVersion": {
+                        "value": "[[parameters('SQLServerminTlsVersion')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "SQLServerTLSEffect",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('SQLServerTLSEffect')]"
+                    },
+                    "minimalTlsVersion": {
+                        "value": "[[parameters('SQLServerminTlsVersion')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "StorageDeployHttpsEnabledEffect",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('StorageDeployHttpsEnabledEffect')]"
+                    },
+                    "minimumTlsVersion": {
+                        "value": "[[parameters('StorageMinimumTlsVersion')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "Dine-FunctionApp-Tls",
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('FunctionAppTlsEffect')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionReferenceId": "Deploy-LogicApp-TLS",
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('LogicAppTlsEffect')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https",
+                "policyDefinitionReferenceId": "Deny-LogicApp-Without-Https",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('logicAppHttpsEffect')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063",
+                "policyDefinitionReferenceId": "Dine-Function-Apps-Slots-Tls",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('functionAppSlotsTls')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d",
+                "policyDefinitionReferenceId": "Dine-AppService-Apps-Tls",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('appServiceAppsTls')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d",
+                "policyDefinitionReferenceId": "Deny-AppService-Apps-Https",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('appServiceAppsHttps')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50",
+                "policyDefinitionReferenceId": "Deny-AppService-Tls",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('appServiceTls')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df",
+                "policyDefinitionReferenceId": "DINE-AppService-AppSlotTls",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('appServiceAppSlotTls')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71",
+                "policyDefinitionReferenceId": "Deny-FuncAppSlots-Https",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('functionAppSlotsHttps')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab",
+                "policyDefinitionReferenceId": "Deny-FunctionApp-Https",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('functionAppHttps')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc",
+                "policyDefinitionReferenceId": "Deny-AppService-Slots-Https",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('appServiceAppSlotsHttps')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS",
+                "policyDefinitionReferenceId": "Deny-EH-minTLS",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('eventHubMinTls')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4",
+                "policyDefinitionReferenceId": "Deny-Sql-Managed-Tls-Version",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('sqlManagedTlsVersion')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf",
+                "policyDefinitionReferenceId": "Deny-Sql-Db-Tls",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('sqlDbTls')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0",
+                "policyDefinitionReferenceId": "Deny-Storage-Tls",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageAccountsTls')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4",
+                "policyDefinitionReferenceId": "Deny-Synapse-Tls-Version",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('synapseTlsVersion')]"
+                    }
+                }
+            }
+        ],
+        "policyDefinitionGroups": null
+    }
+}
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.json
index 1d96c3c4ba..cc7214c6ed 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.json
@@ -14,7 +14,6 @@
             "replacesPolicy": "Enforce-EncryptTransit",
             "alzCloudEnvironments": [
                 "AzureCloud",
-                "AzureChinaCloud",
                 "AzureUSGovernment"
             ]
         },
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK.AzureChinaCloud.json
index bd78dc311b..f21fb0f251 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK.AzureChinaCloud.json
@@ -1,5 +1,5 @@
 {
-  "name": "Enforce-Encryption-CMK",
+  "name": "Enforce-Encryption-CMK-AzureChinaCloud",
   "type": "Microsoft.Authorization/policySetDefinitions",
   "apiVersion": "2021-06-01",
   "scope": null,
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.AzureChinaCloud.json
new file mode 100644
index 0000000000..1451a1d2c5
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.AzureChinaCloud.json
@@ -0,0 +1,79 @@
+{
+    "name": "Enforce-Guardrails-Automation-AzureChinaCloud",
+    "type": "Microsoft.Authorization/policySetDefinitions",
+    "apiVersion": "2021-06-01",
+    "scope": null,
+    "properties": {
+        "policyType": "Custom",
+        "displayName": "Enforce recommended guardrails for Automation Account",
+        "description": "This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.",
+        "metadata": {
+            "version": "1.0.0",
+            "category": "Automation",
+            "source": "https://github.com/Azure/Enterprise-Scale/",
+            "alzCloudEnvironments": [
+                "AzureChinaCloud"
+            ]
+        },
+        "parameters": {
+            "aaVariablesEncryption": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Disabled",
+                    "Deny"
+                ]
+            },
+            "aaManagedIdentity": {
+                "type": "string",
+                "defaultValue": "Audit",
+                "allowedValues": [
+                    "Audit",
+                    "Disabled"
+                ]
+            },
+            "aaModifyPublicNetworkAccess": {
+                "type": "string",
+                "defaultValue": "Modify",
+                "allowedValues": [
+                    "Modify",
+                    "Disabled"
+                ]
+            }
+        },
+        "policyDefinitions": [
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0",
+                "policyDefinitionReferenceId": "Deny-Aa-Managed-Identity",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('aaManagedIdentity')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735",
+                "policyDefinitionReferenceId": "Deny-Aa-Variables-Encrypt",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('aaVariablesEncryption')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c",
+                "policyDefinitionReferenceId": "Modify-Aa-Public-Network-Access",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('aaModifyPublicNetworkAccess')]"
+                    }
+                }
+            }
+        ],
+        "policyDefinitionGroups": null
+    }
+}
\ No newline at end of file
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.json
index 3bcb0f4344..2bfd86c6ad 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.json
@@ -13,7 +13,6 @@
             "source": "https://github.com/Azure/Enterprise-Scale/",
             "alzCloudEnvironments": [
                 "AzureCloud",
-                "AzureChinaCloud",
                 "AzureUSGovernment"
             ]
         },
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.AzureChinaCloud.json
new file mode 100644
index 0000000000..ee4a15624f
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.AzureChinaCloud.json
@@ -0,0 +1,43 @@
+{
+    "name": "Enforce-Guardrails-ContainerApps-AzureChinaCloud",
+    "type": "Microsoft.Authorization/policySetDefinitions",
+    "apiVersion": "2021-06-01",
+    "scope": null,
+    "properties": {
+        "policyType": "Custom",
+        "displayName": "Enforce recommended guardrails for Container Apps",
+        "description": "This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.",
+        "metadata": {
+            "version": "1.0.0",
+            "category": "Container Apps",
+            "source": "https://github.com/Azure/Enterprise-Scale/",
+            "alzCloudEnvironments": [
+                "AzureChinaCloud"
+            ]
+        },
+        "parameters": {
+            "containerAppsManagedIdentity": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            }
+        },
+        "policyDefinitions": [
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7",
+                "policyDefinitionReferenceId": "Deny-ContainerApps-Managed-Identity",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('containerAppsManagedIdentity')]"
+                    }
+                }
+            }
+        ],
+        "policyDefinitionGroups": null
+    }
+}
\ No newline at end of file
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.json
index 55ab33e46a..e8b63fa8cd 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.json
@@ -13,7 +13,6 @@
             "source": "https://github.com/Azure/Enterprise-Scale/",
             "alzCloudEnvironments": [
                 "AzureCloud",
-                "AzureChinaCloud",
                 "AzureUSGovernment"
             ]
         },
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.AzureChinaCloud.json
new file mode 100644
index 0000000000..129b6a19c7
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.AzureChinaCloud.json
@@ -0,0 +1,104 @@
+{
+    "name": "Enforce-Guardrails-CosmosDb-AzureChinaCloud",
+    "type": "Microsoft.Authorization/policySetDefinitions",
+    "apiVersion": "2021-06-01",
+    "scope": null,
+    "properties": {
+        "policyType": "Custom",
+        "displayName": "Enforce recommended guardrails for Cosmos DB",
+        "description": "This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.",
+        "metadata": {
+            "version": "1.0.0",
+            "category": "Cosmos DB",
+            "source": "https://github.com/Azure/Enterprise-Scale/",
+            "alzCloudEnvironments": [
+                "AzureChinaCloud"
+            ]
+        },
+        "parameters": {
+            "cosmosDbLocalAuth": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "cosmosDbFwRules": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "cosmosDbModifyLocalAuth": {
+                "type": "string",
+                "defaultValue": "Modify",
+                "allowedValues": [
+                    "Modify",
+                    "Disabled"
+                ]
+            },
+            "cosmosDbModifyPublicAccess": {
+                "type": "string",
+                "defaultValue": "Modify",
+                "allowedValues": [
+                    "Modify",
+                    "Disabled"
+                ]
+            }
+        },
+        "policyDefinitions": [
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049",
+                "policyDefinitionReferenceId": "Modify-CosmosDb-Local-Auth",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('cosmosDbModifyLocalAuth')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb",
+                "policyDefinitionReferenceId": "Deny-CosmosDb-Fw-Rules",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('cosmosDbFwRules')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2",
+                "policyDefinitionReferenceId": "Deny-CosmosDb-Local-Auth",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('cosmosDbLocalAuth')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5",
+                "policyDefinitionReferenceId": "Append-CosmosDb-Metadata",
+                "groupNames": [],
+                "parameters": {}
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088",
+                "policyDefinitionReferenceId": "Modify-CosmosDb-Public-Network-Access",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('cosmosDbModifyPublicAccess')]"
+                    }
+                }
+            }
+        ],
+        "policyDefinitionGroups": null
+    }
+}
\ No newline at end of file
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.json
index 78b5883aab..d51825513e 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.json
@@ -13,7 +13,6 @@
             "source": "https://github.com/Azure/Enterprise-Scale/",
             "alzCloudEnvironments": [
                 "AzureCloud",
-                "AzureChinaCloud",
                 "AzureUSGovernment"
             ]
         },
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.AzureChinaCloud.json
new file mode 100644
index 0000000000..2105d926eb
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.AzureChinaCloud.json
@@ -0,0 +1,42 @@
+{
+    "name": "Enforce-Guardrails-KeyVault-Sup-AzureChinaCloud",
+    "type": "Microsoft.Authorization/policySetDefinitions",
+    "apiVersion": "2021-06-01",
+    "scope": null,
+    "properties": {
+        "policyType": "Custom",
+        "displayName": "Enforce additional recommended guardrails for Key Vault",
+        "description": "This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones.",
+        "metadata": {
+            "version": "1.0.0",
+            "category": "Key Vault",
+            "source": "https://github.com/Azure/Enterprise-Scale/",
+            "alzCloudEnvironments": [
+                "AzureChinaCloud"
+            ]
+        },
+        "parameters": {
+            "keyVaultModifyFw": {
+                "type": "string",
+                "defaultValue": "Modify",
+                "allowedValues": [
+                    "Modify",
+                    "Disabled"
+                ]
+            }
+        },
+        "policyDefinitions": [
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc",
+                "policyDefinitionReferenceId": "Modify-KV-Fw",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keyVaultModifyFw')]"
+                    }
+                }
+            }
+        ],
+        "policyDefinitionGroups": null
+    }
+}
\ No newline at end of file
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.json
index 3c68197a8e..67608838e1 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.json
@@ -13,7 +13,6 @@
             "source": "https://github.com/Azure/Enterprise-Scale/",
             "alzCloudEnvironments": [
                 "AzureCloud",
-                "AzureChinaCloud",
                 "AzureUSGovernment"
             ]
         },
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json
new file mode 100644
index 0000000000..ebf8a69514
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json
@@ -0,0 +1,664 @@
+{
+    "name": "Enforce-Guardrails-KeyVault-AzureChinaCloud",
+    "type": "Microsoft.Authorization/policySetDefinitions",
+    "apiVersion": "2021-06-01",
+    "scope": null,
+    "properties": {
+        "policyType": "Custom",
+        "displayName": "Enforce recommended guardrails for Azure Key Vault",
+        "description": "Enforce recommended guardrails for Azure Key Vault.",
+        "metadata": {
+            "version": "2.0.0",
+            "category": "Key Vault",
+            "source": "https://github.com/Azure/Enterprise-Scale/",
+            "alzCloudEnvironments": [
+                "AzureChinaCloud"
+            ]
+        },
+        "parameters": {
+            "effectKvSoftDelete": {
+                "type": "String",
+                "metadata": {
+                    "displayName": "Effect",
+                    "description": "Enable or disable the execution of the policy"
+                },
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ],
+                "defaultValue": "Deny"
+            },
+            "effectKvPurgeProtection": {
+                "type": "String",
+                "metadata": {
+                    "displayName": "Effect",
+                    "description": "Enable or disable the execution of the policy"
+                },
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ],
+                "defaultValue": "Deny"
+            },
+            "effectKvSecretsExpire": {
+                "type": "String",
+                "metadata": {
+                    "displayName": "Effect",
+                    "description": "Enable or disable the execution of the policy"
+                },
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ],
+                "defaultValue": "Audit"
+            },
+            "effectKvKeysExpire": {
+                "type": "String",
+                "metadata": {
+                    "displayName": "Effect",
+                    "description": "Enable or disable the execution of the policy"
+                },
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ],
+                "defaultValue": "Audit"
+            },
+            "effectKvFirewallEnabled": {
+                "type": "String",
+                "metadata": {
+                    "displayName": "Effect",
+                    "description": "Enable or disable the execution of the policy"
+                },
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ],
+                "defaultValue": "Audit"
+            },
+            "effectKvCertLifetime": {
+                "type": "String",
+                "metadata": {
+                    "displayName": "Effect",
+                    "description": "Enable or disable the execution of the policy"
+                },
+                "allowedValues": [
+                    "audit",
+                    "Audit",
+                    "deny",
+                    "Deny",
+                    "disabled",
+                    "Disabled"
+                ],
+                "defaultValue": "Audit"
+            },
+            "maximumCertLifePercentageLife": {
+                "type": "Integer",
+                "metadata": {
+                    "displayName": "The maximum lifetime percentage",
+                    "description": "Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'."
+                },
+                "defaultValue": 80
+            },
+            "minimumCertLifeDaysBeforeExpiry": {
+                "type": "Integer",
+                "metadata": {
+                    "displayName": "The minimum days before expiry",
+                    "description": "Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'."
+                },
+                "defaultValue": 90
+            },
+            "effectKvKeysLifetime": {
+                "type": "String",
+                "metadata": {
+                    "displayName": "Effect",
+                    "description": "Enable or disable the execution of the policy"
+                },
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ],
+                "defaultValue": "Audit"
+            },
+            "minimumKeysLifeDaysBeforeExpiry": {
+                "type": "Integer",
+                "metadata": {
+                    "displayName": "The minimum days before expiry",
+                    "description": "Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'."
+                },
+                "defaultValue": 90
+            },
+            "effectKvSecretsLifetime": {
+                "type": "String",
+                "metadata": {
+                    "displayName": "Effect",
+                    "description": "Enable or disable the execution of the policy"
+                },
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ],
+                "defaultValue": "Audit"
+            },
+            "minimumSecretsLifeDaysBeforeExpiry": {
+                "type": "Integer",
+                "metadata": {
+                    "displayName": "The minimum days before expiry",
+                    "description": "Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'."
+                },
+                "defaultValue": 90
+            },
+            "keyVaultCheckMinimumRSACertificateSize": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "audit",
+                    "Audit",
+                    "deny",
+                    "Deny",
+                    "disabled",
+                    "Disabled"
+                ]
+            },
+            "keyVaultMinimumRSACertificateSizeValue": {
+                "type": "integer",
+                "defaultValue": 2048,
+                "allowedValues": [
+                    2048,
+                    3072,
+                    4096
+                ]
+            },
+            "keyVaultCheckMinimumRSAKeySize": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "keyVaultMinimumRSAKeySizeValue": {
+                "type": "integer",
+                "defaultValue": 2048,
+                "allowedValues": [
+                    2048,
+                    3072,
+                    4096
+                ]
+            },
+            "keyVaultArmRbac": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "keyVaultCertificatesPeriod": {
+                "type": "string",
+                "defaultValue": "Disabled",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "keyVaultCertValidPeriod": {
+                "type": "integer",
+                "defaultValue": 12
+            },
+            "keysValidPeriod": {
+                "type": "string",
+                "defaultValue": "Disabled",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "keysValidityInDays": {
+                "type": "integer",
+                "defaultValue": 90
+            },
+            "secretsValidPeriod": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "secretsValidityInDays": {
+                "type": "integer",
+                "defaultValue": 90
+            },
+            "keyVaultCertKeyTypes": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "audit",
+                    "Audit",
+                    "deny",
+                    "Deny",
+                    "disabled",
+                    "Disabled"
+                ]
+            },
+            "keyVaultEllipticCurve": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "audit",
+                    "Audit",
+                    "deny",
+                    "Deny",
+                    "disabled",
+                    "Disabled"
+                ]
+            },
+            "keyVaultCryptographicType": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "keysActive": {
+                "type": "string",
+                "defaultValue": "Disabled",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "keysActiveInDays": {
+                "type": "integer",
+                "defaultValue": 90
+            },
+            "keysCurveNames": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "secretsActiveInDays": {
+                "type": "integer",
+                "defaultValue": 90
+            },
+            "secretsActive": {
+                "type": "string",
+                "defaultValue": "Disabled",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "keyVaultSecretContentType": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "keyVaultNonIntegratedCa": {
+                "type": "string",
+                "defaultValue": "Disabled",
+                "allowedValues": [
+                    "audit",
+                    "Audit",
+                    "deny",
+                    "Deny",
+                    "disabled",
+                    "Disabled"
+                ]
+            },
+            "keyVaultNonIntegratedCaValue": {
+                "type": "string",
+                "defaultValue": "",
+                "metadata": {
+                    "displayName": "The common name of the certificate authority",
+                    "description": "The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso"
+                }
+            },
+            "keyVaultIntegratedCa": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "audit",
+                    "Audit",
+                    "deny",
+                    "Deny",
+                    "disabled",
+                    "Disabled"
+                ]
+            },
+            "keyVaultIntegratedCaValue": {
+                "type": "array",
+                "defaultValue": [
+                    "DigiCert",
+                    "GlobalSign"
+                ]
+            },
+            "keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "audit",
+                    "Audit",
+                    "deny",
+                    "Deny",
+                    "disabled",
+                    "Disabled"
+                ]
+            },
+            "keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue": {
+                "type": "integer",
+                "defaultValue": 90
+            }
+        },
+        "policyDefinitions": [
+            {
+                "policyDefinitionReferenceId": "KvSoftDelete",
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('effectKvSoftDelete')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "KvPurgeProtection",
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('effectKvPurgeProtection')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "KvSecretsExpire",
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('effectKvSecretsExpire')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "KvKeysExpire",
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('effectKvKeysExpire')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "KvFirewallEnabled",
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('effectKvFirewallEnabled')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "KvCertLifetime",
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('effectKvCertLifetime')]"
+                    },
+                    "maximumPercentageLife": {
+                        "value": "[[parameters('maximumCertLifePercentageLife')]"
+                    },
+                    "minimumDaysBeforeExpiry": {
+                        "value": "[[parameters('minimumCertLifeDaysBeforeExpiry')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "KvKeysLifetime",
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('effectKvKeysLifetime')]"
+                    },
+                    "minimumDaysBeforeExpiration": {
+                        "value": "[[parameters('minimumKeysLifeDaysBeforeExpiry')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionReferenceId": "KvSecretsLifetime",
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a",
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('effectKvSecretsLifetime')]"
+                    },
+                    "minimumDaysBeforeExpiration": {
+                        "value": "[[parameters('minimumSecretsLifeDaysBeforeExpiry')]"
+                    }
+                },
+                "groupNames": []
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0",
+                "policyDefinitionReferenceId": "Deny-KV-RSA-Keys-without-MinCertSize",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keyVaultCheckMinimumRSACertificateSize')]"
+                    },
+                    "minimumRSAKeySize": {
+                        "value": "[[parameters('keyVaultMinimumRSACertificateSizeValue')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9",
+                "policyDefinitionReferenceId": "Deny-KV-RSA-Keys-without-MinKeySize",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keyVaultCheckMinimumRSAKeySize')]"
+                    },
+                    "minimumRSAKeySize": {
+                        "value": "[[parameters('keyVaultMinimumRSAKeySizeValue')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5",
+                "policyDefinitionReferenceId": "Deny-KV-without-ArmRbac",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keyVaultArmRbac')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560",
+                "policyDefinitionReferenceId": "Deny-KV-Cert-Period",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keyVaultCertificatesPeriod')]"
+                    },
+                    "maximumValidityInMonths": {
+                        "value": "[[parameters('keyVaultCertValidPeriod')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9",
+                "policyDefinitionReferenceId": "Deny-KV-Keys-Expire",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keysValidPeriod')]"
+                    },
+                    "maximumValidityInDays": {
+                        "value": "[[parameters('keysValidityInDays')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f",
+                "policyDefinitionReferenceId": "Deny-KV-Secrets-ValidityDays",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('secretsValidPeriod')]"
+                    },
+                    "maximumValidityInDays": {
+                        "value": "[[parameters('secretsValidityInDays')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f",
+                "policyDefinitionReferenceId": "Deny-KV-Key-Types",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keyVaultCertKeyTypes')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf",
+                "policyDefinitionReferenceId": "Deny-KV-Elliptic-Curve",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keyVaultEllipticCurve')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb",
+                "policyDefinitionReferenceId": "Deny-KV-Cryptographic-Type",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keyVaultCryptographicType')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9",
+                "policyDefinitionReferenceId": "Deny-KV-Key-Active",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keysActive')]"
+                    },
+                    "maximumValidityInDays": {
+                        "value": "[[parameters('keysActiveInDays')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255",
+                "policyDefinitionReferenceId": "Deny-KV-Curve-Names",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keysCurveNames')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe",
+                "policyDefinitionReferenceId": "Deny-KV-Secret-ActiveDays",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('secretsActive')]"
+                    },
+                    "maximumValidityInDays": {
+                        "value": "[[parameters('secretsActiveInDays')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3",
+                "policyDefinitionReferenceId": "Deny-Kv-Secret-Content-Type",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keyVaultSecretContentType')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341",
+                "policyDefinitionReferenceId": "Deny-Kv-Non-Integrated-Ca",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keyVaultNonIntegratedCa')]"
+                    },
+                    "caCommonName": {
+                        "value": "[[parameters('keyVaultNonIntegratedCaValue')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82",
+                "policyDefinitionReferenceId": "Deny-Kv-Integrated-Ca",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keyVaultIntegratedCa')]"
+                    },
+                    "allowedCAs": {
+                        "value": "[[parameters('keyVaultIntegratedCaValue')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427",
+                "policyDefinitionReferenceId": "Deny-Kv-Cert-Expiration-Within-Specific-Number-Days",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]"
+                    },
+                    "daysToExpire": {
+                        "value": "[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]"
+                    }
+                }
+            }
+        ],
+        "policyDefinitionGroups": null
+    }
+}
\ No newline at end of file
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json
index 0ae85c071b..15f5759341 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json
@@ -13,7 +13,6 @@
             "source": "https://github.com/Azure/Enterprise-Scale/",
             "alzCloudEnvironments": [
                 "AzureCloud",
-                "AzureChinaCloud",
                 "AzureUSGovernment"
             ]
         },
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.AzureChinaCloud.json
new file mode 100644
index 0000000000..31b0554dad
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.AzureChinaCloud.json
@@ -0,0 +1,42 @@
+{
+    "name": "Enforce-Guardrails-MySQL-AzureChinaCloud",
+    "type": "Microsoft.Authorization/policySetDefinitions",
+    "apiVersion": "2021-06-01",
+    "scope": null,
+    "properties": {
+        "policyType": "Custom",
+        "displayName": "Enforce recommended guardrails for MySQL",
+        "description": "This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.",
+        "metadata": {
+            "version": "1.0.0",
+            "category": "MySQL",
+            "source": "https://github.com/Azure/Enterprise-Scale/",
+            "alzCloudEnvironments": [
+                "AzureChinaCloud"
+            ]
+        },
+        "parameters": {
+            "mySqlAdvThreatProtection": {
+                "type": "string",
+                "defaultValue": "DeployIfNotExists",
+                "allowedValues": [
+                    "DeployIfNotExists",
+                    "Disabled"
+                ]
+            }
+        },
+        "policyDefinitions": [
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816",
+                "policyDefinitionReferenceId": "Dine-MySql-Adv-Threat-Protection",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('mySqlAdvThreatProtection')]"
+                    }
+                }
+            }
+        ],
+        "policyDefinitionGroups": null
+    }
+}
\ No newline at end of file
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.json
index ce2b30161f..ef5db71614 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.json
@@ -13,7 +13,6 @@
             "source": "https://github.com/Azure/Enterprise-Scale/",
             "alzCloudEnvironments": [
                 "AzureCloud",
-                "AzureChinaCloud",
                 "AzureUSGovernment"
             ]
         },
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json
new file mode 100644
index 0000000000..6d2d86d4ca
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json
@@ -0,0 +1,364 @@
+{
+    "name": "Enforce-Guardrails-Network-AzureChinaCloud",
+    "type": "Microsoft.Authorization/policySetDefinitions",
+    "apiVersion": "2021-06-01",
+    "scope": null,
+    "properties": {
+        "policyType": "Custom",
+        "displayName": "Enforce recommended guardrails for Network and Networking services",
+        "description": "This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.",
+        "metadata": {
+            "version": "1.0.0",
+            "category": "Network",
+            "source": "https://github.com/Azure/Enterprise-Scale/",
+            "alzCloudEnvironments": [
+                "AzureChinaCloud"
+            ]
+        },
+        "parameters": {
+            "subnetUdr": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "subnetNsg": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "subnetServiceEndpoint": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "appGwWaf": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "vnetModifyDdos": {
+                "type": "string",
+                "defaultValue": "Modify"
+            },
+            "ddosPlanResourceId": {
+                "type": "string",
+                "defaultValue": ""
+            },
+            "wafModeAppGw": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "wafModeAppGwRequirement": {
+                "type": "string",
+                "defaultValue": "Prevention"
+            },
+            "denyMgmtFromInternet": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "denyMgmtFromInternetPorts": {
+                "type": "Array",
+                "metadata": {
+                    "displayName": "Ports",
+                    "description": "Ports to be blocked"
+                },
+                "defaultValue": [
+                    "22",
+                    "3389"
+                ]
+            },
+            "vpnAzureAD": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "appGwTlsVersion": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "modifyUdr": {
+                "type": "string",
+                "defaultValue": "Disabled"
+            },
+            "modifyUdrNextHopIpAddress": {
+                "type": "string",
+                "defaultValue": ""
+            },
+            "modifyUdrNextHopType": {
+                "type": "string",
+                "defaultValue": "None"
+            },
+            "modifyUdrAddressPrefix": {
+                "type": "string",
+                "defaultValue": "0.0.0.0/0"
+            },
+            "modifyNsg": {
+                "type": "string",
+                "defaultValue": "Disabled",
+                "allowedValues": [
+                    "Modify",
+                    "Disabled"
+                ]
+            },
+            "modifyNsgRuleName": {
+                "type": "string",
+                "defaultValue": "DenyAnyInternetOutbound"
+            },
+            "modifyNsgRulePriority": {
+                "type": "integer",
+                "defaultValue": 1000
+            },
+            "modifyNsgRuleDirection": {
+                "type": "string",
+                "defaultValue": "Outbound"
+            },
+            "modifyNsgRuleAccess": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "modifyNsgRuleProtocol": {
+                "type": "string",
+                "defaultValue": "*"
+            },
+            "modifyNsgRuleSourceAddressPrefix": {
+                "type": "string",
+                "defaultValue": "*"
+            },
+            "modifyNsgRuleSourcePortRange": {
+                "type": "string",
+                "defaultValue": "*"
+            },
+            "modifyNsgRuleDestinationAddressPrefix": {
+                "type": "string",
+                "defaultValue": "Internet"
+            },
+            "modifyNsgRuleDestinationPortRange": {
+                "type": "string",
+                "defaultValue": "*"
+            },
+            "modifyNsgRuleDescription": {
+                "type": "string",
+                "defaultValue": "Deny any outbound traffic to the Internet"
+            }
+        },
+        "policyDefinitions": [
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010",
+                "policyDefinitionReferenceId": "Deny-Nsg-GW-subnet",
+                "groupNames": [],
+                "parameters": {}
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7",
+                "policyDefinitionReferenceId": "Deny-VPN-AzureAD",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('vpnAzureAD')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096",
+                "policyDefinitionReferenceId": "Deny-Waf-AppGw-mode",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('wafModeAppGw')]"
+                    },
+                    "modeRequirement": {
+                        "value": "[[parameters('wafModeAppGwRequirement')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d",
+                "policyDefinitionReferenceId": "Modify-vNet-DDoS",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('vnetModifyDdos')]"
+                    },
+                    "ddosPlan": {
+                        "value": "[[parameters('ddosPlanResourceId')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900",
+                "policyDefinitionReferenceId": "Deny-Ip-Forwarding",
+                "groupNames": [],
+                "parameters": {}
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114",
+                "policyDefinitionReferenceId": "Deny-vNic-Pip",
+                "groupNames": [],
+                "parameters": {}
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66",
+                "policyDefinitionReferenceId": "Deny-AppGw-Without-Waf",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('appGwWaf')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr",
+                "policyDefinitionReferenceId": "Deny-Subnet-Without-Udr",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('subnetUdr')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg",
+                "policyDefinitionReferenceId": "Deny-Subnet-Without-NSG",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('subnetNsg')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints",
+                "policyDefinitionReferenceId": "Deny-Subnet-with-Service-Endpoints",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('subnetServiceEndpoint')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet",
+                "policyDefinitionReferenceId": "Deny-Mgmt-From-Internet",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('denyMgmtFromInternet')]"
+                    },
+                    "ports": {
+                        "value": "[[parameters('denyMgmtFromInternetPorts')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls",
+                "policyDefinitionReferenceId": "Deny-AppGw-Without-Tls",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('appGwTlsVersion')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR",
+                "policyDefinitionReferenceId": "Modify-Udr",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('modifyUdr')]"
+                    },
+                    "nextHopIpAddress": {
+                        "value": "[[parameters('modifyUdrNextHopIpAddress')]"
+                    },
+                    "nextHopType": {
+                        "value": "[[parameters('modifyUdrNextHopType')]"
+                    },
+                    "addressPrefix": {
+                        "value": "[[parameters('modifyUdrAddressPrefix')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG",
+                "policyDefinitionReferenceId": "Modify-Nsg",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('modifyNsg')]"
+                    },
+                    "nsgRuleName": {
+                        "value": "[[parameters('modifyNsgRuleName')]"
+                    },
+                    "nsgRulePriority": {
+                        "value": "[[parameters('modifyNsgRulePriority')]"
+                    },
+                    "nsgRuleDirection": {
+                        "value": "[[parameters('modifyNsgRuleDirection')]"
+                    },
+                    "nsgRuleAccess": {
+                        "value": "[[parameters('modifyNsgRuleAccess')]"
+                    },
+                    "nsgRuleProtocol": {
+                        "value": "[[parameters('modifyNsgRuleProtocol')]"
+                    },
+                    "nsgRuleSourceAddressPrefix": {
+                        "value": "[[parameters('modifyNsgRuleSourceAddressPrefix')]"
+                    },
+                    "nsgRuleSourcePortRange": {
+                        "value": "[[parameters('modifyNsgRuleSourcePortRange')]"
+                    },
+                    "nsgRuleDestinationAddressPrefix": {
+                        "value": "[[parameters('modifyNsgRuleDestinationAddressPrefix')]"
+                    },
+                    "nsgRuleDestinationPortRange": {
+                        "value": "[[parameters('modifyNsgRuleDestinationPortRange')]"
+                    },
+                    "nsgRuleDescription": {
+                        "value": "[[parameters('modifyNsgRuleDescription')]"
+                    }
+                }
+            }
+        ],
+        "policyDefinitionGroups": null
+    }
+}
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.json
index a90c9872ab..72999f5523 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.json
@@ -13,7 +13,6 @@
             "source": "https://github.com/Azure/Enterprise-Scale/",
             "alzCloudEnvironments": [
                 "AzureCloud",
-                "AzureChinaCloud",
                 "AzureUSGovernment"
             ]
         },
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.AzureChinaCloud.json
new file mode 100644
index 0000000000..7248cb847e
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.AzureChinaCloud.json
@@ -0,0 +1,443 @@
+{
+    "name": "Enforce-Guardrails-Storage-AzureChinaCloud",
+    "type": "Microsoft.Authorization/policySetDefinitions",
+    "apiVersion": "2021-06-01",
+    "scope": null,
+    "properties": {
+        "policyType": "Custom",
+        "displayName": "Enforce recommended guardrails for Storage Account",
+        "description": "This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.",
+        "metadata": {
+            "version": "1.0.0",
+            "category": "Storage",
+            "source": "https://github.com/Azure/Enterprise-Scale/",
+            "alzCloudEnvironments": [
+                "AzureChinaCloud"
+            ]
+        },
+        "parameters": {
+            "storageKeysExpiration": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageAccountNetworkRules": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageAccountRestrictNetworkRules": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageClassicToArm": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageAccountsInfraEncryption": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageAccountSharedKey": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageAccountsCrossTenant": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageAccountsDoubleEncryption": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageAccountsCopyScope": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageAccountsAllowedCopyScope": {
+                "type": "string",
+                "defaultValue": "AAD"
+            },
+            "storageServicesEncryption": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageLocalUser": {
+                "type": "string",
+                "defaultValue": "Disabled",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageSftp": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageNetworkAclsBypass": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageAllowedNetworkAclsBypass": {
+                "type": "array",
+                "defaultValue": [
+                    "None"
+                ]
+            },
+            "storageResourceAccessRulesTenantId": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageResourceAccessRulesResourceId": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageNetworkAclsVirtualNetworkRules": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageContainerDeleteRetentionPolicy": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "storageMinContainerDeleteRetentionInDays": {
+                "type": "Integer",
+                "defaultValue": 7
+            },
+            "storageCorsRules": {
+                "type": "string",
+                "defaultValue": "Deny",
+                "allowedValues": [
+                    "Audit",
+                    "Deny",
+                    "Disabled"
+                ]
+            },
+            "modifyStorageFileSyncPublicEndpoint": {
+                "type": "string",
+                "defaultValue": "Modify",
+                "allowedValues": [
+                    "Modify",
+                    "Disabled"
+                ]
+            },
+            "modifyStorageAccountPublicEndpoint": {
+                "type": "string",
+                "defaultValue": "Modify",
+                "allowedValues": [
+                    "Modify",
+                    "Disabled"
+                ]
+            },
+            "storageAccountsModifyDisablePublicNetworkAccess": {
+                "type": "string",
+                "defaultValue": "Modify",
+                "allowedValues": [
+                    "Modify",
+                    "Disabled"
+                ]
+            }
+        },
+        "policyDefinitions": [
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope",
+                "policyDefinitionReferenceId": "Deny-Storage-CopyScope",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageAccountsCopyScope')]"
+                    },
+                    "allowedCopyScope": {
+                        "value": "[[parameters('storageAccountsAllowedCopyScope')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption",
+                "policyDefinitionReferenceId": "Deny-Storage-ServicesEncryption",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageServicesEncryption')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser",
+                "policyDefinitionReferenceId": "Deny-Storage-LocalUser",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageLocalUser')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP",
+                "policyDefinitionReferenceId": "Deny-Storage-SFTP",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageSftp')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass",
+                "policyDefinitionReferenceId": "Deny-Storage-NetworkAclsBypass",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageNetworkAclsBypass')]"
+                    },
+                    "allowedBypassOptions": {
+                        "value": "[[parameters('storageAllowedNetworkAclsBypass')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId",
+                "policyDefinitionReferenceId": "Deny-Storage-ResourceAccessRulesTenantId",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageResourceAccessRulesTenantId')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId",
+                "policyDefinitionReferenceId": "Deny-Storage-ResourceAccessRulesResourceId",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageResourceAccessRulesResourceId')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules",
+                "policyDefinitionReferenceId": "Deny-Storage-NetworkAclsVirtualNetworkRules",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageNetworkAclsVirtualNetworkRules')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy",
+                "policyDefinitionReferenceId": "Deny-Storage-ContainerDeleteRetentionPolicy",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageContainerDeleteRetentionPolicy')]"
+                    },
+                    "minContainerDeleteRetentionInDays": {
+                        "value": "[[parameters('storageMinContainerDeleteRetentionInDays')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules",
+                "policyDefinitionReferenceId": "Deny-Storage-CorsRules",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageCorsRules')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d",
+                "policyDefinitionReferenceId": "Deny-Storage-Account-Encryption",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageAccountsDoubleEncryption')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312",
+                "policyDefinitionReferenceId": "Deny-Storage-Cross-Tenant",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageAccountsCrossTenant')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54",
+                "policyDefinitionReferenceId": "Deny-Storage-Shared-Key",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageAccountSharedKey')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a",
+                "policyDefinitionReferenceId": "Deny-Storage-Infra-Encryption",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageAccountsInfraEncryption')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606",
+                "policyDefinitionReferenceId": "Deny-Storage-Classic",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageClassicToArm')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c",
+                "policyDefinitionReferenceId": "Deny-Storage-Restrict-NetworkRules",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageAccountRestrictNetworkRules')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f",
+                "policyDefinitionReferenceId": "Deny-Storage-NetworkRules",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageAccountNetworkRules')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537",
+                "policyDefinitionReferenceId": "Deny-Storage-Account-Keys-Expire",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageKeysExpiration')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b",
+                "policyDefinitionReferenceId": "Modify-Storage-FileSync-PublicEndpoint",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('modifyStorageFileSyncPublicEndpoint')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b",
+                "policyDefinitionReferenceId": "Modify-Blob-Storage-Account-PublicEndpoint",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('modifyStorageAccountPublicEndpoint')]"
+                    }
+                }
+            },
+            {
+                "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d",
+                "policyDefinitionReferenceId": "Modify-Storage-Account-PublicEndpoint",
+                "groupNames": [],
+                "parameters": {
+                    "effect": {
+                        "value": "[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]"
+                    }
+                }
+            }
+        ],
+        "policyDefinitionGroups": null
+    }
+}
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.json
index c5abdeee28..340f120813 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.json
@@ -13,7 +13,6 @@
             "source": "https://github.com/Azure/Enterprise-Scale/",
             "alzCloudEnvironments": [
                 "AzureCloud",
-                "AzureChinaCloud",
                 "AzureUSGovernment"
             ]
         },
diff --git a/src/templates/initiatives.bicep b/src/templates/initiatives.bicep
index a1a7e7c233..6f42a55801 100644
--- a/src/templates/initiatives.bicep
+++ b/src/templates/initiatives.bicep
@@ -17,7 +17,7 @@ var cloudEnv = environment().name
 // Default deployment locations used in templates
 var defaultDeploymentLocationByCloudType = {
   AzureCloud: 'northeurope'
-  AzureChinaCloud: 'chinaeast2'
+  AzureChinaCloud: 'chinanorth3' //change to chinanorth3 as it's the most frequent scenario
   AzureUSGovernment: 'usgovvirginia'
 }
 
@@ -37,40 +37,30 @@ var loadPolicySetDefinitions = {
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Audit-TrustedLaunch.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Sql-Security.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Sql-Security_20240529.json')
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit.json')
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.json')
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Sandbox.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/DenyAction-DeleteProtection.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-AUM-CheckUpdates.json')
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-APIM.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-AppServices.json') // FSI specific initiative
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CognitiveServices.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Compute.json') // FSI specific initiative
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerInstance.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerRegistry.json') // FSI specific initiative
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-DataExplorer.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-DataFactory.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-EventGrid.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-EventHub.json') // FSI specific initiative
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Kubernetes.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MachineLearning.json') // FSI specific initiative
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.json') // FSI specific initiative
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-OpenAI.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-PostgreSQL.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ServiceBus.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-SQL.json') // FSI specific initiative
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Synapse.json') // FSI specific initiative
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-VirtualDesktop.json') // FSI specific initiative
   ]
   AzureCloud: [
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json') // Not working in AzureChinaCloud, needs validating in AzureUSGovernment
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.json') // See AzureChinaCloud and AzureUSGovernment comments below for reasoning
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics.json') // See AzureChinaCloud and AzureUSGovernment comments below for reasoning
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.json') // See AzureChinaCloud and AzureUSGovernment comments below for reasoning
@@ -80,13 +70,34 @@ var loadPolicySetDefinitions = {
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-ACSB.json') // Unable to validate if Guest Configuration is working in other clouds
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-DefenderSQL-AMA.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Backup.json') // Unable to validate if all Azure Site Recovery features are working in other clouds
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit.json') // Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.json') // Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json') // Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+
   ]
   AzureChinaCloud: [
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.AzureChinaCloud.json') // Due to missing built-in Policy Definitions ()
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics.AzureChinaCloud.json') // Due to missing "Deploy-Diagnostics-AVDScalingPlans" custom Policy Definition
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (5e8168db-69e3-4beb-9822-57cb59202a9d, 955a914f-bf86-4f0e-acd5-e0766b0efcb6, etc)
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics.AzureChinaCloud.json') //Due to missing "Deploy-Diagnostics-AVDScalingPlans" custom Policy Definition
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (44433aa3-7ec2-4002-93ea-65c65ff0310a, 50ea7265-7d8c-429e-9a7d-ca1f410191c3, b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d, 74c30959-af11-47b3-9ed2-a26e03f427a3, 1f725891-01c0-420a-9059-4fa46cb770b7, 2370a3c1-4a25-4283-a91a-c9c1a145fb2f, b7021b2b-08fd-4dc0-9de7-3c6ece09faf9, b99b73e7-074b-4089-9395-b7236f094491)
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json') // Due to missing built-in Policy Definitions ()
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (051cba44-2429-45b9-9649-46cec11c7119), and replacement custom Policy Definitions ("Deploy-MySQLCMKEffect", "Deploy-PostgreSQLCMKEffect")
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (0b026355-49cb-467b-8ac4-f777874e175a)
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (361c2074-3595-4e5d-8cab-4f21dffc835c)
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (0e80e269-43a4-4ae9-b5bc-178126b8a5cb)
+    //loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (8b346db6-85af-419b-8557-92cee2c0f9bb, b874ab2d-72dd-47f1-8cb5-4a306478a4e7)
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Backup.AzureChinaCloud.json') // Unable to validate if all Azure Site Recovery features are working in other clouds
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (86810a98-8e91-4a44-8386-ec66d0de5d57)
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (6d02d2f7-e38b-4bdc-96f3-adc0a8726abc)
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (3a58212a-c829-4f13-9872-6371df2fd0b4)
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (055aa869-bc98-4af8-bafc-23f1ab6ffe2c)
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (b5f04e03-92a3-4b09-9410-2cc5e5047656)
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.AzureChinaCloud.json') // Due to missing service DevTestLab which will be used by policy "Deploy-Vm-autoShutdown"
   ]
   AzureUSGovernment: [
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.AzureUSGovernment.json') // Due to missing built-in Policy Definitions (5e1de0e3-42cb-4ebc-a86d-61d0c619ca48, c9299215-ae47-4f50-9c54-8a392f68a052)
@@ -94,6 +105,16 @@ var loadPolicySetDefinitions = {
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.AzureUSGovernment.json') // Due to missing built-in Policy Definitions (44433aa3-7ec2-4002-93ea-65c65ff0310a, 50ea7265-7d8c-429e-9a7d-ca1f410191c3, b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d, 1f725891-01c0-420a-9059-4fa46cb770b7)
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureUSGovernment.json') // Due to missing built-in Policy Definitions (0b026355-49cb-467b-8ac4-f777874e175a)
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK.AzureUSGovernment.json') // Due to missing built-in Policy Definitions (83cef61d-dbd1-4b20-a4fc-5fbc7da10833, 18adea5e-f416-4d0f-8aa8-d24321e3e274, 051cba44-2429-45b9-9649-46cec11c7119)
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit.json') // Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.json') // Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json') // Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
   ]
 }
 
diff --git a/src/templates/policies.bicep b/src/templates/policies.bicep
index 0ec8d09707..aae5465cf3 100644
--- a/src/templates/policies.bicep
+++ b/src/templates/policies.bicep
@@ -146,7 +146,6 @@ var loadPolicyDefinitions = {
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS.json')
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement.json')
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-VNET-HubSpoke.json') // Only difference is hard-coded template deployment location (handled by this template)
-    loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json') 
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Windows-DomainJoin.json')
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW.json')
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Audit-PrivateLinkDnsZones.json')
@@ -201,6 +200,7 @@ var loadPolicyDefinitions = {
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-PublicNetworkAccess.json') // Needs validating in AzureChinaCloud and AzureUSGovernment
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Budget.json') // Needs validating in AzureChinaCloud (already used in AzureUSGovernment)
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans.json') // No obvious reason for exclusion from AzureChinaCloud and AzureUSGovernment, impacts "Deploy-Diagnostics-LogAnalytics" Policy Set Definition
+    loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json') // Not working in AzureChinaCloud since servie DevTestLab doesn't exist in Mooncake, needs validating in AzureUSGovernment
   ]
   AzureChinaCloud: [
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deny-AFSPaasPublicIP.AzureChinaCloud.json') // Used by "Deny-PublicPaaSEndpoints" Policy Set Definition to replace missing built-in Policy Definition in AzureChinaCloud
diff --git a/src/templates/roles.bicep b/src/templates/roles.bicep
index 43949f4699..a49f2d717e 100644
--- a/src/templates/roles.bicep
+++ b/src/templates/roles.bicep
@@ -7,11 +7,12 @@ var cloudEnv = environment().name
 var loadRoleDefinitions = {
   All: [
     loadJsonContent('../resources/Microsoft.Authorization/roleDefinitions/Application-Owners.json')
-    loadJsonContent('../resources/Microsoft.Authorization/roleDefinitions/Network-Management.json')
-    loadJsonContent('../resources/Microsoft.Authorization/roleDefinitions/Security-Operations.json')
     loadJsonContent('../resources/Microsoft.Authorization/roleDefinitions/Subscription-Owner.json')
   ]
-  AzureCloud: []
+  AzureCloud: [
+    loadJsonContent('../resources/Microsoft.Authorization/roleDefinitions/Security-Operations.json') // Not working in AzureChinaCloud, needs validating on AzureUSGovernment
+    loadJsonContent('../resources/Microsoft.Authorization/roleDefinitions/Network-Management.json') // Not working in AzureChinaCloud, needs validating on AzureUSGovernment
+  ]
   AzureChinaCloud: []
   AzureUSGovernment: []
 }

From 36471aa83942d2f72bcda77060722b65e21d7105 Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Tue, 22 Oct 2024 09:59:12 +0800
Subject: [PATCH 40/43] Update initiative

---
 .../policyDefinitions/initiatives.json                      | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
index a5c01dcfaa..d8e9e0c9a2 100644
--- a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
+++ b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.22.6.54827",
-      "templateHash": "12998982961439820352"
+      "templateHash": "5505409846353780048"
     }
   },
   "parameters": {
@@ -94,7 +94,7 @@
     "$fxv#22": "{\n    \"name\": \"Enforce-Guardrails-SQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for SQL and SQL Managed Instance\",\n        \"description\": \"This policy initiative is a group of policies that ensures SQL and SQL Managed Instance is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"SQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"sqlManagedAadOnly\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlAadOnly\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifySqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c5a62eb0-c65a-4220-8a4d-f70dd4ca95dd\",\n                \"policyDefinitionReferenceId\": \"Dine-Sql-Managed-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abda6d70-9778-44e7-84a8-06713e6db027\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Aad-Only\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlAadOnly')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/78215662-041e-49ed-a9dd-5385911b3a1f\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Aad-Only\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedAadOnly')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6\",\n                \"policyDefinitionReferenceId\": \"Dine-Sql-Adv-Data\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b\",\n                \"policyDefinitionReferenceId\": \"Modify-Sql-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifySqlPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#23": "{\n    \"name\": \"Enforce-Guardrails-Synapse\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Synapse workspaces\",\n        \"description\": \"This policy initiative is a group of policies that ensures Synapse workspaces is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Synapse\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"synapseLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseManagedVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDataTraffic\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTenants\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseAllowedTenantIds\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"[[subscription().tenantId]\"\n                ]\n            },\n            \"synapseFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/951c1558-50a5-4ca3-abb6-a93e3e2367a6\",\n                \"policyDefinitionReferenceId\": \"Dine-Synapse-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3624673-d2ff-48e0-b28c-5de1c6767c3c\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56fd377d-098c-4f02-8406-81eb055902b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a003702-13d2-4679-941b-937e58c443f0\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tenant-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTenants')]\"\n                    },\n                    \"allowedTenantIds\": {\n                        \"value\": \"[[parameters('synapseAllowedTenantIds')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3484ce98-c0c5-4c83-994b-c5ac24785218\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Data-Traffic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDataTraffic')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d9dbfa3-927b-4cf0-9d0f-08747f971650\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Managed-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseManagedVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2158ddbe-fefa-408e-b43f-d4faef8ff3b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b5c654c-fb07-471b-aa8f-15fea733f140\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c8cad01-ef30-4891-b230-652dadb4876a\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#24": "{\n    \"name\": \"Enforce-Guardrails-VirtualDesktop\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Virtual Desktop\",\n        \"description\": \"This policy initiative is a group of policies that ensures Virtual Desktop is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Desktop Virtualization\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"avdWorkspaceModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ce6ebf1d-0b94-4df9-9257-d8cacc238b4f\",\n                \"policyDefinitionReferenceId\": \"Modify-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspaceModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0913ff-51e7-47b8-97bb-ea17127f7c8d\",\n                \"policyDefinitionReferenceId\": \"Modify-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#25": "{\n    \"name\": \"Enforce-ALZ-Decomm\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"Enforce policies in the Decommissioned Landing Zone\",\n      \"description\": \"Enforce policies in the Decommissioned Landing Zone.\",\n      \"metadata\": {\n        \"version\": \"1.0.0\",\n        \"category\": \"Decommissioned\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"alzCloudEnvironments\": [ \n          \"AzureCloud\",\n          \"AzureChinaCloud\"\n        ]\n      },\n      \"parameters\": {\n        \"listOfResourceTypesAllowed\":{\n          \"type\": \"Array\",\n          \"defaultValue\": [],\n          \"metadata\": {\n            \"displayName\": \"Allowed resource types in the Decommissioned landing zone\",\n            \"description\": \"Allowed resource types in the Decommissioned landing zone, default is none.\",\n            \"strongType\": \"resourceTypes\"\n          }\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"DecomDenyResources\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\n          \"parameters\": {\n            \"listOfResourceTypesAllowed\": {\n              \"value\": \"[[parameters('listOfResourceTypesAllowed')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n            \"policyDefinitionReferenceId\": \"DecomShutdownMachines\",\n            \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown\",\n            \"parameters\": {},\n            \"groupNames\": []\n          }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }\n  ",
+    "$fxv#25": "{\n    \"name\": \"Enforce-ALZ-Decomm\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"Enforce policies in the Decommissioned Landing Zone\",\n      \"description\": \"Enforce policies in the Decommissioned Landing Zone.\",\n      \"metadata\": {\n        \"version\": \"1.0.0\",\n        \"category\": \"Decommissioned\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"alzCloudEnvironments\": [ \n          \"AzureCloud\",\n          \"AzureUSGovernment\"\n        ]\n      },\n      \"parameters\": {\n        \"listOfResourceTypesAllowed\":{\n          \"type\": \"Array\",\n          \"defaultValue\": [],\n          \"metadata\": {\n            \"displayName\": \"Allowed resource types in the Decommissioned landing zone\",\n            \"description\": \"Allowed resource types in the Decommissioned landing zone, default is none.\",\n            \"strongType\": \"resourceTypes\"\n          }\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"DecomDenyResources\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\n          \"parameters\": {\n            \"listOfResourceTypesAllowed\": {\n              \"value\": \"[[parameters('listOfResourceTypesAllowed')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n            \"policyDefinitionReferenceId\": \"DecomShutdownMachines\",\n            \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown\",\n            \"parameters\": {},\n            \"groupNames\": []\n          }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }\n  ",
     "$fxv#26": "{\n    \"name\": \"Deny-PublicPaaSEndpoints\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Public network access should be disabled for PaaS services\",\n        \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n        \"metadata\": {\n            \"version\": \"5.1.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"CosmosPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for CosmosDB\",\n                    \"description\": \"This policy denies that Cosmos database accounts  are created with out public network access is disabled.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"KeyVaultPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for KeyVault\",\n                    \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"SqlServerPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n                    \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"StoragePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access onStorage accounts should be disabled\",\n                    \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AKSPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on AKS API should be disabled\",\n                    \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"ACRPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure Container Registry disabled\",\n                    \"description\": \"This policy denies the creation of Azure Container Registries with exposed public endpoints \"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AFSPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure File Sync disabled\",\n                    \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"PostgreSQLFlexPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for PostgreSql Flexible Server\",\n                    \"description\": \"This policy denies creation of PostgreSQL Flexible DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"postgreSqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for PostgreSQL servers\",\n                    \"description\": \"This policy denies creation of PostgreSQL DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MySQLFlexPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for MySQL Flexible Server\",\n                    \"description\": \"This policy denies creation of MySql Flexible Server DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"BatchPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n                    \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MariaDbPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n                    \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MlPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Machine Learning\",\n                    \"description\": \"This policy denies creation of Azure Machine Learning with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"RedisCachePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Cache for Redis\",\n                    \"description\": \"This policy denies creation of Azure Cache for Redis with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"BotServicePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Bot Service\",\n                    \"description\": \"This policy denies creation of Bot Service with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AutomationPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Automation accounts\",\n                    \"description\": \"This policy denies creation of Automation accounts with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AppConfigPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Configuration\",\n                    \"description\": \"This policy denies creation of App Configuration with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"FunctionPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Function apps\",\n                    \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"FunctionAppSlotPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Function apps\",\n                    \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Service Environment apps\",\n                    \"description\": \"This policy denies creation of App Service Environment apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Service apps\",\n                    \"description\": \"This policy denies creation of App Service apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"ApiManPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for API Management services\",\n                    \"description\": \"This policy denies creation of API Management services with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"AuditIfNotExists\"\n            },\n            \"ContainerAppsEnvironmentDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Container Apps environment should disable public network access\",\n                    \"description\": \"This policy denies creation of Container Apps Environment with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsrVaultDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Azure Recovery Services vaults should disable public network access\",\n                    \"description\": \"This policy denies creation of Azure Recovery Services vaults with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"logicAppPublicNetworkAccessEffect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"appSlotsPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"cognitiveSearchPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"managedDiskPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmDisablePublicNetwork\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapsePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdWorkspacePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"grafanaPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/405c5871-3e91-4644-8a63-58e19d68ff5b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2982f36-99f2-4db5-8eff-283140c09693\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLFlexDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLFlexPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deny-PostgreSql-Public-Network-Access\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('postgreSqlPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLFlexDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLFlexPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MlDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/438c38d2-3772-465a-a9cc-7a6666a275ce\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MlPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisCacheDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/470baccb-7e51-4549-8b1a-3e5be069f663\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisCachePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BotServiceDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e8168db-69e3-4beb-9822-57cb59202a9d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BotServicePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AutomationDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/955a914f-bf86-4f0e-acd5-e0766b0efcb6\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AutomationPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppConfigDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3d9f5e4c-9947-4579-9539-2a7695fbc187\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppConfigPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/969ac98b-88a8-449f-883c-2e9adb123127\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionAppSlotsDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11c82d0c-db9f-4d7b-97c5-f3f9aa957da2\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppSlotPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AseDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d048aca-6479-4923-88f5-e2ac295d9af3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AsDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b5ef780-c53c-4a64-87f3-bb9c8c8094ba\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ApiManDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/df73bd95-24da-4a4f-96b9-4e8b94b402bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ApiManPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsEnvironmentDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d074ddf8-01a5-4b5e-a2b8-964aed452c0a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsEnvironmentDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/783ea2a8-b8fd-46be-896a-9ae79643a0b1\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AsrVaultDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9ebbbba3-4d65-4da9-bb67-b22cfaaff090\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsrVaultDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Public-Network-Access\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApp-Public-Network\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppPublicNetworkAccessEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/701a595d-38fb-4a66-ae6d-fb3735217622\",\n                \"policyDefinitionReferenceId\": \"Deny-AppSlots-Public\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appSlotsPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee980b6d-0eca-4501-8d54-f6290fd512c3\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8405fdab-1faf-48aa-b702-999c9c172094\",\n                \"policyDefinitionReferenceId\": \"Deny-ManagedDisk-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('managedDiskPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43bc7be6-5e69-4b0d-a2bb-e815557ca673\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1cf164be-6819-4a50-b8fa-4bcaa4f98fb6\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8f774be-6aee-492a-9e29-486ef81f3a68\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1adadefe-5f21-44f7-b931-a59b54ccdb45\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Topic-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0602787f-9896-402a-a6e1-39ee63ee435e\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/19ea9d63-adee-4431-a95e-1913c6c1c75f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PublicNetwork\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetwork')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cbd11fd3-3002-4907-b6c8-579f0e700e13\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDisablePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9dfea752-dd46-4766-aed1-c355fa93fb91\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Public-Endpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Public-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsPublicAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/38d8df46-cf4e-4073-8e03-48c24b29de0d\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapsePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ac3038-c07a-4b92-860d-29e270a4f3cd\",\n                \"policyDefinitionReferenceId\": \"Deny-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspacePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c25dcf31-878f-4eba-98eb-0818fdc6a334\",\n                \"policyDefinitionReferenceId\": \"Deny-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8775d5a-73b7-4977-a39b-833ef0114628\",\n                \"policyDefinitionReferenceId\": \"Deny-Grafana-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('grafanaPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#27": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. This policy set is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n    \"metadata\": {\n      \"deprecated\": true,\n      \"version\": \"2.2.0-deprecated\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsDestinationType\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AzureDiagnostics\",\n        \"allowedValues\": [\n          \"AzureDiagnostics\",\n          \"Dedicated\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Destination table for the Diagnostic Setting for API Management to Log Analytics workspace\",\n          \"description\": \"Destination table for the diagnostic setting for API Management to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsDestinationType\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AzureDiagnostics\",\n        \"allowedValues\": [\n          \"AzureDiagnostics\",\n          \"Dedicated\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Destination table for the Diagnostic Setting for Firewall to Log Analytics workspace\",\n          \"description\": \"Destination table for the diagnostic setting for Firewall to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Log Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Log Analytics to stream to a Log Analytics workspace when any Log Analytics workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category Audit enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AVDScalingPlansLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59759c62-9a22-4cdf-ae64-074495983fef\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountBlobServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountFileServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a70cc8-2bd4-47f1-90b6-1478e4662c96\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountQueueServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7bd000e3-37c7-4928-9f31-86c4b77c5c45\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountTableServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fb86bf3-d221-43d1-96d1-2434af34eaa0\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AVDScalingPlansLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"logAnalyticsDestinationType\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsDestinationType')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"logAnalyticsDestinationType\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsDestinationType')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#28": "{\n    \"name\": \"Deploy-MDFC-Config\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"[Deprecated]: Deploy Microsoft Defender for Cloud configuration\",\n        \"description\": \"Deploy Microsoft Defender for Cloud configuration. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html\",\n        \"metadata\": {\n            \"version\": \"7.0.0-deprecated\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"deprecated\": true,\n            \"supersededBy\": \"Deploy-MDFC-Config_20240319\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"emailSecurityContact\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Security contacts email address\",\n                    \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n                }\n            },\n            \"minimalSeverity\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"High\",\n                    \"Medium\",\n                    \"Low\"\n                ],\n                \"defaultValue\": \"High\",\n                \"metadata\": {\n                    \"displayName\": \"Minimal severity\",\n                    \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n                }\n            },\n            \"logAnalytics\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Primary Log Analytics workspace\",\n                    \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n                    \"strongType\": \"omsWorkspace\"\n                }\n            },\n            \"ascExportResourceGroupName\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n                }\n            },\n            \"ascExportResourceGroupLocation\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n                }\n            },\n            \"enableAscForCosmosDbs\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSql\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSqlOnVm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForDns\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForArm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForOssDb\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForAppServices\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForKeyVault\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForStorage\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForContainers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServersVulnerabilityAssessments\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"vulnerabilityAssessmentProvider\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"default\",\n                    \"mdeTvm\"\n                ],\n                \"defaultValue\": \"default\",\n                \"metadata\": {\n                    \"displayName\": \"Vulnerability assessment provider type\",\n                    \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n                }\n            },\n            \"enableAscForApis\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForCspm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForOssDb')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVM\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n                    },\n                    \"vaType\": {\n                        \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForAppServices')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForStorage')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforContainers\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    },\n                    \"logAnalyticsWorkspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForKeyVault')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForDns\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForDns')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForArm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForArm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSql')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForApis\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e54d2be9-5f2e-4d65-98e4-4f0e670b23d6\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForApis')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCspm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCspm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"securityEmailContact\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n                \"parameters\": {\n                    \"emailSecurityContact\": {\n                        \"value\": \"[[parameters('emailSecurityContact')]\"\n                    },\n                    \"minimalSeverity\": {\n                        \"value\": \"[[parameters('minimalSeverity')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ascExport\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n                \"parameters\": {\n                    \"resourceGroupName\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n                    },\n                    \"resourceGroupLocation\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n                    },\n                    \"workspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n                \"parameters\": {\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
@@ -120,7 +120,7 @@
     "$fxv#46": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
     "$fxv#47": "{\n  \"name\": \"Deploy-MDFC-Config-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#48": "{\n  \"name\": \"Enforce-Encryption-CMK-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"MySQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"PostgreSQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#49": "{\n  \"name\": \"Deploy-Private-DNS-Zones-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureHDInsightPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureHDInsightPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueuePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueuePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueueSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueueSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#49": "{\n  \"name\": \"Deploy-Private-DNS-Zones-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureHDInsightPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureHDInsightPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueuePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueuePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueueSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueueSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
     "$fxv#5": "{\n    \"name\": \"DenyAction-DeleteProtection\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"DenyAction Delete - Activity Log Settings and Diagnostic Settings\",\n        \"description\": \"Enforces DenyAction - Delete on Activity Log Settings and Diagnostic Settings.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Monitoring\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {},\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-DiagnosticSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-ActivityLogSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#50": "{\n    \"name\": \"Enforce-Guardrails-Storage-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
     "$fxv#51": "{\n    \"name\": \"Enforce-EncryptTransit_20240509-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",

From 6d1a1721e1a2851a2a890ebe827a133e0bd71103 Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Tue, 22 Oct 2024 14:49:47 +0800
Subject: [PATCH 41/43] Fix single subscripition issue for diag on MG

---
 eslzArm/eslzArm.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json
index 104f7fdf5d..a4f97de746 100644
--- a/eslzArm/eslzArm.json
+++ b/eslzArm/eslzArm.json
@@ -2718,7 +2718,8 @@
         },
         {
             // Deploying Diagnostic Settings to ESLite management groups if Log Analytics was deployed via a loop
-            "condition": "[and(not(empty(parameters('singlePlatformSubscriptionId'))), empty(parameters('managementSubscriptionId')), equals(parameters('enableLogAnalytics'), 'Yes'))]",
+            // exclude Mooncake since Management Group Diagnostic Settings Rest API is NOT supported in Azure China. https://learn.microsoft.com/en-us/answers/questions/1640390/confirm-if-management-group-diagnostic-settings-re
+            "condition": "[and(not(empty(parameters('singlePlatformSubscriptionId'))), empty(parameters('managementSubscriptionId')), equals(parameters('enableLogAnalytics'), 'Yes'), not(equals(environment().resourceManager, 'https://management.chinacloudapi.cn')))]",
             "type": "Microsoft.Resources/deployments",
             "apiVersion": "2020-10-01",
             "name": "[take(concat(variables('mgmtGroupsESLiteArray')[copyIndex()], variables('deploymentNames').diagnosticSettingsforMGsDeploymentName), 64)]",

From 4c7c09e5b3779e56961db6371b80faf4c536c571 Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Tue, 22 Oct 2024 15:00:48 +0800
Subject: [PATCH 42/43] Solve file conflicts for PR #1759

---
 .../customRoleDefinitions.json                | 47 +++++++++----------
 1 file changed, 23 insertions(+), 24 deletions(-)

diff --git a/eslzArm/managementGroupTemplates/roleDefinitions/customRoleDefinitions.json b/eslzArm/managementGroupTemplates/roleDefinitions/customRoleDefinitions.json
index 87e9aa6628..6c8ce646a2 100644
--- a/eslzArm/managementGroupTemplates/roleDefinitions/customRoleDefinitions.json
+++ b/eslzArm/managementGroupTemplates/roleDefinitions/customRoleDefinitions.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.22.6.54827",
-      "templateHash": "14490525755972949150"
+      "version": "0.29.47.4906",
+      "templateHash": "12429908550017328445"
     }
   },
   "variables": {
@@ -38,25 +38,22 @@
       }
     },
     "$fxv#1": {
-      "name": "402344ce-48c4-5ac1-9320-16726050f964",
+      "name": "dc726155-3983-5405-b446-9bb27b94e02c",
       "type": "Microsoft.Authorization/roleDefinitions",
       "apiVersion": "2022-04-01",
       "properties": {
-        "roleName": "Subscription-Owner",
-        "description": "Delegated role for subscription owner generated from subscription Owner role",
+        "roleName": "Network-Management",
+        "description": "Platform-wide global connectivity management: virtual networks, UDRs, NSGs, NVAs, VPN, Azure ExpressRoute, and others",
         "type": "customRole",
         "permissions": [
           {
             "actions": [
-              "*"
-            ],
-            "notActions": [
-              "Microsoft.Authorization/*/write",
-              "Microsoft.Network/vpnGateways/*",
-              "Microsoft.Network/expressRouteCircuits/*",
-              "Microsoft.Network/routeTables/write",
-              "Microsoft.Network/vpnSites/*"
+              "*/read",
+              "Microsoft.Network/*",
+              "Microsoft.Resources/deployments/*",
+              "Microsoft.Support/*"
             ],
+            "notActions": [],
             "dataActions": [],
             "notDataActions": []
           }
@@ -101,22 +98,25 @@
       }
     },
     "$fxv#3": {
-      "name": "dc726155-3983-5405-b446-9bb27b94e02c",
+      "name": "402344ce-48c4-5ac1-9320-16726050f964",
       "type": "Microsoft.Authorization/roleDefinitions",
       "apiVersion": "2022-04-01",
       "properties": {
-        "roleName": "Network-Management",
-        "description": "Platform-wide global connectivity management: virtual networks, UDRs, NSGs, NVAs, VPN, Azure ExpressRoute, and others",
+        "roleName": "Subscription-Owner",
+        "description": "Delegated role for subscription owner generated from subscription Owner role",
         "type": "customRole",
         "permissions": [
           {
             "actions": [
-              "*/read",
-              "Microsoft.Network/*",
-              "Microsoft.Resources/deployments/*",
-              "Microsoft.Support/*"
+              "*"
+            ],
+            "notActions": [
+              "Microsoft.Authorization/*/write",
+              "Microsoft.Network/vpnGateways/*",
+              "Microsoft.Network/expressRouteCircuits/*",
+              "Microsoft.Network/routeTables/write",
+              "Microsoft.Network/vpnSites/*"
             ],
-            "notActions": [],
             "dataActions": [],
             "notDataActions": []
           }
@@ -130,12 +130,11 @@
     "loadRoleDefinitions": {
       "All": [
         "[variables('$fxv#0')]",
-        "[variables('$fxv#1')]"
-      ],
-      "AzureCloud": [
+        "[variables('$fxv#1')]",
         "[variables('$fxv#2')]",
         "[variables('$fxv#3')]"
       ],
+      "AzureCloud": [],
       "AzureChinaCloud": [],
       "AzureUSGovernment": []
     },

From 72045bdee4f8e9162655ec41367c425afb134e15 Mon Sep 17 00:00:00 2001
From: yuanzhang9 <doggie_zhang@163.com>
Date: Tue, 22 Oct 2024 20:46:41 +0800
Subject: [PATCH 43/43] Solve file conflicts for PR Azure#1759

---
 .../policyDefinitions/initiatives.json        | 162 +++++++-----------
 .../policyDefinitions/policies.json           | 114 ++++++------
 2 files changed, 119 insertions(+), 157 deletions(-)

diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
index d8e9e0c9a2..f3562d9ca2 100644
--- a/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
+++ b/eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.22.6.54827",
-      "templateHash": "5505409846353780048"
+      "version": "0.29.47.4906",
+      "templateHash": "15544708819382265845"
     }
   },
   "parameters": {
@@ -78,82 +78,63 @@
     ],
     "$fxv#0": "{\n    \"name\": \"Audit-UnusedResourcesCostOptimization\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Unused resources driving cost should be avoided\",\n        \"description\": \"Optimize cost by detecting unused but chargeable resources. Leverage this Azure Policy Initiative as a cost control tool to reveal orphaned resources that are contributing cost.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Cost Optimization\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n              ]\n        },\n        \"parameters\": {\n            \"effectDisks\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Disks Effect\",\n                    \"description\": \"Enable or disable the execution of the policy for Microsoft.Compute/disks\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectPublicIpAddresses\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"PublicIpAddresses Effect\",\n                    \"description\": \"Enable or disable the execution of the policy for Microsoft.Network/publicIpAddresses\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectServerFarms\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"ServerFarms Effect\",\n                    \"description\": \"Enable or disable the execution of the policy for Microsoft.Web/serverfarms\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AuditDisksUnusedResourcesCostOptimization\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Audit-Disks-UnusedResourcesCostOptimization\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectDisks')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AuditPublicIpAddressesUnusedResourcesCostOptimization\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Audit-PublicIpAddresses-UnusedResourcesCostOptimization\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectPublicIpAddresses')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AuditServerFarmsUnusedResourcesCostOptimization\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Audit-ServerFarms-UnusedResourcesCostOptimization\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectServerFarms')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AuditAzureHybridBenefitUnusedResourcesCostOptimization\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Audit-AzureHybridBenefit\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"Audit\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#1": "{\n    \"name\": \"Audit-TrustedLaunch\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Audit virtual machines for Trusted Launch support\",\n        \"description\": \"Trusted Launch improves security of a Virtual Machine which requires VM SKU, OS Disk & OS Image to support it (Gen 2). To learn more about Trusted Launch, visit https://aka.ms/trustedlaunch.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Trusted Launch\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n              ]\n        },\n        \"version\": \"1.0.0\",\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AuditDisksOsTrustedLaunch\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b03bb370-5249-4ea4-9fce-2552e87e45fa\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AuditTrustedLaunchEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c95b54ad-0614-4633-ab29-104b01235cbf\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#10": "{\n    \"name\": \"Enforce-Guardrails-Compute\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Compute\",\n        \"description\": \"This policy initiative is a group of policies that ensures Compute is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Compute\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"diskDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vmAndVmssEncryptionHost\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fc4d8e41-e223-45ea-9bf5-eada37891d87\",\n                \"policyDefinitionReferenceId\": \"Deny-VmAndVmss-Encryption-Host\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vmAndVmssEncryptionHost')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ca91455f-eace-4f96-be59-e6e2c35b4816\",\n                \"policyDefinitionReferenceId\": \"Deny-Disk-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('diskDoubleEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#11": "{\n    \"name\": \"Enforce-Guardrails-ContainerInstance\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Instance\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Instances\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerInstanceVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8af8f826-edcb-4178-b35f-851ea6fea615\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerInstance-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerInstanceVnet')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#12": "{\n    \"name\": \"Enforce-Guardrails-ContainerRegistry\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Registry\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Registry\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerRegistryUnrestrictedNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryRepositoryToken\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyRepositoryToken\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryExports\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryAnAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyAnAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistrySkuPrivateLink\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryArmAudience\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyArmAudience\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/79fdfe03-ffcb-4e55-b4d0-b925b8241759\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b426fe-8856-4945-8600-18c5dd1cca2a\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Repo-Token\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyRepositoryToken')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/42781ec6-6127-4c30-bdfa-fb423a0047d3\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Arm-Audience\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryArmAudience')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/785596ed-054f-41bc-aaec-7f3d0ba05725\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Arm-Audience\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyArmAudience')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd560fc0-3c69-498a-ae9f-aa8eb7de0e13\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Sku-PrivateLink\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistrySkuPrivateLink')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cced2946-b08a-44fe-9fd9-e4ed8a779897\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Anonymous-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyAnAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9f2dea28-e834-476c-99c5-3507b4728395\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Anonymous-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryAnAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/524b0254-c285-4903-bee6-bb8126cde579\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Exports\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryExports')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc921057-6b28-4fbe-9b83-f7bec05db6c2\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff05e24e-195c-447e-b322-5e90c9f9f366\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Repo-Token\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryRepositoryToken')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Unrestricted-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryUnrestrictedNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a3701552-92ea-433e-9d17-33b7f1208fc9\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#13": "{\n    \"name\": \"Enforce-Guardrails-DataExplorer\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Data Explorer\",\n        \"description\": \"This policy initiative is a group of policies that ensures Data Explorer is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Azure Data Explorer\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"adxEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxSku\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1fec9658-933f-4b3e-bc95-913ed22d012b\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Sku-without-PL-Support\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxSku')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4b53539-8df9-40e4-86c6-6b607703bd4e\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7b32f193-cb28-4e15-9a98-b9556db0bafa\",\n                \"policyDefinitionReferenceId\": \"Modify-ADX-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#14": "{\n    \"name\": \"Enforce-Guardrails-DataFactory\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Data Factory\",\n        \"description\": \"This policy initiative is a group of policies that ensures Data Factory is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Data Factory\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"adfSqlIntegration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfLinkedServiceKeyVault\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfGit\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f78ccdb4-7bf4-4106-8647-270491d2978a\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/77d40665-3120-4348-b539-3192ec808307\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Git\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfGit')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/127ef6d7-242f-43b3-9eef-947faf1725d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Linked-Service-Key-Vault\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfLinkedServiceKeyVault')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0088bc63-6dee-4a9c-9d29-91cfdc848952\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Sql-Integration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfSqlIntegration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b1442b-7789-4130-8506-4f99a97226a7\",\n                \"policyDefinitionReferenceId\": \"Modify-Adf-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#15": "{\n    \"name\": \"Enforce-Guardrails-EventGrid\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Event Grid\",\n        \"description\": \"This policy initiative is a group of policies that ensures Event Grid is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Grid\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"eventGridLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPartnerNamespaceLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPartnerNamespaceModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridDomainModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridDomainModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2dd0e8b9-4289-4bb0-b813-1883298e9924\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Partner-Namespace-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPartnerNamespaceModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ac2748f-3bf1-4c02-a3b6-92ae68cf75b1\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Domain-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridDomainModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae9fb87f-8a17-4428-94a4-8135d431055c\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Topic-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c8144d9-746a-4501-b08c-093c8d29ad04\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Topic-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8632b003-3545-4b29-85e6-b2b96773df1e\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Partner-Namespace-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPartnerNamespaceLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8bfadddb-ee1c-4639-8911-a38cb8e0b3bd\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/898e9824-104c-4965-8e0e-5197588fa5d4\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Domain-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridDomainModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36ea4b4b-0f7f-4a54-89fa-ab18f555a172\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Topic-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#16": "{\n    \"name\": \"Enforce-Guardrails-EventHub\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Event Hub\",\n        \"description\": \"This policy initiative is a group of policies that ensures Event Hub is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Hub\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"eventHubAuthRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/836cd60e-87f3-4e6a-a27c-29d687f01a4c\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/57f35901-8389-40bb-ac49-3ba4f86d889d\",\n                \"policyDefinitionReferenceId\": \"Modify-EH-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5d4e3c65-4873-47be-94f3-6f8b953a3598\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Auth-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubAuthRules')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#17": "{\n    \"name\": \"Enforce-Guardrails-Kubernetes\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Kubernetes\",\n        \"description\": \"This policy initiative is a group of policies that ensures Kubernetes is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Kubernetes\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aksKms\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksCni\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivateCluster\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksCommandInvoke\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksReadinessOrLivenessProbes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivContainers\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivEscalation\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksAllowedCapabilities\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksTempDisk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksInternalLb\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksDefaultNamespace\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksNakedPods\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksShareHostProcessAndNamespace\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksWindowsContainerAdministrator\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5485eac0-7e8f-4964-998b-a44f4f0c1e75\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Windows-Container-Administrator\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksWindowsContainerAdministrator')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Shared-Host-Process-Namespace\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksShareHostProcessAndNamespace')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65280eef-c8b4-425e-9aec-af55e55bf581\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Naked-Pods\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksNakedPods')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9f061a12-e40d-4183-a00e-171812443373\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Default-Namespace\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksDefaultNamespace')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Internal-Lb\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksInternalLb')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/41425d9f-d1a5-499a-9932-f8ed8453932c\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Temp-Disk-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksTempDisk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Allowed-Capabilities\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksAllowedCapabilities')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Priv-Escalation\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivEscalation')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Priv-Containers\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivContainers')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b1a9997f-2883-4f12-bdff-2280f99b5915\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-ReadinessOrLiveness-Probes\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksReadinessOrLivenessProbes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b708b0a-3380-40e9-8b79-821f9fa224cc\",\n                \"policyDefinitionReferenceId\": \"Dine-Aks-Command-Invoke\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksCommandInvoke')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"policyDefinitionReferenceId\": \"Dine-Aks-Policy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPolicy')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Private-Cluster\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivateCluster')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/993c2fcd-2b29-49d2-9eb0-df2c3a730c32\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dbbdc317-9734-4dd8-9074-993b29c69008\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Kms\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksKms')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46238e2f-3f6f-4589-9f3f-77bed4116e67\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Cni\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksCni')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#18": "{\n    \"name\": \"Enforce-Guardrails-MachineLearning\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Machine Learning\",\n        \"description\": \"This policy initiative is a group of policies that ensures Machine Learning is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Machine Learning\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mlUserAssignedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlOutdatedOS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f110a506-2dcb-422e-bcea-d533fc8c35e2\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-Outdated-Os\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effects\": {\n                        \"value\": \"[[parameters('mlOutdatedOS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6f9a2d0-cff7-4855-83ad-4cd750666512\",\n                \"policyDefinitionReferenceId\": \"Modify-ML-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f0c7d88-c7de-45b8-ac49-db49e72eaa78\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-User-Assigned-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlUserAssignedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a10ee784-7409-4941-b091-663697637c0f\",\n                \"policyDefinitionReferenceId\": \"Modify-ML-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#19": "{\n    \"name\": \"Enforce-Guardrails-OpenAI\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Open AI (Cognitive Service)\",\n        \"description\": \"This policy initiative is a group of policies that ensures Open AI (Cognitive Service) is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cognitiveServicesOutboundNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesNetworkAcls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesModifyDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesCustomerStorage\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-CognitiveServices-RestrictOutboundNetworkAccess\",\n                \"policyDefinitionReferenceId\": \"Deny-OpenAi-OutboundNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesOutboundNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-CognitiveServices-NetworkAcls\",\n                \"policyDefinitionReferenceId\": \"Deny-OpenAi-NetworkAcls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesNetworkAcls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe3fd216-4f83-4fc1-8984-2bbec80a3418\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/71ef260a-8f18-47b7-abcb-62d0673d94dc\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesDisableLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46aa9b05-0e60-4eae-a88b-1e9d374fa515\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Cust-Storage\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesCustomerStorage')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/14de9e63-1b31-492e-a5a3-c3f7fd57f555\",\n                \"policyDefinitionReferenceId\": \"Modify-Cognitive-Services-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesModifyDisableLocalAuth')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#10": "{\n    \"name\": \"Enforce-Guardrails-KeyVault\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.1.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultManagedHsmCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsPurgeProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86810a98-8e91-4a44-8386-ec66d0de5d57\",\n                \"policyDefinitionReferenceId\": \"Deny-keyVaultManagedHsm-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PurgeProtection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsPurgeProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#11": "{\n    \"name\": \"Enforce-Guardrails-APIM\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for API Management\",\n        \"description\": \"This policy initiative is a group of policies that ensures API Management is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"API Management\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"apiSubscriptionScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"minimumApiVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimSkuVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimApiBackendCertValidation\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimDirectApiEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimCallApiAuthn\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimEncryptedProtocols\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimVnetUsage\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimSecrets\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f1cc7827-022c-473e-836e-5a51cae0b249\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-without-Kv\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimSecrets')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ef619a2c-cc4d-4d03-b2ba-8c94a834d85b\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-without-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimVnetUsage')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-APIM-TLS\",\n                \"policyDefinitionReferenceId\": \"Deny-APIM-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee7495e7-3ba7-40b6-bfee-c29e22cc75d4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Protocols\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimEncryptedProtocols')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c15dcc82-b93c-4dcb-9332-fbf121685b54\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Authn\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimCallApiAuthn')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b741306c-968e-4b67-b916-5675e5c709f4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Direct-Endpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimDirectApiEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92bb331d-ac71-416a-8c91-02f2cb734ce4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Cert-Validation\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimApiBackendCertValidation')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ca8c8ac-3a6e-493d-99ba-c5fa35347ff2\",\n                \"policyDefinitionReferenceId\": \"Dine-Apim-Public-NetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimDisablePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/73ef9241-5d81-4cd4-b483-8443d1730fe5\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Sku-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimSkuVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/549814b6-3212-4203-bdc8-1548d342fb67\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('minimumApiVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3aa03346-d8c5-4994-a5bc-7652c2a2aef1\",\n                \"policyDefinitionReferenceId\": \"Deny-Api-subscription-scope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apiSubscriptionScope')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#12": "{\n    \"name\": \"Enforce-Guardrails-AppServices\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for App Service\",\n        \"description\": \"This policy initiative is a group of policies that ensures App Service is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"App Service\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"functionAppDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceSkuPl\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceDisableLocalAuthFtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceRouting\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceScmAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceRfc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsRfc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsVnetRouting\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceEnvLatestVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsRemoteDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsRemoteDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceByoc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsModifyHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppService-without-BYOC\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Byoc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceByoc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a5e3fe8f-f6cd-4f1d-bbf6-c749754a724b\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Remote-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsRemoteDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cca5adfe-626b-4cc6-8522-f5b6ed2391bd\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Remote-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsRemoteDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eb4d34ab-0929-491c-bbf3-61e13da19f9a\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Latest-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceEnvLatestVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/801543d1-1953-4a90-b8b0-8cf6d41473a5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Vnet-Routing\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsVnetRouting')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f5c0bfb3-acea-47b1-b477-b0edcdf6edc1\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Rfc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceRfc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a691eacb-474d-47e4-b287-b4813ca44222\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServiceApps-Rfc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsRfc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/70adbb40-e092-42d5-a6f8-71c540a5efdb\",\n                \"policyDefinitionReferenceId\": \"DINE-FuncApp-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e97b776-f380-4722-a9a3-e7f0be029e79\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-ScmAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceScmAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5747353b-1ca9-42c1-a4dd-b874b894f3d4\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-Routing\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceRouting')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/572e342c-c920-4ef5-be2e-1ed3c6a51dc5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-FtpAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceDisableLocalAuthFtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/546fe8d2-368d-4029-a418-6af48a7f61e5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-SkuPl\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceSkuPl')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2c034a29-2a5f-4857-b120-f800fe5549ae\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceDisableLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a5046c-c423-4805-9235-e844ae9ef49b\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08cf2974-d178-48a0-b26d-f6b8e555748b\",\n                \"policyDefinitionReferenceId\": \"Modify-Function-Apps-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsModifyHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0f98368e-36bc-4716-8ac2-8f8067203b63\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/242222f3-4985-4e99-b5ef-086d6a6cb01c\",\n                \"policyDefinitionReferenceId\": \"Modify-Function-Apps-Slots-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2374605e-3e0b-492b-9046-229af202562c\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-Apps-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c6c3e00e-d414-4ca4-914f-406699bb8eee\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-App-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#13": "{\n    \"name\": \"Enforce-Guardrails-Automation\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"autoHotPatch\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d02d2f7-e38b-4bdc-96f3-adc0a8726abc\",\n                \"policyDefinitionReferenceId\": \"Deny-Windows-Vm-HotPatch\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('autoHotPatch')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#14": "{\n    \"name\": \"Enforce-Guardrails-CognitiveServices\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cognitive Services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cognitive Services is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cognitiveSearchSku\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveSearchLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyCognitiveSearchLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyCognitiveSearchPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a049bf77-880b-470f-ba6d-9f21c530cf83\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-SKU\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchSku')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6300012e-e9a4-4649-b41f-a85f5c43be91\",\n                \"policyDefinitionReferenceId\": \"Deny-CongitiveSearch-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4eb216f2-9dba-4979-86e6-5d7e63ce3b75\",\n                \"policyDefinitionReferenceId\": \"Modify-CogntiveSearch-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyCognitiveSearchLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9cee519f-d9c1-4fd9-9f79-24ec3449ed30\",\n                \"policyDefinitionReferenceId\": \"Modify-CogntiveSearch-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyCognitiveSearchPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47ba1dd7-28d9-4b07-a8d5-9813bed64e0c\",\n                \"policyDefinitionReferenceId\": \"Modify-Cognitive-Services-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#15": "{\n    \"name\": \"Enforce-Guardrails-Compute\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Compute\",\n        \"description\": \"This policy initiative is a group of policies that ensures Compute is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Compute\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"diskDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vmAndVmssEncryptionHost\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fc4d8e41-e223-45ea-9bf5-eada37891d87\",\n                \"policyDefinitionReferenceId\": \"Deny-VmAndVmss-Encryption-Host\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vmAndVmssEncryptionHost')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ca91455f-eace-4f96-be59-e6e2c35b4816\",\n                \"policyDefinitionReferenceId\": \"Deny-Disk-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('diskDoubleEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#16": "{\n    \"name\": \"Enforce-Guardrails-ContainerApps\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Apps\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerAppsManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsVnetInjection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b346db6-85af-419b-8557-92cee2c0f9bb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApp-Vnet-Injection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsVnetInjection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsManagedIdentity')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#17": "{\n    \"name\": \"Enforce-Guardrails-ContainerInstance\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Instance\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Instances\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerInstanceVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8af8f826-edcb-4178-b35f-851ea6fea615\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerInstance-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerInstanceVnet')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#18": "{\n    \"name\": \"Enforce-Guardrails-ContainerRegistry\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Registry\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Registry\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerRegistryUnrestrictedNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryRepositoryToken\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyRepositoryToken\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryExports\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryAnAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyAnAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistrySkuPrivateLink\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryArmAudience\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyArmAudience\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerRegistryModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/79fdfe03-ffcb-4e55-b4d0-b925b8241759\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a9b426fe-8856-4945-8600-18c5dd1cca2a\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Repo-Token\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyRepositoryToken')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/42781ec6-6127-4c30-bdfa-fb423a0047d3\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Arm-Audience\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryArmAudience')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/785596ed-054f-41bc-aaec-7f3d0ba05725\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Arm-Audience\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyArmAudience')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd560fc0-3c69-498a-ae9f-aa8eb7de0e13\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Sku-PrivateLink\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistrySkuPrivateLink')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cced2946-b08a-44fe-9fd9-e4ed8a779897\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Anonymous-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyAnAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9f2dea28-e834-476c-99c5-3507b4728395\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Anonymous-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryAnAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/524b0254-c285-4903-bee6-bb8126cde579\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Exports\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryExports')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc921057-6b28-4fbe-9b83-f7bec05db6c2\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff05e24e-195c-447e-b322-5e90c9f9f366\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Repo-Token\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryRepositoryToken')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerRegistry-Unrestricted-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryUnrestrictedNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a3701552-92ea-433e-9d17-33b7f1208fc9\",\n                \"policyDefinitionReferenceId\": \"Modify-ContainerRegistry-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerRegistryModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#19": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbAtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656\",\n                \"policyDefinitionReferenceId\": \"Dine-CosmosDb-Atp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbAtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#2": "{\n  \"name\": \"Deploy-Sql-Security\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Deploy SQL Database built-in SQL security configuration\",\n    \"description\": \"Deploy auditing, Alert, TDE and SQL vulnerability to SQL Databases when it not exist in the deployment. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-Sql-Security_20240529.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"SQL\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"Deploy-Sql-Security_20240529\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"vulnerabilityAssessmentsEmail\": {\n        \"metadata\": {\n          \"description\": \"The email address to send alerts\",\n          \"displayName\": \"The email address to send alerts\"\n        },\n        \"type\": \"String\"\n      },\n      \"vulnerabilityAssessmentsStorageID\": {\n        \"metadata\": {\n          \"description\": \"The storage account ID to store assessments\",\n          \"displayName\": \"The storage account ID to store assessments\"\n        },\n        \"type\": \"String\"\n      },\n      \"SqlDbTdeDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database Transparent Data Encryption \",\n          \"description\": \"Deploy the Transparent Data Encryption when it is not enabled in the deployment\"\n        }\n      },\n      \"SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database security Alert Policies configuration with email admin accounts\",\n          \"description\": \"Deploy the security Alert Policies configuration with email admin accounts when it not exist in current configuration\"\n        }\n      },\n      \"SqlDbAuditingSettingsDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL database auditing settings\",\n          \"description\": \"Deploy auditing settings to SQL Database when it not exist in the deployment\"\n        }\n      },\n      \"SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database vulnerability Assessments\",\n          \"description\": \"Deploy SQL Database vulnerability Assessments when it not exist in the deployment. To the specific  storage account in the parameters\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbTdeDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbTdeDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbSecurityAlertPoliciesDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbAuditingSettingsDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbAuditingSettingsDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbVulnerabilityAssessmentsDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect')]\"\n          },\n          \"vulnerabilityAssessmentsEmail\": {\n            \"value\": \"[[parameters('vulnerabilityAssessmentsEmail')]\"\n          },\n          \"vulnerabilityAssessmentsStorageID\": {\n            \"value\": \"[[parameters('vulnerabilityAssessmentsStorageID')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#20": "{\n    \"name\": \"Enforce-Guardrails-PostgreSQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for PostgreSQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures PostgreSQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"PostgreSQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"postgreSqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/db048e65-913c-49f9-bb5f-1084184671d3\",\n                \"policyDefinitionReferenceId\": \"Dine-PostgreSql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('postgreSqlAdvThreatProtection')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#21": "{\n    \"name\": \"Enforce-Guardrails-ServiceBus\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Service Bus\",\n        \"description\": \"This policy initiative is a group of policies that ensures Service Bus is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Service Bus\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"serviceBusModifyDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDenyDisabledLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusAuthzRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Authz-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusAuthzRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebaf4f25-a4e8-415f-86a8-42d9155bef0b\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfb11c26-f069-4c14-8e36-56c394dae5af\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDenyDisabledLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/910711a6-8aa2-4f15-ae62-1e5b2ed3ef9e\",\n                \"policyDefinitionReferenceId\": \"Modify-Sb-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusModifyDisableLocalAuth')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#22": "{\n    \"name\": \"Enforce-Guardrails-SQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for SQL and SQL Managed Instance\",\n        \"description\": \"This policy initiative is a group of policies that ensures SQL and SQL Managed Instance is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"SQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"sqlManagedAadOnly\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlAadOnly\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifySqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c5a62eb0-c65a-4220-8a4d-f70dd4ca95dd\",\n                \"policyDefinitionReferenceId\": \"Dine-Sql-Managed-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abda6d70-9778-44e7-84a8-06713e6db027\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Aad-Only\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlAadOnly')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/78215662-041e-49ed-a9dd-5385911b3a1f\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Aad-Only\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedAadOnly')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6\",\n                \"policyDefinitionReferenceId\": \"Dine-Sql-Adv-Data\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b\",\n                \"policyDefinitionReferenceId\": \"Modify-Sql-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifySqlPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#23": "{\n    \"name\": \"Enforce-Guardrails-Synapse\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Synapse workspaces\",\n        \"description\": \"This policy initiative is a group of policies that ensures Synapse workspaces is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Synapse\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"synapseLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseManagedVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDataTraffic\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTenants\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseAllowedTenantIds\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"[[subscription().tenantId]\"\n                ]\n            },\n            \"synapseFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/951c1558-50a5-4ca3-abb6-a93e3e2367a6\",\n                \"policyDefinitionReferenceId\": \"Dine-Synapse-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3624673-d2ff-48e0-b28c-5de1c6767c3c\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56fd377d-098c-4f02-8406-81eb055902b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a003702-13d2-4679-941b-937e58c443f0\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tenant-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTenants')]\"\n                    },\n                    \"allowedTenantIds\": {\n                        \"value\": \"[[parameters('synapseAllowedTenantIds')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3484ce98-c0c5-4c83-994b-c5ac24785218\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Data-Traffic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDataTraffic')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d9dbfa3-927b-4cf0-9d0f-08747f971650\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Managed-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseManagedVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2158ddbe-fefa-408e-b43f-d4faef8ff3b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b5c654c-fb07-471b-aa8f-15fea733f140\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c8cad01-ef30-4891-b230-652dadb4876a\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#24": "{\n    \"name\": \"Enforce-Guardrails-VirtualDesktop\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Virtual Desktop\",\n        \"description\": \"This policy initiative is a group of policies that ensures Virtual Desktop is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Desktop Virtualization\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"avdWorkspaceModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ce6ebf1d-0b94-4df9-9257-d8cacc238b4f\",\n                \"policyDefinitionReferenceId\": \"Modify-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspaceModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0913ff-51e7-47b8-97bb-ea17127f7c8d\",\n                \"policyDefinitionReferenceId\": \"Modify-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#25": "{\n    \"name\": \"Enforce-ALZ-Decomm\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"Enforce policies in the Decommissioned Landing Zone\",\n      \"description\": \"Enforce policies in the Decommissioned Landing Zone.\",\n      \"metadata\": {\n        \"version\": \"1.0.0\",\n        \"category\": \"Decommissioned\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"alzCloudEnvironments\": [ \n          \"AzureCloud\",\n          \"AzureUSGovernment\"\n        ]\n      },\n      \"parameters\": {\n        \"listOfResourceTypesAllowed\":{\n          \"type\": \"Array\",\n          \"defaultValue\": [],\n          \"metadata\": {\n            \"displayName\": \"Allowed resource types in the Decommissioned landing zone\",\n            \"description\": \"Allowed resource types in the Decommissioned landing zone, default is none.\",\n            \"strongType\": \"resourceTypes\"\n          }\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"DecomDenyResources\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\n          \"parameters\": {\n            \"listOfResourceTypesAllowed\": {\n              \"value\": \"[[parameters('listOfResourceTypesAllowed')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n            \"policyDefinitionReferenceId\": \"DecomShutdownMachines\",\n            \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown\",\n            \"parameters\": {},\n            \"groupNames\": []\n          }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }\n  ",
-    "$fxv#26": "{\n    \"name\": \"Deny-PublicPaaSEndpoints\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Public network access should be disabled for PaaS services\",\n        \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n        \"metadata\": {\n            \"version\": \"5.1.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"CosmosPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for CosmosDB\",\n                    \"description\": \"This policy denies that Cosmos database accounts  are created with out public network access is disabled.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"KeyVaultPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for KeyVault\",\n                    \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"SqlServerPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n                    \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"StoragePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access onStorage accounts should be disabled\",\n                    \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AKSPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on AKS API should be disabled\",\n                    \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"ACRPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure Container Registry disabled\",\n                    \"description\": \"This policy denies the creation of Azure Container Registries with exposed public endpoints \"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AFSPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure File Sync disabled\",\n                    \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"PostgreSQLFlexPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for PostgreSql Flexible Server\",\n                    \"description\": \"This policy denies creation of PostgreSQL Flexible DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"postgreSqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for PostgreSQL servers\",\n                    \"description\": \"This policy denies creation of PostgreSQL DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MySQLFlexPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for MySQL Flexible Server\",\n                    \"description\": \"This policy denies creation of MySql Flexible Server DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"BatchPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n                    \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MariaDbPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n                    \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MlPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Machine Learning\",\n                    \"description\": \"This policy denies creation of Azure Machine Learning with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"RedisCachePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Cache for Redis\",\n                    \"description\": \"This policy denies creation of Azure Cache for Redis with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"BotServicePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Bot Service\",\n                    \"description\": \"This policy denies creation of Bot Service with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AutomationPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Automation accounts\",\n                    \"description\": \"This policy denies creation of Automation accounts with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AppConfigPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Configuration\",\n                    \"description\": \"This policy denies creation of App Configuration with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"FunctionPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Function apps\",\n                    \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"FunctionAppSlotPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Function apps\",\n                    \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Service Environment apps\",\n                    \"description\": \"This policy denies creation of App Service Environment apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Service apps\",\n                    \"description\": \"This policy denies creation of App Service apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"ApiManPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for API Management services\",\n                    \"description\": \"This policy denies creation of API Management services with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"AuditIfNotExists\"\n            },\n            \"ContainerAppsEnvironmentDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Container Apps environment should disable public network access\",\n                    \"description\": \"This policy denies creation of Container Apps Environment with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsrVaultDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Azure Recovery Services vaults should disable public network access\",\n                    \"description\": \"This policy denies creation of Azure Recovery Services vaults with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"logicAppPublicNetworkAccessEffect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"appSlotsPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"cognitiveSearchPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"managedDiskPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmDisablePublicNetwork\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapsePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdWorkspacePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"grafanaPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/405c5871-3e91-4644-8a63-58e19d68ff5b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2982f36-99f2-4db5-8eff-283140c09693\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLFlexDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLFlexPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deny-PostgreSql-Public-Network-Access\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('postgreSqlPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLFlexDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLFlexPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MlDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/438c38d2-3772-465a-a9cc-7a6666a275ce\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MlPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisCacheDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/470baccb-7e51-4549-8b1a-3e5be069f663\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisCachePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BotServiceDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e8168db-69e3-4beb-9822-57cb59202a9d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BotServicePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AutomationDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/955a914f-bf86-4f0e-acd5-e0766b0efcb6\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AutomationPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppConfigDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3d9f5e4c-9947-4579-9539-2a7695fbc187\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppConfigPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/969ac98b-88a8-449f-883c-2e9adb123127\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionAppSlotsDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11c82d0c-db9f-4d7b-97c5-f3f9aa957da2\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppSlotPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AseDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d048aca-6479-4923-88f5-e2ac295d9af3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AsDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b5ef780-c53c-4a64-87f3-bb9c8c8094ba\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ApiManDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/df73bd95-24da-4a4f-96b9-4e8b94b402bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ApiManPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsEnvironmentDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d074ddf8-01a5-4b5e-a2b8-964aed452c0a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsEnvironmentDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/783ea2a8-b8fd-46be-896a-9ae79643a0b1\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AsrVaultDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9ebbbba3-4d65-4da9-bb67-b22cfaaff090\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsrVaultDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Public-Network-Access\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApp-Public-Network\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppPublicNetworkAccessEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/701a595d-38fb-4a66-ae6d-fb3735217622\",\n                \"policyDefinitionReferenceId\": \"Deny-AppSlots-Public\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appSlotsPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee980b6d-0eca-4501-8d54-f6290fd512c3\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8405fdab-1faf-48aa-b702-999c9c172094\",\n                \"policyDefinitionReferenceId\": \"Deny-ManagedDisk-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('managedDiskPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43bc7be6-5e69-4b0d-a2bb-e815557ca673\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1cf164be-6819-4a50-b8fa-4bcaa4f98fb6\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8f774be-6aee-492a-9e29-486ef81f3a68\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1adadefe-5f21-44f7-b931-a59b54ccdb45\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Topic-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0602787f-9896-402a-a6e1-39ee63ee435e\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/19ea9d63-adee-4431-a95e-1913c6c1c75f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PublicNetwork\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetwork')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cbd11fd3-3002-4907-b6c8-579f0e700e13\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDisablePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9dfea752-dd46-4766-aed1-c355fa93fb91\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Public-Endpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Public-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsPublicAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/38d8df46-cf4e-4073-8e03-48c24b29de0d\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapsePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ac3038-c07a-4b92-860d-29e270a4f3cd\",\n                \"policyDefinitionReferenceId\": \"Deny-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspacePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c25dcf31-878f-4eba-98eb-0818fdc6a334\",\n                \"policyDefinitionReferenceId\": \"Deny-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8775d5a-73b7-4977-a39b-833ef0114628\",\n                \"policyDefinitionReferenceId\": \"Deny-Grafana-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('grafanaPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#27": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. This policy set is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n    \"metadata\": {\n      \"deprecated\": true,\n      \"version\": \"2.2.0-deprecated\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsDestinationType\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AzureDiagnostics\",\n        \"allowedValues\": [\n          \"AzureDiagnostics\",\n          \"Dedicated\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Destination table for the Diagnostic Setting for API Management to Log Analytics workspace\",\n          \"description\": \"Destination table for the diagnostic setting for API Management to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsDestinationType\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AzureDiagnostics\",\n        \"allowedValues\": [\n          \"AzureDiagnostics\",\n          \"Dedicated\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Destination table for the Diagnostic Setting for Firewall to Log Analytics workspace\",\n          \"description\": \"Destination table for the diagnostic setting for Firewall to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Log Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Log Analytics to stream to a Log Analytics workspace when any Log Analytics workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category Audit enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AVDScalingPlansLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59759c62-9a22-4cdf-ae64-074495983fef\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountBlobServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountFileServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a70cc8-2bd4-47f1-90b6-1478e4662c96\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountQueueServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7bd000e3-37c7-4928-9f31-86c4b77c5c45\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountTableServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fb86bf3-d221-43d1-96d1-2434af34eaa0\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AVDScalingPlansLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"logAnalyticsDestinationType\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsDestinationType')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"logAnalyticsDestinationType\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsDestinationType')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#28": "{\n    \"name\": \"Deploy-MDFC-Config\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"[Deprecated]: Deploy Microsoft Defender for Cloud configuration\",\n        \"description\": \"Deploy Microsoft Defender for Cloud configuration. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html\",\n        \"metadata\": {\n            \"version\": \"7.0.0-deprecated\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"deprecated\": true,\n            \"supersededBy\": \"Deploy-MDFC-Config_20240319\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"emailSecurityContact\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Security contacts email address\",\n                    \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n                }\n            },\n            \"minimalSeverity\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"High\",\n                    \"Medium\",\n                    \"Low\"\n                ],\n                \"defaultValue\": \"High\",\n                \"metadata\": {\n                    \"displayName\": \"Minimal severity\",\n                    \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n                }\n            },\n            \"logAnalytics\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Primary Log Analytics workspace\",\n                    \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n                    \"strongType\": \"omsWorkspace\"\n                }\n            },\n            \"ascExportResourceGroupName\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n                }\n            },\n            \"ascExportResourceGroupLocation\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n                }\n            },\n            \"enableAscForCosmosDbs\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSql\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSqlOnVm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForDns\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForArm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForOssDb\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForAppServices\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForKeyVault\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForStorage\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForContainers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServersVulnerabilityAssessments\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"vulnerabilityAssessmentProvider\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"default\",\n                    \"mdeTvm\"\n                ],\n                \"defaultValue\": \"default\",\n                \"metadata\": {\n                    \"displayName\": \"Vulnerability assessment provider type\",\n                    \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n                }\n            },\n            \"enableAscForApis\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForCspm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForOssDb')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVM\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n                    },\n                    \"vaType\": {\n                        \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForAppServices')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForStorage')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforContainers\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    },\n                    \"logAnalyticsWorkspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForKeyVault')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForDns\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForDns')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForArm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForArm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSql')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForApis\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e54d2be9-5f2e-4d65-98e4-4f0e670b23d6\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForApis')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCspm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCspm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"securityEmailContact\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n                \"parameters\": {\n                    \"emailSecurityContact\": {\n                        \"value\": \"[[parameters('emailSecurityContact')]\"\n                    },\n                    \"minimalSeverity\": {\n                        \"value\": \"[[parameters('minimalSeverity')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ascExport\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n                \"parameters\": {\n                    \"resourceGroupName\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n                    },\n                    \"resourceGroupLocation\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n                    },\n                    \"workspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n                \"parameters\": {\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#29": "{\n    \"name\": \"Deploy-MDFC-Config_20240319\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n        \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Deploy-MDFC-Config\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"emailSecurityContact\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Security contacts email address\",\n                    \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n                }\n            },\n            \"minimalSeverity\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"High\",\n                    \"Medium\",\n                    \"Low\"\n                ],\n                \"defaultValue\": \"High\",\n                \"metadata\": {\n                    \"displayName\": \"Minimal severity\",\n                    \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n                }\n            },\n            \"logAnalytics\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Primary Log Analytics workspace\",\n                    \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n                    \"strongType\": \"omsWorkspace\"\n                }\n            },\n            \"ascExportResourceGroupName\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n                }\n            },\n            \"ascExportResourceGroupLocation\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n                }\n            },\n            \"enableAscForCosmosDbs\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSql\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSqlOnVm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForArm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForOssDb\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForAppServices\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForKeyVault\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForStorage\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForContainers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServersVulnerabilityAssessments\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"vulnerabilityAssessmentProvider\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"default\",\n                    \"mdeTvm\"\n                ],\n                \"defaultValue\": \"mdeTvm\",\n                \"metadata\": {\n                    \"displayName\": \"Vulnerability assessment provider type\",\n                    \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n                }\n            },\n            \"enableAscForCspm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForOssDb')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVM\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n                    },\n                    \"vaType\": {\n                        \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForAppServices')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForStorage')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforContainers\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    },\n                    \"logAnalyticsWorkspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForKeyVault')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForArm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForArm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSql')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCspm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCspm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"securityEmailContact\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n                \"parameters\": {\n                    \"emailSecurityContact\": {\n                        \"value\": \"[[parameters('emailSecurityContact')]\"\n                    },\n                    \"minimalSeverity\": {\n                        \"value\": \"[[parameters('minimalSeverity')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ascExport\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n                \"parameters\": {\n                    \"resourceGroupName\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n                    },\n                    \"resourceGroupLocation\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n                    },\n                    \"workspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n                \"parameters\": {\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#20": "{\n    \"name\": \"Enforce-Guardrails-DataExplorer\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Data Explorer\",\n        \"description\": \"This policy initiative is a group of policies that ensures Data Explorer is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Azure Data Explorer\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"adxEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxSku\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1fec9658-933f-4b3e-bc95-913ed22d012b\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Sku-without-PL-Support\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxSku')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f4b53539-8df9-40e4-86c6-6b607703bd4e\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7b32f193-cb28-4e15-9a98-b9556db0bafa\",\n                \"policyDefinitionReferenceId\": \"Modify-ADX-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#21": "{\n    \"name\": \"Enforce-Guardrails-DataFactory\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Data Factory\",\n        \"description\": \"This policy initiative is a group of policies that ensures Data Factory is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Data Factory\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"adfSqlIntegration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfLinkedServiceKeyVault\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfGit\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f78ccdb4-7bf4-4106-8647-270491d2978a\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/77d40665-3120-4348-b539-3192ec808307\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Git\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfGit')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/127ef6d7-242f-43b3-9eef-947faf1725d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Linked-Service-Key-Vault\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfLinkedServiceKeyVault')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0088bc63-6dee-4a9c-9d29-91cfdc848952\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Sql-Integration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfSqlIntegration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08b1442b-7789-4130-8506-4f99a97226a7\",\n                \"policyDefinitionReferenceId\": \"Modify-Adf-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#22": "{\n    \"name\": \"Enforce-Guardrails-EventGrid\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Event Grid\",\n        \"description\": \"This policy initiative is a group of policies that ensures Event Grid is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Grid\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"eventGridLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPartnerNamespaceLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPartnerNamespaceModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridDomainModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridDomainModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2dd0e8b9-4289-4bb0-b813-1883298e9924\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Partner-Namespace-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPartnerNamespaceModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8ac2748f-3bf1-4c02-a3b6-92ae68cf75b1\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Domain-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridDomainModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae9fb87f-8a17-4428-94a4-8135d431055c\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Topic-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c8144d9-746a-4501-b08c-093c8d29ad04\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Topic-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8632b003-3545-4b29-85e6-b2b96773df1e\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Partner-Namespace-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPartnerNamespaceLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8bfadddb-ee1c-4639-8911-a38cb8e0b3bd\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/898e9824-104c-4965-8e0e-5197588fa5d4\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Domain-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridDomainModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/36ea4b4b-0f7f-4a54-89fa-ab18f555a172\",\n                \"policyDefinitionReferenceId\": \"Modify-EventGrid-Topic-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#23": "{\n    \"name\": \"Enforce-Guardrails-EventHub\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Event Hub\",\n        \"description\": \"This policy initiative is a group of policies that ensures Event Hub is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Hub\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"eventHubAuthRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/836cd60e-87f3-4e6a-a27c-29d687f01a4c\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Double-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/57f35901-8389-40bb-ac49-3ba4f86d889d\",\n                \"policyDefinitionReferenceId\": \"Modify-EH-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5d4e3c65-4873-47be-94f3-6f8b953a3598\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Auth-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubAuthRules')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#24": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-Sup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce additional recommended guardrails for Key Vault\",\n        \"description\": \"This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"keyVaultManagedHsmDisablePublicNetworkModify\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultModifyFw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84d327c3-164a-4685-b453-900478614456\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetworkModify')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-Fw\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultModifyFw')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#25": "{\n    \"name\": \"Enforce-Guardrails-Kubernetes\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Kubernetes\",\n        \"description\": \"This policy initiative is a group of policies that ensures Kubernetes is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.1.0\",\n            \"category\": \"Kubernetes\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aksKms\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksCni\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivateCluster\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksCommandInvoke\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksReadinessOrLivenessProbes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivContainers\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksPrivEscalation\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksAllowedCapabilities\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksTempDisk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksInternalLb\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksDefaultNamespace\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksNakedPods\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksShareHostProcessAndNamespace\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"aksWindowsContainerAdministrator\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5485eac0-7e8f-4964-998b-a44f4f0c1e75\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Windows-Container-Administrator\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksWindowsContainerAdministrator')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Shared-Host-Process-Namespace\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksShareHostProcessAndNamespace')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65280eef-c8b4-425e-9aec-af55e55bf581\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Naked-Pods\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksNakedPods')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9f061a12-e40d-4183-a00e-171812443373\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Default-Namespace\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksDefaultNamespace')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3fc4dc25-5baf-40d8-9b05-7fe74c1bc64e\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Internal-Lb\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksInternalLb')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/41425d9f-d1a5-499a-9932-f8ed8453932c\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Temp-Disk-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksTempDisk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Allowed-Capabilities\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksAllowedCapabilities')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Priv-Escalation\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivEscalation')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Priv-Containers\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivContainers')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b1a9997f-2883-4f12-bdff-2280f99b5915\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-ReadinessOrLiveness-Probes\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksReadinessOrLivenessProbes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b708b0a-3380-40e9-8b79-821f9fa224cc\",\n                \"policyDefinitionReferenceId\": \"Dine-Aks-Command-Invoke\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksCommandInvoke')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"policyDefinitionReferenceId\": \"Dine-Aks-Policy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPolicy')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Private-Cluster\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksPrivateCluster')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/993c2fcd-2b29-49d2-9eb0-df2c3a730c32\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dbbdc317-9734-4dd8-9074-993b29c69008\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Kms\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksKms')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46238e2f-3f6f-4589-9f3f-77bed4116e67\",\n                \"policyDefinitionReferenceId\": \"Deny-Aks-Cni\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aksCni')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#26": "{\n    \"name\": \"Enforce-Guardrails-MachineLearning\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Machine Learning\",\n        \"description\": \"This policy initiative is a group of policies that ensures Machine Learning is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Machine Learning\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mlUserAssignedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlOutdatedOS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"mlModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f110a506-2dcb-422e-bcea-d533fc8c35e2\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-Outdated-Os\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effects\": {\n                        \"value\": \"[[parameters('mlOutdatedOS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a6f9a2d0-cff7-4855-83ad-4cd750666512\",\n                \"policyDefinitionReferenceId\": \"Modify-ML-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5f0c7d88-c7de-45b8-ac49-db49e72eaa78\",\n                \"policyDefinitionReferenceId\": \"Deny-ML-User-Assigned-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlUserAssignedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a10ee784-7409-4941-b091-663697637c0f\",\n                \"policyDefinitionReferenceId\": \"Modify-ML-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mlModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#27": "{\n    \"name\": \"Enforce-Guardrails-MySQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlInfraEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#28": "{\n    \"name\": \"Enforce-Guardrails-Network\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.1.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableIDPS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafAfdEnabled\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Allow\",\n                    \"Deny\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Afd-Enabled\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafAfdEnabled')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-IDPS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableIDPS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#29": "{\n    \"name\": \"Enforce-Guardrails-OpenAI\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Open AI (Cognitive Service)\",\n        \"description\": \"This policy initiative is a group of policies that ensures Open AI (Cognitive Service) is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cognitiveServicesOutboundNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesNetworkAcls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesModifyDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesCustomerStorage\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-CognitiveServices-RestrictOutboundNetworkAccess\",\n                \"policyDefinitionReferenceId\": \"Deny-OpenAi-OutboundNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesOutboundNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-CognitiveServices-NetworkAcls\",\n                \"policyDefinitionReferenceId\": \"Deny-OpenAi-NetworkAcls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesNetworkAcls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe3fd216-4f83-4fc1-8984-2bbec80a3418\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/71ef260a-8f18-47b7-abcb-62d0673d94dc\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesDisableLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/46aa9b05-0e60-4eae-a88b-1e9d374fa515\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Cust-Storage\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesCustomerStorage')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/14de9e63-1b31-492e-a5a3-c3f7fd57f555\",\n                \"policyDefinitionReferenceId\": \"Modify-Cognitive-Services-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesModifyDisableLocalAuth')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "$fxv#3": "{\n  \"name\": \"Deploy-Sql-Security_20240529\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy SQL Database built-in SQL security configuration\",\n    \"description\": \"Deploy auditing, Alert, TDE and SQL vulnerability to SQL Databases when it not exist in the deployment\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"SQL\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"replacesPolicy\": \"Deploy-Sql-Security\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"vulnerabilityAssessmentsEmail\": {\n        \"metadata\": {\n          \"description\": \"The email address to send alerts\",\n          \"displayName\": \"The email address to send alerts\"\n        },\n        \"type\": \"Array\"\n      },\n      \"vulnerabilityAssessmentsStorageID\": {\n        \"metadata\": {\n          \"description\": \"The storage account ID to store assessments\",\n          \"displayName\": \"The storage account ID to store assessments\"\n        },\n        \"type\": \"String\"\n      },\n      \"SqlDbTdeDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database Transparent Data Encryption \",\n          \"description\": \"Deploy the Transparent Data Encryption when it is not enabled in the deployment\"\n        }\n      },\n      \"SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database security Alert Policies configuration with email admin accounts\",\n          \"description\": \"Deploy the security Alert Policies configuration with email admin accounts when it not exist in current configuration\"\n        }\n      },\n      \"SqlDbAuditingSettingsDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL database auditing settings\",\n          \"description\": \"Deploy auditing settings to SQL Database when it not exist in the deployment\"\n        }\n      },\n      \"SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy SQL Database vulnerability Assessments\",\n          \"description\": \"Deploy SQL Database vulnerability Assessments when it not exist in the deployment. To the specific  storage account in the parameters\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbTdeDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbTdeDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbSecurityAlertPoliciesDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbSecurityAlertPoliciesDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbAuditingSettingsDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbAuditingSettingsDeploySqlSecurityEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlDbVulnerabilityAssessmentsDeploySqlSecurity\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments_20230706\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlDbVulnerabilityAssessmentsDeploySqlSecurityEffect')]\"\n          },\n          \"vulnerabilityAssessmentsEmail\": {\n            \"value\": \"[[parameters('vulnerabilityAssessmentsEmail')]\"\n          },\n          \"vulnerabilityAssessmentsStorageID\": {\n            \"value\": \"[[parameters('vulnerabilityAssessmentsStorageID')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#30": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"2.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDatabricksPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDatabricksPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureHDInsightPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureHDInsightPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMigratePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMigratePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueuePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueuePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueueSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueueSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesKeyPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesKeyPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesLivePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesLivePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesStreamPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesStreamPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBotServicePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBotServicePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureManagedGrafanaWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureManagedGrafanaWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotDeviceupdatePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotDeviceupdatePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcGuestconfigurationPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcGuestconfigurationPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcHybridResourceProviderPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcHybridResourceProviderPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcKubernetesConfigurationPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcKubernetesConfigurationPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotCentralPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotCentralPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Databricks-UI-Api\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDatabricksPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"databricks_ui_api\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Databricks-Browser-AuthN\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDatabricksPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"browser_authentication\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Migrate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7590a335-57cf-4c95-babd-ecbc8fafeb1f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMigratePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Key\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesKeyPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"keydelivery\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Live\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesLivePrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"liveevent\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Stream\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesStreamPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"streamingendpoint\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Web\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-BotService\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a4e6f44-f2af-4082-9702-033c9e88b9f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBotServicePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ManagedGrafanaWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4c8537f8-cd1b-49ec-b704-18e82a42fd58\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureManagedGrafanaWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTDeviceupdate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a222b93a-e6c2-4c01-817f-21e092455b2a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotDeviceupdatePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Arc\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55c4db33-97b0-437b-8469-c4f4498f5df9\",\n        \"parameters\":{\n          \"privateDnsZoneIDForGuestConfiguration\": {\n            \"value\": \"[[parameters('azureArcGuestconfigurationPrivateDnsZoneId')]\"\n          },\n          \"privateDnsZoneIDForHybridResourceProvider\": {\n            \"value\": \"[[parameters('azureArcHybridResourceProviderPrivateDnsZoneId')]\"\n          },\n          \"privateDnsZoneIDForKubernetesConfiguration\": {\n            \"value\": \"[[parameters('azureArcKubernetesConfigurationPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTCentral\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d627d7c6-ded5-481a-8f2e-7e16b1e6faf6\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotCentralPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#31": "{\n    \"name\": \"Enforce-Encryption-CMK\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n        \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n        \"metadata\": {\n            \"version\": \"3.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"ACRCmkEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"AksCmkEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n                    \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"WorkspaceCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n                    \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n                }\n            },\n            \"CognitiveServicesCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n                    \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n                }\n            },\n            \"CosmosCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n                }\n            },\n            \"DataBoxCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n                    \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n                }\n            },\n            \"StreamAnalyticsCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n                    \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n                }\n            },\n            \"SynapseWorkspaceCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n                }\n            },\n            \"StorageCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n                    \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n                }\n            },\n            \"MySQLCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n                }\n            },\n            \"PostgreSQLCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n                }\n            },\n            \"SqlServerTDECMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n                }\n            },\n            \"HealthcareAPIsCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"audit\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure API for FHIR should use a customer-managed key (CMK) to encrypt data at rest\",\n                    \"description\": \"Use a customer-managed key to control the encryption at rest of the data stored in Azure API for FHIR when this is a regulatory or compliance requirement. Customer-managed keys also deliver double encryption by adding a second layer of encryption on top of the default one done with service-managed keys.\"\n                }\n            },\n            \"AzureBatchCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n                    \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n                }\n            },\n            \"EncryptedVMDisksEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Disk encryption should be applied on virtual machines\",\n                    \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n                }\n            },\n            \"AutomationAccountCmkEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"BackupCmkEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveSearchCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"osAndDataDiskCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerInstanceCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubPremiumCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDenyCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedCmk\": {\n              \"type\": \"string\",\n              \"defaultValue\": \"Deny\",\n              \"allowedValues\": [\n                  \"Audit\",\n                  \"Deny\",\n                  \"Disabled\"\n              ]\n            },\n            \"storageTableCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsEncryptionCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageQueueCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ACRCmkEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AksCmkEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CosmosCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"HealthcareAPIsCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('HealthcareAPIsCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56a5ee18-2ae6-4810-86f7-18e39ce5629b\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AutomationAccountCmkEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2e94d99a-8a36-4563-bc77-810d8893b671\",\n                \"policyDefinitionReferenceId\": \"Deny-Backup-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BackupCmkEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/76a56461-9dc0-40f0-82f5-2453283afa2f\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/702dd420-7fcc-42c5-afe8-4026edd20fe0\",\n                \"policyDefinitionReferenceId\": \"Deny-OsAndDataDisk-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('osAndDataDiskCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0aa61e00-0a01-4a3c-9945-e93cffedf0e6\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerInstance-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerInstanceCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/81e74cea-30fd-40d5-802f-d72103c2aaaa\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec52d6d-beb7-40c4-9a9e-fe753254690e\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1ad735a-e96f-45d2-a7b2-9a4932cab7ec\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-Premium-CMK\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Premium-CMK\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubPremiumCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/295fc8b1-dc9f-4f53-9c61-3f313ceab40a\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDenyCmk')]\"\n                    }\n                }\n            },\n            {\n              \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac01ad65-10e5-46df-bdd9-6b0cad13e1d2\",\n              \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Cmk\",\n              \"groupNames\": [],\n              \"parameters\": {\n                  \"effect\": {\n                      \"value\": \"[[parameters('sqlManagedCmk')]\"\n                  }\n              }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c322315-e26d-4174-a99e-f49d351b4688\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Table-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageTableCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5ec538c-daa0-4006-8596-35468b9148e8\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Encryption-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsEncryptionCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e5abd0-2554-4736-b7c0-4ffef23475ef\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Queue-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageQueueCmk')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#32": "{\n    \"name\": \"Enforce-ACSB\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce Azure Compute Security Benchmark compliance auditing\",\n        \"description\": \"Enforce Azure Compute Security Benchmark compliance auditing for Windows and Linux virtual machines.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Guest Configuration\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"includeArcMachines\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"true\",\n                    \"false\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Include Arc connected servers\",\n                    \"description\": \"By selecting this option, you agree to be charged monthly per Arc connected machine.\"\n                },\n                \"defaultValue\": \"true\"\n            },\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"AuditIfNotExists\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"GcIdentity\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"GcLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"GcWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WinAcsb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/72650e9f-97bc-4b2a-ab5f-9781a9fcecbc\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"IncludeArcMachines\": {\n                        \"value\": \"[[parameters('includeArcMachines')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"LinAcsb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"IncludeArcMachines\": {\n                        \"value\": \"[[parameters('includeArcMachines')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#33": "{\n  \"name\": \"Deploy-MDFC-DefenderSQL-AMA\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Configure SQL VM and Arc-enabled SQL Servers to install Microsoft Defender for SQL and AMA with a user-defined LAW\",\n    \"description\": \"Initiative is deprecated as the built-in initiative now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/de01d381-bae9-4670-8870-786f89f49e26.html\",\n    \"metadata\": {\n      \"version\": \"1.0.1-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"de01d381-bae9-4670-8870-786f89f49e26\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      },\n      \"userWorkspaceResourceId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace Resource Id\",\n          \"description\": \"Workspace resource Id of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n        \"type\": \"Boolean\",\n        \"metadata\": {\n          \"displayName\": \"Enable collection of SQL queries for security research\",\n          \"description\": \"Enable or disable the collection of SQL queries for security research.\"\n        },\n        \"allowedValues\": [\n          true,\n          false\n        ],\n        \"defaultValue\": false\n      },\n      \"identityResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Identity Resource Group\",\n          \"description\": \"The name of the resource group created by the policy.\"\n        },\n        \"defaultValue\": \"\"\n      },\n      \"userAssignedIdentityName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"User Assigned Managed Identity Name\",\n          \"description\": \"The name of the user assigned managed identity.\"\n        },\n        \"defaultValue\": \"\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcAma\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3592ff98-9787-443a-af59-4505d0fe0786\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcMdsql\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65503269-6a54-4553-8a28-0065a8e6d929\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcMdsqlDcr\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-Arc-Sql-DefenderSQL-DCR\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"userWorkspaceResourceId\": {\n            \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n            \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcDcrAssociation\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-Arc-SQL-DCR-Association\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlAma\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-AMA\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"identityResourceGroup\": {\n            \"value\": \"[[parameters('identityResourceGroup')]\"\n          },\n          \"userAssignedIdentityName\": {\n            \"value\": \"[[parameters('userAssignedIdentityName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlMdsql\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-DefenderSQL\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlMdsqlDcr\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-DefenderSQL-DCR\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"Disabled\"\n          },\n          \"userWorkspaceResourceId\": {\n            \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n            \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
-    "$fxv#34": "{\n    \"name\": \"Enforce-Backup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce enhanced recovery and backup policies\",\n        \"description\": \"Enforce enhanced recovery and backup policies on assigned scopes.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Backup\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"version\": \"1.0.0\",\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"checkLockedImmutabilityOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"checkLockedImmutabilityOnly\",\n                    \"description\": \"This parameter checks if Immutability is locked for Backup Vaults in scope. Selecting 'true' will mark only vaults with Immutability 'Locked' as compliant. Selecting 'false' will mark vaults that have Immutability either 'Enabled' or 'Locked' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            },\n            \"checkAlwaysOnSoftDeleteOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"CheckAlwaysOnSoftDeleteOnly\",\n                    \"description\": \"This parameter checks if Soft Delete is 'Locked' for Backup Vaults in scope. Selecting 'true' will mark only vaults with Soft Delete 'AlwaysOn' as compliant. Selecting 'false' will mark vaults that have Soft Delete either 'On' or 'AlwaysOn' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2514263b-bc0d-4b06-ac3e-f262c0979018\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabiltyOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6f6f560-14b7-49a4-9fc8-d2c3a9807868\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabilityOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-SoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9798d31d-6028-4dee-8643-46102185c016\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkAlwaysOnSoftDeleteOnly\": {\n                        \"value\": \"[[parameters('checkAlwaysOnSoftDeleteOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-SoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/31b8092a-36b8-434b-9af7-5ec844364148\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkAlwaysOnSoftDeleteOnly\": {\n                        \"value\": \"[[parameters('checkAlwaysOnSoftDeleteOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-MUA\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c58e083e-7982-4e24-afdc-be14d312389e\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-MUA\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c7031eab-0fc0-4cd9-acd0-4497bd66d91a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#35": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\n                \"policyDefinitionReferenceId\": \"Dine-Storage-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#36": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-Sup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce additional recommended guardrails for Key Vault\",\n        \"description\": \"This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"keyVaultManagedHsmDisablePublicNetworkModify\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultModifyFw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84d327c3-164a-4685-b453-900478614456\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetworkModify')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-Fw\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultModifyFw')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#37": "{\n    \"name\": \"Enforce-EncryptTransit\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n      \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_20240509.html\",\n      \"metadata\": {\n        \"version\": \"2.1.0-deprecated\",\n        \"category\": \"Encryption\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"deprecated\": true,\n        \"supersededBy\": \"Enforce-EncryptTransit_20240509\",\n        \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n        ]\n      },\n      \"parameters\": {\n        \"AppServiceHttpEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n            \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceTlsVersionEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n            \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n            \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n          }\n        },\n        \"APIAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"FunctionLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"FunctionServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"WebAppServiceLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"WebAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"AKSIngressHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n            \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"deny\",\n          \"allowedValues\": [\n            \"audit\",\n            \"deny\",\n            \"disabled\"\n          ]\n        },\n        \"MySQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"MySQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n            \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"MySQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"PostgreSQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"PostgreSQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n            \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"PostgreSQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"RedisTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"RedisMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n            \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n          }\n        },\n        \"RedisTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n            \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"SQLManagedInstanceTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLManagedInstanceMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n            \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n          }\n        },\n        \"SQLManagedInstanceTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"SQLServerTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLServerminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n            \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n          }\n        },\n        \"SQLServerTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"StorageDeployHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"StorageminimumTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_1\",\n            \"TLS1_0\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Storage Account select minimum TLS version\",\n            \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n          }\n        },\n        \"StorageHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"ContainerAppsHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n            \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Deny\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n            },\n            \"minTlsVersion\": {\n              \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }",
-    "$fxv#38": "{\n    \"name\": \"Enforce-EncryptTransit_20240509\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"ContainerAppsHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n                    \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#39": "{\n    \"name\": \"Enforce-Guardrails-ContainerApps\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Apps\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerAppsManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsVnetInjection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b346db6-85af-419b-8557-92cee2c0f9bb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApp-Vnet-Injection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsVnetInjection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsManagedIdentity')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#4": "{\n    \"name\": \"Enforce-ALZ-Sandbox\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce policies in the Sandbox Landing Zone\",\n        \"description\": \"Enforce policies in the Sandbox Landing Zone.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Sandbox\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"listOfResourceTypesNotAllowed\": {\n                \"type\": \"Array\",\n                \"defaultValue\": [],\n                \"metadata\": {\n                    \"displayName\": \"Not allowed resource types in the Sandbox landing zone\",\n                    \"description\": \"Not allowed resource types in the Sandbox landing zone, default is none.\",\n                    \"strongType\": \"resourceTypes\"\n                }\n            },\n            \"effectNotAllowedResources\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectDenyVnetPeering\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"SandboxNotAllowed\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectNotAllowedResources')]\"\n                      },\n                    \"listOfResourceTypesNotAllowed\": {\n                        \"value\": \"[[parameters('listOfResourceTypesNotAllowed')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SandboxDenyVnetPeering\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peer-Cross-Sub\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectDenyVnetPeering')]\"\n                      }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#40": "{\n    \"name\": \"Enforce-Guardrails-KeyVault\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultManagedHsmCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsPurgeProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86810a98-8e91-4a44-8386-ec66d0de5d57\",\n                \"policyDefinitionReferenceId\": \"Deny-keyVaultManagedHsm-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PurgeProtection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsPurgeProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#41": "{\n    \"name\": \"Enforce-Guardrails-Automation\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"autoHotPatch\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d02d2f7-e38b-4bdc-96f3-adc0a8726abc\",\n                \"policyDefinitionReferenceId\": \"Deny-Windows-Vm-HotPatch\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('autoHotPatch')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#42": "{\n    \"name\": \"Enforce-Guardrails-MySQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlInfraEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#43": "{\n    \"name\": \"Enforce-Guardrails-Network\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableIDPS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafAfdEnabled\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Afd-Enabled\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafAfdEnabled')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-IDPS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableIDPS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#44": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbAtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656\",\n                \"policyDefinitionReferenceId\": \"Dine-CosmosDb-Atp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbAtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#45": "{\n  \"name\": \"Deny-PublicPaaSEndpoints-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registries with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-KeyVaultPaasPublicIP\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AFSPaasPublicIP\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#46": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
-    "$fxv#47": "{\n  \"name\": \"Deploy-MDFC-Config-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#48": "{\n  \"name\": \"Enforce-Encryption-CMK-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"MySQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"PostgreSQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#49": "{\n  \"name\": \"Deploy-Private-DNS-Zones-AzureChinaCloud\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureHDInsightPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureHDInsightPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueuePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueuePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueueSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueueSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#5": "{\n    \"name\": \"DenyAction-DeleteProtection\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"DenyAction Delete - Activity Log Settings and Diagnostic Settings\",\n        \"description\": \"Enforces DenyAction - Delete on Activity Log Settings and Diagnostic Settings.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Monitoring\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {},\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-DiagnosticSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-ActivityLogSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#50": "{\n    \"name\": \"Enforce-Guardrails-Storage-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#51": "{\n    \"name\": \"Enforce-EncryptTransit_20240509-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#52": "{\n    \"name\": \"Enforce-Backup-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce enhanced recovery and backup policies\",\n        \"description\": \"Enforce enhanced recovery and backup policies on assigned scopes.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Backup\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"version\": \"1.0.0\",\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"checkLockedImmutabilityOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"checkLockedImmutabilityOnly\",\n                    \"description\": \"This parameter checks if Immutability is locked for Backup Vaults in scope. Selecting 'true' will mark only vaults with Immutability 'Locked' as compliant. Selecting 'false' will mark vaults that have Immutability either 'Enabled' or 'Locked' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2514263b-bc0d-4b06-ac3e-f262c0979018\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabiltyOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6f6f560-14b7-49a4-9fc8-d2c3a9807868\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabilityOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#53": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#54": "{\n    \"name\": \"Enforce-Guardrails-Automation-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#55": "{\n    \"name\": \"Enforce-Guardrails-MySQL-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#56": "{\n    \"name\": \"Enforce-Guardrails-Network-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#57": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureChinaCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#58": "{\n    \"name\": \"Enforce-ALZ-Decomm-AzureChinaCloud\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"Enforce policies in the Decommissioned Landing Zone\",\n      \"description\": \"Enforce policies in the Decommissioned Landing Zone.\",\n      \"metadata\": {\n        \"version\": \"1.0.0\",\n        \"category\": \"Decommissioned\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"alzCloudEnvironments\": [ \n          \"AzureChinaCloud\"\n        ]\n      },\n      \"parameters\": {\n        \"listOfResourceTypesAllowed\":{\n          \"type\": \"Array\",\n          \"defaultValue\": [],\n          \"metadata\": {\n            \"displayName\": \"Allowed resource types in the Decommissioned landing zone\",\n            \"description\": \"Allowed resource types in the Decommissioned landing zone, default is none.\",\n            \"strongType\": \"resourceTypes\"\n          }\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"DecomDenyResources\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\n          \"parameters\": {\n            \"listOfResourceTypesAllowed\": {\n              \"value\": \"[[parameters('listOfResourceTypesAllowed')]\"\n            }\n          },\n          \"groupNames\": []\n        }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }\n  ",
-    "$fxv#59": "{\n  \"name\": \"Deny-PublicPaaSEndpoints\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that  Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registires with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicEndpoint-MariaDB\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#6": "{\n    \"name\": \"Deploy-AUM-CheckUpdates\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Configure periodic checking for missing system updates on azure virtual machines and Arc-enabled virtual machines\",\n        \"description\": \"Configure auto-assessment (every 24 hours) for OS updates. You can control the scope of assignment according to machine subscription, resource group, location or tag. Learn more about this for Windows: https://aka.ms/computevm-windowspatchassessmentmode, for Linux: https://aka.ms/computevm-linuxpatchassessmentmode.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"assessmentMode\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Assessment mode\",\n                    \"description\": \"Assessment mode for the machines.\"\n                },\n                \"allowedValues\": [\n                    \"ImageDefault\",\n                    \"AutomaticByPlatform\"\n                ],\n                \"defaultValue\": \"AutomaticByPlatform\"\n            },\n            \"locations\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Machines locations\",\n                    \"description\": \"The list of locations from which machines need to be targeted.\",\n                    \"strongType\": \"location\"\n                },\n                \"defaultValue\": []\n            },\n            \"tagValues\": {\n                \"type\": \"Object\",\n                \"metadata\": {\n                    \"displayName\": \"Tags on machines\",\n                    \"description\": \"The list of tags that need to matched for getting target machines.\"\n                },\n                \"defaultValue\": {}\n            },\n            \"tagOperator\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Tag operator\",\n                    \"description\": \"Matching condition for resource tags\"\n                },\n                \"allowedValues\": [\n                    \"All\",\n                    \"Any\"\n                ],\n                \"defaultValue\": \"Any\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmCheckUpdateWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Windows\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmCheckUpdateLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Linux\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmArcCheckUpdateWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfea026e-043f-4ff4-9d1b-bf301ca7ff46\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Windows\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmArcCheckUpdateLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfea026e-043f-4ff4-9d1b-bf301ca7ff46\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Linux\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#60": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
-    "$fxv#61": "{\n  \"name\": \"Deploy-MDFC-Config\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForDns\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForArm\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForStorage\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForStorageAccounts\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c30959-af11-47b3-9ed2-a26e03f427a3\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForStorage')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForDns\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForDns')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForArm\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForArm')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#62": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
-    "$fxv#63": "{\n  \"name\": \"Enforce-Encryption-CMK\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
-    "$fxv#64": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\n                \"policyDefinitionReferenceId\": \"Dine-Storage-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#65": "{\n    \"name\": \"Enforce-Guardrails-KeyVault-Sup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce additional recommended guardrails for Key Vault\",\n        \"description\": \"This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"keyVaultManagedHsmDisablePublicNetworkModify\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultModifyFw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/84d327c3-164a-4685-b453-900478614456\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetworkModify')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc\",\n                \"policyDefinitionReferenceId\": \"Modify-KV-Fw\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultModifyFw')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#66": "{\n    \"name\": \"Enforce-EncryptTransit\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n      \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_20240509.html\",\n      \"metadata\": {\n        \"version\": \"2.1.0-deprecated\",\n        \"category\": \"Encryption\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"deprecated\": true,\n        \"supersededBy\": \"Enforce-EncryptTransit_20240509\",\n        \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n        ]\n      },\n      \"parameters\": {\n        \"AppServiceHttpEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n            \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceTlsVersionEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n            \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n            \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n          }\n        },\n        \"APIAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"FunctionLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"FunctionServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"WebAppServiceLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"WebAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"AKSIngressHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n            \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"deny\",\n          \"allowedValues\": [\n            \"audit\",\n            \"deny\",\n            \"disabled\"\n          ]\n        },\n        \"MySQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"MySQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n            \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"MySQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"PostgreSQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"PostgreSQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n            \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"PostgreSQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"RedisTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"RedisMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n            \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n          }\n        },\n        \"RedisTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n            \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"SQLManagedInstanceTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLManagedInstanceMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n            \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n          }\n        },\n        \"SQLManagedInstanceTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"SQLServerTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLServerminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n            \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n          }\n        },\n        \"SQLServerTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"StorageDeployHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"StorageminimumTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_1\",\n            \"TLS1_0\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Storage Account select minimum TLS version\",\n            \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n          }\n        },\n        \"StorageHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"ContainerAppsHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n            \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Deny\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n            },\n            \"minTlsVersion\": {\n              \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }",
-    "$fxv#67": "{\n    \"name\": \"Enforce-EncryptTransit_20240509\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"ContainerAppsHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n                    \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#68": "{\n    \"name\": \"Enforce-Guardrails-ContainerApps\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Container Apps\",\n        \"description\": \"This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Container Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"containerAppsManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsVnetInjection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b346db6-85af-419b-8557-92cee2c0f9bb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApp-Vnet-Injection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsVnetInjection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsManagedIdentity')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#69": "{\n    \"name\": \"Enforce-Guardrails-KeyVault\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Azure Key Vault\",\n        \"description\": \"Enforce recommended guardrails for Azure Key Vault.\",\n        \"metadata\": {\n            \"version\": \"2.0.0\",\n            \"category\": \"Key Vault\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effectKvSoftDelete\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvPurgeProtection\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectKvSecretsExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvKeysExpire\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvFirewallEnabled\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"effectKvCertLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"maximumCertLifePercentageLife\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The maximum lifetime percentage\",\n                    \"description\": \"Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'.\"\n                },\n                \"defaultValue\": 80\n            },\n            \"minimumCertLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvKeysLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumKeysLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"effectKvSecretsLifetime\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"minimumSecretsLifeDaysBeforeExpiry\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"The minimum days before expiry\",\n                    \"description\": \"Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'.\"\n                },\n                \"defaultValue\": 90\n            },\n            \"keyVaultCheckMinimumRSACertificateSize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSACertificateSizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultManagedHsmCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultCheckMinimumRSAKeySize\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultMinimumRSAKeySizeValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 2048,\n                \"allowedValues\": [\n                    2048,\n                    3072,\n                    4096\n                ]\n            },\n            \"keyVaultArmRbac\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsPurgeProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificatesPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertValidPeriod\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 12\n            },\n            \"keyVaultHmsKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsValidPeriod\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsValidityInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultCertKeyTypes\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultEllipticCurve\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCryptographicType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keysActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keysCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"secretsActiveInDays\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"secretsActive\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultSecretContentType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultNonIntegratedCaValue\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"The common name of the certificate authority\",\n                    \"description\": \"The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso\"\n                }\n            },\n            \"keyVaultIntegratedCa\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultIntegratedCaValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"DigiCert\",\n                    \"GlobalSign\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHsmMinimumDaysBeforeExpirationValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            },\n            \"keyVaultHmsCurveNames\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultHmsCurveNamesValue\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"P-256\",\n                    \"P-256K\",\n                    \"P-384\",\n                    \"P-521\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"Audit\",\n                    \"deny\",\n                    \"Deny\",\n                    \"disabled\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 90\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"KvSoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSoftDelete')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvPurgeProtection\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvPurgeProtection')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysExpire\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysExpire')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvFirewallEnabled\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvFirewallEnabled')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvCertLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvCertLifetime')]\"\n                    },\n                    \"maximumPercentageLife\": {\n                        \"value\": \"[[parameters('maximumCertLifePercentageLife')]\"\n                    },\n                    \"minimumDaysBeforeExpiry\": {\n                        \"value\": \"[[parameters('minimumCertLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvKeysLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvKeysLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumKeysLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KvSecretsLifetime\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectKvSecretsLifetime')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('minimumSecretsLifeDaysBeforeExpiry')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinCertSize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSACertificateSize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSACertificateSizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86810a98-8e91-4a44-8386-ec66d0de5d57\",\n                \"policyDefinitionReferenceId\": \"Deny-keyVaultManagedHsm-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-RSA-Keys-without-MinKeySize\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCheckMinimumRSAKeySize')]\"\n                    },\n                    \"minimumRSAKeySize\": {\n                        \"value\": \"[[parameters('keyVaultMinimumRSAKeySizeValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-without-ArmRbac\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultArmRbac')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PurgeProtection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsPurgeProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cert-Period\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificatesPeriod')]\"\n                    },\n                    \"maximumValidityInMonths\": {\n                        \"value\": \"[[parameters('keyVaultCertValidPeriod')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-Key-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secrets-ValidityDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsValidPeriod')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsValidityInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Types\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertKeyTypes')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Elliptic-Curve\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultEllipticCurve')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Cryptographic-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCryptographicType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Key-Active\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('keysActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keysCurveNames')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Secret-ActiveDays\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('secretsActive')]\"\n                    },\n                    \"maximumValidityInDays\": {\n                        \"value\": \"[[parameters('secretsActiveInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Secret-Content-Type\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultSecretContentType')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Non-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCa')]\"\n                    },\n                    \"caCommonName\": {\n                        \"value\": \"[[parameters('keyVaultNonIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Integrated-Ca\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCa')]\"\n                    },\n                    \"allowedCAs\": {\n                        \"value\": \"[[parameters('keyVaultIntegratedCaValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ad27588c-0198-4c84-81ef-08efd0274653\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-MinimumDays-Before-Expiration\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpiration')]\"\n                    },\n                    \"minimumDaysBeforeExpiration\": {\n                        \"value\": \"[[parameters('keyVaultHsmMinimumDaysBeforeExpirationValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Hsm-Curve-Names\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNames')]\"\n                    },\n                    \"allowedECNames\": {\n                        \"value\": \"[[parameters('keyVaultHmsCurveNamesValue')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427\",\n                \"policyDefinitionReferenceId\": \"Deny-Kv-Cert-Expiration-Within-Specific-Number-Days\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]\"\n                    },\n                    \"daysToExpire\": {\n                        \"value\": \"[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#7": "{\n    \"name\": \"Enforce-Guardrails-APIM\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for API Management\",\n        \"description\": \"This policy initiative is a group of policies that ensures API Management is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"API Management\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"apiSubscriptionScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"minimumApiVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimSkuVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimApiBackendCertValidation\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimDirectApiEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimCallApiAuthn\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimEncryptedProtocols\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimVnetUsage\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimSecrets\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"apimTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f1cc7827-022c-473e-836e-5a51cae0b249\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-without-Kv\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimSecrets')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ef619a2c-cc4d-4d03-b2ba-8c94a834d85b\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-without-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimVnetUsage')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-APIM-TLS\",\n                \"policyDefinitionReferenceId\": \"Deny-APIM-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee7495e7-3ba7-40b6-bfee-c29e22cc75d4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Protocols\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimEncryptedProtocols')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c15dcc82-b93c-4dcb-9332-fbf121685b54\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Authn\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimCallApiAuthn')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b741306c-968e-4b67-b916-5675e5c709f4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Direct-Endpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimDirectApiEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92bb331d-ac71-416a-8c91-02f2cb734ce4\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Cert-Validation\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimApiBackendCertValidation')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7ca8c8ac-3a6e-493d-99ba-c5fa35347ff2\",\n                \"policyDefinitionReferenceId\": \"Dine-Apim-Public-NetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimDisablePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/73ef9241-5d81-4cd4-b483-8443d1730fe5\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Sku-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apimSkuVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/549814b6-3212-4203-bdc8-1548d342fb67\",\n                \"policyDefinitionReferenceId\": \"Deny-Apim-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('minimumApiVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3aa03346-d8c5-4994-a5bc-7652c2a2aef1\",\n                \"policyDefinitionReferenceId\": \"Deny-Api-subscription-scope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('apiSubscriptionScope')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#70": "{\n    \"name\": \"Enforce-Guardrails-Automation\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Automation Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Automation\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"aaModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"aaVariablesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaManagedIdentity\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"autoHotPatch\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"aaModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d02d2f7-e38b-4bdc-96f3-adc0a8726abc\",\n                \"policyDefinitionReferenceId\": \"Deny-Windows-Vm-HotPatch\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('autoHotPatch')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Managed-Identity\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaManagedIdentity')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/48c5f1cb-14ad-4797-8e3b-f78ab3f8d700\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Variables-Encrypt\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaVariablesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/30d1d58e-8f96-47a5-8564-499a3f3cca81\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyLocalAUth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c\",\n                \"policyDefinitionReferenceId\": \"Modify-Aa-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('aaModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#71": "{\n    \"name\": \"Enforce-Guardrails-MySQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for MySQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"MySQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"mySqlInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816\",\n                \"policyDefinitionReferenceId\": \"Dine-MySql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlAdvThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlInfraEncryption')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#72": "{\n    \"name\": \"Enforce-Guardrails-Network\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Network and Networking services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"subnetUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"subnetServiceEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwWaf\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vnetModifyDdos\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\"\n            },\n            \"ddosPlanResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"wafMode\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"wafFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGw\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafModeAppGwRequirement\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Prevention\"\n            },\n            \"denyMgmtFromInternet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"denyMgmtFromInternetPorts\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Ports\",\n                    \"description\": \"Ports to be blocked\"\n                },\n                \"defaultValue\": [\n                    \"22\",\n                    \"3389\"\n                ]\n            },\n            \"afwEnbaleTlsForAllAppRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableTlsInspection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEmptyIDPSBypassList\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableAllIDPSSignatureRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"afwEnableIDPS\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"wafAfdEnabled\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"vpnAzureAD\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appGwTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyUdr\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\"\n            },\n            \"modifyUdrNextHopIpAddress\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\"\n            },\n            \"modifyUdrNextHopType\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"None\"\n            },\n            \"modifyUdrAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"0.0.0.0/0\"\n            },\n            \"modifyNsg\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"modifyNsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"modifyNsgRuleDirection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Outbound\"\n            },\n            \"modifyNsgRuleAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyNsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"modifyNsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"modifyNsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010\",\n                \"policyDefinitionReferenceId\": \"Deny-Nsg-GW-subnet\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7\",\n                \"policyDefinitionReferenceId\": \"Deny-VPN-AzureAD\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vpnAzureAD')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Afd-Enabled\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafAfdEnabled')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-IDPS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableIDPS')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-AllIDPSS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableAllIDPSSignatureRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-EmpIDPSBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEmptyIDPSBypassList')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-Inspection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnableTlsInspection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596\",\n                \"policyDefinitionReferenceId\": \"Deny-FW-TLS-AllApp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('afwEnbaleTlsForAllAppRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-AppGw-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafModeAppGw')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeAppGwRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-Fw-rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Waf-mode\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('wafMode')]\"\n                    },\n                    \"modeRequirement\": {\n                        \"value\": \"[[parameters('wafModeRequirement')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d\",\n                \"policyDefinitionReferenceId\": \"Modify-vNet-DDoS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('vnetModifyDdos')]\"\n                    },\n                    \"ddosPlan\": {\n                        \"value\": \"[[parameters('ddosPlanResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900\",\n                \"policyDefinitionReferenceId\": \"Deny-Ip-Forwarding\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114\",\n                \"policyDefinitionReferenceId\": \"Deny-vNic-Pip\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Waf\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwWaf')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetUdr')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-Without-NSG\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetNsg')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints\",\n                \"policyDefinitionReferenceId\": \"Deny-Subnet-with-Service-Endpoints\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('subnetServiceEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet\",\n                \"policyDefinitionReferenceId\": \"Deny-Mgmt-From-Internet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternet')]\"\n                    },\n                    \"ports\": {\n                        \"value\": \"[[parameters('denyMgmtFromInternetPorts')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls\",\n                \"policyDefinitionReferenceId\": \"Deny-AppGw-Without-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appGwTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR\",\n                \"policyDefinitionReferenceId\": \"Modify-Udr\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyUdr')]\"\n                    },\n                    \"nextHopIpAddress\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopIpAddress')]\"\n                    },\n                    \"nextHopType\": {\n                        \"value\": \"[[parameters('modifyUdrNextHopType')]\"\n                    },\n                    \"addressPrefix\": {\n                        \"value\": \"[[parameters('modifyUdrAddressPrefix')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG\",\n                \"policyDefinitionReferenceId\": \"Modify-Nsg\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyNsg')]\"\n                    },\n                    \"nsgRuleName\": {\n                        \"value\": \"[[parameters('modifyNsgRuleName')]\"\n                    },\n                    \"nsgRulePriority\": {\n                        \"value\": \"[[parameters('modifyNsgRulePriority')]\"\n                    },\n                    \"nsgRuleDirection\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDirection')]\"\n                    },\n                    \"nsgRuleAccess\": {\n                        \"value\": \"[[parameters('modifyNsgRuleAccess')]\"\n                    },\n                    \"nsgRuleProtocol\": {\n                        \"value\": \"[[parameters('modifyNsgRuleProtocol')]\"\n                    },\n                    \"nsgRuleSourceAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourceAddressPrefix')]\"\n                    },\n                    \"nsgRuleSourcePortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleSourcePortRange')]\"\n                    },\n                    \"nsgRuleDestinationAddressPrefix\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationAddressPrefix')]\"\n                    },\n                    \"nsgRuleDestinationPortRange\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDestinationPortRange')]\"\n                    },\n                    \"nsgRuleDescription\": {\n                        \"value\": \"[[parameters('modifyNsgRuleDescription')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
-    "$fxv#73": "{\n    \"name\": \"Enforce-Guardrails-CosmosDb\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cosmos DB\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cosmos DB\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cosmosDbLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbAtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cosmosDbModifyPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656\",\n                \"policyDefinitionReferenceId\": \"Dine-CosmosDb-Atp\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbAtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2\",\n                \"policyDefinitionReferenceId\": \"Deny-CosmosDb-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5\",\n                \"policyDefinitionReferenceId\": \"Append-CosmosDb-Metadata\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088\",\n                \"policyDefinitionReferenceId\": \"Modify-CosmosDb-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cosmosDbModifyPublicAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#8": "{\n    \"name\": \"Enforce-Guardrails-AppServices\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for App Service\",\n        \"description\": \"This policy initiative is a group of policies that ensures App Service is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"App Service\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"functionAppDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceSkuPl\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceDisableLocalAuthFtp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceRouting\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceScmAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceRfc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsRfc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsVnetRouting\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceEnvLatestVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsRemoteDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsRemoteDebugging\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceByoc\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsModifyHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppService-without-BYOC\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Byoc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceByoc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a5e3fe8f-f6cd-4f1d-bbf6-c749754a724b\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Remote-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsRemoteDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cca5adfe-626b-4cc6-8522-f5b6ed2391bd\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Remote-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsRemoteDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/eb4d34ab-0929-491c-bbf3-61e13da19f9a\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Latest-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceEnvLatestVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/801543d1-1953-4a90-b8b0-8cf6d41473a5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Vnet-Routing\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsVnetRouting')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f5c0bfb3-acea-47b1-b477-b0edcdf6edc1\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Rfc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceRfc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a691eacb-474d-47e4-b287-b4813ca44222\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServiceApps-Rfc\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsRfc')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/70adbb40-e092-42d5-a6f8-71c540a5efdb\",\n                \"policyDefinitionReferenceId\": \"DINE-FuncApp-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e97b776-f380-4722-a9a3-e7f0be029e79\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-ScmAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceScmAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5747353b-1ca9-42c1-a4dd-b874b894f3d4\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-Routing\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceRouting')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/572e342c-c920-4ef5-be2e-1ed3c6a51dc5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-FtpAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceDisableLocalAuthFtp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/546fe8d2-368d-4029-a418-6af48a7f61e5\",\n                \"policyDefinitionReferenceId\": \"Deny-AppServ-SkuPl\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceSkuPl')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2c034a29-2a5f-4857-b120-f800fe5549ae\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceDisableLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a5046c-c423-4805-9235-e844ae9ef49b\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-Debugging\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppDebugging')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08cf2974-d178-48a0-b26d-f6b8e555748b\",\n                \"policyDefinitionReferenceId\": \"Modify-Function-Apps-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsModifyHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0f98368e-36bc-4716-8ac2-8f8067203b63\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/242222f3-4985-4e99-b5ef-086d6a6cb01c\",\n                \"policyDefinitionReferenceId\": \"Modify-Function-Apps-Slots-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2374605e-3e0b-492b-9046-229af202562c\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-Apps-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c6c3e00e-d414-4ca4-914f-406699bb8eee\",\n                \"policyDefinitionReferenceId\": \"Modify-AppService-App-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
-    "$fxv#9": "{\n    \"name\": \"Enforce-Guardrails-CognitiveServices\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Cognitive Services\",\n        \"description\": \"This policy initiative is a group of policies that ensures Cognitive Services is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"cognitiveSearchSku\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveSearchLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyCognitiveSearchLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyCognitiveSearchPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a049bf77-880b-470f-ba6d-9f21c530cf83\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-SKU\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchSku')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6300012e-e9a4-4649-b41f-a85f5c43be91\",\n                \"policyDefinitionReferenceId\": \"Deny-CongitiveSearch-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4eb216f2-9dba-4979-86e6-5d7e63ce3b75\",\n                \"policyDefinitionReferenceId\": \"Modify-CogntiveSearch-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyCognitiveSearchLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9cee519f-d9c1-4fd9-9f79-24ec3449ed30\",\n                \"policyDefinitionReferenceId\": \"Modify-CogntiveSearch-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyCognitiveSearchPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/47ba1dd7-28d9-4b07-a8d5-9813bed64e0c\",\n                \"policyDefinitionReferenceId\": \"Modify-Cognitive-Services-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#30": "{\n    \"name\": \"Enforce-Guardrails-PostgreSQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for PostgreSQL\",\n        \"description\": \"This policy initiative is a group of policies that ensures PostgreSQL is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"PostgreSQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"postgreSqlAdvThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/db048e65-913c-49f9-bb5f-1084184671d3\",\n                \"policyDefinitionReferenceId\": \"Dine-PostgreSql-Adv-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('postgreSqlAdvThreatProtection')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#31": "{\n    \"name\": \"Enforce-Guardrails-ServiceBus\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Service Bus\",\n        \"description\": \"This policy initiative is a group of policies that ensures Service Bus is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Service Bus\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"serviceBusModifyDisableLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDenyDisabledLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusAuthzRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Authz-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusAuthzRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ebaf4f25-a4e8-415f-86a8-42d9155bef0b\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfb11c26-f069-4c14-8e36-56c394dae5af\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDenyDisabledLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/910711a6-8aa2-4f15-ae62-1e5b2ed3ef9e\",\n                \"policyDefinitionReferenceId\": \"Modify-Sb-LocalAuth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusModifyDisableLocalAuth')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#32": "{\n    \"name\": \"Enforce-Guardrails-SQL\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for SQL and SQL Managed Instance\",\n        \"description\": \"This policy initiative is a group of policies that ensures SQL and SQL Managed Instance is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"SQL\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"sqlManagedAadOnly\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlAadOnly\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifySqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c5a62eb0-c65a-4220-8a4d-f70dd4ca95dd\",\n                \"policyDefinitionReferenceId\": \"Dine-Sql-Managed-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/abda6d70-9778-44e7-84a8-06713e6db027\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Aad-Only\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlAadOnly')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/78215662-041e-49ed-a9dd-5385911b3a1f\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Aad-Only\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedAadOnly')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6134c3db-786f-471e-87bc-8f479dc890f6\",\n                \"policyDefinitionReferenceId\": \"Dine-Sql-Adv-Data\",\n                \"groupNames\": [],\n                \"parameters\": {}\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b\",\n                \"policyDefinitionReferenceId\": \"Modify-Sql-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifySqlPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#33": "{\n    \"name\": \"Enforce-Guardrails-Storage\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Storage Account\",\n        \"description\": \"This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"storageKeysExpiration\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountRestrictNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageThreatProtection\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageClassicToArm\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsInfraEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountSharedKey\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCrossTenant\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsDoubleEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsAllowedCopyScope\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"AAD\"\n            },\n            \"storageServicesEncryption\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageLocalUser\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageSftp\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsBypass\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAllowedNetworkAclsBypass\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"None\"\n                ]\n            },\n            \"storageResourceAccessRulesTenantId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageResourceAccessRulesResourceId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageNetworkAclsVirtualNetworkRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageContainerDeleteRetentionPolicy\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageMinContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"defaultValue\": 7\n            },\n            \"storageCorsRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageFileSyncPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"modifyStorageAccountPublicEndpoint\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsModifyDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CopyScope\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCopyScope')]\"\n                    },\n                    \"allowedCopyScope\": {\n                        \"value\": \"[[parameters('storageAccountsAllowedCopyScope')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ServicesEncryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageServicesEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-LocalUser\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageLocalUser')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-SFTP\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageSftp')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsBypass\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsBypass')]\"\n                    },\n                    \"allowedBypassOptions\": {\n                        \"value\": \"[[parameters('storageAllowedNetworkAclsBypass')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesTenantId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageResourceAccessRulesResourceId')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageNetworkAclsVirtualNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageContainerDeleteRetentionPolicy')]\"\n                    },\n                    \"minContainerDeleteRetentionInDays\": {\n                        \"value\": \"[[parameters('storageMinContainerDeleteRetentionInDays')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-CorsRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageCorsRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsDoubleEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Cross-Tenant\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsCrossTenant')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Shared-Key\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountSharedKey')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Infra-Encryption\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsInfraEncryption')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Classic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageClassicToArm')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c\",\n                \"policyDefinitionReferenceId\": \"Dine-Storage-Threat-Protection\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageThreatProtection')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Restrict-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountRestrictNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-NetworkRules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountNetworkRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Account-Keys-Expire\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageKeysExpiration')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-FileSync-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageFileSyncPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b\",\n                \"policyDefinitionReferenceId\": \"Modify-Blob-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('modifyStorageAccountPublicEndpoint')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d\",\n                \"policyDefinitionReferenceId\": \"Modify-Storage-Account-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#34": "{\n    \"name\": \"Enforce-Guardrails-Synapse\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Synapse workspaces\",\n        \"description\": \"This policy initiative is a group of policies that ensures Synapse workspaces is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.1.0\",\n            \"category\": \"Synapse\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"synapseLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseManagedVnet\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDataTraffic\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTenants\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseAllowedTenantIds\": {\n                \"type\": \"array\",\n                \"defaultValue\": [\n                    \"[[subscription().tenantId]\"\n                ]\n            },\n            \"synapseFwRules\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyLocalAuth\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseDefender\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/951c1558-50a5-4ca3-abb6-a93e3e2367a6\",\n                \"policyDefinitionReferenceId\": \"Dine-Synapse-Defender\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDefender')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c3624673-d2ff-48e0-b28c-5de1c6767c3c\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56fd377d-098c-4f02-8406-81eb055902b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Fw-Rules\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseFwRules')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3a003702-13d2-4679-941b-937e58c443f0\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tenant-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTenants')]\"\n                    },\n                    \"allowedTenantIds\": {\n                        \"value\": \"[[parameters('synapseAllowedTenantIds')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3484ce98-c0c5-4c83-994b-c5ac24785218\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Data-Traffic\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseDataTraffic')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d9dbfa3-927b-4cf0-9d0f-08747f971650\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Managed-Vnet\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseManagedVnet')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2158ddbe-fefa-408e-b43f-d4faef8ff3b8\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Local-Auth\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseLocalAuth')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8b5c654c-fb07-471b-aa8f-15fea733f140\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5c8cad01-ef30-4891-b230-652dadb4876a\",\n                \"policyDefinitionReferenceId\": \"Modify-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#35": "{\n    \"name\": \"Enforce-Guardrails-VirtualDesktop\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce recommended guardrails for Virtual Desktop\",\n        \"description\": \"This policy initiative is a group of policies that ensures Virtual Desktop is compliant per regulated Landing Zones.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Desktop Virtualization\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"avdWorkspaceModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolModifyPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Modify\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ce6ebf1d-0b94-4df9-9257-d8cacc238b4f\",\n                \"policyDefinitionReferenceId\": \"Modify-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspaceModifyPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2a0913ff-51e7-47b8-97bb-ea17127f7c8d\",\n                \"policyDefinitionReferenceId\": \"Modify-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolModifyPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#36": "{\n    \"name\": \"Deny-PublicPaaSEndpoints\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Public network access should be disabled for PaaS services\",\n        \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n        \"metadata\": {\n            \"version\": \"5.1.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"CosmosPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for CosmosDB\",\n                    \"description\": \"This policy denies that Cosmos database accounts  are created with out public network access is disabled.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"KeyVaultPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for KeyVault\",\n                    \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"SqlServerPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n                    \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"StoragePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access onStorage accounts should be disabled\",\n                    \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AKSPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on AKS API should be disabled\",\n                    \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"ACRPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure Container Registry disabled\",\n                    \"description\": \"This policy denies the creation of Azure Container Registries with exposed public endpoints \"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AFSPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access on Azure File Sync disabled\",\n                    \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"PostgreSQLFlexPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for PostgreSql Flexible Server\",\n                    \"description\": \"This policy denies creation of PostgreSQL Flexible DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"postgreSqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for PostgreSQL servers\",\n                    \"description\": \"This policy denies creation of PostgreSQL DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MySQLFlexPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for MySQL Flexible Server\",\n                    \"description\": \"This policy denies creation of MySql Flexible Server DB accounts with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"BatchPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n                    \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MariaDbPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n                    \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"MlPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Machine Learning\",\n                    \"description\": \"This policy denies creation of Azure Machine Learning with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"RedisCachePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Azure Cache for Redis\",\n                    \"description\": \"This policy denies creation of Azure Cache for Redis with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"BotServicePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Bot Service\",\n                    \"description\": \"This policy denies creation of Bot Service with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AutomationPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Automation accounts\",\n                    \"description\": \"This policy denies creation of Automation accounts with exposed public endpoints. Bots should be set to 'isolated only' mode\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AppConfigPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Configuration\",\n                    \"description\": \"This policy denies creation of App Configuration with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"FunctionPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Function apps\",\n                    \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"FunctionAppSlotPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for Function apps\",\n                    \"description\": \"This policy denies creation of Function apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsePublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Service Environment apps\",\n                    \"description\": \"This policy denies creation of App Service Environment apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for App Service apps\",\n                    \"description\": \"This policy denies creation of App Service apps with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"ApiManPublicIpDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Public network access should be disabled for API Management services\",\n                    \"description\": \"This policy denies creation of API Management services with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"AuditIfNotExists\"\n            },\n            \"ContainerAppsEnvironmentDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Container Apps environment should disable public network access\",\n                    \"description\": \"This policy denies creation of Container Apps Environment with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"AsrVaultDenyEffect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Azure Recovery Services vaults should disable public network access\",\n                    \"description\": \"This policy denies creation of Azure Recovery Services vaults with exposed public endpoints\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"logicAppPublicNetworkAccessEffect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"appSlotsPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"cognitiveSearchPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"managedDiskPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventGridTopicPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"keyVaultManagedHsmDisablePublicNetwork\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"mySqlPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveServicesPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDisablePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsPublicAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapsePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdHostPoolPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"avdWorkspacePublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"grafanaPublicNetworkAccess\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/405c5871-3e91-4644-8a63-58e19d68ff5b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b2982f36-99f2-4db5-8eff-283140c09693\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLFlexDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLFlexPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deny-PostgreSql-Public-Network-Access\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('postgreSqlPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLFlexDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLFlexPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MlDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/438c38d2-3772-465a-a9cc-7a6666a275ce\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MlPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisCacheDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/470baccb-7e51-4549-8b1a-3e5be069f663\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisCachePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BotServiceDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e8168db-69e3-4beb-9822-57cb59202a9d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BotServicePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AutomationDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/955a914f-bf86-4f0e-acd5-e0766b0efcb6\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AutomationPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppConfigDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3d9f5e4c-9947-4579-9539-2a7695fbc187\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppConfigPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/969ac98b-88a8-449f-883c-2e9adb123127\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionAppSlotsDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/11c82d0c-db9f-4d7b-97c5-f3f9aa957da2\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppSlotPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AseDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2d048aca-6479-4923-88f5-e2ac295d9af3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsePublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AsDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b5ef780-c53c-4a64-87f3-bb9c8c8094ba\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ApiManDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/df73bd95-24da-4a4f-96b9-4e8b94b402bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ApiManPublicIpDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsEnvironmentDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d074ddf8-01a5-4b5e-a2b8-964aed452c0a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsEnvironmentDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/783ea2a8-b8fd-46be-896a-9ae79643a0b1\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AsrVaultDenyPublicIP\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9ebbbba3-4d65-4da9-bb67-b22cfaaff090\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AsrVaultDenyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Public-Network-Access\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApp-Public-Network\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppPublicNetworkAccessEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/701a595d-38fb-4a66-ae6d-fb3735217622\",\n                \"policyDefinitionReferenceId\": \"Deny-AppSlots-Public\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appSlotsPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee980b6d-0eca-4501-8d54-f6290fd512c3\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8405fdab-1faf-48aa-b702-999c9c172094\",\n                \"policyDefinitionReferenceId\": \"Deny-ManagedDisk-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('managedDiskPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43bc7be6-5e69-4b0d-a2bb-e815557ca673\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1cf164be-6819-4a50-b8fa-4bcaa4f98fb6\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f8f774be-6aee-492a-9e29-486ef81f3a68\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1adadefe-5f21-44f7-b931-a59b54ccdb45\",\n                \"policyDefinitionReferenceId\": \"Deny-EventGrid-Topic-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventGridTopicPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0602787f-9896-402a-a6e1-39ee63ee435e\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/19ea9d63-adee-4431-a95e-1913c6c1c75f\",\n                \"policyDefinitionReferenceId\": \"Deny-KV-Hms-PublicNetwork\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('keyVaultManagedHsmDisablePublicNetwork')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095\",\n                \"policyDefinitionReferenceId\": \"Deny-MySql-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('mySqlPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3\",\n                \"policyDefinitionReferenceId\": \"Deny-Cognitive-Services-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveServicesNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cbd11fd3-3002-4907-b6c8-579f0e700e13\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-PublicEndpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDisablePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9dfea752-dd46-4766-aed1-c355fa93fb91\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Public-Endpoint\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Public-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsPublicAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/38d8df46-cf4e-4073-8e03-48c24b29de0d\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Public-Network-Access\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapsePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ac3038-c07a-4b92-860d-29e270a4f3cd\",\n                \"policyDefinitionReferenceId\": \"Deny-Workspace-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdWorkspacePublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c25dcf31-878f-4eba-98eb-0818fdc6a334\",\n                \"policyDefinitionReferenceId\": \"Deny-Hostpool-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('avdHostPoolPublicNetworkAccess')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e8775d5a-73b7-4977-a39b-833ef0114628\",\n                \"policyDefinitionReferenceId\": \"Deny-Grafana-PublicNetworkAccess\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('grafanaPublicNetworkAccess')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#37": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. This policy set is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n    \"metadata\": {\n      \"deprecated\": true,\n      \"version\": \"2.2.0-deprecated\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsDestinationType\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AzureDiagnostics\",\n        \"allowedValues\": [\n          \"AzureDiagnostics\",\n          \"Dedicated\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Destination table for the Diagnostic Setting for API Management to Log Analytics workspace\",\n          \"description\": \"Destination table for the diagnostic setting for API Management to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsDestinationType\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AzureDiagnostics\",\n        \"allowedValues\": [\n          \"AzureDiagnostics\",\n          \"Dedicated\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Destination table for the Diagnostic Setting for Firewall to Log Analytics workspace\",\n          \"description\": \"Destination table for the diagnostic setting for Firewall to Log Analytics workspace, allowed values are 'Dedicated' (for resource-specific) and 'AzureDiagnostics'. Default value is 'AzureDiagnostics'\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Log Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Log Analytics to stream to a Log Analytics workspace when any Log Analytics workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category Audit enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AVDScalingPlansLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59759c62-9a22-4cdf-ae64-074495983fef\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountBlobServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountFileServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/25a70cc8-2bd4-47f1-90b6-1478e4662c96\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountQueueServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7bd000e3-37c7-4928-9f31-86c4b77c5c45\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountTableServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2fb86bf3-d221-43d1-96d1-2434af34eaa0\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AVDScalingPlansLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"logAnalyticsDestinationType\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsDestinationType')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"logAnalyticsDestinationType\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsDestinationType')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#38": "{\n    \"name\": \"Deploy-MDFC-Config\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"[Deprecated]: Deploy Microsoft Defender for Cloud configuration\",\n        \"description\": \"Deploy Microsoft Defender for Cloud configuration. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html\",\n        \"metadata\": {\n            \"version\": \"7.0.0-deprecated\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"deprecated\": true,\n            \"supersededBy\": \"Deploy-MDFC-Config_20240319\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"emailSecurityContact\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Security contacts email address\",\n                    \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n                }\n            },\n            \"minimalSeverity\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"High\",\n                    \"Medium\",\n                    \"Low\"\n                ],\n                \"defaultValue\": \"High\",\n                \"metadata\": {\n                    \"displayName\": \"Minimal severity\",\n                    \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n                }\n            },\n            \"logAnalytics\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Primary Log Analytics workspace\",\n                    \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n                    \"strongType\": \"omsWorkspace\"\n                }\n            },\n            \"ascExportResourceGroupName\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n                }\n            },\n            \"ascExportResourceGroupLocation\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n                }\n            },\n            \"enableAscForCosmosDbs\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSql\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSqlOnVm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForDns\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForArm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForOssDb\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForAppServices\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForKeyVault\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForStorage\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForContainers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServersVulnerabilityAssessments\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"vulnerabilityAssessmentProvider\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"default\",\n                    \"mdeTvm\"\n                ],\n                \"defaultValue\": \"default\",\n                \"metadata\": {\n                    \"displayName\": \"Vulnerability assessment provider type\",\n                    \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n                }\n            },\n            \"enableAscForApis\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForCspm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForOssDb')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVM\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n                    },\n                    \"vaType\": {\n                        \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForAppServices')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForStorage')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforContainers\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    },\n                    \"logAnalyticsWorkspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForKeyVault')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForDns\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForDns')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForArm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForArm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSql')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForApis\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e54d2be9-5f2e-4d65-98e4-4f0e670b23d6\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForApis')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCspm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCspm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"securityEmailContact\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n                \"parameters\": {\n                    \"emailSecurityContact\": {\n                        \"value\": \"[[parameters('emailSecurityContact')]\"\n                    },\n                    \"minimalSeverity\": {\n                        \"value\": \"[[parameters('minimalSeverity')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ascExport\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n                \"parameters\": {\n                    \"resourceGroupName\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n                    },\n                    \"resourceGroupLocation\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n                    },\n                    \"workspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n                \"parameters\": {\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#39": "{\n    \"name\": \"Deploy-MDFC-Config_20240319\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n        \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Deploy-MDFC-Config\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"emailSecurityContact\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Security contacts email address\",\n                    \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n                }\n            },\n            \"minimalSeverity\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"High\",\n                    \"Medium\",\n                    \"Low\"\n                ],\n                \"defaultValue\": \"High\",\n                \"metadata\": {\n                    \"displayName\": \"Minimal severity\",\n                    \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n                }\n            },\n            \"logAnalytics\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Primary Log Analytics workspace\",\n                    \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n                    \"strongType\": \"omsWorkspace\"\n                }\n            },\n            \"ascExportResourceGroupName\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n                }\n            },\n            \"ascExportResourceGroupLocation\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n                    \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n                }\n            },\n            \"enableAscForCosmosDbs\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSql\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForSqlOnVm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForArm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForOssDb\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForAppServices\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForKeyVault\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForStorage\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForContainers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServers\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"enableAscForServersVulnerabilityAssessments\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"vulnerabilityAssessmentProvider\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"default\",\n                    \"mdeTvm\"\n                ],\n                \"defaultValue\": \"mdeTvm\",\n                \"metadata\": {\n                    \"displayName\": \"Vulnerability assessment provider type\",\n                    \"description\": \"Select the vulnerability assessment solution to provision to machines.\"\n                }\n            },\n            \"enableAscForCspm\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"defenderForOssDb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForOssDb')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVM\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForVMVulnerabilityAssessment\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForServersVulnerabilityAssessments')]\"\n                    },\n                    \"vaType\": {\n                        \"value\": \"[[parameters('vulnerabilityAssessmentProvider')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlServerVirtualMachines\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSqlOnVm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForAppServices\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForAppServices')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForStorageAccountsV2\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForStorage')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforContainers\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderforKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    },\n                    \"logAnalyticsWorkspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azurePolicyForKubernetes\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForContainers')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForKeyVaults\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForKeyVault')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForArm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForArm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForSql')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCosmosDbs\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCosmosDbs')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"defenderForCspm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('enableAscForCspm')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"securityEmailContact\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n                \"parameters\": {\n                    \"emailSecurityContact\": {\n                        \"value\": \"[[parameters('emailSecurityContact')]\"\n                    },\n                    \"minimalSeverity\": {\n                        \"value\": \"[[parameters('minimalSeverity')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ascExport\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n                \"parameters\": {\n                    \"resourceGroupName\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n                    },\n                    \"resourceGroupLocation\": {\n                        \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n                    },\n                    \"workspaceResourceId\": {\n                        \"value\": \"[[parameters('logAnalytics')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"migrateToMdeTvm\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888\",\n                \"parameters\": {\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#4": "{\n    \"name\": \"Enforce-EncryptTransit\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"[Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n      \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_20240509.html\",\n      \"metadata\": {\n        \"version\": \"2.1.0-deprecated\",\n        \"category\": \"Encryption\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"deprecated\": true,\n        \"supersededBy\": \"Enforce-EncryptTransit_20240509\",\n        \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n        ]\n      },\n      \"parameters\": {\n        \"AppServiceHttpEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n            \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceTlsVersionEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n            \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n          }\n        },\n        \"AppServiceminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n            \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n          }\n        },\n        \"APIAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"FunctionLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"FunctionServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"WebAppServiceLatestTlsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n            \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"AuditIfNotExists\",\n          \"allowedValues\": [\n            \"AuditIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"WebAppServiceHttpsEffect\": {\n          \"metadata\": {\n            \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n            \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"AKSIngressHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n            \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"deny\",\n          \"allowedValues\": [\n            \"audit\",\n            \"deny\",\n            \"disabled\"\n          ]\n        },\n        \"MySQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"MySQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n            \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"MySQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"PostgreSQLEnableSSLDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"PostgreSQLEnableSSLEffect\": {\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n            \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"PostgreSQLminimalTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_0\",\n            \"TLS1_1\",\n            \"TLSEnforcementDisabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n            \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n          }\n        },\n        \"RedisTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"Append\",\n          \"allowedValues\": [\n            \"Append\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"RedisMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n            \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n          }\n        },\n        \"RedisTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n            \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"SQLManagedInstanceTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLManagedInstanceMinTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n            \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n          }\n        },\n        \"SQLManagedInstanceTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"SQLServerTLSDeployEffect\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n            \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n          }\n        },\n        \"SQLServerminTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"1.2\",\n          \"allowedValues\": [\n            \"1.2\",\n            \"1.0\",\n            \"1.1\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n            \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n          }\n        },\n        \"SQLServerTLSEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n            \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Disabled\",\n            \"Deny\"\n          ]\n        },\n        \"StorageDeployHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"DeployIfNotExists\",\n          \"allowedValues\": [\n            \"DeployIfNotExists\",\n            \"Disabled\"\n          ]\n        },\n        \"StorageminimumTlsVersion\": {\n          \"type\": \"String\",\n          \"defaultValue\": \"TLS1_2\",\n          \"allowedValues\": [\n            \"TLS1_2\",\n            \"TLS1_1\",\n            \"TLS1_0\"\n          ],\n          \"metadata\": {\n            \"displayName\": \"Storage Account select minimum TLS version\",\n            \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n          }\n        },\n        \"StorageHttpsEnabledEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Azure Storage Account. Secure transfer to storage accounts should be enabled\",\n            \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Audit\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        },\n        \"ContainerAppsHttpsOnlyEffect\": {\n          \"metadata\": {\n            \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n            \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n          },\n          \"type\": \"String\",\n          \"defaultValue\": \"Deny\",\n          \"allowedValues\": [\n            \"Audit\",\n            \"Deny\",\n            \"Disabled\"\n          ]\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n            },\n            \"minTlsVersion\": {\n              \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('RedisTLSEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n            },\n            \"minimalTlsVersion\": {\n              \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n            },\n            \"minimumTlsVersion\": {\n              \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n          \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n          \"parameters\": {\n            \"effect\": {\n              \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n            }\n          },\n          \"groupNames\": []\n        }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }",
+    "$fxv#40": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"2.2.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationWebhookPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationWebhookPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAutomationDSCHybridPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAutomationDSCHybridPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosMongoPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosMongoPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosCassandraPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosCassandraPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosGremlinPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosGremlinPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCosmosTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCosmosTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDataFactoryPortalPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDataFactoryPortalPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDatabricksPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDatabricksPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureHDInsightPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureHDInsightPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMigratePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMigratePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageBlobSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageBlobSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueuePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueuePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageQueueSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageQueueSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageStaticWebSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageStaticWebSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageDFSSecPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageDFSSecPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseSQLODPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseSQLODPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSynapseDevPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSynapseDevPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesKeyPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesKeyPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesLivePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesLivePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMediaServicesStreamPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMediaServicesStreamPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId1\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId1\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId2\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId2\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId3\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId3\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId4\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId4\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMonitorPrivateDnsZoneId5\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMonitorPrivateDnsZoneId5\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspaceSecondPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBotServicePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBotServicePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureManagedGrafanaWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureManagedGrafanaWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopHostpoolPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopHostpoolPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureVirtualDesktopWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureVirtualDesktopWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotDeviceupdatePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotDeviceupdatePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcGuestconfigurationPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcGuestconfigurationPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcHybridResourceProviderPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcHybridResourceProviderPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureArcKubernetesConfigurationPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureArcKubernetesConfigurationPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotCentralPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotCentralPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTablePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTablePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureStorageTableSecondaryPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureStorageTableSecondaryPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBackupPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBackupPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryBlobPrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryBlobPrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSiteRecoveryQueuePrivateDnsZoneID\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSiteRecoveryQueuePrivateDnsZoneID\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-Webhook\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationWebhookPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Webhook\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Automation-DSCHybrid\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"DSCAndHybridWorker\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosSQLPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"SQL\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-MongoDB\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosMongoPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"MongoDB\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Cassandra\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosCassandraPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Cassandra\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Gremlin\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosGremlinPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Gremlin\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Cosmos-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCosmosTablePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"Table\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"dataFactory\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DataFactory-Portal\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]\"\n          },\n          \"listOfGroupIds\": {\n            \"value\": [\n              \"portal\"\n            ]\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Databricks-UI-Api\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDatabricksPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"databricks_ui_api\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Databricks-Browser-AuthN\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDatabricksPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"browser_authentication\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-HDInsight\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureHDInsightPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"cluster\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Migrate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7590a335-57cf-4c95-babd-ecbc8fafeb1f\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMigratePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Blob-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageBlobSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueuePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Queue-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageQueueSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-File\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-StaticWeb-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-DFS-Sec\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageDFSSecPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Sql\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-SQL-OnDemand\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseSQLODPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"SqlOnDemand\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Synapse-Dev\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSynapseDevPrivateDnsZoneId')]\"\n          },\n          \"targetSubResource\": {\n            \"value\": \"Dev\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Key\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesKeyPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"keydelivery\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Live\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesLivePrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"liveevent\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MediaServices-Stream\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMediaServicesStreamPrivateDnsZoneId')]\"\n          },\n          \"groupId\": {\n            \"value\": \"streamingendpoint\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Monitor\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365\",\n        \"parameters\": {\n          \"privateDnsZoneId1\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId1')]\"\n          },\n          \"privateDnsZoneId2\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId2')]\"\n          },\n          \"privateDnsZoneId3\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId3')]\"\n          },\n          \"privateDnsZoneId4\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId4')]\"\n          },\n          \"privateDnsZoneId5\": {\n            \"value\": \"[[parameters('azureMonitorPrivateDnsZoneId5')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Web\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"secondPrivateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-BotService\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6a4e6f44-f2af-4082-9702-033c9e88b9f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBotServicePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ManagedGrafanaWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4c8537f8-cd1b-49ec-b704-18e82a42fd58\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureManagedGrafanaWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopHostpool\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"connection\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-VirtualDesktopWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]\"\n          },\n          \"privateEndpointGroupId\": {\n            \"value\": \"feed\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTDeviceupdate\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a222b93a-e6c2-4c01-817f-21e092455b2a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotDeviceupdatePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Arc\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55c4db33-97b0-437b-8469-c4f4498f5df9\",\n        \"parameters\":{\n          \"privateDnsZoneIDForGuestConfiguration\": {\n            \"value\": \"[[parameters('azureArcGuestconfigurationPrivateDnsZoneId')]\"\n          },\n          \"privateDnsZoneIDForHybridResourceProvider\": {\n            \"value\": \"[[parameters('azureArcHybridResourceProviderPrivateDnsZoneId')]\"\n          },\n          \"privateDnsZoneIDForKubernetesConfiguration\": {\n            \"value\": \"[[parameters('azureArcKubernetesConfigurationPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTCentral\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d627d7c6-ded5-481a-8f2e-7e16b1e6faf6\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotCentralPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTablePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Storage-Table-Secondary\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f\",\n        \"parameters\":{\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery-Backup\",\n        \"policyDefinitionId\":\"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820\",\n        \"parameters\":{\n          \"privateDnsZone-Backup\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Blob\": {\n            \"value\": \"[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]\"\n          },\n          \"privateDnsZone-Queue\": {\n            \"value\": \"[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        }\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#41": "{\n    \"name\": \"Enforce-Encryption-CMK\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n        \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n        \"metadata\": {\n            \"version\": \"3.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"ACRCmkEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"AksCmkEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n                    \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"WorkspaceCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n                    \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n                }\n            },\n            \"CognitiveServicesCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n                    \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n                }\n            },\n            \"CosmosCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n                }\n            },\n            \"DataBoxCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n                    \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n                }\n            },\n            \"StreamAnalyticsCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n                    \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n                }\n            },\n            \"SynapseWorkspaceCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n                }\n            },\n            \"StorageCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n                    \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n                }\n            },\n            \"MySQLCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n                }\n            },\n            \"PostgreSQLCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n                    \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n                }\n            },\n            \"SqlServerTDECMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n                    \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n                }\n            },\n            \"HealthcareAPIsCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"audit\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure API for FHIR should use a customer-managed key (CMK) to encrypt data at rest\",\n                    \"description\": \"Use a customer-managed key to control the encryption at rest of the data stored in Azure API for FHIR when this is a regulatory or compliance requirement. Customer-managed keys also deliver double encryption by adding a second layer of encryption on top of the default one done with service-managed keys.\"\n                }\n            },\n            \"AzureBatchCMKEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n                    \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n                }\n            },\n            \"EncryptedVMDisksEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Disk encryption should be applied on virtual machines\",\n                    \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n                }\n            },\n            \"AutomationAccountCmkEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"BackupCmkEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"cognitiveSearchCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"osAndDataDiskCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerInstanceCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adxCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"adfCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubNamespacesCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubPremiumCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"serviceBusDenyCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedCmk\": {\n              \"type\": \"string\",\n              \"defaultValue\": \"Deny\",\n              \"allowedValues\": [\n                  \"Audit\",\n                  \"Deny\",\n                  \"Disabled\"\n              ]\n            },\n            \"storageTableCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsEncryptionCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageQueueCmk\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ACRCmkEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AksCmkEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('CosmosCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"HealthcareAPIsCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('HealthcareAPIsCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/56a5ee18-2ae6-4810-86f7-18e39ce5629b\",\n                \"policyDefinitionReferenceId\": \"Deny-Aa-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AutomationAccountCmkEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2e94d99a-8a36-4563-bc77-810d8893b671\",\n                \"policyDefinitionReferenceId\": \"Deny-Backup-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('BackupCmkEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/76a56461-9dc0-40f0-82f5-2453283afa2f\",\n                \"policyDefinitionReferenceId\": \"Deny-CognitiveSearch-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('cognitiveSearchCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/702dd420-7fcc-42c5-afe8-4026edd20fe0\",\n                \"policyDefinitionReferenceId\": \"Deny-OsAndDataDisk-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('osAndDataDiskCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0aa61e00-0a01-4a3c-9945-e93cffedf0e6\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerInstance-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerInstanceCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/81e74cea-30fd-40d5-802f-d72103c2aaaa\",\n                \"policyDefinitionReferenceId\": \"Deny-ADX-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adxCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec52d6d-beb7-40c4-9a9e-fe753254690e\",\n                \"policyDefinitionReferenceId\": \"Deny-Adf-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('adfCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a1ad735a-e96f-45d2-a7b2-9a4932cab7ec\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubNamespacesCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-Premium-CMK\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-Premium-CMK\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubPremiumCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/295fc8b1-dc9f-4f53-9c61-3f313ceab40a\",\n                \"policyDefinitionReferenceId\": \"Deny-Sb-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('serviceBusDenyCmk')]\"\n                    }\n                }\n            },\n            {\n              \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac01ad65-10e5-46df-bdd9-6b0cad13e1d2\",\n              \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Cmk\",\n              \"groupNames\": [],\n              \"parameters\": {\n                  \"effect\": {\n                      \"value\": \"[[parameters('sqlManagedCmk')]\"\n                  }\n              }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7c322315-e26d-4174-a99e-f49d351b4688\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Table-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageTableCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b5ec538c-daa0-4006-8596-35468b9148e8\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Encryption-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsEncryptionCmk')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e5abd0-2554-4736-b7c0-4ffef23475ef\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Queue-Cmk\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageQueueCmk')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#42": "{\n    \"name\": \"Enforce-ACSB\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce Azure Compute Security Benchmark compliance auditing\",\n        \"description\": \"Enforce Azure Compute Security Benchmark compliance auditing for Windows and Linux virtual machines.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Guest Configuration\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"includeArcMachines\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"true\",\n                    \"false\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Include Arc connected servers\",\n                    \"description\": \"By selecting this option, you agree to be charged monthly per Arc connected machine.\"\n                },\n                \"defaultValue\": \"true\"\n            },\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"AuditIfNotExists\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"GcIdentity\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"GcLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"GcWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WinAcsb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/72650e9f-97bc-4b2a-ab5f-9781a9fcecbc\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"IncludeArcMachines\": {\n                        \"value\": \"[[parameters('includeArcMachines')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"LinAcsb\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"IncludeArcMachines\": {\n                        \"value\": \"[[parameters('includeArcMachines')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#43": "{\n  \"name\": \"Deploy-MDFC-DefenderSQL-AMA\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"[Deprecated]: Configure SQL VM and Arc-enabled SQL Servers to install Microsoft Defender for SQL and AMA with a user-defined LAW\",\n    \"description\": \"Initiative is deprecated as the built-in initiative now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/de01d381-bae9-4670-8870-786f89f49e26.html\",\n    \"metadata\": {\n      \"version\": \"1.0.1-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"de01d381-bae9-4670-8870-786f89f49e26\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      },\n      \"userWorkspaceResourceId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace Resource Id\",\n          \"description\": \"Workspace resource Id of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n        \"type\": \"Boolean\",\n        \"metadata\": {\n          \"displayName\": \"Enable collection of SQL queries for security research\",\n          \"description\": \"Enable or disable the collection of SQL queries for security research.\"\n        },\n        \"allowedValues\": [\n          true,\n          false\n        ],\n        \"defaultValue\": false\n      },\n      \"identityResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Identity Resource Group\",\n          \"description\": \"The name of the resource group created by the policy.\"\n        },\n        \"defaultValue\": \"\"\n      },\n      \"userAssignedIdentityName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"User Assigned Managed Identity Name\",\n          \"description\": \"The name of the user assigned managed identity.\"\n        },\n        \"defaultValue\": \"\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcAma\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/3592ff98-9787-443a-af59-4505d0fe0786\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcMdsql\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/65503269-6a54-4553-8a28-0065a8e6d929\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcMdsqlDcr\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-Arc-Sql-DefenderSQL-DCR\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"userWorkspaceResourceId\": {\n            \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n            \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlArcDcrAssociation\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-Arc-SQL-DCR-Association\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlAma\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-AMA\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"identityResourceGroup\": {\n            \"value\": \"[[parameters('identityResourceGroup')]\"\n          },\n          \"userAssignedIdentityName\": {\n            \"value\": \"[[parameters('userAssignedIdentityName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlMdsql\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-DefenderSQL\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlMdsqlDcr\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MDFC-SQL-DefenderSQL-DCR\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"Disabled\"\n          },\n          \"userWorkspaceResourceId\": {\n            \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n          },\n          \"workspaceRegion\": {\n            \"value\": \"[[parameters('workspaceRegion')]\"\n          },\n          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n            \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n          },\n          \"dcrName\": {\n            \"value\": \"[[parameters('dcrName')]\"\n          },\n          \"dcrResourceGroup\": {\n            \"value\": \"[[parameters('dcrResourceGroup')]\"\n          },\n          \"dcrId\": {\n            \"value\": \"[[parameters('dcrId')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
+    "$fxv#44": "{\n    \"name\": \"Enforce-Backup\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce enhanced recovery and backup policies\",\n        \"description\": \"Enforce enhanced recovery and backup policies on assigned scopes.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Backup\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"version\": \"1.0.0\",\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy.\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\"\n            },\n            \"checkLockedImmutabilityOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"checkLockedImmutabilityOnly\",\n                    \"description\": \"This parameter checks if Immutability is locked for Backup Vaults in scope. Selecting 'true' will mark only vaults with Immutability 'Locked' as compliant. Selecting 'false' will mark vaults that have Immutability either 'Enabled' or 'Locked' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            },\n            \"checkAlwaysOnSoftDeleteOnly\": {\n                \"type\": \"Boolean\",\n                \"metadata\": {\n                    \"displayName\": \"CheckAlwaysOnSoftDeleteOnly\",\n                    \"description\": \"This parameter checks if Soft Delete is 'Locked' for Backup Vaults in scope. Selecting 'true' will mark only vaults with Soft Delete 'AlwaysOn' as compliant. Selecting 'false' will mark vaults that have Soft Delete either 'On' or 'AlwaysOn' as compliant.\"\n                },\n                \"allowedValues\": [\n                    true,\n                    false\n                ],\n                \"defaultValue\": false\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2514263b-bc0d-4b06-ac3e-f262c0979018\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabiltyOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-Immutability\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6f6f560-14b7-49a4-9fc8-d2c3a9807868\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkLockedImmutabilityOnly\": {\n                        \"value\": \"[[parameters('checkLockedImmutabilityOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-SoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/9798d31d-6028-4dee-8643-46102185c016\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkAlwaysOnSoftDeleteOnly\": {\n                        \"value\": \"[[parameters('checkAlwaysOnSoftDeleteOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-SoftDelete\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/31b8092a-36b8-434b-9af7-5ec844364148\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    },\n                    \"checkAlwaysOnSoftDeleteOnly\": {\n                        \"value\": \"[[parameters('checkAlwaysOnSoftDeleteOnly')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupBVault-MUA\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c58e083e-7982-4e24-afdc-be14d312389e\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"BackupRVault-MUA\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c7031eab-0fc0-4cd9-acd0-4497bd66d91a\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effect')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#45": "{\n  \"name\": \"Deny-PublicPaaSEndpoints\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that  Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registires with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-KeyVaultPaasPublicIP\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AFSPaasPublicIP\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#46": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
+    "$fxv#47": "{\n  \"name\": \"Deploy-MDFC-Config\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#48": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureWebPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureWebPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"Deploy-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Azure-File-Sync\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"Deploy-Private-DNS-Azure-Web\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Azure-Web\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureWebPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"Deploy-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Azure-KeyVault\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#49": "{\n  \"name\": \"Enforce-Encryption-CMK\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"MySQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure MySQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your MySQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"PostgreSQLCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure PostgreSQL servers bring your own key data protection should be enabled\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your PostgreSQL servers. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQLCMKEffect\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#5": "{\n    \"name\": \"Enforce-EncryptTransit_20240509\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit\",\n        \"description\": \"Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. \",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Encryption\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"replacesPolicy\": \"Enforce-EncryptTransit\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"AppServiceHttpEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below\",\n                    \"description\": \"Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceTlsVersionEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Appends the AppService WebApp, APIApp, Function App to enable https only\",\n                    \"description\": \"App Service. Appends the AppService sites object to ensure that  HTTPS only is enabled for  server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny.\"\n                }\n            },\n            \"AppServiceminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"App Service. Select version minimum TLS Web App config\",\n                    \"description\": \"App Service. Select version  minimum TLS version for a  Web App config to enforce\"\n                }\n            },\n            \"APIAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Latest TLS version should be used in your Function App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"FunctionServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"FunctionAppTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Function App. Configure Function apps to use the latest TLS version.\",\n                    \"description\": \"App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\"\n                },\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"LogicAppTlsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceLatestTlsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Latest TLS version should be used in your Web App\",\n                    \"description\": \"Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"AuditIfNotExists\",\n                \"allowedValues\": [\n                    \"AuditIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"WebAppServiceHttpsEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.\",\n                    \"description\": \"Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"AKSIngressHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"AKS Service. Enforce HTTPS ingress in Kubernetes cluster\",\n                    \"description\": \"This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"deny\",\n                \"allowedValues\": [\n                    \"audit\",\n                    \"deny\",\n                    \"disabled\"\n                ]\n            },\n            \"MySQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"MySQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers\",\n                    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"MySQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"MySQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"PostgreSQLEnableSSLDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"PostgreSQLEnableSSLEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers\",\n                    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"PostgreSQLminimalTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_0\",\n                    \"TLS1_1\",\n                    \"TLSEnforcementDisabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"PostgreSQL database servers. Select version minimum TLS for MySQL server\",\n                    \"description\": \"PostgreSQL database servers. Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n                }\n            },\n            \"RedisTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"Append\",\n                \"allowedValues\": [\n                    \"Append\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"RedisMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis\",\n                    \"description\": \"Select version  minimum TLS version for a Azure Cache for Redis to enforce\"\n                }\n            },\n            \"RedisTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled\",\n                    \"description\": \"Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"SQLManagedInstanceTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLManagedInstanceMinTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure Managed Instance.Select version minimum TLS for Azure Managed Instance\",\n                    \"description\": \"Select version  minimum TLS version for Azure Managed Instanceto to  enforce\"\n                }\n            },\n            \"SQLManagedInstanceTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"SQL Managed Instance should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"SQLServerTLSDeployEffect\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers\",\n                    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\"\n                }\n            },\n            \"SQLServerminTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"1.2\",\n                \"allowedValues\": [\n                    \"1.2\",\n                    \"1.0\",\n                    \"1.1\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database.Select version minimum TLS for Azure SQL Database\",\n                    \"description\": \"Select version  minimum TLS version for Azure SQL Database to enforce\"\n                }\n            },\n            \"SQLServerTLSEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure SQL Database should have the minimal TLS version of 1.2\",\n                    \"description\": \"Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\",\n                    \"Deny\"\n                ]\n            },\n            \"StorageDeployHttpsEnabledEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled\",\n                    \"description\": \"Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"StorageminimumTlsVersion\": {\n                \"type\": \"String\",\n                \"defaultValue\": \"TLS1_2\",\n                \"allowedValues\": [\n                    \"TLS1_2\",\n                    \"TLS1_1\",\n                    \"TLS1_0\"\n                ],\n                \"metadata\": {\n                    \"displayName\": \"Storage Account select minimum TLS version\",\n                    \"description\": \"Select version  minimum TLS version on Azure Storage Account to enforce\"\n                }\n            },\n            \"ContainerAppsHttpsOnlyEffect\": {\n                \"metadata\": {\n                    \"displayName\": \"Container Apps should only be accessible over HTTPS\",\n                    \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps.\"\n                },\n                \"type\": \"String\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"logicAppHttpsEffect\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"functionAppHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"appServiceAppSlotsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"containerAppsHttps\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"eventHubMinTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlManagedTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Audit\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Disabled\"\n                ]\n            },\n            \"sqlDbTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"storageAccountsTls\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            },\n            \"synapseTlsVersion\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ]\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceHttpEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceHttpEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AppServiceminTlsVersion\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AppServiceTlsVersionEffect')]\"\n                    },\n                    \"minTlsVersion\": {\n                        \"value\": \"[[parameters('AppServiceminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceLatestTlsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceLatestTlsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"APIAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('APIAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"FunctionServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"WebAppServiceHttpsEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('WebAppServiceHttpsEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"AKSIngressHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('AKSIngressHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"MySQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('MySQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('MySQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"PostgreSQLEnableSSLEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('PostgreSQLEnableSSLEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('PostgreSQLminimalTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisdisableNonSslPort\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSDeployEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"RedisDenyhttps\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('RedisTLSEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('RedisMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLManagedInstanceTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLManagedInstanceMinTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSDeployEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSDeployEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SQLServerTLSEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('SQLServerTLSEffect')]\"\n                    },\n                    \"minimalTlsVersion\": {\n                        \"value\": \"[[parameters('SQLServerminTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"StorageDeployHttpsEnabledEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('StorageDeployHttpsEnabledEffect')]\"\n                    },\n                    \"minimumTlsVersion\": {\n                        \"value\": \"[[parameters('StorageMinimumTlsVersion')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"ContainerAppsHttpsOnlyEffect\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('ContainerAppsHttpsOnlyEffect')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Dine-FunctionApp-Tls\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('FunctionAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionReferenceId\": \"Deploy-LogicApp-TLS\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('LogicAppTlsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https\",\n                \"policyDefinitionReferenceId\": \"Deny-LogicApp-Without-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('logicAppHttpsEffect')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063\",\n                \"policyDefinitionReferenceId\": \"Dine-Function-Apps-Slots-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d\",\n                \"policyDefinitionReferenceId\": \"Dine-AppService-Apps-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Apps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df\",\n                \"policyDefinitionReferenceId\": \"DINE-AppService-AppSlotTls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71\",\n                \"policyDefinitionReferenceId\": \"Deny-FuncAppSlots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\",\n                \"policyDefinitionReferenceId\": \"Deny-FunctionApp-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('functionAppHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc\",\n                \"policyDefinitionReferenceId\": \"Deny-AppService-Slots-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('appServiceAppSlotsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0e80e269-43a4-4ae9-b5bc-178126b8a5cb\",\n                \"policyDefinitionReferenceId\": \"Deny-ContainerApps-Https\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('containerAppsHttps')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS\",\n                \"policyDefinitionReferenceId\": \"Deny-EH-minTLS\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('eventHubMinTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Managed-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlManagedTlsVersion')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf\",\n                \"policyDefinitionReferenceId\": \"Deny-Sql-Db-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('sqlDbTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0\",\n                \"policyDefinitionReferenceId\": \"Deny-Storage-Tls\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('storageAccountsTls')]\"\n                    }\n                }\n            },\n            {\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4\",\n                \"policyDefinitionReferenceId\": \"Deny-Synapse-Tls-Version\",\n                \"groupNames\": [],\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('synapseTlsVersion')]\"\n                    }\n                }\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}\n",
+    "$fxv#50": "{\n  \"name\": \"Deny-PublicPaaSEndpoints\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Public network access should be disabled for PaaS services\",\n    \"description\": \"This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"CosmosPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for CosmosDB\",\n          \"description\": \"This policy denies that  Cosmos database accounts  are created with out public network access is disabled.\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"KeyVaultPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for KeyVault\",\n          \"description\": \"This policy denies creation of Key Vaults with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"SqlServerPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure SQL Database should be disabled\",\n          \"description\": \"This policy denies creation of Sql servers with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"StoragePublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access onStorage accounts should be disabled\",\n          \"description\": \"This policy denies creation of storage accounts with IP Firewall exposed to all public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AKSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on AKS API should be disabled\",\n          \"description\": \"This policy denies  the creation of  Azure Kubernetes Service non-private clusters\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"ACRPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure Container Registry disabled\",\n          \"description\": \"This policy denies the creation of Azure Container Registires with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"AFSPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access on Azure File Sync disabled\",\n          \"description\": \"This policy denies the creation of Azure File Sync instances with exposed public endpoints \"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"BatchPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure Batch Instances\",\n          \"description\": \"This policy denies creation of Azure Batch Instances with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"MariaDbPublicIpDenyEffect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Public network access should be disabled for Azure MariaDB\",\n          \"description\": \"This policy denies creation of Azure MariaDB with exposed public endpoints\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StoragePublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AKSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AFSDenyPaasPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AFSPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('BatchPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDbDenyPublicIP\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicEndpoint-MariaDB\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDbPublicIpDenyEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#51": "{\n  \"name\": \"Deploy-Diagnostics-LogAnalytics\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Diagnostic Settings to Azure Services\",\n    \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"metadata\": {\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"displayName\": \"Log Analytics workspace\",\n          \"strongType\": \"omsWorkspace\"\n        },\n        \"type\": \"String\"\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"ACILogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Instances to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy willset the diagnostic with all metrics enabled.\"\n        }\n      },\n      \"ACRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Container Registry to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Container Registry to stream to a Log Analytics workspace when any ACR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics  enabled.\"\n        }\n      },\n      \"AKSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Kubernetes Service to stream to a Log Analytics workspace when any Kubernetes Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AnalysisServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Analysis Services to stream to a Log Analytics workspace when any Analysis Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIforFHIRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure API for FHIR to stream to a Log Analytics workspace when any Azure API for FHIR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"APIMgmtLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for API Management to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for API Management to stream to a Log Analytics workspace when any API Management which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ApplicationGatewayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Application Gateway to stream to a Log Analytics workspace when any Application Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AutomationLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Automation to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Automation to stream to a Log Analytics workspace when any Automation which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BastionLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Bastion to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Bastion to stream to a Log Analytics workspace when any Bastion which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"BatchLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Batch to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Batch to stream to a Log Analytics workspace when any Batch which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CDNEndpointsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for CDN Endpoint to stream to a Log Analytics workspace when any CDN Endpoint which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CognitiveServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cognitive Services to stream to a Log Analytics workspace when any Cognitive Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"CosmosLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Cosmos DB to stream to a Log Analytics workspace when any Cosmos DB which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DatabricksLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Databricks to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Databricks to stream to a Log Analytics workspace when any Databricks which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataExplorerClusterLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Explorer Cluster to stream to a Log Analytics workspace when any Azure Data Explorer Cluster which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataFactoryLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Factory to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Factory to stream to a Log Analytics workspace when any Data Factory which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeStoreLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Data Lake Store to stream to a Log Analytics workspace when anyAzure Data Lake Store which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"DataLakeAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Data Lake Analytics to stream to a Log Analytics workspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridSubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid subscriptions to stream to a Log Analytics workspace when any Event Grid subscriptions which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventGridTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid Topic to stream to a Log Analytics workspace when any Event Grid Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Hubs to stream to a Log Analytics workspace when any Event Hubs which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"EventSystemTopicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Event Grid System Topic to stream to a Log Analytics workspace when any Event Grid System Topic which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ExpressRouteLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ExpressRoute to stream to a Log Analytics workspace when any ExpressRoute which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FirewallLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Firewall to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Firewall to stream to a Log Analytics workspace when any Firewall which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FrontDoorLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Front Door to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Front Door to stream to a Log Analytics workspace when any Front Door which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"FunctionAppLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Function App to stream to a Log Analytics workspace when any function app which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"HDInsightLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for HDInsight to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for HDInsight to stream to a Log Analytics workspace when any HDInsight which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"IotHubLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for IoT Hub to stream to a Log Analytics workspace when any IoT Hub which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"KeyVaultLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Key Vault to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Key Vault to stream to a Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LoadBalancerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Load Balancer to stream to a Log Analytics workspace when any Load Balancer which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsISELogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps integration service environment to stream to a Log Analytics workspace when any Logic Apps integration service environment which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"LogicAppsWFLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Logic Apps Workflows to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Logic Apps Workflows to stream to a Log Analytics workspace when any Logic Apps Workflows which are missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MariaDBLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for MariaDB to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for MariaDB to stream to a Log Analytics workspace when any MariaDB  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MediaServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Azure Media Service to stream to a Log Analytics workspace when any Azure Media Service which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MlWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Machine Learning workspace to stream to a Log Analytics workspace when any Machine Learning workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"MySQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for MySQL to stream to a Log Analytics workspace when any Database for MySQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkNICLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PostgreSQLLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Database for PostgreSQL to stream to a Log Analytics workspace when any Database for PostgreSQL which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"PowerBIEmbeddedLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Power BI Embedded to stream to a Log Analytics workspace when any Power BI Embedded which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"NetworkPublicIPNicLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Public IP addresses to stream to a Log Analytics workspace when any Public IP addresses which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RedisCacheLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Redis Cache to stream to a Log Analytics workspace when any Redis Cache which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"RelayLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Relay to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Relay to stream to a Log Analytics workspace when any Relay which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SearchServicesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Search Services to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Search Services to stream to a Log Analytics workspace when any Search Services which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"ServiceBusLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Service Bus namespaces  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for ServiceBus to stream to a Log Analytics workspace when any ServiceBus which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SignalRLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SignalR to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SignalR to stream to a Log Analytics workspace when any SignalR which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLDBsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Databases  to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Databases to stream to a Log Analytics workspace when any SQL Databases  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLElasticPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Elastic Pools to stream to a Log Analytics workspace when any SQL Elastic Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"SQLMLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for SQL Managed Instances to stream to a Log Analytics workspace when any SQL Managed Instances which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StreamAnalyticsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Stream Analytics to stream to a Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TimeSeriesInsightsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Time Series Insights to stream to a Log Analytics workspace when any Time Series Insights which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"TrafficManagerLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Traffic Manager to stream to a Log Analytics workspace when any Traffic Manager which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualNetworkLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VirtualMachinesLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VMSSLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Virtual Machine Scale Sets  to stream to a Log Analytics workspace when any Virtual Machine Scale Sets  which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VNetGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VPN Gateway to stream to a Log Analytics workspace when any VPN Gateway which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled.\"\n        }\n      },\n      \"AppServiceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for App Service Plan to stream to a Log Analytics workspace when any App Service Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"AppServiceWebappLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for App Service to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Web App to stream to a Log Analytics workspace when any Web App which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDAppGroupsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDWorkspaceLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"WVDHostPoolsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"StorageAccountsLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for Storage Accounts to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for Storage Accounts to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      },\n      \"VWanS2SVPNGWLogAnalyticsEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Deploy Diagnostic Settings for VWAN S2S VPN gateway to Log Analytics workspace\",\n          \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN gateway to stream to a Log Analytics workspace when any storage account which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"StorageAccountDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StorageAccountsLogAnalyticsEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDAppGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('WVDHostPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACIDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACILogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ACRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ACRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AKSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AKSLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AnalysisServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AnalysisServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIforFHIRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIforFHIRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"APIMgmtDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('APIMgmtLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ApplicationGatewayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AutomationDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AutomationLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BastionDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BastionLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"BatchDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('BatchLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CDNEndpointsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CDNEndpointsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DatabricksDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DatabricksLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataExplorerClusterLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataFactoryDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataFactoryLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeStoreDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeStoreLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('DataLakeAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridSubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridSubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventGridTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventGridTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EventSystemTopicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('EventSystemTopicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ExpressRouteDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ExpressRouteLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FirewallDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FirewallLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FrontDoorDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FrontDoorLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"FunctionAppDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('FunctionAppLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"HDInsightDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('HDInsightLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"IotHubDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('IotHubLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"KeyVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('KeyVaultLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LoadBalancerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LoadBalancerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsISEDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsISELogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"LogicAppsWFDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('LogicAppsWFLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MariaDBDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MariaDBLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MediaServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MediaServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MlWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MlWorkspaceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"MySQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('MySQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PostgreSQLDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PostgreSQLLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('PowerBIEmbeddedLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('NetworkPublicIPNicLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          },\n          \"metricsEnabled\": {\n            \"value\": \"True\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RecoveryVaultDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RedisCacheDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RedisCacheLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"RelayDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('RelayLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SearchServicesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SearchServicesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ServiceBusDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('ServiceBusLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SignalRDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SignalRLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLDatabaseDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLDBsLogAnalyticsEffect')]\"\n          },\n          \"diagnosticsSettingNameToUse\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLElasticPoolsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SQLMDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('SQLMLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TimeSeriesInsightsLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"TrafficManagerDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('TrafficManagerLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VMSSDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VMSSLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VNetGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VNetGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AppServiceWebappDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('AppServiceWebappLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"VWanS2SVPNGWDeployDiagnosticLogDeployLogAnalytics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW\",\n        \"parameters\": {\n          \"logAnalytics\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('VWanS2SVPNGWLogAnalyticsEffect')]\"\n          },\n          \"profileName\": {\n            \"value\": \"[[parameters('profileName')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
+    "$fxv#52": "{\n  \"name\": \"Deploy-MDFC-Config\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"description\": \"Deploy Microsoft Defender for Cloud configuration\",\n    \"metadata\": {\n      \"version\": \"3.0.1\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"emailSecurityContact\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Security contacts email address\",\n          \"description\": \"Provide email address for Microsoft Defender for Cloud contact details\"\n        }\n      },\n      \"minimalSeverity\": {\n        \"type\": \"string\",\n        \"allowedValues\": [\n          \"High\",\n          \"Medium\",\n          \"Low\"\n        ],\n        \"defaultValue\": \"High\",\n        \"metadata\": {\n          \"displayName\": \"Minimal severity\",\n          \"description\": \"Defines the minimal alert severity which will be sent as email notifications\"\n        }\n      },\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Primary Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"ascExportResourceGroupName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group name for the export to Log Analytics workspace configuration\",\n          \"description\": \"The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.\"\n        }\n      },\n      \"ascExportResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Group location for the export to Log Analytics workspace configuration\",\n          \"description\": \"The location where the resource group and the export to Log Analytics workspace configuration are created.\"\n        }\n      },\n      \"enableAscForSql\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForDns\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForArm\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForContainers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForStorage\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"enableAscForServers\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"defenderForVM\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForServers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForStorageAccounts\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/74c30959-af11-47b3-9ed2-a26e03f427a3\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForStorage')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForContainers\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForContainers')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForDns\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForDns')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForArm\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForArm')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"defenderForSqlPaas\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('enableAscForSql')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"securityEmailContact\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts\",\n        \"parameters\": {\n          \"emailSecurityContact\": {\n            \"value\": \"[[parameters('emailSecurityContact')]\"\n          },\n          \"minimalSeverity\":{\n            \"value\":\"[[parameters('minimalSeverity')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"ascExport\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9\",\n        \"parameters\": {\n          \"resourceGroupName\": {\n            \"value\": \"[[parameters('ascExportResourceGroupName')]\"\n          },\n          \"resourceGroupLocation\": {\n            \"value\": \"[[parameters('ascExportResourceGroupLocation')]\"\n          },\n          \"workspaceResourceId\": {\n            \"value\": \"[[parameters('logAnalytics')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#53": "{\n  \"name\": \"Deploy-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Configure Azure PaaS services to use private DNS zones\",\n    \"description\": \"This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"azureFilePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureFilePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureBatchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureBatchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAsrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAsrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureKeyVaultPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureKeyVaultPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureSignalRPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureSignalRPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAppServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAppServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridTopicsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridTopicsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureDiskAccessPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureDiskAccessPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveServicesPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveServicesPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureIotHubsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureIotHubsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventGridDomainsPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventGridDomainsPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureRedisCachePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureRedisCachePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureAcrPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureAcrPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureEventHubNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureEventHubNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureMachineLearningWorkspacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureMachineLearningWorkspacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureServiceBusNamespacePrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureServiceBusNamespacePrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"azureCognitiveSearchPrivateDnsZoneId\": {\n        \"type\": \"string\",\n        \"defaultValue\": \"\",\n        \"metadata\": {\n          \"displayName\": \"azureCognitiveSearchPrivateDnsZoneId\",\n          \"strongType\": \"Microsoft.Network/privateDnsZones\",\n          \"description\": \"Private DNS Zone Identifier\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"effect1\": {\n        \"type\": \"string\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"deployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"deployIfNotExists\"\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-File-Sync\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureFilePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Batch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureBatchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-App\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-Site-Recovery\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAsrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoT\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-KeyVault\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureKeyVaultPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-SignalR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureSignalRPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-AppServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAppServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridTopics\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridTopicsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-DiskAccess\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureDiskAccessPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveServices\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveServicesPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-IoTHubs\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureIotHubsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventGridDomains\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventGridDomainsPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect1')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-RedisCache\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureRedisCachePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ACR\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureAcrPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-EventHubNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureEventHubNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-MachineLearningWorkspace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-ServiceBusNamespace\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureServiceBusNamespacePrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DINE-Private-DNS-Azure-CognitiveSearch\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009\",\n        \"parameters\": {\n          \"privateDnsZoneId\": {\n            \"value\": \"[[parameters('azureCognitiveSearchPrivateDnsZoneId')]\"\n          },\n          \"effect\": {\n            \"value\": \"[[parameters('effect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}",
+    "$fxv#54": "{\n  \"name\": \"Enforce-Encryption-CMK\",\n  \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"displayName\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"description\": \"Deny or Audit resources without Encryption with a customer-managed key (CMK)\",\n    \"metadata\": {\n      \"version\": \"2.0.0\",\n      \"category\": \"Encryption\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"ACRCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Container registries should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of the contents of your registries. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/acr/CMK.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"AksCmkEffect\": {\n        \"metadata\": {\n          \"displayName\": \"Azure Kubernetes Service clusters both operating systems and data disks should be encrypted by customer-managed keys\",\n          \"description\": \"Encrypting OS and data disks using customer-managed keys provides more control and greater flexibility in key management. This is a common requirement in many regulatory and industry compliance standards.\"\n        },\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ]\n      },\n      \"WorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK)\",\n          \"description\": \"Manage encryption at rest of your Azure Machine Learning workspace data with customer-managed keys (CMK). By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/azureml-workspaces-cmk.\"\n        }\n      },\n      \"CognitiveServicesCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Cognitive Services accounts should enable data encryption with a customer-managed key (CMK)\",\n          \"description\": \"Customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"CosmosCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys (CMK) are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/cosmosdb-cmk.\"\n        }\n      },\n      \"DataBoxCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password\",\n          \"description\": \"Use a customer-managed key to control the encryption of the device unlock password for Azure Data Box. Customer-managed keys also help manage access to the device unlock password by the Data Box service in order to prepare the device and copy data in an automated manner. The data on the device itself is already encrypted at rest with Advanced Encryption Standard 256-bit encryption, and the device unlock password is encrypted by default with a Microsoft managed key.\"\n        }\n      },\n      \"StreamAnalyticsCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"audit\",\n        \"allowedValues\": [\n          \"audit\",\n          \"deny\",\n          \"disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Stream Analytics jobs should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys when you want to securely store any metadata and private data assets of your Stream Analytics jobs in your storage account. This gives you total control over how your Stream Analytics data is encrypted.\"\n        }\n      },\n      \"SynapseWorkspaceCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Synapse workspaces should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Use customer-managed keys to control the encryption at rest of the data stored in Azure Synapse workspaces. Customer-managed keys deliver double encryption by adding a second layer of encryption on top of the default encryption with service-managed keys.\"\n        }\n      },\n      \"StorageCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Storage accounts should use customer-managed key (CMK) for encryption, no deny as this would result in not able to create storage account because the first need of MSI for encryption\",\n          \"description\": \"Secure your storage account with greater flexibility using customer-managed keys (CMKs). When you specify a CMK, that key is used to protect and control access to the key that encrypts your data. Using CMKs provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.\"\n        }\n      },\n      \"SqlServerTDECMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n\t        \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"SQL servers should use customer-managed keys to encrypt data at rest\",\n          \"description\": \"Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.\"\n        }\n      },\n      \"AzureBatchCMKEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Audit\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Azure Batch account should use customer-managed keys to encrypt data\",\n          \"description\": \"Use customer-managed keys (CMKs) to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but CMKs are commonly required to meet regulatory compliance standards. CMKs enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about CMK encryption at https://aka.ms/Batch-CMK.\"\n        }\n      },\n      \"EncryptedVMDisksEffect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"AuditIfNotExists\",\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Disk encryption should be applied on virtual machines\",\n          \"description\": \"Virtual machines without an enabled disk encryption will be monitored by Azure Security Center as recommendations.\"\n        }\n      }\n    },\n    \"policyDefinitions\": [\n      {\n        \"policyDefinitionReferenceId\": \"ACRCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('ACRCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AksCmkDeny\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AksCmkEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"WorkspaceCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('WorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CognitiveServicesCMK\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CognitiveServicesCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"CosmosCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('CosmosCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"DataBoxCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('DataBoxCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StreamAnalyticsCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StreamAnalyticsCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SynapseWorkspaceCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SynapseWorkspaceCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"StorageCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('StorageCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"SqlServerTDECMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('SqlServerTDECMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"AzureBatchCMKEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('AzureBatchCMKEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      },\n      {\n        \"policyDefinitionReferenceId\": \"EncryptedVMDisksEffect\",\n        \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d\",\n        \"parameters\": {\n          \"effect\": {\n            \"value\": \"[[parameters('EncryptedVMDisksEffect')]\"\n          }\n        },\n        \"groupNames\": []\n      }\n    ],\n    \"policyDefinitionGroups\": null\n  }\n}\n",
+    "$fxv#6": "{\n    \"name\": \"Enforce-ALZ-Decomm\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n      \"policyType\": \"Custom\",\n      \"displayName\": \"Enforce policies in the Decommissioned Landing Zone\",\n      \"description\": \"Enforce policies in the Decommissioned Landing Zone.\",\n      \"metadata\": {\n        \"version\": \"1.0.0\",\n        \"category\": \"Decommissioned\",\n        \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n        \"alzCloudEnvironments\": [ \n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n        ]\n      },\n      \"parameters\": {\n        \"listOfResourceTypesAllowed\":{\n          \"type\": \"Array\",\n          \"defaultValue\": [],\n          \"metadata\": {\n            \"displayName\": \"Allowed resource types in the Decommissioned landing zone\",\n            \"description\": \"Allowed resource types in the Decommissioned landing zone, default is none.\",\n            \"strongType\": \"resourceTypes\"\n          }\n        }\n      },\n      \"policyDefinitions\": [\n        {\n          \"policyDefinitionReferenceId\": \"DecomDenyResources\",\n          \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c\",\n          \"parameters\": {\n            \"listOfResourceTypesAllowed\": {\n              \"value\": \"[[parameters('listOfResourceTypesAllowed')]\"\n            }\n          },\n          \"groupNames\": []\n        },\n        {\n            \"policyDefinitionReferenceId\": \"DecomShutdownMachines\",\n            \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown\",\n            \"parameters\": {},\n            \"groupNames\": []\n          }\n      ],\n      \"policyDefinitionGroups\": null\n    }\n  }\n  ",
+    "$fxv#7": "{\n    \"name\": \"Enforce-ALZ-Sandbox\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Enforce policies in the Sandbox Landing Zone\",\n        \"description\": \"Enforce policies in the Sandbox Landing Zone.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Sandbox\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"listOfResourceTypesNotAllowed\": {\n                \"type\": \"Array\",\n                \"defaultValue\": [],\n                \"metadata\": {\n                    \"displayName\": \"Not allowed resource types in the Sandbox landing zone\",\n                    \"description\": \"Not allowed resource types in the Sandbox landing zone, default is none.\",\n                    \"strongType\": \"resourceTypes\"\n                }\n            },\n            \"effectNotAllowedResources\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"effectDenyVnetPeering\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"SandboxNotAllowed\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectNotAllowedResources')]\"\n                      },\n                    \"listOfResourceTypesNotAllowed\": {\n                        \"value\": \"[[parameters('listOfResourceTypesNotAllowed')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"SandboxDenyVnetPeering\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-VNET-Peer-Cross-Sub\",\n                \"parameters\": {\n                    \"effect\": {\n                        \"value\": \"[[parameters('effectDenyVnetPeering')]\"\n                      }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#8": "{\n    \"name\": \"DenyAction-DeleteProtection\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"DenyAction Delete - Activity Log Settings and Diagnostic Settings\",\n        \"description\": \"Enforces DenyAction - Delete on Activity Log Settings and Diagnostic Settings.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Monitoring\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {},\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-DiagnosticSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"DenyActionDelete-ActivityLogSettings\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogs\",\n                \"parameters\": {},\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
+    "$fxv#9": "{\n    \"name\": \"Deploy-AUM-CheckUpdates\",\n    \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"displayName\": \"Configure periodic checking for missing system updates on azure virtual machines and Arc-enabled virtual machines\",\n        \"description\": \"Configure auto-assessment (every 24 hours) for OS updates. You can control the scope of assignment according to machine subscription, resource group, location or tag. Learn more about this for Windows: https://aka.ms/computevm-windowspatchassessmentmode, for Linux: https://aka.ms/computevm-linuxpatchassessmentmode.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Security Center\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"\n            ]\n        },\n        \"parameters\": {\n            \"assessmentMode\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Assessment mode\",\n                    \"description\": \"Assessment mode for the machines.\"\n                },\n                \"allowedValues\": [\n                    \"ImageDefault\",\n                    \"AutomaticByPlatform\"\n                ],\n                \"defaultValue\": \"AutomaticByPlatform\"\n            },\n            \"locations\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Machines locations\",\n                    \"description\": \"The list of locations from which machines need to be targeted.\",\n                    \"strongType\": \"location\"\n                },\n                \"defaultValue\": []\n            },\n            \"tagValues\": {\n                \"type\": \"Object\",\n                \"metadata\": {\n                    \"displayName\": \"Tags on machines\",\n                    \"description\": \"The list of tags that need to matched for getting target machines.\"\n                },\n                \"defaultValue\": {}\n            },\n            \"tagOperator\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Tag operator\",\n                    \"description\": \"Matching condition for resource tags\"\n                },\n                \"allowedValues\": [\n                    \"All\",\n                    \"Any\"\n                ],\n                \"defaultValue\": \"Any\"\n            }\n        },\n        \"policyDefinitions\": [\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmCheckUpdateWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Windows\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmCheckUpdateLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/59efceea-0c96-497e-a4a1-4eb2290dac15\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Linux\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmArcCheckUpdateWindows\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfea026e-043f-4ff4-9d1b-bf301ca7ff46\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Windows\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            },\n            {\n                \"policyDefinitionReferenceId\": \"azureUpdateManagerVmArcCheckUpdateLinux\",\n                \"policyDefinitionId\": \"/providers/Microsoft.Authorization/policyDefinitions/bfea026e-043f-4ff4-9d1b-bf301ca7ff46\",\n                \"parameters\": {\n                    \"assessmentMode\": {\n                        \"value\": \"[[parameters('assessmentMode')]\"\n                    },\n                    \"osType\": {\n                        \"value\": \"Linux\"\n                    },\n                    \"locations\": {\n                        \"value\": \"[[parameters('locations')]\"\n                    },\n                    \"tagValues\": {\n                        \"value\": \"[[parameters('tagValues')]\"\n                    },\n                    \"tagOperator\": {\n                        \"value\": \"[[parameters('tagOperator')]\"\n                    }\n                },\n                \"groupNames\": []\n            }\n        ],\n        \"policyDefinitionGroups\": null\n    }\n}",
     "cloudEnv": "[environment().name]",
     "defaultDeploymentLocationByCloudType": {
       "AzureCloud": "northeurope",
-      "AzureChinaCloud": "chinanorth3",
+      "AzureChinaCloud": "chinaeast2",
       "AzureUSGovernment": "usgovvirginia"
     },
     "templateVars": {
@@ -187,9 +168,7 @@
         "[variables('$fxv#21')]",
         "[variables('$fxv#22')]",
         "[variables('$fxv#23')]",
-        "[variables('$fxv#24')]"
-      ],
-      "AzureCloud": [
+        "[variables('$fxv#24')]",
         "[variables('$fxv#25')]",
         "[variables('$fxv#26')]",
         "[variables('$fxv#27')]",
@@ -200,7 +179,9 @@
         "[variables('$fxv#32')]",
         "[variables('$fxv#33')]",
         "[variables('$fxv#34')]",
-        "[variables('$fxv#35')]",
+        "[variables('$fxv#35')]"
+      ],
+      "AzureCloud": [
         "[variables('$fxv#36')]",
         "[variables('$fxv#37')]",
         "[variables('$fxv#38')]",
@@ -216,33 +197,14 @@
         "[variables('$fxv#46')]",
         "[variables('$fxv#47')]",
         "[variables('$fxv#48')]",
-        "[variables('$fxv#49')]",
+        "[variables('$fxv#49')]"
+      ],
+      "AzureUSGovernment": [
         "[variables('$fxv#50')]",
         "[variables('$fxv#51')]",
         "[variables('$fxv#52')]",
         "[variables('$fxv#53')]",
-        "[variables('$fxv#54')]",
-        "[variables('$fxv#55')]",
-        "[variables('$fxv#56')]",
-        "[variables('$fxv#57')]",
-        "[variables('$fxv#58')]"
-      ],
-      "AzureUSGovernment": [
-        "[variables('$fxv#59')]",
-        "[variables('$fxv#60')]",
-        "[variables('$fxv#61')]",
-        "[variables('$fxv#62')]",
-        "[variables('$fxv#63')]",
-        "[variables('$fxv#64')]",
-        "[variables('$fxv#65')]",
-        "[variables('$fxv#66')]",
-        "[variables('$fxv#67')]",
-        "[variables('$fxv#68')]",
-        "[variables('$fxv#69')]",
-        "[variables('$fxv#70')]",
-        "[variables('$fxv#71')]",
-        "[variables('$fxv#72')]",
-        "[variables('$fxv#73')]"
+        "[variables('$fxv#54')]"
       ]
     },
     "policySetDefinitionsByCloudType": {
diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/policies.json b/eslzArm/managementGroupTemplates/policyDefinitions/policies.json
index 5f6ce42667..9c86608a2d 100644
--- a/eslzArm/managementGroupTemplates/policyDefinitions/policies.json
+++ b/eslzArm/managementGroupTemplates/policyDefinitions/policies.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.22.6.54827",
-      "templateHash": "4944830583225163484"
+      "version": "0.29.47.4906",
+      "templateHash": "49176136240050651"
     }
   },
   "parameters": {
@@ -84,64 +84,64 @@
     "$fxv#102": "{\n  \"name\": \"Deploy-SqlMi-minTLS\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"SQL managed instances deploy a specific min TLS version requirement.\",\n    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on SQL managed instances. Enables secure server to client by enforce  minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\n    \"metadata\": {\n      \"version\": \"1.2.0\",\n      \"category\": \"SQL\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect SQL servers\",\n          \"description\": \"Enable or disable the execution of the policy minimum TLS version SQL servers\"\n        }\n      },\n      \"minimalTlsVersion\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"1.2\",\n        \"allowedValues\": [\n          \"1.2\",\n          \"1.1\",\n          \"1.0\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Select version for SQL server\",\n          \"description\": \"Select version minimum TLS version SQL servers to enforce\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Sql/managedInstances\"\n          },\n          {\n            \"field\": \"Microsoft.Sql/managedInstances/minimalTlsVersion\",\n            \"notequals\": \"[[parameters('minimalTlsVersion')]\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Sql/managedInstances\",\n          \"evaluationDelay\": \"AfterProvisioningSuccess\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Sql/managedInstances/minimalTlsVersion\",\n                \"equals\": \"[[parameters('minimalTlsVersion')]\"\n              }\n            ]\n          },\n          \"name\": \"current\",\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d\"\n          ],\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"template\": {\n                \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"resourceName\": {\n                    \"type\": \"String\"\n                  },\n                  \"minimalTlsVersion\": {\n                    \"type\": \"String\"\n                  },\n                  \"location\": {\n                    \"type\": \"String\"\n                  }\n                },\n                \"variables\": {},\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.Sql/managedInstances\",\n                    \"apiVersion\": \"2020-02-02-preview\",\n                    \"name\": \"[[concat(parameters('resourceName'))]\",\n                    \"location\": \"[[parameters('location')]\",\n                    \"properties\": {\n                      \"minimalTlsVersion\": \"[[parameters('minimalTlsVersion')]\"\n                    }\n                  }\n                ],\n                \"outputs\": {}\n              },\n              \"parameters\": {\n                \"resourceName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"minimalTlsVersion\": {\n                  \"value\": \"[[parameters('minimalTlsVersion')]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
     "$fxv#103": "{\n  \"name\": \"Deploy-Storage-sslEnforcement\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Azure Storage deploy a specific min TLS version requirement and enforce SSL/HTTPS \",\n    \"description\": \"Deploy a specific min TLS version requirement and enforce SSL on Azure Storage. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your Azure Storage.\",\n    \"metadata\": {\n      \"version\": \"1.2.0\",\n      \"category\": \"Storage\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect Azure Storage\",\n          \"description\": \"Enable or disable the execution of the policy minimum TLS version Azure STorage\"\n        }\n      },\n      \"minimumTlsVersion\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"TLS1_2\",\n        \"allowedValues\": [\n          \"TLS1_2\",\n          \"TLS1_1\",\n          \"TLS1_0\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Select TLS version for Azure Storage server\",\n          \"description\": \"Select version minimum TLS version Azure STorage to enforce\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Storage/storageAccounts\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\n                \"notEquals\": \"true\"\n              },\n              {\n                \"field\": \"Microsoft.Storage/storageAccounts/minimumTlsVersion\",\n                \"notEquals\": \"[[parameters('minimumTlsVersion')]\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Storage/storageAccounts\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly\",\n                \"equals\": \"true\"\n              },\n              {\n                \"field\": \"Microsoft.Storage/storageAccounts/minimumTlsVersion\",\n                \"equals\": \"[[parameters('minimumTlsVersion')]\"\n              }\n            ]\n          },\n          \"name\": \"current\",\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab\"\n          ],\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"template\": {\n                \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"resourceName\": {\n                    \"type\": \"String\"\n                  },\n                  \"minimumTlsVersion\": {\n                    \"type\": \"String\"\n                  },\n                  \"location\": {\n                    \"type\": \"String\"\n                  }\n                },\n                \"variables\": {},\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.Storage/storageAccounts\",\n                    \"apiVersion\": \"2019-06-01\",\n                    \"name\": \"[[concat(parameters('resourceName'))]\",\n                    \"location\": \"[[parameters('location')]\",\n                    \"properties\": {\n                      \"supportsHttpsTrafficOnly\": true,\n                      \"minimumTlsVersion\": \"[[parameters('minimumTlsVersion')]\"\n                    }\n                  }\n                ],\n                \"outputs\": {}\n              },\n              \"parameters\": {\n                \"resourceName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"minimumTlsVersion\": {\n                  \"value\": \"[[parameters('minimumTlsVersion')]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
     "$fxv#104": "{\n  \"name\": \"Deploy-VNET-HubSpoke\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"All\",\n    \"displayName\": \"Deploy Virtual Network with peering to the hub\",\n    \"description\": \"This policy deploys virtual network and peer to the hub\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"vNetName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"vNetName\",\n          \"description\": \"Name of the landing zone vNet\"\n        }\n      },\n      \"vNetRgName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"vNetRgName\",\n          \"description\": \"Name of the landing zone vNet RG\"\n        }\n      },\n      \"vNetLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"vNetLocation\",\n          \"description\": \"Location for the vNet\"\n        }\n      },\n      \"vNetCidrRange\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"vNetCidrRange\",\n          \"description\": \"CIDR Range for the vNet\"\n        }\n      },\n      \"hubResourceId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"hubResourceId\",\n          \"description\": \"Resource ID for the HUB vNet\"\n        }\n      },\n      \"dnsServers\": {\n        \"type\": \"Array\",\n        \"metadata\": {\n          \"displayName\": \"DNSServers\",\n          \"description\": \"Default domain servers for the vNET.\"\n        },\n        \"defaultValue\": []\n      },\n      \"vNetPeerUseRemoteGateway\": {\n        \"type\": \"Boolean\",\n        \"metadata\": {\n          \"displayName\": \"vNetPeerUseRemoteGateway\",\n          \"description\": \"Enable gateway transit for the LZ network\"\n        },\n        \"defaultValue\": false\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Resources/subscriptions\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"deployIfNotExists\",\n        \"details\": {\n          \"type\": \"Microsoft.Network/virtualNetworks\",\n          \"name\": \"[[parameters('vNetName')]\",\n          \"deploymentScope\": \"subscription\",\n          \"existenceScope\": \"resourceGroup\",\n          \"ResourceGroupName\": \"[[parameters('vNetRgName')]\",\n          \"roleDefinitionIds\": [\n            \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n          ],\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"name\",\n                \"like\": \"[[parameters('vNetName')]\"\n              },\n              {\n                \"field\": \"location\",\n                \"equals\": \"[[parameters('vNetLocation')]\"\n              }\n            ]\n          },\n          \"deployment\": {\n            \"location\": \"northeurope\",\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"parameters\": {\n                \"vNetRgName\": {\n                  \"value\": \"[[parameters('vNetRgName')]\"\n                },\n                \"vNetName\": {\n                  \"value\": \"[[parameters('vNetName')]\"\n                },\n                \"vNetLocation\": {\n                  \"value\": \"[[parameters('vNetLocation')]\"\n                },\n                \"vNetCidrRange\": {\n                  \"value\": \"[[parameters('vNetCidrRange')]\"\n                },\n                \"hubResourceId\": {\n                  \"value\": \"[[parameters('hubResourceId')]\"\n                },\n                \"dnsServers\": {\n                  \"value\": \"[[parameters('dnsServers')]\"\n                },\n                \"vNetPeerUseRemoteGateway\": {\n                  \"value\": \"[[parameters('vNetPeerUseRemoteGateway')]\"\n                }\n              },\n              \"template\": {\n                \"$schema\": \"http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"vNetRgName\": {\n                    \"type\": \"String\"\n                  },\n                  \"vNetName\": {\n                    \"type\": \"String\"\n                  },\n                  \"vNetLocation\": {\n                    \"type\": \"String\"\n                  },\n                  \"vNetCidrRange\": {\n                    \"type\": \"String\"\n                  },\n                  \"vNetPeerUseRemoteGateway\": {\n                    \"type\": \"bool\",\n                    \"defaultValue\": false\n                  },\n                  \"hubResourceId\": {\n                    \"type\": \"String\"\n                  },\n                  \"dnsServers\": {\n                    \"type\": \"Array\",\n                    \"defaultValue\": []\n                  }\n                },\n                \"variables\": {},\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"apiVersion\": \"2021-04-01\",\n                    \"name\": \"[[concat('alz-vnet-rg-', parameters('vNetLocation'), '-', substring(uniqueString(subscription().id),0,6))]\",\n                    \"location\": \"[[parameters('vNetLocation')]\",\n                    \"dependsOn\": [],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {},\n                        \"variables\": {},\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.Resources/resourceGroups\",\n                            \"apiVersion\": \"2021-04-01\",\n                            \"name\": \"[[parameters('vNetRgName')]\",\n                            \"location\": \"[[parameters('vNetLocation')]\",\n                            \"properties\": {}\n                          }\n                        ],\n                        \"outputs\": {}\n                      }\n                    }\n                  },\n                  {\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"apiVersion\": \"2021-04-01\",\n                    \"name\": \"[[concat('alz-vnet-', parameters('vNetLocation'), '-', substring(uniqueString(subscription().id),0,6))]\",\n                    \"dependsOn\": [\n                      \"[[concat('alz-vnet-rg-', parameters('vNetLocation'), '-', substring(uniqueString(subscription().id),0,6))]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {},\n                        \"variables\": {},\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.Network/virtualNetworks\",\n                            \"apiVersion\": \"2021-02-01\",\n                            \"name\": \"[[parameters('vNetName')]\",\n                            \"location\": \"[[parameters('vNetLocation')]\",\n                            \"dependsOn\": [],\n                            \"properties\": {\n                              \"addressSpace\": {\n                                \"addressPrefixes\": [\n                                  \"[[parameters('vNetCidrRange')]\"\n                                ]\n                              },\n                              \"dhcpOptions\": {\n                                \"dnsServers\": \"[[parameters('dnsServers')]\"\n                              }\n                            }\n                          },\n                          {\n                            \"type\": \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\",\n                            \"apiVersion\": \"2021-02-01\",\n                            \"name\": \"[[concat(parameters('vNetName'), '/peerToHub')]\",\n                            \"dependsOn\": [\n                              \"[[parameters('vNetName')]\"\n                            ],\n                            \"properties\": {\n                              \"remoteVirtualNetwork\": {\n                                \"id\": \"[[parameters('hubResourceId')]\"\n                              },\n                              \"allowVirtualNetworkAccess\": true,\n                              \"allowForwardedTraffic\": true,\n                              \"allowGatewayTransit\": false,\n                              \"useRemoteGateways\": \"[[parameters('vNetPeerUseRemoteGateway')]\"\n                            }\n                          },\n                          {\n                            \"type\": \"Microsoft.Resources/deployments\",\n                            \"apiVersion\": \"2021-04-01\",\n                            \"name\": \"[[concat('alz-hub-peering-', parameters('vNetLocation'), '-', substring(uniqueString(subscription().id),0,6))]\",\n                            \"subscriptionId\": \"[[split(parameters('hubResourceId'),'/')[2]]\",\n                            \"resourceGroup\": \"[[split(parameters('hubResourceId'),'/')[4]]\",\n                            \"dependsOn\": [\n                              \"[[parameters('vNetName')]\"\n                            ],\n                            \"properties\": {\n                              \"mode\": \"Incremental\",\n                              \"expressionEvaluationOptions\": {\n                                \"scope\": \"inner\"\n                              },\n                              \"template\": {\n                                \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                                \"contentVersion\": \"1.0.0.0\",\n                                \"parameters\": {\n                                  \"remoteVirtualNetwork\": {\n                                    \"type\": \"String\",\n                                    \"defaultValue\": false\n                                  },\n                                  \"hubName\": {\n                                    \"type\": \"String\",\n                                    \"defaultValue\": false\n                                  }\n                                },\n                                \"variables\": {},\n                                \"resources\": [\n                                  {\n                                    \"type\": \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\",\n                                    \"name\": \"[[[concat(parameters('hubName'),'/',last(split(parameters('remoteVirtualNetwork'),'/')))]\",\n                                    \"apiVersion\": \"2021-02-01\",\n                                    \"properties\": {\n                                      \"allowVirtualNetworkAccess\": true,\n                                      \"allowForwardedTraffic\": true,\n                                      \"allowGatewayTransit\": true,\n                                      \"useRemoteGateways\": false,\n                                      \"remoteVirtualNetwork\": {\n                                        \"id\": \"[[[parameters('remoteVirtualNetwork')]\"\n                                      }\n                                    }\n                                  }\n                                ],\n                                \"outputs\": {}\n                              },\n                              \"parameters\": {\n                                \"remoteVirtualNetwork\": {\n                                  \"value\": \"[[concat(subscription().id,'/resourceGroups/',parameters('vNetRgName'), '/providers/','Microsoft.Network/virtualNetworks/', parameters('vNetName'))]\"\n                                },\n                                \"hubName\": {\n                                  \"value\": \"[[split(parameters('hubResourceId'),'/')[8]]\"\n                                }\n                              }\n                            }\n                          }\n                        ],\n                        \"outputs\": {}\n                      }\n                    },\n                    \"resourceGroup\": \"[[parameters('vNetRgName')]\"\n                  }\n                ],\n                \"outputs\": {}\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
-    "$fxv#105": "{\n  \"name\": \"Deploy-Windows-DomainJoin\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deploy Windows Domain Join Extension with keyvault configuration\",\n    \"description\": \"Deploy Windows Domain Join Extension with keyvault configuration when the extension does not exist on a given windows Virtual Machine\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Guest Configuration\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"domainUsername\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"domainUsername\"\n        }\n      },\n      \"domainPassword\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"domainPassword\"\n        }\n      },\n      \"domainFQDN\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"domainFQDN\"\n        }\n      },\n      \"domainOUPath\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"domainOUPath\"\n        }\n      },\n      \"keyVaultResourceId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"keyVaultResourceId\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Compute/virtualMachines\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/imagePublisher\",\n            \"equals\": \"MicrosoftWindowsServer\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/imageOffer\",\n            \"equals\": \"WindowsServer\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/imageSKU\",\n            \"in\": [\n              \"2008-R2-SP1\",\n              \"2008-R2-SP1-smalldisk\",\n              \"2008-R2-SP1-zhcn\",\n              \"2012-Datacenter\",\n              \"2012-datacenter-gensecond\",\n              \"2012-Datacenter-smalldisk\",\n              \"2012-datacenter-smalldisk-g2\",\n              \"2012-Datacenter-zhcn\",\n              \"2012-datacenter-zhcn-g2\",\n              \"2012-R2-Datacenter\",\n              \"2012-r2-datacenter-gensecond\",\n              \"2012-R2-Datacenter-smalldisk\",\n              \"2012-r2-datacenter-smalldisk-g2\",\n              \"2012-R2-Datacenter-zhcn\",\n              \"2012-r2-datacenter-zhcn-g2\",\n              \"2016-Datacenter\",\n              \"2016-datacenter-gensecond\",\n              \"2016-datacenter-gs\",\n              \"2016-Datacenter-Server-Core\",\n              \"2016-datacenter-server-core-g2\",\n              \"2016-Datacenter-Server-Core-smalldisk\",\n              \"2016-datacenter-server-core-smalldisk-g2\",\n              \"2016-Datacenter-smalldisk\",\n              \"2016-datacenter-smalldisk-g2\",\n              \"2016-Datacenter-with-Containers\",\n              \"2016-datacenter-with-containers-g2\",\n              \"2016-Datacenter-with-RDSH\",\n              \"2016-Datacenter-zhcn\",\n              \"2016-datacenter-zhcn-g2\",\n              \"2019-Datacenter\",\n              \"2019-Datacenter-Core\",\n              \"2019-datacenter-core-g2\",\n              \"2019-Datacenter-Core-smalldisk\",\n              \"2019-datacenter-core-smalldisk-g2\",\n              \"2019-Datacenter-Core-with-Containers\",\n              \"2019-datacenter-core-with-containers-g2\",\n              \"2019-Datacenter-Core-with-Containers-smalldisk\",\n              \"2019-datacenter-core-with-containers-smalldisk-g2\",\n              \"2019-datacenter-gensecond\",\n              \"2019-datacenter-gs\",\n              \"2019-Datacenter-smalldisk\",\n              \"2019-datacenter-smalldisk-g2\",\n              \"2019-Datacenter-with-Containers\",\n              \"2019-datacenter-with-containers-g2\",\n              \"2019-Datacenter-with-Containers-smalldisk\",\n              \"2019-datacenter-with-containers-smalldisk-g2\",\n              \"2019-Datacenter-zhcn\",\n              \"2019-datacenter-zhcn-g2\",\n              \"Datacenter-Core-1803-with-Containers-smalldisk\",\n              \"datacenter-core-1803-with-containers-smalldisk-g2\",\n              \"Datacenter-Core-1809-with-Containers-smalldisk\",\n              \"datacenter-core-1809-with-containers-smalldisk-g2\",\n              \"Datacenter-Core-1903-with-Containers-smalldisk\",\n              \"datacenter-core-1903-with-containers-smalldisk-g2\",\n              \"datacenter-core-1909-with-containers-smalldisk\",\n              \"datacenter-core-1909-with-containers-smalldisk-g1\",\n              \"datacenter-core-1909-with-containers-smalldisk-g2\"\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n          \"roleDefinitionIds\": [\n            \"/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\n          ],\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\n                \"equals\": \"JsonADDomainExtension\"\n              },\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\n                \"equals\": \"Microsoft.Compute\"\n              }\n            ]\n          },\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"parameters\": {\n                \"vmName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"domainUsername\": {\n                  \"reference\": {\n                    \"keyVault\": {\n                      \"id\": \"[[parameters('keyVaultResourceId')]\"\n                    },\n                    \"secretName\": \"[[parameters('domainUsername')]\"\n                  }\n                },\n                \"domainPassword\": {\n                  \"reference\": {\n                    \"keyVault\": {\n                      \"id\": \"[[parameters('keyVaultResourceId')]\"\n                    },\n                    \"secretName\": \"[[parameters('domainPassword')]\"\n                  }\n                },\n                \"domainOUPath\": {\n                  \"value\": \"[[parameters('domainOUPath')]\"\n                },\n                \"domainFQDN\": {\n                  \"value\": \"[[parameters('domainFQDN')]\"\n                },\n                \"keyVaultResourceId\": {\n                  \"value\": \"[[parameters('keyVaultResourceId')]\"\n                }\n              },\n              \"template\": {\n                \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"vmName\": {\n                    \"type\": \"String\"\n                  },\n                  \"location\": {\n                    \"type\": \"String\"\n                  },\n                  \"domainUsername\": {\n                    \"type\": \"String\"\n                  },\n                  \"domainPassword\": {\n                    \"type\": \"securestring\"\n                  },\n                  \"domainFQDN\": {\n                    \"type\": \"String\"\n                  },\n                  \"domainOUPath\": {\n                    \"type\": \"String\"\n                  },\n                  \"keyVaultResourceId\": {\n                    \"type\": \"String\"\n                  }\n                },\n                \"variables\": {\n                  \"domainJoinOptions\": 3,\n                  \"vmName\": \"[[parameters('vmName')]\"\n                },\n                \"resources\": [\n                  {\n                    \"apiVersion\": \"2015-06-15\",\n                    \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n                    \"name\": \"[[concat(variables('vmName'),'/joindomain')]\",\n                    \"location\": \"[[resourceGroup().location]\",\n                    \"properties\": {\n                      \"publisher\": \"Microsoft.Compute\",\n                      \"type\": \"JsonADDomainExtension\",\n                      \"typeHandlerVersion\": \"1.3\",\n                      \"autoUpgradeMinorVersion\": true,\n                      \"settings\": {\n                        \"Name\": \"[[parameters('domainFQDN')]\",\n                        \"User\": \"[[parameters('domainUserName')]\",\n                        \"Restart\": \"true\",\n                        \"Options\": \"[[variables('domainJoinOptions')]\",\n                        \"OUPath\": \"[[parameters('domainOUPath')]\"\n                      },\n                      \"protectedSettings\": {\n                        \"Password\": \"[[parameters('domainPassword')]\"\n                      }\n                    }\n                  }\n                ],\n                \"outputs\": {}\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
-    "$fxv#106": "{\n  \"name\": \"Deploy-Diagnostics-VWanS2SVPNGW\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings for VWAN S2S VPN Gateway to Log Analytics workspace\",\n    \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN Gateway to stream to a Log Analytics workspace when any VWAN S2S VPN Gateway which is missing this diagnostic settings is created or updated. This policy is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n    \"metadata\": {\n      \"deprecated\": true,\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"metricsEnabled\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"True\",\n        \"allowedValues\": [\n          \"True\",\n          \"False\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Enable metrics\",\n          \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\n        }\n      },\n      \"logsEnabled\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"True\",\n        \"allowedValues\": [\n          \"True\",\n          \"False\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Enable logs\",\n          \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"field\": \"type\",\n        \"equals\": \"Microsoft.Network/vpnGateways\"\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Insights/diagnosticSettings\",\n          \"name\": \"[[parameters('profileName')]\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n                \"equals\": \"true\"\n              },\n              {\n                \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\n                \"equals\": \"true\"\n              },\n              {\n                \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n                \"equals\": \"[[parameters('logAnalytics')]\"\n              }\n            ]\n          },\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n            \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n          ],\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"template\": {\n                \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"resourceName\": {\n                    \"type\": \"String\"\n                  },\n                  \"logAnalytics\": {\n                    \"type\": \"String\"\n                  },\n                  \"location\": {\n                    \"type\": \"String\"\n                  },\n                  \"profileName\": {\n                    \"type\": \"String\"\n                  },\n                  \"metricsEnabled\": {\n                    \"type\": \"String\"\n                  },\n                  \"logsEnabled\": {\n                    \"type\": \"String\"\n                  }\n                },\n                \"variables\": {},\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.Network/vpnGateways/providers/diagnosticSettings\",\n                    \"apiVersion\": \"2017-05-01-preview\",\n                    \"name\": \"[[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n                    \"location\": \"[[parameters('location')]\",\n                    \"dependsOn\": [],\n                    \"properties\": {\n                      \"workspaceId\": \"[[parameters('logAnalytics')]\",\n                      \"metrics\": [\n                        {\n                          \"category\": \"AllMetrics\",\n                          \"enabled\": \"[[parameters('metricsEnabled')]\",\n                          \"retentionPolicy\": {\n                            \"days\": 0,\n                            \"enabled\": false\n                          },\n                          \"timeGrain\": null\n                        }\n                      ],\n                      \"logs\": [\n                        {\n                          \"category\": \"GatewayDiagnosticLog\",\n                          \"enabled\": \"[[parameters('logsEnabled')]\"\n                        },\n                        {\n                          \"category\": \"IKEDiagnosticLog\",\n                          \"enabled\": \"[[parameters('logsEnabled')]\"\n                        },\n                        {\n                          \"category\": \"RouteDiagnosticLog\",\n                          \"enabled\": \"[[parameters('logsEnabled')]\"\n                        },\n                        {\n                          \"category\": \"TunnelDiagnosticLog\",\n                          \"enabled\": \"[[parameters('logsEnabled')]\"\n                        }\n                      ]\n                    }\n                  }\n                ],\n                \"outputs\": {}\n              },\n              \"parameters\": {\n                \"logAnalytics\": {\n                  \"value\": \"[[parameters('logAnalytics')]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"resourceName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"profileName\": {\n                  \"value\": \"[[parameters('profileName')]\"\n                },\n                \"metricsEnabled\": {\n                  \"value\": \"[[parameters('metricsEnabled')]\"\n                },\n                \"logsEnabled\": {\n                  \"value\": \"[[parameters('logsEnabled')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}",
-    "$fxv#107": "{\n    \"name\": \"Audit-PrivateLinkDnsZones\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,    \n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"Indexed\",\n        \"displayName\": \"Audit or Deny the creation of Private Link Private DNS Zones\",\n        \"description\": \"This policy audits or denies, depending on assignment effect, the creation of a Private Link Private DNS Zones in the current scope, used in combination with policies that create centralized private DNS in connectivity subscription\",\n        \"metadata\": {\n            \"version\": \"1.0.2\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"privateLinkDnsZones\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Private Link Private DNS Zones\",\n                    \"description\": \"An array of Private Link Private DNS Zones to check for the existence of in the assigned scope.\"\n                },\n                \"defaultValue\": [\n                    \"privatelink.adf.azure.com\",\n                    \"privatelink.afs.azure.net\",\n                    \"privatelink.agentsvc.azure-automation.net\",\n                    \"privatelink.analysis.windows.net\",\n                    \"privatelink.api.azureml.ms\",\n                    \"privatelink.azconfig.io\",\n                    \"privatelink.azure-api.net\",\n                    \"privatelink.azure-automation.net\",\n                    \"privatelink.azurecr.io\",\n                    \"privatelink.azure-devices.net\",\n                    \"privatelink.azure-devices-provisioning.net\",\n                    \"privatelink.azuredatabricks.net\",\n                    \"privatelink.azurehdinsight.net\",\n                    \"privatelink.azurehealthcareapis.com\",\n                    \"privatelink.azurestaticapps.net\",\n                    \"privatelink.azuresynapse.net\",\n                    \"privatelink.azurewebsites.net\",\n                    \"privatelink.batch.azure.com\",\n                    \"privatelink.blob.core.windows.net\",\n                    \"privatelink.cassandra.cosmos.azure.com\",\n                    \"privatelink.cognitiveservices.azure.com\",\n                    \"privatelink.database.windows.net\",\n                    \"privatelink.datafactory.azure.net\",\n                    \"privatelink.dev.azuresynapse.net\",\n                    \"privatelink.dfs.core.windows.net\",\n                    \"privatelink.dicom.azurehealthcareapis.com\",\n                    \"privatelink.digitaltwins.azure.net\",\n                    \"privatelink.directline.botframework.com\",\n                    \"privatelink.documents.azure.com\",\n                    \"privatelink.eventgrid.azure.net\",\n                    \"privatelink.file.core.windows.net\",\n                    \"privatelink.gremlin.cosmos.azure.com\",\n                    \"privatelink.guestconfiguration.azure.com\",\n                    \"privatelink.his.arc.azure.com\",\n                    \"privatelink.kubernetesconfiguration.azure.com\",\n                    \"privatelink.managedhsm.azure.net\",\n                    \"privatelink.mariadb.database.azure.com\",\n                    \"privatelink.media.azure.net\",\n                    \"privatelink.mongo.cosmos.azure.com\",\n                    \"privatelink.monitor.azure.com\",\n                    \"privatelink.mysql.database.azure.com\",\n                    \"privatelink.notebooks.azure.net\",\n                    \"privatelink.ods.opinsights.azure.com\",\n                    \"privatelink.oms.opinsights.azure.com\",\n                    \"privatelink.pbidedicated.windows.net\",\n                    \"privatelink.postgres.database.azure.com\",\n                    \"privatelink.prod.migration.windowsazure.com\",\n                    \"privatelink.purview.azure.com\",\n                    \"privatelink.purviewstudio.azure.com\",\n                    \"privatelink.queue.core.windows.net\",\n                    \"privatelink.redis.cache.windows.net\",\n                    \"privatelink.redisenterprise.cache.azure.net\",\n                    \"privatelink.search.windows.net\",\n                    \"privatelink.service.signalr.net\",\n                    \"privatelink.servicebus.windows.net\",\n                    \"privatelink.siterecovery.windowsazure.com\",\n                    \"privatelink.sql.azuresynapse.net\",\n                    \"privatelink.table.core.windows.net\",\n                    \"privatelink.table.cosmos.azure.com\",\n                    \"privatelink.tip1.powerquery.microsoft.com\",\n                    \"privatelink.token.botframework.com\",\n                    \"privatelink.vaultcore.azure.net\",\n                    \"privatelink.web.core.windows.net\",\n                    \"privatelink.webpubsub.azure.com\"\n                ]\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/privateDnsZones\"\n                    },\n                    {\n                        \"field\": \"name\",\n                        \"in\": \"[[parameters('privateLinkDnsZones')]\"\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}\n",
-    "$fxv#108": "{\n    \"name\": \"DenyAction-DiagnosticLogs\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"Indexed\",\n        \"displayName\": \"DenyAction implementation on Diagnostic Logs.\",\n        \"description\": \"DenyAction implementation on Diagnostic Logs.\",\n        \"metadata\": {\n            \"deprecated\": false,\n            \"version\": \"1.0.0\",\n            \"category\": \"Monitoring\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {},\n        \"policyRule\": {\n            \"if\": {\n                \"field\": \"type\",\n                \"equals\": \"Microsoft.Insights/diagnosticSettings\"\n            },\n            \"then\": {\n                \"effect\": \"denyAction\",\n                \"details\": {\n                    \"actionNames\": [\n                        \"delete\"\n                    ]\n                }\n            }\n        }\n    }\n}",
-    "$fxv#109": "{\n    \"name\": \"DenyAction-ActivityLogs\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"Indexed\",\n        \"displayName\": \"DenyAction implementation on Activity Logs\",\n        \"description\": \"This is a DenyAction implementation policy on Activity Logs.\",\n        \"metadata\": {\n            \"deprecated\": false,            \n            \"version\": \"1.0.0\",\n            \"category\": \"Monitoring\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {},\n        \"policyRule\": {\n            \"if\": {\n                \"field\": \"type\",\n                \"equals\": \"Microsoft.Resources/subscriptions/providers/diagnosticSettings\"\n            },\n            \"then\": {\n                \"effect\": \"denyAction\",\n                \"details\": {\n                    \"actionNames\": [\n                        \"delete\"\n                    ]\n                }\n            }\n        }\n    }\n}",
+    "$fxv#105": "{\n    \"name\": \"Deploy-Vm-autoShutdown\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"Indexed\",\n        \"displayName\": \"Deploy Virtual Machine Auto Shutdown Schedule\",\n        \"description\": \"Deploys an auto shutdown schedule to a virtual machine\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Compute\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"time\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Scheduled Shutdown Time\",\n                    \"description\": \"Daily Scheduled shutdown time. i.e. 2300 = 11:00 PM\"\n                },\n                \"defaultValue\": \"0000\"\n            },\n            \"timeZoneId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"UTC\",\n                \"metadata\": {\n                    \"displayName\": \"Time zone\",\n                    \"description\": \"The time zone ID (e.g. Pacific Standard time).\"\n                }\n            },\n            \"EnableNotification\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"metadata\": {\n                    \"displayName\": \"Send Notification before auto-shutdown\",\n                    \"description\": \"If notifications are enabled for this schedule (i.e. Enabled, Disabled).\"\n                },\n                \"allowedValues\": [\n                    \"Disabled\",\n                    \"Enabled\"\n                ]\n            },\n            \"NotificationEmailRecipient\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"Email Address\",\n                    \"description\": \"Email address to be used for notification\"\n                }\n            },\n            \"NotificationWebhookUrl\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"Webhook URL\",\n                    \"description\": \"A notification will be posted to the specified webhook endpoint when the auto-shutdown is about to happen.\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"field\": \"type\",\n                \"equals\": \"Microsoft.Compute/virtualMachines\"\n            },\n            \"then\": {\n                \"effect\": \"deployIfNotExists\",\n                \"details\": {\n                    \"type\": \"Microsoft.DevTestLab/schedules\",\n                    \"existenceCondition\": {\n                        \"allOf\": [\n                            {\n                                \"field\": \"Microsoft.DevTestLab/schedules/taskType\",\n                                \"equals\": \"ComputeVmShutdownTask\"\n                            },\n                            {\n                                \"field\": \"Microsoft.DevTestLab/schedules/targetResourceId\",\n                                \"equals\": \"[[concat(resourceGroup().id,'/providers/Microsoft.Compute/virtualMachines/',field('name'))]\"\n                            }\n                        ]\n                    },\n                    \"roleDefinitionIds\": [\n                        \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\n                    ],\n                    \"deployment\": {\n                        \"properties\": {\n                            \"mode\": \"incremental\",\n                            \"template\": {\n                                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                                \"contentVersion\": \"1.0.0.0\",\n                                \"parameters\": {\n                                    \"vmName\": {\n                                        \"type\": \"string\"\n                                    },\n                                    \"location\": {\n                                        \"type\": \"string\"\n                                    },\n                                    \"time\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"Daily Scheduled shutdown time. i.e. 2300 = 11:00 PM\"\n                                        }\n                                    },\n                                    \"timeZoneId\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"The time zone ID (e.g. Pacific Standard time).\"\n                                        }\n                                    },\n                                    \"EnableNotification\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"If notifications are enabled for this schedule (i.e. Enabled, Disabled).\"\n                                        }\n                                    },\n                                    \"NotificationEmailRecipient\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"Email address to be used for notification\"\n                                        }\n                                    },\n                                    \"NotificationWebhookUrl\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"A notification will be posted to the specified webhook endpoint when the auto-shutdown is about to happen.\"\n                                        }\n                                    }\n                                },\n                                \"variables\": {},\n                                \"resources\": [\n                                    {\n                                        \"name\": \"[[concat('shutdown-computevm-',parameters('vmName'))]\",\n                                        \"type\": \"Microsoft.DevTestLab/schedules\",\n                                        \"location\": \"[[parameters('location')]\",\n                                        \"apiVersion\": \"2018-09-15\",\n                                        \"properties\": {\n                                            \"status\": \"Enabled\",\n                                            \"taskType\": \"ComputeVmShutdownTask\",\n                                            \"dailyRecurrence\": {\n                                                \"time\": \"[[parameters('time')]\"\n                                            },\n                                            \"timeZoneId\": \"[[parameters('timeZoneId')]\",\n                                            \"notificationSettings\": {\n                                                \"status\": \"[[parameters('EnableNotification')]\",\n                                                \"timeInMinutes\": 30,\n                                                \"webhookUrl\": \"[[parameters('NotificationWebhookUrl')]\",\n                                                \"emailRecipient\": \"[[parameters('NotificationEmailRecipient')]\",\n                                                \"notificationLocale\": \"en\"\n                                            },\n                                            \"targetResourceId\": \"[[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]\"\n                                        }\n                                    }\n                                ],\n                                \"outputs\": {}\n                            },\n                            \"parameters\": {\n                                \"vmName\": {\n                                    \"value\": \"[[field('name')]\"\n                                },\n                                \"location\": {\n                                    \"value\": \"[[field('location')]\"\n                                },\n                                \"time\": {\n                                    \"value\": \"[[parameters('time')]\"\n                                },\n                                \"timeZoneId\": {\n                                    \"value\": \"[[parameters('timeZoneId')]\"\n                                },\n                                \"EnableNotification\": {\n                                    \"value\": \"[[parameters('EnableNotification')]\"\n                                },\n                                \"NotificationEmailRecipient\": {\n                                    \"value\": \"[[parameters('NotificationEmailRecipient')]\"\n                                },\n                                \"NotificationWebhookUrl\": {\n                                    \"value\": \"[[parameters('NotificationWebhookUrl')]\"\n                                }\n                            }\n                        }\n                    }\n                }\n            }\n        }\n    }\n}",
+    "$fxv#106": "{\n  \"name\": \"Deploy-Windows-DomainJoin\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deploy Windows Domain Join Extension with keyvault configuration\",\n    \"description\": \"Deploy Windows Domain Join Extension with keyvault configuration when the extension does not exist on a given windows Virtual Machine\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Guest Configuration\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"domainUsername\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"domainUsername\"\n        }\n      },\n      \"domainPassword\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"domainPassword\"\n        }\n      },\n      \"domainFQDN\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"domainFQDN\"\n        }\n      },\n      \"domainOUPath\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"domainOUPath\"\n        }\n      },\n      \"keyVaultResourceId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"keyVaultResourceId\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Compute/virtualMachines\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/imagePublisher\",\n            \"equals\": \"MicrosoftWindowsServer\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/imageOffer\",\n            \"equals\": \"WindowsServer\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/imageSKU\",\n            \"in\": [\n              \"2008-R2-SP1\",\n              \"2008-R2-SP1-smalldisk\",\n              \"2008-R2-SP1-zhcn\",\n              \"2012-Datacenter\",\n              \"2012-datacenter-gensecond\",\n              \"2012-Datacenter-smalldisk\",\n              \"2012-datacenter-smalldisk-g2\",\n              \"2012-Datacenter-zhcn\",\n              \"2012-datacenter-zhcn-g2\",\n              \"2012-R2-Datacenter\",\n              \"2012-r2-datacenter-gensecond\",\n              \"2012-R2-Datacenter-smalldisk\",\n              \"2012-r2-datacenter-smalldisk-g2\",\n              \"2012-R2-Datacenter-zhcn\",\n              \"2012-r2-datacenter-zhcn-g2\",\n              \"2016-Datacenter\",\n              \"2016-datacenter-gensecond\",\n              \"2016-datacenter-gs\",\n              \"2016-Datacenter-Server-Core\",\n              \"2016-datacenter-server-core-g2\",\n              \"2016-Datacenter-Server-Core-smalldisk\",\n              \"2016-datacenter-server-core-smalldisk-g2\",\n              \"2016-Datacenter-smalldisk\",\n              \"2016-datacenter-smalldisk-g2\",\n              \"2016-Datacenter-with-Containers\",\n              \"2016-datacenter-with-containers-g2\",\n              \"2016-Datacenter-with-RDSH\",\n              \"2016-Datacenter-zhcn\",\n              \"2016-datacenter-zhcn-g2\",\n              \"2019-Datacenter\",\n              \"2019-Datacenter-Core\",\n              \"2019-datacenter-core-g2\",\n              \"2019-Datacenter-Core-smalldisk\",\n              \"2019-datacenter-core-smalldisk-g2\",\n              \"2019-Datacenter-Core-with-Containers\",\n              \"2019-datacenter-core-with-containers-g2\",\n              \"2019-Datacenter-Core-with-Containers-smalldisk\",\n              \"2019-datacenter-core-with-containers-smalldisk-g2\",\n              \"2019-datacenter-gensecond\",\n              \"2019-datacenter-gs\",\n              \"2019-Datacenter-smalldisk\",\n              \"2019-datacenter-smalldisk-g2\",\n              \"2019-Datacenter-with-Containers\",\n              \"2019-datacenter-with-containers-g2\",\n              \"2019-Datacenter-with-Containers-smalldisk\",\n              \"2019-datacenter-with-containers-smalldisk-g2\",\n              \"2019-Datacenter-zhcn\",\n              \"2019-datacenter-zhcn-g2\",\n              \"Datacenter-Core-1803-with-Containers-smalldisk\",\n              \"datacenter-core-1803-with-containers-smalldisk-g2\",\n              \"Datacenter-Core-1809-with-Containers-smalldisk\",\n              \"datacenter-core-1809-with-containers-smalldisk-g2\",\n              \"Datacenter-Core-1903-with-Containers-smalldisk\",\n              \"datacenter-core-1903-with-containers-smalldisk-g2\",\n              \"datacenter-core-1909-with-containers-smalldisk\",\n              \"datacenter-core-1909-with-containers-smalldisk-g1\",\n              \"datacenter-core-1909-with-containers-smalldisk-g2\"\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n          \"roleDefinitionIds\": [\n            \"/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\n          ],\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\n                \"equals\": \"JsonADDomainExtension\"\n              },\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\n                \"equals\": \"Microsoft.Compute\"\n              }\n            ]\n          },\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"parameters\": {\n                \"vmName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"domainUsername\": {\n                  \"reference\": {\n                    \"keyVault\": {\n                      \"id\": \"[[parameters('keyVaultResourceId')]\"\n                    },\n                    \"secretName\": \"[[parameters('domainUsername')]\"\n                  }\n                },\n                \"domainPassword\": {\n                  \"reference\": {\n                    \"keyVault\": {\n                      \"id\": \"[[parameters('keyVaultResourceId')]\"\n                    },\n                    \"secretName\": \"[[parameters('domainPassword')]\"\n                  }\n                },\n                \"domainOUPath\": {\n                  \"value\": \"[[parameters('domainOUPath')]\"\n                },\n                \"domainFQDN\": {\n                  \"value\": \"[[parameters('domainFQDN')]\"\n                },\n                \"keyVaultResourceId\": {\n                  \"value\": \"[[parameters('keyVaultResourceId')]\"\n                }\n              },\n              \"template\": {\n                \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"vmName\": {\n                    \"type\": \"String\"\n                  },\n                  \"location\": {\n                    \"type\": \"String\"\n                  },\n                  \"domainUsername\": {\n                    \"type\": \"String\"\n                  },\n                  \"domainPassword\": {\n                    \"type\": \"securestring\"\n                  },\n                  \"domainFQDN\": {\n                    \"type\": \"String\"\n                  },\n                  \"domainOUPath\": {\n                    \"type\": \"String\"\n                  },\n                  \"keyVaultResourceId\": {\n                    \"type\": \"String\"\n                  }\n                },\n                \"variables\": {\n                  \"domainJoinOptions\": 3,\n                  \"vmName\": \"[[parameters('vmName')]\"\n                },\n                \"resources\": [\n                  {\n                    \"apiVersion\": \"2015-06-15\",\n                    \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n                    \"name\": \"[[concat(variables('vmName'),'/joindomain')]\",\n                    \"location\": \"[[resourceGroup().location]\",\n                    \"properties\": {\n                      \"publisher\": \"Microsoft.Compute\",\n                      \"type\": \"JsonADDomainExtension\",\n                      \"typeHandlerVersion\": \"1.3\",\n                      \"autoUpgradeMinorVersion\": true,\n                      \"settings\": {\n                        \"Name\": \"[[parameters('domainFQDN')]\",\n                        \"User\": \"[[parameters('domainUserName')]\",\n                        \"Restart\": \"true\",\n                        \"Options\": \"[[variables('domainJoinOptions')]\",\n                        \"OUPath\": \"[[parameters('domainOUPath')]\"\n                      },\n                      \"protectedSettings\": {\n                        \"Password\": \"[[parameters('domainPassword')]\"\n                      }\n                    }\n                  }\n                ],\n                \"outputs\": {}\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
+    "$fxv#107": "{\n  \"name\": \"Deploy-Diagnostics-VWanS2SVPNGW\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings for VWAN S2S VPN Gateway to Log Analytics workspace\",\n    \"description\": \"Deploys the diagnostic settings for VWAN S2S VPN Gateway to stream to a Log Analytics workspace when any VWAN S2S VPN Gateway which is missing this diagnostic settings is created or updated. This policy is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n    \"metadata\": {\n      \"deprecated\": true,\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"metricsEnabled\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"True\",\n        \"allowedValues\": [\n          \"True\",\n          \"False\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Enable metrics\",\n          \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\n        }\n      },\n      \"logsEnabled\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"True\",\n        \"allowedValues\": [\n          \"True\",\n          \"False\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Enable logs\",\n          \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"field\": \"type\",\n        \"equals\": \"Microsoft.Network/vpnGateways\"\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Insights/diagnosticSettings\",\n          \"name\": \"[[parameters('profileName')]\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n                \"equals\": \"true\"\n              },\n              {\n                \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\n                \"equals\": \"true\"\n              },\n              {\n                \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n                \"equals\": \"[[parameters('logAnalytics')]\"\n              }\n            ]\n          },\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n            \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n          ],\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"template\": {\n                \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"resourceName\": {\n                    \"type\": \"String\"\n                  },\n                  \"logAnalytics\": {\n                    \"type\": \"String\"\n                  },\n                  \"location\": {\n                    \"type\": \"String\"\n                  },\n                  \"profileName\": {\n                    \"type\": \"String\"\n                  },\n                  \"metricsEnabled\": {\n                    \"type\": \"String\"\n                  },\n                  \"logsEnabled\": {\n                    \"type\": \"String\"\n                  }\n                },\n                \"variables\": {},\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.Network/vpnGateways/providers/diagnosticSettings\",\n                    \"apiVersion\": \"2017-05-01-preview\",\n                    \"name\": \"[[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n                    \"location\": \"[[parameters('location')]\",\n                    \"dependsOn\": [],\n                    \"properties\": {\n                      \"workspaceId\": \"[[parameters('logAnalytics')]\",\n                      \"metrics\": [\n                        {\n                          \"category\": \"AllMetrics\",\n                          \"enabled\": \"[[parameters('metricsEnabled')]\",\n                          \"retentionPolicy\": {\n                            \"days\": 0,\n                            \"enabled\": false\n                          },\n                          \"timeGrain\": null\n                        }\n                      ],\n                      \"logs\": [\n                        {\n                          \"category\": \"GatewayDiagnosticLog\",\n                          \"enabled\": \"[[parameters('logsEnabled')]\"\n                        },\n                        {\n                          \"category\": \"IKEDiagnosticLog\",\n                          \"enabled\": \"[[parameters('logsEnabled')]\"\n                        },\n                        {\n                          \"category\": \"RouteDiagnosticLog\",\n                          \"enabled\": \"[[parameters('logsEnabled')]\"\n                        },\n                        {\n                          \"category\": \"TunnelDiagnosticLog\",\n                          \"enabled\": \"[[parameters('logsEnabled')]\"\n                        }\n                      ]\n                    }\n                  }\n                ],\n                \"outputs\": {}\n              },\n              \"parameters\": {\n                \"logAnalytics\": {\n                  \"value\": \"[[parameters('logAnalytics')]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"resourceName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"profileName\": {\n                  \"value\": \"[[parameters('profileName')]\"\n                },\n                \"metricsEnabled\": {\n                  \"value\": \"[[parameters('metricsEnabled')]\"\n                },\n                \"logsEnabled\": {\n                  \"value\": \"[[parameters('logsEnabled')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}",
+    "$fxv#108": "{\n    \"name\": \"Audit-PrivateLinkDnsZones\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,    \n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"Indexed\",\n        \"displayName\": \"Audit or Deny the creation of Private Link Private DNS Zones\",\n        \"description\": \"This policy audits or denies, depending on assignment effect, the creation of a Private Link Private DNS Zones in the current scope, used in combination with policies that create centralized private DNS in connectivity subscription\",\n        \"metadata\": {\n            \"version\": \"1.0.2\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"privateLinkDnsZones\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Private Link Private DNS Zones\",\n                    \"description\": \"An array of Private Link Private DNS Zones to check for the existence of in the assigned scope.\"\n                },\n                \"defaultValue\": [\n                    \"privatelink.adf.azure.com\",\n                    \"privatelink.afs.azure.net\",\n                    \"privatelink.agentsvc.azure-automation.net\",\n                    \"privatelink.analysis.windows.net\",\n                    \"privatelink.api.azureml.ms\",\n                    \"privatelink.azconfig.io\",\n                    \"privatelink.azure-api.net\",\n                    \"privatelink.azure-automation.net\",\n                    \"privatelink.azurecr.io\",\n                    \"privatelink.azure-devices.net\",\n                    \"privatelink.azure-devices-provisioning.net\",\n                    \"privatelink.azuredatabricks.net\",\n                    \"privatelink.azurehdinsight.net\",\n                    \"privatelink.azurehealthcareapis.com\",\n                    \"privatelink.azurestaticapps.net\",\n                    \"privatelink.azuresynapse.net\",\n                    \"privatelink.azurewebsites.net\",\n                    \"privatelink.batch.azure.com\",\n                    \"privatelink.blob.core.windows.net\",\n                    \"privatelink.cassandra.cosmos.azure.com\",\n                    \"privatelink.cognitiveservices.azure.com\",\n                    \"privatelink.database.windows.net\",\n                    \"privatelink.datafactory.azure.net\",\n                    \"privatelink.dev.azuresynapse.net\",\n                    \"privatelink.dfs.core.windows.net\",\n                    \"privatelink.dicom.azurehealthcareapis.com\",\n                    \"privatelink.digitaltwins.azure.net\",\n                    \"privatelink.directline.botframework.com\",\n                    \"privatelink.documents.azure.com\",\n                    \"privatelink.eventgrid.azure.net\",\n                    \"privatelink.file.core.windows.net\",\n                    \"privatelink.gremlin.cosmos.azure.com\",\n                    \"privatelink.guestconfiguration.azure.com\",\n                    \"privatelink.his.arc.azure.com\",\n                    \"privatelink.kubernetesconfiguration.azure.com\",\n                    \"privatelink.managedhsm.azure.net\",\n                    \"privatelink.mariadb.database.azure.com\",\n                    \"privatelink.media.azure.net\",\n                    \"privatelink.mongo.cosmos.azure.com\",\n                    \"privatelink.monitor.azure.com\",\n                    \"privatelink.mysql.database.azure.com\",\n                    \"privatelink.notebooks.azure.net\",\n                    \"privatelink.ods.opinsights.azure.com\",\n                    \"privatelink.oms.opinsights.azure.com\",\n                    \"privatelink.pbidedicated.windows.net\",\n                    \"privatelink.postgres.database.azure.com\",\n                    \"privatelink.prod.migration.windowsazure.com\",\n                    \"privatelink.purview.azure.com\",\n                    \"privatelink.purviewstudio.azure.com\",\n                    \"privatelink.queue.core.windows.net\",\n                    \"privatelink.redis.cache.windows.net\",\n                    \"privatelink.redisenterprise.cache.azure.net\",\n                    \"privatelink.search.windows.net\",\n                    \"privatelink.service.signalr.net\",\n                    \"privatelink.servicebus.windows.net\",\n                    \"privatelink.siterecovery.windowsazure.com\",\n                    \"privatelink.sql.azuresynapse.net\",\n                    \"privatelink.table.core.windows.net\",\n                    \"privatelink.table.cosmos.azure.com\",\n                    \"privatelink.tip1.powerquery.microsoft.com\",\n                    \"privatelink.token.botframework.com\",\n                    \"privatelink.vaultcore.azure.net\",\n                    \"privatelink.web.core.windows.net\",\n                    \"privatelink.webpubsub.azure.com\"\n                ]\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/privateDnsZones\"\n                    },\n                    {\n                        \"field\": \"name\",\n                        \"in\": \"[[parameters('privateLinkDnsZones')]\"\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}\n",
+    "$fxv#109": "{\n    \"name\": \"DenyAction-DiagnosticLogs\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"Indexed\",\n        \"displayName\": \"DenyAction implementation on Diagnostic Logs.\",\n        \"description\": \"DenyAction implementation on Diagnostic Logs.\",\n        \"metadata\": {\n            \"deprecated\": false,\n            \"version\": \"1.0.0\",\n            \"category\": \"Monitoring\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {},\n        \"policyRule\": {\n            \"if\": {\n                \"field\": \"type\",\n                \"equals\": \"Microsoft.Insights/diagnosticSettings\"\n            },\n            \"then\": {\n                \"effect\": \"denyAction\",\n                \"details\": {\n                    \"actionNames\": [\n                        \"delete\"\n                    ]\n                }\n            }\n        }\n    }\n}",
     "$fxv#11": "{\n  \"name\": \"Deny-AppServiceFunctionApp-http\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Function App should only be accessible over HTTPS\",\n    \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"App Service\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Deny\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Web/sites\"\n          },\n          {\n            \"field\": \"kind\",\n            \"like\": \"functionapp*\"\n          },\n          {\n            \"field\": \"Microsoft.Web/sites/httpsOnly\",\n            \"equals\": \"false\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#110": "{\n  \"name\": \"Deploy-UserAssignedManagedIdentity-VMInsights\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"displayName\": \"[Deprecated]: Deploy User Assigned Managed Identity for VM Insights\",\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"description\": \"Policy is deprecated as it's no longer required. User-Assigned Management Identity is now centralized and deployed by Azure Landing Zones to the Management Subscription.\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Managed Identity\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"bringYourOwnUserAssignedManagedIdentity\": {\n        \"type\": \"Boolean\",\n        \"metadata\": {\n          \"displayName\": \"Bring Your Own User-Assigned Identity\",\n          \"description\": \"Enable this to use your pre-created user-assigned managed identity. The pre-created identity MUST exist within the subscription otherwise the policy deployment will fail. If enabled, ensure that the User-Assigned Identity Name and Identity Resource Group Name parameters match the pre-created identity. If not enabled, the policy will create per subscription, per resource user-assigned managed identities in a new resource group named 'Built-In-Identity-RG'.\"\n        },\n        \"allowedValues\": [\n          true,\n          false\n        ]\n      },\n      \"userAssignedIdentityName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"User-Assigned Managed Identity Name\",\n          \"description\": \"The name of the pre-created user-assigned managed identity.\"\n        },\n        \"defaultValue\": \"\"\n      },\n      \"identityResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"User-Assigned Managed Identity Resource Group Name\",\n          \"description\": \"The resource group in which the pre-created user-assigned managed identity resides.\"\n        },\n        \"defaultValue\": \"\"\n      },\n      \"builtInIdentityResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Built-In-Identity-RG Location\",\n          \"description\": \"The location of the resource group 'Built-In-Identity-RG' created by the policy. This parameter is only used when 'Bring Your Own User Assigned Identity' parameter is false.\"\n        },\n        \"defaultValue\": \"eastus\"\n      },\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Policy Effect\",\n          \"description\": \"The effect determines what happens when the policy rule is evaluated to match.\"\n        },\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Compute/virtualMachines\"\n          },\n          {\n            \"value\": \"[[requestContext().apiVersion]\",\n            \"greaterOrEquals\": \"2018-10-01\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Compute/virtualMachines\",\n          \"name\": \"[[field('name')]\",\n          \"evaluationDelay\": \"AfterProvisioning\",\n          \"deploymentScope\": \"subscription\",\n          \"existenceCondition\": {\n            \"anyOf\": [\n              {\n                \"allOf\": [\n                  {\n                    \"field\": \"identity.type\",\n                    \"contains\": \"UserAssigned\"\n                  },\n                  {\n                    \"field\": \"identity.userAssignedIdentities\",\n                    \"containsKey\": \"[[if(parameters('bringYourOwnUserAssignedManagedIdentity'), concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', trim(parameters('identityResourceGroup')), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', trim(parameters('userAssignedIdentityName'))), concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/Built-In-Identity-RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/Built-In-Identity-', field('location')))]\"\n                  }\n                ]\n              },\n              {\n                \"allOf\": [\n                  {\n                    \"field\": \"identity.type\",\n                    \"equals\": \"UserAssigned\"\n                  },\n                  {\n                    \"value\": \"[[string(length(field('identity.userAssignedIdentities')))]\",\n                    \"equals\": \"1\"\n                  }\n                ]\n              }\n            ]\n          },\n          \"roleDefinitionIds\": [\n            \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n          ],\n          \"deployment\": {\n            \"location\": \"eastus\",\n            \"properties\": {\n              \"mode\": \"incremental\",\n              \"parameters\": {\n                \"bringYourOwnUserAssignedManagedIdentity\": {\n                  \"value\": \"[[parameters('bringYourOwnUserAssignedManagedIdentity')]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"uaName\": {\n                  \"value\": \"[[if(parameters('bringYourOwnUserAssignedManagedIdentity'), parameters('userAssignedIdentityName'), 'Built-In-Identity')]\"\n                },\n                \"identityResourceGroup\": {\n                  \"value\": \"[[if(parameters('bringYourOwnUserAssignedManagedIdentity'), parameters('identityResourceGroup'), 'Built-In-Identity-RG')]\"\n                },\n                \"builtInIdentityResourceGroupLocation\": {\n                  \"value\": \"[[parameters('builtInIdentityResourceGroupLocation')]\"\n                },\n                \"vmName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"vmResourceGroup\": {\n                  \"value\": \"[[resourceGroup().name]\"\n                },\n                \"resourceId\": {\n                  \"value\": \"[[field('id')]\"\n                }\n              },\n              \"template\": {\n                \"$schema\": \"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.1\",\n                \"parameters\": {\n                  \"bringYourOwnUserAssignedManagedIdentity\": {\n                    \"type\": \"bool\"\n                  },\n                  \"location\": {\n                    \"type\": \"string\"\n                  },\n                  \"uaName\": {\n                    \"type\": \"string\"\n                  },\n                  \"identityResourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"builtInIdentityResourceGroupLocation\": {\n                    \"type\": \"string\"\n                  },\n                  \"vmName\": {\n                    \"type\": \"string\"\n                  },\n                  \"vmResourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"resourceId\": {\n                    \"type\": \"string\"\n                  }\n                },\n                \"variables\": {\n                  \"uaNameWithLocation\": \"[[concat(parameters('uaName'),'-', parameters('location'))]\",\n                  \"precreatedUaId\": \"[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', trim(parameters('identityResourceGroup')), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', trim(parameters('uaName')))]\",\n                  \"autocreatedUaId\": \"[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', trim(parameters('identityResourceGroup')), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', trim(parameters('uaName')), '-', parameters('location'))]\",\n                  \"deployUALockName\": \"[[concat('deployUALock-', uniqueString(deployment().name))]\",\n                  \"deployUAName\": \"[[concat('deployUA-', uniqueString(deployment().name))]\",\n                  \"deployGetResourceProperties\": \"[[concat('deployGetResourceProperties-', uniqueString(deployment().name))]\",\n                  \"deployAssignUAName\": \"[[concat('deployAssignUA-', uniqueString(deployment().name))]\"\n                },\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.Resources/resourceGroups\",\n                    \"apiVersion\": \"2020-06-01\",\n                    \"name\": \"[[parameters('identityResourceGroup')]\",\n                    \"location\": \"[[parameters('builtInIdentityResourceGroupLocation')]\"\n                  },\n                  {\n                    \"condition\": \"[[parameters('bringYourOwnUserAssignedManagedIdentity')]\",\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"apiVersion\": \"2020-06-01\",\n                    \"name\": \"[[variables('deployUALockName')]\",\n                    \"resourceGroup\": \"[[parameters('identityResourceGroup')]\",\n                    \"dependsOn\": [\n                      \"[[resourceId('Microsoft.Resources/resourceGroups', parameters('identityResourceGroup'))]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"uaName\": {\n                          \"value\": \"[[parameters('uaName')]\"\n                        },\n                        \"location\": {\n                          \"value\": \"[[parameters('location')]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"uaName\": {\n                            \"type\": \"string\"\n                          },\n                          \"location\": {\n                            \"type\": \"string\"\n                          }\n                        },\n                        \"variables\": {},\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.ManagedIdentity/userAssignedIdentities\",\n                            \"name\": \"[[parameters('uaName')]\",\n                            \"apiVersion\": \"2018-11-30\",\n                            \"location\": \"[[parameters('location')]\"\n                          }\n                        ]\n                      }\n                    }\n                  },\n                  {\n                    \"condition\": \"[[not(parameters('bringYourOwnUserAssignedManagedIdentity'))]\",\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"apiVersion\": \"2020-06-01\",\n                    \"name\": \"[[variables('deployUAName')]\",\n                    \"resourceGroup\": \"[[parameters('identityResourceGroup')]\",\n                    \"dependsOn\": [\n                      \"[[resourceId('Microsoft.Resources/resourceGroups', parameters('identityResourceGroup'))]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"uaName\": {\n                          \"value\": \"[[variables('uaNameWithLocation')]\"\n                        },\n                        \"location\": {\n                          \"value\": \"[[parameters('location')]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"uaName\": {\n                            \"type\": \"string\"\n                          },\n                          \"location\": {\n                            \"type\": \"string\"\n                          }\n                        },\n                        \"variables\": {},\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.ManagedIdentity/userAssignedIdentities\",\n                            \"name\": \"[[parameters('uaName')]\",\n                            \"apiVersion\": \"2018-11-30\",\n                            \"location\": \"[[parameters('location')]\"\n                          },\n                          {\n                            \"type\": \"Microsoft.ManagedIdentity/userAssignedIdentities/providers/locks\",\n                            \"apiVersion\": \"2016-09-01\",\n                            \"name\": \"[[concat(parameters('uaName'), '/Microsoft.Authorization/', 'CanNotDeleteLock-', parameters('uaName'))]\",\n                            \"dependsOn\": [\n                              \"[[parameters('uaName')]\"\n                            ],\n                            \"properties\": {\n                              \"level\": \"CanNotDelete\",\n                              \"notes\": \"Please do not delete this User-Assigned Identity since extensions enabled by Azure Policy are relying on their existence.\"\n                            }\n                          }\n                        ]\n                      }\n                    }\n                  },\n                  {\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"apiVersion\": \"2020-06-01\",\n                    \"name\": \"[[variables('deployGetResourceProperties')]\",\n                    \"location\": \"[[parameters('location')]\",\n                    \"dependsOn\": [\n                      \"[[resourceId('Microsoft.Resources/resourceGroups', parameters('identityResourceGroup'))]\",\n                      \"[[variables('deployUAName')]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"template\": {\n                        \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"resources\": [],\n                        \"outputs\": {\n                          \"resource\": {\n                            \"type\": \"object\",\n                            \"value\": \"[[reference(parameters('resourceId'), '2019-07-01', 'Full')]\"\n                          }\n                        }\n                      }\n                    }\n                  },\n                  {\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"apiVersion\": \"2020-06-01\",\n                    \"name\": \"[[concat(variables('deployAssignUAName'))]\",\n                    \"resourceGroup\": \"[[parameters('vmResourceGroup')]\",\n                    \"dependsOn\": [\n                      \"[[resourceId('Microsoft.Resources/resourceGroups', parameters('identityResourceGroup'))]\",\n                      \"[[variables('deployUAName')]\",\n                      \"[[variables('deployGetResourceProperties')]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"uaId\": {\n                          \"value\": \"[[if(parameters('bringYourOwnUserAssignedManagedIdentity'), variables('precreatedUaId'), variables('autocreatedUaId'))]\"\n                        },\n                        \"vmName\": {\n                          \"value\": \"[[parameters('vmName')]\"\n                        },\n                        \"location\": {\n                          \"value\": \"[[parameters('location')]\"\n                        },\n                        \"identityType\": {\n                          \"value\": \"[[if(contains(reference(variables('deployGetResourceProperties')).outputs.resource.value, 'identity'), reference(variables('deployGetResourceProperties')).outputs.resource.value.identity.type, '')]\"\n                        },\n                        \"userAssignedIdentities\": {\n                          \"value\": \"[[if(and(contains(reference(variables('deployGetResourceProperties')).outputs.resource.value, 'identity'), contains(reference(variables('deployGetResourceProperties')).outputs.resource.value.identity, 'userAssignedIdentities')), reference(variables('deployGetResourceProperties')).outputs.resource.value.identity.userAssignedIdentities, createObject())]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"uaId\": {\n                            \"type\": \"string\"\n                          },\n                          \"vmName\": {\n                            \"type\": \"string\"\n                          },\n                          \"location\": {\n                            \"type\": \"string\"\n                          },\n                          \"identityType\": {\n                            \"type\": \"string\"\n                          },\n                          \"userAssignedIdentities\": {\n                            \"type\": \"object\"\n                          }\n                        },\n                        \"variables\": {\n                          \"identityTypeValue\": \"[[if(contains(parameters('identityType'), 'SystemAssigned'), 'SystemAssigned,UserAssigned', 'UserAssigned')]\",\n                          \"userAssignedIdentitiesValue\": \"[[union(parameters('userAssignedIdentities'), createObject(parameters('uaId'), createObject()))]\",\n                          \"resourceWithSingleUAI\": \"[[and(equals(parameters('identityType'), 'UserAssigned'), equals(string(length(parameters('userAssignedIdentities'))), '1'))]\"\n                        },\n                        \"resources\": [\n                          {\n                            \"condition\": \"[[not(variables('resourceWithSingleUAI'))]\",\n                            \"apiVersion\": \"2019-07-01\",\n                            \"type\": \"Microsoft.Compute/virtualMachines\",\n                            \"name\": \"[[parameters('vmName')]\",\n                            \"location\": \"[[parameters('location')]\",\n                            \"identity\": {\n                              \"type\": \"[[variables('identityTypeValue')]\",\n                              \"userAssignedIdentities\": \"[[variables('userAssignedIdentitiesValue')]\"\n                            }\n                          }\n                        ]\n                      }\n                    }\n                  }\n                ]\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}",
-    "$fxv#111": "{\n  \"name\": \"Deploy-MDFC-Arc-SQL-DCR-Association\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated]: Configure Arc-enabled SQL Servers with DCR Association to Microsoft Defender for SQL user-defined DCR\",\n    \"description\": \"Policy is deprecated as the built-in policy now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/2227e1f1-23dd-4c3a-85a9-7024a401d8b2.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"2227e1f1-23dd-4c3a-85a9-7024a401d8b2\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.HybridCompute/machines\"\n          },\n          {\n            \"field\": \"Microsoft.HybridCompute/machines/osName\",\n            \"equals\": \"Windows\"\n          },\n          {\n            \"field\": \"Microsoft.HybridCompute/machines/mssqlDiscovered\",\n            \"equals\": \"true\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Insights/dataCollectionRuleAssociations\",\n          \"name\": \"MicrosoftDefenderForSQL-RulesAssociation\",\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n            \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n          ],\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"incremental\",\n              \"template\": {\n                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"resourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"vmName\": {\n                    \"type\": \"string\"\n                  },\n                  \"workspaceRegion\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrName\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrResourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrId\": {\n                    \"type\": \"string\"\n                  }\n                },\n                \"variables\": {\n                  \"locationLongNameToShortMap\": {\n                    \"australiacentral\": \"CAU\",\n                    \"australiaeast\": \"EAU\",\n                    \"australiasoutheast\": \"SEAU\",\n                    \"brazilsouth\": \"CQ\",\n                    \"canadacentral\": \"CCA\",\n                    \"canadaeast\": \"CCA\",\n                    \"centralindia\": \"CIN\",\n                    \"centralus\": \"CUS\",\n                    \"eastasia\": \"EA\",\n                    \"eastus2euap\": \"eus2p\",\n                    \"eastus\": \"EUS\",\n                    \"eastus2\": \"EUS2\",\n                    \"francecentral\": \"PAR\",\n                    \"germanywestcentral\": \"DEWC\",\n                    \"japaneast\": \"EJP\",\n                    \"jioindiawest\": \"CIN\",\n                    \"koreacentral\": \"SE\",\n                    \"koreasouth\": \"SE\",\n                    \"northcentralus\": \"NCUS\",\n                    \"northeurope\": \"NEU\",\n                    \"norwayeast\": \"NOE\",\n                    \"southafricanorth\": \"JNB\",\n                    \"southcentralus\": \"SCUS\",\n                    \"southeastasia\": \"SEA\",\n                    \"southindia\": \"CIN\",\n                    \"swedencentral\": \"SEC\",\n                    \"switzerlandnorth\": \"CHN\",\n                    \"switzerlandwest\": \"CHW\",\n                    \"uaenorth\": \"DXB\",\n                    \"uksouth\": \"SUK\",\n                    \"ukwest\": \"WUK\",\n                    \"westcentralus\": \"WCUS\",\n                    \"westeurope\": \"WEU\",\n                    \"westindia\": \"CIN\",\n                    \"westus\": \"WUS\",\n                    \"westus2\": \"WUS2\"\n                  },\n                  \"locationCode\": \"[[if(contains(variables('locationLongNameToShortMap'), parameters('workspaceRegion')), variables('locationLongNameToShortMap')[parameters('workspaceRegion')], parameters('workspaceRegion'))]\",\n                  \"subscriptionId\": \"[[subscription().subscriptionId]\",\n                  \"defaultRGName\": \"[[parameters('resourceGroup')]\",\n                  \"dcrName\": \"[[parameters('dcrName')]\",\n                  \"dcrId\": \"[[parameters('dcrId')]\",\n                  \"dcraName\": \"[[concat(parameters('vmName'),'/Microsoft.Insights/MicrosoftDefenderForSQL-RulesAssociation')]\"\n                },\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.HybridCompute/machines/providers/dataCollectionRuleAssociations\",\n                    \"name\": \"[[variables('dcraName')]\",\n                    \"apiVersion\": \"2021-04-01\",\n                    \"properties\": {\n                      \"description\": \"Configure association between Arc-enabled SQL Server and the Microsoft Defender for SQL user-defined DCR. Deleting this association will break the detection of security vulnerabilities for this Arc-enabled SQL Server.\",\n                      \"dataCollectionRuleId\": \"[[variables('dcrId')]\"\n                    }\n                  }\n                ]\n              },\n              \"parameters\": {\n                \"resourceGroup\": {\n                  \"value\": \"[[parameters('dcrResourceGroup')]\"\n                },\n                \"vmName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"workspaceRegion\": {\n                  \"value\": \"[[parameters('workspaceRegion')]\"\n                },\n                \"dcrName\": {\n                  \"value\": \"[[parameters('dcrName')]\"\n                },\n                \"dcrResourceGroup\": {\n                  \"value\": \"[[parameters('dcrResourceGroup')]\"\n                },\n                \"dcrId\": {\n                  \"value\": \"[[parameters('dcrId')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}",
-    "$fxv#112": "{\n  \"name\": \"Deploy-MDFC-Arc-Sql-DefenderSQL-DCR\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated]: Configure Arc-enabled SQL Servers to auto install Microsoft Defender for SQL and DCR with a user-defined LAW\",\n    \"description\": \"Policy is deprecated as the built-in policy now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/63d03cbd-47fd-4ee1-8a1c-9ddf07303de0.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"63d03cbd-47fd-4ee1-8a1c-9ddf07303de0\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"userWorkspaceResourceId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace Resource Id\",\n          \"description\": \"Workspace resource Id of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n        \"type\": \"Boolean\",\n        \"metadata\": {\n          \"displayName\": \"Enable collection of SQL queries for security research\",\n          \"description\": \"Enable or disable the collection of SQL queries for security research.\"\n        },\n        \"allowedValues\": [\n          true,\n          false\n        ],\n        \"defaultValue\": false\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.HybridCompute/machines\"\n          },\n          {\n            \"field\": \"Microsoft.HybridCompute/machines/osName\",\n            \"equals\": \"Windows\"\n          },\n          {\n            \"field\": \"Microsoft.HybridCompute/machines/mssqlDiscovered\",\n            \"equals\": \"true\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Insights/dataCollectionRules\",\n          \"deploymentScope\": \"subscription\",\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n          ],\n          \"existenceScope\": \"subscription\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"location\",\n                \"equals\": \"[[parameters('workspaceRegion')]\"\n              },\n              {\n                \"field\": \"name\",\n                \"equals\": \"[[parameters('dcrName')]\"\n              }\n            ]\n          },\n          \"deployment\": {\n            \"location\": \"eastus\",\n            \"properties\": {\n              \"mode\": \"incremental\",\n              \"template\": {\n                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"resourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"vmName\": {\n                    \"type\": \"string\"\n                  },\n                  \"userWorkspaceResourceId\": {\n                    \"type\": \"string\"\n                  },\n                  \"workspaceRegion\": {\n                    \"type\": \"string\"\n                  },\n                  \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                    \"type\": \"bool\"\n                  },\n                  \"dcrName\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrResourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrId\": {\n                    \"type\": \"string\"\n                  }\n                },\n                \"variables\": {\n                  \"locationLongNameToShortMap\": {\n                    \"australiacentral\": \"CAU\",\n                    \"australiaeast\": \"EAU\",\n                    \"australiasoutheast\": \"SEAU\",\n                    \"brazilsouth\": \"CQ\",\n                    \"canadacentral\": \"CCA\",\n                    \"canadaeast\": \"CCA\",\n                    \"centralindia\": \"CIN\",\n                    \"centralus\": \"CUS\",\n                    \"eastasia\": \"EA\",\n                    \"eastus2euap\": \"eus2p\",\n                    \"eastus\": \"EUS\",\n                    \"eastus2\": \"EUS2\",\n                    \"francecentral\": \"PAR\",\n                    \"germanywestcentral\": \"DEWC\",\n                    \"japaneast\": \"EJP\",\n                    \"jioindiawest\": \"CIN\",\n                    \"koreacentral\": \"SE\",\n                    \"koreasouth\": \"SE\",\n                    \"northcentralus\": \"NCUS\",\n                    \"northeurope\": \"NEU\",\n                    \"norwayeast\": \"NOE\",\n                    \"southafricanorth\": \"JNB\",\n                    \"southcentralus\": \"SCUS\",\n                    \"southeastasia\": \"SEA\",\n                    \"southindia\": \"CIN\",\n                    \"swedencentral\": \"SEC\",\n                    \"switzerlandnorth\": \"CHN\",\n                    \"switzerlandwest\": \"CHW\",\n                    \"uaenorth\": \"DXB\",\n                    \"uksouth\": \"SUK\",\n                    \"ukwest\": \"WUK\",\n                    \"westcentralus\": \"WCUS\",\n                    \"westeurope\": \"WEU\",\n                    \"westindia\": \"CIN\",\n                    \"westus\": \"WUS\",\n                    \"westus2\": \"WUS2\"\n                  },\n                  \"locationCode\": \"[[if(contains(variables('locationLongNameToShortMap'), parameters('workspaceRegion')), variables('locationLongNameToShortMap')[parameters('workspaceRegion')], parameters('workspaceRegion'))]\",\n                  \"subscriptionId\": \"[[subscription().subscriptionId]\",\n                  \"defaultRGName\": \"[[parameters('resourceGroup')]\",\n                  \"defaultRGLocation\": \"[[parameters('workspaceRegion')]\",\n                  \"dcrName\": \"[[parameters('dcrName')]\",\n                  \"dcrId\": \"[[parameters('dcrId')]\",\n                  \"dcraName\": \"[[concat(parameters('vmName'),'/Microsoft.Insights/MicrosoftDefenderForSQL-RulesAssociation')]\",\n                  \"deployDataCollectionRules\": \"[[concat('deployDataCollectionRules-', uniqueString(deployment().name))]\",\n                  \"deployDataCollectionRulesAssociation\": \"[[concat('deployDataCollectionRulesAssociation-', uniqueString(deployment().name))]\"\n                },\n                \"resources\": [\n                  {\n                    \"condition\": \"[[empty(parameters('dcrResourceGroup'))]\",\n                    \"type\": \"Microsoft.Resources/resourceGroups\",\n                    \"name\": \"[[variables('defaultRGName')]\",\n                    \"apiVersion\": \"2022-09-01\",\n                    \"location\": \"[[variables('defaultRGLocation')]\",\n                    \"tags\": {\n                      \"createdBy\": \"MicrosoftDefenderForSQL\"\n                    }\n                  },\n                  {\n                    \"condition\": \"[[empty(parameters('dcrId'))]\",\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"name\": \"[[variables('deployDataCollectionRules')]\",\n                    \"apiVersion\": \"2022-09-01\",\n                    \"resourceGroup\": \"[[variables('defaultRGName')]\",\n                    \"dependsOn\": [\n                      \"[[variables('defaultRGName')]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"defaultRGLocation\": {\n                          \"value\": \"[[variables('defaultRGLocation')]\"\n                        },\n                        \"workspaceResourceId\": {\n                          \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n                        },\n                        \"dcrName\": {\n                          \"value\": \"[[variables('dcrName')]\"\n                        },\n                        \"dcrId\": {\n                          \"value\": \"[[variables('dcrId')]\"\n                        },\n                        \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                          \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"defaultRGLocation\": {\n                            \"type\": \"string\"\n                          },\n                          \"workspaceResourceId\": {\n                            \"type\": \"string\"\n                          },\n                          \"dcrName\": {\n                            \"type\": \"string\"\n                          },\n                          \"dcrId\": {\n                            \"type\": \"string\"\n                          },\n                          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                            \"type\": \"bool\"\n                          }\n                        },\n                        \"variables\": {},\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.Insights/dataCollectionRules\",\n                            \"name\": \"[[parameters('dcrName')]\",\n                            \"apiVersion\": \"2021-04-01\",\n                            \"location\": \"[[parameters('defaultRGLocation')]\",\n                            \"tags\": {\n                              \"createdBy\": \"MicrosoftDefenderForSQL\"\n                            },\n                            \"properties\": {\n                              \"description\": \"Data collection rule for Microsoft Defender for SQL. Deleting this rule will break the detection of security vulnerabilities.\",\n                              \"dataSources\": {\n                                \"extensions\": [\n                                  {\n                                    \"extensionName\": \"MicrosoftDefenderForSQL\",\n                                    \"name\": \"MicrosoftDefenderForSQL\",\n                                    \"streams\": [\n                                      \"Microsoft-DefenderForSqlAlerts\",\n                                      \"Microsoft-DefenderForSqlLogins\",\n                                      \"Microsoft-DefenderForSqlTelemetry\",\n                                      \"Microsoft-DefenderForSqlScanEvents\",\n                                      \"Microsoft-DefenderForSqlScanResults\"\n                                    ],\n                                    \"extensionSettings\": {\n                                      \"enableCollectionOfSqlQueriesForSecurityResearch\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n                                    }\n                                  }\n                                ]\n                              },\n                              \"destinations\": {\n                                \"logAnalytics\": [\n                                  {\n                                    \"workspaceResourceId\": \"[[parameters('workspaceResourceId')]\",\n                                    \"name\": \"LogAnalyticsDest\"\n                                  }\n                                ]\n                              },\n                              \"dataFlows\": [\n                                {\n                                  \"streams\": [\n                                    \"Microsoft-DefenderForSqlAlerts\",\n                                    \"Microsoft-DefenderForSqlLogins\",\n                                    \"Microsoft-DefenderForSqlTelemetry\",\n                                    \"Microsoft-DefenderForSqlScanEvents\",\n                                    \"Microsoft-DefenderForSqlScanResults\"\n                                  ],\n                                  \"destinations\": [\n                                    \"LogAnalyticsDest\"\n                                  ]\n                                }\n                              ]\n                            }\n                          }\n                        ]\n                      }\n                    }\n                  },\n                  {\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"name\": \"[[variables('deployDataCollectionRulesAssociation')]\",\n                    \"apiVersion\": \"2022-09-01\",\n                    \"resourceGroup\": \"[[parameters('resourceGroup')]\",\n                    \"dependsOn\": [\n                      \"[[variables('deployDataCollectionRules')]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"dcrId\": {\n                          \"value\": \"[[variables('dcrId')]\"\n                        },\n                        \"dcraName\": {\n                          \"value\": \"[[variables('dcraName')]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"dcrId\": {\n                            \"type\": \"string\"\n                          },\n                          \"dcraName\": {\n                            \"type\": \"string\"\n                          }\n                        },\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.HybridCompute/machines/providers/dataCollectionRuleAssociations\",\n                            \"name\": \"[[parameters('dcraName')]\",\n                            \"apiVersion\": \"2021-04-01\",\n                            \"properties\": {\n                              \"description\": \"Configure association between Arc-enabled SQL Server and the Microsoft Defender for SQL user-defined DCR. Deleting this association will break the detection of security vulnerabilities for this Arc-enabled SQL Server.\",\n                              \"dataCollectionRuleId\": \"[[parameters('dcrId')]\"\n                            }\n                          }\n                        ]\n                      }\n                    }\n                  }\n                ]\n              },\n              \"parameters\": {\n                \"resourceGroup\": {\n                  \"value\": \"[[parameters('dcrResourceGroup')]\"\n                },\n                \"vmName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"userWorkspaceResourceId\": {\n                  \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n                },\n                \"workspaceRegion\": {\n                  \"value\": \"[[parameters('workspaceRegion')]\"\n                },\n                \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                  \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n                },\n                \"dcrName\": {\n                  \"value\": \"[[parameters('dcrName')]\"\n                },\n                \"dcrResourceGroup\": {\n                  \"value\": \"[[parameters('dcrResourceGroup')]\"\n                },\n                \"dcrId\": {\n                  \"value\": \"[[parameters('dcrId')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}",
-    "$fxv#113": "{\n  \"name\": \"Deploy-MDFC-SQL-AMA\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated]: Configure SQL Virtual Machines to automatically install Azure Monitor Agent\",\n    \"description\": \"Policy is deprecated as the built-in policy now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/f91991d1-5383-4c95-8ee5-5ac423dd8bb1.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"f91991d1-5383-4c95-8ee5-5ac423dd8bb1\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"identityResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Identity Resource Group\",\n          \"description\": \"The name of the resource group created by the policy.\"\n        },\n        \"defaultValue\": \"\"\n      },\n      \"userAssignedIdentityName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"User Assigned Managed Identity Name\",\n          \"description\": \"The name of the user assigned managed identity.\"\n        },\n        \"defaultValue\": \"\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Compute/virtualMachines\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\n            \"like\": \"Windows*\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/imagePublisher\",\n            \"equals\": \"microsoftsqlserver\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n          \"evaluationDelay\": \"AfterProvisioning\",\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\n          ],\n          \"name\": \"[[concat(field('fullName'), '/AzureMonitorWindowsAgent')]\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\n                \"equals\": \"AzureMonitorWindowsAgent\"\n              },\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\n                \"equals\": \"Microsoft.Azure.Monitor\"\n              },\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\n                \"in\": [\n                  \"Succeeded\",\n                  \"Provisioning succeeded\"\n                ]\n              }\n            ]\n          },\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"incremental\",\n              \"template\": {\n                \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"vmName\": {\n                    \"type\": \"string\"\n                  },\n                  \"location\": {\n                    \"type\": \"string\"\n                  },\n                  \"userAssignedManagedIdentity\": {\n                    \"type\": \"string\"\n                  },\n                  \"userAssignedIdentityName\": {\n                    \"type\": \"string\"\n                  },\n                  \"identityResourceGroup\": {\n                    \"type\": \"string\"\n                  }\n                },\n                \"variables\": {\n                  \"extensionName\": \"AzureMonitorWindowsAgent\",\n                  \"extensionPublisher\": \"Microsoft.Azure.Monitor\",\n                  \"extensionType\": \"AzureMonitorWindowsAgent\",\n                  \"extensionTypeHandlerVersion\": \"1.2\"\n                },\n                \"resources\": [\n                  {\n                    \"name\": \"[[concat(parameters('vmName'), '/', variables('extensionName'))]\",\n                    \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n                    \"location\": \"[[parameters('location')]\",\n                    \"tags\": {\n                      \"createdBy\": \"MicrosoftDefenderForSQL\"\n                    },\n                    \"apiVersion\": \"2023-03-01\",\n                    \"properties\": {\n                      \"publisher\": \"[[variables('extensionPublisher')]\",\n                      \"type\": \"[[variables('extensionType')]\",\n                      \"typeHandlerVersion\": \"[[variables('extensionTypeHandlerVersion')]\",\n                      \"autoUpgradeMinorVersion\": true,\n                      \"enableAutomaticUpgrade\": true,\n                      \"settings\": {\n                        \"authentication\": {\n                          \"managedIdentity\": {\n                            \"identifier-name\": \"mi_res_id\",\n                            \"identifier-value\": \"[[parameters('userAssignedManagedIdentity')]\"\n                          }\n                        }\n                      }\n                    }\n                  }\n                ]\n              },\n              \"parameters\": {\n                \"vmName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"userAssignedManagedIdentity\": {\n                  \"value\": \"[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', trim(parameters('identityResourceGroup')), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', trim(parameters('userAssignedIdentityName')))]\"\n                },\n                \"userAssignedIdentityName\": {\n                  \"value\": \"[[parameters('userAssignedIdentityName')]\"\n                },\n                \"identityResourceGroup\": {\n                  \"value\": \"[[parameters('identityResourceGroup')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
-    "$fxv#114": "{\n  \"name\": \"Deploy-MDFC-SQL-DefenderSQL-DCR\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated]: Configure SQL Virtual Machines to auto install Microsoft Defender for SQL and DCR with a user-defined LAW\",\n    \"description\": \"Policy is deprecated as the built-in policy now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/04754ef9-9ae3-4477-bf17-86ef50026304.html\",\n    \"metadata\": {\n      \"version\": \"1.0.1-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"04754ef9-9ae3-4477-bf17-86ef50026304\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"userWorkspaceResourceId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace Resource Id\",\n          \"description\": \"Workspace resource Id of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n        \"type\": \"Boolean\",\n        \"metadata\": {\n          \"displayName\": \"Enable collection of SQL queries for security research\",\n          \"description\": \"Enable or disable the collection of SQL queries for security research.\"\n        },\n        \"allowedValues\": [\n          true,\n          false\n        ],\n        \"defaultValue\": false\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Compute/virtualMachines\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\n            \"like\": \"Windows*\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/imagePublisher\",\n            \"equals\": \"microsoftsqlserver\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Insights/dataCollectionRules\",\n          \"evaluationDelay\": \"AfterProvisioning\",\n          \"deploymentScope\": \"subscription\",\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n          ],\n          \"existenceScope\": \"subscription\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"location\",\n                \"equals\": \"[[parameters('workspaceRegion')]\"\n              },\n              {\n                \"field\": \"name\",\n                \"equals\": \"[[parameters('dcrName')]\"\n              }\n            ]\n          },\n          \"deployment\": {\n            \"location\": \"eastus\",\n            \"properties\": {\n              \"mode\": \"incremental\",\n              \"template\": {\n                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"resourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"location\": {\n                    \"type\": \"string\"\n                  },\n                  \"vmName\": {\n                    \"type\": \"string\"\n                  },\n                  \"userWorkspaceResourceId\": {\n                    \"type\": \"string\"\n                  },\n                  \"workspaceRegion\": {\n                    \"type\": \"string\"\n                  },\n                  \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                    \"type\": \"bool\"\n                  },\n                  \"dcrName\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrResourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrId\": {\n                    \"type\": \"string\"\n                  }\n                },\n                \"variables\": {\n                  \"locationLongNameToShortMap\": {\n                    \"australiacentral\": \"CAU\",\n                    \"australiaeast\": \"EAU\",\n                    \"australiasoutheast\": \"SEAU\",\n                    \"brazilsouth\": \"CQ\",\n                    \"canadacentral\": \"CCA\",\n                    \"canadaeast\": \"CCA\",\n                    \"centralindia\": \"CIN\",\n                    \"centralus\": \"CUS\",\n                    \"eastasia\": \"EA\",\n                    \"eastus2euap\": \"eus2p\",\n                    \"eastus\": \"EUS\",\n                    \"eastus2\": \"EUS2\",\n                    \"francecentral\": \"PAR\",\n                    \"germanywestcentral\": \"DEWC\",\n                    \"japaneast\": \"EJP\",\n                    \"jioindiawest\": \"CIN\",\n                    \"koreacentral\": \"SE\",\n                    \"koreasouth\": \"SE\",\n                    \"northcentralus\": \"NCUS\",\n                    \"northeurope\": \"NEU\",\n                    \"norwayeast\": \"NOE\",\n                    \"southafricanorth\": \"JNB\",\n                    \"southcentralus\": \"SCUS\",\n                    \"southeastasia\": \"SEA\",\n                    \"southindia\": \"CIN\",\n                    \"swedencentral\": \"SEC\",\n                    \"switzerlandnorth\": \"CHN\",\n                    \"switzerlandwest\": \"CHW\",\n                    \"uaenorth\": \"DXB\",\n                    \"uksouth\": \"SUK\",\n                    \"ukwest\": \"WUK\",\n                    \"westcentralus\": \"WCUS\",\n                    \"westeurope\": \"WEU\",\n                    \"westindia\": \"CIN\",\n                    \"westus\": \"WUS\",\n                    \"westus2\": \"WUS2\"\n                  },\n                  \"locationCode\": \"[[if(contains(variables('locationLongNameToShortMap'), parameters('workspaceRegion')), variables('locationLongNameToShortMap')[parameters('workspaceRegion')], parameters('workspaceRegion'))]\",\n                  \"subscriptionId\": \"[[subscription().subscriptionId]\",\n                  \"defaultRGName\": \"[[parameters('dcrResourceGroup')]\",\n                  \"defaultRGLocation\": \"[[parameters('workspaceRegion')]\",\n                  \"dcrName\": \"[[parameters('dcrName')]\",\n                  \"dcrId\": \"[[parameters('dcrId')]\",\n                  \"dcraName\": \"[[concat(parameters('vmName'),'/Microsoft.Insights/MicrosoftDefenderForSQL-RulesAssociation')]\",\n                  \"deployDataCollectionRules\": \"[[concat('deployDataCollectionRules-', uniqueString(deployment().name))]\",\n                  \"deployDataCollectionRulesAssociation\": \"[[concat('deployDataCollectionRulesAssociation-', uniqueString(deployment().name))]\",\n                  \"deployDefenderForSQL\": \"[[concat('deployDefenderForSQL-', uniqueString(deployment().name))]\"\n                },\n                \"resources\": [\n                  {\n                    \"condition\": \"[[empty(parameters('dcrResourceGroup'))]\",\n                    \"type\": \"Microsoft.Resources/resourceGroups\",\n                    \"name\": \"[[variables('defaultRGName')]\",\n                    \"apiVersion\": \"2022-09-01\",\n                    \"location\": \"[[variables('defaultRGLocation')]\",\n                    \"tags\": {\n                      \"createdBy\": \"MicrosoftDefenderForSQL\"\n                    }\n                  },\n                  {\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"name\": \"[[variables('deployDefenderForSQL')]\",\n                    \"apiVersion\": \"2022-09-01\",\n                    \"resourceGroup\": \"[[parameters('resourceGroup')]\",\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"location\": {\n                          \"value\": \"[[parameters('location')]\"\n                        },\n                        \"vmName\": {\n                          \"value\": \"[[parameters('vmName')]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"location\": {\n                            \"type\": \"string\"\n                          },\n                          \"vmName\": {\n                            \"type\": \"string\"\n                          }\n                        },\n                        \"variables\": {},\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n                            \"name\": \"[[concat(parameters('vmName'), '/', 'MicrosoftDefenderForSQL')]\",\n                            \"apiVersion\": \"2023-03-01\",\n                            \"location\": \"[[parameters('location')]\",\n                            \"tags\": {\n                              \"createdBy\": \"MicrosoftDefenderForSQL\"\n                            },\n                            \"properties\": {\n                              \"publisher\": \"Microsoft.Azure.AzureDefenderForSQL\",\n                              \"type\": \"AdvancedThreatProtection.Windows\",\n                              \"typeHandlerVersion\": \"2.0\",\n                              \"autoUpgradeMinorVersion\": true,\n                              \"enableAutomaticUpgrade\": true\n                            }\n                          }\n                        ]\n                      }\n                    }\n                  },\n                  {\n                    \"condition\": \"[[empty(parameters('dcrId'))]\",\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"name\": \"[[variables('deployDataCollectionRules')]\",\n                    \"apiVersion\": \"2022-09-01\",\n                    \"resourceGroup\": \"[[variables('defaultRGName')]\",\n                    \"dependsOn\": [\n                      \"[[variables('defaultRGName')]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"defaultRGLocation\": {\n                          \"value\": \"[[variables('defaultRGLocation')]\"\n                        },\n                        \"workspaceResourceId\": {\n                          \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n                        },\n                        \"dcrName\": {\n                          \"value\": \"[[variables('dcrName')]\"\n                        },\n                        \"dcrId\": {\n                          \"value\": \"[[variables('dcrId')]\"\n                        },\n                        \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                          \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"defaultRGLocation\": {\n                            \"type\": \"string\"\n                          },\n                          \"workspaceResourceId\": {\n                            \"type\": \"string\"\n                          },\n                          \"dcrName\": {\n                            \"type\": \"string\"\n                          },\n                          \"dcrId\": {\n                            \"type\": \"string\"\n                          },\n                          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                            \"type\": \"bool\"\n                          }\n                        },\n                        \"variables\": {},\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.Insights/dataCollectionRules\",\n                            \"name\": \"[[parameters('dcrName')]\",\n                            \"apiVersion\": \"2021-04-01\",\n                            \"location\": \"[[parameters('defaultRGLocation')]\",\n                            \"tags\": {\n                              \"createdBy\": \"MicrosoftDefenderForSQL\"\n                            },\n                            \"properties\": {\n                              \"description\": \"Data collection rule for Microsoft Defender for SQL. Deleting this rule will break the detection of security vulnerabilities.\",\n                              \"dataSources\": {\n                                \"extensions\": [\n                                  {\n                                    \"extensionName\": \"MicrosoftDefenderForSQL\",\n                                    \"name\": \"MicrosoftDefenderForSQL\",\n                                    \"streams\": [\n                                      \"Microsoft-DefenderForSqlAlerts\",\n                                      \"Microsoft-DefenderForSqlLogins\",\n                                      \"Microsoft-DefenderForSqlTelemetry\",\n                                      \"Microsoft-DefenderForSqlScanEvents\",\n                                      \"Microsoft-DefenderForSqlScanResults\"\n                                    ],\n                                    \"extensionSettings\": {\n                                      \"enableCollectionOfSqlQueriesForSecurityResearch\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n                                    }\n                                  }\n                                ]\n                              },\n                              \"destinations\": {\n                                \"logAnalytics\": [\n                                  {\n                                    \"workspaceResourceId\": \"[[parameters('workspaceResourceId')]\",\n                                    \"name\": \"LogAnalyticsDest\"\n                                  }\n                                ]\n                              },\n                              \"dataFlows\": [\n                                {\n                                  \"streams\": [\n                                    \"Microsoft-DefenderForSqlAlerts\",\n                                    \"Microsoft-DefenderForSqlLogins\",\n                                    \"Microsoft-DefenderForSqlTelemetry\",\n                                    \"Microsoft-DefenderForSqlScanEvents\",\n                                    \"Microsoft-DefenderForSqlScanResults\"\n                                  ],\n                                  \"destinations\": [\n                                    \"LogAnalyticsDest\"\n                                  ]\n                                }\n                              ]\n                            }\n                          }\n                        ]\n                      }\n                    }\n                  },\n                  {\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"name\": \"[[variables('deployDataCollectionRulesAssociation')]\",\n                    \"apiVersion\": \"2022-09-01\",\n                    \"resourceGroup\": \"[[parameters('resourceGroup')]\",\n                    \"dependsOn\": [\n                      \"[[variables('deployDataCollectionRules')]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"dcrId\": {\n                          \"value\": \"[[variables('dcrId')]\"\n                        },\n                        \"dcraName\": {\n                          \"value\": \"[[variables('dcraName')]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"dcrId\": {\n                            \"type\": \"string\"\n                          },\n                          \"dcraName\": {\n                            \"type\": \"string\"\n                          }\n                        },\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.Compute/virtualMachines/providers/dataCollectionRuleAssociations\",\n                            \"name\": \"[[parameters('dcraName')]\",\n                            \"apiVersion\": \"2021-04-01\",\n                            \"properties\": {\n                              \"description\": \"Configure association between SQL Virtual Machine and the Microsoft Defender for SQL user-defined DCR. Deleting this association will break the detection of security vulnerabilities for this SQL Virtual Machine.\",\n                              \"dataCollectionRuleId\": \"[[parameters('dcrId')]\"\n                            }\n                          }\n                        ]\n                      }\n                    }\n                  }\n                ]\n              },\n              \"parameters\": {\n                \"resourceGroup\": {\n                  \"value\": \"[[resourceGroup().name]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"vmName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"userWorkspaceResourceId\": {\n                  \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n                },\n                \"workspaceRegion\": {\n                  \"value\": \"[[parameters('workspaceRegion')]\"\n                },\n                \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                  \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n                },\n                \"dcrName\": {\n                  \"value\": \"[[parameters('dcrName')]\"\n                },\n                \"dcrResourceGroup\": {\n                  \"value\": \"[[parameters('dcrResourceGroup')]\"\n                },\n                \"dcrId\": {\n                  \"value\": \"[[parameters('dcrId')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
-    "$fxv#115": "{\n  \"name\": \"Deploy-MDFC-SQL-DefenderSQL\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"displayName\": \"[Deprecated]: Configure SQL Virtual Machines to automatically install Microsoft Defender for SQL\",\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"description\": \"Policy is deprecated as the built-in policy now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/ddca0ddc-4e9d-4bbb-92a1-f7c4dd7ef7ce.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"ddca0ddc-4e9d-4bbb-92a1-f7c4dd7ef7ce\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Compute/virtualMachines\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\n            \"like\": \"Windows*\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/imagePublisher\",\n            \"equals\": \"microsoftsqlserver\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n          \"name\": \"[[concat(field('fullName'), '/MicrosoftDefenderForSQL')]\",\n          \"evaluationDelay\": \"AfterProvisioning\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\n                \"equals\": \"AdvancedThreatProtection.Windows\"\n              },\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\n                \"equals\": \"Microsoft.Azure.AzureDefenderForSQL\"\n              },\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\n                \"in\": [\n                  \"Succeeded\",\n                  \"Provisioning succeeded\"\n                ]\n              }\n            ]\n          },\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n            \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n          ],\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"incremental\",\n              \"template\": {\n                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"location\": {\n                    \"type\": \"string\"\n                  },\n                  \"vmName\": {\n                    \"type\": \"string\"\n                  },\n                  \"workspaceRegion\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrResourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrName\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrId\": {\n                    \"type\": \"string\"\n                  }\n                },\n                \"variables\": {\n                  \"locationLongNameToShortMap\": {\n                    \"australiacentral\": \"CAU\",\n                    \"australiaeast\": \"EAU\",\n                    \"australiasoutheast\": \"SEAU\",\n                    \"brazilsouth\": \"CQ\",\n                    \"canadacentral\": \"CCA\",\n                    \"canadaeast\": \"CCA\",\n                    \"centralindia\": \"CIN\",\n                    \"centralus\": \"CUS\",\n                    \"eastasia\": \"EA\",\n                    \"eastus2euap\": \"eus2p\",\n                    \"eastus\": \"EUS\",\n                    \"eastus2\": \"EUS2\",\n                    \"francecentral\": \"PAR\",\n                    \"germanywestcentral\": \"DEWC\",\n                    \"japaneast\": \"EJP\",\n                    \"jioindiawest\": \"CIN\",\n                    \"koreacentral\": \"SE\",\n                    \"koreasouth\": \"SE\",\n                    \"northcentralus\": \"NCUS\",\n                    \"northeurope\": \"NEU\",\n                    \"norwayeast\": \"NOE\",\n                    \"southafricanorth\": \"JNB\",\n                    \"southcentralus\": \"SCUS\",\n                    \"southeastasia\": \"SEA\",\n                    \"southindia\": \"CIN\",\n                    \"swedencentral\": \"SEC\",\n                    \"switzerlandnorth\": \"CHN\",\n                    \"switzerlandwest\": \"CHW\",\n                    \"uaenorth\": \"DXB\",\n                    \"uksouth\": \"SUK\",\n                    \"ukwest\": \"WUK\",\n                    \"westcentralus\": \"WCUS\",\n                    \"westeurope\": \"WEU\",\n                    \"westindia\": \"CIN\",\n                    \"westus\": \"WUS\",\n                    \"westus2\": \"WUS2\"\n                  },\n                  \"actualLocation\": \"[[if(empty(parameters('workspaceRegion')), parameters('location'), parameters('workspaceRegion'))]\",\n                  \"locationCode\": \"[[if(contains(variables('locationLongNameToShortMap'), variables('actualLocation')), variables('locationLongNameToShortMap')[variables('actualLocation')], variables('actualLocation'))]\",\n                  \"subscriptionId\": \"[[subscription().subscriptionId]\",\n                  \"defaultRGName\": \"[[parameters('dcrResourceGroup')]\",\n                  \"dcrName\": \"[[parameters('dcrName')]\",\n                  \"dcrId\": \"[[parameters('dcrId')]\",\n                  \"dcraName\": \"[[concat(parameters('vmName'),'/Microsoft.Insights/MicrosoftDefenderForSQL-RulesAssociation')]\"\n                },\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n                    \"name\": \"[[concat(parameters('vmName'), '/', 'MicrosoftDefenderForSQL')]\",\n                    \"apiVersion\": \"2023-03-01\",\n                    \"location\": \"[[parameters('location')]\",\n                    \"tags\": {\n                      \"createdBy\": \"MicrosoftDefenderForSQL\"\n                    },\n                    \"properties\": {\n                      \"publisher\": \"Microsoft.Azure.AzureDefenderForSQL\",\n                      \"type\": \"AdvancedThreatProtection.Windows\",\n                      \"typeHandlerVersion\": \"2.0\",\n                      \"autoUpgradeMinorVersion\": true,\n                      \"enableAutomaticUpgrade\": true\n                    },\n                    \"dependsOn\": [\n                      \"[[extensionResourceId(concat('/subscriptions/', variables('subscriptionId'), '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Compute/virtualMachines/', parameters('vmName')), 'Microsoft.Insights/dataCollectionRuleAssociations','MicrosoftDefenderForSQL-RulesAssociation')]\"\n                    ]\n                  },\n                  {\n                    \"type\": \"Microsoft.Compute/virtualMachines/providers/dataCollectionRuleAssociations\",\n                    \"name\": \"[[variables('dcraName')]\",\n                    \"apiVersion\": \"2021-04-01\",\n                    \"properties\": {\n                      \"description\": \"Configure association between SQL Virtual Machine and the Microsoft Defender for SQL DCR. Deleting this association will break the detection of security vulnerabilities for this SQL Virtual Machine.\",\n                      \"dataCollectionRuleId\": \"[[variables('dcrId')]\"\n                    }\n                  }\n                ]\n              },\n              \"parameters\": {\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"vmName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"workspaceRegion\": {\n                  \"value\": \"[[parameters('workspaceRegion')]\"\n                },\n                \"dcrResourceGroup\": {\n                  \"value\": \"[[parameters('dcrResourceGroup')]\"\n                },\n                \"dcrName\": {\n                  \"value\": \"[[parameters('dcrName')]\"\n                },\n                \"dcrId\": {\n                  \"value\": \"[[parameters('dcrId')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
-    "$fxv#116": "{\n    \"name\": \"Deny-APIM-TLS\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"API Management services should use TLS version 1.2\",\n        \"description\": \"Azure API Management service should use TLS version 1.2\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"API Management\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.ApiManagement/service\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"value\": \"[[indexof(toLower(string(field('Microsoft.ApiManagement/service/customProperties'))), '\\\"microsoft.windowsazure.apimanagement.gateway.security.protocols.tls10\\\":\\\"true\\\"')]\",\n                                \"greater\": 0\n                            },\n                            {\n                                \"value\": \"[[indexof(toLower(string(field('Microsoft.ApiManagement/service/customProperties'))), '\\\"microsoft.windowsazure.apimanagement.gateway.security.protocols.tls10\\\":true')]\",\n                                \"greater\": 0\n                            },\n                            {\n                                \"value\": \"[[indexof(toLower(string(field('Microsoft.ApiManagement/service/customProperties'))), '\\\"microsoft.windowsazure.apimanagement.gateway.security.protocols.tls11\\\":\\\"true\\\"')]\",\n                                \"greater\": 0\n                            },\n                            {\n                                \"value\": \"[[indexof(toLower(string(field('Microsoft.ApiManagement/service/customProperties'))), '\\\"microsoft.windowsazure.apimanagement.gateway.security.protocols.tls11\\\":true')]\",\n                                \"greater\": 0\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#117": "{\n    \"name\": \"Deny-AppGw-Without-Tls\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Application Gateway should be deployed with predefined Microsoft policy that is using TLS version 1.2\",\n        \"description\": \"This policy enables you to restrict that Application Gateways is always deployed with predefined Microsoft policy that is using TLS version 1.2\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"predefinedPolicyName\": {\n                \"type\": \"array\",\n                \"metadata\": {\n                    \"displayName\": \"Predefined policy name\",\n                    \"description\": \"Predefined policy name\"\n                },\n                \"defaultValue\": [\n                    \"AppGwSslPolicy20220101\",\n                    \"AppGwSslPolicy20170401S\",\n                    \"AppGwSslPolicy20220101S\"\n                ]\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/applicationGateways\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Network/applicationGateways/sslPolicy.policyType\",\n                                \"notEquals\": \"Predefined\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Network/applicationGateways/sslPolicy.policyType\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Network/applicationGateways/sslPolicy.policyName\",\n                                \"notIn\": \"[[parameters('predefinedPolicyName')]\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#118": "{\n    \"name\": \"Deny-AppService-without-BYOC\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"App Service certificates must be stored in Key Vault\",\n        \"description\": \"App Service (including Logic apps and Function apps) must use certificates stored in Key Vault\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"App Service\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Web/certificates\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Web/certificates/keyVaultId\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Web/certificates/keyVaultSecretName\",\n                                \"exists\": \"false\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#119": "{\n    \"name\": \"Deny-AzFw-Without-Policy\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Azure Firewall should have a default Firewall Policy\",\n        \"description\": \"This policy denies the creation of Azure Firewall without a default Firewall Policy.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/azureFirewalls\"\n                    },\n                    {\n                        \"field\": \"Microsoft.Network/azureFirewalls/firewallPolicy.id\",\n                        \"exists\": \"false\"\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#110": "{\n    \"name\": \"DenyAction-ActivityLogs\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"Indexed\",\n        \"displayName\": \"DenyAction implementation on Activity Logs\",\n        \"description\": \"This is a DenyAction implementation policy on Activity Logs.\",\n        \"metadata\": {\n            \"deprecated\": false,            \n            \"version\": \"1.0.0\",\n            \"category\": \"Monitoring\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {},\n        \"policyRule\": {\n            \"if\": {\n                \"field\": \"type\",\n                \"equals\": \"Microsoft.Resources/subscriptions/providers/diagnosticSettings\"\n            },\n            \"then\": {\n                \"effect\": \"denyAction\",\n                \"details\": {\n                    \"actionNames\": [\n                        \"delete\"\n                    ]\n                }\n            }\n        }\n    }\n}",
+    "$fxv#111": "{\n  \"name\": \"Deploy-UserAssignedManagedIdentity-VMInsights\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"displayName\": \"[Deprecated]: Deploy User Assigned Managed Identity for VM Insights\",\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"description\": \"Policy is deprecated as it's no longer required. User-Assigned Management Identity is now centralized and deployed by Azure Landing Zones to the Management Subscription.\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Managed Identity\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"bringYourOwnUserAssignedManagedIdentity\": {\n        \"type\": \"Boolean\",\n        \"metadata\": {\n          \"displayName\": \"Bring Your Own User-Assigned Identity\",\n          \"description\": \"Enable this to use your pre-created user-assigned managed identity. The pre-created identity MUST exist within the subscription otherwise the policy deployment will fail. If enabled, ensure that the User-Assigned Identity Name and Identity Resource Group Name parameters match the pre-created identity. If not enabled, the policy will create per subscription, per resource user-assigned managed identities in a new resource group named 'Built-In-Identity-RG'.\"\n        },\n        \"allowedValues\": [\n          true,\n          false\n        ]\n      },\n      \"userAssignedIdentityName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"User-Assigned Managed Identity Name\",\n          \"description\": \"The name of the pre-created user-assigned managed identity.\"\n        },\n        \"defaultValue\": \"\"\n      },\n      \"identityResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"User-Assigned Managed Identity Resource Group Name\",\n          \"description\": \"The resource group in which the pre-created user-assigned managed identity resides.\"\n        },\n        \"defaultValue\": \"\"\n      },\n      \"builtInIdentityResourceGroupLocation\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Built-In-Identity-RG Location\",\n          \"description\": \"The location of the resource group 'Built-In-Identity-RG' created by the policy. This parameter is only used when 'Bring Your Own User Assigned Identity' parameter is false.\"\n        },\n        \"defaultValue\": \"eastus\"\n      },\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Policy Effect\",\n          \"description\": \"The effect determines what happens when the policy rule is evaluated to match.\"\n        },\n        \"allowedValues\": [\n          \"AuditIfNotExists\",\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Compute/virtualMachines\"\n          },\n          {\n            \"value\": \"[[requestContext().apiVersion]\",\n            \"greaterOrEquals\": \"2018-10-01\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Compute/virtualMachines\",\n          \"name\": \"[[field('name')]\",\n          \"evaluationDelay\": \"AfterProvisioning\",\n          \"deploymentScope\": \"subscription\",\n          \"existenceCondition\": {\n            \"anyOf\": [\n              {\n                \"allOf\": [\n                  {\n                    \"field\": \"identity.type\",\n                    \"contains\": \"UserAssigned\"\n                  },\n                  {\n                    \"field\": \"identity.userAssignedIdentities\",\n                    \"containsKey\": \"[[if(parameters('bringYourOwnUserAssignedManagedIdentity'), concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', trim(parameters('identityResourceGroup')), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', trim(parameters('userAssignedIdentityName'))), concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/Built-In-Identity-RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/Built-In-Identity-', field('location')))]\"\n                  }\n                ]\n              },\n              {\n                \"allOf\": [\n                  {\n                    \"field\": \"identity.type\",\n                    \"equals\": \"UserAssigned\"\n                  },\n                  {\n                    \"value\": \"[[string(length(field('identity.userAssignedIdentities')))]\",\n                    \"equals\": \"1\"\n                  }\n                ]\n              }\n            ]\n          },\n          \"roleDefinitionIds\": [\n            \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n          ],\n          \"deployment\": {\n            \"location\": \"eastus\",\n            \"properties\": {\n              \"mode\": \"incremental\",\n              \"parameters\": {\n                \"bringYourOwnUserAssignedManagedIdentity\": {\n                  \"value\": \"[[parameters('bringYourOwnUserAssignedManagedIdentity')]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"uaName\": {\n                  \"value\": \"[[if(parameters('bringYourOwnUserAssignedManagedIdentity'), parameters('userAssignedIdentityName'), 'Built-In-Identity')]\"\n                },\n                \"identityResourceGroup\": {\n                  \"value\": \"[[if(parameters('bringYourOwnUserAssignedManagedIdentity'), parameters('identityResourceGroup'), 'Built-In-Identity-RG')]\"\n                },\n                \"builtInIdentityResourceGroupLocation\": {\n                  \"value\": \"[[parameters('builtInIdentityResourceGroupLocation')]\"\n                },\n                \"vmName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"vmResourceGroup\": {\n                  \"value\": \"[[resourceGroup().name]\"\n                },\n                \"resourceId\": {\n                  \"value\": \"[[field('id')]\"\n                }\n              },\n              \"template\": {\n                \"$schema\": \"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.1\",\n                \"parameters\": {\n                  \"bringYourOwnUserAssignedManagedIdentity\": {\n                    \"type\": \"bool\"\n                  },\n                  \"location\": {\n                    \"type\": \"string\"\n                  },\n                  \"uaName\": {\n                    \"type\": \"string\"\n                  },\n                  \"identityResourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"builtInIdentityResourceGroupLocation\": {\n                    \"type\": \"string\"\n                  },\n                  \"vmName\": {\n                    \"type\": \"string\"\n                  },\n                  \"vmResourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"resourceId\": {\n                    \"type\": \"string\"\n                  }\n                },\n                \"variables\": {\n                  \"uaNameWithLocation\": \"[[concat(parameters('uaName'),'-', parameters('location'))]\",\n                  \"precreatedUaId\": \"[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', trim(parameters('identityResourceGroup')), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', trim(parameters('uaName')))]\",\n                  \"autocreatedUaId\": \"[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', trim(parameters('identityResourceGroup')), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', trim(parameters('uaName')), '-', parameters('location'))]\",\n                  \"deployUALockName\": \"[[concat('deployUALock-', uniqueString(deployment().name))]\",\n                  \"deployUAName\": \"[[concat('deployUA-', uniqueString(deployment().name))]\",\n                  \"deployGetResourceProperties\": \"[[concat('deployGetResourceProperties-', uniqueString(deployment().name))]\",\n                  \"deployAssignUAName\": \"[[concat('deployAssignUA-', uniqueString(deployment().name))]\"\n                },\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.Resources/resourceGroups\",\n                    \"apiVersion\": \"2020-06-01\",\n                    \"name\": \"[[parameters('identityResourceGroup')]\",\n                    \"location\": \"[[parameters('builtInIdentityResourceGroupLocation')]\"\n                  },\n                  {\n                    \"condition\": \"[[parameters('bringYourOwnUserAssignedManagedIdentity')]\",\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"apiVersion\": \"2020-06-01\",\n                    \"name\": \"[[variables('deployUALockName')]\",\n                    \"resourceGroup\": \"[[parameters('identityResourceGroup')]\",\n                    \"dependsOn\": [\n                      \"[[resourceId('Microsoft.Resources/resourceGroups', parameters('identityResourceGroup'))]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"uaName\": {\n                          \"value\": \"[[parameters('uaName')]\"\n                        },\n                        \"location\": {\n                          \"value\": \"[[parameters('location')]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"uaName\": {\n                            \"type\": \"string\"\n                          },\n                          \"location\": {\n                            \"type\": \"string\"\n                          }\n                        },\n                        \"variables\": {},\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.ManagedIdentity/userAssignedIdentities\",\n                            \"name\": \"[[parameters('uaName')]\",\n                            \"apiVersion\": \"2018-11-30\",\n                            \"location\": \"[[parameters('location')]\"\n                          }\n                        ]\n                      }\n                    }\n                  },\n                  {\n                    \"condition\": \"[[not(parameters('bringYourOwnUserAssignedManagedIdentity'))]\",\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"apiVersion\": \"2020-06-01\",\n                    \"name\": \"[[variables('deployUAName')]\",\n                    \"resourceGroup\": \"[[parameters('identityResourceGroup')]\",\n                    \"dependsOn\": [\n                      \"[[resourceId('Microsoft.Resources/resourceGroups', parameters('identityResourceGroup'))]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"uaName\": {\n                          \"value\": \"[[variables('uaNameWithLocation')]\"\n                        },\n                        \"location\": {\n                          \"value\": \"[[parameters('location')]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"uaName\": {\n                            \"type\": \"string\"\n                          },\n                          \"location\": {\n                            \"type\": \"string\"\n                          }\n                        },\n                        \"variables\": {},\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.ManagedIdentity/userAssignedIdentities\",\n                            \"name\": \"[[parameters('uaName')]\",\n                            \"apiVersion\": \"2018-11-30\",\n                            \"location\": \"[[parameters('location')]\"\n                          },\n                          {\n                            \"type\": \"Microsoft.ManagedIdentity/userAssignedIdentities/providers/locks\",\n                            \"apiVersion\": \"2016-09-01\",\n                            \"name\": \"[[concat(parameters('uaName'), '/Microsoft.Authorization/', 'CanNotDeleteLock-', parameters('uaName'))]\",\n                            \"dependsOn\": [\n                              \"[[parameters('uaName')]\"\n                            ],\n                            \"properties\": {\n                              \"level\": \"CanNotDelete\",\n                              \"notes\": \"Please do not delete this User-Assigned Identity since extensions enabled by Azure Policy are relying on their existence.\"\n                            }\n                          }\n                        ]\n                      }\n                    }\n                  },\n                  {\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"apiVersion\": \"2020-06-01\",\n                    \"name\": \"[[variables('deployGetResourceProperties')]\",\n                    \"location\": \"[[parameters('location')]\",\n                    \"dependsOn\": [\n                      \"[[resourceId('Microsoft.Resources/resourceGroups', parameters('identityResourceGroup'))]\",\n                      \"[[variables('deployUAName')]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"template\": {\n                        \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"resources\": [],\n                        \"outputs\": {\n                          \"resource\": {\n                            \"type\": \"object\",\n                            \"value\": \"[[reference(parameters('resourceId'), '2019-07-01', 'Full')]\"\n                          }\n                        }\n                      }\n                    }\n                  },\n                  {\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"apiVersion\": \"2020-06-01\",\n                    \"name\": \"[[concat(variables('deployAssignUAName'))]\",\n                    \"resourceGroup\": \"[[parameters('vmResourceGroup')]\",\n                    \"dependsOn\": [\n                      \"[[resourceId('Microsoft.Resources/resourceGroups', parameters('identityResourceGroup'))]\",\n                      \"[[variables('deployUAName')]\",\n                      \"[[variables('deployGetResourceProperties')]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"uaId\": {\n                          \"value\": \"[[if(parameters('bringYourOwnUserAssignedManagedIdentity'), variables('precreatedUaId'), variables('autocreatedUaId'))]\"\n                        },\n                        \"vmName\": {\n                          \"value\": \"[[parameters('vmName')]\"\n                        },\n                        \"location\": {\n                          \"value\": \"[[parameters('location')]\"\n                        },\n                        \"identityType\": {\n                          \"value\": \"[[if(contains(reference(variables('deployGetResourceProperties')).outputs.resource.value, 'identity'), reference(variables('deployGetResourceProperties')).outputs.resource.value.identity.type, '')]\"\n                        },\n                        \"userAssignedIdentities\": {\n                          \"value\": \"[[if(and(contains(reference(variables('deployGetResourceProperties')).outputs.resource.value, 'identity'), contains(reference(variables('deployGetResourceProperties')).outputs.resource.value.identity, 'userAssignedIdentities')), reference(variables('deployGetResourceProperties')).outputs.resource.value.identity.userAssignedIdentities, createObject())]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"uaId\": {\n                            \"type\": \"string\"\n                          },\n                          \"vmName\": {\n                            \"type\": \"string\"\n                          },\n                          \"location\": {\n                            \"type\": \"string\"\n                          },\n                          \"identityType\": {\n                            \"type\": \"string\"\n                          },\n                          \"userAssignedIdentities\": {\n                            \"type\": \"object\"\n                          }\n                        },\n                        \"variables\": {\n                          \"identityTypeValue\": \"[[if(contains(parameters('identityType'), 'SystemAssigned'), 'SystemAssigned,UserAssigned', 'UserAssigned')]\",\n                          \"userAssignedIdentitiesValue\": \"[[union(parameters('userAssignedIdentities'), createObject(parameters('uaId'), createObject()))]\",\n                          \"resourceWithSingleUAI\": \"[[and(equals(parameters('identityType'), 'UserAssigned'), equals(string(length(parameters('userAssignedIdentities'))), '1'))]\"\n                        },\n                        \"resources\": [\n                          {\n                            \"condition\": \"[[not(variables('resourceWithSingleUAI'))]\",\n                            \"apiVersion\": \"2019-07-01\",\n                            \"type\": \"Microsoft.Compute/virtualMachines\",\n                            \"name\": \"[[parameters('vmName')]\",\n                            \"location\": \"[[parameters('location')]\",\n                            \"identity\": {\n                              \"type\": \"[[variables('identityTypeValue')]\",\n                              \"userAssignedIdentities\": \"[[variables('userAssignedIdentitiesValue')]\"\n                            }\n                          }\n                        ]\n                      }\n                    }\n                  }\n                ]\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}",
+    "$fxv#112": "{\n  \"name\": \"Deploy-MDFC-Arc-SQL-DCR-Association\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated]: Configure Arc-enabled SQL Servers with DCR Association to Microsoft Defender for SQL user-defined DCR\",\n    \"description\": \"Policy is deprecated as the built-in policy now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/2227e1f1-23dd-4c3a-85a9-7024a401d8b2.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"2227e1f1-23dd-4c3a-85a9-7024a401d8b2\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.HybridCompute/machines\"\n          },\n          {\n            \"field\": \"Microsoft.HybridCompute/machines/osName\",\n            \"equals\": \"Windows\"\n          },\n          {\n            \"field\": \"Microsoft.HybridCompute/machines/mssqlDiscovered\",\n            \"equals\": \"true\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Insights/dataCollectionRuleAssociations\",\n          \"name\": \"MicrosoftDefenderForSQL-RulesAssociation\",\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n            \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n          ],\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"incremental\",\n              \"template\": {\n                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"resourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"vmName\": {\n                    \"type\": \"string\"\n                  },\n                  \"workspaceRegion\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrName\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrResourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrId\": {\n                    \"type\": \"string\"\n                  }\n                },\n                \"variables\": {\n                  \"locationLongNameToShortMap\": {\n                    \"australiacentral\": \"CAU\",\n                    \"australiaeast\": \"EAU\",\n                    \"australiasoutheast\": \"SEAU\",\n                    \"brazilsouth\": \"CQ\",\n                    \"canadacentral\": \"CCA\",\n                    \"canadaeast\": \"CCA\",\n                    \"centralindia\": \"CIN\",\n                    \"centralus\": \"CUS\",\n                    \"eastasia\": \"EA\",\n                    \"eastus2euap\": \"eus2p\",\n                    \"eastus\": \"EUS\",\n                    \"eastus2\": \"EUS2\",\n                    \"francecentral\": \"PAR\",\n                    \"germanywestcentral\": \"DEWC\",\n                    \"japaneast\": \"EJP\",\n                    \"jioindiawest\": \"CIN\",\n                    \"koreacentral\": \"SE\",\n                    \"koreasouth\": \"SE\",\n                    \"northcentralus\": \"NCUS\",\n                    \"northeurope\": \"NEU\",\n                    \"norwayeast\": \"NOE\",\n                    \"southafricanorth\": \"JNB\",\n                    \"southcentralus\": \"SCUS\",\n                    \"southeastasia\": \"SEA\",\n                    \"southindia\": \"CIN\",\n                    \"swedencentral\": \"SEC\",\n                    \"switzerlandnorth\": \"CHN\",\n                    \"switzerlandwest\": \"CHW\",\n                    \"uaenorth\": \"DXB\",\n                    \"uksouth\": \"SUK\",\n                    \"ukwest\": \"WUK\",\n                    \"westcentralus\": \"WCUS\",\n                    \"westeurope\": \"WEU\",\n                    \"westindia\": \"CIN\",\n                    \"westus\": \"WUS\",\n                    \"westus2\": \"WUS2\"\n                  },\n                  \"locationCode\": \"[[if(contains(variables('locationLongNameToShortMap'), parameters('workspaceRegion')), variables('locationLongNameToShortMap')[parameters('workspaceRegion')], parameters('workspaceRegion'))]\",\n                  \"subscriptionId\": \"[[subscription().subscriptionId]\",\n                  \"defaultRGName\": \"[[parameters('resourceGroup')]\",\n                  \"dcrName\": \"[[parameters('dcrName')]\",\n                  \"dcrId\": \"[[parameters('dcrId')]\",\n                  \"dcraName\": \"[[concat(parameters('vmName'),'/Microsoft.Insights/MicrosoftDefenderForSQL-RulesAssociation')]\"\n                },\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.HybridCompute/machines/providers/dataCollectionRuleAssociations\",\n                    \"name\": \"[[variables('dcraName')]\",\n                    \"apiVersion\": \"2021-04-01\",\n                    \"properties\": {\n                      \"description\": \"Configure association between Arc-enabled SQL Server and the Microsoft Defender for SQL user-defined DCR. Deleting this association will break the detection of security vulnerabilities for this Arc-enabled SQL Server.\",\n                      \"dataCollectionRuleId\": \"[[variables('dcrId')]\"\n                    }\n                  }\n                ]\n              },\n              \"parameters\": {\n                \"resourceGroup\": {\n                  \"value\": \"[[parameters('dcrResourceGroup')]\"\n                },\n                \"vmName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"workspaceRegion\": {\n                  \"value\": \"[[parameters('workspaceRegion')]\"\n                },\n                \"dcrName\": {\n                  \"value\": \"[[parameters('dcrName')]\"\n                },\n                \"dcrResourceGroup\": {\n                  \"value\": \"[[parameters('dcrResourceGroup')]\"\n                },\n                \"dcrId\": {\n                  \"value\": \"[[parameters('dcrId')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}",
+    "$fxv#113": "{\n  \"name\": \"Deploy-MDFC-Arc-Sql-DefenderSQL-DCR\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated]: Configure Arc-enabled SQL Servers to auto install Microsoft Defender for SQL and DCR with a user-defined LAW\",\n    \"description\": \"Policy is deprecated as the built-in policy now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/63d03cbd-47fd-4ee1-8a1c-9ddf07303de0.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"63d03cbd-47fd-4ee1-8a1c-9ddf07303de0\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"userWorkspaceResourceId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace Resource Id\",\n          \"description\": \"Workspace resource Id of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n        \"type\": \"Boolean\",\n        \"metadata\": {\n          \"displayName\": \"Enable collection of SQL queries for security research\",\n          \"description\": \"Enable or disable the collection of SQL queries for security research.\"\n        },\n        \"allowedValues\": [\n          true,\n          false\n        ],\n        \"defaultValue\": false\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.HybridCompute/machines\"\n          },\n          {\n            \"field\": \"Microsoft.HybridCompute/machines/osName\",\n            \"equals\": \"Windows\"\n          },\n          {\n            \"field\": \"Microsoft.HybridCompute/machines/mssqlDiscovered\",\n            \"equals\": \"true\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Insights/dataCollectionRules\",\n          \"deploymentScope\": \"subscription\",\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n          ],\n          \"existenceScope\": \"subscription\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"location\",\n                \"equals\": \"[[parameters('workspaceRegion')]\"\n              },\n              {\n                \"field\": \"name\",\n                \"equals\": \"[[parameters('dcrName')]\"\n              }\n            ]\n          },\n          \"deployment\": {\n            \"location\": \"eastus\",\n            \"properties\": {\n              \"mode\": \"incremental\",\n              \"template\": {\n                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"resourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"vmName\": {\n                    \"type\": \"string\"\n                  },\n                  \"userWorkspaceResourceId\": {\n                    \"type\": \"string\"\n                  },\n                  \"workspaceRegion\": {\n                    \"type\": \"string\"\n                  },\n                  \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                    \"type\": \"bool\"\n                  },\n                  \"dcrName\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrResourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrId\": {\n                    \"type\": \"string\"\n                  }\n                },\n                \"variables\": {\n                  \"locationLongNameToShortMap\": {\n                    \"australiacentral\": \"CAU\",\n                    \"australiaeast\": \"EAU\",\n                    \"australiasoutheast\": \"SEAU\",\n                    \"brazilsouth\": \"CQ\",\n                    \"canadacentral\": \"CCA\",\n                    \"canadaeast\": \"CCA\",\n                    \"centralindia\": \"CIN\",\n                    \"centralus\": \"CUS\",\n                    \"eastasia\": \"EA\",\n                    \"eastus2euap\": \"eus2p\",\n                    \"eastus\": \"EUS\",\n                    \"eastus2\": \"EUS2\",\n                    \"francecentral\": \"PAR\",\n                    \"germanywestcentral\": \"DEWC\",\n                    \"japaneast\": \"EJP\",\n                    \"jioindiawest\": \"CIN\",\n                    \"koreacentral\": \"SE\",\n                    \"koreasouth\": \"SE\",\n                    \"northcentralus\": \"NCUS\",\n                    \"northeurope\": \"NEU\",\n                    \"norwayeast\": \"NOE\",\n                    \"southafricanorth\": \"JNB\",\n                    \"southcentralus\": \"SCUS\",\n                    \"southeastasia\": \"SEA\",\n                    \"southindia\": \"CIN\",\n                    \"swedencentral\": \"SEC\",\n                    \"switzerlandnorth\": \"CHN\",\n                    \"switzerlandwest\": \"CHW\",\n                    \"uaenorth\": \"DXB\",\n                    \"uksouth\": \"SUK\",\n                    \"ukwest\": \"WUK\",\n                    \"westcentralus\": \"WCUS\",\n                    \"westeurope\": \"WEU\",\n                    \"westindia\": \"CIN\",\n                    \"westus\": \"WUS\",\n                    \"westus2\": \"WUS2\"\n                  },\n                  \"locationCode\": \"[[if(contains(variables('locationLongNameToShortMap'), parameters('workspaceRegion')), variables('locationLongNameToShortMap')[parameters('workspaceRegion')], parameters('workspaceRegion'))]\",\n                  \"subscriptionId\": \"[[subscription().subscriptionId]\",\n                  \"defaultRGName\": \"[[parameters('resourceGroup')]\",\n                  \"defaultRGLocation\": \"[[parameters('workspaceRegion')]\",\n                  \"dcrName\": \"[[parameters('dcrName')]\",\n                  \"dcrId\": \"[[parameters('dcrId')]\",\n                  \"dcraName\": \"[[concat(parameters('vmName'),'/Microsoft.Insights/MicrosoftDefenderForSQL-RulesAssociation')]\",\n                  \"deployDataCollectionRules\": \"[[concat('deployDataCollectionRules-', uniqueString(deployment().name))]\",\n                  \"deployDataCollectionRulesAssociation\": \"[[concat('deployDataCollectionRulesAssociation-', uniqueString(deployment().name))]\"\n                },\n                \"resources\": [\n                  {\n                    \"condition\": \"[[empty(parameters('dcrResourceGroup'))]\",\n                    \"type\": \"Microsoft.Resources/resourceGroups\",\n                    \"name\": \"[[variables('defaultRGName')]\",\n                    \"apiVersion\": \"2022-09-01\",\n                    \"location\": \"[[variables('defaultRGLocation')]\",\n                    \"tags\": {\n                      \"createdBy\": \"MicrosoftDefenderForSQL\"\n                    }\n                  },\n                  {\n                    \"condition\": \"[[empty(parameters('dcrId'))]\",\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"name\": \"[[variables('deployDataCollectionRules')]\",\n                    \"apiVersion\": \"2022-09-01\",\n                    \"resourceGroup\": \"[[variables('defaultRGName')]\",\n                    \"dependsOn\": [\n                      \"[[variables('defaultRGName')]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"defaultRGLocation\": {\n                          \"value\": \"[[variables('defaultRGLocation')]\"\n                        },\n                        \"workspaceResourceId\": {\n                          \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n                        },\n                        \"dcrName\": {\n                          \"value\": \"[[variables('dcrName')]\"\n                        },\n                        \"dcrId\": {\n                          \"value\": \"[[variables('dcrId')]\"\n                        },\n                        \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                          \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"defaultRGLocation\": {\n                            \"type\": \"string\"\n                          },\n                          \"workspaceResourceId\": {\n                            \"type\": \"string\"\n                          },\n                          \"dcrName\": {\n                            \"type\": \"string\"\n                          },\n                          \"dcrId\": {\n                            \"type\": \"string\"\n                          },\n                          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                            \"type\": \"bool\"\n                          }\n                        },\n                        \"variables\": {},\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.Insights/dataCollectionRules\",\n                            \"name\": \"[[parameters('dcrName')]\",\n                            \"apiVersion\": \"2021-04-01\",\n                            \"location\": \"[[parameters('defaultRGLocation')]\",\n                            \"tags\": {\n                              \"createdBy\": \"MicrosoftDefenderForSQL\"\n                            },\n                            \"properties\": {\n                              \"description\": \"Data collection rule for Microsoft Defender for SQL. Deleting this rule will break the detection of security vulnerabilities.\",\n                              \"dataSources\": {\n                                \"extensions\": [\n                                  {\n                                    \"extensionName\": \"MicrosoftDefenderForSQL\",\n                                    \"name\": \"MicrosoftDefenderForSQL\",\n                                    \"streams\": [\n                                      \"Microsoft-DefenderForSqlAlerts\",\n                                      \"Microsoft-DefenderForSqlLogins\",\n                                      \"Microsoft-DefenderForSqlTelemetry\",\n                                      \"Microsoft-DefenderForSqlScanEvents\",\n                                      \"Microsoft-DefenderForSqlScanResults\"\n                                    ],\n                                    \"extensionSettings\": {\n                                      \"enableCollectionOfSqlQueriesForSecurityResearch\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n                                    }\n                                  }\n                                ]\n                              },\n                              \"destinations\": {\n                                \"logAnalytics\": [\n                                  {\n                                    \"workspaceResourceId\": \"[[parameters('workspaceResourceId')]\",\n                                    \"name\": \"LogAnalyticsDest\"\n                                  }\n                                ]\n                              },\n                              \"dataFlows\": [\n                                {\n                                  \"streams\": [\n                                    \"Microsoft-DefenderForSqlAlerts\",\n                                    \"Microsoft-DefenderForSqlLogins\",\n                                    \"Microsoft-DefenderForSqlTelemetry\",\n                                    \"Microsoft-DefenderForSqlScanEvents\",\n                                    \"Microsoft-DefenderForSqlScanResults\"\n                                  ],\n                                  \"destinations\": [\n                                    \"LogAnalyticsDest\"\n                                  ]\n                                }\n                              ]\n                            }\n                          }\n                        ]\n                      }\n                    }\n                  },\n                  {\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"name\": \"[[variables('deployDataCollectionRulesAssociation')]\",\n                    \"apiVersion\": \"2022-09-01\",\n                    \"resourceGroup\": \"[[parameters('resourceGroup')]\",\n                    \"dependsOn\": [\n                      \"[[variables('deployDataCollectionRules')]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"dcrId\": {\n                          \"value\": \"[[variables('dcrId')]\"\n                        },\n                        \"dcraName\": {\n                          \"value\": \"[[variables('dcraName')]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"dcrId\": {\n                            \"type\": \"string\"\n                          },\n                          \"dcraName\": {\n                            \"type\": \"string\"\n                          }\n                        },\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.HybridCompute/machines/providers/dataCollectionRuleAssociations\",\n                            \"name\": \"[[parameters('dcraName')]\",\n                            \"apiVersion\": \"2021-04-01\",\n                            \"properties\": {\n                              \"description\": \"Configure association between Arc-enabled SQL Server and the Microsoft Defender for SQL user-defined DCR. Deleting this association will break the detection of security vulnerabilities for this Arc-enabled SQL Server.\",\n                              \"dataCollectionRuleId\": \"[[parameters('dcrId')]\"\n                            }\n                          }\n                        ]\n                      }\n                    }\n                  }\n                ]\n              },\n              \"parameters\": {\n                \"resourceGroup\": {\n                  \"value\": \"[[parameters('dcrResourceGroup')]\"\n                },\n                \"vmName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"userWorkspaceResourceId\": {\n                  \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n                },\n                \"workspaceRegion\": {\n                  \"value\": \"[[parameters('workspaceRegion')]\"\n                },\n                \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                  \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n                },\n                \"dcrName\": {\n                  \"value\": \"[[parameters('dcrName')]\"\n                },\n                \"dcrResourceGroup\": {\n                  \"value\": \"[[parameters('dcrResourceGroup')]\"\n                },\n                \"dcrId\": {\n                  \"value\": \"[[parameters('dcrId')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}",
+    "$fxv#114": "{\n  \"name\": \"Deploy-MDFC-SQL-AMA\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated]: Configure SQL Virtual Machines to automatically install Azure Monitor Agent\",\n    \"description\": \"Policy is deprecated as the built-in policy now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/f91991d1-5383-4c95-8ee5-5ac423dd8bb1.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"f91991d1-5383-4c95-8ee5-5ac423dd8bb1\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"identityResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Identity Resource Group\",\n          \"description\": \"The name of the resource group created by the policy.\"\n        },\n        \"defaultValue\": \"\"\n      },\n      \"userAssignedIdentityName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"User Assigned Managed Identity Name\",\n          \"description\": \"The name of the user assigned managed identity.\"\n        },\n        \"defaultValue\": \"\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Compute/virtualMachines\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\n            \"like\": \"Windows*\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/imagePublisher\",\n            \"equals\": \"microsoftsqlserver\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n          \"evaluationDelay\": \"AfterProvisioning\",\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\n          ],\n          \"name\": \"[[concat(field('fullName'), '/AzureMonitorWindowsAgent')]\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\n                \"equals\": \"AzureMonitorWindowsAgent\"\n              },\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\n                \"equals\": \"Microsoft.Azure.Monitor\"\n              },\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\n                \"in\": [\n                  \"Succeeded\",\n                  \"Provisioning succeeded\"\n                ]\n              }\n            ]\n          },\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"incremental\",\n              \"template\": {\n                \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"vmName\": {\n                    \"type\": \"string\"\n                  },\n                  \"location\": {\n                    \"type\": \"string\"\n                  },\n                  \"userAssignedManagedIdentity\": {\n                    \"type\": \"string\"\n                  },\n                  \"userAssignedIdentityName\": {\n                    \"type\": \"string\"\n                  },\n                  \"identityResourceGroup\": {\n                    \"type\": \"string\"\n                  }\n                },\n                \"variables\": {\n                  \"extensionName\": \"AzureMonitorWindowsAgent\",\n                  \"extensionPublisher\": \"Microsoft.Azure.Monitor\",\n                  \"extensionType\": \"AzureMonitorWindowsAgent\",\n                  \"extensionTypeHandlerVersion\": \"1.2\"\n                },\n                \"resources\": [\n                  {\n                    \"name\": \"[[concat(parameters('vmName'), '/', variables('extensionName'))]\",\n                    \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n                    \"location\": \"[[parameters('location')]\",\n                    \"tags\": {\n                      \"createdBy\": \"MicrosoftDefenderForSQL\"\n                    },\n                    \"apiVersion\": \"2023-03-01\",\n                    \"properties\": {\n                      \"publisher\": \"[[variables('extensionPublisher')]\",\n                      \"type\": \"[[variables('extensionType')]\",\n                      \"typeHandlerVersion\": \"[[variables('extensionTypeHandlerVersion')]\",\n                      \"autoUpgradeMinorVersion\": true,\n                      \"enableAutomaticUpgrade\": true,\n                      \"settings\": {\n                        \"authentication\": {\n                          \"managedIdentity\": {\n                            \"identifier-name\": \"mi_res_id\",\n                            \"identifier-value\": \"[[parameters('userAssignedManagedIdentity')]\"\n                          }\n                        }\n                      }\n                    }\n                  }\n                ]\n              },\n              \"parameters\": {\n                \"vmName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"userAssignedManagedIdentity\": {\n                  \"value\": \"[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', trim(parameters('identityResourceGroup')), '/providers/Microsoft.ManagedIdentity/userAssignedIdentities/', trim(parameters('userAssignedIdentityName')))]\"\n                },\n                \"userAssignedIdentityName\": {\n                  \"value\": \"[[parameters('userAssignedIdentityName')]\"\n                },\n                \"identityResourceGroup\": {\n                  \"value\": \"[[parameters('identityResourceGroup')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
+    "$fxv#115": "{\n  \"name\": \"Deploy-MDFC-SQL-DefenderSQL-DCR\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated]: Configure SQL Virtual Machines to auto install Microsoft Defender for SQL and DCR with a user-defined LAW\",\n    \"description\": \"Policy is deprecated as the built-in policy now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/04754ef9-9ae3-4477-bf17-86ef50026304.html\",\n    \"metadata\": {\n      \"version\": \"1.0.1-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"04754ef9-9ae3-4477-bf17-86ef50026304\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"userWorkspaceResourceId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace Resource Id\",\n          \"description\": \"Workspace resource Id of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n        \"type\": \"Boolean\",\n        \"metadata\": {\n          \"displayName\": \"Enable collection of SQL queries for security research\",\n          \"description\": \"Enable or disable the collection of SQL queries for security research.\"\n        },\n        \"allowedValues\": [\n          true,\n          false\n        ],\n        \"defaultValue\": false\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Compute/virtualMachines\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\n            \"like\": \"Windows*\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/imagePublisher\",\n            \"equals\": \"microsoftsqlserver\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Insights/dataCollectionRules\",\n          \"evaluationDelay\": \"AfterProvisioning\",\n          \"deploymentScope\": \"subscription\",\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n          ],\n          \"existenceScope\": \"subscription\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"location\",\n                \"equals\": \"[[parameters('workspaceRegion')]\"\n              },\n              {\n                \"field\": \"name\",\n                \"equals\": \"[[parameters('dcrName')]\"\n              }\n            ]\n          },\n          \"deployment\": {\n            \"location\": \"eastus\",\n            \"properties\": {\n              \"mode\": \"incremental\",\n              \"template\": {\n                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"resourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"location\": {\n                    \"type\": \"string\"\n                  },\n                  \"vmName\": {\n                    \"type\": \"string\"\n                  },\n                  \"userWorkspaceResourceId\": {\n                    \"type\": \"string\"\n                  },\n                  \"workspaceRegion\": {\n                    \"type\": \"string\"\n                  },\n                  \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                    \"type\": \"bool\"\n                  },\n                  \"dcrName\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrResourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrId\": {\n                    \"type\": \"string\"\n                  }\n                },\n                \"variables\": {\n                  \"locationLongNameToShortMap\": {\n                    \"australiacentral\": \"CAU\",\n                    \"australiaeast\": \"EAU\",\n                    \"australiasoutheast\": \"SEAU\",\n                    \"brazilsouth\": \"CQ\",\n                    \"canadacentral\": \"CCA\",\n                    \"canadaeast\": \"CCA\",\n                    \"centralindia\": \"CIN\",\n                    \"centralus\": \"CUS\",\n                    \"eastasia\": \"EA\",\n                    \"eastus2euap\": \"eus2p\",\n                    \"eastus\": \"EUS\",\n                    \"eastus2\": \"EUS2\",\n                    \"francecentral\": \"PAR\",\n                    \"germanywestcentral\": \"DEWC\",\n                    \"japaneast\": \"EJP\",\n                    \"jioindiawest\": \"CIN\",\n                    \"koreacentral\": \"SE\",\n                    \"koreasouth\": \"SE\",\n                    \"northcentralus\": \"NCUS\",\n                    \"northeurope\": \"NEU\",\n                    \"norwayeast\": \"NOE\",\n                    \"southafricanorth\": \"JNB\",\n                    \"southcentralus\": \"SCUS\",\n                    \"southeastasia\": \"SEA\",\n                    \"southindia\": \"CIN\",\n                    \"swedencentral\": \"SEC\",\n                    \"switzerlandnorth\": \"CHN\",\n                    \"switzerlandwest\": \"CHW\",\n                    \"uaenorth\": \"DXB\",\n                    \"uksouth\": \"SUK\",\n                    \"ukwest\": \"WUK\",\n                    \"westcentralus\": \"WCUS\",\n                    \"westeurope\": \"WEU\",\n                    \"westindia\": \"CIN\",\n                    \"westus\": \"WUS\",\n                    \"westus2\": \"WUS2\"\n                  },\n                  \"locationCode\": \"[[if(contains(variables('locationLongNameToShortMap'), parameters('workspaceRegion')), variables('locationLongNameToShortMap')[parameters('workspaceRegion')], parameters('workspaceRegion'))]\",\n                  \"subscriptionId\": \"[[subscription().subscriptionId]\",\n                  \"defaultRGName\": \"[[parameters('dcrResourceGroup')]\",\n                  \"defaultRGLocation\": \"[[parameters('workspaceRegion')]\",\n                  \"dcrName\": \"[[parameters('dcrName')]\",\n                  \"dcrId\": \"[[parameters('dcrId')]\",\n                  \"dcraName\": \"[[concat(parameters('vmName'),'/Microsoft.Insights/MicrosoftDefenderForSQL-RulesAssociation')]\",\n                  \"deployDataCollectionRules\": \"[[concat('deployDataCollectionRules-', uniqueString(deployment().name))]\",\n                  \"deployDataCollectionRulesAssociation\": \"[[concat('deployDataCollectionRulesAssociation-', uniqueString(deployment().name))]\",\n                  \"deployDefenderForSQL\": \"[[concat('deployDefenderForSQL-', uniqueString(deployment().name))]\"\n                },\n                \"resources\": [\n                  {\n                    \"condition\": \"[[empty(parameters('dcrResourceGroup'))]\",\n                    \"type\": \"Microsoft.Resources/resourceGroups\",\n                    \"name\": \"[[variables('defaultRGName')]\",\n                    \"apiVersion\": \"2022-09-01\",\n                    \"location\": \"[[variables('defaultRGLocation')]\",\n                    \"tags\": {\n                      \"createdBy\": \"MicrosoftDefenderForSQL\"\n                    }\n                  },\n                  {\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"name\": \"[[variables('deployDefenderForSQL')]\",\n                    \"apiVersion\": \"2022-09-01\",\n                    \"resourceGroup\": \"[[parameters('resourceGroup')]\",\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"location\": {\n                          \"value\": \"[[parameters('location')]\"\n                        },\n                        \"vmName\": {\n                          \"value\": \"[[parameters('vmName')]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"location\": {\n                            \"type\": \"string\"\n                          },\n                          \"vmName\": {\n                            \"type\": \"string\"\n                          }\n                        },\n                        \"variables\": {},\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n                            \"name\": \"[[concat(parameters('vmName'), '/', 'MicrosoftDefenderForSQL')]\",\n                            \"apiVersion\": \"2023-03-01\",\n                            \"location\": \"[[parameters('location')]\",\n                            \"tags\": {\n                              \"createdBy\": \"MicrosoftDefenderForSQL\"\n                            },\n                            \"properties\": {\n                              \"publisher\": \"Microsoft.Azure.AzureDefenderForSQL\",\n                              \"type\": \"AdvancedThreatProtection.Windows\",\n                              \"typeHandlerVersion\": \"2.0\",\n                              \"autoUpgradeMinorVersion\": true,\n                              \"enableAutomaticUpgrade\": true\n                            }\n                          }\n                        ]\n                      }\n                    }\n                  },\n                  {\n                    \"condition\": \"[[empty(parameters('dcrId'))]\",\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"name\": \"[[variables('deployDataCollectionRules')]\",\n                    \"apiVersion\": \"2022-09-01\",\n                    \"resourceGroup\": \"[[variables('defaultRGName')]\",\n                    \"dependsOn\": [\n                      \"[[variables('defaultRGName')]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"defaultRGLocation\": {\n                          \"value\": \"[[variables('defaultRGLocation')]\"\n                        },\n                        \"workspaceResourceId\": {\n                          \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n                        },\n                        \"dcrName\": {\n                          \"value\": \"[[variables('dcrName')]\"\n                        },\n                        \"dcrId\": {\n                          \"value\": \"[[variables('dcrId')]\"\n                        },\n                        \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                          \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"defaultRGLocation\": {\n                            \"type\": \"string\"\n                          },\n                          \"workspaceResourceId\": {\n                            \"type\": \"string\"\n                          },\n                          \"dcrName\": {\n                            \"type\": \"string\"\n                          },\n                          \"dcrId\": {\n                            \"type\": \"string\"\n                          },\n                          \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                            \"type\": \"bool\"\n                          }\n                        },\n                        \"variables\": {},\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.Insights/dataCollectionRules\",\n                            \"name\": \"[[parameters('dcrName')]\",\n                            \"apiVersion\": \"2021-04-01\",\n                            \"location\": \"[[parameters('defaultRGLocation')]\",\n                            \"tags\": {\n                              \"createdBy\": \"MicrosoftDefenderForSQL\"\n                            },\n                            \"properties\": {\n                              \"description\": \"Data collection rule for Microsoft Defender for SQL. Deleting this rule will break the detection of security vulnerabilities.\",\n                              \"dataSources\": {\n                                \"extensions\": [\n                                  {\n                                    \"extensionName\": \"MicrosoftDefenderForSQL\",\n                                    \"name\": \"MicrosoftDefenderForSQL\",\n                                    \"streams\": [\n                                      \"Microsoft-DefenderForSqlAlerts\",\n                                      \"Microsoft-DefenderForSqlLogins\",\n                                      \"Microsoft-DefenderForSqlTelemetry\",\n                                      \"Microsoft-DefenderForSqlScanEvents\",\n                                      \"Microsoft-DefenderForSqlScanResults\"\n                                    ],\n                                    \"extensionSettings\": {\n                                      \"enableCollectionOfSqlQueriesForSecurityResearch\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n                                    }\n                                  }\n                                ]\n                              },\n                              \"destinations\": {\n                                \"logAnalytics\": [\n                                  {\n                                    \"workspaceResourceId\": \"[[parameters('workspaceResourceId')]\",\n                                    \"name\": \"LogAnalyticsDest\"\n                                  }\n                                ]\n                              },\n                              \"dataFlows\": [\n                                {\n                                  \"streams\": [\n                                    \"Microsoft-DefenderForSqlAlerts\",\n                                    \"Microsoft-DefenderForSqlLogins\",\n                                    \"Microsoft-DefenderForSqlTelemetry\",\n                                    \"Microsoft-DefenderForSqlScanEvents\",\n                                    \"Microsoft-DefenderForSqlScanResults\"\n                                  ],\n                                  \"destinations\": [\n                                    \"LogAnalyticsDest\"\n                                  ]\n                                }\n                              ]\n                            }\n                          }\n                        ]\n                      }\n                    }\n                  },\n                  {\n                    \"type\": \"Microsoft.Resources/deployments\",\n                    \"name\": \"[[variables('deployDataCollectionRulesAssociation')]\",\n                    \"apiVersion\": \"2022-09-01\",\n                    \"resourceGroup\": \"[[parameters('resourceGroup')]\",\n                    \"dependsOn\": [\n                      \"[[variables('deployDataCollectionRules')]\"\n                    ],\n                    \"properties\": {\n                      \"mode\": \"Incremental\",\n                      \"expressionEvaluationOptions\": {\n                        \"scope\": \"inner\"\n                      },\n                      \"parameters\": {\n                        \"dcrId\": {\n                          \"value\": \"[[variables('dcrId')]\"\n                        },\n                        \"dcraName\": {\n                          \"value\": \"[[variables('dcraName')]\"\n                        }\n                      },\n                      \"template\": {\n                        \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                        \"contentVersion\": \"1.0.0.0\",\n                        \"parameters\": {\n                          \"dcrId\": {\n                            \"type\": \"string\"\n                          },\n                          \"dcraName\": {\n                            \"type\": \"string\"\n                          }\n                        },\n                        \"resources\": [\n                          {\n                            \"type\": \"Microsoft.Compute/virtualMachines/providers/dataCollectionRuleAssociations\",\n                            \"name\": \"[[parameters('dcraName')]\",\n                            \"apiVersion\": \"2021-04-01\",\n                            \"properties\": {\n                              \"description\": \"Configure association between SQL Virtual Machine and the Microsoft Defender for SQL user-defined DCR. Deleting this association will break the detection of security vulnerabilities for this SQL Virtual Machine.\",\n                              \"dataCollectionRuleId\": \"[[parameters('dcrId')]\"\n                            }\n                          }\n                        ]\n                      }\n                    }\n                  }\n                ]\n              },\n              \"parameters\": {\n                \"resourceGroup\": {\n                  \"value\": \"[[resourceGroup().name]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"vmName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"userWorkspaceResourceId\": {\n                  \"value\": \"[[parameters('userWorkspaceResourceId')]\"\n                },\n                \"workspaceRegion\": {\n                  \"value\": \"[[parameters('workspaceRegion')]\"\n                },\n                \"enableCollectionOfSqlQueriesForSecurityResearch\": {\n                  \"value\": \"[[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]\"\n                },\n                \"dcrName\": {\n                  \"value\": \"[[parameters('dcrName')]\"\n                },\n                \"dcrResourceGroup\": {\n                  \"value\": \"[[parameters('dcrResourceGroup')]\"\n                },\n                \"dcrId\": {\n                  \"value\": \"[[parameters('dcrId')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
+    "$fxv#116": "{\n  \"name\": \"Deploy-MDFC-SQL-DefenderSQL\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"displayName\": \"[Deprecated]: Configure SQL Virtual Machines to automatically install Microsoft Defender for SQL\",\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"description\": \"Policy is deprecated as the built-in policy now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/ddca0ddc-4e9d-4bbb-92a1-f7c4dd7ef7ce.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Security Center\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"ddca0ddc-4e9d-4bbb-92a1-f7c4dd7ef7ce\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DeployIfNotExists\"\n      },\n      \"workspaceRegion\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Workspace region\",\n          \"description\": \"Region of the Log Analytics workspace destination for the Data Collection Rule.\",\n          \"strongType\": \"location\"\n        }\n      },\n      \"dcrName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Name\",\n          \"description\": \"Name of the Data Collection Rule.\"\n        }\n      },\n      \"dcrResourceGroup\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Resource Group\",\n          \"description\": \"Resource Group of the Data Collection Rule.\"\n        }\n      },\n      \"dcrId\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Data Collection Rule Id\",\n          \"description\": \"Id of the Data Collection Rule.\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Compute/virtualMachines\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType\",\n            \"like\": \"Windows*\"\n          },\n          {\n            \"field\": \"Microsoft.Compute/imagePublisher\",\n            \"equals\": \"microsoftsqlserver\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n          \"name\": \"[[concat(field('fullName'), '/MicrosoftDefenderForSQL')]\",\n          \"evaluationDelay\": \"AfterProvisioning\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\n                \"equals\": \"AdvancedThreatProtection.Windows\"\n              },\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\n                \"equals\": \"Microsoft.Azure.AzureDefenderForSQL\"\n              },\n              {\n                \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\n                \"in\": [\n                  \"Succeeded\",\n                  \"Provisioning succeeded\"\n                ]\n              }\n            ]\n          },\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n            \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n          ],\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"incremental\",\n              \"template\": {\n                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"location\": {\n                    \"type\": \"string\"\n                  },\n                  \"vmName\": {\n                    \"type\": \"string\"\n                  },\n                  \"workspaceRegion\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrResourceGroup\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrName\": {\n                    \"type\": \"string\"\n                  },\n                  \"dcrId\": {\n                    \"type\": \"string\"\n                  }\n                },\n                \"variables\": {\n                  \"locationLongNameToShortMap\": {\n                    \"australiacentral\": \"CAU\",\n                    \"australiaeast\": \"EAU\",\n                    \"australiasoutheast\": \"SEAU\",\n                    \"brazilsouth\": \"CQ\",\n                    \"canadacentral\": \"CCA\",\n                    \"canadaeast\": \"CCA\",\n                    \"centralindia\": \"CIN\",\n                    \"centralus\": \"CUS\",\n                    \"eastasia\": \"EA\",\n                    \"eastus2euap\": \"eus2p\",\n                    \"eastus\": \"EUS\",\n                    \"eastus2\": \"EUS2\",\n                    \"francecentral\": \"PAR\",\n                    \"germanywestcentral\": \"DEWC\",\n                    \"japaneast\": \"EJP\",\n                    \"jioindiawest\": \"CIN\",\n                    \"koreacentral\": \"SE\",\n                    \"koreasouth\": \"SE\",\n                    \"northcentralus\": \"NCUS\",\n                    \"northeurope\": \"NEU\",\n                    \"norwayeast\": \"NOE\",\n                    \"southafricanorth\": \"JNB\",\n                    \"southcentralus\": \"SCUS\",\n                    \"southeastasia\": \"SEA\",\n                    \"southindia\": \"CIN\",\n                    \"swedencentral\": \"SEC\",\n                    \"switzerlandnorth\": \"CHN\",\n                    \"switzerlandwest\": \"CHW\",\n                    \"uaenorth\": \"DXB\",\n                    \"uksouth\": \"SUK\",\n                    \"ukwest\": \"WUK\",\n                    \"westcentralus\": \"WCUS\",\n                    \"westeurope\": \"WEU\",\n                    \"westindia\": \"CIN\",\n                    \"westus\": \"WUS\",\n                    \"westus2\": \"WUS2\"\n                  },\n                  \"actualLocation\": \"[[if(empty(parameters('workspaceRegion')), parameters('location'), parameters('workspaceRegion'))]\",\n                  \"locationCode\": \"[[if(contains(variables('locationLongNameToShortMap'), variables('actualLocation')), variables('locationLongNameToShortMap')[variables('actualLocation')], variables('actualLocation'))]\",\n                  \"subscriptionId\": \"[[subscription().subscriptionId]\",\n                  \"defaultRGName\": \"[[parameters('dcrResourceGroup')]\",\n                  \"dcrName\": \"[[parameters('dcrName')]\",\n                  \"dcrId\": \"[[parameters('dcrId')]\",\n                  \"dcraName\": \"[[concat(parameters('vmName'),'/Microsoft.Insights/MicrosoftDefenderForSQL-RulesAssociation')]\"\n                },\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n                    \"name\": \"[[concat(parameters('vmName'), '/', 'MicrosoftDefenderForSQL')]\",\n                    \"apiVersion\": \"2023-03-01\",\n                    \"location\": \"[[parameters('location')]\",\n                    \"tags\": {\n                      \"createdBy\": \"MicrosoftDefenderForSQL\"\n                    },\n                    \"properties\": {\n                      \"publisher\": \"Microsoft.Azure.AzureDefenderForSQL\",\n                      \"type\": \"AdvancedThreatProtection.Windows\",\n                      \"typeHandlerVersion\": \"2.0\",\n                      \"autoUpgradeMinorVersion\": true,\n                      \"enableAutomaticUpgrade\": true\n                    },\n                    \"dependsOn\": [\n                      \"[[extensionResourceId(concat('/subscriptions/', variables('subscriptionId'), '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Compute/virtualMachines/', parameters('vmName')), 'Microsoft.Insights/dataCollectionRuleAssociations','MicrosoftDefenderForSQL-RulesAssociation')]\"\n                    ]\n                  },\n                  {\n                    \"type\": \"Microsoft.Compute/virtualMachines/providers/dataCollectionRuleAssociations\",\n                    \"name\": \"[[variables('dcraName')]\",\n                    \"apiVersion\": \"2021-04-01\",\n                    \"properties\": {\n                      \"description\": \"Configure association between SQL Virtual Machine and the Microsoft Defender for SQL DCR. Deleting this association will break the detection of security vulnerabilities for this SQL Virtual Machine.\",\n                      \"dataCollectionRuleId\": \"[[variables('dcrId')]\"\n                    }\n                  }\n                ]\n              },\n              \"parameters\": {\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"vmName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"workspaceRegion\": {\n                  \"value\": \"[[parameters('workspaceRegion')]\"\n                },\n                \"dcrResourceGroup\": {\n                  \"value\": \"[[parameters('dcrResourceGroup')]\"\n                },\n                \"dcrName\": {\n                  \"value\": \"[[parameters('dcrName')]\"\n                },\n                \"dcrId\": {\n                  \"value\": \"[[parameters('dcrId')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
+    "$fxv#117": "{\n    \"name\": \"Deny-APIM-TLS\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"API Management services should use TLS version 1.2\",\n        \"description\": \"Azure API Management service should use TLS version 1.2\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"API Management\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.ApiManagement/service\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"value\": \"[[indexof(toLower(string(field('Microsoft.ApiManagement/service/customProperties'))), '\\\"microsoft.windowsazure.apimanagement.gateway.security.protocols.tls10\\\":\\\"true\\\"')]\",\n                                \"greater\": 0\n                            },\n                            {\n                                \"value\": \"[[indexof(toLower(string(field('Microsoft.ApiManagement/service/customProperties'))), '\\\"microsoft.windowsazure.apimanagement.gateway.security.protocols.tls10\\\":true')]\",\n                                \"greater\": 0\n                            },\n                            {\n                                \"value\": \"[[indexof(toLower(string(field('Microsoft.ApiManagement/service/customProperties'))), '\\\"microsoft.windowsazure.apimanagement.gateway.security.protocols.tls11\\\":\\\"true\\\"')]\",\n                                \"greater\": 0\n                            },\n                            {\n                                \"value\": \"[[indexof(toLower(string(field('Microsoft.ApiManagement/service/customProperties'))), '\\\"microsoft.windowsazure.apimanagement.gateway.security.protocols.tls11\\\":true')]\",\n                                \"greater\": 0\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#118": "{\n    \"name\": \"Deny-AppGw-Without-Tls\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Application Gateway should be deployed with predefined Microsoft policy that is using TLS version 1.2\",\n        \"description\": \"This policy enables you to restrict that Application Gateways is always deployed with predefined Microsoft policy that is using TLS version 1.2\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"predefinedPolicyName\": {\n                \"type\": \"array\",\n                \"metadata\": {\n                    \"displayName\": \"Predefined policy name\",\n                    \"description\": \"Predefined policy name\"\n                },\n                \"defaultValue\": [\n                    \"AppGwSslPolicy20220101\",\n                    \"AppGwSslPolicy20170401S\",\n                    \"AppGwSslPolicy20220101S\"\n                ]\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/applicationGateways\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Network/applicationGateways/sslPolicy.policyType\",\n                                \"notEquals\": \"Predefined\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Network/applicationGateways/sslPolicy.policyType\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Network/applicationGateways/sslPolicy.policyName\",\n                                \"notIn\": \"[[parameters('predefinedPolicyName')]\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#119": "{\n    \"name\": \"Deny-AppService-without-BYOC\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"App Service certificates must be stored in Key Vault\",\n        \"description\": \"App Service (including Logic apps and Function apps) must use certificates stored in Key Vault\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"App Service\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Audit\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Web/certificates\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Web/certificates/keyVaultId\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Web/certificates/keyVaultSecretName\",\n                                \"exists\": \"false\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
     "$fxv#12": "{\n  \"name\": \"Deny-AppServiceWebApp-http\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Web Application should only be accessible over HTTPS\",\n    \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"App Service\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Deny\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Web/sites\"\n          },\n          {\n            \"field\": \"kind\",\n            \"like\": \"app*\"\n          },\n          {\n            \"field\": \"Microsoft.Web/sites/httpsOnly\",\n            \"equals\": \"false\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#120": "{\n    \"name\": \"Deny-CognitiveServices-NetworkAcls\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Network ACLs should be restricted for Cognitive Services\",\n        \"description\": \"Azure Cognitive Services should not allow adding individual IPs or virtual network rules to the service-level firewall. Enable this to restrict inbound network access and enforce the usage of private endpoints.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.CognitiveServices/accounts\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"count\": {\n                                    \"field\": \"Microsoft.CognitiveServices/accounts/networkAcls.ipRules[*]\"\n                                },\n                                \"greater\": 0\n                            },\n                            {\n                                \"count\": {\n                                    \"field\": \"Microsoft.CognitiveServices/accounts/networkAcls.virtualNetworkRules[*]\"\n                                },\n                                \"greater\": 0\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#121": "{\n    \"name\": \"Deny-CognitiveServices-Resource-Kinds\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Only explicit kinds for Cognitive Services should be allowed\",\n        \"description\": \"Azure Cognitive Services should only create explicit allowed kinds.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"allowedKinds\": {\n                \"type\": \"array\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Select the allowed resource kinds to be used with Cognitive Services\"\n                },\n                \"allowedValues\": [\n                    \"AnomalyDetector\",\n                    \"ComputerVision\",\n                    \"CognitiveServices\",\n                    \"ContentModerator\",\n                    \"CustomVision.Training\",\n                    \"CustomVision.Prediction\",\n                    \"Face\",\n                    \"FormRecognizer\",\n                    \"ImmersiveReader\",\n                    \"LUIS\",\n                    \"Personalizer\",\n                    \"SpeechServices\",\n                    \"TextAnalytics\",\n                    \"TextTranslation\",\n                    \"OpenAI\"\n                ],\n                \"defaultValue\": [\n                    \"AnomalyDetector\",\n                    \"ComputerVision\",\n                    \"CognitiveServices\",\n                    \"ContentModerator\",\n                    \"CustomVision.Training\",\n                    \"CustomVision.Prediction\",\n                    \"Face\",\n                    \"FormRecognizer\",\n                    \"ImmersiveReader\",\n                    \"LUIS\",\n                    \"Personalizer\",\n                    \"SpeechServices\",\n                    \"TextAnalytics\",\n                    \"TextTranslation\",\n                    \"OpenAI\"\n                ]\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.CognitiveServices/accounts\"\n                    },\n                    {\n                        \"field\": \"kind\",\n                        \"notIn\": \"[[parameters('allowedKinds')]\"\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#122": "{\n    \"name\": \"Deny-CognitiveServices-RestrictOutboundNetworkAccess\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Outbound network access should be restricted for Cognitive Services\",\n        \"description\": \"Azure Cognitive Services allow restricting outbound network access. Enable this to limit outbound connectivity for the service.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.CognitiveServices/accounts\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.CognitiveServices/accounts/restrictOutboundNetworkAccess\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.CognitiveServices/accounts/restrictOutboundNetworkAccess\",\n                                \"notEquals\": true\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#123": "{\n    \"name\": \"Deny-EH-minTLS\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Event Hub namespaces should use a valid TLS version\",\n        \"description\": \"Event Hub namespaces should use a valid TLS version.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Hub\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"minTlsVersion\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Minimum TLS Version\",\n                    \"description\": \"Minimum TLS version to be used by Event Hub\"\n                },\n                \"defaultValue\": \"1.2\"\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.EventHub/namespaces\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.EventHub/namespaces/minimumTlsVersion\",\n                                \"notEquals\": \"[[parameters('minTlsVersion')]\"\n                            },\n                            {\n                                \"field\": \"Microsoft.EventHub/namespaces/minimumTlsVersion\",\n                                \"exists\": \"false\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#124": "{\n    \"name\": \"Deny-EH-Premium-CMK\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Event Hub namespaces (Premium) should use a customer-managed key for encryption\",\n        \"description\": \"Event Hub namespaces (Premium) should use a customer-managed key for encryption.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Hub\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.EventHub/namespaces\"\n                    },\n                    {\n                        \"field\": \"Microsoft.EventHub/namespaces/sku.name\",\n                        \"equals\": \"Premium\"\n                    },\n                    {\n                        \"not\": {\n                            \"field\": \"Microsoft.EventHub/namespaces/encryption.keySource\",\n                            \"equals\": \"Microsoft.Keyvault\"\n                        }\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#125": "{\n    \"name\": \"Deny-LogicApp-Public-Network\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Logic apps should disable public network access\",\n        \"description\": \"Disabling public network access improves security by ensuring that the Logic App is not exposed on the public internet. Creating private endpoints can limit exposure of a Logic App. Learn more at: https://aka.ms/app-service-private-endpoint.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Logic Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Web/sites\"\n                    },\n                    {\n                        \"field\": \"kind\",\n                        \"contains\": \"workflowapp\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Web/sites/publicNetworkAccess\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Web/sites/publicNetworkAccess\",\n                                \"notEquals\": \"Disabled\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#126": "{\n    \"name\": \"Deny-LogicApps-Without-Https\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Logic app should only be accessible over HTTPS\",\n        \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Logic Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Web/sites\"\n                    },\n                    {\n                        \"field\": \"kind\",\n                        \"contains\": \"workflowapp\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Web/sites/httpsOnly\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Web/sites/httpsOnly\",\n                                \"equals\": \"false\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#127": "{\n    \"name\": \"Deny-Service-Endpoints\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Deny or Audit service endpoints on subnets\",\n        \"description\": \"This Policy will deny/audit Service Endpoints on subnets. Service Endpoints allows the network traffic to bypass Network appliances, such as the Azure Firewall.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/virtualNetworks/subnets\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Network/virtualNetworks/subnets/serviceEndpoints[*]\",\n                            \"where\": {\n                                \"field\": \"Microsoft.Network/virtualNetworks/subnets/serviceEndpoints[*].service\",\n                                \"exists\": true\n                            }\n                        },\n                        \"greater\": 0\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#128": "{\n    \"name\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Storage Accounts should use a container delete retention policy\",\n        \"description\": \"Enforce container delete retention policies larger than seven days for storage account. Enable this for increased data loss protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"minContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"Minimum Container Delete Retention in Days\",\n                    \"description\": \"Specifies the minimum number of days for the container delete retention policy\"\n                },\n                \"defaultValue\": 7\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts/blobServices\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/blobServices/containerDeleteRetentionPolicy.enabled\",\n                                \"exists\": false\n                            },\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/blobServices/containerDeleteRetentionPolicy.enabled\",\n                                \"notEquals\": true\n                            },\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/blobServices/containerDeleteRetentionPolicy.days\",\n                                \"less\": \"[[parameters('minContainerDeleteRetentionInDays')]\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#129": "{\n    \"name\": \"Deny-Storage-CopyScope\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Allowed Copy scope should be restricted for Storage Accounts\",\n        \"description\": \"Azure Storage accounts should restrict the allowed copy scope. Enforce this for increased data exfiltration protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"allowedCopyScope\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Allowed Copy Scope\",\n                    \"description\": \"Specify the allowed copy scope.\"\n                },\n                \"allowedValues\": [\n                    \"AAD\",\n                    \"PrivateLink\"\n                ],\n                \"defaultValue\": \"AAD\"\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/allowedCopyScope\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/allowedCopyScope\",\n                                \"notEquals\": \"[[parameters('allowedCopyScope')]\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#120": "{\n    \"name\": \"Deny-AzFw-Without-Policy\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Azure Firewall should have a default Firewall Policy\",\n        \"description\": \"This policy denies the creation of Azure Firewall without a default Firewall Policy.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/azureFirewalls\"\n                    },\n                    {\n                        \"field\": \"Microsoft.Network/azureFirewalls/firewallPolicy.id\",\n                        \"exists\": \"false\"\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#121": "{\n    \"name\": \"Deny-CognitiveServices-NetworkAcls\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Network ACLs should be restricted for Cognitive Services\",\n        \"description\": \"Azure Cognitive Services should not allow adding individual IPs or virtual network rules to the service-level firewall. Enable this to restrict inbound network access and enforce the usage of private endpoints.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.CognitiveServices/accounts\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"count\": {\n                                    \"field\": \"Microsoft.CognitiveServices/accounts/networkAcls.ipRules[*]\"\n                                },\n                                \"greater\": 0\n                            },\n                            {\n                                \"count\": {\n                                    \"field\": \"Microsoft.CognitiveServices/accounts/networkAcls.virtualNetworkRules[*]\"\n                                },\n                                \"greater\": 0\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#122": "{\n    \"name\": \"Deny-CognitiveServices-Resource-Kinds\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Only explicit kinds for Cognitive Services should be allowed\",\n        \"description\": \"Azure Cognitive Services should only create explicit allowed kinds.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"allowedKinds\": {\n                \"type\": \"array\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Select the allowed resource kinds to be used with Cognitive Services\"\n                },\n                \"allowedValues\": [\n                    \"AnomalyDetector\",\n                    \"ComputerVision\",\n                    \"CognitiveServices\",\n                    \"ContentModerator\",\n                    \"CustomVision.Training\",\n                    \"CustomVision.Prediction\",\n                    \"Face\",\n                    \"FormRecognizer\",\n                    \"ImmersiveReader\",\n                    \"LUIS\",\n                    \"Personalizer\",\n                    \"SpeechServices\",\n                    \"TextAnalytics\",\n                    \"TextTranslation\",\n                    \"OpenAI\"\n                ],\n                \"defaultValue\": [\n                    \"AnomalyDetector\",\n                    \"ComputerVision\",\n                    \"CognitiveServices\",\n                    \"ContentModerator\",\n                    \"CustomVision.Training\",\n                    \"CustomVision.Prediction\",\n                    \"Face\",\n                    \"FormRecognizer\",\n                    \"ImmersiveReader\",\n                    \"LUIS\",\n                    \"Personalizer\",\n                    \"SpeechServices\",\n                    \"TextAnalytics\",\n                    \"TextTranslation\",\n                    \"OpenAI\"\n                ]\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.CognitiveServices/accounts\"\n                    },\n                    {\n                        \"field\": \"kind\",\n                        \"notIn\": \"[[parameters('allowedKinds')]\"\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#123": "{\n    \"name\": \"Deny-CognitiveServices-RestrictOutboundNetworkAccess\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Outbound network access should be restricted for Cognitive Services\",\n        \"description\": \"Azure Cognitive Services allow restricting outbound network access. Enable this to limit outbound connectivity for the service.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Cognitive Services\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.CognitiveServices/accounts\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.CognitiveServices/accounts/restrictOutboundNetworkAccess\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.CognitiveServices/accounts/restrictOutboundNetworkAccess\",\n                                \"notEquals\": true\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#124": "{\n    \"name\": \"Deny-EH-minTLS\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Event Hub namespaces should use a valid TLS version\",\n        \"description\": \"Event Hub namespaces should use a valid TLS version.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Hub\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"minTlsVersion\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"displayName\": \"Minimum TLS Version\",\n                    \"description\": \"Minimum TLS version to be used by Event Hub\"\n                },\n                \"defaultValue\": \"1.2\"\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.EventHub/namespaces\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.EventHub/namespaces/minimumTlsVersion\",\n                                \"notEquals\": \"[[parameters('minTlsVersion')]\"\n                            },\n                            {\n                                \"field\": \"Microsoft.EventHub/namespaces/minimumTlsVersion\",\n                                \"exists\": \"false\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#125": "{\n    \"name\": \"Deny-EH-Premium-CMK\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Event Hub namespaces (Premium) should use a customer-managed key for encryption\",\n        \"description\": \"Event Hub namespaces (Premium) should use a customer-managed key for encryption.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Event Hub\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.EventHub/namespaces\"\n                    },\n                    {\n                        \"field\": \"Microsoft.EventHub/namespaces/sku.name\",\n                        \"equals\": \"Premium\"\n                    },\n                    {\n                        \"not\": {\n                            \"field\": \"Microsoft.EventHub/namespaces/encryption.keySource\",\n                            \"equals\": \"Microsoft.Keyvault\"\n                        }\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#126": "{\n    \"name\": \"Deny-LogicApp-Public-Network\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Logic apps should disable public network access\",\n        \"description\": \"Disabling public network access improves security by ensuring that the Logic App is not exposed on the public internet. Creating private endpoints can limit exposure of a Logic App. Learn more at: https://aka.ms/app-service-private-endpoint.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Logic Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Web/sites\"\n                    },\n                    {\n                        \"field\": \"kind\",\n                        \"contains\": \"workflowapp\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Web/sites/publicNetworkAccess\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Web/sites/publicNetworkAccess\",\n                                \"notEquals\": \"Disabled\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#127": "{\n    \"name\": \"Deny-LogicApps-Without-Https\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Logic app should only be accessible over HTTPS\",\n        \"description\": \"Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Logic Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Web/sites\"\n                    },\n                    {\n                        \"field\": \"kind\",\n                        \"contains\": \"workflowapp\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Web/sites/httpsOnly\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Web/sites/httpsOnly\",\n                                \"equals\": \"false\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#128": "{\n    \"name\": \"Deny-Service-Endpoints\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Deny or Audit service endpoints on subnets\",\n        \"description\": \"This Policy will deny/audit Service Endpoints on subnets. Service Endpoints allows the network traffic to bypass Network appliances, such as the Azure Firewall.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/virtualNetworks/subnets\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Network/virtualNetworks/subnets/serviceEndpoints[*]\",\n                            \"where\": {\n                                \"field\": \"Microsoft.Network/virtualNetworks/subnets/serviceEndpoints[*].service\",\n                                \"exists\": true\n                            }\n                        },\n                        \"greater\": 0\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#129": "{\n    \"name\": \"Deny-Storage-ContainerDeleteRetentionPolicy\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Storage Accounts should use a container delete retention policy\",\n        \"description\": \"Enforce container delete retention policies larger than seven days for storage account. Enable this for increased data loss protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"minContainerDeleteRetentionInDays\": {\n                \"type\": \"Integer\",\n                \"metadata\": {\n                    \"displayName\": \"Minimum Container Delete Retention in Days\",\n                    \"description\": \"Specifies the minimum number of days for the container delete retention policy\"\n                },\n                \"defaultValue\": 7\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts/blobServices\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/blobServices/containerDeleteRetentionPolicy.enabled\",\n                                \"exists\": false\n                            },\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/blobServices/containerDeleteRetentionPolicy.enabled\",\n                                \"notEquals\": true\n                            },\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/blobServices/containerDeleteRetentionPolicy.days\",\n                                \"less\": \"[[parameters('minContainerDeleteRetentionInDays')]\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
     "$fxv#13": "{\n  \"name\": \"Deny-MySql-http\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"MySQL database servers enforce SSL connections.\",\n    \"description\": \"Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"SQL\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Deny\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"minimalTlsVersion\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"TLS1_2\",\n        \"allowedValues\": [\n          \"TLS1_2\",\n          \"TLS1_0\",\n          \"TLS1_1\",\n          \"TLSEnforcementDisabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Select version minimum TLS for MySQL server\",\n          \"description\": \"Select version  minimum TLS version Azure Database for MySQL server to enforce\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.DBforMySQL/servers\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.DBforMySQL/servers/sslEnforcement\",\n                \"exists\": \"false\"\n              },\n              {\n                \"field\": \"Microsoft.DBforMySQL/servers/sslEnforcement\",\n                \"notEquals\": \"Enabled\"\n              },\n              {\n                \"field\": \"Microsoft.DBforMySQL/servers/minimalTlsVersion\",\n                \"notequals\": \"[[parameters('minimalTlsVersion')]\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#130": "{\n    \"name\": \"Deny-Storage-CorsRules\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Storage Accounts should restrict CORS rules\",\n        \"description\": \"Deny CORS rules for storage account for increased data exfiltration protection and endpoint protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"anyOf\": [\n                    {\n                        \"allOf\": [\n                            {\n                                \"field\": \"type\",\n                                \"equals\": \"Microsoft.Storage/storageAccounts/blobServices\"\n                            },\n                            {\n                                \"count\": {\n                                    \"field\": \"Microsoft.Storage/storageAccounts/blobServices/cors.corsRules[*]\"\n                                },\n                                \"greater\": 0\n                            }\n                        ]\n                    },\n                    {\n                        \"allOf\": [\n                            {\n                                \"field\": \"type\",\n                                \"equals\": \"Microsoft.Storage/storageAccounts/fileServices\"\n                            },\n                            {\n                                \"count\": {\n                                    \"field\": \"Microsoft.Storage/storageAccounts/fileServices/cors.corsRules[*]\"\n                                },\n                                \"greater\": 0\n                            }\n                        ]\n                    },\n                    {\n                        \"allOf\": [\n                            {\n                                \"field\": \"type\",\n                                \"equals\": \"Microsoft.Storage/storageAccounts/tableServices\"\n                            },\n                            {\n                                \"count\": {\n                                    \"field\": \"Microsoft.Storage/storageAccounts/tableServices/cors.corsRules[*]\"\n                                },\n                                \"greater\": 0\n                            }\n                        ]\n                    },\n                    {\n                        \"allOf\": [\n                            {\n                                \"field\": \"type\",\n                                \"equals\": \"Microsoft.Storage/storageAccounts/queueServices\"\n                            },\n                            {\n                                \"count\": {\n                                    \"field\": \"Microsoft.Storage/storageAccounts/queueServices/cors.corsRules[*]\"\n                                },\n                                \"greater\": 0\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#131": "{\n    \"name\": \"Deny-Storage-LocalUser\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Local users should be restricted for Storage Accounts\",\n        \"description\": \"Azure Storage accounts should disable local users for features like SFTP. Enforce this for increased data exfiltration protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/isLocalUserEnabled\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/isLocalUserEnabled\",\n                                \"notEquals\": false\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#132": "{\n    \"name\": \"Deny-Storage-NetworkAclsBypass\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Network ACL bypass option should be restricted for Storage Accounts\",\n        \"description\": \"Azure Storage accounts should restrict the bypass option for service-level network ACLs. Enforce this for increased data exfiltration protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"allowedBypassOptions\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Allowed Bypass Options\",\n                    \"description\": \"Specifies which options are allowed to bypass the vnet configuration\"\n                },\n                \"allowedValues\": [\n                    \"None\",\n                    \"Logging\",\n                    \"Metrics\",\n                    \"AzureServices\",\n                    \"Logging, Metrics\",\n                    \"Logging, AzureServices\",\n                    \"Metrics, AzureServices\",\n                    \"Logging, Metrics, AzureServices\",\n                    \"Logging, Metrics, AzureServices\"\n                ],\n                \"defaultValue\": [\n                    \"Logging\",\n                    \"Metrics\",\n                    \"AzureServices\",\n                    \"Logging, Metrics\",\n                    \"Logging, AzureServices\",\n                    \"Metrics, AzureServices\",\n                    \"Logging, Metrics, AzureServices\",\n                    \"Logging, Metrics, AzureServices\"\n                ]\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.bypass\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.bypass\",\n                                \"notIn\": \"[[parameters('allowedBypassOptions')]\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#133": "{\n    \"name\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Virtual network rules should be restricted for Storage Accounts\",\n        \"description\": \"Azure Storage accounts should restrict the virtual network service-level network ACLs. Enforce this for increased data exfiltration protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.virtualNetworkRules[*]\"\n                        },\n                        \"greater\": 0\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#134": "{\n    \"name\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Resource Access Rules resource IDs should be restricted for Storage Accounts\",\n        \"description\": \"Azure Storage accounts should restrict the resource access rule for service-level network ACLs to services from a specific Azure subscription. Enforce this for increased data exfiltration protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.resourceAccessRules[*]\"\n                        },\n                        \"greater\": 0\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.resourceAccessRules[*]\",\n                            \"where\": {\n                                \"value\": \"[[split(current('Microsoft.Storage/storageAccounts/networkAcls.resourceAccessRules[*].resourceId'), '/')[2]]\",\n                                \"equals\": \"*\"\n                            }\n                        },\n                        \"greater\": 0\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#135": "{\n    \"name\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Resource Access Rules Tenants should be restricted for Storage Accounts\",\n        \"description\": \"Azure Storage accounts should restrict the resource access rule for service-level network ACLs to service from the same AAD tenant. Enforce this for increased data exfiltration protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.resourceAccessRules[*]\"\n                        },\n                        \"greater\": 0\n                    },\n                    {\n                        \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.resourceAccessRules[*].tenantId\",\n                        \"notEquals\": \"[[subscription().tenantId]\"\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#136": "{\n    \"name\": \"Deny-Storage-ServicesEncryption\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Encryption for storage services should be enforced for Storage Accounts\",\n        \"description\": \"Azure Storage accounts should enforce encryption for all storage services. Enforce this for increased encryption scope.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"anyOf\": [\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.blob.enabled\",\n                                        \"exists\": \"false\"\n                                    },\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.blob.enabled\",\n                                        \"notEquals\": true\n                                    }\n                                ]\n                            },\n                            {\n                                \"anyOf\": [\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.file.enabled\",\n                                        \"exists\": \"false\"\n                                    },\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.file.enabled\",\n                                        \"notEquals\": true\n                                    }\n                                ]\n                            },\n                            {\n                                \"anyOf\": [\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.queue.keyType\",\n                                        \"exists\": \"false\"\n                                    },\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.queue.keyType\",\n                                        \"notEquals\": \"Account\"\n                                    }\n                                ]\n                            },\n                            {\n                                \"anyOf\": [\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.table.keyType\",\n                                        \"exists\": \"false\"\n                                    },\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.table.keyType\",\n                                        \"notEquals\": \"Account\"\n                                    }\n                                ]\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
-    "$fxv#137": "{\n    \"name\": \"Deploy-LogicApp-TLS\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"Indexed\",\n        \"displayName\": \"Configure Logic apps to use the latest TLS version\",\n        \"description\": \"Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Logic Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Web/sites\"\n                    },\n                    {\n                        \"field\": \"kind\",\n                        \"contains\": \"workflowapp\"\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\",\n                \"details\": {\n                    \"type\": \"Microsoft.Web/sites/config\",\n                    \"name\": \"web\",\n                    \"existenceCondition\": {\n                        \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\n                        \"equals\": \"1.2\"\n                    },\n                    \"roleDefinitionIds\": [\n                        \"/providers/microsoft.authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772\"\n                    ],\n                    \"deployment\": {\n                        \"properties\": {\n                            \"mode\": \"incremental\",\n                            \"parameters\": {\n                                \"siteName\": {\n                                    \"value\": \"[[field('name')]\"\n                                }\n                            },\n                            \"template\": {\n                                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                                \"contentVersion\": \"1.0.0.0\",\n                                \"parameters\": {\n                                    \"siteName\": {\n                                        \"type\": \"string\"\n                                    }\n                                },\n                                \"variables\": {},\n                                \"resources\": [\n                                    {\n                                        \"type\": \"Microsoft.Web/sites/config\",\n                                        \"apiVersion\": \"2021-02-01\",\n                                        \"name\": \"[[concat(parameters('siteName'), '/web')]\",\n                                        \"properties\": {\n                                            \"minTlsVersion\": \"1.2\"\n                                        }\n                                    }\n                                ],\n                                \"outputs\": {}\n                            }\n                        }\n                    }\n                }\n            }\n        }\n    }\n}",
-    "$fxv#138": "{\n    \"name\": \"Modify-NSG\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Enforce specific configuration of Network Security Groups (NSG)\",\n        \"description\": \"This policy enforces the configuration of Network Security Groups (NSG).\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Modify\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"nsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"nsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"nsgRuleDirection\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"Inbound\",\n                    \"Outbound\"\n                ],\n                \"defaultValue\": \"Outbound\"\n            },\n            \"nsgRuleAccess\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"Allow\",\n                    \"Deny\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"nsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"nsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"nsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"nsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"nsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"nsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/networkSecurityGroups\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*]\"\n                        },\n                        \"equals\": 0\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\",\n                \"details\": {\n                    \"roleDefinitionIds\": [\n                        \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\n                    ],\n                    \"conflictEffect\": \"audit\",\n                    \"operations\": [\n                        {\n                            \"operation\": \"add\",\n                            \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*]\",\n                            \"value\": {\n                                \"name\": \"[[parameters('nsgRuleName')]\",\n                                \"properties\": {\n                                    \"description\": \"[[parameters('nsgRuleDescription')]\",\n                                    \"protocol\": \"[[parameters('nsgRuleProtocol')]\",\n                                    \"sourcePortRange\": \"[[parameters('nsgRuleSourcePortRange')]\",\n                                    \"destinationPortRange\": \"[[parameters('nsgRuleDestinationPortRange')]\",\n                                    \"sourceAddressPrefix\": \"[[parameters('nsgRuleSourceAddressPrefix')]\",\n                                    \"destinationAddressPrefix\": \"[[parameters('nsgRuleDestinationAddressPrefix')]\",\n                                    \"access\": \"[[parameters('nsgRuleAccess')]\",\n                                    \"priority\": \"[[parameters('nsgRulePriority')]\",\n                                    \"direction\": \"[[parameters('nsgRuleDirection')]\"\n                                }\n                            }\n                        }\n                    ]\n                }\n            }\n        }\n    }\n}",
-    "$fxv#139": "{\n    \"name\": \"Modify-UDR\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Enforce specific configuration of User-Defined Routes (UDR)\",\n        \"description\": \"This policy enforces the configuration of User-Defined Routes (UDR) within a subnet.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Modify\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"addressPrefix\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"description\": \"The destination IP address range in CIDR notation that this Policy checks for within the UDR. Example: 0.0.0.0/0 to check for the presence of a default route.\",\n                    \"displayName\": \"Address Prefix\"\n                }\n            },\n            \"nextHopType\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"description\": \"The next hope type that the policy checks for within the inspected route. The value can be Virtual Network, Virtual Network Gateway, Internet, Virtual Appliance, or None.\",\n                    \"displayName\": \"Next Hop Type\"\n                },\n                \"allowedValues\": [\n                    \"VnetLocal\",\n                    \"VirtualNetworkGateway\",\n                    \"Internet\",\n                    \"VirtualAppliance\",\n                    \"None\"\n                ]\n            },\n            \"nextHopIpAddress\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"description\": \"The IP address packets should be forwarded to.\",\n                    \"displayName\": \"Next Hop IP Address\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/routeTables\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Network/routeTables/routes[*]\"\n                        },\n                        \"equals\": 0\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\",\n                \"details\": {\n                    \"roleDefinitionIds\": [\n                        \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\n                    ],\n                    \"conflictEffect\": \"audit\",\n                    \"operations\": [\n                        {\n                            \"operation\": \"add\",\n                            \"field\": \"Microsoft.Network/routeTables/routes[*]\",\n                            \"value\": {\n                                \"name\": \"default\",\n                                \"properties\": {\n                                    \"addressPrefix\": \"[[parameters('addressPrefix')]\",\n                                    \"nextHopType\": \"[[parameters('nextHopType')]\",\n                                    \"nextHopIpAddress\": \"[[parameters('nextHopIpAddress')]\"\n                                }\n                            }\n                        }\n                    ]\n                }\n            }\n        }\n    }\n}",
+    "$fxv#130": "{\n    \"name\": \"Deny-Storage-CopyScope\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Allowed Copy scope should be restricted for Storage Accounts\",\n        \"description\": \"Azure Storage accounts should restrict the allowed copy scope. Enforce this for increased data exfiltration protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"allowedCopyScope\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Allowed Copy Scope\",\n                    \"description\": \"Specify the allowed copy scope.\"\n                },\n                \"allowedValues\": [\n                    \"AAD\",\n                    \"PrivateLink\"\n                ],\n                \"defaultValue\": \"AAD\"\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/allowedCopyScope\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/allowedCopyScope\",\n                                \"notEquals\": \"[[parameters('allowedCopyScope')]\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#131": "{\n    \"name\": \"Deny-Storage-CorsRules\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Storage Accounts should restrict CORS rules\",\n        \"description\": \"Deny CORS rules for storage account for increased data exfiltration protection and endpoint protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"anyOf\": [\n                    {\n                        \"allOf\": [\n                            {\n                                \"field\": \"type\",\n                                \"equals\": \"Microsoft.Storage/storageAccounts/blobServices\"\n                            },\n                            {\n                                \"count\": {\n                                    \"field\": \"Microsoft.Storage/storageAccounts/blobServices/cors.corsRules[*]\"\n                                },\n                                \"greater\": 0\n                            }\n                        ]\n                    },\n                    {\n                        \"allOf\": [\n                            {\n                                \"field\": \"type\",\n                                \"equals\": \"Microsoft.Storage/storageAccounts/fileServices\"\n                            },\n                            {\n                                \"count\": {\n                                    \"field\": \"Microsoft.Storage/storageAccounts/fileServices/cors.corsRules[*]\"\n                                },\n                                \"greater\": 0\n                            }\n                        ]\n                    },\n                    {\n                        \"allOf\": [\n                            {\n                                \"field\": \"type\",\n                                \"equals\": \"Microsoft.Storage/storageAccounts/tableServices\"\n                            },\n                            {\n                                \"count\": {\n                                    \"field\": \"Microsoft.Storage/storageAccounts/tableServices/cors.corsRules[*]\"\n                                },\n                                \"greater\": 0\n                            }\n                        ]\n                    },\n                    {\n                        \"allOf\": [\n                            {\n                                \"field\": \"type\",\n                                \"equals\": \"Microsoft.Storage/storageAccounts/queueServices\"\n                            },\n                            {\n                                \"count\": {\n                                    \"field\": \"Microsoft.Storage/storageAccounts/queueServices/cors.corsRules[*]\"\n                                },\n                                \"greater\": 0\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#132": "{\n    \"name\": \"Deny-Storage-LocalUser\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Local users should be restricted for Storage Accounts\",\n        \"description\": \"Azure Storage accounts should disable local users for features like SFTP. Enforce this for increased data exfiltration protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/isLocalUserEnabled\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/isLocalUserEnabled\",\n                                \"notEquals\": false\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#133": "{\n    \"name\": \"Deny-Storage-NetworkAclsBypass\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Network ACL bypass option should be restricted for Storage Accounts\",\n        \"description\": \"Azure Storage accounts should restrict the bypass option for service-level network ACLs. Enforce this for increased data exfiltration protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"allowedBypassOptions\": {\n                \"type\": \"Array\",\n                \"metadata\": {\n                    \"displayName\": \"Allowed Bypass Options\",\n                    \"description\": \"Specifies which options are allowed to bypass the vnet configuration\"\n                },\n                \"allowedValues\": [\n                    \"None\",\n                    \"Logging\",\n                    \"Metrics\",\n                    \"AzureServices\",\n                    \"Logging, Metrics\",\n                    \"Logging, AzureServices\",\n                    \"Metrics, AzureServices\",\n                    \"Logging, Metrics, AzureServices\",\n                    \"Logging, Metrics, AzureServices\"\n                ],\n                \"defaultValue\": [\n                    \"Logging\",\n                    \"Metrics\",\n                    \"AzureServices\",\n                    \"Logging, Metrics\",\n                    \"Logging, AzureServices\",\n                    \"Metrics, AzureServices\",\n                    \"Logging, Metrics, AzureServices\",\n                    \"Logging, Metrics, AzureServices\"\n                ]\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.bypass\",\n                                \"exists\": \"false\"\n                            },\n                            {\n                                \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.bypass\",\n                                \"notIn\": \"[[parameters('allowedBypassOptions')]\"\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#134": "{\n    \"name\": \"Deny-Storage-NetworkAclsVirtualNetworkRules\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Virtual network rules should be restricted for Storage Accounts\",\n        \"description\": \"Azure Storage accounts should restrict the virtual network service-level network ACLs. Enforce this for increased data exfiltration protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.virtualNetworkRules[*]\"\n                        },\n                        \"greater\": 0\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#135": "{\n    \"name\": \"Deny-Storage-ResourceAccessRulesResourceId\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Resource Access Rules resource IDs should be restricted for Storage Accounts\",\n        \"description\": \"Azure Storage accounts should restrict the resource access rule for service-level network ACLs to services from a specific Azure subscription. Enforce this for increased data exfiltration protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.resourceAccessRules[*]\"\n                        },\n                        \"greater\": 0\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.resourceAccessRules[*]\",\n                            \"where\": {\n                                \"value\": \"[[split(current('Microsoft.Storage/storageAccounts/networkAcls.resourceAccessRules[*].resourceId'), '/')[2]]\",\n                                \"equals\": \"*\"\n                            }\n                        },\n                        \"greater\": 0\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#136": "{\n    \"name\": \"Deny-Storage-ResourceAccessRulesTenantId\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Resource Access Rules Tenants should be restricted for Storage Accounts\",\n        \"description\": \"Azure Storage accounts should restrict the resource access rule for service-level network ACLs to service from the same AAD tenant. Enforce this for increased data exfiltration protection.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.resourceAccessRules[*]\"\n                        },\n                        \"greater\": 0\n                    },\n                    {\n                        \"field\": \"Microsoft.Storage/storageAccounts/networkAcls.resourceAccessRules[*].tenantId\",\n                        \"notEquals\": \"[[subscription().tenantId]\"\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#137": "{\n    \"name\": \"Deny-Storage-ServicesEncryption\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Encryption for storage services should be enforced for Storage Accounts\",\n        \"description\": \"Azure Storage accounts should enforce encryption for all storage services. Enforce this for increased encryption scope.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Storage\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Audit\",\n                    \"Deny\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Deny\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Storage/storageAccounts\"\n                    },\n                    {\n                        \"anyOf\": [\n                            {\n                                \"anyOf\": [\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.blob.enabled\",\n                                        \"exists\": \"false\"\n                                    },\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.blob.enabled\",\n                                        \"notEquals\": true\n                                    }\n                                ]\n                            },\n                            {\n                                \"anyOf\": [\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.file.enabled\",\n                                        \"exists\": \"false\"\n                                    },\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.file.enabled\",\n                                        \"notEquals\": true\n                                    }\n                                ]\n                            },\n                            {\n                                \"anyOf\": [\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.queue.keyType\",\n                                        \"exists\": \"false\"\n                                    },\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.queue.keyType\",\n                                        \"notEquals\": \"Account\"\n                                    }\n                                ]\n                            },\n                            {\n                                \"anyOf\": [\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.table.keyType\",\n                                        \"exists\": \"false\"\n                                    },\n                                    {\n                                        \"field\": \"Microsoft.Storage/storageAccounts/encryption.services.table.keyType\",\n                                        \"notEquals\": \"Account\"\n                                    }\n                                ]\n                            }\n                        ]\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\"\n            }\n        }\n    }\n}",
+    "$fxv#138": "{\n    \"name\": \"Deploy-LogicApp-TLS\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"Indexed\",\n        \"displayName\": \"Configure Logic apps to use the latest TLS version\",\n        \"description\": \"Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Logic Apps\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Web/sites\"\n                    },\n                    {\n                        \"field\": \"kind\",\n                        \"contains\": \"workflowapp\"\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\",\n                \"details\": {\n                    \"type\": \"Microsoft.Web/sites/config\",\n                    \"name\": \"web\",\n                    \"existenceCondition\": {\n                        \"field\": \"Microsoft.Web/sites/config/minTlsVersion\",\n                        \"equals\": \"1.2\"\n                    },\n                    \"roleDefinitionIds\": [\n                        \"/providers/microsoft.authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772\"\n                    ],\n                    \"deployment\": {\n                        \"properties\": {\n                            \"mode\": \"incremental\",\n                            \"parameters\": {\n                                \"siteName\": {\n                                    \"value\": \"[[field('name')]\"\n                                }\n                            },\n                            \"template\": {\n                                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                                \"contentVersion\": \"1.0.0.0\",\n                                \"parameters\": {\n                                    \"siteName\": {\n                                        \"type\": \"string\"\n                                    }\n                                },\n                                \"variables\": {},\n                                \"resources\": [\n                                    {\n                                        \"type\": \"Microsoft.Web/sites/config\",\n                                        \"apiVersion\": \"2021-02-01\",\n                                        \"name\": \"[[concat(parameters('siteName'), '/web')]\",\n                                        \"properties\": {\n                                            \"minTlsVersion\": \"1.2\"\n                                        }\n                                    }\n                                ],\n                                \"outputs\": {}\n                            }\n                        }\n                    }\n                }\n            }\n        }\n    }\n}",
+    "$fxv#139": "{\n    \"name\": \"Modify-NSG\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Enforce specific configuration of Network Security Groups (NSG)\",\n        \"description\": \"This policy enforces the configuration of Network Security Groups (NSG).\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Modify\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"nsgRuleName\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"DenyAnyInternetOutbound\"\n            },\n            \"nsgRulePriority\": {\n                \"type\": \"integer\",\n                \"defaultValue\": 1000\n            },\n            \"nsgRuleDirection\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"Inbound\",\n                    \"Outbound\"\n                ],\n                \"defaultValue\": \"Outbound\"\n            },\n            \"nsgRuleAccess\": {\n                \"type\": \"string\",\n                \"allowedValues\": [\n                    \"Allow\",\n                    \"Deny\"\n                ],\n                \"defaultValue\": \"Deny\"\n            },\n            \"nsgRuleProtocol\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"nsgRuleSourceAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"nsgRuleSourcePortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"nsgRuleDestinationAddressPrefix\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Internet\"\n            },\n            \"nsgRuleDestinationPortRange\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"*\"\n            },\n            \"nsgRuleDescription\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Deny any outbound traffic to the Internet\"\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/networkSecurityGroups\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*]\"\n                        },\n                        \"equals\": 0\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\",\n                \"details\": {\n                    \"roleDefinitionIds\": [\n                        \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\n                    ],\n                    \"conflictEffect\": \"audit\",\n                    \"operations\": [\n                        {\n                            \"operation\": \"add\",\n                            \"field\": \"Microsoft.Network/networkSecurityGroups/securityRules[*]\",\n                            \"value\": {\n                                \"name\": \"[[parameters('nsgRuleName')]\",\n                                \"properties\": {\n                                    \"description\": \"[[parameters('nsgRuleDescription')]\",\n                                    \"protocol\": \"[[parameters('nsgRuleProtocol')]\",\n                                    \"sourcePortRange\": \"[[parameters('nsgRuleSourcePortRange')]\",\n                                    \"destinationPortRange\": \"[[parameters('nsgRuleDestinationPortRange')]\",\n                                    \"sourceAddressPrefix\": \"[[parameters('nsgRuleSourceAddressPrefix')]\",\n                                    \"destinationAddressPrefix\": \"[[parameters('nsgRuleDestinationAddressPrefix')]\",\n                                    \"access\": \"[[parameters('nsgRuleAccess')]\",\n                                    \"priority\": \"[[parameters('nsgRulePriority')]\",\n                                    \"direction\": \"[[parameters('nsgRuleDirection')]\"\n                                }\n                            }\n                        }\n                    ]\n                }\n            }\n        }\n    }\n}",
     "$fxv#14": "{\n  \"name\": \"Deny-PostgreSql-http\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"PostgreSQL database servers enforce SSL connection.\",\n    \"description\": \"Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"SQL\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Deny\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"minimalTlsVersion\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"TLS1_2\",\n        \"allowedValues\": [\n          \"TLS1_2\",\n          \"TLS1_0\",\n          \"TLS1_1\",\n          \"TLSEnforcementDisabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Select version minimum TLS for PostgreSQL server\",\n          \"description\": \"Select version  minimum TLS version Azure Database for PostgreSQL server to enforce\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.DBforPostgreSQL/servers\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.DBforPostgreSQL/servers/sslEnforcement\",\n                \"exists\": \"false\"\n              },\n              {\n                \"field\": \"Microsoft.DBforPostgreSQL/servers/sslEnforcement\",\n                \"notEquals\": \"Enabled\"\n              },\n              {\n                \"field\": \"Microsoft.DBforPostgreSQL/servers/minimalTlsVersion\",\n                \"notequals\": \"[[parameters('minimalTlsVersion')]\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#140": "{\n    \"name\": \"Deploy-Private-DNS-Generic\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Deploy-Private-DNS-Generic\",\n        \"description\": \"Configure private DNS zone group to override the DNS resolution for PaaS services private endpoint. See https://aka.ms/pepdnszones for information on values to provide to parameters in this policy.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Networking\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n        \t\"AzureChinaCloud\",\n       \t\t\"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\"\n            },\n            \"privateDnsZoneId\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Private DNS Zone ID for Paas services\",\n                    \"description\": \"The private DNS zone name required for specific Paas Services to resolve a private DNS Zone.\",\n                    \"strongType\": \"Microsoft.Network/privateDnsZones\",\n                    \"assignPermissions\": true\n                }\n            },\n            \"resourceType\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"PaaS private endpoint resource type\",\n                    \"description\": \"The PaaS endpoint resource type.\"\n                }\n            },\n            \"groupId\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"PaaS Private endpoint group ID (subresource)\",\n                    \"description\": \"The group ID of the PaaS private endpoint. Also referred to as subresource.\"\n                }\n            },\n            \"evaluationDelay\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Evaluation Delay\",\n                    \"description\": \"The delay in evaluation of the policy. Review delay options at https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effect-deploy-if-not-exists\"\n                },\n                \"defaultValue\": \"PT10M\"\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/privateEndpoints\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*]\",\n                            \"where\": {\n                                \"allOf\": [\n                                    {\n                                        \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId\",\n                                        \"contains\": \"[[parameters('resourceType')]\"\n                                    },\n                                    {\n                                        \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\n                                        \"equals\": \"[[parameters('groupId')]\"\n                                    }\n                                ]\n                            }\n                        },\n                        \"greaterOrEquals\": 1\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\",\n                \"details\": {\n                    \"type\": \"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\n                    \"evaluationDelay\": \"[[parameters('evaluationDelay')]\",\n                    \"roleDefinitionIds\": [\n                        \"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\n                    ],\n                    \"deployment\": {\n                        \"properties\": {\n                            \"mode\": \"incremental\",\n                            \"template\": {\n                                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                                \"contentVersion\": \"1.0.0.0\",\n                                \"parameters\": {\n                                    \"privateDnsZoneId\": {\n                                        \"type\": \"string\"\n                                    },\n                                    \"privateEndpointName\": {\n                                        \"type\": \"string\"\n                                    },\n                                    \"location\": {\n                                        \"type\": \"string\"\n                                    }\n                                },\n                                \"resources\": [\n                                    {\n                                        \"name\": \"[[concat(parameters('privateEndpointName'), '/deployedByPolicy')]\",\n                                        \"type\": \"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\n                                        \"apiVersion\": \"2020-03-01\",\n                                        \"location\": \"[[parameters('location')]\",\n                                        \"properties\": {\n                                            \"privateDnsZoneConfigs\": [\n                                                {\n                                                    \"name\": \"PaaS-Service-Private-DNS-Zone-Config\",\n                                                    \"properties\": {\n                                                        \"privateDnsZoneId\": \"[[parameters('privateDnsZoneId')]\"\n                                                    }\n                                                }\n                                            ]\n                                        }\n                                    }\n                                ]\n                            },\n                            \"parameters\": {\n                                \"privateDnsZoneId\": {\n                                    \"value\": \"[[parameters('privateDnsZoneId')]\"\n                                },\n                                \"privateEndpointName\": {\n                                    \"value\": \"[[field('name')]\"\n                                },\n                                \"location\": {\n                                    \"value\": \"[[field('location')]\"\n                                }\n                            }\n                        }\n                    }\n                }\n            }\n        }\n    }\n}\n",
-    "$fxv#141": "{\n  \"name\": \"DenyAction-DeleteResources\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"All\",\n    \"displayName\": \"Do not allow deletion of specified resource and resource type\",\n    \"description\": \"This policy enables you to specify the resource and resource type that your organization can protect from accidentals deletion by blocking delete calls using the deny action effect.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"General\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"resourceName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Name\",\n          \"description\": \"Provide the name of the resource that you want to protect from accidental deletion.\"\n        }\n      },\n      \"resourceType\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Type\",\n          \"description\": \"Provide the resource type that you want to protect from accidental deletion.\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DenyAction\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DenyAction\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"[[parameters('resourceType')]\"\n          },\n          {\n            \"field\": \"name\",\n            \"like\": \"[[parameters('resourceName')]\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"actionNames\": [\n            \"delete\"\n          ]\n        }\n      }\n    }\n  }\n}\n",
-    "$fxv#142": "{\n  \"name\": \"Audit-MachineLearning-PrivateEndpointId\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Control private endpoint connections to Azure Machine Learning\",\n    \"description\": \"Audit private endpoints that are created in other subscriptions and/or tenants for Azure Machine Learning.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Audit\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\n            \"equals\": \"Approved\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateEndpoint.id\",\n                \"exists\": false\n              },\n              {\n                \"value\": \"[[split(concat(field('Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateEndpoint.id'), '//'), '/')[2]]\",\n                \"notEquals\": \"[[subscription().subscriptionId]\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#143": "{\n  \"name\": \"Deny-AA-child-resources\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"No child resources in Automation Account\",\n    \"description\": \"This policy denies the creation of child resources on the Automation Account\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Automation\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"in\": [\n              \"Microsoft.Automation/automationAccounts/runbooks\",\n              \"Microsoft.Automation/automationAccounts/variables\",\n              \"Microsoft.Automation/automationAccounts/modules\",\n              \"Microsoft.Automation/automationAccounts/credentials\",\n              \"Microsoft.Automation/automationAccounts/connections\",\n              \"Microsoft.Automation/automationAccounts/certificates\"\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#144": "{\n  \"name\": \"Deny-Databricks-NoPublicIp\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny public IPs for Databricks cluster\",\n    \"description\": \"Denies the deployment of workspaces that do not use the noPublicIp feature to host Databricks clusters without public IPs.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Databricks\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Databricks/workspaces\"\n          },\n          {\n            \"field\": \"Microsoft.DataBricks/workspaces/parameters.enableNoPublicIp.value\",\n            \"notEquals\": true\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#145": "{\n  \"name\": \"Deny-Databricks-Sku\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny non-premium Databricks sku\",\n    \"description\": \"Enforces the use of Premium Databricks workspaces to make sure appropriate security features are available including Databricks Access Controls, Credential Passthrough and SCIM provisioning for Microsoft Entra ID.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Databricks\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Databricks/workspaces\"\n          },\n          {\n            \"field\": \"Microsoft.DataBricks/workspaces/sku.name\",\n            \"notEquals\": \"premium\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}",
-    "$fxv#146": "{\n  \"name\": \"Deny-Databricks-VirtualNetwork\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny Databricks workspaces without Vnet injection\",\n    \"description\": \"Enforces the use of vnet injection for Databricks workspaces.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Databricks\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Databricks/workspaces\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.DataBricks/workspaces/parameters.customVirtualNetworkId.value\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.DataBricks/workspaces/parameters.customPublicSubnetName.value\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.DataBricks/workspaces/parameters.customPrivateSubnetName.value\",\n                \"exists\": false\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#147": "{\n  \"name\": \"Deny-MachineLearning-Aks\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny AKS cluster creation in Azure Machine Learning\",\n    \"description\": \"Deny AKS cluster creation in Azure Machine Learning and enforce connecting to existing clusters.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"equals\": \"AKS\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/resourceId\",\n                \"exists\": false\n              },\n              {\n                \"value\": \"[[empty(field('Microsoft.MachineLearningServices/workspaces/computes/resourceId'))]\",\n                \"equals\": true\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#148": "{\n  \"name\": \"Deny-MachineLearning-Compute-SubnetId\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Enforce subnet connectivity for Azure Machine Learning compute clusters and compute instances\",\n    \"description\": \"Enforce subnet connectivity for Azure Machine Learning compute clusters and compute instances.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"in\": [\n              \"AmlCompute\",\n              \"ComputeInstance\"\n            ]\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/subnet.id\",\n                \"exists\": false\n              },\n              {\n                \"value\": \"[[empty(field('Microsoft.MachineLearningServices/workspaces/computes/subnet.id'))]\",\n                \"equals\": true\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#149": "{\n  \"name\": \"Deny-MachineLearning-Compute-VmSize\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Limit allowed vm sizes for Azure Machine Learning compute clusters and compute instances\",\n    \"description\": \"Limit allowed vm sizes for Azure Machine Learning compute clusters and compute instances.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Budget\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"allowedVmSizes\": {\n        \"type\": \"Array\",\n        \"metadata\": {\n          \"displayName\": \"Allowed VM Sizes for Aml Compute Clusters and Instances\",\n          \"description\": \"Specifies the allowed VM Sizes for Aml Compute Clusters and Instances\"\n        },\n        \"defaultValue\": [\n          \"Standard_D1_v2\",\n          \"Standard_D2_v2\",\n          \"Standard_D3_v2\",\n          \"Standard_D4_v2\",\n          \"Standard_D11_v2\",\n          \"Standard_D12_v2\",\n          \"Standard_D13_v2\",\n          \"Standard_D14_v2\",\n          \"Standard_DS1_v2\",\n          \"Standard_DS2_v2\",\n          \"Standard_DS3_v2\",\n          \"Standard_DS4_v2\",\n          \"Standard_DS5_v2\",\n          \"Standard_DS11_v2\",\n          \"Standard_DS12_v2\",\n          \"Standard_DS13_v2\",\n          \"Standard_DS14_v2\",\n          \"Standard_M8-2ms\",\n          \"Standard_M8-4ms\",\n          \"Standard_M8ms\",\n          \"Standard_M16-4ms\",\n          \"Standard_M16-8ms\",\n          \"Standard_M16ms\",\n          \"Standard_M32-8ms\",\n          \"Standard_M32-16ms\",\n          \"Standard_M32ls\",\n          \"Standard_M32ms\",\n          \"Standard_M32ts\",\n          \"Standard_M64-16ms\",\n          \"Standard_M64-32ms\",\n          \"Standard_M64ls\",\n          \"Standard_M64ms\",\n          \"Standard_M64s\",\n          \"Standard_M128-32ms\",\n          \"Standard_M128-64ms\",\n          \"Standard_M128ms\",\n          \"Standard_M128s\",\n          \"Standard_M64\",\n          \"Standard_M64m\",\n          \"Standard_M128\",\n          \"Standard_M128m\",\n          \"Standard_D1\",\n          \"Standard_D2\",\n          \"Standard_D3\",\n          \"Standard_D4\",\n          \"Standard_D11\",\n          \"Standard_D12\",\n          \"Standard_D13\",\n          \"Standard_D14\",\n          \"Standard_DS15_v2\",\n          \"Standard_NV6\",\n          \"Standard_NV12\",\n          \"Standard_NV24\",\n          \"Standard_F2s_v2\",\n          \"Standard_F4s_v2\",\n          \"Standard_F8s_v2\",\n          \"Standard_F16s_v2\",\n          \"Standard_F32s_v2\",\n          \"Standard_F64s_v2\",\n          \"Standard_F72s_v2\",\n          \"Standard_NC6s_v3\",\n          \"Standard_NC12s_v3\",\n          \"Standard_NC24rs_v3\",\n          \"Standard_NC24s_v3\",\n          \"Standard_NC6\",\n          \"Standard_NC12\",\n          \"Standard_NC24\",\n          \"Standard_NC24r\",\n          \"Standard_ND6s\",\n          \"Standard_ND12s\",\n          \"Standard_ND24rs\",\n          \"Standard_ND24s\",\n          \"Standard_NC6s_v2\",\n          \"Standard_NC12s_v2\",\n          \"Standard_NC24rs_v2\",\n          \"Standard_NC24s_v2\",\n          \"Standard_ND40rs_v2\",\n          \"Standard_NV12s_v3\",\n          \"Standard_NV24s_v3\",\n          \"Standard_NV48s_v3\"\n        ]\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"in\": [\n              \"AmlCompute\",\n              \"ComputeInstance\"\n            ]\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/vmSize\",\n            \"notIn\": \"[[parameters('allowedVmSizes')]\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#140": "{\n    \"name\": \"Modify-UDR\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Enforce specific configuration of User-Defined Routes (UDR)\",\n        \"description\": \"This policy enforces the configuration of User-Defined Routes (UDR) within a subnet.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Network\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n                \"AzureChinaCloud\",\n                \"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"allowedValues\": [\n                    \"Modify\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"Modify\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                }\n            },\n            \"addressPrefix\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"description\": \"The destination IP address range in CIDR notation that this Policy checks for within the UDR. Example: 0.0.0.0/0 to check for the presence of a default route.\",\n                    \"displayName\": \"Address Prefix\"\n                }\n            },\n            \"nextHopType\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"description\": \"The next hope type that the policy checks for within the inspected route. The value can be Virtual Network, Virtual Network Gateway, Internet, Virtual Appliance, or None.\",\n                    \"displayName\": \"Next Hop Type\"\n                },\n                \"allowedValues\": [\n                    \"VnetLocal\",\n                    \"VirtualNetworkGateway\",\n                    \"Internet\",\n                    \"VirtualAppliance\",\n                    \"None\"\n                ]\n            },\n            \"nextHopIpAddress\": {\n                \"type\": \"string\",\n                \"metadata\": {\n                    \"description\": \"The IP address packets should be forwarded to.\",\n                    \"displayName\": \"Next Hop IP Address\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/routeTables\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Network/routeTables/routes[*]\"\n                        },\n                        \"equals\": 0\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\",\n                \"details\": {\n                    \"roleDefinitionIds\": [\n                        \"/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\n                    ],\n                    \"conflictEffect\": \"audit\",\n                    \"operations\": [\n                        {\n                            \"operation\": \"add\",\n                            \"field\": \"Microsoft.Network/routeTables/routes[*]\",\n                            \"value\": {\n                                \"name\": \"default\",\n                                \"properties\": {\n                                    \"addressPrefix\": \"[[parameters('addressPrefix')]\",\n                                    \"nextHopType\": \"[[parameters('nextHopType')]\",\n                                    \"nextHopIpAddress\": \"[[parameters('nextHopIpAddress')]\"\n                                }\n                            }\n                        }\n                    ]\n                }\n            }\n        }\n    }\n}",
+    "$fxv#141": "{\n    \"name\": \"Deploy-Private-DNS-Generic\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"All\",\n        \"displayName\": \"Deploy-Private-DNS-Generic\",\n        \"description\": \"Configure private DNS zone group to override the DNS resolution for PaaS services private endpoint. See https://aka.ms/pepdnszones for information on values to provide to parameters in this policy.\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Networking\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\",\n        \t\"AzureChinaCloud\",\n       \t\t\"AzureUSGovernment\"\n            ]\n        },\n        \"parameters\": {\n            \"effect\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Effect\",\n                    \"description\": \"Enable or disable the execution of the policy\"\n                },\n                \"allowedValues\": [\n                    \"DeployIfNotExists\",\n                    \"Disabled\"\n                ],\n                \"defaultValue\": \"DeployIfNotExists\"\n            },\n            \"privateDnsZoneId\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Private DNS Zone ID for Paas services\",\n                    \"description\": \"The private DNS zone name required for specific Paas Services to resolve a private DNS Zone.\",\n                    \"strongType\": \"Microsoft.Network/privateDnsZones\",\n                    \"assignPermissions\": true\n                }\n            },\n            \"resourceType\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"PaaS private endpoint resource type\",\n                    \"description\": \"The PaaS endpoint resource type.\"\n                }\n            },\n            \"groupId\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"PaaS Private endpoint group ID (subresource)\",\n                    \"description\": \"The group ID of the PaaS private endpoint. Also referred to as subresource.\"\n                }\n            },\n            \"evaluationDelay\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Evaluation Delay\",\n                    \"description\": \"The delay in evaluation of the policy. Review delay options at https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effect-deploy-if-not-exists\"\n                },\n                \"defaultValue\": \"PT10M\"\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"allOf\": [\n                    {\n                        \"field\": \"type\",\n                        \"equals\": \"Microsoft.Network/privateEndpoints\"\n                    },\n                    {\n                        \"count\": {\n                            \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*]\",\n                            \"where\": {\n                                \"allOf\": [\n                                    {\n                                        \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId\",\n                                        \"contains\": \"[[parameters('resourceType')]\"\n                                    },\n                                    {\n                                        \"field\": \"Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*]\",\n                                        \"equals\": \"[[parameters('groupId')]\"\n                                    }\n                                ]\n                            }\n                        },\n                        \"greaterOrEquals\": 1\n                    }\n                ]\n            },\n            \"then\": {\n                \"effect\": \"[[parameters('effect')]\",\n                \"details\": {\n                    \"type\": \"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\n                    \"evaluationDelay\": \"[[parameters('evaluationDelay')]\",\n                    \"roleDefinitionIds\": [\n                        \"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7\"\n                    ],\n                    \"deployment\": {\n                        \"properties\": {\n                            \"mode\": \"incremental\",\n                            \"template\": {\n                                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                                \"contentVersion\": \"1.0.0.0\",\n                                \"parameters\": {\n                                    \"privateDnsZoneId\": {\n                                        \"type\": \"string\"\n                                    },\n                                    \"privateEndpointName\": {\n                                        \"type\": \"string\"\n                                    },\n                                    \"location\": {\n                                        \"type\": \"string\"\n                                    }\n                                },\n                                \"resources\": [\n                                    {\n                                        \"name\": \"[[concat(parameters('privateEndpointName'), '/deployedByPolicy')]\",\n                                        \"type\": \"Microsoft.Network/privateEndpoints/privateDnsZoneGroups\",\n                                        \"apiVersion\": \"2020-03-01\",\n                                        \"location\": \"[[parameters('location')]\",\n                                        \"properties\": {\n                                            \"privateDnsZoneConfigs\": [\n                                                {\n                                                    \"name\": \"PaaS-Service-Private-DNS-Zone-Config\",\n                                                    \"properties\": {\n                                                        \"privateDnsZoneId\": \"[[parameters('privateDnsZoneId')]\"\n                                                    }\n                                                }\n                                            ]\n                                        }\n                                    }\n                                ]\n                            },\n                            \"parameters\": {\n                                \"privateDnsZoneId\": {\n                                    \"value\": \"[[parameters('privateDnsZoneId')]\"\n                                },\n                                \"privateEndpointName\": {\n                                    \"value\": \"[[field('name')]\"\n                                },\n                                \"location\": {\n                                    \"value\": \"[[field('location')]\"\n                                }\n                            }\n                        }\n                    }\n                }\n            }\n        }\n    }\n}\n",
+    "$fxv#142": "{\n  \"name\": \"DenyAction-DeleteResources\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"All\",\n    \"displayName\": \"Do not allow deletion of specified resource and resource type\",\n    \"description\": \"This policy enables you to specify the resource and resource type that your organization can protect from accidentals deletion by blocking delete calls using the deny action effect.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"General\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n          \"AzureCloud\",\n          \"AzureChinaCloud\",\n          \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"resourceName\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Name\",\n          \"description\": \"Provide the name of the resource that you want to protect from accidental deletion.\"\n        }\n      },\n      \"resourceType\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Resource Type\",\n          \"description\": \"Provide the resource type that you want to protect from accidental deletion.\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"DenyAction\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"DenyAction\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"[[parameters('resourceType')]\"\n          },\n          {\n            \"field\": \"name\",\n            \"like\": \"[[parameters('resourceName')]\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"actionNames\": [\n            \"delete\"\n          ]\n        }\n      }\n    }\n  }\n}\n",
+    "$fxv#143": "{\n  \"name\": \"Audit-MachineLearning-PrivateEndpointId\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Control private endpoint connections to Azure Machine Learning\",\n    \"description\": \"Audit private endpoints that are created in other subscriptions and/or tenants for Azure Machine Learning.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Audit\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateLinkServiceConnectionState.status\",\n            \"equals\": \"Approved\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateEndpoint.id\",\n                \"exists\": false\n              },\n              {\n                \"value\": \"[[split(concat(field('Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/privateEndpoint.id'), '//'), '/')[2]]\",\n                \"notEquals\": \"[[subscription().subscriptionId]\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#144": "{\n  \"name\": \"Deny-AA-child-resources\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"No child resources in Automation Account\",\n    \"description\": \"This policy denies the creation of child resources on the Automation Account\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Automation\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"in\": [\n              \"Microsoft.Automation/automationAccounts/runbooks\",\n              \"Microsoft.Automation/automationAccounts/variables\",\n              \"Microsoft.Automation/automationAccounts/modules\",\n              \"Microsoft.Automation/automationAccounts/credentials\",\n              \"Microsoft.Automation/automationAccounts/connections\",\n              \"Microsoft.Automation/automationAccounts/certificates\"\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#145": "{\n  \"name\": \"Deny-Databricks-NoPublicIp\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny public IPs for Databricks cluster\",\n    \"description\": \"Denies the deployment of workspaces that do not use the noPublicIp feature to host Databricks clusters without public IPs.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Databricks\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Databricks/workspaces\"\n          },\n          {\n            \"field\": \"Microsoft.DataBricks/workspaces/parameters.enableNoPublicIp.value\",\n            \"notEquals\": true\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#146": "{\n  \"name\": \"Deny-Databricks-Sku\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny non-premium Databricks sku\",\n    \"description\": \"Enforces the use of Premium Databricks workspaces to make sure appropriate security features are available including Databricks Access Controls, Credential Passthrough and SCIM provisioning for Microsoft Entra ID.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Databricks\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Databricks/workspaces\"\n          },\n          {\n            \"field\": \"Microsoft.DataBricks/workspaces/sku.name\",\n            \"notEquals\": \"premium\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}",
+    "$fxv#147": "{\n  \"name\": \"Deny-Databricks-VirtualNetwork\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny Databricks workspaces without Vnet injection\",\n    \"description\": \"Enforces the use of vnet injection for Databricks workspaces.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Databricks\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Databricks/workspaces\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.DataBricks/workspaces/parameters.customVirtualNetworkId.value\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.DataBricks/workspaces/parameters.customPublicSubnetName.value\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.DataBricks/workspaces/parameters.customPrivateSubnetName.value\",\n                \"exists\": false\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#148": "{\n  \"name\": \"Deny-MachineLearning-Aks\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny AKS cluster creation in Azure Machine Learning\",\n    \"description\": \"Deny AKS cluster creation in Azure Machine Learning and enforce connecting to existing clusters.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"equals\": \"AKS\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/resourceId\",\n                \"exists\": false\n              },\n              {\n                \"value\": \"[[empty(field('Microsoft.MachineLearningServices/workspaces/computes/resourceId'))]\",\n                \"equals\": true\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#149": "{\n  \"name\": \"Deny-MachineLearning-Compute-SubnetId\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Enforce subnet connectivity for Azure Machine Learning compute clusters and compute instances\",\n    \"description\": \"Enforce subnet connectivity for Azure Machine Learning compute clusters and compute instances.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"in\": [\n              \"AmlCompute\",\n              \"ComputeInstance\"\n            ]\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/subnet.id\",\n                \"exists\": false\n              },\n              {\n                \"value\": \"[[empty(field('Microsoft.MachineLearningServices/workspaces/computes/subnet.id'))]\",\n                \"equals\": true\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
     "$fxv#15": "{\n  \"name\": \"Deny-Private-DNS-Zones\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny the creation of private DNS\",\n    \"description\": \"This policy denies the creation of a private DNS in the current scope, used in combination with policies that create centralized private DNS in connectivity subscription\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Network\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"field\": \"type\",\n        \"equals\": \"Microsoft.Network/privateDnsZones\"\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#150": "{\n  \"name\": \"Deny-MachineLearning-ComputeCluster-RemoteLoginPortPublicAccess\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"All\",\n    \"displayName\": \"Deny public access of Azure Machine Learning clusters via SSH\",\n    \"description\": \"Deny public access of Azure Machine Learning clusters via SSH.\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"equals\": \"AmlCompute\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/remoteLoginPortPublicAccess\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/remoteLoginPortPublicAccess\",\n                \"notEquals\": \"Disabled\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#151": "{\n  \"name\": \"Deny-MachineLearning-ComputeCluster-Scale\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Enforce scale settings for Azure Machine Learning compute clusters\",\n    \"description\": \"Enforce scale settings for Azure Machine Learning compute clusters.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Budget\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"maxNodeCount\": {\n        \"type\": \"Integer\",\n        \"metadata\": {\n          \"displayName\": \"Maximum Node Count\",\n          \"description\": \"Specifies the maximum node count of AML Clusters\"\n        },\n        \"defaultValue\": 10\n      },\n      \"minNodeCount\": {\n        \"type\": \"Integer\",\n        \"metadata\": {\n          \"displayName\": \"Minimum Node Count\",\n          \"description\": \"Specifies the minimum node count of AML Clusters\"\n        },\n        \"defaultValue\": 0\n      },\n      \"maxNodeIdleTimeInSecondsBeforeScaleDown\": {\n        \"type\": \"Integer\",\n        \"metadata\": {\n          \"displayName\": \"Maximum Node Idle Time in Seconds Before Scaledown\",\n          \"description\": \"Specifies the maximum node idle time in seconds before scaledown\"\n        },\n        \"defaultValue\": 900\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"equals\": \"AmlCompute\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.maxNodeCount\",\n                \"greater\": \"[[parameters('maxNodeCount')]\"\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.minNodeCount\",\n                \"greater\": \"[[parameters('minNodeCount')]\"\n              },\n              {\n                \"value\": \"[[int(last(split(replace(replace(replace(replace(replace(replace(replace(field('Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.nodeIdleTimeBeforeScaleDown'), 'P', '/'), 'Y', '/'), 'M', '/'), 'D', '/'), 'T', '/'), 'H', '/'), 'S', ''), '/')))]\",\n                \"greater\": \"[[parameters('maxNodeIdleTimeInSecondsBeforeScaleDown')]\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#152": "{\n  \"name\": \"Deny-MachineLearning-HbiWorkspace\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Enforces high business impact Azure Machine Learning Workspaces\",\n    \"description\": \"Enforces high business impact Azure Machine Learning workspaces.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/hbiWorkspace\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/hbiWorkspace\",\n                \"notEquals\": true\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#153": "{\n  \"name\": \"Deny-MachineLearning-PublicAccessWhenBehindVnet\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny public access behind vnet to Azure Machine Learning workspace\",\n    \"description\": \"Deny public access behind vnet to Azure Machine Learning workspaces.\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/allowPublicAccessWhenBehindVnet\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/allowPublicAccessWhenBehindVnet\",\n                \"notEquals\": false\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#154": "{\n  \"name\": \"Deny-MachineLearning-PublicNetworkAccess\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated] Azure Machine Learning should have disabled public network access\",\n    \"description\": \"Denies public network access for Azure Machine Learning workspaces. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/438c38d2-3772-465a-a9cc-7a6666a275ce.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"438c38d2-3772-465a-a9cc-7a6666a275ce\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/publicNetworkAccess\",\n            \"notEquals\": \"Disabled\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
-    "$fxv#155": "{\n  \"name\": \"Deploy-Budget\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"All\",\n    \"displayName\": \"Deploy a default budget on all subscriptions under the assigned scope\",\n    \"description\": \"Deploy a default budget on all subscriptions under the assigned scope\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Budget\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"budgetName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"budget-set-by-policy\",\n        \"metadata\": {\n          \"description\": \"The name for the budget to be created\"\n        }\n      },\n      \"amount\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"1000\",\n        \"metadata\": {\n          \"description\": \"The total amount of cost or usage to track with the budget\"\n        }\n      },\n      \"timeGrain\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Monthly\",\n        \"allowedValues\": [\n          \"Monthly\",\n          \"Quarterly\",\n          \"Annually\",\n          \"BillingMonth\",\n          \"BillingQuarter\",\n          \"BillingAnnual\"\n        ],\n        \"metadata\": {\n          \"description\": \"The time covered by a budget. Tracking of the amount will be reset based on the time grain.\"\n        }\n      },\n      \"firstThreshold\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"90\",\n        \"metadata\": {\n          \"description\": \"Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.\"\n        }\n      },\n      \"secondThreshold\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"100\",\n        \"metadata\": {\n          \"description\": \"Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.\"\n        }\n      },\n      \"contactRoles\": {\n        \"type\": \"Array\",\n        \"defaultValue\": [\n          \"Owner\",\n          \"Contributor\"\n        ],\n        \"metadata\": {\n          \"description\": \"The list of contact RBAC roles, in an array, to send the budget notification to when the threshold is exceeded.\"\n        }\n      },\n      \"contactEmails\": {\n        \"type\": \"Array\",\n        \"defaultValue\": [],\n        \"metadata\": {\n          \"description\": \"The list of email addresses, in an array, to send the budget notification to when the threshold is exceeded.\"\n        }\n      },\n      \"contactGroups\": {\n        \"type\": \"Array\",\n        \"defaultValue\": [],\n        \"metadata\": {\n          \"description\": \"The list of action groups, in an array, to send the budget notification to when the threshold is exceeded. It accepts array of strings.\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Resources/subscriptions\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Consumption/budgets\",\n          \"deploymentScope\": \"subscription\",\n          \"existenceScope\": \"subscription\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Consumption/budgets/amount\",\n                \"equals\": \"[[parameters('amount')]\"\n              },\n              {\n                \"field\": \"Microsoft.Consumption/budgets/timeGrain\",\n                \"equals\": \"[[parameters('timeGrain')]\"\n              },\n              {\n                \"field\": \"Microsoft.Consumption/budgets/category\",\n                \"equals\": \"Cost\"\n              }\n            ]\n          },\n          \"roleDefinitionIds\": [\n            \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n          ],\n          \"deployment\": {\n            \"location\": \"northeurope\",\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"parameters\": {\n                \"budgetName\": {\n                  \"value\": \"[[parameters('budgetName')]\"\n                },\n                \"amount\": {\n                  \"value\": \"[[parameters('amount')]\"\n                },\n                \"timeGrain\": {\n                  \"value\": \"[[parameters('timeGrain')]\"\n                },\n                \"firstThreshold\": {\n                  \"value\": \"[[parameters('firstThreshold')]\"\n                },\n                \"secondThreshold\": {\n                  \"value\": \"[[parameters('secondThreshold')]\"\n                },\n                \"contactEmails\": {\n                  \"value\": \"[[parameters('contactEmails')]\"\n                },\n                \"contactRoles\": {\n                  \"value\": \"[[parameters('contactRoles')]\"\n                },\n                \"contactGroups\": {\n                  \"value\": \"[[parameters('contactGroups')]\"\n                }\n              },\n              \"template\": {\n                \"$schema\": \"http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"budgetName\": {\n                    \"type\": \"String\"\n                  },\n                  \"amount\": {\n                    \"type\": \"String\"\n                  },\n                  \"timeGrain\": {\n                    \"type\": \"String\"\n                  },\n                  \"firstThreshold\": {\n                    \"type\": \"String\"\n                  },\n                  \"secondThreshold\": {\n                    \"type\": \"String\"\n                  },\n                  \"contactEmails\": {\n                    \"type\": \"Array\"\n                  },\n                  \"contactRoles\": {\n                    \"type\": \"Array\"\n                  },\n                  \"contactGroups\": {\n                    \"type\": \"Array\"\n                  },\n                  \"startDate\": {\n                    \"type\": \"String\",\n                    \"defaultValue\": \"[[concat(utcNow('MM'), '/01/', utcNow('yyyy'))]\"\n                  }\n                },\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.Consumption/budgets\",\n                    \"apiVersion\": \"2019-10-01\",\n                    \"name\": \"[[parameters('budgetName')]\",\n                    \"properties\": {\n                      \"timePeriod\": {\n                        \"startDate\": \"[[parameters('startDate')]\"\n                      },\n                      \"timeGrain\": \"[[parameters('timeGrain')]\",\n                      \"amount\": \"[[parameters('amount')]\",\n                      \"category\": \"Cost\",\n                      \"notifications\": {\n                        \"NotificationForExceededBudget1\": {\n                          \"enabled\": true,\n                          \"operator\": \"GreaterThan\",\n                          \"threshold\": \"[[parameters('firstThreshold')]\",\n                          \"contactEmails\": \"[[parameters('contactEmails')]\",\n                          \"contactRoles\": \"[[parameters('contactRoles')]\",\n                          \"contactGroups\": \"[[parameters('contactGroups')]\"\n                        },\n                        \"NotificationForExceededBudget2\": {\n                          \"enabled\": true,\n                          \"operator\": \"GreaterThan\",\n                          \"threshold\": \"[[parameters('secondThreshold')]\",\n                          \"contactEmails\": \"[[parameters('contactEmails')]\",\n                          \"contactRoles\": \"[[parameters('contactRoles')]\",\n                          \"contactGroups\": \"[[parameters('contactGroups')]\"\n                        }\n                      }\n                    }\n                  }\n                ]\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
-    "$fxv#156": "{\n  \"name\": \"Deploy-Diagnostics-AVDScalingPlans\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace\",\n    \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any Scaling Plan which is missing this diagnostic settings is created or updated. This policy is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n    \"metadata\": {\n      \"deprecated\": true,\n      \"version\": \"1.1.0-deprecated\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"logsEnabled\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"True\",\n        \"allowedValues\": [\n          \"True\",\n          \"False\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Enable logs\",\n          \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"field\": \"type\",\n        \"equals\": \"Microsoft.DesktopVirtualization/scalingplans\"\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Insights/diagnosticSettings\",\n          \"name\": \"[[parameters('profileName')]\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n                \"equals\": \"true\"\n              },\n              {\n                \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n                \"equals\": \"[[parameters('logAnalytics')]\"\n              }\n            ]\n          },\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n            \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n          ],\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"template\": {\n                \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"resourceName\": {\n                    \"type\": \"String\"\n                  },\n                  \"logAnalytics\": {\n                    \"type\": \"String\"\n                  },\n                  \"location\": {\n                    \"type\": \"String\"\n                  },\n                  \"profileName\": {\n                    \"type\": \"String\"\n                  },\n                  \"logsEnabled\": {\n                    \"type\": \"String\"\n                  }\n                },\n                \"variables\": {},\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.DesktopVirtualization/scalingplans/providers/diagnosticSettings\",\n                    \"apiVersion\": \"2017-05-01-preview\",\n                    \"name\": \"[[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n                    \"location\": \"[[parameters('location')]\",\n                    \"dependsOn\": [],\n                    \"properties\": {\n                      \"workspaceId\": \"[[parameters('logAnalytics')]\",\n                      \"logs\": [\n                        {\n                          \"category\": \"Autoscale\",\n                          \"enabled\": \"[[parameters('logsEnabled')]\"\n                        }\n                      ]\n                    }\n                  }\n                ],\n                \"outputs\": {}\n              },\n              \"parameters\": {\n                \"logAnalytics\": {\n                  \"value\": \"[[parameters('logAnalytics')]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"resourceName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"profileName\": {\n                  \"value\": \"[[parameters('profileName')]\"\n                },\n                \"logsEnabled\": {\n                  \"value\": \"[[parameters('logsEnabled')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}",
-    "$fxv#157": "{\n    \"name\": \"Deploy-Vm-autoShutdown\",\n    \"type\": \"Microsoft.Authorization/policyDefinitions\",\n    \"apiVersion\": \"2021-06-01\",\n    \"scope\": null,\n    \"properties\": {\n        \"policyType\": \"Custom\",\n        \"mode\": \"Indexed\",\n        \"displayName\": \"Deploy Virtual Machine Auto Shutdown Schedule\",\n        \"description\": \"Deploys an auto shutdown schedule to a virtual machine\",\n        \"metadata\": {\n            \"version\": \"1.0.0\",\n            \"category\": \"Compute\",\n            \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n            \"alzCloudEnvironments\": [\n                \"AzureCloud\"            ]\n        },\n        \"parameters\": {\n            \"time\": {\n                \"type\": \"String\",\n                \"metadata\": {\n                    \"displayName\": \"Scheduled Shutdown Time\",\n                    \"description\": \"Daily Scheduled shutdown time. i.e. 2300 = 11:00 PM\"\n                },\n                \"defaultValue\": \"0000\"\n            },\n            \"timeZoneId\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"UTC\",\n                \"metadata\": {\n                    \"displayName\": \"Time zone\",\n                    \"description\": \"The time zone ID (e.g. Pacific Standard time).\"\n                }\n            },\n            \"EnableNotification\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"Disabled\",\n                \"metadata\": {\n                    \"displayName\": \"Send Notification before auto-shutdown\",\n                    \"description\": \"If notifications are enabled for this schedule (i.e. Enabled, Disabled).\"\n                },\n                \"allowedValues\": [\n                    \"Disabled\",\n                    \"Enabled\"\n                ]\n            },\n            \"NotificationEmailRecipient\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"Email Address\",\n                    \"description\": \"Email address to be used for notification\"\n                }\n            },\n            \"NotificationWebhookUrl\": {\n                \"type\": \"string\",\n                \"defaultValue\": \"\",\n                \"metadata\": {\n                    \"displayName\": \"Webhook URL\",\n                    \"description\": \"A notification will be posted to the specified webhook endpoint when the auto-shutdown is about to happen.\"\n                }\n            }\n        },\n        \"policyRule\": {\n            \"if\": {\n                \"field\": \"type\",\n                \"equals\": \"Microsoft.Compute/virtualMachines\"\n            },\n            \"then\": {\n                \"effect\": \"deployIfNotExists\",\n                \"details\": {\n                    \"type\": \"Microsoft.DevTestLab/schedules\",\n                    \"existenceCondition\": {\n                        \"allOf\": [\n                            {\n                                \"field\": \"Microsoft.DevTestLab/schedules/taskType\",\n                                \"equals\": \"ComputeVmShutdownTask\"\n                            },\n                            {\n                                \"field\": \"Microsoft.DevTestLab/schedules/targetResourceId\",\n                                \"equals\": \"[[concat(resourceGroup().id,'/providers/Microsoft.Compute/virtualMachines/',field('name'))]\"\n                            }\n                        ]\n                    },\n                    \"roleDefinitionIds\": [\n                        \"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c\"\n                    ],\n                    \"deployment\": {\n                        \"properties\": {\n                            \"mode\": \"incremental\",\n                            \"template\": {\n                                \"$schema\": \"https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#\",\n                                \"contentVersion\": \"1.0.0.0\",\n                                \"parameters\": {\n                                    \"vmName\": {\n                                        \"type\": \"string\"\n                                    },\n                                    \"location\": {\n                                        \"type\": \"string\"\n                                    },\n                                    \"time\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"Daily Scheduled shutdown time. i.e. 2300 = 11:00 PM\"\n                                        }\n                                    },\n                                    \"timeZoneId\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"The time zone ID (e.g. Pacific Standard time).\"\n                                        }\n                                    },\n                                    \"EnableNotification\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"If notifications are enabled for this schedule (i.e. Enabled, Disabled).\"\n                                        }\n                                    },\n                                    \"NotificationEmailRecipient\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"Email address to be used for notification\"\n                                        }\n                                    },\n                                    \"NotificationWebhookUrl\": {\n                                        \"type\": \"string\",\n                                        \"defaultValue\": \"\",\n                                        \"metadata\": {\n                                            \"description\": \"A notification will be posted to the specified webhook endpoint when the auto-shutdown is about to happen.\"\n                                        }\n                                    }\n                                },\n                                \"variables\": {},\n                                \"resources\": [\n                                    {\n                                        \"name\": \"[[concat('shutdown-computevm-',parameters('vmName'))]\",\n                                        \"type\": \"Microsoft.DevTestLab/schedules\",\n                                        \"location\": \"[[parameters('location')]\",\n                                        \"apiVersion\": \"2018-09-15\",\n                                        \"properties\": {\n                                            \"status\": \"Enabled\",\n                                            \"taskType\": \"ComputeVmShutdownTask\",\n                                            \"dailyRecurrence\": {\n                                                \"time\": \"[[parameters('time')]\"\n                                            },\n                                            \"timeZoneId\": \"[[parameters('timeZoneId')]\",\n                                            \"notificationSettings\": {\n                                                \"status\": \"[[parameters('EnableNotification')]\",\n                                                \"timeInMinutes\": 30,\n                                                \"webhookUrl\": \"[[parameters('NotificationWebhookUrl')]\",\n                                                \"emailRecipient\": \"[[parameters('NotificationEmailRecipient')]\",\n                                                \"notificationLocale\": \"en\"\n                                            },\n                                            \"targetResourceId\": \"[[resourceId('Microsoft.Compute/virtualMachines', parameters('vmName'))]\"\n                                        }\n                                    }\n                                ],\n                                \"outputs\": {}\n                            },\n                            \"parameters\": {\n                                \"vmName\": {\n                                    \"value\": \"[[field('name')]\"\n                                },\n                                \"location\": {\n                                    \"value\": \"[[field('location')]\"\n                                },\n                                \"time\": {\n                                    \"value\": \"[[parameters('time')]\"\n                                },\n                                \"timeZoneId\": {\n                                    \"value\": \"[[parameters('timeZoneId')]\"\n                                },\n                                \"EnableNotification\": {\n                                    \"value\": \"[[parameters('EnableNotification')]\"\n                                },\n                                \"NotificationEmailRecipient\": {\n                                    \"value\": \"[[parameters('NotificationEmailRecipient')]\"\n                                },\n                                \"NotificationWebhookUrl\": {\n                                    \"value\": \"[[parameters('NotificationWebhookUrl')]\"\n                                }\n                            }\n                        }\n                    }\n                }\n            }\n        }\n    }\n}",
+    "$fxv#150": "{\n  \"name\": \"Deny-MachineLearning-Compute-VmSize\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Limit allowed vm sizes for Azure Machine Learning compute clusters and compute instances\",\n    \"description\": \"Limit allowed vm sizes for Azure Machine Learning compute clusters and compute instances.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Budget\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"allowedVmSizes\": {\n        \"type\": \"Array\",\n        \"metadata\": {\n          \"displayName\": \"Allowed VM Sizes for Aml Compute Clusters and Instances\",\n          \"description\": \"Specifies the allowed VM Sizes for Aml Compute Clusters and Instances\"\n        },\n        \"defaultValue\": [\n          \"Standard_D1_v2\",\n          \"Standard_D2_v2\",\n          \"Standard_D3_v2\",\n          \"Standard_D4_v2\",\n          \"Standard_D11_v2\",\n          \"Standard_D12_v2\",\n          \"Standard_D13_v2\",\n          \"Standard_D14_v2\",\n          \"Standard_DS1_v2\",\n          \"Standard_DS2_v2\",\n          \"Standard_DS3_v2\",\n          \"Standard_DS4_v2\",\n          \"Standard_DS5_v2\",\n          \"Standard_DS11_v2\",\n          \"Standard_DS12_v2\",\n          \"Standard_DS13_v2\",\n          \"Standard_DS14_v2\",\n          \"Standard_M8-2ms\",\n          \"Standard_M8-4ms\",\n          \"Standard_M8ms\",\n          \"Standard_M16-4ms\",\n          \"Standard_M16-8ms\",\n          \"Standard_M16ms\",\n          \"Standard_M32-8ms\",\n          \"Standard_M32-16ms\",\n          \"Standard_M32ls\",\n          \"Standard_M32ms\",\n          \"Standard_M32ts\",\n          \"Standard_M64-16ms\",\n          \"Standard_M64-32ms\",\n          \"Standard_M64ls\",\n          \"Standard_M64ms\",\n          \"Standard_M64s\",\n          \"Standard_M128-32ms\",\n          \"Standard_M128-64ms\",\n          \"Standard_M128ms\",\n          \"Standard_M128s\",\n          \"Standard_M64\",\n          \"Standard_M64m\",\n          \"Standard_M128\",\n          \"Standard_M128m\",\n          \"Standard_D1\",\n          \"Standard_D2\",\n          \"Standard_D3\",\n          \"Standard_D4\",\n          \"Standard_D11\",\n          \"Standard_D12\",\n          \"Standard_D13\",\n          \"Standard_D14\",\n          \"Standard_DS15_v2\",\n          \"Standard_NV6\",\n          \"Standard_NV12\",\n          \"Standard_NV24\",\n          \"Standard_F2s_v2\",\n          \"Standard_F4s_v2\",\n          \"Standard_F8s_v2\",\n          \"Standard_F16s_v2\",\n          \"Standard_F32s_v2\",\n          \"Standard_F64s_v2\",\n          \"Standard_F72s_v2\",\n          \"Standard_NC6s_v3\",\n          \"Standard_NC12s_v3\",\n          \"Standard_NC24rs_v3\",\n          \"Standard_NC24s_v3\",\n          \"Standard_NC6\",\n          \"Standard_NC12\",\n          \"Standard_NC24\",\n          \"Standard_NC24r\",\n          \"Standard_ND6s\",\n          \"Standard_ND12s\",\n          \"Standard_ND24rs\",\n          \"Standard_ND24s\",\n          \"Standard_NC6s_v2\",\n          \"Standard_NC12s_v2\",\n          \"Standard_NC24rs_v2\",\n          \"Standard_NC24s_v2\",\n          \"Standard_ND40rs_v2\",\n          \"Standard_NV12s_v3\",\n          \"Standard_NV24s_v3\",\n          \"Standard_NV48s_v3\"\n        ]\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"in\": [\n              \"AmlCompute\",\n              \"ComputeInstance\"\n            ]\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/vmSize\",\n            \"notIn\": \"[[parameters('allowedVmSizes')]\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#151": "{\n  \"name\": \"Deny-MachineLearning-ComputeCluster-RemoteLoginPortPublicAccess\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"All\",\n    \"displayName\": \"Deny public access of Azure Machine Learning clusters via SSH\",\n    \"description\": \"Deny public access of Azure Machine Learning clusters via SSH.\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"equals\": \"AmlCompute\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/remoteLoginPortPublicAccess\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/remoteLoginPortPublicAccess\",\n                \"notEquals\": \"Disabled\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#152": "{\n  \"name\": \"Deny-MachineLearning-ComputeCluster-Scale\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Enforce scale settings for Azure Machine Learning compute clusters\",\n    \"description\": \"Enforce scale settings for Azure Machine Learning compute clusters.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Budget\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      },\n      \"maxNodeCount\": {\n        \"type\": \"Integer\",\n        \"metadata\": {\n          \"displayName\": \"Maximum Node Count\",\n          \"description\": \"Specifies the maximum node count of AML Clusters\"\n        },\n        \"defaultValue\": 10\n      },\n      \"minNodeCount\": {\n        \"type\": \"Integer\",\n        \"metadata\": {\n          \"displayName\": \"Minimum Node Count\",\n          \"description\": \"Specifies the minimum node count of AML Clusters\"\n        },\n        \"defaultValue\": 0\n      },\n      \"maxNodeIdleTimeInSecondsBeforeScaleDown\": {\n        \"type\": \"Integer\",\n        \"metadata\": {\n          \"displayName\": \"Maximum Node Idle Time in Seconds Before Scaledown\",\n          \"description\": \"Specifies the maximum node idle time in seconds before scaledown\"\n        },\n        \"defaultValue\": 900\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces/computes\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/computeType\",\n            \"equals\": \"AmlCompute\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.maxNodeCount\",\n                \"greater\": \"[[parameters('maxNodeCount')]\"\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.minNodeCount\",\n                \"greater\": \"[[parameters('minNodeCount')]\"\n              },\n              {\n                \"value\": \"[[int(last(split(replace(replace(replace(replace(replace(replace(replace(field('Microsoft.MachineLearningServices/workspaces/computes/scaleSettings.nodeIdleTimeBeforeScaleDown'), 'P', '/'), 'Y', '/'), 'M', '/'), 'D', '/'), 'T', '/'), 'H', '/'), 'S', ''), '/')))]\",\n                \"greater\": \"[[parameters('maxNodeIdleTimeInSecondsBeforeScaleDown')]\"\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#153": "{\n  \"name\": \"Deny-MachineLearning-HbiWorkspace\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Enforces high business impact Azure Machine Learning Workspaces\",\n    \"description\": \"Enforces high business impact Azure Machine Learning workspaces.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/hbiWorkspace\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/hbiWorkspace\",\n                \"notEquals\": true\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#154": "{\n  \"name\": \"Deny-MachineLearning-PublicAccessWhenBehindVnet\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Deny public access behind vnet to Azure Machine Learning workspace\",\n    \"description\": \"Deny public access behind vnet to Azure Machine Learning workspaces.\",\n    \"metadata\": {\n      \"version\": \"1.0.1\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces\"\n          },\n          {\n            \"anyOf\": [\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/allowPublicAccessWhenBehindVnet\",\n                \"exists\": false\n              },\n              {\n                \"field\": \"Microsoft.MachineLearningServices/workspaces/allowPublicAccessWhenBehindVnet\",\n                \"notEquals\": false\n              }\n            ]\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#155": "{\n  \"name\": \"Deny-MachineLearning-PublicNetworkAccess\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated] Azure Machine Learning should have disabled public network access\",\n    \"description\": \"Denies public network access for Azure Machine Learning workspaces. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/438c38d2-3772-465a-a9cc-7a6666a275ce.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"Machine Learning\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"438c38d2-3772-465a-a9cc-7a6666a275ce\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Disabled\",\n          \"Deny\"\n        ],\n        \"defaultValue\": \"Deny\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.MachineLearningServices/workspaces\"\n          },\n          {\n            \"field\": \"Microsoft.MachineLearningServices/workspaces/publicNetworkAccess\",\n            \"notEquals\": \"Disabled\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
+    "$fxv#156": "{\n  \"name\": \"Deploy-Budget\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"All\",\n    \"displayName\": \"Deploy a default budget on all subscriptions under the assigned scope\",\n    \"description\": \"Deploy a default budget on all subscriptions under the assigned scope\",\n    \"metadata\": {\n      \"version\": \"1.1.0\",\n      \"category\": \"Budget\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"AuditIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"budgetName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"budget-set-by-policy\",\n        \"metadata\": {\n          \"description\": \"The name for the budget to be created\"\n        }\n      },\n      \"amount\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"1000\",\n        \"metadata\": {\n          \"description\": \"The total amount of cost or usage to track with the budget\"\n        }\n      },\n      \"timeGrain\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"Monthly\",\n        \"allowedValues\": [\n          \"Monthly\",\n          \"Quarterly\",\n          \"Annually\",\n          \"BillingMonth\",\n          \"BillingQuarter\",\n          \"BillingAnnual\"\n        ],\n        \"metadata\": {\n          \"description\": \"The time covered by a budget. Tracking of the amount will be reset based on the time grain.\"\n        }\n      },\n      \"firstThreshold\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"90\",\n        \"metadata\": {\n          \"description\": \"Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.\"\n        }\n      },\n      \"secondThreshold\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"100\",\n        \"metadata\": {\n          \"description\": \"Threshold value associated with a notification. Notification is sent when the cost exceeded the threshold. It is always percent and has to be between 0 and 1000.\"\n        }\n      },\n      \"contactRoles\": {\n        \"type\": \"Array\",\n        \"defaultValue\": [\n          \"Owner\",\n          \"Contributor\"\n        ],\n        \"metadata\": {\n          \"description\": \"The list of contact RBAC roles, in an array, to send the budget notification to when the threshold is exceeded.\"\n        }\n      },\n      \"contactEmails\": {\n        \"type\": \"Array\",\n        \"defaultValue\": [],\n        \"metadata\": {\n          \"description\": \"The list of email addresses, in an array, to send the budget notification to when the threshold is exceeded.\"\n        }\n      },\n      \"contactGroups\": {\n        \"type\": \"Array\",\n        \"defaultValue\": [],\n        \"metadata\": {\n          \"description\": \"The list of action groups, in an array, to send the budget notification to when the threshold is exceeded. It accepts array of strings.\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.Resources/subscriptions\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Consumption/budgets\",\n          \"deploymentScope\": \"subscription\",\n          \"existenceScope\": \"subscription\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Consumption/budgets/amount\",\n                \"equals\": \"[[parameters('amount')]\"\n              },\n              {\n                \"field\": \"Microsoft.Consumption/budgets/timeGrain\",\n                \"equals\": \"[[parameters('timeGrain')]\"\n              },\n              {\n                \"field\": \"Microsoft.Consumption/budgets/category\",\n                \"equals\": \"Cost\"\n              }\n            ]\n          },\n          \"roleDefinitionIds\": [\n            \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n          ],\n          \"deployment\": {\n            \"location\": \"northeurope\",\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"parameters\": {\n                \"budgetName\": {\n                  \"value\": \"[[parameters('budgetName')]\"\n                },\n                \"amount\": {\n                  \"value\": \"[[parameters('amount')]\"\n                },\n                \"timeGrain\": {\n                  \"value\": \"[[parameters('timeGrain')]\"\n                },\n                \"firstThreshold\": {\n                  \"value\": \"[[parameters('firstThreshold')]\"\n                },\n                \"secondThreshold\": {\n                  \"value\": \"[[parameters('secondThreshold')]\"\n                },\n                \"contactEmails\": {\n                  \"value\": \"[[parameters('contactEmails')]\"\n                },\n                \"contactRoles\": {\n                  \"value\": \"[[parameters('contactRoles')]\"\n                },\n                \"contactGroups\": {\n                  \"value\": \"[[parameters('contactGroups')]\"\n                }\n              },\n              \"template\": {\n                \"$schema\": \"http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"budgetName\": {\n                    \"type\": \"String\"\n                  },\n                  \"amount\": {\n                    \"type\": \"String\"\n                  },\n                  \"timeGrain\": {\n                    \"type\": \"String\"\n                  },\n                  \"firstThreshold\": {\n                    \"type\": \"String\"\n                  },\n                  \"secondThreshold\": {\n                    \"type\": \"String\"\n                  },\n                  \"contactEmails\": {\n                    \"type\": \"Array\"\n                  },\n                  \"contactRoles\": {\n                    \"type\": \"Array\"\n                  },\n                  \"contactGroups\": {\n                    \"type\": \"Array\"\n                  },\n                  \"startDate\": {\n                    \"type\": \"String\",\n                    \"defaultValue\": \"[[concat(utcNow('MM'), '/01/', utcNow('yyyy'))]\"\n                  }\n                },\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.Consumption/budgets\",\n                    \"apiVersion\": \"2019-10-01\",\n                    \"name\": \"[[parameters('budgetName')]\",\n                    \"properties\": {\n                      \"timePeriod\": {\n                        \"startDate\": \"[[parameters('startDate')]\"\n                      },\n                      \"timeGrain\": \"[[parameters('timeGrain')]\",\n                      \"amount\": \"[[parameters('amount')]\",\n                      \"category\": \"Cost\",\n                      \"notifications\": {\n                        \"NotificationForExceededBudget1\": {\n                          \"enabled\": true,\n                          \"operator\": \"GreaterThan\",\n                          \"threshold\": \"[[parameters('firstThreshold')]\",\n                          \"contactEmails\": \"[[parameters('contactEmails')]\",\n                          \"contactRoles\": \"[[parameters('contactRoles')]\",\n                          \"contactGroups\": \"[[parameters('contactGroups')]\"\n                        },\n                        \"NotificationForExceededBudget2\": {\n                          \"enabled\": true,\n                          \"operator\": \"GreaterThan\",\n                          \"threshold\": \"[[parameters('secondThreshold')]\",\n                          \"contactEmails\": \"[[parameters('contactEmails')]\",\n                          \"contactRoles\": \"[[parameters('contactRoles')]\",\n                          \"contactGroups\": \"[[parameters('contactGroups')]\"\n                        }\n                      }\n                    }\n                  }\n                ]\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}\n",
+    "$fxv#157": "{\n  \"name\": \"Deploy-Diagnostics-AVDScalingPlans\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated]: Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics workspace\",\n    \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any Scaling Plan which is missing this diagnostic settings is created or updated. This policy is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html.\",\n    \"metadata\": {\n      \"deprecated\": true,\n      \"version\": \"1.1.0-deprecated\",\n      \"category\": \"Monitoring\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"logAnalytics\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Log Analytics workspace\",\n          \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n          \"strongType\": \"omsWorkspace\"\n        }\n      },\n      \"effect\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"DeployIfNotExists\",\n        \"allowedValues\": [\n          \"DeployIfNotExists\",\n          \"Disabled\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      },\n      \"profileName\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"setbypolicy\",\n        \"metadata\": {\n          \"displayName\": \"Profile name\",\n          \"description\": \"The diagnostic settings profile name\"\n        }\n      },\n      \"logsEnabled\": {\n        \"type\": \"String\",\n        \"defaultValue\": \"True\",\n        \"allowedValues\": [\n          \"True\",\n          \"False\"\n        ],\n        \"metadata\": {\n          \"displayName\": \"Enable logs\",\n          \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"field\": \"type\",\n        \"equals\": \"Microsoft.DesktopVirtualization/scalingplans\"\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\",\n        \"details\": {\n          \"type\": \"Microsoft.Insights/diagnosticSettings\",\n          \"name\": \"[[parameters('profileName')]\",\n          \"existenceCondition\": {\n            \"allOf\": [\n              {\n                \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n                \"equals\": \"true\"\n              },\n              {\n                \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n                \"equals\": \"[[parameters('logAnalytics')]\"\n              }\n            ]\n          },\n          \"roleDefinitionIds\": [\n            \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n            \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n          ],\n          \"deployment\": {\n            \"properties\": {\n              \"mode\": \"Incremental\",\n              \"template\": {\n                \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n                \"contentVersion\": \"1.0.0.0\",\n                \"parameters\": {\n                  \"resourceName\": {\n                    \"type\": \"String\"\n                  },\n                  \"logAnalytics\": {\n                    \"type\": \"String\"\n                  },\n                  \"location\": {\n                    \"type\": \"String\"\n                  },\n                  \"profileName\": {\n                    \"type\": \"String\"\n                  },\n                  \"logsEnabled\": {\n                    \"type\": \"String\"\n                  }\n                },\n                \"variables\": {},\n                \"resources\": [\n                  {\n                    \"type\": \"Microsoft.DesktopVirtualization/scalingplans/providers/diagnosticSettings\",\n                    \"apiVersion\": \"2017-05-01-preview\",\n                    \"name\": \"[[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n                    \"location\": \"[[parameters('location')]\",\n                    \"dependsOn\": [],\n                    \"properties\": {\n                      \"workspaceId\": \"[[parameters('logAnalytics')]\",\n                      \"logs\": [\n                        {\n                          \"category\": \"Autoscale\",\n                          \"enabled\": \"[[parameters('logsEnabled')]\"\n                        }\n                      ]\n                    }\n                  }\n                ],\n                \"outputs\": {}\n              },\n              \"parameters\": {\n                \"logAnalytics\": {\n                  \"value\": \"[[parameters('logAnalytics')]\"\n                },\n                \"location\": {\n                  \"value\": \"[[field('location')]\"\n                },\n                \"resourceName\": {\n                  \"value\": \"[[field('name')]\"\n                },\n                \"profileName\": {\n                  \"value\": \"[[parameters('profileName')]\"\n                },\n                \"logsEnabled\": {\n                  \"value\": \"[[parameters('logsEnabled')]\"\n                }\n              }\n            }\n          }\n        }\n      }\n    }\n  }\n}",
     "$fxv#158": "{\n  \"name\": \"Deny-AFSPaasPublicIP\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Public network access should be disabled for Azure File Sync\",\n    \"description\": \"Disabling the public endpoint allows you to restrict access to your Storage Sync Service resource to requests destined to approved private endpoints on your organization's network. There is nothing inherently insecure about allowing requests to the public endpoint, however, you may wish to disable it to meet regulatory, legal, or organizational policy requirements. You can disable the public endpoint for a Storage Sync Service by setting the incomingTrafficPolicy of the resource to AllowVirtualNetworksOnly.\",\n    \"metadata\": {\n      \"version\": \"1.0.0\",\n      \"category\": \"Storage\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Audit\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.StorageSync/storageSyncServices\"\n          },\n          {\n            \"field\": \"Microsoft.StorageSync/storageSyncServices/incomingTrafficPolicy\",\n            \"notEquals\": \"AllowVirtualNetworksOnly\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
     "$fxv#159": "{\n  \"name\": \"Deny-KeyVaultPaasPublicIP\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"Preview: Azure Key Vault should disable public network access\",\n    \"description\": \"Disable public network access for your key vault so that it's not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://aka.ms/akvprivatelink.\",\n    \"metadata\": {\n      \"version\": \"2.0.0-preview\",\n      \"category\": \"Key Vault\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"preview\": true,\n      \"alzCloudEnvironments\": [\n        \"AzureChinaCloud\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        },\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Audit\"\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.KeyVault/vaults\"\n          },\n          {\n            \"not\": {\n              \"field\": \"Microsoft.KeyVault/vaults/createMode\",\n              \"equals\": \"recover\"\n            }\n          },\n          {\n            \"field\": \"Microsoft.KeyVault/vaults/networkAcls.defaultAction\",\n            \"notEquals\": \"Deny\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
     "$fxv#16": "{\n  \"name\": \"Deny-PublicEndpoint-MariaDB\",\n  \"type\": \"Microsoft.Authorization/policyDefinitions\",\n  \"apiVersion\": \"2021-06-01\",\n  \"scope\": null,\n  \"properties\": {\n    \"policyType\": \"Custom\",\n    \"mode\": \"Indexed\",\n    \"displayName\": \"[Deprecated] Public network access should be disabled for MariaDB\",\n    \"description\": \"This policy denies the creation of Maria DB accounts with exposed public endpoints. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/fdccbe47-f3e3-4213-ad5d-ea459b2fa077.html\",\n    \"metadata\": {\n      \"version\": \"1.0.0-deprecated\",\n      \"category\": \"SQL\",\n      \"source\": \"https://github.com/Azure/Enterprise-Scale/\",\n      \"deprecated\": true,\n      \"supersededBy\": \"fdccbe47-f3e3-4213-ad5d-ea459b2fa077\",\n      \"alzCloudEnvironments\": [\n        \"AzureCloud\",\n        \"AzureChinaCloud\",\n        \"AzureUSGovernment\"\n      ]\n    },\n    \"parameters\": {\n      \"effect\": {\n        \"type\": \"String\",\n        \"allowedValues\": [\n          \"Audit\",\n          \"Deny\",\n          \"Disabled\"\n        ],\n        \"defaultValue\": \"Deny\",\n        \"metadata\": {\n          \"displayName\": \"Effect\",\n          \"description\": \"Enable or disable the execution of the policy\"\n        }\n      }\n    },\n    \"policyRule\": {\n      \"if\": {\n        \"allOf\": [\n          {\n            \"field\": \"type\",\n            \"equals\": \"Microsoft.DBforMariaDB/servers\"\n          },\n          {\n            \"field\": \"Microsoft.DBforMariaDB/servers/publicNetworkAccess\",\n            \"notequals\": \"Disabled\"\n          }\n        ]\n      },\n      \"then\": {\n        \"effect\": \"[[parameters('effect')]\"\n      }\n    }\n  }\n}\n",
@@ -406,10 +406,10 @@
         "[variables('$fxv#138')]",
         "[variables('$fxv#139')]",
         "[variables('$fxv#140')]",
-        "[variables('$fxv#141')]"
+        "[variables('$fxv#141')]",
+        "[variables('$fxv#142')]"
       ],
       "AzureCloud": [
-        "[variables('$fxv#142')]",
         "[variables('$fxv#143')]",
         "[variables('$fxv#144')]",
         "[variables('$fxv#145')]",